@pristine-ts/security 2.0.4 → 2.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/cjs/errors/authenticator-decorator.error.js +9 -13
- package/dist/lib/cjs/errors/authenticator-decorator.error.js.map +1 -1
- package/dist/lib/cjs/errors/authenticator-instantiation.error.js +5 -9
- package/dist/lib/cjs/errors/authenticator-instantiation.error.js.map +1 -1
- package/dist/lib/cjs/errors/guard-decorator.error.js +9 -13
- package/dist/lib/cjs/errors/guard-decorator.error.js.map +1 -1
- package/dist/lib/cjs/errors/guard-instantiation.error.js +5 -9
- package/dist/lib/cjs/errors/guard-instantiation.error.js.map +1 -1
- package/dist/lib/cjs/managers/authentication.manager.js +34 -4
- package/dist/lib/cjs/managers/authentication.manager.js.map +1 -1
- package/dist/lib/cjs/managers/authorizer.manager.js +24 -7
- package/dist/lib/cjs/managers/authorizer.manager.js.map +1 -1
- package/dist/lib/cjs/managers/permission.manager.js +31 -9
- package/dist/lib/cjs/managers/permission.manager.js.map +1 -1
- package/dist/lib/cjs/tsconfig.cjs.tsbuildinfo +1 -1
- package/dist/lib/esm/errors/authenticator-decorator.error.js +10 -14
- package/dist/lib/esm/errors/authenticator-decorator.error.js.map +1 -1
- package/dist/lib/esm/errors/authenticator-instantiation.error.js +6 -10
- package/dist/lib/esm/errors/authenticator-instantiation.error.js.map +1 -1
- package/dist/lib/esm/errors/guard-decorator.error.js +10 -14
- package/dist/lib/esm/errors/guard-decorator.error.js.map +1 -1
- package/dist/lib/esm/errors/guard-instantiation.error.js +6 -10
- package/dist/lib/esm/errors/guard-instantiation.error.js.map +1 -1
- package/dist/lib/esm/managers/authentication.manager.js +34 -4
- package/dist/lib/esm/managers/authentication.manager.js.map +1 -1
- package/dist/lib/esm/managers/authorizer.manager.js +24 -7
- package/dist/lib/esm/managers/authorizer.manager.js.map +1 -1
- package/dist/lib/esm/managers/permission.manager.js +32 -10
- package/dist/lib/esm/managers/permission.manager.js.map +1 -1
- package/dist/lib/esm/tsconfig.tsbuildinfo +1 -1
- package/dist/types/errors/authenticator-decorator.error.d.ts +2 -2
- package/dist/types/errors/authenticator-instantiation.error.d.ts +2 -2
- package/dist/types/errors/guard-decorator.error.d.ts +2 -2
- package/dist/types/errors/guard-instantiation.error.d.ts +2 -2
- package/dist/types/managers/authentication.manager.d.ts +7 -2
- package/dist/types/managers/authorizer.manager.d.ts +7 -3
- package/dist/types/managers/permission.manager.d.ts +8 -3
- package/package.json +4 -4
|
@@ -1,21 +1,17 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { PristineError } from "@pristine-ts/common";
|
|
2
2
|
/**
|
|
3
3
|
* This Error is thrown when there's an error that happens when the guards ere being initialized
|
|
4
4
|
*/
|
|
5
|
-
export class GuardDecoratorError extends
|
|
5
|
+
export class GuardDecoratorError extends PristineError {
|
|
6
6
|
constructor(message, guard, options, target, propertyKey, descriptor) {
|
|
7
|
-
super(message, {
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
// Set the prototype explicitly.
|
|
16
|
-
// As specified in the documentation in TypeScript
|
|
17
|
-
// https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes#extending-built-ins-like-error-array-and-map-may-no-longer-work
|
|
18
|
-
Object.setPrototypeOf(this, GuardDecoratorError.prototype);
|
|
7
|
+
super(message, { details: {
|
|
8
|
+
message,
|
|
9
|
+
guard,
|
|
10
|
+
options,
|
|
11
|
+
target,
|
|
12
|
+
propertyKey,
|
|
13
|
+
descriptor,
|
|
14
|
+
} });
|
|
19
15
|
}
|
|
20
16
|
}
|
|
21
17
|
//# sourceMappingURL=guard-decorator.error.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard-decorator.error.js","sourceRoot":"","sources":["../../../../src/errors/guard-decorator.error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,qBAAqB,CAAC;AAGlD;;GAEG;AACH,MAAM,OAAO,mBAAoB,SAAQ,aAAa;IAEpD,YAAmB,OAAe,EAAE,KAAgC,EAAE,OAAY,EAAE,MAAW,EAC5E,WAAoB,EACpB,UAA+B;QAChD,KAAK,CAAC,OAAO,EAAE;
|
|
1
|
+
{"version":3,"file":"guard-decorator.error.js","sourceRoot":"","sources":["../../../../src/errors/guard-decorator.error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,qBAAqB,CAAC;AAGlD;;GAEG;AACH,MAAM,OAAO,mBAAoB,SAAQ,aAAa;IAEpD,YAAmB,OAAe,EAAE,KAAgC,EAAE,OAAY,EAAE,MAAW,EAC5E,WAAoB,EACpB,UAA+B;QAChD,KAAK,CAAC,OAAO,EAAE,EAAC,OAAO,EAAE;gBACvB,OAAO;gBACP,KAAK;gBACL,OAAO;gBACP,MAAM;gBACN,WAAW;gBACX,UAAU;aACX,EAAC,CAAC,CAAC;IAAE,CAAC;CACV"}
|
|
@@ -1,17 +1,13 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { PristineError } from "@pristine-ts/common";
|
|
2
2
|
/**
|
|
3
3
|
* This Error is thrown when there's an error that happens when the guards ere being initialized
|
|
4
4
|
*/
|
|
5
|
-
export class GuardInstantiationError extends
|
|
5
|
+
export class GuardInstantiationError extends PristineError {
|
|
6
6
|
constructor(message, instantiatedGuard, guardContext) {
|
|
7
|
-
super(message, {
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
// Set the prototype explicitly.
