@culturefy/shared 1.0.70 → 1.0.72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/build/cjs/middlewares/index.js +6 -0
  2. package/build/cjs/middlewares/index.js.map +1 -1
  3. package/build/cjs/middlewares/internal-auth-middleware.js +43 -0
  4. package/build/cjs/middlewares/internal-auth-middleware.js.map +1 -0
  5. package/build/cjs/middlewares/verify-middleware.js +29 -24
  6. package/build/cjs/middlewares/verify-middleware.js.map +1 -1
  7. package/build/cjs/types/index.js +6 -0
  8. package/build/cjs/types/index.js.map +1 -1
  9. package/build/esm/middlewares/index.js +1 -0
  10. package/build/esm/middlewares/index.js.map +1 -1
  11. package/build/esm/middlewares/internal-auth-middleware.js +38 -0
  12. package/build/esm/middlewares/internal-auth-middleware.js.map +1 -0
  13. package/build/esm/middlewares/verify-middleware.js +30 -25
  14. package/build/esm/middlewares/verify-middleware.js.map +1 -1
  15. package/build/esm/types/index.js +1 -0
  16. package/build/esm/types/index.js.map +1 -1
  17. package/build/src/middlewares/index.d.ts +1 -0
  18. package/build/src/middlewares/index.js +1 -0
  19. package/build/src/middlewares/index.js.map +1 -1
  20. package/build/src/middlewares/internal-auth-middleware.d.ts +2 -0
  21. package/build/src/middlewares/internal-auth-middleware.js +36 -0
  22. package/build/src/middlewares/internal-auth-middleware.js.map +1 -0
  23. package/build/src/middlewares/verify-middleware.js +30 -24
  24. package/build/src/middlewares/verify-middleware.js.map +1 -1
  25. package/build/src/types/index.d.ts +1 -0
  26. package/build/src/types/index.js +1 -0
  27. package/build/src/types/index.js.map +1 -1
  28. package/package.json +1 -1
package/build/cjs/middlewares/index.js CHANGED
@@ -7,6 +7,12 @@ Object.keys(_tokenValidation).forEach(function (key) {
7
7
  if (key in exports && exports[key] === _tokenValidation[key]) return;
8
8
  exports[key] = _tokenValidation[key];
9
9
  });
10
+ var _internalAuthMiddleware = require("./internal-auth-middleware");
11
+ Object.keys(_internalAuthMiddleware).forEach(function (key) {
12
+ if (key === "default" || key === "__esModule") return;
13
+ if (key in exports && exports[key] === _internalAuthMiddleware[key]) return;
14
+ exports[key] = _internalAuthMiddleware[key];
15
+ });
10
16
  var _verifyMiddleware = require("./verify-middleware");
11
17
  Object.keys(_verifyMiddleware).forEach(function (key) {
12
18
  if (key === "default" || key === "__esModule") return;
package/build/cjs/middlewares/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["_tokenValidation","require","Object","keys","forEach","key","exports","_verifyMiddleware","_verifyExpress"],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":";;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,gBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,gBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,gBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,iBAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,iBAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,iBAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,iBAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,cAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,cAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,cAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,cAAA,CAAAH,GAAA;AAAA","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":["_tokenValidation","require","Object","keys","forEach","key","exports","_internalAuthMiddleware","_verifyMiddleware","_verifyExpress"],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './internal-auth-middleware';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":";;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,gBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,gBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,gBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,uBAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,uBAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,uBAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,uBAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,iBAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,iBAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,iBAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,iBAAA,CAAAH,GAAA;AAAA;AACA,IAAAI,cAAA,GAAAR,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAM,cAAA,EAAAL,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAI,cAAA,CAAAJ,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAI,cAAA,CAAAJ,GAAA;AAAA","ignoreList":[]}
package/build/cjs/middlewares/internal-auth-middleware.js ADDED
@@ -0,0 +1,43 @@
1
+ "use strict";
2
+
3
+ exports.__esModule = true;
4
+ exports.internalAuthMw = void 0;
5
+ const INTERNAL_SERVICE_KEY = "12345";
6
+ const getHeader = (req, name) => {
7
+ var _req$headers$get;
8
+ return (_req$headers$get = req.headers.get(name)) != null ? _req$headers$get : req.headers.get(name.toLowerCase());
9
+ };
10
+ const internalAuthMw = async (req, ctx, next) => {
11
+ var _ref, _ref$state;
12
+ const internalKey = getHeader(req, "x-internal-key");
13
+ if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {
14
+ return {
15
+ status: 401,
16
+ headers: {
17
+ "Content-Type": "application/json"
18
+ },
19
+ body: JSON.stringify({
20
+ status: "unauthenticated",
21
+ reason: "invalid_internal_key"
22
+ })
23
+ };
24
+ }
25
+ const tenantId = getHeader(req, "x-tenant-id") || undefined;
26
+ const userId = getHeader(req, "x-user-id") || undefined;
27
+ const businessId = getHeader(req, "x-business-id") || undefined;
28
+ const appId = getHeader(req, "x-app-id") || undefined;
29
+ const email = getHeader(req, "x-email") || undefined;
30
+ const name = getHeader(req, "x-name") || undefined;
31
+ (_ref$state = (_ref = ctx).state) != null ? _ref$state : _ref.state = {};
32
+ ctx.state.auth = {
33
+ appId,
34
+ userId,
35
+ businessId,
36
+ tenantId,
37
+ email,
38
+ name
39
+ };
40
+ return next();
41
+ };
42
+ exports.internalAuthMw = internalAuthMw;
43
+ //# sourceMappingURL=internal-auth-middleware.js.map
package/build/cjs/middlewares/internal-auth-middleware.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"internal-auth-middleware.js","names":["INTERNAL_SERVICE_KEY","getHeader","req","name","_req$headers$get","headers","get","toLowerCase","internalAuthMw","ctx","next","_ref","_ref$state","internalKey","status","body","JSON","stringify","reason","tenantId","undefined","userId","businessId","appId","email","state","auth","exports"],"sources":["../../../src/middlewares/internal-auth-middleware.ts"],"sourcesContent":["import { HttpRequest, HttpResponseInit, InvocationContext } from \"@azure/functions\";\nimport { IMiddleware } from \"../types/middleware\";\n\nconst INTERNAL_SERVICE_KEY = \"12345\";\n\nconst getHeader = (req: HttpRequest, name: string): string | null =>\n req.headers.get(name) ?? req.headers.get(name.toLowerCase());\n\nexport const internalAuthMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const internalKey = getHeader(req, \"x-internal-key\");\n\n if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_internal_key\" }),\n };\n }\n\n const tenantId = getHeader(req, \"x-tenant-id\") || undefined;\n const userId = getHeader(req, \"x-user-id\") || undefined;\n const businessId = getHeader(req, \"x-business-id\") || undefined;\n const appId = getHeader(req, \"x-app-id\") || undefined;\n const email = getHeader(req, \"x-email\") || undefined;\n const name = getHeader(req, \"x-name\") || undefined;\n\n (ctx as any).state ??= {};\n (ctx as any).state.auth = {\n appId,\n userId,\n businessId,\n tenantId,\n email,\n name,\n };\n\n return next();\n};\n"],"mappings":";;;;AAGA,MAAMA,oBAAoB,GAAG,OAAO;AAEpC,MAAMC,SAAS,GAAGA,CAACC,GAAgB,EAAEC,IAAY;EAAA,IAAAC,gBAAA;EAAA,QAAAA,gBAAA,GAC/CF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAAC,YAAAC,gBAAA,GAAIF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAACI,WAAW,CAAC,CAAC,CAAC;AAAA;AAEvD,MAAMC,cAA2B,GAAG,MAAAA,CACzCN,GAAgB,EAChBO,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,IAAA,EAAAC,UAAA;EAC9B,MAAMC,WAAW,GAAGZ,SAAS,CAACC,GAAG,EAAE,gBAAgB,CAAC;EAEpD,IAAI,CAACW,WAAW,IAAIA,WAAW,KAAKb,oBAAoB,EAAE;IACxD,OAAO;MACLc,MAAM,EAAE,GAAG;MACXT,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CU,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuB,CAAC;IACpF,CAAC;EACH;EAEA,MAAMC,QAAQ,GAAGlB,SAAS,CAACC,GAAG,EAAE,aAAa,CAAC,IAAIkB,SAAS;EAC3D,MAAMC,MAAM,GAAGpB,SAAS,CAACC,GAAG,EAAE,WAAW,CAAC,IAAIkB,SAAS;EACvD,MAAME,UAAU,GAAGrB,SAAS,CAACC,GAAG,EAAE,eAAe,CAAC,IAAIkB,SAAS;EAC/D,MAAMG,KAAK,GAAGtB,SAAS,CAACC,GAAG,EAAE,UAAU,CAAC,IAAIkB,SAAS;EACrD,MAAMI,KAAK,GAAGvB,SAAS,CAACC,GAAG,EAAE,SAAS,CAAC,IAAIkB,SAAS;EACpD,MAAMjB,IAAI,GAAGF,SAAS,CAACC,GAAG,EAAE,QAAQ,CAAC,IAAIkB,SAAS;EAElD,CAAAR,UAAA,IAAAD,IAAA,GAACF,GAAG,EAASgB,KAAK,YAAAb,UAAA,GAAlBD,IAAA,CAAac,KAAK,GAAK,CAAC,CAAC;EACxBhB,GAAG,CAASgB,KAAK,CAACC,IAAI,GAAG;IACxBH,KAAK;IACLF,MAAM;IACNC,UAAU;IACVH,QAAQ;IACRK,KAAK;IACLrB;EACF,CAAC;EAED,OAAOO,IAAI,CAAC,CAAC;AACf,CAAC;AAACiB,OAAA,CAAAnB,cAAA,GAAAA,cAAA","ignoreList":[]}
package/build/cjs/middlewares/verify-middleware.js CHANGED
@@ -84,7 +84,7 @@ function getSessionMappingCookieName(appId, origin, requestUrl) {
84
84
  return `__Secure-session-v1.${appId}.mapping`;
85
85
  }
86
86
  const verifyMw = async (req, ctx, next) => {
87
- var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$sub, _ref4, _p$cfy_bid, _ref5, _p$email, _p$name, _ref6, _p$resource_access$to, _p$resource_access, _p$realm_access;
87
+ var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$cfy_bid, _ref4, _p$email, _p$name;
88
88
  const appId = req.headers.get("app-id");
89
89
  if (!appId || !(_constants.APP_MAP != null && (_APP_MAP$appId = _constants.APP_MAP[appId]) != null && _APP_MAP$appId.clientId)) {
90
90
  return {
@@ -251,8 +251,9 @@ const verifyMw = async (req, ctx, next) => {
251
251
  };
252
252
  }
253
253
  const now = Math.floor(Date.now() / 1000);
254
- // Refresh only when expired
255
- if (typeof p.exp === "number" && p.exp <= now) {
254
+ // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)
255
+ const refreshLeewaySeconds = 60;
256
+ if (typeof p.exp === "number" && p.exp <= now + refreshLeewaySeconds) {
256
257
  // Delegate to refresh helper; it will handle setting cookies/state or returning an error
257
258
  return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);
258
259
  }
@@ -281,14 +282,10 @@ const verifyMw = async (req, ctx, next) => {
281
282
  ctx.state.auth = {
282
283
  appId,
283
284
  userId: (_ref2 = (_tokenMapping$userId$ = (_tokenMapping$userId = tokenMapping.userId) == null || _tokenMapping$userId.toString == null ? void 0 : _tokenMapping$userId.toString()) != null ? _tokenMapping$userId$ : p.sub) != null ? _ref2 : null,
284
- keycloakUserId: (_ref3 = (_p$sub = p.sub) != null ? _p$sub : tokenMapping.keycloakUserId) != null ? _ref3 : null,
285
- businessId: (_ref4 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref4 : null,
285
+ businessId: (_ref3 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref3 : null,
286
286
  tenantId,
287
- email: (_ref5 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref5 : null,
288
- name: (_p$name = p.name) != null ? _p$name : undefined,
289
- roles: (_ref6 = (_p$resource_access$to = (_p$resource_access = p.resource_access) == null || (_p$resource_access = _p$resource_access[tokenClientId]) == null ? void 0 : _p$resource_access.roles) != null ? _p$resource_access$to : (_p$realm_access = p.realm_access) == null ? void 0 : _p$realm_access.roles) != null ? _ref6 : [],
290
- exp: p.exp,
291
- tokenMappingId: mapping
287
+ email: (_ref4 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref4 : null,
288
+ name: (_p$name = p.name) != null ? _p$name : undefined
292
289
  };
293
290
  return next();
294
291
  };
@@ -319,11 +316,10 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
319
316
 
320
317
  // Call auth service to refresh
321
318
  try {
322
- var _req$headers$get3, _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
319
+ var _req$headers$get3, _ref5, _ref5$state, _ref6, _updatedMapping$userI, _updatedMapping$userI2, _ref7, _p2$sub, _ref8, _p2$cfy_bid, _ref9, _p2$email, _p2$name, _ref0, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
323
320
  const requestOrigin = (_req$headers$get3 = req.headers.get("origin")) != null ? _req$headers$get3 : undefined;
324
321
  if (!apiURL) {
325
322
  ctx.error == null || ctx.error("Refresh session URL is not configured");
326
