@culturefy/shared 1.0.71 → 1.0.73

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/build/cjs/index.js +6 -0
  2. package/build/cjs/index.js.map +1 -1
  3. package/build/cjs/middlewares/index.js +6 -0
  4. package/build/cjs/middlewares/index.js.map +1 -1
  5. package/build/cjs/middlewares/internal-auth-middleware.js +43 -0
  6. package/build/cjs/middlewares/internal-auth-middleware.js.map +1 -0
  7. package/build/cjs/middlewares/verify-middleware.js +25 -16
  8. package/build/cjs/middlewares/verify-middleware.js.map +1 -1
  9. package/build/cjs/service/internal-api.js +66 -0
  10. package/build/cjs/service/internal-api.js.map +1 -0
  11. package/build/esm/index.js +1 -0
  12. package/build/esm/index.js.map +1 -1
  13. package/build/esm/middlewares/index.js +1 -0
  14. package/build/esm/middlewares/index.js.map +1 -1
  15. package/build/esm/middlewares/internal-auth-middleware.js +38 -0
  16. package/build/esm/middlewares/internal-auth-middleware.js.map +1 -0
  17. package/build/esm/middlewares/verify-middleware.js +26 -17
  18. package/build/esm/middlewares/verify-middleware.js.map +1 -1
  19. package/build/esm/service/internal-api.js +60 -0
  20. package/build/esm/service/internal-api.js.map +1 -0
  21. package/build/src/index.d.ts +1 -0
  22. package/build/src/index.js +1 -0
  23. package/build/src/index.js.map +1 -1
  24. package/build/src/middlewares/index.d.ts +1 -0
  25. package/build/src/middlewares/index.js +1 -0
  26. package/build/src/middlewares/index.js.map +1 -1
  27. package/build/src/middlewares/internal-auth-middleware.d.ts +2 -0
  28. package/build/src/middlewares/internal-auth-middleware.js +36 -0
  29. package/build/src/middlewares/internal-auth-middleware.js.map +1 -0
  30. package/build/src/middlewares/verify-middleware.js +24 -13
  31. package/build/src/middlewares/verify-middleware.js.map +1 -1
  32. package/build/src/service/internal-api.d.ts +18 -0
  33. package/build/src/service/internal-api.js +81 -0
  34. package/build/src/service/internal-api.js.map +1 -0
  35. package/package.json +1 -1
package/build/cjs/index.js CHANGED
@@ -43,4 +43,10 @@ Object.keys(_repositories).forEach(function (key) {
43
43
  if (key in exports && exports[key] === _repositories[key]) return;
44
44
  exports[key] = _repositories[key];
45
45
  });
46
+ var _internalApi = require("./service/internal-api");
47
+ Object.keys(_internalApi).forEach(function (key) {
48
+ if (key === "default" || key === "__esModule") return;
49
+ if (key in exports && exports[key] === _internalApi[key]) return;
50
+ exports[key] = _internalApi[key];
51
+ });
46
52
  //# sourceMappingURL=index.js.map
package/build/cjs/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["_types","require","Object","keys","forEach","key","exports","_enums","_utils","_cache","_middlewares","_constants","_repositories"],"sources":["../../src/index.ts"],"sourcesContent":["export * from './types';\nexport * from './enums';\nexport * from './utils';\nexport * from './utils/cache';\nexport * from './middlewares';\nexport * from './constants';\nexport * from './repositories';\n"],"mappings":";;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,MAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,MAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,MAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,MAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,MAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,MAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,MAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,MAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,MAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,MAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,MAAA,CAAAH,GAAA;AAAA;AACA,IAAAI,MAAA,GAAAR,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAM,MAAA,EAAAL,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAI,MAAA,CAAAJ,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAI,MAAA,CAAAJ,GAAA;AAAA;AACA,IAAAK,YAAA,GAAAT,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAO,YAAA,EAAAN,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAK,YAAA,CAAAL,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAK,YAAA,CAAAL,GAAA;AAAA;AACA,IAAAM,UAAA,GAAAV,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAQ,UAAA,EAAAP,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAM,UAAA,CAAAN,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAM,UAAA,CAAAN,GAAA;AAAA;AACA,IAAAO,aAAA,GAAAX,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAS,aAAA,EAAAR,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAO,aAAA,CAAAP,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAO,aAAA,CAAAP,GAAA;AAAA","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":["_types","require","Object","keys","forEach","key","exports","_enums","_utils","_cache","_middlewares","_constants","_repositories","_internalApi"],"sources":["../../src/index.ts"],"sourcesContent":["export * from './types';\nexport * from './enums';\nexport * from './utils';\nexport * from './utils/cache';\nexport * from './middlewares';\nexport * from './constants';\nexport * from './repositories';\nexport * from './service/internal-api';\n"],"mappings":";;;AAAA,IAAAA,MAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,MAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,MAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,MAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,MAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,MAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,MAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,MAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,MAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,MAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,MAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,MAAA,CAAAH,GAAA;AAAA;AACA,IAAAI,MAAA,GAAAR,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAM,MAAA,EAAAL,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAI,MAAA,CAAAJ,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAI,MAAA,CAAAJ,GAAA;AAAA;AACA,IAAAK,YAAA,GAAAT,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAO,YAAA,EAAAN,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAK,YAAA,CAAAL,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAK,YAAA,CAAAL,GAAA;AAAA;AACA,IAAAM,UAAA,GAAAV,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAQ,UAAA,EAAAP,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAM,UAAA,CAAAN,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAM,UAAA,CAAAN,GAAA;AAAA;AACA,IAAAO,aAAA,GAAAX,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAS,aAAA,EAAAR,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAO,aAAA,CAAAP,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAO,aAAA,CAAAP,GAAA;AAAA;AACA,IAAAQ,YAAA,GAAAZ,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAU,YAAA,EAAAT,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAQ,YAAA,CAAAR,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAQ,YAAA,CAAAR,GAAA;AAAA","ignoreList":[]}
package/build/cjs/middlewares/index.js CHANGED
@@ -7,6 +7,12 @@ Object.keys(_tokenValidation).forEach(function (key) {
7
7
  if (key in exports && exports[key] === _tokenValidation[key]) return;
8
8
  exports[key] = _tokenValidation[key];
9
9
  });
10
+ var _internalAuthMiddleware = require("./internal-auth-middleware");
11
+ Object.keys(_internalAuthMiddleware).forEach(function (key) {
12
+ if (key === "default" || key === "__esModule") return;
13
+ if (key in exports && exports[key] === _internalAuthMiddleware[key]) return;
14
+ exports[key] = _internalAuthMiddleware[key];
15
+ });
10
16
  var _verifyMiddleware = require("./verify-middleware");
11
17
  Object.keys(_verifyMiddleware).forEach(function (key) {
12
18
  if (key === "default" || key === "__esModule") return;
package/build/cjs/middlewares/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":["_tokenValidation","require","Object","keys","forEach","key","exports","_verifyMiddleware","_verifyExpress"],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":";;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,gBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,gBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,gBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,iBAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,iBAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,iBAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,iBAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,cAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,cAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,cAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,cAAA,CAAAH,GAAA;AAAA","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":["_tokenValidation","require","Object","keys","forEach","key","exports","_internalAuthMiddleware","_verifyMiddleware","_verifyExpress"],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './internal-auth-middleware';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":";;;AAAA,IAAAA,gBAAA,GAAAC,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAH,gBAAA,EAAAI,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAL,gBAAA,CAAAK,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAL,gBAAA,CAAAK,GAAA;AAAA;AACA,IAAAE,uBAAA,GAAAN,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAI,uBAAA,EAAAH,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAE,uBAAA,CAAAF,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAE,uBAAA,CAAAF,GAAA;AAAA;AACA,IAAAG,iBAAA,GAAAP,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAK,iBAAA,EAAAJ,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAG,iBAAA,CAAAH,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAG,iBAAA,CAAAH,GAAA;AAAA;AACA,IAAAI,cAAA,GAAAR,OAAA;AAAAC,MAAA,CAAAC,IAAA,CAAAM,cAAA,EAAAL,OAAA,WAAAC,GAAA;EAAA,IAAAA,GAAA,kBAAAA,GAAA;EAAA,IAAAA,GAAA,IAAAC,OAAA,IAAAA,OAAA,CAAAD,GAAA,MAAAI,cAAA,CAAAJ,GAAA;EAAAC,OAAA,CAAAD,GAAA,IAAAI,cAAA,CAAAJ,GAAA;AAAA","ignoreList":[]}
