npm - @liflig/cdk - Versions diffs - 3.2.0 → 3.4.0 - Mend

@liflig/cdk 3.2.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/lib/api-gateway/authorizer-lambdas/basic-auth-authorizer.d.ts CHANGED Viewed

@@ -1,18 +1,35 @@
 /**
- * This lambda verifies authorization header against static basic auth credentials saved in Secret
+ * This lambda verifies authorization header against static basic auth credentials saved in Secrets
  * Manager.
  *
  * Expects the following environment variables:
  * - CREDENTIALS_SECRET_NAME
- *   - Secret value should follow this format: `{"username":"<username>","password":"<password>"}`.
- *     A different format with an array of pre-encoded credentials is also supported - see docs for
- *     the `BasicAuthAuthorizerProps` on the `ApiGateway` construct.
+ *   - Name of secret in AWS Secrets Manager that stores basic auth credentials. See
+ *     `BasicAuthAuthorizerProps` on the `ApiGateway` construct for the supported formats.
  */
 import type { APIGatewayRequestAuthorizerEventV2, APIGatewaySimpleAuthorizerResult } from "aws-lambda";
 import { SecretsManager } from "@aws-sdk/client-secrets-manager";
-export declare const handler: (event: APIGatewayRequestAuthorizerEventV2) => Promise<APIGatewaySimpleAuthorizerResult>;
+type AuthorizerResult = APIGatewaySimpleAuthorizerResult & {
+    /**
+     * Returning a context object from our authorizer allows our API Gateway to access these variables
+     * via `${context.authorizer.<property>}`.
+     * https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html
+     */
+    context?: {
+        /**
+         * If the request's credentials are verified, we return the username that was used in this
+         * context variable (named `authorizer.username`). We use this to include the requesting user in
+         * the API Gateway access logs (see `defaultAccessLogFormat` in our `ApiGateway` construct). You
+         * can also use this when mapping parameters to the backend integration (see
+         * `AlbIntegrationProps.mapParameters` on the `ApiGateway` construct).
+         */
+        username: string;
+    };
+};
+export declare const handler: (event: APIGatewayRequestAuthorizerEventV2) => Promise<AuthorizerResult>;
 /** For overriding dependency creation in tests. */
 export declare const dependencies: {
     createSecretsManager: () => SecretsManager;
 };
 export declare function clearCache(): void;
+export {};

package/lib/api-gateway/authorizer-lambdas/basic-auth-authorizer.js CHANGED Viewed

@@ -1,12 +1,11 @@
 /**
- * This lambda verifies authorization header against static basic auth credentials saved in Secret
+ * This lambda verifies authorization header against static basic auth credentials saved in Secrets
  * Manager.
  *
  * Expects the following environment variables:
  * - CREDENTIALS_SECRET_NAME
- *   - Secret value should follow this format: `{"username":"<username>","password":"<password>"}`.
- *     A different format with an array of pre-encoded credentials is also supported - see docs for
- *     the `BasicAuthAuthorizerProps` on the `ApiGateway` construct.
+ *   - Name of secret in AWS Secrets Manager that stores basic auth credentials. See
+ *     `BasicAuthAuthorizerProps` on the `ApiGateway` construct for the supported formats.
  */
 import { SecretsManager } from "@aws-sdk/client-secrets-manager";
 export const handler = async (event) => {
@@ -14,37 +13,40 @@ export const handler = async (event) => {
     if (!authHeader || !authHeader.startsWith("Basic ")) {
         return { isAuthorized: false };
     }
-    const expectedAuthHeaders = await getExpectedBasicAuthHeaders();
-    for (const expectedHeader of expectedAuthHeaders) {
-        if (authHeader === expectedHeader) {
-            return { isAuthorized: true };
+    const expectedCredentials = await getExpectedBasicAuthCredentials();
+    for (const expected of expectedCredentials) {
+        if (authHeader === expected.basicAuthHeader) {
+            return {
+                isAuthorized: true,
+                context: {
+                    username: expected.username,
+                },
+            };
         }
     }
     return { isAuthorized: false };
 };
 /** Cache this value, so that subsequent lambda invocations don't have to refetch. */
-let cachedBasicAuthHeaders = undefined;
+let cachedBasicAuthCredentials = undefined;
 /**
- * Returns an array of allowed basic auth headers, to support credential secrets with multiple
- * values (see `BasicAuthAuthorizerProps` on the `ApiGateway` construct for more on this).
+ * Returns an array, to support credential secrets with multiple values (see
+ * `BasicAuthAuthorizerProps` on the `ApiGateway` construct for more on this).
  */
-async function getExpectedBasicAuthHeaders() {
-    if (cachedBasicAuthHeaders === undefined) {
+async function getExpectedBasicAuthCredentials() {
+    if (cachedBasicAuthCredentials === undefined) {
         const secretName = process.env["CREDENTIALS_SECRET_NAME"];
         if (!secretName) {
             console.error("CREDENTIALS_SECRET_NAME env variable is not defined");
             throw new Error();
         }
-        cachedBasicAuthHeaders = await getSecretAsBasicAuthHeaders(secretName);
+        cachedBasicAuthCredentials = await getBasicAuthCredentialsSecret(secretName);
     }
-    return cachedBasicAuthHeaders;
+    return cachedBasicAuthCredentials;
 }
-async function getSecretAsBasicAuthHeaders(secretName) {
+async function getBasicAuthCredentialsSecret(secretName) {
     const secret = await getSecretValue(secretName);
-    if (isSingleUsernameAndPassword(secret)) {
-        const header = "Basic " +
-            Buffer.from(`${secret.username}:${secret.password}`).toString("base64");
-        return [header];
+    if (isUsernameAndPasswordObject(secret)) {
+        return [encodeBasicAuthCredentials(secret)];
     }
     // See `BasicAuthAuthorizerProps` on the `ApiGateway` construct for an explanation of the formats
     // we parse here
@@ -57,8 +59,11 @@ async function getSecretAsBasicAuthHeaders(secretName) {
             console.error(`Failed to parse credentials array in secret '${secretName}' as JSON`, e);
             throw new Error();
         }
+        if (isArrayOfUsernameAndPasswordObjects(credentialsArray)) {
+            return credentialsArray.map(encodeBasicAuthCredentials);
+        }
         if (isStringArray(credentialsArray)) {
-            return credentialsArray.map((encodedCredential) => `Basic ${encodedCredential}`);
+            return credentialsArray.map(parseEncodedBasicAuthCredentials);
         }
     }
     console.error(`Basic auth credentials secret did not follow any expected format (secret name: '${secretName}')`);
@@ -79,11 +84,16 @@ async function getSecretValue(secretName) {
         return JSON.parse(secret.SecretString);
     }
     catch (e) {
-        console.error(`Failed to parse secret '${secretName}' as JSON`, e);
+        console.error(`Failed to parse secret '${secretName}' as JSON:`, e);
         throw new Error();
     }
 }
-function isSingleUsernameAndPassword(value) {
+function encodeBasicAuthCredentials(credentials) {
+    const basicAuthHeader = "Basic " +
+        Buffer.from(`${credentials.username}:${credentials.password}`).toString("base64");
+    return { basicAuthHeader, username: credentials.username };
+}
+function isUsernameAndPasswordObject(value) {
     return (typeof value === "object" &&
         value !== null &&
         "username" in value &&
@@ -91,6 +101,17 @@ function isSingleUsernameAndPassword(value) {
         "password" in value &&
         typeof value.password === "string");
 }
+function isArrayOfUsernameAndPasswordObjects(value) {
+    if (!Array.isArray(value)) {
+        return false;
+    }
+    for (const element of value) {
+        if (!isUsernameAndPasswordObject(element)) {
+            return false;
+        }
+    }
+    return true;
+}
 function hasCredentialsKeyWithStringValue(value) {
     return (typeof value === "object" &&
         value !== null &&
@@ -108,7 +129,32 @@ function isStringArray(value) {
     }
     return true;
 }
+/**
+ * We want to return the requesting username as a context variable in
+ * {@link AuthorizerResult.context}, for API Gateway access logs and parameter mapping. So if the
+ * basic auth credentials secret is stored as pre-encoded base64 strings, we need to parse them to
+ * get the username.
+ */
+function parseEncodedBasicAuthCredentials(encodedCredentials) {
+    let decodedCredentials;
+    try {
+        decodedCredentials = Buffer.from(encodedCredentials, "base64").toString();
+    }
+    catch (e) {
+        console.error("Basic auth credentials secret could not be decoded as base64:", e);
+        throw new Error();
+    }
+    const usernameAndPassword = decodedCredentials.split(":", 2);
+    if (usernameAndPassword.length !== 2) {
+        console.error("Basic auth credentials secret could not be decoded as 'username:password'");
+        throw new Error();
+    }
+    return {
+        basicAuthHeader: `Basic ${encodedCredentials}`,
+        username: usernameAndPassword[0],
+    };
+}
 export function clearCache() {
-    cachedBasicAuthHeaders = undefined;
