@illustrisinteractive/sentinel-nest 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.prettierrc +4 -0
- package/README.md +98 -0
- package/config/config.json +24 -0
- package/dist/bin/commit.d.ts +1 -0
- package/dist/bin/commit.js +136 -0
- package/dist/bin/commit.js.map +1 -0
- package/dist/bin/init.d.ts +2 -0
- package/dist/bin/init.js +179 -0
- package/dist/bin/init.js.map +1 -0
- package/dist/bin/migrations/1-create-permission.d.ts +6 -0
- package/dist/bin/migrations/1-create-permission.js +30 -0
- package/dist/bin/migrations/1-create-permission.js.map +1 -0
- package/dist/bin/migrations/2-create-role.d.ts +2 -0
- package/dist/bin/migrations/2-create-role.js +29 -0
- package/dist/bin/migrations/2-create-role.js.map +1 -0
- package/dist/bin/migrations/3-create-rolepermissions.d.ts +2 -0
- package/dist/bin/migrations/3-create-rolepermissions.js +46 -0
- package/dist/bin/migrations/3-create-rolepermissions.js.map +1 -0
- package/dist/bin/migrations/4-create-model-roles.d.ts +2 -0
- package/dist/bin/migrations/4-create-model-roles.js +46 -0
- package/dist/bin/migrations/4-create-model-roles.js.map +1 -0
- package/dist/bin/resource.d.ts +1 -0
- package/dist/bin/resource.js +91 -0
- package/dist/bin/resource.js.map +1 -0
- package/dist/bin/sentinel.d.ts +2 -0
- package/dist/bin/sentinel.js +52 -0
- package/dist/bin/sentinel.js.map +1 -0
- package/dist/models/SecuredResource.d.ts +8 -0
- package/dist/models/SecuredResource.js +9 -0
- package/dist/models/SecuredResource.js.map +1 -0
- package/dist/models/SentinelConfig.d.ts +7 -0
- package/dist/models/SentinelConfig.js +3 -0
- package/dist/models/SentinelConfig.js.map +1 -0
- package/dist/models/sequelize/PermissionKey.d.ts +7 -0
- package/dist/models/sequelize/PermissionKey.js +39 -0
- package/dist/models/sequelize/PermissionKey.js.map +1 -0
- package/dist/prisma.config.d.ts +3 -0
- package/dist/prisma.config.js +14 -0
- package/dist/prisma.config.js.map +1 -0
- package/dist/src/can.decorator.d.ts +2 -0
- package/dist/src/can.decorator.js +6 -0
- package/dist/src/can.decorator.js.map +1 -0
- package/dist/src/generated/prisma/browser.d.ts +10 -0
- package/dist/src/generated/prisma/browser.js +44 -0
- package/dist/src/generated/prisma/browser.js.map +1 -0
- package/dist/src/generated/prisma/client.d.ts +14 -0
- package/dist/src/generated/prisma/client.js +46 -0
- package/dist/src/generated/prisma/client.js.map +1 -0
- package/dist/src/generated/prisma/commonInputTypes.d.ts +263 -0
- package/dist/src/generated/prisma/commonInputTypes.js +3 -0
- package/dist/src/generated/prisma/commonInputTypes.js.map +1 -0
- package/dist/src/generated/prisma/enums.d.ts +1 -0
- package/dist/src/generated/prisma/enums.js +3 -0
- package/dist/src/generated/prisma/enums.js.map +1 -0
- package/dist/src/generated/prisma/internal/class.d.ts +50 -0
- package/dist/src/generated/prisma/internal/class.js +75 -0
- package/dist/src/generated/prisma/internal/class.js.map +1 -0
- package/dist/src/generated/prisma/internal/prismaNamespace.d.ts +778 -0
- package/dist/src/generated/prisma/internal/prismaNamespace.js +128 -0
- package/dist/src/generated/prisma/internal/prismaNamespace.js.map +1 -0
- package/dist/src/generated/prisma/internal/prismaNamespaceBrowser.d.ts +88 -0
- package/dist/src/generated/prisma/internal/prismaNamespaceBrowser.js +112 -0
- package/dist/src/generated/prisma/internal/prismaNamespaceBrowser.js.map +1 -0
- package/dist/src/generated/prisma/models/ModelHasRoles.d.ts +691 -0
- package/dist/src/generated/prisma/models/ModelHasRoles.js +3 -0
- package/dist/src/generated/prisma/models/ModelHasRoles.js.map +1 -0
- package/dist/src/generated/prisma/models/PermissionKeys.d.ts +547 -0
- package/dist/src/generated/prisma/models/PermissionKeys.js +3 -0
- package/dist/src/generated/prisma/models/PermissionKeys.js.map +1 -0
