@de-otio/chaoskb-server 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/constructs/blob-store.js +1 -1
- package/dist/lib/constructs/blob-store.js.map +1 -1
- package/dist/lib/handler/index.d.ts.map +1 -1
- package/dist/lib/handler/index.js +20 -4
- package/dist/lib/handler/index.js.map +1 -1
- package/dist/lib/handler/index.ts +19 -4
- package/dist/lib/handler/middleware/rate-limit.d.ts.map +1 -1
- package/dist/lib/handler/middleware/rate-limit.js +13 -9
- package/dist/lib/handler/middleware/rate-limit.js.map +1 -1
- package/dist/lib/handler/middleware/rate-limit.ts +14 -9
- package/dist/lib/handler/middleware/ssh-auth.d.ts.map +1 -1
- package/dist/lib/handler/middleware/ssh-auth.js +66 -6
- package/dist/lib/handler/middleware/ssh-auth.js.map +1 -1
- package/dist/lib/handler/middleware/ssh-auth.ts +74 -7
- package/dist/lib/handler/routes/audit.js +1 -1
- package/dist/lib/handler/routes/audit.js.map +1 -1
- package/dist/lib/handler/routes/audit.ts +1 -1
- package/dist/lib/handler/routes/blobs.d.ts.map +1 -1
- package/dist/lib/handler/routes/blobs.js +2 -3
- package/dist/lib/handler/routes/blobs.js.map +1 -1
- package/dist/lib/handler/routes/blobs.ts +2 -3
- package/dist/lib/handler/routes/devices.d.ts.map +1 -1
- package/dist/lib/handler/routes/devices.js +10 -6
- package/dist/lib/handler/routes/devices.js.map +1 -1
- package/dist/lib/handler/routes/devices.ts +11 -6
- package/dist/lib/handler/routes/github.d.ts +15 -2
- package/dist/lib/handler/routes/github.d.ts.map +1 -1
- package/dist/lib/handler/routes/github.js +96 -22
- package/dist/lib/handler/routes/github.js.map +1 -1
- package/dist/lib/handler/routes/github.ts +68 -35
- package/dist/lib/handler/routes/invites.d.ts.map +1 -1
- package/dist/lib/handler/routes/invites.js +11 -13
- package/dist/lib/handler/routes/invites.js.map +1 -1
- package/dist/lib/handler/routes/invites.ts +11 -13
- package/dist/lib/handler/routes/notifications.js +1 -1
- package/dist/lib/handler/routes/notifications.js.map +1 -1
- package/dist/lib/handler/routes/notifications.ts +1 -1
- package/dist/lib/handler/routes/projects.d.ts.map +1 -1
- package/dist/lib/handler/routes/projects.js.map +1 -1
- package/dist/lib/handler/routes/projects.ts +0 -1
- package/dist/lib/handler/routes/register.d.ts +1 -1
- package/dist/lib/handler/routes/register.d.ts.map +1 -1
- package/dist/lib/handler/routes/register.js +104 -58
- package/dist/lib/handler/routes/register.js.map +1 -1
- package/dist/lib/handler/routes/register.ts +113 -66
- package/dist/lib/handler/routes/restore.d.ts.map +1 -1
- package/dist/lib/handler/routes/restore.js +1 -2
- package/dist/lib/handler/routes/restore.js.map +1 -1
- package/dist/lib/handler/routes/restore.ts +1 -2
- package/dist/lib/handler/routes/rotation.d.ts.map +1 -1
- package/dist/lib/handler/routes/rotation.js +23 -2
- package/dist/lib/handler/routes/rotation.js.map +1 -1
- package/dist/lib/handler/routes/rotation.ts +30 -2
- package/package.json +1 -1
|
@@ -15,7 +15,7 @@ class BlobStore extends constructs_1.Construct {
|
|
|
15
15
|
billing: aws_dynamodb_1.Billing.onDemand(),
|
|
16
16
|
pointInTimeRecovery: true,
|
|
17
17
|
removalPolicy: aws_cdk_lib_1.RemovalPolicy.RETAIN,
|
|
18
|
-
timeToLiveAttribute: '
|
|
18
|
+
timeToLiveAttribute: 'expiresAt',
|
|
19
19
|
globalSecondaryIndexes: [
|
|
20
20
|
{
|
|
21
21
|
indexName: 'updatedAt-index',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"blob-store.js","sourceRoot":"","sources":["../../../lib/constructs/blob-store.ts"],"names":[],"mappings":";;;AAAA,6CAA4C;AAC5C,2DAA2F;AAC3F,2CAAuC;AAMvC,MAAa,SAAU,SAAQ,sBAAS;IACtB,KAAK,CAAU;IAE/B,YAAY,KAAgB,EAAE,EAAU,EAAE,KAAqB;QAC7D,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAEjB,IAAI,CAAC,KAAK,GAAG,IAAI,sBAAO,CAAC,IAAI,EAAE,OAAO,EAAE;YACtC,SAAS,EAAE,WAAW,KAAK,CAAC,WAAW,EAAE;YACzC,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,4BAAa,CAAC,MAAM,EAAE;YACxD,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,4BAAa,CAAC,MAAM,EAAE;YACnD,OAAO,EAAE,sBAAO,CAAC,QAAQ,EAAE;YAC3B,mBAAmB,EAAE,IAAI;YACzB,aAAa,EAAE,2BAAa,CAAC,MAAM;YACnC,mBAAmB,EAAE,
|
|
1
|
+
{"version":3,"file":"blob-store.js","sourceRoot":"","sources":["../../../lib/constructs/blob-store.ts"],"names":[],"mappings":";;;AAAA,6CAA4C;AAC5C,2DAA2F;AAC3F,2CAAuC;AAMvC,MAAa,SAAU,SAAQ,sBAAS;IACtB,KAAK,CAAU;IAE/B,YAAY,KAAgB,EAAE,EAAU,EAAE,KAAqB;QAC7D,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAEjB,IAAI,CAAC,KAAK,GAAG,IAAI,sBAAO,CAAC,IAAI,EAAE,OAAO,EAAE;YACtC,SAAS,EAAE,WAAW,KAAK,CAAC,WAAW,EAAE;YACzC,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,4BAAa,CAAC,MAAM,EAAE;YACxD,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,4BAAa,CAAC,MAAM,EAAE;YACnD,OAAO,EAAE,sBAAO,CAAC,QAAQ,EAAE;YAC3B,mBAAmB,EAAE,IAAI;YACzB,aAAa,EAAE,2BAAa,CAAC,MAAM;YACnC,mBAAmB,EAAE,WAAW;YAChC,sBAAsB,EAAE;gBACtB;oBACE,SAAS,EAAE,iBAAiB;oBAC5B,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,4BAAa,CAAC,MAAM,EAAE;oBACxD,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,4BAAa,CAAC,MAAM,EAAE;oBAC1D,cAAc,EAAE,6BAAc,CAAC,GAAG;iBACnC;aACF;SACF,CAAC,CAAC;IACL,CAAC;CACF;AAxBD,8BAwBC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/handler/index.ts"],"names":[],"mappings":"AAqCA,UAAU,sBAAsB;IAC9B,cAAc,EAAE;QACd,IAAI,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAC;YAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;QAC1D,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,qBAAqB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,UAAU,uBAAuB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AA8BD,eAAO,MAAM,OAAO,GAAU,OAAO,sBAAsB,KAAG,OAAO,CAAC,uBAAuB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/handler/index.ts"],"names":[],"mappings":"AAqCA,UAAU,sBAAsB;IAC9B,cAAc,EAAE;QACd,IAAI,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAC;YAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;QAC1D,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,qBAAqB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,UAAU,uBAAuB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AA8BD,eAAO,MAAM,OAAO,GAAU,OAAO,sBAAsB,KAAG,OAAO,CAAC,uBAAuB,CA+S5F,CAAC"}
|
|
@@ -85,7 +85,7 @@ const handler = async (event) => {
|
|
|
85
85
|
const result = await (0, devices_js_1.handleLinkConfirm)(event.body, ddb, TABLE_NAME);
|
|
86
86
|
return response(result.statusCode, result.body, result.headers);
|
|
87
87
|
}
|
|
88
|
-
// Register — no auth, IP rate limited (1 req/sec)
|
|
88
|
+
// Register — no auth, IP rate limited (1 req/sec; stricter for GitHub registrations)
|
|
89
89
|
if (method === 'POST' && path === '/v1/auth/register') {
|
|
90
90
|
const sourceIp = event.headers['x-forwarded-for']?.split(',')[0]?.trim()
|
|
91
91
|
?? event.requestContext.http.sourceIp
|
|
@@ -97,7 +97,23 @@ const handler = async (event) => {
|
|
|
97
97
|
...(0, rate_limit_js_1.rateLimitHeaders)(rateCheck),
|
|
98
98
|
});
|
|
99
99
|
}
|
|
100
|
-
|
|
100
|
+
// Stricter rate limit for registrations that include a GitHub username
|
|
101
|
+
try {
|
|
102
|
+
const parsed = event.body ? JSON.parse(event.body) : {};
|
|
103
|
+
if (parsed.github) {
|
|
104
|
+
const ghRateCheck = await (0, rate_limit_js_1.checkIpRateLimit)(sourceIp, 'REGISTER_GITHUB', ddb, TABLE_NAME);
|
|
105
|
+
if (!ghRateCheck.allowed) {
|
|
106
|
+
return response(429, JSON.stringify({ error: 'rate_limited', message: 'Too many requests' }), {
|
|
107
|
+
'Content-Type': 'application/json',
|
|
108
|
+
...(0, rate_limit_js_1.rateLimitHeaders)(ghRateCheck),
|
|
109
|
+
});
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
catch {
|
|
114
|
+
// Invalid JSON — handleRegister will return 400
|
|
115
|
+
}
|
|
116
|
+
const result = await (0, register_js_1.handleRegister)(event.body, ddb, TABLE_NAME, SIGNUPS_ENABLED_PARAM, event.headers);
|
|
101
117
|
return response(result.statusCode, result.body, result.headers);
|
|
102
118
|
}
|
|
103
119
|
// All other routes require authentication
|
|
@@ -138,9 +154,9 @@ const handler = async (event) => {
|
|
|
138
154
|
const result = await (0, devices_js_1.handleListDevices)(tenantId, ddb, TABLE_NAME);
|
|
139
155
|
return response(result.statusCode, result.body, result.headers);
|
|
140
156
|
}
|
|
141
|
-
const deviceDeleteMatch = path.match(/^\/v1\/devices\/(
|
|
157
|
+
const deviceDeleteMatch = path.match(/^\/v1\/devices\/(.+)$/);
|
|
142
158
|
if (deviceDeleteMatch && method === 'DELETE') {
|
|
143
|
-
const fingerprint = deviceDeleteMatch[1];
|
|
159
|
+
const fingerprint = decodeURIComponent(deviceDeleteMatch[1]);
|
|
144
160
|
const result = await (0, devices_js_1.handleDeleteDevice)(tenantId, fingerprint, ddb, TABLE_NAME);
|
|
145
161
|
return response(result.statusCode, result.body, result.headers);
|
|
146
162