|
|
12
|
-
// As specified in the documentation in TypeScript
|
|
13
|
-
// https://github.com/Microsoft/TypeScript/wiki/Breaking-Changes#extending-built-ins-like-error-array-and-map-may-no-longer-work
|
|
14
|
-
Object.setPrototypeOf(this, GuardInstantiationError.prototype);
|
|
7
|
+
super(message, { details: {
|
|
8
|
+
instantiatedGuard,
|
|
9
|
+
guardContext,
|
|
10
|
+
} });
|
|
15
11
|
}
|
|
16
12
|
}
|
|
17
13
|
//# sourceMappingURL=guard-instantiation.error.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guard-instantiation.error.js","sourceRoot":"","sources":["../../../../src/errors/guard-instantiation.error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,qBAAqB,CAAC;AAGlD;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,aAAa;IACxD,YAAmB,OAAe,EAAE,iBAA4C,EAAE,YAAiB;QACjG,KAAK,CAAC,OAAO,EAAE
|
|
1
|
+
{"version":3,"file":"guard-instantiation.error.js","sourceRoot":"","sources":["../../../../src/errors/guard-instantiation.error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,qBAAqB,CAAC;AAGlD;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,aAAa;IACxD,YAAmB,OAAe,EAAE,iBAA4C,EAAE,YAAiB;QACjG,KAAK,CAAC,OAAO,EAAE,EAAC,OAAO,EAAE;gBACvB,iBAAiB;gBACjB,YAAY;aACb,EAAC,CAAC,CAAC;IAAE,CAAC;CACV"}
|
|
@@ -33,22 +33,29 @@ let AuthenticationManager = class AuthenticationManager {
|
|
|
33
33
|
* The authentication manager provides authentication by returning the identity executing the action.
|
|
34
34
|
* @param identityProviders The identity providers to use to provide the identity. All services tagged with ServiceDefinitionTagEnum.IdentityProvider will be injected here.
|
|
35
35
|
* @param logHandler The log handler to output logs.
|
|
36
|
+
* @param tracingManager The tracing manager used to attach markers and per-provider spans to the active trace.
|
|
36
37
|
* @param authenticatorFactory The factory to create the authenticator.
|
|
37
38
|
*/
|
|
38
|
-
constructor(identityProviders, logHandler, authenticatorFactory) {
|
|
39
|
+
constructor(identityProviders, logHandler, tracingManager, authenticatorFactory) {
|
|
39
40
|
this.identityProviders = identityProviders;
|
|
40
41
|
this.logHandler = logHandler;
|
|
42
|
+
this.tracingManager = tracingManager;
|
|
41
43
|
this.authenticatorFactory = authenticatorFactory;
|
|
42
44
|
}
|
|
43
45
|
/**
|
|
44
46
|
* Authenticates a request by providing the identity that made the request.
|
|
47
|
+
* Drops markers at each decision point — "no authenticator for this route," "authenticator
|
|
48
|
+
* resolved to X," "identity returned by authenticator," "identity enriched by provider Y" —
|
|
49
|
+
* so the trace tells the auth story without anyone having to read interleaved logs.
|
|
45
50
|
* @param request The request to authenticate
|
|
46
51
|
* @param routeContext The context associated with the route.
|
|
47
52
|
* @param container The dependency container from which to resolve the authenticator.
