@culturefy/shared 1.0.71 → 1.0.72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/build/cjs/middlewares/index.js +6 -0
  2. package/build/cjs/middlewares/index.js.map +1 -1
  3. package/build/cjs/middlewares/internal-auth-middleware.js +43 -0
  4. package/build/cjs/middlewares/internal-auth-middleware.js.map +1 -0
  5. package/build/cjs/middlewares/verify-middleware.js +25 -16
  6. package/build/cjs/middlewares/verify-middleware.js.map +1 -1
  7. package/build/esm/middlewares/index.js +1 -0
  8. package/build/esm/middlewares/index.js.map +1 -1
  9. package/build/esm/middlewares/internal-auth-middleware.js +38 -0
  10. package/build/esm/middlewares/internal-auth-middleware.js.map +1 -0
  11. package/build/esm/middlewares/verify-middleware.js +26 -17
  12. package/build/esm/middlewares/verify-middleware.js.map +1 -1
  13. package/build/src/middlewares/index.d.ts +1 -0
  14. package/build/src/middlewares/index.js +1 -0
  15. package/build/src/middlewares/index.js.map +1 -1
  16. package/build/src/middlewares/internal-auth-middleware.d.ts +2 -0
  17. package/build/src/middlewares/internal-auth-middleware.js +36 -0
  18. package/build/src/middlewares/internal-auth-middleware.js.map +1 -0
  19. package/build/src/middlewares/verify-middleware.js +24 -13
  20. package/build/src/middlewares/verify-middleware.js.map +1 -1
  21. package/package.json +1 -1
package/build/cjs/middlewares/index.js CHANGED
@@ -7,6 +7,12 @@ Object.keys(_tokenValidation).forEach(function (key) {
7
7
  if (key in exports && exports[key] === _tokenValidation[key]) return;
8
8
  exports[key] = _tokenValidation[key];
9
9
  });
10
+ var _internalAuthMiddleware = require("./internal-auth-middleware");
11
+ Object.keys(_internalAuthMiddleware).forEach(function (key) {
12
+ if (key === "default" || key === "__esModule") return;
13
+ if (key in exports && exports[key] === _internalAuthMiddleware[key]) return;
14
+ exports[key] = _internalAuthMiddleware[key];
15
+ });
10
16
  var _verifyMiddleware = require("./verify-middleware");
11
17
  Object.keys(_verifyMiddleware).forEach(function (key) {
12
18
  if (key === "default" || key === "__esModule") return;
package/build/cjs/middlewares/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["_tokenValidation","require","Object","keys","forEach","key","exports","_verifyMiddleware","_verifyExpress"],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":";;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,gBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,gBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,gBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,iBAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,iBAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,iBAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,iBAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,cAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,cAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,cAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,cAAA,CAAAH,GAAA;AAAA","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":["_tokenValidation","require","Object","keys","forEach","key","exports","_internalAuthMiddleware","_verifyMiddleware","_verifyExpress"],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './internal-auth-middleware';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":";;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,gBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,gBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,gBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,uBAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,uBAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,uBAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,uBAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,iBAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,iBAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,iBAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,iBAAA,CAAAH,GAAA;AAAA;AACA,IAAAI,cAAA,GAAAR,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAM,cAAA,EAAAL,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAI,cAAA,CAAAJ,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAI,cAAA,CAAAJ,GAAA;AAAA","ignoreList":[]}
package/build/cjs/middlewares/internal-auth-middleware.js ADDED
@@ -0,0 +1,43 @@
1
+ "use strict";
2
+
3
+ exports.__esModule = true;
4
+ exports.internalAuthMw = void 0;
5
+ const INTERNAL_SERVICE_KEY = "12345";
6
+ const getHeader = (req, name) => {
7
+ var _req$headers$get;
8
+ return (_req$headers$get = req.headers.get(name)) != null ? _req$headers$get : req.headers.get(name.toLowerCase());
9
+ };
10
+ const internalAuthMw = async (req, ctx, next) => {
11
+ var _ref, _ref$state;
12
+ const internalKey = getHeader(req, "x-internal-key");
13
+ if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {
14
+ return {
15
+ status: 401,
16
+ headers: {
17
+ "Content-Type": "application/json"
18
+ },
19
+ body: JSON.stringify({
20
+ status: "unauthenticated",
21
+ reason: "invalid_internal_key"
22
+ })
23
+ };
24
+ }
25
+ const tenantId = getHeader(req, "x-tenant-id") || undefined;
26
+ const userId = getHeader(req, "x-user-id") || undefined;
27
+ const businessId = getHeader(req, "x-business-id") || undefined;
28
+ const appId = getHeader(req, "x-app-id") || undefined;
29
+ const email = getHeader(req, "x-email") || undefined;
30
+ const name = getHeader(req, "x-name") || undefined;
31
+ (_ref$state = (_ref = ctx).state) != null ? _ref$state : _ref.state = {};
32
+ ctx.state.auth = {
33
+ appId,
34
+ userId,
35
+ businessId,
36
+ tenantId,
37
+ email,
38
+ name
39
+ };
40
+ return next();
41
+ };
42
+ exports.internalAuthMw = internalAuthMw;
43
+ //# sourceMappingURL=internal-auth-middleware.js.map
package/build/cjs/middlewares/internal-auth-middleware.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"internal-auth-middleware.js","names":["INTERNAL_SERVICE_KEY","getHeader","req","name","_req$headers$get","headers","get","toLowerCase","internalAuthMw","ctx","next","_ref","_ref$state","internalKey","status","body","JSON","stringify","reason","tenantId","undefined","userId","businessId","appId","email","state","auth","exports"],"sources":["../../../src/middlewares/internal-auth-middleware.ts"],"sourcesContent":["import { HttpRequest, HttpResponseInit, InvocationContext } from \"@azure/functions\";\nimport { IMiddleware } from \"../types/middleware\";\n\nconst INTERNAL_SERVICE_KEY = \"12345\";\n\nconst getHeader = (req: HttpRequest, name: string): string | null =>\n req.headers.get(name) ?? req.headers.get(name.toLowerCase());\n\nexport const internalAuthMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const internalKey = getHeader(req, \"x-internal-key\");\n\n if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_internal_key\" }),\n };\n }\n\n const tenantId = getHeader(req, \"x-tenant-id\") || undefined;\n const userId = getHeader(req, \"x-user-id\") || undefined;\n const businessId = getHeader(req, \"x-business-id\") || undefined;\n const appId = getHeader(req, \"x-app-id\") || undefined;\n const email = getHeader(req, \"x-email\") || undefined;\n const name = getHeader(req, \"x-name\") || undefined;\n\n (ctx as any).state ??= {};\n (ctx as any).state.auth = {\n appId,\n userId,\n businessId,\n tenantId,\n email,\n name,\n };\n\n return next();\n};\n"],"mappings":";;;;AAGA,MAAMA,oBAAoB,GAAG,OAAO;AAEpC,MAAMC,SAAS,GAAGA,CAACC,GAAgB,EAAEC,IAAY;EAAA,IAAAC,gBAAA;EAAA,QAAAA,gBAAA,GAC/CF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAAC,YAAAC,gBAAA,GAAIF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAACI,WAAW,CAAC,CAAC,CAAC;AAAA;AAEvD,MAAMC,cAA2B,GAAG,MAAAA,CACzCN,GAAgB,EAChBO,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,IAAA,EAAAC,UAAA;EAC9B,MAAMC,WAAW,GAAGZ,SAAS,CAACC,GAAG,EAAE,gBAAgB,CAAC;EAEpD,IAAI,CAACW,WAAW,IAAIA,WAAW,KAAKb,oBAAoB,EAAE;IACxD,OAAO;MACLc,MAAM,EAAE,GAAG;MACXT,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CU,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuB,CAAC;IACpF,CAAC;EACH;EAEA,MAAMC,QAAQ,GAAGlB,SAAS,CAACC,GAAG,EAAE,aAAa,CAAC,IAAIkB,SAAS;EAC3D,MAAMC,MAAM,GAAGpB,SAAS,CAACC,GAAG,EAAE,WAAW,CAAC,IAAIkB,SAAS;EACvD,MAAME,UAAU,GAAGrB,SAAS,CAACC,GAAG,EAAE,eAAe,CAAC,IAAIkB,SAAS;EAC/D,MAAMG,KAAK,GAAGtB,SAAS,CAACC,GAAG,EAAE,UAAU,CAAC,IAAIkB,SAAS;EACrD,MAAMI,KAAK,GAAGvB,SAAS,CAACC,GAAG,EAAE,SAAS,CAAC,IAAIkB,SAAS;EACpD,MAAMjB,IAAI,GAAGF,SAAS,CAACC,GAAG,EAAE,QAAQ,CAAC,IAAIkB,SAAS;EAElD,CAAAR,UAAA,IAAAD,IAAA,GAACF,GAAG,EAASgB,KAAK,YAAAb,UAAA,GAAlBD,IAAA,CAAac,KAAK,GAAK,CAAC,CAAC;EACxBhB,GAAG,CAASgB,KAAK,CAACC,IAAI,GAAG;IACxBH,KAAK;IACLF,MAAM;IACNC,UAAU;IACVH,QAAQ;IACRK,KAAK;IACLrB;EACF,CAAC;EAED,OAAOO,IAAI,CAAC,CAAC;AACf,CAAC;AAACiB,OAAA,CAAAnB,cAAA,GAAAA,cAAA","ignoreList":[]}
package/build/cjs/middlewares/verify-middleware.js CHANGED
@@ -84,7 +84,7 @@ function getSessionMappingCookieName(appId, origin, requestUrl) {
84
84
  return `__Secure-session-v1.${appId}.mapping`;
85
85
  }
86
86
  const verifyMw = async (req, ctx, next) => {
87
- var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$sub, _ref4, _p$cfy_bid, _ref5, _p$email, _p$name, _ref6, _p$resource_access$to, _p$resource_access, _p$realm_access;
87
+ var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$cfy_bid, _ref4, _p$email, _p$name;
88
88
  const appId = req.headers.get("app-id");
89
89
  if (!appId || !(_constants.APP_MAP != null && (_APP_MAP$appId = _constants.APP_MAP[appId]) != null && _APP_MAP$appId.clientId)) {
90
90
  return {
@@ -282,14 +282,10 @@ const verifyMw = async (req, ctx, next) => {
282
282
  ctx.state.auth = {
283
283
  appId,
284
284
  userId: (_ref2 = (_tokenMapping$userId$ = (_tokenMapping$userId = tokenMapping.userId) == null || _tokenMapping$userId.toString == null ? void 0 : _tokenMapping$userId.toString()) != null ? _tokenMapping$userId$ : p.sub) != null ? _ref2 : null,
285
- keycloakUserId: (_ref3 = (_p$sub = p.sub) != null ? _p$sub : tokenMapping.keycloakUserId) != null ? _ref3 : null,
286
- businessId: (_ref4 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref4 : null,
285
+ businessId: (_ref3 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref3 : null,
287
286
  tenantId,
288
- email: (_ref5 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref5 : null,
289
- name: (_p$name = p.name) != null ? _p$name : undefined,
290
- roles: (_ref6 = (_p$resource_access$to = (_p$resource_access = p.resource_access) == null || (_p$resource_access = _p$resource_access[tokenClientId]) == null ? void 0 : _p$resource_access.roles) != null ? _p$resource_access$to : (_p$realm_access = p.realm_access) == null ? void 0 : _p$realm_access.roles) != null ? _ref6 : [],
291
- exp: p.exp,
292
- tokenMappingId: mapping
287
+ email: (_ref4 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref4 : null,
288
+ name: (_p$name = p.name) != null ? _p$name : undefined
293
289
  };
294
290
  return next();
295
291
  };
@@ -320,7 +316,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
320
316
 
321
317
  // Call auth service to refresh
322
318
  try {
323
- var _req$headers$get3, _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
319
+ var _req$headers$get3, _ref5, _ref5$state, _ref6, _updatedMapping$userI, _updatedMapping$userI2, _ref7, _p2$sub, _ref8, _p2$cfy_bid, _ref9, _p2$email, _p2$name, _ref0, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
324
320
  const requestOrigin = (_req$headers$get3 = req.headers.get("origin")) != null ? _req$headers$get3 : undefined;
325
321
  if (!apiURL) {
326
322
  ctx.error == null || ctx.error("Refresh session URL is not configured");
@@ -350,7 +346,20 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
350
346
  })
351
347
  });
352
348
  if (!resp.ok) {
353
- ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`);
349
+ let errorText;
350
+ try {
351
+ errorText = await resp.text();