+    cachedBasicAuthCredentials = undefined;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFzaWMtYXV0aC1hdXRob3JpemVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FwaS1nYXRld2F5L2F1dGhvcml6ZXItbGFtYmRhcy9iYXNpYy1hdXRoLWF1dGhvcml6ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7OztHQVNHO0FBTUgsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLGlDQUFpQyxDQUFBO0FBRWhFLE1BQU0sQ0FBQyxNQUFNLE9BQU8sR0FBRyxLQUFLLEVBQzFCLEtBQXlDLEVBQ0UsRUFBRTtJQUM3QyxNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsT0FBTyxFQUFFLGFBQWEsQ0FBQTtJQUMvQyxJQUFJLENBQUMsVUFBVSxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQ3BELE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLENBQUE7SUFDaEMsQ0FBQztJQUVELE1BQU0sbUJBQW1CLEdBQUcsTUFBTSwyQkFBMkIsRUFBRSxDQUFBO0lBRS9ELEtBQUssTUFBTSxjQUFjLElBQUksbUJBQW1CLEVBQUUsQ0FBQztRQUNqRCxJQUFJLFVBQVUsS0FBSyxjQUFjLEVBQUUsQ0FBQztZQUNsQyxPQUFPLEVBQUUsWUFBWSxFQUFFLElBQUksRUFBRSxDQUFBO1FBQy9CLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQTtBQUNoQyxDQUFDLENBQUE7QUFFRCxxRkFBcUY7QUFDckYsSUFBSSxzQkFBc0IsR0FBeUIsU0FBUyxDQUFBO0FBRTVEOzs7R0FHRztBQUNILEtBQUssVUFBVSwyQkFBMkI7SUFDeEMsSUFBSSxzQkFBc0IsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUN6QyxNQUFNLFVBQVUsR0FDZCxPQUFPLENBQUMsR0FBRyxDQUFDLHlCQUF5QixDQUFDLENBQUE7UUFDeEMsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE9BQU8sQ0FBQyxLQUFLLENBQUMscURBQXFELENBQUMsQ0FBQTtZQUNwRSxNQUFNLElBQUksS0FBSyxFQUFFLENBQUE7UUFDbkIsQ0FBQztRQUVELHNCQUFzQixHQUFHLE1BQU0sMkJBQTJCLENBQUMsVUFBVSxDQUFDLENBQUE7SUFDeEUsQ0FBQztJQUVELE9BQU8sc0JBQXNCLENBQUE7QUFDL0IsQ0FBQztBQUVELEtBQUssVUFBVSwyQkFBMkIsQ0FDeEMsVUFBa0I7SUFFbEIsTUFBTSxNQUFNLEdBQUcsTUFBTSxjQUFjLENBQUMsVUFBVSxDQUFDLENBQUE7SUFFL0MsSUFBSSwyQkFBMkIsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDO1FBQ3hDLE1BQU0sTUFBTSxHQUNWLFFBQVE7WUFDUixNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsTUFBTSxDQUFDLFFBQVEsSUFBSSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUE7UUFDekUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFBO0lBQ2pCLENBQUM7SUFFRCxpR0FBaUc7SUFDakcsZ0JBQWdCO0lBQ2hCLElBQUksZ0NBQWdDLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUM3QyxJQUFJLGdCQUF5QixDQUFBO1FBQzdCLElBQUksQ0FBQztZQUNILGdCQUFnQixHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFBO1FBQ25ELENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1gsT0FBTyxDQUFDLEtBQUssQ0FDWCxnREFBZ0QsVUFBVSxXQUFXLEVBQ3JFLENBQUMsQ0FDRixDQUFBO1lBQ0QsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO1FBQ25CLENBQUM7UUFFRCxJQUFJLGFBQWEsQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLENBQUM7WUFDcEMsT0FBTyxnQkFBZ0IsQ0FBQyxHQUFHLENBQ3pCLENBQUMsaUJBQWlCLEVBQUUsRUFBRSxDQUFDLFNBQVMsaUJBQWlCLEVBQUUsQ0FDcEQsQ0FBQTtRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxDQUFDLEtBQUssQ0FDWCxtRkFBbUYsVUFBVSxJQUFJLENBQ2xHLENBQUE7SUFDRCxNQUFNLElBQUksS0FBSyxFQUFFLENBQUE7QUFDbkIsQ0FBQztBQUVELG1EQUFtRDtBQUNuRCxNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUc7SUFDMUIsb0JBQW9CLEVBQUUsR0FBRyxFQUFFLENBQUMsSUFBSSxjQUFjLEVBQUU7Q0FDakQsQ0FBQTtBQUVELEtBQUssVUFBVSxjQUFjLENBQUMsVUFBa0I7SUFDOUMsTUFBTSxNQUFNLEdBQUcsWUFBWSxDQUFDLG9CQUFvQixFQUFFLENBQUE7SUFDbEQsTUFBTSxNQUFNLEdBQUcsTUFBTSxNQUFNLENBQUMsY0FBYyxDQUFDLEVBQUUsUUFBUSxFQUFFLFVBQVUsRUFBRSxDQUFDLENBQUE7SUFFcEUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUN6QixPQUFPLENBQUMsS0FBSyxDQUFDLCtCQUErQixVQUFVLEdBQUcsQ0FBQyxDQUFBO1FBQzNELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtJQUNuQixDQUFDO0lBRUQsSUFBSSxDQUFDO1FBQ0gsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQTtJQUN4QyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxLQUFLLENBQUMsMkJBQTJCLFVBQVUsV0FBVyxFQUFFLENBQUMsQ0FBQyxDQUFBO1FBQ2xFLE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtJQUNuQixDQUFDO0FBQ0gsQ0FBQztBQUVELFNBQVMsMkJBQTJCLENBQ2xDLEtBQWM7SUFFZCxPQUFPLENBQ0wsT0FBTyxLQUFLLEtBQUssUUFBUTtRQUN6QixLQUFLLEtBQUssSUFBSTtRQUNkLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRO1FBQ2xDLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRLENBQ25DLENBQUE7QUFDSCxDQUFDO0FBRUQsU0FBUyxnQ0FBZ0MsQ0FDdkMsS0FBYztJQUVkLE9BQU8sQ0FDTCxPQUFPLEtBQUssS0FBSyxRQUFRO1FBQ3pCLEtBQUssS0FBSyxJQUFJO1FBQ2QsYUFBYSxJQUFJLEtBQUs7UUFDdEIsT0FBTyxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsQ0FDdEMsQ0FBQTtBQUNILENBQUM7QUFFRCxTQUFTLGFBQWEsQ0FBQyxLQUFjO0lBQ25DLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDMUIsT0FBTyxLQUFLLENBQUE7SUFDZCxDQUFDO0lBRUQsS0FBSyxNQUFNLE9BQU8sSUFBSSxLQUFLLEVBQUUsQ0FBQztRQUM1QixJQUFJLE9BQU8sT0FBTyxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ2hDLE9BQU8sS0FBSyxDQUFBO1FBQ2QsQ0FBQztJQUNILENBQUM7SUFFRCxPQUFPLElBQUksQ0FBQTtBQUNiLENBQUM7QUFFRCxNQUFNLFVBQVUsVUFBVTtJQUN4QixzQkFBc0IsR0FBRyxTQUFTLENBQUE7QUFDcEMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogVGhpcyBsYW1iZGEgdmVyaWZpZXMgYXV0aG9yaXphdGlvbiBoZWFkZXIgYWdhaW5zdCBzdGF0aWMgYmFzaWMgYXV0aCBjcmVkZW50aWFscyBzYXZlZCBpbiBTZWNyZXRcbiAqIE1hbmFnZXIuXG4gKlxuICogRXhwZWN0cyB0aGUgZm9sbG93aW5nIGVudmlyb25tZW50IHZhcmlhYmxlczpcbiAqIC0gQ1JFREVOVElBTFNfU0VDUkVUX05BTUVcbiAqICAgLSBTZWNyZXQgdmFsdWUgc2hvdWxkIGZvbGxvdyB0aGlzIGZvcm1hdDogYHtcInVzZXJuYW1lXCI6XCI8dXNlcm5hbWU+XCIsXCJwYXNzd29yZFwiOlwiPHBhc3N3b3JkPlwifWAuXG4gKiAgICAgQSBkaWZmZXJlbnQgZm9ybWF0IHdpdGggYW4gYXJyYXkgb2YgcHJlLWVuY29kZWQgY3JlZGVudGlhbHMgaXMgYWxzbyBzdXBwb3J0ZWQgLSBzZWUgZG9jcyBmb3JcbiAqICAgICB0aGUgYEJhc2ljQXV0aEF1dGhvcml6ZXJQcm9wc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QuXG4gKi9cblxuaW1wb3J0IHR5cGUge1xuICBBUElHYXRld2F5UmVxdWVzdEF1dGhvcml6ZXJFdmVudFYyLFxuICBBUElHYXRld2F5U2ltcGxlQXV0aG9yaXplclJlc3VsdCxcbn0gZnJvbSBcImF3cy1sYW1iZGFcIlxuaW1wb3J0IHsgU2VjcmV0c01hbmFnZXIgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXNlY3JldHMtbWFuYWdlclwiXG5cbmV4cG9ydCBjb25zdCBoYW5kbGVyID0gYXN5bmMgKFxuICBldmVudDogQVBJR2F0ZXdheVJlcXVlc3RBdXRob3JpemVyRXZlbnRWMixcbik6IFByb21pc2U8QVBJR2F0ZXdheVNpbXBsZUF1dGhvcml6ZXJSZXN1bHQ+ID0+IHtcbiAgY29uc3QgYXV0aEhlYWRlciA9IGV2ZW50LmhlYWRlcnM/LmF1dGhvcml6YXRpb25cbiAgaWYgKCFhdXRoSGVhZGVyIHx8ICFhdXRoSGVhZGVyLnN0YXJ0c1dpdGgoXCJCYXNpYyBcIikpIHtcbiAgICByZXR1cm4geyBpc0F1dGhvcml6ZWQ6IGZhbHNlIH1cbiAgfVxuXG4gIGNvbnN0IGV4cGVjdGVkQXV0aEhlYWRlcnMgPSBhd2FpdCBnZXRFeHBlY3RlZEJhc2ljQXV0aEhlYWRlcnMoKVxuXG4gIGZvciAoY29uc3QgZXhwZWN0ZWRIZWFkZXIgb2YgZXhwZWN0ZWRBdXRoSGVhZGVycykge1xuICAgIGlmIChhdXRoSGVhZGVyID09PSBleHBlY3RlZEhlYWRlcikge1xuICAgICAgcmV0dXJuIHsgaXNBdXRob3JpemVkOiB0cnVlIH1cbiAgICB9XG4gIH1cblxuICByZXR1cm4geyBpc0F1dGhvcml6ZWQ6IGZhbHNlIH1cbn1cblxuLyoqIENhY2hlIHRoaXMgdmFsdWUsIHNvIHRoYXQgc3Vic2VxdWVudCBsYW1iZGEgaW52b2NhdGlvbnMgZG9uJ3QgaGF2ZSB0byByZWZldGNoLiAqL1xubGV0IGNhY2hlZEJhc2ljQXV0aEhlYWRlcnM6IHN0cmluZ1tdIHwgdW5kZWZpbmVkID0gdW5kZWZpbmVkXG5cbi8qKlxuICogUmV0dXJucyBhbiBhcnJheSBvZiBhbGxvd2VkIGJhc2ljIGF1dGggaGVhZGVycywgdG8gc3VwcG9ydCBjcmVkZW50aWFsIHNlY3JldHMgd2l0aCBtdWx0aXBsZVxuICogdmFsdWVzIChzZWUgYEJhc2ljQXV0aEF1dGhvcml6ZXJQcm9wc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QgZm9yIG1vcmUgb24gdGhpcykuXG4gKi9cbmFzeW5jIGZ1bmN0aW9uIGdldEV4cGVjdGVkQmFzaWNBdXRoSGVhZGVycygpOiBQcm9taXNlPHN0cmluZ1tdPiB7XG4gIGlmIChjYWNoZWRCYXNpY0F1dGhIZWFkZXJzID09PSB1bmRlZmluZWQpIHtcbiAgICBjb25zdCBzZWNyZXROYW1lOiBzdHJpbmcgfCB1bmRlZmluZWQgPVxuICAgICAgcHJvY2Vzcy5lbnZbXCJDUkVERU5USUFMU19TRUNSRVRfTkFNRVwiXVxuICAgIGlmICghc2VjcmV0TmFtZSkge1xuICAgICAgY29uc29sZS5lcnJvcihcIkNSRURFTlRJQUxTX1NFQ1JFVF9OQU1FIGVudiB2YXJpYWJsZSBpcyBub3QgZGVmaW5lZFwiKVxuICAgICAgdGhyb3cgbmV3IEVycm9yKClcbiAgICB9XG5cbiAgICBjYWNoZWRCYXNpY0F1dGhIZWFkZXJzID0gYXdhaXQgZ2V0U2VjcmV0QXNCYXNpY0F1dGhIZWFkZXJzKHNlY3JldE5hbWUpXG4gIH1cblxuICByZXR1cm4gY2FjaGVkQmFzaWNBdXRoSGVhZGVyc1xufVxuXG5hc3luYyBmdW5jdGlvbiBnZXRTZWNyZXRBc0Jhc2ljQXV0aEhlYWRlcnMoXG4gIHNlY3JldE5hbWU6IHN0cmluZyxcbik6IFByb21pc2U8c3RyaW5nW10+IHtcbiAgY29uc3Qgc2VjcmV0ID0gYXdhaXQgZ2V0U2VjcmV0VmFsdWUoc2VjcmV0TmFtZSlcblxuICBpZiAoaXNTaW5nbGVVc2VybmFtZUFuZFBhc3N3b3JkKHNlY3JldCkpIHtcbiAgICBjb25zdCBoZWFkZXIgPVxuICAgICAgXCJCYXNpYyBcIiArXG4gICAgICBCdWZmZXIuZnJvbShgJHtzZWNyZXQudXNlcm5hbWV9OiR7c2VjcmV0LnBhc3N3b3JkfWApLnRvU3RyaW5nKFwiYmFzZTY0XCIpXG4gICAgcmV0dXJuIFtoZWFkZXJdXG4gIH1cblxuICAvLyBTZWUgYEJhc2ljQXV0aEF1dGhvcml6ZXJQcm9wc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QgZm9yIGFuIGV4cGxhbmF0aW9uIG9mIHRoZSBmb3JtYXRzXG4gIC8vIHdlIHBhcnNlIGhlcmVcbiAgaWYgKGhhc0NyZWRlbnRpYWxzS2V5V2l0aFN0cmluZ1ZhbHVlKHNlY3JldCkpIHtcbiAgICBsZXQgY3JlZGVudGlhbHNBcnJheTogdW5rbm93blxuICAgIHRyeSB7XG4gICAgICBjcmVkZW50aWFsc0FycmF5ID0gSlNPTi5wYXJzZShzZWNyZXQuY3JlZGVudGlhbHMpXG4gICAgfSBjYXRjaCAoZSkge1xuICAgICAgY29uc29sZS5lcnJvcihcbiAgICAgICAgYEZhaWxlZCB0byBwYXJzZSBjcmVkZW50aWFscyBhcnJheSBpbiBzZWNyZXQgJyR7c2VjcmV0TmFtZX0nIGFzIEpTT05gLFxuICAgICAgICBlLFxuICAgICAgKVxuICAgICAgdGhyb3cgbmV3IEVycm9yKClcbiAgICB9XG5cbiAgICBpZiAoaXNTdHJpbmdBcnJheShjcmVkZW50aWFsc0FycmF5KSkge1xuICAgICAgcmV0dXJuIGNyZWRlbnRpYWxzQXJyYXkubWFwKFxuICAgICAgICAoZW5jb2RlZENyZWRlbnRpYWwpID0+IGBCYXNpYyAke2VuY29kZWRDcmVkZW50aWFsfWAsXG4gICAgICApXG4gICAgfVxuICB9XG5cbiAgY29uc29sZS5lcnJvcihcbiAgICBgQmFzaWMgYXV0aCBjcmVkZW50aWFscyBzZWNyZXQgZGlkIG5vdCBmb2xsb3cgYW55IGV4cGVjdGVkIGZvcm1hdCAoc2VjcmV0IG5hbWU6ICcke3NlY3JldE5hbWV9JylgLFxuICApXG4gIHRocm93IG5ldyBFcnJvcigpXG59XG5cbi8qKiBGb3Igb3ZlcnJpZGluZyBkZXBlbmRlbmN5IGNyZWF0aW9uIGluIHRlc3RzLiAqL1xuZXhwb3J0IGNvbnN0IGRlcGVuZGVuY2llcyA9IHtcbiAgY3JlYXRlU2VjcmV0c01hbmFnZXI6ICgpID0+IG5ldyBTZWNyZXRzTWFuYWdlcigpLFxufVxuXG5hc3luYyBmdW5jdGlvbiBnZXRTZWNyZXRWYWx1ZShzZWNyZXROYW1lOiBzdHJpbmcpOiBQcm9taXNlPHVua25vd24+IHtcbiAgY29uc3QgY2xpZW50ID0gZGVwZW