@revealui/core 0.2.1 → 0.3.0

package/dist/security/auth.js

@@ -1,263 +1,10 @@
 /**
- * Authentication System
+ * Authentication Utilities
  *
- * JWT-based authentication with session management, token refresh, and OAuth support
+ * OAuth support, password hashing, and two-factor authentication.
+ * JWT-based auth was removed — session auth is handled by @revealui/auth.
  */
-import { createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
-import { jwtVerify, SignJWT } from 'jose';
-const DEFAULT_CONFIG = {
-    jwtAlgorithm: 'HS256',
-    accessTokenExpiry: 3600, // 1 hour
-    refreshTokenExpiry: 604800, // 7 days
-    issuer: 'revealui',
-    audience: 'revealui-app',
-    sessionTimeout: 1800, // 30 minutes
-    refreshThreshold: 300, // 5 minutes before expiry
-};
-/**
- * Authentication system
- */
-export class AuthSystem {
-    static MAX_SESSIONS = 10_000;
-    config;
-    sessions = new Map();
-    refreshTokens = new Map(); // refreshToken -> userId
-    sessionCleanupInterval;
-    constructor(config) {
-        this.config = { ...DEFAULT_CONFIG, ...config };
-        this.startSessionCleanup();
-    }
-    /**
-     * Authenticate user with credentials
-     */
-    async authenticate(_email, _password, _deviceInfo) {
-        // This would integrate with your authentication backend
-        // For now, this is a placeholder implementation
-        throw new Error('Implement authenticate() with your auth backend');
-    }
-    /**
-     * Create JWT token
-     */
-    async createToken(user, expiresIn = this.config.accessTokenExpiry) {
-        const now = Math.floor(Date.now() / 1000);
-        const expiresAt = now + expiresIn;
-        const payload = {
-            sub: user.id,
-            email: user.email,
-            roles: user.roles,
-            permissions: user.permissions,
-            iat: now,
-            exp: expiresAt,
-            iss: this.config.issuer,
-            aud: this.config.audience,
-        };
-        const accessToken = await this.encodeJWT(payload);
-        // Create refresh token
-        const refreshToken = this.generateRefreshToken(user.id);
-        return {
-            accessToken,
-            refreshToken,
-            expiresAt: expiresAt * 1000, // Convert to ms
-            tokenType: 'Bearer',
-        };
-    }
-    /**
-     * Verify and decode JWT token
-     */
-    async verifyToken(token) {
-        try {
-            const payload = await this.decodeJWT(token);
-            // Check expiration
-            const now = Math.floor(Date.now() / 1000);
-            if (payload.exp && payload.exp < now) {
-                throw new Error('Token expired');
-            }
-            // Check issuer
-            if (payload.iss !== this.config.issuer) {
-                throw new Error('Invalid token issuer');
-            }
-            // Check audience
-            if (payload.aud !== this.config.audience) {
-                throw new Error('Invalid token audience');
-            }
-            return payload;
-        }
-        catch (error) {
-            throw new Error(`Token verification failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
-        }
-    }
-    /**
-     * Refresh access token
-     */
-    async refreshAccessToken(refreshToken) {
-        const userId = this.refreshTokens.get(refreshToken);
-        if (!userId) {
-            throw new Error('Invalid refresh token');
-        }
-        // Get user session
-        const session = Array.from(this.sessions.values()).find((s) => s.user.id === userId);
-        if (!session) {
-            throw new Error('Session not found');
-        }
-        // Create new access token
-        return await this.createToken(session.user);
-    }
-    /**
-     * Create session
-     */
-    createSession(user, token, deviceInfo) {
-        const now = Date.now();
-        // Evict oldest session if at capacity
-        if (this.sessions.size >= AuthSystem.MAX_SESSIONS) {
