@rudderjs/passport 0.0.5 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/Passport.d.ts +48 -0
- package/dist/Passport.d.ts.map +1 -1
- package/dist/Passport.js +71 -1
- package/dist/Passport.js.map +1 -1
- package/dist/commands/client.d.ts +1 -1
- package/dist/commands/client.d.ts.map +1 -1
- package/dist/commands/client.js +3 -2
- package/dist/commands/client.js.map +1 -1
- package/dist/commands/purge.d.ts.map +1 -1
- package/dist/commands/purge.js +13 -12
- package/dist/commands/purge.js.map +1 -1
- package/dist/grants/authorization-code.d.ts +1 -1
- package/dist/grants/authorization-code.d.ts.map +1 -1
- package/dist/grants/authorization-code.js +10 -7
- package/dist/grants/authorization-code.js.map +1 -1
- package/dist/grants/client-credentials.d.ts.map +1 -1
- package/dist/grants/client-credentials.js +3 -2
- package/dist/grants/client-credentials.js.map +1 -1
- package/dist/grants/device-code.d.ts.map +1 -1
- package/dist/grants/device-code.js +12 -9
- package/dist/grants/device-code.js.map +1 -1
- package/dist/grants/issue-tokens.d.ts.map +1 -1
- package/dist/grants/issue-tokens.js +4 -4
- package/dist/grants/issue-tokens.js.map +1 -1
- package/dist/grants/refresh-token.d.ts.map +1 -1
- package/dist/grants/refresh-token.js +9 -8
- package/dist/grants/refresh-token.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/middleware/bearer.d.ts.map +1 -1
- package/dist/middleware/bearer.js +5 -3
- package/dist/middleware/bearer.js.map +1 -1
- package/dist/personal-access-tokens.d.ts +8 -20
- package/dist/personal-access-tokens.d.ts.map +1 -1
- package/dist/personal-access-tokens.js +12 -23
- package/dist/personal-access-tokens.js.map +1 -1
- package/dist/routes.d.ts +13 -2
- package/dist/routes.d.ts.map +1 -1
- package/dist/routes.js +221 -186
- package/dist/routes.js.map +1 -1
- package/package.json +2 -2
|
@@ -1,6 +1,4 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { AccessToken } from '../models/AccessToken.js';
|
|
3
|
-
import { RefreshToken } from '../models/RefreshToken.js';
|
|
1
|
+
import { Passport } from '../Passport.js';
|
|
4
2
|
import { accessTokenHelpers, refreshTokenHelpers } from '../models/helpers.js';
|
|
5
3
|
import { issueTokens } from './issue-tokens.js';
|
|
6
4
|
import { OAuthError } from './authorization-code.js';
|
|
@@ -12,8 +10,11 @@ export async function refreshTokenGrant(params) {
|
|
|
12
10
|
if (params.grantType !== 'refresh_token') {
|
|
13
11
|
throw new OAuthError('unsupported_grant_type', 'Expected grant_type=refresh_token.');
|
|
14
12
|
}
|
|
13
|
+
const ClientCls = await Passport.clientModel();
|
|
14
|
+
const RefreshTokenCls = await Passport.refreshTokenModel();
|
|
15
|
+
const AccessTokenCls = await Passport.tokenModel();
|
|
15
16
|
// Validate client
|
|
16
|
-
const client = await
|
|
17
|
+
const client = await ClientCls.where('id', params.clientId).first();
|
|
17
18
|
if (!client || client.revoked) {
|
|
18
19
|
throw new OAuthError('invalid_client', 'Client not found.', 401);
|
|
19
20
|
}
|
|
@@ -29,7 +30,7 @@ export async function refreshTokenGrant(params) {
|
|
|
29
30
|
}
|
|
30
31
|
}
|
|
31
32
|
// Find refresh token
|
|
32
|
-
const refreshToken = await
|
|
33
|
+
const refreshToken = await RefreshTokenCls.where('id', params.refreshToken).first();
|
|
33
34
|
if (!refreshToken) {
|
|
34
35
|
throw new OAuthError('invalid_grant', 'Refresh token not found.');
|
|
35
36
|
}
|
|
@@ -40,7 +41,7 @@ export async function refreshTokenGrant(params) {
|
|
|
40
41
|
throw new OAuthError('invalid_grant', 'Refresh token has expired.');
|
|
41
42
|
}
|
|
42
43
|
