@schemavaults/auth-client-sdk 0.9.42 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-client.d.ts +22 -5
- package/dist/auth-client.js +73 -4
- package/dist/auth-client.js.map +1 -1
- package/dist/generated/version.d.ts +1 -1
- package/dist/generated/version.js +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -1
- package/dist/lib/authenticate-url-encoder.d.ts +1 -0
- package/dist/lib/authenticate-url-encoder.js +5 -0
- package/dist/lib/authenticate-url-encoder.js.map +1 -1
- package/dist/lib/authenticate-with-redirect.d.ts +2 -1
- package/dist/lib/authenticate-with-redirect.js +26 -1
- package/dist/lib/authenticate-with-redirect.js.map +1 -1
- package/dist/lib/generate-oauth2-state.d.ts +3 -0
- package/dist/lib/generate-oauth2-state.js +33 -0
- package/dist/lib/generate-oauth2-state.js.map +1 -0
- package/dist/lib/handle-successful-authentication.d.ts +3 -1
- package/dist/lib/handle-successful-authentication.js +49 -1
- package/dist/lib/handle-successful-authentication.js.map +1 -1
- package/dist/lib/mfa/confirm-totp-enrollment.d.ts +7 -0
- package/dist/lib/mfa/confirm-totp-enrollment.js +19 -0
- package/dist/lib/mfa/confirm-totp-enrollment.js.map +1 -0
- package/dist/lib/mfa/enroll-totp.d.ts +3 -0
- package/dist/lib/mfa/enroll-totp.js +35 -0
- package/dist/lib/mfa/enroll-totp.js.map +1 -0
- package/dist/lib/mfa/get-mfa-status.d.ts +3 -0
- package/dist/lib/mfa/get-mfa-status.js +17 -0
- package/dist/lib/mfa/get-mfa-status.js.map +1 -0
- package/dist/lib/mfa/index.d.ts +6 -0
- package/dist/lib/mfa/index.js +7 -0
- package/dist/lib/mfa/index.js.map +1 -0
- package/dist/lib/mfa/regenerate-recovery-codes.d.ts +6 -0
- package/dist/lib/mfa/regenerate-recovery-codes.js +19 -0
- package/dist/lib/mfa/regenerate-recovery-codes.js.map +1 -0
- package/dist/lib/mfa/remove-factor.d.ts +6 -0
- package/dist/lib/mfa/remove-factor.js +12 -0
- package/dist/lib/mfa/remove-factor.js.map +1 -0
- package/dist/lib/mfa/verify-mfa-challenge.d.ts +15 -0
- package/dist/lib/mfa/verify-mfa-challenge.js +26 -0
- package/dist/lib/mfa/verify-mfa-challenge.js.map +1 -0
- package/dist/lib/send-authenticate-request.d.ts +2 -1
- package/dist/lib/send-authenticate-request.js +6 -7
- package/dist/lib/send-authenticate-request.js.map +1 -1
- package/dist/lib/send-authorize-client-application-request.d.ts +2 -1
- package/dist/lib/send-authorize-client-application-request.js +12 -3
- package/dist/lib/send-authorize-client-application-request.js.map +1 -1
- package/dist/types/ISchemaVaultsAuthClient.d.ts +43 -4
- package/dist/types/ISchemaVaultsAuthClientAdapter.d.ts +17 -1
- package/package.json +2 -2
package/dist/auth-client.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { type CodeChallengeWithDetails, type UserData, type AccessToken, type RefreshToken } from "@schemavaults/auth-common";
|
|
1
|
+
import { type CodeChallengeWithDetails, type UserData, type AccessToken, type RefreshToken, type AuthenticateResult, type MfaStatusResponse, type MfaEnrollResponse, type MfaVerifyEnrollmentResponse } from "@schemavaults/auth-common";
|
|
2
2
|
import type { IAuthClientConstructorOptions } from "./types/IAuthClientConstructorOptions";
|
|
3
3
|
import type { Credentials } from "./types/credentials";
|
|
4
4
|
import type { ISchemaVaultsAuthClient } from "./types/ISchemaVaultsAuthClient";
|
|
@@ -46,6 +46,8 @@ export declare class SchemaVaultsAuthClient extends EventTarget implements ISche
|
|
|
46
46
|
get version(): string;
|
|
47
47
|
get app_id(): AppId;
|
|
48
48
|
private storeCodeVerifier;
|
|
49
|
+
private storeOAuth2State;
|
|
50
|
+
private loadOAuth2State;
|
|
49
51
|
private loadCodeVerifier;
|
|
50
52
|
generateCodeChallenge(challenge_time?: number): Promise<CodeChallengeWithDetails>;
|
|
51
53
|
private authenticateWithRedirect;
|
|
@@ -61,7 +63,7 @@ export declare class SchemaVaultsAuthClient extends EventTarget implements ISche
|
|
|
61
63
|
private get isClientForAuthServer();
|
|
62
64
|
private get defaultTokenAudiences();
|
|
63
65
|
loadSavedAuthorizationCodeVerifiers(): Promise<Record<number, string>>;
|
|
64
|
-
handleSuccessfulAuthentication(authorization_code: string, challenge_time: number, code_verifier?: string): Promise<void>;
|
|
66
|
+
handleSuccessfulAuthentication(authorization_code: string, challenge_time: number, code_verifier?: string, received_state?: string | null): Promise<void>;
|
|
65
67
|
logout(): Promise<void>;
|
|
66
68
|
hasHttpOnlyRefreshToken(): boolean;
|
|
67
69
|
get auth_server_uri(): string;
|
|
@@ -109,9 +111,24 @@ export declare class SchemaVaultsAuthClient extends EventTarget implements ISche
|
|
|
109
111
|
* @param authentication_type 'login' | 'register' | 'reset-password'
|
|
110
112
|
* @param credentials Username/email/password/invite code
|
|
111
113
|
* @param code_challenge A code challenge for Oauth2 PKCE flow. Allows ensuring that trading authorization code for refresh token is done by the client that initialized the attempt to acquire the authorization code!
|
|
112
|
-
* @returns
|
|
114
|
+
* @returns The parsed `AuthenticateResult` discriminated union. On
|
|
115
|
+
* `kind: "authenticated"` callers can use `result.authorization_code`
|
|
116
|
+
* to exchange for tokens. On `kind: "mfa_required"` callers must
|
|
117
|
+
* complete the challenge via `verifyMfaChallenge`.
|
|
113
118
|
*/
|
|
114
|
-
sendAuthenticateRequest(authentication_type: AuthenticationOutcomeType, client_app_id: AppId, credentials: Credentials, code_challenge: CodeChallengeWithDetails): Promise<
|
|
119
|
+
sendAuthenticateRequest(authentication_type: AuthenticationOutcomeType, client_app_id: AppId, credentials: Credentials, code_challenge: CodeChallengeWithDetails): Promise<AuthenticateResult>;
|
|
120
|
+
verifyMfaChallenge(challenge_id: string, client_app_id: AppId, proof: {
|
|
121
|
+
type: "totp";
|
|
122
|
+
code: string;
|
|
123
|
+
} | {
|
|
124
|
+
type: "recovery_code";
|
|
125
|
+
recovery_code: string;
|
|
126
|
+
}): Promise<AuthenticateResult>;
|
|
127
|
+
getMfaStatus(): Promise<MfaStatusResponse>;
|
|
128
|
+
enrollTotp(): Promise<MfaEnrollResponse>;
|
|
129
|
+
confirmTotpEnrollment(factor_id: string, code: string): Promise<MfaVerifyEnrollmentResponse>;
|
|
130
|
+
removeFactor(factor_id: string, code: string): Promise<void>;
|
|
131
|
+
regenerateRecoveryCodes(code: string): Promise<MfaVerifyEnrollmentResponse>;
|
|
115
132
|
/**
|
|
116
133
|
* @name currentUser
|
|
117
134
|
* @description If a user is signed in to this auth client and their user data is stored locally, return it. Else, returns null.
|
|
@@ -131,7 +148,7 @@ export declare class SchemaVaultsAuthClient extends EventTarget implements ISche
|
|
|
131
148
|
get successful_logout_redirect_uri(): string | undefined;
|
|
132
149
|
supports(feature_name: string): boolean;
|
|
133
150
|
checkIfAuthenticatedWithServer(): Promise<UserData | null>;
|
|
134
|
-
sendAuthorizeClientApplicationRequest(app_id: AppId): Promise<void>;
|
|
151
|
+
sendAuthorizeClientApplicationRequest(app_id: AppId, state?: string | null): Promise<void>;
|
|
135
152
|
checkAppAuthorization(app_id: AppId): Promise<boolean>;
|
|
136
153
|
/**
|
|
137
154
|
* App IDs that are allowed to perform write operations (create, update, connect)
|
package/dist/auth-client.js
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
// @schemavaults/auth-client-sdk
|
|
3
3
|
import { PKCE_ProofKeyManager, audienceSchema, } from "@schemavaults/auth-common";
|
|
4
4
|
import { sendAuthenticateRequest } from "./lib/send-authenticate-request";
|
|
5
|
+
import { verifyMfaChallenge as verifyMfaChallengeFn, enrollTotp as enrollTotpFn, confirmTotpEnrollment as confirmTotpEnrollmentFn, removeFactor as removeFactorFn, regenerateRecoveryCodes as regenerateRecoveryCodesFn, getMfaStatus as getMfaStatusFn, } from "./lib/mfa";
|
|
5
6
|
import { appIdSchema, SCHEMAVAULTS_AUTH_APP_DEFINITION, SCHEMAVAULTS_WEB, schemaVaultsAppEnvironmentSchema, } from "@schemavaults/app-definitions";
|
|
6
7
|
import { AUTH_CLIENT_SDK_VERSION } from "./generated/version";
|
|
7
8
|
import authenticateWithRedirect from "./lib/authenticate-with-redirect";
|
|
@@ -201,6 +202,34 @@ export class SchemaVaultsAuthClient extends EventTarget {
|
|
|
201
202
|
this.adapter.storeCodeVerifier(code_verifier, challenge_time);
|
|
202
203
|
return;
|
|
203
204
|
}
|
|
205
|
+
// OAuth2 `state` CSRF-nonce storage wrappers. Lifecycle mirrors the
|
|
206
|
+
// code-verifier wrappers above.
|
|
207
|
+
storeOAuth2State(state, challenge_time) {
|
|
208
|
+
const now = Date.now();
|
|
209
|
+
if (!challenge_time || typeof challenge_time !== "number") {
|
|
210
|
+
throw new Error("Invalid challenge_time; not a number");
|
|
211
|
+
}
|
|
212
|
+
else if (challenge_time > now) {
|
|
213
|
+
throw new Error("Invalid challenge_time; in the future");
|
|
214
|
+
}
|
|
215
|
+
if (typeof state !== "string" || state.length === 0) {
|
|
216
|
+
throw new TypeError("Expected 'state' to be a non-empty string");
|
|
217
|
+
}
|
|
218
|
+
this.adapter.storeOAuth2State(state, challenge_time);
|
|
219
|
+
}
|
|
220
|
+
loadOAuth2State(challenge_time) {
|
|
221
|
+
const now = Date.now();
|
|
222
|
+
if (!challenge_time || typeof challenge_time !== "number") {
|
|
223
|
+
throw new Error("Invalid challenge_time; not a number");
|
|
224
|
+
}
|
|
225
|
+
else if (challenge_time > now) {
|
|
226
|
+
throw new Error("Invalid challenge_time; in the future");
|
|
227
|
+
}
|
|
228
|
+
else if (now - challenge_time > PKCE_ProofKeyManager.max_age) {
|
|
229
|
+
throw new Error("OAuth2 state has expired");
|
|
230
|
+
}
|
|
231
|
+
return this.adapter.loadOAuth2State(challenge_time);
|
|
232
|
+
}
|
|
204
233
|
// Load the code verifier from a secure location
|
|
205
234
|
loadCodeVerifier(challenge_time) {
|
|
206
235
|
const now = Date.now();
|
|
@@ -260,6 +289,7 @@ export class SchemaVaultsAuthClient extends EventTarget {
|
|
|
260
289
|
auth_server_uri: this._authServerUri,
|
|
261
290
|
client_app_id: this._app_id,
|
|
262
291
|
storeCodeVerifier: this.storeCodeVerifier.bind(this),
|
|
292
|
+
storeOAuth2State: this.storeOAuth2State.bind(this),
|
|
263
293
|
environment: this.environment,
|
|
264
294
|
authorize_uri: this.authorize_uri,
|
|
265
295
|
debug: this.debug,
|
|
@@ -370,12 +400,14 @@ export class SchemaVaultsAuthClient extends EventTarget {
|
|
|
370
400
|
const codeVerifiers = this.adapter.loadCodeVerifiers();
|
|
371
401
|
return codeVerifiers;
|
|
372
402
|
} // loadSavedAuthorizationCodeVerifiers()
|
|
373
|
-
async handleSuccessfulAuthentication(authorization_code, challenge_time, code_verifier) {
|
|
403
|
+
async handleSuccessfulAuthentication(authorization_code, challenge_time, code_verifier, received_state) {
|
|
374
404
|
return await handleSuccessfulAuthentication({
|
|
375
405
|
authorization_code,
|
|
376
406
|
challenge_time,
|
|
377
407
|
code_verifier,
|
|
408
|
+
received_state: received_state ?? null,
|
|
378
409
|
loadCodeVerifier: this.loadCodeVerifier.bind(this),
|
|
410
|
+
loadOAuth2State: this.loadOAuth2State.bind(this),
|
|
379
411
|
auth_server_uri: this.auth_server_uri,
|
|
380
412
|
client_app_id: this.app_id,
|
|
381
413
|
adapter: this.adapter,
|
|
@@ -606,7 +638,10 @@ export class SchemaVaultsAuthClient extends EventTarget {
|
|
|
606
638
|
* @param authentication_type 'login' | 'register' | 'reset-password'
|
|
607
639
|
* @param credentials Username/email/password/invite code
|
|
608
640
|
* @param code_challenge A code challenge for Oauth2 PKCE flow. Allows ensuring that trading authorization code for refresh token is done by the client that initialized the attempt to acquire the authorization code!
|
|
609
|
-
* @returns
|
|
641
|
+
* @returns The parsed `AuthenticateResult` discriminated union. On
|
|
642
|
+
* `kind: "authenticated"` callers can use `result.authorization_code`
|
|
643
|
+
* to exchange for tokens. On `kind: "mfa_required"` callers must
|
|
644
|
+
* complete the challenge via `verifyMfaChallenge`.
|
|
610
645
|
*/
|
|
611
646
|
async sendAuthenticateRequest(authentication_type, client_app_id, credentials, code_challenge) {
|
|
612
647
|
if (this.DEBUG)
|
|
@@ -621,6 +656,40 @@ export class SchemaVaultsAuthClient extends EventTarget {
|
|
|
621
656
|
invite_code_required: this._invite_code_required,
|
|
622
657
|
});
|
|
623
658
|
}
|
|
659
|
+
async verifyMfaChallenge(challenge_id, client_app_id, proof) {
|
|
660
|
+
return await verifyMfaChallengeFn({
|
|
661
|
+
adapter: this._adapter,
|
|
662
|
+
challenge_id,
|
|
663
|
+
client_app_id,
|
|
664
|
+
proof,
|
|
665
|
+
});
|
|
666
|
+
}
|
|
667
|
+
async getMfaStatus() {
|
|
668
|
+
return await getMfaStatusFn(this._adapter);
|
|
669
|
+
}
|
|
670
|
+
async enrollTotp() {
|
|
671
|
+
return await enrollTotpFn(this._adapter);
|
|
672
|
+
}
|
|
673
|
+
async confirmTotpEnrollment(factor_id, code) {
|
|
674
|
+
return await confirmTotpEnrollmentFn({
|
|
675
|
+
adapter: this._adapter,
|
|
676
|
+
factor_id,
|
|
677
|
+
code,
|
|
678
|
+
});
|
|
679
|
+
}
|
|
680
|
+
async removeFactor(factor_id, code) {
|
|
681
|
+
await removeFactorFn({
|
|
682
|
+
adapter: this._adapter,
|
|
683
|
+
factor_id,
|
|
684
|
+
code,
|
|
685
|
+
});
|
|
686
|
+
}
|
|
687
|
+
async regenerateRecoveryCodes(code) {
|
|
688
|
+
return await regenerateRecoveryCodesFn({
|
|
689
|
+
adapter: this._adapter,
|
|
690
|
+
code,
|
|
691
|
+
});
|
|
692
|
+
}
|
|
624
693
|
/**
|
|
625
694
|
* @name currentUser
|
|
626
695
|
* @description If a user is signed in to this auth client and their user data is stored locally, return it. Else, returns null.
