@rockcarver/frodo-lib 0.18.3 → 0.18.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/CHANGELOG.md +17 -1
  2. package/cjs/api/cloud/LogApi.js +18 -15
  3. package/cjs/api/cloud/LogApi.js.map +1 -1
  4. package/cjs/ops/AuthenticateOps.js +10 -8
  5. package/cjs/ops/AuthenticateOps.js.map +1 -1
  6. package/cjs/ops/cloud/LogOps.js +11 -9
  7. package/cjs/ops/cloud/LogOps.js.map +1 -1
  8. package/esm/api/cloud/LogApi.mjs +11 -8
  9. package/esm/ops/AuthenticateOps.mjs +10 -9
  10. package/esm/ops/cloud/LogOps.mjs +12 -10
  11. package/package.json +1 -1
  12. package/types/api/cloud/LogApi.d.ts +2 -2
  13. package/types/api/cloud/LogApi.d.ts.map +1 -1
  14. package/types/ops/AuthenticateOps.d.ts +2 -2
  15. package/types/ops/AuthenticateOps.d.ts.map +1 -1
  16. package/types/ops/cloud/LogOps.d.ts.map +1 -1
package/CHANGELOG.md CHANGED
@@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [0.18.5] - 2023-02-14
11
+
12
+ ### Fixed
13
+
14
+ - rockcarver/frodo-cli#196: Frodo now properly detects Encore environments as ForgeOps environments and obtains an access token for IDM APIs.
15
+
16
+ ## [0.18.4] - 2023-02-11
17
+
18
+ ### Fixed
19
+
20
+ - rockcarver/frodo-cli#195: Backend support to fix issue: `Authenticate.getTokens` API now supports new `forceLoginAsUser` param to force logging in as a user even if a service account is available.
21
+
10
22
  ## [0.18.3] - 2023-01-27
11
23
 
12
24
  ### Changed
@@ -1046,7 +1058,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
1046
1058
  - Fixed problem with adding connection profiles
1047
1059
  - Miscellaneous bug fixes
1048
1060
 
1049
- [Unreleased]: https://github.com/rockcarver/frodo-lib/compare/v0.18.3...HEAD
1061
+ [Unreleased]: https://github.com/rockcarver/frodo-lib/compare/v0.18.5...HEAD
1062
+
1063
+ [0.18.5]: https://github.com/rockcarver/frodo-lib/compare/v0.18.4...v0.18.5
1064
+
1065
+ [0.18.4]: https://github.com/rockcarver/frodo-lib/compare/v0.18.3...v0.18.4
1050
1066
 
1051
1067
  [0.18.3]: https://github.com/rockcarver/frodo-lib/compare/v0.18.2...v0.18.3
1052
1068
 
package/cjs/api/cloud/LogApi.js CHANGED
@@ -22,26 +22,16 @@ var logsFetchURLTemplate = '%s/monitoring/logs?source=%s&beginTime=%s&endTime=%s
22
22
  var logsSourcesURLTemplate = '%s/monitoring/logs/sources';
23
23
  var logsCreateAPIKeyAndSecretURLTemplate = '%s/keys?_action=create';
24
24
  var logsGetAPIKeysURLTemplate = '%s/keys';
25
- function tail(_x, _x2) {
26
- return _tail.apply(this, arguments);
27
- }
28
- function _tail() {
29
- _tail = _asyncToGenerator(function* (source, cookie) {
30
- var urlString = _util.default.format(logsTailURLTemplate, (0, _ApiUtils.getTenantURL)(state.getHost()), encodeURIComponent(source));
31
- if (cookie) {
32
- urlString += "&_pagedResultsCookie=".concat(encodeURIComponent(cookie));
33
- }
34
- return (0, _BaseApi.generateLogApi)().get(urlString);
35
- });
36
- return _tail.apply(this, arguments);
37
- }
38
25
  function getAPIKeys() {
39
26
  return _getAPIKeys.apply(this, arguments);
40
27
  }
41
28
  function _getAPIKeys() {
42
29
  _getAPIKeys = _asyncToGenerator(function* () {
43
30
  var urlString = _util.default.format(logsGetAPIKeysURLTemplate, (0, _ApiUtils.getTenantURL)(state.getHost()));
44
- return (0, _BaseApi.generateLogKeysApi)().get(urlString);
31
+ var {
32
+ data
33
+ } = yield (0, _BaseApi.generateLogKeysApi)().get(urlString);
34
+ return data;
45
35
  });
46
36
  return _getAPIKeys.apply(this, arguments);
47
37
  }
@@ -55,7 +45,7 @@ function _getSources() {
55
45
  });
56
46
  return _getSources.apply(this, arguments);
57
47
  }
58
- function createAPIKeyAndSecret(_x3) {
48
+ function createAPIKeyAndSecret(_x) {
59
49
  return _createAPIKeyAndSecret.apply(this, arguments);
60
50
  }
61
51
  function _createAPIKeyAndSecret() {
@@ -67,6 +57,19 @@ function _createAPIKeyAndSecret() {
67
57
  });
68
58
  return _createAPIKeyAndSecret.apply(this, arguments);
69
59
  }
60
+ function tail(_x2, _x3) {
61
+ return _tail.apply(this, arguments);
62
+ }
63
+ function _tail() {
64
+ _tail = _asyncToGenerator(function* (source, cookie) {
65
+ var urlString = _util.default.format(logsTailURLTemplate, (0, _ApiUtils.getTenantURL)(state.getHost()), encodeURIComponent(source));
66
+ if (cookie) {
67
+ urlString += "&_pagedResultsCookie=".concat(encodeURIComponent(cookie));
68
+ }
69
+ return (0, _BaseApi.generateLogApi)().get(urlString);
70
+ });
71
+ return _tail.apply(this, arguments);
72
+ }
70
73
  function fetch(_x4, _x5, _x6, _x7) {
71
74
  return _fetch.apply(this, arguments);
72
75
  }
package/cjs/api/cloud/LogApi.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"LogApi.js","names":["logsTailURLTemplate","logsFetchURLTemplate","logsSourcesURLTemplate","logsCreateAPIKeyAndSecretURLTemplate","logsGetAPIKeysURLTemplate","tail","source","cookie","urlString","util","format","getTenantURL","state","getHost","encodeURIComponent","generateLogApi","get","getAPIKeys","generateLogKeysApi","getSources","createAPIKeyAndSecret","keyName","post","name","fetch","startTs","endTs","timeout"],"sources":["api/cloud/LogApi.ts"],"sourcesContent":["import util from 'util';\nimport { generateLogApi, generateLogKeysApi } from '../BaseApi';\nimport { getTenantURL } from '../utils/ApiUtils';\nimport * as state from '../../shared/State';\n\nconst logsTailURLTemplate = '%s/monitoring/logs/tail?source=%s';\nconst logsFetchURLTemplate =\n '%s/monitoring/logs?source=%s&beginTime=%s&endTime=%s';\nconst logsSourcesURLTemplate = '%s/monitoring/logs/sources';\nconst logsCreateAPIKeyAndSecretURLTemplate = '%s/keys?_action=create';\nconst logsGetAPIKeysURLTemplate = '%s/keys';\n\nexport async function tail(source, cookie) {\n let urlString = util.format(\n logsTailURLTemplate,\n getTenantURL(state.getHost()),\n encodeURIComponent(source)\n );\n if (cookie) {\n urlString += `&_pagedResultsCookie=${encodeURIComponent(cookie)}`;\n }\n return generateLogApi().get(urlString);\n}\n\nexport async function getAPIKeys() {\n const urlString = util.format(\n logsGetAPIKeysURLTemplate,\n getTenantURL(state.getHost())\n );\n return generateLogKeysApi().get(urlString);\n}\n\nexport async function getSources() {\n const urlString = util.format(\n logsSourcesURLTemplate,\n getTenantURL(state.getHost())\n );\n return generateLogApi().get(urlString);\n}\n\nexport async function createAPIKeyAndSecret(keyName) {\n const urlString = util.format(\n logsCreateAPIKeyAndSecretURLTemplate,\n getTenantURL(state.getHost())\n );\n return generateLogKeysApi().post(urlString, { name: keyName });\n}\n\nexport async function fetch(source, startTs, endTs, cookie) {\n let urlString = util.format(\n logsFetchURLTemplate,\n getTenantURL(state.getHost()),\n encodeURIComponent(source),\n startTs,\n endTs\n );\n if (cookie) {\n urlString += `&_pagedResultsCookie=${encodeURIComponent(cookie)}`;\n }\n return generateLogApi({ timeout: 60000 }).get(urlString);\n}\n"],"mappings":";;;;;;;;;;AAAA;AACA;AACA;AACA;AAA4C;AAAA;AAAA;AAAA;AAAA;AAE5C,IAAMA,mBAAmB,GAAG,mCAAmC;AAC/D,IAAMC,oBAAoB,GACxB,sDAAsD;AACxD,IAAMC,sBAAsB,GAAG,4BAA4B;AAC3D,IAAMC,oCAAoC,GAAG,wBAAwB;AACrE,IAAMC,yBAAyB,GAAG,SAAS;AAAC,SAEtBC,IAAI;EAAA;AAAA;AAAA;EAAA,0BAAnB,WAAoBC,MAAM,EAAEC,MAAM,EAAE;IACzC,IAAIC,SAAS,GAAGC,aAAI,CAACC,MAAM,CACzBV,mBAAmB,EACnB,IAAAW,sBAAY,EAACC,KAAK,CAACC,OAAO,EAAE,CAAC,EAC7BC,kBAAkB,CAACR,MAAM,CAAC,CAC3B;IACD,IAAIC,MAAM,EAAE;MACVC,SAAS,mCAA4BM,kBAAkB,CAACP,MAAM,CAAC,CAAE;IACnE;IACA,OAAO,IAAAQ,uBAAc,GAAE,CAACC,GAAG,CAACR,SAAS,CAAC;EACxC,CAAC;EAAA;AAAA;AAAA,SAEqBS,UAAU;EAAA;AAAA;AAAA;EAAA,gCAAzB,aAA4B;IACjC,IAAMT,SAAS,GAAGC,aAAI,CAACC,MAAM,CAC3BN,yBAAyB,EACzB,IAAAO,sBAAY,EAACC,KAAK,CAACC,OAAO,EAAE,CAAC,CAC9B;IACD,OAAO,IAAAK,2BAAkB,GAAE,CAACF,GAAG,CAACR,SAAS,CAAC;EAC5C,CAAC;EAAA;AAAA;AAAA,SAEqBW,UAAU;EAAA;AAAA;AAAA;EAAA,gCAAzB,aAA4B;IACjC,IAAMX,SAAS,GAAGC,aAAI,CAACC,MAAM,CAC3BR,sBAAsB,EACtB,IAAAS,sBAAY,EAACC,KAAK,CAACC,OAAO,EAAE,CAAC,CAC9B;IACD,OAAO,IAAAE,uBAAc,GAAE,CAACC,GAAG,CAACR,SAAS,CAAC;EACxC,CAAC;EAAA;AAAA;AAAA,SAEqBY,qBAAqB;EAAA;AAAA;AAAA;EAAA,2CAApC,WAAqCC,OAAO,EAAE;IACnD,IAAMb,SAAS,GAAGC,aAAI,CAACC,MAAM,CAC3BP,oCAAoC,EACpC,IAAAQ,sBAAY,EAACC,KAAK,CAACC,OAAO,EAAE,CAAC,CAC9B;IACD,OAAO,IAAAK,2BAAkB,GAAE,CAACI,IAAI,CAACd,SAAS,EAAE;MAAEe,IAAI,EAAEF;IAAQ,CAAC,CAAC;EAChE,CAAC;EAAA;AAAA;AAAA,SAEqBG,KAAK;EAAA;AAAA;AAAA;EAAA,2BAApB,WAAqBlB,MAAM,EAAEmB,OAAO,EAAEC,KAAK,EAAEnB,MAAM,EAAE;IAC1D,IAAIC,SAAS,GAAGC,aAAI,CAACC,MAAM,CACzBT,oBAAoB,EACpB,IAAAU,sBAAY,EAACC,KAAK,CAACC,OAAO,EAAE,CAAC,EAC7BC,kBAAkB,CAACR,MAAM,CAAC,EAC1BmB,OAAO,EACPC,KAAK,CACN;IACD,IAAInB,MAAM,EAAE;MACVC,SAAS,mCAA4BM,kBAAkB,CAACP,MAAM,CAAC,CAAE;IACnE;IACA,OAAO,IAAAQ,uBAAc,EAAC;MAAEY,OAAO,EAAE;IAAM,CAAC,CAAC,CAACX,GAAG,CAACR,SAAS,CAAC;EAC1D,CAAC;EAAA;AAAA"}
1
+ {"version":3,"file":"LogApi.js","names":["logsTailURLTemplate","logsFetchURLTemplate","logsSourcesURLTemplate","logsCreateAPIKeyAndSecretURLTemplate","logsGetAPIKeysURLTemplate","getAPIKeys","urlString","util","format","getTenantURL","state","getHost","data","generateLogKeysApi","get","getSources","generateLogApi","createAPIKeyAndSecret","keyName","post","name","tail","source","cookie","encodeURIComponent","fetch","startTs","endTs","timeout"],"sources":["api/cloud/LogApi.ts"],"sourcesContent":["import util from 'util';\nimport { generateLogApi, generateLogKeysApi } from '../BaseApi';\nimport { getTenantURL } from '../utils/ApiUtils';\nimport * as state from '../../shared/State';\n\nconst logsTailURLTemplate = '%s/monitoring/logs/tail?source=%s';\nconst logsFetchURLTemplate =\n '%s/monitoring/logs?source=%s&beginTime=%s&endTime=%s';\nconst logsSourcesURLTemplate = '%s/monitoring/logs/sources';\nconst logsCreateAPIKeyAndSecretURLTemplate = '%s/keys?_action=create';\nconst logsGetAPIKeysURLTemplate = '%s/keys';\n\nexport async function getAPIKeys() {\n const urlString = util.format(\n logsGetAPIKeysURLTemplate,\n getTenantURL(state.getHost())\n );\n const { data } = await generateLogKeysApi().get(urlString);\n return data;\n}\n\nexport async function getSources() {\n const urlString = util.format(\n logsSourcesURLTemplate,\n getTenantURL(state.getHost())\n );\n return generateLogApi().get(urlString);\n}\n\nexport async function createAPIKeyAndSecret(keyName) {\n const urlString = util.format(\n logsCreateAPIKeyAndSecretURLTemplate,\n getTenantURL(state.getHost())\n );\n return generateLogKeysApi().post(urlString, { name: keyName });\n}\n\nexport async function tail(source, cookie) {\n let urlString = util.format(\n logsTailURLTemplate,\n getTenantURL(state.getHost()),\n encodeURIComponent(source)\n );\n if (cookie) {\n urlString += `&_pagedResultsCookie=${encodeURIComponent(cookie)}`;\n }\n return generateLogApi().get(urlString);\n}\n\nexport async function fetch(source, startTs, endTs, cookie) {\n let urlString = util.format(\n logsFetchURLTemplate,\n getTenantURL(state.getHost()),\n encodeURIComponent(source),\n startTs,\n endTs\n );\n if (cookie) {\n urlString += `&_pagedResultsCookie=${encodeURIComponent(cookie)}`;\n }\n return generateLogApi({ timeout: 60000 }).get(urlString);\n}\n"],"mappings":";;;;;;;;;;AAAA;AACA;AACA;AACA;AAA4C;AAAA;AAAA;AAAA;AAAA;AAE5C,IAAMA,mBAAmB,GAAG,mCAAmC;AAC/D,IAAMC,oBAAoB,GACxB,sDAAsD;AACxD,IAAMC,sBAAsB,GAAG,4BAA4B;AAC3D,IAAMC,oCAAoC,GAAG,wBAAwB;AACrE,IAAMC,yBAAyB,GAAG,SAAS;AAAC,SAEtBC,UAAU;EAAA;AAAA;AAAA;EAAA,gCAAzB,aAA4B;IACjC,IAAMC,SAAS,GAAGC,aAAI,CAACC,MAAM,CAC3BJ,yBAAyB,EACzB,IAAAK,sBAAY,EAACC,KAAK,CAACC,OAAO,EAAE,CAAC,CAC9B;IACD,IAAM;MAAEC;IAAK,CAAC,SAAS,IAAAC,2BAAkB,GAAE,CAACC,GAAG,CAACR,SAAS,CAAC;IAC1D,OAAOM,IAAI;EACb,CAAC;EAAA;AAAA;AAAA,SAEqBG,UAAU;EAAA;AAAA;AAAA;EAAA,gCAAzB,aAA4B;IACjC,IAAMT,SAAS,GAAGC,aAAI,CAACC,MAAM,CAC3BN,sBAAsB,EACtB,IAAAO,sBAAY,EAACC,KAAK,CAACC,OAAO,EAAE,CAAC,CAC9B;IACD,OAAO,IAAAK,uBAAc,GAAE,CAACF,GAAG,CAACR,SAAS,CAAC;EACxC,CAAC;EAAA;AAAA;AAAA,SAEqBW,qBAAqB;EAAA;AAAA;AAAA;EAAA,2CAApC,WAAqCC,OAAO,EAAE;IACnD,IAAMZ,SAAS,GAAGC,aAAI,CAACC,MAAM,CAC3BL,oCAAoC,EACpC,IAAAM,sBAAY,EAACC,KAAK,CAACC,OAAO,EAAE,CAAC,CAC9B;IACD,OAAO,IAAAE,2BAAkB,GAAE,CAACM,IAAI,CAACb,SAAS,EAAE;MAAEc,IAAI,EAAEF;IAAQ,CAAC,CAAC;EAChE,CAAC;EAAA;AAAA;AAAA,SAEqBG,IAAI;EAAA;AAAA;AAAA;EAAA,0BAAnB,WAAoBC,MAAM,EAAEC,MAAM,EAAE;IACzC,IAAIjB,SAAS,GAAGC,aAAI,CAACC,MAAM,CACzBR,mBAAmB,EACnB,IAAAS,sBAAY,EAACC,KAAK,CAACC,OAAO,EAAE,CAAC,EAC7Ba,kBAAkB,CAACF,MAAM,CAAC,CAC3B;IACD,IAAIC,MAAM,EAAE;MACVjB,SAAS,mCAA4BkB,kBAAkB,CAACD,MAAM,CAAC,CAAE;IACnE;IACA,OAAO,IAAAP,uBAAc,GAAE,CAACF,GAAG,CAACR,SAAS,CAAC;EACxC,CAAC;EAAA;AAAA;AAAA,SAEqBmB,KAAK;EAAA;AAAA;AAAA;EAAA,2BAApB,WAAqBH,MAAM,EAAEI,OAAO,EAAEC,KAAK,EAAEJ,MAAM,EAAE;IAC1D,IAAIjB,SAAS,GAAGC,aAAI,CAACC,MAAM,CACzBP,oBAAoB,EACpB,IAAAQ,sBAAY,EAACC,KAAK,CAACC,OAAO,EAAE,CAAC,EAC7Ba,kBAAkB,CAACF,MAAM,CAAC,EAC1BI,OAAO,EACPC,KAAK,CACN;IACD,IAAIJ,MAAM,EAAE;MACVjB,SAAS,mCAA4BkB,kBAAkB,CAACD,MAAM,CAAC,CAAE;IACnE;IACA,OAAO,IAAAP,uBAAc,EAAC;MAAEY,OAAO,EAAE;IAAM,CAAC,CAAC,CAACd,GAAG,CAACR,SAAS,CAAC;EAC1D,CAAC;EAAA;AAAA"}
package/cjs/ops/AuthenticateOps.js CHANGED
@@ -27,7 +27,8 @@ function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try
27
27
  function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
28
28
  var adminClientPassword = 'doesnotmatter';
29
29
  var redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';
30
- var idmAdminScopes = 'fr:idm:* fr:idc:esv:*';
30
+ var cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';
31
+ var forgeopsIdmAdminScopes = 'openid fr:idm:*';
31
32
  var serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';
32
33
  var adminClientId = 'idmAdminClient';
33
34
 
@@ -144,7 +145,7 @@ function _determineDeploymentType() {
144
145
  [state.getCookieName()]: state.getCookieValue()
145
146
  }
146
147
  };
147
- var bodyFormData = "redirect_uri=".concat(redirectURL, "&scope=").concat(idmAdminScopes, "&response_type=code&client_id=").concat(fidcClientId, "&csrf=").concat(cookieValue, "&decision=allow&code_challenge=").concat(challenge, "&code_challenge_method=").concat(challengeMethod);
148
+ var bodyFormData = "redirect_uri=".concat(redirectURL, "&scope=").concat(cloudIdmAdminScopes, "&response_type=code&client_id=").concat(fidcClientId, "&csrf=").concat(cookieValue, "&decision=allow&code_challenge=").concat(challenge, "&code_challenge_method=").concat(challengeMethod);
148
149
  var deploymentType = globalConfig.CLASSIC_DEPLOYMENT_TYPE_KEY;
149
150
  try {
150
151
  yield (0, _OAuth2OIDCApi.authorize)(bodyFormData, config);
@@ -156,7 +157,7 @@ function _determineDeploymentType() {
156
157
  deploymentType = globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;
157
158
  } else {
158
159
  try {
159
- bodyFormData = "redirect_uri=".concat(redirectURL, "&scope=").concat(idmAdminScopes, "&response_type=code&client_id=").concat(forgeopsClientId, "&csrf=").concat(state.getCookieValue(), "&decision=allow&code_challenge=").concat(challenge, "&code_challenge_method=").concat(challengeMethod);
160
+ bodyFormData = "redirect_uri=".concat(redirectURL, "&scope=").concat(forgeopsIdmAdminScopes, "&response_type=code&client_id=").concat(forgeopsClientId, "&csrf=").concat(state.getCookieValue(), "&decision=allow&code_challenge=").concat(challenge, "&code_challenge_method=").concat(challengeMethod);
160
161
  yield (0, _OAuth2OIDCApi.authorize)(bodyFormData, config);
161
162
  } catch (ex) {
162
163
  var _ex$response, _ex$response$headers, _ex$response$headers$;
@@ -237,7 +238,7 @@ function _getAuthCode() {
237
238
  _getAuthCode = _asyncToGenerator(function* (redirectURL, codeChallenge, codeChallengeMethod) {
238
239
  try {
239
240
  var _response$headers;
240
- var bodyFormData = "redirect_uri=".concat(redirectURL, "&scope=").concat(idmAdminScopes, "&response_type=code&client_id=").concat(adminClientId, "&csrf=").concat(state.getCookieValue(), "&decision=allow&code_challenge=").concat(codeChallenge, "&code_challenge_method=").concat(codeChallengeMethod);
241
+ var bodyFormData = "redirect_uri=".concat(redirectURL, "&scope=").concat(state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY ? cloudIdmAdminScopes : forgeopsIdmAdminScopes, "&response_type=code&client_id=").concat(adminClientId, "&csrf=").concat(state.getCookieValue(), "&decision=allow&code_challenge=").concat(codeChallenge, "&code_challenge_method=").concat(codeChallengeMethod);
241
242
  var config = {
242
243
  headers: {
243
244
  'Content-Type': 'application/x-www-form-urlencoded'
@@ -398,7 +399,7 @@ function getLoggedInSubject() {
398
399
  }
399
400
  /**
400
401
  * Get tokens
401
- * @param {boolean} save true to save a connection profile upon successful authentication, false otherwise
402
+ * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)
402
403
  * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise
403
404
  */
404
405
  function _getLoggedInSubject() {
@@ -417,6 +418,7 @@ function getTokens() {
417
418
  }
418
419
  function _getTokens() {
419
420
  _getTokens = _asyncToGenerator(function* () {
421
+ var forceLoginAsUser = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : false;
420
422
  (0, _Console.debugMessage)("AuthenticateOps.getTokens: start");
421
423
  if (!state.getHost()) {
422
424
  (0, _Console.printMessage)("No host specified and FRODO_HOST env variable not set!", 'error');
@@ -442,7 +444,7 @@ function _getTokens() {
442
444
  state.setCookieName(yield determineCookieName());
443
445
 
444
446
  // use service account to login?
