@memberjunction/server 5.38.0 → 5.40.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +67 -0
- package/dist/apolloServer/index.d.ts +0 -8
- package/dist/apolloServer/index.d.ts.map +1 -1
- package/dist/apolloServer/index.js +61 -0
- package/dist/apolloServer/index.js.map +1 -1
- package/dist/auth/index.js +1 -1
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/magicLink/MagicLinkKeys.d.ts +58 -0
- package/dist/auth/magicLink/MagicLinkKeys.d.ts.map +1 -0
- package/dist/auth/magicLink/MagicLinkKeys.js +99 -0
- package/dist/auth/magicLink/MagicLinkKeys.js.map +1 -0
- package/dist/auth/magicLink/MagicLinkRouter.d.ts +33 -0
- package/dist/auth/magicLink/MagicLinkRouter.d.ts.map +1 -0
- package/dist/auth/magicLink/MagicLinkRouter.js +184 -0
- package/dist/auth/magicLink/MagicLinkRouter.js.map +1 -0
- package/dist/auth/magicLink/MagicLinkService.d.ts +123 -0
- package/dist/auth/magicLink/MagicLinkService.d.ts.map +1 -0
- package/dist/auth/magicLink/MagicLinkService.js +605 -0
- package/dist/auth/magicLink/MagicLinkService.js.map +1 -0
- package/dist/auth/magicLink/index.d.ts +6 -0
- package/dist/auth/magicLink/index.d.ts.map +1 -0
- package/dist/auth/magicLink/index.js +6 -0
- package/dist/auth/magicLink/index.js.map +1 -0
- package/dist/auth/magicLink/magicLinkCore.d.ts +82 -0
- package/dist/auth/magicLink/magicLinkCore.d.ts.map +1 -0
- package/dist/auth/magicLink/magicLinkCore.js +164 -0
- package/dist/auth/magicLink/magicLinkCore.js.map +1 -0
- package/dist/auth/magicLink/redeemLanding.d.ts +22 -0
- package/dist/auth/magicLink/redeemLanding.d.ts.map +1 -0
- package/dist/auth/magicLink/redeemLanding.js +61 -0
- package/dist/auth/magicLink/redeemLanding.js.map +1 -0
- package/dist/auth/magicLink/types.d.ts +131 -0
- package/dist/auth/magicLink/types.d.ts.map +1 -0
- package/dist/auth/magicLink/types.js +6 -0
- package/dist/auth/magicLink/types.js.map +1 -0
- package/dist/config.d.ts +479 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +84 -0
- package/dist/config.js.map +1 -1
- package/dist/context.d.ts.map +1 -1
- package/dist/context.js +223 -19
- package/dist/context.js.map +1 -1
- package/dist/generated/generated.d.ts +952 -4
- package/dist/generated/generated.d.ts.map +1 -1
- package/dist/generated/generated.js +25663 -20321
- package/dist/generated/generated.js.map +1 -1
- package/dist/generic/FireAndForgetHeartbeat.d.ts +51 -0
- package/dist/generic/FireAndForgetHeartbeat.d.ts.map +1 -0
- package/dist/generic/FireAndForgetHeartbeat.js +44 -0
- package/dist/generic/FireAndForgetHeartbeat.js.map +1 -0
- package/dist/generic/ResolverBase.d.ts.map +1 -1
- package/dist/generic/ResolverBase.js +35 -7
- package/dist/generic/ResolverBase.js.map +1 -1
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +145 -2
- package/dist/index.js.map +1 -1
- package/dist/logging/NoLog.d.ts +50 -0
- package/dist/logging/NoLog.d.ts.map +1 -0
- package/dist/logging/NoLog.js +80 -0
- package/dist/logging/NoLog.js.map +1 -0
- package/dist/logging/bootAudit.d.ts +43 -0
- package/dist/logging/bootAudit.d.ts.map +1 -0
- package/dist/logging/bootAudit.js +83 -0
- package/dist/logging/bootAudit.js.map +1 -0
- package/dist/logging/boundaryLogPayload.d.ts +18 -0
- package/dist/logging/boundaryLogPayload.d.ts.map +1 -0
- package/dist/logging/boundaryLogPayload.js +18 -0
- package/dist/logging/boundaryLogPayload.js.map +1 -0
- package/dist/logging/secretRedactor.d.ts +23 -0
- package/dist/logging/secretRedactor.d.ts.map +1 -0
- package/dist/logging/secretRedactor.js +53 -0
- package/dist/logging/secretRedactor.js.map +1 -0
- package/dist/logging/shortenForLog.d.ts +8 -0
- package/dist/logging/shortenForLog.d.ts.map +1 -0
- package/dist/logging/shortenForLog.js +21 -0
- package/dist/logging/shortenForLog.js.map +1 -0
- package/dist/logging/variablesLoggingMiddleware.d.ts +22 -0
- package/dist/logging/variablesLoggingMiddleware.d.ts.map +1 -0
- package/dist/logging/variablesLoggingMiddleware.js +127 -0
- package/dist/logging/variablesLoggingMiddleware.js.map +1 -0
- package/dist/resolvers/CurrentUserContextResolver.d.ts +9 -3
- package/dist/resolvers/CurrentUserContextResolver.d.ts.map +1 -1
- package/dist/resolvers/CurrentUserContextResolver.js +19 -5
- package/dist/resolvers/CurrentUserContextResolver.js.map +1 -1
- package/dist/resolvers/EntityResolver.d.ts.map +1 -1
- package/dist/resolvers/EntityResolver.js +13 -2
- package/dist/resolvers/EntityResolver.js.map +1 -1
- package/dist/resolvers/GenerateSeedTaxonomyResolver.d.ts +28 -0
- package/dist/resolvers/GenerateSeedTaxonomyResolver.d.ts.map +1 -0
- package/dist/resolvers/GenerateSeedTaxonomyResolver.js +100 -0
- package/dist/resolvers/GenerateSeedTaxonomyResolver.js.map +1 -0
- package/dist/resolvers/GetDataResolver.d.ts.map +1 -1
- package/dist/resolvers/GetDataResolver.js +8 -4
- package/dist/resolvers/GetDataResolver.js.map +1 -1
- package/dist/resolvers/IntegrationDiscoveryResolver.d.ts +259 -2
- package/dist/resolvers/IntegrationDiscoveryResolver.d.ts.map +1 -1
- package/dist/resolvers/IntegrationDiscoveryResolver.js +1276 -117
- package/dist/resolvers/IntegrationDiscoveryResolver.js.map +1 -1
- package/dist/resolvers/IntegrationProgressResolver.d.ts +90 -0
- package/dist/resolvers/IntegrationProgressResolver.d.ts.map +1 -0
- package/dist/resolvers/IntegrationProgressResolver.js +196 -0
- package/dist/resolvers/IntegrationProgressResolver.js.map +1 -0
- package/dist/resolvers/MCPResolver.d.ts.map +1 -1
- package/dist/resolvers/MCPResolver.js +19 -14
- package/dist/resolvers/MCPResolver.js.map +1 -1
- package/dist/resolvers/RunAIAgentResolver.d.ts.map +1 -1
- package/dist/resolvers/RunAIAgentResolver.js +26 -5
- package/dist/resolvers/RunAIAgentResolver.js.map +1 -1
- package/dist/resolvers/RunClusterAnalysisResolver.d.ts +74 -0
- package/dist/resolvers/RunClusterAnalysisResolver.d.ts.map +1 -0
- package/dist/resolvers/RunClusterAnalysisResolver.js +243 -0
- package/dist/resolvers/RunClusterAnalysisResolver.js.map +1 -0
- package/dist/resolvers/RunTestResolver.d.ts.map +1 -1
- package/dist/resolvers/RunTestResolver.js +12 -2
- package/dist/resolvers/RunTestResolver.js.map +1 -1
- package/dist/resolvers/SearchEntitiesResolver.d.ts +46 -0
- package/dist/resolvers/SearchEntitiesResolver.d.ts.map +1 -0
- package/dist/resolvers/SearchEntitiesResolver.js +216 -0
