@restorecommerce/acs-client 0.4.19 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/CHANGELOG.md +17 -0
  2. package/lib/acs/authz.d.ts +8 -7
  3. package/lib/acs/authz.js +76 -88
  4. package/lib/acs/authz.js.map +1 -1
  5. package/lib/acs/interfaces.d.ts +70 -16
  6. package/lib/acs/interfaces.js +16 -1
  7. package/lib/acs/interfaces.js.map +1 -1
  8. package/lib/acs/resolver.d.ts +14 -17
  9. package/lib/acs/resolver.js +75 -96
  10. package/lib/acs/resolver.js.map +1 -1
  11. package/lib/utils.d.ts +32 -3
  12. package/lib/utils.js +171 -5
  13. package/lib/utils.js.map +1 -1
  14. package/package.json +7 -10
  15. package/tsconfig.json +0 -1
package/CHANGELOG.md CHANGED
@@ -3,6 +3,23 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
5
5
 
6
+ ## 0.5.3 (November 23rd, 2021)
7
+
8
+ - fix filter value from condition for postgres DB
9
+
10
+ ## 0.5.2 (November 22nd, 2021)
11
+
12
+ - fix for resource namespace for filter mapping
13
+
14
+ ## 0.5.1 (November 19th, 2021)
15
+
16
+ - fix for resource namespace when creating request target resources
17
+
18
+ ## 0.5.0 (November 18th, 2021)
19
+
20
+ - modified accessRequest to match the ABAC doc with subject, resource and action
21
+ - added support for multiple entities for both isAllowed and whatIsAllowed
22
+
6
23
  ## [0.4.19](https://github.com/restorecommerce/libs/compare/@restorecommerce/acs-client@0.4.18...@restorecommerce/acs-client@0.4.19) (2021-11-08)
7
24
 
8
25
  **Note:** Version bump only for package @restorecommerce/acs-client
package/lib/acs/authz.d.ts CHANGED
@@ -1,10 +1,10 @@
1
- import { AuthZContext, Attribute, AuthZAction, AuthZTarget, AuthZWhatIsAllowedTarget, IAuthZ, NoAuthTarget, NoAuthWhatIsAllowedTarget, Request, Resource, Subject, DecisionResponse, PolicySetRQResponse } from './interfaces';
1
+ import { AuthZContext, Attribute, AuthZAction, AuthZTarget, AuthZWhatIsAllowedTarget, IAuthZ, NoAuthTarget, NoAuthWhatIsAllowedTarget, Request, Subject, DecisionResponse, PolicySetRQResponse, ACSClientContext, Resource } from './interfaces';
2
2
  export declare type Authorizer = ACSAuthZ;
3
3
  export declare let authZ: Authorizer;
4
4
  export declare const createActionTarget: (action: any) => Attribute[];
5
5
  export declare const createSubjectTarget: (subject: Subject) => Attribute[];
6
- export declare const createResourceTarget: (resources: Resource[], action: AuthZAction | AuthZAction[]) => Attribute[];
7
- export declare const createResourceTargetWhatIsAllowed: (resources: Resource[]) => Attribute[];
6
+ export declare const formatResourceType: (type: string, namespacePrefix?: string) => string;
7
+ export declare const createResourceTarget: (resource: Resource[], action: AuthZAction) => Attribute[];
8
8
  export declare class UnAuthZ implements IAuthZ {
9
9
  acs: any;
10
10
  /**
@@ -12,8 +12,9 @@ export declare class UnAuthZ implements IAuthZ {
12
12
  * @param acs Access Control Service definition (gRPC)
13
13
  */
14
14
  constructor(acs: any);
15
- isAllowed(request: Request<NoAuthTarget, AuthZContext>, useCache: any): Promise<DecisionResponse>;
16
- whatIsAllowed(request: Request<NoAuthWhatIsAllowedTarget, AuthZContext>, useCache: any): Promise<PolicySetRQResponse>;
15
+ private encode;
16
+ isAllowed(request: Request<NoAuthTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean): Promise<DecisionResponse>;
17
+ whatIsAllowed(request: Request<NoAuthWhatIsAllowedTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean): Promise<PolicySetRQResponse>;
17
18
  }
18
19
  /**
19
20
  * General authorizer. Marshalls data and requests access to the Access Control Service (ACS).
@@ -32,14 +33,14 @@ export declare class ACSAuthZ implements IAuthZ {
32
33
  * @param useCache
33
34
  * @returns {DecisionResponse}
34
35
  */
35
- isAllowed(request: Request<AuthZTarget, AuthZContext>, useCache: any): Promise<DecisionResponse>;
36
+ isAllowed(request: Request<AuthZTarget, AuthZContext>, ctx: ACSClientContext, useCache: any): Promise<DecisionResponse>;
36
37
  /**
37
38
  * Perform request to access-control-srv
38
39
  * @param request - authZRequest containing subject, resource and action
39
40
  * @returns {PolicySetRQ}
40
41
  * @param resource
41
42
  */
42
- whatIsAllowed(request: Request<AuthZWhatIsAllowedTarget, AuthZContext>, useCache: any): Promise<PolicySetRQResponse>;
43
+ whatIsAllowed(request: Request<AuthZWhatIsAllowedTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean): Promise<PolicySetRQResponse>;
43
44
  private encode;
44
45
  prepareRequest(request: Request<AuthZTarget | AuthZWhatIsAllowedTarget, AuthZContext>): any;
45
46
  }
package/lib/acs/authz.js CHANGED
@@ -9,7 +9,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
9
9
  });
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
- exports.initAuthZ = exports.ACSAuthZ = exports.UnAuthZ = exports.createResourceTargetWhatIsAllowed = exports.createResourceTarget = exports.createSubjectTarget = exports.createActionTarget = exports.authZ = void 0;
12
+ exports.initAuthZ = exports.ACSAuthZ = exports.UnAuthZ = exports.createResourceTarget = exports.formatResourceType = exports.createSubjectTarget = exports.createActionTarget = exports.authZ = void 0;
13
13
  const _ = require("lodash");
14
14
  const interfaces_1 = require("./interfaces");
15
15
  const grpc_client_1 = require("@restorecommerce/grpc-client");
@@ -81,66 +81,67 @@ const formatResourceType = (type, namespacePrefix) => {
81
81
  return `${prefix}.${suffix}`;
82
82
  }
83
83
  };
84
- const createResourceTarget = (resources, action) => {
84
+ exports.formatResourceType = formatResourceType;
85
+ const createResourceTarget = (resource, action) => {
85
86
  const flattened = [];
86
- resources.forEach((resource) => {
87
+ resource.forEach((resourceObj) => {
87
88
  if (action != interfaces_1.AuthZAction.EXECUTE) {
88
- const resourceType = formatResourceType(resource.type, resource.namespace);
89
+ let resourcenameNameSpace = resourceObj.resource;
90
+ let resourceInstance = resourceObj.id;
91
+ let resourceProperty = resourceObj.property;
92
+ let resourceNameSpace, resourceName;
93
+ if (resourcenameNameSpace && resourcenameNameSpace.indexOf('.') > -1) {
94
+ resourceNameSpace = resourcenameNameSpace.slice(0, resourcenameNameSpace.lastIndexOf('.'));
95
+ // resource name from `.` till end, when no end index is specified for
96
+ // slice api it returns till end of string
97
+ resourceName = resourcenameNameSpace.slice(resourcenameNameSpace.lastIndexOf('.') + 1);
98
+ }
99
+ else {
100
+ resourceName = resourcenameNameSpace;
101
+ }
102
+ // entity - urn:restorecommerce:acs:names:model:entity
103
+ const resourceType = exports.formatResourceType(resourceName, resourceNameSpace);
89
104
  if (resourceType) {
