@smg-automotive/auth 6.8.0-auth0-update-access-token-with-buffer.1 → 6.8.0-auth0-update-split-middleware.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/server/middleware/index.js +89 -0
- package/dist/cjs/server/middleware/index.js.map +1 -0
- package/dist/cjs/server/middleware/login.d.ts +7 -0
- package/dist/cjs/server/middleware/login.js +25 -0
- package/dist/cjs/server/middleware/login.js.map +1 -0
- package/dist/cjs/server/middleware/logout.d.ts +15 -0
- package/dist/cjs/server/middleware/logout.js +121 -0
- package/dist/cjs/server/middleware/logout.js.map +1 -0
- package/dist/cjs/server/middleware/protectRoute.d.ts +14 -0
- package/dist/cjs/server/middleware/protectRoute.js +61 -0
- package/dist/cjs/server/middleware/protectRoute.js.map +1 -0
- package/dist/cjs/server/middleware/token.d.ts +11 -0
- package/dist/cjs/server/middleware/token.js +29 -0
- package/dist/cjs/server/middleware/token.js.map +1 -0
- package/dist/cjs/server/middleware/types.d.ts +5 -0
- package/dist/cjs/server.js +2 -2
- package/dist/esm/server/middleware/index.js +87 -0
- package/dist/esm/server/middleware/index.js.map +1 -0
- package/dist/esm/server/middleware/login.d.ts +7 -0
- package/dist/esm/server/middleware/login.js +23 -0
- package/dist/esm/server/middleware/login.js.map +1 -0
- package/dist/esm/server/middleware/logout.d.ts +15 -0
- package/dist/esm/server/middleware/logout.js +118 -0
- package/dist/esm/server/middleware/logout.js.map +1 -0
- package/dist/esm/server/middleware/protectRoute.d.ts +14 -0
- package/dist/esm/server/middleware/protectRoute.js +59 -0
- package/dist/esm/server/middleware/protectRoute.js.map +1 -0
- package/dist/esm/server/middleware/token.d.ts +11 -0
- package/dist/esm/server/middleware/token.js +27 -0
- package/dist/esm/server/middleware/token.js.map +1 -0
- package/dist/esm/server/middleware/types.d.ts +5 -0
- package/dist/esm/server.js +1 -1
- package/package.json +1 -1
- package/dist/cjs/server/middleware.js +0 -219
- package/dist/cjs/server/middleware.js.map +0 -1
- package/dist/esm/server/middleware.js +0 -217
- package/dist/esm/server/middleware.js.map +0 -1
- /package/dist/cjs/server/{middleware.d.ts → middleware/index.d.ts} +0 -0
- /package/dist/esm/server/{middleware.d.ts → middleware/index.d.ts} +0 -0
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
import { NextResponse } from 'next/server';
|
|
2
|
+
|
|
3
|
+
const validateReturnTo = ({ pathOrUrl, host, protocol, otherDomainHost, crossDomainLogout, }) => {
|
|
4
|
+
if (typeof pathOrUrl !== 'string')
|
|
5
|
+
return false;
|
|
6
|
+
if (pathOrUrl.length > 2048)
|
|
7
|
+
return false;
|
|
8
|
+
try {
|
|
9
|
+
const decodedPathOrUrl = decodeURIComponent(pathOrUrl);
|
|
10
|
+
const isUrl = decodedPathOrUrl.startsWith('http');
|
|
11
|
+
const parsedUrlOrPath = new URL(isUrl ? decodedPathOrUrl : `${protocol}://${host}${decodedPathOrUrl}`);
|
|
12
|
+
const decodedPath = parsedUrlOrPath.pathname;
|
|
13
|
+
if (crossDomainLogout &&
|
|
14
|
+
isUrl &&
|
|
15
|
+
parsedUrlOrPath.host !== otherDomainHost) {
|
|
16
|
+
return false;
|
|
17
|
+
}
|
|
18
|
+
if (!crossDomainLogout && parsedUrlOrPath.host !== host) {
|
|
19
|
+
return false;
|
|
20
|
+
}
|
|
21
|
+
if (!decodedPath.startsWith('/') || decodedPath.startsWith('//')) {
|
|
22
|
+
return false;
|
|
23
|
+
}
|
|
24
|
+
// Limit chars in return to path to prevent injections
|
|
25
|
+
// eslint-disable-next-line @typescript-eslint/naming-convention
|
|
26
|
+
const SAFE_PATH_REGEX = /^\/[a-zA-Z0-9/_\-?.=]*$/;
|
|
27
|
+
return SAFE_PATH_REGEX.test(decodedPath);
|
|
28
|
+
}
|
|
29
|
+
catch (error) {
|
|
30
|
+
// eslint-disable-next-line no-console
|
|
31
|
+
console.warn('Error parsing URL or path:', error);
|
|
32
|
+
return false;
|
|
33
|
+
}
|
|
34
|
+
};
|
|
35
|
+
const getOtherDomainHost = (currentHost) => {
|
|
36
|
+
if (currentHost.includes('autoscout24')) {
|
|
37
|
+
return currentHost.replace('autoscout24', 'motoscout24');
|
|
38
|
+
}
|
|
39
|
+
if (currentHost.includes('motoscout24')) {
|
|
40
|
+
return currentHost.replace('motoscout24', 'autoscout24');
|
|
41
|
+
}
|
|
42
|
+
return currentHost;
|
|
43
|
+
};
|
|
44
|
+
const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }) => {
|
|
45
|
+
if (request.nextUrl.pathname !== logoutEndpoint)
