@nsshunt/stsauthclient 1.0.11 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/stsauthclient.mjs +33 -79
  2. package/dist/stsauthclient.mjs.map +1 -1
  3. package/dist/stsauthclient.umd.js +34 -79
  4. package/dist/stsauthclient.umd.js.map +1 -1
  5. package/package.json +1 -1
  6. package/types/authManager.d.ts.map +1 -1
  7. package/types/authutilsnode.d.ts +2 -0
  8. package/types/authutilsnode.d.ts.map +1 -1
  9. package/types/resourceManager.d.ts +4 -10
  10. package/types/resourceManager.d.ts.map +1 -1
  11. package/types/sessionManager.d.ts.map +1 -1
package/dist/stsauthclient.mjs CHANGED
@@ -9,14 +9,13 @@ var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read fr
9
9
  var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
10
10
  var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
11
11
  var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
12
- var _options, _httpsAgent, _logger, _axiosConfig, _accessToken, _cache, _cacheTimeout, _logger2, _cookiejar, _httpsAgent2, _originRegex, _AuthUtilsNode_instances, LogDebugMessage_fn, _GetHttpsAgent;
13
- import https from "node:https";
12
+ var _options, _logger, _agentManager, _cache, _cacheTimeout, _logger2, _cookiejar, _originRegex, _agentManager2, _AuthUtilsNode_instances, LogDebugMessage_fn;
14
13
  import axios from "axios";
14
+ import { AgentManager, STSAxiosConfig, goptions } from "@nsshunt/stsconfig";
15
15
  import tough from "tough-cookie";
16
16
  import jwt from "jsonwebtoken";
17
17
  import { jwtDecode } from "jwt-decode";
18
18
  import jwksClient from "jwks-rsa";
19
- import { goptions } from "@nsshunt/stsconfig";
20
19
  import { GetErrorPayload } from "@nsshunt/stsutils";
21
20
  import chalk from "chalk";
22
21
  import { Gauge } from "@nsshunt/stsobservability";
@@ -92,10 +91,8 @@ const isNode = Object.prototype.toString.call(typeof process !== "undefined" ? p
92
91
  class ResourceManager {
93
92
  constructor(options, logger) {
94
93
  __privateAdd(this, _options);
95
- __privateAdd(this, _httpsAgent, null);
96
94
  __privateAdd(this, _logger);
97
- __privateAdd(this, _axiosConfig, null);
98
- __privateAdd(this, _accessToken, null);
95
+ __privateAdd(this, _agentManager, null);
99
96
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
100
97
  __publicField(this, "GetErrorMessage", (status, error, detail) => {
101
98
  return {
@@ -108,30 +105,20 @@ class ResourceManager {
108
105
  const headers = {
109
106
  "Content-Type": "application/json"
110
107
  };
111
- if (__privateGet(this, _accessToken)) {
108
+ if (access_token) {
112
109
  headers["Authorization"] = `Bearer ${access_token}`;
113
110
  }
114
111
  return headers;
115
112
  });
116
- // Make data be a abstract base class for resources
117
- __publicField(this, "AxiosConfig", (url, httpMethod, data) => {
118
- __privateSet(this, _axiosConfig, {
119
- url,
120
- method: httpMethod,
121
- headers: this.GetHeaders(__privateGet(this, _accessToken)),
122
- timeout: this.options.timeout
123
- });
124
- if (data) {
125
- __privateGet(this, _axiosConfig).data = data;
113
+ __publicField(this, "GetResult", async (accessToken, url, method, requestData, errorCb) => {
114
+ const axiosConfig = new STSAxiosConfig(url, method, this.GetHeaders(accessToken), this.options.timeout);
115
+ if (__privateGet(this, _agentManager)) {
116
+ axiosConfig.withAgentManager(__privateGet(this, _agentManager));
126
117
  }
127
- if (isNode) {
128
- __privateGet(this, _axiosConfig).httpsAgent = this.httpsAgent;
118
+ if (requestData !== null) {
119
+ axiosConfig.withData(requestData);
129
120
  }
130
- return this;
131
- });
132
- __publicField(this, "GetResult", async (errorCb) => {
133
- const axiosConfigSnapshot = __privateGet(this, _axiosConfig);
134
- const data = await axios(axiosConfigSnapshot);
121
+ const data = await axios(axiosConfig);
135
122
  if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {
136
123
  const sessionDataRaw = data.data.detail;
137
124
  if (sessionDataRaw) {
@@ -155,37 +142,22 @@ class ResourceManager {
155
142
  __privateSet(this, _options, options);
156
143
  __privateSet(this, _logger, logger);
157
144
  this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(__privateGet(this, _options))}]`);
158
- if (isNode && __privateGet(this, _options).agentOptions) {
159
- __privateSet(this, _httpsAgent, new https.Agent({
160
- keepAlive: __privateGet(this, _options).agentOptions.keepAlive,
161
- maxSockets: __privateGet(this, _options).agentOptions.maxSockets,
162
- maxTotalSockets: __privateGet(this, _options).agentOptions.maxTotalSockets,
163
- maxFreeSockets: __privateGet(this, _options).agentOptions.maxFreeSockets,
164
- timeout: __privateGet(this, _options).timeout,
165
- rejectUnauthorized: __privateGet(this, _options).agentOptions.rejectUnauthorized
166
- // Allows self-signed certificates if non-production
167
- }));
145
+ if (isNode) {
146
+ if (__privateGet(this, _options).agentOptions) {
147
+ __privateSet(this, _agentManager, new AgentManager({
148
+ agentOptions: __privateGet(this, _options).agentOptions
149
+ }));
150
+ } else {
151
+ __privateSet(this, _agentManager, new AgentManager({}));
152
+ }
168
153
  }
169
154
  }
170
- get httpsAgent() {
171
- return __privateGet(this, _httpsAgent);
155
+ get agentManager() {
156
+ return __privateGet(this, _agentManager);
172
157
  }
173
158
  get options() {
174
159
  return __privateGet(this, _options);
175
160
  }
176
- get axiosConfig() {
177
- return __privateGet(this, _axiosConfig);
178
- }
179
- get accessToken() {
180
- return __privateGet(this, _accessToken);
181
- }
182
- set accessToken(token) {
183
- __privateSet(this, _accessToken, token);
184
- }
185
- SetAccessToken(token) {
186
- this.accessToken = token;
187
- return this;
188
- }
189
161
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
190
162
  LogDebugMessage(message) {
191
163
  __privateGet(this, _logger).debug(message);
@@ -200,16 +172,14 @@ class ResourceManager {
200
172
  }
201
173
  }
202
174
  _options = new WeakMap();
203
- _httpsAgent = new WeakMap();
204
175
  _logger = new WeakMap();
205
- _axiosConfig = new WeakMap();
206
- _accessToken = new WeakMap();
176
+ _agentManager = new WeakMap();
207
177
  class SessionManager extends ResourceManager {
208
178
  constructor(options, logger) {
209
179
  super(options, logger);
210
180
  __publicField(this, "GetSession", async (access_token, sessionId, errorCb) => {
211
181
  try {
212
- return this.SetAccessToken(access_token).AxiosConfig(`${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, "get").GetResult(errorCb);
182
+ return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, "get", null, errorCb);
213
183
  } catch (error) {
214
184
  errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
215
185
  return null;
@@ -221,7 +191,7 @@ class SessionManager extends ResourceManager {
221
191
  errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetSession(): sessionId not provided.", null));
222
192
  return null;
223
193
  }
224
- return this.SetAccessToken(access_token).AxiosConfig(`${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, "patch", session).GetResult(errorCb);
194
+ return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, "patch", session, errorCb);
225
195
  } catch (error) {
226
196
  errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
227
197
  return null;
@@ -236,24 +206,11 @@ class AuthUtilsNode {
236
206
  __privateAdd(this, _cacheTimeout, 1e3);
237
207
  __privateAdd(this, _logger2);
238
208
  __privateAdd(this, _cookiejar);
239
- __privateAdd(this, _httpsAgent2, null);
240
209
  // Regular expression to match the origin
241
210
  __privateAdd(this, _originRegex, /^(api:\/\/\w+)/);
242
- __privateAdd(this, _GetHttpsAgent, () => {
243
- if (__privateGet(this, _httpsAgent2) === null) {
244
- __privateSet(this, _httpsAgent2, new https.Agent({
245
- keepAlive: goptions.keepAlive,
246
- maxSockets: goptions.maxSockets,
247
- maxTotalSockets: goptions.maxTotalSockets,
248
- maxFreeSockets: goptions.maxFreeSockets,
249
- timeout: goptions.timeout,
250
- rejectUnauthorized: false
251
- }));
252
- }
253
- return __privateGet(this, _httpsAgent2);
254
- });
211
+ __privateAdd(this, _agentManager2, new AgentManager({}));
255
212
  __publicField(this, "ResetAgent", () => {
256
- __privateSet(this, _httpsAgent2, null);
213
+ __privateGet(this, _agentManager2).ResetAgent();
257
214
  });
258
215
  __publicField(this, "VerifyRequestMiddlewareFactory", (options) => {
259
216
  return async (req, res, next) => {
@@ -323,7 +280,8 @@ class AuthUtilsNode {
323
280
  jwksUri: jwksClientUri,
324
281
  timeout: 3e4,
325
282
  //@@ config
326
- requestAgent: __privateGet(this, _GetHttpsAgent).call(this)
283
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
284
+ requestAgent: __privateGet(this, _agentManager2).GetAgent(jwksClientUri)
327
285
  });
328
286
  const decodedRefreshToken = jwtDecode(token, { header: true });
329
287
  const kid = decodedRefreshToken.kid;
@@ -407,13 +365,7 @@ class AuthUtilsNode {
407
365
  stage = "6";
408
366
  const url = endPoint ? `${endPoint}${goptions.asoauthapiroot}/token` : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`;
409
367
  stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`;
410
- const retVal = await axios({
411
- url,
412
- method: "post",
413
- data: payload,
414
- headers,
415
- httpsAgent: __privateGet(this, _GetHttpsAgent).call(this)
416
- });
368
+ const retVal = await axios(new STSAxiosConfig(url, "post", headers).withData(payload).withAgentManager(__privateGet(this, _agentManager2)).config);
417
369
  stage = "7";
418
370
  if (retVal.status) {
419
371
  if (retVal.status !== 200) {
@@ -465,6 +417,9 @@ class AuthUtilsNode {
465
417
  __privateSet(this, _logger2, logger);
466
418
  __privateSet(this, _cookiejar, new tough.CookieJar());
467
419
  }
420
+ get agentManager() {
421
+ return __privateGet(this, _agentManager2);
422
+ }
468
423
  /*
469
424
  let cookies = await this.GetCookiesFromJar();
470
425
  const valid = this.#ValidateCookies(cookies);
@@ -490,14 +445,13 @@ _cache = new WeakMap();
490
445
  _cacheTimeout = new WeakMap();
491
446
  _logger2 = new WeakMap();
492
447
  _cookiejar = new WeakMap();
493
- _httpsAgent2 = new WeakMap();
494
448
  _originRegex = new WeakMap();
449
+ _agentManager2 = new WeakMap();
495
450
  _AuthUtilsNode_instances = new WeakSet();
496
451
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
497
452
  LogDebugMessage_fn = function(message) {
498
453
  __privateGet(this, _logger2).debug(message);
499
454
  };
500
- _GetHttpsAgent = new WeakMap();
501
455
  export {
502
456
  AuthUtilsNode,
503
457
  STSAuthClientErrorCode,
package/dist/stsauthclient.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"stsauthclient.mjs","sources":["../src/commonTypes.ts","../node_modules/http-status-codes/build/es/status-codes.js","../node_modules/detect-node/index.esm.js","../src/resourceManager.ts","../src/sessionManager.ts","../src/authutilsnode.ts"],"sourcesContent":["import { StatusCodes } from 'http-status-codes'\n\nimport { OIDCStandardClaim, OAuth2ParameterType } from '@nsshunt/stsutils';\n\nexport interface ISTSResourceManagerOptions {\n\ttimeout: number\n asendpoint: string;\n\tagentOptions?: {\n\t\tkeepAlive: boolean\n\t\tmaxSockets: number\n\t\tmaxTotalSockets: number\n\t\tmaxFreeSockets: number\n timeout: number\n\t\trejectUnauthorized: boolean\n\t}\n}\n\nexport interface ISTSAuthPayload {\n\tsessionId: string,\n\tid_token: string,\n\tconsentRequired: string[],\n\tremainingAdminConsentRequired: string[],\n\tremainingUserConsentRequired: string[],\n\tauthorizationCode?: string\n\tscope: string\n\tclientName: string\n}\n\nexport interface ISTSLogoutPayload {\n\tsessionId: string\n}\n\nexport interface ISTSConsent {\n consent: string[]\n}\n\nexport interface ISTSTokenPayload {\n access_token: string,\n token_type: \"Bearer\",\n expires_in: number,\n refresh_token: string,\n id_token: string,\n scope?: string\n}\n\nexport interface ISTSSessionResource { \n sessionId: string\n sessionState: string\n id_token: string\n consentCurrent: string[]\n consentRequired: string[]\n remainingAdminConsentRequired: string[]\n remainingUserConsentRequired: string[]\n consentNonce?: string\n audience: string\n permissions: string\n subject: string\n authorizationCode: string\n authorizationCodeState: string\n userId: string\n\n // Client query paramaters (mandatory)\n client_id: string\n response_type: string\n redirect_uri: string\n scope: string // Microsoft uses '+' instead of ' ' to seperate scopes - update the string if we have '+' characters\n state: string\n\n code_challenge?: string\n code_challenge_method?: string\n nonce?: string\n response_mode?: string\n\n tokenPayload?: ISTSTokenPayload\n}\n\nexport interface ISTSLoginQueryParams {\n email: string\n password: string\n [OAuth2ParameterType.CLIENT_ID]: string\n nonce: string\n [OAuth2ParameterType.RESPONSE_TYPE]: string\n [OAuth2ParameterType.REDIRECT_URI]: string\n [OAuth2ParameterType.RESPONSE_MODE]: string\n [OAuth2ParameterType.SCOPE]: string\n [OAuth2ParameterType.STATE]: string\n code_challenge: string\n code_challenge_method: string\n}\n\nexport interface ISTSUser {\n id: string\n name: string\n email: string\n hash: string\n roles: string[]\n}\n\nexport interface ISTSAuthorizationCodeResource {\n sessionId: string\n}\n\nexport interface ISTSClaims {\n iss: string, // issuer - server that issues the tokens\n sub: string, // subject - normally the resource (e.g. https://stsmda.com.au/myresource01/) or the user (for id_token)\n //aud: audience, // audience (normally the API) (e.g. https://stsmda.com.au/myresource01api/)\n exp: number, // expires\n iat: number, // issues at\n // OIDC claims\n [OIDCStandardClaim.NAME]: string\n [OIDCStandardClaim.EMAIL]: string,\n // STS Custom claims\n sts_user_id: string\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n sts_user_roles: any\n //alg: 'RS256'\n [OIDCStandardClaim.NONCE]?: string\n}\n\nexport interface ISTSResourceEx<T> {\n status: StatusCodes;\n error?: string;\n sourceError?: Error;\n detail?: T;\n}\n\nexport interface ISTSError {\n status: StatusCodes;\n error: string;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n detail: any;\n}\n\nexport const iss = `https://stscore.stsmda.org/oauth2/v2.0`;\n\nexport const STSAuthClientErrorCode = Object.freeze({\n STS_AC_MISSING_PERMISSION: {\n code: 'STS_AFC0001',\n description: 'STS_AC_0001: Missing Permission(s).'\n },\n});\n","// Generated file. Do not edit\nexport var StatusCodes;\n(function (StatusCodes) {\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.1\n *\n * This interim response indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.\n */\n StatusCodes[StatusCodes[\"CONTINUE\"] = 100] = \"CONTINUE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.2\n *\n * This code is sent in response to an Upgrade request header by the client, and indicates the protocol the server is switching too.\n */\n StatusCodes[StatusCodes[\"SWITCHING_PROTOCOLS\"] = 101] = \"SWITCHING_PROTOCOLS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.1\n *\n * This code indicates that the server has received and is processing the request, but no response is available yet.\n */\n StatusCodes[StatusCodes[\"PROCESSING\"] = 102] = \"PROCESSING\";\n /**\n * Official Documentation @ https://www.rfc-editor.org/rfc/rfc8297#page-3\n *\n * This code indicates to the client that the server is likely to send a final response with the header fields included in the informational response.\n */\n StatusCodes[StatusCodes[\"EARLY_HINTS\"] = 103] = \"EARLY_HINTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.1\n *\n * The request has succeeded. The meaning of a success varies depending on the HTTP method:\n * GET: The resource has been fetched and is transmitted in the message body.\n * HEAD: The entity headers are in the message body.\n * POST: The resource describing the result of the action is transmitted in the message body.\n * TRACE: The message body contains the request message as received by the server\n */\n StatusCodes[StatusCodes[\"OK\"] = 200] = \"OK\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.2\n *\n * The request has succeeded and a new resource has been created as a result of it. This is typically the response sent after a PUT request.\n */\n StatusCodes[StatusCodes[\"CREATED\"] = 201] = \"CREATED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.3\n *\n * The request has been received but not yet acted upon. It is non-committal, meaning that there is no way in HTTP to later send an asynchronous response indicating the outcome of processing the request. It is intended for cases where another process or server handles the request, or for batch processing.\n */\n StatusCodes[StatusCodes[\"ACCEPTED\"] = 202] = \"ACCEPTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.4\n *\n * This response code means returned meta-information set is not exact set as available from the origin server, but collected from a local or a third party copy. Except this condition, 200 OK response should be preferred instead of this response.\n */\n StatusCodes[StatusCodes[\"NON_AUTHORITATIVE_INFORMATION\"] = 203] = \"NON_AUTHORITATIVE_INFORMATION\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.5\n *\n * There is no content to send for this request, but the headers may be useful. The user-agent may update its cached headers for this resource with the new ones.\n */\n StatusCodes[StatusCodes[\"NO_CONTENT\"] = 204] = \"NO_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.6\n *\n * This response code is sent after accomplishing request to tell user agent reset document view which sent this request.\n */\n StatusCodes[StatusCodes[\"RESET_CONTENT\"] = 205] = \"RESET_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.1\n *\n * This response code is used because of range header sent by the client to separate download into multiple streams.\n */\n StatusCodes[StatusCodes[\"PARTIAL_CONTENT\"] = 206] = \"PARTIAL_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.2\n *\n * A Multi-Status response conveys information about multiple resources in situations where multiple status codes might be appropriate.\n */\n StatusCodes[StatusCodes[\"MULTI_STATUS\"] = 207] = \"MULTI_STATUS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.1\n *\n * The request has more than one possible responses. User-agent or user should choose one of them. There is no standardized way to choose one of the responses.\n */\n StatusCodes[StatusCodes[\"MULTIPLE_CHOICES\"] = 300] = \"MULTIPLE_CHOICES\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.2\n *\n * This response code means that URI of requested resource has been changed. Probably, new URI would be given in the response.\n */\n StatusCodes[StatusCodes[\"MOVED_PERMANENTLY\"] = 301] = \"MOVED_PERMANENTLY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.3\n *\n * This response code means that URI of requested resource has been changed temporarily. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.\n */\n StatusCodes[StatusCodes[\"MOVED_TEMPORARILY\"] = 302] = \"MOVED_TEMPORARILY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.4\n *\n * Server sent this response to directing client to get requested resource to another URI with an GET request.\n */\n StatusCodes[StatusCodes[\"SEE_OTHER\"] = 303] = \"SEE_OTHER\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.1\n *\n * This is used for caching purposes. It is telling to client that response has not been modified. So, client can continue to use same cached version of response.\n */\n StatusCodes[StatusCodes[\"NOT_MODIFIED\"] = 304] = \"NOT_MODIFIED\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.6\n *\n * Was defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.\n */\n StatusCodes[StatusCodes[\"USE_PROXY\"] = 305] = \"USE_PROXY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.7\n *\n * Server sent this response to directing client to get requested resource to another URI with same method that used prior request. This has the same semantic than the 302 Found HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"TEMPORARY_REDIRECT\"] = 307] = \"TEMPORARY_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7538#section-3\n *\n * This means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"PERMANENT_REDIRECT\"] = 308] = \"PERMANENT_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.1\n *\n * This response means that server could not understand the request due to invalid syntax.\n */\n StatusCodes[StatusCodes[\"BAD_REQUEST\"] = 400] = \"BAD_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.1\n *\n * Although the HTTP standard specifies \"unauthorized\", semantically this response means \"unauthenticated\". That is, the client must authenticate itself to get the requested response.\n */\n StatusCodes[StatusCodes[\"UNAUTHORIZED\"] = 401] = \"UNAUTHORIZED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.2\n *\n * This response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems however this is not used currently.\n */\n StatusCodes[StatusCodes[\"PAYMENT_REQUIRED\"] = 402] = \"PAYMENT_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.3\n *\n * The client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client's identity is known to the server.\n */\n StatusCodes[StatusCodes[\"FORBIDDEN\"] = 403] = \"FORBIDDEN\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.4\n *\n * The server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web.\n */\n StatusCodes[StatusCodes[\"NOT_FOUND\"] = 404] = \"NOT_FOUND\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.5\n *\n * The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code.\n */\n StatusCodes[StatusCodes[\"METHOD_NOT_ALLOWED\"] = 405] = \"METHOD_NOT_ALLOWED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.6\n *\n * This response is sent when the web server, after performing server-driven content negotiation, doesn't find any content following the criteria given by the user agent.\n */\n StatusCodes[StatusCodes[\"NOT_ACCEPTABLE\"] = 406] = \"NOT_ACCEPTABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.2\n *\n * This is similar to 401 but authentication is needed to be done by a proxy.\n */\n StatusCodes[StatusCodes[\"PROXY_AUTHENTICATION_REQUIRED\"] = 407] = \"PROXY_AUTHENTICATION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.7\n *\n * This response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.\n */\n StatusCodes[StatusCodes[\"REQUEST_TIMEOUT\"] = 408] = \"REQUEST_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.8\n *\n * This response is sent when a request conflicts with the current state of the server.\n */\n StatusCodes[StatusCodes[\"CONFLICT\"] = 409] = \"CONFLICT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.9\n *\n * This response would be sent when the requested content has been permenantly deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for \"limited-time, promotional services\". APIs should not feel compelled to indicate resources that have been deleted with this status code.\n */\n StatusCodes[StatusCodes[\"GONE\"] = 410] = \"GONE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.10\n *\n * The server rejected the request because the Content-Length header field is not defined and the server requires it.\n */\n StatusCodes[StatusCodes[\"LENGTH_REQUIRED\"] = 411] = \"LENGTH_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.2\n *\n * The client has indicated preconditions in its headers which the server does not meet.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_FAILED\"] = 412] = \"PRECONDITION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.11\n *\n * Request entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field.\n */\n StatusCodes[StatusCodes[\"REQUEST_TOO_LONG\"] = 413] = \"REQUEST_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.12\n *\n * The URI requested by the client is longer than the server is willing to interpret.\n */\n StatusCodes[StatusCodes[\"REQUEST_URI_TOO_LONG\"] = 414] = \"REQUEST_URI_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.13\n *\n * The media format of the requested data is not supported by the server, so the server is rejecting the request.\n */\n StatusCodes[StatusCodes[\"UNSUPPORTED_MEDIA_TYPE\"] = 415] = \"UNSUPPORTED_MEDIA_TYPE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.4\n *\n * The range specified by the Range header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.\n */\n StatusCodes[StatusCodes[\"REQUESTED_RANGE_NOT_SATISFIABLE\"] = 416] = \"REQUESTED_RANGE_NOT_SATISFIABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.14\n *\n * This response code means the expectation indicated by the Expect request header field can't be met by the server.\n */\n StatusCodes[StatusCodes[\"EXPECTATION_FAILED\"] = 417] = \"EXPECTATION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2324#section-2.3.2\n *\n * Any attempt to brew coffee with a teapot should result in the error code \"418 I'm a teapot\". The resulting entity body MAY be short and stout.\n */\n StatusCodes[StatusCodes[\"IM_A_TEAPOT\"] = 418] = \"IM_A_TEAPOT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The 507 (Insufficient Storage) status code means the method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. This condition is considered to be temporary. If the request which received this status code was the result of a user action, the request MUST NOT be repeated until it is requested by a separate user action.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_SPACE_ON_RESOURCE\"] = 419] = \"INSUFFICIENT_SPACE_ON_RESOURCE\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-webdav-protocol-06.txt\n *\n * A deprecated response used by the Spring Framework when a method has failed.