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../lib/handler/index.ts"],"names":[],"mappings":";;;AAAA,8DAA0D;AAC1D,wDAA+D;AAC/D,2CAAqC;AACrC,0DAA0E;AAC1E,8DAAgF;AAChF,kDAAkD;AAClD,sDAAuE;AACvE,gDAM2B;AAC3B,oDAAoD;AACpD,oDAAgG;AAChG,kDAAkD;AAClD,4DAAmF;AACnF,sDAA8E;AAC9E,gDAAsD;AACtD,0DAAyD;AACzD,oDAM6B;AAC7B,oDAK6B;AAC7B,sDAAmE;AACnE,gEAA8F;AAoB9F,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;AACnD,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC;AAEzE,MAAM,MAAM,GAAG,IAAI,gCAAc,CAAC,EAAE,CAAC,CAAC;AACtC,MAAM,GAAG,GAAG,qCAAsB,CAAC,IAAI,CAAC,MAAM,EAAE;IAC9C,eAAe,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE;CACjD,CAAC,CAAC;AAEH,MAAM,YAAY,GAA2B;IAC3C,6BAA6B,EAAE,MAAM;IACrC,8BAA8B,EAAE,iCAAiC;IACjE,8BAA8B,EAAE,6BAA6B;CAC9D,CAAC;AAEF,SAAS,QAAQ,CACf,UAAkB,EAClB,IAAY,EACZ,UAAkC,EAAE,EACpC,eAAe,GAAG,KAAK;IAEvB,OAAO;QACL,UAAU;QACV,OAAO,EAAE,EAAE,GAAG,YAAY,EAAE,GAAG,OAAO,EAAE;QACxC,IAAI;QACJ,eAAe;KAChB,CAAC;AACJ,CAAC;AAEM,MAAM,OAAO,GAAG,KAAK,EAAE,KAA6B,EAAoC,EAAE;IAC/F,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC;IAChD,MAAM,IAAI,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5C,MAAM,SAAS,GAAG,KAAK,CAAC,cAAc,CAAC,SAAS,CAAC;IAEjD,kBAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;IAE/E,IAAI,CAAC;QACH,2BAA2B;QAC3B,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,OAAO,QAAQ,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QAC/B,CAAC;QAED,yBAAyB;QACzB,IAAI,MAAM,KAAK,KAAK,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAA,wBAAY,GAAE,CAAC;YAC9B,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,oDAAoD;QACpD,IAAI,MAAM,KAAK,KAAK,IAAI,IAAI,KAAK,wBAAwB,EAAE,CAAC;YAC1D,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;mBACnE,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ;mBAClC,SAAS,CAAC;YACf,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAgB,EAAC,QAAQ,EAAE,WAAW,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACjF,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,EAAE;oBAC5F,cAAc,EAAE,kBAAkB;oBAClC,GAAG,IAAA,gCAAgB,EAAC,SAAS,CAAC;iBAC/B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAA,6BAAe,EAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YACtD,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,8EAA8E;QAC9E,IAAI,MAAM,KAAK,MAAM,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACrD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;mBACnE,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ;mBAClC,SAAS,CAAC;YACf,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAgB,EAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACpF,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,EAAE;oBAC5F,cAAc,EAAE,kBAAkB;oBAClC,GAAG,IAAA,gCAAgB,EAAC,SAAS,CAAC;iBAC/B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAA,8BAAiB,EAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACpE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,kDAAkD;QAClD,IAAI,MAAM,KAAK,MAAM,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACtD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;mBACnE,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ;mBAClC,SAAS,CAAC;YACf,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAgB,EAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAChF,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,EAAE;oBAC5F,cAAc,EAAE,kBAAkB;oBAClC,GAAG,IAAA,gCAAgB,EAAC,SAAS,CAAC;iBAC/B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAc,EAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,qBAAqB,CAAC,CAAC;YACxF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,0CAA0C;QAC1C,MAAM,IAAI,GAAG,MAAM,IAAA,iCAAmB,EAAC,KAAK,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAE/B,iCAAiC;QACjC,IAAI,IAAI,KAAK,gBAAgB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAe,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAChE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,YAAY;QACZ,IAAI,IAAI,KAAK,WAAW,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAiB,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,sBAAsB;QACtB,IAAI,IAAI,KAAK,kBAAkB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAiB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAChG,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,KAAK,oBAAoB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAmB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACtF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,KAAK,eAAe,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAClD,MAAM,MAAM,GAAG,MAAM,IAAA,qCAAwB,EAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACrF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACzE,IAAI,eAAe,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;YACpC,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAuB,EAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAClF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,KAAK,aAAa,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,8BAAiB,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACjE,IAAI,iBAAiB,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7C,MAAM,WAAW,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAkB,EAAC,QAAQ,EAAE,WAAW,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAChF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,qBAAqB;QACrB,IAAI,IAAI,KAAK,iBAAiB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAmB,EACtC,QAAQ,EACR,IAAI,CAAC,WAAW,EAChB,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,eAAe,EACrB,GAAG,EACH,UAAU,CACX,CAAC;YACF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,KAAK,iBAAiB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAmB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACtF,IAAI,MAAM,CAAC,UAAU,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,0BAA0B,EAAE,CAAC;gBAC/F,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YACxE,CAAC;YACD,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,cAAc;QACd,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAEnE,IAAI,YAAY,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACtE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,KAAK,iBAAiB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAgB,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACjE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAE5B,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;gBACrB,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;gBACzF,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAa,EAChC,MAAM,EACN,QAAQ,EACR,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,eAAe,EACrB,WAAW,EACX,GAAG,EACH,UAAU,CACX,CAAC;gBACF,IAAI,MAAM,CAAC,UAAU,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,0BAA0B,EAAE,CAAC;oBAC/F,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;gBACxE,CAAC;gBACD,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;gBACtE,IAAI,MAAM,CAAC,UAAU,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,0BAA0B,EAAE,CAAC;oBAC/F,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;gBACxE,CAAC;gBACD,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAgB,EAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;gBACzE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;QAED,IAAI,IAAI,KAAK,WAAW,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,KAAK,CAAC,qBAAqB,EAAE,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAe,EAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACvE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,gBAAgB;QAChB,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAEjE,IAAI,IAAI,KAAK,aAAa,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAkB,EAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAC/E,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,KAAK,aAAa,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,8BAAiB,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,iBAAiB,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7C,MAAM,eAAe,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;YAC7C,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAkB,EAAC,eAAe,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACpF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,gBAAgB;QAChB,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAEnF,IAAI,IAAI,KAAK,aAAa,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAkB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACjG,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,KAAK,aAAa,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,8BAAiB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACpF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,iBAAiB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC3C,MAAM,QAAQ,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;YACtC,MAAM,MAAM,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;YAEpC,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAkB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;gBAC/F,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,MAAM,IAAA,gCAAmB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;gBAC5G,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,IAAI,KAAK,mBAAmB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,IAAA,yCAAsB,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACvE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,wBAAwB,GAAG,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QACpF,IAAI,wBAAwB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAClD,MAAM,cAAc,GAAG,kBAAkB,CAAC,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAAC;YACvE,MAAM,MAAM,GAAG,MAAM,IAAA,4CAAyB,EAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAC1F,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,kBAAkB;QAClB,IAAI,IAAI,KAAK,wBAAwB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC1D,MAAM,MAAM,GAAG,MAAM,IAAA,yCAA2B,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAC5E,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,SAAS;QACT,IAAI,IAAI,KAAK,YAAY,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC9C,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAC7D,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,YAAY;QACZ,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,MAAM,IAAI,IAAI,EAAE,EAAE,CAAC,EAAE;YACtG,cAAc,EAAE,kBAAkB;SACnC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAE1C,IAAI,GAAG,YAAY,uBAAS,EAAE,CAAC;YAC7B,kBAAM,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,OAAO,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE;gBAC7F,cAAc,EAAE,kBAAkB;aACnC,CAAC,CAAC;QACL,CAAC;QAED,kBAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/E,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,EAAE;YAClG,cAAc,EAAE,kBAAkB;SACnC,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC;AAhSW,QAAA,OAAO,WAgSlB"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../lib/handler/index.ts"],"names":[],"mappings":";;;AAAA,8DAA0D;AAC1D,wDAA+D;AAC/D,2CAAqC;AACrC,0DAA0E;AAC1E,8DAAgF;AAChF,kDAAkD;AAClD,sDAAuE;AACvE,gDAM2B;AAC3B,oDAAoD;AACpD,oDAAgG;AAChG,kDAAkD;AAClD,4DAAmF;AACnF,sDAA8E;AAC9E,gDAAsD;AACtD,0DAAyD;AACzD,oDAM6B;AAC7B,oDAK6B;AAC7B,sDAAmE;AACnE,gEAA8F;AAoB9F,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;AACnD,MAAM,qBAAqB,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC;AAEzE,MAAM,MAAM,GAAG,IAAI,gCAAc,CAAC,EAAE,CAAC,CAAC;AACtC,MAAM,GAAG,GAAG,qCAAsB,CAAC,IAAI,CAAC,MAAM,EAAE;IAC9C,eAAe,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE;CACjD,CAAC,CAAC;AAEH,MAAM,YAAY,GAA2B;IAC3C,6BAA6B,EAAE,MAAM;IACrC,8BAA8B,EAAE,iCAAiC;IACjE,8BAA8B,EAAE,6BAA6B;CAC9D,CAAC;AAEF,SAAS,QAAQ,CACf,UAAkB,EAClB,IAAY,EACZ,UAAkC,EAAE,EACpC,eAAe,GAAG,KAAK;IAEvB,OAAO;QACL,UAAU;QACV,OAAO,EAAE,EAAE,GAAG,YAAY,EAAE,GAAG,OAAO,EAAE;QACxC,IAAI;QACJ,eAAe;KAChB,CAAC;AACJ,CAAC;AAEM,MAAM,OAAO,GAAG,KAAK,EAAE,KAA6B,EAAoC,EAAE;IAC/F,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC;IAChD,MAAM,IAAI,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;IAC5C,MAAM,SAAS,GAAG,KAAK,CAAC,cAAc,CAAC,SAAS,CAAC;IAEjD,kBAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;IAE/E,IAAI,CAAC;QACH,2BAA2B;QAC3B,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,OAAO,QAAQ,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QAC/B,CAAC;QAED,yBAAyB;QACzB,IAAI,MAAM,KAAK,KAAK,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAA,wBAAY,GAAE,CAAC;YAC9B,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,oDAAoD;QACpD,IAAI,MAAM,KAAK,KAAK,IAAI,IAAI,KAAK,wBAAwB,EAAE,CAAC;YAC1D,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;mBACnE,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ;mBAClC,SAAS,CAAC;YACf,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAgB,EAAC,QAAQ,EAAE,WAAW,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACjF,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,EAAE;oBAC5F,cAAc,EAAE,kBAAkB;oBAClC,GAAG,IAAA,gCAAgB,EAAC,SAAS,CAAC;iBAC/B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAA,6BAAe,EAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YACtD,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,8EAA8E;QAC9E,IAAI,MAAM,KAAK,MAAM,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;YACrD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;mBACnE,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ;mBAClC,SAAS,CAAC;YACf,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAgB,EAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACpF,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,EAAE;oBAC5F,cAAc,EAAE,kBAAkB;oBAClC,GAAG,IAAA,gCAAgB,EAAC,SAAS,CAAC;iBAC/B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAA,8BAAiB,EAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACpE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,qFAAqF;QACrF,IAAI,MAAM,KAAK,MAAM,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACtD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;mBACnE,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ;mBAClC,SAAS,CAAC;YACf,MAAM,SAAS,GAAG,MAAM,IAAA,gCAAgB,EAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAChF,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,EAAE;oBAC5F,cAAc,EAAE,kBAAkB;oBAClC,GAAG,IAAA,gCAAgB,EAAC,SAAS,CAAC;iBAC/B,CAAC,CAAC;YACL,CAAC;YACD,uEAAuE;YACvE,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACxD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBAClB,MAAM,WAAW,GAAG,MAAM,IAAA,gCAAgB,EAAC,QAAQ,EAAE,iBAAiB,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;oBACzF,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACzB,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC,EAAE;4BAC5F,cAAc,EAAE,kBAAkB;4BAClC,GAAG,IAAA,gCAAgB,EAAC,WAAW,CAAC;yBACjC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gDAAgD;YAClD,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAc,EAAC,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,qBAAqB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;YACvG,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,0CAA0C;QAC1C,MAAM,IAAI,GAAG,MAAM,IAAA,iCAAmB,EAAC,KAAK,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAE/B,iCAAiC;QACjC,IAAI,IAAI,KAAK,gBAAgB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAe,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAChE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,YAAY;QACZ,IAAI,IAAI,KAAK,WAAW,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAiB,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,sBAAsB;QACtB,IAAI,IAAI,KAAK,kBAAkB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAiB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAChG,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,KAAK,oBAAoB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAmB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACtF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,KAAK,eAAe,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAClD,MAAM,MAAM,GAAG,MAAM,IAAA,qCAAwB,EAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACrF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACzE,IAAI,eAAe,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;YACpC,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAuB,EAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAClF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,KAAK,aAAa,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,8BAAiB,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC9D,IAAI,iBAAiB,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7C,MAAM,WAAW,GAAG,kBAAkB,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7D,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAkB,EAAC,QAAQ,EAAE,WAAW,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAChF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,qBAAqB;QACrB,IAAI,IAAI,KAAK,iBAAiB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAmB,EACtC,QAAQ,EACR,IAAI,CAAC,WAAW,EAChB,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,eAAe,EACrB,GAAG,EACH,UAAU,CACX,CAAC;YACF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,KAAK,iBAAiB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAmB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACtF,IAAI,MAAM,CAAC,UAAU,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,0BAA0B,EAAE,CAAC;gBAC/F,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YACxE,CAAC;YACD,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,cAAc;QACd,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACvD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAEnE,IAAI,YAAY,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACtE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,KAAK,iBAAiB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAgB,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACjE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAE5B,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;gBACrB,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;gBACzF,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAa,EAChC,MAAM,EACN,QAAQ,EACR,KAAK,CAAC,IAAI,EACV,KAAK,CAAC,eAAe,EACrB,WAAW,EACX,GAAG,EACH,UAAU,CACX,CAAC;gBACF,IAAI,MAAM,CAAC,UAAU,