// Find the access token this refresh token belongs to
|
|
43
|
-
const accessToken = await
|
|
44
|
+
const accessToken = await AccessTokenCls.where('id', refreshToken.accessTokenId).first();
|
|
44
45
|
if (!accessToken) {
|
|
45
46
|
throw new OAuthError('invalid_grant', 'Associated access token not found.');
|
|
46
47
|
}
|
|
@@ -59,8 +60,8 @@ export async function refreshTokenGrant(params) {
|
|
|
59
60
|
scopes = requested;
|
|
60
61
|
}
|
|
61
62
|
// Revoke old tokens
|
|
62
|
-
await
|
|
63
|
-
await
|
|
63
|
+
await RefreshTokenCls.update(refreshToken.id, { revoked: true });
|
|
64
|
+
await AccessTokenCls.update(accessToken.id, { revoked: true });
|
|
64
65
|
// Issue new pair
|
|
65
66
|
return issueTokens({
|
|
66
67
|
userId: accessToken.userId,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"refresh-token.js","sourceRoot":"","sources":["../../src/grants/refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"refresh-token.js","sourceRoot":"","sources":["../../src/grants/refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AAIzC,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC9E,OAAO,EAAE,WAAW,EAAqB,MAAM,mBAAmB,CAAA;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AAUpD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAA2B;IACjE,IAAI,MAAM,CAAC,SAAS,KAAK,eAAe,EAAE,CAAC;QACzC,MAAM,IAAI,UAAU,CAAC,wBAAwB,EAAE,oCAAoC,CAAC,CAAA;IACtF,CAAC;IAED,MAAM,SAAS,GAAS,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;IACpD,MAAM,eAAe,GAAG,MAAM,QAAQ,CAAC,iBAAiB,EAAE,CAAA;IAC1D,MAAM,cAAc,GAAI,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;IAEnD,kBAAkB;IAClB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAwB,CAAA;IACzF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAA;IAClE,CAAC;IAED,mDAAmD;IACnD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,yBAAyB,EAAE,GAAG,CAAC,CAAA;QACxE,CAAC;QACD,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC7E,IAAI,MAAM,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;YAC7B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,wBAAwB,EAAE,GAAG,CAAC,CAAA;QACvE,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,EAAyB,CAAA;IAC1G,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAA;IACnE,CAAC;IACD,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,iCAAiC,CAAC,CAAA;IAC1E,CAAC;IACD,IAAI,mBAAmB,CAAC,SAAS,CAAC,YAAmB,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,4BAA4B,CAAC,CAAA;IACrE,CAAC;IAED,sDAAsD;IACtD,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,YAAY,CAAC,aAAa,CAAC,CAAC,KAAK,EAAwB,CAAA;IAC9G,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,oCAAoC,CAAC,CAAA;IAC7E,CAAC;IACD,IAAI,WAAW,CAAC,QAAQ,KAAK,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC7C,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,8CAA8C,CAAC,CAAA;IACvF,CAAC;IAED,gDAAgD;IAChD,MAAM,cAAc,GAAG,kBAAkB,CAAC,SAAS,CAAC,WAAkB,CAAC,CAAA;IACvE,IAAI,MAAM,GAAG,cAAc,CAAA;IAC3B,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QACzD,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAA;QACnG,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,UAAU,CAAC,eAAe,EAAE,gDAAgD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC7G,CAAC;QACD,MAAM,GAAG,SAAS,CAAA;IACpB,CAAC;IAED,oBAAoB;IACpB,MAAM,eAAe,CAAC,MAAM,CAAE,YAAoB,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAS,CAAC,CAAA;IAChF,MAAM,cAAc,CAAC,MAAM,CAAE,WAAmB,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAS,CAAC,CAAA;IAE9E,iBAAiB;IACjB,OAAO,WAAW,CAAC;QACjB,MAAM,EAAU,WAAW,CAAC,MAAM;QAClC,QAAQ,EAAQ,MAAM,CAAC,QAAQ;QAC/B,MAAM;QACN,cAAc,EAAE,IAAI;KACrB,CAAC,CAAA;AACJ,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { ServiceProvider } from '@rudderjs/core';