5kZW5jaWVzLmNyZWF0ZVNlY3JldHNNYW5hZ2VyKClcbiAgY29uc3Qgc2VjcmV0ID0gYXdhaXQgY2xpZW50LmdldFNlY3JldFZhbHVlKHsgU2VjcmV0SWQ6IHNlY3JldE5hbWUgfSlcblxuICBpZiAoIXNlY3JldC5TZWNyZXRTdHJpbmcpIHtcbiAgICBjb25zb2xlLmVycm9yKGBTZWNyZXQgdmFsdWUgbm90IGZvdW5kIGZvciAnJHtzZWNyZXROYW1lfSdgKVxuICAgIHRocm93IG5ldyBFcnJvcigpXG4gIH1cblxuICB0cnkge1xuICAgIHJldHVybiBKU09OLnBhcnNlKHNlY3JldC5TZWNyZXRTdHJpbmcpXG4gIH0gY2F0Y2ggKGUpIHtcbiAgICBjb25zb2xlLmVycm9yKGBGYWlsZWQgdG8gcGFyc2Ugc2VjcmV0ICcke3NlY3JldE5hbWV9JyBhcyBKU09OYCwgZSlcbiAgICB0aHJvdyBuZXcgRXJyb3IoKVxuICB9XG59XG5cbmZ1bmN0aW9uIGlzU2luZ2xlVXNlcm5hbWVBbmRQYXNzd29yZChcbiAgdmFsdWU6IHVua25vd24sXG4pOiB2YWx1ZSBpcyB7IHVzZXJuYW1lOiBzdHJpbmc7IHBhc3N3b3JkOiBzdHJpbmcgfSB7XG4gIHJldHVybiAoXG4gICAgdHlwZW9mIHZhbHVlID09PSBcIm9iamVjdFwiICYmXG4gICAgdmFsdWUgIT09IG51bGwgJiZcbiAgICBcInVzZXJuYW1lXCIgaW4gdmFsdWUgJiZcbiAgICB0eXBlb2YgdmFsdWUudXNlcm5hbWUgPT09IFwic3RyaW5nXCIgJiZcbiAgICBcInBhc3N3b3JkXCIgaW4gdmFsdWUgJiZcbiAgICB0eXBlb2YgdmFsdWUucGFzc3dvcmQgPT09IFwic3RyaW5nXCJcbiAgKVxufVxuXG5mdW5jdGlvbiBoYXNDcmVkZW50aWFsc0tleVdpdGhTdHJpbmdWYWx1ZShcbiAgdmFsdWU6IHVua25vd24sXG4pOiB2YWx1ZSBpcyB7IGNyZWRlbnRpYWxzOiBzdHJpbmcgfSB7XG4gIHJldHVybiAoXG4gICAgdHlwZW9mIHZhbHVlID09PSBcIm9iamVjdFwiICYmXG4gICAgdmFsdWUgIT09IG51bGwgJiZcbiAgICBcImNyZWRlbnRpYWxzXCIgaW4gdmFsdWUgJiZcbiAgICB0eXBlb2YgdmFsdWUuY3JlZGVudGlhbHMgPT09IFwic3RyaW5nXCJcbiAgKVxufVxuXG5mdW5jdGlvbiBpc1N0cmluZ0FycmF5KHZhbHVlOiB1bmtub3duKTogdmFsdWUgaXMgc3RyaW5nW10ge1xuICBpZiAoIUFycmF5LmlzQXJyYXkodmFsdWUpKSB7XG4gICAgcmV0dXJuIGZhbHNlXG4gIH1cblxuICBmb3IgKGNvbnN0IGVsZW1lbnQgb2YgdmFsdWUpIHtcbiAgICBpZiAodHlwZW9mIGVsZW1lbnQgIT09IFwic3RyaW5nXCIpIHtcbiAgICAgIHJldHVybiBmYWxzZVxuICAgIH1cbiAgfVxuXG4gIHJldHVybiB0cnVlXG59XG5cbmV4cG9ydCBmdW5jdGlvbiBjbGVhckNhY2hlKCkge1xuICBjYWNoZWRCYXNpY0F1dGhIZWFkZXJzID0gdW5kZWZpbmVkXG59XG4iXX0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFzaWMtYXV0aC1hdXRob3JpemVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FwaS1nYXRld2F5L2F1dGhvcml6ZXItbGFtYmRhcy9iYXNpYy1hdXRoLWF1dGhvcml6ZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7O0dBUUc7QUFNSCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0saUNBQWlDLENBQUE7QUFvQmhFLE1BQU0sQ0FBQyxNQUFNLE9BQU8sR0FBRyxLQUFLLEVBQzFCLEtBQXlDLEVBQ2QsRUFBRTtJQUM3QixNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsT0FBTyxFQUFFLGFBQWEsQ0FBQTtJQUMvQyxJQUFJLENBQUMsVUFBVSxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1FBQ3BELE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLENBQUE7SUFDaEMsQ0FBQztJQUVELE1BQU0sbUJBQW1CLEdBQUcsTUFBTSwrQkFBK0IsRUFBRSxDQUFBO0lBRW5FLEtBQUssTUFBTSxRQUFRLElBQUksbUJBQW1CLEVBQUUsQ0FBQztRQUMzQyxJQUFJLFVBQVUsS0FBSyxRQUFRLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDNUMsT0FBTztnQkFDTCxZQUFZLEVBQUUsSUFBSTtnQkFDbEIsT0FBTyxFQUFFO29CQUNQLFFBQVEsRUFBRSxRQUFRLENBQUMsUUFBUTtpQkFDNUI7YUFDRixDQUFBO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRCxPQUFPLEVBQUUsWUFBWSxFQUFFLEtBQUssRUFBRSxDQUFBO0FBQ2hDLENBQUMsQ0FBQTtBQU9ELHFGQUFxRjtBQUNyRixJQUFJLDBCQUEwQixHQUM1QixTQUFTLENBQUE7QUFFWDs7O0dBR0c7QUFDSCxLQUFLLFVBQVUsK0JBQStCO0lBRzVDLElBQUksMEJBQTBCLEtBQUssU0FBUyxFQUFFLENBQUM7UUFDN0MsTUFBTSxVQUFVLEdBQ2QsT0FBTyxDQUFDLEdBQUcsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFBO1FBQ3hDLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUNoQixPQUFPLENBQUMsS0FBSyxDQUFDLHFEQUFxRCxDQUFDLENBQUE7WUFDcEUsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO1FBQ25CLENBQUM7UUFFRCwwQkFBMEIsR0FBRyxNQUFNLDZCQUE2QixDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBQzlFLENBQUM7SUFFRCxPQUFPLDBCQUEwQixDQUFBO0FBQ25DLENBQUM7QUFFRCxLQUFLLFVBQVUsNkJBQTZCLENBQzFDLFVBQWtCO0lBRWxCLE1BQU0sTUFBTSxHQUFHLE1BQU0sY0FBYyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBRS9DLElBQUksMkJBQTJCLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUN4QyxPQUFPLENBQUMsMEJBQTBCLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQTtJQUM3QyxDQUFDO0lBRUQsaUdBQWlHO0lBQ2pHLGdCQUFnQjtJQUNoQixJQUFJLGdDQUFnQyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDN0MsSUFBSSxnQkFBeUIsQ0FBQTtRQUM3QixJQUFJLENBQUM7WUFDSCxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsQ0FBQTtRQUNuRCxDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNYLE9BQU8sQ0FBQyxLQUFLLENBQ1gsZ0RBQWdELFVBQVUsV0FBVyxFQUNyRSxDQUFDLENBQ0YsQ0FBQTtZQUNELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtRQUNuQixDQUFDO1FBRUQsSUFBSSxtQ0FBbUMsQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLENBQUM7WUFDMUQsT0FBTyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsMEJBQTBCLENBQUMsQ0FBQTtRQUN6RCxDQUFDO1FBRUQsSUFBSSxhQUFhLENBQUMsZ0JBQWdCLENBQUMsRUFBRSxDQUFDO1lBQ3BDLE9BQU8sZ0JBQWdCLENBQUMsR0FBRyxDQUFDLGdDQUFnQyxDQUFDLENBQUE7UUFDL0QsQ0FBQztJQUNILENBQUM7SUFFRCxPQUFPLENBQUMsS0FBSyxDQUNYLG1GQUFtRixVQUFVLElBQUksQ0FDbEcsQ0FBQTtJQUNELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtBQUNuQixDQUFDO0FBRUQsbURBQW1EO0FBQ25ELE1BQU0sQ0FBQyxNQUFNLFlBQVksR0FBRztJQUMxQixvQkFBb0IsRUFBRSxHQUFHLEVBQUUsQ0FBQyxJQUFJLGNBQWMsRUFBRTtDQUNqRCxDQUFBO0FBRUQsS0FBSyxVQUFVLGNBQWMsQ0FBQyxVQUFrQjtJQUM5QyxNQUFNLE1BQU0sR0FBRyxZQUFZLENBQUMsb0JBQW9CLEVBQUUsQ0FBQTtJQUNsRCxNQUFNLE1BQU0sR0FBRyxNQUFNLE1BQU0sQ0FBQyxjQUFjLENBQUMsRUFBRSxRQUFRLEVBQUUsVUFBVSxFQUFFLENBQUMsQ0FBQTtJQUVwRSxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQ3pCLE9BQU8sQ0FBQyxLQUFLLENBQUMsK0JBQStCLFVBQVUsR0FBRyxDQUFDLENBQUE7UUFDM0QsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO0lBQ25CLENBQUM7SUFFRCxJQUFJLENBQUM7UUFDSCxPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFBO0lBQ3hDLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsT0FBTyxDQUFDLEtBQUssQ0FBQywyQkFBMkIsVUFBVSxZQUFZLEVBQUUsQ0FBQyxDQUFDLENBQUE7UUFDbkUsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO0lBQ25CLENBQUM7QUFDSCxDQUFDO0FBRUQsU0FBUywwQkFBMEIsQ0FBQyxXQUduQztJQUNDLE1BQU0sZUFBZSxHQUNuQixRQUFRO1FBQ1IsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLFdBQVcsQ0FBQyxRQUFRLElBQUksV0FBVyxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUNyRSxRQUFRLENBQ1QsQ0FBQTtJQUVILE9BQU8sRUFBRSxlQUFlLEVBQUUsUUFBUSxFQUFFLFdBQVcsQ0FBQyxRQUFRLEVBQUUsQ0FBQTtBQUM1RCxDQUFDO0FBRUQsU0FBUywyQkFBMkIsQ0FDbEMsS0FBYztJQUVkLE9BQU8sQ0FDTCxPQUFPLEtBQUssS0FBSyxRQUFRO1FBQ3pCLEtBQUssS0FBSyxJQUFJO1FBQ2QsVUFBVSxJQUFJLEtBQUs7UUFDbkIsT0FBTyxLQUFLLENBQUMsUUFBUSxLQUFLLFFBQVE7UUFDbEMsVUFBVSxJQUFJLEtBQUs7UUFDbkIsT0FBTyxLQUFLLENBQUMsUUFBUSxLQUFLLFFBQVEsQ0FDbkMsQ0FBQTtBQUNILENBQUM7QUFFRCxTQUFTLG1DQUFtQyxDQUMxQyxLQUFjO0lBRWQsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUMxQixPQUFPLEtBQUssQ0FBQTtJQUNkLENBQUM7SUFFRCxLQUFLLE1BQU0sT0FBTyxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQzVCLElBQUksQ0FBQywyQkFBMkIsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQzFDLE9BQU8sS0FBSyxDQUFBO1FBQ2QsQ0FBQztJQUNILENBQUM7SUFFRCxPQUFPLElBQUksQ0FBQTtBQUNiLENBQUM7QUFFRCxTQUFTLGdDQUFnQyxDQUN2QyxLQUFjO0lBRWQsT0FBTyxDQUNMLE9BQU8sS0FBSyxLQUFLLFFBQVE7UUFDekIsS0FBSyxLQUFLLElBQUk7UUFDZCxhQUFhLElBQUksS0FBSztRQUN0QixPQUFPLEtBQUssQ0FBQyxXQUFXLEtBQUssUUFBUSxDQUN0QyxDQUFBO0FBQ0gsQ0FBQztBQUVELFNBQVMsYUFBYSxDQUFDLEtBQWM7SUFDbkMsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUMxQixPQUFPLEtBQUssQ0FBQTtJQUNkLENBQUM7SUFFRCxLQUFLLE1BQU0sT0FBTyxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQzVCLElBQUksT0FBTyxPQUFPLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDaEMsT0FBTyxLQUFLLENBQUE7UUFDZCxDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFBO0FBQ2IsQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0gsU0FBUyxnQ0FBZ0MsQ0FDdkMsa0JBQTBCO0lBRTFCLElBQUksa0JBQTBCLENBQUE7SUFDOUIsSUFBSSxDQUFDO1FBQ0gsa0JBQWtCLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxRQUFRLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQTtJQUMzRSxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxLQUFLLENBQ1gsK0RBQStELEVBQy9ELENBQUMsQ0FDRixDQUFBO1FBQ0QsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO0lBQ25CLENBQUM7SUFFRCxNQUFNLG1CQUFtQixHQUFHLGtCQUFrQixDQUFDLEtBQUssQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUE7SUFDNUQsSUFBSSxtQkFBbUIsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDckMsT0FBTyxDQUFDLEtBQUssQ0FDWCwyRUFBMkUsQ0FDNUUsQ0FBQTtRQUNELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtJQUNuQixDQUFDO0lBRUQsT0FBTztRQUNMLGVBQWUsRUFBRSxTQUFTLGtCQUFrQixFQUFFO1FBQzlDLFFBQVEsRUFBRSxtQkFBbUIsQ0FBQyxDQUFDLENBQUM7S0FDakMsQ0FBQTtBQUNILENBQUM7QUFFRCxNQUFNLFVBQVUsVUFBVTtJQUN4QiwwQkFBMEIsR0FBRyxTQUFTLENBQUE7QUFDeEMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogVGhpcyBsYW1iZGEgdmVyaWZpZXMgYXV0aG9yaXphdGlvbiBoZWFkZXIgYWdhaW5zdCBzdGF0aWMgYmFzaWMgYXV0aCBjcmVkZW50aWFscyBzYXZlZCBpbiBTZWNyZXRzXG4gKiBNYW5hZ2VyLlxuICpcbiAqIEV4cGVjdHMgdGhlIGZvbGxvd2luZyBlbnZpcm9ubWVudCB2YXJpYWJsZXM6XG4gKiAtIENSRURFTlRJQUxTX1NFQ1JFVF9OQU1FXG4gKiAgIC0gTmFtZSBvZiBzZWNyZXQgaW4gQVdTIFNlY3JldHMgTWFuYWdlciB0aGF0IHN0b3JlcyBiYXNpYyBhdXRoIGNyZWRlbnRpYWxzLiBTZWVcbiAqICAgICBgQmFzaWNBdXRoQXV0aG9yaXplclByb3BzYCBvbiB0aGUgYEFwaUdhdGV3YXlgIGNvbnN0cnVjdCBmb3IgdGhlIHN1cHBvcnRlZCBmb3JtYXRzLlxuICovXG5cbmltcG9ydCB0eXBlIHtcbiAgQVBJR2F0ZXdheVJlcXVlc3RBdXRob3JpemVyRXZlbnRWMixcbiAgQVBJR2F0ZXdheVNpbXBsZUF1dGhvcml6ZXJSZXN1bHQsXG59IGZyb20gXCJhd3MtbGFtYmRhXCJcbmltcG9ydCB7IFNlY3JldHNNYW5hZ2VyIH0gZnJvbSBcIkBhd3Mtc2RrL2NsaWVudC1zZWNyZXRzLW1hbmFnZXJcIlxuXG50eXBlIEF1dGhvcml6ZXJSZXN1bHQgPSBBUElHYXRld2F5U2ltcGxlQXV0aG9yaXplclJlc3VsdCAmIHtcbiAgLyoqXG4gICAqIFJldHVybmluZyBhIGNvbnRleHQgb2JqZWN0IGZyb20gb3VyIGF1dGhvcml6ZXIgYWxsb3dzIG91ciBBUEkgR2F0ZXdheSB0byBhY2Nlc3MgdGhlc2UgdmFyaWFibGVzXG4gICAqIHZpYSBgJHtjb250ZXh0LmF1dGhvcml6ZXIuPHByb3BlcnR5Pn1gLlxuICAgKiBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vYXBpZ2F0ZXdheS9sYXRlc3QvZGV2ZWxvcGVyZ3VpZGUvaHR0cC1hcGktcGFyYW1ldGVyLW1hcHBpbmcuaHRtbFxuICAgKi9cbiAgY29udGV4dD86IHtcbiAgICAvKipcbiAgICAgKiBJZiB0aGUgcmVxdWVzdCdzIGNyZWRlbnRpYWxzIGFyZSB2ZXJpZmllZCwgd2UgcmV0dXJuIHRoZSB1c2VybmFtZSB0aGF0IHdhcyB1c2VkIGluIHRoaXNcbiAgICAgKiBjb250ZXh0IHZhcmlhYmxlIChuYW1lZCBgYXV0aG9yaXplci51c2VybmFtZWApLiBXZSB1c2UgdGhpcyB0byBpbmNsdWRlIHRoZSByZXF1ZXN0aW5nIHVzZXIgaW5cbiAgICAgKiB0aGUgQVBJIEdhdGV3YXkgYWNjZXNzIGxvZ3MgKHNlZSBgZGVmYXVsdEFjY2Vzc0xvZ0Zvcm1hdGAgaW4gb3VyIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QpLiBZb3VcbiAgICAgKiBjYW4gYWxzbyB1c2UgdGhpcyB3aGVuIG1hcHBpbmcgcGFyYW1ldGVycyB0byB0aGUgYmFja2VuZCBpbnRlZ3JhdGlvbiAoc2VlXG4gICAgICogYEFsYkludGVncmF0aW9uUHJvcHMubWFwUGFyYW1ldGVyc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QpLlxuICAgICAqL1xuICAgIHVzZXJuYW1lOiBzdHJpbmdcbiAgfVxufVxuXG5leHBvcnQgY29uc3QgaGFuZGxlciA9IGFzeW5jIChcbiAgZXZlbnQ6IEFQSUdhdGV3YXlSZXF1ZXN0QXV0aG9yaXplckV2ZW50VjIsXG4pOiBQcm9taXNlPEF1dGhvcml6ZXJSZXN1bHQ+ID0+IHtcbiAgY29uc3QgYXV0aEhlYWRlciA9IGV2ZW50LmhlYWRlcnM/LmF1dGhvcml6YXRpb25cbiAgaWYgKCFhdXRoSGVhZGVyIHx8ICFhdXRoSGVhZGVyLnN0YXJ0c1dpdGgoXCJCYXNpYyBcIikpIHtcbiAgICByZXR1cm4geyBpc0F1dGhvcml6ZWQ6IGZhbHNlIH1cbiAgfVxuXG4gIGNvbnN0IGV4cGVjdGVkQ3JlZGVudGlhbHMgPSBhd2FpdCBnZXRFeHBlY3RlZEJhc2ljQXV0aENyZWRlbnRpYWxzKClcblxuICBmb3IgKGNvbnN0IGV4cGVjdGVkIG9mIGV4cGVjdGVkQ3JlZGVudGlhbHMpIHtcbiAgICBpZiAoYXV0aEhlYWRlciA9PT0gZXhwZWN0ZWQuYmFzaWNBdXRoSGVhZGVyKSB7XG4gICAgICByZXR1cm4ge1xuICAgICAgICBpc0F1dGhvcml6ZWQ6IHRydWUsXG4gICAgICAgIGNvbnRleHQ6IHtcbiAgICAgICAgICB1c2VybmFtZTogZXhwZWN0ZWQudXNlcm5hbWUsXG4gICAgICAgIH0sXG4gICAgICB9XG4gICAgfVxuICB9XG5cbiAgcmV0dXJuIHsgaXNBdXRob3JpemVkOiBmYWxzZSB9XG59XG5cbnR5cGUgRXhwZWN0ZWRCYXNpY0F1dGhDcmVkZW50aWFscyA9IHtcbiAgYmFzaWNBdXRoSGVhZGVyOiBzdHJpbmdcbiAgdXNlcm5hbWU6IHN0cmluZ1xufVxuXG4vKiogQ2FjaGUgdGhpcyB2YWx1ZSwgc28gdGhhdCBzdWJzZXF1ZW50IGxhbWJkYSBpbnZvY2F0aW9ucyBkb24ndCBoYXZlIHRvIHJlZmV0Y2guICovXG5sZXQgY2FjaGVkQmFzaWNBdXRoQ3JlZGVudGlhbHM6IEV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHNbXSB8IHVuZGVmaW5lZCA9XG4gIHVuZGVmaW5lZFxuXG4vKipcbiAqIFJldHVybnMgYW4gYXJyYXksIHRvIHN1cHBvcnQgY3JlZGVudGlhbCBzZWNyZXRzIHdpdGggbXVsdGlwbGUgdmFsdWVzIChzZWVcbiAqIGBCYXNpY0F1dGhBdXRob3JpemVyUHJvcHNgIG9uIHRoZSBgQXBpR2F0ZXdheWAgY29uc3RydWN0IGZvciBtb3JlIG9uIHRoaXMpLlxuICovXG5hc3luYyBmdW5jdGlvbiBnZXRFeHBlY3RlZEJhc2ljQXV0aENyZWRlbnRpYWxzKCk6IFByb21pc2U8XG4gIEV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHNbXVxuPiB7XG4gIGlmIChjYWNoZWRCYXNpY0F1dGhDcmVkZW50aWFscyA9PT0gdW5kZWZpbmVkKSB7XG4gICAgY29uc3Qgc2VjcmV0TmFtZTogc3RyaW5nIHwgdW5kZWZpbmVkID1cbiAgICAgIHByb2Nlc3MuZW52W1wiQ1JFREVOVElBTFNfU0VDUkVUX05BTUVcIl1cbiAgICBpZiAoIXNlY3JldE5hbWUpIHtcbiAgICAgIGNvbnNvbGUuZXJyb3IoXCJDUkVERU5USUFMU19TRUNSRVRfTkFNRSBlbnYgdmFyaWFibGUgaXMgbm90IGRlZmluZWRcIilcbiAgICAgIHRocm93IG5ldyBFcnJvcigpXG4gICAgfVxuXG4gICAgY2FjaGVkQmFzaWNBdXRoQ3JlZGVudGlhbHMgPSBhd2FpdCBnZXRCYXNpY0F1dGhDcmVkZW50aWFsc1NlY3JldChzZWNyZXROYW1lKVxuICB9XG5cbiAgcmV0dXJuIGNhY2hlZEJhc2ljQXV0aENyZWRlbnRpYWxzXG59XG5cbmFzeW5jIGZ1bmN0aW9uIGdldEJhc2ljQXV0aENyZWRlbnRpYWxzU2VjcmV0KFxuICBzZWNyZXROYW1lOiBzdHJpbmcsXG4pOiBQcm9taXNlPEV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHNbXT4ge1xuICBjb25zdCBzZWNyZXQgPSBhd2FpdCBnZXRTZWNyZXRWYWx1ZShzZWNyZXROYW1lKVxuXG4gIGlmIChpc1VzZXJuYW1lQW5kUGFzc3dvcmRPYmplY3Qoc2VjcmV0KSkge1xuICAgIHJldHVybiBbZW5jb2RlQmFzaWNBdXRoQ3JlZGVudGlhbHMoc2VjcmV0KV1cbiAgfVxuXG4gIC8vIFNlZSBgQmFzaWNBdXRoQXV0aG9yaXplclByb3BzYCBvbiB0aGUgYEFwaUdhdGV3YXlgIGNvbnN0cnVjdCBmb3IgYW4gZXhwbGFuYXRpb24gb2YgdGhlIGZvcm1hdHNcbiAgLy8gd2UgcGFyc2UgaGVyZVxuICBpZiAoaGFzQ3JlZGVudGlhbHNLZXlXaXRoU3RyaW5nVmFsdWUoc2VjcmV0KSkge1xuICAgIGxldCBjcmVkZW50aWFsc0FycmF5OiB1bmtub3duXG4gICAgdHJ5IHtcbiAgICAgIGNyZWRlbnRpYWxzQXJyYXkgPSBKU09OLnBhcnNlKHNlY3JldC5jcmVkZW50aWFscylcbiAgICB9IGNhdGNoIChlKSB7XG4gICAgICBjb25zb2xlLmVycm9yKFxuICAgICAgICBgRmFpbGVkIHRvIHBhcnNlIGNyZWRlbnRpYWxzIGFycmF5IGluIHNlY3JldCAnJHtzZWNyZXROYW1lfScgYXMgSlNPTmAsXG4gICAgICAgIGUsXG4gICAgICApXG4gICAgICB0aHJvdyBuZXcgRXJyb3IoKVxuICAgIH1cblxuICAgIGlmIChpc0FycmF5T2ZVc2VybmFtZUFuZFBhc3N3b3JkT2JqZWN0cyhjcmVkZW50aWFsc0FycmF5KSkge1xuICAgICAgcmV0dXJuIGNyZWRlbnRpYWxzQXJyYXkubWFwKGVuY29kZUJhc2ljQXV0aENyZWRlbnRpYWxzKVxuICAgIH1cblxuICAgIGlmIChpc1N0cmluZ0FycmF5KGNyZWRlbnRpYWxzQXJyYXkpKSB7XG4gICAgICByZXR1cm4gY3JlZGVudGlhbHNBcnJheS5tYXAocGFyc2VFbmNvZGVkQmFzaWNBdXRoQ3JlZGVudGlhbHMpXG4gICAgfVxuICB9XG5cbiAgY29uc29sZS5lcnJvcihcbiAgICBgQmFzaWMgYXV0aCBjcmVkZW50aWFscyBzZWNyZXQgZGlkIG5vdCBmb2xsb3cgYW55IGV4cGVjdGVkIGZvcm1hdCAoc2VjcmV0IG5hbWU6ICcke3NlY3JldE5hbWV9JylgLFxuICApXG4gIHRocm93IG5ldyBFcnJvcigpXG59XG5cbi8qKiBGb3Igb3ZlcnJpZGluZyBkZXBlbmRlbmN5IGNyZWF0aW9uIGluIHRlc3RzLiAqL1xuZXhwb3J0IGNvbnN0IGRlcGVuZGVuY2llcyA9IHtcbiAgY3JlYXRlU2VjcmV0c01hbmFnZXI6ICgpID0+IG5ldyBTZWNyZXRzTWFuYWdlcigpLFxufVxuXG5hc3luYyBmdW5jdGlvbiBnZXRTZWNyZXRWYWx1ZShzZWNyZXROYW1lOiBzdHJpbmcpOiBQcm9taXNlPHVua25vd24+IHtcbiAgY29uc3QgY2xpZW50ID0gZGVwZW5kZW5jaWVzLmNyZWF0ZVNlY3JldHNNYW5hZ2VyKClcbiAgY29uc3Qgc2VjcmV0ID0gYXdhaXQgY2xpZW50LmdldFNlY3JldFZhbHVlKHsgU2VjcmV0SWQ6IHNlY3JldE5hbWUgfSlcblxuICBpZiAoIXNlY3JldC5TZWNyZXRTdHJpbmcpIHtcbiAgICBjb25zb2xlLmVycm9yKGBTZWNyZXQgdmFsdWUgbm90IGZvdW5kIGZvciAnJHtzZWNyZXROYW1lfSdgKVxuICAgIHRocm93IG5ldyBFcnJvcigpXG4gIH1cblxuICB0cnkge1xuICAgIHJldHVybiBKU09OLnBhcnNlKHNlY3JldC5TZWNyZXRTdHJpbmcpXG4gIH0gY2F0Y2ggKGUpIHtcbiAgICBjb25zb2xlLmVycm9yKGBGYWlsZWQgdG8gcGFyc2Ugc2VjcmV0ICcke3NlY3JldE5hbWV9JyBhcyBKU09OOmAsIGUpXG4gICAgdGhyb3cgbmV3IEVycm9yKClcbiAgfVxufVxuXG5mdW5jdGlvbiBlbmNvZGVCYXNpY0F1dGhDcmVkZW50aWFscyhjcmVkZW50aWFsczoge1xuICB1c2VybmFtZTogc3RyaW5nXG4gIHBhc3N3b3JkOiBzdHJpbmdcbn0pOiBFeHBlY3RlZEJhc2ljQXV0aENyZWRlbnRpYWxzIHtcbiAgY29uc3QgYmFzaWNBdXRoSGVhZGVyID1cbiAgICBcIkJhc2ljIFwiICtcbiAgICBCdWZmZXIuZnJvbShgJHtjcmVkZW50aWFscy51c2VybmFtZX06JHtjcmVkZW50aWFscy5wYXNzd29yZH1gKS50b1N0cmluZyhcbiAgICAgIFwiYmFzZTY0XCIsXG4gICAgKVxuXG4gIHJldHVybiB7IGJhc2ljQXV0aEhlYWRlciwgdXNlcm5hbWU6IGNyZWRlbnRpYWxzLnVzZXJuYW1lIH1cbn1cblxuZnVuY3Rpb24gaXNVc2VybmFtZUFuZFBhc3N3b3JkT2JqZWN0KFxuICB2YWx1ZTogdW5rbm93bixcbik6IHZhbHVlIGlzIHsgdXNlcm5hbWU6IHN0cmluZzsgcGFzc3dvcmQ6IHN0cmluZyB9IHtcbiAgcmV0dXJuIChcbiAgICB0eXBlb2YgdmFsdWUgPT09IFwib2JqZWN0XCIgJiZcbiAgICB2YWx1ZSAhPT0gbnVsbCAmJlxuICAgIFwidXNlcm5hbWVcIiBpbiB2YWx1ZSAmJlxuICAgIHR5cGVvZiB2YWx1ZS51c2VybmFtZSA9PT0gXCJzdHJpbmdcIiAmJlxuICAgIFwicGFzc3dvcmRcIiBpbiB2YWx1ZSAmJlxuICAgIHR5cGVvZiB2YWx1ZS5wYXNzd29yZCA9PT0gXCJzdHJpbmdcIlxuICApXG59XG5cbmZ1bmN0aW9uIGlzQXJyYXlPZlVzZXJuYW1lQW5kUGFzc3dvcmRPYmplY3RzKFxuICB2YWx1ZTogdW5rbm93bixcbik6IHZhbHVlIGlzIHsgdXNlcm5hbWU6IHN0cmluZzsgcGFzc3dvcmQ6IHN0cmluZyB9W10ge1xuICBpZiAoIUFycmF5LmlzQXJyYXkodmFsdWUpKSB7XG4gICAgcmV0dXJuIGZhbHNlXG4gIH1cblxuICBmb3IgKGNvbnN0IGVsZW1lbnQgb2YgdmFsdWUpIHtcbiAgICBpZiAoIWlzVXNlcm5hbWVBbmRQYXNzd29yZE9iamVjdChlbGVtZW50KSkge1xuICAgICAgcmV0dXJuIGZhbHNlXG4gICAgfVxuICB9XG5cbiAgcmV0dXJuIHRydWVcbn1cblxuZnVuY3Rpb24gaGFzQ3JlZGVudGlhbHNLZXlXaXRoU3RyaW5nVmFsdWUoXG4gIHZhbHVlOiB1bmtub3duLFxuKTogdmFsdWUgaXMgeyBjcmVkZW50aWFsczogc3RyaW5nIH0ge1xuICByZXR1cm4gKFxuICAgIHR5cGVvZiB2YWx1ZSA9PT0gXCJvYmplY3RcIiAmJlxuICAgIHZhbHVlICE9PSBudWxsICYmXG4gICAgXCJjcmVkZW50aWFsc1wiIGluIHZhbHVlICYmXG4gICAgdHlwZW9mIHZhbHVlLmNyZWRlbnRpYWxzID09PSBcInN0cmluZ1wiXG4gIClcbn1cblxuZnVuY3Rpb24gaXNTdHJpbmdBcnJheSh2YWx1ZTogdW5rbm93bik6IHZhbHVlIGlzIHN0cmluZ1tdIHtcbiAgaWYgKCFBcnJheS5pc0FycmF5KHZhbHVlKSkge1xuICAgIHJldHVybiBmYWxzZVxuICB9XG5cbiAgZm9yIChjb25zdCBlbGVtZW50IG9mIHZhbHVlKSB7XG4gICAgaWYgKHR5cGVvZiBlbGVtZW50ICE9PSBcInN0cmluZ1wiKSB7XG4gICAgICByZXR1cm4gZmFsc2VcbiAgICB9XG4gIH1cblxuICByZXR1cm4gdHJ1ZVxufVxuXG4vKipcbiAqIFdlIHdhbnQgdG8gcmV0dXJuIHRoZSByZXF1ZXN0aW5nIHVzZXJuYW1lIGFzIGEgY29udGV4dCB2YXJpYWJsZSBpblxuICoge0BsaW5rIEF1dGhvcml6ZXJSZXN1bHQuY29udGV4dH0sIGZvciBBUEkgR2F0ZXdheSBhY2Nlc3MgbG9ncyBhbmQgcGFyYW1ldGVyIG1hcHBpbmcuIFNvIGlmIHRoZVxuICogYmFzaWMgYXV0aCBjcmVkZW50aWFscyBzZWNyZXQgaXMgc3RvcmVkIGFzIHByZS1lbmNvZGVkIGJhc2U2NCBzdHJpbmdzLCB3ZSBuZWVkIHRvIHBhcnNlIHRoZW0gdG9cbiAqIGdldCB0aGUgdXNlcm5hbWUuXG4gKi9cbmZ1bmN0aW9uIHBhcnNlRW5jb2RlZEJhc2ljQXV0aENyZWRlbnRpYWxzKFxuICBlbmNvZGVkQ3JlZGVudGlhbHM6IHN0cmluZyxcbik6IEV4cGVjdGVkQmFzaWNBdXRoQ3JlZGVudGlhbHMge1xuICBsZXQgZGVjb2RlZENyZWRlbnRpYWxzOiBzdHJpbmdcbiAgdHJ5IHtcbiAgICBkZWNvZGVkQ3JlZGVudGlhbHMgPSBCdWZmZXIuZnJvbShlbmNvZGVkQ3JlZGVudGlhbHMsIFwiYmFzZTY0XCIpLnRvU3RyaW5nKClcbiAgfSBjYXRjaCAoZSkge1xuICAgIGNvbnNvbGUuZXJyb3IoXG4gICAgICBcIkJhc2ljIGF1dGggY3JlZGVudGlhbHMgc2VjcmV0IGNvdWxkIG5vdCBiZSBkZWNvZGVkIGFzIGJhc2U2NDpcIixcbiAgICAgIGUsXG4gICAgKVxuICAgIHRocm93IG5ldyBFcnJvcigpXG4gIH1cblxuICBjb25zdCB1c2VybmFtZUFuZFBhc3N3b3JkID0gZGVjb2RlZENyZWRlbnRpYWxzLnNwbGl0KFwiOlwiLCAyKVxuICBpZiAodXNlcm5hbWVBbmRQYXNzd29yZC5sZW5ndGggIT09IDIpIHtcbiAgICBjb25zb2xlLmVycm9yKFxuICAgICAgXCJCYXNpYyBhdXRoIGNyZWRlbnRpYWxzIHNlY3JldCBjb3VsZCBub3QgYmUgZGVjb2RlZCBhcyAndXNlcm5hbWU6cGFzc3dvcmQnXCIsXG4gICAgKVxuICAgIHRocm93IG5ldyBFcnJvcigpXG4gIH1cblxuICByZXR1cm4ge1xuICAgIGJhc2ljQXV0aEhlYWRlcjogYEJhc2ljICR7ZW5jb2RlZENyZWRlbnRpYWxzfWAsXG4gICAgdXNlcm5hbWU6IHVzZXJuYW1lQW5kUGFzc3dvcmRbMF0sXG4gIH1cbn1cblxuZXhwb3J0IGZ1bmN0aW9uIGNsZWFyQ2FjaGUoKSB7XG4gIGNhY2hlZEJhc2ljQXV0aENyZWRlbnRpYWxzID0gdW5kZWZpbmVkXG59XG4iXX0=

package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-authorizer.d.ts CHANGED Viewed

@@ -1,10 +1,10 @@
 /**
- * This lambda verifies bearer token in authorization header using Cognito.