|
|
@@ -727,9 +796,9 @@ export class SchemaVaultsAuthClient extends EventTarget {
|
|
|
727
796
|
client_app_id: this.app_id,
|
|
728
797
|
});
|
|
729
798
|
}
|
|
730
|
-
async sendAuthorizeClientApplicationRequest(app_id) {
|
|
799
|
+
async sendAuthorizeClientApplicationRequest(app_id, state) {
|
|
731
800
|
const sendAuthorizeRequest = await import("./lib/send-authorize-client-application-request").then((mod) => mod.default);
|
|
732
|
-
return await sendAuthorizeRequest({ app_id, adapter: this.adapter });
|
|
801
|
+
return await sendAuthorizeRequest({ app_id, adapter: this.adapter, state });
|
|
733
802
|
}
|
|
734
803
|
async checkAppAuthorization(app_id) {
|
|
735
804
|
const checkAuth = await import("./lib/check-app-authorization").then((mod) => mod.default);
|
package/dist/auth-client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-client.js","sourceRoot":"","sources":["../src/auth-client.ts"],"names":[],"mappings":"AAAA,iBAAiB;AACjB,gCAAgC;AAEhC,OAAO,EACL,oBAAoB,EAMpB,cAAc,GAEf,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAQ1E,OAAO,EAGL,WAAW,EACX,gCAAgC,EAChC,gBAAgB,EAEhB,gCAAgC,GASjC,MAAM,+BAA+B,CAAC;AAIvC,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,wBAAwB,MAAM,kCAAkC,CAAC;AACxE,OAAO,8BAA8B,MAAM,0CAA0C,CAAC;AACtF,OAAO,kBAAkB,MAAM,4BAA4B,CAAC;AAC5D,OAAO,8BAA8B,MAAM,wCAAwC,CAAC;AACpF,OAAO,0CAA0C,MAAM,uDAAuD,CAAC;AAE/G;;;;;;;GAOG;AACH,MAAM,OAAO,sBACX,SAAQ,WAAW;IAGF,QAAQ,CAAiC;IAEzC,WAAW,CAA6B;IAEzD,mCAAmC;IAClB,cAAc,CAAS;IAExC,6EAA6E;IAC5D,uCAAuC,CAAqB;IAC7E,4CAA4C;IAC3B,+BAA+B,CAAqB;IACrE,4FAA4F;IAC3E,cAAc,CAAqB;IAEnC,OAAO,CAAS,CAAC,0DAA0D;IAEpF,SAAS,GAA+C,IAAI,GAAG,EAAE,CAAC;IAEzD,KAAK,CAAU;IAEhC,IAAY,KAAK;QACf,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAEgB,kBAAkB,CAAoB;IAEtC,qBAAqB,CAAU;IAEhD,6BAA6B;IAC7B,YAAY,IAAmC;QAC7C,uBAAuB;QACvB,KAAK,EAAE,CAAC;QAER,+BAA+B;QAC/B,MAAM,cAAc,GAAG,gCAAgC,CAAC,SAAS,CAC/D,IAAI,CAAC,OAAO,CACb,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC;QACzC,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,2CAA2C;YAC3C,IACE,IAAI,CAAC,WAAW,KAAK,aAAa;gBAClC,IAAI,CAAC,WAAW,KAAK,MAAM;gBAC3B,IAAI,CAAC,WAAW,KAAK,SAAS,EAC9B,CAAC;gBACD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YACrB,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;QAC1E,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC;QAE7B,qCAAqC;QACrC,IAAI,OAAO,IAAI,CAAC,eAAe,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YACtE,MAAM,IAAI,KAAK,CACb,gFAAgF,CACjF,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,eAAgC,CAAC;QAC5D,IAAI,IAAI,CAAC,WAAW,KAAK,YAAY,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACxE,eAAe;YACf,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8CAA8C,IAAI,CAAC,cAAc,GAAG,CACrE,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,UAAU,GAAuB,SAAS,CAAC;YAC/C,IAAI,CAAC;gBACH,8FAA8F;gBAC9F,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;oBAC3C,8FAA8F;oBAC9F,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACpC,CAAC;YACH,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,KAAK,CAAC,CAAC,CAAC,YAAY;YACtB,CAAC;YACD,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACnC,kCAAkC;gBAClC,OAAO,CAAC,GAAG,CACT,oDACE,OAAO,UAAU,KAAK,QAAQ;oBAC5B,CAAC,CAAC,wBAAwB,UAAU,IAAI;oBACxC,CAAC,CAAC,EACN,oBAAoB,EACpB,IAAI,CAAC,cAAc,CACpB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,MAAM,aAAa,GAAG,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC;QAClC,OAAO,CAAC,MAAM,CACZ,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAChC,oFAAoF,CACrF,CAAC;QAEF,uFAAuF;QACvF,IAAI,CAAC,uCAAuC;YAC1C,IAAI,CAAC,sCAAsC,CAAC;QAC9C,IAAI,CAAC,IAAI,CAAC,uCAAuC,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,+BAA+B,GAAG,IAAI,CAAC,8BAA8B,CAAC;QAE3E,IACE,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;YACtC,OAAO,IAAI,CAAC,aAAa,KAAK,WAAW,EACzC,CAAC;YACD,MAAM,IAAI,KAAK,CACb,wEAAwE,OAAO,IAAI,CAAC,aAAa,GAAG,CACrG,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC;QAEzC,wBAAwB;QACxB,8EAA8E;QAC9E,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,iBAAiB,IAAI,EAAE,CAAC;QAEvD,oCAAoC;QACpC,IAAI,CAAC,qBAAqB;YACxB,OAAO,IAAI,CAAC,oBAAoB,KAAK,SAAS;gBAC5C,CAAC,CAAC,IAAI,CAAC,oBAAoB;gBAC3B,CAAC,CAAC,IAAI,CAAC;QAEX,oCAAoC;QACpC,IAAI,CAAC,gBAAgB,CACnB,kBAAqD,EACrD,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CACtC,CAAC;QAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,yEAAyE,CAC1E,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,qBAAqB;QAC3B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;QACjE,CAAC;QACD,KAAK,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;YACnE,IAAI,WAAW,KAAK,YAAY,CAAC,EAAE,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,CAAC;gBACH,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,GAAG,CACT,wDAAwD,WAAW,MAAM,CAC1E,CAAC;gBACJ,CAAC;gBACD,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC1B,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,yDAAyD,WAAW,IAAI,EACxE,CAAC,CACF,CAAC;gBACF,MAAM,IAAI,KAAK,CACb,iFAAiF,WAAW,GAAG,CAChG,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,IAAY,OAAO;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,IAAW,OAAO;QAChB,OAAO,uBAAuB,CAAC;IACjC,CAAC;IAED,IAAW,MAAM;QACf,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,OAAwB,CAAC;IACvC,CAAC;IAED,oCAAoC;IACpC,gDAAgD;IAChD,4DAA4D;IAC5D,yDAAyD;IACzD,gDAAgD;IAChD,mFAAmF;IAC3E,iBAAiB,CACvB,aAAqB,EACrB,cAAsB;QAEtB,+CAA+C;QAC/C,8CAA8C;QAC9C,4DAA4D;QAE5D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,cAAc,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;aAAM,IAAI,cAAc,GAAG,GAAG,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,6DAA6D;QAC7D,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,gDAAgD;IACxC,gBAAgB,CAAC,cAAsB;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,cAAc,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;aAAM,IAAI,cAAc,GAAG,GAAG,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,GAAG,GAAG,cAAc,GAAG,oBAAoB,CAAC,OAAO,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;YACvC,OAAO,CAAC,GAAG,CACT,uEAAuE,CACxE,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;QACpE,IACE,OAAO,aAAa,KAAK,QAAQ;YACjC,aAAa,CAAC,UAAU,CAAC,aAAa,CAAC,EACvC,CAAC;YACD,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;YACvC,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CACT,oEAAoE,EACpE,aAAa,CACd,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CACV,4EAA4E,CAC7E,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC;QAChC,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAChC,iBAAyB,IAAI,CAAC,GAAG,EAAE;QAEnC,MAAM,aAAa,GACjB,oBAAoB,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAC;QAC1D,MAAM,IAAI,GAAG,IAAI,oBAAoB,CAAC,aAAa,CAAC,CAAC;QACrD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACrD,IAAI,OAAO,cAAc,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAC;QACJ,CAAC;aAAM,IACL,OAAO,cAAc,CAAC,qBAAqB,KAAK,QAAQ;YACxD,cAAc,CAAC,qBAAqB,KAAK,MAAM,EAC/C,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QACD,cAAc,CAAC,qBAAsC,CAAC;QAEtD,IAAI,CAAC,iBAAiB,CACpB,aAAa,CAAC,aAA8B,EAC5C,cAAc,CAAC,cAAc,CAC9B,CAAC;QACF,OAAO,cAAc,CAAC;IACxB,CAAC;IAEO,KAAK,CAAC,wBAAwB,CAAC,IAA0B;QAC/D,IACE,CAAC,IAAI,CAAC,aAAa;YACnB,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;YACtC,IAAI,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAC/B,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAC;QAC5D,CAAC;QACD,OAAO,MAAM,wBAAwB,CAAC;YACpC,IAAI;YACJ,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,eAAe,EAAE,IAAI,CAAC,cAAc;YACpC,aAAa,EAAE,IAAI,CAAC,OAAO;YAC3B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpD,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,iEAAiE,CAClE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;YACpE,IAAI,CAAC,YAAY,KAAK;gBAAE,MAAM,CAAC,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,UAAU;IAEL,KAAK,CAAC,QAAQ;QACnB,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,kEAAkE,CACnE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,oDAAoD,EAAE,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,YAAY,KAAK;gBAAE,MAAM,CAAC,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;IACH,CAAC,CAAC,aAAa;IAEP,uBAAuB;QAC7B,MAAM,SAAS,GAAG,kBAAqD,CAAC;QACxE,MAAM,WAAW,GAAG,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,kFAAkF,SAAS,EAAE,CAC9F,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;IAClC,CAAC,CAAC,4BAA4B;IAEtB,yBAAyB,CAC/B,aAAuE;QAEvE,MAAM,uBAAuB,GAAa,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACrE,uBAAuB,CAAC,OAAO,CAAC,CAAC,QAAgB,EAAQ,EAAE;YACzD,0BAA0B;YAC1B,MAAM,WAAW,GACf,aAAa,CAAC,QAAQ,CAAC,CAAC;YAC1B,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,SAAS,CAAC,sCAAsC,QAAQ,GAAG,CAAC,CAAC;YACzE,CAAC;YACD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrE,IAAI,QAAQ,KAAK,WAAW,CAAC,GAAG,EAAE,CAAC;oBACjC,MAAM,IAAI,KAAK,CACb,uDAAuD,CACxD,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;iBAAM,IACL,OAAO,WAAW,KAAK,QAAQ;gBAC/B,WAAW,KAAK,qBAAqB,EACrC,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,oFAAoF,CACrF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,SAAS,CACjB,2CAA2C,QAAQ,GAAG,CACvD,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,IAAY,qBAAqB;QAC/B,IAAI,IAAI,CAAC,MAAM,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAY,qBAAqB;QAC/B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,6DAA6D,CAC9D,CAAC;QACJ,CAAC;QAED,IAAI,QAAQ,GAAa,EAAE,CAAC;QAE5B,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC,gCAAgC,CAAC,MAAM,CAAC,CAAC;QACzD,CAAC;QAED,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE1C,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CACV,0EAA0E,CAC3E,CAAC;YACF,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CACrC,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAC/C,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,8CAA8C,EAC9C,MAAM,CAAC,KAAK,CACb,CAAC;YACF,MAAM,IAAI,KAAK,CACb,8IAA8I,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC;QAE3B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,0DAA0D,EAC1D,MAAM,CACP,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,mCAAmC;QAG9C,MAAM,aAAa,GACjB,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QACnC,OAAO,aAAa,CAAC;IACvB,CAAC,CAAC,wCAAwC;IAEnC,KAAK,CAAC,8BAA8B,CACzC,kBAA0B,EAC1B,cAAsB,EACtB,aAAsB;QAEtB,OAAO,MAAM,8BAA8B,CAAC;YAC1C,kBAAkB;YAClB,cAAc;YACd,aAAa;YACb,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;YAClD,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,IAAI,CAAC,MAAM;YAC1B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5C,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpD,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;YAChE,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;SAClD,CAAC,CAAC;IACL,CAAC,CAAC,mCAAmC;IAE9B,KAAK,CAAC,MAAM;QACjB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAiB,CAAC;YACjD,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAgB,CAAC;YACtD,IAAI,CAAC,OAAO,CAAC,aAAa,EAAiB,CAAC;QAC9C,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8FAA8F,CAC/F,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAC/B,OAAO;IACT,CAAC,CAAC,WAAW;IAEN,uBAAuB;QAC5B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,KAAK,UAAU,EAAE,CAAC;YACvE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE,EAAE,CAAC;YACpD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,uBAAuB,KAAK,UAAU,EAAE,CAAC;YAC/D,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,4BAA4B;IAE9B,IAAW,eAAe;QACxB,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC;QACjC,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAW,MAAM;QACf,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC;QAC7B,IAAI,GAAG,KAAK,aAAa,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,CAAC;YACN,2BAA2B;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,IAAW,sCAAsC;QAC/C,IAAI,GAAG,GAAuB,IAAI,CAAC,uCAAuC,CAAC;QAC3E,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,OAAO,GAAG,KAAK,WAAW,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,OAAO,GAA+B,IAAI,CAAC,WAAW,CAAC;QAC7D,IAAI,OAAO,KAAK,aAAa,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACpD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,KAAK,CACX,yDAAyD,GAAG,GAAG,CAChE,CAAC;gBACF,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;OAIG;IACK,iBAAiB,CAAC,aAA2B;QACnD,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,aAAa,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC1E,MAAM,IAAI,SAAS,CACjB,uEAAuE,CACxE,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8CAA8C,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,CAC/E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED;;;;;OAKG;IACK,gBAAgB,CAAC,QAAgB,EAAE,YAAyB;QAClE,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,SAAS,CAAC,8CAA8C,CAAC,CAAC;QACtE,CAAC;aAAM,IACL,OAAO,YAAY,KAAK,QAAQ;YAChC,YAAY,CAAC,IAAI,KAAK,QAAQ,EAC9B,CAAC;YACD,MAAM,IAAI,SAAS,CACjB,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8CAA8C,QAAQ,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAC5F,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACtD,OAAO;IACT,CAAC;IAEM,uBAAuB,CAAC,QAAgB;QAC7C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,mFAAmF,QAAQ,kBAAkB,CAC9G,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,GAAuB,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACxE,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CACV,mGAAmG,QAAQ,kBAAkB,CAC9H,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,wBAAwB;QAC7B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,yEAAyE,CAC1E,CAAC;QACJ,CAAC;QACD,IACE,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,KAAK,UAAU;YAClE,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE,EAC9C,CAAC;YACD,MAAM,IAAI,KAAK,CACb,yEAAyE,CAC1E,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAwB,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;QAClE,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,IAAI,CACV,iEAAiE,CAClE,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CACT,mEAAmE,EACnE,KAAK,CACN,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,KAAK,IAAI,IAAI,CAAC;IACvB,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,kBAAkB,CAC7B,IAA+B;QAE/B,IAAI,+BAEqB,CAAC;QAC1B,IAAI,CAAC;YACH,+BAA+B,GAAG,MAAM,MAAM,CAC5C,4BAA4B,CAC7B,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC7B,IAAI,OAAO,+BAA+B,KAAK,UAAU,EAAE,CAAC;gBAC1D,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,wEAAwE,EACxE,KAAK,CACN,CAAC;YACF,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QAED,MAAM,OAAO,GAAmC,IAAI,CAAC,OAAO,CAAC;QAC7D,OAAO,MAAM,+BAA+B,CAAC;YAC3C,IAAI;YACJ,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;YACtD,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAkB;QACtC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,oFAAoF,CACrF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,qEAAqE,CACtE,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,WAAW;QACjB,IAAI,IAAI,CAAC,KAAK;YACZ,OAAO,CAAC,GAAG,CACT,0FAA0F,CAC3F,CAAC;QAEJ,IAAI,QAAyB,CAAC;QAC9B,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QACxC,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,kFAAkF,EAClF,CAAC,CACF,CAAC;YACF,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAC;QACJ,CAAC;QACD,4HAA4H;QAE5H,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC/C,OAAO,CAAC,GAAG,CACT,kFAAkF,EAClF,QAAQ,CACT,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,iCAAiC;gBACjC,OAAO,CAAC,IAAI,CACV,6HAA6H,CAC9H,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,QAAkC,CAAC;IAC5C,CAAC;IAES,mBAAmB;QAC3B,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC;IACpB,CAAC;IAED;;;OAGG;IACH,IAAW,eAAe;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;IACxC,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,uBAAuB,CAClC,mBAA8C,EAC9C,aAAoB,EACpB,WAAwB,EACxB,cAAwC;QAExC,IAAI,IAAI,CAAC,KAAK;YACZ,OAAO,CAAC,GAAG,CACT,qEAAqE,CACtE,CAAC;QACJ,OAAO,MAAM,uBAAuB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,mBAAmB;YACnB,aAAa;YACb,WAAW;YACX,cAAc;YACd,eAAe,EAAE,IAAI,CAAC,WAAW;YACjC,oBAAoB,EAAE,IAAI,CAAC,qBAAqB;SACjD,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