@opentdf/sdk 0.13.0-beta.122 → 0.13.0-beta.123
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +60 -10
- package/dist/cjs/src/access/access-rpc.js +6 -5
- package/dist/cjs/src/access.js +18 -5
- package/dist/cjs/src/auth/interceptors.js +186 -0
- package/dist/cjs/src/index.js +6 -2
- package/dist/cjs/src/opentdf.js +40 -32
- package/dist/cjs/src/platform.js +3 -46
- package/dist/cjs/src/policy/api.js +9 -5
- package/dist/cjs/src/policy/discovery.js +10 -9
- package/dist/cjs/tdf3/src/client/index.js +35 -17
- package/dist/cjs/tdf3/src/tdf.js +8 -7
- package/dist/types/src/access/access-rpc.d.ts +3 -3
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +3 -3
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/interceptors.d.ts +99 -0
- package/dist/types/src/auth/interceptors.d.ts.map +1 -0
- package/dist/types/src/index.d.ts +1 -0
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +18 -15
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/platform.d.ts +6 -3
- package/dist/types/src/platform.d.ts.map +1 -1
- package/dist/types/src/policy/api.d.ts +3 -3
- package/dist/types/src/policy/api.d.ts.map +1 -1
- package/dist/types/src/policy/discovery.d.ts +5 -5
- package/dist/types/src/policy/discovery.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +10 -1
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +5 -2
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/web/src/access/access-rpc.js +6 -5
- package/dist/web/src/access.js +18 -5
- package/dist/web/src/auth/interceptors.js +142 -0
- package/dist/web/src/index.js +2 -1
- package/dist/web/src/opentdf.js +40 -32
- package/dist/web/src/platform.js +3 -46
- package/dist/web/src/policy/api.js +9 -5
- package/dist/web/src/policy/discovery.js +10 -9
- package/dist/web/tdf3/src/client/index.js +35 -17
- package/dist/web/tdf3/src/tdf.js +8 -7
- package/package.json +1 -1
- package/src/access/access-rpc.ts +5 -5
- package/src/access.ts +29 -13
- package/src/auth/interceptors.ts +197 -0
- package/src/index.ts +10 -0
- package/src/opentdf.ts +54 -34
- package/src/platform.ts +8 -52
- package/src/policy/api.ts +8 -5
- package/src/policy/discovery.ts +9 -9
- package/tdf3/src/client/index.ts +46 -17
- package/tdf3/src/tdf.ts +14 -11
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { fetchKasPublicKey } from '../tdf.js';
|
|
2
2
|
import { CryptoService } from '../crypto/declarations.js';
|
|
3
3
|
import { type AuthProvider, HttpRequest, withHeaders } from '../../../src/auth/auth.js';
|
|
4
|
+
import { type AuthConfig } from '../../../src/auth/interceptors.js';
|
|
5
|
+
import { type Interceptor } from '@connectrpc/connect';
|
|
4
6
|
import { type DecryptParams, DecryptParamsBuilder, type DecryptSource, type EncryptParams, EncryptParamsBuilder } from './builders.js';
|
|
5
7
|
import { DecoratedReadableStream } from './DecoratedReadableStream.js';
|
|
6
8
|
import { type KasPublicKeyInfo, OriginAllowList } from '../../../src/access.js';
|
|
@@ -37,7 +39,10 @@ export interface ClientConfig {
|
|
|
37
39
|
kasPublicKey?: string;
|
|
38
40
|
oidcOrigin?: string;
|
|
39
41
|
externalJwt?: string;
|
|
42
|
+
/** @deprecated since 0.14.0. Use `interceptors` instead. */
|
|
40
43
|
authProvider?: AuthProvider;
|
|
44
|
+
/** Connect RPC interceptors for authentication. Preferred over authProvider. */
|
|
45
|
+
interceptors?: Interceptor[];
|
|
41
46
|
readerUrl?: string;
|
|
42
47
|
entityObjectEndpoint?: string;
|
|
43
48
|
fileStreamServiceWorker?: string;
|
|
@@ -83,7 +88,11 @@ export declare class Client {
|
|
|
83
88
|
readonly kasKeyInfoCache: KasKeyInfoCache;
|
|
84
89
|
readonly easEndpoint?: string;
|
|
85
90
|
readonly clientId?: string;
|
|
86
|
-
|
|
91
|
+
/**
|
|
92
|
+
* Resolved auth configuration. Set once in the constructor from either
|
|
93
|
+
* authProvider or interceptors. Threaded through all internal layers.
|
|
94
|
+
*/
|
|
95
|
+
readonly auth?: AuthConfig;
|
|
87
96
|
readonly readerUrl?: string;
|
|
88
97
|
readonly fileStreamServiceWorker?: string;
|
|
89
98
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/client/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,iBAAiB,EAKlB,MAAM,WAAW,CAAC;AAInB,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,KAAK,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/client/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,iBAAiB,EAKlB,MAAM,WAAW,CAAC;AAInB,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,KAAK,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxF,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EACL,KAAK,aAAa,EAClB,oBAAoB,EACpB,KAAK,aAAa,EAIlB,KAAK,aAAa,EAClB,oBAAoB,EAGrB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAEL,KAAK,gBAAgB,EACrB,eAAe,EAChB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,KAAK,OAAO,EAAqB,MAAM,2BAA2B,CAAC;AA2B5E,eAAO,MAAM,cAAc,GACzB,KAAK,MAAM,EACX,KAAK,MAAM,EACX,eAAe,aAAa,EAC5B,MAAM,MAAM,KACX,OAAO,CAAC,gBAAgB,CAQ1B,CAAC;AAsCF,MAAM,WAAW,YAAY;IAC3B,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB;;;;OAIG;IACH,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IAErC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,4DAA4D;IAC5D,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,gFAAgF;IAChF,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;CACpD;AAQD,wBAAsB,iBAAiB,CAAC,EACtC,YAAY,EACZ,aAAa,EACb,QAAQ,GACT,EAAE;IACD,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,aAAa,EAAE,aAAa,CAAC;IAC7B,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7B,GAAG,OAAO,CAAC,OAAO,CAAC,CAenB;AAgCD,KAAK,eAAe,GAAG;IACrB,GAAG,UAAU,CAAC,OAAO,iBAAiB,CAAC;IACvC,cAAc,EAAE,UAAU,CAAC,OAAO,iBAAiB,CAAC;CACrD,EAAE,CAAC;AAEJ,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,eAAe,EACtB,GAAG,MAAM,EAAE,UAAU,CAAC,OAAO,iBAAiB,CAAC,oCAmBhD;AAED,QAAA,MAAM,oBAAoB,GACxB,OAAO,eAAe,EACtB,GAAG,QAAQ,UAAU,CAAC,OAAO,iBAAiB,CAAC,KAC9C,UAAU,CAAC,OAAO,iBAAiB,CAQrC,CAAC;AAgDF,qBAAa,MAAM;IACjB,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IAEtC;;OAEG;IACH,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAE7B;;;OAGG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC;;;OAGG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,eAAe,CAAC;IAExC;;;;OAIG;IACH,QAAQ,CAAC,yBAAyB,EAAE,MAAM,EAAE,CAAC;IAE7C;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAE9B,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAM;IAE/C,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAE9B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC;IAE3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAE5B,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IAE1C;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAE9B,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IAEpC;;;;;;;;;OASG;gBACS,MAAM,EAAE,YAAY;IA8GhC,uHAAuH;IACvH,uBAAuB,CACrB,GAAG,MAAM,EAAE,UAAU,CAAC,OAAO,oBAAoB,CAAC,GACjD,UAAU,CAAC,OAAO,oBAAoB,CAAC;IAI1C;;;;;;;;;;;;;;OAcG;IACG,OAAO,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,uBAAuB,CAAC;IA2QpE;;;;;;;;;;;OAWG;IACG,OAAO,CAAC,EACZ,MAAM,EACN,SAAS,EACT,aAAgD,EAChD,gBAAoE,EACpE,yBAAyB,EACzB,kBAAkB,EAClB,gBAAoB,EACpB,oBAAoB,EACpB,yBAA8B,GAC/B,EAAE,aAAa,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAyCnD;;;;;;;;;OASG;IACG,WAAW,CAAC,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE;IASjD,aAAa,CAAC,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE;CAI1D;AAED,YAAY,EAAE,YAAY,EAAE,CAAC;AAE7B,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,oBAAoB,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { KasPublicKeyAlgorithm, KasPublicKeyInfo, OriginAllowList } from '../../src/access.js';
|
|
2
2
|
import { type AuthProvider } from '../../src/auth/auth.js';
|
|
3
|
+
import { type AuthConfig } from '../../src/auth/interceptors.js';
|
|
3
4
|
import { type Chunker } from '../../src/seekable.js';
|
|
4
5
|
import { AssertionConfig, AssertionVerificationKeys } from './assertions.js';
|
|
5
6
|
import { SymmetricCipher } from './ciphers/symmetric-cipher-base.js';
|
|
@@ -54,7 +55,8 @@ export type EncryptConfiguration = {
|
|
|
54
55
|
contentStream: ReadableStream<Uint8Array>;
|
|
55
56
|
mimeType?: string;
|
|
56
57
|
policy: Policy;
|
|
57
|
-
|
|
58
|
+
/** Auth configuration: AuthProvider or { interceptors }. */
|
|
59
|
+
auth?: AuthConfig;
|
|
58
60
|
byteLimit: number;
|
|
59
61
|
progressHandler?: (bytesProcessed: number) => void;
|
|
60
62
|
keyForEncryption: KeyInfo;
|
|
@@ -67,7 +69,8 @@ export type DecryptConfiguration = {
|
|
|
67
69
|
fulfillableObligations: string[];
|
|
68
70
|
allowedKases?: string[];
|
|
69
71
|
allowList?: OriginAllowList;
|
|
70
|
-
|
|
72
|
+
/** Auth configuration: AuthProvider or { interceptors }. */
|
|
73
|
+
auth?: AuthConfig;
|
|
71
74
|
cryptoService: CryptoService;
|
|
72
75
|
dpopKeys: KeyPair;
|
|
73
76
|
