@spinajs/rbac-http-user 2.0.375 → 2.0.378
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/2fa/Default2FaToken.d.ts +2 -1
- package/lib/cjs/2fa/Default2FaToken.d.ts.map +1 -1
- package/lib/cjs/2fa/Default2FaToken.js +6 -3
- package/lib/cjs/2fa/Default2FaToken.js.map +1 -1
- package/lib/cjs/actions/2fa.d.ts.map +1 -1
- package/lib/cjs/actions/2fa.js +6 -3
- package/lib/cjs/actions/2fa.js.map +1 -1
- package/lib/cjs/cli/EnableUser2Fa.d.ts +1 -0
- package/lib/cjs/cli/EnableUser2Fa.d.ts.map +1 -1
- package/lib/cjs/cli/EnableUser2Fa.js +3 -2
- package/lib/cjs/cli/EnableUser2Fa.js.map +1 -1
- package/lib/cjs/config/rbac-http.d.ts +2 -2
- package/lib/cjs/config/rbac-http.d.ts.map +1 -1
- package/lib/cjs/config/rbac-http.js +2 -2
- package/lib/cjs/config/rbac-http.js.map +1 -1
- package/lib/cjs/controllers/LoginController.d.ts +1 -0
- package/lib/cjs/controllers/LoginController.d.ts.map +1 -1
- package/lib/cjs/controllers/LoginController.js +41 -18
- package/lib/cjs/controllers/LoginController.js.map +1 -1
- package/lib/cjs/controllers/TwoFactorAuthController.d.ts +5 -3
- package/lib/cjs/controllers/TwoFactorAuthController.d.ts.map +1 -1
- package/lib/cjs/controllers/TwoFactorAuthController.js +27 -3
- package/lib/cjs/controllers/TwoFactorAuthController.js.map +1 -1
- package/lib/cjs/controllers/UserController.d.ts.map +1 -1
- package/lib/cjs/controllers/UserController.js +1 -1
- package/lib/cjs/controllers/UserController.js.map +1 -1
- package/lib/cjs/controllers/UserMetadataController.js +1 -1
- package/lib/cjs/controllers/UserMetadataController.js.map +1 -1
- package/lib/cjs/index.d.ts +3 -0
- package/lib/cjs/index.d.ts.map +1 -1
- package/lib/cjs/index.js +3 -0
- package/lib/cjs/index.js.map +1 -1
- package/lib/cjs/policies/2FaPolicy.d.ts.map +1 -1
- package/lib/cjs/policies/2FaPolicy.js +2 -2
- package/lib/cjs/policies/2FaPolicy.js.map +1 -1
- package/lib/mjs/2fa/Default2FaToken.d.ts +2 -1
- package/lib/mjs/2fa/Default2FaToken.d.ts.map +1 -1
- package/lib/mjs/2fa/Default2FaToken.js +6 -3
- package/lib/mjs/2fa/Default2FaToken.js.map +1 -1
- package/lib/mjs/actions/2fa.d.ts.map +1 -1
- package/lib/mjs/actions/2fa.js +7 -4
- package/lib/mjs/actions/2fa.js.map +1 -1
- package/lib/mjs/cli/EnableUser2Fa.d.ts +1 -0
- package/lib/mjs/cli/EnableUser2Fa.d.ts.map +1 -1
- package/lib/mjs/cli/EnableUser2Fa.js +3 -2
- package/lib/mjs/cli/EnableUser2Fa.js.map +1 -1
- package/lib/mjs/config/rbac-http.d.ts +2 -2
- package/lib/mjs/config/rbac-http.d.ts.map +1 -1
- package/lib/mjs/config/rbac-http.js +2 -2
- package/lib/mjs/config/rbac-http.js.map +1 -1
- package/lib/mjs/controllers/LoginController.d.ts +1 -0
- package/lib/mjs/controllers/LoginController.d.ts.map +1 -1
- package/lib/mjs/controllers/LoginController.js +43 -20
- package/lib/mjs/controllers/LoginController.js.map +1 -1
- package/lib/mjs/controllers/TwoFactorAuthController.d.ts +5 -3
- package/lib/mjs/controllers/TwoFactorAuthController.d.ts.map +1 -1
- package/lib/mjs/controllers/TwoFactorAuthController.js +30 -6
- package/lib/mjs/controllers/TwoFactorAuthController.js.map +1 -1
- package/lib/mjs/controllers/UserController.d.ts.map +1 -1
- package/lib/mjs/controllers/UserController.js +2 -2
- package/lib/mjs/controllers/UserController.js.map +1 -1
- package/lib/mjs/controllers/UserMetadataController.js +2 -2
- package/lib/mjs/controllers/UserMetadataController.js.map +1 -1
