@kaapi/oauth2-auth-design 0.0.14 → 0.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/kaukau.config.mjs +20 -0
- package/lib/cli.js +6 -6
- package/lib/flows/auth-code/authorization-route.d.ts +58 -7
- package/lib/flows/auth-code/authorization-route.js +139 -52
- package/lib/flows/auth-code/authorization-route.js.map +1 -1
- package/lib/flows/auth-code/authorization-utils.d.ts +35 -0
- package/lib/flows/auth-code/authorization-utils.js +44 -0
- package/lib/flows/auth-code/authorization-utils.js.map +1 -0
- package/lib/flows/auth-code/token-route.d.ts +10 -18
- package/lib/flows/auth-code/token-route.js +6 -15
- package/lib/flows/auth-code/token-route.js.map +1 -1
- package/lib/flows/authorization-code.d.ts +112 -0
- package/lib/flows/authorization-code.js +570 -0
- package/lib/flows/authorization-code.js.map +1 -0
- package/lib/flows/client-credentials.d.ts +79 -39
- package/lib/flows/client-credentials.js +324 -257
- package/lib/flows/client-credentials.js.map +1 -1
- package/lib/flows/client-creds/token-route.d.ts +23 -0
- package/lib/flows/client-creds/token-route.js +52 -0
- package/lib/flows/client-creds/token-route.js.map +1 -0
- package/lib/flows/common.d.ts +265 -28
- package/lib/flows/common.js +293 -29
- package/lib/flows/common.js.map +1 -1
- package/lib/flows/device-auth/authorization-route.d.ts +83 -0
- package/lib/flows/device-auth/authorization-route.js +68 -0
- package/lib/flows/device-auth/authorization-route.js.map +1 -0
- package/lib/flows/device-auth/token-route.d.ts +29 -0
- package/lib/flows/device-auth/token-route.js +49 -0
- package/lib/flows/device-auth/token-route.js.map +1 -0
- package/lib/flows/device-authorization.d.ts +112 -0
- package/lib/flows/device-authorization.js +523 -0
- package/lib/flows/device-authorization.js.map +1 -0
- package/lib/flows/oidc-multiple-flows.d.ts +59 -0
- package/lib/flows/oidc-multiple-flows.js +268 -0
- package/lib/flows/oidc-multiple-flows.js.map +1 -0
- package/lib/index.d.ts +12 -6
- package/lib/index.js +12 -6
- package/lib/index.js.map +1 -1
- package/lib/utils/client-auth-methods.d.ts +2 -2
- package/lib/utils/client-auth-methods.js +5 -6
- package/lib/utils/client-auth-methods.js.map +1 -1
- package/lib/utils/in-memory-key-store.d.ts +12 -0
- package/lib/utils/in-memory-key-store.js +46 -0
- package/lib/utils/in-memory-key-store.js.map +1 -0
- package/lib/utils/jwt-authority.d.ts +81 -0
- package/lib/utils/jwt-authority.js +186 -0
- package/lib/utils/jwt-authority.js.map +1 -0
- package/lib/utils/jwt-utils.d.ts +33 -0
- package/lib/utils/jwt-utils.js +24 -0
- package/lib/utils/jwt-utils.js.map +1 -0
- package/lib/utils/replay-store.d.ts +13 -0
- package/lib/utils/{cache-set.js → replay-store.js} +8 -4
- package/lib/utils/replay-store.js.map +1 -0
- package/lib/utils/token-types.d.ts +6 -3
- package/lib/utils/token-types.js +13 -10
- package/lib/utils/token-types.js.map +1 -1
- package/lib/utils/verify-code-verifier.d.ts +4 -0
- package/lib/utils/verify-code-verifier.js +18 -0
- package/lib/utils/verify-code-verifier.js.map +1 -0
- package/package.json +6 -7
- package/lib/flows/auth-code/open-id.d.ts +0 -53
- package/lib/flows/auth-code/open-id.js +0 -199
- package/lib/flows/auth-code/open-id.js.map +0 -1
- package/lib/flows/auth-code.ts/open-id.d.ts +0 -52
- package/lib/flows/auth-code.ts/open-id.js +0 -169
- package/lib/flows/auth-code.ts/open-id.js.map +0 -1
- package/lib/flows/authentication-code.d.ts +0 -53
- package/lib/flows/authentication-code.js +0 -380
- package/lib/flows/authentication-code.js.map +0 -1
- package/lib/utils/cache-set.d.ts +0 -12
- package/lib/utils/cache-set.js.map +0 -1
- package/lib/utils/in-memory-cache.d.ts +0 -5
- package/lib/utils/in-memory-cache.js +0 -30
- package/lib/utils/in-memory-cache.js.map +0 -1
- package/lib/utils/in-memory-jwks-store.d.ts +0 -12
- package/lib/utils/in-memory-jwks-store.js +0 -46
- package/lib/utils/in-memory-jwks-store.js.map +0 -1
- package/lib/utils/jwks-generator.d.ts +0 -58
- package/lib/utils/jwks-generator.js +0 -141
- package/lib/utils/jwks-generator.js.map +0 -1
- package/lib/utils/jwks-store.d.ts +0 -13
- package/lib/utils/jwks-store.js +0 -3
- package/lib/utils/jwks-store.js.map +0 -1
package/lib/flows/common.js
CHANGED
|
@@ -1,14 +1,55 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var
|
|
2
|
+
var _DefaultOAuth2RefreshTokenRoute_generateToken;
|
|
3
3
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
-
exports.
|
|
4
|
+
exports.OIDCAuthUtil = exports.DefaultJWKSRoute = exports.JWKSRoute = exports.OAuth2AuthDesign = exports.OAuth2TokenResponse = exports.DefaultOAuth2RefreshTokenRoute = exports.OAuth2RefreshTokenRoute = exports.OAuth2TokenRoute = exports.AllOAuth2ErrorCode = exports.DeviceFlowOAuth2ErrorCode = exports.OAuth2TokenErrorCode = exports.OAuth2ErrorCode = exports.ExtendedOAuth2ErrorCode = exports.StandardOAuth2ErrorCode = void 0;
|
|
5
|
+
exports.createMatchOAuth2ErrorCode = createMatchOAuth2ErrorCode;
|
|
5
6
|
const tslib_1 = require("tslib");
|
|
6
7
|
const kaapi_1 = require("@kaapi/kaapi");
|
|
7
|
-
const
|
|
8
|
-
const
|
|
8
|
+
const boom_1 = tslib_1.__importDefault(require("@hapi/boom"));
|
|
9
|
+
const hoek_1 = tslib_1.__importDefault(require("@hapi/hoek"));
|
|
10
|
+
const api_doc_generator_1 = require("@novice1/api-doc-generator");
|
|
9
11
|
const token_types_1 = require("../utils/token-types");
|
|
10
12
|
const client_auth_methods_1 = require("../utils/client-auth-methods");
|
|
11
|
-
|
|
13
|
+
const jwt_authority_1 = require("../utils/jwt-authority");
|
|
14
|
+
const in_memory_key_store_1 = require("../utils/in-memory-key-store");
|
|
15
|
+
exports.StandardOAuth2ErrorCode = Object.freeze({
|
|
16
|
+
INVALID_REQUEST: 'invalid_request',
|
|
17
|
+
UNAUTHORIZED_CLIENT: 'unauthorized_client',
|
|
18
|
+
ACCESS_DENIED: 'access_denied',
|
|
19
|
+
UNSUPPORTED_RESPONSE_TYPE: 'unsupported_response_type',
|
|
20
|
+
INVALID_SCOPE: 'invalid_scope',
|
|
21
|
+
SERVER_ERROR: 'server_error',
|
|
22
|
+
TEMPORARILY_UNAVAILABLE: 'temporarily_unavailable',
|
|
23
|
+
INVALID_CLIENT: 'invalid_client',
|
|
24
|
+
INVALID_GRANT: 'invalid_grant',
|
|
25
|
+
UNSUPPORTED_GRANT_TYPE: 'unsupported_grant_type',
|
|
26
|
+
});
|
|
27
|
+
exports.ExtendedOAuth2ErrorCode = Object.freeze({
|
|
28
|
+
LOGIN_REQUIRED: 'login_required',
|
|
29
|
+
INTERACTION_REQUIRED: 'interaction_required',
|
|
30
|
+
CONSENT_REQUIRED: 'consent_required',
|
|
31
|
+
ACCOUNT_LOCKED: 'account_locked',
|
|
32
|
+
PASSWORD_EXPIRED: 'password_expired',
|
|
33
|
+
});
|
|
34
|
+
exports.OAuth2ErrorCode = Object.freeze(Object.assign(Object.assign({}, exports.StandardOAuth2ErrorCode), exports.ExtendedOAuth2ErrorCode));
|
|
35
|
+
exports.OAuth2TokenErrorCode = Object.freeze({
|
|
36
|
+
INVALID_TOKEN: 'invalid_token',
|
|
37
|
+
INSUFFICIENT_SCOPE: 'insufficient_scope',
|
|
38
|
+
});
|
|
39
|
+
exports.DeviceFlowOAuth2ErrorCode = Object.freeze({
|
|
40
|
+
ACCESS_DENIED: 'access_denied',
|
|
41
|
+
AUTHORIZATION_PENDING: 'authorization_pending',
|
|
42
|
+
SLOW_DOWN: 'slow_down',
|
|
43
|
+
EXPIRED_TOKEN: 'expired_token',
|
|
44
|
+
});
|
|
45
|
+
exports.AllOAuth2ErrorCode = Object.freeze(Object.assign(Object.assign(Object.assign(Object.assign({}, exports.StandardOAuth2ErrorCode), exports.ExtendedOAuth2ErrorCode), exports.OAuth2TokenErrorCode), exports.DeviceFlowOAuth2ErrorCode));
|
|
46
|
+
function createMatchOAuth2ErrorCode(handlers) {
|
|
47
|
+
return (code) => {
|
|
48
|
+
const handler = handlers[code];
|
|
49
|
+
return handler ? handler() : undefined;
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
class OAuth2TokenRoute {
|
|
12
53
|
get path() {
|
|
13
54
|
return this._path;
|
|
14
55
|
}
|
|
@@ -20,7 +61,42 @@ class OAuth2RefreshTokenRoute {
|
|
|
20
61
|
this._handler = handler;
|
|
21
62
|
}
|
|
22
63
|
}
|
|
64
|
+
exports.OAuth2TokenRoute = OAuth2TokenRoute;
|
|
65
|
+
class OAuth2RefreshTokenRoute extends OAuth2TokenRoute {
|
|
66
|
+
static buildDefault() {
|
|
67
|
+
