@dominusnode/mcp-server 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +303 -0
- package/dist/src/config.d.ts +15 -0
- package/dist/src/config.d.ts.map +1 -0
- package/dist/src/config.js +111 -0
- package/dist/src/config.js.map +1 -0
- package/dist/src/http-client.d.ts +23 -0
- package/dist/src/http-client.d.ts.map +1 -0
- package/dist/src/http-client.js +241 -0
- package/dist/src/http-client.js.map +1 -0
- package/dist/src/index.d.ts +3 -0
- package/dist/src/index.d.ts.map +1 -0
- package/dist/src/index.js +160 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/proxy-fetch.d.ts +23 -0
- package/dist/src/proxy-fetch.d.ts.map +1 -0
- package/dist/src/proxy-fetch.js +549 -0
- package/dist/src/proxy-fetch.js.map +1 -0
- package/dist/src/token-manager.d.ts +18 -0
- package/dist/src/token-manager.d.ts.map +1 -0
- package/dist/src/token-manager.js +192 -0
- package/dist/src/token-manager.js.map +1 -0
- package/dist/src/tools/account.d.ts +6 -0
- package/dist/src/tools/account.d.ts.map +1 -0
- package/dist/src/tools/account.js +329 -0
- package/dist/src/tools/account.js.map +1 -0
- package/dist/src/tools/agent-wallet.d.ts +5 -0
- package/dist/src/tools/agent-wallet.d.ts.map +1 -0
- package/dist/src/tools/agent-wallet.js +355 -0
- package/dist/src/tools/agent-wallet.js.map +1 -0
- package/dist/src/tools/crypto.d.ts +4 -0
- package/dist/src/tools/crypto.d.ts.map +1 -0
- package/dist/src/tools/crypto.js +102 -0
- package/dist/src/tools/crypto.js.map +1 -0
- package/dist/src/tools/fetch.d.ts +4 -0
- package/dist/src/tools/fetch.d.ts.map +1 -0
- package/dist/src/tools/fetch.js +73 -0
- package/dist/src/tools/fetch.js.map +1 -0
- package/dist/src/tools/keys.d.ts +4 -0
- package/dist/src/tools/keys.d.ts.map +1 -0
- package/dist/src/tools/keys.js +88 -0
- package/dist/src/tools/keys.js.map +1 -0
- package/dist/src/tools/paypal.d.ts +4 -0
- package/dist/src/tools/paypal.d.ts.map +1 -0
- package/dist/src/tools/paypal.js +50 -0
- package/dist/src/tools/paypal.js.map +1 -0
- package/dist/src/tools/plans.d.ts +4 -0
- package/dist/src/tools/plans.d.ts.map +1 -0
- package/dist/src/tools/plans.js +48 -0
- package/dist/src/tools/plans.js.map +1 -0
- package/dist/src/tools/proxy.d.ts +4 -0
- package/dist/src/tools/proxy.d.ts.map +1 -0
- package/dist/src/tools/proxy.js +51 -0
- package/dist/src/tools/proxy.js.map +1 -0
- package/dist/src/tools/sessions.d.ts +4 -0
- package/dist/src/tools/sessions.d.ts.map +1 -0
- package/dist/src/tools/sessions.js +21 -0
- package/dist/src/tools/sessions.js.map +1 -0
- package/dist/src/tools/slots.d.ts +4 -0
- package/dist/src/tools/slots.d.ts.map +1 -0
- package/dist/src/tools/slots.js +61 -0
- package/dist/src/tools/slots.js.map +1 -0
- package/dist/src/tools/teams.d.ts +4 -0
- package/dist/src/tools/teams.d.ts.map +1 -0
- package/dist/src/tools/teams.js +520 -0
- package/dist/src/tools/teams.js.map +1 -0
- package/dist/src/tools/usage.d.ts +4 -0
- package/dist/src/tools/usage.d.ts.map +1 -0
- package/dist/src/tools/usage.js +79 -0
- package/dist/src/tools/usage.js.map +1 -0
- package/dist/src/tools/wallet-auth.d.ts +6 -0
- package/dist/src/tools/wallet-auth.d.ts.map +1 -0
- package/dist/src/tools/wallet-auth.js +158 -0
- package/dist/src/tools/wallet-auth.js.map +1 -0
- package/dist/src/tools/wallet.d.ts +4 -0
- package/dist/src/tools/wallet.d.ts.map +1 -0
- package/dist/src/tools/wallet.js +57 -0
- package/dist/src/tools/wallet.js.map +1 -0
- package/dist/src/types.d.ts +142 -0
- package/dist/src/types.d.ts.map +1 -0
- package/dist/src/types.js +2 -0
- package/dist/src/types.js.map +1 -0
- package/package.json +33 -0
|
@@ -0,0 +1,549 @@
|
|
|
1
|
+
import * as http from "node:http";
|
|
2
|
+
import * as tls from "node:tls";
|
|
3
|
+
const CRLF_PATTERN = /[\r\n]/;
|
|
4
|
+
function validateHeaders(headers) {
|
|
5
|
+
for (const [key, value] of Object.entries(headers)) {
|
|
6
|
+
if (CRLF_PATTERN.test(key) || CRLF_PATTERN.test(value)) {
|
|
7
|
+
throw new Error(`Header "${key}" contains invalid characters (CR/LF injection attempt)`);
|
|
8
|
+
}
|
|
9
|
+
// Block null bytes
|
|
10
|
+
if (key.includes("\0") || value.includes("\0")) {
|
|
11
|
+
throw new Error(`Header "${key}" contains null bytes`);
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
const BINARY_CONTENT_TYPES = [
|
|
16
|
+
"image/", "audio/", "video/", "application/octet-stream",
|
|
17
|
+
"application/zip", "application/gzip", "application/pdf",
|
|
18
|
+
"application/x-tar", "application/x-rar",
|
|
19
|
+
];
|
|
20
|
+
function isBinaryContentType(contentType) {
|
|
21
|
+
const lower = contentType.toLowerCase();
|
|
22
|
+
return BINARY_CONTENT_TYPES.some((t) => lower.includes(t));
|
|
23
|
+
}
|
|
24
|
+
function buildProxyUsername(opts) {
|
|
25
|
+
const parts = [];
|
|
26
|
+
if (opts.poolType && opts.poolType !== "auto") {
|
|
27
|
+
parts.push(opts.poolType);
|
|
28
|
+
}
|
|
29
|
+
if (opts.country) {
|
|
30
|
+
parts.push(`country-${encodeURIComponent(opts.country.toUpperCase())}`);
|
|
31
|
+
}
|
|
32
|
+
if (opts.state) {
|
|
33
|
+
parts.push(`state-${encodeURIComponent(opts.state)}`);
|
|
34
|
+
}
|
|
35
|
+
if (opts.city) {
|
|
36
|
+
parts.push(`city-${encodeURIComponent(opts.city)}`);
