@powersync/service-core 1.13.3 → 1.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +43 -0
- package/dist/api/diagnostics.js +31 -1
- package/dist/api/diagnostics.js.map +1 -1
- package/dist/auth/CachedKeyCollector.js +26 -2
- package/dist/auth/CachedKeyCollector.js.map +1 -1
- package/dist/auth/KeySpec.d.ts +1 -0
- package/dist/auth/KeySpec.js +12 -0
- package/dist/auth/KeySpec.js.map +1 -1
- package/dist/auth/KeyStore.d.ts +19 -0
- package/dist/auth/KeyStore.js +17 -5
- package/dist/auth/KeyStore.js.map +1 -1
- package/dist/auth/RemoteJWKSCollector.d.ts +3 -0
- package/dist/auth/RemoteJWKSCollector.js +9 -3
- package/dist/auth/RemoteJWKSCollector.js.map +1 -1
- package/dist/auth/StaticSupabaseKeyCollector.d.ts +2 -1
- package/dist/auth/StaticSupabaseKeyCollector.js +1 -1
- package/dist/auth/StaticSupabaseKeyCollector.js.map +1 -1
- package/dist/auth/utils.d.ts +19 -0
- package/dist/auth/utils.js +106 -3
- package/dist/auth/utils.js.map +1 -1
- package/dist/entry/commands/compact-action.js +10 -1
- package/dist/entry/commands/compact-action.js.map +1 -1
- package/dist/metrics/open-telemetry/util.js +3 -1
- package/dist/metrics/open-telemetry/util.js.map +1 -1
- package/dist/replication/AbstractReplicator.js +2 -2
- package/dist/replication/AbstractReplicator.js.map +1 -1
- package/dist/routes/auth.d.ts +1 -21
- package/dist/routes/auth.js +1 -97
- package/dist/routes/auth.js.map +1 -1
- package/dist/routes/configure-fastify.js +2 -1
- package/dist/routes/configure-fastify.js.map +1 -1
- package/dist/routes/endpoints/socket-route.js +1 -8
- package/dist/routes/endpoints/socket-route.js.map +1 -1
- package/dist/routes/endpoints/sync-stream.js +17 -4
- package/dist/routes/endpoints/sync-stream.js.map +1 -1
- package/dist/routes/route-register.d.ts +4 -0
- package/dist/routes/route-register.js +29 -15
- package/dist/routes/route-register.js.map +1 -1
- package/dist/storage/BucketStorageBatch.d.ts +12 -2
- package/dist/storage/BucketStorageBatch.js.map +1 -1
- package/dist/storage/SourceEntity.d.ts +5 -4
- package/dist/storage/SourceTable.d.ts +22 -20
- package/dist/storage/SourceTable.js +34 -30
- package/dist/storage/SourceTable.js.map +1 -1
- package/dist/storage/SyncRulesBucketStorage.d.ts +11 -5
- package/dist/storage/SyncRulesBucketStorage.js.map +1 -1
- package/dist/sync/BucketChecksumState.d.ts +1 -1
- package/dist/sync/BucketChecksumState.js +1 -1
- package/dist/sync/BucketChecksumState.js.map +1 -1
- package/dist/sync/util.d.ts +3 -1
- package/dist/sync/util.js +29 -1
- package/dist/sync/util.js.map +1 -1
- package/dist/util/config/compound-config-collector.js +22 -12
- package/dist/util/config/compound-config-collector.js.map +1 -1
- package/dist/util/config/types.d.ts +0 -12
- package/dist/util/lsn.d.ts +4 -0
- package/dist/util/lsn.js +11 -0
- package/dist/util/lsn.js.map +1 -0
- package/dist/util/util-index.d.ts +2 -0
- package/dist/util/util-index.js +2 -0
- package/dist/util/util-index.js.map +1 -1
- package/dist/util/version.d.ts +1 -0
- package/dist/util/version.js +3 -0
- package/dist/util/version.js.map +1 -0
- package/package.json +7 -5
- package/src/api/diagnostics.ts +33 -1
- package/src/auth/CachedKeyCollector.ts +25 -3
- package/src/auth/KeySpec.ts +14 -0
- package/src/auth/KeyStore.ts +29 -5
- package/src/auth/RemoteJWKSCollector.ts +11 -4
- package/src/auth/StaticSupabaseKeyCollector.ts +1 -1
- package/src/auth/utils.ts +123 -3
- package/src/entry/commands/compact-action.ts +9 -1
- package/src/metrics/open-telemetry/util.ts +4 -1
- package/src/replication/AbstractReplicator.ts +2 -2
- package/src/routes/auth.ts +1 -124
- package/src/routes/configure-fastify.ts +3 -1
- package/src/routes/endpoints/socket-route.ts +1 -7
- package/src/routes/endpoints/sync-stream.ts +29 -21
- package/src/routes/route-register.ts +41 -15
- package/src/storage/BucketStorageBatch.ts +13 -2
- package/src/storage/SourceEntity.ts +5 -5
- package/src/storage/SourceTable.ts +48 -34
- package/src/storage/SyncRulesBucketStorage.ts +14 -7
- package/src/sync/BucketChecksumState.ts +2 -2
- package/src/sync/util.ts +31 -2
- package/src/util/config/compound-config-collector.ts +23 -15
- package/src/util/config/types.ts +0 -11
- package/src/util/lsn.ts +8 -0
- package/src/util/util-index.ts +2 -0
- package/src/util/version.ts +3 -0
- package/test/src/auth.test.ts +323 -1
- package/test/src/sync/BucketChecksumState.test.ts +36 -35
- package/tsconfig.tsbuildinfo +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,48 @@
|
|
|
1
1
|
# @powersync/service-core
|
|
2
2
|
|
|
3
|
+
## 1.14.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- b1add5a: [MongoDB Storage] Compact action now also compacts parameter lookup storage.
|
|
8
|
+
- 2378e36: Drop support for legacy Supabase keys via app.settings.jwt_secret.
|
|
9
|
+
- 4ebc3bf: Report lack of commits or keepalives as issues in the diagnostics api.
|
|
10
|
+
- 2378e36: Add automatic support for Supabase JWT Signing Keys.
|
|
11
|
+
- d56eeb9: Delay switching over to new sync rules until we have a consistent checkpoint.
|
|
12
|
+
- d4db4e2: MySQL:
|
|
13
|
+
- Added schema change handling
|
|
14
|
+
- Except for some edge cases, the following schema changes are now handled automatically:
|
|
15
|
+
- Creation, renaming, dropping and truncation of tables.
|
|
16
|
+
- Creation and dropping of unique indexes and primary keys.
|
|
17
|
+
- Adding, modifying, dropping and renaming of table columns.
|
|
18
|
+
- If a schema change cannot handled automatically, a warning with details will be logged.
|
|
19
|
+
- Mismatches in table schema from the Zongji binlog listener are now handled more gracefully.
|
|
20
|
+
- Replication of wildcard tables is now supported.
|
|
21
|
+
- Improved logging for binlog event processing.
|
|
22
|
+
|
|
23
|
+
### Patch Changes
|
|
24
|
+
|
|
25
|
+
- 4a34a51: Support BSON lines through the HTTP endpoint via the `application/vnd.powersync.bson-stream` content-type.
|
|
26
|
+
- 1aafdaf: Make 404 error body consistent with other error responses.
|
|
27
|
+
- Updated dependencies [d4db4e2]
|
|
28
|
+
- @powersync/service-sync-rules@0.28.0
|
|
29
|
+
- @powersync/lib-services-framework@0.7.2
|
|
30
|
+
- @powersync/service-rsocket-router@0.1.3
|
|
31
|
+
|
|
32
|
+
## 1.13.4
|
|
33
|
+
|
|
34
|
+
### Patch Changes
|
|
35
|
+
|
|
36
|
+
- a60f2c7: [MongoDB Storage] Improve error messages for checksum query timeouts
|
|
37
|
+
- 71cf892: Add 'powersync' or 'powersync-storage' as the app name for database connections.
|
|
38
|
+
- ba1ceef: Remove unused dev config.
|
|
39
|
+
- 60bf5f9: [MongoDB Replication] Fix resumeTokens going back in time on busy change streams.
|
|
40
|
+
- f1431b6: Improve diagnostics in logs for JWKS timeouts.