|
|
48
53
|
*/
|
|
49
54
|
authenticate(request, routeContext, container) {
|
|
50
55
|
return __awaiter(this, void 0, void 0, function* () {
|
|
56
|
+
var _a, _b, _c;
|
|
51
57
|
if (!routeContext || routeContext[authenticatorMetadataKeyname] === undefined) {
|
|
58
|
+
this.tracingManager.addMarkerToCurrentSpan("auth.no-authenticator");
|
|
52
59
|
return undefined;
|
|
53
60
|
}
|
|
54
61
|
const authenticator = routeContext[authenticatorMetadataKeyname];
|
|
@@ -57,16 +64,38 @@ let AuthenticationManager = class AuthenticationManager {
|
|
|
57
64
|
try {
|
|
58
65
|
const instantiatedAuthenticator = this.authenticatorFactory.fromContext(authenticatorContext, container);
|
|
59
66
|
yield instantiatedAuthenticator.setContext(authenticatorContext);
|
|
67
|
+
this.tracingManager.addMarkerToCurrentSpan("auth.authenticator-resolved", {
|
|
68
|
+
authenticator: instantiatedAuthenticator.constructor.name,
|
|
69
|
+
});
|
|
60
70
|
identity = yield instantiatedAuthenticator.authenticate(request);
|
|
61
71
|
if (identity == undefined) {
|
|
72
|
+
this.tracingManager.addMarkerToCurrentSpan("auth.identity-not-found", {
|
|
73
|
+
authenticator: instantiatedAuthenticator.constructor.name,
|
|
74
|
+
});
|
|
62
75
|
return identity;
|
|
63
76
|
}
|
|
64
|
-
|
|
77
|
+
this.tracingManager.addMarkerToCurrentSpan("auth.identity-resolved", {
|
|
78
|
+
authenticator: instantiatedAuthenticator.constructor.name,
|
|
79
|
+
identityId: (_a = identity.id) !== null && _a !== void 0 ? _a : "(no id)",
|
|
80
|
+
});
|
|
81
|
+
// Loop over the identity providers, wrapping each call in its own span so per-provider
|
|
82
|
+
// latency (often DB / external lookups to enrich the identity) is visible in the trace
|
|
83
|
+
// tree alongside the authenticator's own span.
|
|
65
84
|
for (const identityProvider of this.identityProviders) {
|
|
66
|
-
|
|
85
|
+
const providerSpan = this.tracingManager.startSpan(`identity-provider.${identityProvider.constructor.name}`);
|
|
86
|
+
try {
|
|
87
|
+
identity = yield identityProvider.provide(identity);
|
|
88
|
+
}
|
|
89
|
+
finally {
|
|
90
|
+
providerSpan.end();
|
|
91
|
+
}
|
|
67
92
|
}
|
|
68
93
|
}
|
|
69
94
|
catch (e) {
|
|
95
|
+
this.tracingManager.addMarkerToCurrentSpan("auth.error", {
|
|
96
|
+
errorName: (_b = e === null || e === void 0 ? void 0 : e.name) !== null && _b !== void 0 ? _b : "Error",
|
|
97
|
+
errorMessage: (_c = e === null || e === void 0 ? void 0 : e.message) !== null && _c !== void 0 ? _c : "Unknown error",
|
|
98
|
+
});
|
|
70
99
|
this.logHandler.error("AuthenticationManager: Error authenticating the request.", {
|
|
71
100
|
extra: { error: e }
|
|
72
101
|
});
|
|
@@ -97,7 +126,8 @@ AuthenticationManager = __decorate([
|
|
|
97
126
|
injectable(),
|
|
98
127
|
__param(0, injectAll(ServiceDefinitionTagEnum.IdentityProvider, { isOptional: true })),
|
|
99
128
|
__param(1, inject("LogHandlerInterface")),
|
|
100
|
-
|
|
129
|
+
__param(2, inject("TracingManagerInterface")),
|
|
130
|
+
__metadata("design:paramtypes", [Array, Object, Object, AuthenticatorFactory])
|
|
101
131
|
], AuthenticationManager);
|
|
102
132
|
export { AuthenticationManager };
|
|
103
133
|
//# sourceMappingURL=authentication.manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authentication.manager.js","sourceRoot":"","sources":["../../../../src/managers/authentication.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAE5E,OAAO,EAAoB,YAAY,EAAE,OAAO,EAAE,wBAAwB,EAAE,GAAG,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"authentication.manager.js","sourceRoot":"","sources":["../../../../src/managers/authentication.