@culturefy/shared 1.0.53 → 1.0.54
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/cjs/middlewares/verify-middleware.js +11 -10
- package/build/cjs/middlewares/verify-middleware.js.map +1 -1
- package/build/esm/middlewares/verify-middleware.js +11 -10
- package/build/esm/middlewares/verify-middleware.js.map +1 -1
- package/build/src/middlewares/verify-middleware.js +10 -9
- package/build/src/middlewares/verify-middleware.js.map +1 -1
- package/package.json +1 -1
|
@@ -20,7 +20,7 @@ const parseCookieHeader = header => {
|
|
|
20
20
|
return out;
|
|
21
21
|
};
|
|
22
22
|
const verifyMw = async (req, ctx, next) => {
|
|
23
|
-
var _APP_MAP$appId, _p, _ref, _ref$state, _p$sub,
|
|
23
|
+
var _APP_MAP$appId, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$sub, _ref4, _p$cfy_bid, _ref5, _p$email, _p$name, _ref6, _p$resource_access$cl, _p$resource_access, _p$realm_access;
|
|
24
24
|
const appId = req.headers.get("app-id");
|
|
25
25
|
if (!appId || !(_constants.APP_MAP != null && (_APP_MAP$appId = _constants.APP_MAP[appId]) != null && _APP_MAP$appId.clientId)) {
|
|
26
26
|
return {
|
|
@@ -192,12 +192,13 @@ const verifyMw = async (req, ctx, next) => {
|
|
|
192
192
|
const tenantId = realm.toString();
|
|
193
193
|
ctx.state.auth = {
|
|
194
194
|
appId,
|
|
195
|
-
userId: (
|
|
196
|
-
|
|
195
|
+
userId: (_ref2 = (_tokenMapping$userId$ = (_tokenMapping$userId = tokenMapping.userId) == null || _tokenMapping$userId.toString == null ? void 0 : _tokenMapping$userId.toString()) != null ? _tokenMapping$userId$ : p.sub) != null ? _ref2 : null,
|
|
196
|
+
keycloakUserId: (_ref3 = (_p$sub = p.sub) != null ? _p$sub : tokenMapping.keycloakUserId) != null ? _ref3 : null,
|
|
197
|
+
businessId: (_ref4 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref4 : null,
|
|
197
198
|
tenantId,
|
|
198
|
-
email: (
|
|
199
|
+
email: (_ref5 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref5 : null,
|
|
199
200
|
name: (_p$name = p.name) != null ? _p$name : undefined,
|
|
200
|
-
roles: (
|
|
201
|
+
roles: (_ref6 = (_p$resource_access$cl = (_p$resource_access = p.resource_access) == null || (_p$resource_access = _p$resource_access[clientId]) == null ? void 0 : _p$resource_access.roles) != null ? _p$resource_access$cl : (_p$realm_access = p.realm_access) == null ? void 0 : _p$realm_access.roles) != null ? _ref6 : [],
|
|
201
202
|
exp: p.exp
|
|
202
203
|
};
|
|
203
204
|
return next();
|
|
@@ -228,7 +229,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
|
|
|
228
229
|
|
|
229
230
|
// Call auth service to refresh
|
|
230
231
|
try {
|
|
231
|
-
var
|
|
232
|
+
var _ref7, _ref7$state, _p2$sub, _ref8, _p2$cfy_bid, _ref9, _p2$email, _p2$name, _ref0, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
|
|
232
233
|
const resp = await fetch(apiURL, {
|
|
233
234
|
method: "POST",
|
|
234
235
|
headers: {
|
|
@@ -348,16 +349,16 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
|
|
|
348
349
|
}
|
|
349
350
|
|
|
350
351
|
// Update downstream auth state with refreshed token
|
|
351
|
-
(
|
|
352
|
+
(_ref7$state = (_ref7 = ctx).state) != null ? _ref7$state : _ref7.state = {};
|
|
352
353
|
const tenantId2 = realmId.toString();
|
|
353
354
|
ctx.state.auth = {
|
|
354
355
|
appId,
|
|
355
356
|
userId: (_p2$sub = p2.sub) != null ? _p2$sub : null,
|
|
356
|
-
businessId: (
|
|
357
|
+
businessId: (_ref8 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref8 : null,
|
|
357
358
|
tenantId: tenantId2,
|
|
358
|
-
email: (
|
|
359
|
+
email: (_ref9 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref9 : null,
|
|
359
360
|
name: (_p2$name = p2.name) != null ? _p2$name : undefined,
|
|
360
|
-
roles: (
|
|
361
|
+
roles: (_ref0 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref0 : [],
|
|
361
362
|
exp: p2.exp
|
|
362
363
|
};
|
|
363
364
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_p$sub","_ref2","_p$cfy_bid","_ref3","_p$email","_p$name","_ref4","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","APP_MAP","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","exports","info","_ref5","_ref5$state","_p2$sub","_ref6","_p2$cfy_bid","_ref7","_p2$email","_p2$name","_ref8","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","mappingMaxAge","refresh_expires_in","setCookieKV","httpOnly","secure","sameSite","maxAge","p2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAEM,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGjB,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACG,kBAAO,aAAAjB,cAAA,GAAPiB,kBAAO,CAAGH,KAAK,CAAC,aAAhBd,cAAA,CAAkBkB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGP,kBAAO,CAACH,KAAK,CAAC,CAACI,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAGvC,iBAAiB,CAACW,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIU,OAAsB,GAAGD,OAAO,CAAC,uBAAuBX,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACY,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/B,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC8C,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpC,GAAG,EAAE8B,KAAK,CAAC;EAE/D,MAAMO,YAAY,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACV,OAAO,CAAC;EAE3E,IAAI,CAACS,YAAY,EAAE;IACjB,OAAO;MACLhB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIc,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMkB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMxB,QAAQ,GAAGiB,YAAY,CAACjB,QAAQ;;EAEtC;EACA,IAAIyB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACP,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAtB,EAAA,GAAC0C,CAAC,aAAD1C,EAAA,CAAG4C,GAAG,GAAE;IACX,OAAO;MACL1B,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMuB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAACtD,GAAG,EAAEC,GAAG,EAAEgB,KAAK,EAAE2B,KAAK,EAAEvB,QAAQ,EAAEqB,EAAE,EAAEb,OAAO,EAAEiB,CAAC,EAAE5C,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMqD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAChD,OAAOyB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKrC,QAAQ,IAAIyB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKvC,QAAQ;EAEpB,IAAI,CAACkC,KAAK,EAAE;IACV,OAAO;MACLjC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAApB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAAS4D,KAAK,YAAAvD,UAAA,GAAlBD,IAAA,CAAawD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;IACxB/C,KAAK;IACLgD,MAAM,GAAA1D,MAAA,GAAEuC,CAAC,CAACoB,GAAG,YAAA3D,MAAA,GAAI,IAAI;IACrB4D,UAAU,GAAA3D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACsB,OAAO,YAAA3D,UAAA,GAAIqD,QAAQ,YAAAtD,KAAA,GAAI,IAAI;IACzCsD,QAAQ;IACRO,KAAK,GAAA3D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACuB,KAAK,YAAA1D,QAAA,GAAImC,CAAC,CAACwB,kBAAkB,YAAA5D,KAAA,GAAI,IAAI;IAC9C6D,IAAI,GAAA3D,OAAA,GAAEkC,CAAC,CAACyB,IAAI,YAAA3D,OAAA,GAAI4D,SAAS;IACzBC,KAAK,GAAA5D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE+B,CAAC,CAAC4B,eAAe,cAAA3D,kBAAA,GAAjBA,kBAAA,CAAoBM,QAAQ,CAAC,qBAA7BN,kBAAA,CAA+B0D,KAAK,YAAA3D,qBAAA,IAAAE,eAAA,GAAI8B,CAAC,CAAC6B,YAAY,qBAAd3D,eAAA,CAAgByD,KAAK,YAAA5D,KAAA,GAAI,EAAE;IAC1EwC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOnD,IAAI,CAAC,CAAC;AACf,CAAC;AAAC0E,OAAA,CAAA7E,QAAA,GAAAA,QAAA;AAIF,eAAeuD,kBAAkBA,CAC/BtD,GAAgB,EAChBC,GAAsB,EACtBgB,KAAa,EACb4B,OAAe,EACfxB,QAAgB,EAChBqB,EAAsB,EACtBb,OAAe,EACfiB,CAAM,EACN5C,IAAqC,EACV;EAC3B;EACA,IAAI,CAACwC,EAAE,EAAE;IACP,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAzB,GAAG,CAAC4E,IAAI,CAAC,iDAAiD,EAAE;IAC1DhC,OAAO;IACPxB,QAAQ;IACRqB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAoC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAAC1G,MAAM,EAAE;MAC/B2G,MAAM,EAAE,MAAM;MACd1E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBoB,OAAO;QACPxB,QAAQ,EAAEA,QAAQ;QAClBwE,aAAa,EAAEnD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACgD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9B9F,GAAG,CAAC+F,IAAI,YAAR/F,GAAG,CAAC+F,IAAI,CAAG,wBAAwBN,IAAI,CAACpE,MAAM,IAAIyE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLzE,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMuE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLhF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/B,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC8C,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpC,GAAG,EAAE8B,KAAK,CAAC;IAE/D,MAAMK,mBAAmB,CAACmE,kBAAkB,CAAC1E,OAAO,EAAE;MACpDY,WAAW,EAAE2D,KAAe;MAC5BzD,YAAY,EAAE2D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIrD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGkD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGjC;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMkC,aAAa,GACjB,OAAOP,IAAI,CAACQ,kBAAkB,KAAK,QAAQ,GACvCR,IAAI,CAACQ,kBAAkB,GACvB,OAAOR,IAAI,CAACM,UAAU,KAAK,QAAQ,GACjCN,IAAI,CAACM,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,IAAAG,oBAAW,EAAC3G,GAAG,EAAE,uBAAuBgB,KAAK,UAAU,EAAEY,OAAO,EAAE;MAChE;MACAgF,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEN;IACV,CAAC,CAAC;;IAEF;IACA,IAAIO,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAAlE,oBAAS,EAACqD,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL9E,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMwF,MAAM,GACT1D,KAAK,CAACC,OAAO,CAACwD,EAAE,CAACvD,GAAG,CAAC,IAAIuD,EAAE,CAACvD,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAClD,OAAO4F,EAAE,CAACvD,GAAG,KAAK,QAAQ,KAAKuD,EAAE,CAACvD,GAAG,KAAKrC,QAAQ,IAAI4F,EAAE,CAACvD,GAAG,KAAK,SAAS,CAAE,IAC7EuD,EAAE,CAACrD,GAAG,KAAKvC,QAAQ;IACrB,IAAI,CAAC6F,MAAM,EAAE;MACX,OAAO;QACL5F,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAqD,WAAA,IAAAD,KAAA,GAAC7E,GAAG,EAAS4D,KAAK,YAAAkB,WAAA,GAAlBD,KAAA,CAAajB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMsD,SAAS,GAAGtE,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;MACxB/C,KAAK;MACLgD,MAAM,GAAAe,OAAA,GAAEiC,EAAE,CAAC/C,GAAG,YAAAc,OAAA,GAAI,IAAI;MACtBb,UAAU,GAAAc,KAAA,IAAAC,WAAA,GAAE+B,EAAE,CAAC7C,OAAO,YAAAc,WAAA,GAAIiC,SAAS,YAAAlC,KAAA,GAAI,IAAI;MAC3CnB,QAAQ,EAAEqD,SAAS;MACnB9C,KAAK,GAAAc,KAAA,IAAAC,SAAA,GAAE6B,EAAE,CAAC5C,KAAK,YAAAe,SAAA,GAAI6B,EAAE,CAAC3C,kBAAkB,YAAAa,KAAA,GAAI,IAAI;MAChDZ,IAAI,GAAAc,QAAA,GAAE4B,EAAE,CAAC1C,IAAI,YAAAc,QAAA,GAAIb,SAAS;MAC1BC,KAAK,GAAAa,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEyB,EAAE,CAACvC,eAAe,cAAAc,mBAAA,GAAlBA,mBAAA,CAAqBnE,QAAQ,CAAC,qBAA9BmE,mBAAA,CAAgCf,KAAK,YAAAc,qBAAA,IAAAE,gBAAA,GAAIwB,EAAE,CAACtC,YAAY,qBAAfc,gBAAA,CAAiBhB,KAAK,YAAAa,KAAA,GAAI,EAAE;MAC5EjC,GAAG,EAAE4D,EAAE,CAAC5D;IACV,CAAC;;IAED;IACA,OAAOnD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOkH,CAAC,EAAE;IACVnH,GAAG,CAACoH,KAAK,YAATpH,GAAG,CAACoH,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL9F,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACwF,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAACvD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOsD,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","APP_MAP","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","exports","info","_ref7","_ref7$state","_p2$sub","_ref8","_p2$cfy_bid","_ref9","_p2$email","_p2$name","_ref0","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","mappingMaxAge","refresh_expires_in","setCookieKV","httpOnly","secure","sameSite","maxAge","p2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAEM,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGrB,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACG,kBAAO,aAAArB,cAAA,GAAPqB,kBAAO,CAAGH,KAAK,CAAC,aAAhBlB,cAAA,CAAkBsB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGP,kBAAO,CAACH,KAAK,CAAC,CAACI,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAG3C,iBAAiB,CAACW,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIU,OAAsB,GAAGD,OAAO,CAAC,uBAAuBX,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACY,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CnC,GAAG,EACHf,OAAO,CAACC,GAAG,CAACkD,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACxC,GAAG,EAAEkC,KAAK,CAAC;EAE/D,MAAMO,YAAY,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACV,OAAO,CAAC;EAE3E,IAAI,CAACS,YAAY,EAAE;IACjB,OAAO;MACLhB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIc,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMkB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMxB,QAAQ,GAAGiB,YAAY,CAACjB,QAAQ;;EAEtC;EACA,IAAIyB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACP,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAA1B,EAAA,GAAC8C,CAAC,aAAD9C,EAAA,CAAGgD,GAAG,GAAE;IACX,OAAO;MACL1B,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMuB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC1D,GAAG,EAAEC,GAAG,EAAEoB,KAAK,EAAE2B,KAAK,EAAEvB,QAAQ,EAAEqB,EAAE,EAAEb,OAAO,EAAEiB,CAAC,EAAEhD,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMyD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAChD,OAAOyB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKrC,QAAQ,IAAIyB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKvC,QAAQ;EAEpB,IAAI,CAACkC,KAAK,EAAE;IACV,OAAO;MACLjC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAxB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASgE,KAAK,YAAA3D,UAAA,GAAlBD,IAAA,CAAa4D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhClE,GAAG,CAASgE,KAAK,CAACG,IAAI,GAAG;IACxB/C,KAAK;IACLgD,MAAM,GAAA9D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEiC,YAAY,CAAC2B,MAAM,aAAnB5D,oBAAA,CAAqB0D,QAAQ,oBAA7B1D,oBAAA,CAAqB0D,QAAQ,CAAG,CAAC,YAAA3D,qBAAA,GAAI0C,CAAC,CAACoB,GAAG,YAAA/D,KAAA,GAAI,IAAI;IAC1DgE,cAAc,GAAA7D,KAAA,IAAAC,MAAA,GAAEuC,CAAC,CAACoB,GAAG,YAAA3D,MAAA,GAAI+B,YAAY,CAAC6B,cAAc,YAAA7D,KAAA,GAAI,IAAI;IAC5D8D,UAAU,GAAA5D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACuB,OAAO,YAAA5D,UAAA,GAAIqD,QAAQ,YAAAtD,KAAA,GAAI,IAAI;IACzCsD,QAAQ;IACRQ,KAAK,GAAA5D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACwB,KAAK,YAAA3D,QAAA,GAAImC,CAAC,CAACyB,kBAAkB,YAAA7D,KAAA,GAAI,IAAI;IAC9C8D,IAAI,GAAA5D,OAAA,GAAEkC,CAAC,CAAC0B,IAAI,YAAA5D,OAAA,GAAI6D,SAAS;IACzBC,KAAK,GAAA7D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE+B,CAAC,CAAC6B,eAAe,cAAA5D,kBAAA,GAAjBA,kBAAA,CAAoBM,QAAQ,CAAC,qBAA7BN,kBAAA,CAA+B2D,KAAK,YAAA5D,qBAAA,IAAAE,eAAA,GAAI8B,CAAC,CAAC8B,YAAY,qBAAd5D,eAAA,CAAgB0D,KAAK,YAAA7D,KAAA,GAAI,EAAE;IAC1EwC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOvD,IAAI,CAAC,CAAC;AACf,CAAC;AAAC+E,OAAA,CAAAlF,QAAA,GAAAA,QAAA;AAIF,eAAe2D,kBAAkBA,CAC/B1D,GAAgB,EAChBC,GAAsB,EACtBoB,KAAa,EACb4B,OAAe,EACfxB,QAAgB,EAChBqB,EAAsB,EACtBb,OAAe,EACfiB,CAAM,EACNhD,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC4C,EAAE,EAAE;IACP,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA7B,GAAG,CAACiF,IAAI,CAAC,iDAAiD,EAAE;IAC1DjC,OAAO;IACPxB,QAAQ;IACRqB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAqC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAAC/G,MAAM,EAAE;MAC/BgH,MAAM,EAAE,MAAM;MACd3E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBoB,OAAO;QACPxB,QAAQ,EAAEA,QAAQ;QAClByE,aAAa,EAAEpD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACiD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9BnG,GAAG,CAACoG,IAAI,YAARpG,GAAG,CAACoG,IAAI,CAAG,wBAAwBN,IAAI,CAACrE,MAAM,IAAI0E,IAAI,EAAE,CAAC;MACzD,OAAO;QACL1E,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMwE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLjF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CnC,GAAG,EACHf,OAAO,CAACC,GAAG,CAACkD,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACxC,GAAG,EAAEkC,KAAK,CAAC;IAE/D,MAAMK,mBAAmB,CAACoE,kBAAkB,CAAC3E,OAAO,EAAE;MACpDY,WAAW,EAAE4D,KAAe;MAC5B1D,YAAY,EAAE4D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAItD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGmD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGjC;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMkC,aAAa,GACjB,OAAOP,IAAI,CAACQ,kBAAkB,KAAK,QAAQ,GACvCR,IAAI,CAACQ,kBAAkB,GACvB,OAAOR,IAAI,CAACM,UAAU,KAAK,QAAQ,GACjCN,IAAI,CAACM,