@naylence/advanced-security 0.4.4 → 0.4.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/index.cjs +201 -18
- package/dist/browser/index.mjs +200 -17
- package/dist/cjs/naylence/fame/expr/builtins.js +1 -1
- package/dist/cjs/naylence/fame/expr/builtins.js.map +1 -1
- package/dist/cjs/naylence/fame/security/auth/policy/advanced-authorization-policy.js +32 -13
- package/dist/cjs/naylence/fame/security/auth/policy/advanced-authorization-policy.js.map +1 -1
- package/dist/cjs/naylence/fame/security/auth/policy/expr-builtins.js +166 -2
- package/dist/cjs/naylence/fame/security/auth/policy/expr-builtins.js.map +1 -1
- package/dist/cjs/naylence/fame/security/auth/policy/index.js +1 -1
- package/dist/cjs/naylence/fame/security/auth/policy/index.js.map +1 -1
- package/dist/cjs/version.js +2 -2
- package/dist/esm/naylence/fame/expr/builtins.js +1 -1
- package/dist/esm/naylence/fame/expr/builtins.js.map +1 -1
- package/dist/esm/naylence/fame/security/auth/policy/advanced-authorization-policy.js +32 -13
- package/dist/esm/naylence/fame/security/auth/policy/advanced-authorization-policy.js.map +1 -1
- package/dist/esm/naylence/fame/security/auth/policy/expr-builtins.js +166 -2
- package/dist/esm/naylence/fame/security/auth/policy/expr-builtins.js.map +1 -1
- package/dist/esm/naylence/fame/security/auth/policy/index.js +1 -1
- package/dist/esm/naylence/fame/security/auth/policy/index.js.map +1 -1
- package/dist/esm/version.js +2 -2
- package/dist/node/index.cjs +203 -18
- package/dist/node/index.mjs +201 -18
- package/dist/node/node.cjs +203 -18
- package/dist/node/node.mjs +201 -18
- package/dist/types/naylence/fame/security/auth/policy/advanced-authorization-policy.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/auth/policy/expr-builtins.d.ts +71 -1
- package/dist/types/naylence/fame/security/auth/policy/expr-builtins.d.ts.map +1 -1
- package/dist/types/naylence/fame/security/auth/policy/index.d.ts +1 -1
- package/dist/types/naylence/fame/security/auth/policy/index.d.ts.map +1 -1
- package/dist/types/version.d.ts +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"advanced-authorization-policy.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/advanced-authorization-policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH,OAAO,EACL,kBAAkB,EAClB,+BAA+B,EAC/B,mBAAmB,EACnB,iBAAiB,EACjB,aAAa,EACb,aAAa,EACb,kBAAkB,GAEnB,MAAM,mBAAmB,CAAC;AAE3B;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,MAAM;IACN,aAAa;IACb,YAAY;IACZ,WAAW;IACX,aAAa;IACb,eAAe;IACf,aAAa;IACb,eAAe;IACf,qBAAqB;IACrB,oBAAoB;IACpB,eAAe;IACf,kBAAkB;IAClB,cAAc;IACd,aAAa;IACb,YAAY;IACZ,YAAY;IACZ,cAAc;IACd,aAAa;CACL,CAAC;AAIX,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAChD,OAAO,EACL,iBAAiB,GAElB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAUhE;;GAEG;AACH,MAAM,aAAa,GAAW;IAC5B,KAAK,EAAE,GAAG,EAAE,GAA6B,CAAC;IAC1C,OAAO,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACvB,OAAO,CAAC,IAAI,CAAC,8CAA8C,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;IAC5E,CAAC;CACF,CAAC;AA8BF;;GAEG;AACH,SAAS,cAAc,CAAC,QAAsB;IAC5C,MAAM,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;IACvB,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,UAAU,IAAI,EAAE,EAAE,CAAC;QAC/C,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;IACvB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,OAA6B;IAE7B,MAAM,WAAW,GAAG,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC;IACrD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;QAC7C,OAAO,WAAW,CAAC,aAAa,CAAC;IACnC,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,MAA6C,CAAC;IACzE,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,GAAG,CAAC;QAE/D,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,MAAM,CACtB,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAC1C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,OAA6B;IAE7B,MAAM,WAAW,GAAG,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC;IACrD,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,WAAW,CAAC,MAAmC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,QAAsB;IAEtB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAA4C,CAAC;IACpE,MAAM,cAAc,GAAG,QAAmC,CAAC;IAE3D,OAAO;QACL,EAAE,EAAE,QAAQ,CAAC,EAAY,IAAI,IAAI;QACjC,OAAO,EAAE,cAAc,CAAC,OAAiB,IAAI,IAAI;QACjD,MAAM,EAAE,cAAc,CAAC,MAAgB,IAAI,IAAI;QAC/C,MAAM,EAAE,cAAc,CAAC,MAAgB,IAAI,IAAI;QAC/C,EAAE,EAAE,cAAc,CAAC,QAAQ,CAAC,IAAI,IAAI;QACpC,KAAK,EAAE,KAAK;YACV,CAAC,CAAC,EAAE,IAAI,EAAG,KAAK,CAAC,IAAsB,IAAI,IAAI,EAAE;YACjD,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;KACnB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,OAAwC,EACxC,MAAkB;IAElB,OAAO;QACL,WAAW,EAAE,OAAO,EAAE,UAAU,IAAI,IAAI;QACxC,cAAc,EAAE,MAAM;KACvB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,IAAc;IAEd,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,IAAI;QACrB,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;KAClC,CAAC;AACJ,CAAC;AA6BD;;;;;;;;;GASG;AACH,MAAM,OAAO,2BAA2B;IAMtC,YAAY,OAA2C;QACrD,MAAM,EACJ,gBAAgB,EAChB,mBAAmB,GAAG,IAAI,EAC1B,gBAAgB,GAAG,yBAAyB,EAC5C,MAAM,GAAG,aAAa,GACvB,GAAG,OAAO,CAAC;QAEZ,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,sCAAsC;QACtC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,qBAAqB,CAC7C,gBAAgB,CAAC,cAAc,CAChC,CAAC;QAEF,mCAAmC;QACnC,IAAI,mBAAmB,EAAE,CAAC;YACxB,IAAI,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC;QACjD,CAAC;QAED,yCAAyC;QACzC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,YAAY,CACpC,gBAAgB,CAAC,KAAK,EACtB,mBAAmB,CACpB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE;YAC9C,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;YACpC,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM;SAClE,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,IAAc,EACd,QAAsB,EACtB,OAA6B,EAC7B,MAAmB;QAEnB,MAAM,cAAc,GAAe,MAAM,IAAI,GAAG,CAAC;QACjD,MAAM,wBAAwB,GAC5B,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,IAAI,cAAc,CAAC;QAC9D,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,YAAY,GAAI,QAAQ,CAAC,KAAuC;YACpE,EAAE,IAAI,CAAC;QACT,MAAM,mBAAmB,GACvB,OAAO,YAAY,KAAK,QAAQ,IAAI,YAAY,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;YAChE,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,CAAC,CAAC,EAAE,CAAC;QACT,MAAM,aAAa,GAAG,OAAO,EAAE,UAAU,CAAC;QAC1C,MAAM,oBAAoB,GACxB,OAAO,aAAa,KAAK,QAAQ;YAC/B,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,aAAa,CAAC,IAAI,SAAS;YAC3D,CAAC,CAAC,SAAS,CAAC;QAEhB,qCAAqC;QACrC,IAAI,kBAAkB,GAAqC,IAAI,CAAC;QAChE,IAAI,gBAAgB,GAA4B,IAAI,CAAC;QAErD,MAAM,eAAe,GAAkC,EAAE,CAAC;QAE1D,6CAA6C;QAC7C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,GAAgC;gBACxC,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,MAAM,EAAE,KAAK;aACd,CAAC;YAEF,yBAAyB;YACzB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACpB,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBACzB,IAAI,CAAC,UAAU,GAAG,qBAAqB,CAAC;oBACxC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CAAC;oBAC9C,IAAI,CAAC,UAAU,GAAG,eAAe,YAAY,IAAI,SAAS,kBAAkB,CAAC;oBAC7E,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;YACH,CAAC;YAED,0BAA0B;YAC1B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;oBACvC,IAAI,CAAC,UAAU,GAAG,6CAA6C,CAAC;oBAChE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,CAAC;oBAChD,IAAI,CAAC,UAAU,GAAG,gBAAgB,aAAa,IAAI,SAAS,YAAY,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;oBACnH,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;YACH,CAAC;YAED,qBAAqB;YACrB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC1E,IAAI,CAAC,UAAU,GAAG,WAAW,wBAAwB,YAAY,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;gBACxG,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;gBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3B,SAAS;YACX,CAAC;YAED,sBAAsB;YACtB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBACzB,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,IAAI,CAAC,UAAU,GAAG,sDAAsD,CAAC;oBACzE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBACnE,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACtE,IAAI,CAAC,UAAU,GAAG,qBAAqB,QAAQ,aAAa,OAAO,EAAE,CAAC;oBACtE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;YACH,CAAC;YAED,oBAAoB;YACpB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACtB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC;oBACtC,IAAI,CAAC,UAAU,GAAG,kCAAkC,CAAC;oBACrD,IAAI,CAAC,WAAW,GAAG,EAAE,aAAa,EAAE,CAAC,GAAG,aAAa,CAAC,EAAE,CAAC;oBACzD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;YACH,CAAC;YAED,wBAAwB;YACxB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,oCAAoC;gBACpC,IAAI,CAAC,UAAU,GAAG,uBAAuB,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC/D,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;gBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3B,SAAS;YACX,CAAC;YAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,6CAA6C;gBAC7C,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBACxB,kBAAkB,GAAG;wBACnB,MAAM,EAAE,aAAa,CAAC,OAAO,CAAC;wBAC9B,QAAQ,EAAE,sBAAsB,CAAC,QAAQ,CAAC;wBAC1C,QAAQ,EAAE,sBAAsB,CAAC,OAAO,EAAE,cAAc,CAAC;wBACzD,IAAI,EAAE,kBAAkB,CAAC,IAAI,CAAC;wBAC9B,IAAI,EAAE;4BACJ,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE;4BAClB,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;yBAClC;qBACF,CAAC;gBACJ,CAAC;gBAED,MAAM,SAAS,GACb,gBAAgB,IAAI,0BAA0B,CAAC,aAAa,CAAC,CAAC;gBAChE,gBAAgB,GAAG,SAAS,CAAC;gBAE7B,MAAM,WAAW,GAAsB;oBACrC,QAAQ,EAAE,kBAAkB;oBAC5B,MAAM,EAAE,IAAI,CAAC,gBAAgB;oBAC7B,MAAM,EAAE,IAAI,CAAC,UAAU;oBACvB,SAAS;iBACV,CAAC;gBAEF,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;gBAEhE,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;oBACrB,yCAAyC;oBACzC,IAAI,CAAC,UAAU,GAAG,4BAA4B,UAAU,CAAC,KAAK,EAAE,CAAC;oBACjE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;oBACtB,gCAAgC;oBAChC,IAAI,CAAC,UAAU,GAAG,qCAAqC,CAAC;oBACxD,IAAI,CAAC,WAAW,GAAG;wBACjB,cAAc,EAAE,IAAI,CAAC,UAAU;qBAChC,CAAC;oBACF,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,CAAC,UAAU,GAAG,oCAAoC,CAAC;YACzD,CAAC;YAED,eAAe;YACf,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrB,IAAI,CAAC,UAAU,GAAG,wBAAwB,CAAC;YAC7C,CAAC;YACD,IAAI,CAAC,WAAW,GAAG;gBACjB,MAAM,EAAE,cAAc;gBACtB,OAAO;gBACP,aAAa,EAAE,CAAC,GAAG,aAAa,CAAC;gBACjC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChE,CAAC;YACF,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE;gBAChC,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,MAAM,EAAE,cAAc;gBACtB,OAAO;gBACP,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;aACrC,CAAC,CAAC;YAEH,OAAO;gBACL,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,MAAM,EAAE,IAAI,CAAC,WAAW,IAAI,iBAAiB,IAAI,CAAC,EAAE,EAAE;gBACtD,WAAW,EAAE,IAAI,CAAC,EAAE;gBACpB,eAAe;aAChB,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE;YACnC,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,MAAM,EAAE,cAAc;YACtB,OAAO;SACR,CAAC,CAAC;QAEH,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,aAAa;YAC1B,MAAM,EAAE,6CAA6C,IAAI,CAAC,aAAa,EAAE;YACzE,eAAe;SAChB,CAAC;IACJ,CAAC;IAEO,qBAAqB,CAAC,MAAe;QAC3C,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YAC5C,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,CAAC,MAAM,CAAC,8BAA8B,CACzE,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,uBAAuB,CAC7B,UAAyC;QAEzC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAClC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IAEO,YAAY,CAClB,KAAoC,EACpC,aAAsB;QAEtB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC;IAClF,CAAC;IAEO,WAAW,CACjB,IAAiC,EACjC,KAAa,EACb,aAAsB;QAEtB,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,IAAI,QAAQ,KAAK,EAAE,CAAC;QAEtC,kBAAkB;QAClB,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,2BAA2B,EAAE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,8BAA8B,CACtF,CAAC;QACJ,CAAC;QAED,oBAAoB;QACpB,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAErD,2BAA2B;QAC3B,MAAM,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAE9D,4BAA4B;QAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,UAA2C,EAAE,EAAE,CAAC,CAAC;QAEhG,6BAA6B;QAC7B,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAElE,wBAAwB;QACxB,IAAI,YAAkE,CAAC;QACvE,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,+BAA+B,CAC9C,IAAI,CAAC,KAAyB,EAC9B,EAAE,CACH,CAAC;gBACF,YAAY,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,sCAAsC,EAAE,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,IAAI,OAA4B,CAAC;QACjC,IAAI,UAA8B,CAAC;QACnC,IAAI,cAAkC,CAAC;QAEvC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjE,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,OAAO,GAAG,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,0CAA0C;gBAC1C,cAAc;oBACZ,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACzD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,kBAAkB,EAAE;oBACtC,MAAM,EAAE,EAAE;oBACV,UAAU,EAAE,UAAU;oBACtB,KAAK,EAAE,cAAc;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,aAAa,EAAE,CAAC;YAClB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,EAAE;YACF,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO;YACP,UAAU;YACV,WAAW;YACX,eAAe;YACf,YAAY;YACZ,OAAO;YACP,UAAU;YACV,cAAc;SACf,CAAC;IACJ,CAAC;IAEO,cAAc,CACpB,MAAuD,EACvD,MAAc;QAEd,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,OAAO,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACxB,CAAC;QAED,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,OAAO,MAAM,sBAAsB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC/F,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QAC/B,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,yCAAyC,CAC3E,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,4BAA4B,CAC9D,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAc,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,+BAA+B,CACjE,CAAC;YACJ,CAAC;YACD,MAAM,UAAU,GAAG,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;YAChD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,OAAO,CAAC,sBAAsB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1F,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC1B,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,cAAc,CACpB,OAAsC,EACtC,MAAc;QAEd,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,OAAO,GAAG,oBAAoB,MAAM,GAAG,CAAC;QAE9C,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,4BAA4B,CAC/D,CAAC;YACJ,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YAChD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACjG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,yCAAyC,CAC5E,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,4BAA4B,CAC/D,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,+BAA+B,CAClE,CAAC;YACJ,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,6BAA6B,CAChE,CAAC;YACJ,CAAC;YACD,IAAI,CAAC;gBACH,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACjG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,iBAAiB,CACvB,SAAwC,EACxC,MAAc;QAEd,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,4BAA4B,CAClE,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,OAAc,CAAC,EAAE,CAAC;gBAChD,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,OAAO,OAAO,sBAAsB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxG,CAAC;YACJ,CAAC;YACD,sCAAsC;YACtC,OAAO,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,yCAAyC,CAC/E,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,4BAA4B,CAClE,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,+BAA+B,CACrE,CAAC;YACJ,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,6BAA6B,CACnE,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,OAAc,CAAC,EAAE,CAAC;gBAChD,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,OAAO,OAAO,sBAAsB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxG,CAAC;YACJ,CAAC;YACD,sCAAsC;YACtC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,kBAAkB,CACxB,UAAyC,EACzC,MAAc;QAEd,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,4BAA4B,CACnE,CAAC;YACJ,CAAC;YACD,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;YAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,OAAO,UAAU,sBAAsB,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC7G,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QAC/B,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,yCAAyC,CAChF,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,4BAA4B,CACnE,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QACtC,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,+BAA+B,CACtE,CAAC;YACJ,CAAC;YACD,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,6BAA6B,CACpE,CAAC;YACJ,CAAC;YACD,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;YAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,OAAO,EAAE,sBAAsB,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACrG,CAAC;YACJ,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC9B,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,oBAAoB,CAAC,KAAa;QACxC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACpB,OAAO,GAAG,CAAC;QACb,CAAC;QACD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACjE,MAAM,GAAG,GAA+B;YACtC,OAAO,EAAE,SAAS;YAClB,eAAe,EAAE,iBAAiB;YAClC,iBAAiB,EAAE,mBAAmB;YACtC,WAAW,EAAE,aAAa;YAC1B,YAAY,EAAE,cAAc;SAC7B,CAAC;QACF,OAAO,GAAG,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;IACjC,CAAC;IAEO,wBAAwB,CAAC,KAAa;QAC5C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACjE,MAAM,GAAG,GAA2B;YAClC,UAAU,EAAE,YAAY;YACxB,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,OAAO;SACf,CAAC;QACF,OAAO,GAAG,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;IACjC,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"advanced-authorization-policy.