+ * This lambda verifies access token in Bearer authorization header using Cognito.
  *
  * Expects the following environment variables:
  * - USER_POOL_ID
  * - REQUIRED_SCOPE (optional)
- *   - Set this to require that the bearer token payload contains the given scope
+ *   - Set this to require that the access token payload contains the given scope
  * - CREDENTIALS_FOR_INTERNAL_AUTHORIZATION (optional)
  *   - Secret name from which to get basic auth credentials that should be forwarded to backend
  *     integration if authentication succeeds
@@ -17,14 +17,15 @@ type AuthorizerResult = APIGatewaySimpleAuthorizerResult & {
     /**
      * Returning a context object from our authorizer allows our API Gateway to access these variables
      * via `${context.authorizer.<property>}`.
-     * https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging-variables.html
+     * https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html
      */
     context?: {
         /**
          * If the token is verified, we return the auth client ID from the token's claims as a context
-         * variable (named `authorizer.clientId`). You can then use this for parameter mapping on the
-         * API Gateway (see `AlbIntegrationProps.mapParameters` on the `ApiGateway` construct), if for
-         * example you want to forward this to the backend integration.
+         * variable (named `authorizer.clientId`). We use this to include the requesting client in the
+         * API Gateway access logs (see `defaultAccessLogFormat` in our `ApiGateway` construct). You can
+         * also use this when mapping parameters to the backend integration (see
+         * `AlbIntegrationProps.mapParameters` on the `ApiGateway` construct).
          */
         clientId: string;
         /**

package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-authorizer.js CHANGED Viewed

@@ -1,10 +1,10 @@
 /**
- * This lambda verifies bearer token in authorization header using Cognito.
+ * This lambda verifies access token in Bearer authorization header using Cognito.
  *
  * Expects the following environment variables:
  * - USER_POOL_ID
  * - REQUIRED_SCOPE (optional)
- *   - Set this to require that the bearer token payload contains the given scope
+ *   - Set this to require that the access token payload contains the given scope
  * - CREDENTIALS_FOR_INTERNAL_AUTHORIZATION (optional)
  *   - Secret name from which to get basic auth credentials that should be forwarded to backend
  *     integration if authentication succeeds
@@ -130,4 +130,4 @@ export function clearCache() {
     cachedTokenVerifier = undefined;
     cachedInternalAuthorizationHeader = undefined;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0by11c2VyLXBvb2wtYXV0aG9yaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hcGktZ2F0ZXdheS9hdXRob3JpemVyLWxhbWJkYXMvY29nbml0by11c2VyLXBvb2wtYXV0aG9yaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7Ozs7Ozs7R0FXRztBQU1ILE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQTtBQUNoRSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQTtBQTJCbkQsTUFBTSxDQUFDLE1BQU0sT0FBTyxHQUFHLEtBQUssRUFDMUIsS0FBeUMsRUFDZCxFQUFFO0lBQzdCLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxPQUFPLEVBQUUsYUFBYSxDQUFBO0lBQy9DLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDckQsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQTtJQUNoQyxDQUFDO0lBRUQsTUFBTSxNQUFNLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUEsQ0FBQyxrQ0FBa0M7SUFDbEcsUUFBUSxNQUFNLEVBQUUsQ0FBQztRQUNmLEtBQUssU0FBUztZQUNaLE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLENBQUE7UUFDaEMsS0FBSyxTQUFTO1lBQ1osd0ZBQXdGO1lBQ3hGLHFGQUFxRjtZQUNyRix5RkFBeUY7WUFDekYscUVBQXFFO1lBQ3JFLE1BQU0sSUFBSSxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUE7UUFDakMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNSLE9BQU87Z0JBQ0wsWUFBWSxFQUFFLElBQUk7Z0JBQ2xCLE9BQU8sRUFBRTtvQkFDUCxRQUFRLEVBQUUsTUFBTSxDQUFDLFNBQVM7b0JBQzFCLDJCQUEyQixFQUFFLE1BQU0sOEJBQThCLEVBQUU7aUJBQ3BFO2FBQ0YsQ0FBQTtRQUNILENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQyxDQUFBO0FBRUQsNERBQTREO0FBQzVELEtBQUssVUFBVSxpQkFBaUIsQ0FDOUIsS0FBYTtJQUViLElBQUksQ0FBQztRQUNILE1BQU0sYUFBYSxHQUFHLGdCQUFnQixFQUFFLENBQUE7UUFDeEMsNkZBQTZGO1FBQzdGLGdCQUFnQjtRQUNoQixPQUFPLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUMxQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLDREQUE0RDtRQUM1RCwwR0FBMEc7UUFDMUcsOEZBQThGO1FBQzlGLGNBQWM7UUFDZCxJQUFJLENBQUMsWUFBWSxLQUFLLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsZUFBZSxDQUFDLEVBQUUsQ0FBQztZQUMvRCxPQUFPLFNBQVMsQ0FBQTtRQUNsQixDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQztBQU1EOzs7R0FHRztBQUNILElBQUksbUJBQW1CLEdBQThCLFNBQVMsQ0FBQTtBQUU5RCxTQUFTLGdCQUFnQjtJQUN2QixJQUFJLG1CQUFtQixLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3RDLG1CQUFtQixHQUFHLFlBQVksQ0FBQyxtQkFBbUIsRUFBRSxDQUFBO0lBQzFELENBQUM7SUFDRCxPQUFPLG1CQUFtQixDQUFBO0FBQzVCLENBQUM7QUFFRCxtREFBbUQ7QUFDbkQsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHO0lBQzFCLG1CQUFtQixFQUFFLEdBQWtCLEVBQUU7UUFDdkMsTUFBTSxVQUFVLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQTtRQUM5QyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsT0FBTyxDQUFDLEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxDQUFBO1lBQ3pELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtRQUNuQixDQUFDO1FBRUQsT0FBTyxrQkFBa0IsQ0FBQyxNQUFNLENBQUM7WUFDL0IsVUFBVTtZQUNWLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLFFBQVEsRUFBRSxJQUFJO1lBQ2QsS0FBSyxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxJQUFJLFNBQVMsRUFBRSx5Q0FBeUM7U0FDMUYsQ0FBQyxDQUFBO0lBQ0osQ0FBQztJQUNELG9CQUFvQixFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksY0FBYyxFQUFFO0NBQ2pELENBQUE7QUFFRCxxRkFBcUY7QUFDckYsSUFBSSxpQ0FBaUMsR0FBdUIsU0FBUyxDQUFBO0FBRXJFLEtBQUssVUFBVSw4QkFBOEI7SUFDM0MsSUFBSSxpQ0FBaUMsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUNwRCxNQUFNLFVBQVUsR0FDZCxPQUFPLENBQUMsR0FBRyxDQUFDLHdDQUF3QyxDQUFDLENBQUE7UUFDdkQsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7UUFFRCxpQ0FBaUM7WUFDL0IsTUFBTSwwQkFBMEIsQ0FBQyxVQUFVLENBQUMsQ0FBQTtJQUNoRCxDQUFDO0lBRUQsT0FBTyxpQ0FBaUMsQ0FBQTtBQUMxQyxDQUFDO0FBRUQsS0FBSyxVQUFVLDBCQUEwQixDQUFDLFVBQWtCO0lBQzFELE1BQU0sV0FBVyxHQUFHLE1BQU0sY0FBYyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBQ3BELElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQzFDLE9BQU8sQ0FBQyxLQUFLLENBQ1gsK0VBQStFLFVBQVUsSUFBSSxDQUM5RixDQUFBO1FBQ0QsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO0lBQ25CLENBQUM7SUFFRCxPQUFPLENBQ0wsUUFBUTtRQUNSLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxXQUFXLENBQUMsUUFBUSxJQUFJLFdBQVcsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FDckUsUUFBUSxDQUNULENBQ0YsQ0FBQTtBQUNILENBQUM7QUFFRCxLQUFLLFVBQVUsY0FBYyxDQUFDLFVBQWtCO0lBQzlDLE1BQU0sTUFBTSxHQUFHLFlBQVksQ0FBQyxvQkFBb0IsRUFBRSxDQUFBO0lBQ2xELE1BQU0sTUFBTSxHQUFHLE1BQU0sTUFBTSxDQUFDLGNBQWMsQ0FBQyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFBO0lBRXBFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDekIsT0FBTyxDQUFDLEtBQUssQ0FBQywrQkFBK0IsVUFBVSxHQUFHLENBQUMsQ0FBQTtRQUMzRCxNQUFNLElBQUksS0FBSyxFQUFFLENBQUE7SUFDbkIsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUE7QUFDeEMsQ0FBQztBQUVELFNBQVMsdUJBQXVCLENBQzlCLEtBQWM7SUFFZCxPQUFPLENBQ0wsT0FBTyxLQUFLLEtBQUssUUFBUTtRQUN6QixLQUFLLEtBQUssSUFBSTtRQUNkLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRO1FBQ2xDLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRLENBQ25DLENBQUE7QUFDSCxDQUFDO0FBRUQsTUFBTSxVQUFVLFVBQVU7SUFDeEIsbUJBQW1CLEdBQUcsU0FBUyxDQUFBO0lBQy9CLGlDQUFpQyxHQUFHLFNBQVMsQ0FBQTtBQUMvQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBUaGlzIGxhbWJkYSB2ZXJpZmllcyBiZWFyZXIgdG9rZW4gaW4gYXV0aG9yaXphdGlvbiBoZWFkZXIgdXNpbmcgQ29nbml0by5cbiAqXG4gKiBFeHBlY3RzIHRoZSBmb2xsb3dpbmcgZW52aXJvbm1lbnQgdmFyaWFibGVzOlxuICogLSBVU0VSX1BPT0xfSURcbiAqIC0gUkVRVUlSRURfU0NPUEUgKG9wdGlvbmFsKVxuICogICAtIFNldCB0aGlzIHRvIHJlcXVpcmUgdGhhdCB0aGUgYmVhcmVyIHRva2VuIHBheWxvYWQgY29udGFpbnMgdGhlIGdpdmVuIHNjb3BlXG4gKiAtIENSRURFTlRJQUxTX0ZPUl9JTlRFUk5BTF9BVVRIT1JJWkFUSU9OIChvcHRpb25hbClcbiAqICAgLSBTZWNyZXQgbmFtZSBmcm9tIHdoaWNoIHRvIGdldCBiYXNpYyBhdXRoIGNyZWRlbnRpYWxzIHRoYXQgc2hvdWxkIGJlIGZvcndhcmRlZCB0byBiYWNrZW5kXG4gKiAgICAgaW50ZWdyYXRpb24gaWYgYXV0aGVudGljYXRpb24gc3VjY2VlZHNcbiAqICAgLSBTZWNyZXQgdmFsdWUgc2hvdWxkIGZvbGxvdyB0aGlzIGZvcm1hdDogYHtcInVzZXJuYW1lXCI6XCI8dXNlcm5hbWU+XCIsXCJwYXNzd29yZFwiOlwiPHBhc3N3b3JkPlwifWBcbiAqL1xuXG5pbXBvcnQgdHlwZSB7XG4gIEFQSUdhdGV3YXlSZXF1ZXN0QXV0aG9yaXplckV2ZW50VjIsXG4gIEFQSUdhdGV3YXlTaW1wbGVBdXRob3JpemVyUmVzdWx0LFxufSBmcm9tIFwiYXdzLWxhbWJkYVwiXG5pbXBvcnQgeyBTZWNyZXRzTWFuYWdlciB9IGZyb20gXCJAYXdzLXNkay9jbGllbnQtc2VjcmV0cy1tYW5hZ2VyXCJcbmltcG9ydCB7IENvZ25pdG9Kd3RWZXJpZmllciB9IGZyb20gXCJhd3Mtand0LXZlcmlmeVwiXG5pbXBvcnQgdHlwZSB7IENvZ25pdG9BY2Nlc3NUb2tlblBheWxvYWQgfSBmcm9tIFwiYXdzLWp3dC12ZXJpZnkvand0LW1vZGVsXCJcblxudHlwZSBBdXRob3JpemVyUmVzdWx0ID0gQVBJR2F0ZXdheVNpbXBsZUF1dGhvcml6ZXJSZXN1bHQgJiB7XG4gIC8qKlxuICAgKiBSZXR1cm5pbmcgYSBjb250ZXh0IG9iamVjdCBmcm9tIG91ciBhdXRob3JpemVyIGFsbG93cyBvdXIgQVBJIEdhdGV3YXkgdG8gYWNjZXNzIHRoZXNlIHZhcmlhYmxlc1xuICAgKiB2aWEgYCR7Y29udGV4dC5hdXRob3JpemVyLjxwcm9wZXJ0eT59YC5cbiAgICogaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL2FwaWdhdGV3YXkvbGF0ZXN0L2RldmVsb3Blcmd1aWRlL2h0dHAtYXBpLWxvZ2dpbmctdmFyaWFibGVzLmh0bWxcbiAgICovXG4gIGNvbnRleHQ/OiB7XG4gICAgLyoqXG4gICAgICogSWYgdGhlIHRva2VuIGlzIHZlcmlmaWVkLCB3ZSByZXR1cm4gdGhlIGF1dGggY2xpZW50IElEIGZyb20gdGhlIHRva2VuJ3MgY2xhaW1zIGFzIGEgY29udGV4dFxuICAgICAqIHZhcmlhYmxlIChuYW1lZCBgYXV0aG9yaXplci5jbGllbnRJZGApLiBZb3UgY2FuIHRoZW4gdXNlIHRoaXMgZm9yIHBhcmFtZXRlciBtYXBwaW5nIG9uIHRoZVxuICAgICAqIEFQSSBHYXRld2F5IChzZWUgYEFsYkludGVncmF0aW9uUHJvcHMubWFwUGFyYW1ldGVyc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QpLCBpZiBmb3JcbiAgICAgKiBleGFtcGxlIHlvdSB3YW50IHRvIGZvcndhcmQgdGhpcyB0byB0aGUgYmFja2VuZCBpbnRlZ3JhdGlvbi5cbiAgICAgKi9cbiAgICBjbGllbnRJZDogc3RyaW5nXG4gICAgLyoqXG4gICAgICogSWYgYENSRURFTlRJQUxTX0ZPUl9JTlRFUk5BTF9BVVRIT1JJWkFUSU9OYCBpcyBwcm92aWRlZCwgd2Ugd2FudCB0byBmb3J3YXJkIGJhc2ljIGF1dGhcbiAgICAgKiBjcmVkZW50aWFscyB0byBvdXIgYmFja2VuZCwgYXMgYW4gYWRkaXRpb25hbCBhdXRoZW50aWNhdGlvbiBsYXllci4gU2VlIHRoZSBkb2NzdHJpbmcgb25cbiAgICAgKiBgQ29nbml0b1VzZXJQb29sQXV0aG9yaXplclByb3BzLmJhc2ljQXV0aEZvckludGVybmFsQXV0aG9yaXphdGlvbmAgaW4gdGhlIGBBcGlHYXRld2F5YFxuICAgICAqIGNvbnN0cnVjdCBmb3IgbW9yZSBvbiB0aGlzLlxuICAgICAqL1xuICAgIGludGVybmFsQXV0aG9yaXphdGlvbkhlYWRlcj86IHN0cmluZ1xuICB9XG59XG5cbmV4cG9ydCBjb25zdCBoYW5kbGVyID0gYXN5bmMgKFxuICBldmVudDogQVBJR2F0ZXdheVJlcXVlc3RBdXRob3JpemVyRXZlbnRWMixcbik6IFByb21pc2U8QXV0aG9yaXplclJlc3VsdD4gPT4ge1xuICBjb25zdCBhdXRoSGVhZGVyID0gZXZlbnQuaGVhZGVycz8uYXV0aG9yaXphdGlvblxuICBpZiAoIWF1dGhIZWFkZXIgfHwgIWF1dGhIZWFkZXIuc3RhcnRzV2l0aChcIkJlYXJlciBcIikpIHtcbiAgICByZXR1cm4geyBpc0F1dGhvcml6ZWQ6IGZhbHNlIH1cbiAgfVxuXG4gIGNvbnN0IHJlc3VsdCA9IGF3YWl0IHZlcmlmeUFjY2Vzc1Rva2VuKGF1dGhIZWFkZXIuc3Vic3RyaW5nKDcpKSAvLyBzdWJzdHJpbmcoNykgPT0gYWZ0ZXIgJ0JlYXJlciAnXG4gIHN3aXRjaCAocmVzdWx0KSB7XG4gICAgY2FzZSBcIklOVkFMSURcIjpcbiAgICAgIHJldHVybiB7IGlzQXV0aG9yaXplZDogZmFsc2UgfVxuICAgIGNhc2UgXCJFWFBJUkVEXCI6XG4gICAgICAvLyBXZSB3YW50IHRvIHJldHVybiA0MDEgVW5hdXRob3JpemVkIGZvciBleHBpcmVkIHRva2Vucywgc28gdGhlIGNsaWVudCBrbm93cyB0byByZWZyZXNoXG4gICAgICAvLyB0aGVpciB0b2tlbiB3aGVuIHJlY2VpdmluZyB0aGlzIHN0YXR1cyBjb2RlLiBBUEkgR2F0ZXdheSBhdXRob3JpemVyIGxhbWJkYXMgcmV0dXJuXG4gICAgICAvLyA0MDMgRm9yYmlkZGVuIGZvciB7aXNBdXRob3JpemVkOiBmYWxzZX0sIGJ1dCB0aGVyZSBpcyBhIHdheSB0byByZXR1cm4gNDAxOiB0aHJvd2luZyBhblxuICAgICAgLy8gZXJyb3Igd2l0aCB0aGlzIGV4YWN0IHN0cmluZy4gaHR0cHM6Ly9zdGFja292ZXJmbG93LmNvbS9hLzcxOTY1ODkwXG4gICAgICB0aHJvdyBuZXcgRXJyb3IoXCJVbmF1dGhvcml6ZWRcIilcbiAgICBkZWZhdWx0OiB7XG4gICAgICByZXR1cm4ge1xuICAgICAgICBpc0F1dGhvcml6ZWQ6IHRydWUsXG4gICAgICAgIGNvbnRleHQ6IHtcbiAgICAgICAgICBjbGllbnRJZDogcmVzdWx0LmNsaWVudF9pZCxcbiAgICAgICAgICBpbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXI6IGF3YWl0IGdldEludGVybmFsQXV0aG9yaXphdGlvbkhlYWRlcigpLFxuICAgICAgICB9LFxuICAgICAgfVxuICAgIH1cbiAgfVxufVxuXG4vKiogRGVjb2RlcyBhbmQgdmVyaWZpZXMgdGhlIGdpdmVuIHRva2VuIGFnYWluc3QgQ29nbml0by4gKi9cbmFzeW5jIGZ1bmN0aW9uIHZlcmlmeUFjY2Vzc1Rva2VuKFxuICB0b2tlbjogc3RyaW5nLFxuKTogUHJvbWlzZTxDb2duaXRvQWNjZXNzVG9rZW5QYXlsb2FkIHwgXCJFWFBJUkVEXCIgfCBcIklOVkFMSURcIj4ge1xuICB0cnkge1xuICAgIGNvbnN0IHRva2VuVmVyaWZpZXIgPSBnZXRUb2tlblZlcmlmaWVyKClcbiAgICAvLyBNdXN0IGF3YWl0IGhlcmUgaW5zdGVhZCBvZiByZXR1cm5pbmcgdGhlIHByb21pc2UgZGlyZWN0bHksIHNvIHRoYXQgZXJyb3JzIGNhbiBiZSBjYXVnaHQgaW5cbiAgICAvLyB0aGlzIGZ1bmN0aW9uXG4gICAgcmV0dXJuIGF3YWl0IHRva2VuVmVyaWZpZXIudmVyaWZ5KHRva2VuKVxuICB9IGNhdGNoIChlKSB7XG4gICAgLy8gSWYgdGhlIEpXVCBoYXMgZXhwaXJlZCwgYXdzLWp3dC12ZXJpZnkgdGhyb3dzIHRoaXMgZXJyb3I6XG4gICAgLy8gaHR0cHM6Ly9naXRodWIuY29tL2F3c2xhYnMvYXdzLWp3dC12ZXJpZnkvYmxvYi84ZDhmNzE0ZDcyODE5MTNlY2Q2NjAxNDdmNWMzMDMxMTQ3OTYwMWMxL3NyYy9qd3QudHMjTDE5N1xuICAgIC8vIFdlIGNhbid0IGNoZWNrIGluc3RhbmNlb2Ygb24gdGhhdCBlcnJvciBjbGFzcywgc2luY2UgaXQncyBub3QgZXhwb3J0ZWQsIHNvIHRoaXMgaXMgdGhlIG5leHRcbiAgICAvLyBiZXN0IHRoaW5nLlxuICAgIGlmIChlIGluc3RhbmNlb2YgRXJyb3IgJiYgZS5tZXNzYWdlPy5pbmNsdWRlcyhcIlRva2VuIGV4cGlyZWRcIikpIHtcbiAgICAgIHJldHVybiBcIkVYUElSRURcIlxuICAgIH0gZWxzZSB7XG4gICAgICByZXR1cm4gXCJJTlZBTElEXCJcbiAgICB9XG4gIH1cbn1cblxuZXhwb3J0IHR5cGUgVG9rZW5WZXJpZmllciA9IHtcbiAgdmVyaWZ5OiAoYWNjZXNzVG9rZW46IHN0cmluZykgPT4gUHJvbWlzZTxDb2duaXRvQWNjZXNzVG9rZW5QYXlsb2FkPlxufVxuXG4vKipcbiAqIFdlIGNhY2hlIHRoZSB2ZXJpZmllciBpbiB0aGlzIGdsb2JhbCB2YXJpYWJsZSwgc28gdGhhdCBzdWJzZXF1ZW50IGludm9jYXRpb25zIG9mIGEgaG90IGxhbWJkYVxuICogd2lsbCByZS11c2UgdGhpcy5cbiAqL1xubGV0IGNhY2hlZFRva2VuVmVyaWZpZXI6IFRva2VuVmVyaWZpZXIgfCB1bmRlZmluZWQgPSB1bmRlZmluZWRcblxuZnVuY3Rpb24gZ2V0VG9rZW5WZXJpZmllcigpOiBUb2tlblZlcmlmaWVyIHtcbiAgaWYgKGNhY2hlZFRva2VuVmVyaWZpZXIgPT09IHVuZGVmaW5lZCkge1xuICAgIGNhY2hlZFRva2VuVmVyaWZpZXIgPSBkZXBlbmRlbmNpZXMuY3JlYXRlVG9rZW5WZXJpZmllcigpXG4gIH1cbiAgcmV0dXJuIGNhY2hlZFRva2VuVmVyaWZpZXJcbn1cblxuLyoqIEZvciBvdmVycmlkaW5nIGRlcGVuZGVuY3kgY3JlYXRpb24gaW4gdGVzdHMuICovXG5leHBvcnQgY29uc3QgZGVwZW5kZW5jaWVzID0ge1xuICBjcmVhdGVUb2tlblZlcmlmaWVyOiAoKTogVG9rZW5WZXJpZmllciA9PiB7XG4gICAgY29uc3QgdXNlclBvb2xJZCA9IHByb2Nlc3MuZW52W1wiVVNFUl9QT09MX0lEXCJdXG4gICAgaWYgKCF1c2VyUG9vbElkKSB7XG4gICAgICBjb25zb2xlLmVycm9yKFwiVVNFUl9QT09MX0lEIGVudiB2YXJpYWJsZSBpcyBub3QgZGVmaW5lZFwiKVxuICAgICAgdGhyb3cgbmV3IEVycm9yKClcbiAgICB9XG5cbiAgICByZXR1cm4gQ29nbml0b0p3dFZlcmlmaWVyLmNyZWF0ZSh7XG4gICAgICB1c2VyUG9vbElkLFxuICAgICAgdG9rZW5Vc2U6IFwiYWNjZXNzXCIsXG4gICAgICBjbGllbnRJZDogbnVsbCxcbiAgICAgIHNjb3BlOiBwcm9jZXNzLmVudi5SRVFVSVJFRF9TQ09QRSB8fCB1bmRlZmluZWQsIC8vIGB8fCB1bmRlZmluZWRgIHRvIGRpc2NhcmQgZW1wdHkgc3RyaW5nXG4gICAgfSlcbiAgfSxcbiAgY3JlYXRlU2VjcmV0c01hbmFnZXI6ICgpID0+IG5ldyBTZWNyZXRzTWFuYWdlcigpLFxufVxuXG4vKiogQ2FjaGUgdGhpcyB2YWx1ZSwgc28gdGhhdCBzdWJzZXF1ZW50IGxhbWJkYSBpbnZvY2F0aW9ucyBkb24ndCBoYXZlIHRvIHJlZmV0Y2guICovXG5sZXQgY2FjaGVkSW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyOiBzdHJpbmcgfCB1bmRlZmluZWQgPSB1bmRlZmluZWRcblxuYXN5bmMgZnVuY3Rpb24gZ2V0SW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyKCk6IFByb21pc2U8c3RyaW5nIHwgdW5kZWZpbmVkPiB7XG4gIGlmIChjYWNoZWRJbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXIgPT09IHVuZGVmaW5lZCkge1xuICAgIGNvbnN0IHNlY3JldE5hbWU6IHN0cmluZyB8IHVuZGVmaW5lZCA9XG4gICAgICBwcm9jZXNzLmVudltcIkNSRURFTlRJQUxTX0ZPUl9JTlRFUk5BTF9BVVRIT1JJWkFUSU9OXCJdXG4gICAgaWYgKCFzZWNyZXROYW1lKSB7XG4gICAgICByZXR1cm4gdW5kZWZpbmVkXG4gICAgfVxuXG4gICAgY2FjaGVkSW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyID1cbiAgICAgIGF3YWl0IGdldFNlY3JldEFzQmFzaWNBdXRoSGVhZGVyKHNlY3JldE5hbWUpXG4gIH1cblxuICByZXR1cm4gY2FjaGVkSW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyXG59XG5cbmFzeW5jIGZ1bmN0aW9uIGdldFNlY3JldEFzQmFzaWNBdXRoSGVhZGVyKHNlY3JldE5hbWU6IHN0cmluZyk6IFByb21pc2U8c3RyaW5nPiB7XG4gIGNvbnN0IGNyZWRlbnRpYWxzID0gYXdhaXQgZ2V0U2VjcmV0VmFsdWUoc2VjcmV0TmFtZSlcbiAgaWYgKCFzZWNyZXRIYXNFeHBlY3RlZEZvcm1hdChjcmVkZW50aWFscykpIHtcbiAgICBjb25zb2xlLmVycm9yKFxuICAgICAgYEJhc2ljIGF1dGggY3JlZGVudGlhbHMgc2VjcmV0IGRpZCBub3QgZm9sbG93IGV4cGVjdGVkIGZvcm1hdCAoc2VjcmV0IG5hbWU6ICcke3NlY3JldE5hbWV9JylgLFxuICAgIClcbiAgICB0aHJvdyBuZXcgRXJyb3IoKVxuICB9XG5cbiAgcmV0dXJuIChcbiAgICBcIkJhc2ljIFwiICtcbiAgICBCdWZmZXIuZnJvbShgJHtjcmVkZW50aWFscy51c2VybmFtZX06JHtjcmVkZW50aWFscy5wYXNzd29yZH1gKS50b1N0cmluZyhcbiAgICAgIFwiYmFzZTY0XCIsXG4gICAgKVxuICApXG59XG5cbmFzeW5jIGZ1bmN0aW9uIGdldFNlY3JldFZhbHVlKHNlY3JldE5hbWU6IHN0cmluZyk6IFByb21pc2U8dW5rbm93bj4ge1xuICBjb25zdCBjbGllbnQgPSBkZXBlbmRlbmNpZXMuY3JlYXRlU2VjcmV0c01hbmFnZXIoKVxuICBjb25zdCBzZWNyZXQgPSBhd2FpdCBjbGllbnQuZ2V0U2VjcmV0VmFsdWUoeyBTZWNyZXRJZDogc2VjcmV0TmFtZSB9KVxuXG4gIGlmICghc2VjcmV0LlNlY3JldFN0cmluZykge1xuICAgIGNvbnNvbGUuZXJyb3IoYFNlY3JldCB2YWx1ZSBub3QgZm91bmQgZm9yICcke3NlY3JldE5hbWV9J2ApXG4gICAgdGhyb3cgbmV3IEVycm9yKClcbiAgfVxuXG4gIHJldHVybiBKU09OLnBhcnNlKHNlY3JldC5TZWNyZXRTdHJpbmcpXG59XG5cbmZ1bmN0aW9uIHNlY3JldEhhc0V4cGVjdGVkRm9ybWF0KFxuICB2YWx1ZTogdW5rbm93bixcbik6IHZhbHVlIGlzIHsgdXNlcm5hbWU6IHN0cmluZzsgcGFzc3dvcmQ6IHN0cmluZyB9IHtcbiAgcmV0dXJuIChcbiAgICB0eXBlb2YgdmFsdWUgPT09IFwib2JqZWN0XCIgJiZcbiAgICB2YWx1ZSAhPT0gbnVsbCAmJlxuICAgIFwidXNlcm5hbWVcIiBpbiB2YWx1ZSAmJlxuICAgIHR5cGVvZiB2YWx1ZS51c2VybmFtZSA9PT0gXCJzdHJpbmdcIiAmJlxuICAgIFwicGFzc3dvcmRcIiBpbiB2YWx1ZSAmJlxuICAgIHR5cGVvZiB2YWx1ZS5wYXNzd29yZCA9PT0gXCJzdHJpbmdcIlxuICApXG59XG5cbmV4cG9ydCBmdW5jdGlvbiBjbGVhckNhY2hlKCkge1xuICBjYWNoZWRUb2tlblZlcmlmaWVyID0gdW5kZWZpbmVkXG4gIGNhY2hlZEludGVybmFsQXV0aG9yaXphdGlvbkhlYWRlciA9IHVuZGVmaW5lZFxufVxuIl19
