@culturefy/shared 1.0.63 → 1.0.64

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/build/cjs/enums/secretKeys.enum.js +0 -1
  2. package/build/cjs/enums/secretKeys.enum.js.map +1 -1
  3. package/build/cjs/interfaces/user.js.map +1 -1
  4. package/build/cjs/middlewares/verify-middleware.js +72 -18
  5. package/build/cjs/middlewares/verify-middleware.js.map +1 -1
  6. package/build/cjs/repositories/multi-tenant.repository.js +24 -11
  7. package/build/cjs/repositories/multi-tenant.repository.js.map +1 -1
  8. package/build/cjs/repositories/tenant-base.repository.js +7 -1
  9. package/build/cjs/repositories/tenant-base.repository.js.map +1 -1
  10. package/build/cjs/utils/initializers.js +11 -5
  11. package/build/cjs/utils/initializers.js.map +1 -1
  12. package/build/esm/enums/secretKeys.enum.js +0 -1
  13. package/build/esm/enums/secretKeys.enum.js.map +1 -1
  14. package/build/esm/interfaces/user.js.map +1 -1
  15. package/build/esm/middlewares/verify-middleware.js +74 -20
  16. package/build/esm/middlewares/verify-middleware.js.map +1 -1
  17. package/build/esm/repositories/multi-tenant.repository.js +24 -11
  18. package/build/esm/repositories/multi-tenant.repository.js.map +1 -1
  19. package/build/esm/repositories/tenant-base.repository.js +7 -1
  20. package/build/esm/repositories/tenant-base.repository.js.map +1 -1
  21. package/build/esm/utils/initializers.js +11 -5
  22. package/build/esm/utils/initializers.js.map +1 -1
  23. package/build/src/enums/secretKeys.enum.d.ts +0 -1
  24. package/build/src/enums/secretKeys.enum.js +0 -1
  25. package/build/src/enums/secretKeys.enum.js.map +1 -1
  26. package/build/src/middlewares/verify-middleware.js +79 -36
  27. package/build/src/middlewares/verify-middleware.js.map +1 -1
  28. package/build/src/repositories/multi-tenant.repository.d.ts +1 -0
  29. package/build/src/repositories/multi-tenant.repository.js +24 -11
  30. package/build/src/repositories/multi-tenant.repository.js.map +1 -1
  31. package/build/src/repositories/tenant-base.repository.d.ts +1 -0
  32. package/build/src/repositories/tenant-base.repository.js +18 -0
  33. package/build/src/repositories/tenant-base.repository.js.map +1 -1
  34. package/build/src/utils/initializers.d.ts +1 -0
  35. package/build/src/utils/initializers.js +11 -5
  36. package/build/src/utils/initializers.js.map +1 -1
  37. package/package.json +1 -1
package/build/cjs/repositories/tenant-base.repository.js CHANGED
@@ -19,6 +19,12 @@ let TenantBaseRepository = exports.TenantBaseRepository = (_class = class Tenant
19
19
  async createMany(body) {
20
20
  return this.dbModel.insertMany(body);
21
21
  }
22
+ async findAllWithPagination(query, page, limit, sort = {
23
+ createdAt: -1
24
+ }, projection = {}) {
25
+ const list = await this.dbModel.find(query, projection).sort(sort).skip((page - 1) * limit).limit(limit).lean().exec();
26
+ return list;
27
+ }
22
28
  async count(query = {}) {
23
29
  return this.dbModel.countDocuments(query).exec();
24
30
  }
@@ -48,5 +54,5 @@ let TenantBaseRepository = exports.TenantBaseRepository = (_class = class Tenant
48
54
  async deleteMany(query = {}) {
49
55
  return this.dbModel.deleteMany(query).exec();
50
56
  }
51
- }, _applyDecoratedDescriptor(_class.prototype, "aggregate", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "aggregate"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "create", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "create"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "createMany", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "createMany"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "count", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "count"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "findById", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "findById"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "findOne", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "findOne"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "find", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "find"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "updateById", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "updateById"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "updateOne", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "updateOne"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "updateMany", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "updateMany"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "deleteById", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "deleteById"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "deleteMany", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "deleteMany"), _class.prototype), _class);
57
+ }, _applyDecoratedDescriptor(_class.prototype, "aggregate", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "aggregate"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "create", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "create"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "createMany", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "createMany"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "findAllWithPagination", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "findAllWithPagination"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "count", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "count"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "findById", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "findById"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "findOne", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "findOne"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "find", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "find"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "updateById", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "updateById"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "updateOne", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "updateOne"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "updateMany", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "updateMany"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "deleteById", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "deleteById"), _class.prototype), _applyDecoratedDescriptor(_class.prototype, "deleteMany", [_multiTenant.WithTenantDb], Object.getOwnPropertyDescriptor(_class.prototype, "deleteMany"), _class.prototype), _class);
52
58
  //# sourceMappingURL=tenant-base.repository.js.map
package/build/cjs/repositories/tenant-base.repository.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"tenant-base.repository.js","names":["_multiTenant","require","_class","_applyDecoratedDescriptor","i","e","r","n","l","a","Object","keys","forEach","enumerable","configurable","initializer","writable","slice","reverse","reduce","value","call","defineProperty","TenantBaseRepository","exports","TenantModelRepository","constructor","args","modelDef","aggregate","pipeline","dbModel","exec","create","body","createMany","insertMany","count","query","countDocuments","findById","id","projection","options","findOne","find","updateById","new","findByIdAndUpdate","updateOne","updateMany","deleteById","findByIdAndDelete","deleteMany","prototype","WithTenantDb","getOwnPropertyDescriptor"],"sources":["../../../src/repositories/tenant-base.repository.ts"],"sourcesContent":["import {\n FilterQuery,\n Model,\n PipelineStage,\n ProjectionType,\n QueryOptions,\n UpdateQuery,\n} from \"mongoose\";\nimport { TenantModelRepository, WithTenantDb } from \"./multi-tenant.repository\";\n\nexport abstract class TenantBaseRepository<T> extends TenantModelRepository<T> {\n protected abstract readonly modelDef: Model<T>;\n\n @WithTenantDb\n async aggregate(\n pipeline: PipelineStage[],\n ): Promise<any[]> {\n return this.dbModel.aggregate(pipeline).exec();\n }\n\n @WithTenantDb\n async create(body: T): Promise<T> {\n return this.dbModel.create(body);\n }\n\n @WithTenantDb\n async createMany(body: T[]): Promise<T[]> {\n return this.dbModel.insertMany(body);\n }\n\n @WithTenantDb\n async count(query: FilterQuery<T> = {}): Promise<number> {\n return this.dbModel.countDocuments(query).exec();\n }\n\n @WithTenantDb\n async findById(\n id: string,\n projection: ProjectionType<T> = {},\n options: QueryOptions<T> = {},\n ): Promise<T | null> {\n return this.dbModel.findById(id, projection, options).exec();\n }\n\n @WithTenantDb\n async findOne(\n query: FilterQuery<T>,\n projection: ProjectionType<T> = {},\n options: QueryOptions<T> = {},\n ): Promise<T | null> {\n return this.dbModel.findOne(query, projection, options).exec();\n }\n\n @WithTenantDb\n async find(\n query: FilterQuery<T> = {},\n projection: ProjectionType<T> = {},\n options: QueryOptions<T> = {},\n ): Promise<T[]> {\n return this.dbModel.find(query, projection, options).exec();\n }\n\n @WithTenantDb\n async updateById(\n id: string,\n body: UpdateQuery<T>,\n options: any = { new: true },\n ): Promise<T | null> {\n return this.dbModel.findByIdAndUpdate(id, body, options).exec() as Promise<\n T | null\n >;\n }\n\n @WithTenantDb\n async updateOne(\n query: FilterQuery<T>,\n body: UpdateQuery<T>,\n options: any = {},\n ): Promise<any> {\n return this.dbModel.updateOne(query, body, options).exec();\n }\n\n @WithTenantDb\n async updateMany(\n query: FilterQuery<T>,\n body: UpdateQuery<T>,\n options: any = {},\n ): Promise<any> {\n return this.dbModel.updateMany(query, body, options).exec();\n }\n\n @WithTenantDb\n async deleteById(id: string): Promise<T | null> {\n return this.dbModel.findByIdAndDelete(id).exec();\n }\n\n @WithTenantDb\n async deleteMany(query: FilterQuery<T> = {}): Promise<any> {\n return this.dbModel.deleteMany(query).exec();\n }\n}\n"],"mappings":";;;;AAQA,IAAAA,YAAA,GAAAC,OAAA;AAAgF,IAAAC,MAAA;AAAA,SAAAC,0BAAAC,CAAA,EAAAC,CAAA,EAAAC,CAAA,EAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,cAAAC,MAAA,CAAAC,IAAA,CAAAJ,CAAA,EAAAK,OAAA,WAAAR,CAAA,IAAAK,CAAA,CAAAL,CAAA,IAAAG,CAAA,CAAAH,CAAA,OAAAK,CAAA,CAAAI,UAAA,KAAAJ,CAAA,CAAAI,UAAA,EAAAJ,CAAA,CAAAK,YAAA,KAAAL,CAAA,CAAAK,YAAA,cAAAL,CAAA,IAAAA,CAAA,CAAAM,WAAA,MAAAN,CAAA,CAAAO,QAAA,QAAAP,CAAA,GAAAH,CAAA,CAAAW,KAAA,GAAAC,OAAA,GAAAC,MAAA,WAAAb,CAAA,EAAAC,CAAA,WAAAA,CAAA,CAAAH,CAAA,EAAAC,CAAA,EAAAC,CAAA,KAAAA,CAAA,KAAAG,CAAA,GAAAD,CAAA,eAAAC,CAAA,CAAAM,WAAA,KAAAN,CAAA,CAAAW,KAAA,GAAAX,CAAA,CAAAM,WAAA,GAAAN,CAAA,CAAAM,WAAA,CAAAM,IAAA,CAAAb,CAAA,YAAAC,CAAA,CAAAM,WAAA,uBAAAN,CAAA,CAAAM,WAAA,IAAAL,MAAA,CAAAY,cAAA,CAAAlB,CAAA,EAAAC,CAAA,EAAAI,CAAA,WAAAA,CAAA;AAAA,IAE1Dc,oBAAoB,GAAAC,OAAA,CAAAD,oBAAA,IAAArB,MAAA,GAAnC,MAAeqB,oBAAoB,SAAYE,kCAAqB,CAAI;EAAAC,YAAA,GAAAC,IAAA;IAAA,SAAAA,IAAA;IAAA,KACjDC,QAAQ;EAAA;EAEpC,MACMC,SAASA,CACbC,QAAyB,EACT;IAChB,OAAO,IAAI,CAACC,OAAO,CAACF,SAAS,CAACC,QAAQ,CAAC,CAACE,IAAI,CAAC,CAAC;EAChD;EAEA,MACMC,MAAMA,CAACC,IAAO,EAAc;IAChC,OAAO,IAAI,CAACH,OAAO,CAACE,MAAM,CAACC,IAAI,CAAC;EAClC;EAEA,MACMC,UAAUA,CAACD,IAAS,EAAgB;IACxC,OAAO,IAAI,CAACH,OAAO,CAACK,UAAU,CAACF,IAAI,CAAC;EACtC;EAEA,MACMG,KAAKA,CAACC,KAAqB,GAAG,CAAC,CAAC,EAAmB;IACvD,OAAO,IAAI,CAACP,OAAO,CAACQ,cAAc,CAACD,KAAK,CAAC,CAACN,IAAI,CAAC,CAAC;EAClD;EAEA,MACMQ,QAAQA,CACZC,EAAU,EACVC,UAA6B,GAAG,CAAC,CAAC,EAClCC,OAAwB,GAAG,CAAC,CAAC,EACV;IACnB,OAAO,IAAI,CAACZ,OAAO,CAACS,QAAQ,CAACC,EAAE,EAAEC,UAAU,EAAEC,OAAO,CAAC,CAACX,IAAI,CAAC,CAAC;EAC9D;EAEA,MACMY,OAAOA,CACXN,KAAqB,EACrBI,UAA6B,GAAG,CAAC,CAAC,EAClCC,OAAwB,GAAG,CAAC,CAAC,EACV;IACnB,OAAO,IAAI,CAACZ,OAAO,CAACa,OAAO,CAACN,KAAK,EAAEI,UAAU,EAAEC,OAAO,CAAC,CAACX,IAAI,CAAC,CAAC;EAChE;EAEA,MACMa,IAAIA,CACRP,KAAqB,GAAG,CAAC,CAAC,EAC1BI,UAA6B,GAAG,CAAC,CAAC,EAClCC,OAAwB,GAAG,CAAC,CAAC,EACf;IACd,OAAO,IAAI,CAACZ,OAAO,CAACc,IAAI,CAACP,KAAK,EAAEI,UAAU,EAAEC,OAAO,CAAC,CAACX,IAAI,CAAC,CAAC;EAC7D;EAEA,MACMc,UAAUA,CACdL,EAAU,EACVP,IAAoB,EACpBS,OAAY,GAAG;IAAEI,GAAG,EAAE;EAAK,CAAC,EACT;IACnB,OAAO,IAAI,CAAChB,OAAO,CAACiB,iBAAiB,CAACP,EAAE,EAAEP,IAAI,EAAES,OAAO,CAAC,CAACX,IAAI,CAAC,CAAC;EAGjE;EAEA,MACMiB,SAASA,CACbX,KAAqB,EACrBJ,IAAoB,EACpBS,OAAY,GAAG,CAAC,CAAC,EACH;IACd,OAAO,IAAI,CAACZ,OAAO,CAACkB,SAAS,CAACX,KAAK,EAAEJ,IAAI,EAAES,OAAO,CAAC,CAACX,IAAI,CAAC,CAAC;EAC5D;EAEA,MACMkB,UAAUA,CACdZ,KAAqB,EACrBJ,IAAoB,EACpBS,OAAY,GAAG,CAAC,CAAC,EACH;IACd,OAAO,IAAI,CAACZ,OAAO,CAACmB,UAAU,CAACZ,KAAK,EAAEJ,IAAI,EAAES,OAAO,CAAC,CAACX,IAAI,CAAC,CAAC;EAC7D;EAEA,MACMmB,UAAUA,CAACV,EAAU,EAAqB;IAC9C,OAAO,IAAI,CAACV,OAAO,CAACqB,iBAAiB,CAACX,EAAE,CAAC,CAACT,IAAI,CAAC,CAAC;EAClD;EAEA,MACMqB,UAAUA,CAACf,KAAqB,GAAG,CAAC,CAAC,EAAgB;IACzD,OAAO,IAAI,CAACP,OAAO,CAACsB,UAAU,CAACf,KAAK,CAAC,CAACN,IAAI,CAAC,CAAC;EAC9C;AACF,CAAC,EAAA7B,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,gBAvFEC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,gBAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,aAOZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,aAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,iBAKZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,iBAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,YAKZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,YAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,eAKZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,eAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,cASZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,cAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,WASZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,WAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,iBASZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,iBAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,gBAWZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,gBAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,iBASZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,iBAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,iBASZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,iBAAApD,MAAA,CAAAoD,SAAA,GAAAnD,yBAAA,CAAAD,MAAA,CAAAoD,SAAA,iBAKZC,yBAAY,GAAA7C,MAAA,CAAA8C,wBAAA,CAAAtD,MAAA,CAAAoD,SAAA,iBAAApD,MAAA,CAAAoD,SAAA,GAAApD,MAAA","ignoreList":[]}
1
+ {"version":3,"file":"tenant-base.repository.js","names":["_multiTenant","require","_class","_applyDecoratedDescriptor","i","e","r","n","l","a","Object","keys","forEach","enumerable","configurable","initializer","writable","slice","reverse","reduce","value","call","defineProperty","TenantBaseRepository","exports","TenantModelRepository","constructor","args","modelDef","aggregate","pipeline","dbModel","exec","create","body","createMany","insertMany","findAllWithPagination","query","page","limit","sort","createdAt","projection","list","find","skip","lean","count","countDocuments","findById","id","options","findOne","updateById","new","findByIdAndUpdate","updateOne","updateMany","deleteById","findByIdAndDelete","deleteMany","prototype","WithTenantDb","getOwnPropertyDescriptor"],"sources":["../../../src/repositories/tenant-base.repository.ts"],"sourcesContent":["import {\n FilterQuery,\n Model,\n PipelineStage,\n ProjectionType,\n QueryOptions,\n UpdateQuery,\n} from \"mongoose\";\nimport { TenantModelRepository, WithTenantDb } from \"./multi-tenant.repository\";\n\nexport abstract class TenantBaseRepository<T> extends TenantModelRepository<T> {\n protected abstract readonly modelDef: Model<T>;\n\n @WithTenantDb\n async aggregate(\n pipeline: PipelineStage[],\n ): Promise<any[]> {\n return this.dbModel.aggregate(pipeline).exec();\n }\n\n @WithTenantDb\n async create(body: T): Promise<T> {\n return this.dbModel.create(body);\n }\n\n @WithTenantDb\n async createMany(body: T[]): Promise<T[]> {\n return this.dbModel.insertMany(body);\n }\n\n @WithTenantDb\n async findAllWithPagination(\n query: FilterQuery<T>,\n page: number,\n limit: number,\n sort: Record<string, 1 | -1> = { createdAt: -1 },\n projection: ProjectionType<T> = {},\n ): Promise<T[]> {\n const list = await this.dbModel\n .find(query, projection)\n .sort(sort)\n .skip((page - 1) * limit)\n .limit(limit)\n .lean()\n .exec();\n return list as T[];\n }\n\n @WithTenantDb\n async count(query: FilterQuery<T> = {}): Promise<number> {\n return this.dbModel.countDocuments(query).exec();\n }\n\n @WithTenantDb\n async findById(\n id: string,\n projection: ProjectionType<T> = {},\n options: QueryOptions<T> = {},\n ): Promise<T | null> {\n return this.dbModel.findById(id, projection, options).exec();\n }\n\n @WithTenantDb\n async findOne(\n query: FilterQuery<T>,\n projection: ProjectionType<T> = {},\n options: QueryOptions<T> = {},\n ): Promise<T | null> {\n return this.dbModel.findOne(query, projection, options).exec();\n }\n\n @WithTenantDb\n async find(\n query: FilterQuery<T> = {},\n projection: ProjectionType<T> = {},\n options: QueryOptions<T> = {},\n ): Promise<T[]> {\n return this.dbModel.find(query, projection, options).exec();\n }\n\n @WithTenantDb\n async updateById(\n id: string,\n body: UpdateQuery<T>,\n options: any = { new: true },\n ): Promise<T | null> {\n return this.dbModel.findByIdAndUpdate(id, body, options).exec() as Promise<\n T | null\n >;\n }\n\n @WithTenantDb\n async updateOne(\n query: FilterQuery<T>,\n body: UpdateQuery<T>,\n options: any = {},\n ): Promise<any> {\n return this.dbModel.updateOne(query, body, options).exec();\n }\n\n @WithTenantDb\n async updateMany(\n query: FilterQuery<T>,\n body: UpdateQuery<T>,\n options: any = {},\n ): Promise<any> {\n return this.dbModel.updateMany(query, body, options).exec();\n }\n\n @WithTenantDb\n async deleteById(id: string): Promise<T | null> {\n return this.dbModel.findByIdAndDelete(id).exec();\n }\n\n @WithTenantDb\n async deleteMany(query: FilterQuery<T> = {}): Promise<any> {\n return this.dbModel.deleteMany(query).exec();\n }\n}\n"],"mappings":";;;;AAQA,IAAAA,YAAA,GAAAC,OAAA;AAAgF,IAAAC,MAAA;AAAA,SAAAC,0BAAAC,CAAA,EAAAC,CAAA,EAAAC,CAAA,EAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,cAAAC,MAAA,CAAAC,IAAA,CAAAJ,CAAA,EAAAK,OAAA,WAAAR,CAAA,IAAAK,CAAA,CAAAL,CAAA,IAAAG,CAAA,CAAAH,CAAA,OAAAK,CAAA,CAAAI,UAAA,KAAAJ,CAAA,CAAAI,UAAA,EAAAJ,CAAA,CAAAK,YAAA,KAAAL,CAAA,CAAAK,YAAA,cAAAL,CAAA,IAAAA,CAAA,CAAAM,WAAA,MAAAN,CAAA,CAAAO,QAAA,QAAAP,CAAA,GAAAH,CAAA,CAAAW,KAAA,GAAAC,OAAA,GAAAC,MAAA,WAAAb,CAAA,EAAAC,CAAA,WAAAA,CAAA,CAAAH,CAAA,EAAAC,CAAA,EAAAC,CAAA,KAAAA,CAAA,KAAAG,CAAA,GAAAD,CAAA,eAAAC,CAAA,CAAAM,WAAA,KAAAN,CAAA,CAAAW,KAAA,GAAAX,CAAA,CAAAM,WAAA,GAAAN,CAAA,CAAAM,WAAA,CAAAM,IAAA,CAAAb,CAAA,YAAAC,CAAA,CAAAM,WAAA,uBAAAN,CAAA,CAAAM,WAAA,IAAAL,MAAA,CAAAY,cAAA,CAAAlB,CAAA,EAAAC,CAAA,EAAAI,CAAA,WAAAA,CAAA;AAAA,IAE1Dc,oBAAoB,GAAAC,OAAA,CAAAD,oBAAA,IAAArB,MAAA,GAAnC,MAAeqB,oBAAoB,SAAYE,kCAAqB,CAAI;EAAAC,YAAA,GAAAC,IAAA;IAAA,SAAAA,IAAA;IAAA,KACjDC,QAAQ;EAAA;EAEpC,MACMC,SAASA,CACbC,QAAyB,EACT;IAChB,OAAO,IAAI,CAACC,OAAO,CAACF,SAAS,CAACC,QAAQ,CAAC,CAACE,IAAI,CAAC,CAAC;EAChD;EAEA,MACMC,MAAMA,CAACC,IAAO,EAAc;IAChC,OAAO,IAAI,CAACH,OAAO,CAACE,MAAM,CAACC,IAAI,CAAC;EAClC;EAEA,MACMC,UAAUA,CAACD,IAAS,EAAgB;IACxC,OAAO,IAAI,CAACH,OAAO,CAACK,UAAU,CAACF,IAAI,CAAC;EACtC;EAEA,MACMG,qBAAqBA,CACzBC,KAAqB,EACrBC,IAAY,EACZC,KAAa,EACbC,IAA4B,GAAG;IAAEC,SAAS,EAAE,CAAC;EAAE,CAAC,EAChDC,UAA6B,GAAG,CAAC,CAAC,EACpB;IACd,MAAMC,IAAI,GAAG,MAAM,IAAI,CAACb,OAAO,CAC5Bc,IAAI,CAACP,KAAK,EAAEK,UAAU,CAAC,CACvBF,IAAI,CAACA,IAAI,CAAC,CACVK,IAAI,CAAC,CAACP,IAAI,GAAG,CAAC,IAAIC,KAAK,CAAC,CACxBA,KAAK,CAACA,KAAK,CAAC,CACZO,IAAI,CAAC,CAAC,CACNf,IAAI,CAAC,CAAC;IACT,OAAOY,IAAI;EACb;EAEA,MACMI,KAAKA,CAACV,KAAqB,GAAG,CAAC,CAAC,EAAmB;IACvD,OAAO,IAAI,CAACP,OAAO,CAACkB,cAAc,CAACX,KAAK,CAAC,CAACN,IAAI,CAAC,CAAC;EAClD;EAEA,MACMkB,QAAQA,CACZC,EAAU,EACVR,UAA6B,GAAG,CAAC,CAAC,EAClCS,OAAwB,GAAG,CAAC,CAAC,EACV;IACnB,OAAO,IAAI,CAACrB,OAAO,CAACmB,QAAQ,CAACC,EAAE,EAAER,UAAU,EAAES,OAAO,CAAC,CAACpB,IAAI,CAAC,CAAC;EAC9D;EAEA,MACMqB,OAAOA,CACXf,KAAqB,EACrBK,UAA6B,GAAG,CAAC,CAAC,EAClCS,OAAwB,GAAG,CAAC,CAAC,EACV;IACnB,OAAO,IAAI,CAACrB,OAAO,CAACsB,OAAO,CAACf,KAAK,EAAEK,UAAU,EAAES,OAAO,CAAC,CAACpB,IAAI,CAAC,CAAC;EAChE;EAEA,MACMa,IAAIA,CACRP,KAAqB,GAAG,CAAC,CAAC,EAC1BK,UAA6B,GAAG,CAAC,CAAC,EAClCS,OAAwB,GAAG,CAAC,CAAC,EACf;IACd,OAAO,IAAI,CAACrB,OAAO,CAACc,IAAI,CAACP,KAAK,EAAEK,UAAU,EAAES,OAAO,CAAC,CAACpB,IAAI,CAAC,CAAC;EAC7D;EAEA,MACMsB,UAAUA,CACdH,EAAU,EACVjB,IAAoB,EACpBkB,OAAY,GAAG;IAAEG,GAAG,EAAE;EAAK,CAAC,EACT;IACnB,OAAO,IAAI,CAACxB,OAAO,CAACyB,iBAAiB,CAACL,EAAE,EAAEjB,IAAI,EAAEkB,OAAO,CAAC,CAACpB,IAAI,CAAC,CAAC;EAGjE;EAEA,MACMyB,SAASA,CACbnB,KAAqB,EACrBJ,IAAoB,EACpBkB,OAAY,GAAG,CAAC,CAAC,EACH;IACd,OAAO,IAAI,CAACrB,OAAO,CAAC0B,SAAS,CAACnB,KAAK,EAAEJ,IAAI,EAAEkB,OAAO,CAAC,CAACpB,IAAI,CAAC,CAAC;EAC5D;EAEA,MACM0B,UAAUA,CACdpB,KAAqB,EACrBJ,IAAoB,EACpBkB,OAAY,GAAG,CAAC,CAAC,EACH;IACd,OAAO,IAAI,CAACrB,OAAO,CAAC2B,UAAU,CAACpB,KAAK,EAAEJ,IAAI,EAAEkB,OAAO,CAAC,CAACpB,IAAI,CAAC,CAAC;EAC7D;EAEA,MACM2B,UAAUA,CAACR,EAAU,EAAqB;IAC9C,OAAO,IAAI,CAACpB,OAAO,CAAC6B,iBAAiB,CAACT,EAAE,CAAC,CAACnB,IAAI,CAAC,CAAC;EAClD;EAEA,MACM6B,UAAUA,CAACvB,KAAqB,GAAG,CAAC,CAAC,EAAgB;IACzD,OAAO,IAAI,CAACP,OAAO,CAAC8B,UAAU,CAACvB,KAAK,CAAC,CAACN,IAAI,CAAC,CAAC;EAC9C;AACF,CAAC,EAAA7B,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,gBAzGEC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,gBAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,aAOZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,aAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,iBAKZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,iBAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,4BAKZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,4BAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,YAkBZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,YAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,eAKZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,eAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,cASZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,cAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,WASZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,WAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,iBASZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,iBAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,gBAWZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,gBAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,iBASZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,iBAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,iBASZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,iBAAA5D,MAAA,CAAA4D,SAAA,GAAA3D,yBAAA,CAAAD,MAAA,CAAA4D,SAAA,iBAKZC,yBAAY,GAAArD,MAAA,CAAAsD,wBAAA,CAAA9D,MAAA,CAAA4D,SAAA,iBAAA5D,MAAA,CAAA4D,SAAA,GAAA5D,MAAA","ignoreList":[]}
package/build/cjs/utils/initializers.js CHANGED
@@ -24,6 +24,11 @@ class Initializers {
24
24
  this.context = context;
25
25
  this.dbConnectionString = dbConnectionString;
26
26
  }
27
+ getDbLogLabel() {
28
+ const match = this.dbConnectionString.match(/\/([^/?]+)(\?|$)/);
29
+ const dbName = (match == null ? void 0 : match[1]) || "unknown";
30
+ return `${dbName}`;
31
+ }
27
32
  async ensureConnection() {
28
33
  // Check if we already have a connection for this specific connection string
29
34
  const existingConnection = Initializers.connections.get(this.dbConnectionString);
@@ -32,7 +37,8 @@ class Initializers {
32
37
  }
33
38
 
34
39
  // Create a new Mongoose instance for this connection string
35
- this.context.info(`Initializing database connection... ${this.dbConnectionString}`);
40
+ const dbLabel = this.getDbLogLabel();
41
+ this.context.info(`Initializing database connection (${dbLabel})...`);
36
42
  const newMongoose = new _mongoose.default.Mongoose();
37
43
  try {
38
44
  await newMongoose.connect(this.dbConnectionString, {
@@ -40,14 +46,14 @@ class Initializers {
40
46
  connectTimeoutMS: 10000,
41
47
  socketTimeoutMS: 45000
42
48
  });
43
- this.context.info(`✅ MongoDB connected successfully ${this.dbConnectionString}`);
49
+ this.context.info(`✅ MongoDB connected successfully (${dbLabel})`);
44
50
  this.connectionInitialized = true;
45
51
 
46
52
  // Store the connection for this connection string
47
53
  Initializers.connections.set(this.dbConnectionString, newMongoose);
48
54
  return newMongoose;
49
55
  } catch (err) {
50
- this.context.error(`❌ MongoDB connection error for ${this.dbConnectionString}`, {
56
+ this.context.error(`❌ MongoDB connection error for (${dbLabel})`, {
51
57
  message: err.message,
52
58
  name: err.name,
53
59
  code: err.code,
@@ -76,9 +82,9 @@ class Initializers {
76
82
  try {
77
83
  // Properly close the connection
78
84
  await connection.disconnect();
79
- this.context.info(`✅ Disconnected from database: ${this.dbConnectionString}`);
85
+ this.context.info(`✅ Disconnected from database (${this.getDbLogLabel()})`);
80
86
  } catch (error) {
81
- this.context.error(`❌ Error disconnecting from database: ${this.dbConnectionString}`, error);
87
+ this.context.error(`❌ Error disconnecting from database (${this.getDbLogLabel()})`, error);
82
88
  } finally {
83
89
  // Always remove from the connections map
84
90
  Initializers.connections.delete(this.dbConnectionString);
package/build/cjs/utils/initializers.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"initializers.js","names":["_mongoose","_interopRequireDefault","require","e","__esModule","default","WithDb","_target","_propertyKey","descriptor","value","originalMethod","args","ensureConnection","apply","Initializers","constructor","context","dbConnectionString","connectionInitialized","existingConnection","connections","get","connection","readyState","info","newMongoose","mongoose","Mongoose","connect","serverSelectionTimeoutMS","connectTimeoutMS","socketTimeoutMS","set","err","error","message","name","code","stack","Error","getConnection","forceNewConnection","disconnect","delete","exports","Map"],"sources":["../../../src/utils/initializers.ts"],"sourcesContent":["import mongoose from \"mongoose\";\nimport { InvocationContext } from \"@azure/functions\";\n\n/**\n * Decorator that ensures MongoDB is connected before the method runs.