|
|
37
|
+
}
|
|
38
|
+
return parts.length > 0 ? parts.join("-") : "auto";
|
|
39
|
+
}
|
|
40
|
+
function buildProxyAuth(apiKey, opts) {
|
|
41
|
+
const username = buildProxyUsername(opts);
|
|
42
|
+
return "Basic " + Buffer.from(`${username}:${apiKey}`).toString("base64");
|
|
43
|
+
}
|
|
44
|
+
const BLOCKED_HOSTNAMES = new Set([
|
|
45
|
+
"localhost",
|
|
46
|
+
"localhost.localdomain",
|
|
47
|
+
"ip6-localhost",
|
|
48
|
+
"ip6-loopback",
|
|
49
|
+
"[::1]",
|
|
50
|
+
"[::ffff:127.0.0.1]",
|
|
51
|
+
"0.0.0.0",
|
|
52
|
+
"[::]",
|
|
53
|
+
]);
|
|
54
|
+
// Normalize non-standard IP representations (octal, hex, decimal)
|
|
55
|
+
// to standard dotted-decimal to prevent SSRF bypasses like 0x7f000001, 2130706433, 0177.0.0.1
|
|
56
|
+
function normalizeIpv4(hostname) {
|
|
57
|
+
// Single decimal integer (e.g., 2130706433 = 127.0.0.1)
|
|
58
|
+
if (/^\d+$/.test(hostname)) {
|
|
59
|
+
const n = parseInt(hostname, 10);
|
|
60
|
+
if (n >= 0 && n <= 0xffffffff) {
|
|
61
|
+
return `${(n >>> 24) & 0xff}.${(n >>> 16) & 0xff}.${(n >>> 8) & 0xff}.${n & 0xff}`;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
// Hex notation (e.g., 0x7f000001)
|
|
65
|
+
if (/^0x[0-9a-fA-F]+$/i.test(hostname)) {
|
|
66
|
+
const n = parseInt(hostname, 16);
|
|
67
|
+
if (n >= 0 && n <= 0xffffffff) {
|
|
68
|
+
return `${(n >>> 24) & 0xff}.${(n >>> 16) & 0xff}.${(n >>> 8) & 0xff}.${n & 0xff}`;
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
// Octal or mixed-radix octets (e.g., 0177.0.0.1, 0x7f.0.0.1)
|
|
72
|
+
const parts = hostname.split(".");
|
|
73
|
+
if (parts.length === 4) {
|
|
74
|
+
const octets = [];
|
|
75
|
+
for (const part of parts) {
|
|
76
|
+
let val;
|
|
77
|
+
if (/^0x[0-9a-fA-F]+$/i.test(part)) {
|
|
78
|
+
val = parseInt(part, 16);
|
|
79
|
+
}
|
|
80
|
+
else if (/^0\d+$/.test(part)) {
|
|
81
|
+
val = parseInt(part, 8);
|
|
82
|
+
}
|
|
83
|
+
else if (/^\d+$/.test(part)) {
|
|
84
|
+
val = parseInt(part, 10);
|
|
85
|
+
}
|
|
86
|
+
else {
|
|
87
|
+
return null; // Not an IP
|
|
88
|
+
}
|
|
89
|
+
if (isNaN(val) || val < 0 || val > 255)
|
|
90
|
+
return null;
|
|
91
|
+
octets.push(val);
|
|
92
|
+
}
|
|
93
|
+
return octets.join(".");
|
|
94
|
+
}
|
|
95
|
+
return null;
|
|
96
|
+
}
|
|
97
|
+
function isPrivateIp(hostname) {
|
|
98
|
+
// Strip brackets from IPv6
|
|
99
|
+
let ip = hostname.replace(/^\[|\]$/g, "");
|
|
100
|
+
// Strip IPv6 zone ID (e.g., %25eth0, %eth0) before any analysis
|
|
101
|
+
const zoneIdx = ip.indexOf("%");
|
|
102
|
+
if (zoneIdx !== -1) {
|
|
103
|
+
ip = ip.substring(0, zoneIdx);
|
|
104
|
+
}
|
|
105
|
+
// Normalize non-standard IP formats before checking
|
|
106
|
+
const normalized = normalizeIpv4(ip);
|
|
107
|
+
const checkIp = normalized ?? ip;
|
|
108
|
+
// IPv4 private ranges
|
|
109
|
+
const ipv4Match = checkIp.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
|
|
110
|
+
if (ipv4Match) {
|
|
111
|
+
const [, a, b] = ipv4Match.map(Number);
|
|
112
|
+
if (a === 0)
|
|
113
|
+
return true; // 0.0.0.0/8
|
|
114
|
+
if (a === 10)
|
|
115
|
+
return true; // 10.0.0.0/8
|
|
116
|
+
if (a === 127)
|
|
117
|
+
return true; // 127.0.0.0/8
|
|
118
|
+
if (a === 169 && b === 254)
|
|
119
|
+
return true; // 169.254.0.0/16 link-local
|
|
120
|
+
if (a === 172 && b >= 16 && b <= 31)
|
|
121
|
+
return true; // 172.16.0.0/12
|
|
122
|
+
if (a === 192 && b === 168)
|
|
123
|
+
return true; // 192.168.0.0/16
|
|
124
|
+
if (a === 100 && b >= 64 && b <= 127)
|
|
125
|
+
return true; // 100.64.0.0/10 CGNAT
|
|
126
|
+
if (a >= 224)
|
|
127
|
+
return true; // multicast + reserved
|
|
128
|
+
return false;
|
|
129
|
+
}
|
|
130
|
+
// IPv6 private ranges
|
|
131
|
+
const ipLower = ip.toLowerCase();
|
|
132
|
+
if (ipLower === "::1")
|
|
133
|
+
return true; // loopback
|
|
134
|
+
if (ipLower === "::")
|
|
135
|
+
return true; // unspecified
|
|
136
|
+
if (ipLower.startsWith("fc") || ipLower.startsWith("fd"))
|
|
137
|
+
return true; // fc00::/7 ULA
|
|
138
|
+
if (ipLower.startsWith("fe80"))
|
|
139
|
+
return true; // fe80::/10 link-local
|
|
140
|
+
if (ipLower.startsWith("::ffff:")) {
|
|
141
|
+
// IPv4-mapped IPv6 — check the embedded IPv4
|
|
142
|
+
const embedded = ipLower.slice(7);
|
|
143
|
+
// May be dotted-decimal (::ffff:127.0.0.1) or hex (::ffff:7f00:1)
|
|
144
|
+
if (embedded.includes(".")) {
|
|
145
|
+
return isPrivateIp(embedded);
|
|
146
|
+
}
|
|
147
|
+
// Hex form: convert ::ffff:XXYY:ZZWW to X.Y.Z.W
|
|
148
|
+
const hexParts = embedded.split(":");
|
|
149
|
+
if (hexParts.length === 2) {
|
|
150
|
+
const hi = parseInt(hexParts[0], 16);
|
|
151
|
+
const lo = parseInt(hexParts[1], 16);
|
|
152
|
+
if (!isNaN(hi) && !isNaN(lo)) {
|
|
153
|
+
const reconstructed = `${(hi >> 8) & 0xff}.${hi & 0xff}.${(lo >> 8) & 0xff}.${lo & 0xff}`;
|
|
154
|
+
return isPrivateIp(reconstructed);
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
return isPrivateIp(embedded);
|
|
158
|
+
}
|
|
159
|
+
// IPv4-compatible IPv6 (::x.x.x.x) — deprecated but still parsed
|
|
160
|
+
if (ipLower.startsWith("::") && !ipLower.startsWith("::ffff:")) {
|
|
161
|
+
const rest = ipLower.slice(2);
|
|
162
|
+
if (rest && rest.includes("."))
