@nsshunt/stsoauth2plugin 0.1.38 → 0.1.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/.eslintrc.json +27 -0
  2. package/.github/dependabot.yml +13 -0
  3. package/.github/workflows/npm-publish.yml +54 -0
  4. package/babel.config.json +6 -0
  5. package/build.sh +29 -0
  6. package/dist/Utils/CryptoUtils.js +32 -0
  7. package/dist/Utils/CryptoUtils.js.map +1 -0
  8. package/dist/Utils/QueryParams.js +49 -0
  9. package/dist/Utils/QueryParams.js.map +1 -0
  10. package/dist/index.js +11 -0
  11. package/dist/index.js.map +1 -0
  12. package/dist/index.test.js +8 -0
  13. package/dist/index.test.js.map +1 -0
  14. package/dist/stsStorage.js +152 -0
  15. package/dist/stsStorage.js.map +1 -0
  16. package/dist/stsoauth2manager.js +354 -0
  17. package/dist/stsoauth2manager.js.map +1 -0
  18. package/dist/stsoauth2types.js +31 -0
  19. package/dist/stsoauth2types.js.map +1 -0
  20. package/dist/stsoauth2worker.js +587 -0
  21. package/dist/stsoauth2worker.js.map +1 -0
  22. package/package-vite.json +58 -0
  23. package/package.json +4 -13
  24. package/src/Utils/CryptoUtils.ts +32 -0
  25. package/src/Utils/QueryParams.ts +48 -0
  26. package/src/index.test.ts +10 -0
  27. package/src/index.ts +12 -0
  28. package/src/stsStorage.ts +158 -0
  29. package/src/stsoauth2manager.ts +373 -0
  30. package/src/stsoauth2types.ts +111 -0
  31. package/src/stsoauth2worker.ts +583 -0
  32. package/tsconfig.json +32 -0
  33. package/vite.config.ts +62 -0
  34. package/dist/stsoauth2plugin.es.js +0 -12300
package/dist/stsoauth2worker.js ADDED
@@ -0,0 +1,587 @@
1
+ var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
2
+ if (kind === "m") throw new TypeError("Private method is not writable");
3
+ if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
4
+ if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
5
+ return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
6
+ };
7
+ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
8
+ if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
9
+ if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
10
+ return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
11
+ };
12
+ var _STSOAuth2Worker_clientSessionStore, _STSOAuth2Worker_cUtils, _STSOAuth2Worker_qParams, _STSOAuth2Worker_STORAGE_SESSION_KEY, _STSOAuth2Worker_aic, _STSOAuth2Worker_oauthWorkerPort, _STSOAuth2Worker_HandleAuthenticateEvent, _STSOAuth2Worker_HandleErrorEvent, _STSOAuth2Worker_LogMessage, _STSOAuth2Worker_UpdateInstrument, _STSOAuth2Worker_ProcessCommand, _STSOAuth2Worker_RestoreSession, _STSOAuth2Worker_Authorize, _STSOAuth2Worker_HandleRedirect, _STSOAuth2Worker_GetTokenFromBroker, _STSOAuth2Worker_GetToken, _STSOAuth2Worker_RefreshToken, _STSOAuth2Worker_Logout;
13
+ import Debug from "debug";
14
+ const debug = Debug(`proc:${process.pid}:stsoauth2worker.ts`);
15
+ //import 'colors'
16
+ import axios from "axios";
17
+ import { OAuth2ParameterType } from '@nsshunt/stsutils';
18
+ import CryptoUtils from './Utils/CryptoUtils';
19
+ import QueryParams from './Utils/QueryParams';
20
+ import jwt_decode from "jwt-decode";
21
+ import { ClientStorageType, ClientStorageFactory } from './stsStorage';
22
+ import { StatusCodes } from 'http-status-codes';
23
+ import { AuthorizeOptionsResponseType, AuthorizeOptionsResponseMode, OAuthGrantTypes, IOauth2ListenerCommand } from './stsoauth2types';
24
+ import { Gauge } from '@nsshunt/stsinstrumentation';
25
+ const CreateRandomString = (size = 43) => {
26
+ const randomValues = Array.from(self.crypto.getRandomValues(new Uint8Array(size)));
27
+ const b64 = window.btoa(String.fromCharCode(...randomValues));
28
+ return b64;
29
+ //return randomValues.toString('base64');
30
+ };
31
+ // STS Client SDK for SPAs
32
+ export class STSOAuth2Worker {
33
+ constructor(workerPort) {
34
+ //this.#store = app.config.globalProperties.$store;
35
+ //#storageManager = null;
36
+ _STSOAuth2Worker_clientSessionStore.set(this, null); // In memory tokens while the client is logged in
37
+ _STSOAuth2Worker_cUtils.set(this, new CryptoUtils());
38
+ _STSOAuth2Worker_qParams.set(this, new QueryParams());
39
+ _STSOAuth2Worker_STORAGE_SESSION_KEY.set(this, 'session.stsmda.com.au');
40
+ _STSOAuth2Worker_aic.set(this, null);
41
+ _STSOAuth2Worker_oauthWorkerPort.set(this, null);
42
+ // Attempt to restore a previous session using the STSBroker
43
+ /*
44
+ { parameterType: OAuth2ParameterType.CLIENT_ID, errorType: authErrorType.CLIENT_ID_MISMATCH },
45
+ { parameterType: OAuth2ParameterType.SCOPE, errorType: authErrorType.SCOPE_MISMATCH }
46
+ { parameterType: OAuth2ParameterType.REDIRECT_URI, errorType: authErrorType.REDIRECT_URI_MISMATCH },
47
+ { parameterType: OAuth2ParameterType.AUDIENCE, errorType: authErrorType.SCOPE_MISMATCH }
48
+
49
+ Successful Response
50
+ {
51
+ "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
52
+ "token_type": "Bearer",
53
+ "expires_in": 3599,
54
+ "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
55
+ "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
56
+ "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
57
+ }
58
+
59
+ Error Response
60
+ {
61
+ "error": "invalid_scope",
62
+ "error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
63
+ "error_codes": [
64
+ 70011
65
+ ],
66
+ "timestamp": "2016-01-09 02:02:12Z",
67
+ }
68
+
69
+
70
+ */
71
+ _STSOAuth2Worker_HandleAuthenticateEvent.set(this, (id_token) => {
72
+ const message = {
73
+ messageId: -1,
74
+ command: IOauth2ListenerCommand.AUTHENTICATE_EVENT
75
+ };
76
+ __classPrivateFieldGet(this, _STSOAuth2Worker_ProcessCommand, "f").call(this, message, id_token);
77
+ });
78
+ _STSOAuth2Worker_HandleErrorEvent.set(this, (error) => {
79
+ const message = {
80
+ messageId: -1,
81
+ command: IOauth2ListenerCommand.ERROR
82
+ };
83
+ __classPrivateFieldGet(this, _STSOAuth2Worker_ProcessCommand, "f").call(this, message, error);
84
+ });
85
+ _STSOAuth2Worker_LogMessage.set(this, (messageToSend) => {
86
+ const message = {
87
+ messageId: -1,
88
+ command: IOauth2ListenerCommand.LOG
89
+ };
90
+ __classPrivateFieldGet(this, _STSOAuth2Worker_ProcessCommand, "f").call(this, message, messageToSend);
91
+ });
92
+ _STSOAuth2Worker_UpdateInstrument.set(this, (instrumentName, telemetry) => {
