@rudderjs/passport 0.1.4 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/Passport.d.ts +93 -0
- package/dist/Passport.d.ts.map +1 -1
- package/dist/Passport.js +147 -0
- package/dist/Passport.js.map +1 -1
- package/dist/client-secret.d.ts +12 -0
- package/dist/client-secret.d.ts.map +1 -0
- package/dist/client-secret.js +63 -0
- package/dist/client-secret.js.map +1 -0
- package/dist/commands/client.d.ts +21 -0
- package/dist/commands/client.d.ts.map +1 -1
- package/dist/commands/client.js +27 -2
- package/dist/commands/client.js.map +1 -1
- package/dist/commands/keys.d.ts +28 -4
- package/dist/commands/keys.d.ts.map +1 -1
- package/dist/commands/keys.js +34 -4
- package/dist/commands/keys.js.map +1 -1
- package/dist/commands/purge.d.ts +6 -1
- package/dist/commands/purge.d.ts.map +1 -1
- package/dist/commands/purge.js +15 -31
- package/dist/commands/purge.js.map +1 -1
- package/dist/device-code-secret.d.ts +28 -0
- package/dist/device-code-secret.d.ts.map +1 -0
- package/dist/device-code-secret.js +31 -0
- package/dist/device-code-secret.js.map +1 -0
- package/dist/grants/authorization-code.d.ts +23 -0
- package/dist/grants/authorization-code.d.ts.map +1 -1
- package/dist/grants/authorization-code.js +126 -15
- package/dist/grants/authorization-code.js.map +1 -1
- package/dist/grants/client-credentials.d.ts.map +1 -1
- package/dist/grants/client-credentials.js +13 -5
- package/dist/grants/client-credentials.js.map +1 -1
- package/dist/grants/device-code.d.ts +10 -1
- package/dist/grants/device-code.d.ts.map +1 -1
- package/dist/grants/device-code.js +41 -10
- package/dist/grants/device-code.js.map +1 -1
- package/dist/grants/index.d.ts +1 -1
- package/dist/grants/index.d.ts.map +1 -1
- package/dist/grants/index.js +1 -1
- package/dist/grants/index.js.map +1 -1
- package/dist/grants/issue-tokens.d.ts +9 -0
- package/dist/grants/issue-tokens.d.ts.map +1 -1
- package/dist/grants/issue-tokens.js +39 -5
- package/dist/grants/issue-tokens.js.map +1 -1
- package/dist/grants/refresh-token.d.ts.map +1 -1
- package/dist/grants/refresh-token.js +64 -9
- package/dist/grants/refresh-token.js.map +1 -1
- package/dist/grants/safe-compare.d.ts +19 -0
- package/dist/grants/safe-compare.d.ts.map +1 -0
- package/dist/grants/safe-compare.js +28 -0
- package/dist/grants/safe-compare.js.map +1 -0
- package/dist/index.d.ts +27 -6
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +122 -67
- package/dist/index.js.map +1 -1
- package/dist/middleware/bearer.d.ts.map +1 -1
- package/dist/middleware/bearer.js +36 -6
- package/dist/middleware/bearer.js.map +1 -1
- package/dist/middleware/scope.d.ts +12 -2
- package/dist/middleware/scope.d.ts.map +1 -1
- package/dist/middleware/scope.js +46 -2
- package/dist/middleware/scope.js.map +1 -1
- package/dist/models/AccessToken.d.ts +32 -0
- package/dist/models/AccessToken.d.ts.map +1 -1
- package/dist/models/AccessToken.js +63 -3
- package/dist/models/AccessToken.js.map +1 -1
- package/dist/models/AuthCode.d.ts +16 -0
- package/dist/models/AuthCode.d.ts.map +1 -1
- package/dist/models/AuthCode.js +17 -1
- package/dist/models/AuthCode.js.map +1 -1
- package/dist/models/DeviceCode.d.ts +12 -2
- package/dist/models/DeviceCode.d.ts.map +1 -1
- package/dist/models/DeviceCode.js +7 -1
- package/dist/models/DeviceCode.js.map +1 -1
- package/dist/models/OAuthClient.d.ts +4 -0
- package/dist/models/OAuthClient.d.ts.map +1 -1
- package/dist/models/OAuthClient.js +13 -1
- package/dist/models/OAuthClient.js.map +1 -1
- package/dist/models/RefreshToken.d.ts +11 -0
- package/dist/models/RefreshToken.d.ts.map +1 -1
- package/dist/models/RefreshToken.js +12 -2
- package/dist/models/RefreshToken.js.map +1 -1
- package/dist/models/helpers.d.ts +6 -0
- package/dist/models/helpers.d.ts.map +1 -1
- package/dist/models/helpers.js +15 -2
- package/dist/models/helpers.js.map +1 -1
- package/dist/opaque-token.d.ts +32 -0
- package/dist/opaque-token.d.ts.map +1 -0
- package/dist/opaque-token.js +38 -0
- package/dist/opaque-token.js.map +1 -0
- package/dist/personal-access-tokens.d.ts.map +1 -1
- package/dist/personal-access-tokens.js +48 -10
- package/dist/personal-access-tokens.js.map +1 -1
- package/dist/routes.d.ts +149 -0
- package/dist/routes.d.ts.map +1 -1
- package/dist/routes.js +279 -41
- package/dist/routes.js.map +1 -1
- package/dist/token.d.ts +80 -4
- package/dist/token.d.ts.map +1 -1
- package/dist/token.js +97 -13
- package/dist/token.js.map +1 -1
- package/package.json +5 -5
- package/schema/passport.prisma +29 -9
package/dist/routes.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"routes.js","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAExC,OAAO,EACL,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,UAAU,GACX,MAAM,mBAAmB,CAAA;AA2B1B;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAc,EAAE,OAA6B,EAAE;IACpF,IAAI,QAAQ,CAAC,aAAa,EAAE;QAAE,OAAM;IAEpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,QAAQ,CAAA;IACtC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAA;IAEvC,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3B,4EAA4E;QAC5E,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,YAAY,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC7D,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,IAAI,EAAE,CAAA;gBAC7B,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAAC;oBACnD,QAAQ,EAAa,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE;oBAC7C,WAAW,EAAU,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE;oBAChD,YAAY,EAAS,KAAK,CAAC,eAAe,CAAC,IAAI,EAAE;oBACjD,KAAK,EAAgB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE;oBACzC,KAAK,EAAgB,KAAK,CAAC,OAAO,CAAC;oBACnC,aAAa,EAAQ,KAAK,CAAC,gBAAgB,CAAC;oBAC5C,mBAAmB,EAAE,KAAK,CAAC,uBAAuB,CAAC;iBACpD,CAAC,CAAA;gBAEF,MAAM,GAAG,GAAG;oBACV,MAAM,EAAE;wBACN,EAAE,EAAK,SAAS,CAAC,MAAc,CAAC,EAAY;wBAC5C,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,IAAI;qBAC5B;oBACD,MAAM,EAAO,SAAS,CAAC,MAAM;oBAC7B,WAAW,EAAE,SAAS,CAAC,WAAW;oBAClC,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACpE,GAAG,CAAC,SAAS,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5F,GAAG,CAAC,SAAS,CAAC,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,SAAS,CAAC,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC9G,OAAO,EAAE,GAAG;iBACb,CAAA;gBAED,MAAM,MAAM,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAA;gBAC7C,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,MAAM,MAAM,CAAC,GAAG,CAAC,CAAA;gBAC1B,CAAC;gBAED,+DAA+D;gBAC/D,GAAG,CAAC,IAAI,CAAC;oBACP,MAAM,EAAO,GAAG,CAAC,MAAM;oBACvB,MAAM,EAAO,GAAG,CAAC,MAAM;oBACvB,KAAK,EAAQ,GAAG,CAAC,KAAK;oBACtB,WAAW,EAAE,GAAG,CAAC,WAAW;iBAC7B,CAAC,CAAA;YACJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,wCAAwC;QACxC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,YAAY,