352
+ } catch {
353
+ errorText = undefined;
354
+ }
355
+ const isInvalidGrant = typeof errorText === "string" && errorText.toLowerCase().includes("invalid_grant") || resp.status === 400;
356
+ ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`, {
357
+ status: resp.status,
358
+ invalidGrant: isInvalidGrant
359
+ });
360
+ if (isInvalidGrant) {
361
+ clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
362
+ }
354
363
  return {
355
364
  status: 401,
356
365
  headers: {
@@ -466,17 +475,17 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
466
475
  }
467
476
 
468
477
  // Update downstream auth state with refreshed token
469
- (_ref7$state = (_ref7 = ctx).state) != null ? _ref7$state : _ref7.state = {};
478
+ (_ref5$state = (_ref5 = ctx).state) != null ? _ref5$state : _ref5.state = {};
470
479
  const tenantId2 = realmId.toString();
471
480
  ctx.state.auth = {
472
481
  appId: appId,
473
- userId: (_ref8 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref8 : null,
474
- keycloakUserId: (_ref9 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref9 : null,
475
- businessId: (_ref0 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref0 : null,
482
+ userId: (_ref6 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref6 : null,
483
+ keycloakUserId: (_ref7 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref7 : null,
484
+ businessId: (_ref8 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref8 : null,
476
485
  tenantId: tenantId2,
477
- email: (_ref1 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref1 : null,
486
+ email: (_ref9 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref9 : null,
478
487
  name: (_p2$name = p2.name) != null ? _p2$name : undefined,
479
- roles: (_ref10 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref10 : [],
488
+ roles: (_ref0 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref0 : [],
480
489
  exp: p2.exp,
481
490
  tokenMappingId: mapping
482
491
  };
package/build/cjs/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","clearSessionMappingCookie","ctx","appId","APP_MAP","cookieName","getSessionMappingCookieName","isLocal","setCookieKV","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","jwtDecode","sid","now","Math","floor","Date","refreshLeewaySeconds","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","tokenMappingId","exports","_req$headers$get2","info","_req$headers$get3","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","audOk2","tenantId2","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)\n const refreshLeewaySeconds = 60;\n if (typeof p.exp === \"number\" && p.exp <= (now + refreshLeewaySeconds)) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n tokenMappingId: mapping,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC1B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASoB,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb7B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;EAChC,MAAME,UAAU,GAAGC,2BAA2B,CAACH,KAAK,EAAE7B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMgC,OAAO,GAAGP,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC;EAClD,IAAAiC,oBAAW,EAACN,GAAG,EAAEG,UAAU,EAAE,EAAE,EAAE;IAC/BI,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACH,OAAO;IAChBI,QAAQ,EAAEJ,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCK,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAAS+B,2BAA2BA,CAACH,KAAa,EAAE7B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAIyB,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc4B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEO,MAAMU,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBZ,GAAsB,EACtBa,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAM/B,KAAK,GAAGW,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACjC,KAAK,IAAI,EAACC,kBAAO,aAAAY,cAAA,GAAPZ,kBAAO,CAAGD,KAAK,CAAC,aAAhBa,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAGjC,kBAAO,CAACD,KAAK,CAAC,CAACkC,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAGrD,iBAAiB,CAACwB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAA3B,gBAAA,GAAGH,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIzC,SAAS;EAE5D,IAAIqE,OAAsB,GACxBF,OAAO,CAACrC,2BAA2B,CAACH,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBxC,KAAK,UAAU,CAAC,IAC/CwC,OAAO,CAAC,cAAcxC,KAAK,UAAU,CAAC,IACtCW,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCtB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/C,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACkF,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpD,GAAG,EAAE8C,KAAK,CAAC;EAE/D,IAAIO,eAAe,GAAG,MAAMrF,kBAAkB,CAACkE,GAAG,CAAClC,GAAG,EAAE2C,OAAO,CAAC;EAChE,IAAI,CAACU,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACZ,OAAO,CAAC;IACtE,IAAIW,OAAO,EAAE;MACXD,eAAe,GAAGf,IAAI,CAACC,SAAS,CAACe,OAAO,CAAC;MACzC,MAAMtF,kBAAkB,CAACwF,GAAG,CAACxD,GAAG,EAAEqD,eAAe,EAAEV,OAAO,CAAC;IAC7D;EACF;EACA,MAAMc,YAAY,GAAGJ,eAAe,GAAGf,IAAI,CAACoB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAImB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMuB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACtB,QAAQ;EAE3C,IAAI,CAAC8B,aAAa,IAAIA,aAAa,KAAK9B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACR,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAxB,EAAA,GAACkD,CAAC,aAADlD,EAAA,CAAGoD,GAAG,GAAE;IACX,OAAO;MACLhC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM6B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,MAAMI,oBAAoB,GAAG,EAAE;EAC/B,IAAI,OAAOP,CAAC,CAACQ,GAAG,KAAK,QAAQ,IAAIR,CAAC,CAACQ,GAAG,IAAKL,GAAG,GAAGI,oBAAqB,EAAE;IACtE;IACA,OAAO,MAAME,kBAAkB,CAAC/D,GAAG,EAAEZ,GAAG,EAAEC,KAAK,EAAE8D,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAElB,OAAO,EAAEuB,CAAC,EAAErD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM+D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACZ,CAAC,CAACa,GAAG,CAAC,IAAIb,CAAC,CAACa,GAAG,CAACC,QAAQ,CAACf,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACa,GAAG,KAAK,QAAQ,KAAKb,CAAC,CAACa,GAAG,KAAKd,aAAa,IAAIC,CAAC,CAACa,GAAG,KAAK,SAAS,CAAE,IAC/Eb,CAAC,CAACe,GAAG,KAAKhB,aAAa;EAEzB,IAAI,CAACW,KAAK,EAAE;IACV,OAAO;MACLxC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAtB,UAAA,IAAAD,IAAA,GAACjB,GAAG,EAASkF,KAAK,YAAAhE,UAAA,GAAlBD,IAAA,CAAaiE,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGpB,KAAK,CAACqB,QAAQ,CAAC,CAAC;EAEhCpF,GAAG,CAASkF,KAAK,CAACG,IAAI,GAAG;IACxBpF,KAAK;IACLqF,MAAM,GAAAnE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEoC,YAAY,CAAC6B,MAAM,aAAnBjE,oBAAA,CAAqB+D,QAAQ,oBAA7B/D,oBAAA,CAAqB+D,QAAQ,CAAG,CAAC,YAAAhE,qBAAA,GAAI8C,CAAC,CAACqB,GAAG,YAAApE,KAAA,GAAI,IAAI;IAC1DqE,cAAc,GAAAlE,KAAA,IAAAC,MAAA,GAAE2C,CAAC,CAACqB,GAAG,YAAAhE,MAAA,GAAIkC,YAAY,CAAC+B,cAAc,YAAAlE,KAAA,GAAI,IAAI;IAC5DmE,UAAU,GAAAjE,KAAA,IAAAC,UAAA,GAAEyC,CAAC,CAACwB,OAAO,YAAAjE,UAAA,GAAI0D,QAAQ,YAAA3D,KAAA,GAAI,IAAI;IACzC2D,QAAQ;IACRQ,KAAK,GAAAjE,KAAA,IAAAC,QAAA,GAAEuC,CAAC,CAACyB,KAAK,YAAAhE,QAAA,GAAIuC,CAAC,CAAC0B,kBAAkB,YAAAlE,KAAA,GAAI,IAAI;IAC9CmE,IAAI,GAAAjE,OAAA,GAAEsC,CAAC,CAAC2B,IAAI,YAAAjE,OAAA,GAAItD,SAAS;IACzBwH,KAAK,GAAAjE,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEmC,CAAC,CAAC6B,eAAe,cAAAhE,kBAAA,GAAjBA,kBAAA,CAAoBkC,aAAa,CAAC,qBAAlClC,kBAAA,CAAoC+D,KAAK,YAAAhE,qBAAA,IAAAE,eAAA,GAAIkC,CAAC,CAAC8B,YAAY,qBAAdhE,eAAA,CAAgB8D,KAAK,YAAAjE,KAAA,GAAI,EAAE;IAC/E6C,GAAG,EAAER,CAAC,CAACQ,GAAG;IACVuB,cAAc,EAAEtD;EAClB,CAAC;EAED,OAAO9B,IAAI,CAAC,CAAC;AACf,CAAC;AAACqF,OAAA,CAAAvF,QAAA,GAAAA,QAAA;AAIF,eAAegE,kBAAkBA,CAC/B/D,GAAgB,EAChBZ,GAAsB,EACtBC,KAAa,EACb+D,OAAe,EACf7B,QAAgB,EAChB0B,EAAsB,EACtBlB,OAAe,EACfuB,CAAM,EACNrD,IAAqC,EACV;EAC3B;EACA,IAAI,CAACgD,EAAE,EAAE;IAAA,IAAAsC,iBAAA;IACPpG,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAkG,iBAAA,GAAEvF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAiE,iBAAA,GAAI7H,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAxC,GAAG,CAACoG,IAAI,CAAC,0BAA0B,EAAE;IACnCpC,OAAO;IACP7B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAkE,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAM3E,aAAa,IAAA2D,iBAAA,GAAGzF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAmE,iBAAA,GAAI/H,SAAS;IAC5D,IAAI,CAACV,MAAM,EAAE;MACXoC,GAAG,CAACsH,KAAK,YAATtH,GAAG,CAACsH,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACLlF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM+E,IAAI,GAAG,MAAMC,KAAK,CAAC5J,MAAM,EAAE;MAC/B6J,MAAM,EAAE,MAAM;MACdxF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnByB,OAAO;QACP7B,QAAQ,EAAEA,QAAQ;QAClBuF,aAAa,EAAE7D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC0D,IAAI,CAACI,EAAE,EAAE;MACZ3H,GAAG,CAAC4H,IAAI,YAAR5H,GAAG,CAAC4H,IAAI,CAAG,mCAAmCL,IAAI,CAACnF,MAAM,EAAE,CAAC;MAC5D,OAAO;QACLA,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMqF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL9F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/C,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACkF,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpD,GAAG,EAAE8C,KAAK,CAAC;IAE/D,MAAMqF,cAAc,GAAG,MAAMhF,mBAAmB,CAACiF,kBAAkB,CAACzF,OAAO,EAAE;MAC3EiB,WAAW,EAAEoE,KAAK;MAClBlE,YAAY,EAAEoE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI9D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG0D,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGhK;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAACuK,MAAM,CAACvI,GAAG,EAAE2C,OAAO,CAAC;;IAE7C;IACA,MAAM6F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEzB,MAAMC,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAACjG,OAAO,CAAC,CAACyC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMjH,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;;IAEhC;IACA,MAAM4I,YAAY,GAAG3K,gBAAgB,CAACC,SAAS,EAAEuE,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IACxE,MAAMkG,YAAY,GAAGhJ,cAAc,CAAC4C,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IAE3D,IAAAtC,oBAAW,EAACN,GAAG,EAAEI,2BAA2B,CAACH,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,EAAE8F,kBAAkB,EAAE;MAC/F;MACAnI,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACsI,YAAY;MACrBrI,QAAQ,EAAEqI,YAAY,GAAG,KAAK,GAAG,MAAM;MACvCpI,MAAM,EAAE8H,aAAa;MACrB1J,MAAM,EAAE+J;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA5E,oBAAS,EAAC6D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL5F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMwG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACiE,EAAE,CAAChE,GAAG,CAAC,IAAIgE,EAAE,CAAChE,GAAG,CAACC,QAAQ,CAAC7C,QAAQ,CAAC,IAClD,OAAO4G,EAAE,CAAChE,GAAG,KAAK,QAAQ,KAAKgE,EAAE,CAAChE,GAAG,KAAK5C,QAAQ,IAAI4G,EAAE,CAAChE,GAAG,KAAK,SAAS,CAAE,IAC7EgE,EAAE,CAAC9D,GAAG,KAAK9C,QAAQ;IACrB,IAAI,CAAC6G,MAAM,EAAE;MACX,OAAO;QACL5G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA+D,WAAA,IAAAD,KAAA,GAACtG,GAAG,EAASkF,KAAK,YAAAqB,WAAA,GAAlBD,KAAA,CAAapB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGjF,OAAO,CAACoB,QAAQ,CAAC,CAAC;IACnCpF,GAAG,CAASkF,KAAK,CAACG,IAAI,GAAG;MACxBpF,KAAK,EAAEA,KAAe;MACtBqF,MAAM,GAAAkB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE7C,MAAM,aAAtBoB,sBAAA,CAAwBtB,QAAQ,oBAAhCsB,sBAAA,CAAwBtB,QAAQ,CAAG,CAAC,YAAAqB,qBAAA,GAAIsC,EAAE,CAACxD,GAAG,YAAAiB,KAAA,GAAI,IAAI;MAC9DhB,cAAc,GAAAmB,KAAA,IAAAC,OAAA,GAAEmC,EAAE,CAACxD,GAAG,YAAAqB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAE3C,cAAc,YAAAmB,KAAA,GAAI,IAAI;MAChElB,UAAU,GAAAoB,KAAA,IAAAC,WAAA,GAAEiC,EAAE,CAACrD,OAAO,YAAAoB,WAAA,GAAImC,SAAS,YAAApC,KAAA,GAAI,IAAI;MAC3C1B,QAAQ,EAAE8D,SAAS;MACnBtD,KAAK,GAAAoB,KAAA,IAAAC,SAAA,GAAE+B,EAAE,CAACpD,KAAK,YAAAqB,SAAA,GAAI+B,EAAE,CAACnD,kBAAkB,YAAAmB,KAAA,GAAI,IAAI;MAChDlB,IAAI,GAAAoB,QAAA,GAAE8B,EAAE,CAAClD,IAAI,YAAAoB,QAAA,GAAI3I,SAAS;MAC1BwH,KAAK,GAAAoB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE2B,EAAE,CAAChD,eAAe,cAAAqB,mBAAA,GAAlBA,mBAAA,CAAqBjF,QAAQ,CAAC,qBAA9BiF,mBAAA,CAAgCtB,KAAK,YAAAqB,qBAAA,IAAAE,gBAAA,GAAI0B,EAAE,CAAC/C,YAAY,qBAAfqB,gBAAA,CAAiBvB,KAAK,YAAAoB,MAAA,GAAI,EAAE;MAC5ExC,GAAG,EAAEqE,EAAE,CAACrE,GAAG;MACXuB,cAAc,EAAEtD;IAClB,CAAC;;IAED;IACA,OAAO9B,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOqI,CAAM,EAAE;IACflJ,GAAG,CAACsH,KAAK,YAATtH,GAAG,CAACsH,KAAK,CAAG,mBAAmB,EAAE;MAC/B6B,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnBtD,IAAI,EAAEqD,CAAC,oBAADA,CAAC,CAAErD,IAAI;MACbuD,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACLhH,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAACwG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOV,MAAM,CAACC,IAAI,CAACS,KAAK,EAAE,QAAQ,CAAC,CAACjE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOkC,KAAU,EAAE;IACnBgC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGjC,KAAK,CAAC6B,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","clearSessionMappingCookie","ctx","appId","APP_MAP","cookieName","getSessionMappingCookieName","isLocal","setCookieKV","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$cfy_bid","_ref4","_p$email","_p$name","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","jwtDecode","sid","now","Math","floor","Date","refreshLeewaySeconds","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","exports","_req$headers$get2","info","_req$headers$get3","_ref5","_ref5$state","_ref6","_updatedMapping$userI","_updatedMapping$userI2","_ref7","_p2$sub","_ref8","_p2$cfy_bid","_ref9","_p2$email","_p2$name","_ref0","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","errorText","text","isInvalidGrant","toLowerCase","warn","invalidGrant","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","audOk2","tenantId2","keycloakUserId","roles","resource_access","realm_access","tokenMappingId","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)\n