\n */\n StatusCodes[StatusCodes[\"METHOD_FAILURE\"] = 420] = \"METHOD_FAILURE\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7540#section-9.1.2\n *\n * Defined in the specification of HTTP/2 to indicate that a server is not able to produce a response for the combination of scheme and authority that are included in the request URI.\n */\n StatusCodes[StatusCodes[\"MISDIRECTED_REQUEST\"] = 421] = \"MISDIRECTED_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.3\n *\n * The request was well-formed but was unable to be followed due to semantic errors.\n */\n StatusCodes[StatusCodes[\"UNPROCESSABLE_ENTITY\"] = 422] = \"UNPROCESSABLE_ENTITY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.4\n *\n * The resource that is being accessed is locked.\n */\n StatusCodes[StatusCodes[\"LOCKED\"] = 423] = \"LOCKED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.5\n *\n * The request failed due to failure of a previous request.\n */\n StatusCodes[StatusCodes[\"FAILED_DEPENDENCY\"] = 424] = \"FAILED_DEPENDENCY\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.15\n *\n * The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol.\n */\n StatusCodes[StatusCodes[\"UPGRADE_REQUIRED\"] = 426] = \"UPGRADE_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-3\n *\n * The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_REQUIRED\"] = 428] = \"PRECONDITION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-4\n *\n * The user has sent too many requests in a given amount of time (\"rate limiting\").\n */\n StatusCodes[StatusCodes[\"TOO_MANY_REQUESTS\"] = 429] = \"TOO_MANY_REQUESTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-5\n *\n * The server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.\n */\n StatusCodes[StatusCodes[\"REQUEST_HEADER_FIELDS_TOO_LARGE\"] = 431] = \"REQUEST_HEADER_FIELDS_TOO_LARGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7725\n *\n * The user-agent requested a resource that cannot legally be provided, such as a web page censored by a government.\n */\n StatusCodes[StatusCodes[\"UNAVAILABLE_FOR_LEGAL_REASONS\"] = 451] = \"UNAVAILABLE_FOR_LEGAL_REASONS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.1\n *\n * The server encountered an unexpected condition that prevented it from fulfilling the request.\n */\n StatusCodes[StatusCodes[\"INTERNAL_SERVER_ERROR\"] = 500] = \"INTERNAL_SERVER_ERROR\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.2\n *\n * The request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD.\n */\n StatusCodes[StatusCodes[\"NOT_IMPLEMENTED\"] = 501] = \"NOT_IMPLEMENTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.3\n *\n * This error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.\n */\n StatusCodes[StatusCodes[\"BAD_GATEWAY\"] = 502] = \"BAD_GATEWAY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.4\n *\n * The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the Retry-After: HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.\n */\n StatusCodes[StatusCodes[\"SERVICE_UNAVAILABLE\"] = 503] = \"SERVICE_UNAVAILABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.5\n *\n * This error response is given when the server is acting as a gateway and cannot get a response in time.\n */\n StatusCodes[StatusCodes[\"GATEWAY_TIMEOUT\"] = 504] = \"GATEWAY_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.6\n *\n * The HTTP version used in the request is not supported by the server.\n */\n StatusCodes[StatusCodes[\"HTTP_VERSION_NOT_SUPPORTED\"] = 505] = \"HTTP_VERSION_NOT_SUPPORTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_STORAGE\"] = 507] = \"INSUFFICIENT_STORAGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-6\n *\n * The 511 status code indicates that the client needs to authenticate to gain network access.\n */\n StatusCodes[StatusCodes[\"NETWORK_AUTHENTICATION_REQUIRED\"] = 511] = \"NETWORK_AUTHENTICATION_REQUIRED\";\n})(StatusCodes || (StatusCodes = {}));\n","// Only Node.JS has a process variable that is of [[Class]] process\nexport default Object.prototype.toString.call(typeof process !== 'undefined' ? process : 0) === '[object process]';\n","import isNode from 'detect-node'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport https from 'node:https'\n\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { ISTSLogger, JSONObject } from '@nsshunt/stsutils';\n\nimport { ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nexport abstract class ResourceManager {\n #options: ISTSResourceManagerOptions;\n #httpsAgent: https.Agent | null = null;\n #logger: ISTSLogger;\n #axiosConfig: AxiosRequestConfig | null = null;\n #accessToken: string | null = null;\n\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n this.#options = options;\n this.#logger = logger;\n\t\t\n this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);\n\n if (isNode && this.#options.agentOptions) {\n this.#httpsAgent = new https.Agent({ \n keepAlive: this.#options.agentOptions.keepAlive,\n maxSockets: this.#options.agentOptions.maxSockets,\n maxTotalSockets: this.#options.agentOptions.maxTotalSockets,\n maxFreeSockets: this.#options.agentOptions.maxFreeSockets,\n timeout: this.#options.timeout,\n rejectUnauthorized: this.#options.agentOptions.rejectUnauthorized // Allows self-signed certificates if non-production\n });\n }\n }\n\n get httpsAgent() {\n return this.#httpsAgent;\n }\n\n get options(): ISTSResourceManagerOptions {\n return this.#options;\n }\n\n get axiosConfig(): AxiosRequestConfig | null {\n return this.#axiosConfig;\n }\n\n get accessToken(): string | null {\n return this.#accessToken;\n }\n\n set accessToken(token: string | null) {\n this.#accessToken = token;\n }\n\n SetAccessToken(token: string | null): ResourceManager {\n this.accessToken = token;\n return this;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogInfoMessage(message: any) {\n this.#logger.info(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogErrorMessage(message: any) {\n this.#logger.error(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n GetErrorMessage = (status: StatusCodes, error: string, detail: any): ISTSError => {\n return {\n status,\n error,\n detail\n };\n }\n\n GetHeaders = (access_token: string): JSONObject => {\n const headers: JSONObject = { \n 'Content-Type': 'application/json'\n }\n if (this.#accessToken) {\n headers['Authorization'] = `Bearer ${access_token}`;\n }\n return headers;\n }\n\n // Make data be a abstract base class for resources\n AxiosConfig = (url: string, httpMethod: string, data?: JSONObject): ResourceManager => {\n this.#axiosConfig = {\n url,\n method: httpMethod,\n headers: this.GetHeaders(this.#accessToken as string),\n timeout: this.options.timeout\n }\n if (data) {\n this.#axiosConfig.data = data;\n }\n if (isNode) {\n this.#axiosConfig.httpsAgent = this.httpsAgent\n }\n \n return this;\n }\n\n GetResult = async <T>(errorCb: (error: ISTSError) => void): Promise<T | null> => {\n // We need to snap shot any config required due to async processing\n const axiosConfigSnapshot = this.#axiosConfig as AxiosRequestConfig;\n const data = await axios(axiosConfigSnapshot); // The snapshot is not actually required here but after the await. I put it here by way of example only.\n // The reason is that when await is called, the node event loop will continue to process all remaining queued operations.\n // One of those operations or any operation executed prior to the axios call completing might update the config. So we need to use the\n // snapshot copy of the config made above. This is the downside to the \"return this\" pattern when async operations are used.\n if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {\n const sessionDataRaw = data.data.detail;\n if (sessionDataRaw) {\n try {\n const sessionData = JSON.parse(sessionDataRaw) as T;\n return sessionData;\n } catch (error) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): Could not parse session data.', error));\n return null;\n }\n } else {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): No session data returned.', null));\n return null;\n }\n } else {\n const { status, error, detail } = data.data;\n errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));\n return null;\n }\n }\n}\n","import { StatusCodes } from 'http-status-codes';\n\nimport { ISTSLogger } from '@nsshunt/stsutils';\n\nimport { ISTSSessionResource, ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { ResourceManager } from './resourceManager'\n\nexport class SessionManager extends ResourceManager {\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n super(options, logger);\n }\n\n GetSession = async (access_token: string, sessionId: string, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n return this.SetAccessToken(access_token)\n .AxiosConfig(`${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, 'get')\n .GetResult<ISTSSessionResource>(errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n\n PatchSession = async (access_token: string, session: Partial<ISTSSessionResource>, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n if (!session.sessionId) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetSession(): sessionId not provided.', null));\n return null;\n }\n return this.SetAccessToken(access_token)\n .AxiosConfig(`${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, 'patch', session)\n .GetResult<ISTSSessionResource>(errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n}\n","import tough from 'tough-cookie';\nimport https from 'node:https'\nimport jwt from 'jsonwebtoken';\nimport { jwtDecode } from \"jwt-decode\";\nimport jwksClient from 'jwks-rsa';\n\nimport axios from 'axios';\n\nimport { goptions } from '@nsshunt/stsconfig'\n\nimport { GetErrorPayload, ISTSLogger, JSONObject } from '@nsshunt/stsutils'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport chalk from 'chalk';\n\nimport { Gauge, PublishInstrumentController } from '@nsshunt/stsobservability'\n\nimport { iss, STSAuthClientErrorCode } from './commonTypes'\n\nexport interface IAuthUtilsNodeOptions {\n permissions: string[]\n}\n\nexport interface IGetAPITokenFromAuthServerUsingScopeOptions {\n clientId: string\n authClientSecret: string\n scope: string\n endPoint: string\n instrumentController?: PublishInstrumentController\n outputErrorsToConsole?: boolean\n}\n\ndeclare interface ICacheScopeRecord {\n scope: string\n timeout: NodeJS.Timeout\n}\n\ndeclare interface ICacheRecord {\n scopes: Record<string, ICacheScopeRecord>\n}\n\nexport class AuthUtilsNode\n{\n #cache: Record<string, ICacheRecord> = { };\n #cacheTimeout: number = 1000;\n #logger: ISTSLogger\n #cookiejar: tough.CookieJar;\n #httpsAgent: https.Agent | null = null;\n // Regular expression to match the origin\n #originRegex = /^(api:\\/\\/\\w+)/;\n\n constructor(logger: ISTSLogger) {\n this.#logger = logger;\n this.#cookiejar = new tough.CookieJar();\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n #LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n #GetHttpsAgent = () => {\n if (this.#httpsAgent === null) {\n // https://nodejs.org/api/http.html#class-httpagent\n this.#httpsAgent = new https.Agent({ \n keepAlive: goptions.keepAlive,\n maxSockets: goptions.maxSockets,\n maxTotalSockets: goptions.maxTotalSockets,\n maxFreeSockets: goptions.maxFreeSockets,\n timeout: goptions.timeout,\n rejectUnauthorized: false\n });\n }\n return this.#httpsAgent;\n }\n\n ResetAgent = () => {\n this.#httpsAgent = null;\n }\n\n VerifyRequestMiddlewareFactory = (options: IAuthUtilsNodeOptions) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n return async (req: any, res: any, next: any) => {\n if (options.permissions) {\n\n const permissionsKey = options.permissions.join('_');\n const scopeKey = (req.auth.scope as string).split(' ').join('_');\n\n if (this.#cache[permissionsKey] && this.#cache[permissionsKey].scopes[scopeKey]) {\n next();\n return;\n }\n\n const scopes = req.auth.scope.split(' ');\n\n const requiredPermissions = [ ];\n for (let i=0; i < options.permissions.length; i++) {\n const permission = options.permissions[i];\n if (!scopes.includes(permission)) {\n requiredPermissions.push(permission);\n }\n }\n if (requiredPermissions.length > 0) {\n const errorPayload = GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);\n res.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: errorPayload });\n return;\n }\n\n if (!this.#cache[permissionsKey]) {\n this.#cache[permissionsKey] = {\n scopes: { }\n }\n }\n\n this.#cache[permissionsKey].scopes[scopeKey] = {\n scope: scopeKey,\n timeout: setTimeout(() => {\n delete this.#cache[permissionsKey].scopes[scopeKey]\n }, this.#cacheTimeout).unref()\n }\n }\n next();\n }\n }\n /*\n\tlet cookies = await this.GetCookiesFromJar();\n\tconst valid = this.#ValidateCookies(cookies);\n\tif (valid) {\n\t\tnext();\n\t} else {\n\t\tconst error = { }; //@@\n\t\tconst invalidToken = false; //@@\n\t\tif (invalidToken)\n\t\t{\n\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t} else{\n\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t}\n\t}\n\t*/\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async verifyRequestMiddleware(req: any, res: any, next: any)\n {\n next();\n /*\n\t\t\n\t\tlet cookies = await this.GetCookiesFromJar();\n\n\t\tconst valid = this.#ValidateCookies(cookies);\n\n\t\tif (valid) {\n\t\t\tnext();\n\t\t} else {\n\t\t\tconst error = { }; //@@\n\t\t\tconst invalidToken = false; //@@\n\t\t\tif (invalidToken)\n\t\t\t{\n\t\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t\t} else{\n\t\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t\t}\n\t\t}\n\t\t*/\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n SetCookiesToJar = async (headers: Record<string, any>, endpoint: string): Promise<tough.Cookie[]> =>\n {\n if (headers['set-cookie']) {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n headers['set-cookie'].map((headerCookie: any) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headerCookie);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n });\n } else {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headers['set-cookie']);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n }\n\n return this.#cookiejar.getCookies(endpoint);\n };\n\n GetCookiesFromJar = async (endpoint: string): Promise<tough.Cookie[]> =>\n {\n return this.#cookiejar.getCookies(endpoint);\n };\n\n ValidateJWT = async (token: string, audience: string, endpoint?: string): Promise<string> => {\n const jwksClientUri = (endpoint \n ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` \n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`);\n\n const jwks = jwksClient({\n cache: true, //@@ all config items\n cacheMaxEntries: 5, // Default value\n cacheMaxAge: 600000, // Defaults to 10m\n rateLimit: true,\n jwksRequestsPerMinute: 10, // Default value\n jwksUri: jwksClientUri,\n timeout: 30000, //@@ config\n requestAgent: this.#GetHttpsAgent()\n });\n\n // Use decode to get the kid\n const decodedRefreshToken = jwtDecode<JSONObject>(token, { header: true });\n const kid = decodedRefreshToken.kid;\n\n const key = await jwks.getSigningKey(kid);\n const signingKey = key.getPublicKey();\n\t\t\n const verifyOptions = {\n issuer: iss,\n //subject: s,\n audience: audience,\n //expiresIn: 600, // 10 minutes\n algorithm: [\"RS256\"] // RSASSA [ \"RS256\", \"RS384\", \"RS512\" ]\n };\n\n return jwt.verify(token, signingKey, verifyOptions) as string;\n }\n\n // Function to extract the origin from a URI\n ExtractOrigin = (uri: string) => {\n const match = uri.match(this.#originRegex);\n return match ? match[1] : null;\n }\n\n GetAPITokenFromAuthServerUsingScope = async (options: IGetAPITokenFromAuthServerUsingScopeOptions, errorCb: (error: Error) => void): Promise<string> => {\n const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;\n\n let stage = '1';\n\n const invokeErrorCb = (error: Error) => {\n this.#LogDebugMessage(error);\n if (instrumentController) {\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, { // auth error\n Inc: 1\n });\n }\n errorCb(error);\n };\n\n try {\n stage = '2';\n const scopes = scope.split(' ');\n let origin: string | null = null;\n let error: Error | null = null;\n stage = '3';\n for (let i=0; i < scopes.length; i++) {\n const s = scopes[i];\n if (!origin) {\n origin = this.ExtractOrigin(s);\n if (!origin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n }\n } else {\n const nextOrigin: string | null = this.ExtractOrigin(s);\n if (!nextOrigin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n } else {\n if (origin.localeCompare(nextOrigin) !== 0) {\n error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);\n break;\n }\n }\n }\n }\n stage = '4';\n if (error) {\n invokeErrorCb(error);\n return \"\";\n }\n\n stage = '5';\n const headers = { 'Content-Type': 'application/json'};\n const payload = { //@@ make a type\n client_id: clientId, // The service calling this method\n client_secret: authClientSecret, // Auth service client secret\n //client_secret: goptions.brokerclientsecret, // Broker service client secret\n scope: scope, // required API\n //@@ remove audience\n //@@ need scope to be the API identifier\n grant_type: \"client_credentials\"\n }\n stage = '6';\n const url = (endPoint \n ? `${endPoint}${goptions.asoauthapiroot}/token`\n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`);\n\n stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`\n\n const retVal = await axios({\n url\n ,method: 'post'\n ,data: payload\n ,headers: headers\n ,httpsAgent: this.#GetHttpsAgent()\n });\n\n stage = '7';\n if (retVal.status) {\n if (retVal.status !== 200) {\n // Just provide a warning here\n this.#LogDebugMessage(chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));\n }\n } else {\n invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));\n return \"\";\n }\n stage = '8';\n if (retVal.data) {\n stage = '9';\n if (retVal.data.access_token) {\n stage = '10';\n if (instrumentController) {\n stage = '11';\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {\n Inc: 1\n });\n }\n \n stage = '12';\n return retVal.data.access_token as string;\n } else {\n stage = '13';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));\n return \"\";\n }\n } else {\n stage = '14';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));\n return \"\";\n }\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n if (outputErrorsToConsole === true) {\n console.error(error);\n }\n let details = 'None available.';\n if (error.response && error.response.data) {\n try {\n details = JSON.stringify(error.response.data);\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n } catch (error) {\n details = `Could not JSON.stringify(error.response.data)`;\n }\n }\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));\n return \"\";\n }\n }\n}\n"],"names":["StatusCodes","_logger","_httpsAgent","error"],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAqIO,MAAM,MAAM;AAEN,MAAA,yBAAyB,OAAO,OAAO;AAAA,EAChD,2BAA2B;AAAA,IACvB,MAAM;AAAA,IACN,aAAa;AAAA,EACjB;AACJ,CAAC;AC3IM,IAAI;AAAA,CACV,SAAUA,cAAa;AAMpB,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAUhD,EAAAA,aAAYA,aAAY,IAAI,IAAI,GAAG,IAAI;AAMvC,EAAAA,aAAYA,aAAY,SAAS,IAAI,GAAG,IAAI;AAM5C,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,EAAAA,aAAYA,aAAY,eAAe,IAAI,GAAG,IAAI;AAMlD,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAOjD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,MAAM,IAAI,GAAG,IAAI;AAMzC,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,wBAAwB,IAAI,GAAG,IAAI;AAM3D,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,gCAAgC,IAAI,GAAG,IAAI;AAOnE,EAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,QAAQ,IAAI,GAAG,IAAI;AAM3C,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,4BAA4B,IAAI,GAAG,IAAI;AAM/D,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AACxE,GAAG,gBAAgB,cAAc,CAAA,EAAG;ACpWpC,MAAA,SAAe,OAAO,UAAU,SAAS,KAAK,OAAO,YAAY,cAAc,UAAU,CAAC,MAAM;ACWzF,MAAe,gBAAgB;AAAA,EAOlC,YAAY,SAAqC,QAAoB;AANrE;AACA,oCAAkC;AAClC;AACA,qCAA0C;AAC1C,qCAA8B;AA6D9B;AAAA,2CAAkB,CAAC,QAAqB,OAAe,WAA2B;AACvE,aAAA;AAAA,QACH;AAAA,QACA;AAAA,QACA;AAAA,MAAA;AAAA,IACJ;AAGJ,sCAAa,CAAC,iBAAqC;AAC/C,YAAM,UAAsB;AAAA,QACxB,gBAAgB;AAAA,MAAA;AAEpB,UAAI,mBAAK,eAAc;AACX,gBAAA,eAAe,IAAI,UAAU,YAAY;AAAA,MACrD;AACO,aAAA;AAAA,IAAA;AAIX;AAAA,uCAAc,CAAC,KAAa,YAAoB,SAAuC;AACnF,yBAAK,cAAe;AAAA,QAChB;AAAA,QACA,QAAQ;AAAA,QACR,SAAS,KAAK,WAAW,mBAAK,aAAsB;AAAA,QACpD,SAAS,KAAK,QAAQ;AAAA,MAAA;AAE1B,UAAI,MAAM;AACN,2BAAK,cAAa,OAAO;AAAA,MAC7B;AACA,UAAI,QAAQ;AACH,2BAAA,cAAa,aAAa,KAAK;AAAA,MACxC;AAEO,aAAA;AAAA,IAAA;AAGX,qCAAY,OAAU,YAA2D;AAE7E,YAAM,sBAAsB,mBAAK;AAC3B,YAAA,OAAO,MAAM,MAAM,mBAAmB;AAIxC,UAAA,KAAK,KAAK,WAAW,YAAY,MAAM,KAAK,KAAK,WAAW,YAAY,SAAS;AAC3E,cAAA,iBAAiB,KAAK,KAAK;AACjC,YAAI,gBAAgB;AACZ,cAAA;AACM,kBAAA,cAAc,KAAK,MAAM,cAAc;AACtC,mBAAA;AAAA,mBACD,OAAO;AACb,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,6DAA6D,KAAK,CAAC;AAC5H,mBAAA;AAAA,UACX;AAAA,QAAA,OACG;AACH,kBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,yDAAyD,IAAI,CAAC;AACvH,iBAAA;AAAA,QACX;AAAA,MAAA,OACG;AACH,cAAM,EAAE,QAAQ,OAAO,OAAA,IAAW,KAAK;AACvC,gBAAQ,KAAK,gBAAgB,QAAQ,sDAAsD,KAAK,KAAK,MAAM,CAAC;AACrG,eAAA;AAAA,MACX;AAAA,IAAA;AAvHA,uBAAK,UAAW;AAChB,uBAAK,SAAW;AAEhB,SAAK,gBAAgB,0CAA0C,KAAK,UAAU,mBAAK,SAAQ,CAAC,GAAG;AAE3F,QAAA,UAAU,mBAAK,UAAS,cAAc;AACjC,yBAAA,aAAc,IAAI,MAAM,MAAM;AAAA,QAC/B,WAAW,mBAAK,UAAS,aAAa;AAAA,QACtC,YAAY,mBAAK,UAAS,aAAa;AAAA,QACvC,iBAAiB,mBAAK,UAAS,aAAa;AAAA,QAC5C,gBAAgB,mBAAK,UAAS,aAAa;AAAA,QAC3C,SAAS,mBAAK,UAAS;AAAA,QACvB,oBAAoB,mBAAK,UAAS,aAAa;AAAA;AAAA,MAAA,CAClD;AAAA,IACL;AAAA,EACJ;AAAA,EAEA,IAAI,aAAa;AACb,WAAO,mBAAK;AAAA,EAChB;AAAA,EAEA,IAAI,UAAsC;AACtC,WAAO,mBAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAyC;AACzC,WAAO,mBAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAA6B;AAC7B,WAAO,mBAAK;AAAA,EAChB;AAAA,EAEA,IAAI,YAAY,OAAsB;AAClC,uBAAK,cAAe;AAAA,EACxB;AAAA,EAEA,eAAe,OAAuC;AAClD,SAAK,cAAc;AACZ,WAAA;AAAA,EACX;AAAA;AAAA,EAGA,gBAAgB,SAAc;AACrB,uBAAA,SAAQ,MAAM,OAAO;AAAA,EAC9B;AAAA;AAAA,EAGA,eAAe,SAAc;AACpB,uBAAA,SAAQ,KAAK,OAAO;AAAA,EAC7B;AAAA;AAAA,EAGA,gBAAgB,SAAc;AACrB,uBAAA,SAAQ,MAAM,OAAO;AAAA,EAC9B;AAkEJ;AAhII;AACA;AACA;AACA;AACA;ACTG,MAAM,uBAAuB,gBAAgB;AAAA,EAChD,YAAY,SAAqC,QAAoB;AACjE,UAAM,SAAS,MAAM;AAGzB,sCAAa,OAAO,cAAsB,WAAmB,YAA6E;AAClI,UAAA;AACA,eAAO,KAAK,eAAe,YAAY,EAClC,YAAY,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,SAAS,CAAC,IAAI,KAAK,EACxF,UAA+B,OAAO;AAAA,eAEtC,OAAY;AACT,gBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,eAAA;AAAA,MACX;AAAA,IAAA;AAGJ,wCAAe,OAAO,cAAsB,SAAuC,YAA6E;AACxJ,UAAA;AACI,YAAA,CAAC,QAAQ,WAAW;AACpB,kBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,wDAAwD,IAAI,CAAC;AACtH,iBAAA;AAAA,QACX;AACA,eAAO,KAAK,eAAe,YAAY,EAClC,YAAY,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,QAAQ,SAAS,CAAC,IAAI,SAAS,OAAO,EAC3G,UAA+B,OAAO;AAAA,eAEtC,OAAY;AACT,gBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,eAAA;AAAA,MACX;AAAA,IAAA;AAAA,EA3BJ;AA6BJ;ACEO,MAAM,cACb;AAAA,EASI,YAAY,QAAoB;AAV7B;AAEH,+BAAuC,CAAA;AACvC,sCAAwB;AACxB,uBAAAC;AACA;AACA,uBAAAC,cAAkC;AAElC;AAAA,qCAAe;AAYf,uCAAiB,MAAM;AACf,UAAA,mBAAKA,kBAAgB,MAAM;AAEtB,2BAAAA,cAAc,IAAI,MAAM,MAAM;AAAA,UAC/B,WAAW,SAAS;AAAA,UACpB,YAAY,SAAS;AAAA,UACrB,iBAAiB,SAAS;AAAA,UAC1B,gBAAgB,SAAS;AAAA,UACzB,SAAS,SAAS;AAAA,UAClB,oBAAoB;AAAA,QAAA,CACvB;AAAA,MACL;AACA,aAAO,mBAAKA;AAAA,IAAA;AAGhB,sCAAa,MAAM;AACf,yBAAKA,cAAc;AAAA,IAAA;AAGvB,0DAAiC,CAAC,YAAmC;AAE1D,aAAA,OAAO,KAAU,KAAU,SAAc;AAC5C,YAAI,QAAQ,aAAa;AAErB,gBAAM,iBAAiB,QAAQ,YAAY,KAAK,GAAG;AAC7C,gBAAA,WAAY,IAAI,KAAK,MAAiB,MAAM,GAAG,EAAE,KAAK,GAAG;AAE3D,cAAA,mBAAK,QAAO,cAAc,KAAK,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,GAAG;AACxE;AACL;AAAA,UACJ;AAEA,gBAAM,SAAS,IAAI,KAAK,MAAM,MAAM,GAAG;AAEvC,gBAAM,sBAAsB,CAAA;AAC5B,mBAAS,IAAE,GAAG,IAAI,QAAQ,YAAY,QAAQ,KAAK;AACzC,kBAAA,aAAa,QAAQ,YAAY,CAAC;AACxC,gBAAI,CAAC,OAAO,SAAS,UAAU,GAAG;AAC9B,kCAAoB,KAAK,UAAU;AAAA,YACvC;AAAA,UACJ;AACI,cAAA,oBAAoB,SAAS,GAAG;AAChC,kBAAM,eAAe,gBAAgB,uBAAuB,2BAA2B,mBAAmB;AACtG,gBAAA,OAAO,YAAY,YAAY,EAAE,KAAM,EAAE,QAAQ,YAAY,cAAc,OAAO,aAAc,CAAA;AACpG;AAAA,UACJ;AAEA,cAAI,CAAC,mBAAK,QAAO,cAAc,GAAG;AACzB,+BAAA,QAAO,cAAc,IAAI;AAAA,cAC1B,QAAQ,CAAE;AAAA,YAAA;AAAA,UAElB;AAEA,6BAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,IAAI;AAAA,YAC3C,OAAO;AAAA,YACP,SAAS,WAAW,MAAM;AACtB,qBAAO,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ;AAAA,YAAA,GACnD,mBAAK,cAAa,EAAE,MAAM;AAAA,UAAA;AAAA,QAErC;AACK;MAAA;AAAA,IACT;AA6CJ;AAAA,2CAAkB,OAAO,SAA8B,aACvD;AACQ,UAAA,QAAQ,YAAY,GAAG;AAEvB,gBAAQ,YAAY,EAAE,IAAI,CAAC,iBAAsB;AAE7C,gBAAM,SAAc,MAAM,OAAO,MAAM,YAAY;AAC9C,6BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,QAAA,CACjD;AAAA,MAAA,OACE;AAEH,cAAM,SAAc,MAAM,OAAO,MAAM,QAAQ,YAAY,CAAC;AACvD,2BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,MAClD;AAEO,aAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,IAAA;AAG9C,6CAAoB,OAAO,aAC3B;AACW,aAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,IAAA;AAG9C,uCAAc,OAAO,OAAe,UAAkB,aAAuC;AACnF,YAAA,gBAAiB,WACjB,GAAG,QAAQ,GAAG,SAAS,cAAc,GAAG,SAAS,cAAc,KAC/D,GAAG,SAAS,UAAU,IAAI,SAAS,MAAM,GAAG,SAAS,cAAc,GAAG,SAAS,cAAc;AAEnG,YAAM,OAAO,WAAW;AAAA,QACpB,OAAO;AAAA;AAAA,QACP,iBAAiB;AAAA;AAAA,QACjB,aAAa;AAAA;AAAA,QACb,WAAW;AAAA,QACX,uBAAuB;AAAA;AAAA,QACvB,SAAS;AAAA,QACT,SAAS;AAAA;AAAA,QACT,cAAc,mBAAK,gBAAL;AAAA,MAAoB,CACrC;AAGD,YAAM,sBAAsB,UAAsB,OAAO,EAAE,QAAQ,MAAM;AACzE,YAAM,MAAM,oBAAoB;AAEhC,YAAM,MAAM,MAAM,KAAK,cAAc,GAAG;AAClC,YAAA,aAAa,IAAI;AAEvB,YAAM,gBAAgB;AAAA,QAClB,QAAQ;AAAA;AAAA,QAER;AAAA;AAAA,QAEA,WAAY,CAAC,OAAO;AAAA;AAAA,MAAA;AAGxB,aAAO,IAAI,OAAO,OAAO,YAAY,aAAa;AAAA,IAAA;AAItD;AAAA,yCAAgB,CAAC,QAAgB;AAC7B,YAAM,QAAQ,IAAI,MAAM,mBAAK,aAAY;AAClC,aAAA,QAAQ,MAAM,CAAC,IAAI;AAAA,IAAA;AAG9B,+DAAsC,OAAO,SAAsD,YAAqD;AACpJ,YAAM,EAAE,OAAO,UAAU,kBAAkB,UAAU,sBAAsB,sBAA0B,IAAA;AAErG,UAAI,QAAQ;AAEN,YAAA,gBAAgB,CAAC,UAAiB;AACpC,8BAAK,8CAAL,WAAsB;AACtB,YAAI,sBAAsB;AACD,+BAAA,iBAAiB,MAAM,kCAAkC;AAAA;AAAA,YAC1E,KAAK;AAAA,UAAA,CACR;AAAA,QACL;AACA,gBAAQ,KAAK;AAAA,MAAA;AAGb,UAAA;AACQ,gBAAA;AACF,cAAA,SAAS,MAAM,MAAM,GAAG;AAC9B,YAAI,SAAwB;AAC5B,YAAI,QAAsB;AAClB,gBAAA;AACR,iBAAS,IAAE,GAAG,IAAI,OAAO,QAAQ,KAAK;AAC5B,gBAAA,IAAI,OAAO,CAAC;AAClB,cAAI,CAAC,QAAQ;AACA,qBAAA,KAAK,cAAc,CAAC;AAC7B,gBAAI,CAAC,QAAQ;AACT,sBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,YACJ;AAAA,UAAA,OACG;AACG,kBAAA,aAA4B,KAAK,cAAc,CAAC;AACtD,gBAAI,CAAC,YAAY;AACb,sBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,YAAA,OACG;AACH,kBAAI,OAAO,cAAc,UAAU,MAAM,GAAG;AACxC,wBAAQ,IAAI,MAAM,WAAW,KAAK,oFAAoF;AACtH;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAAA,QACJ;AACQ,gBAAA;AACR,YAAI,OAAO;AACP,wBAAc,KAAK;AACZ,iBAAA;AAAA,QACX;AAEQ,gBAAA;AACF,cAAA,UAAU,EAAE,gBAAgB;AAClC,cAAM,UAAU;AAAA;AAAA,UACZ,WAAW;AAAA;AAAA,UACX,eAAe;AAAA;AAAA;AAAA,UAEf;AAAA;AAAA;AAAA;AAAA,UAGA,YAAY;AAAA,QAAA;AAER,gBAAA;AACR,cAAM,MAAO,WACP,GAAG,QAAQ,GAAG,SAAS,cAAc,WACrC,GAAG,SAAS,UAAU,IAAI,SAAS,MAAM,GAAG,SAAS,cAAc;AAEzE,gBAAQ,cAAc,GAAG,eAAe,KAAK,UAAU,OAAO,CAAC;AAEzD,cAAA,SAAS,MAAM,MAAM;AAAA,UACvB;AAAA,UACC,QAAQ;AAAA,UACR,MAAM;AAAA,UACN;AAAA,UACA,YAAY,mBAAK,gBAAL;AAAA,QAAoB,CACpC;AAEO,gBAAA;AACR,YAAI,OAAO,QAAQ;AACX,cAAA,OAAO,WAAW,KAAK;AAEvB,kCAAK,8CAAL,WAAsB,MAAM,QAAQ,+EAA+E,OAAO,MAAM,GAAG;AAAA,UACvI;AAAA,QAAA,OACG;AACH,wBAAc,IAAI,MAAM,MAAM,IAAI,8DAA8D,CAAC,CAAC;AAC3F,iBAAA;AAAA,QACX;AACQ,gBAAA;AACR,YAAI,OAAO,MAAM;AACL,kBAAA;AACJ,cAAA,OAAO,KAAK,cAAc;AAClB,oBAAA;AACR,gBAAI,sBAAsB;AACd,sBAAA;AACa,mCAAA,iBAAiB,MAAM,4BAA4B;AAAA,gBACpE,KAAK;AAAA,cAAA,CACR;AAAA,YACL;AAEQ,oBAAA;AACR,mBAAO,OAAO,KAAK;AAAA,UAAA,OAChB;AACK,oBAAA;AACM,0BAAA,IAAI,MAAM,yEAAyE,CAAC;AAC3F,mBAAA;AAAA,UACX;AAAA,QAAA,OACG;AACK,kBAAA;AACM,wBAAA,IAAI,MAAM,4DAA4D,CAAC;AAC9E,iBAAA;AAAA,QACX;AAAA,eAEK,OAAY;AACjB,YAAI,0BAA0B,MAAM;AAChC,kBAAQ,MAAM,KAAK;AAAA,QACvB;AACA,YAAI,UAAU;AACd,YAAI,MAAM,YAAY,MAAM,SAAS,MAAM;AACnC,cAAA;AACA,sBAAU,KAAK,UAAU,MAAM,SAAS,IAAI;AAAA,mBAEvCC,QAAO;AACF,sBAAA;AAAA,UACd;AAAA,QACJ;AACc,sBAAA,IAAI,MAAM,uDAAuD,KAAK,cAAc,KAAK,gBAAgB,OAAO,GAAG,CAAC;AAC3H,eAAA;AAAA,MACX;AAAA,IAAA;AA9SA,uBAAKF,UAAU;AACV,uBAAA,YAAa,IAAI,MAAM,UAAU;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAwFA,MAAM,wBAAwB,KAAU,KAAU,MAClD;AACS;EAoBT;AAgMJ;AAzTI;AACA;AACAA,WAAA;AACA;AACAC,eAAA;AAEA;AARG;AAAA;AAgBH,8BAAiB,SAAc;AACtB,qBAAAD,UAAQ,MAAM,OAAO;AAC9B;AAEA;","x_google_ignoreList":[1,2]}