-            let oldestKey;
-            let oldestTime = Number.POSITIVE_INFINITY;
-            for (const [key, session] of this.sessions.entries()) {
-                if (session.lastActivity < oldestTime) {
-                    oldestTime = session.lastActivity;
-                    oldestKey = key;
-                }
-            }
-            if (oldestKey) {
-                this.destroySession(oldestKey);
-            }
-        }
-        const session = {
-            user,
-            token,
-            createdAt: now,
-            lastActivity: now,
-            expiresAt: now + this.config.sessionTimeout * 1000,
-            deviceInfo,
-        };
-        this.sessions.set(user.id, session);
-        if (token.refreshToken) {
-            this.refreshTokens.set(token.refreshToken, user.id);
-        }
-        return session;
-    }
-    /**
-     * Get session
-     */
-    getSession(userId) {
-        const session = this.sessions.get(userId);
-        if (!session) {
-            return undefined;
-        }
-        // Check if session expired
-        if (Date.now() > session.expiresAt) {
-            this.destroySession(userId);
-            return undefined;
-        }
-        return session;
-    }
-    /**
-     * Update session activity
-     */
-    updateSessionActivity(userId) {
-        const session = this.sessions.get(userId);
-        if (session) {
-            session.lastActivity = Date.now();
-            session.expiresAt = Date.now() + this.config.sessionTimeout * 1000;
-        }
-    }
-    /**
-     * Destroy session
-     */
-    destroySession(userId) {
-        const session = this.sessions.get(userId);
-        if (session?.token.refreshToken) {
-            this.refreshTokens.delete(session.token.refreshToken);
-        }
-        this.sessions.delete(userId);
-    }
-    /**
-     * Destroy all sessions for user
-     */
-    destroyAllSessions(userId) {
-        this.destroySession(userId);
-    }
-    /**
-     * Check if token needs refresh
-     */
-    shouldRefreshToken(token) {
-        const timeUntilExpiry = token.expiresAt - Date.now();
-        return timeUntilExpiry < this.config.refreshThreshold * 1000;
-    }
-    /**
-     * Get user from token
-     */
-    async getUserFromToken(token) {
-        try {
-            const payload = await this.verifyToken(token);
-            return {
-                id: payload.sub,
-                email: payload.email,
-                roles: payload.roles,
-                permissions: payload.permissions,
-            };
-        }
-        catch {
-            return null;
-        }
-    }
-    /**
-     * Encode JWT using jose library (Web Crypto API)
-     */
-    async encodeJWT(payload) {
-        const secret = new TextEncoder().encode(this.config.jwtSecret);
-        const alg = this.config.jwtAlgorithm === 'RS256' ? 'RS256' : this.config.jwtAlgorithm;
-        const builder = new SignJWT({
-            email: payload.email,
-            roles: payload.roles,
-            permissions: payload.permissions,
-        })
-            .setProtectedHeader({ alg })
-            .setSubject(payload.sub)
-            .setIssuedAt(payload.iat)
-            .setExpirationTime(payload.exp);
-        if (payload.iss)
-            builder.setIssuer(payload.iss);
-        if (payload.aud)
-            builder.setAudience(payload.aud);
-        return builder.sign(secret);
-    }
-    /**
-     * Decode and verify JWT using jose library (Web Crypto API)
-     */
-    async decodeJWT(token) {
-        const secret = new TextEncoder().encode(this.config.jwtSecret);
-        const { payload } = await jwtVerify(token, secret);
-        return payload;
-    }
-    /**
-     * Generate cryptographically secure refresh token
-     */
-    generateRefreshToken(_userId) {
-        // Opaque token — userId is stored in the refreshTokens map, not leaked in the token itself
-        return randomBytes(32).toString('hex');