const refreshLeewaySeconds = 60;\n if (typeof p.exp === \"number\" && p.exp <= (now + refreshLeewaySeconds)) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n let errorText: string | undefined;\n try {\n errorText = await resp.text();\n } catch {\n errorText = undefined;\n }\n\n const isInvalidGrant =\n (typeof errorText === \"string\" && errorText.toLowerCase().includes(\"invalid_grant\")) ||\n resp.status === 400;\n\n ctx.warn?.(`refresh call failed with status ${resp.status}`, {\n status: resp.status,\n invalidGrant: isInvalidGrant,\n });\n\n if (isInvalidGrant) {\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n }\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC1B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASoB,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb7B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;EAChC,MAAME,UAAU,GAAGC,2BAA2B,CAACH,KAAK,EAAE7B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMgC,OAAO,GAAGP,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC;EAClD,IAAAiC,oBAAW,EAACN,GAAG,EAAEG,UAAU,EAAE,EAAE,EAAE;IAC/BI,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACH,OAAO;IAChBI,QAAQ,EAAEJ,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCK,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAAS+B,2BAA2BA,CAACH,KAAa,EAAE7B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAIyB,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc4B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEO,MAAMU,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBZ,GAAsB,EACtBa,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA;EAC9B,MAAMzB,KAAK,GAAGW,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAAC3B,KAAK,IAAI,EAACC,kBAAO,aAAAY,cAAA,GAAPZ,kBAAO,CAAGD,KAAK,CAAC,aAAhBa,cAAA,CAAkBe,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAG3B,kBAAO,CAACD,KAAK,CAAC,CAAC4B,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAG/C,iBAAiB,CAACwB,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAArB,gBAAA,GAAGH,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAb,gBAAA,GAAIzC,SAAS;EAE5D,IAAI+D,OAAsB,GACxBF,OAAO,CAAC/B,2BAA2B,CAACH,KAAK,EAAEmC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBlC,KAAK,UAAU,CAAC,IAC/CkC,OAAO,CAAC,cAAclC,KAAK,UAAU,CAAC,IACtCW,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpChB,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CzC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAAC4E,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAAC9C,GAAG,EAAEwC,KAAK,CAAC;EAE/D,IAAIO,eAAe,GAAG,MAAM/E,kBAAkB,CAAC4D,GAAG,CAAC5B,GAAG,EAAEqC,OAAO,CAAC;EAChE,IAAI,CAACU,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACZ,OAAO,CAAC;IACtE,IAAIW,OAAO,EAAE;MACXD,eAAe,GAAGf,IAAI,CAACC,SAAS,CAACe,OAAO,CAAC;MACzC,MAAMhF,kBAAkB,CAACkF,GAAG,CAAClD,GAAG,EAAE+C,eAAe,EAAEV,OAAO,CAAC;IAC7D;EACF;EACA,MAAMc,YAAY,GAAGJ,eAAe,GAAGf,IAAI,CAACoB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAImB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMuB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACtB,QAAQ;EAE3C,IAAI,CAAC8B,aAAa,IAAIA,aAAa,KAAK9B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACR,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAlB,EAAA,GAAC4C,CAAC,aAAD5C,EAAA,CAAG8C,GAAG,GAAE;IACX,OAAO;MACLhC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM6B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,MAAMI,oBAAoB,GAAG,EAAE;EAC/B,IAAI,OAAOP,CAAC,CAACQ,GAAG,KAAK,QAAQ,IAAIR,CAAC,CAACQ,GAAG,IAAKL,GAAG,GAAGI,oBAAqB,EAAE;IACtE;IACA,OAAO,MAAME,kBAAkB,CAACzD,GAAG,EAAEZ,GAAG,EAAEC,KAAK,EAAEwD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAElB,OAAO,EAAEuB,CAAC,EAAE/C,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAMyD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACZ,CAAC,CAACa,GAAG,CAAC,IAAIb,CAAC,CAACa,GAAG,CAACC,QAAQ,CAACf,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACa,GAAG,KAAK,QAAQ,KAAKb,CAAC,CAACa,GAAG,KAAKd,aAAa,IAAIC,CAAC,CAACa,GAAG,KAAK,SAAS,CAAE,IAC/Eb,CAAC,CAACe,GAAG,KAAKhB,aAAa;EAEzB,IAAI,CAACW,KAAK,EAAE;IACV,OAAO;MACLxC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAhB,UAAA,IAAAD,IAAA,GAACjB,GAAG,EAAS4E,KAAK,YAAA1D,UAAA,GAAlBD,IAAA,CAAa2D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGpB,KAAK,CAACqB,QAAQ,CAAC,CAAC;EAEhC9E,GAAG,CAAS4E,KAAK,CAACG,IAAI,GAAG;IACxB9E,KAAK;IACL+E,MAAM,GAAA7D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAE8B,YAAY,CAAC6B,MAAM,aAAnB3D,oBAAA,CAAqByD,QAAQ,oBAA7BzD,oBAAA,CAAqByD,QAAQ,CAAG,CAAC,YAAA1D,qBAAA,GAAIwC,CAAC,CAACqB,GAAG,YAAA9D,KAAA,GAAI,IAAI;IAC1D+D,UAAU,GAAA5D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACuB,OAAO,YAAA5D,UAAA,GAAIsD,QAAQ,YAAAvD,KAAA,GAAI,IAAI;IACzCuD,QAAQ;IACRO,KAAK,GAAA5D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACwB,KAAK,YAAA3D,QAAA,GAAImC,CAAC,CAACyB,kBAAkB,YAAA7D,KAAA,GAAI,IAAI;IAC9C8D,IAAI,GAAA5D,OAAA,GAAEkC,CAAC,CAAC0B,IAAI,YAAA5D,OAAA,GAAIpD;EAClB,CAAC;EAED,OAAOuC,IAAI,CAAC,CAAC;AACf,CAAC;AAAC0E,OAAA,CAAA5E,QAAA,GAAAA,QAAA;AAIF,eAAe0D,kBAAkBA,CAC/BzD,GAAgB,EAChBZ,GAAsB,EACtBC,KAAa,EACbyD,OAAe,EACf7B,QAAgB,EAChB0B,EAAsB,EACtBlB,OAAe,EACfuB,CAAM,EACN/C,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC0C,EAAE,EAAE;IAAA,IAAAiC,iBAAA;IACPzF,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAuF,iBAAA,GAAE5E,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA4D,iBAAA,GAAIlH,SAAS,EAAEsC,GAAG,CAAC0B,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAlC,GAAG,CAACyF,IAAI,CAAC,0BAA0B,EAAE;IACnC/B,OAAO;IACP7B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAA6D,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMtE,aAAa,IAAAsD,iBAAA,GAAG9E,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA8D,iBAAA,GAAIpH,SAAS;IAC5D,IAAI,CAACV,MAAM,EAAE;MACXoC,GAAG,CAAC2G,KAAK,YAAT3G,GAAG,CAAC2G,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACL7E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM0E,IAAI,GAAG,MAAMC,KAAK,CAACjJ,MAAM,EAAE;MAC/BkJ,MAAM,EAAE,MAAM;MACdnF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnByB,OAAO;QACP7B,QAAQ,EAAEA,QAAQ;QAClBkF,aAAa,EAAExD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACqD,IAAI,CAACI,EAAE,EAAE;MACZ,IAAIC,SAA6B;MACjC,IAAI;QACFA,SAAS,GAAG,MAAML,IAAI,CAACM,IAAI,CAAC,CAAC;MAC/B,CAAC,CAAC,MAAM;QACND,SAAS,GAAG3I,SAAS;MACvB;MAEA,MAAM6I,cAAc,GACjB,OAAOF,SAAS,KAAK,QAAQ,IAAIA,SAAS,CAACG,WAAW,CAAC,CAAC,CAAC1C,QAAQ,CAAC,eAAe,CAAC,IACnFkC,IAAI,CAAC9E,MAAM,KAAK,GAAG;MAErB9B,GAAG,CAACqH,IAAI,YAARrH,GAAG,CAACqH,IAAI,CAAG,mCAAmCT,IAAI,CAAC9E,MAAM,EAAE,EAAE;QAC3DA,MAAM,EAAE8E,IAAI,CAAC9E,MAAM;QACnBwF,YAAY,EAAEH;MAChB,CAAC,CAAC;MAEF,IAAIA,cAAc,EAAE;QAClBpH,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEmC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;MAC/D;MACA,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMqF,OAAO,GAAG,MAAMX,IAAI,CAACY,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACV,aAAmC;IAEtD,IAAI,CAACW,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL9F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CzC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAAC4E,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAAC9C,GAAG,EAAEwC,KAAK,CAAC;IAE/D,MAAMqF,cAAc,GAAG,MAAMhF,mBAAmB,CAACiF,kBAAkB,CAACzF,OAAO,EAAE;MAC3EiB,WAAW,EAAEoE,KAAK;MAClBlE,YAAY,EAAEoE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI9D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG0D,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG1J;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAACiK,MAAM,CAACjI,GAAG,EAAEqC,OAAO,CAAC;;IAE7C;IACA,MAAM6F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEzB,MAAMC,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAACjG,OAAO,CAAC,CAACyC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAM3G,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;;IAEhC;IACA,MAAMsI,YAAY,GAAGrK,gBAAgB,CAACC,SAAS,EAAEiE,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;IACxE,MAAMkG,YAAY,GAAG1I,cAAc,CAACsC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;IAE3D,IAAAhC,oBAAW,EAACN,GAAG,EAAEI,2BAA2B,CAACH,KAAK,EAAEmC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC,EAAE8F,kBAAkB,EAAE;MAC/F;MACA7H,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACgI,YAAY;MACrB/H,QAAQ,EAAE+H,YAAY,GAAG,KAAK,GAAG,MAAM;MACvC9H,MAAM,EAAEwH,aAAa;MACrBpJ,MAAM,EAAEyJ;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA5E,oBAAS,EAAC6D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL5F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMwG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACiE,EAAE,CAAChE,GAAG,CAAC,IAAIgE,EAAE,CAAChE,GAAG,CAACC,QAAQ,CAAC7C,QAAQ,CAAC,IAClD,OAAO4G,EAAE,CAAChE,GAAG,KAAK,QAAQ,KAAKgE,EAAE,CAAChE,GAAG,KAAK5C,QAAQ,IAAI4G,EAAE,CAAChE,GAAG,KAAK,SAAS,CAAE,IAC7EgE,EAAE,CAAC9D,GAAG,KAAK9C,QAAQ;IACrB,IAAI,CAAC6G,MAAM,EAAE;MACX,OAAO;QACL5G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA0D,WAAA,IAAAD,KAAA,GAAC3F,GAAG,EAAS4E,KAAK,YAAAgB,WAAA,GAAlBD,KAAA,CAAaf,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGjF,OAAO,CAACoB,QAAQ,CAAC,CAAC;IACnC9E,GAAG,CAAS4E,KAAK,CAACG,IAAI,GAAG;MACxB9E,KAAK,EAAEA,KAAe;MACtB+E,MAAM,GAAAa,KAAA,IAAAC,qBAAA,GAAE+B,cAAc,aAAA9B,sBAAA,GAAd8B,cAAc,CAAE7C,MAAM,aAAtBe,sBAAA,CAAwBjB,QAAQ,oBAAhCiB,sBAAA,CAAwBjB,QAAQ,CAAG,CAAC,YAAAgB,qBAAA,GAAI2C,EAAE,CAACxD,GAAG,YAAAY,KAAA,GAAI,IAAI;MAC9D+C,cAAc,GAAA5C,KAAA,IAAAC,OAAA,GAAEwC,EAAE,CAACxD,GAAG,YAAAgB,OAAA,GAAI4B,cAAc,oBAAdA,cAAc,CAAEe,cAAc,YAAA5C,KAAA,GAAI,IAAI;MAChEd,UAAU,GAAAgB,KAAA,IAAAC,WAAA,GAAEsC,EAAE,CAACtD,OAAO,YAAAgB,WAAA,GAAIwC,SAAS,YAAAzC,KAAA,GAAI,IAAI;MAC3CrB,QAAQ,EAAE8D,SAAS;MACnBvD,KAAK,GAAAgB,KAAA,IAAAC,SAAA,GAAEoC,EAAE,CAACrD,KAAK,YAAAiB,SAAA,GAAIoC,EAAE,CAACpD,kBAAkB,YAAAe,KAAA,GAAI,IAAI;MAChDd,IAAI,GAAAgB,QAAA,GAAEmC,EAAE,CAACnD,IAAI,YAAAgB,QAAA,GAAIhI,SAAS;MAC1BuK,KAAK,GAAAtC,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEgC,EAAE,CAACK,eAAe,cAAArC,mBAAA,GAAlBA,mBAAA,CAAqB5E,QAAQ,CAAC,qBAA9B4E,mBAAA,CAAgCoC,KAAK,YAAArC,qBAAA,IAAAE,gBAAA,GAAI+B,EAAE,CAACM,YAAY,qBAAfrC,gBAAA,CAAiBmC,KAAK,YAAAtC,KAAA,GAAI,EAAE;MAC5EnC,GAAG,EAAEqE,EAAE,CAACrE,GAAG;MACX4E,cAAc,EAAE3G;IAClB,CAAC;;IAED;IACA,OAAOxB,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOoI,CAAM,EAAE;IACfjJ,GAAG,CAAC2G,KAAK,YAAT3G,GAAG,CAAC2G,KAAK,CAAG,mBAAmB,EAAE;MAC/BuC,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnB5D,IAAI,EAAE2D,CAAC,oBAADA,CAAC,CAAE3D,IAAI;MACb6D,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACLrH,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAAC6G,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOf,MAAM,CAACC,IAAI,CAACc,KAAK,EAAE,QAAQ,CAAC,CAACtE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAO6B,KAAU,EAAE;IACnB0C,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAG3C,KAAK,CAACuC,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