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
327
323
  return {
328
324
  status: 401,
329
325
  headers: {
@@ -350,8 +346,20 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
350
346
  })
351
347
  });
352
348
  if (!resp.ok) {
353
- ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`);
354
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
349
+ let errorText;
350
+ try {
351
+ errorText = await resp.text();
352
+ } catch {
353
+ errorText = undefined;
354
+ }
355
+ const isInvalidGrant = typeof errorText === "string" && errorText.toLowerCase().includes("invalid_grant") || resp.status === 400;
356
+ ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`, {
357
+ status: resp.status,
358
+ invalidGrant: isInvalidGrant
359
+ });
360
+ if (isInvalidGrant) {
361
+ clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
362
+ }
355
363
  return {
356
364
  status: 401,
357
365
  headers: {
@@ -371,7 +379,6 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
371
379
  const newAT = data.access_token;
372
380
  const newRT = data.refresh_token;
373
381
  if (!newAT || !newRT) {
374
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
375
382
  return {
376
383
  status: 401,
377
384
  headers: {
@@ -414,7 +421,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
414
421
  await verifyMappingCache.delete(ctx, mapping);
415
422
 
416
423
  // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
417
- const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : typeof data.expires_in === "number" ? data.expires_in : 60 * 60 * 24; // fallback 24h
424
+ const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)
418
425
 
419
426
  const mappingCookieValue = Buffer.from(mapping).toString("base64");
420
427
  const appConfig = _constants.APP_MAP[appId];
@@ -468,17 +475,17 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
468
475
  }
469
476
 
470
477
  // Update downstream auth state with refreshed token
471
- (_ref7$state = (_ref7 = ctx).state) != null ? _ref7$state : _ref7.state = {};
478
+ (_ref5$state = (_ref5 = ctx).state) != null ? _ref5$state : _ref5.state = {};
472
479
  const tenantId2 = realmId.toString();
473
480
  ctx.state.auth = {
474
481
  appId: appId,
475
- userId: (_ref8 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref8 : null,
476
- keycloakUserId: (_ref9 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref9 : null,
477
- businessId: (_ref0 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref0 : null,
482
+ userId: (_ref6 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref6 : null,
483
+ keycloakUserId: (_ref7 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref7 : null,
484
+ businessId: (_ref8 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref8 : null,
478
485
  tenantId: tenantId2,
479
- email: (_ref1 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref1 : null,
486
+ email: (_ref9 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref9 : null,
480
487
  name: (_p2$name = p2.name) != null ? _p2$name : undefined,
481
- roles: (_ref10 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref10 : [],
488
+ roles: (_ref0 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref0 : [],
482
489
  exp: p2.exp,
483
490
  tokenMappingId: mapping
484
491
  };
@@ -486,13 +493,11 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
486
493
  // Continue pipeline after refresh
487
494
  return next();
488
495
  } catch (e) {
489
- var _req$headers$get4;
490
496
  ctx.error == null || ctx.error("refresh exception", {
491
497
  message: e == null ? void 0 : e.message,
492
498
  name: e == null ? void 0 : e.name,
493
499
  code: e == null ? void 0 : e.code
494
500
  });
495
- clearSessionMappingCookie(ctx, appId, (_req$headers$get4 = req.headers.get("origin")) != null ? _req$headers$get4 : undefined, req.url);
496
501
  return {
497
502
  status: 401,
498
503
  headers: {
package/build/cjs/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","clearSessionMappingCookie","ctx","appId","APP_MAP","cookieName","getSessionMappingCookieName","isLocal","setCookieKV","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","jwtDecode","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","tokenMappingId","exports","_req$headers$get2","info","_req$headers$get3","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","audOk2","tenantId2","e","_req$headers$get4","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n tokenMappingId: mapping,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC1B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASoB,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb7B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;EAChC,MAAME,UAAU,GAAGC,2BAA2B,CAACH,KAAK,EAAE7B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMgC,OAAO,GAAGP,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC;EAClD,IAAAiC,oBAAW,EAACN,GAAG,EAAEG,UAAU,EAAE,EAAE,EAAE;IAC/BI,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACH,OAAO;IAChBI,QAAQ,EAAEJ,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCK,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAAS+B,2BAA2BA,CAACH,KAAa,EAAE7B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAIyB,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc4B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEO,MAAMU,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBZ,GAAsB,EACtBa,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAM/B,KAAK,GAAGW,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACjC,KAAK,IAAI,EAACC,kBAAO,aAAAY,cAAA,GAAPZ,kBAAO,CAAGD,KAAK,CAAC,aAAhBa,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAGjC,kBAAO,CAACD,KAAK,CAAC,CAACkC,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAGrD,iBAAiB,CAACwB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAA3B,gBAAA,GAAGH,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIzC,SAAS;EAE5D,IAAIqE,OAAsB,GACxBF,OAAO,CAACrC,2BAA2B,CAACH,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBxC,KAAK,UAAU,CAAC,IAC/CwC,OAAO,CAAC,cAAcxC,KAAK,UAAU,CAAC,IACtCW,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCtB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/C,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACkF,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpD,GAAG,EAAE8C,KAAK,CAAC;EAE/D,IAAIO,eAAe,GAAG,MAAMrF,kBAAkB,CAACkE,GAAG,CAAClC,GAAG,EAAE2C,OAAO,CAAC;EAChE,IAAI,CAACU,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACZ,OAAO,CAAC;IACtE,IAAIW,OAAO,EAAE;MACXD,eAAe,GAAGf,IAAI,CAACC,SAAS,CAACe,OAAO,CAAC;MACzC,MAAMtF,kBAAkB,CAACwF,GAAG,CAACxD,GAAG,EAAEqD,eAAe,EAAEV,OAAO,CAAC;IAC7D;EACF;EACA,MAAMc,YAAY,GAAGJ,eAAe,GAAGf,IAAI,CAACoB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAImB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMuB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACtB,QAAQ;EAE3C,IAAI,CAAC8B,aAAa,IAAIA,aAAa,KAAK9B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACR,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAxB,EAAA,GAACkD,CAAC,aAADlD,EAAA,CAAGoD,GAAG,GAAE;IACX,OAAO;MACLhC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM6B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC9D,GAAG,EAAEZ,GAAG,EAAEC,KAAK,EAAE8D,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAElB,OAAO,EAAEuB,CAAC,EAAErD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM8D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACd,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKb,aAAa,IAAIC,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC/EZ,CAAC,CAACc,GAAG,KAAKf,aAAa;EAEzB,IAAI,CAACU,KAAK,EAAE;IACV,OAAO;MACLvC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAtB,UAAA,IAAAD,IAAA,GAACjB,GAAG,EAASiF,KAAK,YAAA/D,UAAA,GAAlBD,IAAA,CAAagE,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGnB,KAAK,CAACoB,QAAQ,CAAC,CAAC;EAEhCnF,GAAG,CAASiF,KAAK,CAACG,IAAI,GAAG;IACxBnF,KAAK;IACLoF,MAAM,GAAAlE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEoC,YAAY,CAAC4B,MAAM,aAAnBhE,oBAAA,CAAqB8D,QAAQ,oBAA7B9D,oBAAA,CAAqB8D,QAAQ,CAAG,CAAC,YAAA/D,qBAAA,GAAI8C,CAAC,CAACoB,GAAG,YAAAnE,KAAA,GAAI,IAAI;IAC1DoE,cAAc,GAAAjE,KAAA,IAAAC,MAAA,GAAE2C,CAAC,CAACoB,GAAG,YAAA/D,MAAA,GAAIkC,YAAY,CAAC8B,cAAc,YAAAjE,KAAA,GAAI,IAAI;IAC5DkE,UAAU,GAAAhE,KAAA,IAAAC,UAAA,GAAEyC,CAAC,CAACuB,OAAO,YAAAhE,UAAA,GAAIyD,QAAQ,YAAA1D,KAAA,GAAI,IAAI;IACzC0D,QAAQ;IACRQ,KAAK,GAAAhE,KAAA,IAAAC,QAAA,GAAEuC,CAAC,CAACwB,KAAK,YAAA/D,QAAA,GAAIuC,CAAC,CAACyB,kBAAkB,YAAAjE,KAAA,GAAI,IAAI;IAC9CkE,IAAI,GAAAhE,OAAA,GAAEsC,CAAC,CAAC0B,IAAI,YAAAhE,OAAA,GAAItD,SAAS;IACzBuH,KAAK,GAAAhE,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEmC,CAAC,CAAC4B,eAAe,cAAA/D,kBAAA,GAAjBA,kBAAA,CAAoBkC,aAAa,CAAC,qBAAlClC,kBAAA,CAAoC8D,KAAK,YAAA/D,qBAAA,IAAAE,eAAA,GAAIkC,CAAC,CAAC6B,YAAY,qBAAd/D,eAAA,CAAgB6D,KAAK,YAAAhE,KAAA,GAAI,EAAE;IAC/E4C,GAAG,EAAEP,CAAC,CAACO,GAAG;IACVuB,cAAc,EAAErD;EAClB,CAAC;EAED,OAAO9B,IAAI,CAAC,CAAC;AACf,CAAC;AAACoF,OAAA,CAAAtF,QAAA,GAAAA,QAAA;AAIF,eAAe+D,kBAAkBA,CAC/B9D,GAAgB,EAChBZ,GAAsB,EACtBC,KAAa,EACb+D,OAAe,EACf7B,QAAgB,EAChB0B,EAAsB,EACtBlB,OAAe,EACfuB,CAAM,EACNrD,IAAqC,EACV;EAC3B;EACA,IAAI,CAACgD,EAAE,EAAE;IAAA,IAAAqC,iBAAA;IACPnG,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAiG,iBAAA,GAAEtF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAgE,iBAAA,GAAI5H,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAxC,GAAG,CAACmG,IAAI,CAAC,0BAA0B,EAAE;IACnCnC,OAAO;IACP7B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAiE,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAM1E,aAAa,IAAA0D,iBAAA,GAAGxF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAkE,iBAAA,GAAI9H,SAAS;IAC5D,IAAI,CAACV,MAAM,EAAE;MACXoC,GAAG,CAACqH,KAAK,YAATrH,GAAG,CAACqH,KAAK,CAAG,uCAAuC,CAAC;MACpDtH,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM8E,IAAI,GAAG,MAAMC,KAAK,CAAC3J,MAAM,EAAE;MAC/B4J,MAAM,EAAE,MAAM;MACdvF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnByB,OAAO;QACP7B,QAAQ,EAAEA,QAAQ;QAClBsF,aAAa,EAAE5D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACyD,IAAI,CAACI,EAAE,EAAE;MACZ1H,GAAG,CAAC2H,IAAI,YAAR3H,GAAG,CAAC2H,IAAI,CAAG,mCAAmCL,IAAI,CAAClF,MAAM,EAAE,CAAC;MAC5DrC,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMoF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpBlI,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/C,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACkF,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpD,GAAG,EAAE8C,KAAK,CAAC;IAE/D,MAAMoF,cAAc,GAAG,MAAM/E,mBAAmB,CAACgF,kBAAkB,CAACxF,OAAO,EAAE;MAC3EiB,WAAW,EAAEmE,KAAK;MAClBjE,YAAY,EAAEmE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI7D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGyD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG/J;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAACsK,MAAM,CAACtI,GAAG,EAAE2C,OAAO,CAAC;;IAE7C;IACA,MAAM4F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,MAAMI,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAChG,OAAO,CAAC,CAACwC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMhH,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;;IAEhC;IACA,MAAM2I,YAAY,GAAG1K,gBAAgB,CAACC,SAAS,EAAEuE,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IACxE,MAAMiG,YAAY,GAAG/I,cAAc,CAAC4C,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IAE3D,IAAAtC,oBAAW,EAACN,GAAG,EAAEI,2BAA2B,CAACH,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,EAAE6F,kBAAkB,EAAE;MAC/F;MACAlI,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACqI,YAAY;MACrBpI,QAAQ,EAAEoI,YAAY,GAAG,KAAK,GAAG,MAAM;MACvCnI,MAAM,EAAE6H,aAAa;MACrBzJ,MAAM,EAAE8J;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA3E,oBAAS,EAAC4D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL3F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMuG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACiE,EAAE,CAAChE,GAAG,CAAC,IAAIgE,EAAE,CAAChE,GAAG,CAACC,QAAQ,CAAC5C,QAAQ,CAAC,IAClD,OAAO2G,EAAE,CAAChE,GAAG,KAAK,QAAQ,KAAKgE,EAAE,CAAChE,GAAG,KAAK3C,QAAQ,IAAI2G,EAAE,CAAChE,GAAG,KAAK,SAAS,CAAE,IAC7EgE,EAAE,CAAC9D,GAAG,KAAK7C,QAAQ;IACrB,IAAI,CAAC4G,MAAM,EAAE;MACX,OAAO;QACL3G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA8D,WAAA,IAAAD,KAAA,GAACrG,GAAG,EAASiF,KAAK,YAAAqB,WAAA,GAAlBD,KAAA,CAAapB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGhF,OAAO,CAACmB,QAAQ,CAAC,CAAC;IACnCnF,GAAG,CAASiF,KAAK,CAACG,IAAI,GAAG;MACxBnF,KAAK,EAAEA,KAAe;MACtBoF,MAAM,GAAAkB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE7C,MAAM,aAAtBoB,sBAAA,CAAwBtB,QAAQ,oBAAhCsB,sBAAA,CAAwBtB,QAAQ,CAAG,CAAC,YAAAqB,qBAAA,GAAIsC,EAAE,CAACxD,GAAG,YAAAiB,KAAA,GAAI,IAAI;MAC9DhB,cAAc,GAAAmB,KAAA,IAAAC,OAAA,GAAEmC,EAAE,CAACxD,GAAG,YAAAqB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAE3C,cAAc,YAAAmB,KAAA,GAAI,IAAI;MAChElB,UAAU,GAAAoB,KAAA,IAAAC,WAAA,GAAEiC,EAAE,CAACrD,OAAO,YAAAoB,WAAA,GAAImC,SAAS,YAAApC,KAAA,GAAI,IAAI;MAC3C1B,QAAQ,EAAE8D,SAAS;MACnBtD,KAAK,GAAAoB,KAAA,IAAAC,SAAA,GAAE+B,EAAE,CAACpD,KAAK,YAAAqB,SAAA,GAAI+B,EAAE,CAACnD,kBAAkB,YAAAmB,KAAA,GAAI,IAAI;MAChDlB,IAAI,GAAAoB,QAAA,GAAE8B,EAAE,CAAClD,IAAI,YAAAoB,QAAA,GAAI1I,SAAS;MAC1BuH,KAAK,GAAAoB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE2B,EAAE,CAAChD,eAAe,cAAAqB,mBAAA,GAAlBA,mBAAA,CAAqBhF,QAAQ,CAAC,qBAA9BgF,mBAAA,CAAgCtB,KAAK,YAAAqB,qBAAA,IAAAE,gBAAA,GAAI0B,EAAE,CAAC/C,YAAY,qBAAfqB,gBAAA,CAAiBvB,KAAK,YAAAoB,MAAA,GAAI,EAAE;MAC5ExC,GAAG,EAAEqE,EAAE,CAACrE,GAAG;MACXuB,cAAc,EAAErD;IAClB,CAAC;;IAED;IACA,OAAO9B,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOoI,CAAM,EAAE;IAAA,IAAAC,iBAAA;IACflJ,GAAG,CAACqH,KAAK,YAATrH,GAAG,CAACqH,KAAK,CAAG,mBAAmB,EAAE;MAC/B8B,OAAO,EAAEF,CAAC,oBAADA,CAAC,CAAEE,OAAO;MACnBvD,IAAI,EAAEqD,CAAC,oBAADA,CAAC,CAAErD,IAAI;MACbwD,IAAI,EAAEH,CAAC,oBAADA,CAAC,CAAEG;IACX,CAAC,CAAC;IACFrJ,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAiJ,iBAAA,GAAEtI,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAgH,iBAAA,GAAI5K,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAACwG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOX,MAAM,CAACC,IAAI,CAACU,KAAK,EAAE,QAAQ,CAAC,CAAClE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOkC,KAAU,EAAE;IACnBiC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGlC,KAAK,CAAC8B,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","clearSessionMappingCookie","ctx","appId","APP_MAP","cookieName","getSessionMappingCookieName","isLocal","setCookieKV","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$cfy_bid","_ref4","_p$email","_p$name","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","jwtDecode","sid","now","Math","floor","Date","refreshLeewaySeconds","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","exports","_req$headers$get2","info","_req$headers$get3","_ref5","_ref5$state","_ref6","_updatedMapping$userI","_updatedMapping$userI2","_ref7","_p2$sub","_ref8","_p2$cfy_bid","_ref9","_p2$email","_p2$name","_ref0","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","errorText","text","isInvalidGrant","toLowerCase","warn","invalidGrant","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","audOk2","tenantId2","keycloakUserId","roles","resource_access","realm_access","tokenMappingId","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)\n const refreshLeewaySeconds = 60;\n if (typeof p.exp === \"number\" && p.exp <= (now + refreshLeewaySeconds)) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n let errorText: string | undefined;\n try {\n errorText = await resp.text();\n } catch {\n errorText = undefined;\n }\n\n const isInvalidGrant =\n (typeof errorText === \"string\" && errorText.toLowerCase().includes(\"invalid_grant\")) ||\n resp.status === 400;\n\n ctx.warn?.(`refresh call failed with status ${resp.status}`, {\n status: resp.status,\n invalidGrant: isInvalidGrant,\n });\n\n if (isInvalidGrant) {\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n }\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC1B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASoB,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb7B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;EAChC,MAAME,UAAU,GAAGC,2BAA2B,CAACH,KAAK,EAAE7B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMgC,OAAO,GAAGP,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC;EAClD,IAAAiC,oBAAW,EAACN,GAAG,EAAEG,UAAU,EAAE,EAAE,EAAE;IAC/BI,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACH,OAAO;IAChBI,QAAQ,EAAEJ,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCK,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAAS+B,2BAA2BA,CAACH,KAAa,EAAE7B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAIyB,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc4B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEO,MAAMU,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBZ,GAAsB,EACtBa,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA;EAC9B,MAAMzB,KAAK,GAAGW,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAAC3B,KAAK,IAAI,EAACC,kBAAO,aAAAY,cAAA,GAAPZ,kBAAO,CAAGD,KAAK,CAAC,aAAhBa,cAAA,CAAkBe,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAG3B,kBAAO,CAACD,KAAK,CAAC,CAAC4B,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAG/C,iBAAiB,CAACwB,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAArB,gBAAA,GAAGH,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAb,gBAAA,GAAIzC,SAAS;EAE5D,IAAI+D,OAAsB,GACxBF,OAAO,CAAC/B,2BAA2B,CAACH,KAAK,EAAEmC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBlC,KAAK,UAAU,CAAC,IAC/CkC,OAAO,CAAC,cAAclC,KAAK,UAAU,CAAC,IACtCW,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpChB,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CzC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAAC4E,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAAC9C,GAAG,EAAEwC,KAAK,CAAC;EAE/D,IAAIO,eAAe,GAAG,MAAM/E,kBAAkB,CAAC4D,GAAG,CAAC5B,GAAG,EAAEqC,OAAO,CAAC;EAChE,IAAI,CAACU,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACZ,OAAO,CAAC;IACtE,IAAIW,OAAO,EAAE;MACXD,eAAe,GAAGf,IAAI,CAACC,SAAS,CAACe,OAAO,CAAC;MACzC,MAAMhF,kBAAkB,CAACkF,GAAG,CAAClD,GAAG,EAAE+C,eAAe,EAAEV,OAAO,CAAC;IAC7D;EACF;EACA,MAAMc,YAAY,GAAGJ,eAAe,GAAGf,IAAI,CAACoB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAImB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMuB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACtB,QAAQ;EAE3C,IAAI,CAAC8B,aAAa,IAAIA,aAAa,KAAK9B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACR,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAlB,EAAA,GAAC4C,CAAC,aAAD5C,EAAA,CAAG8C,GAAG,GAAE;IACX,OAAO;MACLhC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM6B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,MAAMI,oBAAoB,GAAG,EAAE;EAC/B,IAAI,OAAOP,CAAC,CAACQ,GAAG,KAAK,QAAQ,IAAIR,CAAC,CAACQ,GAAG,IAAKL,GAAG,GAAGI,oBAAqB,EAAE;IACtE;IACA,OAAO,MAAME,kBAAkB,CAACzD,GAAG,EAAEZ,GAAG,EAAEC,KAAK,EAAEwD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAElB,OAAO,EAAEuB,CAAC,EAAE/C,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAMyD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACZ,CAAC,CAACa,GAAG,CAAC,IAAIb,CAAC,CAACa,GAAG,CAACC,QAAQ,CAACf,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACa,GAAG,KAAK,QAAQ,KAAKb,CAAC,CAACa,GAAG,KAAKd,aAAa,IAAIC,CAAC,CAACa,GAAG,KAAK,SAAS,CAAE,IAC/Eb,CAAC,CAACe,GAAG,KAAKhB,aAAa;EAEzB,IAAI,CAACW,KAAK,EAAE;IACV,OAAO;MACLxC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAhB,UAAA,IAAAD,IAAA,GAACjB,GAAG,EAAS4E,KAAK,YAAA1D,UAAA,GAAlBD,IAAA,CAAa2D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGpB,KAAK,CAACqB,QAAQ,CAAC,CAAC;EAEhC9E,GAAG,CAAS4E,KAAK,CAACG,IAAI,GAAG;IACxB9E,KAAK;IACL+E,MAAM,GAAA7D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAE8B,YAAY,CAAC6B,MAAM,aAAnB3D,oBAAA,CAAqByD,QAAQ,oBAA7BzD,oBAAA,CAAqByD,QAAQ,CAAG,CAAC,YAAA1D,qBAAA,GAAIwC,CAAC,CAACqB,GAAG,YAAA9D,KAAA,GAAI,IAAI;IAC1D+D,UAAU,GAAA5D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACuB,OAAO,YAAA5D,UAAA,GAAIsD,QAAQ,YAAAvD,KAAA,GAAI,IAAI;IACzCuD,QAAQ;IACRO,KAAK,GAAA5D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACwB,KAAK,YAAA3D,QAAA,GAAImC,CAAC,CAACyB,kBAAkB,YAAA7D,KAAA,GAAI,IAAI;IAC9C8D,IAAI,GAAA5D,OAAA,GAAEkC,CAAC,CAAC0B,IAAI,YAAA5D,OAAA,GAAIpD;EAClB,CAAC;EAED,OAAOuC,IAAI,CAAC,CAAC;AACf,CAAC;AAAC0E,OAAA,CAAA5E,QAAA,GAAAA,QAAA;AAIF,eAAe0D,kBAAkBA,CAC/BzD,GAAgB,EAChBZ,GAAsB,EACtBC,KAAa,EACbyD,OAAe,EACf7B,QAAgB,EAChB0B,EAAsB,EACtBlB,OAAe,EACfuB,CAAM,EACN/C,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC0C,EAAE,EAAE;IAAA,IAAAiC,iBAAA;IACPzF,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAuF,iBAAA,GAAE5E,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA4D,iBAAA,GAAIlH,SAAS,EAAEsC,GAAG,CAAC0B,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAlC,GAAG,CAACyF,IAAI,CAAC,0BAA0B,EAAE;IACnC/B,OAAO;IACP7B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAA6D,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMtE,aAAa,IAAAsD,iBAAA,GAAG9E,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA8D,iBAAA,GAAIpH,SAAS;IAC5D,IAAI,CAACV,MAAM,EAAE;MACXoC,GAAG,CAAC2G,KAAK,YAAT3G,GAAG,CAAC2G,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACL7E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM0E,IAAI,GAAG,MAAMC,KAAK,CAACjJ,MAAM,EAAE;MAC/BkJ,MAAM,EAAE,MAAM;MACdnF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnByB,OAAO;QACP7B,QAAQ,EAAEA,QAAQ;QAClBkF,aAAa,EAAExD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACqD,IAAI,CAACI,EAAE,EAAE;MACZ,IAAIC,SAA6B;MACjC,IAAI;QACFA,SAAS,GAAG,MAAML,IAAI,CAACM,IAAI,CAAC,CAAC;MAC/B,CAAC,CAAC,MAAM;QACND,SAAS,GAAG3I,SAAS;MACvB;MAEA,MAAM6I,cAAc,GACjB,OAAOF,SAAS,KAAK,QAAQ,IAAIA,SAAS,CAACG,WAAW,CAAC,CAAC,CAAC1C,QAAQ,CAAC,eAAe,CAAC,IACnFkC,IAAI,CAAC9E,MAAM,KAAK,GAAG;MAErB9B,GAAG,CAACqH,IAAI,YAARrH,GAAG,CAACqH,IAAI,CAAG,mCAAmCT,IAAI,CAAC9E,MAAM,EAAE,EAAE;QAC3DA,MAAM,EAAE8E,IAAI,CAAC9E,MAAM;QACnBwF,YAAY,EAAEH;MAChB,CAAC,CAAC;MAEF,IAAIA,cAAc,EAAE;QAClBpH,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEmC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;MAC/D;MACA,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMqF,OAAO,GAAG,MAAMX,IAAI,CAACY,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACV,aAAmC;IAEtD,IAAI,CAACW,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL9F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CzC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAAC4E,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAAC9C,GAAG,EAAEwC,KAAK,CAAC;IAE/D,MAAMqF,cAAc,GAAG,MAAMhF,mBAAmB,CAACiF,kBAAkB,CAACzF,OAAO,EAAE;MAC3EiB,WAAW,EAAEoE,KAAK;MAClBlE,YAAY,EAAEoE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI9D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG0D,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG1J;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAACiK,MAAM,CAACjI,GAAG,EAAEqC,OAAO,CAAC;;IAE7C;IACA,MAAM6F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEzB,MAAMC,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAACjG,OAAO,CAAC,CAACyC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAM3G,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;;IAEhC;IACA,MAAMsI,YAAY,GAAGrK,gBAAgB,CAACC,SAAS,EAAEiE,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;IACxE,MAAMkG,YAAY,GAAG1I,cAAc,CAACsC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;IAE3D,IAAAhC,oBAAW,EAACN,GAAG,EAAEI,2BAA2B,CAACH,KAAK,EAAEmC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC,EAAE8F,kBAAkB,EAAE;MAC/F;MACA7H,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACgI,YAAY;MACrB/H,QAAQ,EAAE+H,YAAY,GAAG,KAAK,GAAG,MAAM;MACvC9H,MAAM,EAAEwH,aAAa;MACrBpJ,MAAM,EAAEyJ;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA5E,oBAAS,EAAC6D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL5F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMwG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACiE,EAAE,CAAChE,GAAG,CAAC,IAAIgE,EAAE,CAAChE,GAAG,CAACC,QAAQ,CAAC7C,QAAQ,CAAC,IAClD,OAAO4G,EAAE,CAAChE,GAAG,KAAK,QAAQ,KAAKgE,EAAE,CAAChE,GAAG,KAAK5C,QAAQ,IAAI4G,EAAE,CAAChE,GAAG,KAAK,SAAS,CAAE,IAC7EgE,EAAE,CAAC9D,GAAG,KAAK9C,QAAQ;IACrB,IAAI,CAAC6G,MAAM,EAAE;MACX,OAAO;QACL5G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA0D,WAAA,IAAAD,KAAA,GAAC3F,GAAG,EAAS4E,KAAK,YAAAgB,WAAA,GAAlBD,KAAA,CAAaf,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGjF,OAAO,CAACoB,QAAQ,CAAC,CAAC;IACnC9E,GAAG,CAAS4E,KAAK,CAACG,IAAI,GAAG;MACxB9E,KAAK,EAAEA,KAAe;MACtB+E,MAAM,GAAAa,KAAA,IAAAC,qBAAA,GAAE+B,cAAc,aAAA9B,sBAAA,GAAd8B,cAAc,CAAE7C,MAAM,aAAtBe,sBAAA,CAAwBjB,QAAQ,oBAAhCiB,sBAAA,CAAwBjB,QAAQ,CAAG,CAAC,YAAAgB,qBAAA,GAAI2C,EAAE,CAACxD,GAAG,YAAAY,KAAA,GAAI,IAAI;MAC9D+C,cAAc,GAAA5C,KAAA,IAAAC,OAAA,GAAEwC,EAAE,CAACxD,GAAG,YAAAgB,OAAA,GAAI4B,cAAc,oBAAdA,cAAc,CAAEe,cAAc,YAAA5C,KAAA,GAAI,IAAI;MAChEd,UAAU,GAAAgB,KAAA,IAAAC,WAAA,GAAEsC,EAAE,CAACtD,OAAO,YAAAgB,WAAA,GAAIwC,SAAS,YAAAzC,KAAA,GAAI,IAAI;MAC3CrB,QAAQ,EAAE8D,SAAS;MACnBvD,KAAK,GAAAgB,KAAA,IAAAC,SAAA,GAAEoC,EAAE,CAACrD,KAAK,YAAAiB,SAAA,GAAIoC,EAAE,CAACpD,kBAAkB,YAAAe,KAAA,GAAI,IAAI;MAChDd,IAAI,GAAAgB,QAAA,GAAEmC,EAAE,CAACnD,IAAI,YAAAgB,QAAA,GAAIhI,SAAS;MAC1BuK,KAAK,GAAAtC,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEgC,EAAE,CAACK,eAAe,cAAArC,mBAAA,GAAlBA,mBAAA,CAAqB5E,QAAQ,CAAC,qBAA9B4E,mBAAA,CAAgCoC,KAAK,YAAArC,qBAAA,IAAAE,gBAAA,GAAI+B,EAAE,CAACM,YAAY,qBAAfrC,gBAAA,CAAiBmC,KAAK,YAAAtC,KAAA,GAAI,EAAE;MAC5EnC,GAAG,EAAEqE,EAAE,CAACrE,GAAG;MACX4E,cAAc,EAAE3G;IAClB,CAAC;;IAED;IACA,OAAOxB,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOoI,CAAM,EAAE;IACfjJ,GAAG,CAAC2G,KAAK,YAAT3G,GAAG,CAAC2G,KAAK,CAAG,mBAAmB,EAAE;MAC/BuC,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnB5D,IAAI,EAAE2D,CAAC,oBAADA,CAAC,CAAE3D,IAAI;MACb6D,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACLrH,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAAC6G,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOf,MAAM,CAACC,IAAI,CAACc,KAAK,EAAE,QAAQ,CAAC,CAACtE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAO6B,KAAU,EAAE;IACnB0C,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAG3C,KAAK,CAACuC,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