93
+ const message = {
94
+ messageId: -1,
95
+ command: IOauth2ListenerCommand.UPDATE_INSTRUMENT
96
+ };
97
+ __classPrivateFieldGet(this, _STSOAuth2Worker_ProcessCommand, "f").call(this, message, {
98
+ instrumentName,
99
+ telemetry
100
+ });
101
+ });
102
+ this.SetupListener = () => {
103
+ __classPrivateFieldGet(this, _STSOAuth2Worker_oauthWorkerPort, "f").onmessage = async (data) => {
104
+ const auth2ListenerMessage = data.data;
105
+ switch (auth2ListenerMessage.command) {
106
+ case IOauth2ListenerCommand.RESTORE_SESSION:
107
+ __classPrivateFieldGet(this, _STSOAuth2Worker_ProcessCommand, "f").call(this, auth2ListenerMessage, await __classPrivateFieldGet(this, _STSOAuth2Worker_RestoreSession, "f").call(this));
108
+ break;
109
+ case IOauth2ListenerCommand.AUTHORIZE:
110
+ __classPrivateFieldGet(this, _STSOAuth2Worker_ProcessCommand, "f").call(this, auth2ListenerMessage, await __classPrivateFieldGet(this, _STSOAuth2Worker_Authorize, "f").call(this));
111
+ break;
112
+ case IOauth2ListenerCommand.HANDLE_REDIRECT:
113
+ __classPrivateFieldGet(this, _STSOAuth2Worker_ProcessCommand, "f").call(this, auth2ListenerMessage, await __classPrivateFieldGet(this, _STSOAuth2Worker_HandleRedirect, "f").call(this, auth2ListenerMessage.payload));
114
+ break;
115
+ case IOauth2ListenerCommand.LOGOUT:
116
+ __classPrivateFieldGet(this, _STSOAuth2Worker_ProcessCommand, "f").call(this, auth2ListenerMessage, await __classPrivateFieldGet(this, _STSOAuth2Worker_Logout, "f").call(this));
117
+ break;
118
+ default:
119
+ throw new Error(`Command: [${auth2ListenerMessage.command}'] not found.`);
120
+ }
121
+ };
122
+ };
123
+ _STSOAuth2Worker_ProcessCommand.set(this, async (auth2ListenerMessage, response) => {
124
+ const messageResponse = {
125
+ messageId: auth2ListenerMessage.messageId,
126
+ command: auth2ListenerMessage.command,
127
+ payload: response
128
+ };
129
+ debug(`STSOAuth2Worker:ProcessCommand:#oauthWorkerPort: [${JSON.stringify(__classPrivateFieldGet(this, _STSOAuth2Worker_oauthWorkerPort, "f"))}]`);
130
+ debug(this);
131
+ __classPrivateFieldGet(this, _STSOAuth2Worker_oauthWorkerPort, "f").postMessage(messageResponse);
132
+ });
133
+ _STSOAuth2Worker_RestoreSession.set(this, async () => {
134
+ //@@ attempt to get from client storage first
135
+ let restoredSessionData = null;
136
+ restoredSessionData = __classPrivateFieldGet(this, _STSOAuth2Worker_clientSessionStore, "f").get(__classPrivateFieldGet(this, _STSOAuth2Worker_STORAGE_SESSION_KEY, "f"));
137
+ if (restoredSessionData !== null) {
138
+ console.log('Session restored from client storage.');
139
+ if (__classPrivateFieldGet(this, _STSOAuth2Worker_aic, "f")) {
140
+ __classPrivateFieldGet(this, _STSOAuth2Worker_aic, "f").UpdateInstrument('m', { LogMessage: 'Session restored from client storage.' });
141
+ }
142
+ __classPrivateFieldGet(this, _STSOAuth2Worker_LogMessage, "f").call(this, 'Session restored from client storage.');
143
+ }
144
+ else {
145
+ const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/session`;
146
+ console.log('RestoreSession');
147
+ console.log(url);
148
+ if (__classPrivateFieldGet(this, _STSOAuth2Worker_aic, "f")) {
149
+ __classPrivateFieldGet(this, _STSOAuth2Worker_aic, "f").UpdateInstrument('m', { LogMessage: 'RestoreSession' });
150
+ __classPrivateFieldGet(this, _STSOAuth2Worker_aic, "f").UpdateInstrument('m', { LogMessage: url });
151
+ }
152
+ __classPrivateFieldGet(this, _STSOAuth2Worker_LogMessage, "f").call(this, 'RestoreSession.');
153
+ __classPrivateFieldGet(this, _STSOAuth2Worker_LogMessage, "f").call(this, url);
154
+ try {
155
+ const retVal = await axios({
156
+ method: "post",
157
+ url: url,
158
+ data: {
159
+ [OAuth2ParameterType.CLIENT_ID]: process.env.CLIENT_ID,
160
+ [OAuth2ParameterType.SCOPE]: process.env.SCOPE,
161
+ [OAuth2ParameterType.REDIRECT_URI]: process.env.REDIRECT_URI,
162
+ [OAuth2ParameterType.AUDIENCE]: process.env.AUDIENCE
163
+ },
164
+ withCredentials: true,
165
+ timeout: parseInt(process.env.TIMEOUT),
166
+ });
167
+ if (retVal.data.status === StatusCodes.OK) {
168
+ restoredSessionData = retVal.data.detail;
169
+ __classPrivateFieldGet(this, _STSOAuth2Worker_clientSessionStore, "f").set(__classPrivateFieldGet(this, _STSOAuth2Worker_STORAGE_SESSION_KEY, "f"), restoredSessionData);
170
+ console.log('Session restored from server side cookie.');
171
+ //this.#store.commit('stsOAuth2SDK/SessionData', restoredSessionData);
172
+ }
173
+ else {
174
+ //@@ handle error better
175
+ //this.#store.commit('stsOAuth2SDK/SessionData', null);
176
+ console.log('Could not restore previous session:-');
177
+ console.log(JSON.stringify(retVal.data));
178
+ }
179
+ }
180
+ catch (error) {
181
+ //@@ handle error better
182
+ //this.#store.commit('stsOAuth2SDK/SessionData', null);
183
+ console.log('Could not restore previous session (error state):-');
184
+ console.log(error);
185
+ console.log(JSON.stringify(error));
186
+ }
187
+ }
188
+ //@@ must only use in-memory for this ...
189
+ //this.#store.commit('stsOAuth2SDK/SessionData', restoredSessionData);
190
+ if (restoredSessionData !== null) {
191
+ __classPrivateFieldGet(this, _STSOAuth2Worker_HandleAuthenticateEvent, "f").call(this, restoredSessionData.id_token);
192
+ console.log('Refreshing tokens ...');
193
+ return __classPrivateFieldGet(this, _STSOAuth2Worker_RefreshToken, "f").call(this);
194
+ }
195
+ else {
196
+ __classPrivateFieldGet(this, _STSOAuth2Worker_HandleAuthenticateEvent, "f").call(this, null);
197
+ return false;
198
+ }
199
+ });
200
+ _STSOAuth2Worker_Authorize.set(this, async () => {
201
+ console.log('Authorize ...');
202
+ /* MS Example
203
+ --------------
204
+ https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
205
+ client_id=6731de76-14a6-49ae-97bc-6eba6914391e
206
+ &response_type=code
207
+ &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
208
+ &response_mode=query
209
+ &scope=offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read%20api%3A%2F%2F
210
+ &state=12345
211
+ &code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
212
+ &code_challenge_method=S256
213
+
214
+ Successful Response
215
+
216
+ GET http://localhost?