|
|
2
2
|
export { Passport } from './Passport.js';
|
|
3
|
-
export type { PassportScope } from './Passport.js';
|
|
3
|
+
export type { PassportScope, AuthorizationViewContext, AuthorizationViewFn } from './Passport.js';
|
|
4
4
|
export { createToken, verifyToken, decodeToken } from './token.js';
|
|
5
5
|
export type { JwtHeader, JwtPayload } from './token.js';
|
|
6
6
|
export { OAuthClient } from './models/OAuthClient.js';
|
|
@@ -19,7 +19,7 @@ export type { IssuedTokens, AuthorizationRequest, ValidatedAuthRequest, TokenExc
|
|
|
19
19
|
export { HasApiTokens, resetPersonalAccessClient } from './personal-access-tokens.js';
|
|
20
20
|
export type { NewPersonalAccessToken } from './personal-access-tokens.js';
|
|
21
21
|
export { registerPassportRoutes } from './routes.js';
|
|
22
|
-
export type { PassportRouteOptions } from './routes.js';
|
|
22
|
+
export type { PassportRouteOptions, PassportRouteGroup } from './routes.js';
|
|
23
23
|
export interface PassportConfig {
|
|
24
24
|
/** Directory where RSA keys are stored (default: 'storage') */
|
|
25
25
|
keyPath?: string;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAU,MAAM,gBAAgB,CAAA;AAIxD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAU,MAAM,gBAAgB,CAAA;AAIxD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,YAAY,EAAE,aAAa,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAA;AAEjG,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAClE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAEvD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAA;AAEnD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACxE,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAA;AAE7C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AACnD,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAGjD,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,GACf,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EACV,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,EACpB,wBAAwB,EACxB,mBAAmB,EACnB,2BAA2B,EAC3B,gBAAgB,GACjB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAA;AACrF,YAAY,EAAE,sBAAsB,EAAE,MAAM,6BAA6B,CAAA;AAGzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAA;AACpD,YAAY,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAI3E,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,yCAAyC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,qDAAqD;IACrD,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,sDAAsD;IACtD,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,gEAAgE;IAChE,4BAA4B,CAAC,EAAE,MAAM,CAAA;IACrC,+CAA+C;IAC/C,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAChC;AAID,qBAAa,gBAAiB,SAAQ,eAAe;IACnD,QAAQ,IAAI,IAAI;IAEV,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAsG5B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearer.d.ts","sourceRoot":"","sources":["../../src/middleware/bearer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;
|
|
1
|
+
{"version":3,"file":"bearer.d.ts","sourceRoot":"","sources":["../../src/middleware/bearer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAK5D;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,iBAAiB,CAmDpD;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,iBAAiB,CAiDjD"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { verifyToken } from '../token.js';
|
|
2
|
-
import {
|
|
2
|
+
import { Passport } from '../Passport.js';
|
|
3
3
|
/**
|
|
4
4
|
* Middleware that authenticates via Bearer token (JWT).
|
|
5
5
|
* Validates the JWT signature, checks expiration, checks revocation in DB.