,IAAW,WAAW;QACpB,MAAM,QAAQ,GAAoB,IAAI,CAAC,WAAW,EAAE,CAAC;QACrD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,0CAA0C,CACtD,eAAwB;QAExB,OAAO,MAAM,0CAA0C,CAAC;YACtD,eAAe;YACf,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpE,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,YAAkD,EAClD,QAA4B,EAC5B,iBAA2B;QAE3B,OAAO,MAAM,kBAAkB,CAAC;YAC9B,YAAY;YACZ,iBAAiB;YACjB,QAAQ,EAAE,QAAQ,IAAI,IAAI,CAAC,qBAAqB;YAChD,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,0CAA0C,EACxC,IAAI,CAAC,0CAA0C,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5D,aAAa,EAAE,IAAI,CAAC,MAAM;YAC1B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,CAAC,CAAC;IACL,CAAC,CAAC,uBAAuB;IAEjB,IAAI;QACV,IAAI,EAAU,CAAC;QACf,IAAI,CAAC;YACH,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,yEAAyE,EACzE,CAAC,CACF,CAAC;YACF,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAEM,kBAAkB,CACvB,QAAoB,EACpB,WAAoB;QAEpB,IAAI,EAAU,CAAC;QACf,IAAI,CAAC,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACrD,EAAE,GAAG,WAAW,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,gFAAgF,CACjF,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,4DAA4D,EAAE,GAAG,CAClE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE;YACrB,EAAE;YACF,QAAQ;SACT,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,sEAAsE,EAAE,yBAAyB,CAClG,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAEM,6BAA6B,CAAC,WAAmB;QACtD,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,0CAA0C,WAAW,GAAG,CAAC,CAAC;QAC5E,MAAM,oBAAoB,GAAY,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACzE,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,CACX,uEAAuE,WAAW,yEAAyE,CAC5J,CAAC;YACF,MAAM,IAAI,KAAK,CACb,wDAAwD,WAAW,GAAG,CACvE,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,uEAAuE,WAAW,sCAAsC,CACzH,CAAC;QACJ,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,IAAW,8BAA8B;QACvC,MAAM,YAAY,GAChB,IAAI,CAAC,+BAA+B,IAAI,SAAS,CAAC;QACpD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,2DAA2D,EAC3D,YAAY,CACb,CAAC;QACJ,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAEM,QAAQ,CAAC,YAAoB;QAClC,IAAI,YAAY,KAAK,yBAAyB,EAAE,CAAC;YAC/C,OAAO,CACL,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,KAAK,UAAU;gBAClE,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE,CAC/C,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,KAAK,CAAC,8BAA8B;QACzC,OAAO,MAAM,8BAA8B,CAAC;YAC1C,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,IAAI,CAAC,MAAM;SAC3B,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,qCAAqC,CAChD,MAAa;QAEb,MAAM,oBAAoB,GAAG,MAAM,MAAM,CACvC,iDAAiD,CAClD,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,MAAM,oBAAoB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACvE,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAAC,MAAa;QAC9C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC,IAAI,CAClE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CACrB,CAAC;QACF,OAAO,MAAM,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED;;;OAGG;IACK,MAAM,CAAU,aAAa,GAAwB,IAAI,GAAG,CAAC;QACnE,gCAAgC,CAAC,MAAM;QACvC,gBAAgB,CAAC,MAAM;KACxB,CAAC,CAAC;IAEH;;;OAGG;IACK,oCAAoC,CAAC,WAAmB;QAC9D,IAAI,CAAC,sBAAsB,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CACb,4BAA4B,WAAW,kDAAkD;gBACzF,mBAAmB,IAAI,CAAC,OAAO,gDAAgD,CAChF,CAAC;QACJ,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,sBAAsB,CACjC,UAA6B,EAC7B,YAA8B,EAC9B,UAA8B;QAE9B,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC,IAAI,CAC5D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;IAC1H,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,cAA+B;QAE/B,IAAI,CAAC,oCAAoC,CAAC,yBAAyB,CAAC,CAAC;QACrE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC,IAAI,CAC7D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC;IACpG,CAAC;IAEM,KAAK,CAAC,6BAA6B,CACxC,qBAA+C;QAE/C,IAAI,CAAC,oCAAoC,CAAC,+BAA+B,CAAC,CAAC;QAC3E,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,wCAAwC,CAAC,CAAC,IAAI,CACpE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,qBAAqB,EAAE,CAAC,CAAC;IAC3G,CAAC;IAEM,KAAK,CAAC,+BAA+B,CAC1C,MAAa;QAEb,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,0CAA0C,CAAC,CAAC,IAAI,CACtE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAEM,KAAK,CAAC,4BAA4B,CACvC,MAAa;QAEb,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,uCAAuC,CAAC,CAAC,IAAI,CACnE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,UAAmC,EACnC,YAA8B,EAC9B,UAA8B;QAE9B,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC,IAAI,CACpD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;IAC1H,CAAC;IAEM,KAAK,CAAC,eAAe,CAC1B,qBAAsD;QAEtD,IAAI,CAAC,oCAAoC,CAAC,iBAAiB,CAAC,CAAC;QAC7D,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC,IAAI,CACrD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,qBAAqB,EAAE,CAAC,CAAC;IAC3G,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAChC,4BAA4D;QAE5D,IAAI,CAAC,oCAAoC,CAAC,uBAAuB,CAAC,CAAC;QACnE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC,IAAI,CAC5D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,4BAA4B,EAAE,CAAC,CAAC;IAClH,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAC/B,aAA0B;QAE1B,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC,IAAI,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,CAAC,CAAC;IACnG,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,aAA0B;QAE1B,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,kCAAkC,CAAC,CAAC,IAAI,CAC9D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,CAAC,CAAC;IACnG,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,MAAa;QAChD,IAAI,CAAC,oCAAoC,CAAC,yBAAyB,CAAC,CAAC;QACrE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC,IAAI,CAC7D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,aAA0B;QACrD,IAAI,CAAC,oCAAoC,CAAC,iBAAiB,CAAC,CAAC;QAC7D,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC,IAAI,CACrD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,CAAC,CAAC;IACnG,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAChC,aAA0B,EAC1B,aAAoB;QAEpB,IAAI,CAAC,oCAAoC,CAAC,uBAAuB,CAAC,CAAC;QACnE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC,IAAI,CAC7D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;IAClH,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,aAA0B,EAC1B,aAAoB;QAEpB,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,mCAAmC,CAAC,CAAC,IAAI,CAC/D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;IAClH,CAAC"}
|
|
1
|
+
{"version":3,"file":"auth-client.js","sourceRoot":"","sources":["../src/auth-client.ts"],"names":[],"mappings":"AAAA,iBAAiB;AACjB,gCAAgC;AAEhC,OAAO,EACL,oBAAoB,EAMpB,cAAc,GAMf,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EACL,kBAAkB,IAAI,oBAAoB,EAC1C,UAAU,IAAI,YAAY,EAC1B,qBAAqB,IAAI,uBAAuB,EAChD,YAAY,IAAI,cAAc,EAC9B,uBAAuB,IAAI,yBAAyB,EACpD,YAAY,IAAI,cAAc,GAC/B,MAAM,WAAW,CAAC;AAQnB,OAAO,EAGL,WAAW,EACX,gCAAgC,EAChC,gBAAgB,EAEhB,gCAAgC,GASjC,MAAM,+BAA+B,CAAC;AAIvC,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,wBAAwB,MAAM,kCAAkC,CAAC;AACxE,OAAO,8BAA8B,MAAM,0CAA0C,CAAC;AACtF,OAAO,kBAAkB,MAAM,4BAA4B,CAAC;AAC5D,OAAO,8BAA8B,MAAM,wCAAwC,CAAC;AACpF,OAAO,0CAA0C,MAAM,uDAAuD,CAAC;AAE/G;;;;;;;GAOG;AACH,MAAM,OAAO,sBACX,SAAQ,WAAW;IAGF,QAAQ,CAAiC;IAEzC,WAAW,CAA6B;IAEzD,mCAAmC;IAClB,cAAc,CAAS;IAExC,6EAA6E;IAC5D,uCAAuC,CAAqB;IAC7E,4CAA4C;IAC3B,+BAA+B,CAAqB;IACrE,4FAA4F;IAC3E,cAAc,CAAqB;IAEnC,OAAO,CAAS,CAAC,0DAA0D;IAEpF,SAAS,GAA+C,IAAI,GAAG,EAAE,CAAC;IAEzD,KAAK,CAAU;IAEhC,IAAY,KAAK;QACf,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAEgB,kBAAkB,CAAoB;IAEtC,qBAAqB,CAAU;IAEhD,6BAA6B;IAC7B,YAAY,IAAmC;QAC7C,uBAAuB;QACvB,KAAK,EAAE,CAAC;QAER,+BAA+B;QAC/B,MAAM,cAAc,GAAG,gCAAgC,CAAC,SAAS,CAC/D,IAAI,CAAC,OAAO,CACb,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,uEAAuE,CACxE,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC;QACzC,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,2CAA2C;YAC3C,IACE,IAAI,CAAC,WAAW,KAAK,aAAa;gBAClC,IAAI,CAAC,WAAW,KAAK,MAAM;gBAC3B,IAAI,CAAC,WAAW,KAAK,SAAS,EAC9B,CAAC;gBACD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YACpB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YACrB,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;QAC1E,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC;QAE7B,qCAAqC;QACrC,IAAI,OAAO,IAAI,CAAC,eAAe,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YACtE,MAAM,IAAI,KAAK,CACb,gFAAgF,CACjF,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,eAAgC,CAAC;QAC5D,IAAI,IAAI,CAAC,WAAW,KAAK,YAAY,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACxE,eAAe;YACf,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8CAA8C,IAAI,CAAC,cAAc,GAAG,CACrE,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,UAAU,GAAuB,SAAS,CAAC;YAC/C,IAAI,CAAC;gBACH,8FAA8F;gBAC9F,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;oBAC3C,8FAA8F;oBAC9F,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACpC,CAAC;YACH,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,KAAK,CAAC,CAAC,CAAC,YAAY;YACtB,CAAC;YACD,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACnC,kCAAkC;gBAClC,OAAO,CAAC,GAAG,CACT,oDACE,OAAO,UAAU,KAAK,QAAQ;oBAC5B,CAAC,CAAC,wBAAwB,UAAU,IAAI;oBACxC,CAAC,CAAC,EACN,oBAAoB,EACpB,IAAI,CAAC,cAAc,CACpB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,MAAM,aAAa,GAAG,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzD,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC;QAClC,OAAO,CAAC,MAAM,CACZ,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAChC,oFAAoF,CACrF,CAAC;QAEF,uFAAuF;QACvF,IAAI,CAAC,uCAAuC;YAC1C,IAAI,CAAC,sCAAsC,CAAC;QAC9C,IAAI,CAAC,IAAI,CAAC,uCAAuC,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,+BAA+B,GAAG,IAAI,CAAC,8BAA8B,CAAC;QAE3E,IACE,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;YACtC,OAAO,IAAI,CAAC,aAAa,KAAK,WAAW,EACzC,CAAC;YACD,MAAM,IAAI,KAAK,CACb,wEAAwE,OAAO,IAAI,CAAC,aAAa,GAAG,CACrG,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC;QAEzC,wBAAwB;QACxB,8EAA8E;QAC9E,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,iBAAiB,IAAI,EAAE,CAAC;QAEvD,oCAAoC;QACpC,IAAI,CAAC,qBAAqB;YACxB,OAAO,IAAI,CAAC,oBAAoB,KAAK,SAAS;gBAC5C,CAAC,CAAC,IAAI,CAAC,oBAAoB;gBAC3B,CAAC,CAAC,IAAI,CAAC;QAEX,oCAAoC;QACpC,IAAI,CAAC,gBAAgB,CACnB,kBAAqD,EACrD,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CACtC,CAAC;QAEF,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,yEAAyE,CAC1E,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,qBAAqB;QAC3B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;QACjE,CAAC;QACD,KAAK,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;YACnE,IAAI,WAAW,KAAK,YAAY,CAAC,EAAE,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,CAAC;gBACH,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,GAAG,CACT,wDAAwD,WAAW,MAAM,CAC1E,CAAC;gBACJ,CAAC;gBACD,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC1B,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,yDAAyD,WAAW,IAAI,EACxE,CAAC,CACF,CAAC;gBACF,MAAM,IAAI,KAAK,CACb,iFAAiF,WAAW,GAAG,CAChG,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,IAAY,OAAO;QACjB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,IAAW,OAAO;QAChB,OAAO,uBAAuB,CAAC;IACjC,CAAC;IAED,IAAW,MAAM;QACf,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,OAAwB,CAAC;IACvC,CAAC;IAED,oCAAoC;IACpC,gDAAgD;IAChD,4DAA4D;IAC5D,yDAAyD;IACzD,gDAAgD;IAChD,mFAAmF;IAC3E,iBAAiB,CACvB,aAAqB,EACrB,cAAsB;QAEtB,+CAA+C;QAC/C,8CAA8C;QAC9C,4DAA4D;QAE5D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,cAAc,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;aAAM,IAAI,cAAc,GAAG,GAAG,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,6DAA6D;QAC7D,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,oEAAoE;IACpE,gCAAgC;IACxB,gBAAgB,CAAC,KAAa,EAAE,cAAsB;QAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,cAAc,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;aAAM,IAAI,cAAc,GAAG,GAAG,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;IACvD,CAAC;IAEO,eAAe,CAAC,cAAsB;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,cAAc,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;aAAM,IAAI,cAAc,GAAG,GAAG,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,GAAG,GAAG,cAAc,GAAG,oBAAoB,CAAC,OAAO,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;IACtD,CAAC;IAED,gDAAgD;IACxC,gBAAgB,CAAC,cAAsB;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,cAAc,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;aAAM,IAAI,cAAc,GAAG,GAAG,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,GAAG,GAAG,cAAc,GAAG,oBAAoB,CAAC,OAAO,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;YACvC,OAAO,CAAC,GAAG,CACT,uEAAuE,CACxE,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;QACpE,IACE,OAAO,aAAa,KAAK,QAAQ;YACjC,aAAa,CAAC,UAAU,CAAC,aAAa,CAAC,EACvC,CAAC;YACD,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;YACvC,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CACT,oEAAoE,EACpE,aAAa,CACd,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CACV,4EAA4E,CAC7E,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,aAAa;YAAE,OAAO,IAAI,CAAC;QAChC,OAAO,aAAa,CAAC;IACvB,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAChC,iBAAyB,IAAI,CAAC,GAAG,EAAE;QAEnC,MAAM,aAAa,GACjB,oBAAoB,CAAC,kBAAkB,CAAC,cAAc,CAAC,CAAC;QAC1D,MAAM,IAAI,GAAG,IAAI,oBAAoB,CAAC,aAAa,CAAC,CAAC;QACrD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACrD,IAAI,OAAO,cAAc,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CACb,6DAA6D,CAC9D,CAAC;QACJ,CAAC;aAAM,IACL,OAAO,cAAc,CAAC,qBAAqB,KAAK,QAAQ;YACxD,cAAc,CAAC,qBAAqB,KAAK,MAAM,EAC/C,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QACD,cAAc,CAAC,qBAAsC,CAAC;QAEtD,IAAI,CAAC,iBAAiB,CACpB,aAAa,CAAC,aAA8B,EAC5C,cAAc,CAAC,cAAc,CAC9B,CAAC;QACF,OAAO,cAAc,CAAC;IACxB,CAAC;IAEO,KAAK,CAAC,wBAAwB,CAAC,IAA0B;QAC/D,IACE,CAAC,IAAI,CAAC,aAAa;YACnB,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ;YACtC,IAAI,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAC/B,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,oCAAoC,CAAC,CAAC;QAC5D,CAAC;QACD,OAAO,MAAM,wBAAwB,CAAC;YACpC,IAAI;YACJ,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,eAAe,EAAE,IAAI,CAAC,cAAc;YACpC,aAAa,EAAE,IAAI,CAAC,OAAO;YAC3B,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpD,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;YAClD,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,iEAAiE,CAClE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE,CAAC,CAAC,CAAC;YACpE,IAAI,CAAC,YAAY,KAAK;gBAAE,MAAM,CAAC,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,UAAU;IAEL,KAAK,CAAC,QAAQ;QACnB,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,kEAAkE,CACnE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,oDAAoD,EAAE,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,YAAY,KAAK;gBAAE,MAAM,CAAC,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;IACH,CAAC,CAAC,aAAa;IAEP,uBAAuB;QAC7B,MAAM,SAAS,GAAG,kBAAqD,CAAC;QACxE,MAAM,WAAW,GAAG,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,kFAAkF,SAAS,EAAE,CAC9F,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;IAClC,CAAC,CAAC,4BAA4B;IAEtB,yBAAyB,CAC/B,aAAuE;QAEvE,MAAM,uBAAuB,GAAa,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACrE,uBAAuB,CAAC,OAAO,CAAC,CAAC,QAAgB,EAAQ,EAAE;YACzD,0BAA0B;YAC1B,MAAM,WAAW,GACf,aAAa,CAAC,QAAQ,CAAC,CAAC;YAC1B,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,SAAS,CAAC,sCAAsC,QAAQ,GAAG,CAAC,CAAC;YACzE,CAAC;YACD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrE,IAAI,QAAQ,KAAK,WAAW,CAAC,GAAG,EAAE,CAAC;oBACjC,MAAM,IAAI,KAAK,CACb,uDAAuD,CACxD,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;iBAAM,IACL,OAAO,WAAW,KAAK,QAAQ;gBAC/B,WAAW,KAAK,qBAAqB,EACrC,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,oFAAoF,CACrF,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,SAAS,CACjB,2CAA2C,QAAQ,GAAG,CACvD,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,IAAY,qBAAqB;QAC/B,IAAI,IAAI,CAAC,MAAM,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAY,qBAAqB;QAC/B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,6DAA6D,CAC9D,CAAC;QACJ,CAAC;QAED,IAAI,QAAQ,GAAa,EAAE,CAAC;QAE5B,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