|
|
41
|
+
- Updated dependencies [ba1ceef]
|
|
42
|
+
- @powersync/service-types@0.12.1
|
|
43
|
+
- @powersync/lib-services-framework@0.7.1
|
|
44
|
+
- @powersync/service-rsocket-router@0.1.2
|
|
45
|
+
|
|
3
46
|
## 1.13.3
|
|
4
47
|
|
|
5
48
|
### Patch Changes
|
package/dist/api/diagnostics.js
CHANGED
|
@@ -73,7 +73,7 @@ export async function getSyncRulesStatus(bucketStorage, apiHandler, sync_rules,
|
|
|
73
73
|
const source = {
|
|
74
74
|
connectionTag: tag,
|
|
75
75
|
schema: pattern.schema,
|
|
76
|
-
|
|
76
|
+
name: pattern.tablePattern
|
|
77
77
|
};
|
|
78
78
|
const syncData = rules.tableSyncsData(source);
|
|
79
79
|
const syncParameters = rules.tableSyncsParameters(source);
|
|
@@ -98,6 +98,36 @@ export async function getSyncRulesStatus(bucketStorage, apiHandler, sync_rules,
|
|
|
98
98
|
message: e.message
|
|
99
99
|
};
|
|
100
100
|
}));
|
|
101
|
+
if (live_status && status?.active && sourceConfig.type != 'mysql') {
|
|
102
|
+
// Check replication lag for active sync rules.
|
|
103
|
+
// Right now we exclude mysql, since it we don't have consistent keepalives for it.
|
|
104
|
+
if (sync_rules.last_checkpoint_ts == null && sync_rules.last_keepalive_ts == null) {
|
|
105
|
+
errors.push({
|
|
106
|
+
level: 'warning',
|
|
107
|
+
message: 'No checkpoint found, cannot calculate replication lag'
|
|
108
|
+
});
|
|
109
|
+
}
|
|
110
|
+
else {
|
|
111
|
+
const lastTime = Math.max(sync_rules.last_checkpoint_ts?.getTime() ?? 0, sync_rules.last_keepalive_ts?.getTime() ?? 0);
|
|
112
|
+
const lagSeconds = Math.round((Date.now() - lastTime) / 1000);
|
|
113
|
+
// On idle instances, keepalive messages are only persisted every 60 seconds.
|
|
114
|
+
// So we use 5 minutes as a threshold for warnings, and 15 minutes for critical.
|
|
115
|
+
// The replication lag metric should give a more granular value, but that is not available directly
|
|
116
|
+
// in the API containers used for diagnostics, and this should give a good enough indication.
|
|
117
|
+
if (lagSeconds > 15 * 60) {
|
|
118
|
+
errors.push({
|
|
119
|
+
level: 'fatal',
|
|
120
|
+
message: `No replicated commit in more than ${lagSeconds}s`
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
else if (lagSeconds > 5 * 60) {
|
|
124
|
+
errors.push({
|
|
125
|
+
level: 'warning',
|
|
126
|
+
message: `No replicated commit in more than ${lagSeconds}s`
|
|
127
|
+
});
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
}
|
|
101
131
|
return {
|
|
102
132
|
content: include_content ? sync_rules.sync_rules_content : undefined,
|
|
103
133
|
connections: [
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"diagnostics.js","sourceRoot":"","sources":["../../src/api/diagnostics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAsC,MAAM,+BAA+B,CAAC;AAyBhG,MAAM,CAAC,MAAM,qBAAqB,GAAG,SAAS,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,aAA2C,EAC3C,UAAoB,EACpB,UAAoD,EACpD,OAA2B;IAE3B,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,KAAK,CAAC;IACzD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC;IACjD,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,KAAK,CAAC;IAE3D,IAAI,KAAmB,CAAC;IACxB,IAAI,SAAqC,CAAC;IAC1C,IAAI,CAAC;QACH,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,wBAAwB,EAAE,CAAC,CAAC;QACrE,KAAK,GAAG,SAAS,CAAC,UAAU,CAAC;IAC/B,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO;YACL,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS;YACpE,WAAW,EAAE,EAAE;YACf,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;SACjD,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,eAAe,EAAE,CAAC;IACxD,gFAAgF;IAChF,wFAAwF;IACxF,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,IAAI,WAAW,CAAC;IAC5C,MAAM,aAAa,GAAG,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtF,MAAM,MAAM,GAAG,MAAM,aAAa,EAAE,SAAS,EAAE,CAAC;IAChD,IAAI,qBAAqB,GAAuB,SAAS,CAAC;IAE1D,IAAI,WAAW,GAAgB,EAAE,CAAC;IAElC,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,qBAAqB,GAAG,KAAK,CAAC,eAAe,EAAE,CAAC;QACtD,MAAM,eAAe,GAAG,MAAM,UAAU,CAAC,kBAAkB,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAC1F,WAAW,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YAC7C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC;iBAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,qBAAqB,GAAG,MAAM,UAAU,CAAC,sBAAsB,CAAC;oBAC9D,aAAa,EAAE,aAAa;iBAC7B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,SAAS;gBACT,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,CAAC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,qBAAqB,GAAG,KAAK,CAAC,eAAe,EAAE,CAAC;QAEtD,WAAW,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,OAAO,EAAa,EAAE;YAC7D,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBACvB,OAAO;oBACL,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,IAAI,EAAE,OAAO,CAAC,WAAW;oBACzB,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;oBAE9D,YAAY,EAAE,KAAK;oBACnB,iBAAiB,EAAE,KAAK;oBACxB,cAAc,EAAE,EAAE;oBAClB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;iBAC3D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,MAAM,GAAyB;oBACnC,aAAa,EAAE,GAAG;oBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,
|
|
1
|
+
{"version":3,"file":"diagnostics.js","sourceRoot":"","sources":["../../src/api/diagnostics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAsC,MAAM,+BAA+B,CAAC;AAyBhG,MAAM,CAAC,MAAM,qBAAqB,GAAG,SAAS,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,aAA2C,EAC3C,UAAoB,EACpB,UAAoD,EACpD,OAA2B;IAE3B,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;QACvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,KAAK,CAAC;IACzD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC;IACjD,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,KAAK,CAAC;IAE3D,IAAI,KAAmB,CAAC;IACxB,IAAI,SAAqC,CAAC;IAC1C,IAAI,CAAC;QACH,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,wBAAwB,EAAE,CAAC,CAAC;QACrE,KAAK,GAAG,SAAS,CAAC,UAAU,CAAC;IAC/B,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO;YACL,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS;YACpE,WAAW,EAAE,EAAE;YACf,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;SACjD,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,eAAe,EAAE,CAAC;IACxD,gFAAgF;IAChF,wFAAwF;IACxF,MAAM,GAAG,GAAG,YAAY,CAAC,GAAG,IAAI,WAAW,CAAC;IAC5C,MAAM,aAAa,GAAG,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtF,MAAM,MAAM,GAAG,MAAM,aAAa,EAAE,SAAS,EAAE,CAAC;IAChD,IAAI,qBAAqB,GAAuB,SAAS,CAAC;IAE1D,IAAI,WAAW,GAAgB,EAAE,CAAC;IAElC,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,qBAAqB,GAAG,KAAK,CAAC,eAAe,EAAE,CAAC;QACtD,MAAM,eAAe,GAAG,MAAM,UAAU,CAAC,kBAAkB,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAC1F,WAAW,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YAC7C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC;iBAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC,MAAM,CAAC;YACrB,CAAC;iBAAM,CAAC;gBACN,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC;gBACH,qBAAqB,GAAG,MAAM,UAAU,CAAC,sBAAsB,CAAC;oBAC9D,aAAa,EAAE,aAAa;iBAC7B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,SAAS;gBACT,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,CAAC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,qBAAqB,GAAG,KAAK,CAAC,eAAe,EAAE,CAAC;QAEtD,WAAW,GAAG,qBAAqB,CAAC,GAAG,CAAC,CAAC,OAAO,EAAa,EAAE;YAC7D,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBACvB,OAAO;oBACL,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,IAAI,EAAE,OAAO,CAAC,WAAW;oBACzB,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;oBAE9D,YAAY,EAAE,KAAK;oBACnB,iBAAiB,EAAE,KAAK;oBACxB,cAAc,EAAE,EAAE;oBAClB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;iBAC3D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,MAAM,GAAyB;oBACnC,aAAa,EAAE,GAAG;oBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,IAAI,EAAE,OAAO,CAAC,YAAY;iBAC3B,CAAC;gBACF,MAAM,QAAQ,GAAG,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBAC9C,MAAM,cAAc,GAAG,KAAK,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;gBAC1D,OAAO;oBACL,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,YAAY,EAAE,QAAQ;oBACtB,iBAAiB,EAAE,cAAc;oBACjC,cAAc,EAAE,EAAE;oBAClB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;iBAC3D,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1D,IAAI,UAAU,CAAC,gBAAgB,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,gBAAgB,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,CAAC,IAAI,CACT,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACxB,OAAO;YACL,KAAK,EAAE,CAAC,CAAC,IAAI;YACb,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;IAEF,IAAI,WAAW,IAAI,MAAM,EAAE,MAAM,IAAI,YAAY,CAAC,IAAI,IAAI,OAAO,EAAE,CAAC;QAClE,+CAA+C;QAC/C,mFAAmF;QACnF,IAAI,UAAU,CAAC,kBAAkB,IAAI,IAAI,IAAI,UAAU,CAAC,iBAAiB,IAAI,IAAI,EAAE,CAAC;YAClF,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,SAAS;gBAChB,OAAO,EAAE,uDAAuD;aACjE,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CACvB,UAAU,CAAC,kBAAkB,EAAE,OAAO,EAAE,IAAI,CAAC,EAC7C,UAAU,CAAC,iBAAiB,EAAE,OAAO,EAAE,IAAI,CAAC,CAC7C,CAAC;YACF,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;YAC9D,6EAA6E;YAC7E,gFAAgF;YAChF,mGAAmG;YACnG,6FAA6F;YAC7F,IAAI,UAAU,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC;gBACzB,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,OAAO;oBACd,OAAO,EAAE,qCAAqC,UAAU,GAAG;iBAC5D,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,UAAU,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC/B,MAAM,CAAC,IAAI,CAAC;oBACV,KAAK,EAAE,SAAS;oBAChB,OAAO,EAAE,qCAAqC,UAAU,GAAG;iBAC5D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS;QACpE,WAAW,EAAE;YACX;gBACE,EAAE,EAAE,YAAY,CAAC,EAAE,IAAI,qBAAqB;gBAC5C,GAAG,EAAE,GAAG;gBACR,SAAS,EAAE,UAAU,CAAC,SAAS;gBAC/B,wBAAwB,EAAE,MAAM,EAAE,aAAa,IAAI,KAAK;gBACxD,gBAAgB;gBAChB,QAAQ,EAAE,MAAM,EAAE,cAAc,IAAI,SAAS;gBAC7C,kBAAkB,EAAE,UAAU,CAAC,kBAAkB,EAAE,WAAW,EAAE;gBAChE,iBAAiB,EAAE,UAAU,CAAC,iBAAiB,EAAE,WAAW,EAAE;gBAC9D,qBAAqB,EAAE,qBAAqB;gBAC5C,MAAM,EAAE,WAAW;aACpB;SACF;QACD,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,MAAyD;IAC5E,IAAI,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC7B,IAAI,MAAM,GAAsD,EAAE,CAAC;IACnE,KAAK,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAClC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAClB,SAAS;QACX,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import timers from 'timers/promises';
|
|
2
2
|
import { LeakyBucket } from './LeakyBucket.js';
|
|
3
|
+
import { AuthorizationError, ErrorCode, logger } from '@powersync/lib-services-framework';
|
|
3
4
|
import { mapAuthConfigError } from './utils.js';
|
|
4
5
|
/**
|
|
5
6
|
* Manages caching and refreshing for a key collector.
|
|
@@ -58,8 +59,23 @@ export class CachedKeyCollector {
|
|
|
58
59
|
// e.g. in the case of waiting for error retries.
|
|
59
60
|
// In the case of very slow requests, we don't wait for it to complete, but the
|
|
60
61
|
// request can still complete in the background.
|
|
61
|
-
const
|
|
62
|
-
|
|
62
|
+
const WAIT_TIMEOUT_SECONDS = 3;
|
|
63
|
+
const timeout = timers.setTimeout(WAIT_TIMEOUT_SECONDS * 1000).then(() => {
|
|
64
|
+
throw new AuthorizationError(ErrorCode.PSYNC_S2204, `JWKS request failed`, {
|
|
65
|
+
cause: { message: `Key request timed out in ${WAIT_TIMEOUT_SECONDS}s`, name: 'AbortError' }
|
|
66
|
+
});
|
|
67
|
+
});
|
|
68
|
+
try {
|
|
69
|
+
await Promise.race([this.refreshPromise, timeout]);
|
|
70
|
+
}
|
|
71
|
+
catch (e) {
|
|
72
|
+
if (e instanceof AuthorizationError) {
|
|
73
|
+
return { keys: this.currentKeys, errors: [...this.currentErrors, e] };
|
|
74
|
+
}
|
|
75
|
+
else {
|
|
76
|
+
throw e;
|
|
77
|
+
}
|
|
78
|
+
}
|
|
63
79
|
}
|
|
64
80
|
return { keys: this.currentKeys, errors: this.currentErrors };
|
|
65
81
|
}
|
|
@@ -86,8 +102,16 @@ export class CachedKeyCollector {
|
|
|
86
102
|
this.currentErrors = errors;
|
|
87
103
|
this.keyTimestamp = Date.now();
|
|
88
104
|
this.error = false;
|
|
105
|
+
// Due to caching and background refresh behavior, errors are not always propagated to the request handler,
|
|
106
|
+
// so we log them here.
|
|
107
|
+
for (let error of errors) {
|
|
108
|
+
logger.error(`Soft key refresh error`, error);
|
|
109
|
+
}
|
|
89
110
|
}
|
|
90
111
|
catch (e) {
|
|
112
|
+
// Due to caching and background refresh behavior, errors are not always propagated to the request handler,
|
|
113
|
+
// so we log them here.