90
105
  flattened.push({
91
106
  id: urns.entity,
92
107
  value: urns.model + `:${resourceType}`
93
108
  });
94
109
  }
95
- if (resource.instance && resource.instance.id) {
110
+ // resource-id - urn:oasis:names:tc:xacml:1.0:resource:resource-id
111
+ if (resourceInstance && typeof resourceInstance === 'string') {
96
112
  flattened.push({
97
113
  id: urns.resourceID,
98
- value: resource.instance.id
114
+ value: resourceInstance
99
115
  });
100
116
  }
101
- if (resource.fields) {
102
- resource.fields.forEach((field) => {
117
+ else if (resourceInstance && _.isArray(resourceInstance) && resourceInstance.length > 0) {
118
+ resourceInstance.forEach((instance) => {
103
119
  flattened.push({
104
- id: urns.property,
105
- value: urns.model + `:${resourceType}#${field}`
120
+ id: urns.resourceID,
121
+ value: instance
106
122
  });
107
123
  });
108
124
  }
109
- }
110
- else {
111
- resources.forEach((resource) => {
112
- flattened.push({
113
- id: urns.operation,
114
- value: resource.type
115
- });
116
- });
117
- }
118
- });
119
- return flattened;
120
- };
121
- exports.createResourceTarget = createResourceTarget;
122
- const createResourceTargetWhatIsAllowed = (resources) => {
123
- const flattened = [];
124
- resources.forEach((resource) => {
125
- const resourceType = formatResourceType(resource.type, resource.namespace);
126
- if (resource.type.startsWith('mutation') || resource.type.startsWith('query')) {
127
- resources.forEach((resource) => {
128
- flattened.push({
129
- id: urns.operation,
130
- value: resource.type
125
+ // property - urn:restorecommerce:acs:names:model:property
126
+ if (resourceProperty && _.isArray(resourceProperty) && resourceProperty.length > 0) {
127
+ resourceProperty.forEach((property) => {
128
+ flattened.push({
129
+ id: urns.property,
130
+ value: urns.model + `:${resourceType}#${property}`
131
+ });
131
132
  });
132
- });
133
+ }
133
134
  }
134
135
  else {
135
136
  flattened.push({
136
- id: urns.entity,
137
- value: urns.model + `:${resourceType}`
137
+ id: urns.operation,
138
+ value: resourceObj.resource
138
139
  });
139
140
  }
140
141
  });
141
142
  return flattened;
142
143
  };
143
- exports.createResourceTargetWhatIsAllowed = createResourceTargetWhatIsAllowed;
144
+ exports.createResourceTarget = createResourceTarget;
144
145
  class UnAuthZ {
145
146
  /**
146
147
  *
@@ -149,15 +150,30 @@ class UnAuthZ {
149
150
  constructor(acs) {
150
151
  this.acs = acs;
151
152
  }
152
- isAllowed(request, useCache) {
153
+ encode(object) {
154
+ if (object) {
155
+ if (_.isArray(object)) {
156
+ return _.map(object, this.encode.bind(this));
157
+ }
158
+ else {
159
+ return {
160
+ value: Buffer.from(JSON.stringify(object))
161
+ };
162
+ }
163
+ }
164
+ }
165
+ isAllowed(request, ctx, useCache) {
153
166
  return __awaiter(this, void 0, void 0, function* () {
154
167
  const authZRequest = {
155
168
  target: {
156
169
  action: exports.createActionTarget(request.target.action),
157
170
  subject: exports.createSubjectTarget(request.target.subject),
158
- resources: exports.createResourceTarget(request.target.resources, request.target.action)
171
+ resources: exports.createResourceTarget(request.target.resource, request.target.action)
159
172
  },
160
- context: request.context
173
+ context: {
174
+ subject: this.encode(request.target.subject),
175
+ resources: this.encode(ctx.resources)
176
+ }
161
177
  };
162
178
  let response;
163
179
  try {
@@ -185,15 +201,18 @@ class UnAuthZ {
185
201
  return response;
186
202
  });
187
203
  }
188
- whatIsAllowed(request, useCache) {
204
+ whatIsAllowed(request, ctx, useCache) {
189
205
  return __awaiter(this, void 0, void 0, function* () {
190
206
  const authZRequest = {
191
207
  target: {
192
208
  action: exports.createActionTarget(request.target.action),
193
209
  subject: exports.createSubjectTarget(request.target.subject),
194
- resources: exports.createResourceTarget(request.target.resources, request.target.action)
210
+ resources: exports.createResourceTarget(request.target.resource, request.target.action)
195
211
  },
196
- context: request.context
212
+ context: {
213
+ subject: this.encode(request.target.subject),
214
+ resources: this.encode(ctx.resources)
215
+ }
197
216
  };
198
217
  let response;
199
218
  try {
@@ -240,7 +259,7 @@ class ACSAuthZ {
240
259
  * @param useCache
241
260
  * @returns {DecisionResponse}
242
261
  */
243
- isAllowed(request, useCache) {
262
+ isAllowed(request, ctx, useCache) {
244
263
  return __awaiter(this, void 0, void 0, function* () {
245
264
  const authZRequest = this.prepareRequest(request);
246
265
  authZRequest.context = {
@@ -248,25 +267,13 @@ class ACSAuthZ {
248
267
  resources: [],
249
268
  security: this.encode(request.context.security)
250
269
  };
251
- let resources = request.target.resources;
252
270
  const subject = { token: request.target.subject.token };
253
271
  let cachePrefix = 'ACSAuthZ';
254
272
  if (request.target.subject.id !== undefined) {
255
273
  cachePrefix = request.target.subject.id + ':' + cachePrefix;
256
274
  }
257
- if (request.target.action == 'CREATE' || request.target.action == 'MODIFY' || request.target.action == 'DELETE') {
258
- // insert temporary IDs into resources which are yet to be created if not present in input
259
- let counter = 0;
260
- resources = _.cloneDeep(request.target.resources).map((resource) => {
261
- if (_.isEmpty(resource.instance.id)) {
262
- resource.instance.id = String(counter++);
263
- resource.fields.push('id');
264
- }
265
- return resource;
266
- });
267
- }
268
275
  authZRequest.context.subject = this.encode(subject);
269
- authZRequest.context.resources = this.encode(resources);
276
+ authZRequest.context.resources = this.encode(ctx.resources);
270
277
  // for isAllowed we use the subject, action and resource fields .i.e. reqeust Target
271
278
  // since the context resources contains the values which would change for each
272
279
  // resource being created and should not be used in key when generating hash
@@ -305,7 +312,7 @@ class ACSAuthZ {
305
312
  * @returns {PolicySetRQ}
306
313
  * @param resource
307
314
  */
308
- whatIsAllowed(request, useCache) {
315
+ whatIsAllowed(request, ctx, useCache) {
309
316
  return __awaiter(this, void 0, void 0, function* () {
310
317
  const authZRequest = this.prepareRequest(request);
311
318
  authZRequest.context = {
@@ -313,14 +320,13 @@ class ACSAuthZ {
313
320
  resources: [],
314
321
  security: this.encode(request.context.security)
315
322
  };
316
- let resources = request.target.resources;
317
323
  const subject = { token: request.target.subject.token };
318
324
  let cachePrefix = 'ACSAuthZ';
319
325
  if (request.target.subject.id !== undefined) {
