@pristine-ts/security 2.0.4 → 2.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/cjs/errors/authenticator-decorator.error.js +9 -13
- package/dist/lib/cjs/errors/authenticator-decorator.error.js.map +1 -1
- package/dist/lib/cjs/errors/authenticator-instantiation.error.js +5 -9
- package/dist/lib/cjs/errors/authenticator-instantiation.error.js.map +1 -1
- package/dist/lib/cjs/errors/guard-decorator.error.js +9 -13
- package/dist/lib/cjs/errors/guard-decorator.error.js.map +1 -1
- package/dist/lib/cjs/errors/guard-instantiation.error.js +5 -9
- package/dist/lib/cjs/errors/guard-instantiation.error.js.map +1 -1
- package/dist/lib/cjs/managers/authentication.manager.js +34 -4
- package/dist/lib/cjs/managers/authentication.manager.js.map +1 -1
- package/dist/lib/cjs/managers/authorizer.manager.js +24 -7
- package/dist/lib/cjs/managers/authorizer.manager.js.map +1 -1
- package/dist/lib/cjs/managers/permission.manager.js +31 -9
- package/dist/lib/cjs/managers/permission.manager.js.map +1 -1
- package/dist/lib/cjs/tsconfig.cjs.tsbuildinfo +1 -1
- package/dist/lib/esm/errors/authenticator-decorator.error.js +10 -14
- package/dist/lib/esm/errors/authenticator-decorator.error.js.map +1 -1
- package/dist/lib/esm/errors/authenticator-instantiation.error.js +6 -10
- package/dist/lib/esm/errors/authenticator-instantiation.error.js.map +1 -1
- package/dist/lib/esm/errors/guard-decorator.error.js +10 -14
- package/dist/lib/esm/errors/guard-decorator.error.js.map +1 -1
- package/dist/lib/esm/errors/guard-instantiation.error.js +6 -10
- package/dist/lib/esm/errors/guard-instantiation.error.js.map +1 -1
- package/dist/lib/esm/managers/authentication.manager.js +34 -4
- package/dist/lib/esm/managers/authentication.manager.js.map +1 -1
- package/dist/lib/esm/managers/authorizer.manager.js +24 -7
- package/dist/lib/esm/managers/authorizer.manager.js.map +1 -1
- package/dist/lib/esm/managers/permission.manager.js +32 -10
- package/dist/lib/esm/managers/permission.manager.js.map +1 -1
- package/dist/lib/esm/tsconfig.tsbuildinfo +1 -1
- package/dist/types/errors/authenticator-decorator.error.d.ts +2 -2
- package/dist/types/errors/authenticator-instantiation.error.d.ts +2 -2
- package/dist/types/errors/guard-decorator.error.d.ts +2 -2
- package/dist/types/errors/guard-instantiation.error.d.ts +2 -2
- package/dist/types/managers/authentication.manager.d.ts +7 -2
- package/dist/types/managers/authorizer.manager.d.ts +7 -3
- package/dist/types/managers/permission.manager.d.ts +8 -3
- package/package.json +4 -4
|
@@ -5,20 +5,16 @@ const common_1 = require("@pristine-ts/common");
|
|
|
5
5
|
/**
|
|
6
6
|
* This Error is thrown when there's an error with the authenticator decorator.
|
|
7
7
|
*/
|
|
8
|
-
class AuthenticatorDecoratorError extends common_1.
|
|
8
|
+
class AuthenticatorDecoratorError extends common_1.PristineError {
|
|
9
9
|
constructor(message, authenticator, options, target, propertyKey, descriptor) {
|
|
10
|
-
super(message, {
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
// Set the prototype explicitly.
|
|
19
|
-
// As specified in the documentation in TypeScript
|
|
20
|
-
// https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes#extending-built-ins-like-error-array-and-map-may-no-longer-work
|
|
21
|
-
Object.setPrototypeOf(this, AuthenticatorDecoratorError.prototype);
|
|
10
|
+
super(message, { details: {
|
|
11
|
+
message,
|
|
12
|
+
authenticator,
|
|
13
|
+
options,
|
|
14
|
+
target,
|
|
15
|
+
propertyKey,
|
|
16
|
+
descriptor,
|
|
17
|
+
} });
|
|
22
18
|
}
|
|
23
19
|
}
|
|
24
20
|
exports.AuthenticatorDecoratorError = AuthenticatorDecoratorError;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticator-decorator.error.js","sourceRoot":"","sources":["../../../../src/errors/authenticator-decorator.error.ts"],"names":[],"mappings":";;;AAAA,gDAAkD;AAGlD;;GAEG;AACH,MAAa,2BAA4B,SAAQ,sBAAa;IAE5D,YAAmB,OAAe,EAAE,aAAgD,EAAE,OAAY,EAAE,MAAW,EAC5F,WAAoB,EACpB,UAA+B;QAChD,KAAK,CAAC,OAAO,EAAE;
|
|
1
|
+
{"version":3,"file":"authenticator-decorator.error.js","sourceRoot":"","sources":["../../../../src/errors/authenticator-decorator.error.ts"],"names":[],"mappings":";;;AAAA,gDAAkD;AAGlD;;GAEG;AACH,MAAa,2BAA4B,SAAQ,sBAAa;IAE5D,YAAmB,OAAe,EAAE,aAAgD,EAAE,OAAY,EAAE,MAAW,EAC5F,WAAoB,EACpB,UAA+B;QAChD,KAAK,CAAC,OAAO,EAAE,EAAC,OAAO,EAAE;gBACvB,OAAO;gBACP,aAAa;gBACb,OAAO;gBACP,MAAM;gBACN,WAAW;gBACX,UAAU;aACX,EAAC,CAAC,CAAC;IAAE,CAAC;CACV;AAbD,kEAaC"}
|
|
@@ -5,16 +5,12 @@ const common_1 = require("@pristine-ts/common");
|
|
|
5
5
|
/**
|
|
6
6
|
* This Error is thrown when there's an error that happens when the authenticator are being initialized
|
|
7
7
|
*/
|
|
8
|
-
class AuthenticatorInstantiationError extends common_1.
