@opentdf/sdk 0.13.0-beta.122 → 0.13.0-beta.124
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +60 -10
- package/dist/cjs/src/access/access-rpc.js +6 -5
- package/dist/cjs/src/access.js +18 -5
- package/dist/cjs/src/auth/interceptors.js +186 -0
- package/dist/cjs/src/auth/token-providers.js +247 -0
- package/dist/cjs/src/index.js +10 -2
- package/dist/cjs/src/opentdf.js +40 -32
- package/dist/cjs/src/platform.js +3 -46
- package/dist/cjs/src/policy/api.js +9 -5
- package/dist/cjs/src/policy/discovery.js +10 -9
- package/dist/cjs/tdf3/src/client/index.js +35 -17
- package/dist/cjs/tdf3/src/tdf.js +8 -7
- package/dist/types/src/access/access-rpc.d.ts +3 -3
- package/dist/types/src/access/access-rpc.d.ts.map +1 -1
- package/dist/types/src/access.d.ts +3 -3
- package/dist/types/src/access.d.ts.map +1 -1
- package/dist/types/src/auth/interceptors.d.ts +99 -0
- package/dist/types/src/auth/interceptors.d.ts.map +1 -0
- package/dist/types/src/auth/token-providers.d.ts +100 -0
- package/dist/types/src/auth/token-providers.d.ts.map +1 -0
- package/dist/types/src/index.d.ts +2 -0
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/opentdf.d.ts +18 -15
- package/dist/types/src/opentdf.d.ts.map +1 -1
- package/dist/types/src/platform.d.ts +6 -3
- package/dist/types/src/platform.d.ts.map +1 -1
- package/dist/types/src/policy/api.d.ts +3 -3
- package/dist/types/src/policy/api.d.ts.map +1 -1
- package/dist/types/src/policy/discovery.d.ts +5 -5
- package/dist/types/src/policy/discovery.d.ts.map +1 -1
- package/dist/types/tdf3/src/client/index.d.ts +10 -1
- package/dist/types/tdf3/src/client/index.d.ts.map +1 -1
- package/dist/types/tdf3/src/tdf.d.ts +5 -2
- package/dist/types/tdf3/src/tdf.d.ts.map +1 -1
- package/dist/web/src/access/access-rpc.js +6 -5
- package/dist/web/src/access.js +18 -5
- package/dist/web/src/auth/interceptors.js +142 -0
- package/dist/web/src/auth/token-providers.js +242 -0
- package/dist/web/src/index.js +3 -1
- package/dist/web/src/opentdf.js +40 -32
- package/dist/web/src/platform.js +3 -46
- package/dist/web/src/policy/api.js +9 -5
- package/dist/web/src/policy/discovery.js +10 -9
- package/dist/web/tdf3/src/client/index.js +35 -17
- package/dist/web/tdf3/src/tdf.js +8 -7
- package/package.json +1 -1
- package/src/access/access-rpc.ts +5 -5
- package/src/access.ts +29 -13
- package/src/auth/interceptors.ts +197 -0
- package/src/auth/token-providers.ts +303 -0
- package/src/index.ts +18 -0
- package/src/opentdf.ts +54 -34
- package/src/platform.ts +8 -52
- package/src/policy/api.ts +8 -5
- package/src/policy/discovery.ts +9 -9
- package/tdf3/src/client/index.ts +46 -17
- package/tdf3/src/tdf.ts +14 -11
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
import { type Interceptor } from '@connectrpc/connect';
|
|
2
|
+
export type { Interceptor } from '@connectrpc/connect';
|
|
3
|
+
import { type CryptoService, type KeyPair } from '../../tdf3/src/crypto/declarations.js';
|
|
4
|
+
import { type AuthProvider } from './auth.js';
|
|
5
|
+
/**
|
|
6
|
+
* A function that returns a valid access token string.
|
|
7
|
+
* Called per-request; implementations should handle caching/refresh internally.
|
|
8
|
+
*/
|
|
9
|
+
export type TokenProvider = () => Promise<string>;
|
|
10
|
+
/**
|
|
11
|
+
* Options for creating a DPoP-aware auth interceptor.
|
|
12
|
+
*/
|
|
13
|
+
export type DPoPInterceptorOptions = {
|
|
14
|
+
/** Function that returns a valid access token (may cache/refresh internally). */
|
|
15
|
+
tokenProvider: TokenProvider;
|
|
16
|
+
/** DPoP signing key pair. If omitted, one is generated automatically. */
|
|
17
|
+
dpopKeys?: KeyPair | Promise<KeyPair>;
|
|
18
|
+
/** CryptoService for signing. Defaults to DefaultCryptoService. */
|
|
19
|
+
cryptoService?: CryptoService;
|
|
20
|
+
};
|
|
21
|
+
/**
|
|
22
|
+
* A DPoP interceptor that also exposes the resolved signing key pair.
|
|
23
|
+
* TDF encrypt/decrypt needs these keys for request body signing (reqSignature).
|
|
24
|
+
*/
|
|
25
|
+
export type DPoPInterceptor = Interceptor & {
|
|
26
|
+
/** The resolved DPoP key pair, for use in TDF request token signing. */
|
|
27
|
+
readonly dpopKeys: Promise<KeyPair>;
|
|
28
|
+
};
|
|
29
|
+
/**
|
|
30
|
+
* Creates a simple bearer-token interceptor.
|
|
31
|
+
* Calls `tokenProvider()` per-request and sets the `Authorization` header.
|
|
32
|
+
*
|
|
33
|
+
* @param tokenProvider Function returning a valid access token.
|
|
34
|
+
* @returns A Connect RPC Interceptor.
|
|
35
|
+
*
|
|
36
|
+
* @example
|
|
37
|
+
* ```ts
|
|
38
|
+
* const opentdf = new OpenTDF({
|
|
39
|
+
* interceptors: [authTokenInterceptor(() => myAuth.getAccessToken())],
|
|
40
|
+
* platformUrl: '/api',
|
|
41
|
+
* });
|
|
42
|
+
* ```
|
|
43
|
+
*/
|
|
44
|
+
export declare function authTokenInterceptor(tokenProvider: TokenProvider): Interceptor;
|
|
45
|
+
/**
|
|
46
|
+
* Creates a DPoP-aware auth interceptor.
|
|
47
|
+
* Per-request: gets token, generates DPoP proof JWT, sets Authorization + DPoP + X-VirtruPubKey headers.
|
|
48
|
+
* Exposes `dpopKeys` for TDF request body signing.
|
|
49
|
+
*
|
|
50
|
+
* @param options DPoP interceptor configuration.
|
|
51
|
+
* @returns A DPoP interceptor with an exposed `dpopKeys` promise.
|
|
52
|
+
*
|
|
53
|
+
* @example
|
|
54
|
+
* ```ts
|
|
55
|
+
* const dpopInterceptor = authTokenDPoPInterceptor({
|
|
56
|
+
* tokenProvider: () => myAuth.getAccessToken(),
|
|
57
|
+
* });
|
|
58
|
+
* const opentdf = new OpenTDF({
|
|
59
|
+
* interceptors: [dpopInterceptor],
|
|
60
|
+
* dpopKeys: dpopInterceptor.dpopKeys,
|
|
61
|
+
* platformUrl: '/api',
|
|
62
|
+
* });
|
|
63
|
+
* ```
|
|
64
|
+
*/
|
|
65
|
+
export declare function authTokenDPoPInterceptor(options: DPoPInterceptorOptions): DPoPInterceptor;
|
|
66
|
+
/**
|
|
67
|
+
* Creates an interceptor that bridges an existing AuthProvider to the Interceptor pattern.
|
|
68
|
+
* Use this for backwards compatibility when migrating from AuthProvider to interceptors.
|
|
69
|
+
*
|
|
70
|
+
* @param authProvider The legacy AuthProvider to bridge.
|
|
71
|
+
* @returns A Connect RPC Interceptor.
|
|
72
|
+
*/
|
|
73
|
+
export declare function authProviderInterceptor(authProvider: AuthProvider): Interceptor;
|
|
74
|
+
/**
|
|
75
|
+
* Auth configuration: either a legacy AuthProvider or an object with interceptors.
|
|
76
|
+
*/
|
|
77
|
+
export type AuthConfig = AuthProvider | {
|
|
78
|
+
interceptors: Interceptor[];
|
|
79
|
+
};
|
|
80
|
+
/**
|
|
81
|
+
* Type guard for AuthConfig with interceptors.
