@culturefy/shared 1.0.70 → 1.0.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/build/cjs/middlewares/verify-middleware.js +4 -8
  2. package/build/cjs/middlewares/verify-middleware.js.map +1 -1
  3. package/build/cjs/types/index.js +6 -0
  4. package/build/cjs/types/index.js.map +1 -1
  5. package/build/esm/middlewares/verify-middleware.js +4 -8
  6. package/build/esm/middlewares/verify-middleware.js.map +1 -1
  7. package/build/esm/types/index.js +1 -0
  8. package/build/esm/types/index.js.map +1 -1
  9. package/build/src/middlewares/verify-middleware.js +8 -13
  10. package/build/src/middlewares/verify-middleware.js.map +1 -1
  11. package/build/src/types/index.d.ts +1 -0
  12. package/build/src/types/index.js +1 -0
  13. package/build/src/types/index.js.map +1 -1
  14. package/package.json +1 -1
package/build/cjs/middlewares/verify-middleware.js CHANGED
@@ -251,8 +251,9 @@ const verifyMw = async (req, ctx, next) => {
251
251
  };
252
252
  }
253
253
  const now = Math.floor(Date.now() / 1000);
254
- // Refresh only when expired
255
- if (typeof p.exp === "number" && p.exp <= now) {
254
+ // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)
255
+ const refreshLeewaySeconds = 60;
256
+ if (typeof p.exp === "number" && p.exp <= now + refreshLeewaySeconds) {
256
257
  // Delegate to refresh helper; it will handle setting cookies/state or returning an error
257
258
  return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);
258
259
  }
@@ -323,7 +324,6 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
323
324
  const requestOrigin = (_req$headers$get3 = req.headers.get("origin")) != null ? _req$headers$get3 : undefined;
324
325
  if (!apiURL) {
325
326
  ctx.error == null || ctx.error("Refresh session URL is not configured");
326
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
327
327
  return {
328
328
  status: 401,
329
329
  headers: {
@@ -351,7 +351,6 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
351
351
  });
352
352
  if (!resp.ok) {
353
353
  ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`);
354
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
355
354
  return {
356
355
  status: 401,
357
356
  headers: {
@@ -371,7 +370,6 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
371
370
  const newAT = data.access_token;
372
371
  const newRT = data.refresh_token;
373
372
  if (!newAT || !newRT) {
374
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
375
373
  return {
376
374
  status: 401,
377
375
  headers: {
@@ -414,7 +412,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
414
412
  await verifyMappingCache.delete(ctx, mapping);
415
413
 
416
414
  // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
417
- const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : typeof data.expires_in === "number" ? data.expires_in : 60 * 60 * 24; // fallback 24h
415
+ const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)
418
416
 
419
417
  const mappingCookieValue = Buffer.from(mapping).toString("base64");
420
418
  const appConfig = _constants.APP_MAP[appId];
@@ -486,13 +484,11 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
486
484
  // Continue pipeline after refresh
487
485
  return next();
488
486
  } catch (e) {
489
- var _req$headers$get4;
490
487
  ctx.error == null || ctx.error("refresh exception", {
491
488
  message: e == null ? void 0 : e.message,
492
489
  name: e == null ? void 0 : e.name,
493
490
  code: e == null ? void 0 : e.code
494
491
  });
495
- clearSessionMappingCookie(ctx, appId, (_req$headers$get4 = req.headers.get("origin")) != null ? _req$headers$get4 : undefined, req.url);
496
492
  return {
497
493
  status: 401,
498
494
  headers: {
package/build/cjs/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","clearSessionMappingCookie","ctx","appId","APP_MAP","cookieName","getSessionMappingCookieName","isLocal","setCookieKV","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","tokenMappingId","exports","_req$headers$get2","info","_req$headers$get3","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","audOk2","tenantId2","e","_req$headers$get4","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n tokenMappingId: mapping,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC1B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASoB,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb7B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;EAChC,MAAME,UAAU,GAAGC,2BAA2B,CAACH,KAAK,EAAE7B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMgC,OAAO,GAAGP,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC;EAClD,IAAAiC,oBAAW,EAACN,GAAG,EAAEG,UAAU,EAAE,EAAE,EAAE;IAC/BI,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACH,OAAO;IAChBI,QAAQ,EAAEJ,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCK,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAAS+B,2BAA2BA,CAACH,KAAa,EAAE7B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAIyB,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc4B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEO,MAAMU,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBZ,GAAsB,EACtBa,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAM/B,KAAK,GAAGW,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACjC,KAAK,IAAI,EAACC,kBAAO,aAAAY,cAAA,GAAPZ,kBAAO,CAAGD,KAAK,CAAC,aAAhBa,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAGjC,kBAAO,CAACD,KAAK,CAAC,CAACkC,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAGrD,iBAAiB,CAACwB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAA3B,gBAAA,GAAGH,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIzC,SAAS;EAE5D,IAAIqE,OAAsB,GACxBF,OAAO,CAACrC,2BAA2B,CAACH,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBxC,KAAK,UAAU,CAAC,IAC/CwC,OAAO,CAAC,cAAcxC,KAAK,UAAU,CAAC,IACtCW,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCtB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/C,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACkF,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpD,GAAG,EAAE8C,KAAK,CAAC;EAE/D,IAAIO,eAAe,GAAG,MAAMrF,kBAAkB,CAACkE,GAAG,CAAClC,GAAG,EAAE2C,OAAO,CAAC;EAChE,IAAI,CAACU,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACZ,OAAO,CAAC;IACtE,IAAIW,OAAO,EAAE;MACXD,eAAe,GAAGf,IAAI,CAACC,SAAS,CAACe,OAAO,CAAC;MACzC,MAAMtF,kBAAkB,CAACwF,GAAG,CAACxD,GAAG,EAAEqD,eAAe,EAAEV,OAAO,CAAC;IAC7D;EACF;EACA,MAAMc,YAAY,GAAGJ,eAAe,GAAGf,IAAI,CAACoB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAImB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMuB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACtB,QAAQ;EAE3C,IAAI,CAAC8B,aAAa,IAAIA,aAAa,KAAK9B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACR,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAxB,EAAA,GAACkD,CAAC,aAADlD,EAAA,CAAGoD,GAAG,GAAE;IACX,OAAO;MACLhC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM6B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC9D,GAAG,EAAEZ,GAAG,EAAEC,KAAK,EAAE8D,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAElB,OAAO,EAAEuB,CAAC,EAAErD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM8D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACd,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKb,aAAa,IAAIC,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC/EZ,CAAC,CAACc,GAAG,KAAKf,aAAa;EAEzB,IAAI,CAACU,KAAK,EAAE;IACV,OAAO;MACLvC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAtB,UAAA,IAAAD,IAAA,GAACjB,GAAG,EAASiF,KAAK,YAAA/D,UAAA,GAAlBD,IAAA,CAAagE,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGnB,KAAK,CAACoB,QAAQ,CAAC,CAAC;EAEhCnF,GAAG,CAASiF,KAAK,CAACG,IAAI,GAAG;IACxBnF,KAAK;IACLoF,MAAM,GAAAlE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEoC,YAAY,CAAC4B,MAAM,aAAnBhE,oBAAA,CAAqB8D,QAAQ,oBAA7B9D,oBAAA,CAAqB8D,QAAQ,CAAG,CAAC,YAAA/D,qBAAA,GAAI8C,CAAC,CAACoB,GAAG,YAAAnE,KAAA,GAAI,IAAI;IAC1DoE,cAAc,GAAAjE,KAAA,IAAAC,MAAA,GAAE2C,CAAC,CAACoB,GAAG,YAAA/D,MAAA,GAAIkC,YAAY,CAAC8B,cAAc,YAAAjE,KAAA,GAAI,IAAI;IAC5DkE,UAAU,GAAAhE,KAAA,IAAAC,UAAA,GAAEyC,CAAC,CAACuB,OAAO,YAAAhE,UAAA,GAAIyD,QAAQ,YAAA1D,KAAA,GAAI,IAAI;IACzC0D,QAAQ;IACRQ,KAAK,GAAAhE,KAAA,IAAAC,QAAA,GAAEuC,CAAC,CAACwB,KAAK,YAAA/D,QAAA,GAAIuC,CAAC,CAACyB,kBAAkB,YAAAjE,KAAA,GAAI,IAAI;IAC9CkE,IAAI,GAAAhE,OAAA,GAAEsC,CAAC,CAAC0B,IAAI,YAAAhE,OAAA,GAAItD,SAAS;IACzBuH,KAAK,GAAAhE,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEmC,CAAC,CAAC4B,eAAe,cAAA/D,kBAAA,GAAjBA,kBAAA,CAAoBkC,aAAa,CAAC,qBAAlClC,kBAAA,CAAoC8D,KAAK,YAAA/D,qBAAA,IAAAE,eAAA,GAAIkC,CAAC,CAAC6B,YAAY,qBAAd/D,eAAA,CAAgB6D,KAAK,YAAAhE,KAAA,GAAI,EAAE;IAC/E4C,GAAG,EAAEP,CAAC,CAACO,GAAG;IACVuB,cAAc,EAAErD;EAClB,CAAC;EAED,OAAO9B,IAAI,CAAC,CAAC;AACf,CAAC;AAACoF,OAAA,CAAAtF,QAAA,GAAAA,QAAA;AAIF,eAAe+D,kBAAkBA,CAC/B9D,GAAgB,EAChBZ,GAAsB,EACtBC,KAAa,EACb+D,OAAe,EACf7B,QAAgB,EAChB0B,EAAsB,EACtBlB,OAAe,EACfuB,CAAM,EACNrD,IAAqC,EACV;EAC3B;EACA,IAAI,CAACgD,EAAE,EAAE;IAAA,IAAAqC,iBAAA;IACPnG,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAiG,iBAAA,GAAEtF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAgE,iBAAA,GAAI5H,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAxC,GAAG,CAACmG,IAAI,CAAC,0BAA0B,EAAE;IACnCnC,OAAO;IACP7B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAiE,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAM1E,aAAa,IAAA0D,iBAAA,GAAGxF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAkE,iBAAA,GAAI9H,SAAS;IAC5D,IAAI,CAACV,MAAM,EAAE;MACXoC,GAAG,CAACqH,KAAK,YAATrH,GAAG,CAACqH,KAAK,CAAG,uCAAuC,CAAC;MACpDtH,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM8E,IAAI,GAAG,MAAMC,KAAK,CAAC3J,MAAM,EAAE;MAC/B4J,MAAM,EAAE,MAAM;MACdvF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnByB,OAAO;QACP7B,QAAQ,EAAEA,QAAQ;QAClBsF,aAAa,EAAE5D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACyD,IAAI,CAACI,EAAE,EAAE;MACZ1H,GAAG,CAAC2H,IAAI,YAAR3H,GAAG,CAAC2H,IAAI,CAAG,mCAAmCL,IAAI,CAAClF,MAAM,EAAE,CAAC;MAC5DrC,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMoF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpBlI,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/C,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACkF,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpD,GAAG,EAAE8C,KAAK,CAAC;IAE/D,MAAMoF,cAAc,GAAG,MAAM/E,mBAAmB,CAACgF,kBAAkB,CAACxF,OAAO,EAAE;MAC3EiB,WAAW,EAAEmE,KAAK;MAClBjE,YAAY,EAAEmE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI7D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGyD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG/J;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAACsK,MAAM,CAACtI,GAAG,EAAE2C,OAAO,CAAC;;IAE7C;IACA,MAAM4F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,MAAMI,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAChG,OAAO,CAAC,CAACwC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMhH,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;;IAEhC;IACA,MAAM2I,YAAY,GAAG1K,gBAAgB,CAACC,SAAS,EAAEuE,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IACxE,MAAMiG,YAAY,GAAG/I,cAAc,CAAC4C,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IAE3D,IAAAtC,oBAAW,EAACN,GAAG,EAAEI,2BAA2B,CAACH,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,EAAE6F,kBAAkB,EAAE;MAC/F;MACAlI,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACqI,YAAY;MACrBpI,QAAQ,EAAEoI,YAAY,GAAG,KAAK,GAAG,MAAM;MACvCnI,MAAM,EAAE6H,aAAa;MACrBzJ,MAAM,EAAE8J;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA3E,oBAAS,EAAC4D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL3F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMuG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACiE,EAAE,CAAChE,GAAG,CAAC,IAAIgE,EAAE,CAAChE,GAAG,CAACC,QAAQ,CAAC5C,QAAQ,CAAC,IAClD,OAAO2G,EAAE,CAAChE,GAAG,KAAK,QAAQ,KAAKgE,EAAE,CAAChE,GAAG,KAAK3C,QAAQ,IAAI2G,EAAE,CAAChE,GAAG,KAAK,SAAS,CAAE,IAC7EgE,EAAE,CAAC9D,GAAG,KAAK7C,QAAQ;IACrB,IAAI,CAAC4G,MAAM,EAAE;MACX,OAAO;QACL3G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA8D,WAAA,IAAAD,KAAA,GAACrG,GAAG,EAASiF,KAAK,YAAAqB,WAAA,GAAlBD,KAAA,CAAapB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGhF,OAAO,CAACmB,QAAQ,CAAC,CAAC;IACnCnF,GAAG,CAASiF,KAAK,CAACG,IAAI,GAAG;MACxBnF,KAAK,EAAEA,KAAe;MACtBoF,MAAM,GAAAkB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE7C,MAAM,aAAtBoB,sBAAA,CAAwBtB,QAAQ,oBAAhCsB,sBAAA,CAAwBtB,QAAQ,CAAG,CAAC,YAAAqB,qBAAA,GAAIsC,EAAE,CAACxD,GAAG,YAAAiB,KAAA,GAAI,IAAI;MAC9DhB,cAAc,GAAAmB,KAAA,IAAAC,OAAA,GAAEmC,EAAE,CAACxD,GAAG,YAAAqB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAE3C,cAAc,YAAAmB,KAAA,GAAI,IAAI;MAChElB,UAAU,GAAAoB,KAAA,IAAAC,WAAA,GAAEiC,EAAE,CAACrD,OAAO,YAAAoB,WAAA,GAAImC,SAAS,YAAApC,KAAA,GAAI,IAAI;MAC3C1B,QAAQ,EAAE8D,SAAS;MACnBtD,KAAK,GAAAoB,KAAA,IAAAC,SAAA,GAAE+B,EAAE,CAACpD,KAAK,YAAAqB,SAAA,GAAI+B,EAAE,CAACnD,kBAAkB,YAAAmB,KAAA,GAAI,IAAI;MAChDlB,IAAI,GAAAoB,QAAA,GAAE8B,EAAE,CAAClD,IAAI,YAAAoB,QAAA,GAAI1I,SAAS;MAC1BuH,KAAK,GAAAoB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE2B,EAAE,CAAChD,eAAe,cAAAqB,mBAAA,GAAlBA,mBAAA,CAAqBhF,QAAQ,CAAC,qBAA9BgF,mBAAA,CAAgCtB,KAAK,YAAAqB,qBAAA,IAAAE,gBAAA,GAAI0B,EAAE,CAAC/C,YAAY,qBAAfqB,gBAAA,CAAiBvB,KAAK,YAAAoB,MAAA,GAAI,EAAE;MAC5ExC,GAAG,EAAEqE,EAAE,CAACrE,GAAG;MACXuB,cAAc,EAAErD;IAClB,CAAC;;IAED;IACA,OAAO9B,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOoI,CAAM,EAAE;IAAA,IAAAC,iBAAA;IACflJ,GAAG,CAACqH,KAAK,YAATrH,GAAG,CAACqH,KAAK,CAAG,mBAAmB,EAAE;MAC/B8B,OAAO,EAAEF,CAAC,oBAADA,CAAC,CAAEE,OAAO;MACnBvD,IAAI,EAAEqD,CAAC,oBAADA,CAAC,CAAErD,IAAI;MACbwD,IAAI,EAAEH,CAAC,oBAADA,CAAC,CAAEG;IACX,CAAC,CAAC;IACFrJ,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAiJ,iBAAA,GAAEtI,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAgH,iBAAA,GAAI5K,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAACwG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOX,MAAM,CAACC,IAAI,CAACU,KAAK,EAAE,QAAQ,CAAC,CAAClE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOkC,KAAU,EAAE;IACnBiC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGlC,KAAK,CAAC8B,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","clearSessionMappingCookie","ctx","appId","APP_MAP","cookieName","getSessionMappingCookieName","isLocal","setCookieKV","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","jwtDecode","sid","now","Math","floor","Date","refreshLeewaySeconds","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","tokenMappingId","exports","_req$headers$get2","info","_req$headers$get3","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","audOk2","tenantId2","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)\n const refreshLeewaySeconds = 60;\n if (typeof p.exp === \"number\" && p.exp <= (now + refreshLeewaySeconds)) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n tokenMappingId: mapping,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC1B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASoB,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb7B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;EAChC,MAAME,UAAU,GAAGC,2BAA2B,CAACH,KAAK,EAAE7B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMgC,OAAO,GAAGP,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC;EAClD,IAAAiC,oBAAW,EAACN,GAAG,EAAEG,UAAU,EAAE,EAAE,EAAE;IAC/BI,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACH,OAAO;IAChBI,QAAQ,EAAEJ,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCK,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAAS+B,2BAA2BA,CAACH,KAAa,EAAE7B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAIyB,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc4B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEO,MAAMU,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBZ,GAAsB,EACtBa,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAM/B,KAAK,GAAGW,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACjC,KAAK,IAAI,EAACC,kBAAO,aAAAY,cAAA,GAAPZ,kBAAO,CAAGD,KAAK,CAAC,aAAhBa,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAGjC,kBAAO,CAACD,KAAK,CAAC,CAACkC,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAGrD,iBAAiB,CAACwB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAA3B,gBAAA,GAAGH,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIzC,SAAS;EAE5D,IAAIqE,OAAsB,GACxBF,OAAO,CAACrC,2BAA2B,CAACH,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBxC,KAAK,UAAU,CAAC,IAC/CwC,OAAO,CAAC,cAAcxC,KAAK,UAAU,CAAC,IACtCW,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCtB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/C,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACkF,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpD,GAAG,EAAE8C,KAAK,CAAC;EAE/D,IAAIO,eAAe,GAAG,MAAMrF,kBAAkB,CAACkE,GAAG,CAAClC,GAAG,EAAE2C,OAAO,CAAC;EAChE,IAAI,CAACU,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACZ,OAAO,CAAC;IACtE,IAAIW,OAAO,EAAE;MACXD,eAAe,GAAGf,IAAI,CAACC,SAAS,CAACe,OAAO,CAAC;MACzC,MAAMtF,kBAAkB,CAACwF,GAAG,CAACxD,GAAG,EAAEqD,eAAe,EAAEV,OAAO,CAAC;IAC7D;EACF;EACA,MAAMc,YAAY,GAAGJ,eAAe,GAAGf,IAAI,CAACoB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAImB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMuB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACtB,QAAQ;EAE3C,IAAI,CAAC