return new DefaultOAuth2RefreshTokenRoute();
|
|
68
|
+
}
|
|
69
|
+
}
|
|
23
70
|
exports.OAuth2RefreshTokenRoute = OAuth2RefreshTokenRoute;
|
|
71
|
+
class DefaultOAuth2RefreshTokenRoute extends OAuth2RefreshTokenRoute {
|
|
72
|
+
constructor() {
|
|
73
|
+
super('/oauth2/token', (props, req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
74
|
+
const r = yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2RefreshTokenRoute_generateToken, "f").call(this, props, req);
|
|
75
|
+
if (!r)
|
|
76
|
+
return h.continue;
|
|
77
|
+
if ('error' in r)
|
|
78
|
+
return h.response(r).code(400);
|
|
79
|
+
return h.response(r).code(200);
|
|
80
|
+
}));
|
|
81
|
+
_DefaultOAuth2RefreshTokenRoute_generateToken.set(this, void 0);
|
|
82
|
+
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2RefreshTokenRoute_generateToken, () => null, "f");
|
|
83
|
+
}
|
|
84
|
+
generateToken(handler) {
|
|
85
|
+
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2RefreshTokenRoute_generateToken, handler, "f");
|
|
86
|
+
return this;
|
|
87
|
+
}
|
|
88
|
+
setPath(path) {
|
|
89
|
+
if (path)
|
|
90
|
+
this._path = path;
|
|
91
|
+
return this;
|
|
92
|
+
}
|
|
93
|
+
validate(handler) {
|
|
94
|
+
this._handler = handler;
|
|
95
|
+
return this;
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
exports.DefaultOAuth2RefreshTokenRoute = DefaultOAuth2RefreshTokenRoute;
|
|
99
|
+
_DefaultOAuth2RefreshTokenRoute_generateToken = new WeakMap();
|
|
24
100
|
class OAuth2TokenResponse {
|
|
25
101
|
constructor({ access_token, expires_in, refresh_token, scope, id_token }) {
|
|
26
102
|
this.tokenType = 'bearer';
|
|
@@ -71,7 +147,7 @@ class OAuth2TokenResponse {
|
|
|
71
147
|
getScope() {
|
|
72
148
|
return this.scope;
|
|
73
149
|
}
|
|
74
|
-
|
|
150
|
+
setIdToken(value) {
|
|
75
151
|
this.idToken = value;
|
|
76
152
|
return this;
|
|
77
153
|
}
|
|
@@ -93,8 +169,6 @@ class OAuth2TokenResponse {
|
|
|
93
169
|
}
|
|
94
170
|
}
|
|
95
171
|
exports.OAuth2TokenResponse = OAuth2TokenResponse;
|
|
96
|
-
//#endregion OAuth2TokenResponse
|
|
97
|
-
//#region OAuth2AuthDesign
|
|
98
172
|
class OAuth2AuthDesign extends kaapi_1.AuthDesign {
|
|
99
173
|
get tokenType() {
|
|
100
174
|
return this._tokenType.prefix;
|
|
@@ -117,7 +191,8 @@ class OAuth2AuthDesign extends kaapi_1.AuthDesign {
|
|
|
117
191
|
}
|
|
118
192
|
return result;
|
|
119
193
|
}
|
|
120
|
-
constructor() {
|
|
194
|
+
constructor(options) {
|
|
195
|
+
var _a, _b, _c, _d, _e, _f;
|
|
121
196
|
super();
|
|
122
197
|
this._clientAuthMethods = {
|
|
123
198
|
client_secret_basic: undefined,
|
|
@@ -127,10 +202,14 @@ class OAuth2AuthDesign extends kaapi_1.AuthDesign {
|
|
|
127
202
|
none: undefined
|
|
128
203
|
};
|
|
129
204
|
this._tokenType = new token_types_1.BearerToken();
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
205
|
+
this.strategyName = (options === null || options === void 0 ? void 0 : options.strategyName) || 'oauth2-auth-design';
|
|
206
|
+
this.options = (options === null || options === void 0 ? void 0 : options.options) ? Object.assign({}, (options.options)) : {};
|
|
207
|
+
//
|
|
208
|
+
this.jwksRoute = options === null || options === void 0 ? void 0 : options.jwksRoute;
|
|
209
|
+
this.jwksKeyStore = (_a = options === null || options === void 0 ? void 0 : options.jwksOptions) === null || _a === void 0 ? void 0 : _a.keyStore;
|
|
210
|
+
this.jwksPublicKeyTtl = (_b = options === null || options === void 0 ? void 0 : options.jwksOptions) === null || _b === void 0 ? void 0 : _b.ttl;
|
|
211
|
+
this.jwksRotationIntervalMs = (_d = (_c = options === null || options === void 0 ? void 0 : options.jwksOptions) === null || _c === void 0 ? void 0 : _c.rotation) === null || _d === void 0 ? void 0 : _d.intervalMs;
|
|
212
|
+
this.jwksRotationTimestampStore = (_f = (_e = options === null || options === void 0 ? void 0 : options.jwksOptions) === null || _e === void 0 ? void 0 : _e.rotation) === null || _f === void 0 ? void 0 : _f.timestampStore;
|
|
134
213
|
}
|
|
135
214
|
_extractClientParams(req, authMethodsInstances, checkOrder) {
|
|
136
215
|
return tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
@@ -148,11 +227,11 @@ class OAuth2AuthDesign extends kaapi_1.AuthDesign {
|
|
|
148
227
|
clientId = v.clientId;
|
|
149
228
|
clientSecret = v.clientSecret;
|
|
150
229
|
if (!v.clientId) {
|
|
151
|
-
error =
|
|
230
|
+
error = exports.OAuth2ErrorCode.INVALID_REQUEST;
|
|
152
231
|
errorDescription = `Error ${amInstance.method}: Missing client_id`;
|
|
153
232
|
}
|
|
154
233
|
else if (!amInstance.secretIsOptional && !v.clientSecret) {
|
|
155
|
-
error =
|
|
234
|
+
error = exports.OAuth2ErrorCode.INVALID_REQUEST;
|
|
156
235
|
errorDescription = `Error ${amInstance.method}: Missing client_secret`;
|
|
157
236
|
}
|
|
158
237
|
break;
|
|
@@ -170,6 +249,66 @@ class OAuth2AuthDesign extends kaapi_1.AuthDesign {
|
|
|
170
249
|
};
|
|
171
250
|
});
|
|
172
251
|
}
|
|
252
|
+
getJwtAuthority() {
|
|
253
|
+
if (this.jwtAuthority)
|
|
254
|
+
return this.jwtAuthority;
|
|
255
|
+
if (this.jwksRoute || this.jwksKeyStore || this.options.useAccessTokenJwks) {
|
|
256
|
+
this.jwtAuthority = new jwt_authority_1.JwtAuthority(this.jwksKeyStore || new in_memory_key_store_1.InMemoryKeyStore(), this.jwksPublicKeyTtl);
|
|
257
|
+
}
|
|
258
|
+
return this.jwtAuthority;
|
|
259
|
+
}
|
|
260
|
+
getJwksRotator() {
|
|
261
|
+
if (this.jwksRotator)
|
|
262
|
+
return this.jwksRotator;
|
|
263
|
+
const jwtAuthority = this.getJwtAuthority();
|
|
264
|
+
if (jwtAuthority && this.jwksRotationIntervalMs) {
|
|
265
|
+
this.jwksRotator = new jwt_authority_1.JwksRotator({
|
|
266
|
+
keyGenerator: jwtAuthority,
|
|
267
|
+
rotationIntervalMs: this.jwksRotationIntervalMs,
|
|
268
|
+
rotatorKeyStore: this.jwksRotationTimestampStore || new in_memory_key_store_1.InMemoryKeyStore(),
|
|
269
|
+
logger: this.logger
|
|
270
|
+
});
|
|
271
|
+
}
|
|
272
|
+
return this.jwksRotator;
|
|
273
|
+
}
|
|
274
|
+
createJwksEndpoint(t) {
|
|
275
|
+
const jwtAuthority = this.getJwtAuthority();
|
|
276
|
+
if (this.jwksRoute && jwtAuthority) {
|
|
277
|
+
t.route({
|
|
278
|
+
path: this.jwksRoute.path,
|
|
279
|
+
method: 'GET',
|
|
280
|
+
options: {
|
|
281
|
+
plugins: {
|
|
282
|
+
kaapi: {
|
|
283
|
+
docs: false
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
},
|
|
287
|
+
handler: (req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
288
|
+
var _a;
|
|
289
|
+
const jwks = yield jwtAuthority.getJwksEndpointResponse();
|
|
290
|
+
if ((_a = this.jwksRoute) === null || _a === void 0 ? void 0 : _a.handler) {
|
|
291
|
+
return this.jwksRoute.handler({
|
|
292
|
+
jwks
|
|
293
|
+
}, req, h);
|
|
294
|
+
}
|
|
295
|
+
return jwks;
|
|
296
|
+
})
|
|
297
|
+
});
|
|
298
|
+
}
|
|
299
|
+
}
|
|
300
|
+
checkAndRotateKeys() {
|
|
301
|
+
return tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
302
|
+
var _a;
|
|
303
|
+
return (_a = this.getJwksRotator()) === null || _a === void 0 ? void 0 : _a.checkAndRotateKeys();
|
|
304
|
+
});
|
|
305
|
+
}
|
|
306
|
+
generateKeyPair() {
|
|
307
|
+
return tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
308
|
+
var _a;
|
|
309
|
+
return (_a = this.getJwtAuthority()) === null || _a === void 0 ? void 0 : _a.generateKeyPair();
|
|
310
|
+
});
|
|
311
|
+
}
|
|
173
312
|
setTokenType(value) {
|
|
174
313
|
this._tokenType = value;
|
|
175
314
|
return this;
|
|
@@ -210,26 +349,151 @@ class OAuth2AuthDesign extends kaapi_1.AuthDesign {
|
|
|
210
349
|
}
|
|
211
350
|
return this;
|
|
212
351
|
}
|
|
352
|
+
//
|
|
353
|
+
setTokenTTL(ttlSeconds) {
|
|
354
|
+
this.tokenTTL = ttlSeconds;
|
|
355
|
+
return this;
|
|
356
|
+
}
|
|
357
|
+
getTokenTTL() {
|
|
358
|
+
return this.tokenTTL;
|
|
359
|
+
}
|
|
360
|
+
setDescription(description) {
|
|
361
|
+
this.description = description;
|
|
362
|
+
return this;
|
|
363
|
+
}
|
|
364
|
+
/**
|
|
365
|
+
*
|
|
366
|
+
* @param scopes The scopes of the access request.
