@opentdf/sdk 0.13.0-beta.122 → 0.13.0-beta.123
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +60 -10
- package/dist/cjs/src/access/access-rpc.js +6 -5
- package/dist/cjs/src/access.js +18 -5
- package/dist/cjs/src/auth/interceptors.js +186 -0
- package/dist/cjs/src/index.js +6 -2
- package/dist/cjs/src/opentdf.js +40 -32
- package/dist/cjs/src/platform.js +3 -46
- package/dist/cjs/src/policy/api.js +9 -5
- package/dist/cjs/src/policy/discovery.js +10 -9
- package/dist/cjs/tdf3/src/client/index.js +35 -17
- package/dist/cjs/tdf3/src/tdf.js +8 -7
- package/dist/types/src/access/access-rpc.d.ts +3 -3
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +3 -3
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/interceptors.d.ts +99 -0
- package/dist/types/src/auth/interceptors.d.ts.map +1 -0
- package/dist/types/src/index.d.ts +1 -0
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +18 -15
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/platform.d.ts +6 -3
- package/dist/types/src/platform.d.ts.map +1 -1
- package/dist/types/src/policy/api.d.ts +3 -3
- package/dist/types/src/policy/api.d.ts.map +1 -1
- package/dist/types/src/policy/discovery.d.ts +5 -5
- package/dist/types/src/policy/discovery.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +10 -1
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +5 -2
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/web/src/access/access-rpc.js +6 -5
- package/dist/web/src/access.js +18 -5
- package/dist/web/src/auth/interceptors.js +142 -0
- package/dist/web/src/index.js +2 -1
- package/dist/web/src/opentdf.js +40 -32
- package/dist/web/src/platform.js +3 -46
- package/dist/web/src/policy/api.js +9 -5
- package/dist/web/src/policy/discovery.js +10 -9
- package/dist/web/tdf3/src/client/index.js +35 -17
- package/dist/web/tdf3/src/tdf.js +8 -7
- package/package.json +1 -1
- package/src/access/access-rpc.ts +5 -5
- package/src/access.ts +29 -13
- package/src/auth/interceptors.ts +197 -0
- package/src/index.ts +10 -0
- package/src/opentdf.ts +54 -34
- package/src/platform.ts +8 -52
- package/src/policy/api.ts +8 -5
- package/src/policy/discovery.ts +9 -9
- package/tdf3/src/client/index.ts +46 -17
- package/tdf3/src/tdf.ts +14 -11
package/README.md
CHANGED
|
@@ -4,19 +4,15 @@ This project presents client code to write and read OpenTDF data formats.
|
|
|
4
4
|
|
|
5
5
|
## Usage
|
|
6
6
|
|
|
7
|
-
|
|
8
|
-
import { AuthProviders, OpenTDF } from '@opentdf/sdk';
|
|
7
|
+
### With Interceptors (Recommended)
|
|
9
8
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
refreshToken: refreshToken,
|
|
15
|
-
oidcOrigin: 'https://keycloak.example.com/auth/realms/my-realm',
|
|
16
|
-
});
|
|
9
|
+
Use interceptors to provide authentication. The SDK does not manage tokens — you bring your own auth.
|
|
10
|
+
|
|
11
|
+
```typescript
|
|
12
|
+
import { authTokenInterceptor, OpenTDF } from '@opentdf/sdk';
|
|
17
13
|
|
|
18
14
|
const client = new OpenTDF({
|
|
19
|
-
|
|
15
|
+
interceptors: [authTokenInterceptor(() => myAuth.getAccessToken())],
|
|
20
16
|
platformUrl: 'https://platform.example.com',
|
|
21
17
|
});
|
|
22
18
|
|
|
@@ -33,3 +29,57 @@ const plainText = await client.read({
|
|
|
33
29
|
});
|
|
34
30
|
console.log(await new Response(plainText).text()); // "hello, world"
|
|
35
31
|
```
|
|
32
|
+
|
|
33
|
+
The `authTokenInterceptor` takes a function that returns an access token. Your auth library handles token refresh, caching, etc.
|
|
34
|
+
|
|
35
|
+
For DPoP-bound tokens, use `authTokenDPoPInterceptor`:
|
|
36
|
+
|
|
37
|
+
```typescript
|
|
38
|
+
import { authTokenDPoPInterceptor, OpenTDF } from '@opentdf/sdk';
|
|
39
|
+
|
|
40
|
+
const dpopInterceptor = authTokenDPoPInterceptor({
|
|
41
|
+
tokenProvider: () => myAuth.getAccessToken(),
|
|
42
|
+
});
|
|
43
|
+
|
|
44
|
+
const client = new OpenTDF({
|
|
45
|
+
interceptors: [dpopInterceptor],
|
|
46
|
+
dpopKeys: dpopInterceptor.dpopKeys,
|
|
47
|
+
platformUrl: 'https://platform.example.com',
|
|
48
|
+
});
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
You can also write your own interceptor for full control over request headers:
|
|
52
|
+
|
|
53
|
+
```typescript
|
|
54
|
+
import { type Interceptor } from '@connectrpc/connect';
|
|
55
|
+
|
|
56
|
+
const myInterceptor: Interceptor = (next) => async (req) => {
|
|
57
|
+
req.header.set('Authorization', `Bearer ${await getToken()}`);
|
|
58
|
+
req.header.set('X-Custom-Header', 'value');
|
|
59
|
+
return next(req);
|
|
60
|
+
};
|
|
61
|
+
|
|
62
|
+
const client = new OpenTDF({
|
|
63
|
+
interceptors: [myInterceptor],
|
|
64
|
+
platformUrl: 'https://platform.example.com',
|
|
65
|
+
});
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
### With AuthProvider (Legacy)
|
|
69
|
+
|
|
70
|
+
The `AuthProvider` pattern is still supported for backwards compatibility.
|
|
71
|
+
|
|
72
|
+
```typescript
|
|
73
|
+
import { AuthProviders, OpenTDF } from '@opentdf/sdk';
|
|
74
|
+
|
|
75
|
+
const authProvider = await AuthProviders.refreshAuthProvider({
|
|
76
|
+
clientId: 'my-client-id',
|
|
77
|
+
refreshToken: refreshToken,
|
|
78
|
+
oidcOrigin: 'https://keycloak.example.com/auth/realms/my-realm',
|
|
79
|
+
});
|
|
80
|
+
|
|
81
|
+
const client = new OpenTDF({
|
|
82
|
+
authProvider,
|
|
83
|
+
platformUrl: 'https://platform.example.com',
|
|
84
|
+
});
|
|
85
|
+
```
|
|
@@ -7,6 +7,7 @@ exports.fetchKeyAccessServers = fetchKeyAccessServers;
|
|
|
7
7
|
exports.fetchKasPubKey = fetchKasPubKey;
|
|
8
8
|
exports.fetchKasBasePubKey = fetchKasBasePubKey;
|
|
9
9
|
const access_js_1 = require("../access.js");
|
|
10
|
+
const interceptors_js_1 = require("../auth/interceptors.js");
|
|
10
11
|
const errors_js_1 = require("../errors.js");
|
|
11
12
|
const platform_js_1 = require("../platform.js");
|
|
12
13
|
const utils_js_1 = require("../utils.js");
|
|
@@ -20,9 +21,9 @@ const connect_1 = require("@connectrpc/connect");
|
|
|
20
21
|
* @param rewrapAdditionalContextHeader optional value for 'X-Rewrap-Additional-Context'
|
|
21
22
|
* @param clientVersion
|
|
22
23
|
*/
|
|
23
|
-
async function fetchWrappedKey(url, signedRequestToken,
|
|
24
|
+
async function fetchWrappedKey(url, signedRequestToken, auth, rewrapAdditionalContextHeader) {
|
|
24
25
|
const platformUrl = (0, utils_js_1.getPlatformUrlFromKasEndpoint)(url);
|
|
25
|
-
const platform = new platform_js_1.PlatformClient({
|
|
26
|
+
const platform = new platform_js_1.PlatformClient({ interceptors: (0, interceptors_js_1.resolveInterceptors)(auth), platformUrl });
|
|
26
27
|
const options = {};
|
|
27
28
|
if (rewrapAdditionalContextHeader) {
|
|
28
29
|
options.headers = {
|
|
@@ -87,10 +88,10 @@ function handleRpcRewrapErrorString(e, platformUrl, requiredObligations) {
|
|
|
87
88
|
}
|
|
88
89
|
throw new errors_js_1.NetworkError(`[${platformUrl}] [Rewrap] ${e}`);
|
|
89
90
|
}
|
|
90
|
-
async function fetchKeyAccessServers(platformUrl,
|
|
91
|
+
async function fetchKeyAccessServers(platformUrl, auth) {
|
|
91
92
|
let nextOffset = 0;
|
|
92
93
|
const allServers = [];
|
|
93
|
-
const platform = new platform_js_1.PlatformClient({
|
|
94
|
+
const platform = new platform_js_1.PlatformClient({ interceptors: (0, interceptors_js_1.resolveInterceptors)(auth), platformUrl });
|
|
94
95
|
do {
|
|
95
96
|
let response;
|
|
96
97
|
try {
|
|
@@ -186,4 +187,4 @@ async function fetchKasBasePubKey(kasEndpoint) {
|
|
|
186
187
|
throw new errors_js_1.NetworkError(`[${platformUrl}] [PublicKey] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
|
|
187
188
|
}
|
|
188
189
|
}
|
|
189
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
190
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLXJwYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hY2Nlc3MvYWNjZXNzLXJwYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQW9DQSwwQ0FxQkM7QUFFRCxvREF3QkM7QUFFRCxnRUFrQ0M7QUFFRCxzREFpQ0M7QUEyQkQsd0NBNkJDO0FBU0QsZ0RBNkJDO0FBdlBELDRDQUtzQjtBQUV0Qiw2REFBK0U7QUFDL0UsNENBT3NCO0FBQ3RCLGdEQUFnRDtBQUdoRCwwQ0FJcUI7QUFDckIsaURBQTZEO0FBQzdELGlEQUF5RDtBQUV6RDs7Ozs7OztHQU9HO0FBQ0ksS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLGtCQUEwQixFQUMxQixJQUFnQixFQUNoQiw2QkFBc0M7SUFFdEMsTUFBTSxXQUFXLEdBQUcsSUFBQSx3Q0FBNkIsRUFBQyxHQUFHLENBQUMsQ0FBQztJQUN2RCxNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUMsRUFBRSxZQUFZLEVBQUUsSUFBQSxxQ0FBbUIsRUFBQyxJQUFJLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQzlGLE1BQU0sT0FBTyxHQUFnQixFQUFFLENBQUM7SUFDaEMsSUFBSSw2QkFBNkIsRUFBRSxDQUFDO1FBQ2xDLE9BQU8sQ0FBQyxPQUFPLEdBQUc7WUFDaEIsQ0FBQywwQ0FBMkIsQ0FBQyxFQUFFLDZCQUE2QjtTQUM3RCxDQUFDO0lBQ0osQ0FBQztJQUNELElBQUksUUFBd0IsQ0FBQztJQUM3QixJQUFJLENBQUM7UUFDSCxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxrQkFBa0IsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQzlFLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsb0JBQW9CLENBQUMsQ0FBQyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFDRCxPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQsU0FBZ0Isb0JBQW9CLENBQUMsQ0FBVSxFQUFFLFdBQW1CO0lBQ2xFLElBQUksQ0FBQyxZQUFZLHNCQUFZLEVBQUUsQ0FBQztRQUM5QixPQUFPLENBQUMsR0FBRyxDQUFDLG9DQUFvQyxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMxRCxRQUFRLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUNmLEtBQUssY0FBSSxDQUFDLGVBQWUsRUFBRSxrQkFBa0I7Z0JBQzNDLE1BQU0sSUFBSSw0QkFBZ0IsQ0FBQyxZQUFZLFdBQVcsMEJBQTBCLENBQUMsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQzVGLEtBQUssY0FBSSxDQUFDLGdCQUFnQixFQUFFLGdCQUFnQjtnQkFDMUMsTUFBTSxJQUFJLGlDQUFxQixDQUFDLFlBQVksV0FBVyw2QkFBNkIsQ0FBQyxDQUFDO1lBQ3hGLEtBQUssY0FBSSxDQUFDLGVBQWUsRUFBRSxtQkFBbUI7Z0JBQzVDLE1BQU0sSUFBSSxnQ0FBb0IsQ0FBQyxZQUFZLFdBQVcsd0JBQXdCLENBQUMsQ0FBQztZQUNsRixLQUFLLGNBQUksQ0FBQyxRQUFRLENBQUM7WUFDbkIsS0FBSyxjQUFJLENBQUMsYUFBYSxDQUFDO1lBQ3hCLEtBQUssY0FBSSxDQUFDLFFBQVEsQ0FBQztZQUNuQixLQUFLLGNBQUksQ0FBQyxPQUFPLENBQUM7WUFDbEIsS0FBSyxjQUFJLENBQUMsZ0JBQWdCLENBQUM7WUFDM0IsS0FBSyxjQUFJLENBQUMsV0FBVyxFQUFFLHFCQUFxQjtnQkFDMUMsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLEdBQUcsQ0FBQyxDQUFDLElBQUksU0FBUyxXQUFXLDJDQUEyQyxDQUFDLENBQUMsT0FBTyxHQUFHLENBQ3JGLENBQUM7WUFDSjtnQkFDRSxNQUFNLElBQUksd0JBQVksQ0FBQyxJQUFJLFdBQVcsY0FBYyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztRQUNyRSxDQUFDO0lBQ0gsQ0FBQztJQUNELE1BQU0sSUFBSSx3QkFBWSxDQUFDLElBQUksV0FBVyxjQUFjLElBQUEsaUNBQXNCLEVBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0FBQ25GLENBQUM7QUFFRCxTQUFnQiwwQkFBMEIsQ0FDeEMsQ0FBUyxFQUNULFdBQW1CLEVBQ25CLG1CQUE4QjtJQUU5QixJQUFJLENBQUMsQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLGNBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDM0Msa0JBQWtCO1FBQ2xCLE1BQU0sSUFBSSw0QkFBZ0IsQ0FBQyxZQUFZLFdBQVcsMEJBQTBCLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUNELElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsY0FBSSxDQUFDLGdCQUFnQixDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzVDLElBQUksbUJBQW1CLElBQUksbUJBQW1CLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzFELE1BQU0sSUFBSSxpQ0FBcUIsQ0FDN0IsWUFBWSxXQUFXLDZCQUE2QixFQUNwRCxtQkFBbUIsQ0FDcEIsQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLElBQUksaUNBQXFCLENBQUMsWUFBWSxXQUFXLDZCQUE2QixDQUFDLENBQUM7SUFDeEYsQ0FBQztJQUNELElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsY0FBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUMzQyxtQkFBbUI7UUFDbkIsTUFBTSxJQUFJLGdDQUFvQixDQUFDLFlBQVksV0FBVyx3QkFBd0IsQ0FBQyxDQUFDO0lBQ2xGLENBQUM7SUFDRCxJQUNFLENBQUMsQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLGNBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUMvQixDQUFDLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxjQUFJLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDcEMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxjQUFJLENBQUMsY0FBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQy9CLENBQUMsQ0FBQyxRQUFRLENBQUMsY0FBSSxDQUFDLGNBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM5QixDQUFDLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxjQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUN2QyxDQUFDLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxjQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsRUFDbEMsQ0FBQztRQUNELFFBQVE7UUFDUixNQUFNLElBQUksd0JBQVksQ0FBQyxTQUFTLFdBQVcsMkNBQTJDLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDOUYsQ0FBQztJQUNELE1BQU0sSUFBSSx3QkFBWSxDQUFDLElBQUksV0FBVyxjQUFjLENBQUMsRUFBRSxDQUFDLENBQUM7QUFDM0QsQ0FBQztBQUVNLEtBQUssVUFBVSxxQkFBcUIsQ0FDekMsV0FBbUIsRUFDbkIsSUFBZ0I7SUFFaEIsSUFBSSxVQUFVLEdBQUcsQ0FBQyxDQUFDO0lBQ25CLE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQztJQUN0QixNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUMsRUFBRSxZQUFZLEVBQUUsSUFBQSxxQ0FBbUIsRUFBQyxJQUFJLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBRTlGLEdBQUcsQ0FBQztRQUNGLElBQUksUUFBc0MsQ0FBQztRQUMzQyxJQUFJLENBQUM7WUFDSCxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLG9CQUFvQixDQUFDO2dCQUN4RSxVQUFVLEVBQUU7b0JBQ1YsTUFBTSxFQUFFLFVBQVU7aUJBQ25CO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksd0JBQVksQ0FDcEIsSUFBSSxXQUFXLDRCQUE0QixJQUFBLGlDQUFzQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQ3ZFLENBQUM7UUFDSixDQUFDO1FBRUQsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQzlDLFVBQVUsR0FBRyxRQUFRLEVBQUUsVUFBVSxFQUFFLFVBQVUsSUFBSSxDQUFDLENBQUM7SUFDckQsQ0FBQyxRQUFRLFVBQVUsR0FBRyxDQUFDLEVBQUU7SUFFekIsTUFBTSxVQUFVLEdBQUcsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzFELHdCQUF3QjtJQUN4QixJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUMvQyxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsV0FBVyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQsT0FBTyxJQUFJLDJCQUFlLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDO0FBQ2hELENBQUM7QUFZRCxTQUFTLFNBQVMsQ0FBQyxPQUFpQjtJQUNsQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDYixPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFDRCxNQUFNLEVBQUUsR0FBRyxPQUEwQixDQUFDO0lBQ3RDLE9BQU8sQ0FDTCxDQUFDLENBQUMsRUFBRSxDQUFDLE9BQU87UUFDWixDQUFDLENBQUMsRUFBRSxDQUFDLFVBQVU7UUFDZixPQUFPLEVBQUUsQ0FBQyxVQUFVLEtBQUssUUFBUTtRQUNqQyxDQUFDLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxHQUFHO1FBQ25CLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVM7UUFDekIsSUFBQSxnQ0FBb0IsRUFBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxDQUM5QyxDQUFDO0FBQ0osQ0FBQztBQUVNLEtBQUssVUFBVSxjQUFjLENBQ2xDLFdBQW1CLEVBQ25CLFNBQWlDO0lBRWpDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksOEJBQWtCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUMzRCxDQUFDO0lBQ0QsdURBQXVEO0lBQ3ZELElBQUEsNEJBQWlCLEVBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0IsTUFBTSxXQUFXLEdBQUcsSUFBQSx3Q0FBNkIsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUMvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUM7UUFDbEMsV0FBVztLQUNaLENBQUMsQ0FBQztJQUNILElBQUksQ0FBQztRQUNILE1BQU0sRUFBRSxHQUFHLEVBQUUsU0FBUyxFQUFFLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUM7WUFDNUQsU0FBUyxFQUFFLFNBQVMsSUFBSSxVQUFVO1lBQ2xDLENBQUMsRUFBRSxHQUFHO1NBQ1AsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQXFCO1lBQy9CLFNBQVM7WUFDVCxHQUFHLEVBQUUsV0FBVztZQUNoQixTQUFTLEVBQUUsU0FBUyxJQUFJLFVBQVU7WUFDbEMsR0FBRyxDQUFDLEdBQUcsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1NBQ3BCLENBQUM7UUFDRixPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSx3QkFBWSxDQUFDLElBQUksV0FBVyxpQkFBaUIsSUFBQSxpQ0FBc0IsRUFBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDdEYsQ0FBQztBQUNILENBQUM7QUFFRDs7Ozs7O0dBTUc7QUFDSSxLQUFLLFVBQVUsa0JBQWtCLENBQUMsV0FBbUI7SUFDMUQsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzNELENBQUM7SUFDRCxJQUFBLDRCQUFpQixFQUFDLFdBQVcsQ0FBQyxDQUFDO0lBRS9CLE1BQU0sV0FBVyxHQUFHLElBQUEsd0NBQTZCLEVBQUMsV0FBVyxDQUFDLENBQUM7SUFDL0QsTUFBTSxRQUFRLEdBQUcsSUFBSSw0QkFBYyxDQUFDO1FBQ2xDLFdBQVc7S0FDWixDQUFDLENBQUM7SUFDSCxJQUFJLENBQUM7UUFDSCxNQUFNLEVBQUUsYUFBYSxFQUFFLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLFNBQVMsQ0FBQyx5QkFBeUIsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNwRixNQUFNLE9BQU8sR0FBRyxhQUFhLEVBQUUsUUFBc0MsQ0FBQztRQUN0RSxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDeEIsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLG9DQUFvQyxXQUFXLGdEQUFnRCxDQUNoRyxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sTUFBTSxHQUFxQjtZQUMvQixTQUFTLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxHQUFHO1lBQ2pDLEdBQUcsRUFBRSxPQUFPLENBQUMsT0FBTztZQUNwQixTQUFTLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxTQUFTO1lBQ3ZDLEdBQUcsRUFBRSxPQUFPLENBQUMsVUFBVSxDQUFDLEdBQUc7U0FDNUIsQ0FBQztRQUNGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMsSUFBSSxXQUFXLGlCQUFpQixJQUFBLGlDQUFzQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0RixDQUFDO0FBQ0gsQ0FBQyJ9
|
package/dist/cjs/src/access.js
CHANGED
|
@@ -5,6 +5,7 @@ exports.fetchWrappedKey = fetchWrappedKey;
|
|
|
5
5
|
exports.fetchKeyAccessServers = fetchKeyAccessServers;
|
|
6
6
|
exports.fetchECKasPubKey = fetchECKasPubKey;
|
|
7
7
|
exports.fetchKasPubKey = fetchKasPubKey;
|
|
8
|
+
const interceptors_js_1 = require("./auth/interceptors.js");
|
|
8
9
|
const utils_js_1 = require("./utils.js");
|
|
9
10
|
const index_js_1 = require("./encodings/index.js");
|
|
10
11
|
const access_rpc_js_1 = require("./access/access-rpc.js");
|
|
@@ -21,9 +22,16 @@ const access_fetch_js_3 = require("./access/access-fetch.js");
|
|
|
21
22
|
* @param fulfillableObligationFQNs client-configured list of obligation value FQNs that can be fulfilled in this PEP
|
|
22
23
|
* @param clientVersion
|
|
23
24
|
*/
|
|
24
|
-
async function fetchWrappedKey(url, signedRequestToken,
|
|
25
|
+
async function fetchWrappedKey(url, signedRequestToken, auth, fulfillableObligationFQNs) {
|
|
25
26
|
const platformUrl = (0, utils_js_1.getPlatformUrlFromKasEndpoint)(url);
|
|
26
|
-
|
|
27
|
+
const { interceptors, authProvider } = (0, interceptors_js_1.resolveAuthConfig)(auth);
|
|
28
|
+
const rpcCall = () => (0, access_rpc_js_2.fetchWrappedKey)(platformUrl, signedRequestToken, { interceptors }, (0, exports.rewrapAdditionalContextHeader)(fulfillableObligationFQNs));
|
|
29
|
+
// When no AuthProvider is available, skip the legacy fallback so the real
|
|
30
|
+
// RPC error propagates instead of being masked by tryPromisesUntilFirstSuccess.