\n */\nexport function WithDb(\n _target: any,\n _propertyKey: string | symbol,\n descriptor: TypedPropertyDescriptor<(...args: any[]) => Promise<any>>\n): void {\n if (!descriptor.value) return;\n const originalMethod = descriptor.value;\n descriptor.value = async function (this: Initializers, ...args: any[]) {\n await this.ensureConnection();\n return originalMethod.apply(this, args);\n };\n}\n\nexport abstract class Initializers {\n protected static connections: Map<string, mongoose.Mongoose> = new Map();\n protected context: InvocationContext;\n protected dbConnectionString: string;\n private connectionInitialized: boolean = false;\n\n constructor(context: InvocationContext, dbConnectionString: string) {\n this.context = context;\n this.dbConnectionString = dbConnectionString;\n }\n\n protected async ensureConnection(): Promise<mongoose.Mongoose> {\n // Check if we already have a connection for this specific connection string\n const existingConnection = Initializers.connections.get(this.dbConnectionString);\n if (existingConnection && existingConnection.connection.readyState === 1) {\n return existingConnection;\n }\n\n // Create a new Mongoose instance for this connection string\n this.context.info(`Initializing database connection... ${this.dbConnectionString}`);\n const newMongoose = new mongoose.Mongoose();\n \n try {\n await newMongoose.connect(this.dbConnectionString, {\n serverSelectionTimeoutMS: 10000,\n connectTimeoutMS: 10000,\n socketTimeoutMS: 45000,\n });\n \n this.context.info(`✅ MongoDB connected successfully ${this.dbConnectionString}`);\n this.connectionInitialized = true;\n \n // Store the connection for this connection string\n Initializers.connections.set(this.dbConnectionString, newMongoose);\n \n return newMongoose;\n } catch (err: any) {\n this.context.error(`❌ MongoDB connection error for ${this.dbConnectionString}`, {\n message: err.message,\n name: err.name,\n code: err.code,\n stack: err.stack\n });\n this.connectionInitialized = false;\n throw new Error(`Failed to connect to MongoDB: ${err.message}`);\n }\n }\n\n protected getConnection(): mongoose.Mongoose | undefined {\n return Initializers.connections.get(this.dbConnectionString);\n }\n\n async forceNewConnection(): Promise<mongoose.Mongoose> {\n // Disconnect existing connection if any\n await this.disconnect();\n \n // Reset connection state\n this.connectionInitialized = false;\n \n // Create a new connection\n return this.ensureConnection();\n }\n \n async disconnect(): Promise<void> {\n const connection = Initializers.connections.get(this.dbConnectionString);\n if (connection) {\n try {\n // Properly close the connection\n await connection.disconnect();\n this.context.info(`✅ Disconnected from database: ${this.dbConnectionString}`);\n } catch (error) {\n this.context.error(`❌ Error disconnecting from database: ${this.dbConnectionString}`, error);\n } finally {\n // Always remove from the connections map\n Initializers.connections.delete(this.dbConnectionString);\n }\n }\n }\n}\n"],"mappings":";;;;;AAAA,IAAAA,SAAA,GAAAC,sBAAA,CAAAC,OAAA;AAAgC,SAAAD,uBAAAE,CAAA,WAAAA,CAAA,IAAAA,CAAA,CAAAC,UAAA,GAAAD,CAAA,KAAAE,OAAA,EAAAF,CAAA;AAGhC;AACA;AACA;AACO,SAASG,MAAMA,CACpBC,OAAY,EACZC,YAA6B,EAC7BC,UAAqE,EAC/D;EACN,IAAI,CAACA,UAAU,CAACC,KAAK,EAAE;EACvB,MAAMC,cAAc,GAAGF,UAAU,CAACC,KAAK;EACvCD,UAAU,CAACC,KAAK,GAAG,gBAAoC,GAAGE,IAAW,EAAE;IACrE,MAAM,IAAI,CAACC,gBAAgB,CAAC,CAAC;IAC7B,OAAOF,cAAc,CAACG,KAAK,CAAC,IAAI,EAAEF,IAAI,CAAC;EACzC,CAAC;AACH;AAEO,MAAeG,YAAY,CAAC;EAMjCC,WAAWA,CAACC,OAA0B,EAAEC,kBAA0B,EAAE;IAAA,KAJ1DD,OAAO;IAAA,KACPC,kBAAkB;IAAA,KACpBC,qBAAqB,GAAY,KAAK;IAG5C,IAAI,CAACF,OAAO,GAAGA,OAAO;IACtB,IAAI,CAACC,kBAAkB,GAAGA,kBAAkB;EAC9C;EAEA,MAAgBL,gBAAgBA,CAAA,EAA+B;IAC7D;IACA,MAAMO,kBAAkB,GAAGL,YAAY,CAACM,WAAW,CAACC,GAAG,CAAC,IAAI,CAACJ,kBAAkB,CAAC;IAChF,IAAIE,kBAAkB,IAAIA,kBAAkB,CAACG,UAAU,CAACC,UAAU,KAAK,CAAC,EAAE;MACxE,OAAOJ,kBAAkB;IAC3B;;IAEA;IACA,IAAI,CAACH,OAAO,CAACQ,IAAI,CAAC,uCAAuC,IAAI,CAACP,kBAAkB,EAAE,CAAC;IACnF,MAAMQ,WAAW,GAAG,IAAIC,iBAAQ,CAACC,QAAQ,CAAC,CAAC;IAE3C,IAAI;MACF,MAAMF,WAAW,CAACG,OAAO,CAAC,IAAI,CAACX,kBAAkB,EAAE;QACjDY,wBAAwB,EAAE,KAAK;QAC/BC,gBAAgB,EAAE,KAAK;QACvBC,eAAe,EAAE;MACnB,CAAC,CAAC;MAEF,IAAI,CAACf,OAAO,CAACQ,IAAI,CAAC,oCAAoC,IAAI,CAACP,kBAAkB,EAAE,CAAC;MAChF,IAAI,CAACC,qBAAqB,GAAG,IAAI;;MAEjC;MACAJ,YAAY,CAACM,WAAW,CAACY,GAAG,CAAC,IAAI,CAACf,kBAAkB,EAAEQ,WAAW,CAAC;MAElE,OAAOA,WAAW;IACpB,CAAC,CAAC,OAAOQ,GAAQ,EAAE;MACjB,IAAI,CAACjB,OAAO,CAACkB,KAAK,CAAC,kCAAkC,IAAI,CAACjB,kBAAkB,EAAE,EAAE;QAC9EkB,OAAO,EAAEF,GAAG,CAACE,OAAO;QACpBC,IAAI,EAAEH,GAAG,CAACG,IAAI;QACdC,IAAI,EAAEJ,GAAG,CAACI,IAAI;QACdC,KAAK,EAAEL,GAAG,CAACK;MACb,CAAC,CAAC;MACF,IAAI,CAACpB,qBAAqB,GAAG,KAAK;MAClC,MAAM,IAAIqB,KAAK,CAAC,iCAAiCN,GAAG,CAACE,OAAO,EAAE,CAAC;IACjE;EACF;EAEUK,aAAaA,CAAA,EAAkC;IACvD,OAAO1B,YAAY,CAACM,WAAW,CAACC,GAAG,CAAC,IAAI,CAACJ,kBAAkB,CAAC;EAC9D;EAEA,MAAMwB,kBAAkBA,CAAA,EAA+B;IACrD;IACA,MAAM,IAAI,CAACC,UAAU,CAAC,CAAC;;IAEvB;IACA,IAAI,CAACxB,qBAAqB,GAAG,KAAK;;IAElC;IACA,OAAO,IAAI,CAACN,gBAAgB,CAAC,CAAC;EAChC;EAEA,MAAM8B,UAAUA,CAAA,EAAkB;IAChC,MAAMpB,UAAU,GAAGR,YAAY,CAACM,WAAW,CAACC,GAAG,CAAC,IAAI,CAACJ,kBAAkB,CAAC;IACxE,IAAIK,UAAU,EAAE;MACd,IAAI;QACF;QACA,MAAMA,UAAU,CAACoB,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC1B,OAAO,CAACQ,IAAI,CAAC,iCAAiC,IAAI,CAACP,kBAAkB,EAAE,CAAC;MAC/E,CAAC,CAAC,OAAOiB,KAAK,EAAE;QACd,IAAI,CAAClB,OAAO,CAACkB,KAAK,CAAC,wCAAwC,IAAI,CAACjB,kBAAkB,EAAE,EAAEiB,KAAK,CAAC;MAC9F,CAAC,SAAS;QACR;QACApB,YAAY,CAACM,WAAW,CAACuB,MAAM,CAAC,IAAI,CAAC1B,kBAAkB,CAAC;MAC1D;IACF;EACF;AACF;AAAC2B,OAAA,CAAA9B,YAAA,GAAAA,YAAA;AA9EqBA,YAAY,CACfM,WAAW,GAAmC,IAAIyB,GAAG,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"file":"initializers.js","names":["_mongoose","_interopRequireDefault","require","e","__esModule","default","WithDb","_target","_propertyKey","descriptor","value","originalMethod","args","ensureConnection","apply","Initializers","constructor","context","dbConnectionString","connectionInitialized","getDbLogLabel","match","dbName","existingConnection","connections","get","connection","readyState","dbLabel","info","newMongoose","mongoose","Mongoose","connect","serverSelectionTimeoutMS","connectTimeoutMS","socketTimeoutMS","set","err","error","message","name","code","stack","Error","getConnection","forceNewConnection","disconnect","delete","exports","Map"],"sources":["../../../src/utils/initializers.ts"],"sourcesContent":["import mongoose from \"mongoose\";\nimport { InvocationContext } from \"@azure/functions\";\n\n/**\n * Decorator that ensures MongoDB is connected before the method runs.\n */\nexport function WithDb(\n _target: any,\n _propertyKey: string | symbol,\n descriptor: TypedPropertyDescriptor<(...args: any[]) => Promise<any>>\n): void {\n if (!descriptor.value) return;\n const originalMethod = descriptor.value;\n descriptor.value = async function (this: Initializers, ...args: any[]) {\n await this.ensureConnection();\n return originalMethod.apply(this, args);\n };\n}\n\nexport abstract class Initializers {\n protected static connections: Map<string, mongoose.Mongoose> = new Map();\n protected context: InvocationContext;\n protected dbConnectionString: string;\n private connectionInitialized: boolean = false;\n\n constructor(context: InvocationContext, dbConnectionString: string) {\n this.context = context;\n this.dbConnectionString = dbConnectionString;\n }\n\n private getDbLogLabel(): string {\n const match = this.dbConnectionString.match(/\\/([^/?]+)(\\?|$)/);\n const dbName = match?.[1] || \"unknown\";\n return `${dbName}`;\n }\n\n protected async ensureConnection(): Promise<mongoose.Mongoose> {\n // Check if we already have a connection for this specific connection string\n const existingConnection = Initializers.connections.get(this.dbConnectionString);\n if (existingConnection && existingConnection.connection.readyState === 1) {\n return existingConnection;\n }\n\n // Create a new Mongoose instance for this connection string\n const dbLabel = this.getDbLogLabel();\n this.context.info(`Initializing database connection (${dbLabel})...