,QAAQ,CAAC,IAAI,CAAC,gCAAgC,CAAC,MAAM,CAAC,CAAC;QACzD,CAAC;QAED,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAE1C,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CACV,0EAA0E,CAC3E,CAAC;YACF,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CACrC,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAC/C,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,8CAA8C,EAC9C,MAAM,CAAC,KAAK,CACb,CAAC;YACF,MAAM,IAAI,KAAK,CACb,8IAA8I,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC;QAE3B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,0DAA0D,EAC1D,MAAM,CACP,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,mCAAmC;QAG9C,MAAM,aAAa,GACjB,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QACnC,OAAO,aAAa,CAAC;IACvB,CAAC,CAAC,wCAAwC;IAEnC,KAAK,CAAC,8BAA8B,CACzC,kBAA0B,EAC1B,cAAsB,EACtB,aAAsB,EACtB,cAA8B;QAE9B,OAAO,MAAM,8BAA8B,CAAC;YAC1C,kBAAkB;YAClB,cAAc;YACd,aAAa;YACb,cAAc,EAAE,cAAc,IAAI,IAAI;YACtC,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;YAClD,eAAe,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;YAChD,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,IAAI,CAAC,MAAM;YAC1B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5C,iBAAiB,EAAE,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpD,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpE,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;YAChE,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;SAClD,CAAC,CAAC;IACL,CAAC,CAAC,mCAAmC;IAE9B,KAAK,CAAC,MAAM;QACjB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,CAAC;YACH,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAiB,CAAC;YACjD,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAgB,CAAC;YACtD,IAAI,CAAC,OAAO,CAAC,aAAa,EAAiB,CAAC;QAC9C,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8FAA8F,CAC/F,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAC/B,OAAO;IACT,CAAC,CAAC,WAAW;IAEN,uBAAuB;QAC5B,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,KAAK,UAAU,EAAE,CAAC;YACvE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE,EAAE,CAAC;YACpD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,uBAAuB,KAAK,UAAU,EAAE,CAAC;YAC/D,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,4BAA4B;IAE9B,IAAW,eAAe;QACxB,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC;QACjC,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAW,MAAM;QACf,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC;QAC7B,IAAI,GAAG,KAAK,aAAa,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC;QACf,CAAC;aAAM,CAAC;YACN,2BAA2B;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,IAAW,sCAAsC;QAC/C,IAAI,GAAG,GAAuB,IAAI,CAAC,uCAAuC,CAAC;QAC3E,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,OAAO,GAAG,KAAK,WAAW,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,OAAO,GAA+B,IAAI,CAAC,WAAW,CAAC;QAC7D,IAAI,OAAO,KAAK,aAAa,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACpD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,KAAK,CACX,yDAAyD,GAAG,GAAG,CAChE,CAAC;gBACF,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,IAAW,aAAa;QACtB,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;OAIG;IACK,iBAAiB,CAAC,aAA2B;QACnD,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,aAAa,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC1E,MAAM,IAAI,SAAS,CACjB,uEAAuE,CACxE,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8CAA8C,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,CAC/E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED;;;;;OAKG;IACK,gBAAgB,CAAC,QAAgB,EAAE,YAAyB;QAClE,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,SAAS,CAAC,8CAA8C,CAAC,CAAC;QACtE,CAAC;aAAM,IACL,OAAO,YAAY,KAAK,QAAQ;YAChC,YAAY,CAAC,IAAI,KAAK,QAAQ,EAC9B,CAAC;YACD,MAAM,IAAI,SAAS,CACjB,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,8CAA8C,QAAQ,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAC5F,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACtD,OAAO;IACT,CAAC;IAEM,uBAAuB,CAAC,QAAgB;QAC7C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,mFAAmF,QAAQ,kBAAkB,CAC9G,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,GAAuB,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QACxE,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CACV,mGAAmG,QAAQ,kBAAkB,CAC9H,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,wBAAwB;QAC7B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,yEAAyE,CAC1E,CAAC;QACJ,CAAC;QACD,IACE,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,KAAK,UAAU;YAClE,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE,EAC9C,CAAC;YACD,MAAM,IAAI,KAAK,CACb,yEAAyE,CAC1E,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAwB,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;QAClE,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,IAAI,CACV,iEAAiE,CAClE,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CACT,mEAAmE,EACnE,KAAK,CACN,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,KAAK,IAAI,IAAI,CAAC;IACvB,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,kBAAkB,CAC7B,IAA+B;QAE/B,IAAI,+BAEqB,CAAC;QAC1B,IAAI,CAAC;YACH,+BAA+B,GAAG,MAAM,MAAM,CAC5C,4BAA4B,CAC7B,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC7B,IAAI,OAAO,+BAA+B,KAAK,UAAU,EAAE,CAAC;gBAC1D,MAAM,IAAI,KAAK,CACb,8EAA8E,CAC/E,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,wEAAwE,EACxE,KAAK,CACN,CAAC;YACF,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QAED,MAAM,OAAO,GAAmC,IAAI,CAAC,OAAO,CAAC;QAC7D,OAAO,MAAM,+BAA+B,CAAC;YAC3C,IAAI;YACJ,OAAO;YACP,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;YACtD,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAkB;QACtC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,oFAAoF,CACrF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,qEAAqE,CACtE,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,WAAW;QACjB,IAAI,IAAI,CAAC,KAAK;YACZ,OAAO,CAAC,GAAG,CACT,0FAA0F,CAC3F,CAAC;QAEJ,IAAI,QAAyB,CAAC;QAC9B,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QACxC,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,kFAAkF,EAClF,CAAC,CACF,CAAC;YACF,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAC;QACJ,CAAC;QACD,4HAA4H;QAE5H,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC/C,OAAO,CAAC,GAAG,CACT,kFAAkF,EAClF,QAAQ,CACT,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,iCAAiC;gBACjC,OAAO,CAAC,IAAI,CACV,6HAA6H,CAC9H,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,QAAkC,CAAC;IAC5C,CAAC;IAES,mBAAmB;QAC3B,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC;IACpB,CAAC;IAED;;;OAGG;IACH,IAAW,eAAe;QACxB,OAAO,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;IACxC,CAAC;IAED;;;;;;;;;;OAUG;IACI,KAAK,CAAC,uBAAuB,CAClC,mBAA8C,EAC9C,aAAoB,EACpB,WAAwB,EACxB,cAAwC;QAExC,IAAI,IAAI,CAAC,KAAK;YACZ,OAAO,CAAC,GAAG,CACT,qEAAqE,CACtE,CAAC;QACJ,OAAO,MAAM,uBAAuB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,mBAAmB;YACnB,aAAa;YACb,WAAW;YACX,cAAc;YACd,eAAe,EAAE,IAAI,CAAC,WAAW;YACjC,oBAAoB,EAAE,IAAI,CAAC,qBAAqB;SACjD,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAC7B,YAAoB,EACpB,aAAoB,EACpB,KAEoD;QAEpD,OAAO,MAAM,oBAAoB,CAAC;YAChC,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,YAAY;YACZ,aAAa;YACb,KAAK;SACN,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,YAAY;QACvB,OAAO,MAAM,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAEM,KAAK,CAAC,UAAU;QACrB,OAAO,MAAM,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAChC,SAAiB,EACjB,IAAY;QAEZ,OAAO,MAAM,uBAAuB,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,SAAS;YACT,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,SAAiB,EAAE,IAAY;QACvD,MAAM,cAAc,CAAC;YACnB,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,SAAS;YACT,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,IAAY;QAEZ,OAAO,MAAM,yBAAyB,CAAC;YACrC,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,IAAI;SACL,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,IAAW,WAAW;QACpB,MAAM,QAAQ,GAAoB,IAAI,CAAC,WAAW,EAAE,CAAC;QACrD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,0CAA0C,CACtD,eAAwB;QAExB,OAAO,MAAM,0CAA0C,CAAC;YACtD,eAAe;YACf,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpE,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,YAAkD,EAClD,QAA4B,EAC5B,iBAA2B;QAE3B,OAAO,MAAM,kBAAkB,CAAC;YAC9B,YAAY;YACZ,iBAAiB;YACjB,QAAQ,EAAE,QAAQ,IAAI,IAAI,CAAC,qBAAqB;YAChD,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,0CAA0C,EACxC,IAAI,CAAC,0CAA0C,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5D,aAAa,EAAE,IAAI,CAAC,MAAM;YAC1B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,eAAe,EAAE,IAAI,CAAC,eAAe;SACtC,CAAC,CAAC;IACL,CAAC,CAAC,uBAAuB;IAEjB,IAAI;QACV,IAAI,EAAU,CAAC;QACf,IAAI,CAAC;YACH,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,yEAAyE,EACzE,CAAC,CACF,CAAC;YACF,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAEM,kBAAkB,CACvB,QAAoB,EACpB,WAAoB;QAEpB,IAAI,EAAU,CAAC;QACf,IAAI,CAAC,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACrD,EAAE,GAAG,WAAW,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,gFAAgF,CACjF,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,4DAA4D,EAAE,GAAG,CAClE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE;YACrB,EAAE;YACF,QAAQ;SACT,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,sEAAsE,EAAE,yBAAyB,CAClG,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAEM,6BAA6B,CAAC,WAAmB;QACtD,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,0CAA0C,WAAW,GAAG,CAAC,CAAC;QAC5E,MAAM,oBAAoB,GAAY,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACzE,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,CACX,uEAAuE,WAAW,yEAAyE,CAC5J,CAAC;YACF,MAAM,IAAI,KAAK,CACb,wDAAwD,WAAW,GAAG,CACvE,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,uEAAuE,WAAW,sCAAsC,CACzH,CAAC;QACJ,CAAC;QACD,OAAO;IACT,CAAC;IAED;;;;OAIG;IACH,IAAW,8BAA8B;QACvC,MAAM,YAAY,GAChB,IAAI,CAAC,+BAA+B,IAAI,SAAS,CAAC;QACpD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CACT,2DAA2D,EAC3D,YAAY,CACb,CAAC;QACJ,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAEM,QAAQ,CAAC,YAAoB;QAClC,IAAI,YAAY,KAAK,yBAAyB,EAAE,CAAC;YAC/C,OAAO,CACL,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,KAAK,UAAU;gBAClE,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE,CAC/C,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEM,KAAK,CAAC,8BAA8B;QACzC,OAAO,MAAM,8BAA8B,CAAC;YAC1C,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,IAAI,CAAC,MAAM;SAC3B,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,qCAAqC,CAChD,MAAa,EACb,KAAqB;QAErB,MAAM,oBAAoB,GAAG,MAAM,MAAM,CACvC,iDAAiD,CAClD,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,MAAM,oBAAoB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAAC,MAAa;QAC9C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC,IAAI,CAClE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CACrB,CAAC;QACF,OAAO,MAAM,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED;;;OAGG;IACK,MAAM,CAAU,aAAa,GAAwB,IAAI,GAAG,CAAC;QACnE,gCAAgC,CAAC,MAAM;QACvC,gBAAgB,CAAC,MAAM;KACxB,CAAC,CAAC;IAEH;;;OAGG;IACK,oCAAoC,CAAC,WAAmB;QAC9D,IAAI,CAAC,sBAAsB,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CACb,4BAA4B,WAAW,kDAAkD;gBACzF,mBAAmB,IAAI,CAAC,OAAO,gDAAgD,CAChF,CAAC;QACJ,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,sBAAsB,CACjC,UAA6B,EAC7B,YAA8B,EAC9B,UAA8B;QAE9B,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC,IAAI,CAC5D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;IAC1H,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,cAA+B;QAE/B,IAAI,CAAC,oCAAoC,CAAC,yBAAyB,CAAC,CAAC;QACrE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC,IAAI,CAC7D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC;IACpG,CAAC;IAEM,KAAK,CAAC,6BAA6B,CACxC,qBAA+C;QAE/C,IAAI,CAAC,oCAAoC,CAAC,+BAA+B,CAAC,CAAC;QAC3E,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,wCAAwC,CAAC,CAAC,IAAI,CACpE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,qBAAqB,EAAE,CAAC,CAAC;IAC3G,CAAC;IAEM,KAAK,CAAC,+BAA+B,CAC1C,MAAa;QAEb,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,0CAA0C,CAAC,CAAC,IAAI,CACtE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAEM,KAAK,CAAC,4BAA4B,CACvC,MAAa;QAEb,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,uCAAuC,CAAC,CAAC,IAAI,CACnE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,UAAmC,EACnC,YAA8B,EAC9B,UAA8B;QAE9B,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC,IAAI,CACpD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;IAC1H,CAAC;IAEM,KAAK,CAAC,eAAe,CAC1B,qBAAsD;QAEtD,IAAI,CAAC,oCAAoC,CAAC,iBAAiB,CAAC,CAAC;QAC7D,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC,IAAI,CACrD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,qBAAqB,EAAE,CAAC,CAAC;IAC3G,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAChC,4BAA4D;QAE5D,IAAI,CAAC,oCAAoC,CAAC,uBAAuB,CAAC,CAAC;QACnE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC,IAAI,CAC5D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,4BAA4B,EAAE,CAAC,CAAC;IAClH,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAC/B,aAA0B;QAE1B,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,+BAA+B,CAAC,CAAC,IAAI,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,CAAC,CAAC;IACnG,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,aAA0B;QAE1B,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,kCAAkC,CAAC,CAAC,IAAI,CAC9D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,CAAC,CAAC;IACnG,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAC,MAAa;QAChD,IAAI,CAAC,oCAAoC,CAAC,yBAAyB,CAAC,CAAC;QACrE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC,IAAI,CAC7D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,aAA0B;QACrD,IAAI,CAAC,oCAAoC,CAAC,iBAAiB,CAAC,CAAC;QAC7D,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC,IAAI,CACrD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,CAAC,CAAC;IACnG,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAChC,aAA0B,EAC1B,aAAoB;QAEpB,IAAI,CAAC,oCAAoC,CAAC,uBAAuB,CAAC,CAAC;QACnE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC,IAAI,CAC7D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;IAClH,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAClC,aAA0B,EAC1B,aAAoB;QAEpB,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,mCAAmC,CAAC,CAAC,IAAI,CAC/D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CACjB,CAAC;QACF,OAAO,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;IAClH,CAAC"}
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const AUTH_CLIENT_SDK_VERSION: "0.
|
|
1
|
+
export declare const AUTH_CLIENT_SDK_VERSION: "0.10.0";
|
|
2
2
|
export default AUTH_CLIENT_SDK_VERSION;
|
package/dist/index.d.ts
CHANGED
|
@@ -9,3 +9,5 @@ export { RefreshTokenCookieName, RefreshTokenExpiryCookieName, } from "@schemava
|
|
|
9
9
|
export { getHardcodedApp, getHardcodedClientWebAppDomain, } from "@schemavaults/app-definitions";
|
|
10
10
|
export { getHardcodedApiServer, getHardcodedApiServerDomain, } from "@schemavaults/app-definitions";
|
|
11
11
|
export { isValidErrorId, ERROR_MESSAGE_CATALOG, } from "@schemavaults/auth-common";
|
|
12
|
+
export { generateOAuth2State } from "./lib/generate-oauth2-state";
|
|
13
|
+
export { timingSafeStringEqual } from "@schemavaults/auth-common";
|
package/dist/index.js
CHANGED
|
@@ -7,4 +7,12 @@ export { getHardcodedApp, getHardcodedClientWebAppDomain, } from "@schemavaults/
|
|
|
7
7
|
export { getHardcodedApiServer, getHardcodedApiServerDomain, } from "@schemavaults/app-definitions";
|
|
8
8
|
// Auth-Common Error Catalog
|
|
9
9
|
export { isValidErrorId, ERROR_MESSAGE_CATALOG, } from "@schemavaults/auth-common";
|
|
10
|
+
// OAuth2 `state` CSRF-nonce generation (RFC 6749 §10.12). Useful for
|
|
11
|
+
// consumers that want to mirror the SDK's own nonce shape in bespoke
|
|
12
|
+
// adapters or tests.
|
|
13
|
+
export { generateOAuth2State } from "./lib/generate-oauth2-state";
|
|
14
|
+
// Re-export the timing-safe string comparator from auth-common so
|
|
15
|
+
// consumers who import this SDK don't need a separate auth-common dep
|
|
16
|
+
// just to validate their own callback URLs.