package/build/cjs/types/index.js CHANGED
@@ -13,4 +13,10 @@ Object.keys(_events).forEach(function (key) {
13
13
  if (key in exports && exports[key] === _events[key]) return;
14
14
  exports[key] = _events[key];
15
15
  });
16
+ var _app = require("./app");
17
+ Object.keys(_app).forEach(function (key) {
18
+ if (key === "default" || key === "__esModule") return;
19
+ if (key in exports && exports[key] === _app[key]) return;
20
+ exports[key] = _app[key];
21
+ });
16
22
  //# sourceMappingURL=index.js.map
package/build/cjs/types/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["_createEnterpriseBusiness","require","Object","keys","forEach","key","exports","_events"],"sources":["../../../src/types/index.ts"],"sourcesContent":["export * from './create-enterprise-business'\nexport * from './events'"],"mappings":";;;AAAA,IAAAA,yBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,yBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,yBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,yBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,OAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,OAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,OAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,OAAA,CAAAF,GAAA;AAAA","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":["_createEnterpriseBusiness","require","Object","keys","forEach","key","exports","_events","_app"],"sources":["../../../src/types/index.ts"],"sourcesContent":["export * from './create-enterprise-business'\nexport * from './events'\nexport * from './app'"],"mappings":";;;AAAA,IAAAA,yBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,yBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,yBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,yBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,OAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,OAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,OAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,OAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,IAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,IAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,IAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,IAAA,CAAAH,GAAA;AAAA","ignoreList":[]}
package/build/esm/middlewares/index.js CHANGED
@@ -1,4 +1,5 @@
1
1
  export * from './token-validation';
2
+ export * from './internal-auth-middleware';
2
3
  export * from './verify-middleware';
3
4
  export * from './verify-express';
4
5
  //# sourceMappingURL=index.js.map
package/build/esm/middlewares/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":"AAAA,cAAc,oBAAoB;AAClC,cAAc,qBAAqB;AACnC,cAAc,kBAAkB","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './internal-auth-middleware';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":"AAAA,cAAc,oBAAoB;AAClC,cAAc,4BAA4B;AAC1C,cAAc,qBAAqB;AACnC,cAAc,kBAAkB","ignoreList":[]}
package/build/esm/middlewares/internal-auth-middleware.js ADDED
@@ -0,0 +1,38 @@
1
+ const INTERNAL_SERVICE_KEY = "12345";
2
+ const getHeader = (req, name) => {
3
+ var _req$headers$get;
4
+ return (_req$headers$get = req.headers.get(name)) != null ? _req$headers$get : req.headers.get(name.toLowerCase());
5
+ };
6
+ export const internalAuthMw = async (req, ctx, next) => {
7
+ var _ref, _ref$state;
8
+ const internalKey = getHeader(req, "x-internal-key");
9
+ if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {
10
+ return {
11
+ status: 401,
12
+ headers: {
13
+ "Content-Type": "application/json"
14
+ },
15
+ body: JSON.stringify({
16
+ status: "unauthenticated",
17
+ reason: "invalid_internal_key"
18
+ })
19
+ };
20
+ }
21
+ const tenantId = getHeader(req, "x-tenant-id") || undefined;
22
+ const userId = getHeader(req, "x-user-id") || undefined;
23
+ const businessId = getHeader(req, "x-business-id") || undefined;
24
+ const appId = getHeader(req, "x-app-id") || undefined;
25
+ const email = getHeader(req, "x-email") || undefined;
26
+ const name = getHeader(req, "x-name") || undefined;
27
+ (_ref$state = (_ref = ctx).state) != null ? _ref$state : _ref.state = {};
28
+ ctx.state.auth = {
29
+ appId,
30
+ userId,
31
+ businessId,
32
+ tenantId,
33
+ email,
34
+ name
35
+ };
36
+ return next();
37
+ };
38
+ //# sourceMappingURL=internal-auth-middleware.js.map
package/build/esm/middlewares/internal-auth-middleware.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"internal-auth-middleware.js","names":["INTERNAL_SERVICE_KEY","getHeader","req","name","_req$headers$get","headers","get","toLowerCase","internalAuthMw","ctx","next","_ref","_ref$state","internalKey","status","body","JSON","stringify","reason","tenantId","undefined","userId","businessId","appId","email","state","auth"],"sources":["../../../src/middlewares/internal-auth-middleware.ts"],"sourcesContent":["import { HttpRequest, HttpResponseInit, InvocationContext } from \"@azure/functions\";\nimport { IMiddleware } from \"../types/middleware\";\n\nconst INTERNAL_SERVICE_KEY = \"12345\";\n\nconst getHeader = (req: HttpRequest, name: string): string | null =>\n req.headers.get(name) ?? req.headers.get(name.toLowerCase());\n\nexport const internalAuthMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const internalKey = getHeader(req, \"x-internal-key\");\n\n if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_internal_key\" }),\n };\n }\n\n const tenantId = getHeader(req, \"x-tenant-id\") || undefined;\n const userId = getHeader(req, \"x-user-id\") || undefined;\n const businessId = getHeader(req, \"x-business-id\") || undefined;\n const appId = getHeader(req, \"x-app-id\") || undefined;\n const email = getHeader(req, \"x-email\") || undefined;\n const name = getHeader(req, \"x-name\") || undefined;\n\n (ctx as any).state ??= {};\n (ctx as any).state.auth = {\n appId,\n userId,\n businessId,\n tenantId,\n email,\n name,\n };\n\n return next();\n};\n"],"mappings":"AAGA,MAAMA,oBAAoB,GAAG,OAAO;AAEpC,MAAMC,SAAS,GAAGA,CAACC,GAAgB,EAAEC,IAAY;EAAA,IAAAC,gBAAA;EAAA,QAAAA,gBAAA,GAC/CF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAAC,YAAAC,gBAAA,GAAIF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAACI,WAAW,CAAC,CAAC,CAAC;AAAA;AAE9D,OAAO,MAAMC,cAA2B,GAAG,MAAAA,CACzCN,GAAgB,EAChBO,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,IAAA,EAAAC,UAAA;EAC9B,MAAMC,WAAW,GAAGZ,SAAS,CAACC,GAAG,EAAE,gBAAgB,CAAC;EAEpD,IAAI,CAACW,WAAW,IAAIA,WAAW,KAAKb,oBAAoB,EAAE;IACxD,OAAO;MACLc,MAAM,EAAE,GAAG;MACXT,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CU,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuB,CAAC;IACpF,CAAC;EACH;EAEA,MAAMC,QAAQ,GAAGlB,SAAS,CAACC,GAAG,EAAE,aAAa,CAAC,IAAIkB,SAAS;EAC3D,MAAMC,MAAM,GAAGpB,SAAS,CAACC,GAAG,EAAE,WAAW,CAAC,IAAIkB,SAAS;EACvD,MAAME,UAAU,GAAGrB,SAAS,CAACC,GAAG,EAAE,eAAe,CAAC,IAAIkB,SAAS;EAC/D,MAAMG,KAAK,GAAGtB,SAAS,CAACC,GAAG,EAAE,UAAU,CAAC,IAAIkB,SAAS;EACrD,MAAMI,KAAK,GAAGvB,SAAS,CAACC,GAAG,EAAE,SAAS,CAAC,IAAIkB,SAAS;EACpD,MAAMjB,IAAI,GAAGF,SAAS,CAACC,GAAG,EAAE,QAAQ,CAAC,IAAIkB,SAAS;EAElD,CAAAR,UAAA,IAAAD,IAAA,GAACF,GAAG,EAASgB,KAAK,YAAAb,UAAA,GAAlBD,IAAA,CAAac,KAAK,GAAK,CAAC,CAAC;EACxBhB,GAAG,CAASgB,KAAK,CAACC,IAAI,GAAG;IACxBH,KAAK;IACLF,MAAM;IACNC,UAAU;IACVH,QAAQ;IACRK,KAAK;IACLrB;EACF,CAAC;EAED,OAAOO,IAAI,CAAC,CAAC;AACf,CAAC","ignoreList":[]}
package/build/esm/middlewares/verify-middleware.js CHANGED
@@ -80,7 +80,7 @@ function getSessionMappingCookieName(appId, origin, requestUrl) {
80
80
  return `__Secure-session-v1.${appId}.mapping`;
81
81
  }
82
82
  export const verifyMw = async (req, ctx, next) => {
83
- var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$sub, _ref4, _p$cfy_bid, _ref5, _p$email, _p$name, _ref6, _p$resource_access$to, _p$resource_access, _p$realm_access;
83
+ var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$cfy_bid, _ref4, _p$email, _p$name;
84
84
  const appId = req.headers.get("app-id");
85
85
  if (!appId || !(APP_MAP != null && (_APP_MAP$appId = APP_MAP[appId]) != null && _APP_MAP$appId.clientId)) {
86
86
  return {
@@ -247,8 +247,9 @@ export const verifyMw = async (req, ctx, next) => {
247
247
  };
248
248
  }
249
249
  const now = Math.floor(Date.now() / 1000);
250
- // Refresh only when expired
251
- if (typeof p.exp === "number" && p.exp <= now) {
250
+ // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)
251
+ const refreshLeewaySeconds = 60;
252
+ if (typeof p.exp === "number" && p.exp <= now + refreshLeewaySeconds) {
252
253
  // Delegate to refresh helper; it will handle setting cookies/state or returning an error
253
254
  return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);
254
255
  }
@@ -277,14 +278,10 @@ export const verifyMw = async (req, ctx, next) => {
277
278
  ctx.state.auth = {
278
279
  appId,
279
280
  userId: (_ref2 = (_tokenMapping$userId$ = (_tokenMapping$userId = tokenMapping.userId) == null || _tokenMapping$userId.toString == null ? void 0 : _tokenMapping$userId.toString()) != null ? _tokenMapping$userId$ : p.sub) != null ? _ref2 : null,
280
- keycloakUserId: (_ref3 = (_p$sub = p.sub) != null ? _p$sub : tokenMapping.keycloakUserId) != null ? _ref3 : null,
281
- businessId: (_ref4 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref4 : null,
281
+ businessId: (_ref3 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref3 : null,
282
282
  tenantId,
283
- email: (_ref5 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref5 : null,
284
- name: (_p$name = p.name) != null ? _p$name : undefined,
285
- roles: (_ref6 = (_p$resource_access$to = (_p$resource_access = p.resource_access) == null || (_p$resource_access = _p$resource_access[tokenClientId]) == null ? void 0 : _p$resource_access.roles) != null ? _p$resource_access$to : (_p$realm_access = p.realm_access) == null ? void 0 : _p$realm_access.roles) != null ? _ref6 : [],
286
- exp: p.exp,
287
- tokenMappingId: mapping
283
+ email: (_ref4 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref4 : null,
284
+ name: (_p$name = p.name) != null ? _p$name : undefined
288
285
  };
289
286
  return next();
290
287
  };
@@ -314,11 +311,10 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
314
311
 
315
312
  // Call auth service to refresh
316
313
  try {
317
- var _req$headers$get3, _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
314
+ var _req$headers$get3, _ref5, _ref5$state, _ref6, _updatedMapping$userI, _updatedMapping$userI2, _ref7, _p2$sub, _ref8, _p2$cfy_bid, _ref9, _p2$email, _p2$name, _ref0, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
318
315
  const requestOrigin = (_req$headers$get3 = req.headers.get("origin")) != null ? _req$headers$get3 : undefined;
319
316
  if (!apiURL) {
320
317
  ctx.error == null || ctx.error("Refresh session URL is not configured");
321
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
322
318
  return {
323
319
  status: 401,
324
320
  headers: {
@@ -345,8 +341,20 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
345
341
  })
346
342
  });
347
343
  if (!resp.ok) {
348
- ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`);
349
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
344
+ let errorText;
345
+ try {
346
+ errorText = await resp.text();
347
+ } catch (_unused4) {
348
+ errorText = undefined;
349
+ }
350
+ const isInvalidGrant = typeof errorText === "string" && errorText.toLowerCase().includes("invalid_grant") || resp.status === 400;
351
+ ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`, {
352
+ status: resp.status,
353
+ invalidGrant: isInvalidGrant
354
+ });
355
+ if (isInvalidGrant) {
356
+ clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
357
+ }
350
358
  return {
351
359
  status: 401,
352
360
  headers: {
@@ -366,7 +374,6 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
366
374
  const newAT = data.access_token;
367
375
  const newRT = data.refresh_token;
368
376
  if (!newAT || !newRT) {
369
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
370
377
  return {
371
378
  status: 401,
372
379
  headers: {
@@ -409,7 +416,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
409
416