- package/dist/src/generated/prisma/models/RoleHasPermissions.d.ts +675 -0
- package/dist/src/generated/prisma/models/RoleHasPermissions.js +3 -0
- package/dist/src/generated/prisma/models/RoleHasPermissions.js.map +1 -0
- package/dist/src/generated/prisma/models/Roles.d.ts +582 -0
- package/dist/src/generated/prisma/models/Roles.js +3 -0
- package/dist/src/generated/prisma/models/Roles.js.map +1 -0
- package/dist/src/generated/prisma/models/SequelizeMeta.d.ts +289 -0
- package/dist/src/generated/prisma/models/SequelizeMeta.js +3 -0
- package/dist/src/generated/prisma/models/SequelizeMeta.js.map +1 -0
- package/dist/src/generated/prisma/models/Users.d.ts +572 -0
- package/dist/src/generated/prisma/models/Users.js +3 -0
- package/dist/src/generated/prisma/models/Users.js.map +1 -0
- package/dist/src/generated/prisma/models.d.ts +7 -0
- package/dist/src/generated/prisma/models.js +3 -0
- package/dist/src/generated/prisma/models.js.map +1 -0
- package/dist/src/main.d.ts +6 -0
- package/dist/src/main.js +23 -0
- package/dist/src/main.js.map +1 -0
- package/dist/src/models/SecuredResource.d.ts +8 -0
- package/dist/src/models/SecuredResource.js +9 -0
- package/dist/src/models/SecuredResource.js.map +1 -0
- package/dist/src/models/SentinelConfig.d.ts +7 -0
- package/dist/src/models/SentinelConfig.js +3 -0
- package/dist/src/models/SentinelConfig.js.map +1 -0
- package/dist/src/models/SentinelModel.d.ts +35 -0
- package/dist/src/models/SentinelModel.js +3 -0
- package/dist/src/models/SentinelModel.js.map +1 -0
- package/dist/src/models/SentinelModuleOptions.d.ts +7 -0
- package/dist/src/models/SentinelModuleOptions.js +3 -0
- package/dist/src/models/SentinelModuleOptions.js.map +1 -0
- package/dist/src/prisma.service.d.ts +4 -0
- package/dist/src/prisma.service.js +29 -0
- package/dist/src/prisma.service.js.map +1 -0
- package/dist/src/sentinel.guard.d.ts +9 -0
- package/dist/src/sentinel.guard.js +73 -0
- package/dist/src/sentinel.guard.js.map +1 -0
- package/dist/src/sentinel.module-definition.d.ts +2 -0
- package/dist/src/sentinel.module-definition.js +7 -0
- package/dist/src/sentinel.module-definition.js.map +1 -0
- package/dist/src/sentinel.module.d.ts +3 -0
- package/dist/src/sentinel.module.js +40 -0
- package/dist/src/sentinel.module.js.map +1 -0
- package/dist/src/sentinel.service.d.ts +39 -0
- package/dist/src/sentinel.service.js +146 -0
- package/dist/src/sentinel.service.js.map +1 -0
- package/dist/tsconfig.build.tsbuildinfo +1 -0
- package/dist/tsconfig.tsbuildinfo +1 -0
- package/eslint.config.mjs +34 -0
- package/models/index.js +43 -0
- package/models/permissionkey.js +31 -0
- package/models/role.js +23 -0
- package/models/rolehaspermission.js +43 -0
- package/nest-cli.json +8 -0
- package/package.json +103 -0
- package/prisma/migrations/20260227023704_init/migration.sql +74 -0
- package/prisma/migrations/migration_lock.toml +3 -0
- package/prisma/schema.prisma +62 -0
- package/prisma.config.ts +14 -0
- package/src/bin/commit.ts +186 -0
- package/src/bin/init.ts +251 -0
- package/src/bin/migrations/1-create-permission.js +32 -0
- package/src/bin/migrations/2-create-role.js +29 -0
- package/src/bin/migrations/3-create-rolepermissions.js +46 -0
- package/src/bin/migrations/4-create-model-roles.js +46 -0
- package/src/bin/resource.ts +107 -0
- package/src/bin/sentinel.ts +115 -0
- package/src/bin/tsconfig.json +30 -0
- package/src/can.decorator.ts +4 -0
- package/src/generated/prisma/browser.ts +49 -0
- package/src/generated/prisma/client.ts +69 -0
- package/src/generated/prisma/commonInputTypes.ts +302 -0
- package/src/generated/prisma/enums.ts +15 -0
- package/src/generated/prisma/internal/class.ts +250 -0
- package/src/generated/prisma/internal/prismaNamespace.ts +1213 -0
- package/src/generated/prisma/internal/prismaNamespaceBrowser.ts +163 -0
- package/src/generated/prisma/models/ModelHasRoles.ts +1521 -0