`);\n const newMongoose = new mongoose.Mongoose();\n \n try {\n await newMongoose.connect(this.dbConnectionString, {\n serverSelectionTimeoutMS: 10000,\n connectTimeoutMS: 10000,\n socketTimeoutMS: 45000,\n });\n \n this.context.info(`✅ MongoDB connected successfully (${dbLabel})`);\n this.connectionInitialized = true;\n \n // Store the connection for this connection string\n Initializers.connections.set(this.dbConnectionString, newMongoose);\n \n return newMongoose;\n } catch (err: any) {\n this.context.error(`❌ MongoDB connection error for (${dbLabel})`, {\n message: err.message,\n name: err.name,\n code: err.code,\n stack: err.stack\n });\n this.connectionInitialized = false;\n throw new Error(`Failed to connect to MongoDB: ${err.message}`);\n }\n }\n\n protected getConnection(): mongoose.Mongoose | undefined {\n return Initializers.connections.get(this.dbConnectionString);\n }\n\n async forceNewConnection(): Promise<mongoose.Mongoose> {\n // Disconnect existing connection if any\n await this.disconnect();\n \n // Reset connection state\n this.connectionInitialized = false;\n \n // Create a new connection\n return this.ensureConnection();\n }\n \n async disconnect(): Promise<void> {\n const connection = Initializers.connections.get(this.dbConnectionString);\n if (connection) {\n try {\n // Properly close the connection\n await connection.disconnect();\n this.context.info(`✅ Disconnected from database (${this.getDbLogLabel()})`);\n } catch (error) {\n this.context.error(`❌ Error disconnecting from database (${this.getDbLogLabel()})`, error);\n } finally {\n // Always remove from the connections map\n Initializers.connections.delete(this.dbConnectionString);\n }\n }\n }\n}\n"],"mappings":";;;;;AAAA,IAAAA,SAAA,GAAAC,sBAAA,CAAAC,OAAA;AAAgC,SAAAD,uBAAAE,CAAA,WAAAA,CAAA,IAAAA,CAAA,CAAAC,UAAA,GAAAD,CAAA,KAAAE,OAAA,EAAAF,CAAA;AAGhC;AACA;AACA;AACO,SAASG,MAAMA,CACpBC,OAAY,EACZC,YAA6B,EAC7BC,UAAqE,EAC/D;EACN,IAAI,CAACA,UAAU,CAACC,KAAK,EAAE;EACvB,MAAMC,cAAc,GAAGF,UAAU,CAACC,KAAK;EACvCD,UAAU,CAACC,KAAK,GAAG,gBAAoC,GAAGE,IAAW,EAAE;IACrE,MAAM,IAAI,CAACC,gBAAgB,CAAC,CAAC;IAC7B,OAAOF,cAAc,CAACG,KAAK,CAAC,IAAI,EAAEF,IAAI,CAAC;EACzC,CAAC;AACH;AAEO,MAAeG,YAAY,CAAC;EAMjCC,WAAWA,CAACC,OAA0B,EAAEC,kBAA0B,EAAE;IAAA,KAJ1DD,OAAO;IAAA,KACPC,kBAAkB;IAAA,KACpBC,qBAAqB,GAAY,KAAK;IAG5C,IAAI,CAACF,OAAO,GAAGA,OAAO;IACtB,IAAI,CAACC,kBAAkB,GAAGA,kBAAkB;EAC9C;EAEQE,aAAaA,CAAA,EAAW;IAC9B,MAAMC,KAAK,GAAG,IAAI,CAACH,kBAAkB,CAACG,KAAK,CAAC,kBAAkB,CAAC;IAC/D,MAAMC,MAAM,GAAG,CAAAD,KAAK,oBAALA,KAAK,CAAG,CAAC,CAAC,KAAI,SAAS;IACtC,OAAO,GAAGC,MAAM,EAAE;EACpB;EAEA,MAAgBT,gBAAgBA,CAAA,EAA+B;IAC7D;IACA,MAAMU,kBAAkB,GAAGR,YAAY,CAACS,WAAW,CAACC,GAAG,CAAC,IAAI,CAACP,kBAAkB,CAAC;IAChF,IAAIK,kBAAkB,IAAIA,kBAAkB,CAACG,UAAU,CAACC,UAAU,KAAK,CAAC,EAAE;MACxE,OAAOJ,kBAAkB;IAC3B;;IAEA;IACA,MAAMK,OAAO,GAAG,IAAI,CAACR,aAAa,CAAC,CAAC;IACpC,IAAI,CAACH,OAAO,CAACY,IAAI,CAAC,qCAAqCD,OAAO,MAAM,CAAC;IACrE,MAAME,WAAW,GAAG,IAAIC,iBAAQ,CAACC,QAAQ,CAAC,CAAC;IAE3C,IAAI;MACF,MAAMF,WAAW,CAACG,OAAO,CAAC,IAAI,CAACf,kBAAkB,EAAE;QACjDgB,wBAAwB,EAAE,KAAK;QAC/BC,gBAAgB,EAAE,KAAK;QACvBC,eAAe,EAAE;MACnB,CAAC,CAAC;MAEF,IAAI,CAACnB,OAAO,CAACY,IAAI,CAAC,qCAAqCD,OAAO,GAAG,CAAC;MAClE,IAAI,CAACT,qBAAqB,GAAG,IAAI;;MAEjC;MACAJ,YAAY,CAACS,WAAW,CAACa,GAAG,CAAC,IAAI,CAACnB,kBAAkB,EAAEY,WAAW,CAAC;MAElE,OAAOA,WAAW;IACpB,CAAC,CAAC,OAAOQ,GAAQ,EAAE;MACjB,IAAI,CAACrB,OAAO,CAACsB,KAAK,CAAC,mCAAmCX,OAAO,GAAG,EAAE;QAChEY,OAAO,EAAEF,GAAG,CAACE,OAAO;QACpBC,IAAI,EAAEH,GAAG,CAACG,IAAI;QACdC,IAAI,EAAEJ,GAAG,CAACI,IAAI;QACdC,KAAK,EAAEL,GAAG,CAACK;MACb,CAAC,CAAC;MACF,IAAI,CAACxB,qBAAqB,GAAG,KAAK;MAClC,MAAM,IAAIyB,KAAK,CAAC,iCAAiCN,GAAG,CAACE,OAAO,EAAE,CAAC;IACjE;EACF;EAEUK,aAAaA,CAAA,EAAkC;IACvD,OAAO9B,YAAY,CAACS,WAAW,CAACC,GAAG,CAAC,IAAI,CAACP,kBAAkB,CAAC;EAC9D;EAEA,MAAM4B,kBAAkBA,CAAA,EAA+B;IACrD;IACA,MAAM,IAAI,CAACC,UAAU,CAAC,CAAC;;IAEvB;IACA,IAAI,CAAC5B,qBAAqB,GAAG,KAAK;;IAElC;IACA,OAAO,IAAI,CAACN,gBAAgB,CAAC,CAAC;EAChC;EAEA,MAAMkC,UAAUA,CAAA,EAAkB;IAChC,MAAMrB,UAAU,GAAGX,YAAY,CAACS,WAAW,CAACC,GAAG,CAAC,IAAI,CAACP,kBAAkB,CAAC;IACxE,IAAIQ,UAAU,EAAE;MACd,IAAI;QACF;QACA,MAAMA,UAAU,CAACqB,UAAU,CAAC,CAAC;QAC7B,IAAI,CAAC9B,OAAO,CAACY,IAAI,CAAC,iCAAiC,IAAI,CAACT,aAAa,CAAC,CAAC,GAAG,CAAC;MAC7E,CAAC,CAAC,OAAOmB,KAAK,EAAE;QACd,IAAI,CAACtB,OAAO,CAACsB,KAAK,CAAC,wCAAwC,IAAI,CAACnB,aAAa,CAAC,CAAC,GAAG,EAAEmB,KAAK,CAAC;MAC5F,CAAC,SAAS;QACR;QACAxB,YAAY,CAACS,WAAW,CAACwB,MAAM,CAAC,IAAI,CAAC9B,kBAAkB,CAAC;MAC1D;IACF;EACF;AACF;AAAC+B,OAAA,CAAAlC,YAAA,GAAAA,YAAA;AArFqBA,YAAY,CACfS,WAAW,GAAmC,IAAI0B,GAAG,CAAC,CAAC","ignoreList":[]}
package/build/esm/enums/secretKeys.enum.js CHANGED
@@ -13,7 +13,6 @@ export let AzureSecretKeysEnum = /*#__PURE__*/function (AzureSecretKeysEnum) {
13
13
  // in-use,
14
14
  AzureSecretKeysEnum["DB_CONNECTING_STRING_AUTH"] = "DB-CONNECTION-STRING-AUTH";
15
15
  AzureSecretKeysEnum["DB_CONNECTING_STRING_USER"] = "DB-CONNECTION-STRING-USER";
16
- AzureSecretKeysEnum["DB_CONNECTING_STRING_TENANT_BRIDGE"] = "DB-Connecting-String-Tenant-Bridge";
17
16
  AzureSecretKeysEnum["DB_CONNECTING_STRING_PAYMENT"] = "DB-CONNECTION-STRING-PAYMENT";
18
17
  AzureSecretKeysEnum["DB_CONNECTING_STRING_CORE"] = "DB-CONNECTION-STRING-CORE";
19
18
  AzureSecretKeysEnum["DB_CONNECTING_STRING_BILLING"] = "DB-CONNECTION-STRING-BILLING";
package/build/esm/enums/secretKeys.enum.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_TENANT_BRIDGE = \"DB-Connecting-String-Tenant-Bridge\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n GITHUB_TOKEN = \"GITHUB-TOKEN\",\n GITHUB_WORKFLOW_URL = \"GITHUB-WORKFLOW-URL\",\n DB_CONNECTION_STRING_ENCRYPTION_KEY = \"DB-CONNECTION-STRING-ENCRYPTION-KEY\",\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":"AAAA;AACA,WAAYA,mBAAmB,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA;;AAsC/B;AACA;;AAEA","ignoreList":[]}
1
+ {"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n GITHUB_TOKEN = \"GITHUB-TOKEN\",\n GITHUB_WORKFLOW_URL = \"GITHUB-WORKFLOW-URL\",\n DB_CONNECTION_STRING_ENCRYPTION_KEY = \"DB-CONNECTION-STRING-ENCRYPTION-KEY\",\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":"AAAA;AACA,WAAYA,mBAAmB,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA;;AAqC/B;AACA;;AAEA","ignoreList":[]}
package/build/esm/interfaces/user.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.js","names":[],"sources":["../../../src/interfaces/user.ts"],"sourcesContent":["export interface ICreateUser {\n userId: string;\n email: string;\n businessId: string;\n}"],"mappings":"","ignoreList":[]}
1
+ {"version":3,"file":"user.js","names":[],"sources":["../../../src/interfaces/user.ts"],"sourcesContent":["export interface ICreateUser {\n userId: string;\n email: string;\n businessId: string;\n}\n"],"mappings":"","ignoreList":[]}
package/build/esm/middlewares/verify-middleware.js CHANGED
@@ -51,8 +51,24 @@ const parseCookieHeader = header => {
51
51
  }
52
52
  return out;
53
53
  };
54
+ function isLocalRequest(origin, requestUrl) {
55
+ const hostCandidate = origin != null ? origin : requestUrl;
56
+ if (!hostCandidate) return false;
57
+ try {
58
+ const host = new URL(hostCandidate).hostname;
59
+ return host === "localhost" || host.startsWith("127.0.0.1");
60
+ } catch (_unused2) {
61
+ return false;
62
+ }
63
+ }
64
+ function getSessionMappingCookieName(appId, origin, requestUrl) {
65
+ if (isLocalRequest(origin, requestUrl)) {
66
+ return `session-v1.${appId}.mapping`;
67
+ }
68
+ return `__Secure-session-v1.${appId}.mapping`;
69
+ }
54
70
  export const verifyMw = async (req, ctx, next) => {
55
- var _APP_MAP$appId, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$sub, _ref4, _p$cfy_bid, _ref5, _p$email, _p$name, _ref6, _p$resource_access$cl, _p$resource_access, _p$realm_access;
71
+ var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$sub, _ref4, _p$cfy_bid, _ref5, _p$email, _p$name, _ref6, _p$resource_access$to, _p$resource_access, _p$realm_access;
56
72
  const appId = req.headers.get("app-id");
57
73
  if (!appId || !(APP_MAP != null && (_APP_MAP$appId = APP_MAP[appId]) != null && _APP_MAP$appId.clientId)) {
58
74
  return {
@@ -69,11 +85,12 @@ export const verifyMw = async (req, ctx, next) => {
69
85
  })
70
86
  };
71
87
  }
72
- const expectedClientId = APP_MAP[appId].clientId;
88
+ const clientId = APP_MAP[appId].clientId;
73
89
 
74
90
  // cookies
75
91
  const cookies = parseCookieHeader(req.headers.get("cookie"));
76
- let mapping = cookies[`__Secure-session-v1.${appId}.mapping`];
92
+ const requestOrigin = (_req$headers$get = req.headers.get("origin")) != null ? _req$headers$get : undefined;
93
+ let mapping = cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] || cookies[`__Secure-session-v1.${appId}.mapping`] || cookies[`session-v1.${appId}.mapping`] || req.headers.get("x-session-mapping") || req.headers.get("x-token-mapping");
77
94
  if (!mapping) {
78
95
  return {
79
96
  status: 401,
@@ -162,13 +179,28 @@ export const verifyMw = async (req, ctx, next) => {
162
179
  };
163
180
  }
164
181
  const realm = tokenMapping.realmId;
165
- const clientId = tokenMapping.clientId;
182
+ const tokenClientId = tokenMapping.clientId;
183
+ if (!tokenClientId || tokenClientId !== clientId) {
184
+ return {
185
+ status: 403,
186
+ headers: {
187
+ "Content-Type": "application/json",
188
+ "Cache-Control": "no-store, no-cache, must-revalidate",
189
+ "Pragma": "no-cache",
190
+ "Vary": "Origin"
191
+ },
192
+ body: JSON.stringify({
193
+ status: "forbidden",
194
+ reason: "client_mismatch"
195
+ })
196
+ };
197
+ }
166
198
 
167
199
  // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)
168
200
  let p;
169
201
  try {
170
202
  p = jwtDecode(at);
171
- } catch (_unused2) {
203
+ } catch (_unused3) {
172
204
  return {
173
205
  status: 401,
174
206
  headers: {
@@ -202,11 +234,11 @@ export const verifyMw = async (req, ctx, next) => {
202
234
  // Refresh only when expired
203
235
  if (typeof p.exp === "number" && p.exp <= now) {
204
236
  // Delegate to refresh helper; it will handle setting cookies/state or returning an error