445
- if (state.getServiceAccountId() && state.getServiceAccountJwk()) {
447
+ if (!forceLoginAsUser && state.getServiceAccountId() && state.getServiceAccountJwk()) {
446
448
  (0, _Console.debugMessage)("AuthenticateOps.getTokens: Authenticating with service account ".concat(state.getServiceAccountId()));
447
449
  try {
448
450
  var token = yield getAccessTokenForServiceAccount(state.getServiceAccountId(), state.getServiceAccountJwk());
@@ -451,8 +453,8 @@ function _getTokens() {
451
453
  yield determineDeploymentTypeAndDefaultRealmAndVersion();
452
454
  } catch (saErr) {
453
455
  var _saErr$response, _saErr$response2, _saErr$response2$data, _saErr$response3, _saErr$response3$data;
454
- (0, _Console.debugMessage)((_saErr$response = saErr.response) === null || _saErr$response === void 0 ? void 0 : _saErr$response.data);
455
- throw new Error("Service account login error: ".concat(((_saErr$response2 = saErr.response) === null || _saErr$response2 === void 0 ? void 0 : (_saErr$response2$data = _saErr$response2.data) === null || _saErr$response2$data === void 0 ? void 0 : _saErr$response2$data.error_description) || ((_saErr$response3 = saErr.response) === null || _saErr$response3 === void 0 ? void 0 : (_saErr$response3$data = _saErr$response3.data) === null || _saErr$response3$data === void 0 ? void 0 : _saErr$response3$data.message)));
456
+ (0, _Console.debugMessage)(((_saErr$response = saErr.response) === null || _saErr$response === void 0 ? void 0 : _saErr$response.data) || saErr);
457
+ throw new Error("Service account login error: ".concat(((_saErr$response2 = saErr.response) === null || _saErr$response2 === void 0 ? void 0 : (_saErr$response2$data = _saErr$response2.data) === null || _saErr$response2$data === void 0 ? void 0 : _saErr$response2$data.error_description) || ((_saErr$response3 = saErr.response) === null || _saErr$response3 === void 0 ? void 0 : (_saErr$response3$data = _saErr$response3.data) === null || _saErr$response3$data === void 0 ? void 0 : _saErr$response3$data.message) || saErr));
456
458
  }
457
459
  }
458
460
  // use user account to login
package/cjs/ops/AuthenticateOps.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthenticateOps.js","names":["adminClientPassword","redirectUrlTemplate","idmAdminScopes","serviceAccountScopes","adminClientId","determineCookieName","data","getServerInfo","debugMessage","cookieName","error","printMessage","stack","checkAndHandle2FA","payload","element","callbacks","type","input","value","includes","need2fa","output","code","readlineSync","question","determineDefaultRealm","deploymentType","state","getRealm","globalConfig","DEFAULT_REALM_KEY","setRealm","DEPLOYMENT_TYPE_REALM_MAP","determineDeploymentType","cookieValue","getCookieValue","getUseBearerTokenForAmApis","CLOUD_DEPLOYMENT_TYPE_KEY","fidcClientId","forgeopsClientId","verifier","encodeBase64Url","randomBytes","challenge","createHash","update","digest","challengeMethod","redirectURL","url","resolve","getHost","config","maxRedirects","headers","getCookieName","bodyFormData","CLASSIC_DEPLOYMENT_TYPE_KEY","authorize","e","response","status","location","indexOf","verboseMessage","ex","FORGEOPS_DEPLOYMENT_TYPE_KEY","getSemanticVersion","versionInfo","versionString","version","rx","match","Error","authenticate","username","password","response1","step","skip2FA","response2","getAuthCode","codeChallenge","codeChallengeMethod","undefined","redirectLocationURL","queryObject","parse","query","message","getAccessTokenForUser","authCode","getDeploymentType","auth","accessToken","access_token","createPayload","serviceAccountId","u","parseUrl","aud","origin","port","protocol","pathname","exp","Math","floor","Date","getTime","jti","v4","iss","sub","getAccessTokenForServiceAccount","jwk","jwt","createSignedJwtToken","determineDeploymentTypeAndDefaultRealmAndVersion","setDeploymentType","getServerVersionInfo","fullVersion","setAmVersion","getLoggedInSubject","subjectString","getUsername","name","getServiceAccount","getServiceAccountId","getTokens","getPassword","getServiceAccountJwk","conn","getConnectionProfile","setHost","tenant","setUsername","setPassword","setAuthenticationService","authenticationService","setAuthenticationHeaderOverrides","authenticationHeaderOverrides","setServiceAccountId","svcacctId","setServiceAccountJwk","svcacctJwk","setCookieName","token","setBearerToken","setUseBearerTokenForAmApis","saErr","error_description","setCookieValue","getBearerToken"],"sources":["ops/AuthenticateOps.ts"],"sourcesContent":["import url from 'url';\nimport { createHash, randomBytes } from 'crypto';\nimport readlineSync from 'readline-sync';\nimport { encodeBase64Url } from '../api/utils/Base64';\nimport * as state from '../shared/State';\nimport * as globalConfig from '../storage/StaticStorage';\nimport { debugMessage, printMessage, verboseMessage } from './utils/Console';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport { step } from '../api/AuthenticateApi';\nimport { accessToken, authorize } from '../api/OAuth2OIDCApi';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { v4 } from 'uuid';\nimport { parseUrl } from '../api/utils/ApiUtils';\nimport { JwkRsa, createSignedJwtToken } from './JoseOps';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst idmAdminScopes = 'fr:idm:* fr:idc:esv:*';\nconst serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';\n\nlet adminClientId = 'idmAdminClient';\n\n/**\n * Helper function to get cookie name\n * @returns {String} cookie name\n */\nasync function determineCookieName() {\n try {\n const data = await getServerInfo();\n debugMessage(\n `AuthenticateOps.getCookieName: cookieName=${data.cookieName}`\n );\n return data.cookieName;\n } catch (error) {\n printMessage(`Error getting cookie name: ${error}`, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/**\n * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @returns {Object} an object indicating if 2fa is required and the original payload\n */\nfunction checkAndHandle2FA(payload) {\n // let skippable = false;\n if ('callbacks' in payload) {\n for (const element of payload.callbacks) {\n if (element.type === 'HiddenValueCallback') {\n if (element.input[0].value.includes('skip')) {\n // skippable = true;\n element.input[0].value = 'Skip';\n return {\n need2fa: true,\n payload,\n };\n }\n }\n if (element.type === 'NameCallback') {\n if (element.output[0].value.includes('code')) {\n // skippable = false;\n printMessage('2FA is enabled and required for this user...');\n const code = readlineSync.question(`${element.output[0].value}: `);\n element.input[0].value = code;\n return {\n need2fa: true,\n payload,\n };\n }\n }\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n}\n\n/**\n * Helper function to set the default realm by deployment type\n * @param {string} deploymentType deployment type\n */\nfunction determineDefaultRealm(deploymentType: string) {\n if (\n !state.getRealm() ||\n state.getRealm() === globalConfig.DEFAULT_REALM_KEY\n ) {\n state.setRealm(globalConfig.DEPLOYMENT_TYPE_REALM_MAP[deploymentType]);\n }\n}\n\n/**\n * Helper function to determine the deployment type\n * @returns {Promise<string>} deployment type\n */\nasync function determineDeploymentType(): Promise<string> {\n const cookieValue = state.getCookieValue();\n // https://bugster.forgerock.org/jira/browse/FRAAS-13018\n // There is a chance that this will be blocked due to security concerns and thus is probably best not to keep active\n // if (!cookieValue && getUseBearerTokenForAmApis()) {\n // const token = await getTokenInfo();\n // cookieValue = token.sessionToken;\n // setCookieValue(cookieValue);\n // }\n\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const fidcClientId = 'idmAdminClient';\n const forgeopsClientId = 'idm-admin-ui';\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n let deploymentType = globalConfig.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize(bodyFormData, config);\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage(`ForgeRock Identity Cloud`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize(bodyFormData, config);\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage(`ForgeOps deployment`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage(`Classic deployment`['brightCyan'] + ` detected.`);\n }\n }\n }\n }\n return deploymentType;\n}\n\n/**\n * Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n */\nasync function getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d])*)/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\n/**\n * Helper function to authenticate and obtain and store session cookie\n * @returns {string} Session token or null\n */\nasync function authenticate(\n username: string,\n password: string\n): Promise<string> {\n const config = {\n headers: {\n 'X-OpenAM-Username': username,\n 'X-OpenAM-Password': password,\n },\n };\n const response1 = await step({}, config);\n const skip2FA = checkAndHandle2FA(response1);\n let response2 = {};\n if (skip2FA.need2fa) {\n response2 = await step(skip2FA.payload);\n } else {\n response2 = skip2FA.payload;\n }\n if ('tokenId' in response2) {\n return response2['tokenId'] as string;\n }\n return null;\n}\n\n/**\n * Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @returns {string} oauth2 authorization code or null\n */\nasync function getAuthCode(redirectURL, codeChallenge, codeChallengeMethod) {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize(bodyFormData, config);\n } catch (error) {\n response = error.response;\n }\n if (response.status < 200 || response.status > 399) {\n printMessage('error getting auth code', 'error');\n printMessage(\n 'likely cause: mismatched parameters with OAuth client config',\n 'error'\n );\n return null;\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code;\n }\n printMessage('auth code not found', 'error');\n return null;\n } catch (error) {\n printMessage(`error getting auth code - ${error.message}`, 'error');\n printMessage(error.response?.data, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @returns {Promise<string | null>} access token or null\n */\nasync function getAccessTokenForUser(): Promise<string | null> {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: start`);\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(redirectURL, challenge, challengeMethod);\n if (authCode == null) {\n printMessage('error getting auth code', 'error');\n return null;\n }\n let response = null;\n if (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData, config);\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData);\n }\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end with token`);\n return response.data.access_token;\n }\n printMessage('No access token in response.', 'error');\n } catch (error) {\n debugMessage(`Error getting access token for user: ${error}`);\n debugMessage(error.response?.data);\n }\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end without token`);\n return null;\n}\n\nfunction createPayload(serviceAccountId: string) {\n const u = parseUrl(state.getHost());\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/**\n * Get access token for service account\n * @param {string} serviceAccountId UUID of service account\n * @param {JwkRsa} jwk Java Wek Key\n * @returns {string | null} Access token or null\n */\nexport async function getAccessTokenForServiceAccount(\n serviceAccountId: string,\n jwk: JwkRsa\n): Promise<string | null> {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: start`);\n const payload = createPayload(serviceAccountId);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: payload:`);\n debugMessage(payload);\n const jwt = await createSignedJwtToken(payload, jwk);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: jwt:`);\n debugMessage(jwt);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken(bodyFormData);\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: token:`);\n debugMessage(response.data.access_token);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return response.data.access_token;\n }\n debugMessage(\n `AuthenticateOps.getAccessTokenForServiceAccount: No access token in response.`\n );\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return null;\n}\n\nasync function determineDeploymentTypeAndDefaultRealmAndVersion() {\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`\n );\n if (!state.getDeploymentType()) {\n state.setDeploymentType(await determineDeploymentType());\n }\n determineDefaultRealm(state.getDeploymentType());\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`\n );\n\n const versionInfo = await getServerVersionInfo();\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage(`Full version: ${versionInfo.fullVersion}`);\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`\n );\n}\n\nasync function getLoggedInSubject(): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n const name = (await getServiceAccount(state.getServiceAccountId())).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n }\n return subjectString;\n}\n\n/**\n * Get tokens\n * @param {boolean} save true to save a connection profile upon successful authentication, false otherwise\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\nexport async function getTokens(): Promise<boolean> {\n debugMessage(`AuthenticateOps.getTokens: start`);\n if (!state.getHost()) {\n printMessage(\n `No host specified and FRODO_HOST env variable not set!`,\n 'error'\n );\n return false;\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile();\n if (conn) {\n state.setHost(conn.tenant);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n } else {\n return false;\n }\n }\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName());\n\n // use service account to login?\n if (state.getServiceAccountId() && state.getServiceAccountJwk()) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`\n );\n try {\n const token = await getAccessTokenForServiceAccount(\n state.getServiceAccountId(),\n state.getServiceAccountJwk()\n );\n state.setBearerToken(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n } catch (saErr) {\n debugMessage(saErr.response?.data);\n throw new Error(\n `Service account login error: ${\n saErr.response?.data?.error_description ||\n saErr.response?.data?.message\n }`\n );\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`\n );\n const token = await authenticate(\n state.getUsername(),\n state.getPassword()\n );\n if (token) state.setCookieValue(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n if (\n state.getCookieValue() &&\n !state.getBearerToken() &&\n (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY ||\n state.getDeploymentType() ===\n globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getAccessTokenForUser();\n if (accessToken) state.setBearerToken(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n printMessage(`Incomplete or no credentials!`, 'error');\n return false;\n }\n if (\n state.getCookieValue() ||\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n // https://github.com/rockcarver/frodo-cli/issues/102\n printMessage(\n `Connected to ${state.getHost()} [${\n state.getRealm() ? state.getRealm() : 'root'\n }] as ${await getLoggedInSubject()}`,\n 'info'\n );\n debugMessage(`AuthenticateOps.getTokens: end with tokens`);\n return true;\n }\n } catch (error) {\n // regular error\n printMessage(error.message, 'error');\n // axios error am api\n printMessage(error.response?.data?.message, 'error');\n // axios error am oauth2 api\n printMessage(error.response?.data?.error_description, 'error');\n // axios error data\n debugMessage(error.response?.data);\n // stack trace\n debugMessage(error.stack || new Error().stack);\n }\n debugMessage(`AuthenticateOps.getTokens: end without tokens`);\n return false;\n}\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAA8D;AAAA;AAAA;AAAA;AAAA;AAE9D,IAAMA,mBAAmB,GAAG,eAAe;AAC3C,IAAMC,mBAAmB,GAAG,sCAAsC;AAElE,IAAMC,cAAc,GAAG,uBAAuB;AAC9C,IAAMC,oBAAoB,GAAG,+BAA+B;AAE5D,IAAIC,aAAa,GAAG,gBAAgB;;AAEpC;AACA;AACA;AACA;AAHA,SAIeC,mBAAmB;EAAA;AAAA;AAclC;AACA;AACA;AACA;AACA;AAJA;EAAA,yCAdA,aAAqC;IACnC,IAAI;MACF,IAAMC,IAAI,SAAS,IAAAC,4BAAa,GAAE;MAClC,IAAAC,qBAAY,sDACmCF,IAAI,CAACG,UAAU,EAC7D;MACD,OAAOH,IAAI,CAACG,UAAU;IACxB,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd,IAAAC,qBAAY,uCAA+BD,KAAK,GAAI,OAAO,CAAC;MAC5D,IAAAF,qBAAY,EAACE,KAAK,CAACE,KAAK,CAAC;MACzB,OAAO,IAAI;IACb;EACF,CAAC;EAAA;AAAA;AAOD,SAASC,iBAAiB,CAACC,OAAO,EAAE;EAClC;EACA,IAAI,WAAW,IAAIA,OAAO,EAAE;IAC1B,KAAK,IAAMC,OAAO,IAAID,OAAO,CAACE,SAAS,EAAE;MACvC,IAAID,OAAO,CAACE,IAAI,KAAK,qBAAqB,EAAE;QAC1C,IAAIF,OAAO,CAACG,KAAK,CAAC,CAAC,CAAC,CAACC,KAAK,CAACC,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC3C;UACAL,OAAO,CAACG,KAAK,CAAC,CAAC,CAAC,CAACC,KAAK,GAAG,MAAM;UAC/B,OAAO;YACLE,OAAO,EAAE,IAAI;YACbP;UACF,CAAC;QACH;MACF;MACA,IAAIC,OAAO,CAACE,IAAI,KAAK,cAAc,EAAE;QACnC,IAAIF,OAAO,CAACO,MAAM,CAAC,CAAC,CAAC,CAACH,KAAK,CAACC,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC5C;UACA,IAAAT,qBAAY,EAAC,8CAA8C,CAAC;UAC5D,IAAMY,IAAI,GAAGC,qBAAY,CAACC,QAAQ,WAAIV,OAAO,CAACO,MAAM,CAAC,CAAC,CAAC,CAACH,KAAK,QAAK;UAClEJ,OAAO,CAACG,KAAK,CAAC,CAAC,CAAC,CAACC,KAAK,GAAGI,IAAI;UAC7B,OAAO;YACLF,OAAO,EAAE,IAAI;YACbP;UACF,CAAC;QACH;MACF;IACF;IACA;IACA,OAAO;MACLO,OAAO,EAAE,KAAK;MACdP;IACF,CAAC;EACH;EACA;EACA,OAAO;IACLO,OAAO,EAAE,KAAK;IACdP;EACF,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA,SAASY,qBAAqB,CAACC,cAAsB,EAAE;EACrD,IACE,CAACC,KAAK,CAACC,QAAQ,EAAE,IACjBD,KAAK,CAACC,QAAQ,EAAE,KAAKC,YAAY,CAACC,iBAAiB,EACnD;IACAH,KAAK,CAACI,QAAQ,CAACF,YAAY,CAACG,yBAAyB,CAACN,cAAc,CAAC,CAAC;EACxE;AACF;;AAEA;AACA;AACA;AACA;AAHA,SAIeO,uBAAuB;EAAA;AAAA;AAgEtC;AACA;AACA;AACA;AACA;AAJA;EAAA,6CAhEA,aAA0D;IACxD,IAAMC,WAAW,GAAGP,KAAK,CAACQ,cAAc,EAAE;IAC1C;IACA;IACA;IACA;IACA;IACA;IACA;;IAEA;IACA,IAAIR,KAAK,CAACS,0BAA0B,EAAE,EACpC,OAAOP,YAAY,CAACQ,yBAAyB;IAE/C,IAAMC,YAAY,GAAG,gBAAgB;IACrC,IAAMC,gBAAgB,GAAG,cAAc;IAEvC,IAAMC,QAAQ,GAAG,IAAAC,qBAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;IACjD,IAAMC,SAAS,GAAG,IAAAF,qBAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,EAAE,CAC/C;IACD,IAAMC,eAAe,GAAG,MAAM;IAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACC,OAAO,CAACvB,KAAK,CAACwB,OAAO,EAAE,EAAEnD,mBAAmB,CAAC;IAErE,IAAMoD,MAAM,GAAG;MACbC,YAAY,EAAE,CAAC;MACfC,OAAO,EAAE;QACP,CAAC3B,KAAK,CAAC4B,aAAa,EAAE,GAAG5B,KAAK,CAACQ,cAAc;MAC/C;IACF,CAAC;IACD,IAAIqB,YAAY,0BAAmBR,WAAW,oBAAU/C,cAAc,2CAAiCqC,YAAY,mBAASJ,WAAW,4CAAkCS,SAAS,oCAA0BI,eAAe,CAAE;IAE7N,IAAIrB,cAAc,GAAGG,YAAY,CAAC4B,2BAA2B;IAC7D,IAAI;MACF,MAAM,IAAAC,wBAAS,EAACF,YAAY,EAAEJ,MAAM,CAAC;IACvC,CAAC,CAAC,OAAOO,CAAC,EAAE;MAAA;MACV;MACA,IACE,gBAAAA,CAAC,CAACC,QAAQ,gDAAV,YAAYC,MAAM,MAAK,GAAG,IAC1B,wBAAAF,CAAC,CAACC,QAAQ,CAACN,OAAO,iFAAlB,oBAAoBQ,QAAQ,0DAA5B,sBAA8BC,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACnD;QACA,IAAAC,uBAAc,EAAC,2BAA2B,YAAY,CAAC,eAAe,CAAC;QACvEtC,cAAc,GAAGG,YAAY,CAACQ,yBAAyB;MACzD,CAAC,MAAM;QACL,IAAI;UACFmB,YAAY,0BAAmBR,WAAW,oBAAU/C,cAAc,2CAAiCsC,gBAAgB,mBAASZ,KAAK,CAACQ,cAAc,EAAE,4CAAkCQ,SAAS,oCAA0BI,eAAe,CAAE;UACxO,MAAM,IAAAW,wBAAS,EAACF,YAAY,EAAEJ,MAAM,CAAC;QACvC,CAAC,CAAC,OAAOa,EAAE,EAAE;UAAA;UACX,IACE,iBAAAA,EAAE,CAACL,QAAQ,iDAAX,aAAaC,MAAM,MAAK,GAAG,IAC3B,yBAAAI,EAAE,CAACL,QAAQ,CAACN,OAAO,kFAAnB,qBAAqBQ,QAAQ,0DAA7B,sBAA+BC,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACpD;YACA5D,aAAa,GAAGoC,gBAAgB;YAChC,IAAAyB,uBAAc,EAAC,sBAAsB,YAAY,CAAC,eAAe,CAAC;YAClEtC,cAAc,GAAGG,YAAY,CAACqC,4BAA4B;UAC5D,CAAC,MAAM;YACL,IAAAF,uBAAc,EAAC,qBAAqB,YAAY,CAAC,eAAe,CAAC;UACnE;QACF;MACF;IACF;IACA,OAAOtC,cAAc;EACvB,CAAC;EAAA;AAAA;AAAA,SAOcyC,kBAAkB;EAAA;AAAA;AAUjC;AACA;AACA;AACA;AAHA;EAAA,wCAVA,WAAkCC,WAAW,EAAE;IAC7C,IAAI,SAAS,IAAIA,WAAW,EAAE;MAC5B,IAAMC,aAAa,GAAGD,WAAW,CAACE,OAAO;MACzC,IAAMC,EAAE,GAAG,8BAA8B;MACzC,IAAMD,OAAO,GAAGD,aAAa,CAACG,KAAK,CAACD,EAAE,CAAC;MACvC,OAAOD,OAAO,CAAC,CAAC,CAAC;IACnB;IACA,MAAM,IAAIG,KAAK,CAAC,2DAA2D,CAAC;EAC9E,CAAC;EAAA;AAAA;AAAA,SAMcC,YAAY;EAAA;AAAA;AAwB3B;AACA;AACA;AACA;AACA;AACA;AACA;AANA;EAAA,kCAxBA,WACEC,QAAgB,EAChBC,QAAgB,EACC;IACjB,IAAMxB,MAAM,GAAG;MACbE,OAAO,EAAE;QACP,mBAAmB,EAAEqB,QAAQ;QAC7B,mBAAmB,EAAEC;MACvB;IACF,CAAC;IACD,IAAMC,SAAS,SAAS,IAAAC,qBAAI,EAAC,CAAC,CAAC,EAAE1B,MAAM,CAAC;IACxC,IAAM2B,OAAO,GAAGnE,iBAAiB,CAACiE,SAAS,CAAC;IAC5C,IAAIG,SAAS,GAAG,CAAC,CAAC;IAClB,IAAID,OAAO,CAAC3D,OAAO,EAAE;MACnB4D,SAAS,SAAS,IAAAF,qBAAI,EAACC,OAAO,CAAClE,OAAO,CAAC;IACzC,CAAC,MAAM;MACLmE,SAAS,GAAGD,OAAO,CAAClE,OAAO;IAC7B;IACA,IAAI,SAAS,IAAImE,SAAS,EAAE;MAC1B,OAAOA,SAAS,CAAC,SAAS,CAAC;IAC7B;IACA,OAAO,IAAI;EACb,CAAC;EAAA;AAAA;AAAA,SAScC,WAAW;EAAA;AAAA;AAsC1B;AACA;AACA;AACA;AAHA;EAAA,iCAtCA,WAA2BjC,WAAW,EAAEkC,aAAa,EAAEC,mBAAmB,EAAE;IAC1E,IAAI;MAAA;MACF,IAAM3B,YAAY,0BAAmBR,WAAW,oBAAU/C,cAAc,2CAAiCE,aAAa,mBAASwB,KAAK,CAACQ,cAAc,EAAE,4CAAkC+C,aAAa,oCAA0BC,mBAAmB,CAAE;MACnP,IAAM/B,MAAM,GAAG;QACbE,OAAO,EAAE;UACP,cAAc,EAAE;QAClB,CAAC;QACDD,YAAY,EAAE;MAChB,CAAC;MACD,IAAIO,QAAQ,GAAGwB,SAAS;MACxB,IAAI;QACFxB,QAAQ,SAAS,IAAAF,wBAAS,EAACF,YAAY,EAAEJ,MAAM,CAAC;MAClD,CAAC,CAAC,