- package/dist/resolvers/SearchEntitiesResolver.js.map +1 -0
- package/dist/resolvers/UserResolver.d.ts +16 -2
- package/dist/resolvers/UserResolver.d.ts.map +1 -1
- package/dist/resolvers/UserResolver.js +45 -2
- package/dist/resolvers/UserResolver.js.map +1 -1
- package/dist/resolvers/VectorizeEntityResolver.d.ts.map +1 -1
- package/dist/resolvers/VectorizeEntityResolver.js +14 -1
- package/dist/resolvers/VectorizeEntityResolver.js.map +1 -1
- package/dist/rest/SignatureWebhookHandler.d.ts +19 -0
- package/dist/rest/SignatureWebhookHandler.d.ts.map +1 -0
- package/dist/rest/SignatureWebhookHandler.js +86 -0
- package/dist/rest/SignatureWebhookHandler.js.map +1 -0
- package/dist/services/ScheduledJobsService.d.ts.map +1 -1
- package/dist/services/ScheduledJobsService.js +14 -2
- package/dist/services/ScheduledJobsService.js.map +1 -1
- package/package.json +79 -74
- package/src/__tests__/NoLog.test.ts +76 -0
- package/src/__tests__/bootAudit.test.ts +188 -0
- package/src/__tests__/boundaryLogPayload.test.ts +31 -0
- package/src/__tests__/getDataTokenRedaction.test.ts +84 -0
- package/src/__tests__/magicLink.test.ts +387 -0
- package/src/__tests__/secretRedactor.test.ts +163 -0
- package/src/__tests__/subscriptionRedaction.test.ts +217 -0
- package/src/apolloServer/index.ts +58 -0
- package/src/auth/index.ts +2 -2
- package/src/auth/magicLink/MagicLinkKeys.ts +122 -0
- package/src/auth/magicLink/MagicLinkRouter.ts +209 -0
- package/src/auth/magicLink/MagicLinkService.ts +724 -0
- package/src/auth/magicLink/index.ts +17 -0
- package/src/auth/magicLink/magicLinkCore.ts +216 -0
- package/src/auth/magicLink/redeemLanding.ts +62 -0
- package/src/auth/magicLink/types.ts +137 -0
- package/src/config.ts +89 -0
- package/src/context.ts +249 -17
- package/src/generated/generated.ts +12528 -8866
- package/src/generic/FireAndForgetHeartbeat.ts +85 -0
- package/src/generic/ResolverBase.ts +35 -7
- package/src/generic/__tests__/FireAndForgetHeartbeat.test.ts +99 -0
- package/src/index.ts +165 -2
- package/src/logging/NoLog.ts +88 -0
- package/src/logging/bootAudit.ts +117 -0
- package/src/logging/boundaryLogPayload.ts +19 -0
- package/src/logging/secretRedactor.ts +82 -0
- package/src/logging/shortenForLog.ts +17 -0
- package/src/logging/variablesLoggingMiddleware.ts +191 -0
- package/src/resolvers/CurrentUserContextResolver.ts +21 -5
- package/src/resolvers/EntityResolver.ts +17 -5
- package/src/resolvers/GenerateSeedTaxonomyResolver.ts +90 -0
- package/src/resolvers/GetDataResolver.ts +9 -5
- package/src/resolvers/IntegrationDiscoveryResolver.ts +1111 -120
- package/src/resolvers/IntegrationProgressResolver.ts +220 -0
- package/src/resolvers/MCPResolver.ts +18 -14
- package/src/resolvers/RunAIAgentResolver.ts +28 -5
- package/src/resolvers/RunClusterAnalysisResolver.ts +249 -0
- package/src/resolvers/RunTestResolver.ts +14 -2
- package/src/resolvers/SearchEntitiesResolver.ts +173 -0
- package/src/resolvers/UserResolver.ts +38 -2
- package/src/resolvers/VectorizeEntityResolver.ts +14 -1
- package/src/resolvers/__tests__/IntegrationProgressResolver.test.ts +170 -0
- package/src/rest/SignatureWebhookHandler.ts +103 -0
- package/src/services/ScheduledJobsService.ts +15 -2
package/dist/config.d.ts
CHANGED
|
@@ -487,6 +487,32 @@ declare const cacheSettingsSchema: z.ZodObject<{
|
|
|
487
487
|
evictionSweepIntervalSeconds?: number;
|
|
488
488
|
verboseLogging?: boolean;
|
|
489
489
|
}>;
|
|
490
|
+
declare const loggingSettingsSchema: z.ZodObject<{
|
|
491
|
+
graphql: z.ZodDefault<z.ZodOptional<z.ZodObject<{
|
|
492
|
+
/**
|
|
493
|
+
* When true, emit a redacted variables block per root resolver call via the
|
|
494
|
+
* type-graphql global middleware. Default: false in all environments regardless
|
|
495
|
+
* of NODE_ENV. Env override: `MJ_LOG_GRAPHQL_VARIABLES`.
|
|
496
|
+
*
|
|
497
|
+
* SECURITY: this is an opt-in verbose-echo path for developers debugging locally.
|
|
498
|
+
* The always-on request log line in `context.ts` does NOT emit variables — that
|
|
499
|
+
* is the load-bearing leak fix. This flag is additive on top of the always-on log.
|
|
500
|
+
*/
|
|
501
|
+
logVariables: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
|
|
502
|
+
}, "strip", z.ZodTypeAny, {
|
|
503
|
+
logVariables?: boolean;
|
|
504
|
+
}, {
|
|
505
|
+
logVariables?: boolean;
|
|
506
|
+
}>>>;
|
|
507
|
+
}, "strip", z.ZodTypeAny, {
|
|
508
|
+
graphql?: {
|
|
509
|
+
logVariables?: boolean;
|
|
510
|
+
};
|
|
511
|
+
}, {
|
|
512
|
+
graphql?: {
|
|
513
|
+
logVariables?: boolean;
|
|
514
|
+
};
|
|
515
|
+
}>;
|
|
490
516
|
declare const feedbackGithubSettingsSchema: z.ZodObject<{
|
|
491
517
|
owner: z.ZodOptional<z.ZodString>;
|
|
492
518
|
repo: z.ZodOptional<z.ZodString>;
|
|
@@ -556,6 +582,181 @@ declare const feedbackSettingsSchema: z.ZodObject<{
|
|
|
556
582
|
assignees?: string[];
|
|
557
583
|
};
|
|
558
584
|
}>;
|
|
585
|
+
declare const magicLinkSchema: z.ZodObject<{
|
|
586
|
+
/** Master switch for the magic-link feature. When false, routes are not mounted and the auth provider is not registered. */
|
|
587
|
+
enabled: z.ZodDefault<z.ZodEffects<z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString, z.ZodNumber]>>>, boolean, string | number | boolean>>;
|
|
588
|
+
/**
|
|
589
|
+
* PEM-encoded RS256 private key used to sign session JWTs. May be raw PEM or
|
|
590
|
+
* base64-encoded PEM. If omitted, an ephemeral keypair is generated at startup
|
|
591
|
+
* (dev only — restarting the server invalidates all outstanding sessions).
|
|
592
|
+
*/
|
|
593
|
+
rsaPrivateKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
594
|
+
/** Hours an unredeemed invite link remains valid (hard expiry). Default 72. */
|
|
595
|
+
defaultExpiresInHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
596
|
+
/** Hours the minted session JWT remains valid after redemption. No refresh tokens. Default 8. */
|
|
597
|
+
sessionTokenTtlHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
598
|
+
/** Name of the restricted Role assigned to redeeming users when an invite does not specify one. */
|
|
599
|
+
restrictedRoleName: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
600
|
+
/**
|
|
601
|
+
* Role names (besides Owner) whose members may issue invites via POST /create.
