@etainabl/nodejs-sdk 1.3.110 → 1.3.112
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/esm/chunk-3YGWW265.js +64 -0
- package/dist/esm/chunk-3YGWW265.js.map +1 -0
- package/dist/esm/chunk-BIVFO5LG.js +2476 -0
- package/dist/esm/chunk-BIVFO5LG.js.map +1 -0
- package/dist/esm/chunk-CIKXN3GS.js +64 -0
- package/dist/esm/chunk-CIKXN3GS.js.map +1 -0
- package/dist/esm/chunk-E6O4HVLA.js +121 -0
- package/dist/esm/chunk-E6O4HVLA.js.map +1 -0
- package/dist/esm/chunk-HAEAETXR.js +210 -0
- package/dist/esm/chunk-HAEAETXR.js.map +1 -0
- package/dist/esm/chunk-ITSE4X2J.js +1733 -0
- package/dist/esm/chunk-ITSE4X2J.js.map +1 -0
- package/dist/esm/chunk-OWL7NKW5.js +47 -0
- package/dist/esm/chunk-OWL7NKW5.js.map +1 -0
- package/dist/esm/chunk-R63LRFTI.js +153 -0
- package/dist/esm/chunk-R63LRFTI.js.map +1 -0
- package/dist/esm/chunk-UFTVLHTW.js +114 -0
- package/dist/esm/chunk-UFTVLHTW.js.map +1 -0
- package/dist/esm/chunk-UZGMBQZB.js +13 -0
- package/dist/esm/chunk-UZGMBQZB.js.map +1 -0
- package/dist/esm/chunk-XXAWQ5GA.js +3359 -0
- package/dist/esm/chunk-XXAWQ5GA.js.map +1 -0
- package/dist/esm/dist-es-4ZHJVMJ4.js +21 -0
- package/dist/esm/dist-es-4ZHJVMJ4.js.map +1 -0
- package/dist/esm/dist-es-FD7XXZCE.js +305 -0
- package/dist/esm/dist-es-FD7XXZCE.js.map +1 -0
- package/dist/esm/dist-es-MXGFLXV2.js +379 -0
- package/dist/esm/dist-es-MXGFLXV2.js.map +1 -0
- package/dist/esm/dist-es-QPNGCVTW.js +67 -0
- package/dist/esm/dist-es-QPNGCVTW.js.map +1 -0
- package/dist/esm/dist-es-RHLCSE2G.js +200 -0
- package/dist/esm/dist-es-RHLCSE2G.js.map +1 -0
- package/dist/esm/dist-es-X5IH3XCT.js +88 -0
- package/dist/esm/dist-es-X5IH3XCT.js.map +1 -0
- package/dist/esm/dist-es-XEM2CDDP.js +163 -0
- package/dist/esm/dist-es-XEM2CDDP.js.map +1 -0
- package/dist/esm/index.js +4299 -81
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/loadSso-3QBKTJF3.js +655 -0
- package/dist/esm/loadSso-3QBKTJF3.js.map +1 -0
- package/dist/esm/sso-oidc-GZ3LZ3MF.js +827 -0
- package/dist/esm/sso-oidc-GZ3LZ3MF.js.map +1 -0
- package/dist/esm/sts-CIQKG7FB.js +1162 -0
- package/dist/esm/sts-CIQKG7FB.js.map +1 -0
- package/dist/index.d.cts +176 -82
- package/dist/index.d.ts +176 -82
- package/dist/index.js +21923 -1147
- package/dist/index.js.map +1 -1
- package/package.json +4 -2
|
@@ -0,0 +1,305 @@
|
|
|
1
|
+
import {
|
|
2
|
+
getProfileName,
|
|
3
|
+
getSSOTokenFilepath,
|
|
4
|
+
getSSOTokenFromFile,
|
|
5
|
+
loadSsoSessionData,
|
|
6
|
+
parseKnownFiles
|
|
7
|
+
} from "./chunk-HAEAETXR.js";
|
|
8
|
+
import {
|
|
9
|
+
setCredentialFeature
|
|
10
|
+
} from "./chunk-UZGMBQZB.js";
|
|
11
|
+
import "./chunk-3YGWW265.js";
|
|
12
|
+
import {
|
|
13
|
+
CredentialsProviderError,
|
|
14
|
+
TokenProviderError
|
|
15
|
+
} from "./chunk-R63LRFTI.js";
|
|
16
|
+
|
|
17
|
+
// node_modules/@aws-sdk/credential-provider-sso/dist-es/isSsoProfile.js
|
|
18
|
+
var isSsoProfile = (arg) => arg && (typeof arg.sso_start_url === "string" || typeof arg.sso_account_id === "string" || typeof arg.sso_session === "string" || typeof arg.sso_region === "string" || typeof arg.sso_role_name === "string");
|
|
19
|
+
|
|
20
|
+
// node_modules/@aws-sdk/token-providers/dist-es/constants.js
|
|
21
|
+
var EXPIRE_WINDOW_MS = 5 * 60 * 1e3;
|
|
22
|
+
var REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;
|
|
23
|
+
|
|
24
|
+
// node_modules/@aws-sdk/token-providers/dist-es/getSsoOidcClient.js
|
|
25
|
+
var getSsoOidcClient = async (ssoRegion, init = {}) => {
|
|
26
|
+
const { SSOOIDCClient } = await import("./sso-oidc-GZ3LZ3MF.js");
|
|
27
|
+
const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {
|
|
28
|
+
region: ssoRegion ?? init.clientConfig?.region,
|
|
29
|
+
logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger
|
|
30
|
+
}));
|
|
31
|
+
return ssoOidcClient;
|
|
32
|
+
};
|
|
33
|
+
|
|
34
|
+
// node_modules/@aws-sdk/token-providers/dist-es/getNewSsoOidcToken.js
|
|
35
|
+
var getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}) => {
|
|
36
|
+
const { CreateTokenCommand } = await import("./sso-oidc-GZ3LZ3MF.js");
|
|
37
|
+
const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);
|
|
38
|
+
return ssoOidcClient.send(new CreateTokenCommand({
|
|
39
|
+
clientId: ssoToken.clientId,
|
|
40
|
+
clientSecret: ssoToken.clientSecret,
|
|
41
|
+
refreshToken: ssoToken.refreshToken,
|
|
42
|
+
grantType: "refresh_token"
|
|
43
|
+
}));
|
|
44
|
+
};
|
|
45
|
+
|
|
46
|
+
// node_modules/@aws-sdk/token-providers/dist-es/validateTokenExpiry.js