|
|
82
|
+
*/
|
|
83
|
+
export declare function isInterceptorConfig(auth: AuthConfig): auth is {
|
|
84
|
+
interceptors: Interceptor[];
|
|
85
|
+
};
|
|
86
|
+
/**
|
|
87
|
+
* Resolves an AuthConfig into interceptors for use with PlatformClient.
|
|
88
|
+
* If the config is an AuthProvider, it is bridged via authProviderInterceptor.
|
|
89
|
+
*/
|
|
90
|
+
export declare function resolveInterceptors(auth: AuthConfig): Interceptor[];
|
|
91
|
+
/**
|
|
92
|
+
* Resolves an AuthConfig into both interceptors and an optional AuthProvider.
|
|
93
|
+
* The AuthProvider is available for legacy code paths that need withCreds().
|
|
94
|
+
*/
|
|
95
|
+
export declare function resolveAuthConfig(auth: AuthConfig): {
|
|
96
|
+
interceptors: Interceptor[];
|
|
97
|
+
authProvider?: AuthProvider;
|
|
98
|
+
};
|
|
99
|
+
//# sourceMappingURL=interceptors.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"interceptors.d.ts","sourceRoot":"","sources":["../../../../src/auth/interceptors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,YAAY,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,OAAO,EAAE,MAAM,uCAAuC,CAAC;AAGzF,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,WAAW,CAAC;AAG9C;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;AAElD;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,iFAAiF;IACjF,aAAa,EAAE,aAAa,CAAC;IAC7B,yEAAyE;IACzE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACtC,mEAAmE;IACnE,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,WAAW,GAAG;IAC1C,wEAAwE;IACxE,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CACrC,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,oBAAoB,CAAC,aAAa,EAAE,aAAa,GAAG,WAAW,CAM9E;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,sBAAsB,GAAG,eAAe,CAkCzF;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,YAAY,EAAE,YAAY,GAAG,WAAW,CAmC/E;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG;IAAE,YAAY,EAAE,WAAW,EAAE,CAAA;CAAE,CAAC;AAExE;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI,IAAI;IAAE,YAAY,EAAE,WAAW,EAAE,CAAA;CAAE,CAE7F;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,UAAU,GAAG,WAAW,EAAE,CAKnE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,UAAU,GAAG;IACnD,YAAY,EAAE,WAAW,EAAE,CAAC;IAC5B,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B,CAQA"}
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
import { type TokenProvider } from './interceptors.js';
|
|
2
|
+
/**
|
|
3
|
+
* Options for client credentials token provider.
|
|
4
|
+
*
|
|
5
|
+
* **Not for browser use.** Client secrets must not be exposed in client-side code.
|
|
6
|
+
* Use this only in server-side (Node.js/Deno) environments.
|
|
7
|
+
*/
|
|
8
|
+
export type ClientCredentialsTokenProviderOptions = {
|
|
9
|
+
/** OIDC client ID. */
|
|
10
|
+
clientId: string;
|
|
11
|
+
/** OIDC client secret. */
|
|
12
|
+
clientSecret: string;
|
|
13
|
+
/** OIDC IdP origin, e.g. 'http://localhost:8080/auth/realms/opentdf'. */
|
|
14
|
+
oidcOrigin: string;
|
|
15
|
+
/** Override the token endpoint (defaults to `${oidcOrigin}/protocol/openid-connect/token`). */
|
|
16
|
+
oidcTokenEndpoint?: string;
|
|
17
|
+
};
|
|
18
|
+
/**
|
|
19
|
+
* Options for refresh token provider.
|
|
20
|
+
*/
|
|
21
|
+
export type RefreshTokenProviderOptions = {
|
|
22
|
+
/** OIDC client ID. */
|
|
23
|
+
clientId: string;
|
|
24
|
+
/** Refresh token obtained from a prior login flow. */
|
|
25
|
+
refreshToken: string;
|
|
26
|
+
/** OIDC IdP origin, e.g. 'http://localhost:8080/auth/realms/opentdf'. */
|
|
27
|
+
oidcOrigin: string;
|
|
28
|
+
/** Override the token endpoint. */
|
|
29
|
+
oidcTokenEndpoint?: string;
|
|
30
|
+
};
|
|
31
|
+
/**
|
|
32
|
+
* Options for external JWT token provider (RFC 8693 token exchange).
|
|
33
|
+
*/
|
|
34
|
+
export type ExternalJwtTokenProviderOptions = {
|
|
35
|
+
/** OIDC client ID. */
|
|
36
|
+
clientId: string;
|
|
37
|
+
/** External JWT to exchange. */
|
|
38
|
+
externalJwt: string;
|
|
39
|
+
/** OIDC IdP origin, e.g. 'http://localhost:8080/auth/realms/opentdf'. */
|
|
40
|
+
oidcOrigin: string;
|
|
41
|
+
/** Override the token endpoint. */
|
|
42
|
+
oidcTokenEndpoint?: string;
|
|
43
|
+
};
|
|
44
|
+
/**
|
|
45
|
+
* Creates a TokenProvider that obtains tokens via the OAuth2 client credentials grant.
|
|
46
|
+
* Tokens are cached and automatically refreshed when expired.
|
|
47
|
+
*
|
|
48
|
+
* **Not for browser use.** Client secrets must not be exposed in client-side code.
|
|
49
|
+
* Use this only in server-side (Node.js/Deno) environments.
|
|
50
|
+
*
|
|
51
|
+
* @example
|
|
52
|
+
* ```ts
|
|
53
|
+
* const client = new OpenTDF({
|
|
54
|
+
* interceptors: [authTokenInterceptor(clientCredentialsTokenProvider({
|
|
55
|
+
* clientId: 'opentdf',
|
|
56
|
+
* clientSecret: 'secret',
|
|
57
|
+
* oidcOrigin: 'http://localhost:8080/auth/realms/opentdf',
|
|
58
|
+
* }))],
|
|
59
|
+
* platformUrl: 'http://localhost:8080',
|
|
60
|
+
* });
|
|
61
|
+
* ```
|
|
62
|
+
*/
|
|
63
|
+
export declare function clientCredentialsTokenProvider(options: ClientCredentialsTokenProviderOptions): TokenProvider;
|
|
64
|
+
/**
|
|
65
|
+
* Creates a TokenProvider that uses a refresh token to obtain access tokens.
|
|
66
|
+
* On the first call, exchanges the refresh token. Subsequent calls use the
|
|
67
|
+
* latest refresh token from the IdP response.
|
|
68
|
+
*
|
|
69
|
+
* @example
|
|
70
|
+
* ```ts
|
|
71
|
+
* const client = new OpenTDF({
|
|
72
|
+
* interceptors: [authTokenInterceptor(refreshTokenProvider({
|
|
73
|
+
* clientId: 'my-app',
|
|
74
|
+
* refreshToken: 'refresh-token-from-login',
|
|
75
|
+
* oidcOrigin: 'http://localhost:8080/auth/realms/opentdf',
|
|
76
|
+
* }))],
|
|
77
|
+
* platformUrl: 'http://localhost:8080',
|
|
78
|
+
* });
|
|
79
|
+
* ```
|
|
80
|
+
*/
|
|
81
|
+
export declare function refreshTokenProvider(options: RefreshTokenProviderOptions): TokenProvider;
|
|
82
|
+
/**
|
|
83
|
+
* Creates a TokenProvider that exchanges an external JWT for a platform token
|
|
84
|
+
* via RFC 8693 token exchange. After the initial exchange, uses the refresh
|
|
85
|
+
* token for subsequent calls.