  await verifyMappingCache.delete(ctx, mapping);
410
417
 
411
418
  // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
412
- const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : typeof data.expires_in === "number" ? data.expires_in : 60 * 60 * 24; // fallback 24h
419
+ const mappingMaxAge = typeof data.refresh_expires_in === "number" ? data.refresh_expires_in : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)
413
420
 
414
421
  const mappingCookieValue = Buffer.from(mapping).toString("base64");
415
422
  const appConfig = APP_MAP[appId];
@@ -430,7 +437,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
430
437
  let p2;
431
438
  try {
432
439
  p2 = jwtDecode(newAT);
433
- } catch (_unused4) {
440
+ } catch (_unused5) {
434
441
  return {
435
442
  status: 401,
436
443
  headers: {
@@ -463,17 +470,17 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
463
470
  }
464
471
 
465
472
  // Update downstream auth state with refreshed token
466
- (_ref7$state = (_ref7 = ctx).state) != null ? _ref7$state : _ref7.state = {};
473
+ (_ref5$state = (_ref5 = ctx).state) != null ? _ref5$state : _ref5.state = {};
467
474
  const tenantId2 = realmId.toString();
468
475
  ctx.state.auth = {
469
476
  appId: appId,
470
- userId: (_ref8 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref8 : null,
471
- keycloakUserId: (_ref9 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref9 : null,
472
- businessId: (_ref0 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref0 : null,
477
+ userId: (_ref6 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref6 : null,
478
+ keycloakUserId: (_ref7 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref7 : null,
479
+ businessId: (_ref8 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref8 : null,
473
480
  tenantId: tenantId2,
474
- email: (_ref1 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref1 : null,
481
+ email: (_ref9 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref9 : null,
475
482
  name: (_p2$name = p2.name) != null ? _p2$name : undefined,
476
- roles: (_ref10 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref10 : [],
483
+ roles: (_ref0 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref0 : [],
477
484
  exp: p2.exp,
478
485
  tokenMappingId: mapping
479
486
  };
@@ -481,13 +488,11 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
481
488
  // Continue pipeline after refresh
482
489
  return next();
483
490
  } catch (e) {
484
- var _req$headers$get4;
485
491
  ctx.error == null || ctx.error("refresh exception", {
486
492
  message: e == null ? void 0 : e.message,
487
493
  name: e == null ? void 0 : e.name,
488
494
  code: e == null ? void 0 : e.code
489
495
  });
490
- clearSessionMappingCookie(ctx, appId, (_req$headers$get4 = req.headers.get("origin")) != null ? _req$headers$get4 : undefined, req.url);
491
496
  return {
492
497
  status: 401,
493
498
  headers: {
package/build/esm/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","createCache","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","_unused","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","_unused2","clearSessionMappingCookie","ctx","appId","cookieName","getSessionMappingCookieName","isLocal","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","_unused3","sid","now","Math","floor","Date","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","tokenMappingId","_req$headers$get2","info","_req$headers$get3","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","_unused4","audOk2","tenantId2","e","_req$headers$get4","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh only when expired\n if (typeof p.exp === \"number\" && p.exp <= now) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n tokenMappingId: mapping,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : typeof data.expires_in === \"number\"\n ? data.expires_in\n : 60 * 60 * 24; // fallback 24h\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,WAAW,EAAEC,wBAAwB,QAAQ,UAAU;AAEhE,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAGP,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASQ,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,OAAAC,OAAA,EAAM;IACN,OAAOd,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMe,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC3B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,OAAAqB,QAAA,EAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASC,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb/B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;EAChC,MAAMC,UAAU,GAAGC,2BAA2B,CAACF,KAAK,EAAE/B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMiC,OAAO,GAAGP,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC;EAClDZ,WAAW,CAACyC,GAAG,EAAEE,UAAU,EAAE,EAAE,EAAE;IAC/BG,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACF,OAAO;IAChBG,QAAQ,EAAEH,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCI,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAASgC,2BAA2BA,CAACF,KAAa,EAAE/B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAI0B,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc8B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEA,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBV,GAAsB,EACtBW,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAM7B,KAAK,GAAGS,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAAC/B,KAAK,IAAI,EAAC7C,OAAO,aAAAwD,cAAA,GAAPxD,OAAO,CAAG6C,KAAK,CAAC,aAAhBW,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAG7E,OAAO,CAAC6C,KAAK,CAAC,CAACgC,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAGpD,iBAAiB,CAACuB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAA3B,gBAAA,GAAGH,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIzC,SAAS;EAE5D,IAAIqE,OAAsB,GACxBF,OAAO,CAACpC,2BAA2B,CAACF,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBtC,KAAK,UAAU,CAAC,IAC/CsC,OAAO,CAAC,cAActC,KAAK,UAAU,CAAC,IACtCS,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCtB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAMnF,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAACgF,oBAAoB,IAAI,EAAE,EACtCvF,mBAAmB,CAACwF,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMS,mBAAmB,GAAG,IAAIrF,mBAAmB,CAACsC,GAAG,EAAE4C,KAAK,CAAC;EAE/D,IAAII,eAAe,GAAG,MAAMjF,kBAAkB,CAACiE,GAAG,CAAChC,GAAG,EAAEyC,OAAO,CAAC;EAChE,IAAI,CAACO,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACT,OAAO,CAAC;IACtE,IAAIQ,OAAO,EAAE;MACXD,eAAe,GAAGZ,IAAI,CAACC,SAAS,CAACY,OAAO,CAAC;MACzC,MAAMlF,kBAAkB,CAACoF,GAAG,CAACnD,GAAG,EAAEgD,eAAe,EAAEP,OAAO,CAAC;IAC7D;EACF;EACA,MAAMW,YAAY,GAAGJ,eAAe,GAAGZ,IAAI,CAACiB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIgB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMoB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACnB,QAAQ;EAE3C,IAAI,CAAC2B,aAAa,IAAIA,aAAa,KAAK3B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAIuB,CAAM;EACV,IAAI;IACFA,CAAC,GAAGxG,SAAS,CAACiG,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAQ,QAAA,EAAM;IACN,OAAO;MACL5B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAxB,EAAA,GAAC+C,CAAC,aAAD/C,EAAA,CAAGiD,GAAG,GAAE;IACX,OAAO;MACL7B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM0B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,IAAI,OAAOH,CAAC,CAACO,GAAG,KAAK,QAAQ,IAAIP,CAAC,CAACO,GAAG,IAAIJ,GAAG,EAAE;IAC7C;IACA,OAAO,MAAMK,kBAAkB,CAAC3D,GAAG,EAAEV,GAAG,EAAEC,KAAK,EAAEyD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAEf,OAAO,EAAEoB,CAAC,EAAElD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM2D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACX,CAAC,CAACY,GAAG,CAAC,IAAIZ,CAAC,CAACY,GAAG,CAACC,QAAQ,CAACd,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACY,GAAG,KAAK,QAAQ,KAAKZ,CAAC,CAACY,GAAG,KAAKb,aAAa,IAAIC,CAAC,CAACY,GAAG,KAAK,SAAS,CAAE,IAC/EZ,CAAC,CAACc,GAAG,KAAKf,aAAa;EAEzB,IAAI,CAACU,KAAK,EAAE;IACV,OAAO;MACLpC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAtB,UAAA,IAAAD,IAAA,GAACf,GAAG,EAAS4E,KAAK,YAAA5D,UAAA,GAAlBD,IAAA,CAAa6D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGnB,KAAK,CAACoB,QAAQ,CAAC,CAAC;EAEhC9E,GAAG,CAAS4E,KAAK,CAACG,IAAI,GAAG;IACxB9E,KAAK;IACL+E,MAAM,GAAA/D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEiC,YAAY,CAAC4B,MAAM,aAAnB7D,oBAAA,CAAqB2D,QAAQ,oBAA7B3D,oBAAA,CAAqB2D,QAAQ,CAAG,CAAC,YAAA5D,qBAAA,GAAI2C,CAAC,CAACoB,GAAG,YAAAhE,KAAA,GAAI,IAAI;IAC1DiE,cAAc,GAAA9D,KAAA,IAAAC,MAAA,GAAEwC,CAAC,CAACoB,GAAG,YAAA5D,MAAA,GAAI+B,YAAY,CAAC8B,cAAc,YAAA9D,KAAA,GAAI,IAAI;IAC5D+D,UAAU,GAAA7D,KAAA,IAAAC,UAAA,GAAEsC,CAAC,CAACuB,OAAO,YAAA7D,UAAA,GAAIsD,QAAQ,YAAAvD,KAAA,GAAI,IAAI;IACzCuD,QAAQ;IACRQ,KAAK,GAAA7D,KAAA,IAAAC,QAAA,GAAEoC,CAAC,CAACwB,KAAK,YAAA5D,QAAA,GAAIoC,CAAC,CAACyB,kBAAkB,YAAA9D,KAAA,GAAI,IAAI;IAC9C+D,IAAI,GAAA7D,OAAA,GAAEmC,CAAC,CAAC0B,IAAI,YAAA7D,OAAA,GAAItD,SAAS;IACzBoH,KAAK,GAAA7D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEgC,CAAC,CAAC4B,eAAe,cAAA5D,kBAAA,GAAjBA,kBAAA,CAAoB+B,aAAa,CAAC,qBAAlC/B,kBAAA,CAAoC2D,KAAK,YAAA5D,qBAAA,IAAAE,eAAA,GAAI+B,CAAC,CAAC6B,YAAY,qBAAd5D,eAAA,CAAgB0D,KAAK,YAAA7D,KAAA,GAAI,EAAE;IAC/EyC,GAAG,EAAEP,CAAC,CAACO,GAAG;IACVuB,cAAc,EAAElD;EAClB,CAAC;EAED,OAAO9B,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAe0D,kBAAkBA,CAC/B3D,GAAgB,EAChBV,GAAsB,EACtBC,KAAa,EACb0D,OAAe,EACf1B,QAAgB,EAChBuB,EAAsB,EACtBf,OAAe,EACfoB,CAAM,EACNlD,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC6C,EAAE,EAAE;IAAA,IAAAoC,iBAAA;IACP7F,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAA2F,iBAAA,GAAElF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA4D,iBAAA,GAAIxH,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAtC,GAAG,CAAC6F,IAAI,CAAC,0BAA0B,EAAE;IACnClC,OAAO;IACP1B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAA6D,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMtE,aAAa,IAAAsD,iBAAA,GAAGpF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA8D,iBAAA,GAAI1H,SAAS;IAC5D,IAAI,CAACT,MAAM,EAAE;MACXqC,GAAG,CAAC+G,KAAK,YAAT/G,GAAG,CAAC+G,KAAK,CAAG,uCAAuC,CAAC;MACpDhH,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM0E,IAAI,GAAG,MAAMC,KAAK,CAACtJ,MAAM,EAAE;MAC/BuJ,MAAM,EAAE,MAAM;MACdnF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBsB,OAAO;QACP1B,QAAQ,EAAEA,QAAQ;QAClBkF,aAAa,EAAE3D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACwD,IAAI,CAACI,EAAE,EAAE;MACZpH,GAAG,CAACqH,IAAI,YAARrH,GAAG,CAACqH,IAAI,CAAG,mCAAmCL,IAAI,CAAC9E,MAAM,EAAE,CAAC;MAC5DnC,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMgF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB5H,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;MAC7D,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAMnF,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAACgF,oBAAoB,IAAI,EAAE,EACtCvF,mBAAmB,CAACwF,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMS,mBAAmB,GAAG,IAAIrF,mBAAmB,CAACsC,GAAG,EAAE4C,KAAK,CAAC;IAE/D,MAAMgF,cAAc,GAAG,MAAM7E,mBAAmB,CAAC8E,kBAAkB,CAACpF,OAAO,EAAE;MAC3Ec,WAAW,EAAEkE,KAAK;MAClBhE,YAAY,EAAEkE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI5D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGwD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG3J;IACnG,CAAC,CAAC;;IAEF;IACA,MAAML,kBAAkB,CAACiK,MAAM,CAAChI,GAAG,EAAEyC,OAAO,CAAC;;IAE7C;IACA,MAAMwF,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,OAAOV,IAAI,CAACO,UAAU,KAAK,QAAQ,GACjCP,IAAI,CAACO,UAAU,GACf,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEtB,MAAMI,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAC5F,OAAO,CAAC,CAACqC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAM7G,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;;IAEhC;IACA,MAAMqI,YAAY,GAAGtK,gBAAgB,CAACC,SAAS,EAAEuE,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IACxE,MAAM6F,YAAY,GAAG1I,cAAc,CAAC2C,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IAE3DnF,WAAW,CAACyC,GAAG,EAAEG,2BAA2B,CAACF,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,EAAEyF,kBAAkB,EAAE;MAC/F;MACA9H,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACiI,YAAY;MACrBhI,QAAQ,EAAEgI,YAAY,GAAG,KAAK,GAAG,MAAM;MACvC/H,MAAM,EAAEyH,aAAa;MACrBrJ,MAAM,EAAE0J;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAGnL,SAAS,CAACoK,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAgB,QAAA,EAAM;MACnC,OAAO;QACLvG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMoG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACgE,EAAE,CAAC/D,GAAG,CAAC,IAAI+D,EAAE,CAAC/D,GAAG,CAACC,QAAQ,CAACzC,QAAQ,CAAC,IAClD,OAAOuG,EAAE,CAAC/D,GAAG,KAAK,QAAQ,KAAK+D,EAAE,CAAC/D,GAAG,KAAKxC,QAAQ,IAAIuG,EAAE,CAAC/D,GAAG,KAAK,SAAS,CAAE,IAC7E+D,EAAE,CAAC7D,GAAG,KAAK1C,QAAQ;IACrB,IAAI,CAACyG,MAAM,EAAE;MACX,OAAO;QACLxG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA0D,WAAA,IAAAD,KAAA,GAAC/F,GAAG,EAAS4E,KAAK,YAAAoB,WAAA,GAAlBD,KAAA,CAAanB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGhF,OAAO,CAACmB,QAAQ,CAAC,CAAC;IACnC9E,GAAG,CAAS4E,KAAK,CAACG,IAAI,GAAG;MACxB9E,KAAK,EAAEA,KAAe;MACtB+E,MAAM,GAAAiB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE5C,MAAM,aAAtBmB,sBAAA,CAAwBrB,QAAQ,oBAAhCqB,sBAAA,CAAwBrB,QAAQ,CAAG,CAAC,YAAAoB,qBAAA,GAAIsC,EAAE,CAACvD,GAAG,YAAAgB,KAAA,GAAI,IAAI;MAC9Df,cAAc,GAAAkB,KAAA,IAAAC,OAAA,GAAEmC,EAAE,CAACvD,GAAG,YAAAoB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAE1C,cAAc,YAAAkB,KAAA,GAAI,IAAI;MAChEjB,UAAU,GAAAmB,KAAA,IAAAC,WAAA,GAAEiC,EAAE,CAACpD,OAAO,YAAAmB,WAAA,GAAIoC,SAAS,YAAArC,KAAA,GAAI,IAAI;MAC3CzB,QAAQ,EAAE8D,SAAS;MACnBtD,KAAK,GAAAmB,KAAA,IAAAC,SAAA,GAAE+B,EAAE,CAACnD,KAAK,YAAAoB,SAAA,GAAI+B,EAAE,CAAClD,kBAAkB,YAAAkB,KAAA,GAAI,IAAI;MAChDjB,IAAI,GAAAmB,QAAA,GAAE8B,EAAE,CAACjD,IAAI,YAAAmB,QAAA,GAAItI,SAAS;MAC1BoH,KAAK,GAAAmB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE2B,EAAE,CAAC/C,eAAe,cAAAoB,mBAAA,GAAlBA,mBAAA,CAAqB5E,QAAQ,CAAC,qBAA9B4E,mBAAA,CAAgCrB,KAAK,YAAAoB,qBAAA,IAAAE,gBAAA,GAAI0B,EAAE,CAAC9C,YAAY,qBAAfoB,gBAAA,CAAiBtB,KAAK,YAAAmB,MAAA,GAAI,EAAE;MAC5EvC,GAAG,EAAEoE,EAAE,CAACpE,GAAG;MACXuB,cAAc,EAAElD;IAClB,CAAC;;IAED;IACA,OAAO9B,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOiI,CAAM,EAAE;IAAA,IAAAC,iBAAA;IACf7I,GAAG,CAAC+G,KAAK,YAAT/G,GAAG,CAAC+G,KAAK,CAAG,mBAAmB,EAAE;MAC/B+B,OAAO,EAAEF,CAAC,oBAADA,CAAC,CAAEE,OAAO;MACnBvD,IAAI,EAAEqD,CAAC,oBAADA,CAAC,CAAErD,IAAI;MACbwD,IAAI,EAAEH,CAAC,oBAADA,CAAC,CAAEG;IACX,CAAC,CAAC;IACFhJ,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAA4I,iBAAA,GAAEnI,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA6G,iBAAA,GAAIzK,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAACqG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOZ,MAAM,CAACC,IAAI,CAACW,KAAK,EAAE,QAAQ,CAAC,CAAClE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOiC,KAAU,EAAE;IACnBkC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGnC,KAAK,CAAC+B,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","createCache","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","_unused","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","_unused2","clearSessionMappingCookie","ctx","appId","cookieName","getSessionMappingCookieName","isLocal","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$cfy_bid","_ref4","_p$email","_p$name","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","_unused3","sid","now","Math","floor","Date","refreshLeewaySeconds","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","_req$headers$get2","info","_req$headers$get3","_ref5","_ref5$state","_ref6","_updatedMapping$userI","_updatedMapping$userI2","_ref7","_p2$sub","_ref8","_p2$cfy_bid","_ref9","_p2$email","_p2$name","_ref0","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","errorText","text","_unused4","isInvalidGrant","toLowerCase","warn","invalidGrant","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","_unused5","audOk2","tenantId2","keycloakUserId","roles","resource_access","realm_access","tokenMappingId","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)\n const refreshLeewaySeconds = 60;\n if (typeof p.exp === \"number\" && p.exp <= (now + refreshLeewaySeconds)) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n let errorText: string | undefined;\n try {\n errorText = await resp.text();\n } catch {\n errorText = undefined;\n }\n\n const isInvalidGrant =\n (typeof errorText === \"string\" && errorText.toLowerCase().includes(\"invalid_grant\")) ||\n resp.status === 400;\n\n ctx.warn?.(`refresh call failed with status ${resp.status}`, {\n status: resp.status,\n invalidGrant: isInvalidGrant,\n });\n\n if (isInvalidGrant) {\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n }\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,WAAW,EAAEC,wBAAwB,QAAQ,UAAU;AAEhE,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAGP,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASQ,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,OAAAC,OAAA,EAAM;IACN,OAAOd,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMe,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC3B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,OAAAqB,QAAA,EAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASC,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb/B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;EAChC,MAAMC,UAAU,GAAGC,2BAA2B,CAACF,KAAK,EAAE/B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMiC,OAAO,GAAGP,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC;EAClDZ,WAAW,CAACyC,GAAG,EAAEE,UAAU,EAAE,EAAE,EAAE;IAC/BG,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACF,OAAO;IAChBG,QAAQ,EAAEH,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCI,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAASgC,2BAA2BA,CAACF,KAAa,EAAE/B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAI0B,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc8B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEA,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBV,GAAsB,EACtBW,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA;EAC9B,MAAMvB,KAAK,GAAGS,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACzB,KAAK,IAAI,EAAC7C,OAAO,aAAAwD,cAAA,GAAPxD,OAAO,CAAG6C,KAAK,CAAC,aAAhBW,cAAA,CAAkBe,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAGvE,OAAO,CAAC6C,KAAK,CAAC,CAAC0B,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAG9C,iBAAiB,CAACuB,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAArB,gBAAA,GAAGH,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAb,gBAAA,GAAIzC,SAAS;EAE5D,IAAI+D,OAAsB,GACxBF,OAAO,CAAC9B,2BAA2B,CAACF,KAAK,EAAEiC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBhC,KAAK,UAAU,CAAC,IAC/CgC,OAAO,CAAC,cAAchC,KAAK,UAAU,CAAC,IACtCS,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpChB,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM7E,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAAC0E,oBAAoB,IAAI,EAAE,EACtCjF,mBAAmB,CAACkF,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMS,mBAAmB,GAAG,IAAI/E,mBAAmB,CAACsC,GAAG,EAAEsC,KAAK,CAAC;EAE/D,IAAII,eAAe,GAAG,MAAM3E,kBAAkB,CAAC2D,GAAG,CAAC1B,GAAG,EAAEmC,OAAO,CAAC;EAChE,IAAI,CAACO,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACT,OAAO,CAAC;IACtE,IAAIQ,OAAO,EAAE;MACXD,eAAe,GAAGZ,IAAI,CAACC,SAAS,CAACY,OAAO,CAAC;MACzC,MAAM5E,kBAAkB,CAAC8E,GAAG,CAAC7C,GAAG,EAAE0C,eAAe,EAAEP,OAAO,CAAC;IAC7D;EACF;EACA,MAAMW,YAAY,GAAGJ,eAAe,GAAGZ,IAAI,CAACiB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIgB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMoB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACnB,QAAQ;EAE3C,IAAI,CAAC2B,aAAa,IAAIA,aAAa,KAAK3B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAIuB,CAAM;EACV,IAAI;IACFA,CAAC,GAAGlG,SAAS,CAAC2F,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAQ,QAAA,EAAM;IACN,OAAO;MACL5B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAlB,EAAA,GAACyC,CAAC,aAADzC,EAAA,CAAG2C,GAAG,GAAE;IACX,OAAO;MACL7B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM0B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,MAAMI,oBAAoB,GAAG,EAAE;EAC/B,IAAI,OAAOP,CAAC,CAACQ,GAAG,KAAK,QAAQ,IAAIR,CAAC,CAACQ,GAAG,IAAKL,GAAG,GAAGI,oBAAqB,EAAE;IACtE;IACA,OAAO,MAAME,kBAAkB,CAACtD,GAAG,EAAEV,GAAG,EAAEC,KAAK,EAAEmD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAEf,OAAO,EAAEoB,CAAC,EAAE5C,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAMsD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACZ,CAAC,CAACa,GAAG,CAAC,IAAIb,CAAC,CAACa,GAAG,CAACC,QAAQ,CAACf,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACa,GAAG,KAAK,QAAQ,KAAKb,CAAC,CAACa,GAAG,KAAKd,aAAa,IAAIC,CAAC,CAACa,GAAG,KAAK,SAAS,CAAE,IAC/Eb,CAAC,CAACe,GAAG,KAAKhB,aAAa;EAEzB,IAAI,CAACW,KAAK,EAAE;IACV,OAAO;MACLrC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAhB,UAAA,IAAAD,IAAA,GAACf,GAAG,EAASuE,KAAK,YAAAvD,UAAA,GAAlBD,IAAA,CAAawD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGpB,KAAK,CAACqB,QAAQ,CAAC,CAAC;EAEhCzE,GAAG,CAASuE,KAAK,CAACG,IAAI,GAAG;IACxBzE,KAAK;IACL0E,MAAM,GAAA1D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAE2B,YAAY,CAAC6B,MAAM,aAAnBxD,oBAAA,CAAqBsD,QAAQ,oBAA7BtD,oBAAA,CAAqBsD,QAAQ,CAAG,CAAC,YAAAvD,qBAAA,GAAIqC,CAAC,CAACqB,GAAG,YAAA3D,KAAA,GAAI,IAAI;IAC1D4D,UAAU,GAAAzD,KAAA,IAAAC,UAAA,GAAEkC,CAAC,CAACuB,OAAO,YAAAzD,UAAA,GAAImD,QAAQ,YAAApD,KAAA,GAAI,IAAI;IACzCoD,QAAQ;IACRO,KAAK,GAAAzD,KAAA,IAAAC,QAAA,GAAEgC,CAAC,CAACwB,KAAK,YAAAxD,QAAA,GAAIgC,CAAC,CAACyB,kBAAkB,YAAA1D,KAAA,GAAI,IAAI;IAC9C2D,IAAI,GAAAzD,OAAA,GAAE+B,CAAC,CAAC0B,IAAI,YAAAzD,OAAA,GAAIpD;EAClB,CAAC;EAED,OAAOuC,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAeqD,kBAAkBA,CAC/BtD,GAAgB,EAChBV,GAAsB,EACtBC,KAAa,EACboD,OAAe,EACf1B,QAAgB,EAChBuB,EAAsB,EACtBf,OAAe,EACfoB,CAAM,EACN5C,IAAqC,EACV;EAC3B;EACA,IAAI,CAACuC,EAAE,EAAE;IAAA,IAAAgC,iBAAA;IACPnF,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAiF,iBAAA,GAAExE,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAwD,iBAAA,GAAI9G,SAAS,EAAEsC,GAAG,CAAC0B,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAhC,GAAG,CAACmF,IAAI,CAAC,0BAA0B,EAAE;IACnC9B,OAAO;IACP1B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAyD,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMlE,aAAa,IAAAkD,iBAAA,GAAG1E,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA0D,iBAAA,GAAIhH,SAAS;IAC5D,IAAI,CAACT,MAAM,EAAE;MACXqC,GAAG,CAACqG,KAAK,YAATrG,GAAG,CAACqG,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACLzE,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAMsE,IAAI,GAAG,MAAMC,KAAK,CAAC5I,MAAM,EAAE;MAC/B6I,MAAM,EAAE,MAAM;MACd/E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBsB,OAAO;QACP1B,QAAQ,EAAEA,QAAQ;QAClB8E,aAAa,EAAEvD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACoD,IAAI,CAACI,EAAE,EAAE;MACZ,IAAIC,SAA6B;MACjC,IAAI;QACFA,SAAS,GAAG,MAAML,IAAI,CAACM,IAAI,CAAC,CAAC;MAC/B,CAAC,CAAC,OAAAC,QAAA,EAAM;QACNF,SAAS,GAAGvI,SAAS;MACvB;MAEA,MAAM0I,cAAc,GACjB,OAAOH,SAAS,KAAK,QAAQ,IAAIA,SAAS,CAACI,WAAW,CAAC,CAAC,CAAC1C,QAAQ,CAAC,eAAe,CAAC,IACnFiC,IAAI,CAAC1E,MAAM,KAAK,GAAG;MAErB5B,GAAG,CAACgH,IAAI,YAARhH,GAAG,CAACgH,IAAI,CAAG,mCAAmCV,IAAI,CAAC1E,MAAM,EAAE,EAAE;QAC3DA,MAAM,EAAE0E,IAAI,CAAC1E,MAAM;QACnBqF,YAAY,EAAEH;MAChB,CAAC,CAAC;MAEF,IAAIA,cAAc,EAAE;QAClB/G,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEiC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;MAC/D;MACA,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMkF,OAAO,GAAG,MAAMZ,IAAI,CAACa,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACX,aAAmC;IAEtD,IAAI,CAACY,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL3F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM7E,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAAC0E,oBAAoB,IAAI,EAAE,EACtCjF,mBAAmB,CAACkF,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMS,mBAAmB,GAAG,IAAI/E,mBAAmB,CAACsC,GAAG,EAAEsC,KAAK,CAAC;IAE/D,MAAMkF,cAAc,GAAG,MAAM/E,mBAAmB,CAACgF,kBAAkB,CAACtF,OAAO,EAAE;MAC3Ec,WAAW,EAAEoE,KAAK;MAClBlE,YAAY,EAAEoE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI9D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG0D,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGvJ;IACnG,CAAC,CAAC;;IAEF;IACA,MAAML,kBAAkB,CAAC6J,MAAM,CAAC5H,GAAG,EAAEmC,OAAO,CAAC;;IAE7C;IACA,MAAM0F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEzB,MAAMC,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAC9F,OAAO,CAAC,CAACsC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMxG,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;;IAEhC;IACA,MAAMiI,YAAY,GAAGlK,gBAAgB,CAACC,SAAS,EAAEiE,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;IACxE,MAAM+F,YAAY,GAAGtI,cAAc,CAACqC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;IAE3D7E,WAAW,CAACyC,GAAG,EAAEG,2BAA2B,CAACF,KAAK,EAAEiC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC,EAAE2F,kBAAkB,EAAE;MAC/F;MACA1H,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAAC6H,YAAY;MACrB5H,QAAQ,EAAE4H,YAAY,GAAG,KAAK,GAAG,MAAM;MACvC3H,MAAM,EAAEqH,aAAa;MACrBjJ,MAAM,EAAEsJ;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG/K,SAAS,CAACgK,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAgB,QAAA,EAAM;MACnC,OAAO;QACLzG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMsG,MAAM,GACTpE,KAAK,CAACC,OAAO,CAACiE,EAAE,CAAChE,GAAG,CAAC,IAAIgE,EAAE,CAAChE,GAAG,CAACC,QAAQ,CAAC1C,QAAQ,CAAC,IAClD,OAAOyG,EAAE,CAAChE,GAAG,KAAK,QAAQ,KAAKgE,EAAE,CAAChE,GAAG,KAAKzC,QAAQ,IAAIyG,EAAE,CAAChE,GAAG,KAAK,SAAS,CAAE,IAC7EgE,EAAE,CAAC9D,GAAG,KAAK3C,QAAQ;IACrB,IAAI,CAAC2G,MAAM,EAAE;MACX,OAAO;QACL1G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAsD,WAAA,IAAAD,KAAA,GAACrF,GAAG,EAASuE,KAAK,YAAAe,WAAA,GAAlBD,KAAA,CAAad,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMgE,SAAS,GAAGlF,OAAO,CAACoB,QAAQ,CAAC,CAAC;IACnCzE,GAAG,CAASuE,KAAK,CAACG,IAAI,GAAG;MACxBzE,KAAK,EAAEA,KAAe;MACtB0E,MAAM,GAAAY,KAAA,IAAAC,qBAAA,GAAEgC,cAAc,aAAA/B,sBAAA,GAAd+B,cAAc,CAAE7C,MAAM,aAAtBc,sBAAA,CAAwBhB,QAAQ,oBAAhCgB,sBAAA,CAAwBhB,QAAQ,CAAG,CAAC,YAAAe,qBAAA,GAAI4C,EAAE,CAACxD,GAAG,YAAAW,KAAA,GAAI,IAAI;MAC9DiD,cAAc,GAAA9C,KAAA,IAAAC,OAAA,GAAEyC,EAAE,CAACxD,GAAG,YAAAe,OAAA,GAAI6B,cAAc,oBAAdA,cAAc,CAAEgB,cAAc,YAAA9C,KAAA,GAAI,IAAI;MAChEb,UAAU,GAAAe,KAAA,IAAAC,WAAA,GAAEuC,EAAE,CAACtD,OAAO,YAAAe,WAAA,GAAI0C,SAAS,YAAA3C,KAAA,GAAI,IAAI;MAC3CpB,QAAQ,EAAE+D,SAAS;MACnBxD,KAAK,GAAAe,KAAA,IAAAC,SAAA,GAAEqC,EAAE,CAACrD,KAAK,YAAAgB,SAAA,GAAIqC,EAAE,CAACpD,kBAAkB,YAAAc,KAAA,GAAI,IAAI;MAChDb,IAAI,GAAAe,QAAA,GAAEoC,EAAE,CAACnD,IAAI,YAAAe,QAAA,GAAI5H,SAAS;MAC1BqK,KAAK,GAAAxC,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEiC,EAAE,CAACM,eAAe,cAAAvC,mBAAA,GAAlBA,mBAAA,CAAqBxE,QAAQ,CAAC,qBAA9BwE,mBAAA,CAAgCsC,KAAK,YAAAvC,qBAAA,IAAAE,gBAAA,GAAIgC,EAAE,CAACO,YAAY,qBAAfvC,gBAAA,CAAiBqC,KAAK,YAAAxC,KAAA,GAAI,EAAE;MAC5ElC,GAAG,EAAEqE,EAAE,CAACrE,GAAG;MACX6E,cAAc,EAAEzG;IAClB,CAAC;;IAED;IACA,OAAOxB,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOkI,CAAM,EAAE;IACf7I,GAAG,CAACqG,KAAK,YAATrG,GAAG,CAACqG,KAAK,CAAG,mBAAmB,EAAE;MAC/ByC,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnB7D,IAAI,EAAE4D,CAAC,oBAADA,CAAC,CAAE5D,IAAI;MACb8D,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACLnH,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAAC2G,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOhB,MAAM,CAACC,IAAI,CAACe,KAAK,EAAE,QAAQ,CAAC,CAACvE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAO4B,KAAU,EAAE;IACnB4C,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAG7C,KAAK,CAACyC,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