|
|
114
|
+
logger.error(`Hard key refresh error`, e);
|
|
91
115
|
this.error = true;
|
|
92
116
|
// No result - keep previous keys
|
|
93
117
|
this.currentErrors = [mapAuthConfigError(e)];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CachedKeyCollector.js","sourceRoot":"","sources":["../../src/auth/CachedKeyCollector.ts"],"names":[],"mappings":"AACA,OAAO,MAAM,MAAM,iBAAiB,CAAC;AAErC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"CachedKeyCollector.js","sourceRoot":"","sources":["../../src/auth/CachedKeyCollector.ts"],"names":[],"mappings":"AACA,OAAO,MAAM,MAAM,iBAAiB,CAAC;AAErC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC1F,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEhD;;;;;;;;;GASG;AAEH,MAAM,OAAO,kBAAkB;IAgCT;IA/BZ,WAAW,GAAc,EAAE,CAAC;IACpC;;OAEG;IACK,YAAY,GAAW,CAAC,CAAC;IAEjC;;OAEG;IACK,yBAAyB,GAAG,MAAM,CAAC;IAE3C;;;;OAIG;IACK,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAE5E;;OAEG;IACK,SAAS,GAAG,OAAO,CAAC;IAEpB,aAAa,GAAyB,EAAE,CAAC;IACjD;;OAEG;IACK,KAAK,GAAG,KAAK,CAAC;IAEd,cAAc,GAA8B,SAAS,CAAC;IAE9D,YAAoB,MAAoB;QAApB,WAAM,GAAN,MAAM,CAAc;IAAG,CAAC;IAE5C,KAAK,CAAC,OAAO;QACX,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,GAAG,GAAG,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC7C,4BAA4B;YAC5B,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;QACxB,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;YACxB,8BAA8B;YAC9B,gCAAgC;YAChC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,CAAC;QAED,IAAI,GAAG,GAAG,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAC7C,iDAAiD;YACjD,0DAA0D;YAC1D,iDAAiD;YACjD,+EAA+E;YAC/E,gDAAgD;YAChD,MAAM,oBAAoB,GAAG,CAAC,CAAC;YAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;gBACvE,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,qBAAqB,EAAE;oBACzE,KAAK,EAAE,EAAE,OAAO,EAAE,4BAA4B,oBAAoB,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE;iBAC5F,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,kBAAkB,EAAE,CAAC;oBACpC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,CAAC;gBACxE,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC;gBACV,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC;IAChE,CAAC;IAEO,OAAO;QACb,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,EAAE,CAAC;YAChC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;gBAChC,OAAO;YACT,CAAC;YACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;gBACrD,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC;YAClC,CAAC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,UAAU;QACd,8CAA8C;QAC9C,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;IACvB,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACrD,yBAAyB;YACzB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;YAC5B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC/B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YAEnB,2GAA2G;YAC3G,uBAAuB;YACvB,KAAK,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;gBACzB,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,2GAA2G;YAC3G,uBAAuB;YACvB,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,iCAAiC;YACjC,IAAI,CAAC,aAAa,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAEO,YAAY;QAClB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,IAAI,CAAC,yBAAyB,EAAE,CAAC;YACvF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAY;QAChC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC;QAC1B,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,WAAW,CAAC,kBAAkB,IAAI,IAAI,CAAC;QAC5C,MAAM,IAAI,CAAC,cAAc,CAAC;IAC5B,CAAC;CACF"}
|
package/dist/auth/KeySpec.d.ts
CHANGED
|
@@ -23,6 +23,7 @@ export declare class KeySpec {
|
|
|
23
23
|
static importKey(key: jose.JWK, options?: KeyOptions): Promise<KeySpec>;
|
|
24
24
|
constructor(source: jose.JWK, key: jose.KeyLike, options?: KeyOptions);
|
|
25
25
|
get kid(): string | undefined;
|
|
26
|
+
get description(): string;
|
|
26
27
|
matchesAlgorithm(jwtAlg: string): boolean;
|
|
27
28
|
isValidSignature(token: string): Promise<boolean>;
|
|
28
29
|
}
|
package/dist/auth/KeySpec.js
CHANGED
|
@@ -20,6 +20,18 @@ export class KeySpec {
|
|
|
20
20
|
get kid() {
|
|
21
21
|
return this.source.kid;
|
|
22
22
|
}
|
|
23
|
+
get description() {
|
|
24
|
+
let details = [];
|
|
25
|
+
details.push(`kid: ${this.kid ?? '*'}`);
|
|
26
|
+
details.push(`kty: ${this.source.kty}`);
|
|
27
|
+
if (this.source.alg != null) {
|
|
28
|
+
details.push(`alg: ${this.source.alg}`);
|
|
29
|
+
}
|
|
30
|
+
if (this.options.requiresAudience != null) {
|
|
31
|
+
details.push(`aud: ${this.options.requiresAudience.join(', ')}`);
|
|
32
|
+
}
|
|
33
|
+
return `<${details.filter((x) => x != null).join(', ')}>`;
|
|
34
|
+
}
|
|
23
35
|
matchesAlgorithm(jwtAlg) {
|
|
24
36
|
if (this.source.alg) {
|
|
25
37
|
return jwtAlg === this.source.alg;
|
package/dist/auth/KeySpec.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"KeySpec.js","sourceRoot":"","sources":["../../src/auth/KeySpec.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC1D,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,CAAC;AACxC,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,GAAG,aAAa,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,GAAG,cAAc,CAAC,CAAC;AAgB/G,MAAM,OAAO,OAAO;IAClB,GAAG,CAAe;IAClB,MAAM,CAAW;IACjB,OAAO,CAAa;IAEpB,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAa,EAAE,OAAoB;QACxD,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAiB,CAAC;QAC3D,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,YAAY,MAAgB,EAAE,GAAiB,EAAE,OAAoB;QACnE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;IAC/B,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;IACzB,CAAC;IAED,gBAAgB,CAAC,MAAc;QAC7B,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACpB,OAAO,MAAM,KAAK,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;QACpC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YACpC,OAAO,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAa;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,CAAC,IAAI,KAAK,uCAAuC,EAAE,CAAC;gBACvD,OAAO,KAAK,CAAC;YACf,CAAC;iBAAM,CAAC;gBACN,iCAAiC;gBACjC,MAAM,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"KeySpec.js","sourceRoot":"","sources":["../../src/auth/KeySpec.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC1D,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACzD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,CAAC;AACxC,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,GAAG,aAAa,EAAE,GAAG,cAAc,EAAE,GAAG,aAAa,EAAE,GAAG,cAAc,CAAC,CAAC;AAgB/G,MAAM,OAAO,OAAO;IAClB,GAAG,CAAe;IAClB,MAAM,CAAW;IACjB,OAAO,CAAa;IAEpB,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAa,EAAE,OAAoB;QACxD,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAiB,CAAC;QAC3D,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,YAAY,MAAgB,EAAE,GAAiB,EAAE,OAAoB;QACnE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;IAC/B,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;IACzB,CAAC;IAED,IAAI,WAAW;QACb,IAAI,OAAO,GAAa,EAAE,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC,CAAC;QACxC,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QACxC,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,IAAI,IAAI,EAAE,CAAC;YAC1C,OAAO,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IAC5D,CAAC;IAED,gBAAgB,CAAC,MAAc;QAC7B,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YACpB,OAAO,MAAM,KAAK,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;QACpC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YACpC,OAAO,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAa;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,CAAC,IAAI,KAAK,uCAAuC,EAAE,CAAC;gBACvD,OAAO,KAAK,CAAC;YACf,CAAC;iBAAM,CAAC;gBACN,iCAAiC;gBACjC,MAAM,CAAC,CAAC;YACV,CAAC;QACH,CAAC;IACH,CAAC;CACF"}
|
package/dist/auth/KeyStore.d.ts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { JwtPayload } from './JwtPayload.js';
|
|
2
2
|
import { KeyCollector } from './KeyCollector.js';
|
|
3
|
+
import { SupabaseAuthDetails } from './utils.js';
|
|
3
4
|
/**
|
|
4
5
|
* KeyStore to get keys and verify tokens.
|
|
5
6
|
*
|
|
@@ -32,6 +33,24 @@ export declare class KeyStore<Collector extends KeyCollector = KeyCollector> {
|
|
|
32
33
|
* @internal
|
|
33
34
|
*/
|
|
34
35
|
collector: Collector;
|
|
36
|
+
/**
|
|
37
|
+
* For debug purposes only.
|
|
38
|
+
*
|
|
39
|
+
* This is very Supabase-specific, but we need the info on this level. For example,
|
|
40
|
+
* we want to detect cases where a Supabase token is used, but Supabase auth is not enabled
|
|
41
|
+
* (no Supabase collector configured).
|
|
42
|
+
*/
|
|
43
|
+
supabaseAuthDebug: {
|
|
44
|
+
/**
|
|
45
|
+
* This can be populated without jwksEnabled, but not the other way around.
|
|
46
|
+
*/
|
|
47
|
+
jwksDetails: SupabaseAuthDetails | null;
|
|
48
|
+
jwksEnabled: boolean;
|
|
49
|
+
/**
|
|
50
|
+
* This can be enabled without jwksDetails populated.
|
|
51
|
+
*/
|
|
52
|
+
sharedSecretEnabled: boolean;
|
|
53
|
+
};
|
|
35
54
|
constructor(collector: Collector);
|
|
36
55
|
verifyJwt(token: string, options: {
|
|
37
56
|
defaultAudiences: string[];
|
package/dist/auth/KeyStore.js
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AuthorizationError, ErrorCode, logger } from '@powersync/lib-services-framework';
|
|
2
2
|
import * as jose from 'jose';
|
|
3
3
|
import secs from '../util/secs.js';
|
|
4
4
|
import { SUPPORTED_ALGORITHMS } from './KeySpec.js';
|
|
5
|
-
import { mapAuthError } from './utils.js';
|
|
5
|
+
import { debugKeyNotFound, mapAuthError } from './utils.js';
|
|
6
6
|
/**
|
|
7
7
|
* KeyStore to get keys and verify tokens.
|
|
8
8
|
*
|
|
@@ -35,6 +35,18 @@ export class KeyStore {
|
|
|
35
35
|
* @internal
|
|
36
36
|
*/
|
|
37
37
|
collector;
|
|
38
|
+
/**
|
|
39
|
+
* For debug purposes only.
|
|
40
|
+
*
|
|
41
|
+
* This is very Supabase-specific, but we need the info on this level. For example,
|
|
42
|
+
* we want to detect cases where a Supabase token is used, but Supabase auth is not enabled
|
|
43
|
+
* (no Supabase collector configured).
