@easecation/iam-client 1.0.4 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ApiKeyRotationHelper.d.ts +75 -0
- package/dist/ApiKeyRotationHelper.d.ts.map +1 -0
- package/dist/ApiKeyRotationHelper.js +102 -0
- package/dist/ApiKeyRotationHelper.js.map +1 -0
- package/dist/IamClient.d.ts +26 -4
- package/dist/IamClient.d.ts.map +1 -1
- package/dist/IamClient.js +55 -3
- package/dist/IamClient.js.map +1 -1
- package/dist/index.d.ts +5 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware.d.ts +30 -0
- package/dist/middleware.d.ts.map +1 -1
- package/dist/middleware.js +89 -0
- package/dist/middleware.js.map +1 -1
- package/dist/types.d.ts +71 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ApiKeyRotationHelper
|
|
3
|
+
*
|
|
4
|
+
* Utility class that assists with zero-downtime API key rotation.
|
|
5
|
+
*
|
|
6
|
+
* Rotation workflow:
|
|
7
|
+
* 1. Create a new key via IAM management API.
|
|
8
|
+
* 2. Update the consuming service's config with the new key
|
|
9
|
+
* (e.g. update env var, restart service, or use hot-reload).
|
|
10
|
+
* 3. After the grace period (>= permissionCacheTtlMs = 5 min), revoke the old key.
|
|
11
|
+
*
|
|
12
|
+
* This helper does NOT talk to IAM directly — it is purely a coordination
|
|
13
|
+
* wrapper around your own deployment/config update mechanism.
|
|
14
|
+
*
|
|
15
|
+
* Usage example:
|
|
16
|
+
* const helper = new ApiKeyRotationHelper(iamClient, {
|
|
17
|
+
* iamBaseUrl: 'http://authapi.easecation.net',
|
|
18
|
+
* adminJwt: process.env.IAM_ADMIN_JWT,
|
|
19
|
+
* });
|
|
20
|
+
* const { newKeyId, newKeyValue } = await helper.createNewKey({ name: 'HR Cron v2' });
|
|
21
|
+
* // ... deploy newKeyValue to HR service ...
|
|
22
|
+
* await helper.revokeOldKey(oldKeyId, { gracePeriodMs: 5 * 60 * 1000 });
|
|
23
|
+
*/
|
|
24
|
+
import type { IamClient } from './IamClient';
|
|
25
|
+
import type { ApiKeyData, ApiKeyCreatedData } from './types';
|
|
26
|
+
export interface RotationHelperConfig {
|
|
27
|
+
/** IAM backend URL */
|
|
28
|
+
iamBaseUrl: string;
|
|
29
|
+
/**
|
|
30
|
+
* IAM admin JWT for management endpoints.
|
|
31
|
+
* Must have `apikey.manage` permission.
|
|
32
|
+
*/
|
|
33
|
+
adminJwt: string;
|
|
34
|
+
/**
|
|
35
|
+
* Timeout for management API calls (ms). Defaults to 10000.
|
|
36
|
+
*/
|
|
37
|
+
timeoutMs?: number;
|
|
38
|
+
}
|
|
39
|
+
export interface CreateKeyOptions {
|
|
40
|
+
name: string;
|
|
41
|
+
description?: string;
|
|
42
|
+
owner_id?: number;
|
|
43
|
+
scopes?: string[];
|
|
44
|
+
expires_at?: string;
|
|
45
|
+
}
|
|
46
|
+
export declare class ApiKeyRotationHelper {
|
|
47
|
+
private readonly client;
|
|
48
|
+
private readonly config;
|
|
49
|
+
constructor(client: IamClient, config: RotationHelperConfig);
|
|
50
|
+
private get http();
|
|
51
|
+
/**
|
|
52
|
+
* Create a new API key via the IAM management endpoint.
|
|
53
|
+
*
|
|
54
|
+
* @returns The created key data including the one-time `key_value`.
|
|
55
|
+
* Store `key_value` securely — it cannot be retrieved later.
|
|
56
|
+
*/
|
|
57
|
+
createNewKey(options: CreateKeyOptions): Promise<ApiKeyCreatedData>;
|
|
58
|
+
/**
|
|
59
|
+
* Revoke an API key by its key_id.
|
|
60
|
+
*
|
|
61
|
+
* @param keyId The short key_id (ec_xxxxxxxx).
|
|
62
|
+
* @param options.gracePeriodMs Wait this long before revoking (default 0).
|
|
63
|
+
* Use >= 5 min for zero-downtime rotation.
|
|
64
|
+
* @param options.reason Human-readable reason for audit log.
|
|
65
|
+
*/
|
|
66
|
+
revokeKey(keyId: string, options?: {
|
|
67
|
+
gracePeriodMs?: number;
|
|
68
|
+
reason?: string;
|
|
69
|
+
}): Promise<void>;
|
|
70
|
+
/**
|
|
71
|
+
* List active API keys for a given owner_id.
|
|
72
|
+
*/
|
|
73
|
+
listActiveKeys(ownerId?: number): Promise<ApiKeyData[]>;
|
|
74
|
+
}
|
|
75
|
+
//# sourceMappingURL=ApiKeyRotationHelper.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ApiKeyRotationHelper.d.ts","sourceRoot":"","sources":["../src/ApiKeyRotationHelper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,KAAK,EAAkB,UAAU,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAE7E,MAAM,WAAW,oBAAoB;IACnC,sBAAsB;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAY;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiC;gBAE5C,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,oBAAoB;IAQ3D,OAAO,KAAK,IAAI,GASf;IAED;;;;;OAKG;IACG,YAAY,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAczE;;;;;;;OAOG;IACG,SAAS,CACb,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;QAAE,aAAa,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAO,GACxD,OAAO,CAAC,IAAI,CAAC;IAuBhB;;OAEG;IACG,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAkB9D"}
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* ApiKeyRotationHelper
|
|
4
|
+
*
|
|
5
|
+
* Utility class that assists with zero-downtime API key rotation.
|
|
6
|
+
*
|
|
7
|
+
* Rotation workflow:
|
|
8
|
+
* 1. Create a new key via IAM management API.
|
|
9
|
+
* 2. Update the consuming service's config with the new key
|
|
10
|
+
* (e.g. update env var, restart service, or use hot-reload).
|
|
11
|
+
* 3. After the grace period (>= permissionCacheTtlMs = 5 min), revoke the old key.
|
|
12
|
+
*
|
|
13
|
+
* This helper does NOT talk to IAM directly — it is purely a coordination
|
|
14
|
+
* wrapper around your own deployment/config update mechanism.