|
|
8
|
+
class AuthenticatorInstantiationError extends common_1.PristineError {
|
|
9
9
|
constructor(message, instantiatedAuthenticator, authenticatorContext) {
|
|
10
|
-
super(message, {
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
// Set the prototype explicitly.
|
|
15
|
-
// As specified in the documentation in TypeScript
|
|
16
|
-
// https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes#extending-built-ins-like-error-array-and-map-may-no-longer-work
|
|
17
|
-
Object.setPrototypeOf(this, AuthenticatorInstantiationError.prototype);
|
|
10
|
+
super(message, { details: {
|
|
11
|
+
instantiatedAuthenticator,
|
|
12
|
+
authenticatorContext,
|
|
13
|
+
} });
|
|
18
14
|
}
|
|
19
15
|
}
|
|
20
16
|
exports.AuthenticatorInstantiationError = AuthenticatorInstantiationError;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticator-instantiation.error.js","sourceRoot":"","sources":["../../../../src/errors/authenticator-instantiation.error.ts"],"names":[],"mappings":";;;AAAA,gDAAkD;AAGlD;;GAEG;AACH,MAAa,+BAAgC,SAAQ,sBAAa;IAGhE,YAAmB,OAAe,EAAE,yBAA4D,EAAE,oBAAyB;QACzH,KAAK,CAAC,OAAO,EAAE
|
|
1
|
+
{"version":3,"file":"authenticator-instantiation.error.js","sourceRoot":"","sources":["../../../../src/errors/authenticator-instantiation.error.ts"],"names":[],"mappings":";;;AAAA,gDAAkD;AAGlD;;GAEG;AACH,MAAa,+BAAgC,SAAQ,sBAAa;IAGhE,YAAmB,OAAe,EAAE,yBAA4D,EAAE,oBAAyB;QACzH,KAAK,CAAC,OAAO,EAAE,EAAC,OAAO,EAAE;gBACvB,yBAAyB;gBACzB,oBAAoB;aACrB,EAAC,CAAC,CAAC;IAAE,CAAC;CACV;AARD,0EAQC"}
|
|
@@ -5,20 +5,16 @@ const common_1 = require("@pristine-ts/common");
|
|
|
5
5
|
/**
|
|
6
6
|
* This Error is thrown when there's an error that happens when the guards ere being initialized
|
|
7
7
|
*/
|
|
8
|
-
class GuardDecoratorError extends common_1.
|
|
8
|
+
class GuardDecoratorError extends common_1.PristineError {
|
|
9
9
|
constructor(message, guard, options, target, propertyKey, descriptor) {
|
|
10
|
-
super(message, {
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
// Set the prototype explicitly.
|
|
19
|
-
// As specified in the documentation in TypeScript
|
|
20
|
-
// https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes#extending-built-ins-like-error-array-and-map-may-no-longer-work
|
|
21
|
-
Object.setPrototypeOf(this, GuardDecoratorError.prototype);
|
|
10
|
+
super(message, { details: {
|
|
11
|
+
message,
|
|
12
|
+
guard,
|
|
13
|
+
options,
|
|
14
|
+
target,
|
|
15
|
+
propertyKey,
|
|
16
|
+
descriptor,
|
|
17
|
+
} });
|
|
22
18
|
}
|
|
23
19
|
}
|
|
24
20
|
exports.GuardDecoratorError = GuardDecoratorError;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard-decorator.error.js","sourceRoot":"","sources":["../../../../src/errors/guard-decorator.error.ts"],"names":[],"mappings":";;;AAAA,gDAAkD;AAGlD;;GAEG;AACH,MAAa,mBAAoB,SAAQ,sBAAa;IAEpD,YAAmB,OAAe,EAAE,KAAgC,EAAE,OAAY,EAAE,MAAW,EAC5E,WAAoB,EACpB,UAA+B;QAChD,KAAK,CAAC,OAAO,EAAE;
|
|
1
|
+
{"version":3,"file":"guard-decorator.error.js","sourceRoot":"","sources":["../../../../src/errors/guard-decorator.error.ts"],"names":[],"mappings":";;;AAAA,gDAAkD;AAGlD;;GAEG;AACH,MAAa,mBAAoB,SAAQ,sBAAa;IAEpD,YAAmB,OAAe,EAAE,KAAgC,EAAE,OAAY,EAAE,MAAW,EAC5E,WAAoB,EACpB,UAA+B;QAChD,KAAK,CAAC,OAAO,EAAE,EAAC,OAAO,EAAE;gBACvB,OAAO;gBACP,KAAK;gBACL,OAAO;gBACP,MAAM;gBACN,WAAW;gBACX,UAAU;aACX,EAAC,CAAC,CAAC;IAAE,CAAC;CACV;AAbD,kDAaC"}
|
|
@@ -5,16 +5,12 @@ const common_1 = require("@pristine-ts/common");
|
|
|
5
5
|
/**
|
|
6
6
|
* This Error is thrown when there's an error that happens when the guards ere being initialized
|
|
7
7
|
*/
|
|
8
|
-
class GuardInstantiationError extends common_1.