OAAO3C,KAAK,EAAE;QACdmD,QAAQ,GAAGnD,KAAK,CAACmD,QAAQ;MAC3B;MACA,IAAIA,QAAQ,CAACC,MAAM,GAAG,GAAG,IAAID,QAAQ,CAACC,MAAM,GAAG,GAAG,EAAE;QAClD,IAAAnD,qBAAY,EAAC,yBAAyB,EAAE,OAAO,CAAC;QAChD,IAAAA,qBAAY,EACV,8DAA8D,EAC9D,OAAO,CACR;QACD,OAAO,IAAI;MACb;MACA,IAAM2E,mBAAmB,wBAAGzB,QAAQ,CAACN,OAAO,sDAAhB,kBAAkBQ,QAAQ;MACtD,IAAMwB,WAAW,GAAGrC,YAAG,CAACsC,KAAK,CAACF,mBAAmB,EAAE,IAAI,CAAC,CAACG,KAAK;MAC9D,IAAI,MAAM,IAAIF,WAAW,EAAE;QACzB,OAAOA,WAAW,CAAChE,IAAI;MACzB;MACA,IAAAZ,qBAAY,EAAC,qBAAqB,EAAE,OAAO,CAAC;MAC5C,OAAO,IAAI;IACb,CAAC,CAAC,OAAOD,KAAK,EAAE;MAAA;MACd,IAAAC,qBAAY,sCAA8BD,KAAK,CAACgF,OAAO,GAAI,OAAO,CAAC;MACnE,IAAA/E,qBAAY,qBAACD,KAAK,CAACmD,QAAQ,oDAAd,gBAAgBvD,IAAI,EAAE,OAAO,CAAC;MAC3C,IAAAE,qBAAY,EAACE,KAAK,CAACE,KAAK,CAAC;MACzB,OAAO,IAAI;IACb;EACF,CAAC;EAAA;AAAA;AAAA,SAMc+E,qBAAqB;EAAA;AAAA;AAAA;EAAA,2CAApC,aAA+D;IAC7D,IAAAnF,qBAAY,iDAAgD;IAC5D,IAAI;MACF,IAAMiC,QAAQ,GAAG,IAAAC,qBAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;MACjD,IAAMC,SAAS,GAAG,IAAAF,qBAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,EAAE,CAC/C;MACD,IAAMC,eAAe,GAAG,MAAM;MAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACC,OAAO,CAACvB,KAAK,CAACwB,OAAO,EAAE,EAAEnD,mBAAmB,CAAC;MACrE,IAAM2F,QAAQ,SAASV,WAAW,CAACjC,WAAW,EAAEL,SAAS,EAAEI,eAAe,CAAC;MAC3E,IAAI4C,QAAQ,IAAI,IAAI,EAAE;QACpB,IAAAjF,qBAAY,EAAC,yBAAyB,EAAE,OAAO,CAAC;QAChD,OAAO,IAAI;MACb;MACA,IAAIkD,QAAQ,GAAG,IAAI;MACnB,IAAIjC,KAAK,CAACiE,iBAAiB,EAAE,KAAK/D,YAAY,CAACQ,yBAAyB,EAAE;QACxE,IAAMe,MAAM,GAAG;UACbyC,IAAI,EAAE;YACJlB,QAAQ,EAAExE,aAAa;YACvByE,QAAQ,EAAE7E;UACZ;QACF,CAAC;QACD,IAAMyD,YAAY,0BAAmBR,WAAW,iDAAuC2C,QAAQ,4BAAkBnD,QAAQ,CAAE;QAC3HoB,QAAQ,SAAS,IAAAkC,0BAAW,EAACtC,YAAY,EAAEJ,MAAM,CAAC;MACpD,CAAC,MAAM;QACL,IAAMI,aAAY,uBAAgBrD,aAAa,2BAAiB6C,WAAW,iDAAuC2C,QAAQ,4BAAkBnD,QAAQ,CAAE;QACtJoB,QAAQ,SAAS,IAAAkC,0BAAW,EAACtC,aAAY,CAAC;MAC5C;MACA,IAAI,cAAc,IAAII,QAAQ,CAACvD,IAAI,EAAE;QACnC,IAAAE,qBAAY,0DAAyD;QACrE,OAAOqD,QAAQ,CAACvD,IAAI,CAAC0F,YAAY;MACnC;MACA,IAAArF,qBAAY,EAAC,8BAA8B,EAAE,OAAO,CAAC;IACvD,CAAC,CAAC,OAAOD,KAAK,EAAE;MAAA;MACd,IAAAF,qBAAY,iDAAyCE,KAAK,EAAG;MAC7D,IAAAF,qBAAY,sBAACE,KAAK,CAACmD,QAAQ,qDAAd,iBAAgBvD,IAAI,CAAC;IACpC;IACA,IAAAE,qBAAY,6DAA4D;IACxE,OAAO,IAAI;EACb,CAAC;EAAA;AAAA;AAED,SAASyF,aAAa,CAACC,gBAAwB,EAAE;EAC/C,IAAMC,CAAC,GAAG,IAAAC,kBAAQ,EAACxE,KAAK,CAACwB,OAAO,EAAE,CAAC;EACnC,IAAMiD,GAAG,aAAMF,CAAC,CAACG,MAAM,cACrBH,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACK,QAAQ,KAAK,OAAO,GAAG,KAAK,GAAG,IAAI,SACtDL,CAAC,CAACM,QAAQ,yBAAsB;;EAEnC;EACA,IAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAAC,IAAIC,IAAI,EAAE,CAACC,OAAO,EAAE,GAAG,IAAI,GAAG,GAAG,CAAC;;EAEzD;EACA,IAAMC,GAAG,GAAG,IAAAC,QAAE,GAAE;EAEhB,IAAMC,GAAG,GAAGf,gBAAgB;EAC5B,IAAMgB,GAAG,GAAGhB,gBAAgB;;EAE5B;EACA,IAAMpF,OAAO,GAAG;IAAEmG,GAAG;IAAEC,GAAG;IAAEb,GAAG;IAAEK,GAAG;IAAEK;EAAI,CAAC;EAE3C,OAAOjG,OAAO;AAChB;;AAEA;AACA;AACA;AACA;AACA;AACA;AALA,SAMsBqG,+BAA+B;EAAA;AAAA;AAAA;EAAA,qDAA9C,WACLjB,gBAAwB,EACxBkB,GAAW,EACa;IACxB,IAAA5G,qBAAY,2DAA0D;IACtE,IAAMM,OAAO,GAAGmF,aAAa,CAACC,gBAAgB,CAAC;IAC/C,IAAA1F,qBAAY,8DAA6D;IACzE,IAAAA,qBAAY,EAACM,OAAO,CAAC;IACrB,IAAMuG,GAAG,SAAS,IAAAC,6BAAoB,EAACxG,OAAO,EAAEsG,GAAG,CAAC;IACpD,IAAA5G,qBAAY,0DAAyD;IACrE,IAAAA,qBAAY,EAAC6G,GAAG,CAAC;IACjB,IAAM5D,YAAY,uBAAgB4D,GAAG,qGAA2FlH,oBAAoB,CAAE;IACtJ,IAAM0D,QAAQ,SAAS,IAAAkC,0BAAW,EAACtC,YAAY,CAAC;IAChD,IAAI,cAAc,IAAII,QAAQ,CAACvD,IAAI,EAAE;MACnC,IAAAE,qBAAY,4DAA2D;MACvE,IAAAA,qBAAY,EAACqD,QAAQ,CAACvD,IAAI,CAAC0F,YAAY,CAAC;MACxC,IAAAxF,qBAAY,yDAAwD;MACpE,OAAOqD,QAAQ,CAACvD,IAAI,CAAC0F,YAAY;IACnC;IACA,IAAAxF,qBAAY,kFAEX;IACD,IAAAA,qBAAY,yDAAwD;IACpE,OAAO,IAAI;EACb,CAAC;EAAA;AAAA;AAAA,SAEc+G,gDAAgD;EAAA;AAAA;AAAA;EAAA,sEAA/D,aAAkE;IAChE,IAAA/G,qBAAY,4EAEX;IACD,IAAI,CAACoB,KAAK,CAACiE,iBAAiB,EAAE,EAAE;MAC9BjE,KAAK,CAAC4F,iBAAiB,OAAOtF,uBAAuB,EAAE,CAAC;IAC1D;IACAR,qBAAqB,CAACE,KAAK,CAACiE,iBAAiB,EAAE,CAAC;IAChD,IAAArF,qBAAY,oFACiEoB,KAAK,CAACC,QAAQ,EAAE,oBAAUD,KAAK,CAACiE,iBAAiB,EAAE,EAC/H;IAED,IAAMxB,WAAW,SAAS,IAAAoD,mCAAoB,GAAE;;IAEhD;IACA,IAAAjH,qBAAY,0BAAkB6D,WAAW,CAACqD,WAAW,EAAG;IAExD,IAAMnD,OAAO,SAASH,kBAAkB,CAACC,WAAW,CAAC;IACrDzC,KAAK,CAAC+F,YAAY,CAACpD,OAAO,CAAC;IAC3B,IAAA/D,qBAAY,0EAEX;EACH,CAAC;EAAA;AAAA;AAAA,SAEcoH,kBAAkB;EAAA;AAAA;AASjC;AACA;AACA;AACA;AACA;AAJA;EAAA,wCATA,aAAqD;IACnD,IAAIC,aAAa,kBAAWjG,KAAK,CAACkG,WAAW,EAAE,CAAE;IACjD,IAAIlG,KAAK,CAACS,0BAA0B,EAAE,EAAE;MACtC,IAAM0F,IAAI,GAAG,OAAO,IAAAC,oCAAiB,EAACpG,KAAK,CAACqG,mBAAmB,EAAE,CAAC,EAAEF,IAAI;MACxEF,aAAa,6BAAsBE,IAAI,eAAKnG,KAAK,CAACqG,mBAAmB,EAAE,MAAG;IAC5E;IACA,OAAOJ,aAAa;EACtB,CAAC;EAAA;AAAA;AAAA,SAOqBK,SAAS;EAAA;AAAA;AAAA;EAAA,+BAAxB,aAA6C;IAClD,IAAA1H,qBAAY,qCAAoC;IAChD,IAAI,CAACoB,KAAK,CAACwB,OAAO,EAAE,EAAE;MACpB,IAAAzC,qBAAY,4DAEV,OAAO,CACR;MACD,OAAO,KAAK;IACd;IACA,IAAI;MACF;MACA,IACEiB,KAAK,CAACkG,WAAW,EAAE,IAAI,IAAI,IAC3BlG,KAAK,CAACuG,WAAW,EAAE,IAAI,IAAI,IAC3B,CAACvG,KAAK,CAACqG,mBAAmB,EAAE,IAC5B,CAACrG,KAAK,CAACwG,oBAAoB,EAAE,EAC7B;QACA,IAAMC,IAAI,SAAS,IAAAC,0CAAoB,GAAE;QACzC,IAAID,IAAI,EAAE;UACRzG,KAAK,CAAC2G,OAAO,CAACF,IAAI,CAACG,MAAM,CAAC;UAC1B5G,KAAK,CAAC6G,WAAW,CAACJ,IAAI,CAACzD,QAAQ,CAAC;UAChChD,KAAK,CAAC8G,WAAW,CAACL,IAAI,CAACxD,QAAQ,CAAC;UAChCjD,KAAK,CAAC+G,wBAAwB,CAACN,IAAI,CAACO,qBAAqB,CAAC;UAC1DhH,KAAK,CAACiH,gCAAgC,CACpCR,IAAI,CAACS,6BAA6B,CACnC;UACDlH,KAAK,CAACmH,mBAAmB,CAACV,IAAI,CAACW,SAAS,CAAC;UACzCpH,KAAK,CAACqH,oBAAoB,CAACZ,IAAI,CAACa,UAAU,CAAC;QAC7C,CAAC,MAAM;UACL,OAAO,KAAK;QACd;MACF;MACA;MACAtH,KAAK,CAACuH,aAAa,OAAO9I,mBAAmB,EAAE,CAAC;;MAEhD;MACA,IAAIuB,KAAK,CAACqG,mBAAmB,EAAE,IAAIrG,KAAK,CAACwG,oBAAoB,EAAE,EAAE;QAC/D,IAAA5H,qBAAY,2EACwDoB,KAAK,CAACqG,mBAAmB,EAAE,EAC9F;QACD,IAAI;UACF,IAAMmB,KAAK,SAASjC,+BAA+B,CACjDvF,KAAK,CAACqG,mBAAmB,EAAE,EAC3BrG,KAAK,CAACwG,oBAAoB,EAAE,CAC7B;UACDxG,KAAK,CAACyH,cAAc,CAACD,KAAK,CAAC;UAC3BxH,KAAK,CAAC0H,0BAA0B,CAAC,IAAI,CAAC;UACtC,MAAM/B,gDAAgD,EAAE;QAC1D,CAAC,CAAC,OAAOgC,KAAK,EAAE;UAAA;UACd,IAAA/I,qBAAY,qBAAC+I,KAAK,CAAC1F,QAAQ,oDAAd,gBAAgBvD,IAAI,CAAC;UAClC,MAAM,IAAIoE,KAAK,wCAEX,qBAAA6E,KAAK,CAAC1F,QAAQ,8EAAd,iBAAgBvD,IAAI,0DAApB,sBAAsBkJ,iBAAiB,0BACvCD,KAAK,CAAC1F,QAAQ,8EAAd,iBAAgBvD,IAAI,0DAApB,sBAAsBoF,OAAO,GAEhC;QACH;MACF;MACA;MAAA,KACK,IAAI9D,KAAK,CAACkG,WAAW,EAAE,IAAIlG,KAAK,CAACuG,WAAW,EAAE,EAAE;QACnD,IAAA3H,qBAAY,wEACqDoB,KAAK,CAACkG,WAAW,EAAE,EACnF;QACD,IAAMsB,MAAK,SAASzE,YAAY,CAC9B/C,KAAK,CAACkG,WAAW,EAAE,EACnBlG,KAAK,CAACuG,WAAW,EAAE,CACpB;QACD,IAAIiB,MAAK,EAAExH,KAAK,CAAC6H,cAAc,CAACL,MAAK,CAAC;QACtC,MAAM7B,gDAAgD,EAAE;QACxD,IACE3F,KAAK,CAACQ,cAAc,EAAE,IACtB,CAACR,KAAK,CAAC8H,cAAc,EAAE,KACtB9H,KAAK,CAACiE,iBAAiB,EAAE,KAAK/D,YAAY,CAACQ,yBAAyB,IACnEV,KAAK,CAACiE,iBAAiB,EAAE,KACvB/D,YAAY,CAACqC,4BAA4B,CAAC,EAC9C;UACA,IAAM4B,YAAW,SAASJ,qBAAqB,EAAE;UACjD,IAAII,YAAW,EAAEnE,KAAK,CAACyH,cAAc,CAACtD,YAAW,CAAC;QACpD;MACF;MACA;MAAA,KACK;QACH,IAAApF,qBAAY,mCAAkC,OAAO,CAAC;QACtD,OAAO,KAAK;MACd;MACA,IACEiB,KAAK,CAACQ,cAAc,EAAE,IACrBR,KAAK,CAACS,0BAA0B,EAAE,IAAIT,KAAK,CAAC8H,cAAc,EAAG,EAC9D;QACA;QACA,IAAA/I,qBAAY,yBACMiB,KAAK,CAACwB,OAAO,EAAE,eAC7BxB,KAAK,CAACC,QAAQ,EAAE,GAAGD,KAAK,CAACC,QAAQ,EAAE,GAAG,MAAM,wBAChC+F,kBAAkB,EAAE,GAClC,MAAM,CACP;QACD,IAAApH,qBAAY,+CAA8C;QAC1D,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOE,KAAK,EAAE;MAAA;MACd;MACA,IAAAC,qBAAY,EAACD,KAAK,CAACgF,OAAO,EAAE,OAAO,CAAC;MACpC;MACA,IAAA/E,qBAAY,sBAACD,KAAK,CAACmD,QAAQ,8EAAd,iBAAgBvD,IAAI,0DAApB,sBAAsBoF,OAAO,EAAE,OAAO,CAAC;MACpD;MACA,IAAA/E,qBAAY,sBAACD,KAAK,CAACmD,QAAQ,8EAAd,iBAAgBvD,IAAI,0DAApB,sBAAsBkJ,iBAAiB,EAAE,OAAO,CAAC;MAC9D;MACA,IAAAhJ,qBAAY,sBAACE,KAAK,CAACmD,QAAQ,qDAAd,iBAAgBvD,IAAI,CAAC;MAClC;MACA,IAAAE,qBAAY,EAACE,KAAK,CAACE,KAAK,IAAI,IAAI8D,KAAK,EAAE,CAAC9D,KAAK,CAAC;IAChD;IACA,IAAAJ,qBAAY,kDAAiD;IAC7D,OAAO,KAAK;EACd,CAAC;EAAA;AAAA"}
1
+ {"version":3,"file":"AuthenticateOps.js","names":["adminClientPassword","redirectUrlTemplate","cloudIdmAdminScopes","forgeopsIdmAdminScopes","serviceAccountScopes","adminClientId","determineCookieName","data","getServerInfo","debugMessage","cookieName","error","printMessage","stack","checkAndHandle2FA","payload","element","callbacks","type","input","value","includes","need2fa","output","code","readlineSync","question","determineDefaultRealm","deploymentType","state","getRealm","globalConfig","DEFAULT_REALM_KEY","setRealm","DEPLOYMENT_TYPE_REALM_MAP","determineDeploymentType","cookieValue","getCookieValue","getUseBearerTokenForAmApis","CLOUD_DEPLOYMENT_TYPE_KEY","fidcClientId","forgeopsClientId","verifier","encodeBase64Url","randomBytes","challenge","createHash","update","digest","challengeMethod","redirectURL","url","resolve","getHost","config","maxRedirects","headers","getCookieName","bodyFormData","CLASSIC_DEPLOYMENT_TYPE_KEY","authorize","e","response","status","location","indexOf","verboseMessage","ex","FORGEOPS_DEPLOYMENT_TYPE_KEY","getSemanticVersion","versionInfo","versionString","version","rx","match","Error","authenticate","username","password","response1","step","skip2FA","response2","getAuthCode","codeChallenge","codeChallengeMethod","getDeploymentType","undefined","redirectLocationURL","queryObject","parse","query","message","getAccessTokenForUser","authCode","auth","accessToken","access_token","createPayload","serviceAccountId","u","parseUrl","aud","origin","port","protocol","pathname","exp","Math","floor","Date","getTime","jti","v4","iss","sub","getAccessTokenForServiceAccount","jwk","jwt","createSignedJwtToken","determineDeploymentTypeAndDefaultRealmAndVersion","setDeploymentType","getServerVersionInfo","fullVersion","setAmVersion","getLoggedInSubject","subjectString","getUsername","name","getServiceAccount","getServiceAccountId","getTokens","forceLoginAsUser","getPassword","getServiceAccountJwk","conn","getConnectionProfile","setHost","tenant","setUsername","setPassword","setAuthenticationService","authenticationService","setAuthenticationHeaderOverrides","authenticationHeaderOverrides","setServiceAccountId","svcacctId","setServiceAccountJwk","svcacctJwk","setCookieName","token","setBearerToken","setUseBearerTokenForAmApis","saErr","error_description","setCookieValue","getBearerToken"],"sources":["ops/AuthenticateOps.ts"],"sourcesContent":["import url from 'url';\nimport { createHash, randomBytes } from 'crypto';\nimport readlineSync from 'readline-sync';\nimport { encodeBase64Url } from '../api/utils/Base64';\nimport * as state from '../shared/State';\nimport * as globalConfig from '../storage/StaticStorage';\nimport { debugMessage, printMessage, verboseMessage } from './utils/Console';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport { step } from '../api/AuthenticateApi';\nimport { accessToken, authorize } from '../api/OAuth2OIDCApi';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { v4 } from 'uuid';\nimport { parseUrl } from '../api/utils/ApiUtils';\nimport { JwkRsa, createSignedJwtToken } from './JoseOps';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';\nconst forgeopsIdmAdminScopes = 'openid fr:idm:*';\nconst serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';\n\nlet adminClientId = 'idmAdminClient';\n\n/**\n * Helper function to get cookie name\n * @returns {String} cookie name\n */\nasync function determineCookieName() {\n try {\n const data = await getServerInfo();\n debugMessage(\n `AuthenticateOps.getCookieName: cookieName=${data.cookieName}`\n );\n return data.cookieName;\n } catch (error) {\n printMessage(`Error getting cookie name: ${error}`, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/**\n * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @returns {Object} an object indicating if 2fa is required and the original payload\n */\nfunction checkAndHandle2FA(payload) {\n // let skippable = false;\n if ('callbacks' in payload) {\n for (const element of payload.callbacks) {\n if (element.type === 'HiddenValueCallback') {\n if (element.input[0].value.includes('skip')) {\n // skippable = true;\n element.input[0].value = 'Skip';\n return {\n need2fa: true,\n payload,\n };\n }\n }\n if (element.type === 'NameCallback') {\n if (element.output[0].value.includes('code')) {\n // skippable = false;\n printMessage('2FA is enabled and required for this user...');\n const code = readlineSync.question(`${element.output[0].value}: `);\n element.input[0].value = code;\n return {\n need2fa: true,\n payload,\n };\n }\n }\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n}\n\n/**\n * Helper function to set the default realm by deployment type\n * @param {string} deploymentType deployment type\n */\nfunction determineDefaultRealm(deploymentType: string) {\n if (\n !state.getRealm() ||\n state.getRealm() === globalConfig.DEFAULT_REALM_KEY\n ) {\n state.setRealm(globalConfig.DEPLOYMENT_TYPE_REALM_MAP[deploymentType]);\n }\n}\n\n/**\n * Helper function to determine the deployment type\n * @returns {Promise<string>} deployment type\n */\nasync function determineDeploymentType(): Promise<string> {\n const cookieValue = state.getCookieValue();\n // https://bugster.forgerock.org/jira/browse/FRAAS-13018\n // There is a chance that this will be blocked due to security concerns and thus is probably best not to keep active\n // if (!cookieValue && getUseBearerTokenForAmApis()) {\n // const token = await getTokenInfo();\n // cookieValue = token.sessionToken;\n // setCookieValue(cookieValue);\n // }\n\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const fidcClientId = 'idmAdminClient';\n const forgeopsClientId = 'idm-admin-ui';\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${cloudIdmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n let deploymentType = globalConfig.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize(bodyFormData, config);\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage(`ForgeRock Identity Cloud`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${forgeopsIdmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize(bodyFormData, config);\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage(`ForgeOps deployment`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage(`Classic deployment`['brightCyan'] + ` detected.`);\n }\n }\n }\n }\n return deploymentType;\n}\n\n/**\n * Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n */\nasync function getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d])*)/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\n/**\n * Helper function to authenticate and obtain and store session cookie\n * @returns {string} Session token or null\n */\nasync function authenticate(\n username: string,\n password: string\n): Promise<string> {\n const config = {\n headers: {\n 'X-OpenAM-Username': username,\n 'X-OpenAM-Password': password,\n },\n };\n const response1 = await step({}, config);\n const skip2FA = checkAndHandle2FA(response1);\n let response2 = {};\n if (skip2FA.need2fa) {\n response2 = await step(skip2FA.payload);\n } else {\n response2 = skip2FA.payload;\n }\n if ('tokenId' in response2) {\n return response2['tokenId'] as string;\n }\n return null;\n}\n\n/**\n * Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @returns {string} oauth2 authorization code or null\n */\nasync function getAuthCode(redirectURL, codeChallenge, codeChallengeMethod) {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${\n state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY\n ? cloudIdmAdminScopes\n : forgeopsIdmAdminScopes\n }&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize(bodyFormData, config);\n } catch (error) {\n response = error.response;\n }\n if (response.status < 200 || response.status > 399) {\n printMessage('error getting auth code', 'error');\n printMessage(\n 'likely cause: mismatched parameters with OAuth client config',\n 'error'\n );\n return null;\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code;\n }\n printMessage('auth code not found', 'error');\n return null;\n } catch (error) {\n printMessage(`error getting auth code - ${error.message}`, 'error');\n printMessage(error.response?.data, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @returns {Promise<string | null>} access token or null\n */\nasync function getAccessTokenForUser(): Promise<string | null> {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: start`);\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(redirectURL, challenge, challengeMethod);\n if (authCode == null) {\n printMessage('error getting auth code', 'error');\n return null;\n }\n let response = null;\n if (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData, config);\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData);\n }\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end with token`);\n return response.data.access_token;\n }\n printMessage('No access token in response.', 'error');\n } catch (error) {\n debugMessage(`Error getting access token for user: ${error}`);\n debugMessage(error.response?.data);\n }\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end without token`);\n return null;\n}\n\nfunction createPayload(serviceAccountId: string) {\n const u = parseUrl(state.getHost());\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/**\n * Get access token for service account\n * @param {string} serviceAccountId UUID of service account\n * @param {JwkRsa} jwk Java Wek Key\n * @returns {string | null} Access token or null\n */\nexport async function getAccessTokenForServiceAccount(\n serviceAccountId: string,\n jwk: JwkRsa\n): Promise<string | null> {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: start`);\n const payload = createPayload(serviceAccountId);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: payload:`);\n debugMessage(payload);\n const jwt = await createSignedJwtToken(payload, jwk);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: jwt:`);\n debugMessage(jwt);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken(bodyFormData);\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: token:`);\n debugMessage(response.data.access_token);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return response.data.access_token;\n }\n debugMessage(\n `AuthenticateOps.getAccessTokenForServiceAccount: No access token in response.`\n );\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return null;\n}\n\nasync function determineDeploymentTypeAndDefaultRealmAndVersion() {\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`\n );\n if (!state.getDeploymentType()) {\n state.setDeploymentType(await determineDeploymentType());\n }\n determineDefaultRealm(state.getDeploymentType());\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`\n );\n\n const versionInfo = await getServerVersionInfo();\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage(`Full version: ${versionInfo.fullVersion}`);\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`\n );\n}\n\nasync function getLoggedInSubject(): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n const name = (await getServiceAccount(state.getServiceAccountId())).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n }\n return subjectString;\n}\n\n/**\n * Get tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\nexport async function getTokens(forceLoginAsUser = false): Promise<boolean> {\n debugMessage(`AuthenticateOps.getTokens: start`);\n if (!state.getHost()) {\n printMessage(\n `No host specified and FRODO_HOST env variable not set!`,\n 'error'\n );\n return false;\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile();\n if (conn) {\n state.setHost(conn.tenant);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n } else {\n return false;\n }\n }\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName());\n\n // use service account to login?\n if (\n !forceLoginAsUser &&\n state.getServiceAccountId() &&\n state.getServiceAccountJwk()\n ) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`\n );\n try {\n const token = await getAccessTokenForServiceAccount(\n state.getServiceAccountId(),\n state.getServiceAccountJwk()\n );\n state.setBearerToken(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n } catch (saErr) {\n debugMessage(saErr.response?.data || saErr);\n throw new Error(\n `Service account login error: ${\n saErr.response?.data?.error_description ||\n saErr.response?.data?.message ||\n saErr\n }`\n );\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`\n );\n const token = await authenticate(\n state.getUsername(),\n state.getPassword()\n );\n if (token) state.setCookieValue(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n if (\n state.getCookieValue() &&\n !state.getBearerToken() &&\n (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY ||\n state.getDeploymentType() ===\n globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getAccessTokenForUser();\n if (accessToken) state.setBearerToken(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n printMessage(`Incomplete or no credentials!