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/advanced-authorization-policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH,OAAO,EACL,kBAAkB,EAClB,+BAA+B,EAC/B,mBAAmB,EACnB,iBAAiB,EACjB,aAAa,EACb,aAAa,EACb,kBAAkB,GAEnB,MAAM,mBAAmB,CAAC;AAE3B;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,MAAM;IACN,aAAa;IACb,YAAY;IACZ,WAAW;IACX,aAAa;IACb,eAAe;IACf,aAAa;IACb,eAAe;IACf,qBAAqB;IACrB,oBAAoB;IACpB,eAAe;IACf,kBAAkB;IAClB,cAAc;IACd,aAAa;IACb,YAAY;IACZ,YAAY;IACZ,cAAc;IACd,aAAa;CACL,CAAC;AAIX,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAChD,OAAO,EACL,iBAAiB,GAElB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,GAEvB,MAAM,oBAAoB,CAAC;AAU5B;;GAEG;AACH,MAAM,aAAa,GAAW;IAC5B,KAAK,EAAE,GAAG,EAAE,GAA6B,CAAC;IAC1C,OAAO,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACvB,OAAO,CAAC,IAAI,CAAC,8CAA8C,KAAK,EAAE,EAAE,IAAI,CAAC,CAAC;IAC5E,CAAC;CACF,CAAC;AA8BF;;GAEG;AACH,SAAS,cAAc,CAAC,QAAsB;IAC5C,MAAM,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;IACvB,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,UAAU,IAAI,EAAE,EAAE,CAAC;QAC/C,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC;IACvB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAC3B,OAA6B;IAE7B,MAAM,WAAW,GAAG,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC;IACrD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;QAC7C,OAAO,WAAW,CAAC,aAAa,CAAC;IACnC,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,MAA6C,CAAC;IACzE,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,GAAG,CAAC;QAE/D,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,OAAO,UAAU,CAAC,MAAM,CACtB,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAC1C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,OAA6B;IAE7B,MAAM,WAAW,GAAG,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC;IACrD,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;QACzB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,WAAW,CAAC,MAAmC,CAAC;AACzD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,sBAAsB,CAC7B,QAAsB;IAEtB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAA4C,CAAC;IACpE,MAAM,cAAc,GAAG,QAAmC,CAAC;IAC3D,MAAM,GAAG,GAAG,cAAc,CAAC,GAEd,CAAC;IAEd,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAErD,OAAO;QACL,QAAQ,EAAE;YACR,EAAE,EAAG,QAAQ,CAAC,EAAa,IAAI,IAAI;YACnC,GAAG,EAAG,cAAc,CAAC,GAAc,IAAI,IAAI;YAC3C,OAAO,EAAG,cAAc,CAAC,OAAkB,IAAI,IAAI;YACnD,MAAM,EAAG,cAAc,CAAC,MAAiB,IAAI,IAAI;YACjD,MAAM,EAAG,cAAc,CAAC,MAAiB,IAAI,IAAI;YACjD,EAAE,EAAE,cAAc,CAAC,QAAQ,CAAC,IAAI,IAAI;YACpC,KAAK,EAAE,KAAK;gBACV,CAAC,CAAC,EAAE,IAAI,EAAG,KAAK,CAAC,IAAsB,IAAI,IAAI,EAAE;gBACjD,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;YAClB,GAAG,EAAE,gBAAwC;SAC9C;QACD,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,OAAwC,EACxC,MAAkB;IAElB,OAAO;QACL,WAAW,EAAE,OAAO,EAAE,UAAU,IAAI,IAAI;QACxC,cAAc,EAAE,MAAM;KACvB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,IAAc;IAEd,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,IAAI;QACrB,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;KAClC,CAAC;AACJ,CAAC;AA6BD;;;;;;;;;GASG;AACH,MAAM,OAAO,2BAA2B;IAMtC,YAAY,OAA2C;QACrD,MAAM,EACJ,gBAAgB,EAChB,mBAAmB,GAAG,IAAI,EAC1B,gBAAgB,GAAG,yBAAyB,EAC5C,MAAM,GAAG,aAAa,GACvB,GAAG,OAAO,CAAC;QAEZ,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,sCAAsC;QACtC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,qBAAqB,CAC7C,gBAAgB,CAAC,cAAc,CAChC,CAAC;QAEF,mCAAmC;QACnC,IAAI,mBAAmB,EAAE,CAAC;YACxB,IAAI,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC;QACjD,CAAC;QAED,yCAAyC;QACzC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,YAAY,CACpC,gBAAgB,CAAC,KAAK,EACtB,mBAAmB,CACpB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE;YAC9C,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;YACpC,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM;SAClE,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,IAAc,EACd,QAAsB,EACtB,OAA6B,EAC7B,MAAmB;QAEnB,MAAM,cAAc,GAAe,MAAM,IAAI,GAAG,CAAC;QACjD,MAAM,wBAAwB,GAC5B,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,IAAI,cAAc,CAAC;QAC9D,MAAM,OAAO,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,aAAa,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,YAAY,GAAI,QAAQ,CAAC,KAAuC;YACpE,EAAE,IAAI,CAAC;QACT,MAAM,mBAAmB,GACvB,OAAO,YAAY,KAAK,QAAQ,IAAI,YAAY,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;YAChE,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,CAAC,CAAC,EAAE,CAAC;QACT,MAAM,aAAa,GAAG,OAAO,EAAE,UAAU,CAAC;QAC1C,MAAM,oBAAoB,GACxB,OAAO,aAAa,KAAK,QAAQ;YAC/B,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,aAAa,CAAC,IAAI,SAAS;YAC3D,CAAC,CAAC,SAAS,CAAC;QAEhB,qCAAqC;QACrC,IAAI,kBAAkB,GAAqC,IAAI,CAAC;QAChE,IAAI,gBAAgB,GAA4B,IAAI,CAAC;QAErD,MAAM,eAAe,GAAkC,EAAE,CAAC;QAE1D,6CAA6C;QAC7C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,GAAgC;gBACxC,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,MAAM,EAAE,KAAK;aACd,CAAC;YAEF,yBAAyB;YACzB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACpB,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBACzB,IAAI,CAAC,UAAU,GAAG,qBAAqB,CAAC;oBACxC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CAAC;oBAC9C,IAAI,CAAC,UAAU,GAAG,eAAe,YAAY,IAAI,SAAS,kBAAkB,CAAC;oBAC7E,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;YACH,CAAC;YAED,0BAA0B;YAC1B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;oBACvC,IAAI,CAAC,UAAU,GAAG,6CAA6C,CAAC;oBAChE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,CAAC;oBAChD,IAAI,CAAC,UAAU,GAAG,gBAAgB,aAAa,IAAI,SAAS,YAAY,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;oBACnH,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;YACH,CAAC;YAED,qBAAqB;YACrB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,EAAE,CAAC;gBAC1E,IAAI,CAAC,UAAU,GAAG,WAAW,wBAAwB,YAAY,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;gBACxG,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;gBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3B,SAAS;YACX,CAAC;YAED,sBAAsB;YACtB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBACzB,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,IAAI,CAAC,UAAU,GAAG,sDAAsD,CAAC;oBACzE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;gBACnE,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACtE,IAAI,CAAC,UAAU,GAAG,qBAAqB,QAAQ,aAAa,OAAO,EAAE,CAAC;oBACtE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;YACH,CAAC;YAED,oBAAoB;YACpB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACtB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC;oBACtC,IAAI,CAAC,UAAU,GAAG,kCAAkC,CAAC;oBACrD,IAAI,CAAC,WAAW,GAAG,EAAE,aAAa,EAAE,CAAC,GAAG,aAAa,CAAC,EAAE,CAAC;oBACzD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;YACH,CAAC;YAED,wBAAwB;YACxB,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,oCAAoC;gBACpC,IAAI,CAAC,UAAU,GAAG,uBAAuB,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC/D,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;gBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3B,SAAS;YACX,CAAC;YAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,kEAAkE;gBAClE,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBACxB,MAAM,cAAc,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;oBACxD,kBAAkB,GAAG;wBACnB,MAAM,EAAE,aAAa,CAAC,OAAO,CAAC;wBAC9B,QAAQ,EAAE,cAAc,CAAC,QAAQ;wBACjC,QAAQ,EAAE,sBAAsB,CAAC,OAAO,EAAE,cAAc,CAAC;wBACzD,IAAI,EAAE,kBAAkB,CAAC,IAAI,CAAC;wBAC9B,IAAI,EAAE;4BACJ,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE;4BAClB,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;yBAClC;qBACF,CAAC;oBAEF,wEAAwE;oBACxE,gBAAgB,GAAG,0BAA0B,CAAC;wBAC5C,aAAa;wBACb,gBAAgB,EAAE,cAAc,CAAC,gBAAgB;qBAClD,CAAC,CAAC;gBACL,CAAC;gBAED,MAAM,SAAS,GAAqB,gBAAiB,CAAC;gBAEtD,MAAM,WAAW,GAAsB;oBACrC,QAAQ,EAAE,kBAAkB;oBAC5B,MAAM,EAAE,IAAI,CAAC,gBAAgB;oBAC7B,MAAM,EAAE,IAAI,CAAC,UAAU;oBACvB,SAAS;iBACV,CAAC;gBAEF,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;gBAEhE,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;oBACrB,yCAAyC;oBACzC,IAAI,CAAC,UAAU,GAAG,4BAA4B,UAAU,CAAC,KAAK,EAAE,CAAC;oBACjE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;oBACtB,gCAAgC;oBAChC,IAAI,CAAC,UAAU,GAAG,qCAAqC,CAAC;oBACxD,IAAI,CAAC,WAAW,GAAG;wBACjB,cAAc,EAAE,IAAI,CAAC,UAAU;qBAChC,CAAC;oBACF,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;oBACpB,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC3B,SAAS;gBACX,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,CAAC,UAAU,GAAG,oCAAoC,CAAC;YACzD,CAAC;YAED,eAAe;YACf,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrB,IAAI,CAAC,UAAU,GAAG,wBAAwB,CAAC;YAC7C,CAAC;YACD,IAAI,CAAC,WAAW,GAAG;gBACjB,MAAM,EAAE,cAAc;gBACtB,OAAO;gBACP,aAAa,EAAE,CAAC,GAAG,aAAa,CAAC;gBACjC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAChE,CAAC;YACF,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE;gBAChC,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,MAAM,EAAE,cAAc;gBACtB,OAAO;gBACP,aAAa,EAAE,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;aACrC,CAAC,CAAC;YAEH,OAAO;gBACL,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,MAAM,EAAE,IAAI,CAAC,WAAW,IAAI,iBAAiB,IAAI,CAAC,EAAE,EAAE;gBACtD,WAAW,EAAE,IAAI,CAAC,EAAE;gBACpB,eAAe;aAChB,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAAE;YACnC,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,MAAM,EAAE,cAAc;YACtB,OAAO;SACR,CAAC,CAAC;QAEH,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,aAAa;YAC1B,MAAM,EAAE,6CAA6C,IAAI,CAAC,aAAa,EAAE;YACzE,eAAe;SAChB,CAAC;IACJ,CAAC;IAEO,qBAAqB,CAAC,MAAe;QAC3C,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YAC5C,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,CAAC,MAAM,CAAC,8BAA8B,CACzE,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,uBAAuB,CAC7B,UAAyC;QAEzC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAClC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;IAEO,YAAY,CAClB,KAAoC,EACpC,aAAsB;QAEtB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC;IAClF,CAAC;IAEO,WAAW,CACjB,IAAiC,EACjC,KAAa,EACb,aAAsB;QAEtB,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,IAAI,QAAQ,KAAK,EAAE,CAAC;QAEtC,kBAAkB;QAClB,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CACb,2BAA2B,EAAE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,8BAA8B,CACtF,CAAC;QACJ,CAAC;QAED,oBAAoB;QACpB,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAErD,2BAA2B;QAC3B,MAAM,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAE9D,4BAA4B;QAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,UAA2C,EAAE,EAAE,CAAC,CAAC;QAEhG,6BAA6B;QAC7B,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAElE,wBAAwB;QACxB,IAAI,YAAkE,CAAC;QACvE,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,+BAA+B,CAC9C,IAAI,CAAC,KAAyB,EAC9B,EAAE,CACH,CAAC;gBACF,YAAY,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,sCAAsC,EAAE,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACvG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,IAAI,OAA4B,CAAC;QACjC,IAAI,UAA8B,CAAC;QACnC,IAAI,cAAkC,CAAC;QAEvC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjE,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,OAAO,GAAG,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,0CAA0C;gBAC1C,cAAc;oBACZ,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACzD,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,kBAAkB,EAAE;oBACtC,MAAM,EAAE,EAAE;oBACV,UAAU,EAAE,UAAU;oBACtB,KAAK,EAAE,cAAc;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,aAAa,EAAE,CAAC;YAClB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;gBACxE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,EAAE;YACF,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO;YACP,UAAU;YACV,WAAW;YACX,eAAe;YACf,YAAY;YACZ,OAAO;YACP,UAAU;YACV,cAAc;SACf,CAAC;IACJ,CAAC;IAEO,cAAc,CACpB,MAAuD,EACvD,MAAc;QAEd,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,OAAO,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACxB,CAAC;QAED,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,OAAO,MAAM,sBAAsB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC/F,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QAC/B,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,yCAAyC,CAC3E,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,4BAA4B,CAC9D,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAc,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,+BAA+B,CACjE,CAAC;YACJ,CAAC;YACD,MAAM,UAAU,GAAG,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;YAChD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,OAAO,CAAC,sBAAsB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1F,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC1B,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,cAAc,CACpB,OAAsC,EACtC,MAAc;QAEd,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,OAAO,GAAG,oBAAoB,MAAM,GAAG,CAAC;QAE9C,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,4BAA4B,CAC/D,CAAC;YACJ,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YAChD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACjG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,yCAAyC,CAC5E,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,4BAA4B,CAC/D,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,+BAA+B,CAClE,CAAC;YACJ,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,6BAA6B,CAChE,CAAC;YACJ,CAAC;YACD,IAAI,CAAC;gBACH,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACtD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,MAAM,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACjG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,iBAAiB,CACvB,SAAwC,EACxC,MAAc;QAEd,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,4BAA4B,CAClE,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,OAAc,CAAC,EAAE,CAAC;gBAChD,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,OAAO,OAAO,sBAAsB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxG,CAAC;YACJ,CAAC;YACD,sCAAsC;YACtC,OAAO,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,yCAAyC,CAC/E,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,4BAA4B,CAClE,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,+BAA+B,CACrE,CAAC;YACJ,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,6BAA6B,CACnE,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,OAAc,CAAC,EAAE,CAAC;gBAChD,MAAM,IAAI,KAAK,CACb,+BAA+B,MAAM,OAAO,OAAO,sBAAsB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACxG,CAAC;YACJ,CAAC;YACD,sCAAsC;YACtC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,kBAAkB,CACxB,UAAyC,EACzC,MAAc;QAEd,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,4BAA4B,CACnE,CAAC;YACJ,CAAC;YACD,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;YAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,OAAO,UAAU,sBAAsB,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC7G,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QAC/B,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,yCAAyC,CAChF,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,4BAA4B,CACnE,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QACtC,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,+BAA+B,CACtE,CAAC;YACJ,CAAC;YACD,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,6BAA6B,CACpE,CAAC;YACJ,CAAC;YACD,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;YAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,OAAO,EAAE,sBAAsB,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACrG,CAAC;YACJ,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC9B,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,oBAAoB,CAAC,KAAa;QACxC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACpB,OAAO,GAAG,CAAC;QACb,CAAC;QACD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACjE,MAAM,GAAG,GAA+B;YACtC,OAAO,EAAE,SAAS;YAClB,eAAe,EAAE,iBAAiB;YAClC,iBAAiB,EAAE,mBAAmB;YACtC,WAAW,EAAE,aAAa;YAC1B,YAAY,EAAE,cAAc;SAC7B,CAAC;QACF,OAAO,GAAG,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;IACjC,CAAC;IAEO,wBAAwB,CAAC,KAAa;QAC5C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACjE,MAAM,GAAG,GAA2B;YAClC,UAAU,EAAE,YAAY;YACxB,QAAQ,EAAE,UAAU;YACpB,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,OAAO;SACf,CAAC;QACF,OAAO,GAAG,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -4,10 +4,88 @@
|
|
|
4
4
|
* Null handling semantics:
|
|
5
5
|
* - Scope predicate builtins (has_scope, has_any_scope, has_all_scopes)
|
|
6
6
|
* return `false` when passed `null` for required args.
|
|
7
|
+
* - Security predicate builtins (is_signed, is_encrypted, is_encrypted_at_least)
|
|
8
|
+
* return `false` when the envelope lacks the required security posture.
|
|
7
9
|
* - Wrong non-null types still raise BuiltinError to surface real bugs.
|
|
8
10
|
*/
|
|
9
11
|
import { BUILTIN_FUNCTIONS, getTypeName, } from "../../../expr/index.js";
|
|
10
12
|
import { BuiltinError } from "../../../expr/errors.js";
|
|
13
|
+
/**
|
|
14
|
+
* Valid encryption levels for is_encrypted_at_least comparisons.
|
|
15
|
+
*/
|
|
16
|
+
const VALID_ENCRYPTION_LEVELS = [
|
|
17
|
+
"plaintext",
|
|
18
|
+
"channel",
|
|
19
|
+
"sealed",
|
|
20
|
+
];
|
|
21
|
+
/**
|
|
22
|
+
* Encryption level ordering for comparison.
|
|
23
|
+
* Higher number = stronger encryption.
|
|
24
|
+
*/
|
|
25
|
+
const ENCRYPTION_LEVEL_ORDER = {
|
|
26
|
+
plaintext: 0,
|
|
27
|
+
channel: 1,
|
|
28
|
+
sealed: 2,
|
|
29
|
+
};
|
|
30
|
+
/**
|
|
31
|
+
* Normalizes an encryption algorithm string to an EncryptionLevel.
|
|
32
|
+
*
|
|
33
|
+
* Mapping rules:
|
|
34
|
+
* - null/undefined => "plaintext" (no encryption present)
|
|
35
|
+
* - alg contains "-channel" => "channel" (e.g., "chacha20-poly1305-channel")
|
|
36
|
+
* - alg contains "-sealed" => "sealed" (explicit sealed marker)
|
|
37
|
+
* - alg matches ECDH-ES pattern with AEAD cipher => "sealed" (e.g., "ECDH-ES+A256GCM")
|
|
38
|
+
* - otherwise => "unknown"
|
|
39
|
+
*
|
|
40
|
+
* Currently supported algorithms:
|
|
41
|
+
* - Channel: "chacha20-poly1305-channel"
|
|
42
|
+
* - Sealed: "ECDH-ES+A256GCM"
|
|
43
|
+
*
|
|
44
|
+
* This helper is centralized to ensure consistent mapping across TS and Python.