|
|
15
|
+
*
|
|
16
|
+
* Usage example:
|
|
17
|
+
* const helper = new ApiKeyRotationHelper(iamClient, {
|
|
18
|
+
* iamBaseUrl: 'http://authapi.easecation.net',
|
|
19
|
+
* adminJwt: process.env.IAM_ADMIN_JWT,
|
|
20
|
+
* });
|
|
21
|
+
* const { newKeyId, newKeyValue } = await helper.createNewKey({ name: 'HR Cron v2' });
|
|
22
|
+
* // ... deploy newKeyValue to HR service ...
|
|
23
|
+
* await helper.revokeOldKey(oldKeyId, { gracePeriodMs: 5 * 60 * 1000 });
|
|
24
|
+
*/
|
|
25
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
26
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
|
+
};
|
|
28
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
+
exports.ApiKeyRotationHelper = void 0;
|
|
30
|
+
const axios_1 = __importDefault(require("axios"));
|
|
31
|
+
class ApiKeyRotationHelper {
|
|
32
|
+
constructor(client, config) {
|
|
33
|
+
this.client = client;
|
|
34
|
+
this.config = {
|
|
35
|
+
timeoutMs: 10000,
|
|
36
|
+
...config,
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
get http() {
|
|
40
|
+
return axios_1.default.create({
|
|
41
|
+
baseURL: this.config.iamBaseUrl,
|
|
42
|
+
timeout: this.config.timeoutMs,
|
|
43
|
+
headers: {
|
|
44
|
+
'Content-Type': 'application/json',
|
|
45
|
+
'Authorization': `Bearer ${this.config.adminJwt}`,
|
|
46
|
+
},
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Create a new API key via the IAM management endpoint.
|
|
51
|
+
*
|
|
52
|
+
* @returns The created key data including the one-time `key_value`.
|
|
53
|
+
* Store `key_value` securely — it cannot be retrieved later.
|
|
54
|
+
*/
|
|
55
|
+
async createNewKey(options) {
|
|
56
|
+
const response = await this.http.post('/api/internal/apikeys', options);
|
|
57
|
+
const data = response.data;
|
|
58
|
+
if (!data.success || !data.data) {
|
|
59
|
+
throw new Error(`ApiKeyRotationHelper: createNewKey failed — ${data.message || data.code}`);
|
|
60
|
+
}
|
|
61
|
+
return data.data;
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Revoke an API key by its key_id.
|
|
65
|
+
*
|
|
66
|
+
* @param keyId The short key_id (ec_xxxxxxxx).
|
|
67
|
+
* @param options.gracePeriodMs Wait this long before revoking (default 0).
|
|
68
|
+
* Use >= 5 min for zero-downtime rotation.
|
|
69
|
+
* @param options.reason Human-readable reason for audit log.
|
|
70
|
+
*/
|
|
71
|
+
async revokeKey(keyId, options = {}) {
|
|
72
|
+
const { gracePeriodMs = 0, reason } = options;
|
|
73
|
+
if (gracePeriodMs > 0) {
|
|
74
|
+
await new Promise(resolve => setTimeout(resolve, gracePeriodMs));
|
|
75
|
+
}
|
|
76
|
+
const response = await this.http.post(`/api/internal/apikeys/${keyId}/revoke`, { reason });
|
|
77
|
+
const data = response.data;
|
|
78
|
+
if (!data.success) {
|
|
79
|
+
throw new Error(`ApiKeyRotationHelper: revokeKey failed — ${data.message || data.code}`);
|
|
80
|
+
}
|
|
81
|
+
// Evict from local cache immediately
|
|
82
|
+
// Note: the key_value is not stored here, so we can only clear the full cache
|
|
83
|
+
// In production, coordinate cache eviction via your deployment tooling
|
|
84
|
+
this.client.clearApiKeyCache();
|
|
85
|
+
}
|
|
86
|
+
/**
|
|
87
|
+
* List active API keys for a given owner_id.
|
|
88
|
+
*/
|
|
89
|
+
async listActiveKeys(ownerId) {
|
|
90
|
+
const params = new URLSearchParams({ status: 'active' });
|
|
91
|
+
if (ownerId !== undefined)
|
|
92
|
+
params.set('owner_id', String(ownerId));
|
|
93
|
+
const response = await this.http.get(`/api/internal/apikeys?${params.toString()}`);
|
|
94
|
+
const data = response.data;
|
|
95
|
+
if (!data.success || !data.data) {
|
|
96
|
+
throw new Error(`ApiKeyRotationHelper: listActiveKeys failed — ${data.message || data.code}`);
|
|
97
|
+
}
|
|
98
|
+
return data.data.items;
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
exports.ApiKeyRotationHelper = ApiKeyRotationHelper;
|
|
102
|
+
//# sourceMappingURL=ApiKeyRotationHelper.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ApiKeyRotationHelper.js","sourceRoot":"","sources":["../src/ApiKeyRotationHelper.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;;;;;;AAEH,kDAA0B;AA0B1B,MAAa,oBAAoB;IAI/B,YAAY,MAAiB,EAAE,MAA4B;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG;YACZ,SAAS,EAAE,KAAM;YACjB,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAED,IAAY,IAAI;QACd,OAAO,eAAK,CAAC,MAAM,CAAC;YAClB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU;YAC/B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;YAC9B,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;aAClD;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,OAAyB;QAC1C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,uBAAuB,EACvB,OAAO,CACR,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,+CAA+C,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9F,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,SAAS,CACb,KAAa,EACb,UAAuD,EAAE;QAEzD,MAAM,EAAE,aAAa,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QAE9C,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,yBAAyB,KAAK,SAAS,EACvC,EAAE,MAAM,EAAE,CACX,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,qCAAqC;QACrC,8EAA8E;QAC9E,uEAAuE;QACvE,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,OAAgB;QACnC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QACzD,IAAI,OAAO,KAAK,SAAS;YAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAEnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAKhC,yBAAyB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAElD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,iDAAiD,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC;IACzB,CAAC;CACF;AAlGD,oDAkGC"}
|
package/dist/IamClient.d.ts
CHANGED
|
@@ -3,9 +3,9 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Usage:
|
|
5
5
|
* const client = new IamClient({
|
|
6
|
-
* iamBaseUrl: 'http://
|
|
7
|
-
* clientId: '
|
|
8
|
-
* clientSecret: '
|
|
6
|
+
* iamBaseUrl: 'http://iamapi.easecation.net',
|
|
7
|
+
* clientId: 'YOUR_APP_CLIENT_ID',
|
|
8
|
+
* clientSecret: 'YOUR_APP_CLIENT_SECRET',
|
|
9
9
|
* });
|
|
10
10
|
*
|
|
11
11
|
* // Exchange OAuth code during login callback
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
* // Verify a token on each request
|
|
15
15
|
* const result = await client.verifyToken(accessToken);
|
|
16
16
|
*/
|
|
17
|
-
import { IamClientConfig, OAuthTokenData, VerifyTokenData, RefreshTokenData, JwksData, UserProfileData, UserBootstrapData, HrBootstrapData } from './types';
|
|
17
|
+
import { IamClientConfig, OAuthTokenData, VerifyTokenData, RefreshTokenData, JwksData, UserProfileData, UserBootstrapData, HrBootstrapData, ApiKeyVerifyData } from './types';
|
|
18
18
|
export declare class IamClient {
|
|
19
19
|
private readonly config;
|
|
20
20
|
private readonly http;
|
|
@@ -24,6 +24,13 @@ export declare class IamClient {
|
|
|
24
24
|
private cachedV1AppToken;
|
|
25
25
|
/** Permission/verify cache keyed by access_token */
|
|
26
26
|
private verifyCache;
|
|
27
|
+
/**
|
|
28
|
+
* API key verify cache keyed by key_value.