chunker: Chunker;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tdf.d.ts","sourceRoot":"","sources":["../../../../tdf3/src/tdf.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EAIhB,MAAM,qBAAqB,CAAC;AAS7B,OAAO,EAAE,KAAK,YAAY,EAAgB,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"tdf.d.ts","sourceRoot":"","sources":["../../../../tdf3/src/tdf.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EAIhB,MAAM,qBAAqB,CAAC;AAS7B,OAAO,EAAE,KAAK,YAAY,EAAgB,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAajE,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,eAAe,EAAgB,yBAAyB,EAAE,MAAM,iBAAiB,CAAC;AAI3F,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAC9E,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,OAAO,EACZ,KAAK,YAAY,EAClB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAEL,aAAa,EACb,OAAO,EACP,QAAQ,EACR,MAAM,EACN,QAAQ,EAER,SAAS,EACT,eAAe,EACf,SAAS,EACV,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,SAAS,EAAwC,MAAM,kBAAkB,CAAC;AACnF,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAczD;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,aAAa,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;AAEpD,MAAM,MAAM,QAAQ,GAAG,OAAO,CAAC;AAE/B,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,aAAa,CAAC;IACpB,GAAG,CAAC,EAAE,qBAAqB,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,aAAa,CAAC;CAC9B,CAAC;AAeF,KAAK,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,GAAG;IAC7B,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC,KAAK,IAAI,CAAC;IACxB,MAAM,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;CAChC,CAAC;AAiBF,KAAK,KAAK,GAAG;IACX,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;CACxC,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,OAAO,CAAC;AAElD,MAAM,MAAM,oBAAoB,GAAG;IACjC,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,aAAa,EAAE,aAAa,CAAC;IAC7B,QAAQ,EAAE,OAAO,CAAC;IAClB,qBAAqB,EAAE,QAAQ,CAAC;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,yBAAyB,EAAE,kBAAkB,CAAC;IAC9C,aAAa,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;IACnD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,4DAA4D;IAC5D,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,aAAa,EAAE,aAAa,CAAC;IAE7B,QAAQ,EAAE,OAAO,CAAC;IAElB,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,aAAa,CAAC;IAC7B,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;IACnD,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IACtD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,qBAAqB,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,YAAY,EAAE,YAAY,CAAC;IAE3B,UAAU,EAAE,SAAS,CAAC;IAEtB,eAAe,EAAE,QAAQ,CAAC;IAE1B,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,MAAM,CAAC;AAElD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,MAAM,EACX,SAAS,CAAC,EAAE,qBAAqB,EACjC,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,gBAAgB,CAAC,CAQ3B;AAED,wBAAsB,uBAAuB,CAC3C,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,qBAAqB,EAC1B,aAAa,EAAE,aAAa,GAC3B,OAAO,CAAC,MAAM,CAAC,CAKjB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAAC,EACnC,IAAI,EACJ,GAAG,EACH,SAAS,EACT,GAAG,EACH,QAAQ,EACR,GAAQ,EACR,GAAgB,EAChB,aAAa,GACd,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CA2BrC;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAYzD;AA+ED,wBAAsB,WAAW,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAoT7F;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IACrB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;CACtC,CAAC;AAGF,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAKnF;AAED,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,eAAe,EAAE,EAC5B,YAAY,EAAE,eAAe,GAC5B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CA6BjD;AA4UD,wBAAsB,eAAe,CAAC,EACpC,MAAM,EACN,gBAAgB,EAChB,KAAK,EACL,MAAM,EACN,aAAa,EACb,yBAAyB,EACzB,WAAW,GACZ,EAAE;IACD,MAAM,EAAE,UAAU,CAAC;IACnB,gBAAgB,EAAE,YAAY,CAAC;IAC/B,KAAK,EAAE,KAAK,EAAE,CAAC;IACf,MAAM,EAAE,eAAe,CAAC;IACxB,aAAa,EAAE,aAAa,CAAC;IAC7B,yBAAyB,EAAE,kBAAkB,CAAC;IAC9C,WAAW,EAAE,MAAM,CAAC;CACrB,iBAkCA;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,oBAAoB,oCAGzD;AAED,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,oBAAoB,EACzB,EAAE,QAAQ,EAAE,SAAS,EAAE,gBAAgB,EAAE,EAAE,oBAAoB,oCA8JhE"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { isPublicKeyAlgorithm, OriginAllowList, } from '../access.js';
|
|
2
|
+
import { resolveInterceptors } from '../auth/interceptors.js';
|
|
2
3
|
import { ConfigurationError, InvalidFileError, NetworkError, PermissionDeniedError, ServiceError, UnauthenticatedError, } from '../errors.js';
|
|
3
4
|
import { PlatformClient } from '../platform.js';
|
|
4
5
|
import { extractRpcErrorMessage, getPlatformUrlFromKasEndpoint, validateSecureUrl, } from '../utils.js';
|
|
@@ -12,9 +13,9 @@ import { ConnectError, Code } from '@connectrpc/connect';
|
|
|
12
13
|
* @param rewrapAdditionalContextHeader optional value for 'X-Rewrap-Additional-Context'
|
|
13
14
|
* @param clientVersion
|
|
14
15
|
*/
|
|
15
|
-
export async function fetchWrappedKey(url, signedRequestToken,
|
|
16
|
+
export async function fetchWrappedKey(url, signedRequestToken, auth, rewrapAdditionalContextHeader) {
|
|
16
17
|
const platformUrl = getPlatformUrlFromKasEndpoint(url);
|
|
17
|
-
const platform = new PlatformClient({
|
|
18
|
+
const platform = new PlatformClient({ interceptors: resolveInterceptors(auth), platformUrl });
|
|
18
19
|
const options = {};
|
|
19
20
|
if (rewrapAdditionalContextHeader) {
|
|
20
21
|
options.headers = {
|
|
@@ -79,10 +80,10 @@ export function handleRpcRewrapErrorString(e, platformUrl, requiredObligations)
|
|
|
79
80
|
}
|
|
80
81
|
throw new NetworkError(`[${platformUrl}] [Rewrap] ${e}`);
|
|
81
82
|
}
|
|
82
|
-
export async function fetchKeyAccessServers(platformUrl,
|
|
83
|
+
export async function fetchKeyAccessServers(platformUrl, auth) {
|
|
83
84
|
let nextOffset = 0;
|
|
84
85
|
const allServers = [];
|
|
85
|
-
const platform = new PlatformClient({
|
|
86
|
+
const platform = new PlatformClient({ interceptors: resolveInterceptors(auth), platformUrl });
|
|
86
87
|
do {
|
|
87
88
|
let response;
|
|
88
89
|
try {
|
|
@@ -178,4 +179,4 @@ export async function fetchKasBasePubKey(kasEndpoint) {
|
|
|
178
179
|
throw new NetworkError(`[${platformUrl}] [PublicKey] ${extractRpcErrorMessage(e)}`);
|
|
179
180
|
}
|
|
180
181
|
}
|
|
181
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
182
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLXJwYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hY2Nlc3MvYWNjZXNzLXJwYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFDQSxPQUFPLEVBQ0wsb0JBQW9CLEVBR3BCLGVBQWUsR0FDaEIsTUFBTSxjQUFjLENBQUM7QUFFdEIsT0FBTyxFQUFtQixtQkFBbUIsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQy9FLE9BQU8sRUFDTCxrQkFBa0IsRUFDbEIsZ0JBQWdCLEVBQ2hCLFlBQVksRUFDWixxQkFBcUIsRUFDckIsWUFBWSxFQUNaLG9CQUFvQixHQUNyQixNQUFNLGNBQWMsQ0FBQztBQUN0QixPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFHaEQsT0FBTyxFQUNMLHNCQUFzQixFQUN0Qiw2QkFBNkIsRUFDN0IsaUJBQWlCLEdBQ2xCLE1BQU0sYUFBYSxDQUFDO0FBQ3JCLE9BQU8sRUFBRSwyQkFBMkIsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBQzdELE9BQU8sRUFBRSxZQUFZLEVBQUUsSUFBSSxFQUFFLE1BQU0scUJBQXFCLENBQUM7QUFFekQ7Ozs7Ozs7R0FPRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsZUFBZSxDQUNuQyxHQUFXLEVBQ1gsa0JBQTBCLEVBQzFCLElBQWdCLEVBQ2hCLDZCQUFzQztJQUV0QyxNQUFNLFdBQVcsR0FBRyw2QkFBNkIsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUN2RCxNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQzlGLE1BQU0sT0FBTyxHQUFnQixFQUFFLENBQUM7SUFDaEMsSUFBSSw2QkFBNkIsRUFBRSxDQUFDO1FBQ2xDLE9BQU8sQ0FBQyxPQUFPLEdBQUc7WUFDaEIsQ0FBQywyQkFBMkIsQ0FBQyxFQUFFLDZCQUE2QjtTQUM3RCxDQUFDO0lBQ0osQ0FBQztJQUNELElBQUksUUFBd0IsQ0FBQztJQUM3QixJQUFJLENBQUM7UUFDSCxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxrQkFBa0IsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQzlFLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsb0JBQW9CLENBQUMsQ0FBQyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFDRCxPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQsTUFBTSxVQUFVLG9CQUFvQixDQUFDLENBQVUsRUFBRSxXQUFtQjtJQUNsRSxJQUFJLENBQUMsWUFBWSxZQUFZLEVBQUUsQ0FBQztRQUM5QixPQUFPLENBQUMsR0FBRyxDQUFDLG9DQUFvQyxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMxRCxRQUFRLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUNmLEtBQUssSUFBSSxDQUFDLGVBQWUsRUFBRSxrQkFBa0I7Z0JBQzNDLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyxZQUFZLFdBQVcsMEJBQTBCLENBQUMsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQzVGLEtBQUssSUFBSSxDQUFDLGdCQUFnQixFQUFFLGdCQUFnQjtnQkFDMUMsTUFBTSxJQUFJLHFCQUFxQixDQUFDLFlBQVksV0FBVyw2QkFBNkIsQ0FBQyxDQUFDO1lBQ3hGLEtBQUssSUFBSSxDQUFDLGVBQWUsRUFBRSxtQkFBbUI7Z0JBQzVDLE1BQU0sSUFBSSxvQkFBb0IsQ0FBQyxZQUFZLFdBQVcsd0JBQXdCLENBQUMsQ0FBQztZQUNsRixLQUFLLElBQUksQ0FBQyxRQUFRLENBQUM7WUFDbkIsS0FBSyxJQUFJLENBQUMsYUFBYSxDQUFDO1lBQ3hCLEtBQUssSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUNuQixLQUFLLElBQUksQ0FBQyxPQUFPLENBQUM7WUFDbEIsS0FBSyxJQUFJLENBQUMsZ0JBQWdCLENBQUM7WUFDM0IsS0FBSyxJQUFJLENBQUMsV0FBVyxFQUFFLHFCQUFxQjtnQkFDMUMsTUFBTSxJQUFJLFlBQVksQ0FDcEIsR0FBRyxDQUFDLENBQUMsSUFBSSxTQUFTLFdBQVcsMkNBQTJDLENBQUMsQ0FBQyxPQUFPLEdBQUcsQ0FDckYsQ0FBQztZQUNKO2dCQUNFLE1BQU0sSUFBSSxZQUFZLENBQUMsSUFBSSxXQUFXLGNBQWMsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDckUsQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLElBQUksWUFBWSxDQUFDLElBQUksV0FBVyxjQUFjLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztBQUNuRixDQUFDO0FBRUQsTUFBTSxVQUFVLDBCQUEwQixDQUN4QyxDQUFTLEVBQ1QsV0FBbUIsRUFDbkIsbUJBQThCO0lBRTlCLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUMzQyxrQkFBa0I7UUFDbEIsTUFBTSxJQUFJLGdCQUFnQixDQUFDLFlBQVksV0FBVywwQkFBMEIsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBQ0QsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDNUMsSUFBSSxtQkFBbUIsSUFBSSxtQkFBbUIsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDMUQsTUFBTSxJQUFJLHFCQUFxQixDQUM3QixZQUFZLFdBQVcsNkJBQTZCLEVBQ3BELG1CQUFtQixDQUNwQixDQUFDO1FBQ0osQ0FBQztRQUNELE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyxZQUFZLFdBQVcsNkJBQTZCLENBQUMsQ0FBQztJQUN4RixDQUFDO0lBQ0QsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzNDLG1CQUFtQjtRQUNuQixNQUFNLElBQUksb0JBQW9CLENBQUMsWUFBWSxXQUFXLHdCQUF3QixDQUFDLENBQUM7SUFDbEYsQ0FBQztJQUNELElBQ0UsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQy9CLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUNwQyxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDL0IsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzlCLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ3ZDLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxFQUNsQyxDQUFDO1FBQ0QsUUFBUTtRQUNSLE1BQU0sSUFBSSxZQUFZLENBQUMsU0FBUyxXQUFXLDJDQUEyQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzlGLENBQUM7SUFDRCxNQUFNLElBQUksWUFBWSxDQUFDLElBQUksV0FBVyxjQUFjLENBQUMsRUFBRSxDQUFDLENBQUM7QUFDM0QsQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLFdBQW1CLEVBQ25CLElBQWdCO0lBRWhCLElBQUksVUFBVSxHQUFHLENBQUMsQ0FBQztJQUNuQixNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7SUFDdEIsTUFBTSxRQUFRLEdBQUcsSUFBSSxjQUFjLENBQUMsRUFBRSxZQUFZLEVBQUUsbUJBQW1CLENBQUMsSUFBSSxDQUFDLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUU5RixHQUFHLENBQUM7UUFDRixJQUFJLFFBQXNDLENBQUM7UUFDM0MsSUFBSSxDQUFDO1lBQ0gsUUFBUSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxvQkFBb0IsQ0FBQztnQkFDeEUsVUFBVSxFQUFFO29CQUNWLE1BQU0sRUFBRSxVQUFVO2lCQUNuQjthQUNGLENBQUMsQ0FBQztRQUNMLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1gsTUFBTSxJQUFJLFlBQVksQ0FDcEIsSUFBSSxXQUFXLDRCQUE0QixzQkFBc0IsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUN2RSxDQUFDO1FBQ0osQ0FBQztRQUVELFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUM5QyxVQUFVLEdBQUcsUUFBUSxFQUFFLFVBQVUsRUFBRSxVQUFVLElBQUksQ0FBQyxDQUFDO0lBQ3JELENBQUMsUUFBUSxVQUFVLEdBQUcsQ0FBQyxFQUFFO0lBRXpCLE1BQU0sVUFBVSxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUMxRCx3QkFBd0I7SUFDeEIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxXQUFXLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDL0MsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELE9BQU8sSUFBSSxlQUFlLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDO0FBQ2hELENBQUM7QUFZRCxTQUFTLFNBQVMsQ0FBQyxPQUFpQjtJQUNsQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDYixPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFDRCxNQUFNLEVBQUUsR0FBRyxPQUEwQixDQUFDO0lBQ3RDLE9BQU8sQ0FDTCxDQUFDLENBQUMsRUFBRSxDQUFDLE9BQU87UUFDWixDQUFDLENBQUMsRUFBRSxDQUFDLFVBQVU7UUFDZixPQUFPLEVBQUUsQ0FBQyxVQUFVLEtBQUssUUFBUTtRQUNqQyxDQUFDLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxHQUFHO1FBQ25CLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVM7UUFDekIsb0JBQW9CLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FDOUMsQ0FBQztBQUNKLENBQUM7QUFFRCxNQUFNLENBQUMsS0FBSyxVQUFVLGNBQWMsQ0FDbEMsV0FBbUIsRUFDbkIsU0FBaUM7SUFFakMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzNELENBQUM7SUFDRCx1REFBdUQ7SUFDdkQsaUJBQWlCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0IsTUFBTSxXQUFXLEdBQUcsNkJBQTZCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDL0QsTUFBTSxRQUFRLEdBQUcsSUFBSSxjQUFjLENBQUM7UUFDbEMsV0FBVztLQUNaLENBQUMsQ0FBQztJQUNILElBQUksQ0FBQztRQUNILE1BQU0sRUFBRSxHQUFHLEVBQUUsU0FBUyxFQUFFLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUM7WUFDNUQsU0FBUyxFQUFFLFNBQVMsSUFBSSxVQUFVO1lBQ2xDLENBQUMsRUFBRSxHQUFHO1NBQ1AsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQXFCO1lBQy9CLFNBQVM7WUFDVCxHQUFHLEVBQUUsV0FBVztZQUNoQixTQUFTLEVBQUUsU0FBUyxJQUFJLFVBQVU7WUFDbEMsR0FBRyxDQUFDLEdBQUcsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1NBQ3BCLENBQUM7UUFDRixPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSxZQUFZLENBQUMsSUFBSSxXQUFXLGlCQUFpQixzQkFBc0IsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDdEYsQ0FBQztBQUNILENBQUM7QUFFRDs7Ozs7O0dBTUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGtCQUFrQixDQUFDLFdBQW1CO0lBQzFELElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksa0JBQWtCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUMzRCxDQUFDO0lBQ0QsaUJBQWlCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0IsTUFBTSxXQUFXLEdBQUcsNkJBQTZCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDL0QsTUFBTSxRQUFRLEdBQUcsSUFBSSxjQUFjLENBQUM7UUFDbEMsV0FBVztLQUNaLENBQUMsQ0FBQztJQUNILElBQUksQ0FBQztRQUNILE1BQU0sRUFBRSxhQUFhLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsU0FBUyxDQUFDLHlCQUF5QixDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3BGLE1BQU0sT0FBTyxHQUFHLGFBQWEsRUFBRSxRQUFzQyxDQUFDO1FBQ3RFLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksWUFBWSxDQUNwQixvQ0FBb0MsV0FBVyxnREFBZ0QsQ0FDaEcsQ0FBQztRQUNKLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBcUI7WUFDL0IsU0FBUyxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsR0FBRztZQUNqQyxHQUFHLEVBQUUsT0FBTyxDQUFDLE9BQU87WUFDcEIsU0FBUyxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsU0FBUztZQUN2QyxHQUFHLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxHQUFHO1NBQzVCLENBQUM7UUFDRixPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSxZQUFZLENBQUMsSUFBSSxXQUFXLGlCQUFpQixzQkFBc0IsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDdEYsQ0FBQztBQUNILENBQUMifQ==
|
package/dist/web/src/access.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { resolveAuthConfig } from './auth/interceptors.js';
|
|
1
2
|
import { getPlatformUrlFromKasEndpoint, validateSecureUrl } from './utils.js';
|
|
2
3
|
import { base64 } from './encodings/index.js';
|
|
3
4
|
import { fetchKasBasePubKey, fetchKeyAccessServers as fetchKeyAccessServersRpc, } from './access/access-rpc.js';
|
|
@@ -14,9 +15,16 @@ import { fetchKasPubKey as fetchKasPubKeyLegacy } from './access/access-fetch.js
|
|
|
14
15
|
* @param fulfillableObligationFQNs client-configured list of obligation value FQNs that can be fulfilled in this PEP
|
|
15
16
|
* @param clientVersion
|
|
16
17
|
*/
|
|
17
|
-
export async function fetchWrappedKey(url, signedRequestToken,
|
|
18
|
+
export async function fetchWrappedKey(url, signedRequestToken, auth, fulfillableObligationFQNs) {
|
|
18
19
|
const platformUrl = getPlatformUrlFromKasEndpoint(url);
|
|
19
|
-
|
|
20
|
+
const { interceptors, authProvider } = resolveAuthConfig(auth);
|
|
21
|
+
const rpcCall = () => fetchWrappedKeysRpc(platformUrl, signedRequestToken, { interceptors }, rewrapAdditionalContextHeader(fulfillableObligationFQNs));
|
|
22
|
+
// When no AuthProvider is available, skip the legacy fallback so the real
|
|
23
|
+
// RPC error propagates instead of being masked by tryPromisesUntilFirstSuccess.
|
|
24
|
+
if (!authProvider) {
|
|
25
|
+
return await rpcCall();
|
|
26
|
+
}
|
|
27
|
+
return await tryPromisesUntilFirstSuccess(rpcCall,
|
|
20
28
|
// We intentionally do not provide the rewrap additional context to legacy requests destined for older platforms.
|
|
21
29
|
// Platforms new enough to have knowledge of obligations will be handling RPC requests successfully.
|
|
22
30
|
() => fetchWrappedKeysLegacy(url, { signedRequestToken }, authProvider));
|
|
@@ -91,8 +99,13 @@ export const publicKeyAlgorithmToJwa = (a) => {
|
|
|
91
99
|
* @param authProvider The authentication provider to use for the request.
|
|
92
100
|
* @returns A promise that resolves to an OriginAllowList.
|
|
93
101
|
*/
|
|
94
|
-
export async function fetchKeyAccessServers(platformUrl,
|
|
95
|
-
|
|
102
|
+
export async function fetchKeyAccessServers(platformUrl, auth) {
|
|
103
|
+
const { interceptors, authProvider } = resolveAuthConfig(auth);
|
|
104
|
+
const rpcCall = () => fetchKeyAccessServersRpc(platformUrl, { interceptors });
|
|
105
|
+
if (!authProvider) {
|
|
106
|
+
return await rpcCall();
|
|
107
|
+
}
|
|
108
|
+
return await tryPromisesUntilFirstSuccess(rpcCall, () => fetchKeyAccessServersLegacy(platformUrl, authProvider));
|
|
96
109
|
}
|
|
97
110
|
/**
|
|
98
111
|
* Fetch the EC (secp256r1) public key for a KAS endpoint.