|
|
45
|
+
*/
|
|
46
|
+
export function normalizeEncryptionLevelFromAlg(alg) {
|
|
47
|
+
if (alg === null || alg === undefined) {
|
|
48
|
+
return "plaintext";
|
|
49
|
+
}
|
|
50
|
+
const algLower = alg.toLowerCase();
|
|
51
|
+
// Check for channel encryption (e.g., "chacha20-poly1305-channel")
|
|
52
|
+
// Must check before other patterns since channel suffix is explicit
|
|
53
|
+
if (algLower.includes("-channel")) {
|
|
54
|
+
return "channel";
|
|
55
|
+
}
|
|
56
|
+
// Check for explicit sealed marker
|
|
57
|
+
if (algLower.includes("-sealed")) {
|
|
58
|
+
return "sealed";
|
|
59
|
+
}
|
|
60
|
+
// ECDH-ES key agreement with AEAD cipher => sealed encryption
|
|
61
|
+
// Pattern: "ECDH-ES+A256GCM", "ECDH-ES+A128GCM", etc.
|
|
62
|
+
if (algLower.startsWith("ecdh-es") && algLower.includes("+a")) {
|
|
63
|
+
return "sealed";
|
|
64
|
+
}
|
|
65
|
+
return "unknown";
|
|
66
|
+
}
|
|
67
|
+
/**
|
|
68
|
+
* Creates security bindings from an envelope's sec header.
|
|
69
|
+
* Exposes only metadata, never raw values like sig.val or enc.val.
|
|
70
|
+
*/
|
|
71
|
+
export function createSecurityBindings(sec) {
|
|
72
|
+
const sigPresent = sec?.sig !== undefined;
|
|
73
|
+
const encPresent = sec?.enc !== undefined;
|
|
74
|
+
return {
|
|
75
|
+
sig: {
|
|
76
|
+
present: sigPresent,
|
|
77
|
+
kid: sec?.sig?.kid ?? null,
|
|
78
|
+
},
|
|
79
|
+
enc: {
|
|
80
|
+
present: encPresent,
|
|
81
|
+
alg: sec?.enc?.alg ?? null,
|
|
82
|
+
kid: sec?.enc?.kid ?? null,
|
|
83
|
+
level: encPresent
|
|
84
|
+
? normalizeEncryptionLevelFromAlg(sec?.enc?.alg ?? null)
|
|
85
|
+
: "plaintext",
|
|
86
|
+
},
|
|
87
|
+
};
|
|
88
|
+
}
|
|
11
89
|
/**
|
|
12
90
|
* Checks if a value is null.
|
|
13
91
|
*/
|
|
@@ -16,9 +94,21 @@ function isNull(value) {
|
|
|
16
94
|
}
|
|
17
95
|
/**
|
|
18
96
|
* Creates a function registry with auth helpers installed.
|
|
97
|
+
*
|
|
98
|
+
* This registry extends the base builtins with:
|
|
99
|
+
* - Scope builtins: has_scope, has_any_scope, has_all_scopes
|
|
100
|
+
* - Security builtins: is_signed, encryption_level, is_encrypted, is_encrypted_at_least
|
|
19
101
|
*/
|
|
20
|
-
export function createAuthFunctionRegistry(
|
|
21
|
-
|
|
102
|
+
export function createAuthFunctionRegistry(grantedScopesOrOptions = []) {
|
|
103
|
+
// Handle both old signature (array) and new signature (options object)
|
|
104
|
+
const options = Array.isArray(grantedScopesOrOptions)
|
|
105
|
+
? { grantedScopes: grantedScopesOrOptions }
|
|
106
|
+
: grantedScopesOrOptions;
|
|
107
|
+
const scopes = options.grantedScopes ?? [];
|
|
108
|
+
const secBindings = options.securityBindings ?? {
|
|
109
|
+
sig: { present: false, kid: null },
|
|
110
|
+
enc: { present: false, alg: null, kid: null, level: "plaintext" },
|
|
111
|
+
};
|
|
22
112
|
/**
|
|
23
113
|
* Checks if any granted scope matches a pattern (using glob syntax).
|
|
24
114
|
*/
|
|
@@ -74,11 +164,85 @@ export function createAuthFunctionRegistry(grantedScopes = []) {
|
|
|
74
164
|
}
|
|
75
165
|
return values.every((scope) => matchesScope(scope));
|
|
76
166
|
};
|
|
167
|
+
// ============================================================
|
|
168
|
+
// Security posture builtins
|
|
169
|
+
// ============================================================
|
|
170
|
+
/**
|
|
171
|
+
* is_signed() -> bool
|
|
172
|
+
*
|
|
173
|
+
* Returns true if the envelope has a signature present.
|
|
174
|
+
* No arguments required.
|
|
175
|
+
*/
|
|
176
|
+
const is_signed = (args) => {
|
|
177
|
+
assertArgCount(args, 0, "is_signed");
|
|
178
|
+
return secBindings.sig.present;
|
|
179
|
+
};
|
|
180
|
+
/**
|
|
181
|
+
* encryption_level() -> string
|
|
182
|
+
*
|
|
183
|
+
* Returns the normalized encryption level: "plaintext" | "channel" | "sealed" | "unknown"
|
|
184
|
+
* No arguments required.
|
|
185
|
+
*/
|
|
186
|
+
const encryption_level = (args) => {
|
|
187
|
+
assertArgCount(args, 0, "encryption_level");
|
|
188
|
+
return secBindings.enc.level;
|
|
189
|
+
};
|
|
190
|
+
/**
|
|
191
|
+
* is_encrypted() -> bool
|
|
192
|
+
*
|
|
193
|
+
* Returns true if the encryption level is not "plaintext".
|
|
194
|
+
* This means the envelope has some form of encryption (channel, sealed, or unknown).
|
|
195
|
+
* No arguments required.
|
|
196
|
+
*/
|
|
197
|
+
const is_encrypted = (args) => {
|
|
198
|
+
assertArgCount(args, 0, "is_encrypted");
|
|
199
|
+
return secBindings.enc.level !== "plaintext";
|
|
200
|
+
};
|
|
201
|
+
/**
|
|
202
|
+
* is_encrypted_at_least(level: string) -> bool
|
|
203
|
+
*
|
|
204
|
+
* Returns true if the envelope's encryption level meets or exceeds the required level.
|
|
205
|
+
*
|
|
206
|
+
* Level ordering: plaintext < channel < sealed
|
|
207
|
+
*
|
|
208
|
+
* Special handling:
|
|
209
|
+
* - "unknown" encryption level does NOT satisfy "channel" or "sealed" (conservative)
|
|
210
|
+
* - "plaintext" is always satisfied (any envelope meets at least plaintext)
|
|
211
|
+
* - null argument => false (predicate-style)
|
|
212
|
+
* - invalid level string => BuiltinError
|
|
213
|
+
*/
|
|
214
|
+
const is_encrypted_at_least = (args) => {
|
|
215
|
+
assertArgCount(args, 1, "is_encrypted_at_least");
|
|
216
|
+
const requiredLevel = getArg(args, 0, "is_encrypted_at_least");
|
|
217
|
+
// Null-tolerant: return false if level is null
|
|
218
|
+
if (!assertStringOrNull(requiredLevel, "level", "is_encrypted_at_least")) {
|
|
219
|
+
return false;
|
|
220
|
+
}
|
|
221
|
+
// Validate required level
|
|
222
|
+
if (!VALID_ENCRYPTION_LEVELS.includes(requiredLevel)) {
|
|
223
|
+
throw new BuiltinError("is_encrypted_at_least", `level must be one of: ${VALID_ENCRYPTION_LEVELS.join(", ")}; got "${requiredLevel}"`);
|
|
224
|
+
}
|
|
225
|
+
const currentLevel = secBindings.enc.level;
|
|
226
|
+
const requiredOrder = ENCRYPTION_LEVEL_ORDER[requiredLevel] ?? 0;
|
|
227
|
+
const currentOrder = ENCRYPTION_LEVEL_ORDER[currentLevel];
|
|
228
|
+
// If current level is "unknown", it only satisfies "plaintext"
|
|
229
|
+
if (currentOrder === undefined) {
|
|
230
|
+
// "unknown" is treated as NOT meeting channel/sealed requirements
|
|
231
|
+
return requiredOrder === 0; // Only plaintext is satisfied by unknown
|
|
232
|
+
}
|
|
233
|
+
return currentOrder >= requiredOrder;
|
|
234
|
+
};
|
|
77
235
|
return new Map([
|
|
78
236
|
...BUILTIN_FUNCTIONS,
|
|
237
|
+
// Scope builtins
|
|
79
238
|
["has_scope", has_scope],
|
|
80
239
|
["has_any_scope", has_any_scope],
|
|
81
240
|
["has_all_scopes", has_all_scopes],
|
|
241
|
+
// Security posture builtins
|
|
242
|
+
["is_signed", is_signed],
|
|
243
|
+
["encryption_level", encryption_level],
|
|
244
|
+
["is_encrypted", is_encrypted],
|
|
245
|
+
["is_encrypted_at_least", is_encrypted_at_least],
|
|
82
246
|
]);
|
|
83
247
|
}
|
|
84
248