8B,aAAa,IAAIA,aAAa,KAAK9B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACR,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAxB,EAAA,GAACkD,CAAC,aAADlD,EAAA,CAAGoD,GAAG,GAAE;IACX,OAAO;MACLhC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM6B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,MAAMI,oBAAoB,GAAG,EAAE;EAC/B,IAAI,OAAOP,CAAC,CAACQ,GAAG,KAAK,QAAQ,IAAIR,CAAC,CAACQ,GAAG,IAAKL,GAAG,GAAGI,oBAAqB,EAAE;IACtE;IACA,OAAO,MAAME,kBAAkB,CAAC/D,GAAG,EAAEZ,GAAG,EAAEC,KAAK,EAAE8D,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAElB,OAAO,EAAEuB,CAAC,EAAErD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM+D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACZ,CAAC,CAACa,GAAG,CAAC,IAAIb,CAAC,CAACa,GAAG,CAACC,QAAQ,CAACf,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACa,GAAG,KAAK,QAAQ,KAAKb,CAAC,CAACa,GAAG,KAAKd,aAAa,IAAIC,CAAC,CAACa,GAAG,KAAK,SAAS,CAAE,IAC/Eb,CAAC,CAACe,GAAG,KAAKhB,aAAa;EAEzB,IAAI,CAACW,KAAK,EAAE;IACV,OAAO;MACLxC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAtB,UAAA,IAAAD,IAAA,GAACjB,GAAG,EAASkF,KAAK,YAAAhE,UAAA,GAAlBD,IAAA,CAAaiE,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGpB,KAAK,CAACqB,QAAQ,CAAC,CAAC;EAEhCpF,GAAG,CAASkF,KAAK,CAACG,IAAI,GAAG;IACxBpF,KAAK;IACLqF,MAAM,GAAAnE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEoC,YAAY,CAAC6B,MAAM,aAAnBjE,oBAAA,CAAqB+D,QAAQ,oBAA7B/D,oBAAA,CAAqB+D,QAAQ,CAAG,CAAC,YAAAhE,qBAAA,GAAI8C,CAAC,CAACqB,GAAG,YAAApE,KAAA,GAAI,IAAI;IAC1DqE,cAAc,GAAAlE,KAAA,IAAAC,MAAA,GAAE2C,CAAC,CAACqB,GAAG,YAAAhE,MAAA,GAAIkC,YAAY,CAAC+B,cAAc,YAAAlE,KAAA,GAAI,IAAI;IAC5DmE,UAAU,GAAAjE,KAAA,IAAAC,UAAA,GAAEyC,CAAC,CAACwB,OAAO,YAAAjE,UAAA,GAAI0D,QAAQ,YAAA3D,KAAA,GAAI,IAAI;IACzC2D,QAAQ;IACRQ,KAAK,GAAAjE,KAAA,IAAAC,QAAA,GAAEuC,CAAC,CAACyB,KAAK,YAAAhE,QAAA,GAAIuC,CAAC,CAAC0B,kBAAkB,YAAAlE,KAAA,GAAI,IAAI;IAC9CmE,IAAI,GAAAjE,OAAA,GAAEsC,CAAC,CAAC2B,IAAI,YAAAjE,OAAA,GAAItD,SAAS;IACzBwH,KAAK,GAAAjE,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEmC,CAAC,CAAC6B,eAAe,cAAAhE,kBAAA,GAAjBA,kBAAA,CAAoBkC,aAAa,CAAC,qBAAlClC,kBAAA,CAAoC+D,KAAK,YAAAhE,qBAAA,IAAAE,eAAA,GAAIkC,CAAC,CAAC8B,YAAY,qBAAdhE,eAAA,CAAgB8D,KAAK,YAAAjE,KAAA,GAAI,EAAE;IAC/E6C,GAAG,EAAER,CAAC,CAACQ,GAAG;IACVuB,cAAc,EAAEtD;EAClB,CAAC;EAED,OAAO9B,IAAI,CAAC,CAAC;AACf,CAAC;AAACqF,OAAA,CAAAvF,QAAA,GAAAA,QAAA;AAIF,eAAegE,kBAAkBA,CAC/B/D,GAAgB,EAChBZ,GAAsB,EACtBC,KAAa,EACb+D,OAAe,EACf7B,QAAgB,EAChB0B,EAAsB,EACtBlB,OAAe,EACfuB,CAAM,EACNrD,IAAqC,EACV;EAC3B;EACA,IAAI,CAACgD,EAAE,EAAE;IAAA,IAAAsC,iBAAA;IACPpG,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAkG,iBAAA,GAAEvF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAiE,iBAAA,GAAI7H,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAxC,GAAG,CAACoG,IAAI,CAAC,0BAA0B,EAAE;IACnCpC,OAAO;IACP7B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAkE,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAM3E,aAAa,IAAA2D,iBAAA,GAAGzF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAmE,iBAAA,GAAI/H,SAAS;IAC5D,IAAI,CAACV,MAAM,EAAE;MACXoC,GAAG,CAACsH,KAAK,YAATtH,GAAG,CAACsH,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACLlF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM+E,IAAI,GAAG,MAAMC,KAAK,CAAC5J,MAAM,EAAE;MAC/B6J,MAAM,EAAE,MAAM;MACdxF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnByB,OAAO;QACP7B,QAAQ,EAAEA,QAAQ;QAClBuF,aAAa,EAAE7D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC0D,IAAI,CAACI,EAAE,EAAE;MACZ3H,GAAG,CAAC4H,IAAI,YAAR5H,GAAG,CAAC4H,IAAI,CAAG,mCAAmCL,IAAI,CAACnF,MAAM,EAAE,CAAC;MAC5D,OAAO;QACLA,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMqF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL9F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/C,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACkF,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpD,GAAG,EAAE8C,KAAK,CAAC;IAE/D,MAAMqF,cAAc,GAAG,MAAMhF,mBAAmB,CAACiF,kBAAkB,CAACzF,OAAO,EAAE;MAC3EiB,WAAW,EAAEoE,KAAK;MAClBlE,YAAY,EAAEoE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI9D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG0D,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGhK;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAACuK,MAAM,CAACvI,GAAG,EAAE2C,OAAO,CAAC;;IAE7C;IACA,MAAM6F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEzB,MAAMC,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAACjG,OAAO,CAAC,CAACyC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMjH,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;;IAEhC;IACA,MAAM4I,YAAY,GAAG3K,gBAAgB,CAACC,SAAS,EAAEuE,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IACxE,MAAMkG,YAAY,GAAGhJ,cAAc,CAAC4C,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IAE3D,IAAAtC,oBAAW,EAACN,GAAG,EAAEI,2BAA2B,CAACH,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,EAAE8F,kBAAkB,EAAE;MAC/F;MACAnI,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACsI,YAAY;MACrBrI,QAAQ,EAAEqI,YAAY,GAAG,KAAK,GAAG,MAAM;MACvCpI,MAAM,EAAE8H,aAAa;MACrB1J,MAAM,EAAE+J;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA5E,oBAAS,EAAC6D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL5F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMwG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACiE,EAAE,CAAChE,GAAG,CAAC,IAAIgE,EAAE,CAAChE,GAAG,CAACC,QAAQ,CAAC7C,QAAQ,CAAC,IAClD,OAAO4G,EAAE,CAAChE,GAAG,KAAK,QAAQ,KAAKgE,EAAE,CAAChE,GAAG,KAAK5C,QAAQ,IAAI4G,EAAE,CAAChE,GAAG,KAAK,SAAS,CAAE,IAC7EgE,EAAE,CAAC9D,GAAG,KAAK9C,QAAQ;IACrB,IAAI,CAAC6G,MAAM,EAAE;MACX,OAAO;QACL5G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA+D,WAAA,IAAAD,KAAA,GAACtG,GAAG,EAASkF,KAAK,YAAAqB,WAAA,GAAlBD,KAAA,CAAapB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGjF,OAAO,CAACoB,QAAQ,CAAC,CAAC;IACnCpF,GAAG,CAASkF,KAAK,CAACG,IAAI,GAAG;MACxBpF,KAAK,EAAEA,KAAe;MACtBqF,MAAM,GAAAkB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE7C,MAAM,aAAtBoB,sBAAA,CAAwBtB,QAAQ,oBAAhCsB,sBAAA,CAAwBtB,QAAQ,CAAG,CAAC,YAAAqB,qBAAA,GAAIsC,EAAE,CAACxD,GAAG,YAAAiB,KAAA,GAAI,IAAI;MAC9DhB,cAAc,GAAAmB,KAAA,IAAAC,OAAA,GAAEmC,EAAE,CAACxD,GAAG,YAAAqB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAE3C,cAAc,YAAAmB,KAAA,GAAI,IAAI;MAChElB,UAAU,GAAAoB,KAAA,IAAAC,WAAA,GAAEiC,EAAE,CAACrD,OAAO,YAAAoB,WAAA,GAAImC,SAAS,YAAApC,KAAA,GAAI,IAAI;MAC3C1B,QAAQ,EAAE8D,SAAS;MACnBtD,KAAK,GAAAoB,KAAA,IAAAC,SAAA,GAAE+B,EAAE,CAACpD,KAAK,YAAAqB,SAAA,GAAI+B,EAAE,CAACnD,kBAAkB,YAAAmB,KAAA,GAAI,IAAI;MAChDlB,IAAI,GAAAoB,QAAA,GAAE8B,EAAE,CAAClD,IAAI,YAAAoB,QAAA,GAAI3I,SAAS;MAC1BwH,KAAK,GAAAoB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE2B,EAAE,CAAChD,eAAe,cAAAqB,mBAAA,GAAlBA,mBAAA,CAAqBjF,QAAQ,CAAC,qBAA9BiF,mBAAA,CAAgCtB,KAAK,YAAAqB,qBAAA,IAAAE,gBAAA,GAAI0B,EAAE,CAAC/C,YAAY,qBAAfqB,gBAAA,CAAiBvB,KAAK,YAAAoB,MAAA,GAAI,EAAE;MAC5ExC,GAAG,EAAEqE,EAAE,CAACrE,GAAG;MACXuB,cAAc,EAAEtD;IAClB,CAAC;;IAED;IACA,OAAO9B,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOqI,CAAM,EAAE;IACflJ,GAAG,CAACsH,KAAK,YAATtH,GAAG,CAACsH,KAAK,CAAG,mBAAmB,EAAE;MAC/B6B,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnBtD,IAAI,EAAEqD,CAAC,oBAADA,CAAC,CAAErD,IAAI;MACbuD,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACLhH,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAACwG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOV,MAAM,CAACC,IAAI,CAACS,KAAK,EAAE,QAAQ,CAAC,CAACjE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOkC,KAAU,EAAE;IACnBgC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGjC,KAAK,CAAC6B,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
package/build/cjs/types/index.js CHANGED
@@ -13,4 +13,10 @@ Object.keys(_events).forEach(function (key) {
13
13
  if (key in exports && exports[key] === _events[key]) return;
14
14
  exports[key] = _events[key];
15
15
  });
16
+ var _app = require("./app");
17
+ Object.keys(_app).forEach(function (key) {
18
+ if (key === "default" || key === "__esModule") return;
19
+ if (key in exports && exports[key] === _app[key]) return;
20
+ exports[key] = _app[key];
21
+ });
16
22
  //# sourceMappingURL=index.js.map
