@culturefy/shared 1.0.61 → 1.0.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/build/cjs/middlewares/verify-middleware.js +31 -3
  2. package/build/cjs/middlewares/verify-middleware.js.map +1 -1
  3. package/build/cjs/utils/cookies.js +11 -4
  4. package/build/cjs/utils/cookies.js.map +1 -1
  5. package/build/esm/middlewares/verify-middleware.js +33 -5
  6. package/build/esm/middlewares/verify-middleware.js.map +1 -1
  7. package/build/esm/utils/cookies.js +11 -4
  8. package/build/esm/utils/cookies.js.map +1 -1
  9. package/build/src/middlewares/verify-middleware.js +44 -13
  10. package/build/src/middlewares/verify-middleware.js.map +1 -1
  11. package/build/src/utils/cookies.d.ts +1 -0
  12. package/build/src/utils/cookies.js +9 -4
  13. package/build/src/utils/cookies.js.map +1 -1
  14. package/package.json +1 -1
package/build/cjs/middlewares/verify-middleware.js CHANGED
@@ -10,6 +10,30 @@ var _utils = require("../utils");
10
10
  var _tokenMapping = require("../service/tokenMapping.service");
11
11
  const apiURL = process.env.REFRESH_SESSION_URL || '';
12
12
  const verifyMappingCache = (0, _utils.createCache)("verify-mw", 60);
13
+ function pickCookieDomain(appConfig, origin, requestUrl) {
14
+ if (!appConfig) return undefined;
15
+ const hostCandidate = origin != null ? origin : requestUrl;
16
+ if (!hostCandidate) return undefined;
17
+ try {
18
+ const host = new URL(hostCandidate).hostname;
19
+ if (host === "localhost" || host.startsWith("127.0.0.1")) {
20
+ var _appConfig$cookie$dom;
21
+ return (_appConfig$cookie$dom = appConfig.cookie.domain.local) != null ? _appConfig$cookie$dom : undefined;
22
+ }
23
+ if (host.endsWith(".dev.culturefy.app") || host === "dev.culturefy.app") {
24
+ return appConfig.cookie.domain.dev;
25
+ }
26
+ if (host.endsWith(".staging.culturefy.app") || host === "staging.culturefy.app") {
27
+ return appConfig.cookie.domain.staging;
28
+ }
29
+ if (host.endsWith(".culturefy.app")) {
30
+ return appConfig.cookie.domain.prod;
31
+ }
32
+ } catch {
33
+ return undefined;
34
+ }
35
+ return undefined;
36
+ }
13
37
  const parseCookieHeader = header => {
14
38
  const out = {};
15
39
  if (!header) return out;
@@ -234,7 +258,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
234
258
 
235
259
  // Call auth service to refresh
236
260
  try {
237
- var _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
261
+ var _req$headers$get, _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
238
262
  const resp = await fetch(apiURL, {
239
263
  method: "POST",
240
264
  headers: {
@@ -312,12 +336,16 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
312
336
  // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
313
337
  const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : typeof data.expires_in === "number" ? data.expires_in : 60 * 60 * 24; // fallback 24h
314
338
 
315
- (0, _cookies.setCookieKV)(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {
339
+ const mappingCookieValue = Buffer.from(mapping).toString("base64");
340
+ const appConfig = _constants.APP_MAP[appId];
341
+ const mappedDomain = pickCookieDomain(appConfig, (_req$headers$get = req.headers.get("origin")) != null ? _req$headers$get : undefined, req.url);
342
+ (0, _cookies.setCookieKV)(ctx, `__Secure-session-v1.${appId}.mapping`, mappingCookieValue, {
316
343
  // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only
317
344
  httpOnly: false,
318
345
  secure: true,
319
346
  sameSite: "None",
320
- maxAge: mappingMaxAge
347
+ maxAge: mappingMaxAge,
348
+ domain: mappedDomain
321
349
  });
322
350
 
323
351
  // Decode new AT and proceed
package/build/cjs/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","APP_MAP","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","getOrSet","fetched","getTokenMappingById","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","exports","info","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","setCookieKV","httpOnly","secure","sameSite","maxAge","p2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMappingRaw = await verifyMappingCache.getOrSet(\n ctx,\n [mapping],\n async () => {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n return fetched ? JSON.stringify(fetched) : \"\";\n },\n );\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,MAAMC,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAEM,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGrB,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACG,kBAAO,aAAArB,cAAA,GAAPqB,kBAAO,CAAGH,KAAK,CAAC,aAAhBlB,cAAA,CAAkBsB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGP,kBAAO,CAACH,KAAK,CAAC,CAACI,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAG3C,iBAAiB,CAACW,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIU,OAAsB,GAAGD,OAAO,CAAC,uBAAuBX,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACY,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CnC,GAAG,EACHjB,OAAO,CAACC,GAAG,CAACoD,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACxC,GAAG,EAAEkC,KAAK,CAAC;EAE/D,MAAMO,eAAe,GAAG,MAAMvD,kBAAkB,CAACwD,QAAQ,CACvD1C,GAAG,EACH,CAACgC,OAAO,CAAC,EACT,YAAY;IACV,MAAMW,OAAO,GAAG,MAAMJ,mBAAmB,CAACK,mBAAmB,CAACZ,OAAO,CAAC;IACtE,OAAOW,OAAO,GAAGhB,IAAI,CAACC,SAAS,CAACe,OAAO,CAAC,GAAG,EAAE;EAC/C,CACF,CAAC;EACD,MAAME,YAAY,GAAGJ,eAAe,GAAGd,IAAI,CAACmB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIkB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLxB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMsB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAM5B,QAAQ,GAAGqB,YAAY,CAACrB,QAAQ;;EAEtC;EACA,IAAI6B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACP,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAA1B,EAAA,GAACkD,CAAC,aAADlD,EAAA,CAAGoD,GAAG,GAAE;IACX,OAAO;MACL9B,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM2B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC9D,GAAG,EAAEC,GAAG,EAAEoB,KAAK,EAAE+B,KAAK,EAAE3B,QAAQ,EAAEyB,EAAE,EAAEjB,OAAO,EAAEqB,CAAC,EAAEpD,IAAI,CAAC;EACzF;;EAEA;EACA,MAAM6D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAAC1C,QAAQ,CAAC,IAChD,OAAO6B,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKzC,QAAQ,IAAI6B,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAK3C,QAAQ;EAEpB,IAAI,CAACsC,KAAK,EAAE;IACV,OAAO;MACLrC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAxB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASoE,KAAK,YAAA/D,UAAA,GAAlBD,IAAA,CAAagE,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhCtE,GAAG,CAASoE,KAAK,CAACG,IAAI,GAAG;IACxBnD,KAAK;IACLoD,MAAM,GAAAlE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEqC,YAAY,CAAC2B,MAAM,aAAnBhE,oBAAA,CAAqB8D,QAAQ,oBAA7B9D,oBAAA,CAAqB8D,QAAQ,CAAG,CAAC,YAAA/D,qBAAA,GAAI8C,CAAC,CAACoB,GAAG,YAAAnE,KAAA,GAAI,IAAI;IAC1DoE,cAAc,GAAAjE,KAAA,IAAAC,MAAA,GAAE2C,CAAC,CAACoB,GAAG,YAAA/D,MAAA,GAAImC,YAAY,CAAC6B,cAAc,YAAAjE,KAAA,GAAI,IAAI;IAC5DkE,UAAU,GAAAhE,KAAA,IAAAC,UAAA,GAAEyC,CAAC,CAACuB,OAAO,YAAAhE,UAAA,GAAIyD,QAAQ,YAAA1D,KAAA,GAAI,IAAI;IACzC0D,QAAQ;IACRQ,KAAK,GAAAhE,KAAA,IAAAC,QAAA,GAAEuC,CAAC,CAACwB,KAAK,YAAA/D,QAAA,GAAIuC,CAAC,CAACyB,kBAAkB,YAAAjE,KAAA,GAAI,IAAI;IAC9CkE,IAAI,GAAAhE,OAAA,GAAEsC,CAAC,CAAC0B,IAAI,YAAAhE,OAAA,GAAIiE,SAAS;IACzBC,KAAK,GAAAjE,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEmC,CAAC,CAAC6B,eAAe,cAAAhE,kBAAA,GAAjBA,kBAAA,CAAoBM,QAAQ,CAAC,qBAA7BN,kBAAA,CAA+B+D,KAAK,YAAAhE,qBAAA,IAAAE,eAAA,GAAIkC,CAAC,CAAC8B,YAAY,qBAAdhE,eAAA,CAAgB8D,KAAK,YAAAjE,KAAA,GAAI,EAAE;IAC1E4C,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAO3D,IAAI,CAAC,CAAC;AACf,CAAC;AAACmF,OAAA,CAAAtF,QAAA,GAAAA,QAAA;AAIF,eAAe+D,kBAAkBA,CAC/B9D,GAAgB,EAChBC,GAAsB,EACtBoB,KAAa,EACbgC,OAAe,EACf5B,QAAgB,EAChByB,EAAsB,EACtBjB,OAAe,EACfqB,CAAM,EACNpD,IAAqC,EACV;EAC3B;EACA,IAAI,CAACgD,EAAE,EAAE;IACP,OAAO;MACLxB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA7B,GAAG,CAACqF,IAAI,CAAC,iDAAiD,EAAE;IAC1DjC,OAAO;IACP5B,QAAQ;IACRyB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAqC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAACzH,MAAM,EAAE;MAC/B0H,MAAM,EAAE,MAAM;MACdnF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBwB,OAAO;QACP5B,QAAQ,EAAEA,QAAQ;QAClBiF,aAAa,EAAExD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACqD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9B3G,GAAG,CAAC4G,IAAI,YAAR5G,GAAG,CAAC4G,IAAI,CAAG,wBAAwBN,IAAI,CAAC7E,MAAM,IAAIkF,IAAI,EAAE,CAAC;MACzD,OAAO;QACLlF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMgF,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLzF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CnC,GAAG,EACHjB,OAAO,CAACC,GAAG,CAACoD,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACxC,GAAG,EAAEkC,KAAK,CAAC;IAE/D,MAAMiF,cAAc,GAAG,MAAM5E,mBAAmB,CAAC6E,kBAAkB,CAACpF,OAAO,EAAE;MAC3EgB,WAAW,EAAEgE,KAAe;MAC5B9D,YAAY,EAAEgE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI3D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGuD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGtC;IACnG,CAAC,CAAC;;IAEF;IACA,MAAM9F,kBAAkB,CAACqI,MAAM,CAACvH,GAAG,EAAEgC,OAAO,CAAC;;IAE7C;IACA,MAAMwF,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,IAAAI,oBAAW,EAAC1H,GAAG,EAAE,uBAAuBoB,KAAK,UAAU,EAAEY,OAAO,EAAE;MAChE;MACA2F,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEN;IACV,CAAC,CAAC;;IAEF;IACA,IAAIO,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAAzE,oBAAS,EAAC0D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACLvF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMmG,MAAM,GACTjE,KAAK,CAACC,OAAO,CAAC+D,EAAE,CAAC9D,GAAG,CAAC,IAAI8D,EAAE,CAAC9D,GAAG,CAACC,QAAQ,CAAC1C,QAAQ,CAAC,IAClD,OAAOuG,EAAE,CAAC9D,GAAG,KAAK,QAAQ,KAAK8D,EAAE,CAAC9D,GAAG,KAAKzC,QAAQ,IAAIuG,EAAE,CAAC9D,GAAG,KAAK,SAAS,CAAE,IAC7E8D,EAAE,CAAC5D,GAAG,KAAK3C,QAAQ;IACrB,IAAI,CAACwG,MAAM,EAAE;MACX,OAAO;QACLvG,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA0D,WAAA,IAAAD,KAAA,GAACtF,GAAG,EAASoE,KAAK,YAAAmB,WAAA,GAAlBD,KAAA,CAAalB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM6D,SAAS,GAAG7E,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnCtE,GAAG,CAASoE,KAAK,CAACG,IAAI,GAAG;MACxBnD,KAAK;MACLoD,MAAM,GAAAgB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE3C,MAAM,aAAtBkB,sBAAA,CAAwBpB,QAAQ,oBAAhCoB,sBAAA,CAAwBpB,QAAQ,CAAG,CAAC,YAAAmB,qBAAA,GAAIsC,EAAE,CAACtD,GAAG,YAAAe,KAAA,GAAI,IAAI;MAC9Dd,cAAc,GAAAiB,KAAA,IAAAC,OAAA,GAAEmC,EAAE,CAACtD,GAAG,YAAAmB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAEzC,cAAc,YAAAiB,KAAA,GAAI,IAAI;MAChEhB,UAAU,GAAAkB,KAAA,IAAAC,WAAA,GAAEiC,EAAE,CAACnD,OAAO,YAAAkB,WAAA,GAAImC,SAAS,YAAApC,KAAA,GAAI,IAAI;MAC3CxB,QAAQ,EAAE4D,SAAS;MACnBpD,KAAK,GAAAkB,KAAA,IAAAC,SAAA,GAAE+B,EAAE,CAAClD,KAAK,YAAAmB,SAAA,GAAI+B,EAAE,CAACjD,kBAAkB,YAAAiB,KAAA,GAAI,IAAI;MAChDhB,IAAI,GAAAkB,QAAA,GAAE8B,EAAE,CAAChD,IAAI,YAAAkB,QAAA,GAAIjB,SAAS;MAC1BC,KAAK,GAAAiB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE2B,EAAE,CAAC7C,eAAe,cAAAkB,mBAAA,GAAlBA,mBAAA,CAAqB5E,QAAQ,CAAC,qBAA9B4E,mBAAA,CAAgCnB,KAAK,YAAAkB,qBAAA,IAAAE,gBAAA,GAAI0B,EAAE,CAAC5C,YAAY,qBAAfkB,gBAAA,CAAiBpB,KAAK,YAAAiB,MAAA,GAAI,EAAE;MAC5EtC,GAAG,EAAEmE,EAAE,CAACnE;IACV,CAAC;;IAED;IACA,OAAO3D,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOiI,CAAC,EAAE;IACVlI,GAAG,CAACmI,KAAK,YAATnI,GAAG,CAACmI,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACLzG,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACmG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAAC9D,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAO6D,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","APP_MAP","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","getOrSet","fetched","getTokenMappingById","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","exports","info","_req$headers$get","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","url","setCookieKV","httpOnly","secure","sameSite","maxAge","p2","audOk2","tenantId2","e","error","value","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMappingRaw = await verifyMappingCache.getOrSet(\n ctx,\n [mapping],\n async () => {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n return fetched ? JSON.stringify(fetched) : \"\";\n },\n );\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n const mappedDomain = pickCookieDomain(appConfig, req.headers.get(\"origin\") ?? undefined, req.url);\n \n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAEM,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGrB,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAACG,kBAAO,aAAArB,cAAA,GAAPqB,kBAAO,CAAGH,KAAK,CAAC,aAAhBlB,cAAA,CAAkBsB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGP,kBAAO,CAACH,KAAK,CAAC,CAACI,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAG3C,iBAAiB,CAACW,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIU,OAAsB,GAAGD,OAAO,CAAC,uBAAuBX,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACY,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CnC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACsE,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACxC,GAAG,EAAEkC,KAAK,CAAC;EAE/D,MAAMO,eAAe,GAAG,MAAMzE,kBAAkB,CAAC0E,QAAQ,CACvD1C,GAAG,EACH,CAACgC,OAAO,CAAC,EACT,YAAY;IACV,MAAMW,OAAO,GAAG,MAAMJ,mBAAmB,CAACK,mBAAmB,CAACZ,OAAO,CAAC;IACtE,OAAOW,OAAO,GAAGhB,IAAI,CAACC,SAAS,CAACe,OAAO,CAAC,GAAG,EAAE;EAC/C,CACF,CAAC;EACD,MAAME,YAAY,GAAGJ,eAAe,GAAGd,IAAI,CAACmB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLpB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIkB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLxB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMsB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAM5B,QAAQ,GAAGqB,YAAY,CAACrB,QAAQ;;EAEtC;EACA,IAAI6B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACP,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAA1B,EAAA,GAACkD,CAAC,aAADlD,EAAA,CAAGoD,GAAG,GAAE;IACX,OAAO;MACL9B,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM2B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC9D,GAAG,EAAEC,GAAG,EAAEoB,KAAK,EAAE+B,KAAK,EAAE3B,QAAQ,EAAEyB,EAAE,EAAEjB,OAAO,EAAEqB,CAAC,EAAEpD,IAAI,CAAC;EACzF;;EAEA;EACA,MAAM6D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAAC1C,QAAQ,CAAC,IAChD,OAAO6B,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKzC,QAAQ,IAAI6B,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAK3C,QAAQ;EAEpB,IAAI,CAACsC,KAAK,EAAE;IACV,OAAO;MACLrC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAxB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASoE,KAAK,YAAA/D,UAAA,GAAlBD,IAAA,CAAagE,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhCtE,GAAG,CAASoE,KAAK,CAACG,IAAI,GAAG;IACxBnD,KAAK;IACLoD,MAAM,GAAAlE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEqC,YAAY,CAAC2B,MAAM,aAAnBhE,oBAAA,CAAqB8D,QAAQ,oBAA7B9D,oBAAA,CAAqB8D,QAAQ,CAAG,CAAC,YAAA/D,qBAAA,GAAI8C,CAAC,CAACoB,GAAG,YAAAnE,KAAA,GAAI,IAAI;IAC1DoE,cAAc,GAAAjE,KAAA,IAAAC,MAAA,GAAE2C,CAAC,CAACoB,GAAG,YAAA/D,MAAA,GAAImC,YAAY,CAAC6B,cAAc,YAAAjE,KAAA,GAAI,IAAI;IAC5DkE,UAAU,GAAAhE,KAAA,IAAAC,UAAA,GAAEyC,CAAC,CAACuB,OAAO,YAAAhE,UAAA,GAAIyD,QAAQ,YAAA1D,KAAA,GAAI,IAAI;IACzC0D,QAAQ;IACRQ,KAAK,GAAAhE,KAAA,IAAAC,QAAA,GAAEuC,CAAC,CAACwB,KAAK,YAAA/D,QAAA,GAAIuC,CAAC,CAACyB,kBAAkB,YAAAjE,KAAA,GAAI,IAAI;IAC9CkE,IAAI,GAAAhE,OAAA,GAAEsC,CAAC,CAAC0B,IAAI,YAAAhE,OAAA,GAAIzC,SAAS;IACzB0G,KAAK,GAAAhE,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEmC,CAAC,CAAC4B,eAAe,cAAA/D,kBAAA,GAAjBA,kBAAA,CAAoBM,QAAQ,CAAC,qBAA7BN,kBAAA,CAA+B8D,KAAK,YAAA/D,qBAAA,IAAAE,eAAA,GAAIkC,CAAC,CAAC6B,YAAY,qBAAd/D,eAAA,CAAgB6D,KAAK,YAAAhE,KAAA,GAAI,EAAE;IAC1E4C,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAO3D,IAAI,CAAC,CAAC;AACf,CAAC;AAACkF,OAAA,CAAArF,QAAA,GAAAA,QAAA;AAIF,eAAe+D,kBAAkBA,CAC/B9D,GAAgB,EAChBC,GAAsB,EACtBoB,KAAa,EACbgC,OAAe,EACf5B,QAAgB,EAChByB,EAAsB,EACtBjB,OAAe,EACfqB,CAAM,EACNpD,IAAqC,EACV;EAC3B;EACA,IAAI,CAACgD,EAAE,EAAE;IACP,OAAO;MACLxB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA7B,GAAG,CAACoF,IAAI,CAAC,iDAAiD,EAAE;IAC1DhC,OAAO;IACP5B,QAAQ;IACRyB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAoC,gBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAAC3I,MAAM,EAAE;MAC/B4I,MAAM,EAAE,MAAM;MACdnF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBwB,OAAO;QACP5B,QAAQ,EAAEA,QAAQ;QAClBiF,aAAa,EAAExD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACqD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9B3G,GAAG,CAAC4G,IAAI,YAAR5G,GAAG,CAAC4G,IAAI,CAAG,wBAAwBN,IAAI,CAAC7E,MAAM,IAAIkF,IAAI,EAAE,CAAC;MACzD,OAAO;QACLlF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMgF,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLzF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CnC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACsE,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMU,mBAAmB,GAAG,IAAIC,iCAAmB,CAACxC,GAAG,EAAEkC,KAAK,CAAC;IAE/D,MAAMiF,cAAc,GAAG,MAAM5E,mBAAmB,CAAC6E,kBAAkB,CAACpF,OAAO,EAAE;MAC3EgB,WAAW,EAAEgE,KAAe;MAC5B9D,YAAY,EAAEgE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI3D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGuD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGhJ;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAACuJ,MAAM,CAACvH,GAAG,EAAEgC,OAAO,CAAC;;IAE7C;IACA,MAAMwF,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,MAAMI,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAC5F,OAAO,CAAC,CAACsC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMnG,SAAS,GAAGoD,kBAAO,CAACH,KAAK,CAAC;IAChC,MAAMyG,YAAY,GAAG3J,gBAAgB,CAACC,SAAS,GAAAkH,gBAAA,GAAEtF,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA+D,gBAAA,GAAI/G,SAAS,EAAEyB,GAAG,CAAC+H,GAAG,CAAC;IAEjG,IAAAC,oBAAW,EAAC/H,GAAG,EAAE,uBAAuBoB,KAAK,UAAU,EAAEsG,kBAAkB,EAAE;MAC3E;MACAM,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEX,aAAa;MACrB1I,MAAM,EAAE+I;IACV,CAAC,CAAC;;IAEF;IACA,IAAIO,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA9E,oBAAS,EAAC0D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACLvF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMwG,MAAM,GACTtE,KAAK,CAACC,OAAO,CAACoE,EAAE,CAACnE,GAAG,CAAC,IAAImE,EAAE,CAACnE,GAAG,CAACC,QAAQ,CAAC1C,QAAQ,CAAC,IAClD,OAAO4G,EAAE,CAACnE,GAAG,KAAK,QAAQ,KAAKmE,EAAE,CAACnE,GAAG,KAAKzC,QAAQ,IAAI4G,EAAE,CAACnE,GAAG,KAAK,SAAS,CAAE,IAC7EmE,EAAE,CAACjE,GAAG,KAAK3C,QAAQ;IACrB,IAAI,CAAC6G,MAAM,EAAE;MACX,OAAO;QACL5G,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA0D,WAAA,IAAAD,KAAA,GAACtF,GAAG,EAASoE,KAAK,YAAAmB,WAAA,GAAlBD,KAAA,CAAalB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMkE,SAAS,GAAGlF,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnCtE,GAAG,CAASoE,KAAK,CAACG,IAAI,GAAG;MACxBnD,KAAK;MACLoD,MAAM,GAAAgB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE3C,MAAM,aAAtBkB,sBAAA,CAAwBpB,QAAQ,oBAAhCoB,sBAAA,CAAwBpB,QAAQ,CAAG,CAAC,YAAAmB,qBAAA,GAAI2C,EAAE,CAAC3D,GAAG,YAAAe,KAAA,GAAI,IAAI;MAC9Dd,cAAc,GAAAiB,KAAA,IAAAC,OAAA,GAAEwC,EAAE,CAAC3D,GAAG,YAAAmB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAEzC,cAAc,YAAAiB,KAAA,GAAI,IAAI;MAChEhB,UAAU,GAAAkB,KAAA,IAAAC,WAAA,GAAEsC,EAAE,CAACxD,OAAO,YAAAkB,WAAA,GAAIwC,SAAS,YAAAzC,KAAA,GAAI,IAAI;MAC3CxB,QAAQ,EAAEiE,SAAS;MACnBzD,KAAK,GAAAkB,KAAA,IAAAC,SAAA,GAAEoC,EAAE,CAACvD,KAAK,YAAAmB,SAAA,GAAIoC,EAAE,CAACtD,kBAAkB,YAAAiB,KAAA,GAAI,IAAI;MAChDhB,IAAI,GAAAkB,QAAA,GAAEmC,EAAE,CAACrD,IAAI,YAAAkB,QAAA,GAAI3H,SAAS;MAC1B0G,KAAK,GAAAkB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEgC,EAAE,CAACnD,eAAe,cAAAmB,mBAAA,GAAlBA,mBAAA,CAAqB5E,QAAQ,CAAC,qBAA9B4E,mBAAA,CAAgCpB,KAAK,YAAAmB,qBAAA,IAAAE,gBAAA,GAAI+B,EAAE,CAAClD,YAAY,qBAAfmB,gBAAA,CAAiBrB,KAAK,YAAAkB,MAAA,GAAI,EAAE;MAC5EtC,GAAG,EAAEwE,EAAE,CAACxE;IACV,CAAC;;IAED;IACA,OAAO3D,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOsI,CAAC,EAAE;IACVvI,GAAG,CAACwI,KAAK,YAATxI,GAAG,CAACwI,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL9G,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACwG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOd,MAAM,CAACC,IAAI,CAACa,KAAK,EAAE,QAAQ,CAAC,CAACnE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOkE,KAAU,EAAE;IACnBE,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGH,KAAK,CAACI,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
package/build/cjs/utils/cookies.js CHANGED
@@ -8,14 +8,16 @@ function setCookieKV(ctx, key, value, options = {}) {
8
8
  httpOnly = true,
9
9
  secure = true,
10
10
  sameSite = "None",
11
- maxAge = 300 // seconds (default)
11
+ maxAge = 300,
12
+ // seconds (default)
13
+ domain
12
14
  } = options;
13
15
 
14
16
  // Object-cookie bag (preferred)
15
17
  const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
16
18
  // @ts-ignore
17
19
  const objBag = (_ref$CTX_COOKIES_OBJ = (_ref = ctx)[CTX_COOKIES_OBJ]) != null ? _ref$CTX_COOKIES_OBJ : _ref[CTX_COOKIES_OBJ] = [];
18
- objBag.push({
20
+ const cookieObj = {
19
21
  name: key,
20
22
  value,
21
23
  path: "/",
@@ -25,11 +27,16 @@ function setCookieKV(ctx, key, value, options = {}) {
25
27
  sameSite,
26
28
  // use "Lax" for same-site
27
29
  maxAge
28
- });
30
+ };
31
+ // Only set domain if it's a non-empty string (undefined/null = host-only cookie)
32
+ if (domain) {
33
+ cookieObj.domain = domain;
34
+ }
35
+ objBag.push(cookieObj);
29
36
 
30
37
  // (Optional) Keep your string fallback too:
31
38
  const CTX_COOKIES = Symbol.for("cfy.resCookies");
32
39
  const strBag = (_ref2$CTX_COOKIES = (_ref2 = ctx)[CTX_COOKIES]) != null ? _ref2$CTX_COOKIES : _ref2[CTX_COOKIES] = [];
33
- strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
40
+ strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${domain ? ` Domain=${domain};` : ""}${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
34
41
  }
35
42
  //# sourceMappingURL=cookies.js.map
package/build/cjs/utils/cookies.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","options","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","httpOnly","secure","sameSite","maxAge","CTX_COOKIES_OBJ","Symbol","for","objBag","push","name","path","CTX_COOKIES","strBag","encodeURIComponent"],"sources":["../../../src/utils/cookies.ts"],"sourcesContent":["import { InvocationContext } from \"@azure/functions\";\n\ntype CookieOptions = {\n httpOnly?: boolean;\n secure?: boolean;\n sameSite?: \"None\" | \"Lax\" | \"Strict\";\n maxAge?: number;\n};\n\nexport function setCookieKV(\n ctx: InvocationContext,\n key: string,\n value: string,\n options: CookieOptions = {}\n): void {\n const {\n httpOnly = true,\n secure = true,\n sameSite = \"None\",\n maxAge = 300, // seconds (default)\n } = options;\n\n // Object-cookie bag (preferred)\n const CTX_COOKIES_OBJ = Symbol.for(\"cfy.resCookies.obj\");\n // @ts-ignore\n const objBag = ((ctx as any)[CTX_COOKIES_OBJ] ??= [] as HttpCookie[]);\n objBag.push({\n name: key,\n value,\n path: \"/\",\n httpOnly,\n secure, // drop to false if testing on http://\n sameSite, // use \"Lax\" for same-site\n maxAge,\n });\n\n // (Optional) Keep your string fallback too:\n const CTX_COOKIES = Symbol.for(\"cfy.resCookies\");\n const strBag = ((ctx as any)[CTX_COOKIES] ??= [] as string[]);\n strBag.push(\n `${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? \" HttpOnly;\" : \"\"} SameSite=${sameSite};${secure ? \" Secure;\" : \"\"}${typeof maxAge === \"number\" ? ` Max-Age=${maxAge}` : \"\"}`\n );\n}"],"mappings":";;;;AASO,SAASA,WAAWA,CACzBC,GAAsB,EACtBC,GAAW,EACXC,KAAa,EACbC,OAAsB,GAAG,CAAC,CAAC,EACrB;EAAA,IAAAC,IAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,iBAAA;EACN,MAAM;IACJC,QAAQ,GAAG,IAAI;IACfC,MAAM,GAAG,IAAI;IACbC,QAAQ,GAAG,MAAM;IACjBC,MAAM,GAAG,GAAG,CAAE;EAChB,CAAC,GAAGR,OAAO;;EAEX;EACA,MAAMS,eAAe,GAAGC,MAAM,CAACC,GAAG,CAAC,oBAAoB,CAAC;EACxD;EACA,MAAMC,MAAM,IAAAV,oBAAA,GAAI,CAAAD,IAAA,GAACJ,GAAG,EAASY,eAAe,CAAC,YAAAP,oBAAA,GAA7BD,IAAA,CAAaQ,eAAe,CAAC,GAAK,EAAmB;EACrEG,MAAM,CAACC,IAAI,CAAC;IACRC,IAAI,EAAEhB,GAAG;IACTC,KAAK;IACLgB,IAAI,EAAE,GAAG;IACTV,QAAQ;IACRC,MAAM;IAAQ;IACdC,QAAQ;IAAI;IACZC;EACJ,CAAC,CAAC;;EAEF;EACA,MAAMQ,WAAW,GAAGN,MAAM,CAACC,GAAG,CAAC,gBAAgB,CAAC;EAChD,MAAMM,MAAM,IAAAb,iBAAA,GAAI,CAAAD,KAAA,GAACN,GAAG,EAASmB,WAAW,CAAC,YAAAZ,iBAAA,GAAzBD,KAAA,CAAaa,WAAW,CAAC,GAAK,EAAe;EAC7DC,MAAM,CAACJ,IAAI,CACP,GAAGK,kBAAkB,CAACpB,GAAG,CAAC,IAAIoB,kBAAkB,CAACnB,KAAK,CAAC,YAAYM,QAAQ,GAAG,YAAY,GAAG,EAAE,aAAaE,QAAQ,IAAID,MAAM,GAAG,UAAU,GAAG,EAAE,GAAG,OAAOE,MAAM,KAAK,QAAQ,GAAG,YAAYA,MAAM,EAAE,GAAG,EAAE,EAC7M,CAAC;AACH","ignoreList":[]}
1
+ {"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","options","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","httpOnly","secure","sameSite","maxAge","domain","CTX_COOKIES_OBJ","Symbol","for","objBag","cookieObj","name","path","push","CTX_COOKIES","strBag","encodeURIComponent"],"sources":["../../../src/utils/cookies.ts"],"sourcesContent":["import { InvocationContext } from \"@azure/functions\";\n\ntype CookieOptions = {\n httpOnly?: boolean;\n secure?: boolean;\n sameSite?: \"None\" | \"Lax\" | \"Strict\";\n maxAge?: number;\n domain?: string;\n};\n\nexport function setCookieKV(\n ctx: InvocationContext,\n key: string,\n value: string,\n options: CookieOptions = {}\n): void {\n const {\n httpOnly = true,\n secure = true,\n sameSite = \"None\",\n maxAge = 300, // seconds (default)\n domain,\n } = options;\n\n // Object-cookie bag (preferred)\n const CTX_COOKIES_OBJ = Symbol.for(\"cfy.resCookies.obj\");\n // @ts-ignore\n const objBag = ((ctx as any)[CTX_COOKIES_OBJ] ??= [] as HttpCookie[]);\n const cookieObj: any = {\n name: key,\n value,\n path: \"/\",\n httpOnly,\n secure, // drop to false if testing on http://\n sameSite, // use \"Lax\" for same-site\n maxAge,\n };\n // Only set domain if it's a non-empty string (undefined/null = host-only cookie)\n if (domain) {\n cookieObj.domain = domain;\n }\n objBag.push(cookieObj);\n\n // (Optional) Keep your string fallback too:\n const CTX_COOKIES = Symbol.for(\"cfy.resCookies\");\n const strBag = ((ctx as any)[CTX_COOKIES] ??= [] as string[]);\n strBag.push(\n `${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${domain ? ` Domain=${domain};` : \"\"}${httpOnly ? \" HttpOnly;\" : \"\"} SameSite=${sameSite};${secure ? \" Secure;\" : \"\"}${typeof maxAge === \"number\" ? ` Max-Age=${maxAge}` : \"\"}`\n );\n}"],"mappings":";;;;AAUO,SAASA,WAAWA,CACzBC,GAAsB,EACtBC,GAAW,EACXC,KAAa,EACbC,OAAsB,GAAG,CAAC,CAAC,EACrB;EAAA,IAAAC,IAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,iBAAA;EACN,MAAM;IACJC,QAAQ,GAAG,IAAI;IACfC,MAAM,GAAG,IAAI;IACbC,QAAQ,GAAG,MAAM;IACjBC,MAAM,GAAG,GAAG;IAAE;IACdC;EACF,CAAC,GAAGT,OAAO;;EAEX;EACA,MAAMU,eAAe,GAAGC,MAAM,CAACC,GAAG,CAAC,oBAAoB,CAAC;EACxD;EACA,MAAMC,MAAM,IAAAX,oBAAA,GAAI,CAAAD,IAAA,GAACJ,GAAG,EAASa,eAAe,CAAC,YAAAR,oBAAA,GAA7BD,IAAA,CAAaS,eAAe,CAAC,GAAK,EAAmB;EACrE,MAAMI,SAAc,GAAG;IACnBC,IAAI,EAAEjB,GAAG;IACTC,KAAK;IACLiB,IAAI,EAAE,GAAG;IACTX,QAAQ;IACRC,MAAM;IAAQ;IACdC,QAAQ;IAAI;IACZC;EACJ,CAAC;EACD;EACA,IAAIC,MAAM,EAAE;IACVK,SAAS,CAACL,MAAM,GAAGA,MAAM;EAC3B;EACAI,MAAM,CAACI,IAAI,CAACH,SAAS,CAAC;;EAEtB;EACA,MAAMI,WAAW,GAAGP,MAAM,CAACC,GAAG,CAAC,gBAAgB,CAAC;EAChD,MAAMO,MAAM,IAAAf,iBAAA,GAAI,CAAAD,KAAA,GAACN,GAAG,EAASqB,WAAW,CAAC,YAAAd,iBAAA,GAAzBD,KAAA,CAAae,WAAW,CAAC,GAAK,EAAe;EAC7DC,MAAM,CAACF,IAAI,CACP,GAAGG,kBAAkB,CAACtB,GAAG,CAAC,IAAIsB,kBAAkB,CAACrB,KAAK,CAAC,YAAYU,MAAM,GAAG,WAAWA,MAAM,GAAG,GAAG,EAAE,GAAGJ,QAAQ,GAAG,YAAY,GAAG,EAAE,aAAaE,QAAQ,IAAID,MAAM,GAAG,UAAU,GAAG,EAAE,GAAG,OAAOE,MAAM,KAAK,QAAQ,GAAG,YAAYA,MAAM,EAAE,GAAG,EAAE,EAClP,CAAC;AACH","ignoreList":[]}