|
|
31
|
+
if (!authProvider) {
|
|
32
|
+
return await rpcCall();
|
|
33
|
+
}
|
|
34
|
+
return await tryPromisesUntilFirstSuccess(rpcCall,
|
|
27
35
|
// We intentionally do not provide the rewrap additional context to legacy requests destined for older platforms.
|
|
28
36
|
// Platforms new enough to have knowledge of obligations will be handling RPC requests successfully.
|
|
29
37
|
() => (0, access_fetch_js_2.fetchWrappedKey)(url, { signedRequestToken }, authProvider));
|
|
@@ -102,8 +110,13 @@ exports.publicKeyAlgorithmToJwa = publicKeyAlgorithmToJwa;
|
|
|
102
110
|
* @param authProvider The authentication provider to use for the request.
|
|
103
111
|
* @returns A promise that resolves to an OriginAllowList.
|
|
104
112
|
*/
|
|
105
|
-
async function fetchKeyAccessServers(platformUrl,
|
|
106
|
-
|
|
113
|
+
async function fetchKeyAccessServers(platformUrl, auth) {
|
|
114
|
+
const { interceptors, authProvider } = (0, interceptors_js_1.resolveAuthConfig)(auth);
|
|
115
|
+
const rpcCall = () => (0, access_rpc_js_1.fetchKeyAccessServers)(platformUrl, { interceptors });
|
|
116
|
+
if (!authProvider) {
|
|
117
|
+
return await rpcCall();
|
|
118
|
+
}
|
|
119
|
+
return await tryPromisesUntilFirstSuccess(rpcCall, () => (0, access_fetch_js_1.fetchKeyAccessServers)(platformUrl, authProvider));
|
|
107
120
|
}
|
|
108
121
|
/**
|
|
109
122
|
* Fetch the EC (secp256r1) public key for a KAS endpoint.
|
|
@@ -184,4 +197,4 @@ async function tryPromisesUntilFirstSuccess(first, second) {
|
|
|
184
197
|
}
|
|
185
198
|
}
|
|
186
199
|
}
|
|
187
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
200
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FjY2Vzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFvQ0EsMENBa0NDO0FBdUdELHNEQWVDO0FBT0QsNENBRUM7QUFZRCx3Q0FjQztBQS9ORCw0REFBNEU7QUFFNUUseUNBQThFO0FBQzlFLG1EQUE4QztBQUU5QywwREFHZ0M7QUFDaEMsOERBQWdHO0FBQ2hHLDBEQUFnRjtBQUNoRiw4REFBcUY7QUFDckYsMERBQTZFO0FBQzdFLDhEQUFrRjtBQWVsRjs7Ozs7OztHQU9HO0FBQ0ksS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLGtCQUEwQixFQUMxQixJQUFnQixFQUNoQix5QkFBbUM7SUFFbkMsTUFBTSxXQUFXLEdBQUcsSUFBQSx3Q0FBNkIsRUFBQyxHQUFHLENBQUMsQ0FBQztJQUN2RCxNQUFNLEVBQUUsWUFBWSxFQUFFLFlBQVksRUFBRSxHQUFHLElBQUEsbUNBQWlCLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFL0QsTUFBTSxPQUFPLEdBQUcsR0FBRyxFQUFFLENBQ25CLElBQUEsK0JBQW1CLEVBQ2pCLFdBQVcsRUFDWCxrQkFBa0IsRUFDbEIsRUFBRSxZQUFZLEVBQUUsRUFDaEIsSUFBQSxxQ0FBNkIsRUFBQyx5QkFBeUIsQ0FBQyxDQUN6RCxDQUFDO0lBRUosMEVBQTBFO0lBQzFFLGdGQUFnRjtJQUNoRixJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDbEIsT0FBTyxNQUFNLE9BQU8sRUFBRSxDQUFDO0lBQ3pCLENBQUM7SUFFRCxPQUFPLE1BQU0sNEJBQTRCLENBQ3ZDLE9BQU87SUFDUCxpSEFBaUg7SUFDakgsb0dBQW9HO0lBQ3BHLEdBQUcsRUFBRSxDQUNILElBQUEsaUNBQXNCLEVBQ3BCLEdBQUcsRUFDSCxFQUFFLGtCQUFrQixFQUFFLEVBQ3RCLFlBQVksQ0FDeUIsQ0FDMUMsQ0FBQztBQUNKLENBQUM7QUFFRDs7O0dBR0c7QUFDSSxNQUFNLDZCQUE2QixHQUFHLENBQzNDLDhCQUF3QyxFQUNwQixFQUFFO0lBQ3RCLElBQUksQ0FBQyw4QkFBOEIsQ0FBQyxNQUFNO1FBQUUsT0FBTztJQUVuRCxNQUFNLE9BQU8sR0FBNEI7UUFDdkMsV0FBVyxFQUFFO1lBQ1gsZUFBZSxFQUFFLDhCQUE4QixDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxDQUFDO1NBQ2hGO0tBQ0YsQ0FBQztJQUNGLE9BQU8saUJBQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO0FBQ2hELENBQUMsQ0FBQztBQVhXLFFBQUEsNkJBQTZCLGlDQVd4QztBQVNLLE1BQU0sb0JBQW9CLEdBQUcsQ0FBQyxDQUFTLEVBQThCLEVBQUU7SUFDNUUsT0FBTyxDQUFDLEtBQUssY0FBYyxJQUFJLENBQUMsS0FBSyxVQUFVLENBQUM7QUFDbEQsQ0FBQyxDQUFDO0FBRlcsUUFBQSxvQkFBb0Isd0JBRS9CO0FBRUssTUFBTSxnQ0FBZ0MsR0FBRyxDQUFDLENBQVksRUFBeUIsRUFBRTtJQUN0RixNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsU0FBUyxDQUFDO0lBQ3RCLElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxPQUFPLElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztRQUM1QyxNQUFNLEdBQUcsR0FBRyxDQUFtQixDQUFDO1FBQ2hDLFFBQVEsR0FBRyxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3ZCLEtBQUssT0FBTztnQkFDVixPQUFPLGNBQWMsQ0FBQztZQUN4QixLQUFLLE9BQU87Z0JBQ1YsT0FBTyxjQUFjLENBQUM7WUFDeEIsS0FBSyxPQUFPO2dCQUNWLE9BQU8sY0FBYyxDQUFDO1lBQ3hCO2dCQUNFLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLEdBQUcsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxDQUFDO1FBQy9ELENBQUM7SUFDSCxDQUFDO0lBQ0QsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLFVBQVUsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLG1CQUFtQixFQUFFLENBQUM7UUFDNUQsTUFBTSxJQUFJLEdBQUcsQ0FBMEIsQ0FBQztRQUN4QyxJQUFJLElBQUksQ0FBQyxjQUFjLENBQUMsUUFBUSxFQUFFLEtBQUssT0FBTyxFQUFFLENBQUM7WUFDL0MsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDLENBQUM7UUFDN0UsQ0FBQztRQUNELFFBQVEsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQzNCLEtBQUssSUFBSTtnQkFDUCxPQUFPLFVBQVUsQ0FBQztZQUNwQixLQUFLLElBQUk7Z0JBQ1AsT0FBTyxVQUFVLENBQUM7WUFDcEI7Z0JBQ0UsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQ0FBbUMsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUM7UUFDN0UsQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLElBQUksS0FBSyxDQUFDLDhCQUE4QixDQUFDLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztBQUMxRCxDQUFDLENBQUM7QUE5QlcsUUFBQSxnQ0FBZ0Msb0NBOEIzQztBQUVLLE1BQU0sdUJBQXVCLEdBQUcsQ0FBQyxDQUF3QixFQUFVLEVBQUU7SUFDMUUsUUFBUSxDQUFDLEVBQUUsQ0FBQztRQUNWLEtBQUssY0FBYztZQUNqQixPQUFPLE9BQU8sQ0FBQztRQUNqQixLQUFLLFVBQVU7WUFDYixPQUFPLE9BQU8sQ0FBQztRQUNqQixLQUFLLFVBQVU7WUFDYixPQUFPLE9BQU8sQ0FBQztRQUNqQixLQUFLLGNBQWM7WUFDakIsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxjQUFjO1lBQ2pCLE9BQU8sT0FBTyxDQUFDO1FBQ2pCO1lBQ0UsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUM5RCxDQUFDO0FBQ0gsQ0FBQyxDQUFDO0FBZlcsUUFBQSx1QkFBdUIsMkJBZWxDO0FBb0JGOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLHFCQUFxQixDQUN6QyxXQUFtQixFQUNuQixJQUFnQjtJQUVoQixNQUFNLEVBQUUsWUFBWSxFQUFFLFlBQVksRUFBRSxHQUFHLElBQUEsbUNBQWlCLEVBQUMsSUFBSSxDQUFDLENBQUM7SUFFL0QsTUFBTSxPQUFPLEdBQUcsR0FBRyxFQUFFLENBQUMsSUFBQSxxQ0FBd0IsRUFBQyxXQUFXLEVBQUUsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDO0lBRTlFLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUNsQixPQUFPLE1BQU0sT0FBTyxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVELE9BQU8sTUFBTSw0QkFBNEIsQ0FBQyxPQUFPLEVBQUUsR0FBRyxFQUFFLENBQ3RELElBQUEsdUNBQTJCLEVBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUN2RCxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7O0dBSUc7QUFDSSxLQUFLLFVBQVUsZ0JBQWdCLENBQUMsV0FBbUI7SUFDeEQsT0FBTyxjQUFjLENBQUMsV0FBVyxFQUFFLGNBQWMsQ0FBQyxDQUFDO0FBQ3JELENBQUM7QUFFRDs7Ozs7Ozs7O0dBU0c7QUFDSSxLQUFLLFVBQVUsY0FBYyxDQUNsQyxXQUFtQixFQUNuQixTQUFpQztJQUVqQyxJQUFJLENBQUM7UUFDSCxPQUFPLE1BQU0sSUFBQSxrQ0FBa0IsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDakIsQ0FBQztJQUVELE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsSUFBQSw4QkFBaUIsRUFBQyxXQUFXLEVBQUUsU0FBUyxDQUFDLEVBQy9DLEdBQUcsRUFBRSxDQUFDLElBQUEsZ0NBQW9CLEVBQUMsV0FBVyxFQUFFLFNBQVMsQ0FBQyxDQUNuRCxDQUFDO0FBQ0osQ0FBQztBQUVELE1BQU0sTUFBTSxHQUFHLENBQUMsQ0FBUyxFQUFVLEVBQUU7SUFDbkMsSUFBSSxDQUFDO1FBQ0gsT0FBTyxJQUFJLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUM7SUFDM0IsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3ZDLE1BQU0sQ0FBQyxDQUFDO0lBQ1YsQ0FBQztBQUNILENBQUMsQ0FBQztBQUVGOzs7Ozs7OztHQVFHO0FBQ0gsTUFBYSxlQUFlO0lBRzFCLFlBQVksSUFBYyxFQUFFLFFBQWtCO1FBQzVDLElBQUksQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxJQUFJLENBQUMsT0FBTyxDQUFDLDRCQUFpQixDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLFFBQVEsR0FBRyxDQUFDLENBQUMsUUFBUSxDQUFDO0lBQzdCLENBQUM7SUFDRCxNQUFNLENBQUMsR0FBVztRQUNoQixJQUFJLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNsQixPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0lBQzVDLENBQUM7Q0FDRjtBQWRELDBDQWNDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxLQUFLLFVBQVUsNEJBQTRCLENBQ3pDLEtBQXVCLEVBQ3ZCLE1BQXdCO0lBRXhCLElBQUksQ0FBQztRQUNILE9BQU8sTUFBTSxLQUFLLEVBQUUsQ0FBQztJQUN2QixDQUFDO0lBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztRQUNaLE9BQU8sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDckMsSUFBSSxDQUFDO1lBQ0gsT0FBTyxNQUFNLE1BQU0sRUFBRSxDQUFDO1FBQ3hCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsTUFBTSxHQUFHLENBQUM7UUFDWixDQUFDO0lBQ0gsQ0FBQztBQUNILENBQUMifQ==
|
|
@@ -0,0 +1,186 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
36
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
37
|
+
};
|
|
38
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
+
exports.authTokenInterceptor = authTokenInterceptor;
|
|
40
|
+
exports.authTokenDPoPInterceptor = authTokenDPoPInterceptor;
|
|
41
|
+
exports.authProviderInterceptor = authProviderInterceptor;
|
|
42
|
+
exports.isInterceptorConfig = isInterceptorConfig;
|
|
43
|
+
exports.resolveInterceptors = resolveInterceptors;
|
|
44
|
+
exports.resolveAuthConfig = resolveAuthConfig;
|
|
45
|
+
const DefaultCryptoService = __importStar(require("../../tdf3/src/crypto/index.js"));
|
|
46
|
+
const dpop_js_1 = __importDefault(require("./dpop.js"));
|
|
47
|
+
const index_js_1 = require("../encodings/index.js");
|
|
48
|
+
/**
|
|
49
|
+
* Creates a simple bearer-token interceptor.
|
|
50
|
+
* Calls `tokenProvider()` per-request and sets the `Authorization` header.
|
|
51
|
+
*
|
|
52
|
+
* @param tokenProvider Function returning a valid access token.
|
|
53
|
+
* @returns A Connect RPC Interceptor.
|
|
54
|
+
*
|
|
55
|
+
* @example
|
|
56
|
+
* ```ts
|
|
57
|
+
* const opentdf = new OpenTDF({
|
|
58
|
+
* interceptors: [authTokenInterceptor(() => myAuth.getAccessToken())],
|
|
59
|
+
* platformUrl: '/api',
|
|
60
|
+
* });
|
|
61
|
+
* ```
|
|
62
|
+
*/
|
|
63
|
+
function authTokenInterceptor(tokenProvider) {
|
|
64
|
+
return (next) => async (req) => {
|
|
65
|
+
const token = await tokenProvider();
|
|
66
|
+
req.header.set('Authorization', `Bearer ${token}`);
|
|
67
|
+
return next(req);
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Creates a DPoP-aware auth interceptor.
|
|
72
|
+
* Per-request: gets token, generates DPoP proof JWT, sets Authorization + DPoP + X-VirtruPubKey headers.
|
|
73
|
+
* Exposes `dpopKeys` for TDF request body signing.
|
|
74
|
+
*
|
|
75
|
+
* @param options DPoP interceptor configuration.
|
|
76
|
+
* @returns A DPoP interceptor with an exposed `dpopKeys` promise.
|
|
77
|
+
*
|
|
78
|
+
* @example
|
|
79
|
+
* ```ts
|
|
80
|
+
* const dpopInterceptor = authTokenDPoPInterceptor({
|
|
81
|
+
* tokenProvider: () => myAuth.getAccessToken(),
|
|
82
|
+
* });
|
|
83
|
+
* const opentdf = new OpenTDF({
|
|
84
|
+
* interceptors: [dpopInterceptor],
|
|
85
|
+
* dpopKeys: dpopInterceptor.dpopKeys,
|
|
86
|
+
* platformUrl: '/api',
|
|
87
|
+
* });
|
|
88
|
+
* ```
|
|
89
|
+
*/
|
|
90
|
+
function authTokenDPoPInterceptor(options) {
|
|
91
|
+
const cryptoService = options.cryptoService ?? DefaultCryptoService;
|
|
92
|
+
const dpopKeysPromise = options.dpopKeys
|
|
93
|
+
? Promise.resolve(options.dpopKeys)
|
|
94
|
+
: cryptoService.generateSigningKeyPair();
|
|
95
|
+
const interceptor = (next) => async (req) => {
|
|
96
|
+
const [token, keys] = await Promise.all([options.tokenProvider(), dpopKeysPromise]);
|
|
97
|
+
const url = new URL(req.url);
|
|
98
|
+
const httpUri = `${url.origin}${url.pathname}`;
|
|
99
|
+
// Generate DPoP proof JWT for this request
|
|
100
|
+
const dpopProof = await (0, dpop_js_1.default)(keys, cryptoService, httpUri, 'POST');
|
|
101
|
+
// Export public key PEM for X-VirtruPubKey header
|
|
102
|
+
const publicKeyPem = await cryptoService.exportPublicKeyPem(keys.publicKey);
|
|
103
|
+
req.header.set('Authorization', `Bearer ${token}`);
|
|
104
|
+
req.header.set('DPoP', dpopProof);
|
|
105
|
+
req.header.set('X-VirtruPubKey', index_js_1.base64.encode(publicKeyPem));
|
|
106
|
+
return next(req);
|
|
107
|
+
};
|
|
108
|
+
// Attach dpopKeys to the interceptor function
|
|
109
|
+
const dpopInterceptor = interceptor;
|
|
110
|
+
Object.defineProperty(dpopInterceptor, 'dpopKeys', {
|
|
111
|
+
value: dpopKeysPromise,
|
|
112
|
+
writable: false,
|
|
113
|
+
enumerable: true,
|
|
114
|
+
});
|
|
115
|
+
return dpopInterceptor;
|
|
116
|
+
}
|
|
117
|
+
/**
|
|
118
|
+
* Creates an interceptor that bridges an existing AuthProvider to the Interceptor pattern.
|
|
119
|
+
* Use this for backwards compatibility when migrating from AuthProvider to interceptors.
|
|
120
|
+
*
|
|
121
|
+
* @param authProvider The legacy AuthProvider to bridge.
|
|
122
|
+
* @returns A Connect RPC Interceptor.