-    }
-    /**
-     * Start session cleanup interval
-     */
-    startSessionCleanup() {
-        this.sessionCleanupInterval = setInterval(() => {
-            const now = Date.now();
-            for (const [userId, session] of this.sessions.entries()) {
-                if (now > session.expiresAt) {
-                    this.destroySession(userId);
-                }
-            }
-        }, 60000); // Every minute
-    }
-    /**
-     * Stop session cleanup
-     */
-    destroy() {
-        if (this.sessionCleanupInterval) {
-            clearInterval(this.sessionCleanupInterval);
-        }
-    }
-}
+import { createHmac, timingSafeEqual } from 'node:crypto';
 /**
  * OAuth provider configurations
  */
@@ -312,6 +59,8 @@ export class OAuthClient {
      * Exchange code for token
      */
     async exchangeCodeForToken(code) {
+        if (!this.config.tokenUrl)
+            throw new Error('tokenUrl is required for OAuth');
         const response = await fetch(this.config.tokenUrl, {
             method: 'POST',
             headers: {
@@ -326,7 +75,15 @@ export class OAuthClient {
             }),
         });
         if (!response.ok) {
-            throw new Error('Failed to exchange code for token');
+            let detail = '';
+            try {
+                const body = await response.text();
+                detail = `: ${response.status} ${body.slice(0, 200)}`;
+            }
+            catch {
+                detail = `: ${response.status}`;
+            }
+            throw new Error(`Failed to exchange code for token${detail}`);
         }
         return response.json();
     }
@@ -334,13 +91,24 @@ export class OAuthClient {
      * Get user info
      */
     async getUserInfo(accessToken) {
+        if (!this.config.userInfoUrl)
+            throw new Error('userInfoUrl is required for OAuth');
         const response = await fetch(this.config.userInfoUrl, {
             headers: {
+                // biome-ignore lint/style/useNamingConvention: HTTP header convention
                 Authorization: `Bearer ${accessToken}`,
             },
         });
         if (!response.ok) {
-            throw new Error('Failed to fetch user info');
+            let detail = '';
+            try {
+                const body = await response.text();
+                detail = `: ${response.status} ${body.slice(0, 200)}`;
+            }
+            catch {
+                detail = `: ${response.status}`;
+            }
+            throw new Error(`Failed to fetch user info${detail}`);
         }
         return response.json();
     }
@@ -349,128 +117,141 @@ export class OAuthClient {
  * Password hashing utilities
  *
  * Uses PBKDF2 with a random salt for secure password hashing.
- * For even stronger hashing, use bcryptjs (available in @revealui/auth).
+ *
+ * @deprecated Use `@revealui/auth` instead — it uses bcrypt which is more
+ * resistant to GPU brute-force attacks. This PBKDF2 implementation will be
+ * removed in a future major version.
  */
-export class PasswordHasher {
-    static ITERATIONS = 100000;
-    static KEY_LENGTH = 64;
-    static DIGEST = 'sha512';
-    /**
-     * Hash password with PBKDF2 and random salt
-     */
-    static async hash(password) {
-        const { pbkdf2, randomBytes: rb } = await import('node:crypto');
-        const salt = rb(16).toString('hex');
-        return new Promise((resolve, reject) => {
-            pbkdf2(password, salt, PasswordHasher.ITERATIONS, PasswordHasher.KEY_LENGTH, PasswordHasher.DIGEST, (err, derivedKey) => {
-                if (err)
-                    reject(err);
-                else
-                    resolve(`${salt}:${derivedKey.toString('hex')}`);
-            });
+const PH_ITERATIONS = 100000;
+const PH_KEY_LENGTH = 64;
+const PH_DIGEST = 'sha512';
+/**
+ * Hash password with PBKDF2 and random salt
+ */
+async function hashPassword(password) {
+    const { pbkdf2, randomBytes: rb } = await import('node:crypto');