1
+ {"version":3,"file":"stsauthclient.mjs","sources":["../src/commonTypes.ts","../node_modules/http-status-codes/build/es/status-codes.js","../node_modules/detect-node/index.esm.js","../src/resourceManager.ts","../src/sessionManager.ts","../src/authutilsnode.ts"],"sourcesContent":["import { StatusCodes } from 'http-status-codes'\n\nimport { OIDCStandardClaim, OAuth2ParameterType } from '@nsshunt/stsutils';\n\nexport interface ISTSResourceManagerOptions {\n\ttimeout: number\n asendpoint: string;\n\tagentOptions?: {\n\t\tkeepAlive: boolean\n\t\tmaxSockets: number\n\t\tmaxTotalSockets: number\n\t\tmaxFreeSockets: number\n timeout: number\n\t\trejectUnauthorized: boolean\n\t}\n}\n\nexport interface ISTSAuthPayload {\n\tsessionId: string,\n\tid_token: string,\n\tconsentRequired: string[],\n\tremainingAdminConsentRequired: string[],\n\tremainingUserConsentRequired: string[],\n\tauthorizationCode?: string\n\tscope: string\n\tclientName: string\n}\n\nexport interface ISTSLogoutPayload {\n\tsessionId: string\n}\n\nexport interface ISTSConsent {\n consent: string[]\n}\n\nexport interface ISTSTokenPayload {\n access_token: string,\n token_type: \"Bearer\",\n expires_in: number,\n refresh_token: string,\n id_token: string,\n scope?: string\n}\n\nexport interface ISTSSessionResource { \n sessionId: string\n sessionState: string\n id_token: string\n consentCurrent: string[]\n consentRequired: string[]\n remainingAdminConsentRequired: string[]\n remainingUserConsentRequired: string[]\n consentNonce?: string\n audience: string\n permissions: string\n subject: string\n authorizationCode: string\n authorizationCodeState: string\n userId: string\n\n // Client query paramaters (mandatory)\n client_id: string\n response_type: string\n redirect_uri: string\n scope: string // Microsoft uses '+' instead of ' ' to seperate scopes - update the string if we have '+' characters\n state: string\n\n code_challenge?: string\n code_challenge_method?: string\n nonce?: string\n response_mode?: string\n\n tokenPayload?: ISTSTokenPayload\n}\n\nexport interface ISTSLoginQueryParams {\n email: string\n password: string\n [OAuth2ParameterType.CLIENT_ID]: string\n nonce: string\n [OAuth2ParameterType.RESPONSE_TYPE]: string\n [OAuth2ParameterType.REDIRECT_URI]: string\n [OAuth2ParameterType.RESPONSE_MODE]: string\n [OAuth2ParameterType.SCOPE]: string\n [OAuth2ParameterType.STATE]: string\n code_challenge: string\n code_challenge_method: string\n}\n\nexport interface ISTSUser {\n id: string\n name: string\n email: string\n hash: string\n roles: string[]\n}\n\nexport interface ISTSAuthorizationCodeResource {\n sessionId: string\n}\n\nexport interface ISTSClaims {\n iss: string, // issuer - server that issues the tokens\n sub: string, // subject - normally the resource (e.g. https://stsmda.com.au/myresource01/) or the user (for id_token)\n //aud: audience, // audience (normally the API) (e.g. https://stsmda.com.au/myresource01api/)\n exp: number, // expires\n iat: number, // issues at\n // OIDC claims\n [OIDCStandardClaim.NAME]: string\n [OIDCStandardClaim.EMAIL]: string,\n // STS Custom claims\n sts_user_id: string\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n sts_user_roles: any\n //alg: 'RS256'\n [OIDCStandardClaim.NONCE]?: string\n}\n\nexport interface ISTSResourceEx<T> {\n status: StatusCodes;\n error?: string;\n sourceError?: Error;\n detail?: T;\n}\n\nexport interface ISTSError {\n status: StatusCodes;\n error: string;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n detail: any;\n}\n\nexport const iss = `https://stscore.stsmda.org/oauth2/v2.0`;\n\nexport const STSAuthClientErrorCode = Object.freeze({\n STS_AC_MISSING_PERMISSION: {\n code: 'STS_AFC0001',\n description: 'STS_AC_0001: Missing Permission(s).'\n },\n});\n","// Generated file. Do not edit\nexport var StatusCodes;\n(function (StatusCodes) {\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.1\n *\n * This interim response indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.\n */\n StatusCodes[StatusCodes[\"CONTINUE\"] = 100] = \"CONTINUE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.2\n *\n * This code is sent in response to an Upgrade request header by the client, and indicates the protocol the server is switching too.\n */\n StatusCodes[StatusCodes[\"SWITCHING_PROTOCOLS\"] = 101] = \"SWITCHING_PROTOCOLS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.1\n *\n * This code indicates that the server has received and is processing the request, but no response is available yet.\n */\n StatusCodes[StatusCodes[\"PROCESSING\"] = 102] = \"PROCESSING\";\n /**\n * Official Documentation @ https://www.rfc-editor.org/rfc/rfc8297#page-3\n *\n * This code indicates to the client that the server is likely to send a final response with the header fields included in the informational response.\n */\n StatusCodes[StatusCodes[\"EARLY_HINTS\"] = 103] = \"EARLY_HINTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.1\n *\n * The request has succeeded. The meaning of a success varies depending on the HTTP method:\n * GET: The resource has been fetched and is transmitted in the message body.\n * HEAD: The entity headers are in the message body.\n * POST: The resource describing the result of the action is transmitted in the message body.\n * TRACE: The message body contains the request message as received by the server\n */\n StatusCodes[StatusCodes[\"OK\"] = 200] = \"OK\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.2\n *\n * The request has succeeded and a new resource has been created as a result of it. This is typically the response sent after a PUT request.\n */\n StatusCodes[StatusCodes[\"CREATED\"] = 201] = \"CREATED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.3\n *\n * The request has been received but not yet acted upon. It is non-committal, meaning that there is no way in HTTP to later send an asynchronous response indicating the outcome of processing the request. It is intended for cases where another process or server handles the request, or for batch processing.\n */\n StatusCodes[StatusCodes[\"ACCEPTED\"] = 202] = \"ACCEPTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.4\n *\n * This response code means returned meta-information set is not exact set as available from the origin server, but collected from a local or a third party copy. Except this condition, 200 OK response should be preferred instead of this response.\n */\n StatusCodes[StatusCodes[\"NON_AUTHORITATIVE_INFORMATION\"] = 203] = \"NON_AUTHORITATIVE_INFORMATION\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.5\n *\n * There is no content to send for this request, but the headers may be useful. The user-agent may update its cached headers for this resource with the new ones.\n */\n StatusCodes[StatusCodes[\"NO_CONTENT\"] = 204] = \"NO_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.6\n *\n * This response code is sent after accomplishing request to tell user agent reset document view which sent this request.\n */\n StatusCodes[StatusCodes[\"RESET_CONTENT\"] = 205] = \"RESET_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.1\n *\n * This response code is used because of range header sent by the client to separate download into multiple streams.\n */\n StatusCodes[StatusCodes[\"PARTIAL_CONTENT\"] = 206] = \"PARTIAL_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.2\n *\n * A Multi-Status response conveys information about multiple resources in situations where multiple status codes might be appropriate.\n */\n StatusCodes[StatusCodes[\"MULTI_STATUS\"] = 207] = \"MULTI_STATUS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.1\n *\n * The request has more than one possible responses. User-agent or user should choose one of them. There is no standardized way to choose one of the responses.\n */\n StatusCodes[StatusCodes[\"MULTIPLE_CHOICES\"] = 300] = \"MULTIPLE_CHOICES\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.2\n *\n * This response code means that URI of requested resource has been changed. Probably, new URI would be given in the response.\n */\n StatusCodes[StatusCodes[\"MOVED_PERMANENTLY\"] = 301] = \"MOVED_PERMANENTLY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.3\n *\n * This response code means that URI of requested resource has been changed temporarily. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.\n */\n StatusCodes[StatusCodes[\"MOVED_TEMPORARILY\"] = 302] = \"MOVED_TEMPORARILY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.4\n *\n * Server sent this response to directing client to get requested resource to another URI with an GET request.\n */\n StatusCodes[StatusCodes[\"SEE_OTHER\"] = 303] = \"SEE_OTHER\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.1\n *\n * This is used for caching purposes. It is telling to client that response has not been modified. So, client can continue to use same cached version of response.\n */\n StatusCodes[StatusCodes[\"NOT_MODIFIED\"] = 304] = \"NOT_MODIFIED\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.6\n *\n * Was defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.\n */\n StatusCodes[StatusCodes[\"USE_PROXY\"] = 305] = \"USE_PROXY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.7\n *\n * Server sent this response to directing client to get requested resource to another URI with same method that used prior request. This has the same semantic than the 302 Found HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"TEMPORARY_REDIRECT\"] = 307] = \"TEMPORARY_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7538#section-3\n *\n * This means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"PERMANENT_REDIRECT\"] = 308] = \"PERMANENT_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.1\n *\n * This response means that server could not understand the request due to invalid syntax.\n */\n StatusCodes[StatusCodes[\"BAD_REQUEST\"] = 400] = \"BAD_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.1\n *\n * Although the HTTP standard specifies \"unauthorized\", semantically this response means \"unauthenticated\". That is, the client must authenticate itself to get the requested response.\n */\n StatusCodes[StatusCodes[\"UNAUTHORIZED\"] = 401] = \"UNAUTHORIZED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.2\n *\n * This response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems however this is not used currently.\n */\n StatusCodes[StatusCodes[\"PAYMENT_REQUIRED\"] = 402] = \"PAYMENT_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.3\n *\n * The client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client's identity is known to the server.\n */\n StatusCodes[StatusCodes[\"FORBIDDEN\"] = 403] = \"FORBIDDEN\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.4\n *\n * The server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web.\n */\n StatusCodes[StatusCodes[\"NOT_FOUND\"] = 404] = \"NOT_FOUND\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.5\n *\n * The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code.\n */\n StatusCodes[StatusCodes[\"METHOD_NOT_ALLOWED\"] = 405] = \"METHOD_NOT_ALLOWED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.6\n *\n * This response is sent when the web server, after performing server-driven content negotiation, doesn't find any content following the criteria given by the user agent.\n */\n StatusCodes[StatusCodes[\"NOT_ACCEPTABLE\"] = 406] = \"NOT_ACCEPTABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.2\n *\n * This is similar to 401 but authentication is needed to be done by a proxy.\n */\n StatusCodes[StatusCodes[\"PROXY_AUTHENTICATION_REQUIRED\"] = 407] = \"PROXY_AUTHENTICATION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.7\n *\n * This response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.\n */\n StatusCodes[StatusCodes[\"REQUEST_TIMEOUT\"] = 408] = \"REQUEST_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.8\n *\n * This response is sent when a request conflicts with the current state of the server.\n */\n StatusCodes[StatusCodes[\"CONFLICT\"] = 409] = \"CONFLICT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.9\n *\n * This response would be sent when the requested content has been permenantly deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for \"limited-time, promotional services\". APIs should not feel compelled to indicate resources that have been deleted with this status code.\n */\n StatusCodes[StatusCodes[\"GONE\"] = 410] = \"GONE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.10\n *\n * The server rejected the request because the Content-Length header field is not defined and the server requires it.\n */\n StatusCodes[StatusCodes[\"LENGTH_REQUIRED\"] = 411] = \"LENGTH_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.2\n *\n * The client has indicated preconditions in its headers which the server does not meet.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_FAILED\"] = 412] = \"PRECONDITION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.11\n *\n * Request entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field.\n */\n StatusCodes[StatusCodes[\"REQUEST_TOO_LONG\"] = 413] = \"REQUEST_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.12\n *\n * The URI requested by the client is longer than the server is willing to interpret.\n */\n StatusCodes[StatusCodes[\"REQUEST_URI_TOO_LONG\"] = 414] = \"REQUEST_URI_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.13\n *\n * The media format of the requested data is not supported by the server, so the server is rejecting the request.\n */\n StatusCodes[StatusCodes[\"UNSUPPORTED_MEDIA_TYPE\"] = 415] = \"UNSUPPORTED_MEDIA_TYPE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.4\n *\n * The range specified by the Range header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.\n */\n StatusCodes[StatusCodes[\"REQUESTED_RANGE_NOT_SATISFIABLE\"] = 416] = \"REQUESTED_RANGE_NOT_SATISFIABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.14\n *\n * This response code means the expectation indicated by the Expect request header field can't be met by the server.\n */\n StatusCodes[StatusCodes[\"EXPECTATION_FAILED\"] = 417] = \"EXPECTATION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2324#section-2.3.2\n *\n * Any attempt to brew coffee with a teapot should result in the error code \"418 I'm a teapot\". The resulting entity body MAY be short and stout.\n */\n StatusCodes[StatusCodes[\"IM_A_TEAPOT\"] = 418] = \"IM_A_TEAPOT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The 507 (Insufficient Storage) status code means the method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. This condition is considered to be temporary. If the request which received this status code was the result of a user action, the request MUST NOT be repeated until it is requested by a separate user action.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_SPACE_ON_RESOURCE\"] = 419] = \"INSUFFICIENT_SPACE_ON_RESOURCE\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-webdav-protocol-06.txt\n *\n * A deprecated response used by the Spring Framework when a method has failed.\n */\n StatusCodes[StatusCodes[\"METHOD_FAILURE\"] = 420] = \"METHOD_FAILURE\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7540#section-9.1.2\n *\n * Defined in the specification of HTTP/2 to indicate that a server is not able to produce a response for the combination of scheme and authority that are included in the request URI.\n */\n StatusCodes[StatusCodes[\"MISDIRECTED_REQUEST\"] = 421] = \"MISDIRECTED_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.3\n *\n * The request was well-formed but was unable to be followed due to semantic errors.\n */\n StatusCodes[StatusCodes[\"UNPROCESSABLE_ENTITY\"] = 422] = \"UNPROCESSABLE_ENTITY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.4\n *\n * The resource that is being accessed is locked.\n */\n StatusCodes[StatusCodes[\"LOCKED\"] = 423] = \"LOCKED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.5\n *\n * The request failed due to failure of a previous request.\n */\n StatusCodes[StatusCodes[\"FAILED_DEPENDENCY\"] = 424] = \"FAILED_DEPENDENCY\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.15\n *\n * The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol.\n */\n StatusCodes[StatusCodes[\"UPGRADE_REQUIRED\"] = 426] = \"UPGRADE_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-3\n *\n * The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_REQUIRED\"] = 428] = \"PRECONDITION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-4\n *\n * The user has sent too many requests in a given amount of time (\"rate limiting\").\n */\n StatusCodes[StatusCodes[\"TOO_MANY_REQUESTS\"] = 429] = \"TOO_MANY_REQUESTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-5\n *\n * The server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.\n */\n StatusCodes[StatusCodes[\"REQUEST_HEADER_FIELDS_TOO_LARGE\"] = 431] = \"REQUEST_HEADER_FIELDS_TOO_LARGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7725\n *\n * The user-agent requested a resource that cannot legally be provided, such as a web page censored by a government.\n */\n StatusCodes[StatusCodes[\"UNAVAILABLE_FOR_LEGAL_REASONS\"] = 451] = \"UNAVAILABLE_FOR_LEGAL_REASONS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.1\n *\n * The server encountered an unexpected condition that prevented it from fulfilling the request.\n */\n StatusCodes[StatusCodes[\"INTERNAL_SERVER_ERROR\"] = 500] = \"INTERNAL_SERVER_ERROR\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.2\n *\n * The request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD.\n */\n StatusCodes[StatusCodes[\"NOT_IMPLEMENTED\"] = 501] = \"NOT_IMPLEMENTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.3\n *\n * This error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.\n */\n StatusCodes[StatusCodes[\"BAD_GATEWAY\"] = 502] = \"BAD_GATEWAY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.4\n *\n * The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the Retry-After: HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.\n */\n StatusCodes[StatusCodes[\"SERVICE_UNAVAILABLE\"] = 503] = \"SERVICE_UNAVAILABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.5\n *\n * This error response is given when the server is acting as a gateway and cannot get a response in time.\n */\n StatusCodes[StatusCodes[\"GATEWAY_TIMEOUT\"] = 504] = \"GATEWAY_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.6\n *\n * The HTTP version used in the request is not supported by the server.\n */\n StatusCodes[StatusCodes[\"HTTP_VERSION_NOT_SUPPORTED\"] = 505] = \"HTTP_VERSION_NOT_SUPPORTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_STORAGE\"] = 507] = \"INSUFFICIENT_STORAGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-6\n *\n * The 511 status code indicates that the client needs to authenticate to gain network access.\n */\n StatusCodes[StatusCodes[\"NETWORK_AUTHENTICATION_REQUIRED\"] = 511] = \"NETWORK_AUTHENTICATION_REQUIRED\";\n})(StatusCodes || (StatusCodes = {}));\n","// Only Node.JS has a process variable that is of [[Class]] process\nexport default Object.prototype.toString.call(typeof process !== 'undefined' ? process : 0) === '[object process]';\n","import isNode from 'detect-node'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { ISTSLogger, JSONObject } from '@nsshunt/stsutils';\n\nimport { ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { AgentManager, STSAxiosConfig } from '@nsshunt/stsconfig';\n\nexport abstract class ResourceManager {\n #options: ISTSResourceManagerOptions;\n #logger: ISTSLogger;\n #agentManager: AgentManager | null = null;\n\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n this.#options = options;\n this.#logger = logger;\n\t\t\n this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);\n\n if (isNode) {\n if (this.#options.agentOptions) {\n this.#agentManager = new AgentManager({\n agentOptions: this.#options.agentOptions\n });\n } else {\n this.#agentManager = new AgentManager({});\n }\n }\n }\n\n get agentManager(): AgentManager | null {\n return this.#agentManager;\n }\n\n get options(): ISTSResourceManagerOptions {\n return this.#options;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogInfoMessage(message: any) {\n this.#logger.info(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogErrorMessage(message: any) {\n this.#logger.error(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n GetErrorMessage = (status: StatusCodes, error: string, detail: any): ISTSError => {\n return {\n status,\n error,\n detail\n };\n }\n\n GetHeaders = (access_token: string | null): JSONObject => {\n const headers: JSONObject = { \n 'Content-Type': 'application/json'\n }\n if (access_token) {\n headers['Authorization'] = `Bearer ${access_token}`;\n }\n return headers;\n }\n\n GetResult = async <T>(accessToken: string | null, url: string, method: string, requestData: JSONObject | null, errorCb: (error: ISTSError) => void): Promise<T | null> => {\n const axiosConfig = new STSAxiosConfig(url, method, this.GetHeaders(accessToken as string), this.options.timeout);\n if (this.#agentManager) {\n axiosConfig.withAgentManager(this.#agentManager)\n }\n if (requestData !== null) {\n axiosConfig.withData(requestData)\n }\n\n const data = await axios(axiosConfig as AxiosRequestConfig); // The snapshot is not actually required here but after the await. I put it here by way of example only.\n // The reason is that when await is called, the node event loop will continue to process all remaining queued operations.\n // One of those operations or any operation executed prior to the axios call completing might update the config. So we need to use the\n // snapshot copy of the config made above.\n if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {\n const sessionDataRaw = data.data.detail;\n if (sessionDataRaw) {\n try {\n const sessionData = JSON.parse(sessionDataRaw) as T;\n return sessionData;\n } catch (error) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): Could not parse session data.', error));\n return null;\n }\n } else {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): No session data returned.', null));\n return null;\n }\n } else {\n const { status, error, detail } = data.data;\n errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));\n return null;\n }\n }\n}\n","import { StatusCodes } from 'http-status-codes';\n\nimport { ISTSLogger } from '@nsshunt/stsutils';\n\nimport { ISTSSessionResource, ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { ResourceManager } from './resourceManager'\n\nexport class SessionManager extends ResourceManager {\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n super(options, logger);\n }\n\n GetSession = async (access_token: string, sessionId: string, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, 'get', null, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n\n PatchSession = async (access_token: string, session: Partial<ISTSSessionResource>, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n if (!session.sessionId) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetSession(): sessionId not provided.', null));\n return null;\n }\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, 'patch', session, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n}\n","import tough from 'tough-cookie';\nimport jwt from 'jsonwebtoken';\nimport { jwtDecode } from \"jwt-decode\";\nimport jwksClient from 'jwks-rsa';\n\nimport axios from 'axios';\n\nimport { goptions, AgentManager, STSAxiosConfig } from '@nsshunt/stsconfig'\n\nimport { GetErrorPayload, ISTSLogger, JSONObject } from '@nsshunt/stsutils'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport chalk from 'chalk';\n\nimport { Gauge, PublishInstrumentController } from '@nsshunt/stsobservability'\n\nimport { iss, STSAuthClientErrorCode } from './commonTypes'\n\nexport interface IAuthUtilsNodeOptions {\n permissions: string[]\n}\n\nexport interface IGetAPITokenFromAuthServerUsingScopeOptions {\n clientId: string\n authClientSecret: string\n scope: string\n endPoint: string\n instrumentController?: PublishInstrumentController\n outputErrorsToConsole?: boolean\n}\n\ndeclare interface ICacheScopeRecord {\n scope: string\n timeout: NodeJS.Timeout\n}\n\ndeclare interface ICacheRecord {\n scopes: Record<string, ICacheScopeRecord>\n}\n\nexport class AuthUtilsNode\n{\n #cache: Record<string, ICacheRecord> = { };\n #cacheTimeout: number = 1000;\n #logger: ISTSLogger\n #cookiejar: tough.CookieJar;\n // Regular expression to match the origin\n #originRegex = /^(api:\\/\\/\\w+)/;\n #agentManager: AgentManager = new AgentManager({});\n\n constructor(logger: ISTSLogger) {\n this.