|
|
86
|
+
*
|
|
87
|
+
* @example
|
|
88
|
+
* ```ts
|
|
89
|
+
* const client = new OpenTDF({
|
|
90
|
+
* interceptors: [authTokenInterceptor(externalJwtTokenProvider({
|
|
91
|
+
* clientId: 'my-app',
|
|
92
|
+
* externalJwt: 'eyJhbGciOi...',
|
|
93
|
+
* oidcOrigin: 'http://localhost:8080/auth/realms/opentdf',
|
|
94
|
+
* }))],
|
|
95
|
+
* platformUrl: 'http://localhost:8080',
|
|
96
|
+
* });
|
|
97
|
+
* ```
|
|
98
|
+
*/
|
|
99
|
+
export declare function externalJwtTokenProvider(options: ExternalJwtTokenProviderOptions): TokenProvider;
|
|
100
|
+
//# sourceMappingURL=token-providers.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token-providers.d.ts","sourceRoot":"","sources":["../../../../src/auth/token-providers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAIvD;;;;;GAKG;AACH,MAAM,MAAM,qCAAqC,GAAG;IAClD,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,+FAA+F;IAC/F,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,2BAA2B,GAAG;IACxC,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,YAAY,EAAE,MAAM,CAAC;IACrB,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,+BAA+B,GAAG;IAC5C,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,gCAAgC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,yEAAyE;IACzE,UAAU,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B,CAAC;AAwEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,qCAAqC,GAC7C,aAAa,CA+Bf;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,2BAA2B,GAAG,aAAa,CAmCxF;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,+BAA+B,GAAG,aAAa,CA0DhG"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
export { type AuthProvider, type HttpMethod, HttpRequest, withHeaders } from './auth/auth.js';
|
|
2
2
|
export * as AuthProviders from './auth/providers.js';
|
|
3
|
+
export { authTokenInterceptor, authTokenDPoPInterceptor, authProviderInterceptor, type AuthConfig, type DPoPInterceptor, type DPoPInterceptorOptions, type Interceptor, type TokenProvider, } from './auth/interceptors.js';
|
|
4
|
+
export { clientCredentialsTokenProvider, refreshTokenProvider, externalJwtTokenProvider, type ClientCredentialsTokenProviderOptions, type RefreshTokenProviderOptions, type ExternalJwtTokenProviderOptions, } from './auth/token-providers.js';
|
|
3
5
|
export { attributeFQNsAsValues } from './policy/api.js';
|
|
4
6
|
export { listAttributes, validateAttributes, attributeExists, attributeValueExists, } from './policy/discovery.js';
|
|
5
7
|
export { version, clientType, tdfSpecVersion } from './version.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,KAAK,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC9F,OAAO,KAAK,aAAa,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,eAAe,EACf,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAClG,cAAc,cAAc,CAAC;AAC7B,OAAO,EACL,QAAQ,EACR,qBAAqB,EACrB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,wBAAwB,EACxB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,cAAc,eAAe,CAAC;AAC9B,cAAc,6BAA6B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,KAAK,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC9F,OAAO,KAAK,aAAa,MAAM,qBAAqB,CAAC;AACrD,OAAO,EACL,oBAAoB,EACpB,wBAAwB,EACxB,uBAAuB,EACvB,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,aAAa,GACnB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,8BAA8B,EAC9B,oBAAoB,EACpB,wBAAwB,EACxB,KAAK,qCAAqC,EAC1C,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,GACrC,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,eAAe,EACf,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,KAAK,qBAAqB,EAAE,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAClG,cAAc,cAAc,CAAC;AAC7B,OAAO,EACL,QAAQ,EACR,qBAAqB,EACrB,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,wBAAwB,EACxB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AACrB,cAAc,eAAe,CAAC;AAC9B,cAAc,6BAA6B,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { type AuthProvider } from './auth/providers.js';
|
|
2
|
+
import { type Interceptor } from '@connectrpc/connect';
|
|
2
3
|
export { Client as TDF3Client } from '../tdf3/src/client/index.js';
|
|
3
4
|
import { type Source } from './seekable.js';
|
|
4
5
|
import { Client as TDF3Client } from '../tdf3/src/client/index.js';
|
|
@@ -104,8 +105,16 @@ export type OpenTDFOptions = {
|
|
|
104
105
|
policyEndpoint?: string;
|
|
105
106
|
/** Platform URL. */
|
|
106
107
|
platformUrl?: string;
|
|
107
|
-
/**
|
|
108
|
-
|
|
108
|
+
/**
|
|
109
|
+
* Connect RPC interceptors for authentication. Preferred over authProvider.
|
|
110
|
+
* Use `authTokenInterceptor()` or `authTokenDPoPInterceptor()` to create interceptors.
|
|
111
|
+
*/
|
|
112
|
+
interceptors?: Interceptor[];
|
|
113
|
+
/**
|
|
114
|
+
* Auth provider for connections to the policy service and KASes.
|
|
115
|
+
* @deprecated since 0.14.0. Use `interceptors` with `authTokenInterceptor()` or `authTokenDPoPInterceptor()` instead.
|
|
116
|
+
*/
|
|
117
|
+
authProvider?: AuthProvider;
|
|
109
118
|
/** Default settings for 'encrypt' type requests. */
|
|
110
119
|
defaultCreateOptions?: Omit<CreateOptions, 'source'>;
|
|
111
120
|
/** Default settings for 'decrypt' type requests. */
|
|
@@ -165,18 +174,10 @@ export type TDFReader = {
|
|
|
165
174
|
* It also requires a platform URL to be set, which is used to fetch key access servers and policies.
|
|
166
175
|
* @example
|
|
167
176
|
* ```
|
|
168
|
-
* import {
|
|
169
|
-
*
|
|
170
|
-
* const oidcCredentials: RefreshTokenCredentials = {
|
|
171
|
-
* clientId: keycloakClientId,
|
|
172
|
-
* exchange: 'refresh',
|
|
173
|
-
* refreshToken: refreshToken,
|
|
174
|
-
* oidcOrigin: keycloakUrl,
|
|
175
|
-
* };
|
|
176
|
-
* const authProvider = await AuthProviders.refreshAuthProvider(oidcCredentials);
|
|
177
|
+
* import { authTokenInterceptor, OpenTDF } from '@opentdf/sdk';
|
|
177
178
|
*
|
|
178
179
|
* const client = new OpenTDF({
|
|
179
|
-
*
|
|
180
|
+
* interceptors: [authTokenInterceptor(() => `${myAuth.token.accessToken}`)],
|
|
180
181
|
* platformUrl: 'https://platform.example.com',
|
|
181
182
|
* });
|
|
182
183
|
*
|
|
@@ -193,8 +194,10 @@ export declare class OpenTDF {
|
|
|
193
194
|
readonly platformUrl: string;
|
|
194
195
|
/** The policy service endpoint */
|
|
195
196
|
readonly policyEndpoint: string;
|
|
196
|
-
/** The auth provider for the OpenTDF instance. */
|
|
197
|
-
readonly authProvider
|
|
197
|
+
/** The auth provider for the OpenTDF instance (deprecated, use interceptors). */
|
|
198
|
+
readonly authProvider?: AuthProvider;
|
|
199
|
+
/** Connect RPC interceptors for authentication. */
|
|
200
|
+
readonly interceptors?: Interceptor[];
|
|
198
201
|
/** If DPoP is enabled for this instance. */
|
|
199
202
|
readonly dpopEnabled: boolean;
|
|
200
203
|
/** Default options for creating TDF objects. */
|
|
@@ -209,7 +212,7 @@ export declare class OpenTDF {
|
|
|
209
212
|
readonly cryptoService: CryptoService;
|
|
210
213
|
/** The TDF3 client for encrypting and decrypting ZTDF files. */
|
|
211
214
|
readonly tdf3Client: TDF3Client;
|
|
212
|
-
constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }: OpenTDFOptions);
|
|
215
|
+
constructor({ authProvider, interceptors, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }: OpenTDFOptions);
|
|
213
216
|
/** Creates a new TDF stream. */
|
|
214
217
|
createTDF(opts: CreateTDFOptions): Promise<DecoratedStream>;
|
|
215
218
