@optimizely-opal/opal-tool-ocp-sdk 0.0.0-OCP-1487.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +631 -0
- package/dist/auth/AuthUtils.d.ts +31 -0
- package/dist/auth/AuthUtils.d.ts.map +1 -0
- package/dist/auth/AuthUtils.js +64 -0
- package/dist/auth/AuthUtils.js.map +1 -0
- package/dist/auth/AuthUtils.test.d.ts +2 -0
- package/dist/auth/AuthUtils.test.d.ts.map +1 -0
- package/dist/auth/AuthUtils.test.js +469 -0
- package/dist/auth/AuthUtils.test.js.map +1 -0
- package/dist/auth/TokenVerifier.d.ts +31 -0
- package/dist/auth/TokenVerifier.d.ts.map +1 -0
- package/dist/auth/TokenVerifier.js +127 -0
- package/dist/auth/TokenVerifier.js.map +1 -0
- package/dist/auth/TokenVerifier.test.d.ts +2 -0
- package/dist/auth/TokenVerifier.test.d.ts.map +1 -0
- package/dist/auth/TokenVerifier.test.js +125 -0
- package/dist/auth/TokenVerifier.test.js.map +1 -0
- package/dist/decorator/Decorator.d.ts +48 -0
- package/dist/decorator/Decorator.d.ts.map +1 -0
- package/dist/decorator/Decorator.js +53 -0
- package/dist/decorator/Decorator.js.map +1 -0
- package/dist/decorator/Decorator.test.d.ts +2 -0
- package/dist/decorator/Decorator.test.d.ts.map +1 -0
- package/dist/decorator/Decorator.test.js +528 -0
- package/dist/decorator/Decorator.test.js.map +1 -0
- package/dist/function/GlobalToolFunction.d.ts +28 -0
- package/dist/function/GlobalToolFunction.d.ts.map +1 -0
- package/dist/function/GlobalToolFunction.js +56 -0
- package/dist/function/GlobalToolFunction.js.map +1 -0
- package/dist/function/GlobalToolFunction.test.d.ts +2 -0
- package/dist/function/GlobalToolFunction.test.d.ts.map +1 -0
- package/dist/function/GlobalToolFunction.test.js +425 -0
- package/dist/function/GlobalToolFunction.test.js.map +1 -0
- package/dist/function/ToolFunction.d.ts +28 -0
- package/dist/function/ToolFunction.d.ts.map +1 -0
- package/dist/function/ToolFunction.js +60 -0
- package/dist/function/ToolFunction.js.map +1 -0
- package/dist/function/ToolFunction.test.d.ts +2 -0
- package/dist/function/ToolFunction.test.d.ts.map +1 -0
- package/dist/function/ToolFunction.test.js +314 -0
- package/dist/function/ToolFunction.test.js.map +1 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +26 -0
- package/dist/index.js.map +1 -0
- package/dist/service/Service.d.ts +80 -0
- package/dist/service/Service.d.ts.map +1 -0
- package/dist/service/Service.js +210 -0
- package/dist/service/Service.js.map +1 -0
- package/dist/service/Service.test.d.ts +2 -0
- package/dist/service/Service.test.d.ts.map +1 -0
- package/dist/service/Service.test.js +427 -0
- package/dist/service/Service.test.js.map +1 -0
- package/dist/types/Models.d.ts +126 -0
- package/dist/types/Models.d.ts.map +1 -0
- package/dist/types/Models.js +181 -0
- package/dist/types/Models.js.map +1 -0
- package/package.json +64 -0
- package/src/auth/AuthUtils.test.ts +586 -0
- package/src/auth/AuthUtils.ts +66 -0
- package/src/auth/TokenVerifier.test.ts +165 -0
- package/src/auth/TokenVerifier.ts +145 -0
- package/src/decorator/Decorator.test.ts +649 -0
- package/src/decorator/Decorator.ts +111 -0
- package/src/function/GlobalToolFunction.test.ts +505 -0
- package/src/function/GlobalToolFunction.ts +61 -0
- package/src/function/ToolFunction.test.ts +374 -0
- package/src/function/ToolFunction.ts +64 -0
- package/src/index.ts +5 -0
- package/src/service/Service.test.ts +661 -0
- package/src/service/Service.ts +213 -0
- package/src/types/Models.ts +163 -0
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.AuthUtils = void 0;
|
|
4
|
+
const app_sdk_1 = require("@zaiusinc/app-sdk");
|
|
5
|
+
const TokenVerifier_1 = require("./TokenVerifier");
|
|
6
|
+
/**
|
|
7
|
+
* Common authentication utilities for all function types
|
|
8
|
+
*/
|
|
9
|
+
class AuthUtils {
|
|
10
|
+
/**
|
|
11
|
+
* Validate the OptiID access token
|
|
12
|
+
*
|
|
13
|
+
* @param accessToken - The access token to validate
|
|
14
|
+
* @returns true if the token is valid
|
|
15
|
+
*/
|
|
16
|
+
static async validateAccessToken(accessToken) {
|
|
17
|
+
try {
|
|
18
|
+
if (!accessToken) {
|
|
19
|
+
return false;
|
|
20
|
+
}
|
|
21
|
+
const tokenVerifier = await (0, TokenVerifier_1.getTokenVerifier)();
|
|
22
|
+
return await tokenVerifier.verify(accessToken);
|
|
23
|
+
}
|
|
24
|
+
catch (error) {
|
|
25
|
+
app_sdk_1.logger.error('OptiID token validation failed:', error);
|
|
26
|
+
return false;
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Extract and validate basic OptiID authentication data from request
|
|
31
|
+
*
|
|
32
|
+
* @param request - The incoming request
|
|
33
|
+
* @returns object with authData and accessToken, or null if invalid
|
|
34
|
+
*/
|
|
35
|
+
static extractAuthData(request) {
|
|
36
|
+
const authData = request?.bodyJSON?.auth;
|
|
37
|
+
const accessToken = authData?.credentials?.access_token;
|
|
38
|
+
if (!accessToken || authData?.provider?.toLowerCase() !== 'optiid') {
|
|
39
|
+
app_sdk_1.logger.error('OptiID token is required but not provided');
|
|
40
|
+
return null;
|
|
41
|
+
}
|
|
42
|
+
return { authData, accessToken };
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Validate organization ID matches the app context
|
|
46
|
+
*
|