package/build/cjs/middlewares/internal-auth-middleware.js ADDED
@@ -0,0 +1,43 @@
1
+ "use strict";
2
+
3
+ exports.__esModule = true;
4
+ exports.internalAuthMw = void 0;
5
+ const INTERNAL_SERVICE_KEY = "12345";
6
+ const getHeader = (req, name) => {
7
+ var _req$headers$get;
8
+ return (_req$headers$get = req.headers.get(name)) != null ? _req$headers$get : req.headers.get(name.toLowerCase());
9
+ };
10
+ const internalAuthMw = async (req, ctx, next) => {
11
+ var _ref, _ref$state;
12
+ const internalKey = getHeader(req, "x-internal-key");
13
+ if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {
14
+ return {
15
+ status: 401,
16
+ headers: {
17
+ "Content-Type": "application/json"
18
+ },
19
+ body: JSON.stringify({
20
+ status: "unauthenticated",
21
+ reason: "invalid_internal_key"
22
+ })
23
+ };
24
+ }
25
+ const tenantId = getHeader(req, "x-tenant-id") || undefined;
26
+ const userId = getHeader(req, "x-user-id") || undefined;
27
+ const businessId = getHeader(req, "x-business-id") || undefined;
28
+ const appId = getHeader(req, "x-app-id") || undefined;
29
+ const email = getHeader(req, "x-email") || undefined;
30
+ const name = getHeader(req, "x-name") || undefined;
31
+ (_ref$state = (_ref = ctx).state) != null ? _ref$state : _ref.state = {};
32
+ ctx.state.auth = {
33
+ appId,
34
+ userId,
35
+ businessId,
36
+ tenantId,
37
+ email,
38
+ name
39
+ };
40
+ return next();
41
+ };
42
+ exports.internalAuthMw = internalAuthMw;
43
+ //# sourceMappingURL=internal-auth-middleware.js.map
package/build/cjs/middlewares/internal-auth-middleware.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"internal-auth-middleware.js","names":["INTERNAL_SERVICE_KEY","getHeader","req","name","_req$headers$get","headers","get","toLowerCase","internalAuthMw","ctx","next","_ref","_ref$state","internalKey","status","body","JSON","stringify","reason","tenantId","undefined","userId","businessId","appId","email","state","auth","exports"],"sources":["../../../src/middlewares/internal-auth-middleware.ts"],"sourcesContent":["import { HttpRequest, HttpResponseInit, InvocationContext } from \"@azure/functions\";\nimport { IMiddleware } from \"../types/middleware\";\n\nconst INTERNAL_SERVICE_KEY = \"12345\";\n\nconst getHeader = (req: HttpRequest, name: string): string | null =>\n req.headers.get(name) ?? req.headers.get(name.toLowerCase());\n\nexport const internalAuthMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const internalKey = getHeader(req, \"x-internal-key\");\n\n if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_internal_key\" }),\n };\n }\n\n const tenantId = getHeader(req, \"x-tenant-id\") || undefined;\n const userId = getHeader(req, \"x-user-id\") || undefined;\n const businessId = getHeader(req, \"x-business-id\") || undefined;\n const appId = getHeader(req, \"x-app-id\") || undefined;\n const email = getHeader(req, \"x-email\") || undefined;\n const name = getHeader(req, \"x-name\") || undefined;\n\n (ctx as any).state ??= {};\n (ctx as any).state.auth = {\n appId,\n userId,\n businessId,\n tenantId,\n email,\n name,\n };\n\n return next();\n};\n"],"mappings":";;;;AAGA,MAAMA,oBAAoB,GAAG,OAAO;AAEpC,MAAMC,SAAS,GAAGA,CAACC,GAAgB,EAAEC,IAAY;EAAA,IAAAC,gBAAA;EAAA,QAAAA,gBAAA,GAC/CF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAAC,YAAAC,gBAAA,GAAIF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAACI,WAAW,CAAC,CAAC,CAAC;AAAA;AAEvD,MAAMC,cAA2B,GAAG,MAAAA,CACzCN,GAAgB,EAChBO,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,IAAA,EAAAC,UAAA;EAC9B,MAAMC,WAAW,GAAGZ,SAAS,CAACC,GAAG,EAAE,gBAAgB,CAAC;EAEpD,IAAI,CAACW,WAAW,IAAIA,WAAW,KAAKb,oBAAoB,EAAE;IACxD,OAAO;MACLc,MAAM,EAAE,GAAG;MACXT,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CU,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuB,CAAC;IACpF,CAAC;EACH;EAEA,MAAMC,QAAQ,GAAGlB,SAAS,CAACC,GAAG,EAAE,aAAa,CAAC,IAAIkB,SAAS;EAC3D,MAAMC,MAAM,GAAGpB,SAAS,CAACC,GAAG,EAAE,WAAW,CAAC,IAAIkB,SAAS;EACvD,MAAME,UAAU,GAAGrB,SAAS,CAACC,GAAG,EAAE,eAAe,CAAC,IAAIkB,SAAS;EAC/D,MAAMG,KAAK,GAAGtB,SAAS,CAACC,GAAG,EAAE,UAAU,CAAC,IAAIkB,SAAS;EACrD,MAAMI,KAAK,GAAGvB,SAAS,CAACC,GAAG,EAAE,SAAS,CAAC,IAAIkB,SAAS;EACpD,MAAMjB,IAAI,GAAGF,SAAS,CAACC,GAAG,EAAE,QAAQ,CAAC,IAAIkB,SAAS;EAElD,CAAAR,UAAA,IAAAD,IAAA,GAACF,GAAG,EAASgB,KAAK,YAAAb,UAAA,GAAlBD,IAAA,CAAac,KAAK,GAAK,CAAC,CAAC;EACxBhB,GAAG,CAASgB,KAAK,CAACC,IAAI,GAAG;IACxBH,KAAK;IACLF,MAAM;IACNC,UAAU;IACVH,QAAQ;IACRK,KAAK;IACLrB;EACF,CAAC;EAED,OAAOO,IAAI,CAAC,CAAC;AACf,CAAC;AAACiB,OAAA,CAAAnB,cAAA,GAAAA,cAAA","ignoreList":[]}
package/build/cjs/middlewares/verify-middleware.js CHANGED
@@ -84,7 +84,7 @@ function getSessionMappingCookieName(appId, origin, requestUrl) {
84
84
  return `__Secure-session-v1.${appId}.mapping`;
85
85
  }
86
86
  const verifyMw = async (req, ctx, next) => {
87
- var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$sub, _ref4, _p$cfy_bid, _ref5, _p$email, _p$name, _ref6, _p$resource_access$to, _p$resource_access, _p$realm_access;
87
+ var _APP_MAP$appId, _req$headers$get, _p, _ref, _ref$state, _ref2, _tokenMapping$userId$, _tokenMapping$userId, _ref3, _p$cfy_bid, _ref4, _p$email, _p$name;
88
88
  const appId = req.headers.get("app-id");
89
89
  if (!appId || !(_constants.APP_MAP != null && (_APP_MAP$appId = _constants.APP_MAP[appId]) != null && _APP_MAP$appId.clientId)) {
90
90
  return {
@@ -282,14 +282,10 @@ const verifyMw = async (req, ctx, next) => {
282
282
  ctx.state.auth = {
283
283
  appId,
284
284
  userId: (_ref2 = (_tokenMapping$userId$ = (_tokenMapping$userId = tokenMapping.userId) == null || _tokenMapping$userId.toString == null ? void 0 : _tokenMapping$userId.toString()) != null ? _tokenMapping$userId$ : p.sub) != null ? _ref2 : null,
285
- keycloakUserId: (_ref3 = (_p$sub = p.sub) != null ? _p$sub : tokenMapping.keycloakUserId) != null ? _ref3 : null,
286
- businessId: (_ref4 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref4 : null,
285
+ businessId: (_ref3 = (_p$cfy_bid = p.cfy_bid) != null ? _p$cfy_bid : tenantId) != null ? _ref3 : null,
287
286
  tenantId,
288
- email: (_ref5 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref5 : null,
289
- name: (_p$name = p.name) != null ? _p$name : undefined,
290
- roles: (_ref6 = (_p$resource_access$to = (_p$resource_access = p.resource_access) == null || (_p$resource_access = _p$resource_access[tokenClientId]) == null ? void 0 : _p$resource_access.roles) != null ? _p$resource_access$to : (_p$realm_access = p.realm_access) == null ? void 0 : _p$realm_access.roles) != null ? _ref6 : [],
291
- exp: p.exp,
292
- tokenMappingId: mapping
287
+ email: (_ref4 = (_p$email = p.email) != null ? _p$email : p.preferred_username) != null ? _ref4 : null,
288
+ name: (_p$name = p.name) != null ? _p$name : undefined
293
289
  };
294
290
  return next();
295
291
  };
@@ -320,7 +316,7 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
320
316
 
321
317
  // Call auth service to refresh
322
318
  try {
323
- var _req$headers$get3, _ref7, _ref7$state, _ref8, _updatedMapping$userI, _updatedMapping$userI2, _ref9, _p2$sub, _ref0, _p2$cfy_bid, _ref1, _p2$email, _p2$name, _ref10, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
319
+ var _req$headers$get3, _ref5, _ref5$state, _ref6, _updatedMapping$userI, _updatedMapping$userI2, _ref7, _p2$sub, _ref8, _p2$cfy_bid, _ref9, _p2$email, _p2$name, _ref0, _p2$resource_access$c, _p2$resource_access, _p2$realm_access;
324
320
  const requestOrigin = (_req$headers$get3 = req.headers.get("origin")) != null ? _req$headers$get3 : undefined;
325
321
  if (!apiURL) {
326
322
  ctx.error == null || ctx.error("Refresh session URL is not configured");
@@ -350,7 +346,20 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
350
346
  })
351
347
  });
352
348
  if (!resp.ok) {
353
- ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`);
349
+ let errorText;
350
+ try {
351
+ errorText = await resp.text();
352
+ } catch {
353
+ errorText = undefined;
354
+ }
355
+ const isInvalidGrant = typeof errorText === "string" && errorText.toLowerCase().includes("invalid_grant") || resp.status === 400;
356
+ ctx.warn == null || ctx.warn(`refresh call failed with status ${resp.status}`, {
357
+ status: resp.status,
358
+ invalidGrant: isInvalidGrant
359
+ });
360
+ if (isInvalidGrant) {
361
+ clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);
362
+ }
354
363
  return {
355
364
  status: 401,
356
365
  headers: {
@@ -466,17 +475,17 @@ async function getNewRefreshToken(req, ctx, appId, realmId, clientId, rt, mappin
466
475
  }
467
476
 
468
477
  // Update downstream auth state with refreshed token
469
- (_ref7$state = (_ref7 = ctx).state) != null ? _ref7$state : _ref7.state = {};
478
+ (_ref5$state = (_ref5 = ctx).state) != null ? _ref5$state : _ref5.state = {};
470
479
  const tenantId2 = realmId.toString();
471
480
  ctx.state.auth = {
472
481
  appId: appId,
473