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,IAAAG,oBAAW,EAAChH,GAAG,EAAE,uBAAuBoB,KAAK,UAAU,EAAEY,OAAO,EAAE;MAChE;MACAiF,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEN;IACV,CAAC,CAAC;;IAEF;IACA,IAAIO,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAAnE,oBAAS,EAACsD,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL/E,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMyF,MAAM,GACT3D,KAAK,CAACC,OAAO,CAACyD,EAAE,CAACxD,GAAG,CAAC,IAAIwD,EAAE,CAACxD,GAAG,CAACC,QAAQ,CAACtC,QAAQ,CAAC,IAClD,OAAO6F,EAAE,CAACxD,GAAG,KAAK,QAAQ,KAAKwD,EAAE,CAACxD,GAAG,KAAKrC,QAAQ,IAAI6F,EAAE,CAACxD,GAAG,KAAK,SAAS,CAAE,IAC7EwD,EAAE,CAACtD,GAAG,KAAKvC,QAAQ;IACrB,IAAI,CAAC8F,MAAM,EAAE;MACX,OAAO;QACL7F,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAsD,WAAA,IAAAD,KAAA,GAAClF,GAAG,EAASgE,KAAK,YAAAmB,WAAA,GAAlBD,KAAA,CAAalB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMuD,SAAS,GAAGvE,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnClE,GAAG,CAASgE,KAAK,CAACG,IAAI,GAAG;MACxB/C,KAAK;MACLgD,MAAM,GAAAgB,OAAA,GAAEiC,EAAE,CAAChD,GAAG,YAAAe,OAAA,GAAI,IAAI;MACtBb,UAAU,GAAAc,KAAA,IAAAC,WAAA,GAAE+B,EAAE,CAAC7C,OAAO,YAAAc,WAAA,GAAIiC,SAAS,YAAAlC,KAAA,GAAI,IAAI;MAC3CpB,QAAQ,EAAEsD,SAAS;MACnB9C,KAAK,GAAAc,KAAA,IAAAC,SAAA,GAAE6B,EAAE,CAAC5C,KAAK,YAAAe,SAAA,GAAI6B,EAAE,CAAC3C,kBAAkB,YAAAa,KAAA,GAAI,IAAI;MAChDZ,IAAI,GAAAc,QAAA,GAAE4B,EAAE,CAAC1C,IAAI,YAAAc,QAAA,GAAIb,SAAS;MAC1BC,KAAK,GAAAa,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEyB,EAAE,CAACvC,eAAe,cAAAc,mBAAA,GAAlBA,mBAAA,CAAqBpE,QAAQ,CAAC,qBAA9BoE,mBAAA,CAAgCf,KAAK,YAAAc,qBAAA,IAAAE,gBAAA,GAAIwB,EAAE,CAACtC,YAAY,qBAAfc,gBAAA,CAAiBhB,KAAK,YAAAa,KAAA,GAAI,EAAE;MAC5ElC,GAAG,EAAE6D,EAAE,CAAC7D;IACV,CAAC;;IAED;IACA,OAAOvD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOuH,CAAC,EAAE;IACVxH,GAAG,CAACyH,KAAK,YAATzH,GAAG,CAACyH,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL/F,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACyF,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAACxD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOuD,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
@@ -16,7 +16,7 @@ const parseCookieHeader = header => {
|
|
|
16
16
|
return out;
|
|
17
17
|
};
|
|
18
18
|
export const verifyMw = async (req, ctx, next) => {
|
|
19
|
-
var _APP_MAP$appId, _p, _ref, _ref$state, _p$sub,
|
|
19
|
+
var _APP_MAP$appId, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$sub, _ref4, _p$cfy_bid, _ref5, _p$email, _p$name, _ref6, _p$resource_access$cl, _p$resource_access, _p$realm_access;
|
|
20
20
|
const appId = req.headers.get("app-id");
|
|
21
21
|
if (!appId || !(APP_MAP != null && (_APP_MAP$appId = APP_MAP[appId]) != null && _APP_MAP$appId.clientId)) {
|
|
22
22
|
return {
|
|
@@ -188,12 +188,13 @@ export const verifyMw = async (req, ctx, next) => {
|
|
|
188
188
|
const tenantId = realm.toString();
|
|
189
189
|
ctx.state.auth = {
|
|
190
190
|
appId,
|
|
191
|
-
userId: (
|
|
192
|
-
|
|
191
|
+
userId: (_ref2 = (_tokenMapping$userId$ = (_tokenMapping$userId = tokenMapping.userId) == null || _tokenMapping$userId.toString == null ? void 0 : _tokenMapping$userId.toString()) != null ? _tokenMapping$userId$ : p.sub) != null ? _ref2 : null,
|
|
192
|
+
keycloakUserId: (_ref3 = (_p$sub = p.sub) != null ? _p$sub : tokenMapping.keycloakUserId) != null ? _ref3 : null,
|
|
193
|
+
businessId: (_ref4 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref4 : null,
|
|
193
194
|
tenantId,
|
|
194
|
-
email: (
|
|
195
|
+
email: (_ref5 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref5 : null,
|
|
195
196
|
name: (_p$name = p.name) != null ? _p$name : undefined,
|
|
196
|
-
roles: (
|
|
197
|
+
roles: (_ref6 = (_p$resource_access$cl = (_p$resource_access = p.resource_access) == null || (_p$resource_access = _p$resource_access[clientId]) == null ? void 0 : _p$resource_access.roles) != null ? _p$resource_access$cl : (_p$realm_access = p.realm_access) == null ? void 0 : _p$realm_access.roles) != null ? _ref6 : [],
|
|
197
198
|
exp: p.exp
|
|
198
199
|
};
|
|
199
200
|
return next();
|
|
@@ -223,7 +224,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
|
|
|
223
224
|
|
|
224
225
|
// Call auth service to refresh
|
|
225
226
|
try {
|
|
226
|
-
var
|
|
227
|
+
var _ref7, _ref7$state, _p2$sub, _ref8, _p2$cfy_bid, _ref9, _p2$email, _p2$name, _ref0, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
|
|
227
228
|
const resp = await fetch(apiURL, {
|
|
228
229
|
method: "POST",
|
|
229
230
|
headers: {
|
|
@@ -343,16 +344,16 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
|
|
|
343
344
|
}
|
|
344
345
|
|
|
345
346
|
// Update downstream auth state with refreshed token
|
|
346
|
-
(
|
|
347
|
+
(_ref7$state = (_ref7 = ctx).state) != null ? _ref7$state : _ref7.state = {};
|
|
347
348
|
const tenantId2 = realmId.toString();
|
|
348
349
|
ctx.state.auth = {
|
|
349
350
|
appId,
|
|
350
351
|
userId: (_p2$sub = p2.sub) != null ? _p2$sub : null,
|
|
351
|
-
businessId: (
|
|
352
|
+
businessId: (_ref8 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref8 : null,
|
|
352
353
|
tenantId: tenantId2,
|
|
353
|
-
email: (
|
|
354
|
+
email: (_ref9 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref9 : null,
|
|
354
355
|