|
|
8
|
+
class GuardInstantiationError extends common_1.PristineError {
|
|
9
9
|
constructor(message, instantiatedGuard, guardContext) {
|
|
10
|
-
super(message, {
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
// Set the prototype explicitly.
|
|
15
|
-
// As specified in the documentation in TypeScript
|
|
16
|
-
// https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes#extending-built-ins-like-error-array-and-map-may-no-longer-work
|
|
17
|
-
Object.setPrototypeOf(this, GuardInstantiationError.prototype);
|
|
10
|
+
super(message, { details: {
|
|
11
|
+
instantiatedGuard,
|
|
12
|
+
guardContext,
|
|
13
|
+
} });
|
|
18
14
|
}
|
|
19
15
|
}
|
|
20
16
|
exports.GuardInstantiationError = GuardInstantiationError;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard-instantiation.error.js","sourceRoot":"","sources":["../../../../src/errors/guard-instantiation.error.ts"],"names":[],"mappings":";;;AAAA,gDAAkD;AAGlD;;GAEG;AACH,MAAa,uBAAwB,SAAQ,sBAAa;IACxD,YAAmB,OAAe,EAAE,iBAA4C,EAAE,YAAiB;QACjG,KAAK,CAAC,OAAO,EAAE
|
|
1
|
+
{"version":3,"file":"guard-instantiation.error.js","sourceRoot":"","sources":["../../../../src/errors/guard-instantiation.error.ts"],"names":[],"mappings":";;;AAAA,gDAAkD;AAGlD;;GAEG;AACH,MAAa,uBAAwB,SAAQ,sBAAa;IACxD,YAAmB,OAAe,EAAE,iBAA4C,EAAE,YAAiB;QACjG,KAAK,CAAC,OAAO,EAAE,EAAC,OAAO,EAAE;gBACvB,iBAAiB;gBACjB,YAAY;aACb,EAAC,CAAC,CAAC;IAAE,CAAC;CACV;AAND,0DAMC"}
|
|
@@ -36,22 +36,29 @@ let AuthenticationManager = class AuthenticationManager {
|
|
|
36
36
|
* The authentication manager provides authentication by returning the identity executing the action.
|
|
37
37
|
* @param identityProviders The identity providers to use to provide the identity. All services tagged with ServiceDefinitionTagEnum.IdentityProvider will be injected here.
|
|
38
38
|
* @param logHandler The log handler to output logs.
|
|
39
|
+
* @param tracingManager The tracing manager used to attach markers and per-provider spans to the active trace.
|
|
39
40
|
* @param authenticatorFactory The factory to create the authenticator.
|
|
40
41
|
*/
|
|
41
|
-
constructor(identityProviders, logHandler, authenticatorFactory) {
|
|
42
|
+
constructor(identityProviders, logHandler, tracingManager, authenticatorFactory) {
|
|
42
43
|
this.identityProviders = identityProviders;
|
|
43
44
|
this.logHandler = logHandler;
|
|
45
|
+
this.tracingManager = tracingManager;
|
|
44
46
|
this.authenticatorFactory = authenticatorFactory;
|
|
45
47
|
}
|
|
46
48
|
/**
|
|
47
49
|
* Authenticates a request by providing the identity that made the request.
|
|
50
|
+
* Drops markers at each decision point — "no authenticator for this route," "authenticator
|
|
51
|
+
* resolved to X," "identity returned by authenticator," "identity enriched by provider Y" —
|
|
52
|
+
* so the trace tells the auth story without anyone having to read interleaved logs.
|
|
48
53
|
* @param request The request to authenticate
|
|
49
54
|
* @param routeContext The context associated with the route.
|
|
50
55
|
* @param container The dependency container from which to resolve the authenticator.
|
|
51
56
|
*/
|
|
52
57
|
authenticate(request, routeContext, container) {
|
|
53
58
|
return __awaiter(this, void 0, void 0, function* () {
|
|
59
|
+
var _a, _b, _c;
|
|
54
60
|
if (!routeContext || routeContext[authenticator_decorator_1.authenticatorMetadataKeyname] === undefined) {
|
|
61
|
+
this.tracingManager.addMarkerToCurrentSpan("auth.no-authenticator");
|
|
55
62
|
return undefined;
|
|
56
63
|
}
|
|
57
64
|
const authenticator = routeContext[authenticator_decorator_1.authenticatorMetadataKeyname];
|
|
@@ -60,16 +67,38 @@ let AuthenticationManager = class AuthenticationManager {
|
|
|
60
67
|
try {
|
|
61
68
|
const instantiatedAuthenticator = this.authenticatorFactory.fromContext(authenticatorContext, container);
|
|
62
69
|
yield instantiatedAuthenticator.setContext(authenticatorContext);
|
|
70
|
+
this.tracingManager.addMarkerToCurrentSpan("auth.authenticator-resolved", {
|
|
71
|
+
authenticator: instantiatedAuthenticator.constructor.name,
|
|
72
|
+
});
|
|
63
73
|
identity = yield instantiatedAuthenticator.authenticate(request);
|
|
64
74
|
if (identity == undefined) {
|
|
75
|
+
this.tracingManager.addMarkerToCurrentSpan("auth.identity-not-found", {
|
|
76
|
+
authenticator: instantiatedAuthenticator.constructor.name,
|
|
77
|
+
});
|
|
65
78
|
return identity;
|
|
66
79
|
}
|
|
67
|
-
|
|
80
|
+
this.tracingManager.addMarkerToCurrentSpan("auth.identity-resolved", {
|
|
81
|
+
authenticator: instantiatedAuthenticator.constructor.name,
|
|
82
|
+
identityId: (_a = identity.id) !== null && _a !== void 0 ? _a : "(no id)",
|
|
83
|
+
});
|
|
84
|
+
// Loop over the identity providers, wrapping each call in its own span so per-provider
|
|
85
|
+
// latency (often DB / external lookups to enrich the identity) is visible in the trace
|
|
86
|
+
// tree alongside the authenticator's own span.