|
|
47
|
+
var validateTokenExpiry = (token) => {
|
|
48
|
+
if (token.expiration && token.expiration.getTime() < Date.now()) {
|
|
49
|
+
throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);
|
|
50
|
+
}
|
|
51
|
+
};
|
|
52
|
+
|
|
53
|
+
// node_modules/@aws-sdk/token-providers/dist-es/validateTokenKey.js
|
|
54
|
+
var validateTokenKey = (key, value, forRefresh = false) => {
|
|
55
|
+
if (typeof value === "undefined") {
|
|
56
|
+
throw new TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? ". Cannot refresh" : ""}. ${REFRESH_MESSAGE}`, false);
|
|
57
|
+
}
|
|
58
|
+
};
|
|
59
|
+
|
|
60
|
+
// node_modules/@aws-sdk/token-providers/dist-es/writeSSOTokenToFile.js
|
|
61
|
+
import { promises as fsPromises } from "fs";
|
|
62
|
+
var { writeFile } = fsPromises;
|
|
63
|
+
var writeSSOTokenToFile = (id, ssoToken) => {
|
|
64
|
+
const tokenFilepath = getSSOTokenFilepath(id);
|
|
65
|
+
const tokenString = JSON.stringify(ssoToken, null, 2);
|
|
66
|
+
return writeFile(tokenFilepath, tokenString);
|
|
67
|
+
};
|
|
68
|
+
|
|
69
|
+
// node_modules/@aws-sdk/token-providers/dist-es/fromSso.js
|
|
70
|
+
var lastRefreshAttemptTime = /* @__PURE__ */ new Date(0);
|
|
71
|
+
var fromSso = (_init = {}) => async ({ callerClientConfig } = {}) => {
|
|
72
|
+
const init = {
|
|
73
|
+
..._init,
|
|
74
|
+
parentClientConfig: {
|
|
75
|
+
...callerClientConfig,
|
|
76
|
+
..._init.parentClientConfig
|
|
77
|
+
}
|
|
78
|
+
};
|
|
79
|
+
init.logger?.debug("@aws-sdk/token-providers - fromSso");
|
|
80
|
+
const profiles = await parseKnownFiles(init);
|
|
81
|
+
const profileName = getProfileName({
|
|
82
|
+
profile: init.profile ?? callerClientConfig?.profile
|
|
83
|
+
});
|
|
84
|
+
const profile = profiles[profileName];
|
|
85
|
+
if (!profile) {
|
|
86
|
+
throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);
|
|
87
|
+
} else if (!profile["sso_session"]) {
|
|
88
|
+
throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);
|
|
89
|
+
}
|
|
90
|
+
const ssoSessionName = profile["sso_session"];
|
|
91
|
+
const ssoSessions = await loadSsoSessionData(init);
|
|
92
|
+
const ssoSession = ssoSessions[ssoSessionName];
|
|
93
|
+
if (!ssoSession) {
|
|
94
|
+
throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);
|
|
95
|
+
}
|
|
96
|
+
for (const ssoSessionRequiredKey of ["sso_start_url", "sso_region"]) {
|
|
97
|
+
if (!ssoSession[ssoSessionRequiredKey]) {
|
|
98
|
+
throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
const ssoStartUrl = ssoSession["sso_start_url"];
|
|
102
|
+
const ssoRegion = ssoSession["sso_region"];
|
|
103
|
+
let ssoToken;
|
|
104
|
+
try {
|
|
105
|
+
ssoToken = await getSSOTokenFromFile(ssoSessionName);
|
|
106
|
+
} catch (e) {
|
|
107
|
+
throw new TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);
|
|
108
|
+
}
|
|
109
|
+
validateTokenKey("accessToken", ssoToken.accessToken);
|
|
110
|
+
validateTokenKey("expiresAt", ssoToken.expiresAt);
|
|
111
|
+
const { accessToken, expiresAt } = ssoToken;
|
|
112
|
+
const existingToken = { token: accessToken, expiration: new Date(expiresAt) };
|
|
113
|
+
if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {
|
|
114
|
+
return existingToken;
|
|
115
|
+
}
|
|
116
|
+
if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1e3) {
|
|
117
|
+
validateTokenExpiry(existingToken);
|
|
118
|
+
return existingToken;
|
|
119
|
+
}
|
|
120
|
+
validateTokenKey("clientId", ssoToken.clientId, true);
|
|
121
|
+
validateTokenKey("clientSecret", ssoToken.clientSecret, true);
|
|
122
|
+
validateTokenKey("refreshToken", ssoToken.refreshToken, true);
|
|
123
|
+
try {
|
|
124
|
+
lastRefreshAttemptTime.setTime(Date.now());
|
|
125
|
+
const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init);
|
|
126
|
+
validateTokenKey("accessToken", newSsoOidcToken.accessToken);
|
|
127
|
+
validateTokenKey("expiresIn", newSsoOidcToken.expiresIn);
|
|
128
|
+
const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1e3);
|
|
129
|
+
try {
|
|
130
|
+
await writeSSOTokenToFile(ssoSessionName, {
|
|
131
|
+
...ssoToken,
|
|
132
|
+
accessToken: newSsoOidcToken.accessToken,
|
|
133
|
+
expiresAt: newTokenExpiration.toISOString(),
|
|
134
|
+
refreshToken: newSsoOidcToken.refreshToken
|
|
135
|
+
});
|
|
136
|
+
} catch (error) {
|
|
137
|
+
}
|
|
138
|
+
return {
|
|
139
|
+
token: newSsoOidcToken.accessToken,
|
|
140
|
+
expiration: newTokenExpiration
|
|
141
|
+
};
|
|
142
|
+
} catch (error) {
|
|
143
|
+