- package/lib/mjs/index.d.ts +3 -0
- package/lib/mjs/index.d.ts.map +1 -1
- package/lib/mjs/index.js +3 -0
- package/lib/mjs/index.js.map +1 -1
- package/lib/mjs/policies/2FaPolicy.d.ts.map +1 -1
- package/lib/mjs/policies/2FaPolicy.js +3 -3
- package/lib/mjs/policies/2FaPolicy.js.map +1 -1
- package/lib/tsconfig.cjs.tsbuildinfo +1 -1
- package/lib/tsconfig.mjs.tsbuildinfo +1 -1
- package/package.json +11 -11
|
@@ -3,7 +3,8 @@ import { Log } from '@spinajs/log';
|
|
|
3
3
|
import { TwoFactorAuthProvider } from "@spinajs/rbac-http";
|
|
4
4
|
export declare enum TWO_FA_METATADATA_KEYS {
|
|
5
5
|
TOKEN = "2fa:token",
|
|
6
|
-
ENABLED = "2fa:enabled"
|
|
6
|
+
ENABLED = "2fa:enabled",
|
|
7
|
+
OTP = "2fa:otp"
|
|
7
8
|
}
|
|
8
9
|
export declare class Default2FaToken extends TwoFactorAuthProvider {
|
|
9
10
|
protected Config: any;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Default2FaToken.d.ts","sourceRoot":"","sources":["../../../src/2fa/Default2FaToken.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAErC,OAAO,EAAE,GAAG,EAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"Default2FaToken.d.ts","sourceRoot":"","sources":["../../../src/2fa/Default2FaToken.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAErC,OAAO,EAAE,GAAG,EAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAI3D,oBAAY,sBAAsB;IAC9B,KAAK,cAAc;IACnB,OAAO,gBAAgB;IACvB,GAAG,YAAY;CAClB;AAED,qBACa,eAAgB,SAAQ,qBAAqB;IAEtD,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC;IAGtB,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC;;IAMnB,OAAO,CAAC,OAAO;IAYR,OAAO,CAAC,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAMzB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAgBxD,UAAU,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC;IAoBpC,aAAa,CAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAYlD,SAAS,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAKvC,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;CAI3D"}
|
|
@@ -38,10 +38,12 @@ const configuration_1 = require("@spinajs/configuration");
|
|
|
38
38
|
const log_1 = require("@spinajs/log");
|
|
39
39
|
const rbac_http_1 = require("@spinajs/rbac-http");
|
|
40
40
|
const OTPAuth = __importStar(require("otpauth"));
|
|
41
|
+
const exceptions_1 = require("@spinajs/exceptions");
|
|
41
42
|
var TWO_FA_METATADATA_KEYS;
|
|
42
43
|
(function (TWO_FA_METATADATA_KEYS) {
|
|
43
44
|
TWO_FA_METATADATA_KEYS["TOKEN"] = "2fa:token";
|
|
44
45
|
TWO_FA_METATADATA_KEYS["ENABLED"] = "2fa:enabled";
|
|
46
|
+
TWO_FA_METATADATA_KEYS["OTP"] = "2fa:otp";
|
|
45
47
|
})(TWO_FA_METATADATA_KEYS || (exports.TWO_FA_METATADATA_KEYS = TWO_FA_METATADATA_KEYS = {}));
|
|
46
48
|
let Default2FaToken = class Default2FaToken extends rbac_http_1.TwoFactorAuthProvider {
|
|
47
49
|
constructor() {
|
|
@@ -65,20 +67,21 @@ let Default2FaToken = class Default2FaToken extends rbac_http_1.TwoFactorAuthPro
|
|
|
65
67
|
async verifyToken(token, user) {
|
|
66
68
|
const twoFaToken = user.Metadata[TWO_FA_METATADATA_KEYS.TOKEN];
|
|
67
69
|
if (!twoFaToken) {
|
|
68
|
-
|
|
69
|
-
return false;
|
|
70
|
+
throw new exceptions_1.Exception(`Cannot verify 2fa token, no 2fa token for user ${user.Uuid}`);
|
|
70
71
|
}
|
|
71
72
|
const totp = this._getOTP(user, twoFaToken);
|
|
72
73
|
const verified = totp.validate({
|
|
73
74
|
token: token,
|
|
74
75
|
window: this.Config.window,
|
|
75
76