|
|
163
|
+
return isPrivateIp(rest);
|
|
164
|
+
const hexParts = rest.split(":");
|
|
165
|
+
if (hexParts.length === 2 && hexParts[0] && hexParts[1]) {
|
|
166
|
+
const hi = parseInt(hexParts[0], 16);
|
|
167
|
+
const lo = parseInt(hexParts[1], 16);
|
|
168
|
+
if (!isNaN(hi) && !isNaN(lo)) {
|
|
169
|
+
const reconstructed = `${(hi >> 8) & 0xff}.${hi & 0xff}.${(lo >> 8) & 0xff}.${lo & 0xff}`;
|
|
170
|
+
return isPrivateIp(reconstructed);
|
|
171
|
+
}
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
// Teredo (2001:0000::/32) — block unconditionally
|
|
175
|
+
if (ipLower.startsWith("2001:0000:") || ipLower.startsWith("2001:0:"))
|
|
176
|
+
return true;
|
|
177
|
+
// 6to4 (2002::/16) — block unconditionally
|
|
178
|
+
if (ipLower.startsWith("2002:"))
|
|
179
|
+
return true;
|
|
180
|
+
// IPv6 multicast (ff00::/8)
|
|
181
|
+
if (ipLower.startsWith("ff"))
|
|
182
|
+
return true;
|
|
183
|
+
return false;
|
|
184
|
+
}
|
|
185
|
+
export function validateUrl(url) {
|
|
186
|
+
let parsed;
|
|
187
|
+
try {
|
|
188
|
+
parsed = new URL(url);
|
|
189
|
+
}
|
|
190
|
+
catch {
|
|
191
|
+
throw new Error(`Invalid URL: ${url}`);
|
|
192
|
+
}
|
|
193
|
+
if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
|
|
194
|
+
throw new Error(`Only http: and https: protocols are supported, got ${parsed.protocol}`);
|
|
195
|
+
}
|
|
196
|
+
const hostname = parsed.hostname.toLowerCase();
|
|
197
|
+
// Block known local hostnames
|
|
198
|
+
if (BLOCKED_HOSTNAMES.has(hostname)) {
|
|
199
|
+
throw new Error("Requests to localhost/loopback addresses are blocked");
|
|
200
|
+
}
|
|
201
|
+
// Block private/reserved IP addresses
|
|
202
|
+
if (isPrivateIp(hostname)) {
|
|
203
|
+
throw new Error("Requests to private/internal IP addresses are blocked");
|
|
204
|
+
}
|
|
205
|
+
// Block .localhost TLD (RFC 6761) — "foo.localhost" resolves to loopback
|
|
206
|
+
if (hostname.endsWith(".localhost")) {
|
|
207
|
+
throw new Error("Requests to localhost/loopback addresses are blocked");
|
|
208
|
+
}
|
|
209
|
+
// Block hostnames ending in .local, .internal, .arpa
|
|
210
|
+
if (hostname.endsWith(".local") || hostname.endsWith(".internal") || hostname.endsWith(".arpa")) {
|
|
211
|
+
throw new Error("Requests to internal network hostnames are blocked");
|
|
212
|
+
}
|
|
213
|
+
// DNS rebinding note — proxyFetch always routes through the upstream proxy
|
|
214
|
+
// (config.proxyHost), which does its own DNS resolution. The proxy-gateway has
|
|
215
|
+
// double-resolve DNS rebinding protection. A DNS rebinding attack would need to
|
|
216
|
+
// target the upstream proxy's resolver, which is not attacker-controlled.
|
|
217
|
+
// The isPrivateIp() check above handles the static case; dynamic DNS rebinding
|
|
218
|
+
// is mitigated by the upstream proxy's own protections.
|
|
219
|
+
return parsed;
|
|
220
|
+
}
|
|
221
|
+
export async function proxyFetch(config, opts) {
|
|
222
|
+
if (!config.apiKey) {
|
|
223
|
+
throw new Error("Proxy fetch requires an API key. Use dominusnode_setup to create an account first.");
|
|
224
|
+
}
|
|
225
|
+
const apiKey = config.apiKey;
|
|
226
|
+
const parsed = validateUrl(opts.url);
|
|
227
|
+
const timeoutMs = Math.min(opts.timeoutMs ?? config.fetchTimeoutMs, 120_000);
|
|
228
|
+
const maxBytes = config.fetchMaxResponseBytes;
|
|
229
|
+
const method = (opts.method ?? "GET").toUpperCase();
|
|
230
|
+
// Enforce read-only methods at function level (defense-in-depth)
|
|
231
|
+
const ALLOWED_PROXY_METHODS = new Set(["GET", "HEAD"]);
|
|
232
|
+
if (!ALLOWED_PROXY_METHODS.has(method)) {
|
|
233
|
+
throw new Error(`Only GET and HEAD methods are allowed for proxy fetch, got ${method}`);
|
|
234
|
+
}
|
|
235
|
+
// Drop body on GET/HEAD — these methods should never carry a request body
|
|
236
|
+
if (method === "GET" || method === "HEAD") {
|
|
237
|
+
opts.body = undefined;
|
|
238
|
+
}
|
|
239
|
+
// Validate user-supplied headers to prevent CRLF injection
|
|
240
|
+
if (opts.headers) {
|
|
241
|
+
validateHeaders(opts.headers);
|
|
242
|
+
}
|
|
243
|
+
if (parsed.protocol === "https:") {
|
|
244
|
+
return httpsProxyFetch(apiKey, config, opts, parsed, method, timeoutMs, maxBytes);
|
|
245
|
+
}
|
|
246
|
+
return httpProxyFetch(apiKey, config, opts, parsed, method, timeoutMs, maxBytes);
|
|
247
|