|
47
|
+
* @param customerId - The customer ID from the auth data
|
|
48
|
+
* @returns true if the organization ID is valid
|
|
49
|
+
*/
|
|
50
|
+
static validateOrganizationId(customerId) {
|
|
51
|
+
if (!customerId) {
|
|
52
|
+
app_sdk_1.logger.error('Organisation ID is required but not provided');
|
|
53
|
+
return false;
|
|
54
|
+
}
|
|
55
|
+
const appOrganisationId = (0, app_sdk_1.getAppContext)()?.account?.organizationId;
|
|
56
|
+
if (customerId !== appOrganisationId) {
|
|
57
|
+
app_sdk_1.logger.error(`Invalid organisation ID: expected ${appOrganisationId}, received ${customerId}`);
|
|
58
|
+
return false;
|
|
59
|
+
}
|
|
60
|
+
return true;
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
exports.AuthUtils = AuthUtils;
|
|
64
|
+
//# sourceMappingURL=AuthUtils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AuthUtils.js","sourceRoot":"","sources":["../../src/auth/AuthUtils.ts"],"names":[],"mappings":";;;AAAA,+CAA0D;AAC1D,mDAAmD;AAGnD;;GAEG;AACH,MAAa,SAAS;IAEpB;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,WAA+B;QACrE,IAAI,CAAC;YACH,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,KAAK,CAAC;YACf,CAAC;YACD,MAAM,aAAa,GAAG,MAAM,IAAA,gCAAgB,GAAE,CAAC;YAC/C,OAAO,MAAM,aAAa,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gBAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,eAAe,CAAC,OAAY;QACxC,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,EAAE,IAAsB,CAAC;QAC3D,MAAM,WAAW,GAAG,QAAQ,EAAE,WAAW,EAAE,YAAY,CAAC;QACxD,IAAI,CAAC,WAAW,IAAI,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;YACnE,gBAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,sBAAsB,CAAC,UAA8B;QACjE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,gBAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAC7D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,iBAAiB,GAAG,IAAA,uBAAa,GAAE,EAAE,OAAO,EAAE,cAAc,CAAC;QACnE,IAAI,UAAU,KAAK,iBAAiB,EAAE,CAAC;YACrC,gBAAM,CAAC,KAAK,CAAC,qCAAqC,iBAAiB,cAAc,UAAU,EAAE,CAAC,CAAC;YAC/F,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AA1DD,8BA0DC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AuthUtils.test.d.ts","sourceRoot":"","sources":["../../src/auth/AuthUtils.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,469 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const AuthUtils_1 = require("./AuthUtils");
|
|
4
|
+
const app_sdk_1 = require("@zaiusinc/app-sdk");
|
|
5
|
+
const TokenVerifier_1 = require("./TokenVerifier");
|
|
6
|
+
// Mock the dependencies
|
|
7
|
+
jest.mock('./TokenVerifier', () => ({
|
|
8
|
+
getTokenVerifier: jest.fn(),
|
|
9
|
+
}));
|
|
10
|
+
jest.mock('@zaiusinc/app-sdk', () => ({
|
|
11
|
+
getAppContext: jest.fn(),
|
|
12
|
+
logger: {
|
|
13
|
+
info: jest.fn(),
|
|
14
|
+
error: jest.fn(),
|
|
15
|
+
warn: jest.fn(),
|
|
16
|
+
debug: jest.fn(),
|
|
17
|
+
},
|
|
18
|
+
}));
|
|
19
|
+
describe('AuthUtils', () => {
|
|
20
|
+
let mockGetTokenVerifier;
|
|
21
|
+
let mockGetAppContext;
|
|
22
|
+
let mockTokenVerifier;
|
|
23
|
+
beforeEach(() => {
|
|
24
|
+
jest.clearAllMocks();
|
|
25
|
+
// Create mock token verifier
|
|
26
|
+
mockTokenVerifier = {
|
|
27
|
+
verify: jest.fn(),
|
|
28
|
+
};
|
|
29
|
+
// Setup the mocks
|
|
30
|
+
mockGetTokenVerifier = jest.mocked(TokenVerifier_1.getTokenVerifier);
|
|
31
|
+
mockGetAppContext = jest.mocked(app_sdk_1.getAppContext);
|
|
32
|
+
mockGetTokenVerifier.mockResolvedValue(mockTokenVerifier);
|
|
33
|
+
mockGetAppContext.mockReturnValue({
|
|
34
|
+
account: {
|
|
35
|
+
organizationId: 'app-org-123'
|
|
36
|
+
}
|
|
37
|
+
});
|
|
38
|
+
});
|
|
39
|
+
describe('validateAccessToken', () => {
|
|
40
|
+
it('should return true for valid token', async () => {
|
|
41
|
+
// Arrange
|
|
42
|
+
const validToken = 'valid-access-token';
|
|
43
|
+
mockTokenVerifier.verify.mockResolvedValue(true);
|
|
44
|
+
// Act
|
|
45
|
+
const result = await AuthUtils_1.AuthUtils.validateAccessToken(validToken);
|
|
46
|
+
// Assert
|
|
47
|
+
expect(result).toBe(true);
|
|
48
|
+
expect(mockGetTokenVerifier).toHaveBeenCalledTimes(1);
|
|
49
|
+
expect(mockTokenVerifier.verify).toHaveBeenCalledWith(validToken);
|
|
50
|
+
expect(app_sdk_1.logger.error).not.toHaveBeenCalled();
|
|
51
|
+
});
|
|
52
|
+
it('should return false for invalid token', async () => {
|
|
53
|
+
// Arrange
|
|
54
|
+
const invalidToken = 'invalid-access-token';
|
|
55
|
+
mockTokenVerifier.verify.mockResolvedValue(false);
|
|
56
|
+
// Act
|
|
57
|
+
const result = await AuthUtils_1.AuthUtils.validateAccessToken(invalidToken);
|
|
58
|
+
// Assert
|
|
59
|
+
expect(result).toBe(false);
|
|
60
|
+
expect(mockGetTokenVerifier).toHaveBeenCalledTimes(1);
|
|
61
|
+
expect(mockTokenVerifier.verify).toHaveBeenCalledWith(invalidToken);
|
|
62
|
+
expect(app_sdk_1.logger.error).not.toHaveBeenCalled();
|
|
63
|
+
});
|
|
64
|
+
it('should return false for undefined token', async () => {
|
|
65
|
+
// Act
|
|
66
|
+
const result = await AuthUtils_1.AuthUtils.validateAccessToken(undefined);
|
|
67
|
+
// Assert
|
|
68
|
+
expect(result).toBe(false);
|
|
69
|
+
expect(mockGetTokenVerifier).not.toHaveBeenCalled();
|
|
70
|
+
expect(mockTokenVerifier.verify).not.toHaveBeenCalled();
|