|
});
|
|
76
|
-
return verified
|
|
77
|
+
return verified !== null;
|
|
77
78
|
}
|
|
78
79
|
async initialize(user) {
|
|
79
80
|
const secret = new OTPAuth.Secret({ size: this.Config.secretSize });
|
|
80
81
|
const totp = this._getOTP(user, secret.base32);
|
|
81
82
|
user.Metadata[TWO_FA_METATADATA_KEYS.TOKEN] = secret.base32;
|
|
83
|
+
user.Metadata[TWO_FA_METATADATA_KEYS.ENABLED] = true;
|
|
84
|
+
user.Metadata[TWO_FA_METATADATA_KEYS.OTP] = totp.toString();
|
|
82
85
|
await user.Metadata.sync();
|
|
83
86
|
this.Log.trace(`2fa token initialized for user ${user.Id}`, {
|
|
84
87
|
userId: user.Id,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Default2FaToken.js","sourceRoot":"","sources":["../../../src/2fa/Default2FaToken.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oCAAyC;AAEzC,0DAAgD;AAChD,sCAA2C;AAC3C,kDAA2D;AAC3D,iDAAmC;
|
|
1
|
+
{"version":3,"file":"Default2FaToken.js","sourceRoot":"","sources":["../../../src/2fa/Default2FaToken.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oCAAyC;AAEzC,0DAAgD;AAChD,sCAA2C;AAC3C,kDAA2D;AAC3D,iDAAmC;AACnC,oDAAgD;AAEhD,IAAY,sBAIX;AAJD,WAAY,sBAAsB;IAC9B,6CAAmB,CAAA;IACnB,iDAAuB,CAAA;IACvB,yCAAe,CAAA;AACnB,CAAC,EAJW,sBAAsB,sCAAtB,sBAAsB,QAIjC;AAGM,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,iCAAqB;IAOtD;QACI,KAAK,EAAE,CAAC;IACZ,CAAC;IAEO,OAAO,CAAC,IAAW,EAAE,MAAc;QACrC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;YACtB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC1B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;YAChC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC1B,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC1B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;SAC5C,CAAC,CAAC;IAEP,CAAC;IAEM,OAAO,CAAC,CAAO;QAClB,yDAAyD;QACzD,gCAAgC;QAChC,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC7B,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,IAAU;QAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAE/D,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,MAAM,IAAI,sBAAS,CAAC,kDAAkD,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACvF,CAAC;QAED,MAAM,IAAI,GAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC3B,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;SAC7B,CAAC,CAAC;QAEH,OAAO,QAAQ,KAAI,IAAI,CAAC;IAC5B,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,IAAU;QAC9B,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;QACpE,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5D,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;QACrD,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAE5D,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE3B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kCAAkC,IAAI,CAAC,EAAE,EAAE,EAAE;YACxD,MAAM,EAAE,IAAI,CAAC,EAAE;SAClB,CAAC,CAAC;QAEH;;WAEG;QACH,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,aAAa,CAAE,IAAU;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAE1D,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kDAAkD,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5E,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,IAAU;QAC7B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAChE,OAAO,GAAc,CAAC;IAC1B,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,IAAU;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAC1D,OAAO,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,EAAE,CAAC;IACjE,CAAC;CACJ,CAAA;AAtFY,0CAAe;AAEd;IADT,IAAA,sBAAM,EAAC,cAAc,CAAC;;+CACD;AAGZ;IADT,IAAA,YAAM,EAAC,WAAW,CAAC;8BACL,SAAG;4CAAC;0BALV,eAAe;IAD3B,IAAA,eAAU,EAAC,iCAAqB,CAAC;;GACrB,eAAe,CAsF3B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"2fa.d.ts","sourceRoot":"","sources":["../../../src/actions/2fa.