|
|
@@ -16,7 +16,8 @@ export function BearerMiddleware() {
|
|
|
16
16
|
try {
|
|
17
17
|
const payload = await verifyToken(jwt);
|
|
18
18
|
// Check revocation in DB
|
|
19
|
-
const
|
|
19
|
+
const AccessTokenCls = await Passport.tokenModel();
|
|
20
|
+
const token = await AccessTokenCls.query()
|
|
20
21
|
.where('id', payload.jti)
|
|
21
22
|
.first();
|
|
22
23
|
if (!token || token.revoked) {
|
|
@@ -70,7 +71,8 @@ export function RequireBearer() {
|
|
|
70
71
|
try {
|
|
71
72
|
const payload = await verifyToken(jwt);
|
|
72
73
|
// Check revocation
|
|
73
|
-
const
|
|
74
|
+
const AccessTokenCls = await Passport.tokenModel();
|
|
75
|
+
const token = await AccessTokenCls.query()
|
|
74
76
|
.where('id', payload.jti)
|
|
75
77
|
.first();
|
|
76
78
|
if (!token || token.revoked) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bearer.js","sourceRoot":"","sources":["../../src/middleware/bearer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"bearer.js","sourceRoot":"","sources":["../../src/middleware/bearer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AAGzC;;;;GAIG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,KAAK,UAAU,gBAAgB,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI;QACpD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAuB,CAAA;QACrE,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,EAAE,CAAA;YACZ,OAAM;QACR,CAAC;QAED,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACtC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAA;YAEtC,yBAAyB;YACzB,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;YAClD,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE;iBACvC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;iBACxB,KAAK,EAAwB,CAAA;YAEhC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBAC5B,MAAM,IAAI,EAAE,CAAA;gBACZ,OAAM;YACR,CAAC;YAED,uCAAuC;YACvC,MAAM,GAAG,GAAG,GAAG,CAAC,GAA8B,CAAA;YAC9C,GAAG,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAA;YAC/B,GAAG,CAAC,mBAAmB,CAAC,GAAG,OAAO,CAAC,MAAM,CAAA;YACzC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,GAAG,CAAA;YAEvC,mCAAmC;YACnC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,IAAI,CAAC;oBACH,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAA;oBAC9C,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,CAA4E,cAAc,CAAC,CAAA;oBACrH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBACrE,IAAI,IAAI,EAAE,CAAC;wBACT,MAAM,KAAK,GAA4B,EAAE,CAAA;wBACzC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAA+B,CAAC,EAAE,CAAC;4BACrE,IAAI,OAAO,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,UAAU;gCAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;wBAC/D,CAAC;wBACD,GAAG,CAAC,YAAY,CAAC,GAAG,KAAK,CAAA;wBACzB,IAAI,CAAC;4BAAE,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;wBAAC,CAAC;wBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;oBAC/F,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAC,wBAAwB,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;QAED,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,KAAK,UAAU,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QAChD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAuB,CAAA;QACrE,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAA;YACrF,OAAM;QACR,CAAC;QAED,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QACtC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAA;YAEtC,mBAAmB;YACnB,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;YAClD,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE;iBACvC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;iBACxB,KAAK,EAAwB,CAAA;YAEhC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBAC5B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAA;gBACtF,OAAM;YACR,CAAC;YAED,MAAM,GAAG,GAAG,GAAG,CAAC,GAA8B,CAAA;YAC9C,GAAG,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAA;YAC/B,GAAG,CAAC,mBAAmB,CAAC,GAAG,OAAO,CAAC,MAAM,CAAA;YACzC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,GAAG,CAAA;YAEvC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,IAAI,CAAC;oBACH,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAA;oBAC9C,