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"expr-builtins.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/expr-builtins.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"expr-builtins.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/expr-builtins.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,iBAAiB,EACjB,WAAW,GAIZ,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAOvD;;GAEG;AACH,MAAM,uBAAuB,GAAsB;IACjD,WAAW;IACX,SAAS;IACT,QAAQ;CACT,CAAC;AAEF;;;GAGG;AACH,MAAM,sBAAsB,GAA2B;IACrD,SAAS,EAAE,CAAC;IACZ,OAAO,EAAE,CAAC;IACV,MAAM,EAAE,CAAC;CACV,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,+BAA+B,CAC7C,GAA8B;IAE9B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtC,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEnC,mEAAmE;IACnE,oEAAoE;IACpE,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,mCAAmC;IACnC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,8DAA8D;IAC9D,sDAAsD;IACtD,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9D,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAmBD;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CACpC,GAAiF;IAEjF,MAAM,UAAU,GAAG,GAAG,EAAE,GAAG,KAAK,SAAS,CAAC;IAC1C,MAAM,UAAU,GAAG,GAAG,EAAE,GAAG,KAAK,SAAS,CAAC;IAE1C,OAAO;QACL,GAAG,EAAE;YACH,OAAO,EAAE,UAAU;YACnB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI;SAC3B;QACD,GAAG,EAAE;YACH,OAAO,EAAE,UAAU;YACnB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI;YAC1B,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI;YAC1B,KAAK,EAAE,UAAU;gBACf,CAAC,CAAC,+BAA+B,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC;gBACxD,CAAC,CAAC,WAAW;SAChB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,MAAM,CAAC,KAAgB;IAC9B,OAAO,KAAK,KAAK,IAAI,CAAC;AACxB,CAAC;AAkBD;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CACxC,yBAA0E,EAAE;IAE5E,uEAAuE;IACvE,MAAM,OAAO,GAAgC,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAC;QAChF,CAAC,CAAC,EAAE,aAAa,EAAE,sBAA2C,EAAE;QAChE,CAAC,CAAC,sBAAqD,CAAC;IAE1D,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;IAC3C,MAAM,WAAW,GAAG,OAAO,CAAC,gBAAgB,IAAI;QAC9C,GAAG,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE;QAClC,GAAG,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,WAAoB,EAAE;KAC3E,CAAC;IAEF;;OAEG;IACH,MAAM,YAAY,GAAG,CAAC,KAAa,EAAW,EAAE;QAC9C,+CAA+C;QAC/C,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,SAAS,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC1C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QAC3C,+CAA+C;QAC/C,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,CAAC;YAAE,OAAO,KAAK,CAAC;QACnE,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,aAAa,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC9C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,eAAe,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,eAAe,CAAC,CAAC;QAChD,gDAAgD;QAChD,IAAI,CAAC,uBAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,eAAe,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9E,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;IACrD,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,cAAc,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC/C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,gBAAgB,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACjD,gDAAgD;QAChD,IAAI,CAAC,uBAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/E,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC;IAEF,+DAA+D;IAC/D,4BAA4B;IAC5B,+DAA+D;IAE/D;;;;;OAKG;IACH,MAAM,SAAS,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC1C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QACrC,OAAO,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC;IACjC,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,gBAAgB,GAAoB,CAAC,IAAI,EAAE,EAAE;QACjD,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,kBAAkB,CAAC,CAAC;QAC5C,OAAO,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC;IAC/B,CAAC,CAAC;IAEF;;;;;;OAMG;IACH,MAAM,YAAY,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC7C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,cAAc,CAAC,CAAC;QACxC,OAAO,WAAW,CAAC,GAAG,CAAC,KAAK,KAAK,WAAW,CAAC;IAC/C,CAAC,CAAC;IAEF;;;;;;;;;;;;OAYG;IACH,MAAM,qBAAqB,GAAoB,CAAC,IAAI,EAAE,EAAE;QACtD,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,uBAAuB,CAAC,CAAC;QACjD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,uBAAuB,CAAC,CAAC;QAE/D,+CAA+C;QAC/C,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,OAAO,EAAE,uBAAuB,CAAC,EAAE,CAAC;YACzE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,0BAA0B;QAC1B,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,YAAY,CACpB,uBAAuB,EACvB,yBAAyB,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,aAAa,GAAG,CACtF,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC;QAC3C,MAAM,aAAa,GAAG,sBAAsB,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACjE,MAAM,YAAY,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAC;QAE1D,+DAA+D;QAC/D,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC/B,kEAAkE;YAClE,OAAO,aAAa,KAAK,CAAC,CAAC,CAAC,yCAAyC;QACvE,CAAC;QAED,OAAO,YAAY,IAAI,aAAa,CAAC;IACvC,CAAC,CAAC;IAEF,OAAO,IAAI,GAAG,CAA0B;QACtC,GAAG,iBAAiB;QACpB,iBAAiB;QACjB,CAAC,WAAW,EAAE,SAAS,CAAC;QACxB,CAAC,eAAe,EAAE,aAAa,CAAC;QAChC,CAAC,gBAAgB,EAAE,cAAc,CAAC;QAClC,4BAA4B;QAC5B,CAAC,WAAW,EAAE,SAAS,CAAC;QACxB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;QACtC,CAAC,cAAc,EAAE,YAAY,CAAC;QAC9B,CAAC,uBAAuB,EAAE,qBAAqB,CAAC;KACjD,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,KAAgB,EAChB,OAAe,EACf,YAAoB;IAEpB,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,GAAG,OAAO,0BAA0B,WAAW,CAAC,KAAK,CAAC,EAAE,CACzD,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,uBAAuB,CAC9B,KAAgB,EAChB,OAAe,EACf,YAAoB;IAEpB,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,GAAG,OAAO,qCAAqC,WAAW,CAAC,KAAK,CAAC,EAAE,CACpE,CAAC;IACJ,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,GAAG,OAAO,IAAI,CAAC,2BAA2B,WAAW,CAAC,KAAK,CAAC,CAAC,CAAc,CAAC,EAAE,CAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,MAAM,CACb,IAA0B,EAC1B,KAAa,EACb,YAAoB;IAEpB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,6BAA6B,KAAK,EAAE,CACrC,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CACrB,IAA0B,EAC1B,QAAgB,EAChB,YAAoB;IAEpB,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,YAAY,QAAQ,qBAAqB,IAAI,CAAC,MAAM,EAAE,CACvD,CAAC;IACJ,CAAC;AACH,CAAC"}
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
* @packageDocumentation
|
|
8
8
|
*/
|
|
9
9
|
// Auth expression helpers
|
|
10
|
-
export { createAuthFunctionRegistry } from "./expr-builtins.js";
|
|
10
|
+
export { createAuthFunctionRegistry, createSecurityBindings, normalizeEncryptionLevelFromAlg, } from "./expr-builtins.js";
|
|
11
11
|
// Expression authorization policy
|
|
12
12
|
export { AdvancedAuthorizationPolicy, } from "./advanced-authorization-policy.js";
|
|
13
13
|
// Factory
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,0BAA0B;AAC1B,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,0BAA0B;AAC1B,OAAO,EACL,0BAA0B,EAC1B,sBAAsB,EACtB,+BAA+B,GAIhC,MAAM,oBAAoB,CAAC;AAE5B,kCAAkC;AAClC,OAAO,EACL,2BAA2B,GAE5B,MAAM,oCAAoC,CAAC;AAE5C,UAAU;AACV,OAAO,EACL,kCAAkC,EAClC,YAAY,IAAI,0CAA0C,GAE3D,MAAM,4CAA4C,CAAC"}
|
package/dist/esm/version.js
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
// This file is auto-generated during build - do not edit manually
|
|
2
|
-
// Generated from package.json version: 0.4.
|
|
2
|
+
// Generated from package.json version: 0.4.5
|
|
3
3
|
/**
|
|
4
4
|
* The package version, injected at build time.
|
|
5
5
|
* @internal
|
|
6
6
|
*/
|
|
7
|
-
export const VERSION = '0.4.
|
|
7
|
+
export const VERSION = '0.4.5';
|
|
8
8
|
//# sourceMappingURL=version.js.map
|
package/dist/node/index.cjs
CHANGED
|
@@ -8,7 +8,7 @@ var asn1X509 = require('@peculiar/asn1-x509');
|
|
|
8
8
|
var ed25519 = require('@noble/ed25519');
|
|
9
9
|
var sha2_js = require('@noble/hashes/sha2.js');
|
|
10
10
|
var core = require('@naylence/core');
|
|
11
|
-
var
|
|
11
|
+
var sha2 = require('@noble/hashes/sha2');
|
|
12
12
|
var chacha_js = require('@noble/ciphers/chacha.js');
|
|
13
13
|
var ed25519_js = require('@noble/curves/ed25519.js');
|
|
14
14
|
var hkdf_js = require('@noble/hashes/hkdf.js');
|
|
@@ -18,12 +18,12 @@ var sha256_js = require('@noble/hashes/sha256.js');
|
|
|
18
18
|
var x509 = require('@peculiar/x509');
|
|
19
19
|
|
|
20
20
|
// This file is auto-generated during build - do not edit manually
|
|
21
|
-
// Generated from package.json version: 0.4.
|
|
21
|
+
// Generated from package.json version: 0.4.5
|
|
22
22
|
/**
|
|
23
23
|
* The package version, injected at build time.