205
- return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);
237
+ return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);
206
238
  }
207
239
 
208
240
  // audience checks
209
- const audOk = Array.isArray(p.aud) && p.aud.includes(clientId) || typeof p.aud === "string" && (p.aud === clientId || p.aud === "account") || p.azp === clientId;
241
+ const audOk = Array.isArray(p.aud) && p.aud.includes(tokenClientId) || typeof p.aud === "string" && (p.aud === tokenClientId || p.aud === "account") || p.azp === tokenClientId;
210
242
  if (!audOk) {
211
243
  return {
212
244
  status: 403,
@@ -234,7 +266,7 @@ export const verifyMw = async (req, ctx, next) => {
234
266
  tenantId,
235
267
  email: (_ref5 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref5 : null,
236
268
  name: (_p$name = p.name) != null ? _p$name : undefined,
237
- roles: (_ref6 = (_p$resource_access$cl = (_p$resource_access = p.resource_access) == null || (_p$resource_access = _p$resource_access[clientId]) == null ? void 0 : _p$resource_access.roles) != null ? _p$resource_access$cl : (_p$realm_access = p.realm_access) == null ? void 0 : _p$realm_access.roles) != null ? _ref6 : [],
269
+ roles: (_ref6 = (_p$resource_access$to = (_p$resource_access = p.resource_access) == null || (_p$resource_access = _p$resource_access[tokenClientId]) == null ? void 0 : _p$resource_access.roles) != null ? _p$resource_access$to : (_p$realm_access = p.realm_access) == null ? void 0 : _p$realm_access.roles) != null ? _ref6 : [],
238
270
  exp: p.exp
239
271
  };
240
272
  return next();
@@ -256,15 +288,31 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
256
288
  })
257
289
  };
258
290
  }
259
- ctx.info("refreshing token payload ----------------------", {
291
+ ctx.info("Refreshing session token", {
260
292
  realmId,
261
- clientId,
262
- rt
293
+ clientId
263
294
  });
264
295
 
265
296
  // Call auth service to refresh
266
297
  try {
267
- var _req$headers$get, _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
298
+ var _req$headers$get2, _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
299
+ if (!apiURL) {
300
+ ctx.error == null || ctx.error("Refresh session URL is not configured");
301
+ return {
302
+ status: 401,
303
+ headers: {
304
+ "Content-Type": "application/json",
305
+ "Cache-Control": "no-store, no-cache, must-revalidate",
306
+ "Pragma": "no-cache",
307
+ "Vary": "Origin"
308
+ },
309
+ body: JSON.stringify({
310
+ status: "unauthenticated",
311
+ reason: "refresh_not_configured"
312
+ })
313
+ };
314
+ }
315
+ const requestOrigin = (_req$headers$get2 = req.headers.get("origin")) != null ? _req$headers$get2 : undefined;
268
316
  const resp = await fetch(apiURL, {
269
317
  method: "POST",
270
318
  headers: {
@@ -277,8 +325,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
277
325
  })
278
326
  });
279
327
  if (!resp.ok) {
280
- const text = await resp.text();
281
- ctx.warn == null || ctx.warn(`refresh call failed: ${resp.status} ${text}`);
328
+ ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`);
282
329
  return {
283
330
  status: 401,
284
331
  headers: {
@@ -344,12 +391,15 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
344
391
 
345
392
  const mappingCookieValue = Buffer.from(mapping).toString("base64");
346
393
  const appConfig = APP_MAP[appId];
347
- const mappedDomain = pickCookieDomain(appConfig, (_req$headers$get = req.headers.get("origin")) != null ? _req$headers$get : undefined, req.url);
348
- setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mappingCookieValue, {
394
+
395
+ // 5
396
+ const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);
397
+ const localRequest = isLocalRequest(requestOrigin, req.url);
398
+ setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {
349
399
  // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only
350
400
  httpOnly: false,
351
- secure: true,
352
- sameSite: "None",
401
+ secure: !localRequest,
402
+ sameSite: localRequest ? "Lax" : "None",
353
403
  maxAge: mappingMaxAge,
354
404
  domain: mappedDomain
355
405
  });
@@ -358,7 +408,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
358
408
  let p2;
359
409
  try {
360
410
  p2 = jwtDecode(newAT);
361
- } catch (_unused3) {
411
+ } catch (_unused4) {
362
412
  return {
363
413
  status: 401,
364
414
  headers: {
@@ -408,7 +458,11 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
408
458
  // Continue pipeline after refresh
409
459
  return next();
410
460
  } catch (e) {
411
- ctx.error == null || ctx.error("refresh exception", e);
461
+ ctx.error == null || ctx.error("refresh exception", {
462
+ message: e == null ? void 0 : e.message,
463
+ name: e == null ? void 0 : e.name,
464
+ code: e == null ? void 0 : e.code
465
+ });
412
466
  return {
413
467
  status: 401,
414
468
  headers: {
package/build/esm/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","createCache","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","_unused","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","verifyMw","req","ctx","next","_APP_MAP$appId","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$cl","_p$resource_access","_p$realm_access","appId","headers","get","clientId","status","body","JSON","stringify","reason","expectedClientId","cookies","mapping","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMappingRaw","getOrSet","fetched","getTokenMappingById","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","p","_unused2","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","info","_req$headers$get","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","resp","fetch","method","refresh_token","ok","text","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","url","httpOnly","secure","sameSite","maxAge","p2","_unused3","audOk2","tenantId2","e","error","value","console","log","message"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const expectedClientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n\n let mapping: string | null = cookies[`__Secure-session-v1.${appId}.mapping`];\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMappingRaw = await verifyMappingCache.getOrSet(\n ctx,\n [mapping],\n async () => {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n return fetched ? JSON.stringify(fetched) : \"\";\n },\n );\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const clientId = tokenMapping.clientId;\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, clientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(clientId)) ||\n (typeof p.aud === \"string\" && (p.aud === clientId || p.aud === \"account\")) ||\n p.azp === clientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[clientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"refreshing token payload ----------------------\", {\n realmId,\n clientId,\n rt\n });\n\n // Call auth service to refresh\n try {\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n const text = await resp.text();\n ctx.warn?.(`refresh call failed: ${resp.status} ${text}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT as string,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n const mappedDomain = pickCookieDomain(appConfig, req.headers.get(\"origin\") ?? undefined, req.url);\n \n setCookieKV(ctx, `__Secure-session-v1.${appId}.mapping`, mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: true,\n sameSite: \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e) {\n ctx.error?.(\"refresh exception\", e as