package/build/esm/middlewares/index.js CHANGED
@@ -1,4 +1,5 @@
1
1
  export * from './token-validation';
2
+ export * from './internal-auth-middleware';
2
3
  export * from './verify-middleware';
3
4
  export * from './verify-express';
4
5
  //# sourceMappingURL=index.js.map
package/build/esm/middlewares/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":"AAAA,cAAc,oBAAoB;AAClC,cAAc,qBAAqB;AACnC,cAAc,kBAAkB","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './internal-auth-middleware';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":"AAAA,cAAc,oBAAoB;AAClC,cAAc,4BAA4B;AAC1C,cAAc,qBAAqB;AACnC,cAAc,kBAAkB","ignoreList":[]}
package/build/esm/middlewares/internal-auth-middleware.js ADDED
@@ -0,0 +1,38 @@
1
+ const INTERNAL_SERVICE_KEY = "12345";
2
+ const getHeader = (req, name) => {
3
+ var _req$headers$get;
4
+ return (_req$headers$get = req.headers.get(name)) != null ? _req$headers$get : req.headers.get(name.toLowerCase());
5
+ };
6
+ export const internalAuthMw = async (req, ctx, next) => {
7
+ var _ref, _ref$state;
8
+ const internalKey = getHeader(req, "x-internal-key");
9
+ if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {
10
+ return {
11
+ status: 401,
12
+ headers: {
13
+ "Content-Type": "application/json"
14
+ },
15
+ body: JSON.stringify({
16
+ status: "unauthenticated",
17
+ reason: "invalid_internal_key"
18
+ })
19
+ };
20
+ }
21
+ const tenantId = getHeader(req, "x-tenant-id") || undefined;
22
+ const userId = getHeader(req, "x-user-id") || undefined;
23
+ const businessId = getHeader(req, "x-business-id") || undefined;
24
+ const appId = getHeader(req, "x-app-id") || undefined;
25
+ const email = getHeader(req, "x-email") || undefined;
26
+ const name = getHeader(req, "x-name") || undefined;
27
+ (_ref$state = (_ref = ctx).state) != null ? _ref$state : _ref.state = {};
28
+ ctx.state.auth = {
29
+ appId,
30
+ userId,
31
+ businessId,
32
+ tenantId,
33
+ email,
34
+ name
35
+ };
36
+ return next();
37
+ };
38
+ //# sourceMappingURL=internal-auth-middleware.js.map
package/build/esm/middlewares/internal-auth-middleware.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"internal-auth-middleware.js","names":["INTERNAL_SERVICE_KEY","getHeader","req","name","_req$headers$get","headers","get","toLowerCase","internalAuthMw","ctx","next","_ref","_ref$state","internalKey","status","body","JSON","stringify","reason","tenantId","undefined","userId","businessId","appId","email","state","auth"],"sources":["../../../src/middlewares/internal-auth-middleware.ts"],"sourcesContent":["import { HttpRequest, HttpResponseInit, InvocationContext } from \"@azure/functions\";\nimport { IMiddleware } from \"../types/middleware\";\n\nconst INTERNAL_SERVICE_KEY = \"12345\";\n\nconst getHeader = (req: HttpRequest, name: string): string | null =>\n req.headers.get(name) ?? req.headers.get(name.toLowerCase());\n\nexport const internalAuthMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const internalKey = getHeader(req, \"x-internal-key\");\n\n if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_internal_key\" }),\n };\n }\n\n const tenantId = getHeader(req, \"x-tenant-id\") || undefined;\n const userId = getHeader(req, \"x-user-id\") || undefined;\n const businessId = getHeader(req, \"x-business-id\") || undefined;\n const appId = getHeader(req, \"x-app-id\") || undefined;\n const email = getHeader(req, \"x-email\") || undefined;\n const name = getHeader(req, \"x-name\") || undefined;\n\n (ctx as any).state ??= {};\n (ctx as any).state.auth = {\n appId,\n userId,\n businessId,\n tenantId,\n email,\n name,\n };\n\n return next();\n};\n"],"mappings":"AAGA,MAAMA,oBAAoB,GAAG,OAAO;AAEpC,MAAMC,SAAS,GAAGA,CAACC,GAAgB,EAAEC,IAAY;EAAA,IAAAC,gBAAA;EAAA,QAAAA,gBAAA,GAC/CF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAAC,YAAAC,gBAAA,GAAIF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAACI,WAAW,CAAC,CAAC,CAAC;AAAA;AAE9D,OAAO,MAAMC,cAA2B,GAAG,MAAAA,CACzCN,GAAgB,EAChBO,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,IAAA,EAAAC,UAAA;EAC9B,MAAMC,WAAW,GAAGZ,SAAS,CAACC,GAAG,EAAE,gBAAgB,CAAC;EAEpD,IAAI,CAACW,WAAW,IAAIA,WAAW,KAAKb,oBAAoB,EAAE;IACxD,OAAO;MACLc,MAAM,EAAE,GAAG;MACXT,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CU,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuB,CAAC;IACpF,CAAC;EACH;EAEA,MAAMC,QAAQ,GAAGlB,SAAS,CAACC,GAAG,EAAE,aAAa,CAAC,IAAIkB,SAAS;EAC3D,MAAMC,MAAM,GAAGpB,SAAS,CAACC,GAAG,EAAE,WAAW,CAAC,IAAIkB,SAAS;EACvD,MAAME,UAAU,GAAGrB,SAAS,CAACC,GAAG,EAAE,eAAe,CAAC,IAAIkB,SAAS;EAC/D,MAAMG,KAAK,GAAGtB,SAAS,CAACC,GAAG,EAAE,UAAU,CAAC,IAAIkB,SAAS;EACrD,MAAMI,KAAK,GAAGvB,SAAS,CAACC,GAAG,EAAE,SAAS,CAAC,IAAIkB,SAAS;EACpD,MAAMjB,IAAI,GAAGF,SAAS,CAACC,GAAG,EAAE,QAAQ,CAAC,IAAIkB,SAAS;EAElD,CAAAR,UAAA,IAAAD,IAAA,GAACF,GAAG,EAASgB,KAAK,YAAAb,UAAA,GAAlBD,IAAA,CAAac,KAAK,GAAK,CAAC,CAAC;EACxBhB,GAAG,CAASgB,KAAK,CAACC,IAAI,GAAG;IACxBH,KAAK;IACLF,MAAM;IACNC,UAAU;IACVH,QAAQ;IACRK,KAAK;IACLrB;EACF,CAAC;EAED,OAAOO,IAAI,CAAC,CAAC;AACf,CAAC","ignoreList":[]}
package/build/esm/middlewares/verify-middleware.js CHANGED
@@ -80,7 +80,7 @@ function getSessionMappingCookieName(appId, origin, requestUrl) {
80
80
  return `__Secure-session-v1.${appId}.mapping`;
81
81
  }
82
82
  export const verifyMw = async (req, ctx, next) => {
83
- var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$sub, _ref4, _p$cfy_bid, _ref5, _p$email, _p$name, _ref6, _p$resource_access$to, _p$resource_access, _p$realm_access;
83
+ var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$cfy_bid, _ref4, _p$email, _p$name;
84
84
  const appId = req.headers.get("app-id");
85
85
  if (!appId || !(APP_MAP != null && (_APP_MAP$appId = APP_MAP[appId]) != null && _APP_MAP$appId.clientId)) {
86
86
  return {
@@ -278,14 +278,10 @@ export const verifyMw = async (req, ctx, next) => {
278
278
  ctx.state.auth = {
279
279
  appId,
280
280
  userId: (_ref2 = (_tokenMapping$userId$ = (_tokenMapping$userId = tokenMapping.userId) == null || _tokenMapping$userId.toString == null ? void 0 : _tokenMapping$userId.toString()) != null ? _tokenMapping$userId$ : p.sub) != null ? _ref2 : null,
281
- keycloakUserId: (_ref3 = (_p$sub = p.sub) != null ? _p$sub : tokenMapping.keycloakUserId) != null ? _ref3 : null,
282
- businessId: (_ref4 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref4 : null,
281
+ businessId: (_ref3 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref3 : null,
283
282
  tenantId,
284
- email: (_ref5 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref5 : null,
285
- name: (_p$name = p.name) != null ? _p$name : undefined,
286
- roles: (_ref6 = (_p$resource_access$to = (_p$resource_access = p.resource_access) == null || (_p$resource_access = _p$resource_access[tokenClientId]) == null ? void 0 : _p$resource_access.roles) != null ? _p$resource_access$to : (_p$realm_access = p.realm_access) == null ? void 0 : _p$realm_access.roles) != null ? _ref6 : [],
287
- exp: p.exp,
288
- tokenMappingId: mapping
283
+ email: (_ref4 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref4 : null,
284
+ name: (_p$name = p.name) != null ? _p$name : undefined
289
285
  };
290
286
  return next();
291
287
  };
@@ -315,7 +311,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
315
311
 
316
312
  // Call auth service to refresh
317
313
  try {
318
- var _req$headers$get3, _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
314
+ var _req$headers$get3, _ref5, _ref5$state, _ref6, _updatedMapping$userI, _updatedMapping$userI2, _ref7, _p2$sub, _ref8, _p2$cfy_bid, _ref9, _p2$email, _p2$name, _ref0, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
319
315
  const requestOrigin = (_req$headers$get3 = req.headers.get("origin")) != null ? _req$headers$get3 : undefined;
320
316
  if (!apiURL) {
321
317
  ctx.error == null || ctx.error("Refresh session URL is not configured");
@@ -345,7 +341,20 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
345
341
  })
346
342
  });
347
343
  if (!resp.ok) {
348
- ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`);
344
+ let errorText;
345
+ try {
346
+ errorText = await resp.text();
347
+ } catch (_unused4) {
348
+ errorText = undefined;
349
+ }
350
+ const isInvalidGrant = typeof errorText === "string" && errorText.toLowerCase().includes("invalid_grant") || resp.status === 400;
351
+ ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`, {
352
+ status: resp.status,
353
+ invalidGrant: isInvalidGrant
354
+ });
355
+ if (isInvalidGrant) {
356
+ clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
357
+ }
349
358
  return {
350
359
  status: 401,
351
360
  headers: {
@@ -428,7 +437,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
428
437
  let p2;
429
438
  try {
430
439
  p2 = jwtDecode(newAT);
431
- } catch (_unused4) {
440
+ } catch (_unused5) {
432
441
  return {
433
442
  status: 401,
434
443
  headers: {
@@ -461,17 +470,17 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
461
470
  }
462
471
 
463
472
  // Update downstream auth state with refreshed token
464
- (_ref7$state = (_ref7 = ctx).state) != null ? _ref7$state : _ref7.state = {};
473
+ (_ref5$state = (_ref5 = ctx).state) != null ? _ref5$state : _ref5.state = {};
465
474
  const tenantId2 = realmId.toString();
466
475
  ctx.state.auth = {
467
476
  appId: appId,
468
- userId: (_ref8 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref8 : null,
469
- keycloakUserId: (_ref9 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref9 : null,
470
- businessId: (_ref0 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref0 : null,
477
+ userId: (_ref6 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref6 : null,
478
+ keycloakUserId: (_ref7 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref7 : null,
479
+ businessId: (_ref8 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref8 : null,
471
480
  tenantId: tenantId2,
472
- email: (_ref1 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref1 : null,
481
+ email: (_ref9 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref9 : null,
473
482
  name: (_p2$name = p2.name) != null ? _p2$name : undefined,
474
- roles: (_ref10 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref10 : [],
483
+ roles: (_ref0 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref0 : [],
475
484
  exp: p2.exp,
476
485
  tokenMappingId: mapping
477
486
  };