|
|
17
|
+
export { timingSafeStringEqual } from "@schemavaults/auth-common";
|
|
10
18
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,sBAAsB,EACtB,sBAAsB,IAAI,OAAO,GAClC,MAAM,eAAe,CAAC;AAgBvB,6BAA6B;AAC7B,OAAO,EACL,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,mDAAmD,CAAC;AAE3D,iBAAiB;AACjB,OAAO,EACL,eAAe,EACf,8BAA8B,GAC/B,MAAM,+BAA+B,CAAC;AAEvC,+BAA+B;AAC/B,OAAO,EACL,qBAAqB,EACrB,2BAA2B,GAC5B,MAAM,+BAA+B,CAAC;AAEvC,4BAA4B;AAC5B,OAAO,EACL,cAAc,EACd,qBAAqB,GACtB,MAAM,2BAA2B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,sBAAsB,EACtB,sBAAsB,IAAI,OAAO,GAClC,MAAM,eAAe,CAAC;AAgBvB,6BAA6B;AAC7B,OAAO,EACL,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,mDAAmD,CAAC;AAE3D,iBAAiB;AACjB,OAAO,EACL,eAAe,EACf,8BAA8B,GAC/B,MAAM,+BAA+B,CAAC;AAEvC,+BAA+B;AAC/B,OAAO,EACL,qBAAqB,EACrB,2BAA2B,GAC5B,MAAM,+BAA+B,CAAC;AAEvC,4BAA4B;AAC5B,OAAO,EACL,cAAc,EACd,qBAAqB,GACtB,MAAM,2BAA2B,CAAC;AAEnC,qEAAqE;AACrE,qEAAqE;AACrE,qBAAqB;AACrB,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAElE,kEAAkE;AAClE,sEAAsE;AACtE,4CAA4C;AAC5C,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC"}
|
|
@@ -41,6 +41,11 @@ export class AuthenticateURLEncoder {
|
|
|
41
41
|
throw new Error("Invalid redirect URI!");
|
|
42
42
|
}
|
|
43
43
|
queryParams.set("redirect_uri", opts.redirect_uri);
|
|
44
|
+
// CSRF defence: opaque to the auth server, echoed on callback.
|
|
45
|
+
if (typeof opts.state !== "string" || opts.state.length === 0) {
|
|
46
|
+
throw new TypeError("Expected 'state' to be a non-empty string for OAuth2 CSRF defence!");
|
|
47
|
+
}
|
|
48
|
+
queryParams.set("state", opts.state);
|
|
44
49
|
const authenticate_url = `${auth_server}${server_page}?${queryParams.toString()}`;
|
|
45
50
|
if (environment !== "production") {
|
|
46
51
|
console.log("[AuthenticateURLEncoder] Encoded authenticate URL: ", authenticate_url);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticate-url-encoder.js","sourceRoot":"","sources":["../../src/lib/authenticate-url-encoder.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authenticate-url-encoder.js","sourceRoot":"","sources":["../../src/lib/authenticate-url-encoder.ts"],"names":[],"mappings":"AA2CA,MAAM,OAAO,sBAAsB;IACjC,+DAA+D;IACvD,MAAM,CAAC,qBAAqB,CAAC,EACnC,YAAY,EACZ,OAAO,GACwB;QAC/B,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACrC,MAAM,IAAI,SAAS,CAAC,yCAAyC,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,WAAW,GACf,OAAO,KAAK,aAAa,IAAI,OAAO,KAAK,MAAM,CAAC;QAClD,MAAM,SAAS,GAAY,YAAY,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAC/D,IAAI,WAAW,IAAI,CAAC,SAAS,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,QAAQ,GAAY,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAE7D,IAAI,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CACb,+DAA+D,CAChE,CAAC;QACJ,CAAC;IACH,CAAC;IAEM,MAAM,CAAC,MAAM,CAAC,IAAyB;QAC5C,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC;QACjC,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,CAAC;QAEzC,MAAM,WAAW,GAAG,SAAS,IAAI,CAAC,IAAI,EAAW,CAAC;QAElD,2BAA2B;QAC3B,4DAA4D;QAC5D,MAAM,WAAW,GAAG,IAAI,eAAe,EAAE,CAAC;QAE1C,wEAAwE;QACxE,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAEvC,yDAAyD;QACzD,WAAW,CAAC,GAAG,CACb,gBAAgB,EAChB,IAAI,CAAC,cAAc,CAAC,cAAsC,CAC3D,CAAC;QACF,WAAW,CAAC,GAAG,CACb,uBAAuB,EACvB,IAAI,CAAC,cAAc,CAAC,qBAAqB,CAC1C,CAAC;QACF,WAAW,CAAC,GAAG,CACb,gBAAgB,EAChB,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,QAAQ,EAAE,CAC9C,CAAC;QAEF,MAAM,YAAY,GAAW,IAAI,CAAC,YAAY,CAAC;QAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAE7B,wFAAwF;QACxF,IAAI,CAAC;YACH,sBAAsB,CAAC,qBAAqB,CAAC,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC,CAAC;QAC1E,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,gEAAgE,EAChE,CAAC,CACF,CAAC;YACF,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC3C,CAAC;QACD,WAAW,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAEnD,+DAA+D;QAC/D,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,SAAS,CACjB,oEAAoE,CACrE,CAAC;QACJ,CAAC;QACD,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAErC,MAAM,gBAAgB,GACpB,GAAG,WAAW,GAAG,WAAW,IAAI,WAAW,CAAC,QAAQ,EAAE,EAAW,CAAC;QAEpE,IAAI,WAAW,KAAK,YAAY,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CACT,qDAAqD,EACrD,gBAAgB,CACjB,CAAC;QACJ,CAAC;QAED,OAAO,gBAAgB,CAAC;IAC1B,CAAC;CACF;AAED,eAAe,sBAAsB,CAAC"}
|
|
@@ -9,5 +9,6 @@ export interface IAuthenticateWithRedirectOpts {
|
|
|
9
9
|
environment: SchemaVaultsAppEnvironment;
|
|
10
10
|
authorize_uri: string;
|
|
11
11
|
storeCodeVerifier: (code_verifier: string, challenge_time: number) => void;
|
|
12
|
+
storeOAuth2State: (state: string, challenge_time: number) => void;
|
|
12
13
|
}
|
|
13
|
-
export default function authenticateWithRedirect({ type, debug, client_app_id, auth_server_uri, adapter, environment, authorize_uri, storeCodeVerifier, }: IAuthenticateWithRedirectOpts): Promise<void>;
|
|
14
|
+
export default function authenticateWithRedirect({ type, debug, client_app_id, auth_server_uri, adapter, environment, authorize_uri, storeCodeVerifier, storeOAuth2State, }: IAuthenticateWithRedirectOpts): Promise<void>;
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { SCHEMAVAULTS_AUTH_APP_DEFINITION, } from "@schemavaults/app-definitions";
|
|
2
2
|
import { PKCE_ProofKeyManager, } from "@schemavaults/auth-common";
|
|
3
3
|
import AuthenticateURLEncoder from "./authenticate-url-encoder";
|
|
4
|
-
|
|
4
|
+
import { generateOAuth2State } from "./generate-oauth2-state";
|
|
5
|
+
export default async function authenticateWithRedirect({ type, debug, client_app_id, auth_server_uri, adapter, environment, authorize_uri, storeCodeVerifier, storeOAuth2State, }) {
|
|
5
6
|
if (debug) {
|
|
6
7
|
console.log(`[SchemaVaultsAuthClient] Authenticating with redirect (type "${type}")...`);
|
|
7
8
|
}
|
|
@@ -62,6 +63,29 @@ export default async function authenticateWithRedirect({ type, debug, client_app
|
|
|
62
63
|
}
|
|
63
64
|
// If the authentication is successful, the auth server will redirect the user back to the client
|
|
64
65
|
// and the code_verifier will be used to prove that the client initiating the flow is the same as the client that the authorization server issued the code to
|
|
66
|
+
// Generate and persist the OAuth2 `state` CSRF nonce. We key it by
|
|
67
|
+
// challenge_time to align with the code_verifier storage contract and
|
|
68
|
+
// to support concurrent in-flight flows from the same browser. The
|
|
69
|
+
// base64url encoder comes from the adapter so the SDK doesn't carry
|
|
70
|
+
// a browser/Node encoding shim.
|
|
71
|
+
let state;
|
|
72
|
+
try {
|
|
73
|
+
state = generateOAuth2State(adapter.toBase64UrlFromBytes.bind(adapter));
|
|
74
|
+
if (typeof state !== "string" || state.length === 0) {
|
|
75
|
+
throw new Error("generateOAuth2State produced an empty value");
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
catch (e) {
|
|
79
|
+
console.error("Failed to generate OAuth2 state: ", e);
|
|
80
|
+
throw new Error("Failed to generate OAuth2 state");
|
|
81
|
+
}
|
|
82
|
+
try {
|
|
83
|
+
storeOAuth2State(state, code_challenge.challenge_time);
|
|
84
|
+
}
|
|
85
|
+
catch (e) {
|
|
86
|
+
console.error("Failed to store OAuth2 state: ", e);
|
|
87
|
+
throw new Error("Failed to store OAuth2 state!");
|
|
88
|
+
}
|
|
65
89
|
if (!client_app_id) {
|
|
66
90
|
console.error("App ID not set, but required for PKCE flow");
|
|
67
91
|
throw new Error("App ID not set, but required for PKCE flow");
|
|
@@ -87,6 +111,7 @@ export default async function authenticateWithRedirect({ type, debug, client_app
|
|
|
87
111
|
app_id: client_app_id,
|
|
88
112
|
auth_server_uri,
|
|
89
113
|
app_env: environment,
|
|
114
|
+
state,
|
|
90
115
|
});
|
|
91
116
|
}
|
|
92
117
|
catch (e) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authenticate-with-redirect.js","sourceRoot":"","sources":["../../src/lib/authenticate-with-redirect.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,gCAAgC,GACjC,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAGL,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AACnC,OAAO,sBAAsB,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"authenticate-with-redirect.js","sourceRoot":"","sources":["../../src/lib/authenticate-with-redirect.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,gCAAgC,GACjC,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAGL,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AACnC,OAAO,sBAAsB,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAc9D,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,wBAAwB,CAAC,EACrD,IAAI,EACJ,KAAK,EACL,aAAa,EACb,eAAe,EACf,OAAO,EACP,WAAW,EACX,aAAa,EACb,iBAAiB,EACjB,gBAAgB,GACc;IAC9B,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,gEAAgE,IAAI,OAAO,CAC5E,CAAC;IACJ,CAAC;IAED,IAAI,aAAa,KAAK,gCAAgC,CAAC,MAAM,EAAE,CAAC;QAC9D,MAAM,IAAI,KAAK,CACb,wEAAwE,CACzE,CAAC;IACJ,CAAC;IAED,8CAA8C;IAC9C,IAAI,aAAsC,CAAC;IAC3C,IAAI,CAAC;QACH,aAAa,GAAG,oBAAoB,CAAC,kBAAkB,EAAE,CAAC;IAC5D,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CACX,uEAAuE,EACvE,CAAC,CACF,CAAC;QACF,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE,CAAC;IACJ,CAAC;IAED,qBAAqB;IACrB,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,CAAC,aAAa,EAAE,CAAC;QACxD,MAAM,IAAI,SAAS,CAAC,qDAAqD,CAAC,CAAC;IAC7E,CAAC;SAAM,IAAI,OAAO,aAAa,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;QAC5D,MAAM,IAAI,SAAS,CACjB,mEAAmE,CACpE,CAAC;IACJ,CAAC;SAAM,IAAI,OAAO,aAAa,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,SAAS,CACjB,kEAAkE,CACnE,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,4DAA4D;IAC5D,IAAI,cAAwC,CAAC;IAC7C,IAAI,CAAC;QACH,cAAc;YACZ,MAAM,oBAAoB,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;IAClE,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CACX,yEAAyE,EACzE,CAAC,CACF,CAAC;QACF,MAAM,MAAM,GACV,CAAC,YAAY,KAAK,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;YACjD,CAAC,CAAC,CAAC,CAAC,OAAO;YACX,CAAC,CAAC,wEAAwE,CAAC;QAC/E,MAAM,IAAI,KAAK,CACb,iFAAiF,MAAM,GAAG,CAC3F,CAAC;IACJ,CAAC;IAED,gCAAgC;IAChC,IAAI,OAAO,cAAc,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;IACJ,CAAC;SAAM,IACL,OAAO,cAAc,CAAC,qBAAqB,KAAK,QAAQ;QACxD,cAAc,CAAC,qBAAqB,KAAK,MAAM,EAC/C,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;SAAM,IAAI,OAAO,cAAc,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IAED,+CAA+C;IAC/C,IAAI,CAAC;QACH,iBAAiB,CACf,aAAa,CAAC,aAAa,EAC3B,cAAc,CAAC,cAAc,CACf,CAAC;IACnB,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,CAAC,CAAC,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IACD,iGAAiG;IACjG,6JAA6J;IAE7J,mEAAmE;IACnE,sEAAsE;IACtE,mEAAmE;IACnE,oEAAoE;IACpE,gCAAgC;IAChC,IAAI,KAAa,CAAC;IAClB,IAAI,CAAC;QACH,KAAK,GAAG,mBAAmB,CAAC,OAAO,CAAC,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACxE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,CAAC,CAAC,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,CAAC;QACH,gBAAgB,CAAC,KAAK,EAAE,cAAc,CAAC,cAAc,CAAgB,CAAC;IACxE,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,gCAAgC,EAAE,CAAC,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAED,uHAAuH;IACvH,MAAM,sBAAsB,GAAY,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACtE,MAAM,YAAY,GAAW,sBAAsB;QACjD,CAAC,CAAC,OAAO,CAAC,wBAAwB,CAAC,aAAa,CAAC;QACjD,CAAC,CAAC,aAAa,CAAC;IAClB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kGAAkG,CACnG,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,6IAA6I,CAC9I,CAAC;IACJ,CAAC;IAED,uCAAuC;IACvC,IAAI,gBAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,gBAAgB,GAAG,sBAAsB,CAAC,MAAM,CAAC;YAC/C,IAAI;YACJ,cAAc,EAAE,cAAc;YAC9B,YAAY;YACZ,MAAM,EAAE,aAAa;YACrB,eAAe;YACf,OAAO,EAAE,WAAW;YACpB,KAAK;SACN,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,CAAC,CAAC,CAAC;QACvD,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,4DAA4D,EAC5D,gBAAgB,CACjB,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QACzC,OAAO;IACT,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CACX,oEAAoE,EACpE,CAAC,CACF,CAAC;QACF,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
// Generates a cryptographically-random OAuth2 `state` value
|
|
2
|
+
// (RFC 6749 §10.12). The value is opaque to the server; it only needs
|
|
3
|
+
// to be unpredictable to an attacker. 32 random bytes base64url-encoded
|
|
4
|
+
// produces a 43-character token — equivalent in strength to the PKCE
|
|
5
|
+
// code_verifier contract used elsewhere in the SDK.
|
|
6
|
+
//
|
|
7
|
+
// The base64url encoding step is delegated to the platform adapter so
|
|
8
|
+
// the SDK does not need to carry a browser/Node encoding shim.
|
|
9
|
+
const STATE_BYTE_LENGTH = 32;
|
|
10
|
+
export function generateOAuth2State(toBase64UrlFromBytes) {
|
|
11
|
+
if (typeof toBase64UrlFromBytes !== "function") {
|
|
12
|
+
throw new TypeError("generateOAuth2State requires a `toBase64UrlFromBytes` encoder (provided by the platform adapter)");
|
|
13
|
+
}
|
|
14
|
+
const hasWebCrypto = typeof crypto === "object" &&
|
|
15
|
+
!!crypto &&
|
|
16
|
+
typeof crypto.getRandomValues === "function";
|
|
17
|
+
if (hasWebCrypto) {
|
|
18
|
+
const bytes = new Uint8Array(STATE_BYTE_LENGTH);
|
|
19
|
+
crypto.getRandomValues(bytes);
|
|
20
|
+
return toBase64UrlFromBytes(bytes);
|
|
21
|
+
}
|
|
22
|
+
// Insecure fallback; callers SHOULD run in a secure context
|
|
23
|
+
// (HTTPS or localhost) so this branch is practically unreachable
|
|
24
|
+
// in production. Length matches the secure path's base64url output.