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,0BAA0B,EAAE,CAAC;oBAC/F,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;gBACxE,CAAC;gBACD,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;gBACrB,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;gBACtE,IAAI,MAAM,CAAC,UAAU,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,0BAA0B,EAAE,CAAC;oBAC/F,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;gBACxE,CAAC;gBACD,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAgB,EAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;gBACzE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;QAED,IAAI,IAAI,KAAK,WAAW,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,KAAK,CAAC,qBAAqB,EAAE,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,IAAA,0BAAe,EAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACvE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,gBAAgB;QAChB,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAEjE,IAAI,IAAI,KAAK,aAAa,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAkB,EAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAC/E,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,KAAK,aAAa,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,8BAAiB,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,iBAAiB,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7C,MAAM,eAAe,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;YAC7C,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAkB,EAAC,eAAe,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACpF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,gBAAgB;QAChB,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAEnF,IAAI,IAAI,KAAK,aAAa,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAkB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACjG,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,IAAI,KAAK,aAAa,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC/C,MAAM,MAAM,GAAG,MAAM,IAAA,8BAAiB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACpF,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,iBAAiB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC3C,MAAM,QAAQ,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;YACtC,MAAM,MAAM,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;YAEpC,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAkB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;gBAC/F,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;YAED,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,MAAM,IAAA,gCAAmB,EAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;gBAC5G,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,IAAI,KAAK,mBAAmB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YACrD,MAAM,MAAM,GAAG,MAAM,IAAA,yCAAsB,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YACvE,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,wBAAwB,GAAG,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QACpF,IAAI,wBAAwB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAClD,MAAM,cAAc,GAAG,kBAAkB,CAAC,wBAAwB,CAAC,CAAC,CAAC,CAAC,CAAC;YACvE,MAAM,MAAM,GAAG,MAAM,IAAA,4CAAyB,EAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAC1F,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,kBAAkB;QAClB,IAAI,IAAI,KAAK,wBAAwB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC1D,MAAM,MAAM,GAAG,MAAM,IAAA,yCAA2B,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAC5E,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,SAAS;QACT,IAAI,IAAI,KAAK,YAAY,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC9C,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC;YAC7D,OAAO,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QAClE,CAAC;QAED,YAAY;QACZ,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,gBAAgB,MAAM,IAAI,IAAI,EAAE,EAAE,CAAC,EAAE;YACtG,cAAc,EAAE,kBAAkB;SACnC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAE1C,IAAI,GAAG,YAAY,uBAAS,EAAE,CAAC;YAC7B,kBAAM,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1E,OAAO,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE;gBAC7F,cAAc,EAAE,kBAAkB;aACnC,CAAC,CAAC;QACL,CAAC;QAED,kBAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/E,OAAO,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC,EAAE;YAClG,cAAc,EAAE,kBAAkB;SACnC,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC;AA/SW,QAAA,OAAO,WA+SlB"}
|
|
@@ -133,7 +133,7 @@ export const handler = async (event: LambdaFunctionURLEvent): Promise<LambdaFunc
|
|
|
133
133
|
return response(result.statusCode, result.body, result.headers);
|
|
134
134
|
}
|
|
135
135
|
|
|
136
|
-
// Register — no auth, IP rate limited (1 req/sec)
|
|
136
|
+
// Register — no auth, IP rate limited (1 req/sec; stricter for GitHub registrations)
|
|
137
137
|
if (method === 'POST' && path === '/v1/auth/register') {
|
|
138
138
|
const sourceIp = event.headers['x-forwarded-for']?.split(',')[0]?.trim()
|
|
139
139
|
?? event.requestContext.http.sourceIp
|
|
@@ -145,7 +145,22 @@ export const handler = async (event: LambdaFunctionURLEvent): Promise<LambdaFunc
|
|
|
145
145
|
...rateLimitHeaders(rateCheck),
|
|
146
146
|
});
|
|
147
147
|
}
|
|
148
|
-
|
|
148
|
+
// Stricter rate limit for registrations that include a GitHub username
|
|
149
|
+
try {
|
|
150
|
+
const parsed = event.body ? JSON.parse(event.body) : {};
|
|
151
|
+
if (parsed.github) {
|
|
152
|
+
const ghRateCheck = await checkIpRateLimit(sourceIp, 'REGISTER_GITHUB', ddb, TABLE_NAME);
|
|
153
|
+
if (!ghRateCheck.allowed) {
|
|
154
|
+
return response(429, JSON.stringify({ error: 'rate_limited', message: 'Too many requests' }), {
|
|
155
|
+
'Content-Type': 'application/json',
|
|
156
|
+
...rateLimitHeaders(ghRateCheck),
|
|
157
|
+
});
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
} catch {
|
|
161
|
+
// Invalid JSON — handleRegister will return 400
|
|
162
|
+
}
|
|
163
|
+
const result = await handleRegister(event.body, ddb, TABLE_NAME, SIGNUPS_ENABLED_PARAM, event.headers);
|
|
149
164
|
return response(result.statusCode, result.body, result.headers);
|
|
150
165
|
}
|
|
151
166
|
|
|
@@ -195,9 +210,9 @@ export const handler = async (event: LambdaFunctionURLEvent): Promise<LambdaFunc
|
|
|
195
210
|
return response(result.statusCode, result.body, result.headers);
|
|
196
211
|
}
|
|
197
212
|
|
|
198
|
-
const deviceDeleteMatch = path.match(/^\/v1\/devices\/(
|
|
213
|
+
const deviceDeleteMatch = path.match(/^\/v1\/devices\/(.+)$/);
|
|
199
214
|
if (deviceDeleteMatch && method === 'DELETE') {
|
|
200
|
-
const fingerprint = deviceDeleteMatch[1];
|
|
215
|
+
const fingerprint = decodeURIComponent(deviceDeleteMatch[1]);
|
|
201
216
|
const result = await handleDeleteDevice(tenantId, fingerprint, ddb, TABLE_NAME);
|
|
202
217
|
return response(result.statusCode, result.body, result.headers);
|
|
203
218
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../../../lib/handler/middleware/rate-limit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAiB,MAAM,uBAAuB,CAAC;AAE9E,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAWD,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,
|
|
1
|
+
{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../../../lib/handler/middleware/rate-limit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAiB,MAAM,uBAAuB,CAAC;AAE9E,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAWD,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAoC1B;AAaD;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,EACjB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,CAAC,CAkC1B;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAQhF"}
|
|
@@ -22,15 +22,14 @@ async function checkRateLimit(tenantId, operation, ddb, tableName) {
|
|
|
22
22
|
PK: `RATE#${tenantId}`,
|
|
23
23
|
SK: `${operation}#${windowKey}`,
|
|
24
24
|
},
|
|
25
|
-
UpdateExpression: 'SET #count = if_not_exists(#count, :zero) + :one,
|
|
25
|
+
UpdateExpression: 'SET #count = if_not_exists(#count, :zero) + :one, expiresAt = :expiresAt',
|
|
26
26
|
ExpressionAttributeNames: {
|
|
27
27
|
'#count': 'count',
|
|
28
|
-
'#ttl': 'ttl',
|
|
29
28
|
},
|
|
30
29
|
ExpressionAttributeValues: {
|
|
31
30
|
':zero': 0,
|
|
32
31
|
':one': 1,
|
|
33
|
-
':
|
|
32
|
+
':expiresAt': ttl,
|
|
34
33
|
},
|
|
35
34
|
ReturnValues: 'UPDATED_NEW',
|
|
36
35
|
}));
|
|
@@ -46,12 +45,18 @@ async function checkRateLimit(tenantId, operation, ddb, tableName) {
|
|
|
46
45
|
// Per-IP window sizes: LINK_CONFIRM uses 5-second windows, others use 1-second
|
|
47
46
|
const IP_WINDOW_SECONDS = {
|
|
48
47
|
LINK_CONFIRM: 5,
|
|
48
|
+
REGISTER_GITHUB: 60,
|
|
49
|
+
};
|
|
50
|
+
// Per-IP limits: override the default of 1 per window
|
|
51
|
+
const IP_LIMITS = {
|
|
52
|
+
REGISTER_GITHUB: 5,
|
|
49
53
|
};
|
|
50
54
|
/**
|
|
51
55
|
* Rate limit by source IP for unauthenticated endpoints (registration, contact).
|
|
52
56
|
* Default: 1 request per second per IP. LINK_CONFIRM: 1 request per 5 seconds.