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAE5E,OAAO,EAAoB,YAAY,EAAE,OAAO,EAAE,wBAAwB,EAAE,GAAG,EAAE,MAAM,EAA0B,MAAM,qBAAqB,CAAC;AAI7I,OAAO,EAAC,oBAAoB,EAAC,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAC,qBAAqB,EAAC,MAAM,4BAA4B,CAAC;AAEjE,OAAO,EAAC,4BAA4B,EAAC,MAAM,uCAAuC,CAAC;AAEnF;;;GAGG;AAII,IAAM,qBAAqB,GAA3B,MAAM,qBAAqB;IAEhC;;;;;;OAMG;IACH,YAC6F,iBAA8C,EACzF,UAA+B,EAC3B,cAAuC,EAC1E,oBAA0C;QAHgC,sBAAiB,GAAjB,iBAAiB,CAA6B;QACzF,eAAU,GAAV,UAAU,CAAqB;QAC3B,mBAAc,GAAd,cAAc,CAAyB;QAC1E,yBAAoB,GAApB,oBAAoB,CAAsB;IAC7D,CAAC;IAED;;;;;;;;OAQG;IAEU,YAAY,CAAC,OAAgB,EAAE,YAAiB,EAAE,SAA8B;;;YAC3F,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,4BAA4B,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC9E,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,uBAAuB,CAAC,CAAC;gBACpE,OAAO,SAAS,CAAC;YACnB,CAAC;YAED,MAAM,aAAa,GAAG,YAAY,CAAC,4BAA4B,CAAC,CAAC;YAEjE,IAAI,QAAuC,CAAC;YAE5C,MAAM,oBAAoB,GAAkC,aAAa,CAAC;YAE1E,IAAI,CAAC;gBACH,MAAM,yBAAyB,GAA2B,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;gBAEjI,MAAM,yBAAyB,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;gBAEjE,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,6BAA6B,EAAE;oBACxE,aAAa,EAAE,yBAAyB,CAAC,WAAW,CAAC,IAAI;iBAC1D,CAAC,CAAC;gBAEH,QAAQ,GAAG,MAAM,yBAAyB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;gBAEjE,IAAI,QAAQ,IAAI,SAAS,EAAE,CAAC;oBAC1B,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,yBAAyB,EAAE;wBACpE,aAAa,EAAE,yBAAyB,CAAC,WAAW,CAAC,IAAI;qBAC1D,CAAC,CAAC;oBACH,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAED,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,wBAAwB,EAAE;oBACnE,aAAa,EAAE,yBAAyB,CAAC,WAAW,CAAC,IAAI;oBACzD,UAAU,EAAE,MAAA,QAAQ,CAAC,EAAE,mCAAI,SAAS;iBACrC,CAAC,CAAC;gBAEH,uFAAuF;gBACvF,uFAAuF;gBACvF,+CAA+C;gBAC/C,KAAK,MAAM,gBAAgB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBACtD,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,qBAAqB,gBAAgB,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;oBAC7G,IAAI,CAAC;wBACH,QAAQ,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;oBACtD,CAAC;4BAAS,CAAC;wBACT,YAAY,CAAC,GAAG,EAAE,CAAC;oBACrB,CAAC;gBACH,CAAC;YAEH,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,YAAY,EAAE;oBACvD,SAAS,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI,mCAAI,OAAO;oBAC7B,YAAY,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,mCAAI,eAAe;iBAC5C,CAAC,CAAC;gBACH,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,0DAA0D,EAAE;oBAChF,KAAK,EAAE,EAAC,KAAK,EAAE,CAAC,EAAC;iBAClB,CAAC,CAAC;gBACH,MAAM,CAAC,CAAC;YACV,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,kCAAkC,EAAE;gBACvD,UAAU,EAAE;oBACV,QAAQ;iBACT;gBACD,KAAK,EAAE;oBACL,OAAO;oBACP,YAAY;iBACb;aACF,CAAC,CAAA;YACF,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;CACF,CAAA;AArEc;IADZ,MAAM,EAAE;;qCAC0B,OAAO;;yDAoEzC;AA9FU,qBAAqB;IAHjC,YAAY,CAAC,qBAAqB,CAAC;IACnC,GAAG,CAAC,gCAAgC,CAAC;IACrC,UAAU,EAAE;IAWR,WAAA,SAAS,CAAC,wBAAwB,CAAC,gBAAgB,EAAE,EAAC,UAAU,EAAE,IAAI,EAAC,CAAC,CAAA;IACxE,WAAA,MAAM,CAAC,qBAAqB,CAAC,CAAA;IAC7B,WAAA,MAAM,CAAC,yBAAyB,CAAC,CAAA;4DACK,oBAAoB;GAblD,qBAAqB,CA+FjC"}
|
|
@@ -32,14 +32,18 @@ let AuthorizerManager = class AuthorizerManager {
|
|
|
32
32
|
/**
|
|
33
33
|
* The authorizer manager provides authorization by authorizing the action.
|
|
34
34
|
* @param logHandler The log handler to output logs.
|
|
35
|
+
* @param tracingManager The tracing manager used to attach markers per guard decision.
|
|
35
36
|
* @param guardFactory The factory to create the guard.
|
|
36
37
|
*/
|
|
37
|
-
constructor(logHandler, guardFactory) {
|
|
38
|
+
constructor(logHandler, tracingManager, guardFactory) {
|
|
38
39
|
this.logHandler = logHandler;
|
|
40
|
+
this.tracingManager = tracingManager;
|
|
39
41
|
this.guardFactory = guardFactory;
|
|
40
42
|
}
|
|
41
43
|
/**
|
|
42
|
-
* Returns whether or not the request is authorized to access the route.
|
|
44
|
+
* Returns whether or not the request is authorized to access the route. Drops one marker
|
|
45
|
+
* per guard (`authz.guard-decision` with the guard's class name and `allow`/`deny`/`error`)
|
|
46
|
+
* so the trace shows which guard was the deciding one.
|
|
43
47
|
* @param request The request to authorize.
|
|
44
48
|
* @param routeContext The route context.
|
|
45
49
|
* @param container The dependency container to resolve the guard from.