|
|
24
24
|
* @internal
|
|
25
25
|
*/
|
|
26
|
-
const VERSION = '0.4.
|
|
26
|
+
const VERSION = '0.4.5';
|
|
27
27
|
|
|
28
28
|
/**
|
|
29
29
|
* Abstract Syntax Tree (AST) node types for the expression language.
|
|
@@ -1384,7 +1384,7 @@ const secure_hash = (args) => {
|
|
|
1384
1384
|
}
|
|
1385
1385
|
// Use generateFingerprintSync from @naylence/core
|
|
1386
1386
|
// This provides SHA-256 hashing, base62 encoding, and profanity filtering
|
|
1387
|
-
return core.generateFingerprintSync(input_str, length,
|
|
1387
|
+
return core.generateFingerprintSync(input_str, length, sha2.sha256);
|
|
1388
1388
|
};
|
|
1389
1389
|
// ============================================================
|
|
1390
1390
|
// Pattern Helpers (BSL-only)
|
|
@@ -1948,8 +1948,86 @@ function evaluateAsBoolean(ast, context) {
|
|
|
1948
1948
|
* Null handling semantics:
|
|
1949
1949
|
* - Scope predicate builtins (has_scope, has_any_scope, has_all_scopes)
|
|
1950
1950
|
* return `false` when passed `null` for required args.
|
|
1951
|
+
* - Security predicate builtins (is_signed, is_encrypted, is_encrypted_at_least)
|
|
1952
|
+
* return `false` when the envelope lacks the required security posture.
|
|
1951
1953
|
* - Wrong non-null types still raise BuiltinError to surface real bugs.
|
|
1952
1954
|
*/
|
|
1955
|
+
/**
|
|
1956
|
+
* Valid encryption levels for is_encrypted_at_least comparisons.
|
|
1957
|
+
*/
|
|
1958
|
+
const VALID_ENCRYPTION_LEVELS = [
|
|
1959
|
+
"plaintext",
|
|
1960
|
+
"channel",
|
|
1961
|
+
"sealed",
|
|
1962
|
+
];
|
|
1963
|
+
/**
|
|
1964
|
+
* Encryption level ordering for comparison.
|
|
1965
|
+
* Higher number = stronger encryption.
|
|
1966
|
+
*/
|
|
1967
|
+
const ENCRYPTION_LEVEL_ORDER = {
|
|
1968
|
+
plaintext: 0,
|
|
1969
|
+
channel: 1,
|
|
1970
|
+
sealed: 2,
|
|
1971
|
+
};
|
|
1972
|
+
/**
|
|
1973
|
+
* Normalizes an encryption algorithm string to an EncryptionLevel.
|
|
1974
|
+
*
|
|
1975
|
+
* Mapping rules:
|
|
1976
|
+
* - null/undefined => "plaintext" (no encryption present)
|
|
1977
|
+
* - alg contains "-channel" => "channel" (e.g., "chacha20-poly1305-channel")
|
|
1978
|
+
* - alg contains "-sealed" => "sealed" (explicit sealed marker)
|
|
1979
|
+
* - alg matches ECDH-ES pattern with AEAD cipher => "sealed" (e.g., "ECDH-ES+A256GCM")
|
|
1980
|
+
* - otherwise => "unknown"
|
|
1981
|
+
*
|
|
1982
|
+
* Currently supported algorithms:
|
|
1983
|
+
* - Channel: "chacha20-poly1305-channel"
|
|
1984
|
+
* - Sealed: "ECDH-ES+A256GCM"
|
|
1985
|
+
*
|
|
1986
|
+
* This helper is centralized to ensure consistent mapping across TS and Python.
|
|
1987
|
+
*/
|
|
1988
|
+
function normalizeEncryptionLevelFromAlg(alg) {
|
|
1989
|
+
if (alg === null || alg === undefined) {
|
|
1990
|
+
return "plaintext";
|
|
1991
|
+
}
|
|
1992
|
+
const algLower = alg.toLowerCase();
|
|
1993
|
+
// Check for channel encryption (e.g., "chacha20-poly1305-channel")
|
|
1994
|
+
// Must check before other patterns since channel suffix is explicit
|
|
1995
|
+
if (algLower.includes("-channel")) {
|
|
1996
|
+
return "channel";
|
|
1997
|
+
}
|
|
1998
|
+
// Check for explicit sealed marker
|
|
1999
|
+
if (algLower.includes("-sealed")) {
|
|
2000
|
+
return "sealed";
|
|
2001
|
+
}
|
|
2002
|
+
// ECDH-ES key agreement with AEAD cipher => sealed encryption
|
|
2003
|
+
// Pattern: "ECDH-ES+A256GCM", "ECDH-ES+A128GCM", etc.
|
|
2004
|
+
if (algLower.startsWith("ecdh-es") && algLower.includes("+a")) {
|
|
2005
|
+
return "sealed";
|
|
2006
|
+
}
|
|
2007
|
+
return "unknown";
|
|
2008
|
+
}
|
|
2009
|
+
/**
|
|
2010
|
+
* Creates security bindings from an envelope's sec header.
|
|
2011
|
+
* Exposes only metadata, never raw values like sig.val or enc.val.
|
|
2012
|
+
*/
|
|
2013
|
+
function createSecurityBindings(sec) {
|
|
2014
|
+
const sigPresent = sec?.sig !== undefined;
|
|
2015
|
+
const encPresent = sec?.enc !== undefined;
|
|
2016
|
+
return {
|
|
2017
|
+
sig: {
|
|
2018
|
+
present: sigPresent,
|
|
2019
|
+
kid: sec?.sig?.kid ?? null,
|
|
2020
|
+
},
|
|
2021
|
+
enc: {
|
|
2022
|
+
present: encPresent,
|
|
2023
|
+
alg: sec?.enc?.alg ?? null,
|
|
2024
|
+
kid: sec?.enc?.kid ?? null,
|
|
2025
|
+
level: encPresent
|
|
2026
|
+
? normalizeEncryptionLevelFromAlg(sec?.enc?.alg ?? null)
|
|
2027
|
+
: "plaintext",
|
|
2028
|
+
},
|
|
2029
|
+
};
|
|
2030
|
+
}
|
|
1953
2031
|
/**
|
|
1954
2032
|
* Checks if a value is null.
|
|
1955
2033
|
*/
|
|
@@ -1958,9 +2036,21 @@ function isNull(value) {
|
|
|
1958
2036
|
}
|
|
1959
2037
|
/**
|
|
1960
2038
|
* Creates a function registry with auth helpers installed.
|
|
2039
|
+
*
|
|
2040
|
+
* This registry extends the base builtins with:
|
|
2041
|
+
* - Scope builtins: has_scope, has_any_scope, has_all_scopes
|
|
2042
|
+
* - Security builtins: is_signed, encryption_level, is_encrypted, is_encrypted_at_least
|
|
1961
2043
|
*/
|
|
1962
|
-
function createAuthFunctionRegistry(
|
|
1963
|
-
|
|
2044
|
+
function createAuthFunctionRegistry(grantedScopesOrOptions = []) {
|
|
2045
|
+
// Handle both old signature (array) and new signature (options object)
|
|
2046
|
+
const options = Array.isArray(grantedScopesOrOptions)
|
|
2047
|
+
? { grantedScopes: grantedScopesOrOptions }
|
|
2048
|
+
: grantedScopesOrOptions;
|
|
2049
|
+
const scopes = options.grantedScopes ?? [];
|
|
2050
|
+
const secBindings = options.securityBindings ?? {
|
|
2051
|
+
sig: { present: false},
|
|
2052
|
+
enc: { level: "plaintext" },
|
|
2053
|
+
};
|
|
1964
2054
|
/**
|
|
1965
2055
|
* Checks if any granted scope matches a pattern (using glob syntax).
|
|
1966
2056
|
*/
|
|
@@ -2016,11 +2106,85 @@ function createAuthFunctionRegistry(grantedScopes = []) {
|
|
|
2016
2106
|
}
|
|
2017
2107
|
return values.every((scope) => matchesScope(scope));
|
|
2018
2108
|
};
|
|
2109
|
+
// ============================================================
|
|
2110
|
+
// Security posture builtins
|
|
2111
|
+
// ============================================================
|
|
2112
|
+
/**
|
|
2113
|
+
* is_signed() -> bool
|
|
2114
|
+
*
|
|
2115
|
+
* Returns true if the envelope has a signature present.
|
|
2116
|
+
* No arguments required.
|
|
2117
|
+
*/
|
|
2118
|
+
const is_signed = (args) => {
|
|
2119
|
+
assertArgCount(args, 0, "is_signed");
|
|
2120
|
+
return secBindings.sig.present;
|
|
2121
|
+
};
|
|
2122
|
+
/**
|
|
2123
|
+
* encryption_level() -> string
|
|
2124
|
+
*
|
|
2125
|
+
* Returns the normalized encryption level: "plaintext" | "channel" | "sealed" | "unknown"
|
|
2126
|
+
* No arguments required.
|
|
2127
|
+
*/
|
|
2128
|
+
const encryption_level = (args) => {
|
|
2129
|
+
assertArgCount(args, 0, "encryption_level");
|
|
2130
|
+
return secBindings.enc.level;
|
|
2131
|
+
};
|
|
2132
|
+
/**
|
|
2133
|
+
* is_encrypted() -> bool
|
|
2134
|
+
*
|
|
2135
|
+
* Returns true if the encryption level is not "plaintext".