- userId: (_ref8 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref8 : null,
474
- keycloakUserId: (_ref9 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref9 : null,
475
- businessId: (_ref0 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref0 : null,
482
+ userId: (_ref6 = (_updatedMapping$userI = updatedMapping == null || (_updatedMapping$userI2 = updatedMapping.userId) == null || _updatedMapping$userI2.toString == null ? void 0 : _updatedMapping$userI2.toString()) != null ? _updatedMapping$userI : p2.sub) != null ? _ref6 : null,
483
+ keycloakUserId: (_ref7 = (_p2$sub = p2.sub) != null ? _p2$sub : updatedMapping == null ? void 0 : updatedMapping.keycloakUserId) != null ? _ref7 : null,
484
+ businessId: (_ref8 = (_p2$cfy_bid = p2.cfy_bid) != null ? _p2$cfy_bid : tenantId2) != null ? _ref8 : null,
476
485
  tenantId: tenantId2,
477
- email: (_ref1 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref1 : null,
486
+ email: (_ref9 = (_p2$email = p2.email) != null ? _p2$email : p2.preferred_username) != null ? _ref9 : null,
478
487
  name: (_p2$name = p2.name) != null ? _p2$name : undefined,
479
- roles: (_ref10 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref10 : [],
488
+ roles: (_ref0 = (_p2$resource_access$c = (_p2$resource_access = p2.resource_access) == null || (_p2$resource_access = _p2$resource_access[clientId]) == null ? void 0 : _p2$resource_access.roles) != null ? _p2$resource_access$c : (_p2$realm_access = p2.realm_access) == null ? void 0 : _p2$realm_access.roles) != null ? _ref0 : [],
480
489
  exp: p2.exp,
481
490
  tokenMappingId: mapping
482
491
  };
package/build/cjs/middlewares/verify-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","clearSessionMappingCookie","ctx","appId","APP_MAP","cookieName","getSessionMappingCookieName","isLocal","setCookieKV","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$sub","_ref4","_p$cfy_bid","_ref5","_p$email","_p$name","_ref6","_p$resource_access$to","_p$resource_access","_p$realm_access","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","jwtDecode","sid","now","Math","floor","Date","refreshLeewaySeconds","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","keycloakUserId","businessId","cfy_bid","email","preferred_username","name","roles","resource_access","realm_access","tokenMappingId","exports","_req$headers$get2","info","_req$headers$get3","_ref7","_ref7$state","_ref8","_updatedMapping$userI","_updatedMapping$userI2","_ref9","_p2$sub","_ref0","_p2$cfy_bid","_ref1","_p2$email","_p2$name","_ref10","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","warn","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","audOk2","tenantId2","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)\n const refreshLeewaySeconds = 60;\n if (typeof p.exp === \"number\" && p.exp <= (now + refreshLeewaySeconds)) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n keycloakUserId: p.sub ?? tokenMapping.keycloakUserId ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n roles: p.resource_access?.[tokenClientId]?.roles ?? p.realm_access?.roles ?? [],\n exp: p.exp,\n tokenMappingId: mapping,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n ctx.warn?.(`refresh call failed with status ${resp.status}`);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC1B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASoB,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb7B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;EAChC,MAAME,UAAU,GAAGC,2BAA2B,CAACH,KAAK,EAAE7B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMgC,OAAO,GAAGP,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC;EAClD,IAAAiC,oBAAW,EAACN,GAAG,EAAEG,UAAU,EAAE,EAAE,EAAE;IAC/BI,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACH,OAAO;IAChBI,QAAQ,EAAEJ,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCK,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAAS+B,2BAA2BA,CAACH,KAAa,EAAE7B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAIyB,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc4B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEO,MAAMU,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBZ,GAAsB,EACtBa,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,kBAAA,EAAAC,eAAA;EAC9B,MAAM/B,KAAK,GAAGW,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAACjC,KAAK,IAAI,EAACC,kBAAO,aAAAY,cAAA,GAAPZ,kBAAO,CAAGD,KAAK,CAAC,aAAhBa,cAAA,CAAkBqB,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAGjC,kBAAO,CAACD,KAAK,CAAC,CAACkC,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAGrD,iBAAiB,CAACwB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAA3B,gBAAA,GAAGH,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAnB,gBAAA,GAAIzC,SAAS;EAE5D,IAAIqE,OAAsB,GACxBF,OAAO,CAACrC,2BAA2B,CAACH,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBxC,KAAK,UAAU,CAAC,IAC/CwC,OAAO,CAAC,cAAcxC,KAAK,UAAU,CAAC,IACtCW,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpCtB,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/C,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACkF,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpD,GAAG,EAAE8C,KAAK,CAAC;EAE/D,IAAIO,eAAe,GAAG,MAAMrF,kBAAkB,CAACkE,GAAG,CAAClC,GAAG,EAAE2C,OAAO,CAAC;EAChE,IAAI,CAACU,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACZ,OAAO,CAAC;IACtE,IAAIW,OAAO,EAAE;MACXD,eAAe,GAAGf,IAAI,CAACC,SAAS,CAACe,OAAO,CAAC;MACzC,MAAMtF,kBAAkB,CAACwF,GAAG,CAACxD,GAAG,EAAEqD,eAAe,EAAEV,OAAO,CAAC;IAC7D;EACF;EACA,MAAMc,YAAY,GAAGJ,eAAe,GAAGf,IAAI,CAACoB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAImB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMuB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACtB,QAAQ;EAE3C,IAAI,CAAC8B,aAAa,IAAIA,aAAa,KAAK9B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACR,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAxB,EAAA,GAACkD,CAAC,aAADlD,EAAA,CAAGoD,GAAG,GAAE;IACX,OAAO;MACLhC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM6B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,MAAMI,oBAAoB,GAAG,EAAE;EAC/B,IAAI,OAAOP,CAAC,CAACQ,GAAG,KAAK,QAAQ,IAAIR,CAAC,CAACQ,GAAG,IAAKL,GAAG,GAAGI,oBAAqB,EAAE;IACtE;IACA,OAAO,MAAME,kBAAkB,CAAC/D,GAAG,EAAEZ,GAAG,EAAEC,KAAK,EAAE8D,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAElB,OAAO,EAAEuB,CAAC,EAAErD,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAM+D,KAAK,GACRC,KAAK,CAACC,OAAO,CAACZ,CAAC,CAACa,GAAG,CAAC,IAAIb,CAAC,CAACa,GAAG,CAACC,QAAQ,CAACf,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACa,GAAG,KAAK,QAAQ,KAAKb,CAAC,CAACa,GAAG,KAAKd,aAAa,IAAIC,CAAC,CAACa,GAAG,KAAK,SAAS,CAAE,IAC/Eb,CAAC,CAACe,GAAG,KAAKhB,aAAa;EAEzB,IAAI,CAACW,KAAK,EAAE;IACV,OAAO;MACLxC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAtB,UAAA,IAAAD,IAAA,GAACjB,GAAG,EAASkF,KAAK,YAAAhE,UAAA,GAAlBD,IAAA,CAAaiE,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGpB,KAAK,CAACqB,QAAQ,CAAC,CAAC;EAEhCpF,GAAG,CAASkF,KAAK,CAACG,IAAI,GAAG;IACxBpF,KAAK;IACLqF,MAAM,GAAAnE,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAEoC,YAAY,CAAC6B,MAAM,aAAnBjE,oBAAA,CAAqB+D,QAAQ,oBAA7B/D,oBAAA,CAAqB+D,QAAQ,CAAG,CAAC,YAAAhE,qBAAA,GAAI8C,CAAC,CAACqB,GAAG,YAAApE,KAAA,GAAI,IAAI;IAC1DqE,cAAc,GAAAlE,KAAA,IAAAC,MAAA,GAAE2C,CAAC,CAACqB,GAAG,YAAAhE,MAAA,GAAIkC,YAAY,CAAC+B,cAAc,YAAAlE,KAAA,GAAI,IAAI;IAC5DmE,UAAU,GAAAjE,KAAA,IAAAC,UAAA,GAAEyC,CAAC,CAACwB,OAAO,YAAAjE,UAAA,GAAI0D,QAAQ,YAAA3D,KAAA,GAAI,IAAI;IACzC2D,QAAQ;IACRQ,KAAK,GAAAjE,KAAA,IAAAC,QAAA,GAAEuC,CAAC,CAACyB,KAAK,YAAAhE,QAAA,GAAIuC,CAAC,CAAC0B,kBAAkB,YAAAlE,KAAA,GAAI,IAAI;IAC9CmE,IAAI,GAAAjE,OAAA,GAAEsC,CAAC,CAAC2B,IAAI,YAAAjE,OAAA,GAAItD,SAAS;IACzBwH,KAAK,GAAAjE,KAAA,IAAAC,qBAAA,IAAAC,kBAAA,GAAEmC,CAAC,CAAC6B,eAAe,cAAAhE,kBAAA,GAAjBA,kBAAA,CAAoBkC,aAAa,CAAC,qBAAlClC,kBAAA,CAAoC+D,KAAK,YAAAhE,qBAAA,IAAAE,eAAA,GAAIkC,CAAC,CAAC8B,YAAY,qBAAdhE,eAAA,CAAgB8D,KAAK,YAAAjE,KAAA,GAAI,EAAE;IAC/E6C,GAAG,EAAER,CAAC,CAACQ,GAAG;IACVuB,cAAc,EAAEtD;EAClB,CAAC;EAED,OAAO9B,IAAI,CAAC,CAAC;AACf,CAAC;AAACqF,OAAA,CAAAvF,QAAA,GAAAA,QAAA;AAIF,eAAegE,kBAAkBA,CAC/B/D,GAAgB,EAChBZ,GAAsB,EACtBC,KAAa,EACb+D,OAAe,EACf7B,QAAgB,EAChB0B,EAAsB,EACtBlB,OAAe,EACfuB,CAAM,EACNrD,IAAqC,EACV;EAC3B;EACA,IAAI,CAACgD,EAAE,EAAE;IAAA,IAAAsC,iBAAA;IACPpG,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAkG,iBAAA,GAAEvF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAiE,iBAAA,GAAI7H,SAAS,EAAEsC,GAAG,CAACgC,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAxC,GAAG,CAACoG,IAAI,CAAC,0BAA0B,EAAE;IACnCpC,OAAO;IACP7B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAAkE,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,MAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAM3E,aAAa,IAAA2D,iBAAA,GAAGzF,GAAG,CAACqB,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAmE,iBAAA,GAAI/H,SAAS;IAC5D,IAAI,CAACV,MAAM,EAAE;MACXoC,GAAG,CAACsH,KAAK,YAATtH,GAAG,CAACsH,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACLlF,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM+E,IAAI,GAAG,MAAMC,KAAK,CAAC5J,MAAM,EAAE;MAC/B6J,MAAM,EAAE,MAAM;MACdxF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnByB,OAAO;QACP7B,QAAQ,EAAEA,QAAQ;QAClBuF,aAAa,EAAE7D;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC0D,IAAI,CAACI,EAAE,EAAE;MACZ3H,GAAG,CAAC4H,IAAI,YAAR5H,GAAG,CAAC4H,IAAI,CAAG,mCAAmCL,IAAI,CAACnF,MAAM,EAAE,CAAC;MAC5D,OAAO;QACLA,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMqF,OAAO,GAAG,MAAMN,IAAI,CAACO,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACL,aAAmC;IAEtD,IAAI,CAACM,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL9F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1C/C,GAAG,EACHnC,OAAO,CAACC,GAAG,CAACkF,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAACpD,GAAG,EAAE8C,KAAK,CAAC;IAE/D,MAAMqF,cAAc,GAAG,MAAMhF,mBAAmB,CAACiF,kBAAkB,CAACzF,OAAO,EAAE;MAC3EiB,WAAW,EAAEoE,KAAK;MAClBlE,YAAY,EAAEoE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI9D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG0D,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAGhK;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAACuK,MAAM,CAACvI,GAAG,EAAE2C,OAAO,CAAC;;IAE7C;IACA,MAAM6F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEzB,MAAMC,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAACjG,OAAO,CAAC,CAACyC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAMjH,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;;IAEhC;IACA,MAAM4I,YAAY,GAAG3K,gBAAgB,CAACC,SAAS,EAAEuE,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IACxE,MAAMkG,YAAY,GAAGhJ,cAAc,CAAC4C,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC;IAE3D,IAAAtC,oBAAW,EAACN,GAAG,EAAEI,2BAA2B,CAACH,KAAK,EAAEyC,aAAa,EAAE9B,GAAG,CAACgC,GAAG,CAAC,EAAE8F,kBAAkB,EAAE;MAC/F;MACAnI,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACsI,YAAY;MACrBrI,QAAQ,EAAEqI,YAAY,GAAG,KAAK,GAAG,MAAM;MACvCpI,MAAM,EAAE8H,aAAa;MACrB1J,MAAM,EAAE+J;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA5E,oBAAS,EAAC6D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL5F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMwG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACiE,EAAE,CAAChE,GAAG,CAAC,IAAIgE,EAAE,CAAChE,GAAG,CAACC,QAAQ,CAAC7C,QAAQ,CAAC,IAClD,OAAO4G,EAAE,CAAChE,GAAG,KAAK,QAAQ,KAAKgE,EAAE,CAAChE,GAAG,KAAK5C,QAAQ,IAAI4G,EAAE,CAAChE,GAAG,KAAK,SAAS,CAAE,IAC7EgE,EAAE,CAAC9D,GAAG,KAAK9C,QAAQ;IACrB,IAAI,CAAC6G,MAAM,EAAE;MACX,OAAO;QACL5G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA+D,WAAA,IAAAD,KAAA,GAACtG,GAAG,EAASkF,KAAK,YAAAqB,WAAA,GAAlBD,KAAA,CAAapB,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGjF,OAAO,CAACoB,QAAQ,CAAC,CAAC;IACnCpF,GAAG,CAASkF,KAAK,CAACG,IAAI,GAAG;MACxBpF,KAAK,EAAEA,KAAe;MACtBqF,MAAM,GAAAkB,KAAA,IAAAC,qBAAA,GAAE0B,cAAc,aAAAzB,sBAAA,GAAdyB,cAAc,CAAE7C,MAAM,aAAtBoB,sBAAA,CAAwBtB,QAAQ,oBAAhCsB,sBAAA,CAAwBtB,QAAQ,CAAG,CAAC,YAAAqB,qBAAA,GAAIsC,EAAE,CAACxD,GAAG,YAAAiB,KAAA,GAAI,IAAI;MAC9DhB,cAAc,GAAAmB,KAAA,IAAAC,OAAA,GAAEmC,EAAE,CAACxD,GAAG,YAAAqB,OAAA,GAAIuB,cAAc,oBAAdA,cAAc,CAAE3C,cAAc,YAAAmB,KAAA,GAAI,IAAI;MAChElB,UAAU,GAAAoB,KAAA,IAAAC,WAAA,GAAEiC,EAAE,CAACrD,OAAO,YAAAoB,WAAA,GAAImC,SAAS,YAAApC,KAAA,GAAI,IAAI;MAC3C1B,QAAQ,EAAE8D,SAAS;MACnBtD,KAAK,GAAAoB,KAAA,IAAAC,SAAA,GAAE+B,EAAE,CAACpD,KAAK,YAAAqB,SAAA,GAAI+B,EAAE,CAACnD,kBAAkB,YAAAmB,KAAA,GAAI,IAAI;MAChDlB,IAAI,GAAAoB,QAAA,GAAE8B,EAAE,CAAClD,IAAI,YAAAoB,QAAA,GAAI3I,SAAS;MAC1BwH,KAAK,GAAAoB,MAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAE2B,EAAE,CAAChD,eAAe,cAAAqB,mBAAA,GAAlBA,mBAAA,CAAqBjF,QAAQ,CAAC,qBAA9BiF,mBAAA,CAAgCtB,KAAK,YAAAqB,qBAAA,IAAAE,gBAAA,GAAI0B,EAAE,CAAC/C,YAAY,qBAAfqB,gBAAA,CAAiBvB,KAAK,YAAAoB,MAAA,GAAI,EAAE;MAC5ExC,GAAG,EAAEqE,EAAE,CAACrE,GAAG;MACXuB,cAAc,EAAEtD;IAClB,CAAC;;IAED;IACA,OAAO9B,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOqI,CAAM,EAAE;IACflJ,GAAG,CAACsH,KAAK,YAATtH,GAAG,CAACsH,KAAK,CAAG,mBAAmB,EAAE;MAC/B6B,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnBtD,IAAI,EAAEqD,CAAC,oBAADA,CAAC,CAAErD,IAAI;MACbuD,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACLhH,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAACwG,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOV,MAAM,CAACC,IAAI,CAACS,KAAK,EAAE,QAAQ,CAAC,CAACjE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAOkC,KAAU,EAAE;IACnBgC,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAGjC,KAAK,CAAC6B,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
1
+ {"version":3,"file":"verify-middleware.js","names":["_constants","require","_jwtDecode","_enums","_cookies","_utils","_tokenMapping","apiURL","process","env","REFRESH_SESSION_URL","verifyMappingCache","createCache","pickCookieDomain","appConfig","origin","requestUrl","undefined","hostCandidate","host","URL","hostname","startsWith","_appConfig$cookie$dom","cookie","domain","local","endsWith","dev","staging","prod","parseCookieHeader","header","out","part","split","k","rest","trim","decodeURIComponent","join","isLocalRequest","clearSessionMappingCookie","ctx","appId","APP_MAP","cookieName","getSessionMappingCookieName","isLocal","setCookieKV","httpOnly","secure","sameSite","maxAge","verifyMw","req","next","_APP_MAP$appId","_req$headers$get","_p","_ref","_ref$state","_ref2","_tokenMapping$userId$","_tokenMapping$userId","_ref3","_p$cfy_bid","_ref4","_p$email","_p$name","headers","get","clientId","status","body","JSON","stringify","reason","cookies","requestOrigin","mapping","url","base64Decode","dbUrl","getAzureVaultSecretByKey","AZURE_KEY_VAULT_NAME","AzureSecretKeysEnum","DB_CONNECTING_STRING_USER","tokenMappingService","TokenMappingService","tokenMappingRaw","fetched","getTokenMappingById","set","tokenMapping","parse","at","accessToken","rt","refreshToken","realm","realmId","tokenClientId","p","jwtDecode","sid","now","Math","floor","Date","refreshLeewaySeconds","exp","getNewRefreshToken","audOk","Array","isArray","aud","includes","azp","state","tenantId","toString","auth","userId","sub","businessId","cfy_bid","email","preferred_username","name","exports","_req$headers$get2","info","_req$headers$get3","_ref5","_ref5$state","_ref6","_updatedMapping$userI","_updatedMapping$userI2","_ref7","_p2$sub","_ref8","_p2$cfy_bid","_ref9","_p2$email","_p2$name","_ref0","_p2$resource_access$c","_p2$resource_access","_p2$realm_access","error","resp","fetch","method","refresh_token","ok","errorText","text","isInvalidGrant","toLowerCase","warn","invalidGrant","payload","json","data","newAT","access_token","newRT","updatedMapping","updateTokenMapping","expiresAt","expires_in","delete","mappingMaxAge","refresh_expires_in","mappingCookieValue","Buffer","from","mappedDomain","localRequest","p2","audOk2","tenantId2","keycloakUserId","roles","resource_access","realm_access","tokenMappingId","e","message","code","value","console","log"],"sources":["../../../src/middlewares/verify-middleware.ts"],"sourcesContent":["import { IAppId } from \"../types/app\";\nimport { APP_MAP } from \"../constants\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { HttpRequest } from \"@azure/functions\";\nimport { AzureSecretKeysEnum } from \"../enums\";\nimport { setCookieKV } from \"../utils/cookies\";\nimport { IMiddleware } from \"../types/middleware\";\nimport { HttpResponseInit } from \"@azure/functions\";\nimport { createCache, getAzureVaultSecretByKey } from \"../utils\";\nimport { InvocationContext } from \"@azure/functions\";\nimport { TokenMappingService } from \"../service/tokenMapping.service\";\n\nconst apiURL = process.env.REFRESH_SESSION_URL || '';\nconst verifyMappingCache = createCache(\"verify-mw\", 60);\n\nfunction pickCookieDomain(appConfig: (typeof APP_MAP)[IAppId] | undefined, origin?: string, requestUrl?: string): string | undefined {\n if (!appConfig) return undefined;\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return undefined;\n try {\n const host = new URL(hostCandidate).hostname;\n if (host === \"localhost\" || host.startsWith(\"127.0.0.1\")) {\n return appConfig.cookie.domain.local ?? undefined;\n }\n // culturefy.app domains\n if (host.endsWith(\".dev.culturefy.app\") || host === \"dev.culturefy.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.culturefy.app\") || host === \"staging.culturefy.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".culturefy.app\")) {\n return appConfig.cookie.domain.prod;\n }\n // consultex.app domains\n if (host.endsWith(\".dev.consultex.app\") || host === \"dev.consultex.app\") {\n return appConfig.cookie.domain.dev;\n }\n if (host.endsWith(\".staging.consultex.app\") || host === \"staging.consultex.app\") {\n return appConfig.cookie.domain.staging;\n }\n if (host.endsWith(\".consultex.app\")) {\n return appConfig.cookie.domain.prod;\n }\n } catch {\n return undefined;\n }\n return undefined;\n}\n\nconst parseCookieHeader = (header: string | null | undefined) => {\n const out: Record<string, string> = {};\n if (!header) return out;\n for (const part of header.split(\";\")) {\n const [k, ...rest] = part.trim().split(\"=\");\n if (!k) continue;\n out[k] = decodeURIComponent(rest.join(\"=\") || \"\");\n }\n return out;\n};\n\nfunction isLocalRequest(origin?: string, requestUrl?: string): boolean {\n const hostCandidate = origin ?? requestUrl;\n if (!hostCandidate) return false;\n try {\n const host = new URL(hostCandidate).hostname;\n return host === \"localhost\" || host.startsWith(\"127.0.0.1\");\n } catch {\n return false;\n }\n}\n\nfunction clearSessionMappingCookie(\n ctx: InvocationContext,\n appId: IAppId,\n origin?: string,\n requestUrl?: string,\n): void {\n const appConfig = APP_MAP[appId];\n const cookieName = getSessionMappingCookieName(appId, origin, requestUrl);\n const isLocal = isLocalRequest(origin, requestUrl);\n setCookieKV(ctx, cookieName, \"\", {\n httpOnly: false,\n secure: !isLocal,\n sameSite: isLocal ? \"Lax\" : \"None\",\n maxAge: 0,\n domain: pickCookieDomain(appConfig, origin, requestUrl),\n });\n}\n\nfunction getSessionMappingCookieName(appId: IAppId, origin?: string, requestUrl?: string): string {\n if (isLocalRequest(origin, requestUrl)) {\n return `session-v1.