217
+ code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...
218
+ &state=12345
219
+
220
+ Error Response
221
+ GET http://localhost?
222
+ error=access_denied
223
+ &error_description=the+user+canceled+the+authentication
224
+
225
+ << Hybrid Flow >>
226
+
227
+ https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
228
+ client_id=6731de76-14a6-49ae-97bc-6eba6914391e
229
+ &response_type=code%20id_token
230
+ &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
231
+ &response_mode=fragment
232
+ &scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
233
+ &state=12345
234
+ &nonce=abcde
235
+ &code_challenge=YTFjNjI1OWYzMzA3MTI4ZDY2Njg5M2RkNmVjNDE5YmEyZGRhOGYyM2IzNjdmZWFhMTQ1ODg3NDcxY2Nl
236
+ &code_challenge_method=S256
237
+
238
+ Successful Response
239
+
240
+ GET https://login.microsoftonline.com/common/oauth2/nativeclient#
241
+ code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...
242
+ &id_token=eYj...
243
+ &state=12345
244
+
245
+ Notes:
246
+ The nonce is included as a claim inside the returned id_token
247
+ Ref: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
248
+ */
249
+ const client_id = process.env.CLIENT_ID;
250
+ const nonce = __classPrivateFieldGet(this, _STSOAuth2Worker_cUtils, "f").CreateRandomString();
251
+ const response_type = [AuthorizeOptionsResponseType.CODE];
252
+ const redirect_uri = process.env.REDIRECT_URI;
253
+ const response_mode = AuthorizeOptionsResponseMode.QUERY;
254
+ const scope = process.env.SCOPE;
255
+ const state = __classPrivateFieldGet(this, _STSOAuth2Worker_cUtils, "f").CreateRandomString();
256
+ const code_verifier = __classPrivateFieldGet(this, _STSOAuth2Worker_cUtils, "f").CreateRandomString();
257
+ const code_challenge = await __classPrivateFieldGet(this, _STSOAuth2Worker_cUtils, "f").DigestMessage(code_verifier);
258
+ const code_challenge_method = 'S256';
259
+ //let audience = process.env.AUDIENCE;
260
+ const authorizeOptions = {
261
+ client_id,
262
+ nonce,
263
+ response_type,
264
+ redirect_uri,
265
+ response_mode,
266
+ scope,
267
+ state,
268
+ code_challenge,
269
+ code_challenge_method
270
+ };
271
+ const url = `${process.env.AUTH_ENDPOINT}:${process.env.AUTH_PORT}${process.env.AUTH_APIROOT}?${__classPrivateFieldGet(this, _STSOAuth2Worker_qParams, "f").CreateQueryParams(authorizeOptions)}`;
272
+ console.log(url);
273
+ // Now add the code_verifier to the transaction data
274
+ authorizeOptions.code_verifier = code_verifier; //@@ Is this is the only thing required across the transaction ?
275
+ console.log(`Authorize:authorizeOptions: [${JSON.stringify(authorizeOptions)}]`);
276
+ return {
277
+ url,
278
+ authorizeOptions
279
+ };
280
+ //window.location.assign(url);
281
+ //@@ this may need to be a message back to the plugin to re-direct
282
+ //window.location.replace(url);
283
+ });
284
+ _STSOAuth2Worker_HandleRedirect.set(this, async (payload) => {
285
+ const queryVars = payload.queryVars;
286
+ const authorizeOptions = payload.authorizeOptions;
287
+ console.log('HandleRedirect');
288
+ // We have been re-direct back here from the /authorize end-point
289
+ console.log(`HandleRedirect:Query Vars: [${JSON.stringify(queryVars)}]`);
290
+ if (queryVars[OAuth2ParameterType.CODE]) {
291
+ const response = queryVars;
292
+ console.log(`authorizeOptions from transaction state: [${JSON.stringify(authorizeOptions)}]`);
293
+ const redirectState = response.state;
294
+ const authorizeOptionsState = authorizeOptions.state;
295
+ if (authorizeOptionsState.localeCompare(redirectState) === 0) {
296
+ console.log('redirected state (from queryVars) matched previously saved transaction authorizeOptions state'); // green
297
+ return await __classPrivateFieldGet(this, _STSOAuth2Worker_GetToken, "f").call(this, authorizeOptions, response);
298
+ }
299
+ else {
300
+ console.log('redirected state (from queryVars) did NOT match previously saved transaction authorizeOptions state'); // red
301
+ __classPrivateFieldGet(this, _STSOAuth2Worker_HandleErrorEvent, "f").call(this, { message: 'State un-matched' });
302
+ return false;
303
+ }
304
+ }
305
+ else if (queryVars[OAuth2ParameterType.ERROR]) {
306
+ const response = queryVars;
307
+ //@@ pass error back to parent thread (to the plugin) as a message
308
+ const error = response.error;
309
+ const errorDescription = response.error_description;
310
+ __classPrivateFieldGet(this, _STSOAuth2Worker_HandleErrorEvent, "f").call(this, { message: 'State un-matched' });
311
+ return false;
312
+ }
313
+ else {
314
+ // Invalid redirect query params
315
+ const error = 'Invalid redirect query params'; //@@ fix
316
+ const errorDescription = 'Invalid redirect query params description'; //@@ fix
317
+ __classPrivateFieldGet(this, _STSOAuth2Worker_HandleErrorEvent, "f").call(this, { message: 'State un-matched' });
318
+ return false;
319
+ }
320
+ }
321
+ /*
322
+ client_id=6731de76-14a6-49ae-97bc-6eba6914391e
323
+ &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
324
+ &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
325
+ &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
326
+ &grant_type=authorization_code
327
+ &code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong
328
+ &client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps. This secret needs to be URL-Encoded.
329
+
330
+ Successful Response
331
+ {
332
+ "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
333
+ "token_type": "Bearer",
334
+ "expires_in": 3599,
335
+ "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
336
+ "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
337
+ "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
338
+ }
339
+ */
340
+ // Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
341
+ );
342
+ /*
343
+ client_id=6731de76-14a6-49ae-97bc-6eba6914391e
344
+ &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
345
+ &code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
346
+ &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
347
+ &grant_type=authorization_code
348
+ &code_verifier=ThisIsntRandomButItNeedsToBe43CharactersLong
349
+ &client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps. This secret needs to be URL-Encoded.