package/build/cjs/types/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["_createEnterpriseBusiness","require","Object","keys","forEach","key","exports","_events"],"sources":["../../../src/types/index.ts"],"sourcesContent":["export * from './create-enterprise-business'\nexport * from './events'"],"mappings":";;;AAAA,IAAAA,yBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,yBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,yBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,yBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,OAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,OAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,OAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,OAAA,CAAAF,GAAA;AAAA","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":["_createEnterpriseBusiness","require","Object","keys","forEach","key","exports","_events","_app"],"sources":["../../../src/types/index.ts"],"sourcesContent":["export * from './create-enterprise-business'\nexport * from './events'\nexport * from './app'"],"mappings":";;;AAAA,IAAAA,yBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,yBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,yBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,yBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,OAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,OAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,OAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,OAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,IAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,IAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,IAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,IAAA,CAAAH,GAAA;AAAA","ignoreList":[]}
package/build/esm/middlewares/verify-middleware.js CHANGED
@@ -247,8 +247,9 @@ export const verifyMw = async (req, ctx, next) => {
247
247
  };
248
248
  }
249
249
  const now = Math.floor(Date.now() / 1000);
250
- // Refresh only when expired
251
- if (typeof p.exp === "number" && p.exp <= now) {
250
+ // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)
251
+ const refreshLeewaySeconds = 60;
252
+ if (typeof p.exp === "number" && p.exp <= now + refreshLeewaySeconds) {
252
253
  // Delegate to refresh helper; it will handle setting cookies/state or returning an error
253
254
  return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);
254
255
  }
@@ -318,7 +319,6 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
318
319
  const requestOrigin = (_req$headers$get3 = req.headers.get("origin")) != null ? _req$headers$get3 : undefined;
319
320
  if (!apiURL) {
320
321
  ctx.error == null || ctx.error("Refresh session URL is not configured");
321
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
322
322
  return {
323
323
  status: 401,
324
324
  headers: {
@@ -346,7 +346,6 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
346
346
  });
347
347
  if (!resp.ok) {
348
348
  ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`);
349
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
350
349
  return {
351
350
  status: 401,
352
351
  headers: {
@@ -366,7 +365,6 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
366
365
  const newAT = data.access_token;
367
366
  const newRT = data.refresh_token;
368
367
  if (!newAT || !newRT) {
369
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
370
368
  return {
371
369
  status: 401,
372
370
  headers: {
@@ -409,7 +407,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
409
407
  await verifyMappingCache.delete(ctx, mapping);
410
408
 
411
409
  // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
412
- const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : typeof data.expires_in === "number" ? data.expires_in : 60 * 60 * 24; // fallback 24h
410
+ const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)
413
411
 
414
412
  const mappingCookieValue = Buffer.from(mapping).toString("base64");
415
413
  const appConfig = APP_MAP[appId];
@@ -481,13 +479,11 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
481
479
  // Continue pipeline after refresh
482
480
  return next();
483
481
  } catch (e) {
484
- var _req$headers$get4;
485
482
  ctx.error == null || ctx.error("refresh exception", {
486
483
  message: e == null ? void 0 : e.message,
487
484
  name: e == null ? void 0 : e.name,
488
485
  code: e == null ? void 0 : e.code
489
486
  });
490
- clearSessionMappingCookie(ctx, appId, (_req$headers$get4 = req.headers.get("origin")) != null ? _req$headers$get4 : undefined, req.url);
491
487
  return {
492
488
  status: 401,
493
489
  headers: {
package/build/esm/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","createCache","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","_unused","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","_unused2","clearSessionMappingCookie","ctx","appId","cookieName","getSessionMappingCookieName","isLocal","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","_unused3","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","tokenMappingId","_req$headers$get2","info","_req$headers$get3","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","_unused4","audOk2","tenantId2","e","_req$headers$get4","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n tokenMappingId: mapping,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,WAAW,EAAEC,wBAAwB,QAAQ,UAAU;AAEhE,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAGP,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASQ,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,OAAAC,OAAA,EAAM;IACN,OAAOd,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMe,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC3B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,OAAAqB,QAAA,EAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASC,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb/B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;EAChC,MAAMC,UAAU,GAAGC,2BAA2B,CAACF,KAAK,EAAE/B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMiC,OAAO,GAAGP,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC;EAClDZ,WAAW,CAACyC,GAAG,EAAEE,UAAU,EAAE,EAAE,EAAE;IAC/BG,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACF,OAAO;IAChBG,QAAQ,EAAEH,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCI,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAASgC,2BAA2BA,CAACF,KAAa,EAAE/B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAI0B,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc8B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEA,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBV,GAAsB,EACtBW,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAM7B,KAAK,GAAGS,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAAC/B,KAAK,IAAI,EAAC7C,OAAO,aAAAwD,cAAA,GAAPxD,OAAO,CAAG6C,KAAK,CAAC,aAAhBW,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAG7E,OAAO,CAAC6C,KAAK,CAAC,CAACgC,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAGpD,iBAAiB,CAACuB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAA3B,gBAAA,GAAGH,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIzC,SAAS;EAE5D,IAAIqE,OAAsB,GACxBF,OAAO,CAACpC,2BAA2B,CAACF,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBtC,KAAK,UAAU,CAAC,IAC/CsC,OAAO,CAAC,cAActC,KAAK,UAAU,CAAC,IACtCS,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCtB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAMnF,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAACgF,oBAAoB,IAAI,EAAE,EACtCvF,mBAAmB,CAACwF,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMS,mBAAmB,GAAG,IAAIrF,mBAAmB,CAACsC,GAAG,EAAE4C,KAAK,CAAC;EAE/D,IAAII,eAAe,GAAG,MAAMjF,kBAAkB,CAACiE,GAAG,CAAChC,GAAG,EAAEyC,OAAO,CAAC;EAChE,IAAI,CAACO,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACT,OAAO,CAAC;IACtE,IAAIQ,OAAO,EAAE;MACXD,eAAe,GAAGZ,IAAI,CAACC,SAAS,CAACY,OAAO,CAAC;MACzC,MAAMlF,kBAAkB,CAACoF,GAAG,CAACnD,GAAG,EAAEgD,eAAe,EAAEP,OAAO,CAAC;IAC7D;EACF;EACA,MAAMW,YAAY,GAAGJ,eAAe,GAAGZ,IAAI,CAACiB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIgB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMoB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACnB,QAAQ;EAE3C,IAAI,CAAC2B,aAAa,IAAIA,aAAa,KAAK3B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAIuB,CAAM;EACV,IAAI;IACFA,CAAC,GAAGxG,SAAS,CAACiG,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAQ,QAAA,EAAM;IACN,OAAO;MACL5B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAxB,EAAA,GAAC+C,CAAC,aAAD/C,EAAA,CAAGiD,GAAG,GAAE;IACX,OAAO;MACL7B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM0B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC3D,GAAG,EAAEV,GAAG,EAAEC,KAAK,EAAEyD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAEf,OAAO,EAAEoB,CAAC,EAAElD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM2D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACd,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKb,aAAa,IAAIC,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC/EZ,CAAC,CAACc,GAAG,KAAKf,aAAa;EAEzB,IAAI,CAACU,KAAK,EAAE;IACV,