@culturefy/shared 1.0.66 → 1.0.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/build/cjs/enums/secretKeys.enum.js +1 -0
  2. package/build/cjs/enums/secretKeys.enum.js.map +1 -1
  3. package/build/cjs/middlewares/verify-middleware.js +1 -1
  4. package/build/cjs/middlewares/verify-middleware.js.map +1 -1
  5. package/build/cjs/repositories/multi-tenant.repository.js +13 -0
  6. package/build/cjs/repositories/multi-tenant.repository.js.map +1 -1
  7. package/build/cjs/utils/cache.js +49 -21
  8. package/build/cjs/utils/cache.js.map +1 -1
  9. package/build/esm/enums/secretKeys.enum.js +1 -0
  10. package/build/esm/enums/secretKeys.enum.js.map +1 -1
  11. package/build/esm/middlewares/verify-middleware.js +1 -1
  12. package/build/esm/middlewares/verify-middleware.js.map +1 -1
  13. package/build/esm/repositories/multi-tenant.repository.js +13 -0
  14. package/build/esm/repositories/multi-tenant.repository.js.map +1 -1
  15. package/build/esm/utils/cache.js +49 -21
  16. package/build/esm/utils/cache.js.map +1 -1
  17. package/build/src/enums/secretKeys.enum.d.ts +2 -1
  18. package/build/src/enums/secretKeys.enum.js +1 -0
  19. package/build/src/enums/secretKeys.enum.js.map +1 -1
  20. package/build/src/middlewares/verify-middleware.js +1 -1
  21. package/build/src/middlewares/verify-middleware.js.map +1 -1
  22. package/build/src/repositories/multi-tenant.repository.js +13 -0
  23. package/build/src/repositories/multi-tenant.repository.js.map +1 -1
  24. package/build/src/utils/cache.d.ts +1 -1
  25. package/build/src/utils/cache.js +55 -23
  26. package/build/src/utils/cache.js.map +1 -1
  27. package/package.json +1 -1
package/build/cjs/enums/secretKeys.enum.js CHANGED
@@ -45,6 +45,7 @@ let AzureSecretKeysEnum = exports.AzureSecretKeysEnum = /*#__PURE__*/function (A
45
45
  AzureSecretKeysEnum["REDIS_HOST"] = "REDIS-HOST";
46
46
  AzureSecretKeysEnum["REDIS_KEY"] = "REDIS-KEY";
47
47
  AzureSecretKeysEnum["REDIS_URL"] = "REDIS-URL";
48
+ AzureSecretKeysEnum["REDIS_PORT"] = "REDIS-PORT";
48
49
  return AzureSecretKeysEnum;
49
50
  }({}); // AUTH-SERVICE-AUTHENTICATION-URL
50
51
  // https://culturefy-auth-staging.azurewebsites.net/api/verify
package/build/cjs/enums/secretKeys.enum.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum","exports"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n GITHUB_TOKEN = \"GITHUB-TOKEN\",\n GITHUB_WORKFLOW_URL = \"GITHUB-WORKFLOW-URL\",\n DB_CONNECTION_STRING_ENCRYPTION_KEY = \"DB-CONNECTION-STRING-ENCRYPTION-KEY\",\n\n REDIS_HOST=\"REDIS-HOST\",\n REDIS_KEY=\"REDIS-KEY\",\n REDIS_URL = \"REDIS-URL\"\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":";;;;AAAA;AAAA,IACYA,mBAAmB,GAAAC,OAAA,CAAAD,mBAAA,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA,OAyC/B;AACA;AAEA","ignoreList":[]}
1
+ {"version":3,"file":"secretKeys.enum.js","names":["AzureSecretKeysEnum","exports"],"sources":["../../../src/enums/secretKeys.enum.ts"],"sourcesContent":["// Enum for secret keys\nexport enum AzureSecretKeysEnum {\n KEYCLOAK_ADMIN_CLIENT_SECRET = \"KEYCLOAK-ADMIN-CLIENT-SECRET\",\n KEYCLOAK_ADMIN_CLIENT_ID = \"KEYCLOAK-ADMIN-CLIENT-ID\",\n KEYCLOAK_BASE_URL = \"KEYCLOAK-BASE-URL\",\n STRIPE_PAYMENT_WEBHOOK_SECRET_KEY = \"Stripe-payment-webhook-secret-key\", // in-use\n STRIPE_PRODUCT_WEBHOOK_SECRET = \"Stripe-product-webhook-secret-key\", // in-use\n STRIPE_PRICE_WEBHOOK_SECRET = \"Stripe-price-webhook-secret-key\", // in-use\n EMAIL_SERVICE_URL = \"Email-Service-Url\", // in-use,\n DB_CONNECTING_STRING_AUTH = \"DB-CONNECTION-STRING-AUTH\",\n DB_CONNECTING_STRING_USER = \"DB-CONNECTION-STRING-USER\",\n DB_CONNECTING_STRING_PAYMENT = \"DB-CONNECTION-STRING-PAYMENT\",\n DB_CONNECTING_STRING_CORE = \"DB-CONNECTION-STRING-CORE\",\n DB_CONNECTING_STRING_BILLING = \"DB-CONNECTION-STRING-BILLING\",\n DB_CONNECTING_STRING_STAGING = \"DB-CONNECTION-STRING-STAGING\",\n DB_CONNECTING_STRING_BNT_DEV = \"DB-CONNECTION-STRING-BNT-DEV\",\n DB_CONNECTION_STRING_TENANT_BRIDGE = \"DB-CONNECTION-STRING-TENANT-BRIDGE\",\n SERVICE_BUS_CONNECTION_STRING = \"servicebus-connection-string\",\n STRIPE_CUSTOMER_SYNC_WEBHOOK_SECRET = \"stripe-customer-sync-webhook-secret-key\",\n STRIPE_INVOICE_SYNC_WEBHOOK_SECRET = \"stripe-invoice-sync-webhook-secret-key\",\n STRIPE_PRODUCT_SYNC_WEBHOOK_SECRET = \"stripe-product-sync-webhook-secret-key\",\n STRIPE_PRICE_SYNC_WEBHOOK_SECRET = \"stripe-price-sync-webhook-secret-key\",\n STRIPE_SECRET_KEY = \"Stripe-secret-key\",\n STRIPE_WEBHOOK_CUSTOMER_CREATED_SECRET_KEY = \"Stripe-Webhook-Customer-Created-Secret-Key\",\n STRIPE_SUBSCRIPTION_SYNC_WEBHOOK_SECRET = \"stripe-subscription-sync-webhook-secret-key\",\n FIREBASE_SERVICE_ACCOUNTS_VARIABLE = \"firebase_service_accounts_variable\",\n HMS_ACCESS_KEY=\"MEETING-HMS-ACCESS-KEY-APP-SECRET\",\n MEETING_ROOM_APP_SECRET=\"MEETING-ROOM-APP-SECRET\",\n BASE_DB_CLUSTER_CONNECTING_STRING_CHAT = \"BASE-DB-CLUSTER-CONNECTING-STRING-CHAT\",\n AUTH_SERVICE_AUTHENTICATION_URL = \"AUTH-SERVICE-AUTHENTICATION-URL\",\n GCP_PROJECT_ID=\"gcp-project-id\",\n PUBSUB_SERVICE_ACCOUNT_KEYS=\"pubsub-service-account-keys\",\n VAPI_TOKEN = \"vapi-token\",\n GITHUB_TOKEN = \"GITHUB-TOKEN\",\n GITHUB_WORKFLOW_URL = \"GITHUB-WORKFLOW-URL\",\n DB_CONNECTION_STRING_ENCRYPTION_KEY = \"DB-CONNECTION-STRING-ENCRYPTION-KEY\",\n\n REDIS_HOST=\"REDIS-HOST\",\n REDIS_KEY=\"REDIS-KEY\",\n REDIS_URL = \"REDIS-URL\",\n REDIS_PORT = \"REDIS-PORT\"\n}\n\n// AUTH-SERVICE-AUTHENTICATION-URL\n// https://culturefy-auth-staging.azurewebsites.net/api/verify\n\n// REFRESH-SESSION-URL"],"mappings":";;;;AAAA;AAAA,IACYA,mBAAmB,GAAAC,OAAA,CAAAD,mBAAA,0BAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAI4C;EAJ/DA,mBAAmB;EAKwC;EAL3DA,mBAAmB;EAMoC;EANvDA,mBAAmB;EAOY;EAP/BA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAnBA,mBAAmB;EAAA,OAAnBA,mBAAmB;AAAA,OA0C/B;AACA;AAEA","ignoreList":[]}
package/build/cjs/middlewares/verify-middleware.js CHANGED
@@ -449,7 +449,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
449
449
  (_ref7$state = (_ref7 = ctx).state) != null ? _ref7$state : _ref7.state = {};
450
450
  const tenantId2 = realmId.toString();
451
451
  ctx.state.auth = {
452
- appId,
452
+ appId: appId,
453
453
  userId: (_ref8 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref8 : null,
454
454
  keycloakUserId: (_ref9 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref9 : null,
455
455
  businessId: (_ref0 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref0 : null,
package/build/cjs/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","getSessionMappingCookieName","appId","verifyMw","req","ctx","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","APP_MAP","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","getOrSet","fetched","getTokenMappingById","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","exports","info","_req$headers$get2","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","setCookieKV","httpOnly","secure","sameSite","maxAge","p2","audOk2","tenantId2","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMappingRaw = await verifyMappingCache.getOrSet(\n ctx,\n [mapping],\n async () => {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n return fetched ? JSON.stringify(fetched) : \"\";\n },\n );\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC1B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASoB,2BAA2BA,CAACC,KAAa,EAAE5B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAIyB,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc2B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEO,MAAMC,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMvB,KAAK,GAAGE,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACzB,KAAK,IAAI,EAAC0B,kBAAO,aAAArB,cAAA,GAAPqB,kBAAO,CAAG1B,KAAK,CAAC,aAAhBK,cAAA,CAAkBsB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAGD,kBAAO,CAAC1B,KAAK,CAAC,CAAC2B,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAG7C,iBAAiB,CAACc,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMS,aAAa,IAAA5B,gBAAA,GAAGJ,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIhC,SAAS;EAE5D,IAAI6D,OAAsB,GACxBF,OAAO,CAAClC,2BAA2B,CAACC,KAAK,EAAEkC,aAAa,EAAEhC,GAAG,CAACkC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBjC,KAAK,UAAU,CAAC,IAC/CiC,OAAO,CAAC,cAAcjC,KAAK,UAAU,CAAC,IACtCE,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCvB,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACU,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CpC,GAAG,EACHtC,OAAO,CAACC,GAAG,CAAC0E,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACzC,GAAG,EAAEmC,KAAK,CAAC;EAE/D,MAAMO,eAAe,GAAG,MAAM7E,kBAAkB,CAAC8E,QAAQ,CACvD3C,GAAG,EACH,CAACgC,OAAO,CAAC,EACT,YAAY;IACV,MAAMY,OAAO,GAAG,MAAMJ,mBAAmB,CAACK,mBAAmB,CAACb,OAAO,CAAC;IACtE,OAAOY,OAAO,GAAGjB,IAAI,CAACC,SAAS,CAACgB,OAAO,CAAC,GAAG,EAAE;EAC/C,CACF,CAAC;EACD,MAAME,YAAY,GAAGJ,eAAe,GAAGf,IAAI,CAACoB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAImB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMuB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACtB,QAAQ;EAE3C,IAAI,CAAC8B,aAAa,IAAIA,aAAa,KAAK9B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACR,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAzB,EAAA,GAACmD,CAAC,aAADnD,EAAA,CAAGqD,GAAG,GAAE;IACX,OAAO;MACLhC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM6B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAChE,GAAG,EAAEC,GAAG,EAAEH,KAAK,EAAEuD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAElB,OAAO,EAAEuB,CAAC,EAAEtD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM+D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACd,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKb,aAAa,IAAIC,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC/EZ,CAAC,CAACc,GAAG,KAAKf,aAAa;EAEzB,IAAI,CAACU,KAAK,EAAE;IACV,OAAO;MACLvC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAvB,UAAA,IAAAD,IAAA,GAACL,GAAG,EAASsE,KAAK,YAAAhE,UAAA,GAAlBD,IAAA,CAAaiE,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGnB,KAAK,CAACoB,QAAQ,CAAC,CAAC;EAEhCxE,GAAG,CAASsE,KAAK,CAACG,IAAI,GAAG;IACxB5E,KAAK;IACL6E,MAAM,GAAAnE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEqC,YAAY,CAAC4B,MAAM,aAAnBjE,oBAAA,CAAqB+D,QAAQ,oBAA7B/D,oBAAA,CAAqB+D,QAAQ,CAAG,CAAC,YAAAhE,qBAAA,GAAI+C,CAAC,CAACoB,GAAG,YAAApE,KAAA,GAAI,IAAI;IAC1DqE,cAAc,GAAAlE,KAAA,IAAAC,MAAA,GAAE4C,CAAC,CAACoB,GAAG,YAAAhE,MAAA,GAAImC,YAAY,CAAC8B,cAAc,YAAAlE,KAAA,GAAI,IAAI;IAC5DmE,UAAU,GAAAjE,KAAA,IAAAC,UAAA,GAAE0C,CAAC,CAACuB,OAAO,YAAAjE,UAAA,GAAI0D,QAAQ,YAAA3D,KAAA,GAAI,IAAI;IACzC2D,QAAQ;IACRQ,KAAK,GAAAjE,KAAA,IAAAC,QAAA,GAAEwC,CAAC,CAACwB,KAAK,YAAAhE,QAAA,GAAIwC,CAAC,CAACyB,kBAAkB,YAAAlE,KAAA,GAAI,IAAI;IAC9CmE,IAAI,GAAAjE,OAAA,GAAEuC,CAAC,CAAC0B,IAAI,YAAAjE,OAAA,GAAI7C,SAAS;IACzB+G,KAAK,GAAAjE,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEoC,CAAC,CAAC4B,eAAe,cAAAhE,kBAAA,GAAjBA,kBAAA,CAAoBmC,aAAa,CAAC,qBAAlCnC,kBAAA,CAAoC+D,KAAK,YAAAhE,qBAAA,IAAAE,eAAA,GAAImC,CAAC,CAAC6B,YAAY,qBAAdhE,eAAA,CAAgB8D,KAAK,YAAAjE,KAAA,GAAI,EAAE;IAC/E6C,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAO7D,IAAI,CAAC,CAAC;AACf,CAAC;AAACoF,OAAA,CAAAvF,QAAA,GAAAA,QAAA;AAIF,eAAeiE,kBAAkBA,CAC/BhE,GAAgB,EAChBC,GAAsB,EACtBH,KAAa,EACbwD,OAAe,EACf7B,QAAgB,EAChB0B,EAAsB,EACtBlB,OAAe,EACfuB,CAAM,EACNtD,IAAqC,EACV;EAC3B;EACA,IAAI,CAACiD,EAAE,EAAE;IACP,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA7B,GAAG,CAACsF,IAAI,CAAC,0BAA0B,EAAE;IACnCjC,OAAO;IACP7B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAA+D,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,IAAI,CAAC9I,MAAM,EAAE;MACXuC,GAAG,CAACwG,KAAK,YAATxG,GAAG,CAACwG,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACL/E,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAME,aAAa,IAAAwD,iBAAA,GAAGxF,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAiE,iBAAA,GAAIpH,SAAS;IAC5D,MAAMsI,IAAI,GAAG,MAAMC,KAAK,CAACjJ,MAAM,EAAE;MAC/BkJ,MAAM,EAAE,MAAM;MACdtF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnByB,OAAO;QACP7B,QAAQ,EAAEA,QAAQ;QAClBoF,aAAa,EAAE1D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACuD,IAAI,CAACI,EAAE,EAAE;MACZ7G,GAAG,CAAC8G,IAAI,YAAR9G,GAAG,CAAC8G,IAAI,CAAG,mCAAmCL,IAAI,CAAChF,MAAM,EAAE,CAAC;MAC5D,OAAO;QACLA,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMkF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL3F,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CpC,GAAG,EACHtC,OAAO,CAACC,GAAG,CAAC0E,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACzC,GAAG,EAAEmC,KAAK,CAAC;IAE/D,MAAMkF,cAAc,GAAG,MAAM7E,mBAAmB,CAAC8E,kBAAkB,CAACtF,OAAO,EAAE;MAC3EiB,WAAW,EAAEiE,KAAK;MAClB/D,YAAY,EAAEiE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI3D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGuD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGrJ;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAAC4J,MAAM,CAACzH,GAAG,EAAEgC,OAAO,CAAC;;IAE7C;IACA,MAAM0F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,MAAMI,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAC9F,OAAO,CAAC,CAACwC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMxG,SAAS,GAAGuD,kBAAO,CAAC1B,KAAK,CAAC;;IAEhC;IACA,MAAMkI,YAAY,GAAGhK,gBAAgB,CAACC,SAAS,EAAE+D,aAAa,EAAEhC,GAAG,CAACkC,GAAG,CAAC;IACxE,MAAM+F,YAAY,GAAGrI,cAAc,CAACoC,aAAa,EAAEhC,GAAG,CAACkC,GAAG,CAAC;IAE3D,IAAAgG,oBAAW,EAACjI,GAAG,EAAEJ,2BAA2B,CAACC,KAAK,EAAEkC,aAAa,EAAEhC,GAAG,CAACkC,GAAG,CAAC,EAAE2F,kBAAkB,EAAE;MAC/F;MACAM,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACH,YAAY;MACrBI,QAAQ,EAAEJ,YAAY,GAAG,KAAK,GAAG,MAAM;MACvCK,MAAM,EAAEX,aAAa;MACrB/I,MAAM,EAAEoJ;IACV,CAAC,CAAC;;IAEF;IACA,IAAIO,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA9E,oBAAS,EAAC0D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACLzF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAM0G,MAAM,GACTtE,KAAK,CAACC,OAAO,CAACoE,EAAE,CAACnE,GAAG,CAAC,IAAImE,EAAE,CAACnE,GAAG,CAACC,QAAQ,CAAC5C,QAAQ,CAAC,IAClD,OAAO8G,EAAE,CAACnE,GAAG,KAAK,QAAQ,KAAKmE,EAAE,CAACnE,GAAG,KAAK3C,QAAQ,IAAI8G,EAAE,CAACnE,GAAG,KAAK,SAAS,CAAE,IAC7EmE,EAAE,CAACjE,GAAG,KAAK7C,QAAQ;IACrB,IAAI,CAAC+G,MAAM,EAAE;MACX,OAAO;QACL9G,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA4D,WAAA,IAAAD,KAAA,GAACxF,GAAG,EAASsE,KAAK,YAAAmB,WAAA,GAAlBD,KAAA,CAAalB