validateTokenExpiry(existingToken);
|
|
144
|
+
return existingToken;
|
|
145
|
+
}
|
|
146
|
+
};
|
|
147
|
+
|
|
148
|
+
// node_modules/@aws-sdk/credential-provider-sso/dist-es/resolveSSOCredentials.js
|
|
149
|
+
var SHOULD_FAIL_CREDENTIAL_CHAIN = false;
|
|
150
|
+
var resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, parentClientConfig, profile, logger }) => {
|
|
151
|
+
let token;
|
|
152
|
+
const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;
|
|
153
|
+
if (ssoSession) {
|
|
154
|
+
try {
|
|
155
|
+
const _token = await fromSso({ profile })();
|
|
156
|
+
token = {
|
|
157
|
+
accessToken: _token.token,
|
|
158
|
+
expiresAt: new Date(_token.expiration).toISOString()
|
|
159
|
+
};
|
|
160
|
+
} catch (e) {
|
|
161
|
+
throw new CredentialsProviderError(e.message, {
|
|
162
|
+
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
|
|
163
|
+
logger
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
} else {
|
|
167
|
+
try {
|
|
168
|
+
token = await getSSOTokenFromFile(ssoStartUrl);
|
|
169
|
+
} catch (e) {
|
|
170
|
+
throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {
|
|
171
|
+
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
|
|
172
|
+
logger
|
|
173
|
+
});
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {
|
|
177
|
+
throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {
|
|
178
|
+
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
|
|
179
|
+
logger
|
|
180
|
+
});
|
|
181
|
+
}
|
|
182
|
+
const { accessToken } = token;
|
|
183
|
+
const { SSOClient, GetRoleCredentialsCommand } = await import("./loadSso-3QBKTJF3.js");
|
|
184
|
+
const sso = ssoClient || new SSOClient(Object.assign({}, clientConfig ?? {}, {
|
|
185
|
+
logger: clientConfig?.logger ?? parentClientConfig?.logger,
|
|
186
|
+
region: clientConfig?.region ?? ssoRegion
|
|
187
|
+
}));
|
|
188
|
+
let ssoResp;
|
|
189
|
+
try {
|
|
190
|
+
ssoResp = await sso.send(new GetRoleCredentialsCommand({
|
|
191
|
+
accountId: ssoAccountId,
|
|
192
|
+
roleName: ssoRoleName,
|
|
193
|
+
accessToken
|
|
194
|
+
}));
|
|
195
|
+
} catch (e) {
|
|
196
|
+
throw new CredentialsProviderError(e, {
|
|
197
|
+
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
|
|
198
|
+
logger
|
|
199
|
+
});
|
|
200
|
+
}
|
|
201
|
+
const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {} } = ssoResp;
|
|
202
|
+
if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {
|
|
203
|
+
throw new CredentialsProviderError("SSO returns an invalid temporary credential.", {
|
|
204
|
+
tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,
|
|
205
|
+
logger
|
|
206
|
+
});
|
|
207
|
+
}
|
|
208
|
+
const credentials = {
|
|
209
|
+
accessKeyId,
|
|
210
|
+
secretAccessKey,
|
|
211
|
+
sessionToken,
|
|
212
|
+
expiration: new Date(expiration),
|
|
213
|
+
...credentialScope && { credentialScope },
|
|
214
|
+
...accountId && { accountId }
|
|
215
|
+
};
|
|
216
|
+
if (ssoSession) {
|
|
217
|
+
setCredentialFeature(credentials, "CREDENTIALS_SSO", "s");
|
|
218
|
+
} else {
|
|
219
|
+
setCredentialFeature(credentials, "CREDENTIALS_SSO_LEGACY", "u");
|
|
220
|
+
}
|
|
221
|
+
return credentials;
|
|
222
|
+
};
|
|
223
|
+
|
|
224
|
+
// node_modules/@aws-sdk/credential-provider-sso/dist-es/validateSsoProfile.js
|
|
225
|
+
var validateSsoProfile = (profile, logger) => {
|
|
226
|
+
const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;
|
|
227
|
+
if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {
|
|
228
|
+
throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters "sso_account_id", "sso_region", "sso_role_name", "sso_start_url". Got ${Object.keys(profile).join(", ")}
|
|
229
|
+
Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, { tryNextLink: false, logger });
|
|
230
|
+
}
|
|
231
|
+
return profile;
|
|
232
|
+
};
|
|
233
|
+
|
|
234
|
+
// node_modules/@aws-sdk/credential-provider-sso/dist-es/fromSSO.js
|
|
235
|
+
var fromSSO = (init = {}) => async ({ callerClientConfig } = {}) => {
|
|
236
|
+
init.logger?.debug("@aws-sdk/credential-provider-sso - fromSSO");
|
|
237
|
+
const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
|
|
238
|
+
const { ssoClient } = init;
|
|
239
|
+
const profileName = getProfileName({
|
|
240
|
+
profile: init.profile ?? callerClientConfig?.profile
|
|
241
|
+
});
|
|
242
|
+
if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
|
|
243
|
+
const profiles = await parseKnownFiles(init);
|
|
244
|
+
const profile = profiles[profileName];
|
|
245
|
+