`, 'error');\n return false;\n }\n if (\n state.getCookieValue() ||\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n // https://github.com/rockcarver/frodo-cli/issues/102\n printMessage(\n `Connected to ${state.getHost()} [${\n state.getRealm() ? state.getRealm() : 'root'\n }] as ${await getLoggedInSubject()}`,\n 'info'\n );\n debugMessage(`AuthenticateOps.getTokens: end with tokens`);\n return true;\n }\n } catch (error) {\n // regular error\n printMessage(error.message, 'error');\n // axios error am api\n printMessage(error.response?.data?.message, 'error');\n // axios error am oauth2 api\n printMessage(error.response?.data?.error_description, 'error');\n // axios error data\n debugMessage(error.response?.data);\n // stack trace\n debugMessage(error.stack || new Error().stack);\n }\n debugMessage(`AuthenticateOps.getTokens: end without tokens`);\n return false;\n}\n"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAA8D;AAAA;AAAA;AAAA;AAAA;AAE9D,IAAMA,mBAAmB,GAAG,eAAe;AAC3C,IAAMC,mBAAmB,GAAG,sCAAsC;AAElE,IAAMC,mBAAmB,GAAG,8BAA8B;AAC1D,IAAMC,sBAAsB,GAAG,iBAAiB;AAChD,IAAMC,oBAAoB,GAAG,+BAA+B;AAE5D,IAAIC,aAAa,GAAG,gBAAgB;;AAEpC;AACA;AACA;AACA;AAHA,SAIeC,mBAAmB;EAAA;AAAA;AAclC;AACA;AACA;AACA;AACA;AAJA;EAAA,yCAdA,aAAqC;IACnC,IAAI;MACF,IAAMC,IAAI,SAAS,IAAAC,4BAAa,GAAE;MAClC,IAAAC,qBAAY,sDACmCF,IAAI,CAACG,UAAU,EAC7D;MACD,OAAOH,IAAI,CAACG,UAAU;IACxB,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd,IAAAC,qBAAY,uCAA+BD,KAAK,GAAI,OAAO,CAAC;MAC5D,IAAAF,qBAAY,EAACE,KAAK,CAACE,KAAK,CAAC;MACzB,OAAO,IAAI;IACb;EACF,CAAC;EAAA;AAAA;AAOD,SAASC,iBAAiB,CAACC,OAAO,EAAE;EAClC;EACA,IAAI,WAAW,IAAIA,OAAO,EAAE;IAC1B,KAAK,IAAMC,OAAO,IAAID,OAAO,CAACE,SAAS,EAAE;MACvC,IAAID,OAAO,CAACE,IAAI,KAAK,qBAAqB,EAAE;QAC1C,IAAIF,OAAO,CAACG,KAAK,CAAC,CAAC,CAAC,CAACC,KAAK,CAACC,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC3C;UACAL,OAAO,CAACG,KAAK,CAAC,CAAC,CAAC,CAACC,KAAK,GAAG,MAAM;UAC/B,OAAO;YACLE,OAAO,EAAE,IAAI;YACbP;UACF,CAAC;QACH;MACF;MACA,IAAIC,OAAO,CAACE,IAAI,KAAK,cAAc,EAAE;QACnC,IAAIF,OAAO,CAACO,MAAM,CAAC,CAAC,CAAC,CAACH,KAAK,CAACC,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC5C;UACA,IAAAT,qBAAY,EAAC,8CAA8C,CAAC;UAC5D,IAAMY,IAAI,GAAGC,qBAAY,CAACC,QAAQ,WAAIV,OAAO,CAACO,MAAM,CAAC,CAAC,CAAC,CAACH,KAAK,QAAK;UAClEJ,OAAO,CAACG,KAAK,CAAC,CAAC,CAAC,CAACC,KAAK,GAAGI,IAAI;UAC7B,OAAO;YACLF,OAAO,EAAE,IAAI;YACbP;UACF,CAAC;QACH;MACF;IACF;IACA;IACA,OAAO;MACLO,OAAO,EAAE,KAAK;MACdP;IACF,CAAC;EACH;EACA;EACA,OAAO;IACLO,OAAO,EAAE,KAAK;IACdP;EACF,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA,SAASY,qBAAqB,CAACC,cAAsB,EAAE;EACrD,IACE,CAACC,KAAK,CAACC,QAAQ,EAAE,IACjBD,KAAK,CAACC,QAAQ,EAAE,KAAKC,YAAY,CAACC,iBAAiB,EACnD;IACAH,KAAK,CAACI,QAAQ,CAACF,YAAY,CAACG,yBAAyB,CAACN,cAAc,CAAC,CAAC;EACxE;AACF;;AAEA;AACA;AACA;AACA;AAHA,SAIeO,uBAAuB;EAAA;AAAA;AAgEtC;AACA;AACA;AACA;AACA;AAJA;EAAA,6CAhEA,aAA0D;IACxD,IAAMC,WAAW,GAAGP,KAAK,CAACQ,cAAc,EAAE;IAC1C;IACA;IACA;IACA;IACA;IACA;IACA;;IAEA;IACA,IAAIR,KAAK,CAACS,0BAA0B,EAAE,EACpC,OAAOP,YAAY,CAACQ,yBAAyB;IAE/C,IAAMC,YAAY,GAAG,gBAAgB;IACrC,IAAMC,gBAAgB,GAAG,cAAc;IAEvC,IAAMC,QAAQ,GAAG,IAAAC,qBAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;IACjD,IAAMC,SAAS,GAAG,IAAAF,qBAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,EAAE,CAC/C;IACD,IAAMC,eAAe,GAAG,MAAM;IAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACC,OAAO,CAACvB,KAAK,CAACwB,OAAO,EAAE,EAAEpD,mBAAmB,CAAC;IAErE,IAAMqD,MAAM,GAAG;MACbC,YAAY,EAAE,CAAC;MACfC,OAAO,EAAE;QACP,CAAC3B,KAAK,CAAC4B,aAAa,EAAE,GAAG5B,KAAK,CAACQ,cAAc;MAC/C;IACF,CAAC;IACD,IAAIqB,YAAY,0BAAmBR,WAAW,oBAAUhD,mBAAmB,2CAAiCsC,YAAY,mBAASJ,WAAW,4CAAkCS,SAAS,oCAA0BI,eAAe,CAAE;IAElO,IAAIrB,cAAc,GAAGG,YAAY,CAAC4B,2BAA2B;IAC7D,IAAI;MACF,MAAM,IAAAC,wBAAS,EAACF,YAAY,EAAEJ,MAAM,CAAC;IACvC,CAAC,CAAC,OAAOO,CAAC,EAAE;MAAA;MACV;MACA,IACE,gBAAAA,CAAC,CAACC,QAAQ,gDAAV,YAAYC,MAAM,MAAK,GAAG,IAC1B,wBAAAF,CAAC,CAACC,QAAQ,CAACN,OAAO,iFAAlB,oBAAoBQ,QAAQ,0DAA5B,sBAA8BC,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACnD;QACA,IAAAC,uBAAc,EAAC,2BAA2B,YAAY,CAAC,eAAe,CAAC;QACvEtC,cAAc,GAAGG,YAAY,CAACQ,yBAAyB;MACzD,CAAC,MAAM;QACL,IAAI;UACFmB,YAAY,0BAAmBR,WAAW,oBAAU/C,sBAAsB,2CAAiCsC,gBAAgB,mBAASZ,KAAK,CAACQ,cAAc,EAAE,4CAAkCQ,SAAS,oCAA0BI,eAAe,CAAE;UAChP,MAAM,IAAAW,wBAAS,EAACF,YAAY,EAAEJ,MAAM,CAAC;QACvC,CAAC,CAAC,OAAOa,EAAE,EAAE;UAAA;UACX,IACE,iBAAAA,EAAE,CAACL,QAAQ,iDAAX,aAAaC,MAAM,MAAK,GAAG,IAC3B,yBAAAI,EAAE,CAACL,QAAQ,CAACN,OAAO,kFAAnB,qBAAqBQ,QAAQ,0DAA7B,sBAA+BC,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACpD;YACA5D,aAAa,GAAGoC,gBAAgB;YAChC,IAAAyB,uBAAc,EAAC,sBAAsB,YAAY,CAAC,eAAe,CAAC;YAClEtC,cAAc,GAAGG,YAAY,CAACqC,4BAA4B;UAC5D,CAAC,MAAM;YACL,IAAAF,uBAAc,EAAC,qBAAqB,YAAY,CAAC,eAAe,CAAC;UACnE;QACF;MACF;IACF;IACA,OAAOtC,cAAc;EACvB,CAAC;EAAA;AAAA;AAAA,SAOcyC,kBAAkB;EAAA;AAAA;AAUjC;AACA;AACA;AACA;AAHA;EAAA,wCAVA,WAAkCC,WAAW,EAAE;IAC7C,IAAI,SAAS,IAAIA,WAAW,EAAE;MAC5B,IAAMC,aAAa,GAAGD,WAAW,CAACE,OAAO;MACzC,IAAMC,EAAE,GAAG,8BAA8B;MACzC,IAAMD,OAAO,GAAGD,aAAa,CAACG,KAAK,CAACD,EAAE,CAAC;MACvC,OAAOD,OAAO,CAAC,CAAC,CAAC;IACnB;IACA,MAAM,IAAIG,KAAK,CAAC,2DAA2D,CAAC;EAC9E,CAAC;EAAA;AAAA;AAAA,SAMcC,YAAY;EAAA;AAAA;AAwB3B;AACA;AACA;AACA;AACA;AACA;AACA;AANA;EAAA,kCAxBA,WACEC,QAAgB,EAChBC,QAAgB,EACC;IACjB,IAAMxB,MAAM,GAAG;MACbE,OAAO,EAAE;QACP,mBAAmB,EAAEqB,QAAQ;QAC7B,mBAAmB,EAAEC;MACvB;IACF,CAAC;IACD,IAAMC,SAAS,SAAS,IAAAC,qBAAI,EAAC,CAAC,CAAC,EAAE1B,MAAM,CAAC;IACxC,IAAM2B,OAAO,GAAGnE,iBAAiB,CAACiE,SAAS,CAAC;IAC5C,IAAIG,SAAS,GAAG,CAAC,CAAC;IAClB,IAAID,OAAO,CAAC3D,OAAO,EAAE;MACnB4D,SAAS,SAAS,IAAAF,qBAAI,EAACC,OAAO,CAAClE,OAAO,CAAC;IACzC,CAAC,MAAM;MACLmE,SAAS,GAAGD,OAAO,CAAClE,OAAO;IAC7B;IACA,IAAI,SAAS,IAAImE,SAAS,EAAE;MAC1B,OAAOA,SAAS,CAAC,SAAS,CAAC;IAC7B;IACA,OAAO,IAAI;EACb,CAAC;EAAA;AAAA;AAAA,SAScC,WAAW;EAAA;AAAA;AA0C1B;AACA;AACA;AACA;AAHA;EAAA,iCA1CA,WAA2BjC,WAAW,EAAEkC,aAAa,EAAEC,mBAAmB,EAAE;IAC1E,IAAI;MAAA;MACF,IAAM3B,YAAY,0BAAmBR,WAAW,oBAC9CrB,KAAK,CAACyD,iBAAiB,EAAE,KAAKvD,YAAY,CAACQ,yBAAyB,GAChErC,mBAAmB,GACnBC,sBAAsB,2CACKE,aAAa,mBAASwB,KAAK,CAACQ,cAAc,EAAE,4CAAkC+C,aAAa,oCAA0BC,mBAAmB,CAAE;MAC3K,IAAM/B,MAAM,GAAG;QACbE,OAAO,EAAE;UACP,cAAc,EAAE;QAClB,CAAC;QACDD,YAAY,EAAE;MAChB,CAAC;MACD,IAAIO,QAAQ,GAAGyB,SAAS;MACxB,IAAI;QACFzB,QAAQ,SAAS,IAAAF,wBAAS,EAACF,YAAY,EAAEJ,MAAM,CAAC;MAClD,CAAC,CAAC,OAAO3C,KAAK,EAAE;QACdmD,QAAQ,GAAGnD,KAAK,CAACmD,QAAQ;MAC3B;MACA,IAAIA,QAAQ,CAACC,MAAM,GAAG,GAAG,IAAID,QAAQ,CAACC,MAAM,GAAG,GAAG,EAAE;QAClD,IAAAnD,qBAAY,EAAC,yBAAyB,EAAE,OAAO,CAAC;QAChD,IAAAA,qBAAY,EACV,8DAA8D,EAC9D,OAAO,CACR;QACD,OAAO,IAAI;MACb;MACA,IAAM4E,mBAAmB,wBAAG1B,QAAQ,CAACN,OAAO,sDAAhB,kBAAkBQ,QAAQ;MACtD,IAAMyB,WAAW,GAAGtC,YAAG,CAACuC,KAAK,CAACF,mBAAmB,EAAE,IAAI,CAAC,CAACG,KAAK;MAC9D,IAAI,MAAM,IAAIF,WAAW,EAAE;QACzB,OAAOA,WAAW,CAACjE,IAAI;MACzB;MACA,IAAAZ,qBAAY,EAAC,qBAAqB,EAAE,OAAO,CAAC;MAC5C,OAAO,IAAI;IACb,CAAC,CAAC,OAAOD,KAAK,EAAE;MAAA;MACd,IAAAC,qBAAY,sCAA8BD,KAAK,CAACiF,OAAO,GAAI,OAAO,CAAC;MACnE,IAAAhF,qBAAY,qBAACD,KAAK,CAACmD,QAAQ,oDAAd,gBAAgBvD,IAAI,EAAE,OAAO,CAAC;MAC3C,IAAAE,qBAAY,EAACE,KAAK,CAACE,KAAK,CAAC;MACzB,OAAO,IAAI;IACb;EACF,CAAC;EAAA;AAAA;AAAA,SAMcgF,qBAAqB;EAAA;AAAA;AAAA;EAAA,2CAApC,aAA+D;IAC7D,IAAApF,qBAAY,iDAAgD;IAC5D,IAAI;MACF,IAAMiC,QAAQ,GAAG,IAAAC,qBAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;MACjD,IAAMC,SAAS,GAAG,IAAAF,qBAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,EAAE,CAC/C;MACD,IAAMC,eAAe,GAAG,MAAM;MAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACC,OAAO,CAACvB,KAAK,CAACwB,OAAO,EAAE,EAAEpD,mBAAmB,CAAC;MACrE,IAAM6F,QAAQ,SAASX,WAAW,CAACjC,WAAW,EAAEL,SAAS,EAAEI,eAAe,CAAC;MAC3E,IAAI6C,QAAQ,IAAI,IAAI,EAAE;QACpB,IAAAlF,qBAAY,EAAC,yBAAyB,EAAE,OAAO,CAAC;QAChD,OAAO,IAAI;MACb;MACA,IAAIkD,QAAQ,GAAG,IAAI;MACnB,IAAIjC,KAAK,CAACyD,iBAAiB,EAAE,KAAKvD,YAAY,CAACQ,yBAAyB,EAAE;QACxE,IAAMe,MAAM,GAAG;UACbyC,IAAI,EAAE;YACJlB,QAAQ,EAAExE,aAAa;YACvByE,QAAQ,EAAE9E;UACZ;QACF,CAAC;QACD,IAAM0D,YAAY,0BAAmBR,WAAW,iDAAuC4C,QAAQ,4BAAkBpD,QAAQ,CAAE;QAC3HoB,QAAQ,SAAS,IAAAkC,0BAAW,EAACtC,YAAY,EAAEJ,MAAM,CAAC;MACpD,CAAC,MAAM;QACL,IAAMI,aAAY,uBAAgBrD,aAAa,2BAAiB6C,WAAW,iDAAuC4C,QAAQ,4BAAkBpD,QAAQ,CAAE;QACtJoB,QAAQ,SAAS,IAAAkC,0BAAW,EAACtC,aAAY,CAAC;MAC5C;MACA,IAAI,cAAc,IAAII,QAAQ,CAACvD,IAAI,EAAE;QACnC,IAAAE,qBAAY,0DAAyD;QACrE,OAAOqD,QAAQ,CAACvD,IAAI,CAAC0F,YAAY;MACnC;MACA,IAAArF,qBAAY,EAAC,8BAA8B,EAAE,OAAO,CAAC;IACvD,CAAC,CAAC,OAAOD,KAAK,EAAE;MAAA;MACd,IAAAF,qBAAY,iDAAyCE,KAAK,EAAG;MAC7D,IAAAF,qBAAY,sBAACE,KAAK,CAACmD,QAAQ,qDAAd,iBAAgBvD,IAAI,CAAC;IACpC;IACA,IAAAE,qBAAY,6DAA4D;IACxE,OAAO,IAAI;EACb,CAAC;EAAA;AAAA;AAED,SAASyF,aAAa,CAACC,gBAAwB,EAAE;EAC/C,IAAMC,CAAC,GAAG,IAAAC,kBAAQ,EAACxE,KAAK,CAACwB,OAAO,EAAE,CAAC;EACnC,IAAMiD,GAAG,aAAMF,CAAC,CAACG,MAAM,cACrBH,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACK,QAAQ,KAAK,OAAO,GAAG,KAAK,GAAG,IAAI,SACtDL,CAAC,CAACM,QAAQ,yBAAsB;;EAEnC;EACA,IAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAAC,IAAIC,IAAI,EAAE,CAACC,OAAO,EAAE,GAAG,IAAI,GAAG,GAAG,CAAC;;EAEzD;EACA,IAAMC,GAAG,GAAG,IAAAC,QAAE,GAAE;EAEhB,IAAMC,GAAG,GAAGf,gBAAgB;EAC5B,IAAMgB,GAAG,GAAGhB,gBAAgB;;EAE5B;EACA,IAAMpF,OAAO,GAAG;IAAEmG,GAAG;IAAEC,GAAG;IAAEb,GAAG;IAAEK,GAAG;IAAEK;EAAI,CAAC;EAE3C,OAAOjG,OAAO;AAChB;;AAEA;AACA;AACA;AACA;AACA;AACA;AALA,SAMsBqG,+BAA+B;EAAA;AAAA;AAAA;EAAA,qDAA9C,WACLjB,gBAAwB,EACxBkB,GAAW,EACa;IACxB,IAAA5G,qBAAY,2DAA0D;IACtE,IAAMM,OAAO,GAAGmF,aAAa,CAACC,gBAAgB,CAAC;IAC/C,IAAA1F,qBAAY,8DAA6D;IACzE,IAAAA,qBAAY,EAACM,OAAO,CAAC;IACrB,IAAMuG,GAAG,SAAS,IAAAC,6BAAoB,EAACxG,OAAO,EAAEsG,GAAG,CAAC;IACpD,IAAA5G,qBAAY,0DAAyD;IACrE,IAAAA,qBAAY,EAAC6G,GAAG,CAAC;IACjB,IAAM5D,YAAY,uBAAgB4D,GAAG,qGAA2FlH,oBAAoB,CAAE;IACtJ,IAAM0D,QAAQ,SAAS,IAAAkC,0BAAW,EAACtC,YAAY,CAAC;IAChD,IAAI,cAAc,IAAII,QAAQ,CAACvD,IAAI,EAAE;MACnC,IAAAE,qBAAY,4DAA2D;MACvE,IAAAA,qBAAY,EAACqD,QAAQ,CAACvD,IAAI,CAAC0F,YAAY,CAAC;MACxC,IAAAxF,qBAAY,yDAAwD;MACpE,OAAOqD,QAAQ,CAACvD,IAAI,CAAC0F,YAAY;IACnC;IACA,IAAAxF,qBAAY,kFAEX;IACD,IAAAA,qBAAY,yDAAwD;IACpE,OAAO,IAAI;EACb,CAAC;EAAA;AAAA;AAAA,SAEc+G,gDAAgD;EAAA;AAAA;AAAA;EAAA,sEAA/D,aAAkE;IAChE,IAAA/G,qBAAY,4EAEX;IACD,IAAI,CAACoB,KAAK,CAACyD,iBAAiB,EAAE,EAAE;MAC9BzD,KAAK,CAAC4F,iBAAiB,OAAOtF,uBAAuB,EAAE,CAAC;IAC1D;IACAR,qBAAqB,CAACE,KAAK,CAACyD,iBAAiB,EAAE,CAAC;IAChD,IAAA7E,qBAAY,oFACiEoB,KAAK,CAACC,QAAQ,EAAE,oBAAUD,KAAK,CAACyD,iBAAiB,EAAE,EAC/H;IAED,IAAMhB,WAAW,SAAS,IAAAoD,mCAAoB,GAAE;;IAEhD;IACA,IAAAjH,qBAAY,0BAAkB6D,WAAW,CAACqD,WAAW,EAAG;IAExD,IAAMnD,OAAO,SAASH,kBAAkB,CAACC,WAAW,CAAC;IACrDzC,KAAK,CAAC+F,YAAY,CAACpD,OAAO,CAAC;IAC3B,IAAA/D,qBAAY,0EAEX;EACH,CAAC;EAAA;AAAA;AAAA,SAEcoH,kBAAkB;EAAA;AAAA;AASjC;AACA;AACA;AACA;AACA;AAJA;EAAA,wCATA,aAAqD;IACnD,IAAIC,aAAa,kBAAWjG,KAAK,CAACkG,WAAW,EAAE,CAAE;IACjD,IAAIlG,KAAK,CAACS,0BAA0B,EAAE,EAAE;MACtC,IAAM0F,IAAI,GAAG,OAAO,IAAAC,oCAAiB,EAACpG,KAAK,CAACqG,mBAAmB,EAAE,CAAC,EAAEF,IAAI;MACxEF,aAAa,6BAAsBE,IAAI,eAAKnG,KAAK,CAACqG,mBAAmB,EAAE,MAAG;IAC5E;IACA,OAAOJ,aAAa;EACtB,CAAC;EAAA;AAAA;AAAA,SAOqBK,SAAS;EAAA;AAAA;AAAA;EAAA,+BAAxB,aAAqE;IAAA,IAA5CC,gBAAgB,uEAAG,KAAK;IACtD,IAAA3H,qBAAY,qCAAoC;IAChD,IAAI,CAACoB,KAAK,CAACwB,OAAO,EAAE,EAAE;MACpB,IAAAzC,qBAAY,4DAEV,OAAO,CACR;MACD,OAAO,KAAK;IACd;IACA,IAAI;MACF;MACA,IACEiB,KAAK,CAACkG,WAAW,EAAE,IAAI,IAAI,IAC3BlG,KAAK,CAACwG,WAAW,EAAE,IAAI,IAAI,IAC3B,CAACxG,KAAK,CAACqG,mBAAmB,EAAE,IAC5B,CAACrG,KAAK,CAACyG,oBAAoB,EAAE,EAC7B;QACA,IAAMC,IAAI,SAAS,IAAAC,0CAAoB,GAAE;QACzC,IAAID,IAAI,EAAE;UACR1G,KAAK,CAAC4G,OAAO,CAACF,IAAI,CAACG,MAAM,CAAC;UAC1B7G,KAAK,CAAC8G,WAAW,CAACJ,IAAI,CAAC1D,QAAQ,CAAC;UAChChD,KAAK,CAAC+G,WAAW,CAACL,IAAI,CAACzD,QAAQ,CAAC;UAChCjD,KAAK,CAACgH,wBAAwB,CAACN,IAAI,CAACO,qBAAqB,CAAC;UAC1DjH,KAAK,CAACkH,gCAAgC,CACpCR,IAAI,CAACS,6BAA6B,CACnC;UACDnH,KAAK,CAACoH,mBAAmB,CAACV,IAAI,CAACW,SAAS,CAAC;UACzCrH,KAAK,CAACsH,oBAAoB,CAACZ,IAAI,CAACa,UAAU,CAAC;QAC7C,CAAC,MAAM;UACL,OAAO,KAAK;QACd;MACF;MACA;MACAvH,KAAK,CAACwH,aAAa,OAAO/I,mBAAmB,EAAE,CAAC;;MAEhD;MACA,IACE,CAAC8H,gBAAgB,IACjBvG,KAAK,CAACqG,mBAAmB,EAAE,IAC3BrG,KAAK,CAACyG,oBAAoB,EAAE,EAC5B;QACA,IAAA7H,qBAAY,2EACwDoB,KAAK,CAACqG,mBAAmB,EAAE,EAC9F;QACD,IAAI;UACF,IAAMoB,KAAK,SAASlC,+BAA+B,CACjDvF,KAAK,CAACqG,mBAAmB,EAAE,EAC3BrG,KAAK,CAACyG,oBAAoB,EAAE,CAC7B;UACDzG,KAAK,CAAC0H,cAAc,CAACD,KAAK,CAAC;UAC3BzH,KAAK,CAAC2H,0BAA0B,CAAC,IAAI,CAAC;UACtC,MAAMhC,gDAAgD,EAAE;QAC1D,CAAC,CAAC,OAAOiC,KAAK,EAAE;UAAA;UACd,IAAAhJ,qBAAY,EAAC,oBAAAgJ,KAAK,CAAC3F,QAAQ,oDAAd,gBAAgBvD,IAAI,KAAIkJ,KAAK,CAAC;UAC3C,MAAM,IAAI9E,KAAK,wCAEX,qBAAA8E,KAAK,CAAC3F,QAAQ,8EAAd,iBAAgBvD,IAAI,0DAApB,sBAAsBmJ,iBAAiB,0BACvCD,KAAK,CAAC3F,QAAQ,8EAAd,iBAAgBvD,IAAI,0DAApB,sBAAsBqF,OAAO,KAC7B6D,KAAK,EAER;QACH;MACF;MACA;MAAA,KACK,IAAI5H,KAAK,CAACkG,WAAW,EAAE,IAAIlG,KAAK,CAACwG,WAAW,EAAE,EAAE;QACnD,IAAA5H,qBAAY,wEACqDoB,KAAK,CAACkG,WAAW,EAAE,EACnF;QACD,IAAMuB,MAAK,SAAS1E,YAAY,CAC9B/C,KAAK,CAACkG,WAAW,EAAE,EACnBlG,KAAK,CAACwG,WAAW,EAAE,CACpB;QACD,IAAIiB,MAAK,EAAEzH,KAAK,CAAC8H,cAAc,CAACL,MAAK,CAAC;QACtC,MAAM9B,gDAAgD,EAAE;QACxD,IACE3F,KAAK,CAACQ,cAAc,EAAE,IACtB,CAACR,KAAK,CAAC+H,cAAc,EAAE,KACtB/H,KAAK,CAACyD,iBAAiB,EAAE,KAAKvD,YAAY,CAACQ,yBAAyB,IACnEV,KAAK,CAACyD,iBAAiB,EAAE,KACvBvD,YAAY,CAACqC,4BAA4B,CAAC,EAC9C;UACA,IAAM4B,YAAW,SAASH,qBAAqB,EAAE;UACjD,IAAIG,YAAW,EAAEnE,KAAK,CAAC0H,cAAc,CAACvD,YAAW,CAAC;QACpD;MACF;MACA;MAAA,KACK;QACH,IAAApF,qBAAY,mCAAkC,OAAO,CAAC;QACtD,OAAO,KAAK;MACd;MACA,IACEiB,KAAK,CAACQ,cAAc,EAAE,IACrBR,KAAK,CAACS,0BAA0B,EAAE,IAAIT,KAAK,CAAC+H,cAAc,EAAG,EAC9D;QACA;QACA,IAAAhJ,qBAAY,yBACMiB,KAAK,CAACwB,OAAO,EAAE,eAC7BxB,KAAK,CAACC,QAAQ,EAAE,GAAGD,KAAK,CAACC,QAAQ,EAAE,GAAG,MAAM,wBAChC+F,kBAAkB,EAAE,GAClC,MAAM,CACP;QACD,IAAApH,qBAAY,+CAA8C;QAC1D,OAAO,IAAI;MACb;IACF,CAAC,CAAC,OAAOE,KAAK,EAAE;MAAA;MACd;MACA,IAAAC,qBAAY,EAACD,KAAK,CAACiF,OAAO,EAAE,OAAO,CAAC;MACpC;MACA,IAAAhF,qBAAY,sBAACD,KAAK,CAACmD,QAAQ,8EAAd,iBAAgBvD,IAAI,0DAApB,sBAAsBqF,OAAO,EAAE,OAAO,CAAC;MACpD;MACA,IAAAhF,qBAAY,sBAACD,KAAK,CAACmD,QAAQ,8EAAd,iBAAgBvD,IAAI,0DAApB,sBAAsBmJ,iBAAiB,EAAE,OAAO,CAAC;MAC9D;MACA,IAAAjJ,qBAAY,sBAACE,KAAK,CAACmD,QAAQ,qDAAd,iBAAgBvD,IAAI,CAAC;MAClC;MACA,IAAAE,qBAAY,EAACE,KAAK,CAACE,KAAK,IAAI,IAAI8D,KAAK,EAAE,CAAC9D,KAAK,CAAC;IAChD;IACA,IAAAJ,qBAAY,kDAAiD;IAC7D,OAAO,KAAK;EACd,CAAC;EAAA;AAAA"}
package/cjs/ops/cloud/LogOps.js CHANGED
@@ -138,27 +138,29 @@ function _provisionCreds() {
138
138
  _provisionCreds = _asyncToGenerator(function* () {
139
139
  try {
140
140
  var keyName = "frodo-".concat(state.getUsername());
141
- return (0, LogApi.getAPIKeys)().then(response => {
142
- response.data.result.forEach(k => {
141
+ try {
142
+ var response = yield (0, LogApi.getAPIKeys)();
143
+ for (var k of response.result) {
143
144
  if (k.name === keyName) {
144
145
  // append current timestamp to name if the named key already exists
145
146
  keyName = "".concat(keyName, "-").concat((0, _ExportImportUtils.getCurrentTimestamp)());
146
147
  }
147
- });
148
- return (0, LogApi.createAPIKeyAndSecret)(keyName).then(resp => {
148
+ }
149
+ try {
150
+ var resp = yield (0, LogApi.createAPIKeyAndSecret)(keyName);
149
151
  if (resp.data.name !== keyName) {
150
152
  (0, _Console.printMessage)("create keys ERROR: could not create log API key ".concat(keyName), 'error');
151
153
  return null;
152
154
  }
153
- (0, _Console.printMessage)("Created a new log API key [".concat(keyName, "] in ").concat(state.getHost()));
155
+ (0, _Console.verboseMessage)("Created a new log API key [".concat(keyName, "] in ").concat(state.getHost()));
154
156
  return resp.data;
155
- }).catch(error => {
157
+ } catch (error) {
156
158
  (0, _Console.printMessage)("create keys ERROR: create keys call returned ".concat(error), 'error');
157
159
  return null;
158
- });
159
- }).catch(error => {
160
+ }
161
+ } catch (error) {
160
162
  (0, _Console.printMessage)("get keys ERROR: get keys call returned ".concat(error), 'error');
161
- });
163
+ }
162
164
  } catch (e) {
163
165
  (0, _Console.printMessage)("create keys ERROR: create keys data error - ".concat(e), 'error');
164
166
  return null;
package/cjs/ops/cloud/LogOps.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"LogOps.js","names":["unfilterableNoise","miscNoise","journeysNoise","journeys","samlNoise","saml","noise","concat","numLogLevelMap","logLevelMap","SEVERE","ERROR","FATAL","WARN","WARNING","CONFIG","INFO","INFORMATION","DEBUG","FINE","FINER","FINEST","ALL","defaultNoiseFilter","resolveLevel","level","Number","isNaN","parseInt","resolvePayloadLevel","log","type","payload","match","e","getLogSources","sources","getSources","then","response","data","result","forEach","item","push","catch","error","printMessage","tailLogs","source","levels","txid","cookie","nf","LogApi","tail","status","logsObject","filteredLogs","noiseFilter","Array","isArray","filter","el","includes","logger","transactionId","JSON","stringify","setTimeout","pagedResultsCookie","provisionCreds","keyName","state","getUsername","getAPIKeys","k","name","getCurrentTimestamp","createAPIKeyAndSecret","resp","getHost","fetchLogs","startTs","endTs","ffString","fetch"],"sources":["ops/cloud/LogOps.ts"],"sourcesContent":["import { printMessage } from '../utils/Console';\nimport { getCurrentTimestamp } from '../utils/ExportImportUtils';\nimport {\n createAPIKeyAndSecret,\n getAPIKeys,\n getSources,\n} from '../../api/cloud/LogApi';\n\nimport * as state from '../../shared/State';\n\nimport * as LogApi from '../../api/cloud/LogApi';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst unfilterableNoise = [\n 'text/plain', // Unfortunately, it is impossible to filter out those without excluding IDM script logging as well\n];\n\nconst miscNoise = [\n 'com.iplanet.dpro.session.operations.ServerSessionOperationStrategy',\n 'com.iplanet.dpro.session.SessionIDFactory',\n 'com.iplanet.dpro.session.share.SessionEncodeURL',\n 'com.iplanet.services.naming.WebtopNaming',\n 'com.iplanet.sso.providers.dpro.SSOProviderImpl',\n 'com.sun.identity.authentication.AuthContext',\n 'com.sun.identity.authentication.client.AuthClientUtils',\n 'com.sun.identity.authentication.config.AMAuthConfigType',\n 'com.sun.identity.authentication.config.AMAuthenticationManager',\n 'com.sun.identity.authentication.config.AMAuthLevelManager',\n 'com.sun.identity.authentication.config.AMConfiguration',\n 'com.sun.identity.authentication.jaas.LoginContext',\n 'com.sun.identity.authentication.modules.application.Application',\n 'com.sun.identity.authentication.server.AuthContextLocal',\n 'com.sun.identity.authentication.service.AMLoginContext',\n 'com.sun.identity.authentication.service.AuthContextLookup',\n 'com.sun.identity.authentication.service.AuthD',\n 'com.sun.identity.authentication.service.AuthUtils',\n 'com.sun.identity.authentication.service.DSAMECallbackHandler',\n 'com.sun.identity.authentication.service.LoginState',\n 'com.sun.identity.authentication.spi.AMLoginModule',\n 'com.sun.identity.delegation.DelegationEvaluatorImpl',\n 'com.sun.identity.idm.plugins.internal.AgentsRepo',\n 'com.sun.identity.idm.server.IdCachedServicesImpl',\n 'com.sun.identity.idm.server.IdRepoPluginsCache',\n 'com.sun.identity.idm.server.IdServicesImpl',\n 'com.sun.identity.log.spi.ISDebug',\n 'com.sun.identity.shared.encode.CookieUtils',\n 'com.sun.identity.sm.ldap.SMSLdapObject',\n 'com.sun.identity.sm.CachedSMSEntry',\n 'com.sun.identity.sm.CachedSubEntries',\n 'com.sun.identity.sm.DNMapper',\n 'com.sun.identity.sm.ServiceConfigImpl',\n 'com.sun.identity.sm.ServiceConfigManagerImpl',\n 'com.sun.identity.sm.SMSEntry',\n 'com.sun.identity.sm.SMSUtils',\n 'com.sun.identity.sm.SmsWrapperObject',\n 'oauth2',\n 'org.apache.http.client.protocol.RequestAuthCache',\n 'org.apache.http.impl.conn.PoolingHttpClientConnectionManager',\n 'org.apache.http.impl.nio.client.InternalHttpAsyncClient',\n 'org.apache.http.impl.nio.client.InternalIODispatch',\n 'org.apache.http.impl.nio.client.MainClientExec',\n 'org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl',\n 'org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager',\n 'org.forgerock.audit.AuditServiceImpl',\n 'org.forgerock.oauth2.core.RealmOAuth2ProviderSettings',\n 'org.forgerock.openam.authentication.service.JAASModuleDetector',\n 'org.forgerock.openam.authentication.service.LoginContextFactory',\n 'org.forgerock.openam.blacklist.BloomFilterBlacklist',\n 'org.forgerock.openam.blacklist.CTSBlacklist',\n 'org.forgerock.openam.core.realms.impl.CachingRealmLookup',\n 'org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerManager',\n 'org.forgerock.openam.core.rest.authn.trees.AuthTrees',\n 'org.forgerock.openam.cors.CorsFilter',\n 'org.forgerock.openam.cts.CTSPersistentStoreImpl',\n 'org.forgerock.openam.cts.impl.CoreTokenAdapter',\n 'org.forgerock.openam.cts.impl.queue.AsyncResultHandler',\n 'org.forgerock.openam.cts.reaper.ReaperDeleteOnQueryResultHandler',\n 'org.forgerock.openam.headers.DisableSameSiteCookiesFilter',\n 'org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo',\n 'org.forgerock.openam.rest.CsrfFilter',\n 'org.forgerock.openam.rest.restAuthenticationFilter',\n 'org.forgerock.openam.rest.fluent.CrestLoggingFilter',\n 'org.forgerock.openam.session.cts.CtsOperations',\n 'org.forgerock.openam.session.stateless.StatelessSessionManager',\n 'org.forgerock.openam.sm.datalayer.impl.ldap.ExternalLdapConfig',\n 'org.forgerock.openam.sm.datalayer.impl.ldap.LdapQueryBuilder',\n 'org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutor',\n 'org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutorThread',\n 'org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider',\n 'org.forgerock.openam.sm.file.ConfigFileSystemHandler',\n 'org.forgerock.openam.social.idp.SocialIdentityProviders',\n 'org.forgerock.openam.utils.ClientUtils',\n 'org.forgerock.opendj.ldap.CachedConnectionPool',\n 