320
326
  cachePrefix = request.target.subject.id + ':' + cachePrefix;
321
327
  }
322
328
  authZRequest.context.subject = this.encode(subject);
323
- authZRequest.context.resources = this.encode(resources);
329
+ authZRequest.context.resources = this.encode(ctx.resources);
324
330
  let response;
325
331
  try {
326
332
  response = yield cache_1.getOrFill(authZRequest, (req) => __awaiter(this, void 0, void 0, function* () {
@@ -348,44 +354,26 @@ class ACSAuthZ {
348
354
  });
349
355
  }
350
356
  encode(object) {
351
- if (_.isArray(object)) {
352
- return _.map(object, this.encode.bind(this));
353
- }
354
- else {
355
- return {
356
- value: Buffer.from(JSON.stringify(object))
357
- };
357
+ if (object) {
358
+ if (_.isArray(object)) {
359
+ return _.map(object, this.encode.bind(this));
360
+ }
361
+ else {
362
+ return {
363
+ value: Buffer.from(JSON.stringify(object))
364
+ };
365
+ }
358
366
  }
359
367
  }
360
368
  prepareRequest(request) {
361
- let { subject, resources, action } = request.target;
362
- // this.reduceUserScope(subject);
369
+ let { subject, resource, action } = request.target;
363
370
  const authZRequest = {
364
371
  target: {
365
372
  action: exports.createActionTarget(action),
366
373
  subject: exports.createSubjectTarget(subject),
367
374
  },
368
375
  };
369
- if (_.isArray(action)) {
370
- // whatIsAllowed
371
- authZRequest.target.resources = exports.createResourceTargetWhatIsAllowed(resources);
372
- }
373
- else {
374
- // isAllowed
375
- if (request.target.action == 'CREATE' || request.target.action == 'MODIFY'
376
- || request.target.action == 'DELETE') {
377
- // insert temporary IDs into resources which are yet to be created
378
- let counter = 0;
379
- resources = _.cloneDeep(request.target.resources).map((resource) => {
380
- if (_.isEmpty(resource.instance.id)) {
381
- resource.instance.id = String(counter++);
382
- resource.fields.push('id');
383
- }
384
- return resource;
385
- });
386
- }
387
- authZRequest.target.resources = exports.createResourceTarget(resources, action);
388
- }
376
+ authZRequest.target.resources = exports.createResourceTarget(resource, action);
389
377
  return authZRequest;
390
378
  }
391
379
  }
package/lib/acs/authz.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authz.js","sourceRoot":"","sources":["../../src/acs/authz.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4BAA4B;AAC5B,6CAIsB;AACtB,8DAA0D;AAC1D,sCAA8C;AAC9C,sCAA+B;AAC/B,mCAAgD;AAChD,gEAAuD;AAIvD,MAAM,IAAI,GAAG,YAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAEpC,MAAM,kBAAkB,GAAG,CAAC,MAAW,EAAe,EAAE;IAC7D,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;QACrB,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,KAAK,IAAI,UAAU,IAAI,MAAM,EAAE;YAC7B,UAAU,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,CAAC;YAChD,UAAU,CAAC,IAAI,CAAC;gBACd,EAAE,EAAE,IAAI,CAAC,QAAQ;gBACjB,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,UAAU,EAAE;aACtC,CAAC,CAAC;SACJ;QACD,OAAO,UAAU,CAAC;KACnB;SACI;QACH,OAAO,CAAC;gBACN,EAAE,EAAE,IAAI,CAAC,QAAQ;gBACjB,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,EAAE;aAC1D,CAAC,CAAC;KACJ;AACH,CAAC,CAAC;AAlBW,QAAA,kBAAkB,sBAkB7B;AAEK,MAAM,mBAAmB,GAAG,CAAC,OAAgB,EAAe,EAAE;IACnE,IAAI,OAAO,CAAC,eAAe,EAAE;QAC3B,OAAO,CAAC;gBACN,EAAE,EAAE,IAAI,CAAC,oBAAoB;gBAC7B,KAAK,EAAE,MAAM;aACd,CAAC,CAAC;KACJ;IACD,IAAI,SAAS,GAAG;QACd;YACE,EAAE,EAAE,IAAI,CAAC,SAAS;YAClB,KAAK,EAAE,OAAO,CAAC,EAAE;SAClB;KAAC,CAAC;IAEL,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,IAAI,UAAU,GAAG;YACf;gBACE,EAAE,EAAE,IAAI,CAAC,iBAAiB;gBAC1B,KAAK,EAAE,IAAI,CAAC,QAAQ;aACrB;YACD;gBACE,EAAE,EAAE,IAAI,CAAC,mBAAmB;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC;QACF,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;KAC1C;IACD,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AA3BW,QAAA,mBAAmB,uBA2B9B;AAEF,MAAM,kBAAkB,GAAG,CAAC,IAAY,EAAE,eAAwB,EAAU,EAAE;IAC5E,mDAAmD;IACnD,MAAM,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpC,IAAI,eAAe,EAAE;QACnB,OAAO,GAAG,eAAe,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;KACjD;SAAM;QACL,OAAO,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC;KAC9B;AACH,CAAC,CAAC;AAEK,MAAM,oBAAoB,GAAG,CAAC,SAAqB,EAAE,MAAmC,EAAE,EAAE;IACjG,MAAM,SAAS,GAAgB,EAAE,CAAC;IAClC,SAAS,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC7B,IAAI,MAAM,IAAI,wBAAW,CAAC,OAAO,EAAE;YACjC,MAAM,YAAY,GAAG,kBAAkB,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;YAC3E,IAAI,YAAY,EAAE;gBAChB,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,IAAI,CAAC,MAAM;oBACf,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,YAAY,EAAE;iBACvC,CAAC,CAAC;aACJ;YACD,IAAI,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE;gBAC7C,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,IAAI,CAAC,UAAU;oBACnB,KAAK,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAAE;iBAC5B,CAAC,CAAC;aACJ;YAED,IAAI,QAAQ,CAAC,MAAM,EAAE;gBACnB,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBAChC,SAAS,CAAC,IAAI,CAAC;wBACb,EAAE,EAAE,IAAI,CAAC,QAAQ;wBACjB,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,YAAY,IAAI,KAAK,EAAE;qBAChD,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;aACJ;SACF;aAAM;YACL,SAAS,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC7B,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,IAAI,CAAC,SAAS;oBAClB,KAAK,EAAE,QAAQ,CAAC,IAAI;iBACrB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;SACJ;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AArCW,QAAA,oBAAoB,wBAqC/B;AAEK,MAAM,iCAAiC,GAAG,CAAC,SAAqB,EAAE,EAAE;IACzE,MAAM,SAAS,GAAgB,EAAE,CAAC;IAClC,SAAS,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC7B,MAAM,YAAY,GAAG,kBAAkB,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;QAE3E,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;YAC7E,SAAS,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC7B,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,IAAI,CAAC,SAAS;oBAClB,KAAK,EAAE,QAAQ,CAAC,IAAI;iBACrB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;SACJ;aACI;YACH,SAAS,CAAC,IAAI,CAAC;gBACb,EAAE,EAAE,IAAI,CAAC,MAAM;gBACf,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,YAAY,EAAE;aACvC,CAAC,CAAC;SACJ;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAtBW,QAAA,iCAAiC,qCAsB5C;AAEF,MAAa,OAAO;IAElB;;;OAGG;IACH,YAAY,GAAQ;QAClB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAEK,SAAS,CAAC,OAA4C,EAAE,QAAQ;;YACpE,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE;oBACN,MAAM,EAAE,0BAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;oBACjD,OAAO,EAAE,2BAAmB,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;oBACpD,SAAS,EAAE,4BAAoB,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;iBACjF;gBACD,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;YAEF,IAAI,QAA0B,CAAC;YAC/B,IAAI