|
|
53
57
|
*/
|
|
54
|
-
async function checkIpRateLimit(sourceIp, operation, ddb, tableName, limit
|
|
58
|
+
async function checkIpRateLimit(sourceIp, operation, ddb, tableName, limit) {
|
|
59
|
+
const effectiveLimit = limit ?? IP_LIMITS[operation] ?? 1;
|
|
55
60
|
const now = Math.floor(Date.now() / 1000);
|
|
56
61
|
const windowSec = IP_WINDOW_SECONDS[operation] ?? 1;
|
|
57
62
|
const windowKey = Math.floor(now / windowSec);
|
|
@@ -62,25 +67,24 @@ async function checkIpRateLimit(sourceIp, operation, ddb, tableName, limit = 1)
|
|
|
62
67
|
PK: `RATE#IP#${sourceIp}`,
|
|
63
68
|
SK: `${operation}#${windowKey}`,
|
|
64
69
|
},
|
|
65
|
-
UpdateExpression: 'SET #count = if_not_exists(#count, :zero) + :one,
|
|
70
|
+
UpdateExpression: 'SET #count = if_not_exists(#count, :zero) + :one, expiresAt = :expiresAt',
|
|
66
71
|
ExpressionAttributeNames: {
|
|
67
72
|
'#count': 'count',
|
|
68
|
-
'#ttl': 'ttl',
|
|
69
73
|
},
|
|
70
74
|
ExpressionAttributeValues: {
|
|
71
75
|
':zero': 0,
|
|
72
76
|
':one': 1,
|
|
73
|
-
':
|
|
77
|
+
':expiresAt': ttl,
|
|
74
78
|
},
|
|
75
79
|
ReturnValues: 'UPDATED_NEW',
|
|
76
80
|
}));
|
|
77
81
|
const currentCount = result.Attributes?.['count'] ?? 1;
|
|
78
|
-
if (currentCount >
|
|
82
|
+
if (currentCount > effectiveLimit) {
|
|
79
83
|
const windowEnd = (windowKey + 1) * windowSec;
|
|
80
84
|
const retryAfter = Math.max(1, windowEnd - now);
|
|
81
85
|
return { allowed: false, remaining: 0, retryAfter };
|
|
82
86
|
}
|
|
83
|
-
return { allowed: true, remaining: Math.max(0,
|
|
87
|
+
return { allowed: true, remaining: Math.max(0, effectiveLimit - currentCount) };
|
|
84
88
|
}
|
|
85
89
|
function rateLimitHeaders(result) {
|
|
86
90
|
const headers = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../../../../lib/handler/middleware/rate-limit.ts"],"names":[],"mappings":";;AAiBA,
|
|
1
|
+
{"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../../../../lib/handler/middleware/rate-limit.ts"],"names":[],"mappings":";;AAiBA,wCAyCC;AAiBD,4CAwCC;AAED,4CAQC;AA7HD,wDAA8E;AAQ9E,MAAM,MAAM,GAA2B;IACrC,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,IAAI;IACT,MAAM,EAAE,GAAG;IACX,IAAI,EAAE,GAAG;CACV,CAAC;AAEF,MAAM,cAAc,GAAG,EAAE,CAAC;AAEnB,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,SAAiB,EACjB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,GAAG,CAAC;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,cAAc,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,SAAS,GAAG,cAAc,GAAG,cAAc,GAAG,GAAG,CAAC,CAAC,wBAAwB;IAEvF,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,4BAAa,CAAC;QAChB,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,QAAQ,QAAQ,EAAE;YACtB,EAAE,EAAE,GAAG,SAAS,IAAI,SAAS,EAAE;SAChC;QACD,gBAAgB,EAAE,0EAA0E;QAC5F,wBAAwB,EAAE;YACxB,QAAQ,EAAE,OAAO;SAClB;QACD,yBAAyB,EAAE;YACzB,OAAO,EAAE,CAAC;YACV,MAAM,EAAE,CAAC;YACT,YAAY,EAAE,GAAG;SAClB;QACD,YAAY,EAAE,aAAa;KAC5B,CAAC,CACH,CAAC;IAEF,MAAM,YAAY,GAAI,MAAM,CAAC,UAAU,EAAE,CAAC,OAAO,CAAY,IAAI,CAAC,CAAC;IACnE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,YAAY,CAAC,CAAC;IAEpD,IAAI,YAAY,GAAG,KAAK,EAAE,CAAC;QACzB,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,CAAC,CAAC,GAAG,cAAc,CAAC;QACnD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,GAAG,CAAC,CAAC;QAChD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;IACtD,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;AACtC,CAAC;AAED,+EAA+E;AAC/E,MAAM,iBAAiB,GAA2B;IAChD,YAAY,EAAE,CAAC;IACf,eAAe,EAAE,EAAE;CACpB,CAAC;AAEF,sDAAsD;AACtD,MAAM,SAAS,GAA2B;IACxC,eAAe,EAAE,CAAC;CACnB,CAAC;AAEF;;;GAGG;AACI,KAAK,UAAU,gBAAgB,CACpC,QAAgB,EAChB,SAAiB,EACjB,GAA2B,EAC3B,SAAiB,EACjB,KAAc;IAEd,MAAM,cAAc,GAAG,KAAK,IAAI,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,SAAS,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IAEtB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,4BAAa,CAAC;QAChB,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,WAAW,QAAQ,EAAE;YACzB,EAAE,EAAE,GAAG,SAAS,IAAI,SAAS,EAAE;SAChC;QACD,gBAAgB,EAAE,0EAA0E;QAC5F,wBAAwB,EAAE;YACxB,QAAQ,EAAE,OAAO;SAClB;QACD,yBAAyB,EAAE;YACzB,OAAO,EAAE,CAAC;YACV,MAAM,EAAE,CAAC;YACT,YAAY,EAAE,GAAG;SAClB;QACD,YAAY,EAAE,aAAa;KAC5B,CAAC,CACH,CAAC;IAEF,MAAM,YAAY,GAAI,MAAM,CAAC,UAAU,EAAE,CAAC,OAAO,CAAY,IAAI,CAAC,CAAC;IACnE,IAAI,YAAY,GAAG,cAAc,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,CAAC,SAAS,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC;QAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,GAAG,CAAC,CAAC;QAChD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC;IACtD,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,cAAc,GAAG,YAAY,CAAC,EAAE,CAAC;AAClF,CAAC;AAED,SAAgB,gBAAgB,CAAC,MAAuB;IACtD,MAAM,OAAO,GAA2B;QACtC,uBAAuB,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;KAClD,CAAC;IACF,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACvD,OAAO,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -33,15 +33,14 @@ export async function checkRateLimit(
|
|
|
33
33
|
PK: `RATE#${tenantId}`,
|
|
34
34
|
SK: `${operation}#${windowKey}`,
|
|
35
35
|
},
|
|
36
|
-
UpdateExpression: 'SET #count = if_not_exists(#count, :zero) + :one,
|
|
36
|
+
UpdateExpression: 'SET #count = if_not_exists(#count, :zero) + :one, expiresAt = :expiresAt',
|
|
37
37
|
ExpressionAttributeNames: {
|
|
38
38
|
'#count': 'count',
|
|
39
|
-
'#ttl': 'ttl',
|
|
40
39
|
},
|
|
41
40
|
ExpressionAttributeValues: {
|
|
42
41
|
':zero': 0,
|
|
43
42
|
':one': 1,
|
|
44
|
-
':
|
|
43
|
+
':expiresAt': ttl,
|
|
45
44
|
},
|
|
46
45
|
ReturnValues: 'UPDATED_NEW',
|
|
47
46
|
}),
|
|
@@ -62,6 +61,12 @@ export async function checkRateLimit(
|
|
|
62
61
|
// Per-IP window sizes: LINK_CONFIRM uses 5-second windows, others use 1-second
|
|
63
62
|
const IP_WINDOW_SECONDS: Record<string, number> = {
|
|
64
63
|
LINK_CONFIRM: 5,
|
|
64
|
+
REGISTER_GITHUB: 60,
|
|
65
|
+
};
|
|
66
|
+
|
|
67
|
+
// Per-IP limits: override the default of 1 per window
|
|
68
|
+
const IP_LIMITS: Record<string, number> = {
|
|
69
|
+
REGISTER_GITHUB: 5,
|
|
65
70
|
};
|
|
66
71
|
|
|
67
72
|
/**
|
|
@@ -73,8 +78,9 @@ export async function checkIpRateLimit(
|
|
|
73
78
|
operation: string,
|
|
74
79
|
ddb: DynamoDBDocumentClient,
|
|
75
80
|
tableName: string,
|
|
76
|
-
limit
|
|
81
|
+
limit?: number,
|
|
77
82
|
): Promise<RateLimitResult> {
|
|
83
|
+
const effectiveLimit = limit ?? IP_LIMITS[operation] ?? 1;
|
|
78
84
|
const now = Math.floor(Date.now() / 1000);
|
|
79
85
|
const windowSec = IP_WINDOW_SECONDS[operation] ?? 1;
|
|
80
86
|
const windowKey = Math.floor(now / windowSec);
|
|
@@ -87,27 +93,26 @@ export async function checkIpRateLimit(
|
|
|
87
93
|
PK: `RATE#IP#${sourceIp}`,
|
|
88
94
|
SK: `${operation}#${windowKey}`,
|
|
89
95
|
},
|
|
90
|
-
UpdateExpression: 'SET #count = if_not_exists(#count, :zero) + :one,
|
|
96
|
+
UpdateExpression: 'SET #count = if_not_exists(#count, :zero) + :one, expiresAt = :expiresAt',
|
|
91
97
|
ExpressionAttributeNames: {
|
|
92
98
|
'#count': 'count',
|
|
93
|
-
'#ttl': 'ttl',
|
|
94
99
|
},
|
|
95
100
|
ExpressionAttributeValues: {
|
|
96
101
|
':zero': 0,
|
|
97
102
|
':one': 1,
|
|
98
|
-
':
|
|
103
|
+
':expiresAt': ttl,
|
|
99
104
|
},
|
|
100
105
|
ReturnValues: 'UPDATED_NEW',
|
|
101
106
|
}),
|
|
102
107
|
);
|
|
103
108
|
|
|
104
109
|
const currentCount = (result.Attributes?.['count'] as number) ?? 1;
|
|
105
|
-
if (currentCount >
|
|
110
|
+
if (currentCount > effectiveLimit) {
|
|
106
111
|
const windowEnd = (windowKey + 1) * windowSec;
|
|
107
112
|
const retryAfter = Math.max(1, windowEnd - now);
|
|
108
113
|
return { allowed: false, remaining: 0, retryAfter };