|
|
29
|
+
* Only valid=true results are cached (prevents cache-flooding with invalid keys).
|
|
30
|
+
* TTL matches permissionCacheTtlMs (default 5 min) which equals the revoke
|
|
31
|
+
* propagation window guaranteed by this library.
|
|
32
|
+
*/
|
|
33
|
+
private apiKeyCache;
|
|
27
34
|
constructor(config: IamClientConfig);
|
|
28
35
|
/**
|
|
29
36
|
* Get (or return cached) the App Session Token.
|
|
@@ -86,5 +93,20 @@ export declare class IamClient {
|
|
|
86
93
|
* @param targetApplicationId Defaults to the calling application.
|
|
87
94
|
*/
|
|
88
95
|
getUserPermissions(userId: number, targetApplicationId?: number): Promise<string[]>;
|
|
96
|
+
/**
|
|
97
|
+
* Verify an API key by calling IAM's internal verify endpoint.
|
|
98
|
+
*
|
|
99
|
+
* - Only **valid** results are cached (5-min TTL by default).
|
|
100
|
+
* This prevents cache-flooding attacks with invalid keys.
|
|
101
|
+
* - Revocation propagates within `permissionCacheTtlMs` (default 5 min).
|
|
102
|
+
*
|
|
103
|
+
* @param keyValue The full API key value (ec_...).
|
|
104
|
+
* @returns The verify result data, or throws if invalid/network error.
|
|
105
|
+
*/
|
|
106
|
+
verifyApiKey(keyValue: string): Promise<ApiKeyVerifyData>;
|
|
107
|
+
/** Evict a specific API key from the local cache (e.g. after rotation). */
|
|
108
|
+
evictApiKeyFromCache(keyValue: string): void;
|
|
109
|
+
/** Clear the entire API key cache (e.g. after bulk revocation). */
|
|
110
|
+
clearApiKeyCache(): void;
|
|
89
111
|
}
|
|
90
112
|
//# sourceMappingURL=IamClient.d.ts.map
|
package/dist/IamClient.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IamClient.d.ts","sourceRoot":"","sources":["../src/IamClient.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACL,eAAe,EAGf,cAAc,EACd,eAAe,EACf,gBAAgB,EAEhB,QAAQ,EACR,eAAe,EAEf,iBAAiB,EACjB,eAAe,
|
|
1
|
+
{"version":3,"file":"IamClient.d.ts","sourceRoot":"","sources":["../src/IamClient.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EACL,eAAe,EAGf,cAAc,EACd,eAAe,EACf,gBAAgB,EAEhB,QAAQ,EACR,eAAe,EAEf,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EAEjB,MAAM,SAAS,CAAC;AAYjB,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA4B;IACnD,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAgB;IAErC,+BAA+B;IAC/B,OAAO,CAAC,cAAc,CAA+B;IAErD,kCAAkC;IAClC,OAAO,CAAC,gBAAgB,CAA+B;IAEvD,oDAAoD;IACpD,OAAO,CAAC,WAAW,CAAyC;IAE5D;;;;;OAKG;IACH,OAAO,CAAC,WAAW,CAAyC;gBAEhD,MAAM,EAAE,eAAe;IAiBnC;;;OAGG;IACG,kBAAkB,IAAI,OAAO,CAAC,MAAM,CAAC;IA2B3C,4EAA4E;IAC5E,kBAAkB,IAAI,IAAI;IAM1B;;;OAGG;IACG,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC;IA2B7C,8CAA8C;IAC9C,oBAAoB,IAAI,IAAI;IAM5B;;;OAGG;IACG,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAmBnF;;;OAGG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAoChE,sEAAsE;IACtE,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAM/C;;OAEG;IACG,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAmBnE;;OAEG;IACG,WAAW,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAezD;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC;IAOlC;;OAEG;IACG,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAmBnE;;OAEG;IACG,gBAAgB,CACpB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EAAE,EACnB,mBAAmB,CAAC,EAAE,MAAM,GAC3B,OAAO,CAAC,iBAAiB,CAAC;IAyB7B;;OAEG;IACG,kBAAkB,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,GAAE,MAAU,GAAG,OAAO,CAAC,eAAe,CAAC;IAiC9F;;OAEG;IACG,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAchE;;;;OAIG;IACG,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,mBAAmB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAwBzF;;;;;;;;;OASG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAsC/D,2EAA2E;IAC3E,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAI5C,mEAAmE;IACnE,gBAAgB,IAAI,IAAI;CAGzB"}
|
package/dist/IamClient.js
CHANGED
|
@@ -4,9 +4,9 @@
|
|
|
4
4
|
*
|
|
5
5
|
* Usage:
|
|
6
6
|
* const client = new IamClient({
|
|
7
|
-
* iamBaseUrl: 'http://
|
|
8
|
-
* clientId: '
|
|
9
|
-
* clientSecret: '
|
|
7
|
+
* iamBaseUrl: 'http://iamapi.easecation.net',
|
|
8
|
+
* clientId: 'YOUR_APP_CLIENT_ID',
|
|
9
|
+
* clientSecret: 'YOUR_APP_CLIENT_SECRET',
|
|
10
10
|
* });
|
|
11
11
|
*
|
|
12
12
|
* // Exchange OAuth code during login callback
|
|
@@ -29,6 +29,13 @@ class IamClient {
|
|
|
29
29
|
this.cachedV1AppToken = null;
|
|
30
30
|
/** Permission/verify cache keyed by access_token */
|
|
31
31
|
this.verifyCache = new Map();
|
|
32
|
+
/**
|
|
33
|
+
* API key verify cache keyed by key_value.
|
|
34
|
+
* Only valid=true results are cached (prevents cache-flooding with invalid keys).
|
|
35
|
+
* TTL matches permissionCacheTtlMs (default 5 min) which equals the revoke
|
|
36
|
+
* propagation window guaranteed by this library.