if (!profile) {
|
|
246
|
+
throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger });
|
|
247
|
+
}
|
|
248
|
+
if (!isSsoProfile(profile)) {
|
|
249
|
+
throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {
|
|
250
|
+
logger: init.logger
|
|
251
|
+
});
|
|
252
|
+
}
|
|
253
|
+
if (profile?.sso_session) {
|
|
254
|
+
const ssoSessions = await loadSsoSessionData(init);
|
|
255
|
+
const session = ssoSessions[profile.sso_session];
|
|
256
|
+
const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;
|
|
257
|
+
if (ssoRegion && ssoRegion !== session.sso_region) {
|
|
258
|
+
throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {
|
|
259
|
+
tryNextLink: false,
|
|
260
|
+
logger: init.logger
|
|
261
|
+
});
|
|
262
|
+
}
|
|
263
|
+
if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {
|
|
264
|
+
throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {
|
|
265
|
+
tryNextLink: false,
|
|
266
|
+
logger: init.logger
|
|
267
|
+
});
|
|
268
|
+
}
|
|
269
|
+
profile.sso_region = session.sso_region;
|
|
270
|
+
profile.sso_start_url = session.sso_start_url;
|
|
271
|
+
}
|
|
272
|
+
const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile, init.logger);
|
|
273
|
+
return resolveSSOCredentials({
|
|
274
|
+
ssoStartUrl: sso_start_url,
|
|
275
|
+
ssoSession: sso_session,
|
|
276
|
+
ssoAccountId: sso_account_id,
|
|
277
|
+
ssoRegion: sso_region,
|
|
278
|
+
ssoRoleName: sso_role_name,
|
|
279
|
+
ssoClient,
|
|
280
|
+
clientConfig: init.clientConfig,
|
|
281
|
+
parentClientConfig: init.parentClientConfig,
|
|
282
|
+
profile: profileName
|
|
283
|
+
});
|
|
284
|
+
} else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {
|
|
285
|
+
throw new CredentialsProviderError('Incomplete configuration. The fromSSO() argument hash must include "ssoStartUrl", "ssoAccountId", "ssoRegion", "ssoRoleName"', { tryNextLink: false, logger: init.logger });
|
|
286
|
+
} else {
|
|
287
|
+
return resolveSSOCredentials({
|
|
288
|
+
ssoStartUrl,
|
|
289
|
+
ssoSession,
|
|
290
|
+
ssoAccountId,
|
|
291
|
+
ssoRegion,
|
|
292
|
+
ssoRoleName,
|
|
293
|
+
ssoClient,
|
|
294
|
+
clientConfig: init.clientConfig,
|
|
295
|
+
parentClientConfig: init.parentClientConfig,
|
|
296
|
+
profile: profileName
|
|
297
|
+
});
|
|
298
|
+
}
|
|
299
|
+
};
|
|
300
|
+
export {
|
|
301
|
+
fromSSO,
|
|
302
|
+
isSsoProfile,
|
|
303
|
+
validateSsoProfile
|
|
304
|
+
};
|
|
305
|
+
//# sourceMappingURL=dist-es-FD7XXZCE.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../node_modules/@aws-sdk/credential-provider-sso/dist-es/isSsoProfile.js","../../node_modules/@aws-sdk/token-providers/dist-es/constants.js","../../node_modules/@aws-sdk/token-providers/dist-es/getSsoOidcClient.js","../../node_modules/@aws-sdk/token-providers/dist-es/getNewSsoOidcToken.js","../../node_modules/@aws-sdk/token-providers/dist-es/validateTokenExpiry.js","../../node_modules/@aws-sdk/token-providers/dist-es/validateTokenKey.js","../../node_modules/@aws-sdk/token-providers/dist-es/writeSSOTokenToFile.js","../../node_modules/@aws-sdk/token-providers/dist-es/fromSso.js","../../node_modules/@aws-sdk/credential-provider-sso/dist-es/resolveSSOCredentials.js","../../node_modules/@aws-sdk/credential-provider-sso/dist-es/validateSsoProfile.js","../../node_modules/@aws-sdk/credential-provider-sso/dist-es/fromSSO.js"],"sourcesContent":["export const isSsoProfile = (arg) => arg &&\n (typeof arg.sso_start_url === \"string\" ||\n typeof arg.sso_account_id === \"string\" ||\n typeof arg.sso_session === \"string\" ||\n typeof arg.sso_region === \"string\" ||\n typeof arg.sso_role_name === \"string\");\n","export const EXPIRE_WINDOW_MS = 5 * 60 * 1000;\nexport const REFRESH_MESSAGE = `To refresh this SSO session run 'aws sso login' with the corresponding profile.`;\n","export const getSsoOidcClient = async (ssoRegion, init = {}) => {\n const { SSOOIDCClient } = await import(\"@aws-sdk/nested-clients/sso-oidc\");\n const ssoOidcClient = new SSOOIDCClient(Object.assign({}, init.clientConfig ?? {}, {\n region: ssoRegion ?? init.clientConfig?.region,\n logger: init.clientConfig?.logger ?? init.parentClientConfig?.logger,\n }));\n return ssoOidcClient;\n};\n","import { getSsoOidcClient } from \"./getSsoOidcClient\";\nexport const getNewSsoOidcToken = async (ssoToken, ssoRegion, init = {}) => {\n const { CreateTokenCommand } = await import(\"@aws-sdk/nested-clients/sso-oidc\");\n const ssoOidcClient = await getSsoOidcClient(ssoRegion, init);\n return ssoOidcClient.send(new