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"opentdf.d.ts","sourceRoot":"","sources":["../../../src/opentdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"opentdf.d.ts","sourceRoot":"","sources":["../../../src/opentdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAuC,KAAK,MAAM,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,OAAO,EAAE,MAAM,oCAAoC,CAAC;AAEtF,OAAO,EACL,KAAK,SAAS,EACd,eAAe,EACf,yBAAyB,EAC1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,KAAK,qBAAqB,EAG1B,oBAAoB,EACrB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,KAAK,qBAAqB,EAC3B,MAAM,8CAA8C,CAAC;AACtD,OAAO,EAAE,KAAK,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,EAIL,KAAK,kBAAkB,EACxB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,EACL,KAAK,SAAS,EACd,KAAK,aAAa,EAClB,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,eAAe,EACpB,KAAK,QAAQ,EACb,KAAK,OAAO,EACZ,KAAK,OAAO,EACZ,KAAK,SAAS,EACd,oBAAoB,GACrB,CAAC;AAEF,sDAAsD;AACtD,MAAM,MAAM,IAAI,GAAG;IACjB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,aAAa,CAAC;CAC5C,CAAC;AAEF,8EAA8E;AAC9E,MAAM,MAAM,mBAAmB,GAAG;IAChC,yDAAyD;IACzD,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB,CAAC;AAEF,iFAAiF;AACjF,MAAM,MAAM,aAAa,GAAG;IAC1B,wEAAwE;IACxE,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IAEtB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,kFAAkF;IAClF,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,oEAAoE;IACpE,OAAO,CAAC,EAAE,IAAI,CAAC;IAEf,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,iCAAiC;AACjC,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC;AAE9B,0CAA0C;AAC1C,MAAM,MAAM,QAAQ,GAAG,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC;AAE7C,6EAA6E;AAC7E,MAAM,MAAM,SAAS,GAAG;IACtB,0DAA0D;IAC1D,GAAG,EAAE,MAAM,CAAC;IACZ;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,aAAa,GAAG;IAC9C,wCAAwC;IACxC,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IAErC,qCAAqC;IACrC,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAEpB,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,QAAQ,CAAC;IAEpB,2EAA2E;IAC3E,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;IAExB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,yDAAyD;IACzD,oBAAoB,CAAC,EAAE,qBAAqB,CAAC;IAE7C,kCAAkC;IAClC,cAAc,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;CACpC,CAAC;AAEF,kCAAkC;AAClC,MAAM,MAAM,gBAAgB,GAAG,iBAAiB,CAAC;AAEjD,uDAAuD;AACvD,MAAM,MAAM,WAAW,GAAG;IACxB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,wBAAwB;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,iDAAiD;IACjD,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,4DAA4D;IAC5D,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IACrC,wDAAwD;IACxD,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IACtD,iDAAiD;IACjD,QAAQ,CAAC,EAAE,OAAO,CAAC;IAEnB,gFAAgF;IAChF,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,iDAAiD;IACjD,oBAAoB,CAAC,EAAE,qBAAqB,CAAC;CAC9C,CAAC;AAEF,8EAA8E;AAC9E,MAAM,MAAM,cAAc,GAAG;IAC3B,+BAA+B;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,oBAAoB;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAE7B;;;OAGG;IACH,YAAY,CAAC,EAAE,YAAY,CAAC;IAE5B,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IAErD,oDAAoD;IACpD,kBAAkB,CAAC,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAEjD,6CAA6C;IAC7C,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAE5B;;;;OAIG;IACH,aAAa,CAAC,EAAE,aAAa,CAAC;CAC/B,CAAC;AAEF,mCAAmC;AACnC,MAAM,MAAM,eAAe,GAAG,cAAc,CAAC,UAAU,CAAC,GAAG;IACzD,iFAAiF;IACjF,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5B,wBAAwB;IACxB,QAAQ,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;CAC9B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB;;OAEG;IACH,OAAO,EAAE,MAAM,OAAO,CAAC,eAAe,CAAC,CAAC;IACxC;;OAEG;IACH,KAAK,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3B;;OAEG;IACH,QAAQ,EAAE,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;IAElC;;OAEG;IACH,UAAU,EAAE,MAAM,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAEpC;;OAEG;IACH,WAAW,EAAE,MAAM,OAAO,CAAC,mBAAmB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,OAAO;IAClB,uBAAuB;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,kCAAkC;IAClC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,iFAAiF;IACjF,QAAQ,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACrC,mDAAmD;IACnD,QAAQ,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IACtC,4CAA4C;IAC5C,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,gDAAgD;IAChD,oBAAoB,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;IACpD,+CAA+C;IAC/C,kBAAkB,EAAE,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChD,+CAA+C;IAC/C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IACpC,uGAAuG;IACvG,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,0DAA0D;IAC1D,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,gEAAgE;IAChE,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;gBAEpB,EACV,YAAY,EACZ,YAAY,EACZ,QAAQ,EACR,oBAAoB,EACpB,kBAAkB,EAClB,WAAW,EACX,cAAc,EACd,WAAW,EACX,aAAa,GACd,EAAE,cAAc;IAyDjB,gCAAgC;IAC1B,SAAS,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC;IAIjE;;;OAGG;IACG,UAAU,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,CAAC;IAwBnE,sDAAsD;IACtD,IAAI,CAAC,IAAI,EAAE,WAAW,GAAG,SAAS;IAKlC,2BAA2B;IACrB,IAAI,CAAC,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,CAAC;IAKvD,8DAA8D;IAC9D,KAAK;CAGN"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
export * as platformConnectWeb from '@connectrpc/connect-web';
|
|
2
2
|
export * as platformConnect from '@connectrpc/connect';
|
|
3
|
-
import { AuthProvider } from '../tdf3/index.js';
|
|
3
|
+
import type { AuthProvider } from '../tdf3/index.js';
|
|
4
4
|
import { Client, Interceptor } from '@connectrpc/connect';
|
|
5
5
|
import { WellKnownService } from './platform/wellknownconfiguration/wellknown_configuration_pb.js';
|
|
6
6
|
import { AuthorizationService } from './platform/authorization/authorization_pb.js';
|
|
@@ -37,9 +37,12 @@ export interface PlatformServicesV2 {
|
|
|
37
37
|
authorization: Client<typeof AuthorizationServiceV2>;
|
|
38
38
|
}
|
|
39
39
|
export interface PlatformClientOptions {
|
|
40
|
-
/**
|
|
40
|
+
/**
|
|
41
|
+
* Authentication provider for generating auth interceptor.
|
|
42
|
+
* @deprecated since 0.14.0. Use `interceptors` with `authTokenInterceptor()` or `authTokenDPoPInterceptor()` instead.
|
|
43
|
+
*/
|
|
41
44
|
authProvider?: AuthProvider;
|
|
42
|
-
/** Array of
|
|
45
|
+
/** Array of interceptors to apply to rpc requests. Preferred over authProvider. */
|
|
43
46
|
interceptors?: Interceptor[];
|
|
44
47
|
/** Base URL of the platform API. */
|
|
45
48
|
platformUrl: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"platform.d.ts","sourceRoot":"","sources":["../../../src/platform.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,eAAe,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"platform.d.ts","sourceRoot":"","sources":["../../../src/platform.