|
|
37
|
+
*/
|
|
38
|
+
this.apiKeyCache = new Map();
|
|
32
39
|
this.config = {
|
|
33
40
|
appTokenCacheTtlMs: 55 * 60 * 1000, // 55 minutes
|
|
34
41
|
permissionCacheTtlMs: 5 * 60 * 1000, // 5 minutes
|
|
@@ -264,6 +271,51 @@ class IamClient {
|
|
|
264
271
|
}
|
|
265
272
|
return data.data.permissions;
|
|
266
273
|
}
|
|
274
|
+
// ── API Key Verify ────────────────────────────────────────────────────────────
|
|
275
|
+
/**
|
|
276
|
+
* Verify an API key by calling IAM's internal verify endpoint.
|
|
277
|
+
*
|
|
278
|
+
* - Only **valid** results are cached (5-min TTL by default).
|
|
279
|
+
* This prevents cache-flooding attacks with invalid keys.
|
|
280
|
+
* - Revocation propagates within `permissionCacheTtlMs` (default 5 min).
|
|
281
|
+
*
|
|
282
|
+
* @param keyValue The full API key value (ec_...).
|
|
283
|
+
* @returns The verify result data, or throws if invalid/network error.
|
|
284
|
+
*/
|
|
285
|
+
async verifyApiKey(keyValue) {
|
|
286
|
+
const now = Date.now();
|
|
287
|
+
const cached = this.apiKeyCache.get(keyValue);
|
|
288
|
+
if (cached && now < cached.expiresAt) {
|
|
289
|
+
return cached.result;
|
|
290
|
+
}
|
|
291
|
+
const appToken = await this.getAppSessionToken();
|
|
292
|
+
const response = await this.http.post('/api/internal/apikeys/verify', { key: keyValue }, { headers: { 'X-App-Session-Token': appToken } });
|
|
293
|
+
const data = response.data;
|
|
294
|
+
if (!data.success || !data.data) {
|
|
295
|
+
// Do NOT cache invalid results
|
|
296
|
+
this.apiKeyCache.delete(keyValue);
|
|
297
|
+
throw new Error(`IAM: API key verification failed: ${data.message || data.code}`);
|
|
298
|
+
}
|
|
299
|
+
if (!data.data.valid) {
|
|
300
|
+
// Explicit invalid response — do not cache
|
|
301
|
+
this.apiKeyCache.delete(keyValue);
|
|
302
|
+
throw new Error(`IAM: API key verification failed: invalid key`);
|
|
303
|
+
}
|
|
304
|
+
// Cache only valid results
|
|
305
|
+
this.apiKeyCache.set(keyValue, {
|
|
306
|
+
result: data.data,
|
|
307
|
+
expiresAt: now + this.config.permissionCacheTtlMs,
|
|
308
|
+
});
|
|
309
|
+
return data.data;
|
|
310
|
+
}
|
|
311
|
+
/** Evict a specific API key from the local cache (e.g. after rotation). */
|
|
312
|
+
evictApiKeyFromCache(keyValue) {
|
|
313
|
+
this.apiKeyCache.delete(keyValue);
|
|
314
|
+
}
|
|
315
|
+
/** Clear the entire API key cache (e.g. after bulk revocation). */
|
|
316
|
+
clearApiKeyCache() {
|
|
317
|
+
this.apiKeyCache.clear();
|
|
318
|
+
}
|
|
267
319
|
}
|
|
268
320
|
exports.IamClient = IamClient;
|
|
269
321
|
//# sourceMappingURL=IamClient.js.map
|
package/dist/IamClient.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IamClient.js","sourceRoot":"","sources":["../src/IamClient.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;AAEH,kDAA6C;
|
|
1
|
+
{"version":3,"file":"IamClient.js","sourceRoot":"","sources":["../src/IamClient.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;AAEH,kDAA6C;AA4B7C,MAAa,SAAS;IAqBpB,YAAY,MAAuB;QAjBnC,+BAA+B;QACvB,mBAAc,GAA0B,IAAI,CAAC;QAErD,kCAAkC;QAC1B,qBAAgB,GAA0B,IAAI,CAAC;QAEvD,oDAAoD;QAC5C,gBAAW,GAAG,IAAI,GAAG,EAA8B,CAAC;QAE5D;;;;;WAKG;QACK,gBAAW,GAAG,IAAI,GAAG,EAA8B,CAAC;QAG1D,IAAI,CAAC,MAAM,GAAG;YACZ,kBAAkB,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAI,aAAa;YACnD,oBAAoB,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAI,YAAY;YACnD,SAAS,EAAE,IAAI;YACf,GAAG,MAAM;SACV,CAAC;QAEF,IAAI,CAAC,IAAI,GAAG,eAAK,CAAC,MAAM,CAAC;YACvB,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU;YAC/B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;YAC9B,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CAAC;IACL,CAAC;IAED,gFAAgF;IAEhF;;;OAGG;IACH,KAAK,CAAC,kBAAkB;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,cAAc,IAAI,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC/D,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;QACnC,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,oBAAoB,EACpB;YACE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACxC,CACF,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,CAAC,cAAc,GAAG;YACpB,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,uBAAuB;YACxC,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,kBAAkB;SAChD,CAAC;QAEF,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;IACnC,CAAC;IAED,4EAA4E;IAC5E,kBAAkB;QAChB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,CAAC;IAED,8EAA8E;IAE9E;;;OAGG;IACH,KAAK,CAAC,oBAAoB;QACxB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,gBAAgB,IAAI,GAAG,GAAG,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC;YACnE,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC;QACrC,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,oBAAoB,EACpB;YACE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACxC,CACF,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,oCAAoC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACnF,CAAC;QAED,IAAI,CAAC,gBAAgB,GAAG;YACtB,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,uBAAuB;YACxC,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,kBAAkB;SAChD,CAAC;QAEF,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC;IACrC,CAAC;IAED,8CAA8C;IAC9C,oBAAoB;QAClB,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAC/B,CAAC;IAED,gFAAgF;IAEhF;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,IAAY,EAAE,WAAmB;QACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,0BAA0B,EAC1B,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,EACnC,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,oCAAoC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACnF,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,gFAAgF;IAEhF;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACjD,IAAI,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YACrC,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,qBAAqB,EACrB,EAAE,YAAY,EAAE,WAAW,EAAE,EAC7B,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,gEAAgE;YAChE,sEAAsE;YACtE,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,mCAAmC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,0DAA0D;QAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC;QACnC,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,KAAK,GAAG,IAAI,CAAC,CAAC;QACtF,IAAI,cAAc,GAAG,GAAG,EAAE,CAAC;YACzB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE;gBAChC,MAAM,EAAE,IAAI,CAAC,IAAI;gBACjB,SAAS,EAAE,cAAc;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,sEAAsE;IACtE,oBAAoB,CAAC,WAAmB;QACtC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACvC,CAAC;IAED,iFAAiF;IAEjF;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,YAAoB;QACrC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,sBAAsB,EACtB,EAAE,aAAa,EAAE,YAAY,EAAE,EAC/B,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,iFAAiF;IAEjF;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,YAAoB;QACpC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,qBAAqB,EACrB,EAAE,aAAa,EAAE,YAAY,EAAE,EAC/B,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