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,CAA4E,cAAc,CAAC,CAAA;oBACrH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBACrE,IAAI,IAAI,EAAE,CAAC;wBACT,MAAM,KAAK,GAA4B,EAAE,CAAA;wBACzC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAA+B,CAAC,EAAE,CAAC;4BACrE,IAAI,OAAO,CAAC,KAAK,UAAU,IAAI,CAAC,KAAK,UAAU;gCAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;wBAC/D,CAAC;wBACD,GAAG,CAAC,YAAY,CAAC,GAAG,KAAK,CAAA;wBACzB,IAAI,CAAC;4BAAE,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;wBAAC,CAAC;wBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;oBAC/F,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAC,wBAAwB,CAAC,CAAC;YACtC,CAAC;YAED,MAAM,IAAI,EAAE,CAAA;QACd,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC,CAAA;QAC1F,CAAC;IACH,CAAC,CAAA;AACH,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AccessToken } from './models/AccessToken.js';
|
|
1
|
+
import type { AccessToken } from './models/AccessToken.js';
|
|
2
2
|
export interface NewPersonalAccessToken {
|
|
3
3
|
/** The persisted token record. */
|
|
4
4
|
token: AccessToken;
|
|
@@ -18,25 +18,13 @@ export interface NewPersonalAccessToken {
|
|
|
18
18
|
*
|
|
19
19
|
* const { plainTextToken } = await user.createToken('my-app', ['read', 'write'])
|
|
20
20
|
*/
|
|
21
|
-
export
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
createToken(name: string, scopes?: string[], expiresInMs?: number): Promise<NewPersonalAccessToken>;
|
|
29
|
-
/** Get all personal access tokens for this user. */
|
|
30
|
-
tokens(): Promise<AccessToken[]>;
|
|
31
|
-
/** Revoke all personal access tokens for this user. */
|
|
32
|
-
revokeAllTokens(): Promise<number>;
|
|
33
|
-
/**
|
|
34
|
-
* Check if this user's current token has a specific scope.
|
|
35
|
-
* Only works inside a request that went through BearerMiddleware.
|
|
36
|
-
*/
|
|
37
|
-
tokenCan(scope: string): boolean;
|
|
38
|
-
};
|
|
39
|
-
} & T;
|
|
21
|
+
export interface HasApiTokensInstance {
|
|
22
|
+
createToken(name: string, scopes?: string[], expiresInMs?: number): Promise<NewPersonalAccessToken>;
|
|
23
|
+
tokens(): Promise<AccessToken[]>;
|
|
24
|
+
revokeAllTokens(): Promise<number>;
|
|
25
|
+
tokenCan(scope: string): boolean;
|
|
26
|
+
}
|
|
27
|
+
export declare function HasApiTokens<T extends abstract new (...args: any[]) => any>(Base: T): T & (new (...args: any[]) => HasApiTokensInstance);
|
|
40
28
|
/** @internal — reset cached client ID (for testing). */
|
|
41
29
|
export declare function resetPersonalAccessClient(): void;
|
|
42
30
|
//# sourceMappingURL=personal-access-tokens.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"personal-access-tokens.d.ts","sourceRoot":"","sources":["../src/personal-access-tokens.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;
|
|
1
|
+
{"version":3,"file":"personal-access-tokens.d.ts","sourceRoot":"","sources":["../src/personal-access-tokens.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAO1D,MAAM,WAAW,sBAAsB;IACrC,kCAAkC;IAClC,KAAK,EAAE,WAAW,CAAA;IAClB,qDAAqD;IACrD,cAAc,EAAE,MAAM,CAAA;CACvB;AAID;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,oBAAoB;IACnC,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAAA;IACnG,MAAM,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,CAAA;IAChC,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;IAClC,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAA;CACjC;AAED,wBAAgB,YAAY,CAAC,CAAC,SAAS,QAAQ,MAAM,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,EACzE,IAAI,EAAE,CAAC,GACN,CAAC,GAAG,CAAC,KAAK,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,oBAAoB,CAAC,CAkEpD;AAoCD,wDAAwD;AACxD,wBAAgB,yBAAyB,IAAI,IAAI,CAEhD"}
|
|
@@ -1,23 +1,8 @@
|
|
|
1
1
|
import { Passport } from './Passport.js';
|
|
2
|
-
import { AccessToken } from './models/AccessToken.js';
|
|
3
2
|
import { accessTokenHelpers } from './models/helpers.js';
|
|
4
3
|
import { createToken } from './token.js';
|
|
5
|
-
// ─── HasApiTokens Mixin ──────────────────────────────────
|
|
6
|
-
/**
|
|
7
|
-
* Mixin that adds personal access token methods to a user model.