|
|
602
|
+
* Empty (default) means Owner-only — the secure default. The restricted role
|
|
603
|
+
* must never be listed here, or external users could mint their own invites.
|
|
604
|
+
*/
|
|
605
|
+
inviteIssuerRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
606
|
+
/**
|
|
607
|
+
* Role names an invite may grant, IN ADDITION to restrictedRoleName (which is
|
|
608
|
+
* always allowed). A caller-supplied roleId is rejected unless its role name is
|
|
609
|
+
* the restricted role or appears here. This is the guard that stops a caller
|
|
610
|
+
* from attaching a privileged role (e.g. Owner) to an external magic-link user.
|
|
611
|
+
*/
|
|
612
|
+
grantableRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
613
|
+
/** Email of the internal user whose context provisions magic-link users (falls back to userHandling.contextUserForNewUserCreation). */
|
|
614
|
+
contextUserForProvisioning: z.ZodOptional<z.ZodString>;
|
|
615
|
+
/**
|
|
616
|
+
* Guard against bolting an external magic-link role/app onto an EXISTING account
|
|
617
|
+
* that is an Owner or already holds non-restricted ("real") roles. One mistyped
|
|
618
|
+
* recipient email is all it takes to hand a colleague an external role otherwise.
|
|
619
|
+
* `block` (default) refuses to provision onto such accounts; `warn` logs loudly
|
|
620
|
+
* and proceeds. Provisioning onto brand-new or already-external accounts is never
|
|
621
|
+
* affected.
|
|
622
|
+
*/
|
|
623
|
+
provisioningGuard: z.ZodDefault<z.ZodOptional<z.ZodEnum<["block", "warn"]>>>;
|
|
624
|
+
/** CommunicationEngine provider name used to deliver invite emails (e.g. 'SendGrid', 'Microsoft Graph'). When unset, emails are not sent and the redemption link is returned to the caller instead. */
|
|
625
|
+
communicationProvider: z.ZodOptional<z.ZodString>;
|
|
626
|
+
/** From address for invite emails. */
|
|
627
|
+
fromAddress: z.ZodOptional<z.ZodString>;
|
|
628
|
+
/** Audience claim for minted JWTs and the auto-registered magic-link auth provider. */
|
|
629
|
+
audience: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
630
|
+
/** Rate-limit window (ms) for the public /redeem and authenticated /create endpoints. Default 60s. */
|
|
631
|
+
rateLimitWindowMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
632
|
+
/** Max /redeem attempts per IP per window. Default 20. */
|
|
633
|
+
redeemRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
634
|
+
/** Max /create requests per IP per window. Default 30. */
|
|
635
|
+
createRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
636
|
+
/**
|
|
637
|
+
* Base URL of the Explorer instance that redeems land in. When set, GET
|
|
638
|
+
* /magic-link/redeem 302-redirects the browser to `${explorerUrl}/#token=<jwt>`
|
|
639
|
+
* (Explorer's magic-link auth provider reads the fragment). When unset, redeem
|
|
640
|
+
* returns the token as JSON. Append `?format=json` to force JSON regardless.
|
|
641
|
+
*/
|
|
642
|
+
explorerUrl: z.ZodOptional<z.ZodString>;
|
|
643
|
+
}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
|
|
644
|
+
/** Master switch for the magic-link feature. When false, routes are not mounted and the auth provider is not registered. */
|
|
645
|
+
enabled: z.ZodDefault<z.ZodEffects<z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString, z.ZodNumber]>>>, boolean, string | number | boolean>>;
|
|
646
|
+
/**
|
|
647
|
+
* PEM-encoded RS256 private key used to sign session JWTs. May be raw PEM or
|
|
648
|
+
* base64-encoded PEM. If omitted, an ephemeral keypair is generated at startup
|
|
649
|
+
* (dev only — restarting the server invalidates all outstanding sessions).
|
|
650
|
+
*/
|
|
651
|
+
rsaPrivateKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
652
|
+
/** Hours an unredeemed invite link remains valid (hard expiry). Default 72. */
|
|
653
|
+
defaultExpiresInHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
654
|
+
/** Hours the minted session JWT remains valid after redemption. No refresh tokens. Default 8. */
|
|
655
|
+
sessionTokenTtlHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
656
|
+
/** Name of the restricted Role assigned to redeeming users when an invite does not specify one. */
|
|
657
|
+
restrictedRoleName: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
658
|
+
/**
|
|
659
|
+
* Role names (besides Owner) whose members may issue invites via POST /create.
|
|
660
|
+
* Empty (default) means Owner-only — the secure default. The restricted role
|
|
661
|
+
* must never be listed here, or external users could mint their own invites.
|
|
662
|
+
*/
|
|
663
|
+
inviteIssuerRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
664
|
+
/**
|
|
665
|
+
* Role names an invite may grant, IN ADDITION to restrictedRoleName (which is
|
|
666
|
+
* always allowed). A caller-supplied roleId is rejected unless its role name is
|
|
667
|
+
* the restricted role or appears here. This is the guard that stops a caller
|
|
668
|
+
* from attaching a privileged role (e.g. Owner) to an external magic-link user.
|
|
669
|
+
*/
|
|
670
|
+
grantableRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
671
|
+
/** Email of the internal user whose context provisions magic-link users (falls back to userHandling.contextUserForNewUserCreation). */
|
|
672
|
+
contextUserForProvisioning: z.ZodOptional<z.ZodString>;
|
|
673
|
+
/**
|
|
674
|
+
* Guard against bolting an external magic-link role/app onto an EXISTING account
|
|
675
|
+
* that is an Owner or already holds non-restricted ("real") roles. One mistyped
|
|
676
|
+
* recipient email is all it takes to hand a colleague an external role otherwise.
|
|
677
|
+
* `block` (default) refuses to provision onto such accounts; `warn` logs loudly
|
|
678
|
+
* and proceeds. Provisioning onto brand-new or already-external accounts is never
|
|
679
|
+
* affected.
|
|
680
|
+
*/
|
|
681
|
+
provisioningGuard: z.ZodDefault<z.ZodOptional<z.ZodEnum<["block", "warn"]>>>;
|
|
682
|
+
/** CommunicationEngine provider name used to deliver invite emails (e.g. 'SendGrid', 'Microsoft Graph'). When unset, emails are not sent and the redemption link is returned to the caller instead. */
|
|
683
|
+
communicationProvider: z.ZodOptional<z.ZodString>;
|
|
684
|
+
/** From address for invite emails. */
|
|
685
|
+
fromAddress: z.ZodOptional<z.ZodString>;
|
|
686
|
+
/** Audience claim for minted JWTs and the auto-registered magic-link auth provider. */
|
|
687
|
+
audience: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
688
|
+
/** Rate-limit window (ms) for the public /redeem and authenticated /create endpoints. Default 60s. */
|
|
689
|
+
rateLimitWindowMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
690
|
+
/** Max /redeem attempts per IP per window. Default 20. */
|
|
691
|
+
redeemRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
692
|
+
/** Max /create requests per IP per window. Default 30. */
|
|
693
|
+
createRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
694
|
+
/**
|
|
695
|
+
* Base URL of the Explorer instance that redeems land in. When set, GET
|
|
696
|
+
* /magic-link/redeem 302-redirects the browser to `${explorerUrl}/#token=<jwt>`
|
|
697
|
+
* (Explorer's magic-link auth provider reads the fragment). When unset, redeem
|
|
698
|
+
* returns the token as JSON. Append `?format=json` to force JSON regardless.