package/build/esm/middlewares/verify-middleware.js CHANGED
@@ -6,6 +6,30 @@ import { createCache, getAzureVaultSecretByKey } from "../utils";
6
6
  import { TokenMappingService } from "../service/tokenMapping.service";
7
7
  const apiURL = process.env.REFRESH_SESSION_URL || '';
8
8
  const verifyMappingCache = createCache("verify-mw", 60);
9
+ function pickCookieDomain(appConfig, origin, requestUrl) {
10
+ if (!appConfig) return undefined;
11
+ const hostCandidate = origin != null ? origin : requestUrl;
12
+ if (!hostCandidate) return undefined;
13
+ try {
14
+ const host = new URL(hostCandidate).hostname;
15
+ if (host === "localhost" || host.startsWith("127.0.0.1")) {
16
+ var _appConfig$cookie$dom;
17
+ return (_appConfig$cookie$dom = appConfig.cookie.domain.local) != null ? _appConfig$cookie$dom : undefined;
18
+ }
19
+ if (host.endsWith(".dev.culturefy.app") || host === "dev.culturefy.app") {
20
+ return appConfig.cookie.domain.dev;
21
+ }
22
+ if (host.endsWith(".staging.culturefy.app") || host === "staging.culturefy.app") {
23
+ return appConfig.cookie.domain.staging;
24
+ }
25
+ if (host.endsWith(".culturefy.app")) {
26
+ return appConfig.cookie.domain.prod;
27
+ }
28
+ } catch (_unused) {
29
+ return undefined;
30
+ }
31
+ return undefined;
32
+ }
9
33
  const parseCookieHeader = header => {
10
34
  const out = {};
11
35
  if (!header) return out;
@@ -133,7 +157,7 @@ export const verifyMw = async (req, ctx, next) => {
133
157
  let p;
134
158
  try {
135
159
  p = jwtDecode(at);
136
- } catch (_unused) {
160
+ } catch (_unused2) {
137
161
  return {
138
162
  status: 401,
139
163
  headers: {
@@ -229,7 +253,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
229
253
 
230
254
  // Call auth service to refresh
231
255
  try {
232
- var _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
256
+ var _req$headers$get, _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
233
257
  const resp = await fetch(apiURL, {
234
258
  method: "POST",
235
259
  headers: {
@@ -307,19 +331,23 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
307
331
  // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
308
332
  const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : typeof data.expires_in === "number" ? data.expires_in : 60 * 60 * 24; // fallback 24h
309
333
 
310
- setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {
334
+ const mappingCookieValue = Buffer.from(mapping).toString("base64");
335
+ const appConfig = APP_MAP[appId];
336
+ const mappedDomain = pickCookieDomain(appConfig, (_req$headers$get = req.headers.get("origin")) != null ? _req$headers$get : undefined, req.url);
337
+ setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mappingCookieValue, {
311
338
  // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only
312
339
  httpOnly: false,
313
340
  secure: true,
314
341
  sameSite: "None",
315
- maxAge: mappingMaxAge
342
+ maxAge: mappingMaxAge,
343
+ domain: mappedDomain
316
344
  });
317
345
 
318
346
  // Decode new AT and proceed
319
347
  let p2;
320
348
  try {
321
349
  p2 = jwtDecode(newAT);
322
- } catch (_unused2) {
350
+ } catch (_unused3) {
323
351
  return {
324
352
  status: 401,
325
353
  headers: {
package/build/esm/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","createCache","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMappingRaw","getOrSet","fetched","getTokenMappingById","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","p","_unused","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","undefined","roles","resource_access","realm_access","info","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","httpOnly","secure","sameSite","maxAge","p2","_unused2","audOk2","tenantId2","e","error","value","Buffer","from","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMappingRaw = await verifyMappingCache.getOrSet(\n ctx,\n [mapping],\n async () => {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n return fetched ? JSON.stringify(fetched) : \"\";\n },\n );\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,WAAW,EAAEC,wBAAwB,QAAQ,UAAU;AAEhE,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAGP,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,MAAMQ,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGrB,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAAC5C,OAAO,aAAA0B,cAAA,GAAP1B,OAAO,CAAG4C,KAAK,CAAC,aAAhBlB,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGrD,OAAO,CAAC4C,KAAK,CAAC,CAACG,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAG1C,iBAAiB,CAACW,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIS,OAAsB,GAAGD,OAAO,CAAC,uBAAuBV,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACW,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAMpD,wBAAwB,CAC1CmB,GAAG,EACHhB,OAAO,CAACC,GAAG,CAACiD,oBAAoB,IAAI,EAAE,EACtCxD,mBAAmB,CAACyD,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMQ,mBAAmB,GAAG,IAAItD,mBAAmB,CAACkB,GAAG,EAAEiC,KAAK,CAAC;EAE/D,MAAMI,eAAe,GAAG,MAAMlD,kBAAkB,CAACmD,QAAQ,CACvDtC,GAAG,EACH,CAAC+B,OAAO,CAAC,EACT,YAAY;IACV,MAAMQ,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACT,OAAO,CAAC;IACtE,OAAOQ,OAAO,GAAGb,IAAI,CAACC,SAAS,CAACY,OAAO,CAAC,GAAG,EAAE;EAC/C,CACF,CAAC;EACD,MAAME,YAAY,GAAGJ,eAAe,GAAGX,IAAI,CAACgB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIe,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMmB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMzB,QAAQ,GAAGkB,YAAY,CAAClB,QAAQ;;EAEtC;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAGxE,SAAS,CAACkE,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAO,OAAA,EAAM;IACN,OAAO;MACL1B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAzB,EAAA,GAAC8C,CAAC,aAAD9C,EAAA,CAAGgD,GAAG,GAAE;IACX,OAAO;MACL3B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMwB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC1D,GAAG,EAAEC,GAAG,EAAEoB,KAAK,EAAE2B,KAAK,EAAExB,QAAQ,EAAEsB,EAAE,EAAEd,OAAO,EAAEkB,CAAC,EAAEhD,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMyD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACvC,QAAQ,CAAC,IAChD,OAAO0B,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKtC,QAAQ,IAAI0B,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKxC,QAAQ;EAEpB,IAAI,CAACmC,KAAK,EAAE;IACV,OAAO;MACLlC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAvB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASgE,KAAK,YAAA3D,UAAA,GAAlBD,IAAA,CAAa4D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhClE,GAAG,CAASgE,KAAK,CAACG,IAAI,GAAG;IACxB/C,KAAK;IACLgD,MAAM,GAAA9D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEiC,YAAY,CAAC2B,MAAM,aAAnB5D,oBAAA,CAAqB0D,QAAQ,oBAA7B1D,oBAAA,CAAqB0D,QAAQ,CAAG,CAAC,YAAA3D,qBAAA,GAAI0C,CAAC,CAACoB,GAAG,YAAA/D,KAAA,GAAI,IAAI;IAC1DgE,cAAc,GAAA7D,KAAA,IAAAC,MAAA,GAAEuC,CAAC,CAACoB,GAAG,YAAA3D,MAAA,GAAI+B,YAAY,CAAC6B,cAAc,YAAA7D,KAAA,GAAI,IAAI;IAC5D8D,UAAU,GAAA5D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACuB,OAAO,YAAA5D,UAAA,GAAIqD,QAAQ,YAAAtD,KAAA,GAAI,IAAI;IACzCsD,QAAQ;IACRQ,KAAK,GAAA5D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACwB,KAAK,YAAA3D,QAAA,GAAImC,CAAC,CAACyB,kBAAkB,YAAA7D,KAAA,GAAI,IAAI;IAC9C8D,IAAI,GAAA5D,OAAA,GAAEkC,CAAC,CAAC0B,IAAI,YAAA5D,OAAA,GAAI6D,SAAS;IACzBC,KAAK,GAAA7D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE+B,CAAC,CAAC6B,eAAe,cAAA5D,kBAAA,GAAjBA,kBAAA,CAAoBK,QAAQ,CAAC,qBAA7BL,kBAAA,CAA+B2D,KAAK,YAAA5D,qBAAA,IAAAE,eAAA,GAAI8B,CAAC,CAAC8B,YAAY,qBAAd5D,eAAA,CAAgB0D,KAAK,YAAA7D,KAAA,GAAI,EAAE;IAC1EwC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOvD,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAewD,kBAAkBA,CAC/B1D,GAAgB,EAChBC,GAAsB,EACtBoB,KAAa,EACb4B,OAAe,EACfzB,QAAgB,EAChBsB,EAAsB,EACtBd,OAAe,EACfkB,CAAM,EACNhD,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC4C,EAAE,EAAE;IACP,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA5B,GAAG,CAACgF,IAAI,CAAC,iDAAiD,EAAE;IAC1DhC,OAAO;IACPzB,QAAQ;IACRsB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAoC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAACnH,MAAM,EAAE;MAC/BoH,MAAM,EAAE,MAAM;MACd9E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBqB,OAAO;QACPzB,QAAQ,EAAEA,QAAQ;QAClB6E,aAAa,EAAEvD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACoD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9BtG,GAAG,CAACuG,IAAI,YAARvG,GAAG,CAACuG,IAAI,CAAG,wBAAwBN,IAAI,CAACzE,MAAM,IAAI8E,IAAI,EAAE,CAAC;MACzD,OAAO;QACL9E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAM4E,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLrF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAMpD,wBAAwB,CAC1CmB,GAAG,EACHhB,OAAO,CAACC,GAAG,CAACiD,oBAAoB,IAAI,EAAE,EACtCxD,mBAAmB,CAACyD,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMQ,mBAAmB,GAAG,IAAItD,mBAAmB,CAACkB,GAAG,EAAEiC,KAAK,CAAC;IAE/D,MAAM6E,cAAc,GAAG,MAAM1E,mBAAmB,CAAC2E,kBAAkB,CAAChF,OAAO,EAAE;MAC3Ea,WAAW,EAAE+D,KAAe;MAC5B7D,YAAY,EAAE+D,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI1D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGsD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGrC;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMzF,kBAAkB,CAAC+H,MAAM,CAAClH,GAAG,EAAE+B,OAAO,CAAC;;IAE7C;IACA,MAAMoF,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtBtI,WAAW,CAACqB,GAAG,EAAE,uBAAuBoB,KAAK,UAAU,EAAEW,OAAO,EAAE;MAChE;MACAsF,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEL;IACV,CAAC,CAAC;;IAEF;IACA,IAAIM,EAAO;IACX,IAAI;MAAEA,EAAE,GAAGhJ,SAAS,CAACkI,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAe,QAAA,EAAM;MACnC,OAAO;QACLlG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAM+F,MAAM,GACThE,KAAK,CAACC,OAAO,CAAC6D,EAAE,CAAC5D,GAAG,CAAC,IAAI4D,EAAE,CAAC5D,GAAG,CAACC,QAAQ,CAACvC,QAAQ,CAAC,IAClD,OAAOkG,EAAE,CAAC5D,GAAG,KAAK,QAAQ,KAAK4D,EAAE,CAAC5D,GAAG,KAAKtC,QAAQ,IAAIkG,EAAE,CAAC5D,GAAG,KAAK,SAAS,CAAE,IAC7E4D,EAAE,CAAC1D,GAAG,KAAKxC,QAAQ;IACrB,IAAI,CAACoG,MAAM,EAAE;MACX,OAAO;QACLnG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAsD,WAAA,IAAAD,KAAA,GAACjF,GAAG,EAASgE,KAAK,YAAAkB,WAAA,GAAlBD,KAAA,CAAajB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM4D,SAAS,GAAG5E,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnClE,GAAG,CAASgE,KAAK,CAACG,IAAI,GAAG;MACxB/C,KAAK;MACLgD,MAAM,GAAAe,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE1C,MAAM,aAAtBiB,sBAAA,CAAwBnB,QAAQ,oBAAhCmB,sBAAA,CAAwBnB,QAAQ,CAAG,CAAC,YAAAkB,qBAAA,GAAIqC,EAAE,CAACpD,GAAG,YAAAc,KAAA,GAAI,IAAI;MAC9Db,cAAc,GAAAgB,KAAA,IAAAC,OAAA,GAAEkC,EAAE,CAACpD,GAAG,YAAAkB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAExC,cAAc,YAAAgB,KAAA,GAAI,IAAI;MAChEf,UAAU,GAAAiB,KAAA,IAAAC,WAAA,GAAEgC,EAAE,CAACjD,OAAO,YAAAiB,WAAA,GAAImC,SAAS,YAAApC,KAAA,GAAI,IAAI;MAC3CvB,QAAQ,EAAE2D,SAAS;MACnBnD,KAAK,GAAAiB,KAAA,IAAAC,SAAA,GAAE8B,EAAE,CAAChD,KAAK,YAAAkB,SAAA,GAAI8B,EAAE,CAAC/C,kBAAkB,YAAAgB,KAAA,GAAI,IAAI;MAChDf,IAAI,GAAAiB,QAAA,GAAE6B,EAAE,CAAC9C,IAAI,YAAAiB,QAAA,GAAIhB,SAAS;MAC1BC,KAAK,GAAAgB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE0B,EAAE,CAAC3C,eAAe,cAAAiB,mBAAA,GAAlBA,mBAAA,CAAqBxE,QAAQ,CAAC,qBAA9BwE,mBAAA,CAAgClB,KAAK,YAAAiB,qBAAA,IAAAE,gBAAA,GAAIyB,EAAE,CAAC1C,YAAY,qBAAfiB,gBAAA,CAAiBnB,KAAK,YAAAgB,MAAA,GAAI,EAAE;MAC5ErC,GAAG,EAAEiE,EAAE,CAACjE;IACV,CAAC;;IAED;IACA,OAAOvD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAO4H,CAAC,EAAE;IACV7H,GAAG,CAAC8H,KAAK,YAAT9H,GAAG,CAAC8H,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACLrG,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAAC+F,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOC,MAAM,CAACC,IAAI,CAACF,KAAK,EAAE,QAAQ,CAAC,CAAC7D,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAO4D,KAAU,EAAE;IACnBI,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGL,KAAK,CAACM,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","createCache","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","_unused","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMappingRaw","getOrSet","fetched","getTokenMappingById","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","p","_unused2","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","info","_req$headers$get","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","url","httpOnly","secure","sameSite","maxAge","p2","_unused3","audOk2","tenantId2","e","error","value","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMappingRaw = await verifyMappingCache.getOrSet(\n ctx,\n [mapping],\n async () => {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n return fetched ? JSON.stringify(fetched) : \"\";\n },\n );\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n const mappedDomain = pickCookieDomain(appConfig, req.headers.get(\"origin\") ?? undefined, req.url);\n \n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,WAAW,EAAEC,wBAAwB,QAAQ,UAAU;AAEhE,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAGP,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASQ,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,OAAAC,OAAA,EAAM;IACN,OAAOd,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMe,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGrB,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAAC/D,OAAO,aAAA6C,cAAA,GAAP7C,OAAO,CAAG+D,KAAK,CAAC,aAAhBlB,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGxE,OAAO,CAAC+D,KAAK,CAAC,CAACG,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAG1C,iBAAiB,CAACW,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIS,OAAsB,GAAGD,OAAO,CAAC,uBAAuBV,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACW,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAMvE,wBAAwB,CAC1CsC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACoE,oBAAoB,IAAI,EAAE,EACtC3E,mBAAmB,CAAC4E,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMQ,mBAAmB,GAAG,IAAIzE,mBAAmB,CAACqC,GAAG,EAAEiC,KAAK,CAAC;EAE/D,MAAMI,eAAe,GAAG,MAAMrE,kBAAkB,CAACsE,QAAQ,CACvDtC,GAAG,EACH,CAAC+B,OAAO,CAAC,EACT,YAAY;IACV,MAAMQ,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACT,OAAO,CAAC;IACtE,OAAOQ,OAAO,GAAGb,IAAI,CAACC,SAAS,CAACY,OAAO,CAAC,GAAG,EAAE;EAC/C,CACF,CAAC;EACD,MAAME,YAAY,GAAGJ,eAAe,GAAGX,IAAI,CAACgB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIe,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMmB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMzB,QAAQ,GAAGkB,YAAY,CAAClB,QAAQ;;EAEtC;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG3F,SAAS,CAACqF,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAO,QAAA,EAAM;IACN,OAAO;MACL1B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAzB,EAAA,GAAC8C,CAAC,aAAD9C,EAAA,CAAGgD,GAAG,GAAE;IACX,OAAO;MACL3B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMwB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC1D,GAAG,EAAEC,GAAG,EAAEoB,KAAK,EAAE2B,KAAK,EAAExB,QAAQ,EAAEsB,EAAE,EAAEd,OAAO,EAAEkB,CAAC,EAAEhD,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMyD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACvC,QAAQ,CAAC,IAChD,OAAO0B,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKtC,QAAQ,IAAI0B,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKxC,QAAQ;EAEpB,IAAI,CAACmC,KAAK,EAAE;IACV,OAAO;MACLlC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAvB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASgE,KAAK,YAAA3D,UAAA,GAAlBD,IAAA,CAAa4D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhClE,GAAG,CAASgE,KAAK,CAACG,IAAI,GAAG;IACxB/C,KAAK;IACLgD,MAAM,GAAA9D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEiC,YAAY,CAAC2B,MAAM,aAAnB5D,oBAAA,CAAqB0D,QAAQ,oBAA7B1D,oBAAA,CAAqB0D,QAAQ,CAAG,CAAC,YAAA3D,qBAAA,GAAI0C,CAAC,CAACoB,GAAG,YAAA/D,KAAA,GAAI,IAAI;IAC1DgE,cAAc,GAAA7D,KAAA,IAAAC,MAAA,GAAEuC,CAAC,CAACoB,GAAG,YAAA3D,MAAA,GAAI+B,YAAY,CAAC6B,cAAc,YAAA7D,KAAA,GAAI,IAAI;IAC5D8D,UAAU,GAAA5D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACuB,OAAO,YAAA5D,UAAA,GAAIqD,QAAQ,YAAAtD,KAAA,GAAI,IAAI;IACzCsD,QAAQ;IACRQ,KAAK,GAAA5D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACwB,KAAK,YAAA3D,QAAA,GAAImC,CAAC,CAACyB,kBAAkB,YAAA7D,KAAA,GAAI,IAAI;IAC9C8D,IAAI,GAAA5D,OAAA,GAAEkC,CAAC,CAAC0B,IAAI,YAAA5D,OAAA,GAAI1C,SAAS;IACzBuG,KAAK,GAAA5D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE+B,CAAC,CAAC4B,eAAe,cAAA3D,kBAAA,GAAjBA,kBAAA,CAAoBK,QAAQ,CAAC,qBAA7BL,kBAAA,CAA+B0D,KAAK,YAAA3D,qBAAA,IAAAE,eAAA,GAAI8B,CAAC,CAAC6B,YAAY,qBAAd3D,eAAA,CAAgByD,KAAK,YAAA5D,KAAA,GAAI,EAAE;IAC1EwC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOvD,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAewD,kBAAkBA,CAC/B1D,GAAgB,EAChBC,GAAsB,EACtBoB,KAAa,EACb4B,OAAe,EACfzB,QAAgB,EAChBsB,EAAsB,EACtBd,OAAe,EACfkB,CAAM,EACNhD,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC4C,EAAE,EAAE;IACP,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA5B,GAAG,CAAC+E,IAAI,CAAC,iDAAiD,EAAE;IAC1D/B,OAAO;IACPzB,QAAQ;IACRsB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAmC,gBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAACtI,MAAM,EAAE;MAC/BuI,MAAM,EAAE,MAAM;MACd9E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBqB,OAAO;QACPzB,QAAQ,EAAEA,QAAQ;QAClB6E,aAAa,EAAEvD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACoD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9BtG,GAAG,CAACuG,IAAI,YAARvG,GAAG,CAACuG,IAAI,CAAG,wBAAwBN,IAAI,CAACzE,MAAM,IAAI8E,IAAI,EAAE,CAAC;MACzD,OAAO;QACL9E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAM4E,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLrF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAMvE,wBAAwB,CAC1CsC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACoE,oBAAoB,IAAI,EAAE,EACtC3E,mBAAmB,CAAC4E,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMQ,mBAAmB,GAAG,IAAIzE,mBAAmB,CAACqC,GAAG,EAAEiC,KAAK,CAAC;IAE/D,MAAM6E,cAAc,GAAG,MAAM1E,mBAAmB,CAAC2E,kBAAkB,CAAChF,OAAO,EAAE;MAC3Ea,WAAW,EAAE+D,KAAe;MAC5B7D,YAAY,EAAE+D,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI1D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGsD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG5I;IACnG,CAAC,CAAC;;IAEF;IACA,MAAML,kBAAkB,CAACkJ,MAAM,CAAClH,GAAG,EAAE+B,OAAO,CAAC;;IAE7C;IACA,MAAMoF,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,MAAMI,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAACxF,OAAO,CAAC,CAACmC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMhG,SAAS,GAAGb,OAAO,CAAC+D,KAAK,CAAC;IAChC,MAAMoG,YAAY,GAAGvJ,gBAAgB,CAACC,SAAS,GAAA8G,gBAAA,GAAEjF,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA0D,gBAAA,GAAI3G,SAAS,EAAE0B,GAAG,CAAC0H,GAAG,CAAC;IAEjGjK,WAAW,CAACwC,GAAG,EAAE,uBAAuBoB,KAAK,UAAU,EAAEiG,kBAAkB,EAAE;MAC3E;MACAK,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEV,aAAa;MACrBtI,MAAM,EAAE2I;IACV,CAAC,CAAC;;IAEF;IACA,IAAIM,EAAO;IACX,IAAI;MAAEA,EAAE,GAAGxK,SAAS,CAACqJ,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAoB,QAAA,EAAM;MACnC,OAAO;QACLvG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMoG,MAAM,GACTrE,KAAK,CAACC,OAAO,CAACkE,EAAE,CAACjE,GAAG,CAAC,IAAIiE,EAAE,CAACjE,GAAG,CAACC,QAAQ,CAACvC,QAAQ,CAAC,IAClD,OAAOuG,EAAE,CAACjE,GAAG,KAAK,QAAQ,KAAKiE,EAAE,CAACjE,GAAG,KAAKtC,QAAQ,IAAIuG,EAAE,CAACjE,GAAG,KAAK,SAAS,CAAE,IAC7EiE,EAAE,CAAC/D,GAAG,KAAKxC,QAAQ;IACrB,IAAI,CAACyG,MAAM,EAAE;MACX,OAAO;QACLxG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAsD,WAAA,IAAAD,KAAA,GAACjF,GAAG,EAASgE,KAAK,YAAAkB,WAAA,GAAlBD,KAAA,CAAajB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMiE,SAAS,GAAGjF,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnClE,GAAG,CAASgE,KAAK,CAACG,IAAI,GAAG;MACxB/C,KAAK;MACLgD,MAAM,GAAAe,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE1C,MAAM,aAAtBiB,sBAAA,CAAwBnB,QAAQ,oBAAhCmB,sBAAA,CAAwBnB,QAAQ,CAAG,CAAC,YAAAkB,qBAAA,GAAI0C,EAAE,CAACzD,GAAG,YAAAc,KAAA,GAAI,IAAI;MAC9Db,cAAc,GAAAgB,KAAA,IAAAC,OAAA,GAAEuC,EAAE,CAACzD,GAAG,YAAAkB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAExC,cAAc,YAAAgB,KAAA,GAAI,IAAI;MAChEf,UAAU,GAAAiB,KAAA,IAAAC,WAAA,GAAEqC,EAAE,CAACtD,OAAO,YAAAiB,WAAA,GAAIwC,SAAS,YAAAzC,KAAA,GAAI,IAAI;MAC3CvB,QAAQ,EAAEgE,SAAS;MACnBxD,KAAK,GAAAiB,KAAA,IAAAC,SAAA,GAAEmC,EAAE,CAACrD,KAAK,YAAAkB,SAAA,GAAImC,EAAE,CAACpD,kBAAkB,YAAAgB,KAAA,GAAI,IAAI;MAChDf,IAAI,GAAAiB,QAAA,GAAEkC,EAAE,CAACnD,IAAI,YAAAiB,QAAA,GAAIvH,SAAS;MAC1BuG,KAAK,GAAAiB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE+B,EAAE,CAACjD,eAAe,cAAAkB,mBAAA,GAAlBA,mBAAA,CAAqBxE,QAAQ,CAAC,qBAA9BwE,mBAAA,CAAgCnB,KAAK,YAAAkB,qBAAA,IAAAE,gBAAA,GAAI8B,EAAE,CAAChD,YAAY,qBAAfkB,gBAAA,CAAiBpB,KAAK,YAAAiB,MAAA,GAAI,EAAE;MAC5ErC,GAAG,EAAEsE,EAAE,CAACtE;IACV,CAAC;;IAED;IACA,OAAOvD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOiI,CAAC,EAAE;IACVlI,GAAG,CAACmI,KAAK,YAATnI,GAAG,CAACmI,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL1G,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACoG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOd,MAAM,CAACC,IAAI,CAACa,KAAK,EAAE,QAAQ,CAAC,CAAClE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOiE,KAAU,EAAE;IACnBE,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGH,KAAK,CAACI,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
package/build/esm/utils/cookies.js CHANGED
@@ -4,14 +4,16 @@ export function setCookieKV(ctx, key, value, options = {}) {
4
4
  httpOnly = true,
5
5
  secure = true,
6
6
  sameSite = "None",
7
- maxAge = 300 // seconds (default)
7
+ maxAge = 300,
8
+ // seconds (default)
9
+ domain
8
10
  } = options;
9
11
 
10
12
  // Object-cookie bag (preferred)
11
13
  const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
12
14
  // @ts-ignore
13
15
  const objBag = (_ref$CTX_COOKIES_OBJ = (_ref = ctx)[CTX_COOKIES_OBJ]) != null ? _ref$CTX_COOKIES_OBJ : _ref[CTX_COOKIES_OBJ] = [];
14
- objBag.push({
16
+ const cookieObj = {
15
17
  name: key,
16
18
  value,
17
19
  path: "/",
@@ -21,11 +23,16 @@ export function setCookieKV(ctx, key, value, options = {}) {
21
23
  sameSite,
22
24
  // use "Lax" for same-site
23
25
  maxAge
24
- });
26
+ };
27
+ // Only set domain if it's a non-empty string (undefined/null = host-only cookie)
28
+ if (domain) {
29
+ cookieObj.domain = domain;
30
+ }
31
+ objBag.push(cookieObj);
25
32
 
26
33
  // (Optional) Keep your string fallback too:
27
34
  const CTX_COOKIES = Symbol.for("cfy.resCookies");
28
35
  const strBag = (_ref2$CTX_COOKIES = (_ref2 = ctx)[CTX_COOKIES]) != null ? _ref2$CTX_COOKIES : _ref2[CTX_COOKIES] = [];
29
- strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
36
+ strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${domain ? ` Domain=${domain};` : ""}${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
30
37
  }
31
38
  //# sourceMappingURL=cookies.js.map
package/build/esm/utils/cookies.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","options","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","httpOnly","secure","sameSite","maxAge","CTX_COOKIES_OBJ","Symbol","for","objBag","push","name","path","CTX_COOKIES","strBag","encodeURIComponent"],"sources":["../../../src/utils/cookies.ts"],"sourcesContent":["import { InvocationContext } from \"@azure/functions\";\n\ntype CookieOptions = {\n httpOnly?: boolean;\n secure?: boolean;\n sameSite?: \"None\" | \"Lax\" | \"Strict\";\n maxAge?: number;\n};\n\nexport function setCookieKV(\n ctx: InvocationContext,\n key: string,\n value: string,\n options: CookieOptions = {}\n): void {\n const {\n httpOnly = true,\n secure = true,\n sameSite = \"None\",\n maxAge = 300, // seconds (default)\n } = options;\n\n // Object-cookie bag (preferred)\n const CTX_COOKIES_OBJ = Symbol.for(\"cfy.resCookies.obj\");\n // @ts-ignore\n const objBag = ((ctx as any)[CTX_COOKIES_OBJ] ??= [] as HttpCookie[]);\n objBag.push({\n name: key,\n value,\n path: \"/\",\n httpOnly,\n secure, // drop to false if testing on http://\n sameSite, // use \"Lax\" for same-site\n maxAge,\n });\n\n // (Optional) Keep your string fallback too:\n const CTX_COOKIES = Symbol.for(\"cfy.resCookies\");\n const strBag = ((ctx as any)[CTX_COOKIES] ??= [] as string[]);\n strBag.push(\n `${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? \" HttpOnly;\" : \"\"} SameSite=${sameSite};${secure ? \" Secure;\" : \"\"}${typeof maxAge === \"number\" ? ` Max-Age=${maxAge}` : \"\"}`\n );\n}"],"mappings":"AASA,OAAO,SAASA,WAAWA,CACzBC,GAAsB,EACtBC,GAAW,EACXC,KAAa,EACbC,OAAsB,GAAG,CAAC,CAAC,EACrB;EAAA,IAAAC,IAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,iBAAA;EACN,MAAM;IACJC,QAAQ,GAAG,IAAI;IACfC,MAAM,GAAG,IAAI;IACbC,QAAQ,GAAG,MAAM;IACjBC,MAAM,GAAG,GAAG,CAAE;EAChB,CAAC,GAAGR,OAAO;;EAEX;EACA,MAAMS,eAAe,GAAGC,MAAM,CAACC,GAAG,CAAC,oBAAoB,CAAC;EACxD;EACA,MAAMC,MAAM,IAAAV,oBAAA,GAAI,CAAAD,IAAA,GAACJ,GAAG,EAASY,eAAe,CAAC,YAAAP,oBAAA,GAA7BD,IAAA,CAAaQ,eAAe,CAAC,GAAK,EAAmB;EACrEG,MAAM,CAACC,IAAI,CAAC;IACRC,IAAI,EAAEhB,GAAG;IACTC,KAAK;IACLgB,IAAI,EAAE,GAAG;IACTV,QAAQ;IACRC,MAAM;IAAQ;IACdC,QAAQ;IAAI;IACZC;EACJ,CAAC,CAAC;;EAEF;EACA,MAAMQ,WAAW,GAAGN,MAAM,CAACC,GAAG,CAAC,gBAAgB,CAAC;EAChD,MAAMM,MAAM,IAAAb,iBAAA,GAAI,CAAAD,KAAA,GAACN,GAAG,EAASmB,WAAW,CAAC,YAAAZ,iBAAA,GAAzBD,KAAA,CAAaa,WAAW,CAAC,GAAK,EAAe;EAC7DC,MAAM,CAACJ,IAAI,CACP,GAAGK,kBAAkB,CAACpB,GAAG,CAAC,IAAIoB,kBAAkB,CAACnB,KAAK,CAAC,YAAYM,QAAQ,GAAG,YAAY,GAAG,EAAE,aAAaE,QAAQ,IAAID,MAAM,GAAG,UAAU,GAAG,EAAE,GAAG,OAAOE,MAAM,KAAK,QAAQ,GAAG,YAAYA,MAAM,EAAE,GAAG,EAAE,EAC7M,CAAC;AACH","ignoreList":[]}
1