- package/src/generated/prisma/models/PermissionKeys.ts +1362 -0
- package/src/generated/prisma/models/RoleHasPermissions.ts +1503 -0
- package/src/generated/prisma/models/Roles.ts +1437 -0
- package/src/generated/prisma/models/SequelizeMeta.ts +1032 -0
- package/src/generated/prisma/models/Users.ts +1402 -0
- package/src/generated/prisma/models.ts +17 -0
- package/src/main.ts +24 -0
- package/src/models/SecuredResource.d.ts +8 -0
- package/src/models/SecuredResource.ts +9 -0
- package/src/models/SentinelConfig.d.ts +7 -0
- package/src/models/SentinelConfig.ts +8 -0
- package/src/models/SentinelModel.ts +39 -0
- package/src/models/SentinelModuleOptions.ts +11 -0
- package/src/models/sequelize/PermissionKey.ts +22 -0
- package/src/models/tsconfig.json +25 -0
- package/src/prisma.service.ts +13 -0
- package/src/sentinel.guard.ts +63 -0
- package/src/sentinel.module-definition.ts +5 -0
- package/src/sentinel.module.ts +27 -0
- package/src/sentinel.service.ts +188 -0
- package/tsconfig.build.json +11 -0
- package/tsconfig.json +25 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SentinelConfig.js","sourceRoot":"","sources":["../../../src/models/SentinelConfig.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import { PermissionKeysModel } from '../generated/prisma/models';
|
|
2
|
+
export interface SentinelPermissionKey {
|
|
3
|
+
id: string;
|
|
4
|
+
resource: string;
|
|
5
|
+
action: string;
|
|
6
|
+
createdAt: string | Date;
|
|
7
|
+
updatedAt: string | Date;
|
|
8
|
+
description: string;
|
|
9
|
+
}
|
|
10
|
+
export interface SentinelModelRoleHasPermissions {
|
|
11
|
+
id: number;
|
|
12
|
+
role: number;
|
|
13
|
+
permission: string;
|
|
14
|
+
createdAt: string | Date;
|
|
15
|
+
updatedAt: string | Date;
|
|
16
|
+
PermissionKeys: SentinelPermissionKey;
|
|
17
|
+
}
|
|
18
|
+
export interface SentinelModelRole {
|
|
19
|
+
id: number;
|
|
20
|
+
name: string;
|
|
21
|
+
createdAt: string | Date;
|
|
22
|
+
updatedAt: string | Date;
|
|
23
|
+
RoleHasPermissions: SentinelModelRoleHasPermissions[];
|
|
24
|
+
}
|
|
25
|
+
export interface SentinelModelHasPermissions {
|
|
26
|
+
id: number;
|
|
27
|
+
role: number;
|
|
28
|
+
model: number;
|
|
29
|
+
createdAt: string | Date;
|
|
30
|
+
updatedAt: string | Date;
|
|
31
|
+
Roles: SentinelModelRole;
|
|
32
|
+
}
|
|
33
|
+
export interface SentinelModel {
|
|
34
|
+
permissions: PermissionKeysModel[];
|
|
35
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SentinelModel.js","sourceRoot":"","sources":["../../../src/models/SentinelModel.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"SentinelModuleOptions.js","sourceRoot":"","sources":["../../../src/models/SentinelModuleOptions.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.PrismaService = void 0;
|
|
13
|
+
const common_1 = require("@nestjs/common");
|
|
14
|
+
const client_1 = require("./generated/prisma/client");
|
|
15
|
+
const adapter_pg_1 = require("@prisma/adapter-pg");
|
|
16
|
+
let PrismaService = class PrismaService extends client_1.PrismaClient {
|
|
17
|
+
constructor() {
|
|
18
|
+
const adapter = new adapter_pg_1.PrismaPg({
|
|
19
|
+
connectionString: `postgres://${process.env.SENTINEL_DB_USER}:${process.env.SENTINEL_DB_PASS}@${process.env.SENTINEL_DB_HOST}:${process.env.SENTINEL_DB_PORT}/${process.env.SENTINEL_DB_DATABASE}`,
|
|
20
|
+
});
|
|
21
|
+
super({ adapter });
|
|
22
|
+
}
|
|
23
|
+
};
|
|
24
|
+
exports.PrismaService = PrismaService;
|
|
25
|
+
exports.PrismaService = PrismaService = __decorate([
|
|
26
|
+
(0, common_1.Injectable)(),
|
|
27
|
+
__metadata("design:paramtypes", [])
|
|
28
|
+
], PrismaService);
|
|
29
|
+
