@liflig/cdk 3.1.1 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/api-gateway/authorizer-lambdas/basic-auth-authorizer.d.ts +23 -2
- package/lib/api-gateway/authorizer-lambdas/basic-auth-authorizer.js +101 -18
- package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-authorizer.d.ts +8 -6
- package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-authorizer.js +7 -3
- package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-or-basic-auth-authorizer.d.ts +22 -10
- package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-or-basic-auth-authorizer.js +108 -22
- package/lib/api-gateway/http-api-gateway.d.ts +46 -14
- package/lib/api-gateway/http-api-gateway.js +5 -6
- package/package.json +3 -3
|
@@ -4,12 +4,33 @@
|
|
|
4
4
|
*
|
|
5
5
|
* Expects the following environment variables:
|
|
6
6
|
* - CREDENTIALS_SECRET_NAME
|
|
7
|
-
* - Secret value should follow this format: `{"username":"<username>","password":"<password>"}
|
|
7
|
+
* - Secret value should follow this format: `{"username":"<username>","password":"<password>"}`.
|
|
8
|
+
* A different format with an array of pre-encoded credentials is also supported - see docs for
|
|
9
|
+
* the `BasicAuthAuthorizerProps` on the `ApiGateway` construct.
|
|
8
10
|
*/
|
|
9
11
|
import type { APIGatewayRequestAuthorizerEventV2, APIGatewaySimpleAuthorizerResult } from "aws-lambda";
|
|
10
12
|
import { SecretsManager } from "@aws-sdk/client-secrets-manager";
|
|
11
|
-
|
|
13
|
+
type AuthorizerResult = APIGatewaySimpleAuthorizerResult & {
|
|
14
|
+
/**
|
|
15
|
+
* Returning a context object from our authorizer allows our API Gateway to access these variables
|
|
16
|
+
* via `${context.authorizer.<property>}`.
|
|
17
|
+
* https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html
|
|
18
|
+
*/
|
|
19
|
+
context?: {
|
|
20
|
+
/**
|
|
21
|
+
* If the request's credentials are verified, we return the username that was used in this
|
|
22
|
+
* context variable (named `authorizer.username`). We use this to include the requesting user in
|
|
23
|
+
* the API Gateway access logs (see `defaultAccessLogFormat` in our `ApiGateway` construct). You
|
|
24
|
+
* can also use this when mapping parameters to the backend integration (see
|
|
25
|
+
* `AlbIntegrationProps.mapParameters` on the `ApiGateway` construct).
|
|
26
|
+
*/
|
|
27
|
+
username: string;
|
|
28
|
+
};
|
|
29
|
+
};
|
|
30
|
+
export declare const handler: (event: APIGatewayRequestAuthorizerEventV2) => Promise<AuthorizerResult>;
|
|
12
31
|
/** For overriding dependency creation in tests. */
|
|
13
32
|
export declare const dependencies: {
|
|
14
33
|
createSecretsManager: () => SecretsManager;
|
|
15
34
|
};
|
|
35
|
+
export declare function clearCache(): void;
|
|
36
|
+
export {};
|
|
@@ -4,7 +4,9 @@
|
|
|
4
4
|
*
|
|
5
5
|
* Expects the following environment variables:
|
|
6
6
|
* - CREDENTIALS_SECRET_NAME
|
|
7
|
-
* - Secret value should follow this format: `{"username":"<username>","password":"<password>"}
|
|
7
|
+
* - Secret value should follow this format: `{"username":"<username>","password":"<password>"}`.
|
|
8
|
+
* A different format with an array of pre-encoded credentials is also supported - see docs for
|
|
9
|
+
* the `BasicAuthAuthorizerProps` on the `ApiGateway` construct.
|
|
8
10
|
*/
|
|
9
11
|
import { SecretsManager } from "@aws-sdk/client-secrets-manager";
|
|
10
12
|
export const handler = async (event) => {
|
|
@@ -12,30 +14,60 @@ export const handler = async (event) => {
|
|
|
12
14
|
if (!authHeader || !authHeader.startsWith("Basic ")) {
|
|
13
15
|
return { isAuthorized: false };
|
|
14
16
|
}
|
|
15
|
-
const
|
|
16
|
-
|
|
17
|
+
const expectedCredentials = await getExpectedBasicAuthCredentials();
|
|
18
|
+
for (const expected of expectedCredentials) {
|
|
19
|
+
if (authHeader === expected.basicAuthHeader) {
|
|
20
|
+
return {
|
|
21
|
+
isAuthorized: true,
|
|
22
|
+
context: {
|
|
23
|
+
username: expected.username,
|
|
24
|
+
},
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
return { isAuthorized: false };
|
|
17
29
|
};
|
|
18
30
|
/** Cache this value, so that subsequent lambda invocations don't have to refetch. */
|
|
19
|
-
let
|
|
20
|
-
|
|
21
|
-
|
|
31
|
+
let cachedBasicAuthCredentials = undefined;
|
|
32
|
+
/**
|
|
33
|
+
* Returns an array, to support credential secrets with multiple values (see
|
|
34
|
+
* `BasicAuthAuthorizerProps` on the `ApiGateway` construct for more on this).
|
|
35
|
+
*/
|
|
36
|
+
async function getExpectedBasicAuthCredentials() {
|
|
37
|
+
if (cachedBasicAuthCredentials === undefined) {
|
|
22
38
|
const secretName = process.env["CREDENTIALS_SECRET_NAME"];
|
|
23
39
|
if (!secretName) {
|
|
24
40
|
console.error("CREDENTIALS_SECRET_NAME env variable is not defined");
|
|
25
41
|
throw new Error();
|
|
26
42
|
}
|
|
27
|
-
|
|
43
|
+
cachedBasicAuthCredentials = await getBasicAuthCredentialsSecret(secretName);
|
|
28
44
|
}
|
|
29
|
-
return
|
|
45
|
+
return cachedBasicAuthCredentials;
|
|
30
46
|
}
|
|
31
|
-
async function
|
|
32
|
-
const
|
|
33
|
-
if (
|
|
34
|
-
|
|
35
|
-
|
|
47
|
+
async function getBasicAuthCredentialsSecret(secretName) {
|
|
48
|
+
const secret = await getSecretValue(secretName);
|
|
49
|
+
if (isSingleUsernameAndPassword(secret)) {
|
|
50
|
+
const header = "Basic " +
|
|
51
|
+
Buffer.from(`${secret.username}:${secret.password}`).toString("base64");
|
|
52
|
+
return [{ basicAuthHeader: header, username: secret.username }];
|
|
36
53
|
}
|
|
37
|
-
|
|
38
|
-
|
|
54
|
+
// See `BasicAuthAuthorizerProps` on the `ApiGateway` construct for an explanation of the formats
|
|
55
|
+
// we parse here
|
|
56
|
+
if (hasCredentialsKeyWithStringValue(secret)) {
|
|
57
|
+
let credentialsArray;
|
|
58
|
+
try {
|
|
59
|
+
credentialsArray = JSON.parse(secret.credentials);
|
|
60
|
+
}
|
|
61
|
+
catch (e) {
|
|
62
|
+
console.error(`Failed to parse credentials array in secret '${secretName}' as JSON`, e);
|
|
63
|
+
throw new Error();
|
|
64
|
+
}
|
|
65
|
+
if (isStringArray(credentialsArray)) {
|
|
66
|
+
return credentialsArray.map(parseEncodedBasicAuthCredentials);
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
console.error(`Basic auth credentials secret did not follow any expected format (secret name: '${secretName}')`);
|
|
70
|
+
throw new Error();
|
|
39
71
|
}
|
|
40
72
|
/** For overriding dependency creation in tests. */
|
|
41
73
|
export const dependencies = {
|
|
@@ -48,9 +80,15 @@ async function getSecretValue(secretName) {
|
|
|
48
80
|
console.error(`Secret value not found for '${secretName}'`);
|
|
49
81
|
throw new Error();
|
|
50
82
|
}
|
|
51
|
-
|
|
83
|
+
try {
|
|
84
|
+
return JSON.parse(secret.SecretString);
|
|
85
|
+
}
|
|
86
|
+
catch (e) {
|
|
87
|
+
console.error(`Failed to parse secret '${secretName}' as JSON:`, e);
|
|
88
|
+
throw new Error();
|
|
89
|
+
}
|
|
52
90
|
}
|
|
53
|
-
function
|
|
91
|
+
function isSingleUsernameAndPassword(value) {
|
|
54
92
|
return (typeof value === "object" &&
|
|
55
93
|
value !== null &&
|
|
56
94
|
"username" in value &&
|
|
@@ -58,4 +96,49 @@ function secretHasExpectedFormat(value) {
|
|
|
58
96
|
"password" in value &&
|
|
59
97
|
typeof value.password === "string");
|
|
60
98
|
}
|
|
61
|
-
|
|
99
|
+
function hasCredentialsKeyWithStringValue(value) {
|
|
100
|
+
return (typeof value === "object" &&
|
|
101
|
+
value !== null &&
|
|
102
|
+
"credentials" in value &&
|
|
103
|
+
typeof value.credentials === "string");
|
|
104
|
+
}
|
|
105
|
+
function isStringArray(value) {
|
|
106
|
+
if (!Array.isArray(value)) {
|
|
107
|
+
return false;
|
|
108
|
+
}
|
|
109
|
+
for (const element of value) {
|
|
110
|
+
if (typeof element !== "string") {
|
|
111
|
+
return false;
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
return true;
|
|
115
|
+
}
|
|
116
|
+
/**
|
|
117
|
+
* We want to return the requesting username as a context variable in
|
|
118
|
+
* {@link AuthorizerResult.context}, for API Gateway access logs and parameter mapping. So if the
|
|
119
|
+
* basic auth credentials secret is stored as pre-encoded base64 strings, we need to parse them to
|
|
120
|
+
* get the username.
