@serve.zone/dcrouter 13.31.0 → 13.32.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist_serve/bundle.js +721 -721
- package/dist_ts/00_commitinfo_data.js +1 -1
- package/dist_ts/opsserver/classes.opsserver.d.ts +4 -2
- package/dist_ts/opsserver/classes.opsserver.js +2 -11
- package/dist_ts/opsserver/handlers/acme-config.handler.js +7 -24
- package/dist_ts/opsserver/handlers/admin.handler.d.ts +1 -0
- package/dist_ts/opsserver/handlers/admin.handler.js +58 -88
- package/dist_ts/opsserver/handlers/api-token.handler.js +28 -2
- package/dist_ts/opsserver/handlers/certificate.handler.js +7 -24
- package/dist_ts/opsserver/handlers/config.handler.js +3 -1
- package/dist_ts/opsserver/handlers/dns-provider.handler.js +7 -24
- package/dist_ts/opsserver/handlers/dns-record.handler.js +7 -24
- package/dist_ts/opsserver/handlers/domain.handler.js +7 -24
- package/dist_ts/opsserver/handlers/email-domain.handler.js +7 -24
- package/dist_ts/opsserver/handlers/email-ops.handler.js +8 -1
- package/dist_ts/opsserver/handlers/logs.handler.js +4 -1
- package/dist_ts/opsserver/handlers/network-target.handler.js +7 -24
- package/dist_ts/opsserver/handlers/radius.handler.js +32 -1
- package/dist_ts/opsserver/handlers/remoteingress.handler.js +24 -1
- package/dist_ts/opsserver/handlers/route-management.handler.js +7 -26
- package/dist_ts/opsserver/handlers/security.handler.js +32 -7
- package/dist_ts/opsserver/handlers/source-profile.handler.js +7 -24
- package/dist_ts/opsserver/handlers/stats.handler.js +8 -1
- package/dist_ts/opsserver/handlers/target-profile.handler.js +7 -24
- package/dist_ts/opsserver/handlers/users.handler.js +33 -13
- package/dist_ts/opsserver/handlers/vpn.handler.js +34 -1
- package/dist_ts/opsserver/handlers/workhoster.handler.js +16 -35
- package/dist_ts/opsserver/helpers/auth.d.ts +21 -0
- package/dist_ts/opsserver/helpers/auth.js +63 -0
- package/dist_ts_interfaces/data/route-management.d.ts +2 -1
- package/dist_ts_interfaces/data/route-management.js +48 -2
- package/dist_ts_interfaces/requests/api-tokens.d.ts +10 -5
- package/dist_ts_interfaces/requests/combined.stats.d.ts +2 -1
- package/dist_ts_interfaces/requests/config.d.ts +2 -1
- package/dist_ts_interfaces/requests/email-ops.d.ts +6 -3
- package/dist_ts_interfaces/requests/logs.d.ts +4 -2
- package/dist_ts_interfaces/requests/radius.d.ts +24 -12
- package/dist_ts_interfaces/requests/remoteingress.d.ts +14 -7
- package/dist_ts_interfaces/requests/security-policy.d.ts +16 -8
- package/dist_ts_interfaces/requests/stats.d.ts +18 -9
- package/dist_ts_interfaces/requests/users.d.ts +6 -3
- package/dist_ts_interfaces/requests/vpn.d.ts +22 -11
- package/dist_ts_interfaces/requests/workhoster.d.ts +10 -5
- package/dist_ts_migrations/index.js +3 -1
- package/dist_ts_web/00_commitinfo_data.js +1 -1
- package/dist_ts_web/elements/access/ops-view-apitokens.js +2 -21
- package/package.json +2 -2
- package/ts/00_commitinfo_data.ts +1 -1
- package/ts/opsserver/classes.opsserver.ts +3 -14
- package/ts/opsserver/handlers/acme-config.handler.ts +6 -23
- package/ts/opsserver/handlers/admin.handler.ts +64 -101
- package/ts/opsserver/handlers/api-token.handler.ts +27 -1
- package/ts/opsserver/handlers/certificate.handler.ts +6 -23
- package/ts/opsserver/handlers/config.handler.ts +2 -0
- package/ts/opsserver/handlers/dns-provider.handler.ts +6 -23
- package/ts/opsserver/handlers/dns-record.handler.ts +6 -23
- package/ts/opsserver/handlers/domain.handler.ts +6 -23
- package/ts/opsserver/handlers/email-domain.handler.ts +6 -23
- package/ts/opsserver/handlers/email-ops.handler.ts +7 -0
- package/ts/opsserver/handlers/logs.handler.ts +3 -0
- package/ts/opsserver/handlers/network-target.handler.ts +6 -23
- package/ts/opsserver/handlers/radius.handler.ts +31 -0
- package/ts/opsserver/handlers/remoteingress.handler.ts +23 -0
- package/ts/opsserver/handlers/route-management.handler.ts +6 -25
- package/ts/opsserver/handlers/security.handler.ts +31 -6
- package/ts/opsserver/handlers/source-profile.handler.ts +6 -23
- package/ts/opsserver/handlers/stats.handler.ts +7 -0
- package/ts/opsserver/handlers/target-profile.handler.ts +6 -23
- package/ts/opsserver/handlers/users.handler.ts +32 -12
- package/ts/opsserver/handlers/vpn.handler.ts +33 -0
- package/ts/opsserver/handlers/workhoster.handler.ts +18 -33
- package/ts/opsserver/helpers/auth.ts +91 -0
- package/ts_web/00_commitinfo_data.ts +1 -1
- package/ts_web/elements/access/ops-view-apitokens.ts +1 -20
|
@@ -222,26 +222,7 @@ let OpsViewApiTokens = (() => {
|
|
|
222
222
|
}
|
|
223
223
|
async showCreateTokenDialog() {
|
|
224
224
|
const { DeesModal } = await import('@design.estate/dees-catalog');
|
|
225
|
-
const allScopes = [
|
|
226
|
-
'*',
|
|
227
|
-
'routes:read',
|
|
228
|
-
'routes:write',
|
|
229
|
-
'config:read',
|
|
230
|
-
'certificates:read',
|
|
231
|
-
'certificates:write',
|
|
232
|
-
'tokens:read',
|
|
233
|
-
'tokens:manage',
|
|
234
|
-
'domains:read',
|
|
235
|
-
'domains:write',
|
|
236
|
-
'dns-records:read',
|
|
237
|
-
'dns-records:write',
|
|
238
|
-
'email-domains:read',
|
|
239
|
-
'email-domains:write',
|
|
240
|
-
'gateway-clients:read',
|
|
241
|
-
'gateway-clients:write',
|
|
242
|
-
'workhosters:read',
|
|
243
|
-
'workhosters:write',
|
|
244
|
-
];
|
|
225
|
+
const allScopes = [...interfaces.data.apiTokenScopes];
|
|
245
226
|
await DeesModal.createAndShow({
|
|
246
227
|
heading: 'Create API Token',
|
|
247
228
|
content: html `
|
|
@@ -425,4 +406,4 @@ let OpsViewApiTokens = (() => {
|
|
|
425
406
|
return OpsViewApiTokens = _classThis;
|
|
426
407
|
})();
|
|
427
408
|
export { OpsViewApiTokens };
|
|
428