+
}
|
|
248
|
+
function httpProxyFetch(apiKey, config, opts, parsed, method, timeoutMs, maxBytes) {
|
|
249
|
+
return new Promise((resolve, reject) => {
|
|
250
|
+
const timer = setTimeout(() => {
|
|
251
|
+
req.destroy();
|
|
252
|
+
reject(new Error(`Proxy request timed out after ${timeoutMs}ms`));
|
|
253
|
+
}, timeoutMs);
|
|
254
|
+
// Block smuggling-prone headers on HTTP path (matches HTTPS path blocklist)
|
|
255
|
+
// Add user-agent to blocked set (matches HTTPS path PROTECTED_HEADERS)
|
|
256
|
+
const BLOCKED_HTTP_HEADERS = new Set(["host", "connection", "content-length", "transfer-encoding", "proxy-authorization", "user-agent", "authorization"]);
|
|
257
|
+
const safeHttpHeaders = {};
|
|
258
|
+
if (opts.headers) {
|
|
259
|
+
for (const [key, value] of Object.entries(opts.headers)) {
|
|
260
|
+
if (!BLOCKED_HTTP_HEADERS.has(key.toLowerCase())) {
|
|
261
|
+
safeHttpHeaders[key] = value;
|
|
262
|
+
}
|
|
263
|
+
}
|
|
264
|
+
}
|
|
265
|
+
const req = http.request({
|
|
266
|
+
hostname: config.proxyHost,
|
|
267
|
+
port: config.httpProxyPort,
|
|
268
|
+
method,
|
|
269
|
+
path: opts.url,
|
|
270
|
+
headers: {
|
|
271
|
+
...safeHttpHeaders,
|
|
272
|
+
"Proxy-Authorization": buildProxyAuth(apiKey, opts),
|
|
273
|
+
Host: parsed.host,
|
|
274
|
+
},
|
|
275
|
+
}, (res) => {
|
|
276
|
+
collectResponse(res, maxBytes, timer).then(({ body, truncated, byteCount }) => {
|
|
277
|
+
const contentType = res.headers["content-type"] ?? "";
|
|
278
|
+
// Redact security-sensitive response headers
|
|
279
|
+
const REDACTED_RESP = new Set([
|
|
280
|
+
"set-cookie", "www-authenticate", "proxy-authenticate",
|
|
281
|
+
"authorization", "proxy-authorization",
|
|
282
|
+
]);
|
|
283
|
+
const responseHeaders = {};
|
|
284
|
+
for (const [key, value] of Object.entries(res.headers)) {
|
|
285
|
+
if (value && !REDACTED_RESP.has(key))
|
|
286
|
+
responseHeaders[key] = Array.isArray(value) ? value.join(", ") : value;
|
|
287
|
+
}
|
|
288
|
+
let responseBody;
|
|
289
|
+
if (isBinaryContentType(contentType)) {
|
|
290
|
+
responseBody = `[Binary content: ${contentType}, ${byteCount} bytes]`;
|
|
291
|
+
}
|
|
292
|
+
else {
|
|
293
|
+
responseBody = body;
|
|
294
|
+
}
|
|
295
|
+
resolve({
|
|
296
|
+
status: res.statusCode ?? 0,
|
|
297
|
+
statusText: res.statusMessage ?? "",
|
|
298
|
+
headers: responseHeaders,
|
|
299
|
+
body: responseBody,
|
|
300
|
+
bodyTruncated: truncated,
|
|
301
|
+
byteCount,
|
|
302
|
+
});
|
|
303
|
+
}, (err) => {
|
|
304
|
+
clearTimeout(timer);
|
|
305
|
+
reject(err);
|
|
306
|
+
});
|
|
307
|
+
});
|
|
308
|
+
req.on("error", (err) => {
|
|
309
|
+
clearTimeout(timer);
|
|
310
|
+
reject(new Error(`Proxy connection error: ${err.message}`));
|
|
311
|
+
});
|
|
312
|
+
if (opts.body) {
|
|
313
|
+
req.write(opts.body);
|
|
314
|
+
}
|
|
315
|
+
req.end();
|
|
316
|
+
});
|
|
317
|
+
}
|
|
318
|
+
function httpsProxyFetch(apiKey, config, opts, parsed, method, timeoutMs, maxBytes) {
|
|
319
|
+
return new Promise((resolve, reject) => {
|
|
320
|
+
const timer = setTimeout(() => {
|
|
321
|
+
socket?.destroy();
|
|
322
|
+
reject(new Error(`Proxy request timed out after ${timeoutMs}ms`));
|
|
323
|
+
}, timeoutMs);
|
|
324
|
+
let socket;
|
|
325
|
+
// Step 1: CONNECT tunnel
|
|
326
|
+
const connectHost = parsed.hostname.includes(":") ? `[${parsed.hostname}]` : parsed.hostname;
|
|
327
|
+
const connectReq = http.request({
|
|
328
|
+
hostname: config.proxyHost,
|
|
329
|
+
port: config.httpProxyPort,
|
|
330
|
+
method: "CONNECT",
|
|
331
|
+
path: `${connectHost}:${parsed.port || 443}`,
|
|
332
|
+
headers: {
|
|
333
|
+
"Proxy-Authorization": buildProxyAuth(apiKey, opts),
|
|
334
|
+
Host: `${connectHost}:${parsed.port || 443}`,
|
|
335
|
+
},
|
|
336
|
+
});
|
|
337
|
+
connectReq.on("connect", (_res, tunnelSocket) => {
|
|
338
|
+
if (_res.statusCode !== 200) {
|
|
339
|
+
clearTimeout(timer);
|
|
340
|
+
tunnelSocket.destroy();
|
|
341
|
+
reject(new Error(`CONNECT tunnel failed with status ${_res.statusCode}`));
|
|
342
|
+
return;
|
|
343
|
+
}
|
|
344
|
+
socket = tunnelSocket;
|
|
345
|
+
// Step 2: TLS upgrade
|
|
346
|
+
const tlsSocket = tls.connect({
|
|
347
|
+
host: parsed.hostname,
|
|
348
|
+
port: parseInt(parsed.port || "443", 10),
|
|
349
|
+
socket: tunnelSocket,
|
|
350
|
+