|
|
121
|
+
*/
|
|
122
|
+
function parseEncodedBasicAuthCredentials(encodedCredentials) {
|
|
123
|
+
let decodedCredentials;
|
|
124
|
+
try {
|
|
125
|
+
decodedCredentials = Buffer.from(encodedCredentials, "base64").toString();
|
|
126
|
+
}
|
|
127
|
+
catch (e) {
|
|
128
|
+
console.error("Basic auth credentials secret could not be decoded as base64:", e);
|
|
129
|
+
throw new Error();
|
|
130
|
+
}
|
|
131
|
+
const usernameAndPassword = decodedCredentials.split(":", 2);
|
|
132
|
+
if (usernameAndPassword.length !== 2) {
|
|
133
|
+
console.error("Basic auth credentials secret could not be decoded as 'username:password'");
|
|
134
|
+
throw new Error();
|
|
135
|
+
}
|
|
136
|
+
return {
|
|
137
|
+
basicAuthHeader: `Basic ${encodedCredentials}`,
|
|
138
|
+
username: usernameAndPassword[0],
|
|
139
|
+
};
|
|
140
|
+
}
|
|
141
|
+
export function clearCache() {
|
|
142
|
+
cachedBasicAuthCredentials = undefined;
|
|
143
|
+
}
|
|
144
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFzaWMtYXV0aC1hdXRob3JpemVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FwaS1nYXRld2F5L2F1dGhvcml6ZXItbGFtYmRhcy9iYXNpYy1hdXRoLWF1dGhvcml6ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7OztHQVNHO0FBTUgsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLGlDQUFpQyxDQUFBO0FBb0JoRSxNQUFNLENBQUMsTUFBTSxPQUFPLEdBQUcsS0FBSyxFQUMxQixLQUF5QyxFQUNkLEVBQUU7SUFDN0IsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLE9BQU8sRUFBRSxhQUFhLENBQUE7SUFDL0MsSUFBSSxDQUFDLFVBQVUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztRQUNwRCxPQUFPLEVBQUUsWUFBWSxFQUFFLEtBQUssRUFBRSxDQUFBO0lBQ2hDLENBQUM7SUFFRCxNQUFNLG1CQUFtQixHQUFHLE1BQU0sK0JBQStCLEVBQUUsQ0FBQTtJQUVuRSxLQUFLLE1BQU0sUUFBUSxJQUFJLG1CQUFtQixFQUFFLENBQUM7UUFDM0MsSUFBSSxVQUFVLEtBQUssUUFBUSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQzVDLE9BQU87Z0JBQ0wsWUFBWSxFQUFFLElBQUk7Z0JBQ2xCLE9BQU8sRUFBRTtvQkFDUCxRQUFRLEVBQUUsUUFBUSxDQUFDLFFBQVE7aUJBQzVCO2FBQ0YsQ0FBQTtRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQTtBQUNoQyxDQUFDLENBQUE7QUFPRCxxRkFBcUY7QUFDckYsSUFBSSwwQkFBMEIsR0FDNUIsU0FBUyxDQUFBO0FBRVg7OztHQUdHO0FBQ0gsS0FBSyxVQUFVLCtCQUErQjtJQUc1QyxJQUFJLDBCQUEwQixLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQzdDLE1BQU0sVUFBVSxHQUNkLE9BQU8sQ0FBQyxHQUFHLENBQUMseUJBQXlCLENBQUMsQ0FBQTtRQUN4QyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsT0FBTyxDQUFDLEtBQUssQ0FBQyxxREFBcUQsQ0FBQyxDQUFBO1lBQ3BFLE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtRQUNuQixDQUFDO1FBRUQsMEJBQTBCLEdBQUcsTUFBTSw2QkFBNkIsQ0FBQyxVQUFVLENBQUMsQ0FBQTtJQUM5RSxDQUFDO0lBRUQsT0FBTywwQkFBMEIsQ0FBQTtBQUNuQyxDQUFDO0FBRUQsS0FBSyxVQUFVLDZCQUE2QixDQUMxQyxVQUFrQjtJQUVsQixNQUFNLE1BQU0sR0FBRyxNQUFNLGNBQWMsQ0FBQyxVQUFVLENBQUMsQ0FBQTtJQUUvQyxJQUFJLDJCQUEyQixDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDeEMsTUFBTSxNQUFNLEdBQ1YsUUFBUTtZQUNSLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxNQUFNLENBQUMsUUFBUSxJQUFJLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQTtRQUN6RSxPQUFPLENBQUMsRUFBRSxlQUFlLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQTtJQUNqRSxDQUFDO0lBRUQsaUdBQWlHO0lBQ2pHLGdCQUFnQjtJQUNoQixJQUFJLGdDQUFnQyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDN0MsSUFBSSxnQkFBeUIsQ0FBQTtRQUM3QixJQUFJLENBQUM7WUFDSCxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsQ0FBQTtRQUNuRCxDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNYLE9BQU8sQ0FBQyxLQUFLLENBQ1gsZ0RBQWdELFVBQVUsV0FBVyxFQUNyRSxDQUFDLENBQ0YsQ0FBQTtZQUNELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtRQUNuQixDQUFDO1FBRUQsSUFBSSxhQUFhLENBQUMsZ0JBQWdCLENBQUMsRUFBRSxDQUFDO1lBQ3BDLE9BQU8sZ0JBQWdCLENBQUMsR0FBRyxDQUFDLGdDQUFnQyxDQUFDLENBQUE7UUFDL0QsQ0FBQztJQUNILENBQUM7SUFFRCxPQUFPLENBQUMsS0FBSyxDQUNYLG1GQUFtRixVQUFVLElBQUksQ0FDbEcsQ0FBQTtJQUNELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtBQUNuQixDQUFDO0FBRUQsbURBQW1EO0FBQ25ELE1BQU0sQ0FBQyxNQUFNLFlBQVksR0FBRztJQUMxQixvQkFBb0IsRUFBRSxHQUFHLEVBQUUsQ0FBQyxJQUFJLGNBQWMsRUFBRTtDQUNqRCxDQUFBO0FBRUQsS0FBSyxVQUFVLGNBQWMsQ0FBQyxVQUFrQjtJQUM5QyxNQUFNLE1BQU0sR0FBRyxZQUFZLENBQUMsb0JBQW9CLEVBQUUsQ0FBQTtJQUNsRCxNQUFNLE1BQU0sR0FBRyxNQUFNLE1BQU0sQ0FBQyxjQUFjLENBQUMsRUFBRSxRQUFRLEVBQUUsVUFBVSxFQUFFLENBQUMsQ0FBQTtJQUVwRSxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQ3pCLE9BQU8sQ0FBQyxLQUFLLENBQUMsK0JBQStCLFVBQVUsR0FBRyxDQUFDLENBQUE7UUFDM0QsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO0lBQ25CLENBQUM7SUFFRCxJQUFJLENBQUM7UUFDSCxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFBO0lBQ3hDLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsT0FBTyxDQUFDLEtBQUssQ0FBQywyQkFBMkIsVUFBVSxZQUFZLEVBQUUsQ0FBQyxDQUFDLENBQUE7UUFDbkUsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO0lBQ25CLENBQUM7QUFDSCxDQUFDO0FBRUQsU0FBUywyQkFBMkIsQ0FDbEMsS0FBYztJQUVkLE9BQU8sQ0FDTCxPQUFPLEtBQUssS0FBSyxRQUFRO1FBQ3pCLEtBQUssS0FBSyxJQUFJO1FBQ2QsVUFBVSxJQUFJLEtBQUs7UUFDbkIsT0FBTyxLQUFLLENBQUMsUUFBUSxLQUFLLFFBQVE7UUFDbEMsVUFBVSxJQUFJLEtBQUs7UUFDbkIsT0FBTyxLQUFLLENBQUMsUUFBUSxLQUFLLFFBQVEsQ0FDbkMsQ0FBQTtBQUNILENBQUM7QUFFRCxTQUFTLGdDQUFnQyxDQUN2QyxLQUFjO0lBRWQsT0FBTyxDQUNMLE9BQU8sS0FBSyxLQUFLLFFBQVE7UUFDekIsS0FBSyxLQUFLLElBQUk7UUFDZCxhQUFhLElBQUksS0FBSztRQUN0QixPQUFPLEtBQUssQ0FBQyxXQUFXLEtBQUssUUFBUSxDQUN0QyxDQUFBO0FBQ0gsQ0FBQztBQUVELFNBQVMsYUFBYSxDQUFDLEtBQWM7SUFDbkMsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUMxQixPQUFPLEtBQUssQ0FBQTtJQUNkLENBQUM7SUFFRCxLQUFLLE1BQU0sT0FBTyxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQzVCLElBQUksT0FBTyxPQUFPLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDaEMsT0FBTyxLQUFLLENBQUE7UUFDZCxDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFBO0FBQ2IsQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0gsU0FBUyxnQ0FBZ0MsQ0FDdkMsa0JBQTBCO0lBRTFCLElBQUksa0JBQTBCLENBQUE7SUFDOUIsSUFBSSxDQUFDO1FBQ0gsa0JBQWtCLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxRQUFRLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQTtJQUMzRSxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxLQUFLLENBQ1gsK0RBQStELEVBQy9ELENBQUMsQ0FDRixDQUFBO1FBQ0QsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO0lBQ25CLENBQUM7SUFFRCxNQUFNLG1CQUFtQixHQUFHLGtCQUFrQixDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUE7SUFDNUQsSUFBSSxtQkFBbUIsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDckMsT0FBTyxDQUFDLEtBQUssQ0FDWCwyRUFBMkUsQ0FDNUUsQ0FBQTtRQUNELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtJQUNuQixDQUFDO0lBRUQsT0FBTztRQUNMLGVBQWUsRUFBRSxTQUFTLGtCQUFrQixFQUFFO1FBQzlDLFFBQVEsRUFBRSxtQkFBbUIsQ0FBQyxDQUFDLENBQUM7S0FDakMsQ0FBQTtBQUNILENBQUM7QUFFRCxNQUFNLFVBQVUsVUFBVTtJQUN4QiwwQkFBMEIsR0FBRyxTQUFTLENBQUE7QUFDeEMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogVGhpcyBsYW1iZGEgdmVyaWZpZXMgYXV0aG9yaXphdGlvbiBoZWFkZXIgYWdhaW5zdCBzdGF0aWMgYmFzaWMgYXV0aCBjcmVkZW50aWFscyBzYXZlZCBpbiBTZWNyZXRcbiAqIE1hbmFnZXIuXG4gKlxuICogRXhwZWN0cyB0aGUgZm9sbG93aW5nIGVudmlyb25tZW50IHZhcmlhYmxlczpcbiAqIC0gQ1JFREVOVElBTFNfU0VDUkVUX05BTUVcbiAqICAgLSBTZWNyZXQgdmFsdWUgc2hvdWxkIGZvbGxvdyB0aGlzIGZvcm1hdDogYHtcInVzZXJuYW1lXCI6XCI8dXNlcm5hbWU+XCIsXCJwYXNzd29yZFwiOlwiPHBhc3N3b3JkPlwifWAuXG4gKiAgICAgQSBkaWZmZXJlbnQgZm9ybWF0IHdpdGggYW4gYXJyYXkgb2YgcHJlLWVuY29kZWQgY3JlZGVudGlhbHMgaXMgYWxzbyBzdXBwb3J0ZWQgLSBzZWUgZG9jcyBmb3JcbiAqICAgICB0aGUgYEJhc2ljQXV0aEF1dGhvcml6ZXJQcm9wc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QuXG4gKi9cblxuaW1wb3J0IHR5cGUge1xuICBBUElHYXRld2F5UmVxdWVzdEF1dGhvcml6ZXJFdmVudFYyLFxuICBBUElHYXRld2F5U2ltcGxlQXV0aG9yaXplclJlc3VsdCxcbn0gZnJvbSBcImF3cy1sYW1iZGFcIlxuaW1wb3J0IHsgU2VjcmV0c01hbmFnZXIgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXNlY3JldHMtbWFuYWdlclwiXG5cbnR5cGUgQXV0aG9yaXplclJlc3VsdCA9IEFQSUdhdGV3YXlTaW1wbGVBdXRob3JpemVyUmVzdWx0ICYge1xuICAvKipcbiAgICogUmV0dXJuaW5nIGEgY29udGV4dCBvYmplY3QgZnJvbSBvdXIgYXV0aG9yaXplciBhbGxvd3Mgb3VyIEFQSSBHYXRld2F5IHRvIGFjY2VzcyB0aGVzZSB2YXJpYWJsZXNcbiAgICogdmlhIGAke2NvbnRleHQuYXV0aG9yaXplci48cHJvcGVydHk+fWAuXG4gICAqIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9hcGlnYXRld2F5L2xhdGVzdC9kZXZlbG9wZXJndWlkZS9odHRwLWFwaS1wYXJhbWV0ZXItbWFwcGluZy5odG1sXG4gICAqL1xuICBjb250ZXh0Pzoge1xuICAgIC8qKlxuICAgICAqIElmIHRoZSByZXF1ZXN0J3MgY3JlZGVudGlhbHMgYXJlIHZlcmlmaWVkLCB3ZSByZXR1cm4gdGhlIHVzZXJuYW1lIHRoYXQgd2FzIHVzZWQgaW4gdGhpc1xuICAgICAqIGNvbnRleHQgdmFyaWFibGUgKG5hbWVkIGBhdXRob3JpemVyLnVzZXJuYW1lYCkuIFdlIHVzZSB0aGlzIHRvIGluY2x1ZGUgdGhlIHJlcXVlc3RpbmcgdXNlciBpblxuICAgICAqIHRoZSBBUEkgR2F0ZXdheSBhY2Nlc3MgbG9ncyAoc2VlIGBkZWZhdWx0QWNjZXNzTG9nRm9ybWF0YCBpbiBvdXIgYEFwaUdhdGV3YXlgIGNvbnN0cnVjdCkuIFlvdVxuICAgICAqIGNhbiBhbHNvIHVzZSB0aGlzIHdoZW4gbWFwcGluZyBwYXJhbWV0ZXJzIHRvIHRoZSBiYWNrZW5kIGludGVncmF0aW9uIChzZWVcbiAgICAgKiBgQWxiSW50ZWdyYXRpb25Qcm9wcy5tYXBQYXJhbWV0ZXJzYCBvbiB0aGUgYEFwaUdhdGV3YXlgIGNvbnN0cnVjdCkuXG4gICAgICovXG4gICAgdXNlcm5hbWU6IHN0cmluZ1xuICB9XG59XG5cbmV4cG9ydCBjb25zdCBoYW5kbGVyID0gYXN5bmMgKFxuICBldmVudDogQVBJR2F0ZXdheVJlcXVlc3RBdXRob3JpemVyRXZlbnRWMixcbik6IFByb21pc2U8QXV0aG9yaXplclJlc3VsdD4gPT4ge1xuICBjb25zdCBhdXRoSGVhZGVyID0gZXZlbnQuaGVhZGVycz8uYXV0aG9yaXphdGlvblxuICBpZiAoIWF1dGhIZWFkZXIgfHwgIWF1dGhIZWFkZXIuc3RhcnRzV2l0aChcIkJhc2ljIFwiKSkge1xuICAgIHJldHVybiB7IGlzQXV0aG9yaXplZDogZmFsc2UgfVxuICB9XG5cbiAgY29uc3QgZXhwZWN0ZWRDcmVkZW50aWFscyA9IGF3YWl0IGdldEV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHMoKVxuXG4gIGZvciAoY29uc3QgZXhwZWN0ZWQgb2YgZXhwZWN0ZWRDcmVkZW50aWFscykge1xuICAgIGlmIChhdXRoSGVhZGVyID09PSBleHBlY3RlZC5iYXNpY0F1dGhIZWFkZXIpIHtcbiAgICAgIHJldHVybiB7XG4gICAgICAgIGlzQXV0aG9yaXplZDogdHJ1ZSxcbiAgICAgICAgY29udGV4dDoge1xuICAgICAgICAgIHVzZXJuYW1lOiBleHBlY3RlZC51c2VybmFtZSxcbiAgICAgICAgfSxcbiAgICAgIH1cbiAgICB9XG4gIH1cblxuICByZXR1cm4geyBpc0F1dGhvcml6ZWQ6IGZhbHNlIH1cbn1cblxudHlwZSBFeHBlY3RlZEJhc2ljQXV0aENyZWRlbnRpYWxzID0ge1xuICBiYXNpY0F1dGhIZWFkZXI6IHN0cmluZ1xuICB1c2VybmFtZTogc3RyaW5nXG59XG5cbi8qKiBDYWNoZSB0aGlzIHZhbHVlLCBzbyB0aGF0IHN1YnNlcXVlbnQgbGFtYmRhIGludm9jYXRpb25zIGRvbid0IGhhdmUgdG8gcmVmZXRjaC4gKi9cbmxldCBjYWNoZWRCYXNpY0F1dGhDcmVkZW50aWFsczogRXhwZWN0ZWRCYXNpY0F1dGhDcmVkZW50aWFsc1tdIHwgdW5kZWZpbmVkID1cbiAgdW5kZWZpbmVkXG5cbi8qKlxuICogUmV0dXJucyBhbiBhcnJheSwgdG8gc3VwcG9ydCBjcmVkZW50aWFsIHNlY3JldHMgd2l0aCBtdWx0aXBsZSB2YWx1ZXMgKHNlZVxuICogYEJhc2ljQXV0aEF1dGhvcml6ZXJQcm9wc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QgZm9yIG1vcmUgb24gdGhpcykuXG4gKi9cbmFzeW5jIGZ1bmN0aW9uIGdldEV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHMoKTogUHJvbWlzZTxcbiAgRXhwZWN0ZWRCYXNpY0F1dGhDcmVkZW50aWFsc1tdXG4+IHtcbiAgaWYgKGNhY2hlZEJhc2ljQXV0aENyZWRlbnRpYWxzID09PSB1bmRlZmluZWQpIHtcbiAgICBjb25zdCBzZWNyZXROYW1lOiBzdHJpbmcgfCB1bmRlZmluZWQgPVxuICAgICAgcHJvY2Vzcy5lbnZbXCJDUkVERU5USUFMU19TRUNSRVRfTkFNRVwiXVxuICAgIGlmICghc2VjcmV0TmFtZSkge1xuICAgICAgY29uc29sZS5lcnJvcihcIkNSRURFTlRJQUxTX1NFQ1JFVF9OQU1FIGVudiB2YXJpYWJsZSBpcyBub3QgZGVmaW5lZFwiKVxuICAgICAgdGhyb3cgbmV3IEVycm9yKClcbiAgICB9XG5cbiAgICBjYWNoZWRCYXNpY0F1dGhDcmVkZW50aWFscyA9IGF3YWl0IGdldEJhc2ljQXV0aENyZWRlbnRpYWxzU2VjcmV0KHNlY3JldE5hbWUpXG4gIH1cblxuICByZXR1cm4gY2FjaGVkQmFzaWNBdXRoQ3JlZGVudGlhbHNcbn1cblxuYXN5bmMgZnVuY3Rpb24gZ2V0QmFzaWNBdXRoQ3JlZGVudGlhbHNTZWNyZXQoXG4gIHNlY3JldE5hbWU6IHN0cmluZyxcbik6IFByb21pc2U8RXhwZWN0ZWRCYXNpY0F1dGhDcmVkZW50aWFsc1tdPiB7XG4gIGNvbnN0IHNlY3JldCA9IGF3YWl0IGdldFNlY3JldFZhbHVlKHNlY3JldE5hbWUpXG5cbiAgaWYgKGlzU2luZ2xlVXNlcm5hbWVBbmRQYXNzd29yZChzZWNyZXQpKSB7XG4gICAgY29uc3QgaGVhZGVyID1cbiAgICAgIFwiQmFzaWMgXCIgK1xuICAgICAgQnVmZmVyLmZyb20oYCR7c2VjcmV0LnVzZXJuYW1lfToke3NlY3JldC5wYXNzd29yZH1gKS50b1N0cmluZyhcImJhc2U2NFwiKVxuICAgIHJldHVybiBbeyBiYXNpY0F1dGhIZWFkZXI6IGhlYWRlciwgdXNlcm5hbWU6IHNlY3JldC51c2VybmFtZSB9XVxuICB9XG5cbiAgLy8gU2VlIGBCYXNpY0F1dGhBdXRob3JpemVyUHJvcHNgIG9uIHRoZSBgQXBpR2F0ZXdheWAgY29uc3RydWN0IGZvciBhbiBleHBsYW5hdGlvbiBvZiB0aGUgZm9ybWF0c1xuICAvLyB3ZSBwYXJzZSBoZXJlXG4gIGlmIChoYXNDcmVkZW50aWFsc0tleVdpdGhTdHJpbmdWYWx1ZShzZWNyZXQpKSB7XG4gICAgbGV0IGNyZWRlbnRpYWxzQXJyYXk6IHVua25vd25cbiAgICB0cnkge1xuICAgICAgY3JlZGVudGlhbHNBcnJheSA9IEpTT04ucGFyc2Uoc2VjcmV0LmNyZWRlbnRpYWxzKVxuICAgIH0gY2F0Y2ggKGUpIHtcbiAgICAgIGNvbnNvbGUuZXJyb3IoXG4gICAgICAgIGBGYWlsZWQgdG8gcGFyc2UgY3JlZGVudGlhbHMgYXJyYXkgaW4gc2VjcmV0ICcke3NlY3JldE5hbWV9JyBhcyBKU09OYCxcbiAgICAgICAgZSxcbiAgICAgIClcbiAgICAgIHRocm93IG5ldyBFcnJvcigpXG4gICAgfVxuXG4gICAgaWYgKGlzU3RyaW5nQXJyYXkoY3JlZGVudGlhbHNBcnJheSkpIHtcbiAgICAgIHJldHVybiBjcmVkZW50aWFsc0FycmF5Lm1hcChwYXJzZUVuY29kZWRCYXNpY0F1dGhDcmVkZW50aWFscylcbiAgICB9XG4gIH1cblxuICBjb25zb2xlLmVycm9yKFxuICAgIGBCYXNpYyBhdXRoIGNyZWRlbnRpYWxzIHNlY3JldCBkaWQgbm90IGZvbGxvdyBhbnkgZXhwZWN0ZWQgZm9ybWF0IChzZWNyZXQgbmFtZTogJyR7c2VjcmV0TmFtZX0nKWAsXG4gIClcbiAgdGhyb3cgbmV3IEVycm9yKClcbn1cblxuLyoqIEZvciBvdmVycmlkaW5nIGRlcGVuZGVuY3kgY3JlYXRpb24gaW4gdGVzdHMuICovXG5leHBvcnQgY29uc3QgZGVwZW5kZW5jaWVzID0ge1xuICBjcmVhdGVTZWNyZXRzTWFuYWdlcjogKCkgPT4gbmV3IFNlY3JldHNNYW5hZ2VyKCksXG59XG5cbmFzeW5jIGZ1bmN0aW9uIGdldFNlY3JldFZhbHVlKHNlY3JldE5hbWU6IHN0cmluZyk6IFByb21pc2U8dW5rbm93bj4ge1xuICBjb25zdCBjbGllbnQgPSBkZXBlbmRlbmNpZXMuY3JlYXRlU2VjcmV0c01hbmFnZXIoKVxuICBjb25zdCBzZWNyZXQgPSBhd2FpdCBjbGllbnQuZ2V0U2VjcmV0VmFsdWUoeyBTZWNyZXRJZDogc2VjcmV0TmFtZSB9KVxuXG4gIGlmICghc2VjcmV0LlNlY3JldFN0cmluZykge1xuICAgIGNvbnNvbGUuZXJyb3IoYFNlY3JldCB2YWx1ZSBub3QgZm91bmQgZm9yICcke3NlY3JldE5hbWV9J2ApXG4gICAgdGhyb3cgbmV3IEVycm9yKClcbiAgfVxuXG4gIHRyeSB7XG4gICAgcmV0dXJuIEpTT04ucGFyc2Uoc2VjcmV0LlNlY3JldFN0cmluZylcbiAgfSBjYXRjaCAoZSkge1xuICAgIGNvbnNvbGUuZXJyb3IoYEZhaWxlZCB0byBwYXJzZSBzZWNyZXQgJyR7c2VjcmV0TmFtZX0nIGFzIEpTT046YCwgZSlcbiAgICB0aHJvdyBuZXcgRXJyb3IoKVxuICB9XG59XG5cbmZ1bmN0aW9uIGlzU2luZ2xlVXNlcm5hbWVBbmRQYXNzd29yZChcbiAgdmFsdWU6IHVua25vd24sXG4pOiB2YWx1ZSBpcyB7IHVzZXJuYW1lOiBzdHJpbmc7IHBhc3N3b3JkOiBzdHJpbmcgfSB7XG4gIHJldHVybiAoXG4gICAgdHlwZW9mIHZhbHVlID09PSBcIm9iamVjdFwiICYmXG4gICAgdmFsdWUgIT09IG51bGwgJiZcbiAgICBcInVzZXJuYW1lXCIgaW4gdmFsdWUgJiZcbiAgICB0eXBlb2YgdmFsdWUudXNlcm5hbWUgPT09IFwic3RyaW5nXCIgJiZcbiAgICBcInBhc3N3b3JkXCIgaW4gdmFsdWUgJiZcbiAgICB0eXBlb2YgdmFsdWUucGFzc3dvcmQgPT09IFwic3RyaW5nXCJcbiAgKVxufVxuXG5mdW5jdGlvbiBoYXNDcmVkZW50aWFsc0tleVdpdGhTdHJpbmdWYWx1ZShcbiAgdmFsdWU6IHVua25vd24sXG4pOiB2YWx1ZSBpcyB7IGNyZWRlbnRpYWxzOiBzdHJpbmcgfSB7XG4gIHJldHVybiAoXG4gICAgdHlwZW9mIHZhbHVlID09PSBcIm9iamVjdFwiICYmXG4gICAgdmFsdWUgIT09IG51bGwgJiZcbiAgICBcImNyZWRlbnRpYWxzXCIgaW4gdmFsdWUgJiZcbiAgICB0eXBlb2YgdmFsdWUuY3JlZGVudGlhbHMgPT09IFwic3RyaW5nXCJcbiAgKVxufVxuXG5mdW5jdGlvbiBpc1N0cmluZ0FycmF5KHZhbHVlOiB1bmtub3duKTogdmFsdWUgaXMgc3RyaW5nW10ge1xuICBpZiAoIUFycmF5LmlzQXJyYXkodmFsdWUpKSB7XG4gICAgcmV0dXJuIGZhbHNlXG4gIH1cblxuICBmb3IgKGNvbnN0IGVsZW1lbnQgb2YgdmFsdWUpIHtcbiAgICBpZiAodHlwZW9mIGVsZW1lbnQgIT09IFwic3RyaW5nXCIpIHtcbiAgICAgIHJldHVybiBmYWxzZVxuICAgIH1cbiAgfVxuXG4gIHJldHVybiB0cnVlXG59XG5cbi8qKlxuICogV2Ugd2FudCB0byByZXR1cm4gdGhlIHJlcXVlc3RpbmcgdXNlcm5hbWUgYXMgYSBjb250ZXh0IHZhcmlhYmxlIGluXG4gKiB7QGxpbmsgQXV0aG9yaXplclJlc3VsdC5jb250ZXh0fSwgZm9yIEFQSSBHYXRld2F5IGFjY2VzcyBsb2dzIGFuZCBwYXJhbWV0ZXIgbWFwcGluZy4gU28gaWYgdGhlXG4gKiBiYXNpYyBhdXRoIGNyZWRlbnRpYWxzIHNlY3JldCBpcyBzdG9yZWQgYXMgcHJlLWVuY29kZWQgYmFzZTY0IHN0cmluZ3MsIHdlIG5lZWQgdG8gcGFyc2UgdGhlbSB0b1xuICogZ2V0IHRoZSB1c2VybmFtZS5cbiAqL1xuZnVuY3Rpb24gcGFyc2VFbmNvZGVkQmFzaWNBdXRoQ3JlZGVudGlhbHMoXG4gIGVuY29kZWRDcmVkZW50aWFsczogc3RyaW5nLFxuKTogRXhwZWN0ZWRCYXNpY0F1dGhDcmVkZW50aWFscyB7XG4gIGxldCBkZWNvZGVkQ3JlZGVudGlhbHM6IHN0cmluZ1xuICB0cnkge1xuICAgIGRlY29kZWRDcmVkZW50aWFscyA9IEJ1ZmZlci5mcm9tKGVuY29kZWRDcmVkZW50aWFscywgXCJiYXNlNjRcIikudG9TdHJpbmcoKVxuICB9IGNhdGNoIChlKSB7XG4gICAgY29uc29sZS5lcnJvcihcbiAgICAgIFwiQmFzaWMgYXV0aCBjcmVkZW50aWFscyBzZWNyZXQgY291bGQgbm90IGJlIGRlY29kZWQgYXMgYmFzZTY0OlwiLFxuICAgICAgZSxcbiAgICApXG4gICAgdGhyb3cgbmV3IEVycm9yKClcbiAgfVxuXG4gIGNvbnN0IHVzZXJuYW1lQW5kUGFzc3dvcmQgPSBkZWNvZGVkQ3JlZGVudGlhbHMuc3BsaXQoXCI6XCIsIDIpXG4gIGlmICh1c2VybmFtZUFuZFBhc3N3b3JkLmxlbmd0aCAhPT0gMikge1xuICAgIGNvbnNvbGUuZXJyb3IoXG4gICAgICBcIkJhc2ljIGF1dGggY3JlZGVudGlhbHMgc2VjcmV0IGNvdWxkIG5vdCBiZSBkZWNvZGVkIGFzICd1c2VybmFtZTpwYXNzd29yZCdcIixcbiAgICApXG4gICAgdGhyb3cgbmV3IEVycm9yKClcbiAgfVxuXG4gIHJldHVybiB7XG4gICAgYmFzaWNBdXRoSGVhZGVyOiBgQmFzaWMgJHtlbmNvZGVkQ3JlZGVudGlhbHN9YCxcbiAgICB1c2VybmFtZTogdXNlcm5hbWVBbmRQYXNzd29yZFswXSxcbiAgfVxufVxuXG5leHBvcnQgZnVuY3Rpb24gY2xlYXJDYWNoZSgpIHtcbiAgY2FjaGVkQmFzaWNBdXRoQ3JlZGVudGlhbHMgPSB1bmRlZmluZWRcbn1cbiJdfQ==
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* This lambda verifies
|
|
2
|
+
* This lambda verifies access token in Bearer authorization header using Cognito.