OAAO;MACLpC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAtB,UAAA,IAAAD,IAAA,GAACf,GAAG,EAAS4E,KAAK,YAAA5D,UAAA,GAAlBD,IAAA,CAAa6D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGnB,KAAK,CAACoB,QAAQ,CAAC,CAAC;EAEhC9E,GAAG,CAAS4E,KAAK,CAACG,IAAI,GAAG;IACxB9E,KAAK;IACL+E,MAAM,GAAA/D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEiC,YAAY,CAAC4B,MAAM,aAAnB7D,oBAAA,CAAqB2D,QAAQ,oBAA7B3D,oBAAA,CAAqB2D,QAAQ,CAAG,CAAC,YAAA5D,qBAAA,GAAI2C,CAAC,CAACoB,GAAG,YAAAhE,KAAA,GAAI,IAAI;IAC1DiE,cAAc,GAAA9D,KAAA,IAAAC,MAAA,GAAEwC,CAAC,CAACoB,GAAG,YAAA5D,MAAA,GAAI+B,YAAY,CAAC8B,cAAc,YAAA9D,KAAA,GAAI,IAAI;IAC5D+D,UAAU,GAAA7D,KAAA,IAAAC,UAAA,GAAEsC,CAAC,CAACuB,OAAO,YAAA7D,UAAA,GAAIsD,QAAQ,YAAAvD,KAAA,GAAI,IAAI;IACzCuD,QAAQ;IACRQ,KAAK,GAAA7D,KAAA,IAAAC,QAAA,GAAEoC,CAAC,CAACwB,KAAK,YAAA5D,QAAA,GAAIoC,CAAC,CAACyB,kBAAkB,YAAA9D,KAAA,GAAI,IAAI;IAC9C+D,IAAI,GAAA7D,OAAA,GAAEmC,CAAC,CAAC0B,IAAI,YAAA7D,OAAA,GAAItD,SAAS;IACzBoH,KAAK,GAAA7D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEgC,CAAC,CAAC4B,eAAe,cAAA5D,kBAAA,GAAjBA,kBAAA,CAAoB+B,aAAa,CAAC,qBAAlC/B,kBAAA,CAAoC2D,KAAK,YAAA5D,qBAAA,IAAAE,eAAA,GAAI+B,CAAC,CAAC6B,YAAY,qBAAd5D,eAAA,CAAgB0D,KAAK,YAAA7D,KAAA,GAAI,EAAE;IAC/EyC,GAAG,EAAEP,CAAC,CAACO,GAAG;IACVuB,cAAc,EAAElD;EAClB,CAAC;EAED,OAAO9B,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAe0D,kBAAkBA,CAC/B3D,GAAgB,EAChBV,GAAsB,EACtBC,KAAa,EACb0D,OAAe,EACf1B,QAAgB,EAChBuB,EAAsB,EACtBf,OAAe,EACfoB,CAAM,EACNlD,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC6C,EAAE,EAAE;IAAA,IAAAoC,iBAAA;IACP7F,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAA2F,iBAAA,GAAElF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA4D,iBAAA,GAAIxH,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAtC,GAAG,CAAC6F,IAAI,CAAC,0BAA0B,EAAE;IACnClC,OAAO;IACP1B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAA6D,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMtE,aAAa,IAAAsD,iBAAA,GAAGpF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA8D,iBAAA,GAAI1H,SAAS;IAC5D,IAAI,CAACT,MAAM,EAAE;MACXqC,GAAG,CAAC+G,KAAK,YAAT/G,GAAG,CAAC+G,KAAK,CAAG,uCAAuC,CAAC;MACpDhH,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM0E,IAAI,GAAG,MAAMC,KAAK,CAACtJ,MAAM,EAAE;MAC/BuJ,MAAM,EAAE,MAAM;MACdnF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBsB,OAAO;QACP1B,QAAQ,EAAEA,QAAQ;QAClBkF,aAAa,EAAE3D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACwD,IAAI,CAACI,EAAE,EAAE;MACZpH,GAAG,CAACqH,IAAI,YAARrH,GAAG,CAACqH,IAAI,CAAG,mCAAmCL,IAAI,CAAC9E,MAAM,EAAE,CAAC;MAC5DnC,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMgF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB5H,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAMnF,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAACgF,oBAAoB,IAAI,EAAE,EACtCvF,mBAAmB,CAACwF,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMS,mBAAmB,GAAG,IAAIrF,mBAAmB,CAACsC,GAAG,EAAE4C,KAAK,CAAC;IAE/D,MAAMgF,cAAc,GAAG,MAAM7E,mBAAmB,CAAC8E,kBAAkB,CAACpF,OAAO,EAAE;MAC3Ec,WAAW,EAAEkE,KAAK;MAClBhE,YAAY,EAAEkE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI5D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGwD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG3J;IACnG,CAAC,CAAC;;IAEF;IACA,MAAML,kBAAkB,CAACiK,MAAM,CAAChI,GAAG,EAAEyC,OAAO,CAAC;;IAE7C;IACA,MAAMwF,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,MAAMI,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAC5F,OAAO,CAAC,CAACqC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAM7G,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;;IAEhC;IACA,MAAMqI,YAAY,GAAGtK,gBAAgB,CAACC,SAAS,EAAEuE,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IACxE,MAAM6F,YAAY,GAAG1I,cAAc,CAAC2C,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IAE3DnF,WAAW,CAACyC,GAAG,EAAEG,2BAA2B,CAACF,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,EAAEyF,kBAAkB,EAAE;MAC/F;MACA9H,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACiI,YAAY;MACrBhI,QAAQ,EAAEgI,YAAY,GAAG,KAAK,GAAG,MAAM;MACvC/H,MAAM,EAAEyH,aAAa;MACrBrJ,MAAM,EAAE0J;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAGnL,SAAS,CAACoK,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAgB,QAAA,EAAM;MACnC,OAAO;QACLvG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMoG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACgE,EAAE,CAAC/D,GAAG,CAAC,IAAI+D,EAAE,CAAC/D,GAAG,CAACC,QAAQ,CAACzC,QAAQ,CAAC,IAClD,OAAOuG,EAAE,CAAC/D,GAAG,KAAK,QAAQ,KAAK+D,EAAE,CAAC/D,GAAG,KAAKxC,QAAQ,IAAIuG,EAAE,CAAC/D,GAAG,KAAK,SAAS,CAAE,IAC7E+D,EAAE,CAAC7D,GAAG,KAAK1C,QAAQ;IACrB,IAAI,CAACyG,MAAM,EAAE;MACX,OAAO;QACLxG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA0D,WAAA,IAAAD,KAAA,GAAC/F,GAAG,EAAS4E,KAAK,YAAAoB,WAAA,GAAlBD,KAAA,CAAanB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGhF,OAAO,CAACmB,QAAQ,CAAC,CAAC;IACnC9E,GAAG,CAAS4E,KAAK,CAACG,IAAI,GAAG;MACxB9E,KAAK,EAAEA,KAAe;MACtB+E,MAAM,GAAAiB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE5C,MAAM,aAAtBmB,sBAAA,CAAwBrB,QAAQ,oBAAhCqB,sBAAA,CAAwBrB,QAAQ,CAAG,CAAC,YAAAoB,qBAAA,GAAIsC,EAAE,CAACvD,GAAG,YAAAgB,KAAA,GAAI,IAAI;MAC9Df,cAAc,GAAAkB,KAAA,IAAAC,OAAA,GAAEmC,EAAE,CAACvD,GAAG,YAAAoB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAE1C,cAAc,YAAAkB,KAAA,GAAI,IAAI;MAChEjB,UAAU,GAAAmB,KAAA,IAAAC,WAAA,GAAEiC,EAAE,CAACpD,OAAO,YAAAmB,WAAA,GAAIoC,SAAS,YAAArC,KAAA,GAAI,IAAI;MAC3CzB,QAAQ,EAAE8D,SAAS;MACnBtD,KAAK,GAAAmB,KAAA,IAAAC,SAAA,GAAE+B,EAAE,CAACnD,KAAK,YAAAoB,SAAA,GAAI+B,EAAE,CAAClD,kBAAkB,YAAAkB,KAAA,GAAI,IAAI;MAChDjB,IAAI,GAAAmB,QAAA,GAAE8B,EAAE,CAACjD,IAAI,YAAAmB,QAAA,GAAItI,SAAS;MAC1BoH,KAAK,GAAAmB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE2B,EAAE,CAAC/C,eAAe,cAAAoB,mBAAA,GAAlBA,mBAAA,CAAqB5E,QAAQ,CAAC,qBAA9B4E,mBAAA,CAAgCrB,KAAK,YAAAoB,qBAAA,IAAAE,gBAAA,GAAI0B,EAAE,CAAC9C,YAAY,qBAAfoB,gBAAA,CAAiBtB,KAAK,YAAAmB,MAAA,GAAI,EAAE;MAC5EvC,GAAG,EAAEoE,EAAE,CAACpE,GAAG;MACXuB,cAAc,EAAElD;IAClB,CAAC;;IAED;IACA,OAAO9B,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOiI,CAAM,EAAE;IAAA,IAAAC,iBAAA;IACf7I,GAAG,CAAC+G,KAAK,YAAT/G,GAAG,CAAC+G,KAAK,CAAG,mBAAmB,EAAE;MAC/B+B,OAAO,EAAEF,CAAC,oBAADA,CAAC,CAAEE,OAAO;MACnBvD,IAAI,EAAEqD,CAAC,oBAADA,CAAC,CAAErD,IAAI;MACbwD,IAAI,EAAEH,CAAC,oBAADA,CAAC,CAAEG;IACX,CAAC,CAAC;IACFhJ,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAA4I,iBAAA,GAAEnI,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA6G,iBAAA,GAAIzK,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAACqG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOZ,MAAM,CAACC,IAAI,CAACW,KAAK,EAAE,QAAQ,CAAC,CAAClE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOiC,KAAU,EAAE;IACnBkC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGnC,KAAK,CAAC+B,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","createCache","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","_unused","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","_unused2","clearSessionMappingCookie","ctx","appId","cookieName","getSessionMappingCookieName","isLocal","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","_unused3","sid","now","Math","floor","Date","refreshLeewaySeconds","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","tokenMappingId","_req$headers$get2","info","_req$headers$get3","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","_unused4","audOk2","tenantId2","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)\n const refreshLeewaySeconds = 60;\n if (typeof p.exp === \"number\" && p.exp <= (now + refreshLeewaySeconds)) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n tokenMappingId: mapping,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,WAAW,EAAEC,wBAAwB,QAAQ,UAAU;AAEhE,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAGP,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASQ,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,OAAAC,OAAA,EAAM;IACN,OAAOd,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMe,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC3B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,OAAAqB,QAAA,EAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASC,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb/B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;EAChC,MAAMC,UAAU,GAAGC,2BAA2B,CAACF,KAAK,EAAE/B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMiC,OAAO,GAAGP,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC;EAClDZ,WAAW,CAACyC,GAAG,EAAEE,UAAU,EAAE,EAAE,EAAE;IAC/BG,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACF,OAAO;IAChBG,QAAQ,EAAEH,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCI,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAASgC,2BAA2BA,CAACF,KAAa,EAAE/B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAI0B,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc8B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEA,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBV,GAAsB,EACtBW,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAM7B,KAAK,GAAGS,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAAC/B,KAAK,IAAI,EAAC7C,OAAO,aAAAwD,cAAA,GAAPxD,OAAO,CAAG6C,KAAK,CAAC,aAAhBW,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAG7E,OAAO,CAAC6C,KAAK,CAAC,CAACgC,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAGpD,iBAAiB,CAACuB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAA3B,gBAAA,GAAGH,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIzC,SAAS;EAE5D,IAAIqE,OAAsB,GACxBF,OAAO,CAACpC,2BAA2B,CAACF,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBtC,KAAK,UAAU,CAAC,IAC/CsC,OAAO,CAAC,cAActC,KAAK,UAAU,CAAC,IACtCS,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCtB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAMnF,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAACgF,oBAAoB,IAAI,EAAE,EACtCvF,mBAAmB,CAACwF,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMS,mBAAmB,GAAG,IAAIrF,mBAAmB,CAACsC,GAAG,EAAE4C,KAAK,CAAC;EAE/D,IAAII,eAAe,GAAG,MAAMjF,kBAAkB,CAACiE,GAAG,CAAChC,GAAG,EAAEyC,OAAO,CAAC;EAChE,IAAI,CAACO,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACT,OAAO,CAAC;IACtE,IAAIQ,OAAO,EAAE;MACXD,eAAe,GAAGZ,IAAI,CAACC,SAAS,CAACY,OAAO,CAAC;MACzC,MAAMlF,kBAAkB,CAACoF,GAAG,CAACnD,GAAG,EAAEgD,eAAe,EAAEP,OAAO,CAAC;IAC7D;EACF;EACA,MAAMW,YAAY,GAAGJ,eAAe,GAAGZ,IAAI,CAACiB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIgB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMoB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACnB,QAAQ;EAE3C,IAAI,CAAC2B,aAAa,IAAIA,aAAa,KAAK3B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAIuB,CAAM;EACV,IAAI;IACFA,CAAC,GAAGxG,SAAS,CAACiG,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAQ,QAAA,EAAM;IACN,OAAO;MACL5B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAxB,EAAA,GAAC+C,CAAC,aAAD/C,EAAA,CAAGiD,GAAG,GAAE;IACX,OAAO;MACL7B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM0B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,MAAMI,oBAAoB,GAAG,EAAE;EAC/B,IAAI,OAAOP,CAAC,CAACQ,GAAG,KAAK,QAAQ,IAAIR,CAAC,CAACQ,GAAG,IAAKL,GAAG,GAAGI,oBAAqB,EAAE;IACtE;IACA,OAAO,MAAME,kBAAkB,CAAC5D,GAAG,EAAEV,GAAG,EAAEC,KAAK,EAAEyD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAEf,OAAO,EAAEoB,CAAC,EAAElD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM4D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACZ,CAAC,CAACa,GAAG,CAAC,IAAIb,CAAC,CAACa,GAAG,CAACC,QAAQ,CAACf,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACa,GAAG,KAAK,QAAQ,KAAKb,CAAC,CAACa,GAAG,KAAKd,aAAa,IAAIC,CAAC,CAACa,GAAG,KAAK,SAAS,CAAE,IAC/Eb,CAAC,CAACe,GAAG,KAAKhB,aAAa;EAEzB,IAAI,CAACW,KAAK,EAAE;IACV,OAAO;MACLrC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAtB,UAAA,IAAAD,IAAA,GAACf,GAAG,EAAS6E,KAAK,YAAA7D,UAAA,GAAlBD,IAAA,CAAa8D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGpB,KAAK,CAACqB,QAAQ,CAAC,CAAC;EAEhC/E,GAAG,CAAS6E,KAAK,CAACG,IAAI,GAAG;IACxB/E,KAAK;IACLgF,MAAM,GAAAhE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEiC,YAAY,CAAC6B,MAAM,aAAnB9D,oBAAA,CAAqB4D,QAAQ,oBAA7B5D,oBAAA,CAAqB4D,QAAQ,CAAG,CAAC,YAAA7D,qBAAA,GAAI2C,CAAC,CAACqB,GAAG,YAAAjE,KAAA,GAAI,IAAI;IAC1DkE,cAAc,GAAA/D,KAAA,IAAAC,MAAA,GAAEwC,CAAC,CAACqB,GAAG,YAAA7D,MAAA,GAAI+B,YAAY,CAAC+B,cAAc,YAAA/D,KAAA,GAAI,IAAI;IAC5DgE,UAAU,GAAA9D,KAAA,IAAAC,UAAA,GAAEsC,CAAC,CAACwB,OAAO,YAAA9D,UAAA,GAAIuD,QAAQ,YAAAxD,KAAA,GAAI,IAAI;IACzCwD,QAAQ;IACRQ,KAAK,GAAA9D,KAAA,IAAAC,QAAA,GAAEoC,CAAC,CAACyB,KAAK,YAAA7D,QAAA,GAAIoC,CAAC,CAAC0B,kBAAkB,YAAA/D,KAAA,GAAI,IAAI;IAC9CgE,IAAI,GAAA9D,OAAA,GAAEmC,CAAC,CAAC2B,IAAI,YAAA9D,OAAA,GAAItD,SAAS;IACzBqH,KAAK,GAAA9D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEgC,CAAC,CAAC6B,eAAe,cAAA7D,kBAAA,GAAjBA,kBAAA,CAAoB+B,aAAa,CAAC,qBAAlC/B,kBAAA,CAAoC4D,KAAK,YAAA7D,qBAAA,IAAAE,eAAA,GAAI+B,CAAC,CAAC8B,YAAY,qBAAd7D,eAAA,CAAgB2D,KAAK,YAAA9D,KAAA,GAAI,EAAE;IAC/E0C,GAAG,EAAER,CAAC,CAACQ,GAAG;IACVuB,cAAc,EAAEnD;EAClB,CAAC;EAED,OAAO9B,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAe2D,kBAAkBA,CAC/B5D,GAAgB,EAChBV,GAAsB,EACtBC,KAAa,EACb0D,OAAe,EACf1B,QAAgB,EAChBuB,EAAsB,EACtBf,OAAe,EACfoB,CAAM,EACNlD,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC6C,EAAE,EAAE;IAAA,IAAAqC,iBAAA;IACP9F,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAA4F,iBAAA,GAAEnF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA6D,iBAAA,GAAIzH,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAtC,GAAG,CAAC8F,IAAI,CAAC,0BAA0B,EAAE;IACnCnC,OAAO;IACP1B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAA8D,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMvE,aAAa,IAAAuD,iBAAA,GAAGrF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA+D,iBAAA,GAAI3H,SAAS;IAC5D,IAAI,CAACT,MAAM,EAAE;MACXqC,GAAG,CAACgH,KAAK,YAAThH,GAAG,CAACgH,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACL9E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM2E,IAAI,GAAG,MAAMC,KAAK,CAACvJ,MAAM,EAAE;MAC/BwJ,MAAM,EAAE,MAAM;MACdpF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBsB,OAAO;QACP1B,QAAQ,EAAEA,QAAQ;QAClBmF,aAAa,EAAE5D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACyD,IAAI,CAACI,EAAE,EAAE;MACZrH,GAAG,CAACsH,IAAI,YAARtH,GAAG,CAACsH,IAAI,CAAG,mCAAmCL,IAAI,CAAC/E,MAAM,EAAE,CAAC;MAC5D,OAAO;QACLA,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMiF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL1F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAMnF,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAACgF,oBAAoB,IAAI,EAAE,EACtCvF,mBAAmB,CAACwF,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMS,mBAAmB,GAAG,IAAIrF,mBAAmB,CAACsC,GAAG,EAAE4C,KAAK,CAAC;IAE/D,MAAMiF,cAAc,GAAG,MAAM9E,mBAAmB,CAAC+E,kBAAkB,CAACrF,OAAO,EAAE;MAC3Ec,WAAW,EAAEmE,KAAK;MAClBjE,YAAY,EAAEmE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI7D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGyD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG5J;IACnG,CAAC,CAAC;;IAEF;IACA,MAAML,kBAAkB,CAACkK,MAAM,CAACjI,GAAG,EAAEyC,OAAO,CAAC;;IAE7C;IACA,MAAMyF,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEzB,MAAMC,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAC7F,OAAO,CAAC,CAACsC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAM9G,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;;IAEhC;IACA,MAAMsI,YAAY,GAAGvK,gBAAgB,CAACC,SAAS,EAAEuE,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IACxE,MAAM8F,YAAY,GAAG3I,cAAc,CAAC2C,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IAE3DnF,WAAW,CAACyC,GAAG,EAAEG,2BAA2B,CAACF,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,EAAE0F,kBAAkB,EAAE;MAC/F;MACA/H,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACkI,YAAY;MACrBjI,QAAQ,EAAEiI,YAAY,GAAG,KAAK,GAAG,MAAM;MACvChI,MAAM,EAAE0H,aAAa;MACrBtJ,MAAM,EAAE2J;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAGpL,SAAS,CAACqK,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAgB,QAAA,EAAM;MACnC,OAAO;QACLxG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMqG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACgE,EAAE,CAAC/D,GAAG,CAAC,IAAI+D,EAAE,CAAC/D,GAAG,CAACC,QAAQ,CAAC1C,QAAQ,CAAC,IAClD,OAAOwG,EAAE,CAAC/D,GAAG,KAAK,QAAQ,KAAK+D,EAAE,CAAC/D,GAAG,KAAKzC,QAAQ,IAAIwG,EAAE,CAAC/D,GAAG,KAAK,SAAS,CAAE,IAC7E+D,EAAE,CAAC7D,GAAG,KAAK3C,QAAQ;IACrB,IAAI,CAAC0G,MAAM,EAAE;MACX,OAAO;QACLzG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA2D,WAAA,IAAAD,KAAA,GAAChG,GAAG,EAAS6E,KAAK,YAAAoB,WAAA,GAAlBD,KAAA,CAAanB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGjF,OAAO,CAACoB,QAAQ,CAAC,CAAC;IACnC/E,GAAG,CAAS6E,KAAK,CAACG,IAAI,GAAG;MACxB/E,KAAK,EAAEA,KAAe;MACtBgF,MAAM,GAAAiB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE5C,MAAM,aAAtBmB,sBAAA,CAAwBrB,QAAQ,oBAAhCqB,sBAAA,CAAwBrB,QAAQ,CAAG,CAAC,YAAAoB,qBAAA,GAAIsC,EAAE,CAACvD,GAAG,YAAAgB,KAAA,GAAI,IAAI;MAC9Df,cAAc,GAAAkB,KAAA,IAAAC,OAAA,GAAEmC,EAAE,CAACvD,GAAG,YAAAoB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAE1C,cAAc,YAAAkB,KAAA,GAAI,IAAI;MAChEjB,UAAU,GAAAmB,KAAA,IAAAC,WAAA,GAAEiC,EAAE,CAACpD,OAAO,YAAAmB,WAAA,GAAIoC,SAAS,YAAArC,KAAA,GAAI,IAAI;MAC3CzB,QAAQ,EAAE8D,SAAS;MACnBtD,KAAK,GAAAmB,KAAA,IAAAC,SAAA,GAAE+B,EAAE,CAACnD,KAAK,YAAAoB,SAAA,GAAI+B,EAAE,CAAClD,kBAAkB,YAAAkB,KAAA,GAAI,IAAI;MAChDjB,IAAI,GAAAmB,QAAA,GAAE8B,EAAE,CAACjD,IAAI,YAAAmB,QAAA,GAAIvI,SAAS;MAC1BqH,KAAK,GAAAmB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE2B,EAAE,CAAC/C,eAAe,cAAAoB,mBAAA,GAAlBA,mBAAA,CAAqB7E,QAAQ,CAAC,qBAA9B6E,mBAAA,CAAgCrB,KAAK,YAAAoB,qBAAA,IAAAE,gBAAA,GAAI0B,EAAE,CAAC9C,YAAY,qBAAfoB,gBAAA,CAAiBtB,KAAK,YAAAmB,MAAA,GAAI,EAAE;MAC5EvC,GAAG,EAAEoE,EAAE,CAACpE,GAAG;MACXuB,cAAc,EAAEnD;IAClB,CAAC;;IAED;IACA,OAAO9B,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOkI,CAAM,EAAE;IACf7I,GAAG,CAACgH,KAAK,YAAThH,GAAG,CAACgH,KAAK,CAAG,mBAAmB,EAAE;MAC/B8B,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnBtD,IAAI,EAAEqD,CAAC,oBAADA,CAAC,CAAErD,IAAI;MACbuD,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACL7G,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAACqG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOX,MAAM,CAACC,IAAI,CAACU,KAAK,EAAE,QAAQ,CAAC,CAACjE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOiC,KAAU,EAAE;IACnBiC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGlC,KAAK,CAAC8B,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