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC9D,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;gBAC3B,MAAM,MAAM,GAAI,GAAG,CAAC,GAAW,EAAE,UAAU,EAAE,EAAE,IAAK,GAAW,CAAC,IAAI,EAAE,EAAE,CAAA;gBACxE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,CAAC,CAAA;oBAChG,OAAM;gBACR,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC;oBAC/B,MAAM;oBACN,QAAQ,EAAa,IAAI,CAAC,WAAW,CAAC;oBACtC,MAAM,EAAe,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE;oBACzC,WAAW,EAAU,IAAI,CAAC,cAAc,CAAC;oBACzC,aAAa,EAAQ,IAAI,CAAC,gBAAgB,CAAC;oBAC3C,mBAAmB,EAAE,IAAI,CAAC,uBAAuB,CAAC;iBACnD,CAAC,CAAA;gBAEF,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAA;gBACjD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;gBAC1C,IAAI,IAAI,CAAC,OAAO,CAAC;oBAAE,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;gBAEvE,GAAG,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,WAAW,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,wCAAwC;QACxC,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,YAAY,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAChE,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;YAC3B,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,kBAAkB,CAAC,CAAA;YACvE,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,CAAA;YACtD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,8BAA8B,CAAC,CAAA;YACjF,IAAI,IAAI,CAAC,OAAO,CAAC;gBAAE,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;YAEvE,GAAG,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,WAAW,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;QACpD,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,QAAQ,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC1D,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;gBAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAW,CAAA;gBAE9C,IAAI,MAAM,CAAA;gBAEV,QAAQ,SAAS,EAAE,CAAC;oBAClB,KAAK,oBAAoB;wBACvB,MAAM,GAAG,MAAM,gBAAgB,CAAC;4BAC9B,SAAS;4BACT,IAAI,EAAW,IAAI,CAAC,MAAM,CAAC;4BAC3B,QAAQ,EAAO,IAAI,CAAC,WAAW,CAAC;4BAChC,YAAY,EAAG,IAAI,CAAC,eAAe,CAAC;4BACpC,WAAW,EAAI,IAAI,CAAC,cAAc,CAAC;4BACnC,YAAY,EAAG,IAAI,CAAC,eAAe,CAAC;yBACrC,CAAC,CAAA;wBACF,MAAK;oBAEP,KAAK,oBAAoB;wBACvB,MAAM,GAAG,MAAM,sBAAsB,CAAC;4BACpC,SAAS;4BACT,QAAQ,EAAM,IAAI,CAAC,WAAW,CAAC;4BAC/B,YAAY,EAAE,IAAI,CAAC,eAAe,CAAC;4BACnC,KAAK,EAAS,IAAI,CAAC,OAAO,CAAC;yBAC5B,CAAC,CAAA;wBACF,MAAK;oBAEP,KAAK,eAAe;wBAClB,MAAM,GAAG,MAAM,iBAAiB,CAAC;4BAC/B,SAAS;4BACT,YAAY,EAAE,IAAI,CAAC,eAAe,CAAC;4BACnC,QAAQ,EAAM,IAAI,CAAC,WAAW,CAAC;4BAC/B,YAAY,EAAE,IAAI,CAAC,eAAe,CAAC;4BACnC,KAAK,EAAS,IAAI,CAAC,OAAO,CAAC;yBAC5B,CAAC,CAAA;wBACF,MAAK;oBAEP,KAAK,8CAA8C,CAAC,CAAC,CAAC;wBACpD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC;4BACtC,SAAS;4BACT,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC;4BAC/B,QAAQ,EAAI,IAAI,CAAC,WAAW,CAAC;yBAC9B,CAAC,CAAA;wBACF,IAAI,UAAU,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;4BACvC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAA;wBAC5B,CAAC;6BAAM,CAAC;4BACN,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gCAC7D,KAAK,EAAE,UAAU,CAAC,MAAM;6BACzB,CAAC,CAAA;4BACF,OAAM;wBACR,CAAC;wBACD,MAAK;oBACP,CAAC;oBAED;wBACE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;4BACnB,KAAK,EAAE,wBAAwB;4BAC/B,iBAAiB,EAAE,eAAe,SAAS,qBAAqB;yBACjE,CAAC,CAAA;wBACF,OAAM;gBACV,CAAC;gBAED,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAClB,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,2DAA2D;IAC3D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,aAAa,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YACjE,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;YACxC,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;YAClD,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,EAAwB,CAAA;YACrF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,CAAC,CAAA;gBACnF,OAAM;YACR,CAAC;YACD,MAAM,cAAc,CAAC,MAAM,CAAE,KAAa,CAAC,EAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAS,CAAC,CAAA;YAClF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;QACxB,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,SAAS,EAAE,KAAK,EAAE,IAAS,EAAE,GAAQ,EAAE,EAAE;YAC3D,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAC7B,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,yDAAyD;QACzD,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,cAAc,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAChE,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;gBAC3B,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,IAAI,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,GAAG,MAAM,SAAS,CAAA;gBACnG,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC;oBACrC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;oBAC3B,KAAK,EAAK,IAAI,CAAC,OAAO,CAAC;oBACvB,eAAe;iBAChB,CAAC,CAAA;gBACF,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAClB,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,2DAA2D;QAC3D,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,iBAAiB,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YACnE,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;gBAC3B,MAAM,MAAM,GAAI,GAAG,CAAC,GAAW,EAAE,UAAU,EAAE,EAAE,IAAK,GAAW,CAAC,IAAI,EAAE,EAAE,CAAA;gBACxE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,CAAC,CAAA;oBAChG,OAAM;gBACR,CAAC;gBACD,MAAM,iBAAiB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK,KAAK,CAAC,CAAA;gBAC9E,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;YAC5B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"routes.js","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAE/C,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAGxC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACtD,OAAO,EACL,4BAA4B,EAC5B,aAAa,EACb,gBAAgB,EAChB,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,iBAAiB,EACjB,UAAU,GACX,MAAM,mBAAmB,CAAA;AAE1B;;;;;;;;GAQG;AACH,KAAK,UAAU,sBAAsB,CAAC,QAAiB,EAAE,WAAoB;IAC3E,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,wBAAwB,CAAC,CAAA;IACnE,CAAC;IACD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,2BAA2B,CAAC,CAAA;IACtE,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;IAC9C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,KAAK,EAAwB,CAAA;IAClF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,gBAAgB,EAAE,mBAAmB,CAAC,CAAA;IAC7D,CAAC;IACD,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,MAAa,EAAE,WAAW,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,uBAAuB,CAAC,CAAA;IAClE,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAS,wBAAwB,CAC/B,GAA0C,EAC1C,IAA6B;IAE7B,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,eAAe,CAAC,CAAA;IACjD,MAAM,YAAY,GAAO,IAAI,CAAC,WAAW,CAA2B,CAAA;IACpE,MAAM,gBAAgB,GAAG,IAAI,CAAC,eAAe,CAAuB,CAAA;IAEpE,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;QAClH,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QAC1C,IAAI,OAAe,CAAA;QACnB