|
|
@@ -172,4 +185,4 @@ async function tryPromisesUntilFirstSuccess(first, second) {
|
|
|
172
185
|
}
|
|
173
186
|
}
|
|
174
187
|
}
|
|
175
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
188
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FjY2Vzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQW1CLGlCQUFpQixFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFFNUUsT0FBTyxFQUFFLDZCQUE2QixFQUFFLGlCQUFpQixFQUFFLE1BQU0sWUFBWSxDQUFDO0FBQzlFLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUU5QyxPQUFPLEVBQ0wsa0JBQWtCLEVBQ2xCLHFCQUFxQixJQUFJLHdCQUF3QixHQUNsRCxNQUFNLHdCQUF3QixDQUFDO0FBQ2hDLE9BQU8sRUFBRSxxQkFBcUIsSUFBSSwyQkFBMkIsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQ2hHLE9BQU8sRUFBRSxlQUFlLElBQUksbUJBQW1CLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUNoRixPQUFPLEVBQUUsZUFBZSxJQUFJLHNCQUFzQixFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDckYsT0FBTyxFQUFFLGNBQWMsSUFBSSxpQkFBaUIsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBQzdFLE9BQU8sRUFBRSxjQUFjLElBQUksb0JBQW9CLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQWVsRjs7Ozs7OztHQU9HO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxlQUFlLENBQ25DLEdBQVcsRUFDWCxrQkFBMEIsRUFDMUIsSUFBZ0IsRUFDaEIseUJBQW1DO0lBRW5DLE1BQU0sV0FBVyxHQUFHLDZCQUE2QixDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3ZELE1BQU0sRUFBRSxZQUFZLEVBQUUsWUFBWSxFQUFFLEdBQUcsaUJBQWlCLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFL0QsTUFBTSxPQUFPLEdBQUcsR0FBRyxFQUFFLENBQ25CLG1CQUFtQixDQUNqQixXQUFXLEVBQ1gsa0JBQWtCLEVBQ2xCLEVBQUUsWUFBWSxFQUFFLEVBQ2hCLDZCQUE2QixDQUFDLHlCQUF5QixDQUFDLENBQ3pELENBQUM7SUFFSiwwRUFBMEU7SUFDMUUsZ0ZBQWdGO0lBQ2hGLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUNsQixPQUFPLE1BQU0sT0FBTyxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVELE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsT0FBTztJQUNQLGlIQUFpSDtJQUNqSCxvR0FBb0c7SUFDcEcsR0FBRyxFQUFFLENBQ0gsc0JBQXNCLENBQ3BCLEdBQUcsRUFDSCxFQUFFLGtCQUFrQixFQUFFLEVBQ3RCLFlBQVksQ0FDeUIsQ0FDMUMsQ0FBQztBQUNKLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxNQUFNLENBQUMsTUFBTSw2QkFBNkIsR0FBRyxDQUMzQyw4QkFBd0MsRUFDcEIsRUFBRTtJQUN0QixJQUFJLENBQUMsOEJBQThCLENBQUMsTUFBTTtRQUFFLE9BQU87SUFFbkQsTUFBTSxPQUFPLEdBQTRCO1FBQ3ZDLFdBQVcsRUFBRTtZQUNYLGVBQWUsRUFBRSw4QkFBOEIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsQ0FBQztTQUNoRjtLQUNGLENBQUM7SUFDRixPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO0FBQ2hELENBQUMsQ0FBQztBQVNGLE1BQU0sQ0FBQyxNQUFNLG9CQUFvQixHQUFHLENBQUMsQ0FBUyxFQUE4QixFQUFFO0lBQzVFLE9BQU8sQ0FBQyxLQUFLLGNBQWMsSUFBSSxDQUFDLEtBQUssVUFBVSxDQUFDO0FBQ2xELENBQUMsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLGdDQUFnQyxHQUFHLENBQUMsQ0FBWSxFQUF5QixFQUFFO0lBQ3RGLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFDdEIsSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLE9BQU8sSUFBSSxDQUFDLENBQUMsSUFBSSxLQUFLLE1BQU0sRUFBRSxDQUFDO1FBQzVDLE1BQU0sR0FBRyxHQUFHLENBQW1CLENBQUM7UUFDaEMsUUFBUSxHQUFHLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDdkIsS0FBSyxPQUFPO2dCQUNWLE9BQU8sY0FBYyxDQUFDO1lBQ3hCLEtBQUssT0FBTztnQkFDVixPQUFPLGNBQWMsQ0FBQztZQUN4QixLQUFLLE9BQU87Z0JBQ1YsT0FBTyxjQUFjLENBQUM7WUFDeEI7Z0JBQ0UsTUFBTSxJQUFJLEtBQUssQ0FBQyx5QkFBeUIsR0FBRyxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUM7UUFDL0QsQ0FBQztJQUNILENBQUM7SUFDRCxJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssVUFBVSxJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssbUJBQW1CLEVBQUUsQ0FBQztRQUM1RCxNQUFNLElBQUksR0FBRyxDQUEwQixDQUFDO1FBQ3hDLElBQUksSUFBSSxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsS0FBSyxPQUFPLEVBQUUsQ0FBQztZQUMvQyxNQUFNLElBQUksS0FBSyxDQUFDLG9DQUFvQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztRQUM3RSxDQUFDO1FBQ0QsUUFBUSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDM0IsS0FBSyxJQUFJO2dCQUNQLE9BQU8sVUFBVSxDQUFDO1lBQ3BCLEtBQUssSUFBSTtnQkFDUCxPQUFPLFVBQVUsQ0FBQztZQUNwQjtnQkFDRSxNQUFNLElBQUksS0FBSyxDQUFDLG1DQUFtQyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUMsQ0FBQztRQUM3RSxDQUFDO0lBQ0gsQ0FBQztJQUNELE1BQU0sSUFBSSxLQUFLLENBQUMsOEJBQThCLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO0FBQzFELENBQUMsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLHVCQUF1QixHQUFHLENBQUMsQ0FBd0IsRUFBVSxFQUFFO0lBQzFFLFFBQVEsQ0FBQyxFQUFFLENBQUM7UUFDVixLQUFLLGNBQWM7WUFDakIsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxVQUFVO1lBQ2IsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxVQUFVO1lBQ2IsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxjQUFjO1lBQ2pCLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssY0FBYztZQUNqQixPQUFPLE9BQU8sQ0FBQztRQUNqQjtZQUNFLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDOUQsQ0FBQztBQUNILENBQUMsQ0FBQztBQW9CRjs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLFdBQW1CLEVBQ25CLElBQWdCO0lBRWhCLE1BQU0sRUFBRSxZQUFZLEVBQUUsWUFBWSxFQUFFLEdBQUcsaUJBQWlCLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFL0QsTUFBTSxPQUFPLEdBQUcsR0FBRyxFQUFFLENBQUMsd0JBQXdCLENBQUMsV0FBVyxFQUFFLEVBQUUsWUFBWSxFQUFFLENBQUMsQ0FBQztJQUU5RSxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDbEIsT0FBTyxNQUFNLE9BQU8sRUFBRSxDQUFDO0lBQ3pCLENBQUM7SUFFRCxPQUFPLE1BQU0sNEJBQTRCLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRSxDQUN0RCwyQkFBMkIsQ0FBQyxXQUFXLEVBQUUsWUFBWSxDQUFDLENBQ3ZELENBQUM7QUFDSixDQUFDO0FBRUQ7Ozs7R0FJRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsZ0JBQWdCLENBQUMsV0FBbUI7SUFDeEQsT0FBTyxjQUFjLENBQUMsV0FBVyxFQUFFLGNBQWMsQ0FBQyxDQUFDO0FBQ3JELENBQUM7QUFFRDs7Ozs7Ozs7O0dBU0c7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGNBQWMsQ0FDbEMsV0FBbUIsRUFDbkIsU0FBaUM7SUFFakMsSUFBSSxDQUFDO1FBQ0gsT0FBTyxNQUFNLGtCQUFrQixDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUNqQixDQUFDO0lBRUQsT0FBTyxNQUFNLDRCQUE0QixDQUN2QyxHQUFHLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLEVBQUUsU0FBUyxDQUFDLEVBQy9DLEdBQUcsRUFBRSxDQUFDLG9CQUFvQixDQUFDLFdBQVcsRUFBRSxTQUFTLENBQUMsQ0FDbkQsQ0FBQztBQUNKLENBQUM7QUFFRCxNQUFNLE1BQU0sR0FBRyxDQUFDLENBQVMsRUFBVSxFQUFFO0lBQ25DLElBQUksQ0FBQztRQUNILE9BQU8sSUFBSSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDO0lBQzNCLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN2QyxNQUFNLENBQUMsQ0FBQztJQUNWLENBQUM7QUFDSCxDQUFDLENBQUM7QUFFRjs7Ozs7Ozs7R0FRRztBQUNILE1BQU0sT0FBTyxlQUFlO0lBRzFCLFlBQVksSUFBYyxFQUFFLFFBQWtCO1FBQzVDLElBQUksQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxJQUFJLENBQUMsT0FBTyxDQUFDLGlCQUFpQixDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLFFBQVEsR0FBRyxDQUFDLENBQUMsUUFBUSxDQUFDO0lBQzdCLENBQUM7SUFDRCxNQUFNLENBQUMsR0FBVztRQUNoQixJQUFJLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNsQixPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0lBQzVDLENBQUM7Q0FDRjtBQUVEOzs7OztHQUtHO0FBQ0gsS0FBSyxVQUFVLDRCQUE0QixDQUN6QyxLQUF1QixFQUN2QixNQUF3QjtJQUV4QixJQUFJLENBQUM7UUFDSCxPQUFPLE1BQU0sS0FBSyxFQUFFLENBQUM7SUFDdkIsQ0FBQztJQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7UUFDWixPQUFPLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ3JDLElBQUksQ0FBQztZQUNILE9BQU8sTUFBTSxNQUFNLEVBQUUsQ0FBQztRQUN4QixDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sR0FBRyxDQUFDO1FBQ1osQ0FBQztJQUNILENBQUM7QUFDSCxDQUFDIn0=
|
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
import * as DefaultCryptoService from '../../tdf3/src/crypto/index.js';
|
|
2
|
+
import DPoP from './dpop.js';
|
|
3
|
+
import { base64 } from '../encodings/index.js';
|
|
4
|
+
/**
|
|
5
|
+
* Creates a simple bearer-token interceptor.
|
|
6
|
+
* Calls `tokenProvider()` per-request and sets the `Authorization` header.
|
|
7
|
+
*
|
|
8
|
+
* @param tokenProvider Function returning a valid access token.
|
|
9
|
+
* @returns A Connect RPC Interceptor.
|
|
10
|
+
*
|
|
11
|
+
* @example
|
|
12
|
+
* ```ts
|
|
13
|
+
* const opentdf = new OpenTDF({
|
|
14
|
+
* interceptors: [authTokenInterceptor(() => myAuth.getAccessToken())],
|
|
15
|
+
* platformUrl: '/api',
|
|
16
|
+
* });
|
|
17
|
+
* ```
|
|
18
|
+
*/
|
|
19
|
+
export function authTokenInterceptor(tokenProvider) {
|
|
20
|
+
return (next) => async (req) => {
|
|
21
|
+
const token = await tokenProvider();
|
|
22
|
+
req.header.set('Authorization', `Bearer ${token}`);
|
|
23
|
+
return next(req);
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Creates a DPoP-aware auth interceptor.
|
|
28
|
+
* Per-request: gets token, generates DPoP proof JWT, sets Authorization + DPoP + X-VirtruPubKey headers.
|
|
29
|
+
* Exposes `dpopKeys` for TDF request body signing.
|
|
30
|
+
*
|
|
31
|
+
* @param options DPoP interceptor configuration.