350
+
351
+ Successful Response
352
+ {
353
+ "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1Q...",
354
+ "token_type": "Bearer",
355
+ "expires_in": 3599,
356
+ "scope": "https%3A%2F%2Fgraph.microsoft.com%2Fmail.read",
357
+ "refresh_token": "AwABAAAAvPM1KaPlrEqdFSBzjqfTGAMxZGUTdM0t4B4...",
358
+ "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
359
+ }
360
+ */
361
+ // Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
362
+ _STSOAuth2Worker_GetTokenFromBroker.set(this, async (authorizationCodeFlowParameters) => {
363
+ console.log("#GetTokenFromBroker");
364
+ __classPrivateFieldGet(this, _STSOAuth2Worker_clientSessionStore, "f").remove(__classPrivateFieldGet(this, _STSOAuth2Worker_STORAGE_SESSION_KEY, "f"));
365
+ const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/token`;
366
+ console.log(`#GetTokenFromBroker:url = [${url}]`);
367
+ console.log(authorizationCodeFlowParameters);
368
+ try {
369
+ const retVal = await axios({
370
+ method: "post",
371
+ url: url,
372
+ data: authorizationCodeFlowParameters,
373
+ withCredentials: true,
374
+ timeout: parseInt(process.env.TIMEOUT),
375
+ });
376
+ console.log(`retVal: ${JSON.stringify(retVal)}`);
377
+ if (retVal.status === StatusCodes.OK) {
378
+ console.log('Storing tokens...');
379
+ const tokenResponse = retVal.data;
380
+ //this.#store.commit('stsOAuth2SDK/SessionData', tokenResponse);
381
+ __classPrivateFieldGet(this, _STSOAuth2Worker_HandleAuthenticateEvent, "f").call(this, tokenResponse.id_token);
382
+ __classPrivateFieldGet(this, _STSOAuth2Worker_clientSessionStore, "f").set(__classPrivateFieldGet(this, _STSOAuth2Worker_STORAGE_SESSION_KEY, "f"), tokenResponse);
383
+ return true;
384
+ }
385
+ else if (retVal.status === StatusCodes.UNAUTHORIZED) {
386
+ console.log('NOT Storing tokens...');
387
+ console.log(retVal.status);
388
+ //this.#store.commit('stsOAuth2SDK/SessionData', null);
389
+ __classPrivateFieldGet(this, _STSOAuth2Worker_HandleAuthenticateEvent, "f").call(this, null);
390
+ const response = retVal.data;
391
+ //@@ store response in state
392
+ //@@ go to error page ??
393
+ return false;
394
+ }
395
+ else {
396
+ // General error
397
+ console.log('NOT Storing tokens...');
398
+ console.log(retVal.status);
399
+ //this.#store.commit('stsOAuth2SDK/SessionData', null);
400
+ __classPrivateFieldGet(this, _STSOAuth2Worker_HandleAuthenticateEvent, "f").call(this, null);
401
+ console.log('Could not obtain access_token from token end-point:-');
402
+ console.log(JSON.stringify(retVal.data));
403
+ //@@ store error in state to show in error page
404
+ return false;
405
+ }
406
+ }
407
+ catch (error) {
408
+ //this.#store.commit('stsOAuth2SDK/SessionData', null);
409
+ __classPrivateFieldGet(this, _STSOAuth2Worker_HandleAuthenticateEvent, "f").call(this, null);
410
+ //console.log('Could not restore previous session (error state):-');
411
+ console.log(error);
412
+ console.log(JSON.stringify(error));
413
+ //@@ store error in state to show in error page
414
+ return false;
415
+ }
416
+ }
417
+ // Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
418
+ );
419
+ // Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
420
+ _STSOAuth2Worker_GetToken.set(this, async (authorizeOptions, authorizeResponse) => {
421
+ console.log("#GetToken");
422
+ console.log(authorizeResponse);
423
+ __classPrivateFieldGet(this, _STSOAuth2Worker_clientSessionStore, "f").set(__classPrivateFieldGet(this, _STSOAuth2Worker_STORAGE_SESSION_KEY, "f"), null);
424
+ const authorizationCodeFlowParameters = {
425
+ client_id: process.env.CLIENT_ID,
426
+ scope: process.env.SCOPE,
427
+ code: authorizeResponse.code,
428
+ redirect_uri: process.env.REDIRECT_URI,
429
+ grant_type: OAuthGrantTypes.AUTHORIZATION_CODE,
430
+ code_verifier: authorizeOptions.code_verifier
431
+ };
432
+ return __classPrivateFieldGet(this, _STSOAuth2Worker_GetTokenFromBroker, "f").call(this, authorizationCodeFlowParameters);
433
+ }
434
+ /*
435
+ // Line breaks for legibility only
436
+
437
+ POST /{tenant}/oauth2/v2.0/token HTTP/1.1
438
+ Host: https://login.microsoftonline.com
439
+ Content-Type: application/x-www-form-urlencoded
440
+
441
+ client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
442
+ &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
443
+ &refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
444
+ &grant_type=refresh_token
445
+ &client_secret=sampleCredentia1s // NOTE: Only required for web apps. This secret needs to be URL-Encoded
446
+
447
+ Error Response
448
+ {
449
+ "error": "invalid_scope",
450
+ "error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
451
+ "error_codes": [
452
+ 70011
453
+ ],
454
+ "timestamp": "2016-01-09 02:02:12Z",
455
+ "trace_id": "255d1aef-8c98-452f-ac51-23d051240864",
456
+ "correlation_id": "fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7"
457
+ }
458
+ */
459
+ );
460
+ /*
461
+ // Line breaks for legibility only
462
+
463
+ POST /{tenant}/oauth2/v2.0/token HTTP/1.1
464
+ Host: https://login.microsoftonline.com
465
+ Content-Type: application/x-www-form-urlencoded
466
+
467
+ client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