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,mCAAmC,EAAE,GAAG,CAAC,CAAA;QACnF,CAAC;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;YACf,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,mCAAmC,EAAE,GAAG,CAAC,CAAA;QACnF,CAAC;QACD,6DAA6D;QAC7D,mEAAmE;QACnE,mEAAmE;QACnE,kEAAkE;QAClE,mEAAmE;QACnE,MAAM,cAAc,GAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;QAChD,MAAM,kBAAkB,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAA;QAEjD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,mCAAmC,EAAE,GAAG,CAAC,CAAA;QACnF,CAAC;QACD,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,+EAA+E,EAAE,GAAG,CAAC,CAAA;QAC/H,CAAC;QACD,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,KAAK,cAAc,EAAE,CAAC;YAClE,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,gEAAgE,EAAE,GAAG,CAAC,CAAA;QAChH,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAA;IACvE,CAAC;IAED,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;QACtD,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,wBAAwB,CAAC,CAAA;IACnE,CAAC;IACD,OAAO,gBAAgB,KAAK,SAAS;QACnC,CAAC,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE;QAC5D,CAAC,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAA;AAChC,CAAC;AAED;;;;;;;;;;GAUG;AACH,IAAI,yBAAyB,GAAG,KAAK,CAAA;AACrC,SAAS,sBAAsB,CAAC,IAA0B,EAAE,GAA6C,EAAE,MAAc;IACvH,IAAI,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC,eAAe,CAAA;IAErD,MAAM,MAAM,GAAG,MAAM,CAAqB,SAAS,EAAE,SAAS,CAAC,CAAA;IAC/D,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,EAAE,CAAC;QACzC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,MAAM,SAAS,CAAA;IACvD,CAAC;IAED,IAAI,CAAC,yBAAyB,EAAE,CAAC;QAC/B,yBAAyB,GAAG,IAAI,CAAA;QAChC,OAAO,CAAC,IAAI,CACV,uGAAuG;YACvG,qFAAqF;YACrF,sHAAsH,CACvH,CAAA;IACH,CAAC;IACD,OAAO,GAAG,GAAG,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,GAAG,MAAM,SAAS,CAAA;AAC5D,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,iBAAiB,CAAC,GAAQ,EAAE,GAAY,EAAE,KAAc;IAC/D,MAAM,SAAS,GAAG,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;IACrE,IAAI,GAAG,YAAY,UAAU,EAAE,CAAC;QAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,SAAS,EAAE,CAAC,CAAA;QAClE,OAAM;IACR,CAAC;IACD,MAAM,CAAC,GAAG,CAAC,CAAA;IACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,GAAG,SAAS,EAAE,CAAC,CAAA;AAC5G,CAAC;AAiID,SAAS,iBAAiB,CAAC,KAA0D;IACnF,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAA;IACrB,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;AAC/C,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAc,EAAE,OAA6B,EAAE;IACpF,IAAI,QAAQ,CAAC,aAAa,EAAE;QAAE,OAAM;IAEpC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,QAAQ,CAAA;IACtC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAA;IACvC,MAAM,eAAe,GAAO,iBAAiB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IACnE,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;IACvE,MAAM,gBAAgB,GAAM,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAEpE,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3B,4EAA4E;QAC5E,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,YAAY,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC7D,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,IAAI,EAAE,CAAA;YAC7B,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,4BAA4B,CAAC;oBACnD,QAAQ,EAAa,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE;oBAC7C,WAAW,EAAU,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE;oBAChD,YAAY,EAAS,KAAK,CAAC,eAAe,CAAC,IAAI,EAAE;oBACjD,KAAK,EAAgB,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE;oBACzC,KAAK,EAAgB,KAAK,CAAC,OAAO,CAAC;oBACnC,aAAa,EAAQ,KAAK,CAAC,gBAAgB,CAAC;oBAC5C,mBAAmB,EAAE,KAAK,CAAC,uBAAuB,CAAC;iBACpD,CAAC,CAAA;gBAEF,MAAM,GAAG,GAAG;oBACV,MAAM,EAAE;wBACN,EAAE,EAAI,SAAS,CAAC,MAAM,CAAC,EAAE;wBACzB,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,IAAI;qBAC5B;oBACD,MAAM,EAAO,SAAS,CAAC,MAAM;oBAC7B,WAAW,EAAE,SAAS,CAAC,WAAW;oBAClC,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACpE,GAAG,CAAC,SAAS,CAAC,aAAa,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,SAAS,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5F,GAAG,CAAC,SAAS,CAAC,mBAAmB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,mBAAmB,EAAE,SAAS,CAAC,mBAAmB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC9G,OAAO,EAAE,GAAG;iBACb,CAAA;gBAED,MAAM,MAAM,GAAG,QAAQ,CAAC,mBAAmB,EAAE,CAAA;gBAC7C,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,MAAM,MAAM,CAAC,GAAG,CAAC,CAAA;gBAC1B,CAAC;gBAED,+DAA+D;gBAC/D,GAAG,CAAC,IAAI,CAAC;oBACP,MAAM,EAAO,GAAG,CAAC,MAAM;oBACvB,MAAM,EAAO,GAAG,CAAC,MAAM;oBACvB,KAAK,EAAQ,GAAG,CAAC,KAAK;oBACtB,WAAW,EAAE,GAAG,CAAC,WAAW;iBAC7B,CAAC,CAAA;YACJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,iBAAiB,CAAC,GAAG,EAAE,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAA;YAC3C,CAAC;QACH,CAAC,EAAE,mBAAmB,CAAC,CAAA;QAEvB,wCAAwC;QACxC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,YAAY,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC9D,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;YAC3B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAI,GAAG,CAAC,GAAW,EAAE,UAAU,EAAE,EAAE,IAAK,GAAW,CAAC,IAAI,EAAE,EAAE,CAAA;gBACxE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,gEAAgE;oBAChE,mEAAmE;oBACnE,MAAM,SAAS,GAAG,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAA;oBACpG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,GAAG,SAAS,EAAE,CAAC,CAAA;oBAC9G,OAAM;gBACR,CAAC;gBAED,MAAM,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,CAAA;gBAErE,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC;oBAC/B,MAAM;oBACN,QAAQ,EAAa,IAAI,CAAC,WAAW,CAAC;oBACtC,MAAM,EAAe,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE;oBACzC,WAAW,EAAU,IAAI,CAAC,cAAc,CAAC;oBACzC,aAAa,EAAQ,IAAI,CAAC,gBAAgB,CAAC;oBAC3C,mBAAmB,EAAE,IAAI,CAAC,uBAAuB,CAAC;iBACnD,CAAC,CAAA;gBAEF,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAA;gBACjD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;gBAC1C,IAAI,IAAI,CAAC,OAAO,CAAC;oBAAE,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;gBAEvE,GAAG,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,WAAW,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,iBAAiB,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;YAC1C,CAAC;QACH,CAAC,EAAE,mBAAmB,CAAC,CAAA;QAEvB,wCAAwC;QACxC,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,YAAY,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAChE,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;YAC3B,IAAI,CAAC;gBACH,MAAM,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,CAAA;gBAErE,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAA;gBACjD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,CAAA;gBACtD,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,8BAA8B,CAAC,CAAA;gBACjF,IAAI,IAAI,CAAC,OAAO,CAAC;oBAAE,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;gBAEvE,GAAG,