;gBACF,QAAQ,GAAG,MAAM,iBAAS,CAAC,YAAY,EAAE,CAAO,GAAG,EAAE,EAAE;oBACrD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;gBAChD,CAAC,CAAA,EAAE,QAAQ,EAAE,mBAAmB,CAAC,CAAC;aACnC;YAAC,OAAO,GAAG,EAAE;gBACZ,gBAAM,CAAC,KAAK,CAAC,uDAAuD,EAAE,GAAG,CAAC,CAAC;gBAC3E,gBAAM,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;oBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;iBAChB;gBACD,QAAQ,GAAG;oBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;oBACvB,gBAAgB,EAAE;wBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB;iBACF,CAAC;aACH;YAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;gBACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACpD;YAED,OAAO,QAAQ,CAAC;QAElB,CAAC;KAAA;IAEK,aAAa,CAAC,OAAyD,EAC3E,QAAQ;;YACR,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE;oBACN,MAAM,EAAE,0BAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;oBACjD,OAAO,EAAE,2BAAmB,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;oBACpD,SAAS,EAAE,4BAAoB,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;iBACjF;gBACD,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;YACF,IAAI,QAA6B,CAAC;YAClC,IAAI;gBACF,QAAQ,GAAG,MAAM,iBAAS,CAAC,YAAY,EAAE,CAAO,GAAG,EAAE,EAAE;oBACrD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACpD,CAAC,CAAA,EAAE,QAAQ,EAAE,uBAAuB,CAAC,CAAC;aACvC;YAAC,OAAO,GAAG,EAAE;gBACZ,gBAAM,CAAC,KAAK,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;gBAC/E,gBAAM,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;oBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;iBAChB;gBACD,QAAQ,GAAG;oBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;oBACvB,gBAAgB,EAAE;wBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB;iBACF,CAAC;aACH;YAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;gBACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACpD;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;CACF;AApFD,0BAoFC;AAED;;GAEG;AACH,MAAa,QAAQ;IAGnB;;;OAGG;IACH,YAAY,GAAQ,EAAE,GAAS;QAC7B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;;OAKG;IACG,SAAS,CAAC,OAA2C,EAAE,QAAQ;;YACnE,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YAClD,YAAY,CAAC,OAAO,GAAG;gBACrB,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,EAAE;gBACb,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;aAChD,CAAC;YACF,IAAI,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;YACzC,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACxD,IAAI,WAAW,GAAG,UAAU,CAAC;YAE7B,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,EAAE;gBAC3C,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,GAAG,GAAG,WAAW,CAAC;aAC7D;YAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,QAAQ,EAAE;gBAC/G,0FAA0F;gBAC1F,IAAI,OAAO,GAAG,CAAC,CAAC;gBAChB,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACjE,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE;wBACnC,QAAQ,CAAC,QAAQ,CAAC,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;wBACzC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;qBAC5B;oBACD,OAAO,QAAQ,CAAC;gBAClB,CAAC,CAAC,CAAC;aACJ;YACD,YAAY,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACpD,YAAY,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAExD,oFAAoF;YACpF,8EAA8E;YAC9E,4EAA4E;YAC5E,IAAI,QAAQ,GAAG;gBACb,MAAM,EAAE,YAAY,CAAC,MAAM;aAC5B,CAAC;YACF,IAAI,QAA0B,CAAC;YAC/B,IAAI;gBACF,QAAQ,GAAG,MAAM,iBAAS,CAAC,QAAQ,EAAE,CAAO,GAAG,EAAE,EAAE;oBACjD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;gBAChD,CAAC,CAAA,EAAE,QAAQ,EAAE,WAAW,GAAG,YAAY,CAAC,CAAC;aAC1C;YAAC,OAAO,GAAG,EAAE;gBACZ,gBAAM,CAAC,KAAK,CAAC,uDAAuD,EAAE,GAAG,CAAC,CAAC;gBAC3E,gBAAM,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;oBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;iBAChB;gBACD,QAAQ,GAAG;oBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;oBACvB,gBAAgB,EAAE;wBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB;iBACF,CAAC;aACH;YAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;gBACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACpD;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;IAED;;;;;MAKE;IACI,aAAa,CAAC,OAAwD,EAC1E,QAAQ;;YACR,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YAClD,YAAY,CAAC,OAAO,GAAG;gBACrB,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,EAAE;gBACb,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;aAChD,CAAC;YACF,IAAI,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC;YACzC,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YAExD,IAAI,WAAW,GAAG,UAAU,CAAC;YAE7B,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,EAAE;gBAC3C,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,GAAG,GAAG,WAAW,CAAC;aAC7D;YAED,YAAY,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACpD,YAAY,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAExD,IAAI,QAA6B,CAAC;YAClC,IAAI;gBACF,QAAQ,GAAG,MAAM,iBAAS,CAAC,YAAY,EAAE,CAAO,GAAG,EAAE,EAAE;oBACrD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACpD,CAAC,CAAA,EAAE,QAAQ,EAAE,WAAW,GAAG,gBAAgB,CAAC,CAAC;aAC9C;YAAC,OAAM,GAAG,EAAE;gBACX,gBAAM,CAAC,KAAK,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;gBAC/E,gBAAM,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;oBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;iBAChB;gBACD,QAAQ,GAAG;oBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;oBACvB,gBAAgB,EAAE;wBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB;iBACF,CAAC;aACH;YAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;gBACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACpD;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;IAEO,MAAM,CAAC,MAAW;QACxB,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;YACrB,OAAO,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;SAC9C;aAAM;YACL,OAAO;gBACL,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;aAC3C,CAAC;SACH;IACH,CAAC;IAED,cAAc,CAAC,OAAsE;QACnF,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QACpD,iCAAiC;QAEjC,MAAM,YAAY,GAAQ;YACxB,MAAM,EAAE;gBACN,MAAM,EAAE,0BAAkB,CAAC,MAAM,CAAC;gBAClC,OAAO,EAAE,2BAAmB,CAAC,OAAO,CAAC;aACtC;SACF,CAAC;QACF,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;YACrB,gBAAgB;YAChB,YAAY,CAAC,MAAM,CAAC,SAAS,GAAG,yCAAiC,CAAC,SAAS,CAAC,CAAC;SAC9E;aAAM;YACL,YAAY;YACZ,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,QAAQ;mBACrE,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,QAAQ,EAAE;gBACtC,kEAAkE;gBAClE,IAAI,OAAO,GAAG,CAAC,CAAC;gBAChB,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACjE,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE;wBACnC,QAAQ,CAAC,QAAQ,CAAC,EAAE,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;wBACzC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;qBAC5B;oBACD,OAAO,QAAQ,CAAC;gBAClB,CAAC,CAAC,CAAC;aACJ;YAED,YAAY,CAAC,MAAM,CAAC,SAAS,GAAG,4BAAoB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;SACzE;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;CACF;AA/KD,4BA+KC;AAED,MAAM,SAAS,GAAG;IAChB,mBAAmB;IACnB,oBAAoB;IACpB,mBAAmB;IACnB,eAAe;IACf,gBAAgB;IAChB,eAAe;IACf,aAAa;IACb,cAAc;IACd,aAAa;CACd,CAAC;AAEF,MAAM,aAAa,GAAG,CAAO,GAAQ,EACnC,OAAY,EAAE,MAAW,EAAE,SAAiB,EAAgB,EAAE;IAC9D,IAAI,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE;QACrC,2CAA2C;QAC3C,gBAAM,CAAC,IAAI,CAAC,kBAAkB,SAAS,+BAA+B,CAAC,CAAC;QACxE,MAAM,kBAAU,EAAE,CAAC;KACpB;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,SAAS,GAAG,CAAO,MAAY,EAA4B,EAAE;IACxE,IAAI,CAAC,aAAK,EAAE;QACV,IAAI,MAAM,EAAE;YACV,qBAAY,CAAC,MAAM,CAAC,CAAC;SACtB;QACD,MAAM,QAAQ,GAAG,YAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,YAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzC,wCAAwC;QACxC,IAAI,QAAQ,CAAC,OAAO,EAAE;YACpB,MAAM,gBAAgB,GAAG,YAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC3C,MAAM,aAAa,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,IAAI,wBAAU,CAAC,aAAa,EAAE,gBAAM,CAAC,CAAC;YACxD,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;YACjC,aAAK,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC1B,iEAAiE;YACjE,wEAAwE;YACxE,IAAI,QAAQ,IAAI,QAAQ,CAAC,aAAa,EAAE;gBACtC,MAAM,MAAM,GAAG,IAAI,qBAAM,CAAC,QAAQ,EAAE,gBAAM,CAAC,CAAC;gBAC5C,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;gBACrB,KAAK,IAAI,UAAU,IAAI,QAAQ,CAAC,aAAa,EAAE;oBAC7C,IAAI,QAAQ,GAAG,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;oBAClD,IAAI,KAAK,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;oBAC/C,IAAI,QAAQ,CAAC,MAAM,EAAE;wBACnB,KAAK,IAAI,SAAS,IAAI,QAAQ,CAAC,MAAM,EAAE;4BACrC,MAAM,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;yBAC1C;qBACF;iBACF;aACF;YACD,OAAO,aAAK,CAAC;SACd;KACF;IACD,OAAO,aAAK,CAAC;AACf,CAAC,CAAA,CAAC;AAjCW,QAAA,SAAS,aAiCpB"}
1
+ {"version":3,"file":"authz.js","sourceRoot":"","sources":["../../src/acs/authz.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,4BAA4B;AAC5B,6CAIsB;AACtB,8DAA0D;AAC1D,sCAA8C;AAC9C,sCAA+B;AAC/B,mCAAgD;AAChD,gEAAuD;AAIvD,MAAM,IAAI,GAAG,YAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAEpC,MAAM,kBAAkB,GAAG,CAAC,MAAW,EAAe,EAAE;IAC7D,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;QACrB,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,KAAK,IAAI,UAAU,IAAI,MAAM,EAAE;YAC7B,UAAU,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,CAAC;YAChD,UAAU,CAAC,IAAI,CAAC;gBACd,EAAE,EAAE,IAAI,CAAC,QAAQ;gBACjB,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,UAAU,EAAE;aACtC,CAAC,CAAC;SACJ;QACD,OAAO,UAAU,CAAC;KACnB;SACI;QACH,OAAO,CAAC;gBACN,EAAE,EAAE,IAAI,CAAC,QAAQ;gBACjB,KAAK,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,EAAE;aAC1D,CAAC,CAAC;KACJ;AACH,CAAC,CAAC;AAlBW,QAAA,kBAAkB,sBAkB7B;AAEK,MAAM,mBAAmB,GAAG,CAAC,OAAgB,EAAe,EAAE;IACnE,IAAI,OAAO,CAAC,eAAe,EAAE;QAC3B,OAAO,CAAC;gBACN,EAAE,EAAE,IAAI,CAAC,oBAAoB;gBAC7B,KAAK,EAAE,MAAM;aACd,CAAC,CAAC;KACJ;IACD,IAAI,SAAS,GAAG;QACd;YACE,EAAE,EAAE,IAAI,CAAC,SAAS;YAClB,KAAK,EAAE,OAAO,CAAC,EAAE;SAClB;KAAC,CAAC;IAEL,IAAI,OAAO,CAAC,KAAK,EAAE;QACjB,IAAI,UAAU,GAAG;YACf;gBACE,EAAE,EAAE,IAAI,CAAC,iBAAiB;gBAC1B,KAAK,EAAE,IAAI,CAAC,QAAQ;aACrB;YACD;gBACE,EAAE,EAAE,IAAI,CAAC,mBAAmB;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC;QACF,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;KAC1C;IACD,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AA3BW,QAAA,mBAAmB,uBA2B9B;AAEK,MAAM,kBAAkB,GAAG,CAAC,IAAY,EAAE,eAAwB,EAAU,EAAE;IACnF,mDAAmD;IACnD,MAAM,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpC,IAAI,eAAe,EAAE;QACnB,OAAO,GAAG,eAAe,IAAI,MAAM,IAAI,MAAM,EAAE,CAAC;KACjD;SAAM;QACL,OAAO,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC;KAC9B;AACH,CAAC,CAAC;AAZW,QAAA,kBAAkB,sBAY7B;AAEK,MAAM,oBAAoB,GAAG,CAAC,QAAoB,EAAE,MAAmB,EAAE,EAAE;IAChF,MAAM,SAAS,GAAgB,EAAE,CAAC;IAClC,QAAQ,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;QAC/B,IAAI,MAAM,IAAI,wBAAW,CAAC,OAAO,EAAE;YACjC,IAAI,qBAAqB,GAAG,WAAW,CAAC,QAAQ,CAAC;YACjD,IAAI,gBAAgB,GAAG,WAAW,CAAC,EAAE,CAAC;YACtC,IAAI,gBAAgB,GAAG,WAAW,CAAC,QAAQ,CAAC;YAC5C,IAAI,iBAAiB,EAAE,YAAY,CAAC;YAEpC,IAAI,qBAAqB,IAAI,qBAAqB,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;gBACpE,iBAAiB,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC,EAAE,qBAAqB,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC3F,sEAAsE;gBACtE,0CAA0C;gBAC1C,YAAY,GAAG,qBAAqB,CAAC,KAAK,CAAC,qBAAqB,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;aACxF;iBAAM;gBACL,YAAY,GAAG,qBAAqB,CAAC;aACtC;YAED,sDAAsD;YACtD,MAAM,YAAY,GAAG,0BAAkB,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;YACzE,IAAI,YAAY,EAAE;gBAChB,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,IAAI,CAAC,MAAM;oBACf,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,YAAY,EAAE;iBACvC,CAAC,CAAC;aACJ;YAED,kEAAkE;YAClE,IAAI,gBAAgB,IAAI,OAAO,gBAAgB,KAAK,QAAQ,EAAE;gBAC5D,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,IAAI,CAAC,UAAU;oBACnB,KAAK,EAAE,gBAAgB;iBACxB,CAAC,CAAC;aACJ;iBAAM,IAAI,gBAAgB,IAAI,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE;gBACzF,gBAAgB,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACpC,SAAS,CAAC,IAAI,CAAC;wBACb,EAAE,EAAE,IAAI,CAAC,UAAU;wBACnB,KAAK,EAAE,QAAQ;qBAChB,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;aACJ;YAED,0DAA0D;YAC1D,IAAI,gBAAgB,IAAI,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE;gBAClF,gBAAgB,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACpC,SAAS,CAAC,IAAI,CAAC;wBACb,EAAE,EAAE,IAAI,CAAC,QAAQ;wBACjB,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,YAAY,IAAI,QAAQ,EAAE;qBACnD,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;aACJ;SACF;aAAM;YACL,SAAS,CAAC,IAAI,CAAC;gBACb,EAAE,EAAE,IAAI,CAAC,SAAS;gBAClB,KAAK,EAAE,WAAW,CAAC,QAAQ;aAC5B,CAAC,CAAC;SACJ;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AA5DW,QAAA,oBAAoB,wBA4D/B;AAEF,MAAa,OAAO;IAElB;;;OAGG;IACH,YAAY,GAAQ;QAClB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAEO,MAAM,CAAC,MAAW;QACxB,IAAI,MAAM,EAAE;YACV,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBACrB,OAAO,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;aAC9C;iBAAM;gBACL,OAAO;oBACL,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;iBAC3C,CAAC;aACH;SACF;IACH,CAAC;IAEK,SAAS,CAAC,OAA4C,EAAE,GAAqB,EAAE,QAAiB;;YACpG,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE;oBACN,MAAM,EAAE,0BAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;oBACjD,OAAO,EAAE,2BAAmB,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;oBACpD,SAAS,EAAE,4BAAoB,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;iBAChF;gBACD,OAAO,EAAE;oBACP,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;oBAC5C,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;iBACtC;aACF,CAAC;YAEF,IAAI,QAA0B,CAAC;YAC/B,IAAI;gBACF,QAAQ,GAAG,MAAM,iBAAS,CAAC,YAAY,EAAE,CAAO,GAAG,EAAE,EAAE;oBACrD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;gBAChD,CAAC,CAAA,EAAE,QAAQ,EAAE,mBAAmB,CAAC,CAAC;aACnC;YAAC,OAAO,GAAG,EAAE;gBACZ,gBAAM,CAAC,KAAK,CAAC,uDAAuD,EAAE,GAAG,CAAC,CAAC;gBAC3E,gBAAM,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;oBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;iBAChB;gBACD,QAAQ,GAAG;oBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;oBACvB,gBAAgB,EAAE;wBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB;iBACF,CAAC;aACH;YAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;gBACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACpD;YAED,OAAO,QAAQ,CAAC;QAElB,CAAC;KAAA;IAEK,aAAa,CAAC,OAAyD,EAC3E,GAAqB,EAAE,QAAiB;;YACxC,MAAM,YAAY,GAAG;gBACnB,MAAM,EAAE;oBACN,MAAM,EAAE,0BAAkB,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;oBACjD,OAAO,EAAE,2BAAmB,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;oBACpD,SAAS,EAAE,4BAAoB,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;iBAChF;gBACD,OAAO,EAAE;oBACP,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;oBAC5C,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC;iBACtC;aACF,CAAC;YACF,IAAI,QAA6B,CAAC;YAClC,IAAI;gBACF,QAAQ,GAAG,MAAM,iBAAS,CAAC,YAAY,EAAE,CAAO,GAAG,EAAE,EAAE;oBACrD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACpD,CAAC,CAAA,EAAE,QAAQ,EAAE,uBAAuB,CAAC,CAAC;aACvC;YAAC,OAAO,GAAG,EAAE;gBACZ,gBAAM,CAAC,KAAK,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;gBAC/E,gBAAM,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;oBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;iBAChB;gBACD,QAAQ,GAAG;oBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;oBACvB,gBAAgB,EAAE;wBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB;iBACF,CAAC;aACH;YAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;gBACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACpD;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;CACF;AAtGD,0BAsGC;AAED;;GAEG;AACH,MAAa,QAAQ;IAGnB;;;OAGG;IACH,YAAY,GAAQ,EAAE,GAAS;QAC7B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;;OAKG;IACG,SAAS,CAAC,OAA2C,EAAE,GAAqB,EAAE,QAAQ;;YAC1F,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YAClD,YAAY,CAAC,OAAO,GAAG;gBACrB,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,EAAE;gBACb,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;aAChD,CAAC;YACF,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACxD,IAAI,WAAW,GAAG,UAAU,CAAC;YAE7B,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,EAAE;gBAC3C,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,GAAG,GAAG,WAAW,CAAC;aAC7D;YAED,YAAY,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACpD,YAAY,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE5D,oFAAoF;YACpF,8EAA8E;YAC9E,4EAA4E;YAC5E,IAAI,QAAQ,GAAG;gBACb,MAAM,EAAE,YAAY,CAAC,MAAM;aAC5B,CAAC;YACF,IAAI,QAA0B,CAAC;YAC/B,IAAI;gBACF,QAAQ,GAAG,MAAM,iBAAS,CAAC,QAAQ,EAAE,CAAO,GAAG,EAAE,EAAE;oBACjD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;gBAChD,CAAC,CAAA,EAAE,QAAQ,EAAE,WAAW,GAAG,YAAY,CAAC,CAAC;aAC1C;YAAC,OAAO,GAAG,EAAE;gBACZ,gBAAM,CAAC,KAAK,CAAC,uDAAuD,EAAE,GAAG,CAAC,CAAC;gBAC3E,gBAAM,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;oBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;iBAChB;gBACD,QAAQ,GAAG;oBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;oBACvB,gBAAgB,EAAE;wBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB;iBACF,CAAC;aACH;YAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;gBACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACpD;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;IAED;;;;;MAKE;IACI,aAAa,CAAC,OAAwD,EAC1E,GAAqB,EAAE,QAAiB;;YACxC,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YAClD,YAAY,CAAC,OAAO,GAAG;gBACrB,OAAO,EAAE,EAAE;gBACX,SAAS,EAAE,EAAE;gBACb,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;aAChD,CAAC;YACF,MAAM,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YAExD,IAAI,WAAW,GAAG,UAAU,CAAC;YAE7B,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,EAAE;gBAC3C,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,GAAG,GAAG,WAAW,CAAC;aAC7D;YAED,YAAY,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACpD,YAAY,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE5D,IAAI,QAA6B,CAAC;YAClC,IAAI;gBACF,QAAQ,GAAG,MAAM,iBAAS,CAAC,YAAY,EAAE,CAAO,GAAG,EAAE,EAAE;oBACrD,OAAO,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACpD,CAAC,CAAA,EAAE,QAAQ,EAAE,WAAW,GAAG,gBAAgB,CAAC,CAAC;aAC9C;YAAC,OAAO,GAAG,EAAE;gBACZ,gBAAM,CAAC,KAAK,CAAC,2DAA2D,EAAE,GAAG,CAAC,CAAC;gBAC/E,gBAAM,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;gBACvC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;oBACb,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC;iBAChB;gBACD,QAAQ,GAAG;oBACT,QAAQ,EAAE,qBAAQ,CAAC,IAAI;oBACvB,gBAAgB,EAAE;wBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,GAAG,CAAC,OAAO;qBACrB;iBACF,CAAC;aACH;YAED,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;gBACvB,gBAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACpD;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;KAAA;IAEO,MAAM,CAAC,MAAW;QACxB,IAAI,MAAM,EAAE;YACV,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;gBACrB,OAAO,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;aAC9C;iBAAM;gBACL,OAAO;oBACL,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;iBAC3C,CAAC;aACH;SACF;IACH,CAAC;IAED,cAAc,CAAC,OAAsE;QACnF,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QACnD,MAAM,YAAY,GAAQ;YACxB,MAAM,EAAE;gBACN,MAAM,EAAE,0BAAkB,CAAC,MAAM,CAAC;gBAClC,OAAO,EAAE,2BAAmB,CAAC,OAAO,CAAC;aACtC;SACF,CAAC;QACF,YAAY,CAAC,MAAM,CAAC,SAAS,GAAG,4BAAoB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACvE,OAAO,YAAY,CAAC;IACtB,CAAC;CACF;AA9ID,4BA8IC;AAED,MAAM,SAAS,GAAG;IAChB,mBAAmB;IACnB,oBAAoB;IACpB,mBAAmB;IACnB,eAAe;IACf,gBAAgB;IAChB,eAAe;IACf,aAAa;IACb,cAAc;IACd,aAAa;CACd,CAAC;AAEF,MAAM,aAAa,GAAG,CAAO,GAAQ,EACnC,OAAY,EAAE,MAAW,EAAE,SAAiB,EAAgB,EAAE;IAC9D,IAAI,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE;QACrC,2CAA2C;QAC3C,gBAAM,CAAC,IAAI,CAAC,kBAAkB,SAAS,+BAA+B,CAAC,CAAC;QACxE,MAAM,kBAAU,EAAE,CAAC;KACpB;AACH,CAAC,CAAA,CAAC;AAEK,MAAM,SAAS,GAAG,CAAO,MAAY,EAA4B,EAAE;IACxE,IAAI,CAAC,aAAK,EAAE;QACV,IAAI,MAAM,EAAE;YACV,qBAAY,CAAC,MAAM,CAAC,CAAC;SACtB;QACD,MAAM,QAAQ,GAAG,YAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,YAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzC,wCAAwC;QACxC,IAAI,QAAQ,CAAC,OAAO,EAAE;YACpB,MAAM,gBAAgB,GAAG,YAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC3C,MAAM,aAAa,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,IAAI,wBAAU,CAAC,aAAa,EAAE,gBAAM,CAAC,CAAC;YACxD,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC;YACjC,aAAK,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC1B,iEAAiE;YACjE,wEAAwE;YACxE,IAAI,QAAQ,IAAI,QAAQ,CAAC,aAAa,EAAE;gBACtC,MAAM,MAAM,GAAG,IAAI,qBAAM,CAAC,QAAQ,EAAE,gBAAM,CAAC,CAAC;gBAC5C,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;gBACrB,KAAK,IAAI,UAAU,IAAI,QAAQ,CAAC,aAAa,EAAE;oBAC7C,IAAI,QAAQ,GAAG,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;oBAClD,IAAI,KAAK,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;oBAC/C,IAAI,QAAQ,CAAC,MAAM,EAAE;wBACnB,KAAK,IAAI,SAAS,IAAI,QAAQ,CAAC,MAAM,EAAE;4BACrC,MAAM,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;yBAC1C;qBACF;iBACF;aACF;YACD,OAAO,aAAK,CAAC;SACd;KACF;IACD,OAAO,aAAK,CAAC;AACf,CAAC,CAAA,CAAC;AAjCW,QAAA,SAAS,aAiCpB"}