name: (_p2$name = p2.name) != null ? _p2$name : undefined,
|
|
355
|
-
roles: (
|
|
356
|
+
roles: (_ref0 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref0 : [],
|
|
356
357
|
exp: p2.exp
|
|
357
358
|
};
|
|
358
359
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_p$sub","_ref2","_p$cfy_bid","_ref3","_p$email","_p$name","_ref4","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","_unused","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","info","_ref5","_ref5$state","_p2$sub","_ref6","_p2$cfy_bid","_ref7","_p2$email","_p2$name","_ref8","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","mappingMaxAge","refresh_expires_in","httpOnly","secure","sameSite","maxAge","p2","_unused2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,wBAAwB,QAAQ,UAAU;AAEnD,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGjB,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACtC,OAAO,aAAAwB,cAAA,GAAPxB,OAAO,CAAGsC,KAAK,CAAC,aAAhBd,cAAA,CAAkBiB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAG/C,OAAO,CAACsC,KAAK,CAAC,CAACG,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAGtC,iBAAiB,CAACW,GAAG,CAACkB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIS,OAAsB,GAAGD,OAAO,CAAC,uBAAuBV,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACW,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM/C,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC4C,oBAAoB,IAAI,EAAE,EACtClD,mBAAmB,CAACmD,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMQ,mBAAmB,GAAG,IAAIjD,mBAAmB,CAACiB,GAAG,EAAE6B,KAAK,CAAC;EAE/D,MAAMI,YAAY,GAAG,MAAMD,mBAAmB,CAACE,mBAAmB,CAACP,OAAO,CAAC;EAE3E,IAAI,CAACM,YAAY,EAAE;IACjB,OAAO;MACLb,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIW,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMe,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMrB,QAAQ,GAAGc,YAAY,CAACd,QAAQ;;EAEtC;EACA,IAAIsB,CAAM;EACV,IAAI;IACFA,CAAC,GAAG9D,SAAS,CAACwD,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAO,OAAA,EAAM;IACN,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAArB,EAAA,GAACsC,CAAC,aAADtC,EAAA,CAAGwC,GAAG,GAAE;IACX,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMoB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAClD,GAAG,EAAEC,GAAG,EAAEgB,KAAK,EAAEuB,KAAK,EAAEpB,QAAQ,EAAEkB,EAAE,EAAEV,OAAO,EAAEc,CAAC,EAAExC,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMiD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAChD,OAAOsB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKlC,QAAQ,IAAIsB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKpC,QAAQ;EAEpB,IAAI,CAAC+B,KAAK,EAAE;IACV,OAAO;MACL9B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAnB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASwD,KAAK,YAAAnD,UAAA,GAAlBD,IAAA,CAAaoD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC1D,GAAG,CAASwD,KAAK,CAACG,IAAI,GAAG;IACxB3C,KAAK;IACL4C,MAAM,GAAAtD,MAAA,GAAEmC,CAAC,CAACoB,GAAG,YAAAvD,MAAA,GAAI,IAAI;IACrBwD,UAAU,GAAAvD,KAAA,IAAAC,UAAA,GAAEiC,CAAC,CAACsB,OAAO,YAAAvD,UAAA,GAAIiD,QAAQ,YAAAlD,KAAA,GAAI,IAAI;IACzCkD,QAAQ;IACRO,KAAK,GAAAvD,KAAA,IAAAC,QAAA,GAAE+B,CAAC,CAACuB,KAAK,YAAAtD,QAAA,GAAI+B,CAAC,CAACwB,kBAAkB,YAAAxD,KAAA,GAAI,IAAI;IAC9CyD,IAAI,GAAAvD,OAAA,GAAE8B,CAAC,CAACyB,IAAI,YAAAvD,OAAA,GAAIwD,SAAS;IACzBC,KAAK,GAAAxD,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE2B,CAAC,CAAC4B,eAAe,cAAAvD,kBAAA,GAAjBA,kBAAA,CAAoBK,QAAQ,CAAC,qBAA7BL,kBAAA,CAA+BsD,KAAK,YAAAvD,qBAAA,IAAAE,eAAA,GAAI0B,CAAC,CAAC6B,YAAY,qBAAdvD,eAAA,CAAgBqD,KAAK,YAAAxD,KAAA,GAAI,EAAE;IAC1EoC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAO/C,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAegD,kBAAkBA,CAC/BlD,GAAgB,EAChBC,GAAsB,EACtBgB,KAAa,EACbwB,OAAe,EACfrB,QAAgB,EAChBkB,EAAsB,EACtBV,OAAe,EACfc,CAAM,EACNxC,IAAqC,EACV;EAC3B;EACA,IAAI,CAACoC,EAAE,EAAE;IACP,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAxB,GAAG,CAACuE,IAAI,CAAC,iDAAiD,EAAE;IAC1D/B,OAAO;IACPrB,QAAQ;IACRkB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAmC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAACrG,MAAM,EAAE;MAC/BsG,MAAM,EAAE,MAAM;MACdrE,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBiB,OAAO;QACPrB,QAAQ,EAAEA,QAAQ;QAClBoE,aAAa,EAAElD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC+C,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9BzF,GAAG,CAAC0F,IAAI,YAAR1F,GAAG,CAAC0F,IAAI,CAAG,wBAAwBN,IAAI,CAAChE,MAAM,IAAIqE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLrE,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMmE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL5E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM/C,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAAC4C,oBAAoB,IAAI,EAAE,EACtClD,mBAAmB,CAACmD,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMQ,mBAAmB,GAAG,IAAIjD,mBAAmB,CAACiB,GAAG,EAAE6B,KAAK,CAAC;IAE/D,MAAMG,mBAAmB,CAACiE,kBAAkB,CAACtE,OAAO,EAAE;MACpDS,WAAW,EAAE0D,KAAe;MAC5BxD,YAAY,EAAE0D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIpD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGiD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGhC;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMiC,aAAa,GACjB,OAAOP,IAAI,CAACQ,kBAAkB,KAAK,QAAQ,GACvCR,IAAI,CAACQ,kBAAkB,GACvB,OAAOR,IAAI,CAACM,UAAU,KAAK,QAAQ,GACjCN,IAAI,CAACM,