|
|
25
|
+
const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
|
|
26
|
+
let out = "";
|
|
27
|
+
for (let i = 0; i < 43; i++) {
|
|
28
|
+
out += chars.charAt(Math.floor(Math.random() * chars.length));
|
|
29
|
+
}
|
|
30
|
+
return out;
|
|
31
|
+
}
|
|
32
|
+
export default generateOAuth2State;
|
|
33
|
+
//# sourceMappingURL=generate-oauth2-state.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"generate-oauth2-state.js","sourceRoot":"","sources":["../../src/lib/generate-oauth2-state.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,sEAAsE;AACtE,wEAAwE;AACxE,qEAAqE;AACrE,oDAAoD;AACpD,EAAE;AACF,sEAAsE;AACtE,+DAA+D;AAE/D,MAAM,iBAAiB,GAAG,EAAW,CAAC;AAItC,MAAM,UAAU,mBAAmB,CACjC,oBAAsC;IAEtC,IAAI,OAAO,oBAAoB,KAAK,UAAU,EAAE,CAAC;QAC/C,MAAM,IAAI,SAAS,CACjB,kGAAkG,CACnG,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAChB,OAAO,MAAM,KAAK,QAAQ;QAC1B,CAAC,CAAC,MAAM;QACR,OAAO,MAAM,CAAC,eAAe,KAAK,UAAU,CAAC;IAE/C,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,iBAAiB,CAAC,CAAC;QAChD,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAC9B,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,4DAA4D;IAC5D,iEAAiE;IACjE,oEAAoE;IACpE,MAAM,KAAK,GACT,kEAAkE,CAAC;IACrE,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,eAAe,mBAAmB,CAAC"}
|
|
@@ -5,7 +5,9 @@ export interface IHandleSuccessfulAuthenticationOpts {
|
|
|
5
5
|
authorization_code: string;
|
|
6
6
|
challenge_time: number;
|
|
7
7
|
code_verifier?: string;
|
|
8
|
+
received_state: string | null | undefined;
|
|
8
9
|
loadCodeVerifier: (challenge_time: number) => string | null;
|
|
10
|
+
loadOAuth2State: (challenge_time: number) => string | null;
|
|
9
11
|
debug: boolean;
|
|
10
12
|
environment: SchemaVaultsAppEnvironment;
|
|
11
13
|
adapter: ISchemaVaultsAuthClientAdapter;
|
|
@@ -17,5 +19,5 @@ export interface IHandleSuccessfulAuthenticationOpts {
|
|
|
17
19
|
storeMultipleAccessTokens: (accessTokens: Record<ApiServerId, AccessToken | "AS_HTTP_ONLY_COOKIE">) => void;
|
|
18
20
|
triggerAuthStateChanged: () => void;
|
|
19
21
|
}
|
|
20
|
-
export declare function handleSuccessfulAuthentication({ authorization_code, challenge_time, code_verifier, loadCodeVerifier, debug, environment, adapter, auth_server_uri, client_app_id, defaultTokenAudiences, storeRefreshToken, storeUserData, storeMultipleAccessTokens, triggerAuthStateChanged, }: IHandleSuccessfulAuthenticationOpts): Promise<void>;
|
|
22
|
+
export declare function handleSuccessfulAuthentication({ authorization_code, challenge_time, code_verifier, received_state, loadCodeVerifier, loadOAuth2State, debug, environment, adapter, auth_server_uri, client_app_id, defaultTokenAudiences, storeRefreshToken, storeUserData, storeMultipleAccessTokens, triggerAuthStateChanged, }: IHandleSuccessfulAuthenticationOpts): Promise<void>;
|
|
21
23
|
export default handleSuccessfulAuthentication;
|
|
@@ -2,7 +2,8 @@ import { authorizationCodePOSTbody, PKCE_ProofKeyManager, requestTokensResultSch
|
|
|
2
2
|
import debugPrintTokensAsTable from "./debugPrintTokensAsTable";
|
|
3
3
|
import debugPrintUserDataAsTable from "./debugPrintUserDataAsTable";
|
|
4
4
|
import assertHttpOnlyRefreshTokenCookieHasAccompanyingMarkerCookie from "./assert-http-only-refresh-token-has-accompanying-expiry-marker";
|
|
5
|
-
|
|
5
|
+
import { timingSafeStringEqual } from "@schemavaults/auth-common";
|
|
6
|
+
export async function handleSuccessfulAuthentication({ authorization_code, challenge_time, code_verifier, received_state, loadCodeVerifier, loadOAuth2State, debug, environment, adapter, auth_server_uri, client_app_id, defaultTokenAudiences, storeRefreshToken, storeUserData, storeMultipleAccessTokens, triggerAuthStateChanged, }) {
|
|
6
7
|
if (debug) {
|
|
7
8
|
console.log("[SchemaVaultsAuthClient::handleSuccessfulAuthentication]" +
|
|
8
9
|
" " +
|
|
@@ -39,6 +40,40 @@ export async function handleSuccessfulAuthentication({ authorization_code, chall
|
|
|
39
40
|
}
|
|
40
41
|
throw new Error("Code verifier has expired");
|
|
41
42
|
}
|
|
43
|
+
// OAuth2 `state` CSRF validation (RFC 6749 §10.12). Applies only to the
|
|
44
|
+
// redirect flow — when `code_verifier` is passed directly the caller is
|
|
45
|
+
// completing the flow in the same JS context that initiated it (e.g. the
|
|
46
|
+
// auth server's own /account login), so there is no cross-origin
|
|
47
|
+
// callback to defend against. In the redirect flow the verifier is
|
|
48
|
+
// loaded from storage below and the state check MUST run before any
|
|
49
|
+
// code redemption so a mismatched callback can never burn the stored
|
|
50
|
+
// state or trade a victim's code.
|
|
51
|
+
const isRedirectFlow = typeof code_verifier !== "string" || code_verifier.length === 0;
|
|
52
|
+
if (isRedirectFlow) {
|
|
53
|
+
let stored_state;
|
|
54
|
+
try {
|
|
55
|
+
stored_state = loadOAuth2State(challenge_time);
|
|
56
|
+
}
|
|
57
|
+
catch (e) {
|
|
58
|
+
console.error("[SchemaVaultsAuthClient::handleSuccessfulAuthentication] Failed to load stored OAuth2 state: ", e);
|
|
59
|
+
throw new Error("Failed to load stored OAuth2 state");
|
|
60
|
+
}
|
|
61
|
+
if (typeof stored_state !== "string" || stored_state.length === 0) {
|
|
62
|
+
throw new Error("Missing stored OAuth2 state — cannot verify callback CSRF nonce");
|
|
63
|
+
}
|
|
64
|
+
if (typeof received_state !== "string" || received_state.length === 0) {
|
|
65
|
+
throw new Error("Missing OAuth2 state on callback — possible CSRF attempt");
|
|
66
|
+
}
|
|
67
|
+
if (!timingSafeStringEqual(stored_state, received_state)) {
|
|
68
|
+
if (debug) {
|
|
69
|
+
console.error("[SchemaVaultsAuthClient::handleSuccessfulAuthentication] OAuth2 state mismatch", {
|
|
70
|
+
stored_state_length: stored_state.length,
|
|
71
|
+
received_state_length: received_state.length,
|
|
72
|
+
});
|
|
73
|
+
}
|
|
74
|
+
throw new Error("OAuth2 state mismatch — possible CSRF attempt");
|
|
75
|
+
}
|
|
76
|
+
}
|
|
42
77
|
// The auth server will redirect the user back to the client
|
|
43
78
|
// The client will have a code in the query parameters
|
|
44
79
|
// The client will use the code to get an access token
|
|
@@ -73,6 +108,19 @@ export async function handleSuccessfulAuthentication({ authorization_code, chall
|
|
|
73
108
|
throw new Error("Failed to clear code verifiers");
|
|
74
109
|
}
|
|
75
110
|
}
|
|
111
|
+
// Clear the OAuth2 state nonce — it has done its job. Only applies
|
|
112
|
+
// in the redirect flow where state was actually persisted.
|
|
113
|
+
if (isRedirectFlow) {
|
|
114
|
+
try {
|
|
115
|
+
adapter.clearOAuth2State(challenge_time);
|
|
116
|
+
}
|
|
117
|
+
catch (e) {
|
|
118
|
+
console.error("[SchemaVaultsAuthClient] Failed to clear OAuth2 state: ", e);
|
|
119
|
+
if (debug) {
|
|
120
|
+
throw new Error("Failed to clear OAuth2 state");
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
}
|
|
76
124
|
}
|
|
77
125
|
else {
|
|
78
126
|
if (debug) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handle-successful-authentication.js","sourceRoot":"","sources":["../../src/lib/handle-successful-authentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,yBAAyB,EACzB,oBAAoB,EAEpB,yBAAyB,GAE1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,uBAAuB,MAAM,2BAA2B,CAAC;AAChE,OAAO,yBAAyB,MAAM,6BAA6B,CAAC;AAQpE,OAAO,2DAA2D,MAAM,iEAAiE,CAAC;
|
|
1
|
+
{"version":3,"file":"handle-successful-authentication.js","sourceRoot":"","sources":["../../src/lib/handle-successful-authentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,yBAAyB,EACzB,oBAAoB,EAEpB,yBAAyB,GAE1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,uBAAuB,MAAM,2BAA2B,CAAC;AAChE,OAAO,yBAAyB,MAAM,6BAA6B,CAAC;AAQpE,OAAO,2DAA2D,MAAM,iEAAiE,CAAC;AAC1I,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AA2BlE,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAAC,EACnD,kBAAkB,EAClB,cAAc,EACd,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,KAAK,EACL,WAAW,EACX,OAAO,EACP,eAAe,EACf,aAAa,EACb,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,yBAAyB,EACzB,uBAAuB,GACa;IACpC,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,0DAA0D;YACxD,GAAG;YACH,uCAAuC,CAC1C,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;SAAM,IACL,OAAO,kBAAkB,KAAK,QAAQ;QACtC,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAC/B,CAAC;QACD,MAAM,IAAI,SAAS,CACjB,yDAAyD,CAC1D,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,cAAc,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,iCAAiC,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC;IACtE,IAAI,iCAAiC,IAAI,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,iCAAiC,GAAG,oBAAoB,CAAC,OAAO,EAAE,CAAC;QACrE,OAAO,CAAC,KAAK,CACX,4GAA4G,CAC7G,CAAC;QACF,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC;gBACH,OAAO,CAAC,KAAK,CAAC;oBACZ,cAAc;oBACd,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;oBACxB,YAAY,EAAE,iCAAiC;oBAC/C,OAAO,EAAE,oBAAoB,CAAC,OAAO;iBACtC,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,KAAK,CAAC,CAAC,CAAC,YAAY;YACtB,CAAC;QACH,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,wEAAwE;IACxE,wEAAwE;IACxE,yEAAyE;IACzE,iEAAiE;IACjE,mEAAmE;IACnE,oEAAoE;IACpE,qEAAqE;IACrE,kCAAkC;IAClC,MAAM,cAAc,GAClB,OAAO,aAAa,KAAK,QAAQ,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,CAAC;IAClE,IAAI,cAAc,EAAE,CAAC;QACnB,IAAI,YAA2B,CAAC;QAChC,IAAI,CAAC;YACH,YAAY,GAAG,eAAe,CAAC,cAAc,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,+FAA+F,EAC/F,CAAC,CACF,CAAC;YACF,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClE,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,qBAAqB,CAAC,YAAY,EAAE,cAAc,CAAC,EAAE,CAAC;YACzD,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,KAAK,CACX,gFAAgF,EAChF;oBACE,mBAAmB,EAAE,YAAY,CAAC,MAAM;oBACxC,qBAAqB,EAAE,cAAc,CAAC,MAAM;iBAC7C,CACF,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,sDAAsD;IACtD,sDAAsD;IACtD,kFAAkF;IAElF,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,2BAA2B;YACzB,0EAA0E,CAC7E,CAAC;IACJ,CAAC;IAED,MAAM,oBAAoB,GACxB,aAAa,IAAI,gBAAgB,CAAC,cAAc,CAAC,CAAC;IACpD,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC1B,MAAM,YAAY,GAAW,2EAA2E,cAAc,EAAE,CAAC;QACzH,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;IAChC,CAAC;IACD,oBAAqC,CAAC;IAEtC,MAAM,gCAAgC,GACpC,WAAW,KAAK,aAAa,CAAC;IAEhC,IAAI,gCAAgC,EAAE,CAAC;QACrC,uCAAuC;QACvC,IAAI,CAAC;YACH,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CACT,2BAA2B;oBACzB,0FAA0F,EAC5F,cAAc,CACf,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;YAC1C,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CACT,8DAA8D,CAC/D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CACX,2DAA2D,EAC3D,CAAC,CACF,CAAC;YACF,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,2DAA2D;QAC3D,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,OAAO,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC;YAC3C,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CACX,yDAAyD,EACzD,CAAC,CACF,CAAC;gBACF,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;gBAClD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,4FAA4F,CAC7F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,4DAA4D;IAC5D,MAAM,iCAAiC,GACrC,GAAG,eAAe,sCAAsC,aAAa,EAAW,CAAC;IACnF,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,6EAA6E,EAC7E,iCAAiC,CAClC,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,GAAsB,qBAAqB,CAAC;IACxD,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,+FAA+F,EAC/F,QAAQ,CACT,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QACpE,OAAO,CAAC,IAAI,CACV,4FAA4F,CAC7F,CAAC;QACF,QAAQ,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,sDAAsD;IACtD,IAAI,YAAuD,CAAC;IAC5D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,cAAc,CAAC;YAC5D,UAAU,EAAE,oBAA6B;YACzC,IAAI,EAAE,kBAAkB;YACxB,aAAa,EAAE,oBAAoB;YACnC,aAAa;YACb,QAAQ;YACR,cAAc;SACqC,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,MAAM,CAAC,KAAK,CAAC;QACrB,CAAC;QACD,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC;IAC7B,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CACX,kEAAkE,EAClE,CAAC,CACF,CAAC;QACF,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,mFAAmF;IAEnF,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,iHAAiH,iCAAiC,GAAG,EACrJ,YAAY,CACb,CAAC;QACJ,CAAC;QACD,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE;YAChE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;YAClC,MAAM,EAAE,MAAM;YACd,WAAW,EAAE,SAAS;YACtB,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAC;QAEH,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,yGAAyG,EACzG,QAAQ,CACT,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,yDAAyD,EAAE,CAAC,CAAC,CAAC;QAC5E,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACzD,MAAM,QAAQ,GAAW,wEAAwE,QAAQ,CAAC,MAAM,GAAG,CAAC;QACpH,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,6DAA6D;YAC3D,wDAAwD,CAC3D,CAAC;IACJ,CAAC;IAED,IAAI,aAAuE,CAAC;IAC5E,IAAI,aAAmD,CAAC;IACxD,IAAI,oBAAwC,CAAC;IAC7C,IAAI,IAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,yBAAyB,CAAC,cAAc,CAChE,MAAM,QAAQ,CAAC,IAAI,EAAE,CACtB,CAAC;QACF,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,CAAC,KAAK,CACX,6DAA6D;gBAC3D,mDAAmD,EACrD,WAAW,CAAC,KAAK,CAClB,CAAC;YACF,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CACT,oFAAoF,EACpF,WAAW,CAAC,IAAI,CACjB,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;QAC9C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACrE,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CACX,gEAAgE,CACjE,CAAC;YACF,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;QACJ,CAAC;QAED,IACE,CAAC,MAAM,CAAC,OAAO;YACf,CAAC,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,EAC1E,CAAC;YACD,OAAO,CAAC,KAAK,CACX,qEAAqE,EACrE,SAAS,OAAO,MAAM,CAAC,OAAO,EAAE,EAChC,MAAM,CAAC,OAAO,CACf,CAAC;YACF,MAAM,IAAI,KAAK,CACb,4DAA4D,CAC7D,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QAED,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC;QAC9B,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC;QAC/B,oBAAoB,GAAG,MAAM,CAAC,oBAAoB,CAAC;QAEnD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,IAAI,KAAK,EAAE,CAAC;gBACV,yBAAyB,CAAC,QAA2B,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QACD,IAAI,GAAG,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,IAAI,YAAY,GAAW,eAAe,CAAC;QAC3C,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC;YACvB,YAAY,GAAG,CAAC,CAAC,OAAO,CAAC;QAC3B,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,YAAY,CAAC,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,oCAAoC,YAAY,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,sBAAsB;IACtB,MAAM,2BAA2B,GAAG,GAAG,EAAE;QACvC,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,aAAa,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC1E,oBAAoB,GAAG,aAAa,CAAC,GAAG,CAAC;YACzC,IAAI,CAAC;gBACH,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;gBACnE,CAAC;gBACD,iBAAiB,CAAC,aAAa,CAAC,CAAC;gBACjC,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC;YAAC,OAAO,CAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;aAAM,IACL,OAAO,aAAa,KAAK,QAAQ;YACjC,aAAa,KAAK,qBAAqB,EACvC,CAAC;YACD,MAAM,kCAAkC,GACtC,OAAO,OAAO,CAAC,+BAA+B,KAAK,UAAU;gBAC7D,OAAO,CAAC,+BAA+B,EAAE,CAAC;YAE5C,IAAI,CAAC,kCAAkC,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CACb,mHAAmH,CACpH,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,OAAO,CAAC,+BAA+B,KAAK,UAAU,EAAE,CAAC;gBAClE,MAAM,IAAI,SAAS,CACjB,gFAAgF,CACjF,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,oBAAoB,KAAK,QAAQ,EAAE,CAAC;gBAC7C,MAAM,IAAI,SAAS,CACjB,iGAAiG,CAClG,CAAC;YACJ,CAAC;YAED,OAAO,CAAC,+BAA+B,CACrC,oBAAqC,CACvB,CAAC;YAEjB,2DAA2D,CACzD,OAAO,CACO,CAAC;YAEjB,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CACT,yFAAyF,CAC1F,CAAC;YACJ,CAAC;YACD,OAAO;QACT,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,SAAS,CAAC,iCAAiC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC;IACF,2BAA2B,EAAE,CAAC;IAE9B,sBAAsB;IACtB,yBAAyB,CAAC,aAAa,CAAC,CAAC;IAEzC,IAAI,CAAC;QACH,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC/D,CAAC;QACD,aAAa,CAAC,IAAI,CAAC,CAAC;QACpB,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,CAAC,CAAC,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;IACzE,CAAC;IACD,uBAAuB,EAAE,CAAC;IAC1B,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,iEAAiE,CAClE,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CACT,kEAAkE,CACnE,CAAC;IACJ,CAAC;IACD,OAAO;AACT,CAAC;AAED,eAAe,8BAA8B,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { type MfaVerifyEnrollmentResponse } from "@schemavaults/auth-common";