|
|
367
|
+
* A map between the scope name and a short description for it. The map MAY be empty.
|
|
368
|
+
* @returns
|
|
369
|
+
*/
|
|
370
|
+
setScopes(scopes) {
|
|
371
|
+
this.scopes = scopes;
|
|
372
|
+
return this;
|
|
373
|
+
}
|
|
374
|
+
getScopes() {
|
|
375
|
+
return this.scopes;
|
|
376
|
+
}
|
|
377
|
+
getStrategyName() {
|
|
378
|
+
return this.strategyName;
|
|
379
|
+
}
|
|
380
|
+
getDescription() {
|
|
381
|
+
return this.description;
|
|
382
|
+
}
|
|
383
|
+
/**
|
|
384
|
+
* Where authentication schemes and strategies are registered.
|
|
385
|
+
*/
|
|
386
|
+
integrateStrategy(t) {
|
|
387
|
+
const tokenTypePrefix = this.tokenType;
|
|
388
|
+
const tokenTypeInstance = this._tokenType;
|
|
389
|
+
const getJwtAuthority = () => this.getJwtAuthority();
|
|
390
|
+
t.scheme(this.strategyName, (_server, options) => {
|
|
391
|
+
return {
|
|
392
|
+
authenticate(request, h) {
|
|
393
|
+
return tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
394
|
+
var _a;
|
|
395
|
+
const settings = hoek_1.default.applyToDefaults({}, options || {});
|
|
396
|
+
const authorization = request.raw.req.headers.authorization;
|
|
397
|
+
const authSplit = authorization ? authorization.split(/\s+/) : ['', ''];
|
|
398
|
+
const tokenType = authSplit[0];
|
|
399
|
+
let token = authSplit[1];
|
|
400
|
+
let jwtAccessTokenPayload;
|
|
401
|
+
if (tokenType.toLowerCase() !== tokenTypePrefix.toLowerCase()) {
|
|
402
|
+
token = '';
|
|
403
|
+
return boom_1.default.unauthorized(null, tokenTypePrefix);
|
|
404
|
+
}
|
|
405
|
+
if (!(yield tokenTypeInstance.isValid(request, token)).isValid) {
|
|
406
|
+
return boom_1.default.unauthorized(null, tokenTypePrefix);
|
|
407
|
+
}
|
|
408
|
+
const jwtAuthority = getJwtAuthority();
|
|
409
|
+
if (jwtAuthority && settings.useAccessTokenJwks) {
|
|
410
|
+
try {
|
|
411
|
+
jwtAccessTokenPayload = yield jwtAuthority.verify(token);
|
|
412
|
+
}
|
|
413
|
+
catch (err) {
|
|
414
|
+
t.log.error(err);
|
|
415
|
+
return boom_1.default.unauthorized(null, tokenTypePrefix);
|
|
416
|
+
}
|
|
417
|
+
}
|
|
418
|
+
if (settings.validate) {
|
|
419
|
+
try {
|
|
420
|
+
const result = yield ((_a = settings.validate) === null || _a === void 0 ? void 0 : _a.call(settings, request, { token, jwtAccessTokenPayload }, h));
|
|
421
|
+
if (result && 'isAuth' in result) {
|
|
422
|
+
return result;
|
|
423
|
+
}
|
|
424
|
+
if (result && 'isBoom' in result) {
|
|
425
|
+
return result;
|
|
426
|
+
}
|
|
427
|
+
if (result) {
|
|
428
|
+
const { isValid, credentials, artifacts, message } = result;
|
|
429
|
+
if (isValid && credentials) {
|
|
430
|
+
return h.authenticated({ credentials, artifacts });
|
|
431
|
+
}
|
|
432
|
+
if (message) {
|
|
433
|
+
return h.unauthenticated(boom_1.default.unauthorized(message, tokenTypePrefix), {
|
|
434
|
+
credentials: credentials || {},
|
|
435
|
+
artifacts
|
|
436
|
+
});
|
|
437
|
+
}
|
|
438
|
+
}
|
|
439
|
+
}
|
|
440
|
+
catch (err) {
|
|
441
|
+
return boom_1.default.internal(err instanceof Error ? err : `${err}`);
|
|
442
|
+
}
|
|
443
|
+
}
|
|
444
|
+
return boom_1.default.unauthorized(null, tokenTypePrefix);
|
|
445
|
+
});
|
|
446
|
+
},
|
|
447
|
+
};
|
|
448
|
+
});
|
|
449
|
+
t.strategy(this.strategyName, this.strategyName, this.options);
|
|
450
|
+
}
|
|
213
451
|
}
|
|
214
452
|
exports.OAuth2AuthDesign = OAuth2AuthDesign;
|
|
215
|
-
class
|
|
216
|
-
|
|
217
|
-
return
|
|
453
|
+
class JWKSRoute {
|
|
454
|
+
static buildDefault() {
|
|
455
|
+
return new DefaultJWKSRoute();
|
|
218
456
|
}
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
_OAuth2WithJWKSAuthDesign_jwksGenerator.set(this, void 0);
|
|
222
|
-
tslib_1.__classPrivateFieldSet(this, _OAuth2WithJWKSAuthDesign_jwksGenerator, new jwks_generator_1.JWKSGenerator(jwksStore || (0, in_memory_jwks_store_1.getInMemoryJWKSStore)(), ttlSeconds), "f");
|
|
457
|
+
get path() {
|
|
458
|
+
return this._path;
|
|
223
459
|
}
|
|
224
|
-
|
|
225
|
-
|
|
460
|
+
get handler() {
|
|
461
|
+
return this._handler;
|
|
462
|
+
}
|
|
463
|
+
constructor(path, handler) {
|
|
464
|
+
this._path = path;
|
|
465
|
+
this._handler = handler;
|
|
466
|
+
}
|
|
467
|
+
}
|
|
468
|
+
exports.JWKSRoute = JWKSRoute;
|
|
469
|
+
class DefaultJWKSRoute extends JWKSRoute {
|
|
470
|
+
constructor() {
|
|
471
|
+
super('/oauth2/keys');
|
|
472
|
+
}
|
|
473
|
+
setPath(path) {
|
|
474
|
+
if (path)
|
|
475
|
+
this._path = path;
|
|
226
476
|
return this;
|
|
227
477
|
}
|
|
228
|
-
|
|
229
|
-
|
|
478
|
+
validate(handler) {
|
|
479
|
+
this._handler = handler;
|
|
480
|
+
return this;
|
|
481
|
+
}
|
|
482
|
+
}
|
|
483
|
+
exports.DefaultJWKSRoute = DefaultJWKSRoute;
|
|
484
|
+
//#endregion OAuth2AuthDesignBuilder
|
|
485
|
+
//#region OIDCAuthUtil
|
|
486
|
+
class OIDCAuthUtil extends api_doc_generator_1.OAuth2Util {
|
|
487
|
+
toOpenAPI() {
|
|
488
|
+
const host = this.getHost();
|
|
489
|
+
return {
|
|
490
|
+
[this.securitySchemeName]: {
|
|
491
|
+
type: 'openIdConnect',
|
|
492
|
+
openIdConnectUrl: `${host || ''}/.well-known/openid-configuration`
|
|
493
|
+
}
|
|
494
|
+
};
|
|
230
495
|
}
|
|
231
496
|
}
|
|
232
|
-
exports.