'org.forgerock.opendj.ldap.LoadBalancer',\n 'org.forgerock.secrets.keystore.KeyStoreSecretStore',\n 'org.forgerock.secrets.propertyresolver.PropertyResolverSecretStore',\n 'org.forgerock.secrets.SecretsProvider',\n];\n\nconst journeysNoise = [\n 'org.forgerock.openam.auth.trees.engine.AuthTreeExecutor',\n];\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst journeys = [\n 'org.forgerock.openam.auth.nodes.SelectIdPNode',\n 'org.forgerock.openam.auth.nodes.ValidatedPasswordNode',\n 'org.forgerock.openam.auth.nodes.ValidatedUsernameNode',\n 'org.forgerock.openam.auth.trees.engine.AuthTreeExecutor',\n];\n\nconst samlNoise = [\n 'com.sun.identity.cot.COTCache',\n 'com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl',\n 'com.sun.identity.saml2.meta.SAML2MetaCache',\n 'com.sun.identity.saml2.profile.CacheCleanUpRunnable',\n 'org.apache.xml.security.keys.KeyInfo',\n 'org.apache.xml.security.signature.XMLSignature',\n 'org.apache.xml.security.utils.SignerOutputStream',\n 'org.apache.xml.security.utils.resolver.ResourceResolver',\n 'org.apache.xml.security.utils.resolver.implementations.ResolverFragment',\n 'org.apache.xml.security.algorithms.JCEMapper',\n 'org.apache.xml.security.algorithms.implementations.SignatureBaseRSA',\n 'org.apache.xml.security.algorithms.SignatureAlgorithm',\n 'org.apache.xml.security.utils.ElementProxy',\n 'org.apache.xml.security.transforms.Transforms',\n 'org.apache.xml.security.utils.DigesterOutputStream',\n 'org.apache.xml.security.signature.Reference',\n 'org.apache.xml.security.signature.Manifest',\n];\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst saml = [\n 'jsp.saml2.spAssertionConsumer',\n 'com.sun.identity.saml.common.SAMLUtils',\n 'com.sun.identity.saml2.common.SAML2Utils',\n 'com.sun.identity.saml2.meta.SAML2MetaManager',\n 'com.sun.identity.saml2.xmlsig.FMSigProvider',\n];\n\nconst noise = miscNoise.concat(samlNoise).concat(journeysNoise);\n\nconst numLogLevelMap = {\n 0: ['SEVERE', 'ERROR', 'FATAL'],\n 1: ['WARNING', 'WARN', 'CONFIG'],\n 2: ['INFO', 'INFORMATION'],\n 3: ['DEBUG', 'FINE', 'FINER', 'FINEST'],\n 4: ['ALL'],\n};\n\nconst logLevelMap = {\n SEVERE: ['SEVERE', 'ERROR', 'FATAL'],\n ERROR: ['SEVERE', 'ERROR', 'FATAL'],\n FATAL: ['SEVERE', 'ERROR', 'FATAL'],\n WARN: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n WARNING: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n CONFIG: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n INFO: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n ],\n INFORMATION: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n ],\n DEBUG: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINE: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINER: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINEST: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n ALL: ['ALL'],\n};\n\nexport function defaultNoiseFilter() {\n return noise;\n}\n\nexport function resolveLevel(level) {\n // const levels = ['FATAL', 'ERROR', 'WARN', 'INFO', 'DEBUG', 'TRACE', 'ALL'];\n // levels.splice(levels.indexOf(levelName) + 1, levels.length);\n if (Number.isNaN(parseInt(level, 10))) {\n return logLevelMap[level];\n }\n return logLevelMap[numLogLevelMap[level][0]];\n}\n\n// It seems that the undesirable 'text/plain' logs start with a date, not a LEVEL\n// Therefore, for those, this function returns null, and thus filters out the undesirable\nexport function resolvePayloadLevel(log) {\n try {\n return log.type !== 'text/plain'\n ? log.payload.level\n : log.payload.match(/^([^:]*):/)[1];\n } catch (e) {\n // Fail-safe for no group match\n return null;\n }\n}\n\nexport async function getLogSources() {\n const sources = [];\n await getSources()\n .then((response) => {\n response.data.result.forEach((item) => {\n sources.push(item);\n });\n })\n .catch((error) => {\n printMessage(\n `getSources ERROR: get log sources call returned ${error}}`,\n 'error'\n );\n return [];\n });\n return sources;\n}\n\nexport async function tailLogs(source, levels, txid, cookie, nf) {\n try {\n const response = await LogApi.tail(source, cookie);\n if (response.status < 200 || response.status > 399) {\n printMessage(\n `tail ERROR: tail call returned ${response.status}`,\n 'error'\n );\n return null;\n }\n // if (!cookie) {\n // await saveConnection();\n // }\n const logsObject = response.data;\n let filteredLogs = [];\n const noiseFilter = nf == null ? noise : nf;\n if (Array.isArray(logsObject.result)) {\n filteredLogs = logsObject.result.filter(\n (el) =>\n !noiseFilter.includes(el.payload.logger) &&\n !noiseFilter.includes(el.type) &&\n (levels[0] === 'ALL' || levels.includes(resolvePayloadLevel(el))) &&\n (typeof txid === 'undefined' ||\n txid === null ||\n el.payload.transactionId?.includes(txid))\n );\n }\n\n filteredLogs.forEach((e) => {\n printMessage(JSON.stringify(e.payload), 'data');\n });\n\n setTimeout(() => {\n tailLogs(source, levels, txid, logsObject.result.pagedResultsCookie, nf);\n }, 5000);\n return null;\n } catch (e) {\n printMessage(`tail ERROR: tail data error - ${e}`, 'error');\n return `tail ERROR: tail data error - ${e}`;\n }\n}\n\nexport async function provisionCreds() {\n try {\n let keyName = `frodo-${state.getUsername()}`;\n return getAPIKeys()\n .then((response) => {\n response.data.result.forEach((k) => {\n if (k.name === keyName) {\n // append current timestamp to name if the named key already exists\n keyName = `${keyName}-${getCurrentTimestamp()}`;\n }\n });\n return createAPIKeyAndSecret(keyName)\n .then((resp) => {\n if (resp.data.name !== keyName) {\n printMessage(\n `create keys ERROR: could not create log API key ${keyName}`,\n 'error'\n );\n return null;\n }\n printMessage(\n `Created a new log API key [${keyName}] in ${state.getHost()}`\n );\n return resp.data;\n })\n .catch((error) => {\n printMessage(\n `create keys ERROR: create keys call returned ${error}`,\n 'error'\n );\n return null;\n });\n })\n .catch((error) => {\n printMessage(\n `get keys ERROR: get keys call returned ${error}`,\n 'error'\n );\n });\n } catch (e) {\n printMessage(`create keys ERROR: create keys data error - ${e}`, 'error');\n return null;\n }\n}\n\nexport async function fetchLogs(\n source,\n startTs,\n endTs,\n levels,\n txid,\n ffString,\n cookie,\n nf\n) {\n try {\n // console.log(`startTs: ${startTs} endTs : ${endTs}`);\n const response = await LogApi.fetch(source, startTs, endTs, cookie);\n if (response.status < 200 || response.status > 399) {\n printMessage(\n `fetch ERROR: fetch call returned ${response.status}`,\n 'error'\n );\n return null;\n }\n const logsObject = response.data;\n let filteredLogs = [];\n const noiseFilter = nf == null ? noise : nf;\n if (Array.isArray(logsObject.result)) {\n filteredLogs = logsObject.result.filter(\n (el) =>\n !noiseFilter.includes(el.payload.logger) &&\n !noiseFilter.includes(el.type) &&\n (levels[0] === 'ALL' || levels.includes(resolvePayloadLevel(el))) &&\n (typeof txid === 'undefined' ||\n txid === null ||\n el.payload.transactionId?.includes(txid))\n );\n }\n\n filteredLogs.forEach((e) => {\n const log = JSON.stringify(e, null, 2);\n if (ffString) {\n if (log.includes(ffString)) {\n printMessage(log, 'data');\n }\n } else {\n printMessage(log, 'data');\n }\n });\n if (logsObject.pagedResultsCookie != null) {\n await fetchLogs(\n source,\n startTs,\n endTs,\n levels,\n txid,\n ffString,\n logsObject.pagedResultsCookie,\n nf\n );\n }\n return null;\n } catch (e) {\n printMessage(`fetch ERROR: fetch data error - ${e}`, 'error');\n return `fetch ERROR: fetch data error - ${e}`;\n }\n}\n"],"mappings":";;;;;;;;;;;;AAAA;AACA;AACA;AAMA;AAA4C;AAAA;AAAA;AAAA;AAI5C;AACA,IAAMA,iBAAiB,GAAG,CACxB,YAAY,CAAE;AAAA,CACf;;AAED,IAAMC,SAAS,GAAG,CAChB,oEAAoE,EACpE,2CAA2C,EAC3C,iDAAiD,EACjD,0CAA0C,EAC1C,gDAAgD,EAChD,6CAA6C,EAC7C,wDAAwD,EACxD,yDAAyD,EACzD,gEAAgE,EAChE,2DAA2D,EAC3D,wDAAwD,EACxD,mDAAmD,EACnD,iEAAiE,EACjE,yDAAyD,EACzD,wDAAwD,EACxD,2DAA2D,EAC3D,+CAA+C,EAC/C,mDAAmD,EACnD,8DAA8D,EAC9D,oDAAoD,EACpD,mDAAmD,EACnD,qDAAqD,EACrD,kDAAkD,EAClD,kDAAkD,EAClD,gDAAgD,EAChD,4CAA4C,EAC5C,kCAAkC,EAClC,4CAA4C,EAC5C,wCAAwC,EACxC,oCAAoC,EACpC,sCAAsC,EACtC,8BAA8B,EAC9B,uCAAuC,EACvC,8CAA8C,EAC9C,8BAA8B,EAC9B,8BAA8B,EAC9B,sCAAsC,EACtC,QAAQ,EACR,kDAAkD,EAClD,8DAA8D,EAC9D,yDAAyD,EACzD,oDAAoD,EACpD,gDAAgD,EAChD,gEAAgE,EAChE,mEAAmE,EACnE,sCAAsC,EACtC,uDAAuD,EACvD,gEAAgE,EAChE,iEAAiE,EACjE,qDAAqD,EACrD,6CAA6C,EAC7C,0DAA0D,EAC1D,qEAAqE,EACrE,sDAAsD,EACtD,sCAAsC,EACtC,iDAAiD,EACjD,gDAAgD,EAChD,wDAAwD,EACxD,kEAAkE,EAClE,2DAA2D,EAC3D,+CAA+C,EAC/C,sCAAsC,EACtC,oDAAoD,EACpD,qDAAqD,EACrD,gDAAgD,EAChD,gEAAgE,EAChE,gEAAgE,EAChE,8DAA8D,EAC9D,2DAA2D,EAC3D,iEAAiE,EACjE,2EAA2E,EAC3E,sDAAsD,EACtD,yDAAyD,EACzD,wCAAwC,EACxC,gDAAgD,EAChD,wCAAwC,EACxC,oDAAoD,EACpD,oEAAoE,EACpE,uCAAuC,CACxC;AAED,IAAMC,aAAa,GAAG,CACpB,yDAAyD,CAC1D;;AAED;AACA,IAAMC,QAAQ,GAAG,CACf,+CAA+C,EAC/C,uDAAuD,EACvD,uDAAuD,EACvD,yDAAyD,CAC1D;AAED,IAAMC,SAAS,GAAG,CAChB,+BAA+B,EAC/B,sEAAsE,EACtE,4CAA4C,EAC5C,qDAAqD,EACrD,sCAAsC,EACtC,gDAAgD,EAChD,kDAAkD,EAClD,yDAAyD,EACzD,yEAAyE,EACzE,8CAA8C,EAC9C,qEAAqE,EACrE,uDAAuD,EACvD,4CAA4C,EAC5C,+CAA+C,EAC/C,oDAAoD,EACpD,6CAA6C,EAC7C,4CAA4C,CAC7C;;AAED;AACA,IAAMC,IAAI,GAAG,CACX,+BAA+B,EAC/B,wCAAwC,EACxC,0CAA0C,EAC1C,8CAA8C,EAC9C,6CAA6C,CAC9C;AAED,IAAMC,KAAK,GAAGL,SAAS,CAACM,MAAM,CAACH,SAAS,CAAC,CAACG,MAAM,CAACL,aAAa,CAAC;AAE/D,IAAMM,cAAc,GAAG;EACrB,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC;EAC/B,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;EAChC,CAAC,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC;EAC1B,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC;EACvC,CAAC,EAAE,CAAC,KAAK;AACX,CAAC;AAED,IAAMC,WAAW,GAAG;EAClBC,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC;EACpCC,KAAK,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC;EACnCC,KAAK,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC;EACnCC,IAAI,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;EAC/DC,OAAO,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;EAClEC,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;EACjEC,IAAI,EAAE,CACJ,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,CACd;EACDC,WAAW,EAAE,CACX,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,CACd;EACDC,KAAK,EAAE,CACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,EACb,OAAO,EACP,MAAM,EACN,OAAO,EACP,QAAQ,CACT;EACDC,IAAI,EAAE,CACJ,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,EACb,OAAO,EACP,MAAM,EACN,OAAO,EACP,QAAQ,CACT;EACDC,KAAK,EAAE,CACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,EACb,OAAO,EACP,MAAM,EACN,OAAO,EACP,QAAQ,CACT;EACDC,MAAM,EAAE,CACN,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,EACb,OAAO,EACP,MAAM,EACN,OAAO,EACP,QAAQ,CACT;EACDC,GAAG,EAAE,CAAC,KAAK;AACb,CAAC;AAEM,SAASC,kBAAkB,GAAG;EACnC,OAAOjB,KAAK;AACd;AAEO,SAASkB,YAAY,CAACC,KAAK,EAAE;EAClC;EACA;EACA,IAAIC,MAAM,CAACC,KAAK,CAACC,QAAQ,CAACH,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE;IACrC,OAAOhB,WAAW,CAACgB,KAAK,CAAC;EAC3B;EACA,OAAOhB,WAAW,CAACD,cAAc,CAACiB,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9C;;AAEA;AACA;AACO,SAASI,mBAAmB,CAACC,GAAG,EAAE;EACvC,IAAI;IACF,OAAOA,GAAG,CAACC,IAAI,KAAK,YAAY,GAC5BD,GAAG,CAACE,OAAO,CAACP,KAAK,GACjBK,GAAG,CAACE,OAAO,CAACC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;EACvC,CAAC,CAAC,OAAOC,CAAC,EAAE;IACV;IACA,OAAO,IAAI;EACb;AACF;AAAC,SAEqBC,aAAa;EAAA;AAAA;AAAA;EAAA,mCAA5B,aAA+B;IACpC,IAAMC,OAAO,GAAG,EAAE;IAClB,MAAM,IAAAC,iBAAU,GAAE,CACfC,IAAI,CAAEC,QAAQ,IAAK;MAClBA,QAAQ,CAACC,IAAI,CAACC,MAAM,CAACC,OAAO,CAAEC,IAAI,IAAK;QACrCP,OAAO,CAACQ,IAAI,CAACD,IAAI,CAAC;MACpB,CAAC,CAAC;IACJ,CAAC,CAAC,CACDE,KAAK,CAAEC,KAAK,IAAK;MAChB,IAAAC,qBAAY,4DACyCD,KAAK,QACxD,OAAO,CACR;MACD,OAAO,EAAE;IACX,CAAC,CAAC;IACJ,OAAOV,OAAO;EAChB,CAAC;EAAA;AAAA;AAAA,SAEqBY,QAAQ;EAAA;AAAA;AAAA;EAAA,8BAAvB,WAAwBC,MAAM,EAAEC,MAAM,EAAEC,IAAI,EAAEC,MAAM,EAAEC,EAAE,EAAE;IAC/D,IAAI;MACF,IAAMd,QAAQ,SAASe,MAAM,CAACC,IAAI,CAACN,MAAM,EAAEG,MAAM,CAAC;MAClD,IAAIb,QAAQ,CAACiB,MAAM,GAAG,GAAG,IAAIjB,QAAQ,CAACiB,MAAM,GAAG,GAAG,EAAE;QAClD,IAAAT,qBAAY,2CACwBR,QAAQ,CAACiB,MAAM,GACjD,OAAO,CACR;QACD,OAAO,IAAI;MACb;MACA;MACA;MACA;MACA,IAAMC,UAAU,GAAGlB,QAAQ,CAACC,IAAI;MAChC,IAAIkB,YAAY,GAAG,EAAE;MACrB,IAAMC,WAAW,GAAGN,EAAE,IAAI,IAAI,GAAG/C,KAAK,GAAG+C,EAAE;MAC3C,IAAIO,KAAK,CAACC,OAAO,CAACJ,UAAU,CAAChB,MAAM,CAAC,EAAE;QACpCiB,YAAY,GAAGD,UAAU,CAAChB,MAAM,CAACqB,MAAM,CACpCC,EAAE;UAAA;UAAA,OACD,CAACJ,WAAW,CAACK,QAAQ,CAACD,EAAE,CAAC/B,OAAO,CAACiC,MAAM,CAAC,IACxC,CAACN,WAAW,CAACK,QAAQ,CAACD,EAAE,CAAChC,IAAI,CAAC,KAC7BmB,MAAM,CAAC,CAAC,CAAC,KAAK,KAAK,IAAIA,MAAM,CAACc,QAAQ,CAACnC,mBAAmB,CAACkC,EAAE,CAAC,CAAC,CAAC,KAChE,OAAOZ,IAAI,KAAK,WAAW,IAC1BA,IAAI,KAAK,IAAI,8BACbY,EAAE,CAAC/B,OAAO,CAACkC,aAAa,0DAAxB,sBAA0BF,QAAQ,CAACb,IAAI,CAAC,EAAC;QAAA,EAC9C;MACH;MAEAO,YAAY,CAAChB,OAAO,CAAER,CAAC,IAAK;QAC1B,IAAAa,qBAAY,EAACoB,IAAI,CAACC,SAAS,CAAClC,CAAC,CAACF,OAAO,CAAC,EAAE,MAAM,CAAC;MACjD,CAAC,CAAC;MAEFqC,UAAU,CAAC,MAAM;QACfrB,QAAQ,CAACC,MAAM,EAAEC,MAAM,EAAEC,IAAI,EAAEM,UAAU,CAAChB,MAAM,CAAC6B,kBAAkB,EAAEjB,EAAE,CAAC;MAC1E,CAAC,EAAE,IAAI,CAAC;MACR,OAAO,IAAI;IACb,CAAC,CAAC,OAAOnB,CAAC,EAAE;MACV,IAAAa,qBAAY,0CAAkCb,CAAC,GAAI,OAAO,CAAC;MAC3D,+CAAwCA,CAAC;IAC3C;EACF,CAAC;EAAA;AAAA;AAAA,SAEqBqC,cAAc;EAAA;AAAA;AAAA;EAAA,oCAA7B,aAAgC;IACrC,IAAI;MACF,IAAIC,OAAO,mBAAYC,KAAK,CAACC,WAAW,EAAE,CAAE;MAC5C,OAAO,IAAAC,iBAAU,GAAE,CAChBrC,IAAI,CAAEC,QAAQ,IAAK;QAClBA,QAAQ,CAACC,IAAI,CAACC,MAAM,CAACC,OAAO,CAAEkC,CAAC,IAAK;UAClC,IAAIA,CAAC,CAACC,IAAI,KAAKL,OAAO,EAAE;YACtB;YACAA,OAAO,aAAMA,OAAO,cAAI,IAAAM,sCAAmB,GAAE,CAAE;UACjD;QACF,CAAC,CAAC;QACF,OAAO,IAAAC,4BAAqB,EAACP,OAAO,CAAC,CAClClC,IAAI,CAAE0C,IAAI,IAAK;UACd,IAAIA,IAAI,CAACxC,IAAI,CAACqC,IAAI,KAAKL,OAAO,EAAE;YAC9B,IAAAzB,qBAAY,4DACyCyB,OAAO,GAC1D,OAAO,CACR;YACD,OAAO,IAAI;UACb;UACA,IAAAzB,qBAAY,uCACoByB,OAAO,kBAAQC,KAAK,CAACQ,OAAO,EAAE,EAC7D;UACD,OAAOD,IAAI,CAACxC,IAAI;QAClB,CAAC,CAAC,CACDK,KAAK,CAAEC,KAAK,IAAK;UAChB,IAAAC,qBAAY,yDACsCD,KAAK,GACrD,OAAO,CACR;UACD,OAAO,IAAI;QACb,CAAC,CAAC;MACN,CAAC,CAAC,CACDD,KAAK,CAAEC,KAAK,IAAK;QAChB,IAAAC,qBAAY,mDACgCD,KAAK,GAC/C,OAAO,CACR;MACH,CAAC,CAAC;IACN,CAAC,CAAC,OAAOZ,CAAC,EAAE;MACV,IAAAa,qBAAY,wDAAgDb,CAAC,GAAI,OAAO,CAAC;MACzE,OAAO,IAAI;IACb;EACF,CAAC;EAAA;AAAA;AAAA,SAEqBgD,SAAS;EAAA;AAAA;AAAA;EAAA,+BAAxB,WACLjC,MAAM,EACNkC,OAAO,EACPC,KAAK,EACLlC,MAAM,EACNC,IAAI,EACJkC,QAAQ,EACRjC,MAAM,EACNC,EAAE,EACF;IACA,IAAI;MACF;MACA,IAAMd,QAAQ,SAASe,MAAM,CAACgC,KAAK,CAACrC,MAAM,EAAEkC,OAAO,EAAEC,KAAK,EAAEhC,MAAM,CAAC;MACnE,IAAIb,QAAQ,CAACiB,MAAM,GAAG,GAAG,IAAIjB,QAAQ,CAACiB,MAAM,GAAG,GAAG,EAAE;QAClD,IAAAT,qBAAY,6CAC0BR,QAAQ,CAACiB,MAAM,GACnD,OAAO,CACR;QACD,OAAO,IAAI;MACb;MACA,IAAMC,UAAU,GAAGlB,QAAQ,CAACC,IAAI;MAChC,IAAIkB,YAAY,GAAG,EAAE;MACrB,IAAMC,WAAW,GAAGN,EAAE,IAAI,IAAI,GAAG/C,KAAK,GAAG+C,EAAE;MAC3C,IAAIO,KAAK,CAACC,OAAO,CAACJ,UAAU,CAAChB,MAAM,CAAC,EAAE;QACpCiB,YAAY,GAAGD,UAAU,CAAChB,MAAM,CAACqB,MAAM,CACpCC,EAAE;UAAA;UAAA,OACD,CAACJ,WAAW,CAACK,QAAQ,CAACD,EAAE,CAAC/B,OAAO,CAACiC,MAAM,CAAC,IACxC,CAACN,WAAW,CAACK,QAAQ,CAACD,EAAE,CAAChC,IAAI,CAAC,KAC7BmB,MAAM,CAAC,CAAC,CAAC,KAAK,KAAK,IAAIA,MAAM,CAACc,QAAQ,CAACnC,mBAAmB,CAACkC,EAAE,CAAC,CAAC,CAAC,KAChE,OAAOZ,IAAI,KAAK,WAAW,IAC1BA,IAAI,KAAK,IAAI,+BACbY,EAAE,CAAC/B,OAAO,CAACkC,aAAa,2DAAxB,uBAA0BF,QAAQ,CAACb,IAAI,CAAC,EAAC;QAAA,EAC9C;MACH;MAEAO,YAAY,CAAChB,OAAO,CAAER,CAAC,IAAK;QAC1B,IAAMJ,GAAG,GAAGqC,IAAI,CAACC,SAAS,CAAClC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,IAAImD,QAAQ,EAAE;UACZ,IAAIvD,GAAG,CAACkC,QAAQ,CAACqB,QAAQ,CAAC,EAAE;YAC1B,IAAAtC,qBAAY,EAACjB,GAAG,EAAE,MAAM,CAAC;UAC3B;QACF,CAAC,MAAM;UACL,IAAAiB,qBAAY,EAACjB,GAAG,EAAE,MAAM,CAAC;QAC3B;MACF,CAAC,CAAC;MACF,IAAI2B,UAAU,CAACa,kBAAkB,IAAI,IAAI,EAAE;QACzC,MAAMY,SAAS,CACbjC,MAAM,EACNkC,OAAO,EACPC,KAAK,EACLlC,MAAM,EACNC,IAAI,EACJkC,QAAQ,EACR5B,UAAU,CAACa,kBAAkB,EAC7BjB,EAAE,CACH;MACH;MACA,OAAO,IAAI;IACb,CAAC,CAAC,OAAOnB,CAAC,EAAE;MACV,IAAAa,qBAAY,4CAAoCb,CAAC,GAAI,OAAO,CAAC;MAC7D,iDAA0CA,CAAC;IAC7C;EACF,CAAC;EAAA;AAAA"}
1
+ {"version":3,"file":"LogOps.js","names":["unfilterableNoise","miscNoise","journeysNoise","journeys","samlNoise","saml","noise","concat","numLogLevelMap","logLevelMap","SEVERE","ERROR","FATAL","WARN","WARNING","CONFIG","INFO","INFORMATION","DEBUG","FINE","FINER","FINEST","ALL","defaultNoiseFilter","resolveLevel","level","Number","isNaN","parseInt","resolvePayloadLevel","log","type","payload","match","e","getLogSources","sources","getSources","then","response","data","result","forEach","item","push","catch","error","printMessage","tailLogs","source","levels","txid","cookie","nf","LogApi","tail","status","logsObject","filteredLogs","noiseFilter","Array","isArray","filter","el","includes","logger","transactionId","JSON","stringify","setTimeout","pagedResultsCookie","provisionCreds","keyName","state","getUsername","getAPIKeys","k","name","getCurrentTimestamp","resp","createAPIKeyAndSecret","verboseMessage","getHost","fetchLogs","startTs","endTs","ffString","fetch"],"sources":["ops/cloud/LogOps.ts"],"sourcesContent":["import { printMessage, verboseMessage } from '../utils/Console';\nimport { getCurrentTimestamp } from '../utils/ExportImportUtils';\nimport {\n createAPIKeyAndSecret,\n getAPIKeys,\n getSources,\n} from '../../api/cloud/LogApi';\n\nimport * as state from '../../shared/State';\n\nimport * as LogApi from '../../api/cloud/LogApi';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst unfilterableNoise = [\n 'text/plain', // Unfortunately, it is impossible to filter out those without excluding IDM script logging as well\n];\n\nconst miscNoise = [\n 'com.iplanet.dpro.session.operations.ServerSessionOperationStrategy',\n 'com.iplanet.dpro.session.SessionIDFactory',\n 'com.iplanet.dpro.session.share.SessionEncodeURL',\n 'com.iplanet.services.naming.WebtopNaming',\n 'com.iplanet.sso.providers.dpro.SSOProviderImpl',\n 'com.sun.identity.authentication.AuthContext',\n 'com.sun.identity.authentication.client.AuthClientUtils',\n 'com.sun.identity.authentication.config.AMAuthConfigType',\n 'com.sun.identity.authentication.config.AMAuthenticationManager',\n 'com.sun.identity.authentication.config.AMAuthLevelManager',\n 'com.sun.identity.authentication.config.AMConfiguration',\n 'com.sun.identity.authentication.jaas.LoginContext',\n 'com.sun.identity.authentication.modules.application.Application',\n 'com.sun.identity.authentication.server.AuthContextLocal',\n 'com.sun.identity.authentication.service.AMLoginContext',\n 'com.sun.identity.authentication.service.AuthContextLookup',\n 'com.sun.identity.authentication.service.AuthD',\n 'com.sun.identity.authentication.service.AuthUtils',\n 'com.sun.identity.authentication.service.DSAMECallbackHandler',\n 'com.sun.identity.authentication.service.LoginState',\n 'com.sun.identity.authentication.spi.AMLoginModule',\n 'com.sun.identity.delegation.DelegationEvaluatorImpl',\n 'com.sun.identity.idm.plugins.internal.AgentsRepo',\n 'com.sun.identity.idm.server.IdCachedServicesImpl',\n 'com.sun.identity.idm.server.IdRepoPluginsCache',\n 'com.sun.identity.idm.server.IdServicesImpl',\n 'com.sun.identity.log.spi.ISDebug',\n 'com.sun.identity.shared.encode.CookieUtils',\n 'com.sun.identity.sm.ldap.SMSLdapObject',\n 'com.sun.identity.sm.CachedSMSEntry',\n 'com.sun.identity.sm.CachedSubEntries',\n 'com.sun.identity.sm.DNMapper',\n 'com.sun.identity.sm.ServiceConfigImpl',\n 'com.sun.identity.sm.ServiceConfigManagerImpl',\n 'com.sun.identity.sm.SMSEntry',\n 'com.sun.identity.sm.SMSUtils',\n 'com.sun.identity.sm.SmsWrapperObject',\n 'oauth2',\n 'org.apache.http.client.protocol.RequestAuthCache',\n 'org.apache.http.impl.conn.PoolingHttpClientConnectionManager',\n 'org.apache.http.impl.nio.client.InternalHttpAsyncClient',\n 'org.apache.http.impl.nio.client.InternalIODispatch',\n 'org.apache.http.impl.nio.client.MainClientExec',\n 'org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl',\n 'org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager',\n 'org.forgerock.audit.AuditServiceImpl',\n 'org.forgerock.oauth2.core.RealmOAuth2ProviderSettings',\n 'org.forgerock.openam.authentication.service.JAASModuleDetector',\n 'org.forgerock.openam.authentication.service.LoginContextFactory',\n 'org.forgerock.openam.blacklist.BloomFilterBlacklist',\n 'org.forgerock.openam.blacklist.CTSBlacklist',\n 'org.forgerock.openam.core.realms.impl.CachingRealmLookup',\n 'org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerManager',\n 'org.forgerock.openam.core.rest.authn.trees.AuthTrees',\n 'org.forgerock.openam.cors.CorsFilter',\n 'org.forgerock.openam.cts.CTSPersistentStoreImpl',\n 'org.forgerock.openam.cts.impl.CoreTokenAdapter',\n 'org.forgerock.openam.cts.impl.queue.AsyncResultHandler',\n 'org.forgerock.openam.cts.reaper.ReaperDeleteOnQueryResultHandler',\n 'org.forgerock.openam.headers.DisableSameSiteCookiesFilter',\n 'org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo',\n 'org.forgerock.openam.rest.CsrfFilter',\n 'org.forgerock.openam.rest.restAuthenticationFilter',\n 'org.forgerock.openam.rest.fluent.CrestLoggingFilter',\n 'org.forgerock.openam.session.cts.CtsOperations',\n 'org.forgerock.openam.session.stateless.StatelessSessionManager',\n 'org.forgerock.openam.sm.datalayer.impl.ldap.ExternalLdapConfig',\n 