|
|
@@ -47,26 +51,38 @@ let AuthorizerManager = class AuthorizerManager {
|
|
|
47
51
|
*/
|
|
48
52
|
isAuthorized(request, routeContext, container, identity) {
|
|
49
53
|
return __awaiter(this, void 0, void 0, function* () {
|
|
50
|
-
var _a, _b, _c;
|
|
54
|
+
var _a, _b, _c, _d;
|
|
51
55
|
if (!routeContext || routeContext[guardMetadataKeyname] === undefined || Array.isArray(routeContext[guardMetadataKeyname]) === false) {
|
|
56
|
+
this.tracingManager.addMarkerToCurrentSpan("authz.no-guards");
|
|
52
57
|
return true;
|
|
53
58
|
}
|
|
54
59
|
const guards = routeContext[guardMetadataKeyname];
|
|
55
60
|
let isAuthorized = true;
|
|
56
61
|
for (const guardContext of guards) {
|
|
62
|
+
let guardName = "(unknown guard)";
|
|
57
63
|
try {
|
|
58
64
|
const instantiatedGuard = this.guardFactory.fromContext(guardContext, container);
|
|
65
|
+
guardName = instantiatedGuard.constructor.name;
|
|
59
66
|
yield instantiatedGuard.setContext(guardContext);
|
|
60
67
|
const didAuthorize = yield instantiatedGuard.isAuthorized(request, identity);
|
|
68
|
+
this.tracingManager.addMarkerToCurrentSpan("authz.guard-decision", {
|
|
69
|
+
guard: guardName,
|
|
70
|
+
decision: didAuthorize ? "allow" : "deny",
|
|
71
|
+
});
|
|
61
72
|
isAuthorized = isAuthorized && didAuthorize;
|
|
62
73
|
}
|
|
63
74
|
catch (e) {
|
|
75
|
+
this.tracingManager.addMarkerToCurrentSpan("authz.guard-decision", {
|
|
76
|
+
guard: guardName,
|
|
77
|
+
decision: "error",
|
|
78
|
+
errorMessage: (_a = e === null || e === void 0 ? void 0 : e.message) !== null && _a !== void 0 ? _a : "Unknown error",
|
|
79
|
+
});
|
|
64
80
|
this.logHandler.error("AuthorizerManager: Error while authorizing the request.", {
|
|
65
81
|
highlights: {
|
|
66
|
-
errorMessage: (
|
|
82
|
+
errorMessage: (_b = e === null || e === void 0 ? void 0 : e.message) !== null && _b !== void 0 ? _b : "Unknown error",
|
|
67
83
|
requestUrl: `${request.httpMethod} ${request.url}`,
|
|
68
|
-
identityId: (
|
|
69
|
-
identityClaims: (
|
|
84
|
+
identityId: (_c = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _c !== void 0 ? _c : "No Identity Id found",
|
|
85
|
+
identityClaims: (_d = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _d !== void 0 ? _d : "No claims found",
|
|
70
86
|
},
|
|
71
87
|
extra: {
|
|
72
88
|
error: e,
|
|
@@ -96,7 +112,8 @@ AuthorizerManager = __decorate([
|
|
|
96
112
|
tag("AuthorizerManagerInterface"),
|
|
97
113
|
injectable(),
|
|
98
114
|
__param(0, inject("LogHandlerInterface")),
|
|
99
|
-
|
|
115
|
+
__param(1, inject("TracingManagerInterface")),
|
|
116
|
+
__metadata("design:paramtypes", [Object, Object, GuardFactory])
|
|
100
117
|
], AuthorizerManager);
|
|
101
118
|
export { AuthorizerManager };
|
|
102
119
|
//# sourceMappingURL=authorizer.manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorizer.manager.js","sourceRoot":"","sources":["../../../../src/managers/authorizer.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAC,MAAM,UAAU,CAAC;AAEjE,OAAO,EAAoB,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"authorizer.manager.js","sourceRoot":"","sources":["../../../../src/managers/authorizer.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAsB,MAAM,EAAE,UAAU,EAAC,MAAM,UAAU,CAAC;AAEjE,OAAO,EAAoB,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAA0B,MAAM,qBAAqB,CAAC;AAEnH,OAAO,EAAC,YAAY,EAAC,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAC,qBAAqB,EAAC,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAC,oBAAoB,EAAC,MAAM,+BAA+B,CAAC;AAEnE;;;GAGG;AAII,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAE5B;;;;;OAKG;IACH,YAAmE,UAA+B,EAC3B,cAAuC,EAC1E,YAA0B;QAFK,eAAU,GAAV,UAAU,CAAqB;QAC3B,mBAAc,GAAd,cAAc,CAAyB;QAC1E,iBAAY,GAAZ,YAAY,CAAc;IAC9D,CAAC;IAED;;;;;;;;OAQG;IAEU,YAAY,CAAC,OAAgB,EAAE,YAAiB,EAAE,SAA8B,EAAE,QAA4B;;;YACzH,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,oBAAoB,CAAC,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;gBACrI,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,CAAC;gBAC9D,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,MAAM,GAAG,YAAY,CAAC,oBAAoB,CAAC,CAAC;YAElD,IAAI,YAAY,GAAG,IAAI,CAAC;YAExB,KAAK,MAAM,YAAY,IAAI,MAAM,EAAE,CAAC;gBAClC,IAAI,SAAS,GAAG,iBAAiB,CAAC;gBAClC,IAAI,CAAC;oBACH,MAAM,iBAAiB,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;oBACjF,SAAS,GAAG,iBAAiB,CAAC,WAAW,CAAC,IAAI,CAAC;oBAE/C,MAAM,iBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;oBAEjD,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;oBAC7E,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,sBAAsB,EAAE;wBACjE,KAAK,EAAE,SAAS;wBAChB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;qBAC1C,CAAC,CAAC;oBACH,YAAY,GAAG,YAAY,IAAI,YAAY,CAAC;gBAC9C,CAAC;gBAAC,OAAO,CAAM,EAAE,CAAC;oBAChB,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,sBAAsB,EAAE;wBACjE,KAAK,EAAE,SAAS;wBAChB,QAAQ,EAAE,OAAO;wBACjB,YAAY,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,mCAAI,eAAe;qBAC5C,CAAC,CAAC;oBACH,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,yDAAyD,EAAE;wBAC/E,UAAU,EAAE;4BACV,YAAY,EAAE,MAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,mCAAI,eAAe;4BAC3C,UAAU,EAAE,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE;4BAClD,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;yBACtD;wBACD,KAAK,EAAE;4BACL,KAAK,EAAE,CAAC;4BACR,OAAO;4BACP,QAAQ;yBACT;qBACF,CAAC,CAAC;oBACH,YAAY,GAAG,KAAK,CAAC;gBACvB,CAAC;YACH,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE;gBACtC,UAAU,EAAE,EAAC,YAAY,EAAC;gBAC1B,KAAK,EAAE,EAAC,OAAO,EAAE,YAAY,EAAC;aAC/B,CAAC,CAAC;YAEH,OAAO,YAAY,CAAC;QACtB,CAAC;KAAA;CACF,CAAA;AAtDc;IADZ,MAAM,EAAE;;qCAC0B,OAAO;;qDAqDzC;AA5EU,iBAAiB;IAH7B,YAAY,CAAC,qBAAqB,CAAC;IACnC,GAAG,CAAC,4BAA4B,CAAC;IACjC,UAAU,EAAE;IASS,WAAA,MAAM,CAAC,qBAAqB,CAAC,CAAA;IAC7B,WAAA,MAAM,CAAC,yBAAyB,CAAC,CAAA;qDACH,YAAY;GAVnD,iBAAiB,CA6E7B"}
|
|
@@ -22,7 +22,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
22
22
|
import { inject, injectable, injectAll } from "tsyringe";
|
|
23
23
|
import { VotingStrategyEnum } from "../enums/voting-strategy.enum";
|
|
24
24
|
import { VoteEnum } from "../enums/vote.enum";
|
|
25
|
-
import { ServiceDefinitionTagEnum } from "@pristine-ts/common";
|
|
25
|
+
import { ServiceDefinitionTagEnum, traced } from "@pristine-ts/common";
|
|
26
26
|
/**
|
|
27
27
|
* The permission manager verifies if the correct permission are there to access and take an action on a resource.
|
|
28
28
|
*/
|
|
@@ -32,13 +32,18 @@ let PermissionManager = class PermissionManager {
|
|
|
32
32
|
* @param voters The voters that determine if access is granted.
|
|
33
33
|
* All services with the tag ServiceDefinitionTagEnum.Voter will be injected here
|
|
34
34
|
* @param logHandler The log handler to output logs.
|
|
35
|
+
* @param tracingManager The tracing manager used to attach markers for the voting decisions.
|
|
35
36
|
*/
|
|
36
|
-
constructor(voters, logHandler) {
|
|
37
|
+
constructor(voters, logHandler, tracingManager) {
|
|
37
38
|
this.voters = voters;
|
|
38
39
|
this.logHandler = logHandler;
|
|
40
|
+
this.tracingManager = tracingManager;
|
|
39
41
|
}
|
|
40
42
|
/**
|
|
41
|
-
* Returns whether or not the permission manager grants access to the resource.
|
|
43
|
+
* Returns whether or not the permission manager grants access to the resource. Drops one
|
|
44
|
+
* marker per voter (`permission.voter-vote` with `{voter, vote}`) so the trace shows which
|
|
45
|
+
* voter swung the decision. `@traced()` puts the whole call in its own span so the
|
|
46
|
+
* voting work is visible in the trace tree alongside auth/authz.
|
|
42
47
|
* @param identity The identity trying to have access to a resource.
|
|
43
48
|
* @param action The action trying to be executed on the resource.
|
|
44
49
|
* @param resource The resource being accessed.