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtBtH,WAAW,CAACmB,GAAG,EAAE,uBAAuBgB,KAAK,UAAU,EAAEW,OAAO,EAAE;MAChE;MACA2E,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEL;IACV,CAAC,CAAC;;IAEF;IACA,IAAIM,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG/H,SAAS,CAACmH,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAa,QAAA,EAAM;MACnC,OAAO;QACLvF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMoF,MAAM,GACTzD,KAAK,CAACC,OAAO,CAACsD,EAAE,CAACrD,GAAG,CAAC,IAAIqD,EAAE,CAACrD,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAClD,OAAOuF,EAAE,CAACrD,GAAG,KAAK,QAAQ,KAAKqD,EAAE,CAACrD,GAAG,KAAKlC,QAAQ,IAAIuF,EAAE,CAACrD,GAAG,KAAK,SAAS,CAAE,IAC7EqD,EAAE,CAACnD,GAAG,KAAKpC,QAAQ;IACrB,IAAI,CAACyF,MAAM,EAAE;MACX,OAAO;QACLxF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAiD,WAAA,IAAAD,KAAA,GAACxE,GAAG,EAASwD,KAAK,YAAAiB,WAAA,GAAlBD,KAAA,CAAahB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMqD,SAAS,GAAGrE,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC1D,GAAG,CAASwD,KAAK,CAACG,IAAI,GAAG;MACxB3C,KAAK;MACL4C,MAAM,GAAAc,OAAA,GAAEgC,EAAE,CAAC7C,GAAG,YAAAa,OAAA,GAAI,IAAI;MACtBZ,UAAU,GAAAa,KAAA,IAAAC,WAAA,GAAE8B,EAAE,CAAC3C,OAAO,YAAAa,WAAA,GAAIiC,SAAS,YAAAlC,KAAA,GAAI,IAAI;MAC3ClB,QAAQ,EAAEoD,SAAS;MACnB7C,KAAK,GAAAa,KAAA,IAAAC,SAAA,GAAE4B,EAAE,CAAC1C,KAAK,YAAAc,SAAA,GAAI4B,EAAE,CAACzC,kBAAkB,YAAAY,KAAA,GAAI,IAAI;MAChDX,IAAI,GAAAa,QAAA,GAAE2B,EAAE,CAACxC,IAAI,YAAAa,QAAA,GAAIZ,SAAS;MAC1BC,KAAK,GAAAY,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEwB,EAAE,CAACrC,eAAe,cAAAa,mBAAA,GAAlBA,mBAAA,CAAqB/D,QAAQ,CAAC,qBAA9B+D,mBAAA,CAAgCd,KAAK,YAAAa,qBAAA,IAAAE,gBAAA,GAAIuB,EAAE,CAACpC,YAAY,qBAAfa,gBAAA,CAAiBf,KAAK,YAAAY,KAAA,GAAI,EAAE;MAC5EhC,GAAG,EAAE0D,EAAE,CAAC1D;IACV,CAAC;;IAED;IACA,OAAO/C,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAO6G,CAAC,EAAE;IACV9G,GAAG,CAAC+G,KAAK,YAAT/G,GAAG,CAAC+G,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL1F,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACoF,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAACtD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOqD,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
1
|
+
{"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMapping","getTokenMappingById","at","accessToken","rt","refreshToken","realm","realmId","p","_unused","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","info","_ref7","_ref7$state","_p2$sub","_ref8","_p2$cfy_bid","_ref9","_p2$email","_p2$name","_ref0","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updateTokenMapping","expiresAt","expires_in","mappingMaxAge","refresh_expires_in","httpOnly","secure","sameSite","maxAge","p2","_unused2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || ''\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMapping = await tokenMappingService.getTokenMappingById(mapping);\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: p2.sub ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,wBAAwB,QAAQ,UAAU;AAEnD,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AAEpD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGrB,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAAC1C,OAAO,aAAAwB,cAAA,GAAPxB,OAAO,CAAG0C,KAAK,CAAC,aAAhBlB,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGnD,OAAO,CAAC0C,KAAK,CAAC,CAACG,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAG1C,iBAAiB,CAACW,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIS,OAAsB,GAAGD,OAAO,CAAC,uBAAuBV,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACW,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAMnD,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAACgD,oBAAoB,IAAI,EAAE,EACtCtD,mBAAmB,CAACuD,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMQ,mBAAmB,GAAG,IAAIrD,mBAAmB,CAACiB,GAAG,EAAEiC,KAAK,CAAC;EAE/D,MAAMI,YAAY,GAAG,MAAMD,mBAAmB,CAACE,mBAAmB,CAACP,OAAO,CAAC;EAE3E,IAAI,CAACM,YAAY,EAAE;IACjB,OAAO;MACLb,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIW,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMe,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMrB,QAAQ,GAAGc,YAAY,CAACd,QAAQ;;EAEtC;EACA,IAAIsB,CAAM;EACV,IAAI;IACFA,CAAC,GAAGlE,SAAS,CAAC4D,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAO,OAAA,EAAM;IACN,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAzB,EAAA,GAAC0C,CAAC,aAAD1C,EAAA,CAAG4C,GAAG,GAAE;IACX,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMoB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAACtD,GAAG,EAAEC,GAAG,EAAEoB,KAAK,EAAEuB,KAAK,EAAEpB,QAAQ,EAAEkB,EAAE,EAAEV,OAAO,EAAEc,CAAC,EAAE5C,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMqD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAChD,OAAOsB,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKlC,QAAQ,IAAIsB,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKpC,QAAQ;EAEpB,IAAI,CAAC+B,KAAK,EAAE;IACV,OAAO;MACL9B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAvB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAAS4D,KAAK,YAAAvD,UAAA,GAAlBD,IAAA,CAAawD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;IACxB3C,KAAK;IACL4C,MAAM,GAAA1D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAE6B,YAAY,CAAC2B,MAAM,aAAnBxD,oBAAA,CAAqBsD,QAAQ,oBAA7BtD,oBAAA,CAAqBsD,QAAQ,CAAG,CAAC,YAAAvD,qBAAA,GAAIsC,CAAC,CAACoB,GAAG,YAAA3D,KAAA,GAAI,IAAI;IAC1D4D,cAAc,GAAAzD,KAAA,IAAAC,MAAA,GAAEmC,CAAC,CAACoB,GAAG,YAAAvD,MAAA,GAAI2B,YAAY,CAAC6B,cAAc,YAAAzD,KAAA,GAAI,IAAI;IAC5D0D,UAAU,GAAAxD,KAAA,IAAAC,UAAA,GAAEiC,CAAC,CAACuB,OAAO,YAAAxD,UAAA,GAAIiD,QAAQ,YAAAlD,KAAA,GAAI,IAAI;IACzCkD,QAAQ;IACRQ,KAAK,GAAAxD,KAAA,IAAAC,QAAA,GAAE+B,CAAC,CAACwB,KAAK,YAAAvD,QAAA,GAAI+B,CAAC,CAACyB,kBAAkB,YAAAzD,KAAA,GAAI,IAAI;IAC9C0D,IAAI,GAAAxD,OAAA,GAAE8B,CAAC,CAAC0B,IAAI,YAAAxD,OAAA,GAAIyD,SAAS;IACzBC,KAAK,GAAAzD,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE2B,CAAC,CAAC6B,eAAe,cAAAxD,kBAAA,GAAjBA,kBAAA,CAAoBK,QAAQ,CAAC,qBAA7BL,kBAAA,CAA+BuD,KAAK,YAAAxD,qBAAA,IAAAE,eAAA,GAAI0B,CAAC,CAAC8B,YAAY,qBAAdxD,eAAA,CAAgBsD,KAAK,YAAAzD,KAAA,GAAI,EAAE;IAC1EoC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOnD,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAeoD,kBAAkBA,CAC/BtD,GAAgB,EAChBC,GAAsB,EACtBoB,KAAa,EACbwB,OAAe,EACfrB,QAAgB,EAChBkB,EAAsB,EACtBV,OAAe,EACfc,CAAM,EACN5C,IAAqC,EACV;EAC3B;EACA,IAAI,CAACwC,EAAE,EAAE;IACP,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA5B,GAAG,CAAC4E,IAAI,CAAC,iDAAiD,EAAE;IAC1DhC,OAAO;IACPrB,QAAQ;IACRkB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAoC,KAAA,EAAAC,WAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAAC1G,MAAM,EAAE;MAC/B2G,MAAM,EAAE,MAAM;MACdtE,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBiB,OAAO;QACPrB,QAAQ,EAAEA,QAAQ;QAClBqE,aAAa,EAAEnD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACgD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9B9F,GAAG,CAAC+F,IAAI,YAAR/F,GAAG,CAAC+F,IAAI,CAAG,wBAAwBN,IAAI,CAACjE,MAAM,IAAIsE,IAAI,EAAE,CAAC;MACzD,OAAO;QACLtE,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMoE,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL7E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAMnD,wBAAwB,CAC1CkB,GAAG,EACHf,OAAO,CAACC,GAAG,CAACgD,oBAAoB,IAAI,EAAE,EACtCtD,mBAAmB,CAACuD,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMQ,mBAAmB,GAAG,IAAIrD,mBAAmB,CAACiB,GAAG,EAAEiC,KAAK,CAAC;IAE/D,MAAMG,mBAAmB,CAACkE,kBAAkB,CAACvE,OAAO,EAAE;MACpDS,WAAW,EAAE2D,KAAe;MAC5BzD,YAAY,EAAE2D,KAAe;MAC7B;MACAE,SAAS,EAAE,OAAOL,IAAI,CAACM,UAAU,KAAK,QAAQ,GAAG,IAAIrD,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGkD,IAAI,CAACM,UAAU,GAAG,IAAI,CAAC,GAAGhC;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMiC,aAAa,GACjB,OAAOP,IAAI,CAACQ,kBAAkB,KAAK,QAAQ,GACvCR,IAAI,CAACQ,kBAAkB,GACvB,OAAOR,IAAI,CAACM,UAAU,KAAK,QAAQ,GACjCN,IAAI,CAACM,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB3H,WAAW,CAACmB,GAAG,EAAE,uBAAuBoB,KAAK,UAAU,EAAEW,OAAO,EAAE;MAChE;MACA4E,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEL;IACV,CAAC,CAAC;;IAEF;IACA,IAAIM,EAAO;IACX,IAAI;MAAEA,EAAE,GAAGpI,SAAS,CAACwH,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAa,QAAA,EAAM;MACnC,OAAO;QACLxF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMqF,MAAM,GACT1D,KAAK,CAACC,OAAO,CAACuD,EAAE,CAACtD,GAAG,CAAC,IAAIsD,EAAE,CAACtD,GAAG,CAACC,QAAQ,CAACnC,QAAQ,CAAC,IAClD,OAAOwF,EAAE,CAACtD,GAAG,KAAK,QAAQ,KAAKsD,EAAE,CAACtD,GAAG,KAAKlC,QAAQ,IAAIwF,EAAE,CAACtD,GAAG,KAAK,SAAS,CAAE,IAC7EsD,EAAE,CAACpD,GAAG,KAAKpC,QAAQ;IACrB,IAAI,CAAC0F,MAAM,EAAE;MACX,OAAO;QACLzF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAkD,WAAA,IAAAD,KAAA,GAAC7E,GAAG,EAAS4D,KAAK,YAAAkB,WAAA,GAAlBD,KAAA,CAAajB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMsD,SAAS,GAAGtE,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnC9D,GAAG,CAAS4D,KAAK,CAACG,IAAI,GAAG;MACxB3C,KAAK;MACL4C,MAAM,GAAAe,OAAA,GAAEgC,EAAE,CAAC9C,GAAG,YAAAc,OAAA,GAAI,IAAI;MACtBZ,UAAU,GAAAa,KAAA,IAAAC,WAAA,GAAE8B,EAAE,CAAC3C,OAAO,YAAAa,WAAA,GAAIiC,SAAS,YAAAlC,KAAA,GAAI,IAAI;MAC3CnB,QAAQ,EAAEqD,SAAS;MACnB7C,KAAK,GAAAa,KAAA,IAAAC,SAAA,GAAE4B,EAAE,CAAC1C,KAAK,YAAAc,SAAA,GAAI4B,EAAE,CAACzC,kBAAkB,YAAAY,KAAA,GAAI,IAAI;MAChDX,IAAI,GAAAa,QAAA,GAAE2B,EAAE,CAACxC,IAAI,YAAAa,QAAA,GAAIZ,SAAS;MAC1BC,KAAK,GAAAY,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEwB,EAAE,CAACrC,eAAe,cAAAa,mBAAA,GAAlBA,mBAAA,CAAqBhE,QAAQ,CAAC,qBAA9BgE,mBAAA,CAAgCd,KAAK,YAAAa,qBAAA,IAAAE,gBAAA,GAAIuB,EAAE,CAACpC,YAAY,qBAAfa,gBAAA,CAAiBf,KAAK,YAAAY,KAAA,GAAI,EAAE;MAC5EjC,GAAG,EAAE2D,EAAE,CAAC3D;IACV,CAAC;;IAED;IACA,OAAOnD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOkH,CAAC,EAAE;IACVnH,GAAG,CAACoH,KAAK,YAATpH,GAAG,CAACoH,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL3F,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACqF,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAACvD,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOsD,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
|
|
@@ -22,8 +22,8 @@ const parseCookieHeader = (header) => {
|
|
|
22
22
|
return out;
|
|
23
23
|
};
|
|
24
24
|
const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
|
|
25
|
-
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o;
|
|
26
|
-
var
|
|
25
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t;
|
|
26
|
+
var _u;
|
|
27
27
|
const appId = req.headers.get("app-id");
|
|
28
28
|
if (!appId || !((_a = constants_1.APP_MAP === null || constants_1.APP_MAP === void 0 ? void 0 : constants_1.APP_MAP[appId]) === null || _a === void 0 ? void 0 : _a.clientId)) {
|
|
29
29
|
return {
|
|
@@ -85,7 +85,7 @@ const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, f
|
|
|
85
85
|
try {
|
|
86