+    const salt = rb(16).toString('hex');
+    return new Promise((resolve, reject) => {
+        pbkdf2(password, salt, PH_ITERATIONS, PH_KEY_LENGTH, PH_DIGEST, (err, derivedKey) => {
+            if (err)
+                reject(err);
+            else
+                resolve(`${salt}:${derivedKey.toString('hex')}`);
         });
+    });
+}
+/**
+ * Verify password against stored hash
+ */
+async function verifyPassword(password, storedHash) {
+    const { pbkdf2, timingSafeEqual: tse } = await import('node:crypto');
+    const [salt, hash] = storedHash.split(':');
+    if (!(salt && hash)) {
+        return false;
     }
-    /**
-     * Verify password against stored hash
-     */
-    static async verify(password, storedHash) {
-        const { pbkdf2, timingSafeEqual } = await import('node:crypto');
-        const [salt, hash] = storedHash.split(':');
-        if (!(salt && hash)) {
-            return false;
-        }
-        return new Promise((resolve, reject) => {
-            pbkdf2(password, salt, PasswordHasher.ITERATIONS, PasswordHasher.KEY_LENGTH, PasswordHasher.DIGEST, (err, derivedKey) => {
-                if (err)
-                    reject(err);
+    return new Promise((resolve, reject) => {
+        pbkdf2(password, salt, PH_ITERATIONS, PH_KEY_LENGTH, PH_DIGEST, (err, derivedKey) => {
+            if (err)
+                reject(err);
+            else {
+                const derived = Buffer.from(derivedKey.toString('hex'), 'utf-8');
+                const expected = Buffer.from(hash, 'utf-8');
+                if (derived.length !== expected.length) {
+                    resolve(false);
+                }
                 else {
-                    const derived = Buffer.from(derivedKey.toString('hex'), 'utf-8');
-                    const expected = Buffer.from(hash, 'utf-8');
-                    if (derived.length !== expected.length) {
-                        resolve(false);
-                    }
-                    else {
-                        resolve(timingSafeEqual(derived, expected));
-                    }
+                    resolve(tse(derived, expected));
                 }
-            });
+            }
         });
-    }
+    });
 }
+export const PasswordHasher = {
+    hash: hashPassword,
+    verify: verifyPassword,
+};
 /**
  * Two-factor authentication
  */
-export class TwoFactorAuth {
-    /**
-     * Generate TOTP secret
-     */
-    static generateSecret() {
-        const crypto = globalThis.crypto;
-        if (!crypto) {
-            throw new Error('Crypto API not available');
+/**
+ * Base32 encode
+ */
+function base32Encode(buffer) {
+    const alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+    let result = '';
+    let bits = 0;
+    let value = 0;
+    for (const byte of buffer) {
+        if (byte === undefined)
+            continue;
+        value = (value << 8) | byte;
+        bits += 8;
+        while (bits >= 5) {
+            result += alphabet[(value >>> (bits - 5)) & 31];
+            bits -= 5;
         }
-        const buffer = new Uint8Array(20);
-        crypto.getRandomValues(buffer);
-        return TwoFactorAuth.base32Encode(buffer);
     }
-    /**
-     * Generate TOTP code
-     */
-    static generateCode(secret, timestamp) {
-        const time = Math.floor((timestamp || Date.now()) / 30000);
-        const hmacDigest = TwoFactorAuth.hmac(secret, time.toString());
-        const offset = hmacDigest[hmacDigest.length - 1] & 0x0f;
-        const code = (((hmacDigest[offset] & 0x7f) << 24) |
-            ((hmacDigest[offset + 1] & 0xff) << 16) |
-            ((hmacDigest[offset + 2] & 0xff) << 8) |
-            (hmacDigest[offset + 3] & 0xff)) %
-            1000000;
-        return code.toString().padStart(6, '0');
+    if (bits > 0) {
+        result += alphabet[(value << (5 - bits)) & 31];
     }
-    /**
-     * Verify TOTP code
-     */
-    static verifyCode(secret, code, window = 1) {