|
71
|
+
expect(app_sdk_1.logger.error).not.toHaveBeenCalled();
|
|
72
|
+
});
|
|
73
|
+
it('should return false for null token', async () => {
|
|
74
|
+
// Act
|
|
75
|
+
const result = await AuthUtils_1.AuthUtils.validateAccessToken(null);
|
|
76
|
+
// Assert
|
|
77
|
+
expect(result).toBe(false);
|
|
78
|
+
expect(mockGetTokenVerifier).not.toHaveBeenCalled();
|
|
79
|
+
expect(mockTokenVerifier.verify).not.toHaveBeenCalled();
|
|
80
|
+
expect(app_sdk_1.logger.error).not.toHaveBeenCalled();
|
|
81
|
+
});
|
|
82
|
+
it('should return false for empty string token', async () => {
|
|
83
|
+
// Act
|
|
84
|
+
const result = await AuthUtils_1.AuthUtils.validateAccessToken('');
|
|
85
|
+
// Assert
|
|
86
|
+
expect(result).toBe(false);
|
|
87
|
+
expect(mockGetTokenVerifier).not.toHaveBeenCalled();
|
|
88
|
+
expect(mockTokenVerifier.verify).not.toHaveBeenCalled();
|
|
89
|
+
expect(app_sdk_1.logger.error).not.toHaveBeenCalled();
|
|
90
|
+
});
|
|
91
|
+
it('should return false and log error when getTokenVerifier fails', async () => {
|
|
92
|
+
// Arrange
|
|
93
|
+
const validToken = 'valid-access-token';
|
|
94
|
+
const error = new Error('Failed to get token verifier');
|
|
95
|
+
mockGetTokenVerifier.mockRejectedValue(error);
|
|
96
|
+
// Act
|
|
97
|
+
const result = await AuthUtils_1.AuthUtils.validateAccessToken(validToken);
|
|
98
|
+
// Assert
|
|
99
|
+
expect(result).toBe(false);
|
|
100
|
+
expect(mockGetTokenVerifier).toHaveBeenCalledTimes(1);
|
|
101
|
+
expect(mockTokenVerifier.verify).not.toHaveBeenCalled();
|
|
102
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token validation failed:', error);
|
|
103
|
+
});
|
|
104
|
+
it('should return false and log error when token verification throws', async () => {
|
|
105
|
+
// Arrange
|
|
106
|
+
const validToken = 'valid-access-token';
|
|
107
|
+
const error = new Error('Token verification failed');
|
|
108
|
+
mockTokenVerifier.verify.mockRejectedValue(error);
|
|
109
|
+
// Act
|
|
110
|
+
const result = await AuthUtils_1.AuthUtils.validateAccessToken(validToken);
|
|
111
|
+
// Assert
|
|
112
|
+
expect(result).toBe(false);
|
|
113
|
+
expect(mockGetTokenVerifier).toHaveBeenCalledTimes(1);
|
|
114
|
+
expect(mockTokenVerifier.verify).toHaveBeenCalledWith(validToken);
|
|
115
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token validation failed:', error);
|
|
116
|
+
});
|
|
117
|
+
it('should handle whitespace-only token', async () => {
|
|
118
|
+
// Arrange
|
|
119
|
+
mockTokenVerifier.verify.mockResolvedValue(false);
|
|
120
|
+
// Act
|
|
121
|
+
const result = await AuthUtils_1.AuthUtils.validateAccessToken(' ');
|
|
122
|
+
// Assert - whitespace-only string should be treated as truthy and passed to verifier
|
|
123
|
+
expect(result).toBe(false);
|
|
124
|
+
expect(mockGetTokenVerifier).toHaveBeenCalledTimes(1);
|
|
125
|
+
expect(mockTokenVerifier.verify).toHaveBeenCalledWith(' ');
|
|
126
|
+
});
|
|
127
|
+
});
|
|
128
|
+
describe('extractAuthData', () => {
|
|
129
|
+
const createValidRequest = () => ({
|
|
130
|
+
bodyJSON: {
|
|
131
|
+
auth: {
|
|
132
|
+
provider: 'OptiID',
|
|
133
|
+
credentials: {
|
|
134
|
+
access_token: 'valid-access-token',
|
|
135
|
+
customer_id: 'org-123',
|
|
136
|
+
instance_id: 'instance-456',
|
|
137
|
+
product_sku: 'OPAL'
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
});
|
|
142
|
+
it('should extract auth data successfully from valid request', () => {
|
|
143
|
+
// Arrange
|
|
144
|
+
const request = createValidRequest();
|
|
145
|
+
// Act
|
|
146
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
147
|
+
// Assert
|
|
148
|
+
expect(result).not.toBeNull();
|
|
149
|
+
expect(result?.authData).toBe(request.bodyJSON.auth);
|
|
150
|
+
expect(result?.accessToken).toBe('valid-access-token');
|
|
151
|
+
expect(app_sdk_1.logger.error).not.toHaveBeenCalled();
|
|
152
|
+
});
|
|
153
|
+
it('should handle case-insensitive provider name', () => {
|
|
154
|
+
// Arrange
|
|
155
|
+
const request = createValidRequest();
|
|
156
|
+
request.bodyJSON.auth.provider = 'optiid'; // lowercase
|
|
157
|
+
// Act
|
|
158
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
159
|
+
// Assert
|
|
160
|
+
expect(result).not.toBeNull();
|
|
161
|
+
expect(result?.authData).toBe(request.bodyJSON.auth);
|
|
162
|
+
expect(result?.accessToken).toBe('valid-access-token');
|
|
163
|
+
expect(app_sdk_1.logger.error).not.toHaveBeenCalled();
|
|
164
|
+
});
|
|
165
|
+
it('should handle mixed case provider name', () => {
|
|
166
|
+
// Arrange
|
|
167
|
+
const request = createValidRequest();
|
|
168
|
+
request.bodyJSON.auth.provider = 'OpTiId'; // mixed case
|
|
169
|
+
// Act
|
|
170
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
171
|
+
// Assert
|
|
172
|
+
expect(result).not.toBeNull();
|
|
173
|
+
expect(result?.authData).toBe(request.bodyJSON.auth);
|
|
174
|
+
expect(result?.accessToken).toBe('valid-access-token');
|
|
175
|
+
expect(app_sdk_1.logger.error).not.toHaveBeenCalled();
|
|
176
|
+
});
|
|
177
|
+
it('should return null when access token is missing', () => {
|
|
178
|
+
// Arrange
|
|
179
|
+
const request = createValidRequest();
|
|