|
|
68
87
|
for (const identityProvider of this.identityProviders) {
|
|
69
|
-
|
|
88
|
+
const providerSpan = this.tracingManager.startSpan(`identity-provider.${identityProvider.constructor.name}`);
|
|
89
|
+
try {
|
|
90
|
+
identity = yield identityProvider.provide(identity);
|
|
91
|
+
}
|
|
92
|
+
finally {
|
|
93
|
+
providerSpan.end();
|
|
94
|
+
}
|
|
70
95
|
}
|
|
71
96
|
}
|
|
72
97
|
catch (e) {
|
|
98
|
+
this.tracingManager.addMarkerToCurrentSpan("auth.error", {
|
|
99
|
+
errorName: (_b = e === null || e === void 0 ? void 0 : e.name) !== null && _b !== void 0 ? _b : "Error",
|
|
100
|
+
errorMessage: (_c = e === null || e === void 0 ? void 0 : e.message) !== null && _c !== void 0 ? _c : "Unknown error",
|
|
101
|
+
});
|
|
73
102
|
this.logHandler.error("AuthenticationManager: Error authenticating the request.", {
|
|
74
103
|
extra: { error: e }
|
|
75
104
|
});
|
|
@@ -101,6 +130,7 @@ exports.AuthenticationManager = AuthenticationManager = __decorate([
|
|
|
101
130
|
(0, tsyringe_1.injectable)(),
|
|
102
131
|
__param(0, (0, tsyringe_1.injectAll)(common_1.ServiceDefinitionTagEnum.IdentityProvider, { isOptional: true })),
|
|
103
132
|
__param(1, (0, tsyringe_1.inject)("LogHandlerInterface")),
|
|
104
|
-
|
|
133
|
+
__param(2, (0, tsyringe_1.inject)("TracingManagerInterface")),
|
|
134
|
+
__metadata("design:paramtypes", [Array, Object, Object, authenticator_factory_1.AuthenticatorFactory])
|
|
105
135
|
], AuthenticationManager);
|
|
106
136
|
//# sourceMappingURL=authentication.manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.manager.js","sourceRoot":"","sources":["../../../../src/managers/authentication.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAA4E;AAE5E,
|
|
1
|
+
{"version":3,"file":"authentication.manager.js","sourceRoot":"","sources":["../../../../src/managers/authentication.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAA4E;AAE5E,gDAA6I;AAI7I,8EAAwE;AACxE,wEAAiE;AAEjE,mFAAmF;AAEnF;;;GAGG;AAII,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAEhC;;;;;;OAMG;IACH,YAC6F,iBAA8C,EACzF,UAA+B,EAC3B,cAAuC,EAC1E,oBAA0C;QAHgC,sBAAiB,GAAjB,iBAAiB,CAA6B;QACzF,eAAU,GAAV,UAAU,CAAqB;QAC3B,mBAAc,GAAd,cAAc,CAAyB;QAC1E,yBAAoB,GAApB,oBAAoB,CAAsB;IAC7D,CAAC;IAED;;;;;;;;OAQG;IAEU,YAAY,CAAC,OAAgB,EAAE,YAAiB,EAAE,SAA8B;;;YAC3F,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,sDAA4B,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC9E,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,uBAAuB,CAAC,CAAC;gBACpE,OAAO,SAAS,CAAC;YACnB,CAAC;YAED,MAAM,aAAa,GAAG,YAAY,CAAC,sDAA4B,CAAC,CAAC;YAEjE,IAAI,QAAuC,CAAC;YAE5C,MAAM,oBAAoB,GAAkC,aAAa,CAAC;YAE1E,IAAI,CAAC;gBACH,MAAM,yBAAyB,GAA2B,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;gBAEjI,MAAM,yBAAyB,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;gBAEjE,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,6BAA6B,EAAE;oBACxE,aAAa,EAAE,yBAAyB,CAAC,WAAW,CAAC,IAAI;iBAC1D,CAAC,CAAC;gBAEH,QAAQ,GAAG,MAAM,yBAAyB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;gBAEjE,IAAI,QAAQ,IAAI,SAAS,EAAE,CAAC;oBAC1B,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,yBAAyB,EAAE;wBACpE,aAAa,EAAE,yBAAyB,CAAC,WAAW,CAAC,IAAI;qBAC1D,CAAC,CAAC;oBACH,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAED,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,wBAAwB,EAAE;oBACnE,aAAa,EAAE,yBAAyB,CAAC,WAAW,CAAC,IAAI;oBACzD,UAAU,EAAE,MAAA,QAAQ,CAAC,EAAE,mCAAI,SAAS;iBACrC,CAAC,CAAC;gBAEH,uFAAuF;gBACvF,uFAAuF;gBACvF,+CAA+C;gBAC/C,KAAK,MAAM,gBAAgB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBACtD,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,qBAAqB,gBAAgB,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;oBAC7G,IAAI,CAAC;wBACH,QAAQ,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;oBACtD,CAAC;4BAAS,CAAC;wBACT,YAAY,CAAC,GAAG,EAAE,CAAC;oBACrB,CAAC;gBACH,CAAC;YAEH,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,YAAY,EAAE;oBACvD,SAAS,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI,mCAAI,OAAO;oBAC7B,YAAY,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,mCAAI,eAAe;iBAC5C,CAAC,CAAC;gBACH,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,0DAA0D,EAAE;oBAChF,KAAK,EAAE,EAAC,KAAK,EAAE,CAAC,EAAC;iBAClB,CAAC,CAAC;gBACH,MAAM,CAAC,CAAC;YACV,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBACvD,UAAU,EAAE;oBACV,QAAQ;iBACT;gBACD,KAAK,EAAE;oBACL,OAAO;oBACP,YAAY;iBACb;aACF,CAAC,CAAA;YACF,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;CACF,CAAA;AA/FY,sDAAqB;AA0BnB;IADZ,IAAA,eAAM,GAAE;;qCAC0B,gBAAO;;yDAoEzC;gCA9FU,qBAAqB;IAHjC,IAAA,qBAAY,EAAC,+CAAqB,CAAC;IACnC,IAAA,YAAG,EAAC,gCAAgC,CAAC;IACrC,IAAA,qBAAU,GAAE;IAWR,WAAA,IAAA,oBAAS,EAAC,iCAAwB,CAAC,gBAAgB,EAAE,EAAC,UAAU,EAAE,IAAI,EAAC,CAAC,CAAA;IACxE,WAAA,IAAA,iBAAM,EAAC,qBAAqB,CAAC,CAAA;IAC7B,WAAA,IAAA,iBAAM,EAAC,yBAAyB,CAAC,CAAA;4DACK,4CAAoB;GAblD,qBAAqB,CA+FjC"}
|
|
@@ -35,14 +35,18 @@ let AuthorizerManager = class AuthorizerManager {
|
|
|
35
35
|
/**
|
|
36
36
|
* The authorizer manager provides authorization by authorizing the action.