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BzLXZpZXctYXBpdG9rZW5zLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHNfd2ViL2VsZW1lbnRzL2FjY2Vzcy9vcHMtdmlldy1hcGl0b2tlbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLE9BQU8sS0FBSyxRQUFRLE1BQU0sbUJBQW1CLENBQUM7QUFDOUMsT0FBTyxLQUFLLFVBQVUsTUFBTSxzQ0FBc0MsQ0FBQztBQUNuRSxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFFL0MsT0FBTyxFQUNMLFdBQVcsRUFDWCxHQUFHLEVBQ0gsVUFBVSxFQUNWLGFBQWEsRUFDYixJQUFJLEVBQ0osS0FBSyxHQUVOLE1BQU0sNkJBQTZCLENBQUM7SUFLeEIsZ0JBQWdCOzRCQUQ1QixhQUFhLENBQUMsb0JBQW9CLENBQUM7Ozs7c0JBQ0UsV0FBVzs7OztnQ0FBbkIsU0FBUSxXQUFXOzs7O3NDQUM5QyxLQUFLLEVBQUU7WUFBQyxtTEFBUyxVQUFVLDZCQUFWLFVBQVUsK0ZBUTFCO1lBVEosNktBbVlDOzs7O1FBbFlVLGlGQUFzRDtZQUM3RCxZQUFZLEVBQUUsRUFBRTtZQUNoQixRQUFRLEVBQUUsRUFBRTtZQUNaLFNBQVMsRUFBRSxFQUFFO1lBQ2IsY0FBYyxFQUFFLEVBQUU7WUFDbEIsU0FBUyxFQUFFLEtBQUs7WUFDaEIsS0FBSyxFQUFFLElBQUk7WUFDWCxXQUFXLEVBQUUsQ0FBQztTQUNmLEVBQUM7UUFSTyxJQUFTLFVBQVUsZ0RBUTFCO1FBUk8sSUFBUyxVQUFVLHNEQVExQjtRQUVGO1lBQ0UsS0FBSyxFQUFFLENBQUM7O1lBQ1IsTUFBTSxHQUFHLEdBQUcsUUFBUSxDQUFDLHdCQUF3QjtpQkFDMUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7aUJBQ2hCLFNBQVMsQ0FBQyxDQUFDLFVBQVUsRUFBRSxFQUFFO2dCQUN4QixJQUFJLENBQUMsVUFBVSxHQUFHLFVBQVUsQ0FBQztZQUMvQixDQUFDLENBQUMsQ0FBQztZQUNMLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBRS9CLGdFQUFnRTtZQUNoRSx1REFBdUQ7WUFDdkQsTUFBTSxRQUFRLEdBQUcsUUFBUSxDQUFDLGNBQWM7aUJBQ3JDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQztpQkFDM0IsU0FBUyxDQUFDLENBQUMsVUFBVSxFQUFFLEVBQUU7Z0JBQ3hCLElBQUksVUFBVSxFQUFFLENBQUM7b0JBQ2YsUUFBUSxDQUFDLHdCQUF3QixDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLENBQUM7Z0JBQ3hGLENBQUM7WUFDSCxDQUFDLENBQUMsQ0FBQztZQUNMLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1NBQ3JDO1FBRU0sTUFBTSxDQUFDLE1BQU0sR0FBRztZQUNyQixVQUFVLENBQUMsYUFBYTtZQUN4QixXQUFXO1lBQ1gsR0FBRyxDQUFBOzs7Ozs7Ozs7Ozs7O3NCQWFlLFVBQVUsQ0FBQyxPQUFPLENBQUMsd0JBQXdCLEVBQUUsd0JBQXdCLENBQUM7aUJBQzNFLFVBQVUsQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLE1BQU0sQ0FBQzs7Ozs7Ozs7Ozs7Ozs7Ozs7c0JBaUJoQyxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUM7aUJBQzdDLFVBQVUsQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQzs7OztzQkFJbkMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDO2lCQUM3QyxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUM7Ozs7c0JBSW5DLFVBQVUsQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQztpQkFDN0MsVUFBVSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDOztLQUVwRDtTQUNGLENBQUM7UUFFSyxNQUFNO1lBQ1gsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUM7WUFFdEMsT0FBTyxJQUFJLENBQUE7Ozs7O3NCQUtPLFlBQVk7c0JBQ1osbUNBQW1DO2tCQUN2QyxTQUFTO3NCQUNMLE9BQU87d0JBQ0wsSUFBSTsrQkFDRyxJQUFJOzZCQUNOLENBQUMsS0FBb0MsRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDNUQsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO2dCQUNoQixNQUFNLEVBQUUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUM7Z0JBQzNDLE1BQU0sRUFBRSxJQUFJLENBQUMsaUJBQWlCLENBQUMsS0FBSyxDQUFDO2dCQUNyQyxPQUFPLEVBQUUsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLGtCQUFrQixFQUFFO2dCQUN2RCxPQUFPLEVBQUUsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLGtCQUFrQixFQUFFLENBQUMsQ0FBQyxDQUFDLE9BQU87Z0JBQ25GLFFBQVEsRUFBRSxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUMsa0JBQWtCLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTzthQUN2RixDQUFDO3lCQUNhO2dCQUNiO29CQUNFLElBQUksRUFBRSxjQUFjO29CQUNwQixRQUFRLEVBQUUsYUFBYTtvQkFDdkIsSUFBSSxFQUFFLENBQUMsUUFBUSxDQUFDO29CQUNoQixVQUFVLEVBQUUsS0FBSyxJQUFJLEVBQUU7d0JBQ3JCLE1BQU0sSUFBSSxDQUFDLHFCQUFxQixFQUFFLENBQUM7b0JBQ3JDLENBQUM7aUJBQ0Y7Z0JBQ0Q7b0JBQ0UsSUFBSSxFQUFFLFFBQVE7b0JBQ2QsUUFBUSxFQUFFLGFBQWE7b0JBQ3ZCLElBQUksRUFBRSxDQUFDLE9BQU8sRUFBRSxhQUFhLENBQVE7b0JBQ3JDLHdCQUF3QixFQUFFLENBQUMsVUFBZSxFQUFFLEVBQUUsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsT0FBTztvQkFDdkUsVUFBVSxFQUFFLEtBQUssRUFBRSxVQUFlLEVBQUUsRUFBRTt3QkFDcEMsTUFBTSxLQUFLLEdBQUcsVUFBVSxDQUFDLElBQXFDLENBQUM7d0JBQy9ELE1BQU0sUUFBUSxDQUFDLHdCQUF3QixDQUFDLGNBQWMsQ0FDcEQsUUFBUSxDQUFDLG9CQUFvQixFQUM3QixFQUFFLEVBQUUsRUFBRSxLQUFLLENBQUMsRUFBRSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FDaEMsQ0FBQztvQkFDSixDQUFDO2lCQUNGO2dCQUNEO29CQUNFLElBQUksRUFBRSxTQUFTO29CQUNmLFFBQVEsRUFBRSxjQUFjO29CQUN4QixJQUFJLEVBQUUsQ0FBQyxPQUFPLEVBQUUsYUFBYSxDQUFRO29CQUNyQyx3QkFBd0IsRUFBRSxDQUFDLFVBQWUsRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPO29CQUN0RSxVQUFVLEVBQUUsS0FBSyxFQUFFLFVBQWUsRUFBRSxFQUFFO3dCQUNwQyxNQUFNLEtBQUssR0FBRyxVQUFVLENBQUMsSUFBcUMsQ0FBQzt3QkFDL0QsTUFBTSxRQUFRLENBQUMsd0JBQXdCLENBQUMsY0FBYyxDQUNwRCxRQUFRLENBQUMsb0JBQW9CLEVBQzdCLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxDQUNqQyxDQUFDO29CQUNKLENBQUM7aUJBQ0Y7Z0JBQ0Q7b0JBQ0UsSUFBSSxFQUFFLE1BQU07b0JBQ1osUUFBUSxFQUFFLGlCQUFpQjtvQkFDM0IsSUFBSSxFQUFFLENBQUMsT0FBTyxFQUFFLGFBQWEsQ0FBUTtvQkFDckMsVUFBVSxFQUFFLEtBQUssRUFBRSxVQUFlLEVBQUUsRUFBRTt3QkFDcEMsTUFBTSxLQUFLLEdBQUcsVUFBVSxDQUFDLElBQXFDLENBQUM7d0JBQy9ELE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxDQUFDO29CQUN4QyxDQUFDO2lCQUNGO2dCQUNEO29CQUNFLElBQUksRUFBRSxRQUFRO29CQUNkLFFBQVEsRUFBRSxlQUFlO29CQUN6QixJQUFJLEVBQUUsQ0FBQyxPQUFPLEVBQUUsYUFBYSxDQUFRO29CQUNyQyxVQUFVLEVBQUUsS0FBSyxFQUFFLFVBQWUsRUFBRSxFQUFFO3dCQUNwQyxNQUFNLEtBQUssR0FBRyxVQUFVLENBQUMsSUFBcUMsQ0FBQzt3QkFDL0QsTUFBTSxRQUFRLENBQUMsd0JBQXdCLENBQUMsY0FBYyxDQUNwRCxRQUFRLENBQUMsb0JBQW9CLEVBQzdCLEtBQUssQ0FBQyxFQUFFLENBQ1QsQ0FBQztvQkFDSixDQUFDO2lCQUNGO2FBQ0Y7OztLQUdOLENBQUM7UUFDSixDQUFDO1FBRU8sZ0JBQWdCLENBQUMsTUFBd0I7WUFDL0MsT0FBTyxJQUFJLENBQUEsMERBQTBELE1BQU0sQ0FBQyxHQUFHLENBQzdFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUEsMkJBQTJCLENBQUMsU0FBUyxDQUNqRCxRQUFRLENBQUM7UUFDWixDQUFDO1FBRU8saUJBQWlCLENBQUMsS0FBb0M7WUFDNUQsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDbkIsT0FBTyxJQUFJLENBQUEsb0RBQW9ELENBQUM7WUFDbEUsQ0FBQztZQUNELElBQUksS0FBSyxDQUFDLFNBQVMsSUFBSSxLQUFLLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO2dCQUNwRCxPQUFPLElBQUksQ0FBQSxrREFBa0QsQ0FBQztZQUNoRSxDQUFDO1lBQ0QsT0FBTyxJQUFJLENBQUEsZ0RBQWdELENBQUM7UUFDOUQsQ0FBQztRQUVPLEtBQUssQ0FBQyxxQkFBcUI7WUFDakMsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLE1BQU0sTUFBTSxDQUFDLDZCQUE2QixDQUFDLENBQUM7WUFFbEUsTUFBTSxTQUFTLEdBQUc7Z0JBQ2hCLEdBQUc7Z0JBQ0gsYUFBYTtnQkFDYixjQUFjO2dCQUNkLGFBQWE7Z0JBQ2IsbUJBQW1CO2dCQUNuQixvQkFBb0I7Z0JBQ3BCLGFBQWE7Z0JBQ2IsZUFBZTtnQkFDZixjQUFjO2dCQUNkLGVBQWU7Z0JBQ2Ysa0JBQWtCO2dCQUNsQixtQkFBbUI7Z0JBQ25CLG9CQUFvQjtnQkFDcEIscUJBQXFCO2dCQUNyQixzQkFBc0I7Z0JBQ3RCLHVCQUF1QjtnQkFDdkIsa0JBQWtCO2dCQUNsQixtQkFBbUI7YUFDcEIsQ0FBQztZQUVGLE1BQU0sU0FBUyxDQUFDLGFBQWEsQ0FBQztnQkFDNUIsT0FBTyxFQUFFLGtCQUFrQjtnQkFDM0IsT0FBTyxFQUFFLElBQUksQ0FBQTs7Ozs7a0NBS2UsTUFBTSxXQUFXLFlBQVksY0FBYyxJQUFJOzttQkFFOUQsUUFBUTtxQkFDTixjQUFjO3FCQUNkLENBQUMsc0JBQXNCLEVBQUUsdUJBQXVCLENBQUM7MkJBQzNDLFNBQVM7d0JBQ1osSUFBSTs7a0NBRU0sWUFBWSxXQUFXLGFBQWEsaUJBQWlCLG1DQUFtQztrQ0FDeEYsbUJBQW1CLFdBQVcscUJBQXFCLGlCQUFpQixzREFBc0Q7a0NBQzFILGlCQUFpQixXQUFXLG1CQUFtQixpQkFBaUIsbUNBQW1DO2tDQUNuRyxrQkFBa0IsV0FBVyxtQkFBbUIsaUJBQWlCLDBDQUEwQztrQ0FDM0csb0JBQW9CLFdBQVcsc0JBQXNCLGlCQUFpQiwrQ0FBK0M7a0NBQ3JILGVBQWUsV0FBVyxZQUFZLGlCQUFpQiwrQ0FBK0M7O09BRWpJO2dCQUNELFdBQVcsRUFBRTtvQkFDWDt3QkFDRSxJQUFJLEVBQUUsUUFBUTt3QkFDZCxRQUFRLEVBQUUsVUFBVTt3QkFDcEIsTUFBTSxFQUFFLEtBQUssRUFBRSxRQUFhLEVBQUUsRUFBRSxDQUFDLE1BQU0sUUFBUSxDQUFDLE9BQU8sRUFBRTtxQkFDMUQ7b0JBQ0Q7d0JBQ0UsSUFBSSxFQUFFLFFBQVE7d0JBQ2QsUUFBUSxFQUFFLFlBQVk7d0JBQ3RCLE1BQU0sRUFBRSxLQUFLLEVBQUUsUUFBYSxFQUFFLEVBQUU7NEJBQzlCLE1BQU0sU0FBUyxHQUFHLFFBQVEsQ0FBQyxVQUFVLEVBQUUsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDOzRCQUNqRSxNQUFNLElBQUksR0FBRyxTQUFTLEVBQUUsYUFBYSxDQUFDLFdBQVcsQ0FBQyxDQUFDOzRCQUNuRCxJQUFJLENBQUMsSUFBSTtnQ0FBRSxPQUFPOzRCQUNsQixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQzs0QkFDOUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJO2dDQUFFLE9BQU87NEJBRTNCLHFGQUFxRjs0QkFDckYsaUVBQWlFOzRCQUNqRSxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLGlCQUFpQixDQUFRLENBQUM7NEJBQy9ELE1BQU0sU0FBUyxHQUFhLFNBQVMsRUFBRSxRQUFRLEVBQUUsRUFBRSxJQUFJLFNBQVMsRUFBRSxLQUFLLElBQUksUUFBUSxDQUFDLE1BQU0sSUFBSSxFQUFFLENBQUM7NEJBQ2pHLE1BQU0sTUFBTSxHQUFHLFNBQVM7aUNBQ3JCLE1BQU0sQ0FBQyxDQUFDLENBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFRLENBQUMsQ0FBcUIsQ0FBQzs0QkFDM0UsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxRQUFRLEVBQUUsTUFBTSxDQUFDLENBQUM7NEJBRWxELE1BQU0sYUFBYSxHQUFHLFFBQVEsQ0FBQyxhQUFhO2dDQUMxQyxDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxhQUFhLEVBQUUsRUFBRSxDQUFDO2dDQUN0QyxDQUFDLENBQUMsSUFBSSxDQUFDOzRCQUVULE1BQU0sUUFBUSxDQUFDLE9BQU8sRUFBRSxDQUFDOzRCQUV6QixJQUFJLENBQUM7Z0NBQ0gsTUFBTSxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsY0FBYyxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsTUFBTSxFQUFFLGFBQWEsRUFBRSxNQUFNLENBQUMsQ0FBQztnQ0FDN0YsSUFBSSxRQUFRLENBQUMsT0FBTyxJQUFJLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FBQztvQ0FDNUMscUVBQXFFO29DQUNyRSxNQUFNLFFBQVEsQ0FBQyx3QkFBd0IsQ0FBQyxjQUFjLENBQUMsUUFBUSxDQUFDLG9CQUFvQixFQUFFLElBQUksQ0FBQyxDQUFDO29DQUU1RixzQ0FBc0M7b0NBQ3RDLE1BQU0sU0FBUyxDQUFDLGFBQWEsQ0FBQzt3Q0FDNUIsT0FBTyxFQUFFLGVBQWU7d0NBQ3hCLE9BQU8sRUFBRSxJQUFJLENBQUE7Ozs7NkZBSThELFFBQVEsQ0FBQyxVQUFVOzs7bUJBRzdGO3dDQUNELFdBQVcsRUFBRTs0Q0FDWDtnREFDRSxJQUFJLEVBQUUsTUFBTTtnREFDWixRQUFRLEVBQUUsY0FBYztnREFDeEIsTUFBTSxFQUFFLEtBQUssRUFBRSxDQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLE9BQU8sRUFBRTs2Q0FDNUM7eUNBQ0Y7cUNBQ0YsQ0FBQyxDQUFDO2dDQUNMLENBQUM7NEJBQ0gsQ0FBQzs0QkFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dDQUNmLE9BQU8sQ0FBQyxLQUFLLENBQUMseUJBQXlCLEVBQUUsS0FBSyxDQUFDLENBQUM7NEJBQ2xELENBQUM7d0JBQ0gsQ0FBQztxQkFDRjtpQkFDRjthQUNGLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFTyxXQUFXLENBQUMsUUFBYSxFQUFFLE1BQXdCO1lBQ3pELE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ3RELElBQUksQ0FBQyxJQUFJO2dCQUFFLE9BQU8sU0FBUyxDQUFDO1lBQzVCLE1BQU0sTUFBTSxHQUFRO2dCQUNsQixJQUFJO2dCQUNKLE1BQU07YUFDUCxDQUFDO1lBQ0YsSUFBSSxJQUFJLEtBQUssZUFBZSxFQUFFLENBQUM7Z0JBQzdCLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsaUJBQWlCLElBQUksUUFBUSxDQUFDLENBQUMsSUFBSSxFQUFxQyxDQUFDO2dCQUN0RyxNQUFNLEVBQUUsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLGVBQWUsSUFBSSxFQUFFLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDekQsSUFBSSxFQUFFLEVBQUUsQ0FBQztvQkFDUCxNQUFNLENBQUMsYUFBYSxHQUFHLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxDQUFDO2dCQUN0QyxDQUFDO2dCQUNELE1BQU0sQ0FBQyxnQkFBZ0IsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLGdCQUFnQixJQUFJLEVBQUUsQ0FBQztxQkFDOUQsS0FBSyxDQUFDLEdBQUcsQ0FBQztxQkFDVixHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsQ0FBQztxQkFDaEMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO2dCQUNuQixNQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLGtCQUFrQixJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUNoRSxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztvQkFDekIsTUFBTSxDQUFDLElBQUksRUFBRSxVQUFVLENBQUMsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO29CQUM3QyxNQUFNLENBQUMsbUJBQW1CLEdBQUcsQ0FBQzs0QkFDNUIsSUFBSSxFQUFFLElBQUksQ0FBQyxJQUFJLEVBQUU7NEJBQ2pCLEtBQUssRUFBRSxVQUFVLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO3lCQUN6RyxDQUFDLENBQUM7Z0JBQ0wsQ0FBQztnQkFDRCxNQUFNLENBQUMsWUFBWSxHQUFHO29CQUNwQixXQUFXLEVBQUUsSUFBSTtvQkFDakIsY0FBYyxFQUFFLElBQUk7b0JBQ3BCLFVBQVUsRUFBRSxJQUFJO29CQUNoQixjQUFjLEVBQUUsS0FBSztvQkFDckIsbUJBQW1CLEVBQUUsS0FBSztpQkFDM0IsQ0FBQztZQUNKLENBQUM7WUFDRCxPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDO1FBRU8sS0FBSyxDQUFDLG1CQUFtQixDQUFDLEtBQW9DO1lBQ3BFLE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxNQUFNLE1BQU0sQ0FBQyw2QkFBNkIsQ0FBQyxDQUFDO1lBRWxFLE1BQU0sU0FBUyxDQUFDLGFBQWEsQ0FBQztnQkFDNUIsT0FBTyxFQUFFLG1CQUFtQjtnQkFDNUIsT0FBTyxFQUFFLElBQUksQ0FBQTs7MkRBRXdDLEtBQUssQ0FBQyxJQUFJOztPQUU5RDtnQkFDRCxXQUFXLEVBQUU7b0JBQ1g7d0JBQ0UsSUFBSSxFQUFFLFFBQVE7d0JBQ2QsUUFBUSxFQUFFLFVBQVU7d0JBQ3BCLE1BQU0sRUFBRSxLQUFLLEVBQUUsUUFBYSxFQUFFLEVBQUUsQ0FBQyxNQUFNLFFBQVEsQ0FBQyxPQUFPLEVBQUU7cUJBQzFEO29CQUNEO3dCQUNFLElBQUksRUFBRSxZQUFZO3dCQUNsQixRQUFRLEVBQUUsaUJBQWlCO3dCQUMzQixNQUFNLEVBQUUsS0FBSyxFQUFFLFFBQWEsRUFBRSxFQUFFOzRCQUM5QixNQUFNLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQzs0QkFDekIsSUFBSSxDQUFDO2dDQUNILE1BQU0sUUFBUSxHQUFHLE1BQU0sUUFBUSxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7Z0NBQ3ZELElBQUksUUFBUSxDQUFDLE9BQU8sSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQUM7b0NBQzVDLE1BQU0sUUFBUSxDQUFDLHdCQUF3QixDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLENBQUM7b0NBRTVGLE1BQU0sU0FBUyxDQUFDLGFBQWEsQ0FBQzt3Q0FDNUIsT0FBTyxFQUFFLGNBQWM7d0NBQ3ZCLE9BQU8sRUFBRSxJQUFJLENBQUE7Ozs7NkZBSThELFFBQVEsQ0FBQyxVQUFVOzs7bUJBRzdGO3dDQUNELFdBQVcsRUFBRTs0Q0FDWDtnREFDRSxJQUFJLEVBQUUsTUFBTTtnREFDWixRQUFRLEVBQUUsY0FBYztnREFDeEIsTUFBTSxFQUFFLEtBQUssRUFBRSxDQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLE9BQU8sRUFBRTs2Q0FDNUM7eUNBQ0Y7cUNBQ0YsQ0FBQyxDQUFDO2dDQUNMLENBQUM7NEJBQ0gsQ0FBQzs0QkFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dDQUNmLE9BQU8sQ0FBQyxLQUFLLENBQUMsdUJBQXVCLEVBQUUsS0FBSyxDQUFDLENBQUM7NEJBQ2hELENBQUM7d0JBQ0gsQ0FBQztxQkFDRjtpQkFDRjthQUNGLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCxLQUFLLENBQUMsWUFBWTtZQUNoQixNQUFNLFFBQVEsQ0FBQyx3QkFBd0IsQ0FBQyxjQUFjLENBQUMsUUFBUSxDQUFDLG9CQUFvQixFQUFFLElBQUksQ0FBQyxDQUFDO1FBQzlGLENBQUM7O1lBbFlVLHVEQUFnQjs7Ozs7U0FBaEIsZ0JBQWdCIn0=
|
|
409
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BzLXZpZXctYXBpdG9rZW5zLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vdHNfd2ViL2VsZW1lbnRzL2FjY2Vzcy9vcHMtdmlldy1hcGl0b2tlbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLE9BQU8sS0FBSyxRQUFRLE1BQU0sbUJBQW1CLENBQUM7QUFDOUMsT0FBTyxLQUFLLFVBQVUsTUFBTSxzQ0FBc0MsQ0FBQztBQUNuRSxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFFL0MsT0FBTyxFQUNMLFdBQVcsRUFDWCxHQUFHLEVBQ0gsVUFBVSxFQUNWLGFBQWEsRUFDYixJQUFJLEVBQ0osS0FBSyxHQUVOLE1BQU0sNkJBQTZCLENBQUM7SUFLeEIsZ0JBQWdCOzRCQUQ1QixhQUFhLENBQUMsb0JBQW9CLENBQUM7Ozs7c0JBQ0UsV0FBVzs7OztnQ0FBbkIsU0FBUSxXQUFXOzs7O3NDQUM5QyxLQUFLLEVBQUU7WUFBQyxtTEFBUyxVQUFVLDZCQUFWLFVBQVUsK0ZBUTFCO1lBVEosNktBZ1hDOzs7O1FBL1dVLGlGQUFzRDtZQUM3RCxZQUFZLEVBQUUsRUFBRTtZQUNoQixRQUFRLEVBQUUsRUFBRTtZQUNaLFNBQVMsRUFBRSxFQUFFO1lBQ2IsY0FBYyxFQUFFLEVBQUU7WUFDbEIsU0FBUyxFQUFFLEtBQUs7WUFDaEIsS0FBSyxFQUFFLElBQUk7WUFDWCxXQUFXLEVBQUUsQ0FBQztTQUNmLEVBQUM7UUFSTyxJQUFTLFVBQVUsZ0RBUTFCO1FBUk8sSUFBUyxVQUFVLHNEQVExQjtRQUVGO1lBQ0UsS0FBSyxFQUFFLENBQUM7O1lBQ1IsTUFBTSxHQUFHLEdBQUcsUUFBUSxDQUFDLHdCQUF3QjtpQkFDMUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7aUJBQ2hCLFNBQVMsQ0FBQyxDQUFDLFVBQVUsRUFBRSxFQUFFO2dCQUN4QixJQUFJLENBQUMsVUFBVSxHQUFHLFVBQVUsQ0FBQztZQUMvQixDQUFDLENBQUMsQ0FBQztZQUNMLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBRS9CLGdFQUFnRTtZQUNoRSx1REFBdUQ7WUFDdkQsTUFBTSxRQUFRLEdBQUcsUUFBUSxDQUFDLGNBQWM7aUJBQ3JDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQztpQkFDM0IsU0FBUyxDQUFDLENBQUMsVUFBVSxFQUFFLEVBQUU7Z0JBQ3hCLElBQUksVUFBVSxFQUFFLENBQUM7b0JBQ2YsUUFBUSxDQUFDLHdCQUF3QixDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLENBQUM7Z0JBQ3hGLENBQUM7WUFDSCxDQUFDLENBQUMsQ0FBQztZQUNMLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1NBQ3JDO1FBRU0sTUFBTSxDQUFDLE1BQU0sR0FBRztZQUNyQixVQUFVLENBQUMsYUFBYTtZQUN4QixXQUFXO1lBQ1gsR0FBRyxDQUFBOzs7Ozs7Ozs7Ozs7O3NCQWFlLFVBQVUsQ0FBQyxPQUFPLENBQUMsd0JBQXdCLEVBQUUsd0JBQXdCLENBQUM7aUJBQzNFLFVBQVUsQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLE1BQU0sQ0FBQzs7Ozs7Ozs7Ozs7Ozs7Ozs7c0JBaUJoQyxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUM7aUJBQzdDLFVBQVUsQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQzs7OztzQkFJbkMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDO2lCQUM3QyxVQUFVLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxTQUFTLENBQUM7Ozs7c0JBSW5DLFVBQVUsQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQztpQkFDN0MsVUFBVSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDOztLQUVwRDtTQUNGLENBQUM7UUFFSyxNQUFNO1lBQ1gsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUM7WUFFdEMsT0FBTyxJQUFJLENBQUE7Ozs7O3NCQUtPLFlBQVk7c0JBQ1osbUNBQW1DO2tCQUN2QyxTQUFTO3NCQUNMLE9BQU87d0JBQ0wsSUFBSTsrQkFDRyxJQUFJOzZCQUNOLENBQUMsS0FBb0MsRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDNUQsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO2dCQUNoQixNQUFNLEVBQUUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUM7Z0JBQzNDLE1BQU0sRUFBRSxJQUFJLENBQUMsaUJBQWlCLENBQUMsS0FBSyxDQUFDO2dCQUNyQyxPQUFPLEVBQUUsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLGtCQUFrQixFQUFFO2dCQUN2RCxPQUFPLEVBQUUsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLGtCQUFrQixFQUFFLENBQUMsQ0FBQyxDQUFDLE9BQU87Z0JBQ25GLFFBQVEsRUFBRSxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUMsa0JBQWtCLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTzthQUN2RixDQUFDO3lCQUNhO2dCQUNiO29CQUNFLElBQUksRUFBRSxjQUFjO29CQUNwQixRQUFRLEVBQUUsYUFBYTtvQkFDdkIsSUFBSSxFQUFFLENBQUMsUUFBUSxDQUFDO29CQUNoQixVQUFVLEVBQUUsS0FBSyxJQUFJLEVBQUU7d0JBQ3JCLE1BQU0sSUFBSSxDQUFDLHFCQUFxQixFQUFFLENBQUM7b0JBQ3JDLENBQUM7aUJBQ0Y7Z0JBQ0Q7b0JBQ0UsSUFBSSxFQUFFLFFBQVE7b0JBQ2QsUUFBUSxFQUFFLGFBQWE7b0JBQ3ZCLElBQUksRUFBRSxDQUFDLE9BQU8sRUFBRSxhQUFhLENBQVE7b0JBQ3JDLHdCQUF3QixFQUFFLENBQUMsVUFBZSxFQUFFLEVBQUUsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsT0FBTztvQkFDdkUsVUFBVSxFQUFFLEtBQUssRUFBRSxVQUFlLEVBQUUsRUFBRTt3QkFDcEMsTUFBTSxLQUFLLEdBQUcsVUFBVSxDQUFDLElBQXFDLENBQUM7d0JBQy9ELE1BQU0sUUFBUSxDQUFDLHdCQUF3QixDQUFDLGNBQWMsQ0FDcEQsUUFBUSxDQUFDLG9CQUFvQixFQUM3QixFQUFFLEVBQUUsRUFBRSxLQUFLLENBQUMsRUFBRSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUUsQ0FDaEMsQ0FBQztvQkFDSixDQUFDO2lCQUNGO2dCQUNEO29CQUNFLElBQUksRUFBRSxTQUFTO29CQUNmLFFBQVEsRUFBRSxjQUFjO29CQUN4QixJQUFJLEVBQUUsQ0FBQyxPQUFPLEVBQUUsYUFBYSxDQUFRO29CQUNyQyx3QkFBd0IsRUFBRSxDQUFDLFVBQWUsRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxPQUFPO29CQUN0RSxVQUFVLEVBQUUsS0FBSyxFQUFFLFVBQWUsRUFBRSxFQUFFO3dCQUNwQyxNQUFNLEtBQUssR0FBRyxVQUFVLENBQUMsSUFBcUMsQ0FBQzt3QkFDL0QsTUFBTSxRQUFRLENBQUMsd0JBQXdCLENBQUMsY0FBYyxDQUNwRCxRQUFRLENBQUMsb0JBQW9CLEVBQzdCLEVBQUUsRUFBRSxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxDQUNqQyxDQUFDO29CQUNKLENBQUM7aUJBQ0Y7Z0JBQ0Q7b0JBQ0UsSUFBSSxFQUFFLE1BQU07b0JBQ1osUUFBUSxFQUFFLGlCQUFpQjtvQkFDM0IsSUFBSSxFQUFFLENBQUMsT0FBTyxFQUFFLGFBQWEsQ0FBUTtvQkFDckMsVUFBVSxFQUFFLEtBQUssRUFBRSxVQUFlLEVBQUUsRUFBRTt3QkFDcEMsTUFBTSxLQUFLLEdBQUcsVUFBVSxDQUFDLElBQXFDLENBQUM7d0JBQy9ELE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxDQUFDO29CQUN4QyxDQUFDO2lCQUNGO2dCQUNEO29CQUNFLElBQUksRUFBRSxRQUFRO29CQUNkLFFBQVEsRUFBRSxlQUFlO29CQUN6QixJQUFJLEVBQUUsQ0FBQyxPQUFPLEVBQUUsYUFBYSxDQUFRO29CQUNyQyxVQUFVLEVBQUUsS0FBSyxFQUFFLFVBQWUsRUFBRSxFQUFFO3dCQUNwQyxNQUFNLEtBQUssR0FBRyxVQUFVLENBQUMsSUFBcUMsQ0FBQzt3QkFDL0QsTUFBTSxRQUFRLENBQUMsd0JBQXdCLENBQUMsY0FBYyxDQUNwRCxRQUFRLENBQUMsb0JBQW9CLEVBQzdCLEtBQUssQ0FBQyxFQUFFLENBQ1QsQ0FBQztvQkFDSixDQUFDO2lCQUNGO2FBQ0Y7OztLQUdOLENBQUM7UUFDSixDQUFDO1FBRU8sZ0JBQWdCLENBQUMsTUFBd0I7WUFDL0MsT0FBTyxJQUFJLENBQUEsMERBQTBELE1BQU0sQ0FBQyxHQUFHLENBQzdFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUEsMkJBQTJCLENBQUMsU0FBUyxDQUNqRCxRQUFRLENBQUM7UUFDWixDQUFDO1FBRU8saUJBQWlCLENBQUMsS0FBb0M7WUFDNUQsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDbkIsT0FBTyxJQUFJLENBQUEsb0RBQW9ELENBQUM7WUFDbEUsQ0FBQztZQUNELElBQUksS0FBSyxDQUFDLFNBQVMsSUFBSSxLQUFLLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO2dCQUNwRCxPQUFPLElBQUksQ0FBQSxrREFBa0QsQ0FBQztZQUNoRSxDQUFDO1lBQ0QsT0FBTyxJQUFJLENBQUEsZ0RBQWdELENBQUM7UUFDOUQsQ0FBQztRQUVPLEtBQUssQ0FBQyxxQkFBcUI7WUFDakMsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLE1BQU0sTUFBTSxDQUFDLDZCQUE2QixDQUFDLENBQUM7WUFFbEUsTUFBTSxTQUFTLEdBQUcsQ0FBQyxHQUFHLFVBQVUsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLENBQUM7WUFFdEQsTUFBTSxTQUFTLENBQUMsYUFBYSxDQUFDO2dCQUM1QixPQUFPLEVBQUUsa0JBQWtCO2dCQUMzQixPQUFPLEVBQUUsSUFBSSxDQUFBOzs7OztrQ0FLZSxNQUFNLFdBQVcsWUFBWSxjQUFjLElBQUk7O21CQUU5RCxRQUFRO3FCQUNOLGNBQWM7cUJBQ2QsQ0FBQyxzQkFBc0IsRUFBRSx1QkFBdUIsQ0FBQzsyQkFDM0MsU0FBUzt3QkFDWixJQUFJOztrQ0FFTSxZQUFZLFdBQVcsYUFBYSxpQkFBaUIsbUNBQW1DO2tDQUN4RixtQkFBbUIsV0FBVyxxQkFBcUIsaUJBQWlCLHNEQUFzRDtrQ0FDMUgsaUJBQWlCLFdBQVcsbUJBQW1CLGlCQUFpQixtQ0FBbUM7a0NBQ25HLGtCQUFrQixXQUFXLG1CQUFtQixpQkFBaUIsMENBQTBDO2tDQUMzRyxvQkFBb0IsV0FBVyxzQkFBc0IsaUJBQWlCLCtDQUErQztrQ0FDckgsZUFBZSxXQUFXLFlBQVksaUJBQWlCLCtDQUErQzs7T0FFakk7Z0JBQ0QsV0FBVyxFQUFFO29CQUNYO3dCQUNFLElBQUksRUFBRSxRQUFRO3dCQUNkLFFBQVEsRUFBRSxVQUFVO3dCQUNwQixNQUFNLEVBQUUsS0FBSyxFQUFFLFFBQWEsRUFBRSxFQUFFLENBQUMsTUFBTSxRQUFRLENBQUMsT0FBTyxFQUFFO3FCQUMxRDtvQkFDRDt3QkFDRSxJQUFJLEVBQUUsUUFBUTt3QkFDZCxRQUFRLEVBQUUsWUFBWTt3QkFDdEIsTUFBTSxFQUFFLEtBQUssRUFBRSxRQUFhLEVBQUUsRUFBRTs0QkFDOUIsTUFBTSxTQUFTLEdBQUcsUUFBUSxDQUFDLFVBQVUsRUFBRSxhQUFhLENBQUMsVUFBVSxDQUFDLENBQUM7NEJBQ2pFLE1BQU0sSUFBSSxHQUFHLFNBQVMsRUFBRSxhQUFhLENBQUMsV0FBVyxDQUFDLENBQUM7NEJBQ25ELElBQUksQ0FBQyxJQUFJO2dDQUFFLE9BQU87NEJBQ2xCLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDOzRCQUM5QyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUk7Z0NBQUUsT0FBTzs0QkFFM0IscUZBQXFGOzRCQUNyRixpRUFBaUU7NEJBQ2pFLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsaUJBQWlCLENBQVEsQ0FBQzs0QkFDL0QsTUFBTSxTQUFTLEdBQWEsU0FBUyxFQUFFLFFBQVEsRUFBRSxFQUFFLElBQUksU0FBUyxFQUFFLEtBQUssSUFBSSxRQUFRLENBQUMsTUFBTSxJQUFJLEVBQUUsQ0FBQzs0QkFDakcsTUFBTSxNQUFNLEdBQUcsU0FBUztpQ0FDckIsTUFBTSxDQUFDLENBQUMsQ0FBUyxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQVEsQ0FBQyxDQUFxQixDQUFDOzRCQUMzRSxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLFFBQVEsRUFBRSxNQUFNLENBQUMsQ0FBQzs0QkFFbEQsTUFBTSxhQUFhLEdBQUcsUUFBUSxDQUFDLGFBQWE7Z0NBQzFDLENBQUMsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLGFBQWEsRUFBRSxFQUFFLENBQUM7Z0NBQ3RDLENBQUMsQ0FBQyxJQUFJLENBQUM7NEJBRVQsTUFBTSxRQUFRLENBQUMsT0FBTyxFQUFFLENBQUM7NEJBRXpCLElBQUksQ0FBQztnQ0FDSCxNQUFNLFFBQVEsR0FBRyxNQUFNLFFBQVEsQ0FBQyxjQUFjLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxNQUFNLEVBQUUsYUFBYSxFQUFFLE1BQU0sQ0FBQyxDQUFDO2dDQUM3RixJQUFJLFFBQVEsQ0FBQyxPQUFPLElBQUksUUFBUSxDQUFDLFVBQVUsRUFBRSxDQUFDO29DQUM1QyxxRUFBcUU7b0NBQ3JFLE1BQU0sUUFBUSxDQUFDLHdCQUF3QixDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLENBQUM7b0NBRTVGLHNDQUFzQztvQ0FDdEMsTUFBTSxTQUFTLENBQUMsYUFBYSxDQUFDO3dDQUM1QixPQUFPLEVBQUUsZUFBZTt3Q0FDeEIsT0FBTyxFQUFFLElBQUksQ0FBQTs7Ozs2RkFJOEQsUUFBUSxDQUFDLFVBQVU7OzttQkFHN0Y7d0NBQ0QsV0FBVyxFQUFFOzRDQUNYO2dEQUNFLElBQUksRUFBRSxNQUFNO2dEQUNaLFFBQVEsRUFBRSxjQUFjO2dEQUN4QixNQUFNLEVBQUUsS0FBSyxFQUFFLENBQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsT0FBTyxFQUFFOzZDQUM1Qzt5Q0FDRjtxQ0FDRixDQUFDLENBQUM7Z0NBQ0wsQ0FBQzs0QkFDSCxDQUFDOzRCQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0NBQ2YsT0FBTyxDQUFDLEtBQUssQ0FBQyx5QkFBeUIsRUFBRSxLQUFLLENBQUMsQ0FBQzs0QkFDbEQsQ0FBQzt3QkFDSCxDQUFDO3FCQUNGO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVPLFdBQVcsQ0FBQyxRQUFhLEVBQUUsTUFBd0I7WUFDekQsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLFFBQVEsQ0FBQyxVQUFVLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDdEQsSUFBSSxDQUFDLElBQUk7Z0JBQUUsT0FBTyxTQUFTLENBQUM7WUFDNUIsTUFBTSxNQUFNLEdBQVE7Z0JBQ2xCLElBQUk7Z0JBQ0osTUFBTTthQUNQLENBQUM7WUFDRixJQUFJLElBQUksS0FBSyxlQUFlLEVBQUUsQ0FBQztnQkFDN0IsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsSUFBSSxRQUFRLENBQUMsQ0FBQyxJQUFJLEVBQXFDLENBQUM7Z0JBQ3RHLE1BQU0sRUFBRSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsZUFBZSxJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUN6RCxJQUFJLEVBQUUsRUFBRSxDQUFDO29CQUNQLE1BQU0sQ0FBQyxhQUFhLEdBQUcsRUFBRSxJQUFJLEVBQUUsRUFBRSxFQUFFLENBQUM7Z0JBQ3RDLENBQUM7Z0JBQ0QsTUFBTSxDQUFDLGdCQUFnQixHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLElBQUksRUFBRSxDQUFDO3FCQUM5RCxLQUFLLENBQUMsR0FBRyxDQUFDO3FCQUNWLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO3FCQUNoQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7Z0JBQ25CLE1BQU0sTUFBTSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsa0JBQWtCLElBQUksRUFBRSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQ2hFLElBQUksTUFBTSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO29CQUN6QixNQUFNLENBQUMsSUFBSSxFQUFFLFVBQVUsQ0FBQyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7b0JBQzdDLE1BQU0sQ0FBQyxtQkFBbUIsR0FBRyxDQUFDOzRCQUM1QixJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRTs0QkFDakIsS0FBSyxFQUFFLFVBQVUsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7eUJBQ3pHLENBQUMsQ0FBQztnQkFDTCxDQUFDO2dCQUNELE1BQU0sQ0FBQyxZQUFZLEdBQUc7b0JBQ3BCLFdBQVcsRUFBRSxJQUFJO29CQUNqQixjQUFjLEVBQUUsSUFBSTtvQkFDcEIsVUFBVSxFQUFFLElBQUk7b0JBQ2hCLGNBQWMsRUFBRSxLQUFLO29CQUNyQixtQkFBbUIsRUFBRSxLQUFLO2lCQUMzQixDQUFDO1lBQ0osQ0FBQztZQUNELE9BQU8sTUFBTSxDQUFDO1FBQ2hCLENBQUM7UUFFTyxLQUFLLENBQUMsbUJBQW1CLENBQUMsS0FBb0M7WUFDcEUsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLE1BQU0sTUFBTSxDQUFDLDZCQUE2QixDQUFDLENBQUM7WUFFbEUsTUFBTSxTQUFTLENBQUMsYUFBYSxDQUFDO2dCQUM1QixPQUFPLEVBQUUsbUJBQW1CO2dCQUM1QixPQUFPLEVBQUUsSUFBSSxDQUFBOzsyREFFd0MsS0FBSyxDQUFDLElBQUk7O09BRTlEO2dCQUNELFdBQVcsRUFBRTtvQkFDWDt3QkFDRSxJQUFJLEVBQUUsUUFBUTt3QkFDZCxRQUFRLEVBQUUsVUFBVTt3QkFDcEIsTUFBTSxFQUFFLEtBQUssRUFBRSxRQUFhLEVBQUUsRUFBRSxDQUFDLE1BQU0sUUFBUSxDQUFDLE9BQU8sRUFBRTtxQkFDMUQ7b0JBQ0Q7d0JBQ0UsSUFBSSxFQUFFLFlBQVk7d0JBQ2xCLFFBQVEsRUFBRSxpQkFBaUI7d0JBQzNCLE1BQU0sRUFBRSxLQUFLLEVBQUUsUUFBYSxFQUFFLEVBQUU7NEJBQzlCLE1BQU0sUUFBUSxDQUFDLE9BQU8sRUFBRSxDQUFDOzRCQUN6QixJQUFJLENBQUM7Z0NBQ0gsTUFBTSxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQztnQ0FDdkQsSUFBSSxRQUFRLENBQUMsT0FBTyxJQUFJLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FBQztvQ0FDNUMsTUFBTSxRQUFRLENBQUMsd0JBQXdCLENBQUMsY0FBYyxDQUFDLFFBQVEsQ0FBQyxvQkFBb0IsRUFBRSxJQUFJLENBQUMsQ0FBQztvQ0FFNUYsTUFBTSxTQUFTLENBQUMsYUFBYSxDQUFDO3dDQUM1QixPQUFPLEVBQUUsY0FBYzt3Q0FDdkIsT0FBTyxFQUFFLElBQUksQ0FBQTs7Ozs2RkFJOEQsUUFBUSxDQUFDLFVBQVU7OzttQkFHN0Y7d0NBQ0QsV0FBVyxFQUFFOzRDQUNYO2dEQUNFLElBQUksRUFBRSxNQUFNO2dEQUNaLFFBQVEsRUFBRSxjQUFjO2dEQUN4QixNQUFNLEVBQUUsS0FBSyxFQUFFLENBQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUMsT0FBTyxFQUFFOzZDQUM1Qzt5Q0FDRjtxQ0FDRixDQUFDLENBQUM7Z0NBQ0wsQ0FBQzs0QkFDSCxDQUFDOzRCQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0NBQ2YsT0FBTyxDQUFDLEtBQUssQ0FBQyx1QkFBdUIsRUFBRSxLQUFLLENBQUMsQ0FBQzs0QkFDaEQsQ0FBQzt3QkFDSCxDQUFDO3FCQUNGO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELEtBQUssQ0FBQyxZQUFZO1lBQ2hCLE1BQU0sUUFBUSxDQUFDLHdCQUF3QixDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDOUYsQ0FBQzs7WUEvV1UsdURBQWdCOzs7OztTQUFoQixnQkFBZ0IifQ==
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@serve.zone/dcrouter",
|
|
3
3
|
"private": false,
|
|
4
|
-
"version": "13.
|
|
4
|
+
"version": "13.32.0",
|
|
5
5
|
"description": "A multifaceted routing service handling mail and SMS delivery functions.",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"exports": {
|
|
@@ -41,7 +41,7 @@
|
|
|
41
41
|
"@push.rocks/smartjwt": "^2.2.2",
|
|
42
42
|
"@push.rocks/smartlog": "^3.2.2",
|
|
43
43
|
"@push.rocks/smartmetrics": "^3.0.3",
|
|
44
|
-
"@push.rocks/smartmigration": "1.
|
|
44
|
+
"@push.rocks/smartmigration": "1.4.1",
|
|
45
45
|
"@push.rocks/smartmta": "^5.3.3",
|
|
46
46
|
"@push.rocks/smartnetwork": "^4.7.1",
|
|
47
47
|
"@push.rocks/smartpath": "^6.0.0",
|
package/ts/00_commitinfo_data.ts
CHANGED
|
@@ -3,7 +3,6 @@ import * as plugins from '../plugins.js';
|
|
|
3
3
|
import * as paths from '../paths.js';
|
|
4
4
|
import * as handlers from './handlers/index.js';
|
|
5
5
|
import * as interfaces from '../../ts_interfaces/index.js';
|
|
6
|
-
import { requireValidIdentity, requireAdminIdentity } from './helpers/guards.js';
|
|
7
6
|
|
|
8
7
|
export class OpsServer {
|
|
9
8
|
public dcRouterRef: DcRouter;
|
|
@@ -12,9 +11,9 @@ export class OpsServer {
|
|
|
12
11
|
// Main TypedRouter — unauthenticated endpoints (login/logout/verify) and own-auth handlers
|
|
13
12
|
public typedrouter = new plugins.typedrequest.TypedRouter();
|
|
14
13
|
|
|
15
|
-
//
|
|
16
|
-
public viewRouter = new plugins.typedrequest.TypedRouter<{ request: { identity
|
|
17
|
-
public adminRouter = new plugins.typedrequest.TypedRouter<{ request: { identity
|
|
14
|
+
// Grouped routers. Handlers enforce auth explicitly with per-endpoint scopes.
|
|
15
|
+
public viewRouter = new plugins.typedrequest.TypedRouter<{ request: { identity?: interfaces.data.IIdentity; apiToken?: string } }>();
|
|
16
|
+
public adminRouter = new plugins.typedrequest.TypedRouter<{ request: { identity?: interfaces.data.IIdentity; apiToken?: string } }>();
|
|
18
17
|
|
|
19
18
|
// Handler instances
|
|
20
19
|
public adminHandler!: handlers.AdminHandler;
|
|
@@ -72,16 +71,6 @@ export class OpsServer {
|
|
|
72
71
|
this.adminHandler = new handlers.AdminHandler(this);
|
|
73
72
|
await this.adminHandler.initialize();
|
|
74
73
|
|
|
75
|
-
// viewRouter middleware: requires valid identity (any logged-in user)
|
|
76
|
-
this.viewRouter.addMiddleware(async (typedRequest) => {
|
|
77
|
-
await requireValidIdentity(this.adminHandler, typedRequest.request);
|
|
78
|
-
});
|
|
79
|
-
|
|
80
|
-
// adminRouter middleware: requires admin identity
|
|
81
|
-
this.adminRouter.addMiddleware(async (typedRequest) => {
|
|
82
|
-
await requireAdminIdentity(this.adminHandler, typedRequest.request);
|
|
83
|
-
});
|
|
84
|
-
|
|
85
74
|
// Connect auth routers to the main typedrouter
|
|
86
75
|
this.typedrouter.addTypedRouter(this.viewRouter);
|
|
87
76
|
this.typedrouter.addTypedRouter(this.adminRouter);
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import * as plugins from '../../plugins.js';
|
|
2
2
|
import type { OpsServer } from '../classes.opsserver.js';
|
|
3
3
|
import * as interfaces from '../../../ts_interfaces/index.js';
|
|
4
|
+
import { requireOpsAuth } from '../helpers/auth.js';
|
|
4
5
|
|
|
5
6
|
/**
|
|
6
7
|
* CRUD handler for the singleton `AcmeConfigDoc`.