|
|
233
|
-
|
|
234
|
-
//#endregion OAuth2AuthDesign
|
|
497
|
+
exports.OIDCAuthUtil = OIDCAuthUtil;
|
|
498
|
+
//#endregion OAuth2SingleAuthFlowBuilder
|
|
235
499
|
//# sourceMappingURL=common.js.map
|
package/lib/flows/common.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"common.js","sourceRoot":"","sources":["../../src/flows/common.ts"],"names":[],"mappings":";;;;;AAAA,wCASqB;AAGrB,wEAAqE;AACrE,4DAA0E;AAC1E,sDAA8D;AAC9D,sEAA4K;AA0D5K,MAAa,uBAAuB;IAMhC,IAAI,IAAI;QACJ,OAAO,IAAI,CAAC,KAAK,CAAA;IACrB,CAAC;IAED,IAAI,OAAO;QACP,OAAO,IAAI,CAAC,QAAQ,CAAA;IACxB,CAAC;IAED,YACI,IAAY,EACZ,OAAwC;QAExC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC5B,CAAC;CACJ;AArBD,0DAqBC;AAqBD,MAAa,mBAAmB;IAa5B,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,KAAK,EAAE,QAAQ,EAA4G;QATxK,cAAS,GAAG,QAAQ,CAAA;QAU1B,IAAI,CAAC,WAAW,GAAG,YAAY,CAAA;QAC/B,IAAI,CAAC,SAAS,GAAG,UAAU,CAAA;QAC3B,IAAI,CAAC,YAAY,GAAG,aAAa,CAAA;QACjC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,OAAO,GAAG,QAAQ,CAAA;IAC3B,CAAC;IAED,cAAc,CAAC,KAAa;QACxB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAA;QACxB,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,cAAc;QACV,OAAO,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED,YAAY,CAAC,KAAyB;QAClC,IAAI,CAAC,SAAS,GAAG,OAAO,KAAK,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAA;QAChE,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,YAAY;QACR,OAAO,IAAI,CAAC,SAAS,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,KAAc;QACvB,IAAI,CAAC,SAAS,GAAG,KAAK,CAAA;QACtB,OAAO,IAAI,CAAC;IAChB,CAAC;IACD;;OAEG;IACH,YAAY;QACR,OAAO,IAAI,CAAC,SAAS,CAAC;IAC1B,CAAC;IAED,eAAe,CAAC,KAAc;QAC1B,IAAI,CAAC,YAAY,GAAG,KAAK,CAAA;QACzB,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,eAAe;QACX,OAAO,IAAI,CAAC,YAAY,CAAC;IAC7B,CAAC;IAED,QAAQ,CAAC,KAAyB;QAC9B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;QAC3D,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,QAAQ;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,UAAU,CAAC,KAAc;QACrB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAA;QACpB,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,UAAU;QACN,OAAO,IAAI,CAAC,OAAO,CAAC;IACxB,CAAC;IAED,QAAQ;QACJ,OAAO;YACH,YAAY,EAAE,IAAI,CAAC,cAAc,EAAE;YACnC,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;YAC/B,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;YAC/B,aAAa,EAAE,IAAI,CAAC,eAAe,EAAE;YACrC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;YACtB,QAAQ,EAAE,IAAI,CAAC,UAAU,EAAE;SAC9B,CAAA;IACL,CAAC;IAED,MAAM;QACF,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAA;IAC1B,CAAC;CACJ;AAzFD,kDAyFC;AAED,gCAAgC;AAEhC,0BAA0B;AAE1B,MAAsB,gBAAiB,SAAQ,kBAAU;IAcrD,IAAI,SAAS;QACT,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAA;IACjC,CAAC;IAED,IAAc,iBAAiB;QAC3B,MAAM,MAAM,GAAkE;YAC1E,mBAAmB,EAAE,SAAS;YAC9B,kBAAkB,EAAE,SAAS;YAC7B,iBAAiB,EAAE,SAAS;YAC5B,eAAe,EAAE,SAAS;YAC1B,IAAI,EAAE,SAAS;SAClB,CAAA;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YACxD,MAAM,CAAC,GAAG,GAA8B,CAAA;YACxC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAA;YACtC,OAAO,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;QACvD,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAkC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAEzD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,CAAC,mBAAmB,GAAG,IAAI,uCAAiB,EAAE,CAAA;QACxD,CAAC;QAED,OAAO,MAAM,CAAA;IACjB,CAAC;IAED;QACI,KAAK,EAAE,CAAA;QAvCD,uBAAkB,GAAkE;YAC1F,mBAAmB,EAAE,SAAS;YAC9B,kBAAkB,EAAE,SAAS;YAC7B,iBAAiB,EAAE,SAAS;YAC5B,eAAe,EAAE,SAAS;YAC1B,IAAI,EAAE,SAAS;SAClB,CAAA;QAkCG,IAAI,CAAC,UAAU,GAAG,IAAI,yBAAW,EAAE,CAAA;QACnC;;;WAGG;IACP,CAAC;IAEe,oBAAoB,CAChC,GAA4B,EAC5B,oBAAmF,EACnF,UAAqC;;YAErC,IAAI,QAA4B,CAAC;YACjC,IAAI,YAAgC,CAAC;YACrC,IAAI,KAA8B,CAAC;YACnC,IAAI,gBAAoC,CAAC;YAEzC,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;gBAC1B,MAAM,UAAU,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAA;gBAC3C,IAAI,UAAU,EAAE,CAAC;oBACb,gDAAgD;oBAChD,MAAM,CAAC,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,GAAyC,CAAC,CAAA;oBACnF,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;wBAClB,iDAAiD;wBACjD,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAA;wBACrB,YAAY,GAAG,CAAC,CAAC,YAAY,CAAA;wBAC7B,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;4BACd,KAAK,GAAG,iBAAiB,CAAA;4BACzB,gBAAgB,GAAG,SAAS,UAAU,CAAC,MAAM,qBAAqB,CAAA;wBACtE,CAAC;6BAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,IAAI,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;4BACzD,KAAK,GAAG,iBAAiB,CAAA;4BACzB,gBAAgB,GAAG,SAAS,UAAU,CAAC,MAAM,yBAAyB,CAAA;wBAC1E,CAAC;wBACD,MAAM;oBACV,CAAC;yBAAM,CAAC;wBACJ,gDAAgD;oBACpD,CAAC;gBACL,CAAC;YACL,CAAC;YAED,OAAO;gBACH,KAAK;gBACL,gBAAgB;gBAChB,QAAQ;gBACR,YAAY;aACf,CAAA;QACL,CAAC;KAAA;IAED,YAAY,CAAuC,KAAsB;QACrE,IAAI,CAAC,UAAU,GAAG,KAAK,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,2BAA2B;QACvB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YAC1D,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAA8B,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;QACpF,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAkC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAEzD,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAA;QACtC,CAAC;QAED,OAAO,IAAA,kDAA4B,EAAC,MAAM,CAAC,CAAC;IAChD,CAAC;IAED,qCAAqC;QACjC,IAAI,CAAC,kBAAkB,CAAC,mBAAmB,GAAG,IAAI,uCAAiB,EAAE,CAAA;QACrE,OAAO,IAAI,CAAA;IACf,CAAC;IAED,oCAAoC;QAChC,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,GAAG,IAAI,sCAAgB,EAAE,CAAA;QACnE,OAAO,IAAI,CAAA;IACf,CAAC;IAED,wBAAwB;QACpB,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,IAAI,oCAAc,EAAE,CAAA;QACnD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,6BAA6B,CAAC,KAA+E;QACzG,IAAI,KAAK,IAAI,qBAAqB,EAAE,CAAC;YACjC,IAAI,CAAC,oCAAoC,EAAE,CAAA;QAC/C,CAAC;aAAM,IAAI,KAAK,IAAI,oBAAoB,EAAE,CAAC;YACvC,IAAI,CAAC,qCAAqC,EAAE,CAAA;QAChD,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YACzB,IAAI,CAAC,wBAAwB,EAAE,CAAA;QACnC,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;QACjD,CAAC;QACD,OAAO,IAAI,CAAA;IACf,CAAC;CACJ;AAtID,4CAsIC;AAED,MAAsB,wBAAyB,SAAQ,gBAAgB;IAInE,IAAI,aAAa;QACb,OAAO,+BAAA,IAAI,+CAAe,CAAA;IAC9B,CAAC;IAED,YAAY,SAAqB,EAAE,UAAmB;QAClD,KAAK,EAAE,CAAA;QAPX,0DAA6B;QAQzB,+BAAA,IAAI,2CAAkB,IAAI,8BAAa,CAAC,SAAS,IAAI,IAAA,2CAAoB,GAAE,EAAE,UAAU,CAAC,MAAA,CAAA;IAC5F,CAAC;IAED,WAAW,CAAC,UAAmB;QAC3B,+BAAA,IAAI,+CAAe,CAAC,GAAG,GAAG,UAAU,CAAA;QACpC,OAAO,IAAI,CAAA;IACf,CAAC;IAED,WAAW;QACP,OAAO,+BAAA,IAAI,+CAAe,CAAC,GAAG,CAAA;IAClC,CAAC;CACJ;AArBD,4DAqBC;;AAED,6BAA6B"}
|
|
1
|
+