180
|
+
delete request.bodyJSON.auth.credentials.access_token;
|
|
181
|
+
// Act
|
|
182
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
183
|
+
// Assert
|
|
184
|
+
expect(result).toBeNull();
|
|
185
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
186
|
+
});
|
|
187
|
+
it('should return null when access token is undefined', () => {
|
|
188
|
+
// Arrange
|
|
189
|
+
const request = createValidRequest();
|
|
190
|
+
request.bodyJSON.auth.credentials.access_token = undefined;
|
|
191
|
+
// Act
|
|
192
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
193
|
+
// Assert
|
|
194
|
+
expect(result).toBeNull();
|
|
195
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
196
|
+
});
|
|
197
|
+
it('should return null when access token is empty string', () => {
|
|
198
|
+
// Arrange
|
|
199
|
+
const request = createValidRequest();
|
|
200
|
+
request.bodyJSON.auth.credentials.access_token = '';
|
|
201
|
+
// Act
|
|
202
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
203
|
+
// Assert
|
|
204
|
+
expect(result).toBeNull();
|
|
205
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
206
|
+
});
|
|
207
|
+
it('should return null when provider is not OptiID', () => {
|
|
208
|
+
// Arrange
|
|
209
|
+
const request = createValidRequest();
|
|
210
|
+
request.bodyJSON.auth.provider = 'SomeOtherProvider';
|
|
211
|
+
// Act
|
|
212
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
213
|
+
// Assert
|
|
214
|
+
expect(result).toBeNull();
|
|
215
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
216
|
+
});
|
|
217
|
+
it('should return null when provider is missing', () => {
|
|
218
|
+
// Arrange
|
|
219
|
+
const request = createValidRequest();
|
|
220
|
+
delete request.bodyJSON.auth.provider;
|
|
221
|
+
// Act
|
|
222
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
223
|
+
// Assert
|
|
224
|
+
expect(result).toBeNull();
|
|
225
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
226
|
+
});
|
|
227
|
+
it('should return null when auth structure is missing', () => {
|
|
228
|
+
// Arrange
|
|
229
|
+
const request = {
|
|
230
|
+
bodyJSON: {
|
|
231
|
+
parameters: { some: 'data' }
|
|
232
|
+
}
|
|
233
|
+
};
|
|
234
|
+
// Act
|
|
235
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
236
|
+
// Assert
|
|
237
|
+
expect(result).toBeNull();
|
|
238
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
239
|
+
});
|
|
240
|
+
it('should return null when credentials structure is missing', () => {
|
|
241
|
+
// Arrange
|
|
242
|
+
const request = {
|
|
243
|
+
bodyJSON: {
|
|
244
|
+
auth: {
|
|
245
|
+
provider: 'OptiID'
|
|
246
|
+
}
|
|
247
|
+
}
|
|
248
|
+
};
|
|
249
|
+
// Act
|
|
250
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
251
|
+
// Assert
|
|
252
|
+
expect(result).toBeNull();
|
|
253
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
254
|
+
});
|
|
255
|
+
it('should return null when bodyJSON is missing', () => {
|
|
256
|
+
// Arrange
|
|
257
|
+
const request = {};
|
|
258
|
+
// Act
|
|
259
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
260
|
+
// Assert
|
|
261
|
+
expect(result).toBeNull();
|
|
262
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
263
|
+
});
|
|
264
|
+
it('should return null when request is null', () => {
|
|
265
|
+
// Act
|
|
266
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(null);
|
|
267
|
+
// Assert
|
|
268
|
+
expect(result).toBeNull();
|
|
269
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
270
|
+
});
|
|
271
|
+
it('should return null when request is undefined', () => {
|
|
272
|
+
// Act
|
|
273
|
+
const result = AuthUtils_1.AuthUtils.extractAuthData(undefined);
|
|
274
|
+
// Assert
|
|
275
|
+
expect(result).toBeNull();
|
|
276
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
277
|
+
});
|
|
278
|
+
});
|
|
279
|
+
describe('validateOrganizationId', () => {
|
|
280
|
+
beforeEach(() => {
|
|
281
|
+
mockGetAppContext.mockReturnValue({
|
|
282
|
+
account: {
|
|
283
|
+
organizationId: 'app-org-123'
|
|
284
|
+
}
|
|
285
|
+
});
|
|
286
|
+
});
|
|
287
|
+
it('should return true when customer ID matches app organization ID', () => {
|
|
288
|
+
// Act
|
|
289
|
+
const result = AuthUtils_1.AuthUtils.validateOrganizationId('app-org-123');
|
|
290
|
+
// Assert
|
|
291
|
+
expect(result).toBe(true);
|
|
292
|
+
expect(mockGetAppContext).toHaveBeenCalledTimes(1);
|
|
293
|
+
expect(app_sdk_1.logger.error).not.toHaveBeenCalled();
|
|
294
|
+
});
|
|
295
|
+
it('should return false when customer ID does not match app organization ID', () => {
|
|
296
|
+
// Act
|
|
297
|
+
const result = AuthUtils_1.AuthUtils.validateOrganizationId('different-org-456');
|
|
298
|
+
// Assert
|
|
299
|
+
expect(result).toBe(false);
|
|
300
|
+
expect(mockGetAppContext).toHaveBeenCalledTimes(1);
|
|
301
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('Invalid organisation ID: expected app-org-123, received different-org-456');
|
|
302
|
+
});
|
|
303
|
+
it('should return false when customer ID is undefined', () => {
|
|
304
|
+
// Act
|
|
305
|
+
const result = AuthUtils_1.AuthUtils.validateOrganizationId(undefined);
|
|
306
|
+
// Assert
|
|
307
|
+