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,WAAW,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,iBAAiB,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;YAC1C,CAAC;QACH,CAAC,EAAE,mBAAmB,CAAC,CAAA;IACzB,CAAC;IAED,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACvB,wEAAwE;QACxE,yEAAyE;QACzE,yEAAyE;QACzE,oCAAoC;QACpC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,QAAQ,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC1D,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;gBAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAW,CAAA;gBAE9C,yDAAyD;gBACzD,+DAA+D;gBAC/D,gEAAgE;gBAChE,8DAA8D;gBAC9D,MAAM,WAAW,GAAG,wBAAwB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;gBAEvD,IAAI,MAAM,CAAA;gBAEV,QAAQ,SAAS,EAAE,CAAC;oBAClB,KAAK,oBAAoB;wBACvB,MAAM,GAAG,MAAM,gBAAgB,CAAC;4BAC9B,SAAS;4BACT,IAAI,EAAW,IAAI,CAAC,MAAM,CAAC;4BAC3B,GAAG,WAAW;4BACd,WAAW,EAAI,IAAI,CAAC,cAAc,CAAC;4BACnC,YAAY,EAAG,IAAI,CAAC,eAAe,CAAC;yBACrC,CAAC,CAAA;wBACF,MAAK;oBAEP,KAAK,oBAAoB;wBACvB,4DAA4D;wBAC5D,4DAA4D;wBAC5D,yDAAyD;wBACzD,yCAAyC;wBACzC,IAAI,WAAW,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;4BAC3C,MAAM,IAAI,UAAU,CAAC,iBAAiB,EAAE,6DAA6D,EAAE,GAAG,CAAC,CAAA;wBAC7G,CAAC;wBACD,MAAM,GAAG,MAAM,sBAAsB,CAAC;4BACpC,SAAS;4BACT,QAAQ,EAAM,WAAW,CAAC,QAAQ;4BAClC,YAAY,EAAE,WAAW,CAAC,YAAY;4BACtC,KAAK,EAAS,IAAI,CAAC,OAAO,CAAC;yBAC5B,CAAC,CAAA;wBACF,MAAK;oBAEP,KAAK,eAAe;wBAClB,MAAM,GAAG,MAAM,iBAAiB,CAAC;4BAC/B,SAAS;4BACT,YAAY,EAAE,IAAI,CAAC,eAAe,CAAC;4BACnC,GAAG,WAAW;4BACd,KAAK,EAAS,IAAI,CAAC,OAAO,CAAC;yBAC5B,CAAC,CAAA;wBACF,MAAK;oBAEP,KAAK,8CAA8C,CAAC,CAAC,CAAC;wBACpD,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC;4BACtC,SAAS;4BACT,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC;4BAC/B,QAAQ,EAAI,WAAW,CAAC,QAAQ;yBACjC,CAAC,CAAA;wBACF,IAAI,UAAU,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;4BACvC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAA;wBAC5B,CAAC;6BAAM,CAAC;4BACN,wDAAwD;4BACxD,yDAAyD;4BACzD,yDAAyD;4BACzD,4BAA4B;4BAC5B,EAAE;4BACF,sDAAsD;4BACtD,2DAA2D;4BAC3D,iDAAiD;4BACjD,IAAI,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gCACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAA;4BAC7E,CAAC;iCAAM,CAAC;gCACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;4BACpD,CAAC;4BACD,OAAM;wBACR,CAAC;wBACD,MAAK;oBACP,CAAC;oBAED;wBACE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;4BACnB,KAAK,EAAE,wBAAwB;4BAC/B,iBAAiB,EAAE,eAAe,SAAS,qBAAqB;yBACjE,CAAC,CAAA;wBACF,OAAM;gBACV,CAAC;gBAED,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAClB,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,6DAA6D;oBAC7D,gEAAgE;oBAChE,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,IAAI,OAAO,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;wBAC7D,GAAG,CAAC,MAAM,CAAC,kBAAkB,EAAE,qBAAqB,CAAC,CAAA;oBACvD,CAAC;oBACD,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC,CAAC,CAAA;oBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,EAAE,eAAe,CAAC,CAAA;IACrB,CAAC;IAED,2DAA2D;IAC3D,0EAA0E;IAC1E,oEAAoE;IACpE,wEAAwE;IACxE,sEAAsE;IACtE,6BAA6B;IAC7B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,aAAa,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YACjE,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;YACxC,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CAAA;YAClD,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,EAAwB,CAAA;YAErF,MAAM,WAAW,GAAI,GAAG,CAAC,GAAW,EAAE,UAAU,EAAE,EAAE,IAAK,GAAW,CAAC,IAAI,EAAE,EAAE,CAAA;YAC7E,IAAI,CAAC,KAAK,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gBAC3D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,CAAC,CAAA;gBACnF,OAAM;YACR,CAAC;YAED,gEAAgE;YAChE,oDAAoD;YACpD,MAAM,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;iBACvC,SAAS,CAAC,EAAE,OAAO,EAAE,IAAI,EAA6B,CAAC,CAAA;YAC1D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;QACxB,CAAC,EAAE,CAAC,aAAa,EAAE,EAAE,GAAG,mBAAmB,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,SAAS,EAAE,KAAK,EAAE,IAAS,EAAE,GAAQ,EAAE,EAAE;YAC3D,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;QAC7B,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,yDAAyD;QACzD,yEAAyE;QACzE,mEAAmE;QACnE,+CAA+C;QAC/C,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,cAAc,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAChE,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;gBAC3B,MAAM,eAAe,GAAG,sBAAsB,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;gBACjE,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC;oBACrC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;oBAC3B,KAAK,EAAK,IAAI,CAAC,OAAO,CAAC;oBACvB,eAAe;iBAChB,CAAC,CAAA;gBACF,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAClB,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC,CAAC,CAAA;oBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,EAAE,gBAAgB,CAAC,CAAA;QAEpB,2DAA2D;QAC3D,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,iBAAiB,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YACnE,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;gBAC3B,MAAM,MAAM,GAAI,GAAG,CAAC,GAAW,EAAE,UAAU,EAAE,EAAE,IAAK,GAAW,CAAC,IAAI,EAAE,EAAE,CAAA;gBACxE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,CAAC,CAAA;oBAChG,OAAM;gBACR,CAAC;gBACD,MAAM,iBAAiB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK,KAAK,CAAC,CAAA;gBAC9E,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;YAC5B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,YAAY,UAAU,EAAE,CAAC;oBAC5B,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3C,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,CAAC,CAAC,CAAA;oBACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,CAAC,CAAA;gBAC9F,CAAC;YACH,CAAC;QACH,CAAC,EAAE,gBAAgB,CAAC,CAAA;IACtB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAAc,EAAE,OAA6B,EAAE;IACvF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAyB,CAAC,CAAA;IACrG,sBAAsB,CAAC,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;AACzE,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAAc,EAAE,OAA6B,EAAE;IACvF,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,WAAW,EAAE,QAAQ,CAAyB,CAAC,CAAA;IAC/F,sBAAsB,CAAC,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;AACzE,CAAC"}
|
package/dist/token.d.ts
CHANGED
|
@@ -1,6 +1,15 @@
|
|
|
1
1
|
export interface JwtHeader {
|
|
2
2
|
alg: 'RS256';
|
|
3
3
|
typ: 'JWT';
|
|
4
|
+
/**
|
|
5
|
+
* Key ID — SHA-256 fingerprint (base64url) of the public key that verifies
|
|
6
|
+
* this token's signature. Stamped by `createToken()` on every new JWT so
|
|
7
|
+
* `verifyToken()` can pick the right public key directly during a key-
|
|
8
|
+
* rotation grace window. Legacy tokens minted before this PR have no
|
|
9
|
+
* `kid` and fall through to "try each verification key in order" — same
|
|
10
|
+
* compat pattern as `iss` (P7) and the at-rest hashing migrations.