|
|
37
37
|
* @param logHandler The log handler to output logs.
|
|
38
|
+
* @param tracingManager The tracing manager used to attach markers per guard decision.
|
|
38
39
|
* @param guardFactory The factory to create the guard.
|
|
39
40
|
*/
|
|
40
|
-
constructor(logHandler, guardFactory) {
|
|
41
|
+
constructor(logHandler, tracingManager, guardFactory) {
|
|
41
42
|
this.logHandler = logHandler;
|
|
43
|
+
this.tracingManager = tracingManager;
|
|
42
44
|
this.guardFactory = guardFactory;
|
|
43
45
|
}
|
|
44
46
|
/**
|
|
45
|
-
* Returns whether or not the request is authorized to access the route.
|
|
47
|
+
* Returns whether or not the request is authorized to access the route. Drops one marker
|
|
48
|
+
* per guard (`authz.guard-decision` with the guard's class name and `allow`/`deny`/`error`)
|
|
49
|
+
* so the trace shows which guard was the deciding one.
|
|
46
50
|
* @param request The request to authorize.
|
|
47
51
|
* @param routeContext The route context.
|
|
48
52
|
* @param container The dependency container to resolve the guard from.
|
|
@@ -50,26 +54,38 @@ let AuthorizerManager = class AuthorizerManager {
|
|
|
50
54
|
*/
|
|
51
55
|
isAuthorized(request, routeContext, container, identity) {
|
|
52
56
|
return __awaiter(this, void 0, void 0, function* () {
|
|
53
|
-
var _a, _b, _c;
|
|
57
|
+
var _a, _b, _c, _d;
|
|
54
58
|
if (!routeContext || routeContext[guard_decorator_1.guardMetadataKeyname] === undefined || Array.isArray(routeContext[guard_decorator_1.guardMetadataKeyname]) === false) {
|
|
59
|
+
this.tracingManager.addMarkerToCurrentSpan("authz.no-guards");
|
|
55
60
|
return true;
|
|
56
61
|
}
|
|
57
62
|
const guards = routeContext[guard_decorator_1.guardMetadataKeyname];
|
|
58
63
|
let isAuthorized = true;
|
|
59
64
|
for (const guardContext of guards) {
|
|
65
|
+
let guardName = "(unknown guard)";
|
|
60
66
|
try {
|
|
61
67
|
const instantiatedGuard = this.guardFactory.fromContext(guardContext, container);
|
|
68
|
+
guardName = instantiatedGuard.constructor.name;
|
|
62
69
|
yield instantiatedGuard.setContext(guardContext);
|
|
63
70
|
const didAuthorize = yield instantiatedGuard.isAuthorized(request, identity);
|
|
71
|
+
this.tracingManager.addMarkerToCurrentSpan("authz.guard-decision", {
|
|
72
|
+
guard: guardName,
|
|
73
|
+
decision: didAuthorize ? "allow" : "deny",
|
|
74
|
+
});
|
|
64
75
|
isAuthorized = isAuthorized && didAuthorize;
|
|
65
76
|
}
|
|
66
77
|
catch (e) {
|
|
78
|
+
this.tracingManager.addMarkerToCurrentSpan("authz.guard-decision", {
|
|
79
|
+
guard: guardName,
|
|
80
|
+
decision: "error",
|
|
81
|
+
errorMessage: (_a = e === null || e === void 0 ? void 0 : e.message) !== null && _a !== void 0 ? _a : "Unknown error",
|
|
82
|
+
});
|
|
67
83
|
this.logHandler.error("AuthorizerManager: Error while authorizing the request.", {
|
|
68
84
|
highlights: {
|
|
69
|
-
errorMessage: (
|
|
85
|
+
errorMessage: (_b = e === null || e === void 0 ? void 0 : e.message) !== null && _b !== void 0 ? _b : "Unknown error",
|
|
70
86
|
requestUrl: `${request.httpMethod} ${request.url}`,
|
|
71
|
-
identityId: (
|
|
72
|
-
identityClaims: (
|
|
87
|
+
identityId: (_c = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _c !== void 0 ? _c : "No Identity Id found",
|
|
88
|
+
identityClaims: (_d = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _d !== void 0 ? _d : "No claims found",
|
|
73
89
|
},
|
|
74
90
|
extra: {
|
|
75
91
|
error: e,
|
|
@@ -100,6 +116,7 @@ exports.AuthorizerManager = AuthorizerManager = __decorate([
|
|
|
100
116
|
(0, common_1.tag)("AuthorizerManagerInterface"),
|
|
101
117
|
(0, tsyringe_1.injectable)(),
|
|
102
118
|
__param(0, (0, tsyringe_1.inject)("LogHandlerInterface")),
|
|
103
|
-
|
|
119
|
+