|
|
699
|
+
*/
|
|
700
|
+
explorerUrl: z.ZodOptional<z.ZodString>;
|
|
701
|
+
}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
|
|
702
|
+
/** Master switch for the magic-link feature. When false, routes are not mounted and the auth provider is not registered. */
|
|
703
|
+
enabled: z.ZodDefault<z.ZodEffects<z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString, z.ZodNumber]>>>, boolean, string | number | boolean>>;
|
|
704
|
+
/**
|
|
705
|
+
* PEM-encoded RS256 private key used to sign session JWTs. May be raw PEM or
|
|
706
|
+
* base64-encoded PEM. If omitted, an ephemeral keypair is generated at startup
|
|
707
|
+
* (dev only — restarting the server invalidates all outstanding sessions).
|
|
708
|
+
*/
|
|
709
|
+
rsaPrivateKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
710
|
+
/** Hours an unredeemed invite link remains valid (hard expiry). Default 72. */
|
|
711
|
+
defaultExpiresInHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
712
|
+
/** Hours the minted session JWT remains valid after redemption. No refresh tokens. Default 8. */
|
|
713
|
+
sessionTokenTtlHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
714
|
+
/** Name of the restricted Role assigned to redeeming users when an invite does not specify one. */
|
|
715
|
+
restrictedRoleName: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
716
|
+
/**
|
|
717
|
+
* Role names (besides Owner) whose members may issue invites via POST /create.
|
|
718
|
+
* Empty (default) means Owner-only — the secure default. The restricted role
|
|
719
|
+
* must never be listed here, or external users could mint their own invites.
|
|
720
|
+
*/
|
|
721
|
+
inviteIssuerRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
722
|
+
/**
|
|
723
|
+
* Role names an invite may grant, IN ADDITION to restrictedRoleName (which is
|
|
724
|
+
* always allowed). A caller-supplied roleId is rejected unless its role name is
|
|
725
|
+
* the restricted role or appears here. This is the guard that stops a caller
|
|
726
|
+
* from attaching a privileged role (e.g. Owner) to an external magic-link user.
|
|
727
|
+
*/
|
|
728
|
+
grantableRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
729
|
+
/** Email of the internal user whose context provisions magic-link users (falls back to userHandling.contextUserForNewUserCreation). */
|
|
730
|
+
contextUserForProvisioning: z.ZodOptional<z.ZodString>;
|
|
731
|
+
/**
|
|
732
|
+
* Guard against bolting an external magic-link role/app onto an EXISTING account
|
|
733
|
+
* that is an Owner or already holds non-restricted ("real") roles. One mistyped
|
|
734
|
+
* recipient email is all it takes to hand a colleague an external role otherwise.
|
|
735
|
+
* `block` (default) refuses to provision onto such accounts; `warn` logs loudly
|
|
736
|
+
* and proceeds. Provisioning onto brand-new or already-external accounts is never
|
|
737
|
+
* affected.
|
|
738
|
+
*/
|
|
739
|
+
provisioningGuard: z.ZodDefault<z.ZodOptional<z.ZodEnum<["block", "warn"]>>>;
|
|
740
|
+
/** CommunicationEngine provider name used to deliver invite emails (e.g. 'SendGrid', 'Microsoft Graph'). When unset, emails are not sent and the redemption link is returned to the caller instead. */
|
|
741
|
+
communicationProvider: z.ZodOptional<z.ZodString>;
|
|
742
|
+
/** From address for invite emails. */
|
|
743
|
+
fromAddress: z.ZodOptional<z.ZodString>;
|
|
744
|
+
/** Audience claim for minted JWTs and the auto-registered magic-link auth provider. */
|
|
745
|
+
audience: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
746
|
+
/** Rate-limit window (ms) for the public /redeem and authenticated /create endpoints. Default 60s. */
|
|
747
|
+
rateLimitWindowMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
748
|
+
/** Max /redeem attempts per IP per window. Default 20. */
|
|
749
|
+
redeemRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
750
|
+
/** Max /create requests per IP per window. Default 30. */
|
|
751
|
+
createRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
752
|
+
/**
|
|
753
|
+
* Base URL of the Explorer instance that redeems land in. When set, GET
|
|
754
|
+
* /magic-link/redeem 302-redirects the browser to `${explorerUrl}/#token=<jwt>`
|
|
755
|
+
* (Explorer's magic-link auth provider reads the fragment). When unset, redeem
|
|
756
|
+
* returns the token as JSON. Append `?format=json` to force JSON regardless.
|
|
757
|
+
*/
|
|
758
|
+
explorerUrl: z.ZodOptional<z.ZodString>;
|
|
759
|
+
}, z.ZodTypeAny, "passthrough">>;
|
|
559
760
|
declare const configInfoSchema: z.ZodObject<{
|
|
560
761
|
userHandling: z.ZodObject<{
|
|
561
762
|
autoCreateNewUsers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
|
|
@@ -588,6 +789,181 @@ declare const configInfoSchema: z.ZodObject<{
|
|
|
588
789
|
CreateUserApplicationRecords?: boolean;
|
|
589
790
|
UserApplications?: string[];
|
|
590
791
|
}>;
|
|
792
|
+
magicLink: z.ZodDefault<z.ZodOptional<z.ZodObject<{
|
|
793
|
+
/** Master switch for the magic-link feature. When false, routes are not mounted and the auth provider is not registered. */
|
|
794
|
+
enabled: z.ZodDefault<z.ZodEffects<z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString, z.ZodNumber]>>>, boolean, string | number | boolean>>;
|
|
795
|
+
/**
|
|
796
|
+
* PEM-encoded RS256 private key used to sign session JWTs. May be raw PEM or
|
|
797
|
+
* base64-encoded PEM. If omitted, an ephemeral keypair is generated at startup
|
|
798
|
+
* (dev only — restarting the server invalidates all outstanding sessions).
|
|
799
|
+
*/
|
|
800
|
+
rsaPrivateKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
801
|
+
/** Hours an unredeemed invite link remains valid (hard expiry). Default 72. */
|
|
802
|
+
defaultExpiresInHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
803
|
+
/** Hours the minted session JWT remains valid after redemption. No refresh tokens. Default 8. */
|
|
804
|
+
sessionTokenTtlHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
805
|
+
/** Name of the restricted Role assigned to redeeming users when an invite does not specify one. */
|
|
806
|
+
restrictedRoleName: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
807
|
+
/**
|
|
808
|
+
* Role names (besides Owner) whose members may issue invites via POST /create.
|
|
809
|
+
* Empty (default) means Owner-only — the secure default. The restricted role
|
|
810
|
+
* must never be listed here, or external users could mint their own invites.
|
|
811
|
+
*/
|
|
812
|
+
inviteIssuerRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
813
|
+
/**
|
|
814
|
+
* Role names an invite may grant, IN ADDITION to restrictedRoleName (which is
|
|
815
|
+
* always allowed). A caller-supplied roleId is rejected unless its role name is
|
|
816
|
+
* the restricted role or appears here. This is the guard that stops a caller
|
|
817
|
+
* from attaching a privileged role (e.g. Owner) to an external magic-link user.
|
|
818
|
+
*/
|
|
819
|
+
grantableRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
820
|
+
/** Email of the internal user whose context provisions magic-link users (falls back to userHandling.contextUserForNewUserCreation). */
|
|
821
|
+
contextUserForProvisioning: z.ZodOptional<z.ZodString>;
|
|
822
|
+
/**
|
|
823
|
+
* Guard against bolting an external magic-link role/app onto an EXISTING account
|
|
824
|
+
* that is an Owner or already holds non-restricted ("real") roles. One mistyped
|
|
825
|
+
* recipient email is all it takes to hand a colleague an external role otherwise.
|
|
826
|
+
* `block` (default) refuses to provision onto such accounts; `warn` logs loudly
|
|
827
|
+
* and proceeds. Provisioning onto brand-new or already-external accounts is never
|
|
828
|
+
* affected.