|
|
46
|
+
return;
|
|
47
|
+
const searchParams = new URLSearchParams(request.nextUrl.search);
|
|
48
|
+
const specifiedReturnTo = searchParams.get('returnTo') || '';
|
|
49
|
+
const crossDomainLogout = searchParams.get('crossDomain') === 'true';
|
|
50
|
+
const otherDomainHost = getOtherDomainHost(host);
|
|
51
|
+
let returnTo = `/${searchParams.get('locale') || languageConfig.default}`;
|
|
52
|
+
const isSafePath = validateReturnTo({
|
|
53
|
+
protocol,
|
|
54
|
+
host,
|
|
55
|
+
otherDomainHost,
|
|
56
|
+
pathOrUrl: specifiedReturnTo,
|
|
57
|
+
crossDomainLogout,
|
|
58
|
+
});
|
|
59
|
+
if (isSafePath) {
|
|
60
|
+
returnTo = specifiedReturnTo;
|
|
61
|
+
}
|
|
62
|
+
if (!crossDomainLogout && otherDomainHost && otherDomainHost !== host) {
|
|
63
|
+
const currentDomainUrl = `${protocol}://${host}`;
|
|
64
|
+
const backToCurrentDomainUrl = new URL(logoutEndpoint, currentDomainUrl);
|
|
65
|
+
backToCurrentDomainUrl.searchParams.set('returnTo', returnTo);
|
|
66
|
+
backToCurrentDomainUrl.searchParams.set('crossDomain', 'true');
|
|
67
|
+
const otherDomainLogoutUrl = new URL(logoutEndpoint, `${protocol}://${otherDomainHost}`);
|
|
68
|
+
otherDomainLogoutUrl.searchParams.set('crossDomain', 'true');
|
|
69
|
+
otherDomainLogoutUrl.searchParams.set('returnTo', backToCurrentDomainUrl.toString());
|
|
70
|
+
return {
|
|
71
|
+
isEarlyReturn: true,
|
|
72
|
+
response: NextResponse.redirect(otherDomainLogoutUrl, {
|
|
73
|
+
status: 302,
|
|
74
|
+
}),
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
searchParams.set('returnTo', returnTo);
|
|
78
|
+
request.nextUrl.search = searchParams.toString();
|
|
79
|
+
};
|
|
80
|
+
const getLegacyCookieDomain = (hostname) => {
|
|
81
|
+
const parts = hostname.split('.');
|
|
82
|
+
if (parts.length < 2)
|
|
83
|
+
return `.${hostname}`;
|
|
84
|
+
const base = parts.slice(-2).join('.');
|
|
85
|
+
return `.${base}`;
|
|
86
|
+
};
|
|
87
|
+
const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }) => {
|
|
88
|
+
if (request.nextUrl.pathname !== logoutEndpoint || !response)
|
|
89
|
+
return;
|
|
90
|
+
authCookieNames.forEach((cookieName) => {
|
|
91
|
+
response.cookies.delete({
|
|
92
|
+
name: cookieName,
|
|
93
|
+
maxAge: 0,
|
|
94
|
+
path: '/',
|
|
95
|
+
});
|
|
96
|
+
response.cookies.delete({
|
|
97
|
+
name: `${cookieName}__0`,
|
|
98
|
+
maxAge: 0,
|
|
99
|
+
path: '/',
|
|
100
|
+
});
|
|
101
|
+
});
|
|
102
|
+
const legacyCookieDomain = getLegacyCookieDomain(host);
|
|
103
|
+
response.cookies.delete({
|
|
104
|
+
name: legacyAccessTokenName,
|
|
105
|
+
maxAge: 0,
|
|
106
|
+
path: '/',
|
|
107
|
+
domain: legacyCookieDomain,
|
|
108
|
+
});
|
|
109
|
+
response.cookies.delete({
|
|
110
|
+
name: legacyRefreshTokenName,
|
|
111
|
+
maxAge: 0,
|
|
112
|
+
path: '/',
|
|
113
|
+
domain: legacyCookieDomain,
|
|
114
|
+
});
|
|
115
|
+
};
|
|
116
|
+
|
|
117
|
+
export { deleteRelatedSessionCookies, handleCrossDomainLogout };
|
|
118
|
+
//# sourceMappingURL=logout.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAMA,MAAM,gBAAgB,GAAG,CAAC,EACxB,SAAS,EACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,iBAAiB,GAOlB,KAAI;IACH,IAAI,OAAO,SAAS,KAAK,QAAQ;AAAE,QAAA,OAAO,KAAK;AAC/C,IAAA,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI;AAAE,QAAA,OAAO,KAAK;AAEzC,IAAA,IAAI;AACF,QAAA,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,KAAK,GAAG,gBAAgB,GAAG,GAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,gBAAgB,CAAA,CAAE,CACtE;AACD,QAAA,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ;AAE5C,QAAA,IACE,iBAAiB;YACjB,KAAK;AACL,YAAA,eAAe,CAAC,IAAI,KAAK,eAAe,EACxC;AACA,YAAA,OAAO,KAAK;QACd;QAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,CAAC,IAAI,KAAK,IAAI,EAAE;AACvD,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AAChE,YAAA,OAAO,KAAK;QACd;;;QAIA,MAAM,eAAe,GAAG,yBAAyB;AACjD,QAAA,OAAO,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;IAC1C;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,CAAC;AACjD,QAAA,OAAO,KAAK;IACd;AACF,CAAC;AAED,MAAM,kBAAkB,GAAG,CAAC,WAAmB,KAAY;AACzD,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,OAAO,WAAW;AACpB,CAAC;MAEY,uBAAuB,GAAG,CAAC,EACtC,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,WAAW,EAAE,EAAE,cAAc,EAAE,cAAc,EAAE,GAMhD,KAAkC;AACjC,