__param(1, (0, tsyringe_1.inject)("TracingManagerInterface")),
|
|
120
|
+
__metadata("design:paramtypes", [Object, Object, guard_factory_1.GuardFactory])
|
|
104
121
|
], AuthorizerManager);
|
|
105
122
|
//# sourceMappingURL=authorizer.manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorizer.manager.js","sourceRoot":"","sources":["../../../../src/managers/authorizer.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAiE;AAEjE,
|
|
1
|
+
{"version":3,"file":"authorizer.manager.js","sourceRoot":"","sources":["../../../../src/managers/authorizer.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAiE;AAEjE,gDAAmH;AAEnH,8DAAwD;AACxD,wEAAiE;AACjE,mEAAmE;AAEnE;;;GAGG;AAII,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAE5B;;;;;OAKG;IACH,YAAmE,UAA+B,EAC3B,cAAuC,EAC1E,YAA0B;QAFK,eAAU,GAAV,UAAU,CAAqB;QAC3B,mBAAc,GAAd,cAAc,CAAyB;QAC1E,iBAAY,GAAZ,YAAY,CAAc;IAC9D,CAAC;IAED;;;;;;;;OAQG;IAEU,YAAY,CAAC,OAAgB,EAAE,YAAiB,EAAE,SAA8B,EAAE,QAA4B;;;YACzH,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,sCAAoB,CAAC,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,sCAAoB,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;gBACrI,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,CAAC;gBAC9D,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,MAAM,GAAG,YAAY,CAAC,sCAAoB,CAAC,CAAC;YAElD,IAAI,YAAY,GAAG,IAAI,CAAC;YAExB,KAAK,MAAM,YAAY,IAAI,MAAM,EAAE,CAAC;gBAClC,IAAI,SAAS,GAAG,iBAAiB,CAAC;gBAClC,IAAI,CAAC;oBACH,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;oBACjF,SAAS,GAAG,iBAAiB,CAAC,WAAW,CAAC,IAAI,CAAC;oBAE/C,MAAM,iBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;oBAEjD,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;oBAC7E,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,sBAAsB,EAAE;wBACjE,KAAK,EAAE,SAAS;wBAChB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;qBAC1C,CAAC,CAAC;oBACH,YAAY,GAAG,YAAY,IAAI,YAAY,CAAC;gBAC9C,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,sBAAsB,EAAE;wBACjE,KAAK,EAAE,SAAS;wBAChB,QAAQ,EAAE,OAAO;wBACjB,YAAY,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,mCAAI,eAAe;qBAC5C,CAAC,CAAC;oBACH,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,yDAAyD,EAAE;wBAC/E,UAAU,EAAE;4BACV,YAAY,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,mCAAI,eAAe;4BAC3C,UAAU,EAAE,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE;4BAClD,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;yBACtD;wBACD,KAAK,EAAE;4BACL,KAAK,EAAE,CAAC;4BACR,OAAO;4BACP,QAAQ;yBACT;qBACF,CAAC,CAAC;oBACH,YAAY,GAAG,KAAK,CAAC;gBACvB,CAAC;YACH,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE;gBACtC,UAAU,EAAE,EAAC,YAAY,EAAC;gBAC1B,KAAK,EAAE,EAAC,OAAO,EAAE,YAAY,EAAC;aAC/B,CAAC,CAAC;YAEH,OAAO,YAAY,CAAC;QACtB,CAAC;KAAA;CACF,CAAA;AA7EY,8CAAiB;AAuBf;IADZ,IAAA,eAAM,GAAE;;qCAC0B,gBAAO;;qDAqDzC;4BA5EU,iBAAiB;IAH7B,IAAA,qBAAY,EAAC,+CAAqB,CAAC;IACnC,IAAA,YAAG,EAAC,4BAA4B,CAAC;IACjC,IAAA,qBAAU,GAAE;IASS,WAAA,IAAA,iBAAM,EAAC,qBAAqB,CAAC,CAAA;IAC7B,WAAA,IAAA,iBAAM,EAAC,yBAAyB,CAAC,CAAA;qDACH,4BAAY;GAVnD,iBAAiB,CA6E7B"}
|
|
@@ -35,13 +35,18 @@ let PermissionManager = class PermissionManager {
|
|
|
35
35
|
* @param voters The voters that determine if access is granted.
|
|
36
36
|
* All services with the tag ServiceDefinitionTagEnum.Voter will be injected here
|
|
37
37
|
* @param logHandler The log handler to output logs.
|
|
38
|
+
* @param tracingManager The tracing manager used to attach markers for the voting decisions.
|
|
38
39
|
*/
|
|
39
|
-
constructor(voters, logHandler) {
|
|
40
|
+
constructor(voters, logHandler, tracingManager) {
|
|
40
41
|
this.voters = voters;
|
|
41
42
|
this.logHandler = logHandler;
|
|
43
|
+
this.tracingManager = tracingManager;
|
|
42
44
|
}
|
|
43
45
|
/**
|
|
44
|
-
* Returns whether or not the permission manager grants access to the resource.
