@serve.zone/dcrouter 13.22.0 → 13.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist_serve/bundle.js +952 -792
- package/dist_ts/00_commitinfo_data.js +1 -1
- package/dist_ts/classes.dcrouter.d.ts +4 -0
- package/dist_ts/classes.dcrouter.js +69 -2
- package/dist_ts/db/documents/classes.ip-intelligence.doc.d.ts +25 -0
- package/dist_ts/db/documents/classes.ip-intelligence.doc.js +175 -0
- package/dist_ts/db/documents/classes.security-block-rule.doc.d.ts +17 -0
- package/dist_ts/db/documents/classes.security-block-rule.doc.js +124 -0
- package/dist_ts/db/documents/classes.security-policy-audit.doc.d.ts +11 -0
- package/dist_ts/db/documents/classes.security-policy-audit.doc.js +95 -0
- package/dist_ts/db/documents/index.d.ts +3 -0
- package/dist_ts/db/documents/index.js +4 -1
- package/dist_ts/monitoring/classes.metricsmanager.js +2 -1
- package/dist_ts/opsserver/handlers/security.handler.js +63 -1
- package/dist_ts/remoteingress/classes.remoteingress-manager.d.ts +10 -0
- package/dist_ts/remoteingress/classes.remoteingress-manager.js +9 -1
- package/dist_ts/security/classes.security-policy-manager.d.ts +46 -0
- package/dist_ts/security/classes.security-policy-manager.js +304 -0
- package/dist_ts/security/index.d.ts +1 -0
- package/dist_ts/security/index.js +2 -1
- package/dist_ts_interfaces/data/index.d.ts +1 -0
- package/dist_ts_interfaces/data/index.js +2 -1
- package/dist_ts_interfaces/data/security-policy.d.ts +32 -0
- package/dist_ts_interfaces/data/security-policy.js +2 -0
- package/dist_ts_interfaces/requests/index.d.ts +1 -0
- package/dist_ts_interfaces/requests/index.js +2 -1
- package/dist_ts_interfaces/requests/security-policy.d.ts +95 -0
- package/dist_ts_interfaces/requests/security-policy.js +2 -0
- package/dist_ts_web/00_commitinfo_data.js +1 -1
- package/dist_ts_web/appstate.d.ts +28 -0
- package/dist_ts_web/appstate.js +171 -4
- package/dist_ts_web/elements/network/ops-view-network-activity.d.ts +9 -0
- package/dist_ts_web/elements/network/ops-view-network-activity.js +210 -3
- package/dist_ts_web/elements/security/ops-view-security-blocked.d.ts +12 -3
- package/dist_ts_web/elements/security/ops-view-security-blocked.js +407 -52
- package/package.json +3 -3
- package/ts/00_commitinfo_data.ts +1 -1
- package/ts/classes.dcrouter.ts +91 -3
- package/ts/db/documents/classes.ip-intelligence.doc.ts +75 -0
- package/ts/db/documents/classes.security-block-rule.doc.ts +52 -0
- package/ts/db/documents/classes.security-policy-audit.doc.ts +33 -0
- package/ts/db/documents/index.ts +3 -0
- package/ts/monitoring/classes.metricsmanager.ts +2 -0
- package/ts/opsserver/handlers/security.handler.ts +107 -0
- package/ts/remoteingress/classes.remoteingress-manager.ts +15 -2
- package/ts/security/classes.security-policy-manager.ts +340 -0
- package/ts/security/index.ts +7 -1
- package/ts_web/00_commitinfo_data.ts +1 -1
- package/ts_web/appstate.ts +236 -3
- package/ts_web/elements/network/ops-view-network-activity.ts +219 -2
- package/ts_web/elements/security/ops-view-security-blocked.ts +414 -51
|
@@ -0,0 +1,304 @@
|
|
|
1
|
+
import * as plugins from '../plugins.js';
|
|
2
|
+
import { logger } from '../logger.js';
|
|
3
|
+
import { IpIntelligenceDoc, SecurityBlockRuleDoc, SecurityPolicyAuditDoc } from '../db/index.js';
|
|
4
|
+
export class SecurityPolicyManager {
|
|
5
|
+
smartNetwork = new plugins.smartnetwork.SmartNetwork({
|
|
6
|
+
cacheTtl: 24 * 60 * 60 * 1000,
|
|
7
|
+
});
|
|
8
|
+
intelligenceRefreshMs;
|
|
9
|
+
inFlightObservations = new Set();
|
|
10
|
+
onPolicyChanged;
|
|
11
|
+
constructor(options = {}) {
|
|
12
|
+
this.intelligenceRefreshMs = options.intelligenceRefreshMs ?? 24 * 60 * 60 * 1000;
|
|
13
|
+
this.onPolicyChanged = options.onPolicyChanged;
|
|
14
|
+
}
|
|
15
|
+
async start() {
|
|
16
|
+
logger.log('info', 'SecurityPolicyManager started');
|
|
17
|
+
}
|
|
18
|
+
async stop() {
|
|
19
|
+
await this.smartNetwork.stop();
|
|
20
|
+
}
|
|
21
|
+
async observeIps(ips) {
|
|
22
|
+
const uniqueIps = [...new Set(ips.map((ip) => this.normalizeIp(ip)).filter(Boolean))];
|
|
23
|
+
await Promise.allSettled(uniqueIps.map((ip) => this.observeIp(ip)));
|
|
24
|
+
}
|
|
25
|
+
async observeIp(ipAddress, options = {}) {
|
|
26
|
+
const ip = this.normalizeIp(ipAddress);
|
|
27
|
+
if (!ip || !this.isPublicIp(ip) || this.inFlightObservations.has(ip)) {
|
|
28
|
+
return;
|
|
29
|
+
}
|
|
30
|
+
this.inFlightObservations.add(ip);
|
|
31
|
+
try {
|
|
32
|
+
const now = Date.now();
|
|
33
|
+
let doc = await IpIntelligenceDoc.findByIp(ip);
|
|
34
|
+
if (doc && !options.force && now - doc.updatedAt < this.intelligenceRefreshMs) {
|
|
35
|
+
if (now - doc.lastSeenAt > 60_000) {
|
|
36
|
+
doc.lastSeenAt = now;
|
|
37
|
+
doc.seenCount = (doc.seenCount || 0) + 1;
|
|
38
|
+
await doc.save();
|
|
39
|
+
}
|
|
40
|
+
return;
|
|
41
|
+
}
|
|
42
|
+
const intelligence = await this.smartNetwork.getIpIntelligence(ip);
|
|
43
|
+
if (!doc) {
|
|
44
|
+
doc = new IpIntelligenceDoc();
|
|
45
|
+
doc.ipAddress = ip;
|
|
46
|
+
doc.firstSeenAt = now;
|
|
47
|
+
}
|
|
48
|
+
Object.assign(doc, intelligence);
|
|
49
|
+
doc.lastSeenAt = now;
|
|
50
|
+
doc.updatedAt = now;
|
|
51
|
+
doc.seenCount = (doc.seenCount || 0) + 1;
|
|
52
|
+
await doc.save();
|
|
53
|
+
if (await this.matchesAnyReactiveRule(doc)) {
|
|
54
|
+
await this.notifyPolicyChanged();
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
catch (err) {
|
|
58
|
+
logger.log('warn', `Failed to enrich IP ${ip}: ${err.message}`);
|
|
59
|
+
}
|
|
60
|
+
finally {
|
|
61
|
+
this.inFlightObservations.delete(ip);
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
async listBlockRules() {
|
|
65
|
+
return (await SecurityBlockRuleDoc.findAll()).map((doc) => this.ruleFromDoc(doc));