package/lib/acs/interfaces.d.ts CHANGED
@@ -7,6 +7,32 @@ export declare enum AuthZAction {
7
7
  DROP = "DROP",
8
8
  ALL = "*"
9
9
  }
10
+ export declare enum Operation {
11
+ isAllowed = "isAllowed",
12
+ whatIsAllowed = "whatIsAllowed"
13
+ }
14
+ export interface Resource {
15
+ resource: string;
16
+ id?: string | string[];
17
+ property?: string[];
18
+ }
19
+ export interface CtxResource {
20
+ id: string;
21
+ meta: {
22
+ created?: number;
23
+ modified?: number;
24
+ modified_by?: string;
25
+ owner: Attribute[];
26
+ };
27
+ [key: string]: any;
28
+ }
29
+ export interface ACSClientContext {
30
+ subject?: Subject;
31
+ resources?: CtxResource[];
32
+ }
33
+ export interface Database {
34
+ database: 'arangoDB' | 'postgres';
35
+ }
10
36
  export interface AuthZSubject {
11
37
  id: string;
12
38
  role_associations: RoleAssociation[];
@@ -17,13 +43,18 @@ export interface HierarchicalScope {
17
43
  role?: string;
18
44
  children?: HierarchicalScope[];
19
45
  }
46
+ export interface ResolvedSubject {
47
+ id: string;
48
+ scope: string;
49
+ token: string;
50
+ role_associations?: RoleAssociation[];
51
+ hierarchical_scopes?: HierarchicalScope[];
52
+ }
20
53
  export interface Subject {
21
54
  id?: string;
22
55
  scope?: string;
23
56
  unauthenticated?: boolean;
24
57
  token?: string;
25
- role_associations?: RoleAssociation[];
26
- hierarchical_scopes?: HierarchicalScope[];
27
58
  }
28
59
  export declare enum Decision {
29
60
  PERMIT = "PERMIT",
@@ -38,15 +69,9 @@ export interface DecisionResponse {
38
69
  message: string;
39
70
  };
40
71
  }
41
- export interface Resource {
42
- type: string;
43
- fields?: string[];
44
- instance?: any;
45
- namespace?: string;
46
- }
47
72
  export interface Target<TSubject, TResource, TAction> {
48
73
  subject: TSubject;
49
- resources: TResource[];
74
+ resource: TResource;
50
75
  action: TAction;
51
76
  }
52
77
  export interface Request<TTarget, TContext> {
@@ -63,16 +88,16 @@ export interface AuthZ<TSubject, TContext = any, TResource = Resource, TAction =
63
88
  /**
64
89
  * Check is the subject is allowed to do an action on a specific resource
65
90
  */
66
- isAllowed(request: Request<Target<TSubject, TResource, TAction>, TContext>, useCache: boolean): Promise<DecisionResponse>;
91
+ isAllowed(request: Request<Target<TSubject, TResource, TAction>, TContext>, ctx: ACSClientContext, useCache: boolean): Promise<DecisionResponse>;
67
92
  }
68
93
  export interface Credentials {
69
94
  type: string;
70
95
  [key: string]: any;
71
96
  }
72
- export declare type AuthZTarget = Target<Subject, Resource, AuthZAction>;
73
- export declare type NoAuthTarget = Target<UnauthenticatedData, Resource, AuthZAction>;
74
- export declare type AuthZWhatIsAllowedTarget = Target<Subject, Resource, AuthZAction[]>;
75
- export declare type NoAuthWhatIsAllowedTarget = Target<UnauthenticatedData, Resource, AuthZAction[]>;
97
+ export declare type AuthZTarget = Target<Subject, Resource[], AuthZAction>;
98
+ export declare type NoAuthTarget = Target<UnauthenticatedData, Resource[], AuthZAction>;
99
+ export declare type AuthZWhatIsAllowedTarget = Target<Subject, Resource[], AuthZAction>;
100
+ export declare type NoAuthWhatIsAllowedTarget = Target<UnauthenticatedData, Resource[], AuthZAction>;
76
101
  export interface AuthZContext {
77
102
  security: any;
78
103
  }
@@ -89,8 +114,8 @@ export interface AuthZResponse extends Response {
89
114
  decision: Decision;
90
115
  obligation: string;
91
116
  }
92
- export interface IAuthZ extends AuthZ<AuthZSubject | UnauthenticatedData, AuthZContext, Resource, AuthZAction> {
93
- whatIsAllowed: (request: Request<AuthZWhatIsAllowedTarget | NoAuthWhatIsAllowedTarget, AuthZContext>, useCache: boolean) => Promise<PolicySetRQResponse>;
117
+ export interface IAuthZ extends AuthZ<AuthZSubject | UnauthenticatedData, AuthZContext, Resource[], AuthZAction> {
118
+ whatIsAllowed: (request: Request<AuthZWhatIsAllowedTarget | NoAuthWhatIsAllowedTarget, AuthZContext>, ctx: ACSClientContext, useCache: boolean) => Promise<PolicySetRQResponse>;
94
119
  }
95
120
  export interface UserCredentials extends Credentials {
96
121
  identifier: string;
@@ -139,8 +164,37 @@ export interface PolicySetRQ extends AccessControlObjectInterface {
139
164
  combining_algorithm?: string;
140
165
  policies?: PolicyRQ[];
141
166
  }
167
+ export declare enum FilterValueType {
168
+ STRING = 0,
169
+ NUMBER = 1,
170
+ BOOLEAN = 2,
171
+ DATE = 3,
172
+ ARRAY = 4
173
+ }
174
+ export interface Filter {
175
+ field: string;
176
+ operation: FilterOperation;
177
+ value: string;
178
+ type?: FilterValueType;
179
+ filters?: Filters[];
180
+ }
181
+ export interface Filters {
182
+ filter?: Filter[];
183
+ operator?: OperatorType;
184
+ }
185
+ export interface EnityFilterMap {
186
+ resource: string;
187
+ filters: Filters[];
188
+ }
189
+ export interface CustomQueryArgs {
190
+ resource: string;
191
+ custom_queries: string[];
192
+ custom_arguments: any;
193
+ }
142
194
  export interface PolicySetRQResponse extends AccessControlObjectInterface {
143
195
  policy_sets?: PolicySetRQ[];
196
+ filters?: EnityFilterMap[];
197
+ custom_query_args?: CustomQueryArgs[];
144
198
  decision: Decision;
145
199
  operation_status: {
146
200
  code: number;
package/lib/acs/interfaces.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.OperatorType = exports.FilterOperation = exports.Effect = exports.Decision = exports.AuthZAction = void 0;
3
+ exports.OperatorType = exports.FilterOperation = exports.Effect = exports.FilterValueType = exports.Decision = exports.Operation = exports.AuthZAction = void 0;
4
4
  var AuthZAction;
5
5
  (function (AuthZAction) {
6
6
  AuthZAction["CREATE"] = "CREATE";
@@ -11,6 +11,12 @@ var AuthZAction;
11
11
  AuthZAction["DROP"] = "DROP";
12
12
  AuthZAction["ALL"] = "*";
13
13
  })(AuthZAction = exports.AuthZAction || (exports.AuthZAction = {}));
14
+ var Operation;
15
+ (function (Operation) {
16
+ Operation["isAllowed"] = "isAllowed";
17
+ Operation["whatIsAllowed"] = "whatIsAllowed";
18
+ })(Operation = exports.Operation || (exports.Operation = {}));
19
+ ;
14
20
  var Decision;
15
21
  (function (Decision) {
16
22
  Decision["PERMIT"] = "PERMIT";
@@ -18,6 +24,15 @@ var Decision;
18
24
  Decision["INDETERMINATE"] = "INDETERMINATE";
19
25
  })(Decision = exports.Decision || (exports.Decision = {}));