|
|
46
|
+
* Returns whether or not the permission manager grants access to the resource. Drops one
|
|
47
|
+
* marker per voter (`permission.voter-vote` with `{voter, vote}`) so the trace shows which
|
|
48
|
+
* voter swung the decision. `@traced()` puts the whole call in its own span so the
|
|
49
|
+
* voting work is visible in the trace tree alongside auth/authz.
|
|
45
50
|
* @param identity The identity trying to have access to a resource.
|
|
46
51
|
* @param action The action trying to be executed on the resource.
|
|
47
52
|
* @param resource The resource being accessed.
|
|
@@ -49,8 +54,9 @@ let PermissionManager = class PermissionManager {
|
|
|
49
54
|
*/
|
|
50
55
|
hasAccessToResource(identity_1, action_1, resource_1) {
|
|
51
56
|
return __awaiter(this, arguments, void 0, function* (identity, action, resource, votingStrategy = voting_strategy_enum_1.VotingStrategyEnum.DenyOnUnanimousAbstention) {
|
|
52
|
-
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o;
|
|
57
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p;
|
|
53
58
|
if (this.voters.length === 0) {
|
|
59
|
+
this.tracingManager.addMarkerToCurrentSpan("permission.no-voters");
|
|
54
60
|
this.logHandler.warning("PermissionManager: No voters were found, this could lead to unexpected behavior. Make sure that you have registered voters in your application.", {
|
|
55
61
|
highlights: {
|
|
56
62
|
identityId: (_a = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _a !== void 0 ? _a : "No Identity Id found",
|
|
@@ -84,6 +90,10 @@ let PermissionManager = class PermissionManager {
|
|
|
84
90
|
}
|
|
85
91
|
try {
|
|
86
92
|
const vote = yield voter.vote(identity, action, resource);
|
|
93
|
+
this.tracingManager.addMarkerToCurrentSpan("permission.voter-vote", {
|
|
94
|
+
voter: voter.constructor.name,
|
|
95
|
+
vote: String(vote),
|
|
96
|
+
});
|
|
87
97
|
const message = "PermissionManager: Voter " + voter.constructor.name + " voted: " + vote;
|
|
88
98
|
if (vote === vote_enum_1.VoteEnum.Deny) { // When it's being denied, it usually mean that something is important to be noticed.
|
|
89
99
|
this.logHandler.info(message, {
|
|
@@ -120,11 +130,16 @@ let PermissionManager = class PermissionManager {
|
|
|
120
130
|
votes.push(vote);
|
|
121
131
|
}
|
|
122
132
|
catch (error) {
|
|
133
|
+
this.tracingManager.addMarkerToCurrentSpan("permission.voter-vote", {
|
|
134
|
+
voter: voter.constructor.name,
|
|
135
|
+
vote: "error",
|
|
136
|
+
errorMessage: (_j = error === null || error === void 0 ? void 0 : error.message) !== null && _j !== void 0 ? _j : "Unknown error",
|
|
137
|
+
});
|
|
123
138
|
this.logHandler.error("PermissionManager: Error while voting, please check the logs for more details.", {
|
|
124
139
|
highlights: {
|
|
125
|
-
errorMessage: (
|
|
126
|
-
identityId: (
|
|
127
|
-
identityClaims: (
|
|
140
|
+
errorMessage: (_k = error.message) !== null && _k !== void 0 ? _k : "Unknown error",
|
|
141
|
+
identityId: (_l = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _l !== void 0 ? _l : "No Identity Id found",
|
|
142
|
+
identityClaims: (_m = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _m !== void 0 ? _m : "No claims found",
|
|
128
143
|
action,
|
|
129
144
|
voter: voter.constructor.name,
|
|
130
145
|
},
|
|
@@ -148,8 +163,8 @@ let PermissionManager = class PermissionManager {
|
|
|
148
163
|
highlights: {
|
|
149
164
|
resourceName: resource.constructor.name,
|
|
150
165
|
access: shouldGrantAccess ? "GRANTED" : "DENIED",
|
|
151
|
-
identityId: (
|
|
152
|
-
identityClaims: (
|
|
166
|
+
identityId: (_o = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _o !== void 0 ? _o : "No Identity Id found",
|
|
167
|
+
identityClaims: (_p = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _p !== void 0 ? _p : "No claims found",
|
|
153
168
|
}, extra: {
|
|
154
169
|
identity,
|
|
155
170
|
resource,
|
|
@@ -161,10 +176,17 @@ let PermissionManager = class PermissionManager {
|
|
|
161
176
|
}
|
|
162
177
|
};
|
|
163
178
|
exports.PermissionManager = PermissionManager;
|
|
179
|
+
__decorate([
|
|
180
|
+
(0, common_1.traced)(),
|
|
181
|
+
__metadata("design:type", Function),
|
|
182
|
+
__metadata("design:paramtypes", [Object, String, Object, String]),
|
|
183
|
+
__metadata("design:returntype", Promise)
|
|
184
|
+
], PermissionManager.prototype, "hasAccessToResource", null);
|
|
164
185
|
exports.PermissionManager = PermissionManager = __decorate([
|
|
165
186
|
(0, tsyringe_1.injectable)(),
|
|
166
187
|
__param(0, (0, tsyringe_1.injectAll)(common_1.ServiceDefinitionTagEnum.Voter)),
|
|
167
188
|
__param(1, (0, tsyringe_1.inject)("LogHandlerInterface")),
|
|
168
|
-
|
|
189
|
+
__param(2, (0, tsyringe_1.inject)("TracingManagerInterface")),
|