#logger = logger;\n this.#cookiejar = new tough.CookieJar();\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n #LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n get agentManager(): AgentManager {\n return this.#agentManager;\n }\n\n ResetAgent = () => {\n this.#agentManager.ResetAgent();\n }\n\n VerifyRequestMiddlewareFactory = (options: IAuthUtilsNodeOptions) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n return async (req: any, res: any, next: any) => {\n if (options.permissions) {\n\n const permissionsKey = options.permissions.join('_');\n const scopeKey = (req.auth.scope as string).split(' ').join('_');\n\n if (this.#cache[permissionsKey] && this.#cache[permissionsKey].scopes[scopeKey]) {\n next();\n return;\n }\n\n const scopes = req.auth.scope.split(' ');\n\n const requiredPermissions = [ ];\n for (let i=0; i < options.permissions.length; i++) {\n const permission = options.permissions[i];\n if (!scopes.includes(permission)) {\n requiredPermissions.push(permission);\n }\n }\n if (requiredPermissions.length > 0) {\n const errorPayload = GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);\n res.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: errorPayload });\n return;\n }\n\n if (!this.#cache[permissionsKey]) {\n this.#cache[permissionsKey] = {\n scopes: { }\n }\n }\n\n this.#cache[permissionsKey].scopes[scopeKey] = {\n scope: scopeKey,\n timeout: setTimeout(() => {\n delete this.#cache[permissionsKey].scopes[scopeKey]\n }, this.#cacheTimeout).unref()\n }\n }\n next();\n }\n }\n /*\n\tlet cookies = await this.GetCookiesFromJar();\n\tconst valid = this.#ValidateCookies(cookies);\n\tif (valid) {\n\t\tnext();\n\t} else {\n\t\tconst error = { }; //@@\n\t\tconst invalidToken = false; //@@\n\t\tif (invalidToken)\n\t\t{\n\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t} else{\n\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t}\n\t}\n\t*/\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async verifyRequestMiddleware(req: any, res: any, next: any)\n {\n next();\n /*\n\t\t\n\t\tlet cookies = await this.GetCookiesFromJar();\n\n\t\tconst valid = this.#ValidateCookies(cookies);\n\n\t\tif (valid) {\n\t\t\tnext();\n\t\t} else {\n\t\t\tconst error = { }; //@@\n\t\t\tconst invalidToken = false; //@@\n\t\t\tif (invalidToken)\n\t\t\t{\n\t\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t\t} else{\n\t\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t\t}\n\t\t}\n\t\t*/\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n SetCookiesToJar = async (headers: Record<string, any>, endpoint: string): Promise<tough.Cookie[]> =>\n {\n if (headers['set-cookie']) {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n headers['set-cookie'].map((headerCookie: any) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headerCookie);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n });\n } else {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headers['set-cookie']);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n }\n\n return this.#cookiejar.getCookies(endpoint);\n };\n\n GetCookiesFromJar = async (endpoint: string): Promise<tough.Cookie[]> =>\n {\n return this.#cookiejar.getCookies(endpoint);\n };\n\n ValidateJWT = async (token: string, audience: string, endpoint?: string): Promise<string> => {\n const jwksClientUri = (endpoint \n ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` \n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`);\n\n const jwks = jwksClient({\n cache: true, //@@ all config items\n cacheMaxEntries: 5, // Default value\n cacheMaxAge: 600000, // Defaults to 10m\n rateLimit: true,\n jwksRequestsPerMinute: 10, // Default value\n jwksUri: jwksClientUri,\n timeout: 30000, //@@ config\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n requestAgent: this.#agentManager.GetAgent(jwksClientUri) as any\n });\n\n // Use decode to get the kid\n const decodedRefreshToken = jwtDecode<JSONObject>(token, { header: true });\n const kid = decodedRefreshToken.kid;\n\n const key = await jwks.getSigningKey(kid);\n const signingKey = key.getPublicKey();\n\t\t\n const verifyOptions = {\n issuer: iss,\n //subject: s,\n audience: audience,\n //expiresIn: 600, // 10 minutes\n algorithm: [\"RS256\"] // RSASSA [ \"RS256\", \"RS384\", \"RS512\" ]\n };\n\n return jwt.verify(token, signingKey, verifyOptions) as string;\n }\n\n // Function to extract the origin from a URI\n ExtractOrigin = (uri: string) => {\n const match = uri.match(this.#originRegex);\n return match ? match[1] : null;\n }\n\n GetAPITokenFromAuthServerUsingScope = async (options: IGetAPITokenFromAuthServerUsingScopeOptions, errorCb: (error: Error) => void): Promise<string> => {\n const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;\n\n let stage = '1';\n\n const invokeErrorCb = (error: Error) => {\n this.#LogDebugMessage(error);\n if (instrumentController) {\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, { // auth error\n Inc: 1\n });\n }\n errorCb(error);\n };\n\n try {\n stage = '2';\n const scopes = scope.split(' ');\n let origin: string | null = null;\n let error: Error | null = null;\n stage = '3';\n for (let i=0; i < scopes.length; i++) {\n const s = scopes[i];\n if (!origin) {\n origin = this.ExtractOrigin(s);\n if (!origin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n }\n } else {\n const nextOrigin: string | null = this.ExtractOrigin(s);\n if (!nextOrigin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n } else {\n if (origin.localeCompare(nextOrigin) !== 0) {\n error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);\n break;\n }\n }\n }\n }\n stage = '4';\n if (error) {\n invokeErrorCb(error);\n return \"\";\n }\n\n stage = '5';\n const headers = { 'Content-Type': 'application/json'};\n const payload = { //@@ make a type\n client_id: clientId, // The service calling this method\n client_secret: authClientSecret, // Auth service client secret\n //client_secret: goptions.brokerclientsecret, // Broker service client secret\n scope: scope, // required API\n //@@ remove audience\n //@@ need scope to be the API identifier\n grant_type: \"client_credentials\"\n }\n stage = '6';\n const url = (endPoint \n ? `${endPoint}${goptions.asoauthapiroot}/token`\n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`);\n\n stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`\n\n const retVal = await axios(new STSAxiosConfig(url, 'post', headers).withData(payload).withAgentManager(this.#agentManager).config);\n\n stage = '7';\n if (retVal.status) {\n if (retVal.status !== 200) {\n // Just provide a warning here\n this.#LogDebugMessage(chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));\n }\n } else {\n invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));\n return \"\";\n }\n stage = '8';\n if (retVal.data) {\n stage = '9';\n if (retVal.data.access_token) {\n stage = '10';\n if (instrumentController) {\n stage = '11';\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {\n Inc: 1\n });\n }\n \n stage = '12';\n return retVal.data.access_token as string;\n } else {\n stage = '13';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));\n return \"\";\n }\n } else {\n stage = '14';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));\n return \"\";\n }\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n if (outputErrorsToConsole === true) {\n console.error(error);\n }\n let details = 'None available.';\n if (error.response && error.response.data) {\n try {\n details = JSON.stringify(error.response.data);\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n } catch (error) {\n details = `Could not JSON.stringify(error.response.data)`;\n }\n }\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));\n return \"\";\n }\n }\n}\n"],"names":["StatusCodes","_logger","_agentManager","error"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAqIO,MAAM,MAAM;AAEN,MAAA,yBAAyB,OAAO,OAAO;AAAA,EAChD,2BAA2B;AAAA,IACvB,MAAM;AAAA,IACN,aAAa;AAAA,EACjB;AACJ,CAAC;AC3IM,IAAI;AAAA,CACV,SAAUA,cAAa;AAMpB,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAUhD,EAAAA,aAAYA,aAAY,IAAI,IAAI,GAAG,IAAI;AAMvC,EAAAA,aAAYA,aAAY,SAAS,IAAI,GAAG,IAAI;AAM5C,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,EAAAA,aAAYA,aAAY,eAAe,IAAI,GAAG,IAAI;AAMlD,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAOjD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,EAAAA,aAAYA,aAAY,MAAM,IAAI,GAAG,IAAI;AAMzC,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,wBAAwB,IAAI,GAAG,IAAI;AAM3D,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,EAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,gCAAgC,IAAI,GAAG,IAAI;AAOnE,EAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,QAAQ,IAAI,GAAG,IAAI;AAM3C,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,EAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,EAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,EAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,EAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,EAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,EAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,EAAAA,aAAYA,aAAY,4BAA4B,IAAI,GAAG,IAAI;AAM/D,EAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,EAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AACxE,GAAG,gBAAgB,cAAc,CAAA,EAAG;ACpWpC,MAAA,SAAe,OAAO,UAAU,SAAS,KAAK,OAAO,YAAY,cAAc,UAAU,CAAC,MAAM;ACWzF,MAAe,gBAAgB;AAAA,EAKlC,YAAY,SAAqC,QAAoB;AAJrE;AACA;AACA,sCAAqC;AA2CrC;AAAA,2CAAkB,CAAC,QAAqB,OAAe,WAA2B;AACvE,aAAA;AAAA,QACH;AAAA,QACA;AAAA,QACA;AAAA,MAAA;AAAA,IACJ;AAGJ,sCAAa,CAAC,iBAA4C;AACtD,YAAM,UAAsB;AAAA,QACxB,gBAAgB;AAAA,MAAA;AAEpB,UAAI,cAAc;AACN,gBAAA,eAAe,IAAI,UAAU,YAAY;AAAA,MACrD;AACO,aAAA;AAAA,IAAA;AAGX,qCAAY,OAAU,aAA4B,KAAa,QAAgB,aAAgC,YAA2D;AAChK,YAAA,cAAc,IAAI,eAAe,KAAK,QAAQ,KAAK,WAAW,WAAqB,GAAG,KAAK,QAAQ,OAAO;AAChH,UAAI,mBAAK,gBAAe;AACR,oBAAA,iBAAiB,mBAAK,cAAa;AAAA,MACnD;AACA,UAAI,gBAAgB,MAAM;AACtB,oBAAY,SAAS,WAAW;AAAA,MACpC;AAEM,YAAA,OAAO,MAAM,MAAM,WAAiC;AAItD,UAAA,KAAK,KAAK,WAAW,YAAY,MAAM,KAAK,KAAK,WAAW,YAAY,SAAS;AAC3E,cAAA,iBAAiB,KAAK,KAAK;AACjC,YAAI,gBAAgB;AACZ,cAAA;AACM,kBAAA,cAAc,KAAK,MAAM,cAAc;AACtC,mBAAA;AAAA,mBACD,OAAO;AACb,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,6DAA6D,KAAK,CAAC;AAC5H,mBAAA;AAAA,UACX;AAAA,QAAA,OACG;AACH,kBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,yDAAyD,IAAI,CAAC;AACvH,iBAAA;AAAA,QACX;AAAA,MAAA,OACG;AACH,cAAM,EAAE,QAAQ,OAAO,OAAA,IAAW,KAAK;AACvC,gBAAQ,KAAK,gBAAgB,QAAQ,sDAAsD,KAAK,KAAK,MAAM,CAAC;AACrG,eAAA;AAAA,MACX;AAAA,IAAA;AAzFA,uBAAK,UAAW;AAChB,uBAAK,SAAW;AAEhB,SAAK,gBAAgB,0CAA0C,KAAK,UAAU,mBAAK,SAAQ,CAAC,GAAG;AAE/F,QAAI,QAAQ;AACJ,UAAA,mBAAK,UAAS,cAAc;AACvB,2BAAA,eAAgB,IAAI,aAAa;AAAA,UAClC,cAAc,mBAAK,UAAS;AAAA,QAAA,CAC/B;AAAA,MAAA,OACE;AACH,2BAAK,eAAgB,IAAI,aAAa,CAAE,CAAA;AAAA,MAC5C;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,IAAI,eAAoC;AACpC,WAAO,mBAAK;AAAA,EAChB;AAAA,EAEA,IAAI,UAAsC;AACtC,WAAO,mBAAK;AAAA,EAChB;AAAA;AAAA,EAGA,gBAAgB,SAAc;AACrB,uBAAA,SAAQ,MAAM,OAAO;AAAA,EAC9B;AAAA;AAAA,EAGA,eAAe,SAAc;AACpB,uBAAA,SAAQ,KAAK,OAAO;AAAA,EAC7B;AAAA;AAAA,EAGA,gBAAgB,SAAc;AACrB,uBAAA,SAAQ,MAAM,OAAO;AAAA,EAC9B;AAsDJ;AAhGI;AACA;AACA;ACPG,MAAM,uBAAuB,gBAAgB;AAAA,EAChD,YAAY,SAAqC,QAAoB;AACjE,UAAM,SAAS,MAAM;AAGzB,sCAAa,OAAO,cAAsB,WAAmB,YAA6E;AAClI,UAAA;AACA,eAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,SAAS,CAAC,IAAI,OAAO,MAAM,OAAO;AAAA,eAE/I,OAAY;AACT,gBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,eAAA;AAAA,MACX;AAAA,IAAA;AAGJ,wCAAe,OAAO,cAAsB,SAAuC,YAA6E;AACxJ,UAAA;AACI,YAAA,CAAC,QAAQ,WAAW;AACpB,kBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,wDAAwD,IAAI,CAAC;AACtH,iBAAA;AAAA,QACX;AACA,eAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,QAAQ,SAAS,CAAC,IAAI,SAAS,SAAS,OAAO;AAAA,eAE5J,OAAY;AACT,gBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,eAAA;AAAA,MACX;AAAA,IAAA;AAAA,EAvBJ;AAyBJ;ACKO,MAAM,cACb;AAAA,EASI,YAAY,QAAoB;AAV7B;AAEH,+BAAuC,CAAA;AACvC,sCAAwB;AACxB,uBAAAC;AACA;AAEA;AAAA,qCAAe;AACf,uBAAAC,gBAA8B,IAAI,aAAa,CAAA,CAAE;AAgBjD,sCAAa,MAAM;AACf,yBAAKA,gBAAc;IAAW;AAGlC,0DAAiC,CAAC,YAAmC;AAE1D,aAAA,OAAO,KAAU,KAAU,SAAc;AAC5C,YAAI,QAAQ,aAAa;AAErB,gBAAM,iBAAiB,QAAQ,YAAY,KAAK,GAAG;AAC7C,gBAAA,WAAY,IAAI,KAAK,MAAiB,MAAM,GAAG,EAAE,KAAK,GAAG;AAE3D,cAAA,mBAAK,QAAO,cAAc,KAAK,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,GAAG;AACxE;AACL;AAAA,UACJ;AAEA,gBAAM,SAAS,IAAI,KAAK,MAAM,MAAM,GAAG;AAEvC,gBAAM,sBAAsB,CAAA;AAC5B,mBAAS,IAAE,GAAG,IAAI,QAAQ,YAAY,QAAQ,KAAK;AACzC,kBAAA,aAAa,QAAQ,YAAY,CAAC;AACxC,gBAAI,CAAC,OAAO,SAAS,UAAU,GAAG;AAC9B,kCAAoB,KAAK,UAAU;AAAA,YACvC;AAAA,UACJ;AACI,cAAA,oBAAoB,SAAS,GAAG;AAChC,kBAAM,eAAe,gBAAgB,uBAAuB,2BAA2B,mBAAmB;AACtG,gBAAA,OAAO,YAAY,YAAY,EAAE,KAAM,EAAE,QAAQ,YAAY,cAAc,OAAO,aAAc,CAAA;AACpG;AAAA,UACJ;AAEA,cAAI,CAAC,mBAAK,QAAO,cAAc,GAAG;AACzB,+BAAA,QAAO,cAAc,IAAI;AAAA,cAC1B,QAAQ,CAAE;AAAA,YAAA;AAAA,UAElB;AAEA,6BAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,IAAI;AAAA,YAC3C,OAAO;AAAA,YACP,SAAS,WAAW,MAAM;AACtB,qBAAO,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ;AAAA,YAAA,GACnD,mBAAK,cAAa,EAAE,MAAM;AAAA,UAAA;AAAA,QAErC;AACK;MAAA;AAAA,IACT;AA6CJ;AAAA,2CAAkB,OAAO,SAA8B,aACvD;AACQ,UAAA,QAAQ,YAAY,GAAG;AAEvB,gBAAQ,YAAY,EAAE,IAAI,CAAC,iBAAsB;AAE7C,gBAAM,SAAc,MAAM,OAAO,MAAM,YAAY;AAC9C,6BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,QAAA,CACjD;AAAA,MAAA,OACE;AAEH,cAAM,SAAc,MAAM,OAAO,MAAM,QAAQ,YAAY,CAAC;AACvD,2BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,MAClD;AAEO,aAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,IAAA;AAG9C,6CAAoB,OAAO,aAC3B;AACW,aAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,IAAA;AAG9C,uCAAc,OAAO,OAAe,UAAkB,aAAuC;AACnF,YAAA,gBAAiB,WACjB,GAAG,QAAQ,GAAG,SAAS,cAAc,GAAG,SAAS,cAAc,KAC/D,GAAG,SAAS,UAAU,IAAI,SAAS,MAAM,GAAG,SAAS,cAAc,GAAG,SAAS,cAAc;AAEnG,YAAM,OAAO,WAAW;AAAA,QACpB,OAAO;AAAA;AAAA,QACP,iBAAiB;AAAA;AAAA,QACjB,aAAa;AAAA;AAAA,QACb,WAAW;AAAA,QACX,uBAAuB;AAAA;AAAA,QACvB,SAAS;AAAA,QACT,SAAS;AAAA;AAAA;AAAA,QAET,cAAc,mBAAKA,gBAAc,SAAS,aAAa;AAAA,MAAA,CAC1D;AAGD,YAAM,sBAAsB,UAAsB,OAAO,EAAE,QAAQ,MAAM;AACzE,YAAM,MAAM,oBAAoB;AAEhC,YAAM,MAAM,MAAM,KAAK,cAAc,GAAG;AAClC,YAAA,aAAa,IAAI;AAEvB,YAAM,gBAAgB;AAAA,QAClB,QAAQ;AAAA;AAAA,QAER;AAAA;AAAA,QAEA,WAAY,CAAC,OAAO;AAAA;AAAA,MAAA;AAGxB,aAAO,IAAI,OAAO,OAAO,YAAY,aAAa;AAAA,IAAA;AAItD;AAAA,yCAAgB,CAAC,QAAgB;AAC7B,YAAM,QAAQ,IAAI,MAAM,mBAAK,aAAY;AAClC,aAAA,QAAQ,MAAM,CAAC,IAAI;AAAA,IAAA;AAG9B,+DAAsC,OAAO,SAAsD,YAAqD;AACpJ,YAAM,EAAE,OAAO,UAAU,kBAAkB,UAAU,sBAAsB,sBAA0B,IAAA;AAErG,UAAI,QAAQ;AAEN,YAAA,gBAAgB,CAAC,UAAiB;AACpC,8BAAK,8CAAL,WAAsB;AACtB,YAAI,sBAAsB;AACD,+BAAA,iBAAiB,MAAM,kCAAkC;AAAA;AAAA,YAC1E,KAAK;AAAA,UAAA,CACR;AAAA,QACL;AACA,gBAAQ,KAAK;AAAA,MAAA;AAGb,UAAA;AACQ,gBAAA;AACF,cAAA,SAAS,MAAM,MAAM,GAAG;AAC9B,YAAI,SAAwB;AAC5B,YAAI,QAAsB;AAClB,gBAAA;AACR,iBAAS,IAAE,GAAG,IAAI,OAAO,QAAQ,KAAK;AAC5B,gBAAA,IAAI,OAAO,CAAC;AAClB,cAAI,CAAC,QAAQ;AACA,qBAAA,KAAK,cAAc,CAAC;AAC7B,gBAAI,CAAC,QAAQ;AACT,sBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,YACJ;AAAA,UAAA,OACG;AACG,kBAAA,aAA4B,KAAK,cAAc,CAAC;AACtD,gBAAI,CAAC,YAAY;AACb,sBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,YAAA,OACG;AACH,kBAAI,OAAO,cAAc,UAAU,MAAM,GAAG;AACxC,wBAAQ,IAAI,MAAM,WAAW,KAAK,oFAAoF;AACtH;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAAA,QACJ;AACQ,gBAAA;AACR,YAAI,OAAO;AACP,wBAAc,KAAK;AACZ,iBAAA;AAAA,QACX;AAEQ,gBAAA;AACF,cAAA,UAAU,EAAE,gBAAgB;AAClC,cAAM,UAAU;AAAA;AAAA,UACZ,WAAW;AAAA;AAAA,UACX,eAAe;AAAA;AAAA;AAAA,UAEf;AAAA;AAAA;AAAA;AAAA,UAGA,YAAY;AAAA,QAAA;AAER,gBAAA;AACR,cAAM,MAAO,WACP,GAAG,QAAQ,GAAG,SAAS,cAAc,WACrC,GAAG,SAAS,UAAU,IAAI,SAAS,MAAM,GAAG,SAAS,cAAc;AAEzE,gBAAQ,cAAc,GAAG,eAAe,KAAK,UAAU,OAAO,CAAC;AAE/D,cAAM,SAAS,MAAM,MAAM,IAAI,eAAe,KAAK,QAAQ,OAAO,EAAE,SAAS,OAAO,EAAE,iBAAiB,mBAAKA,eAAa,EAAE,MAAM;AAEzH,gBAAA;AACR,YAAI,OAAO,QAAQ;AACX,cAAA,OAAO,WAAW,KAAK;AAEvB,kCAAK,8CAAL,WAAsB,MAAM,QAAQ,+EAA+E,OAAO,MAAM,GAAG;AAAA,UACvI;AAAA,QAAA,OACG;AACH,wBAAc,IAAI,MAAM,MAAM,IAAI,8DAA8D,CAAC,CAAC;AAC3F,iBAAA;AAAA,QACX;AACQ,gBAAA;AACR,YAAI,OAAO,MAAM;AACL,kBAAA;AACJ,cAAA,OAAO,KAAK,cAAc;AAClB,oBAAA;AACR,gBAAI,sBAAsB;AACd,sBAAA;AACa,mCAAA,iBAAiB,MAAM,4BAA4B;AAAA,gBACpE,KAAK;AAAA,cAAA,CACR;AAAA,YACL;AAEQ,oBAAA;AACR,mBAAO,OAAO,KAAK;AAAA,UAAA,OAChB;AACK,oBAAA;AACM,0BAAA,IAAI,MAAM,yEAAyE,CAAC;AAC3F,mBAAA;AAAA,UACX;AAAA,QAAA,OACG;AACK,kBAAA;AACM,wBAAA,IAAI,MAAM,4DAA4D,CAAC;AAC9E,iBAAA;AAAA,QACX;AAAA,eAEK,OAAY;AACjB,YAAI,0BAA0B,MAAM;AAChC,kBAAQ,MAAM,KAAK;AAAA,QACvB;AACA,YAAI,UAAU;AACd,YAAI,MAAM,YAAY,MAAM,SAAS,MAAM;AACnC,cAAA;AACA,sBAAU,KAAK,UAAU,MAAM,SAAS,IAAI;AAAA,mBAEvCC,QAAO;AACF,sBAAA;AAAA,UACd;AAAA,QACJ;AACc,sBAAA,IAAI,MAAM,uDAAuD,KAAK,cAAc,KAAK,gBAAgB,OAAO,GAAG,CAAC;AAC3H,eAAA;AAAA,MACX;AAAA,IAAA;AA9RA,uBAAKF,UAAU;AACV,uBAAA,YAAa,IAAI,MAAM,UAAU;AAAA,EAC1C;AAAA,EAOA,IAAI,eAA6B;AAC7B,WAAO,mBAAKC;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoEA,MAAM,wBAAwB,KAAU,KAAU,MAClD;AACS;EAoBT;AA2LJ;AAzSI;AACA;AACAD,WAAA;AACA;AAEA;AACAC,iBAAA;AARG;AAAA;AAgBH,8BAAiB,SAAc;AACtB,qBAAAD,UAAQ,MAAM,OAAO;AAC9B;","x_google_ignoreList":[1,2]}
package/dist/stsauthclient.umd.js CHANGED
@@ -1,6 +1,6 @@
1
1
  (function(global, factory) {
2
- typeof exports === "object" && typeof module !== "undefined" ? factory(exports, require("node:https"), require("axios"), require("tough-cookie"), require("jsonwebtoken"), require("jwt-decode"), require("jwks-rsa"), require("@nsshunt/stsconfig"), require("@nsshunt/stsutils"), require("chalk"), require("@nsshunt/stsobservability")) : typeof define === "function" && define.amd ? define(["exports", "node:https", "axios", "tough-cookie", "jsonwebtoken", "jwt-decode", "jwks-rsa", "@nsshunt/stsconfig", "@nsshunt/stsutils", "chalk", "@nsshunt/stsobservability"], factory) : (global = typeof globalThis !== "undefined" ? globalThis : global || self, factory(global["@nsshunt/stsauthclient"] = {}, global.https, global.axios, global["tough-cookie"], global.jsonwebtoken, global["jwt-decode"], global["jwks-rsa"], global.stsconfig, global.stsutils, global.chalk, global.stsobservability));
3
- })(this, function(exports2, https, axios, tough, jwt, jwtDecode, jwksClient, stsconfig, stsutils, chalk, stsobservability) {
2
+ typeof exports === "object" && typeof module !== "undefined" ? factory(exports, require("axios"), require("@nsshunt/stsconfig"), require("tough-cookie"), require("jsonwebtoken"), require("jwt-decode"), require("jwks-rsa"), require("@nsshunt/stsutils"), require("chalk"), require("@nsshunt/stsobservability")) : typeof define === "function" && define.amd ? define(["exports", "axios", "@nsshunt/stsconfig", "tough-cookie", "jsonwebtoken", "jwt-decode", "jwks-rsa", "@nsshunt/stsutils", "chalk", "@nsshunt/stsobservability"], factory) : (global = typeof globalThis !== "undefined" ? globalThis : global || self, factory(global["@nsshunt/stsauthclient"] = {}, global.axios, global.stsconfig, global["tough-cookie"], global.jsonwebtoken, global["jwt-decode"], global["jwks-rsa"], global.stsutils, global.chalk, global.stsobservability));
3
+ })(this, function(exports2, axios, stsconfig, tough, jwt, jwtDecode, jwksClient, stsutils, chalk, stsobservability) {
4
4
  "use strict";var __defProp = Object.defineProperty;
5
5
  var __typeError = (msg) => {
6
6
  throw TypeError(msg);
@@ -13,7 +13,7 @@ var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot
13
13
  var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
14
14
  var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
15
15
 
16
- var _options, _httpsAgent, _logger, _axiosConfig, _accessToken, _cache, _cacheTimeout, _logger2, _cookiejar, _httpsAgent2, _originRegex, _AuthUtilsNode_instances, LogDebugMessage_fn, _GetHttpsAgent;
16
+ var _options, _logger, _agentManager, _cache, _cacheTimeout, _logger2, _cookiejar, _originRegex, _agentManager2, _AuthUtilsNode_instances, LogDebugMessage_fn;
17
17
  const iss = `https://stscore.stsmda.org/oauth2/v2.0`;
18
18
  const STSAuthClientErrorCode = Object.freeze({
19
19
  STS_AC_MISSING_PERMISSION: {
@@ -86,10 +86,8 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
86
86
  class ResourceManager {
87
87
  constructor(options, logger) {
88
88
  __privateAdd(this, _options);
89
- __privateAdd(this, _httpsAgent, null);
90
89
  __privateAdd(this, _logger);
91
- __privateAdd(this, _axiosConfig, null);
92
- __privateAdd(this, _accessToken, null);
90
+ __privateAdd(this, _agentManager, null);
93
91
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
94
92
  __publicField(this, "GetErrorMessage", (status, error, detail) => {
95
93
  return {
@@ -102,30 +100,20 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
102
100
  const headers = {
103
101
  "Content-Type": "application/json"
104
102
  };
105
- if (__privateGet(this, _accessToken)) {
103
+ if (access_token) {
106
104
  headers["Authorization"] = `Bearer ${access_token}`;
107
105
  }
108
106
  return headers;
109
107
  });
110
- // Make data be a abstract base class for resources
111
- __publicField(this, "AxiosConfig", (url, httpMethod, data) => {
112
- __privateSet(this, _axiosConfig, {
113
- url,
114
- method: httpMethod,
115
- headers: this.GetHeaders(__privateGet(this, _accessToken)),
116
- timeout: this.options.timeout
117
- });
118
- if (data) {
119
- __privateGet(this, _axiosConfig).data = data;
108
+ __publicField(this, "GetResult", async (accessToken, url, method, requestData, errorCb) => {
109
+ const axiosConfig = new stsconfig.STSAxiosConfig(url, method, this.GetHeaders(accessToken), this.options.timeout);
110
+ if (__privateGet(this, _agentManager)) {
111
+ axiosConfig.withAgentManager(__privateGet(this, _agentManager));
120
112
  }
121
- if (isNode) {
122
- __privateGet(this, _axiosConfig).httpsAgent = this.httpsAgent;
113
+ if (requestData !== null) {
114
+ axiosConfig.withData(requestData);
123
115
  }
124
- return this;
125
- });
126
- __publicField(this, "GetResult", async (errorCb) => {
127
- const axiosConfigSnapshot = __privateGet(this, _axiosConfig);
128
- const data = await axios(axiosConfigSnapshot);
116
+ const data = await axios(axiosConfig);
129
117
  if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {
130
118
  const sessionDataRaw = data.data.detail;
131
119
  if (sessionDataRaw) {
@@ -149,37 +137,22 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
149
137
  __privateSet(this, _options, options);
150
138
  __privateSet(this, _logger, logger);
151
139
  this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(__privateGet(this, _options))}]`);
152
- if (isNode && __privateGet(this, _options).agentOptions) {
153
- __privateSet(this, _httpsAgent, new https.Agent({
154
- keepAlive: __privateGet(this, _options).agentOptions.keepAlive,
155
- maxSockets: __privateGet(this, _options).agentOptions.maxSockets,
156
- maxTotalSockets: __privateGet(this, _options).agentOptions.maxTotalSockets,
157
- maxFreeSockets: __privateGet(this, _options).agentOptions.maxFreeSockets,
158
- timeout: __privateGet(this, _options).timeout,
159
- rejectUnauthorized: __privateGet(this, _options).agentOptions.rejectUnauthorized
160
- // Allows self-signed certificates if non-production
161
- }));
140
+ if (isNode) {
141
+ if (__privateGet(this, _options).agentOptions) {
142
+ __privateSet(this, _agentManager, new stsconfig.AgentManager({
143
+ agentOptions: __privateGet(this, _options).agentOptions
144
+ }));
145
+ } else {
146
+ __privateSet(this, _agentManager, new stsconfig.AgentManager({}));
147
+ }
162
148
  }
163
149
  }
164
- get httpsAgent() {
165
- return __privateGet(this, _httpsAgent);
150
+ get agentManager() {
151
+ return __privateGet(this, _agentManager);
166
152
  }
167
153
  get options() {
168
154
  return __privateGet(this, _options);
169
155
  }
170
- get axiosConfig() {
171
- return __privateGet(this, _axiosConfig);
172
- }
173
- get accessToken() {
174
- return __privateGet(this, _accessToken);
175
- }
176
- set accessToken(token) {
177
- __privateSet(this, _accessToken, token);
178
- }
179
- SetAccessToken(token) {
180
- this.accessToken = token;
181
- return this;
182
- }
183
156
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
184
157
  LogDebugMessage(message) {
185
158
  __privateGet(this, _logger).debug(message);
@@ -194,16 +167,14 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
194
167
  }
195
168
  }
196
169
  _options = new WeakMap();
197
- _httpsAgent = new WeakMap();
198
170
  _logger = new WeakMap();
199
- _axiosConfig = new WeakMap();
200
- _accessToken = new WeakMap();
171
+ _agentManager = new WeakMap();
201
172
  class SessionManager extends ResourceManager {
202
173
  constructor(options, logger) {
203
174
  super(options, logger);
204
175
  __publicField(this, "GetSession", async (access_token, sessionId, errorCb) => {
205
176
  try {
206
- return this.SetAccessToken(access_token).AxiosConfig(`${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, "get").GetResult(errorCb);
177
+ return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, "get", null, errorCb);