|
|
66
|
+
}
|
|
67
|
+
async listIpIntelligence() {
|
|
68
|
+
return (await IpIntelligenceDoc.findAll()).map((doc) => this.intelligenceFromDoc(doc));
|
|
69
|
+
}
|
|
70
|
+
async refreshIpIntelligence(ipAddress) {
|
|
71
|
+
const ip = this.normalizeIp(ipAddress);
|
|
72
|
+
if (!ip || !this.isPublicIp(ip)) {
|
|
73
|
+
return null;
|
|
74
|
+
}
|
|
75
|
+
await this.observeIp(ip, { force: true });
|
|
76
|
+
const doc = await IpIntelligenceDoc.findByIp(ip);
|
|
77
|
+
return doc ? this.intelligenceFromDoc(doc) : null;
|
|
78
|
+
}
|
|
79
|
+
async listAuditEvents(limit = 100) {
|
|
80
|
+
return (await SecurityPolicyAuditDoc.findRecent(limit)).map((doc) => ({
|
|
81
|
+
id: doc.id,
|
|
82
|
+
action: doc.action,
|
|
83
|
+
actor: doc.actor,
|
|
84
|
+
details: doc.details,
|
|
85
|
+
createdAt: doc.createdAt,
|
|
86
|
+
}));
|
|
87
|
+
}
|
|
88
|
+
intelligenceFromDoc(doc) {
|
|
89
|
+
return {
|
|
90
|
+
ipAddress: doc.ipAddress,
|
|
91
|
+
asn: doc.asn,
|
|
92
|
+
asnOrg: doc.asnOrg,
|
|
93
|
+
registrantOrg: doc.registrantOrg,
|
|
94
|
+
registrantCountry: doc.registrantCountry,
|
|
95
|
+
networkRange: doc.networkRange,
|
|
96
|
+
abuseContact: doc.abuseContact,
|
|
97
|
+
country: doc.country,
|
|
98
|
+
countryCode: doc.countryCode,
|
|
99
|
+
city: doc.city,
|
|
100
|
+
latitude: doc.latitude,
|
|
101
|
+
longitude: doc.longitude,
|
|
102
|
+
accuracyRadius: doc.accuracyRadius,
|
|
103
|
+
timezone: doc.timezone,
|
|
104
|
+
firstSeenAt: doc.firstSeenAt,
|
|
105
|
+
lastSeenAt: doc.lastSeenAt,
|
|
106
|
+
updatedAt: doc.updatedAt,
|
|
107
|
+
seenCount: doc.seenCount,
|
|
108
|
+
};
|
|
109
|
+
}
|
|
110
|
+
async createBlockRule(input, actor = 'system') {
|
|
111
|
+
const now = Date.now();
|
|
112
|
+
const doc = new SecurityBlockRuleDoc();
|
|
113
|
+
doc.id = plugins.uuid.v4();
|
|
114
|
+
doc.type = input.type;
|
|
115
|
+
doc.value = input.value.trim();
|
|
116
|
+
doc.matchMode = input.matchMode;
|
|
117
|
+
doc.reason = input.reason;
|
|
118
|
+
doc.enabled = input.enabled ?? true;
|
|
119
|
+
doc.createdAt = now;
|
|
120
|
+
doc.updatedAt = now;
|
|
121
|
+
doc.createdBy = actor;
|
|
122
|
+
await doc.save();
|
|
123
|
+
await this.writeAudit('createBlockRule', actor, { rule: this.ruleFromDoc(doc) });
|
|
124
|
+
await this.notifyPolicyChanged();
|
|
125
|
+
return this.ruleFromDoc(doc);
|
|
126
|
+
}
|
|
127
|
+
async updateBlockRule(id, patch, actor = 'system') {
|
|
128
|
+
const doc = await SecurityBlockRuleDoc.findById(id);
|
|
129
|
+
if (!doc) {
|
|
130
|
+
return null;
|
|
131
|
+
}
|
|
132
|
+
if (patch.value !== undefined)
|
|
133
|
+
doc.value = patch.value.trim();
|
|
134
|
+
if (patch.matchMode !== undefined)
|
|
135
|
+
doc.matchMode = patch.matchMode;
|
|
136
|
+
if (patch.reason !== undefined)
|
|
137
|
+
doc.reason = patch.reason;
|
|
138
|
+
if (patch.enabled !== undefined)
|
|
139
|
+
doc.enabled = patch.enabled;
|
|
140
|
+
doc.updatedAt = Date.now();
|
|
141
|
+
await doc.save();
|
|
142
|
+
await this.writeAudit('updateBlockRule', actor, { id, patch });
|
|
143
|
+
await this.notifyPolicyChanged();
|
|
144
|
+
return this.ruleFromDoc(doc);
|
|
145
|
+
}
|
|
146
|
+
async deleteBlockRule(id, actor = 'system') {
|
|
147
|
+
const doc = await SecurityBlockRuleDoc.findById(id);
|
|
148
|
+
if (!doc) {
|
|
149
|
+
return false;
|
|
150
|
+
}
|
|
151
|
+
await doc.delete();
|
|
152
|
+
await this.writeAudit('deleteBlockRule', actor, { id });
|
|
153
|
+
await this.notifyPolicyChanged();
|
|
154
|
+
return true;
|
|
155
|
+
}
|
|
156
|
+
async compilePolicy() {
|
|
157
|
+
const rules = await SecurityBlockRuleDoc.findEnabled();
|
|
158
|
+
const intelligenceDocs = await IpIntelligenceDoc.findAll();
|
|
159
|
+
const blockedIps = new Set();
|
|
160
|
+
const blockedCidrs = new Set();
|
|
161
|
+
for (const rule of rules) {
|
|
162
|
+
const normalizedValue = rule.value.trim();
|
|
163
|
+
if (!normalizedValue)
|
|
164
|
+
continue;
|
|
165
|
+
if (rule.type === 'ip') {
|
|
166
|
+
const ip = this.normalizeIp(normalizedValue);
|
|
167
|
+
if (ip && plugins.net.isIP(ip))
|
|
168
|
+
blockedIps.add(ip);
|
|
169
|
+
continue;
|
|
170
|
+
}
|
|
171
|
+
if (rule.type === 'cidr') {
|
|
172
|
+
const cidr = this.normalizeCidr(normalizedValue);
|
|
173
|
+
if (cidr)
|
|
174
|
+
blockedCidrs.add(cidr);
|
|
175
|
+
continue;
|
|
176
|
+
}
|
|
177
|
+
for (const doc of intelligenceDocs) {
|
|
178
|
+
if (!this.ruleMatchesIntelligence(rule, doc))
|
|
179
|
+
continue;
|
|
180
|
+
const cidr = this.normalizeCidr(doc.networkRange || '');
|
|
181
|
+
if (cidr) {
|
|
182
|
+
blockedCidrs.add(cidr);
|
|
183
|
+
}
|
|
184
|
+
else if (this.normalizeIp(doc.ipAddress)) {
|
|
185
|
+
blockedIps.add(this.normalizeIp(doc.ipAddress));
|
|
186
|
+
}
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
return {
|
|
190
|
+
blockedIps: [...blockedIps].sort(),
|
|
191
|
+
blockedCidrs: [...blockedCidrs].sort(),
|
|
192
|
+
};
|
|
193
|
+
}
|
|
194
|
+
async compileSmartProxyPolicy() {
|
|
195
|
+
return await this.compilePolicy();
|
|
196
|
+
}
|
|
197
|
+
async compileRemoteIngressFirewall() {
|
|
198
|
+
const policy = await this.compilePolicy();
|
|
199
|
+
const blockedIps = [
|
|
200
|
+
...policy.blockedIps.filter((ip) => plugins.net.isIP(ip) === 4),
|
|
201
|
+
...policy.blockedCidrs.filter((cidr) => plugins.net.isIP(cidr.split('/')[0]) === 4),
|
|
202
|
+
];
|
|
203
|
+
return blockedIps.length > 0 ? { blockedIps } : undefined;
|
|
204
|
+
}
|
|
205
|
+
async matchesAnyReactiveRule(doc) {
|
|
206
|
+
const rules = await SecurityBlockRuleDoc.findEnabled();
|
|
207
|
+
return rules.some((rule) => rule.type === 'asn' || rule.type === 'organization'
|
|
208
|
+