|
|
44
|
+
*/
|
|
45
|
+
supabaseAuthDebug = {
|
|
46
|
+
jwksDetails: null,
|
|
47
|
+
jwksEnabled: false,
|
|
48
|
+
sharedSecretEnabled: false
|
|
49
|
+
};
|
|
38
50
|
constructor(collector) {
|
|
39
51
|
this.collector = collector;
|
|
40
52
|
}
|
|
@@ -106,7 +118,7 @@ export class KeyStore {
|
|
|
106
118
|
if (!key.matchesAlgorithm(header.alg)) {
|
|
107
119
|
throw new AuthorizationError(ErrorCode.PSYNC_S2101, `Unexpected token algorithm ${header.alg}`, {
|
|
108
120
|
configurationDetails: `Key kid: ${key.source.kid}, alg: ${key.source.alg}, kty: ${key.source.kty}`
|
|
109
|
-
//
|
|
121
|
+
// tokenDetails automatically populated higher up the stack
|
|
110
122
|
});
|
|
111
123
|
}
|
|
112
124
|
return key;
|
|
@@ -137,9 +149,9 @@ export class KeyStore {
|
|
|
137
149
|
// This is just a last resort error handling.
|
|
138
150
|
logger.error(`Failed to refresh keys`, e);
|
|
139
151
|
});
|
|
152
|
+
const details = debugKeyNotFound(this, keys, token);
|
|
140
153
|
throw new AuthorizationError(ErrorCode.PSYNC_S2101, 'Could not find an appropriate key in the keystore. The key is missing or no key matched the token KID', {
|
|
141
|
-
|
|
142
|
-
// tokenDetails automatically populated later
|
|
154
|
+
...details
|
|
143
155
|
});
|
|
144
156
|
}
|
|
145
157
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"KeyStore.js","sourceRoot":"","sources":["../../src/auth/KeyStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"KeyStore.js","sourceRoot":"","sources":["../../src/auth/KeyStore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC1F,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,IAAI,MAAM,iBAAiB,CAAC;AAGnC,OAAO,EAAuB,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAA0C,MAAM,YAAY,CAAC;AAEpG;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,OAAO,QAAQ;IACnB;;OAEG;IACH,SAAS,CAAY;IAErB;;;;;;OAMG;IACH,iBAAiB,GAUb;QACF,WAAW,EAAE,IAAI;QACjB,WAAW,EAAE,KAAK;QAClB,mBAAmB,EAAE,KAAK;KAC3B,CAAC;IAEF,YAAY,SAAoB;QAC9B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAa,EAAE,OAAuD;QACpF,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE;YAC9D,oFAAoF;YACpF,sCAAsC;YACtC,cAAc,EAAE,EAAE;YAClB,0EAA0E;YAC1E,UAAU,EAAE,oBAAoB;YAChC,oFAAoF;YACpF,cAAc,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;SACtC,CAAC,CAAC;QAEH,IAAI,SAAS,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACzC,IAAI,UAAU,CAAC,gBAAgB,EAAE,CAAC;YAChC,kCAAkC;YAClC,SAAS,GAAG,UAAU,CAAC,gBAAgB,CAAC;QAC1C,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC;QAEpC,IAAI,GAAG,GAAG,YAAY,CAAC,GAAG,CAAC;QAC3B,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;YAChB,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,+CAA+C,EAAE;gBACnG,oBAAoB,EAAE,uDAAuD,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;aACzG,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,CAAC;QACD,IACE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;YACd,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC,CAAC,EACF,CAAC;YACD,MAAM,IAAI,kBAAkB,CAC1B,SAAS,CAAC,WAAW,EACrB,iCAAiC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,EACnE,EAAE,oBAAoB,EAAE,uDAAuD,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,EAAE,CAC7G,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,GAAI,GAAG,YAAY,CAAC,GAAI,CAAC;QAE5D,wFAAwF;QACxF,8BAA8B;QAC9B,MAAM,MAAM,GAAG,UAAU,CAAC,kBAAkB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,IAAI,aAAa,GAAG,MAAM,EAAE,CAAC;YAC3B,MAAM,IAAI,kBAAkB,CAC1B,SAAS,CAAC,WAAW,EACrB,qCAAqC,MAAM,iBAAiB,aAAa,GAAG,CAC7E,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC;QAC3C,IAAI,UAAU,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,OAAO,UAAU,IAAI,QAAQ,CAAC,EAAE,CAAC;YACvF,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,sCAAsC,CAAC,CAAC;QAC9F,CAAC;QAED,OAAO,YAA0B,CAAC;IACpC,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,KAAa,EAAE,OAA8B;QACxE,IAAI,UAAU,GAA2B,SAAS,CAAC;QACnD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CACjC,KAAK,EACL,KAAK,EAAE,MAAM,EAAE,EAAE;gBACf,IAAI,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBACjD,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC;gBACzB,OAAO,GAAG,CAAC,GAAG,CAAC;YACjB,CAAC,EACD,OAAO,CACR,CAAC;YACF,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,UAAW,EAAE,CAAC;QAC7C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,YAAY,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,KAAa,EAAE,MAAgC;QACxE,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QACvB,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QACxD,IAAI,GAAG,EAAE,CAAC;YACR,sDAAsD;YACtD,wCAAwC;YACxC,KAAK,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;oBACnB,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;wBACtC,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,8BAA8B,MAAM,CAAC,GAAG,EAAE,EAAE;4BAC9F,oBAAoB,EAAE,YAAY,GAAG,CAAC,MAAM,CAAC,GAAG,UAAU,GAAG,CAAC,MAAM,CAAC,GAAG,UAAU,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;4BAClG,2DAA2D;yBAC5D,CAAC,CAAC;oBACL,CAAC;oBACD,OAAO,GAAG,CAAC;gBACb,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;YACrB,iCAAiC;YACjC,IAAI,GAAG,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;gBACpB,qBAAqB;gBACrB,SAAS;YACX,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtC,SAAS;YACX,CAAC;YAED,IAAI,MAAM,GAAG,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtC,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,MAAM,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,eAAe;YACf,oEAAoE;YACpE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBACxC,yDAAyD;gBACzD,6CAA6C;gBAC7C,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,CAAC,CAAC,CAAC;YAC5C,CAAC,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;YAEpD,MAAM,IAAI,kBAAkB,CAC1B,SAAS,CAAC,WAAW,EACrB,uGAAuG,EACvG;gBACE,GAAG,OAAO;aACX,CACF,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
|
|
@@ -2,8 +2,10 @@ import * as http from 'http';
|
|
|
2
2
|
import * as https from 'https';
|
|
3
3
|
import { LookupOptions } from '@powersync/lib-services-framework';
|
|
4
4
|
import { KeyCollector, KeyResult } from './KeyCollector.js';
|
|
5
|
+
import { KeyOptions } from './KeySpec.js';
|
|
5
6
|
export type RemoteJWKSCollectorOptions = {
|
|
6
7
|
lookupOptions?: LookupOptions;
|
|
8
|
+
keyOptions?: KeyOptions;
|
|
7
9
|
};
|
|
8
10
|
/**
|
|
9
11
|
* Set of keys fetched from JWKS URI.
|
|
@@ -12,6 +14,7 @@ export declare class RemoteJWKSCollector implements KeyCollector {
|
|
|
12
14
|
protected options?: RemoteJWKSCollectorOptions | undefined;
|
|
13
15
|
private url;
|
|
14
16
|
private agent;
|
|
17
|
+
private keyOptions;
|
|
15
18
|
constructor(url: string, options?: RemoteJWKSCollectorOptions | undefined);
|
|
16
19
|
private getJwksData;
|
|
17
20
|
getKeys(): Promise<KeyResult>;
|
|
@@ -10,6 +10,7 @@ export class RemoteJWKSCollector {
|
|
|
10
10
|
options;
|
|
11
11
|
url;
|
|
12
12
|
agent;
|
|
13
|
+
keyOptions;
|
|
13
14
|
constructor(url, options) {
|
|
14
15
|
this.options = options;
|
|
15
16
|
try {
|
|
@@ -18,6 +19,7 @@ export class RemoteJWKSCollector {
|
|
|
18
19
|
catch (e) {
|
|
19
20
|
throw new ServiceError(ErrorCode.PSYNC_S3102, `Invalid jwks_uri: ${JSON.stringify(url)} Details: ${e.message}`);
|
|
20
21
|
}
|
|
22
|
+
this.keyOptions = options?.keyOptions ?? {};
|
|
21
23
|
// We do support http here for self-hosting use cases.