20
26
  ;
27
+ var FilterValueType;
28
+ (function (FilterValueType) {
29
+ FilterValueType[FilterValueType["STRING"] = 0] = "STRING";
30
+ FilterValueType[FilterValueType["NUMBER"] = 1] = "NUMBER";
31
+ FilterValueType[FilterValueType["BOOLEAN"] = 2] = "BOOLEAN";
32
+ FilterValueType[FilterValueType["DATE"] = 3] = "DATE";
33
+ FilterValueType[FilterValueType["ARRAY"] = 4] = "ARRAY";
34
+ })(FilterValueType = exports.FilterValueType || (exports.FilterValueType = {}));
35
+ ;
21
36
  var Effect;
22
37
  (function (Effect) {
23
38
  Effect["PERMIT"] = "PERMIT";
package/lib/acs/interfaces.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../../src/acs/interfaces.ts"],"names":[],"mappings":";;;AAAA,IAAY,WAQX;AARD,WAAY,WAAW;IACrB,gCAAiB,CAAA;IACjB,4BAAa,CAAA;IACb,gCAAiB,CAAA;IACjB,gCAAiB,CAAA;IACjB,kCAAmB,CAAA;IACnB,4BAAa,CAAA;IACb,wBAAS,CAAA;AACX,CAAC,EARW,WAAW,GAAX,mBAAW,KAAX,mBAAW,QAQtB;AAuBD,IAAY,QAIX;AAJD,WAAY,QAAQ;IAClB,6BAAiB,CAAA;IACjB,yBAAa,CAAA;IACb,2CAA+B,CAAA;AACjC,CAAC,EAJW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAInB;AASA,CAAC;AA8JF,IAAY,MAIX;AAJD,WAAY,MAAM;IAChB,2BAAiB,CAAA;IACjB,uBAAa,CAAA;IACb,yCAA+B,CAAA;AACjC,CAAC,EAJW,MAAM,GAAN,cAAM,KAAN,cAAM,QAIjB;AAmBD,IAAY,eAUX;AAVD,WAAY,eAAe;IACzB,iDAAM,CAAA;IACN,iDAAM,CAAA;IACN,mDAAO,CAAA;IACP,iDAAM,CAAA;IACN,mDAAO,CAAA;IACP,2DAAW,CAAA;IACX,uDAAS,CAAA;IACT,iDAAM,CAAA;IACN,mDAAO,CAAA;AACT,CAAC,EAVW,eAAe,GAAf,uBAAe,KAAf,uBAAe,QAU1B;AAAA,CAAC;AAEF,IAAY,YAGX;AAHD,WAAY,YAAY;IACtB,6CAAO,CAAA;IACP,2CAAM,CAAA;AACR,CAAC,EAHW,YAAY,GAAZ,oBAAY,KAAZ,oBAAY,QAGvB;AAAA,CAAC"}
1
+ {"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../../src/acs/interfaces.ts"],"names":[],"mappings":";;;AAAA,IAAY,WAQX;AARD,WAAY,WAAW;IACrB,gCAAiB,CAAA;IACjB,4BAAa,CAAA;IACb,gCAAiB,CAAA;IACjB,gCAAiB,CAAA;IACjB,kCAAmB,CAAA;IACnB,4BAAa,CAAA;IACb,wBAAS,CAAA;AACX,CAAC,EARW,WAAW,GAAX,mBAAW,KAAX,mBAAW,QAQtB;AAED,IAAY,SAGX;AAHD,WAAY,SAAS;IACnB,oCAAuB,CAAA;IACvB,4CAA+B,CAAA;AACjC,CAAC,EAHW,SAAS,GAAT,iBAAS,KAAT,iBAAS,QAGpB;AA0BA,CAAC;AA6BF,IAAY,QAIX;AAJD,WAAY,QAAQ;IAClB,6BAAiB,CAAA;IACjB,yBAAa,CAAA;IACb,2CAA+B,CAAA;AACjC,CAAC,EAJW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAInB;AASA,CAAC;AA6HF,IAAY,eAMX;AAND,WAAY,eAAe;IACzB,yDAAU,CAAA;IACV,yDAAU,CAAA;IACV,2DAAW,CAAA;IACX,qDAAQ,CAAA;IACR,uDAAS,CAAA;AACX,CAAC,EANW,eAAe,GAAf,uBAAe,KAAf,uBAAe,QAM1B;AAAA,CAAC;AAqDF,IAAY,MAIX;AAJD,WAAY,MAAM;IAChB,2BAAiB,CAAA;IACjB,uBAAa,CAAA;IACb,yCAA+B,CAAA;AACjC,CAAC,EAJW,MAAM,GAAN,cAAM,KAAN,cAAM,QAIjB;AAmBD,IAAY,eAUX;AAVD,WAAY,eAAe;IACzB,iDAAM,CAAA;IACN,iDAAM,CAAA;IACN,mDAAO,CAAA;IACP,iDAAM,CAAA;IACN,mDAAO,CAAA;IACP,2DAAW,CAAA;IACX,uDAAS,CAAA;IACT,iDAAM,CAAA;IACN,mDAAO,CAAA;AACT,CAAC,EAVW,eAAe,GAAf,uBAAe,KAAf,uBAAe,QAU1B;AAAA,CAAC;AAEF,IAAY,YAGX;AAHD,WAAY,YAAY;IACtB,6CAAO,CAAA;IACP,2CAAM,CAAA;AACR,CAAC,EAHW,YAAY,GAAZ,oBAAY,KAAZ,oBAAY,QAGvB;AAAA,CAAC"}
package/lib/acs/resolver.d.ts CHANGED
@@ -1,25 +1,26 @@
1
- import { Resource, ACSRequest, Subject, UnauthenticatedData, DecisionResponse, PolicySetRQResponse } from './interfaces';
1
+ import { ACSRequest, Subject, ACSClientContext, Filters, DecisionResponse, PolicySetRQResponse, Operation, Resource } from './interfaces';
2
2
  import { AuthZAction } from './interfaces';
3
3
  import { ACSAuthZ } from './authz';
4
- export declare const isAllowedRequest: (subject: Subject | UnauthenticatedData, resources: Resource[], action: AuthZAction, authZ: ACSAuthZ, useCache: boolean) => Promise<DecisionResponse>;
4
+ export declare const isAllowedRequest: (subject: Subject, resource: Resource[], action: AuthZAction, ctx: ACSClientContext, useCache: boolean) => Promise<DecisionResponse>;
5
5
  /**
6
6
  * It turns an API request as can be found in typical Web frameworks like express, koa etc.
7
- * into a proper ACS request. For write operations it uses `isAllowed()` and for read operations
8
- * it uses `whatIsAllowed()`. For the latter it extends the filter provided in the `ReadRequst`
7
+ * into a proper ACS request. For `whatIsAllowed` operation it returns the filters
9
8
  * to enforce the applicapble poilicies. The response is `Decision`
10
9
  * or policy set reverse query `PolicySetRQ` depending on the requeste operation `isAllowed()` or
11
10
  * `whatIsAllowed()` respectively.
12
- * @param {Subject | ApiKey} subject Contains subject information or ApiKey
13
- * @param {any | any[] | ReadRequest} request request object of type any for resource or ReadRequest
11
+ * @param {Subject} subject Contains subject information or ApiKey
12
+ * @param {Resource[]} resource Contains resource name, resource instance and optional resource properties
14
13
  * @param {AuthZAction} action Action to be performed on resource
15
- * @param {ACSAuthZ} authZ ACS Authorization Object containing grpc client connection for `access-control-srv`
16
- * @param {string} entity entity name optional
17
- * @param {string} resourceNameSpace resource name space optional
14
+ * @param {ACSClientContext} ctx Context containing Subject and Context Resources for ACS
15
+ * @param {Operation} operation Operation to perform `isAllowed` or `whatIsAllowed`,
16
+ * if this param is missing defaults to `isAllowed` operation
17
+ * @param {Database} database database used either `arangoDB` or `postgres`,
18
+ * if this param is missing defaults to `arangoDB`
18
19
  * @param {boolean} useCache by default ACS caching is used, if set to false then ACS cache
19
20
  * is not used and ACS request is made to `access-control-srv`
20
21
  * @returns {DecisionResponse | PolicySetRQResponse}
21
22
  */
22
- export declare const accessRequest: (subject: Subject, request: any | any[] | ReadRequest, action: AuthZAction, authZ: ACSAuthZ, entity?: string, resourceNameSpace?: string, useCache?: boolean) => Promise<DecisionResponse | PolicySetRQResponse>;
23
+ export declare const accessRequest: (subject: Subject, resource: Resource[], action: AuthZAction, ctx: ACSClientContext, operation?: Operation, database?: 'arangoDB' | 'postgres', useCache?: boolean) => Promise<DecisionResponse | PolicySetRQResponse>;
23
24
  /**
24
25
  * Exposes the isAllowed() api of `access-control-srv` and retruns the response
25
26
  * as `Decision`.
@@ -59,17 +60,13 @@ export interface LoginError {
59
60
  code: string;
60
61
  message: string;
61
62
  }
62
- export interface ReadRequest {
63
- entity: string;
64
- args: QueryArguments;
65
- database?: string;
66
- namespace?: string;
67
- }
68
63
  export interface QueryArguments {
69
- filters?: any;
64
+ filters?: Filters[];
70
65
  limit?: any;
71
66
  sort?: any;
72
67
  offset?: any;
68
+ custom_queries: string[];
69
+ custom_arguments: any;
73
70
  }
74
71
  export interface UserQueryArguments extends QueryArguments {
75
72
  user_role: RoleRequest;