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc;QAAE;IAEjD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;IAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,MAAM;AAEpE,IAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC;AAChD,IAAA,IAAI,QAAQ,GAAG,CAAA,CAAA,EAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,OAAO,EAAE;IACzE,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,QAAQ;QACR,IAAI;QACJ,eAAe;AACf,QAAA,SAAS,EAAE,iBAAiB;QAC5B,iBAAiB;AAClB,KAAA,CAAC;IACF,IAAI,UAAU,EAAE;QACd,QAAQ,GAAG,iBAAiB;IAC9B;IAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,IAAI,eAAe,KAAK,IAAI,EAAE;AACrE,QAAA,MAAM,gBAAgB,GAAG,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,EAAE;QAChD,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC;QACxE,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;QAC7D,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAE9D,QAAA,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,cAAc,EACd,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,eAAe,CAAA,CAAE,CACnC;QACD,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAC5D,QAAA,oBAAoB,CAAC,YAAY,CAAC,GAAG,CACnC,UAAU,EACV,sBAAsB,CAAC,QAAQ,EAAE,CAClC;QAED,OAAO;AACL,YAAA,aAAa,EAAE,IAAI;AACnB,YAAA,QAAQ,EAAE,YAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE;AACpD,gBAAA,MAAM,EAAE,GAAG;aACZ,CAAC;SACH;IACH;AAEA,IAAA,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;IACtC,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;AAEA,MAAM,qBAAqB,GAAG,CAAC,QAAgB,KAAI;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AACjC,IAAA,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE;AAE3C,IAAA,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACtC,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;AACnB,CAAC;AAEM,MAAM,2BAA2B,GAAG,CAAC,EAC1C,IAAI,EACJ,OAAO,EACP,QAAQ,EACR,WAAW,EAAE,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,GAMF,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,QAAQ;QAAE;AAE9D,IAAA,eAAe,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;AACrC,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,YAAA,IAAI,EAAE,UAAU;AAChB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACJ,IAAA,CAAC,CAAC;AAEF,IAAA,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,IAAI,CAAC;AACtD,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,qBAAqB;AAC3B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACF,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,sBAAsB;AAC5B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACJ;;;;"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { NextRequest, NextResponse } from 'next/server';
|
|
2
|
+
import { Language } from '@smg-automotive/i18n-pkg';
|
|
3
|
+
import { Auth0Client } from '@auth0/nextjs-auth0/server';
|
|
4
|
+
import { Auth0Config } from 'src/types';
|
|
5
|
+
import { MiddlewareRouteHandlerResult } from './types';
|
|
6
|
+
export declare const protectRoute: ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }: {
|
|
7
|
+
isProtected: boolean;
|
|
8
|
+
auth0Instance: Auth0Client;
|
|
9
|
+
auth0Config: Auth0Config;
|
|
10
|
+
language: Language;
|
|
11
|
+
request: NextRequest;
|
|
12
|
+
response: NextResponse;
|
|
13
|
+
onError?: (error: Error) => void;
|
|
14
|
+
}) => Promise<MiddlewareRouteHandlerResult>;
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { NextResponse } from 'next/server';
|
|
2
|
+
import { getLoginLink } from '../../lib/authLinks.js';
|
|
3
|
+
|
|
4
|
+
const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
|
|
5
|
+
const loginUrl = getLoginLink({
|
|
6
|
+
auth0Config,
|
|
7
|
+
language,
|
|
8
|
+
returnTo,
|
|
9
|
+
});
|
|
10
|
+
return {
|
|
11
|
+
response: NextResponse.redirect(new URL(loginUrl, origin), {
|
|
12
|
+
status: 307,
|
|
13
|
+
}),
|
|
14
|
+
isEarlyReturn: true,
|
|
15
|
+
};
|
|
16
|
+
};
|
|
17
|
+
const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }) => {
|
|
18
|
+
const session = await auth0Instance.getSession(request);
|
|
19
|
+
const { pathname, search, origin } = request.nextUrl;
|
|
20
|
+
if (!isProtected && !session?.user) {
|
|
21
|
+
return {
|
|
22
|
+
response,
|
|
23
|
+
isEarlyReturn: true,
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
if (!session && isProtected) {
|
|
27
|
+
return redirectToLogin({
|
|
28
|
+
auth0Config,
|
|
29
|