package/build/esm/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","createCache","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","_unused","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","_unused2","clearSessionMappingCookie","ctx","appId","cookieName","getSessionMappingCookieName","isLocal","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","_unused3","sid","now","Math","floor","Date","refreshLeewaySeconds","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","tokenMappingId","_req$headers$get2","info","_req$headers$get3","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","_unused4","audOk2","tenantId2","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)\n const refreshLeewaySeconds = 60;\n if (typeof p.exp === \"number\" && p.exp <= (now + refreshLeewaySeconds)) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n tokenMappingId: mapping,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,WAAW,EAAEC,wBAAwB,QAAQ,UAAU;AAEhE,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAGP,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASQ,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,OAAAC,OAAA,EAAM;IACN,OAAOd,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMe,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC3B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,OAAAqB,QAAA,EAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASC,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb/B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;EAChC,MAAMC,UAAU,GAAGC,2BAA2B,CAACF,KAAK,EAAE/B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMiC,OAAO,GAAGP,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC;EAClDZ,WAAW,CAACyC,GAAG,EAAEE,UAAU,EAAE,EAAE,EAAE;IAC/BG,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACF,OAAO;IAChBG,QAAQ,EAAEH,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCI,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAASgC,2BAA2BA,CAACF,KAAa,EAAE/B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAI0B,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc8B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEA,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBV,GAAsB,EACtBW,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAM7B,KAAK,GAAGS,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAAC/B,KAAK,IAAI,EAAC7C,OAAO,aAAAwD,cAAA,GAAPxD,OAAO,CAAG6C,KAAK,CAAC,aAAhBW,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAG7E,OAAO,CAAC6C,KAAK,CAAC,CAACgC,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAGpD,iBAAiB,CAACuB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAA3B,gBAAA,GAAGH,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIzC,SAAS;EAE5D,IAAIqE,OAAsB,GACxBF,OAAO,CAACpC,2BAA2B,CAACF,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBtC,KAAK,UAAU,CAAC,IAC/CsC,OAAO,CAAC,cAActC,KAAK,UAAU,CAAC,IACtCS,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCtB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAMnF,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAACgF,oBAAoB,IAAI,EAAE,EACtCvF,mBAAmB,CAACwF,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMS,mBAAmB,GAAG,IAAIrF,mBAAmB,CAACsC,GAAG,EAAE4C,KAAK,CAAC;EAE/D,IAAII,eAAe,GAAG,MAAMjF,kBAAkB,CAACiE,GAAG,CAAChC,GAAG,EAAEyC,OAAO,CAAC;EAChE,IAAI,CAACO,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACT,OAAO,CAAC;IACtE,IAAIQ,OAAO,EAAE;MACXD,eAAe,GAAGZ,IAAI,CAACC,SAAS,CAACY,OAAO,CAAC;MACzC,MAAMlF,kBAAkB,CAACoF,GAAG,CAACnD,GAAG,EAAEgD,eAAe,EAAEP,OAAO,CAAC;IAC7D;EACF;EACA,MAAMW,YAAY,GAAGJ,eAAe,GAAGZ,IAAI,CAACiB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIgB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMoB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACnB,QAAQ;EAE3C,IAAI,CAAC2B,aAAa,IAAIA,aAAa,KAAK3B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAIuB,CAAM;EACV,IAAI;IACFA,CAAC,GAAGxG,SAAS,CAACiG,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAQ,QAAA,EAAM;IACN,OAAO;MACL5B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAxB,EAAA,GAAC+C,CAAC,aAAD/C,EAAA,CAAGiD,GAAG,GAAE;IACX,OAAO;MACL7B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM0B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,MAAMI,oBAAoB,GAAG,EAAE;EAC/B,IAAI,OAAOP,CAAC,CAACQ,GAAG,KAAK,QAAQ,IAAIR,CAAC,CAACQ,GAAG,IAAKL,GAAG,GAAGI,oBAAqB,EAAE;IACtE;IACA,OAAO,MAAME,kBAAkB,CAAC5D,GAAG,EAAEV,GAAG,EAAEC,KAAK,EAAEyD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAEf,OAAO,EAAEoB,CAAC,EAAElD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM4D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACZ,CAAC,CAACa,GAAG,CAAC,IAAIb,CAAC,CAACa,GAAG,CAACC,QAAQ,CAACf,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACa,GAAG,KAAK,QAAQ,KAAKb,CAAC,CAACa,GAAG,KAAKd,aAAa,IAAIC,CAAC,CAACa,GAAG,KAAK,SAAS,CAAE,IAC/Eb,CAAC,CAACe,GAAG,KAAKhB,aAAa;EAEzB,IAAI,CAACW,KAAK,EAAE;IACV,OAAO;MACLrC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAtB,UAAA,IAAAD,IAAA,GAACf,GAAG,EAAS6E,KAAK,YAAA7D,UAAA,GAAlBD,IAAA,CAAa8D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGpB,KAAK,CAACqB,QAAQ,CAAC,CAAC;EAEhC/E,GAAG,CAAS6E,KAAK,CAACG,IAAI,GAAG;IACxB/E,KAAK;IACLgF,MAAM,GAAAhE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEiC,YAAY,CAAC6B,MAAM,aAAnB9D,oBAAA,CAAqB4D,QAAQ,oBAA7B5D,oBAAA,CAAqB4D,QAAQ,CAAG,CAAC,YAAA7D,qBAAA,GAAI2C,CAAC,CAACqB,GAAG,YAAAjE,KAAA,GAAI,IAAI;IAC1DkE,cAAc,GAAA/D,KAAA,IAAAC,MAAA,GAAEwC,CAAC,CAACqB,GAAG,YAAA7D,MAAA,GAAI+B,YAAY,CAAC+B,cAAc,YAAA/D,KAAA,GAAI,IAAI;IAC5DgE,UAAU,GAAA9D,KAAA,IAAAC,UAAA,GAAEsC,CAAC,CAACwB,OAAO,YAAA9D,UAAA,GAAIuD,QAAQ,YAAAxD,KAAA,GAAI,IAAI;IACzCwD,QAAQ;IACRQ,KAAK,GAAA9D,KAAA,IAAAC,QAAA,GAAEoC,CAAC,CAACyB,KAAK,YAAA7D,QAAA,GAAIoC,CAAC,CAAC0B,kBAAkB,YAAA/D,KAAA,GAAI,IAAI;IAC9CgE,IAAI,GAAA9D,OAAA,GAAEmC,CAAC,CAAC2B,IAAI,YAAA9D,OAAA,GAAItD,SAAS;IACzBqH,KAAK,GAAA9D,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEgC,CAAC,CAAC6B,eAAe,cAAA7D,kBAAA,GAAjBA,kBAAA,CAAoB+B,aAAa,CAAC,qBAAlC/B,kBAAA,CAAoC4D,KAAK,YAAA7D,qBAAA,IAAAE,eAAA,GAAI+B,CAAC,CAAC8B,YAAY,qBAAd7D,eAAA,CAAgB2D,KAAK,YAAA9D,KAAA,GAAI,EAAE;IAC/E0C,GAAG,EAAER,CAAC,CAACQ,GAAG;IACVuB,cAAc,EAAEnD;EAClB,CAAC;EAED,OAAO9B,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAe2D,kBAAkBA,CAC/B5D,GAAgB,EAChBV,GAAsB,EACtBC,KAAa,EACb0D,OAAe,EACf1B,QAAgB,EAChBuB,EAAsB,EACtBf,OAAe,EACfoB,CAAM,EACNlD,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC6C,EAAE,EAAE;IAAA,IAAAqC,iBAAA;IACP9F,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAA4F,iBAAA,GAAEnF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA6D,iBAAA,GAAIzH,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAtC,GAAG,CAAC8F,IAAI,CAAC,0BAA0B,EAAE;IACnCnC,OAAO;IACP1B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAA8D,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMvE,aAAa,IAAAuD,iBAAA,GAAGrF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA+D,iBAAA,GAAI3H,SAAS;IAC5D,IAAI,CAACT,MAAM,EAAE;MACXqC,GAAG,CAACgH,KAAK,YAAThH,GAAG,CAACgH,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACL9E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM2E,IAAI,GAAG,MAAMC,KAAK,CAACvJ,MAAM,EAAE;MAC/BwJ,MAAM,EAAE,MAAM;MACdpF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBsB,OAAO;QACP1B,QAAQ,EAAEA,QAAQ;QAClBmF,aAAa,EAAE5D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACyD,IAAI,CAACI,EAAE,EAAE;MACZrH,GAAG,CAACsH,IAAI,YAARtH,GAAG,CAACsH,IAAI,CAAG,mCAAmCL,IAAI,CAAC/E,MAAM,EAAE,CAAC;MAC5D,OAAO;QACLA,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMiF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL1F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAMnF,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAACgF,oBAAoB,IAAI,EAAE,EACtCvF,mBAAmB,CAACwF,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMS,mBAAmB,GAAG,IAAIrF,mBAAmB,CAACsC,GAAG,EAAE4C,KAAK,CAAC;IAE/D,MAAMiF,cAAc,GAAG,MAAM9E,mBAAmB,CAAC+E,kBAAkB,CAACrF,OAAO,EAAE;MAC3Ec,WAAW,EAAEmE,KAAK;MAClBjE,YAAY,EAAEmE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI7D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAGyD,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG5J;IACnG,CAAC,CAAC;;IAEF;IACA,MAAML,kBAAkB,CAACkK,MAAM,CAACjI,GAAG,EAAEyC,OAAO,CAAC;;IAE7C;IACA,MAAMyF,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEzB,MAAMC,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAC7F,OAAO,CAAC,CAACsC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAM9G,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;;IAEhC;IACA,MAAMsI,YAAY,GAAGvK,gBAAgB,CAACC,SAAS,EAAEuE,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IACxE,MAAM8F,YAAY,GAAG3I,cAAc,CAAC2C,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IAE3DnF,WAAW,CAACyC,GAAG,EAAEG,2BAA2B,CAACF,KAAK,EAAEuC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,EAAE0F,kBAAkB,EAAE;MAC/F;MACA/H,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACkI,YAAY;MACrBjI,QAAQ,EAAEiI,YAAY,GAAG,KAAK,GAAG,MAAM;MACvChI,MAAM,EAAE0H,aAAa;MACrBtJ,MAAM,EAAE2J;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAGpL,SAAS,CAACqK,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAgB,QAAA,EAAM;MACnC,OAAO;QACLxG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMqG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACgE,EAAE,CAAC/D,GAAG,CAAC,IAAI+D,EAAE,CAAC/D,GAAG,CAACC,QAAQ,CAAC1C,QAAQ,CAAC,IAClD,OAAOwG,EAAE,CAAC/D,GAAG,KAAK,QAAQ,KAAK+D,EAAE,CAAC/D,GAAG,KAAKzC,QAAQ,IAAIwG,EAAE,CAAC/D,GAAG,KAAK,SAAS,CAAE,IAC7E+D,EAAE,CAAC7D,GAAG,KAAK3C,QAAQ;IACrB,IAAI,CAAC0G,MAAM,EAAE;MACX,OAAO;QACLzG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA2D,WAAA,IAAAD,KAAA,GAAChG,GAAG,EAAS6E,KAAK,YAAAoB,WAAA,GAAlBD,KAAA,CAAanB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGjF,OAAO,CAACoB,QAAQ,CAAC,CAAC;IACnC/E,GAAG,CAAS6E,KAAK,CAACG,IAAI,GAAG;MACxB/E,KAAK,EAAEA,KAAe;MACtBgF,MAAM,GAAAiB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE5C,MAAM,aAAtBmB,sBAAA,CAAwBrB,QAAQ,oBAAhCqB,sBAAA,CAAwBrB,QAAQ,CAAG,CAAC,YAAAoB,qBAAA,GAAIsC,EAAE,CAACvD,GAAG,YAAAgB,KAAA,GAAI,IAAI;MAC9Df,cAAc,GAAAkB,KAAA,IAAAC,OAAA,GAAEmC,EAAE,CAACvD,GAAG,YAAAoB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAE1C,cAAc,YAAAkB,KAAA,GAAI,IAAI;MAChEjB,UAAU,GAAAmB,KAAA,IAAAC,WAAA,GAAEiC,EAAE,CAACpD,OAAO,YAAAmB,WAAA,GAAIoC,SAAS,YAAArC,KAAA,GAAI,IAAI;MAC3CzB,QAAQ,EAAE8D,SAAS;MACnBtD,KAAK,GAAAmB,KAAA,IAAAC,SAAA,GAAE+B,EAAE,CAACnD,KAAK,YAAAoB,SAAA,GAAI+B,EAAE,CAAClD,kBAAkB,YAAAkB,KAAA,GAAI,IAAI;MAChDjB,IAAI,GAAAmB,QAAA,GAAE8B,EAAE,CAACjD,IAAI,YAAAmB,QAAA,GAAIvI,SAAS;MAC1BqH,KAAK,GAAAmB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE2B,EAAE,CAAC/C,eAAe,cAAAoB,mBAAA,GAAlBA,mBAAA,CAAqB7E,QAAQ,CAAC,qBAA9B6E,mBAAA,CAAgCrB,KAAK,YAAAoB,qBAAA,IAAAE,gBAAA,GAAI0B,EAAE,CAAC9C,YAAY,qBAAfoB,gBAAA,CAAiBtB,KAAK,YAAAmB,MAAA,GAAI,EAAE;MAC5EvC,GAAG,EAAEoE,EAAE,CAACpE,GAAG;MACXuB,cAAc,EAAEnD;IAClB,CAAC;;IAED;IACA,OAAO9B,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOkI,CAAM,EAAE;IACf7I,GAAG,CAACgH,KAAK,YAAThH,GAAG,CAACgH,KAAK,CAAG,mBAAmB,EAAE;MAC/B8B,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnBtD,IAAI,EAAEqD,CAAC,oBAADA,CAAC,CAAErD,IAAI;MACbuD,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACL7G,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAACqG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOX,MAAM,CAACC,IAAI,CAACU,KAAK,EAAE,QAAQ,CAAC,CAACjE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOiC,KAAU,EAAE;IACnBiC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGlC,KAAK,CAAC8B,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["APP_MAP","jwtDecode","AzureSecretKeysEnum","setCookieKV","createCache","getAzureVaultSecretByKey","TokenMappingService","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","_unused","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","_unused2","clearSessionMappingCookie","ctx","appId","cookieName","getSessionMappingCookieName","isLocal","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$cfy_bid","_ref4","_p$email","_p$name","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","AZURE_KEY_VAULT_NAME","DB_CONNECTING_STRING_USER","tokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","_unused3","sid","now","Math","floor","Date","refreshLeewaySeconds","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","_req$headers$get2","info","_req$headers$get3","_ref5","_ref5$state","_ref6","_updatedMapping$userI","_updatedMapping$userI2","_ref7","_p2$sub","_ref8","_p2$cfy_bid","_ref9","_p2$email","_p2$name","_ref0","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","errorText","text","_unused4","isInvalidGrant","toLowerCase","warn","invalidGrant","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","_unused5","audOk2","tenantId2","keycloakUserId","roles","resource_access","realm_access","tokenMappingId","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)\n const refreshLeewaySeconds = 60;\n if (typeof p.exp === \"number\" && p.exp <= (now + refreshLeewaySeconds)) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n let errorText: string | undefined;\n try {\n errorText = await resp.text();\n } catch {\n errorText = undefined;\n }\n\n const isInvalidGrant =\n (typeof errorText === \"string\" && errorText.toLowerCase().includes(\"invalid_grant\")) ||\n resp.status === 400;\n\n ctx.warn?.