|
|
11
|
+
*/
|
|
12
|
+
kid?: string;
|
|
4
13
|
}
|
|
5
14
|
export interface JwtPayload {
|
|
6
15
|
/** Token ID */
|
|
@@ -9,6 +18,14 @@ export interface JwtPayload {
|
|
|
9
18
|
sub: string | null;
|
|
10
19
|
/** Audience — client ID */
|
|
11
20
|
aud: string;
|
|
21
|
+
/**
|
|
22
|
+
* Issuer — set when `Passport.useIssuer(url)` was configured at the time
|
|
23
|
+
* the token was minted. Optional because tokens issued before issuer
|
|
24
|
+
* configuration carry no `iss` claim (legacy compat window). RFC 7519
|
|
25
|
+
* §4.1.1 makes `iss` optional; we treat it as RECOMMENDED in deployments
|
|
26
|
+
* that may have multiple signers (RFC 8725 §3.10).
|
|
27
|
+
*/
|
|
28
|
+
iss?: string;
|
|
12
29
|
/** Issued at (seconds) */
|
|
13
30
|
iat: number;
|
|
14
31
|
/** Expiration (seconds) */
|
|
@@ -16,6 +33,24 @@ export interface JwtPayload {
|
|
|
16
33
|
/** Scopes */
|
|
17
34
|
scopes: string[];
|
|
18
35
|
}
|
|
36
|
+
/** Options for `verifyToken()` — see jsdoc on the function. */
|
|
37
|
+
export interface VerifyTokenOptions {
|
|
38
|
+
/**
|
|
39
|
+
* Expected audience (clientId). When provided, `verifyToken` rejects
|
|
40
|
+
* tokens whose `aud` claim doesn't match. Resource servers that gate to
|
|
41
|
+
* a specific client should always pass this. Mitigates cross-client
|
|
42
|
+
* token confusion in multi-client deployments.
|
|
43
|
+
*/
|
|
44
|
+
expectedAud?: string;
|
|
45
|
+
/**
|
|
46
|
+
* Expected issuer URL. When provided, `verifyToken` rejects tokens whose
|
|
47
|
+
* `iss` claim doesn't match. Tokens minted before issuer configuration
|
|
48
|
+
* carry no `iss` claim and are exempt during the migration window —
|
|
49
|
+
* same pattern as redirect_uri (P1) and familyId (P4). Pass
|
|
50
|
+
* `Passport.issuer() ?? undefined` to opt in once configured.
|
|
51
|
+
*/
|
|
52
|
+
expectedIssuer?: string;
|
|
53
|
+
}
|
|
19
54
|
/**
|
|
20
55
|
* Create a signed JWT using RSA-SHA256.
|
|
21
56
|
* Uses the private key from Passport configuration.
|
|
@@ -26,15 +61,56 @@ export declare function createToken(payload: {
|
|
|
26
61
|
clientId: string;
|
|
27
62
|
scopes: string[];
|
|
28
63
|
expiresAt: Date;
|
|
64
|
+
/**
|
|
65
|
+
* Optional `iat` source in ms. When the caller (e.g. `issueTokens`) has
|
|
66
|
+
* already snapshotted wall-clock time to derive `expiresAt` and `expires_in`,
|
|
67
|
+
* passing the same `now` in here keeps `iat`, `exp`, and the API-level
|
|
68
|
+
* `expires_in` aligned to a single instant. Defaults to `Date.now()` so
|
|
69
|
+
* direct callers don't have to think about it.
|
|
70
|
+
*/
|
|
71
|
+
iatMs?: number;
|
|
29
72
|
}): Promise<string>;
|
|
30
73
|
/**
|
|
31
74
|
* Verify and decode a JWT using RSA-SHA256.
|
|
32
75
|
* Returns the payload if valid, throws if invalid.
|
|
76
|
+
*
|
|
77
|
+
* Validation runs in this order — each step throws with a specific message
|
|
78
|
+
* so callers can distinguish failure modes if they want to:
|
|
79
|
+
* 1. Format — three base64url-encoded segments.
|
|
80
|
+
* 2. Signature — RSA-SHA256 verifies against the configured public key.
|
|
81
|
+
* 3. Expiration — `exp` claim is in the future.
|
|
82
|
+
* 4. Audience — only when `options.expectedAud` is provided; rejects
|
|
83
|
+
* tokens whose `aud` claim doesn't match. Mitigates
|
|
84
|
+
* cross-client token confusion.
|
|
85
|
+
* 5. Issuer — only when `options.expectedIssuer` is provided AND
|
|
86
|
+
* the token carries an `iss` claim; rejects mismatches.
|
|
87
|
+
* Tokens minted before `Passport.useIssuer(...)` was
|
|
88
|
+
* configured carry no `iss` and are exempt during the
|
|
89
|
+
* migration window — same pattern as redirect_uri /
|
|
90
|
+
* familyId rollouts.
|
|
91
|
+
*/
|
|
92
|
+
export declare function verifyToken(jwt: string, options?: VerifyTokenOptions): Promise<JwtPayload>;
|
|
93
|
+
/**
|
|
94
|
+
* Decode a JWT payload **without verifying the signature**. The returned
|
|
95
|
+
* `sub` / `aud` / `scopes` claims MUST NOT be trusted for authentication
|
|
96
|
+
* decisions — an attacker can mint a JWT with any payload, sign it with
|
|
97
|
+
* their own key, and this function will happily decode it.
|
|
98
|
+
*
|
|
99
|
+
* Legitimate uses are read-only and signature-independent — e.g. reading
|
|
100
|
+
* `jti` to look up a DB row for revocation check, or peeking at `exp` for
|
|
101
|
+
* client-side scheduling. Anything resembling an auth gate must call
|
|
102
|
+
* `verifyToken()` instead.
|
|
103
|
+
*
|
|
104
|
+
* Naming convention: prefixed `unsafe` so a grep for "auth check" never
|
|
105
|
+
* accidentally lands on a verification-free path. `decodeToken` is kept
|
|
106
|
+
* as a deprecated alias for back-compat — see below.