package/build/esm/types/index.js CHANGED
@@ -1,3 +1,4 @@
1
1
  export * from './create-enterprise-business';
2
2
  export * from './events';
3
+ export * from './app';
3
4
  //# sourceMappingURL=index.js.map
package/build/esm/types/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../../src/types/index.ts"],"sourcesContent":["export * from './create-enterprise-business'\nexport * from './events'"],"mappings":"AAAA,cAAc,8BAA8B;AAC5C,cAAc,UAAU","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../../src/types/index.ts"],"sourcesContent":["export * from './create-enterprise-business'\nexport * from './events'\nexport * from './app'"],"mappings":"AAAA,cAAc,8BAA8B;AAC5C,cAAc,UAAU;AACxB,cAAc,OAAO","ignoreList":[]}
package/build/src/middlewares/verify-middleware.js CHANGED
@@ -189,8 +189,9 @@ const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, f
189
189
  };
190
190
  }
191
191
  const now = Math.floor(Date.now() / 1000);
192
- // Refresh only when expired
193
- if (typeof p.exp === "number" && p.exp <= now) {
192
+ // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)
193
+ const refreshLeewaySeconds = 60;
194
+ if (typeof p.exp === "number" && p.exp <= (now + refreshLeewaySeconds)) {
194
195
  // Delegate to refresh helper; it will handle setting cookies/state or returning an error
195
196
  return yield getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);
196
197
  }
@@ -225,8 +226,8 @@ const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, f
225
226
  exports.verifyMw = verifyMw;
226
227
  function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p, next) {
227
228
  return tslib_1.__awaiter(this, void 0, void 0, function* () {
228
- var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u, _v, _w, _x, _y;
229
- var _z;
229
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u, _v, _w, _x;
230
+ var _y;
230
231
  // Attempt server-side refresh using RT
231
232
  if (!rt) {
232
233
  clearSessionMappingCookie(ctx, appId, (_a = req.headers.get("origin")) !== null && _a !== void 0 ? _a : undefined, req.url);
@@ -245,7 +246,6 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
245
246
  const requestOrigin = (_b = req.headers.get("origin")) !== null && _b !== void 0 ? _b : undefined;
246
247
  if (!apiURL) {
247
248
  (_c = ctx.error) === null || _c === void 0 ? void 0 : _c.call(ctx, "Refresh session URL is not configured");
248
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
249
249
  return {
250
250
  status: 401,
251
251
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -263,7 +263,6 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
263
263
  });
264
264
  if (!resp.ok) {
265
265
  (_d = ctx.warn) === null || _d === void 0 ? void 0 : _d.call(ctx, `refresh call failed with status ${resp.status}`);
266
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
267
266
  return {
268
267
  status: 401,
269
268
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -275,7 +274,6 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
275
274
  const newAT = data.access_token;
276
275
  const newRT = data.refresh_token;
277
276
  if (!newAT || !newRT) {
278
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
279
277
  return {
280
278
  status: 401,
281
279
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -302,9 +300,7 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
302
300
  // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
303
301
  const mappingMaxAge = typeof data.refresh_expires_in === "number"
304
302
  ? data.refresh_expires_in
305
- : typeof data.expires_in === "number"
306
- ? data.expires_in
307
- : 60 * 60 * 24; // fallback 24h
303
+ : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)
308
304
  const mappingCookieValue = Buffer.from(mapping).toString("base64");
309
305
  const appConfig = constants_1.APP_MAP[appId];
310
306
  // 5
@@ -323,7 +319,7 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
323
319
  try {
324
320
  p2 = (0, jwt_decode_1.jwtDecode)(newAT);
325
321
  }
326
- catch (_0) {
322
+ catch (_z) {
327
323
  return {
328
324
  status: 401,
329
325
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -341,7 +337,7 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
341
337
  };
342
338
  }
343
339
  // Update downstream auth state with refreshed token
344
- (_e = (_z = ctx).state) !== null && _e !== void 0 ? _e : (_z.state = {});
340
+ (_e = (_y = ctx).state) !== null && _e !== void 0 ? _e : (_y.state = {});
345
341
  const tenantId2 = realmId.toString();
346
342
  ctx.state.auth = {
347
343
  appId: appId,
@@ -364,7 +360,6 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
364
360
  name: e === null || e === void 0 ? void 0 : e.name,
365
361
  code: e === null || e === void 0 ? void 0 : e.code,
366
362
  });
367
- clearSessionMappingCookie(ctx, appId, (_y = req.headers.get("origin")) !== null && _y !== void 0 ? _y : undefined, req.url);
368
363
  return {
369
364
  status: 401,
370
365
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
package/build/src/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAiE;AAEjE,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;AACrD,MAAM,kBAAkB,GAAG,IAAA,mBAAW,EAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAExD,SAAS,gBAAgB,CAAC,SAA+C,EAAE,MAAe,EAAE,UAAmB;;IAC7G,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,OAAO,MAAA,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,mCAAI,SAAS,CAAC;QACpD,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEF,SAAS,cAAc,CAAC,MAAe,EAAE,UAAmB;IAC1D,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC9D,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAChC,GAAsB,EACtB,KAAa,EACb,MAAe,EACf,UAAmB;IAEnB,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,UAAU,GAAG,2BAA2B,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC1E,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACnD,IAAA,qBAAW,EAAC,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/B,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,CAAC,OAAO;QAChB,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;QAClC,MAAM,EAAE,CAAC;QACT,MAAM,EAAE,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;KACxD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,2BAA2B,CAAC,KAAa,EAAE,MAAe,EAAE,UAAmB;IACtF,IAAI,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QACvC,OAAO,cAAc,KAAK,UAAU,CAAC;IACvC,CAAC;IACD,OAAO,uBAAuB,KAAK,UAAU,CAAC;AAChD,CAAC;AAEM,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEzC,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;IAE7D,IAAI,OAAO,GACT,OAAO,CAAC,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;QACnE,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC;QAC/C,OAAO,CAAC,cAAc,KAAK,UAAU,CAAC;QACtC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACpC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAErC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,IAAI,eAAe,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,OAAO,EAAE,CAAC;YACZ,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC;IAE5C,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,QAAQ,EAAE,CAAC;QACjD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC/F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACvD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,aAAa,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC/E,CAAC,CAAC,GAAG,KAAK,aAAa,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,YAAY,CAAC,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