|
|
123
|
+
*/
|
|
124
|
+
function authProviderInterceptor(authProvider) {
|
|
125
|
+
return (next) => async (req) => {
|
|
126
|
+
const url = new URL(req.url);
|
|
127
|
+
const pathOnly = url.pathname;
|
|
128
|
+
// Signs only the path of the url in the request
|
|
129
|
+
let token;
|
|
130
|
+
try {
|
|
131
|
+
token = await authProvider.withCreds({
|
|
132
|
+
url: pathOnly,
|
|
133
|
+
method: 'POST',
|
|
134
|
+
// Start with any headers Connect already has
|
|
135
|
+
headers: {
|
|
136
|
+
...Object.fromEntries(req.header.entries()),
|
|
137
|
+
'Content-Type': 'application/json',
|
|
138
|
+
},
|
|
139
|
+
});
|
|
140
|
+
}
|
|
141
|
+
catch (err) {
|
|
142
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
143
|
+
if (msg.includes('public key') || msg.includes('updateClientPublicKey')) {
|
|
144
|
+
throw new Error('PlatformClient: DPoP key binding is not complete. ' +
|
|
145
|
+
'If you are using OpenTDF with PlatformClient, create OpenTDF first and ' +
|
|
146
|
+
'`await client.ready` before constructing PlatformClient. ' +
|
|
147
|
+
`Original error: ${msg}`);
|
|
148
|
+
}
|
|
149
|
+
throw err;
|
|
150
|
+
}
|
|
151
|
+
Object.entries(token.headers).forEach(([key, value]) => {
|
|
152
|
+
req.header.set(key, value);
|
|
153
|
+
});
|
|
154
|
+
return await next(req);
|
|
155
|
+
};
|
|
156
|
+
}
|
|
157
|
+
/**
|
|
158
|
+
* Type guard for AuthConfig with interceptors.
|
|
159
|
+
*/
|
|
160
|
+
function isInterceptorConfig(auth) {
|
|
161
|
+
return 'interceptors' in auth && Array.isArray(auth.interceptors);
|
|
162
|
+
}
|
|
163
|
+
/**
|
|
164
|
+
* Resolves an AuthConfig into interceptors for use with PlatformClient.
|
|
165
|
+
* If the config is an AuthProvider, it is bridged via authProviderInterceptor.
|
|
166
|
+
*/
|
|
167
|
+
function resolveInterceptors(auth) {
|
|
168
|
+
if (isInterceptorConfig(auth)) {
|
|
169
|
+
return auth.interceptors;
|
|
170
|
+
}
|
|
171
|
+
return [authProviderInterceptor(auth)];
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Resolves an AuthConfig into both interceptors and an optional AuthProvider.
|
|
175
|
+
* The AuthProvider is available for legacy code paths that need withCreds().
|
|
176
|
+
*/
|
|
177
|
+
function resolveAuthConfig(auth) {
|
|
178
|
+
if (isInterceptorConfig(auth)) {
|
|
179
|
+
return { interceptors: auth.interceptors };
|
|
180
|
+
}
|
|
181
|
+
return {
|
|
182
|
+
interceptors: [authProviderInterceptor(auth)],
|
|
183
|
+
authProvider: auth,
|
|
184
|
+
};
|
|
185
|
+
}
|
|
186
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZXJjZXB0b3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2F1dGgvaW50ZXJjZXB0b3JzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBa0RBLG9EQU1DO0FBc0JELDREQWtDQztBQVNELDBEQW1DQztBQVVELGtEQUVDO0FBTUQsa0RBS0M7QUFNRCw4Q0FXQztBQWpNRCxxRkFBdUU7QUFDdkUsd0RBQTZCO0FBRTdCLG9EQUErQztBQTZCL0M7Ozs7Ozs7Ozs7Ozs7O0dBY0c7QUFDSCxTQUFnQixvQkFBb0IsQ0FBQyxhQUE0QjtJQUMvRCxPQUFPLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxLQUFLLEVBQUUsR0FBRyxFQUFFLEVBQUU7UUFDN0IsTUFBTSxLQUFLLEdBQUcsTUFBTSxhQUFhLEVBQUUsQ0FBQztRQUNwQyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxlQUFlLEVBQUUsVUFBVSxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQ25ELE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ25CLENBQUMsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQW1CRztBQUNILFNBQWdCLHdCQUF3QixDQUFDLE9BQStCO0lBQ3RFLE1BQU0sYUFBYSxHQUFHLE9BQU8sQ0FBQyxhQUFhLElBQUksb0JBQW9CLENBQUM7SUFDcEUsTUFBTSxlQUFlLEdBQXFCLE9BQU8sQ0FBQyxRQUFRO1FBQ3hELENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUM7UUFDbkMsQ0FBQyxDQUFDLGFBQWEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO0lBRTNDLE1BQU0sV0FBVyxHQUFnQixDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsS0FBSyxFQUFFLEdBQUcsRUFBRSxFQUFFO1FBQ3ZELE1BQU0sQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBRSxFQUFFLGVBQWUsQ0FBQyxDQUFDLENBQUM7UUFFcEYsTUFBTSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQzdCLE1BQU0sT0FBTyxHQUFHLEdBQUcsR0FBRyxDQUFDLE1BQU0sR0FBRyxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7UUFFL0MsMkNBQTJDO1FBQzNDLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBQSxpQkFBSSxFQUFDLElBQUksRUFBRSxhQUFhLEVBQUUsT0FBTyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBRW5FLGtEQUFrRDtRQUNsRCxNQUFNLFlBQVksR0FBRyxNQUFNLGFBQWEsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7UUFFNUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsZUFBZSxFQUFFLFVBQVUsS0FBSyxFQUFFLENBQUMsQ0FBQztRQUNuRCxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsU0FBUyxDQUFDLENBQUM7UUFDbEMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsZ0JBQWdCLEVBQUUsaUJBQU0sQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztRQUU5RCxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNuQixDQUFDLENBQUM7SUFFRiw4Q0FBOEM7SUFDOUMsTUFBTSxlQUFlLEdBQUcsV0FBOEIsQ0FBQztJQUN2RCxNQUFNLENBQUMsY0FBYyxDQUFDLGVBQWUsRUFBRSxVQUFVLEVBQUU7UUFDakQsS0FBSyxFQUFFLGVBQWU7UUFDdEIsUUFBUSxFQUFFLEtBQUs7UUFDZixVQUFVLEVBQUUsSUFBSTtLQUNqQixDQUFDLENBQUM7SUFFSCxPQUFPLGVBQWUsQ0FBQztBQUN6QixDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsU0FBZ0IsdUJBQXVCLENBQUMsWUFBMEI7SUFDaEUsT0FBTyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsS0FBSyxFQUFFLEdBQUcsRUFBRSxFQUFFO1FBQzdCLE1BQU0sR0FBRyxHQUFHLElBQUksR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUM3QixNQUFNLFFBQVEsR0FBRyxHQUFHLENBQUMsUUFBUSxDQUFDO1FBQzlCLGdEQUFnRDtRQUNoRCxJQUFJLEtBQUssQ0FBQztRQUNWLElBQUksQ0FBQztZQUNILEtBQUssR0FBRyxNQUFNLFlBQVksQ0FBQyxTQUFTLENBQUM7Z0JBQ25DLEdBQUcsRUFBRSxRQUFRO2dCQUNiLE1BQU0sRUFBRSxNQUFNO2dCQUNkLDZDQUE2QztnQkFDN0MsT0FBTyxFQUFFO29CQUNQLEdBQUcsTUFBTSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO29CQUMzQyxjQUFjLEVBQUUsa0JBQWtCO2lCQUNuQzthQUNGLENBQUMsQ0FBQztRQUNMLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsTUFBTSxHQUFHLEdBQUcsR0FBRyxZQUFZLEtBQUssQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQzdELElBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxHQUFHLENBQUMsUUFBUSxDQUFDLHVCQUF1QixDQUFDLEVBQUUsQ0FBQztnQkFDeEUsTUFBTSxJQUFJLEtBQUssQ0FDYixvREFBb0Q7b0JBQ2xELHlFQUF5RTtvQkFDekUsMkRBQTJEO29CQUMzRCxtQkFBbUIsR0FBRyxFQUFFLENBQzNCLENBQUM7WUFDSixDQUFDO1lBQ0QsTUFBTSxHQUFHLENBQUM7UUFDWixDQUFDO1FBRUQsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLEVBQUUsRUFBRTtZQUNyRCxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDN0IsQ0FBQyxDQUFDLENBQUM7UUFFSCxPQUFPLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3pCLENBQUMsQ0FBQztBQUNKLENBQUM7QUFPRDs7R0FFRztBQUNILFNBQWdCLG1CQUFtQixDQUFDLElBQWdCO0lBQ2xELE9BQU8sY0FBYyxJQUFJLElBQUksSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFFLElBQWtDLENBQUMsWUFBWSxDQUFDLENBQUM7QUFDbkcsQ0FBQztBQUVEOzs7R0FHRztBQUNILFNBQWdCLG1CQUFtQixDQUFDLElBQWdCO0lBQ2xELElBQUksbUJBQW1CLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztRQUM5QixPQUFPLElBQUksQ0FBQyxZQUFZLENBQUM7SUFDM0IsQ0FBQztJQUNELE9BQU8sQ0FBQyx1QkFBdUIsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0FBQ3pDLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxTQUFnQixpQkFBaUIsQ0FBQyxJQUFnQjtJQUloRCxJQUFJLG1CQUFtQixDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7UUFDOUIsT0FBTyxFQUFFLFlBQVksRUFBRSxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7SUFDN0MsQ0FBQztJQUNELE9BQU87UUFDTCxZQUFZLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUM3QyxZQUFZLEVBQUUsSUFBSTtLQUNuQixDQUFDO0FBQ0osQ0FBQyJ9
|
package/dist/cjs/src/index.js
CHANGED
|
@@ -36,11 +36,15 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
36
36
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
37
37
|
};
|
|
38
38
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
39
|
-