|
|
109
114
|
}
|
|
110
|
-
return { allowed: true, remaining: Math.max(0,
|
|
115
|
+
return { allowed: true, remaining: Math.max(0, effectiveLimit - currentCount) };
|
|
111
116
|
}
|
|
112
117
|
|
|
113
118
|
export function rateLimitHeaders(result: RateLimitResult): Record<string, string> {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh-auth.d.ts","sourceRoot":"","sources":["../../../../lib/handler/middleware/ssh-auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAA+B,MAAM,uBAAuB,CAAC;AAG5F,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,SAAU,SAAQ,KAAK;aAGhB,UAAU,EAAE,MAAM;gBADlC,OAAO,EAAE,MAAM,EACC,UAAU,EAAE,MAAM;CAKrC;AAED,UAAU,gBAAgB;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAKD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,gBAAgB,CA4BlF;AA6BD,uEAAuE;AACvE,wBAAgB,wBAAwB,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAExE;AAED,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAWvD;AAED,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,GACnB,MAAM,CAKR;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CAqCf;AAED,wBAAgB,sBAAsB,CACpC,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,GACtB,OAAO,CAqBT;AAOD,wBAAsB,mBAAmB,CACvC,KAAK,EAAE;IACL,cAAc,EAAE;QAAE,IAAI,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC;IAC3D,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,EACD,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,UAAU,CAAC,
|
|
1
|
+
{"version":3,"file":"ssh-auth.d.ts","sourceRoot":"","sources":["../../../../lib/handler/middleware/ssh-auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAA+B,MAAM,uBAAuB,CAAC;AAG5F,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,SAAU,SAAQ,KAAK;aAGhB,UAAU,EAAE,MAAM;gBADlC,OAAO,EAAE,MAAM,EACC,UAAU,EAAE,MAAM;CAKrC;AAED,UAAU,gBAAgB;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAKD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,gBAAgB,CA4BlF;AA6BD,uEAAuE;AACvE,wBAAgB,wBAAwB,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAExE;AAED,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAWvD;AAED,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,GACnB,MAAM,CAKR;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CAqCf;AAED,wBAAgB,sBAAsB,CACpC,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,GACtB,OAAO,CAqBT;AAOD,wBAAsB,mBAAmB,CACvC,KAAK,EAAE;IACL,cAAc,EAAE;QAAE,IAAI,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC;IAC3D,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,EACD,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,UAAU,CAAC,CA8HrB"}
|
|
@@ -211,12 +211,72 @@ async function authenticateRequest(event, ddb, tableName) {
|
|
|
211
211
|
},
|
|
212
212
|
Limit: 1,
|
|
213
213
|
}));
|
|
214
|
+
let resolvedTenantId = tenantId;
|
|
214
215
|
if (!result.Items || result.Items.length === 0) {
|
|
215
|
-
|
|
216
|
+
// Primary tenant lookup failed — check if this key is a rotation newPublicKey.
|
|
217
|
+
// rotate-start writes a KEY_ALIAS# record that maps the new key's derived tenantId
|
|
218
|
+
// back to the original tenant during rotation.
|
|
219
|
+
const aliasResult = await ddb.send(new lib_dynamodb_1.QueryCommand({
|
|
220
|
+
TableName: tableName,
|
|
221
|
+
KeyConditionExpression: 'PK = :pk AND SK = :sk',
|
|
222
|
+
ExpressionAttributeValues: {
|
|
223
|
+
':pk': `KEY_ALIAS#${tenantId}`,
|
|
224
|
+
':sk': 'META',
|
|
225
|
+
},
|
|
226
|
+
Limit: 1,
|
|
227
|
+
}));
|
|
228
|
+
if (!aliasResult.Items || aliasResult.Items.length === 0) {
|
|
229
|
+
// Perform a dummy signature verification to equalize timing
|
|
230
|
+
const dummyKey = Buffer.alloc(32, 0x01).toString('base64');
|
|
231
|
+
try {
|
|
232
|
+
verifyEd25519Signature(dummyKey, 'dummy', 'dummy');
|
|
233
|
+
}
|
|
234
|
+
catch {
|
|
235
|
+
// Expected to fail — timing equalization only
|
|
236
|
+
}
|
|
237
|
+
throw new AuthError('Unknown public key', 401);
|
|
238
|
+
}
|
|
239
|
+
// Resolve to the original tenant
|
|
240
|
+
resolvedTenantId = aliasResult.Items[0]['originalTenantId'];
|
|
241
|
+
// Re-fetch the original tenant META
|
|
242
|
+
const originalResult = await ddb.send(new lib_dynamodb_1.QueryCommand({
|
|
243
|
+
TableName: tableName,
|
|
244
|
+
KeyConditionExpression: 'PK = :pk AND SK = :sk',
|
|
245
|
+
ExpressionAttributeValues: {
|
|
246
|
+
':pk': `TENANT#${resolvedTenantId}`,
|
|
247
|
+
':sk': 'META',
|
|
248
|
+
},
|
|
249
|
+
Limit: 1,
|
|
250
|
+
}));
|
|
251
|
+
if (!originalResult.Items || originalResult.Items.length === 0) {
|
|
252
|
+
throw new AuthError('Unknown public key', 401);
|
|
253
|
+
}
|
|
254
|
+
const originalTenant = originalResult.Items[0];
|
|
255
|
+
const newPk = originalTenant['newPublicKey'];
|
|
256
|
+
if (!newPk || originalTenant['rotationState'] !== 'ROTATION_STARTED') {
|
|
257
|
+
throw new AuthError('Unknown public key', 401);
|
|
258
|
+
}
|
|
259
|
+
const storedNewKey = Buffer.from(newPk);
|
|
260
|
+
const suppliedKey = Buffer.from(publicKey);
|
|
261
|
+
if (suppliedKey.length !== storedNewKey.length || !crypto.timingSafeEqual(suppliedKey, storedNewKey)) {
|
|
262
|
+
throw new AuthError('Public key mismatch', 401);
|
|
263
|
+
}
|
|
216
264
|
}
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
265
|
+
else {
|
|
266
|
+
const tenant = result.Items[0];
|
|
267
|
+
const storedKey = Buffer.from(tenant['publicKey']);
|
|
268
|
+
const suppliedKey = Buffer.from(publicKey);
|
|
269
|
+
if (storedKey.length !== suppliedKey.length || !crypto.timingSafeEqual(storedKey, suppliedKey)) {
|
|
270
|
+
// Primary key doesn't match — check if this key is the newPublicKey during rotation
|
|
271
|
+
const newPk = tenant['newPublicKey'];
|
|
272
|
+
if (!newPk || tenant['rotationState'] !== 'ROTATION_STARTED') {
|
|
273
|
+
throw new AuthError('Public key mismatch', 401);
|
|
274
|
+
}
|
|
275
|
+
const storedNewKey = Buffer.from(newPk);
|
|
276
|
+
if (suppliedKey.length !== storedNewKey.length || !crypto.timingSafeEqual(suppliedKey, storedNewKey)) {
|
|
277
|
+
throw new AuthError('Public key mismatch', 401);
|
|
278
|
+
}
|
|
279
|
+
}
|
|
220
280
|
}
|
|
221
281
|
// Verify the SSH signature against the canonical string (includes sequence)
|
|
222
282
|
const canonicalString = buildCanonicalString(event.requestContext.http.method, event.requestContext.http.path, parsed.timestamp, parsed.sequence, event.body);
|
|
@@ -227,9 +287,9 @@ async function authenticateRequest(event, ddb, tableName) {
|
|
|
227
287
|
}
|
|
228
288
|
// Check sequence number for replay protection (after signature verification)
|
|
229
289
|
if (parsed.sequence > 0) {
|
|
230
|
-
await checkSequence(ddb, tableName,
|
|
290
|
+
await checkSequence(ddb, tableName, resolvedTenantId, fingerprint, parsed.sequence);
|
|
231
291
|
}
|
|
232
|
-
return { tenantId, publicKey, fingerprint };
|
|
292
|
+
return { tenantId: resolvedTenantId, publicKey, fingerprint };
|
|
233
293
|
}
|
|
234
294
|
/**
|
|
235
295
|
* Extract the public key from request headers.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh-auth.js","sourceRoot":"","sources":["../../../../lib/handler/middleware/ssh-auth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCA,4CA4BC;AA8BD,4DAEC;AAED,0CAWC;AAED,oDAWC;AAQD,sCA2CC;AAED,wDAyBC;AAOD,
|
|
1
|
+