CreateTokenCommand({\n clientId: ssoToken.clientId,\n clientSecret: ssoToken.clientSecret,\n refreshToken: ssoToken.refreshToken,\n grantType: \"refresh_token\",\n }));\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { REFRESH_MESSAGE } from \"./constants\";\nexport const validateTokenExpiry = (token) => {\n if (token.expiration && token.expiration.getTime() < Date.now()) {\n throw new TokenProviderError(`Token is expired. ${REFRESH_MESSAGE}`, false);\n }\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { REFRESH_MESSAGE } from \"./constants\";\nexport const validateTokenKey = (key, value, forRefresh = false) => {\n if (typeof value === \"undefined\") {\n throw new TokenProviderError(`Value not present for '${key}' in SSO Token${forRefresh ? \". Cannot refresh\" : \"\"}. ${REFRESH_MESSAGE}`, false);\n }\n};\n","import { getSSOTokenFilepath } from \"@smithy/shared-ini-file-loader\";\nimport { promises as fsPromises } from \"fs\";\nconst { writeFile } = fsPromises;\nexport const writeSSOTokenToFile = (id, ssoToken) => {\n const tokenFilepath = getSSOTokenFilepath(id);\n const tokenString = JSON.stringify(ssoToken, null, 2);\n return writeFile(tokenFilepath, tokenString);\n};\n","import { TokenProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, getSSOTokenFromFile, loadSsoSessionData, parseKnownFiles, } from \"@smithy/shared-ini-file-loader\";\nimport { EXPIRE_WINDOW_MS, REFRESH_MESSAGE } from \"./constants\";\nimport { getNewSsoOidcToken } from \"./getNewSsoOidcToken\";\nimport { validateTokenExpiry } from \"./validateTokenExpiry\";\nimport { validateTokenKey } from \"./validateTokenKey\";\nimport { writeSSOTokenToFile } from \"./writeSSOTokenToFile\";\nconst lastRefreshAttemptTime = new Date(0);\nexport const fromSso = (_init = {}) => async ({ callerClientConfig } = {}) => {\n const init = {\n ..._init,\n parentClientConfig: {\n ...callerClientConfig,\n ..._init.parentClientConfig,\n },\n };\n init.logger?.debug(\"@aws-sdk/token-providers - fromSso\");\n const profiles = await parseKnownFiles(init);\n const profileName = getProfileName({\n profile: init.profile ?? callerClientConfig?.profile,\n });\n const profile = profiles[profileName];\n if (!profile) {\n throw new TokenProviderError(`Profile '${profileName}' could not be found in shared credentials file.`, false);\n }\n else if (!profile[\"sso_session\"]) {\n throw new TokenProviderError(`Profile '${profileName}' is missing required property 'sso_session'.`);\n }\n const ssoSessionName = profile[\"sso_session\"];\n const ssoSessions = await loadSsoSessionData(init);\n const ssoSession = ssoSessions[ssoSessionName];\n if (!ssoSession) {\n throw new TokenProviderError(`Sso session '${ssoSessionName}' could not be found in shared credentials file.`, false);\n }\n for (const ssoSessionRequiredKey of [\"sso_start_url\", \"sso_region\"]) {\n if (!ssoSession[ssoSessionRequiredKey]) {\n throw new TokenProviderError(`Sso session '${ssoSessionName}' is missing required property '${ssoSessionRequiredKey}'.`, false);\n }\n }\n const ssoStartUrl = ssoSession[\"sso_start_url\"];\n const ssoRegion = ssoSession[\"sso_region\"];\n let ssoToken;\n try {\n ssoToken = await getSSOTokenFromFile(ssoSessionName);\n }\n catch (e) {\n throw new TokenProviderError(`The SSO session token associated with profile=${profileName} was not found or is invalid. ${REFRESH_MESSAGE}`, false);\n }\n validateTokenKey(\"accessToken\", ssoToken.accessToken);\n validateTokenKey(\"expiresAt\", ssoToken.expiresAt);\n const { accessToken, expiresAt } = ssoToken;\n const existingToken = { token: accessToken, expiration: new Date(expiresAt) };\n if (existingToken.expiration.getTime() - Date.now() > EXPIRE_WINDOW_MS) {\n return existingToken;\n }\n if (Date.now() - lastRefreshAttemptTime.getTime() < 30 * 1000) {\n validateTokenExpiry(existingToken);\n return existingToken;\n }\n validateTokenKey(\"clientId\", ssoToken.clientId, true);\n validateTokenKey(\"clientSecret\", ssoToken.clientSecret, true);\n validateTokenKey(\"refreshToken\", ssoToken.refreshToken, true);\n try {\n lastRefreshAttemptTime.setTime(Date.now());\n const newSsoOidcToken = await getNewSsoOidcToken(ssoToken, ssoRegion, init);\n validateTokenKey(\"accessToken\", newSsoOidcToken.accessToken);\n validateTokenKey(\"expiresIn\", newSsoOidcToken.expiresIn);\n const newTokenExpiration = new Date(Date.now() + newSsoOidcToken.expiresIn * 1000);\n try {\n await writeSSOTokenToFile(ssoSessionName, {\n ...ssoToken,\n