exports.ConfigurationError = exports.AttributeNotFoundError = exports.AttributeValidationError = exports.NetworkError = exports.DecryptError = exports.InvalidFileError = exports.IntegrityError = exports.PermissionDeniedError = exports.TdfError = exports.PlatformClient = exports.tdfSpecVersion = exports.clientType = exports.version = exports.attributeValueExists = exports.attributeExists = exports.validateAttributes = exports.listAttributes = exports.attributeFQNsAsValues = exports.AuthProviders = exports.withHeaders = exports.HttpRequest = void 0;
|
|
39
|
+
exports.ConfigurationError = exports.AttributeNotFoundError = exports.AttributeValidationError = exports.NetworkError = exports.DecryptError = exports.InvalidFileError = exports.IntegrityError = exports.PermissionDeniedError = exports.TdfError = exports.PlatformClient = exports.tdfSpecVersion = exports.clientType = exports.version = exports.attributeValueExists = exports.attributeExists = exports.validateAttributes = exports.listAttributes = exports.attributeFQNsAsValues = exports.authProviderInterceptor = exports.authTokenDPoPInterceptor = exports.authTokenInterceptor = exports.AuthProviders = exports.withHeaders = exports.HttpRequest = void 0;
|
|
40
40
|
var auth_js_1 = require("./auth/auth.js");
|
|
41
41
|
Object.defineProperty(exports, "HttpRequest", { enumerable: true, get: function () { return auth_js_1.HttpRequest; } });
|
|
42
42
|
Object.defineProperty(exports, "withHeaders", { enumerable: true, get: function () { return auth_js_1.withHeaders; } });
|
|
43
43
|
exports.AuthProviders = __importStar(require("./auth/providers.js"));
|
|
44
|
+
var interceptors_js_1 = require("./auth/interceptors.js");
|
|
45
|
+
Object.defineProperty(exports, "authTokenInterceptor", { enumerable: true, get: function () { return interceptors_js_1.authTokenInterceptor; } });
|
|
46
|
+
Object.defineProperty(exports, "authTokenDPoPInterceptor", { enumerable: true, get: function () { return interceptors_js_1.authTokenDPoPInterceptor; } });
|
|
47
|
+
Object.defineProperty(exports, "authProviderInterceptor", { enumerable: true, get: function () { return interceptors_js_1.authProviderInterceptor; } });
|
|
44
48
|
var api_js_1 = require("./policy/api.js");
|
|
45
49
|
Object.defineProperty(exports, "attributeFQNsAsValues", { enumerable: true, get: function () { return api_js_1.attributeFQNsAsValues; } });
|
|
46
50
|
var discovery_js_1 = require("./policy/discovery.js");
|
|
@@ -67,4 +71,4 @@ Object.defineProperty(exports, "AttributeNotFoundError", { enumerable: true, get
|
|
|
67
71
|
Object.defineProperty(exports, "ConfigurationError", { enumerable: true, get: function () { return errors_js_1.ConfigurationError; } });
|
|
68
72
|
__exportStar(require("./seekable.js"), exports);
|
|
69
73
|
__exportStar(require("../tdf3/src/models/index.js"), exports);
|
|
70
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
74
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMENBQThGO0FBQWpELHNHQUFBLFdBQVcsT0FBQTtBQUFFLHNHQUFBLFdBQVcsT0FBQTtBQUNyRSxxRUFBcUQ7QUFDckQsMERBU2dDO0FBUjlCLHVIQUFBLG9CQUFvQixPQUFBO0FBQ3BCLDJIQUFBLHdCQUF3QixPQUFBO0FBQ3hCLDBIQUFBLHVCQUF1QixPQUFBO0FBT3pCLDBDQUF3RDtBQUEvQywrR0FBQSxxQkFBcUIsT0FBQTtBQUM5QixzREFLK0I7QUFKN0IsOEdBQUEsY0FBYyxPQUFBO0FBQ2Qsa0hBQUEsa0JBQWtCLE9BQUE7QUFDbEIsK0dBQUEsZUFBZSxPQUFBO0FBQ2Ysb0hBQUEsb0JBQW9CLE9BQUE7QUFFdEIsMkNBQW1FO0FBQTFELHFHQUFBLE9BQU8sT0FBQTtBQUFFLHdHQUFBLFVBQVUsT0FBQTtBQUFFLDRHQUFBLGNBQWMsT0FBQTtBQUM1Qyw2Q0FBa0c7QUFBekYsNkdBQUEsY0FBYyxPQUFBO0FBQ3ZCLCtDQUE2QjtBQUM3Qix5Q0FVcUI7QUFUbkIscUdBQUEsUUFBUSxPQUFBO0FBQ1Isa0hBQUEscUJBQXFCLE9BQUE7QUFDckIsMkdBQUEsY0FBYyxPQUFBO0FBQ2QsNkdBQUEsZ0JBQWdCLE9BQUE7QUFDaEIseUdBQUEsWUFBWSxPQUFBO0FBQ1oseUdBQUEsWUFBWSxPQUFBO0FBQ1oscUhBQUEsd0JBQXdCLE9BQUE7QUFDeEIsbUhBQUEsc0JBQXNCLE9BQUE7QUFDdEIsK0dBQUEsa0JBQWtCLE9BQUE7QUFFcEIsZ0RBQThCO0FBQzlCLDhEQUE0QyJ9
|
package/dist/cjs/src/opentdf.js
CHANGED
|
@@ -52,18 +52,10 @@ const index_js_3 = require("./encodings/index.js");
|
|
|
52
52
|
* It also requires a platform URL to be set, which is used to fetch key access servers and policies.
|
|
53
53
|
* @example
|
|
54
54
|
* ```
|
|
55
|
-
* import {
|
|
56
|
-
*
|
|
57
|
-
* const oidcCredentials: RefreshTokenCredentials = {
|
|
58
|
-
* clientId: keycloakClientId,
|
|
59
|
-
* exchange: 'refresh',
|
|
60
|
-
* refreshToken: refreshToken,
|
|
61
|
-
* oidcOrigin: keycloakUrl,
|
|
62
|
-
* };
|
|
63
|
-
* const authProvider = await AuthProviders.refreshAuthProvider(oidcCredentials);
|
|
55
|
+
* import { authTokenInterceptor, OpenTDF } from '@opentdf/sdk';
|
|
64
56
|
*
|
|
65
57
|
* const client = new OpenTDF({
|
|
66
|
-
*
|
|
58
|
+
* interceptors: [authTokenInterceptor(() => `${myAuth.token.accessToken}`)],
|
|
67
59
|
* platformUrl: 'https://platform.example.com',
|
|
68
60
|
* });
|
|
69
61
|
*
|
|
@@ -76,8 +68,12 @@ const index_js_3 = require("./encodings/index.js");
|
|
|
76
68
|
* ```
|
|
77
69
|
*/
|
|
78
70
|
class OpenTDF {
|
|
79
|
-
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }) {
|
|
71
|
+
constructor({ authProvider, interceptors, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }) {
|
|
72
|
+
if (!authProvider && !interceptors?.length) {
|
|
73
|
+
throw new errors_js_1.ConfigurationError('Either authProvider or interceptors must be provided.');
|
|
74
|
+
}
|
|
80
75
|
this.authProvider = authProvider;
|
|
76
|
+
this.interceptors = interceptors;
|
|
81
77
|
this.defaultCreateOptions = defaultCreateOptions || {};
|
|
82
78
|
this.defaultReadOptions = defaultReadOptions || {};
|
|
83
79
|
this.dpopEnabled = !disableDPoP;
|
|
@@ -93,6 +89,7 @@ class OpenTDF {
|
|
|
93
89
|
this.dpopKeys = dpopKeys ?? this.cryptoService.generateSigningKeyPair();
|
|
94
90
|
this.tdf3Client = new index_js_2.Client({
|
|
95
91
|
authProvider,
|
|
92
|
+
interceptors,
|
|
96
93
|
dpopEnabled: this.dpopEnabled,
|
|
97
94
|
dpopKeys: this.dpopEnabled ? this.dpopKeys : undefined,
|
|
98
95
|
kasEndpoint: this.platformUrl || 'https://disallow.all.invalid',
|
|
@@ -100,21 +97,32 @@ class OpenTDF {
|
|
|
100
97
|
policyEndpoint,
|
|
101
98
|
cryptoService: this.cryptoService,
|
|
102
99
|
});
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
100
|
+
if (interceptors?.length && !authProvider) {
|
|
101
|
+
// Interceptor path: no updateClientPublicKey needed.
|
|
102
|
+
// DPoP key binding is handled by the interceptor itself.
|
|
103
|
+
this.ready = Promise.resolve();
|
|
104
|
+
}
|
|
105
|
+
else if (authProvider) {
|
|
106
|
+
// Legacy AuthProvider path: eagerly bind DPoP keys to the auth provider
|
|
107
|
+
// so PlatformClient can make gRPC calls without waiting for a TDF
|
|
108
|
+
// operation first.
|
|
109
|
+
// Note: TDF3Client.createSessionKeys() also calls updateClientPublicKey
|
|
110
|
+
// with the same keys, but the duplicate call is benign —
|
|
111
|
+
// refreshTokenClaimsWithClientPubkeyIfNeeded short-circuits when
|
|
112
|
+
// the signing key hasn't changed.
|
|
113
|
+
this.ready = this.dpopEnabled
|
|
114
|
+
? this.dpopKeys.then((keys) => authProvider.updateClientPublicKey(keys))
|
|
115
|
+
: Promise.resolve();
|
|
116
|
+
// Prevent unhandled rejection if caller doesn't await ready.
|
|
117
|
+
// The error will still surface via TDF3Client's own key binding
|
|
118
|
+
// when encrypt/decrypt is called.
|
|
119
|
+
this.ready.catch((err) => {
|
|
120
|
+
console.warn('OpenTDF: DPoP key binding failed during initialization:', err);
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
else {
|
|
124
|
+
this.ready = Promise.resolve();
|
|
125
|
+
}
|
|
118
126
|
}
|
|
119
127
|
/** Creates a new TDF stream. */
|
|
120
128
|
async createTDF(opts) {
|
|
@@ -243,21 +251,21 @@ class ZTDFReader {
|
|
|
243
251
|
throw new errors_js_1.ConfigurationError('platformUrl is required when allowedKasEndpoints is empty');
|
|
244
252
|
}
|
|
245
253
|
const dpopKeys = await this.client.dpopKeys;
|
|
246
|
-
const {
|
|
247
|
-
if (!