|
|
32
|
+
* @returns A DPoP interceptor with an exposed `dpopKeys` promise.
|
|
33
|
+
*
|
|
34
|
+
* @example
|
|
35
|
+
* ```ts
|
|
36
|
+
* const dpopInterceptor = authTokenDPoPInterceptor({
|
|
37
|
+
* tokenProvider: () => myAuth.getAccessToken(),
|
|
38
|
+
* });
|
|
39
|
+
* const opentdf = new OpenTDF({
|
|
40
|
+
* interceptors: [dpopInterceptor],
|
|
41
|
+
* dpopKeys: dpopInterceptor.dpopKeys,
|
|
42
|
+
* platformUrl: '/api',
|
|
43
|
+
* });
|
|
44
|
+
* ```
|
|
45
|
+
*/
|
|
46
|
+
export function authTokenDPoPInterceptor(options) {
|
|
47
|
+
const cryptoService = options.cryptoService ?? DefaultCryptoService;
|
|
48
|
+
const dpopKeysPromise = options.dpopKeys
|
|
49
|
+
? Promise.resolve(options.dpopKeys)
|
|
50
|
+
: cryptoService.generateSigningKeyPair();
|
|
51
|
+
const interceptor = (next) => async (req) => {
|
|
52
|
+
const [token, keys] = await Promise.all([options.tokenProvider(), dpopKeysPromise]);
|
|
53
|
+
const url = new URL(req.url);
|
|
54
|
+
const httpUri = `${url.origin}${url.pathname}`;
|
|
55
|
+
// Generate DPoP proof JWT for this request
|
|
56
|
+
const dpopProof = await DPoP(keys, cryptoService, httpUri, 'POST');
|
|
57
|
+
// Export public key PEM for X-VirtruPubKey header
|
|
58
|
+
const publicKeyPem = await cryptoService.exportPublicKeyPem(keys.publicKey);
|
|
59
|
+
req.header.set('Authorization', `Bearer ${token}`);
|
|
60
|
+
req.header.set('DPoP', dpopProof);
|
|
61
|
+
req.header.set('X-VirtruPubKey', base64.encode(publicKeyPem));
|
|
62
|
+
return next(req);
|
|
63
|
+
};
|
|
64
|
+
// Attach dpopKeys to the interceptor function
|
|
65
|
+
const dpopInterceptor = interceptor;
|
|
66
|
+
Object.defineProperty(dpopInterceptor, 'dpopKeys', {
|
|
67
|
+
value: dpopKeysPromise,
|
|
68
|
+
writable: false,
|
|
69
|
+
enumerable: true,
|
|
70
|
+
});
|
|
71
|
+
return dpopInterceptor;
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Creates an interceptor that bridges an existing AuthProvider to the Interceptor pattern.
|
|
75
|
+
* Use this for backwards compatibility when migrating from AuthProvider to interceptors.
|
|
76
|
+
*
|
|
77
|
+
* @param authProvider The legacy AuthProvider to bridge.
|
|
78
|
+
* @returns A Connect RPC Interceptor.
|
|
79
|
+
*/
|
|
80
|
+
export function authProviderInterceptor(authProvider) {
|
|
81
|
+
return (next) => async (req) => {
|
|
82
|
+
const url = new URL(req.url);
|
|
83
|
+
const pathOnly = url.pathname;
|
|
84
|
+
// Signs only the path of the url in the request
|
|
85
|
+
let token;
|
|
86
|
+
try {
|
|
87
|
+
token = await authProvider.withCreds({
|
|
88
|
+
url: pathOnly,
|
|
89
|
+
method: 'POST',
|
|
90
|
+
// Start with any headers Connect already has
|
|
91
|
+
headers: {
|
|
92
|
+
...Object.fromEntries(req.header.entries()),
|
|
93
|
+
'Content-Type': 'application/json',
|
|
94
|
+
},
|
|
95
|
+
});
|
|
96
|
+
}
|
|
97
|
+
catch (err) {
|
|
98
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
99
|
+
if (msg.includes('public key') || msg.includes('updateClientPublicKey')) {
|
|
100
|
+
throw new Error('PlatformClient: DPoP key binding is not complete. ' +
|
|
101
|
+
'If you are using OpenTDF with PlatformClient, create OpenTDF first and ' +
|
|
102
|
+
'`await client.ready` before constructing PlatformClient. ' +
|
|
103
|
+
`Original error: ${msg}`);
|
|
104
|
+
}
|
|
105
|
+
throw err;
|
|
106
|
+
}
|
|
107
|
+
Object.entries(token.headers).forEach(([key, value]) => {
|
|
108
|
+
req.header.set(key, value);
|
|
109
|
+
});
|
|
110
|
+
return await next(req);
|
|
111
|
+
};
|
|
112
|
+
}
|
|
113
|
+
/**
|
|
114
|
+
* Type guard for AuthConfig with interceptors.
|
|
115
|
+
*/
|
|
116
|
+
export function isInterceptorConfig(auth) {
|
|
117
|
+
return 'interceptors' in auth && Array.isArray(auth.interceptors);
|
|
118
|
+
}
|
|
119
|
+
/**
|
|
120
|
+
* Resolves an AuthConfig into interceptors for use with PlatformClient.
|
|
121
|
+
* If the config is an AuthProvider, it is bridged via authProviderInterceptor.
|
|
122
|
+
*/
|
|
123
|
+
export function resolveInterceptors(auth) {
|
|
124
|
+
if (isInterceptorConfig(auth)) {
|
|
125
|
+
return auth.interceptors;
|
|
126
|
+
}
|
|
127
|
+
return [authProviderInterceptor(auth)];
|
|
128
|
+
}
|
|
129
|
+
/**
|
|
130
|
+
* Resolves an AuthConfig into both interceptors and an optional AuthProvider.
|
|
131
|
+
* The AuthProvider is available for legacy code paths that need withCreds().
|
|
132
|
+
*/
|
|
133
|
+
export function resolveAuthConfig(auth) {
|
|
134
|
+
if (isInterceptorConfig(auth)) {
|
|
135
|
+
return { interceptors: auth.interceptors };
|
|
136
|
+
}
|
|
137
|
+
return {
|
|
138
|
+
interceptors: [authProviderInterceptor(auth)],
|
|
139
|
+
authProvider: auth,
|
|
140
|
+
};
|
|
141
|
+
}
|
|
142
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZXJjZXB0b3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2F1dGgvaW50ZXJjZXB0b3JzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUdBLE9BQU8sS0FBSyxvQkFBb0IsTUFBTSxnQ0FBZ0MsQ0FBQztBQUN2RSxPQUFPLElBQUksTUFBTSxXQUFXLENBQUM7QUFFN0IsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBNkIvQzs7Ozs7Ozs7Ozs7Ozs7R0FjRztBQUNILE1BQU0sVUFBVSxvQkFBb0IsQ0FBQyxhQUE0QjtJQUMvRCxPQUFPLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxLQUFLLEVBQUUsR0FBRyxFQUFFLEVBQUU7UUFDN0IsTUFBTSxLQUFLLEdBQUcsTUFBTSxhQUFhLEVBQUUsQ0FBQztRQUNwQyxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxlQUFlLEVBQUUsVUFBVSxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQ25ELE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ25CLENBQUMsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQW1CRztBQUNILE1BQU0sVUFBVSx3QkFBd0IsQ0FBQyxPQUErQjtJQUN0RSxNQUFNLGFBQWEsR0FBRyxPQUFPLENBQUMsYUFBYSxJQUFJLG9CQUFvQixDQUFDO0lBQ3BFLE1BQU0sZUFBZSxHQUFxQixPQUFPLENBQUMsUUFBUTtRQUN4RCxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDO1FBQ25DLENBQUMsQ0FBQyxhQUFhLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztJQUUzQyxNQUFNLFdBQVcsR0FBZ0IsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsRUFBRTtRQUN2RCxNQUFNLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQUUsRUFBRSxlQUFlLENBQUMsQ0FBQyxDQUFDO1FBRXBGLE1BQU0sR0FBRyxHQUFHLElBQUksR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUM3QixNQUFNLE9BQU8sR0FBRyxHQUFHLEdBQUcsQ0FBQyxNQUFNLEdBQUcsR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBRS9DLDJDQUEyQztRQUMzQyxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLEVBQUUsYUFBYSxFQUFFLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQztRQUVuRSxrREFBa0Q7UUFDbEQsTUFBTSxZQUFZLEdBQUcsTUFBTSxhQUFhLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBRTVFLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLGVBQWUsRUFBRSxVQUFVLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDbkQsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQ2xDLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztRQUU5RCxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNuQixDQUFDLENBQUM7SUFFRiw4Q0FBOEM7SUFDOUMsTUFBTSxlQUFlLEdBQUcsV0FBOEIsQ0FBQztJQUN2RCxNQUFNLENBQUMsY0FBYyxDQUFDLGVBQWUsRUFBRSxVQUFVLEVBQUU7UUFDakQsS0FBSyxFQUFFLGVBQWU7UUFDdEIsUUFBUSxFQUFFLEtBQUs7UUFDZixVQUFVLEVBQUUsSUFBSTtLQUNqQixDQUFDLENBQUM7SUFFSCxPQUFPLGVBQWUsQ0FBQztBQUN6QixDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxVQUFVLHVCQUF1QixDQUFDLFlBQTBCO0lBQ2hFLE9BQU8sQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsRUFBRTtRQUM3QixNQUFNLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDN0IsTUFBTSxRQUFRLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQztRQUM5QixnREFBZ0Q7UUFDaEQsSUFBSSxLQUFLLENBQUM7UUFDVixJQUFJLENBQUM7WUFDSCxLQUFLLEdBQUcsTUFBTSxZQUFZLENBQUMsU0FBUyxDQUFDO2dCQUNuQyxHQUFHLEVBQUUsUUFBUTtnQkFDYixNQUFNLEVBQUUsTUFBTTtnQkFDZCw2Q0FBNkM7Z0JBQzdDLE9BQU8sRUFBRTtvQkFDUCxHQUFHLE1BQU0sQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztvQkFDM0MsY0FBYyxFQUFFLGtCQUFrQjtpQkFDbkM7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sR0FBRyxHQUFHLEdBQUcsWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUM3RCxJQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyx1QkFBdUIsQ0FBQyxFQUFFLENBQUM7Z0JBQ3hFLE1BQU0sSUFBSSxLQUFLLENBQ2Isb0RBQW9EO29CQUNsRCx5RUFBeUU7b0JBQ3pFLDJEQUEyRDtvQkFDM0QsbUJBQW1CLEdBQUcsRUFBRSxDQUMzQixDQUFDO1lBQ0osQ0FBQztZQUNELE1BQU0sR0FBRyxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUU7WUFDckQsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzdCLENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUN6QixDQUFDLENBQUM7QUFDSixDQUFDO0FBT0Q7O0dBRUc7QUFDSCxNQUFNLFVBQVUsbUJBQW1CLENBQUMsSUFBZ0I7SUFDbEQsT0FBTyxjQUFjLElBQUksSUFBSSxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUUsSUFBa0MsQ0FBQyxZQUFZLENBQUMsQ0FBQztBQUNuRyxDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsTUFBTSxVQUFVLG1CQUFtQixDQUFDLElBQWdCO0lBQ2xELElBQUksbUJBQW1CLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQztRQUM5QixPQUFPLElBQUksQ0FBQyxZQUFZLENBQUM7SUFDM0IsQ0FBQztJQUNELE9BQU8sQ0FBQyx1QkFBdUIsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0FBQ3pDLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxNQUFNLFVBQVUsaUJBQWlCLENBQUMsSUFBZ0I7SUFJaEQsSUFBSSxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1FBQzlCLE9BQU8sRUFBRSxZQUFZLEVBQUUsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO0lBQzdDLENBQUM7SUFDRCxPQUFPO1FBQ0wsWUFBWSxFQUFFLENBQUMsdUJBQXVCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDN0MsWUFBWSxFQUFFLElBQUk7S0FDbkIsQ0FBQztBQUNKLENBQUMifQ==
|
package/dist/web/src/index.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
export { HttpRequest, withHeaders } from './auth/auth.js';
|
|
2
2
|
export * as AuthProviders from './auth/providers.js';
|
|
3
|
+
export { authTokenInterceptor, authTokenDPoPInterceptor, authProviderInterceptor, } from './auth/interceptors.js';
|
|
3
4
|
export { attributeFQNsAsValues } from './policy/api.js';
|
|
4
5
|
export { listAttributes, validateAttributes, attributeExists, attributeValueExists, } from './policy/discovery.js';
|
|
5
6
|
export { version, clientType, tdfSpecVersion } from './version.js';
|
|
@@ -8,4 +9,4 @@ export * from './opentdf.js';
|
|
|
8
9
|
export { TdfError, PermissionDeniedError, IntegrityError, InvalidFileError, DecryptError, NetworkError, AttributeValidationError, AttributeNotFoundError, ConfigurationError, } from './errors.js';
|
|
9
10
|
export * from './seekable.js';
|
|
10
11
|
export * from '../tdf3/src/models/index.js';
|
|
11
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
12
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFzQyxXQUFXLEVBQUUsV0FBVyxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFDOUYsT0FBTyxLQUFLLGFBQWEsTUFBTSxxQkFBcUIsQ0FBQztBQUNyRCxPQUFPLEVBQ0wsb0JBQW9CLEVBQ3BCLHdCQUF3QixFQUN4Qix1QkFBdUIsR0FNeEIsTUFBTSx3QkFBd0IsQ0FBQztBQUNoQyxPQUFPLEVBQUUscUJBQXFCLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUN4RCxPQUFPLEVBQ0wsY0FBYyxFQUNkLGtCQUFrQixFQUNsQixlQUFlLEVBQ2Ysb0JBQW9CLEdBQ3JCLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsY0FBYyxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBQ25FLE9BQU8sRUFBRSxjQUFjLEVBQXFELE1BQU0sZUFBZSxDQUFDO0FBQ2xHLGNBQWMsY0FBYyxDQUFDO0FBQzdCLE9BQU8sRUFDTCxRQUFRLEVBQ1IscUJBQXFCLEVBQ3JCLGNBQWMsRUFDZCxnQkFBZ0IsRUFDaEIsWUFBWSxFQUNaLFlBQVksRUFDWix3QkFBd0IsRUFDeEIsc0JBQXNCLEVBQ3RCLGtCQUFrQixHQUNuQixNQUFNLGFBQWEsQ0FBQztBQUNyQixjQUFjLGVBQWUsQ0FBQztBQUM5QixjQUFjLDZCQUE2QixDQUFDIn0=
|
package/dist/web/src/opentdf.js
CHANGED
|
@@ -15,18 +15,10 @@ export { isPublicKeyAlgorithm, };
|
|
|
15
15
|
* It also requires a platform URL to be set, which is used to fetch key access servers and policies.
|
|
16
16
|
* @example
|
|
17
17
|
* ```
|
|
18
|
-
* import {
|
|
19
|
-
*
|
|
20
|
-
* const oidcCredentials: RefreshTokenCredentials = {
|
|
21
|
-
* clientId: keycloakClientId,
|
|
22
|
-
* exchange: 'refresh',
|
|
23
|
-
* refreshToken: refreshToken,
|
|
24
|
-
* oidcOrigin: keycloakUrl,
|
|
25
|
-
* };
|
|
26
|
-
* const authProvider = await AuthProviders.refreshAuthProvider(oidcCredentials);
|
|
18
|
+
* import { authTokenInterceptor, OpenTDF } from '@opentdf/sdk';
|
|
27
19
|
*
|
|
28
20
|
* const client = new OpenTDF({
|
|
29
|
-
*
|
|
21
|
+
* interceptors: [authTokenInterceptor(() => `${myAuth.token.accessToken}`)],
|
|
30
22
|
* platformUrl: 'https://platform.example.com',
|
|
31
23
|
* });
|
|
32
24
|
*
|
|
@@ -39,8 +31,12 @@ export { isPublicKeyAlgorithm, };
|
|
|
39
31
|
* ```
|
|
40
32
|
*/
|
|
41
33
|
export class OpenTDF {
|
|
42
|
-
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }) {
|
|
34
|
+
constructor({ authProvider, interceptors, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }) {
|
|
35
|
+
if (!authProvider && !interceptors?.length) {
|
|
36
|
+
throw new ConfigurationError('Either authProvider or interceptors must be provided.');
|
|
37
|
+
}
|
|
43
38
|
this.authProvider = authProvider;
|
|
39
|
+
this.interceptors = interceptors;
|
|
44
40
|
this.defaultCreateOptions = defaultCreateOptions || {};
|
|
45
41
|
this.defaultReadOptions = defaultReadOptions || {};
|
|
46
42
|
this.dpopEnabled = !disableDPoP;
|
|
@@ -56,6 +52,7 @@ export class OpenTDF {
|
|
|
56
52
|
this.dpopKeys = dpopKeys ?? this.cryptoService.generateSigningKeyPair();
|
|
57
53
|
this.tdf3Client = new TDF3Client({
|
|
58
54
|
authProvider,
|
|
55
|
+
interceptors,
|
|
59
56
|
dpopEnabled: this.dpopEnabled,
|
|
60
57
|
dpopKeys: this.dpopEnabled ? this.dpopKeys : undefined,
|
|
61
58
|
kasEndpoint: this.platformUrl || 'https://disallow.all.invalid',
|
|
@@ -63,21 +60,32 @@ export class OpenTDF {
|
|
|
63
60
|
policyEndpoint,
|
|
64
61
|
cryptoService: this.cryptoService,
|
|
65
62
|
});
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
63
|
+
if (interceptors?.length && !authProvider) {
|
|
64
|
+
// Interceptor path: no updateClientPublicKey needed.
|
|
65
|
+
// DPoP key binding is handled by the interceptor itself.
|
|
66
|
+
this.ready = Promise.resolve();
|
|
67
|
+
}
|
|
68
|
+
else if (authProvider) {
|
|
69
|
+
// Legacy AuthProvider path: eagerly bind DPoP keys to the auth provider
|
|
70
|
+
// so PlatformClient can make gRPC calls without waiting for a TDF
|
|
71
|
+
// operation first.
|
|
72
|
+
// Note: TDF3Client.createSessionKeys() also calls updateClientPublicKey
|
|
73
|
+
// with the same keys, but the duplicate call is benign —
|
|
74
|
+
// refreshTokenClaimsWithClientPubkeyIfNeeded short-circuits when
|
|
75
|
+
// the signing key hasn't changed.
|
|
76
|
+
this.ready = this.dpopEnabled
|
|
77
|
+
? this.dpopKeys.then((keys) => authProvider.updateClientPublicKey(keys))
|
|
78
|
+
: Promise.resolve();
|
|
79
|
+
// Prevent unhandled rejection if caller doesn't await ready.
|
|
80
|
+
// The error will still surface via TDF3Client's own key binding
|
|
81
|
+
// when encrypt/decrypt is called.
|
|
82
|
+
this.ready.catch((err) => {
|
|
83
|
+
console.warn('OpenTDF: DPoP key binding failed during initialization:', err);
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
else {
|
|
87
|
+
this.ready = Promise.resolve();
|
|
88
|
+
}
|
|
81
89
|
}
|
|
82
90
|
/** Creates a new TDF stream. */
|
|
83
91
|
async createTDF(opts) {
|
|
@@ -205,21 +213,21 @@ class ZTDFReader {
|
|
|
205
213
|
throw new ConfigurationError('platformUrl is required when allowedKasEndpoints is empty');
|
|
206
214
|
}
|
|
207
215
|
const dpopKeys = await this.client.dpopKeys;
|
|
208
|
-
const {
|
|
209
|
-
if (!