accessToken: newSsoOidcToken.accessToken,\n expiresAt: newTokenExpiration.toISOString(),\n refreshToken: newSsoOidcToken.refreshToken,\n });\n }\n catch (error) {\n }\n return {\n token: newSsoOidcToken.accessToken,\n expiration: newTokenExpiration,\n };\n }\n catch (error) {\n validateTokenExpiry(existingToken);\n return existingToken;\n }\n};\n","import { setCredentialFeature } from \"@aws-sdk/core/client\";\nimport { fromSso as getSsoTokenProvider } from \"@aws-sdk/token-providers\";\nimport { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getSSOTokenFromFile } from \"@smithy/shared-ini-file-loader\";\nconst SHOULD_FAIL_CREDENTIAL_CHAIN = false;\nexport const resolveSSOCredentials = async ({ ssoStartUrl, ssoSession, ssoAccountId, ssoRegion, ssoRoleName, ssoClient, clientConfig, parentClientConfig, profile, logger, }) => {\n let token;\n const refreshMessage = `To refresh this SSO session run aws sso login with the corresponding profile.`;\n if (ssoSession) {\n try {\n const _token = await getSsoTokenProvider({ profile })();\n token = {\n accessToken: _token.token,\n expiresAt: new Date(_token.expiration).toISOString(),\n };\n }\n catch (e) {\n throw new CredentialsProviderError(e.message, {\n tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n logger,\n });\n }\n }\n else {\n try {\n token = await getSSOTokenFromFile(ssoStartUrl);\n }\n catch (e) {\n throw new CredentialsProviderError(`The SSO session associated with this profile is invalid. ${refreshMessage}`, {\n tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n logger,\n });\n }\n }\n if (new Date(token.expiresAt).getTime() - Date.now() <= 0) {\n throw new CredentialsProviderError(`The SSO session associated with this profile has expired. ${refreshMessage}`, {\n tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n logger,\n });\n }\n const { accessToken } = token;\n const { SSOClient, GetRoleCredentialsCommand } = await import(\"./loadSso\");\n const sso = ssoClient ||\n new SSOClient(Object.assign({}, clientConfig ?? {}, {\n logger: clientConfig?.logger ?? parentClientConfig?.logger,\n region: clientConfig?.region ?? ssoRegion,\n }));\n let ssoResp;\n try {\n ssoResp = await sso.send(new GetRoleCredentialsCommand({\n accountId: ssoAccountId,\n roleName: ssoRoleName,\n accessToken,\n }));\n }\n catch (e) {\n throw new CredentialsProviderError(e, {\n tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n logger,\n });\n }\n const { roleCredentials: { accessKeyId, secretAccessKey, sessionToken, expiration, credentialScope, accountId } = {}, } = ssoResp;\n if (!accessKeyId || !secretAccessKey || !sessionToken || !expiration) {\n throw new CredentialsProviderError(\"SSO returns an invalid temporary credential.\", {\n tryNextLink: SHOULD_FAIL_CREDENTIAL_CHAIN,\n logger,\n });\n }\n const credentials = {\n accessKeyId,\n secretAccessKey,\n sessionToken,\n expiration: new Date(expiration),\n ...(credentialScope && { credentialScope }),\n ...(accountId && { accountId }),\n };\n if (ssoSession) {\n setCredentialFeature(credentials, \"CREDENTIALS_SSO\", \"s\");\n }\n else {\n setCredentialFeature(credentials, \"CREDENTIALS_SSO_LEGACY\", \"u\");\n }\n return credentials;\n};\n","import { CredentialsProviderError } from \"@smithy/property-provider\";\nexport const validateSsoProfile = (profile, logger) => {\n const { sso_start_url, sso_account_id, sso_region, sso_role_name } = profile;\n if (!sso_start_url || !sso_account_id || !sso_region || !sso_role_name) {\n throw new CredentialsProviderError(`Profile is configured with invalid SSO credentials. Required parameters \"sso_account_id\", ` +\n `\"sso_region\", \"sso_role_name\", \"sso_start_url\". Got ${Object.keys(profile).join(\", \")}\\nReference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html`, { tryNextLink: false, logger });\n }\n return profile;\n};\n","import { CredentialsProviderError } from \"@smithy/property-provider\";\nimport { getProfileName, loadSsoSessionData, parseKnownFiles } from \"@smithy/shared-ini-file-loader\";\nimport { isSsoProfile } from \"./isSsoProfile\";\nimport { resolveSSOCredentials } from \"./resolveSSOCredentials\";\nimport { validateSsoProfile } from \"./validateSsoProfile\";\nexport const fromSSO = (init = {}) => async ({ callerClientConfig } = {}) => {\n init.logger?.debug(\"@aws-sdk/credential-provider-sso - fromSSO\");\n const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;\n const { ssoClient } = init;\n const profileName = getProfileName({\n profile: init.profile ?? callerClientConfig?.profile,\n });\n if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {\n const profiles = await parseKnownFiles(init);\n const profile = profiles[profileName];\n if (!profile) {\n throw new CredentialsProviderError(`Profile ${profileName} was not found.