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,kBAAkB,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,eAAe,MAAM,qBAAqB,CAAC;AAGvD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,MAAM,EAAgB,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iEAAiE,CAAC;AACnG,OAAO,EAAE,oBAAoB,EAAE,MAAM,8CAA8C,CAAC;AACpF,OAAO,EAAE,oBAAoB,IAAI,sBAAsB,EAAE,MAAM,iDAAiD,CAAC;AACjH,OAAO,EAAE,uBAAuB,EAAE,MAAM,qDAAqD,CAAC;AAC9F,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,+CAA+C,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,gEAAgE,CAAC;AAChH,OAAO,EAAE,oBAAoB,EAAE,MAAM,sDAAsD,CAAC;AAC5F,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,iDAAiD,CAAC;AAC/F,OAAO,EAAE,gBAAgB,EAAE,MAAM,+CAA+C,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,MAAM,kEAAkE,CAAC;AAC9G,OAAO,EAAE,sBAAsB,EAAE,MAAM,0DAA0D,CAAC;AAClG,OAAO,EAAE,qBAAqB,EAAE,MAAM,wDAAwD,CAAC;AAC/F,OAAO,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AAEtE,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAC;IACnD,gBAAgB,EAAE,MAAM,CAAC,OAAO,uBAAuB,CAAC,CAAC;IACzD,MAAM,EAAE,MAAM,CAAC,OAAO,aAAa,CAAC,CAAC;IACrC,MAAM,EAAE,MAAM,CAAC,OAAO,aAAa,CAAC,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC,OAAO,iBAAiB,CAAC,CAAC;IAC7C,uBAAuB,EAAE,MAAM,CAAC,OAAO,8BAA8B,CAAC,CAAC;IACvE,aAAa,EAAE,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAC;IACnD,SAAS,EAAE,MAAM,CAAC,OAAO,gBAAgB,CAAC,CAAC;IAC3C,UAAU,EAAE,MAAM,CAAC,OAAO,iBAAiB,CAAC,CAAC;IAC7C,mBAAmB,EAAE,MAAM,CAAC,OAAO,0BAA0B,CAAC,CAAC;IAC/D,eAAe,EAAE,MAAM,CAAC,OAAO,sBAAsB,CAAC,CAAC;IACvD,cAAc,EAAE,MAAM,CAAC,OAAO,qBAAqB,CAAC,CAAC;IACrD,MAAM,EAAE,MAAM,CAAC,OAAO,aAAa,CAAC,CAAC;IACrC,SAAS,EAAE,MAAM,CAAC,OAAO,gBAAgB,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,kBAAkB;IACjC,aAAa,EAAE,MAAM,CAAC,OAAO,sBAAsB,CAAC,CAAC;CACtD;AAED,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,mFAAmF;IACnF,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,oCAAoC;IACpC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,qBAAa,cAAc;IACzB,QAAQ,CAAC,EAAE,EAAE,gBAAgB,CAAC;IAC9B,QAAQ,CAAC,EAAE,EAAE,kBAAkB,CAAC;gBAEpB,OAAO,EAAE,qBAAqB;CAqC3C"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { type AuthConfig } from '../auth/interceptors.js';
|
|
2
2
|
import { Value } from './attributes.js';
|
|
3
3
|
import { Certificate } from '../platform/policy/objects_pb.js';
|
|
4
|
-
export declare function attributeFQNsAsValues(platformUrl: string,
|
|
5
|
-
export declare function getRootCertsFromNamespace(platformUrl: string,
|
|
4
|
+
export declare function attributeFQNsAsValues(platformUrl: string, auth: AuthConfig, ...fqns: string[]): Promise<Value[]>;
|
|
5
|
+
export declare function getRootCertsFromNamespace(platformUrl: string, auth?: AuthConfig, namespaceId?: string, fqn?: string): Promise<Certificate[]>;
|
|
6
6
|
//# sourceMappingURL=api.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../../../src/policy/api.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../../../../src/policy/api.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,UAAU,EAAuB,MAAM,yBAAyB,CAAC;AAG/E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAGxC,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAK/D,wBAAsB,qBAAqB,CACzC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,GAAG,IAAI,EAAE,MAAM,EAAE,GAChB,OAAO,CAAC,KAAK,EAAE,CAAC,CAiClB;AAGD,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE,UAAU,EACjB,WAAW,CAAC,EAAE,MAAM,EACpB,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,WAAW,EAAE,CAAC,CA8BxB"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { type
|
|
1
|
+
import { type AuthConfig } from '../auth/interceptors.js';
|
|
2
2
|
import type { Attribute } from '../platform/policy/objects_pb.js';
|
|
3
3
|
/**
|
|
4
4
|
* Returns all active attributes available on the platform, auto-paginating through all results.
|
|
@@ -19,7 +19,7 @@ import type { Attribute } from '../platform/policy/objects_pb.js';
|
|
|
19
19
|
* }
|
|
20
20
|
* ```
|
|
21
21
|
*/
|
|
22
|
-
export declare function listAttributes(platformUrl: string,
|
|
22
|
+
export declare function listAttributes(platformUrl: string, auth: AuthConfig, namespace?: string): Promise<Attribute[]>;
|
|
23
23
|
/**
|
|
24
24
|
* Checks that all provided attribute value FQNs exist on the platform.
|
|
25
25
|
* Validates FQN format first, then verifies existence via the platform API.
|
|
@@ -42,7 +42,7 @@ export declare function listAttributes(platformUrl: string, authProvider: AuthPr
|
|
|
42
42
|
* // Safe to encrypt — all attributes confirmed present
|
|
43
43
|
* ```
|
|
44
44
|
*/
|
|
45
|
-
export declare function validateAttributes(platformUrl: string,
|
|
45
|
+
export declare function validateAttributes(platformUrl: string, auth: AuthConfig, fqns: string[]): Promise<void>;
|
|
46
46
|
/**
|
|
47
47
|
* Reports whether the attribute definition identified by `attributeFqn` exists on the platform.
|
|
48
48
|
*
|
|
@@ -56,7 +56,7 @@ export declare function validateAttributes(platformUrl: string, authProvider: Au
|
|
|
56
56
|
* @throws {@link ConfigurationError} if the FQN format is invalid or the URL is insecure.
|
|
57
57
|
* @throws {@link NetworkError} if a non-not-found service error occurs.
|
|
58
58
|
*/
|
|
59
|
-
export declare function attributeExists(platformUrl: string,
|
|
59
|
+
export declare function attributeExists(platformUrl: string, auth: AuthConfig, attributeFqn: string): Promise<boolean>;
|
|
60
60
|
/**
|
|
61
61
|
* Reports whether the attribute value FQN exists on the platform.
|
|
62
62
|
*
|
|
@@ -70,5 +70,5 @@ export declare function attributeExists(platformUrl: string, authProvider: AuthP
|
|
|
70
70
|
* @throws {@link ConfigurationError} if the FQN format is invalid or the URL is insecure.
|
|
71
71
|
* @throws {@link NetworkError} if a service error occurs.
|
|
72
72
|
*/
|
|
73
|
-
export declare function attributeValueExists(platformUrl: string,
|
|
73
|
+
export declare function attributeValueExists(platformUrl: string, auth: AuthConfig, valueFqn: string): Promise<boolean>;
|
|
74
74
|
//# sourceMappingURL=discovery.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../../../src/policy/discovery.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,
|
|
1
|
+
{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../../../src/policy/discovery.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,UAAU,EAAuB,MAAM,yBAAyB,CAAC;AAG/E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAC;AAyBlE;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,cAAc,CAClC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,SAAS,EAAE,CAAC,CA6BtB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,IAAI,EAAE,MAAM,EAAE,GACb,OAAO,CAAC,IAAI,CAAC,CAkCf;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,OAAO,CAAC,CAqBlB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,oBAAoB,CACxC,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,CAAC,CAkBlB"}
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
import { fetchKasPublicKey } from '../tdf.js';
|
|
2
2
|
import { CryptoService } from '../crypto/declarations.js';
|
|
3
3
|
import { type AuthProvider, HttpRequest, withHeaders } from '../../../src/auth/auth.js';
|
|
4
|
+
import { type AuthConfig } from '../../../src/auth/interceptors.js';
|
|
5
|
+
import { type Interceptor } from '@connectrpc/connect';
|
|
4
6
|
import { type DecryptParams, DecryptParamsBuilder, type DecryptSource, type EncryptParams, EncryptParamsBuilder } from './builders.js';
|
|
5
7
|
import { DecoratedReadableStream } from './DecoratedReadableStream.js';
|
|
6
8
|
import { type KasPublicKeyInfo, OriginAllowList } from '../../../src/access.js';
|
|
@@ -37,7 +39,10 @@ export interface ClientConfig {
|
|
|
37
39
|
kasPublicKey?: string;
|
|
38
40
|
oidcOrigin?: string;
|
|
39
41
|
externalJwt?: string;
|
|
42
|
+
/** @deprecated since 0.14.0. Use `interceptors` instead. */
|
|
40
43
|
authProvider?: AuthProvider;
|
|
44
|
+
/** Connect RPC interceptors for authentication. Preferred over authProvider. */
|
|
45
|
+
interceptors?: Interceptor[];
|
|
41
46
|
readerUrl?: string;
|
|
42
47
|
entityObjectEndpoint?: string;
|
|
43
48
|
fileStreamServiceWorker?: string;
|
|
@@ -83,7 +88,11 @@ export declare class Client {
|
|
|
83
88
|
readonly kasKeyInfoCache: KasKeyInfoCache;
|
|
84
89
|
readonly easEndpoint?: string;
|
|
85
90
|
readonly clientId?: string;
|
|
86
|
-
|
|
91
|
+
/**
|
|
92
|
+
* Resolved auth configuration. Set once in the constructor from either
|
|
93
|
+
* authProvider or interceptors. Threaded through all internal layers.