(`refresh call failed with status ${resp.status}`, {\n status: resp.status,\n invalidGrant: isInvalidGrant,\n });\n\n if (isInvalidGrant) {\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n }\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":"AACA,SAASA,OAAO,QAAQ,cAAc;AACtC,SAASC,SAAS,QAAQ,YAAY;AAEtC,SAASC,mBAAmB,QAAQ,UAAU;AAC9C,SAASC,WAAW,QAAQ,kBAAkB;AAG9C,SAASC,WAAW,EAAEC,wBAAwB,QAAQ,UAAU;AAEhE,SAASC,mBAAmB,QAAQ,iCAAiC;AAErE,MAAMC,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAGP,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASQ,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,OAAAC,OAAA,EAAM;IACN,OAAOd,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMe,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC3B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,OAAAqB,QAAA,EAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASC,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb/B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;EAChC,MAAMC,UAAU,GAAGC,2BAA2B,CAACF,KAAK,EAAE/B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMiC,OAAO,GAAGP,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC;EAClDZ,WAAW,CAACyC,GAAG,EAAEE,UAAU,EAAE,EAAE,EAAE;IAC/BG,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACF,OAAO;IAChBG,QAAQ,EAAEH,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCI,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAASgC,2BAA2BA,CAACF,KAAa,EAAE/B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAI0B,cAAc,CAAC3B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc8B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEA,OAAO,MAAMQ,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBV,GAAsB,EACtBW,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA;EAC9B,MAAMvB,KAAK,GAAGS,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACzB,KAAK,IAAI,EAAC7C,OAAO,aAAAwD,cAAA,GAAPxD,OAAO,CAAG6C,KAAK,CAAC,aAAhBW,cAAA,CAAkBe,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAGvE,OAAO,CAAC6C,KAAK,CAAC,CAAC0B,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAG9C,iBAAiB,CAACuB,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAArB,gBAAA,GAAGH,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAb,gBAAA,GAAIzC,SAAS;EAE5D,IAAI+D,OAAsB,GACxBF,OAAO,CAAC9B,2BAA2B,CAACF,KAAK,EAAEiC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBhC,KAAK,UAAU,CAAC,IAC/CgC,OAAO,CAAC,cAAchC,KAAK,UAAU,CAAC,IACtCS,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpChB,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM7E,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAAC0E,oBAAoB,IAAI,EAAE,EACtCjF,mBAAmB,CAACkF,yBACtB,CAAC;EAED,IAAI,CAACF,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMS,mBAAmB,GAAG,IAAI/E,mBAAmB,CAACsC,GAAG,EAAEsC,KAAK,CAAC;EAE/D,IAAII,eAAe,GAAG,MAAM3E,kBAAkB,CAAC2D,GAAG,CAAC1B,GAAG,EAAEmC,OAAO,CAAC;EAChE,IAAI,CAACO,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMF,mBAAmB,CAACG,mBAAmB,CAACT,OAAO,CAAC;IACtE,IAAIQ,OAAO,EAAE;MACXD,eAAe,GAAGZ,IAAI,CAACC,SAAS,CAACY,OAAO,CAAC;MACzC,MAAM5E,kBAAkB,CAAC8E,GAAG,CAAC7C,GAAG,EAAE0C,eAAe,EAAEP,OAAO,CAAC;IAC7D;EACF;EACA,MAAMW,YAAY,GAAGJ,eAAe,GAAGZ,IAAI,CAACiB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLlB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAIgB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLtB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMoB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACnB,QAAQ;EAE3C,IAAI,CAAC2B,aAAa,IAAIA,aAAa,KAAK3B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAIuB,CAAM;EACV,IAAI;IACFA,CAAC,GAAGlG,SAAS,CAAC2F,EAAE,CAAC;EACnB,CAAC,CAAC,OAAAQ,QAAA,EAAM;IACN,OAAO;MACL5B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAlB,EAAA,GAACyC,CAAC,aAADzC,EAAA,CAAG2C,GAAG,GAAE;IACX,OAAO;MACL7B,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM0B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,MAAMI,oBAAoB,GAAG,EAAE;EAC/B,IAAI,OAAOP,CAAC,CAACQ,GAAG,KAAK,QAAQ,IAAIR,CAAC,CAACQ,GAAG,IAAKL,GAAG,GAAGI,oBAAqB,EAAE;IACtE;IACA,OAAO,MAAME,kBAAkB,CAACtD,GAAG,EAAEV,GAAG,EAAEC,KAAK,EAAEmD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAEf,OAAO,EAAEoB,CAAC,EAAE5C,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAMsD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACZ,CAAC,CAACa,GAAG,CAAC,IAAIb,CAAC,CAACa,GAAG,CAACC,QAAQ,CAACf,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACa,GAAG,KAAK,QAAQ,KAAKb,CAAC,CAACa,GAAG,KAAKd,aAAa,IAAIC,CAAC,CAACa,GAAG,KAAK,SAAS,CAAE,IAC/Eb,CAAC,CAACe,GAAG,KAAKhB,aAAa;EAEzB,IAAI,CAACW,KAAK,EAAE;IACV,OAAO;MACLrC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAhB,UAAA,IAAAD,IAAA,GAACf,GAAG,EAASuE,KAAK,YAAAvD,UAAA,GAAlBD,IAAA,CAAawD,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGpB,KAAK,CAACqB,QAAQ,CAAC,CAAC;EAEhCzE,GAAG,CAASuE,KAAK,CAACG,IAAI,GAAG;IACxBzE,KAAK;IACL0E,MAAM,GAAA1D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAE2B,YAAY,CAAC6B,MAAM,aAAnBxD,oBAAA,CAAqBsD,QAAQ,oBAA7BtD,oBAAA,CAAqBsD,QAAQ,CAAG,CAAC,YAAAvD,qBAAA,GAAIqC,CAAC,CAACqB,GAAG,YAAA3D,KAAA,GAAI,IAAI;IAC1D4D,UAAU,GAAAzD,KAAA,IAAAC,UAAA,GAAEkC,CAAC,CAACuB,OAAO,YAAAzD,UAAA,GAAImD,QAAQ,YAAApD,KAAA,GAAI,IAAI;IACzCoD,QAAQ;IACRO,KAAK,GAAAzD,KAAA,IAAAC,QAAA,GAAEgC,CAAC,CAACwB,KAAK,YAAAxD,QAAA,GAAIgC,CAAC,CAACyB,kBAAkB,YAAA1D,KAAA,GAAI,IAAI;IAC9C2D,IAAI,GAAAzD,OAAA,GAAE+B,CAAC,CAAC0B,IAAI,YAAAzD,OAAA,GAAIpD;EAClB,CAAC;EAED,OAAOuC,IAAI,CAAC,CAAC;AACf,CAAC;AAID,eAAeqD,kBAAkBA,CAC/BtD,GAAgB,EAChBV,GAAsB,EACtBC,KAAa,EACboD,OAAe,EACf1B,QAAgB,EAChBuB,EAAsB,EACtBf,OAAe,EACfoB,CAAM,EACN5C,IAAqC,EACV;EAC3B;EACA,IAAI,CAACuC,EAAE,EAAE;IAAA,IAAAgC,iBAAA;IACPnF,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAiF,iBAAA,GAAExE,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAwD,iBAAA,GAAI9G,SAAS,EAAEsC,GAAG,CAAC0B,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAhC,GAAG,CAACmF,IAAI,CAAC,0BAA0B,EAAE;IACnC9B,OAAO;IACP1B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAyD,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMlE,aAAa,IAAAkD,iBAAA,GAAG1E,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA0D,iBAAA,GAAIhH,SAAS;IAC5D,IAAI,CAACT,MAAM,EAAE;MACXqC,GAAG,CAACqG,KAAK,YAATrG,GAAG,CAACqG,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACLzE,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAMsE,IAAI,GAAG,MAAMC,KAAK,CAAC5I,MAAM,EAAE;MAC/B6I,MAAM,EAAE,MAAM;MACd/E,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnBsB,OAAO;QACP1B,QAAQ,EAAEA,QAAQ;QAClB8E,aAAa,EAAEvD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACoD,IAAI,CAACI,EAAE,EAAE;MACZ,IAAIC,SAA6B;MACjC,IAAI;QACFA,SAAS,GAAG,MAAML,IAAI,CAACM,IAAI,CAAC,CAAC;MAC/B,CAAC,CAAC,OAAAC,QAAA,EAAM;QACNF,SAAS,GAAGvI,SAAS;MACvB;MAEA,MAAM0I,cAAc,GACjB,OAAOH,SAAS,KAAK,QAAQ,IAAIA,SAAS,CAACI,WAAW,CAAC,CAAC,CAAC1C,QAAQ,CAAC,eAAe,CAAC,IACnFiC,IAAI,CAAC1E,MAAM,KAAK,GAAG;MAErB5B,GAAG,CAACgH,IAAI,YAARhH,GAAG,CAACgH,IAAI,CAAG,mCAAmCV,IAAI,CAAC1E,MAAM,EAAE,EAAE;QAC3DA,MAAM,EAAE0E,IAAI,CAAC1E,MAAM;QACnBqF,YAAY,EAAEH;MAChB,CAAC,CAAC;MAEF,IAAIA,cAAc,EAAE;QAClB/G,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEiC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;MAC/D;MACA,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMkF,OAAO,GAAG,MAAMZ,IAAI,CAACa,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACX,aAAmC;IAEtD,IAAI,CAACY,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL3F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM7E,wBAAwB,CAC1CuC,GAAG,EACHpC,OAAO,CAACC,GAAG,CAAC0E,oBAAoB,IAAI,EAAE,EACtCjF,mBAAmB,CAACkF,yBACtB,CAAC;IAED,IAAI,CAACF,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMS,mBAAmB,GAAG,IAAI/E,mBAAmB,CAACsC,GAAG,EAAEsC,KAAK,CAAC;IAE/D,MAAMkF,cAAc,GAAG,MAAM/E,mBAAmB,CAACgF,kBAAkB,CAACtF,OAAO,EAAE;MAC3Ec,WAAW,EAAEoE,KAAK;MAClBlE,YAAY,EAAEoE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI9D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG0D,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGvJ;IACnG,CAAC,CAAC;;IAEF;IACA,MAAML,kBAAkB,CAAC6J,MAAM,CAAC5H,GAAG,EAAEmC,OAAO,CAAC;;IAE7C;IACA,MAAM0F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEzB,MAAMC,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAAC9F,OAAO,CAAC,CAACsC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMxG,SAAS,GAAGb,OAAO,CAAC6C,KAAK,CAAC;;IAEhC;IACA,MAAMiI,YAAY,GAAGlK,gBAAgB,CAACC,SAAS,EAAEiE,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;IACxE,MAAM+F,YAAY,GAAGtI,cAAc,CAACqC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;IAE3D7E,WAAW,CAACyC,GAAG,EAAEG,2BAA2B,CAACF,KAAK,EAAEiC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC,EAAE2F,kBAAkB,EAAE;MAC/F;MACA1H,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAAC6H,YAAY;MACrB5H,QAAQ,EAAE4H,YAAY,GAAG,KAAK,GAAG,MAAM;MACvC3H,MAAM,EAAEqH,aAAa;MACrBjJ,MAAM,EAAEsJ;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG/K,SAAS,CAACgK,KAAK,CAAC;IAAE,CAAC,CAAC,OAAAgB,QAAA,EAAM;MACnC,OAAO;QACLzG,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMsG,MAAM,GACTpE,KAAK,CAACC,OAAO,CAACiE,EAAE,CAAChE,GAAG,CAAC,IAAIgE,EAAE,CAAChE,GAAG,CAACC,QAAQ,CAAC1C,QAAQ,CAAC,IAClD,OAAOyG,EAAE,CAAChE,GAAG,KAAK,QAAQ,KAAKgE,EAAE,CAAChE,GAAG,KAAKzC,QAAQ,IAAIyG,EAAE,CAAChE,GAAG,KAAK,SAAS,CAAE,IAC7EgE,EAAE,CAAC9D,GAAG,KAAK3C,QAAQ;IACrB,IAAI,CAAC2G,MAAM,EAAE;MACX,OAAO;QACL1G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAAsD,WAAA,IAAAD,KAAA,GAACrF,GAAG,EAASuE,KAAK,YAAAe,WAAA,GAAlBD,KAAA,CAAad,KAAK,GAAK,CAAC,CAAC;IACzB,MAAMgE,SAAS,GAAGlF,OAAO,CAACoB,QAAQ,CAAC,CAAC;IACnCzE,GAAG,CAASuE,KAAK,CAACG,IAAI,GAAG;MACxBzE,KAAK,EAAEA,KAAe;MACtB0E,MAAM,GAAAY,KAAA,IAAAC,qBAAA,GAAEgC,cAAc,aAAA/B,sBAAA,GAAd+B,cAAc,CAAE7C,MAAM,aAAtBc,sBAAA,CAAwBhB,QAAQ,oBAAhCgB,sBAAA,CAAwBhB,QAAQ,CAAG,CAAC,YAAAe,qBAAA,GAAI4C,EAAE,CAACxD,GAAG,YAAAW,KAAA,GAAI,IAAI;MAC9DiD,cAAc,GAAA9C,KAAA,IAAAC,OAAA,GAAEyC,EAAE,CAACxD,GAAG,YAAAe,OAAA,GAAI6B,cAAc,oBAAdA,cAAc,CAAEgB,cAAc,YAAA9C,KAAA,GAAI,IAAI;MAChEb,UAAU,GAAAe,KAAA,IAAAC,WAAA,GAAEuC,EAAE,CAACtD,OAAO,YAAAe,WAAA,GAAI0C,SAAS,YAAA3C,KAAA,GAAI,IAAI;MAC3CpB,QAAQ,EAAE+D,SAAS;MACnBxD,KAAK,GAAAe,KAAA,IAAAC,SAAA,GAAEqC,EAAE,CAACrD,KAAK,YAAAgB,SAAA,GAAIqC,EAAE,CAACpD,kBAAkB,YAAAc,KAAA,GAAI,IAAI;MAChDb,IAAI,GAAAe,QAAA,GAAEoC,EAAE,CAACnD,IAAI,YAAAe,QAAA,GAAI5H,SAAS;MAC1BqK,KAAK,GAAAxC,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEiC,EAAE,CAACM,eAAe,cAAAvC,mBAAA,GAAlBA,mBAAA,CAAqBxE,QAAQ,CAAC,qBAA9BwE,mBAAA,CAAgCsC,KAAK,YAAAvC,qBAAA,IAAAE,gBAAA,GAAIgC,EAAE,CAACO,YAAY,qBAAfvC,gBAAA,CAAiBqC,KAAK,YAAAxC,KAAA,GAAI,EAAE;MAC5ElC,GAAG,EAAEqE,EAAE,CAACrE,GAAG;MACX6E,cAAc,EAAEzG;IAClB,CAAC;;IAED;IACA,OAAOxB,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOkI,CAAM,EAAE;IACf7I,GAAG,CAACqG,KAAK,YAATrG,GAAG,CAACqG,KAAK,CAAG,mBAAmB,EAAE;MAC/ByC,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnB7D,IAAI,EAAE4D,CAAC,oBAADA,CAAC,CAAE5D,IAAI;MACb8D,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACLnH,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAAC2G,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOhB,MAAM,CAACC,IAAI,CAACe,KAAK,EAAE,QAAQ,CAAC,CAACvE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAO4B,KAAU,EAAE;IACnB4C,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAG7C,KAAK,CAACyC,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
package/build/src/middlewares/index.d.ts CHANGED
@@ -1,3 +1,4 @@
1
1
  export * from './token-validation';
2
+ export * from './internal-auth-middleware';
2
3
  export * from './verify-middleware';
3
4
  export * from './verify-express';
package/build/src/middlewares/index.js CHANGED
@@ -2,6 +2,7 @@
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  const tslib_1 = require("tslib");
4
4
  tslib_1.__exportStar(require("./token-validation"), exports);
5
+ tslib_1.__exportStar(require("./internal-auth-middleware"), exports);
5
6
  tslib_1.__exportStar(require("./verify-middleware"), exports);
6
7
  tslib_1.__exportStar(require("./verify-express"), exports);