'org.forgerock.openam.sm.datalayer.impl.ldap.LdapQueryBuilder',\n 'org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutor',\n 'org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutorThread',\n 'org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider',\n 'org.forgerock.openam.sm.file.ConfigFileSystemHandler',\n 'org.forgerock.openam.social.idp.SocialIdentityProviders',\n 'org.forgerock.openam.utils.ClientUtils',\n 'org.forgerock.opendj.ldap.CachedConnectionPool',\n 'org.forgerock.opendj.ldap.LoadBalancer',\n 'org.forgerock.secrets.keystore.KeyStoreSecretStore',\n 'org.forgerock.secrets.propertyresolver.PropertyResolverSecretStore',\n 'org.forgerock.secrets.SecretsProvider',\n];\n\nconst journeysNoise = [\n 'org.forgerock.openam.auth.trees.engine.AuthTreeExecutor',\n];\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst journeys = [\n 'org.forgerock.openam.auth.nodes.SelectIdPNode',\n 'org.forgerock.openam.auth.nodes.ValidatedPasswordNode',\n 'org.forgerock.openam.auth.nodes.ValidatedUsernameNode',\n 'org.forgerock.openam.auth.trees.engine.AuthTreeExecutor',\n];\n\nconst samlNoise = [\n 'com.sun.identity.cot.COTCache',\n 'com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl',\n 'com.sun.identity.saml2.meta.SAML2MetaCache',\n 'com.sun.identity.saml2.profile.CacheCleanUpRunnable',\n 'org.apache.xml.security.keys.KeyInfo',\n 'org.apache.xml.security.signature.XMLSignature',\n 'org.apache.xml.security.utils.SignerOutputStream',\n 'org.apache.xml.security.utils.resolver.ResourceResolver',\n 'org.apache.xml.security.utils.resolver.implementations.ResolverFragment',\n 'org.apache.xml.security.algorithms.JCEMapper',\n 'org.apache.xml.security.algorithms.implementations.SignatureBaseRSA',\n 'org.apache.xml.security.algorithms.SignatureAlgorithm',\n 'org.apache.xml.security.utils.ElementProxy',\n 'org.apache.xml.security.transforms.Transforms',\n 'org.apache.xml.security.utils.DigesterOutputStream',\n 'org.apache.xml.security.signature.Reference',\n 'org.apache.xml.security.signature.Manifest',\n];\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst saml = [\n 'jsp.saml2.spAssertionConsumer',\n 'com.sun.identity.saml.common.SAMLUtils',\n 'com.sun.identity.saml2.common.SAML2Utils',\n 'com.sun.identity.saml2.meta.SAML2MetaManager',\n 'com.sun.identity.saml2.xmlsig.FMSigProvider',\n];\n\nconst noise = miscNoise.concat(samlNoise).concat(journeysNoise);\n\nconst numLogLevelMap = {\n 0: ['SEVERE', 'ERROR', 'FATAL'],\n 1: ['WARNING', 'WARN', 'CONFIG'],\n 2: ['INFO', 'INFORMATION'],\n 3: ['DEBUG', 'FINE', 'FINER', 'FINEST'],\n 4: ['ALL'],\n};\n\nconst logLevelMap = {\n SEVERE: ['SEVERE', 'ERROR', 'FATAL'],\n ERROR: ['SEVERE', 'ERROR', 'FATAL'],\n FATAL: ['SEVERE', 'ERROR', 'FATAL'],\n WARN: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n WARNING: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n CONFIG: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n INFO: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n ],\n INFORMATION: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n ],\n DEBUG: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINE: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINER: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINEST: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n ALL: ['ALL'],\n};\n\nexport function defaultNoiseFilter() {\n return noise;\n}\n\nexport function resolveLevel(level) {\n // const levels = ['FATAL', 'ERROR', 'WARN', 'INFO', 'DEBUG', 'TRACE', 'ALL'];\n // levels.splice(levels.indexOf(levelName) + 1, levels.length);\n if (Number.isNaN(parseInt(level, 10))) {\n return logLevelMap[level];\n }\n return logLevelMap[numLogLevelMap[level][0]];\n}\n\n// It seems that the undesirable 'text/plain' logs start with a date, not a LEVEL\n// Therefore, for those, this function returns null, and thus filters out the undesirable\nexport function resolvePayloadLevel(log) {\n try {\n return log.type !== 'text/plain'\n ? log.payload.level\n : log.payload.match(/^([^:]*):/)[1];\n } catch (e) {\n // Fail-safe for no group match\n return null;\n }\n}\n\nexport async function getLogSources() {\n const sources = [];\n await getSources()\n .then((response) => {\n response.data.result.forEach((item) => {\n sources.push(item);\n });\n })\n .catch((error) => {\n printMessage(\n `getSources ERROR: get log sources call returned ${error}}`,\n 'error'\n );\n return [];\n });\n return sources;\n}\n\nexport async function tailLogs(source, levels, txid, cookie, nf) {\n try {\n const response = await LogApi.tail(source, cookie);\n if (response.status < 200 || response.status > 399) {\n printMessage(\n `tail ERROR: tail call returned ${response.status}`,\n 'error'\n );\n return null;\n }\n // if (!cookie) {\n // await saveConnection();\n // }\n const logsObject = response.data;\n let filteredLogs = [];\n const noiseFilter = nf == null ? noise : nf;\n if (Array.isArray(logsObject.result)) {\n filteredLogs = logsObject.result.filter(\n (el) =>\n !noiseFilter.includes(el.payload.logger) &&\n !noiseFilter.includes(el.type) &&\n (levels[0] === 'ALL' || levels.includes(resolvePayloadLevel(el))) &&\n (typeof txid === 'undefined' ||\n txid === null ||\n el.payload.transactionId?.includes(txid))\n );\n }\n\n filteredLogs.forEach((e) => {\n printMessage(JSON.stringify(e.payload), 'data');\n });\n\n setTimeout(() => {\n tailLogs(source, levels, txid, logsObject.result.pagedResultsCookie, nf);\n }, 5000);\n return null;\n } catch (e) {\n printMessage(`tail ERROR: tail data error - ${e}`, 'error');\n return `tail ERROR: tail data error - ${e}`;\n }\n}\n\nexport async function provisionCreds() {\n try {\n let keyName = `frodo-${state.getUsername()}`;\n try {\n const response = await getAPIKeys();\n for (const k of response.result) {\n if (k.name === keyName) {\n // append current timestamp to name if the named key already exists\n keyName = `${keyName}-${getCurrentTimestamp()}`;\n }\n }\n try {\n const resp = await createAPIKeyAndSecret(keyName);\n if (resp.data.name !== keyName) {\n printMessage(\n `create keys ERROR: could not create log API key ${keyName}`,\n 'error'\n );\n return null;\n }\n verboseMessage(\n `Created a new log API key [${keyName}] in ${state.getHost()}`\n );\n return resp.data;\n } catch (error) {\n printMessage(\n `create keys ERROR: create keys call returned ${error}`,\n 'error'\n );\n return null;\n }\n } catch (error) {\n printMessage(`get keys ERROR: get keys call returned ${error}`, 'error');\n }\n } catch (e) {\n printMessage(`create keys ERROR: create keys data error - ${e}`, 'error');\n return null;\n }\n}\n\nexport async function fetchLogs(\n source,\n startTs,\n endTs,\n levels,\n txid,\n ffString,\n cookie,\n nf\n) {\n try {\n // console.log(`startTs: ${startTs} endTs : ${endTs}`);\n const response = await LogApi.fetch(source, startTs, endTs, cookie);\n if (response.status < 200 || response.status > 399) {\n printMessage(\n `fetch ERROR: fetch call returned ${response.status}`,\n 'error'\n );\n return null;\n }\n const logsObject = response.data;\n let filteredLogs = [];\n const noiseFilter = nf == null ? noise : nf;\n if (Array.isArray(logsObject.result)) {\n filteredLogs = logsObject.result.filter(\n (el) =>\n !noiseFilter.includes(el.payload.logger) &&\n !noiseFilter.includes(el.type) &&\n (levels[0] === 'ALL' || levels.includes(resolvePayloadLevel(el))) &&\n (typeof txid === 'undefined' ||\n txid === null ||\n el.payload.transactionId?.includes(txid))\n );\n }\n\n filteredLogs.forEach((e) => {\n const log = JSON.stringify(e, null, 2);\n if (ffString) {\n if (log.includes(ffString)) {\n printMessage(log, 'data');\n }\n } else {\n printMessage(log, 'data');\n }\n });\n if (logsObject.pagedResultsCookie != null) {\n await fetchLogs(\n source,\n startTs,\n endTs,\n levels,\n txid,\n ffString,\n logsObject.pagedResultsCookie,\n nf\n );\n }\n return null;\n } catch (e) {\n printMessage(`fetch ERROR: fetch data error - ${e}`, 'error');\n return `fetch ERROR: fetch data error - ${e}`;\n }\n}\n"],"mappings":";;;;;;;;;;;;AAAA;AACA;AACA;AAMA;AAA4C;AAAA;AAAA;AAAA;AAI5C;AACA,IAAMA,iBAAiB,GAAG,CACxB,YAAY,CAAE;AAAA,CACf;;AAED,IAAMC,SAAS,GAAG,CAChB,oEAAoE,EACpE,2CAA2C,EAC3C,iDAAiD,EACjD,0CAA0C,EAC1C,gDAAgD,EAChD,6CAA6C,EAC7C,wDAAwD,EACxD,yDAAyD,EACzD,gEAAgE,EAChE,2DAA2D,EAC3D,wDAAwD,EACxD,mDAAmD,EACnD,iEAAiE,EACjE,yDAAyD,EACzD,wDAAwD,EACxD,2DAA2D,EAC3D,+CAA+C,EAC/C,mDAAmD,EACnD,8DAA8D,EAC9D,oDAAoD,EACpD,mDAAmD,EACnD,qDAAqD,EACrD,kDAAkD,EAClD,kDAAkD,EAClD,gDAAgD,EAChD,4CAA4C,EAC5C,kCAAkC,EAClC,4CAA4C,EAC5C,wCAAwC,EACxC,oCAAoC,EACpC,sCAAsC,EACtC,8BAA8B,EAC9B,uCAAuC,EACvC,8CAA8C,EAC9C,8BAA8B,EAC9B,8BAA8B,EAC9B,sCAAsC,EACtC,QAAQ,EACR,kDAAkD,EAClD,8DAA8D,EAC9D,yDAAyD,EACzD,oDAAoD,EACpD,gDAAgD,EAChD,gEAAgE,EAChE,mEAAmE,EACnE,sCAAsC,EACtC,uDAAuD,EACvD,gEAAgE,EAChE,iEAAiE,EACjE,qDAAqD,EACrD,6CAA6C,EAC7C,0DAA0D,EAC1D,qEAAqE,EACrE,sDAAsD,EACtD,sCAAsC,EACtC,iDAAiD,EACjD,gDAAgD,EAChD,wDAAwD,EACxD,kEAAkE,EAClE,2DAA2D,EAC3D,+CAA+C,EAC/C,sCAAsC,EACtC,oDAAoD,EACpD,qDAAqD,EACrD,gDAAgD,EAChD,gEAAgE,EAChE,gEAAgE,EAChE,8DAA8D,EAC9D,2DAA2D,EAC3D,iEAAiE,EACjE,2EAA2E,EAC3E,sDAAsD,EACtD,yDAAyD,EACzD,wCAAwC,EACxC,gDAAgD,EAChD,wCAAwC,EACxC,oDAAoD,EACpD,oEAAoE,EACpE,uCAAuC,CACxC;AAED,IAAMC,aAAa,GAAG,CACpB,yDAAyD,CAC1D;;AAED;AACA,IAAMC,QAAQ,GAAG,CACf,+CAA+C,EAC/C,uDAAuD,EACvD,uDAAuD,EACvD,yDAAyD,CAC1D;AAED,IAAMC,SAAS,GAAG,CAChB,+BAA+B,EAC/B,sEAAsE,EACtE,4CAA4C,EAC5C,qDAAqD,EACrD,sCAAsC,EACtC,gDAAgD,EAChD,kDAAkD,EAClD,yDAAyD,EACzD,yEAAyE,EACzE,8CAA8C,EAC9C,qEAAqE,EACrE,uDAAuD,EACvD,4CAA4C,EAC5C,+CAA+C,EAC/C,oDAAoD,EACpD,6CAA6C,EAC7C,4CAA4C,CAC7C;;AAED;AACA,IAAMC,IAAI,GAAG,CACX,+BAA+B,EAC/B,wCAAwC,EACxC,0CAA0C,EAC1C,8CAA8C,EAC9C,6CAA6C,CAC9C;AAED,IAAMC,KAAK,GAAGL,SAAS,CAACM,MAAM,CAACH,SAAS,CAAC,CAACG,MAAM,CAACL,aAAa,CAAC;AAE/D,IAAMM,cAAc,GAAG;EACrB,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC;EAC/B,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;EAChC,CAAC,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC;EAC1B,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC;EACvC,CAAC,EAAE,CAAC,KAAK;AACX,CAAC;AAED,IAAMC,WAAW,GAAG;EAClBC,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC;EACpCC,KAAK,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC;EACnCC,KAAK,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC;EACnCC,IAAI,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;EAC/DC,OAAO,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;EAClEC,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC;EACjEC,IAAI,EAAE,CACJ,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,CACd;EACDC,WAAW,EAAE,CACX,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,CACd;EACDC,KAAK,EAAE,CACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,EACb,OAAO,EACP,MAAM,EACN,OAAO,EACP,QAAQ,CACT;EACDC,IAAI,EAAE,CACJ,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,EACb,OAAO,EACP,MAAM,EACN,OAAO,EACP,QAAQ,CACT;EACDC,KAAK,EAAE,CACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,EACb,OAAO,EACP,MAAM,EACN,OAAO,EACP,QAAQ,CACT;EACDC,MAAM,EAAE,CACN,QAAQ,EACR,OAAO,EACP,OAAO,EACP,SAAS,EACT,MAAM,EACN,QAAQ,EACR,MAAM,EACN,aAAa,EACb,OAAO,EACP,MAAM,EACN,OAAO,EACP,QAAQ,CACT;EACDC,GAAG,EAAE,CAAC,KAAK;AACb,CAAC;AAEM,SAASC,kBAAkB,GAAG;EACnC,OAAOjB,KAAK;AACd;AAEO,SAASkB,YAAY,CAACC,KAAK,EAAE;EAClC;EACA;EACA,IAAIC,MAAM,CAACC,KAAK,CAACC,QAAQ,CAACH,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE;IACrC,OAAOhB,WAAW,CAACgB,KAAK,CAAC;EAC3B;EACA,OAAOhB,WAAW,CAACD,cAAc,CAACiB,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9C;;AAEA;AACA;AACO,SAASI,mBAAmB,CAACC,GAAG,EAAE;EACvC,IAAI;IACF,OAAOA,GAAG,CAACC,IAAI,KAAK,YAAY,GAC5BD,GAAG,CAACE,OAAO,CAACP,KAAK,GACjBK,GAAG,CAACE,OAAO,CAACC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;EACvC,CAAC,CAAC,OAAOC,CAAC,EAAE;IACV;IACA,OAAO,IAAI;EACb;AACF;AAAC,SAEqBC,aAAa;EAAA;AAAA;AAAA;EAAA,mCAA5B,aAA+B;IACpC,IAAMC,OAAO,GAAG,EAAE;IAClB,MAAM,IAAAC,iBAAU,GAAE,CACfC,IAAI,CAAEC,QAAQ,IAAK;MAClBA,QAAQ,CAACC,IAAI,CAACC,MAAM,CAACC,OAAO,CAAEC,IAAI,IAAK;QACrCP,OAAO,CAACQ,IAAI,CAACD,IAAI,CAAC;MACpB,CAAC,CAAC;IACJ,CAAC,CAAC,CACDE,KAAK,CAAEC,KAAK,IAAK;MAChB,IAAAC,qBAAY,4DACyCD,KAAK,QACxD,OAAO,CACR;MACD,OAAO,EAAE;IACX,CAAC,CAAC;IACJ,OAAOV,OAAO;EAChB,CAAC;EAAA;AAAA;AAAA,SAEqBY,QAAQ;EAAA;AAAA;AAAA;EAAA,8BAAvB,WAAwBC,MAAM,EAAEC,MAAM,EAAEC,IAAI,EAAEC,MAAM,EAAEC,EAAE,EAAE;IAC/D,IAAI;MACF,IAAMd,QAAQ,SAASe,MAAM,CAACC,IAAI,CAACN,MAAM,EAAEG,MAAM,CAAC;MAClD,IAAIb,QAAQ,CAACiB,MAAM,GAAG,GAAG,IAAIjB,QAAQ,CAACiB,MAAM,GAAG,GAAG,EAAE;QAClD,IAAAT,qBAAY,2CACwBR,QAAQ,CAACiB,MAAM,GACjD,OAAO,CACR;QACD,OAAO,IAAI;MACb;MACA;MACA;MACA;MACA,IAAMC,UAAU,GAAGlB,QAAQ,CAACC,IAAI;MAChC,IAAIkB,YAAY,GAAG,EAAE;MACrB,IAAMC,WAAW,GAAGN,EAAE,IAAI,IAAI,GAAG/C,KAAK,GAAG+C,EAAE;MAC3C,IAAIO,KAAK,CAACC,OAAO,CAACJ,UAAU,CAAChB,MAAM,CAAC,EAAE;QACpCiB,YAAY,GAAGD,UAAU,CAAChB,MAAM,CAACqB,MAAM,CACpCC,EAAE;UAAA;UAAA,OACD,CAACJ,WAAW,CAACK,QAAQ,CAACD,EAAE,CAAC/B,OAAO,CAACiC,MAAM,CAAC,IACxC,CAACN,WAAW,CAACK,QAAQ,CAACD,EAAE,CAAChC,IAAI,CAAC,KAC7BmB,MAAM,CAAC,CAAC,CAAC,KAAK,KAAK,IAAIA,MAAM,CAACc,QAAQ,CAACnC,mBAAmB,CAACkC,EAAE,CAAC,CAAC,CAAC,KAChE,OAAOZ,IAAI,KAAK,WAAW,IAC1BA,IAAI,KAAK,IAAI,8BACbY,EAAE,CAAC/B,OAAO,CAACkC,aAAa,0DAAxB,sBAA0BF,QAAQ,CAACb,IAAI,CAAC,EAAC;QAAA,EAC9C;MACH;MAEAO,YAAY,CAAChB,OAAO,CAAER,CAAC,IAAK;QAC1B,IAAAa,qBAAY,EAACoB,IAAI,CAACC,SAAS,CAAClC,CAAC,CAACF,OAAO,CAAC,EAAE,MAAM,CAAC;MACjD,CAAC,CAAC;MAEFqC,UAAU,CAAC,MAAM;QACfrB,QAAQ,CAACC,MAAM,EAAEC,MAAM,EAAEC,IAAI,EAAEM,UAAU,CAAChB,MAAM,CAAC6B,kBAAkB,EAAEjB,EAAE,CAAC;MAC1E,CAAC,EAAE,IAAI,CAAC;MACR,OAAO,IAAI;IACb,CAAC,CAAC,OAAOnB,CAAC,EAAE;MACV,IAAAa,qBAAY,0CAAkCb,CAAC,GAAI,OAAO,CAAC;MAC3D,+CAAwCA,CAAC;IAC3C;EACF,CAAC;EAAA;AAAA;AAAA,SAEqBqC,cAAc;EAAA;AAAA;AAAA;EAAA,oCAA7B,aAAgC;IACrC,IAAI;MACF,IAAIC,OAAO,mBAAYC,KAAK,CAACC,WAAW,EAAE,CAAE;MAC5C,IAAI;QACF,IAAMnC,QAAQ,SAAS,IAAAoC,iBAAU,GAAE;QACnC,KAAK,IAAMC,CAAC,IAAIrC,QAAQ,CAACE,MAAM,EAAE;UAC/B,IAAImC,CAAC,CAACC,IAAI,KAAKL,OAAO,EAAE;YACtB;YACAA,OAAO,aAAMA,OAAO,cAAI,IAAAM,sCAAmB,GAAE,CAAE;UACjD;QACF;QACA,IAAI;UACF,IAAMC,IAAI,SAAS,IAAAC,4BAAqB,EAACR,OAAO,CAAC;UACjD,IAAIO,IAAI,CAACvC,IAAI,CAACqC,IAAI,KAAKL,OAAO,EAAE;YAC9B,IAAAzB,qBAAY,4DACyCyB,OAAO,GAC1D,OAAO,CACR;YACD,OAAO,IAAI;UACb;UACA,IAAAS,uBAAc,uCACkBT,OAAO,kBAAQC,KAAK,CAACS,OAAO,EAAE,EAC7D;UACD,OAAOH,IAAI,CAACvC,IAAI;QAClB,CAAC,CAAC,OAAOM,KAAK,EAAE;UACd,IAAAC,qBAAY,yDACsCD,KAAK,GACrD,OAAO,CACR;UACD,OAAO,IAAI;QACb;MACF,CAAC,CAAC,OAAOA,KAAK,EAAE;QACd,IAAAC,qBAAY,mDAA2CD,KAAK,GAAI,OAAO,CAAC;MAC1E;IACF,CAAC,CAAC,OAAOZ,CAAC,EAAE;MACV,IAAAa,qBAAY,wDAAgDb,CAAC,GAAI,OAAO,CAAC;MACzE,OAAO,IAAI;IACb;EACF,CAAC;EAAA;AAAA;AAAA,SAEqBiD,SAAS;EAAA;AAAA;AAAA;EAAA,+BAAxB,WACLlC,MAAM,EACNmC,OAAO,EACPC,KAAK,EACLnC,MAAM,EACNC,IAAI,EACJmC,QAAQ,EACRlC,MAAM,EACNC,EAAE,EACF;IACA,IAAI;MACF;MACA,IAAMd,QAAQ,SAASe,MAAM,CAACiC,KAAK,CAACtC,MAAM,EAAEmC,OAAO,EAAEC,KAAK,EAAEjC,MAAM,CAAC;MACnE,IAAIb,QAAQ,CAACiB,MAAM,GAAG,GAAG,IAAIjB,QAAQ,CAACiB,MAAM,GAAG,GAAG,EAAE;QAClD,IAAAT,qBAAY,6CAC0BR,QAAQ,CAACiB,MAAM,GACnD,OAAO,CACR;QACD,OAAO,IAAI;MACb;MACA,IAAMC,UAAU,GAAGlB,QAAQ,CAACC,IAAI;MAChC,IAAIkB,YAAY,GAAG,EAAE;MACrB,IAAMC,WAAW,GAAGN,EAAE,IAAI,IAAI,GAAG/C,KAAK,GAAG+C,EAAE;MAC3C,IAAIO,KAAK,CAACC,OAAO,CAACJ,UAAU,CAAChB,MAAM,CAAC,EAAE;QACpCiB,YAAY,GAAGD,UAAU,CAAChB,MAAM,CAACqB,MAAM,CACpCC,EAAE;UAAA;UAAA,OACD,CAACJ,WAAW,CAACK,QAAQ,CAACD,EAAE,CAAC/B,OAAO,CAACiC,MAAM,CAAC,IACxC,CAACN,WAAW,CAACK,QAAQ,CAACD,EAAE,CAAChC,IAAI,CAAC,KAC7BmB,MAAM,CAAC,CAAC,CAAC,KAAK,KAAK,IAAIA,MAAM,CAACc,QAAQ,CAACnC,mBAAmB,CAACkC,EAAE,CAAC,CAAC,CAAC,KAChE,OAAOZ,IAAI,KAAK,WAAW,IAC1BA,IAAI,KAAK,IAAI,+BACbY,EAAE,CAAC/B,OAAO,CAACkC,aAAa,2DAAxB,uBAA0BF,QAAQ,CAACb,IAAI,CAAC,EAAC;QAAA,EAC9C;MACH;MAEAO,YAAY,CAAChB,OAAO,CAAER,CAAC,IAAK;QAC1B,IAAMJ,GAAG,GAAGqC,IAAI,CAACC,SAAS,CAAClC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,IAAIoD,QAAQ,EAAE;UACZ,IAAIxD,GAAG,CAACkC,QAAQ,CAACsB,QAAQ,CAAC,EAAE;YAC1B,IAAAvC,qBAAY,EAACjB,GAAG,EAAE,MAAM,CAAC;UAC3B;QACF,CAAC,MAAM;UACL,IAAAiB,qBAAY,EAACjB,GAAG,EAAE,MAAM,CAAC;QAC3B;MACF,CAAC,CAAC;MACF,IAAI2B,UAAU,CAACa,kBAAkB,IAAI,IAAI,EAAE;QACzC,MAAMa,SAAS,CACblC,MAAM,EACNmC,OAAO,EACPC,KAAK,EACLnC,MAAM,EACNC,IAAI,EACJmC,QAAQ,EACR7B,UAAU,CAACa,kBAAkB,EAC7BjB,EAAE,CACH;MACH;MACA,OAAO,IAAI;IACb,CAAC,CAAC,OAAOnB,CAAC,EAAE;MACV,IAAAa,qBAAY,4CAAoCb,CAAC,GAAI,OAAO,CAAC;MAC7D,iDAA0CA,CAAC;IAC7C;EACF,CAAC;EAAA;AAAA"}
package/esm/api/cloud/LogApi.mjs CHANGED
@@ -7,16 +7,12 @@ const logsFetchURLTemplate = '%s/monitoring/logs?source=%s&beginTime=%s&endTime=
7
7
  const logsSourcesURLTemplate = '%s/monitoring/logs/sources';
8
8
  const logsCreateAPIKeyAndSecretURLTemplate = '%s/keys?_action=create';
9
9
  const logsGetAPIKeysURLTemplate = '%s/keys';
10
- export async function tail(source, cookie) {
11
- let urlString = util.format(logsTailURLTemplate, getTenantURL(state.getHost()), encodeURIComponent(source));
12
- if (cookie) {
13
- urlString += `&_pagedResultsCookie=${encodeURIComponent(cookie)}`;
14
- }
15
- return generateLogApi().get(urlString);
16
- }
17
10
  export async function getAPIKeys() {
18
11
  const urlString = util.format(logsGetAPIKeysURLTemplate, getTenantURL(state.getHost()));
19
- return generateLogKeysApi().get(urlString);
12
+ const {
13
+ data
14
+ } = await generateLogKeysApi().get(urlString);
15
+ return data;
20
16
  }
21
17
  export async function getSources() {
22
18
  const urlString = util.format(logsSourcesURLTemplate, getTenantURL(state.getHost()));
@@ -28,6 +24,13 @@ export async function createAPIKeyAndSecret(keyName) {
28
24
  name: keyName
29
25
  });
30
26
  }
27
+ export async function tail(source, cookie) {
28
+ let urlString = util.format(logsTailURLTemplate, getTenantURL(state.getHost()), encodeURIComponent(source));
29
+ if (cookie) {
30
+ urlString += `&_pagedResultsCookie=${encodeURIComponent(cookie)}`;
31
+ }
32
+ return generateLogApi().get(urlString);
33
+ }
31
34
  export async function fetch(source, startTs, endTs, cookie) {
32
35
  let urlString = util.format(logsFetchURLTemplate, getTenantURL(state.getHost()), encodeURIComponent(source), startTs, endTs);
33
36
  if (cookie) {
package/esm/ops/AuthenticateOps.mjs CHANGED
@@ -15,7 +15,8 @@ import { createSignedJwtToken } from './JoseOps';
15
15
  import { getServiceAccount } from './cloud/ServiceAccountOps';
16
16
  const adminClientPassword = 'doesnotmatter';
17
17
  const redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';
18
- const idmAdminScopes = 'fr:idm:* fr:idc:esv:*';
18
+ const cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';
19
+ const forgeopsIdmAdminScopes = 'openid fr:idm:*';
19
20
  const serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';
20
21
  let adminClientId = 'idmAdminClient';
21
22
 
@@ -118,7 +119,7 @@ async function determineDeploymentType() {
118
119
  [state.getCookieName()]: state.getCookieValue()
119
120
  }
120
121
  };
121
- let bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
122
+ let bodyFormData = `redirect_uri=${redirectURL}&scope=${cloudIdmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
122
123
  let deploymentType = globalConfig.CLASSIC_DEPLOYMENT_TYPE_KEY;
123
124
  try {
124
125
  await authorize(bodyFormData, config);
@@ -130,7 +131,7 @@ async function determineDeploymentType() {
130
131
  deploymentType = globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;
131
132
  } else {
132
133
  try {
133
- bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
134
+ bodyFormData = `redirect_uri=${redirectURL}&scope=${forgeopsIdmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;
134
135
  await authorize(bodyFormData, config);
135
136
  } catch (ex) {
136
137
  var _ex$response, _ex$response$headers, _ex$response$headers$;
@@ -197,7 +198,7 @@ async function authenticate(username, password) {
197
198
  async function getAuthCode(redirectURL, codeChallenge, codeChallengeMethod) {
198
199
  try {
199
200
  var _response$headers;
200
- const bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;
201
+ const bodyFormData = `redirect_uri=${redirectURL}&scope=${state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY ? cloudIdmAdminScopes : forgeopsIdmAdminScopes}&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;
201
202
  const config = {
202
203
  headers: {
203
204
  'Content-Type': 'application/x-www-form-urlencoded'
@@ -349,10 +350,10 @@ async function getLoggedInSubject() {
349
350
 
350
351
  /**
351
352
  * Get tokens
352
- * @param {boolean} save true to save a connection profile upon successful authentication, false otherwise
353
+ * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)
353
354
  * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise
354
355
  */
355
- export async function getTokens() {
356
+ export async function getTokens(forceLoginAsUser = false) {
356
357
  debugMessage(`AuthenticateOps.getTokens: start`);
357
358
  if (!state.getHost()) {
358
359
  printMessage(`No host specified and FRODO_HOST env variable not set!`, 'error');
@@ -378,7 +379,7 @@ export async function getTokens() {
378
379
  state.setCookieName(await determineCookieName());
379
380
 
380
381
  // use service account to login?