//# sourceMappingURL=prisma.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prisma.service.js","sourceRoot":"","sources":["../../src/prisma.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4C;AAC5C,sDAAyD;AACzD,mDAA8C;AAGvC,IAAM,aAAa,GAAnB,MAAM,aAAc,SAAQ,qBAAY;IAC7C;QACE,MAAM,OAAO,GAAG,IAAI,qBAAQ,CAAC;YAC3B,gBAAgB,EAAE,cAAc,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE;SACnM,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACrB,CAAC;CACF,CAAA;AAPY,sCAAa;wBAAb,aAAa;IADzB,IAAA,mBAAU,GAAE;;GACA,aAAa,CAOzB"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { SentinelService } from './sentinel.service';
|
|
3
|
+
import { Reflector } from '@nestjs/core';
|
|
4
|
+
export declare class SentinelGuard implements CanActivate {
|
|
5
|
+
private readonly sentinelService;
|
|
6
|
+
private reflector;
|
|
7
|
+
constructor(sentinelService: SentinelService, reflector: Reflector);
|
|
8
|
+
canActivate(context: ExecutionContext): boolean;
|
|
9
|
+
}
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.SentinelGuard = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const sentinel_service_1 = require("./sentinel.service");
|
|
18
|
+
const core_1 = require("@nestjs/core");
|
|
19
|
+
const main_1 = require("./main");
|
|
20
|
+
let SentinelGuard = class SentinelGuard {
|
|
21
|
+
sentinelService;
|
|
22
|
+
reflector;
|
|
23
|
+
constructor(sentinelService, reflector) {
|
|
24
|
+
this.sentinelService = sentinelService;
|
|
25
|
+
this.reflector = reflector;
|
|
26
|
+
}
|
|
27
|
+
canActivate(context) {
|
|
28
|
+
const requiredActions = this.reflector.getAllAndOverride(main_1.Can, [context.getHandler(), context.getClass()]);
|
|
29
|
+
if (requiredActions.length == 0)
|
|
30
|
+
return true;
|
|
31
|
+
let sentinelAuth = '';
|
|
32
|
+
if (context.getType() == 'rpc') {
|
|
33
|
+
const rpcContext = context.switchToRpc().getContext();
|
|
34
|
+
sentinelAuth = rpcContext.get(this.sentinelService.options.header || 'x-sentinel-key')[0];
|
|
35
|
+
}
|
|
36
|
+
else if (context.getType() == 'http') {
|
|
37
|
+
const httpContext = context.switchToHttp().getRequest();
|
|
38
|
+
const header = httpContext.headers[this.sentinelService.options.header || 'x-sentinel-key'];
|
|
39
|
+
if (header && typeof header == 'string') {
|
|
40
|
+
sentinelAuth = header;
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
else
|
|
44
|
+
return false;
|
|
45
|
+
if (!sentinelAuth)
|
|
46
|
+
return false;
|
|
47
|
+
try {
|
|
48
|
+
const payload = this.sentinelService.verify(sentinelAuth);
|
|
49
|
+
if (!payload)
|
|
50
|
+
return false;
|
|
51
|
+
const abilities = this.sentinelService.parseModelAbilities(payload);
|
|
52
|
+
for (const action of requiredActions) {
|
|
53
|
+
if (!action.source) {
|
|
54
|
+
return false;
|
|
55
|
+
}
|
|
56
|
+
if (abilities.can(Object.keys(action)[0], action.source))
|
|
57
|
+
return true;
|
|
58
|
+
}
|
|
59
|
+
return false;
|
|
60
|
+
}
|
|
61
|
+
catch {
|
|
62
|
+
return false;
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
};
|
|
66
|
+
exports.SentinelGuard = SentinelGuard;
|
|
67
|
+
exports.SentinelGuard = SentinelGuard = __decorate([
|
|
68
|
+
(0, common_1.Injectable)(),
|
|
69
|
+
__param(1, (0, common_1.Inject)(core_1.Reflector)),
|
|
70
|
+
__metadata("design:paramtypes", [sentinel_service_1.SentinelService,
|
|
71
|
+
core_1.Reflector])
|
|
72
|
+
], SentinelGuard);
|
|
73
|
+
//# sourceMappingURL=sentinel.guard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sentinel.guard.js","sourceRoot":"","sources":["../../src/sentinel.