-        const timestamp = Date.now();
-        // Check current and adjacent time windows
-        for (let i = -window; i <= window; i++) {
-            const testTime = timestamp + i * 30000;
-            const testCode = TwoFactorAuth.generateCode(secret, testTime);
-            if (testCode.length === code.length &&
-                timingSafeEqual(Buffer.from(testCode), Buffer.from(code))) {
-                return true;
-            }
-        }
-        return false;
+    return result;
+}
+/**
+ * HMAC-SHA1 implementation for TOTP
+ */
+function totpHmac(key, message) {
+    const hmacDigest = createHmac('sha1', key).update(message).digest();
+    return new Uint8Array(hmacDigest);
+}
+/**
+ * Generate TOTP secret
+ */
+function generateSecret() {
+    const crypto = globalThis.crypto;
+    if (!crypto) {
+        throw new Error('Crypto API not available');
     }
-    /**
-     * Base32 encode
-     */
-    static base32Encode(buffer) {
-        const alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
-        let result = '';
-        let bits = 0;
-        let value = 0;
-        for (const byte of buffer) {
-            if (byte === undefined)
-                continue;
-            value = (value << 8) | byte;
-            bits += 8;
-            while (bits >= 5) {
-                result += alphabet[(value >>> (bits - 5)) & 31];
-                bits -= 5;
-            }
-        }
-        if (bits > 0) {
-            result += alphabet[(value << (5 - bits)) & 31];
+    const buffer = new Uint8Array(20);
+    crypto.getRandomValues(buffer);
+    return base32Encode(buffer);
+}
+/**
+ * Generate TOTP code
+ */
+function generateCode(secret, timestamp) {
+    const time = Math.floor((timestamp || Date.now()) / 30000);
+    const hmacDigest = totpHmac(secret, time.toString());
+    // biome-ignore lint/style/noNonNullAssertion: HMAC-SHA1 always produces 20 bytes; buffer indices are guaranteed valid
+    const offset = hmacDigest[hmacDigest.length - 1] & 0x0f;
+    // biome-ignore lint/style/noNonNullAssertion: HMAC-SHA1 always produces 20 bytes; buffer indices are guaranteed valid
+    const b0 = hmacDigest[offset] & 0x7f;
+    // biome-ignore lint/style/noNonNullAssertion: HMAC-SHA1 always produces 20 bytes; buffer indices are guaranteed valid
+    const b1 = hmacDigest[offset + 1] & 0xff;
+    // biome-ignore lint/style/noNonNullAssertion: HMAC-SHA1 always produces 20 bytes; buffer indices are guaranteed valid
+    const b2 = hmacDigest[offset + 2] & 0xff;
+    // biome-ignore lint/style/noNonNullAssertion: HMAC-SHA1 always produces 20 bytes; buffer indices are guaranteed valid
+    const b3 = hmacDigest[offset + 3] & 0xff;
+    const code = ((b0 << 24) | (b1 << 16) | (b2 << 8) | b3) % 1000000;
+    return code.toString().padStart(6, '0');
+}
+/**
+ * Verify TOTP code
+ */
+function verifyCode(secret, code, window = 1) {
+    const timestamp = Date.now();
+    // Check current and adjacent time windows
+    for (let i = -window; i <= window; i++) {
+        const testTime = timestamp + i * 30000;
+        const testCode = generateCode(secret, testTime);
+        if (testCode.length === code.length &&
+            timingSafeEqual(Buffer.from(testCode), Buffer.from(code))) {
+            return true;
         }
-        return result;
-    }
-    /**
-     * HMAC-SHA1 implementation for TOTP
-     */
-    static hmac(key, message) {
-        const hmacDigest = createHmac('sha1', key).update(message).digest();
-        return new Uint8Array(hmacDigest);
     }
+    return false;
 }
+export const TwoFactorAuth = {
+    generateSecret,
+    generateCode,
+    verifyCode,
+};

package/dist/security/authorization.d.ts

@@ -120,37 +120,12 @@ export declare class AuthorizationSystem {
  */
 export declare const authorization: AuthorizationSystem;
 /**
- * Common roles
+ * Common roles — aligned with DB schema (`users.role` column)
+ * and `UserRoleSchema` in @revealui/contracts.