468
+ &scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
469
+ &refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
470
+ &grant_type=refresh_token
471
+ &client_secret=sampleCredentia1s // NOTE: Only required for web apps. This secret needs to be URL-Encoded
472
+
473
+ Error Response
474
+ {
475
+ "error": "invalid_scope",
476
+ "error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope https://foo.microsoft.com/mail.read is not valid.\r\nTrace ID: 255d1aef-8c98-452f-ac51-23d051240864\r\nCorrelation ID: fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7\r\nTimestamp: 2016-01-09 02:02:12Z",
477
+ "error_codes": [
478
+ 70011
479
+ ],
480
+ "timestamp": "2016-01-09 02:02:12Z",
481
+ "trace_id": "255d1aef-8c98-452f-ac51-23d051240864",
482
+ "correlation_id": "fb3d2015-bc17-4bb9-bb85-30c5cf1aaaa7"
483
+ }
484
+ */
485
+ _STSOAuth2Worker_RefreshToken.set(this, async () => {
486
+ // Get access_token, refresh_token and id_token using OAuth2 Authorization Code Flow
487
+ console.log("RefreshToken");
488
+ //let currentSessionData = this.#store.getters['stsOAuth2SDK/SessionData'];
489
+ const currentSessionData = __classPrivateFieldGet(this, _STSOAuth2Worker_clientSessionStore, "f").get(__classPrivateFieldGet(this, _STSOAuth2Worker_STORAGE_SESSION_KEY, "f"));
490
+ if (currentSessionData) {
491
+ const refreshFlowParameters = {
492
+ client_id: process.env.CLIENT_ID,
493
+ scope: process.env.SCOPE,
494
+ refresh_token: currentSessionData.refresh_token,
495
+ grant_type: OAuthGrantTypes.REFRESH_TOKEN
496
+ };
497
+ return __classPrivateFieldGet(this, _STSOAuth2Worker_GetTokenFromBroker, "f").call(this, refreshFlowParameters);
498
+ }
499
+ else {
500
+ // show error
501
+ //@@ no valid session exists for refresh
502
+ return false;
503
+ }
504
+ }
505
+ // call broker to logout
506
+ // broker to logout of server
507
+ // delete cookie
508
+ // clear session storage
509
+ // clear all state from $store
510
+ );
511
+ // call broker to logout
512
+ // broker to logout of server
513
+ // delete cookie
514
+ // clear session storage
515
+ // clear all state from $store
516
+ _STSOAuth2Worker_Logout.set(this, async () => {
517
+ console.log('Logout');
518
+ const url = `${process.env.BROKER_ENDPOINT}:${process.env.BROKER_PORT}${process.env.BROKER_API_ROOT}/logout`;
519
+ console.log(url);
520
+ const currentSessionData = __classPrivateFieldGet(this, _STSOAuth2Worker_clientSessionStore, "f").get(__classPrivateFieldGet(this, _STSOAuth2Worker_STORAGE_SESSION_KEY, "f"));
521
+ const refresh_token = currentSessionData.refresh_token;
522
+ console.log(refresh_token);
523
+ const decodedRefreshToken = jwt_decode(refresh_token);
524
+ console.log(decodedRefreshToken);
525
+ const sessionId = decodedRefreshToken.sts_session;
526
+ console.log(sessionId);
527
+ __classPrivateFieldGet(this, _STSOAuth2Worker_clientSessionStore, "f").remove(__classPrivateFieldGet(this, _STSOAuth2Worker_STORAGE_SESSION_KEY, "f"));
528
+ //this.#store.commit('stsOAuth2SDK/SessionData', null);
529
+ __classPrivateFieldGet(this, _STSOAuth2Worker_HandleAuthenticateEvent, "f").call(this, null);
530
+ try {
531
+ const retVal = await axios({
532
+ method: "post",
533
+ url: url,
534
+ data: {
535
+ sessionId
536
+ },
537
+ withCredentials: true,
538
+ timeout: parseInt(process.env.TIMEOUT),
539
+ });
540
+ if (retVal.data.status === StatusCodes.OK) {
541
+ return true;
542
+ }
543
+ else {
544
+ console.log('Error during logout (server side)');
545
+ console.log(JSON.stringify(retVal.data));
546
+ return false;
547
+ }
548
+ }
549
+ catch (error) {
550
+ console.log('Error during logout (server side)');
551
+ console.log(error);
552
+ console.log(JSON.stringify(error));
553
+ return false;
554
+ }
555
+ });
556
+ // In memory storage for OAuth2 tokens for our valid session
557
+ __classPrivateFieldSet(this, _STSOAuth2Worker_clientSessionStore, new ClientStorageFactory({ clientStorageType: ClientStorageType.MEMORY_STORAGE }).GetStorage(), "f");
558
+ //@@ needs to be sent the instrument manager controller port
559
+ //@@this.#aic = app.config.globalProperties.$sts.aic.PrimaryPublishInstrumentController;
560
+ //this.#handleAuthenticateEvent = handleAuthenticateEvent;
561
+ __classPrivateFieldSet(this, _STSOAuth2Worker_oauthWorkerPort, workerPort, "f");
562
+ debug(`STSOAuth2Worker:constructor:#oauthWorkerPort: [${JSON.stringify(__classPrivateFieldGet(this, _STSOAuth2Worker_oauthWorkerPort, "f"))}]`);
563
+ this.SetupListener();
564
+ setInterval(() => {
565
+ __classPrivateFieldGet(this, _STSOAuth2Worker_UpdateInstrument, "f").call(this, Gauge.LOGGER, {
566
+ LogMessage: `--> [${Date.now().toString()}] <--`
567
+ });
568
+ __classPrivateFieldGet(this, _STSOAuth2Worker_UpdateInstrument, "f").call(this, Gauge.REQUEST_COUNT_GAUGE, {
569
+ Inc: 1
570
+ });
571
+ __classPrivateFieldGet(this, _STSOAuth2Worker_UpdateInstrument, "f").call(this, Gauge.AUTHENTICATION_COUNT_GAUGE, {
572
+ Inc: 1
573
+ });
574
+ }, 1000);
575
+ }
576
+ }
577