+
language,
|
|
30
|
+
returnTo: `${pathname}${search}`,
|
|
31
|
+
origin,
|
|
32
|
+
});
|
|
33
|
+
}
|
|
34
|
+
try {
|
|
35
|
+
const shouldRefresh = (session?.tokenSet.expiresAt || 0) < Date.now() / 1000 + 30;
|
|
36
|
+
await auth0Instance.getAccessToken(request, response, {
|
|
37
|
+
refresh: shouldRefresh,
|
|
38
|
+
});
|
|
39
|
+
}
|
|
40
|
+
catch (error) {
|
|
41
|
+
const authError = error;
|
|
42
|
+
onError?.(authError);
|
|
43
|
+
if (!isProtected) {
|
|
44
|
+
return {
|
|
45
|
+
response,
|
|
46
|
+
isEarlyReturn: true,
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
return redirectToLogin({
|
|
50
|
+
auth0Config,
|
|
51
|
+
language,
|
|
52
|
+
returnTo: `${pathname}${search}`,
|
|
53
|
+
origin,
|
|
54
|
+
});
|
|
55
|
+
}
|
|
56
|
+
};
|
|
57
|
+
|
|
58
|
+
export { protectRoute };
|
|
59
|
+
//# sourceMappingURL=protectRoute.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":[],"mappings":";;;AAUA,MAAM,eAAe,GAAG,CAAC,EACvB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,MAAM,GAMP,KAAkC;IACjC,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC5B,WAAW;QACX,QAAQ;QACR,QAAQ;AACT,KAAA,CAAC;IAEF,OAAO;AACL,QAAA,QAAQ,EAAE,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE;AACzD,YAAA,MAAM,EAAE,GAAG;SACZ,CAAC;AACF,QAAA,aAAa,EAAE,IAAI;KACpB;AACH,CAAC;MAEY,YAAY,GAAG,OAAO,EACjC,WAAW,EACX,aAAa,EACb,WAAW,EACX,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,OAAO,GASR,KAA2C;IAC1C,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;IAEpD,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;QAClC,OAAO;YACL,QAAQ;AACR,YAAA,aAAa,EAAE,IAAI;SACpB;IACH;AAEA,IAAA,IAAI,CAAC,OAAO,IAAI,WAAW,EAAE;AAC3B,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI;QACF,MAAM,aAAa,GACjB,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;AAC7D,QAAA,MAAM,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;AACpD,YAAA,OAAO,EAAE,aAAa;AACvB,SAAA,CAAC;IACJ;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;QAEpB,IAAI,CAAC,WAAW,EAAE;YAChB,OAAO;gBACL,QAAQ;AACR,gBAAA,aAAa,EAAE,IAAI;aACpB;QACH;AAEA,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AACF;;;;"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { NextRequest } from 'next/server';
|
|
2
|
+
import { Language } from '@smg-automotive/i18n-pkg';
|
|
3
|
+
import { Auth0Client } from '@auth0/nextjs-auth0/server';
|
|
4
|
+
import { Auth0Config } from 'src/types';
|
|
5
|
+
import { MiddlewareRouteHandlerResult } from './types';
|
|
6
|
+
export declare const switchSelectedSellerId: ({ language, request, auth0Instance, auth0Config, }: {
|
|
7
|
+
language: Language;
|
|
8
|
+
request: NextRequest;
|
|
9
|
+
auth0Instance: Auth0Client;
|
|
10
|
+
auth0Config: Auth0Config;
|
|
11
|
+
}) => Promise<MiddlewareRouteHandlerResult>;
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import { NextResponse } from 'next/server';
|
|
2
|
+
import { getLoginLink } from '../../lib/authLinks.js';
|
|
3
|
+
|
|
4
|
+
const switchSelectedSellerId = async ({ language, request, auth0Instance, auth0Config, }) => {
|
|
5
|
+
if (request.nextUrl.pathname !== auth0Config.tokenEndpoint)
|
|
6
|
+
return;
|
|
7
|
+
const searchParams = new URLSearchParams(request.nextUrl.search);
|
|
8
|
+
const sellerId = searchParams.get('seller_id');
|
|
9
|
+
const session = await auth0Instance.getSession(request);
|
|
10
|
+
if (sellerId && session?.user) {
|
|
11
|
+
const loginUrl = getLoginLink({
|
|
12
|
+
auth0Config,
|
|
13
|
+
language,
|
|
14
|
+
returnTo: auth0Config.tokenEndpoint,
|
|
15
|
+
selectedSellerId: sellerId,
|
|
16
|
+
});
|
|
17
|
+
return {
|
|
18
|
+
response: NextResponse.redirect(new URL(loginUrl, origin), {
|
|
19
|
+
status: 302,
|
|
20
|
+
}),
|
|
21
|
+
isEarlyReturn: true,
|
|
22
|
+
};
|
|
23
|
+
}
|
|
24
|
+
};
|
|
25
|
+
|
|
26
|
+
export { switchSelectedSellerId };
|
|
27
|
+
//# sourceMappingURL=token.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":[],"mappings":";;;AASO,MAAM,sBAAsB,GAAG,OAAO,EAC3C,QAAQ,EACR,OAAO,EACP,aAAa,EACb,WAAW,GAMZ,KAA2C;IAC1C,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,aAAa;QAAE;IAE5D,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;IAC9C,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;AAEvD,IAAA,IAAI,QAAQ,IAAI,OAAO,EAAE,IAAI,EAAE;QAC7B,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC5B,WAAW;YACX,QAAQ;YACR,QAAQ,EAAE,WAAW,CAAC,aAAa;AACnC,YAAA,gBAAgB,EAAE,QAAQ;AAC3B,SAAA,CAAC;QACF,OAAO;AACL,YAAA,QAAQ,EAAE,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE;AACzD,gBAAA,MAAM,EAAE,GAAG;aACZ,CAAC;AACF,YAAA,aAAa,EAAE,IAAI;SACpB;IACH;AACF;;;;"}