|
|
2
|
+
import type { ISchemaVaultsAuthClientAdapter } from "../../types/ISchemaVaultsAuthClientAdapter";
|
|
3
|
+
export declare function confirmTotpEnrollment(args: {
|
|
4
|
+
adapter: ISchemaVaultsAuthClientAdapter;
|
|
5
|
+
factor_id: string;
|
|
6
|
+
code: string;
|
|
7
|
+
}): Promise<MfaVerifyEnrollmentResponse>;
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { mfaVerifyEnrollmentResponseSchema, } from "@schemavaults/auth-common";
|
|
2
|
+
export async function confirmTotpEnrollment(args) {
|
|
3
|
+
const response = await args.adapter.fetch(`/api/user/mfa/totp/verify-enrollment`, {
|
|
4
|
+
method: "POST",
|
|
5
|
+
credentials: "include",
|
|
6
|
+
headers: { "Content-Type": "application/json" },
|
|
7
|
+
body: JSON.stringify({ factor_id: args.factor_id, code: args.code }),
|
|
8
|
+
});
|
|
9
|
+
if (!response.ok) {
|
|
10
|
+
throw new Error(`Failed to confirm TOTP enrollment (status ${response.status})`);
|
|
11
|
+
}
|
|
12
|
+
const json = await response.json();
|
|
13
|
+
const parsed = mfaVerifyEnrollmentResponseSchema.safeParse(json);
|
|
14
|
+
if (!parsed.success) {
|
|
15
|
+
throw new Error(`Unexpected confirmTotpEnrollment response: ${parsed.error.message}`);
|
|
16
|
+
}
|
|
17
|
+
return parsed.data;
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=confirm-totp-enrollment.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"confirm-totp-enrollment.js","sourceRoot":"","sources":["../../../src/lib/mfa/confirm-totp-enrollment.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iCAAiC,GAElC,MAAM,2BAA2B,CAAC;AAGnC,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAI3C;IACC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CACvC,sCAAsC,EACtC;QACE,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,SAAS;QACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;KACrE,CACF,CAAC;IACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,6CAA6C,QAAQ,CAAC,MAAM,GAAG,CAChE,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC5C,MAAM,MAAM,GAAG,iCAAiC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACjE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import { mfaEnrollResponseSchema, } from "@schemavaults/auth-common";
|
|
2
|
+
export async function enrollTotp(adapter) {
|
|
3
|
+
const response = await adapter.fetch(`/api/user/mfa/totp/enroll`, {
|
|
4
|
+
method: "POST",
|
|
5
|
+
credentials: "include",
|
|
6
|
+
headers: { "Content-Type": "application/json" },
|
|
7
|
+
body: JSON.stringify({}),
|
|
8
|
+
});
|
|
9
|
+
if (!response.ok) {
|
|
10
|
+
const body = await safeReadJsonMessage(response);
|
|
11
|
+
throw new Error(body ?? `Failed to enroll TOTP (status ${response.status})`);
|
|
12
|
+
}
|
|
13
|
+
const json = await response.json();
|
|
14
|
+
const result = mfaEnrollResponseSchema.safeParse(json);
|
|
15
|
+
if (!result.success) {
|
|
16
|
+
throw new Error(`Unexpected enrollTotp response: ${result.error.message}`);
|
|
17
|
+
}
|
|
18
|
+
return result.data;
|
|
19
|
+
}
|
|
20
|
+
async function safeReadJsonMessage(response) {
|
|
21
|
+
try {
|
|
22
|
+
const json = await response.json();
|
|
23
|
+
if (typeof json === "object" &&
|
|
24
|
+
json !== null &&
|
|
25
|
+
"message" in json &&
|
|
26
|
+
typeof json.message === "string") {
|
|
27
|
+
return json.message;
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
catch {
|
|
31
|
+
/* fallthrough */
|
|
32
|
+
}
|
|
33
|
+
return null;
|
|
34
|
+
}
|
|
35
|
+
//# sourceMappingURL=enroll-totp.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enroll-totp.js","sourceRoot":"","sources":["../../../src/lib/mfa/enroll-totp.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,uBAAuB,GAExB,MAAM,2BAA2B,CAAC;AAGnC,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,OAAuC;IAEvC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE;QAChE,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,SAAS;QACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;KACzB,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QACjD,MAAM,IAAI,KAAK,CAAC,IAAI,IAAI,iCAAiC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAC/E,CAAC;IACD,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC5C,MAAM,MAAM,GAAG,uBAAuB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACvD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,mCAAmC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,QAAkB;IAElB,IAAI,CAAC;QACH,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,IACE,OAAO,IAAI,KAAK,QAAQ;YACxB,IAAI,KAAK,IAAI;YACb,SAAS,IAAI,IAAI;YACjB,OAAQ,IAA6B,CAAC,OAAO,KAAK,QAAQ,EAC1D,CAAC;YACD,OAAQ,IAA4B,CAAC,OAAO,CAAC;QAC/C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iBAAiB;IACnB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import { type MfaStatusResponse } from "@schemavaults/auth-common";
|
|
2
|
+
import type { ISchemaVaultsAuthClientAdapter } from "../../types/ISchemaVaultsAuthClientAdapter";
|
|
3
|
+
export declare function getMfaStatus(adapter: ISchemaVaultsAuthClientAdapter): Promise<MfaStatusResponse>;
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { mfaStatusResponseSchema, } from "@schemavaults/auth-common";
|
|
2
|
+
export async function getMfaStatus(adapter) {
|
|
3
|
+
const response = await adapter.fetch(`/api/user/mfa/status`, {
|
|
4
|
+
method: "GET",
|
|
5
|
+
credentials: "include",
|
|
6
|
+
});
|
|
7
|
+
if (!response.ok) {
|
|
8
|
+
throw new Error(`Failed to load MFA status (status ${response.status})`);
|
|
9
|
+
}
|
|
10
|
+
const json = await response.json();
|
|
11
|
+
const parsed = mfaStatusResponseSchema.safeParse(json);
|
|
12
|
+
if (!parsed.success) {
|
|
13
|
+
throw new Error(`Unexpected getMfaStatus response: ${parsed.error.message}`);
|
|
14
|
+
}
|
|
15
|
+
return parsed.data;
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=get-mfa-status.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"get-mfa-status.js","sourceRoot":"","sources":["../../../src/lib/mfa/get-mfa-status.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,uBAAuB,GAExB,MAAM,2BAA2B,CAAC;AAGnC,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAuC;IAEvC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE;QAC3D,MAAM,EAAE,KAAK;QACb,WAAW,EAAE,SAAS;KACvB,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAC3E,CAAC;IACD,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC5C,MAAM,MAAM,GAAG,uBAAuB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACvD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,qCAAqC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/E,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export { verifyMfaChallenge } from "./verify-mfa-challenge";
|
|
2
|
+
export { enrollTotp } from "./enroll-totp";
|
|
3
|
+
export { confirmTotpEnrollment } from "./confirm-totp-enrollment";
|
|
4
|
+
export { removeFactor } from "./remove-factor";
|
|
5
|
+
export { regenerateRecoveryCodes } from "./regenerate-recovery-codes";
|
|
6
|
+
export { getMfaStatus } from "./get-mfa-status";
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export { verifyMfaChallenge } from "./verify-mfa-challenge";
|
|
2
|
+
export { enrollTotp } from "./enroll-totp";
|
|
3
|
+
export { confirmTotpEnrollment } from "./confirm-totp-enrollment";
|
|
4
|
+
export { removeFactor } from "./remove-factor";
|
|
5
|
+
export { regenerateRecoveryCodes } from "./regenerate-recovery-codes";
|
|
6
|
+
export { getMfaStatus } from "./get-mfa-status";
|
|
7
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/lib/mfa/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { type MfaVerifyEnrollmentResponse } from "@schemavaults/auth-common";
|
|
2
|
+
import type { ISchemaVaultsAuthClientAdapter } from "../../types/ISchemaVaultsAuthClientAdapter";
|
|
3
|
+
export declare function regenerateRecoveryCodes(args: {
|
|
4
|
+
adapter: ISchemaVaultsAuthClientAdapter;
|
|
5
|
+
code: string;
|
|
6
|
+
}): Promise<MfaVerifyEnrollmentResponse>;
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { mfaVerifyEnrollmentResponseSchema, } from "@schemavaults/auth-common";
|
|
2
|
+
export async function regenerateRecoveryCodes(args) {
|
|
3
|
+
const response = await args.adapter.fetch(`/api/user/mfa/recovery-codes/regenerate`, {
|
|
4
|
+
method: "POST",
|
|
5
|
+
credentials: "include",
|
|
6
|
+
headers: { "Content-Type": "application/json" },
|
|
7
|
+
body: JSON.stringify({ code: args.code }),
|
|
8
|
+
});
|
|
9
|
+
if (!response.ok) {
|
|
10
|
+
throw new Error(`Failed to regenerate recovery codes (status ${response.status})`);
|
|
11
|
+
}
|
|
12
|
+
const json = await response.json();
|
|
13
|
+
const parsed = mfaVerifyEnrollmentResponseSchema.safeParse(json);
|
|
14
|
+
if (!parsed.success) {
|
|
15
|
+
throw new Error(`Unexpected regenerateRecoveryCodes response: ${parsed.error.message}`);
|
|
16
|
+
}
|
|
17
|
+
return parsed.data;
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=regenerate-recovery-codes.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"regenerate-recovery-codes.js","sourceRoot":"","sources":["../../../src/lib/mfa/regenerate-recovery-codes.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,iCAAiC,GAElC,MAAM,2BAA2B,CAAC;AAGnC,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,IAG7C;IACC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CACvC,yCAAyC,EACzC;QACE,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,SAAS;QACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;KAC1C,CACF,CAAC;IACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,+CAA+C,QAAQ,CAAC,MAAM,GAAG,CAClE,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC5C,MAAM,MAAM,GAAG,iCAAiC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACjE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,gDAAgD,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CACvE,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export async function removeFactor(args) {
|
|
2
|
+
const response = await args.adapter.fetch(`/api/user/mfa/totp/${encodeURIComponent(args.factor_id)}`, {
|
|
3
|
+
method: "DELETE",
|
|
4
|
+
credentials: "include",
|
|
5
|
+
headers: { "Content-Type": "application/json" },
|
|
6
|
+
body: JSON.stringify({ code: args.code }),
|
|
7
|
+
});
|
|
8
|
+
if (!response.ok) {
|
|
9
|
+
throw new Error(`Failed to remove MFA factor (status ${response.status})`);
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
//# sourceMappingURL=remove-factor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"remove-factor.js","sourceRoot":"","sources":["../../../src/lib/mfa/remove-factor.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAIlC;IACC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CACvC,sBAAsB,kBAAkB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAC1D;QACE,MAAM,EAAE,QAAQ;QAChB,WAAW,EAAE,SAAS;QACtB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;KAC1C,CACF,CAAC;IACF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,uCAAuC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { type AuthenticateResult } from "@schemavaults/auth-common";
|
|
2
|
+
import type { ISchemaVaultsAuthClientAdapter } from "../../types/ISchemaVaultsAuthClientAdapter";
|
|
3
|
+
export interface VerifyMfaChallengeOpts {
|
|
4
|
+
adapter: ISchemaVaultsAuthClientAdapter;
|
|
5
|
+
challenge_id: string;
|
|
6
|
+
client_app_id: string;
|
|
7
|
+
proof: {
|
|
8
|
+
type: "totp";
|
|
9
|
+
code: string;
|
|
10
|
+
} | {
|
|
11
|
+
type: "recovery_code";
|
|
12
|
+
recovery_code: string;
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
export declare function verifyMfaChallenge(opts: VerifyMfaChallengeOpts): Promise<AuthenticateResult>;
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import { authenticateResultSchema, } from "@schemavaults/auth-common";
|
|
2
|
+
export async function verifyMfaChallenge(opts) {
|
|
3
|
+
const response = await opts.adapter.fetch(`/api/auth/mfa/verify`, {
|
|
4
|
+
method: "POST",
|
|
5
|
+
credentials: "same-origin",
|
|
6
|
+
headers: { "Content-Type": "application/json" },
|
|
7
|
+
body: JSON.stringify({
|
|
8
|
+
challenge_id: opts.challenge_id,
|
|
9
|
+
client_app_id: opts.client_app_id,
|
|
10
|
+
proof: opts.proof,
|
|
11
|
+
}),
|
|
12
|
+
});
|
|
13
|
+
let parsed;
|
|
14
|
+
try {
|
|
15
|
+
parsed = await response.json();
|
|
16
|
+
}
|
|
17
|
+
catch {
|
|
18
|
+
throw new Error(`Failed to parse JSON response from /api/auth/mfa/verify (status ${response.status})`);
|
|
19
|
+
}
|
|
20
|
+
const result = authenticateResultSchema.safeParse(parsed);
|
|
21
|
+
if (!result.success) {
|
|
22
|
+
throw new Error(`Unexpected /api/auth/mfa/verify response shape: ${result.error.message}`);
|
|
23
|
+
}
|
|
24
|
+
return result.data;
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=verify-mfa-challenge.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify-mfa-challenge.js","sourceRoot":"","sources":["../../../src/lib/mfa/verify-mfa-challenge.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,wBAAwB,GAEzB,MAAM,2BAA2B,CAAC;AAYnC,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAA4B;IAE5B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE;QAChE,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,aAAa;QAC1B,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,mEAAmE,QAAQ,CAAC,MAAM,GAAG,CACtF,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,wBAAwB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,mDAAmD,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC"}
|
|
@@ -1,2 +1,3 @@
|
|
|
1
|
+
import { type AuthenticateResult } from "@schemavaults/auth-common";
|
|
1
2
|
import type { ISendAuthenticateRequestOptions } from "../types/ISendAuthenticateRequestOptions";
|
|
2
|
-
export declare function sendAuthenticateRequest(opts: ISendAuthenticateRequestOptions): Promise<
|
|
3
|
+
export declare function sendAuthenticateRequest(opts: ISendAuthenticateRequestOptions): Promise<AuthenticateResult>;
|
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
import { PKCE_ProofKeyManager, authenticateResultSchema, } from "@schemavaults/auth-common";
|
|
2
2
|
import { credentialsSchema } from "../lib/credentials-schema";
|
|
3
3
|
import { isValidAuthenticationOutcomeType, } from "./authentication-outcome-type";
|
|
4
|
-
// Send an authentication request to the auth server
|
|
4
|
+
// Send an authentication request to the auth server. Returns the parsed
|
|
5
|
+
// AuthenticateResult discriminated union so callers can branch between
|
|
6
|
+
// `authenticated` (authorization code present), `mfa_required` (challenge
|
|
7
|
+
// must be completed at /api/auth/mfa/verify), and `failure` outcomes.