+ _STSOAuth2Worker_clientSessionStore = new WeakMap(), _STSOAuth2Worker_cUtils = new WeakMap(), _STSOAuth2Worker_qParams = new WeakMap(), _STSOAuth2Worker_STORAGE_SESSION_KEY = new WeakMap(), _STSOAuth2Worker_aic = new WeakMap(), _STSOAuth2Worker_oauthWorkerPort = new WeakMap(), _STSOAuth2Worker_HandleAuthenticateEvent = new WeakMap(), _STSOAuth2Worker_HandleErrorEvent = new WeakMap(), _STSOAuth2Worker_LogMessage = new WeakMap(), _STSOAuth2Worker_UpdateInstrument = new WeakMap(), _STSOAuth2Worker_ProcessCommand = new WeakMap(), _STSOAuth2Worker_RestoreSession = new WeakMap(), _STSOAuth2Worker_Authorize = new WeakMap(), _STSOAuth2Worker_HandleRedirect = new WeakMap(), _STSOAuth2Worker_GetTokenFromBroker = new WeakMap(), _STSOAuth2Worker_GetToken = new WeakMap(), _STSOAuth2Worker_RefreshToken = new WeakMap(), _STSOAuth2Worker_Logout = new WeakMap();
578
+ /*
579
+ let oAuth2Worker: STSOAuth2Worker = null;
580
+
581
+ onmessage = async function(data: MessageEvent)
582
+ {
583
+ const workerPort = data.data as MessagePort;
584
+ oAuth2Worker = new STSOAuth2Worker(workerPort);
585
+ }
586
+ */
587
+ //# sourceMappingURL=stsoauth2worker.js.map
package/dist/stsoauth2worker.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"stsoauth2worker.js","sourceRoot":"","sources":["../src/stsoauth2worker.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,OAAO,CAAC,GAAG,qBAAqB,CAAC,CAAC;AAE9D,iBAAiB;AAEjB,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAc,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAEpE,OAAO,WAAW,MAAM,qBAAqB,CAAA;AAC7C,OAAO,WAAW,MAAM,qBAAqB,CAAA;AAE7C,OAAO,UAAU,MAAM,YAAY,CAAA;AAEnC,OAAO,EAAe,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAA;AAEnF,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,4BAA4B,EAAE,4BAA4B,EACmC,eAAe,EAC5F,sBAAsB,EAAkC,MAAM,kBAAkB,CAAA;AAEzG,OAAO,EAAE,KAAK,EAA6E,MAAM,6BAA6B,CAAA;AAE9H,MAAM,kBAAkB,GAAG,CAAC,IAAI,GAAG,EAAE,EAAE,EAAE;IACxC,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAClF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC;IAC9D,OAAO,GAAG,CAAC;IACX,yCAAyC;AAC1C,CAAC,CAAA;AAED,0BAA0B;AAC1B,MAAM,OAAO,eAAe;IAS3B,YAAY,UAAuB;QAClC,mDAAmD;QATpD,yBAAyB;QACzB,8CAAmD,IAAI,EAAC,CAAC,iDAAiD;QAC1G,kCAAU,IAAI,WAAW,EAAE,EAAC;QAC5B,mCAAW,IAAI,WAAW,EAAE,EAAC;QAC7B,+CAAuB,uBAAuB,EAAC;QAC/C,+BAAO,IAAI,EAAC;QACZ,2CAAgC,IAAI,EAAC;QAkCrC,4DAA4D;QAC5D;;;;;;;;;;;;;;;;;;;;;;;;;;;UA2BK;QAEL,mDAA2B,CAAC,QAAgB,EAAE,EAAE;YAC/C,MAAM,OAAO,GAA2B;gBACvC,SAAS,EAAE,CAAC,CAAC;gBACb,OAAO,EAAE,sBAAsB,CAAC,kBAAkB;aAClD,CAAA;YACD,uBAAA,IAAI,uCAAgB,MAApB,IAAI,EAAiB,OAAO,EAAE,QAAQ,CAAC,CAAC;QACzC,CAAC,EAAA;QAED,4CAAoB,CAAC,KAAU,EAAE,EAAE;YAClC,MAAM,OAAO,GAA2B;gBACvC,SAAS,EAAE,CAAC,CAAC;gBACb,OAAO,EAAE,sBAAsB,CAAC,KAAK;aACrC,CAAA;YACD,uBAAA,IAAI,uCAAgB,MAApB,IAAI,EAAiB,OAAO,EAAE,KAAK,CAAC,CAAC;QACtC,CAAC,EAAA;QAED,sCAAc,CAAC,aAAqB,EAAE,EAAE;YACvC,MAAM,OAAO,GAA2B;gBACvC,SAAS,EAAE,CAAC,CAAC;gBACb,OAAO,EAAE,sBAAsB,CAAC,GAAG;aACnC,CAAA;YACD,uBAAA,IAAI,uCAAgB,MAApB,IAAI,EAAiB,OAAO,EAAE,aAAa,CAAC,CAAC;QAC9C,CAAC,EAAA;QAED,4CAAoB,CAAC,cAAqB,EAAE,SAAkC,EAAQ,EAAE;YACvF,MAAM,OAAO,GAA2B;gBACvC,SAAS,EAAE,CAAC,CAAC;gBACb,OAAO,EAAE,sBAAsB,CAAC,iBAAiB;aACjD,CAAA;YACD,uBAAA,IAAI,uCAAgB,MAApB,IAAI,EAAiB,OAAO,EAAE;gBAC7B,cAAc;gBACd,SAAS;aACT,CAAC,CAAC;QACJ,CAAC,EAAA;QAED,kBAAa,GAAG,GAAG,EAAE;YACpB,uBAAA,IAAI,wCAAiB,CAAC,SAAS,GAAG,KAAK,EAAE,IAAkB,EAAE,EAAE;gBAC9D,MAAM,oBAAoB,GAA2B,IAAI,CAAC,IAA8B,CAAC;gBACzF,QAAQ,oBAAoB,CAAC,OAAO,EAAE;oBACtC,KAAK,sBAAsB,CAAC,eAAe;wBAC1C,uBAAA,IAAI,uCAAgB,MAApB,IAAI,EAAiB,oBAAoB,EAAE,MAAM,uBAAA,IAAI,uCAAgB,MAApB,IAAI,CAAkB,CAAC,CAAC;wBACzE,MAAM;oBACP,KAAK,sBAAsB,CAAC,SAAS;wBACpC,uBAAA,IAAI,uCAAgB,MAApB,IAAI,EAAiB,oBAAoB,EAAE,MAAM,uBAAA,IAAI,kCAAW,MAAf,IAAI,CAAa,CAAC,CAAC;wBACpE,MAAM;oBACP,KAAK,sBAAsB,CAAC,eAAe;wBAC1C,uBAAA,IAAI,uCAAgB,MAApB,IAAI,EAAiB,oBAAoB,EAAE,MAAM,uBAAA,IAAI,uCAAgB,MAApB,IAAI,EAAiB,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC;wBACrG,MAAM;oBACP,KAAK,sBAAsB,CAAC,MAAM;wBACjC,uBAAA,IAAI,uCAAgB,MAApB,IAAI,EAAiB,oBAAoB,EAAE,MAAM,uBAAA,IAAI,+BAAQ,MAAZ,IAAI,CAAU,CAAC,CAAC;wBACjE,MAAM;oBACP;wBACC,MAAM,IAAI,KAAK,CAAC,aAAa,oBAAoB,CAAC,OAAO,eAAe,CAAC,CAAC;iBAC1E;YACF,CAAC,CAAA;QACF,CAAC,CAAA;QAED,0CAAkB,KAAK,EAAE,oBAA4C,EAAE,QAAa,EAAE,EAAE;YACvF,MAAM,eAAe,GAAmC;gBACvD,SAAS,EAAE,oBAAoB,CAAC,SAAS;gBACzC,OAAO,EAAE,oBAAoB,CAAC,OAAO;gBACrC,OAAO,EAAE,QAAQ;aACjB,CAAA;YAED,KAAK,CAAC,qDAAqD,IAAI,CAAC,SAAS,CAAC,uBAAA,IAAI,wCAAiB,CAAC,GAAG,CAAC,CAAC;YACrG,KAAK,CAAC,IAAI,CAAC,CAAC;YAEZ,uBAAA,IAAI,wCAAiB,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC;QACpD,CAAC,EAAA;QAED,0CAAkB,KAAK,IAAsB,EAAE;YAC9C,6CAA6C;YAE7C,IAAI,mBAAmB,GAAmB,IAAI,CAAC;YAC/C,mBAAmB,GAAG,uBAAA,IAAI,2CAAoB,CAAC,GAAG,CAAC,uBAAA,IAAI,4CAAqB,CAAC,CAAC;YAC9E,IAAI,mBAAmB,KAAK,IAAI,EAAE;gBACjC,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBACrD,IAAI,uBAAA,IAAI,4BAAK,EAAE;oBACd,uBAAA,IAAI,4BAAK,CAAC,gBAAgB,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,uCAAuC,EAAE,CAAC,CAAC;iBACzF;gBACD,uBAAA,IAAI,mCAAY,MAAhB,IAAI,EAAa,uCAAuC,CAAC,CAAA;aACzD;iBAAM;gBACN,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,UAAU,CAAC;gBAC9G,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBAC9B,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACjB,IAAI,uBAAA,IAAI,4BAAK,EAAE;oBACd,uBAAA,IAAI,4BAAK,CAAC,gBAAgB,