,iFAAiF;IAEjF;;;OAGG;IACH,KAAK,CAAC,OAAO;QACX,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAW,mBAAmB,CAAC,CAAC;QACpE,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;IAED,iFAAiF;IAEjF;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,WAAmB;QACtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,2BAA2B,EAC3B,EAAE,YAAY,EAAE,WAAW,EAAE,EAC7B,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,+EAA+E;IAE/E;;OAEG;IACH,KAAK,CAAC,gBAAgB,CACpB,WAAmB,EACnB,SAAmB,EACnB,mBAA4B;QAE5B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,IAAI,GAA4B;YACpC,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,SAAS;SACtB,CAAC;QACF,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC,qBAAqB,GAAG,mBAAmB,CAAC;QACnD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,6BAA6B,EAC7B,IAAI,EACJ,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,WAAmB,EAAE,YAAoB,CAAC;QACjE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAC3C,WAAW,EACX,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,gBAAgB,CAAC,EAClD,SAAS,CACV,CAAC;QAEF,MAAM,UAAU,GAAG,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC;QAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC;QACjD,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QAED,OAAO;YACL,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,OAAO;YACP,IAAI,EAAE,SAAS,CAAC,SAAS,CAAC,IAAI,IAAI,SAAS;YAC3C,WAAW,EACT,SAAS,CAAC,SAAS,CAAC,WAAW,KAAK,IAAI,IAAI,SAAS,CAAC,SAAS,CAAC,WAAW,KAAK,SAAS;gBACvF,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC;gBACzC,CAAC,CAAC,SAAS;YACf,cAAc,EAAE,SAAS,CAAC,SAAS,CAAC,cAAc,IAAI,SAAS;SAChE,CAAC;IACJ,CAAC;IAED,8EAA8E;IAE9E;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAAC,QAAgB;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAEnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,+BAA+B,EAC/B,EAAE,SAAS,EAAE,QAAQ,EAAE,EACvB,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,KAAK,IAAI,CAAC;IAC7C,CAAC;IAED,iFAAiF;IAEjF;;;;OAIG;IACH,KAAK,CAAC,kBAAkB,CAAC,MAAc,EAAE,mBAA4B;QACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,IAAI,GAA4B,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;QAC1D,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC,qBAAqB,GAAG,mBAAmB,CAAC;QACnD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,+BAA+B,EAC/B,IAAI,EACJ,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,mCAAmC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;IAC/B,CAAC;IAED,iFAAiF;IAEjF;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9C,IAAI,MAAM,IAAI,GAAG,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;YACrC,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAEjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CACnC,8BAA8B,EAC9B,EAAE,GAAG,EAAE,QAAQ,EAAE,EACjB,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAE,EAAE,CACjD,CAAC;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QAE3B,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChC,+BAA+B;YAC/B,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,qCAAqC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACpF,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACrB,2CAA2C;YAC3C,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE;YAC7B,MAAM,EAAE,IAAI,CAAC,IAAI;YACjB,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB;SAClD,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;IAED,2EAA2E;IAC3E,oBAAoB,CAAC,QAAgB;QACnC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,mEAAmE;IACnE,gBAAgB;QACd,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;CACF;AA5aD,8BA4aC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
export { IamClient } from './IamClient';
|
|
2
|
-
export { createIamAuthMiddleware } from './middleware';
|
|
3
|
-
export type { IamRequest } from './middleware';
|
|
4
|
-
export
|
|
2
|
+
export { createIamAuthMiddleware, createApiKeyMiddleware } from './middleware';
|
|
3
|
+
export type { IamRequest, ApiKeyAuthRequest } from './middleware';
|
|
4
|
+
export { ApiKeyRotationHelper } from './ApiKeyRotationHelper';
|
|
5
|
+
export type { RotationHelperConfig, CreateKeyOptions } from './ApiKeyRotationHelper';
|
|
6
|
+
export type { IamClientConfig, IamApiResponse, AppTokenData, OAuthTokenData, VerifyTokenData, RefreshTokenData, RevokeTokenData, JwkData, JwksData, UserProfileData, UserPermissionsData, UserBootstrapData, HrBootstrapData, DecodedAccessToken, IamAuthRequest, ApiKeyOwnerType, ApiKeyStatus, ApiKeyVerifyData, CachedApiKeyResult, ApiKeyVerifyRequest, ApiKeyData, ApiKeyCreatedData, ApiKeyRequest, ApiKeyMiddlewareOptions, } from './types';
|
|
5
7
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAC/E,YAAY,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACrF,YAAY,EACV,eAAe,EACf,cAAc,EACd,YAAY,EACZ,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,OAAO,EACP,QAAQ,EACR,eAAe,EACf,mBAAmB,EACnB,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,cAAc,EAEd,eAAe,EACf,YAAY,EACZ,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,UAAU,EACV,iBAAiB,EACjB,aAAa,EACb,uBAAuB,GACxB,MAAM,SAAS,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.createIamAuthMiddleware = exports.IamClient = void 0;
|
|
3
|
+
exports.ApiKeyRotationHelper = exports.createApiKeyMiddleware = exports.createIamAuthMiddleware = exports.IamClient = void 0;
|
|
4
4
|
var IamClient_1 = require("./IamClient");
|
|
5
5
|
Object.defineProperty(exports, "IamClient", { enumerable: true, get: function () { return IamClient_1.IamClient; } });
|
|
6
6
|
var middleware_1 = require("./middleware");
|
|
7
7
|
Object.defineProperty(exports, "createIamAuthMiddleware", { enumerable: true, get: function () { return middleware_1.createIamAuthMiddleware; } });
|
|
8
|
+
Object.defineProperty(exports, "createApiKeyMiddleware", { enumerable: true, get: function () { return middleware_1.createApiKeyMiddleware; } });
|
|
9
|
+
var ApiKeyRotationHelper_1 = require("./ApiKeyRotationHelper");
|
|
10
|
+
Object.defineProperty(exports, "ApiKeyRotationHelper", { enumerable: true, get: function () { return ApiKeyRotationHelper_1.ApiKeyRotationHelper; } });
|
|
8
11
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yCAAwC;AAA/B,sGAAA,SAAS,OAAA;AAClB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yCAAwC;AAA/B,sGAAA,SAAS,OAAA;AAClB,2CAA+E;AAAtE,qHAAA,uBAAuB,OAAA;AAAE,oHAAA,sBAAsB,OAAA;AAExD,+DAA8D;AAArD,4HAAA,oBAAoB,OAAA"}
|
package/dist/middleware.d.ts
CHANGED
|
@@ -14,6 +14,7 @@
|
|
|
14
14
|
*/
|
|
15
15
|
import type { Request, Response, NextFunction } from 'express';
|
|
16
16
|
import { IamClient } from './IamClient';
|
|
17
|
+
import type { ApiKeyRequest, ApiKeyMiddlewareOptions } from './types';
|
|
17
18
|
/** Express Request extended with IAM claims */
|
|
18
19
|
export interface IamRequest extends Request {
|
|
19
20
|
iamUid: number;
|
|
@@ -29,5 +30,34 @@ type IamMiddlewareFn = (req: Request, res: Response, next: NextFunction) => Prom
|
|
|
29
30
|
* @returns A function `iamAuth(requiredPermissions?)` that returns an Express middleware.