expect(result).toBe(false);
|
|
308
|
+
expect(mockGetAppContext).not.toHaveBeenCalled();
|
|
309
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('Organisation ID is required but not provided');
|
|
310
|
+
});
|
|
311
|
+
it('should return false when customer ID is null', () => {
|
|
312
|
+
// Act
|
|
313
|
+
const result = AuthUtils_1.AuthUtils.validateOrganizationId(null);
|
|
314
|
+
// Assert
|
|
315
|
+
expect(result).toBe(false);
|
|
316
|
+
expect(mockGetAppContext).not.toHaveBeenCalled();
|
|
317
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('Organisation ID is required but not provided');
|
|
318
|
+
});
|
|
319
|
+
it('should return false when customer ID is empty string', () => {
|
|
320
|
+
// Act
|
|
321
|
+
const result = AuthUtils_1.AuthUtils.validateOrganizationId('');
|
|
322
|
+
// Assert
|
|
323
|
+
expect(result).toBe(false);
|
|
324
|
+
expect(mockGetAppContext).not.toHaveBeenCalled();
|
|
325
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('Organisation ID is required but not provided');
|
|
326
|
+
});
|
|
327
|
+
it('should handle case when app context has no account', () => {
|
|
328
|
+
// Arrange
|
|
329
|
+
mockGetAppContext.mockReturnValue({});
|
|
330
|
+
// Act
|
|
331
|
+
const result = AuthUtils_1.AuthUtils.validateOrganizationId('some-org-123');
|
|
332
|
+
// Assert
|
|
333
|
+
expect(result).toBe(false);
|
|
334
|
+
expect(mockGetAppContext).toHaveBeenCalledTimes(1);
|
|
335
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('Invalid organisation ID: expected undefined, received some-org-123');
|
|
336
|
+
});
|
|
337
|
+
it('should handle case when app context account has no organizationId', () => {
|
|
338
|
+
// Arrange
|
|
339
|
+
mockGetAppContext.mockReturnValue({
|
|
340
|
+
account: {}
|
|
341
|
+
});
|
|
342
|
+
// Act
|
|
343
|
+
const result = AuthUtils_1.AuthUtils.validateOrganizationId('some-org-123');
|
|
344
|
+
// Assert
|
|
345
|
+
expect(result).toBe(false);
|
|
346
|
+
expect(mockGetAppContext).toHaveBeenCalledTimes(1);
|
|
347
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('Invalid organisation ID: expected undefined, received some-org-123');
|
|
348
|
+
});
|
|
349
|
+
it('should handle case when app context is null', () => {
|
|
350
|
+
// Arrange
|
|
351
|
+
mockGetAppContext.mockReturnValue(null);
|
|
352
|
+
// Act
|
|
353
|
+
const result = AuthUtils_1.AuthUtils.validateOrganizationId('some-org-123');
|
|
354
|
+
// Assert
|
|
355
|
+
expect(result).toBe(false);
|
|
356
|
+
expect(mockGetAppContext).toHaveBeenCalledTimes(1);
|
|
357
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('Invalid organisation ID: expected undefined, received some-org-123');
|
|
358
|
+
});
|
|
359
|
+
it('should be case-sensitive for organization ID matching', () => {
|
|
360
|
+
// Arrange
|
|
361
|
+
mockGetAppContext.mockReturnValue({
|
|
362
|
+
account: {
|
|
363
|
+
organizationId: 'App-Org-123' // different case
|
|
364
|
+
}
|
|
365
|
+
});
|
|
366
|
+
// Act
|
|
367
|
+
const result = AuthUtils_1.AuthUtils.validateOrganizationId('app-org-123');
|
|
368
|
+
// Assert
|
|
369
|
+
expect(result).toBe(false);
|
|
370
|
+
expect(mockGetAppContext).toHaveBeenCalledTimes(1);
|
|
371
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('Invalid organisation ID: expected App-Org-123, received app-org-123');
|
|
372
|
+
});
|
|
373
|
+
it('should handle whitespace-only customer ID', () => {
|
|
374
|
+
// Act
|
|
375
|
+
const result = AuthUtils_1.AuthUtils.validateOrganizationId(' ');
|
|
376
|
+
// Assert
|
|
377
|
+
expect(result).toBe(false);
|
|
378
|
+
expect(mockGetAppContext).toHaveBeenCalledTimes(1);
|
|
379
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('Invalid organisation ID: expected app-org-123, received ');
|
|
380
|
+
});
|
|
381
|
+
});
|
|
382
|
+
describe('integration scenarios', () => {
|
|
383
|
+
it('should handle complete authentication flow for valid request', async () => {
|
|
384
|
+
// Arrange
|
|
385
|
+
const request = {
|
|
386
|
+
bodyJSON: {
|
|
387
|
+
auth: {
|
|
388
|
+
provider: 'OptiID',
|
|
389
|
+
credentials: {
|
|
390
|
+
access_token: 'valid-access-token',
|
|
391
|
+
customer_id: 'app-org-123',
|
|
392
|
+
instance_id: 'instance-456',
|
|
393
|
+
product_sku: 'OPAL'
|
|
394
|
+
}
|
|
395
|
+
}
|
|
396
|
+
}
|
|
397
|
+
};
|
|
398
|
+
mockGetAppContext.mockReturnValue({
|
|
399
|
+
account: {
|
|
400
|
+
organizationId: 'app-org-123'
|
|
401
|
+
}
|
|
402
|
+
});
|
|
403
|
+
mockTokenVerifier.verify.mockResolvedValue(true);
|
|
404
|
+
// Act
|
|
405
|
+
const authInfo = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
406
|
+
const isValidOrg = authInfo
|
|
407
|
+
? AuthUtils_1.AuthUtils.validateOrganizationId(authInfo.authData.credentials?.customer_id)
|
|
408
|
+
: false;
|
|
409
|
+
const isValidToken = authInfo ? await AuthUtils_1.AuthUtils.validateAccessToken(authInfo.accessToken) : false;
|
|
410
|
+
// Assert
|
|
411
|
+
expect(authInfo).not.toBeNull();
|
|
412
|
+
expect(isValidOrg).toBe(true);
|
|
413
|
+
expect(isValidToken).toBe(true);
|
|
414
|
+
expect(app_sdk_1.logger.error).not.toHaveBeenCalled();
|
|
415
|
+
});
|
|
416
|
+