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,gBAAgB,EAAE,CAAC,CAAC;oBAClE,uBAAA,IAAI,4BAAK,CAAC,gBAAgB,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;iBACrD;gBACD,uBAAA,IAAI,mCAAY,MAAhB,IAAI,EAAa,iBAAiB,CAAC,CAAC;gBACpC,uBAAA,IAAI,mCAAY,MAAhB,IAAI,EAAa,GAAG,CAAC,CAAC;gBACtB,IAAI;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC;wBAC1B,MAAM,EAAE,MAAM;wBACd,GAAG,EAAE,GAAG;wBACR,IAAI,EAAE;4BACL,CAAC,mBAAmB,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS;4BACtD,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,KAAK;4BAC9C,CAAC,mBAAmB,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;4BAC5D,CAAC,mBAAmB,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ;yBACpD;wBACD,eAAe,EAAE,IAAI;wBACrB,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;qBACtC,CAAC,CAAC;oBACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,WAAW,CAAC,EAAE,EAAE;wBAC1C,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;wBACzC,uBAAA,IAAI,2CAAoB,CAAC,GAAG,CAAC,uBAAA,IAAI,4CAAqB,EAAE,mBAAmB,CAAC,CAAC;wBAC7E,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;wBACzD,sEAAsE;qBACtE;yBAAM;wBACN,wBAAwB;wBACxB,uDAAuD;wBACvD,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;wBACpD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;qBACzC;iBACD;gBAAC,OAAO,KAAK,EAAE;oBACf,wBAAwB;oBACxB,uDAAuD;oBACvD,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;oBAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBACnB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;iBACnC;aACD;YAED,yCAAyC;YACzC,sEAAsE;YACtE,IAAI,mBAAmB,KAAK,IAAI,EAAE;gBACjC,uBAAA,IAAI,gDAAyB,MAA7B,IAAI,EAA0B,mBAAmB,CAAC,QAAQ,CAAC,CAAC;gBAC5D,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACrC,OAAO,uBAAA,IAAI,qCAAc,MAAlB,IAAI,CAAgB,CAAC;aAC5B;iBAAM;gBACN,uBAAA,IAAI,gDAAyB,MAA7B,IAAI,EAA0B,IAAI,CAAC,CAAC;gBACpC,OAAO,KAAK,CAAC;aACb;QACF,CAAC,EAAA;QAED,qCAAa,KAAK,IAAyB,EAAE;YAC5C,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAE7B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA8CQ;YAER,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;YACxC,MAAM,KAAK,GAAG,uBAAA,IAAI,+BAAQ,CAAC,kBAAkB,EAAE,CAAC;YAChD,MAAM,aAAa,GAAG,CAAE,4BAA4B,CAAC,IAAI,CAAE,CAAA;YAC3D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;YAC9C,MAAM,aAAa,GAAG,4BAA4B,CAAC,KAAK,CAAA;YACxD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC;YAChC,MAAM,KAAK,GAAG,uBAAA,IAAI,+BAAQ,CAAC,kBAAkB,EAAE,CAAC;YAChD,MAAM,aAAa,GAAG,uBAAA,IAAI,+BAAQ,CAAC,kBAAkB,EAAE,CAAC;YACxD,MAAM,cAAc,GAAG,MAAM,uBAAA,IAAI,+BAAQ,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;YACvE,MAAM,qBAAqB,GAAG,MAAM,CAAC;YACrC,sCAAsC;YAEtC,MAAM,gBAAgB,GAAsB;gBAC3C,SAAS;gBACT,KAAK;gBACL,aAAa;gBACb,YAAY;gBACZ,aAAa;gBACb,KAAK;gBACL,KAAK;gBACL,cAAc;gBACd,qBAAqB;aACrB,CAAA;YAED,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,uBAAA,IAAI,gCAAS,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAEpJ,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEjB,oDAAoD;YACpD,gBAAgB,CAAC,aAAa,GAAG,aAAa,CAAC,CAAC,gEAAgE;YAEhH,OAAO,CAAC,GAAG,CAAC,gCAAgC,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;YAEjF,OAAO;gBACN,GAAG;gBACH,gBAAgB;aAChB,CAAA;YACD,8BAA8B;YAC9B,kEAAkE;YAClE,+BAA+B;QAChC,CAAC,EAAA;QAED,0CAAkB,KAAK,EAAE,OAAY,EAAoB,EAAE;YAC1D,MAAM,SAAS,GAAiD,OAAO,CAAC,SAAS,CAAC;YAClF,MAAM,gBAAgB,GAAsB,OAAO,CAAC,gBAAgB,CAAA;YAEpE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YAC9B,iEAAiE;YACjE,OAAO,CAAC,GAAG,CAAC,+BAA+B,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YAEzE,IAAI,SAAS,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE;gBACxC,MAAM,QAAQ,GAAuB,SAA+B,CAAC;gBAErE,OAAO,CAAC,GAAG,CAAC,6CAA6C,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;gBAE9F,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC;gBACrC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,KAAK,CAAC;gBAErD,IAAI,qBAAqB,CAAC,aAAa,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE;oBAC7D,OAAO,CAAC,GAAG,CAAC,+FAA+F,CAAC,CAAC,CAAC,QAAQ;oBAEtH,OAAO,MAAM,uBAAA,IAAI,iCAAU,MAAd,IAAI,EAAW,gBAAgB,EAAE,QAAQ,CAAC,CAAC;iBACxD;qBAAM;oBACN,OAAO,CAAC,GAAG,CAAC,qGAAqG,CAAC,CAAC,CAAC,MAAM;oBAC1H,uBAAA,IAAI,yCAAkB,MAAtB,IAAI,EAAmB,EAAC,OAAO,EAAE,kBAAkB,EAAC,CAAC,CAAC;oBACtD,OAAO,KAAK,CAAC;iBACb;aACD;iBAAM,IAAI,SAAS,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE;gBAChD,MAAM,QAAQ,GAA4B,SAAoC,CAAC;gBAC/E,kEAAkE;gBAClE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;gBAC7B,MAAM,gBAAgB,GAAG,QAAQ,CAAC,iBAAiB,CAAC;gBACpD,uBAAA,IAAI,yCAAkB,MAAtB,IAAI,EAAmB,EAAC,OAAO,EAAE,kBAAkB,EAAC,CAAC,CAAC;gBACtD,OAAO,KAAK,CAAC;aACb;iBAAM;gBACN,gCAAgC;gBAChC,MAAM,KAAK,GAAG,+BAA+B,CAAC,CAAC,QAAQ;gBACvD,MAAM,gBAAgB,GAAG,2CAA2C,CAAC,CAAC,QAAQ;gBAC9E,uBAAA,IAAI,yCAAkB,MAAtB,IAAI,EAAmB,EAAC,OAAO,EAAE,kBAAkB,EAAC,CAAC,CAAC;gBACtD,OAAO,KAAK,CAAC;aACb;QACF,CAAC;QAED;;;;;;;;;;;;;;;;;;UAkBK;QAEL,oFAAoF;UAtBnF;QAED;;;;;;;;;;;;;;;;;;UAkBK;QAEL,oFAAoF;QACpF,8CAAsB,KAAK,EAAE,+BAA0F,EAAoB,EAAE;YAC5I,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;YAEnC,uBAAA,IAAI,2CAAoB,CAAC,MAAM,CAAC,uBAAA,IAAI,4CAAqB,CAAC,CAAC;YAE3D,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,QAAQ,CAAC;YAC5G,OAAO,CAAC,GAAG,CAAC,8BAA8B,GAAG,GAAG,CAAC,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;YAE