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMkE,SAAS,GAAGnF,OAAO,CAACmB,QAAQ,CAAC,CAAC;IACnCxE,GAAG,CAASsE,KAAK,CAACG,IAAI,GAAG;MACxB5E,KAAK;MACL6E,MAAM,GAAAgB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE3C,MAAM,aAAtBkB,sBAAA,CAAwBpB,QAAQ,oBAAhCoB,sBAAA,CAAwBpB,QAAQ,CAAG,CAAC,YAAAmB,qBAAA,GAAI2C,EAAE,CAAC3D,GAAG,YAAAe,KAAA,GAAI,IAAI;MAC9Dd,cAAc,GAAAiB,KAAA,IAAAC,OAAA,GAAEwC,EAAE,CAAC3D,GAAG,YAAAmB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAEzC,cAAc,YAAAiB,KAAA,GAAI,IAAI;MAChEhB,UAAU,GAAAkB,KAAA,IAAAC,WAAA,GAAEsC,EAAE,CAACxD,OAAO,YAAAkB,WAAA,GAAIwC,SAAS,YAAAzC,KAAA,GAAI,IAAI;MAC3CxB,QAAQ,EAAEiE,SAAS;MACnBzD,KAAK,GAAAkB,KAAA,IAAAC,SAAA,GAAEoC,EAAE,CAACvD,KAAK,YAAAmB,SAAA,GAAIoC,EAAE,CAACtD,kBAAkB,YAAAiB,KAAA,GAAI,IAAI;MAChDhB,IAAI,GAAAkB,QAAA,GAAEmC,EAAE,CAACrD,IAAI,YAAAkB,QAAA,GAAIhI,SAAS;MAC1B+G,KAAK,GAAAkB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEgC,EAAE,CAACnD,eAAe,cAAAmB,mBAAA,GAAlBA,mBAAA,CAAqB9E,QAAQ,CAAC,qBAA9B8E,mBAAA,CAAgCpB,KAAK,YAAAmB,qBAAA,IAAAE,gBAAA,GAAI+B,EAAE,CAAClD,YAAY,qBAAfmB,gBAAA,CAAiBrB,KAAK,YAAAkB,MAAA,GAAI,EAAE;MAC5EtC,GAAG,EAAEwE,EAAE,CAACxE;IACV,CAAC;;IAED;IACA,OAAO7D,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOwI,CAAM,EAAE;IACfzI,GAAG,CAACwG,KAAK,YAATxG,GAAG,CAACwG,KAAK,CAAG,mBAAmB,EAAE;MAC/BkC,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnBzD,IAAI,EAAEwD,CAAC,oBAADA,CAAC,CAAExD,IAAI;MACb0D,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACLlH,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAAC0G,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOf,MAAM,CAACC,IAAI,CAACc,KAAK,EAAE,QAAQ,CAAC,CAACpE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOgC,KAAU,EAAE;IACnBqC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGtC,KAAK,CAACkC,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","getSessionMappingCookieName","appId","verifyMw","req","ctx","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","APP_MAP","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","getOrSet","fetched","getTokenMappingById","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","exports","info","_req$headers$get2","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","setCookieKV","httpOnly","secure","sameSite","maxAge","p2","audOk2","tenantId2","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const tokenMappingRaw = await verifyMappingCache.getOrSet(\n ctx,\n [mapping],\n async () => {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n return fetched ? JSON.stringify(fetched) : \"\";\n },\n );\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC1B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASoB,2BAA2BA,CAACC,KAAa,EAAE5B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAIyB,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc2B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEO,MAAMC,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBC,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAMvB,KAAK,GAAGE,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACzB,KAAK,IAAI,EAAC0B,kBAAO,aAAArB,cAAA,GAAPqB,kBAAO,CAAG1B,KAAK,CAAC,aAAhBK,cAAA,CAAkBsB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAGD,kBAAO,CAAC1B,KAAK,CAAC,CAAC2B,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAG7C,iBAAiB,CAACc,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMS,aAAa,IAAA5B,gBAAA,GAAGJ,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIhC,SAAS;EAE5D,IAAI6D,OAAsB,GACxBF,OAAO,CAAClC,2BAA2B,CAACC,KAAK,EAAEkC,aAAa,EAAEhC,GAAG,CAACkC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBjC,KAAK,UAAU,CAAC,IAC/CiC,OAAO,CAAC,cAAcjC,KAAK,UAAU,CAAC,IACtCE,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCvB,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACU,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CpC,GAAG,EACHtC,OAAO,CAACC,GAAG,CAAC0E,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACzC,GAAG,EAAEmC,KAAK,CAAC;EAE/D,MAAMO,eAAe,GAAG,MAAM7E,kBAAkB,CAAC8E,QAAQ,CACvD3C,GAAG,EACH,CAACgC,OAAO,CAAC,EACT,YAAY;IACV,MAAMY,OAAO,GAAG,MAAMJ,mBAAmB,CAACK,mBAAmB,CAACb,OAAO,CAAC;IACtE,OAAOY,OAAO,GAAGjB,IAAI,CAACC,SAAS,CAACgB,OAAO,CAAC,GAAG,EAAE;EAC/C,CACF,CAAC;EACD,MAAME,YAAY,GAAGJ,eAAe,GAAGf,IAAI,CAACoB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAImB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMuB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACtB,QAAQ;EAE3C,IAAI,CAAC8B,aAAa,IAAIA,aAAa,KAAK9B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACR,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAzB,EAAA,GAACmD,CAAC,aAADnD,EAAA,CAAGqD,GAAG,GAAE;IACX,OAAO;MACLhC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM6B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAChE,GAAG,EAAEC,GAAG,EAAEH,KAAK,EAAEuD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAElB,OAAO,EAAEuB,CAAC,EAAEtD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM+D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACd,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKb,aAAa,IAAIC,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC/EZ,CAAC,CAACc,GAAG,KAAKf,aAAa;EAEzB,IAAI,CAACU,KAAK,EAAE;IACV,OAAO;MACLvC,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAvB,UAAA,IAAAD,IAAA,GAACL,GAAG,EAASsE,KAAK,YAAAhE,UAAA,GAAlBD,IAAA,CAAaiE,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGnB,KAAK,CAACoB,QAAQ,CAAC,CAAC;EAEhCxE,GAAG,CAASsE,KAAK,CAACG,IAAI,GAAG;IACxB5E,KAAK;IACL6E,MAAM,GAAAnE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEqC,YAAY,CAAC4B,MAAM,aAAnBjE,oBAAA,CAAqB+D,QAAQ,oBAA7B/D,oBAAA,CAAqB+D,QAAQ,CAAG,CAAC,YAAAhE,qBAAA,GAAI+C,CAAC,CAACoB,GAAG,YAAApE,KAAA,GAAI,IAAI;IAC1DqE,cAAc,GAAAlE,KAAA,IAAAC,MAAA,GAAE4C,CAAC,CAACoB,GAAG,YAAAhE,MAAA,GAAImC,YAAY,CAAC8B,cAAc,YAAAlE,KAAA,GAAI,IAAI;IAC5DmE,UAAU,GAAAjE,KAAA,IAAAC,UAAA,GAAE0C,CAAC,CAACuB,OAAO,YAAAjE,UAAA,GAAI0D,QAAQ,YAAA3D,KAAA,GAAI,IAAI;IACzC2D,QAAQ;IACRQ,KAAK,GAAAjE,KAAA,IAAAC,QAAA,GAAEwC,CAAC,CAACwB,KAAK,YAAAhE,QAAA,GAAIwC,CAAC,CAACyB,kBAAkB,YAAAlE,KAAA,GAAI,IAAI;IAC9CmE,IAAI,GAAAjE,OAAA,GAAEuC,CAAC,CAAC0B,IAAI,YAAAjE,OAAA,GAAI7C,SAAS;IACzB+G,KAAK,GAAAjE,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEoC,CAAC,CAAC4B,eAAe,cAAAhE,kBAAA,GAAjBA,kBAAA,CAAoBmC,aAAa,CAAC,qBAAlCnC,kBAAA,CAAoC+D,KAAK,YAAAhE,qBAAA,IAAAE,eAAA,GAAImC,CAAC,CAAC6B,YAAY,qBAAdhE,eAAA,CAAgB8D,KAAK,YAAAjE,KAAA,GAAI,EAAE;IAC/E6C,GAAG,EAAEP,CAAC,CAACO;EACT,CAAC;EAED,OAAO7D,IAAI,CAAC,CAAC;AACf,CAAC;AAACoF,OAAA,CAAAvF,QAAA,GAAAA,QAAA;AAIF,eAAeiE,kBAAkBA,CAC/BhE,GAAgB,EAChBC,GAAsB,EACtBH,KAAa,EACbwD,OAAe,EACf7B,QAAgB,EAChB0B,EAAsB,EACtBlB,OAAe,EACfuB,CAAM,EACNtD,IAAqC,EACV;EAC3B;EACA,IAAI,CAACiD,EAAE,EAAE;IACP,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA7B,GAAG,CAACsF,IAAI,CAAC,0BAA0B,EAAE;IACnCjC,OAAO;IACP7B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAA+D,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,IAAI,CAAC9I,MAAM,EAAE;MACXuC,GAAG,CAACwG,KAAK,YAATxG,GAAG,CAACwG,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACL/E,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAME,aAAa,IAAAwD,iBAAA,GAAGxF,GAAG,CAACsB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAiE,iBAAA,GAAIpH,SAAS;IAC5D,MAAMsI,IAAI,GAAG,MAAMC,KAAK,CAACjJ,MAAM,EAAE;MAC/BkJ,MAAM,EAAE,MAAM;MACdtF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnByB,OAAO;QACP7B,QAAQ,EAAEA,QAAQ;QAClBoF,aAAa,EAAE1D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACuD,IAAI,CAACI,EAAE,EAAE;MACZ7G,GAAG,CAAC8G,IAAI,YAAR9G,GAAG,CAAC8G,IAAI,CAAG,mCAAmCL,IAAI,CAAChF,MAAM,EAAE,CAAC;MAC5D,OAAO;QACLA,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMkF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL3F,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CpC,GAAG,EACHtC,OAAO,CAACC,GAAG,CAAC0E,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACzC,GAAG,EAAEmC,KAAK,CAAC;IAE/D,MAAMkF,cAAc,GAAG,MAAM7E,mBAAmB,CAAC8E,kBAAkB,CAACtF,OAAO,EAAE;MAC3EiB,WAAW,EAAEiE,KAAK;MAClB/D,YAAY,EAAEiE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI3D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGuD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGrJ;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAAC4J,MAAM,CAACzH,GAAG,EAAEgC,OAAO,CAAC;;IAE7C;IACA,MAAM0F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,MAAMI,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAC9F,OAAO,CAAC,CAACwC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMxG,SAAS,GAAGuD,kBAAO,CAAC1B,KAAK,CAAC;;IAEhC;IACA,MAAMkI,YAAY,GAAGhK,gBAAgB,CAACC,SAAS,EAAE+D,aAAa,EAAEhC,GAAG,CAACkC,GAAG,CAAC;IACxE,MAAM+F,YAAY,GAAGrI,cAAc,CAACoC,aAAa,EAAEhC,GAAG,CAACkC,GAAG,CAAC;IAE3D,IAAAgG,oBAAW,EAACjI,GAAG,EAAEJ,2BAA2B,CAACC,KAAK,EAAEkC,aAAa,EAAEhC,GAAG,CAACkC,GAAG,CAAC,EAAE2F,kBAAkB,EAAE;MAC/F;MACAM,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACH,YAAY;MACrBI,QAAQ,EAAEJ,YAAY,GAAG,KAAK,GAAG,MAAM;MACvCK,MAAM,EAAEX,aAAa;MACrB/I,MAAM,EAAEoJ;IACV,CAAC,CAAC;;IAEF;IACA,IAAIO,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA9E,oBAAS,EAAC0D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACLzF,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAM0G,MAAM,GACTtE,KAAK,CAACC,OAAO,CAACoE,EAAE,CAACnE,GAAG,CAAC,IAAImE,EAAE,CAACnE,GAAG,CAACC,QAAQ,CAAC5C,QAAQ,CAAC,IAClD,OAAO8G,EAAE,CAACnE,GAAG,KAAK,QAAQ,KAAKmE,EAAE,CAACnE,GAAG,KAAK3C,QAAQ,IAAI8G,EAAE,CAACnE,GAAG,KAAK,SAAS,CAAE,IAC7EmE,EAAE,CAACjE,GAAG,KAAK7C,QAAQ;IACrB,IAAI,CAAC+G,MAAM,EAAE;MACX,OAAO;QACL9G,MAAM,EAAE,GAAG;QACXJ,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA4D,WAAA,IAAAD,KAAA,GAACxF,GAAG,EAASsE,KAAK,YAAAmB,WAAA,GAAlBD,KAAA,CAAalB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMkE,SAAS,GAAGnF,OAAO,CAACmB,QAAQ,CAAC,CAAC;IACnCxE,GAAG,CAASsE,KAAK,CAACG,IAAI,GAAG;MACxB5E,KAAK,EAAEA,KAAe;MACtB6E,MAAM,GAAAgB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE3C,MAAM,aAAtBkB,sBAAA,CAAwBpB,QAAQ,oBAAhCoB,sBAAA,CAAwBpB,QAAQ,CAAG,CAAC,YAAAmB,qBAAA,GAAI2C,EAAE,CAAC3D,GAAG,YAAAe,KAAA,GAAI,IAAI;MAC9Dd,cAAc,GAAAiB,KAAA,IAAAC,OAAA,GAAEwC,EAAE,CAAC3D,GAAG,YAAAmB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAEzC,cAAc,YAAAiB,KAAA,GAAI,IAAI;MAChEhB,UAAU,GAAAkB,KAAA,IAAAC,WAAA,GAAEsC,EAAE,CAACxD,OAAO,YAAAkB,WAAA,GAAIwC,SAAS,YAAAzC,KAAA,GAAI,IAAI;MAC3CxB,QAAQ,EAAEiE,SAAS;MACnBzD,KAAK,GAAAkB,KAAA,IAAAC,SAAA,GAAEoC,EAAE,CAACvD,KAAK,YAAAmB,SAAA,GAAIoC,EAAE,CAACtD,kBAAkB,YAAAiB,KAAA,GAAI,IAAI;MAChDhB,IAAI,GAAAkB,QAAA,GAAEmC,EAAE,CAACrD,IAAI,YAAAkB,QAAA,GAAIhI,SAAS;MAC1B+G,KAAK,GAAAkB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEgC,EAAE,CAACnD,eAAe,cAAAmB,mBAAA,GAAlBA,mBAAA,CAAqB9E,QAAQ,CAAC,qBAA9B8E,mBAAA,CAAgCpB,KAAK,YAAAmB,qBAAA,IAAAE,gBAAA,GAAI+B,EAAE,CAAClD,YAAY,qBAAfmB,gBAAA,CAAiBrB,KAAK,YAAAkB,MAAA,GAAI,EAAE;MAC5EtC,GAAG,EAAEwE,EAAE,CAACxE;IACV,CAAC;;IAED;IACA,OAAO7D,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOwI,CAAM,EAAE;IACfzI,GAAG,CAACwG,KAAK,YAATxG,GAAG,CAACwG,KAAK,CAAG,mBAAmB,EAAE;MAC/BkC,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnBzD,IAAI,EAAEwD,CAAC,oBAADA,CAAC,CAAExD,IAAI;MACb0D,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACLlH,MAAM,EAAE,GAAG;MACXJ,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/IK,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAAC0G,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOf,MAAM,CAACC,IAAI,CAACc,KAAK,EAAE,QAAQ,CAAC,CAACpE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOgC,KAAU,EAAE;IACnBqC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGtC,KAAK,CAACkC,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
package/build/cjs/repositories/multi-tenant.repository.js CHANGED
@@ -233,6 +233,12 @@ let MultiTenantRepository = exports.MultiTenantRepository = (_dec = (0, _cache.C
233
233
  const resolvedServiceDbType = serviceDBType != null ? serviceDBType : "main";
234
234
  const tenantBridgeUrl = await this.getTenantBridgeSrvDbConnectionString();
235
235
  const connection = await this.getOrCreateCachedConnection(tenantBridgeUrl);
236
+ this.context.info("Resolving tenant DB mapping", {
237
+ businessId,
238
+ appId,
239
+ serviceDBType: resolvedServiceDbType,
240
+ tenantBridgeDb: this.getConnectionLogLabel(tenantBridgeUrl)
241
+ });
236
242
  const ConfigMapping = this.getModel(connection, _configMapping.CONFIG_MAPPING_DOCUMENT_NAME, _configMapping.ConfigMappingModel.schema, _configMapping.CONFIG_MAPPING_COLLECTION_NAME);
237
243
  const filter = {
238
244
  businessId: this.toObjectId(businessId, "businessId")
@@ -241,6 +247,13 @@ let MultiTenantRepository = exports.MultiTenantRepository = (_dec = (0, _cache.C
241
247
  filter.serviceDBType = resolvedServiceDbType;
242
248
  const configMapping = await ConfigMapping.findOne(filter).lean().exec();
243
249
  if (!(configMapping != null && configMapping.connectionString)) {
250
+ this.context.error("Config mapping not found for tenant", {
251
+ businessId,
252
+ appId,
253
+ serviceDBType: resolvedServiceDbType,
254
+ tenantBridgeDb: this.getConnectionLogLabel(tenantBridgeUrl),
255
+ filter
256
+ });
244
257
  throw new Error("Config mapping not found for this business");
245
258
  }
246
259
  const decryptedConnectionString = await this.decryptConnectionString(configMapping.connectionString);