7
8
  //# sourceMappingURL=index.js.map
package/build/src/middlewares/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/middlewares/index.ts"],"names":[],"mappings":";;;AAAA,6DAAmC;AACnC,8DAAoC;AACpC,2DAAiC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/middlewares/index.ts"],"names":[],"mappings":";;;AAAA,6DAAmC;AACnC,qEAA2C;AAC3C,8DAAoC;AACpC,2DAAiC"}
package/build/src/middlewares/internal-auth-middleware.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import { IMiddleware } from "../types/middleware";
2
+ export declare const internalAuthMw: IMiddleware;
package/build/src/middlewares/internal-auth-middleware.js ADDED
@@ -0,0 +1,36 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.internalAuthMw = void 0;
4
+ const tslib_1 = require("tslib");
5
+ const INTERNAL_SERVICE_KEY = "12345";
6
+ const getHeader = (req, name) => { var _a; return (_a = req.headers.get(name)) !== null && _a !== void 0 ? _a : req.headers.get(name.toLowerCase()); };
7
+ const internalAuthMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
8
+ var _a;
9
+ var _b;
10
+ const internalKey = getHeader(req, "x-internal-key");
11
+ if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {
12
+ return {
13
+ status: 401,
14
+ headers: { "Content-Type": "application/json" },
15
+ body: JSON.stringify({ status: "unauthenticated", reason: "invalid_internal_key" }),
16
+ };
17
+ }
18
+ const tenantId = getHeader(req, "x-tenant-id") || undefined;
19
+ const userId = getHeader(req, "x-user-id") || undefined;
20
+ const businessId = getHeader(req, "x-business-id") || undefined;
21
+ const appId = getHeader(req, "x-app-id") || undefined;
22
+ const email = getHeader(req, "x-email") || undefined;
23
+ const name = getHeader(req, "x-name") || undefined;
24
+ (_a = (_b = ctx).state) !== null && _a !== void 0 ? _a : (_b.state = {});
25
+ ctx.state.auth = {
26
+ appId,
27
+ userId,
28
+ businessId,
29
+ tenantId,
30
+ email,
31
+ name,
32
+ };
33
+ return next();
34
+ });
35
+ exports.internalAuthMw = internalAuthMw;
36
+ //# sourceMappingURL=internal-auth-middleware.js.map
package/build/src/middlewares/internal-auth-middleware.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"internal-auth-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/internal-auth-middleware.ts"],"names":[],"mappings":";;;;AAGA,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAErC,MAAM,SAAS,GAAG,CAAC,GAAgB,EAAE,IAAY,EAAiB,EAAE,WAClE,OAAA,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,mCAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA,EAAA,CAAC;AAExD,MAAM,cAAc,GAAgB,CACzC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAErD,IAAI,CAAC,WAAW,IAAI,WAAW,KAAK,oBAAoB,EAAE,CAAC;QACzD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;SACpF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,EAAE,aAAa,CAAC,IAAI,SAAS,CAAC;IAC5D,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,SAAS,CAAC;IACxD,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,EAAE,eAAe,CAAC,IAAI,SAAS,CAAC;IAChE,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,SAAS,CAAC;IACtD,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,SAAS,CAAC;IACrD,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,SAAS,CAAC;IAEnD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IACzB,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM;QACN,UAAU;QACV,QAAQ;QACR,KAAK;QACL,IAAI;KACL,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AAjCW,QAAA,cAAc,kBAiCzB"}
package/build/src/middlewares/verify-middleware.js CHANGED
@@ -91,8 +91,8 @@ function getSessionMappingCookieName(appId, origin, requestUrl) {
91
91
  return `__Secure-session-v1.${appId}.mapping`;
92
92
  }
93
93
  const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, function* () {
94
- var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r, _s, _t, _u;
95
- var _v;
94
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
95
+ var _o;
96
96
  const appId = req.headers.get("app-id");
97
97
  if (!appId || !((_a = constants_1.APP_MAP === null || constants_1.APP_MAP === void 0 ? void 0 : constants_1.APP_MAP[appId]) === null || _a === void 0 ? void 0 : _a.clientId)) {
98
98
  return {
@@ -174,7 +174,7 @@ const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, f
174
174
  try {
175
175
  p = (0, jwt_decode_1.jwtDecode)(at);
176
176
  }
177
- catch (_w) {
177
+ catch (_p) {
178
178
  return {
179
179
  status: 401,
180
180
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -207,19 +207,15 @@ const verifyMw = (req, ctx, next) => tslib_1.__awaiter(void 0, void 0, void 0, f
207
207
  };
208
208
  }
209
209
  // pass data downstream
210
- (_c = (_v = ctx).state) !== null && _c !== void 0 ? _c : (_v.state = {});
210
+ (_c = (_o = ctx).state) !== null && _c !== void 0 ? _c : (_o.state = {});
211
211
  const tenantId = realm.toString();
212
212
  ctx.state.auth = {
213
213
  appId,
214
214
  userId: (_g = (_f = (_e = (_d = tokenMapping.userId) === null || _d === void 0 ? void 0 : _d.toString) === null || _e === void 0 ? void 0 : _e.call(_d)) !== null && _f !== void 0 ? _f : p.sub) !== null && _g !== void 0 ? _g : null,
215
- keycloakUserId: (_j = (_h = p.sub) !== null && _h !== void 0 ? _h : tokenMapping.keycloakUserId) !== null && _j !== void 0 ? _j : null,
216
- businessId: (_l = (_k = p.cfy_bid) !== null && _k !== void 0 ? _k : tenantId) !== null && _l !== void 0 ? _l : null,
215
+ businessId: (_j = (_h = p.cfy_bid) !== null && _h !== void 0 ? _h : tenantId) !== null && _j !== void 0 ? _j : null,
217
216
  tenantId,
218
- email: (_o = (_m = p.email) !== null && _m !== void 0 ? _m : p.preferred_username) !== null && _o !== void 0 ? _o : null,
219
- name: (_p = p.name) !== null && _p !== void 0 ? _p : undefined,
220
- roles: (_u = (_s = (_r = (_q = p.resource_access) === null || _q === void 0 ? void 0 : _q[tokenClientId]) === null || _r === void 0 ? void 0 : _r.roles) !== null && _s !== void 0 ? _s : (_t = p.realm_access) === null || _t === void 0 ? void 0 : _t.roles) !== null && _u !== void 0 ? _u : [],
221
- exp: p.exp,
222
- tokenMappingId: mapping,
217
+ email: (_l = (_k = p.email) !== null && _k !== void 0 ? _k : p.preferred_username) !== null && _l !== void 0 ? _l : null,
218
+ name: (_m = p.name) !== null && _m !== void 0 ? _m : undefined,
223
219
  };
224
220
  return next();
225
221
  });
@@ -262,7 +258,22 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
262
258
  })
263
259
  });
264
260
  if (!resp.ok) {
265
- (_d = ctx.warn) === null || _d === void 0 ? void 0 : _d.call(ctx, `refresh call failed with status ${resp.status}`);
261
+ let errorText;
262
+ try {
263
+ errorText = yield resp.text();
264
+ }
265
+ catch (_z) {
266
+ errorText = undefined;
267
+ }
268
+ const isInvalidGrant = (typeof errorText === "string" && errorText.toLowerCase().includes("invalid_grant")) ||
269
+ resp.status === 400;
270
+ (_d = ctx.warn) === null || _d === void 0 ? void 0 : _d.call(ctx, `refresh call failed with status ${resp.status}`, {
271
+ status: resp.status,
272
+ invalidGrant: isInvalidGrant,
273
+ });
274
+ if (isInvalidGrant) {
275
+ clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
276
+ }
266
277
  return {
267
278
  status: 401,
268
279
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
@@ -319,7 +330,7 @@ function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mapping, p,
319
330
  try {
320
331
  p2 = (0, jwt_decode_1.jwtDecode)(newAT);
321
332
  }
322
- catch (_z) {
333
+ catch (_0) {
323
334
  return {
324
335
  status: 401,
325
336
  headers: { "Content-Type": "application/json", "Cache-Control": "no-store, no-cache, must-revalidate", "Pragma": "no-cache", "Vary": "Origin" },
package/build/src/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAiE;AAEjE,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;AACrD,MAAM,kBAAkB,GAAG,IAAA,mBAAW,EAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAExD,SAAS,gBAAgB,CAAC,SAA+C,EAAE,MAAe,EAAE,UAAmB;;IAC7G,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,OAAO,MAAA,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,mCAAI,SAAS,CAAC;QACpD,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEF,SAAS,cAAc,CAAC,MAAe,EAAE,UAAmB;IAC1D,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC9D,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAChC,GAAsB,EACtB,KAAa,EACb,MAAe,EACf,UAAmB;IAEnB,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,UAAU,GAAG,2BAA2B,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC1E,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACnD,IAAA,qBAAW,EAAC,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/B,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,CAAC,OAAO;QAChB,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;QAClC,MAAM,EAAE,CAAC;QACT,MAAM,EAAE,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;KACxD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,2BAA2B,CAAC,KAAa,EAAE,MAAe,EAAE,UAAmB;IACtF,IAAI,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QACvC,OAAO,cAAc,KAAK,UAAU,CAAC;IACvC,CAAC;IACD,OAAO,uBAAuB,KAAK,UAAU,CAAC;AAChD,CAAC;AAEM,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEzC,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;IAE7D,IAAI,OAAO,GACT,OAAO,CAAC,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;QACnE,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC;QAC/C,OAAO,CAAC,cAAc,KAAK,UAAU,CAAC;QACtC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACpC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAErC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,IAAI,eAAe,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,OAAO,EAAE,CAAC;YACZ,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC;IAE5C,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,QAAQ,EAAE,CAAC;QACjD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,mFAAmF;IACnF,MAAM,oBAAoB,GAAG,EAAE,CAAC;IAChC,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,oBAAoB,CAAC,EAAE,CAAC;QACvE,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC/F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACvD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,aAAa,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC/E,CAAC,CAAC,GAAG,KAAK,aAAa,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,YAAY,CAAC,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,CAAC,CAAC,GAAG,mCAAI,IAAI;QAC1D,cAAc,EAAE,MAAA,MAAA,CAAC,CAAC,GAAG,mCAAI,YAAY,CAAC,cAAc,mCAAI,IAAI;QAC5D,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;QACzB,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,CAAC,CAAC,eAAe,0CAAG,aAAa,CAAC,0CAAE,KAAK,mCAAI,MAAA,CAAC,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;QAC/E,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,cAAc,EAAE,OAAO;KACxB,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AApKW,QAAA,QAAQ,YAoKnB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACvF,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE;YACnC,OAAO;YACP,QAAQ;SACT,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;YAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAA,GAAG,CAAC,KAAK,oDAAG,uCAAuC,CAAC,CAAC;gBACrD,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;iBACtF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,MAAA,GAAG,CAAC,IAAI,oDAAG,mCAAmC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC7D,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,cAAc,GAAG,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBAC3E,WAAW,EAAE,KAAK;gBAClB,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4DAA4D;YAC5D,MAAM,kBAAkB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAE9C,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,2EAA2E;YAEpG,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;YAEjC,IAAI;YACJ,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACzE,MAAM,YAAY,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YAE5D,IAAA,qBAAW,EAAC,GAAG,EAAE,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