+ *
+ * Values: owner | admin | editor | viewer | agent | contributor
  */
-export declare const CommonRoles: {
-    admin: {
-        id: string;
-        name: string;
-        description: string;
-        permissions: {
-            resource: string;
-            action: string;
-        }[];
-    };
-    user: {
-        id: string;
-        name: string;
-        description: string;
-        permissions: {
-            resource: string;
-            action: string;
-        }[];
-    };
-    guest: {
-        id: string;
-        name: string;
-        description: string;
-        permissions: {
-            resource: string;
-            action: string;
-        }[];
-    };
-};
+export declare const CommonRoles: Record<string, Role>;
 /**
  * Permission builder
  */
@@ -206,7 +181,8 @@ export declare function checkAttributeAccess(context: AuthorizationContext, reso
 export declare class PermissionCache {
     private cache;
     private ttl;
-    constructor(ttl?: number);
+    private maxEntries;
+    constructor(ttl?: number, maxEntries?: number);
     /**
      * Get cached permission
      */

package/dist/security/authorization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization.d.ts","sourceRoot":"","sources":["../../src/security/authorization.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACrC;AAED,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,WAAW,EAAE,UAAU,EAAE,CAAA;IACzB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;CACpB;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,OAAO,GAAG,MAAM,CAAA;IACxB,SAAS,EAAE,MAAM,EAAE,CAAA;IACnB,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,UAAU,CAAC,EAAE,eAAe,EAAE,CAAA;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,UAAU,CAAA;IACvE,KAAK,EAAE,OAAO,CAAA;CACf;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAA;QACV,KAAK,EAAE,MAAM,EAAE,CAAA;QACf,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KACrC,CAAA;IACD,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,MAAM,CAAA;QACZ,EAAE,CAAC,EAAE,MAAM,CAAA;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KACrC,CAAA;IACD,WAAW,CAAC,EAAE;QACZ,IAAI,CAAC,EAAE,IAAI,CAAA;QACX,EAAE,CAAC,EAAE,MAAM,CAAA;QACX,SAAS,CAAC,EAAE,MAAM,CAAA;KACnB,CAAA;CACF;AAED;;GAEG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,KAAK,CAA+B;IAC5C,OAAO,CAAC,QAAQ,CAAiC;IAEjD;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI;IAI9B;;OAEG;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAIzC;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAIpC;;OAEG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAY7E;;OAEG;IACH,WAAW,CACT,OAAO,EAAE,oBAAoB,EAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,GACb;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAyBxC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA4B1B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAgB7B;;OAEG;IACH,OAAO,CAAC,eAAe;IAYvB;;OAEG;IACH,OAAO,CAAC,aAAa;IAYrB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAU1B;;OAEG;IACH,OAAO,CAAC,eAAe;IAgBvB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAmCzB;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO;IAInE;;OAEG;IACH,KAAK,IAAI,IAAI;CAId;AAED;;GAEG;AACH,eAAO,MAAM,aAAa,qBAA4B,CAAA;AAEtD;;GAEG;AACH,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BvB,CAAA;AAED;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,UAAU,CAA0B;IAE5C,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAKhC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAK5B,UAAU,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAKrD,KAAK,IAAI,UAAU;CAOpB;AAED;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAKb;IAED,EAAE,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAKpB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,KAAK,IAAI,IAAI;IAKb,IAAI,IAAI,IAAI;IAKZ,SAAS,CAAC,GAAG,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI;IAKvC,OAAO,CAAC,GAAG,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI;IAKnC,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI;IASrF,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAKhC,KAAK,IAAI,MAAM;CAOhB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,IACxD,SAAS,MAAM,EAAE,cAAc,MAAM,EAAE,YAAY,kBAAkB,wBAe9E;AAED,wBAAgB,WAAW,CAAC,YAAY,EAAE,MAAM,IACtC,SAAS,MAAM,EAAE,cAAc,MAAM,EAAE,YAAY,kBAAkB,wBAe9E;AAED;;GAEG;AACH,wBAAgB,6BAA6B,CAAC,QAAQ,GAAG,OAAO,EAC9D,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,KAAK;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,EAAE,CAAA;CAAE,EAC/D,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