|
|
5
8
|
export async function sendAuthenticateRequest(opts) {
|
|
6
9
|
const credentials = opts.credentials;
|
|
7
10
|
const client_app_id = opts.client_app_id;
|
|
@@ -139,14 +142,10 @@ export async function sendAuthenticateRequest(opts) {
|
|
|
139
142
|
throw new Error(parsed_auth_response.error.errors.join(", "));
|
|
140
143
|
}
|
|
141
144
|
const data = parsed_auth_response.data;
|
|
142
|
-
if (
|
|
145
|
+
if (data.kind === "failure") {
|
|
143
146
|
throw new Error(data.message);
|
|
144
147
|
}
|
|
145
|
-
|
|
146
|
-
if (typeof authorization_code !== "string") {
|
|
147
|
-
throw new Error("Invalid authorization code");
|
|
148
|
-
}
|
|
149
|
-
return authorization_code;
|
|
148
|
+
return data;
|
|
150
149
|
}
|
|
151
150
|
catch (e) {
|
|
152
151
|
if (e instanceof Error && e.message.includes("Invalid credentials")) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"send-authenticate-request.js","sourceRoot":"","sources":["../../src/lib/send-authenticate-request.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,oBAAoB,EACpB,wBAAwB,
|
|
1
|
+
{"version":3,"file":"send-authenticate-request.js","sourceRoot":"","sources":["../../src/lib/send-authenticate-request.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,oBAAoB,EACpB,wBAAwB,GAEzB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EACL,gCAAgC,GAEjC,MAAM,+BAA+B,CAAC;AAIvC,wEAAwE;AACxE,uEAAuE;AACvE,0EAA0E;AAC1E,sEAAsE;AACtE,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,IAAqC;IAErC,MAAM,WAAW,GAAgB,IAAI,CAAC,WAAW,CAAC;IAClD,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;IACzC,MAAM,cAAc,GAA6B,IAAI,CAAC,cAAc,CAAC;IACrE,MAAM,mBAAmB,GACvB,IAAI,CAAC,mBAAmB,CAAC;IAC3B,MAAM,OAAO,GAAmC,IAAI,CAAC,OAAO,CAAC;IAC7D,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC;IAEjC,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CACT,iEAAiE,CAClE,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,gCAAgC,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACpE,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,qBAAqB,GACzB,oBAAoB,CAAC,mBAAmB,CAAC,SAAS,CAChD,cAAc,CAAC,cAAc,CAC9B,CAAC;IACJ,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,cAAc,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,mBAAmB,KAAK,gBAAgB,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,mBAAmB,KAAK,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,mBAAmB,KAAK,UAAU,EAAE,CAAC;QACvC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,WAAW,CAAC,QAAQ,KAAK,WAAW,CAAC,OAAO,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,IAAI,CAAC,oBAAoB,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,MAAM,iBAAiB,GAAG;QACxB,WAAW,EAAE;YACX,KAAK,EAAE,WAAW,CAAC,KAAK;YACxB,QAAQ,EAAE,WAAW,CAAC,QAAQ;SAC/B;QACD,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,aAAa;QACb,cAAc,EAAE,cAAc,CAAC,cAAc;QAC7C,cAAc,EAAE,cAAc,CAAC,cAAc;KAC9C,CAAC;IAEF,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC;QAC5E,CAAC;QACD,MAAM,+BAA+B,GAAa,MAAM,OAAO,CAAC,KAAK,CACnE,aAAa,mBAAmB,EAAE,EAClC;YACE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC;YACvC,MAAM,EAAE,MAAM;YACd,WAAW,EAAE,aAAa;YAC1B,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;SACF,CACF,CAAC;QACF,IAAI,CAAC,+BAA+B,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CACb,2DAA2D,CAC5D,CAAC;QACJ,CAAC;QACD,QAAQ,GAAG,+BAA+B,CAAC;IAC7C,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,OAAO,QAAQ,CAAC,MAAM,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;QAClE,IAAI,QAAQ,GACV,8DAA8D,CAAC;QACjE,IAAI,CAAC;YACH,MAAM,mBAAmB,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC3D,IACE,OAAO,mBAAmB,KAAK,QAAQ;gBACvC,mBAAmB,KAAK,IAAI,EAC5B,CAAC;gBACD,IACE,SAAS,IAAI,mBAAmB;oBAChC,OAAO,mBAAmB,CAAC,OAAO,KAAK,QAAQ,EAC/C,CAAC;oBACD,QAAQ,GAAG,mBAAmB,CAAC,OAAO,CAAC;gBACzC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,KAAK,KAAK,CAAC;QACb,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI,OAAO,QAAQ,CAAC,MAAM,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,QAAQ,CAAC,MAAM,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,IAAI,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;iBAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,mBAAmB,KAAK,OAAO,EAAE,CAAC;gBACtE,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;YACJ,CAAC;iBAAM,IACL,QAAQ,CAAC,MAAM,KAAK,GAAG;gBACvB,mBAAmB,KAAK,UAAU,EAClC,CAAC;gBACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACpD,CAAC;iBAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnC,IAAI,YAAY,GAAG,2EAA2E,CAAC;gBAC/F,IAAI,CAAC;oBACH,MAAM,IAAI,GAAY,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;oBAC5C,IACE,OAAO,IAAI,KAAK,QAAQ;wBACxB,IAAI,KAAK,IAAI;wBACb,SAAS,IAAI,IAAI;wBACjB,OAAQ,IAAgC,CAAC,OAAO,KAAK,QAAQ,EAC7D,CAAC;wBACD,YAAY,GAAI,IAAgC,CAAC,OAAiB,CAAC;oBACrE,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC;gBACrC,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;YAChC,CAAC;YACD,MAAM,IAAI,KAAK,CACb,2CAA2C,QAAQ,CAAC,MAAM,GAAG,CAC9D,CAAC;QACJ,CAAC;QAED,MAAM,oBAAoB,GAAG,MAAM,wBAAwB,CAAC,cAAc,CACxE,MAAM,QAAQ,CAAC,IAAI,EAAE,CACtB,CAAC;QAEF,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAChE,CAAC;QACD,MAAM,IAAI,GAAuB,oBAAoB,CAAC,IAAI,CAAC;QAE3D,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAClE,MAAM,CAAC,CAAC;QACV,CAAC;QACD,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,CAAC,CAAC,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC"}
|
|
@@ -3,6 +3,7 @@ import { type AppId } from "@schemavaults/app-definitions";
|
|
|
3
3
|
export interface ISendAuthorizeClientApplicationRequestOpts {
|
|
4
4
|
app_id: AppId;
|
|
5
5
|
adapter: ISchemaVaultsAuthClientAdapter;
|
|
6
|
+
state?: string | null;
|
|
6
7
|
}
|
|
7
|
-
export declare function sendAuthorizeClientApplicationRequest({ adapter, app_id, }: ISendAuthorizeClientApplicationRequestOpts): Promise<void>;
|
|
8
|
+
export declare function sendAuthorizeClientApplicationRequest({ adapter, app_id, state, }: ISendAuthorizeClientApplicationRequestOpts): Promise<void>;
|
|
8
9
|
export default sendAuthorizeClientApplicationRequest;
|
|
@@ -1,15 +1,24 @@
|
|
|
1
1
|
import { appIdSchema } from "@schemavaults/app-definitions";
|
|
2
|
-
export async function sendAuthorizeClientApplicationRequest({ adapter, app_id, }) {
|
|
2
|
+
export async function sendAuthorizeClientApplicationRequest({ adapter, app_id, state, }) {
|
|
3
3
|
if (typeof app_id !== "string") {
|
|
4
4
|
throw new TypeError("Expected app to authorize's id to be a string");
|
|
5
5
|
}
|
|
6
6
|
else if (!(await appIdSchema.safeParseAsync(app_id)).success) {
|
|
7
7
|
throw new TypeError("Invalid client 'app_id' to send authorization request for!");
|
|
8
8
|
}
|
|
9
|
-
const
|
|
9
|
+
const hasState = typeof state === "string" && state.length > 0;
|
|
10
|
+
// eslint-disable-next-line no-undef
|
|
11
|
+
const init = {
|
|
10
12
|
method: "POST",
|
|
11
13
|
credentials: "include",
|
|
12
|
-
|
|
14
|
+
...(hasState
|
|
15
|
+
? {
|
|
16
|
+
headers: { "Content-Type": "application/json" },
|
|
17
|
+
body: JSON.stringify({ state }),
|
|
18
|
+
}
|
|
19
|
+
: {}),
|
|
20
|
+
};
|
|
21
|
+
const response = await adapter.fetch(`/api/apps/${app_id}/authorize`, init);
|
|
13
22
|
if (!response.ok || response.status < 200 || response.status >= 300) {
|
|
14
23
|
throw new Error("Received failure response from server");
|
|
15
24
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"send-authorize-client-application-request.js","sourceRoot":"","sources":["../../src/lib/send-authorize-client-application-request.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAc,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"send-authorize-client-application-request.js","sourceRoot":"","sources":["../../src/lib/send-authorize-client-application-request.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAc,MAAM,+BAA+B,CAAC;AAWxE,MAAM,CAAC,KAAK,UAAU,qCAAqC,CAAC,EAC1D,OAAO,EACP,MAAM,EACN,KAAK,GACsC;IAC3C,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAC;IACvE,CAAC;SAAM,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAC/D,MAAM,IAAI,SAAS,CACjB,4DAA4D,CAC7D,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAY,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;IACxE,oCAAoC;IACpC,MAAM,IAAI,GAAgB;QACxB,MAAM,EAAE,MAAM;QACd,WAAW,EAAE,SAAS;QACtB,GAAG,CAAC,QAAQ;YACV,CAAC,CAAC;gBACE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC;aAChC;YACH,CAAC,CAAC,EAAE,CAAC;KACR,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,aAAa,MAAM,YAAY,EAAE,IAAI,CAAC,CAAC;IAC5E,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO;AACT,CAAC;AAED,eAAe,qCAAqC,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { AccessToken, RefreshToken, UserData, CodeChallengeWithDetails, PaginationOptions } from "@schemavaults/auth-common";
|
|
1
|
+
import type { AccessToken, RefreshToken, UserData, CodeChallengeWithDetails, PaginationOptions, AuthenticateResult, MfaStatusResponse, MfaEnrollResponse, MfaVerifyEnrollmentResponse } from "@schemavaults/auth-common";
|
|
2
2
|
import type { Credentials } from "../types/credentials";
|
|
3
3
|
import type { AuthenticationOutcomeType } from "../lib/authentication-outcome-type";
|
|
4
4
|
import type { AcquireAccessTokenOptions } from "../types/acquire-access-token-options";
|
|
@@ -12,10 +12,47 @@ export interface ISchemaVaultsAuthClient {
|
|
|
12
12
|
successful_logout_redirect_uri: string | undefined;
|
|
13
13
|
logout: () => Promise<void>;
|
|
14
14
|
generateCodeChallenge: () => Promise<CodeChallengeWithDetails>;
|
|
15
|
-
sendAuthenticateRequest: (authentication_type: AuthenticationOutcomeType, client_app_id: AppId, credentials: Credentials, code_challenge: CodeChallengeWithDetails) => Promise<
|
|
15
|
+
sendAuthenticateRequest: (authentication_type: AuthenticationOutcomeType, client_app_id: AppId, credentials: Credentials, code_challenge: CodeChallengeWithDetails) => Promise<AuthenticateResult>;
|
|
16
|
+
/**
|
|
17
|
+
* Submit a TOTP code or recovery code for an in-flight MFA challenge
|
|
18
|
+
* received from sendAuthenticateRequest. Resolves with the resulting
|
|
19
|
+
* AuthenticateResult — `authenticated` on success, `failure` if the
|
|
20
|
+
* challenge has been exhausted, or `mfa_required` is never returned
|
|
21
|
+
* here (the server only returns it from the password endpoint).
|
|
22
|
+
*/
|
|
23
|
+
verifyMfaChallenge: (challenge_id: string, client_app_id: AppId, proof: {
|
|
24
|
+
type: "totp";
|
|
25
|
+
code: string;
|
|
26
|
+
} | {
|
|
27
|
+
type: "recovery_code";
|
|
28
|
+
recovery_code: string;
|
|
29
|
+
}) => Promise<AuthenticateResult>;
|
|
30
|
+
/** Get the current user's MFA enrollment status. */
|
|
31
|
+
getMfaStatus: () => Promise<MfaStatusResponse>;
|
|
32
|
+
/**
|
|
33
|
+
* Begin TOTP enrollment for the current user. Returns the new factor's
|
|
34
|
+
* id along with otpauth_url + qr_code_data_url for display.
|
|
35
|
+
*/
|
|
36
|
+
enrollTotp: () => Promise<MfaEnrollResponse>;
|
|
37
|
+
/**
|
|
38
|
+
* Confirm a pending TOTP enrollment by submitting a current code. On
|
|
39
|
+
* success the factor is marked verified and recovery codes are returned
|
|
40
|
+
* (one-time display).
|
|
41
|
+
*/
|
|
42
|
+
confirmTotpEnrollment: (factor_id: string, code: string) => Promise<MfaVerifyEnrollmentResponse>;
|
|
43
|
+
/**
|
|
44
|
+
* Remove an MFA factor by id. Requires the user's current TOTP code as
|
|
45
|
+
* proof of possession.
|
|
46
|
+
*/
|
|
47
|
+
removeFactor: (factor_id: string, code: string) => Promise<void>;
|
|
48
|
+
/**
|
|
49
|
+
* Regenerate the user's recovery codes. Invalidates all previous codes.
|
|
50
|
+
* Requires the current TOTP code as proof.
|
|
51
|
+
*/
|
|
52
|
+
regenerateRecoveryCodes: (code: string) => Promise<MfaVerifyEnrollmentResponse>;
|
|
16
53
|
successful_authentication_redirect_uri: string;
|
|
17
54
|
authorize_uri: string | undefined;
|
|
18
|
-
handleSuccessfulAuthentication: (authorization_code: string, challenge_time: number, code_verifier?: string) => Promise<void>;
|
|
55
|
+
handleSuccessfulAuthentication: (authorization_code: string, challenge_time: number, code_verifier?: string, received_state?: string | null) => Promise<void>;
|
|
19
56
|
getAccessTokenFromCache: (token_id: string) => AccessToken | null;
|
|
20
57
|
getRefreshTokenFromCache: () => RefreshToken | null;
|
|
21
58
|
hasHttpOnlyRefreshToken: () => boolean;
|
|
@@ -64,9 +101,11 @@ export interface ISchemaVaultsAuthClient {
|
|
|
64
101
|
/**
|
|
65
102
|
* @name sendAuthorizeClientApplicationRequest
|
|
66
103
|
* @description Sends a request to the auth server to authorize a client application request auth tokens on your behalf (still need to be logged in)
|
|
104
|
+
* @param app_id The ID of the app to authorize
|
|
105
|
+
* @param state Optional OAuth2 `state` CSRF nonce for the in-flight authorize request. Not persisted server-side — only passed for API hygiene.
|
|
67
106
|
* @returns A promise that resolves or rejects based on if the request succeeds
|
|
68
107
|
*/
|
|
69
|
-
sendAuthorizeClientApplicationRequest: (app_id: AppId) => Promise<void>;
|
|
108
|
+
sendAuthorizeClientApplicationRequest: (app_id: AppId, state?: string | null) => Promise<void>;
|
|
70
109
|
/**
|
|
71
110
|
* @name checkAppAuthorization
|
|
72
111
|
* @description Checks whether the current user has already authorized a given app
|
|
@@ -6,6 +6,11 @@ interface AuthClientCodeVerifierActions {
|
|
|
6
6
|
clearCodeVerifiers: () => void;
|
|
7
7
|
clearCodeVerifier: (challenge_time: number) => void;
|
|
8
8
|
}
|
|
9
|
+
interface AuthClientOAuth2StateActions {
|
|
10
|
+
storeOAuth2State: (state: string, challenge_time: number) => void;
|
|
11
|
+
loadOAuth2State: (challenge_time: number) => string | null;
|
|
12
|
+
clearOAuth2State: (challenge_time: number) => void;
|
|
13
|
+
}
|
|
9
14
|
interface AuthClientUserDataActions {
|
|
10
15
|
storeUserData: (userData: UserData) => void;
|
|
11
16
|
getUserData: () => UserData | null;
|
|
@@ -62,8 +67,19 @@ interface AuthClientNetworkActions {
|
|
|
62
67
|
fetch: (url: string, init: RequestInit | undefined) => Promise<Response>;
|
|
63
68
|
relativeUrlToAbsoluteUrl: (relative_url: string) => string;
|
|
64
69
|
}
|
|
65
|
-
export interface ISchemaVaultsAuthClientAdapter extends AuthClientCodeVerifierActions, AuthClientUserDataActions, AuthClientAuthTokensActions, AuthClientNetworkActions {
|
|
70
|
+
export interface ISchemaVaultsAuthClientAdapter extends AuthClientCodeVerifierActions, AuthClientOAuth2StateActions, AuthClientUserDataActions, AuthClientAuthTokensActions, AuthClientNetworkActions {
|
|
66
71
|
redirect: (uri: string) => void | Promise<void>;
|
|
67
72
|
uuid: () => string;
|
|
73
|
+
/**
|
|
74
|
+
* @name toBase64UrlFromBytes
|
|
75
|
+
* @description Base64url-encode (RFC 4648 §5) a byte buffer. Each
|
|
76
|
+
* environment provides its own implementation so that the SDK does
|
|
77
|
+
* not have to carry a browser/Node compatibility shim: a browser
|
|
78
|
+
* adapter can use `btoa`, a Node adapter can use `Buffer`, a React
|
|
79
|
+
* Native adapter can use its platform primitive.
|
|
80
|
+
* @argument bytes - The raw bytes to encode.
|
|
81
|
+
* @returns A base64url string (no padding, no `+`/`/`).
|
|
82
|
+
*/
|
|
83
|
+
toBase64UrlFromBytes: (bytes: Uint8Array) => string;
|
|
68
84
|
}
|
|
69
85
|
export {};
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@schemavaults/auth-client-sdk",
|
|
3
3
|
"description": "TypeScript SDK for interacting with SchemaVaults Auth server or protected resources",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.10.0",
|
|
5
5
|
"license": "UNLICENSED",
|
|
6
6
|
"private": false,
|
|
7
7
|
"repository": {
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
"types": "dist/index.d.ts",
|
|
15
15
|
"dependencies": {
|
|
16
16
|
"zod": "3.25.8",
|
|
17
|
-
"@schemavaults/auth-common": "0.
|
|
17
|
+
"@schemavaults/auth-common": "0.12.0",
|
|
18
18
|
"@schemavaults/app-definitions": "0.6.23"
|
|
19
19
|
},
|
|
20
20
|
"scripts": {
|