${appId}.mapping`;\n }\n return `__Secure-session-v1.${appId}.mapping`;\n}\n\nexport const verifyMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const appId = req.headers.get(\"app-id\") as IAppId | undefined;\n\n if (!appId || !APP_MAP?.[appId]?.clientId) {\n return {\n status: 400,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"bad_request\", reason: \"invalid_app\" })\n };\n }\n\n const clientId = APP_MAP[appId].clientId;\n\n // cookies\n const cookies = parseCookieHeader(req.headers.get(\"cookie\"));\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n\n let mapping: string | null =\n cookies[getSessionMappingCookieName(appId, requestOrigin, req.url)] ||\n cookies[`__Secure-session-v1.${appId}.mapping`] ||\n cookies[`session-v1.${appId}.mapping`] ||\n req.headers.get(\"x-session-mapping\") ||\n req.headers.get(\"x-token-mapping\");\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_token_mapping\" })\n };\n }\n\n mapping = base64Decode(mapping);\n\n if (!mapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token_mapping\" })\n };\n }\n\n // Get database connection string\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n let tokenMappingRaw = await verifyMappingCache.get(ctx, mapping);\n if (!tokenMappingRaw) {\n const fetched = await tokenMappingService.getTokenMappingById(mapping);\n if (fetched) {\n tokenMappingRaw = JSON.stringify(fetched);\n await verifyMappingCache.set(ctx, tokenMappingRaw, mapping);\n }\n }\n const tokenMapping = tokenMappingRaw ? JSON.parse(tokenMappingRaw) : null;\n\n if (!tokenMapping) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"token_mapping_not_found\" })\n };\n }\n\n let at = tokenMapping.accessToken;\n let rt = tokenMapping.refreshToken;\n\n if (!at && !rt) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"no_tokens\" })\n };\n }\n\n const realm = tokenMapping.realmId;\n const tokenClientId = tokenMapping.clientId;\n\n if (!tokenClientId || tokenClientId !== clientId) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"client_mismatch\" })\n };\n }\n\n // decode/verify (lightweight; replace with your verifyJsonWebToken if you have it)\n let p: any;\n try {\n p = jwtDecode(at);\n } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_token\" })\n };\n }\n\n if (!p?.sid) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"user_not_found\" })\n };\n }\n\n const now = Math.floor(Date.now() / 1000);\n // Refresh slightly before expiry to avoid edge timing issues (clock skew, latency)\n const refreshLeewaySeconds = 60;\n if (typeof p.exp === \"number\" && p.exp <= (now + refreshLeewaySeconds)) {\n // Delegate to refresh helper; it will handle setting cookies/state or returning an error\n return await getNewRefreshToken(req, ctx, appId, realm, tokenClientId, rt, mapping, p, next);\n }\n\n // audience checks\n const audOk =\n (Array.isArray(p.aud) && p.aud.includes(tokenClientId)) ||\n (typeof p.aud === \"string\" && (p.aud === tokenClientId || p.aud === \"account\")) ||\n p.azp === tokenClientId;\n\n if (!audOk) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n\n // pass data downstream\n (ctx as any).state ??= {};\n const tenantId = realm.toString();\n\n (ctx as any).state.auth = {\n appId,\n userId: tokenMapping.userId?.toString?.() ?? p.sub ?? null,\n businessId: p.cfy_bid ?? tenantId ?? null,\n tenantId,\n email: p.email ?? p.preferred_username ?? null,\n name: p.name ?? undefined,\n };\n\n return next();\n};\n\n\n\nasync function getNewRefreshToken(\n req: HttpRequest,\n ctx: InvocationContext,\n appId: IAppId,\n realmId: string,\n clientId: string,\n rt: string | undefined,\n mapping: string,\n p: any,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> {\n // Attempt server-side refresh using RT\n if (!rt) {\n clearSessionMappingCookie(ctx, appId, req.headers.get(\"origin\") ?? undefined, req.url);\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"expired_no_rt\" })\n };\n }\n\n ctx.info(\"Refreshing session token\", {\n realmId,\n clientId,\n });\n\n // Call auth service to refresh\n try {\n const requestOrigin = req.headers.get(\"origin\") ?? undefined;\n if (!apiURL) {\n ctx.error?.(\"Refresh session URL is not configured\");\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_not_configured\" })\n };\n }\n const resp = await fetch(apiURL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n realmId,\n clientId: clientId,\n refresh_token: rt\n })\n });\n\n if (!resp.ok) {\n let errorText: string | undefined;\n try {\n errorText = await resp.text();\n } catch {\n errorText = undefined;\n }\n\n const isInvalidGrant =\n (typeof errorText === \"string\" && errorText.toLowerCase().includes(\"invalid_grant\")) ||\n resp.status === 400;\n\n ctx.warn?.(`refresh call failed with status ${resp.status}`, {\n status: resp.status,\n invalidGrant: isInvalidGrant,\n });\n\n if (isInvalidGrant) {\n clearSessionMappingCookie(ctx, appId, requestOrigin, req.url);\n }\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_failed\" })\n };\n }\n\n const payload = await resp.json();\n const data = payload?.data || {};\n\n const newAT = data.access_token as string | undefined;\n const newRT = data.refresh_token as string | undefined;\n\n if (!newAT || !newRT) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_refresh_response\" })\n };\n }\n\n const dbUrl = await getAzureVaultSecretByKey(\n ctx,\n process.env.AZURE_KEY_VAULT_NAME || \"\",\n AzureSecretKeysEnum.DB_CONNECTING_STRING_USER\n );\n\n if (!dbUrl) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"database_connection_string_not_found\" })\n };\n }\n\n const tokenMappingService = new TokenMappingService(ctx, dbUrl);\n\n const updatedMapping = await tokenMappingService.updateTokenMapping(mapping, {\n accessToken: newAT,\n refreshToken: newRT as string,\n // expires_in is a duration (seconds); store absolute expiry for later checks\n expiresAt: typeof data.expires_in === \"number\" ? new Date(Date.now() + data.expires_in * 1000) : undefined\n });\n\n // Invalidate cache to ensure next request gets fresh tokens\n await verifyMappingCache.delete(ctx, mapping);\n\n // Set refreshed mapping cookie for client session (AT/RT stay server-side in token mapping)\n const mappingMaxAge =\n typeof data.refresh_expires_in === \"number\"\n ? data.refresh_expires_in\n : 60 * 60 * 24 * 30; // fallback 30 days (do not couple mapping cookie lifetime to access token)\n\n const mappingCookieValue = Buffer.from(mapping).toString(\"base64\");\n const appConfig = APP_MAP[appId];\n\n // 5\n const mappedDomain = pickCookieDomain(appConfig, requestOrigin, req.url);\n const localRequest = isLocalRequest(requestOrigin, req.url);\n\n setCookieKV(ctx, getSessionMappingCookieName(appId, requestOrigin, req.url), mappingCookieValue, {\n // mapping must be readable by FE in your flow; keep httpOnly default if you prefer server-only\n httpOnly: false,\n secure: !localRequest,\n sameSite: localRequest ? \"Lax\" : \"None\",\n maxAge: mappingMaxAge,\n domain: mappedDomain\n });\n\n // Decode new AT and proceed\n let p2: any;\n try { p2 = jwtDecode(newAT); } catch {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_new_token\" })\n };\n }\n\n const audOk2 =\n (Array.isArray(p2.aud) && p2.aud.includes(clientId)) ||\n (typeof p2.aud === \"string\" && (p2.aud === clientId || p2.aud === \"account\")) ||\n p2.azp === clientId;\n if (!audOk2) {\n return {\n status: 403,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"forbidden\", reason: \"audience_mismatch\" })\n };\n }\n\n // Update downstream auth state with refreshed token\n (ctx as any).state ??= {};\n const tenantId2 = realmId.toString();\n (ctx as any).state.auth = {\n appId: appId as string,\n userId: updatedMapping?.userId?.toString?.() ?? p2.sub ?? null,\n keycloakUserId: p2.sub ?? updatedMapping?.keycloakUserId ?? null,\n businessId: p2.cfy_bid ?? tenantId2 ?? null,\n tenantId: tenantId2,\n email: p2.email ?? p2.preferred_username ?? null,\n name: p2.name ?? undefined,\n roles: p2.resource_access?.[clientId]?.roles ?? p2.realm_access?.roles ?? [],\n exp: p2.exp,\n tokenMappingId: mapping,\n };\n\n // Continue pipeline after refresh\n return next();\n } catch (e: any) {\n ctx.error?.