{"version":3,"file":"common.js","sourceRoot":"","sources":["../../src/flows/common.ts"],"names":[],"mappings":";;;;AAwGA,gEAOC;;AA/GD,wCAWqB;AACrB,8DAAgD;AAChD,8DAA6B;AAE7B,kEAAwD;AAIxD,sDAA8D;AAC9D,sEAOsC;AACtC,0DAA6G;AAC7G,sEAAgE;AASnD,QAAA,uBAAuB,GAAG,MAAM,CAAC,MAAM,CAAC;IACjD,eAAe,EAAE,iBAAiB;IAClC,mBAAmB,EAAE,qBAAqB;IAC1C,aAAa,EAAE,eAAe;IAC9B,yBAAyB,EAAE,2BAA2B;IACtD,aAAa,EAAE,eAAe;IAC9B,YAAY,EAAE,cAAc;IAC5B,uBAAuB,EAAE,yBAAyB;IAClD,cAAc,EAAE,gBAAgB;IAChC,aAAa,EAAE,eAAe;IAC9B,sBAAsB,EAAE,wBAAwB;CAC1C,CAAC,CAAC;AAEC,QAAA,uBAAuB,GAAG,MAAM,CAAC,MAAM,CAAC;IACjD,cAAc,EAAE,gBAAgB;IAChC,oBAAoB,EAAE,sBAAsB;IAC5C,gBAAgB,EAAE,kBAAkB;IACpC,cAAc,EAAE,gBAAgB;IAChC,gBAAgB,EAAE,kBAAkB;CAC9B,CAAC,CAAC;AAEC,QAAA,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,gCAEtC,+BAAuB,GAEvB,+BAAuB,CACpB,CAAC,CAAC;AAEC,QAAA,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC9C,aAAa,EAAE,eAAe;IAC9B,kBAAkB,EAAE,oBAAoB;CAClC,CAAC,CAAC;AAEC,QAAA,yBAAyB,GAAG,MAAM,CAAC,MAAM,CAAC;IACnD,aAAa,EAAE,eAAe;IAC9B,qBAAqB,EAAE,uBAAuB;IAC9C,SAAS,EAAE,WAAW;IACtB,aAAa,EAAE,eAAe;CACxB,CAAC,CAAC;AAEC,QAAA,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC,4DAC3C,+BAAuB,GACvB,+BAAuB,GACvB,4BAAoB,GACpB,iCAAyB,CACpB,CAAC,CAAC;AAqBZ,SAAgB,0BAA0B,CACtC,QAA0D;IAE1D,OAAO,CAAC,IAA4B,EAAiB,EAAE;QACnD,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC/B,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC3C,CAAC,CAAC;AACN,CAAC;AAmFD,MAAsB,gBAAgB;IAQlC,IAAI,IAAI;QACJ,OAAO,IAAI,CAAC,KAAK,CAAA;IACrB,CAAC;IAED,IAAI,OAAO;QACP,OAAO,IAAI,CAAC,QAAQ,CAAA;IACxB,CAAC;IAED,YACI,IAAY,EACZ,OAAoC;QAEpC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC5B,CAAC;CACJ;AAvBD,4CAuBC;AAoCD,MAAa,uBAEX,SAAQ,gBAGT;IACG,MAAM,CAAC,YAAY;QAIf,OAAO,IAAI,8BAA8B,EAAa,CAAA;IAC1D,CAAC;CACJ;AAZD,0DAYC;AAED,MAAa,8BAGX,SAAQ,uBAA6B;IAOnC;QACI,KAAK,CAAC,eAAe,EAAE,CAAO,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;YAC3C,MAAM,CAAC,GAAG,MAAM,+BAAA,IAAI,qDAAe,MAAnB,IAAI,EAAgB,KAAK,EAAE,GAAG,CAAC,CAAA;YAE/C,IAAI,CAAC,CAAC;gBAAE,OAAO,CAAC,CAAC,QAAQ,CAAA;YAEzB,IAAI,OAAO,IAAI,CAAC;gBAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAEhD,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAClC,CAAC,CAAA,CAAC,CAAA;QAXN,gEAAmE;QAY/D,+BAAA,IAAI,iDAAkB,GAAG,EAAE,CAAC,IAAI,MAAA,CAAC;IACrC,CAAC;IAED,aAAa,CAAC,OAA4D;QACtE,+BAAA,IAAI,iDAAkB,OAAO,MAAA,CAAC;QAC9B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,OAAO,CAAC,IAAe;QACnB,IAAI,IAAI;YACJ,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QACrB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,QAAQ,CAAC,OAAwC;QAC7C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;CACJ;AAtCD,wEAsCC;;AAqBD,MAAa,mBAAmB;IAa5B,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,KAAK,EAAE,QAAQ,EAA4G;QATxK,cAAS,GAAG,QAAQ,CAAA;QAU1B,IAAI,CAAC,WAAW,GAAG,YAAY,CAAA;QAC/B,IAAI,CAAC,SAAS,GAAG,UAAU,CAAA;QAC3B,IAAI,CAAC,YAAY,GAAG,aAAa,CAAA;QACjC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QAClB,IAAI,CAAC,OAAO,GAAG,QAAQ,CAAA;IAC3B,CAAC;IAED,cAAc,CAAC,KAAa;QACxB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAA;QACxB,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,cAAc;QACV,OAAO,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED,YAAY,CAAC,KAAyB;QAClC,IAAI,CAAC,SAAS,GAAG,OAAO,KAAK,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAA;QAChE,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,YAAY;QACR,OAAO,IAAI,CAAC,SAAS,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,KAAc;QACvB,IAAI,CAAC,SAAS,GAAG,KAAK,CAAA;QACtB,OAAO,IAAI,CAAC;IAChB,CAAC;IACD;;OAEG;IACH,YAAY;QACR,OAAO,IAAI,CAAC,SAAS,CAAC;IAC1B,CAAC;IAED,eAAe,CAAC,KAAc;QAC1B,IAAI,CAAC,YAAY,GAAG,KAAK,CAAA;QACzB,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,eAAe;QACX,OAAO,IAAI,CAAC,YAAY,CAAC;IAC7B,CAAC;IAED,QAAQ,CAAC,KAAyB;QAC9B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;QAC3D,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,QAAQ;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,UAAU,CAAC,KAAc;QACrB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAA;QACpB,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,UAAU;QACN,OAAO,IAAI,CAAC,OAAO,CAAC;IACxB,CAAC;IAED,QAAQ;QACJ,OAAO;YACH,YAAY,EAAE,IAAI,CAAC,cAAc,EAAE;YACnC,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;YAC/B,UAAU,EAAE,IAAI,CAAC,YAAY,EAAE;YAC/B,aAAa,EAAE,IAAI,CAAC,eAAe,EAAE;YACrC,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;YACtB,QAAQ,EAAE,IAAI,CAAC,UAAU,EAAE;SAC9B,CAAA;IACL,CAAC;IAED,MAAM;QACF,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAA;IAC1B,CAAC;CACJ;AAzFD,kDAyFC;AAgCD,MAAsB,gBAAiB,SAAQ,kBAAU;IAarD,IAAI,SAAS;QACT,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAA;IACjC,CAAC;IAED,IAAc,iBAAiB;QAC3B,MAAM,MAAM,GAAkE;YAC1E,mBAAmB,EAAE,SAAS;YAC9B,kBAAkB,EAAE,SAAS;YAC7B,iBAAiB,EAAE,SAAS;YAC5B,eAAe,EAAE,SAAS;YAC1B,IAAI,EAAE,SAAS;SAClB,CAAA;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YACxD,MAAM,CAAC,GAAG,GAA8B,CAAA;YACxC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAA;YACtC,OAAO,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;QACvD,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAkC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAEzD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,CAAC,mBAAmB,GAAG,IAAI,uCAAiB,EAAE,CAAA;QACxD,CAAC;QAED,OAAO,MAAM,CAAA;IACjB,CAAC;IAoBD,YAAY,OAAiC;;QACzC,KAAK,EAAE,CAAA;QAxDD,uBAAkB,GAAkE;YAC1F,mBAAmB,EAAE,SAAS;YAC9B,kBAAkB,EAAE,SAAS;YAC7B,iBAAiB,EAAE,SAAS;YAC5B,eAAe,EAAE,SAAS;YAC1B,IAAI,EAAE,SAAS;SAClB,CAAA;QAmDG,IAAI,CAAC,UAAU,GAAG,IAAI,yBAAW,EAAE,CAAA;QACnC,IAAI,CAAC,YAAY,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,YAAY,KAAI,oBAAoB,CAAA;QACjE,IAAI,CAAC,OAAO,GAAG,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,OAAO,EAAC,CAAC,mBAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAG,CAAC,CAAC,EAAE,CAAA;QAE/D,EAAE;QACF,IAAI,CAAC,SAAS,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAA;QACnC,IAAI,CAAC,YAAY,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,0CAAE,QAAQ,CAAA;QAClD,IAAI,CAAC,gBAAgB,GAAG,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,0CAAE,GAAG,CAAA;QACjD,IAAI,CAAC,sBAAsB,GAAG,MAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,0CAAE,QAAQ,0CAAE,UAAU,CAAA;QACxE,IAAI,CAAC,0BAA0B,GAAG,MAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,0CAAE,QAAQ,0CAAE,cAAc,CAAA;IACpF,CAAC;IAEe,oBAAoB,CAChC,GAA4B,EAC5B,oBAAmF,EACnF,UAAqC;;YAErC,IAAI,QAA4B,CAAC;YACjC,IAAI,YAAgC,CAAC;YACrC,IAAI,KAAyC,CAAC;YAC9C,IAAI,gBAAoC,CAAC;YAEzC,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;gBAC1B,MAAM,UAAU,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAA;gBAC3C,IAAI,UAAU,EAAE,CAAC;oBACb,gDAAgD;oBAChD,MAAM,CAAC,GAAG,MAAM,UAAU,CAAC,aAAa,CAAC,GAAyC,CAAC,CAAA;oBACnF,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;wBAClB,iDAAiD;wBACjD,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAA;wBACrB,YAAY,GAAG,CAAC,CAAC,YAAY,CAAA;wBAC7B,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;4BACd,KAAK,GAAG,uBAAe,CAAC,eAAe,CAAA;4BACvC,gBAAgB,GAAG,SAAS,UAAU,CAAC,MAAM,qBAAqB,CAAA;wBACtE,CAAC;6BAAM,IAAI,CAAC,UAAU,CAAC,gBAAgB,IAAI,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