|
|
829
|
+
*/
|
|
830
|
+
provisioningGuard: z.ZodDefault<z.ZodOptional<z.ZodEnum<["block", "warn"]>>>;
|
|
831
|
+
/** CommunicationEngine provider name used to deliver invite emails (e.g. 'SendGrid', 'Microsoft Graph'). When unset, emails are not sent and the redemption link is returned to the caller instead. */
|
|
832
|
+
communicationProvider: z.ZodOptional<z.ZodString>;
|
|
833
|
+
/** From address for invite emails. */
|
|
834
|
+
fromAddress: z.ZodOptional<z.ZodString>;
|
|
835
|
+
/** Audience claim for minted JWTs and the auto-registered magic-link auth provider. */
|
|
836
|
+
audience: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
837
|
+
/** Rate-limit window (ms) for the public /redeem and authenticated /create endpoints. Default 60s. */
|
|
838
|
+
rateLimitWindowMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
839
|
+
/** Max /redeem attempts per IP per window. Default 20. */
|
|
840
|
+
redeemRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
841
|
+
/** Max /create requests per IP per window. Default 30. */
|
|
842
|
+
createRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
843
|
+
/**
|
|
844
|
+
* Base URL of the Explorer instance that redeems land in. When set, GET
|
|
845
|
+
* /magic-link/redeem 302-redirects the browser to `${explorerUrl}/#token=<jwt>`
|
|
846
|
+
* (Explorer's magic-link auth provider reads the fragment). When unset, redeem
|
|
847
|
+
* returns the token as JSON. Append `?format=json` to force JSON regardless.
|
|
848
|
+
*/
|
|
849
|
+
explorerUrl: z.ZodOptional<z.ZodString>;
|
|
850
|
+
}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
|
|
851
|
+
/** Master switch for the magic-link feature. When false, routes are not mounted and the auth provider is not registered. */
|
|
852
|
+
enabled: z.ZodDefault<z.ZodEffects<z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString, z.ZodNumber]>>>, boolean, string | number | boolean>>;
|
|
853
|
+
/**
|
|
854
|
+
* PEM-encoded RS256 private key used to sign session JWTs. May be raw PEM or
|
|
855
|
+
* base64-encoded PEM. If omitted, an ephemeral keypair is generated at startup
|
|
856
|
+
* (dev only — restarting the server invalidates all outstanding sessions).
|
|
857
|
+
*/
|
|
858
|
+
rsaPrivateKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
859
|
+
/** Hours an unredeemed invite link remains valid (hard expiry). Default 72. */
|
|
860
|
+
defaultExpiresInHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
861
|
+
/** Hours the minted session JWT remains valid after redemption. No refresh tokens. Default 8. */
|
|
862
|
+
sessionTokenTtlHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
863
|
+
/** Name of the restricted Role assigned to redeeming users when an invite does not specify one. */
|
|
864
|
+
restrictedRoleName: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
865
|
+
/**
|
|
866
|
+
* Role names (besides Owner) whose members may issue invites via POST /create.
|
|
867
|
+
* Empty (default) means Owner-only — the secure default. The restricted role
|
|
868
|
+
* must never be listed here, or external users could mint their own invites.
|
|
869
|
+
*/
|
|
870
|
+
inviteIssuerRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
871
|
+
/**
|
|
872
|
+
* Role names an invite may grant, IN ADDITION to restrictedRoleName (which is
|
|
873
|
+
* always allowed). A caller-supplied roleId is rejected unless its role name is
|
|
874
|
+
* the restricted role or appears here. This is the guard that stops a caller
|
|
875
|
+
* from attaching a privileged role (e.g. Owner) to an external magic-link user.
|
|
876
|
+
*/
|
|
877
|
+
grantableRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
878
|
+
/** Email of the internal user whose context provisions magic-link users (falls back to userHandling.contextUserForNewUserCreation). */
|
|
879
|
+
contextUserForProvisioning: z.ZodOptional<z.ZodString>;
|
|
880
|
+
/**
|
|
881
|
+
* Guard against bolting an external magic-link role/app onto an EXISTING account
|
|
882
|
+
* that is an Owner or already holds non-restricted ("real") roles. One mistyped
|
|
883
|
+
* recipient email is all it takes to hand a colleague an external role otherwise.
|
|
884
|
+
* `block` (default) refuses to provision onto such accounts; `warn` logs loudly
|
|
885
|
+
* and proceeds. Provisioning onto brand-new or already-external accounts is never
|
|
886
|
+
* affected.
|
|
887
|
+
*/
|
|
888
|
+
provisioningGuard: z.ZodDefault<z.ZodOptional<z.ZodEnum<["block", "warn"]>>>;
|
|
889
|
+
/** CommunicationEngine provider name used to deliver invite emails (e.g. 'SendGrid', 'Microsoft Graph'). When unset, emails are not sent and the redemption link is returned to the caller instead. */
|
|
890
|
+
communicationProvider: z.ZodOptional<z.ZodString>;
|
|
891
|
+
/** From address for invite emails. */
|
|
892
|
+
fromAddress: z.ZodOptional<z.ZodString>;
|
|
893
|
+
/** Audience claim for minted JWTs and the auto-registered magic-link auth provider. */
|
|
894
|
+
audience: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
895
|
+
/** Rate-limit window (ms) for the public /redeem and authenticated /create endpoints. Default 60s. */
|
|
896
|
+
rateLimitWindowMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
897
|
+
/** Max /redeem attempts per IP per window. Default 20. */
|
|
898
|
+
redeemRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
899
|
+
/** Max /create requests per IP per window. Default 30. */
|
|
900
|
+
createRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
901
|
+
/**
|
|
902
|
+
* Base URL of the Explorer instance that redeems land in. When set, GET
|
|
903
|
+
* /magic-link/redeem 302-redirects the browser to `${explorerUrl}/#token=<jwt>`
|
|
904
|
+
* (Explorer's magic-link auth provider reads the fragment). When unset, redeem
|
|
905
|
+
* returns the token as JSON. Append `?format=json` to force JSON regardless.
|
|
906
|
+
*/
|
|
907
|
+
explorerUrl: z.ZodOptional<z.ZodString>;
|
|
908
|
+
}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
|
|
909
|
+
/** Master switch for the magic-link feature. When false, routes are not mounted and the auth provider is not registered. */
|
|
910
|
+
enabled: z.ZodDefault<z.ZodEffects<z.ZodDefault<z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString, z.ZodNumber]>>>, boolean, string | number | boolean>>;
|
|
911
|
+
/**
|
|
912
|
+
* PEM-encoded RS256 private key used to sign session JWTs. May be raw PEM or
|
|
913
|
+
* base64-encoded PEM. If omitted, an ephemeral keypair is generated at startup
|
|
914
|
+
* (dev only — restarting the server invalidates all outstanding sessions).
|
|
915
|
+
*/
|
|
916
|
+
rsaPrivateKey: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
917
|
+
/** Hours an unredeemed invite link remains valid (hard expiry). Default 72. */
|
|
918
|
+
defaultExpiresInHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
919
|
+
/** Hours the minted session JWT remains valid after redemption. No refresh tokens. Default 8. */
|
|
920
|
+
sessionTokenTtlHours: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
921
|
+
/** Name of the restricted Role assigned to redeeming users when an invite does not specify one. */
|
|
922
|
+
restrictedRoleName: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
923
|
+
/**
|
|
924
|
+
* Role names (besides Owner) whose members may issue invites via POST /create.
|
|
925
|
+
* Empty (default) means Owner-only — the secure default. The restricted role
|
|
926
|
+
* must never be listed here, or external users could mint their own invites.
|
|
927
|
+
*/
|
|
928
|
+
inviteIssuerRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
929
|
+
/**
|
|
930
|
+
* Role names an invite may grant, IN ADDITION to restrictedRoleName (which is
|
|
931
|
+
* always allowed). A caller-supplied roleId is rejected unless its role name is
|
|
932
|
+
* the restricted role or appears here. This is the guard that stops a caller
|
|
933
|
+
* from attaching a privileged role (e.g. Owner) to an external magic-link user.