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAKwB;AACxB,yDAAqD;AAIrD,uCAAyC;AACzC,iCAAoD;AAG7C,IAAM,aAAa,GAAnB,MAAM,aAAa;IAEL;IACU;IAF7B,YACmB,eAAgC,EACtB,SAAoB;QAD9B,oBAAe,GAAf,eAAe,CAAiB;QACtB,cAAS,GAAT,SAAS,CAAW;IAC9C,CAAC;IACJ,WAAW,CAAC,OAAyB;QACnC,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAEtD,UAAG,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAEnD,IAAI,eAAe,CAAC,MAAM,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QAE7C,IAAI,YAAY,GAAG,EAAE,CAAC;QACtB,IAAI,OAAO,CAAC,OAAO,EAAE,IAAI,KAAK,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAa,OAAO,CAAC,WAAW,EAAE,CAAC,UAAU,EAAE,CAAC;YAChE,YAAY,GAAG,UAAU,CAAC,GAAG,CAC3B,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,IAAI,gBAAgB,CACxD,CAAC,CAAC,CAAW,CAAC;QACjB,CAAC;aAAM,IAAI,OAAO,CAAC,OAAO,EAAE,IAAI,MAAM,EAAE,CAAC;YACvC,MAAM,WAAW,GAAY,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;YACjE,MAAM,MAAM,GACV,WAAW,CAAC,OAAO,CACjB,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,IAAI,gBAAgB,CACxD,CAAC;YACJ,IAAI,MAAM,IAAI,OAAO,MAAM,IAAI,QAAQ,EAAE,CAAC;gBACxC,YAAY,GAAG,MAAM,CAAC;YACxB,CAAC;QACH,CAAC;;YAAM,OAAO,KAAK,CAAC;QAEpB,IAAI,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QAEhC,IAAI,CAAC;YACH,MAAM,OAAO,GAAkB,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YACzE,IAAI,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YAE3B,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACpE,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;gBACrC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACnB,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,IAAI,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;oBAAE,OAAO,IAAI,CAAC;YACxE,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF,CAAA;AAhDY,sCAAa;wBAAb,aAAa;IADzB,IAAA,mBAAU,GAAE;IAIR,WAAA,IAAA,eAAM,EAAC,gBAAS,CAAC,CAAA;qCADgB,kCAAe;QACX,gBAAS;GAHtC,aAAa,CAgDzB"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var _a;
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.MODULE_OPTIONS_TOKEN = exports.ConfigurableModuleClass = void 0;
|
|
5
|
+
const common_1 = require("@nestjs/common");
|
|
6
|
+
_a = new common_1.ConfigurableModuleBuilder().build(), exports.ConfigurableModuleClass = _a.ConfigurableModuleClass, exports.MODULE_OPTIONS_TOKEN = _a.MODULE_OPTIONS_TOKEN;
|
|
7
|
+
//# sourceMappingURL=sentinel.module-definition.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sentinel.module-definition.js","sourceRoot":"","sources":["../../src/sentinel.module-definition.ts"],"names":[],"mappings":";;;;AAAA,2CAA2D;AAG9C,KACX,IAAI,kCAAyB,EAAyB,CAAC,KAAK,EAAE,EADjD,+BAAuB,+BAAE,4BAAoB,2BACK"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.SentinelModule = void 0;
|
|
10
|
+
const common_1 = require("@nestjs/common");
|
|
11
|
+
const sentinel_service_1 = require("./sentinel.service");
|
|
12
|
+
const config_1 = require("@nestjs/config");
|
|
13
|
+
const prisma_service_1 = require("./prisma.service");
|
|
14
|
+
const sentinel_module_definition_1 = require("./sentinel.module-definition");
|
|
15
|
+
const jwt_1 = require("@nestjs/jwt");
|
|
16
|
+
const sentinel_guard_1 = require("./sentinel.guard");
|
|
17
|
+
let SentinelModule = class SentinelModule extends sentinel_module_definition_1.ConfigurableModuleClass {
|
|
18
|
+
};
|
|
19
|
+
exports.SentinelModule = SentinelModule;
|
|
20
|
+
exports.SentinelModule = SentinelModule = __decorate([
|
|
21
|
+
(0, common_1.Module)({
|
|
22
|
+
imports: [
|
|
23
|
+
config_1.ConfigModule.forRoot({ isGlobal: true }),
|
|
24
|
+
jwt_1.JwtModule.registerAsync({
|
|
25
|
+
imports: [config_1.ConfigModule],
|
|
26
|
+
inject: [config_1.ConfigService],
|
|
27
|
+
useFactory: (configService) => ({
|
|
28
|
+
secret: configService.getOrThrow('SENTINEL_KEY'),
|
|
29
|
+
signOptions: {
|
|
30
|
+
expiresIn: '30m',
|
|
31
|
+
},
|
|
32
|
+
}),
|
|
33
|
+
}),
|
|
34
|
+
],
|
|
35
|
+
controllers: [],
|
|
36
|
+
providers: [prisma_service_1.PrismaService, sentinel_service_1.SentinelService, sentinel_guard_1.SentinelGuard],
|
|
37
|
+
exports: [prisma_service_1.PrismaService, sentinel_service_1.SentinelService, sentinel_guard_1.SentinelGuard],
|
|
38
|
+
})
|
|
39
|
+
], SentinelModule);
|
|
40
|
+