it('should handle complete authentication flow for invalid provider', async () => {
|
|
417
|
+
// Arrange
|
|
418
|
+
const request = {
|
|
419
|
+
bodyJSON: {
|
|
420
|
+
auth: {
|
|
421
|
+
provider: 'SomeOtherProvider',
|
|
422
|
+
credentials: {
|
|
423
|
+
access_token: 'valid-access-token',
|
|
424
|
+
customer_id: 'app-org-123',
|
|
425
|
+
instance_id: 'instance-456',
|
|
426
|
+
product_sku: 'OPAL'
|
|
427
|
+
}
|
|
428
|
+
}
|
|
429
|
+
}
|
|
430
|
+
};
|
|
431
|
+
// Act
|
|
432
|
+
const authInfo = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
433
|
+
// Assert
|
|
434
|
+
expect(authInfo).toBeNull();
|
|
435
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('OptiID token is required but not provided');
|
|
436
|
+
});
|
|
437
|
+
it('should handle complete authentication flow for organization mismatch', async () => {
|
|
438
|
+
// Arrange
|
|
439
|
+
const request = {
|
|
440
|
+
bodyJSON: {
|
|
441
|
+
auth: {
|
|
442
|
+
provider: 'OptiID',
|
|
443
|
+
credentials: {
|
|
444
|
+
access_token: 'valid-access-token',
|
|
445
|
+
customer_id: 'different-org-456',
|
|
446
|
+
instance_id: 'instance-456',
|
|
447
|
+
product_sku: 'OPAL'
|
|
448
|
+
}
|
|
449
|
+
}
|
|
450
|
+
}
|
|
451
|
+
};
|
|
452
|
+
mockGetAppContext.mockReturnValue({
|
|
453
|
+
account: {
|
|
454
|
+
organizationId: 'app-org-123'
|
|
455
|
+
}
|
|
456
|
+
});
|
|
457
|
+
// Act
|
|
458
|
+
const authInfo = AuthUtils_1.AuthUtils.extractAuthData(request);
|
|
459
|
+
const isValidOrg = authInfo
|
|
460
|
+
? AuthUtils_1.AuthUtils.validateOrganizationId(authInfo.authData.credentials?.customer_id)
|
|
461
|
+
: false;
|
|
462
|
+
// Assert
|
|
463
|
+
expect(authInfo).not.toBeNull();
|
|
464
|
+
expect(isValidOrg).toBe(false);
|
|
465
|
+
expect(app_sdk_1.logger.error).toHaveBeenCalledWith('Invalid organisation ID: expected app-org-123, received different-org-456');
|
|
466
|
+
});
|
|
467
|
+
});
|
|
468
|
+
});
|
|
469
|
+
//# sourceMappingURL=AuthUtils.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AuthUtils.test.js","sourceRoot":"","sources":["../../src/auth/AuthUtils.test.ts"],"names":[],"mappings":";;AAAA,2CAAwC;AACxC,+CAA0D;AAC1D,mDAAmD;AAGnD,wBAAwB;AACxB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,GAAG,EAAE,CAAC,CAAC;IAClC,gBAAgB,EAAE,IAAI,CAAC,EAAE,EAAE;CAC5B,CAAC,CAAC,CAAC;AAEJ,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,GAAG,EAAE,CAAC,CAAC;IACpC,aAAa,EAAE,IAAI,CAAC,EAAE,EAAE;IACxB,MAAM,EAAE;QACN,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;QACf,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;QAChB,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE;QACf,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE;KACjB;CACF,CAAC,CAAC,CAAC;AAEJ,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,IAAI,oBAAkE,CAAC;IACvE,IAAI,iBAA4D,CAAC;IACjE,IAAI,iBAEF,CAAC;IAEH,UAAU,CAAC,GAAG,EAAE;QACd,IAAI,CAAC,aAAa,EAAE,CAAC;QAErB,6BAA6B;QAC7B,iBAAiB,GAAG;YAClB,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE;SAClB,CAAC;QAEF,kBAAkB;QAClB,oBAAoB,GAAG,IAAI,CAAC,MAAM,CAAC,gCAAgB,CAAC,CAAC;QACrD,iBAAiB,GAAG,IAAI,CAAC,MAAM,CAAC,uBAAa,CAAC,CAAC;QAE/C,oBAAoB,CAAC,iBAAiB,CAAC,iBAAwB,CAAC,CAAC;QACjE,iBAAiB,CAAC,eAAe,CAAC;YAChC,OAAO,EAAE;gBACP,cAAc,EAAE,aAAa;aAC9B;SACK,CAAC,CAAC;IACZ,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,UAAU;YACV,MAAM,UAAU,GAAG,oBAAoB,CAAC;YACxC,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAEjD,MAAM;YACN,MAAM,MAAM,GAAG,MAAM,qBAAS,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;YAE/D,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,MAAM,CAAC,oBAAoB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACtD,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;YAClE,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,UAAU;YACV,MAAM,YAAY,GAAG,sBAAsB,CAAC;YAC5C,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAElD,MAAM;YACN,MAAM,MAAM,GAAG,MAAM,qBAAS,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;YAEjE,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,oBAAoB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACtD,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC;YACpE,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM;YACN,MAAM,MAAM,GAAG,MAAM,qBAAS,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;YAE9D,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,oBAAoB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACpD,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACxD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAClD,MAAM;YACN,MAAM,MAAM,GAAG,MAAM,qBAAS,CAAC,mBAAmB,CAAC,IAAW,CAAC,CAAC;YAEhE,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,oBAAoB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACpD,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACxD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM;YACN,MAAM,MAAM,GAAG,MAAM,qBAAS,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC;YAEvD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,oBAAoB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACpD,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACxD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;YAC7E,UAAU;YACV,MAAM,UAAU,GAAG,oBAAoB,CAAC;YACxC