|
|
22
24
|
// Management service restricts this to https for hosted versions.
|
|
23
25
|
if (this.url.protocol != 'https:' && this.url.protocol != 'http:') {
|
|
@@ -27,9 +29,10 @@ export class RemoteJWKSCollector {
|
|
|
27
29
|
}
|
|
28
30
|
async getJwksData() {
|
|
29
31
|
const abortController = new AbortController();
|
|
32
|
+
const REQUEST_TIMEOUT_SECONDS = 30;
|
|
30
33
|
const timeout = setTimeout(() => {
|
|
31
34
|
abortController.abort();
|
|
32
|
-
},
|
|
35
|
+
}, REQUEST_TIMEOUT_SECONDS * 1000);
|
|
33
36
|
try {
|
|
34
37
|
const res = await fetch(this.url, {
|
|
35
38
|
method: 'GET',
|
|
@@ -47,11 +50,14 @@ export class RemoteJWKSCollector {
|
|
|
47
50
|
return (await res.json());
|
|
48
51
|
}
|
|
49
52
|
catch (e) {
|
|
53
|
+
if (e instanceof Error && e.name === 'AbortError') {
|
|
54
|
+
e = { message: `Request timed out in ${REQUEST_TIMEOUT_SECONDS}s`, name: 'AbortError' };
|
|
55
|
+
}
|
|
50
56
|
throw new AuthorizationError(ErrorCode.PSYNC_S2204, `JWKS request failed`, {
|
|
51
57
|
configurationDetails: `JWKS URL: ${this.url}`,
|
|
52
58
|
// This covers most cases of FetchError
|
|
53
59
|
// `cause: e` could lose the error message
|
|
54
|
-
cause: { message: e.message, code: e.code }
|
|
60
|
+
cause: { message: e.message, code: e.code, name: e.name }
|
|
55
61
|
});
|
|
56
62
|
}
|
|
57
63
|
finally {
|
|
@@ -89,7 +95,7 @@ export class RemoteJWKSCollector {
|
|
|
89
95
|
continue;
|
|
90
96
|
}
|
|
91
97
|
}
|
|
92
|
-
const key = await KeySpec.importKey(keyData);
|
|
98
|
+
const key = await KeySpec.importKey(keyData, this.keyOptions);
|
|
93
99
|
keys.push(key);
|
|
94
100
|
}
|
|
95
101
|
return { keys: keys, errors: [] };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RemoteJWKSCollector.js","sourceRoot":"","sources":["../../src/auth/RemoteJWKSCollector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,MAAM,YAAY,CAAC;AAE/B,OAAO,EACL,kBAAkB,EAClB,SAAS,EAET,0BAA0B,EAC1B,qBAAqB,EACrB,YAAY,EACb,MAAM,mCAAmC,CAAC;AAE3C,OAAO,
|
|
1
|
+
{"version":3,"file":"RemoteJWKSCollector.js","sourceRoot":"","sources":["../../src/auth/RemoteJWKSCollector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,MAAM,YAAY,CAAC;AAE/B,OAAO,EACL,kBAAkB,EAClB,SAAS,EAET,0BAA0B,EAC1B,qBAAqB,EACrB,YAAY,EACb,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EAAc,OAAO,EAAE,MAAM,cAAc,CAAC;AAOnD;;GAEG;AACH,MAAM,OAAO,mBAAmB;IAOlB;IANJ,GAAG,CAAM;IACT,KAAK,CAAa;IAClB,UAAU,CAAa;IAE/B,YACE,GAAW,EACD,OAAoC;QAApC,YAAO,GAAP,OAAO,CAA6B;QAE9C,IAAI,CAAC;YACH,IAAI,CAAC,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,CAAM,EAAE,CAAC;YAChB,MAAM,IAAI,YAAY,CAAC,SAAS,CAAC,WAAW,EAAE,qBAAqB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAClH,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,EAAE,CAAC;QAE5C,sDAAsD;QACtD,kEAAkE;QAClE,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,EAAE,CAAC;YAClE,MAAM,IAAI,YAAY,CACpB,SAAS,CAAC,WAAW,EACrB,gDAAgD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CACtE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,uBAAuB,GAAG,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,eAAe,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC,EAAE,uBAAuB,GAAG,IAAI,CAAC,CAAC;QAEnC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;iBAC3B;gBACD,MAAM,EAAE,eAAe,CAAC,MAAM;gBAC9B,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,4BAA4B,GAAG,CAAC,UAAU,EAAE,EAAE;oBAChG,oBAAoB,EAAE,aAAa,IAAI,CAAC,GAAG,EAAE;iBAC9C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAQ,CAAC;QACnC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAClD,CAAC,GAAG,EAAE,OAAO,EAAE,wBAAwB,uBAAuB,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;YAC1F,CAAC;YACD,MAAM,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,qBAAqB,EAAE;gBACzE,oBAAoB,EAAE,aAAa,IAAI,CAAC,GAAG,EAAE;gBAC7C,uCAAuC;gBACvC,0CAA0C;gBAC1C,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;aAC1D,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAEtC,oGAAoG;QACpG,IACE,IAAI,CAAC,IAAI,IAAI,IAAI;YACjB,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YACzB,CAAE,IAAI,CAAC,IAAc,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,GAAG,IAAI,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EACnF,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,EAAE;gBACR,MAAM,EAAE;oBACN,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,uBAAuB,EAAE;wBACrE,oBAAoB,EAAE,aAAa,IAAI,CAAC,GAAG,gBAAgB,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;qBAC3F,CAAC;iBACH;aACF,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,GAAc,EAAE,CAAC;QACzB,KAAK,IAAI,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YAC9B,IAAI,OAAO,CAAC,GAAG,IAAI,KAAK,IAAI,OAAO,CAAC,GAAG,IAAI,KAAK,IAAI,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;gBACxE,uDAAuD;gBACvD,SAAS;YACX,CAAC;YAED,IAAI,OAAO,OAAO,CAAC,GAAG,IAAI,QAAQ,EAAE,CAAC;gBACnC,IAAI,OAAO,CAAC,GAAG,IAAI,KAAK,EAAE,CAAC;oBACzB,SAAS;gBACX,CAAC;YACH,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACxC,SAAS;gBACX,CAAC;YACH,CAAC;YAED,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;YAC9D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACpC,CAAC;IAED;;;;;OAKG;IACH,YAAY;QACV,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,aAAa,IAAI,EAAE,gBAAgB,EAAE,EAAE,EAAE,CAAC;QAC9E,MAAM,MAAM,GAAG,0BAA0B,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAE5E,MAAM,OAAO,GAAsB;YACjC,MAAM;SACP,CAAC;QAEF,QAAQ,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC1B,KAAK,OAAO;gBACV,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACjC,KAAK,QAAQ;gBACX,OAAO,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;QACD,4DAA4D;QAC5D,MAAM,IAAI,qBAAqB,CAAC,gDAAgD,CAAC,CAAC;IACpF,CAAC;CACF"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import * as jose from 'jose';
|
|
2
|
-
import { KeySpec } from './KeySpec.js';
|
|
2
|
+
import { KeySpec, KeyOptions } from './KeySpec.js';
|
|
3
3
|
import { KeyCollector, KeyResult } from './KeyCollector.js';
|
|
4
|
+
export declare const SUPABASE_KEY_OPTIONS: KeyOptions;
|
|
4
5
|
/**
|
|
5
6
|
* Set of static keys for Supabase.
|
|
6
7
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"StaticSupabaseKeyCollector.js","sourceRoot":"","sources":["../../src/auth/StaticSupabaseKeyCollector.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAc,MAAM,cAAc,CAAC;AAGnD,MAAM,oBAAoB,GAAe;
|
|
1
|
+
{"version":3,"file":"StaticSupabaseKeyCollector.js","sourceRoot":"","sources":["../../src/auth/StaticSupabaseKeyCollector.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAc,MAAM,cAAc,CAAC;AAGnD,MAAM,CAAC,MAAM,oBAAoB,GAAe;IAC9C,gBAAgB,EAAE,CAAC,eAAe,CAAC;IACnC,kBAAkB,EAAE,KAAK,GAAG,CAAC,GAAG,IAAI,CAAC,6BAA6B;CACnE,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,OAAO,0BAA0B;IAMjB;IALpB,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,IAAgB;QACtC,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC,CAAC,CAAC;QACtG,OAAO,IAAI,0BAA0B,CAAC,UAAU,CAAC,CAAC;IACpD,CAAC;IAED,YAAoB,IAAe;QAAf,SAAI,GAAJ,IAAI,CAAW;IAAG,CAAC;IAEvC,KAAK,CAAC,OAAO;QACX,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACzC,CAAC;CACF"}
|
package/dist/auth/utils.d.ts
CHANGED
|
@@ -1,6 +1,25 @@
|
|
|
1
1
|
import { AuthorizationError } from '@powersync/lib-services-framework';
|
|
2
2
|
import * as jose from 'jose';
|
|
3
|
+
import { KeySpec } from './KeySpec.js';
|
|
4
|
+
import { KeyStore } from './KeyStore.js';
|
|
3
5
|
export declare function mapJoseError(error: jose.errors.JOSEError, token: string): AuthorizationError;
|
|
4
6
|
export declare function mapAuthError(error: any, token: string): AuthorizationError;
|
|
5
7
|
export declare function mapJoseConfigError(error: jose.errors.JOSEError): AuthorizationError;
|
|
6
8
|
export declare function mapAuthConfigError(error: any): AuthorizationError;
|
|
9
|
+
/**
|
|
10
|
+
* Decode token for debugging purposes.
|
|
11
|
+
*
|
|
12
|
+
* We use this to add details to our logs. We don't log the entire token, since it may for example
|
|
13
|
+
* a password incorrectly used as a token.
|
|
14
|
+
*/
|
|
15
|
+
export declare function tokenDebugDetails(token: string): string;
|
|
16
|
+
export interface SupabaseAuthDetails {
|
|
17
|
+
projectId: string;
|
|
18
|
+
url: string;
|
|
19
|
+
hostname: string;
|
|
20
|
+
}
|
|
21
|
+
export declare function getSupabaseJwksUrl(connection: any): SupabaseAuthDetails | null;
|
|
22
|
+
export declare function debugKeyNotFound(keyStore: KeyStore, keys: KeySpec[], token: string): {
|
|
23
|
+
configurationDetails: string;
|
|
24
|
+
tokenDetails: string;
|
|
25
|
+
};
|
package/dist/auth/utils.js
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import { AuthorizationError, ErrorCode } from '@powersync/lib-services-framework';
|
|
2
2
|
import * as jose from 'jose';
|
|
3
|
+
import * as urijs from 'uri-js';
|
|
4
|
+
import * as uuid from 'uuid';
|
|
3
5
|
export function mapJoseError(error, token) {
|
|
4
6
|
const tokenDetails = tokenDebugDetails(token);
|
|
5
7
|
if (error.code === jose.errors.JWSInvalid.code || error.code === jose.errors.JWTInvalid.code) {
|
|
@@ -56,16 +58,27 @@ export function mapAuthConfigError(error) {
|
|
|
56
58
|
* We use this to add details to our logs. We don't log the entire token, since it may for example
|
|
57
59
|
* a password incorrectly used as a token.
|
|
58
60
|
*/
|
|
59
|
-
function tokenDebugDetails(token) {
|
|
61
|
+
export function tokenDebugDetails(token) {
|
|
62
|
+
return parseTokenDebug(token).description;
|
|
63
|
+
}
|
|
64
|
+
function parseTokenDebug(token) {
|
|
60
65
|
try {
|
|
61
66
|
// For valid tokens, we return the header and payload
|
|
62
67
|
const header = jose.decodeProtectedHeader(token);
|
|
63
68
|
const payload = jose.decodeJwt(token);
|
|
64
|
-
|
|
69
|
+
const isSupabase = typeof payload.iss == 'string' && payload.iss.includes('supabase.co');
|
|
70
|
+
const isSharedSecret = isSupabase && header.alg === 'HS256';
|
|
71
|
+
return {
|
|
72
|
+
header,
|
|
73
|
+
payload,
|
|
74
|
+
isSupabase,
|
|
75
|
+
isSharedSecret: isSharedSecret,
|
|
76
|
+
description: `<header: ${JSON.stringify(header)} payload: ${JSON.stringify(payload)}>`
|
|
77
|
+
};
|
|
65
78
|
}
|
|
66
79
|
catch (e) {
|
|
67
80
|
// Token fails to parse. Return some details.
|
|
68
|
-
return invalidTokenDetails(token);
|
|
81
|
+
return { description: invalidTokenDetails(token) };
|
|
69
82
|
}
|
|
70
83
|
}
|
|
71
84
|
function invalidTokenDetails(token) {
|
|
@@ -94,4 +107,94 @@ function invalidTokenDetails(token) {
|
|
|
94
107
|
}
|
|
95
108
|
return `<invalid JWT, length=${token.length}>`;
|
|
96
109
|
}
|
|
110
|
+
export function getSupabaseJwksUrl(connection) {
|
|
111
|
+
if (connection == null) {
|
|
112
|
+
return null;
|
|
113
|
+
}
|
|
114
|
+
else if (connection.type != 'postgresql') {
|
|
115
|
+
return null;
|
|
116
|
+
}
|
|
117
|
+
let hostname = connection.hostname;
|
|
118
|
+
if (hostname == null && typeof connection.uri == 'string') {
|
|
119
|
+
hostname = urijs.parse(connection.uri).host;
|
|
120
|
+
}
|
|
121
|
+
if (hostname == null) {
|
|
122
|
+
return null;
|
|
123
|
+
}
|
|
124
|
+
const match = /db.(\w+).supabase.co/.exec(hostname);
|
|
125
|
+
if (match == null) {
|
|
126
|
+
return null;
|
|
127
|
+
}
|
|
128
|
+
const projectId = match[1];
|
|
129
|
+
return { projectId, hostname, url: `https://${projectId}.supabase.co/auth/v1/.well-known/jwks.json` };
|
|
130
|
+
}
|
|
131
|
+
export function debugKeyNotFound(keyStore, keys, token) {
|
|
132
|
+
const knownKeys = keys.map((key) => key.description).join(', ');
|
|
133
|
+
const td = parseTokenDebug(token);
|
|
134
|
+
const tokenDetails = td.description;
|
|
135
|
+
const configuredSupabase = keyStore.supabaseAuthDebug;
|
|
136
|
+
// Cases to check:
|
|
137
|
+
// 1. Is Supabase token, but supabase auth not enabled.
|
|
138
|
+
// 2. Is Supabase HS256 token, but no secret configured.
|
|
139
|
+
// 3. Is Supabase singing key token, but no Supabase signing keys configured.
|
|
140
|
+
// 4. Supabase project id mismatch.
|
|
141
|
+
if (td.isSharedSecret) {
|
|
142
|
+
// Supabase HS256 token
|
|
143
|
+
// UUID: HS256 (Shared Secret)
|
|
144
|
+
// Other: Legacy HS256 (Shared Secret)
|
|
145
|
+
// Not a big difference between the two other than terminology used on Supabase.
|
|
146
|
+
const isLegacy = uuid.validate(td.header.kid) ? false : true;
|
|
147
|
+
const addMessage = configuredSupabase.jwksEnabled && !isLegacy
|
|
148
|
+
? ' Use asymmetric keys on Supabase (RSA or ECC) to allow automatic key retrieval.'