`, { logger: init.logger });\n }\n if (!isSsoProfile(profile)) {\n throw new CredentialsProviderError(`Profile ${profileName} is not configured with SSO credentials.`, {\n logger: init.logger,\n });\n }\n if (profile?.sso_session) {\n const ssoSessions = await loadSsoSessionData(init);\n const session = ssoSessions[profile.sso_session];\n const conflictMsg = ` configurations in profile ${profileName} and sso-session ${profile.sso_session}`;\n if (ssoRegion && ssoRegion !== session.sso_region) {\n throw new CredentialsProviderError(`Conflicting SSO region` + conflictMsg, {\n tryNextLink: false,\n logger: init.logger,\n });\n }\n if (ssoStartUrl && ssoStartUrl !== session.sso_start_url) {\n throw new CredentialsProviderError(`Conflicting SSO start_url` + conflictMsg, {\n tryNextLink: false,\n logger: init.logger,\n });\n }\n profile.sso_region = session.sso_region;\n profile.sso_start_url = session.sso_start_url;\n }\n const { sso_start_url, sso_account_id, sso_region, sso_role_name, sso_session } = validateSsoProfile(profile, init.logger);\n return resolveSSOCredentials({\n ssoStartUrl: sso_start_url,\n ssoSession: sso_session,\n ssoAccountId: sso_account_id,\n ssoRegion: sso_region,\n ssoRoleName: sso_role_name,\n ssoClient: ssoClient,\n clientConfig: init.clientConfig,\n parentClientConfig: init.parentClientConfig,\n profile: profileName,\n });\n }\n else if (!ssoStartUrl || !ssoAccountId || !ssoRegion || !ssoRoleName) {\n throw new CredentialsProviderError(\"Incomplete configuration. The fromSSO() argument hash must include \" +\n '\"ssoStartUrl\", \"ssoAccountId\", \"ssoRegion\", \"ssoRoleName\"', { tryNextLink: false, logger: init.logger });\n }\n else {\n return resolveSSOCredentials({\n ssoStartUrl,\n ssoSession,\n ssoAccountId,\n ssoRegion,\n ssoRoleName,\n ssoClient,\n clientConfig: init.clientConfig,\n parentClientConfig: init.parentClientConfig,\n profile: profileName,\n });\n }\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAAO,IAAM,eAAe,CAAC,QAAQ,QAChC,OAAO,IAAI,kBAAkB,YAC1B,OAAO,IAAI,mBAAmB,YAC9B,OAAO,IAAI,gBAAgB,YAC3B,OAAO,IAAI,eAAe,YAC1B,OAAO,IAAI,kBAAkB;;;ACL9B,IAAM,mBAAmB,IAAI,KAAK;AAClC,IAAM,kBAAkB;;;ACDxB,IAAM,mBAAmB,OAAO,WAAW,OAAO,CAAC,MAAM;AAC5D,QAAM,EAAE,cAAc,IAAI,MAAM,OAAO,wBAAkC;AACzE,QAAM,gBAAgB,IAAI,cAAc,OAAO,OAAO,CAAC,GAAG,KAAK,gBAAgB,CAAC,GAAG;AAAA,IAC/E,QAAQ,aAAa,KAAK,cAAc;AAAA,IACxC,QAAQ,KAAK,cAAc,UAAU,KAAK,oBAAoB;AAAA,EAClE,CAAC,CAAC;AACF,SAAO;AACX;;;ACNO,IAAM,qBAAqB,OAAO,UAAU,WAAW,OAAO,CAAC,MAAM;AACxE,QAAM,EAAE,mBAAmB,IAAI,MAAM,OAAO,wBAAkC;AAC9E,QAAM,gBAAgB,MAAM,iBAAiB,WAAW,IAAI;AAC5D,SAAO,cAAc,KAAK,IAAI,mBAAmB;AAAA,IAC7C,UAAU,SAAS;AAAA,IACnB,cAAc,SAAS;AAAA,IACvB,cAAc,SAAS;AAAA,IACvB,WAAW;AAAA,EACf,CAAC,CAAC;AACN;;;ACRO,IAAM,sBAAsB,CAAC,UAAU;AAC1C,MAAI,MAAM,cAAc,MAAM,WAAW,QAAQ,IAAI,KAAK,IAAI,GAAG;AAC7D,UAAM,IAAI,mBAAmB,qBAAqB,eAAe,IAAI,KAAK;AAAA,EAC9E;AACJ;;;ACJO,IAAM,mBAAmB,CAAC,KAAK,OAAO,aAAa,UAAU;AAChE,MAAI,OAAO,UAAU,aAAa;AAC9B,UAAM,IAAI,mBAAmB,0BAA0B,GAAG,iBAAiB,aAAa,qBAAqB,EAAE,KAAK,eAAe,IAAI,KAAK;AAAA,EAChJ;AACJ;;;ACLA,SAAS,YAAY,kBAAkB;AACvC,IAAM,EAAE,UAAU,IAAI;AACf,IAAM,sBAAsB,CAAC,IAAI,aAAa;AACjD,QAAM,gBAAgB,oBAAoB,EAAE;AAC5C,QAAM,cAAc,KAAK,UAAU,UAAU,MAAM,CAAC;AACpD,SAAO,UAAU,eAAe,WAAW;AAC/C;;;ACAA,IAAM,yBAAyB,oBAAI,KAAK,CAAC;AAClC,IAAM,UAAU,CAAC,QAAQ,CAAC,MAAM,OAAO,EAAE,mBAAmB,IAAI,CAAC,MAAM;AAC1E,QAAM,OAAO;AAAA,IACT,GAAG;AAAA,IACH,oBAAoB;AAAA,MAChB,GAAG;AAAA,MACH,GAAG,MAAM;AAAA,IACb;AAAA,EACJ;AACA,OAAK,QAAQ,MAAM,oCAAoC;AACvD,QAAM,WAAW,MAAM,gBAAgB,IAAI;AAC3C,QAAM,cAAc,eAAe;AAAA,IAC/B,SAAS,KAAK,WAAW,oBAAoB;AAAA,EACjD,CAAC;AACD,QAAM,UAAU,SAAS,WAAW;AACpC,MAAI,CAAC,SAAS;AACV,UAAM,IAAI,mBAAmB,YAAY,WAAW,oDAAoD,KAAK;AAAA,EACjH,WACS,CAAC,QAAQ,aAAa,GAAG;AAC9B,UAAM,IAAI,mBAAmB,YAAY,WAAW,+CAA+C;AAAA,EACvG;AACA,QAAM,iBAAiB,QAAQ,aAAa;AAC5C,QAAM,cAAc,MAAM,mBAAmB,IAAI;AACjD,QAAM,aAAa,YAAY,cAAc;AAC7C,MAAI,CAAC,YAAY;AACb,UAAM,IAAI,mBAAmB,gBAAgB,cAAc,oDAAoD,KAAK;AAAA,EACxH;AACA,aAAW,yBAAyB,CAAC,iBAAiB,YAAY,GAAG;AACjE,QAAI,CAAC,WAAW,qBAAqB,GAAG;AACpC,YAAM,IAAI,mBAAmB,gBAAgB,cAAc,mCAAmC,qBAAqB,MAAM,KAAK;AAAA,IAClI;AAAA,EACJ;AACA,QAAM,cAAc,WAAW,eAAe;AAC9C,QAAM,YAAY,WAAW,YAAY;AACzC,MAAI;AACJ,MAAI;AACA,eAAW,MAAM,oBAAoB,cAAc;AAAA,EACvD,SACO,GAAG;AACN,UAAM,IAAI,mBAAmB,iDAAiD,WAAW,