+ {"version":3,"file":"cookies.js","names":["setCookieKV","ctx","key","value","options","_ref","_ref$CTX_COOKIES_OBJ","_ref2","_ref2$CTX_COOKIES","httpOnly","secure","sameSite","maxAge","domain","CTX_COOKIES_OBJ","Symbol","for","objBag","cookieObj","name","path","push","CTX_COOKIES","strBag","encodeURIComponent"],"sources":["../../../src/utils/cookies.ts"],"sourcesContent":["import { InvocationContext } from \"@azure/functions\";\n\ntype CookieOptions = {\n httpOnly?: boolean;\n secure?: boolean;\n sameSite?: \"None\" | \"Lax\" | \"Strict\";\n maxAge?: number;\n domain?: string;\n};\n\nexport function setCookieKV(\n ctx: InvocationContext,\n key: string,\n value: string,\n options: CookieOptions = {}\n): void {\n const {\n httpOnly = true,\n secure = true,\n sameSite = \"None\",\n maxAge = 300, // seconds (default)\n domain,\n } = options;\n\n // Object-cookie bag (preferred)\n const CTX_COOKIES_OBJ = Symbol.for(\"cfy.resCookies.obj\");\n // @ts-ignore\n const objBag = ((ctx as any)[CTX_COOKIES_OBJ] ??= [] as HttpCookie[]);\n const cookieObj: any = {\n name: key,\n value,\n path: \"/\",\n httpOnly,\n secure, // drop to false if testing on http://\n sameSite, // use \"Lax\" for same-site\n maxAge,\n };\n // Only set domain if it's a non-empty string (undefined/null = host-only cookie)\n if (domain) {\n cookieObj.domain = domain;\n }\n objBag.push(cookieObj);\n\n // (Optional) Keep your string fallback too:\n const CTX_COOKIES = Symbol.for(\"cfy.resCookies\");\n const strBag = ((ctx as any)[CTX_COOKIES] ??= [] as string[]);\n strBag.push(\n `${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${domain ? ` Domain=${domain};` : \"\"}${httpOnly ? \" HttpOnly;\" : \"\"} SameSite=${sameSite};${secure ? \" Secure;\" : \"\"}${typeof maxAge === \"number\" ? ` Max-Age=${maxAge}` : \"\"}`\n );\n}"],"mappings":"AAUA,OAAO,SAASA,WAAWA,CACzBC,GAAsB,EACtBC,GAAW,EACXC,KAAa,EACbC,OAAsB,GAAG,CAAC,CAAC,EACrB;EAAA,IAAAC,IAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,iBAAA;EACN,MAAM;IACJC,QAAQ,GAAG,IAAI;IACfC,MAAM,GAAG,IAAI;IACbC,QAAQ,GAAG,MAAM;IACjBC,MAAM,GAAG,GAAG;IAAE;IACdC;EACF,CAAC,GAAGT,OAAO;;EAEX;EACA,MAAMU,eAAe,GAAGC,MAAM,CAACC,GAAG,CAAC,oBAAoB,CAAC;EACxD;EACA,MAAMC,MAAM,IAAAX,oBAAA,GAAI,CAAAD,IAAA,GAACJ,GAAG,EAASa,eAAe,CAAC,YAAAR,oBAAA,GAA7BD,IAAA,CAAaS,eAAe,CAAC,GAAK,EAAmB;EACrE,MAAMI,SAAc,GAAG;IACnBC,IAAI,EAAEjB,GAAG;IACTC,KAAK;IACLiB,IAAI,EAAE,GAAG;IACTX,QAAQ;IACRC,MAAM;IAAQ;IACdC,QAAQ;IAAI;IACZC;EACJ,CAAC;EACD;EACA,IAAIC,MAAM,EAAE;IACVK,SAAS,CAACL,MAAM,GAAGA,MAAM;EAC3B;EACAI,MAAM,CAACI,IAAI,CAACH,SAAS,CAAC;;EAEtB;EACA,MAAMI,WAAW,GAAGP,MAAM,CAACC,GAAG,CAAC,gBAAgB,CAAC;EAChD,MAAMO,MAAM,IAAAf,iBAAA,GAAI,CAAAD,KAAA,GAACN,GAAG,EAASqB,WAAW,CAAC,YAAAd,iBAAA,GAAzBD,KAAA,CAAae,WAAW,CAAC,GAAK,EAAe;EAC7DC,MAAM,CAACF,IAAI,CACP,GAAGG,kBAAkB,CAACtB,GAAG,CAAC,IAAIsB,kBAAkB,CAACrB,KAAK,CAAC,YAAYU,MAAM,GAAG,WAAWA,MAAM,GAAG,GAAG,EAAE,GAAGJ,QAAQ,GAAG,YAAY,GAAG,EAAE,aAAaE,QAAQ,IAAID,MAAM,GAAG,UAAU,GAAG,EAAE,GAAG,OAAOE,MAAM,KAAK,QAAQ,GAAG,YAAYA,MAAM,EAAE,GAAG,EAAE,EAClP,CAAC;AACH","ignoreList":[]}
package/build/src/middlewares/verify-middleware.js CHANGED
@@ -10,6 +10,33 @@ const utils_1 = require("../utils");
10
10
  const tokenMapping_service_1 = require("../service/tokenMapping.service");
11
11
  const apiURL = process.env.REFRESH_SESSION_URL || '';
12
12
  const verifyMappingCache = (0, utils_1.createCache)("verify-mw", 60);
13
+ function pickCookieDomain(appConfig, origin, requestUrl) {
14
+ var _a;
15
+ if (!appConfig)
16
+ return undefined;
17
+ const hostCandidate = origin !== null && origin !== void 0 ? origin : requestUrl;
18
+ if (!hostCandidate)
19
+ return undefined;
20
+ try {
21
+ const host = new URL(hostCandidate).hostname;
22
+ if (host === "localhost" || host.startsWith("127.0.0.1")) {
23
+ return (_a = appConfig.cookie.domain.local) !== null && _a !== void 0 ? _a : undefined;
24
+ }
25
+ if (host.endsWith(".dev.culturefy.app") || host === "dev.culturefy.app") {
26
+ return appConfig.cookie.domain.dev;
27
+ }
28
+ if (host.endsWith(".staging.culturefy.app") || host === "staging.culturefy.app") {
29
+ return appConfig.cookie.domain.staging;
30
+ }
31
+ if (host.endsWith(".culturefy.app")) {
32
+ return appConfig.cookie.domain.prod;
33
+ }
34
+ }
35
+ catch (_b) {
36
+ return undefined;
37
+ }
38
+ return undefined;
39
+ }
13
40
  const parseCookieHeader = (header) => {
14
41
  const out = {};
15
42
  if (!header)
@@ -140,8 +167,8 @@ const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, f
140
167
  exports.verifyMw = verifyMw;
141
168
  function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p, next) {
142
169
  return tslib_1.__awaiter(this, void 0, void 0, function* () {
143
- var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u;
144
- var _v;
170
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u, _v;
171
+ var _w;
145
172
  // Attempt server-side refresh using RT
146
173
  if (!rt) {
147
174
  return {
@@ -209,19 +236,23 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
209
236
  : typeof data.expires_in === "number"
210
237
  ? data.expires_in
211
238
  : 60 * 60 * 24; // fallback 24h
212
- (0, cookies_1.setCookieKV)(ctx, `__Secure-session-v1.${appId}.mapping`, mapping, {
239
+ const mappingCookieValue = Buffer.from(mapping).toString("base64");
240
+ const appConfig = constants_1.APP_MAP[appId];
241
+ const mappedDomain = pickCookieDomain(appConfig, (_b = req.headers.get("origin")) !== null && _b !== void 0 ? _b : undefined, req.url);
242
+ (0, cookies_1.setCookieKV)(ctx, `__Secure-session-v1.${appId}.mapping`, mappingCookieValue, {
213
243
  // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only
214
244
  httpOnly: false,
215
245
  secure: true,
216
246
  sameSite: "None",
217
- maxAge: mappingMaxAge
247
+ maxAge: mappingMaxAge,
248
+ domain: mappedDomain
218
249
  });
219
250
  // Decode new AT and proceed
220
251
  let p2;
221
252
  try {
222
253
  p2 = (0, jwt_decode_1.jwtDecode)(newAT);
223
254
  }
224
- catch (_w) {
255
+ catch (_x) {
225
256
  return {
226
257
  status: 401,
227
258
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -239,24 +270,24 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
239
270
  };
240
271
  }
241
272
  // Update downstream auth state with refreshed token
242
- (_b = (_v = ctx).state) !== null && _b !== void 0 ? _b : (_v.state = {});
273
+ (_c = (_w = ctx).state) !== null && _c !== void 0 ? _c : (_w.state = {});
243
274
  const tenantId2 = realmId.toString();
244
275
  ctx.state.auth = {
245
276
  appId,
246
- userId: (_f = (_e = (_d = (_c = updatedMapping === null || updatedMapping === void 0 ? void 0 : updatedMapping.userId) === null || _c === void 0 ? void 0 : _c.toString) === null || _d === void 0 ? void 0 : _d.call(_c)) !== null && _e !== void 0 ? _e : p2.sub) !== null && _f !== void 0 ? _f : null,
247
- keycloakUserId: (_h = (_g = p2.sub) !== null && _g !== void 0 ? _g : updatedMapping === null || updatedMapping === void 0 ? void 0 : updatedMapping.keycloakUserId) !== null && _h !== void 0 ? _h : null,
248
- businessId: (_k = (_j = p2.cfy_bid) !== null && _j !== void 0 ? _j : tenantId2) !== null && _k !== void 0 ? _k : null,
277
+ userId: (_g = (_f = (_e = (_d = updatedMapping === null || updatedMapping === void 0 ? void 0 : updatedMapping.userId) === null || _d === void 0 ? void 0 : _d.toString) === null || _e === void 0 ? void 0 : _e.call(_d)) !== null && _f !== void 0 ? _f : p2.sub) !== null && _g !== void 0 ? _g : null,
278
+ keycloakUserId: (_j = (_h = p2.sub) !== null && _h !== void 0 ? _h : updatedMapping === null || updatedMapping === void 0 ? void 0 : updatedMapping.keycloakUserId) !== null && _j !== void 0 ? _j : null,
279
+ businessId: (_l = (_k = p2.cfy_bid) !== null && _k !== void 0 ? _k : tenantId2) !== null && _l !== void 0 ? _l : null,
249
280
  tenantId: tenantId2,
250
- email: (_m = (_l = p2.email) !== null && _l !== void 0 ? _l : p2.preferred_username) !== null && _m !== void 0 ? _m : null,
251
- name: (_o = p2.name) !== null && _o !== void 0 ? _o : undefined,
252
- roles: (_t = (_r = (_q = (_p = p2.resource_access) === null || _p === void 0 ? void 0 : _p[clientId]) === null || _q === void 0 ? void 0 : _q.roles) !== null && _r !== void 0 ? _r : (_s = p2.realm_access) === null || _s === void 0 ? void 0 : _s.roles) !== null && _t !== void 0 ? _t : [],
281
+ email: (_o = (_m = p2.email) !== null && _m !== void 0 ? _m : p2.preferred_username) !== null && _o !== void 0 ? _o : null,
282
+ name: (_p = p2.name) !== null && _p !== void 0 ? _p : undefined,
283
+ roles: (_u = (_s = (_r = (_q = p2.resource_access) === null || _q === void 0 ? void 0 : _q[clientId]) === null || _r === void 0 ? void 0 : _r.roles) !== null && _s !== void 0 ? _s : (_t = p2.realm_access) === null || _t === void 0 ? void 0 : _t.roles) !== null && _u !== void 0 ? _u : [],
253
284
  exp: p2.exp,
254
285
  };
255
286
  // Continue pipeline after refresh
256
287
  return next();
257
288
  }
258
289
  catch (e) {
259
- (_u = ctx.error) === null || _u === void 0 ? void 0 : _u.call(ctx, "refresh exception", e);
290
+ (_v = ctx.error) === null || _v === void 0 ? void 0 : _v.call(ctx, "refresh exception", e);
260
291
  return {
261
292
  status: 401,
262
293
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