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0by11c2VyLXBvb2wtYXV0aG9yaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hcGktZ2F0ZXdheS9hdXRob3JpemVyLWxhbWJkYXMvY29nbml0by11c2VyLXBvb2wtYXV0aG9yaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7Ozs7Ozs7Ozs7R0FXRztBQU1ILE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQTtBQUNoRSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQTtBQTRCbkQsTUFBTSxDQUFDLE1BQU0sT0FBTyxHQUFHLEtBQUssRUFDMUIsS0FBeUMsRUFDZCxFQUFFO0lBQzdCLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxPQUFPLEVBQUUsYUFBYSxDQUFBO0lBQy9DLElBQUksQ0FBQyxVQUFVLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7UUFDckQsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsQ0FBQTtJQUNoQyxDQUFDO0lBRUQsTUFBTSxNQUFNLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUEsQ0FBQyxrQ0FBa0M7SUFDbEcsUUFBUSxNQUFNLEVBQUUsQ0FBQztRQUNmLEtBQUssU0FBUztZQUNaLE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLENBQUE7UUFDaEMsS0FBSyxTQUFTO1lBQ1osd0ZBQXdGO1lBQ3hGLHFGQUFxRjtZQUNyRix5RkFBeUY7WUFDekYscUVBQXFFO1lBQ3JFLE1BQU0sSUFBSSxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUE7UUFDakMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNSLE9BQU87Z0JBQ0wsWUFBWSxFQUFFLElBQUk7Z0JBQ2xCLE9BQU8sRUFBRTtvQkFDUCxRQUFRLEVBQUUsTUFBTSxDQUFDLFNBQVM7b0JBQzFCLDJCQUEyQixFQUFFLE1BQU0sOEJBQThCLEVBQUU7aUJBQ3BFO2FBQ0YsQ0FBQTtRQUNILENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQyxDQUFBO0FBRUQsNERBQTREO0FBQzVELEtBQUssVUFBVSxpQkFBaUIsQ0FDOUIsS0FBYTtJQUViLElBQUksQ0FBQztRQUNILE1BQU0sYUFBYSxHQUFHLGdCQUFnQixFQUFFLENBQUE7UUFDeEMsNkZBQTZGO1FBQzdGLGdCQUFnQjtRQUNoQixPQUFPLE1BQU0sYUFBYSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUMxQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLDREQUE0RDtRQUM1RCwwR0FBMEc7UUFDMUcsOEZBQThGO1FBQzlGLGNBQWM7UUFDZCxJQUFJLENBQUMsWUFBWSxLQUFLLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsZUFBZSxDQUFDLEVBQUUsQ0FBQztZQUMvRCxPQUFPLFNBQVMsQ0FBQTtRQUNsQixDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7SUFDSCxDQUFDO0FBQ0gsQ0FBQztBQU1EOzs7R0FHRztBQUNILElBQUksbUJBQW1CLEdBQThCLFNBQVMsQ0FBQTtBQUU5RCxTQUFTLGdCQUFnQjtJQUN2QixJQUFJLG1CQUFtQixLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3RDLG1CQUFtQixHQUFHLFlBQVksQ0FBQyxtQkFBbUIsRUFBRSxDQUFBO0lBQzFELENBQUM7SUFDRCxPQUFPLG1CQUFtQixDQUFBO0FBQzVCLENBQUM7QUFFRCxtREFBbUQ7QUFDbkQsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHO0lBQzFCLG1CQUFtQixFQUFFLEdBQWtCLEVBQUU7UUFDdkMsTUFBTSxVQUFVLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQTtRQUM5QyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsT0FBTyxDQUFDLEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxDQUFBO1lBQ3pELE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtRQUNuQixDQUFDO1FBRUQsT0FBTyxrQkFBa0IsQ0FBQyxNQUFNLENBQUM7WUFDL0IsVUFBVTtZQUNWLFFBQVEsRUFBRSxRQUFRO1lBQ2xCLFFBQVEsRUFBRSxJQUFJO1lBQ2QsS0FBSyxFQUFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsY0FBYyxJQUFJLFNBQVMsRUFBRSx5Q0FBeUM7U0FDMUYsQ0FBQyxDQUFBO0lBQ0osQ0FBQztJQUNELG9CQUFvQixFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksY0FBYyxFQUFFO0NBQ2pELENBQUE7QUFFRCxxRkFBcUY7QUFDckYsSUFBSSxpQ0FBaUMsR0FBdUIsU0FBUyxDQUFBO0FBRXJFLEtBQUssVUFBVSw4QkFBOEI7SUFDM0MsSUFBSSxpQ0FBaUMsS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUNwRCxNQUFNLFVBQVUsR0FDZCxPQUFPLENBQUMsR0FBRyxDQUFDLHdDQUF3QyxDQUFDLENBQUE7UUFDdkQsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ2hCLE9BQU8sU0FBUyxDQUFBO1FBQ2xCLENBQUM7UUFFRCxpQ0FBaUM7WUFDL0IsTUFBTSwwQkFBMEIsQ0FBQyxVQUFVLENBQUMsQ0FBQTtJQUNoRCxDQUFDO0lBRUQsT0FBTyxpQ0FBaUMsQ0FBQTtBQUMxQyxDQUFDO0FBRUQsS0FBSyxVQUFVLDBCQUEwQixDQUFDLFVBQWtCO0lBQzFELE1BQU0sV0FBVyxHQUFHLE1BQU0sY0FBYyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBQ3BELElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQzFDLE9BQU8sQ0FBQyxLQUFLLENBQ1gsK0VBQStFLFVBQVUsSUFBSSxDQUM5RixDQUFBO1FBQ0QsTUFBTSxJQUFJLEtBQUssRUFBRSxDQUFBO0lBQ25CLENBQUM7SUFFRCxPQUFPLENBQ0wsUUFBUTtRQUNSLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxXQUFXLENBQUMsUUFBUSxJQUFJLFdBQVcsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FDckUsUUFBUSxDQUNULENBQ0YsQ0FBQTtBQUNILENBQUM7QUFFRCxLQUFLLFVBQVUsY0FBYyxDQUFDLFVBQWtCO0lBQzlDLE1BQU0sTUFBTSxHQUFHLFlBQVksQ0FBQyxvQkFBb0IsRUFBRSxDQUFBO0lBQ2xELE1BQU0sTUFBTSxHQUFHLE1BQU0sTUFBTSxDQUFDLGNBQWMsQ0FBQyxFQUFFLFFBQVEsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFBO0lBRXBFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDekIsT0FBTyxDQUFDLEtBQUssQ0FBQywrQkFBK0IsVUFBVSxHQUFHLENBQUMsQ0FBQTtRQUMzRCxNQUFNLElBQUksS0FBSyxFQUFFLENBQUE7SUFDbkIsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUE7QUFDeEMsQ0FBQztBQUVELFNBQVMsdUJBQXVCLENBQzlCLEtBQWM7SUFFZCxPQUFPLENBQ0wsT0FBTyxLQUFLLEtBQUssUUFBUTtRQUN6QixLQUFLLEtBQUssSUFBSTtRQUNkLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRO1FBQ2xDLFVBQVUsSUFBSSxLQUFLO1FBQ25CLE9BQU8sS0FBSyxDQUFDLFFBQVEsS0FBSyxRQUFRLENBQ25DLENBQUE7QUFDSCxDQUFDO0FBRUQsTUFBTSxVQUFVLFVBQVU7SUFDeEIsbUJBQW1CLEdBQUcsU0FBUyxDQUFBO0lBQy9CLGlDQUFpQyxHQUFHLFNBQVMsQ0FBQTtBQUMvQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBUaGlzIGxhbWJkYSB2ZXJpZmllcyBhY2Nlc3MgdG9rZW4gaW4gQmVhcmVyIGF1dGhvcml6YXRpb24gaGVhZGVyIHVzaW5nIENvZ25pdG8uXG4gKlxuICogRXhwZWN0cyB0aGUgZm9sbG93aW5nIGVudmlyb25tZW50IHZhcmlhYmxlczpcbiAqIC0gVVNFUl9QT09MX0lEXG4gKiAtIFJFUVVJUkVEX1NDT1BFIChvcHRpb25hbClcbiAqICAgLSBTZXQgdGhpcyB0byByZXF1aXJlIHRoYXQgdGhlIGFjY2VzcyB0b2tlbiBwYXlsb2FkIGNvbnRhaW5zIHRoZSBnaXZlbiBzY29wZVxuICogLSBDUkVERU5USUFMU19GT1JfSU5URVJOQUxfQVVUSE9SSVpBVElPTiAob3B0aW9uYWwpXG4gKiAgIC0gU2VjcmV0IG5hbWUgZnJvbSB3aGljaCB0byBnZXQgYmFzaWMgYXV0aCBjcmVkZW50aWFscyB0aGF0IHNob3VsZCBiZSBmb3J3YXJkZWQgdG8gYmFja2VuZFxuICogICAgIGludGVncmF0aW9uIGlmIGF1dGhlbnRpY2F0aW9uIHN1Y2NlZWRzXG4gKiAgIC0gU2VjcmV0IHZhbHVlIHNob3VsZCBmb2xsb3cgdGhpcyBmb3JtYXQ6IGB7XCJ1c2VybmFtZVwiOlwiPHVzZXJuYW1lPlwiLFwicGFzc3dvcmRcIjpcIjxwYXNzd29yZD5cIn1gXG4gKi9cblxuaW1wb3J0IHR5cGUge1xuICBBUElHYXRld2F5UmVxdWVzdEF1dGhvcml6ZXJFdmVudFYyLFxuICBBUElHYXRld2F5U2ltcGxlQXV0aG9yaXplclJlc3VsdCxcbn0gZnJvbSBcImF3cy1sYW1iZGFcIlxuaW1wb3J0IHsgU2VjcmV0c01hbmFnZXIgfSBmcm9tIFwiQGF3cy1zZGsvY2xpZW50LXNlY3JldHMtbWFuYWdlclwiXG5pbXBvcnQgeyBDb2duaXRvSnd0VmVyaWZpZXIgfSBmcm9tIFwiYXdzLWp3dC12ZXJpZnlcIlxuaW1wb3J0IHR5cGUgeyBDb2duaXRvQWNjZXNzVG9rZW5QYXlsb2FkIH0gZnJvbSBcImF3cy1qd3QtdmVyaWZ5L2p3dC1tb2RlbFwiXG5cbnR5cGUgQXV0aG9yaXplclJlc3VsdCA9IEFQSUdhdGV3YXlTaW1wbGVBdXRob3JpemVyUmVzdWx0ICYge1xuICAvKipcbiAgICogUmV0dXJuaW5nIGEgY29udGV4dCBvYmplY3QgZnJvbSBvdXIgYXV0aG9yaXplciBhbGxvd3Mgb3VyIEFQSSBHYXRld2F5IHRvIGFjY2VzcyB0aGVzZSB2YXJpYWJsZXNcbiAgICogdmlhIGAke2NvbnRleHQuYXV0aG9yaXplci48cHJvcGVydHk+fWAuXG4gICAqIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9hcGlnYXRld2F5L2xhdGVzdC9kZXZlbG9wZXJndWlkZS9odHRwLWFwaS1wYXJhbWV0ZXItbWFwcGluZy5odG1sXG4gICAqL1xuICBjb250ZXh0Pzoge1xuICAgIC8qKlxuICAgICAqIElmIHRoZSB0b2tlbiBpcyB2ZXJpZmllZCwgd2UgcmV0dXJuIHRoZSBhdXRoIGNsaWVudCBJRCBmcm9tIHRoZSB0b2tlbidzIGNsYWltcyBhcyBhIGNvbnRleHRcbiAgICAgKiB2YXJpYWJsZSAobmFtZWQgYGF1dGhvcml6ZXIuY2xpZW50SWRgKS4gV2UgdXNlIHRoaXMgdG8gaW5jbHVkZSB0aGUgcmVxdWVzdGluZyBjbGllbnQgaW4gdGhlXG4gICAgICogQVBJIEdhdGV3YXkgYWNjZXNzIGxvZ3MgKHNlZSBgZGVmYXVsdEFjY2Vzc0xvZ0Zvcm1hdGAgaW4gb3VyIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QpLiBZb3UgY2FuXG4gICAgICogYWxzbyB1c2UgdGhpcyB3aGVuIG1hcHBpbmcgcGFyYW1ldGVycyB0byB0aGUgYmFja2VuZCBpbnRlZ3JhdGlvbiAoc2VlXG4gICAgICogYEFsYkludGVncmF0aW9uUHJvcHMubWFwUGFyYW1ldGVyc2Agb24gdGhlIGBBcGlHYXRld2F5YCBjb25zdHJ1Y3QpLlxuICAgICAqL1xuICAgIGNsaWVudElkOiBzdHJpbmdcbiAgICAvKipcbiAgICAgKiBJZiBgQ1JFREVOVElBTFNfRk9SX0lOVEVSTkFMX0FVVEhPUklaQVRJT05gIGlzIHByb3ZpZGVkLCB3ZSB3YW50IHRvIGZvcndhcmQgYmFzaWMgYXV0aFxuICAgICAqIGNyZWRlbnRpYWxzIHRvIG91ciBiYWNrZW5kLCBhcyBhbiBhZGRpdGlvbmFsIGF1dGhlbnRpY2F0aW9uIGxheWVyLiBTZWUgdGhlIGRvY3N0cmluZyBvblxuICAgICAqIGBDb2duaXRvVXNlclBvb2xBdXRob3JpemVyUHJvcHMuYmFzaWNBdXRoRm9ySW50ZXJuYWxBdXRob3JpemF0aW9uYCBpbiB0aGUgYEFwaUdhdGV3YXlgXG4gICAgICogY29uc3RydWN0IGZvciBtb3JlIG9uIHRoaXMuXG4gICAgICovXG4gICAgaW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyPzogc3RyaW5nXG4gIH1cbn1cblxuZXhwb3J0IGNvbnN0IGhhbmRsZXIgPSBhc3luYyAoXG4gIGV2ZW50OiBBUElHYXRld2F5UmVxdWVzdEF1dGhvcml6ZXJFdmVudFYyLFxuKTogUHJvbWlzZTxBdXRob3JpemVyUmVzdWx0PiA9PiB7XG4gIGNvbnN0IGF1dGhIZWFkZXIgPSBldmVudC5oZWFkZXJzPy5hdXRob3JpemF0aW9uXG4gIGlmICghYXV0aEhlYWRlciB8fCAhYXV0aEhlYWRlci5zdGFydHNXaXRoKFwiQmVhcmVyIFwiKSkge1xuICAgIHJldHVybiB7IGlzQXV0aG9yaXplZDogZmFsc2UgfVxuICB9XG5cbiAgY29uc3QgcmVzdWx0ID0gYXdhaXQgdmVyaWZ5QWNjZXNzVG9rZW4oYXV0aEhlYWRlci5zdWJzdHJpbmcoNykpIC8vIHN1YnN0cmluZyg3KSA9PSBhZnRlciAnQmVhcmVyICdcbiAgc3dpdGNoIChyZXN1bHQpIHtcbiAgICBjYXNlIFwiSU5WQUxJRFwiOlxuICAgICAgcmV0dXJuIHsgaXNBdXRob3JpemVkOiBmYWxzZSB9XG4gICAgY2FzZSBcIkVYUElSRURcIjpcbiAgICAgIC8vIFdlIHdhbnQgdG8gcmV0dXJuIDQwMSBVbmF1dGhvcml6ZWQgZm9yIGV4cGlyZWQgdG9rZW5zLCBzbyB0aGUgY2xpZW50IGtub3dzIHRvIHJlZnJlc2hcbiAgICAgIC8vIHRoZWlyIHRva2VuIHdoZW4gcmVjZWl2aW5nIHRoaXMgc3RhdHVzIGNvZGUuIEFQSSBHYXRld2F5IGF1dGhvcml6ZXIgbGFtYmRhcyByZXR1cm5cbiAgICAgIC8vIDQwMyBGb3JiaWRkZW4gZm9yIHtpc0F1dGhvcml6ZWQ6IGZhbHNlfSwgYnV0IHRoZXJlIGlzIGEgd2F5IHRvIHJldHVybiA0MDE6IHRocm93aW5nIGFuXG4gICAgICAvLyBlcnJvciB3aXRoIHRoaXMgZXhhY3Qgc3RyaW5nLiBodHRwczovL3N0YWNrb3ZlcmZsb3cuY29tL2EvNzE5NjU4OTBcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIlVuYXV0aG9yaXplZFwiKVxuICAgIGRlZmF1bHQ6IHtcbiAgICAgIHJldHVybiB7XG4gICAgICAgIGlzQXV0aG9yaXplZDogdHJ1ZSxcbiAgICAgICAgY29udGV4dDoge1xuICAgICAgICAgIGNsaWVudElkOiByZXN1bHQuY2xpZW50X2lkLFxuICAgICAgICAgIGludGVybmFsQXV0aG9yaXphdGlvbkhlYWRlcjogYXdhaXQgZ2V0SW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyKCksXG4gICAgICAgIH0sXG4gICAgICB9XG4gICAgfVxuICB9XG59XG5cbi8qKiBEZWNvZGVzIGFuZCB2ZXJpZmllcyB0aGUgZ2l2ZW4gdG9rZW4gYWdhaW5zdCBDb2duaXRvLiAqL1xuYXN5bmMgZnVuY3Rpb24gdmVyaWZ5QWNjZXNzVG9rZW4oXG4gIHRva2VuOiBzdHJpbmcsXG4pOiBQcm9taXNlPENvZ25pdG9BY2Nlc3NUb2tlblBheWxvYWQgfCBcIkVYUElSRURcIiB8IFwiSU5WQUxJRFwiPiB7XG4gIHRyeSB7XG4gICAgY29uc3QgdG9rZW5WZXJpZmllciA9IGdldFRva2VuVmVyaWZpZXIoKVxuICAgIC8vIE11c3QgYXdhaXQgaGVyZSBpbnN0ZWFkIG9mIHJldHVybmluZyB0aGUgcHJvbWlzZSBkaXJlY3RseSwgc28gdGhhdCBlcnJvcnMgY2FuIGJlIGNhdWdodCBpblxuICAgIC8vIHRoaXMgZnVuY3Rpb25cbiAgICByZXR1cm4gYXdhaXQgdG9rZW5WZXJpZmllci52ZXJpZnkodG9rZW4pXG4gIH0gY2F0Y2ggKGUpIHtcbiAgICAvLyBJZiB0aGUgSldUIGhhcyBleHBpcmVkLCBhd3Mtand0LXZlcmlmeSB0aHJvd3MgdGhpcyBlcnJvcjpcbiAgICAvLyBodHRwczovL2dpdGh1Yi5jb20vYXdzbGFicy9hd3Mtand0LXZlcmlmeS9ibG9iLzhkOGY3MTRkNzI4MTkxM2VjZDY2MDE0N2Y1YzMwMzExNDc5NjAxYzEvc3JjL2p3dC50cyNMMTk3XG4gICAgLy8gV2UgY2FuJ3QgY2hlY2sgaW5zdGFuY2VvZiBvbiB0aGF0IGVycm9yIGNsYXNzLCBzaW5jZSBpdCdzIG5vdCBleHBvcnRlZCwgc28gdGhpcyBpcyB0aGUgbmV4dFxuICAgIC8vIGJlc3QgdGhpbmcuXG4gICAgaWYgKGUgaW5zdGFuY2VvZiBFcnJvciAmJiBlLm1lc3NhZ2U/LmluY2x1ZGVzKFwiVG9rZW4gZXhwaXJlZFwiKSkge1xuICAgICAgcmV0dXJuIFwiRVhQSVJFRFwiXG4gICAgfSBlbHNlIHtcbiAgICAgIHJldHVybiBcIklOVkFMSURcIlxuICAgIH1cbiAgfVxufVxuXG5leHBvcnQgdHlwZSBUb2tlblZlcmlmaWVyID0ge1xuICB2ZXJpZnk6IChhY2Nlc3NUb2tlbjogc3RyaW5nKSA9PiBQcm9taXNlPENvZ25pdG9BY2Nlc3NUb2tlblBheWxvYWQ+XG59XG5cbi8qKlxuICogV2UgY2FjaGUgdGhlIHZlcmlmaWVyIGluIHRoaXMgZ2xvYmFsIHZhcmlhYmxlLCBzbyB0aGF0IHN1YnNlcXVlbnQgaW52b2NhdGlvbnMgb2YgYSBob3QgbGFtYmRhXG4gKiB3aWxsIHJlLXVzZSB0aGlzLlxuICovXG5sZXQgY2FjaGVkVG9rZW5WZXJpZmllcjogVG9rZW5WZXJpZmllciB8IHVuZGVmaW5lZCA9IHVuZGVmaW5lZFxuXG5mdW5jdGlvbiBnZXRUb2tlblZlcmlmaWVyKCk6IFRva2VuVmVyaWZpZXIge1xuICBpZiAoY2FjaGVkVG9rZW5WZXJpZmllciA9PT0gdW5kZWZpbmVkKSB7XG4gICAgY2FjaGVkVG9rZW5WZXJpZmllciA9IGRlcGVuZGVuY2llcy5jcmVhdGVUb2tlblZlcmlmaWVyKClcbiAgfVxuICByZXR1cm4gY2FjaGVkVG9rZW5WZXJpZmllclxufVxuXG4vKiogRm9yIG92ZXJyaWRpbmcgZGVwZW5kZW5jeSBjcmVhdGlvbiBpbiB0ZXN0cy4gKi9cbmV4cG9ydCBjb25zdCBkZXBlbmRlbmNpZXMgPSB7XG4gIGNyZWF0ZVRva2VuVmVyaWZpZXI6ICgpOiBUb2tlblZlcmlmaWVyID0+IHtcbiAgICBjb25zdCB1c2VyUG9vbElkID0gcHJvY2Vzcy5lbnZbXCJVU0VSX1BPT0xfSURcIl1cbiAgICBpZiAoIXVzZXJQb29sSWQpIHtcbiAgICAgIGNvbnNvbGUuZXJyb3IoXCJVU0VSX1BPT0xfSUQgZW52IHZhcmlhYmxlIGlzIG5vdCBkZWZpbmVkXCIpXG4gICAgICB0aHJvdyBuZXcgRXJyb3IoKVxuICAgIH1cblxuICAgIHJldHVybiBDb2duaXRvSnd0VmVyaWZpZXIuY3JlYXRlKHtcbiAgICAgIHVzZXJQb29sSWQsXG4gICAgICB0b2tlblVzZTogXCJhY2Nlc3NcIixcbiAgICAgIGNsaWVudElkOiBudWxsLFxuICAgICAgc2NvcGU6IHByb2Nlc3MuZW52LlJFUVVJUkVEX1NDT1BFIHx8IHVuZGVmaW5lZCwgLy8gYHx8IHVuZGVmaW5lZGAgdG8gZGlzY2FyZCBlbXB0eSBzdHJpbmdcbiAgICB9KVxuICB9LFxuICBjcmVhdGVTZWNyZXRzTWFuYWdlcjogKCkgPT4gbmV3IFNlY3JldHNNYW5hZ2VyKCksXG59XG5cbi8qKiBDYWNoZSB0aGlzIHZhbHVlLCBzbyB0aGF0IHN1YnNlcXVlbnQgbGFtYmRhIGludm9jYXRpb25zIGRvbid0IGhhdmUgdG8gcmVmZXRjaC4gKi9cbmxldCBjYWNoZWRJbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXI6IHN0cmluZyB8IHVuZGVmaW5lZCA9IHVuZGVmaW5lZFxuXG5hc3luYyBmdW5jdGlvbiBnZXRJbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXIoKTogUHJvbWlzZTxzdHJpbmcgfCB1bmRlZmluZWQ+IHtcbiAgaWYgKGNhY2hlZEludGVybmFsQXV0aG9yaXphdGlvbkhlYWRlciA9PT0gdW5kZWZpbmVkKSB7XG4gICAgY29uc3Qgc2VjcmV0TmFtZTogc3RyaW5nIHwgdW5kZWZpbmVkID1cbiAgICAgIHByb2Nlc3MuZW52W1wiQ1JFREVOVElBTFNfRk9SX0lOVEVSTkFMX0FVVEhPUklaQVRJT05cIl1cbiAgICBpZiAoIXNlY3JldE5hbWUpIHtcbiAgICAgIHJldHVybiB1bmRlZmluZWRcbiAgICB9XG5cbiAgICBjYWNoZWRJbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXIgPVxuICAgICAgYXdhaXQgZ2V0U2VjcmV0QXNCYXNpY0F1dGhIZWFkZXIoc2VjcmV0TmFtZSlcbiAgfVxuXG4gIHJldHVybiBjYWNoZWRJbnRlcm5hbEF1dGhvcml6YXRpb25IZWFkZXJcbn1cblxuYXN5bmMgZnVuY3Rpb24gZ2V0U2VjcmV0QXNCYXNpY0F1dGhIZWFkZXIoc2VjcmV0TmFtZTogc3RyaW5nKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgY29uc3QgY3JlZGVudGlhbHMgPSBhd2FpdCBnZXRTZWNyZXRWYWx1ZShzZWNyZXROYW1lKVxuICBpZiAoIXNlY3JldEhhc0V4cGVjdGVkRm9ybWF0KGNyZWRlbnRpYWxzKSkge1xuICAgIGNvbnNvbGUuZXJyb3IoXG4gICAgICBgQmFzaWMgYXV0aCBjcmVkZW50aWFscyBzZWNyZXQgZGlkIG5vdCBmb2xsb3cgZXhwZWN0ZWQgZm9ybWF0IChzZWNyZXQgbmFtZTogJyR7c2VjcmV0TmFtZX0nKWAsXG4gICAgKVxuICAgIHRocm93IG5ldyBFcnJvcigpXG4gIH1cblxuICByZXR1cm4gKFxuICAgIFwiQmFzaWMgXCIgK1xuICAgIEJ1ZmZlci5mcm9tKGAke2NyZWRlbnRpYWxzLnVzZXJuYW1lfToke2NyZWRlbnRpYWxzLnBhc3N3b3JkfWApLnRvU3RyaW5nKFxuICAgICAgXCJiYXNlNjRcIixcbiAgICApXG4gIClcbn1cblxuYXN5bmMgZnVuY3Rpb24gZ2V0U2VjcmV0VmFsdWUoc2VjcmV0TmFtZTogc3RyaW5nKTogUHJvbWlzZTx1bmtub3duPiB7XG4gIGNvbnN0IGNsaWVudCA9IGRlcGVuZGVuY2llcy5jcmVhdGVTZWNyZXRzTWFuYWdlcigpXG4gIGNvbnN0IHNlY3JldCA9IGF3YWl0IGNsaWVudC5nZXRTZWNyZXRWYWx1ZSh7IFNlY3JldElkOiBzZWNyZXROYW1lIH0pXG5cbiAgaWYgKCFzZWNyZXQuU2VjcmV0U3RyaW5nKSB7XG4gICAgY29uc29sZS5lcnJvcihgU2VjcmV0IHZhbHVlIG5vdCBmb3VuZCBmb3IgJyR7c2VjcmV0TmFtZX0nYClcbiAgICB0aHJvdyBuZXcgRXJyb3IoKVxuICB9XG5cbiAgcmV0dXJuIEpTT04ucGFyc2Uoc2VjcmV0LlNlY3JldFN0cmluZylcbn1cblxuZnVuY3Rpb24gc2VjcmV0SGFzRXhwZWN0ZWRGb3JtYXQoXG4gIHZhbHVlOiB1bmtub3duLFxuKTogdmFsdWUgaXMgeyB1c2VybmFtZTogc3RyaW5nOyBwYXNzd29yZDogc3RyaW5nIH0ge1xuICByZXR1cm4gKFxuICAgIHR5cGVvZiB2YWx1ZSA9PT0gXCJvYmplY3RcIiAmJlxuICAgIHZhbHVlICE9PSBudWxsICYmXG4gICAgXCJ1c2VybmFtZVwiIGluIHZhbHVlICYmXG4gICAgdHlwZW9mIHZhbHVlLnVzZXJuYW1lID09PSBcInN0cmluZ1wiICYmXG4gICAgXCJwYXNzd29yZFwiIGluIHZhbHVlICYmXG4gICAgdHlwZW9mIHZhbHVlLnBhc3N3b3JkID09PSBcInN0cmluZ1wiXG4gIClcbn1cblxuZXhwb3J0IGZ1bmN0aW9uIGNsZWFyQ2FjaGUoKSB7XG4gIGNhY2hlZFRva2VuVmVyaWZpZXIgPSB1bmRlZmluZWRcbiAgY2FjaGVkSW50ZXJuYWxBdXRob3JpemF0aW9uSGVhZGVyID0gdW5kZWZpbmVkXG59XG4iXX0=

package/lib/api-gateway/authorizer-lambdas/cognito-user-pool-or-basic-auth-authorizer.d.ts CHANGED Viewed

@@ -1,16 +1,15 @@
 /**
  * This lambda verifies credentials:
- * - Against Cognito user pool if request uses Bearer token
+ * - Against Cognito user pool if request uses access token in Bearer authorization header
  * - Against credentials saved in Secret Manager if request uses basic auth (and if secret exists)
  *
- * Expects the following environment variables
+ * Expects the following environment variables:
  * - USER_POOL_ID
  * - BASIC_AUTH_CREDENTIALS_SECRET_NAME (optional)
- *   - Secret value should follow this format: `{"username":"<username>","password":"<password>"}`.
- *     A different format with an array of pre-encoded credentials is also supported - see docs for
- *     the `CognitoUserPoolOrBasicAuthAuthorizerProps` on the `ApiGateway` construct.
+ *   - Name of secret in AWS Secrets Manager that stores basic auth credentials. See
+ *     `BasicAuthAuthorizerProps` on the `ApiGateway` construct for the supported formats.
  * - REQUIRED_SCOPE (optional)
- *   - Set this to require that the bearer token payload contains the given scope
+ *   - Set this to require that the access token payload contains the given scope
  */
 import type { APIGatewayRequestAuthorizerEventV2, APIGatewaySimpleAuthorizerResult } from "aws-lambda";
 import { SecretsManager } from "@aws-sdk/client-secrets-manager";
@@ -19,18 +18,27 @@ type AuthorizerResult = APIGatewaySimpleAuthorizerResult & {
     /**
      * Returning a context object from our authorizer allows our API Gateway to access these variables
      * via `${context.authorizer.<property>}`.
-     * https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging-variables.html
+     * https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html
      */
     context?: {
         /**
-         * If the token is verified, we return the auth client ID from the token's claims as a context
-         * variable (named `authorizer.clientId`). You can then use this for parameter mapping on the
-         * API Gateway (see `AlbIntegrationProps.mapParameters` on the `ApiGateway` construct), if for
-         * example you want to forward this to the backend integration.
+         * If the request used an access token, and the token was verified, we return the auth client ID
+         * from the token's claims in this context variable (named `authorizer.clientId`). We use this
+         * to include the requesting client in the API Gateway access logs (see `defaultAccessLogFormat`
+         * in our `ApiGateway` construct). You can also use this when mapping parameters to the backend
+         * integration (see `AlbIntegrationProps.mapParameters` on the `ApiGateway` construct).
          */
         clientId?: string;
         /**
-         * See `CognitoUserPoolAuthorizerProps.basicAuthForInternalAuthorization` in the `ApiGateway`
+         * If the request used Basic Auth, and the credentials were verified, we return the username
+         * that was used in this context variable (named `authorizer.username`). We use this to include
+         * the requesting user in the API Gateway access logs (see `defaultAccessLogFormat` in our
+         * `ApiGateway` construct). You can also use this when mapping parameters to the backend
+         * integration (see `AlbIntegrationProps.mapParameters` on the `ApiGateway` construct).
+         */
+        username?: string;
+        /**
+         * See `CognitoUserPoolAuthorizerProps.basicAuthForInternalAuthorization` on the `ApiGateway`
          * construct (we provide the same context variable here as in the Cognito User Pool authorizer,
          * using the credentials from BASIC_AUTH_CREDENTIALS_SECRET_NAME).
          */