,IAEN,SAAS,QAAQ,EAAE,MAAM,MAAM,OAAO,CAAC,OAAO,CAAC,sBASxD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EAAE,EACnB,QAAQ,EAAE;IACR,IAAI,EAAE,MAAM,CAAA;IACZ,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,EACD,MAAM,EAAE,MAAM,GACb,OAAO,CAYT;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,oBAAoB,EAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC3C,OAAO,CAgBT;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,KAAK,CAAkE;IAC/E,OAAO,CAAC,GAAG,CAAQ;gBAEP,GAAG,GAAE,MAAe;IAKhC;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS;IAiB1E;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,IAAI;IAS7E;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAQ/B;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;OAEG;IACH,OAAO,CAAC,WAAW;CAGpB;AAED;;GAEG;AACH,eAAO,MAAM,eAAe,iBAAwB,CAAA"}
+{"version":3,"file":"authorization.d.ts","sourceRoot":"","sources":["../../src/security/authorization.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,CAAC,EAAE,eAAe,EAAE,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,UAAU,CAAC;IACxE,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACtC,CAAC;IACF,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACtC,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,IAAI,CAAC,EAAE,IAAI,CAAC;QACZ,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED;;GAEG;AACH,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,KAAK,CAAgC;IAC7C,OAAO,CAAC,QAAQ,CAAkC;IAElD;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI;IAI9B;;OAEG;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS;IAIzC;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAIpC;;OAEG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAY7E;;OAEG;IACH,WAAW,CACT,OAAO,EAAE,oBAAoB,EAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,GACb;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAyBxC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IA4B1B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAgB7B;;OAEG;IACH,OAAO,CAAC,eAAe;IAYvB;;OAEG;IACH,OAAO,CAAC,aAAa;IAYrB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAU1B;;OAEG;IACH,OAAO,CAAC,eAAe;IAgBvB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAmCzB;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO;IAInE;;OAEG;IACH,KAAK,IAAI,IAAI;CAId;AAED;;GAEG;AACH,eAAO,MAAM,aAAa,qBAA4B,CAAC;AAEvD;;;;;GAKG;AACH,eAAO,MAAM,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CA8Db,CAAC;AAEjC;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,UAAU,CAA2B;IAE7C,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAKhC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAK5B,UAAU,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAKrD,KAAK,IAAI,UAAU;CAOpB;AAED;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAKZ;IAEF,EAAE,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAKpB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKxB,KAAK,IAAI,IAAI;IAKb,IAAI,IAAI,IAAI;IAKZ,SAAS,CAAC,GAAG,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI;IAKvC,OAAO,CAAC,GAAG,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI;IAKnC,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI;IASrF,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAKhC,KAAK,IAAI,MAAM;CAOhB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,IACxD,SAAS,MAAM,EAAE,cAAc,MAAM,EAAE,YAAY,kBAAkB,wBAe9E;AAED,wBAAgB,WAAW,CAAC,YAAY,EAAE,MAAM,IACtC,SAAS,MAAM,EAAE,cAAc,MAAM,EAAE,YAAY,kBAAkB,wBAe9E;AAED;;GAEG;AACH,wBAAgB,6BAA6B,CAAC,QAAQ,GAAG,OAAO,EAC9D,OAAO,EAAE,CAAC,OAAO,EAAE,QAAQ,KAAK;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,EAAE,CAAA;CAAE,EAC/D,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,IAEN,SAAS,QAAQ,EAAE,MAAM,MAAM,OAAO,CAAC,OAAO,CAAC,sBASxD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EAAE,EACnB,QAAQ,EAAE;IACR,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,EACD,MAAM,EAAE,MAAM,GACb,OAAO,CAYT;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,oBAAoB,EAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC3C,OAAO,CAkBT;AAED;;GAEG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,KAAK,CAAmE;IAChF,OAAO,CAAC,GAAG,CAAS;IACpB,OAAO,CAAC,UAAU,CAAS;gBAEf,GAAG,GAAE,MAAe,EAAE,UAAU,GAAE,MAAe;IAM7D;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS;IAiB1E;;OAEG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,IAAI;IA0B7E;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAQ/B;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;OAEG;IACH,OAAO,CAAC,WAAW;CAGpB;AAED;;GAEG;AACH,eAAO,MAAM,eAAe,iBAAwB,CAAC"}