|
|
248
|
-
throw new errors_js_1.ConfigurationError('authProvider
|
|
254
|
+
const { auth, cryptoService } = this.client;
|
|
255
|
+
if (!auth) {
|
|
256
|
+
throw new errors_js_1.ConfigurationError('authProvider or interceptors are required');
|
|
249
257
|
}
|
|
250
258
|
let allowList;
|
|
251
259
|
if (this.opts.allowedKASEndpoints?.length || this.opts.ignoreAllowlist) {
|
|
252
260
|
allowList = new access_js_1.OriginAllowList(this.opts.allowedKASEndpoints || [], this.opts.ignoreAllowlist);
|
|
253
261
|
}
|
|
254
262
|
else if (this.opts.platformUrl) {
|
|
255
|
-
allowList = await (0, access_js_1.fetchKeyAccessServers)(this.opts.platformUrl,
|
|
263
|
+
allowList = await (0, access_js_1.fetchKeyAccessServers)(this.opts.platformUrl, auth);
|
|
256
264
|
}
|
|
257
265
|
const overview = await this.overview;
|
|
258
266
|
const oldStream = await (0, tdf_js_1.decryptStreamFrom)({
|
|
259
267
|
allowList,
|
|
260
|
-
|
|
268
|
+
auth,
|
|
261
269
|
chunker: this.source,
|
|
262
270
|
concurrencyLimit: 1,
|
|
263
271
|
cryptoService,
|
|
@@ -305,4 +313,4 @@ class ZTDFReader {
|
|
|
305
313
|
return this.requiredObligations ?? { fqns: [] };
|
|
306
314
|
}
|
|
307
315
|
}
|
|
308
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUNBLDJDQUFtRTtBQUNuRSx3REFBbUU7QUFBMUQsc0dBQUEsTUFBTSxPQUFjO0FBQzdCLCtDQUFpRjtBQUNqRiwwREFBbUU7QUFFbkUsa0ZBQW9FO0FBTXBFLDJDQUtxQjtBQTZCbkIscUdBOUJBLGdDQUFvQixPQThCQTtBQXBCdEIsK0NBSzRCO0FBQzVCLG1EQUE4QztBQXNNOUM7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQThCRztBQUNILE1BQWEsT0FBTztJQXNCbEIsWUFBWSxFQUNWLFlBQVksRUFDWixRQUFRLEVBQ1Isb0JBQW9CLEVBQ3BCLGtCQUFrQixFQUNsQixXQUFXLEVBQ1gsY0FBYyxFQUNkLFdBQVcsRUFDWCxhQUFhLEdBQ0U7UUFDZixJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztRQUNqQyxJQUFJLENBQUMsb0JBQW9CLEdBQUcsb0JBQW9CLElBQUksRUFBRSxDQUFDO1FBQ3ZELElBQUksQ0FBQyxrQkFBa0IsR0FBRyxrQkFBa0IsSUFBSSxFQUFFLENBQUM7UUFDbkQsSUFBSSxDQUFDLFdBQVcsR0FBRyxDQUFDLFdBQVcsQ0FBQztRQUNoQyxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQ2hCLElBQUksQ0FBQyxXQUFXLEdBQUcsV0FBVyxDQUFDO1FBQ2pDLENBQUM7YUFBTSxDQUFDO1lBQ04sT0FBTyxDQUFDLElBQUksQ0FDVix1SEFBdUgsQ0FDeEgsQ0FBQztRQUNKLENBQUM7UUFDRCxJQUFJLENBQUMsY0FBYyxHQUFHLGNBQWMsSUFBSSxFQUFFLENBQUM7UUFDM0MsSUFBSSxDQUFDLGFBQWEsR0FBRyxhQUFhLElBQUksb0JBQW9CLENBQUM7UUFDM0QsZ0VBQWdFO1FBQ2hFLElBQUksQ0FBQyxRQUFRLEdBQUcsUUFBUSxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztRQUN4RSxJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksaUJBQVUsQ0FBQztZQUMvQixZQUFZO1lBQ1osV0FBVyxFQUFFLElBQUksQ0FBQyxXQUFXO1lBQzdCLFFBQVEsRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQ3RELFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVyxJQUFJLDhCQUE4QjtZQUMvRCxXQUFXO1lBQ1gsY0FBYztZQUNkLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtTQUNsQyxDQUFDLENBQUM7UUFDSCxnRUFBZ0U7UUFDaEUsaUVBQWlFO1FBQ2pFLHdFQUF3RTtRQUN4RSx5REFBeUQ7UUFDekQsaUVBQWlFO1FBQ2pFLGtDQUFrQztRQUNsQyxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxXQUFXO1lBQzNCLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsWUFBWSxDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ3hFLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDdEIsNkRBQTZEO1FBQzdELGdFQUFnRTtRQUNoRSxrQ0FBa0M7UUFDbEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTtZQUN2QixPQUFPLENBQUMsSUFBSSxDQUFDLHlEQUF5RCxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQy9FLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELGdDQUFnQztJQUNoQyxLQUFLLENBQUMsU0FBUyxDQUFDLElBQXNCO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFVBQVUsQ0FBQyxJQUF1QjtRQUN0QyxJQUFJLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxHQUFHLElBQUksRUFBRSxDQUFDO1FBQ2pELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUM7WUFDOUMsTUFBTSxFQUFFLE1BQU0sSUFBQSw0QkFBYyxFQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7WUFFekMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtZQUN2QyxhQUFhLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxhQUFhO1lBQ25DLGtCQUFrQixFQUFFLElBQUksQ0FBQyxrQkFBa0I7WUFDM0MsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixLQUFLLEVBQUU7Z0JBQ0wsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO2FBQzVCO1lBQ0QsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixvQkFBb0IsRUFBRSxJQUFJLENBQUMsb0JBQW9CO1lBQy9DLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYztTQUNwQyxDQUFDLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBb0IsU0FBUyxDQUFDLE1BQU0sQ0FBQztRQUNqRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVELHNEQUFzRDtJQUN0RCxJQUFJLENBQUMsSUFBaUI7UUFDcEIsSUFBSSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUMvQyxPQUFPLElBQUksaUJBQWlCLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRCwyQkFBMkI7SUFDM0IsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFpQjtRQUMxQixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQy9CLE9BQU8sTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQzFCLENBQUM7SUFFRCw4REFBOEQ7SUFDOUQsS0FBSztRQUNILGdEQUFnRDtJQUNsRCxDQUFDO0NBQ0Y7QUExSEQsMEJBMEhDO0FBRUQsb0RBQW9EO0FBQ3BELE1BQU0saUJBQWlCO0lBR3JCLFlBQ1csS0FBYyxFQUNkLElBQWlCO1FBRGpCLFVBQUssR0FBTCxLQUFLLENBQVM7UUFDZCxTQUFJLEdBQUosSUFBSSxDQUFhO1FBSDVCLFVBQUssR0FBa0YsTUFBTSxDQUFDO1FBSzVGLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsV0FBVyxDQUFDO1FBQ3pCLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBQSx3QkFBVSxFQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxNQUFNLEdBQUcsTUFBTSxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JELElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQ2pELENBQUM7UUFDRCxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLElBQUksTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdDLElBQUksQ0FBQyxLQUFLLEdBQUcsUUFBUSxDQUFDO1lBQ3RCLE9BQU8sSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDcEIsTUFBTSxJQUFJLDRCQUFnQixDQUFDLDZDQUE2QyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVELDZDQUE2QztJQUM3QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUM3QixDQUFDO0lBRUQsMkNBQTJDO0lBQzNDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLEtBQUs7UUFDVCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsT0FBTztRQUNULENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsaUNBQWlDO1lBQ2pDLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1lBQ3BCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxTQUFTLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUU7WUFDOUIsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDdEIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7SUFDOUIsQ0FBQztDQUNGO0FBRUQsK0JBQStCO0FBQy9CLE1BQU0sVUFBVTtJQUlkLFlBQ1csTUFBa0IsRUFDbEIsSUFBaUIsRUFDakIsTUFBZTtRQUZmLFdBQU0sR0FBTixNQUFNLENBQVk7UUFDbEIsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUNqQixXQUFNLEdBQU4sTUFBTSxDQUFTO1FBRXhCLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBQSxzQkFBYSxFQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLEVBQ0oseUJBQXlCLEVBQ3pCLFFBQVEsRUFBRSxrQkFBa0IsRUFDNUIsb0JBQW9CLEdBQ3JCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUVkLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzNGLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO1FBQzVGLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBRTVDLE1BQU0sRUFBRSxZQUFZLEVBQUUsYUFBYSxFQUFFLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUNwRCxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbEIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7UUFDM0QsQ0FBQztRQUVELElBQUksU0FBc0MsQ0FBQztRQUUzQyxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLEVBQUUsTUFBTSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDdkUsU0FBUyxHQUFHLElBQUksMkJBQWUsQ0FDN0IsSUFBSSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxFQUFFLEVBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUMxQixDQUFDO1FBQ0osQ0FBQzthQUFNLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNqQyxTQUFTLEdBQUcsTUFBTSxJQUFBLGlDQUFxQixFQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBQy9FLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDckMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFBLDBCQUFpQixFQUN2QztZQUNFLFNBQVM7WUFDVCxZQUFZO1lBQ1osT0FBTyxFQUFFLElBQUksQ0FBQyxNQUFNO1lBQ3BCLGdCQUFnQixFQUFFLENBQUM7WUFDbkIsYUFBYTtZQUNiLFFBQVE7WUFDUix1QkFBdUIsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyx1QkFBdUI7WUFDekUsYUFBYSxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDN0IsZUFBZSxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLGVBQWU7WUFDekQseUJBQXlCO1lBQ3pCLGtCQUFrQjtZQUNsQixvQkFBb0I7WUFDcEIsc0JBQXNCLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyx5QkFBeUIsSUFBSSxFQUFFO1NBQ2xFLEVBQ0QsUUFBUSxDQUNULENBQUM7UUFDRixJQUFJLENBQUMsbUJBQW1CLEdBQUc7WUFDekIsSUFBSSxFQUFFLFNBQVMsQ0FBQyxXQUFXLEVBQUU7U0FDOUIsQ0FBQztRQUNGLE1BQU0sTUFBTSxHQUFvQixTQUFTLENBQUMsTUFBTSxDQUFDO1FBQ2pELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDckQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLEtBQUs7UUFDVCx5REFBeUQ7SUFDM0QsQ0FBQztJQUVELDRDQUE0QztJQUM1QyxLQUFLLENBQUMsUUFBUTtRQUNaLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNyQyxPQUFPLFFBQVEsQ0FBQyxRQUFRLENBQUM7SUFDM0IsQ0FBQztJQUVELDhDQUE4QztJQUM5QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sVUFBVSxHQUFHLGlCQUFNLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN4RSxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBVyxDQUFDO1FBQ2hELE9BQU8sTUFBTSxFQUFFLElBQUksRUFBRSxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsV0FBVztRQUNmLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDN0IsT0FBTyxJQUFJLENBQUMsbUJBQW1CLENBQUM7UUFDbEMsQ0FBQztRQUNELE1BQU0sSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLG1CQUFtQixJQUFJLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxDQUFDO0lBQ2xELENBQUM7Q0FDRiJ9