207
178
  } catch (error) {
208
179
  errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
209
180
  return null;
@@ -215,7 +186,7 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
215
186
  errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, "SessionManager:GetSession(): sessionId not provided.", null));
216
187
  return null;
217
188
  }
218
- return this.SetAccessToken(access_token).AxiosConfig(`${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, "patch", session).GetResult(errorCb);
189
+ return this.GetResult(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, "patch", session, errorCb);
219
190
  } catch (error) {
220
191
  errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));
221
192
  return null;
@@ -230,24 +201,11 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
230
201
  __privateAdd(this, _cacheTimeout, 1e3);
231
202
  __privateAdd(this, _logger2);
232
203
  __privateAdd(this, _cookiejar);
233
- __privateAdd(this, _httpsAgent2, null);
234
204
  // Regular expression to match the origin
235
205
  __privateAdd(this, _originRegex, /^(api:\/\/\w+)/);
236
- __privateAdd(this, _GetHttpsAgent, () => {
237
- if (__privateGet(this, _httpsAgent2) === null) {
238
- __privateSet(this, _httpsAgent2, new https.Agent({
239
- keepAlive: stsconfig.goptions.keepAlive,
240
- maxSockets: stsconfig.goptions.maxSockets,
241
- maxTotalSockets: stsconfig.goptions.maxTotalSockets,
242
- maxFreeSockets: stsconfig.goptions.maxFreeSockets,
243
- timeout: stsconfig.goptions.timeout,
244
- rejectUnauthorized: false
245
- }));
246
- }
247
- return __privateGet(this, _httpsAgent2);
248
- });
206
+ __privateAdd(this, _agentManager2, new stsconfig.AgentManager({}));
249
207
  __publicField(this, "ResetAgent", () => {
250
- __privateSet(this, _httpsAgent2, null);
208
+ __privateGet(this, _agentManager2).ResetAgent();
251
209
  });
252
210
  __publicField(this, "VerifyRequestMiddlewareFactory", (options) => {
253
211
  return async (req, res, next) => {
@@ -317,7 +275,8 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
317
275
  jwksUri: jwksClientUri,
318
276
  timeout: 3e4,
319
277
  //@@ config
320
- requestAgent: __privateGet(this, _GetHttpsAgent).call(this)
278
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
279
+ requestAgent: __privateGet(this, _agentManager2).GetAgent(jwksClientUri)
321
280
  });
322
281
  const decodedRefreshToken = jwtDecode.jwtDecode(token, { header: true });
323
282
  const kid = decodedRefreshToken.kid;
@@ -401,13 +360,7 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
401
360
  stage = "6";
402
361
  const url = endPoint ? `${endPoint}${stsconfig.goptions.asoauthapiroot}/token` : `${stsconfig.goptions.asendpoint}:${stsconfig.goptions.asport}${stsconfig.goptions.asoauthapiroot}/token`;
403
362
  stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`;
404
- const retVal = await axios({
405
- url,
406
- method: "post",
407
- data: payload,
408
- headers,
409
- httpsAgent: __privateGet(this, _GetHttpsAgent).call(this)
410
- });
363
+ const retVal = await axios(new stsconfig.STSAxiosConfig(url, "post", headers).withData(payload).withAgentManager(__privateGet(this, _agentManager2)).config);
411
364
  stage = "7";
412
365
  if (retVal.status) {
413
366
  if (retVal.status !== 200) {
@@ -459,6 +412,9 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
459
412
  __privateSet(this, _logger2, logger);
460
413
  __privateSet(this, _cookiejar, new tough.CookieJar());
461
414
  }
415
+ get agentManager() {
416
+ return __privateGet(this, _agentManager2);
417
+ }
462
418
  /*
463
419
  let cookies = await this.GetCookiesFromJar();
464
420
  const valid = this.#ValidateCookies(cookies);
@@ -484,14 +440,13 @@ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "acce
484
440
  _cacheTimeout = new WeakMap();
485
441
  _logger2 = new WeakMap();
486
442
  _cookiejar = new WeakMap();
487
- _httpsAgent2 = new WeakMap();
488
443
  _originRegex = new WeakMap();
444
+ _agentManager2 = new WeakMap();
489
445
  _AuthUtilsNode_instances = new WeakSet();
490
446
  // eslint-disable-next-line @typescript-eslint/no-explicit-any
491
447
  LogDebugMessage_fn = function(message) {
492
448
  __privateGet(this, _logger2).debug(message);
493
449
  };
494
- _GetHttpsAgent = new WeakMap();
495
450
  exports2.AuthUtilsNode = AuthUtilsNode;
496
451
  exports2.STSAuthClientErrorCode = STSAuthClientErrorCode;
497
452
  exports2.SessionManager = SessionManager;
package/dist/stsauthclient.umd.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"stsauthclient.umd.js","sources":["../src/commonTypes.ts","../node_modules/http-status-codes/build/es/status-codes.js","../node_modules/detect-node/index.esm.js","../src/resourceManager.ts","../src/sessionManager.ts","../src/authutilsnode.ts"],"sourcesContent":["import { StatusCodes } from 'http-status-codes'\n\nimport { OIDCStandardClaim, OAuth2ParameterType } from '@nsshunt/stsutils';\n\nexport interface ISTSResourceManagerOptions {\n\ttimeout: number\n asendpoint: string;\n\tagentOptions?: {\n\t\tkeepAlive: boolean\n\t\tmaxSockets: number\n\t\tmaxTotalSockets: number\n\t\tmaxFreeSockets: number\n timeout: number\n\t\trejectUnauthorized: boolean\n\t}\n}\n\nexport interface ISTSAuthPayload {\n\tsessionId: string,\n\tid_token: string,\n\tconsentRequired: string[],\n\tremainingAdminConsentRequired: string[],\n\tremainingUserConsentRequired: string[],\n\tauthorizationCode?: string\n\tscope: string\n\tclientName: string\n}\n\nexport interface ISTSLogoutPayload {\n\tsessionId: string\n}\n\nexport interface ISTSConsent {\n consent: string[]\n}\n\nexport interface ISTSTokenPayload {\n access_token: string,\n token_type: \"Bearer\",\n expires_in: number,\n refresh_token: string,\n id_token: string,\n scope?: string\n}\n\nexport interface ISTSSessionResource { \n sessionId: string\n sessionState: string\n id_token: string\n consentCurrent: string[]\n consentRequired: string[]\n remainingAdminConsentRequired: string[]\n remainingUserConsentRequired: string[]\n consentNonce?: string\n audience: string\n permissions: string\n subject: string\n authorizationCode: string\n authorizationCodeState: string\n userId: string\n\n // Client query paramaters (mandatory)\n client_id: string\n response_type: string\n redirect_uri: string\n scope: string // Microsoft uses '+' instead of ' ' to seperate scopes - update the string if we have '+' characters\n state: string\n\n code_challenge?: string\n code_challenge_method?: string\n nonce?: string\n response_mode?: string\n\n tokenPayload?: ISTSTokenPayload\n}\n\nexport interface ISTSLoginQueryParams {\n email: string\n password: string\n [OAuth2ParameterType.CLIENT_ID]: string\n nonce: string\n [OAuth2ParameterType.RESPONSE_TYPE]: string\n [OAuth2ParameterType.REDIRECT_URI]: string\n [OAuth2ParameterType.RESPONSE_MODE]: string\n [OAuth2ParameterType.SCOPE]: string\n [OAuth2ParameterType.STATE]: string\n code_challenge: string\n code_challenge_method: string\n}\n\nexport interface ISTSUser {\n id: string\n name: string\n email: string\n hash: string\n roles: string[]\n}\n\nexport interface ISTSAuthorizationCodeResource {\n sessionId: string\n}\n\nexport interface ISTSClaims {\n iss: string, // issuer - server that issues the tokens\n sub: string, // subject - normally the resource (e.g. https://stsmda.com.au/myresource01/) or the user (for id_token)\n //aud: audience, // audience (normally the API) (e.g. https://stsmda.com.au/myresource01api/)\n exp: number, // expires\n iat: number, // issues at\n // OIDC claims\n [OIDCStandardClaim.NAME]: string\n [OIDCStandardClaim.EMAIL]: string,\n // STS Custom claims\n sts_user_id: string\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n sts_user_roles: any\n //alg: 'RS256'\n [OIDCStandardClaim.NONCE]?: string\n}\n\nexport interface ISTSResourceEx<T> {\n status: StatusCodes;\n error?: string;\n sourceError?: Error;\n detail?: T;\n}\n\nexport interface ISTSError {\n status: StatusCodes;\n error: string;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n detail: any;\n}\n\nexport const iss = `https://stscore.stsmda.org/oauth2/v2.0`;\n\nexport const STSAuthClientErrorCode = Object.freeze({\n STS_AC_MISSING_PERMISSION: {\n code: 'STS_AFC0001',\n description: 'STS_AC_0001: Missing Permission(s).'\n },\n});\n","// Generated file. Do not edit\nexport var StatusCodes;\n(function (StatusCodes) {\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.1\n *\n * This interim response indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.\n */\n StatusCodes[StatusCodes[\"CONTINUE\"] = 100] = \"CONTINUE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.2\n *\n * This code is sent in response to an Upgrade request header by the client, and indicates the protocol the server is switching too.\n */\n StatusCodes[StatusCodes[\"SWITCHING_PROTOCOLS\"] = 101] = \"SWITCHING_PROTOCOLS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.1\n *\n * This code indicates that the server has received and is processing the request, but no response is available yet.\n */\n StatusCodes[StatusCodes[\"PROCESSING\"] = 102] = \"PROCESSING\";\n /**\n * Official Documentation @ https://www.rfc-editor.org/rfc/rfc8297#page-3\n *\n * This code indicates to the client that the server is likely to send a final response with the header fields included in the informational response.\n */\n StatusCodes[StatusCodes[\"EARLY_HINTS\"] = 103] = \"EARLY_HINTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.1\n *\n * The request has succeeded. The meaning of a success varies depending on the HTTP method:\n * GET: The resource has been fetched and is transmitted in the message body.\n * HEAD: The entity headers are in the message body.\n * POST: The resource describing the result of the action is transmitted in the message body.\n * TRACE: The message body contains the request message as received by the server\n */\n StatusCodes[StatusCodes[\"OK\"] = 200] = \"OK\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.2\n *\n * The request has succeeded and a new resource has been created as a result of it. This is typically the response sent after a PUT request.\n */\n StatusCodes[StatusCodes[\"CREATED\"] = 201] = \"CREATED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.3\n *\n * The request has been received but not yet acted upon. It is non-committal, meaning that there is no way in HTTP to later send an asynchronous response indicating the outcome of processing the request. It is intended for cases where another process or server handles the request, or for batch processing.\n */\n StatusCodes[StatusCodes[\"ACCEPTED\"] = 202] = \"ACCEPTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.4\n *\n * This response code means returned meta-information set is not exact set as available from the origin server, but collected from a local or a third party copy. Except this condition, 200 OK response should be preferred instead of this response.\n */\n StatusCodes[StatusCodes[\"NON_AUTHORITATIVE_INFORMATION\"] = 203] = \"NON_AUTHORITATIVE_INFORMATION\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.5\n *\n * There is no content to send for this request, but the headers may be useful. The user-agent may update its cached headers for this resource with the new ones.\n */\n StatusCodes[StatusCodes[\"NO_CONTENT\"] = 204] = \"NO_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.6\n *\n * This response code is sent after accomplishing request to tell user agent reset document view which sent this request.\n */\n StatusCodes[StatusCodes[\"RESET_CONTENT\"] = 205] = \"RESET_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.1\n *\n * This response code is used because of range header sent by the client to separate download into multiple streams.\n */\n StatusCodes[StatusCodes[\"PARTIAL_CONTENT\"] = 206] = \"PARTIAL_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.2\n *\n * A Multi-Status response conveys information about multiple resources in situations where multiple status codes might be appropriate.\n */\n StatusCodes[StatusCodes[\"MULTI_STATUS\"] = 207] = \"MULTI_STATUS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.1\n *\n * The request has more than one possible responses. User-agent or user should choose one of them. There is no standardized way to choose one of the responses.\n */\n StatusCodes[StatusCodes[\"MULTIPLE_CHOICES\"] = 300] = \"MULTIPLE_CHOICES\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.2\n *\n * This response code means that URI of requested resource has been changed. Probably, new URI would be given in the response.\n */\n StatusCodes[StatusCodes[\"MOVED_PERMANENTLY\"] = 301] = \"MOVED_PERMANENTLY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.3\n *\n * This response code means that URI of requested resource has been changed temporarily. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.\n */\n StatusCodes[StatusCodes[\"MOVED_TEMPORARILY\"] = 302] = \"MOVED_TEMPORARILY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.4\n *\n * Server sent this response to directing client to get requested resource to another URI with an GET request.\n */\n StatusCodes[StatusCodes[\"SEE_OTHER\"] = 303] = \"SEE_OTHER\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.1\n *\n * This is used for caching purposes. It is telling to client that response has not been modified. So, client can continue to use same cached version of response.\n */\n StatusCodes[StatusCodes[\"NOT_MODIFIED\"] = 304] = \"NOT_MODIFIED\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.6\n *\n * Was defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.\n */\n StatusCodes[StatusCodes[\"USE_PROXY\"] = 305] = \"USE_PROXY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.7\n *\n * Server sent this response to directing client to get requested resource to another URI with same method that used prior request. This has the same semantic than the 302 Found HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"TEMPORARY_REDIRECT\"] = 307] = \"TEMPORARY_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7538#section-3\n *\n * This means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"PERMANENT_REDIRECT\"] = 308] = \"PERMANENT_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.1\n *\n * This response means that server could not understand the request due to invalid syntax.\n */\n StatusCodes[StatusCodes[\"BAD_REQUEST\"] = 400] = \"BAD_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.1\n *\n * Although the HTTP standard specifies \"unauthorized\", semantically this response means \"unauthenticated\". That is, the client must authenticate itself to get the requested response.\n */\n StatusCodes[StatusCodes[\"UNAUTHORIZED\"] = 401] = \"UNAUTHORIZED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.2\n *\n * This response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems however this is not used currently.\n */\n StatusCodes[StatusCodes[\"PAYMENT_REQUIRED\"] = 402] = \"PAYMENT_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.3\n *\n * The client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client's identity is known to the server.\n */\n StatusCodes[StatusCodes[\"FORBIDDEN\"] = 403] = \"FORBIDDEN\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.4\n *\n * The server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web.\n */\n StatusCodes[StatusCodes[\"NOT_FOUND\"] = 404] = \"NOT_FOUND\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.5\n *\n * The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code.\n */\n StatusCodes[StatusCodes[\"METHOD_NOT_ALLOWED\"] = 405] = \"METHOD_NOT_ALLOWED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.6\n *\n * This response is sent when the web server, after performing server-driven content negotiation, doesn't find any content following the criteria given by the user agent.\n */\n StatusCodes[StatusCodes[\"NOT_ACCEPTABLE\"] = 406] = \"NOT_ACCEPTABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.2\n *\n * This is similar to 401 but authentication is needed to be done by a proxy.\n */\n StatusCodes[StatusCodes[\"PROXY_AUTHENTICATION_REQUIRED\"] = 407] = \"PROXY_AUTHENTICATION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.7\n *\n * This response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.\n */\n StatusCodes[StatusCodes[\"REQUEST_TIMEOUT\"] = 408] = \"REQUEST_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.8\n *\n * This response is sent when a request conflicts with the current state of the server.\n */\n StatusCodes[StatusCodes[\"CONFLICT\"] = 409] = \"CONFLICT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.9\n *\n * This response would be sent when the requested content has been permenantly deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for \"limited-time, promotional services\". APIs should not feel compelled to indicate resources that have been deleted with this status code.\n */\n StatusCodes[StatusCodes[\"GONE\"] = 410] = \"GONE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.10\n *\n * The server rejected the request because the Content-Length header field is not defined and the server requires it.\n */\n StatusCodes[StatusCodes[\"LENGTH_REQUIRED\"] = 411] = \"LENGTH_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.2\n *\n * The client has indicated preconditions in its headers which the server does not meet.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_FAILED\"] = 412] = \"PRECONDITION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.11\n *\n * Request entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field.\n */\n StatusCodes[StatusCodes[\"REQUEST_TOO_LONG\"] = 413] = \"REQUEST_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.12\n *\n * The URI requested by the client is longer than the server is willing to interpret.\n */\n StatusCodes[StatusCodes[\"REQUEST_URI_TOO_LONG\"] = 414] = \"REQUEST_URI_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.13\n *\n * The media format of the requested data is not supported by the server, so the server is rejecting the request.\n */\n StatusCodes[StatusCodes[\"UNSUPPORTED_MEDIA_TYPE\"] = 415] = \"UNSUPPORTED_MEDIA_TYPE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.4\n *\n * The range specified by the Range header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.\n */\n StatusCodes[StatusCodes[\"REQUESTED_RANGE_NOT_SATISFIABLE\"] = 416] = \"REQUESTED_RANGE_NOT_SATISFIABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.14\n *\n * This response code means the expectation indicated by the Expect request header field can't be met by the server.\n */\n StatusCodes[StatusCodes[\"EXPECTATION_FAILED\"] = 417] = \"EXPECTATION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2324#section-2.3.2\n *\n * Any attempt to brew coffee with a teapot should result in the error code \"418 I'm a teapot\". The resulting entity body MAY be short and stout.\n */\n StatusCodes[StatusCodes[\"IM_A_TEAPOT\"] = 418] = \"IM_A_TEAPOT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The 507 (Insufficient Storage) status code means the method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. This condition is considered to be temporary. If the request which received this status code was the result of a user action, the request MUST NOT be repeated until it is requested by a separate user action.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_SPACE_ON_RESOURCE\"] = 419] = \"INSUFFICIENT_SPACE_ON_RESOURCE\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-webdav-protocol-06.txt\n *\n * A deprecated response used by the Spring Framework when a method has failed.\n */\n StatusCodes[StatusCodes[\"METHOD_FAILURE\"] = 420] = \"METHOD_FAILURE\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7540#section-9.1.2\n *\n * Defined in the specification of HTTP/2 to indicate that a server is not able to produce a response for the combination of scheme and authority that are included in the request URI.\n */\n StatusCodes[StatusCodes[\"MISDIRECTED_REQUEST\"] = 421] = \"MISDIRECTED_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.3\n *\n * The request was well-formed but was unable to be followed due to semantic errors.\n */\n StatusCodes[StatusCodes[\"UNPROCESSABLE_ENTITY\"] = 422] = \"UNPROCESSABLE_ENTITY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.4\n *\n * The resource that is being accessed is locked.\n */\n StatusCodes[StatusCodes[\"LOCKED\"] = 423] = \"LOCKED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.5\n *\n * The request failed due to failure of a previous request.\n */\n StatusCodes[StatusCodes[\"FAILED_DEPENDENCY\"] = 424] = \"FAILED_DEPENDENCY\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.15\n *\n * The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol.\n */\n StatusCodes[StatusCodes[\"UPGRADE_REQUIRED\"] = 426] = \"UPGRADE_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-3\n *\n * The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_REQUIRED\"] = 428] = \"PRECONDITION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-4\n *\n * The user has sent too many requests in a given amount of time (\"rate limiting\").\n */\n StatusCodes[StatusCodes[\"TOO_MANY_REQUESTS\"] = 429] = \"TOO_MANY_REQUESTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-5\n *\n * The server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.\n */\n StatusCodes[StatusCodes[\"REQUEST_HEADER_FIELDS_TOO_LARGE\"] = 431] = \"REQUEST_HEADER_FIELDS_TOO_LARGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7725\n *\n * The user-agent requested a resource that cannot legally be provided, such as a web page censored by a government.\n */\n StatusCodes[StatusCodes[\"UNAVAILABLE_FOR_LEGAL_REASONS\"] = 451] = \"UNAVAILABLE_FOR_LEGAL_REASONS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.1\n *\n * The server encountered an unexpected condition that prevented it from fulfilling the request.\n */\n StatusCodes[StatusCodes[\"INTERNAL_SERVER_ERROR\"] = 500] = \"INTERNAL_SERVER_ERROR\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.2\n *\n * The request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD.\n */\n StatusCodes[StatusCodes[\"NOT_IMPLEMENTED\"] = 501] = \"NOT_IMPLEMENTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.3\n *\n * This error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.\n */\n StatusCodes[StatusCodes[\"BAD_GATEWAY\"] = 502] = \"BAD_GATEWAY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.4\n *\n * The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the Retry-After: HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.\n */\n StatusCodes[StatusCodes[\"SERVICE_UNAVAILABLE\"] = 503] = \"SERVICE_UNAVAILABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.5\n *\n * This error response is given when the server is acting as a gateway and cannot get a response in time.\n */\n StatusCodes[StatusCodes[\"GATEWAY_TIMEOUT\"] = 504] = \"GATEWAY_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.6\n *\n * The HTTP version used in the request is not supported by the server.\n */\n StatusCodes[StatusCodes[\"HTTP_VERSION_NOT_SUPPORTED\"] = 505] = \"HTTP_VERSION_NOT_SUPPORTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_STORAGE\"] = 507] = \"INSUFFICIENT_STORAGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-6\n *\n * The 511 status code indicates that the client needs to authenticate to gain network access.\n */\n StatusCodes[StatusCodes[\"NETWORK_AUTHENTICATION_REQUIRED\"] = 511] = \"NETWORK_AUTHENTICATION_REQUIRED\";\n})(StatusCodes || (StatusCodes = {}));\n","// Only Node.JS has a process variable that is of [[Class]] process\nexport default Object.prototype.toString.call(typeof process !== 'undefined' ? process : 0) === '[object process]';\n","import isNode from 'detect-node'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport https from 'node:https'\n\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { ISTSLogger, JSONObject } from '@nsshunt/stsutils';\n\nimport { ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nexport abstract class ResourceManager {\n #options: ISTSResourceManagerOptions;\n #httpsAgent: https.Agent | null = null;\n #logger: ISTSLogger;\n #axiosConfig: AxiosRequestConfig | null = null;\n #accessToken: string | null = null;\n\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n this.#options = options;\n this.#logger = logger;\n\t\t\n this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);\n\n if (isNode && this.#options.agentOptions) {\n this.#httpsAgent = new https.Agent({ \n keepAlive: this.#options.agentOptions.keepAlive,\n maxSockets: this.#options.agentOptions.maxSockets,\n maxTotalSockets: this.#options.agentOptions.maxTotalSockets,\n maxFreeSockets: this.#options.agentOptions.maxFreeSockets,\n timeout: this.#options.timeout,\n rejectUnauthorized: this.#options.agentOptions.rejectUnauthorized // Allows self-signed certificates if non-production\n });\n }\n }\n\n get httpsAgent() {\n return this.#httpsAgent;\n }\n\n get options(): ISTSResourceManagerOptions {\n return this.#options;\n }\n\n get axiosConfig(): AxiosRequestConfig | null {\n return this.#axiosConfig;\n }\n\n get accessToken(): string | null {\n return this.#accessToken;\n }\n\n set accessToken(token: string | null) {\n this.#accessToken = token;\n }\n\n SetAccessToken(token: string | null): ResourceManager {\n this.accessToken = token;\n return this;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogInfoMessage(message: any) {\n this.#logger.info(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogErrorMessage(message: any) {\n this.#logger.error(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n GetErrorMessage = (status: StatusCodes, error: string, detail: any): ISTSError => {\n return {\n status,\n error,\n detail\n };\n }\n\n GetHeaders = (access_token: string): JSONObject => {\n const headers: JSONObject = { \n 'Content-Type': 'application/json'\n }\n if (this.