|
|
8
|
-
*
|
|
9
|
-
* @example
|
|
10
|
-
* import { Model } from '@rudderjs/orm'
|
|
11
|
-
* import { HasApiTokens } from '@rudderjs/passport'
|
|
12
|
-
*
|
|
13
|
-
* class User extends HasApiTokens(Model) {
|
|
14
|
-
* // ...
|
|
15
|
-
* }
|
|
16
|
-
*
|
|
17
|
-
* const { plainTextToken } = await user.createToken('my-app', ['read', 'write'])
|
|
18
|
-
*/
|
|
19
4
|
export function HasApiTokens(Base) {
|
|
20
|
-
|
|
5
|
+
class _HasApiTokens extends Base {
|
|
21
6
|
/**
|
|
22
7
|
* Create a personal access token for this user.
|
|
23
8
|
* Returns the JWT (shown once) and the persisted record.
|
|
@@ -28,7 +13,8 @@ export function HasApiTokens(Base) {
|
|
|
28
13
|
const expiresAt = new Date(Date.now() + lifetime);
|
|
29
14
|
// Find or use a dedicated "personal access" client
|
|
30
15
|
const clientId = await getPersonalAccessClientId();
|
|
31
|
-
const
|
|
16
|
+
const AccessTokenCls = await Passport.tokenModel();
|
|
17
|
+
const tokenRecord = await AccessTokenCls.create({
|
|
32
18
|
userId,
|
|
33
19
|
clientId,
|
|
34
20
|
name,
|
|
@@ -49,13 +35,15 @@ export function HasApiTokens(Base) {
|
|
|
49
35
|
/** Get all personal access tokens for this user. */
|
|
50
36
|
async tokens() {
|
|
51
37
|
const userId = this.id;
|
|
52
|
-
|
|
38
|
+
const AccessTokenCls = await Passport.tokenModel();
|
|
39
|
+
return AccessTokenCls.where('userId', userId).get();
|
|
53
40
|
}
|
|
54
41
|
/** Revoke all personal access tokens for this user. */
|
|
55
42
|
async revokeAllTokens() {
|
|
43
|
+
const AccessTokenCls = await Passport.tokenModel();
|
|
56
44
|
const tokens = await this.tokens();
|
|
57
45
|
for (const t of tokens) {
|
|
58
|
-
await
|
|
46
|
+
await AccessTokenCls.update(t.id, { revoked: true });
|
|
59
47
|
}
|
|
60
48
|
return tokens.length;
|
|
61
49
|
}
|
|
@@ -69,7 +57,8 @@ export function HasApiTokens(Base) {
|
|
|
69
57
|
return false;
|
|
70
58
|
return accessTokenHelpers.can(token, scope);
|
|
71
59
|
}
|
|
72
|
-
}
|
|
60
|
+
}
|
|
61
|
+
return _HasApiTokens;
|
|
73
62
|
}
|
|
74
63
|
// ─── Personal Access Client ───────────────────────────────
|
|
75
64
|
let _personalClientId = null;
|
|
@@ -80,15 +69,15 @@ let _personalClientId = null;
|
|
|
80
69
|
async function getPersonalAccessClientId() {
|
|
81
70
|
if (_personalClientId)
|
|
82
71
|
return _personalClientId;
|
|
83
|
-
const
|
|
72
|
+
const ClientCls = await Passport.clientModel();
|
|
84
73
|
// Look for existing personal access client
|
|
85
|
-
const existing = await
|
|
74
|
+
const existing = await ClientCls.where('name', '__personal_access__').first();
|
|
86
75
|
if (existing) {
|
|
87
76
|
_personalClientId = existing.id;
|
|
88
77
|
return _personalClientId;
|
|
89
78
|
}
|
|
90
79
|
// Create one
|
|
91
|
-
const client = await
|
|
80
|
+
const client = await ClientCls.create({
|
|
92
81
|
name: '__personal_access__',
|
|
93
82
|
secret: null,
|
|
94
83
|