|
|
33
107
|
*/
|
|
34
|
-
export declare function
|
|
108
|
+
export declare function unsafeDecodeToken(jwt: string): JwtPayload;
|
|
35
109
|
/**
|
|
36
|
-
*
|
|
37
|
-
*
|
|
110
|
+
* @deprecated Renamed to `unsafeDecodeToken`. The old name doesn't carry
|
|
111
|
+
* the security warning the function deserves — callers regularly mistake
|
|
112
|
+
* "decode" for "verify". Will be kept indefinitely as a thin alias for
|
|
113
|
+
* back-compat; new code should import `unsafeDecodeToken`.
|
|
38
114
|
*/
|
|
39
|
-
export declare
|
|
115
|
+
export declare const decodeToken: typeof unsafeDecodeToken;
|
|
40
116
|
//# sourceMappingURL=token.d.ts.map
|
package/dist/token.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../src/token.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,OAAO,CAAA;IACZ,GAAG,EAAE,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../src/token.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,OAAO,CAAA;IACZ,GAAG,EAAE,KAAK,CAAA;IACV;;;;;;;OAOG;IACH,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,UAAU;IACzB,eAAe;IACf,GAAG,EAAM,MAAM,CAAA;IACf,sDAAsD;IACtD,GAAG,EAAM,MAAM,GAAG,IAAI,CAAA;IACtB,2BAA2B;IAC3B,GAAG,EAAM,MAAM,CAAA;IACf;;;;;;OAMG;IACH,GAAG,CAAC,EAAK,MAAM,CAAA;IACf,0BAA0B;IAC1B,GAAG,EAAM,MAAM,CAAA;IACf,2BAA2B;IAC3B,GAAG,EAAM,MAAM,CAAA;IACf,aAAa;IACb,MAAM,EAAG,MAAM,EAAE,CAAA;CAClB;AAED,+DAA+D;AAC/D,MAAM,WAAW,kBAAkB;IACjC;;;;;OAKG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AA0BD;;;GAGG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE;IACzC,OAAO,EAAG,MAAM,CAAA;IAChB,MAAM,EAAI,MAAM,GAAG,IAAI,CAAA;IACvB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAI,MAAM,EAAE,CAAA;IAClB,SAAS,EAAE,IAAI,CAAA;IACf;;;;;;OAMG;IACH,KAAK,CAAC,EAAI,MAAM,CAAA;CACjB,GAAG,OAAO,CAAC,MAAM,CAAC,CAoClB;AAID;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,UAAU,CAAC,CAiEhG;AAID;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAMzD;AAED;;;;;GAKG;AACH,eAAO,MAAM,WAAW,0BAAoB,CAAA"}
|
package/dist/token.js
CHANGED
|
@@ -7,6 +7,16 @@ function base64url(data) {
|
|
|
7
7
|
function base64urlDecode(str) {
|
|
8
8
|
return Buffer.from(str, 'base64url').toString('utf8');
|
|
9
9
|
}
|
|
10
|
+
/**
|
|
11
|
+
* Stable key id for an RSA public key — SHA-256 (base64url) of the PEM
|
|
12
|
+
* string verbatim. Cheaper than RFC 7638 JWK Thumbprint (no DER reparse)
|
|
13
|
+
* and good enough for our single-issuer / few-keys scenarios — we only
|
|
14
|
+
* need a tiebreaker between current and previous public key.
|
|
15
|
+
*/
|
|
16
|
+
async function publicKeyFingerprint(publicKeyPem) {
|
|
17
|
+
const { createHash } = await import('node:crypto');
|
|
18
|
+
return createHash('sha256').update(publicKeyPem).digest('base64url');
|
|
19
|
+
}
|
|
10
20
|
// ─── Create JWT ───────────────────────────────────────────
|
|
11
21
|
/**
|
|
12
22
|
* Create a signed JWT using RSA-SHA256.
|
|
@@ -14,17 +24,27 @@ function base64urlDecode(str) {
|
|
|
14
24
|
*/
|
|
15
25
|
export async function createToken(payload) {
|
|
16
26
|
const { createSign } = await import('node:crypto');
|
|
17
|
-
const { privateKey } = await Passport.keys();
|
|
18
|
-
|
|
19
|
-
|
|
27
|
+
const { privateKey, publicKey } = await Passport.keys();
|
|
28
|
+
// `kid` lets verifyToken pick the right public key during a key-rotation
|
|
29
|
+
// grace window without trial-and-error verification. Always stamp it on
|
|
30
|
+
// new tokens — legacy tokens (no kid) still verify, just less efficiently.
|
|
31
|
+
const kid = await publicKeyFingerprint(publicKey);
|
|
32
|
+
const header = { alg: 'RS256', typ: 'JWT', kid };
|
|
33
|
+
const iat = Math.floor((payload.iatMs ?? Date.now()) / 1000);
|
|
20
34
|
const jwtPayload = {
|
|
21
35
|
jti: payload.tokenId,
|
|
22
36
|
sub: payload.userId,
|
|
23
37
|
aud: payload.clientId,
|
|
24
|
-
iat
|
|
38
|
+
iat,
|
|
25
39
|
exp: Math.floor(payload.expiresAt.getTime() / 1000),
|
|
26
40
|
scopes: payload.scopes,
|
|
27
41
|
};
|
|
42
|
+
// Stamp `iss` only when the operator has configured one — keeps the
|
|
43
|
+
// payload identical for apps that haven't opted in (no surprise size
|
|
44
|
+
// bump on the wire) and keeps legacy verifiers working.
|
|
45
|
+
const issuer = Passport.issuer();
|
|
46
|
+
if (issuer)
|
|
47
|
+
jwtPayload.iss = issuer;
|
|
28
48
|
const segments = [
|
|
29
49
|
base64url(JSON.stringify(header)),
|
|
30
50
|
base64url(JSON.stringify(jwtPayload)),
|
|
@@ -39,20 +59,55 @@ export async function createToken(payload) {
|
|
|
39
59
|
/**
|
|
40
60
|
* Verify and decode a JWT using RSA-SHA256.
|
|
41
61
|
* Returns the payload if valid, throws if invalid.
|
|
62
|
+
*
|
|
63
|
+
* Validation runs in this order — each step throws with a specific message
|
|
64
|
+
* so callers can distinguish failure modes if they want to:
|
|
65
|
+
* 1. Format — three base64url-encoded segments.
|
|
66
|
+
* 2. Signature — RSA-SHA256 verifies against the configured public key.
|
|
67
|
+
* 3. Expiration — `exp` claim is in the future.
|
|
68
|
+
* 4. Audience — only when `options.expectedAud` is provided; rejects
|
|
69
|
+
* tokens whose `aud` claim doesn't match. Mitigates
|
|
70
|
+
* cross-client token confusion.
|
|
71
|
+
* 5. Issuer — only when `options.expectedIssuer` is provided AND
|
|
72
|
+
* the token carries an `iss` claim; rejects mismatches.
|
|
73
|
+
* Tokens minted before `Passport.useIssuer(...)` was
|
|
74
|
+
* configured carry no `iss` and are exempt during the
|
|
75
|
+
* migration window — same pattern as redirect_uri /
|
|
76
|
+
* familyId rollouts.