#accessToken) {\n headers['Authorization'] = `Bearer ${access_token}`;\n }\n return headers;\n }\n\n // Make data be a abstract base class for resources\n AxiosConfig = (url: string, httpMethod: string, data?: JSONObject): ResourceManager => {\n this.#axiosConfig = {\n url,\n method: httpMethod,\n headers: this.GetHeaders(this.#accessToken as string),\n timeout: this.options.timeout\n }\n if (data) {\n this.#axiosConfig.data = data;\n }\n if (isNode) {\n this.#axiosConfig.httpsAgent = this.httpsAgent\n }\n \n return this;\n }\n\n GetResult = async <T>(errorCb: (error: ISTSError) => void): Promise<T | null> => {\n // We need to snap shot any config required due to async processing\n const axiosConfigSnapshot = this.#axiosConfig as AxiosRequestConfig;\n const data = await axios(axiosConfigSnapshot); // The snapshot is not actually required here but after the await. I put it here by way of example only.\n // The reason is that when await is called, the node event loop will continue to process all remaining queued operations.\n // One of those operations or any operation executed prior to the axios call completing might update the config. So we need to use the\n // snapshot copy of the config made above. This is the downside to the \"return this\" pattern when async operations are used.\n if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {\n const sessionDataRaw = data.data.detail;\n if (sessionDataRaw) {\n try {\n const sessionData = JSON.parse(sessionDataRaw) as T;\n return sessionData;\n } catch (error) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): Could not parse session data.', error));\n return null;\n }\n } else {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): No session data returned.', null));\n return null;\n }\n } else {\n const { status, error, detail } = data.data;\n errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));\n return null;\n }\n }\n}\n","import { StatusCodes } from 'http-status-codes';\n\nimport { ISTSLogger } from '@nsshunt/stsutils';\n\nimport { ISTSSessionResource, ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { ResourceManager } from './resourceManager'\n\nexport class SessionManager extends ResourceManager {\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n super(options, logger);\n }\n\n GetSession = async (access_token: string, sessionId: string, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n return this.SetAccessToken(access_token)\n .AxiosConfig(`${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, 'get')\n .GetResult<ISTSSessionResource>(errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n\n PatchSession = async (access_token: string, session: Partial<ISTSSessionResource>, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n if (!session.sessionId) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetSession(): sessionId not provided.', null));\n return null;\n }\n return this.SetAccessToken(access_token)\n .AxiosConfig(`${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, 'patch', session)\n .GetResult<ISTSSessionResource>(errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n}\n","import tough from 'tough-cookie';\nimport https from 'node:https'\nimport jwt from 'jsonwebtoken';\nimport { jwtDecode } from \"jwt-decode\";\nimport jwksClient from 'jwks-rsa';\n\nimport axios from 'axios';\n\nimport { goptions } from '@nsshunt/stsconfig'\n\nimport { GetErrorPayload, ISTSLogger, JSONObject } from '@nsshunt/stsutils'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport chalk from 'chalk';\n\nimport { Gauge, PublishInstrumentController } from '@nsshunt/stsobservability'\n\nimport { iss, STSAuthClientErrorCode } from './commonTypes'\n\nexport interface IAuthUtilsNodeOptions {\n permissions: string[]\n}\n\nexport interface IGetAPITokenFromAuthServerUsingScopeOptions {\n clientId: string\n authClientSecret: string\n scope: string\n endPoint: string\n instrumentController?: PublishInstrumentController\n outputErrorsToConsole?: boolean\n}\n\ndeclare interface ICacheScopeRecord {\n scope: string\n timeout: NodeJS.Timeout\n}\n\ndeclare interface ICacheRecord {\n scopes: Record<string, ICacheScopeRecord>\n}\n\nexport class AuthUtilsNode\n{\n #cache: Record<string, ICacheRecord> = { };\n #cacheTimeout: number = 1000;\n #logger: ISTSLogger\n #cookiejar: tough.CookieJar;\n #httpsAgent: https.Agent | null = null;\n // Regular expression to match the origin\n #originRegex = /^(api:\\/\\/\\w+)/;\n\n constructor(logger: ISTSLogger) {\n this.#logger = logger;\n this.#cookiejar = new tough.CookieJar();\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n #LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n #GetHttpsAgent = () => {\n if (this.#httpsAgent === null) {\n // https://nodejs.org/api/http.html#class-httpagent\n this.#httpsAgent = new https.Agent({ \n keepAlive: goptions.keepAlive,\n maxSockets: goptions.maxSockets,\n maxTotalSockets: goptions.maxTotalSockets,\n maxFreeSockets: goptions.maxFreeSockets,\n timeout: goptions.timeout,\n rejectUnauthorized: false\n });\n }\n return this.#httpsAgent;\n }\n\n ResetAgent = () => {\n this.#httpsAgent = null;\n }\n\n VerifyRequestMiddlewareFactory = (options: IAuthUtilsNodeOptions) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n return async (req: any, res: any, next: any) => {\n if (options.permissions) {\n\n const permissionsKey = options.permissions.join('_');\n const scopeKey = (req.auth.scope as string).split(' ').join('_');\n\n if (this.#cache[permissionsKey] && this.#cache[permissionsKey].scopes[scopeKey]) {\n next();\n return;\n }\n\n const scopes = req.auth.scope.split(' ');\n\n const requiredPermissions = [ ];\n for (let i=0; i < options.permissions.length; i++) {\n const permission = options.permissions[i];\n if (!scopes.includes(permission)) {\n requiredPermissions.push(permission);\n }\n }\n if (requiredPermissions.length > 0) {\n const errorPayload = GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);\n res.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: errorPayload });\n return;\n }\n\n if (!this.#cache[permissionsKey]) {\n this.#cache[permissionsKey] = {\n scopes: { }\n }\n }\n\n this.#cache[permissionsKey].scopes[scopeKey] = {\n scope: scopeKey,\n timeout: setTimeout(() => {\n delete this.#cache[permissionsKey].scopes[scopeKey]\n }, this.#cacheTimeout).unref()\n }\n }\n next();\n }\n }\n /*\n\tlet cookies = await this.GetCookiesFromJar();\n\tconst valid = this.#ValidateCookies(cookies);\n\tif (valid) {\n\t\tnext();\n\t} else {\n\t\tconst error = { }; //@@\n\t\tconst invalidToken = false; //@@\n\t\tif (invalidToken)\n\t\t{\n\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t} else{\n\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t}\n\t}\n\t*/\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async verifyRequestMiddleware(req: any, res: any, next: any)\n {\n next();\n /*\n\t\t\n\t\tlet cookies = await this.GetCookiesFromJar();\n\n\t\tconst valid = this.#ValidateCookies(cookies);\n\n\t\tif (valid) {\n\t\t\tnext();\n\t\t} else {\n\t\t\tconst error = { }; //@@\n\t\t\tconst invalidToken = false; //@@\n\t\t\tif (invalidToken)\n\t\t\t{\n\t\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t\t} else{\n\t\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t\t}\n\t\t}\n\t\t*/\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n SetCookiesToJar = async (headers: Record<string, any>, endpoint: string): Promise<tough.Cookie[]> =>\n {\n if (headers['set-cookie']) {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n headers['set-cookie'].map((headerCookie: any) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headerCookie);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n });\n } else {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headers['set-cookie']);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n }\n\n return this.#cookiejar.getCookies(endpoint);\n };\n\n GetCookiesFromJar = async (endpoint: string): Promise<tough.Cookie[]> =>\n {\n return this.#cookiejar.getCookies(endpoint);\n };\n\n ValidateJWT = async (token: string, audience: string, endpoint?: string): Promise<string> => {\n const jwksClientUri = (endpoint \n ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` \n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`);\n\n const jwks = jwksClient({\n cache: true, //@@ all config items\n cacheMaxEntries: 5, // Default value\n cacheMaxAge: 600000, // Defaults to 10m\n rateLimit: true,\n jwksRequestsPerMinute: 10, // Default value\n jwksUri: jwksClientUri,\n timeout: 30000, //@@ config\n requestAgent: this.#GetHttpsAgent()\n });\n\n // Use decode to get the kid\n const decodedRefreshToken = jwtDecode<JSONObject>(token, { header: true });\n const kid = decodedRefreshToken.kid;\n\n const key = await jwks.getSigningKey(kid);\n const signingKey = key.getPublicKey();\n\t\t\n const verifyOptions = {\n issuer: iss,\n //subject: s,\n audience: audience,\n //expiresIn: 600, // 10 minutes\n algorithm: [\"RS256\"] // RSASSA [ \"RS256\", \"RS384\", \"RS512\" ]\n };\n\n return jwt.verify(token, signingKey, verifyOptions) as string;\n }\n\n // Function to extract the origin from a URI\n ExtractOrigin = (uri: string) => {\n const match = uri.match(this.#originRegex);\n return match ? match[1] : null;\n }\n\n GetAPITokenFromAuthServerUsingScope = async (options: IGetAPITokenFromAuthServerUsingScopeOptions, errorCb: (error: Error) => void): Promise<string> => {\n const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;\n\n let stage = '1';\n\n const invokeErrorCb = (error: Error) => {\n this.#LogDebugMessage(error);\n if (instrumentController) {\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, { // auth error\n Inc: 1\n });\n }\n errorCb(error);\n };\n\n try {\n stage = '2';\n const scopes = scope.split(' ');\n let origin: string | null = null;\n let error: Error | null = null;\n stage = '3';\n for (let i=0; i < scopes.length; i++) {\n const s = scopes[i];\n if (!origin) {\n origin = this.ExtractOrigin(s);\n if (!origin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n }\n } else {\n const nextOrigin: string | null = this.ExtractOrigin(s);\n if (!nextOrigin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n } else {\n if (origin.localeCompare(nextOrigin) !== 0) {\n error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);\n break;\n }\n }\n }\n }\n stage = '4';\n if (error) {\n invokeErrorCb(error);\n return \"\";\n }\n\n stage = '5';\n const headers = { 'Content-Type': 'application/json'};\n const payload = { //@@ make a type\n client_id: clientId, // The service calling this method\n client_secret: authClientSecret, // Auth service client secret\n //client_secret: goptions.brokerclientsecret, // Broker service client secret\n scope: scope, // required API\n //@@ remove audience\n //@@ need scope to be the API identifier\n grant_type: \"client_credentials\"\n }\n stage = '6';\n const url = (endPoint \n ? `${endPoint}${goptions.asoauthapiroot}/token`\n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`);\n\n stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`\n\n const retVal = await axios({\n url\n ,method: 'post'\n ,data: payload\n ,headers: headers\n ,httpsAgent: this.#GetHttpsAgent()\n });\n\n stage = '7';\n if (retVal.status) {\n if (retVal.status !== 200) {\n // Just provide a warning here\n this.#LogDebugMessage(chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));\n }\n } else {\n invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));\n return \"\";\n }\n stage = '8';\n if (retVal.data) {\n stage = '9';\n if (retVal.data.access_token) {\n stage = '10';\n if (instrumentController) {\n stage = '11';\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {\n Inc: 1\n });\n }\n \n stage = '12';\n return retVal.data.access_token as string;\n } else {\n stage = '13';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));\n return \"\";\n }\n } else {\n stage = '14';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));\n return \"\";\n }\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n if (outputErrorsToConsole === true) {\n console.error(error);\n }\n let details = 'None available.';\n if (error.response && error.response.data) {\n try {\n details = JSON.stringify(error.response.data);\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n } catch (error) {\n details = `Could not JSON.stringify(error.response.data)`;\n }\n }\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));\n return \"\";\n }\n }\n}\n"],"names":["StatusCodes","_logger","_httpsAgent","goptions","GetErrorPayload","jwtDecode","Gauge","error"],"mappings":";;;;;;;;;;;;;;;;AAqIO,QAAM,MAAM;AAEN,QAAA,yBAAyB,OAAO,OAAO;AAAA,IAChD,2BAA2B;AAAA,MACvB,MAAM;AAAA,MACN,aAAa;AAAA,IACjB;AAAA,EACJ,CAAC;AC3IM,MAAI;AACX,GAAC,SAAUA,cAAa;AAMpB,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAUhD,IAAAA,aAAYA,aAAY,IAAI,IAAI,GAAG,IAAI;AAMvC,IAAAA,aAAYA,aAAY,SAAS,IAAI,GAAG,IAAI;AAM5C,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,IAAAA,aAAYA,aAAY,eAAe,IAAI,GAAG,IAAI;AAMlD,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAOjD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,MAAM,IAAI,GAAG,IAAI;AAMzC,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,wBAAwB,IAAI,GAAG,IAAI;AAM3D,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,gCAAgC,IAAI,GAAG,IAAI;AAOnE,IAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,QAAQ,IAAI,GAAG,IAAI;AAM3C,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,4BAA4B,IAAI,GAAG,IAAI;AAM/D,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAAA,EACxE,GAAG,gBAAgB,cAAc,CAAA,EAAG;ACpWpC,QAAA,SAAe,OAAO,UAAU,SAAS,KAAK,OAAO,YAAY,cAAc,UAAU,CAAC,MAAM;AAAA,ECWzF,MAAe,gBAAgB;AAAA,IAOlC,YAAY,SAAqC,QAAoB;AANrE;AACA,sCAAkC;AAClC;AACA,uCAA0C;AAC1C,uCAA8B;AA6D9B;AAAA,6CAAkB,CAAC,QAAqB,OAAe,WAA2B;AACvE,eAAA;AAAA,UACH;AAAA,UACA;AAAA,UACA;AAAA,QAAA;AAAA,MACJ;AAGJ,wCAAa,CAAC,iBAAqC;AAC/C,cAAM,UAAsB;AAAA,UACxB,gBAAgB;AAAA,QAAA;AAEpB,YAAI,mBAAK,eAAc;AACX,kBAAA,eAAe,IAAI,UAAU,YAAY;AAAA,QACrD;AACO,eAAA;AAAA,MAAA;AAIX;AAAA,yCAAc,CAAC,KAAa,YAAoB,SAAuC;AACnF,2BAAK,cAAe;AAAA,UAChB;AAAA,UACA,QAAQ;AAAA,UACR,SAAS,KAAK,WAAW,mBAAK,aAAsB;AAAA,UACpD,SAAS,KAAK,QAAQ;AAAA,QAAA;AAE1B,YAAI,MAAM;AACN,6BAAK,cAAa,OAAO;AAAA,QAC7B;AACA,YAAI,QAAQ;AACH,6BAAA,cAAa,aAAa,KAAK;AAAA,QACxC;AAEO,eAAA;AAAA,MAAA;AAGX,uCAAY,OAAU,YAA2D;AAE7E,cAAM,sBAAsB,mBAAK;AAC3B,cAAA,OAAO,MAAM,MAAM,mBAAmB;AAIxC,YAAA,KAAK,KAAK,WAAW,YAAY,MAAM,KAAK,KAAK,WAAW,YAAY,SAAS;AAC3E,gBAAA,iBAAiB,KAAK,KAAK;AACjC,cAAI,gBAAgB;AACZ,gBAAA;AACM,oBAAA,cAAc,KAAK,MAAM,cAAc;AACtC,qBAAA;AAAA,qBACD,OAAO;AACb,sBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,6DAA6D,KAAK,CAAC;AAC5H,qBAAA;AAAA,YACX;AAAA,UAAA,OACG;AACH,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,yDAAyD,IAAI,CAAC;AACvH,mBAAA;AAAA,UACX;AAAA,QAAA,OACG;AACH,gBAAM,EAAE,QAAQ,OAAO,OAAA,IAAW,KAAK;AACvC,kBAAQ,KAAK,gBAAgB,QAAQ,sDAAsD,KAAK,KAAK,MAAM,CAAC;AACrG,iBAAA;AAAA,QACX;AAAA,MAAA;AAvHA,yBAAK,UAAW;AAChB,yBAAK,SAAW;AAEhB,WAAK,gBAAgB,0CAA0C,KAAK,UAAU,mBAAK,SAAQ,CAAC,GAAG;AAE3F,UAAA,UAAU,mBAAK,UAAS,cAAc;AACjC,2BAAA,aAAc,IAAI,MAAM,MAAM;AAAA,UAC/B,WAAW,mBAAK,UAAS,aAAa;AAAA,UACtC,YAAY,mBAAK,UAAS,aAAa;AAAA,UACvC,iBAAiB,mBAAK,UAAS,aAAa;AAAA,UAC5C,gBAAgB,mBAAK,UAAS,aAAa;AAAA,UAC3C,SAAS,mBAAK,UAAS;AAAA,UACvB,oBAAoB,mBAAK,UAAS,aAAa;AAAA;AAAA,QAAA,CAClD;AAAA,MACL;AAAA,IACJ;AAAA,IAEA,IAAI,aAAa;AACb,aAAO,mBAAK;AAAA,IAChB;AAAA,IAEA,IAAI,UAAsC;AACtC,aAAO,mBAAK;AAAA,IAChB;AAAA,IAEA,IAAI,cAAyC;AACzC,aAAO,mBAAK;AAAA,IAChB;AAAA,IAEA,IAAI,cAA6B;AAC7B,aAAO,mBAAK;AAAA,IAChB;AAAA,IAEA,IAAI,YAAY,OAAsB;AAClC,yBAAK,cAAe;AAAA,IACxB;AAAA,IAEA,eAAe,OAAuC;AAClD,WAAK,cAAc;AACZ,aAAA;AAAA,IACX;AAAA;AAAA,IAGA,gBAAgB,SAAc;AACrB,yBAAA,SAAQ,MAAM,OAAO;AAAA,IAC9B;AAAA;AAAA,IAGA,eAAe,SAAc;AACpB,yBAAA,SAAQ,KAAK,OAAO;AAAA,IAC7B;AAAA;AAAA,IAGA,gBAAgB,SAAc;AACrB,yBAAA,SAAQ,MAAM,OAAO;AAAA,IAC9B;AAAA,EAkEJ;AAhII;AACA;AACA;AACA;AACA;AAAA,ECTG,MAAM,uBAAuB,gBAAgB;AAAA,IAChD,YAAY,SAAqC,QAAoB;AACjE,YAAM,SAAS,MAAM;AAGzB,wCAAa,OAAO,cAAsB,WAAmB,YAA6E;AAClI,YAAA;AACA,iBAAO,KAAK,eAAe,YAAY,EAClC,YAAY,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,SAAS,CAAC,IAAI,KAAK,EACxF,UAA+B,OAAO;AAAA,iBAEtC,OAAY;AACT,kBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,iBAAA;AAAA,QACX;AAAA,MAAA;AAGJ,0CAAe,OAAO,cAAsB,SAAuC,YAA6E;AACxJ,YAAA;AACI,cAAA,CAAC,QAAQ,WAAW;AACpB,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,wDAAwD,IAAI,CAAC;AACtH,mBAAA;AAAA,UACX;AACA,iBAAO,KAAK,eAAe,YAAY,EAClC,YAAY,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,QAAQ,SAAS,CAAC,IAAI,SAAS,OAAO,EAC3G,UAA+B,OAAO;AAAA,iBAEtC,OAAY;AACT,kBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,iBAAA;AAAA,QACX;AAAA,MAAA;AAAA,IA3BJ;AAAA,EA6BJ;AAAA,ECEO,MAAM,cACb;AAAA,IASI,YAAY,QAAoB;AAV7B;AAEH,iCAAuC,CAAA;AACvC,wCAAwB;AACxB,yBAAAC;AACA;AACA,yBAAAC,cAAkC;AAElC;AAAA,uCAAe;AAYf,yCAAiB,MAAM;AACf,YAAA,mBAAKA,kBAAgB,MAAM;AAEtB,6BAAAA,cAAc,IAAI,MAAM,MAAM;AAAA,YAC/B,WAAWC,UAAS,SAAA;AAAA,YACpB,YAAYA,UAAS,SAAA;AAAA,YACrB,iBAAiBA,UAAS,SAAA;AAAA,YAC1B,gBAAgBA,UAAS,SAAA;AAAA,YACzB,SAASA,UAAS,SAAA;AAAA,YAClB,oBAAoB;AAAA,UAAA,CACvB;AAAA,QACL;AACA,eAAO,mBAAKD;AAAA,MAAA;AAGhB,wCAAa,MAAM;AACf,2BAAKA,cAAc;AAAA,MAAA;AAGvB,4DAAiC,CAAC,YAAmC;AAE1D,eAAA,OAAO,KAAU,KAAU,SAAc;AAC5C,cAAI,QAAQ,aAAa;AAErB,kBAAM,iBAAiB,QAAQ,YAAY,KAAK,GAAG;AAC7C,kBAAA,WAAY,IAAI,KAAK,MAAiB,MAAM,GAAG,EAAE,KAAK,GAAG;AAE3D,gBAAA,mBAAK,QAAO,cAAc,KAAK,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,GAAG;AACxE;AACL;AAAA,YACJ;AAEA,kBAAM,SAAS,IAAI,KAAK,MAAM,MAAM,GAAG;AAEvC,kBAAM,sBAAsB,CAAA;AAC5B,qBAAS,IAAE,GAAG,IAAI,QAAQ,YAAY,QAAQ,KAAK;AACzC,oBAAA,aAAa,QAAQ,YAAY,CAAC;AACxC,kBAAI,CAAC,OAAO,SAAS,UAAU,GAAG;AAC9B,oCAAoB,KAAK,UAAU;AAAA,cACvC;AAAA,YACJ;AACI,gBAAA,oBAAoB,SAAS,GAAG;AAChC,oBAAM,eAAeE,SAAA,gBAAgB,uBAAuB,2BAA2B,mBAAmB;AACtG,kBAAA,OAAO,YAAY,YAAY,EAAE,KAAM,EAAE,QAAQ,YAAY,cAAc,OAAO,aAAc,CAAA;AACpG;AAAA,YACJ;AAEA,gBAAI,CAAC,mBAAK,QAAO,cAAc,GAAG;AACzB,iCAAA,QAAO,cAAc,IAAI;AAAA,gBAC1B,QAAQ,CAAE;AAAA,cAAA;AAAA,YAElB;AAEA,+BAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,IAAI;AAAA,cAC3C,OAAO;AAAA,cACP,SAAS,WAAW,MAAM;AACtB,uBAAO,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ;AAAA,cAAA,GACnD,mBAAK,cAAa,EAAE,MAAM;AAAA,YAAA;AAAA,UAErC;AACK;QAAA;AAAA,MACT;AA6CJ;AAAA,6CAAkB,OAAO,SAA8B,aACvD;AACQ,YAAA,QAAQ,YAAY,GAAG;AAEvB,kBAAQ,YAAY,EAAE,IAAI,CAAC,iBAAsB;AAE7C,kBAAM,SAAc,MAAM,OAAO,MAAM,YAAY;AAC9C,+BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,UAAA,CACjD;AAAA,QAAA,OACE;AAEH,gBAAM,SAAc,MAAM,OAAO,MAAM,QAAQ,YAAY,CAAC;AACvD,6BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,QAClD;AAEO,eAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,MAAA;AAG9C,+CAAoB,OAAO,aAC3B;AACW,eAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,MAAA;AAG9C,yCAAc,OAAO,OAAe,UAAkB,aAAuC;AACnF,cAAA,gBAAiB,WACjB,GAAG,QAAQ,GAAGD,mBAAS,cAAc,GAAGA,UAAAA,SAAS,cAAc,KAC/D,GAAGA,UAAS,SAAA,UAAU,IAAIA,UAAS,SAAA,MAAM,GAAGA,mBAAS,cAAc,GAAGA,UAAAA,SAAS,cAAc;AAEnG,cAAM,OAAO,WAAW;AAAA,UACpB,OAAO;AAAA;AAAA,UACP,iBAAiB;AAAA;AAAA,UACjB,aAAa;AAAA;AAAA,UACb,WAAW;AAAA,UACX,uBAAuB;AAAA;AAAA,UACvB,SAAS;AAAA,UACT,SAAS;AAAA;AAAA,UACT,cAAc,mBAAK,gBAAL;AAAA,QAAoB,CACrC;AAGD,cAAM,sBAAsBE,UAAAA,UAAsB,OAAO,EAAE,QAAQ,MAAM;AACzE,cAAM,MAAM,oBAAoB;AAEhC,cAAM,MAAM,MAAM,KAAK,cAAc,GAAG;AAClC,cAAA,aAAa,IAAI;AAEvB,cAAM,gBAAgB;AAAA,UAClB,QAAQ;AAAA;AAAA,UAER;AAAA;AAAA,UAEA,WAAY,CAAC,OAAO;AAAA;AAAA,QAAA;AAGxB,eAAO,IAAI,OAAO,OAAO,YAAY,aAAa;AAAA,MAAA;AAItD;AAAA,2CAAgB,CAAC,QAAgB;AAC7B,cAAM,QAAQ,IAAI,MAAM,mBAAK,aAAY;AAClC,eAAA,QAAQ,MAAM,CAAC,IAAI;AAAA,MAAA;AAG9B,iEAAsC,OAAO,SAAsD,YAAqD;AACpJ,cAAM,EAAE,OAAO,UAAU,kBAAkB,UAAU,sBAAsB,sBAA0B,IAAA;AAErG,YAAI,QAAQ;AAEN,cAAA,gBAAgB,CAAC,UAAiB;AACpC,gCAAK,8CAAL,WAAsB;AACtB,cAAI,sBAAsB;AACD,iCAAA,iBAAiBC,uBAAM,kCAAkC;AAAA;AAAA,cAC1E,KAAK;AAAA,YAAA,CACR;AAAA,UACL;AACA,kBAAQ,KAAK;AAAA,QAAA;AAGb,YAAA;AACQ,kBAAA;AACF,gBAAA,SAAS,MAAM,MAAM,GAAG;AAC9B,cAAI,SAAwB;AAC5B,cAAI,QAAsB;AAClB,kBAAA;AACR,mBAAS,IAAE,GAAG,IAAI,OAAO,QAAQ,KAAK;AAC5B,kBAAA,IAAI,OAAO,CAAC;AAClB,gBAAI,CAAC,QAAQ;AACA,uBAAA,KAAK,cAAc,CAAC;AAC7B,kBAAI,CAAC,QAAQ;AACT,wBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,cACJ;AAAA,YAAA,OACG;AACG,oBAAA,aAA4B,KAAK,cAAc,CAAC;AACtD,kBAAI,CAAC,YAAY;AACb,wBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,cAAA,OACG;AACH,oBAAI,OAAO,cAAc,UAAU,MAAM,GAAG;AACxC,0BAAQ,IAAI,MAAM,WAAW,KAAK,oFAAoF;AACtH;AAAA,gBACJ;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AACQ,kBAAA;AACR,cAAI,OAAO;AACP,0BAAc,KAAK;AACZ,mBAAA;AAAA,UACX;AAEQ,kBAAA;AACF,gBAAA,UAAU,EAAE,gBAAgB;AAClC,gBAAM,UAAU;AAAA;AAAA,YACZ,WAAW;AAAA;AAAA,YACX,eAAe;AAAA;AAAA;AAAA,YAEf;AAAA;AAAA;AAAA;AAAA,YAGA,YAAY;AAAA,UAAA;AAER,kBAAA;AACR,gBAAM,MAAO,WACP,GAAG,QAAQ,GAAGH,mBAAS,cAAc,WACrC,GAAGA,UAAAA,SAAS,UAAU,IAAIA,mBAAS,MAAM,GAAGA,mBAAS,cAAc;AAEzE,kBAAQ,cAAc,GAAG,eAAe,KAAK,UAAU,OAAO,CAAC;AAEzD,gBAAA,SAAS,MAAM,MAAM;AAAA,YACvB;AAAA,YACC,QAAQ;AAAA,YACR,MAAM;AAAA,YACN;AAAA,YACA,YAAY,mBAAK,gBAAL;AAAA,UAAoB,CACpC;AAEO,kBAAA;AACR,cAAI,OAAO,QAAQ;AACX,gBAAA,OAAO,WAAW,KAAK;AAEvB,oCAAK,8CAAL,WAAsB,MAAM,QAAQ,+EAA+E,OAAO,MAAM,GAAG;AAAA,YACvI;AAAA,UAAA,OACG;AACH,0BAAc,IAAI,MAAM,MAAM,IAAI,8DAA8D,CAAC,CAAC;AAC3F,mBAAA;AAAA,UACX;AACQ,kBAAA;AACR,cAAI,OAAO,MAAM;AACL,oBAAA;AACJ,gBAAA,OAAO,KAAK,cAAc;AAClB,sBAAA;AACR,kBAAI,sBAAsB;AACd,wBAAA;AACa,qCAAA,iBAAiBG,uBAAM,4BAA4B;AAAA,kBACpE,KAAK;AAAA,gBAAA,CACR;AAAA,cACL;AAEQ,sBAAA;AACR,qBAAO,OAAO,KAAK;AAAA,YAAA,OAChB;AACK,sBAAA;AACM,4BAAA,IAAI,MAAM,yEAAyE,CAAC;AAC3F,qBAAA;AAAA,YACX;AAAA,UAAA,OACG;AACK,oBAAA;AACM,0BAAA,IAAI,MAAM,4DAA4D,CAAC;AAC9E,mBAAA;AAAA,UACX;AAAA,iBAEK,OAAY;AACjB,cAAI,0BAA0B,MAAM;AAChC,oBAAQ,MAAM,KAAK;AAAA,UACvB;AACA,cAAI,UAAU;AACd,cAAI,MAAM,YAAY,MAAM,SAAS,MAAM;AACnC,gBAAA;AACA,wBAAU,KAAK,UAAU,MAAM,SAAS,IAAI;AAAA,qBAEvCC,QAAO;AACF,wBAAA;AAAA,YACd;AAAA,UACJ;AACc,wBAAA,IAAI,MAAM,uDAAuD,KAAK,cAAc,KAAK,gBAAgB,OAAO,GAAG,CAAC;AAC3H,iBAAA;AAAA,QACX;AAAA,MAAA;AA9SA,yBAAKN,UAAU;AACV,yBAAA,YAAa,IAAI,MAAM,UAAU;AAAA,IAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAwFA,MAAM,wBAAwB,KAAU,KAAU,MAClD;AACS;IAoBT;AAAA,EAgMJ;AAzTI;AACA;AACA,EAAAA,WAAA;AACA;AACA,EAAAC,eAAA;AAEA;AARG;AAgBH;AAAA,gCAAiB,SAAc;AACtB,uBAAAD,UAAQ,MAAM,OAAO;AAAA,EAC9B;AAEA;;;;;;;","x_google_ignoreList":[1,2]}
1