|
|
316
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUVBLDJDQUFtRTtBQUNuRSx3REFBbUU7QUFBMUQsc0dBQUEsTUFBTSxPQUFjO0FBQzdCLCtDQUFpRjtBQUNqRiwwREFBbUU7QUFFbkUsa0ZBQW9FO0FBTXBFLDJDQUtxQjtBQTZCbkIscUdBOUJBLGdDQUFvQixPQThCQTtBQXBCdEIsK0NBSzRCO0FBQzVCLG1EQUE4QztBQStNOUM7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FzQkc7QUFDSCxNQUFhLE9BQU87SUF3QmxCLFlBQVksRUFDVixZQUFZLEVBQ1osWUFBWSxFQUNaLFFBQVEsRUFDUixvQkFBb0IsRUFDcEIsa0JBQWtCLEVBQ2xCLFdBQVcsRUFDWCxjQUFjLEVBQ2QsV0FBVyxFQUNYLGFBQWEsR0FDRTtRQUNmLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDM0MsTUFBTSxJQUFJLDhCQUFrQixDQUFDLHVEQUF1RCxDQUFDLENBQUM7UUFDeEYsQ0FBQztRQUNELElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxvQkFBb0IsR0FBRyxvQkFBb0IsSUFBSSxFQUFFLENBQUM7UUFDdkQsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGtCQUFrQixJQUFJLEVBQUUsQ0FBQztRQUNuRCxJQUFJLENBQUMsV0FBVyxHQUFHLENBQUMsV0FBVyxDQUFDO1FBQ2hDLElBQUksV0FBVyxFQUFFLENBQUM7WUFDaEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxXQUFXLENBQUM7UUFDakMsQ0FBQzthQUFNLENBQUM7WUFDTixPQUFPLENBQUMsSUFBSSxDQUNWLHVIQUF1SCxDQUN4SCxDQUFDO1FBQ0osQ0FBQztRQUNELElBQUksQ0FBQyxjQUFjLEdBQUcsY0FBYyxJQUFJLEVBQUUsQ0FBQztRQUMzQyxJQUFJLENBQUMsYUFBYSxHQUFHLGFBQWEsSUFBSSxvQkFBb0IsQ0FBQztRQUMzRCxnRUFBZ0U7UUFDaEUsSUFBSSxDQUFDLFFBQVEsR0FBRyxRQUFRLElBQUksSUFBSSxDQUFDLGFBQWEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1FBQ3hFLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxpQkFBVSxDQUFDO1lBQy9CLFlBQVk7WUFDWixZQUFZO1lBQ1osV0FBVyxFQUFFLElBQUksQ0FBQyxXQUFXO1lBQzdCLFFBQVEsRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQ3RELFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVyxJQUFJLDhCQUE4QjtZQUMvRCxXQUFXO1lBQ1gsY0FBYztZQUNkLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtTQUNsQyxDQUFDLENBQUM7UUFFSCxJQUFJLFlBQVksRUFBRSxNQUFNLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUMxQyxxREFBcUQ7WUFDckQseURBQXlEO1lBQ3pELElBQUksQ0FBQyxLQUFLLEdBQUcsT0FBTyxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ2pDLENBQUM7YUFBTSxJQUFJLFlBQVksRUFBRSxDQUFDO1lBQ3hCLHdFQUF3RTtZQUN4RSxrRUFBa0U7WUFDbEUsbUJBQW1CO1lBQ25CLHdFQUF3RTtZQUN4RSx5REFBeUQ7WUFDekQsaUVBQWlFO1lBQ2pFLGtDQUFrQztZQUNsQyxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxXQUFXO2dCQUMzQixDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLFlBQVksQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDeEUsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN0Qiw2REFBNkQ7WUFDN0QsZ0VBQWdFO1lBQ2hFLGtDQUFrQztZQUNsQyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO2dCQUN2QixPQUFPLENBQUMsSUFBSSxDQUFDLHlEQUF5RCxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBQy9FLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQzthQUFNLENBQUM7WUFDTixJQUFJLENBQUMsS0FBSyxHQUFHLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNqQyxDQUFDO0lBQ0gsQ0FBQztJQUVELGdDQUFnQztJQUNoQyxLQUFLLENBQUMsU0FBUyxDQUFDLElBQXNCO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFVBQVUsQ0FBQyxJQUF1QjtRQUN0QyxJQUFJLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxHQUFHLElBQUksRUFBRSxDQUFDO1FBQ2pELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUM7WUFDOUMsTUFBTSxFQUFFLE1BQU0sSUFBQSw0QkFBYyxFQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7WUFFekMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtZQUN2QyxhQUFhLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxhQUFhO1lBQ25DLGtCQUFrQixFQUFFLElBQUksQ0FBQyxrQkFBa0I7WUFDM0MsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixLQUFLLEVBQUU7Z0JBQ0wsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO2FBQzVCO1lBQ0QsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixvQkFBb0IsRUFBRSxJQUFJLENBQUMsb0JBQW9CO1lBQy9DLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYztTQUNwQyxDQUFDLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBb0IsU0FBUyxDQUFDLE1BQU0sQ0FBQztRQUNqRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVELHNEQUFzRDtJQUN0RCxJQUFJLENBQUMsSUFBaUI7UUFDcEIsSUFBSSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUMvQyxPQUFPLElBQUksaUJBQWlCLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRCwyQkFBMkI7SUFDM0IsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFpQjtRQUMxQixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQy9CLE9BQU8sTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQzFCLENBQUM7SUFFRCw4REFBOEQ7SUFDOUQsS0FBSztRQUNILGdEQUFnRDtJQUNsRCxDQUFDO0NBQ0Y7QUE1SUQsMEJBNElDO0FBRUQsb0RBQW9EO0FBQ3BELE1BQU0saUJBQWlCO0lBR3JCLFlBQ1csS0FBYyxFQUNkLElBQWlCO1FBRGpCLFVBQUssR0FBTCxLQUFLLENBQVM7UUFDZCxTQUFJLEdBQUosSUFBSSxDQUFhO1FBSDVCLFVBQUssR0FBa0YsTUFBTSxDQUFDO1FBSzVGLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsV0FBVyxDQUFDO1FBQ3pCLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBQSx3QkFBVSxFQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxNQUFNLEdBQUcsTUFBTSxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JELElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQ2pELENBQUM7UUFDRCxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLElBQUksTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdDLElBQUksQ0FBQyxLQUFLLEdBQUcsUUFBUSxDQUFDO1lBQ3RCLE9BQU8sSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDcEIsTUFBTSxJQUFJLDRCQUFnQixDQUFDLDZDQUE2QyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVELDZDQUE2QztJQUM3QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUM3QixDQUFDO0lBRUQsMkNBQTJDO0lBQzNDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLEtBQUs7UUFDVCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsT0FBTztRQUNULENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsaUNBQWlDO1lBQ2pDLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1lBQ3BCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxTQUFTLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUU7WUFDOUIsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDdEIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7SUFDOUIsQ0FBQztDQUNGO0FBRUQsK0JBQStCO0FBQy9CLE1BQU0sVUFBVTtJQUlkLFlBQ1csTUFBa0IsRUFDbEIsSUFBaUIsRUFDakIsTUFBZTtRQUZmLFdBQU0sR0FBTixNQUFNLENBQVk7UUFDbEIsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUNqQixXQUFNLEdBQU4sTUFBTSxDQUFTO1FBRXhCLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBQSxzQkFBYSxFQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLEVBQ0oseUJBQXlCLEVBQ3pCLFFBQVEsRUFBRSxrQkFBa0IsRUFDNUIsb0JBQW9CLEdBQ3JCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUVkLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzNGLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO1FBQzVGLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBRTVDLE1BQU0sRUFBRSxJQUFJLEVBQUUsYUFBYSxFQUFFLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUM1QyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDVixNQUFNLElBQUksOEJBQWtCLENBQUMsMkNBQTJDLENBQUMsQ0FBQztRQUM1RSxDQUFDO1FBRUQsSUFBSSxTQUFzQyxDQUFDO1FBRTNDLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxNQUFNLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUN2RSxTQUFTLEdBQUcsSUFBSSwyQkFBZSxDQUM3QixJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixJQUFJLEVBQUUsRUFDbkMsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQzFCLENBQUM7UUFDSixDQUFDO2FBQU0sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2pDLFNBQVMsR0FBRyxNQUFNLElBQUEsaUNBQXFCLEVBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDdkUsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNyQyxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUEsMEJBQWlCLEVBQ3ZDO1lBQ0UsU0FBUztZQUNULElBQUk7WUFDSixPQUFPLEVBQUUsSUFBSSxDQUFDLE1BQU07WUFDcEIsZ0JBQWdCLEVBQUUsQ0FBQztZQUNuQixhQUFhO1lBQ2IsUUFBUTtZQUNSLHVCQUF1QixFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLHVCQUF1QjtZQUN6RSxhQUFhLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUM3QixlQUFlLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsZUFBZTtZQUN6RCx5QkFBeUI7WUFDekIsa0JBQWtCO1lBQ2xCLG9CQUFvQjtZQUNwQixzQkFBc0IsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLHlCQUF5QixJQUFJLEVBQUU7U0FDbEUsRUFDRCxRQUFRLENBQ1QsQ0FBQztRQUNGLElBQUksQ0FBQyxtQkFBbUIsR0FBRztZQUN6QixJQUFJLEVBQUUsU0FBUyxDQUFDLFdBQVcsRUFBRTtTQUM5QixDQUFDO1FBQ0YsTUFBTSxNQUFNLEdBQW9CLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDakQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNyRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLLENBQUMsS0FBSztRQUNULHlEQUF5RDtJQUMzRCxDQUFDO0lBRUQsNENBQTRDO0lBQzVDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ3JDLE9BQU8sUUFBUSxDQUFDLFFBQVEsQ0FBQztJQUMzQixDQUFDO0lBRUQsOENBQThDO0lBQzlDLEtBQUssQ0FBQyxVQUFVO1FBQ2QsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDdkMsTUFBTSxVQUFVLEdBQUcsaUJBQU0sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3hFLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFXLENBQUM7UUFDaEQsT0FBTyxNQUFNLEVBQUUsSUFBSSxFQUFFLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDcEUsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxXQUFXO1FBQ2YsSUFBSSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUM3QixPQUFPLElBQUksQ0FBQyxtQkFBbUIsQ0FBQztRQUNsQyxDQUFDO1FBQ0QsTUFBTSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDckIsT0FBTyxJQUFJLENBQUMsbUJBQW1CLElBQUksRUFBRSxJQUFJLEVBQUUsRUFBRSxFQUFFLENBQUM7SUFDbEQsQ0FBQztDQUNGIn0=
|