package/build/cjs/repositories/multi-tenant.repository.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"multi-tenant.repository.js","names":["_mongoose","_interopRequireWildcard","require","crypto","_enums","_cache","_secrets","_configMapping","_dec","_dec2","_dec3","_class","_MultiTenantRepository","e","t","WeakMap","r","n","__esModule","o","i","f","__proto__","default","has","get","set","hasOwnProperty","call","Object","defineProperty","getOwnPropertyDescriptor","_applyDecoratedDescriptor","l","a","keys","forEach","enumerable","configurable","initializer","writable","slice","reverse","reduce","value","tenantDbCache","createCache","tenantBridgeCache","encryptionKeyCache","WithTenantDb","_target","_propertyKey","descriptor","originalMethod","args","ensureClientConnection","apply","MultiTenantRepository","exports","Cacheable","cache","key","getContext","instance","context","businessId","appId","serviceDbType","constructor","config","serviceDBType","tenantBridgeConfig","dbConnectionEncryptionKey","clientConnectionString","connectionPromise","tenantBridgeEnvKey","tenantBridgeSecretKey","AzureSecretKeysEnum","DB_CONNECTION_STRING_TENANT_BRIDGE","getConnectionLogLabel","connectionString","match","dbName","toLowerCase","includes","getEncryptionIv","iv","process","env","DB_CONNECTION_STRING_ENCRYPTION_IV","Buffer","alloc","normalizeFixedSize","label","utf8Value","from","length","base64Value","hexValue","error","Error","getOrCreateCachedConnection","existing","connections","connection","readyState","dbLabel","info","mongoose","Mongoose","connect","serverSelectionTimeoutMS","connectTimeoutMS","socketTimeoutMS","err","message","name","code","stack","toObjectId","id","fieldName","Types","ObjectId","isValid","getTenantBridgeSrvDbConnectionString","envKey","localUri","undefined","vault","AZURE_KEY_VAULT_NAME","secretKey","dbUrl","getAzureVaultSecretByKey","getDbConnectionEncryptionKey","DB_CONNECTION_STRING_ENCRYPTION_KEY","decryptConnectionString","encryptedValue","startsWith","keyBuffer","normalizeEncryptionKey","ivBuffer","decipher","createDecipheriv","decrypted","update","final","utf8Key","base64Key","hexKey","getClientDbConnectionString","resolvedServiceDbType","tenantBridgeUrl","ConfigMapping","getModel","CONFIG_MAPPING_DOCUMENT_NAME","ConfigMappingModel","schema","CONFIG_MAPPING_COLLECTION_NAME","filter","configMapping","findOne","lean","exec","decryptedConnectionString","getConnection","clientDbUrl","disconnectByConnectionString","disconnect","delete","disconnectClient","getTenantModel","modelName","collectionName","model","models","Map","prototype","TenantModelRepository","modelDef","dbModel"],"sources":["../../../src/repositories/multi-tenant.repository.ts"],"sourcesContent":["import mongoose, { Model, Schema, Types } from \"mongoose\";\nimport * as crypto from \"crypto\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { DefaultAzureCredential } from \"@azure/identity\";\nimport { SecretClient } from \"@azure/keyvault-secrets\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { Cacheable, createCache } from \"../utils/cache\";\nimport { getAzureVaultSecretByKey } from \"../utils/secrets\";\nimport {\n CONFIG_MAPPING_COLLECTION_NAME,\n CONFIG_MAPPING_DOCUMENT_NAME,\n ConfigMappingModel,\n IConfigMapping,\n} from \"../models/config-mapping.model\";\n\ntype ConnectionMap = Map<string, mongoose.Mongoose>;\n\ntype TenantBridgeConfig = {\n tenantBridgeEnvKey?: string;\n tenantBridgeSecretKey?: AzureSecretKeysEnum;\n};\n\nconst tenantDbCache = createCache(\"tenant-db\", 600);\nconst tenantBridgeCache = createCache(\"tenant-bridge-db-connection-string\", 1800);\nconst encryptionKeyCache = createCache(\"db-enc-key\", 1800);\n\n/**\n * Decorator that ensures tenant DB is connected before the method runs.\n */\nexport function WithTenantDb(\n _target: any,\n _propertyKey: string | symbol,\n descriptor: TypedPropertyDescriptor<(...args: any[]) => Promise<any>>,\n): void {\n if (!descriptor.value) return;\n const originalMethod = descriptor.value;\n descriptor.value = async function (\n this: MultiTenantRepository,\n ...args: any[]\n ) {\n await this.ensureClientConnection();\n return originalMethod.apply(this, args);\n };\n}\n\nexport class MultiTenantRepository {\n private static connections: ConnectionMap = new Map();\n private readonly context: InvocationContext;\n private readonly tenantBridgeConfig: TenantBridgeConfig;\n private readonly businessId: string;\n private readonly appId?: string;\n private readonly serviceDBType?: string;\n private dbConnectionEncryptionKey?: string;\n private clientConnectionString?: string;\n private connectionPromise?: Promise<mongoose.Mongoose>;\n\n constructor(\n context: InvocationContext,\n businessId: string,\n appId?: string,\n config?: TenantBridgeConfig,\n serviceDBType?: string,\n ) {\n this.context = context;\n this.businessId = businessId;\n this.appId = appId;\n this.serviceDBType = serviceDBType ?? \"main\";\n this.tenantBridgeConfig = {\n tenantBridgeEnvKey: \"TENANT_BRIDGE_DB_URI\",\n tenantBridgeSecretKey: AzureSecretKeysEnum.DB_CONNECTION_STRING_TENANT_BRIDGE,\n ...config,\n };\n\n this.connectionPromise = this.ensureClientConnection();\n }\n\n private getConnectionLogLabel(connectionString: string): string {\n const match = connectionString.match(/\\/([^/?]+)(\\?|$)/);\n const dbName = match?.[1] || \"unknown\";\n if (dbName.toLowerCase().includes(\"tenantbridge\")) {\n return \"TenantBridge-DB\";\n }\n if (dbName.toLowerCase().includes(\"user\")) {\n return \"Auth-DB\";\n }\n return `${dbName}-DB`;\n }\n\n private getEncryptionIv(): Buffer {\n const iv = process.env.DB_CONNECTION_STRING_ENCRYPTION_IV;\n if (!iv) {\n return Buffer.alloc(16, 0);\n }\n return this.normalizeFixedSize(iv, \"IV\");\n }\n\n private normalizeFixedSize(value: string, label: string): Buffer {\n const utf8Value = Buffer.from(value, \"utf8\");\n if (utf8Value.length === 16) {\n return utf8Value;\n }\n\n const base64Value = Buffer.from(value, \"base64\");\n if (base64Value.length === 16) {\n return base64Value;\n }\n\n const hexValue = Buffer.from(value, \"hex\");\n if (hexValue.length === 16) {\n return hexValue;\n }\n\n this.context.error(`${label} must be 16 bytes for aes-128-cbc (got ${utf8Value.length})`);\n throw new Error(\n `${label} must be 16 bytes for aes-128-cbc (got ${utf8Value.length})`,\n );\n }\n\n private async getOrCreateCachedConnection(\n connectionString: string,\n ): Promise<mongoose.Mongoose> {\n const existing = MultiTenantRepository.connections.get(connectionString);\n if (existing && existing.connection.readyState === 1) {\n return existing;\n }\n\n const dbLabel = this.getConnectionLogLabel(connectionString);\n this.context.info(`Initializing database connection (${dbLabel})...`);\n const instance = new mongoose.Mongoose();\n\n try {\n await instance.connect(connectionString, {\n serverSelectionTimeoutMS: 10000,\n connectTimeoutMS: 10000,\n socketTimeoutMS: 45000,\n });\n this.context.info(`✅ MongoDB connected successfully (${dbLabel})`);\n MultiTenantRepository.connections.set(connectionString, instance);\n return instance;\n } catch (err: any) {\n this.context.error(\n `❌ MongoDB connection error for (${dbLabel})`,\n {\n message: err.message,\n name: err.name,\n code: err.code,\n stack: err.stack,\n },\n );\n throw new Error(`Failed to connect to MongoDB: ${err.message}`);\n }\n }\n\n private toObjectId(id: string, fieldName: string): Types.ObjectId {\n if (!Types.ObjectId.isValid(id)) {\n throw new Error(`Invalid ${fieldName}`);\n }\n return new Types.ObjectId(id);\n }\n\n @Cacheable({\n cache: tenantBridgeCache,\n key: () => [\"tenant-bridge\"],\n getContext: (instance: unknown) =>\n (instance as MultiTenantRepository).context,\n })\n async getTenantBridgeSrvDbConnectionString(): Promise<string> {\n const envKey = this.tenantBridgeConfig.tenantBridgeEnvKey;\n const localUri =\n (envKey ? process.env[envKey] : undefined);\n\n if (localUri) {\n return localUri;\n }\n\n const vault = process.env.AZURE_KEY_VAULT_NAME || \"\";\n const secretKey =\n this.tenantBridgeConfig.tenantBridgeSecretKey ||\n AzureSecretKeysEnum.DB_CONNECTION_STRING_TENANT_BRIDGE;\n\n const dbUrl = await getAzureVaultSecretByKey(\n this.context,\n vault,\n secretKey,\n );\n if (!dbUrl) {\n throw new Error(\"TenantBridge database connection string not found\");\n }\n return dbUrl;\n }\n\n @Cacheable({\n cache: encryptionKeyCache,\n key: () => [\"key\"],\n getContext: (instance: unknown) =>\n (instance as MultiTenantRepository).context,\n })\n private async getDbConnectionEncryptionKey(): Promise<string> {\n try {\n if (this.dbConnectionEncryptionKey) {\n return this.dbConnectionEncryptionKey;\n }\n\n const envKey = process.env.DB_CONNECTION_STRING_ENCRYPTION_KEY;\n if (envKey) {\n this.dbConnectionEncryptionKey = envKey;\n return envKey;\n }\n\n const vault = process.env.AZURE_KEY_VAULT_NAME || \"\";\n const key = await getAzureVaultSecretByKey(\n this.context, vault, AzureSecretKeysEnum.DB_CONNECTION_STRING_ENCRYPTION_KEY\n );\n if (!key) {\n this.context.error(\"DB connection string encryption key not found in vault\");\n throw new Error(\"DB connection string encryption key not found in vault\");\n }\n this.dbConnectionEncryptionKey = key;\n return key;\n } catch (error) {\n this.context.error(`Error getting DB connection string encryption key from vault: ${error}`);\n throw new Error(`Error getting DB connection string encryption key from vault: ${error}`);\n }\n }\n\n private async decryptConnectionString(encryptedValue: string): Promise<string> {\n if (!encryptedValue) {\n this.context.error(\"Encrypted value not found\");\n throw new Error(\"Encrypted value not found\");\n }\n\n if (encryptedValue.startsWith(\"mongodb://\")) {\n return encryptedValue;\n }\n\n const key = await this.getDbConnectionEncryptionKey();\n if (!key) {\n this.context.error(\"DB connection string encryption key not found during decryption\");\n throw new Error(\"DB connection string encryption key not found during decryption\");\n }\n this.context.info(`Decrypting DB connection string with key: ${key}`);\n\n const keyBuffer = this.normalizeEncryptionKey(key);\n if (!keyBuffer) {\n this.context.error(\"Key buffer not found\");\n throw new Error(\"Key buffer not found\");\n }\n this.context.info(`Decrypting DB connection string with key buffer: ${keyBuffer}`);\n\n const ivBuffer = this.getEncryptionIv();\n if (!ivBuffer) {\n this.context.error(\"IV buffer not found\");\n throw new Error(\"IV buffer not found\");\n }\n this.context.info(`Decrypting DB connection string with IV buffer: ${ivBuffer}`);\n\n const decipher = crypto.createDecipheriv(\"aes-128-cbc\", keyBuffer, ivBuffer);\n if (!decipher) {\n this.context.error(\"Decipher not found\");\n throw new Error(\"Decipher not found\");\n }\n this.context.info(`Decrypting DB connection string with decipher: ${decipher}`);\n\n let decrypted = decipher.update(encryptedValue, \"base64\", \"utf8\");\n if (!decrypted) {\n this.context.error(\"Decrypted value not found\");\n throw new Error(\"Decrypted value not found\");\n }\n this.context.info(`Decrypting DB connection string with decrypted value: ${decrypted}`);\n\n decrypted += decipher.final(\"utf8\");\n if (!decrypted) {\n this.context.error(\"Decrypted value not found\");\n throw new Error(\"Decrypted value not found\");\n }\n this.context.info(`Decrypting DB connection string with decrypted value: ${decrypted}`);\n\n return decrypted;\n }\n\n private normalizeEncryptionKey(key: string): Buffer {\n const utf8Key = Buffer.from(key, \"utf8\");\n if (utf8Key.length === 16) {\n return utf8Key;\n }\n\n const base64Key = Buffer.from(key, \"base64\");\n if (base64Key.length === 16) {\n return base64Key;\n }\n\n const hexKey = Buffer.from(key, \"hex\");\n if (hexKey.length === 16) {\n return hexKey;\n }\n\n this.context.error(`DB connection string encryption key must be 16 bytes for aes-128-cbc (got ${utf8Key.length})`);\n throw new Error(\n `DB connection string encryption key must be 16 bytes for aes-128-cbc (got ${utf8Key.length})`,\n );\n }\n\n @Cacheable({\n cache: tenantDbCache,\n key: (businessId: string, appId?: string, serviceDbType?: string) => [\n businessId,\n appId,\n serviceDbType,\n ],\n getContext: (instance: unknown) =>\n (instance as MultiTenantRepository).context,\n })\n async getClientDbConnectionString(\n businessId: string,\n appId?: string,\n serviceDBType?: string,\n ): Promise<string> {\n if (!appId) {\n throw new Error(\"appId is required to resolve tenant client database\");\n }\n const resolvedServiceDbType = serviceDBType ?? \"main\";\n const tenantBridgeUrl = await this.getTenantBridgeSrvDbConnectionString();\n const connection = await this.getOrCreateCachedConnection(tenantBridgeUrl);\n\n const ConfigMapping = this.getModel(\n connection,\n CONFIG_MAPPING_DOCUMENT_NAME,\n ConfigMappingModel.schema,\n CONFIG_MAPPING_COLLECTION_NAME,\n ) as Model<IConfigMapping>;\n\n const filter: Record<string, unknown> = {\n businessId: this.toObjectId(businessId, \"businessId\"),\n };\n filter.appId = appId;\n filter.serviceDBType = resolvedServiceDbType;\n\n const configMapping =\n (await ConfigMapping.findOne(filter).lean().exec()) as\n | IConfigMapping\n | null;\n if (!configMapping?.connectionString) {\n throw new Error(\"Config mapping not found for this business\");\n }\n const decryptedConnectionString = await this.decryptConnectionString(\n configMapping.connectionString,\n );\n this.context.info(\n `Resolved tenant database mapping from TenantBridge (${this.getConnectionLogLabel(decryptedConnectionString)})`,\n );\n return decryptedConnectionString;\n }\n\n protected getConnection(): mongoose.Mongoose | undefined {\n if (!this.clientConnectionString) return undefined;\n return MultiTenantRepository.connections.get(this.clientConnectionString);\n }\n\n protected async ensureClientConnection(): Promise<mongoose.Mongoose> {\n if (this.connectionPromise) {\n return this.connectionPromise;\n }\n\n if (this.clientConnectionString) {\n const existing = this.getConnection();\n if (existing && existing.connection.readyState === 1) {\n return existing;\n }\n }\n\n const clientDbUrl = await this.getClientDbConnectionString(\n this.businessId,\n this.appId,\n this.serviceDBType,\n );\n this.clientConnectionString = clientDbUrl;\n this.connectionPromise = this.getOrCreateCachedConnection(clientDbUrl);\n return this.connectionPromise;\n }\n\n async disconnectByConnectionString(connectionString: string): Promise<void> {\n const existing = MultiTenantRepository.connections.get(connectionString);\n if (!existing) return;\n try {\n await existing.disconnect();\n this.context.info(`✅ Disconnected from database (${this.getConnectionLogLabel(connectionString)})`);\n } catch (error) {\n this.context.error(`❌ Error disconnecting from database (${this.getConnectionLogLabel(connectionString)})`, error);\n } finally {\n MultiTenantRepository.connections.delete(connectionString);\n }\n }\n\n async disconnectClient(): Promise<void> {\n const clientDbUrl = await this.getClientDbConnectionString(\n this.businessId,\n this.appId,\n );\n await this.disconnectByConnectionString(clientDbUrl);\n this.clientConnectionString = undefined;\n this.connectionPromise = undefined;\n }\n\n protected getTenantModel(\n modelName: string,\n schema: Schema<any>,\n collectionName?: string,\n ): Model<any> {\n const connection = this.getConnection();\n if (!connection) {\n throw new Error(\"database connection not established\");\n }\n return this.getModel(connection, modelName, schema, collectionName);\n }\n\n protected model<T>(model: Model<T>, collectionName?: string): Model<T> {\n return this.getTenantModel(\n model.modelName,\n model.schema,\n collectionName,\n ) as Model<T>;\n }\n\n protected getModel(\n connection: mongoose.Mongoose,\n modelName: string,\n schema: Schema<any>,\n collectionName?: string,\n ): Model<any> {\n if (connection.models[modelName]) {\n return connection.models[modelName] as Model<any>;\n }\n return connection.model(modelName, schema, collectionName);\n }\n}\n\nexport abstract class TenantModelRepository<T> extends MultiTenantRepository {\n protected abstract readonly modelDef: Model<T>;\n\n protected get dbModel(): Model<T> {\n return this.model(this.modelDef);\n }\n}\n"],"mappings":";;;;;AAAA,IAAAA,SAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAF,uBAAA,CAAAC,OAAA;AAIA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AACA,IAAAK,cAAA,GAAAL,OAAA;AAKwC,IAAAM,IAAA,EAAAC,KAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,sBAAA;AAAA,SAAAX,wBAAAY,CAAA,EAAAC,CAAA,6BAAAC,OAAA,MAAAC,CAAA,OAAAD,OAAA,IAAAE,CAAA,OAAAF,OAAA,YAAAd,uBAAA,YAAAA,CAAAY,CAAA,EAAAC,CAAA,SAAAA,CAAA,IAAAD,CAAA,IAAAA,CAAA,CAAAK,UAAA,SAAAL,CAAA,MAAAM,CAAA,EAAAC,CAAA,EAAAC,CAAA,KAAAC,SAAA,QAAAC,OAAA,EAAAV,CAAA,iBAAAA,CAAA,uBAAAA,CAAA,yBAAAA,CAAA,SAAAQ,CAAA,MAAAF,CAAA,GAAAL,CAAA,GAAAG,CAAA,GAAAD,CAAA,QAAAG,CAAA,CAAAK,GAAA,CAAAX,CAAA,UAAAM,CAAA,CAAAM,GAAA,CAAAZ,CAAA,GAAAM,CAAA,CAAAO,GAAA,CAAAb,CAAA,EAAAQ,CAAA,gBAAAP,CAAA,IAAAD,CAAA,gBAAAC,CAAA,OAAAa,cAAA,CAAAC,IAAA,CAAAf,CAAA,EAAAC,CAAA,OAAAM,CAAA,IAAAD,CAAA,GAAAU,MAAA,CAAAC,cAAA,KAAAD,MAAA,CAAAE,wBAAA,CAAAlB,CAAA,EAAAC,CAAA,OAAAM,CAAA,CAAAK,GAAA,IAAAL,CAAA,CAAAM,GAAA,IAAAP,CAAA,CAAAE,CAAA,EAAAP,CAAA,EAAAM,CAAA,IAAAC,CAAA,CAAAP,CAAA,IAAAD,CAAA,CAAAC,CAAA,WAAAO,CAAA,KAAAR,CAAA,EAAAC,CAAA;AAAA,SAAAkB,0BAAAZ,CAAA,EAAAP,CAAA,EAAAG,CAAA,EAAAC,CAAA,EAAAgB,CAAA,QAAAC,CAAA,cAAAL,MAAA,CAAAM,IAAA,CAAAlB,CAAA,EAAAmB,OAAA,WAAAhB,CAAA,IAAAc,CAAA,CAAAd,CAAA,IAAAH,CAAA,CAAAG,CAAA,OAAAc,CAAA,CAAAG,UAAA,KAAAH,CAAA,CAAAG,UAAA,EAAAH,CAAA,CAAAI,YAAA,KAAAJ,CAAA,CAAAI,YAAA,cAAAJ,CAAA,IAAAA,CAAA,CAAAK,WAAA,MAAAL,CAAA,CAAAM,QAAA,QAAAN,CAAA,GAAAlB,CAAA,CAAAyB,KAAA,GAAAC,OAAA,GAAAC,MAAA,WAAA3B,CAAA,EAAAC,CAAA,WAAAA,CAAA,CAAAG,CAAA,EAAAP,CAAA,EAAAG,CAAA,KAAAA,CAAA,KAAAkB,CAAA,GAAAD,CAAA,eAAAC,CAAA,CAAAK,WAAA,KAAAL,CAAA,CAAAU,KAAA,GAAAV,CAAA,CAAAK,WAAA,GAAAL,CAAA,CAAAK,WAAA,CAAAX,IAAA,CAAAK,CAAA,YAAAC,CAAA,CAAAK,WAAA,uBAAAL,CAAA,CAAAK,WAAA,IAAAV,MAAA,CAAAC,cAAA,CAAAV,CAAA,EAAAP,CAAA,EAAAqB,CAAA,WAAAA,CAAA;AASxC,MAAMW,aAAa,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,GAAG,CAAC;AACnD,MAAMC,iBAAiB,GAAG,IAAAD,kBAAW,EAAC,oCAAoC,EAAE,IAAI,CAAC;AACjF,MAAME,kBAAkB,GAAG,IAAAF,kBAAW,EAAC,YAAY,EAAE,IAAI,CAAC;;AAE1D;AACA;AACA;AACO,SAASG,YAAYA,CAC1BC,OAAY,EACZC,YAA6B,EAC7BC,UAAqE,EAC/D;EACN,IAAI,CAACA,UAAU,CAACR,KAAK,EAAE;EACvB,MAAMS,cAAc,GAAGD,UAAU,CAACR,KAAK;EACvCQ,UAAU,CAACR,KAAK,GAAG,gBAEjB,GAAGU,IAAW,EACd;IACA,MAAM,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACnC,OAAOF,cAAc,CAACG,KAAK,CAAC,IAAI,EAAEF,IAAI,CAAC;EACzC,CAAC;AACH;AAAC,IAEYG,qBAAqB,GAAAC,OAAA,CAAAD,qBAAA,IAAAjD,IAAA,GAmH/B,IAAAmD,gBAAS,EAAC;EACTC,KAAK,EAAEb,iBAAiB;EACxBc,GAAG,EAAEA,CAAA,KAAM,CAAC,eAAe,CAAC;EAC5BC,UAAU,EAAGC,QAAiB,IAC3BA,QAAQ,CAA2BC;AACxC,CAAC,CAAC,EAAAvD,KAAA,GA0BD,IAAAkD,gBAAS,EAAC;EACTC,KAAK,EAAEZ,kBAAkB;EACzBa,GAAG,EAAEA,CAAA,KAAM,CAAC,KAAK,CAAC;EAClBC,UAAU,EAAGC,QAAiB,IAC3BA,QAAQ,CAA2BC;AACxC,CAAC,CAAC,EAAAtD,KAAA,GA0GD,IAAAiD,gBAAS,EAAC;EACTC,KAAK,EAAEf,aAAa;EACpBgB,GAAG,EAAEA,CAACI,UAAkB,EAAEC,KAAc,EAAEC,aAAsB,KAAK,CACnEF,UAAU,EACVC,KAAK,EACLC,aAAa,CACd;EACDL,UAAU,EAAGC,QAAiB,IAC3BA,QAAQ,CAA2BC;AACxC,CAAC,CAAC,EAAArD,MAAA,IAAAC,sBAAA,GA1QG,MAAM6C,qBAAqB,CAAC;EAWjCW,WAAWA,CACTJ,OAA0B,EAC1BC,UAAkB,EAClBC,KAAc,EACdG,MAA2B,EAC3BC,aAAsB,EACtB;IAAA,KAfeN,OAAO;IAAA,KACPO,kBAAkB;IAAA,KAClBN,UAAU;IAAA,KACVC,KAAK;IAAA,KACLI,aAAa;IAAA,KACtBE,yBAAyB;IAAA,KACzBC,sBAAsB;IAAA,KACtBC,iBAAiB;IASvB,IAAI,CAACV,OAAO,GAAGA,OAAO;IACtB,IAAI,CAACC,UAAU,GAAGA,UAAU;IAC5B,IAAI,CAACC,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,aAAa,GAAGA,aAAa,WAAbA,aAAa,GAAI,MAAM;IAC5C,IAAI,CAACC,kBAAkB,GAAG;MACxBI,kBAAkB,EAAE,sBAAsB;MAC1CC,qBAAqB,EAAEC,0BAAmB,CAACC,kCAAkC;MAC7E,GAAGT;IACL,CAAC;IAED,IAAI,CAACK,iBAAiB,GAAG,IAAI,CAACnB,sBAAsB,CAAC,CAAC;EACxD;EAEQwB,qBAAqBA,CAACC,gBAAwB,EAAU;IAC9D,MAAMC,KAAK,GAAGD,gBAAgB,CAACC,KAAK,CAAC,kBAAkB,CAAC;IACxD,MAAMC,MAAM,GAAG,CAAAD,KAAK,oBAALA,KAAK,CAAG,CAAC,CAAC,KAAI,SAAS;IACtC,IAAIC,MAAM,CAACC,WAAW,CAAC,CAAC,CAACC,QAAQ,CAAC,cAAc,CAAC,EAAE;MACjD,OAAO,iBAAiB;IAC1B;IACA,IAAIF,MAAM,CAACC,WAAW,CAAC,CAAC,CAACC,QAAQ,CAAC,MAAM,CAAC,EAAE;MACzC,OAAO,SAAS;IAClB;IACA,OAAO,GAAGF,MAAM,KAAK;EACvB;EAEQG,eAAeA,CAAA,EAAW;IAChC,MAAMC,EAAE,GAAGC,OAAO,CAACC,GAAG,CAACC,kCAAkC;IACzD,IAAI,CAACH,EAAE,EAAE;MACP,OAAOI,MAAM,CAACC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5B;IACA,OAAO,IAAI,CAACC,kBAAkB,CAACN,EAAE,EAAE,IAAI,CAAC;EAC1C;EAEQM,kBAAkBA,CAAChD,KAAa,EAAEiD,KAAa,EAAU;IAC/D,MAAMC,SAAS,GAAGJ,MAAM,CAACK,IAAI,CAACnD,KAAK,EAAE,MAAM,CAAC;IAC5C,IAAIkD,SAAS,CAACE,MAAM,KAAK,EAAE,EAAE;MAC3B,OAAOF,SAAS;IAClB;IAEA,MAAMG,WAAW,GAAGP,MAAM,CAACK,IAAI,CAACnD,KAAK,EAAE,QAAQ,CAAC;IAChD,IAAIqD,WAAW,CAACD,MAAM,KAAK,EAAE,EAAE;MAC7B,OAAOC,WAAW;IACpB;IAEA,MAAMC,QAAQ,GAAGR,MAAM,CAACK,IAAI,CAACnD,KAAK,EAAE,KAAK,CAAC;IAC1C,IAAIsD,QAAQ,CAACF,MAAM,KAAK,EAAE,EAAE;MAC1B,OAAOE,QAAQ;IACjB;IAEA,IAAI,CAAClC,OAAO,CAACmC,KAAK,CAAC,GAAGN,KAAK,0CAA0CC,SAAS,CAACE,MAAM,GAAG,CAAC;IACzF,MAAM,IAAII,KAAK,CACb,GAAGP,KAAK,0CAA0CC,SAAS,CAACE,MAAM,GACpE,CAAC;EACH;EAEA,MAAcK,2BAA2BA,CACvCrB,gBAAwB,EACI;IAC5B,MAAMsB,QAAQ,GAAG7C,qBAAqB,CAAC8C,WAAW,CAAC9E,GAAG,CAACuD,gBAAgB,CAAC;IACxE,IAAIsB,QAAQ,IAAIA,QAAQ,CAACE,UAAU,CAACC,UAAU,KAAK,CAAC,EAAE;MACpD,OAAOH,QAAQ;IACjB;IAEA,MAAMI,OAAO,GAAG,IAAI,CAAC3B,qBAAqB,CAACC,gBAAgB,CAAC;IAC5D,IAAI,CAAChB,OAAO,CAAC2C,IAAI,CAAC,qCAAqCD,OAAO,MAAM,CAAC;IACrE,MAAM3C,QAAQ,GAAG,IAAI6C,iBAAQ,CAACC,QAAQ,CAAC,CAAC;IAExC,IAAI;MACF,MAAM9C,QAAQ,CAAC+C,OAAO,CAAC9B,gBAAgB,EAAE;QACvC+B,wBAAwB,EAAE,KAAK;QAC/BC,gBAAgB,EAAE,KAAK;QACvBC,eAAe,EAAE;MACnB,CAAC,CAAC;MACF,IAAI,CAACjD,OAAO,CAAC2C,IAAI,CAAC,qCAAqCD,OAAO,GAAG,CAAC;MAClEjD,qBAAqB,CAAC8C,WAAW,CAAC7E,GAAG,CAACsD,gBAAgB,EAAEjB,QAAQ,CAAC;MACjE,OAAOA,QAAQ;IACjB,CAAC,CAAC,OAAOmD,GAAQ,EAAE;MACjB,IAAI,CAAClD,OAAO,CAACmC,KAAK,CAChB,mCAAmCO,OAAO,GAAG,EAC7C;QACES,OAAO,EAAED,GAAG,CAACC,OAAO;QACpBC,IAAI,EAAEF,GAAG,CAACE,IAAI;QACdC,IAAI,EAAEH,GAAG,CAACG,IAAI;QACdC,KAAK,EAAEJ,GAAG,CAACI;MACb,CACF,CAAC;MACD,MAAM,IAAIlB,KAAK,CAAC,iCAAiCc,GAAG,CAACC,OAAO,EAAE,CAAC;IACjE;EACF;EAEQI,UAAUA,CAACC,EAAU,EAAEC,SAAiB,EAAkB;IAChE,IAAI,CAACC,eAAK,CAACC,QAAQ,CAACC,OAAO,CAACJ,EAAE,CAAC,EAAE;MAC/B,MAAM,IAAIpB,KAAK,CAAC,WAAWqB,SAAS,EAAE,CAAC;IACzC;IACA,OAAO,IAAIC,eAAK,CAACC,QAAQ,CAACH,EAAE,CAAC;EAC/B;EAEA,MAMMK,oCAAoCA,CAAA,EAAoB;IAC5D,MAAMC,MAAM,GAAG,IAAI,CAACvD,kBAAkB,CAACI,kBAAkB;IACzD,MAAMoD,QAAQ,GACXD,MAAM,GAAGvC,OAAO,CAACC,GAAG,CAACsC,MAAM,CAAC,GAAGE,SAAU;IAE5C,IAAID,QAAQ,EAAE;MACZ,OAAOA,QAAQ;IACjB;IAEA,MAAME,KAAK,GAAG1C,OAAO,CAACC,GAAG,CAAC0C,oBAAoB,IAAI,EAAE;IACpD,MAAMC,SAAS,GACb,IAAI,CAAC5D,kBAAkB,CAACK,qBAAqB,IAC7CC,0BAAmB,CAACC,kCAAkC;IAExD,MAAMsD,KAAK,GAAG,MAAM,IAAAC,iCAAwB,EAC1C,IAAI,CAACrE,OAAO,EACZiE,KAAK,EACLE,SACF,CAAC;IACD,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIhC,KAAK,CAAC,mDAAmD,CAAC;IACtE;IACA,OAAOgC,KAAK;EACd;EAEA,MAMcE,4BAA4BA,CAAA,EAAoB;IAC5D,IAAI;MACF,IAAI,IAAI,CAAC9D,yBAAyB,EAAE;QAClC,OAAO,IAAI,CAACA,yBAAyB;MACvC;MAEA,MAAMsD,MAAM,GAAGvC,OAAO,CAACC,GAAG,CAAC+C,mCAAmC;MAC9D,IAAIT,MAAM,EAAE;QACV,IAAI,CAACtD,yBAAyB,GAAGsD,MAAM;QACvC,OAAOA,MAAM;MACf;MAEA,MAAMG,KAAK,GAAG1C,OAAO,CAACC,GAAG,CAAC0C,oBAAoB,IAAI,EAAE;MACpD,MAAMrE,GAAG,GAAG,MAAM,IAAAwE,iCAAwB,EACxC,IAAI,CAACrE,OAAO,EAAEiE,KAAK,EAAEpD,0BAAmB,CAAC0D,mCAC3C,CAAC;MACD,IAAI,CAAC1E,GAAG,EAAE;QACR,IAAI,CAACG,OAAO,CAACmC,KAAK,CAAC,wDAAwD,CAAC;QAC5E,MAAM,IAAIC,KAAK,CAAC,wDAAwD,CAAC;MAC3E;MACA,IAAI,CAAC5B,yBAAyB,GAAGX,GAAG;MACpC,OAAOA,GAAG;IACZ,CAAC,CAAC,OAAOsC,KAAK,EAAE;MACd,IAAI,CAACnC,OAAO,CAACmC,KAAK,CAAC,iEAAiEA,KAAK,EAAE,CAAC;MAC5F,MAAM,IAAIC,KAAK,CAAC,iEAAiED,KAAK,EAAE,CAAC;IAC3F;EACF;EAEA,MAAcqC,uBAAuBA,CAACC,cAAsB,EAAmB;IAC7E,IAAI,CAACA,cAAc,EAAE;MACnB,IAAI,CAACzE,OAAO,CAACmC,KAAK,CAAC,2BAA2B,CAAC;MAC/C,MAAM,IAAIC,KAAK,CAAC,2BAA2B,CAAC;IAC9C;IAEA,IAAIqC,cAAc,CAACC,UAAU,CAAC,YAAY,CAAC,EAAE;MAC3C,OAAOD,cAAc;IACvB;IAEA,MAAM5E,GAAG,GAAG,MAAM,IAAI,CAACyE,4BAA4B,CAAC,CAAC;IACrD,IAAI,CAACzE,GAAG,EAAE;MACR,IAAI,CAACG,OAAO,CAACmC,KAAK,CAAC,iEAAiE,CAAC;MACrF,MAAM,IAAIC,KAAK,CAAC,iEAAiE,CAAC;IACpF;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,6CAA6C9C,GAAG,EAAE,CAAC;IAErE,MAAM8E,SAAS,GAAG,IAAI,CAACC,sBAAsB,CAAC/E,GAAG,CAAC;IAClD,IAAI,CAAC8E,SAAS,EAAE;MACd,IAAI,CAAC3E,OAAO,CAACmC,KAAK,CAAC,sBAAsB,CAAC;MAC1C,MAAM,IAAIC,KAAK,CAAC,sBAAsB,CAAC;IACzC;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,oDAAoDgC,SAAS,EAAE,CAAC;IAElF,MAAME,QAAQ,GAAG,IAAI,CAACxD,eAAe,CAAC,CAAC;IACvC,IAAI,CAACwD,QAAQ,EAAE;MACb,IAAI,CAAC7E,OAAO,CAACmC,KAAK,CAAC,qBAAqB,CAAC;MACzC,MAAM,IAAIC,KAAK,CAAC,qBAAqB,CAAC;IACxC;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,mDAAmDkC,QAAQ,EAAE,CAAC;IAEhF,MAAMC,QAAQ,GAAG3I,MAAM,CAAC4I,gBAAgB,CAAC,aAAa,EAAEJ,SAAS,EAAEE,QAAQ,CAAC;IAC5E,IAAI,CAACC,QAAQ,EAAE;MACb,IAAI,CAAC9E,OAAO,CAACmC,KAAK,CAAC,oBAAoB,CAAC;MACxC,MAAM,IAAIC,KAAK,CAAC,oBAAoB,CAAC;IACvC;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,kDAAkDmC,QAAQ,EAAE,CAAC;IAE/E,IAAIE,SAAS,GAAGF,QAAQ,CAACG,MAAM,CAACR,cAAc,EAAE,QAAQ,EAAE,MAAM,CAAC;IACjE,IAAI,CAACO,SAAS,EAAE;MACd,IAAI,CAAChF,OAAO,CAACmC,KAAK,CAAC,2BAA2B,CAAC;MAC/C,MAAM,IAAIC,KAAK,CAAC,2BAA2B,CAAC;IAC9C;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,yDAAyDqC,SAAS,EAAE,CAAC;IAEvFA,SAAS,IAAIF,QAAQ,CAACI,KAAK,CAAC,MAAM,CAAC;IACnC,IAAI,CAACF,SAAS,EAAE;MACd,IAAI,CAAChF,OAAO,CAACmC,KAAK,CAAC,2BAA2B,CAAC;MAC/C,MAAM,IAAIC,KAAK,CAAC,2BAA2B,CAAC;IAC9C;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,yDAAyDqC,SAAS,EAAE,CAAC;IAEvF,OAAOA,SAAS;EAClB;EAEQJ,sBAAsBA,CAAC/E,GAAW,EAAU;IAClD,MAAMsF,OAAO,GAAGzD,MAAM,CAACK,IAAI,CAAClC,GAAG,EAAE,MAAM,CAAC;IACxC,IAAIsF,OAAO,CAACnD,MAAM,KAAK,EAAE,EAAE;MACzB,OAAOmD,OAAO;IAChB;IAEA,MAAMC,SAAS,GAAG1D,MAAM,CAACK,IAAI,CAAClC,GAAG,EAAE,QAAQ,CAAC;IAC5C,IAAIuF,SAAS,CAACpD,MAAM,KAAK,EAAE,EAAE;MAC3B,OAAOoD,SAAS;IAClB;IAEA,MAAMC,MAAM,GAAG3D,MAAM,CAACK,IAAI,CAAClC,GAAG,EAAE,KAAK,CAAC;IACtC,IAAIwF,MAAM,CAACrD,MAAM,KAAK,EAAE,EAAE;MACxB,OAAOqD,MAAM;IACf;IAEA,IAAI,CAACrF,OAAO,CAACmC,KAAK,CAAC,6EAA6EgD,OAAO,CAACnD,MAAM,GAAG,CAAC;IAClH,MAAM,IAAII,KAAK,CACb,6EAA6E+C,OAAO,CAACnD,MAAM,GAC7F,CAAC;EACH;EAEA,MAUMsD,2BAA2BA,CAC/BrF,UAAkB,EAClBC,KAAc,EACdI,aAAsB,EACL;IACjB,IAAI,CAACJ,KAAK,EAAE;MACV,MAAM,IAAIkC,KAAK,CAAC,qDAAqD,CAAC;IACxE;IACA,MAAMmD,qBAAqB,GAAGjF,aAAa,WAAbA,aAAa,GAAI,MAAM;IACrD,MAAMkF,eAAe,GAAG,MAAM,IAAI,CAAC3B,oCAAoC,CAAC,CAAC;IACzE,MAAMrB,UAAU,GAAG,MAAM,IAAI,CAACH,2BAA2B,CAACmD,eAAe,CAAC;IAE1E,MAAMC,aAAa,GAAG,IAAI,CAACC,QAAQ,CACjClD,UAAU,EACVmD,2CAA4B,EAC5BC,iCAAkB,CAACC,MAAM,EACzBC,6CACF,CAA0B;IAE1B,MAAMC,MAA+B,GAAG;MACtC9F,UAAU,EAAE,IAAI,CAACsD,UAAU,CAACtD,UAAU,EAAE,YAAY;IACtD,CAAC;IACD8F,MAAM,CAAC7F,KAAK,GAAGA,KAAK;IACpB6F,MAAM,CAACzF,aAAa,GAAGiF,qBAAqB;IAE5C,MAAMS,aAAa,GAChB,MAAMP,aAAa,CAACQ,OAAO,CAACF,MAAM,CAAC,CAACG,IAAI,CAAC,CAAC,CAACC,IAAI,CAAC,CAE3C;IACR,IAAI,EAACH,aAAa,YAAbA,aAAa,CAAEhF,gBAAgB,GAAE;MACpC,MAAM,IAAIoB,KAAK,CAAC,4CAA4C,CAAC;IAC/D;IACA,MAAMgE,yBAAyB,GAAG,MAAM,IAAI,CAAC5B,uBAAuB,CAClEwB,aAAa,CAAChF,gBAChB,CAAC;IACD,IAAI,CAAChB,OAAO,CAAC2C,IAAI,CACf,uDAAuD,IAAI,CAAC5B,qBAAqB,CAACqF,yBAAyB,CAAC,GAC9G,CAAC;IACD,OAAOA,yBAAyB;EAClC;EAEUC,aAAaA,CAAA,EAAkC;IACvD,IAAI,CAAC,IAAI,CAAC5F,sBAAsB,EAAE,OAAOuD,SAAS;IAClD,OAAOvE,qBAAqB,CAAC8C,WAAW,CAAC9E,GAAG,CAAC,IAAI,CAACgD,sBAAsB,CAAC;EAC3E;EAEA,MAAgBlB,sBAAsBA,CAAA,EAA+B;IACnE,IAAI,IAAI,CAACmB,iBAAiB,EAAE;MAC1B,OAAO,IAAI,CAACA,iBAAiB;IAC/B;IAEA,IAAI,IAAI,CAACD,sBAAsB,EAAE;MAC/B,MAAM6B,QAAQ,GAAG,IAAI,CAAC+D,aAAa,CAAC,CAAC;MACrC,IAAI/D,QAAQ,IAAIA,QAAQ,CAACE,UAAU,CAACC,UAAU,KAAK,CAAC,EAAE;QACpD,OAAOH,QAAQ;MACjB;IACF;IAEA,MAAMgE,WAAW,GAAG,MAAM,IAAI,CAAChB,2BAA2B,CACxD,IAAI,CAACrF,UAAU,EACf,IAAI,CAACC,KAAK,EACV,IAAI,CAACI,aACP,CAAC;IACD,IAAI,CAACG,sBAAsB,GAAG6F,WAAW;IACzC,IAAI,CAAC5F,iBAAiB,GAAG,IAAI,CAAC2B,2BAA2B,CAACiE,WAAW,CAAC;IACtE,OAAO,IAAI,CAAC5F,iBAAiB;EAC/B;EAEA,MAAM6F,4BAA4BA,CAACvF,gBAAwB,EAAiB;IAC1E,MAAMsB,QAAQ,GAAG7C,qBAAqB,CAAC8C,WAAW,CAAC9E,GAAG,CAACuD,gBAAgB,CAAC;IACxE,IAAI,CAACsB,QAAQ,EAAE;IACf,IAAI;MACF,MAAMA,QAAQ,CAACkE,UAAU,CAAC,CAAC;MAC3B,IAAI,CAACxG,OAAO,CAAC2C,IAAI,CAAC,iCAAiC,IAAI,CAAC5B,qBAAqB,CAACC,gBAAgB,CAAC,GAAG,CAAC;IACrG,CAAC,CAAC,OAAOmB,KAAK,EAAE;MACd,IAAI,CAACnC,OAAO,CAACmC,KAAK,CAAC,wCAAwC,IAAI,CAACpB,qBAAqB,CAACC,gBAAgB,CAAC,GAAG,EAAEmB,KAAK,CAAC;IACpH,CAAC,SAAS;MACR1C,qBAAqB,CAAC8C,WAAW,CAACkE,MAAM,CAACzF,gBAAgB,CAAC;IAC5D;EACF;EAEA,MAAM0F,gBAAgBA,CAAA,EAAkB;IACtC,MAAMJ,WAAW,GAAG,MAAM,IAAI,CAAChB,2BAA2B,CACxD,IAAI,CAACrF,UAAU,EACf,IAAI,CAACC,KACP,CAAC;IACD,MAAM,IAAI,CAACqG,4BAA4B,CAACD,WAAW,CAAC;IACpD,IAAI,CAAC7F,sBAAsB,GAAGuD,SAAS;IACvC,IAAI,CAACtD,iBAAiB,GAAGsD,SAAS;EACpC;EAEU2C,cAAcA,CACtBC,SAAiB,EACjBf,MAAmB,EACnBgB,cAAuB,EACX;IACZ,MAAMrE,UAAU,GAAG,IAAI,CAAC6D,aAAa,CAAC,CAAC;IACvC,IAAI,CAAC7D,UAAU,EAAE;MACf,MAAM,IAAIJ,KAAK,CAAC,qCAAqC,CAAC;IACxD;IACA,OAAO,IAAI,CAACsD,QAAQ,CAAClD,UAAU,EAAEoE,SAAS,EAAEf,MAAM,EAAEgB,cAAc,CAAC;EACrE;EAEUC,KAAKA,CAAIA,KAAe,EAAED,cAAuB,EAAY;IACrE,OAAO,IAAI,CAACF,cAAc,CACxBG,KAAK,CAACF,SAAS,EACfE,KAAK,CAACjB,MAAM,EACZgB,cACF,CAAC;EACH;EAEUnB,QAAQA,CAChBlD,UAA6B,EAC7BoE,SAAiB,EACjBf,MAAmB,EACnBgB,cAAuB,EACX;IACZ,IAAIrE,UAAU,CAACuE,MAAM,CAACH,SAAS,CAAC,EAAE;MAChC,OAAOpE,UAAU,CAACuE,MAAM,CAACH,SAAS,CAAC;IACrC;IACA,OAAOpE,UAAU,CAACsE,KAAK,CAACF,SAAS,EAAEf,MAAM,EAAEgB,cAAc,CAAC;EAC5D;AACF,CAAC,EAAAjK,sBAAA,CApYgB2F,WAAW,GAAkB,IAAIyE,GAAG,CAAC,CAAC,EAAApK,sBAAA,GAAAoB,yBAAA,CAAArB,MAAA,CAAAsK,SAAA,2CAAAzK,IAAA,GAAAqB,MAAA,CAAAE,wBAAA,CAAApB,MAAA,CAAAsK,SAAA,2CAAAtK,MAAA,CAAAsK,SAAA,GAAAjJ,yBAAA,CAAArB,MAAA,CAAAsK,SAAA,mCAAAxK,KAAA,GAAAoB,MAAA,CAAAE,wBAAA,CAAApB,MAAA,CAAAsK,SAAA,mCAAAtK,MAAA,CAAAsK,SAAA,GAAAjJ,yBAAA,CAAArB,MAAA,CAAAsK,SAAA,kCAAAvK,KAAA,GAAAmB,MAAA,CAAAE,wBAAA,CAAApB,MAAA,CAAAsK,SAAA,kCAAAtK,MAAA,CAAAsK,SAAA,GAAAtK,MAAA;AAsYhD,MAAeuK,qBAAqB,SAAYzH,qBAAqB,CAAC;EAAAW,YAAA,GAAAd,IAAA;IAAA,SAAAA,IAAA;IAAA,KAC/C6H,QAAQ;EAAA;EAEpC,IAAcC,OAAOA,CAAA,EAAa;IAChC,OAAO,IAAI,CAACN,KAAK,CAAC,IAAI,CAACK,QAAQ,CAAC;EAClC;AACF;AAACzH,OAAA,CAAAwH,qBAAA,GAAAA,qBAAA","ignoreList":[]}