package/build/src/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAiE;AAEjE,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;AACrD,MAAM,kBAAkB,GAAG,IAAA,mBAAW,EAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAExD,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEK,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEjD,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE7D,IAAI,OAAO,GAAkB,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC,CAAC;IAE7E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,QAAQ,CACvD,GAAG,EACH,CAAC,OAAO,CAAC,EACT,GAAS,EAAE;QACT,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACvE,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAChD,CAAC,CAAA,CACF,CAAC;IACF,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;IAEvC,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC1E,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC;IAErB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,YAAY,CAAC,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,CAAC,CAAC,GAAG,mCAAI,IAAI;QAC1D,cAAc,EAAE,MAAA,MAAA,CAAC,CAAC,GAAG,mCAAI,YAAY,CAAC,cAAc,mCAAI,IAAI;QAC5D,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC1E,GAAG,EAAE,CAAC,CAAC,GAAG;KACX,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AApJW,QAAA,QAAQ,YAoJnB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,iDAAiD,EAAE;YAC1D,OAAO;YACP,QAAQ;YACR,EAAE;SACH,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAA,GAAG,CAAC,IAAI,oDAAG,wBAAwB,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC1D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,cAAc,GAAG,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBAC3E,WAAW,EAAE,KAAe;gBAC5B,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4DAA4D;YAC5D,MAAM,kBAAkB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAE9C,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;oBACnC,CAAC,CAAC,IAAI,CAAC,UAAU;oBACjB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,eAAe;YAErC,IAAA,qBAAW,EAAC,GAAG,EAAE,uBAAuB,KAAK,UAAU,EAAE,OAAO,EAAE;gBAChE,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK;gBACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,EAAE,CAAC,GAAG,mCAAI,IAAI;gBAC9D,cAAc,EAAE,MAAA,MAAA,EAAE,CAAC,GAAG,mCAAI,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,mCAAI,IAAI;gBAChE,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE,CAAQ,CAAC,CAAC;YAC3C,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAiE;AAEjE,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;AACrD,MAAM,kBAAkB,GAAG,IAAA,mBAAW,EAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAExD,SAAS,gBAAgB,CAAC,SAA+C,EAAE,MAAe,EAAE,UAAmB;;IAC7G,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,OAAO,MAAA,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,mCAAI,SAAS,CAAC;QACpD,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEK,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEjD,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE7D,IAAI,OAAO,GAAkB,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC,CAAC;IAE7E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,MAAM,eAAe,GAAG,MAAM,kBAAkB,CAAC,QAAQ,CACvD,GAAG,EACH,CAAC,OAAO,CAAC,EACT,GAAS,EAAE;QACT,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACvE,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAChD,CAAC,CAAA,CACF,CAAC;IACF,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;IAEvC,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC1F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC1E,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC;IAErB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,YAAY,CAAC,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,CAAC,CAAC,GAAG,mCAAI,IAAI;QAC1D,cAAc,EAAE,MAAA,MAAA,CAAC,CAAC,GAAG,mCAAI,YAAY,CAAC,cAAc,mCAAI,IAAI;QAC5D,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC1E,GAAG,EAAE,CAAC,CAAC,GAAG;KACX,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AApJW,QAAA,QAAQ,YAoJnB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,iDAAiD,EAAE;YAC1D,OAAO;YACP,QAAQ;YACR,EAAE;SACH,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,MAAA,GAAG,CAAC,IAAI,oDAAG,wBAAwB,IAAI,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC1D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,cAAc,GAAG,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBAC3E,WAAW,EAAE,KAAe;gBAC5B,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4DAA4D;YAC5D,MAAM,kBAAkB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAE9C,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;oBACnC,CAAC,CAAC,IAAI,CAAC,UAAU;oBACjB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,eAAe;YAErC,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;YACjC,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,EAAE,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YAElG,IAAA,qBAAW,EAAC,GAAG,EAAE,uBAAuB,KAAK,UAAU,EAAE,kBAAkB,EAAE;gBAC3E,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,IAAI;gBACZ,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,aAAa;gBACrB,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK;gBACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,EAAE,CAAC,GAAG,mCAAI,IAAI;gBAC9D,cAAc,EAAE,MAAA,MAAA,EAAE,CAAC,GAAG,mCAAI,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,mCAAI,IAAI;gBAChE,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;aACZ,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE,CAAQ,CAAC,CAAC;YAC3C,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
package/build/src/utils/cookies.d.ts CHANGED
@@ -4,6 +4,7 @@ type CookieOptions = {
4
4
  secure?: boolean;
5
5
  sameSite?: "None" | "Lax" | "Strict";
6
6
  maxAge?: number;
7
+ domain?: string;
7
8
  };
8
9
  export declare function setCookieKV(ctx: InvocationContext, key: string, value: string, options?: CookieOptions): void;
9
10
  export {};
package/build/src/utils/cookies.js CHANGED
@@ -5,12 +5,12 @@ function setCookieKV(ctx, key, value, options = {}) {
5
5
  var _a, _b;
6
6
  var _c, _d;
7
7
  const { httpOnly = true, secure = true, sameSite = "None", maxAge = 300, // seconds (default)
8
- } = options;
8
+ domain, } = options;
9
9
  // Object-cookie bag (preferred)
10
10
  const CTX_COOKIES_OBJ = Symbol.for("cfy.resCookies.obj");
11
11
  // @ts-ignore
12
12
  const objBag = ((_a = (_c = ctx)[CTX_COOKIES_OBJ]) !== null && _a !== void 0 ? _a : (_c[CTX_COOKIES_OBJ] = []));
13
- objBag.push({
13
+ const cookieObj = {
14
14
  name: key,
15
15
  value,
16
16
  path: "/",
@@ -18,10 +18,15 @@ function setCookieKV(ctx, key, value, options = {}) {
18
18
  secure, // drop to false if testing on http://
19
19
  sameSite, // use "Lax" for same-site
20
20
  maxAge,
21
- });
21
+ };
22
+ // Only set domain if it's a non-empty string (undefined/null = host-only cookie)
23
+ if (domain) {
24
+ cookieObj.domain = domain;
25
+ }
26
+ objBag.push(cookieObj);
22
27
  // (Optional) Keep your string fallback too:
23
28
  const CTX_COOKIES = Symbol.for("cfy.resCookies");
24
29
  const strBag = ((_b = (_d = ctx)[CTX_COOKIES]) !== null && _b !== void 0 ? _b : (_d[CTX_COOKIES] = []));
25
- strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
30
+ strBag.push(`${encodeURIComponent(key)}=${encodeURIComponent(value)}; Path=/;${domain ? ` Domain=${domain};` : ""}${httpOnly ? " HttpOnly;" : ""} SameSite=${sameSite};${secure ? " Secure;" : ""}${typeof maxAge === "number" ? ` Max-Age=${maxAge}` : ""}`);
26
31
  }
27
32
  //# sourceMappingURL=cookies.js.map
package/build/src/utils/cookies.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/utils/cookies.ts"],"names":[],"mappings":";;AASA,kCAiCC;AAjCD,SAAgB,WAAW,CACzB,GAAsB,EACtB,GAAW,EACX,KAAa,EACb,UAAyB,EAAE;;;IAE3B,MAAM,EACJ,QAAQ,GAAG,IAAI,EACf,MAAM,GAAG,IAAI,EACb,QAAQ,GAAG,MAAM,EACjB,MAAM,GAAG,GAAG,EAAE,oBAAoB;MACnC,GAAG,OAAO,CAAC;IAEZ,gCAAgC;IAChC,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACzD,aAAa;IACb,MAAM,MAAM,GAAG,aAAE,GAAW,EAAC,eAAe,wCAAf,eAAe,IAAM,EAAkB,EAAC,CAAC;IACtE,MAAM,CAAC,IAAI,CAAC;QACR,IAAI,EAAE,GAAG;QACT,KAAK;QACL,IAAI,EAAE,GAAG;QACT,QAAQ;QACR,MAAM,EAAQ,sCAAsC;QACpD,QAAQ,EAAI,0BAA0B;QACtC,MAAM;KACT,CAAC,CAAC;IAEH,4CAA4C;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,aAAE,GAAW,EAAC,WAAW,wCAAX,WAAW,IAAM,EAAc,EAAC,CAAC;IAC9D,MAAM,CAAC,IAAI,CACP,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,YAAY,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,aAAa,QAAQ,IAAI,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9M,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/utils/cookies.ts"],"names":[],"mappings":";;AAUA,kCAuCC;AAvCD,SAAgB,WAAW,CACzB,GAAsB,EACtB,GAAW,EACX,KAAa,EACb,UAAyB,EAAE;;;IAE3B,MAAM,EACJ,QAAQ,GAAG,IAAI,EACf,MAAM,GAAG,IAAI,EACb,QAAQ,GAAG,MAAM,EACjB,MAAM,GAAG,GAAG,EAAE,oBAAoB;IAClC,MAAM,GACP,GAAG,OAAO,CAAC;IAEZ,gCAAgC;IAChC,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACzD,aAAa;IACb,MAAM,MAAM,GAAG,aAAE,GAAW,EAAC,eAAe,wCAAf,eAAe,IAAM,EAAkB,EAAC,CAAC;IACtE,MAAM,SAAS,GAAQ;QACnB,IAAI,EAAE,GAAG;QACT,KAAK;QACL,IAAI,EAAE,GAAG;QACT,QAAQ;QACR,MAAM,EAAQ,sCAAsC;QACpD,QAAQ,EAAI,0BAA0B;QACtC,MAAM;KACT,CAAC;IACF,iFAAiF;IACjF,IAAI,MAAM,EAAE,CAAC;QACX,SAAS,CAAC,MAAM,GAAG,MAAM,CAAC;IAC5B,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEvB,4CAA4C;IAC5C,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,aAAE,GAAW,EAAC,WAAW,wCAAX,WAAW,IAAM,EAAc,EAAC,CAAC;IAC9D,MAAM,CAAC,IAAI,CACP,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,YAAY,MAAM,CAAC,CAAC,CAAC,WAAW,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,aAAa,QAAQ,IAAI,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CACnP,CAAC;AACJ,CAAC"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@culturefy/shared",
3
3
  "description": "Shared utilities for culturefy serverless services",
4
- "version": "1.0.61",
4
+ "version": "1.0.62",
5
5
  "main": "build/cjs/index.js",
6
6
  "module": "build/esm/index.js",
7
7
  "types": "build/src/index.d.ts",