|
|
934
|
+
*/
|
|
935
|
+
grantableRoleNames: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
|
|
936
|
+
/** Email of the internal user whose context provisions magic-link users (falls back to userHandling.contextUserForNewUserCreation). */
|
|
937
|
+
contextUserForProvisioning: z.ZodOptional<z.ZodString>;
|
|
938
|
+
/**
|
|
939
|
+
* Guard against bolting an external magic-link role/app onto an EXISTING account
|
|
940
|
+
* that is an Owner or already holds non-restricted ("real") roles. One mistyped
|
|
941
|
+
* recipient email is all it takes to hand a colleague an external role otherwise.
|
|
942
|
+
* `block` (default) refuses to provision onto such accounts; `warn` logs loudly
|
|
943
|
+
* and proceeds. Provisioning onto brand-new or already-external accounts is never
|
|
944
|
+
* affected.
|
|
945
|
+
*/
|
|
946
|
+
provisioningGuard: z.ZodDefault<z.ZodOptional<z.ZodEnum<["block", "warn"]>>>;
|
|
947
|
+
/** CommunicationEngine provider name used to deliver invite emails (e.g. 'SendGrid', 'Microsoft Graph'). When unset, emails are not sent and the redemption link is returned to the caller instead. */
|
|
948
|
+
communicationProvider: z.ZodOptional<z.ZodString>;
|
|
949
|
+
/** From address for invite emails. */
|
|
950
|
+
fromAddress: z.ZodOptional<z.ZodString>;
|
|
951
|
+
/** Audience claim for minted JWTs and the auto-registered magic-link auth provider. */
|
|
952
|
+
audience: z.ZodDefault<z.ZodOptional<z.ZodString>>;
|
|
953
|
+
/** Rate-limit window (ms) for the public /redeem and authenticated /create endpoints. Default 60s. */
|
|
954
|
+
rateLimitWindowMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
955
|
+
/** Max /redeem attempts per IP per window. Default 20. */
|
|
956
|
+
redeemRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
957
|
+
/** Max /create requests per IP per window. Default 30. */
|
|
958
|
+
createRateLimitMax: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
|
|
959
|
+
/**
|
|
960
|
+
* Base URL of the Explorer instance that redeems land in. When set, GET
|
|
961
|
+
* /magic-link/redeem 302-redirects the browser to `${explorerUrl}/#token=<jwt>`
|
|
962
|
+
* (Explorer's magic-link auth provider reads the fragment). When unset, redeem
|
|
963
|
+
* returns the token as JSON. Append `?format=json` to force JSON regardless.
|
|
964
|
+
*/
|
|
965
|
+
explorerUrl: z.ZodOptional<z.ZodString>;
|
|
966
|
+
}, z.ZodTypeAny, "passthrough">>>>;
|
|
591
967
|
databaseSettings: z.ZodObject<{
|
|
592
968
|
connectionTimeout: z.ZodNumber;
|
|
593
969
|
requestTimeout: z.ZodNumber;
|
|
@@ -1010,6 +1386,32 @@ declare const configInfoSchema: z.ZodObject<{
|
|
|
1010
1386
|
evictionSweepIntervalSeconds?: number;
|
|
1011
1387
|
verboseLogging?: boolean;
|
|
1012
1388
|
}>>>;
|
|
1389
|
+
loggingSettings: z.ZodDefault<z.ZodOptional<z.ZodObject<{
|
|
1390
|
+
graphql: z.ZodDefault<z.ZodOptional<z.ZodObject<{
|
|
1391
|
+
/**
|
|
1392
|
+
* When true, emit a redacted variables block per root resolver call via the
|
|
1393
|
+
* type-graphql global middleware. Default: false in all environments regardless
|
|
1394
|
+
* of NODE_ENV. Env override: `MJ_LOG_GRAPHQL_VARIABLES`.
|
|
1395
|
+
*
|
|
1396
|
+
* SECURITY: this is an opt-in verbose-echo path for developers debugging locally.
|
|
1397
|
+
* The always-on request log line in `context.ts` does NOT emit variables — that
|
|
1398
|
+
* is the load-bearing leak fix. This flag is additive on top of the always-on log.
|
|
1399
|
+
*/
|
|
1400
|
+
logVariables: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
|
|
1401
|
+
}, "strip", z.ZodTypeAny, {
|
|
1402
|
+
logVariables?: boolean;
|
|
1403
|
+
}, {
|
|
1404
|
+
logVariables?: boolean;
|
|
1405
|
+
}>>>;
|
|
1406
|
+
}, "strip", z.ZodTypeAny, {
|
|
1407
|
+
graphql?: {
|
|
1408
|
+
logVariables?: boolean;
|
|
1409
|
+
};
|
|
1410
|
+
}, {
|
|
1411
|
+
graphql?: {
|
|
1412
|
+
logVariables?: boolean;
|
|
1413
|
+
};
|
|
1414
|
+
}>>>;
|
|
1013
1415
|
feedbackSettings: z.ZodDefault<z.ZodOptional<z.ZodObject<{
|
|
1014
1416
|
/** Org-level kill switch for the in-app feedback feature. Defaults to true (enabled). */
|
|
1015
1417
|
enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
|
|
@@ -1093,6 +1495,26 @@ declare const configInfoSchema: z.ZodObject<{
|
|
|
1093
1495
|
CreateUserApplicationRecords?: boolean;
|
|
1094
1496
|
UserApplications?: string[];
|
|
1095
1497
|
};
|
|
1498
|
+
magicLink?: {
|
|
1499
|
+
enabled?: boolean;
|
|
1500
|
+
audience?: string;
|
|
1501
|
+
rsaPrivateKey?: string;
|
|
1502
|
+
defaultExpiresInHours?: number;
|
|
1503
|
+
sessionTokenTtlHours?: number;
|
|
1504
|
+
restrictedRoleName?: string;
|
|
1505
|
+
inviteIssuerRoleNames?: string[];
|
|
1506
|
+
grantableRoleNames?: string[];
|
|
1507
|
+
contextUserForProvisioning?: string;
|
|
1508
|
+
provisioningGuard?: "block" | "warn";
|
|
1509
|
+
communicationProvider?: string;
|
|
1510
|
+
fromAddress?: string;
|
|
1511
|
+
rateLimitWindowMs?: number;
|
|
1512
|
+
redeemRateLimitMax?: number;
|
|
1513
|
+
createRateLimitMax?: number;
|
|
1514
|
+
explorerUrl?: string;
|
|
1515
|
+
} & {
|
|
1516
|
+
[k: string]: unknown;
|
|
1517
|
+
};
|
|
1096
1518
|
databaseSettings?: {
|
|
1097
1519
|
connectionTimeout?: number;
|
|
1098
1520
|
requestTimeout?: number;
|
|
@@ -1223,6 +1645,11 @@ declare const configInfoSchema: z.ZodObject<{
|
|
|
1223
1645
|
evictionSweepIntervalSeconds?: number;
|
|
1224
1646
|