iCAAiC,eAAe,IAAI,KAAK;AAAA,EACtJ;AACA,mBAAiB,eAAe,SAAS,WAAW;AACpD,mBAAiB,aAAa,SAAS,SAAS;AAChD,QAAM,EAAE,aAAa,UAAU,IAAI;AACnC,QAAM,gBAAgB,EAAE,OAAO,aAAa,YAAY,IAAI,KAAK,SAAS,EAAE;AAC5E,MAAI,cAAc,WAAW,QAAQ,IAAI,KAAK,IAAI,IAAI,kBAAkB;AACpE,WAAO;AAAA,EACX;AACA,MAAI,KAAK,IAAI,IAAI,uBAAuB,QAAQ,IAAI,KAAK,KAAM;AAC3D,wBAAoB,aAAa;AACjC,WAAO;AAAA,EACX;AACA,mBAAiB,YAAY,SAAS,UAAU,IAAI;AACpD,mBAAiB,gBAAgB,SAAS,cAAc,IAAI;AAC5D,mBAAiB,gBAAgB,SAAS,cAAc,IAAI;AAC5D,MAAI;AACA,2BAAuB,QAAQ,KAAK,IAAI,CAAC;AACzC,UAAM,kBAAkB,MAAM,mBAAmB,UAAU,WAAW,IAAI;AAC1E,qBAAiB,eAAe,gBAAgB,WAAW;AAC3D,qBAAiB,aAAa,gBAAgB,SAAS;AACvD,UAAM,qBAAqB,IAAI,KAAK,KAAK,IAAI,IAAI,gBAAgB,YAAY,GAAI;AACjF,QAAI;AACA,YAAM,oBAAoB,gBAAgB;AAAA,QACtC,GAAG;AAAA,QACH,aAAa,gBAAgB;AAAA,QAC7B,WAAW,mBAAmB,YAAY;AAAA,QAC1C,cAAc,gBAAgB;AAAA,MAClC,CAAC;AAAA,IACL,SACO,OAAO;AAAA,IACd;AACA,WAAO;AAAA,MACH,OAAO,gBAAgB;AAAA,MACvB,YAAY;AAAA,IAChB;AAAA,EACJ,SACO,OAAO;AACV,wBAAoB,aAAa;AACjC,WAAO;AAAA,EACX;AACJ;;;ACnFA,IAAM,+BAA+B;AAC9B,IAAM,wBAAwB,OAAO,EAAE,aAAa,YAAY,cAAc,WAAW,aAAa,WAAW,cAAc,oBAAoB,SAAS,OAAQ,MAAM;AAC7K,MAAI;AACJ,QAAM,iBAAiB;AACvB,MAAI,YAAY;AACZ,QAAI;AACA,YAAM,SAAS,MAAM,QAAoB,EAAE,QAAQ,CAAC,EAAE;AACtD,cAAQ;AAAA,QACJ,aAAa,OAAO;AAAA,QACpB,WAAW,IAAI,KAAK,OAAO,UAAU,EAAE,YAAY;AAAA,MACvD;AAAA,IACJ,SACO,GAAG;AACN,YAAM,IAAI,yBAAyB,EAAE,SAAS;AAAA,QAC1C,aAAa;AAAA,QACb;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ,OACK;AACD,QAAI;AACA,cAAQ,MAAM,oBAAoB,WAAW;AAAA,IACjD,SACO,GAAG;AACN,YAAM,IAAI,yBAAyB,4DAA4D,cAAc,IAAI;AAAA,QAC7G,aAAa;AAAA,QACb;AAAA,MACJ,CAAC;AAAA,IACL;AAAA,EACJ;AACA,MAAI,IAAI,KAAK,MAAM,SAAS,EAAE,QAAQ,IAAI,KAAK,IAAI,KAAK,GAAG;AACvD,UAAM,IAAI,yBAAyB,6DAA6D,cAAc,IAAI;AAAA,MAC9G,aAAa;AAAA,MACb;AAAA,IACJ,CAAC;AAAA,EACL;AACA,QAAM,EAAE,YAAY,IAAI;AACxB,QAAM,EAAE,WAAW,0BAA0B,IAAI,MAAM,OAAO,uBAAW;AACzE,QAAM,MAAM,aACR,IAAI,UAAU,OAAO,OAAO,CAAC,GAAG,gBAAgB,CAAC,GAAG;AAAA,IAChD,QAAQ,cAAc,UAAU,oBAAoB;AAAA,IACpD,QAAQ,cAAc,UAAU;AAAA,EACpC,CAAC,CAAC;AACN,MAAI;AACJ,MAAI;AACA,cAAU,MAAM,IAAI,KAAK,IAAI,0BAA0B;AAAA,MACnD,WAAW;AAAA,MACX,UAAU;AAAA,MACV;AAAA,IACJ,CAAC,CAAC;AAAA,EACN,SACO,GAAG;AACN,UAAM,IAAI,yBAAyB,GAAG;AAAA,MAClC,aAAa;AAAA,MACb;AAAA,IACJ,CAAC;AAAA,EACL;AACA,QAAM,EAAE,iBAAiB,EAAE,aAAa,iBAAiB,cAAc,YAAY,iBAAiB,UAAU,IAAI,CAAC,EAAG,IAAI;AAC1H,MAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,YAAY;AAClE,UAAM,IAAI,yBAAyB,gDAAgD;AAAA,MAC/E,aAAa;AAAA,MACb;AAAA,IACJ,CAAC;AAAA,EACL;AACA,QAAM,cAAc;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY,IAAI,KAAK,UAAU;AAAA,IAC/B,GAAI,mBAAmB,EAAE,gBAAgB;AAAA,IACzC,GAAI,aAAa,EAAE,UAAU;AAAA,EACjC;AACA,MAAI,YAAY;AACZ,yBAAqB,aAAa,mBAAmB,GAAG;AAAA,EAC5D,OACK;AACD,yBAAqB,aAAa,0BAA0B,GAAG;AAAA,EACnE;AACA,SAAO;AACX;;;AClFO,IAAM,qBAAqB,CAAC,SAAS,WAAW;AACnD,QAAM,EAAE,eAAe,gBAAgB,YAAY,cAAc,IAAI;AACrE,MAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,cAAc,CAAC,eAAe;AACpE,UAAM,IAAI,yBAAyB,iJACwB,OAAO,KAAK,OAAO,EAAE,KAAK,IAAI,CAAC;AAAA,qFAAwF,EAAE,aAAa,OAAO,OAAO,CAAC;AAAA,EACpN;AACA,SAAO;AACX;;;ACHO,IAAM,UAAU,CAAC,OAAO,CAAC,MAAM,OAAO,EAAE,mBAAmB,IAAI,CAAC,MAAM;AACzE,OAAK,QAAQ,MAAM,4CAA4C;AAC/D,QAAM,EAAE,aAAa,cAAc,WAAW,aAAa,WAAW,IAAI;AAC1E,QAAM,EAAE,UAAU,IAAI;AACtB,QAAM,cAAc,eAAe;AAAA,IAC/B,SAAS,KAAK,WAAW,oBAAoB;AAAA,EACjD,CAAC;AACD,MAAI,CAAC,eAAe,CAAC,gBAAgB,CAAC,aAAa,CAAC,eAAe,CAAC,YAAY;AAC5E,UAAM,WAAW,MAAM,gBAAgB,IAAI;AAC3C,UAAM,UAAU,SAAS,WAAW;AACpC,QAAI,CAAC,SAAS;AACV,YAAM,IAAI,yBAAyB,WAAW,WAAW,mBAAmB,EAAE,QAAQ,KAAK,OAAO,CAAC;AAAA,IACvG;AACA,QAAI,CAAC,aAAa,OAAO,GAAG;AACxB,YAAM,IAAI,yBAAyB,WAAW,WAAW,4CAA4C;AAAA,QACjG,QAAQ,KAAK;AAAA,MACjB,CAAC;AAAA,IACL;AACA,QAAI,SAAS,aAAa;AACtB,YAAM,cAAc,MAAM,mBAAmB,IAAI;AACjD,YAAM,UAAU,YAAY,QAAQ,WAAW;AAC/C,YAAM,cAAc,8BAA8B,WAAW,oBAAoB,QAAQ,WAAW;AACpG,UAAI,aAAa,cAAc,QAAQ,YAAY;AAC/C,cAAM,IAAI,yBAAyB,2BAA2B,aAAa;AAAA,UACvE,aAAa;AAAA,UACb,QAAQ,KAAK;AAAA,QACjB,CAAC;AAAA,MACL;AACA,UAAI,eAAe,gBAAgB,QAAQ,eAAe;AACtD,cAAM,IAAI,yBAAyB,8BAA8B,aAAa;AAAA,UAC1E,aAAa;AAAA,UACb,QAAQ,KAAK;AAAA,QACjB,CAAC;AAAA,MACL;AACA,cAAQ,aAAa,QAAQ;AAC7B,cAAQ,gBAAgB,QAAQ;AAAA,IACpC;AACA,UAAM,EAAE,eAAe,gBAAgB,YAAY,eAAe,YAAY,IAAI,mBAAmB,SAAS,KAAK,MAAM;AACzH,WAAO,sBAAsB;AAAA,MACzB,aAAa;AAAA,MACb,YAAY;AAAA,MACZ,cAAc;AAAA,MACd,WAAW;AAAA,MACX,aAAa;AAAA,MACb;AAAA,MACA,cAAc,KAAK;AAAA,MACnB,oBAAoB,KAAK;AAAA,MACzB,SAAS;AAAA,IACb,CAAC;AAAA,EACL,WACS,CAAC,eAAe,CAAC,gBAAgB,CAAC,aAAa,CAAC,aAAa;AAClE,UAAM,IAAI,yBAAyB,gIAC8B,EAAE,aAAa,OAAO,QAAQ,KAAK,OAAO,CAAC;AAAA,EAChH,OACK;AACD,WAAO,sBAAsB;AAAA,MACzB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,cAAc,KAAK;AAAA,MACnB,oBAAoB,KAAK;AAAA,MACzB,SAAS;AAAA,IACb,CAAC;AAAA,EACL;AACJ;","names":[]}
|