//# sourceMappingURL=sentinel.module.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sentinel.module.js","sourceRoot":"","sources":["../../src/sentinel.module.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAAwC;AACxC,yDAAqD;AACrD,2CAA6D;AAC7D,qDAAiD;AACjD,6EAAuE;AACvE,qCAAwC;AACxC,qDAAiD;AAoB1C,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,oDAAuB;CAAG,CAAA;AAAjD,wCAAc;yBAAd,cAAc;IAlB1B,IAAA,eAAM,EAAC;QACN,OAAO,EAAE;YACP,qBAAY,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;YACxC,eAAS,CAAC,aAAa,CAAC;gBACtB,OAAO,EAAE,CAAC,qBAAY,CAAC;gBACvB,MAAM,EAAE,CAAC,sBAAa,CAAC;gBACvB,UAAU,EAAE,CAAC,aAA4B,EAAE,EAAE,CAAC,CAAC;oBAC7C,MAAM,EAAE,aAAa,CAAC,UAAU,CAAC,cAAc,CAAC;oBAChD,WAAW,EAAE;wBACX,SAAS,EAAE,KAAK;qBACjB;iBACF,CAAC;aACH,CAAC;SACH;QACD,WAAW,EAAE,EAAE;QACf,SAAS,EAAE,CAAC,8BAAa,EAAE,kCAAe,EAAE,8BAAa,CAAC;QAC1D,OAAO,EAAE,CAAC,8BAAa,EAAE,kCAAe,EAAE,8BAAa,CAAC;KACzD,CAAC;GACW,cAAc,CAAmC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { NotFoundException, OnModuleInit } from '@nestjs/common';
|
|
2
|
+
import { Prisma } from './generated/prisma/client';
|
|
3
|
+
import { PrismaService } from './prisma.service';
|
|
4
|
+
import type { SentinelModuleOptions } from './models/SentinelModuleOptions';
|
|
5
|
+
import { SecuredResource } from './main';
|
|
6
|
+
import { PermissionKeysModel } from './generated/prisma/models';
|
|
7
|
+
import { MongoAbility } from '@casl/ability';
|
|
8
|
+
import { ConfigService } from '@nestjs/config';
|
|
9
|
+
import { JwtService } from '@nestjs/jwt';
|
|
10
|
+
import { SentinelModel } from './models/SentinelModel';
|
|
11
|
+
export declare class SentinelService implements OnModuleInit {
|
|
12
|
+
private _options;
|
|
13
|
+
private prisma;
|
|
14
|
+
private jwt;
|
|
15
|
+
private config;
|
|
16
|
+
resources: SecuredResource[];
|
|
17
|
+
options: SentinelModuleOptions;
|
|
18
|
+
constructor(_options: SentinelModuleOptions, prisma: PrismaService, jwt: JwtService, config: ConfigService);
|
|
19
|
+
verify(token: string): SentinelModel;
|
|
20
|
+
packModel(model: PermissionKeysModel[]): string;
|
|
21
|
+
parseModelAbilities(model: SentinelModel): MongoAbility;
|
|
22
|
+
buildModelAbilities(modelId: number): Promise<MongoAbility<import("@casl/ability").AbilityTuple, import("@casl/ability").MongoQuery> | NotFoundException>;
|
|
23
|
+
onModuleInit(): Promise<void>;
|
|
24
|
+
getRole(role: Prisma.RolesWhereUniqueInput): Promise<{
|
|
25
|
+
name: string | null;
|
|
26
|
+
id: number;
|
|
27
|
+
createdAt: Date;
|
|
28
|
+
updatedAt: Date;
|
|
29
|
+
} | null>;
|
|
30
|
+
getModelRoles(modelId: number): Promise<PermissionKeysModel[]>;
|
|
31
|
+
getPermission(id: 'fds' | 'fdsk'): Promise<{
|
|
32
|
+
id: string;
|
|
33
|
+
resource: string | null;
|
|
34
|
+
action: string | null;
|
|
35
|
+
createdAt: Date;
|
|
36
|
+
updatedAt: Date;
|
|
37
|
+
description: string | null;
|
|
38
|
+
} | null>;
|
|
39
|
+
}
|
|
@@ -0,0 +1,146 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.SentinelService = void 0;
|
|
16
|
+
const common_1 = require("@nestjs/common");
|
|
17
|
+
const prisma_service_1 = require("./prisma.service");
|
|
18
|
+
const sentinel_module_definition_1 = require("./sentinel.module-definition");
|
|
19
|
+
const ability_1 = require("@casl/ability");
|
|
20
|
+
const config_1 = require("@nestjs/config");
|
|
21
|
+
const jwt_1 = require("@nestjs/jwt");
|
|
22
|
+
let SentinelService = class SentinelService {
|
|
23
|
+
_options;
|
|
24
|
+
prisma;
|
|
25
|
+
jwt;
|
|
26
|
+
config;
|
|
27
|
+
resources;
|
|
28
|
+
options;
|
|
29
|
+
constructor(_options, prisma, jwt, config) {
|
|
30
|
+
this._options = _options;
|
|
31
|
+
this.prisma = prisma;
|
|
32
|
+
this.jwt = jwt;
|
|
33
|
+
this.config = config;
|
|
34
|
+
this.options = this._options;
|
|
35
|
+
this.resources = this.options.resources;
|
|
36
|
+
}
|
|
37
|
+
verify(token) {
|
|
38
|
+
return this.jwt.verify(token);
|
|
39
|
+
}
|
|
40
|
+
packModel(model) {
|
|
41
|
+
return this.jwt.sign({
|
|
42
|
+
permissions: model,