? this.ruleMatchesIntelligence(rule, doc)
|
|
209
|
+
: false);
|
|
210
|
+
}
|
|
211
|
+
ruleMatchesIntelligence(rule, doc) {
|
|
212
|
+
const value = rule.value.trim().toLowerCase();
|
|
213
|
+
if (!value)
|
|
214
|
+
return false;
|
|
215
|
+
if (rule.type === 'asn') {
|
|
216
|
+
return String(doc.asn ?? '') === value.replace(/^as/i, '');
|
|
217
|
+
}
|
|
218
|
+
if (rule.type === 'organization') {
|
|
219
|
+
const candidates = [doc.asnOrg, doc.registrantOrg]
|
|
220
|
+
.filter(Boolean)
|
|
221
|
+
.map((candidate) => candidate.toLowerCase());
|
|
222
|
+
if (rule.matchMode === 'exact') {
|
|
223
|
+
return candidates.some((candidate) => candidate === value);
|
|
224
|
+
}
|
|
225
|
+
return candidates.some((candidate) => candidate.includes(value));
|
|
226
|
+
}
|
|
227
|
+
return false;
|
|
228
|
+
}
|
|
229
|
+
normalizeIp(ipAddress) {
|
|
230
|
+
const ip = ipAddress.trim();
|
|
231
|
+
if (ip.startsWith('::ffff:')) {
|
|
232
|
+
return ip.slice('::ffff:'.length);
|
|
233
|
+
}
|
|
234
|
+
return plugins.net.isIP(ip) ? ip : undefined;
|
|
235
|
+
}
|
|
236
|
+
normalizeCidr(value) {
|
|
237
|
+
const [rawIp, rawPrefix] = value.trim().split('/');
|
|
238
|
+
if (!rawIp || !rawPrefix)
|
|
239
|
+
return undefined;
|
|
240
|
+
const ip = this.normalizeIp(rawIp);
|
|
241
|
+
if (!ip)
|
|
242
|
+
return undefined;
|
|
243
|
+
const prefix = Number(rawPrefix);
|
|
244
|
+
const maxPrefix = plugins.net.isIP(ip) === 4 ? 32 : 128;
|
|
245
|
+
if (!Number.isInteger(prefix) || prefix < 0 || prefix > maxPrefix)
|
|
246
|
+
return undefined;
|
|
247
|
+
return `${ip}/${prefix}`;
|
|
248
|
+
}
|
|
249
|
+
isPublicIp(ip) {
|
|
250
|
+
const family = plugins.net.isIP(ip);
|
|
251
|
+
if (family === 4) {
|
|
252
|
+
const parts = ip.split('.').map((part) => Number(part));
|
|
253
|
+
const [a, b] = parts;
|
|
254
|
+
if (a === 10 || a === 127 || a === 0 || a >= 224)
|
|
255
|
+
return false;
|
|
256
|
+
if (a === 100 && b >= 64 && b <= 127)
|
|
257
|
+
return false;
|
|
258
|
+
if (a === 169 && b === 254)
|
|
259
|
+
return false;
|
|
260
|
+
if (a === 172 && b >= 16 && b <= 31)
|
|
261
|
+
return false;
|
|
262
|
+
if (a === 192 && b === 168)
|
|
263
|
+
return false;
|
|
264
|
+
return true;
|
|
265
|
+
}
|
|
266
|
+
if (family === 6) {
|
|
267
|
+
const lower = ip.toLowerCase();
|
|
268
|
+
if (lower === '::1' || lower === '::')
|
|
269
|
+
return false;
|
|
270
|
+
if (lower.startsWith('fe80:') || lower.startsWith('fc') || lower.startsWith('fd'))
|
|
271
|
+
return false;
|
|
272
|
+
return true;
|
|
273
|
+
}
|
|
274
|
+
return false;
|
|
275
|
+
}
|
|
276
|
+
ruleFromDoc(doc) {
|
|
277
|
+
return {
|
|
278
|
+
id: doc.id,
|
|
279
|
+
type: doc.type,
|
|
280
|
+
value: doc.value,
|
|
281
|
+
matchMode: doc.matchMode,
|
|
282
|
+
enabled: doc.enabled,
|
|
283
|
+
reason: doc.reason,
|
|
284
|
+
createdAt: doc.createdAt,
|
|
285
|
+
updatedAt: doc.updatedAt,
|
|
286
|
+
createdBy: doc.createdBy,
|
|
287
|
+
};
|
|
288
|
+
}
|
|
289
|
+
async writeAudit(action, actor, details) {
|
|
290
|
+
const doc = new SecurityPolicyAuditDoc();
|
|
291
|
+
doc.id = plugins.uuid.v4();
|
|
292
|
+
doc.action = action;
|
|
293
|
+
doc.actor = actor;
|
|
294
|
+
doc.details = details;
|
|
295
|
+
doc.createdAt = Date.now();
|
|
296
|
+
await doc.save();
|
|
297
|
+
}
|
|
298
|
+
async notifyPolicyChanged() {
|
|
299
|
+
if (this.onPolicyChanged) {
|
|
300
|
+
await this.onPolicyChanged();
|
|
301
|
+
}
|
|
302
|
+
}
|
|
303
|
+
}
|
|
304
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5zZWN1cml0eS1wb2xpY3ktbWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL3NlY3VyaXR5L2NsYXNzZXMuc2VjdXJpdHktcG9saWN5LW1hbmFnZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxlQUFlLENBQUM7QUFDekMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUN0QyxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsb0JBQW9CLEVBQUUsc0JBQXNCLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQW1CakcsTUFBTSxPQUFPLHFCQUFxQjtJQUNmLFlBQVksR0FBRyxJQUFJLE9BQU8sQ0FBQyxZQUFZLENBQUMsWUFBWSxDQUFDO1FBQ3BFLFFBQVEsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJO0tBQzlCLENBQUMsQ0FBQztJQUNjLHFCQUFxQixDQUFTO0lBQzlCLG9CQUFvQixHQUFHLElBQUksR0FBRyxFQUFVLENBQUM7SUFDekMsZUFBZSxDQUE4QjtJQUU5RCxZQUFZLFVBQXlDLEVBQUU7UUFDckQsSUFBSSxDQUFDLHFCQUFxQixHQUFHLE9BQU8sQ0FBQyxxQkFBcUIsSUFBSSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDbEYsSUFBSSxDQUFDLGVBQWUsR0FBRyxPQUFPLENBQUMsZUFBZSxDQUFDO0lBQ2pELENBQUM7SUFFTSxLQUFLLENBQUMsS0FBSztRQUNoQixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwrQkFBK0IsQ0FBQyxDQUFDO0lBQ3RELENBQUM7SUFFTSxLQUFLLENBQUMsSUFBSTtRQUNmLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUNqQyxDQUFDO0lBRU0sS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFhO1FBQ25DLE1BQU0sU0FBUyxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBYSxDQUFDLENBQUMsQ0FBQztRQUNsRyxNQUFNLE9BQU8sQ0FBQyxVQUFVLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVNLEtBQUssQ0FBQyxTQUFTLENBQUMsU0FBaUIsRUFBRSxVQUErQixFQUFFO1FBQ3pFLE1BQU0sRUFBRSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDdkMsSUFBSSxDQUFDLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDLElBQUksSUFBSSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQ3JFLE9BQU87UUFDVCxDQUFDO1FBRUQsSUFBSSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNsQyxJQUFJLENBQUM7WUFDSCxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDdkIsSUFBSSxHQUFHLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDL0MsSUFBSSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsS0FBSyxJQUFJLEdBQUcsR0FBRyxHQUFHLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO2dCQUM5RSxJQUFJLEdBQUcsR0FBRyxHQUFHLENBQUMsVUFBVSxHQUFHLE1BQU0sRUFBRSxDQUFDO29CQUNsQyxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQztvQkFDckIsR0FBRyxDQUFDLFNBQVMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxTQUFTLElBQUksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO29CQUN6QyxNQUFNLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDbkIsQ0FBQztnQkFDRCxPQUFPO1lBQ1QsQ0FBQztZQUVELE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNuRSxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ1QsR0FBRyxHQUFHLElBQUksaUJBQWlCLEVBQUUsQ0FBQztnQkFDOUIsR0FBRyxDQUFDLFNBQVMsR0FBRyxFQUFFLENBQUM7Z0JBQ25CLEdBQUcsQ0FBQyxXQUFXLEdBQUcsR0FBRyxDQUFDO1lBQ3hCLENBQUM7WUFDRCxNQUFNLENBQUMsTUFBTSxDQUFDLEdBQUcsRUFBRSxZQUFZLENBQUMsQ0FBQztZQUNqQyxHQUFHLENBQUMsVUFBVSxHQUFHLEdBQUcsQ0FBQztZQUNyQixHQUFHLENBQUMsU0FBUyxHQUFHLEdBQUcsQ0FBQztZQUNwQixHQUFHLENBQUMsU0FBUyxHQUFHLENBQUMsR0FBRyxDQUFDLFNBQVMsSUFBSSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDekMsTUFBTSxHQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7WUFFakIsSUFBSSxNQUFNLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUMzQyxNQUFNLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBQ25DLENBQUM7UUFDSCxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHVCQUF1QixFQUFFLEtBQU0sR0FBYSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDN0UsQ0FBQztnQkFBUyxDQUFDO1lBQ1QsSUFBSSxDQUFDLG9CQUFvQixDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUN2QyxDQUFDO0lBQ0gsQ0FBQztJQUVNLEtBQUssQ0FBQyxjQUFjO1FBQ3pCLE9BQU8sQ0FBQyxNQUFNLG9CQUFvQixDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUVNLEtBQUssQ0FBQyxrQkFBa0I7UUFDN0IsT0FBTyxDQUFDLE1BQU0saUJBQWlCLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0lBQ3pGLENBQUM7SUFFTSxLQUFLLENBQUMscUJBQXFCLENBQUMsU0FBaUI7UUFDbEQsTUFBTSxFQUFFLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUN2QyxJQUFJLENBQUMsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQ2hDLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUNELE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUMxQyxNQUFNLEdBQUcsR0FBRyxNQUFNLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNqRCxPQUFPLEdBQUcsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM7SUFDcEQsQ0FBQztJQUVNLEtBQUssQ0FBQyxlQUFlLENBQUMsS0FBSyxHQUFHLEdBQUc7UUFDdEMsT0FBTyxDQUFDLE1BQU0sc0JBQXNCLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ3BFLEVBQUUsRUFBRSxHQUFHLENBQUMsRUFBRTtZQUNWLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTTtZQUNsQixLQUFLLEVBQUUsR0FBRyxDQUFDLEtBQUs7WUFDaEIsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO1lBQ3BCLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUztTQUN6QixDQUFDLENBQUMsQ0FBQztJQUNOLENBQUM7SUFFTyxtQkFBbUIsQ0FBQyxHQUFzQjtRQUNoRCxPQUFPO1lBQ0wsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTO1lBQ3hCLEdBQUcsRUFBRSxHQUFHLENBQUMsR0FBRztZQUNaLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTTtZQUNsQixhQUFhLEVBQUUsR0FBRyxDQUFDLGFBQWE7WUFDaEMsaUJBQWlCLEVBQUUsR0FBRyxDQUFDLGlCQUFpQjtZQUN4QyxZQUFZLEVBQUUsR0FBRyxDQUFDLFlBQVk7WUFDOUIsWUFBWSxFQUFFLEdBQUcsQ0FBQyxZQUFZO1lBQzlCLE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztZQUNwQixXQUFXLEVBQUUsR0FBRyxDQUFDLFdBQVc7WUFDNUIsSUFBSSxFQUFFLEdBQUcsQ0FBQyxJQUFJO1lBQ2QsUUFBUSxFQUFFLEdBQUcsQ0FBQyxRQUFRO1lBQ3RCLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUztZQUN4QixjQUFjLEVBQUUsR0FBRyxDQUFDLGNBQWM7WUFDbEMsUUFBUSxFQUFFLEdBQUcsQ0FBQyxRQUFRO1lBQ3RCLFdBQVcsRUFBRSxHQUFHLENBQUMsV0FBVztZQUM1QixVQUFVLEVBQUUsR0FBRyxDQUFDLFVBQVU7WUFDMUIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTO1lBQ3hCLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUztTQUN6QixDQUFDO0lBQ0osQ0FBQztJQUVNLEtBQUssQ0FBQyxlQUFlLENBQUMsS0FNNUIsRUFBRSxLQUFLLEdBQUcsUUFBUTtRQUNqQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDdkIsTUFBTSxHQUFHLEdBQUcsSUFBSSxvQkFBb0IsRUFBRSxDQUFDO1FBQ3ZDLEdBQUcsQ0FBQyxFQUFFLEdBQUcsT0FBTyxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsQ0FBQztRQUMzQixHQUFHLENBQUMsSUFBSSxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUM7UUFDdEIsR0FBRyxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQy9CLEdBQUcsQ0FBQyxTQUFTLEdBQUcsS0FBSyxDQUFDLFNBQVMsQ0FBQztRQUNoQyxHQUFHLENBQUMsTUFBTSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUM7UUFDMUIsR0FBRyxDQUFDLE9BQU8sR0FBRyxLQUFLLENBQUMsT0FBTyxJQUFJLElBQUksQ0FBQztRQUNwQyxHQUFHLENBQUMsU0FBUyxHQUFHLEdBQUcsQ0FBQztRQUNwQixHQUFHLENBQUMsU0FBUyxHQUFHLEdBQUcsQ0FBQztRQUNwQixHQUFHLENBQUMsU0FBUyxHQUFHLEtBQUssQ0FBQztRQUN0QixNQUFNLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsaUJBQWlCLEVBQUUsS0FBSyxFQUFFLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pGLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7UUFDakMsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQy9CLENBQUM7SUFFTSxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQVUsRUFBRSxLQUFzRixFQUFFLEtBQUssR0FBRyxRQUFRO1FBQy9JLE1BQU0sR0FBRyxHQUFHLE1BQU0sb0JBQW9CLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3BELElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNULE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUNELElBQUksS0FBSyxDQUFDLEtBQUssS0FBSyxTQUFTO1lBQUUsR0FBRyxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQzlELElBQUksS0FBSyxDQUFDLFNBQVMsS0FBSyxTQUFTO1lBQUUsR0FBRyxDQUFDLFNBQVMsR0FBRyxLQUFLLENBQUMsU0FBUyxDQUFDO1FBQ25FLElBQUksS0FBSyxDQUFDLE1BQU0sS0FBSyxTQUFTO1lBQUUsR0FBRyxDQUFDLE1BQU0sR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDO1FBQzFELElBQUksS0FBSyxDQUFDLE9BQU8sS0FBSyxTQUFTO1lBQUUsR0FBRyxDQUFDLE9BQU8sR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDO1FBQzdELEdBQUcsQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzNCLE1BQU0sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxpQkFBaUIsRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFFLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQztRQUMvRCxNQUFNLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1FBQ2pDLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRU0sS0FBSyxDQUFDLGVBQWUsQ0FBQyxFQUFVLEVBQUUsS0FBSyxHQUFHLFFBQVE7UUFDdkQsTUFBTSxHQUFHLEdBQUcsTUFBTSxvQkFBb0IsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDcEQsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ1QsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBQ0QsTUFBTSxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDbkIsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGlCQUFpQixFQUFFLEtBQUssRUFBRSxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDeEQsTUFBTSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztRQUNqQyxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTSxLQUFLLENBQUMsYUFBYTtRQUN4QixNQUFNLEtBQUssR0FBRyxNQUFNLG9CQUFvQixDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ3ZELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUMzRCxNQUFNLFVBQVUsR0FBRyxJQUFJLEdBQUcsRUFBVSxDQUFDO1FBQ3JDLE1BQU0sWUFBWSxHQUFHLElBQUksR0FBRyxFQUFVLENBQUM7UUFFdkMsS0FBSyxNQUFNLElBQUksSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUN6QixNQUFNLGVBQWUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQzFDLElBQUksQ0FBQyxlQUFlO2dCQUFFLFNBQVM7WUFFL0IsSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLElBQUksRUFBRSxDQUFDO2dCQUN2QixNQUFNLEVBQUUsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLGVBQWUsQ0FBQyxDQUFDO2dCQUM3QyxJQUFJLEVBQUUsSUFBSSxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7b0JBQUUsVUFBVSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FBQztnQkFDbkQsU0FBUztZQUNYLENBQUM7WUFFRCxJQUFJLElBQUksQ0FBQyxJQUFJLEtBQUssTUFBTSxFQUFFLENBQUM7Z0JBQ3pCLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsZUFBZSxDQUFDLENBQUM7Z0JBQ2pELElBQUksSUFBSTtvQkFBRSxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUNqQyxTQUFTO1lBQ1gsQ0FBQztZQUVELEtBQUssTUFBTSxHQUFHLElBQUksZ0JBQWdCLEVBQUUsQ0FBQztnQkFDbkMsSUFBSSxDQUFDLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDO29CQUFFLFNBQVM7Z0JBQ3ZELE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLFlBQVksSUFBSSxFQUFFLENBQUMsQ0FBQztnQkFDeEQsSUFBSSxJQUFJLEVBQUUsQ0FBQztvQkFDVCxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUN6QixDQUFDO3FCQUFNLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztvQkFDM0MsVUFBVSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUUsQ0FBQyxDQUFDO2dCQUNuRCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPO1lBQ0wsVUFBVSxFQUFFLENBQUMsR0FBRyxVQUFVLENBQUMsQ0FBQyxJQUFJLEVBQUU7WUFDbEMsWUFBWSxFQUFFLENBQUMsR0FBRyxZQUFZLENBQUMsQ0FBQyxJQUFJLEVBQUU7U0FDdkMsQ0FBQztJQUNKLENBQUM7SUFFTSxLQUFLLENBQUMsdUJBQXVCO1FBQ2xDLE9BQU8sTUFBTSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7SUFDcEMsQ0FBQztJQUVNLEtBQUssQ0FBQyw0QkFBNEI7UUFDdkMsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDMUMsTUFBTSxVQUFVLEdBQUc7WUFDakIsR0FBRyxNQUFNLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQy9ELEdBQUcsTUFBTSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUM7U0FDcEYsQ0FBQztRQUNGLE9BQU8sVUFBVSxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsVUFBVSxFQUFFLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQztJQUM1RCxDQUFDO0lBRU8sS0FBSyxDQUFDLHNCQUFzQixDQUFDLEdBQXNCO1FBQ3pELE1BQU0sS0FBSyxHQUFHLE1BQU0sb0JBQW9CLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDdkQsT0FBTyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxLQUFLLEtBQUssSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLGNBQWM7WUFDN0UsQ0FBQyxDQUFDLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDO1lBQ3pDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUNiLENBQUM7SUFFTyx1QkFBdUIsQ0FBQyxJQUEwQixFQUFFLEdBQXNCO1FBQ2hGLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDOUMsSUFBSSxDQUFDLEtBQUs7WUFBRSxPQUFPLEtBQUssQ0FBQztRQUV6QixJQUFJLElBQUksQ0FBQyxJQUFJLEtBQUssS0FBSyxFQUFFLENBQUM7WUFDeEIsT0FBTyxNQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUMsS0FBSyxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBRUQsSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sVUFBVSxHQUFHLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxHQUFHLENBQUMsYUFBYSxDQUFDO2lCQUMvQyxNQUFNLENBQUMsT0FBTyxDQUFDO2lCQUNmLEdBQUcsQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBVSxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUM7WUFDaEQsSUFBSSxJQUFJLENBQUMsU0FBUyxLQUFLLE9BQU8sRUFBRSxDQUFDO2dCQUMvQixPQUFPLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLFNBQVMsS0FBSyxLQUFLLENBQUMsQ0FBQztZQUM3RCxDQUFDO1lBQ0QsT0FBTyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUMsU0FBUyxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7UUFDbkUsQ0FBQztRQUVELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVPLFdBQVcsQ0FBQyxTQUFpQjtRQUNuQyxNQUFNLEVBQUUsR0FBRyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDNUIsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7WUFDN0IsT0FBTyxFQUFFLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNwQyxDQUFDO1FBQ0QsT0FBTyxPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFDL0MsQ0FBQztJQUVPLGFBQWEsQ0FBQyxLQUFhO1FBQ2pDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsU0FBUyxDQUFDLEdBQUcsS0FBSyxDQUFDLElBQUksRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNuRCxJQUFJLENBQUMsS0FBSyxJQUFJLENBQUMsU0FBUztZQUFFLE9BQU8sU0FBUyxDQUFDO1FBQzNDLE1BQU0sRUFBRSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDbkMsSUFBSSxDQUFDLEVBQUU7WUFBRSxPQUFPLFNBQVMsQ0FBQztRQUMxQixNQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDakMsTUFBTSxTQUFTLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQztRQUN4RCxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsSUFBSSxNQUFNLEdBQUcsQ0FBQyxJQUFJLE1BQU0sR0FBRyxTQUFTO1lBQUUsT0FBTyxTQUFTLENBQUM7UUFDcEYsT0FBTyxHQUFHLEVBQUUsSUFBSSxNQUFNLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRU8sVUFBVSxDQUFDLEVBQVU7UUFDM0IsTUFBTSxNQUFNLEdBQUcsT0FBTyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDcEMsSUFBSSxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDakIsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO1lBQ3hELE1BQU0sQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEdBQUcsS0FBSyxDQUFDO1lBQ3JCLElBQUksQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLEdBQUc7Z0JBQUUsT0FBTyxLQUFLLENBQUM7WUFDL0QsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxJQUFJLEdBQUc7Z0JBQUUsT0FBTyxLQUFLLENBQUM7WUFDbkQsSUFBSSxDQUFDLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxHQUFHO2dCQUFFLE9BQU8sS0FBSyxDQUFDO1lBQ3pDLElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsSUFBSSxFQUFFO2dCQUFFLE9BQU8sS0FBSyxDQUFDO1lBQ2xELElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDLEtBQUssR0FBRztnQkFBRSxPQUFPLEtBQUssQ0FBQztZQUN6QyxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFDRCxJQUFJLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNqQixNQUFNLEtBQUssR0FBRyxFQUFFLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDL0IsSUFBSSxLQUFLLEtBQUssS0FBSyxJQUFJLEtBQUssS0FBSyxJQUFJO2dCQUFFLE9BQU8sS0FBSyxDQUFDO1lBQ3BELElBQUksS0FBSyxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLEtBQUssQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDO2dCQUFFLE9BQU8sS0FBSyxDQUFDO1lBQ2hHLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUNELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVPLFdBQVcsQ0FBQyxHQUF5QjtRQUMzQyxPQUFPO1lBQ0wsRUFBRSxFQUFFLEdBQUcsQ0FBQyxFQUFFO1lBQ1YsSUFBSSxFQUFFLEdBQUcsQ0FBQyxJQUFJO1lBQ2QsS0FBSyxFQUFFLEdBQUcsQ0FBQyxLQUFLO1lBQ2hCLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUztZQUN4QixPQUFPLEVBQUUsR0FBRyxDQUFDLE9BQU87WUFDcEIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNO1lBQ2xCLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUztZQUN4QixTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVM7WUFDeEIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTO1NBQ3pCLENBQUM7SUFDSixDQUFDO0lBRU8sS0FBSyxDQUFDLFVBQVUsQ0FBQyxNQUFjLEVBQUUsS0FBYSxFQUFFLE9BQWdDO1FBQ3RGLE1BQU0sR0FBRyxHQUFHLElBQUksc0JBQXNCLEVBQUUsQ0FBQztRQUN6QyxHQUFHLENBQUMsRUFBRSxHQUFHLE9BQU8sQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDM0IsR0FBRyxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7UUFDcEIsR0FBRyxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUM7UUFDbEIsR0FBRyxDQUFDLE9BQU8sR0FBRyxPQUFPLENBQUM7UUFDdEIsR0FBRyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDM0IsTUFBTSxHQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDbkIsQ0FBQztJQUVPLEtBQUssQ0FBQyxtQkFBbUI7UUFDL0IsSUFBSSxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDekIsTUFBTSxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7UUFDL0IsQ0FBQztJQUNILENBQUM7Q0FDRiJ9
|
|
@@ -1,3 +1,4 @@
|
|
|
1
1
|
export { SecurityLogger, SecurityLogLevel, SecurityEventType, type ISecurityEvent } from './classes.securitylogger.js';
|
|
2
2
|
export { IPReputationChecker, ReputationThreshold, IPType, type IReputationResult, type IIPReputationOptions } from './classes.ipreputationchecker.js';
|
|
3
3
|
export { ContentScanner, ThreatCategory, type IScanResult, type IContentScannerOptions } from './classes.contentscanner.js';
|
|
4
|
+
export { SecurityPolicyManager, type ISecurityPolicyManagerOptions, type IRemoteIngressFirewallSnapshot, } from './classes.security-policy-manager.js';
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export { SecurityLogger, SecurityLogLevel, SecurityEventType } from './classes.securitylogger.js';
|
|
2
2
|
export { IPReputationChecker, ReputationThreshold, IPType } from './classes.ipreputationchecker.js';
|
|
3
3
|
export { ContentScanner, ThreatCategory } from './classes.contentscanner.js';
|
|
4
|
-
|
|
4
|
+
export { SecurityPolicyManager, } from './classes.security-policy-manager.js';
|
|
5
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9zZWN1cml0eS9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQ0wsY0FBYyxFQUNkLGdCQUFnQixFQUNoQixpQkFBaUIsRUFFbEIsTUFBTSw2QkFBNkIsQ0FBQztBQUVyQyxPQUFPLEVBQ0wsbUJBQW1CLEVBQ25CLG1CQUFtQixFQUNuQixNQUFNLEVBR1AsTUFBTSxrQ0FBa0MsQ0FBQztBQUUxQyxPQUFPLEVBQ0wsY0FBYyxFQUNkLGNBQWMsRUFHZixNQUFNLDZCQUE2QixDQUFDO0FBRXJDLE9BQU8sRUFDTCxxQkFBcUIsR0FHdEIsTUFBTSxzQ0FBc0MsQ0FBQyJ9
|
|
@@ -9,4 +9,5 @@ export * from './domain.js';
|
|
|
9
9
|
export * from './dns-record.js';
|
|
10
10
|
export * from './acme-config.js';
|
|
11
11
|
export * from './email-domain.js';
|
|
12
|
-
|
|
12
|
+
export * from './security-policy.js';
|
|
13
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90c19pbnRlcmZhY2VzL2RhdGEvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxXQUFXLENBQUM7QUFDMUIsY0FBYyxZQUFZLENBQUM7QUFDM0IsY0FBYyxvQkFBb0IsQ0FBQztBQUNuQyxjQUFjLHVCQUF1QixDQUFDO0FBQ3RDLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyxVQUFVLENBQUM7QUFDekIsY0FBYyxtQkFBbUIsQ0FBQztBQUNsQyxjQUFjLGFBQWEsQ0FBQztBQUM1QixjQUFjLGlCQUFpQixDQUFDO0FBQ2hDLGNBQWMsa0JBQWtCLENBQUM7QUFDakMsY0FBYyxtQkFBbUIsQ0FBQztBQUNsQyxjQUFjLHNCQUFzQixDQUFDIn0=
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import type { IIpIntelligenceResult } from '@push.rocks/smartnetwork';
|
|
2
|
+
export type TSecurityBlockRuleType = 'ip' | 'cidr' | 'asn' | 'organization';
|
|
3
|
+
export type TSecurityBlockRuleMatchMode = 'exact' | 'contains';
|
|
4
|
+
export interface IIpIntelligenceRecord extends IIpIntelligenceResult {
|
|
5
|
+
ipAddress: string;
|
|
6
|
+
firstSeenAt: number;
|
|
7
|
+
lastSeenAt: number;
|
|
8
|
+
updatedAt: number;
|
|
9
|
+
seenCount: number;
|
|
10
|
+
}
|
|
11
|
+
export interface ISecurityBlockRule {
|
|
12
|
+
id: string;
|
|
13
|
+
type: TSecurityBlockRuleType;
|
|
14
|
+
value: string;
|
|
15
|
+
matchMode?: TSecurityBlockRuleMatchMode;
|
|
16
|
+
enabled: boolean;
|
|
17
|
+
reason?: string;
|
|
18
|
+
createdAt: number;
|
|
19
|
+
updatedAt: number;
|
|
20
|
+
createdBy: string;
|
|
21
|
+
}
|
|
22
|
+
export interface ISecurityCompiledPolicy {
|
|
23
|
+
blockedIps: string[];
|
|
24
|
+
blockedCidrs: string[];
|