|
|
3
3
|
*
|
|
4
4
|
* Expects the following environment variables:
|
|
5
5
|
* - USER_POOL_ID
|
|
6
6
|
* - REQUIRED_SCOPE (optional)
|
|
7
|
-
* - Set this to require that the
|
|
7
|
+
* - Set this to require that the access token payload contains the given scope
|
|
8
8
|
* - CREDENTIALS_FOR_INTERNAL_AUTHORIZATION (optional)
|
|
9
9
|
* - Secret name from which to get basic auth credentials that should be forwarded to backend
|
|
10
10
|
* integration if authentication succeeds
|
|
@@ -17,14 +17,15 @@ type AuthorizerResult = APIGatewaySimpleAuthorizerResult & {
|
|
|
17
17
|
/**
|
|
18
18
|
* Returning a context object from our authorizer allows our API Gateway to access these variables
|
|
19
19
|
* via `${context.authorizer.<property>}`.
|
|
20
|
-
* https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-
|
|
20
|
+
* https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html
|
|
21
21
|
*/
|
|
22
22
|
context?: {
|
|
23
23
|
/**
|
|
24
24
|
* If the token is verified, we return the auth client ID from the token's claims as a context
|
|
25
|
-
* variable (named `authorizer.clientId`).
|
|
26
|
-
* API Gateway (see `
|
|
27
|
-
*
|
|
25
|
+
* variable (named `authorizer.clientId`). We use this to include the requesting client in the
|
|
26
|
+
* API Gateway access logs (see `defaultAccessLogFormat` in our `ApiGateway` construct). You can
|
|
27
|
+
* also use this when mapping parameters to the backend integration (see
|
|
28
|
+
* `AlbIntegrationProps.mapParameters` on the `ApiGateway` construct).
|
|
28
29
|
*/
|
|
29
30
|
clientId: string;
|
|
30
31
|
/**
|
|
@@ -45,4 +46,5 @@ export declare const dependencies: {
|
|
|
45
46
|
createTokenVerifier: () => TokenVerifier;
|
|
46
47
|
createSecretsManager: () => SecretsManager;
|
|
47
48
|
};
|
|
49
|
+
export declare function clearCache(): void;
|
|
48
50
|
export {};
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* This lambda verifies
|
|
2
|
+
* This lambda verifies access token in Bearer authorization header using Cognito.
|
|
3
3
|
*
|
|
4
4
|
* Expects the following environment variables:
|
|
5
5
|
* - USER_POOL_ID
|
|
6
6
|
* - REQUIRED_SCOPE (optional)
|
|
7
|
-
* - Set this to require that the
|
|
7
|
+
* - Set this to require that the access token payload contains the given scope
|
|
8
8
|
* - CREDENTIALS_FOR_INTERNAL_AUTHORIZATION (optional)
|
|
9
9
|
* - Secret name from which to get basic auth credentials that should be forwarded to backend
|
|
10
10
|
* integration if authentication succeeds
|
|
@@ -126,4 +126,8 @@ function secretHasExpectedFormat(value) {
|
|
|
126
126
|
"password" in value &&
|
|
127
127
|
typeof value.password === "string");
|
|
128
128
|
}
|
|
129
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0by11c2VyLXBvb2wtYXV0aG9yaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hcGktZ2F0ZXdheS9hdXRob3JpemVyLWxhbWJkYXMvY29nbml0by11c2VyLXBvb2wtYXV0aG9yaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7Ozs7Ozs7R0FXRztBQU1ILE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQTtBQUNoRSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQTtBQTJCbkQsTUFBTSxDQUFDLE1BQU0sT0FBTyxHQUFHLEtBQUssRUFDMUIsS0FBeUMsRUFDZCxFQUFFO0lBQzdCLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxPQUFPLEVBQUUsYUFBYSxDQUFBO0lBQy9DLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDckQsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQTtJQUNoQyxDQUFDO0lBRUQsTUFBTSxNQUFNLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUEsQ0FBQyxrQ0FBa0M7SUFDbEcsUUFBUSxNQUFNLEVBQUUsQ0FBQztRQUNmLEtBQUssU0FBUztZQUNaLE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLENBQUE7UUFDaEMsS0FBSyxTQUFTO1lBQ1osd0ZBQXdGO1lBQ3hGLHFGQUFxRjtZQUNyRix5RkFBeUY7WUFDekYscUVBQXFFO1lBQ3JFLE1BQU0sSUFBSSxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUE7UUFDakMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNSLE9BQU87Z0JBQ0wsWUFBWSxFQUFFLElBQUk7Z0JBQ2xCLE9BQU8sRUFBRTtvQkFDUCxRQUFRLEVBQUUsTUFBTSxDQUFDLFNBQVM7b0JBQzFCLDJCQUEyQixFQUFFLE1BQU0sOEJBQThCLEVBQUU7aUJBQ3BFO2FBQ0YsQ0FBQTtRQUNILENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQyxDQUFBO0FBRUQsNERBQTREO0FBQzVELEtBQUssVUFBVSxpQkFBaUIsQ0FDOUIsS0FBYTtJQUViLElBQUksQ0FBQztRQUNILE1BQU0sYUFBYSxHQUFHLGdCQUFnQixFQUFFLENBQUE7UUFDeEMsNkZBQTZGO1FBQzdGLGdCQUFnQjtRQUNoQixPQUFPLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUMxQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLDREQUE0RDtRQUM1RCwwR0FBMEc7UUFDMUcsOEZBQThGO1FBQzlGLGNBQWM7UUFDZCxJQUFJLENBQUMsWUFBWSxLQUFLLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsZUFBZSxDQUFDLEVBQUUsQ0FBQztZQUMvRCxPQUFPLFNBQVMsQ0FBQTtRQUNsQixDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQztBQU1EOzs7R0FHRztBQUNILElBQUksbUJBQW1CLEdBQThCLFNBQVMsQ0FBQTtBQUU5RCxTQUFTLGdCQUFnQjtJQUN2QixJQUFJLG1CQUFtQixLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3RDLG1CQUFtQixHQUFHLFlBQVksQ0FBQyxtQkFBbUIsRUFBRSxDQUFBO0lBQzFELENBQUM7SUFDRCxPQUFPLG1CQUFtQixDQUFBO0FBQzVCLENBQUM7QUFFRCxtREFBbUQ7QUFDbkQsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHO0lBQzFCLG1CQUFtQixFQUFFLEdBQWtCLEVBQUU7UUFDdkMsTUFBTSxVQUFVLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQTtRQUM5QyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsT0FBTyxDQUFDLEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxDQUFBO1lBQ3pELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtRQUNuQixDQUFDO1FBRUQsT0FBTyxrQkFBa0IsQ0FBQyxNQUFNLENBQUM7WUFDL0IsVUFBVTtZQUNWLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLFFBQVEsRUFBRSxJQUFJO1lBQ2QsS0FBSyxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxJQUFJLFNBQVMsRUFBRSx5Q0FBeUM7U0FDMUYsQ0FBQyxDQUFBO0lBQ0osQ0FBQztJQUNELG9CQUFvQixFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksY0FBYyxFQUFFO0NBQ2pELENBQUE7QUFFRCxxRkFBcUY7QUFDckYsSUFBSSxpQ0FBaUMsR0FBdUIsU0FBUyxDQUFBO0FBRXJFLEtBQUssVUFBVSw4QkFBOEI7SUFDM0MsSUFBSSxpQ0FBaUMsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUNwRCxNQUFNLFVBQVUsR0FDZCxPQUFPLENBQUMsR0FBRyxDQUFDLHdDQUF3QyxDQUFDLENBQUE7UUFDdkQsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7UUFFRCxpQ0FBaUM7WUFDL0IsTUFBTSwwQkFBMEIsQ0FBQyxVQUFVLENBQUMsQ0FBQTtJQUNoRCxDQUFDO0lBRUQsT0FBTyxpQ0FBaUMsQ0FBQTtBQUMxQyxDQUFDO0FBRUQsS0FBSyxVQUFVLDBCQUEwQixDQUFDLFVBQWtCO0lBQzFELE1BQU0sV0FBVyxHQUFHLE1BQU0sY0FBYyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBQ3BELElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQzFDLE9BQU8sQ0FBQyxLQUFLLENBQ1gsK0VBQStFLFVBQVUsSUFBSSxDQUM5RixDQUFBO1FBQ0QsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO0lBQ25CLENBQUM7SUFFRCxPQUFPLENBQ0wsUUFBUTtRQUNSLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxXQUFXLENBQUMsUUFBUSxJQUFJLFdBQVcsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FDckUsUUFBUSxDQUNULENBQ0YsQ0FBQTtBQUNILENBQUM7QUFFRCxLQUFLLFVBQVUsY0FBYyxDQUFDLFVBQWtCO0lBQzlDLE1BQU0sTUFBTSxHQUFHLFlBQVksQ0FBQyxvQkFBb0IsRUFBRSxDQUFBO0lBQ2xELE1BQU0sTUFBTSxHQUFHLE1BQU0sTUFBTSxDQUFDLGNBQWMsQ0FBQyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFBO0lBRXBFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDekIsT0FBTyxDQUFDLEtBQUssQ0FBQywrQkFBK0IsVUFBVSxHQUFHLENBQUMsQ0FBQTtRQUMzRCxNQUFNLElBQUksS0FBSyxFQUFFLENBQUE7SUFDbkIsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUE7QUFDeEMsQ0FBQztBQUVELFNBQVMsdUJBQXVCLENBQzlCLEtBQWM7SUFFZCxPQUFPLENBQ0wsT0FBTyxLQUFLLEtBQUssUUFBUTtRQUN6QixLQUFLLEtBQUssSUFBSTtRQUNkLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRO1FBQ2xDLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRLENBQ25DLENBQUE7QUFDSCxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBUaGlzIGxhbWJkYSB2ZXJpZmllcyBiZWFyZXIgdG9rZW4gaW4gYXV0aG9yaXphdGlvbiBoZWFkZXIgdXNpbmcgQ29nbml0by5cbiAqXG4gKiBFeHBlY3RzIHRoZSBmb2xsb3dpbmcgZW52aXJvbm1lbnQgdmFyaWFibGVzOlxuICogLSBVU0VSX1BPT0xfSURcbiAqIC0gUkVRVUlSRURfU0NPUEUgKG9wdGlvbmFsKVxuICogICAtIFNldCB0aGlzIHRvIHJlcXVpcmUgdGhhdCB0aGUgYmVhcmVyIHRva2VuIHBheWxvYWQgY29udGFpbnMgdGhlIGdpdmVuIHNjb3BlXG4gKiAtIENSRURFTlRJQUxTX0ZPUl9JTlRFUk5BTF9BVVRIT1JJWkFUSU9OIChvcHRpb25hbClcbiAqICAgLSBTZWNyZXQgbmFtZSBmcm9tIHdoaWNoIHRvIGdldCBiYXNpYyBhdXRoIGNyZWRlbnRpYWxzIHRoYXQgc2hvdWxkIGJlIGZvcndhcmRlZCB0byBiYWNrZW5kXG4gKiAgICAgaW50ZWdyYXRpb24gaWYgYXV0aGVudGljYXRpb24gc3VjY2VlZHNcbiAqICAgLSBTZWNyZXQgdmFsdWUgc2hvdWxkIGZvbGxvdyB0aGlzIGZvcm1hdDogYHtcInVzZXJuYW1lXCI6XCI8dXNlcm5hbWU+XCIsXCJwYXNzd29yZFwiOlwiPHBhc3N3b3JkPlwifWBcbiAqL1xuXG5pbXBvcnQgdHlwZSB7XG4gIEFQSUdhdGV3YXlSZXF1ZXN0QXV0aG9yaXplckV2ZW50VjIsXG4gIEFQSUdhdGV3YXlTaW1wbGVBdXRob3JpemVyUmVzdWx0LFxufSBmcm9tIFwiYXdzLWxhbWJkYVwiXG5pbXBvcnQgeyBTZWNyZXRzTWFuYWdlciB9IGZyb20gXCJAYXdzLXNkay9jbGllbnQtc2VjcmV0cy1tYW5hZ2VyXCJcbmltcG9ydCB7IENvZ25pdG9Kd3RWZXJpZmllciB9IGZyb20gXCJhd3Mtand0LXZlcmlmeVwiXG5pbXBvcnQgdHlwZSB7IENvZ25pdG9BY2Nlc3NUb2tlblBheWxvYWQgfSBmcm9tIFwiYXdzLWp3dC12ZXJpZnkvand0LW1vZGVsXCJcblxudHlwZSBBdXRob3JpemVyUmVzdWx0ID0gQVBJR2F0ZXdheVNpbXBsZUF1dGhvcml6ZXJSZXN1bHQgJiB7XG4gIC8qKlxuICAgKiBSZXR1cm5pbmcgYSBjb250ZXh0IG9iamVjdCBmcm9tIG91ciBhdXRob3JpemVyIGFsbG93cyBvdXIgQVBJIEdhdGV3YXkgdG8gYWNjZXNzIHRoZXNlIHZhcmlhYmxlc1xuICAgKiB2aWEgYCR7Y29udGV4dC5hdXRob3JpemVyLjxwcm9wZXJ0eT59YC5cbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL2FwaWdhdGV3YXkvbGF0ZXN0L2RldmVsb3Blcmd1aWRlL2h0dHAtYXBpLWxvZ2dpbmctdmFyaWFibGVzLmh0bWxcbiAgICovXG4gIGNvbnRleHQ/OiB7XG4gICAgLyoqXG4gICAgICogSWYgdGhlIHRva2VuIGlzIHZlcmlmaWVkLCB3ZSByZXR1cm4gdGhlIGF1dGggY2xpZW50IElEIGZyb20gdGhlIHRva2VuJ3MgY2xhaW1zIGFzIGEgY29udGV4dFxuICAgICAqIHZhcmlhYmxlIChuYW1lZCBgYXV0aG9yaXplci5jbGllbnRJZGApLiBZb3UgY2FuIHRoZW4gdXNlIHRoaXMgZm9yIHBhcmFtZXRlciBtYXBwaW5nIG9uIHRoZVxuICAgICAqIEFQSSBHYXRld2F5IChzZWUgYEFsYkludGVncmF0aW9uUHJvcHMubWFwUGFyYW1ldGVyc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QpLCBpZiBmb3JcbiAgICAgKiBleGFtcGxlIHlvdSB3YW50IHRvIGZvcndhcmQgdGhpcyB0byB0aGUgYmFja2VuZCBpbnRlZ3JhdGlvbi5cbiAgICAgKi9cbiAgICBjbGllbnRJZDogc3RyaW5nXG4gICAgLyoqXG4gICAgICogSWYgYENSRURFTlRJQUxTX0ZPUl9JTlRFUk5BTF9BVVRIT1JJWkFUSU9OYCBpcyBwcm92aWRlZCwgd2Ugd2FudCB0byBmb3J3YXJkIGJhc2ljIGF1dGhcbiAgICAgKiBjcmVkZW50aWFscyB0byBvdXIgYmFja2VuZCwgYXMgYW4gYWRkaXRpb25hbCBhdXRoZW50aWNhdGlvbiBsYXllci4gU2VlIHRoZSBkb2NzdHJpbmcgb25cbiAgICAgKiBgQ29nbml0b1VzZXJQb29sQXV0aG9yaXplclByb3BzLmJhc2ljQXV0aEZvckludGVybmFsQXV0aG9yaXphdGlvbmAgaW4gdGhlIGBBcGlHYXRld2F5YFxuICAgICAqIGNvbnN0cnVjdCBmb3IgbW9yZSBvbiB0aGlzLlxuICAgICAqL1xuICAgIGludGVybmFsQXV0aG9yaXphdGlvbkhlYWRlcj86IHN0cmluZ1xuICB9XG59XG5cbmV4cG9ydCBjb25zdCBoYW5kbGVyID0gYXN5bmMgKFxuICBldmVudDogQVBJR2F0ZXdheVJlcXVlc3RBdXRob3JpemVyRXZlbnRWMixcbik6IFByb21pc2U8QXV0aG9yaXplclJlc3VsdD4gPT4ge1xuICBjb25zdCBhdXRoSGVhZGVyID0gZXZlbnQuaGVhZGVycz8uYXV0aG9yaXphdGlvblxuICBpZiAoIWF1dGhIZWFkZXIgfHwgIWF1dGhIZWFkZXIuc3RhcnRzV2l0aChcIkJlYXJlciBcIikpIHtcbiAgICByZXR1cm4geyBpc0F1dGhvcml6ZWQ6IGZhbHNlIH1cbiAgfVxuXG4gIGNvbnN0IHJlc3VsdCA9IGF3YWl0IHZlcmlmeUFjY2Vzc1Rva2VuKGF1dGhIZWFkZXIuc3Vic3RyaW5nKDcpKSAvLyBzdWJzdHJpbmcoNykgPT0gYWZ0ZXIgJ0JlYXJlciAnXG4gIHN3aXRjaCAocmVzdWx0KSB7XG4gICAgY2FzZSBcIklOVkFMSURcIjpcbiAgICAgIHJldHVybiB7IGlzQXV0aG9yaXplZDogZmFsc2UgfVxuICAgIGNhc2UgXCJFWFBJUkVEXCI6XG4gICAgICAvLyBXZSB3YW50IHRvIHJldHVybiA0MDEgVW5hdXRob3JpemVkIGZvciBleHBpcmVkIHRva2Vucywgc28gdGhlIGNsaWVudCBrbm93cyB0byByZWZyZXNoXG4gICAgICAvLyB0aGVpciB0b2tlbiB3aGVuIHJlY2VpdmluZyB0aGlzIHN0YXR1cyBjb2RlLiBBUEkgR2F0ZXdheSBhdXRob3JpemVyIGxhbWJkYXMgcmV0dXJuXG4gICAgICAvLyA0MDMgRm9yYmlkZGVuIGZvciB7aXNBdXRob3JpemVkOiBmYWxzZX0sIGJ1dCB0aGVyZSBpcyBhIHdheSB0byByZXR1cm4gNDAxOiB0aHJvd2luZyBhblxuICAgICAgLy8gZXJyb3Igd2l0aCB0aGlzIGV4YWN0IHN0cmluZy4gaHR0cHM6Ly9zdGFja292ZXJmbG93LmNvbS9hLzcxOTY1ODkwXG4gICAgICB0aHJvdyBuZXcgRXJyb3IoXCJVbmF1dGhvcml6ZWRcIilcbiAgICBkZWZhdWx0OiB7XG4gICAgICByZXR1cm4ge1xuICAgICAgICBpc0F1dGhvcml6ZWQ6IHRydWUsXG4gICAgICAgIGNvbnRleHQ6IHtcbiAgICAgICAgICBjbGllbnRJZDogcmVzdWx0LmNsaWVudF9pZCxcbiAgICAgICAgICBpbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXI6IGF3YWl0IGdldEludGVybmFsQXV0aG9yaXphdGlvbkhlYWRlcigpLFxuICAgICAgICB9LFxuICAgICAgfVxuICAgIH1cbiAgfVxufVxuXG4vKiogRGVjb2RlcyBhbmQgdmVyaWZpZXMgdGhlIGdpdmVuIHRva2VuIGFnYWluc3QgQ29nbml0by4gKi9cbmFzeW5jIGZ1bmN0aW9uIHZlcmlmeUFjY2Vzc1Rva2VuKFxuICB0b2tlbjogc3RyaW5nLFxuKTogUHJvbWlzZTxDb2duaXRvQWNjZXNzVG9rZW5QYXlsb2FkIHwgXCJFWFBJUkVEXCIgfCBcIklOVkFMSURcIj4ge1xuICB0cnkge1xuICAgIGNvbnN0IHRva2VuVmVyaWZpZXIgPSBnZXRUb2tlblZlcmlmaWVyKClcbiAgICAvLyBNdXN0IGF3YWl0IGhlcmUgaW5zdGVhZCBvZiByZXR1cm5pbmcgdGhlIHByb21pc2UgZGlyZWN0bHksIHNvIHRoYXQgZXJyb3JzIGNhbiBiZSBjYXVnaHQgaW5cbiAgICAvLyB0aGlzIGZ1bmN0aW9uXG4gICAgcmV0dXJuIGF3YWl0IHRva2VuVmVyaWZpZXIudmVyaWZ5KHRva2VuKVxuICB9IGNhdGNoIChlKSB7XG4gICAgLy8gSWYgdGhlIEpXVCBoYXMgZXhwaXJlZCwgYXdzLWp3dC12ZXJpZnkgdGhyb3dzIHRoaXMgZXJyb3I6XG4gICAgLy8gaHR0cHM6Ly9naXRodWIuY29tL2F3c2xhYnMvYXdzLWp3dC12ZXJpZnkvYmxvYi84ZDhmNzE0ZDcyODE5MTNlY2Q2NjAxNDdmNWMzMDMxMTQ3OTYwMWMxL3NyYy9qd3QudHMjTDE5N1xuICAgIC8vIFdlIGNhbid0IGNoZWNrIGluc3RhbmNlb2Ygb24gdGhhdCBlcnJvciBjbGFzcywgc2luY2UgaXQncyBub3QgZXhwb3J0ZWQsIHNvIHRoaXMgaXMgdGhlIG5leHRcbiAgICAvLyBiZXN0IHRoaW5nLlxuICAgIGlmIChlIGluc3RhbmNlb2YgRXJyb3IgJiYgZS5tZXNzYWdlPy5pbmNsdWRlcyhcIlRva2VuIGV4cGlyZWRcIikpIHtcbiAgICAgIHJldHVybiBcIkVYUElSRURcIlxuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gXCJJTlZBTElEXCJcbiAgICB9XG4gIH1cbn1cblxuZXhwb3J0IHR5cGUgVG9rZW5WZXJpZmllciA9IHtcbiAgdmVyaWZ5OiAoYWNjZXNzVG9rZW46IHN0cmluZykgPT4gUHJvbWlzZTxDb2duaXRvQWNjZXNzVG9rZW5QYXlsb2FkPlxufVxuXG4vKipcbiAqIFdlIGNhY2hlIHRoZSB2ZXJpZmllciBpbiB0aGlzIGdsb2JhbCB2YXJpYWJsZSwgc28gdGhhdCBzdWJzZXF1ZW50IGludm9jYXRpb25zIG9mIGEgaG90IGxhbWJkYVxuICogd2lsbCByZS11c2UgdGhpcy5cbiAqL1xubGV0IGNhY2hlZFRva2VuVmVyaWZpZXI6IFRva2VuVmVyaWZpZXIgfCB1bmRlZmluZWQgPSB1bmRlZmluZWRcblxuZnVuY3Rpb24gZ2V0VG9rZW5WZXJpZmllcigpOiBUb2tlblZlcmlmaWVyIHtcbiAgaWYgKGNhY2hlZFRva2VuVmVyaWZpZXIgPT09IHVuZGVmaW5lZCkge1xuICAgIGNhY2hlZFRva2VuVmVyaWZpZXIgPSBkZXBlbmRlbmNpZXMuY3JlYXRlVG9rZW5WZXJpZmllcigpXG4gIH1cbiAgcmV0dXJuIGNhY2hlZFRva2VuVmVyaWZpZXJcbn1cblxuLyoqIEZvciBvdmVycmlkaW5nIGRlcGVuZGVuY3kgY3JlYXRpb24gaW4gdGVzdHMuICovXG5leHBvcnQgY29uc3QgZGVwZW5kZW5jaWVzID0ge1xuICBjcmVhdGVUb2tlblZlcmlmaWVyOiAoKTogVG9rZW5WZXJpZmllciA9PiB7XG4gICAgY29uc3QgdXNlclBvb2xJZCA9IHByb2Nlc3MuZW52W1wiVVNFUl9QT09MX0lEXCJdXG4gICAgaWYgKCF1c2VyUG9vbElkKSB7XG4gICAgICBjb25zb2xlLmVycm9yKFwiVVNFUl9QT09MX0lEIGVudiB2YXJpYWJsZSBpcyBub3QgZGVmaW5lZFwiKVxuICAgICAgdGhyb3cgbmV3IEVycm9yKClcbiAgICB9XG5cbiAgICByZXR1cm4gQ29nbml0b0p3dFZlcmlmaWVyLmNyZWF0ZSh7XG4gICAgICB1c2VyUG9vbElkLFxuICAgICAgdG9rZW5Vc2U6IFwiYWNjZXNzXCIsXG4gICAgICBjbGllbnRJZDogbnVsbCxcbiAgICAgIHNjb