|
|
30
31
|
*/
|
|
31
32
|
export declare function createIamAuthMiddleware(client: IamClient): (requiredPermissions?: string[]) => IamMiddlewareFn;
|
|
33
|
+
/** Express Request extended with API key claims */
|
|
34
|
+
export interface ApiKeyAuthRequest extends Request, ApiKeyRequest {
|
|
35
|
+
}
|
|
36
|
+
type ApiKeyMiddlewareFn = (req: Request, res: Response, next: NextFunction) => Promise<void>;
|
|
37
|
+
/**
|
|
38
|
+
* Create an API key auth middleware factory bound to an IamClient instance.
|
|
39
|
+
*
|
|
40
|
+
* Usage:
|
|
41
|
+
* const apiKeyAuth = createApiKeyMiddleware(iamClient);
|
|
42
|
+
*
|
|
43
|
+
* // Protect a route (no scope requirements)
|
|
44
|
+
* router.get('/sync', apiKeyAuth(), handler);
|
|
45
|
+
*
|
|
46
|
+
* // Protect a route and require specific scopes
|
|
47
|
+
* router.post('/admin', apiKeyAuth({ requiredScopes: ['admin.write'] }), handler);
|
|
48
|
+
*
|
|
49
|
+
* // Customise error format (e.g. for HR service responseWithResult)
|
|
50
|
+
* router.get('/data', apiKeyAuth({
|
|
51
|
+
* onAuthError: (req, res, status, msg) => responseWithResult(res, null, status, msg)
|
|
52
|
+
* }), handler);
|
|
53
|
+
*
|
|
54
|
+
* Notes:
|
|
55
|
+
* - Only valid=true results are cached (prevents cache-flooding).
|
|
56
|
+
* - Revocation propagates within permissionCacheTtlMs (default 5 min).
|
|
57
|
+
* - Attaches apiKeyId, apiKeyOwnerType, apiKeyOwnerId, apiKeyScopes to req.
|
|
58
|
+
*
|
|
59
|
+
* @param client Configured IamClient.
|
|
60
|
+
*/
|
|
61
|
+
export declare function createApiKeyMiddleware(client: IamClient): (options?: ApiKeyMiddlewareOptions) => ApiKeyMiddlewareFn;
|
|
32
62
|
export {};
|
|
33
63
|
//# sourceMappingURL=middleware.d.ts.map
|
package/dist/middleware.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,KAAK,EAAE,aAAa,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAEtE,+CAA+C;AAC/C,MAAM,WAAW,UAAW,SAAQ,OAAO;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,KAAK,eAAe,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;AAI1F;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,SAAS,IAC/B,sBAAqB,MAAM,EAAO,KAAG,eAAe,CAwE7E;AAID,mDAAmD;AACnD,MAAM,WAAW,iBAAkB,SAAQ,OAAO,EAAE,aAAa;CAAG;AAEpE,KAAK,kBAAkB,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;AAE7F;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,SAAS,IAC3B,UAAS,uBAA4B,KAAG,kBAAkB,CA4EtF"}
|
package/dist/middleware.js
CHANGED
|
@@ -15,6 +15,8 @@
|
|
|
15
15
|
*/
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
17
|
exports.createIamAuthMiddleware = createIamAuthMiddleware;
|
|
18
|
+
exports.createApiKeyMiddleware = createApiKeyMiddleware;
|
|
19
|
+
// ── IAM JWT middleware ────────────────────────────────────────────────────────
|
|
18
20
|
/**
|
|
19
21
|
* Create an auth middleware factory bound to an IamClient instance.
|
|
20
22
|
*
|
|
@@ -84,4 +86,91 @@ function createIamAuthMiddleware(client) {
|
|
|
84
86
|
};
|
|
85
87
|
};
|
|
86
88
|
}
|
|
89
|
+
/**
|
|
90
|
+
* Create an API key auth middleware factory bound to an IamClient instance.
|
|
91
|
+
*
|
|
92
|
+
* Usage:
|
|
93
|
+
* const apiKeyAuth = createApiKeyMiddleware(iamClient);
|
|
94
|
+
*
|
|
95
|
+
* // Protect a route (no scope requirements)
|
|
96
|
+
* router.get('/sync', apiKeyAuth(), handler);
|
|
97
|
+
*
|
|
98
|
+
* // Protect a route and require specific scopes
|
|
99
|
+
* router.post('/admin', apiKeyAuth({ requiredScopes: ['admin.write'] }), handler);
|
|
100
|
+
*
|
|
101
|
+
* // Customise error format (e.g. for HR service responseWithResult)
|
|
102
|
+
* router.get('/data', apiKeyAuth({
|
|
103
|
+
* onAuthError: (req, res, status, msg) => responseWithResult(res, null, status, msg)
|
|
104
|
+
* }), handler);
|
|
105
|
+
*
|
|
106
|
+
* Notes:
|
|
107
|
+
* - Only valid=true results are cached (prevents cache-flooding).
|
|
108
|
+
* - Revocation propagates within permissionCacheTtlMs (default 5 min).
|
|
109
|
+
* - Attaches apiKeyId, apiKeyOwnerType, apiKeyOwnerId, apiKeyScopes to req.
|
|
110
|
+
*
|
|
111
|
+
* @param client Configured IamClient.