servername: parsed.hostname,
|
|
351
|
+
minVersion: "TLSv1.2",
|
|
352
|
+
}, () => {
|
|
353
|
+
// Step 3: Send HTTP request through TLS tunnel
|
|
354
|
+
const requestPath = parsed.pathname + parsed.search;
|
|
355
|
+
// Validate request path for CRLF injection before writing raw HTTP request line
|
|
356
|
+
if (/[\r\n]/.test(requestPath)) {
|
|
357
|
+
clearTimeout(timer);
|
|
358
|
+
tlsSocket.destroy();
|
|
359
|
+
reject(new Error("Request path contains invalid characters"));
|
|
360
|
+
return;
|
|
361
|
+
}
|
|
362
|
+
// Set base headers first, then user headers, but block security-sensitive overrides
|
|
363
|
+
const BLOCKED_HEADERS = new Set(["host", "connection", "content-length", "transfer-encoding", "proxy-authorization", "authorization"]);
|
|
364
|
+
const safeUserHeaders = {};
|
|
365
|
+
if (opts.headers) {
|
|
366
|
+
for (const [key, value] of Object.entries(opts.headers)) {
|
|
367
|
+
if (!BLOCKED_HEADERS.has(key.toLowerCase())) {
|
|
368
|
+
safeUserHeaders[key] = value;
|
|
369
|
+
}
|
|
370
|
+
}
|
|
371
|
+
}
|
|
372
|
+
// Merge user headers WITHOUT allowing override of security-critical base headers
|
|
373
|
+
const PROTECTED_HEADERS = new Set(["host", "user-agent", "connection", "content-length"]);
|
|
374
|
+
const reqHeaders = {
|
|
375
|
+
Host: parsed.host,
|
|
376
|
+
"User-Agent": "dominusnode-mcp-server/1.0.0",
|
|
377
|
+
Accept: "*/*",
|
|
378
|
+
Connection: "close",
|
|
379
|
+
};
|
|
380
|
+
for (const [key, value] of Object.entries(safeUserHeaders)) {
|
|
381
|
+
if (!PROTECTED_HEADERS.has(key.toLowerCase())) {
|
|
382
|
+
reqHeaders[key] = value;
|
|
383
|
+
}
|
|
384
|
+
}
|
|
385
|
+
let reqLine = `${method} ${requestPath} HTTP/1.1\r\n`;
|
|
386
|
+
for (const [key, value] of Object.entries(reqHeaders)) {
|
|
387
|
+
reqLine += `${key}: ${value}\r\n`;
|
|
388
|
+
}
|
|
389
|
+
if (opts.body) {
|
|
390
|
+
reqLine += `Content-Length: ${Buffer.byteLength(opts.body)}\r\n`;
|
|
391
|
+
}
|
|
392
|
+
reqLine += "\r\n";
|
|
393
|
+
tlsSocket.write(reqLine);
|
|
394
|
+
if (opts.body) {
|
|
395
|
+
tlsSocket.write(opts.body);
|
|
396
|
+
}
|
|
397
|
+
// Step 4: Parse HTTP response
|
|
398
|
+
parseHttpResponse(tlsSocket, maxBytes, timer).then(resolve, (err) => {
|
|
399
|
+
clearTimeout(timer);
|
|
400
|
+
reject(err);
|
|
401
|
+
});
|
|
402
|
+
});
|
|
403
|
+
tlsSocket.on("error", (err) => {
|
|
404
|
+
clearTimeout(timer);
|
|
405
|
+
reject(new Error(`TLS error: ${err.message}`));
|
|
406
|
+
});
|
|
407
|
+
});
|
|
408
|
+
connectReq.on("error", (err) => {
|
|
409
|
+
clearTimeout(timer);
|
|
410
|
+
reject(new Error(`CONNECT request error: ${err.message}`));
|
|
411
|
+
});
|
|
412
|
+
connectReq.end();
|
|
413
|
+
});
|
|
414
|
+
}
|
|
415
|
+
function collectResponse(res, maxBytes, timer) {
|
|
416
|
+
return new Promise((resolve, reject) => {
|
|
417
|
+
const chunks = [];
|
|
418
|
+
let byteCount = 0;
|
|
419
|
+
let truncated = false;
|
|
420
|
+
res.on("data", (chunk) => {
|
|
421
|
+
byteCount += chunk.length;
|
|
422
|
+
if (!truncated) {
|
|
423
|
+
if (byteCount <= maxBytes) {
|
|
424
|
+
chunks.push(chunk);
|
|
425
|
+
}
|
|
426
|
+
else {
|
|
427
|
+
const excess = byteCount - maxBytes;
|
|
428
|
+
chunks.push(chunk.subarray(0, chunk.length - excess));
|
|
429
|
+
truncated = true;
|
|
430
|
+
res.destroy(); // Stop data flow to save bandwidth
|
|
431
|
+
}
|
|
432
|
+
}
|
|
433
|
+
});
|
|
434
|
+
let resolved = false;
|
|
435
|
+
function finalize() {
|
|
436
|
+
if (resolved)
|
|
437
|
+
return;
|
|
438
|
+
resolved = true;
|
|
439
|
+
clearTimeout(timer);
|
|
440
|
+
resolve({
|
|
441
|
+
body: Buffer.concat(chunks).toString("utf-8"),
|
|
442
|
+
truncated,
|
|
443
|
+
byteCount,
|
|
444
|
+
});
|
|
445
|
+
}
|
|
446
|
+
res.on("end", finalize);
|
|
447
|
+
res.on("close", finalize);
|
|
448
|
+
res.on("error", (err) => {
|
|
449
|
+
if (resolved)
|
|
450
|
+
return; // Destroyed by us for truncation
|
|
451
|
+
clearTimeout(timer);
|
|
452
|
+
reject(err);
|
|
453
|
+
});
|
|
454
|
+
});
|
|
455
|
+
}
|
|
456
|
+
function parseHttpResponse(socket, maxBytes, timer) {
|
|
457
|
+
return new Promise((resolve, reject) => {
|
|
458
|
+
const chunks = [];
|
|
459
|
+
let byteCount = 0;
|
|
460
|
+
// Hard cap: headers buffer (16KB) + body maxBytes. Destroy socket on overflow to stop bandwidth burn.
|
|
461
|
+
const hardCap = maxBytes + 16384;
|
|
462
|
+
let truncated = false;
|
|
463
|
+
socket.on("data", (chunk) => {
|
|
464
|
+
byteCount += chunk.length;
|
|
465
|
+
if (byteCount <= hardCap) {
|
|
466
|
+
chunks.push(chunk);
|
|
467
|
+
}
|
|
468
|
+
else if (!truncated) {
|
|
469
|
+
// Keep what we have, destroy socket to stop data flow
|
|
470
|
+
const excess = byteCount - hardCap;
|
|
471
|
+
if (chunk.length > excess) {
|
|
472
|
+
chunks.push(chunk.subarray(0, chunk.length - excess));
|
|
473
|
+
}
|
|
474
|
+
truncated = true;
|
|
475
|
+
socket.destroy();
|
|
476
|
+
}
|
|
477
|
+
});
|
|
478
|
+
let resolved = false;
|
|
479
|
+
function finalize() {
|
|
480
|
+
if (resolved)
|
|
481
|
+
return;
|
|
482
|
+
resolved = true;
|
|
483
|
+
clearTimeout(timer);
|
|
484
|
+
try {
|
|
485
|
+
const raw = Buffer.concat(chunks).toString("utf-8");
|
|
486
|
+
const headerEnd = raw.indexOf("\r\n\r\n");
|
|
487
|
+
if (headerEnd === -1) {
|
|
488
|
+
reject(new Error("Malformed HTTP response — no header terminator"));
|
|
489
|
+
return;
|
|
490
|
+
}
|
|
491
|
+
const headerSection = raw.substring(0, headerEnd);
|
|
492
|
+
const bodySection = raw.substring(headerEnd + 4);
|
|
493
|
+
const statusLine = headerSection.split("\r\n")[0];
|
|
494
|
+
const statusMatch = statusLine.match(/^HTTP\/\d\.\d\s+(\d+)\s*(.*)/);
|
|
495
|
+
const status = statusMatch ? parseInt(statusMatch[1], 10) : 0;
|
|
496
|
+
const statusText = statusMatch?.[2] ?? "";
|
|
497
|
+
// Redact security-sensitive response headers before returning to MCP client
|
|
498
|
+
const REDACTED_RESPONSE_HEADERS = new Set([
|
|
499
|
+
"set-cookie", "www-authenticate", "proxy-authenticate",
|
|
500
|
+
"authorization", "proxy-authorization",
|
|
501
|
+
]);
|
|
502
|
+
const headers = {};
|
|
503
|
+
const headerLines = headerSection.split("\r\n").slice(1);
|
|
504
|
+
for (const line of headerLines) {
|
|
505
|
+
const colonIdx = line.indexOf(":");
|
|
506
|
+
if (colonIdx > 0) {
|
|
507
|
+
const key = line.substring(0, colonIdx).trim().toLowerCase();
|
|
508
|
+
if (REDACTED_RESPONSE_HEADERS.has(key))
|
|
509
|
+
continue;
|
|
510
|
+
headers[key] = line.substring(colonIdx + 1).trim();
|
|
511
|
+
}
|
|
512
|
+
}
|
|
513
|
+
const contentType = headers["content-type"] ?? "";
|
|
514
|
+
const bodyBytes = Buffer.byteLength(bodySection, "utf-8");
|
|
515
|
+
const wasBodyTruncated = truncated || bodyBytes > maxBytes;
|
|
516
|
+
let body;
|
|
517
|
+
if (isBinaryContentType(contentType)) {
|
|
518
|
+
body = `[Binary content: ${contentType}, ${byteCount} bytes]`;
|
|
519
|
+
}
|
|
520
|
+
else if (wasBodyTruncated) {
|
|
521
|
+
body = bodySection.substring(0, maxBytes);
|
|
522
|
+
}
|
|
523
|
+
else {
|
|
524
|
+
body = bodySection;
|
|
525
|
+
}
|
|
526
|
+
resolve({
|
|
527
|
+
status,
|
|
528
|
+
statusText,
|
|
529
|
+
headers,
|
|
530
|
+
body,
|
|
531
|
+
bodyTruncated: wasBodyTruncated,
|
|
532
|
+
byteCount: bodyBytes,
|
|
533
|
+
});
|
|
534
|
+
}
|
|
535
|
+
catch (err) {
|
|
536
|
+
reject(new Error(`Failed to parse response: ${err instanceof Error ? err.message : String(err)}`));
|
|
537
|
+
}
|
|
538
|
+
}
|
|
539
|
+
socket.on("end", finalize);
|
|
540
|
+
socket.on("close", finalize);
|
|
541
|
+
socket.on("error", (err) => {
|
|
542
|
+
if (resolved)
|
|
543
|
+
return; // Socket was destroyed by us for truncation
|
|
544
|
+
clearTimeout(timer);
|
|
545
|
+
reject(new Error(`Socket error: ${err.message}`));
|
|
546
|
+
});
|
|
547
|
+
});
|
|
548
|
+
}
|
|
549
|
+
//# sourceMappingURL=proxy-fetch.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"proxy-fetch.js","sourceRoot":"","sources":["../../src/proxy-fetch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAGlC,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAwBhC,MAAM,YAAY,GAAG,QAAQ,CAAC;AAE9B,SAAS,eAAe,CAAC,OAA+B;IACtD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,WAAW,GAAG,yDAAyD,CAAC,CAAC;QAC3F,CAAC;QACD,mBAAmB;QACnB,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,WAAW,GAAG,uBAAuB,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,oBAAoB,GAAG;IAC3B,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,0BAA0B;IACxD,iBAAiB,EAAE,kBAAkB,EAAE,iBAAiB;IACxD,mBAAmB,EAAE,mBAAmB;CACzC,CAAC;AAEF,SAAS,mBAAmB,CAAC,WAAmB;IAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IACxC,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAuB;IACjD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,WAAW,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,SAAS,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,KAAK,CAAC,IAAI,CAAC,QAAQ,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;AACrD,CAAC;AAED,SAAS,cAAc,CAAC,MAAc,EAAE,IAAuB;IAC7D,MAAM,QAAQ,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC1C,OAAO,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,IAAI,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,WAAW;IACX,uBAAuB;IACvB,eAAe;IACf,cAAc;IACd,OAAO;IACP,oBAAoB;IACpB,SAAS;IACT,MAAM;CACP,CAAC,CAAC;AAEH,kEAAkE;AAClE,8FAA8F;AAC9F,SAAS,aAAa,CAAC,QAAgB;IACrC,wDAAwD;IACxD,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,EAAE,CAAC;YAC9B,OAAO,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC;QACrF,CAAC;IACH,CAAC;IACD,kCAAkC;IAClC,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,GAAG,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,EAAE,CAAC;YAC9B,OAAO,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC;QACrF,CAAC;IACH,CAAC;IACD,6DAA6D;IAC7D,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,GAAW,CAAC;YAChB,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnC,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC3B,CAAC;iBAAM,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/B,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YAC1B,CAAC;iBAAM,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,CAAC,CAAC,YAAY;YAC3B,CAAC;YACD,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,GAAG;gBAAE,OAAO,IAAI,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,2BAA2B;IAC3B,IAAI,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAE1C,gEAAgE;IAChE,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,OAAO,KAAK,CAAC,CAAC,EAAE,CAAC;QACnB,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAChC,CAAC;IAED,oDAAoD;IACpD,MAAM,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,UAAU,IAAI,EAAE,CAAC;IAEjC,sBAAsB;IACtB,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAChF,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC,CAAuB,YAAY;QAC5D,IAAI,CAAC,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC,CAAsB,aAAa;QAC7D,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC,CAAqB,cAAc;QAC9D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC,CAAQ,4BAA4B;QAC5E,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC,CAAC,gBAAgB;QAClE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC,CAAQ,iBAAiB;QACjE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG;YAAE,OAAO,IAAI,CAAC,CAAC,sBAAsB;QACzE,IAAI,CAAC,IAAI,GAAG;YAAE,OAAO,IAAI,CAAC,CAAsB,uBAAuB;QACvE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,sBAAsB;IACtB,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