3BlOiBwcm9jZXNzLmVudi5SRVFVSVJFRF9TQ09QRSB8fCB1bmRlZmluZWQsIC8vIGB8fCB1bmRlZmluZWRgIHRvIGRpc2NhcmQgZW1wdHkgc3RyaW5nXG4gICAgfSlcbiAgfSxcbiAgY3JlYXRlU2VjcmV0c01hbmFnZXI6ICgpID0+IG5ldyBTZWNyZXRzTWFuYWdlcigpLFxufVxuXG4vKiogQ2FjaGUgdGhpcyB2YWx1ZSwgc28gdGhhdCBzdWJzZXF1ZW50IGxhbWJkYSBpbnZvY2F0aW9ucyBkb24ndCBoYXZlIHRvIHJlZmV0Y2guICovXG5sZXQgY2FjaGVkSW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyOiBzdHJpbmcgfCB1bmRlZmluZWQgPSB1bmRlZmluZWRcblxuYXN5bmMgZnVuY3Rpb24gZ2V0SW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyKCk6IFByb21pc2U8c3RyaW5nIHwgdW5kZWZpbmVkPiB7XG4gIGlmIChjYWNoZWRJbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXIgPT09IHVuZGVmaW5lZCkge1xuICAgIGNvbnN0IHNlY3JldE5hbWU6IHN0cmluZyB8IHVuZGVmaW5lZCA9XG4gICAgICBwcm9jZXNzLmVudltcIkNSRURFTlRJQUxTX0ZPUl9JTlRFUk5BTF9BVVRIT1JJWkFUSU9OXCJdXG4gICAgaWYgKCFzZWNyZXROYW1lKSB7XG4gICAgICByZXR1cm4gdW5kZWZpbmVkXG4gICAgfVxuXG4gICAgY2FjaGVkSW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyID1cbiAgICAgIGF3YWl0IGdldFNlY3JldEFzQmFzaWNBdXRoSGVhZGVyKHNlY3JldE5hbWUpXG4gIH1cblxuICByZXR1cm4gY2FjaGVkSW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyXG59XG5cbmFzeW5jIGZ1bmN0aW9uIGdldFNlY3JldEFzQmFzaWNBdXRoSGVhZGVyKHNlY3JldE5hbWU6IHN0cmluZyk6IFByb21pc2U8c3RyaW5nPiB7XG4gIGNvbnN0IGNyZWRlbnRpYWxzID0gYXdhaXQgZ2V0U2VjcmV0VmFsdWUoc2VjcmV0TmFtZSlcbiAgaWYgKCFzZWNyZXRIYXNFeHBlY3RlZEZvcm1hdChjcmVkZW50aWFscykpIHtcbiAgICBjb25zb2xlLmVycm9yKFxuICAgICAgYEJhc2ljIGF1dGggY3JlZGVudGlhbHMgc2VjcmV0IGRpZCBub3QgZm9sbG93IGV4cGVjdGVkIGZvcm1hdCAoc2VjcmV0IG5hbWU6ICcke3NlY3JldE5hbWV9JylgLFxuICAgIClcbiAgICB0aHJvdyBuZXcgRXJyb3IoKVxuICB9XG5cbiAgcmV0dXJuIChcbiAgICBcIkJhc2ljIFwiICtcbiAgICBCdWZmZXIuZnJvbShgJHtjcmVkZW50aWFscy51c2VybmFtZX06JHtjcmVkZW50aWFscy5wYXNzd29yZH1gKS50b1N0cmluZyhcbiAgICAgIFwiYmFzZTY0XCIsXG4gICAgKVxuICApXG59XG5cbmFzeW5jIGZ1bmN0aW9uIGdldFNlY3JldFZhbHVlKHNlY3JldE5hbWU6IHN0cmluZyk6IFByb21pc2U8dW5rbm93bj4ge1xuICBjb25zdCBjbGllbnQgPSBkZXBlbmRlbmNpZXMuY3JlYXRlU2VjcmV0c01hbmFnZXIoKVxuICBjb25zdCBzZWNyZXQgPSBhd2FpdCBjbGllbnQuZ2V0U2VjcmV0VmFsdWUoeyBTZWNyZXRJZDogc2VjcmV0TmFtZSB9KVxuXG4gIGlmICghc2VjcmV0LlNlY3JldFN0cmluZykge1xuICAgIGNvbnNvbGUuZXJyb3IoYFNlY3JldCB2YWx1ZSBub3QgZm91bmQgZm9yICcke3NlY3JldE5hbWV9J2ApXG4gICAgdGhyb3cgbmV3IEVycm9yKClcbiAgfVxuXG4gIHJldHVybiBKU09OLnBhcnNlKHNlY3JldC5TZWNyZXRTdHJpbmcpXG59XG5cbmZ1bmN0aW9uIHNlY3JldEhhc0V4cGVjdGVkRm9ybWF0KFxuICB2YWx1ZTogdW5rbm93bixcbik6IHZhbHVlIGlzIHsgdXNlcm5hbWU6IHN0cmluZzsgcGFzc3dvcmQ6IHN0cmluZyB9IHtcbiAgcmV0dXJuIChcbiAgICB0eXBlb2YgdmFsdWUgPT09IFwib2JqZWN0XCIgJiZcbiAgICB2YWx1ZSAhPT0gbnVsbCAmJlxuICAgIFwidXNlcm5hbWVcIiBpbiB2YWx1ZSAmJlxuICAgIHR5cGVvZiB2YWx1ZS51c2VybmFtZSA9PT0gXCJzdHJpbmdcIiAmJlxuICAgIFwicGFzc3dvcmRcIiBpbiB2YWx1ZSAmJlxuICAgIHR5cGVvZiB2YWx1ZS5wYXNzd29yZCA9PT0gXCJzdHJpbmdcIlxuICApXG59XG4iXX0=
|
|
129
|
+
export function clearCache() {
|
|
130
|
+
cachedTokenVerifier = undefined;
|
|
131
|
+
cachedInternalAuthorizationHeader = undefined;
|
|
132
|
+
}
|
|
133
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0by11c2VyLXBvb2wtYXV0aG9yaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hcGktZ2F0ZXdheS9hdXRob3JpemVyLWxhbWJkYXMvY29nbml0by11c2VyLXBvb2wtYXV0aG9yaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7Ozs7Ozs7R0FXRztBQU1ILE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQTtBQUNoRSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQTtBQTRCbkQsTUFBTSxDQUFDLE1BQU0sT0FBTyxHQUFHLEtBQUssRUFDMUIsS0FBeUMsRUFDZCxFQUFFO0lBQzdCLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxPQUFPLEVBQUUsYUFBYSxDQUFBO0lBQy9DLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDckQsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQTtJQUNoQyxDQUFDO0lBRUQsTUFBTSxNQUFNLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUEsQ0FBQyxrQ0FBa0M7SUFDbEcsUUFBUSxNQUFNLEVBQUUsQ0FBQztRQUNmLEtBQUssU0FBUztZQUNaLE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLENBQUE7UUFDaEMsS0FBSyxTQUFTO1lBQ1osd0ZBQXdGO1lBQ3hGLHFGQUFxRjtZQUNyRix5RkFBeUY7WUFDekYscUVBQXFFO1lBQ3JFLE1BQU0sSUFBSSxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUE7UUFDakMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNSLE9BQU87Z0JBQ0wsWUFBWSxFQUFFLElBQUk7Z0JBQ2xCLE9BQU8sRUFBRTtvQkFDUCxRQUFRLEVBQUUsTUFBTSxDQUFDLFNBQVM7b0JBQzFCLDJCQUEyQixFQUFFLE1BQU0sOEJBQThCLEVBQUU7aUJBQ3BFO2FBQ0YsQ0FBQTtRQUNILENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQyxDQUFBO0FBRUQsNERBQTREO0FBQzVELEtBQUssVUFBVSxpQkFBaUIsQ0FDOUIsS0FBYTtJQUViLElBQUksQ0FBQztRQUNILE1BQU0sYUFBYSxHQUFHLGdCQUFnQixFQUFFLENBQUE7UUFDeEMsNkZBQTZGO1FBQzdGLGdCQUFnQjtRQUNoQixPQUFPLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUMxQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLDREQUE0RDtRQUM1RCwwR0FBMEc7UUFDMUcsOEZBQThGO1FBQzlGLGNBQWM7UUFDZCxJQUFJLENBQUMsWUFBWSxLQUFLLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsZUFBZSxDQUFDLEVBQUUsQ0FBQztZQUMvRCxPQUFPLFNBQVMsQ0FBQTtRQUNsQixDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQztBQU1EOzs7R0FHRztBQUNILElBQUksbUJBQW1CLEdBQThCLFNBQVMsQ0FBQTtBQUU5RCxTQUFTLGdCQUFnQjtJQUN2QixJQUFJLG1CQUFtQixLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3RDLG1CQUFtQixHQUFHLFlBQVksQ0FBQyxtQkFBbUIsRUFBRSxDQUFBO0lBQzFELENBQUM7SUFDRCxPQUFPLG1CQUFtQixDQUFBO0FBQzVCLENBQUM7QUFFRCxtREFBbUQ7QUFDbkQsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHO0lBQzFCLG1CQUFtQixFQUFFLEdBQWtCLEVBQUU7UUFDdkMsTUFBTSxVQUFVLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQTtRQUM5QyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsT0FBTyxDQUFDLEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxDQUFBO1lBQ3pELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtRQUNuQixDQUFDO1FBRUQsT0FBTyxrQkFBa0IsQ0FBQyxNQUFNLENBQUM7WUFDL0IsVUFBVTtZQUNWLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLFFBQVEsRUFBRSxJQUFJO1lBQ2QsS0FBSyxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxJQUFJLFNBQVMsRUFBRSx5Q0FBeUM7U0FDMUYsQ0FBQyxDQUFBO0lBQ0osQ0FBQztJQUNELG9CQUFvQixFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksY0FBYyxFQUFFO0NBQ2pELENBQUE7QUFFRCxxRkFBcUY7QUFDckYsSUFBSSxpQ0FBaUMsR0FBdUIsU0FBUyxDQUFBO0FBRXJFLEtBQUssVUFBVSw4QkFBOEI7SUFDM0MsSUFBSSxpQ0FBaUMsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUNwRCxNQUFNLFVBQVUsR0FDZCxPQUFPLENBQUMsR0FBRyxDQUFDLHdDQUF3QyxDQUFDLENBQUE7UUFDdkQsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7UUFFRCxpQ0FBaUM7WUFDL0IsTUFBTSwwQkFBMEIsQ0FBQyxVQUFVLENBQUMsQ0FBQTtJQUNoRCxDQUFDO0lBRUQsT0FBTyxpQ0FBaUMsQ0FBQTtBQUMxQyxDQUFDO0FBRUQsS0FBSyxVQUFVLDBCQUEwQixDQUFDLFVBQWtCO0lBQzFELE1BQU0sV0FBVyxHQUFHLE1BQU0sY0FBYyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBQ3BELElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQzFDLE9BQU8sQ0FBQyxLQUFLLENBQ1gsK0VBQStFLFVBQVUsSUFBSSxDQUM5RixDQUFBO1FBQ0QsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO0lBQ25CLENBQUM7SUFFRCxPQUFPLENBQ0wsUUFBUTtRQUNSLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxXQUFXLENBQUMsUUFBUSxJQUFJLFdBQVcsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FDckUsUUFBUSxDQUNULENBQ0YsQ0FBQTtBQUNILENBQUM7QUFFRCxLQUFLLFVBQVUsY0FBYyxDQUFDLFVBQWtCO0lBQzlDLE1BQU0sTUFBTSxHQUFHLFlBQVksQ0FBQyxvQkFBb0IsRUFBRSxDQUFBO0lBQ2xELE1BQU0sTUFBTSxHQUFHLE1BQU0sTUFBTSxDQUFDLGNBQWMsQ0FBQyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFBO0lBRXBFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDekIsT0FBTyxDQUFDLEtBQUssQ0FBQywrQkFBK0IsVUFBVSxHQUFHLENBQUMsQ0FBQTtRQUMzRCxNQUFNLElBQUksS0FBSyxFQUFFLENBQUE7SUFDbkIsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUE7QUFDeEMsQ0FBQztBQUVELFNBQVMsdUJBQXVCLENBQzlCLEtBQWM7SUFFZCxPQUFPLENBQ0wsT0FBTyxLQUFLLEtBQUssUUFBUTtRQUN6QixLQUFLLEtBQUssSUFBSTtRQUNkLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRO1FBQ2xDLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRLENBQ25DLENBQUE7QUFDSCxDQUFDO0FBRUQsTUFBTSxVQUFVLFVBQVU7SUFDeEIsbUJBQW1CLEdBQUcsU0FBUyxDQUFBO0lBQy9CLGlDQUFpQyxHQUFHLFNBQVMsQ0FBQTtBQUMvQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBUaGlzIGxhbWJkYSB2ZXJpZmllcyBhY2Nlc3MgdG9rZW4gaW4gQmVhcmVyIGF1dGhvcml6YXRpb24gaGVhZGVyIHVzaW5nIENvZ25pdG8uXG4gKlxuICogRXhwZWN0cyB0aGUgZm9sbG93aW5nIGVudmlyb25tZW50IHZhcmlhYmxlczpcbiAqIC0gVVNFUl9QT09MX0lEXG4gKiAtIFJFUVVJUkVEX1NDT1BFIChvcHRpb25hbClcbiAqICAgLSBTZXQgdGhpcyB0byByZXF1aXJlIHRoYXQgdGhlIGFjY2VzcyB0b2tlbiBwYXlsb2FkIGNvbnRhaW5zIHRoZSBnaXZlbiBzY29wZVxuICogLSBDUkVERU5USUFMU19GT1JfSU5URVJOQUxfQVVUSE9SSVpBVElPTiAob3B0aW9uYWwpXG4gKiAgIC0gU2VjcmV0IG5hbWUgZnJvbSB3aGljaCB0byBnZXQgYmFzaWMgYXV0aCBjcmVkZW50aWFscyB0aGF0IHNob3VsZCBiZSBmb3J3YXJkZWQgdG8gYmFja2VuZFxuICogICAgIGludGVncmF0aW9uIGlmIGF1dGhlbnRpY2F0aW9uIHN1Y2NlZWRzXG4gKiAgIC0gU2VjcmV0IHZhbHVlIHNob3VsZCBmb2xsb3cgdGhpcyBmb3JtYXQ6IGB7XCJ1c2VybmFtZVwiOlwiPHVzZXJuYW1lPlwiLFwicGFzc3dvcmRcIjpcIjxwYXNzd29yZD5cIn1gXG4gKi9cblxuaW1wb3J0IHR5cGUge1xuICBBUElHYXRld2F5UmVxdWVzdEF1dGhvcml6ZXJFdmVudFYyLFxuICBBUElHYXRld2F5U2ltcGxlQXV0aG9yaXplclJlc3VsdCxcbn0gZnJvbSBcImF3cy1sYW1iZGFcIlxuaW1wb3J0IHsgU2VjcmV0c01hbmFnZXIgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXNlY3JldHMtbWFuYWdlclwiXG5pbXBvcnQgeyBDb2duaXRvSnd0VmVyaWZpZXIgfSBmcm9tIFwiYXdzLWp3dC12ZXJpZnlcIlxuaW1wb3J0IHR5cGUgeyBDb2duaXRvQWNjZXNzVG9rZW5QYXlsb2FkIH0gZnJvbSBcImF3cy1qd3QtdmVyaWZ5L2p3dC1tb2RlbFwiXG5cbnR5cGUgQXV0aG9yaXplclJlc3VsdCA9IEFQSUdhdGV3YXlTaW1wbGVBdXRob3JpemVyUmVzdWx0ICYge1xuICAvKipcbiAgICogUmV0dXJuaW5nIGEgY29udGV4dCBvYmplY3QgZnJvbSBvdXIgYXV0aG9yaXplciBhbGxvd3Mgb3VyIEFQSSBHYXRld2F5IHRvIGFjY2VzcyB0aGVzZSB2YXJpYWJsZXNcbiAgICogdmlhIGAke2NvbnRleHQuYXV0aG9yaXplci48cHJvcGVydHk+fWAuXG4gICAqIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9hcGlnYXRld2F5L2xhdGVzdC9kZXZlbG9wZXJndWlkZS9odHRwLWFwaS1wYXJhbWV0ZXItbWFwcGluZy5odG1sXG4gICAqL1xuICBjb250ZXh0Pzoge1xuICAgIC8qKlxuICAgICAqIElmIHRoZSB0b2tlbiBpcyB2ZXJpZmllZCwgd2UgcmV0dXJuIHRoZSBhdXRoIGNsaWVudCBJRCBmcm9tIHRoZSB0b2tlbidzIGNsYWltcyBhcyBhIGNvbnRleHRcbiAgICAgKiB2YXJpYWJsZSAobmFtZWQgYGF1dGhvcml6ZXIuY2xpZW50SWRgKS4gV2UgdXNlIHRoaXMgdG8gaW5jbHVkZSB0aGUgcmVxdWVzdGluZyBjbGllbnQgaW4gdGhlXG4gICAgICogQVBJIEdhdGV3YXkgYWNjZXNzIGxvZ3MgKHNlZSBgZGVmYXVsdEFjY2Vzc0xvZ0Zvcm1hdGAgaW4gb3VyIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QpLiBZb3UgY2FuXG4gICAgICogYWxzbyB1c2UgdGhpcyB3aGVuIG1hcHBpbmcgcGFyYW1ldGVycyB0byB0aGUgYmFja2VuZCBpbnRlZ3JhdGlvbiAoc2VlXG4gICAgICogYEFsYkludGVncmF0aW9uUHJvcHMubWFwUGFyYW1ldGVyc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QpLlxuICAgICAqL1xuICAgIGNsaWVudElkOiBzdHJpbmdcbiAgICAvKipcbiAgICAgKiBJZiBgQ1JFREVOVElBTFNfRk9SX0lOVEVSTkFMX0FVVEhPUklaQVRJT05gIGlzIHByb3ZpZGVkLCB3ZSB3YW50IHRvIGZvcndhcmQgYmFzaWMgYXV0aFxuICAgICAqIGNyZWRlbnRpYWxzIHRvIG91ciBiYWNrZW5kLCBhcyBhbiBhZGRpdGlvbmFsIGF1dGhlbnRpY2F0aW9uIGxheWVyLiBTZWUgdGhlIGRvY3N0cmluZyBvblxuICAgICAqIGBDb2duaXRvVXNlclBvb2xBdXRob3JpemVyUHJvcHMuYmFzaWNBdXRoRm9ySW50ZXJuYWxBdXRob3JpemF0aW9uYCBpbiB0aGUgYEFwaUdhdGV3YXlgXG4gICAgICogY29uc3RydWN0IGZvciBtb3JlIG9uIHRoaXMuXG4gICAgICovXG4gICAgaW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyPzogc3RyaW5nXG4gIH1cbn1cblxuZXhwb3J0IGNvbnN0IGhhbmRsZXIgPSBhc3luYyAoXG4gIGV2ZW50OiBBUElHYXRld2F5UmVxdWVzdEF1dGhvcml6ZXJFdmVudFYyLFxuKTogUHJvbWlzZTxBdXRob3JpemVyUmVzdWx0PiA9PiB7XG4gIGNvbnN0IGF1dGhIZWFkZXIgPSBldmVudC5oZWFkZXJzPy5hdXRob3JpemF0aW9uXG4gIGlmICghYXV0aEhlYWRlciB8fCAhYXV0aEhlYWRlci5zdGFydHNXaXRoKFwiQmVhcmVyIFwiKSkge1xuICAgIHJldHVybiB7IGlzQXV0aG9yaXplZDogZmFsc2UgfVxuICB9XG5cbiAgY29uc3QgcmVzdWx0ID0gYXdhaXQgdmVyaWZ5QWNjZXNzVG9rZW4oYXV0aEhlYWRlci5zdWJzdHJpbmcoNykpIC8vIHN1YnN0cmluZyg3KSA9PSBhZnRlciAnQmVhcmVyICdcbiAgc3dpdGNoIChyZXN1bHQpIHtcbiAgICBjYXNlIFwiSU5WQUxJRFwiOlxuICAgICAgcmV0dXJuIHsgaXNBdXRob3JpemVkOiBmYWxzZSB9XG4gICAgY2FzZSBcIkVYUElSRURcIjpcbiAgICAgIC8vIFdlIHdhbnQgdG8gcmV0dXJuIDQwMSBVbmF1dGhvcml6ZWQgZm9yIGV4cGlyZWQgdG9rZW5zLCBzbyB0aGUgY2xpZW50IGtub3dzIHRvIHJlZnJlc2hcbiAgICAgIC8vIHRoZWlyIHRva2VuIHdoZW4gcmVjZWl2aW5nIHRoaXMgc3RhdHVzIGNvZGUuIEFQSSBHYXRld2F5IGF1dGhvcml6ZXIgbGFtYmRhcyByZXR1cm5cbiAgICAgIC8vIDQwMyBGb3JiaWRkZW4gZm9yIHtpc0F1dGhvcml6ZWQ6IGZhbHNlfSwgYnV0IHRoZXJlIGlzIGEgd2F5IHRvIHJldHVybiA0MDE6IHRocm93aW5nIGFuXG4gICAgICAvLyBlcnJvciB3aXRoIHRoaXMgZXhhY3Qgc3RyaW5nLiBodHRwczovL3N0YWNrb3ZlcmZsb3cuY29tL2EvNzE5NjU4OTBcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIlVuYXV0aG9yaXplZFwiKVxuICAgIGRlZmF1bHQ6IHtcbiAgICAgIHJldHVybiB7XG4gICAgICAgIGlzQXV0aG9yaXplZDogdHJ1ZSxcbiAgICAgICAgY29udGV4dDoge1xuICAgICAgICAgIGNsaWVudElkOiByZXN1bHQuY2xpZW50X2lkLFxuICAgICAgICAgIGludGVybmFsQXV0aG9yaXphdGlvbkhlYWRlcjogYXdhaXQgZ2V0SW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyKCksXG4gICAgICAgIH0sXG4gICAgICB9XG4gICAgfVxuICB9XG59XG5cbi8qKiBEZWNvZGVzIGFuZCB2ZXJpZmllcyB0aGUgZ2l2ZW4gdG9rZW4gYWdhaW5zdCBDb2duaXRvLiAqL1xuYXN5bmMgZnVuY3Rpb24gdmVyaWZ5QWNjZXNzVG9rZW4oXG4gIHRva2VuOiBzdHJpbmcsXG4pOiBQcm9taXNlPENvZ25pdG9BY2Nlc3NUb2tlblBheWxvYWQgfCBcIkVYUElSRURcIiB8IFwiSU5WQUxJRFwiPiB7XG4gIHRyeSB7XG4gICAgY29uc3QgdG9rZW5WZXJpZmllciA9IGdldFRva2VuVmVyaWZpZXIoKVxuICAgIC8vIE11c3QgYXdhaXQgaGVyZSBpbnN0ZWFkIG9mIHJldHVybmluZyB0aGUgcHJvbWlzZSBkaXJlY3RseSwgc28gdGhhdCBlcnJvcnMgY2FuIGJlIGNhdWdodCBpblxuICAgIC8vIHRoaXMgZnVuY3Rpb25cbiAgICByZXR1cm4gYXdhaXQgdG9rZW5WZXJpZmllci52ZXJpZnkodG9rZW4pXG4gIH0gY2F0Y2ggKGUpIHtcbiAgICAvLyBJZiB0aGUgSldUIGhhcyBleHBpcmVkLCBhd3Mtand0LXZlcmlmeSB0aHJvd3MgdGhpcyBlcnJvcjpcbiAgICAvLyBodHRwczovL2dpdGh1Yi5jb20vYXdzbGFicy9hd3Mtand0LXZlcmlmeS9ibG9iLzhkOGY3MTRkNzI4MTkxM2VjZDY2MDE0N2Y1YzMwMzExNDc5NjAxYzEvc3JjL2p3dC50cyNMMTk3XG4gICAgLy8gV2UgY2FuJ3QgY2hlY2sgaW5zdGFuY2VvZiBvbiB0aGF0IGVycm9yIGNsYXNzLCBzaW5jZSBpdCdzIG5vdCBleHBvcnRlZCwgc28gdGhpcyBpcyB0aGUgbmV4dFxuICAgIC8vIGJlc3QgdGhpbmcuXG4gICAgaWYgKGUgaW5zdGFuY2VvZiBFcnJvciAmJiBlLm1lc3NhZ2U/LmluY2x1ZGVzKFwiVG9rZW4gZXhwaXJlZFwiKSkge1xuICAgICAgcmV0dXJuIFwiRVhQSVJFRFwiXG4gICAgfSBlbHNlIHtcbiAgICAgIHJldHVybiBcIklOVkFMSURcIlxuICAgIH1cbiAgfVxufVxuXG5leHBvcnQgdHlwZSBUb2tlblZlcmlmaWVyID0ge1xuICB2ZXJpZnk6IChhY2Nlc3NUb2tlbjogc3RyaW5nKSA9PiBQcm9taXNlPENvZ25pdG9BY2Nlc3NUb2tlblBheWxvYWQ+XG59XG5cbi8qKlxuICogV2UgY2FjaGUgdGhlIHZlcmlmaWVyIGluIHRoaXMgZ2xvYmFsIHZhcmlhYmxlLCBzbyB0aGF0IHN1YnNlcXVlbnQgaW52b2NhdGlvbnMgb2YgYSBob3QgbGFtYmRhXG4gKiB3aWxsIHJlLXVzZSB0aGlzLlxuICovXG5sZXQgY2FjaGVkVG9rZW5WZXJpZmllcjogVG9rZW5WZXJpZmllciB8IHVuZGVmaW5lZCA9IHVuZGVmaW5lZFxuXG5mdW5jdGlvbiBnZXRUb2tlblZlcmlmaWVyKCk6IFRva2VuVmVyaWZpZXIge1xuICBpZiAoY2FjaGVkVG9rZW5WZXJpZmllciA9PT0gdW5kZWZpbmVkKSB7XG4gICAgY2FjaGVkVG9rZW5WZXJpZmllciA9IGRlcGVuZGVuY2llcy5jcmVhdGVUb2tlblZlcmlmaWVyKClcbiAgfVxuICByZXR1cm4gY2FjaGVkVG9rZW5WZXJpZmllclxufVxuXG4vKiogRm9yIG92ZXJyaWRpbmcgZGVwZW5kZW5jeSBjcmVhdGlvbiBpbiB0ZXN0cy4gKi9cbmV4cG9ydCBjb25zdCBkZXBlbmRlbmNpZXMgPSB7XG4gIGNyZWF0ZVRva2VuVmVyaWZpZXI6ICgpOiBUb2tlblZlcmlmaWVyID0+IHtcbiAgICBjb25zdCB1c2VyUG9vbElkID0gcHJvY2Vzcy5lbnZbXCJVU0VSX1BPT0xfSURcIl1cbiAgICBpZiAoIXVzZXJQb29sSWQpIHtcbiAgICAgIGNvbnNvbGUuZXJyb3IoXCJVU0VSX1BPT0xfSUQgZW52IHZhcmlhYmxlIGlzIG5vdCBkZWZpbmVkXCIpXG4gICAgICB0aHJvdyBuZXcgRXJyb3IoKVxuICAgIH1cblxuICAgIHJldHVybiBDb2duaXRvSnd0VmVyaWZpZXIuY3JlYXRlKHtcbiAgICAgIHVzZXJQb29sSWQsXG4gICAgICB0b2tlblVzZTogXCJhY2Nlc3NcIixcbiAgICAgIGNsaWVudElkOiBudWxsLFxuICAgICAgc2NvcGU6IHByb2Nlc3MuZW52LlJFUVVJUkVEX1NDT1BFIHx8IHVuZGVmaW5lZCwgLy8gYHx8IHVuZGVmaW5lZGAgdG8gZGlzY2FyZCBlbXB0eSBzdHJpbmdcbiAgICB9KVxuICB9LFxuICBjcmVhdGVTZWNyZXRzTWFuYWdlcjogKCkgPT4gbmV3IFNlY3JldHNNYW5hZ2VyKCksXG59XG5cbi8qKiBDYWNoZSB0aGlzIHZhbHVlLCBzbyB0aGF0IHN1YnNlcXVlbnQgbGFtYmRhIGludm9jYXRpb25zIGRvbid0IGhhdmUgdG8gcmVmZXRjaC4gKi9cbmxldCBjYWNoZWRJbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXI6IHN0cmluZyB8IHVuZGVmaW5lZCA9IHVuZGVmaW5lZFxuXG5hc3luYyBmdW5jdGlvbiBnZXRJbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXIoKTogUHJvbWlzZTxzdHJpbmcgfCB1bmRlZmluZWQ+IHtcbiAgaWYgKGNhY2hlZEludGVybmFsQXV0aG9yaXphdGlvbkhlYWRlciA9PT0gdW5kZWZpbmVkKSB7XG4gICAgY29uc3Qgc2VjcmV0TmFtZTogc3RyaW5nIHwgdW5kZWZpbmVkID1cbiAgICAgIHByb2Nlc3MuZW52W1wiQ1JFREVOVElBTFNfRk9SX0lOVEVSTkFMX0FVVEhPUklaQVRJT05cIl1cbiAgICBpZiAoIXNlY3JldE5hbWUpIHtcbiAgICAgIHJldHVybiB1bmRlZmluZWRcbiAgICB9XG5cbiAgICBjYWNoZWRJbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXIgPVxuICAgICAgYXdhaXQgZ2V0U2VjcmV0QXNCYXNpY0F1dGhIZWFkZXIoc2VjcmV0TmFtZSlcbiAgfVxuXG4gIHJldHVybiBjYWNoZWRJbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXJcbn1cblxuYXN5bmMgZnVuY3Rpb24gZ2V0U2VjcmV0QXNCYXNpY0F1dGhIZWFkZXIoc2VjcmV0TmFtZTogc3RyaW5nKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgY29uc3QgY3JlZGVudGlhbHMgPSBhd2FpdCBnZXRTZWNyZXRWYWx1ZShzZWNyZXROYW1lKVxuICBpZiAoIXNlY3JldEhhc0V4cGVjdGVkRm9ybWF0KGNyZWRlbnRpYWxzKSkge1xuICAgIGNvbnNvbGUuZXJyb3IoXG4gICAgICBgQmFzaWMgYXV0aCBjcmVkZW50aWFscyBzZWNyZXQgZGlkIG5vdCBmb2xsb3cgZXhwZWN0ZWQgZm9ybWF0IChzZWNyZXQgbmFtZTogJyR7c2VjcmV0TmFtZX0nKWAsXG4gICAgKVxuICAgIHRocm93IG5ldyBFcnJvcigpXG4gIH1cblxuICByZXR1cm4gKFxuICAgIFwiQmFzaWMgXCIgK1xuICAgIEJ1ZmZlci5mcm9tKGAke2NyZWRlbnRpYWxzLnVzZXJuYW1lfToke2NyZWRlbnRpYWxzLnBhc3N3b3JkfWApLnRvU3RyaW5nKFxuICAgICAgXCJiYXNlNjRcIixcbiAgICApXG4gIClcbn1cblxuYXN5bmMgZnVuY3Rpb24gZ2V0U2VjcmV0VmFsdWUoc2VjcmV0TmFtZTogc3RyaW5nKTogUHJvbWlzZTx1bmtub3duPiB7XG4gIGNvbnN0IGNsaWVudCA9IGRlcGVuZGVuY2llcy5jcmVhdGVTZWNyZXRzTWFuYWdlcigpXG4gIGNvbnN0IHNlY3JldCA9IGF3YWl0IGNsaWVudC5nZXRTZWNyZXRWYWx1ZSh7IFNlY3JldElkOiBzZWNyZXROYW1lIH0pXG5cbiAgaWYgKCFzZWNyZXQuU2VjcmV0U3RyaW5nKSB7XG4gICAgY29uc29sZS5lcnJvcihgU2VjcmV0IHZhbHVlIG5vdCBmb3VuZCBmb3IgJyR7c2VjcmV0TmFtZX0nYClcbiAgICB0aHJvdyBuZXcgRXJyb3IoKVxuICB9XG5cbiAgcmV0dXJuIEpTT04ucGFyc2Uoc2VjcmV0LlNlY3JldFN0cmluZylcbn1cblxuZnVuY3Rpb24gc2VjcmV0SGFzRXhwZWN0ZWRGb3JtYXQoXG4gIHZhbHVlOiB1bmtub3duLFxuKTogdmFsdWUgaXMgeyB1c2VybmFtZTogc3RyaW5nOyBwYXNzd29yZDogc3RyaW5nIH0ge1xuICByZXR1cm4gKFxuICAgIHR5cGVvZiB2YWx1ZSA9PT0gXCJvYmplY3RcIiAmJlxuICAgIHZhbHVlICE9PSBudWxsICYmXG4gICAgXCJ1c2VybmFtZVwiIGluIHZhbHVlICYmXG4gICAgdHlwZW9mIHZhbHVlLnVzZXJuYW1lID09PSBcInN0cmluZ1wiICYmXG4gICAgXCJwYXNzd29yZFwiIGluIHZhbHVlICYmXG4gICAgdHlwZW9mIHZhbHVlLnBhc3N3b3JkID09PSBcInN0cmluZ1wiXG4gIClcbn1cblxuZXhwb3J0IGZ1bmN0aW9uIGNsZWFyQ2FjaGUoKSB7XG4gIGNhY2hlZFRva2VuVmVyaWZpZXIgPSB1bmRlZmluZWRcbiAgY2FjaGVkSW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyID0gdW5kZWZpbmVkXG59XG4iXX0=
|
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* This lambda verifies credentials:
|
|
3
|
-
* - Against Cognito user pool if request uses Bearer
|
|
3
|
+
* - Against Cognito user pool if request uses access token in Bearer authorization header
|
|
4
4
|
* - Against credentials saved in Secret Manager if request uses basic auth (and if secret exists)
|
|
5
5
|
*
|
|
6
6
|
* Expects the following environment variables
|
|
7
7
|
* - USER_POOL_ID
|
|
8
8
|
* - BASIC_AUTH_CREDENTIALS_SECRET_NAME (optional)
|
|
9
|
-
* - Secret value should follow this format: `{"username":"<username>","password":"<password>"}
|
|
9
|
+
* - Secret value should follow this format: `{"username":"<username>","password":"<password>"}`.
|
|
10
|
+
* A different format with an array of pre-encoded credentials is also supported - see docs for
|
|
11
|
+
* the `CognitoUserPoolOrBasicAuthAuthorizerProps` on the `ApiGateway` construct.
|
|
10
12
|
* - REQUIRED_SCOPE (optional)
|
|
11
|
-
* - Set this to require that the
|
|
13
|
+
* - Set this to require that the access token payload contains the given scope
|
|
12
14
|
*/
|
|
13
15
|
import type { APIGatewayRequestAuthorizerEventV2, APIGatewaySimpleAuthorizerResult } from "aws-lambda";
|
|
14
16
|
import { SecretsManager } from "@aws-sdk/client-secrets-manager";
|
|
@@ -17,18 +19,27 @@ type AuthorizerResult = APIGatewaySimpleAuthorizerResult & {
|
|
|
17
19
|
/**
|
|
18
20
|
* Returning a context object from our authorizer allows our API Gateway to access these variables
|
|
19
21
|
* via `${context.authorizer.<property>}`.
|
|
20
|
-
* https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-
|
|
22
|
+
* https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html
|
|
21
23
|
*/
|
|
22
24
|
context?: {
|
|
23
25
|
/**
|
|
24
|
-
* If the token
|
|
25
|
-
* variable (named `authorizer.clientId`).
|
|
26
|
-
*
|
|
27
|
-
*
|
|
26
|
+
* If the request used an access token, and the token was verified, we return the auth client ID
|
|
27
|
+
* from the token's claims in this context variable (named `authorizer.clientId`). We use this
|
|
28
|
+
* to include the requesting client in the API Gateway access logs (see `defaultAccessLogFormat`
|
|
29
|
+
* in our `ApiGateway` construct). You can also use this when mapping parameters to the backend
|
|
30
|
+
* integration (see `AlbIntegrationProps.mapParameters` on the `ApiGateway` construct).
|
|
28
31
|
*/
|
|
29
|
-
clientId
|
|
32
|
+
clientId?: string;
|
|
30
33
|
/**
|
|
31
|
-
*
|
|
34
|
+
* If the request used Basic Auth, and the credentials were verified, we return the username
|
|
35
|
+
* that was used in this context variable (named `authorizer.username`). We use this to include
|
|
36
|
+
* the requesting user in the API Gateway access logs (see `defaultAccessLogFormat` in our
|
|
37
|
+
* `ApiGateway` construct). You can also use this when mapping parameters to the backend
|
|
38
|
+
* integration (see `AlbIntegrationProps.mapParameters` on the `ApiGateway` construct).
|
|
39
|
+
*/
|
|
40
|
+
username?: string;
|
|
41
|
+
/**
|
|
42
|
+
* See `CognitoUserPoolAuthorizerProps.basicAuthForInternalAuthorization` on the `ApiGateway`
|
|
32
43
|
* construct (we provide the same context variable here as in the Cognito User Pool authorizer,
|
|
33
44
|
* using the credentials from BASIC_AUTH_CREDENTIALS_SECRET_NAME).
|
|
34
45
|
*/
|
|
@@ -44,4 +55,5 @@ export declare const dependencies: {
|
|
|
44
55
|
createTokenVerifier: () => TokenVerifier;
|
|
45
56
|
createSecretsManager: () => SecretsManager;
|
|
46
57
|
};
|
|
58
|
+
export declare function clearCache(): void;
|
|
47
59
|
export {};
|