|
|
@@ -46,8 +51,9 @@ let PermissionManager = class PermissionManager {
|
|
|
46
51
|
*/
|
|
47
52
|
hasAccessToResource(identity_1, action_1, resource_1) {
|
|
48
53
|
return __awaiter(this, arguments, void 0, function* (identity, action, resource, votingStrategy = VotingStrategyEnum.DenyOnUnanimousAbstention) {
|
|
49
|
-
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o;
|
|
54
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p;
|
|
50
55
|
if (this.voters.length === 0) {
|
|
56
|
+
this.tracingManager.addMarkerToCurrentSpan("permission.no-voters");
|
|
51
57
|
this.logHandler.warning("PermissionManager: No voters were found, this could lead to unexpected behavior. Make sure that you have registered voters in your application.", {
|
|
52
58
|
highlights: {
|
|
53
59
|
identityId: (_a = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _a !== void 0 ? _a : "No Identity Id found",
|
|
@@ -81,6 +87,10 @@ let PermissionManager = class PermissionManager {
|
|
|
81
87
|
}
|
|
82
88
|
try {
|
|
83
89
|
const vote = yield voter.vote(identity, action, resource);
|
|
90
|
+
this.tracingManager.addMarkerToCurrentSpan("permission.voter-vote", {
|
|
91
|
+
voter: voter.constructor.name,
|
|
92
|
+
vote: String(vote),
|
|
93
|
+
});
|
|
84
94
|
const message = "PermissionManager: Voter " + voter.constructor.name + " voted: " + vote;
|
|
85
95
|
if (vote === VoteEnum.Deny) { // When it's being denied, it usually mean that something is important to be noticed.
|
|
86
96
|
this.logHandler.info(message, {
|
|
@@ -117,11 +127,16 @@ let PermissionManager = class PermissionManager {
|
|
|
117
127
|
votes.push(vote);
|
|
118
128
|
}
|
|
119
129
|
catch (error) {
|
|
130
|
+
this.tracingManager.addMarkerToCurrentSpan("permission.voter-vote", {
|
|
131
|
+
voter: voter.constructor.name,
|
|
132
|
+
vote: "error",
|
|
133
|
+
errorMessage: (_j = error === null || error === void 0 ? void 0 : error.message) !== null && _j !== void 0 ? _j : "Unknown error",
|
|
134
|
+
});
|
|
120
135
|
this.logHandler.error("PermissionManager: Error while voting, please check the logs for more details.", {
|
|
121
136
|
highlights: {
|
|
122
|
-
errorMessage: (
|
|
123
|
-
identityId: (
|
|
124
|
-
identityClaims: (
|
|
137
|
+
errorMessage: (_k = error.message) !== null && _k !== void 0 ? _k : "Unknown error",
|
|
138
|
+
identityId: (_l = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _l !== void 0 ? _l : "No Identity Id found",
|
|
139
|
+
identityClaims: (_m = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _m !== void 0 ? _m : "No claims found",
|
|
125
140
|
action,
|
|
126
141
|
voter: voter.constructor.name,
|
|
127
142
|
},
|
|
@@ -145,8 +160,8 @@ let PermissionManager = class PermissionManager {
|
|
|
145
160
|
highlights: {
|
|
146
161
|
resourceName: resource.constructor.name,
|
|
147
162
|
access: shouldGrantAccess ? "GRANTED" : "DENIED",
|
|
148
|
-
identityId: (
|
|
149
|
-
identityClaims: (
|
|
163
|
+
identityId: (_o = identity === null || identity === void 0 ? void 0 : identity.id) !== null && _o !== void 0 ? _o : "No Identity Id found",
|
|
164
|
+
identityClaims: (_p = identity === null || identity === void 0 ? void 0 : identity.claims) !== null && _p !== void 0 ? _p : "No claims found",
|
|
150
165
|
}, extra: {
|
|
151
166
|
identity,
|
|
152
167
|
resource,
|
|
@@ -157,11 +172,18 @@ let PermissionManager = class PermissionManager {
|
|
|
157
172
|
});
|
|
158
173
|
}
|
|
159
174
|
};
|
|
175
|
+
__decorate([
|
|
176
|
+
traced(),
|
|
177
|
+
__metadata("design:type", Function),
|
|
178
|
+
__metadata("design:paramtypes", [Object, String, Object, String]),
|
|
179
|
+
__metadata("design:returntype", Promise)
|
|
180
|
+
], PermissionManager.prototype, "hasAccessToResource", null);
|
|
160
181
|
PermissionManager = __decorate([
|
|
161
182
|
injectable(),
|
|
162
183
|
__param(0, injectAll(ServiceDefinitionTagEnum.Voter)),
|
|
163
184
|
__param(1, inject("LogHandlerInterface")),
|
|
164
|
-
|
|
185
|
+
__param(2, inject("TracingManagerInterface")),
|
|
186
|
+
__metadata("design:paramtypes", [Array, Object, Object])
|
|
165
187
|
], PermissionManager);
|
|
166
188
|
export { PermissionManager };
|
|
167
189
|
//# sourceMappingURL=permission.manager.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permission.manager.js","sourceRoot":"","sources":["../../../../src/managers/permission.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAEvD,OAAO,EAAC,kBAAkB,EAAC,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAC,QAAQ,EAAC,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAoB,wBAAwB,
|
|
1
|
+