|
|
@@ -20,29 +21,11 @@ export class AcmeConfigHandler {
|
|
|
20
21
|
request: { identity?: interfaces.data.IIdentity; apiToken?: string },
|
|
21
22
|
requiredScope?: interfaces.data.TApiTokenScope,
|
|
22
23
|
): Promise<string> {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
if (isAdmin) return request.identity.userId;
|
|
29
|
-
} catch { /* fall through */ }
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
if (request.apiToken) {
|
|
33
|
-
const tokenManager = this.opsServerRef.dcRouterRef.apiTokenManager;
|
|
34
|
-
if (tokenManager) {
|
|
35
|
-
const token = await tokenManager.validateToken(request.apiToken);
|
|
36
|
-
if (token) {
|
|
37
|
-
if (!requiredScope || tokenManager.hasScope(token, requiredScope)) {
|
|
38
|
-
return token.createdBy;
|
|
39
|
-
}
|
|
40
|
-
throw new plugins.typedrequest.TypedResponseError('insufficient scope');
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
|
-
}
|
|
44
|
-
|
|
45
|
-
throw new plugins.typedrequest.TypedResponseError('unauthorized');
|
|
24
|
+
const auth = await requireOpsAuth(this.opsServerRef, request, {
|
|
25
|
+
scope: requiredScope,
|
|
26
|
+
requireAdminIdentity: requiredScope?.endsWith(':write'),
|
|
27
|
+
});
|
|
28
|
+
return auth.userId;
|
|
46
29
|
}
|
|
47
30
|
|
|
48
31
|
private registerHandlers(): void {
|
|
@@ -258,12 +258,18 @@ export class AdminHandler {
|
|
|
258
258
|
this.opsServerRef.adminRouter.addTypedHandler(
|
|
259
259
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateInitialAdminUser>(
|
|
260
260
|
'createInitialAdminUser',
|
|
261
|
-
async (dataArg) =>
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
261
|
+
async (dataArg) => {
|
|
262
|
+
const isAdmin = await this.adminIdentityGuard.exec({ identity: dataArg.identity });
|
|
263
|
+
if (!isAdmin) {
|
|
264
|
+
throw new plugins.typedrequest.TypedResponseError('admin identity required');
|
|
265
|
+
}
|
|
266
|
+
return this.createInitialAdminUser({
|
|
267
|
+
email: dataArg.email,
|
|
268
|
+
name: dataArg.name,
|
|
269
|
+
password: dataArg.password,
|
|
270
|
+
enableIdpGlobalAuth: dataArg.enableIdpGlobalAuth,
|
|
271
|
+
});
|
|
272
|
+
}
|
|
267
273
|
)
|
|
268
274
|
);
|
|
269
275
|
|
|
@@ -300,8 +306,10 @@ export class AdminHandler {
|
|
|
300
306
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_AdminLogout>(
|
|
301
307
|
'adminLogout',
|
|
302
308
|
async (dataArg) => {
|
|
303
|
-
|
|
304
|
-
|
|
309
|
+
const identity = await this.validateIdentity(dataArg.identity);
|
|
310
|
+
if (!identity) {
|
|
311
|
+
throw new plugins.typedrequest.TypedResponseError('identity is not valid');
|
|
312
|
+
}
|
|
305
313
|
return {
|
|
306
314
|
success: true,
|
|
307
315
|
};
|
|
@@ -314,52 +322,8 @@ export class AdminHandler {
|
|
|
314
322
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_VerifyIdentity>(
|
|
315
323
|
'verifyIdentity',
|
|
316
324
|
async (dataArg) => {
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
valid: false,
|
|
320
|
-
};
|
|
321
|
-
}
|
|
322
|
-
|
|
323
|
-
try {
|
|
324
|
-
const jwtData = await this.smartjwtInstance.verifyJWTAndGetData(dataArg.identity.jwt);
|
|
325
|
-
|
|
326
|
-
// Check if expired
|
|
327
|
-
if (jwtData.expiresAt < Date.now()) {
|
|
328
|
-
return {
|
|
329
|
-
valid: false,
|
|
330
|
-
};
|
|
331
|
-
}
|
|
332
|
-
|
|
333
|
-
// Check if logged in
|
|
334
|
-
if (jwtData.status !== 'loggedIn') {
|
|
335
|
-
return {
|
|
336
|
-
valid: false,
|
|
337
|
-
};
|
|
338
|
-
}
|
|
339
|
-
|
|
340
|
-
const user = await this.resolveUser(jwtData.userId);
|
|
341
|
-
if (!user) {
|
|
342
|
-
return {
|
|
343
|
-
valid: false,
|
|
344
|
-
};
|
|
345
|
-
}
|
|
346
|
-
|
|
347
|
-
return {
|
|
348
|
-
valid: true,
|
|
349
|
-
identity: {
|
|
350
|
-
jwt: dataArg.identity.jwt,
|
|
351
|
-
userId: user.id,
|
|
352
|
-
name: user.name || user.username,
|
|
353
|
-
expiresAt: jwtData.expiresAt,
|
|
354
|
-
role: user.role,
|
|
355
|
-
type: 'user',
|
|
356
|
-
},
|
|
357
|
-
};
|
|
358
|
-
} catch (error) {
|
|
359
|
-
return {
|
|
360
|
-
valid: false,
|
|
361
|
-
};
|
|
362
|
-
}
|
|
325
|
+
const identity = await this.validateIdentity(dataArg.identity);
|
|
326
|
+
return identity ? { valid: true, identity } : { valid: false };
|
|
363
327
|
}
|
|
364
328
|
)
|
|
365
329
|
);
|
|
@@ -372,45 +336,7 @@ export class AdminHandler {
|
|
|
372
336
|
identity: interfaces.data.IIdentity;
|
|
373
337
|
}>(
|
|
374
338
|
async (dataArg) => {
|
|
375
|
-
|
|
376
|
-
return false;
|
|
377
|
-
}
|
|
378
|
-
|
|
379
|
-
try {
|
|
380
|
-
const jwtData = await this.smartjwtInstance.verifyJWTAndGetData(dataArg.identity.jwt);
|
|
381
|
-
|
|
382
|
-
// Check expiration
|
|
383
|
-
if (jwtData.expiresAt < Date.now()) {
|
|
384
|
-
return false;
|
|
385
|
-
}
|
|
386
|
-
|
|
387
|
-
// Check status
|
|
388
|
-
if (jwtData.status !== 'loggedIn') {
|
|
389
|
-
return false;
|
|
390
|
-
}
|
|
391
|
-
|
|
392
|
-
// Verify data hasn't been tampered with
|
|
393
|
-
if (dataArg.identity.expiresAt !== jwtData.expiresAt) {
|
|
394
|
-
return false;
|
|
395
|
-
}
|
|
396
|
-
|
|
397
|
-
if (dataArg.identity.userId !== jwtData.userId) {
|
|
398
|
-
return false;
|
|
399
|
-
}
|
|
400
|
-
|
|
401
|
-
const user = await this.resolveUser(jwtData.userId);
|
|
402
|
-
if (!user) {
|
|
403
|
-
return false;
|
|
404
|
-
}
|
|
405
|
-
|
|
406
|
-
if (dataArg.identity.role && dataArg.identity.role !== user.role) {
|
|
407
|
-
return false;
|
|
408
|
-
}
|
|
409
|
-
|
|
410
|
-
return true;
|
|
411
|
-
} catch (error) {
|
|
412
|
-
return false;
|
|
413
|
-
}
|
|
339
|
+
return Boolean(await this.validateIdentity(dataArg.identity));
|
|
414
340
|
},
|
|
415
341
|
{
|
|
416
342
|
failedHint: 'identity is not valid',
|
|
@@ -425,14 +351,8 @@ export class AdminHandler {
|
|
|
425
351
|
identity: interfaces.data.IIdentity;
|
|
426
352
|
}>(
|
|
427
353
|
async (dataArg) => {
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
if (!isValid) {
|
|
431
|
-
return false;
|
|
432
|
-
}
|
|
433
|
-
|
|
434
|
-
// Check if user has admin role
|
|
435
|
-
return dataArg.identity.role === 'admin';
|
|
354
|
+
const identity = await this.validateIdentity(dataArg.identity);
|
|
355
|
+
return identity?.role === 'admin';
|
|
436
356
|
},
|
|
437
357
|
{
|
|
438
358
|
failedHint: 'user is not admin',
|
|
@@ -440,6 +360,49 @@ export class AdminHandler {
|
|
|
440
360
|
}
|
|
441
361
|
);
|
|
442
362
|
|
|
363
|
+
public async validateIdentity(
|
|
364
|
+
identityArg?: interfaces.data.IIdentity,
|
|
365
|
+
): Promise<interfaces.data.IIdentity | null> {
|
|
366
|
+
if (!identityArg?.jwt) {
|
|
367
|
+
return null;
|
|
368
|
+
}
|
|
369
|
+
|
|
370
|
+
try {
|
|
371
|
+
const jwtData = await this.smartjwtInstance.verifyJWTAndGetData(identityArg.jwt);
|
|
372
|
+
if (jwtData.expiresAt < Date.now()) {
|
|
373
|
+
return null;
|
|
374
|
+
}
|
|
375
|
+
if (jwtData.status !== 'loggedIn') {
|
|
376
|
+
return null;
|
|
377
|
+
}
|
|
378
|
+
if (identityArg.expiresAt !== jwtData.expiresAt) {
|
|
379
|
+
return null;
|
|
380
|
+
}
|
|
381
|
+
if (identityArg.userId !== jwtData.userId) {
|
|
382
|
+
return null;
|
|
383
|
+
}
|
|
384
|
+
|
|
385
|
+
const user = await this.resolveUser(jwtData.userId);
|
|
386
|
+
if (!user) {
|
|
387
|
+
return null;
|
|
388
|
+
}
|
|
389
|
+
if (identityArg.role && identityArg.role !== user.role) {
|
|
390
|
+
return null;
|
|
391
|
+
}
|
|
392
|
+
|
|
393
|
+
return {
|
|
394
|
+
jwt: identityArg.jwt,
|
|
395
|
+
userId: user.id,
|
|
396
|
+
name: user.name || user.username,
|
|
397
|
+
expiresAt: jwtData.expiresAt,
|
|
398
|
+
role: user.role,
|
|
399
|
+
type: 'user',
|
|
400
|
+
};
|
|
401
|
+
} catch {
|
|
402
|
+
return null;
|
|
403
|
+
}
|
|
404
|
+
}
|
|
405
|
+
|
|
443
406
|
private async authenticateUser(optionsArg: {
|
|
444
407
|
username: string;
|
|
445
408
|
password: string;
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import * as plugins from '../../plugins.js';
|
|
2
2
|
import type { OpsServer } from '../classes.opsserver.js';
|
|
3
3
|
import * as interfaces from '../../../ts_interfaces/index.js';
|
|
4
|
+
import { requireOpsAuth } from '../helpers/auth.js';
|
|
4
5
|
|
|
5
6
|
export class ApiTokenHandler {
|
|
6
7
|
constructor(private opsServerRef: OpsServer) {
|
|
@@ -17,6 +18,11 @@ export class ApiTokenHandler {
|
|
|
17
18
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateApiToken>(
|
|
18
19
|
'createApiToken',
|
|
19
20
|
async (dataArg) => {
|
|
21
|
+
const auth = await requireOpsAuth(this.opsServerRef, dataArg, {
|
|
22
|
+
scope: 'tokens:manage',
|
|
23
|
+
requireAdminIdentity: true,
|
|
24
|
+
requireAdminToken: true,
|
|
25
|
+
});
|
|