1
+ {"version":3,"file":"multi-tenant.repository.js","names":["_mongoose","_interopRequireWildcard","require","crypto","_enums","_cache","_secrets","_configMapping","_dec","_dec2","_dec3","_class","_MultiTenantRepository","e","t","WeakMap","r","n","__esModule","o","i","f","__proto__","default","has","get","set","hasOwnProperty","call","Object","defineProperty","getOwnPropertyDescriptor","_applyDecoratedDescriptor","l","a","keys","forEach","enumerable","configurable","initializer","writable","slice","reverse","reduce","value","tenantDbCache","createCache","tenantBridgeCache","encryptionKeyCache","WithTenantDb","_target","_propertyKey","descriptor","originalMethod","args","ensureClientConnection","apply","MultiTenantRepository","exports","Cacheable","cache","key","getContext","instance","context","businessId","appId","serviceDbType","constructor","config","serviceDBType","tenantBridgeConfig","dbConnectionEncryptionKey","clientConnectionString","connectionPromise","tenantBridgeEnvKey","tenantBridgeSecretKey","AzureSecretKeysEnum","DB_CONNECTION_STRING_TENANT_BRIDGE","getConnectionLogLabel","connectionString","match","dbName","toLowerCase","includes","getEncryptionIv","iv","process","env","DB_CONNECTION_STRING_ENCRYPTION_IV","Buffer","alloc","normalizeFixedSize","label","utf8Value","from","length","base64Value","hexValue","error","Error","getOrCreateCachedConnection","existing","connections","connection","readyState","dbLabel","info","mongoose","Mongoose","connect","serverSelectionTimeoutMS","connectTimeoutMS","socketTimeoutMS","err","message","name","code","stack","toObjectId","id","fieldName","Types","ObjectId","isValid","getTenantBridgeSrvDbConnectionString","envKey","localUri","undefined","vault","AZURE_KEY_VAULT_NAME","secretKey","dbUrl","getAzureVaultSecretByKey","getDbConnectionEncryptionKey","DB_CONNECTION_STRING_ENCRYPTION_KEY","decryptConnectionString","encryptedValue","startsWith","keyBuffer","normalizeEncryptionKey","ivBuffer","decipher","createDecipheriv","decrypted","update","final","utf8Key","base64Key","hexKey","getClientDbConnectionString","resolvedServiceDbType","tenantBridgeUrl","tenantBridgeDb","ConfigMapping","getModel","CONFIG_MAPPING_DOCUMENT_NAME","ConfigMappingModel","schema","CONFIG_MAPPING_COLLECTION_NAME","filter","configMapping","findOne","lean","exec","decryptedConnectionString","getConnection","clientDbUrl","disconnectByConnectionString","disconnect","delete","disconnectClient","getTenantModel","modelName","collectionName","model","models","Map","prototype","TenantModelRepository","modelDef","dbModel"],"sources":["../../../src/repositories/multi-tenant.repository.ts"],"sourcesContent":["import mongoose, { Model, Schema, Types } from \"mongoose\";\nimport * as crypto from \"crypto\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { DefaultAzureCredential } from \"@azure/identity\";\nimport { SecretClient } from \"@azure/keyvault-secrets\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { Cacheable, createCache } from \"../utils/cache\";\nimport { getAzureVaultSecretByKey } from \"../utils/secrets\";\nimport {\n CONFIG_MAPPING_COLLECTION_NAME,\n CONFIG_MAPPING_DOCUMENT_NAME,\n ConfigMappingModel,\n IConfigMapping,\n} from \"../models/config-mapping.model\";\n\ntype ConnectionMap = Map<string, mongoose.Mongoose>;\n\ntype TenantBridgeConfig = {\n tenantBridgeEnvKey?: string;\n tenantBridgeSecretKey?: AzureSecretKeysEnum;\n};\n\nconst tenantDbCache = createCache(\"tenant-db\", 600);\nconst tenantBridgeCache = createCache(\"tenant-bridge-db-connection-string\", 1800);\nconst encryptionKeyCache = createCache(\"db-enc-key\", 1800);\n\n/**\n * Decorator that ensures tenant DB is connected before the method runs.\n */\nexport function WithTenantDb(\n _target: any,\n _propertyKey: string | symbol,\n descriptor: TypedPropertyDescriptor<(...args: any[]) => Promise<any>>,\n): void {\n if (!descriptor.value) return;\n const originalMethod = descriptor.value;\n descriptor.value = async function (\n this: MultiTenantRepository,\n ...args: any[]\n ) {\n await this.ensureClientConnection();\n return originalMethod.apply(this, args);\n };\n}\n\nexport class MultiTenantRepository {\n private static connections: ConnectionMap = new Map();\n private readonly context: InvocationContext;\n private readonly tenantBridgeConfig: TenantBridgeConfig;\n private readonly businessId: string;\n private readonly appId?: string;\n private readonly serviceDBType?: string;\n private dbConnectionEncryptionKey?: string;\n private clientConnectionString?: string;\n private connectionPromise?: Promise<mongoose.Mongoose>;\n\n constructor(\n context: InvocationContext,\n businessId: string,\n appId?: string,\n config?: TenantBridgeConfig,\n serviceDBType?: string,\n ) {\n this.context = context;\n this.businessId = businessId;\n this.appId = appId;\n this.serviceDBType = serviceDBType ?? \"main\";\n this.tenantBridgeConfig = {\n tenantBridgeEnvKey: \"TENANT_BRIDGE_DB_URI\",\n tenantBridgeSecretKey: AzureSecretKeysEnum.DB_CONNECTION_STRING_TENANT_BRIDGE,\n ...config,\n };\n\n this.connectionPromise = this.ensureClientConnection();\n }\n\n private getConnectionLogLabel(connectionString: string): string {\n const match = connectionString.match(/\\/([^/?]+)(\\?|$)/);\n const dbName = match?.[1] || \"unknown\";\n if (dbName.toLowerCase().includes(\"tenantbridge\")) {\n return \"TenantBridge-DB\";\n }\n if (dbName.toLowerCase().includes(\"user\")) {\n return \"Auth-DB\";\n }\n return `${dbName}-DB`;\n }\n\n private getEncryptionIv(): Buffer {\n const iv = process.env.DB_CONNECTION_STRING_ENCRYPTION_IV;\n if (!iv) {\n return Buffer.alloc(16, 0);\n }\n return this.normalizeFixedSize(iv, \"IV\");\n }\n\n private normalizeFixedSize(value: string, label: string): Buffer {\n const utf8Value = Buffer.from(value, \"utf8\");\n if (utf8Value.length === 16) {\n return utf8Value;\n }\n\n const base64Value = Buffer.from(value, \"base64\");\n if (base64Value.length === 16) {\n return base64Value;\n }\n\n const hexValue = Buffer.from(value, \"hex\");\n if (hexValue.length === 16) {\n return hexValue;\n }\n\n this.context.error(`${label} must be 16 bytes for aes-128-cbc (got ${utf8Value.length})`);\n throw new Error(\n `${label} must be 16 bytes for aes-128-cbc (got ${utf8Value.length})`,\n );\n }\n\n private async getOrCreateCachedConnection(\n connectionString: string,\n ): Promise<mongoose.Mongoose> {\n const existing = MultiTenantRepository.connections.get(connectionString);\n if (existing && existing.connection.readyState === 1) {\n return existing;\n }\n\n const dbLabel = this.getConnectionLogLabel(connectionString);\n this.context.info(`Initializing database connection (${dbLabel})...`);\n const instance = new mongoose.Mongoose();\n\n try {\n await instance.connect(connectionString, {\n serverSelectionTimeoutMS: 10000,\n connectTimeoutMS: 10000,\n socketTimeoutMS: 45000,\n });\n this.context.info(`✅ MongoDB connected successfully (${dbLabel})`);\n MultiTenantRepository.connections.set(connectionString, instance);\n return instance;\n } catch (err: any) {\n this.context.error(\n `❌ MongoDB connection error for (${dbLabel})`,\n {\n message: err.message,\n name: err.name,\n code: err.code,\n stack: err.stack,\n },\n );\n throw new Error(`Failed to connect to MongoDB: ${err.message}`);\n }\n }\n\n private toObjectId(id: string, fieldName: string): Types.ObjectId {\n if (!Types.ObjectId.isValid(id)) {\n throw new Error(`Invalid ${fieldName}`);\n }\n return new Types.ObjectId(id);\n }\n\n @Cacheable({\n cache: tenantBridgeCache,\n key: () => [\"tenant-bridge\"],\n getContext: (instance: unknown) =>\n (instance as MultiTenantRepository).context,\n })\n async getTenantBridgeSrvDbConnectionString(): Promise<string> {\n const envKey = this.tenantBridgeConfig.tenantBridgeEnvKey;\n const localUri =\n (envKey ? process.env[envKey] : undefined);\n\n if (localUri) {\n return localUri;\n }\n\n const vault = process.env.AZURE_KEY_VAULT_NAME || \"\";\n const secretKey =\n this.tenantBridgeConfig.tenantBridgeSecretKey ||\n AzureSecretKeysEnum.DB_CONNECTION_STRING_TENANT_BRIDGE;\n\n const dbUrl = await getAzureVaultSecretByKey(\n this.context,\n vault,\n secretKey,\n );\n if (!dbUrl) {\n throw new Error(\"TenantBridge database connection string not found\");\n }\n return dbUrl;\n }\n\n @Cacheable({\n cache: encryptionKeyCache,\n key: () => [\"key\"],\n getContext: (instance: unknown) =>\n (instance as MultiTenantRepository).context,\n })\n private async getDbConnectionEncryptionKey(): Promise<string> {\n try {\n if (this.dbConnectionEncryptionKey) {\n return this.dbConnectionEncryptionKey;\n }\n\n const envKey = process.env.DB_CONNECTION_STRING_ENCRYPTION_KEY;\n if (envKey) {\n this.dbConnectionEncryptionKey = envKey;\n return envKey;\n }\n\n const vault = process.env.AZURE_KEY_VAULT_NAME || \"\";\n const key = await getAzureVaultSecretByKey(\n this.context, vault, AzureSecretKeysEnum.DB_CONNECTION_STRING_ENCRYPTION_KEY\n );\n if (!key) {\n this.context.error(\"DB connection string encryption key not found in vault\");\n throw new Error(\"DB connection string encryption key not found in vault\");\n }\n this.dbConnectionEncryptionKey = key;\n return key;\n } catch (error) {\n this.context.error(`Error getting DB connection string encryption key from vault: ${error}`);\n throw new Error(`Error getting DB connection string encryption key from vault: ${error}`);\n }\n }\n\n private async decryptConnectionString(encryptedValue: string): Promise<string> {\n if (!encryptedValue) {\n this.context.error(\"Encrypted value not found\");\n throw new Error(\"Encrypted value not found\");\n }\n\n if (encryptedValue.startsWith(\"mongodb://\")) {\n return encryptedValue;\n }\n\n const key = await this.getDbConnectionEncryptionKey();\n if (!key) {\n this.context.error(\"DB connection string encryption key not found during decryption\");\n throw new Error(\"DB connection string encryption key not found during decryption\");\n }\n this.context.info(`Decrypting DB connection string with key: ${key}`);\n\n const keyBuffer = this.normalizeEncryptionKey(key);\n if (!keyBuffer) {\n this.context.error(\"Key buffer not found\");\n throw new Error(\"Key buffer not found\");\n }\n this.context.info(`Decrypting DB connection string with key buffer: ${keyBuffer}`);\n\n const ivBuffer = this.getEncryptionIv();\n if (!ivBuffer) {\n this.context.error(\"IV buffer not found\");\n throw new Error(\"IV buffer not found\");\n }\n this.context.info(`Decrypting DB connection string with IV buffer: ${ivBuffer}`);\n\n const decipher = crypto.createDecipheriv(\"aes-128-cbc\", keyBuffer, ivBuffer);\n if (!decipher) {\n this.context.error(\"Decipher not found\");\n throw new Error(\"Decipher not found\");\n }\n this.context.info(`Decrypting DB connection string with decipher: ${decipher}`);\n\n let decrypted = decipher.update(encryptedValue, \"base64\", \"utf8\");\n if (!decrypted) {\n this.context.error(\"Decrypted value not found\");\n throw new Error(\"Decrypted value not found\");\n }\n this.context.info(`Decrypting DB connection string with decrypted value: ${decrypted}`);\n\n decrypted += decipher.final(\"utf8\");\n if (!decrypted) {\n this.context.error(\"Decrypted value not found\");\n throw new Error(\"Decrypted value not found\");\n }\n this.context.info(`Decrypting DB connection string with decrypted value: ${decrypted}`);\n\n return decrypted;\n }\n\n private normalizeEncryptionKey(key: string): Buffer {\n const utf8Key = Buffer.from(key, \"utf8\");\n if (utf8Key.length === 16) {\n return utf8Key;\n }\n\n const base64Key = Buffer.from(key, \"base64\");\n if (base64Key.length === 16) {\n return base64Key;\n }\n\n const hexKey = Buffer.from(key, \"hex\");\n if (hexKey.length === 16) {\n return hexKey;\n }\n\n this.context.error(`DB connection string encryption key must be 16 bytes for aes-128-cbc (got ${utf8Key.length})`);\n throw new Error(\n `DB connection string encryption key must be 16 bytes for aes-128-cbc (got ${utf8Key.length})`,\n );\n }\n\n @Cacheable({\n cache: tenantDbCache,\n key: (businessId: string, appId?: string, serviceDbType?: string) => [\n businessId,\n appId,\n serviceDbType,\n ],\n getContext: (instance: unknown) =>\n (instance as MultiTenantRepository).context,\n })\n async getClientDbConnectionString(\n businessId: string,\n appId?: string,\n serviceDBType?: string,\n ): Promise<string> {\n if (!appId) {\n throw new Error(\"appId is required to resolve tenant client database\");\n }\n const resolvedServiceDbType = serviceDBType ?? \"main\";\n const tenantBridgeUrl = await this.getTenantBridgeSrvDbConnectionString();\n const connection = await this.getOrCreateCachedConnection(tenantBridgeUrl);\n\n this.context.info(\"Resolving tenant DB mapping\", {\n businessId,\n appId,\n serviceDBType: resolvedServiceDbType,\n tenantBridgeDb: this.getConnectionLogLabel(tenantBridgeUrl),\n });\n\n const ConfigMapping = this.getModel(\n connection,\n CONFIG_MAPPING_DOCUMENT_NAME,\n ConfigMappingModel.schema,\n CONFIG_MAPPING_COLLECTION_NAME,\n ) as Model<IConfigMapping>;\n\n const filter: Record<string, unknown> = {\n businessId: this.toObjectId(businessId, \"businessId\"),\n };\n filter.appId = appId;\n filter.serviceDBType = resolvedServiceDbType;\n\n const configMapping =\n (await ConfigMapping.findOne(filter).lean().exec()) as\n | IConfigMapping\n | null;\n if (!configMapping?.connectionString) {\n this.context.error(\"Config mapping not found for tenant\", {\n businessId,\n appId,\n serviceDBType: resolvedServiceDbType,\n tenantBridgeDb: this.getConnectionLogLabel(tenantBridgeUrl),\n filter,\n });\n throw new Error(\"Config mapping not found for this business\");\n }\n const decryptedConnectionString = await this.decryptConnectionString(\n configMapping.connectionString,\n );\n this.context.info(\n `Resolved tenant database mapping from TenantBridge (${this.getConnectionLogLabel(decryptedConnectionString)})`,\n );\n return decryptedConnectionString;\n }\n\n protected getConnection(): mongoose.Mongoose | undefined {\n if (!this.clientConnectionString) return undefined;\n return MultiTenantRepository.connections.get(this.clientConnectionString);\n }\n\n protected async ensureClientConnection(): Promise<mongoose.Mongoose> {\n if (this.connectionPromise) {\n return this.connectionPromise;\n }\n\n if (this.clientConnectionString) {\n const existing = this.getConnection();\n if (existing && existing.connection.readyState === 1) {\n return existing;\n }\n }\n\n const clientDbUrl = await this.getClientDbConnectionString(\n this.businessId,\n this.appId,\n this.serviceDBType,\n );\n this.clientConnectionString = clientDbUrl;\n this.connectionPromise = this.getOrCreateCachedConnection(clientDbUrl);\n return this.connectionPromise;\n }\n\n async disconnectByConnectionString(connectionString: string): Promise<void> {\n const existing = MultiTenantRepository.connections.get(connectionString);\n if (!existing) return;\n try {\n await existing.disconnect();\n this.context.info(`✅ Disconnected from database (${this.getConnectionLogLabel(connectionString)})`);\n } catch (error) {\n this.context.error(`❌ Error disconnecting from database (${this.getConnectionLogLabel(connectionString)})`, error);\n } finally {\n MultiTenantRepository.connections.delete(connectionString);\n }\n }\n\n async disconnectClient(): Promise<void> {\n const clientDbUrl = await this.getClientDbConnectionString(\n this.businessId,\n this.appId,\n );\n await this.disconnectByConnectionString(clientDbUrl);\n this.clientConnectionString = undefined;\n this.connectionPromise = undefined;\n }\n\n protected getTenantModel(\n modelName: string,\n schema: Schema<any>,\n collectionName?: string,\n ): Model<any> {\n const connection = this.getConnection();\n if (!connection) {\n throw new Error(\"database connection not established\");\n }\n return this.getModel(connection, modelName, schema, collectionName);\n }\n\n protected model<T>(model: Model<T>, collectionName?: string): Model<T> {\n return this.getTenantModel(\n model.modelName,\n model.schema,\n collectionName,\n ) as Model<T>;\n }\n\n protected getModel(\n connection: mongoose.Mongoose,\n modelName: string,\n schema: Schema<any>,\n collectionName?: string,\n ): Model<any> {\n if (connection.models[modelName]) {\n return connection.models[modelName] as Model<any>;\n }\n return connection.model(modelName, schema, collectionName);\n }\n}\n\nexport abstract class TenantModelRepository<T> extends MultiTenantRepository {\n protected abstract readonly modelDef: Model<T>;\n\n protected get dbModel(): Model<T> {\n return this.model(this.modelDef);\n }\n}\n"],"mappings":";;;;;AAAA,IAAAA,SAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAF,uBAAA,CAAAC,OAAA;AAIA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,MAAA,GAAAH,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AACA,IAAAK,cAAA,GAAAL,OAAA;AAKwC,IAAAM,IAAA,EAAAC,KAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,sBAAA;AAAA,SAAAX,wBAAAY,CAAA,EAAAC,CAAA,6BAAAC,OAAA,MAAAC,CAAA,OAAAD,OAAA,IAAAE,CAAA,OAAAF,OAAA,YAAAd,uBAAA,YAAAA,CAAAY,CAAA,EAAAC,CAAA,SAAAA,CAAA,IAAAD,CAAA,IAAAA,CAAA,CAAAK,UAAA,SAAAL,CAAA,MAAAM,CAAA,EAAAC,CAAA,EAAAC,CAAA,KAAAC,SAAA,QAAAC,OAAA,EAAAV,CAAA,iBAAAA,CAAA,uBAAAA,CAAA,yBAAAA,CAAA,SAAAQ,CAAA,MAAAF,CAAA,GAAAL,CAAA,GAAAG,CAAA,GAAAD,CAAA,QAAAG,CAAA,CAAAK,GAAA,CAAAX,CAAA,UAAAM,CAAA,CAAAM,GAAA,CAAAZ,CAAA,GAAAM,CAAA,CAAAO,GAAA,CAAAb,CAAA,EAAAQ,CAAA,gBAAAP,CAAA,IAAAD,CAAA,gBAAAC,CAAA,OAAAa,cAAA,CAAAC,IAAA,CAAAf,CAAA,EAAAC,CAAA,OAAAM,CAAA,IAAAD,CAAA,GAAAU,MAAA,CAAAC,cAAA,KAAAD,MAAA,CAAAE,wBAAA,CAAAlB,CAAA,EAAAC,CAAA,OAAAM,CAAA,CAAAK,GAAA,IAAAL,CAAA,CAAAM,GAAA,IAAAP,CAAA,CAAAE,CAAA,EAAAP,CAAA,EAAAM,CAAA,IAAAC,CAAA,CAAAP,CAAA,IAAAD,CAAA,CAAAC,CAAA,WAAAO,CAAA,KAAAR,CAAA,EAAAC,CAAA;AAAA,SAAAkB,0BAAAZ,CAAA,EAAAP,CAAA,EAAAG,CAAA,EAAAC,CAAA,EAAAgB,CAAA,QAAAC,CAAA,cAAAL,MAAA,CAAAM,IAAA,CAAAlB,CAAA,EAAAmB,OAAA,WAAAhB,CAAA,IAAAc,CAAA,CAAAd,CAAA,IAAAH,CAAA,CAAAG,CAAA,OAAAc,CAAA,CAAAG,UAAA,KAAAH,CAAA,CAAAG,UAAA,EAAAH,CAAA,CAAAI,YAAA,KAAAJ,CAAA,CAAAI,YAAA,cAAAJ,CAAA,IAAAA,CAAA,CAAAK,WAAA,MAAAL,CAAA,CAAAM,QAAA,QAAAN,CAAA,GAAAlB,CAAA,CAAAyB,KAAA,GAAAC,OAAA,GAAAC,MAAA,WAAA3B,CAAA,EAAAC,CAAA,WAAAA,CAAA,CAAAG,CAAA,EAAAP,CAAA,EAAAG,CAAA,KAAAA,CAAA,KAAAkB,CAAA,GAAAD,CAAA,eAAAC,CAAA,CAAAK,WAAA,KAAAL,CAAA,CAAAU,KAAA,GAAAV,CAAA,CAAAK,WAAA,GAAAL,CAAA,CAAAK,WAAA,CAAAX,IAAA,CAAAK,CAAA,YAAAC,CAAA,CAAAK,WAAA,uBAAAL,CAAA,CAAAK,WAAA,IAAAV,MAAA,CAAAC,cAAA,CAAAV,CAAA,EAAAP,CAAA,EAAAqB,CAAA,WAAAA,CAAA;AASxC,MAAMW,aAAa,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,GAAG,CAAC;AACnD,MAAMC,iBAAiB,GAAG,IAAAD,kBAAW,EAAC,oCAAoC,EAAE,IAAI,CAAC;AACjF,MAAME,kBAAkB,GAAG,IAAAF,kBAAW,EAAC,YAAY,EAAE,IAAI,CAAC;;AAE1D;AACA;AACA;AACO,SAASG,YAAYA,CAC1BC,OAAY,EACZC,YAA6B,EAC7BC,UAAqE,EAC/D;EACN,IAAI,CAACA,UAAU,CAACR,KAAK,EAAE;EACvB,MAAMS,cAAc,GAAGD,UAAU,CAACR,KAAK;EACvCQ,UAAU,CAACR,KAAK,GAAG,gBAEjB,GAAGU,IAAW,EACd;IACA,MAAM,IAAI,CAACC,sBAAsB,CAAC,CAAC;IACnC,OAAOF,cAAc,CAACG,KAAK,CAAC,IAAI,EAAEF,IAAI,CAAC;EACzC,CAAC;AACH;AAAC,IAEYG,qBAAqB,GAAAC,OAAA,CAAAD,qBAAA,IAAAjD,IAAA,GAmH/B,IAAAmD,gBAAS,EAAC;EACTC,KAAK,EAAEb,iBAAiB;EACxBc,GAAG,EAAEA,CAAA,KAAM,CAAC,eAAe,CAAC;EAC5BC,UAAU,EAAGC,QAAiB,IAC3BA,QAAQ,CAA2BC;AACxC,CAAC,CAAC,EAAAvD,KAAA,GA0BD,IAAAkD,gBAAS,EAAC;EACTC,KAAK,EAAEZ,kBAAkB;EACzBa,GAAG,EAAEA,CAAA,KAAM,CAAC,KAAK,CAAC;EAClBC,UAAU,EAAGC,QAAiB,IAC3BA,QAAQ,CAA2BC;AACxC,CAAC,CAAC,EAAAtD,KAAA,GA0GD,IAAAiD,gBAAS,EAAC;EACTC,KAAK,EAAEf,aAAa;EACpBgB,GAAG,EAAEA,CAACI,UAAkB,EAAEC,KAAc,EAAEC,aAAsB,KAAK,CACnEF,UAAU,EACVC,KAAK,EACLC,aAAa,CACd;EACDL,UAAU,EAAGC,QAAiB,IAC3BA,QAAQ,CAA2BC;AACxC,CAAC,CAAC,EAAArD,MAAA,IAAAC,sBAAA,GA1QG,MAAM6C,qBAAqB,CAAC;EAWjCW,WAAWA,CACTJ,OAA0B,EAC1BC,UAAkB,EAClBC,KAAc,EACdG,MAA2B,EAC3BC,aAAsB,EACtB;IAAA,KAfeN,OAAO;IAAA,KACPO,kBAAkB;IAAA,KAClBN,UAAU;IAAA,KACVC,KAAK;IAAA,KACLI,aAAa;IAAA,KACtBE,yBAAyB;IAAA,KACzBC,sBAAsB;IAAA,KACtBC,iBAAiB;IASvB,IAAI,CAACV,OAAO,GAAGA,OAAO;IACtB,IAAI,CAACC,UAAU,GAAGA,UAAU;IAC5B,IAAI,CAACC,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,aAAa,GAAGA,aAAa,WAAbA,aAAa,GAAI,MAAM;IAC5C,IAAI,CAACC,kBAAkB,GAAG;MACxBI,kBAAkB,EAAE,sBAAsB;MAC1CC,qBAAqB,EAAEC,0BAAmB,CAACC,kCAAkC;MAC7E,GAAGT;IACL,CAAC;IAED,IAAI,CAACK,iBAAiB,GAAG,IAAI,CAACnB,sBAAsB,CAAC,CAAC;EACxD;EAEQwB,qBAAqBA,CAACC,gBAAwB,EAAU;IAC9D,MAAMC,KAAK,GAAGD,gBAAgB,CAACC,KAAK,CAAC,kBAAkB,CAAC;IACxD,MAAMC,MAAM,GAAG,CAAAD,KAAK,oBAALA,KAAK,CAAG,CAAC,CAAC,KAAI,SAAS;IACtC,IAAIC,MAAM,CAACC,WAAW,CAAC,CAAC,CAACC,QAAQ,CAAC,cAAc,CAAC,EAAE;MACjD,OAAO,iBAAiB;IAC1B;IACA,IAAIF,MAAM,CAACC,WAAW,CAAC,CAAC,CAACC,QAAQ,CAAC,MAAM,CAAC,EAAE;MACzC,OAAO,SAAS;IAClB;IACA,OAAO,GAAGF,MAAM,KAAK;EACvB;EAEQG,eAAeA,CAAA,EAAW;IAChC,MAAMC,EAAE,GAAGC,OAAO,CAACC,GAAG,CAACC,kCAAkC;IACzD,IAAI,CAACH,EAAE,EAAE;MACP,OAAOI,MAAM,CAACC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5B;IACA,OAAO,IAAI,CAACC,kBAAkB,CAACN,EAAE,EAAE,IAAI,CAAC;EAC1C;EAEQM,kBAAkBA,CAAChD,KAAa,EAAEiD,KAAa,EAAU;IAC/D,MAAMC,SAAS,GAAGJ,MAAM,CAACK,IAAI,CAACnD,KAAK,EAAE,MAAM,CAAC;IAC5C,IAAIkD,SAAS,CAACE,MAAM,KAAK,EAAE,EAAE;MAC3B,OAAOF,SAAS;IAClB;IAEA,MAAMG,WAAW,GAAGP,MAAM,CAACK,IAAI,CAACnD,KAAK,EAAE,QAAQ,CAAC;IAChD,IAAIqD,WAAW,CAACD,MAAM,KAAK,EAAE,EAAE;MAC7B,OAAOC,WAAW;IACpB;IAEA,MAAMC,QAAQ,GAAGR,MAAM,CAACK,IAAI,CAACnD,KAAK,EAAE,KAAK,CAAC;IAC1C,IAAIsD,QAAQ,CAACF,MAAM,KAAK,EAAE,EAAE;MAC1B,OAAOE,QAAQ;IACjB;IAEA,IAAI,CAAClC,OAAO,CAACmC,KAAK,CAAC,GAAGN,KAAK,0CAA0CC,SAAS,CAACE,MAAM,GAAG,CAAC;IACzF,MAAM,IAAII,KAAK,CACb,GAAGP,KAAK,0CAA0CC,SAAS,CAACE,MAAM,GACpE,CAAC;EACH;EAEA,MAAcK,2BAA2BA,CACvCrB,gBAAwB,EACI;IAC5B,MAAMsB,QAAQ,GAAG7C,qBAAqB,CAAC8C,WAAW,CAAC9E,GAAG,CAACuD,gBAAgB,CAAC;IACxE,IAAIsB,QAAQ,IAAIA,QAAQ,CAACE,UAAU,CAACC,UAAU,KAAK,CAAC,EAAE;MACpD,OAAOH,QAAQ;IACjB;IAEA,MAAMI,OAAO,GAAG,IAAI,CAAC3B,qBAAqB,CAACC,gBAAgB,CAAC;IAC5D,IAAI,CAAChB,OAAO,CAAC2C,IAAI,CAAC,qCAAqCD,OAAO,MAAM,CAAC;IACrE,MAAM3C,QAAQ,GAAG,IAAI6C,iBAAQ,CAACC,QAAQ,CAAC,CAAC;IAExC,IAAI;MACF,MAAM9C,QAAQ,CAAC+C,OAAO,CAAC9B,gBAAgB,EAAE;QACvC+B,wBAAwB,EAAE,KAAK;QAC/BC,gBAAgB,EAAE,KAAK;QACvBC,eAAe,EAAE;MACnB,CAAC,CAAC;MACF,IAAI,CAACjD,OAAO,CAAC2C,IAAI,CAAC,qCAAqCD,OAAO,GAAG,CAAC;MAClEjD,qBAAqB,CAAC8C,WAAW,CAAC7E,GAAG,CAACsD,gBAAgB,EAAEjB,QAAQ,CAAC;MACjE,OAAOA,QAAQ;IACjB,CAAC,CAAC,OAAOmD,GAAQ,EAAE;MACjB,IAAI,CAAClD,OAAO,CAACmC,KAAK,CAChB,mCAAmCO,OAAO,GAAG,EAC7C;QACES,OAAO,EAAED,GAAG,CAACC,OAAO;QACpBC,IAAI,EAAEF,GAAG,CAACE,IAAI;QACdC,IAAI,EAAEH,GAAG,CAACG,IAAI;QACdC,KAAK,EAAEJ,GAAG,CAACI;MACb,CACF,CAAC;MACD,MAAM,IAAIlB,KAAK,CAAC,iCAAiCc,GAAG,CAACC,OAAO,EAAE,CAAC;IACjE;EACF;EAEQI,UAAUA,CAACC,EAAU,EAAEC,SAAiB,EAAkB;IAChE,IAAI,CAACC,eAAK,CAACC,QAAQ,CAACC,OAAO,CAACJ,EAAE,CAAC,EAAE;MAC/B,MAAM,IAAIpB,KAAK,CAAC,WAAWqB,SAAS,EAAE,CAAC;IACzC;IACA,OAAO,IAAIC,eAAK,CAACC,QAAQ,CAACH,EAAE,CAAC;EAC/B;EAEA,MAMMK,oCAAoCA,CAAA,EAAoB;IAC5D,MAAMC,MAAM,GAAG,IAAI,CAACvD,kBAAkB,CAACI,kBAAkB;IACzD,MAAMoD,QAAQ,GACXD,MAAM,GAAGvC,OAAO,CAACC,GAAG,CAACsC,MAAM,CAAC,GAAGE,SAAU;IAE5C,IAAID,QAAQ,EAAE;MACZ,OAAOA,QAAQ;IACjB;IAEA,MAAME,KAAK,GAAG1C,OAAO,CAACC,GAAG,CAAC0C,oBAAoB,IAAI,EAAE;IACpD,MAAMC,SAAS,GACb,IAAI,CAAC5D,kBAAkB,CAACK,qBAAqB,IAC7CC,0BAAmB,CAACC,kCAAkC;IAExD,MAAMsD,KAAK,GAAG,MAAM,IAAAC,iCAAwB,EAC1C,IAAI,CAACrE,OAAO,EACZiE,KAAK,EACLE,SACF,CAAC;IACD,IAAI,CAACC,KAAK,EAAE;MACV,MAAM,IAAIhC,KAAK,CAAC,mDAAmD,CAAC;IACtE;IACA,OAAOgC,KAAK;EACd;EAEA,MAMcE,4BAA4BA,CAAA,EAAoB;IAC5D,IAAI;MACF,IAAI,IAAI,CAAC9D,yBAAyB,EAAE;QAClC,OAAO,IAAI,CAACA,yBAAyB;MACvC;MAEA,MAAMsD,MAAM,GAAGvC,OAAO,CAACC,GAAG,CAAC+C,mCAAmC;MAC9D,IAAIT,MAAM,EAAE;QACV,IAAI,CAACtD,yBAAyB,GAAGsD,MAAM;QACvC,OAAOA,MAAM;MACf;MAEA,MAAMG,KAAK,GAAG1C,OAAO,CAACC,GAAG,CAAC0C,oBAAoB,IAAI,EAAE;MACpD,MAAMrE,GAAG,GAAG,MAAM,IAAAwE,iCAAwB,EACxC,IAAI,CAACrE,OAAO,EAAEiE,KAAK,EAAEpD,0BAAmB,CAAC0D,mCAC3C,CAAC;MACD,IAAI,CAAC1E,GAAG,EAAE;QACR,IAAI,CAACG,OAAO,CAACmC,KAAK,CAAC,wDAAwD,CAAC;QAC5E,MAAM,IAAIC,KAAK,CAAC,wDAAwD,CAAC;MAC3E;MACA,IAAI,CAAC5B,yBAAyB,GAAGX,GAAG;MACpC,OAAOA,GAAG;IACZ,CAAC,CAAC,OAAOsC,KAAK,EAAE;MACd,IAAI,CAACnC,OAAO,CAACmC,KAAK,CAAC,iEAAiEA,KAAK,EAAE,CAAC;MAC5F,MAAM,IAAIC,KAAK,CAAC,iEAAiED,KAAK,EAAE,CAAC;IAC3F;EACF;EAEA,MAAcqC,uBAAuBA,CAACC,cAAsB,EAAmB;IAC7E,IAAI,CAACA,cAAc,EAAE;MACnB,IAAI,CAACzE,OAAO,CAACmC,KAAK,CAAC,2BAA2B,CAAC;MAC/C,MAAM,IAAIC,KAAK,CAAC,2BAA2B,CAAC;IAC9C;IAEA,IAAIqC,cAAc,CAACC,UAAU,CAAC,YAAY,CAAC,EAAE;MAC3C,OAAOD,cAAc;IACvB;IAEA,MAAM5E,GAAG,GAAG,MAAM,IAAI,CAACyE,4BAA4B,CAAC,CAAC;IACrD,IAAI,CAACzE,GAAG,EAAE;MACR,IAAI,CAACG,OAAO,CAACmC,KAAK,CAAC,iEAAiE,CAAC;MACrF,MAAM,IAAIC,KAAK,CAAC,iEAAiE,CAAC;IACpF;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,6CAA6C9C,GAAG,EAAE,CAAC;IAErE,MAAM8E,SAAS,GAAG,IAAI,CAACC,sBAAsB,CAAC/E,GAAG,CAAC;IAClD,IAAI,CAAC8E,SAAS,EAAE;MACd,IAAI,CAAC3E,OAAO,CAACmC,KAAK,CAAC,sBAAsB,CAAC;MAC1C,MAAM,IAAIC,KAAK,CAAC,sBAAsB,CAAC;IACzC;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,oDAAoDgC,SAAS,EAAE,CAAC;IAElF,MAAME,QAAQ,GAAG,IAAI,CAACxD,eAAe,CAAC,CAAC;IACvC,IAAI,CAACwD,QAAQ,EAAE;MACb,IAAI,CAAC7E,OAAO,CAACmC,KAAK,CAAC,qBAAqB,CAAC;MACzC,MAAM,IAAIC,KAAK,CAAC,qBAAqB,CAAC;IACxC;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,mDAAmDkC,QAAQ,EAAE,CAAC;IAEhF,MAAMC,QAAQ,GAAG3I,MAAM,CAAC4I,gBAAgB,CAAC,aAAa,EAAEJ,SAAS,EAAEE,QAAQ,CAAC;IAC5E,IAAI,CAACC,QAAQ,EAAE;MACb,IAAI,CAAC9E,OAAO,CAACmC,KAAK,CAAC,oBAAoB,CAAC;MACxC,MAAM,IAAIC,KAAK,CAAC,oBAAoB,CAAC;IACvC;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,kDAAkDmC,QAAQ,EAAE,CAAC;IAE/E,IAAIE,SAAS,GAAGF,QAAQ,CAACG,MAAM,CAACR,cAAc,EAAE,QAAQ,EAAE,MAAM,CAAC;IACjE,IAAI,CAACO,SAAS,EAAE;MACd,IAAI,CAAChF,OAAO,CAACmC,KAAK,CAAC,2BAA2B,CAAC;MAC/C,MAAM,IAAIC,KAAK,CAAC,2BAA2B,CAAC;IAC9C;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,yDAAyDqC,SAAS,EAAE,CAAC;IAEvFA,SAAS,IAAIF,QAAQ,CAACI,KAAK,CAAC,MAAM,CAAC;IACnC,IAAI,CAACF,SAAS,EAAE;MACd,IAAI,CAAChF,OAAO,CAACmC,KAAK,CAAC,2BAA2B,CAAC;MAC/C,MAAM,IAAIC,KAAK,CAAC,2BAA2B,CAAC;IAC9C;IACA,IAAI,CAACpC,OAAO,CAAC2C,IAAI,CAAC,yDAAyDqC,SAAS,EAAE,CAAC;IAEvF,OAAOA,SAAS;EAClB;EAEQJ,sBAAsBA,CAAC/E,GAAW,EAAU;IAClD,MAAMsF,OAAO,GAAGzD,MAAM,CAACK,IAAI,CAAClC,GAAG,EAAE,MAAM,CAAC;IACxC,IAAIsF,OAAO,CAACnD,MAAM,KAAK,EAAE,EAAE;MACzB,OAAOmD,OAAO;IAChB;IAEA,MAAMC,SAAS,GAAG1D,MAAM,CAACK,IAAI,CAAClC,GAAG,EAAE,QAAQ,CAAC;IAC5C,IAAIuF,SAAS,CAACpD,MAAM,KAAK,EAAE,EAAE;MAC3B,OAAOoD,SAAS;IAClB;IAEA,MAAMC,MAAM,GAAG3D,MAAM,CAACK,IAAI,CAAClC,GAAG,EAAE,KAAK,CAAC;IACtC,IAAIwF,MAAM,CAACrD,MAAM,KAAK,EAAE,EAAE;MACxB,OAAOqD,MAAM;IACf;IAEA,IAAI,CAACrF,OAAO,CAACmC,KAAK,CAAC,6EAA6EgD,OAAO,CAACnD,MAAM,GAAG,CAAC;IAClH,MAAM,IAAII,KAAK,CACb,6EAA6E+C,OAAO,CAACnD,MAAM,GAC7F,CAAC;EACH;EAEA,MAUMsD,2BAA2BA,CAC/BrF,UAAkB,EAClBC,KAAc,EACdI,aAAsB,EACL;IACjB,IAAI,CAACJ,KAAK,EAAE;MACV,MAAM,IAAIkC,KAAK,CAAC,qDAAqD,CAAC;IACxE;IACA,MAAMmD,qBAAqB,GAAGjF,aAAa,WAAbA,aAAa,GAAI,MAAM;IACrD,MAAMkF,eAAe,GAAG,MAAM,IAAI,CAAC3B,oCAAoC,CAAC,CAAC;IACzE,MAAMrB,UAAU,GAAG,MAAM,IAAI,CAACH,2BAA2B,CAACmD,eAAe,CAAC;IAE1E,IAAI,CAACxF,OAAO,CAAC2C,IAAI,CAAC,6BAA6B,EAAE;MAC/C1C,UAAU;MACVC,KAAK;MACLI,aAAa,EAAEiF,qBAAqB;MACpCE,cAAc,EAAE,IAAI,CAAC1E,qBAAqB,CAACyE,eAAe;IAC5D,CAAC,CAAC;IAEF,MAAME,aAAa,GAAG,IAAI,CAACC,QAAQ,CACjCnD,UAAU,EACVoD,2CAA4B,EAC5BC,iCAAkB,CAACC,MAAM,EACzBC,6CACF,CAA0B;IAE1B,MAAMC,MAA+B,GAAG;MACtC/F,UAAU,EAAE,IAAI,CAACsD,UAAU,CAACtD,UAAU,EAAE,YAAY;IACtD,CAAC;IACD+F,MAAM,CAAC9F,KAAK,GAAGA,KAAK;IACpB8F,MAAM,CAAC1F,aAAa,GAAGiF,qBAAqB;IAE5C,MAAMU,aAAa,GAChB,MAAMP,aAAa,CAACQ,OAAO,CAACF,MAAM,CAAC,CAACG,IAAI,CAAC,CAAC,CAACC,IAAI,CAAC,CAE3C;IACR,IAAI,EAACH,aAAa,YAAbA,aAAa,CAAEjF,gBAAgB,GAAE;MACpC,IAAI,CAAChB,OAAO,CAACmC,KAAK,CAAC,qCAAqC,EAAE;QACxDlC,UAAU;QACVC,KAAK;QACLI,aAAa,EAAEiF,qBAAqB;QACpCE,cAAc,EAAE,IAAI,CAAC1E,qBAAqB,CAACyE,eAAe,CAAC;QAC3DQ;MACF,CAAC,CAAC;MACF,MAAM,IAAI5D,KAAK,CAAC,4CAA4C,CAAC;IAC/D;IACA,MAAMiE,yBAAyB,GAAG,MAAM,IAAI,CAAC7B,uBAAuB,CAClEyB,aAAa,CAACjF,gBAChB,CAAC;IACD,IAAI,CAAChB,OAAO,CAAC2C,IAAI,CACf,uDAAuD,IAAI,CAAC5B,qBAAqB,CAACsF,yBAAyB,CAAC,GAC9G,CAAC;IACD,OAAOA,yBAAyB;EAClC;EAEUC,aAAaA,CAAA,EAAkC;IACvD,IAAI,CAAC,IAAI,CAAC7F,sBAAsB,EAAE,OAAOuD,SAAS;IAClD,OAAOvE,qBAAqB,CAAC8C,WAAW,CAAC9E,GAAG,CAAC,IAAI,CAACgD,sBAAsB,CAAC;EAC3E;EAEA,MAAgBlB,sBAAsBA,CAAA,EAA+B;IACnE,IAAI,IAAI,CAACmB,iBAAiB,EAAE;MAC1B,OAAO,IAAI,CAACA,iBAAiB;IAC/B;IAEA,IAAI,IAAI,CAACD,sBAAsB,EAAE;MAC/B,MAAM6B,QAAQ,GAAG,IAAI,CAACgE,aAAa,CAAC,CAAC;MACrC,IAAIhE,QAAQ,IAAIA,QAAQ,CAACE,UAAU,CAACC,UAAU,KAAK,CAAC,EAAE;QACpD,OAAOH,QAAQ;MACjB;IACF;IAEA,MAAMiE,WAAW,GAAG,MAAM,IAAI,CAACjB,2BAA2B,CACxD,IAAI,CAACrF,UAAU,EACf,IAAI,CAACC,KAAK,EACV,IAAI,CAACI,aACP,CAAC;IACD,IAAI,CAACG,sBAAsB,GAAG8F,WAAW;IACzC,IAAI,CAAC7F,iBAAiB,GAAG,IAAI,CAAC2B,2BAA2B,CAACkE,WAAW,CAAC;IACtE,OAAO,IAAI,CAAC7F,iBAAiB;EAC/B;EAEA,MAAM8F,4BAA4BA,CAACxF,gBAAwB,EAAiB;IAC1E,MAAMsB,QAAQ,GAAG7C,qBAAqB,CAAC8C,WAAW,CAAC9E,GAAG,CAACuD,gBAAgB,CAAC;IACxE,IAAI,CAACsB,QAAQ,EAAE;IACf,IAAI;MACF,MAAMA,QAAQ,CAACmE,UAAU,CAAC,CAAC;MAC3B,IAAI,CAACzG,OAAO,CAAC2C,IAAI,CAAC,iCAAiC,IAAI,CAAC5B,qBAAqB,CAACC,gBAAgB,CAAC,GAAG,CAAC;IACrG,CAAC,CAAC,OAAOmB,KAAK,EAAE;MACd,IAAI,CAACnC,OAAO,CAACmC,KAAK,CAAC,wCAAwC,IAAI,CAACpB,qBAAqB,CAACC,gBAAgB,CAAC,GAAG,EAAEmB,KAAK,CAAC;IACpH,CAAC,SAAS;MACR1C,qBAAqB,CAAC8C,WAAW,CAACmE,MAAM,CAAC1F,gBAAgB,CAAC;IAC5D;EACF;EAEA,MAAM2F,gBAAgBA,CAAA,EAAkB;IACtC,MAAMJ,WAAW,GAAG,MAAM,IAAI,CAACjB,2BAA2B,CACxD,IAAI,CAACrF,UAAU,EACf,IAAI,CAACC,KACP,CAAC;IACD,MAAM,IAAI,CAACsG,4BAA4B,CAACD,WAAW,CAAC;IACpD,IAAI,CAAC9F,sBAAsB,GAAGuD,SAAS;IACvC,IAAI,CAACtD,iBAAiB,GAAGsD,SAAS;EACpC;EAEU4C,cAAcA,CACtBC,SAAiB,EACjBf,MAAmB,EACnBgB,cAAuB,EACX;IACZ,MAAMtE,UAAU,GAAG,IAAI,CAAC8D,aAAa,CAAC,CAAC;IACvC,IAAI,CAAC9D,UAAU,EAAE;MACf,MAAM,IAAIJ,KAAK,CAAC,qCAAqC,CAAC;IACxD;IACA,OAAO,IAAI,CAACuD,QAAQ,CAACnD,UAAU,EAAEqE,SAAS,EAAEf,MAAM,EAAEgB,cAAc,CAAC;EACrE;EAEUC,KAAKA,CAAIA,KAAe,EAAED,cAAuB,EAAY;IACrE,OAAO,IAAI,CAACF,cAAc,CACxBG,KAAK,CAACF,SAAS,EACfE,KAAK,CAACjB,MAAM,EACZgB,cACF,CAAC;EACH;EAEUnB,QAAQA,CAChBnD,UAA6B,EAC7BqE,SAAiB,EACjBf,MAAmB,EACnBgB,cAAuB,EACX;IACZ,IAAItE,UAAU,CAACwE,MAAM,CAACH,SAAS,CAAC,EAAE;MAChC,OAAOrE,UAAU,CAACwE,MAAM,CAACH,SAAS,CAAC;IACrC;IACA,OAAOrE,UAAU,CAACuE,KAAK,CAACF,SAAS,EAAEf,MAAM,EAAEgB,cAAc,CAAC;EAC5D;AACF,CAAC,EAAAlK,sBAAA,CAlZgB2F,WAAW,GAAkB,IAAI0E,GAAG,CAAC,CAAC,EAAArK,sBAAA,GAAAoB,yBAAA,CAAArB,MAAA,CAAAuK,SAAA,2CAAA1K,IAAA,GAAAqB,MAAA,CAAAE,wBAAA,CAAApB,MAAA,CAAAuK,SAAA,2CAAAvK,MAAA,CAAAuK,SAAA,GAAAlJ,yBAAA,CAAArB,MAAA,CAAAuK,SAAA,mCAAAzK,KAAA,GAAAoB,MAAA,CAAAE,wBAAA,CAAApB,MAAA,CAAAuK,SAAA,mCAAAvK,MAAA,CAAAuK,SAAA,GAAAlJ,yBAAA,CAAArB,MAAA,CAAAuK,SAAA,kCAAAxK,KAAA,GAAAmB,MAAA,CAAAE,wBAAA,CAAApB,MAAA,CAAAuK,SAAA,kCAAAvK,MAAA,CAAAuK,SAAA,GAAAvK,MAAA;AAoZhD,MAAewK,qBAAqB,SAAY1H,qBAAqB,CAAC;EAAAW,YAAA,GAAAd,IAAA;IAAA,SAAAA,IAAA;IAAA,KAC/C8H,QAAQ;EAAA;EAEpC,IAAcC,OAAOA,CAAA,EAAa;IAChC,OAAO,IAAI,CAACN,KAAK,CAAC,IAAI,CAACK,QAAQ,CAAC;EAClC;AACF;AAAC1H,OAAA,CAAAyH,qBAAA,GAAAA,qBAAA","ignoreList":[]}
package/build/cjs/utils/cache.js CHANGED
@@ -3,33 +3,61 @@
3
3
  exports.__esModule = true;
4
4
  exports.getRedisClient = exports.createCache = exports.Cacheable = void 0;
5
5
  var _ioredis = _interopRequireDefault(require("ioredis"));
6
+ var _enums = require("../enums");
7
+ var _secrets = require("./secrets");
6
8
  function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
7
9
  let redis = null;
8
- const buildRedisOptions = () => {
9
- const redisUrl = process.env.REDIS_URL;
10
- const redisHost = process.env.REDIS_HOST || "redis-shared-dev-01.redis.cache.windows.net";
11
- const redisKey = process.env.REDIS_KEY || "ipno36YDLwvUDydaFsulBbKPFaOQK2P7IAzCaLjKf7U=";
12
- const redisPort = process.env.REDIS_PORT ? Number(process.env.REDIS_PORT) : 6380;
13
- if (redisUrl) {
14
- return redisUrl;
10
+ let redisOptionsCache = null;
11
+ let redisOptionsPromise = null;
12
+ const resolveRedisConfig = async ctx => {
13
+ const vaultName = process.env.AZURE_KEY_VAULT_NAME || "";
14
+ if (!vaultName) {
15
+ throw new Error("AZURE_KEY_VAULT_NAME is required to fetch Redis secrets");
15
16
  }
16
- if (redisHost && redisKey) {
17
+ if (!ctx) {
18
+ throw new Error("InvocationContext is required to fetch Redis secrets");
19
+ }
20
+ const [redisHost, redisKey, redisPortSecret] = await Promise.all([(0, _secrets.getAzureVaultSecretByKey)(ctx, vaultName, _enums.AzureSecretKeysEnum.REDIS_HOST), (0, _secrets.getAzureVaultSecretByKey)(ctx, vaultName, _enums.AzureSecretKeysEnum.REDIS_KEY), (0, _secrets.getAzureVaultSecretByKey)(ctx, vaultName, _enums.AzureSecretKeysEnum.REDIS_PORT)]);
21
+ const redisPort = redisPortSecret ? Number(redisPortSecret) : 6380;
22
+ if (!redisHost || !redisKey) {
23
+ throw new Error("Redis configuration missing in Key Vault");
24
+ }
25
+ return {
26
+ host: redisHost,
27
+ key: redisKey,
28
+ port: redisPort
29
+ };
30
+ };
31
+ const buildRedisOptions = async ctx => {
32
+ if (redisOptionsCache) return redisOptionsCache;
33
+ if (redisOptionsPromise) return redisOptionsPromise;
34
+ redisOptionsPromise = (async () => {
35
+ const {
36
+ host,
37
+ key,
38
+ port
39
+ } = await resolveRedisConfig(ctx);
17
40
  return {
18
- host: redisHost,
19
- port: redisPort,
20
- password: redisKey,
41
+ host,
42
+ port,
43
+ password: key,
21
44
  tls: {
22
- servername: redisHost
45
+ servername: host
23
46
  },
24
47
  maxRetriesPerRequest: 3,
25
48
  enableReadyCheck: false
26
49
  };
27
- }
28
- throw new Error("Redis configuration missing: set REDIS_URL or REDIS_HOST/REDIS_KEY");
50
+ })().then(options => {
51
+ redisOptionsCache = options;
52
+ return options;
53
+ }).finally(() => {
54
+ redisOptionsPromise = null;
55
+ });
56
+ return redisOptionsPromise;
29
57
  };
30
- const getRedisClient = ctx => {
58
+ const getRedisClient = async ctx => {
31
59
  if (redis) return redis;
32
- const options = buildRedisOptions();
60
+ const options = await buildRedisOptions(ctx);
33
61
  redis = new _ioredis.default(options);
34
62
  redis.on("error", err => ctx == null || ctx.error == null ? void 0 : ctx.error("Redis error", err));
35
63
  redis.on("connect", () => ctx == null || ctx.info == null ? void 0 : ctx.info("Redis connected"));
@@ -41,7 +69,7 @@ const createCache = (namespace, ttlSeconds) => {
41
69
  return {
42
70
  key: (...parts) => buildKey(namespace, parts),
43
71
  get: async (ctx, ...parts) => {
44
- const client = getRedisClient(ctx);
72
+ const client = await getRedisClient(ctx);
45
73
  try {
46
74
  return await client.get(buildKey(namespace, parts));
47
75
  } catch (error) {
@@ -50,7 +78,7 @@ const createCache = (namespace, ttlSeconds) => {
50
78
  }
51
79
  },
52
80
  set: async (ctx, value, ...parts) => {
53
- const client = getRedisClient(ctx);
81
+ const client = await getRedisClient(ctx);
54
82
  try {
55
83
  await client.set(buildKey(namespace, parts), value, "EX", ttlSeconds);
56
84
  } catch (error) {
@@ -59,7 +87,7 @@ const createCache = (namespace, ttlSeconds) => {
59
87
  },
60
88
  getOrSet: async (ctx, parts, fetcher) => {
61
89
  const cached = await (async () => {
62
- const client = getRedisClient(ctx);
90
+ const client = await getRedisClient(ctx);
63
91
  try {
64
92
  return await client.get(buildKey(namespace, parts));
65
93
  } catch (error) {
@@ -70,7 +98,7 @@ const createCache = (namespace, ttlSeconds) => {
70
98
  if (cached) return cached;
71
99
  const value = await fetcher();
72
100
  await (async () => {
73
- const client = getRedisClient(ctx);
101
+ const client = await getRedisClient(ctx);
74
102
  try {
75
103
  await client.set(buildKey(namespace, parts), value, "EX", ttlSeconds);
76
104
  } catch (error) {
@@ -80,7 +108,7 @@ const createCache = (namespace, ttlSeconds) => {
80
108
  return value;
81
109
  },
82
110
  delete: async (ctx, ...parts) => {
83
- const client = getRedisClient(ctx);
111
+ const client = await getRedisClient(ctx);
84
112
  try {
85
113
  await client.del(buildKey(namespace, parts));
86
114
  } catch (error) {
package/build/cjs/utils/cache.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cache.js","names":["_ioredis","_interopRequireDefault","require","e","__esModule","default","redis","buildRedisOptions","redisUrl","process","env","REDIS_URL","redisHost","REDIS_HOST","redisKey","REDIS_KEY","redisPort","REDIS_PORT","Number","host","port","password","tls","servername","maxRetriesPerRequest","enableReadyCheck","Error","getRedisClient","ctx","options","Redis","on","err","error","info","exports","buildKey","namespace","parts","map","part","join","createCache","ttlSeconds","key","get","client","set","value","getOrSet","fetcher","cached","delete","del","Cacheable","_target","_propertyKey","descriptor","originalMethod","args","_options$getContext","getContext","context","keyParts","cache","apply"],"sources":["../../../src/utils/cache.ts"],"sourcesContent":["import Redis, { RedisOptions } from \"ioredis\";\nimport { InvocationContext } from \"@azure/functions\";\n\nlet redis: Redis | null = null;\n\nconst buildRedisOptions = (): RedisOptions | string => {\n const redisUrl = process.env.REDIS_URL;\n const redisHost =\n process.env.REDIS_HOST || \"redis-shared-dev-01.redis.cache.windows.net\";\n const redisKey =\n process.env.REDIS_KEY || \"ipno36YDLwvUDydaFsulBbKPFaOQK2P7IAzCaLjKf7U=\";\n const redisPort = process.env.REDIS_PORT ? Number(process.env.REDIS_PORT) : 6380;\n\n if (redisUrl) {\n return redisUrl;\n }\n\n if (redisHost && redisKey) {\n return {\n host: redisHost,\n port: redisPort,\n password: redisKey,\n tls: { servername: redisHost },\n maxRetriesPerRequest: 3,\n enableReadyCheck: false,\n };\n }\n\n throw new Error(\n \"Redis configuration missing: set REDIS_URL or REDIS_HOST/REDIS_KEY\",\n );\n};\n\nexport const getRedisClient = (ctx?: InvocationContext): Redis => {\n if (redis) return redis;\n\n const options = buildRedisOptions();\n\n redis = new Redis(options as RedisOptions);\n redis.on(\"error\", (err) => ctx?.error?.(\"Redis error\", err));\n redis.on(\"connect\", () => ctx?.info?.(\"Redis connected\"));\n return redis;\n};\n\nconst buildKey = (namespace: string, parts: Array<string | number | undefined>) =>\n [namespace, ...parts.map((part) => part ?? \"_\")].join(\":\");\n\nexport const createCache = (namespace: string, ttlSeconds: number) => {\n return {\n key: (...parts: Array<string | number | undefined>) =>\n buildKey(namespace, parts),\n get: async (\n ctx: InvocationContext | undefined,\n ...parts: Array<string | number | undefined>\n ) => {\n const client = getRedisClient(ctx);\n try {\n return await client.get(buildKey(namespace, parts));\n } catch (error) {\n ctx?.error?.(\"Redis get failed\", error);\n return null;\n }\n },\n set: async (\n ctx: InvocationContext | undefined,\n value: string,\n ...parts: Array<string | number | undefined>\n ) => {\n const client = getRedisClient(ctx);\n try {\n await client.set(buildKey(namespace, parts), value, \"EX\", ttlSeconds);\n } catch (error) {\n ctx?.error?.(\"Redis set failed\", error);\n }\n },\n getOrSet: async (\n ctx: InvocationContext | undefined,\n parts: Array<string | number | undefined>,\n fetcher: () => Promise<string>,\n ) => {\n const cached = await (async () => {\n const client = getRedisClient(ctx);\n try {\n return await client.get(buildKey(namespace, parts));\n } catch (error) {\n ctx?.error?.(\"Redis get failed\", error);\n return null;\n }\n })();\n\n if (cached) return cached;\n const value = await fetcher();\n await (async () => {\n const client = getRedisClient(ctx);\n try {\n await client.set(buildKey(namespace, parts), value, \"EX\", ttlSeconds);\n } catch (error) {\n ctx?.error?.(\"Redis set failed\", error);\n }\n })();\n return value;\n },\n delete: async (\n ctx: InvocationContext | undefined,\n ...parts: Array<string | number | undefined>\n ) => {\n const client = getRedisClient(ctx);\n try {\n await client.del(buildKey(namespace, parts));\n } catch (error) {\n ctx?.error?.(\"Redis delete failed\", error);\n }\n },\n };\n};\n\ntype CacheableOptions<TArgs extends unknown[]> = {\n cache: ReturnType<typeof createCache>;\n key: (...args: TArgs) => Array<unknown>;\n getContext?: (instance: unknown) => InvocationContext | undefined;\n};\n\nexport const Cacheable = <TArgs extends unknown[]>(\n options: CacheableOptions<TArgs>,\n): MethodDecorator => {\n return (\n _target,\n _propertyKey,\n descriptor: PropertyDescriptor,\n ): void => {\n const originalMethod = descriptor.value as\n | ((...args: TArgs) => Promise<string>)\n | undefined;\n if (!originalMethod) return;\n descriptor.value = async function (...args: TArgs) {\n const ctx =\n options.getContext?.(this) ??