+ {"version":3,"file":"stsauthclient.umd.js","sources":["../src/commonTypes.ts","../node_modules/http-status-codes/build/es/status-codes.js","../node_modules/detect-node/index.esm.js","../src/resourceManager.ts","../src/sessionManager.ts","../src/authutilsnode.ts"],"sourcesContent":["import { StatusCodes } from 'http-status-codes'\n\nimport { OIDCStandardClaim, OAuth2ParameterType } from '@nsshunt/stsutils';\n\nexport interface ISTSResourceManagerOptions {\n\ttimeout: number\n asendpoint: string;\n\tagentOptions?: {\n\t\tkeepAlive: boolean\n\t\tmaxSockets: number\n\t\tmaxTotalSockets: number\n\t\tmaxFreeSockets: number\n timeout: number\n\t\trejectUnauthorized: boolean\n\t}\n}\n\nexport interface ISTSAuthPayload {\n\tsessionId: string,\n\tid_token: string,\n\tconsentRequired: string[],\n\tremainingAdminConsentRequired: string[],\n\tremainingUserConsentRequired: string[],\n\tauthorizationCode?: string\n\tscope: string\n\tclientName: string\n}\n\nexport interface ISTSLogoutPayload {\n\tsessionId: string\n}\n\nexport interface ISTSConsent {\n consent: string[]\n}\n\nexport interface ISTSTokenPayload {\n access_token: string,\n token_type: \"Bearer\",\n expires_in: number,\n refresh_token: string,\n id_token: string,\n scope?: string\n}\n\nexport interface ISTSSessionResource { \n sessionId: string\n sessionState: string\n id_token: string\n consentCurrent: string[]\n consentRequired: string[]\n remainingAdminConsentRequired: string[]\n remainingUserConsentRequired: string[]\n consentNonce?: string\n audience: string\n permissions: string\n subject: string\n authorizationCode: string\n authorizationCodeState: string\n userId: string\n\n // Client query paramaters (mandatory)\n client_id: string\n response_type: string\n redirect_uri: string\n scope: string // Microsoft uses '+' instead of ' ' to seperate scopes - update the string if we have '+' characters\n state: string\n\n code_challenge?: string\n code_challenge_method?: string\n nonce?: string\n response_mode?: string\n\n tokenPayload?: ISTSTokenPayload\n}\n\nexport interface ISTSLoginQueryParams {\n email: string\n password: string\n [OAuth2ParameterType.CLIENT_ID]: string\n nonce: string\n [OAuth2ParameterType.RESPONSE_TYPE]: string\n [OAuth2ParameterType.REDIRECT_URI]: string\n [OAuth2ParameterType.RESPONSE_MODE]: string\n [OAuth2ParameterType.SCOPE]: string\n [OAuth2ParameterType.STATE]: string\n code_challenge: string\n code_challenge_method: string\n}\n\nexport interface ISTSUser {\n id: string\n name: string\n email: string\n hash: string\n roles: string[]\n}\n\nexport interface ISTSAuthorizationCodeResource {\n sessionId: string\n}\n\nexport interface ISTSClaims {\n iss: string, // issuer - server that issues the tokens\n sub: string, // subject - normally the resource (e.g. https://stsmda.com.au/myresource01/) or the user (for id_token)\n //aud: audience, // audience (normally the API) (e.g. https://stsmda.com.au/myresource01api/)\n exp: number, // expires\n iat: number, // issues at\n // OIDC claims\n [OIDCStandardClaim.NAME]: string\n [OIDCStandardClaim.EMAIL]: string,\n // STS Custom claims\n sts_user_id: string\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n sts_user_roles: any\n //alg: 'RS256'\n [OIDCStandardClaim.NONCE]?: string\n}\n\nexport interface ISTSResourceEx<T> {\n status: StatusCodes;\n error?: string;\n sourceError?: Error;\n detail?: T;\n}\n\nexport interface ISTSError {\n status: StatusCodes;\n error: string;\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n detail: any;\n}\n\nexport const iss = `https://stscore.stsmda.org/oauth2/v2.0`;\n\nexport const STSAuthClientErrorCode = Object.freeze({\n STS_AC_MISSING_PERMISSION: {\n code: 'STS_AFC0001',\n description: 'STS_AC_0001: Missing Permission(s).'\n },\n});\n","// Generated file. Do not edit\nexport var StatusCodes;\n(function (StatusCodes) {\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.1\n *\n * This interim response indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.\n */\n StatusCodes[StatusCodes[\"CONTINUE\"] = 100] = \"CONTINUE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.2.2\n *\n * This code is sent in response to an Upgrade request header by the client, and indicates the protocol the server is switching too.\n */\n StatusCodes[StatusCodes[\"SWITCHING_PROTOCOLS\"] = 101] = \"SWITCHING_PROTOCOLS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.1\n *\n * This code indicates that the server has received and is processing the request, but no response is available yet.\n */\n StatusCodes[StatusCodes[\"PROCESSING\"] = 102] = \"PROCESSING\";\n /**\n * Official Documentation @ https://www.rfc-editor.org/rfc/rfc8297#page-3\n *\n * This code indicates to the client that the server is likely to send a final response with the header fields included in the informational response.\n */\n StatusCodes[StatusCodes[\"EARLY_HINTS\"] = 103] = \"EARLY_HINTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.1\n *\n * The request has succeeded. The meaning of a success varies depending on the HTTP method:\n * GET: The resource has been fetched and is transmitted in the message body.\n * HEAD: The entity headers are in the message body.\n * POST: The resource describing the result of the action is transmitted in the message body.\n * TRACE: The message body contains the request message as received by the server\n */\n StatusCodes[StatusCodes[\"OK\"] = 200] = \"OK\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.2\n *\n * The request has succeeded and a new resource has been created as a result of it. This is typically the response sent after a PUT request.\n */\n StatusCodes[StatusCodes[\"CREATED\"] = 201] = \"CREATED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.3\n *\n * The request has been received but not yet acted upon. It is non-committal, meaning that there is no way in HTTP to later send an asynchronous response indicating the outcome of processing the request. It is intended for cases where another process or server handles the request, or for batch processing.\n */\n StatusCodes[StatusCodes[\"ACCEPTED\"] = 202] = \"ACCEPTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.4\n *\n * This response code means returned meta-information set is not exact set as available from the origin server, but collected from a local or a third party copy. Except this condition, 200 OK response should be preferred instead of this response.\n */\n StatusCodes[StatusCodes[\"NON_AUTHORITATIVE_INFORMATION\"] = 203] = \"NON_AUTHORITATIVE_INFORMATION\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.5\n *\n * There is no content to send for this request, but the headers may be useful. The user-agent may update its cached headers for this resource with the new ones.\n */\n StatusCodes[StatusCodes[\"NO_CONTENT\"] = 204] = \"NO_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.3.6\n *\n * This response code is sent after accomplishing request to tell user agent reset document view which sent this request.\n */\n StatusCodes[StatusCodes[\"RESET_CONTENT\"] = 205] = \"RESET_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.1\n *\n * This response code is used because of range header sent by the client to separate download into multiple streams.\n */\n StatusCodes[StatusCodes[\"PARTIAL_CONTENT\"] = 206] = \"PARTIAL_CONTENT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.2\n *\n * A Multi-Status response conveys information about multiple resources in situations where multiple status codes might be appropriate.\n */\n StatusCodes[StatusCodes[\"MULTI_STATUS\"] = 207] = \"MULTI_STATUS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.1\n *\n * The request has more than one possible responses. User-agent or user should choose one of them. There is no standardized way to choose one of the responses.\n */\n StatusCodes[StatusCodes[\"MULTIPLE_CHOICES\"] = 300] = \"MULTIPLE_CHOICES\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.2\n *\n * This response code means that URI of requested resource has been changed. Probably, new URI would be given in the response.\n */\n StatusCodes[StatusCodes[\"MOVED_PERMANENTLY\"] = 301] = \"MOVED_PERMANENTLY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.3\n *\n * This response code means that URI of requested resource has been changed temporarily. New changes in the URI might be made in the future. Therefore, this same URI should be used by the client in future requests.\n */\n StatusCodes[StatusCodes[\"MOVED_TEMPORARILY\"] = 302] = \"MOVED_TEMPORARILY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.4\n *\n * Server sent this response to directing client to get requested resource to another URI with an GET request.\n */\n StatusCodes[StatusCodes[\"SEE_OTHER\"] = 303] = \"SEE_OTHER\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.1\n *\n * This is used for caching purposes. It is telling to client that response has not been modified. So, client can continue to use same cached version of response.\n */\n StatusCodes[StatusCodes[\"NOT_MODIFIED\"] = 304] = \"NOT_MODIFIED\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.6\n *\n * Was defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy. It has been deprecated due to security concerns regarding in-band configuration of a proxy.\n */\n StatusCodes[StatusCodes[\"USE_PROXY\"] = 305] = \"USE_PROXY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.4.7\n *\n * Server sent this response to directing client to get requested resource to another URI with same method that used prior request. This has the same semantic than the 302 Found HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"TEMPORARY_REDIRECT\"] = 307] = \"TEMPORARY_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7538#section-3\n *\n * This means that the resource is now permanently located at another URI, specified by the Location: HTTP Response header. This has the same semantics as the 301 Moved Permanently HTTP response code, with the exception that the user agent must not change the HTTP method used: if a POST was used in the first request, a POST must be used in the second request.\n */\n StatusCodes[StatusCodes[\"PERMANENT_REDIRECT\"] = 308] = \"PERMANENT_REDIRECT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.1\n *\n * This response means that server could not understand the request due to invalid syntax.\n */\n StatusCodes[StatusCodes[\"BAD_REQUEST\"] = 400] = \"BAD_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.1\n *\n * Although the HTTP standard specifies \"unauthorized\", semantically this response means \"unauthenticated\". That is, the client must authenticate itself to get the requested response.\n */\n StatusCodes[StatusCodes[\"UNAUTHORIZED\"] = 401] = \"UNAUTHORIZED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.2\n *\n * This response code is reserved for future use. Initial aim for creating this code was using it for digital payment systems however this is not used currently.\n */\n StatusCodes[StatusCodes[\"PAYMENT_REQUIRED\"] = 402] = \"PAYMENT_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.3\n *\n * The client does not have access rights to the content, i.e. they are unauthorized, so server is rejecting to give proper response. Unlike 401, the client's identity is known to the server.\n */\n StatusCodes[StatusCodes[\"FORBIDDEN\"] = 403] = \"FORBIDDEN\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.4\n *\n * The server can not find requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client. This response code is probably the most famous one due to its frequent occurence on the web.\n */\n StatusCodes[StatusCodes[\"NOT_FOUND\"] = 404] = \"NOT_FOUND\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.5\n *\n * The request method is known by the server but has been disabled and cannot be used. For example, an API may forbid DELETE-ing a resource. The two mandatory methods, GET and HEAD, must never be disabled and should not return this error code.\n */\n StatusCodes[StatusCodes[\"METHOD_NOT_ALLOWED\"] = 405] = \"METHOD_NOT_ALLOWED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.6\n *\n * This response is sent when the web server, after performing server-driven content negotiation, doesn't find any content following the criteria given by the user agent.\n */\n StatusCodes[StatusCodes[\"NOT_ACCEPTABLE\"] = 406] = \"NOT_ACCEPTABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7235#section-3.2\n *\n * This is similar to 401 but authentication is needed to be done by a proxy.\n */\n StatusCodes[StatusCodes[\"PROXY_AUTHENTICATION_REQUIRED\"] = 407] = \"PROXY_AUTHENTICATION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.7\n *\n * This response is sent on an idle connection by some servers, even without any previous request by the client. It means that the server would like to shut down this unused connection. This response is used much more since some browsers, like Chrome, Firefox 27+, or IE9, use HTTP pre-connection mechanisms to speed up surfing. Also note that some servers merely shut down the connection without sending this message.\n */\n StatusCodes[StatusCodes[\"REQUEST_TIMEOUT\"] = 408] = \"REQUEST_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.8\n *\n * This response is sent when a request conflicts with the current state of the server.\n */\n StatusCodes[StatusCodes[\"CONFLICT\"] = 409] = \"CONFLICT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.9\n *\n * This response would be sent when the requested content has been permenantly deleted from server, with no forwarding address. Clients are expected to remove their caches and links to the resource. The HTTP specification intends this status code to be used for \"limited-time, promotional services\". APIs should not feel compelled to indicate resources that have been deleted with this status code.\n */\n StatusCodes[StatusCodes[\"GONE\"] = 410] = \"GONE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.10\n *\n * The server rejected the request because the Content-Length header field is not defined and the server requires it.\n */\n StatusCodes[StatusCodes[\"LENGTH_REQUIRED\"] = 411] = \"LENGTH_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7232#section-4.2\n *\n * The client has indicated preconditions in its headers which the server does not meet.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_FAILED\"] = 412] = \"PRECONDITION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.11\n *\n * Request entity is larger than limits defined by server; the server might close the connection or return an Retry-After header field.\n */\n StatusCodes[StatusCodes[\"REQUEST_TOO_LONG\"] = 413] = \"REQUEST_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.12\n *\n * The URI requested by the client is longer than the server is willing to interpret.\n */\n StatusCodes[StatusCodes[\"REQUEST_URI_TOO_LONG\"] = 414] = \"REQUEST_URI_TOO_LONG\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.13\n *\n * The media format of the requested data is not supported by the server, so the server is rejecting the request.\n */\n StatusCodes[StatusCodes[\"UNSUPPORTED_MEDIA_TYPE\"] = 415] = \"UNSUPPORTED_MEDIA_TYPE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7233#section-4.4\n *\n * The range specified by the Range header field in the request can't be fulfilled; it's possible that the range is outside the size of the target URI's data.\n */\n StatusCodes[StatusCodes[\"REQUESTED_RANGE_NOT_SATISFIABLE\"] = 416] = \"REQUESTED_RANGE_NOT_SATISFIABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.5.14\n *\n * This response code means the expectation indicated by the Expect request header field can't be met by the server.\n */\n StatusCodes[StatusCodes[\"EXPECTATION_FAILED\"] = 417] = \"EXPECTATION_FAILED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2324#section-2.3.2\n *\n * Any attempt to brew coffee with a teapot should result in the error code \"418 I'm a teapot\". The resulting entity body MAY be short and stout.\n */\n StatusCodes[StatusCodes[\"IM_A_TEAPOT\"] = 418] = \"IM_A_TEAPOT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The 507 (Insufficient Storage) status code means the method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. This condition is considered to be temporary. If the request which received this status code was the result of a user action, the request MUST NOT be repeated until it is requested by a separate user action.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_SPACE_ON_RESOURCE\"] = 419] = \"INSUFFICIENT_SPACE_ON_RESOURCE\";\n /**\n * @deprecated\n * Official Documentation @ https://tools.ietf.org/rfcdiff?difftype=--hwdiff&url2=draft-ietf-webdav-protocol-06.txt\n *\n * A deprecated response used by the Spring Framework when a method has failed.\n */\n StatusCodes[StatusCodes[\"METHOD_FAILURE\"] = 420] = \"METHOD_FAILURE\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7540#section-9.1.2\n *\n * Defined in the specification of HTTP/2 to indicate that a server is not able to produce a response for the combination of scheme and authority that are included in the request URI.\n */\n StatusCodes[StatusCodes[\"MISDIRECTED_REQUEST\"] = 421] = \"MISDIRECTED_REQUEST\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.3\n *\n * The request was well-formed but was unable to be followed due to semantic errors.\n */\n StatusCodes[StatusCodes[\"UNPROCESSABLE_ENTITY\"] = 422] = \"UNPROCESSABLE_ENTITY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.4\n *\n * The resource that is being accessed is locked.\n */\n StatusCodes[StatusCodes[\"LOCKED\"] = 423] = \"LOCKED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.5\n *\n * The request failed due to failure of a previous request.\n */\n StatusCodes[StatusCodes[\"FAILED_DEPENDENCY\"] = 424] = \"FAILED_DEPENDENCY\";\n /**\n * Official Documentation @ https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.15\n *\n * The server refuses to perform the request using the current protocol but might be willing to do so after the client upgrades to a different protocol.\n */\n StatusCodes[StatusCodes[\"UPGRADE_REQUIRED\"] = 426] = \"UPGRADE_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-3\n *\n * The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict.\n */\n StatusCodes[StatusCodes[\"PRECONDITION_REQUIRED\"] = 428] = \"PRECONDITION_REQUIRED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-4\n *\n * The user has sent too many requests in a given amount of time (\"rate limiting\").\n */\n StatusCodes[StatusCodes[\"TOO_MANY_REQUESTS\"] = 429] = \"TOO_MANY_REQUESTS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-5\n *\n * The server is unwilling to process the request because its header fields are too large. The request MAY be resubmitted after reducing the size of the request header fields.\n */\n StatusCodes[StatusCodes[\"REQUEST_HEADER_FIELDS_TOO_LARGE\"] = 431] = \"REQUEST_HEADER_FIELDS_TOO_LARGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7725\n *\n * The user-agent requested a resource that cannot legally be provided, such as a web page censored by a government.\n */\n StatusCodes[StatusCodes[\"UNAVAILABLE_FOR_LEGAL_REASONS\"] = 451] = \"UNAVAILABLE_FOR_LEGAL_REASONS\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.1\n *\n * The server encountered an unexpected condition that prevented it from fulfilling the request.\n */\n StatusCodes[StatusCodes[\"INTERNAL_SERVER_ERROR\"] = 500] = \"INTERNAL_SERVER_ERROR\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.2\n *\n * The request method is not supported by the server and cannot be handled. The only methods that servers are required to support (and therefore that must not return this code) are GET and HEAD.\n */\n StatusCodes[StatusCodes[\"NOT_IMPLEMENTED\"] = 501] = \"NOT_IMPLEMENTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.3\n *\n * This error response means that the server, while working as a gateway to get a response needed to handle the request, got an invalid response.\n */\n StatusCodes[StatusCodes[\"BAD_GATEWAY\"] = 502] = \"BAD_GATEWAY\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.4\n *\n * The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded. Note that together with this response, a user-friendly page explaining the problem should be sent. This responses should be used for temporary conditions and the Retry-After: HTTP header should, if possible, contain the estimated time before the recovery of the service. The webmaster must also take care about the caching-related headers that are sent along with this response, as these temporary condition responses should usually not be cached.\n */\n StatusCodes[StatusCodes[\"SERVICE_UNAVAILABLE\"] = 503] = \"SERVICE_UNAVAILABLE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.5\n *\n * This error response is given when the server is acting as a gateway and cannot get a response in time.\n */\n StatusCodes[StatusCodes[\"GATEWAY_TIMEOUT\"] = 504] = \"GATEWAY_TIMEOUT\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc7231#section-6.6.6\n *\n * The HTTP version used in the request is not supported by the server.\n */\n StatusCodes[StatusCodes[\"HTTP_VERSION_NOT_SUPPORTED\"] = 505] = \"HTTP_VERSION_NOT_SUPPORTED\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc2518#section-10.6\n *\n * The server has an internal configuration error: the chosen variant resource is configured to engage in transparent content negotiation itself, and is therefore not a proper end point in the negotiation process.\n */\n StatusCodes[StatusCodes[\"INSUFFICIENT_STORAGE\"] = 507] = \"INSUFFICIENT_STORAGE\";\n /**\n * Official Documentation @ https://tools.ietf.org/html/rfc6585#section-6\n *\n * The 511 status code indicates that the client needs to authenticate to gain network access.\n */\n StatusCodes[StatusCodes[\"NETWORK_AUTHENTICATION_REQUIRED\"] = 511] = \"NETWORK_AUTHENTICATION_REQUIRED\";\n})(StatusCodes || (StatusCodes = {}));\n","// Only Node.JS has a process variable that is of [[Class]] process\nexport default Object.prototype.toString.call(typeof process !== 'undefined' ? process : 0) === '[object process]';\n","import isNode from 'detect-node'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport axios, { AxiosRequestConfig } from \"axios\";\n\nimport { ISTSLogger, JSONObject } from '@nsshunt/stsutils';\n\nimport { ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { AgentManager, STSAxiosConfig } from '@nsshunt/stsconfig';\n\nexport abstract class ResourceManager {\n #options: ISTSResourceManagerOptions;\n #logger: ISTSLogger;\n #agentManager: AgentManager | null = null;\n\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n this.#options = options;\n this.#logger = logger;\n\t\t\n this.LogDebugMessage(`STSOAuth2Worker:constructor:#options: [${JSON.stringify(this.#options)}]`);\n\n if (isNode) {\n if (this.#options.agentOptions) {\n this.#agentManager = new AgentManager({\n agentOptions: this.#options.agentOptions\n });\n } else {\n this.#agentManager = new AgentManager({});\n }\n }\n }\n\n get agentManager(): AgentManager | null {\n return this.#agentManager;\n }\n\n get options(): ISTSResourceManagerOptions {\n return this.#options;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogInfoMessage(message: any) {\n this.#logger.info(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n LogErrorMessage(message: any) {\n this.#logger.error(message);\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n GetErrorMessage = (status: StatusCodes, error: string, detail: any): ISTSError => {\n return {\n status,\n error,\n detail\n };\n }\n\n GetHeaders = (access_token: string | null): JSONObject => {\n const headers: JSONObject = { \n 'Content-Type': 'application/json'\n }\n if (access_token) {\n headers['Authorization'] = `Bearer ${access_token}`;\n }\n return headers;\n }\n\n GetResult = async <T>(accessToken: string | null, url: string, method: string, requestData: JSONObject | null, errorCb: (error: ISTSError) => void): Promise<T | null> => {\n const axiosConfig = new STSAxiosConfig(url, method, this.GetHeaders(accessToken as string), this.options.timeout);\n if (this.#agentManager) {\n axiosConfig.withAgentManager(this.#agentManager)\n }\n if (requestData !== null) {\n axiosConfig.withData(requestData)\n }\n\n const data = await axios(axiosConfig as AxiosRequestConfig); // The snapshot is not actually required here but after the await. I put it here by way of example only.\n // The reason is that when await is called, the node event loop will continue to process all remaining queued operations.\n // One of those operations or any operation executed prior to the axios call completing might update the config. So we need to use the\n // snapshot copy of the config made above.\n if (data.data.status === StatusCodes.OK || data.data.status === StatusCodes.CREATED) {\n const sessionDataRaw = data.data.detail;\n if (sessionDataRaw) {\n try {\n const sessionData = JSON.parse(sessionDataRaw) as T;\n return sessionData;\n } catch (error) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): Could not parse session data.', error));\n return null;\n }\n } else {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetResult(): No session data returned.', null));\n return null;\n }\n } else {\n const { status, error, detail } = data.data;\n errorCb(this.GetErrorMessage(status, `SessionManager:GetResult(): Status not OK. Error: [${error}]`, detail));\n return null;\n }\n }\n}\n","import { StatusCodes } from 'http-status-codes';\n\nimport { ISTSLogger } from '@nsshunt/stsutils';\n\nimport { ISTSSessionResource, ISTSError, ISTSResourceManagerOptions } from './commonTypes'\n\nimport { ResourceManager } from './resourceManager'\n\nexport class SessionManager extends ResourceManager {\n constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger) {\n super(options, logger);\n }\n\n GetSession = async (access_token: string, sessionId: string, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(sessionId)}`, 'get', null, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n\n PatchSession = async (access_token: string, session: Partial<ISTSSessionResource>, errorCb: (error: ISTSError) => void): Promise<ISTSSessionResource | null> => {\n try {\n if (!session.sessionId) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, 'SessionManager:GetSession(): sessionId not provided.', null));\n return null;\n }\n return this.GetResult<ISTSSessionResource>(access_token, `${this.options.asendpoint}/session/${encodeURIComponent(session.sessionId)}`, 'patch', session, errorCb);\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n errorCb(this.GetErrorMessage(StatusCodes.INTERNAL_SERVER_ERROR, `SessionManager:GetSession(): Could not process session. Error: [${error}]`, error));\n return null;\n }\n }\n}\n","import tough from 'tough-cookie';\nimport jwt from 'jsonwebtoken';\nimport { jwtDecode } from \"jwt-decode\";\nimport jwksClient from 'jwks-rsa';\n\nimport axios from 'axios';\n\nimport { goptions, AgentManager, STSAxiosConfig } from '@nsshunt/stsconfig'\n\nimport { GetErrorPayload, ISTSLogger, JSONObject } from '@nsshunt/stsutils'\n\nimport { StatusCodes } from 'http-status-codes';\n\nimport chalk from 'chalk';\n\nimport { Gauge, PublishInstrumentController } from '@nsshunt/stsobservability'\n\nimport { iss, STSAuthClientErrorCode } from './commonTypes'\n\nexport interface IAuthUtilsNodeOptions {\n permissions: string[]\n}\n\nexport interface IGetAPITokenFromAuthServerUsingScopeOptions {\n clientId: string\n authClientSecret: string\n scope: string\n endPoint: string\n instrumentController?: PublishInstrumentController\n outputErrorsToConsole?: boolean\n}\n\ndeclare interface ICacheScopeRecord {\n scope: string\n timeout: NodeJS.Timeout\n}\n\ndeclare interface ICacheRecord {\n scopes: Record<string, ICacheScopeRecord>\n}\n\nexport class AuthUtilsNode\n{\n #cache: Record<string, ICacheRecord> = { };\n #cacheTimeout: number = 1000;\n #logger: ISTSLogger\n #cookiejar: tough.CookieJar;\n // Regular expression to match the origin\n #originRegex = /^(api:\\/\\/\\w+)/;\n #agentManager: AgentManager = new AgentManager({});\n\n constructor(logger: ISTSLogger) {\n this.#logger = logger;\n this.#cookiejar = new tough.CookieJar();\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n #LogDebugMessage(message: any) {\n this.#logger.debug(message);\n }\n\n get agentManager(): AgentManager {\n return this.#agentManager;\n }\n\n ResetAgent = () => {\n this.#agentManager.ResetAgent();\n }\n\n VerifyRequestMiddlewareFactory = (options: IAuthUtilsNodeOptions) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n return async (req: any, res: any, next: any) => {\n if (options.permissions) {\n\n const permissionsKey = options.permissions.join('_');\n const scopeKey = (req.auth.scope as string).split(' ').join('_');\n\n if (this.#cache[permissionsKey] && this.#cache[permissionsKey].scopes[scopeKey]) {\n next();\n return;\n }\n\n const scopes = req.auth.scope.split(' ');\n\n const requiredPermissions = [ ];\n for (let i=0; i < options.permissions.length; i++) {\n const permission = options.permissions[i];\n if (!scopes.includes(permission)) {\n requiredPermissions.push(permission);\n }\n }\n if (requiredPermissions.length > 0) {\n const errorPayload = GetErrorPayload(STSAuthClientErrorCode.STS_AC_MISSING_PERMISSION, requiredPermissions);\n res.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: errorPayload });\n return;\n }\n\n if (!this.#cache[permissionsKey]) {\n this.#cache[permissionsKey] = {\n scopes: { }\n }\n }\n\n this.