{"version":3,"file":"permission.manager.js","sourceRoot":"","sources":["../../../../src/managers/permission.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,EAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAC,MAAM,UAAU,CAAC;AAEvD,OAAO,EAAC,kBAAkB,EAAC,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAC,QAAQ,EAAC,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAoB,wBAAwB,EAAE,MAAM,EAA0B,MAAM,qBAAqB,CAAC;AAGjH;;GAEG;AAEI,IAAM,iBAAiB,GAAvB,MAAM,iBAAiB;IAE5B;;;;;;OAMG;IACH,YAA+E,MAAwB,EACpC,UAA+B,EAC3B,cAAuC;QAF/B,WAAM,GAAN,MAAM,CAAkB;QACpC,eAAU,GAAV,UAAU,CAAqB;QAC3B,mBAAc,GAAd,cAAc,CAAyB;IAC9G,CAAC;IAED;;;;;;;;;OASG;IAEG,mBAAmB;6DAAC,QAA2B,EAAE,MAAc,EAAE,QAAgB,EAAE,iBAAqC,kBAAkB,CAAC,yBAAyB;;YACxK,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7B,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,sBAAsB,CAAC,CAAC;gBACnE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,iJAAiJ,EAAE;oBACzK,UAAU,EAAE;wBACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;wBAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;wBACrD,MAAM;qBACP;oBACD,KAAK,EAAE;wBACL,QAAQ;wBACR,QAAQ;wBACR,cAAc;qBACf;iBACF,CAAC,CAAC;YACL,CAAC;YAED,MAAM,KAAK,GAAe,EAAE,CAAC;YAE7B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,KAAK,EAAE,CAAC;oBACvC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,0DAA0D,EAAE;wBAChF,UAAU,EAAE;4BACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;4BACrD,MAAM;4BACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;yBAC9B;wBACD,KAAK,EAAE;4BACL,QAAQ;4BACR,QAAQ;4BACR,cAAc;yBACf;qBACF,CAAC,CAAC;oBACH,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;oBAC1D,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,uBAAuB,EAAE;wBAClE,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;wBAC7B,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;qBACnB,CAAC,CAAC;oBACH,MAAM,OAAO,GAAG,2BAA2B,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,GAAG,UAAU,GAAG,IAAI,CAAC;oBAEzF,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,qFAAqF;wBACjH,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE;4BAC5B,UAAU,EAAE;gCACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;gCAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;gCACrD,MAAM;gCACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;gCAC7B,IAAI;6BACL;4BACD,KAAK,EAAE;gCACL,QAAQ;gCACR,QAAQ;gCACR,cAAc;6BACf;yBACF,CAAC,CAAA;oBACJ,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE;4BAC7B,UAAU,EAAE;gCACV,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;gCAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;gCACrD,MAAM;gCACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;gCAC7B,IAAI;6BACL;4BACD,KAAK,EAAE;gCACL,QAAQ;gCACR,QAAQ;gCACR,cAAc;6BACf;yBACF,CAAC,CAAC;oBACL,CAAC;oBAED,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,CAAC;gBAAC,OAAO,KAAU,EAAE,CAAC;oBACpB,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,uBAAuB,EAAE;wBAClE,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;wBAC7B,IAAI,EAAE,OAAO;wBACb,YAAY,EAAE,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,mCAAI,eAAe;qBAChD,CAAC,CAAC;oBACH,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,gFAAgF,EAAE;wBACtG,UAAU,EAAE;4BACV,YAAY,EAAE,MAAA,KAAK,CAAC,OAAO,mCAAI,eAAe;4BAC9C,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;4BAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;4BACrD,MAAM;4BACN,KAAK,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI;yBAC9B;wBACD,KAAK,EAAE;4BACL,KAAK;4BACL,QAAQ;4BACR,QAAQ;4BACR,cAAc;yBACf;qBACF,CAAC,CAAC;oBACH,MAAM,KAAK,CAAC;gBACd,CAAC;YAEH,CAAC;YAED,IAAI,iBAAiB,GAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEhE,IAAI,cAAc,KAAK,kBAAkB,CAAC,yBAAyB,EAAE,CAAC;gBACpE,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,KAAK,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3E,iBAAiB,GAAG,KAAK,CAAC;gBAC5B,CAAC;YACH,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,wCAAwC,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,GAAG,OAAO,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE;gBACjJ,UAAU,EAAE;oBACV,YAAY,EAAE,QAAQ,CAAC,WAAW,CAAC,IAAI;oBACvC,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;oBAChD,UAAU,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,EAAE,mCAAI,sBAAsB;oBAClD,cAAc,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,mCAAI,iBAAiB;iBACtD,EAAE,KAAK,EAAE;oBACR,QAAQ;oBACR,QAAQ;oBACR,cAAc;iBACf;aACF,CAAC,CAAC;YAEH,OAAO,iBAAiB,CAAC;QAC3B,CAAC;KAAA;CACF,CAAA;AA/HO;IADL,MAAM,EAAE;;;;4DA+HR;AAvJU,iBAAiB;IAD7B,UAAU,EAAE;IAUS,WAAA,SAAS,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAA;IACzC,WAAA,MAAM,CAAC,qBAAqB,CAAC,CAAA;IAC7B,WAAA,MAAM,CAAC,yBAAyB,CAAC,CAAA;;GAX1C,iBAAiB,CAwJ7B"}
|