|
package/dist/esm/server.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export { authMiddleware } from './server/middleware.js';
|
|
1
|
+
export { authMiddleware } from './server/middleware/index.js';
|
|
2
2
|
//# sourceMappingURL=server.js.map
|
package/package.json
CHANGED
|
@@ -1,219 +0,0 @@
|
|
|
1
|
-
'use strict';
|
|
2
|
-
|
|
3
|
-
var server = require('next/server');
|
|
4
|
-
var authLinks = require('../lib/authLinks.js');
|
|
5
|
-
var auth0 = require('../config/auth0.js');
|
|
6
|
-
var getAuth0Instance = require('./getAuth0Instance.js');
|
|
7
|
-
|
|
8
|
-
const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
|
|
9
|
-
const loginUrl = authLinks.getLoginLink({
|
|
10
|
-
auth0Config,
|
|
11
|
-
language,
|
|
12
|
-
returnTo,
|
|
13
|
-
});
|
|
14
|
-
return server.NextResponse.redirect(new URL(loginUrl, origin), {
|
|
15
|
-
status: 307,
|
|
16
|
-
});
|
|
17
|
-
};
|
|
18
|
-
const isAuthRoute = (pathname, auth0Config) => {
|
|
19
|
-
const { loginEndpoint, logoutEndpoint, callbackEndpoint, userProfileEndpoint, tokenEndpoint, } = auth0Config;
|
|
20
|
-
return [
|
|
21
|
-
loginEndpoint,
|
|
22
|
-
logoutEndpoint,
|
|
23
|
-
callbackEndpoint,
|
|
24
|
-
userProfileEndpoint,
|
|
25
|
-
tokenEndpoint,
|
|
26
|
-
].includes(pathname);
|
|
27
|
-
};
|
|
28
|
-
const getLegacyCookieDomain = (hostname) => {
|
|
29
|
-
const parts = hostname.split('.');
|
|
30
|
-
if (parts.length < 2)
|
|
31
|
-
return `.${hostname}`;
|
|
32
|
-
const base = parts.slice(-2).join('.');
|
|
33
|
-
return `.${base}`;
|
|
34
|
-
};
|
|
35
|
-
const getOtherDomainHost = (currentHost) => {
|
|
36
|
-
if (currentHost.includes('autoscout24')) {
|
|
37
|
-
return currentHost.replace('autoscout24', 'motoscout24');
|
|
38
|
-
}
|
|
39
|
-
if (currentHost.includes('motoscout24')) {
|
|
40
|
-
return currentHost.replace('motoscout24', 'autoscout24');
|
|
41
|
-
}
|
|
42
|
-
return currentHost;
|
|
43
|
-
};
|
|
44
|
-
const validateReturnTo = ({ pathOrUrl, host, protocol, otherDomainHost, crossDomainLogout, }) => {
|
|
45
|
-
if (typeof pathOrUrl !== 'string')
|
|
46
|
-
return false;
|
|
47
|
-
if (pathOrUrl.length > 2048)
|
|
48
|
-
return false;
|
|
49
|
-
try {
|
|
50
|
-
const decodedPathOrUrl = decodeURIComponent(pathOrUrl);
|
|
51
|
-
const isUrl = decodedPathOrUrl.startsWith('http');
|
|
52
|
-
const parsedUrlOrPath = new URL(isUrl ? decodedPathOrUrl : `${protocol}://${host}${decodedPathOrUrl}`);
|
|
53
|
-
const decodedPath = parsedUrlOrPath.pathname;
|
|
54
|
-
if (crossDomainLogout &&
|
|
55
|
-
isUrl &&
|
|
56
|
-
parsedUrlOrPath.host !== otherDomainHost) {
|
|
57
|
-
return false;
|
|
58
|
-
}
|
|
59
|
-
if (!crossDomainLogout && parsedUrlOrPath.host !== host) {
|
|
60
|
-
return false;
|
|
61
|
-
}
|
|
62
|
-
if (!decodedPath.startsWith('/') || decodedPath.startsWith('//')) {
|
|
63
|
-
return false;
|
|
64
|
-
}
|
|
65
|
-
// Limit chars in return to path to prevent injections
|
|
66
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention
|
|
67
|
-
const SAFE_PATH_REGEX = /^\/[a-zA-Z0-9/_\-?.=]*$/;
|
|
68
|
-
return SAFE_PATH_REGEX.test(decodedPath);
|
|
69
|
-
}
|
|
70
|
-
catch (error) {
|
|
71
|
-
// eslint-disable-next-line no-console
|
|
72
|
-
console.warn('Error parsing URL or path:', error);
|
|
73
|
-
return false;
|
|
74
|
-
}
|
|
75
|
-
};
|
|
76
|
-
const authMiddleware = async ({ request, isProtectedRoute, language, host, protocol, isProxied, onError, }) => {
|
|
77
|
-
const { origin, pathname, search } = request.nextUrl;
|
|
78
|
-
const searchParams = new URLSearchParams(search);
|
|
79
|
-
const auth0Instance = getAuth0Instance.getAuth0Instance({ host, protocol, isProxied });
|
|
80
|
-
const auth0Config = auth0.getAuth0Config({ isProxied });
|
|
81
|
-
const { logoutEndpoint, loginEndpoint, tokenEndpoint, globalAuthErrorPath, languageConfig, selectedSellerIdCookie, impersonatedSellerIdCookie, } = auth0Config;
|
|
82
|
-
const isAuthErrorRoute = pathname.endsWith(globalAuthErrorPath);
|
|
83
|
-