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;YACxD,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAE9C,MAAM;YACN,MAAM,MAAM,GAAG,MAAM,qBAAS,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;YAE/D,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,oBAAoB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACtD,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACxD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QACtF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;YAChF,UAAU;YACV,MAAM,UAAU,GAAG,oBAAoB,CAAC;YACxC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YACrD,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAElD,MAAM;YACN,MAAM,MAAM,GAAG,MAAM,qBAAS,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;YAE/D,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,oBAAoB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACtD,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;YAClE,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QACtF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,UAAU;YACV,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAElD,MAAM;YACN,MAAM,MAAM,GAAG,MAAM,qBAAS,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAE1D,qFAAqF;YACrF,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,oBAAoB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACtD,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC/B,MAAM,kBAAkB,GAAG,GAAQ,EAAE,CAAC,CAAC;YACrC,QAAQ,EAAE;gBACR,IAAI,EAAE;oBACJ,QAAQ,EAAE,QAAQ;oBAClB,WAAW,EAAE;wBACX,YAAY,EAAE,oBAAoB;wBAClC,WAAW,EAAE,SAAS;wBACtB,WAAW,EAAE,cAAc;wBAC3B,WAAW,EAAE,MAAM;qBACpB;iBACgB;aACpB;SACF,CAAC,CAAC;QAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;YAClE,UAAU;YACV,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YAErC,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC9B,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YACvD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,UAAU;YACV,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,YAAY;YAEvD,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC9B,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YACvD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,UAAU;YACV,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC,CAAC,aAAa;YAExD,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC9B,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YACvD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACzD,UAAU;YACV,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC;YAEtD,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,UAAU;YACV,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,GAAG,SAAS,CAAC;YAE3D,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,UAAU;YACV,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,GAAG,EAAE,CAAC;YAEpD,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,UAAU;YACV,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,GAAG,mBAAmB,CAAC;YAErD,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,UAAU;YACV,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC;YAEtC,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,UAAU;YACV,MAAM,OAAO,GAAG;gBACd,QAAQ,EAAE;oBACR,UAAU,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;iBAC7B;aACF,CAAC;YAEF,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;YAClE,UAAU;YACV,MAAM,OAAO,GAAG;gBACd,QAAQ,EAAE;oBACR,IAAI,EAAE;wBACJ,QAAQ,EAAE,QAAQ;qBACnB;iBACF;aACF,CAAC;YAEF,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,UAAU;YACV,MAAM,OAAO,GAAG,EAAE,CAAC;YAEnB,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAElD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAE/C,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;YAEpD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,UAAU,CAAC,GAAG,EAAE;YACd,iBAAiB,CAAC,eAAe,CAAC;gBAChC,OAAO,EAAE;oBACP,cAAc,EAAE,aAAa;iBAC9B;aACK,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;YACzE,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,sBAAsB,CAAC,aAAa,CAAC,CAAC;YAE/D,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yEAAyE,EAAE,GAAG,EAAE;YACjF,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,CAAC;YAErE,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CACvC,2EAA2E,CAC5E,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;YAE3D,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACjD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,8CAA8C,CAAC,CAAC;QAC5F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,sBAAsB,CAAC,IAAW,CAAC,CAAC;YAE7D,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACjD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,8CAA8C,CAAC,CAAC;QAC5F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;YAEpD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACjD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,8CAA8C,CAAC,CAAC;QAC5F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,UAAU;YACV,iBAAiB,CAAC,eAAe,CAAC,EAAS,CAAC,CAAC;YAE7C,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,sBAAsB,CAAC,cAAc,CAAC,CAAC;YAEhE,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CACvC,oEAAoE,CACrE,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;YAC3E,UAAU;YACV,iBAAiB,CAAC,eAAe,CAAC;gBAChC,OAAO,EAAE,EAAE;aACL,CAAC,CAAC;YAEV,