|
25
|
+
}
|
|
26
|
+
export interface ISecurityPolicyAuditEvent {
|
|
27
|
+
id: string;
|
|
28
|
+
action: string;
|
|
29
|
+
actor: string;
|
|
30
|
+
details: Record<string, unknown>;
|
|
31
|
+
createdAt: number;
|
|
32
|
+
}
|
|
@@ -19,4 +19,5 @@ export * from './domains.js';
|
|
|
19
19
|
export * from './dns-records.js';
|
|
20
20
|
export * from './acme-config.js';
|
|
21
21
|
export * from './email-domains.js';
|
|
22
|
-
|
|
22
|
+
export * from './security-policy.js';
|
|
23
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90c19pbnRlcmZhY2VzL3JlcXVlc3RzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsWUFBWSxDQUFDO0FBQzNCLGNBQWMsYUFBYSxDQUFDO0FBQzVCLGNBQWMsV0FBVyxDQUFDO0FBQzFCLGNBQWMsWUFBWSxDQUFDO0FBQzNCLGNBQWMscUJBQXFCLENBQUM7QUFDcEMsY0FBYyxhQUFhLENBQUM7QUFDNUIsY0FBYyxnQkFBZ0IsQ0FBQztBQUMvQixjQUFjLGtCQUFrQixDQUFDO0FBQ2pDLGNBQWMsb0JBQW9CLENBQUM7QUFDbkMsY0FBYyx1QkFBdUIsQ0FBQztBQUN0QyxjQUFjLGlCQUFpQixDQUFDO0FBQ2hDLGNBQWMsVUFBVSxDQUFDO0FBQ3pCLGNBQWMsc0JBQXNCLENBQUM7QUFDckMsY0FBYyxzQkFBc0IsQ0FBQztBQUNyQyxjQUFjLHNCQUFzQixDQUFDO0FBQ3JDLGNBQWMsWUFBWSxDQUFDO0FBQzNCLGNBQWMsb0JBQW9CLENBQUM7QUFDbkMsY0FBYyxjQUFjLENBQUM7QUFDN0IsY0FBYyxrQkFBa0IsQ0FBQztBQUNqQyxjQUFjLGtCQUFrQixDQUFDO0FBQ2pDLGNBQWMsb0JBQW9CLENBQUM7QUFDbkMsY0FBYyxzQkFBc0IsQ0FBQyJ9
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
import * as plugins from '../plugins.js';
|
|
2
|
+
import type * as authInterfaces from '../data/auth.js';
|
|
3
|
+
import type { IIpIntelligenceRecord, ISecurityBlockRule, ISecurityCompiledPolicy, ISecurityPolicyAuditEvent, TSecurityBlockRuleMatchMode, TSecurityBlockRuleType } from '../data/security-policy.js';
|
|
4
|
+
export interface IReq_ListSecurityBlockRules extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_ListSecurityBlockRules> {
|
|
5
|
+
method: 'listSecurityBlockRules';
|
|
6
|
+
request: {
|
|
7
|
+
identity: authInterfaces.IIdentity;
|
|
8
|
+
};
|
|
9
|
+
response: {
|
|
10
|
+
rules: ISecurityBlockRule[];
|
|
11
|
+
};
|
|
12
|
+
}
|
|
13
|
+
export interface IReq_CreateSecurityBlockRule extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_CreateSecurityBlockRule> {
|
|
14
|
+
method: 'createSecurityBlockRule';
|
|
15
|
+
request: {
|
|
16
|
+
identity: authInterfaces.IIdentity;
|
|
17
|
+
type: TSecurityBlockRuleType;
|
|
18
|
+
value: string;
|
|
19
|
+
matchMode?: TSecurityBlockRuleMatchMode;
|
|
20
|
+
reason?: string;
|
|
21
|
+
enabled?: boolean;
|
|
22
|
+
};
|
|
23
|
+
response: {
|
|
24
|
+
success: boolean;
|
|
25
|
+
rule?: ISecurityBlockRule;
|
|
26
|
+
message?: string;
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
export interface IReq_UpdateSecurityBlockRule extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_UpdateSecurityBlockRule> {
|
|
30
|
+
method: 'updateSecurityBlockRule';
|
|
31
|
+
request: {
|
|
32
|
+
identity: authInterfaces.IIdentity;
|
|
33
|
+
id: string;
|
|
34
|
+
value?: string;
|
|
35
|
+
matchMode?: TSecurityBlockRuleMatchMode;
|
|
36
|
+
reason?: string;
|
|
37
|
+
enabled?: boolean;
|
|
38
|
+
};
|
|
39
|
+
response: {
|
|
40
|
+
success: boolean;
|
|
41
|
+
rule?: ISecurityBlockRule;
|
|
42
|
+
message?: string;
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
export interface IReq_DeleteSecurityBlockRule extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_DeleteSecurityBlockRule> {
|
|
46
|
+
method: 'deleteSecurityBlockRule';
|
|
47
|
+
request: {
|
|
48
|
+
identity: authInterfaces.IIdentity;
|
|
49
|
+
id: string;
|
|
50
|
+
};
|
|
51
|
+
response: {
|
|
52
|
+
success: boolean;
|
|
53
|
+
message?: string;
|
|
54
|
+
};
|
|
55
|
+
}
|
|
56
|
+
export interface IReq_ListIpIntelligence extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_ListIpIntelligence> {
|
|
57
|
+
method: 'listIpIntelligence';
|
|
58
|
+
request: {
|
|
59
|
+
identity: authInterfaces.IIdentity;
|
|
60
|
+
};
|
|
61
|
+
response: {
|
|
62
|
+
records: IIpIntelligenceRecord[];
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
export interface IReq_GetCompiledSecurityPolicy extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_GetCompiledSecurityPolicy> {
|
|
66
|
+
method: 'getCompiledSecurityPolicy';
|
|
67
|
+
request: {
|
|
68
|
+
identity: authInterfaces.IIdentity;
|
|
69
|
+
};
|
|
70
|
+
response: {
|
|
71
|
+
policy: ISecurityCompiledPolicy;
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
export interface IReq_ListSecurityPolicyAudit extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_ListSecurityPolicyAudit> {
|
|
75
|
+
method: 'listSecurityPolicyAudit';
|
|
76
|
+
request: {
|
|
77
|
+
identity: authInterfaces.IIdentity;
|
|
78
|
+
limit?: number;
|
|
79
|
+
};
|
|
80
|
+
response: {
|
|
81
|
+
events: ISecurityPolicyAuditEvent[];
|
|
82
|
+
};
|
|
83
|
+
}
|
|
84
|
+
export interface IReq_RefreshIpIntelligence extends plugins.typedrequestInterfaces.implementsTR<plugins.typedrequestInterfaces.ITypedRequest, IReq_RefreshIpIntelligence> {
|
|
85
|
+
method: 'refreshIpIntelligence';
|
|
86
|
+
request: {
|
|
87
|
+
identity: authInterfaces.IIdentity;
|
|
88
|
+
ipAddress: string;
|
|
89
|
+
};
|
|
90
|
+
response: {
|
|
91
|
+
success: boolean;
|
|
92
|
+
record?: IIpIntelligenceRecord;
|
|
93
|
+
message?: string;
|
|
94
|
+
};
|
|
95
|
+
}
|
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
import * as plugins from '../plugins.js';
|
|
2
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdHktcG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHNfaW50ZXJmYWNlcy9yZXF1ZXN0cy9zZWN1cml0eS1wb2xpY3kudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxlQUFlLENBQUMifQ==
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
*/
|
|
4
4
|
export const commitinfo = {
|
|
5
5
|
name: '@serve.zone/dcrouter',
|
|
6
|
-
version: '13.