|
|
42
77
|
*/
|
|
43
|
-
export async function verifyToken(jwt) {
|
|
78
|
+
export async function verifyToken(jwt, options) {
|
|
44
79
|
const { createVerify } = await import('node:crypto');
|
|
45
|
-
const { publicKey } = await Passport.keys();
|
|
46
80
|
const parts = jwt.split('.');
|
|
47
81
|
if (parts.length !== 3) {
|
|
48
82
|
throw new Error('Invalid JWT: expected 3 segments');
|
|
49
83
|
}
|
|
50
84
|
const [headerB64, payloadB64, signatureB64] = parts;
|
|
51
|
-
//
|
|
85
|
+
// Walk every public key the operator has marked verifiable — current key
|
|
86
|
+
// first, then any previous keys retained for the post-rotation grace
|
|
87
|
+
// window. When the JWT carries a `kid` header we pick the matching key
|
|
88
|
+
// directly; otherwise we try each in order. Either way, ONE successful
|
|
89
|
+
// verify is enough — most tokens hit on the current key.
|
|
90
|
+
const verificationKeys = await Passport.verificationKeys();
|
|
91
|
+
const header = JSON.parse(base64urlDecode(headerB64));
|
|
52
92
|
const signingInput = `${headerB64}.${payloadB64}`;
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
93
|
+
let candidates;
|
|
94
|
+
if (header.kid) {
|
|
95
|
+
const fingerprints = await Promise.all(verificationKeys.map(publicKeyFingerprint));
|
|
96
|
+
const idx = fingerprints.indexOf(header.kid);
|
|
97
|
+
candidates = idx >= 0 ? [verificationKeys[idx]] : [];
|
|
98
|
+
}
|
|
99
|
+
else {
|
|
100
|
+
candidates = verificationKeys;
|
|
101
|
+
}
|
|
102
|
+
let valid = false;
|
|
103
|
+
for (const pk of candidates) {
|
|
104
|
+
const verify = createVerify('RSA-SHA256');
|
|
105
|
+
verify.update(signingInput);
|
|
106
|
+
if (verify.verify(pk, signatureB64, 'base64url')) {
|
|
107
|
+
valid = true;
|
|
108
|
+
break;
|
|
109
|
+
}
|
|
110
|
+
}
|
|
56
111
|
if (!valid) {
|
|
57
112
|
throw new Error('Invalid JWT: signature verification failed');
|
|
58
113
|
}
|
|
@@ -63,18 +118,47 @@ export async function verifyToken(jwt) {
|
|
|
63
118
|
if (payload.exp <= now) {
|
|
64
119
|
throw new Error('Invalid JWT: token has expired');
|
|
65
120
|
}
|
|
121
|
+
// Check audience (RFC 7519 §4.1.3 + RFC 8725 §3.10).
|
|
122
|
+
if (options?.expectedAud !== undefined && payload.aud !== options.expectedAud) {
|
|
123
|
+
throw new Error('Invalid JWT: audience mismatch');
|
|
124
|
+
}
|
|
125
|
+
// Check issuer (RFC 7519 §4.1.1 + RFC 8725 §3.10). Tokens without an
|
|
126
|
+
// `iss` claim were minted before the issuer was configured — accept them
|
|
127
|
+
// during the migration window. New tokens issued after `Passport.useIssuer`
|
|
128
|
+
// is set carry the claim, and the verifier rejects mismatches.
|
|
129
|
+
if (options?.expectedIssuer !== undefined && payload.iss !== undefined && payload.iss !== options.expectedIssuer) {
|
|
130
|
+
throw new Error('Invalid JWT: issuer mismatch');
|
|
131
|
+
}
|
|
66
132
|
return payload;
|
|
67
133
|
}
|
|
68
134
|
// ─── Decode without verification (for inspection) ─────────
|
|
69
135
|
/**
|
|
70
|
-
* Decode a JWT payload without verifying the signature
|
|
71
|
-
*
|
|
136
|
+
* Decode a JWT payload **without verifying the signature**. The returned
|
|
137
|
+
* `sub` / `aud` / `scopes` claims MUST NOT be trusted for authentication
|
|
138
|
+
* decisions — an attacker can mint a JWT with any payload, sign it with
|
|
139
|
+
* their own key, and this function will happily decode it.
|
|
140
|
+
*
|
|
141
|
+
* Legitimate uses are read-only and signature-independent — e.g. reading
|
|
142
|
+
* `jti` to look up a DB row for revocation check, or peeking at `exp` for
|
|
143
|
+
* client-side scheduling. Anything resembling an auth gate must call
|
|
144
|
+
* `verifyToken()` instead.
|
|
145
|
+
*
|
|
146
|
+
* Naming convention: prefixed `unsafe` so a grep for "auth check" never
|
|
147
|
+
* accidentally lands on a verification-free path. `decodeToken` is kept
|
|
148
|
+
* as a deprecated alias for back-compat — see below.
|
|
72
149
|
*/
|
|
73
|
-
export function
|
|
150
|
+
export function unsafeDecodeToken(jwt) {
|
|
74
151
|
const parts = jwt.split('.');
|
|
75
152
|
if (parts.length !== 3) {
|
|
76
153
|
throw new Error('Invalid JWT: expected 3 segments');
|
|
77
154
|
}
|
|
78
155
|
return JSON.parse(base64urlDecode(parts[1]));
|
|
79
156
|
}
|
|
157
|
+
/**
|
|
158
|
+
* @deprecated Renamed to `unsafeDecodeToken`. The old name doesn't carry
|
|
159
|
+
* the security warning the function deserves — callers regularly mistake
|
|
160
|
+
* "decode" for "verify". Will be kept indefinitely as a thin alias for
|
|
161
|
+
* back-compat; new code should import `unsafeDecodeToken`.