verboseLogging?: boolean;
|
|
1225
1647
|
};
|
|
1648
|
+
loggingSettings?: {
|
|
1649
|
+
graphql?: {
|
|
1650
|
+
logVariables?: boolean;
|
|
1651
|
+
};
|
|
1652
|
+
};
|
|
1226
1653
|
feedbackSettings?: {
|
|
1227
1654
|
enabled?: boolean;
|
|
1228
1655
|
github?: {
|
|
@@ -1267,6 +1694,26 @@ declare const configInfoSchema: z.ZodObject<{
|
|
|
1267
1694
|
CreateUserApplicationRecords?: boolean;
|
|
1268
1695
|
UserApplications?: string[];
|
|
1269
1696
|
};
|
|
1697
|
+
magicLink?: {
|
|
1698
|
+
enabled?: string | number | boolean;
|
|
1699
|
+
audience?: string;
|
|
1700
|
+
rsaPrivateKey?: string;
|
|
1701
|
+
defaultExpiresInHours?: number;
|
|
1702
|
+
sessionTokenTtlHours?: number;
|
|
1703
|
+
restrictedRoleName?: string;
|
|
1704
|
+
inviteIssuerRoleNames?: string[];
|
|
1705
|
+
grantableRoleNames?: string[];
|
|
1706
|
+
contextUserForProvisioning?: string;
|
|
1707
|
+
provisioningGuard?: "block" | "warn";
|
|
1708
|
+
communicationProvider?: string;
|
|
1709
|
+
fromAddress?: string;
|
|
1710
|
+
rateLimitWindowMs?: number;
|
|
1711
|
+
redeemRateLimitMax?: number;
|
|
1712
|
+
createRateLimitMax?: number;
|
|
1713
|
+
explorerUrl?: string;
|
|
1714
|
+
} & {
|
|
1715
|
+
[k: string]: unknown;
|
|
1716
|
+
};
|
|
1270
1717
|
databaseSettings?: {
|
|
1271
1718
|
connectionTimeout?: number;
|
|
1272
1719
|
requestTimeout?: number;
|
|
@@ -1397,6 +1844,11 @@ declare const configInfoSchema: z.ZodObject<{
|
|
|
1397
1844
|
evictionSweepIntervalSeconds?: number;
|
|
1398
1845
|
verboseLogging?: boolean;
|
|
1399
1846
|
};
|
|
1847
|
+
loggingSettings?: {
|
|
1848
|
+
graphql?: {
|
|
1849
|
+
logVariables?: boolean;
|
|
1850
|
+
};
|
|
1851
|
+
};
|
|
1400
1852
|
feedbackSettings?: {
|
|
1401
1853
|
enabled?: boolean;
|
|
1402
1854
|
github?: {
|
|
@@ -1428,6 +1880,7 @@ declare const configInfoSchema: z.ZodObject<{
|
|
|
1428
1880
|
mjCoreSchema?: string;
|
|
1429
1881
|
}>;
|
|
1430
1882
|
export type UserHandlingInfo = z.infer<typeof userHandlingInfoSchema>;
|
|
1883
|
+
export type MagicLinkConfig = z.infer<typeof magicLinkSchema>;
|
|
1431
1884
|
export type DatabaseSettingsInfo = z.infer<typeof databaseSettingsInfoSchema>;
|
|
1432
1885
|
export type ViewingSystemSettingsInfo = z.infer<typeof viewingSystemInfoSchema>;
|
|
1433
1886
|
export type RESTApiOptions = z.infer<typeof restApiOptionsSchema>;
|
|
@@ -1442,6 +1895,7 @@ export type QueryDialectConfig = z.infer<typeof queryDialectSchema>;
|
|
|
1442
1895
|
export type MultiTenancyConfig = z.infer<typeof multiTenancySchema>;
|
|
1443
1896
|
export type ServerExtensionConfig = z.infer<typeof serverExtensionSchema>;
|
|
1444
1897
|
export type CacheSettingsConfig = z.infer<typeof cacheSettingsSchema>;
|
|
1898
|
+
export type LoggingSettingsConfig = z.infer<typeof loggingSettingsSchema>;
|
|
1445
1899
|
export type FeedbackGithubSettingsConfig = z.infer<typeof feedbackGithubSettingsSchema>;
|
|
1446
1900
|
export type FeedbackSettingsConfig = z.infer<typeof feedbackSettingsSchema>;
|
|
1447
1901
|
export type ConfigInfo = z.infer<typeof configInfoSchema>;
|
|
@@ -1481,6 +1935,26 @@ export declare function loadConfig(): {
|
|
|
1481
1935
|
CreateUserApplicationRecords?: boolean;
|
|
1482
1936
|
UserApplications?: string[];
|
|
1483
1937
|
};
|
|
1938
|
+
magicLink?: {
|
|
1939
|
+
enabled?: boolean;
|
|
1940
|
+
audience?: string;
|
|
1941
|
+
rsaPrivateKey?: string;
|
|
1942
|
+
defaultExpiresInHours?: number;
|
|
1943
|
+
sessionTokenTtlHours?: number;
|
|
1944
|
+
restrictedRoleName?: string;
|
|
1945
|
+
inviteIssuerRoleNames?: string[];
|
|
1946
|
+
grantableRoleNames?: string[];
|
|
1947
|
+
contextUserForProvisioning?: string;
|
|
1948
|
+
provisioningGuard?: "block" | "warn";
|
|
1949
|
+
communicationProvider?: string;
|
|
1950
|
+
fromAddress?: string;
|
|
1951
|
+
rateLimitWindowMs?: number;
|
|
1952
|
+
redeemRateLimitMax?: number;
|
|
1953
|
+
createRateLimitMax?: number;
|
|
1954
|
+
explorerUrl?: string;
|
|
1955
|
+
} & {
|
|
1956
|
+
[k: string]: unknown;
|
|
1957
|
+
};
|
|
1484
1958
|
databaseSettings?: {
|
|
1485
1959
|
connectionTimeout?: number;
|
|
1486
1960
|
requestTimeout?: number;
|
|
@@ -1611,6 +2085,11 @@ export declare function loadConfig(): {
|
|
|
1611
2085
|
evictionSweepIntervalSeconds?: number;
|
|
1612
2086
|
verboseLogging?: boolean;
|
|
1613
2087
|
};
|
|
2088
|
+
loggingSettings?: {
|
|
2089
|
+
graphql?: {
|
|
2090
|
+
logVariables?: boolean;
|
|
2091
|
+
};
|
|
2092
|
+
};
|
|
1614
2093
|
feedbackSettings?: {
|
|
1615
2094
|
enabled?: boolean;
|
|
1616
2095
|
github?: {
|
package/dist/config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,QAAA,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAU1B,CAAC;AAEH,QAAA,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAY9B,CAAC;AAEH,QAAA,MAAM,uBAAuB;;;;;;EAE3B,CAAC;AAEH,QAAA,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;EAMxB,CAAC;AA2BH,QAAA,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgBrB,CAAC;AAEH,QAAA,MAAM,uBAAuB;;;;IAI3B;;;;;;OAMG;;;;;;;;;;;;;;;;;;;;;;;;EAMH,CAAC;AAEH,QAAA,MAAM,gBAAgB;;;;;;QAdpB;;;;;;WAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAeH,CAAC;AAEH,QAAA,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAUR,CAAC;AAEjB,QAAA,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAab,CAAC;AAEjB,QAAA,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;EAMvB,CAAC;AAEH,QAAA,MAAM,kBAAkB;IACtB,sGAAsG;;IAEtG,sFAAsF;;;;;;;;EAEtF,CAAC;AAEH,QAAA,MAAM,kBAAkB;IACtB,2EAA2E;;IAE3E,uDAAuD;;IAEvD,2DAA2D;;IAE3D,+EAA+E;;IAE/E,gFAAgF;;IAEhF,4EAA4E;;IAE5E,2DAA2D;;IAE3D,sFAAsF;;IAEtF,kDAAkD;;IAElD,mFAAmF;;;;;;;;;;;;;;;;;;;;;;;;EAEnF,CAAC;AAEH,QAAA,MAAM,eAAe;;;;;;;;;EAKnB,CAAC;AAEH,QAAA,MAAM,qBAAqB;;;;;;;;;;;;;;;gCAKX,CAAC;AAEjB,QAAA,MAAM,mBAAmB;IACvB,4HAA4H;;IAE5H,oHAAoH;;IAEpH,wFAAwF;;IAExF,+FAA+F;;IAE/F,8EAA8E;;;;;;;;;;;;;;EAE9E,CAAC;AAEH,QAAA,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;EAOhC,CAAC;AAEH,QAAA,MAAM,sBAAsB;IAC1B,yFAAyF;;IAEzF,uEAAuE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEvE,CAAC;AAEH,QAAA,MAAM,gBAAgB