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,sBAAsB,CAAC,cAAc,CAAC,CAAC;YAEhE,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CACvC,oEAAoE,CACrE,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,UAAU;YACV,iBAAiB,CAAC,eAAe,CAAC,IAAW,CAAC,CAAC;YAE/C,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,sBAAsB,CAAC,cAAc,CAAC,CAAC;YAEhE,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CACvC,oEAAoE,CACrE,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,UAAU;YACV,iBAAiB,CAAC,eAAe,CAAC;gBAChC,OAAO,EAAE;oBACP,cAAc,EAAE,aAAa,CAAC,iBAAiB;iBAChD;aACK,CAAC,CAAC;YAEV,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,sBAAsB,CAAC,aAAa,CAAC,CAAC;YAE/D,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CACvC,qEAAqE,CACtE,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM;YACN,MAAM,MAAM,GAAG,qBAAS,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;YAEvD,SAAS;YACT,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC3B,MAAM,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CACvC,6DAA6D,CAC9D,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;YAC5E,UAAU;YACV,MAAM,OAAO,GAAG;gBACd,QAAQ,EAAE;oBACR,IAAI,EAAE;wBACJ,QAAQ,EAAE,QAAQ;wBAClB,WAAW,EAAE;4BACX,YAAY,EAAE,oBAAoB;4BAClC,WAAW,EAAE,aAAa;4BAC1B,WAAW,EAAE,cAAc;4BAC3B,WAAW,EAAE,MAAM;yBACpB;qBACgB;iBACpB;aACF,CAAC;YAEF,iBAAiB,CAAC,eAAe,CAAC;gBAChC,OAAO,EAAE;oBACP,cAAc,EAAE,aAAa;iBAC9B;aACK,CAAC,CAAC;YAEV,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAEjD,MAAM;YACN,MAAM,QAAQ,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,QAAQ;gBACzB,CAAC,CAAC,qBAAS,CAAC,sBAAsB,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;gBAC9E,CAAC,CAAC,KAAK,CAAC;YACV,MAAM,YAAY,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,qBAAS,CAAC,mBAAmB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YAElG,SAAS;YACT,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAChC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9B,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChC,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;YAC/E,UAAU;YACV,MAAM,OAAO,GAAG;gBACd,QAAQ,EAAE;oBACR,IAAI,EAAE;wBACJ,QAAQ,EAAE,mBAAmB;wBAC7B,WAAW,EAAE;4BACX,YAAY,EAAE,oBAAoB;4BAClC,WAAW,EAAE,aAAa;4BAC1B,WAAW,EAAE,cAAc;4BAC3B,WAAW,EAAE,MAAM;yBACpB;qBACgB;iBACpB;aACF,CAAC;YAEF,MAAM;YACN,MAAM,QAAQ,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAEpD,SAAS;YACT,MAAM,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC5B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sEAAsE,EAAE,KAAK,IAAI,EAAE;YACpF,UAAU;YACV,MAAM,OAAO,GAAG;gBACd,QAAQ,EAAE;oBACR,IAAI,EAAE;wBACJ,QAAQ,EAAE,QAAQ;wBAClB,WAAW,EAAE;4BACX,YAAY,EAAE,oBAAoB;4BAClC,WAAW,EAAE,mBAAmB;4BAChC,WAAW,EAAE,cAAc;4BAC3B,WAAW,EAAE,MAAM;yBACpB;qBACgB;iBACpB;aACF,CAAC;YAEF,iBAAiB,CAAC,eAAe,CAAC;gBAChC,OAAO,EAAE;oBACP,cAAc,EAAE,aAAa;iBAC9B;aACK,CAAC,CAAC;YAEV,MAAM;YACN,MAAM,QAAQ,GAAG,qBAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,QAAQ;gBACzB,CAAC,CAAC,qBAAS,CAAC,sBAAsB,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;gBAC9E,CAAC,CAAC,KAAK,CAAC;YAEV,SAAS;YACT,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAChC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC/B,MAAM,CAAC,gBAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CACvC,2EAA2E,CAC5E,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
export declare class TokenVerifier {
|
|
2
|
+
private static instance;
|
|
3
|
+
private jwksUri?;
|
|
4
|
+
private issuer?;
|
|
5
|
+
private jwks?;
|
|
6
|
+
private initialized;
|
|
7
|
+
/**
|
|
8
|
+
* Verify the provided Optimizely JWT token string
|
|
9
|
+
* @param token JWT token string to verify
|
|
10
|
+
* @returns boolean true if verification successful, false otherwise
|
|
11
|
+
* @throws Error if token is null, empty, or verifier is not properly configured
|
|
12
|
+
*/
|
|
13
|
+
verify(token: string | undefined): Promise<boolean>;
|
|
14
|
+
private static getInstance;
|
|
15
|
+
/**
|
|
16
|
+
* Get singleton instance of TokenVerifier and ensure it's initialized
|
|
17
|
+
* @returns Promise<TokenVerifier> - initialized singleton instance
|
|
18
|
+
*/
|
|
19
|
+
static getInitializedInstance(): Promise<TokenVerifier>;
|
|
20
|
+
/**
|
|
21
|
+
* Initialize the TokenVerifier with discovery document from well-known endpoint
|
|
22
|
+
*/
|
|
23
|
+
private initialize;
|
|
24
|
+
/**
|
|
25
|
+
* Fetch discovery document from well-known endpoint
|
|
26
|
+
*/
|
|
27
|
+
private fetchDiscoveryDocument;
|
|
28
|
+
private verifyToken;
|
|
29
|
+
}
|
|
30
|
+
export declare const getTokenVerifier: () => Promise<TokenVerifier>;
|
|
31
|
+
//# sourceMappingURL=TokenVerifier.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TokenVerifier.d.ts","sourceRoot":"","sources":["../../src/auth/TokenVerifier.ts"],"names":[],"mappings":"AAkCA,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAA8B;IACrD,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,IAAI,CAAC,CAAwC;IACrD,OAAO,CAAC,WAAW,CAAkB;IAErC;;;;;OAKG;IACU,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAQhE,OAAO,CAAC,MAAM,CAAC,WAAW;IAO1B;;;OAGG;WACiB,sBAAsB,IAAI,OAAO,CAAC,aAAa,CAAC;IAQpE;;OAEG;YACW,UAAU;IAyBxB;;OAEG;YACW,sBAAsB;YAetB,WAAW;CAsB1B;AAED,eAAO,MAAM,gBAAgB,QAAa,OAAO,CAAC,aAAa,CAA2C,CAAC"}
|