|
|
112
|
+
*/
|
|
113
|
+
function createApiKeyMiddleware(client) {
|
|
114
|
+
return function apiKeyAuth(options = {}) {
|
|
115
|
+
const { cacheTtlMs: _cacheTtlMs, // informational — actual TTL lives in IamClient
|
|
116
|
+
headerName = 'x-api-key', requiredScopes = [], onAuthError, } = options;
|
|
117
|
+
const sendError = (req, res, status, message) => {
|
|
118
|
+
if (onAuthError) {
|
|
119
|
+
onAuthError(req, res, status, message);
|
|
120
|
+
}
|
|
121
|
+
else {
|
|
122
|
+
res.status(status).json({ success: false, message });
|
|
123
|
+
}
|
|
124
|
+
};
|
|
125
|
+
return async (req, res, next) => {
|
|
126
|
+
const keyValue = req.headers[headerName];
|
|
127
|
+
if (!keyValue) {
|
|
128
|
+
sendError(req, res, 401, `Missing ${headerName} header`);
|
|
129
|
+
return;
|
|
130
|
+
}
|
|
131
|
+
if (!keyValue.startsWith('ec_')) {
|
|
132
|
+
sendError(req, res, 401, 'Invalid API key format');
|
|
133
|
+
return;
|
|
134
|
+
}
|
|
135
|
+
try {
|
|
136
|
+
const result = await client.verifyApiKey(keyValue);
|
|
137
|
+
// Scope check: null scopes on the key = unrestricted
|
|
138
|
+
if (requiredScopes.length > 0 && result.scopes !== null) {
|
|
139
|
+
const hasAll = requiredScopes.every(s => result.scopes.includes(s));
|
|
140
|
+
if (!hasAll) {
|
|
141
|
+
sendError(req, res, 403, 'API key does not have required scopes');
|
|
142
|
+
return;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
// Attach claims to request
|
|
146
|
+
const apiKeyReq = req;
|
|
147
|
+
apiKeyReq.apiKeyId = result.key_id;
|
|
148
|
+
apiKeyReq.apiKeyOwnerType = result.owner_type;
|
|
149
|
+
apiKeyReq.apiKeyOwnerId = result.owner_id;
|
|
150
|
+
apiKeyReq.apiKeyScopes = result.scopes;
|
|
151
|
+
next();
|
|
152
|
+
}
|
|
153
|
+
catch (error) {
|
|
154
|
+
const msg = error?.message || '';
|
|
155
|
+
const isKeyError = msg.includes('API key verification failed') ||
|
|
156
|
+
msg.includes('invalid key');
|
|
157
|
+
const isNetworkError = error?.code === 'ECONNREFUSED' ||
|
|
158
|
+
error?.code === 'ENOTFOUND' ||
|
|
159
|
+
error?.code === 'ETIMEDOUT' ||
|
|
160
|
+
(error?.response?.status != null && error.response.status >= 500);
|
|
161
|
+
if (isKeyError) {
|
|
162
|
+
sendError(req, res, 401, 'Invalid or revoked API key');
|
|
163
|
+
return;
|
|
164
|
+
}
|
|
165
|
+
if (isNetworkError) {
|
|
166
|
+
console.error('[IamClient] IAM unreachable during API key verify:', error?.code || error?.message);
|
|
167
|
+
sendError(req, res, 503, 'Authentication service temporarily unavailable');
|
|
168
|
+
return;
|
|
169
|
+
}
|
|
170
|
+
console.error('[IamClient] API key middleware error:', error);
|
|
171
|
+
sendError(req, res, 500, 'Authentication service error');
|
|
172
|
+
}
|
|
173
|
+
};
|
|
174
|
+
};
|
|
175
|
+
}
|
|
87
176
|
//# sourceMappingURL=middleware.js.map
|
package/dist/middleware.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAwBH,0DAyEC;AAiCD,wDA6EC;AA/LD,iFAAiF;AAEjF;;;;;GAKG;AACH,SAAgB,uBAAuB,CAAC,MAAiB;IACvD,OAAO,SAAS,OAAO,CAAC,sBAAgC,EAAE;QACxD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;YAC9E,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAChD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC,CAAC;gBAClF,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAChD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC,CAAC;gBAClF,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAE7B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;gBAErD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;oBAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC,CAAC;oBAC1E,OAAO;gBACT,CAAC;gBAED,mBAAmB;gBACnB,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACnC,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC9E,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC,CAAC;wBAC9E,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,2BAA2B;gBAC3B,MAAM,MAAM,GAAG,GAAiB,CAAC;gBACjC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC;gBAC3B,MAAM,CAAC,gBAAgB,GAAG,MAAM,CAAC,cAAc,CAAC;gBAChD,MAAM,CAAC,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC;gBAC3C,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC;gBAEhC,IAAI,EAAE,CAAC;YACT,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,sEAAsE;gBACtE,wEAAwE;gBACxE,mEAAmE;gBACnE,MAAM,GAAG,GAAW,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;gBACzC,MAAM,YAAY,GAChB,GAAG,CAAC,UAAU,CAAC,iCAAiC,CAAC;oBACjD,GAAG,KAAK,wDAAwD;oBAChE,GAAG,KAAK,wDAAwD,CAAC;gBACnE,MAAM,cAAc,GAClB,KAAK,EAAE,IAAI,KAAK,cAAc;oBAC9B,KAAK,EAAE,IAAI,KAAK,WAAW;oBAC3B,KAAK,EAAE,IAAI,KAAK,WAAW;oBAC3B,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,IAAI,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC;gBAEpE,IAAI,YAAY,EAAE,CAAC;oBACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,iCAAiC,EAAE,CAAC,CAAC;oBACrF,OAAO;gBACT,CAAC;gBAED,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,EAAE,IAAI,IAAI,KAAK,EAAE,OAAO,CAAC,CAAC;oBAC7E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,gDAAgD,EAAE,CAAC,CAAC;oBACpG,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;gBAC3D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AASD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,SAAgB,sBAAsB,CAAC,MAAiB;IACtD,OAAO,SAAS,UAAU,CAAC,UAAmC,EAAE;QAC9D,MAAM,EACJ,UAAU,EAAE,WAAW,EAAG,gDAAgD;QAC1E,UAAU,GAAG,WAAW,EACxB,cAAc,GAAG,EAAE,EACnB,WAAW,GACZ,GAAG,OAAO,CAAC;QAEZ,MAAM,SAAS,GAAG,CAAC,GAAY,EAAE,GAAa,EAAE,MAAc,EAAE,OAAe,EAAQ,EAAE;YACvF,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YACzC,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACvD,CAAC;QACH,CAAC,CAAC;QAEF,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;YAC9E,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAuB,CAAC;YAE/D,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,WAAW,UAAU,SAAS,CAAC,CAAC;gBACzD,OAAO;YACT,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;gBAEnD,qDAAqD;gBACrD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;oBACxD,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,MAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;oBACrE,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uCAAuC,CAAC,CAAC;wBAClE,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,2BAA2B;gBAC3B,MAAM,SAAS,GAAG,GAAwB,CAAC;gBAC3C,SAAS,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC;gBACnC,SAAS,CAAC,eAAe,GAAG,MAAM,CAAC,UAAU,CAAC;gBAC9C,SAAS,CAAC,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC;gBAC1C,SAAS,CAAC,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;gBAEvC,IAAI,EAAE,CAAC;YACT,CAAC;YAAC,OAAO,KAAU,EAAE,CAAC;gBACpB,MAAM,GAAG,GAAW,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;gBACzC,MAAM,UAAU,GACd,GAAG,CAAC,QAAQ,CAAC,6BAA6B,CAAC;oBAC3C,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;gBAC9B,MAAM,cAAc,GAClB,KAAK,EAAE,IAAI,KAAK,cAAc;oBAC9B,KAAK,EAAE,IAAI,KAAK,WAAW;oBAC3B,KAAK,EAAE,IAAI,KAAK,WAAW;oBAC3B,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,IAAI,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC;gBAEpE,IAAI,UAAU,EAAE,CAAC;oBACf,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,4BAA4B,CAAC,CAAC;oBACvD,OAAO;gBACT,CAAC;gBAED,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,CAAC,KAAK,CAAC,oDAAoD,EAAE,KAAK,EAAE,IAAI,IAAI,KAAK,EAAE,OAAO,CAAC,CAAC;oBACnG,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,gDAAgD,CAAC,CAAC;oBAC3E,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;gBAC9D,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8BAA8B,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -109,4 +109,75 @@ export interface IamAuthRequest {