|
|
210
|
-
throw new ConfigurationError('authProvider
|
|
216
|
+
const { auth, cryptoService } = this.client;
|
|
217
|
+
if (!auth) {
|
|
218
|
+
throw new ConfigurationError('authProvider or interceptors are required');
|
|
211
219
|
}
|
|
212
220
|
let allowList;
|
|
213
221
|
if (this.opts.allowedKASEndpoints?.length || this.opts.ignoreAllowlist) {
|
|
214
222
|
allowList = new OriginAllowList(this.opts.allowedKASEndpoints || [], this.opts.ignoreAllowlist);
|
|
215
223
|
}
|
|
216
224
|
else if (this.opts.platformUrl) {
|
|
217
|
-
allowList = await fetchKeyAccessServers(this.opts.platformUrl,
|
|
225
|
+
allowList = await fetchKeyAccessServers(this.opts.platformUrl, auth);
|
|
218
226
|
}
|
|
219
227
|
const overview = await this.overview;
|
|
220
228
|
const oldStream = await decryptStreamFrom({
|
|
221
229
|
allowList,
|
|
222
|
-
|
|
230
|
+
auth,
|
|
223
231
|
chunker: this.source,
|
|
224
232
|
concurrencyLimit: 1,
|
|
225
233
|
cryptoService,
|
|
@@ -267,4 +275,4 @@ class ZTDFReader {
|
|
|
267
275
|
return this.requiredObligations ?? { fqns: [] };
|
|
268
276
|
}
|
|
269
277
|
}
|
|
270
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNuRSxPQUFPLEVBQUUsTUFBTSxJQUFJLFVBQVUsRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ25FLE9BQU8sRUFBVyxVQUFVLEVBQUUsY0FBYyxFQUFlLE1BQU0sZUFBZSxDQUFDO0FBQ2pGLE9BQU8sRUFBRSxNQUFNLElBQUksVUFBVSxFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFFbkUsT0FBTyxLQUFLLG9CQUFvQixNQUFNLDZCQUE2QixDQUFDO0FBTXBFLE9BQU8sRUFFTCxlQUFlLEVBQ2YscUJBQXFCLEVBQ3JCLG9CQUFvQixHQUNyQixNQUFNLGFBQWEsQ0FBQztBQVNyQixPQUFPLEVBQ0wsaUJBQWlCLEVBRWpCLGFBQWEsR0FFZCxNQUFNLG9CQUFvQixDQUFDO0FBQzVCLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUc5QyxPQUFPLEVBV0wsb0JBQW9CLEdBQ3JCLENBQUM7QUF1TEY7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQThCRztBQUNILE1BQU0sT0FBTyxPQUFPO0lBc0JsQixZQUFZLEVBQ1YsWUFBWSxFQUNaLFFBQVEsRUFDUixvQkFBb0IsRUFDcEIsa0JBQWtCLEVBQ2xCLFdBQVcsRUFDWCxjQUFjLEVBQ2QsV0FBVyxFQUNYLGFBQWEsR0FDRTtRQUNmLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxvQkFBb0IsR0FBRyxvQkFBb0IsSUFBSSxFQUFFLENBQUM7UUFDdkQsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGtCQUFrQixJQUFJLEVBQUUsQ0FBQztRQUNuRCxJQUFJLENBQUMsV0FBVyxHQUFHLENBQUMsV0FBVyxDQUFDO1FBQ2hDLElBQUksV0FBVyxFQUFFLENBQUM7WUFDaEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxXQUFXLENBQUM7UUFDakMsQ0FBQzthQUFNLENBQUM7WUFDTixPQUFPLENBQUMsSUFBSSxDQUNWLHVIQUF1SCxDQUN4SCxDQUFDO1FBQ0osQ0FBQztRQUNELElBQUksQ0FBQyxjQUFjLEdBQUcsY0FBYyxJQUFJLEVBQUUsQ0FBQztRQUMzQyxJQUFJLENBQUMsYUFBYSxHQUFHLGFBQWEsSUFBSSxvQkFBb0IsQ0FBQztRQUMzRCxnRUFBZ0U7UUFDaEUsSUFBSSxDQUFDLFFBQVEsR0FBRyxRQUFRLElBQUksSUFBSSxDQUFDLGFBQWEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1FBQ3hFLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUM7WUFDL0IsWUFBWTtZQUNaLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVztZQUM3QixRQUFRLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsU0FBUztZQUN0RCxXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVcsSUFBSSw4QkFBOEI7WUFDL0QsV0FBVztZQUNYLGNBQWM7WUFDZCxhQUFhLEVBQUUsSUFBSSxDQUFDLGFBQWE7U0FDbEMsQ0FBQyxDQUFDO1FBQ0gsZ0VBQWdFO1FBQ2hFLGlFQUFpRTtRQUNqRSx3RUFBd0U7UUFDeEUseURBQXlEO1FBQ3pELGlFQUFpRTtRQUNqRSxrQ0FBa0M7UUFDbEMsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsV0FBVztZQUMzQixDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLFlBQVksQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUN4RSxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ3RCLDZEQUE2RDtRQUM3RCxnRUFBZ0U7UUFDaEUsa0NBQWtDO1FBQ2xDLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUU7WUFDdkIsT0FBTyxDQUFDLElBQUksQ0FBQyx5REFBeUQsRUFBRSxHQUFHLENBQUMsQ0FBQztRQUMvRSxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxnQ0FBZ0M7SUFDaEMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxJQUFzQjtRQUNwQyxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxVQUFVLENBQUMsSUFBdUI7UUFDdEMsSUFBSSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsb0JBQW9CLEVBQUUsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDO1lBQzlDLE1BQU0sRUFBRSxNQUFNLGNBQWMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDO1lBRXpDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxnQkFBZ0I7WUFDdkMsYUFBYSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsYUFBYTtZQUNuQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsa0JBQWtCO1lBQzNDLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVE7WUFDdkIsS0FBSyxFQUFFO2dCQUNMLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTthQUM1QjtZQUNELFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7WUFDM0Isb0JBQW9CLEVBQUUsSUFBSSxDQUFDLG9CQUFvQjtZQUMvQyxjQUFjLEVBQUUsSUFBSSxDQUFDLGNBQWM7U0FDcEMsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQW9CLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDakQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsSUFBSSxDQUFDLElBQWlCO1FBQ3BCLElBQUksR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixFQUFFLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFDL0MsT0FBTyxJQUFJLGlCQUFpQixDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQsMkJBQTJCO0lBQzNCLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBaUI7UUFDMUIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMvQixPQUFPLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztJQUMxQixDQUFDO0lBRUQsOERBQThEO0lBQzlELEtBQUs7UUFDSCxnREFBZ0Q7SUFDbEQsQ0FBQztDQUNGO0FBRUQsb0RBQW9EO0FBQ3BELE1BQU0saUJBQWlCO0lBR3JCLFlBQ1csS0FBYyxFQUNkLElBQWlCO1FBRGpCLFVBQUssR0FBTCxLQUFLLENBQVM7UUFDZCxTQUFJLEdBQUosSUFBSSxDQUFhO1FBSDVCLFVBQUssR0FBa0YsTUFBTSxDQUFDO1FBSzVGLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsV0FBVyxDQUFDO1FBQ3pCLE1BQU0sT0FBTyxHQUFHLE1BQU0sVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxNQUFNLEdBQUcsTUFBTSxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JELElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQ2pELENBQUM7UUFDRCxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLElBQUksTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdDLElBQUksQ0FBQyxLQUFLLEdBQUcsUUFBUSxDQUFDO1lBQ3RCLE9BQU8sSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDcEIsTUFBTSxJQUFJLGdCQUFnQixDQUFDLDZDQUE2QyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVELDZDQUE2QztJQUM3QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUM3QixDQUFDO0lBRUQsMkNBQTJDO0lBQzNDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLEtBQUs7UUFDVCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsT0FBTztRQUNULENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsaUNBQWlDO1lBQ2pDLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1lBQ3BCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxTQUFTLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUU7WUFDOUIsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDdEIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7SUFDOUIsQ0FBQztDQUNGO0FBRUQsK0JBQStCO0FBQy9CLE1BQU0sVUFBVTtJQUlkLFlBQ1csTUFBa0IsRUFDbEIsSUFBaUIsRUFDakIsTUFBZTtRQUZmLFdBQU0sR0FBTixNQUFNLENBQVk7UUFDbEIsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUNqQixXQUFNLEdBQU4sTUFBTSxDQUFTO1FBRXhCLElBQUksQ0FBQyxRQUFRLEdBQUcsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLEVBQ0oseUJBQXlCLEVBQ3pCLFFBQVEsRUFBRSxrQkFBa0IsRUFDNUIsb0JBQW9CLEdBQ3JCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUVkLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzNGLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO1FBQzVGLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBRTVDLE1BQU0sRUFBRSxZQUFZLEVBQUUsYUFBYSxFQUFFLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUNwRCxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbEIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7UUFDM0QsQ0FBQztRQUVELElBQUksU0FBc0MsQ0FBQztRQUUzQyxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLEVBQUUsTUFBTSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDdkUsU0FBUyxHQUFHLElBQUksZUFBZSxDQUM3QixJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixJQUFJLEVBQUUsRUFDbkMsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQzFCLENBQUM7UUFDSixDQUFDO2FBQU0sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2pDLFNBQVMsR0FBRyxNQUFNLHFCQUFxQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBQy9FLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDckMsTUFBTSxTQUFTLEdBQUcsTUFBTSxpQkFBaUIsQ0FDdkM7WUFDRSxTQUFTO1lBQ1QsWUFBWTtZQUNaLE9BQU8sRUFBRSxJQUFJLENBQUMsTUFBTTtZQUNwQixnQkFBZ0IsRUFBRSxDQUFDO1lBQ25CLGFBQWE7WUFDYixRQUFRO1lBQ1IsdUJBQXVCLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsdUJBQXVCO1lBQ3pFLGFBQWEsRUFBRSxLQUFLLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQzdCLGVBQWUsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxlQUFlO1lBQ3pELHlCQUF5QjtZQUN6QixrQkFBa0I7WUFDbEIsb0JBQW9CO1lBQ3BCLHNCQUFzQixFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMseUJBQXlCLElBQUksRUFBRTtTQUNsRSxFQUNELFFBQVEsQ0FDVCxDQUFDO1FBQ0YsSUFBSSxDQUFDLG1CQUFtQixHQUFHO1lBQ3pCLElBQUksRUFBRSxTQUFTLENBQUMsV0FBVyxFQUFFO1NBQzlCLENBQUM7UUFDRixNQUFNLE1BQU0sR0FBb0IsU0FBUyxDQUFDLE1BQU0sQ0FBQztRQUNqRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3JELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVELEtBQUssQ0FBQyxLQUFLO1FBQ1QseURBQXlEO0lBQzNELENBQUM7SUFFRCw0Q0FBNEM7SUFDNUMsS0FBSyxDQUFDLFFBQVE7UUFDWixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDckMsT0FBTyxRQUFRLENBQUMsUUFBUSxDQUFDO0lBQzNCLENBQUM7SUFFRCw4Q0FBOEM7SUFDOUMsS0FBSyxDQUFDLFVBQVU7UUFDZCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUN2QyxNQUFNLFVBQVUsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN4RSxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBVyxDQUFDO1FBQ2hELE9BQU8sTUFBTSxFQUFFLElBQUksRUFBRSxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsV0FBVztRQUNmLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDN0IsT0FBTyxJQUFJLENBQUMsbUJBQW1CLENBQUM7UUFDbEMsQ0FBQztRQUNELE1BQU0sSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLG1CQUFtQixJQUFJLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxDQUFDO0lBQ2xELENBQUM7Q0FDRiJ9