if (pathname === logoutEndpoint) {
|
|
84
|
-
const specifiedReturnTo = searchParams.get('returnTo') || '';
|
|
85
|
-
const crossDomainLogout = searchParams.get('crossDomain') === 'true';
|
|
86
|
-
const otherDomainHost = getOtherDomainHost(host);
|
|
87
|
-
let returnTo = `/${searchParams.get('locale') || languageConfig.default}`;
|
|
88
|
-
const isSafePath = validateReturnTo({
|
|
89
|
-
protocol,
|
|
90
|
-
host,
|
|
91
|
-
otherDomainHost,
|
|
92
|
-
pathOrUrl: specifiedReturnTo,
|
|
93
|
-
crossDomainLogout,
|
|
94
|
-
});
|
|
95
|
-
if (isSafePath) {
|
|
96
|
-
returnTo = specifiedReturnTo;
|
|
97
|
-
}
|
|
98
|
-
if (!crossDomainLogout && otherDomainHost && otherDomainHost !== host) {
|
|
99
|
-
const currentDomainUrl = `${protocol}://${host}`;
|
|
100
|
-
const backToCurrentDomainUrl = new URL(logoutEndpoint, currentDomainUrl);
|
|
101
|
-
backToCurrentDomainUrl.searchParams.set('returnTo', returnTo);
|
|
102
|
-
backToCurrentDomainUrl.searchParams.set('crossDomain', 'true');
|
|
103
|
-
const otherDomainLogoutUrl = new URL(logoutEndpoint, `${protocol}://${otherDomainHost}`);
|
|
104
|
-
otherDomainLogoutUrl.searchParams.set('crossDomain', 'true');
|
|
105
|
-
otherDomainLogoutUrl.searchParams.set('returnTo', backToCurrentDomainUrl.toString());
|
|
106
|
-
return server.NextResponse.redirect(otherDomainLogoutUrl, {
|
|
107
|
-
status: 302,
|
|
108
|
-
});
|
|
109
|
-
}
|
|
110
|
-
searchParams.set('returnTo', returnTo);
|
|
111
|
-
request.nextUrl.search = searchParams.toString();
|
|
112
|
-
}
|
|
113
|
-
if (pathname === loginEndpoint) {
|
|
114
|
-
const hasSellerId = searchParams.has('seller_id');
|
|
115
|
-
if (!hasSellerId) {
|
|
116
|
-
const sellerId = request.cookies.get(selectedSellerIdCookie.name)?.value;
|
|
117
|
-
if (sellerId) {
|
|
118
|
-
searchParams.set('seller_id', sellerId);
|
|
119
|
-
}
|
|
120
|
-
}
|
|
121
|
-
const hasImpersonateSellerId = searchParams.has('impersonate_seller_id');
|
|
122
|
-
if (!hasImpersonateSellerId) {
|
|
123
|
-
const impersonatedSellerId = request.cookies.get(impersonatedSellerIdCookie.name)?.value;
|
|
124
|
-
if (impersonatedSellerId) {
|
|
125
|
-
searchParams.set('impersonate_seller_id', impersonatedSellerId);
|
|
126
|
-
}
|
|
127
|
-
}
|
|
128
|
-
request.nextUrl.search = searchParams.toString();
|
|
129
|
-
}
|
|
130
|
-
const authResponse = await auth0Instance.middleware(request);
|
|
131
|
-
if (pathname === logoutEndpoint) {
|
|
132
|
-
const { authCookieNames, legacyAccessTokenName, legacyRefreshTokenName } = auth0Config;
|
|
133
|
-
authCookieNames.forEach((cookieName) => {
|
|
134
|
-
authResponse.cookies.delete({
|
|
135
|
-
name: cookieName,
|
|
136
|
-
maxAge: 0,
|
|
137
|
-
path: '/',
|
|
138
|
-
});
|
|
139
|
-
authResponse.cookies.delete({
|
|
140
|
-
name: `${cookieName}__0`,
|
|
141
|
-
maxAge: 0,
|
|
142
|
-
path: '/',
|
|
143
|
-
});
|
|
144
|
-
});
|
|
145
|
-
const legacyCookieDomain = getLegacyCookieDomain(host);
|
|
146
|
-
authResponse.cookies.delete({
|
|
147
|
-
name: legacyAccessTokenName,
|
|
148
|
-
maxAge: 0,
|
|
149
|
-
path: '/',
|
|
150
|
-
domain: legacyCookieDomain,
|
|
151
|
-
});
|
|
152
|
-
authResponse.cookies.delete({
|
|
153
|
-
name: legacyRefreshTokenName,
|
|
154
|
-
maxAge: 0,
|
|
155
|
-
path: '/',
|
|
156
|
-
domain: legacyCookieDomain,
|
|
157
|
-
});
|
|
158
|
-
}
|
|
159
|
-
if (pathname === tokenEndpoint) {
|
|
160
|
-
const sellerId = searchParams.get('seller_id');
|
|
161
|
-
const session = await auth0Instance.getSession(request);
|
|
162
|
-
if (sellerId && session?.user) {
|
|
163
|
-
const loginUrl = authLinks.getLoginLink({
|
|
164
|
-
auth0Config,
|
|
165
|
-
language,
|
|
166
|
-
returnTo: tokenEndpoint,
|
|
167
|
-
selectedSellerId: sellerId,
|
|
168
|
-
});
|
|
169
|
-
return server.NextResponse.redirect(new URL(loginUrl, origin), { status: 302 });
|
|
170
|
-
}
|
|
171
|
-
}
|
|
172
|
-
if (isAuthRoute(pathname, auth0Config) || isAuthErrorRoute) {
|
|
173
|
-
return authResponse;
|
|
174
|
-
}
|
|
175
|
-
const isProtected = !isAuthErrorRoute && isProtectedRoute(pathname);
|
|
176
|
-
const session = await auth0Instance.getSession(request);
|
|
177
|
-
if (!isProtected && !session?.user) {
|
|
178
|
-
return authResponse;
|
|
179
|
-
}
|
|
180
|
-
if (!session && isProtected) {