{"version":3,"file":"ssh-auth.js","sourceRoot":"","sources":["../../../../lib/handler/middleware/ssh-auth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCA,4CA4BC;AA8BD,4DAEC;AAED,0CAWC;AAED,oDAWC;AAQD,sCA2CC;AAED,wDAyBC;AAOD,kDAsIC;AAtVD,+CAAiC;AACjC,wDAA4F;AAC5F,4CAAsC;AAQtC,MAAa,SAAU,SAAQ,KAAK;IAGhB;IAFlB,YACE,OAAe,EACC,UAAkB;QAElC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,eAAU,GAAV,UAAU,CAAQ;QAGlC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AARD,8BAQC;AAQD,uFAAuF;AACvF,MAAM,sBAAsB,GAAG,EAAE,GAAG,IAAI,CAAC;AAEzC;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAAC,OAA+B;IAC9D,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IACxE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC7C,yCAAyC;QACzC,IAAI,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC1C,OAAO,qBAAqB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAC5D,MAAM,SAAS,GAAG,OAAO,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACnF,MAAM,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnF,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,SAAS,CAAC,gDAAgD,EAAE,GAAG,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,SAAS,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC5C,CAAC;AAED,mEAAmE;AACnE,SAAS,qBAAqB,CAC5B,MAAc,EACd,OAA+B;IAE/B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACnD,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAC7B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,SAAS,CAAC,uCAAuC,EAAE,GAAG,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnF,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC;QACvB,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;KACtD,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,SAAgB,wBAAwB,CAAC,eAAuB;IAC9D,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACrG,CAAC;AAED,SAAgB,eAAe,CAAC,SAAiB;IAC/C,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IAClD,IAAI,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,SAAS,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,WAAW,CAAC,CAAC;IACzC,IAAI,IAAI,GAAG,sBAAsB,EAAE,CAAC;QAClC,MAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAgB,oBAAoB,CAClC,MAAc,EACd,IAAY,EACZ,SAAiB,EACjB,QAAgB,EAChB,IAAoB;IAEpB,MAAM,QAAQ,GAAG,IAAI;QACnB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC;IACP,OAAO,iBAAiB,MAAM,IAAI,IAAI,KAAK,SAAS,KAAK,QAAQ,KAAK,QAAQ,EAAE,CAAC;AACnF,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,aAAa,CACjC,GAA2B,EAC3B,SAAiB,EACjB,QAAgB,EAChB,WAAmB,EACnB,QAAgB;IAEhB,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,SAAS,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;YAChB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE;gBACH,EAAE,EAAE,UAAU,QAAQ,EAAE;gBACxB,EAAE,EAAE,YAAY,WAAW,EAAE;aAC9B;YACD,gBAAgB,EAAE,uBAAuB;YACzC,mBAAmB,EACjB,uDAAuD;YACzD,yBAAyB,EAAE;gBACzB,MAAM,EAAE,QAAQ;aACjB;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IACE,KAAK;YACL,OAAO,KAAK,KAAK,QAAQ;YACzB,MAAM,IAAI,KAAK;YACf,KAAK,CAAC,IAAI,KAAK,iCAAiC,EAChD,CAAC;YACD,kBAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;gBAC3D,QAAQ;gBACR,WAAW;gBACX,QAAQ;aACT,CAAC,CAAC;YACH,MAAM,IAAI,SAAS,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QAC5E,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,sBAAsB,CACpC,eAAuB,EACvB,eAAuB,EACvB,eAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QAC/D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QAC/D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE1C,kDAAkD;QAClD,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC;YACvC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC;gBACjB,8CAA8C;gBAC9C,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC;gBAC9C,eAAe;aAChB,CAAC;YACF,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,eAAuB;IACpD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/E,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC3B,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,KAIC,EACD,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/C,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAElC,yDAAyD;IACzD,6FAA6F;IAC7F,gEAAgE;IAChE,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAExD,gDAAgD;IAChD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,2BAAY,CAAC;QACf,SAAS,EAAE,SAAS;QACpB,sBAAsB,EAAE,uBAAuB;QAC/C,yBAAyB,EAAE;YACzB,KAAK,EAAE,UAAU,QAAQ,EAAE;YAC3B,KAAK,EAAE,MAAM;SACd;QACD,KAAK,EAAE,CAAC;KACT,CAAC,CACH,CAAC;IAEF,IAAI,gBAAgB,GAAG,QAAQ,CAAC;IAEhC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/C,+EAA+E;QAC/E,mFAAmF;QACnF,+CAA+C;QAC/C,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,IAAI,CAChC,IAAI,2BAAY,CAAC;YACf,SAAS,EAAE,SAAS;YACpB,sBAAsB,EAAE,uBAAuB;YAC/C,yBAAyB,EAAE;gBACzB,KAAK,EAAE,aAAa,QAAQ,EAAE;gBAC9B,KAAK,EAAE,MAAM;aACd;YACD,KAAK,EAAE,CAAC;SACT,CAAC,CACH,CAAC;QAEF,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzD,4DAA4D;YAC5D,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC3D,IAAI,CAAC;gBACH,sBAAsB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YACrD,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;YAChD,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QAED,iCAAiC;QACjC,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAW,CAAC;QAEtE,oCAAoC;QACpC,MAAM,cAAc,GAAG,MAAM,GAAG,CAAC,IAAI,CACnC,IAAI,2BAAY,CAAC;YACf,SAAS,EAAE,SAAS;YACpB,sBAAsB,EAAE,uBAAuB;YAC/C,yBAAyB,EAAE;gBACzB,KAAK,EAAE,UAAU,gBAAgB,EAAE;gBACnC,KAAK,EAAE,MAAM;aACd;YACD,KAAK,EAAE,CAAC;SACT,CAAC,CACH,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,KAAK,IAAI,cAAc,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/D,MAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,cAAc,CAAC,cAAc,CAAuB,CAAC;QACnE,IAAI,CAAC,KAAK,IAAI,cAAc,CAAC,eAAe,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACrE,MAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;YACrG,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAW,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,SAAS,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,SAAS,EAAE,WAAW,CAAC,EAAE,CAAC;YAC/F,oFAAoF;YACpF,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,CAAuB,CAAC;YAC3D,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,eAAe,CAAC,KAAK,kBAAkB,EAAE,CAAC;gBAC7D,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;YAClD,CAAC;YACD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxC,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;gBACrG,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,MAAM,eAAe,GAAG,oBAAoB,CAC1C,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAChC,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAC9B,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,QAAQ,EACf,KAAK,CAAC,IAAI,CACX,CAAC;IAEF,MAAM,KAAK,GAAG,sBAAsB,CAClC,SAAS,EACT,eAAe,EACf,MAAM,CAAC,SAAS,CACjB,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,kBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,SAAS,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC;IAED,6EAA6E;IAC7E,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtF,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;AAChE,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,OAA+B;IACvD,oBAAoB;IACpB,MAAM,YAAY,GAAG,OAAO,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACtF,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IAEtC,yDAAyD;IACzD,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IACxE,IAAI,UAAU,EAAE,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QACvD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,OAAO,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1D,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,IAAI,SAAS,CAAC,uCAAuC,EAAE,GAAG,CAAC,CAAC;AACpE,CAAC"}
|
|
@@ -238,13 +238,80 @@ export async function authenticateRequest(
|
|
|
238
238
|
}),
|
|
239
239
|
);
|
|
240
240
|
|
|
241
|
+
let resolvedTenantId = tenantId;
|
|
242
|
+
|
|
241
243
|
if (!result.Items || result.Items.length === 0) {
|
|
242
|
-
|
|
243
|
-
|
|
244
|
+
// Primary tenant lookup failed — check if this key is a rotation newPublicKey.