\n (this as { context?: InvocationContext }).context;\n const keyParts = options.key(...args) as Array<string | number | undefined>;\n return options.cache.getOrSet(ctx, keyParts, () =>\n originalMethod.apply(this, args),\n );\n };\n };\n};\n"],"mappings":";;;;AAAA,IAAAA,QAAA,GAAAC,sBAAA,CAAAC,OAAA;AAA8C,SAAAD,uBAAAE,CAAA,WAAAA,CAAA,IAAAA,CAAA,CAAAC,UAAA,GAAAD,CAAA,KAAAE,OAAA,EAAAF,CAAA;AAG9C,IAAIG,KAAmB,GAAG,IAAI;AAE9B,MAAMC,iBAAiB,GAAGA,CAAA,KAA6B;EACrD,MAAMC,QAAQ,GAAGC,OAAO,CAACC,GAAG,CAACC,SAAS;EACtC,MAAMC,SAAS,GACbH,OAAO,CAACC,GAAG,CAACG,UAAU,IAAI,6CAA6C;EACzE,MAAMC,QAAQ,GACZL,OAAO,CAACC,GAAG,CAACK,SAAS,IAAI,8CAA8C;EACzE,MAAMC,SAAS,GAAGP,OAAO,CAACC,GAAG,CAACO,UAAU,GAAGC,MAAM,CAACT,OAAO,CAACC,GAAG,CAACO,UAAU,CAAC,GAAG,IAAI;EAEhF,IAAIT,QAAQ,EAAE;IACZ,OAAOA,QAAQ;EACjB;EAEA,IAAII,SAAS,IAAIE,QAAQ,EAAE;IACzB,OAAO;MACLK,IAAI,EAAEP,SAAS;MACfQ,IAAI,EAAEJ,SAAS;MACfK,QAAQ,EAAEP,QAAQ;MAClBQ,GAAG,EAAE;QAAEC,UAAU,EAAEX;MAAU,CAAC;MAC9BY,oBAAoB,EAAE,CAAC;MACvBC,gBAAgB,EAAE;IACpB,CAAC;EACH;EAEA,MAAM,IAAIC,KAAK,CACb,oEACF,CAAC;AACH,CAAC;AAEM,MAAMC,cAAc,GAAIC,GAAuB,IAAY;EAChE,IAAItB,KAAK,EAAE,OAAOA,KAAK;EAEvB,MAAMuB,OAAO,GAAGtB,iBAAiB,CAAC,CAAC;EAEnCD,KAAK,GAAG,IAAIwB,gBAAK,CAACD,OAAuB,CAAC;EAC1CvB,KAAK,CAACyB,EAAE,CAAC,OAAO,EAAGC,GAAG,IAAKJ,GAAG,YAAHA,GAAG,CAAEK,KAAK,oBAAVL,GAAG,CAAEK,KAAK,CAAG,aAAa,EAAED,GAAG,CAAC,CAAC;EAC5D1B,KAAK,CAACyB,EAAE,CAAC,SAAS,EAAE,MAAMH,GAAG,YAAHA,GAAG,CAAEM,IAAI,oBAATN,GAAG,CAAEM,IAAI,CAAG,iBAAiB,CAAC,CAAC;EACzD,OAAO5B,KAAK;AACd,CAAC;AAAC6B,OAAA,CAAAR,cAAA,GAAAA,cAAA;AAEF,MAAMS,QAAQ,GAAGA,CAACC,SAAiB,EAAEC,KAAyC,KAC5E,CAACD,SAAS,EAAE,GAAGC,KAAK,CAACC,GAAG,CAAEC,IAAI,IAAKA,IAAI,WAAJA,IAAI,GAAI,GAAG,CAAC,CAAC,CAACC,IAAI,CAAC,GAAG,CAAC;AAErD,MAAMC,WAAW,GAAGA,CAACL,SAAiB,EAAEM,UAAkB,KAAK;EACpE,OAAO;IACLC,GAAG,EAAEA,CAAC,GAAGN,KAAyC,KAChDF,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC;IAC5BO,GAAG,EAAE,MAAAA,CACHjB,GAAkC,EAClC,GAAGU,KAAyC,KACzC;MACH,MAAMQ,MAAM,GAAGnB,cAAc,CAACC,GAAG,CAAC;MAClC,IAAI;QACF,OAAO,MAAMkB,MAAM,CAACD,GAAG,CAACT,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC,CAAC;MACrD,CAAC,CAAC,OAAOL,KAAK,EAAE;QACdL,GAAG,YAAHA,GAAG,CAAEK,KAAK,YAAVL,GAAG,CAAEK,KAAK,CAAG,kBAAkB,EAAEA,KAAK,CAAC;QACvC,OAAO,IAAI;MACb;IACF,CAAC;IACDc,GAAG,EAAE,MAAAA,CACHnB,GAAkC,EAClCoB,KAAa,EACb,GAAGV,KAAyC,KACzC;MACH,MAAMQ,MAAM,GAAGnB,cAAc,CAACC,GAAG,CAAC;MAClC,IAAI;QACF,MAAMkB,MAAM,CAACC,GAAG,CAACX,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC,EAAEU,KAAK,EAAE,IAAI,EAAEL,UAAU,CAAC;MACvE,CAAC,CAAC,OAAOV,KAAK,EAAE;QACdL,GAAG,YAAHA,GAAG,CAAEK,KAAK,YAAVL,GAAG,CAAEK,KAAK,CAAG,kBAAkB,EAAEA,KAAK,CAAC;MACzC;IACF,CAAC;IACDgB,QAAQ,EAAE,MAAAA,CACRrB,GAAkC,EAClCU,KAAyC,EACzCY,OAA8B,KAC3B;MACH,MAAMC,MAAM,GAAG,MAAM,CAAC,YAAY;QAChC,MAAML,MAAM,GAAGnB,cAAc,CAACC,GAAG,CAAC;QAClC,IAAI;UACF,OAAO,MAAMkB,MAAM,CAACD,GAAG,CAACT,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC,CAAC;QACrD,CAAC,CAAC,OAAOL,KAAK,EAAE;UACdL,GAAG,YAAHA,GAAG,CAAEK,KAAK,YAAVL,GAAG,CAAEK,KAAK,CAAG,kBAAkB,EAAEA,KAAK,CAAC;UACvC,OAAO,IAAI;QACb;MACF,CAAC,EAAE,CAAC;MAEJ,IAAIkB,MAAM,EAAE,OAAOA,MAAM;MACzB,MAAMH,KAAK,GAAG,MAAME,OAAO,CAAC,CAAC;MAC7B,MAAM,CAAC,YAAY;QACjB,MAAMJ,MAAM,GAAGnB,cAAc,CAACC,GAAG,CAAC;QAClC,IAAI;UACF,MAAMkB,MAAM,CAACC,GAAG,CAACX,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC,EAAEU,KAAK,EAAE,IAAI,EAAEL,UAAU,CAAC;QACvE,CAAC,CAAC,OAAOV,KAAK,EAAE;UACdL,GAAG,YAAHA,GAAG,CAAEK,KAAK,YAAVL,GAAG,CAAEK,KAAK,CAAG,kBAAkB,EAAEA,KAAK,CAAC;QACzC;MACF,CAAC,EAAE,CAAC;MACJ,OAAOe,KAAK;IACd,CAAC;IACDI,MAAM,EAAE,MAAAA,CACNxB,GAAkC,EAClC,GAAGU,KAAyC,KACzC;MACH,MAAMQ,MAAM,GAAGnB,cAAc,CAACC,GAAG,CAAC;MAClC,IAAI;QACF,MAAMkB,MAAM,CAACO,GAAG,CAACjB,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC,CAAC;MAC9C,CAAC,CAAC,OAAOL,KAAK,EAAE;QACdL,GAAG,YAAHA,GAAG,CAAEK,KAAK,YAAVL,GAAG,CAAEK,KAAK,CAAG,qBAAqB,EAAEA,KAAK,CAAC;MAC5C;IACF;EACF,CAAC;AACH,CAAC;AAACE,OAAA,CAAAO,WAAA,GAAAA,WAAA;AAQK,MAAMY,SAAS,GACpBzB,OAAgC,IACZ;EACpB,OAAO,CACL0B,OAAO,EACPC,YAAY,EACZC,UAA8B,KACrB;IACT,MAAMC,cAAc,GAAGD,UAAU,CAACT,KAErB;IACb,IAAI,CAACU,cAAc,EAAE;IACrBD,UAAU,CAACT,KAAK,GAAG,gBAAgB,GAAGW,IAAW,EAAE;MAAA,IAAAC,mBAAA;MACjD,MAAMhC,GAAG,IAAAgC,mBAAA,GACP/B,OAAO,CAACgC,UAAU,oBAAlBhC,OAAO,CAACgC,UAAU,CAAG,IAAI,CAAC,YAAAD,mBAAA,GACzB,IAAI,CAAqCE,OAAO;MACnD,MAAMC,QAAQ,GAAGlC,OAAO,CAACe,GAAG,CAAC,GAAGe,IAAI,CAAuC;MAC3E,OAAO9B,OAAO,CAACmC,KAAK,CAACf,QAAQ,CAACrB,GAAG,EAAEmC,QAAQ,EAAE,MAC3CL,cAAc,CAACO,KAAK,CAAC,IAAI,EAAEN,IAAI,CACjC,CAAC;IACH,CAAC;EACH,CAAC;AACH,CAAC;AAACxB,OAAA,CAAAmB,SAAA,GAAAA,SAAA","ignoreList":[]}
1
+ {"version":3,"file":"cache.js","names":["_ioredis","_interopRequireDefault","require","_enums","_secrets","e","__esModule","default","redis","redisOptionsCache","redisOptionsPromise","resolveRedisConfig","ctx","vaultName","process","env","AZURE_KEY_VAULT_NAME","Error","redisHost","redisKey","redisPortSecret","Promise","all","getAzureVaultSecretByKey","AzureSecretKeysEnum","REDIS_HOST","REDIS_KEY","REDIS_PORT","redisPort","Number","host","key","port","buildRedisOptions","password","tls","servername","maxRetriesPerRequest","enableReadyCheck","then","options","finally","getRedisClient","Redis","on","err","error","info","exports","buildKey","namespace","parts","map","part","join","createCache","ttlSeconds","get","client","set","value","getOrSet","fetcher","cached","delete","del","Cacheable","_target","_propertyKey","descriptor","originalMethod","args","_options$getContext","getContext","context","keyParts","cache","apply"],"sources":["../../../src/utils/cache.ts"],"sourcesContent":["import Redis, { RedisOptions } from \"ioredis\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { getAzureVaultSecretByKey } from \"./secrets\";\n\nlet redis: Redis | null = null;\nlet redisOptionsCache: RedisOptions | string | null = null;\nlet redisOptionsPromise: Promise<RedisOptions | string> | null = null;\n\ntype RedisConfig = {\n host: string;\n key: string;\n port: number;\n};\n\nconst resolveRedisConfig = async (\n ctx?: InvocationContext,\n): Promise<RedisConfig> => {\n const vaultName = process.env.AZURE_KEY_VAULT_NAME || \"\";\n if (!vaultName) {\n throw new Error(\"AZURE_KEY_VAULT_NAME is required to fetch Redis secrets\");\n }\n if (!ctx) {\n throw new Error(\"InvocationContext is required to fetch Redis secrets\");\n }\n\n const [redisHost, redisKey, redisPortSecret] = await Promise.all([\n getAzureVaultSecretByKey(ctx, vaultName, AzureSecretKeysEnum.REDIS_HOST),\n getAzureVaultSecretByKey(ctx, vaultName, AzureSecretKeysEnum.REDIS_KEY),\n getAzureVaultSecretByKey(ctx, vaultName, AzureSecretKeysEnum.REDIS_PORT),\n ]);\n\n const redisPort = redisPortSecret ? Number(redisPortSecret) : 6380;\n\n if (!redisHost || !redisKey) {\n throw new Error(\"Redis configuration missing in Key Vault\");\n }\n\n return {\n host: redisHost,\n key: redisKey,\n port: redisPort,\n };\n};\n\nconst buildRedisOptions = async (\n ctx?: InvocationContext,\n): Promise<RedisOptions | string> => {\n if (redisOptionsCache) return redisOptionsCache;\n if (redisOptionsPromise) return redisOptionsPromise;\n\n redisOptionsPromise = (async () => {\n const { host, key, port } = await resolveRedisConfig(ctx);\n\n return {\n host,\n port,\n password: key,\n tls: { servername: host },\n maxRetriesPerRequest: 3,\n enableReadyCheck: false,\n };\n })()\n .then((options) => {\n redisOptionsCache = options;\n return options;\n })\n .finally(() => {\n redisOptionsPromise = null;\n });\n\n return redisOptionsPromise;\n};\n\nexport const getRedisClient = async (ctx?: InvocationContext): Promise<Redis> => {\n if (redis) return redis;\n\n const options = await buildRedisOptions(ctx);\n\n redis = new Redis(options as RedisOptions);\n redis.on(\"error\", (err) => ctx?.error?.(\"Redis error\", err));\n redis.on(\"connect\", () => ctx?.info?.(\"Redis connected\"));\n return redis;\n};\n\nconst buildKey = (namespace: string, parts: Array<string | number | undefined>) =>\n [namespace, ...parts.map((part) => part ?? \"_\")].join(\":\");\n\nexport const createCache = (namespace: string, ttlSeconds: number) => {\n return {\n key: (...parts: Array<string | number | undefined>) =>\n buildKey(namespace, parts),\n get: async (\n ctx: InvocationContext | undefined,\n ...parts: Array<string | number | undefined>\n ) => {\n const client = await getRedisClient(ctx);\n try {\n return await client.get(buildKey(namespace, parts));\n } catch (error) {\n ctx?.error?.(\"Redis get failed\", error);\n return null;\n }\n },\n set: async (\n ctx: InvocationContext | undefined,\n value: string,\n ...parts: Array<string | number | undefined>\n ) => {\n const client = await getRedisClient(ctx);\n try {\n await client.set(buildKey(namespace, parts), value, \"EX\", ttlSeconds);\n } catch (error) {\n ctx?.error?.(\"Redis set failed\", error);\n }\n },\n getOrSet: async (\n ctx: InvocationContext | undefined,\n parts: Array<string | number | undefined>,\n fetcher: () => Promise<string>,\n ) => {\n const cached = await (async () => {\n const client = await getRedisClient(ctx);\n try {\n return await client.get(buildKey(namespace, parts));\n } catch (error) {\n ctx?.error?.(\"Redis get failed\", error);\n return null;\n }\n })();\n\n if (cached) return cached;\n const value = await fetcher();\n await (async () => {\n const client = await getRedisClient(ctx);\n try {\n await client.set(buildKey(namespace, parts), value, \"EX\", ttlSeconds);\n } catch (error) {\n ctx?.error?.(\"Redis set failed\", error);\n }\n })();\n return value;\n },\n delete: async (\n ctx: InvocationContext | undefined,\n ...parts: Array<string | number | undefined>\n ) => {\n const client = await getRedisClient(ctx);\n try {\n await client.del(buildKey(namespace, parts));\n } catch (error) {\n ctx?.error?.(\"Redis delete failed\", error);\n }\n },\n };\n};\n\ntype CacheableOptions<TArgs extends unknown[]> = {\n cache: ReturnType<typeof createCache>;\n key: (...args: TArgs) => Array<unknown>;\n getContext?: (instance: unknown) => InvocationContext | undefined;\n};\n\nexport const Cacheable = <TArgs extends unknown[]>(\n options: CacheableOptions<TArgs>,\n): MethodDecorator => {\n return (\n _target,\n _propertyKey,\n descriptor: PropertyDescriptor,\n ): void => {\n const originalMethod = descriptor.value as\n | ((...args: TArgs) => Promise<string>)\n | undefined;\n if (!originalMethod) return;\n descriptor.value = async function (...args: TArgs) {\n const ctx =\n options.getContext?.(this) ??\n (this as { context?: InvocationContext }).context;\n const keyParts = options.key(...args) as Array<string | number | undefined>;\n return options.cache.getOrSet(ctx, keyParts, () =>\n originalMethod.apply(this, args),\n );\n };\n };\n};\n"],"mappings":";;;;AAAA,IAAAA,QAAA,GAAAC,sBAAA,CAAAC,OAAA;AAEA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,QAAA,GAAAF,OAAA;AAAqD,SAAAD,uBAAAI,CAAA,WAAAA,CAAA,IAAAA,CAAA,CAAAC,UAAA,GAAAD,CAAA,KAAAE,OAAA,EAAAF,CAAA;AAErD,IAAIG,KAAmB,GAAG,IAAI;AAC9B,IAAIC,iBAA+C,GAAG,IAAI;AAC1D,IAAIC,mBAA0D,GAAG,IAAI;AAQrE,MAAMC,kBAAkB,GAAG,MACzBC,GAAuB,IACE;EACzB,MAAMC,SAAS,GAAGC,OAAO,CAACC,GAAG,CAACC,oBAAoB,IAAI,EAAE;EACxD,IAAI,CAACH,SAAS,EAAE;IACd,MAAM,IAAII,KAAK,CAAC,yDAAyD,CAAC;EAC5E;EACA,IAAI,CAACL,GAAG,EAAE;IACR,MAAM,IAAIK,KAAK,CAAC,sDAAsD,CAAC;EACzE;EAEA,MAAM,CAACC,SAAS,EAAEC,QAAQ,EAAEC,eAAe,CAAC,GAAG,MAAMC,OAAO,CAACC,GAAG,CAAC,CAC/D,IAAAC,iCAAwB,EAACX,GAAG,EAAEC,SAAS,EAAEW,0BAAmB,CAACC,UAAU,CAAC,EACxE,IAAAF,iCAAwB,EAACX,GAAG,EAAEC,SAAS,EAAEW,0BAAmB,CAACE,SAAS,CAAC,EACvE,IAAAH,iCAAwB,EAACX,GAAG,EAAEC,SAAS,EAAEW,0BAAmB,CAACG,UAAU,CAAC,CACzE,CAAC;EAEF,MAAMC,SAAS,GAAGR,eAAe,GAAGS,MAAM,CAACT,eAAe,CAAC,GAAG,IAAI;EAElE,IAAI,CAACF,SAAS,IAAI,CAACC,QAAQ,EAAE;IAC3B,MAAM,IAAIF,KAAK,CAAC,0CAA0C,CAAC;EAC7D;EAEA,OAAO;IACLa,IAAI,EAAEZ,SAAS;IACfa,GAAG,EAAEZ,QAAQ;IACba,IAAI,EAAEJ;EACR,CAAC;AACH,CAAC;AAED,MAAMK,iBAAiB,GAAG,MACxBrB,GAAuB,IACY;EACnC,IAAIH,iBAAiB,EAAE,OAAOA,iBAAiB;EAC/C,IAAIC,mBAAmB,EAAE,OAAOA,mBAAmB;EAEnDA,mBAAmB,GAAG,CAAC,YAAY;IACjC,MAAM;MAAEoB,IAAI;MAAEC,GAAG;MAAEC;IAAK,CAAC,GAAG,MAAMrB,kBAAkB,CAACC,GAAG,CAAC;IAEzD,OAAO;MACLkB,IAAI;MACJE,IAAI;MACJE,QAAQ,EAAEH,GAAG;MACbI,GAAG,EAAE;QAAEC,UAAU,EAAEN;MAAK,CAAC;MACzBO,oBAAoB,EAAE,CAAC;MACvBC,gBAAgB,EAAE;IACpB,CAAC;EACH,CAAC,EAAE,CAAC,CACDC,IAAI,CAAEC,OAAO,IAAK;IACjB/B,iBAAiB,GAAG+B,OAAO;IAC3B,OAAOA,OAAO;EAChB,CAAC,CAAC,CACDC,OAAO,CAAC,MAAM;IACb/B,mBAAmB,GAAG,IAAI;EAC5B,CAAC,CAAC;EAEJ,OAAOA,mBAAmB;AAC5B,CAAC;AAEM,MAAMgC,cAAc,GAAG,MAAO9B,GAAuB,IAAqB;EAC/E,IAAIJ,KAAK,EAAE,OAAOA,KAAK;EAEvB,MAAMgC,OAAO,GAAG,MAAMP,iBAAiB,CAACrB,GAAG,CAAC;EAE5CJ,KAAK,GAAG,IAAImC,gBAAK,CAACH,OAAuB,CAAC;EAC1ChC,KAAK,CAACoC,EAAE,CAAC,OAAO,EAAGC,GAAG,IAAKjC,GAAG,YAAHA,GAAG,CAAEkC,KAAK,oBAAVlC,GAAG,CAAEkC,KAAK,CAAG,aAAa,EAAED,GAAG,CAAC,CAAC;EAC5DrC,KAAK,CAACoC,EAAE,CAAC,SAAS,EAAE,MAAMhC,GAAG,YAAHA,GAAG,CAAEmC,IAAI,oBAATnC,GAAG,CAAEmC,IAAI,CAAG,iBAAiB,CAAC,CAAC;EACzD,OAAOvC,KAAK;AACd,CAAC;AAACwC,OAAA,CAAAN,cAAA,GAAAA,cAAA;AAEF,MAAMO,QAAQ,GAAGA,CAACC,SAAiB,EAAEC,KAAyC,KAC5E,CAACD,SAAS,EAAE,GAAGC,KAAK,CAACC,GAAG,CAAEC,IAAI,IAAKA,IAAI,WAAJA,IAAI,GAAI,GAAG,CAAC,CAAC,CAACC,IAAI,CAAC,GAAG,CAAC;AAErD,MAAMC,WAAW,GAAGA,CAACL,SAAiB,EAAEM,UAAkB,KAAK;EACpE,OAAO;IACLzB,GAAG,EAAEA,CAAC,GAAGoB,KAAyC,KAChDF,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC;IAC5BM,GAAG,EAAE,MAAAA,CACH7C,GAAkC,EAClC,GAAGuC,KAAyC,KACzC;MACH,MAAMO,MAAM,GAAG,MAAMhB,cAAc,CAAC9B,GAAG,CAAC;MACxC,IAAI;QACF,OAAO,MAAM8C,MAAM,CAACD,GAAG,CAACR,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC,CAAC;MACrD,CAAC,CAAC,OAAOL,KAAK,EAAE;QACdlC,GAAG,YAAHA,GAAG,CAAEkC,KAAK,YAAVlC,GAAG,CAAEkC,KAAK,CAAG,kBAAkB,EAAEA,KAAK,CAAC;QACvC,OAAO,IAAI;MACb;IACF,CAAC;IACDa,GAAG,EAAE,MAAAA,CACH/C,GAAkC,EAClCgD,KAAa,EACb,GAAGT,KAAyC,KACzC;MACH,MAAMO,MAAM,GAAG,MAAMhB,cAAc,CAAC9B,GAAG,CAAC;MACxC,IAAI;QACF,MAAM8C,MAAM,CAACC,GAAG,CAACV,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC,EAAES,KAAK,EAAE,IAAI,EAAEJ,UAAU,CAAC;MACvE,CAAC,CAAC,OAAOV,KAAK,EAAE;QACdlC,GAAG,YAAHA,GAAG,CAAEkC,KAAK,YAAVlC,GAAG,CAAEkC,KAAK,CAAG,kBAAkB,EAAEA,KAAK,CAAC;MACzC;IACF,CAAC;IACDe,QAAQ,EAAE,MAAAA,CACRjD,GAAkC,EAClCuC,KAAyC,EACzCW,OAA8B,KAC3B;MACH,MAAMC,MAAM,GAAG,MAAM,CAAC,YAAY;QAChC,MAAML,MAAM,GAAG,MAAMhB,cAAc,CAAC9B,GAAG,CAAC;QACxC,IAAI;UACF,OAAO,MAAM8C,MAAM,CAACD,GAAG,CAACR,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC,CAAC;QACrD,CAAC,CAAC,OAAOL,KAAK,EAAE;UACdlC,GAAG,YAAHA,GAAG,CAAEkC,KAAK,YAAVlC,GAAG,CAAEkC,KAAK,CAAG,kBAAkB,EAAEA,KAAK,CAAC;UACvC,OAAO,IAAI;QACb;MACF,CAAC,EAAE,CAAC;MAEJ,IAAIiB,MAAM,EAAE,OAAOA,MAAM;MACzB,MAAMH,KAAK,GAAG,MAAME,OAAO,CAAC,CAAC;MAC7B,MAAM,CAAC,YAAY;QACjB,MAAMJ,MAAM,GAAG,MAAMhB,cAAc,CAAC9B,GAAG,CAAC;QACxC,IAAI;UACF,MAAM8C,MAAM,CAACC,GAAG,CAACV,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC,EAAES,KAAK,EAAE,IAAI,EAAEJ,UAAU,CAAC;QACvE,CAAC,CAAC,OAAOV,KAAK,EAAE;UACdlC,GAAG,YAAHA,GAAG,CAAEkC,KAAK,YAAVlC,GAAG,CAAEkC,KAAK,CAAG,kBAAkB,EAAEA,KAAK,CAAC;QACzC;MACF,CAAC,EAAE,CAAC;MACJ,OAAOc,KAAK;IACd,CAAC;IACDI,MAAM,EAAE,MAAAA,CACNpD,GAAkC,EAClC,GAAGuC,KAAyC,KACzC;MACH,MAAMO,MAAM,GAAG,MAAMhB,cAAc,CAAC9B,GAAG,CAAC;MACxC,IAAI;QACF,MAAM8C,MAAM,CAACO,GAAG,CAAChB,QAAQ,CAACC,SAAS,EAAEC,KAAK,CAAC,CAAC;MAC9C,CAAC,CAAC,OAAOL,KAAK,EAAE;QACdlC,GAAG,YAAHA,GAAG,CAAEkC,KAAK,YAAVlC,GAAG,CAAEkC,KAAK,CAAG,qBAAqB,EAAEA,KAAK,CAAC;MAC5C;IACF;EACF,CAAC;AACH,CAAC;AAACE,OAAA,CAAAO,WAAA,GAAAA,WAAA;AAQK,MAAMW,SAAS,GACpB1B,OAAgC,IACZ;EACpB,OAAO,CACL2B,OAAO,EACPC,YAAY,EACZC,UAA8B,KACrB;IACT,MAAMC,cAAc,GAAGD,UAAU,CAACT,KAErB;IACb,IAAI,CAACU,cAAc,EAAE;IACrBD,UAAU,CAACT,KAAK,GAAG,gBAAgB,GAAGW,IAAW,EAAE;MAAA,IAAAC,mBAAA;MACjD,MAAM5D,GAAG,IAAA4D,mBAAA,GACPhC,OAAO,CAACiC,UAAU,oBAAlBjC,OAAO,CAACiC,UAAU,CAAG,IAAI,CAAC,YAAAD,mBAAA,GACzB,IAAI,CAAqCE,OAAO;MACnD,MAAMC,QAAQ,GAAGnC,OAAO,CAACT,GAAG,CAAC,GAAGwC,IAAI,CAAuC;MAC3E,OAAO/B,OAAO,CAACoC,KAAK,CAACf,QAAQ,CAACjD,GAAG,EAAE+D,QAAQ,EAAE,MAC3CL,cAAc,CAACO,KAAK,CAAC,IAAI,EAAEN,IAAI,CACjC,CAAC;IACH,CAAC;EACH,CAAC;AACH,CAAC;AAACvB,OAAA,CAAAkB,SAAA,GAAAA,SAAA","ignoreList":[]}
package/build/esm/enums/secretKeys.enum.js CHANGED
@@ -41,6 +41,7 @@ export let AzureSecretKeysEnum = /*#__PURE__*/function (AzureSecretKeysEnum) {
41
41
  AzureSecretKeysEnum["REDIS_HOST"] = "REDIS-HOST";
42
42
  AzureSecretKeysEnum["REDIS_KEY"] = "REDIS-KEY";
43
43
  AzureSecretKeysEnum["REDIS_URL"] = "REDIS-URL";
44
+ AzureSecretKeysEnum["REDIS_PORT"] = "REDIS-PORT";
44
45
  return AzureSecretKeysEnum;
45
46
  }({});
46
47