,kBAAkB,EAAE;gBAC/F,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,CAAC,YAAY;gBACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;gBACvC,MAAM,EAAE,aAAa;gBACrB,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK,EAAE,KAAe;gBACtB,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,EAAE,CAAC,GAAG,mCAAI,IAAI;gBAC9D,cAAc,EAAE,MAAA,MAAA,EAAE,CAAC,GAAG,mCAAI,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,mCAAI,IAAI;gBAChE,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;gBACX,cAAc,EAAE,OAAO;aACxB,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE;gBAC/B,OAAO,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO;gBACnB,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;gBACb,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;aACd,CAAC,CAAC;YACH,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"verify-middleware.js","sourceRoot":"","sources":["../../../src/middlewares/verify-middleware.ts"],"names":[],"mappings":";;;;AACA,4CAAuC;AACvC,2CAAuC;AAEvC,oCAA+C;AAC/C,8CAA+C;AAG/C,oCAAiE;AAEjE,0EAAsE;AAEtE,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;AACrD,MAAM,kBAAkB,GAAG,IAAA,mBAAW,EAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAExD,SAAS,gBAAgB,CAAC,SAA+C,EAAE,MAAe,EAAE,UAAmB;;IAC7G,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,SAAS,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACzD,OAAO,MAAA,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,mCAAI,SAAS,CAAC;QACpD,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;QACD,wBAAwB;QACxB,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACxE,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAChF,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;QACzC,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACpC,OAAO,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,iBAAiB,GAAG,CAAC,MAAiC,EAAE,EAAE;IAC9D,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC,MAAM;QAAE,OAAO,GAAG,CAAC;IACxB,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,GAAG,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEF,SAAS,cAAc,CAAC,MAAe,EAAE,UAAmB;IAC1D,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,UAAU,CAAC;IAC3C,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC;QAC7C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;IAC9D,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAChC,GAAsB,EACtB,KAAa,EACb,MAAe,EACf,UAAmB;IAEnB,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,UAAU,GAAG,2BAA2B,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IAC1E,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACnD,IAAA,qBAAW,EAAC,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE;QAC/B,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,CAAC,OAAO;QAChB,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;QAClC,MAAM,EAAE,CAAC;QACT,MAAM,EAAE,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;KACxD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,2BAA2B,CAAC,KAAa,EAAE,MAAe,EAAE,UAAmB;IACtF,IAAI,cAAc,CAAC,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;QACvC,OAAO,cAAc,KAAK,UAAU,CAAC;IACvC,CAAC;IACD,OAAO,uBAAuB,KAAK,UAAU,CAAC;AAChD,CAAC;AAEM,MAAM,QAAQ,GAAgB,CACnC,GAAgB,EAChB,GAAsB,EACtB,IAAqC,EACV,EAAE;;;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;IAE9D,IAAI,CAAC,KAAK,IAAI,CAAC,CAAA,MAAA,mBAAO,aAAP,mBAAO,uBAAP,mBAAO,CAAG,KAAK,CAAC,0CAAE,QAAQ,CAAA,EAAE,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;SACvE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC;IAEzC,UAAU;IACV,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;IAE7D,IAAI,OAAO,GACT,OAAO,CAAC,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;QACnE,OAAO,CAAC,uBAAuB,KAAK,UAAU,CAAC;QAC/C,OAAO,CAAC,cAAc,KAAK,UAAU,CAAC;QACtC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACpC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAErC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;SAChF,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;SACrF,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;IAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAEhE,IAAI,eAAe,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,OAAO,EAAE,CAAC;YACZ,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,kBAAkB,CAAC,GAAG,CAAC,GAAG,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,MAAM,YAAY,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE1E,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;SACvF,CAAC;IACJ,CAAC;IAED,IAAI,EAAE,GAAG,YAAY,CAAC,WAAW,CAAC;IAClC,IAAI,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;IAEnC,IAAI,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;QACf,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC;IACnC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC;IAE5C,IAAI,CAAC,aAAa,IAAI,aAAa,KAAK,QAAQ,EAAE,CAAC;QACjD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;SACzE,CAAC;IACJ,CAAC;IAED,mFAAmF;IACnF,IAAI,CAAM,CAAC;IACX,IAAI,CAAC;QACH,CAAC,GAAG,IAAA,sBAAS,EAAC,EAAE,CAAC,CAAC;IACpB,CAAC;IAAC,WAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,GAAG,CAAA,EAAE,CAAC;QACZ,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;SAC9E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,mFAAmF;IACnF,MAAM,oBAAoB,GAAG,EAAE,CAAC;IAChC,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,oBAAoB,CAAC,EAAE,CAAC;QACvE,yFAAyF;QACzF,OAAO,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC/F,CAAC;IAED,kBAAkB;IAClB,MAAM,KAAK,GACT,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACvD,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,KAAK,aAAa,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;QAC/E,CAAC,CAAC,GAAG,KAAK,aAAa,CAAC;IAE1B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;SAC3E,CAAC;IACJ,CAAC;IAGD,uBAAuB;IACvB,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;IAC1B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEjC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;QACxB,KAAK;QACL,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,YAAY,CAAC,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,CAAC,CAAC,GAAG,mCAAI,IAAI;QAC1D,UAAU,EAAE,MAAA,MAAA,CAAC,CAAC,OAAO,mCAAI,QAAQ,mCAAI,IAAI;QACzC,QAAQ;QACR,KAAK,EAAE,MAAA,MAAA,CAAC,CAAC,KAAK,mCAAI,CAAC,CAAC,kBAAkB,mCAAI,IAAI;QAC9C,IAAI,EAAE,MAAA,CAAC,CAAC,IAAI,mCAAI,SAAS;KAC1B,CAAC;IAEF,OAAO,IAAI,EAAE,CAAC;AAChB,CAAC,CAAA,CAAC;AAhKW,QAAA,QAAQ,YAgKnB;AAIF,SAAe,kBAAkB,CAC/B,GAAgB,EAChB,GAAsB,EACtB,KAAa,EACb,OAAe,EACf,QAAgB,EAChB,EAAsB,EACtB,OAAe,EACf,CAAM,EACN,IAAqC;;;;QAErC,uCAAuC;QACvC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACvF,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;aAC7E,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,0BAA0B,EAAE;YACnC,OAAO;YACP,QAAQ;SACT,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAA,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,mCAAI,SAAS,CAAC;YAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAA,GAAG,CAAC,KAAK,oDAAG,uCAAuC,CAAC,CAAC;gBACrD,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;iBACtF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO;oBACP,QAAQ,EAAE,QAAQ;oBAClB,aAAa,EAAE,EAAE;iBAClB,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACb,IAAI,SAA6B,CAAC;gBAClC,IAAI,CAAC;oBACH,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAChC,CAAC;gBAAC,WAAM,CAAC;oBACP,SAAS,GAAG,SAAS,CAAC;gBACxB,CAAC;gBAED,MAAM,cAAc,GAClB,CAAC,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;oBACpF,IAAI,CAAC,MAAM,KAAK,GAAG,CAAC;gBAEtB,MAAA,GAAG,CAAC,IAAI,oDAAG,mCAAmC,IAAI,CAAC,MAAM,EAAE,EAAE;oBAC3D,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,YAAY,EAAE,cAAc;iBAC7B,CAAC,CAAC;gBAEH,IAAI,cAAc,EAAE,CAAC;oBACnB,yBAAyB,CAAC,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;gBAChE,CAAC;gBACD,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;iBAC9E,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,EAAE,CAAC;YAEjC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAkC,CAAC;YACtD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAmC,CAAC;YAEvD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBACrB,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;iBACxF,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAA,gCAAwB,EAC1C,GAAG,EACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,EACtC,2BAAmB,CAAC,yBAAyB,CAC9C,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,sCAAsC,EAAE,CAAC;iBACpG,CAAC;YACJ,CAAC;YAED,MAAM,mBAAmB,GAAG,IAAI,0CAAmB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAEhE,MAAM,cAAc,GAAG,MAAM,mBAAmB,CAAC,kBAAkB,CAAC,OAAO,EAAE;gBAC3E,WAAW,EAAE,KAAK;gBAClB,YAAY,EAAE,KAAe;gBAC7B,6EAA6E;gBAC7E,SAAS,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAC3G,CAAC,CAAC;YAEH,4DAA4D;YAC5D,MAAM,kBAAkB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAE9C,4FAA4F;YAC5F,MAAM,aAAa,GACjB,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;gBACzC,CAAC,CAAC,IAAI,CAAC,kBAAkB;gBACzB,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,2EAA2E;YAEpG,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,mBAAO,CAAC,KAAK,CAAC,CAAC;YAEjC,IAAI;YACJ,MAAM,YAAY,GAAG,gBAAgB,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YACzE,MAAM,YAAY,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YAE5D,IAAA,qBAAW,EAAC,GAAG,EAAE,2BAA2B,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,kBAAkB,EAAE;gBAC/F,+FAA+F;gBAC/F,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,CAAC,YAAY;gBACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;gBACvC,MAAM,EAAE,aAAa;gBACrB,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;YAEH,4BAA4B;YAC5B,IAAI,EAAO,CAAC;YACZ,IAAI,CAAC;gBAAC,EAAE,GAAG,IAAA,sBAAS,EAAC,KAAK,CAAC,CAAC;YAAC,CAAC;YAAC,WAAM,CAAC;gBACpC,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBACjF,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GACV,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpD,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,GAAG,KAAK,QAAQ,IAAI,EAAE,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC;gBAC7E,EAAE,CAAC,GAAG,KAAK,QAAQ,CAAC;YACtB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;oBACL,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;oBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;iBAC3E,CAAC;YACJ,CAAC;YAED,oDAAoD;YACpD,YAAC,GAAW,EAAC,KAAK,uCAAL,KAAK,GAAK,EAAE,EAAC;YAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,GAAW,CAAC,KAAK,CAAC,IAAI,GAAG;gBACxB,KAAK,EAAE,KAAe;gBACtB,MAAM,EAAE,MAAA,MAAA,MAAA,MAAA,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,0CAAE,QAAQ,kDAAI,mCAAI,EAAE,CAAC,GAAG,mCAAI,IAAI;gBAC9D,cAAc,EAAE,MAAA,MAAA,EAAE,CAAC,GAAG,mCAAI,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,cAAc,mCAAI,IAAI;gBAChE,UAAU,EAAE,MAAA,MAAA,EAAE,CAAC,OAAO,mCAAI,SAAS,mCAAI,IAAI;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,MAAA,MAAA,EAAE,CAAC,KAAK,mCAAI,EAAE,CAAC,kBAAkB,mCAAI,IAAI;gBAChD,IAAI,EAAE,MAAA,EAAE,CAAC,IAAI,mCAAI,SAAS;gBAC1B,KAAK,EAAE,MAAA,MAAA,MAAA,MAAA,EAAE,CAAC,eAAe,0CAAG,QAAQ,CAAC,0CAAE,KAAK,mCAAI,MAAA,EAAE,CAAC,YAAY,0CAAE,KAAK,mCAAI,EAAE;gBAC5E,GAAG,EAAE,EAAE,CAAC,GAAG;gBACX,cAAc,EAAE,OAAO;aACxB,CAAC;YAEF,kCAAkC;YAClC,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAA,GAAG,CAAC,KAAK,oDAAG,mBAAmB,EAAE;gBAC/B,OAAO,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO;gBACnB,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;gBACb,IAAI,EAAE,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI;aACd,CAAC,CAAC;YACH,OAAO;gBACL,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,qCAAqC,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE;gBAC/I,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;aACjF,CAAC;QACJ,CAAC;IACH,CAAC;CAAA;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjD,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@culturefy/shared",
3
3
  "description": "Shared utilities for culturefy serverless services",
4
- "version": "1.0.71",
4
+ "version": "1.0.72",
5
5
  "main": "build/cjs/index.js",
6
6
  "module": "build/esm/index.js",
7
7
  "types": "build/src/index.d.ts",