|
|
278
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUVBLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNuRSxPQUFPLEVBQUUsTUFBTSxJQUFJLFVBQVUsRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ25FLE9BQU8sRUFBVyxVQUFVLEVBQUUsY0FBYyxFQUFlLE1BQU0sZUFBZSxDQUFDO0FBQ2pGLE9BQU8sRUFBRSxNQUFNLElBQUksVUFBVSxFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFFbkUsT0FBTyxLQUFLLG9CQUFvQixNQUFNLDZCQUE2QixDQUFDO0FBTXBFLE9BQU8sRUFFTCxlQUFlLEVBQ2YscUJBQXFCLEVBQ3JCLG9CQUFvQixHQUNyQixNQUFNLGFBQWEsQ0FBQztBQVNyQixPQUFPLEVBQ0wsaUJBQWlCLEVBRWpCLGFBQWEsR0FFZCxNQUFNLG9CQUFvQixDQUFDO0FBQzVCLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUc5QyxPQUFPLEVBV0wsb0JBQW9CLEdBQ3JCLENBQUM7QUFnTUY7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FzQkc7QUFDSCxNQUFNLE9BQU8sT0FBTztJQXdCbEIsWUFBWSxFQUNWLFlBQVksRUFDWixZQUFZLEVBQ1osUUFBUSxFQUNSLG9CQUFvQixFQUNwQixrQkFBa0IsRUFDbEIsV0FBVyxFQUNYLGNBQWMsRUFDZCxXQUFXLEVBQ1gsYUFBYSxHQUNFO1FBQ2YsSUFBSSxDQUFDLFlBQVksSUFBSSxDQUFDLFlBQVksRUFBRSxNQUFNLEVBQUUsQ0FBQztZQUMzQyxNQUFNLElBQUksa0JBQWtCLENBQUMsdURBQXVELENBQUMsQ0FBQztRQUN4RixDQUFDO1FBQ0QsSUFBSSxDQUFDLFlBQVksR0FBRyxZQUFZLENBQUM7UUFDakMsSUFBSSxDQUFDLFlBQVksR0FBRyxZQUFZLENBQUM7UUFDakMsSUFBSSxDQUFDLG9CQUFvQixHQUFHLG9CQUFvQixJQUFJLEVBQUUsQ0FBQztRQUN2RCxJQUFJLENBQUMsa0JBQWtCLEdBQUcsa0JBQWtCLElBQUksRUFBRSxDQUFDO1FBQ25ELElBQUksQ0FBQyxXQUFXLEdBQUcsQ0FBQyxXQUFXLENBQUM7UUFDaEMsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNoQixJQUFJLENBQUMsV0FBVyxHQUFHLFdBQVcsQ0FBQztRQUNqQyxDQUFDO2FBQU0sQ0FBQztZQUNOLE9BQU8sQ0FBQyxJQUFJLENBQ1YsdUhBQXVILENBQ3hILENBQUM7UUFDSixDQUFDO1FBQ0QsSUFBSSxDQUFDLGNBQWMsR0FBRyxjQUFjLElBQUksRUFBRSxDQUFDO1FBQzNDLElBQUksQ0FBQyxhQUFhLEdBQUcsYUFBYSxJQUFJLG9CQUFvQixDQUFDO1FBQzNELGdFQUFnRTtRQUNoRSxJQUFJLENBQUMsUUFBUSxHQUFHLFFBQVEsSUFBSSxJQUFJLENBQUMsYUFBYSxDQUFDLHNCQUFzQixFQUFFLENBQUM7UUFDeEUsSUFBSSxDQUFDLFVBQVUsR0FBRyxJQUFJLFVBQVUsQ0FBQztZQUMvQixZQUFZO1lBQ1osWUFBWTtZQUNaLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVztZQUM3QixRQUFRLEVBQUUsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsU0FBUztZQUN0RCxXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVcsSUFBSSw4QkFBOEI7WUFDL0QsV0FBVztZQUNYLGNBQWM7WUFDZCxhQUFhLEVBQUUsSUFBSSxDQUFDLGFBQWE7U0FDbEMsQ0FBQyxDQUFDO1FBRUgsSUFBSSxZQUFZLEVBQUUsTUFBTSxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDMUMscURBQXFEO1lBQ3JELHlEQUF5RDtZQUN6RCxJQUFJLENBQUMsS0FBSyxHQUFHLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNqQyxDQUFDO2FBQU0sSUFBSSxZQUFZLEVBQUUsQ0FBQztZQUN4Qix3RUFBd0U7WUFDeEUsa0VBQWtFO1lBQ2xFLG1CQUFtQjtZQUNuQix3RUFBd0U7WUFDeEUseURBQXlEO1lBQ3pELGlFQUFpRTtZQUNqRSxrQ0FBa0M7WUFDbEMsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsV0FBVztnQkFDM0IsQ0FBQyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxZQUFZLENBQUMscUJBQXFCLENBQUMsSUFBSSxDQUFDLENBQUM7Z0JBQ3hFLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDdEIsNkRBQTZEO1lBQzdELGdFQUFnRTtZQUNoRSxrQ0FBa0M7WUFDbEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTtnQkFDdkIsT0FBTyxDQUFDLElBQUksQ0FBQyx5REFBeUQsRUFBRSxHQUFHLENBQUMsQ0FBQztZQUMvRSxDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7YUFBTSxDQUFDO1lBQ04sSUFBSSxDQUFDLEtBQUssR0FBRyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDakMsQ0FBQztJQUNILENBQUM7SUFFRCxnQ0FBZ0M7SUFDaEMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxJQUFzQjtRQUNwQyxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxVQUFVLENBQUMsSUFBdUI7UUFDdEMsSUFBSSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsb0JBQW9CLEVBQUUsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDO1lBQzlDLE1BQU0sRUFBRSxNQUFNLGNBQWMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDO1lBRXpDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxnQkFBZ0I7WUFDdkMsYUFBYSxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsYUFBYTtZQUNuQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsa0JBQWtCO1lBQzNDLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixRQUFRLEVBQUUsSUFBSSxDQUFDLFFBQVE7WUFDdkIsS0FBSyxFQUFFO2dCQUNMLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTthQUM1QjtZQUNELFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUztZQUN6QixVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7WUFDM0Isb0JBQW9CLEVBQUUsSUFBSSxDQUFDLG9CQUFvQjtZQUMvQyxjQUFjLEVBQUUsSUFBSSxDQUFDLGNBQWM7U0FDcEMsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQW9CLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDakQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsSUFBSSxDQUFDLElBQWlCO1FBQ3BCLElBQUksR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixFQUFFLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFDL0MsT0FBTyxJQUFJLGlCQUFpQixDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQsMkJBQTJCO0lBQzNCLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBaUI7UUFDMUIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMvQixPQUFPLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztJQUMxQixDQUFDO0lBRUQsOERBQThEO0lBQzlELEtBQUs7UUFDSCxnREFBZ0Q7SUFDbEQsQ0FBQztDQUNGO0FBRUQsb0RBQW9EO0FBQ3BELE1BQU0saUJBQWlCO0lBR3JCLFlBQ1csS0FBYyxFQUNkLElBQWlCO1FBRGpCLFVBQUssR0FBTCxLQUFLLENBQVM7UUFDZCxTQUFJLEdBQUosSUFBSSxDQUFhO1FBSDVCLFVBQUssR0FBa0YsTUFBTSxDQUFDO1FBSzVGLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLGtCQUFrQixDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsV0FBVyxDQUFDO1FBQ3pCLE1BQU0sT0FBTyxHQUFHLE1BQU0sVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxNQUFNLEdBQUcsTUFBTSxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JELElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQ2pELENBQUM7UUFDRCxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLElBQUksTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdDLElBQUksQ0FBQyxLQUFLLEdBQUcsUUFBUSxDQUFDO1lBQ3RCLE9BQU8sSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDcEIsTUFBTSxJQUFJLGdCQUFnQixDQUFDLDZDQUE2QyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVELDZDQUE2QztJQUM3QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUM3QixDQUFDO0lBRUQsMkNBQTJDO0lBQzNDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLEtBQUs7UUFDVCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsT0FBTztRQUNULENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsaUNBQWlDO1lBQ2pDLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1lBQ3BCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxTQUFTLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUU7WUFDOUIsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDdEIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7SUFDOUIsQ0FBQztDQUNGO0FBRUQsK0JBQStCO0FBQy9CLE1BQU0sVUFBVTtJQUlkLFlBQ1csTUFBa0IsRUFDbEIsSUFBaUIsRUFDakIsTUFBZTtRQUZmLFdBQU0sR0FBTixNQUFNLENBQVk7UUFDbEIsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUNqQixXQUFNLEdBQU4sTUFBTSxDQUFTO1FBRXhCLElBQUksQ0FBQyxRQUFRLEdBQUcsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLEVBQ0oseUJBQXlCLEVBQ3pCLFFBQVEsRUFBRSxrQkFBa0IsRUFDNUIsb0JBQW9CLEdBQ3JCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUVkLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzNGLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO1FBQzVGLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBRTVDLE1BQU0sRUFBRSxJQUFJLEVBQUUsYUFBYSxFQUFFLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUM1QyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDVixNQUFNLElBQUksa0JBQWtCLENBQUMsMkNBQTJDLENBQUMsQ0FBQztRQUM1RSxDQUFDO1FBRUQsSUFBSSxTQUFzQyxDQUFDO1FBRTNDLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxNQUFNLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUN2RSxTQUFTLEdBQUcsSUFBSSxlQUFlLENBQzdCLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksRUFBRSxFQUNuQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FDMUIsQ0FBQztRQUNKLENBQUM7YUFBTSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDakMsU0FBUyxHQUFHLE1BQU0scUJBQXFCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDdkUsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNyQyxNQUFNLFNBQVMsR0FBRyxNQUFNLGlCQUFpQixDQUN2QztZQUNFLFNBQVM7WUFDVCxJQUFJO1lBQ0osT0FBTyxFQUFFLElBQUksQ0FBQyxNQUFNO1lBQ3BCLGdCQUFnQixFQUFFLENBQUM7WUFDbkIsYUFBYTtZQUNiLFFBQVE7WUFDUix1QkFBdUIsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyx1QkFBdUI7WUFDekUsYUFBYSxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDN0IsZUFBZSxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLGVBQWU7WUFDekQseUJBQXlCO1lBQ3pCLGtCQUFrQjtZQUNsQixvQkFBb0I7WUFDcEIsc0JBQXNCLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyx5QkFBeUIsSUFBSSxFQUFFO1NBQ2xFLEVBQ0QsUUFBUSxDQUNULENBQUM7UUFDRixJQUFJLENBQUMsbUJBQW1CLEdBQUc7WUFDekIsSUFBSSxFQUFFLFNBQVMsQ0FBQyxXQUFXLEVBQUU7U0FDOUIsQ0FBQztRQUNGLE1BQU0sTUFBTSxHQUFvQixTQUFTLENBQUMsTUFBTSxDQUFDO1FBQ2pELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDckQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLEtBQUs7UUFDVCx5REFBeUQ7SUFDM0QsQ0FBQztJQUVELDRDQUE0QztJQUM1QyxLQUFLLENBQUMsUUFBUTtRQUNaLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNyQyxPQUFPLFFBQVEsQ0FBQyxRQUFRLENBQUM7SUFDM0IsQ0FBQztJQUVELDhDQUE4QztJQUM5QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sVUFBVSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3hFLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFXLENBQUM7UUFDaEQsT0FBTyxNQUFNLEVBQUUsSUFBSSxFQUFFLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDcEUsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxXQUFXO1FBQ2YsSUFBSSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUM3QixPQUFPLElBQUksQ0FBQyxtQkFBbUIsQ0FBQztRQUNsQyxDQUFDO1FBQ0QsTUFBTSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDckIsT0FBTyxJQUFJLENBQUMsbUJBQW1CLElBQUksRUFBRSxJQUFJLEVBQUUsRUFBRSxFQUFFLENBQUM7SUFDbEQsQ0FBQztDQUNGIn0=
|