|
|
94
|
+
*/
|
|
95
|
+
readonly auth?: AuthConfig;
|
|
87
96
|
readonly readerUrl?: string;
|
|
88
97
|
readonly fileStreamServiceWorker?: string;
|
|
89
98
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/client/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,iBAAiB,EAKlB,MAAM,WAAW,CAAC;AAInB,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,KAAK,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../tdf3/src/client/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAGL,iBAAiB,EAKlB,MAAM,WAAW,CAAC;AAInB,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,KAAK,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxF,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,mCAAmC,CAAC;AACpE,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EACL,KAAK,aAAa,EAClB,oBAAoB,EACpB,KAAK,aAAa,EAIlB,KAAK,aAAa,EAClB,oBAAoB,EAGrB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAEL,KAAK,gBAAgB,EACrB,eAAe,EAChB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,KAAK,OAAO,EAAqB,MAAM,2BAA2B,CAAC;AA2B5E,eAAO,MAAM,cAAc,GACzB,KAAK,MAAM,EACX,KAAK,MAAM,EACX,eAAe,aAAa,EAC5B,MAAM,MAAM,KACX,OAAO,CAAC,gBAAgB,CAQ1B,CAAC;AAsCF,MAAM,WAAW,YAAY;IAC3B,aAAa,CAAC,EAAE,aAAa,CAAC;IAE9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB;;;;OAIG;IACH,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IAErC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,4DAA4D;IAC5D,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,gFAAgF;IAChF,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;CACpD;AAQD,wBAAsB,iBAAiB,CAAC,EACtC,YAAY,EACZ,aAAa,EACb,QAAQ,GACT,EAAE;IACD,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,aAAa,EAAE,aAAa,CAAC;IAC7B,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7B,GAAG,OAAO,CAAC,OAAO,CAAC,CAenB;AAgCD,KAAK,eAAe,GAAG;IACrB,GAAG,UAAU,CAAC,OAAO,iBAAiB,CAAC;IACvC,cAAc,EAAE,UAAU,CAAC,OAAO,iBAAiB,CAAC;CACrD,EAAE,CAAC;AAEJ,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,eAAe,EACtB,GAAG,MAAM,EAAE,UAAU,CAAC,OAAO,iBAAiB,CAAC,oCAmBhD;AAED,QAAA,MAAM,oBAAoB,GACxB,OAAO,eAAe,EACtB,GAAG,QAAQ,UAAU,CAAC,OAAO,iBAAiB,CAAC,KAC9C,UAAU,CAAC,OAAO,iBAAiB,CAQrC,CAAC;AAgDF,qBAAa,MAAM;IACjB,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IAEtC;;OAEG;IACH,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAE7B;;;OAGG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC;;;OAGG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,eAAe,CAAC;IAExC;;;;OAIG;IACH,QAAQ,CAAC,yBAAyB,EAAE,MAAM,EAAE,CAAC;IAE7C;;OAEG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAE9B,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAM;IAE/C,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAE9B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAE3B;;;OAGG;IACH,QAAQ,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC;IAE3B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAE5B,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,CAAC;IAE1C;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAE9B,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IAEpC;;;;;;;;;OASG;gBACS,MAAM,EAAE,YAAY;IA8GhC,uHAAuH;IACvH,uBAAuB,CACrB,GAAG,MAAM,EAAE,UAAU,CAAC,OAAO,oBAAoB,CAAC,GACjD,UAAU,CAAC,OAAO,oBAAoB,CAAC;IAI1C;;;;;;;;;;;;;;OAcG;IACG,OAAO,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,uBAAuB,CAAC;IA2QpE;;;;;;;;;;;OAWG;IACG,OAAO,CAAC,EACZ,MAAM,EACN,SAAS,EACT,aAAgD,EAChD,gBAAoE,EACpE,yBAAyB,EACzB,kBAAkB,EAClB,gBAAoB,EACpB,oBAAoB,EACpB,yBAA8B,GAC/B,EAAE,aAAa,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAyCnD;;;;;;;;;OASG;IACG,WAAW,CAAC,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE;IASjD,aAAa,CAAC,EAAE,MAAM,EAAE,EAAE;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE;CAI1D;AAED,YAAY,EAAE,YAAY,EAAE,CAAC;AAE7B,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,oBAAoB,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { KasPublicKeyAlgorithm, KasPublicKeyInfo, OriginAllowList } from '../../src/access.js';
|
|
2
2
|
import { type AuthProvider } from '../../src/auth/auth.js';
|
|
3
|
+
import { type AuthConfig } from '../../src/auth/interceptors.js';
|
|
3
4
|
import { type Chunker } from '../../src/seekable.js';
|
|
4
5
|
import { AssertionConfig, AssertionVerificationKeys } from './assertions.js';
|
|
5
6
|
import { SymmetricCipher } from './ciphers/symmetric-cipher-base.js';
|
|
@@ -54,7 +55,8 @@ export type EncryptConfiguration = {
|
|
|
54
55
|
contentStream: ReadableStream<Uint8Array>;
|
|
55
56
|
mimeType?: string;
|
|
56
57
|
policy: Policy;
|
|
57
|
-
|
|
58
|
+
/** Auth configuration: AuthProvider or { interceptors }. */
|
|
59
|
+
auth?: AuthConfig;
|
|
58
60
|
byteLimit: number;
|
|
59
61
|
progressHandler?: (bytesProcessed: number) => void;
|
|
60
62
|
keyForEncryption: KeyInfo;
|
|
@@ -67,7 +69,8 @@ export type DecryptConfiguration = {
|
|
|
67
69
|
fulfillableObligations: string[];
|
|
68
70
|
allowedKases?: string[];
|
|
69
71
|
allowList?: OriginAllowList;
|
|
70
|
-
|
|
72
|
+
/** Auth configuration: AuthProvider or { interceptors }. */
|
|
73
|
+
auth?: AuthConfig;
|
|
71
74
|
cryptoService: CryptoService;
|
|
72
75
|
dpopKeys: KeyPair;
|
|
73
76
|
chunker: Chunker;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tdf.d.ts","sourceRoot":"","sources":["../../../../tdf3/src/tdf.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EAIhB,MAAM,qBAAqB,CAAC;AAS7B,OAAO,EAAE,KAAK,YAAY,EAAgB,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"tdf.d.ts","sourceRoot":"","sources":["../../../../tdf3/src/tdf.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EAIhB,MAAM,qBAAqB,CAAC;AAS7B,OAAO,EAAE,KAAK,YAAY,EAAgB,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAajE,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,eAAe,EAAgB,yBAAyB,EAAE,MAAM,iBAAiB,CAAC;AAI3F,OAAO,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAC9E,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,OAAO,EACZ,KAAK,YAAY,EAClB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAEL,aAAa,EACb,OAAO,EACP,QAAQ,EACR,MAAM,EACN,QAAQ,EAER,SAAS,EACT,eAAe,EACf,SAAS,EACV,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,SAAS,EAAwC,MAAM,kBAAkB,CAAC;AACnF,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAczD;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B;;OAEG;IACH,IAAI,CAAC,EAAE,SAAS,CAAC;IAEjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,aAAa,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;AAEpD,MAAM,MAAM,QAAQ,GAAG,OAAO,CAAC;AAE/B,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,aAAa,CAAC;IACpB,GAAG,CAAC,EAAE,qBAAqB,CAAC;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,aAAa,CAAC;CAC9B,CAAC;AAeF,KAAK,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,GAAG;IAC7B,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC,KAAK,IAAI,CAAC;IACxB,MAAM,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;CAChC,CAAC;AAiBF,KAAK,KAAK,GAAG;IACX,