|
|
6
|
+
version: '13.24.0',
|
|
7
7
|
description: 'A multifaceted routing service handling mail and SMS delivery functions.'
|
|
8
8
|
};
|
|
9
9
|
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHNfd2ViLzAwX2NvbW1pdGluZm9fZGF0YS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUNILE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRztJQUN4QixJQUFJLEVBQUUsc0JBQXNCO0lBQzVCLE9BQU8sRUFBRSxTQUFTO0lBQ2xCLFdBQVcsRUFBRSwwRUFBMEU7Q0FDeEYsQ0FBQSJ9
|
|
@@ -65,6 +65,7 @@ export interface INetworkState {
|
|
|
65
65
|
in: number;
|
|
66
66
|
out: number;
|
|
67
67
|
}>;
|
|
68
|
+
ipIntelligence: interfaces.data.IIpIntelligenceRecord[];
|
|
68
69
|
domainActivity: interfaces.data.IDomainActivity[];
|
|
69
70
|
throughputHistory: Array<{
|
|
70
71
|
timestamp: number;
|
|
@@ -80,6 +81,15 @@ export interface INetworkState {
|
|
|
80
81
|
isLoading: boolean;
|
|
81
82
|
error: string | null;
|
|
82
83
|
}
|
|
84
|
+
export interface ISecurityPolicyState {
|
|
85
|
+
rules: interfaces.data.ISecurityBlockRule[];
|
|
86
|
+
ipIntelligence: interfaces.data.IIpIntelligenceRecord[];
|
|
87
|
+
compiledPolicy: interfaces.data.ISecurityCompiledPolicy | null;
|
|
88
|
+
auditEvents: interfaces.data.ISecurityPolicyAuditEvent[];
|
|
89
|
+
isLoading: boolean;
|
|
90
|
+
error: string | null;
|
|
91
|
+
lastUpdated: number;
|
|
92
|
+
}
|
|
83
93
|
export interface ICertificateState {
|
|
84
94
|
certificates: interfaces.requests.ICertificateInfo[];
|
|
85
95
|
summary: {
|
|
@@ -106,6 +116,7 @@ export declare const configStatePart: plugins.deesElement.domtools.plugins.smart
|
|
|
106
116
|
export declare const uiStatePart: plugins.deesElement.domtools.plugins.smartstate.StatePart<string, IUiState>;
|
|
107
117
|
export declare const logStatePart: plugins.deesElement.domtools.plugins.smartstate.StatePart<string, ILogState>;
|
|
108
118
|
export declare const networkStatePart: plugins.deesElement.domtools.plugins.smartstate.StatePart<string, INetworkState>;
|
|
119
|
+
export declare const securityPolicyStatePart: plugins.deesElement.domtools.plugins.smartstate.StatePart<string, ISecurityPolicyState>;
|
|
109
120
|
export declare const emailOpsStatePart: plugins.deesElement.domtools.plugins.smartstate.StatePart<string, IEmailOpsState>;
|
|
110
121
|
export declare const certificateStatePart: plugins.deesElement.domtools.plugins.smartstate.StatePart<string, ICertificateState>;
|
|
111
122
|
export interface IAcmeConfigState {
|
|
@@ -161,6 +172,23 @@ export declare const fetchRecentLogsAction: plugins.deesElement.domtools.plugins
|
|
|
161
172
|
export declare const toggleAutoRefreshAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<IUiState, unknown>;
|
|
162
173
|
export declare const setActiveViewAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<IUiState, string>;
|
|
163
174
|
export declare const fetchNetworkStatsAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<INetworkState, unknown>;
|
|
175
|
+
export declare const fetchSecurityPolicyAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<ISecurityPolicyState, unknown>;
|
|
176
|
+
export declare const createSecurityBlockRuleAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<ISecurityPolicyState, {
|
|
177
|
+
type: interfaces.data.TSecurityBlockRuleType;
|
|
178
|
+
value: string;
|
|
179
|
+
matchMode?: interfaces.data.TSecurityBlockRuleMatchMode;
|
|
180
|
+
reason?: string;
|
|
181
|
+
enabled?: boolean;
|
|
182
|
+
}>;
|
|
183
|
+
export declare const updateSecurityBlockRuleAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<ISecurityPolicyState, {
|
|
184
|
+
id: string;
|
|
185
|
+
value?: string;
|
|
186
|
+
matchMode?: interfaces.data.TSecurityBlockRuleMatchMode;
|
|
187
|
+
reason?: string;
|
|
188
|
+
enabled?: boolean;
|
|
189
|
+
}>;
|
|
190
|
+
export declare const deleteSecurityBlockRuleAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<ISecurityPolicyState, string>;
|
|
191
|
+
export declare const refreshIpIntelligenceAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<ISecurityPolicyState, string>;
|
|
164
192
|
export declare const fetchAllEmailsAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<IEmailOpsState, unknown>;
|
|
165
193
|
export declare const fetchCertificateOverviewAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<ICertificateState, unknown>;
|
|
166
194
|
export declare const reprovisionCertificateAction: plugins.deesElement.domtools.plugins.smartstate.StateAction<ICertificateState, {
|