|
|
2136
|
+
* This means the envelope has some form of encryption (channel, sealed, or unknown).
|
|
2137
|
+
* No arguments required.
|
|
2138
|
+
*/
|
|
2139
|
+
const is_encrypted = (args) => {
|
|
2140
|
+
assertArgCount(args, 0, "is_encrypted");
|
|
2141
|
+
return secBindings.enc.level !== "plaintext";
|
|
2142
|
+
};
|
|
2143
|
+
/**
|
|
2144
|
+
* is_encrypted_at_least(level: string) -> bool
|
|
2145
|
+
*
|
|
2146
|
+
* Returns true if the envelope's encryption level meets or exceeds the required level.
|
|
2147
|
+
*
|
|
2148
|
+
* Level ordering: plaintext < channel < sealed
|
|
2149
|
+
*
|
|
2150
|
+
* Special handling:
|
|
2151
|
+
* - "unknown" encryption level does NOT satisfy "channel" or "sealed" (conservative)
|
|
2152
|
+
* - "plaintext" is always satisfied (any envelope meets at least plaintext)
|
|
2153
|
+
* - null argument => false (predicate-style)
|
|
2154
|
+
* - invalid level string => BuiltinError
|
|
2155
|
+
*/
|
|
2156
|
+
const is_encrypted_at_least = (args) => {
|
|
2157
|
+
assertArgCount(args, 1, "is_encrypted_at_least");
|
|
2158
|
+
const requiredLevel = getArg(args, 0, "is_encrypted_at_least");
|
|
2159
|
+
// Null-tolerant: return false if level is null
|
|
2160
|
+
if (!assertStringOrNull(requiredLevel, "level", "is_encrypted_at_least")) {
|
|
2161
|
+
return false;
|
|
2162
|
+
}
|
|
2163
|
+
// Validate required level
|
|
2164
|
+
if (!VALID_ENCRYPTION_LEVELS.includes(requiredLevel)) {
|
|
2165
|
+
throw new BuiltinError("is_encrypted_at_least", `level must be one of: ${VALID_ENCRYPTION_LEVELS.join(", ")}; got "${requiredLevel}"`);
|
|
2166
|
+
}
|
|
2167
|
+
const currentLevel = secBindings.enc.level;
|
|
2168
|
+
const requiredOrder = ENCRYPTION_LEVEL_ORDER[requiredLevel] ?? 0;
|
|
2169
|
+
const currentOrder = ENCRYPTION_LEVEL_ORDER[currentLevel];
|
|
2170
|
+
// If current level is "unknown", it only satisfies "plaintext"
|
|
2171
|
+
if (currentOrder === undefined) {
|
|
2172
|
+
// "unknown" is treated as NOT meeting channel/sealed requirements
|
|
2173
|
+
return requiredOrder === 0; // Only plaintext is satisfied by unknown
|
|
2174
|
+
}
|
|
2175
|
+
return currentOrder >= requiredOrder;
|
|
2176
|
+
};
|
|
2019
2177
|
return new Map([
|
|
2020
2178
|
...BUILTIN_FUNCTIONS,
|
|
2179
|
+
// Scope builtins
|
|
2021
2180
|
["has_scope", has_scope],
|
|
2022
2181
|
["has_any_scope", has_any_scope],
|
|
2023
2182
|
["has_all_scopes", has_all_scopes],
|
|
2183
|
+
// Security posture builtins
|
|
2184
|
+
["is_signed", is_signed],
|
|
2185
|
+
["encryption_level", encryption_level],
|
|
2186
|
+
["is_encrypted", is_encrypted],
|
|
2187
|
+
["is_encrypted_at_least", is_encrypted_at_least],
|
|
2024
2188
|
]);
|
|
2025
2189
|
}
|
|
2026
2190
|
/**
|
|
@@ -2163,19 +2327,33 @@ function extractClaims(context) {
|
|
|
2163
2327
|
}
|
|
2164
2328
|
/**
|
|
2165
2329
|
* Creates a safe envelope subset for expression bindings.
|
|
2330
|
+
*
|
|
2331
|
+
* Exposes:
|
|
2332
|
+
* - id, sid, traceId, corrId, flowId, to
|
|
2333
|
+
* - frame: { type }
|
|
2334
|
+
* - sec: { sig: { present, kid }, enc: { present, alg, kid, level } }
|
|
2335
|
+
*
|
|
2336
|
+
* IMPORTANT: Does NOT expose raw security values (sig.val, enc.val).
|
|
2166
2337
|
*/
|
|
2167
2338
|
function createEnvelopeBindings(envelope) {
|
|
2168
2339
|
const frame = envelope.frame;
|
|
2169
2340
|
const envelopeRecord = envelope;
|
|
2341
|
+
const sec = envelopeRecord.sec;
|
|
2342
|
+
const securityBindings = createSecurityBindings(sec);
|
|
2170
2343
|
return {
|
|
2171
|
-
|
|
2172
|
-
|
|
2173
|
-
|
|
2174
|
-
|
|
2175
|
-
|
|
2176
|
-
|
|
2177
|
-
|
|
2178
|
-
:
|
|
2344
|
+
bindings: {
|
|
2345
|
+
id: envelope.id ?? null,
|
|
2346
|
+
sid: envelopeRecord.sid ?? null,
|
|
2347
|
+
traceId: envelopeRecord.traceId ?? null,
|
|
2348
|
+
corrId: envelopeRecord.corrId ?? null,
|
|
2349
|
+
flowId: envelopeRecord.flowId ?? null,
|
|
2350
|
+
to: extractAddress(envelope) ?? null,
|
|
2351
|
+
frame: frame
|
|
2352
|
+
? { type: frame.type ?? null }
|
|
2353
|
+
: { type: null },
|
|
2354
|
+
sec: securityBindings,
|
|
2355
|
+
},
|
|
2356
|
+
securityBindings,
|
|
2179
2357
|
};
|
|
2180
2358
|
}
|
|
2181
2359
|
/**
|
|
@@ -2329,11 +2507,12 @@ class AdvancedAuthorizationPolicy {
|
|
|
2329
2507
|
continue;
|
|
2330
2508
|
}
|
|
2331
2509
|
if (rule.whenAst) {
|
|
2332
|
-
// Lazy initialization of expression bindings
|
|
2510
|
+
// Lazy initialization of expression bindings and security context
|
|
2333
2511
|
if (!expressionBindings) {
|
|
2512
|
+
const envelopeResult = createEnvelopeBindings(envelope);
|
|
2334
2513
|
expressionBindings = {
|
|
2335
2514
|
claims: extractClaims(context),
|
|
2336
|
-
envelope:
|
|
2515
|
+
envelope: envelopeResult.bindings,
|
|
2337
2516
|
delivery: createDeliveryBindings(context, resolvedAction),
|
|
2338
2517
|
node: createNodeBindings(node),
|
|
2339
2518
|
time: {
|
|
@@ -2341,9 +2520,13 @@ class AdvancedAuthorizationPolicy {
|
|
|
2341
2520
|
now_iso: new Date().toISOString(),
|
|
2342
2521
|
},
|
|
2343
2522
|
};
|
|
2523
|
+
// Create function registry with security bindings for security builtins
|
|
2524
|
+
functionRegistry = createAuthFunctionRegistry({
|
|
2525
|
+
grantedScopes,
|
|
2526
|
+
securityBindings: envelopeResult.securityBindings,
|
|
2527
|
+
});
|
|
2344
2528
|
}
|
|
2345
|
-
const functions = functionRegistry
|
|
2346
|
-
functionRegistry = functions;
|
|
2529
|
+
const functions = functionRegistry;
|
|
2347
2530
|
const evalContext = {
|
|
2348
2531
|
bindings: expressionBindings,
|
|
2349
2532
|
limits: this.expressionLimits,
|
|
@@ -12735,12 +12918,14 @@ exports.createAftSigner = createAftSigner;
|
|
|
12735
12918
|
exports.createAftVerifier = createAftVerifier;
|
|
12736
12919
|
exports.createAuthFunctionRegistry = createAuthFunctionRegistry;
|
|
12737
12920
|
exports.createEd25519Csr = createEd25519Csr;
|
|
12921
|
+
exports.createSecurityBindings = createSecurityBindings;
|
|
12738
12922
|
exports.evaluate = evaluate;
|
|
12739
12923
|
exports.evaluateAsBoolean = evaluateAsBoolean;
|
|
12740
12924
|
exports.extractCertificateInfo = extractCertificateInfo;
|
|
12741
12925
|
exports.formatCertificateInfo = formatCertificateInfo;
|
|
12742
12926
|
exports.getTypeName = getTypeName;
|
|
12743
12927
|
exports.isBuiltinFunction = isBuiltinFunction;
|
|
12928
|
+
exports.normalizeEncryptionLevelFromAlg = normalizeEncryptionLevelFromAlg;
|
|
12744
12929
|
exports.normalizeJsValue = normalizeJsValue;
|
|
12745
12930
|
exports.normalizeStickinessMode = normalizeStickinessMode;
|
|
12746
12931
|
exports.parse = parse;
|