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,cAAc,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;CACxC,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,OAAO,CAAC;AAElD,MAAM,MAAM,oBAAoB,GAAG;IACjC,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,aAAa,EAAE,aAAa,CAAC;IAC7B,QAAQ,EAAE,OAAO,CAAC;IAClB,qBAAqB,EAAE,QAAQ,CAAC;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,kBAAkB,CAAC;IACvC,yBAAyB,EAAE,kBAAkB,CAAC;IAC9C,aAAa,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;IACnD,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,4DAA4D;IAC5D,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,aAAa,EAAE,aAAa,CAAC;IAE7B,QAAQ,EAAE,OAAO,CAAC;IAElB,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,aAAa,CAAC;IAC7B,eAAe,CAAC,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,IAAI,CAAC;IACnD,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;IACtD,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oBAAoB,CAAC,EAAE,qBAAqB,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,YAAY,EAAE,YAAY,CAAC;IAE3B,UAAU,EAAE,SAAS,CAAC;IAEtB,eAAe,EAAE,QAAQ,CAAC;IAE1B,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,MAAM,CAAC;AAElD;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,MAAM,EACX,SAAS,CAAC,EAAE,qBAAqB,EACjC,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,gBAAgB,CAAC,CAQ3B;AAED,wBAAsB,uBAAuB,CAC3C,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,qBAAqB,EAC1B,aAAa,EAAE,aAAa,GAC3B,OAAO,CAAC,MAAM,CAAC,CAKjB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CAAC,EACnC,IAAI,EACJ,GAAG,EACH,SAAS,EACT,GAAG,EACH,QAAQ,EACR,GAAQ,EACR,GAAgB,EAChB,aAAa,GACd,EAAE,cAAc,GAAG,OAAO,CAAC,SAAS,CAAC,CA2BrC;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAYzD;AA+ED,wBAAsB,WAAW,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAoT7F;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IACrB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;CACtC,CAAC;AAGF,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAKnF;AAED,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,eAAe,EAAE,EAC5B,YAAY,EAAE,eAAe,GAC5B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CA6BjD;AA4UD,wBAAsB,eAAe,CAAC,EACpC,MAAM,EACN,gBAAgB,EAChB,KAAK,EACL,MAAM,EACN,aAAa,EACb,yBAAyB,EACzB,WAAW,GACZ,EAAE;IACD,MAAM,EAAE,UAAU,CAAC;IACnB,gBAAgB,EAAE,YAAY,CAAC;IAC/B,KAAK,EAAE,KAAK,EAAE,CAAC;IACf,MAAM,EAAE,eAAe,CAAC;IACxB,aAAa,EAAE,aAAa,CAAC;IAC7B,yBAAyB,EAAE,kBAAkB,CAAC;IAC9C,WAAW,EAAE,MAAM,CAAC;CACrB,iBAkCA;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,oBAAoB,oCAGzD;AAED,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,oBAAoB,EACzB,EAAE,QAAQ,EAAE,SAAS,EAAE,gBAAgB,EAAE,EAAE,oBAAoB,oCA8JhE"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { isPublicKeyAlgorithm, OriginAllowList, } from '../access.js';
|
|
2
|
+
import { resolveInterceptors } from '../auth/interceptors.js';
|
|
2
3
|
import { ConfigurationError, InvalidFileError, NetworkError, PermissionDeniedError, ServiceError, UnauthenticatedError, } from '../errors.js';
|
|
3
4
|
import { PlatformClient } from '../platform.js';
|
|
4
5
|
import { extractRpcErrorMessage, getPlatformUrlFromKasEndpoint, validateSecureUrl, } from '../utils.js';
|
|
@@ -12,9 +13,9 @@ import { ConnectError, Code } from '@connectrpc/connect';
|
|
|
12
13
|
* @param rewrapAdditionalContextHeader optional value for 'X-Rewrap-Additional-Context'
|
|
13
14
|
* @param clientVersion
|
|
14
15
|
*/
|
|
15
|
-
export async function fetchWrappedKey(url, signedRequestToken,
|
|
16
|
+
export async function fetchWrappedKey(url, signedRequestToken, auth, rewrapAdditionalContextHeader) {
|
|
16
17
|
const platformUrl = getPlatformUrlFromKasEndpoint(url);
|
|
17
|
-
const platform = new PlatformClient({
|
|
18
|
+
const platform = new PlatformClient({ interceptors: resolveInterceptors(auth), platformUrl });
|
|
18
19
|
const options = {};
|
|
19
20
|
if (rewrapAdditionalContextHeader) {
|
|
20
21
|
options.headers = {
|
|
@@ -79,10 +80,10 @@ export function handleRpcRewrapErrorString(e, platformUrl, requiredObligations)
|
|
|
79
80
|
}
|
|
80
81
|
throw new NetworkError(`[${platformUrl}] [Rewrap] ${e}`);
|
|
81
82
|
}
|
|
82
|
-
export async function fetchKeyAccessServers(platformUrl,
|
|
83
|
+
export async function fetchKeyAccessServers(platformUrl, auth) {
|
|
83
84
|
let nextOffset = 0;
|
|
84
85
|
const allServers = [];
|
|
85
|
-
const platform = new PlatformClient({
|
|
86
|
+
const platform = new PlatformClient({ interceptors: resolveInterceptors(auth), platformUrl });
|
|
86
87
|
do {
|
|
87
88
|
let response;
|
|
88
89
|
try {
|
|
@@ -178,4 +179,4 @@ export async function fetchKasBasePubKey(kasEndpoint) {
|
|
|
178
179
|
throw new NetworkError(`[${platformUrl}] [PublicKey] ${extractRpcErrorMessage(e)}`);
|
|
179
180
|
}
|
|
180
181
|
}
|
|
181
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
182
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLXJwYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hY2Nlc3MvYWNjZXNzLXJwYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFDQSxPQUFPLEVBQ0wsb0JBQW9CLEVBR3BCLGVBQWUsR0FDaEIsTUFBTSxjQUFjLENBQUM7QUFFdEIsT0FBTyxFQUFtQixtQkFBbUIsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBQy9FLE9BQU8sRUFDTCxrQkFBa0IsRUFDbEIsZ0JBQWdCLEVBQ2hCLFlBQVksRUFDWixxQkFBcUIsRUFDckIsWUFBWSxFQUNaLG9CQUFvQixHQUNyQixNQUFNLGNBQWMsQ0FBQztBQUN0QixPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFHaEQsT0FBTyxFQUNMLHNCQUFzQixFQUN0Qiw2QkFBNkIsRUFDN0IsaUJBQWlCLEdBQ2xCLE1BQU0sYUFBYSxDQUFDO0FBQ3JCLE9BQU8sRUFBRSwyQkFBMkIsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBQzdELE9BQU8sRUFBRSxZQUFZLEVBQUUsSUFBSSxFQUFFLE1BQU0scUJBQXFCLENBQUM7QUFFekQ7Ozs7Ozs7R0FPRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsZUFBZSxDQUNuQyxHQUFXLEVBQ1gsa0JBQTBCLEVBQzFCLElBQWdCLEVBQ2hCLDZCQUFzQztJQUV0QyxNQUFNLFdBQVcsR0FBRyw2QkFBNkIsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUN2RCxNQUFNLFFBQVEsR0FBRyxJQUFJLGNBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBQzlGLE1BQU0sT0FBTyxHQUFnQixFQUFFLENBQUM7SUFDaEMsSUFBSSw2QkFBNkIsRUFBRSxDQUFDO1FBQ2xDLE9BQU8sQ0FBQyxPQUFPLEdBQUc7WUFDaEIsQ0FBQywyQkFBMkIsQ0FBQyxFQUFFLDZCQUE2QjtTQUM3RCxDQUFDO0lBQ0osQ0FBQztJQUNELElBQUksUUFBd0IsQ0FBQztJQUM3QixJQUFJLENBQUM7UUFDSCxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsRUFBRSxrQkFBa0IsRUFBRSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQzlFLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsb0JBQW9CLENBQUMsQ0FBQyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFDRCxPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQsTUFBTSxVQUFVLG9CQUFvQixDQUFDLENBQVUsRUFBRSxXQUFtQjtJQUNsRSxJQUFJLENBQUMsWUFBWSxZQUFZLEVBQUUsQ0FBQztRQUM5QixPQUFPLENBQUMsR0FBRyxDQUFDLG9DQUFvQyxFQUFFLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMxRCxRQUFRLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUNmLEtBQUssSUFBSSxDQUFDLGVBQWUsRUFBRSxrQkFBa0I7Z0JBQzNDLE1BQU0sSUFBSSxnQkFBZ0IsQ0FBQyxZQUFZLFdBQVcsMEJBQTBCLENBQUMsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQzVGLEtBQUssSUFBSSxDQUFDLGdCQUFnQixFQUFFLGdCQUFnQjtnQkFDMUMsTUFBTSxJQUFJLHFCQUFxQixDQUFDLFlBQVksV0FBVyw2QkFBNkIsQ0FBQyxDQUFDO1lBQ3hGLEtBQUssSUFBSSxDQUFDLGVBQWUsRUFBRSxtQkFBbUI7Z0JBQzVDLE1BQU0sSUFBSSxvQkFBb0IsQ0FBQyxZQUFZLFdBQVcsd0JBQXdCLENBQUMsQ0FBQztZQUNsRixLQUFLLElBQUksQ0FBQyxRQUFRLENBQUM7WUFDbkIsS0FBSyxJQUFJLENBQUMsYUFBYSxDQUFDO1lBQ3hCLEtBQUssSUFBSSxDQUFDLFFBQVEsQ0FBQztZQUNuQixLQUFLLElBQUksQ0FBQyxPQUFPLENBQUM7WUFDbEIsS0FBSyxJQUFJLENBQUMsZ0JBQWdCLENBQUM7WUFDM0IsS0FBSyxJQUFJLENBQUMsV0FBVyxFQUFFLHFCQUFxQjtnQkFDMUMsTUFBTSxJQUFJLFlBQVksQ0FDcEIsR0FBRyxDQUFDLENBQUMsSUFBSSxTQUFTLFdBQVcsMkNBQTJDLENBQUMsQ0FBQyxPQUFPLEdBQUcsQ0FDckYsQ0FBQztZQUNKO2dCQUNFLE1BQU0sSUFBSSxZQUFZLENBQUMsSUFBSSxXQUFXLGNBQWMsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDckUsQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLElBQUksWUFBWSxDQUFDLElBQUksV0FBVyxjQUFjLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztBQUNuRixDQUFDO0FBRUQsTUFBTSxVQUFVLDBCQUEwQixDQUN4QyxDQUFTLEVBQ1QsV0FBbUIsRUFDbkIsbUJBQThCO0lBRTlCLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUMzQyxrQkFBa0I7UUFDbEIsTUFBTSxJQUFJLGdCQUFnQixDQUFDLFlBQVksV0FBVywwQkFBMEIsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBQ0QsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDNUMsSUFBSSxtQkFBbUIsSUFBSSxtQkFBbUIsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDMUQsTUFBTSxJQUFJLHFCQUFxQixDQUM3QixZQUFZLFdBQVcsNkJBQTZCLEVBQ3BELG1CQUFtQixDQUNwQixDQUFDO1FBQ0osQ0FBQztRQUNELE1BQU0sSUFBSSxxQkFBcUIsQ0FBQyxZQUFZLFdBQVcsNkJBQTZCLENBQUMsQ0FBQztJQUN4RixDQUFDO0lBQ0QsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQzNDLG1CQUFtQjtRQUNuQixNQUFNLElBQUksb0JBQW9CLENBQUMsWUFBWSxXQUFXLHdCQUF3QixDQUFDLENBQUM7SUFDbEYsQ0FBQztJQUNELElBQ0UsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQy9CLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUNwQyxDQUFDLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDL0IsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzlCLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ3ZDLENBQUMsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxFQUNsQyxDQUFDO1FBQ0QsUUFBUTtRQUNSLE1BQU0sSUFBSSxZQUFZLENBQUMsU0FBUyxXQUFXLDJDQUEyQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzlGLENBQUM7SUFDRCxNQUFNLElBQUksWUFBWSxDQUFDLElBQUksV0FBVyxjQUFjLENBQUMsRUFBRSxDQUFDLENBQUM7QUFDM0QsQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLFdBQW1CLEVBQ25CLElBQWdCO0lBRWhCLElBQUksVUFBVSxHQUFHLENBQUMsQ0FBQztJQUNuQixNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7SUFDdEIsTUFBTSxRQUFRLEdBQUcsSUFBSSxjQUFjLENBQUMsRUFBRSxZQUFZLEVBQUUsbUJBQW1CLENBQUMsSUFBSSxDQUFDLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUU5RixHQUFHLENBQUM7UUFDRixJQUFJLFFBQXNDLENBQUM7UUFDM0MsSUFBSSxDQUFDO1lBQ0gsUUFBUSxHQUFHLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyx1QkFBdUIsQ0FBQyxvQkFBb0IsQ0FBQztnQkFDeEUsVUFBVSxFQUFFO29CQUNWLE1BQU0sRUFBRSxVQUFVO2lCQUNuQjthQUNGLENBQUMsQ0FBQztRQUNMLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1gsTUFBTSxJQUFJLFlBQVksQ0FDcEIsSUFBSSxXQUFXLDRCQUE0QixzQkFBc0IsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUN2RSxDQUFDO1FBQ0osQ0FBQztRQUVELFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxRQUFRLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUM5QyxVQUFVLEdBQUcsUUFBUSxFQUFFLFVBQVUsRUFBRSxVQUFVLElBQUksQ0FBQyxDQUFDO0lBQ3JELENBQUMsUUFBUSxVQUFVLEdBQUcsQ0FBQyxFQUFFO0lBRXpCLE1BQU0sVUFBVSxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUMxRCx3QkFBd0I7SUFDeEIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxXQUFXLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDL0MsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELE9BQU8sSUFBSSxlQUFlLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDO0FBQ2hELENBQUM7QUFZRCxTQUFTLFNBQVMsQ0FBQyxPQUFpQjtJQUNsQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDYixPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFDRCxNQUFNLEVBQUUsR0FBRyxPQUEwQixDQUFDO0lBQ3RDLE9BQU8sQ0FDTCxDQUFDLENBQUMsRUFBRSxDQUFDLE9BQU87UUFDWixDQUFDLENBQUMsRUFBRSxDQUFDLFVBQVU7UUFDZixPQUFPLEVBQUUsQ0FBQyxVQUFVLEtBQUssUUFBUTtRQUNqQyxDQUFDLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxHQUFHO1FBQ25CLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVM7UUFDekIsb0JBQW9CLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FDOUMsQ0FBQztBQUNKLENBQUM7QUFFRCxNQUFNLENBQUMsS0FBSyxVQUFVLGNBQWMsQ0FDbEMsV0FBbUIsRUFDbkIsU0FBaUM7SUFFakMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSxrQkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzNELENBQUM7SUFDRCx1REFBdUQ7SUFDdkQsaUJBQWlCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0IsTUFBTSxXQUFXLEdBQUcsNkJBQTZCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDL0QsTUFBTSxRQUFRLEdBQUcsSUFBSSxjQUFjLENBQUM7UUFDbEMsV0FBVztLQUNaLENBQUMsQ0FBQztJQUNILElBQUksQ0FBQztRQUNILE1BQU0sRUFBRSxHQUFHLEVBQUUsU0FBUyxFQUFFLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUM7WUFDNUQsU0FBUyxFQUFFLFNBQVMsSUFBSSxVQUFVO1lBQ2xDLENBQUMsRUFBRSxHQUFHO1NBQ1AsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQXFCO1lBQy9CLFNBQVM7WUFDVCxHQUFHLEVBQUUsV0FBVztZQUNoQixTQUFTLEVBQUUsU0FBUyxJQUFJLFVBQVU7WUFDbEMsR0FBRyxDQUFDLEdBQUcsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1NBQ3BCLENBQUM7UUFDRixPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSxZQUFZLENBQUMsSUFBSSxXQUFXLGlCQUFpQixzQkFBc0IsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDdEYsQ0FBQztBQUNILENBQUM7QUFFRDs7Ozs7O0dBTUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGtCQUFrQixDQUFDLFdBQW1CO0lBQzFELElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksa0JBQWtCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUMzRCxDQUFDO0lBQ0QsaUJBQWlCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0IsTUFBTSxXQUFXLEdBQUcsNkJBQTZCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDL0QsTUFBTSxRQUFRLEdBQUcsSUFBSSxjQUFjLENBQUM7UUFDbEMsV0FBVztLQUNaLENBQUMsQ0FBQztJQUNILElBQUksQ0FBQztRQUNILE1BQU0sRUFBRSxhQUFhLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsU0FBUyxDQUFDLHlCQUF5QixDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3BGLE1BQU0sT0FBTyxHQUFHLGFBQWEsRUFBRSxRQUFzQyxDQUFDO1FBQ3RFLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksWUFBWSxDQUNwQixvQ0FBb0MsV0FBVyxnREFBZ0QsQ0FDaEcsQ0FBQztRQUNKLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBcUI7WUFDL0IsU0FBUyxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsR0FBRztZQUNqQyxHQUFHLEVBQUUsT0FBTyxDQUFDLE9BQU87WUFDcEIsU0FBUyxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsU0FBUztZQUN2QyxHQUFHLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxHQUFHO1NBQzVCLENBQUM7UUFDRixPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSxZQUFZLENBQUMsSUFBSSxXQUFXLGlCQUFpQixzQkFBc0IsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDdEYsQ0FBQztBQUNILENBQUMifQ==
|