(\"refresh exception\", {\n message: e?.message,\n name: e?.name,\n code: e?.code,\n });\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\", \"Cache-Control\": \"no-store, no-cache, must-revalidate\", \"Pragma\": \"no-cache\", \"Vary\": \"Origin\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"refresh_exception\" })\n };\n }\n}\n\nfunction base64Decode(value: string): string | null {\n try {\n return Buffer.from(value, 'base64').toString();\n } catch (error: any) {\n console.log(\"Error decoding base64: \" + error.message);\n return null;\n }\n}\n"],"mappings":";;;;AACA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,UAAA,GAAAD,OAAA;AAEA,IAAAE,MAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAGA,IAAAI,MAAA,GAAAJ,OAAA;AAEA,IAAAK,aAAA,GAAAL,OAAA;AAEA,MAAMM,MAAM,GAAGC,OAAO,CAACC,GAAG,CAACC,mBAAmB,IAAI,EAAE;AACpD,MAAMC,kBAAkB,GAAG,IAAAC,kBAAW,EAAC,WAAW,EAAE,EAAE,CAAC;AAEvD,SAASC,gBAAgBA,CAACC,SAA+C,EAAEC,MAAe,EAAEC,UAAmB,EAAsB;EACnI,IAAI,CAACF,SAAS,EAAE,OAAOG,SAAS;EAChC,MAAMC,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAOD,SAAS;EACpC,IAAI;IACF,MAAME,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,IAAIF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC,EAAE;MAAA,IAAAC,qBAAA;MACxD,QAAAA,qBAAA,GAAOT,SAAS,CAACU,MAAM,CAACC,MAAM,CAACC,KAAK,YAAAH,qBAAA,GAAIN,SAAS;IACnD;IACA;IACA,IAAIE,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;IACA;IACA,IAAIX,IAAI,CAACQ,QAAQ,CAAC,oBAAoB,CAAC,IAAIR,IAAI,KAAK,mBAAmB,EAAE;MACvE,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACG,GAAG;IACpC;IACA,IAAIT,IAAI,CAACQ,QAAQ,CAAC,wBAAwB,CAAC,IAAIR,IAAI,KAAK,uBAAuB,EAAE;MAC/E,OAAOL,SAAS,CAACU,MAAM,CAACC,MAAM,CAACI,OAAO;IACxC;IACA,IAAIV,IAAI,CAACQ,QAAQ,CAAC,gBAAgB,CAAC,EAAE;MACnC,OAAOb,SAAS,CAACU,MAAM,CAACC,MAAM,CAACK,IAAI;IACrC;EACF,CAAC,CAAC,MAAM;IACN,OAAOb,SAAS;EAClB;EACA,OAAOA,SAAS;AAClB;AAEA,MAAMc,iBAAiB,GAAIC,MAAiC,IAAK;EAC/D,MAAMC,GAA2B,GAAG,CAAC,CAAC;EACtC,IAAI,CAACD,MAAM,EAAE,OAAOC,GAAG;EACvB,KAAK,MAAMC,IAAI,IAAIF,MAAM,CAACG,KAAK,CAAC,GAAG,CAAC,EAAE;IACpC,MAAM,CAACC,CAAC,EAAE,GAAGC,IAAI,CAAC,GAAGH,IAAI,CAACI,IAAI,CAAC,CAAC,CAACH,KAAK,CAAC,GAAG,CAAC;IAC3C,IAAI,CAACC,CAAC,EAAE;IACRH,GAAG,CAACG,CAAC,CAAC,GAAGG,kBAAkB,CAACF,IAAI,CAACG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;EACnD;EACA,OAAOP,GAAG;AACZ,CAAC;AAED,SAASQ,cAAcA,CAAC1B,MAAe,EAAEC,UAAmB,EAAW;EACrE,MAAME,aAAa,GAAGH,MAAM,WAANA,MAAM,GAAIC,UAAU;EAC1C,IAAI,CAACE,aAAa,EAAE,OAAO,KAAK;EAChC,IAAI;IACF,MAAMC,IAAI,GAAG,IAAIC,GAAG,CAACF,aAAa,CAAC,CAACG,QAAQ;IAC5C,OAAOF,IAAI,KAAK,WAAW,IAAIA,IAAI,CAACG,UAAU,CAAC,WAAW,CAAC;EAC7D,CAAC,CAAC,MAAM;IACN,OAAO,KAAK;EACd;AACF;AAEA,SAASoB,yBAAyBA,CAChCC,GAAsB,EACtBC,KAAa,EACb7B,MAAe,EACfC,UAAmB,EACb;EACN,MAAMF,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;EAChC,MAAME,UAAU,GAAGC,2BAA2B,CAACH,KAAK,EAAE7B,MAAM,EAAEC,UAAU,CAAC;EACzE,MAAMgC,OAAO,GAAGP,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC;EAClD,IAAAiC,oBAAW,EAACN,GAAG,EAAEG,UAAU,EAAE,EAAE,EAAE;IAC/BI,QAAQ,EAAE,KAAK;IACfC,MAAM,EAAE,CAACH,OAAO;IAChBI,QAAQ,EAAEJ,OAAO,GAAG,KAAK,GAAG,MAAM;IAClCK,MAAM,EAAE,CAAC;IACT5B,MAAM,EAAEZ,gBAAgB,CAACC,SAAS,EAAEC,MAAM,EAAEC,UAAU;EACxD,CAAC,CAAC;AACJ;AAEA,SAAS+B,2BAA2BA,CAACH,KAAa,EAAE7B,MAAe,EAAEC,UAAmB,EAAU;EAChG,IAAIyB,cAAc,CAAC1B,MAAM,EAAEC,UAAU,CAAC,EAAE;IACtC,OAAO,cAAc4B,KAAK,UAAU;EACtC;EACA,OAAO,uBAAuBA,KAAK,UAAU;AAC/C;AAEO,MAAMU,QAAqB,GAAG,MAAAA,CACnCC,GAAgB,EAChBZ,GAAsB,EACtBa,IAAqC,KACP;EAAA,IAAAC,cAAA,EAAAC,gBAAA,EAAAC,EAAA,EAAAC,IAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,oBAAA,EAAAC,KAAA,EAAAC,UAAA,EAAAC,KAAA,EAAAC,QAAA,EAAAC,OAAA;EAC9B,MAAMzB,KAAK,GAAGW,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAuB;EAE7D,IAAI,CAAC3B,KAAK,IAAI,EAACC,kBAAO,aAAAY,cAAA,GAAPZ,kBAAO,CAAGD,KAAK,CAAC,aAAhBa,cAAA,CAAkBe,QAAQ,GAAE;IACzC,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,aAAa;QAAEI,MAAM,EAAE;MAAc,CAAC;IACvE,CAAC;EACH;EAEA,MAAML,QAAQ,GAAG3B,kBAAO,CAACD,KAAK,CAAC,CAAC4B,QAAQ;;EAExC;EACA,MAAMM,OAAO,GAAG/C,iBAAiB,CAACwB,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,CAAC;EAC5D,MAAMQ,aAAa,IAAArB,gBAAA,GAAGH,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAAb,gBAAA,GAAIzC,SAAS;EAE5D,IAAI+D,OAAsB,GACxBF,OAAO,CAAC/B,2BAA2B,CAACH,KAAK,EAAEmC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC,CAAC,IACnEH,OAAO,CAAC,uBAAuBlC,KAAK,UAAU,CAAC,IAC/CkC,OAAO,CAAC,cAAclC,KAAK,UAAU,CAAC,IACtCW,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,mBAAmB,CAAC,IACpChB,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,iBAAiB,CAAC;EAEpC,IAAI,CAACS,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAmB,CAAC;IAChF,CAAC;EACH;EAEAG,OAAO,GAAGE,YAAY,CAACF,OAAO,CAAC;EAE/B,IAAI,CAACA,OAAO,EAAE;IACZ,OAAO;MACLP,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAwB,CAAC;IACrF,CAAC;EACH;;EAEA;EACA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CzC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAAC4E,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;EAED,IAAI,CAACJ,KAAK,EAAE;IACV,OAAO;MACLV,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuC,CAAC;IACpG,CAAC;EACH;EAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAAC9C,GAAG,EAAEwC,KAAK,CAAC;EAE/D,IAAIO,eAAe,GAAG,MAAM/E,kBAAkB,CAAC4D,GAAG,CAAC5B,GAAG,EAAEqC,OAAO,CAAC;EAChE,IAAI,CAACU,eAAe,EAAE;IACpB,MAAMC,OAAO,GAAG,MAAMH,mBAAmB,CAACI,mBAAmB,CAACZ,OAAO,CAAC;IACtE,IAAIW,OAAO,EAAE;MACXD,eAAe,GAAGf,IAAI,CAACC,SAAS,CAACe,OAAO,CAAC;MACzC,MAAMhF,kBAAkB,CAACkF,GAAG,CAAClD,GAAG,EAAE+C,eAAe,EAAEV,OAAO,CAAC;IAC7D;EACF;EACA,MAAMc,YAAY,GAAGJ,eAAe,GAAGf,IAAI,CAACoB,KAAK,CAACL,eAAe,CAAC,GAAG,IAAI;EAEzE,IAAI,CAACI,YAAY,EAAE;IACjB,OAAO;MACLrB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAA0B,CAAC;IACvF,CAAC;EACH;EAEA,IAAImB,EAAE,GAAGF,YAAY,CAACG,WAAW;EACjC,IAAIC,EAAE,GAAGJ,YAAY,CAACK,YAAY;EAElC,IAAI,CAACH,EAAE,IAAI,CAACE,EAAE,EAAE;IACd,OAAO;MACLzB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAY,CAAC;IACzE,CAAC;EACH;EAEA,MAAMuB,KAAK,GAAGN,YAAY,CAACO,OAAO;EAClC,MAAMC,aAAa,GAAGR,YAAY,CAACtB,QAAQ;EAE3C,IAAI,CAAC8B,aAAa,IAAIA,aAAa,KAAK9B,QAAQ,EAAE;IAChD,OAAO;MACLC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAkB,CAAC;IACzE,CAAC;EACH;;EAEA;EACA,IAAI0B,CAAM;EACV,IAAI;IACFA,CAAC,GAAG,IAAAC,oBAAS,EAACR,EAAE,CAAC;EACnB,CAAC,CAAC,MAAM;IACN,OAAO;MACLvB,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEA,IAAI,GAAAlB,EAAA,GAAC4C,CAAC,aAAD5C,EAAA,CAAG8C,GAAG,GAAE;IACX,OAAO;MACLhC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAiB,CAAC;IAC9E,CAAC;EACH;EAEA,MAAM6B,GAAG,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;EACzC;EACA,MAAMI,oBAAoB,GAAG,EAAE;EAC/B,IAAI,OAAOP,CAAC,CAACQ,GAAG,KAAK,QAAQ,IAAIR,CAAC,CAACQ,GAAG,IAAKL,GAAG,GAAGI,oBAAqB,EAAE;IACtE;IACA,OAAO,MAAME,kBAAkB,CAACzD,GAAG,EAAEZ,GAAG,EAAEC,KAAK,EAAEwD,KAAK,EAAEE,aAAa,EAAEJ,EAAE,EAAElB,OAAO,EAAEuB,CAAC,EAAE/C,IAAI,CAAC;EAC9F;;EAEA;EACA,MAAMyD,KAAK,GACRC,KAAK,CAACC,OAAO,CAACZ,CAAC,CAACa,GAAG,CAAC,IAAIb,CAAC,CAACa,GAAG,CAACC,QAAQ,CAACf,aAAa,CAAC,IACrD,OAAOC,CAAC,CAACa,GAAG,KAAK,QAAQ,KAAKb,CAAC,CAACa,GAAG,KAAKd,aAAa,IAAIC,CAAC,CAACa,GAAG,KAAK,SAAS,CAAE,IAC/Eb,CAAC,CAACe,GAAG,KAAKhB,aAAa;EAEzB,IAAI,CAACW,KAAK,EAAE;IACV,OAAO;MACLxC,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,WAAW;QAAEI,MAAM,EAAE;MAAoB,CAAC;IAC3E,CAAC;EACH;;EAGA;EACA,CAAAhB,UAAA,IAAAD,IAAA,GAACjB,GAAG,EAAS4E,KAAK,YAAA1D,UAAA,GAAlBD,IAAA,CAAa2D,KAAK,GAAK,CAAC,CAAC;EACzB,MAAMC,QAAQ,GAAGpB,KAAK,CAACqB,QAAQ,CAAC,CAAC;EAEhC9E,GAAG,CAAS4E,KAAK,CAACG,IAAI,GAAG;IACxB9E,KAAK;IACL+E,MAAM,GAAA7D,KAAA,IAAAC,qBAAA,IAAAC,oBAAA,GAAE8B,YAAY,CAAC6B,MAAM,aAAnB3D,oBAAA,CAAqByD,QAAQ,oBAA7BzD,oBAAA,CAAqByD,QAAQ,CAAG,CAAC,YAAA1D,qBAAA,GAAIwC,CAAC,CAACqB,GAAG,YAAA9D,KAAA,GAAI,IAAI;IAC1D+D,UAAU,GAAA5D,KAAA,IAAAC,UAAA,GAAEqC,CAAC,CAACuB,OAAO,YAAA5D,UAAA,GAAIsD,QAAQ,YAAAvD,KAAA,GAAI,IAAI;IACzCuD,QAAQ;IACRO,KAAK,GAAA5D,KAAA,IAAAC,QAAA,GAAEmC,CAAC,CAACwB,KAAK,YAAA3D,QAAA,GAAImC,CAAC,CAACyB,kBAAkB,YAAA7D,KAAA,GAAI,IAAI;IAC9C8D,IAAI,GAAA5D,OAAA,GAAEkC,CAAC,CAAC0B,IAAI,YAAA5D,OAAA,GAAIpD;EAClB,CAAC;EAED,OAAOuC,IAAI,CAAC,CAAC;AACf,CAAC;AAAC0E,OAAA,CAAA5E,QAAA,GAAAA,QAAA;AAIF,eAAe0D,kBAAkBA,CAC/BzD,GAAgB,EAChBZ,GAAsB,EACtBC,KAAa,EACbyD,OAAe,EACf7B,QAAgB,EAChB0B,EAAsB,EACtBlB,OAAe,EACfuB,CAAM,EACN/C,IAAqC,EACV;EAC3B;EACA,IAAI,CAAC0C,EAAE,EAAE;IAAA,IAAAiC,iBAAA;IACPzF,yBAAyB,CAACC,GAAG,EAAEC,KAAK,GAAAuF,iBAAA,GAAE5E,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA4D,iBAAA,GAAIlH,SAAS,EAAEsC,GAAG,CAAC0B,GAAG,CAAC;IACtF,OAAO;MACLR,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAgB,CAAC;IAC7E,CAAC;EACH;EAEAlC,GAAG,CAACyF,IAAI,CAAC,0BAA0B,EAAE;IACnC/B,OAAO;IACP7B;EACF,CAAC,CAAC;;EAEF;EACA,IAAI;IAAA,IAAA6D,iBAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,KAAA,EAAAC,OAAA,EAAAC,KAAA,EAAAC,WAAA,EAAAC,KAAA,EAAAC,SAAA,EAAAC,QAAA,EAAAC,KAAA,EAAAC,qBAAA,EAAAC,mBAAA,EAAAC,gBAAA;IACF,MAAMtE,aAAa,IAAAsD,iBAAA,GAAG9E,GAAG,CAACe,OAAO,CAACC,GAAG,CAAC,QAAQ,CAAC,YAAA8D,iBAAA,GAAIpH,SAAS;IAC5D,IAAI,CAACV,MAAM,EAAE;MACXoC,GAAG,CAAC2G,KAAK,YAAT3G,GAAG,CAAC2G,KAAK,CAAG,uCAAuC,CAAC;MACpD,OAAO;QACL7E,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAyB,CAAC;MACtF,CAAC;IACH;IACA,MAAM0E,IAAI,GAAG,MAAMC,KAAK,CAACjJ,MAAM,EAAE;MAC/BkJ,MAAM,EAAE,MAAM;MACdnF,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CI,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QACnByB,OAAO;QACP7B,QAAQ,EAAEA,QAAQ;QAClBkF,aAAa,EAAExD;MACjB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAACqD,IAAI,CAACI,EAAE,EAAE;MACZ,IAAIC,SAA6B;MACjC,IAAI;QACFA,SAAS,GAAG,MAAML,IAAI,CAACM,IAAI,CAAC,CAAC;MAC/B,CAAC,CAAC,MAAM;QACND,SAAS,GAAG3I,SAAS;MACvB;MAEA,MAAM6I,cAAc,GACjB,OAAOF,SAAS,KAAK,QAAQ,IAAIA,SAAS,CAACG,WAAW,CAAC,CAAC,CAAC1C,QAAQ,CAAC,eAAe,CAAC,IACnFkC,IAAI,CAAC9E,MAAM,KAAK,GAAG;MAErB9B,GAAG,CAACqH,IAAI,YAARrH,GAAG,CAACqH,IAAI,CAAG,mCAAmCT,IAAI,CAAC9E,MAAM,EAAE,EAAE;QAC3DA,MAAM,EAAE8E,IAAI,CAAC9E,MAAM;QACnBwF,YAAY,EAAEH;MAChB,CAAC,CAAC;MAEF,IAAIA,cAAc,EAAE;QAClBpH,yBAAyB,CAACC,GAAG,EAAEC,KAAK,EAAEmC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;MAC/D;MACA,OAAO;QACLR,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAiB,CAAC;MAC9E,CAAC;IACH;IAEA,MAAMqF,OAAO,GAAG,MAAMX,IAAI,CAACY,IAAI,CAAC,CAAC;IACjC,MAAMC,IAAI,GAAG,CAAAF,OAAO,oBAAPA,OAAO,CAAEE,IAAI,KAAI,CAAC,CAAC;IAEhC,MAAMC,KAAK,GAAGD,IAAI,CAACE,YAAkC;IACrD,MAAMC,KAAK,GAAGH,IAAI,CAACV,aAAmC;IAEtD,IAAI,CAACW,KAAK,IAAI,CAACE,KAAK,EAAE;MACpB,OAAO;QACL9F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAA2B,CAAC;MACxF,CAAC;IACH;IAEA,MAAMM,KAAK,GAAG,MAAM,IAAAC,+BAAwB,EAC1CzC,GAAG,EACHnC,OAAO,CAACC,GAAG,CAAC4E,oBAAoB,IAAI,EAAE,EACtCC,0BAAmB,CAACC,yBACtB,CAAC;IAED,IAAI,CAACJ,KAAK,EAAE;MACV,OAAO;QACLV,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAuC,CAAC;MACpG,CAAC;IACH;IAEA,MAAMW,mBAAmB,GAAG,IAAIC,iCAAmB,CAAC9C,GAAG,EAAEwC,KAAK,CAAC;IAE/D,MAAMqF,cAAc,GAAG,MAAMhF,mBAAmB,CAACiF,kBAAkB,CAACzF,OAAO,EAAE;MAC3EiB,WAAW,EAAEoE,KAAK;MAClBlE,YAAY,EAAEoE,KAAe;MAC7B;MACAG,SAAS,EAAE,OAAON,IAAI,CAACO,UAAU,KAAK,QAAQ,GAAG,IAAI9D,IAAI,CAACA,IAAI,CAACH,GAAG,CAAC,CAAC,GAAG0D,IAAI,CAACO,UAAU,GAAG,IAAI,CAAC,GAAG1J;IACnG,CAAC,CAAC;;IAEF;IACA,MAAMN,kBAAkB,CAACiK,MAAM,CAACjI,GAAG,EAAEqC,OAAO,CAAC;;IAE7C;IACA,MAAM6F,aAAa,GACjB,OAAOT,IAAI,CAACU,kBAAkB,KAAK,QAAQ,GACvCV,IAAI,CAACU,kBAAkB,GACvB,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;;IAEzB,MAAMC,kBAAkB,GAAGC,MAAM,CAACC,IAAI,CAACjG,OAAO,CAAC,CAACyC,QAAQ,CAAC,QAAQ,CAAC;IAClE,MAAM3G,SAAS,GAAG+B,kBAAO,CAACD,KAAK,CAAC;;IAEhC;IACA,MAAMsI,YAAY,GAAGrK,gBAAgB,CAACC,SAAS,EAAEiE,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;IACxE,MAAMkG,YAAY,GAAG1I,cAAc,CAACsC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC;IAE3D,IAAAhC,oBAAW,EAACN,GAAG,EAAEI,2BAA2B,CAACH,KAAK,EAAEmC,aAAa,EAAExB,GAAG,CAAC0B,GAAG,CAAC,EAAE8F,kBAAkB,EAAE;MAC/F;MACA7H,QAAQ,EAAE,KAAK;MACfC,MAAM,EAAE,CAACgI,YAAY;MACrB/H,QAAQ,EAAE+H,YAAY,GAAG,KAAK,GAAG,MAAM;MACvC9H,MAAM,EAAEwH,aAAa;MACrBpJ,MAAM,EAAEyJ;IACV,CAAC,CAAC;;IAEF;IACA,IAAIE,EAAO;IACX,IAAI;MAAEA,EAAE,GAAG,IAAA5E,oBAAS,EAAC6D,KAAK,CAAC;IAAE,CAAC,CAAC,MAAM;MACnC,OAAO;QACL5F,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,iBAAiB;UAAEI,MAAM,EAAE;QAAoB,CAAC;MACjF,CAAC;IACH;IAEA,MAAMwG,MAAM,GACTnE,KAAK,CAACC,OAAO,CAACiE,EAAE,CAAChE,GAAG,CAAC,IAAIgE,EAAE,CAAChE,GAAG,CAACC,QAAQ,CAAC7C,QAAQ,CAAC,IAClD,OAAO4G,EAAE,CAAChE,GAAG,KAAK,QAAQ,KAAKgE,EAAE,CAAChE,GAAG,KAAK5C,QAAQ,IAAI4G,EAAE,CAAChE,GAAG,KAAK,SAAS,CAAE,IAC7EgE,EAAE,CAAC9D,GAAG,KAAK9C,QAAQ;IACrB,IAAI,CAAC6G,MAAM,EAAE;MACX,OAAO;QACL5G,MAAM,EAAE,GAAG;QACXH,OAAO,EAAE;UAAE,cAAc,EAAE,kBAAkB;UAAE,eAAe,EAAE,qCAAqC;UAAE,QAAQ,EAAE,UAAU;UAAE,MAAM,EAAE;QAAS,CAAC;QAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;UAAEH,MAAM,EAAE,WAAW;UAAEI,MAAM,EAAE;QAAoB,CAAC;MAC3E,CAAC;IACH;;IAEA;IACA,CAAA0D,WAAA,IAAAD,KAAA,GAAC3F,GAAG,EAAS4E,KAAK,YAAAgB,WAAA,GAAlBD,KAAA,CAAaf,KAAK,GAAK,CAAC,CAAC;IACzB,MAAM+D,SAAS,GAAGjF,OAAO,CAACoB,QAAQ,CAAC,CAAC;IACnC9E,GAAG,CAAS4E,KAAK,CAACG,IAAI,GAAG;MACxB9E,KAAK,EAAEA,KAAe;MACtB+E,MAAM,GAAAa,KAAA,IAAAC,qBAAA,GAAE+B,cAAc,aAAA9B,sBAAA,GAAd8B,cAAc,CAAE7C,MAAM,aAAtBe,sBAAA,CAAwBjB,QAAQ,oBAAhCiB,sBAAA,CAAwBjB,QAAQ,CAAG,CAAC,YAAAgB,qBAAA,GAAI2C,EAAE,CAACxD,GAAG,YAAAY,KAAA,GAAI,IAAI;MAC9D+C,cAAc,GAAA5C,KAAA,IAAAC,OAAA,GAAEwC,EAAE,CAACxD,GAAG,YAAAgB,OAAA,GAAI4B,cAAc,oBAAdA,cAAc,CAAEe,cAAc,YAAA5C,KAAA,GAAI,IAAI;MAChEd,UAAU,GAAAgB,KAAA,IAAAC,WAAA,GAAEsC,EAAE,CAACtD,OAAO,YAAAgB,WAAA,GAAIwC,SAAS,YAAAzC,KAAA,GAAI,IAAI;MAC3CrB,QAAQ,EAAE8D,SAAS;MACnBvD,KAAK,GAAAgB,KAAA,IAAAC,SAAA,GAAEoC,EAAE,CAACrD,KAAK,YAAAiB,SAAA,GAAIoC,EAAE,CAACpD,kBAAkB,YAAAe,KAAA,GAAI,IAAI;MAChDd,IAAI,GAAAgB,QAAA,GAAEmC,EAAE,CAACnD,IAAI,YAAAgB,QAAA,GAAIhI,SAAS;MAC1BuK,KAAK,GAAAtC,KAAA,IAAAC,qBAAA,IAAAC,mBAAA,GAAEgC,EAAE,CAACK,eAAe,cAAArC,mBAAA,GAAlBA,mBAAA,CAAqB5E,QAAQ,CAAC,qBAA9B4E,mBAAA,CAAgCoC,KAAK,YAAArC,qBAAA,IAAAE,gBAAA,GAAI+B,EAAE,CAACM,YAAY,qBAAfrC,gBAAA,CAAiBmC,KAAK,YAAAtC,KAAA,GAAI,EAAE;MAC5EnC,GAAG,EAAEqE,EAAE,CAACrE,GAAG;MACX4E,cAAc,EAAE3G;IAClB,CAAC;;IAED;IACA,OAAOxB,IAAI,CAAC,CAAC;EACf,CAAC,CAAC,OAAOoI,CAAM,EAAE;IACfjJ,GAAG,CAAC2G,KAAK,YAAT3G,GAAG,CAAC2G,KAAK,CAAG,mBAAmB,EAAE;MAC/BuC,OAAO,EAAED,CAAC,oBAADA,CAAC,CAAEC,OAAO;MACnB5D,IAAI,EAAE2D,CAAC,oBAADA,CAAC,CAAE3D,IAAI;MACb6D,IAAI,EAAEF,CAAC,oBAADA,CAAC,CAAEE;IACX,CAAC,CAAC;IACF,OAAO;MACLrH,MAAM,EAAE,GAAG;MACXH,OAAO,EAAE;QAAE,cAAc,EAAE,kBAAkB;QAAE,eAAe,EAAE,qCAAqC;QAAE,QAAQ,EAAE,UAAU;QAAE,MAAM,EAAE;MAAS,CAAC;MAC/II,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAoB,CAAC;IACjF,CAAC;EACH;AACF;AAEA,SAASK,YAAYA,CAAC6G,KAAa,EAAiB;EAClD,IAAI;IACF,OAAOf,MAAM,CAACC,IAAI,CAACc,KAAK,EAAE,QAAQ,CAAC,CAACtE,QAAQ,CAAC,CAAC;EAChD,CAAC,CAAC,OAAO6B,KAAU,EAAE;IACnB0C,OAAO,CAACC,GAAG,CAAC,yBAAyB,GAAG3C,KAAK,CAACuC,OAAO,CAAC;IACtD,OAAO,IAAI;EACb;AACF","ignoreList":[]}
package/build/cjs/service/internal-api.js ADDED
@@ -0,0 +1,66 @@
1
+ "use strict";
2
+
3
+ exports.__esModule = true;
4
+ exports.internalApiClient = exports.InternalApiClient = void 0;
5
+ const buildHeaders = auth => {
6
+ const headers = {
7
+ "x-internal-key": auth.internalKey
8
+ };
9
+ if (auth.tenantId) headers["x-tenant-id"] = auth.tenantId;
10
+ if (auth.businessId) headers["x-business-id"] = auth.businessId;
11
+ if (auth.appId) headers["x-app-id"] = auth.appId;
12
+ if (auth.email) headers["x-email"] = auth.email;
13
+ if (auth.name) headers["x-name"] = auth.name;
14
+ if (auth.userId) headers["x-user-id"] = auth.userId;
15
+ return headers;
16
+ };
17
+ const normalizeBaseUrl = baseUrl => baseUrl.replace(/\/+$/, "");
18
+ const resolveApiBaseUrlFromEnv = () => {
19
+ const env = (process.env.APPLICATION_ENV || "").toLowerCase();
20
+ const baseFromEnv = env === "dev" ? "https://api.dev.culturefy.app" : env === "stage" || env === "staging" ? "https://api.staging.culturefy.app" : env === "prod" || env === "production" ? "https://api.culturefy.app" : "";
21
+ if (!baseFromEnv) {
22
+ throw new Error("Missing SHARED_USER_SERVICE_URL, API_BASE_URL, or valid APPLICATION_ENV");
23
+ }
24
+ return baseFromEnv;
25
+ };
26
+ const getSharedUserBaseUrl = override => {
27
+ if (override) return normalizeBaseUrl(override);
28
+ const direct = process.env.SHARED_USER_SERVICE_URL;
29
+ if (direct) return normalizeBaseUrl(direct);
30
+ const apiBase = process.env.CULTUREFY_API_BASE_URL || process.env.API_BASE_URL;
31
+ if (apiBase) {
32
+ return `${normalizeBaseUrl(apiBase)}/shared-user`;
33
+ }
34
+ const baseFromEnv = resolveApiBaseUrlFromEnv();
35
+ return `${baseFromEnv}/shared-user`;
36
+ };
37
+ class InternalApiClient {
38
+ async getUserById(args) {
39
+ const baseUrl = getSharedUserBaseUrl(args.baseUrl);
40
+ const url = `${baseUrl}/v1/interservices/user/${args.userId}`;
41
+ const res = await fetch(url, {
42
+ method: "GET",
43
+ headers: buildHeaders(args.auth)
44
+ });
45
+ if (!res.ok) {
46
+ const text = await res.text();
47
+ throw new Error(`internal-api error ${res.status}: ${text}`);
48
+ }
49
+ return await res.json();
50
+ }
51
+ }
52
+ exports.InternalApiClient = InternalApiClient;
53
+ const internalApiClient = () => new InternalApiClient();
54
+
55
+ // const user = await client.getUserById({
56
+ // userId: "65f0b1c9e8c2a123456789ab",
57
+ // auth: {
58
+ // internalKey: "12345",
59
+ // tenantId: "69b47db5c2be5714989ca8ae",
60
+ // businessId: "69b47db5c2be5714989ca8ae",
61
+ // appId: "5x8jws1b",
62
+ // userId: "65f0b1c9e8c2a123456789ab",
63
+ // },
64
+ // });
65
+ exports.internalApiClient = internalApiClient;
66
+ //# sourceMappingURL=internal-api.js.map
package/build/cjs/service/internal-api.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"internal-api.js","names":["buildHeaders","auth","headers","internalKey","tenantId","businessId","appId","email","name","userId","normalizeBaseUrl","baseUrl","replace","resolveApiBaseUrlFromEnv","env","process","APPLICATION_ENV","toLowerCase","baseFromEnv","Error","getSharedUserBaseUrl","override","direct","SHARED_USER_SERVICE_URL","apiBase","CULTUREFY_API_BASE_URL","API_BASE_URL","InternalApiClient","getUserById","args","url","res","fetch","method","ok","text","status","json","exports","internalApiClient"],"sources":["../../../src/service/internal-api.ts"],"sourcesContent":["export type InternalAuthHeaders = {\n internalKey: string;\n tenantId?: string;\n businessId?: string;\n appId?: string;\n email?: string;\n name?: string;\n userId?: string;\n};\n\nexport type GetUserByIdArgs = {\n userId: string;\n auth: InternalAuthHeaders;\n baseUrl?: string;\n};\n\nconst buildHeaders = (auth: InternalAuthHeaders): Record<string, string> => {\n const headers: Record<string, string> = {\n \"x-internal-key\": auth.internalKey,\n };\n if (auth.tenantId) headers[\"x-tenant-id\"] = auth.tenantId;\n if (auth.businessId) headers[\"x-business-id\"] = auth.businessId;\n if (auth.appId) headers[\"x-app-id\"] = auth.appId;\n if (auth.email) headers[\"x-email\"] = auth.email;\n if (auth.name) headers[\"x-name\"] = auth.name;\n if (auth.userId) headers[\"x-user-id\"] = auth.userId;\n return headers;\n};\n\nconst normalizeBaseUrl = (baseUrl: string): string => baseUrl.replace(/\\/+$/, \"\");\n\nconst resolveApiBaseUrlFromEnv = (): string => {\n const env = (process.env.APPLICATION_ENV || \"\").toLowerCase();\n const baseFromEnv =\n env === \"dev\"\n ? \"https://api.dev.culturefy.app\"\n : env === \"stage\" || env === \"staging\"\n ? \"https://api.staging.culturefy.app\"\n : env === \"prod\" || env === \"production\"\n ? \"https://api.culturefy.app\"\n : \"\";\n\n if (!baseFromEnv) {\n throw new Error(\"Missing SHARED_USER_SERVICE_URL, API_BASE_URL, or valid APPLICATION_ENV\");\n }\n\n return baseFromEnv;\n};\n\nconst getSharedUserBaseUrl = (override?: string): string => {\n if (override) return normalizeBaseUrl(override);\n const direct = process.env.SHARED_USER_SERVICE_URL;\n if (direct) return normalizeBaseUrl(direct);\n const apiBase = process.env.CULTUREFY_API_BASE_URL || process.env.API_BASE_URL;\n if (apiBase) {\n return `${normalizeBaseUrl(apiBase)}/shared-user`;\n }\n\n const baseFromEnv = resolveApiBaseUrlFromEnv();\n return `${baseFromEnv}/shared-user`;\n};\n\nexport class InternalApiClient {\n async getUserById<T>(args: GetUserByIdArgs): Promise<T> {\n const baseUrl = getSharedUserBaseUrl(args.baseUrl);\n const url = `${baseUrl}/v1/interservices/user/${args.userId}`;\n const res = await fetch(url, {\n method: \"GET\",\n headers: buildHeaders(args.auth),\n });\n if (!res.ok) {\n const text = await res.text();\n throw new Error(`internal-api error ${res.status}: ${text}`);\n }\n return (await res.json()) as T;\n }\n}\n\nexport const internalApiClient = () => new InternalApiClient();\n\n// const user = await client.getUserById({\n// userId: \"65f0b1c9e8c2a123456789ab\",\n// auth: {\n// internalKey: \"12345\",\n// tenantId: \"69b47db5c2be5714989ca8ae\",\n// businessId: \"69b47db5c2be5714989ca8ae\",\n// appId: \"5x8jws1b\",\n// userId: \"65f0b1c9e8c2a123456789ab\",\n// },\n// });"],"mappings":";;;;AAgBA,MAAMA,YAAY,GAAIC,IAAyB,IAA6B;EAC1E,MAAMC,OAA+B,GAAG;IACtC,gBAAgB,EAAED,IAAI,CAACE;EACzB,CAAC;EACD,IAAIF,IAAI,CAACG,QAAQ,EAAEF,OAAO,CAAC,aAAa,CAAC,GAAGD,IAAI,CAACG,QAAQ;EACzD,IAAIH,IAAI,CAACI,UAAU,EAAEH,OAAO,CAAC,eAAe,CAAC,GAAGD,IAAI,CAACI,UAAU;EAC/D,IAAIJ,IAAI,CAACK,KAAK,EAAEJ,OAAO,CAAC,UAAU,CAAC,GAAGD,IAAI,CAACK,KAAK;EAChD,IAAIL,IAAI,CAACM,KAAK,EAAEL,OAAO,CAAC,SAAS,CAAC,GAAGD,IAAI,CAACM,KAAK;EAC/C,IAAIN,IAAI,CAACO,IAAI,EAAEN,OAAO,CAAC,QAAQ,CAAC,GAAGD,IAAI,CAACO,IAAI;EAC5C,IAAIP,IAAI,CAACQ,MAAM,EAAEP,OAAO,CAAC,WAAW,CAAC,GAAGD,IAAI,CAACQ,MAAM;EACnD,OAAOP,OAAO;AAChB,CAAC;AAED,MAAMQ,gBAAgB,GAAIC,OAAe,IAAaA,OAAO,CAACC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;AAEjF,MAAMC,wBAAwB,GAAGA,CAAA,KAAc;EAC7C,MAAMC,GAAG,GAAG,CAACC,OAAO,CAACD,GAAG,CAACE,eAAe,IAAI,EAAE,EAAEC,WAAW,CAAC,CAAC;EAC7D,MAAMC,WAAW,GACfJ,GAAG,KAAK,KAAK,GACT,+BAA+B,GAC/BA,GAAG,KAAK,OAAO,IAAIA,GAAG,KAAK,SAAS,GAClC,mCAAmC,GACnCA,GAAG,KAAK,MAAM,IAAIA,GAAG,KAAK,YAAY,GACpC,2BAA2B,GAC3B,EAAE;EAEZ,IAAI,CAACI,WAAW,EAAE;IAChB,MAAM,IAAIC,KAAK,CAAC,yEAAyE,CAAC;EAC5F;EAEA,OAAOD,WAAW;AACpB,CAAC;AAED,MAAME,oBAAoB,GAAIC,QAAiB,IAAa;EAC1D,IAAIA,QAAQ,EAAE,OAAOX,gBAAgB,CAACW,QAAQ,CAAC;EAC/C,MAAMC,MAAM,GAAGP,OAAO,CAACD,GAAG,CAACS,uBAAuB;EAClD,IAAID,MAAM,EAAE,OAAOZ,gBAAgB,CAACY,MAAM,CAAC;EAC3C,MAAME,OAAO,GAAGT,OAAO,CAACD,GAAG,CAACW,sBAAsB,IAAIV,OAAO,CAACD,GAAG,CAACY,YAAY;EAC9E,IAAIF,OAAO,EAAE;IACX,OAAO,GAAGd,gBAAgB,CAACc,OAAO,CAAC,cAAc;EACnD;EAEA,MAAMN,WAAW,GAAGL,wBAAwB,CAAC,CAAC;EAC9C,OAAO,GAAGK,WAAW,cAAc;AACrC,CAAC;AAEM,MAAMS,iBAAiB,CAAC;EAC7B,MAAMC,WAAWA,CAAIC,IAAqB,EAAc;IACtD,MAAMlB,OAAO,GAAGS,oBAAoB,CAACS,IAAI,CAAClB,OAAO,CAAC;IAClD,MAAMmB,GAAG,GAAG,GAAGnB,OAAO,0BAA0BkB,IAAI,CAACpB,MAAM,EAAE;IAC7D,MAAMsB,GAAG,GAAG,MAAMC,KAAK,CAACF,GAAG,EAAE;MAC3BG,MAAM,EAAE,KAAK;MACb/B,OAAO,EAAEF,YAAY,CAAC6B,IAAI,CAAC5B,IAAI;IACjC,CAAC,CAAC;IACF,IAAI,CAAC8B,GAAG,CAACG,EAAE,EAAE;MACX,MAAMC,IAAI,GAAG,MAAMJ,GAAG,CAACI,IAAI,CAAC,CAAC;MAC7B,MAAM,IAAIhB,KAAK,CAAC,sBAAsBY,GAAG,CAACK,MAAM,KAAKD,IAAI,EAAE,CAAC;IAC9D;IACA,OAAQ,MAAMJ,GAAG,CAACM,IAAI,CAAC,CAAC;EAC1B;AACF;AAACC,OAAA,CAAAX,iBAAA,GAAAA,iBAAA;AAEM,MAAMY,iBAAiB,GAAGA,CAAA,KAAM,IAAIZ,iBAAiB,CAAC,CAAC;;AAE9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAAAW,OAAA,CAAAC,iBAAA,GAAAA,iBAAA","ignoreList":[]}
package/build/esm/index.js CHANGED
@@ -5,4 +5,5 @@ export * from './utils/cache';
5
5
  export * from './middlewares';
6
6
  export * from './constants';
7
7
  export * from './repositories';
8
+ export * from './service/internal-api';
8
9
  //# sourceMappingURL=index.js.map
package/build/esm/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../src/index.ts"],"sourcesContent":["export * from './types';\nexport * from './enums';\nexport * from './utils';\nexport * from './utils/cache';\nexport * from './middlewares';\nexport * from './constants';\nexport * from './repositories';\n"],"mappings":"AAAA,cAAc,SAAS;AACvB,cAAc,SAAS;AACvB,cAAc,SAAS;AACvB,cAAc,eAAe;AAC7B,cAAc,eAAe;AAC7B,cAAc,aAAa;AAC3B,cAAc,gBAAgB","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../src/index.ts"],"sourcesContent":["export * from './types';\nexport * from './enums';\nexport * from './utils';\nexport * from './utils/cache';\nexport * from './middlewares';\nexport * from './constants';\nexport * from './repositories';\nexport * from './service/internal-api';\n"],"mappings":"AAAA,cAAc,SAAS;AACvB,cAAc,SAAS;AACvB,cAAc,SAAS;AACvB,cAAc,eAAe;AAC7B,cAAc,eAAe;AAC7B,cAAc,aAAa;AAC3B,cAAc,gBAAgB;AAC9B,cAAc,wBAAwB","ignoreList":[]}
package/build/esm/middlewares/index.js CHANGED
@@ -1,4 +1,5 @@
1
1
  export * from './token-validation';
2
+ export * from './internal-auth-middleware';
2
3
  export * from './verify-middleware';
3
4
  export * from './verify-express';
4
5
  //# sourceMappingURL=index.js.map
package/build/esm/middlewares/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","names":[],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":"AAAA,cAAc,oBAAoB;AAClC,cAAc,qBAAqB;AACnC,cAAc,kBAAkB","ignoreList":[]}
1
+ {"version":3,"file":"index.js","names":[],"sources":["../../../src/middlewares/index.ts"],"sourcesContent":["export * from './token-validation';\nexport * from './internal-auth-middleware';\nexport * from './verify-middleware';\nexport * from './verify-express';\n"],"mappings":"AAAA,cAAc,oBAAoB;AAClC,cAAc,4BAA4B;AAC1C,cAAc,qBAAqB;AACnC,cAAc,kBAAkB","ignoreList":[]}
package/build/esm/middlewares/internal-auth-middleware.js ADDED
@@ -0,0 +1,38 @@
1
+ const INTERNAL_SERVICE_KEY = "12345";
2
+ const getHeader = (req, name) => {
3
+ var _req$headers$get;
4
+ return (_req$headers$get = req.headers.get(name)) != null ? _req$headers$get : req.headers.get(name.toLowerCase());
5
+ };
6
+ export const internalAuthMw = async (req, ctx, next) => {
7
+ var _ref, _ref$state;
8
+ const internalKey = getHeader(req, "x-internal-key");
9
+ if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {
10
+ return {
11
+ status: 401,
12
+ headers: {
13
+ "Content-Type": "application/json"
14
+ },
15
+ body: JSON.stringify({
16
+ status: "unauthenticated",
17
+ reason: "invalid_internal_key"
18
+ })
19
+ };
20
+ }
21
+ const tenantId = getHeader(req, "x-tenant-id") || undefined;
22
+ const userId = getHeader(req, "x-user-id") || undefined;
23
+ const businessId = getHeader(req, "x-business-id") || undefined;
24
+ const appId = getHeader(req, "x-app-id") || undefined;
25
+ const email = getHeader(req, "x-email") || undefined;
26
+ const name = getHeader(req, "x-name") || undefined;
27
+ (_ref$state = (_ref = ctx).state) != null ? _ref$state : _ref.state = {};
28
+ ctx.state.auth = {
29
+ appId,
30
+ userId,
31
+ businessId,
32
+ tenantId,
33
+ email,
34
+ name
35
+ };
36
+ return next();
37
+ };
38
+ //# sourceMappingURL=internal-auth-middleware.js.map
package/build/esm/middlewares/internal-auth-middleware.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"internal-auth-middleware.js","names":["INTERNAL_SERVICE_KEY","getHeader","req","name","_req$headers$get","headers","get","toLowerCase","internalAuthMw","ctx","next","_ref","_ref$state","internalKey","status","body","JSON","stringify","reason","tenantId","undefined","userId","businessId","appId","email","state","auth"],"sources":["../../../src/middlewares/internal-auth-middleware.ts"],"sourcesContent":["import { HttpRequest, HttpResponseInit, InvocationContext } from \"@azure/functions\";\nimport { IMiddleware } from \"../types/middleware\";\n\nconst INTERNAL_SERVICE_KEY = \"12345\";\n\nconst getHeader = (req: HttpRequest, name: string): string | null =>\n req.headers.get(name) ?? req.headers.get(name.toLowerCase());\n\nexport const internalAuthMw: IMiddleware = async (\n req: HttpRequest,\n ctx: InvocationContext,\n next: () => Promise<HttpResponseInit>\n): Promise<HttpResponseInit> => {\n const internalKey = getHeader(req, \"x-internal-key\");\n\n if (!internalKey || internalKey !== INTERNAL_SERVICE_KEY) {\n return {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ status: \"unauthenticated\", reason: \"invalid_internal_key\" }),\n };\n }\n\n const tenantId = getHeader(req, \"x-tenant-id\") || undefined;\n const userId = getHeader(req, \"x-user-id\") || undefined;\n const businessId = getHeader(req, \"x-business-id\") || undefined;\n const appId = getHeader(req, \"x-app-id\") || undefined;\n const email = getHeader(req, \"x-email\") || undefined;\n const name = getHeader(req, \"x-name\") || undefined;\n\n (ctx as any).state ??= {};\n (ctx as any).state.auth = {\n appId,\n userId,\n businessId,\n tenantId,\n email,\n name,\n };\n\n return next();\n};\n"],"mappings":"AAGA,MAAMA,oBAAoB,GAAG,OAAO;AAEpC,MAAMC,SAAS,GAAGA,CAACC,GAAgB,EAAEC,IAAY;EAAA,IAAAC,gBAAA;EAAA,QAAAA,gBAAA,GAC/CF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAAC,YAAAC,gBAAA,GAAIF,GAAG,CAACG,OAAO,CAACC,GAAG,CAACH,IAAI,CAACI,WAAW,CAAC,CAAC,CAAC;AAAA;AAE9D,OAAO,MAAMC,cAA2B,GAAG,MAAAA,CACzCN,GAAgB,EAChBO,GAAsB,EACtBC,IAAqC,KACP;EAAA,IAAAC,IAAA,EAAAC,UAAA;EAC9B,MAAMC,WAAW,GAAGZ,SAAS,CAACC,GAAG,EAAE,gBAAgB,CAAC;EAEpD,IAAI,CAACW,WAAW,IAAIA,WAAW,KAAKb,oBAAoB,EAAE;IACxD,OAAO;MACLc,MAAM,EAAE,GAAG;MACXT,OAAO,EAAE;QAAE,cAAc,EAAE;MAAmB,CAAC;MAC/CU,IAAI,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAEH,MAAM,EAAE,iBAAiB;QAAEI,MAAM,EAAE;MAAuB,CAAC;IACpF,CAAC;EACH;EAEA,MAAMC,QAAQ,GAAGlB,SAAS,CAACC,GAAG,EAAE,aAAa,CAAC,IAAIkB,SAAS;EAC3D,MAAMC,MAAM,GAAGpB,SAAS,CAACC,GAAG,EAAE,WAAW,CAAC,IAAIkB,SAAS;EACvD,MAAME,UAAU,GAAGrB,SAAS,CAACC,GAAG,EAAE,eAAe,CAAC,IAAIkB,SAAS;EAC/D,MAAMG,KAAK,GAAGtB,SAAS,CAACC,GAAG,EAAE,UAAU,CAAC,IAAIkB,SAAS;EACrD,MAAMI,KAAK,GAAGvB,SAAS,CAACC,GAAG,EAAE,SAAS,CAAC,IAAIkB,SAAS;EACpD,MAAMjB,IAAI,GAAGF,SAAS,CAACC,GAAG,EAAE,QAAQ,CAAC,IAAIkB,SAAS;EAElD,CAAAR,UAAA,IAAAD,IAAA,GAACF,GAAG,EAASgB,KAAK,YAAAb,UAAA,GAAlBD,IAAA,CAAac,KAAK,GAAK,CAAC,CAAC;EACxBhB,GAAG,CAASgB,KAAK,CAACC,IAAI,GAAG;IACxBH,KAAK;IACLF,MAAM;IACNC,UAAU;IACVH,QAAQ;IACRK,KAAK;IACLrB;EACF,CAAC;EAED,OAAOO,IAAI,CAAC,CAAC;AACf,CAAC","ignoreList":[]}