redirectUris: JSON.stringify([]),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"personal-access-tokens.js","sourceRoot":"","sources":["../src/personal-access-tokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;
|
|
1
|
+
{"version":3,"file":"personal-access-tokens.js","sourceRoot":"","sources":["../src/personal-access-tokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAGxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAA;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAiCxC,MAAM,UAAU,YAAY,CAC1B,IAAO;IAEP,MAAe,aAAc,SAAQ,IAAI;QACvC;;;WAGG;QACH,KAAK,CAAC,WAAW,CAAC,IAAY,EAAE,SAAmB,CAAC,GAAG,CAAC,EAAE,WAAoB;YAC5E,MAAM,MAAM,GAAI,IAAY,CAAC,EAAY,CAAA;YACzC,MAAM,QAAQ,GAAG,WAAW,IAAI,QAAQ,CAAC,qBAAqB,EAAE,CAAA;YAChE,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAA;YAEjD,mDAAmD;YACnD,MAAM,QAAQ,GAAG,MAAM,yBAAyB,EAAE,CAAA;YAElD,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;YAClD,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC;gBAC9C,MAAM;gBACN,QAAQ;gBACR,IAAI;gBACJ,MAAM,EAAK,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;gBACjC,OAAO,EAAI,KAAK;gBAChB,SAAS;aACiB,CAAgB,CAAA;YAE5C,MAAM,OAAO,GAAI,WAAmB,CAAC,EAAY,CAAA;YAEjD,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC;gBAC5B,OAAO;gBACP,MAAM;gBACN,QAAQ;gBACR,MAAM;gBACN,SAAS;aACV,CAAC,CAAA;YAEF,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,EAAE,CAAA;QACpD,CAAC;QAED,oDAAoD;QACpD,KAAK,CAAC,MAAM;YACV,MAAM,MAAM,GAAI,IAAY,CAAC,EAAY,CAAA;YACzC,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;YAClD,OAAO,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,GAAG,EAA4B,CAAA;QAC/E,CAAC;QAED,uDAAuD;QACvD,KAAK,CAAC,eAAe;YACnB,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;YAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;YAClC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;gBACvB,MAAM,cAAc,CAAC,MAAM,CAAE,CAAS,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAS,CAAC,CAAA;YACtE,CAAC;YACD,OAAO,MAAM,CAAC,MAAM,CAAA;QACtB,CAAC;QAED;;;WAGG;QACH,QAAQ,CAAC,KAAa;YACpB,MAAM,KAAK,GAAI,IAAY,CAAC,cAAyC,CAAA;YACrE,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAA;YACxB,OAAO,kBAAkB,CAAC,GAAG,CAAC,KAAY,EAAE,KAAK,CAAC,CAAA;QACpD,CAAC;KACF;IAED,OAAO,aAA8E,CAAA;AACvF,CAAC;AAED,6DAA6D;AAE7D,IAAI,iBAAiB,GAAkB,IAAI,CAAA;AAE3C;;;GAGG;AACH,KAAK,UAAU,yBAAyB;IACtC,IAAI,iBAAiB;QAAE,OAAO,iBAAiB,CAAA;IAE/C,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;IAE9C,2CAA2C;IAC3C,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC,KAAK,EAAwB,CAAA;IACnG,IAAI,QAAQ,EAAE,CAAC;QACb,iBAAiB,GAAI,QAAgB,CAAC,EAAY,CAAA;QAClD,OAAO,iBAAiB,CAAA;IAC1B,CAAC;IAED,aAAa;IACb,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC;QACpC,IAAI,EAAU,qBAAqB;QACnC,MAAM,EAAQ,IAAI;QAClB,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,UAAU,EAAI,IAAI,CAAC,SAAS,CAAC,CAAC,iBAAiB,CAAC,CAAC;QACjD,MAAM,EAAQ,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,YAAY,EAAE,KAAK;KACO,CAAgB,CAAA;IAE5C,iBAAiB,GAAI,MAAc,CAAC,EAAY,CAAA;IAChD,OAAO,iBAAiB,CAAA;AAC1B,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,yBAAyB;IACvC,iBAAiB,GAAG,IAAI,CAAA;AAC1B,CAAC"}