20
26
|
const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
|
|
21
27
|
if (!manager) {
|
|
22
28
|
return { success: false, message: 'Token management not initialized' };
|
|
@@ -25,7 +31,7 @@ export class ApiTokenHandler {
|
|
|
25
31
|
dataArg.name,
|
|
26
32
|
dataArg.scopes,
|
|
27
33
|
dataArg.expiresInDays ?? null,
|
|
28
|
-
|
|
34
|
+
auth.userId,
|
|
29
35
|
dataArg.policy,
|
|
30
36
|
);
|
|
31
37
|
return { success: true, tokenId: result.id, tokenValue: result.rawToken };
|
|
@@ -38,6 +44,11 @@ export class ApiTokenHandler {
|
|
|
38
44
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ListApiTokens>(
|
|
39
45
|
'listApiTokens',
|
|
40
46
|
async (dataArg) => {
|
|
47
|
+
await requireOpsAuth(this.opsServerRef, dataArg, {
|
|
48
|
+
scope: 'tokens:read',
|
|
49
|
+
requireAdminIdentity: true,
|
|
50
|
+
requireAdminToken: true,
|
|
51
|
+
});
|
|
41
52
|
const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
|
|
42
53
|
if (!manager) {
|
|
43
54
|
return { tokens: [] };
|
|
@@ -52,6 +63,11 @@ export class ApiTokenHandler {
|
|
|
52
63
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_RevokeApiToken>(
|
|
53
64
|
'revokeApiToken',
|
|
54
65
|
async (dataArg) => {
|
|
66
|
+
await requireOpsAuth(this.opsServerRef, dataArg, {
|
|
67
|
+
scope: 'tokens:manage',
|
|
68
|
+
requireAdminIdentity: true,
|
|
69
|
+
requireAdminToken: true,
|
|
70
|
+
});
|
|
55
71
|
const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
|
|
56
72
|
if (!manager) {
|
|
57
73
|
return { success: false, message: 'Token management not initialized' };
|
|
@@ -67,6 +83,11 @@ export class ApiTokenHandler {
|
|
|
67
83
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_RollApiToken>(
|
|
68
84
|
'rollApiToken',
|
|
69
85
|
async (dataArg) => {
|
|
86
|
+
await requireOpsAuth(this.opsServerRef, dataArg, {
|
|
87
|
+
scope: 'tokens:manage',
|
|
88
|
+
requireAdminIdentity: true,
|
|
89
|
+
requireAdminToken: true,
|
|
90
|
+
});
|
|
70
91
|
const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
|
|
71
92
|
if (!manager) {
|
|
72
93
|
return { success: false, message: 'Token management not initialized' };
|
|
@@ -85,6 +106,11 @@ export class ApiTokenHandler {
|
|
|
85
106
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ToggleApiToken>(
|
|
86
107
|
'toggleApiToken',
|
|
87
108
|
async (dataArg) => {
|
|
109
|
+
await requireOpsAuth(this.opsServerRef, dataArg, {
|
|
110
|
+
scope: 'tokens:manage',
|
|
111
|
+
requireAdminIdentity: true,
|
|
112
|
+
requireAdminToken: true,
|
|
113
|
+
});
|
|
88
114
|
const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
|
|
89
115
|
if (!manager) {
|
|
90
116
|
return { success: false, message: 'Token management not initialized' };
|
|
@@ -3,6 +3,7 @@ import type { OpsServer } from '../classes.opsserver.js';
|
|
|
3
3
|
import * as interfaces from '../../../ts_interfaces/index.js';
|
|
4
4
|
import { AcmeCertDoc, ProxyCertDoc } from '../../db/index.js';
|
|
5
5
|
import { logger } from '../../logger.js';
|
|
6
|
+
import { requireOpsAuth } from '../helpers/auth.js';
|
|
6
7
|
|
|
7
8
|
/**
|
|
8
9
|
* Mirrors `SmartacmeCertMatcher.getCertificateDomainNameByDomainName` from
|
|
@@ -37,29 +38,11 @@ export class CertificateHandler {
|
|
|
37
38
|
request: { identity?: interfaces.data.IIdentity; apiToken?: string },
|
|
38
39
|
requiredScope?: interfaces.data.TApiTokenScope,
|
|
39
40
|
): Promise<string> {
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
if (isAdmin) return request.identity.userId;
|
|
46
|
-
} catch { /* fall through */ }
|
|
47
|
-
}
|
|
48
|
-
|
|
49
|
-
if (request.apiToken) {
|
|
50
|
-
const tokenManager = this.opsServerRef.dcRouterRef.apiTokenManager;
|
|
51
|
-
if (tokenManager) {
|
|
52
|
-
const token = await tokenManager.validateToken(request.apiToken);
|
|
53
|
-
if (token) {
|
|
54
|
-
if (!requiredScope || tokenManager.hasScope(token, requiredScope)) {
|
|
55
|
-
return token.createdBy;
|
|
56
|
-
}
|
|
57
|
-
throw new plugins.typedrequest.TypedResponseError('insufficient scope');
|
|
58
|
-
}
|
|
59
|
-
}
|
|
60
|
-
}
|
|
61
|
-
|
|
62
|
-
throw new plugins.typedrequest.TypedResponseError('unauthorized');
|
|
41
|
+
const auth = await requireOpsAuth(this.opsServerRef, request, {
|
|
42
|
+
scope: requiredScope,
|
|
43
|
+
requireAdminIdentity: requiredScope?.endsWith(':write'),
|
|
44
|
+
});
|
|
45
|
+
return auth.userId;
|
|
63
46
|
}
|
|
64
47
|
|
|
65
48
|
private registerHandlers(): void {
|
|
@@ -2,6 +2,7 @@ import * as plugins from '../../plugins.js';
|
|
|
2
2
|
import * as paths from '../../paths.js';
|
|
3
3
|
import type { OpsServer } from '../classes.opsserver.js';
|
|
4
4
|
import * as interfaces from '../../../ts_interfaces/index.js';
|
|
5
|
+
import { requireOpsAuth } from '../helpers/auth.js';
|
|
5
6
|
|
|
6
7
|
export class ConfigHandler {
|
|
7
8
|
constructor(private opsServerRef: OpsServer) {
|
|
@@ -17,6 +18,7 @@ export class ConfigHandler {
|
|
|
17
18
|
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetConfiguration>(
|
|
18
19
|
'getConfiguration',
|
|
19
20
|
async (dataArg, toolsArg) => {
|
|
21
|
+
await requireOpsAuth(this.opsServerRef, dataArg, { scope: 'config:read' });
|
|
20
22
|
const config = await this.getConfiguration();
|
|
21
23
|
return {
|
|
22
24
|
config,
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import * as plugins from '../../plugins.js';
|
|
2
2
|
import type { OpsServer } from '../classes.opsserver.js';
|
|
3
3
|
import * as interfaces from '../../../ts_interfaces/index.js';
|
|
4
|
+
import { requireOpsAuth } from '../helpers/auth.js';
|
|
4
5
|
|
|
5
6
|
/**
|
|
6
7
|
* CRUD + connection-test handlers for DnsProviderDoc.
|
|
@@ -20,29 +21,11 @@ export class DnsProviderHandler {
|
|
|
20
21
|
request: { identity?: interfaces.data.IIdentity; apiToken?: string },
|
|
21
22
|
requiredScope?: interfaces.data.TApiTokenScope,
|
|
22
23
|
): Promise<string> {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
if (isAdmin) return request.identity.userId;
|
|
29
|
-
} catch { /* fall through */ }
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
if (request.apiToken) {
|
|
33
|
-
const tokenManager = this.opsServerRef.dcRouterRef.apiTokenManager;
|
|
34
|
-
if (tokenManager) {
|
|
35
|
-
const token = await tokenManager.validateToken(request.apiToken);
|
|
36
|
-
if (token) {
|
|
37
|
-
if (!requiredScope || tokenManager.hasScope(token, requiredScope)) {
|
|
38
|
-
return token.createdBy;
|
|
39
|
-
}
|
|
40
|
-
throw new plugins.typedrequest.TypedResponseError('insufficient scope');
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
|
-
}
|
|
44
|
-
|
|
45
|
-
throw new plugins.typedrequest.TypedResponseError('unauthorized');
|
|
24
|
+
const auth = await requireOpsAuth(this.opsServerRef, request, {
|
|
25
|
+
scope: requiredScope,
|
|
26
|
+
requireAdminIdentity: requiredScope?.endsWith(':write'),
|
|
27
|
+
});
|
|
28
|
+
return auth.userId;
|
|
46
29
|
}
|
|
47
30
|
|
|
48
31
|
private registerHandlers(): void {
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import * as plugins from '../../plugins.js';
|
|
2
2
|
import type { OpsServer } from '../classes.opsserver.js';
|
|
3
3
|
import * as interfaces from '../../../ts_interfaces/index.js';
|
|
4
|
+
import { requireOpsAuth } from '../helpers/auth.js';
|
|
4
5
|
|
|
5
6
|
/**
|
|
6
7
|
* CRUD handlers for DnsRecordDoc.
|
|
@@ -17,29 +18,11 @@ export class DnsRecordHandler {
|
|
|
17
18
|
request: { identity?: interfaces.data.IIdentity; apiToken?: string },
|
|
18
19
|
requiredScope?: interfaces.data.TApiTokenScope,
|
|
19
20
|
): Promise<string> {
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
if (isAdmin) return request.identity.userId;
|
|
26
|
-
} catch { /* fall through */ }
|
|
27
|
-
}
|
|
28
|
-
|
|
29
|
-
if (request.apiToken) {
|
|
30
|
-
const tokenManager = this.opsServerRef.dcRouterRef.apiTokenManager;
|
|
31
|
-
if (tokenManager) {
|
|
32
|
-
const token = await tokenManager.validateToken(request.apiToken);
|
|
33
|
-
if (token) {
|
|
34
|
-
if (!requiredScope || tokenManager.hasScope(token, requiredScope)) {
|
|
35
|
-
return token.createdBy;
|
|
36
|
-
}
|
|
37
|
-
throw new plugins.typedrequest.TypedResponseError('insufficient scope');
|
|
38
|
-
}
|
|
39
|
-
}
|
|
40
|
-
}
|
|
41
|
-
|
|
42
|
-
throw new plugins.typedrequest.TypedResponseError('unauthorized');
|
|
21
|
+
const auth = await requireOpsAuth(this.opsServerRef, request, {
|
|
22
|
+
scope: requiredScope,
|
|
23
|
+
requireAdminIdentity: requiredScope?.endsWith(':write'),
|
|
24
|
+
});
|
|
25
|
+
return auth.userId;
|
|
43
26
|
}
|
|
44
27
|
|
|
45
28
|
private registerHandlers(): void {
|