#cache[permissionsKey].scopes[scopeKey] = {\n scope: scopeKey,\n timeout: setTimeout(() => {\n delete this.#cache[permissionsKey].scopes[scopeKey]\n }, this.#cacheTimeout).unref()\n }\n }\n next();\n }\n }\n /*\n\tlet cookies = await this.GetCookiesFromJar();\n\tconst valid = this.#ValidateCookies(cookies);\n\tif (valid) {\n\t\tnext();\n\t} else {\n\t\tconst error = { }; //@@\n\t\tconst invalidToken = false; //@@\n\t\tif (invalidToken)\n\t\t{\n\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t} else{\n\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t}\n\t}\n\t*/\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n async verifyRequestMiddleware(req: any, res: any, next: any)\n {\n next();\n /*\n\t\t\n\t\tlet cookies = await this.GetCookiesFromJar();\n\n\t\tconst valid = this.#ValidateCookies(cookies);\n\n\t\tif (valid) {\n\t\t\tnext();\n\t\t} else {\n\t\t\tconst error = { }; //@@\n\t\t\tconst invalidToken = false; //@@\n\t\t\tif (invalidToken)\n\t\t\t{\n\t\t\t\tres.status(StatusCodes.UNAUTHORIZED).send( { status: StatusCodes.UNAUTHORIZED, error: 'Invalid Token', detail: error } );\n\t\t\t} else{\n\t\t\t\tres.status(StatusCodes.INTERNAL_SERVER_ERROR).send( { status: StatusCodes.INTERNAL_SERVER_ERROR, error: 'Operation was not successful', detail: error } );\n\t\t\t}\n\t\t}\n\t\t*/\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n SetCookiesToJar = async (headers: Record<string, any>, endpoint: string): Promise<tough.Cookie[]> =>\n {\n if (headers['set-cookie']) {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n headers['set-cookie'].map((headerCookie: any) => {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headerCookie);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n });\n } else {\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const cookie: any = tough.Cookie.parse(headers['set-cookie']);\n this.#cookiejar.setCookieSync(cookie, endpoint);\n }\n\n return this.#cookiejar.getCookies(endpoint);\n };\n\n GetCookiesFromJar = async (endpoint: string): Promise<tough.Cookie[]> =>\n {\n return this.#cookiejar.getCookies(endpoint);\n };\n\n ValidateJWT = async (token: string, audience: string, endpoint?: string): Promise<string> => {\n const jwksClientUri = (endpoint \n ? `${endpoint}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}` \n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}${goptions.asjwksjsonpath}`);\n\n const jwks = jwksClient({\n cache: true, //@@ all config items\n cacheMaxEntries: 5, // Default value\n cacheMaxAge: 600000, // Defaults to 10m\n rateLimit: true,\n jwksRequestsPerMinute: 10, // Default value\n jwksUri: jwksClientUri,\n timeout: 30000, //@@ config\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n requestAgent: this.#agentManager.GetAgent(jwksClientUri) as any\n });\n\n // Use decode to get the kid\n const decodedRefreshToken = jwtDecode<JSONObject>(token, { header: true });\n const kid = decodedRefreshToken.kid;\n\n const key = await jwks.getSigningKey(kid);\n const signingKey = key.getPublicKey();\n\t\t\n const verifyOptions = {\n issuer: iss,\n //subject: s,\n audience: audience,\n //expiresIn: 600, // 10 minutes\n algorithm: [\"RS256\"] // RSASSA [ \"RS256\", \"RS384\", \"RS512\" ]\n };\n\n return jwt.verify(token, signingKey, verifyOptions) as string;\n }\n\n // Function to extract the origin from a URI\n ExtractOrigin = (uri: string) => {\n const match = uri.match(this.#originRegex);\n return match ? match[1] : null;\n }\n\n GetAPITokenFromAuthServerUsingScope = async (options: IGetAPITokenFromAuthServerUsingScopeOptions, errorCb: (error: Error) => void): Promise<string> => {\n const { scope, clientId, authClientSecret, endPoint, instrumentController, outputErrorsToConsole } = options;\n\n let stage = '1';\n\n const invokeErrorCb = (error: Error) => {\n this.#LogDebugMessage(error);\n if (instrumentController) {\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_ERROR_COUNT_GAUGE, { // auth error\n Inc: 1\n });\n }\n errorCb(error);\n };\n\n try {\n stage = '2';\n const scopes = scope.split(' ');\n let origin: string | null = null;\n let error: Error | null = null;\n stage = '3';\n for (let i=0; i < scopes.length; i++) {\n const s = scopes[i];\n if (!origin) {\n origin = this.ExtractOrigin(s);\n if (!origin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n }\n } else {\n const nextOrigin: string | null = this.ExtractOrigin(s);\n if (!nextOrigin) {\n error = new Error(`Scope: [${scope}] not in required format. Must use (space seperated) api://<client id>[/<resource>.<permission>].`);\n break;\n } else {\n if (origin.localeCompare(nextOrigin) !== 0) {\n error = new Error(`Scope: [${scope}] not all from the same client API. All scopes must come from the same client API.`);\n break;\n }\n }\n }\n }\n stage = '4';\n if (error) {\n invokeErrorCb(error);\n return \"\";\n }\n\n stage = '5';\n const headers = { 'Content-Type': 'application/json'};\n const payload = { //@@ make a type\n client_id: clientId, // The service calling this method\n client_secret: authClientSecret, // Auth service client secret\n //client_secret: goptions.brokerclientsecret, // Broker service client secret\n scope: scope, // required API\n //@@ remove audience\n //@@ need scope to be the API identifier\n grant_type: \"client_credentials\"\n }\n stage = '6';\n const url = (endPoint \n ? `${endPoint}${goptions.asoauthapiroot}/token`\n : `${goptions.asendpoint}:${goptions.asport}${goptions.asoauthapiroot}/token`);\n\n stage = `6.5: url: [${url}] payload: [${JSON.stringify(payload)}]`\n\n const retVal = await axios(new STSAxiosConfig(url, 'post', headers).withData(payload).withAgentManager(this.#agentManager).config);\n\n stage = '7';\n if (retVal.status) {\n if (retVal.status !== 200) {\n // Just provide a warning here\n this.#LogDebugMessage(chalk.magenta(`Error (AuthUtilsNode:GetAPITokenFromServer): Invalid response from server: [${retVal.status}]`));\n }\n } else {\n invokeErrorCb(new Error(chalk.red(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.status)`)));\n return \"\";\n }\n stage = '8';\n if (retVal.data) {\n stage = '9';\n if (retVal.data.access_token) {\n stage = '10';\n if (instrumentController) {\n stage = '11';\n instrumentController.UpdateInstrument(Gauge.AUTHENTICATION_COUNT_GAUGE, {\n Inc: 1\n });\n }\n \n stage = '12';\n return retVal.data.access_token as string;\n } else {\n stage = '13';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data.access_token)`));\n return \"\";\n }\n } else {\n stage = '14';\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:No retVal.data)`));\n return \"\";\n }\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n } catch (error: any) {\n if (outputErrorsToConsole === true) {\n console.error(error);\n }\n let details = 'None available.';\n if (error.response && error.response.data) {\n try {\n details = JSON.stringify(error.response.data);\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n } catch (error) {\n details = `Could not JSON.stringify(error.response.data)`;\n }\n }\n invokeErrorCb(new Error(`Error (AuthUtilsNode:GetAPITokenFromServer:catch): [${error}], Stage: [${stage}], Details: [${details}]`));\n return \"\";\n }\n }\n}\n"],"names":["StatusCodes","STSAxiosConfig","AgentManager","_logger","_agentManager","GetErrorPayload","goptions","jwtDecode","Gauge","error"],"mappings":";;;;;;;;;;;;;;;;AAqIO,QAAM,MAAM;AAEN,QAAA,yBAAyB,OAAO,OAAO;AAAA,IAChD,2BAA2B;AAAA,MACvB,MAAM;AAAA,MACN,aAAa;AAAA,IACjB;AAAA,EACJ,CAAC;AC3IM,MAAI;AACX,GAAC,SAAUA,cAAa;AAMpB,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAUhD,IAAAA,aAAYA,aAAY,IAAI,IAAI,GAAG,IAAI;AAMvC,IAAAA,aAAYA,aAAY,SAAS,IAAI,GAAG,IAAI;AAM5C,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,YAAY,IAAI,GAAG,IAAI;AAM/C,IAAAA,aAAYA,aAAY,eAAe,IAAI,GAAG,IAAI;AAMlD,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAOjD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,cAAc,IAAI,GAAG,IAAI;AAMjD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,WAAW,IAAI,GAAG,IAAI;AAM9C,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,UAAU,IAAI,GAAG,IAAI;AAM7C,IAAAA,aAAYA,aAAY,MAAM,IAAI,GAAG,IAAI;AAMzC,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,wBAAwB,IAAI,GAAG,IAAI;AAM3D,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,IAAAA,aAAYA,aAAY,oBAAoB,IAAI,GAAG,IAAI;AAMvD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,gCAAgC,IAAI,GAAG,IAAI;AAOnE,IAAAA,aAAYA,aAAY,gBAAgB,IAAI,GAAG,IAAI;AAMnD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,QAAQ,IAAI,GAAG,IAAI;AAM3C,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,kBAAkB,IAAI,GAAG,IAAI;AAMrD,IAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,IAAAA,aAAYA,aAAY,mBAAmB,IAAI,GAAG,IAAI;AAMtD,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAMpE,IAAAA,aAAYA,aAAY,+BAA+B,IAAI,GAAG,IAAI;AAMlE,IAAAA,aAAYA,aAAY,uBAAuB,IAAI,GAAG,IAAI;AAM1D,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,aAAa,IAAI,GAAG,IAAI;AAMhD,IAAAA,aAAYA,aAAY,qBAAqB,IAAI,GAAG,IAAI;AAMxD,IAAAA,aAAYA,aAAY,iBAAiB,IAAI,GAAG,IAAI;AAMpD,IAAAA,aAAYA,aAAY,4BAA4B,IAAI,GAAG,IAAI;AAM/D,IAAAA,aAAYA,aAAY,sBAAsB,IAAI,GAAG,IAAI;AAMzD,IAAAA,aAAYA,aAAY,iCAAiC,IAAI,GAAG,IAAI;AAAA,EACxE,GAAG,gBAAgB,cAAc,CAAA,EAAG;ACpWpC,QAAA,SAAe,OAAO,UAAU,SAAS,KAAK,OAAO,YAAY,cAAc,UAAU,CAAC,MAAM;AAAA,ECWzF,MAAe,gBAAgB;AAAA,IAKlC,YAAY,SAAqC,QAAoB;AAJrE;AACA;AACA,wCAAqC;AA2CrC;AAAA,6CAAkB,CAAC,QAAqB,OAAe,WAA2B;AACvE,eAAA;AAAA,UACH;AAAA,UACA;AAAA,UACA;AAAA,QAAA;AAAA,MACJ;AAGJ,wCAAa,CAAC,iBAA4C;AACtD,cAAM,UAAsB;AAAA,UACxB,gBAAgB;AAAA,QAAA;AAEpB,YAAI,cAAc;AACN,kBAAA,eAAe,IAAI,UAAU,YAAY;AAAA,QACrD;AACO,eAAA;AAAA,MAAA;AAGX,uCAAY,OAAU,aAA4B,KAAa,QAAgB,aAAgC,YAA2D;AAChK,cAAA,cAAc,IAAIC,yBAAe,KAAK,QAAQ,KAAK,WAAW,WAAqB,GAAG,KAAK,QAAQ,OAAO;AAChH,YAAI,mBAAK,gBAAe;AACR,sBAAA,iBAAiB,mBAAK,cAAa;AAAA,QACnD;AACA,YAAI,gBAAgB,MAAM;AACtB,sBAAY,SAAS,WAAW;AAAA,QACpC;AAEM,cAAA,OAAO,MAAM,MAAM,WAAiC;AAItD,YAAA,KAAK,KAAK,WAAW,YAAY,MAAM,KAAK,KAAK,WAAW,YAAY,SAAS;AAC3E,gBAAA,iBAAiB,KAAK,KAAK;AACjC,cAAI,gBAAgB;AACZ,gBAAA;AACM,oBAAA,cAAc,KAAK,MAAM,cAAc;AACtC,qBAAA;AAAA,qBACD,OAAO;AACb,sBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,6DAA6D,KAAK,CAAC;AAC5H,qBAAA;AAAA,YACX;AAAA,UAAA,OACG;AACH,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,yDAAyD,IAAI,CAAC;AACvH,mBAAA;AAAA,UACX;AAAA,QAAA,OACG;AACH,gBAAM,EAAE,QAAQ,OAAO,OAAA,IAAW,KAAK;AACvC,kBAAQ,KAAK,gBAAgB,QAAQ,sDAAsD,KAAK,KAAK,MAAM,CAAC;AACrG,iBAAA;AAAA,QACX;AAAA,MAAA;AAzFA,yBAAK,UAAW;AAChB,yBAAK,SAAW;AAEhB,WAAK,gBAAgB,0CAA0C,KAAK,UAAU,mBAAK,SAAQ,CAAC,GAAG;AAE/F,UAAI,QAAQ;AACJ,YAAA,mBAAK,UAAS,cAAc;AACvB,6BAAA,eAAgB,IAAIC,uBAAa;AAAA,YAClC,cAAc,mBAAK,UAAS;AAAA,UAAA,CAC/B;AAAA,QAAA,OACE;AACH,6BAAK,eAAgB,IAAIA,UAAa,aAAA,CAAE,CAAA;AAAA,QAC5C;AAAA,MACJ;AAAA,IACJ;AAAA,IAEA,IAAI,eAAoC;AACpC,aAAO,mBAAK;AAAA,IAChB;AAAA,IAEA,IAAI,UAAsC;AACtC,aAAO,mBAAK;AAAA,IAChB;AAAA;AAAA,IAGA,gBAAgB,SAAc;AACrB,yBAAA,SAAQ,MAAM,OAAO;AAAA,IAC9B;AAAA;AAAA,IAGA,eAAe,SAAc;AACpB,yBAAA,SAAQ,KAAK,OAAO;AAAA,IAC7B;AAAA;AAAA,IAGA,gBAAgB,SAAc;AACrB,yBAAA,SAAQ,MAAM,OAAO;AAAA,IAC9B;AAAA,EAsDJ;AAhGI;AACA;AACA;AAAA,ECPG,MAAM,uBAAuB,gBAAgB;AAAA,IAChD,YAAY,SAAqC,QAAoB;AACjE,YAAM,SAAS,MAAM;AAGzB,wCAAa,OAAO,cAAsB,WAAmB,YAA6E;AAClI,YAAA;AACA,iBAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,SAAS,CAAC,IAAI,OAAO,MAAM,OAAO;AAAA,iBAE/I,OAAY;AACT,kBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,iBAAA;AAAA,QACX;AAAA,MAAA;AAGJ,0CAAe,OAAO,cAAsB,SAAuC,YAA6E;AACxJ,YAAA;AACI,cAAA,CAAC,QAAQ,WAAW;AACpB,oBAAQ,KAAK,gBAAgB,YAAY,uBAAuB,wDAAwD,IAAI,CAAC;AACtH,mBAAA;AAAA,UACX;AACA,iBAAO,KAAK,UAA+B,cAAc,GAAG,KAAK,QAAQ,UAAU,YAAY,mBAAmB,QAAQ,SAAS,CAAC,IAAI,SAAS,SAAS,OAAO;AAAA,iBAE5J,OAAY;AACT,kBAAA,KAAK,gBAAgB,YAAY,uBAAuB,mEAAmE,KAAK,KAAK,KAAK,CAAC;AAC5I,iBAAA;AAAA,QACX;AAAA,MAAA;AAAA,IAvBJ;AAAA,EAyBJ;AAAA,ECKO,MAAM,cACb;AAAA,IASI,YAAY,QAAoB;AAV7B;AAEH,iCAAuC,CAAA;AACvC,wCAAwB;AACxB,yBAAAC;AACA;AAEA;AAAA,uCAAe;AACf,yBAAAC,gBAA8B,IAAIF,uBAAa,CAAA,CAAE;AAgBjD,wCAAa,MAAM;AACf,2BAAKE,gBAAc;MAAW;AAGlC,4DAAiC,CAAC,YAAmC;AAE1D,eAAA,OAAO,KAAU,KAAU,SAAc;AAC5C,cAAI,QAAQ,aAAa;AAErB,kBAAM,iBAAiB,QAAQ,YAAY,KAAK,GAAG;AAC7C,kBAAA,WAAY,IAAI,KAAK,MAAiB,MAAM,GAAG,EAAE,KAAK,GAAG;AAE3D,gBAAA,mBAAK,QAAO,cAAc,KAAK,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,GAAG;AACxE;AACL;AAAA,YACJ;AAEA,kBAAM,SAAS,IAAI,KAAK,MAAM,MAAM,GAAG;AAEvC,kBAAM,sBAAsB,CAAA;AAC5B,qBAAS,IAAE,GAAG,IAAI,QAAQ,YAAY,QAAQ,KAAK;AACzC,oBAAA,aAAa,QAAQ,YAAY,CAAC;AACxC,kBAAI,CAAC,OAAO,SAAS,UAAU,GAAG;AAC9B,oCAAoB,KAAK,UAAU;AAAA,cACvC;AAAA,YACJ;AACI,gBAAA,oBAAoB,SAAS,GAAG;AAChC,oBAAM,eAAeC,SAAA,gBAAgB,uBAAuB,2BAA2B,mBAAmB;AACtG,kBAAA,OAAO,YAAY,YAAY,EAAE,KAAM,EAAE,QAAQ,YAAY,cAAc,OAAO,aAAc,CAAA;AACpG;AAAA,YACJ;AAEA,gBAAI,CAAC,mBAAK,QAAO,cAAc,GAAG;AACzB,iCAAA,QAAO,cAAc,IAAI;AAAA,gBAC1B,QAAQ,CAAE;AAAA,cAAA;AAAA,YAElB;AAEA,+BAAK,QAAO,cAAc,EAAE,OAAO,QAAQ,IAAI;AAAA,cAC3C,OAAO;AAAA,cACP,SAAS,WAAW,MAAM;AACtB,uBAAO,mBAAK,QAAO,cAAc,EAAE,OAAO,QAAQ;AAAA,cAAA,GACnD,mBAAK,cAAa,EAAE,MAAM;AAAA,YAAA;AAAA,UAErC;AACK;QAAA;AAAA,MACT;AA6CJ;AAAA,6CAAkB,OAAO,SAA8B,aACvD;AACQ,YAAA,QAAQ,YAAY,GAAG;AAEvB,kBAAQ,YAAY,EAAE,IAAI,CAAC,iBAAsB;AAE7C,kBAAM,SAAc,MAAM,OAAO,MAAM,YAAY;AAC9C,+BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,UAAA,CACjD;AAAA,QAAA,OACE;AAEH,gBAAM,SAAc,MAAM,OAAO,MAAM,QAAQ,YAAY,CAAC;AACvD,6BAAA,YAAW,cAAc,QAAQ,QAAQ;AAAA,QAClD;AAEO,eAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,MAAA;AAG9C,+CAAoB,OAAO,aAC3B;AACW,eAAA,mBAAK,YAAW,WAAW,QAAQ;AAAA,MAAA;AAG9C,yCAAc,OAAO,OAAe,UAAkB,aAAuC;AACnF,cAAA,gBAAiB,WACjB,GAAG,QAAQ,GAAGC,mBAAS,cAAc,GAAGA,UAAAA,SAAS,cAAc,KAC/D,GAAGA,UAAS,SAAA,UAAU,IAAIA,UAAS,SAAA,MAAM,GAAGA,mBAAS,cAAc,GAAGA,UAAAA,SAAS,cAAc;AAEnG,cAAM,OAAO,WAAW;AAAA,UACpB,OAAO;AAAA;AAAA,UACP,iBAAiB;AAAA;AAAA,UACjB,aAAa;AAAA;AAAA,UACb,WAAW;AAAA,UACX,uBAAuB;AAAA;AAAA,UACvB,SAAS;AAAA,UACT,SAAS;AAAA;AAAA;AAAA,UAET,cAAc,mBAAKF,gBAAc,SAAS,aAAa;AAAA,QAAA,CAC1D;AAGD,cAAM,sBAAsBG,UAAAA,UAAsB,OAAO,EAAE,QAAQ,MAAM;AACzE,cAAM,MAAM,oBAAoB;AAEhC,cAAM,MAAM,MAAM,KAAK,cAAc,GAAG;AAClC,cAAA,aAAa,IAAI;AAEvB,cAAM,gBAAgB;AAAA,UAClB,QAAQ;AAAA;AAAA,UAER;AAAA;AAAA,UAEA,WAAY,CAAC,OAAO;AAAA;AAAA,QAAA;AAGxB,eAAO,IAAI,OAAO,OAAO,YAAY,aAAa;AAAA,MAAA;AAItD;AAAA,2CAAgB,CAAC,QAAgB;AAC7B,cAAM,QAAQ,IAAI,MAAM,mBAAK,aAAY;AAClC,eAAA,QAAQ,MAAM,CAAC,IAAI;AAAA,MAAA;AAG9B,iEAAsC,OAAO,SAAsD,YAAqD;AACpJ,cAAM,EAAE,OAAO,UAAU,kBAAkB,UAAU,sBAAsB,sBAA0B,IAAA;AAErG,YAAI,QAAQ;AAEN,cAAA,gBAAgB,CAAC,UAAiB;AACpC,gCAAK,8CAAL,WAAsB;AACtB,cAAI,sBAAsB;AACD,iCAAA,iBAAiBC,uBAAM,kCAAkC;AAAA;AAAA,cAC1E,KAAK;AAAA,YAAA,CACR;AAAA,UACL;AACA,kBAAQ,KAAK;AAAA,QAAA;AAGb,YAAA;AACQ,kBAAA;AACF,gBAAA,SAAS,MAAM,MAAM,GAAG;AAC9B,cAAI,SAAwB;AAC5B,cAAI,QAAsB;AAClB,kBAAA;AACR,mBAAS,IAAE,GAAG,IAAI,OAAO,QAAQ,KAAK;AAC5B,kBAAA,IAAI,OAAO,CAAC;AAClB,gBAAI,CAAC,QAAQ;AACA,uBAAA,KAAK,cAAc,CAAC;AAC7B,kBAAI,CAAC,QAAQ;AACT,wBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,cACJ;AAAA,YAAA,OACG;AACG,oBAAA,aAA4B,KAAK,cAAc,CAAC;AACtD,kBAAI,CAAC,YAAY;AACb,wBAAQ,IAAI,MAAM,WAAW,KAAK,mGAAmG;AACrI;AAAA,cAAA,OACG;AACH,oBAAI,OAAO,cAAc,UAAU,MAAM,GAAG;AACxC,0BAAQ,IAAI,MAAM,WAAW,KAAK,oFAAoF;AACtH;AAAA,gBACJ;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AACQ,kBAAA;AACR,cAAI,OAAO;AACP,0BAAc,KAAK;AACZ,mBAAA;AAAA,UACX;AAEQ,kBAAA;AACF,gBAAA,UAAU,EAAE,gBAAgB;AAClC,gBAAM,UAAU;AAAA;AAAA,YACZ,WAAW;AAAA;AAAA,YACX,eAAe;AAAA;AAAA;AAAA,YAEf;AAAA;AAAA;AAAA;AAAA,YAGA,YAAY;AAAA,UAAA;AAER,kBAAA;AACR,gBAAM,MAAO,WACP,GAAG,QAAQ,GAAGF,mBAAS,cAAc,WACrC,GAAGA,UAAAA,SAAS,UAAU,IAAIA,mBAAS,MAAM,GAAGA,mBAAS,cAAc;AAEzE,kBAAQ,cAAc,GAAG,eAAe,KAAK,UAAU,OAAO,CAAC;AAE/D,gBAAM,SAAS,MAAM,MAAM,IAAIL,UAAAA,eAAe,KAAK,QAAQ,OAAO,EAAE,SAAS,OAAO,EAAE,iBAAiB,mBAAKG,eAAa,EAAE,MAAM;AAEzH,kBAAA;AACR,cAAI,OAAO,QAAQ;AACX,gBAAA,OAAO,WAAW,KAAK;AAEvB,oCAAK,8CAAL,WAAsB,MAAM,QAAQ,+EAA+E,OAAO,MAAM,GAAG;AAAA,YACvI;AAAA,UAAA,OACG;AACH,0BAAc,IAAI,MAAM,MAAM,IAAI,8DAA8D,CAAC,CAAC;AAC3F,mBAAA;AAAA,UACX;AACQ,kBAAA;AACR,cAAI,OAAO,MAAM;AACL,oBAAA;AACJ,gBAAA,OAAO,KAAK,cAAc;AAClB,sBAAA;AACR,kBAAI,sBAAsB;AACd,wBAAA;AACa,qCAAA,iBAAiBI,uBAAM,4BAA4B;AAAA,kBACpE,KAAK;AAAA,gBAAA,CACR;AAAA,cACL;AAEQ,sBAAA;AACR,qBAAO,OAAO,KAAK;AAAA,YAAA,OAChB;AACK,sBAAA;AACM,4BAAA,IAAI,MAAM,yEAAyE,CAAC;AAC3F,qBAAA;AAAA,YACX;AAAA,UAAA,OACG;AACK,oBAAA;AACM,0BAAA,IAAI,MAAM,4DAA4D,CAAC;AAC9E,mBAAA;AAAA,UACX;AAAA,iBAEK,OAAY;AACjB,cAAI,0BAA0B,MAAM;AAChC,oBAAQ,MAAM,KAAK;AAAA,UACvB;AACA,cAAI,UAAU;AACd,cAAI,MAAM,YAAY,MAAM,SAAS,MAAM;AACnC,gBAAA;AACA,wBAAU,KAAK,UAAU,MAAM,SAAS,IAAI;AAAA,qBAEvCC,QAAO;AACF,wBAAA;AAAA,YACd;AAAA,UACJ;AACc,wBAAA,IAAI,MAAM,uDAAuD,KAAK,cAAc,KAAK,gBAAgB,OAAO,GAAG,CAAC;AAC3H,iBAAA;AAAA,QACX;AAAA,MAAA;AA9RA,yBAAKN,UAAU;AACV,yBAAA,YAAa,IAAI,MAAM,UAAU;AAAA,IAC1C;AAAA,IAOA,IAAI,eAA6B;AAC7B,aAAO,mBAAKC;AAAA,IAChB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAoEA,MAAM,wBAAwB,KAAU,KAAU,MAClD;AACS;IAoBT;AAAA,EA2LJ;AAzSI;AACA;AACA,EAAAD,WAAA;AACA;AAEA;AACA,EAAAC,iBAAA;AARG;AAgBH;AAAA,gCAAiB,SAAc;AACtB,uBAAAD,UAAQ,MAAM,OAAO;AAAA,EAC9B;;;;;;;","x_google_ignoreList":[1,2]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nsshunt/stsauthclient",
3
- "version": "1.0.11",
3
+ "version": "1.0.13",
4
4
  "description": "",
5
5
  "main": "./dist/stsauthclient.umd.js",
6
6
  "module": "./dist/stsauthclient.mjs",
package/types/authManager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authManager.d.ts","sourceRoot":"","sources":["../src/authManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,OAAO,EAAE,SAAS,EAAE,0BAA0B,EAAE,oBAAoB,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AAE/H,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,qBAAa,WAAY,SAAQ,eAAe;gBAChC,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,UAAU;IAInE,MAAM,cAAqB,MAAM,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAUzG;IAED,KAAK,iBAAwB,oBAAoB,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAiBvH;CACJ"}
1
+ {"version":3,"file":"authManager.d.ts","sourceRoot":"","sources":["../src/authManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,OAAO,EAAE,SAAS,EAAE,0BAA0B,EAAE,oBAAoB,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AAE/H,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,qBAAa,WAAY,SAAQ,eAAe;gBAChC,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,UAAU;IAInE,MAAM,cAAqB,MAAM,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAQzG;IAED,KAAK,iBAAwB,oBAAoB,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAevH;CACJ"}
package/types/authutilsnode.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import tough from 'tough-cookie';
2
+ import { AgentManager } from '@nsshunt/stsconfig';
2
3
  import { ISTSLogger } from '@nsshunt/stsutils';
3
4
  import { PublishInstrumentController } from '@nsshunt/stsobservability';
4
5
  export interface IAuthUtilsNodeOptions {
@@ -15,6 +16,7 @@ export interface IGetAPITokenFromAuthServerUsingScopeOptions {
15
16
  export declare class AuthUtilsNode {
16
17
  #private;
17
18
  constructor(logger: ISTSLogger);
19
+ get agentManager(): AgentManager;
18
20
  ResetAgent: () => void;
19
21
  VerifyRequestMiddlewareFactory: (options: IAuthUtilsNodeOptions) => (req: any, res: any, next: any) => Promise<void>;
20
22
  verifyRequestMiddleware(req: any, res: any, next: any): Promise<void>;
package/types/authutilsnode.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authutilsnode.d.ts","sourceRoot":"","sources":["../src/authutilsnode.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,cAAc,CAAC;AAUjC,OAAO,EAAmB,UAAU,EAAc,MAAM,mBAAmB,CAAA;AAM3E,OAAO,EAAS,2BAA2B,EAAE,MAAM,2BAA2B,CAAA;AAI9E,MAAM,WAAW,qBAAqB;IAClC,WAAW,EAAE,MAAM,EAAE,CAAA;CACxB;AAED,MAAM,WAAW,2CAA2C;IACxD,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,EAAE,MAAM,CAAA;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,oBAAoB,CAAC,EAAE,2BAA2B,CAAA;IAClD,qBAAqB,CAAC,EAAE,OAAO,CAAA;CAClC;AAWD,qBAAa,aAAa;;gBAUV,MAAM,EAAE,UAAU;IAyB9B,UAAU,aAET;IAED,8BAA8B,YAAa,qBAAqB,WAEzC,GAAG,OAAO,GAAG,QAAQ,GAAG,mBAyC9C;IAmBK,uBAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;IAyB3D,eAAe,YAAmB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,YAAY,MAAM,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAgB/F;IAEF,iBAAiB,aAAoB,MAAM,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAGnE;IAEF,WAAW,UAAiB,MAAM,YAAY,MAAM,aAAa,MAAM,KAAG,OAAO,CAAC,MAAM,CAAC,CAgCxF;IAGD,aAAa,QAAS,MAAM,mBAG3B;IAED,mCAAmC,YAAmB,2CAA2C,WAAW,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,KAAG,OAAO,CAAC,MAAM,CAAC,CA6HnJ;CACJ"}
1
+ {"version":3,"file":"authutilsnode.d.ts","sourceRoot":"","sources":["../src/authutilsnode.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,cAAc,CAAC;AAOjC,OAAO,EAAY,YAAY,EAAkB,MAAM,oBAAoB,CAAA;AAE3E,OAAO,EAAmB,UAAU,EAAc,MAAM,mBAAmB,CAAA;AAM3E,OAAO,EAAS,2BAA2B,EAAE,MAAM,2BAA2B,CAAA;AAI9E,MAAM,WAAW,qBAAqB;IAClC,WAAW,EAAE,MAAM,EAAE,CAAA;CACxB;AAED,MAAM,WAAW,2CAA2C;IACxD,QAAQ,EAAE,MAAM,CAAA;IAChB,gBAAgB,EAAE,MAAM,CAAA;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;IAChB,oBAAoB,CAAC,EAAE,2BAA2B,CAAA;IAClD,qBAAqB,CAAC,EAAE,OAAO,CAAA;CAClC;AAWD,qBAAa,aAAa;;gBAUV,MAAM,EAAE,UAAU;IAU9B,IAAI,YAAY,IAAI,YAAY,CAE/B;IAED,UAAU,aAET;IAED,8BAA8B,YAAa,qBAAqB,WAEzC,GAAG,OAAO,GAAG,QAAQ,GAAG,mBAyC9C;IAmBK,uBAAuB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG;IAyB3D,eAAe,YAAmB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,YAAY,MAAM,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAgB/F;IAEF,iBAAiB,aAAoB,MAAM,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAGnE;IAEF,WAAW,UAAiB,MAAM,YAAY,MAAM,aAAa,MAAM,KAAG,OAAO,CAAC,MAAM,CAAC,CAiCxF;IAGD,aAAa,QAAS,MAAM,mBAG3B;IAED,mCAAmC,YAAmB,2CAA2C,WAAW,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,KAAG,OAAO,CAAC,MAAM,CAAC,CAuHnJ;CACJ"}
package/types/resourceManager.d.ts CHANGED
@@ -1,23 +1,17 @@
1
1
  import { StatusCodes } from 'http-status-codes';
2
- import https from 'node:https';
3
- import { AxiosRequestConfig } from "axios";
4
2
  import { ISTSLogger, JSONObject } from '@nsshunt/stsutils';
5
3
  import { ISTSError, ISTSResourceManagerOptions } from './commonTypes';
4
+ import { AgentManager } from '@nsshunt/stsconfig';
6
5
  export declare abstract class ResourceManager {
7
6
  #private;
8
7
  constructor(options: ISTSResourceManagerOptions, logger: ISTSLogger);
9
- get httpsAgent(): https.Agent | null;
8
+ get agentManager(): AgentManager | null;
10
9
  get options(): ISTSResourceManagerOptions;
11
- get axiosConfig(): AxiosRequestConfig | null;
12
- get accessToken(): string | null;
13
- set accessToken(token: string | null);
14
- SetAccessToken(token: string | null): ResourceManager;
15
10
  LogDebugMessage(message: any): void;
16
11
  LogInfoMessage(message: any): void;
17
12
  LogErrorMessage(message: any): void;
18
13
  GetErrorMessage: (status: StatusCodes, error: string, detail: any) => ISTSError;
19
- GetHeaders: (access_token: string) => JSONObject;
20
- AxiosConfig: (url: string, httpMethod: string, data?: JSONObject) => ResourceManager;
21
- GetResult: <T>(errorCb: (error: ISTSError) => void) => Promise<T | null>;
14
+ GetHeaders: (access_token: string | null) => JSONObject;
15
+ GetResult: <T>(accessToken: string | null, url: string, method: string, requestData: JSONObject | null, errorCb: (error: ISTSError) => void) => Promise<T | null>;
22
16
  }
23
17
  //# sourceMappingURL=resourceManager.d.ts.map
package/types/resourceManager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"resourceManager.d.ts","sourceRoot":"","sources":["../src/resourceManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,KAAK,MAAM,YAAY,CAAA;AAE9B,OAAc,EAAE,kBAAkB,EAAE,MAAM,OAAO,CAAC;AAElD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAA;AAErE,8BAAsB,eAAe;;gBAOrB,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,UAAU;IAkBnE,IAAI,UAAU,uBAEb;IAED,IAAI,OAAO,IAAI,0BAA0B,CAExC;IAED,IAAI,WAAW,IAAI,kBAAkB,GAAG,IAAI,CAE3C;IAED,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED,IAAI,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,EAEnC;IAED,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,eAAe;IAMrD,eAAe,CAAC,OAAO,EAAE,GAAG;IAK5B,cAAc,CAAC,OAAO,EAAE,GAAG;IAK3B,eAAe,CAAC,OAAO,EAAE,GAAG;IAK5B,eAAe,WAAY,WAAW,SAAS,MAAM,UAAU,GAAG,KAAG,SAAS,CAM7E;IAED,UAAU,iBAAkB,MAAM,KAAG,UAAU,CAQ9C;IAGD,WAAW,QAAS,MAAM,cAAc,MAAM,SAAS,UAAU,KAAG,eAAe,CAelF;IAED,SAAS,GAAU,CAAC,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CA0B5E;CACJ"}
1
+ {"version":3,"file":"resourceManager.d.ts","sourceRoot":"","sources":["../src/resourceManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAIhD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAA;AAErE,OAAO,EAAE,YAAY,EAAkB,MAAM,oBAAoB,CAAC;AAElE,8BAAsB,eAAe;;gBAKrB,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,UAAU;IAiBnE,IAAI,YAAY,IAAI,YAAY,GAAG,IAAI,CAEtC;IAED,IAAI,OAAO,IAAI,0BAA0B,CAExC;IAGD,eAAe,CAAC,OAAO,EAAE,GAAG;IAK5B,cAAc,CAAC,OAAO,EAAE,GAAG;IAK3B,eAAe,CAAC,OAAO,EAAE,GAAG;IAK5B,eAAe,WAAY,WAAW,SAAS,MAAM,UAAU,GAAG,KAAG,SAAS,CAM7E;IAED,UAAU,iBAAkB,MAAM,GAAG,IAAI,KAAG,UAAU,CAQrD;IAED,SAAS,GAAU,CAAC,eAAe,MAAM,GAAG,IAAI,OAAO,MAAM,UAAU,MAAM,eAAe,UAAU,GAAG,IAAI,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAgCrK;CACJ"}
package/types/sessionManager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sessionManager.d.ts","sourceRoot":"","sources":["../src/sessionManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAA;AAE1F,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,qBAAa,cAAe,SAAQ,eAAe;gBACnC,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,UAAU;IAInE,UAAU,iBAAwB,MAAM,aAAa,MAAM,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAUrI;IAED,YAAY,iBAAwB,MAAM,WAAW,OAAO,CAAC,mBAAmB,CAAC,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAc3J;CACJ"}
1
+ {"version":3,"file":"sessionManager.d.ts","sourceRoot":"","sources":["../src/sessionManager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,OAAO,EAAE,mBAAmB,EAAE,SAAS,EAAE,0BAA0B,EAAE,MAAM,eAAe,CAAA;AAE1F,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEnD,qBAAa,cAAe,SAAQ,eAAe;gBACnC,OAAO,EAAE,0BAA0B,EAAE,MAAM,EAAE,UAAU;IAInE,UAAU,iBAAwB,MAAM,aAAa,MAAM,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAQrI;IAED,YAAY,iBAAwB,MAAM,WAAW,OAAO,CAAC,mBAAmB,CAAC,WAAW,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,KAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAY3J;CACJ"}