package/build/esm/types/index.js CHANGED
@@ -1,3 +1,4 @@
1
1
  export * from './create-enterprise-business';
2
2
  export * from './events';
3
+ export * from './app';
3
4
  //# sourceMappingURL=index.js.map
package/build/esm/types/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../../src/types/index.ts"],"sourcesContent":["export * from './create-enterprise-business'\nexport * from './events'"],"mappings":"AAAA,cAAc,8BAA8B;AAC5C,cAAc,UAAU","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../../src/types/index.ts"],"sourcesContent":["export * from './create-enterprise-business'\nexport * from './events'\nexport * from './app'"],"mappings":"AAAA,cAAc,8BAA8B;AAC5C,cAAc,UAAU;AACxB,cAAc,OAAO","ignoreList":[]}
package/build/src/middlewares/index.d.ts CHANGED
@@ -1,3 +1,4 @@
1
1
  export * from './token-validation';
2
+ export * from './internal-auth-middleware';
2
3
  export * from './verify-middleware';
3
4
  export * from './verify-express';
package/build/src/middlewares/index.js CHANGED
@@ -2,6 +2,7 @@
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  const tslib_1 = require("tslib");
4
4
  tslib_1.__exportStar(require("./token-validation"), exports);
5
+ tslib_1.__exportStar(require("./internal-auth-middleware"), exports);
5
6
  tslib_1.__exportStar(require("./verify-middleware"), exports);
6
7
  tslib_1.__exportStar(require("./verify-express"), exports);
7
8
  //# sourceMappingURL=index.js.map
package/build/src/middlewares/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/middlewares/index.ts"],"names":[],"mappings":";;;AAAA,6DAAmC;AACnC,8DAAoC;AACpC,2DAAiC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/middlewares/index.ts"],"names":[],"mappings":";;;AAAA,6DAAmC;AACnC,qEAA2C;AAC3C,8DAAoC;AACpC,2DAAiC"}
package/build/src/middlewares/internal-auth-middleware.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import { IMiddleware } from "../types/middleware";
2
+ export declare const internalAuthMw: IMiddleware;
package/build/src/middlewares/internal-auth-middleware.js ADDED
@@ -0,0 +1,36 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.internalAuthMw = void 0;
4
+ const tslib_1 = require("tslib");
5
+ const INTERNAL_SERVICE_KEY = "12345";
6
+ const getHeader = (req, name) => { var _a; return (_a = req.headers.get(name)) !== null && _a !== void 0 ? _a : req.headers.get(name.toLowerCase()); };
7
+ const internalAuthMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
8
+ var _a;
9
+ var _b;
10
+ const internalKey = getHeader(req, "x-internal-key");
11
+ if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {
12
+ return {
13
+ status: 401,
14
+ headers: { "Content-Type": "application/json" },
15
+ body: JSON.stringify({ status: "unauthenticated", reason: "invalid_internal_key" }),
16
+ };
17
+ }
18
+ const tenantId = getHeader(req, "x-tenant-id") || undefined;
19
+ const userId = getHeader(req, "x-user-id") || undefined;
20
+ const businessId = getHeader(req, "x-business-id") || undefined;
21
+ const appId = getHeader(req, "x-app-id") || undefined;
22
+ const email = getHeader(req, "x-email") || undefined;
23
+ const name = getHeader(req, "x-name") || undefined;
24
+ (_a = (_b = ctx).state) !== null && _a !== void 0 ? _a : (_b.state = {});
25
+ ctx.state.auth = {
26
+ appId,
27
+ userId,
28
+ businessId,
29
+ tenantId,
30
+ email,
31
+ name,
32
+ };
33
+ return next();
34
+ });
35
+ exports.internalAuthMw = internalAuthMw;
36
+ //# sourceMappingURL=internal-auth-middleware.js.map
package/build/src/middlewares/internal-auth-middleware.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"internal-auth-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/internal-auth-middleware.ts"],"names":[],"mappings":";;;;AAGA,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAErC,MAAM,SAAS,GAAG,CAAC,GAAgB,EAAE,IAAY,EAAiB,EAAE,WAClE,OAAA,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,mCAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA,EAAA,CAAC;AAExD,MAAM,cAAc,GAAgB,CACzC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAErD,IAAI,CAAC,WAAW,IAAI,WAAW,KAAK,oBAAoB,EAAE,CAAC;QACzD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;SACpF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,EAAE,aAAa,CAAC,IAAI,SAAS,CAAC;IAC5D,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,SAAS,CAAC;IACxD,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,EAAE,eAAe,CAAC,IAAI,SAAS,CAAC;IAChE,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,SAAS,CAAC;IACtD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,SAAS,CAAC;IACrD,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,SAAS,CAAC;IAEnD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IACzB,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM;QACN,UAAU;QACV,QAAQ;QACR,KAAK;QACL,IAAI;KACL,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AAjCW,QAAA,cAAc,kBAiCzB"}
package/build/src/middlewares/verify-middleware.js CHANGED
@@ -91,8 +91,8 @@ function getSessionMappingCookieName(appId, origin, requestUrl) {
91
91
  return `__Secure-session-v1.${appId}.mapping`;
92
92
  }
93
93
  const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
94
- var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u;
95
- var _v;
94
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
95
+ var _o;
96
96
  const appId = req.headers.get("app-id");
97
97
  if (!appId || !((_a = constants_1.APP_MAP === null || constants_1.APP_MAP === void 0 ? void 0 : constants_1.APP_MAP[appId]) === null || _a === void 0 ? void 0 : _a.clientId)) {
98
98
  return {
@@ -174,7 +174,7 @@ const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, f
174
174
  try {
175
175
  p = (0, jwt_decode_1.jwtDecode)(at);
176
176
  }
177
- catch (_w) {
177
+ catch (_p) {
178
178
  return {
179
179
  status: 401,
180
180
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -189,8 +189,9 @@ const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, f
189
189
  };
190
190
  }
191
191
  const now = Math.floor(Date.now() / 1000);
192
- // Refresh only when expired
193
- if (typeof p.exp === "number" && p.exp <= now) {
192
+ // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)
193
+ const refreshLeewaySeconds = 60;
194
+ if (typeof p.exp === "number" && p.exp <= (now + refreshLeewaySeconds)) {
194
195
  // Delegate to refresh helper; it will handle setting cookies/state or returning an error
195
196
  return yield getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);
196
197
  }
@@ -206,27 +207,23 @@ const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, f
206
207
  };
207
208
  }
208
209
  // pass data downstream
209
- (_c = (_v = ctx).state) !== null && _c !== void 0 ? _c : (_v.state = {});
210
+ (_c = (_o = ctx).state) !== null && _c !== void 0 ? _c : (_o.state = {});
210
211
  const tenantId = realm.toString();
211
212
  ctx.state.auth = {
212
213
  appId,
213
214
  userId: (_g = (_f = (_e = (_d = tokenMapping.userId) === null || _d === void 0 ? void 0 : _d.toString) === null || _e === void 0 ? void 0 : _e.call(_d)) !== null && _f !== void 0 ? _f : p.sub) !== null && _g !== void 0 ? _g : null,
214
- keycloakUserId: (_j = (_h = p.sub) !== null && _h !== void 0 ? _h : tokenMapping.keycloakUserId) !== null && _j !== void 0 ? _j : null,
215
- businessId: (_l = (_k = p.cfy_bid) !== null && _k !== void 0 ? _k : tenantId) !== null && _l !== void 0 ? _l : null,
215
+ businessId: (_j = (_h = p.cfy_bid) !== null && _h !== void 0 ? _h : tenantId) !== null && _j !== void 0 ? _j : null,
216
216
  tenantId,
217
- email: (_o = (_m = p.email) !== null && _m !== void 0 ? _m : p.preferred_username) !== null && _o !== void 0 ? _o : null,
218
- name: (_p = p.name) !== null && _p !== void 0 ? _p : undefined,
219
- roles: (_u = (_s = (_r = (_q = p.resource_access) === null || _q === void 0 ? void 0 : _q[tokenClientId]) === null || _r === void 0 ? void 0 : _r.roles) !== null && _s !== void 0 ? _s : (_t = p.realm_access) === null || _t === void 0 ? void 0 : _t.roles) !== null && _u !== void 0 ? _u : [],
220
- exp: p.exp,
221
- tokenMappingId: mapping,
217
+ email: (_l = (_k = p.email) !== null && _k !== void 0 ? _k : p.preferred_username) !== null && _l !== void 0 ? _l : null,
218
+ name: (_m = p.name) !== null && _m !== void 0 ? _m : undefined,
222
219
  };
223
220
  return next();
224
221
  });
225
222
  exports.verifyMw = verifyMw;
226
223
  function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p, next) {
227
224
  return tslib_1.__awaiter(this, void 0, void 0, function* () {
228
- var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u, _v, _w, _x, _y;
229
- var _z;
225
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u, _v, _w, _x;
226
+ var _y;
230
227
  // Attempt server-side refresh using RT
231
228
  if (!rt) {
232
229
  clearSessionMappingCookie(ctx, appId, (_a = req.headers.get("origin")) !== null && _a !== void 0 ? _a : undefined, req.url);
@@ -245,7 +242,6 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
245
242
  const requestOrigin = (_b = req.headers.get("origin")) !== null && _b !== void 0 ? _b : undefined;
246
243
  if (!apiURL) {
247
244
  (_c = ctx.error) === null || _c === void 0 ? void 0 : _c.call(ctx, "Refresh session URL is not configured");
248
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
249
245
  return {
250
246
  status: 401,
251
247
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -262,8 +258,22 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
262
258
  })
263
259
  });
264
260
  if (!resp.ok) {
265
- (_d = ctx.warn) === null || _d === void 0 ? void 0 : _d.call(ctx, `refresh call failed with status ${resp.status}`);
266
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
261
+ let errorText;
262
+ try {
263
+ errorText = yield resp.text();
264
+ }
265
+ catch (_z) {
266
+ errorText = undefined;
267
+ }
268
+ const isInvalidGrant = (typeof errorText === "string" && errorText.toLowerCase().includes("invalid_grant")) ||
269
+ resp.status === 400;
270
+ (_d = ctx.warn) === null || _d === void 0 ? void 0 : _d.call(ctx, `refresh call failed with status ${resp.status}`, {
271
+ status: resp.status,
272
+ invalidGrant: isInvalidGrant,
273
+ });
274
+ if (isInvalidGrant) {
275
+ clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
276
+ }
267
277
  return {
268
278
  status: 401,
269
279
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -275,7 +285,6 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
275
285
  const newAT = data.access_token;
276
286
  const newRT = data.refresh_token;
277
287
  if (!newAT || !newRT) {
278
- clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
279
288
  return {
280
289
  status: 401,
281
290
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -302,9 +311,7 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
302
311
  // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)
303
312
  const mappingMaxAge = typeof data.refresh_expires_in === "number"
304
313
  ? data.refresh_expires_in
305
- : typeof data.expires_in === "number"
306
- ? data.expires_in
307
- : 60 * 60 * 24; // fallback 24h
314
+ : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)
308
315
  const mappingCookieValue = Buffer.from(mapping).toString("base64");
309
316
  const appConfig = constants_1.APP_MAP[appId];
310
317
  // 5
@@ -341,7 +348,7 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
341
348
  };
342
349
  }
343
350
  // Update downstream auth state with refreshed token
344
- (_e = (_z = ctx).state) !== null && _e !== void 0 ? _e : (_z.state = {});
351
+ (_e = (_y = ctx).state) !== null && _e !== void 0 ? _e : (_y.state = {});
345
352
  const tenantId2 = realmId.toString();
346
353
  ctx.state.auth = {
347
354
  appId: appId,
@@ -364,7 +371,6 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
364
371
  name: e === null || e === void 0 ? void 0 : e.name,
365
372
  code: e === null || e === void 0 ? void 0 : e.code,
366
373
  });
367
- clearSessionMappingCookie(ctx, appId, (_y = req.headers.get("origin")) !== null && _y !== void 0 ? _y : undefined, req.url);
368
374
  return {
369
375
  status: 401,
370
376
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
package/build/src/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAiE;AAEjE,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;AACrD,MAAM,kBAAkB,GAAG,IAAA,mBAAW,EAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAExD,SAAS,gBAAgB,CAAC,SAA+C,EAAE,MAAe,EAAE,UAAmB;;IAC7G,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,OAAO,MAAA,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,mCAAI,SAAS,CAAC;QACpD,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEF,SAAS,cAAc,CAAC,MAAe,EAAE,UAAmB;IAC1D,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC9D,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAChC,GAAsB,EACtB,KAAa,EACb,MAAe,EACf,UAAmB;IAEnB,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,UAAU,GAAG,2BAA2B,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC1E,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACnD,IAAA,qBAAW,EAAC,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/B,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,CAAC,OAAO;QAChB,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;QAClC,MAAM,EAAE,CAAC;QACT,MAAM,EAAE,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;KACxD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,2BAA2B,CAAC,KAAa,EAAE,MAAe,EAAE,UAAmB;IACtF,IAAI,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QACvC,OAAO,cAAc,KAAK,UAAU,CAAC;IACvC,CAAC;IACD,OAAO,uBAAuB,KAAK,UAAU,CAAC;AAChD,CAAC;AAEM,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEzC,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;IAE7D,IAAI,OAAO,GACT,OAAO,CAAC,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;QACnE,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC;QAC/C,OAAO,CAAC,cAAc,KAAK,UAAU,CAAC;QACtC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACpC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAErC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,IAAI,eAAe,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,OAAO,EAAE,CAAC;YACZ,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC;IAE5C,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,QAAQ,EAAE,CAAC;QACjD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QAC9C,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC/F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACvD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,aAAa,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC/E,CAAC,CAAC,GAAG,KAAK,aAAa,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,YAAY,CAAC,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,CAAC,CAAC,GAAG,mCAAI,IAAI;QAC1D,cAAc,EAAE,MAAA,MAAA,CAAC,CAAC,GAAG,mCAAI,YAAY,CAAC,cAAc,mCAAI,IAAI;QAC5D,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,aAAa,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC/E,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,cAAc,EAAE,OAAO;KACxB,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AAnKW,QAAA,QAAQ,YAmKnB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACvF,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE;YACnC,OAAO;YACP,QAAQ;SACT,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;YAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAA,GAAG,CAAC,KAAK,oDAAG,uCAAuC,CAAC,CAAC;gBACrD,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;iBACtF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAA,GAAG,CAAC,IAAI,oDAAG,mCAAmC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC7D,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC9D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,cAAc,GAAG,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBAC3E,WAAW,EAAE,KAAK;gBAClB,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4DAA4D;YAC5D,MAAM,kBAAkB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAE9C,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;oBACnC,CAAC,CAAC,IAAI,CAAC,UAAU;oBACjB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,eAAe;YAErC,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;YAEjC,IAAI;YACJ,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACzE,MAAM,YAAY,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YAE5D,IAAA,qBAAW,EAAC,GAAG,EAAE,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,kBAAkB,EAAE;gBAC/F,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,CAAC,YAAY;gBACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;gBACvC,MAAM,EAAE,aAAa;gBACrB,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK,EAAE,KAAe;gBACtB,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,EAAE,CAAC,GAAG,mCAAI,IAAI;gBAC9D,cAAc,EAAE,MAAA,MAAA,EAAE,CAAC,GAAG,mCAAI,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,mCAAI,IAAI;gBAChE,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;gBACX,cAAc,EAAE,OAAO;aACxB,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE;gBAC/B,OAAO,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO;gBACnB,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;gBACb,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;aACd,CAAC,CAAC;YACH,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACvF,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAiE;AAEjE,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;AACrD,MAAM,kBAAkB,GAAG,IAAA,mBAAW,EAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAExD,SAAS,gBAAgB,CAAC,SAA+C,EAAE,MAAe,EAAE,UAAmB;;IAC7G,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,OAAO,MAAA,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,mCAAI,SAAS,CAAC;QACpD,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEF,SAAS,cAAc,CAAC,MAAe,EAAE,UAAmB;IAC1D,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC9D,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAChC,GAAsB,EACtB,KAAa,EACb,MAAe,EACf,UAAmB;IAEnB,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,UAAU,GAAG,2BAA2B,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC1E,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACnD,IAAA,qBAAW,EAAC,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/B,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,CAAC,OAAO;QAChB,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;QAClC,MAAM,EAAE,CAAC;QACT,MAAM,EAAE,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;KACxD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,2BAA2B,CAAC,KAAa,EAAE,MAAe,EAAE,UAAmB;IACtF,IAAI,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QACvC,OAAO,cAAc,KAAK,UAAU,CAAC;IACvC,CAAC;IACD,OAAO,uBAAuB,KAAK,UAAU,CAAC;AAChD,CAAC;AAEM,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEzC,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;IAE7D,IAAI,OAAO,GACT,OAAO,CAAC,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;QACnE,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC;QAC/C,OAAO,CAAC,cAAc,KAAK,UAAU,CAAC;QACtC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACpC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAErC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,IAAI,eAAe,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,OAAO,EAAE,CAAC;YACZ,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC;IAE5C,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,QAAQ,EAAE,CAAC;QACjD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,mFAAmF;IACnF,MAAM,oBAAoB,GAAG,EAAE,CAAC;IAChC,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,oBAAoB,CAAC,EAAE,CAAC;QACvE,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC/F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACvD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,aAAa,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC/E,CAAC,CAAC,GAAG,KAAK,aAAa,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,YAAY,CAAC,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,CAAC,CAAC,GAAG,mCAAI,IAAI;QAC1D,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;KAC1B,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AAhKW,QAAA,QAAQ,YAgKnB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACvF,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE;YACnC,OAAO;YACP,QAAQ;SACT,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;YAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAA,GAAG,CAAC,KAAK,oDAAG,uCAAuC,CAAC,CAAC;gBACrD,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;iBACtF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,IAAI,SAA6B,CAAC;gBAClC,IAAI,CAAC;oBACH,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAChC,CAAC;gBAAC,WAAM,CAAC;oBACP,SAAS,GAAG,SAAS,CAAC;gBACxB,CAAC;gBAED,MAAM,cAAc,GAClB,CAAC,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;oBACpF,IAAI,CAAC,MAAM,KAAK,GAAG,CAAC;gBAEtB,MAAA,GAAG,CAAC,IAAI,oDAAG,mCAAmC,IAAI,CAAC,MAAM,EAAE,EAAE;oBAC3D,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,YAAY,EAAE,cAAc;iBAC7B,CAAC,CAAC;gBAEH,IAAI,cAAc,EAAE,CAAC;oBACnB,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;gBAChE,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,cAAc,GAAG,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBAC3E,WAAW,EAAE,KAAK;gBAClB,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4DAA4D;YAC5D,MAAM,kBAAkB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAE9C,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,2EAA2E;YAEpG,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;YAEjC,IAAI;YACJ,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACzE,MAAM,YAAY,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YAE5D,IAAA,qBAAW,EAAC,GAAG,EAAE,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,kBAAkB,EAAE;gBAC/F,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,CAAC,YAAY;gBACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;gBACvC,MAAM,EAAE,aAAa;gBACrB,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK,EAAE,KAAe;gBACtB,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,EAAE,CAAC,GAAG,mCAAI,IAAI;gBAC9D,cAAc,EAAE,MAAA,MAAA,EAAE,CAAC,GAAG,mCAAI,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,mCAAI,IAAI;gBAChE,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;gBACX,cAAc,EAAE,OAAO;aACxB,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE;gBAC/B,OAAO,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO;gBACnB,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;gBACb,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;aACd,CAAC,CAAC;YACH,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
package/build/src/types/index.d.ts CHANGED
@@ -1,2 +1,3 @@
1
1
  export * from './create-enterprise-business';
2
2
  export * from './events';
3
+ export * from './app';
package/build/src/types/index.js CHANGED
@@ -3,4 +3,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  const tslib_1 = require("tslib");
4
4
  tslib_1.__exportStar(require("./create-enterprise-business"), exports);
5
5
  tslib_1.__exportStar(require("./events"), exports);
6
+ tslib_1.__exportStar(require("./app"), exports);
6
7
  //# sourceMappingURL=index.js.map
package/build/src/types/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":";;;AAAA,uEAA4C;AAC5C,mDAAwB"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":";;;AAAA,uEAA4C;AAC5C,mDAAwB;AACxB,gDAAqB"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@culturefy/shared",
3
3
  "description": "Shared utilities for culturefy serverless services",
4
- "version": "1.0.70",
4
+ "version": "1.0.72",
5
5
  "main": "build/cjs/index.js",
6
6
  "module": "build/esm/index.js",
7
7
  "types": "build/src/index.d.ts",