7C,IAAI;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC;oBAC1B,MAAM,EAAE,MAAM;oBACd,GAAG,EAAE,GAAG;oBACR,IAAI,EAAE,+BAA+B;oBACrC,eAAe,EAAE,IAAI;oBACrB,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;iBACtC,CAAC,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAEjD,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,CAAC,EAAE,EAAE;oBACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;oBACjC,MAAM,aAAa,GAAmB,MAAM,CAAC,IAAsB,CAAC;oBACpE,gEAAgE;oBAChE,uBAAA,IAAI,gDAAyB,MAA7B,IAAI,EAA0B,aAAa,CAAC,QAAQ,CAAC,CAAC;oBACtD,uBAAA,IAAI,2CAAoB,CAAC,GAAG,CAAC,uBAAA,IAAI,4CAAqB,EAAE,aAAa,CAAC,CAAC;oBACvE,OAAO,IAAI,CAAC;iBACZ;qBAAM,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,CAAC,YAAY,EAAE;oBACtD,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;oBACrC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;oBAE3B,uDAAuD;oBACvD,uBAAA,IAAI,gDAAyB,MAA7B,IAAI,EAA0B,IAAI,CAAC,CAAC;oBAEpC,MAAM,QAAQ,GAAwB,MAAM,CAAC,IAA2B,CAAC;oBAEzE,4BAA4B;oBAC5B,wBAAwB;oBACxB,OAAO,KAAK,CAAC;iBAEb;qBAAM;oBACN,gBAAgB;oBAChB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;oBACrC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;oBAE3B,uDAAuD;oBACvD,uBAAA,IAAI,gDAAyB,MAA7B,IAAI,EAA0B,IAAI,CAAC,CAAC;oBAEpC,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;oBACpE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;oBACzC,+CAA+C;oBAC/C,OAAO,KAAK,CAAC;iBACb;aACD;YAAC,OAAO,KAAK,EAAE;gBACf,uDAAuD;gBACvD,uBAAA,IAAI,gDAAyB,MAA7B,IAAI,EAA0B,IAAI,CAAC,CAAC;gBACpC,oEAAoE;gBACpE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;gBAEnC,+CAA+C;gBAE/C,OAAO,KAAK,CAAC;aACb;QACF,CAAC;QAED,oFAAoF;UAFnF;QAED,oFAAoF;QACpF,oCAAY,KAAK,EAAE,gBAAmC,EAAE,iBAAqC,EAAoB,EAAE;YAClH,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YAE/B,uBAAA,IAAI,2CAAoB,CAAC,GAAG,CAAC,uBAAA,IAAI,4CAAqB,EAAE,IAAI,CAAC,CAAC;YAE9D,MAAM,+BAA+B,GAAqC;gBACzE,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS;gBAChC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,KAAK;gBACxB,IAAI,EAAE,iBAAiB,CAAC,IAAI;gBAC5B,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;gBACtC,UAAU,EAAE,eAAe,CAAC,kBAAkB;gBAC9C,aAAa,EAAE,gBAAgB,CAAC,aAAa;aAC7C,CAAA;YAED,OAAO,uBAAA,IAAI,2CAAoB,MAAxB,IAAI,EAAqB,+BAA+B,CAAC,CAAC;QAClE,CAAC;QAED;;;;;;;;;;;;;;;;;;;;;;;;MAwBC;UA1BA;QAED;;;;;;;;;;;;;;;;;;;;;;;;MAwBC;QAED,wCAAgB,KAAK,IAAsB,EAAE;YAC5C,oFAAoF;YACpF,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAE5B,2EAA2E;YAC3E,MAAM,kBAAkB,GAAmB,uBAAA,IAAI,2CAAoB,CAAC,GAAG,CAAC,uBAAA,IAAI,4CAAqB,CAAC,CAAC;YACnG,IAAI,kBAAkB,EAAE;gBACvB,MAAM,qBAAqB,GAA2B;oBACrD,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,SAAS;oBAChC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,KAAK;oBACxB,aAAa,EAAE,kBAAkB,CAAC,aAAa;oBAC/C,UAAU,EAAE,eAAe,CAAC,aAAa;iBACzC,CAAA;gBAED,OAAO,uBAAA,IAAI,2CAAoB,MAAxB,IAAI,EAAqB,qBAAqB,CAAC,CAAC;aACvD;iBAAM;gBACN,aAAa;gBACb,wCAAwC;gBACxC,OAAO,KAAK,CAAC;aACb;QACF,CAAC;QAED,wBAAwB;QACxB,6BAA6B;QAC7B,gBAAgB;QAChB,wBAAwB;QACxB,8BAA8B;UAN7B;QAED,wBAAwB;QACxB,6BAA6B;QAC7B,gBAAgB;QAChB,wBAAwB;QACxB,8BAA8B;QAC9B,kCAAU,KAAK,IAAsB,EAAE;YACtC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACtB,MAAM,GAAG,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,SAAS,CAAC;YAC7G,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEjB,MAAM,kBAAkB,GAAmB,uBAAA,IAAI,2CAAoB,CAAC,GAAG,CAAC,uBAAA,IAAI,4CAAqB,CAAC,CAAC;YACnG,MAAM,aAAa,GAAG,kBAAkB,CAAC,aAAa,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAE3B,MAAM,mBAAmB,GAAe,UAAU,CAAa,aAAa,CAAC,CAAC;YAC9E,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;YACjC,MAAM,SAAS,GAAG,mBAAmB,CAAC,WAAW,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAEvB,uBAAA,IAAI,2CAAoB,CAAC,MAAM,CAAC,uBAAA,IAAI,4CAAqB,CAAC,CAAC;YAC3D,uDAAuD;YACvD,uBAAA,IAAI,gDAAyB,MAA7B,IAAI,EAA0B,IAAI,CAAC,CAAC;YAEpC,IAAI;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC;oBAC1B,MAAM,EAAE,MAAM;oBACd,GAAG,EAAE,GAAG;oBACR,IAAI,EAAE;wBACL,SAAS;qBACT;oBACD,eAAe,EAAE,IAAI;oBACrB,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;iBACtC,CAAC,CAAC;gBACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,WAAW,CAAC,EAAE,EAAE;oBAC1C,OAAO,IAAI,CAAC;iBACZ;qBAAM;oBACN,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;oBACjD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;oBACzC,OAAO,KAAK,CAAC;iBACb;aACD;YAAC,OAAO,KAAK,EAAE;gBACf,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;gBACnC,OAAO,KAAK,CAAC;aACb;QACF,CAAC,EAAA;QAhhBA,4DAA4D;QAC5D,uBAAA,IAAI,uCAAuB,IAAI,oBAAoB,CAAiB,EAAC,iBAAiB,EAAE,iBAAiB,CAAC,cAAc,EAAC,CAAC,CAAC,UAAU,EAAE,MAAA,CAAC;QAExI,4DAA4D;QAC5D,wFAAwF;QAExF,0DAA0D;QAE1D,uBAAA,IAAI,oCAAoB,UAAU,MAAA,CAAC;QAEnC,KAAK,CAAC,kDAAkD,IAAI,CAAC,SAAS,CAAC,uBAAA,IAAI,wCAAiB,CAAC,GAAG,CAAC,CAAC;QAElG,IAAI,CAAC,aAAa,EAAE,CAAC;QAErB,WAAW,CAAC,GAAG,EAAE;YAChB,uBAAA,IAAI,yCAAkB,MAAtB,IAAI,EAAmB,KAAK,CAAC,MAAM,EAAE;gBACpC,UAAU,EAAE,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,OAAO;aACtB,CAAC,CAAC;YAE7B,uBAAA,IAAI,yCAAkB,MAAtB,IAAI,EAAmB,KAAK,CAAC,mBAAmB,EAAE;gBACjD,GAAG,EAAE,CAAC;aACsB,CAAC,CAAC;YAE/B,uBAAA,IAAI,yCAAkB,MAAtB,IAAI,EAAmB,KAAK,CAAC,0BAA0B,EAAE;gBACxD,GAAG,EAAE,CAAC;aACsB,CAAC,CAAC;QAChC,CAAC,EAAE,IAAI,CAAC,CAAC;IACV,CAAC;CAsfD;;AACD;;;;;;;;EAQE"}