,OAAO,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC,CAAe,WAAW;IAC7D,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC,CAAgB,cAAc;IAChE,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,eAAe;IACtF,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC,CAAM,uBAAuB;IACzE,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,6CAA6C;QAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAClC,kEAAkE;QAClE,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;QACD,gDAAgD;QAChD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACrC,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC7B,MAAM,aAAa,GAAG,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;gBAC1F,OAAO,WAAW,CAAC,aAAa,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;QACD,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,iEAAiE;IACjE,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACrC,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC7B,MAAM,aAAa,GAAG,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;gBAC1F,OAAO,WAAW,CAAC,aAAa,CAAC,CAAC;YACpC,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,IAAI,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnF,2CAA2C;IAC3C,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7C,4BAA4B;IAC5B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,EAAE,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,sDAAsD,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC3F,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAE/C,8BAA8B;IAC9B,IAAI,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IAED,sCAAsC;IACtC,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IAED,yEAAyE;IACzE,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IAED,qDAAqD;IACrD,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAChG,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IAED,2EAA2E;IAC3E,+EAA+E;IAC/E,gFAAgF;IAChF,0EAA0E;IAC1E,+EAA+E;IAC/E,wDAAwD;IAExD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,MAAiB,EACjB,IAAuB;IAEvB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,oFAAoF,CAAC,CAAC;IACxG,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAE7B,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IAC7E,MAAM,QAAQ,GAAG,MAAM,CAAC,qBAAqB,CAAC;IAC9C,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IAEpD,iEAAiE;IACjE,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;IACvD,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,8DAA8D,MAAM,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,0EAA0E;IAC1E,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QAC1C,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC;IACxB,CAAC;IAED,2DAA2D;IAC3D,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACpF,CAAC;IACD,OAAO,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AACnF,CAAC;AAED,SAAS,cAAc,CACrB,MAAc,EACd,MAAiB,EACjB,IAAuB,EACvB,MAAW,EACX,MAAc,EACd,SAAiB,EACjB,QAAgB;IAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,KAAK,CAAC,iCAAiC,SAAS,IAAI,CAAC,CAAC,CAAC;QACpE,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,4EAA4E;QAC5E,uEAAuE;QACvE,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC,CAAC;QAC1J,MAAM,eAAe,GAA2B,EAAE,CAAC;QACnD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxD,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBACjD,eAAe,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBAC/B,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CACtB;YACE,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,IAAI,EAAE,MAAM,CAAC,aAAa;YAC1B,MAAM;YACN,IAAI,EAAE,IAAI,CAAC,GAAG;YACd,OAAO,EAAE;gBACP,GAAG,eAAe;gBAClB,qBAAqB,EAAE,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC;gBACnD,IAAI,EAAE,MAAM,CAAC,IAAI;aAClB;SACF,EACD,CAAC,GAAG,EAAE,EAAE;YACN,eAAe,CAAC,GAAG,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,IAAI,CACxC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,EAAE;gBACjC,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;gBACtD,6CAA6C;gBAC7C,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;oBAC5B,YAAY,EAAE,kBAAkB,EAAE,oBAAoB;oBACtD,eAAe,EAAE,qBAAqB;iBACvC,CAAC,CAAC;gBACH,MAAM,eAAe,GAA2B,EAAE,CAAC;gBACnD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBACvD,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;wBAAE,eAAe,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBAC/G,CAAC;gBAED,IAAI,YAAoB,CAAC;gBACzB,IAAI,mBAAmB,CAAC,WAAW,CAAC,EAAE,CAAC;oBACrC,YAAY,GAAG,oBAAoB,WAAW,KAAK,SAAS,SAAS,CAAC;gBACxE,CAAC;qBAAM,CAAC;oBACN,YAAY,GAAG,IAAI,CAAC;gBACtB,CAAC;gBAED,OAAO,CAAC;oBACN,MAAM,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC;oBAC3B,UAAU,EAAE,GAAG,CAAC,aAAa,IAAI,EAAE;oBACnC,OAAO,EAAE,eAAe;oBACxB,IAAI,EAAE,YAAY;oBAClB,aAAa,EAAE,SAAS;oBACxB,SAAS;iBACV,CAAC,CAAC;YACL,CAAC,EACD,CAAC,GAAG,EAAE,EAAE;gBACN,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CACF,CAAC;QACJ,CAAC,CACF,CAAC;QAEF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACtB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,IAAI,KAAK,CAAC,2BAA2B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;QACD,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,eAAe,CACtB,MAAc,EACd,MAAiB,EACjB,IAAuB,EACvB,MAAW,EACX,MAAc,EACd,SAAiB,EACjB,QAAgB;IAEhB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,EAAE,OAAO,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,KAAK,CAAC,iCAAiC,SAAS,IAAI,CAAC,CAAC,CAAC;QACpE,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,IAAI,MAA8B,CAAC;QAEnC,yBAAyB;QACzB,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC7F,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC;YAC9B,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,IAAI,EAAE,MAAM,CAAC,aAAa;YAC1B,MAAM,EAAE,SAAS;YACjB,IAAI,EAAE,GAAG,WAAW,IAAI,MAAM,CAAC,IAAI,IAAI,GAAG,EAAE;YAC5C,OAAO,EAAE;gBACP,qBAAqB,EAAE,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC;gBACnD,IAAI,EAAE,GAAG,WAAW,IAAI,MAAM,CAAC,IAAI,IAAI,GAAG,EAAE;aAC7C;SACF,CAAC,CAAC;QAEH,UAAU,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,EAAE;YAC9C,IAAI,IAAI,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;gBAC5B,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,YAAY,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,KAAK,CAAC,qCAAqC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;gBAC1E,OAAO;YACT,CAAC;YAED,MAAM,GAAG,YAAY,CAAC;YAEtB,sBAAsB;YACtB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAC3B;gBACE,IAAI,EAAE,MAAM,CAAC,QAAQ;gBACrB,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,KAAK,EAAE,EAAE,CAAC;gBACxC,MAAM,EAAE,YAAY;gBACpB,UAAU,EAAE,MAAM,CAAC,QAAQ;gBAC3B,UAAU,EAAE,SAAS;aACtB,EACD,GAAG,EAAE;gBACH,+CAA+C;gBAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC;gBACpD,gFAAgF;gBAChF,IAAI,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC/B,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,SAAS,CAAC,OAAO,EAAE,CAAC;oBACpB,MAAM,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;oBAC9D,OAAO;gBACT,CAAC;gBACD,oFAAoF;gBACpF,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,eAAe,CAAC,CAAC,CAAC;gBACvI,MAAM,eAAe,GAA2B,EAAE,CAAC;gBACnD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBACjB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBACxD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;4BAC5C,eAAe,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;wBAC/B,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,iFAAiF;gBACjF,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,CAAC,CAAC,CAAC;gBAC1F,MAAM,UAAU,GAA2B;oBACzC,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,YAAY,EAAE,8BAA8B;oBAC5C,MAAM,EAAE,KAAK;oBACb,UAAU,EAAE,OAAO;iBACpB,CAAC;gBACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;oBAC3D,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;wBAC9C,UAAU,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;oBAC1B,CAAC;gBACH,CAAC;gBAED,IAAI,OAAO,GAAG,GAAG,MAAM,IAAI,WAAW,eAAe,CAAC;gBACtD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;oBACtD,OAAO,IAAI,GAAG,GAAG,KAAK,KAAK,MAAM,CAAC;gBACpC,CAAC;gBACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBACd,OAAO,IAAI,mBAAmB,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;gBACnE,CAAC;gBACD,OAAO,IAAI,MAAM,CAAC;gBAElB,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACzB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBACd,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;gBAED,8BAA8B;gBAC9B,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;oBAClE,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,MAAM,CAAC,GAAG,CAAC,CAAC;gBACd,CAAC,CAAC,CAAC;YACL,CAAC,CACF,CAAC;YAEF,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC5B,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,MAAM,CAAC,IAAI,KAAK,CAAC,cAAc,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YAC7B,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,eAAe,CACtB,GAAyB,EACzB,QAAgB,EAChB,KAAoC;IAEpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC;YAC1B,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;oBAC1B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACrB,CAAC;qBAAM,CAAC;oBACN,MAAM,MAAM,GAAG,SAAS,GAAG,QAAQ,CAAC;oBACpC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC;oBACtD,SAAS,GAAG,IAAI,CAAC;oBACjB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,mCAAmC;gBACpD,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,SAAS,QAAQ;YACf,IAAI,QAAQ;gBAAE,OAAO;YACrB,QAAQ,GAAG,IAAI,CAAC;YAChB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC;gBACN,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAC7C,SAAS;gBACT,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QAED,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QACxB,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE1B,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACtB,IAAI,QAAQ;gBAAE,OAAO,CAAC,iCAAiC;YACvD,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,iBAAiB,CACxB,MAAqB,EACrB,QAAgB,EAChB,KAAoC;IAEpC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,SAAS,GAAG,CAAC,CAAC;QAElB,sGAAsG;QACtG,MAAM,OAAO,GAAG,QAAQ,GAAG,KAAK,CAAC;QACjC,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAClC,SAAS,IAAI,KAAK,CAAC,MAAM,CAAC;YAC1B,IAAI,SAAS,IAAI,OAAO,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,CAAC;iBAAM,IAAI,CAAC,SAAS,EAAE,CAAC;gBACtB,sDAAsD;gBACtD,MAAM,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC;gBACnC,IAAI,KAAK,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;oBAC1B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC;gBACxD,CAAC;gBACD,SAAS,GAAG,IAAI,CAAC;gBACjB,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,SAAS,QAAQ;YACf,IAAI,QAAQ;gBAAE,OAAO;YACrB,QAAQ,GAAG,IAAI,CAAC;YAChB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBACpD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAC1C,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;oBACrB,MAAM,CAAC,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC,CAAC;oBACpE,OAAO;gBACT,CAAC;gBAED,MAAM,aAAa,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;gBAClD,MAAM,WAAW,GAAG,GAAG,CAAC,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;gBAEjD,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClD,MAAM,WAAW,GAAG,UAAU,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;gBACrE,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC9D,MAAM,UAAU,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAE1C,4EAA4E;gBAC5E,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC;oBACxC,YAAY,EAAE,kBAAkB,EAAE,oBAAoB;oBACtD,eAAe,EAAE,qBAAqB;iBACvC,CAAC,CAAC;gBACH,MAAM,OAAO,GAA2B,EAAE,CAAC;gBAC3C,MAAM,WAAW,GAAG,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACzD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;oBAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;oBACnC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;wBACjB,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;wBAC7D,IAAI,yBAAyB,CAAC,GAAG,CAAC,GAAG,CAAC;4BAAE,SAAS;wBACjD,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBACrD,CAAC;gBACH,CAAC;gBAED,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;gBAClD,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;gBAC1D,MAAM,gBAAgB,GAAG,SAAS,IAAI,SAAS,GAAG,QAAQ,CAAC;gBAC3D,IAAI,IAAY,CAAC;gBAEjB,IAAI,mBAAmB,CAAC,WAAW,CAAC,EAAE,CAAC;oBACrC,IAAI,GAAG,oBAAoB,WAAW,KAAK,SAAS,SAAS,CAAC;gBAChE,CAAC;qBAAM,IAAI,gBAAgB,EAAE,CAAC;oBAC5B,IAAI,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;gBAC5C,CAAC;qBAAM,CAAC;oBACN,IAAI,GAAG,WAAW,CAAC;gBACrB,CAAC;gBAED,OAAO,CAAC;oBACN,MAAM;oBACN,UAAU;oBACV,OAAO;oBACP,IAAI;oBACJ,aAAa,EAAE,gBAAgB;oBAC/B,SAAS,EAAE,SAAS;iBACrB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACrG,CAAC;QACH,CAAC;QAED,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC3B,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE7B,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,IAAI,QAAQ;gBAAE,OAAO,CAAC,4CAA4C;YAClE,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
export declare class TokenManager {
|
|
2
|
+
private accessToken;
|
|
3
|
+
private refreshTokenValue;
|
|
4
|
+
private refreshPromise;
|
|
5
|
+
private apiUrl;
|
|
6
|
+
private apiKey;
|
|
7
|
+
constructor(apiUrl: string);
|
|
8
|
+
initialize(apiKey: string): Promise<void>;
|
|
9
|
+
isExpired(token: string): boolean;
|
|
10
|
+
getValidToken(): Promise<string>;
|
|
11
|
+
private lastRefreshAttempt;
|
|
12
|
+
private static readonly MIN_REFRESH_INTERVAL_MS;
|
|
13
|
+
forceRefresh(): Promise<string>;
|
|
14
|
+
/** Store tokens from external auth flow (e.g., registration, wallet auth in bootstrap mode) */
|
|
15
|
+
setTokens(accessToken: string, refreshToken: string): void;
|
|
16
|
+
clear(): void;
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=token-manager.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../../src/token-manager.ts"],"names":[],"mappings":"AAKA,qBAAa,YAAY;IACvB,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,iBAAiB,CAAuB;IAChD,OAAO,CAAC,cAAc,CAAgC;IACtD,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,MAAM,CAAuB;gBAEzB,MAAM,EAAE,MAAM;IAIpB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAoC/C,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAqB3B,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAQtC,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAS;IAElD,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAuErC,+FAA+F;IAC/F,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAe1D,KAAK,IAAI,IAAI;CAUd"}
|