381
- if (state.getServiceAccountId() && state.getServiceAccountJwk()) {
382
+ if (!forceLoginAsUser && state.getServiceAccountId() && state.getServiceAccountJwk()) {
382
383
  debugMessage(`AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`);
383
384
  try {
384
385
  const token = await getAccessTokenForServiceAccount(state.getServiceAccountId(), state.getServiceAccountJwk());
@@ -387,8 +388,8 @@ export async function getTokens() {
387
388
  await determineDeploymentTypeAndDefaultRealmAndVersion();
388
389
  } catch (saErr) {
389
390
  var _saErr$response, _saErr$response2, _saErr$response2$data, _saErr$response3, _saErr$response3$data;
390
- debugMessage((_saErr$response = saErr.response) === null || _saErr$response === void 0 ? void 0 : _saErr$response.data);
391
- throw new Error(`Service account login error: ${((_saErr$response2 = saErr.response) === null || _saErr$response2 === void 0 ? void 0 : (_saErr$response2$data = _saErr$response2.data) === null || _saErr$response2$data === void 0 ? void 0 : _saErr$response2$data.error_description) || ((_saErr$response3 = saErr.response) === null || _saErr$response3 === void 0 ? void 0 : (_saErr$response3$data = _saErr$response3.data) === null || _saErr$response3$data === void 0 ? void 0 : _saErr$response3$data.message)}`);
391
+ debugMessage(((_saErr$response = saErr.response) === null || _saErr$response === void 0 ? void 0 : _saErr$response.data) || saErr);
392
+ throw new Error(`Service account login error: ${((_saErr$response2 = saErr.response) === null || _saErr$response2 === void 0 ? void 0 : (_saErr$response2$data = _saErr$response2.data) === null || _saErr$response2$data === void 0 ? void 0 : _saErr$response2$data.error_description) || ((_saErr$response3 = saErr.response) === null || _saErr$response3 === void 0 ? void 0 : (_saErr$response3$data = _saErr$response3.data) === null || _saErr$response3$data === void 0 ? void 0 : _saErr$response3$data.message) || saErr}`);
392
393
  }
393
394
  }
394
395
  // use user account to login
package/esm/ops/cloud/LogOps.mjs CHANGED
@@ -1,4 +1,4 @@
1
- import { printMessage } from '../utils/Console';
1
+ import { printMessage, verboseMessage } from '../utils/Console';
2
2
  import { getCurrentTimestamp } from '../utils/ExportImportUtils';
3
3
  import { createAPIKeyAndSecret, getAPIKeys, getSources } from '../../api/cloud/LogApi';
4
4
  import * as state from '../../shared/State';
@@ -108,27 +108,29 @@ export async function tailLogs(source, levels, txid, cookie, nf) {
108
108
  export async function provisionCreds() {
109
109
  try {
110
110
  let keyName = `frodo-${state.getUsername()}`;
111
- return getAPIKeys().then(response => {
112
- response.data.result.forEach(k => {
111
+ try {
112
+ const response = await getAPIKeys();
113
+ for (const k of response.result) {
113
114
  if (k.name === keyName) {
114
115
  // append current timestamp to name if the named key already exists
115
116
  keyName = `${keyName}-${getCurrentTimestamp()}`;
116
117
  }
117
- });
118
- return createAPIKeyAndSecret(keyName).then(resp => {
118
+ }
119
+ try {
120
+ const resp = await createAPIKeyAndSecret(keyName);
119
121
  if (resp.data.name !== keyName) {
120
122
  printMessage(`create keys ERROR: could not create log API key ${keyName}`, 'error');
121
123
  return null;
122
124
  }
123
- printMessage(`Created a new log API key [${keyName}] in ${state.getHost()}`);
125
+ verboseMessage(`Created a new log API key [${keyName}] in ${state.getHost()}`);
124
126
  return resp.data;
125
- }).catch(error => {
127
+ } catch (error) {
126
128
  printMessage(`create keys ERROR: create keys call returned ${error}`, 'error');
127
129
  return null;
128
- });
129
- }).catch(error => {
130
+ }
131
+ } catch (error) {
130
132
  printMessage(`get keys ERROR: get keys call returned ${error}`, 'error');
131
- });
133
+ }
132
134
  } catch (e) {
133
135
  printMessage(`create keys ERROR: create keys data error - ${e}`, 'error');
134
136
  return null;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rockcarver/frodo-lib",
3
- "version": "0.18.3",
3
+ "version": "0.18.5",
4
4
  "type": "commonjs",
5
5
  "main": "./cjs/index.js",
6
6
  "module": "./esm/index.mjs",
package/types/api/cloud/LogApi.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- export declare function tail(source: any, cookie: any): Promise<import("axios").AxiosResponse<any, any>>;
2
- export declare function getAPIKeys(): Promise<import("axios").AxiosResponse<any, any>>;
1
+ export declare function getAPIKeys(): Promise<any>;
3
2
  export declare function getSources(): Promise<import("axios").AxiosResponse<any, any>>;
4
3
  export declare function createAPIKeyAndSecret(keyName: any): Promise<import("axios").AxiosResponse<any, any>>;
4
+ export declare function tail(source: any, cookie: any): Promise<import("axios").AxiosResponse<any, any>>;
5
5
  export declare function fetch(source: any, startTs: any, endTs: any, cookie: any): Promise<import("axios").AxiosResponse<any, any>>;
package/types/api/cloud/LogApi.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/api/cloud/LogApi.ts"],"names":[],"mappings":"AAYA,wBAAsB,IAAI,CAAC,MAAM,KAAA,EAAE,MAAM,KAAA,oDAUxC;AAED,wBAAsB,UAAU,qDAM/B;AAED,wBAAsB,UAAU,qDAM/B;AAED,wBAAsB,qBAAqB,CAAC,OAAO,KAAA,oDAMlD;AAED,wBAAsB,KAAK,CAAC,MAAM,KAAA,EAAE,OAAO,KAAA,EAAE,KAAK,KAAA,EAAE,MAAM,KAAA,oDAYzD","file":"LogApi.d.ts","sourcesContent":["import util from 'util';\nimport { generateLogApi, generateLogKeysApi } from '../BaseApi';\nimport { getTenantURL } from '../utils/ApiUtils';\nimport * as state from '../../shared/State';\n\nconst logsTailURLTemplate = '%s/monitoring/logs/tail?source=%s';\nconst logsFetchURLTemplate =\n '%s/monitoring/logs?source=%s&beginTime=%s&endTime=%s';\nconst logsSourcesURLTemplate = '%s/monitoring/logs/sources';\nconst logsCreateAPIKeyAndSecretURLTemplate = '%s/keys?_action=create';\nconst logsGetAPIKeysURLTemplate = '%s/keys';\n\nexport async function tail(source, cookie) {\n let urlString = util.format(\n logsTailURLTemplate,\n getTenantURL(state.getHost()),\n encodeURIComponent(source)\n );\n if (cookie) {\n urlString += `&_pagedResultsCookie=${encodeURIComponent(cookie)}`;\n }\n return generateLogApi().get(urlString);\n}\n\nexport async function getAPIKeys() {\n const urlString = util.format(\n logsGetAPIKeysURLTemplate,\n getTenantURL(state.getHost())\n );\n return generateLogKeysApi().get(urlString);\n}\n\nexport async function getSources() {\n const urlString = util.format(\n logsSourcesURLTemplate,\n getTenantURL(state.getHost())\n );\n return generateLogApi().get(urlString);\n}\n\nexport async function createAPIKeyAndSecret(keyName) {\n const urlString = util.format(\n logsCreateAPIKeyAndSecretURLTemplate,\n getTenantURL(state.getHost())\n );\n return generateLogKeysApi().post(urlString, { name: keyName });\n}\n\nexport async function fetch(source, startTs, endTs, cookie) {\n let urlString = util.format(\n logsFetchURLTemplate,\n getTenantURL(state.getHost()),\n encodeURIComponent(source),\n startTs,\n endTs\n );\n if (cookie) {\n urlString += `&_pagedResultsCookie=${encodeURIComponent(cookie)}`;\n }\n return generateLogApi({ timeout: 60000 }).get(urlString);\n}\n"]}
1
+ {"version":3,"sources":["../src/api/cloud/LogApi.ts"],"names":[],"mappings":"AAYA,wBAAsB,UAAU,iBAO/B;AAED,wBAAsB,UAAU,qDAM/B;AAED,wBAAsB,qBAAqB,CAAC,OAAO,KAAA,oDAMlD;AAED,wBAAsB,IAAI,CAAC,MAAM,KAAA,EAAE,MAAM,KAAA,oDAUxC;AAED,wBAAsB,KAAK,CAAC,MAAM,KAAA,EAAE,OAAO,KAAA,EAAE,KAAK,KAAA,EAAE,MAAM,KAAA,oDAYzD","file":"LogApi.d.ts","sourcesContent":["import util from 'util';\nimport { generateLogApi, generateLogKeysApi } from '../BaseApi';\nimport { getTenantURL } from '../utils/ApiUtils';\nimport * as state from '../../shared/State';\n\nconst logsTailURLTemplate = '%s/monitoring/logs/tail?source=%s';\nconst logsFetchURLTemplate =\n '%s/monitoring/logs?source=%s&beginTime=%s&endTime=%s';\nconst logsSourcesURLTemplate = '%s/monitoring/logs/sources';\nconst logsCreateAPIKeyAndSecretURLTemplate = '%s/keys?_action=create';\nconst logsGetAPIKeysURLTemplate = '%s/keys';\n\nexport async function getAPIKeys() {\n const urlString = util.format(\n logsGetAPIKeysURLTemplate,\n getTenantURL(state.getHost())\n );\n const { data } = await generateLogKeysApi().get(urlString);\n return data;\n}\n\nexport async function getSources() {\n const urlString = util.format(\n logsSourcesURLTemplate,\n getTenantURL(state.getHost())\n );\n return generateLogApi().get(urlString);\n}\n\nexport async function createAPIKeyAndSecret(keyName) {\n const urlString = util.format(\n logsCreateAPIKeyAndSecretURLTemplate,\n getTenantURL(state.getHost())\n );\n return generateLogKeysApi().post(urlString, { name: keyName });\n}\n\nexport async function tail(source, cookie) {\n let urlString = util.format(\n logsTailURLTemplate,\n getTenantURL(state.getHost()),\n encodeURIComponent(source)\n );\n if (cookie) {\n urlString += `&_pagedResultsCookie=${encodeURIComponent(cookie)}`;\n }\n return generateLogApi().get(urlString);\n}\n\nexport async function fetch(source, startTs, endTs, cookie) {\n let urlString = util.format(\n logsFetchURLTemplate,\n getTenantURL(state.getHost()),\n encodeURIComponent(source),\n startTs,\n endTs\n );\n if (cookie) {\n urlString += `&_pagedResultsCookie=${encodeURIComponent(cookie)}`;\n }\n return generateLogApi({ timeout: 60000 }).get(urlString);\n}\n"]}
package/types/ops/AuthenticateOps.d.ts CHANGED
@@ -8,7 +8,7 @@ import { JwkRsa } from './JoseOps';
8
8
  export declare function getAccessTokenForServiceAccount(serviceAccountId: string, jwk: JwkRsa): Promise<string | null>;
9
9
  /**
10
10
  * Get tokens
11
- * @param {boolean} save true to save a connection profile upon successful authentication, false otherwise
11
+ * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)
12
12
  * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise
13
13
  */
14
- export declare function getTokens(): Promise<boolean>;
14
+ export declare function getTokens(forceLoginAsUser?: boolean): Promise<boolean>;
package/types/ops/AuthenticateOps.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/ops/AuthenticateOps.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,MAAM,EAAwB,MAAM,WAAW,CAAC;AAqTzD;;;;;GAKG;AACH,wBAAsB,+BAA+B,CACnD,gBAAgB,EAAE,MAAM,EACxB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBxB;AAmCD;;;;GAIG;AACH,wBAAsB,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,CAiHlD","file":"AuthenticateOps.d.ts","sourcesContent":["import url from 'url';\nimport { createHash, randomBytes } from 'crypto';\nimport readlineSync from 'readline-sync';\nimport { encodeBase64Url } from '../api/utils/Base64';\nimport * as state from '../shared/State';\nimport * as globalConfig from '../storage/StaticStorage';\nimport { debugMessage, printMessage, verboseMessage } from './utils/Console';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport { step } from '../api/AuthenticateApi';\nimport { accessToken, authorize } from '../api/OAuth2OIDCApi';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { v4 } from 'uuid';\nimport { parseUrl } from '../api/utils/ApiUtils';\nimport { JwkRsa, createSignedJwtToken } from './JoseOps';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst idmAdminScopes = 'fr:idm:* fr:idc:esv:*';\nconst serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';\n\nlet adminClientId = 'idmAdminClient';\n\n/**\n * Helper function to get cookie name\n * @returns {String} cookie name\n */\nasync function determineCookieName() {\n try {\n const data = await getServerInfo();\n debugMessage(\n `AuthenticateOps.getCookieName: cookieName=${data.cookieName}`\n );\n return data.cookieName;\n } catch (error) {\n printMessage(`Error getting cookie name: ${error}`, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/**\n * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @returns {Object} an object indicating if 2fa is required and the original payload\n */\nfunction checkAndHandle2FA(payload) {\n // let skippable = false;\n if ('callbacks' in payload) {\n for (const element of payload.callbacks) {\n if (element.type === 'HiddenValueCallback') {\n if (element.input[0].value.includes('skip')) {\n // skippable = true;\n element.input[0].value = 'Skip';\n return {\n need2fa: true,\n payload,\n };\n }\n }\n if (element.type === 'NameCallback') {\n if (element.output[0].value.includes('code')) {\n // skippable = false;\n printMessage('2FA is enabled and required for this user...');\n const code = readlineSync.question(`${element.output[0].value}: `);\n element.input[0].value = code;\n return {\n need2fa: true,\n payload,\n };\n }\n }\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n}\n\n/**\n * Helper function to set the default realm by deployment type\n * @param {string} deploymentType deployment type\n */\nfunction determineDefaultRealm(deploymentType: string) {\n if (\n !state.getRealm() ||\n state.getRealm() === globalConfig.DEFAULT_REALM_KEY\n ) {\n state.setRealm(globalConfig.DEPLOYMENT_TYPE_REALM_MAP[deploymentType]);\n }\n}\n\n/**\n * Helper function to determine the deployment type\n * @returns {Promise<string>} deployment type\n */\nasync function determineDeploymentType(): Promise<string> {\n const cookieValue = state.getCookieValue();\n // https://bugster.forgerock.org/jira/browse/FRAAS-13018\n // There is a chance that this will be blocked due to security concerns and thus is probably best not to keep active\n // if (!cookieValue && getUseBearerTokenForAmApis()) {\n // const token = await getTokenInfo();\n // cookieValue = token.sessionToken;\n // setCookieValue(cookieValue);\n // }\n\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const fidcClientId = 'idmAdminClient';\n const forgeopsClientId = 'idm-admin-ui';\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n let deploymentType = globalConfig.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize(bodyFormData, config);\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage(`ForgeRock Identity Cloud`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize(bodyFormData, config);\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage(`ForgeOps deployment`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage(`Classic deployment`['brightCyan'] + ` detected.`);\n }\n }\n }\n }\n return deploymentType;\n}\n\n/**\n * Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n */\nasync function getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d])*)/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\n/**\n * Helper function to authenticate and obtain and store session cookie\n * @returns {string} Session token or null\n */\nasync function authenticate(\n username: string,\n password: string\n): Promise<string> {\n const config = {\n headers: {\n 'X-OpenAM-Username': username,\n 'X-OpenAM-Password': password,\n },\n };\n const response1 = await step({}, config);\n const skip2FA = checkAndHandle2FA(response1);\n let response2 = {};\n if (skip2FA.need2fa) {\n response2 = await step(skip2FA.payload);\n } else {\n response2 = skip2FA.payload;\n }\n if ('tokenId' in response2) {\n return response2['tokenId'] as string;\n }\n return null;\n}\n\n/**\n * Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @returns {string} oauth2 authorization code or null\n */\nasync function getAuthCode(redirectURL, codeChallenge, codeChallengeMethod) {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${idmAdminScopes}&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize(bodyFormData, config);\n } catch (error) {\n response = error.response;\n }\n if (response.status < 200 || response.status > 399) {\n printMessage('error getting auth code', 'error');\n printMessage(\n 'likely cause: mismatched parameters with OAuth client config',\n 'error'\n );\n return null;\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code;\n }\n printMessage('auth code not found', 'error');\n return null;\n } catch (error) {\n printMessage(`error getting auth code - ${error.message}`, 'error');\n printMessage(error.response?.data, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @returns {Promise<string | null>} access token or null\n */\nasync function getAccessTokenForUser(): Promise<string | null> {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: start`);\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(redirectURL, challenge, challengeMethod);\n if (authCode == null) {\n printMessage('error getting auth code', 'error');\n return null;\n }\n let response = null;\n if (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData, config);\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData);\n }\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end with token`);\n return response.data.access_token;\n }\n printMessage('No access token in response.', 'error');\n } catch (error) {\n debugMessage(`Error getting access token for user: ${error}`);\n debugMessage(error.response?.data);\n }\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end without token`);\n return null;\n}\n\nfunction createPayload(serviceAccountId: string) {\n const u = parseUrl(state.getHost());\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/**\n * Get access token for service account\n * @param {string} serviceAccountId UUID of service account\n * @param {JwkRsa} jwk Java Wek Key\n * @returns {string | null} Access token or null\n */\nexport async function getAccessTokenForServiceAccount(\n serviceAccountId: string,\n jwk: JwkRsa\n): Promise<string | null> {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: start`);\n const payload = createPayload(serviceAccountId);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: payload:`);\n debugMessage(payload);\n const jwt = await createSignedJwtToken(payload, jwk);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: jwt:`);\n debugMessage(jwt);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken(bodyFormData);\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: token:`);\n debugMessage(response.data.access_token);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return response.data.access_token;\n }\n debugMessage(\n `AuthenticateOps.getAccessTokenForServiceAccount: No access token in response.`\n );\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return null;\n}\n\nasync function determineDeploymentTypeAndDefaultRealmAndVersion() {\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`\n );\n if (!state.getDeploymentType()) {\n state.setDeploymentType(await determineDeploymentType());\n }\n determineDefaultRealm(state.getDeploymentType());\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`\n );\n\n const versionInfo = await getServerVersionInfo();\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage(`Full version: ${versionInfo.fullVersion}`);\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`\n );\n}\n\nasync function getLoggedInSubject(): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n const name = (await getServiceAccount(state.getServiceAccountId())).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n }\n return subjectString;\n}\n\n/**\n * Get tokens\n * @param {boolean} save true to save a connection profile upon successful authentication, false otherwise\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\nexport async function getTokens(): Promise<boolean> {\n debugMessage(`AuthenticateOps.getTokens: start`);\n if (!state.getHost()) {\n printMessage(\n `No host specified and FRODO_HOST env variable not set!`,\n 'error'\n );\n return false;\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile();\n if (conn) {\n state.setHost(conn.tenant);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n } else {\n return false;\n }\n }\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName());\n\n // use service account to login?\n if (state.getServiceAccountId() && state.getServiceAccountJwk()) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`\n );\n try {\n const token = await getAccessTokenForServiceAccount(\n state.getServiceAccountId(),\n state.getServiceAccountJwk()\n );\n state.setBearerToken(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n } catch (saErr) {\n debugMessage(saErr.response?.data);\n throw new Error(\n `Service account login error: ${\n saErr.response?.data?.error_description ||\n saErr.response?.data?.message\n }`\n );\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`\n );\n const token = await authenticate(\n state.getUsername(),\n state.getPassword()\n );\n if (token) state.setCookieValue(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n if (\n state.getCookieValue() &&\n !state.getBearerToken() &&\n (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY ||\n state.getDeploymentType() ===\n globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getAccessTokenForUser();\n if (accessToken) state.setBearerToken(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n printMessage(`Incomplete or no credentials!`, 'error');\n return false;\n }\n if (\n state.getCookieValue() ||\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n // https://github.com/rockcarver/frodo-cli/issues/102\n printMessage(\n `Connected to ${state.getHost()} [${\n state.getRealm() ? state.getRealm() : 'root'\n }] as ${await getLoggedInSubject()}`,\n 'info'\n );\n debugMessage(`AuthenticateOps.getTokens: end with tokens`);\n return true;\n }\n } catch (error) {\n // regular error\n printMessage(error.message, 'error');\n // axios error am api\n printMessage(error.response?.data?.message, 'error');\n // axios error am oauth2 api\n printMessage(error.response?.data?.error_description, 'error');\n // axios error data\n debugMessage(error.response?.data);\n // stack trace\n debugMessage(error.stack || new Error().stack);\n }\n debugMessage(`AuthenticateOps.getTokens: end without tokens`);\n return false;\n}\n"]}
1
+ {"version":3,"sources":["../src/ops/AuthenticateOps.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,MAAM,EAAwB,MAAM,WAAW,CAAC;AA0TzD;;;;;GAKG;AACH,wBAAsB,+BAA+B,CACnD,gBAAgB,EAAE,MAAM,EACxB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBxB;AAmCD;;;;GAIG;AACH,wBAAsB,SAAS,CAAC,gBAAgB,UAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAsH1E","file":"AuthenticateOps.d.ts","sourcesContent":["import url from 'url';\nimport { createHash, randomBytes } from 'crypto';\nimport readlineSync from 'readline-sync';\nimport { encodeBase64Url } from '../api/utils/Base64';\nimport * as state from '../shared/State';\nimport * as globalConfig from '../storage/StaticStorage';\nimport { debugMessage, printMessage, verboseMessage } from './utils/Console';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport { step } from '../api/AuthenticateApi';\nimport { accessToken, authorize } from '../api/OAuth2OIDCApi';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { v4 } from 'uuid';\nimport { parseUrl } from '../api/utils/ApiUtils';\nimport { JwkRsa, createSignedJwtToken } from './JoseOps';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';\nconst forgeopsIdmAdminScopes = 'openid fr:idm:*';\nconst serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';\n\nlet adminClientId = 'idmAdminClient';\n\n/**\n * Helper function to get cookie name\n * @returns {String} cookie name\n */\nasync function determineCookieName() {\n try {\n const data = await getServerInfo();\n debugMessage(\n `AuthenticateOps.getCookieName: cookieName=${data.cookieName}`\n );\n return data.cookieName;\n } catch (error) {\n printMessage(`Error getting cookie name: ${error}`, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/**\n * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @returns {Object} an object indicating if 2fa is required and the original payload\n */\nfunction checkAndHandle2FA(payload) {\n // let skippable = false;\n if ('callbacks' in payload) {\n for (const element of payload.callbacks) {\n if (element.type === 'HiddenValueCallback') {\n if (element.input[0].value.includes('skip')) {\n // skippable = true;\n element.input[0].value = 'Skip';\n return {\n need2fa: true,\n payload,\n };\n }\n }\n if (element.type === 'NameCallback') {\n if (element.output[0].value.includes('code')) {\n // skippable = false;\n printMessage('2FA is enabled and required for this user...');\n const code = readlineSync.question(`${element.output[0].value}: `);\n element.input[0].value = code;\n return {\n need2fa: true,\n payload,\n };\n }\n }\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n }\n // console.info(\"NO2FA\");\n return {\n need2fa: false,\n payload,\n };\n}\n\n/**\n * Helper function to set the default realm by deployment type\n * @param {string} deploymentType deployment type\n */\nfunction determineDefaultRealm(deploymentType: string) {\n if (\n !state.getRealm() ||\n state.getRealm() === globalConfig.DEFAULT_REALM_KEY\n ) {\n state.setRealm(globalConfig.DEPLOYMENT_TYPE_REALM_MAP[deploymentType]);\n }\n}\n\n/**\n * Helper function to determine the deployment type\n * @returns {Promise<string>} deployment type\n */\nasync function determineDeploymentType(): Promise<string> {\n const cookieValue = state.getCookieValue();\n // https://bugster.forgerock.org/jira/browse/FRAAS-13018\n // There is a chance that this will be blocked due to security concerns and thus is probably best not to keep active\n // if (!cookieValue && getUseBearerTokenForAmApis()) {\n // const token = await getTokenInfo();\n // cookieValue = token.sessionToken;\n // setCookieValue(cookieValue);\n // }\n\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const fidcClientId = 'idmAdminClient';\n const forgeopsClientId = 'idm-admin-ui';\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${cloudIdmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n let deploymentType = globalConfig.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize(bodyFormData, config);\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage(`ForgeRock Identity Cloud`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${forgeopsIdmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize(bodyFormData, config);\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage(`ForgeOps deployment`['brightCyan'] + ` detected.`);\n deploymentType = globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage(`Classic deployment`['brightCyan'] + ` detected.`);\n }\n }\n }\n }\n return deploymentType;\n}\n\n/**\n * Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n */\nasync function getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d])*)/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\n/**\n * Helper function to authenticate and obtain and store session cookie\n * @returns {string} Session token or null\n */\nasync function authenticate(\n username: string,\n password: string\n): Promise<string> {\n const config = {\n headers: {\n 'X-OpenAM-Username': username,\n 'X-OpenAM-Password': password,\n },\n };\n const response1 = await step({}, config);\n const skip2FA = checkAndHandle2FA(response1);\n let response2 = {};\n if (skip2FA.need2fa) {\n response2 = await step(skip2FA.payload);\n } else {\n response2 = skip2FA.payload;\n }\n if ('tokenId' in response2) {\n return response2['tokenId'] as string;\n }\n return null;\n}\n\n/**\n * Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @returns {string} oauth2 authorization code or null\n */\nasync function getAuthCode(redirectURL, codeChallenge, codeChallengeMethod) {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${\n state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY\n ? cloudIdmAdminScopes\n : forgeopsIdmAdminScopes\n }&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize(bodyFormData, config);\n } catch (error) {\n response = error.response;\n }\n if (response.status < 200 || response.status > 399) {\n printMessage('error getting auth code', 'error');\n printMessage(\n 'likely cause: mismatched parameters with OAuth client config',\n 'error'\n );\n return null;\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code;\n }\n printMessage('auth code not found', 'error');\n return null;\n } catch (error) {\n printMessage(`error getting auth code - ${error.message}`, 'error');\n printMessage(error.response?.data, 'error');\n debugMessage(error.stack);\n return null;\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @returns {Promise<string | null>} access token or null\n */\nasync function getAccessTokenForUser(): Promise<string | null> {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: start`);\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(redirectURL, challenge, challengeMethod);\n if (authCode == null) {\n printMessage('error getting auth code', 'error');\n return null;\n }\n let response = null;\n if (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData, config);\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken(bodyFormData);\n }\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end with token`);\n return response.data.access_token;\n }\n printMessage('No access token in response.', 'error');\n } catch (error) {\n debugMessage(`Error getting access token for user: ${error}`);\n debugMessage(error.response?.data);\n }\n debugMessage(`AuthenticateOps.getAccessTokenForUser: end without token`);\n return null;\n}\n\nfunction createPayload(serviceAccountId: string) {\n const u = parseUrl(state.getHost());\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/**\n * Get access token for service account\n * @param {string} serviceAccountId UUID of service account\n * @param {JwkRsa} jwk Java Wek Key\n * @returns {string | null} Access token or null\n */\nexport async function getAccessTokenForServiceAccount(\n serviceAccountId: string,\n jwk: JwkRsa\n): Promise<string | null> {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: start`);\n const payload = createPayload(serviceAccountId);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: payload:`);\n debugMessage(payload);\n const jwt = await createSignedJwtToken(payload, jwk);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: jwt:`);\n debugMessage(jwt);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken(bodyFormData);\n if ('access_token' in response.data) {\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: token:`);\n debugMessage(response.data.access_token);\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return response.data.access_token;\n }\n debugMessage(\n `AuthenticateOps.getAccessTokenForServiceAccount: No access token in response.`\n );\n debugMessage(`AuthenticateOps.getAccessTokenForServiceAccount: end`);\n return null;\n}\n\nasync function determineDeploymentTypeAndDefaultRealmAndVersion() {\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`\n );\n if (!state.getDeploymentType()) {\n state.setDeploymentType(await determineDeploymentType());\n }\n determineDefaultRealm(state.getDeploymentType());\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`\n );\n\n const versionInfo = await getServerVersionInfo();\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage(`Full version: ${versionInfo.fullVersion}`);\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage(\n `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`\n );\n}\n\nasync function getLoggedInSubject(): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n const name = (await getServiceAccount(state.getServiceAccountId())).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n }\n return subjectString;\n}\n\n/**\n * Get tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @returns {Promise<boolean>} true if tokens were successfully obtained, false otherwise\n */\nexport async function getTokens(forceLoginAsUser = false): Promise<boolean> {\n debugMessage(`AuthenticateOps.getTokens: start`);\n if (!state.getHost()) {\n printMessage(\n `No host specified and FRODO_HOST env variable not set!`,\n 'error'\n );\n return false;\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile();\n if (conn) {\n state.setHost(conn.tenant);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n } else {\n return false;\n }\n }\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName());\n\n // use service account to login?\n if (\n !forceLoginAsUser &&\n state.getServiceAccountId() &&\n state.getServiceAccountJwk()\n ) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`\n );\n try {\n const token = await getAccessTokenForServiceAccount(\n state.getServiceAccountId(),\n state.getServiceAccountJwk()\n );\n state.setBearerToken(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n } catch (saErr) {\n debugMessage(saErr.response?.data || saErr);\n throw new Error(\n `Service account login error: ${\n saErr.response?.data?.error_description ||\n saErr.response?.data?.message ||\n saErr\n }`\n );\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage(\n `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`\n );\n const token = await authenticate(\n state.getUsername(),\n state.getPassword()\n );\n if (token) state.setCookieValue(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion();\n if (\n state.getCookieValue() &&\n !state.getBearerToken() &&\n (state.getDeploymentType() === globalConfig.CLOUD_DEPLOYMENT_TYPE_KEY ||\n state.getDeploymentType() ===\n globalConfig.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getAccessTokenForUser();\n if (accessToken) state.setBearerToken(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n printMessage(`Incomplete or no credentials!`, 'error');\n return false;\n }\n if (\n state.getCookieValue() ||\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n // https://github.com/rockcarver/frodo-cli/issues/102\n printMessage(\n `Connected to ${state.getHost()} [${\n state.getRealm() ? state.getRealm() : 'root'\n }] as ${await getLoggedInSubject()}`,\n 'info'\n );\n debugMessage(`AuthenticateOps.getTokens: end with tokens`);\n return true;\n }\n } catch (error) {\n // regular error\n printMessage(error.message, 'error');\n // axios error am api\n printMessage(error.response?.data?.message, 'error');\n // axios error am oauth2 api\n printMessage(error.response?.data?.error_description, 'error');\n // axios error data\n debugMessage(error.response?.data);\n // stack trace\n debugMessage(error.stack || new Error().stack);\n }\n debugMessage(`AuthenticateOps.getTokens: end without tokens`);\n return false;\n}\n"]}