;4BACzD,KAAK,GAAG,uBAAe,CAAC,eAAe,CAAA;4BACvC,gBAAgB,GAAG,SAAS,UAAU,CAAC,MAAM,yBAAyB,CAAA;wBAC1E,CAAC;wBACD,MAAM;oBACV,CAAC;yBAAM,CAAC;wBACJ,gDAAgD;oBACpD,CAAC;gBACL,CAAC;YACL,CAAC;YAED,OAAO;gBACH,KAAK;gBACL,gBAAgB;gBAChB,QAAQ;gBACR,YAAY;aACf,CAAA;QACL,CAAC;KAAA;IAES,eAAe;QACrB,IAAI,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC;QAChD,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;YACzE,IAAI,CAAC,YAAY,GAAG,IAAI,4BAAY,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,sCAAgB,EAAE,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAA;QAC5G,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAA;IAC5B,CAAC;IAES,cAAc;QACpB,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC;QAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC5C,IAAI,YAAY,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC9C,IAAI,CAAC,WAAW,GAAG,IAAI,2BAAW,CAAC;gBAC/B,YAAY,EAAE,YAAY;gBAC1B,kBAAkB,EAAE,IAAI,CAAC,sBAAsB;gBAC/C,eAAe,EAAE,IAAI,CAAC,0BAA0B,IAAI,IAAI,sCAAgB,EAAE;gBAC1E,MAAM,EAAE,IAAI,CAAC,MAAM;aACtB,CAAC,CAAA;QACN,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAA;IAC3B,CAAC;IAES,kBAAkB,CAAC,CAAa;QACtC,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAE5C,IAAI,IAAI,CAAC,SAAS,IAAI,YAAY,EAAE,CAAC;YACjC,CAAC,CAAC,KAAK,CAAC;gBACJ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;gBACzB,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACL,OAAO,EAAE;wBACL,KAAK,EAAE;4BACH,IAAI,EAAE,KAAK;yBACd;qBACJ;iBACJ;gBACD,OAAO,EAAE,CAAO,GAAG,EAAE,CAAC,EAAE,EAAE;;oBAEtB,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,uBAAuB,EAAE,CAAA;oBAEzD,IAAI,MAAA,IAAI,CAAC,SAAS,0CAAE,OAAO,EAAE,CAAC;wBAC1B,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;4BAC1B,IAAI;yBACP,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;oBACd,CAAC;oBAED,OAAO,IAAI,CAAA;gBACf,CAAC,CAAA;aACJ,CAAC,CAAA;QACN,CAAC;IACL,CAAC;IAEK,kBAAkB;;;YACpB,OAAO,MAAA,IAAI,CAAC,cAAc,EAAE,0CAAE,kBAAkB,EAAE,CAAA;QACtD,CAAC;KAAA;IAEK,eAAe;;;YACjB,OAAO,MAAA,IAAI,CAAC,eAAe,EAAE,0CAAE,eAAe,EAAE,CAAA;QACpD,CAAC;KAAA;IAED,YAAY,CAAuC,KAAsB;QACrE,IAAI,CAAC,UAAU,GAAG,KAAK,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,2BAA2B;QACvB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;YAC1D,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAA8B,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;QACpF,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAkC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAEzD,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAA;QACtC,CAAC;QAED,OAAO,IAAA,kDAA4B,EAAC,MAAM,CAAC,CAAC;IAChD,CAAC;IAED,qCAAqC;QACjC,IAAI,CAAC,kBAAkB,CAAC,mBAAmB,GAAG,IAAI,uCAAiB,EAAE,CAAA;QACrE,OAAO,IAAI,CAAA;IACf,CAAC;IAED,oCAAoC;QAChC,IAAI,CAAC,kBAAkB,CAAC,kBAAkB,GAAG,IAAI,sCAAgB,EAAE,CAAA;QACnE,OAAO,IAAI,CAAA;IACf,CAAC;IAED,wBAAwB;QACpB,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,IAAI,oCAAc,EAAE,CAAA;QACnD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,6BAA6B,CAAC,KAA+E;QACzG,IAAI,KAAK,IAAI,qBAAqB,EAAE,CAAC;YACjC,IAAI,CAAC,oCAAoC,EAAE,CAAA;QAC/C,CAAC;aAAM,IAAI,KAAK,IAAI,oBAAoB,EAAE,CAAC;YACvC,IAAI,CAAC,qCAAqC,EAAE,CAAA;QAChD,CAAC;aAAM,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;YACzB,IAAI,CAAC,wBAAwB,EAAE,CAAA;QACnC,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;QACjD,CAAC;QACD,OAAO,IAAI,CAAA;IACf,CAAC;IAED,EAAE;IAEF,WAAW,CAAC,UAAmB;QAC3B,IAAI,CAAC,QAAQ,GAAG,UAAU,CAAA;QAC1B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,WAAW;QACP,OAAO,IAAI,CAAC,QAAQ,CAAA;IACxB,CAAC;IAED,cAAc,CAAC,WAAmB;QAC9B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,SAAS,CAAC,MAA8B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,SAAS;QACL,OAAO,IAAI,CAAC,MAAM,CAAA;IACtB,CAAC;IAED,eAAe;QACX,OAAO,IAAI,CAAC,YAAY,CAAC;IAC7B,CAAC;IAED,cAAc;QACV,OAAO,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAC,CAAa;QAC3B,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAA;QACtC,MAAM,iBAAiB,GAAG,IAAI,CAAC,UAAU,CAAA;QACzC,MAAM,eAAe,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;QAErD,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE;YAE7C,OAAO;gBACG,YAAY,CAAC,OAAO,EAAE,CAAC;;;wBAEzB,MAAM,QAAQ,GAAsB,cAAI,CAAC,eAAe,CAAC,EAAE,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC;wBAE5E,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;wBAE5D,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;wBAExE,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;wBAC9B,IAAI,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;wBACxB,IAAI,qBAA6C,CAAC;wBAElD,IAAI,SAAS,CAAC,WAAW,EAAE,KAAK,eAAe,CAAC,WAAW,EAAE,EAAE,CAAC;4BAC5D,KAAK,GAAG,EAAE,CAAA;4BACV,OAAO,cAAI,CAAC,YAAY,CAAC,IAAI,EAAE,eAAe,CAAC,CAAA;wBACnD,CAAC;wBAED,IAAI,CAAC,CAAC,MAAM,iBAAiB,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;4BAC7D,OAAO,cAAI,CAAC,YAAY,CAAC,IAAI,EAAE,eAAe,CAAC,CAAA;wBACnD,CAAC;wBAED,MAAM,YAAY,GAAG,eAAe,EAAE,CAAA;wBAEtC,IAAI,YAAY,IAAI,QAAQ,CAAC,kBAAkB,EAAE,CAAC;4BAC9C,IAAI,CAAC;gCACD,qBAAqB,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;4BAC5D,CAAC;4BAAC,OAAO,GAAG,EAAE,CAAC;gCACX,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gCAChB,OAAO,cAAI,CAAC,YAAY,CAAC,IAAI,EAAE,eAAe,CAAC,CAAA;4BACnD,CAAC;wBACL,CAAC;wBAED,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;4BACpB,IAAI,CAAC;gCACD,MAAM,MAAM,GAAG,MAAM,CAAA,MAAA,QAAQ,CAAC,QAAQ,yDAAG,OAAO,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,CAAC,CAAC,CAAA,CAAA;gCAEtF,IAAI,MAAM,IAAI,QAAQ,IAAI,MAAM,EAAE,CAAC;oCAC/B,OAAO,MAAM,CAAA;gCACjB,CAAC;gCAED,IAAI,MAAM,IAAI,QAAQ,IAAI,MAAM,EAAE,CAAC;oCAC/B,OAAO,MAAM,CAAA;gCACjB,CAAC;gCAED,IAAI,MAAM,EAAE,CAAC;oCACT,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,MAAM,CAAC;oCAE5D,IAAI,OAAO,IAAI,WAAW,EAAE,CAAC;wCACzB,OAAO,CAAC,CAAC,aAAa,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC,CAAA;oCACtD,CAAC;oCAED,IAAI,OAAO,EAAE,CAAC;wCACV,OAAO,CAAC,CAAC,eAAe,CAAC,cAAI,CAAC,YAAY,CAAC,OAAO,EAAE,eAAe,CAAC,EAAE;4CAClE,WAAW,EAAE,WAAW,IAAI,EAAE;4CAC9B,SAAS;yCACZ,CAAC,CAAA;oCACN,CAAC;gCACL,CAAC;4BACL,CAAC;4BAAC,OAAO,GAAG,EAAE,CAAC;gCACX,OAAO,cAAI,CAAC,QAAQ,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAA;4BAC/D,CAAC;wBACL,CAAC;wBAED,OAAO,cAAI,CAAC,YAAY,CAAC,IAAI,EAAE,eAAe,CAAC,CAAA;oBACnD,CAAC;iBAAA;aACJ,CAAA;QACL,CAAC,CAAC,CAAA;QACF,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,CAAA;IAClE,CAAC;CACJ;AAhVD,4CAgVC;AAyBD,MAAa,SAAS;IAIlB,MAAM,CAAC,YAAY;QAGf,OAAO,IAAI,gBAAgB,EAAW,CAAA;IAC1C,CAAC;IAKD,IAAI,IAAI;QACJ,OAAO,IAAI,CAAC,KAAK,CAAA;IACrB,CAAC;IAED,IAAI,OAAO;QACP,OAAO,IAAI,CAAC,QAAQ,CAAA;IACxB,CAAC;IAED,YACI,IAAY,EACZ,OAA2B;QAE3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC5B,CAAC;CACJ;AA5BD,8BA4BC;AAED,MAAa,gBAEX,SAAQ,SAAe;IACrB;QACI,KAAK,CAAC,cAAc,CAAC,CAAA;IACzB,CAAC;IAED,OAAO,CAAC,IAAe;QACnB,IAAI,IAAI;YACJ,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QACrB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,QAAQ,CAAC,OAA0B;QAC/B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;CACJ;AAjBD,4CAiBC;AAYD,oCAAoC;AAEpC,sBAAsB;AAEtB,MAAa,YAAa,SAAQ,8BAAU;IACxC,SAAS;QACL,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAA;QAC3B,OAAO;YACH,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE;gBACvB,IAAI,EAAE,eAAe;gBACrB,gBAAgB,EAAE,GAAG,IAAI,IAAI,EAAE,mCAAmC;aACrE;SACJ,CAAA;IACL,CAAC;CACJ;AAVD,oCAUC;AAyCD,wCAAwC"}