|
190
|
+
__metadata("design:paramtypes", [Array, Object, Object])
|
|
169
191
|
], PermissionManager);
|
|
170
192
|
//# sourceMappingURL=permission.manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission.manager.js","sourceRoot":"","sources":["../../../../src/managers/permission.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAuD;AAEvD,wEAAiE;AACjE,kDAA4C;AAC5C,
|
|
1
|
+
{"version":3,"file":"permission.manager.js","sourceRoot":"","sources":["../../../../src/managers/permission.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAuD;AAEvD,wEAAiE;AACjE,kDAA4C;AAC5C,gDAAiH;AAGjH;;GAEG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAE5B;;;;;;OAMG;IACH,YAA+E,MAAwB,EACpC,UAA+B,EAC3B,cAAuC;QAF/B,WAAM,GAAN,MAAM,CAAkB;QACpC,eAAU,GAAV,UAAU,CAAqB;QAC3B,mBAAc,GAAd,cAAc,CAAyB;IAC9G,CAAC;IAED;;;;;;;;;OASG;IAEG,mBAAmB;6DAAC,QAA2B,EAAE,MAAc,EAAE,QAAgB,EAAE,iBAAqC,yCAAkB,CAAC,yBAAyB;;YACxK,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7B,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,CAAC;gBACnE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,iJAAiJ,EAAE;oBACzK,UAAU,EAAE;wBACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;wBAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;wBACrD,MAAM;qBACP;oBACD,KAAK,EAAE;wBACL,QAAQ;wBACR,QAAQ;wBACR,cAAc;qBACf;iBACF,CAAC,CAAC;YACL,CAAC;YAED,MAAM,KAAK,GAAe,EAAE,CAAC;YAE7B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,KAAK,EAAE,CAAC;oBACvC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,0DAA0D,EAAE;wBAChF,UAAU,EAAE;4BACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;4BACrD,MAAM;4BACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;yBAC9B;wBACD,KAAK,EAAE;4BACL,QAAQ;4BACR,QAAQ;4BACR,cAAc;yBACf;qBACF,CAAC,CAAC;oBACH,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;oBAC1D,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,uBAAuB,EAAE;wBAClE,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;wBAC7B,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;qBACnB,CAAC,CAAC;oBACH,MAAM,OAAO,GAAG,2BAA2B,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,GAAG,UAAU,GAAG,IAAI,CAAC;oBAEzF,IAAI,IAAI,KAAK,oBAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,qFAAqF;wBACjH,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;4BAC5B,UAAU,EAAE;gCACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;gCAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;gCACrD,MAAM;gCACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;gCAC7B,IAAI;6BACL;4BACD,KAAK,EAAE;gCACL,QAAQ;gCACR,QAAQ;gCACR,cAAc;6BACf;yBACF,CAAC,CAAA;oBACJ,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE;4BAC7B,UAAU,EAAE;gCACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;gCAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;gCACrD,MAAM;gCACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;gCAC7B,IAAI;6BACL;4BACD,KAAK,EAAE;gCACL,QAAQ;gCACR,QAAQ;gCACR,cAAc;6BACf;yBACF,CAAC,CAAC;oBACL,CAAC;oBAED,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,CAAC;gBAAC,OAAO,KAAU,EAAE,CAAC;oBACpB,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,uBAAuB,EAAE;wBAClE,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;wBAC7B,IAAI,EAAE,OAAO;wBACb,YAAY,EAAE,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,mCAAI,eAAe;qBAChD,CAAC,CAAC;oBACH,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,gFAAgF,EAAE;wBACtG,UAAU,EAAE;4BACV,YAAY,EAAE,MAAA,KAAK,CAAC,OAAO,mCAAI,eAAe;4BAC9C,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;4BACrD,MAAM;4BACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;yBAC9B;wBACD,KAAK,EAAE;4BACL,KAAK;4BACL,QAAQ;4BACR,QAAQ;4BACR,cAAc;yBACf;qBACF,CAAC,CAAC;oBACH,MAAM,KAAK,CAAC;gBACd,CAAC;YAEH,CAAC;YAED,IAAI,iBAAiB,GAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAQ,CAAC,IAAI,CAAC,CAAC;YAEhE,IAAI,cAAc,KAAK,yCAAkB,CAAC,yBAAyB,EAAE,CAAC;gBACpE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,oBAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3E,iBAAiB,GAAG,KAAK,CAAC;gBAC5B,CAAC;YACH,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,wCAAwC,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,OAAO,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE;gBACjJ,UAAU,EAAE;oBACV,YAAY,EAAE,QAAQ,CAAC,WAAW,CAAC,IAAI;oBACvC,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;oBAChD,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;oBAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;iBACtD,EAAE,KAAK,EAAE;oBACR,QAAQ;oBACR,QAAQ;oBACR,cAAc;iBACf;aACF,CAAC,CAAC;YAEH,OAAO,iBAAiB,CAAC;QAC3B,CAAC;KAAA;CACF,CAAA;AAxJY,8CAAiB;AAyBtB;IADL,IAAA,eAAM,GAAE;;;;4DA+HR;4BAvJU,iBAAiB;IAD7B,IAAA,qBAAU,GAAE;IAUS,WAAA,IAAA,oBAAS,EAAC,iCAAwB,CAAC,KAAK,CAAC,CAAA;IACzC,WAAA,IAAA,iBAAM,EAAC,qBAAqB,CAAC,CAAA;IAC7B,WAAA,IAAA,iBAAM,EAAC,yBAAyB,CAAC,CAAA;;GAX1C,iBAAiB,CAwJ7B"}
|