86
|
p = (0, jwt_decode_1.jwtDecode)(at);
|
|
87
87
|
}
|
|
88
|
-
catch (
|
|
88
|
+
catch (_v) {
|
|
89
89
|
return {
|
|
90
90
|
status: 401,
|
|
91
91
|
headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
|
|
@@ -117,16 +117,17 @@ const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, f
|
|
|
117
117
|
};
|
|
118
118
|
}
|
|
119
119
|
// pass data downstream
|
|
120
|
-
(_b = (
|
|
120
|
+
(_b = (_u = ctx).state) !== null && _b !== void 0 ? _b : (_u.state = {});
|
|
121
121
|
const tenantId = realm.toString();
|
|
122
122
|
ctx.state.auth = {
|
|
123
123
|
appId,
|
|
124
|
-
userId: (_c = p.sub) !== null &&
|
|
125
|
-
|
|
124
|
+
userId: (_f = (_e = (_d = (_c = tokenMapping.userId) === null || _c === void 0 ? void 0 : _c.toString) === null || _d === void 0 ? void 0 : _d.call(_c)) !== null && _e !== void 0 ? _e : p.sub) !== null && _f !== void 0 ? _f : null,
|
|
125
|
+
keycloakUserId: (_h = (_g = p.sub) !== null && _g !== void 0 ? _g : tokenMapping.keycloakUserId) !== null && _h !== void 0 ? _h : null,
|
|
126
|
+
businessId: (_k = (_j = p.cfy_bid) !== null && _j !== void 0 ? _j : tenantId) !== null && _k !== void 0 ? _k : null,
|
|
126
127
|
tenantId,
|
|
127
|
-
email: (
|
|
128
|
-
name: (
|
|
129
|
-
roles: (
|
|
128
|
+
email: (_m = (_l = p.email) !== null && _l !== void 0 ? _l : p.preferred_username) !== null && _m !== void 0 ? _m : null,
|
|
129
|
+
name: (_o = p.name) !== null && _o !== void 0 ? _o : undefined,
|
|
130
|
+
roles: (_t = (_r = (_q = (_p = p.resource_access) === null || _p === void 0 ? void 0 : _p[clientId]) === null || _q === void 0 ? void 0 : _q.roles) !== null && _r !== void 0 ? _r : (_s = p.realm_access) === null || _s === void 0 ? void 0 : _s.roles) !== null && _t !== void 0 ? _t : [],
|
|
130
131
|
exp: p.exp,
|
|
131
132
|
};
|
|
132
133
|
return next();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAoD;AAEpD,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAA;AAEpD,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEK,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEjD,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE7D,IAAI,OAAO,GAAkB,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC,CAAC;IAE7E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAE5E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;IAEvC,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC1E,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC;IAErB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,CAAC,CAAC,GAAG,mCAAI,IAAI;QACrB,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC1E,GAAG,EAAE,CAAC,CAAC,GAAG;KACX,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AA3IW,QAAA,QAAQ,YA2InB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,iDAAiD,EAAE;YAC1D,OAAO;YACP,QAAQ;YACR,EAAE;SACH,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAA,GAAG,CAAC,IAAI,oDAAG,wBAAwB,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC1D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBACpD,WAAW,EAAE,KAAe;gBAC5B,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;oBACnC,CAAC,CAAC,IAAI,CAAC,UAAU;oBACjB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,eAAe;YAErC,IAAA,qBAAW,EAAC,GAAG,EAAE,uBAAuB,KAAK,UAAU,EAAE,OAAO,EAAE;gBAChE,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK;gBACL,MAAM,EAAE,MAAA,EAAE,CAAC,GAAG,mCAAI,IAAI;gBACtB,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE,CAAQ,CAAC,CAAC;YAC3C,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAoD;AAEpD,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAA;AAEpD,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEK,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEjD,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE7D,IAAI,OAAO,GAAkB,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC,CAAC;IAE7E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAE5E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;IAEvC,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC1E,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC;IAErB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,YAAY,CAAC,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,CAAC,CAAC,GAAG,mCAAI,IAAI;QAC1D,cAAc,EAAE,MAAA,MAAA,CAAC,CAAC,GAAG,mCAAI,YAAY,CAAC,cAAc,mCAAI,IAAI;QAC5D,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC1E,GAAG,EAAE,CAAC,CAAC,GAAG;KACX,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AA5IW,QAAA,QAAQ,YA4InB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,iDAAiD,EAAE;YAC1D,OAAO;YACP,QAAQ;YACR,EAAE;SACH,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAA,GAAG,CAAC,IAAI,oDAAG,wBAAwB,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC1D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBACpD,WAAW,EAAE,KAAe;gBAC5B,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;oBACnC,CAAC,CAAC,IAAI,CAAC,UAAU;oBACjB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,eAAe;YAErC,IAAA,qBAAW,EAAC,GAAG,EAAE,uBAAuB,KAAK,UAAU,EAAE,OAAO,EAAE;gBAChE,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK;gBACL,MAAM,EAAE,MAAA,EAAE,CAAC,GAAG,mCAAI,IAAI;gBACtB,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE,CAAQ,CAAC,CAAC;YAC3C,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
package/package.json
CHANGED