|
package/dist/routes.d.ts
CHANGED
|
@@ -1,21 +1,32 @@
|
|
|
1
|
-
type RouteHandler = (req: any, res: any) => Promise<
|
|
1
|
+
type RouteHandler = (req: any, res: any) => Promise<any> | any;
|
|
2
2
|
interface Router {
|
|
3
3
|
get(path: string, handler: RouteHandler, ...middleware: any[]): void;
|
|
4
4
|
post(path: string, handler: RouteHandler, ...middleware: any[]): void;
|
|
5
5
|
delete(path: string, handler: RouteHandler, ...middleware: any[]): void;
|
|
6
6
|
}
|
|
7
|
+
/** Groups of routes that can be selectively excluded. */
|
|
8
|
+
export type PassportRouteGroup = 'authorize' | 'token' | 'revoke' | 'scopes' | 'device';
|
|
7
9
|
export interface PassportRouteOptions {
|
|
8
10
|
/** Base path for OAuth routes (default: '/oauth') */
|
|
9
11
|
prefix?: string;
|
|
10
12
|
/** Verification URI for device auth (default: '{origin}/oauth/device') */
|
|
11
13
|
verificationUri?: string;
|
|
14
|
+
/** Route groups to skip when registering. */
|
|
15
|
+
except?: PassportRouteGroup[];
|
|
12
16
|
}
|
|
13
17
|
/**
|
|
14
18
|
* Register all Passport OAuth routes on the given router.
|
|
15
19
|
*
|
|
20
|
+
* Becomes a no-op when `Passport.ignoreRoutes()` has been called — in that
|
|
21
|
+
* case the application wires OAuth routes manually.
|
|
22
|
+
*
|
|
16
23
|
* @example
|
|
17
|
-
* import { registerPassportRoutes } from '@rudderjs/passport
|
|
24
|
+
* import { registerPassportRoutes } from '@rudderjs/passport'
|
|
18
25
|
* registerPassportRoutes(router)
|
|
26
|
+
*
|
|
27
|
+
* @example
|
|
28
|
+
* // Skip the built-in consent + scopes endpoints; mount your own
|
|
29
|
+
* registerPassportRoutes(router, { except: ['authorize', 'scopes'] })
|
|
19
30
|
*/
|
|
20
31
|
export declare function registerPassportRoutes(router: Router, opts?: PassportRouteOptions): void;
|
|
21
32
|
export {};
|
package/dist/routes.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAcA,KAAK,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAcA,KAAK,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAA;AAE9D,UAAU,MAAM;IACd,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,UAAU,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;IACpE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,UAAU,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;IACrE,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,GAAG,UAAU,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;CACxE;AAED,yDAAyD;AACzD,MAAM,MAAM,kBAAkB,GAC1B,WAAW,GACX,OAAO,GACP,QAAQ,GACR,QAAQ,GACR,QAAQ,CAAA;AAEZ,MAAM,WAAW,oBAAoB;IACnC,qDAAqD;IACrD,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,0EAA0E;IAC1E,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,6CAA6C;IAC7C,MAAM,CAAC,EAAE,kBAAkB,EAAE,CAAA;CAC9B;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,GAAE,oBAAyB,GAAG,IAAI,CAiP5F"}
|