|
|
149
|
+
: '';
|
|
150
|
+
if (!configuredSupabase.sharedSecretEnabled) {
|
|
151
|
+
return {
|
|
152
|
+
configurationDetails: `Token is a Supabase ${isLegacy ? 'Legacy ' : ''}HS256 (Shared Secret) token, but Supabase JWT secret is not configured.${addMessage}`,
|
|
153
|
+
tokenDetails
|
|
154
|
+
};
|
|
155
|
+
}
|
|
156
|
+
else {
|
|
157
|
+
return {
|
|
158
|
+
// This is an educated guess
|
|
159
|
+
configurationDetails: `Token is a Supabase ${isLegacy ? 'Legacy ' : ''}HS256 (Shared Secret) token, but configured Supabase JWT secret does not match.${addMessage}`,
|
|
160
|
+
tokenDetails
|
|
161
|
+
};
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
else if (td.isSupabase) {
|
|
165
|
+
// Supabase JWT Signing Keys
|
|
166
|
+
if (!configuredSupabase.jwksEnabled) {
|
|
167
|
+
if (configuredSupabase.jwksDetails != null) {
|
|
168
|
+
return {
|
|
169
|
+
configurationDetails: `Token uses Supabase JWT Signing Keys, but Supabase Auth is not enabled`,
|
|
170
|
+
tokenDetails
|
|
171
|
+
};
|
|
172
|
+
}
|
|
173
|
+
else {
|
|
174
|
+
return {
|
|
175
|
+
configurationDetails: `Token uses Supabase JWT Signing Keys, but no Supabase connection is configured`,
|
|
176
|
+
tokenDetails
|
|
177
|
+
};
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
else if (configuredSupabase.jwksDetails != null) {
|
|
181
|
+
const configuredProjectId = configuredSupabase.jwksDetails.projectId;
|
|
182
|
+
const issuer = td.payload.iss; // Is a string since since isSupabase is true
|
|
183
|
+
if (!issuer.includes(configuredProjectId)) {
|
|
184
|
+
return {
|
|
185
|
+
configurationDetails: `Supabase project id mismatch. Expected project: ${configuredProjectId}, got issuer: ${issuer}`,
|
|
186
|
+
tokenDetails
|
|
187
|
+
};
|
|
188
|
+
}
|
|
189
|
+
else {
|
|
190
|
+
// Project id matches, but no matching keys found
|
|
191
|
+
return {
|
|
192
|
+
configurationDetails: `Supabase signing keys configured, but no matching keys found. Known keys: ${knownKeys}`,
|
|
193
|
+
tokenDetails
|
|
194
|
+
};
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
return { configurationDetails: `Known keys: ${knownKeys}`, tokenDetails: tokenDebugDetails(token) };
|
|
199
|
+
}
|
|
97
200
|
//# sourceMappingURL=utils.js.map
|
package/dist/auth/utils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/auth/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,mCAAmC,CAAC;AAClF,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/auth/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,mCAAmC,CAAC;AAClF,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,KAAK,MAAM,QAAQ,CAAC;AAChC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAI7B,MAAM,UAAU,YAAY,CAAC,KAA4B,EAAE,KAAa;IACtE,MAAM,YAAY,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QAC7F,OAAO,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,yDAAyD,EAAE;YAC9G,YAAY;YACZ,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC,IAAI,EAAE,CAAC;QACpE,6CAA6C;QAC7C,MAAM,KAAK,GAAI,KAA8C,CAAC,KAAK,CAAC;QACpE,OAAO,IAAI,kBAAkB,CAC3B,SAAS,CAAC,WAAW,EACrB,2CAA2C,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,EAClE;YACE,KAAK,EAAE,KAAK;YACZ,YAAY;SACb,CACF,CAAC;IACJ,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrD,mDAAmD;QACnD,OAAO,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,iBAAiB,EAAE;YACtE,KAAK,EAAE,KAAK;YACZ,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IACD,OAAO,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;AACxF,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAU,EAAE,KAAa;IACpD,IAAI,KAAK,YAAY,kBAAkB,EAAE,CAAC;QACxC,KAAK,CAAC,YAAY,KAAK,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;SAAM,IAAI,KAAK,YAAY,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAClD,OAAO,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE;QAClE,KAAK,EAAE,KAAK;QACZ,YAAY,EAAE,iBAAiB,CAAC,KAAK,CAAC;KACvC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAA4B;IAC7D,OAAO,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,IAAI,qBAAqB,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;AACjH,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAU;IAC3C,IAAI,KAAK,YAAY,kBAAkB,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;SAAM,IAAI,KAAK,YAAY,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAClD,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,IAAI,kBAAkB,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,IAAI,0BAA0B,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;AACtH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC;AAC5C,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,IAAI,CAAC;QACH,qDAAqD;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,UAAU,GAAG,OAAO,OAAO,CAAC,GAAG,IAAI,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACzF,MAAM,cAAc,GAAG,UAAU,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO,CAAC;QAE5D,OAAO;YACL,MAAM;YACN,OAAO;YACP,UAAU;YACV,cAAc,EAAE,cAAc;YAC9B,WAAW,EAAE,YAAY,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG;SACvF,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,6CAA6C;QAC7C,OAAO,EAAE,WAAW,EAAE,mBAAmB,CAAC,KAAK,CAAC,EAAE,CAAC;IACrD,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa;IACxC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,eAAe,KAAK,CAAC,MAAM,4BAA4B,KAAK,CAAC,MAAM,GAAG,CAAC;IAChF,CAAC;IAED,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAK,CAAC;IAEpD,IAAI,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACnE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,gCAAgC,CAAC;IAC1C,CAAC;IAED,IAAI,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACpE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,iCAAiC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,mCAAmC,CAAC;IAC7C,CAAC;IAED,OAAO,wBAAwB,KAAK,CAAC,MAAM,GAAG,CAAC;AACjD,CAAC;AAQD,MAAM,UAAU,kBAAkB,CAAC,UAAe;IAChD,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;SAAM,IAAI,UAAU,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,QAAQ,GAAuB,UAAU,CAAC,QAAQ,CAAC;IACvD,IAAI,QAAQ,IAAI,IAAI,IAAI,OAAO,UAAU,CAAC,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC1D,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpD,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAE3B,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,EAAE,WAAW,SAAS,4CAA4C,EAAE,CAAC;AACxG,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAAkB,EAClB,IAAe,EACf,KAAa;IAEb,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChE,MAAM,EAAE,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAClC,MAAM,YAAY,GAAG,EAAE,CAAC,WAAW,CAAC;IACpC,MAAM,kBAAkB,GAAG,QAAQ,CAAC,iBAAiB,CAAC;IAEtD,kBAAkB;IAClB,uDAAuD;IACvD,wDAAwD;IACxD,6EAA6E;IAC7E,mCAAmC;IAEnC,IAAI,EAAE,CAAC,cAAc,EAAE,CAAC;QACtB,uBAAuB;QACvB,8BAA8B;QAC9B,sCAAsC;QACtC,gFAAgF;QAChF,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7D,MAAM,UAAU,GACd,kBAAkB,CAAC,WAAW,IAAI,CAAC,QAAQ;YACzC,CAAC,CAAC,iFAAiF;YACnF,CAAC,CAAC,EAAE,CAAC;QACT,IAAI,CAAC,kBAAkB,CAAC,mBAAmB,EAAE,CAAC;YAC5C,OAAO;gBACL,oBAAoB,EAAE,uBAAuB,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,0EAA0E,UAAU,EAAE;gBAC5J,YAAY;aACb,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,4BAA4B;gBAC5B,oBAAoB,EAAE,uBAAuB,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,kFAAkF,UAAU,EAAE;gBACpK,YAAY;aACb,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,IAAI,EAAE,CAAC,UAAU,EAAE,CAAC;QACzB,4BAA4B;QAC5B,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,CAAC;YACpC,IAAI,kBAAkB,CAAC,WAAW,IAAI,IAAI,EAAE,CAAC;gBAC3C,OAAO;oBACL,oBAAoB,EAAE,wEAAwE;oBAC9F,YAAY;iBACb,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,oBAAoB,EAAE,gFAAgF;oBACtG,YAAY;iBACb,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,kBAAkB,CAAC,WAAW,IAAI,IAAI,EAAE,CAAC;YAClD,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,WAAW,CAAC,SAAS,CAAC;YACrE,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC,GAAa,CAAC,CAAC,6CAA6C;YACtF,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBAC1C,OAAO;oBACL,oBAAoB,EAAE,mDAAmD,mBAAmB,iBAAiB,MAAM,EAAE;oBACrH,YAAY;iBACb,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,iDAAiD;gBACjD,OAAO;oBACL,oBAAoB,EAAE,6EAA6E,SAAS,EAAE;oBAC9G,YAAY;iBACb,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,oBAAoB,EAAE,eAAe,SAAS,EAAE,EAAE,YAAY,EAAE,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;AACtG,CAAC"}
|