|
|
181
|
-
return redirectToLogin({
|
|
182
|
-
auth0Config,
|
|
183
|
-
language,
|
|
184
|
-
returnTo: `${pathname}${search}`,
|
|
185
|
-
origin,
|
|
186
|
-
});
|
|
187
|
-
}
|
|
188
|
-
try {
|
|
189
|
-
const shouldRefresh = (session?.tokenSet.expiresAt || 0) < Date.now() / 1000 + 30;
|
|
190
|
-
await auth0Instance.getAccessToken(request, authResponse, {
|
|
191
|
-
refresh: shouldRefresh,
|
|
192
|
-
});
|
|
193
|
-
}
|
|
194
|
-
catch (error) {
|
|
195
|
-
const authError = error;
|
|
196
|
-
onError?.(authError);
|
|
197
|
-
if (!isProtected) {
|
|
198
|
-
return authResponse;
|
|
199
|
-
}
|
|
200
|
-
return redirectToLogin({
|
|
201
|
-
auth0Config,
|
|
202
|
-
language,
|
|
203
|
-
returnTo: `${pathname}${search}`,
|
|
204
|
-
origin,
|
|
205
|
-
});
|
|
206
|
-
}
|
|
207
|
-
const responseWithCombinedHeaders = server.NextResponse.next({
|
|
208
|
-
request: {
|
|
209
|
-
headers: request.headers,
|
|
210
|
-
},
|
|
211
|
-
});
|
|
212
|
-
authResponse.headers.forEach((value, key) => {
|
|
213
|
-
responseWithCombinedHeaders.headers.set(key, value);
|
|
214
|
-
});
|
|
215
|
-
return responseWithCombinedHeaders;
|
|
216
|
-
};
|
|
217
|
-
|
|
218
|
-
exports.authMiddleware = authMiddleware;
|
|
219
|
-
//# sourceMappingURL=middleware.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sources":["../../../../src/server/middleware.ts"],"sourcesContent":[null],"names":["getLoginLink","NextResponse","getAuth0Instance","getAuth0Config"],"mappings":";;;;;;;AAWA,MAAM,eAAe,GAAG,CAAC,EACvB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,MAAM,GAMP,KAAI;IACH,MAAM,QAAQ,GAAGA,sBAAY,CAAC;QAC5B,WAAW;QACX,QAAQ;QACR,QAAQ;AACT,KAAA,CAAC;IAEF,OAAOC,mBAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE;AACtD,QAAA,MAAM,EAAE,GAAG;AACZ,KAAA,CAAC;AACJ,CAAC;AAED,MAAM,WAAW,GAAG,CAAC,QAAgB,EAAE,WAAwB,KAAI;AACjE,IAAA,MAAM,EACJ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,GACd,GAAG,WAAW;IAEf,OAAO;QACL,aAAa;QACb,cAAc;QACd,gBAAgB;QAChB,mBAAmB;QACnB,aAAa;AACd,KAAA,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACtB,CAAC;AAED,MAAM,qBAAqB,GAAG,CAAC,QAAgB,KAAI;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AACjC,IAAA,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE;AAE3C,IAAA,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACtC,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;AACnB,CAAC;AAED,MAAM,kBAAkB,GAAG,CAAC,WAAmB,KAAY;AACzD,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,OAAO,WAAW;AACpB,CAAC;AAED,MAAM,gBAAgB,GAAG,CAAC,EACxB,SAAS,EACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,iBAAiB,GAOlB,KAAI;IACH,IAAI,OAAO,SAAS,KAAK,QAAQ;AAAE,QAAA,OAAO,KAAK;AAC/C,IAAA,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI;AAAE,QAAA,OAAO,KAAK;AAEzC,IAAA,IAAI;AACF,QAAA,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,KAAK,GAAG,gBAAgB,GAAG,GAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,gBAAgB,CAAA,CAAE,CACtE;AACD,QAAA,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ;AAE5C,QAAA,IACE,iBAAiB;YACjB,KAAK;AACL,YAAA,eAAe,CAAC,IAAI,KAAK,eAAe,EACxC;AACA,YAAA,OAAO,KAAK;QACd;QAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,CAAC,IAAI,KAAK,IAAI,EAAE;AACvD,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AAChE,YAAA,OAAO,KAAK;QACd;;;QAIA,MAAM,eAAe,GAAG,yBAAyB;AACjD,QAAA,OAAO,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;IAC1C;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,CAAC;AACjD,QAAA,OAAO,KAAK;IACd;AACF,CAAC;MAEY,cAAc,GAAG,OAAO,EACnC,OAAO,EACP,gBAAgB,EAChB,QAAQ,EACR,IAAI,EACJ,QAAQ,EACR,SAAS,EACT,OAAO,GAWR,KAA2B;IAC1B,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;AACpD,IAAA,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC;AAChD,IAAA,MAAM,aAAa,GAAGC,iCAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAErE,MAAM,WAAW,GAAGC,oBAAc,CAAC,EAAE,SAAS,EAAE,CAAC;AACjD,IAAA,MAAM,EACJ,cAAc,EACd,aAAa,EACb,aAAa,EACb,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,0BAA0B,GAC3B,GAAG,WAAW;IACf,MAAM,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;AAE/D,IAAA,IAAI,QAAQ,KAAK,cAAc,EAAE;QAC/B,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;QAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,MAAM;AAEpE,QAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC;AAChD,QAAA,IAAI,QAAQ,GAAG,CAAA,CAAA,EAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,OAAO,EAAE;QACzE,MAAM,UAAU,GAAG,gBAAgB,CAAC;YAClC,QAAQ;YACR,IAAI;YACJ,eAAe;AACf,YAAA,SAAS,EAAE,iBAAiB;YAC5B,iBAAiB;AAClB,SAAA,CAAC;QACF,IAAI,UAAU,EAAE;YACd,QAAQ,GAAG,iBAAiB;QAC9B;QAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,IAAI,eAAe,KAAK,IAAI,EAAE;AACrE,YAAA,MAAM,gBAAgB,GAAG,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,EAAE;YAChD,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC;YACxE,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;YAC7D,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAE9D,YAAA,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,cAAc,EACd,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,eAAe,CAAA,CAAE,CACnC;YACD,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAC5D,YAAA,oBAAoB,CAAC,YAAY,CAAC,GAAG,CACnC,UAAU,EACV,sBAAsB,CAAC,QAAQ,EAAE,CAClC;AAED,YAAA,OAAOF,mBAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE;AACjD,gBAAA,MAAM,EAAE,GAAG;AACZ,aAAA,CAAC;QACJ;AAEA,QAAA,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;QACtC,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;IAClD;AAEA,IAAA,IAAI,QAAQ,KAAK,aAAa,EAAE;QAC9B,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;QACjD,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK;YACxE,IAAI,QAAQ,EAAE;AACZ,gBAAA,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC;YACzC;QACF;QAEA,MAAM,sBAAsB,GAAG,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC;QACxE,IAAI,CAAC,sBAAsB,EAAE;AAC3B,YAAA,MAAM,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAC9C,0BAA0B,CAAC,IAAI,CAChC,EAAE,KAAK;YAER,IAAI,oBAAoB,EAAE;AACxB,gBAAA,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC;YACjE;QACF;QAEA,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;IAClD;IAEA,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;AAE5D,IAAA,IAAI,QAAQ,KAAK,cAAc,EAAE;QAC/B,MAAM,EAAE,eAAe,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,GACtE,WAAW;AAEb,QAAA,eAAe,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;AACrC,YAAA,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC;AAC1B,gBAAA,IAAI,EAAE,UAAU;AAChB,gBAAA,MAAM,EAAE,CAAC;AACT,gBAAA,IAAI,EAAE,GAAG;AACV,aAAA,CAAC;AACF,YAAA,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC;gBAC1B,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,gBAAA,MAAM,EAAE,CAAC;AACT,gBAAA,IAAI,EAAE,GAAG;AACV,aAAA,CAAC;AACJ,QAAA,CAAC,CAAC;AAEF,QAAA,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,IAAI,CAAC;AACtD,QAAA,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC;AAC1B,YAAA,IAAI,EAAE,qBAAqB;AAC3B,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACT,YAAA,MAAM,EAAE,kBAAkB;AAC3B,SAAA,CAAC;AACF,QAAA,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC;AAC1B,YAAA,IAAI,EAAE,sBAAsB;AAC5B,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACT,YAAA,MAAM,EAAE,kBAAkB;AAC3B,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI,QAAQ,KAAK,aAAa,EAAE;QAC9B,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;QAC9C,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;AAEvD,QAAA,IAAI,QAAQ,IAAI,OAAO,EAAE,IAAI,EAAE;YAC7B,MAAM,QAAQ,GAAGD,sBAAY,CAAC;gBAC5B,WAAW;gBACX,QAAQ;AACR,gBAAA,QAAQ,EAAE,aAAa;AACvB,gBAAA,gBAAgB,EAAE,QAAQ;AAC3B,aAAA,CAAC;AACF,YAAA,OAAOC,mBAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;QAC1E;IACF;IAEA,IAAI,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,gBAAgB,EAAE;AAC1D,QAAA,OAAO,YAAY;IACrB;IAEA,MAAM,WAAW,GAAG,CAAC,gBAAgB,IAAI,gBAAgB,CAAC,QAAQ,CAAC;IACnE,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;AAClC,QAAA,OAAO,YAAY;IACrB;AAEA,IAAA,IAAI,CAAC,OAAO,IAAI,WAAW,EAAE;AAC3B,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI;QACF,MAAM,aAAa,GACjB,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;AAC7D,QAAA,MAAM,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,EAAE;AACxD,YAAA,OAAO,EAAE,aAAa;AACvB,SAAA,CAAC;IACJ;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;QAEpB,IAAI,CAAC,WAAW,EAAE;AAChB,YAAA,OAAO,YAAY;QACrB;AAEA,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AAEA,IAAA,MAAM,2BAA2B,GAAGA,mBAAY,CAAC,IAAI,CAAC;AACpD,QAAA,OAAO,EAAE;YACP,OAAO,EAAE,OAAO,CAAC,OAAO;AACzB,SAAA;AACF,KAAA,CAAC;IACF,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,KAAI;QAC1C,2BAA2B,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC;AACrD,IAAA,CAAC,CAAC;AAEF,IAAA,OAAO,2BAA2B;AACpC;;;;"}
|