|
|
162
|
+
*/
|
|
163
|
+
export const decodeToken = unsafeDecodeToken;
|
|
80
164
|
//# sourceMappingURL=token.js.map
|
package/dist/token.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.js","sourceRoot":"","sources":["../src/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;
|
|
1
|
+
{"version":3,"file":"token.js","sourceRoot":"","sources":["../src/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AA4DxC,6DAA6D;AAE7D,SAAS,SAAS,CAAC,IAAqB;IACtC,MAAM,GAAG,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACvE,OAAO,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;AAClC,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;AACvD,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,oBAAoB,CAAC,YAAoB;IACtD,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;IAClD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;AACtE,CAAC;AAED,6DAA6D;AAE7D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAcjC;IACC,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;IAClD,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;IAEvD,yEAAyE;IACzE,wEAAwE;IACxE,2EAA2E;IAC3E,MAAM,GAAG,GAAG,MAAM,oBAAoB,CAAC,SAAS,CAAC,CAAA;IACjD,MAAM,MAAM,GAAc,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAA;IAE3D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAA;IAC5D,MAAM,UAAU,GAAe;QAC7B,GAAG,EAAK,OAAO,CAAC,OAAO;QACvB,GAAG,EAAK,OAAO,CAAC,MAAM;QACtB,GAAG,EAAK,OAAO,CAAC,QAAQ;QACxB,GAAG;QACH,GAAG,EAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;QACtD,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAA;IACD,oEAAoE;IACpE,qEAAqE;IACrE,wDAAwD;IACxD,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAA;IAChC,IAAI,MAAM;QAAE,UAAU,CAAC,GAAG,GAAG,MAAM,CAAA;IAEnC,MAAM,QAAQ,GAAG;QACf,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACjC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;KACtC,CAAA;IAED,MAAM,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACvC,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,CAAA;IACrC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;IACzB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA;IAEpD,OAAO,GAAG,YAAY,IAAI,SAAS,EAAE,CAAA;AACvC,CAAC;AAED,6DAA6D;AAE7D;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,GAAW,EAAE,OAA4B;IACzE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;IAEpD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;IACrD,CAAC;IAED,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,KAAiC,CAAA;IAE/E,yEAAyE;IACzE,qEAAqE;IACrE,uEAAuE;IACvE,uEAAuE;IACvE,yDAAyD;IACzD,MAAM,gBAAgB,GAAG,MAAM,QAAQ,CAAC,gBAAgB,EAAE,CAAA;IAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,CAAc,CAAA;IAClE,MAAM,YAAY,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAA;IAEjD,IAAI,UAAoB,CAAA;IACxB,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAA;QAClF,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAC5C,UAAU,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IACvD,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,gBAAgB,CAAA;IAC/B,CAAC;IAED,IAAI,KAAK,GAAG,KAAK,CAAA;IACjB,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,YAAY,CAAC,YAAY,CAAC,CAAA;QACzC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;QAC3B,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,YAAY,EAAE,WAAW,CAAC,EAAE,CAAC;YACjD,KAAK,GAAG,IAAI,CAAA;YACZ,MAAK;QACP,CAAC;IACH,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;IAC/D,CAAC;IAED,iBAAiB;IACjB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAe,CAAA;IAErE,mBAAmB;IACnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IACzC,IAAI,OAAO,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;IACnD,CAAC;IAED,qDAAqD;IACrD,IAAI,OAAO,EAAE,WAAW,KAAK,SAAS,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;QAC9E,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;IACnD,CAAC;IAED,qEAAqE;IACrE,yEAAyE;IACzE,4EAA4E;IAC5E,+DAA+D;IAC/D,IAAI,OAAO,EAAE,cAAc,KAAK,SAAS,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,cAAc,EAAE,CAAC;QACjH,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;IACjD,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,6DAA6D;AAE7D;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAW;IAC3C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;IACrD,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAe,CAAA;AAC7D,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,iBAAiB,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rudderjs/passport",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "1.1.0",
|
|
4
4
|
"rudderjs": {
|
|
5
5
|
"provider": "PassportProvider",
|
|
6
6
|
"stage": "infrastructure",
|
|
@@ -33,15 +33,15 @@
|
|
|
33
33
|
}
|
|
34
34
|
},
|
|
35
35
|
"dependencies": {
|
|
36
|
-
"@rudderjs/core": "^
|
|
37
|
-
"@rudderjs/contracts": "^
|
|
38
|
-
"@rudderjs/orm": "^
|
|
36
|
+
"@rudderjs/core": "^1.1.2",
|
|
37
|
+
"@rudderjs/contracts": "^1.3.0",
|
|
38
|
+
"@rudderjs/orm": "^1.8.0"
|
|
39
39
|
},
|
|
40
40
|
"devDependencies": {
|
|
41
41
|
"@types/node": "^20.0.0",
|
|
42
42
|
"typescript": "^5.4.0",
|
|
43
43
|
"tsx": "^4.0.0",
|
|
44
|
-
"@rudderjs/console": "^0.0
|
|
44
|
+
"@rudderjs/console": "^1.0.0"
|
|
45
45
|
},
|
|
46
46
|
"author": "Suleiman Shahbari",
|
|
47
47
|
"scripts": {
|
package/schema/passport.prisma
CHANGED
|
@@ -34,24 +34,35 @@ model OAuthAccessToken {
|
|
|
34
34
|
}
|
|
35
35
|
|
|
36
36
|
model OAuthRefreshToken {
|
|
37
|
+
// tokenHash is SHA-256 of the plaintext refresh token returned to the
|
|
38
|
+
// client. The plaintext is freshly generated CSPRNG hex; the row's `id`
|
|
39
|
+
// is internal-only. A DB read leak yields hashes, not usable bearer
|
|
40
|
+
// credentials. See `opaque-token.ts`.
|
|
37
41
|
id String @id @default(cuid())
|
|
42
|
+
tokenHash String @unique
|
|
38
43
|
accessTokenId String @unique
|
|
44
|
+
familyId String?
|
|
39
45
|
revoked Boolean @default(false)
|
|
40
46
|
expiresAt DateTime
|
|
41
47
|
|
|
42
48
|
accessToken OAuthAccessToken @relation(fields: [accessTokenId], references: [id], onDelete: Cascade)
|
|
43
49
|
|
|
50
|
+
@@index([familyId])
|
|
44
51
|
@@map("oauth_refresh_tokens")
|
|
45
52
|
}
|
|
46
53
|
|
|
47
54
|
model OAuthAuthCode {
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
+
// tokenHash is SHA-256 of the plaintext authorization code returned to
|
|
56
|
+
// the redirect URI. Same shape as OAuthRefreshToken; `id` is internal-only.
|
|
57
|
+
id String @id @default(cuid())
|
|
58
|
+
tokenHash String @unique
|
|
59
|
+
userId String
|
|
60
|
+
clientId String
|
|
61
|
+
scopes String @default("[]")
|
|
62
|
+
revoked Boolean @default(false)
|
|
63
|
+
expiresAt DateTime
|
|
64
|
+
redirectUri String?
|
|
65
|
+
codeChallenge String?
|
|
55
66
|
codeChallengeMethod String?
|
|
56
67
|
|
|
57
68
|
client OAuthClient @relation(fields: [clientId], references: [id], onDelete: Cascade)
|
|
@@ -62,11 +73,20 @@ model OAuthAuthCode {
|
|
|
62
73
|
model OAuthDeviceCode {
|
|
63
74
|
id String @id @default(cuid())
|
|
64
75
|
clientId String
|
|
65
|
-
|
|
66
|
-
|
|
76
|
+
// SHA-256 hash of the plaintext code returned to the device/user. Stored
|
|
77
|
+
// hashed so a DB read leak doesn't yield usable codes (RFC 8628 §6.1).
|
|
78
|
+
// The plaintext is returned once in the `/oauth/device/code` response
|
|
79
|
+
// body and never persisted. See `device-code-secret.ts` for the rationale
|
|
80
|
+
// on plain-SHA-256 (no pepper).
|
|
81
|
+
userCodeHash String @unique
|
|
82
|
+
deviceCodeHash String @unique
|
|
67
83
|
scopes String @default("[]")
|
|
68
84
|
userId String?
|
|
69
85
|
approved Boolean?
|
|
86
|
+
// Polling interval in seconds (RFC 8628 §3.5). Starts at 5; server
|
|
87
|
+
// increments by 5 on each `slow_down` response and returns the new value
|
|
88
|
+
// in the error body. Capped at 60 to avoid runaway escalation.
|
|
89
|
+
interval Int @default(5)
|
|
70
90
|
expiresAt DateTime
|
|
71
91
|
lastPolledAt DateTime?
|
|
72
92
|
createdAt DateTime @default(now())
|