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
parseModelAbilities(model) {
|
|
46
|
+
const { can, cannot, build } = new ability_1.AbilityBuilder(ability_1.createMongoAbility);
|
|
47
|
+
for (const resource of this.resources) {
|
|
48
|
+
for (const action of Object.keys(resource.actions)) {
|
|
49
|
+
if (model.permissions.find((permissions) => permissions.action == resource.actions[action])) {
|
|
50
|
+
can(action, resource.name);
|
|
51
|
+
}
|
|
52
|
+
else
|
|
53
|
+
cannot(action, resource.name);
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
return build({
|
|
57
|
+
detectSubjectType: (item) => item.constructor,
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
async buildModelAbilities(modelId) {
|
|
61
|
+
const rawModel = await this.getModelRoles(modelId);
|
|
62
|
+
if (!rawModel)
|
|
63
|
+
return new common_1.NotFoundException('The provided model ID did not return any Role assigned to it.');
|
|
64
|
+
const model = {
|
|
65
|
+
roles: [],
|
|
66
|
+
permissions: [],
|
|
67
|
+
};
|
|
68
|
+
const { can, cannot, build } = new ability_1.AbilityBuilder(ability_1.createMongoAbility);
|
|
69
|
+
for (const resource of this.resources) {
|
|
70
|
+
for (const action of Object.keys(resource.actions)) {
|
|
71
|
+
if (model.permissions.find((permissions) => permissions.action == resource.actions[action])) {
|
|
72
|
+
can(action, resource.name);
|
|
73
|
+
}
|
|
74
|
+
else
|
|
75
|
+
cannot(action, resource.name);
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
return build({
|
|
79
|
+
detectSubjectType: (item) => item.constructor,
|
|
80
|
+
});
|
|
81
|
+
}
|
|
82
|
+
async onModuleInit() {
|
|
83
|
+
const key = this.config.get('SENTINEL_KEY');
|
|
84
|
+
if (!key) {
|
|
85
|
+
throw new Error('SENTINEL_KEY was not found during Sentinel runtime. Have you ran `npx sentinel init`?');
|
|
86
|
+
}
|
|
87
|
+
for (const resource of this.options.resources) {
|
|
88
|
+
const matchingActions = await this.prisma.permissionKeys.findMany({
|
|
89
|
+
where: {
|
|
90
|
+
resource: resource.name,
|
|
91
|
+
},
|
|
92
|
+
});
|
|
93
|
+
Object.keys(resource.actions).forEach((_key) => {
|
|
94
|
+
if (!matchingActions.find((mAction) => mAction.action == _key)) {
|
|
95
|
+
common_1.Logger.warn(`Action "${_key}" in Secured Resource "${resource.name}" does not exist in the database. If these Actions are new, have you persisted them with "npx sentinel commit"?`);
|
|
96
|
+
}
|
|
97
|
+
});
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
async getRole(role) {
|
|
101
|
+
return this.prisma.roles.findUnique({
|
|
102
|
+
where: role,
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
async getModelRoles(modelId) {
|
|
106
|
+
try {
|
|
107
|
+
const result = await this.prisma.modelHasRoles.findMany({
|
|
108
|
+
where: {
|
|
109
|
+
model: modelId,
|
|
110
|
+
},
|
|
111
|
+
include: {
|
|
112
|
+
Roles: {
|
|
113
|
+
include: {
|
|
114
|
+
RoleHasPermissions: {
|
|
115
|
+
include: {
|
|
116
|
+
PermissionKeys: true,
|
|
117
|
+
},
|
|
118
|
+
},
|
|
119
|
+
},
|
|
120
|
+
},
|
|
121
|
+
},
|
|
122
|
+
});
|
|
123
|
+
const flatResult = result.flatMap((rhp) => rhp.Roles.RoleHasPermissions.map((rhp) => rhp.PermissionKeys));
|
|
124
|
+
return flatResult;
|
|
125
|
+
}
|
|
126
|
+
catch (error) {
|
|
127
|
+
throw new Error(error);
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
async getPermission(id) {
|
|
131
|
+
return await this.prisma.permissionKeys.findFirst({
|
|
132
|
+
where: {
|
|
133
|
+
id,
|
|
134
|
+
},
|
|
135
|
+
});
|
|
136
|
+
}
|
|
137
|
+
};
|
|
138
|
+
exports.SentinelService = SentinelService;
|
|
139
|
+
exports.SentinelService = SentinelService = __decorate([
|
|
140
|
+
(0, common_1.Injectable)(),
|
|
141
|
+
__param(0, (0, common_1.Inject)(sentinel_module_definition_1.MODULE_OPTIONS_TOKEN)),
|
|
142
|
+