,CAAC,CAAC,GAAG,mCAAI,IAAI;QAC1D,cAAc,EAAE,MAAA,MAAA,CAAC,CAAC,GAAG,mCAAI,YAAY,CAAC,cAAc,mCAAI,IAAI;QAC5D,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,aAAa,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC/E,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,cAAc,EAAE,OAAO;KACxB,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AAnKW,QAAA,QAAQ,YAmKnB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACvF,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE;YACnC,OAAO;YACP,QAAQ;SACT,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;YAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAA,GAAG,CAAC,KAAK,oDAAG,uCAAuC,CAAC,CAAC;gBACrD,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;iBACtF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAA,GAAG,CAAC,IAAI,oDAAG,mCAAmC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC7D,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,cAAc,GAAG,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBAC3E,WAAW,EAAE,KAAK;gBAClB,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4DAA4D;YAC5D,MAAM,kBAAkB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAE9C,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;oBACnC,CAAC,CAAC,IAAI,CAAC,UAAU;oBACjB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,eAAe;YAErC,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;YAEjC,IAAI;YACJ,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACzE,MAAM,YAAY,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YAE5D,IAAA,qBAAW,EAAC,GAAG,EAAE,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,kBAAkB,EAAE;gBAC/F,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,CAAC,YAAY;gBACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;gBACvC,MAAM,EAAE,aAAa;gBACrB,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK,EAAE,KAAe;gBACtB,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,EAAE,CAAC,GAAG,mCAAI,IAAI;gBAC9D,cAAc,EAAE,MAAA,MAAA,EAAE,CAAC,GAAG,mCAAI,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,mCAAI,IAAI;gBAChE,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;gBACX,cAAc,EAAE,OAAO;aACxB,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE;gBAC/B,OAAO,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO;gBACnB,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;gBACb,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;aACd,CAAC,CAAC;YACH,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACvF,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAiE;AAEjE,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;AACrD,MAAM,kBAAkB,GAAG,IAAA,mBAAW,EAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAExD,SAAS,gBAAgB,CAAC,SAA+C,EAAE,MAAe,EAAE,UAAmB;;IAC7G,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,OAAO,MAAA,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,mCAAI,SAAS,CAAC;QACpD,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEF,SAAS,cAAc,CAAC,MAAe,EAAE,UAAmB;IAC1D,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC9D,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAChC,GAAsB,EACtB,KAAa,EACb,MAAe,EACf,UAAmB;IAEnB,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,UAAU,GAAG,2BAA2B,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC1E,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACnD,IAAA,qBAAW,EAAC,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/B,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,CAAC,OAAO;QAChB,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;QAClC,MAAM,EAAE,CAAC;QACT,MAAM,EAAE,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;KACxD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,2BAA2B,CAAC,KAAa,EAAE,MAAe,EAAE,UAAmB;IACtF,IAAI,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QACvC,OAAO,cAAc,KAAK,UAAU,CAAC;IACvC,CAAC;IACD,OAAO,uBAAuB,KAAK,UAAU,CAAC;AAChD,CAAC;AAEM,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEzC,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;IAE7D,IAAI,OAAO,GACT,OAAO,CAAC,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;QACnE,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC;QAC/C,OAAO,CAAC,cAAc,KAAK,UAAU,CAAC;QACtC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACpC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAErC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,IAAI,eAAe,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,OAAO,EAAE,CAAC;YACZ,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC;IAE5C,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,QAAQ,EAAE,CAAC;QACjD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,mFAAmF;IACnF,MAAM,oBAAoB,GAAG,EAAE,CAAC;IAChC,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,oBAAoB,CAAC,EAAE,CAAC;QACvE,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC/F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACvD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,aAAa,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC/E,CAAC,CAAC,GAAG,KAAK,aAAa,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,YAAY,CAAC,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,CAAC,CAAC,GAAG,mCAAI,IAAI;QAC1D,cAAc,EAAE,MAAA,MAAA,CAAC,CAAC,GAAG,mCAAI,YAAY,CAAC,cAAc,mCAAI,IAAI;QAC5D,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,aAAa,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC/E,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,cAAc,EAAE,OAAO;KACxB,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AApKW,QAAA,QAAQ,YAoKnB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACvF,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE;YACnC,OAAO;YACP,QAAQ;SACT,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;YAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAA,GAAG,CAAC,KAAK,oDAAG,uCAAuC,CAAC,CAAC;gBACrD,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;iBACtF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAA,GAAG,CAAC,IAAI,oDAAG,mCAAmC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC7D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,cAAc,GAAG,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBAC3E,WAAW,EAAE,KAAK;gBAClB,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4DAA4D;YAC5D,MAAM,kBAAkB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAE9C,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,2EAA2E;YAEpG,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;YAEjC,IAAI;YACJ,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACzE,MAAM,YAAY,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YAE5D,IAAA,qBAAW,EAAC,GAAG,EAAE,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,kBAAkB,EAAE;gBAC/F,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,CAAC,YAAY;gBACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;gBACvC,MAAM,EAAE,aAAa;gBACrB,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK,EAAE,KAAe;gBACtB,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,EAAE,CAAC,GAAG,mCAAI,IAAI;gBAC9D,cAAc,EAAE,MAAA,MAAA,EAAE,CAAC,GAAG,mCAAI,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,mCAAI,IAAI;gBAChE,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;gBACX,cAAc,EAAE,OAAO;aACxB,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE;gBAC/B,OAAO,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO;gBACnB,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;gBACb,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;aACd,CAAC,CAAC;YACH,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
package/build/src/types/index.d.ts CHANGED
@@ -1,2 +1,3 @@
1
1
  export * from './create-enterprise-business';
2
2
  export * from './events';
3
+ export * from './app';
package/build/src/types/index.js CHANGED
@@ -3,4 +3,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  const tslib_1 = require("tslib");
4
4
  tslib_1.__exportStar(require("./create-enterprise-business"), exports);
5
5
  tslib_1.__exportStar(require("./events"), exports);
6
+ tslib_1.__exportStar(require("./app"), exports);
6
7
  //# sourceMappingURL=index.js.map
package/build/src/types/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":";;;AAAA,uEAA4C;AAC5C,mDAAwB"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":";;;AAAA,uEAA4C;AAC5C,mDAAwB;AACxB,gDAAqB"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@culturefy/shared",
3
3
  "description": "Shared utilities for culturefy serverless services",
4
- "version": "1.0.70",
4
+ "version": "1.0.71",
5
5
  "main": "build/cjs/index.js",
6
6
  "module": "build/esm/index.js",
7
7
  "types": "build/src/index.d.ts",