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,QAAA,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAU1B,CAAC;AAEH,QAAA,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAY9B,CAAC;AAEH,QAAA,MAAM,uBAAuB;;;;;;EAE3B,CAAC;AAEH,QAAA,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;EAMxB,CAAC;AA2BH,QAAA,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgBrB,CAAC;AAEH,QAAA,MAAM,uBAAuB;;;;IAI3B;;;;;;OAMG;;;;;;;;;;;;;;;;;;;;;;;;EAMH,CAAC;AAEH,QAAA,MAAM,gBAAgB;;;;;;QAdpB;;;;;;WAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAeH,CAAC;AAEH,QAAA,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAUR,CAAC;AAEjB,QAAA,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAab,CAAC;AAEjB,QAAA,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;EAMvB,CAAC;AAEH,QAAA,MAAM,kBAAkB;IACtB,sGAAsG;;IAEtG,sFAAsF;;;;;;;;EAEtF,CAAC;AAEH,QAAA,MAAM,kBAAkB;IACtB,2EAA2E;;IAE3E,uDAAuD;;IAEvD,2DAA2D;;IAE3D,+EAA+E;;IAE/E,gFAAgF;;IAEhF,4EAA4E;;IAE5E,2DAA2D;;IAE3D,sFAAsF;;IAEtF,kDAAkD;;IAElD,mFAAmF;;;;;;;;;;;;;;;;;;;;;;;;EAEnF,CAAC;AAEH,QAAA,MAAM,eAAe;;;;;;;;;EAKnB,CAAC;AAEH,QAAA,MAAM,qBAAqB;;;;;;;;;;;;;;;gCAKX,CAAC;AAEjB,QAAA,MAAM,mBAAmB;IACvB,4HAA4H;;IAE5H,oHAAoH;;IAEpH,wFAAwF;;IAExF,+FAA+F;;IAE/F,8EAA8E;;;;;;;;;;;;;;EAE9E,CAAC;AAEH,QAAA,MAAM,qBAAqB;;QAEvB;;;;;;;;WAQG;;;;;;;;;;;;;;;EAGL,CAAC;AAEH,QAAA,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;EAOhC,CAAC;AAEH,QAAA,MAAM,sBAAsB;IAC1B,yFAAyF;;IAEzF,uEAAuE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEvE,CAAC;AAEH,QAAA,MAAM,eAAe;IACnB,4HAA4H;;IAE5H;;;;OAIG;;IAEH,+EAA+E;;IAE/E,iGAAiG;;IAEjG,mGAAmG;;IAEnG;;;;OAIG;;IAEH;;;;;OAKG;;IAEH,uIAAuI;;IAEvI;;;;;;;OAOG;;IAEH,uMAAuM;;IAEvM,sCAAsC;;IAEtC,uFAAuF;;IAEvF,sGAAsG;;IAEtG,0DAA0D;;IAE1D,0DAA0D;;IAE1D;;;;;OAKG;;;IAvDH,4HAA4H;;IAE5H;;;;OAIG;;IAEH,+EAA+E;;IAE/E,iGAAiG;;IAEjG,mGAAmG;;IAEnG;;;;OAIG;;IAEH;;;;;OAKG;;IAEH,uIAAuI;;IAEvI;;;;;;;OAOG;;IAEH,uMAAuM;;IAEvM,sCAAsC;;IAEtC,uFAAuF;;IAEvF,sGAAsG;;IAEtG,0DAA0D;;IAE1D,0DAA0D;;IAE1D;;;;;OAKG;;;IAvDH,4HAA4H;;IAE5H;;;;OAIG;;IAEH,+EAA+E;;IAE/E,iGAAiG;;IAEjG,mGAAmG;;IAEnG;;;;OAIG;;IAEH;;;;;OAKG;;IAEH,uIAAuI;;IAEvI;;;;;;;OAOG;;IAEH,uMAAuM;;IAEvM,sCAAsC;;IAEtC,uFAAuF;;IAEvF,sGAAsG;;IAEtG,0DAA0D;;IAE1D,0DAA0D;;IAE1D;;;;;OAKG;;gCAEW,CAAC;AAEjB,QAAA,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QA3DpB,4HAA4H;;QAE5H;;;;WAIG;;QAEH,+EAA+E;;QAE/E,iGAAiG;;QAEjG,mGAAmG;;QAEnG;;;;WAIG;;QAEH;;;;;WAKG;;QAEH,uIAAuI;;QAEvI;;;;;;;WAOG;;QAEH,uMAAuM;;QAEvM,sCAAsC;;QAEtC,uFAAuF;;QAEvF,sGAAsG;;QAEtG,0DAA0D;;QAE1D,0DAA0D;;QAE1D;;;;;WAKG;;;QAvDH,4HAA4H;;QAE5H;;;;WAIG;;QAEH,+EAA+E;;QAE/E,iGAAiG;;QAEjG,mGAAmG;;QAEnG;;;;WAIG;;QAEH;;;;;WAKG;;QAEH,uIAAuI;;QAEvI;;;;;;;WAOG;;QAEH,uMAAuM;;QAEvM,sCAAsC;;QAEtC,uFAAuF;;QAEvF,sGAAsG;;QAEtG,0DAA0D;;QAE1D,0DAA0D;;QAE1D;;;;;WAKG;;;QAvDH,4HAA4H;;QAE5H;;;;WAIG;;QAEH,+EAA+E;;QAE/E,iGAAiG;;QAEjG,mGAAmG;;QAEnG;;;;WAIG;;QAEH;;;;;WAKG;;QAEH,uIAAuI;;QAEvI;;;;;;;WAOG;;QAEH,uMAAuM;;QAEvM,sCAAsC;;QAEtC,uFAAuF;;QAEvF,sGAAsG;;QAEtG,0DAA0D;;QAE1D,0DAA0D;;QAE1D;;;;;WAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YA1MH;;;;;;eAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAqDH,sGAAsG;;QAEtG,sFAAsF;;;;;;;;;;QAKtF,2EAA2E;;QAE3E,uDAAuD;;QAEvD,2DAA2D;;QAE3D,+EAA+E;;QAE/E,gFAAgF;;QAEhF,4EAA4E;;QAE5E,2DAA2D;;QAE3D,sFAAsF;;QAEtF,kDAAkD;;QAElD,mFAAmF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAmBnF,4HAA4H;;QAE5H,oHAAoH;;QAEpH,wFAAwF;;QAExF,+FAA+F;;QAE/F,8EAA8E;;;;;;;;;;;;;;;;;YAM5E;;;;;;;;eAQG;;;;;;;;;;;;;;;;;QAeL,yFAAyF;;QAEzF,uEAAuE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgHvE,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAC9E,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAChF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AACxE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC9D,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACpE,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAC9E,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AACtE,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAC9D,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACpE,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACpE,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AACtE,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAC1E,MAAM,MAAM,4BAA4B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AACxF,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAC5E,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE1D;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,qBAAqB,EAAE,OAAO,CAAC,UAAU,CAuKrD,CAAC;AAEF,eAAO,MAAM,UAAU,EAAE,UAAyB,CAAC;AAEnD,eAAO,MACL,UAAU,UACV,UAAU,UACV,MAAM,UACN,UAAU,UACV,MAAM,UACN,wBAAwB,aACxB,cAAc,UACd,WAAW,UACX,gBAAgB,UAChB,iBAAiB,UACjB,4BAA4B,UAC5B,eAAe,UACf,mBAAmB,WACnB,qBAAqB,UACrB,YAAY,0BACZ,MAAM,UACN,OAAO,UACP,SAAS,UACK,cAAc,UAC5B,kBAAkB,UAClB,kBAAkB,UACF,cAAc;;;;;;CAClB,CAAC;AAEf,wBAAgB,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuBzB"}
|