__metadata("design:paramtypes", [Object, prisma_service_1.PrismaService,
|
|
143
|
+
jwt_1.JwtService,
|
|
144
|
+
config_1.ConfigService])
|
|
145
|
+
], SentinelService);
|
|
146
|
+
//# sourceMappingURL=sentinel.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sentinel.service.js","sourceRoot":"","sources":["../../src/sentinel.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAMwB;AAExB,qDAAiD;AACjD,6EAAoE;AAIpE,2CAMuB;AACvB,2CAA+C;AAC/C,qCAAyC;AAIlC,IAAM,eAAe,GAArB,MAAM,eAAe;IAIc;IAC9B;IACA;IACA;IANV,SAAS,CAAoB;IAC7B,OAAO,CAAwB;IAC/B,YACwC,QAA+B,EAC7D,MAAqB,EACrB,GAAe,EACf,MAAqB;QAHS,aAAQ,GAAR,QAAQ,CAAuB;QAC7D,WAAM,GAAN,MAAM,CAAe;QACrB,QAAG,GAAH,GAAG,CAAY;QACf,WAAM,GAAN,MAAM,CAAe;QAE7B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;IAC1C,CAAC;IAED,MAAM,CAAC,KAAa;QAClB,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAED,SAAS,CAAC,KAA4B;QACpC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;YACnB,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,mBAAmB,CAAC,KAAoB;QACtC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,wBAAc,CAAC,4BAAkB,CAAC,CAAC;QAEtE,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnD,IACE,KAAK,CAAC,WAAW,CAAC,IAAI,CACpB,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,CAAC,MAAM,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAChE,EACD,CAAC;oBACD,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;;oBAAM,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAID,OAAO,KAAK,CAAC;YACX,iBAAiB,EAAE,CAAC,IAAI,EAAE,EAAE,CAE1B,IAAI,CAAC,WAA2C;SACnD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAAe;QACvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,CAAC,QAAQ;YACX,OAAO,IAAI,0BAAiB,CAC1B,+DAA+D,CAChE,CAAC;QAEJ,MAAM,KAAK,GAGP;YACF,KAAK,EAAE,EAAE;YACT,WAAW,EAAE,EAAE;SAChB,CAAC;QASF,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,wBAAc,CAAC,4BAAkB,CAAC,CAAC;QAEtE,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnD,IACE,KAAK,CAAC,WAAW,CAAC,IAAI,CACpB,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,CAAC,MAAM,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAChE,EACD,CAAC;oBACD,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;;oBAAM,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAID,OAAO,KAAK,CAAC;YACX,iBAAiB,EAAE,CAAC,IAAI,EAAE,EAAE,CAE1B,IAAI,CAAC,WAA2C;SACnD,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,YAAY;QAEhB,MAAM,GAAG,GAAuB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAChE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CACb,uFAAuF,CACxF,CAAC;QACJ,CAAC;QAGD,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YAC9C,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC;gBAChE,KAAK,EAAE;oBACL,QAAQ,EAAE,QAAQ,CAAC,IAAI;iBACxB;aACF,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;gBAC7C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,EAAE,CAAC;oBAC/D,eAAM,CAAC,IAAI,CACT,WAAW,IAAI,0BAA0B,QAAQ,CAAC,IAAI,iHAAiH,CACxK,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,IAAkC;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YAClC,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAe;QACjC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC;gBACtD,KAAK,EAAE;oBACL,KAAK,EAAE,OAAO;iBACf;gBACD,OAAO,EAAE;oBACP,KAAK,EAAE;wBACL,OAAO,EAAE;4BACP,kBAAkB,EAAE;gCAClB,OAAO,EAAE;oCACP,cAAc,EAAE,IAAI;iCACrB;6BACF;yBACF;qBACF;iBACF;aACF,CAAC,CAAC;YAEH,MAAM,UAAU,GAA0B,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAC/D,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,CAC9D,CAAC;YAEF,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAEf,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAkB;QACpC,OAAO,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC;YAChD,KAAK,EAAE;gBACL,EAAE;aACH;SACF,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AAlKY,0CAAe;0BAAf,eAAe;IAD3B,IAAA,mBAAU,GAAE;IAKR,WAAA,IAAA,eAAM,EAAC,iDAAoB,CAAC,CAAA;6CACb,8BAAa;QAChB,gBAAU;QACP,sBAAa;GAPpB,eAAe,CAkK3B"}
|