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
import { Lifecycle, ReqRef, ReqRefDefaults, Request, ResponseToolkit } from '@kaapi/kaapi';
|
|
2
|
+
import { PathValue } from '../common';
|
|
3
|
+
export interface OAuth2DeviceAuthorizationParams {
|
|
4
|
+
clientId: string;
|
|
5
|
+
scope?: string;
|
|
6
|
+
}
|
|
7
|
+
export type OAuth2DeviceAuthorizationHandler<Refs extends ReqRef = ReqRefDefaults, R extends Lifecycle.ReturnValue<any> = Lifecycle.ReturnValue<Refs>> = (params: OAuth2DeviceAuthorizationParams, request: Request<Refs>, h: ResponseToolkit<Refs>) => R;
|
|
8
|
+
export interface IOAuth2DeviceAuthorizationRoute<PostRefs extends ReqRef = ReqRefDefaults> {
|
|
9
|
+
path: string;
|
|
10
|
+
handler: OAuth2DeviceAuthorizationHandler<PostRefs>;
|
|
11
|
+
}
|
|
12
|
+
export declare class OAuth2DeviceAuthorizationRoute<PostRefs extends ReqRef = ReqRefDefaults> implements IOAuth2DeviceAuthorizationRoute<PostRefs> {
|
|
13
|
+
static buildDefault<PostRefs extends ReqRef = ReqRefDefaults>(): DefaultOAuth2DeviceAuthorizationRoute<PostRefs>;
|
|
14
|
+
protected _path: string;
|
|
15
|
+
protected _handler: OAuth2DeviceAuthorizationHandler<PostRefs>;
|
|
16
|
+
get path(): string;
|
|
17
|
+
get handler(): OAuth2DeviceAuthorizationHandler<PostRefs, Lifecycle.ReturnValue<PostRefs>>;
|
|
18
|
+
constructor(path: string, handler: OAuth2DeviceAuthorizationHandler<PostRefs>);
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
*
|
|
22
|
+
* example:
|
|
23
|
+
* ```json
|
|
24
|
+
* {
|
|
25
|
+
"device_code": "abc123",
|
|
26
|
+
"user_code": "XYZ-789",
|
|
27
|
+
"verification_uri": "https://auth.example.com/activate",
|
|
28
|
+
"verification_uri_complete": "https://auth.example.com/activate?user_code=XYZ-789",
|
|
29
|
+
"expires_in": 1800,
|
|
30
|
+
"interval": 5
|
|
31
|
+
* }
|
|
32
|
+
* ```
|
|
33
|
+
*/
|
|
34
|
+
export type DeviceCodeResponse = {
|
|
35
|
+
/**
|
|
36
|
+
* Used by the device to poll the token endpoint.
|
|
37
|
+
*/
|
|
38
|
+
device_code: string;
|
|
39
|
+
/**
|
|
40
|
+
* Used by the end user to authorize the device.
|
|
41
|
+
*
|
|
42
|
+
* Shown to the user to enter on the verification page.
|
|
43
|
+
*/
|
|
44
|
+
user_code: string;
|
|
45
|
+
/**
|
|
46
|
+
* The end-user verification URI on the authorization server. This is where the user goes to authorize the device.
|
|
47
|
+
*
|
|
48
|
+
* Where the user should go to enter the code.
|
|
49
|
+
*/
|
|
50
|
+
verification_uri: string;
|
|
51
|
+
/**
|
|
52
|
+
* Optional convenience URI with the code pre-filled.
|
|
53
|
+
*
|
|
54
|
+
* The verification URI, including the user code, that is presented to the user. This is a convenience for clients that can display URIs.
|
|
55
|
+
*
|
|
56
|
+
* Where the user should go to enter the code (with the code embedded in the link).
|
|
57
|
+
*/
|
|
58
|
+
verification_uri_complete?: string;
|
|
59
|
+
/**
|
|
60
|
+
* The lifetime in seconds of the device_code and user_code.
|
|
61
|
+
*
|
|
62
|
+
* The expiration time of the device and user codes.
|
|
63
|
+
*/
|
|
64
|
+
expires_in: number;
|
|
65
|
+
/**
|
|
66
|
+
* The minimum amount of time in seconds that the client MUST wait between polling requests to the token endpoint.
|
|
67
|
+
*
|
|
68
|
+
* The minimum interval that the client MUST wait between polling requests to the token endpoint.
|
|
69
|
+
*/
|
|
70
|
+
interval: number;
|
|
71
|
+
};
|
|
72
|
+
/**
|
|
73
|
+
* Return null for invalid code
|
|
74
|
+
*/
|
|
75
|
+
export type DeviceCodeGenerator<Refs extends ReqRef = ReqRefDefaults> = (params: OAuth2DeviceAuthorizationParams, req: Request<Refs>) => Promise<DeviceCodeResponse | null> | DeviceCodeResponse | null;
|
|
76
|
+
export declare class DefaultOAuth2DeviceAuthorizationRoute<PostRefs extends ReqRef = ReqRefDefaults> extends OAuth2DeviceAuthorizationRoute<PostRefs> {
|
|
77
|
+
#private;
|
|
78
|
+
constructor();
|
|
79
|
+
setPath(path: PathValue): this;
|
|
80
|
+
validate(handler: OAuth2DeviceAuthorizationHandler<PostRefs>): this;
|
|
81
|
+
generateCode(handler: DeviceCodeGenerator<PostRefs>): this;
|
|
82
|
+
setClientId(value: string | null): this;
|
|
83
|
+
}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var _DefaultOAuth2DeviceAuthorizationRoute_clientId, _DefaultOAuth2DeviceAuthorizationRoute_generateCode;
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.DefaultOAuth2DeviceAuthorizationRoute = exports.OAuth2DeviceAuthorizationRoute = void 0;
|
|
5
|
+
const tslib_1 = require("tslib");
|
|
6
|
+
class OAuth2DeviceAuthorizationRoute {
|
|
7
|
+
static buildDefault() {
|
|
8
|
+
return new DefaultOAuth2DeviceAuthorizationRoute();
|
|
9
|
+
}
|
|
10
|
+
get path() {
|
|
11
|
+
return this._path;
|
|
12
|
+
}
|
|
13
|
+
get handler() {
|
|
14
|
+
return this._handler;
|
|
15
|
+
}
|
|
16
|
+
constructor(path, handler) {
|
|
17
|
+
this._path = path;
|
|
18
|
+
this._handler = handler;
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
exports.OAuth2DeviceAuthorizationRoute = OAuth2DeviceAuthorizationRoute;
|
|
22
|
+
class DefaultOAuth2DeviceAuthorizationRoute extends OAuth2DeviceAuthorizationRoute {
|
|
23
|
+
constructor() {
|
|
24
|
+
super('/oauth2/devicecode', (props, req, h) => tslib_1.__awaiter(this, void 0, void 0, function* () {
|
|
25
|
+
if (tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2DeviceAuthorizationRoute_clientId, "f") && tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2DeviceAuthorizationRoute_clientId, "f") != props.clientId) {
|
|
26
|
+
return h.response({
|
|
27
|
+
error: 'invalid_client',
|
|
28
|
+
errorMessage: 'Bad \'client_id\' parameter'
|
|
29
|
+
}).code(400);
|
|
30
|
+
}
|
|
31
|
+
const code = yield tslib_1.__classPrivateFieldGet(this, _DefaultOAuth2DeviceAuthorizationRoute_generateCode, "f").call(this, props, req);
|
|
32
|
+
if (code) {
|
|
33
|
+
return code;
|
|
34
|
+
}
|
|
35
|
+
else {
|
|
36
|
+
return h.response({
|
|
37
|
+
error: 'invalid_client',
|
|
38
|
+
errorMessage: 'Bad \'client_id\' parameter'
|
|
39
|
+
}).code(400);
|
|
40
|
+
}
|
|
41
|
+
}));
|
|
42
|
+
_DefaultOAuth2DeviceAuthorizationRoute_clientId.set(this, void 0);
|
|
43
|
+
_DefaultOAuth2DeviceAuthorizationRoute_generateCode.set(this, void 0);
|
|
44
|
+
// @TODO: generate id for user, store it in-memory, generate jwt code ?