|
|
|
109
109
|
iamPermissions: string[];
|
|
110
110
|
iamTokenExp: number;
|
|
111
111
|
}
|
|
112
|
+
export type ApiKeyOwnerType = 'app';
|
|
113
|
+
export type ApiKeyStatus = 'active' | 'revoked' | 'expired';
|
|
114
|
+
/** Response shape from POST /api/internal/apikeys/verify */
|
|
115
|
+
export interface ApiKeyVerifyData {
|
|
116
|
+
valid: boolean;
|
|
117
|
+
key_id: string;
|
|
118
|
+
owner_type: ApiKeyOwnerType;
|
|
119
|
+
owner_id: number;
|
|
120
|
+
scopes: string[] | null;
|
|
121
|
+
}
|
|
122
|
+
/** Cached result shape (only valid=true entries are cached) */
|
|
123
|
+
export interface CachedApiKeyResult {
|
|
124
|
+
result: ApiKeyVerifyData;
|
|
125
|
+
/** Unix ms timestamp after which the cached entry is stale */
|
|
126
|
+
expiresAt: number;
|
|
127
|
+
}
|
|
128
|
+
/** Request body for POST /api/internal/apikeys/verify */
|
|
129
|
+
export interface ApiKeyVerifyRequest {
|
|
130
|
+
key: string;
|
|
131
|
+
}
|
|
132
|
+
/** Safe key representation returned from management endpoints */
|
|
133
|
+
export interface ApiKeyData {
|
|
134
|
+
id: number;
|
|
135
|
+
key_id: string;
|
|
136
|
+
name: string;
|
|
137
|
+
description?: string | null;
|
|
138
|
+
owner_type: ApiKeyOwnerType;
|
|
139
|
+
owner_id: number;
|
|
140
|
+
scopes: string[] | null;
|
|
141
|
+
status: ApiKeyStatus;
|
|
142
|
+
expires_at: string | null;
|
|
143
|
+
last_used_at: string | null;
|
|
144
|
+
created_by: number;
|
|
145
|
+
created_at: string;
|
|
146
|
+
updated_at: string;
|
|
147
|
+
}
|
|
148
|
+
/** Returned once on creation (includes plaintext key_value) */
|
|
149
|
+
export interface ApiKeyCreatedData extends ApiKeyData {
|
|
150
|
+
key_value: string;
|
|
151
|
+
}
|
|
152
|
+
/** Augment Express Request with API Key claims */
|
|
153
|
+
export interface ApiKeyRequest {
|
|
154
|
+
apiKeyId: string;
|
|
155
|
+
apiKeyOwnerType: ApiKeyOwnerType;
|
|
156
|
+
apiKeyOwnerId: number;
|
|
157
|
+
apiKeyScopes: string[] | null;
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* Options for createApiKeyMiddleware()
|
|
161
|
+
*/
|
|
162
|
+
export interface ApiKeyMiddlewareOptions {
|
|
163
|
+
/**
|
|
164
|
+
* How long (ms) to cache valid API key results.
|
|
165
|
+
* Defaults to 5 minutes — matches the revoke propagation window.
|
|
166
|
+
*/
|
|
167
|
+
cacheTtlMs?: number;
|
|
168
|
+
/**
|
|
169
|
+
* Header to read the key from. Defaults to 'x-api-key'.
|
|
170
|
+
*/
|
|
171
|
+
headerName?: string;
|
|
172
|
+
/**
|
|
173
|
+
* Required scopes that the key must include.
|
|
174
|
+
* null scopes on the key = unrestricted (passes all scope checks).
|
|
175
|
+
*/
|
|
176
|
+
requiredScopes?: string[];
|
|
177
|
+
/**
|
|
178
|
+
* Optional callback to customise the error response format.
|
|
179
|
+
* If not provided, responds with { success: false, message } JSON.
|
|
180
|
+
*/
|
|
181
|
+
onAuthError?: (req: import('express').Request, res: import('express').Response, status: number, message: string) => void;
|
|
182
|
+
}
|
|
112
183
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,cAAc,CAAC,CAAC,GAAG,OAAO;IACzC,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,uBAAuB,EAAE,MAAM,CAAC;IAChC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB,EAAE,MAAM,CAAC;IACjC,UAAU,EAAE,QAAQ,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,OAAO,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,QAAQ,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,OAAO,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;CAC1C;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAID,MAAM,WAAW,eAAe;IAC9B,0DAA0D;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAID,8CAA8C;AAC9C,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,cAAc,CAAC,CAAC,GAAG,OAAO;IACzC,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,uBAAuB,EAAE,MAAM,CAAC;IAChC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,wBAAwB,EAAE,MAAM,CAAC;IACjC,UAAU,EAAE,QAAQ,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,OAAO,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,QAAQ,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,KAAK,CAAC;IACX,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,OAAO,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;CAC1C;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAID,MAAM,WAAW,eAAe;IAC9B,0DAA0D;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,gCAAgC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAID,8CAA8C;AAC9C,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,MAAM,MAAM,eAAe,GAAG,KAAK,CAAC;AACpC,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;AAE5D,4DAA4D;AAC5D,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,eAAe,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;CACzB;AAED,+DAA+D;AAC/D,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,gBAAgB,CAAC;IACzB,8DAA8D;IAC9D,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,yDAAyD;AACzD,MAAM,WAAW,mBAAmB;IAClC,GAAG,EAAE,MAAM,CAAC;CACb;AAED,iEAAiE;AACjE,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,eAAe,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,YAAY,CAAC;IACrB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,+DAA+D;AAC/D,MAAM,WAAW,iBAAkB,SAAQ,UAAU;IACnD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,kDAAkD;AAClD,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,eAAe,CAAC;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B;;;OAGG;IACH,WAAW,CAAC,EAAE,CACZ,GAAG,EAAE,OAAO,SAAS,EAAE,OAAO,EAC9B,GAAG,EAAE,OAAO,SAAS,EAAE,QAAQ,EAC/B,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,KACZ,IAAI,CAAC;CACX"}
|