any);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,WAAW,EAAEC,wBAAwB,QAAQ,UAAU;AAEhE,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAGP,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASQ,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,OAAAC,OAAA,EAAM;IACN,OAAOd,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMe,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMC,KAAK,GAAGrB,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACF,KAAK,IAAI,EAAC/D,OAAO,aAAA6C,cAAA,GAAP7C,OAAO,CAAG+D,KAAK,CAAC,aAAhBlB,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAMC,gBAAgB,GAAGxE,OAAO,CAAC+D,KAAK,CAAC,CAACG,QAAQ;;EAEhD;EACA,MAAMO,OAAO,GAAG1C,iBAAiB,CAACW,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAE5D,IAAIS,OAAsB,GAAGD,OAAO,CAAC,uBAAuBV,KAAK,UAAU,CAAC;EAE5E,IAAI,CAACW,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGC,YAAY,CAACD,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMK,KAAK,GAAG,MAAMvE,wBAAwB,CAC1CsC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACoE,oBAAoB,IAAI,EAAE,EACtC3E,mBAAmB,CAAC4E,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLT,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMQ,mBAAmB,GAAG,IAAIzE,mBAAmB,CAACqC,GAAG,EAAEiC,KAAK,CAAC;EAE/D,MAAMI,eAAe,GAAG,MAAMrE,kBAAkB,CAACsE,QAAQ,CACvDtC,GAAG,EACH,CAAC+B,OAAO,CAAC,EACT,YAAY;IACV,MAAMQ,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACT,OAAO,CAAC;IACtE,OAAOQ,OAAO,GAAGb,IAAI,CAACC,SAAS,CAACY,OAAO,CAAC,GAAG,EAAE;EAC/C,CACF,CAAC;EACD,MAAME,YAAY,GAAGJ,eAAe,GAAGX,IAAI,CAACgB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLjB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIe,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMmB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMzB,QAAQ,GAAGkB,YAAY,CAAClB,QAAQ;;EAEtC;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG3F,SAAS,CAACqF,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAO,QAAA,EAAM;IACN,OAAO;MACL1B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAzB,EAAA,GAAC8C,CAAC,aAAD9C,EAAA,CAAGgD,GAAG,GAAE;IACX,OAAO;MACL3B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAMwB,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC1D,GAAG,EAAEC,GAAG,EAAEoB,KAAK,EAAE2B,KAAK,EAAExB,QAAQ,EAAEsB,EAAE,EAAEd,OAAO,EAAEkB,CAAC,EAAEhD,IAAI,CAAC;EACzF;;EAEA;EACA,MAAMyD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACvC,QAAQ,CAAC,IAChD,OAAO0B,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKtC,QAAQ,IAAI0B,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC1EZ,CAAC,CAACc,GAAG,KAAKxC,QAAQ;EAEpB,IAAI,CAACmC,KAAK,EAAE;IACV,OAAO;MACLlC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAvB,UAAA,IAAAD,IAAA,GAACJ,GAAG,EAASgE,KAAK,YAAA3D,UAAA,GAAlBD,IAAA,CAAa4D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGlB,KAAK,CAACmB,QAAQ,CAAC,CAAC;EAEhClE,GAAG,CAASgE,KAAK,CAACG,IAAI,GAAG;IACxB/C,KAAK;IACLgD,MAAM,GAAA9D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEiC,YAAY,CAAC2B,MAAM,aAAnB5D,oBAAA,CAAqB0D,QAAQ,oBAA7B1D,oBAAA,CAAqB0D,QAAQ,CAAG,CAAC,YAAA3D,qBAAA,GAAI0C,CAAC,CAACoB,GAAG,YAAA/D,KAAA,GAAI,IAAI;IAC1DgE,cAAc,GAAA7D,KAAA,IAAAC,MAAA,GAAEuC,CAAC,CAACoB,GAAG,YAAA3D,MAAA,GAAI+B,YAAY,CAAC6B,cAAc,YAAA7D,KAAA,GAAI,IAAI;IAC5D8D,UAAU,GAAA5D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACuB,OAAO,YAAA5D,UAAA,GAAIqD,QAAQ,YAAAtD,KAAA,GAAI,IAAI;IACzCsD,QAAQ;IACRQ,KAAK,GAAA5D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACwB,KAAK,YAAA3D,QAAA,GAAImC,CAAC,CAACyB,kBAAkB,YAAA7D,KAAA,GAAI,IAAI;IAC9C8D,IAAI,GAAA5D,OAAA,GAAEkC,CAAC,CAAC0B,IAAI,YAAA5D,OAAA,GAAI1C,SAAS;IACzBuG,KAAK,GAAA5D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAE+B,CAAC,CAAC4B,eAAe,cAAA3D,kBAAA,GAAjBA,kBAAA,CAAoBK,QAAQ,CAAC,qBAA7BL,kBAAA,CAA+B0D,KAAK,YAAA3D,qBAAA,IAAAE,eAAA,GAAI8B,CAAC,CAAC6B,YAAY,qBAAd3D,eAAA,CAAgByD,KAAK,YAAA5D,KAAA,GAAI,EAAE;IAC1EwC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOvD,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAewD,kBAAkBA,CAC/B1D,GAAgB,EAChBC,GAAsB,EACtBoB,KAAa,EACb4B,OAAe,EACfzB,QAAgB,EAChBsB,EAAsB,EACtBd,OAAe,EACfkB,CAAM,EACNhD,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC4C,EAAE,EAAE;IACP,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA5B,GAAG,CAAC+E,IAAI,CAAC,iDAAiD,EAAE;IAC1D/B,OAAO;IACPzB,QAAQ;IACRsB;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAmC,gBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMC,IAAI,GAAG,MAAMC,KAAK,CAACtI,MAAM,EAAE;MAC/BuI,MAAM,EAAE,MAAM;MACd9E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBqB,OAAO;QACPzB,QAAQ,EAAEA,QAAQ;QAClB6E,aAAa,EAAEvD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACoD,IAAI,CAACI,EAAE,EAAE;MACZ,MAAMC,IAAI,GAAG,MAAML,IAAI,CAACK,IAAI,CAAC,CAAC;MAC9BtG,GAAG,CAACuG,IAAI,YAARvG,GAAG,CAACuG,IAAI,CAAG,wBAAwBN,IAAI,CAACzE,MAAM,IAAI8E,IAAI,EAAE,CAAC;MACzD,OAAO;QACL9E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAM4E,OAAO,GAAG,MAAMP,IAAI,CAACQ,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACN,aAAmC;IAEtD,IAAI,CAACO,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLrF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMK,KAAK,GAAG,MAAMvE,wBAAwB,CAC1CsC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACoE,oBAAoB,IAAI,EAAE,EACtC3E,mBAAmB,CAAC4E,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLT,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMQ,mBAAmB,GAAG,IAAIzE,mBAAmB,CAACqC,GAAG,EAAEiC,KAAK,CAAC;IAE/D,MAAM6E,cAAc,GAAG,MAAM1E,mBAAmB,CAAC2E,kBAAkB,CAAChF,OAAO,EAAE;MAC3Ea,WAAW,EAAE+D,KAAe;MAC5B7D,YAAY,EAAE+D,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI1D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGsD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG5I;IACnG,CAAC,CAAC;;IAEF;IACA,MAAML,kBAAkB,CAACkJ,MAAM,CAAClH,GAAG,EAAE+B,OAAO,CAAC;;IAE7C;IACA,MAAMoF,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,MAAMI,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAACxF,OAAO,CAAC,CAACmC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMhG,SAAS,GAAGb,OAAO,CAAC+D,KAAK,CAAC;IAChC,MAAMoG,YAAY,GAAGvJ,gBAAgB,CAACC,SAAS,GAAA8G,gBAAA,GAAEjF,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA0D,gBAAA,GAAI3G,SAAS,EAAE0B,GAAG,CAAC0H,GAAG,CAAC;IAEjGjK,WAAW,CAACwC,GAAG,EAAE,uBAAuBoB,KAAK,UAAU,EAAEiG,kBAAkB,EAAE;MAC3E;MACAK,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,IAAI;MACZC,QAAQ,EAAE,MAAM;MAChBC,MAAM,EAAEV,aAAa;MACrBtI,MAAM,EAAE2I;IACV,CAAC,CAAC;;IAEF;IACA,IAAIM,EAAO;IACX,IAAI;MAAEA,EAAE,GAAGxK,SAAS,CAACqJ,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAoB,QAAA,EAAM;MACnC,OAAO;QACLvG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMoG,MAAM,GACTrE,KAAK,CAACC,OAAO,CAACkE,EAAE,CAACjE,GAAG,CAAC,IAAIiE,EAAE,CAACjE,GAAG,CAACC,QAAQ,CAACvC,QAAQ,CAAC,IAClD,OAAOuG,EAAE,CAACjE,GAAG,KAAK,QAAQ,KAAKiE,EAAE,CAACjE,GAAG,KAAKtC,QAAQ,IAAIuG,EAAE,CAACjE,GAAG,KAAK,SAAS,CAAE,IAC7EiE,EAAE,CAAC/D,GAAG,KAAKxC,QAAQ;IACrB,IAAI,CAACyG,MAAM,EAAE;MACX,OAAO;QACLxG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAsD,WAAA,IAAAD,KAAA,GAACjF,GAAG,EAASgE,KAAK,YAAAkB,WAAA,GAAlBD,KAAA,CAAajB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMiE,SAAS,GAAGjF,OAAO,CAACkB,QAAQ,CAAC,CAAC;IACnClE,GAAG,CAASgE,KAAK,CAACG,IAAI,GAAG;MACxB/C,KAAK;MACLgD,MAAM,GAAAe,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE1C,MAAM,aAAtBiB,sBAAA,CAAwBnB,QAAQ,oBAAhCmB,sBAAA,CAAwBnB,QAAQ,CAAG,CAAC,YAAAkB,qBAAA,GAAI0C,EAAE,CAACzD,GAAG,YAAAc,KAAA,GAAI,IAAI;MAC9Db,cAAc,GAAAgB,KAAA,IAAAC,OAAA,GAAEuC,EAAE,CAACzD,GAAG,YAAAkB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAExC,cAAc,YAAAgB,KAAA,GAAI,IAAI;MAChEf,UAAU,GAAAiB,KAAA,IAAAC,WAAA,GAAEqC,EAAE,CAACtD,OAAO,YAAAiB,WAAA,GAAIwC,SAAS,YAAAzC,KAAA,GAAI,IAAI;MAC3CvB,QAAQ,EAAEgE,SAAS;MACnBxD,KAAK,GAAAiB,KAAA,IAAAC,SAAA,GAAEmC,EAAE,CAACrD,KAAK,YAAAkB,SAAA,GAAImC,EAAE,CAACpD,kBAAkB,YAAAgB,KAAA,GAAI,IAAI;MAChDf,IAAI,GAAAiB,QAAA,GAAEkC,EAAE,CAACnD,IAAI,YAAAiB,QAAA,GAAIvH,SAAS;MAC1BuG,KAAK,GAAAiB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE+B,EAAE,CAACjD,eAAe,cAAAkB,mBAAA,GAAlBA,mBAAA,CAAqBxE,QAAQ,CAAC,qBAA9BwE,mBAAA,CAAgCnB,KAAK,YAAAkB,qBAAA,IAAAE,gBAAA,GAAI8B,EAAE,CAAChD,YAAY,qBAAfkB,gBAAA,CAAiBpB,KAAK,YAAAiB,MAAA,GAAI,EAAE;MAC5ErC,GAAG,EAAEsE,EAAE,CAACtE;IACV,CAAC;;IAED;IACA,OAAOvD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOiI,CAAC,EAAE;IACVlI,GAAG,CAACmI,KAAK,YAATnI,GAAG,CAACmI,KAAK,CAAG,mBAAmB,EAAED,CAAQ,CAAC;IAC1C,OAAO;MACL1G,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASI,YAAYA,CAACoG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOd,MAAM,CAACC,IAAI,CAACa,KAAK,EAAE,QAAQ,CAAC,CAAClE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOiE,KAAU,EAAE;IACnBE,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGH,KAAK,CAACI,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","createCache","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","_unused","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","_unused2","getSessionMappingCookieName","appId","verifyMw","req","ctx","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMappingRaw","getOrSet","fetched","getTokenMappingById","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","_unused3","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","info","_req$headers$get2","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","httpOnly","secure","sameSite","maxAge","p2","_unused4","audOk2","tenantId2","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMappingRaw = await verifyMappingCache.getOrSet(\n ctx,\n [mapping],\n async () => {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n return fetched ? JSON.stringify(fetched) : \"\";\n },\n );\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,WAAW,EAAEC,wBAAwB,QAAQ,UAAU;AAEhE,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAGP,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASQ,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,OAAAC,OAAA,EAAM;IACN,OAAOd,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMe,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC3B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,OAAAqB,QAAA,EAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASC,2BAA2BA,CAACC,KAAa,EAAE9B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAI0B,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc6B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEA,OAAO,MAAMC,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMvB,KAAK,GAAGE,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACzB,KAAK,IAAI,EAAC5C,OAAO,aAAAiD,cAAA,GAAPjD,OAAO,CAAG4C,KAAK,CAAC,aAAhBK,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAGtE,OAAO,CAAC4C,KAAK,CAAC,CAAC0B,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAG7C,iBAAiB,CAACe,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAA3B,gBAAA,GAAGJ,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIlC,SAAS;EAE5D,IAAI8D,OAAsB,GACxBF,OAAO,CAACjC,2BAA2B,CAACC,KAAK,EAAEiC,aAAa,EAAE/B,GAAG,CAACiC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBhC,KAAK,UAAU,CAAC,IAC/CgC,OAAO,CAAC,cAAchC,KAAK,UAAU,CAAC,IACtCE,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCvB,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM5E,wBAAwB,CAC1C0C,GAAG,EACHvC,OAAO,CAACC,GAAG,CAACyE,oBAAoB,IAAI,EAAE,EACtChF,mBAAmB,CAACiF,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMS,mBAAmB,GAAG,IAAI9E,mBAAmB,CAACyC,GAAG,EAAEkC,KAAK,CAAC;EAE/D,MAAMI,eAAe,GAAG,MAAM1E,kBAAkB,CAAC2E,QAAQ,CACvDvC,GAAG,EACH,CAAC+B,OAAO,CAAC,EACT,YAAY;IACV,MAAMS,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACV,OAAO,CAAC;IACtE,OAAOS,OAAO,GAAGd,IAAI,CAACC,SAAS,CAACa,OAAO,CAAC,GAAG,EAAE;EAC/C,CACF,CAAC;EACD,MAAME,YAAY,GAAGJ,eAAe,GAAGZ,IAAI,CAACiB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIgB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMoB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACnB,QAAQ;EAE3C,IAAI,CAAC2B,aAAa,IAAIA,aAAa,KAAK3B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAIuB,CAAM;EACV,IAAI;IACFA,CAAC,GAAGjG,SAAS,CAAC0F,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAQ,QAAA,EAAM;IACN,OAAO;MACL5B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAxB,EAAA,GAAC+C,CAAC,aAAD/C,EAAA,CAAGiD,GAAG,GAAE;IACX,OAAO;MACL7B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM0B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC5D,GAAG,EAAEC,GAAG,EAAEH,KAAK,EAAEmD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAEf,OAAO,EAAEoB,CAAC,EAAElD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM2D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACd,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKb,aAAa,IAAIC,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC/EZ,CAAC,CAACc,GAAG,KAAKf,aAAa;EAEzB,IAAI,CAACU,KAAK,EAAE;IACV,OAAO;MACLpC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAtB,UAAA,IAAAD,IAAA,GAACL,GAAG,EAASkE,KAAK,YAAA5D,UAAA,GAAlBD,IAAA,CAAa6D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGnB,KAAK,CAACoB,QAAQ,CAAC,CAAC;EAEhCpE,GAAG,CAASkE,KAAK,CAACG,IAAI,GAAG;IACxBxE,KAAK;IACLyE,MAAM,GAAA/D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEiC,YAAY,CAAC4B,MAAM,aAAnB7D,oBAAA,CAAqB2D,QAAQ,oBAA7B3D,oBAAA,CAAqB2D,QAAQ,CAAG,CAAC,YAAA5D,qBAAA,GAAI2C,CAAC,CAACoB,GAAG,YAAAhE,KAAA,GAAI,IAAI;IAC1DiE,cAAc,GAAA9D,KAAA,IAAAC,MAAA,GAAEwC,CAAC,CAACoB,GAAG,YAAA5D,MAAA,GAAI+B,YAAY,CAAC8B,cAAc,YAAA9D,KAAA,GAAI,IAAI;IAC5D+D,UAAU,GAAA7D,KAAA,IAAAC,UAAA,GAAEsC,CAAC,CAACuB,OAAO,YAAA7D,UAAA,GAAIsD,QAAQ,YAAAvD,KAAA,GAAI,IAAI;IACzCuD,QAAQ;IACRQ,KAAK,GAAA7D,KAAA,IAAAC,QAAA,GAAEoC,CAAC,CAACwB,KAAK,YAAA5D,QAAA,GAAIoC,CAAC,CAACyB,kBAAkB,YAAA9D,KAAA,GAAI,IAAI;IAC9C+D,IAAI,GAAA7D,OAAA,GAAEmC,CAAC,CAAC0B,IAAI,YAAA7D,OAAA,GAAI/C,SAAS;IACzB6G,KAAK,GAAA7D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEgC,CAAC,CAAC4B,eAAe,cAAA5D,kBAAA,GAAjBA,kBAAA,CAAoB+B,aAAa,CAAC,qBAAlC/B,kBAAA,CAAoC2D,KAAK,YAAA5D,qBAAA,IAAAE,eAAA,GAAI+B,CAAC,CAAC6B,YAAY,qBAAd5D,eAAA,CAAgB0D,KAAK,YAAA7D,KAAA,GAAI,EAAE;IAC/EyC,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAOzD,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAe0D,kBAAkBA,CAC/B5D,GAAgB,EAChBC,GAAsB,EACtBH,KAAa,EACboD,OAAe,EACf1B,QAAgB,EAChBuB,EAAsB,EACtBf,OAAe,EACfoB,CAAM,EACNlD,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC6C,EAAE,EAAE;IACP,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA5B,GAAG,CAACiF,IAAI,CAAC,0BAA0B,EAAE;IACnChC,OAAO;IACP1B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAA2D,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,IAAI,CAAC1I,MAAM,EAAE;MACXwC,GAAG,CAACmG,KAAK,YAATnG,GAAG,CAACmG,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACL3E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAME,aAAa,IAAAoD,iBAAA,GAAGnF,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA4D,iBAAA,GAAIjH,SAAS;IAC5D,MAAMmI,IAAI,GAAG,MAAMC,KAAK,CAAC7I,MAAM,EAAE;MAC/B8I,MAAM,EAAE,MAAM;MACdjF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBsB,OAAO;QACP1B,QAAQ,EAAEA,QAAQ;QAClBgF,aAAa,EAAEzD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACsD,IAAI,CAACI,EAAE,EAAE;MACZxG,GAAG,CAACyG,IAAI,YAARzG,GAAG,CAACyG,IAAI,CAAG,mCAAmCL,IAAI,CAAC5E,MAAM,EAAE,CAAC;MAC5D,OAAO;QACLA,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAM8E,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACLvF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM5E,wBAAwB,CAC1C0C,GAAG,EACHvC,OAAO,CAACC,GAAG,CAACyE,oBAAoB,IAAI,EAAE,EACtChF,mBAAmB,CAACiF,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMS,mBAAmB,GAAG,IAAI9E,mBAAmB,CAACyC,GAAG,EAAEkC,KAAK,CAAC;IAE/D,MAAM8E,cAAc,GAAG,MAAM3E,mBAAmB,CAAC4E,kBAAkB,CAAClF,OAAO,EAAE;MAC3Ec,WAAW,EAAEgE,KAAK;MAClB9D,YAAY,EAAEgE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI1D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGsD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGlJ;IACnG,CAAC,CAAC;;IAEF;IACA,MAAML,kBAAkB,CAACwJ,MAAM,CAACpH,GAAG,EAAE+B,OAAO,CAAC;;IAE7C;IACA,MAAMsF,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,MAAMI,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAC1F,OAAO,CAAC,CAACqC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMtG,SAAS,GAAGb,OAAO,CAAC4C,KAAK,CAAC;;IAEhC;IACA,MAAM6H,YAAY,GAAG7J,gBAAgB,CAACC,SAAS,EAAEgE,aAAa,EAAE/B,GAAG,CAACiC,GAAG,CAAC;IACxE,MAAM2F,YAAY,GAAGjI,cAAc,CAACoC,aAAa,EAAE/B,GAAG,CAACiC,GAAG,CAAC;IAE3D5E,WAAW,CAAC4C,GAAG,EAAEJ,2BAA2B,CAACC,KAAK,EAAEiC,aAAa,EAAE/B,GAAG,CAACiC,GAAG,CAAC,EAAEuF,kBAAkB,EAAE;MAC/F;MACAK,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACF,YAAY;MACrBG,QAAQ,EAAEH,YAAY,GAAG,KAAK,GAAG,MAAM;MACvCI,MAAM,EAAEV,aAAa;MACrB5I,MAAM,EAAEiJ;IACV,CAAC,CAAC;;IAEF;IACA,IAAIM,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG9K,SAAS,CAAC2J,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAoB,QAAA,EAAM;MACnC,OAAO;QACLzG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMsG,MAAM,GACTrE,KAAK,CAACC,OAAO,CAACkE,EAAE,CAACjE,GAAG,CAAC,IAAIiE,EAAE,CAACjE,GAAG,CAACC,QAAQ,CAACzC,QAAQ,CAAC,IAClD,OAAOyG,EAAE,CAACjE,GAAG,KAAK,QAAQ,KAAKiE,EAAE,CAACjE,GAAG,KAAKxC,QAAQ,IAAIyG,EAAE,CAACjE,GAAG,KAAK,SAAS,CAAE,IAC7EiE,EAAE,CAAC/D,GAAG,KAAK1C,QAAQ;IACrB,IAAI,CAAC2G,MAAM,EAAE;MACX,OAAO;QACL1G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAwD,WAAA,IAAAD,KAAA,GAACnF,GAAG,EAASkE,KAAK,YAAAkB,WAAA,GAAlBD,KAAA,CAAajB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMiE,SAAS,GAAGlF,OAAO,CAACmB,QAAQ,CAAC,CAAC;IACnCpE,GAAG,CAASkE,KAAK,CAACG,IAAI,GAAG;MACxBxE,KAAK;MACLyE,MAAM,GAAAe,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE1C,MAAM,aAAtBiB,sBAAA,CAAwBnB,QAAQ,oBAAhCmB,sBAAA,CAAwBnB,QAAQ,CAAG,CAAC,YAAAkB,qBAAA,GAAI0C,EAAE,CAACzD,GAAG,YAAAc,KAAA,GAAI,IAAI;MAC9Db,cAAc,GAAAgB,KAAA,IAAAC,OAAA,GAAEuC,EAAE,CAACzD,GAAG,YAAAkB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAExC,cAAc,YAAAgB,KAAA,GAAI,IAAI;MAChEf,UAAU,GAAAiB,KAAA,IAAAC,WAAA,GAAEqC,EAAE,CAACtD,OAAO,YAAAiB,WAAA,GAAIwC,SAAS,YAAAzC,KAAA,GAAI,IAAI;MAC3CvB,QAAQ,EAAEgE,SAAS;MACnBxD,KAAK,GAAAiB,KAAA,IAAAC,SAAA,GAAEmC,EAAE,CAACrD,KAAK,YAAAkB,SAAA,GAAImC,EAAE,CAACpD,kBAAkB,YAAAgB,KAAA,GAAI,IAAI;MAChDf,IAAI,GAAAiB,QAAA,GAAEkC,EAAE,CAACnD,IAAI,YAAAiB,QAAA,GAAI7H,SAAS;MAC1B6G,KAAK,GAAAiB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE+B,EAAE,CAACjD,eAAe,cAAAkB,mBAAA,GAAlBA,mBAAA,CAAqB1E,QAAQ,CAAC,qBAA9B0E,mBAAA,CAAgCnB,KAAK,YAAAkB,qBAAA,IAAAE,gBAAA,GAAI8B,EAAE,CAAChD,YAAY,qBAAfkB,gBAAA,CAAiBpB,KAAK,YAAAiB,MAAA,GAAI,EAAE;MAC5ErC,GAAG,EAAEsE,EAAE,CAACtE;IACV,CAAC;;IAED;IACA,OAAOzD,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOmI,CAAM,EAAE;IACfpI,GAAG,CAACmG,KAAK,YAATnG,GAAG,CAACmG,KAAK,CAAG,mBAAmB,EAAE;MAC/BkC,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnBxD,IAAI,EAAEuD,CAAC,oBAADA,CAAC,CAAEvD,IAAI;MACbyD,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACL9G,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAACsG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOf,MAAM,CAACC,IAAI,CAACc,KAAK,EAAE,QAAQ,CAAC,CAACnE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAO+B,KAAU,EAAE;IACnBqC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGtC,KAAK,CAACkC,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}