package/types/ops/cloud/LogOps.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/ops/cloud/LogOps.ts"],"names":[],"mappings":"AA4OA,wBAAgB,kBAAkB,aAEjC;AAED,wBAAgB,YAAY,CAAC,KAAK,KAAA,OAOjC;AAID,wBAAgB,mBAAmB,CAAC,GAAG,KAAA,OAStC;AAED,wBAAsB,aAAa,mBAgBlC;AAED,wBAAsB,QAAQ,CAAC,MAAM,KAAA,EAAE,MAAM,KAAA,EAAE,IAAI,KAAA,EAAE,MAAM,KAAA,EAAE,EAAE,KAAA,mBAwC9D;AAED,wBAAsB,cAAc,iBA2CnC;AAED,wBAAsB,SAAS,CAC7B,MAAM,KAAA,EACN,OAAO,KAAA,EACP,KAAK,KAAA,EACL,MAAM,KAAA,EACN,IAAI,KAAA,EACJ,QAAQ,KAAA,EACR,MAAM,KAAA,EACN,EAAE,KAAA,mBAsDH","file":"LogOps.d.ts","sourcesContent":["import { printMessage } from '../utils/Console';\nimport { getCurrentTimestamp } from '../utils/ExportImportUtils';\nimport {\n createAPIKeyAndSecret,\n getAPIKeys,\n getSources,\n} from '../../api/cloud/LogApi';\n\nimport * as state from '../../shared/State';\n\nimport * as LogApi from '../../api/cloud/LogApi';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst unfilterableNoise = [\n 'text/plain', // Unfortunately, it is impossible to filter out those without excluding IDM script logging as well\n];\n\nconst miscNoise = [\n 'com.iplanet.dpro.session.operations.ServerSessionOperationStrategy',\n 'com.iplanet.dpro.session.SessionIDFactory',\n 'com.iplanet.dpro.session.share.SessionEncodeURL',\n 'com.iplanet.services.naming.WebtopNaming',\n 'com.iplanet.sso.providers.dpro.SSOProviderImpl',\n 'com.sun.identity.authentication.AuthContext',\n 'com.sun.identity.authentication.client.AuthClientUtils',\n 'com.sun.identity.authentication.config.AMAuthConfigType',\n 'com.sun.identity.authentication.config.AMAuthenticationManager',\n 'com.sun.identity.authentication.config.AMAuthLevelManager',\n 'com.sun.identity.authentication.config.AMConfiguration',\n 'com.sun.identity.authentication.jaas.LoginContext',\n 'com.sun.identity.authentication.modules.application.Application',\n 'com.sun.identity.authentication.server.AuthContextLocal',\n 'com.sun.identity.authentication.service.AMLoginContext',\n 'com.sun.identity.authentication.service.AuthContextLookup',\n 'com.sun.identity.authentication.service.AuthD',\n 'com.sun.identity.authentication.service.AuthUtils',\n 'com.sun.identity.authentication.service.DSAMECallbackHandler',\n 'com.sun.identity.authentication.service.LoginState',\n 'com.sun.identity.authentication.spi.AMLoginModule',\n 'com.sun.identity.delegation.DelegationEvaluatorImpl',\n 'com.sun.identity.idm.plugins.internal.AgentsRepo',\n 'com.sun.identity.idm.server.IdCachedServicesImpl',\n 'com.sun.identity.idm.server.IdRepoPluginsCache',\n 'com.sun.identity.idm.server.IdServicesImpl',\n 'com.sun.identity.log.spi.ISDebug',\n 'com.sun.identity.shared.encode.CookieUtils',\n 'com.sun.identity.sm.ldap.SMSLdapObject',\n 'com.sun.identity.sm.CachedSMSEntry',\n 'com.sun.identity.sm.CachedSubEntries',\n 'com.sun.identity.sm.DNMapper',\n 'com.sun.identity.sm.ServiceConfigImpl',\n 'com.sun.identity.sm.ServiceConfigManagerImpl',\n 'com.sun.identity.sm.SMSEntry',\n 'com.sun.identity.sm.SMSUtils',\n 'com.sun.identity.sm.SmsWrapperObject',\n 'oauth2',\n 'org.apache.http.client.protocol.RequestAuthCache',\n 'org.apache.http.impl.conn.PoolingHttpClientConnectionManager',\n 'org.apache.http.impl.nio.client.InternalHttpAsyncClient',\n 'org.apache.http.impl.nio.client.InternalIODispatch',\n 'org.apache.http.impl.nio.client.MainClientExec',\n 'org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl',\n 'org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager',\n 'org.forgerock.audit.AuditServiceImpl',\n 'org.forgerock.oauth2.core.RealmOAuth2ProviderSettings',\n 'org.forgerock.openam.authentication.service.JAASModuleDetector',\n 'org.forgerock.openam.authentication.service.LoginContextFactory',\n 'org.forgerock.openam.blacklist.BloomFilterBlacklist',\n 'org.forgerock.openam.blacklist.CTSBlacklist',\n 'org.forgerock.openam.core.realms.impl.CachingRealmLookup',\n 'org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerManager',\n 'org.forgerock.openam.core.rest.authn.trees.AuthTrees',\n 'org.forgerock.openam.cors.CorsFilter',\n 'org.forgerock.openam.cts.CTSPersistentStoreImpl',\n 'org.forgerock.openam.cts.impl.CoreTokenAdapter',\n 'org.forgerock.openam.cts.impl.queue.AsyncResultHandler',\n 'org.forgerock.openam.cts.reaper.ReaperDeleteOnQueryResultHandler',\n 'org.forgerock.openam.headers.DisableSameSiteCookiesFilter',\n 'org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo',\n 'org.forgerock.openam.rest.CsrfFilter',\n 'org.forgerock.openam.rest.restAuthenticationFilter',\n 'org.forgerock.openam.rest.fluent.CrestLoggingFilter',\n 'org.forgerock.openam.session.cts.CtsOperations',\n 'org.forgerock.openam.session.stateless.StatelessSessionManager',\n 'org.forgerock.openam.sm.datalayer.impl.ldap.ExternalLdapConfig',\n 'org.forgerock.openam.sm.datalayer.impl.ldap.LdapQueryBuilder',\n 'org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutor',\n 'org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutorThread',\n 'org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider',\n 'org.forgerock.openam.sm.file.ConfigFileSystemHandler',\n 'org.forgerock.openam.social.idp.SocialIdentityProviders',\n 'org.forgerock.openam.utils.ClientUtils',\n 'org.forgerock.opendj.ldap.CachedConnectionPool',\n 'org.forgerock.opendj.ldap.LoadBalancer',\n 'org.forgerock.secrets.keystore.KeyStoreSecretStore',\n 'org.forgerock.secrets.propertyresolver.PropertyResolverSecretStore',\n 'org.forgerock.secrets.SecretsProvider',\n];\n\nconst journeysNoise = [\n 'org.forgerock.openam.auth.trees.engine.AuthTreeExecutor',\n];\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst journeys = [\n 'org.forgerock.openam.auth.nodes.SelectIdPNode',\n 'org.forgerock.openam.auth.nodes.ValidatedPasswordNode',\n 'org.forgerock.openam.auth.nodes.ValidatedUsernameNode',\n 'org.forgerock.openam.auth.trees.engine.AuthTreeExecutor',\n];\n\nconst samlNoise = [\n 'com.sun.identity.cot.COTCache',\n 'com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl',\n 'com.sun.identity.saml2.meta.SAML2MetaCache',\n 'com.sun.identity.saml2.profile.CacheCleanUpRunnable',\n 'org.apache.xml.security.keys.KeyInfo',\n 'org.apache.xml.security.signature.XMLSignature',\n 'org.apache.xml.security.utils.SignerOutputStream',\n 'org.apache.xml.security.utils.resolver.ResourceResolver',\n 'org.apache.xml.security.utils.resolver.implementations.ResolverFragment',\n 'org.apache.xml.security.algorithms.JCEMapper',\n 'org.apache.xml.security.algorithms.implementations.SignatureBaseRSA',\n 'org.apache.xml.security.algorithms.SignatureAlgorithm',\n 'org.apache.xml.security.utils.ElementProxy',\n 'org.apache.xml.security.transforms.Transforms',\n 'org.apache.xml.security.utils.DigesterOutputStream',\n 'org.apache.xml.security.signature.Reference',\n 'org.apache.xml.security.signature.Manifest',\n];\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst saml = [\n 'jsp.saml2.spAssertionConsumer',\n 'com.sun.identity.saml.common.SAMLUtils',\n 'com.sun.identity.saml2.common.SAML2Utils',\n 'com.sun.identity.saml2.meta.SAML2MetaManager',\n 'com.sun.identity.saml2.xmlsig.FMSigProvider',\n];\n\nconst noise = miscNoise.concat(samlNoise).concat(journeysNoise);\n\nconst numLogLevelMap = {\n 0: ['SEVERE', 'ERROR', 'FATAL'],\n 1: ['WARNING', 'WARN', 'CONFIG'],\n 2: ['INFO', 'INFORMATION'],\n 3: ['DEBUG', 'FINE', 'FINER', 'FINEST'],\n 4: ['ALL'],\n};\n\nconst logLevelMap = {\n SEVERE: ['SEVERE', 'ERROR', 'FATAL'],\n ERROR: ['SEVERE', 'ERROR', 'FATAL'],\n FATAL: ['SEVERE', 'ERROR', 'FATAL'],\n WARN: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n WARNING: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n CONFIG: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n INFO: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n ],\n INFORMATION: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n ],\n DEBUG: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINE: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINER: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINEST: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n ALL: ['ALL'],\n};\n\nexport function defaultNoiseFilter() {\n return noise;\n}\n\nexport function resolveLevel(level) {\n // const levels = ['FATAL', 'ERROR', 'WARN', 'INFO', 'DEBUG', 'TRACE', 'ALL'];\n // levels.splice(levels.indexOf(levelName) + 1, levels.length);\n if (Number.isNaN(parseInt(level, 10))) {\n return logLevelMap[level];\n }\n return logLevelMap[numLogLevelMap[level][0]];\n}\n\n// It seems that the undesirable 'text/plain' logs start with a date, not a LEVEL\n// Therefore, for those, this function returns null, and thus filters out the undesirable\nexport function resolvePayloadLevel(log) {\n try {\n return log.type !== 'text/plain'\n ? log.payload.level\n : log.payload.match(/^([^:]*):/)[1];\n } catch (e) {\n // Fail-safe for no group match\n return null;\n }\n}\n\nexport async function getLogSources() {\n const sources = [];\n await getSources()\n .then((response) => {\n response.data.result.forEach((item) => {\n sources.push(item);\n });\n })\n .catch((error) => {\n printMessage(\n `getSources ERROR: get log sources call returned ${error}}`,\n 'error'\n );\n return [];\n });\n return sources;\n}\n\nexport async function tailLogs(source, levels, txid, cookie, nf) {\n try {\n const response = await LogApi.tail(source, cookie);\n if (response.status < 200 || response.status > 399) {\n printMessage(\n `tail ERROR: tail call returned ${response.status}`,\n 'error'\n );\n return null;\n }\n // if (!cookie) {\n // await saveConnection();\n // }\n const logsObject = response.data;\n let filteredLogs = [];\n const noiseFilter = nf == null ? noise : nf;\n if (Array.isArray(logsObject.result)) {\n filteredLogs = logsObject.result.filter(\n (el) =>\n !noiseFilter.includes(el.payload.logger) &&\n !noiseFilter.includes(el.type) &&\n (levels[0] === 'ALL' || levels.includes(resolvePayloadLevel(el))) &&\n (typeof txid === 'undefined' ||\n txid === null ||\n el.payload.transactionId?.includes(txid))\n );\n }\n\n filteredLogs.forEach((e) => {\n printMessage(JSON.stringify(e.payload), 'data');\n });\n\n setTimeout(() => {\n tailLogs(source, levels, txid, logsObject.result.pagedResultsCookie, nf);\n }, 5000);\n return null;\n } catch (e) {\n printMessage(`tail ERROR: tail data error - ${e}`, 'error');\n return `tail ERROR: tail data error - ${e}`;\n }\n}\n\nexport async function provisionCreds() {\n try {\n let keyName = `frodo-${state.getUsername()}`;\n return getAPIKeys()\n .then((response) => {\n response.data.result.forEach((k) => {\n if (k.name === keyName) {\n // append current timestamp to name if the named key already exists\n keyName = `${keyName}-${getCurrentTimestamp()}`;\n }\n });\n return createAPIKeyAndSecret(keyName)\n .then((resp) => {\n if (resp.data.name !== keyName) {\n printMessage(\n `create keys ERROR: could not create log API key ${keyName}`,\n 'error'\n );\n return null;\n }\n printMessage(\n `Created a new log API key [${keyName}] in ${state.getHost()}`\n );\n return resp.data;\n })\n .catch((error) => {\n printMessage(\n `create keys ERROR: create keys call returned ${error}`,\n 'error'\n );\n return null;\n });\n })\n .catch((error) => {\n printMessage(\n `get keys ERROR: get keys call returned ${error}`,\n 'error'\n );\n });\n } catch (e) {\n printMessage(`create keys ERROR: create keys data error - ${e}`, 'error');\n return null;\n }\n}\n\nexport async function fetchLogs(\n source,\n startTs,\n endTs,\n levels,\n txid,\n ffString,\n cookie,\n nf\n) {\n try {\n // console.log(`startTs: ${startTs} endTs : ${endTs}`);\n const response = await LogApi.fetch(source, startTs, endTs, cookie);\n if (response.status < 200 || response.status > 399) {\n printMessage(\n `fetch ERROR: fetch call returned ${response.status}`,\n 'error'\n );\n return null;\n }\n const logsObject = response.data;\n let filteredLogs = [];\n const noiseFilter = nf == null ? noise : nf;\n if (Array.isArray(logsObject.result)) {\n filteredLogs = logsObject.result.filter(\n (el) =>\n !noiseFilter.includes(el.payload.logger) &&\n !noiseFilter.includes(el.type) &&\n (levels[0] === 'ALL' || levels.includes(resolvePayloadLevel(el))) &&\n (typeof txid === 'undefined' ||\n txid === null ||\n el.payload.transactionId?.includes(txid))\n );\n }\n\n filteredLogs.forEach((e) => {\n const log = JSON.stringify(e, null, 2);\n if (ffString) {\n if (log.includes(ffString)) {\n printMessage(log, 'data');\n }\n } else {\n printMessage(log, 'data');\n }\n });\n if (logsObject.pagedResultsCookie != null) {\n await fetchLogs(\n source,\n startTs,\n endTs,\n levels,\n txid,\n ffString,\n logsObject.pagedResultsCookie,\n nf\n );\n }\n return null;\n } catch (e) {\n printMessage(`fetch ERROR: fetch data error - ${e}`, 'error');\n return `fetch ERROR: fetch data error - ${e}`;\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/ops/cloud/LogOps.ts"],"names":[],"mappings":"AA4OA,wBAAgB,kBAAkB,aAEjC;AAED,wBAAgB,YAAY,CAAC,KAAK,KAAA,OAOjC;AAID,wBAAgB,mBAAmB,CAAC,GAAG,KAAA,OAStC;AAED,wBAAsB,aAAa,mBAgBlC;AAED,wBAAsB,QAAQ,CAAC,MAAM,KAAA,EAAE,MAAM,KAAA,EAAE,IAAI,KAAA,EAAE,MAAM,KAAA,EAAE,EAAE,KAAA,mBAwC9D;AAED,wBAAsB,cAAc,iBAsCnC;AAED,wBAAsB,SAAS,CAC7B,MAAM,KAAA,EACN,OAAO,KAAA,EACP,KAAK,KAAA,EACL,MAAM,KAAA,EACN,IAAI,KAAA,EACJ,QAAQ,KAAA,EACR,MAAM,KAAA,EACN,EAAE,KAAA,mBAsDH","file":"LogOps.d.ts","sourcesContent":["import { printMessage, verboseMessage } from '../utils/Console';\nimport { getCurrentTimestamp } from '../utils/ExportImportUtils';\nimport {\n createAPIKeyAndSecret,\n getAPIKeys,\n getSources,\n} from '../../api/cloud/LogApi';\n\nimport * as state from '../../shared/State';\n\nimport * as LogApi from '../../api/cloud/LogApi';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst unfilterableNoise = [\n 'text/plain', // Unfortunately, it is impossible to filter out those without excluding IDM script logging as well\n];\n\nconst miscNoise = [\n 'com.iplanet.dpro.session.operations.ServerSessionOperationStrategy',\n 'com.iplanet.dpro.session.SessionIDFactory',\n 'com.iplanet.dpro.session.share.SessionEncodeURL',\n 'com.iplanet.services.naming.WebtopNaming',\n 'com.iplanet.sso.providers.dpro.SSOProviderImpl',\n 'com.sun.identity.authentication.AuthContext',\n 'com.sun.identity.authentication.client.AuthClientUtils',\n 'com.sun.identity.authentication.config.AMAuthConfigType',\n 'com.sun.identity.authentication.config.AMAuthenticationManager',\n 'com.sun.identity.authentication.config.AMAuthLevelManager',\n 'com.sun.identity.authentication.config.AMConfiguration',\n 'com.sun.identity.authentication.jaas.LoginContext',\n 'com.sun.identity.authentication.modules.application.Application',\n 'com.sun.identity.authentication.server.AuthContextLocal',\n 'com.sun.identity.authentication.service.AMLoginContext',\n 'com.sun.identity.authentication.service.AuthContextLookup',\n 'com.sun.identity.authentication.service.AuthD',\n 'com.sun.identity.authentication.service.AuthUtils',\n 'com.sun.identity.authentication.service.DSAMECallbackHandler',\n 'com.sun.identity.authentication.service.LoginState',\n 'com.sun.identity.authentication.spi.AMLoginModule',\n 'com.sun.identity.delegation.DelegationEvaluatorImpl',\n 'com.sun.identity.idm.plugins.internal.AgentsRepo',\n 'com.sun.identity.idm.server.IdCachedServicesImpl',\n 'com.sun.identity.idm.server.IdRepoPluginsCache',\n 'com.sun.identity.idm.server.IdServicesImpl',\n 'com.sun.identity.log.spi.ISDebug',\n 'com.sun.identity.shared.encode.CookieUtils',\n 'com.sun.identity.sm.ldap.SMSLdapObject',\n 'com.sun.identity.sm.CachedSMSEntry',\n 'com.sun.identity.sm.CachedSubEntries',\n 'com.sun.identity.sm.DNMapper',\n 'com.sun.identity.sm.ServiceConfigImpl',\n 'com.sun.identity.sm.ServiceConfigManagerImpl',\n 'com.sun.identity.sm.SMSEntry',\n 'com.sun.identity.sm.SMSUtils',\n 'com.sun.identity.sm.SmsWrapperObject',\n 'oauth2',\n 'org.apache.http.client.protocol.RequestAuthCache',\n 'org.apache.http.impl.conn.PoolingHttpClientConnectionManager',\n 'org.apache.http.impl.nio.client.InternalHttpAsyncClient',\n 'org.apache.http.impl.nio.client.InternalIODispatch',\n 'org.apache.http.impl.nio.client.MainClientExec',\n 'org.apache.http.impl.nio.conn.ManagedNHttpClientConnectionImpl',\n 'org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager',\n 'org.forgerock.audit.AuditServiceImpl',\n 'org.forgerock.oauth2.core.RealmOAuth2ProviderSettings',\n 'org.forgerock.openam.authentication.service.JAASModuleDetector',\n 'org.forgerock.openam.authentication.service.LoginContextFactory',\n 'org.forgerock.openam.blacklist.BloomFilterBlacklist',\n 'org.forgerock.openam.blacklist.CTSBlacklist',\n 'org.forgerock.openam.core.realms.impl.CachingRealmLookup',\n 'org.forgerock.openam.core.rest.authn.RestAuthCallbackHandlerManager',\n 'org.forgerock.openam.core.rest.authn.trees.AuthTrees',\n 'org.forgerock.openam.cors.CorsFilter',\n 'org.forgerock.openam.cts.CTSPersistentStoreImpl',\n 'org.forgerock.openam.cts.impl.CoreTokenAdapter',\n 'org.forgerock.openam.cts.impl.queue.AsyncResultHandler',\n 'org.forgerock.openam.cts.reaper.ReaperDeleteOnQueryResultHandler',\n 'org.forgerock.openam.headers.DisableSameSiteCookiesFilter',\n 'org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo',\n 'org.forgerock.openam.rest.CsrfFilter',\n 'org.forgerock.openam.rest.restAuthenticationFilter',\n 'org.forgerock.openam.rest.fluent.CrestLoggingFilter',\n 'org.forgerock.openam.session.cts.CtsOperations',\n 'org.forgerock.openam.session.stateless.StatelessSessionManager',\n 'org.forgerock.openam.sm.datalayer.impl.ldap.ExternalLdapConfig',\n 'org.forgerock.openam.sm.datalayer.impl.ldap.LdapQueryBuilder',\n 'org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutor',\n 'org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutorThread',\n 'org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider',\n 'org.forgerock.openam.sm.file.ConfigFileSystemHandler',\n 'org.forgerock.openam.social.idp.SocialIdentityProviders',\n 'org.forgerock.openam.utils.ClientUtils',\n 'org.forgerock.opendj.ldap.CachedConnectionPool',\n 'org.forgerock.opendj.ldap.LoadBalancer',\n 'org.forgerock.secrets.keystore.KeyStoreSecretStore',\n 'org.forgerock.secrets.propertyresolver.PropertyResolverSecretStore',\n 'org.forgerock.secrets.SecretsProvider',\n];\n\nconst journeysNoise = [\n 'org.forgerock.openam.auth.trees.engine.AuthTreeExecutor',\n];\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst journeys = [\n 'org.forgerock.openam.auth.nodes.SelectIdPNode',\n 'org.forgerock.openam.auth.nodes.ValidatedPasswordNode',\n 'org.forgerock.openam.auth.nodes.ValidatedUsernameNode',\n 'org.forgerock.openam.auth.trees.engine.AuthTreeExecutor',\n];\n\nconst samlNoise = [\n 'com.sun.identity.cot.COTCache',\n 'com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl',\n 'com.sun.identity.saml2.meta.SAML2MetaCache',\n 'com.sun.identity.saml2.profile.CacheCleanUpRunnable',\n 'org.apache.xml.security.keys.KeyInfo',\n 'org.apache.xml.security.signature.XMLSignature',\n 'org.apache.xml.security.utils.SignerOutputStream',\n 'org.apache.xml.security.utils.resolver.ResourceResolver',\n 'org.apache.xml.security.utils.resolver.implementations.ResolverFragment',\n 'org.apache.xml.security.algorithms.JCEMapper',\n 'org.apache.xml.security.algorithms.implementations.SignatureBaseRSA',\n 'org.apache.xml.security.algorithms.SignatureAlgorithm',\n 'org.apache.xml.security.utils.ElementProxy',\n 'org.apache.xml.security.transforms.Transforms',\n 'org.apache.xml.security.utils.DigesterOutputStream',\n 'org.apache.xml.security.signature.Reference',\n 'org.apache.xml.security.signature.Manifest',\n];\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nconst saml = [\n 'jsp.saml2.spAssertionConsumer',\n 'com.sun.identity.saml.common.SAMLUtils',\n 'com.sun.identity.saml2.common.SAML2Utils',\n 'com.sun.identity.saml2.meta.SAML2MetaManager',\n 'com.sun.identity.saml2.xmlsig.FMSigProvider',\n];\n\nconst noise = miscNoise.concat(samlNoise).concat(journeysNoise);\n\nconst numLogLevelMap = {\n 0: ['SEVERE', 'ERROR', 'FATAL'],\n 1: ['WARNING', 'WARN', 'CONFIG'],\n 2: ['INFO', 'INFORMATION'],\n 3: ['DEBUG', 'FINE', 'FINER', 'FINEST'],\n 4: ['ALL'],\n};\n\nconst logLevelMap = {\n SEVERE: ['SEVERE', 'ERROR', 'FATAL'],\n ERROR: ['SEVERE', 'ERROR', 'FATAL'],\n FATAL: ['SEVERE', 'ERROR', 'FATAL'],\n WARN: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n WARNING: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n CONFIG: ['SEVERE', 'ERROR', 'FATAL', 'WARNING', 'WARN', 'CONFIG'],\n INFO: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n ],\n INFORMATION: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n ],\n DEBUG: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINE: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINER: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n FINEST: [\n 'SEVERE',\n 'ERROR',\n 'FATAL',\n 'WARNING',\n 'WARN',\n 'CONFIG',\n 'INFO',\n 'INFORMATION',\n 'DEBUG',\n 'FINE',\n 'FINER',\n 'FINEST',\n ],\n ALL: ['ALL'],\n};\n\nexport function defaultNoiseFilter() {\n return noise;\n}\n\nexport function resolveLevel(level) {\n // const levels = ['FATAL', 'ERROR', 'WARN', 'INFO', 'DEBUG', 'TRACE', 'ALL'];\n // levels.splice(levels.indexOf(levelName) + 1, levels.length);\n if (Number.isNaN(parseInt(level, 10))) {\n return logLevelMap[level];\n }\n return logLevelMap[numLogLevelMap[level][0]];\n}\n\n// It seems that the undesirable 'text/plain' logs start with a date, not a LEVEL\n// Therefore, for those, this function returns null, and thus filters out the undesirable\nexport function resolvePayloadLevel(log) {\n try {\n return log.type !== 'text/plain'\n ? log.payload.level\n : log.payload.match(/^([^:]*):/)[1];\n } catch (e) {\n // Fail-safe for no group match\n return null;\n }\n}\n\nexport async function getLogSources() {\n const sources = [];\n await getSources()\n .then((response) => {\n response.data.result.forEach((item) => {\n sources.push(item);\n });\n })\n .catch((error) => {\n printMessage(\n `getSources ERROR: get log sources call returned ${error}}`,\n 'error'\n );\n return [];\n });\n return sources;\n}\n\nexport async function tailLogs(source, levels, txid, cookie, nf) {\n try {\n const response = await LogApi.tail(source, cookie);\n if (response.status < 200 || response.status > 399) {\n printMessage(\n `tail ERROR: tail call returned ${response.status}`,\n 'error'\n );\n return null;\n }\n // if (!cookie) {\n // await saveConnection();\n // }\n const logsObject = response.data;\n let filteredLogs = [];\n const noiseFilter = nf == null ? noise : nf;\n if (Array.isArray(logsObject.result)) {\n filteredLogs = logsObject.result.filter(\n (el) =>\n !noiseFilter.includes(el.payload.logger) &&\n !noiseFilter.includes(el.type) &&\n (levels[0] === 'ALL' || levels.includes(resolvePayloadLevel(el))) &&\n (typeof txid === 'undefined' ||\n txid === null ||\n el.payload.transactionId?.includes(txid))\n );\n }\n\n filteredLogs.forEach((e) => {\n printMessage(JSON.stringify(e.payload), 'data');\n });\n\n setTimeout(() => {\n tailLogs(source, levels, txid, logsObject.result.pagedResultsCookie, nf);\n }, 5000);\n return null;\n } catch (e) {\n printMessage(`tail ERROR: tail data error - ${e}`, 'error');\n return `tail ERROR: tail data error - ${e}`;\n }\n}\n\nexport async function provisionCreds() {\n try {\n let keyName = `frodo-${state.getUsername()}`;\n try {\n const response = await getAPIKeys();\n for (const k of response.result) {\n if (k.name === keyName) {\n // append current timestamp to name if the named key already exists\n keyName = `${keyName}-${getCurrentTimestamp()}`;\n }\n }\n try {\n const resp = await createAPIKeyAndSecret(keyName);\n if (resp.data.name !== keyName) {\n printMessage(\n `create keys ERROR: could not create log API key ${keyName}`,\n 'error'\n );\n return null;\n }\n verboseMessage(\n `Created a new log API key [${keyName}] in ${state.getHost()}`\n );\n return resp.data;\n } catch (error) {\n printMessage(\n `create keys ERROR: create keys call returned ${error}`,\n 'error'\n );\n return null;\n }\n } catch (error) {\n printMessage(`get keys ERROR: get keys call returned ${error}`, 'error');\n }\n } catch (e) {\n printMessage(`create keys ERROR: create keys data error - ${e}`, 'error');\n return null;\n }\n}\n\nexport async function fetchLogs(\n source,\n startTs,\n endTs,\n levels,\n txid,\n ffString,\n cookie,\n nf\n) {\n try {\n // console.log(`startTs: ${startTs} endTs : ${endTs}`);\n const response = await LogApi.fetch(source, startTs, endTs, cookie);\n if (response.status < 200 || response.status > 399) {\n printMessage(\n `fetch ERROR: fetch call returned ${response.status}`,\n 'error'\n );\n return null;\n }\n const logsObject = response.data;\n let filteredLogs = [];\n const noiseFilter = nf == null ? noise : nf;\n if (Array.isArray(logsObject.result)) {\n filteredLogs = logsObject.result.filter(\n (el) =>\n !noiseFilter.includes(el.payload.logger) &&\n !noiseFilter.includes(el.type) &&\n (levels[0] === 'ALL' || levels.includes(resolvePayloadLevel(el))) &&\n (typeof txid === 'undefined' ||\n txid === null ||\n el.payload.transactionId?.includes(txid))\n );\n }\n\n filteredLogs.forEach((e) => {\n const log = JSON.stringify(e, null, 2);\n if (ffString) {\n if (log.includes(ffString)) {\n printMessage(log, 'data');\n }\n } else {\n printMessage(log, 'data');\n }\n });\n if (logsObject.pagedResultsCookie != null) {\n await fetchLogs(\n source,\n startTs,\n endTs,\n levels,\n txid,\n ffString,\n logsObject.pagedResultsCookie,\n nf\n );\n }\n return null;\n } catch (e) {\n printMessage(`fetch ERROR: fetch data error - ${e}`, 'error');\n return `fetch ERROR: fetch data error - ${e}`;\n }\n}\n"]}