|
|
45
|
+
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2DeviceAuthorizationRoute_generateCode, () => tslib_1.__awaiter(this, void 0, void 0, function* () { return null; }), "f");
|
|
46
|
+
}
|
|
47
|
+
setPath(path) {
|
|
48
|
+
if (path)
|
|
49
|
+
this._path = path;
|
|
50
|
+
return this;
|
|
51
|
+
}
|
|
52
|
+
validate(handler) {
|
|
53
|
+
this._handler = handler;
|
|
54
|
+
return this;
|
|
55
|
+
}
|
|
56
|
+
generateCode(handler) {
|
|
57
|
+
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2DeviceAuthorizationRoute_generateCode, handler, "f");
|
|
58
|
+
return this;
|
|
59
|
+
}
|
|
60
|
+
setClientId(value) {
|
|
61
|
+
tslib_1.__classPrivateFieldSet(this, _DefaultOAuth2DeviceAuthorizationRoute_clientId, value, "f");
|
|
62
|
+
return this;
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
exports.DefaultOAuth2DeviceAuthorizationRoute = DefaultOAuth2DeviceAuthorizationRoute;
|
|
66
|
+
_DefaultOAuth2DeviceAuthorizationRoute_clientId = new WeakMap(), _DefaultOAuth2DeviceAuthorizationRoute_generateCode = new WeakMap();
|
|
67
|
+
//#endregion Defaults
|
|
68
|
+
//# sourceMappingURL=authorization-route.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorization-route.js","sourceRoot":"","sources":["../../../src/flows/device-auth/authorization-route.ts"],"names":[],"mappings":";;;;;AA6BA,MAAa,8BAA8B;IAIvC,MAAM,CAAC,YAAY;QAGf,OAAO,IAAI,qCAAqC,EAAY,CAAA;IAChE,CAAC;IAKD,IAAI,IAAI;QACJ,OAAO,IAAI,CAAC,KAAK,CAAA;IACrB,CAAC;IAED,IAAI,OAAO;QACP,OAAO,IAAI,CAAC,QAAQ,CAAA;IACxB,CAAC;IAED,YACI,IAAY,EACZ,OAAmD;QAEnD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;IAC5B,CAAC;CACJ;AA5BD,wEA4BC;AAmED,MAAa,qCAEX,SAAQ,8BAAwC;IAK9C;QACI,KAAK,CAAC,oBAAoB,EAAE,CAAO,KAAK,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;YAChD,IAAI,+BAAA,IAAI,uDAAU,IAAI,+BAAA,IAAI,uDAAU,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBACrD,OAAO,CAAC,CAAC,QAAQ,CAAC;oBACd,KAAK,EAAE,gBAAgB;oBACvB,YAAY,EAAE,6BAA6B;iBAC9C,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAChB,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,+BAAA,IAAI,2DAAc,MAAlB,IAAI,EAAe,KAAK,EAAE,GAAG,CAAC,CAAA;YACjD,IAAI,IAAI,EAAE,CAAC;gBACP,OAAO,IAAI,CAAA;YACf,CAAC;iBAAM,CAAC;gBACJ,OAAO,CAAC,CAAC,QAAQ,CAAC;oBACd,KAAK,EAAE,gBAAgB;oBACvB,YAAY,EAAE,6BAA6B;iBAC9C,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YAChB,CAAC;QACL,CAAC,CAAA,CAAC,CAAA;QAtBN,kEAAyB;QAEzB,sEAA4C;QAsBxC,uEAAuE;QACvE,+BAAA,IAAI,uDAAiB,GAAS,EAAE,wDAAC,OAAA,IAAI,CAAA,GAAA,MAAA,CAAA;IACzC,CAAC;IAED,OAAO,CAAC,IAAe;QACnB,IAAI,IAAI;YACJ,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QACrB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,QAAQ,CAAC,OAAmD;QACxD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAA;QACvB,OAAO,IAAI,CAAA;IACf,CAAC;IAED,YAAY,CAAC,OAAsC;QAC/C,+BAAA,IAAI,uDAAiB,OAAO,MAAA,CAAA;QAC5B,OAAO,IAAI,CAAA;IACf,CAAC;IAED,WAAW,CAAC,KAAoB;QAC5B,+BAAA,IAAI,mDAAa,KAAK,MAAA,CAAA;QACtB,OAAO,IAAI,CAAA;IACf,CAAC;CACJ;AAnDD,sFAmDC;;AAED,qBAAqB"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { Lifecycle, ReqRef, ReqRefDefaults } from '@kaapi/kaapi';
|
|
2
|
+
import { DefaultOAuth2TokenRoute, DeviceFlowOAuth2ErrorCodeType, IOAuth2TokenRoute, OAuth2TokenHandler, OAuth2TokenParams, OAuth2TokenRoute, PathValue, TokenGenerator } from '../common';
|
|
3
|
+
export type OAuth2DeviceCodeTokenErrorBody = {
|
|
4
|
+
error: DeviceFlowOAuth2ErrorCodeType;
|
|
5
|
+
error_description?: string;
|
|
6
|
+
error_uri?: string;
|
|
7
|
+
[key: string]: unknown;
|
|
8
|
+
};
|
|
9
|
+
export interface OAuth2DeviceAuthTokenParams extends OAuth2TokenParams {
|
|
10
|
+
deviceCode: string;
|
|
11
|
+
clientId: string;
|
|
12
|
+
clientSecret?: string;
|
|
13
|
+
}
|
|
14
|
+
export type OAuth2DeviceAuthTokenHandler<Refs extends ReqRef = ReqRefDefaults, R extends Lifecycle.ReturnValue<any> = Lifecycle.ReturnValue<Refs>> = OAuth2TokenHandler<OAuth2DeviceAuthTokenParams, Refs, R>;
|
|
15
|
+
export type IOAuth2DeviceAuthTokenRoute<Refs extends ReqRef = ReqRefDefaults> = IOAuth2TokenRoute<OAuth2DeviceAuthTokenParams, Refs>;
|
|
16
|
+
export declare class OAuth2DeviceAuthTokenRoute<Refs extends ReqRef = ReqRefDefaults> extends OAuth2TokenRoute<OAuth2DeviceAuthTokenParams, Refs> implements IOAuth2DeviceAuthTokenRoute<Refs> {
|
|
17
|
+
static buildDefault<Refs extends ReqRef = ReqRefDefaults>(): DefaultOAuth2DeviceAuthTokenRoute<Refs>;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Return null for invalid request
|
|
21
|
+
*/
|
|
22
|
+
export type DeviceAuthTokenGenerator<Refs extends ReqRef = ReqRefDefaults> = TokenGenerator<OAuth2DeviceAuthTokenParams, Refs, OAuth2DeviceCodeTokenErrorBody>;
|
|
23
|
+
export declare class DefaultOAuth2DeviceAuthTokenRoute<Refs extends ReqRef = ReqRefDefaults> extends OAuth2DeviceAuthTokenRoute<Refs> implements DefaultOAuth2TokenRoute<OAuth2DeviceAuthTokenParams, Refs, OAuth2DeviceCodeTokenErrorBody> {
|
|
24
|
+
#private;
|
|
25
|
+
constructor();
|
|
26
|
+
setPath(path: PathValue): this;
|
|
27
|
+
validate(handler: OAuth2DeviceAuthTokenHandler<Refs>): this;
|
|
28
|
+
generateToken(handler: DeviceAuthTokenGenerator<Refs>): this;
|
|
29
|
+
}
|