|
|
245
|
+
// rotate-start writes a KEY_ALIAS# record that maps the new key's derived tenantId
|
|
246
|
+
// back to the original tenant during rotation.
|
|
247
|
+
const aliasResult = await ddb.send(
|
|
248
|
+
new QueryCommand({
|
|
249
|
+
TableName: tableName,
|
|
250
|
+
KeyConditionExpression: 'PK = :pk AND SK = :sk',
|
|
251
|
+
ExpressionAttributeValues: {
|
|
252
|
+
':pk': `KEY_ALIAS#${tenantId}`,
|
|
253
|
+
':sk': 'META',
|
|
254
|
+
},
|
|
255
|
+
Limit: 1,
|
|
256
|
+
}),
|
|
257
|
+
);
|
|
258
|
+
|
|
259
|
+
if (!aliasResult.Items || aliasResult.Items.length === 0) {
|
|
260
|
+
// Perform a dummy signature verification to equalize timing
|
|
261
|
+
const dummyKey = Buffer.alloc(32, 0x01).toString('base64');
|
|
262
|
+
try {
|
|
263
|
+
verifyEd25519Signature(dummyKey, 'dummy', 'dummy');
|
|
264
|
+
} catch {
|
|
265
|
+
// Expected to fail — timing equalization only
|
|
266
|
+
}
|
|
267
|
+
throw new AuthError('Unknown public key', 401);
|
|
268
|
+
}
|
|
269
|
+
|
|
270
|
+
// Resolve to the original tenant
|
|
271
|
+
resolvedTenantId = aliasResult.Items[0]['originalTenantId'] as string;
|
|
272
|
+
|
|
273
|
+
// Re-fetch the original tenant META
|
|
274
|
+
const originalResult = await ddb.send(
|
|
275
|
+
new QueryCommand({
|
|
276
|
+
TableName: tableName,
|
|
277
|
+
KeyConditionExpression: 'PK = :pk AND SK = :sk',
|
|
278
|
+
ExpressionAttributeValues: {
|
|
279
|
+
':pk': `TENANT#${resolvedTenantId}`,
|
|
280
|
+
':sk': 'META',
|
|
281
|
+
},
|
|
282
|
+
Limit: 1,
|
|
283
|
+
}),
|
|
284
|
+
);
|
|
285
|
+
|
|
286
|
+
if (!originalResult.Items || originalResult.Items.length === 0) {
|
|
287
|
+
throw new AuthError('Unknown public key', 401);
|
|
288
|
+
}
|
|
244
289
|
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
290
|
+
const originalTenant = originalResult.Items[0];
|
|
291
|
+
const newPk = originalTenant['newPublicKey'] as string | undefined;
|
|
292
|
+
if (!newPk || originalTenant['rotationState'] !== 'ROTATION_STARTED') {
|
|
293
|
+
throw new AuthError('Unknown public key', 401);
|
|
294
|
+
}
|
|
295
|
+
const storedNewKey = Buffer.from(newPk);
|
|
296
|
+
const suppliedKey = Buffer.from(publicKey);
|
|
297
|
+
if (suppliedKey.length !== storedNewKey.length || !crypto.timingSafeEqual(suppliedKey, storedNewKey)) {
|
|
298
|
+
throw new AuthError('Public key mismatch', 401);
|
|
299
|
+
}
|
|
300
|
+
} else {
|
|
301
|
+
const tenant = result.Items[0];
|
|
302
|
+
const storedKey = Buffer.from(tenant['publicKey'] as string);
|
|
303
|
+
const suppliedKey = Buffer.from(publicKey);
|
|
304
|
+
if (storedKey.length !== suppliedKey.length || !crypto.timingSafeEqual(storedKey, suppliedKey)) {
|
|
305
|
+
// Primary key doesn't match — check if this key is the newPublicKey during rotation
|
|
306
|
+
const newPk = tenant['newPublicKey'] as string | undefined;
|
|
307
|
+
if (!newPk || tenant['rotationState'] !== 'ROTATION_STARTED') {
|
|
308
|
+
throw new AuthError('Public key mismatch', 401);
|
|
309
|
+
}
|
|
310
|
+
const storedNewKey = Buffer.from(newPk);
|
|
311
|
+
if (suppliedKey.length !== storedNewKey.length || !crypto.timingSafeEqual(suppliedKey, storedNewKey)) {
|
|
312
|
+
throw new AuthError('Public key mismatch', 401);
|
|
313
|
+
}
|
|
314
|
+
}
|
|
248
315
|
}
|
|
249
316
|
|
|
250
317
|
// Verify the SSH signature against the canonical string (includes sequence)
|
|
@@ -269,10 +336,10 @@ export async function authenticateRequest(
|
|
|
269
336
|
|
|
270
337
|
// Check sequence number for replay protection (after signature verification)
|
|
271
338
|
if (parsed.sequence > 0) {
|
|
272
|
-
await checkSequence(ddb, tableName,
|
|
339
|
+
await checkSequence(ddb, tableName, resolvedTenantId, fingerprint, parsed.sequence);
|
|
273
340
|
}
|
|
274
341
|
|
|
275
|
-
return { tenantId, publicKey, fingerprint };
|
|
342
|
+
return { tenantId: resolvedTenantId, publicKey, fingerprint };
|
|
276
343
|
}
|
|
277
344
|
|
|
278
345
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../../lib/handler/routes/audit.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,sCA8BC;AAKD,8CA6BC;AApGD,+CAAiC;AACjC,wDAI+B;AAC/B,4CAAsC;AAuBtC,MAAM,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAE9C;;;;GAIG;AACI,KAAK,UAAU,aAAa,CACjC,GAA2B,EAC3B,SAAiB,EACjB,QAAgB,EAChB,KAAiB;IAEjB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,mBAAmB,CAAC;IAEhE,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE;YACJ,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,SAAS,GAAG,IAAI,MAAM,EAAE;YAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,GAAG;YACd,GAAG;
|
|
1
|
+
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../../../lib/handler/routes/audit.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,sCA8BC;AAKD,8CA6BC;AApGD,+CAAiC;AACjC,wDAI+B;AAC/B,4CAAsC;AAuBtC,MAAM,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAE9C;;;;GAIG;AACI,KAAK,UAAU,aAAa,CACjC,GAA2B,EAC3B,SAAiB,EACjB,QAAgB,EAChB,KAAiB;IAEjB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,mBAAmB,CAAC;IAEhE,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE;YACJ,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,SAAS,GAAG,IAAI,MAAM,EAAE;YAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;SACf;KACF,CAAC,CACH,CAAC;IAEF,kBAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE;QAChC,QAAQ;QACR,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;KAC/B,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iBAAiB,CACrC,QAAgB,EAChB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,2BAAY,CAAC;QACf,SAAS,EAAE,SAAS;QACpB,sBAAsB,EAAE,uCAAuC;QAC/D,yBAAyB,EAAE;YACzB,KAAK,EAAE,UAAU,QAAQ,EAAE;YAC3B,SAAS,EAAE,QAAQ;SACpB;QACD,gBAAgB,EAAE,IAAI;KACvB,CAAC,CACH,CAAC;IAEF,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACjD,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC;QAC5B,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC;QAChC,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAC;QAC1B,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC;KAC7B,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC;AACJ,CAAC"}
|