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAyD,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"2fa.d.ts","sourceRoot":"","sources":["../../../src/actions/2fa.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAyD,MAAM,eAAe,CAAC;AAW5F,wBAAsB,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,oBAOrE;AAED;;;;;;;GAOG;AACH,wBAAsB,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,EAAE,KAAK,EAAE,MAAM,oBA8B9E"}
|
package/lib/cjs/actions/2fa.js
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.auth2Fa = exports.enableUser2Fa = void 0;
|
|
4
4
|
const rbac_1 = require("@spinajs/rbac");
|
|
5
|
+
const http_1 = require("@spinajs/http");
|
|
5
6
|
const configuration_1 = require("@spinajs/configuration");
|
|
6
7
|
const luxon_1 = require("luxon");
|
|
7
8
|
const util_1 = require("@spinajs/util");
|
|
@@ -10,7 +11,7 @@ const User2FaEnabled_js_1 = require("../events/User2FaEnabled.js");
|
|
|
10
11
|
const rbac_http_1 = require("@spinajs/rbac-http");
|
|
11
12
|
async function enableUser2Fa(identifier) {
|
|
12
13
|
return (0, util_1._chain)((0, rbac_1._user_unsafe)(identifier), (u) => {
|
|
13
|
-
return (0, util_1._chain)((0, configuration_1._service)('rbac.twoFactorAuth', rbac_http_1.TwoFactorAuthProvider), async (twoFa) => twoFa.initialize(u), (0, rbac_1._user_ev)(User2FaEnabled_js_1.User2FaEnabled));
|
|
14
|
+
return (0, util_1._chain)((0, configuration_1._service)('rbac.twoFactorAuth', rbac_http_1.TwoFactorAuthProvider), async (twoFa) => twoFa.initialize(u), (0, util_1._tap)((0, rbac_1._user_ev)(User2FaEnabled_js_1.User2FaEnabled)));
|
|
14
15
|
});
|
|
15
16
|
}
|
|
16
17
|
exports.enableUser2Fa = enableUser2Fa;
|
|
@@ -23,9 +24,11 @@ exports.enableUser2Fa = enableUser2Fa;
|
|
|
23
24
|
* @returns
|
|
24
25
|
*/
|
|
25
26
|
async function auth2Fa(identifier, token) {
|
|
26
|
-
token = (0, util_1._check_arg)((0, util_1._trim)(), util_1._non_empty)(token, 'token');
|
|
27
|
+
token = (0, util_1._check_arg)((0, util_1._trim)(), (0, util_1._non_empty)())(token, 'token');
|
|
27
28
|
return (0, util_1._chain)((0, rbac_1._user_unsafe)(identifier), (0, util_1._catch)((u) => {
|
|
28
|
-
return (0, util_1._chain)((0, configuration_1._service)('rbac.twoFactorAuth', rbac_http_1.TwoFactorAuthProvider),
|
|
29
|
+
return (0, util_1._chain)((0, configuration_1._service)('rbac.twoFactorAuth', rbac_http_1.TwoFactorAuthProvider), (0, util_1._either)((twoFa) => twoFa.verifyToken(token, u), () => (0, util_1._chain)(u, (0, rbac_1._user_update)({ LastLoginAt: luxon_1.DateTime.now() }), (0, rbac_1._user_ev)(User2FaPassed_js_1.User2FaPassed)), () => {
|
|
30
|
+
throw new http_1.Unauthorized('2fa check failed');
|
|
31
|
+
}));
|
|
29
32
|
}, (err, u) => {
|
|
30
33
|
return (0, util_1._chain)(() => u,
|
|
31
34
|
// send event of failed login
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"2fa.js","sourceRoot":"","sources":["../../../src/actions/2fa.ts"],"names":[],"mappings":";;;AAAA,wCAA4F;
|
|
1
|
+
{"version":3,"file":"2fa.js","sourceRoot":"","sources":["../../../src/actions/2fa.ts"],"names":[],"mappings":";;;AAAA,wCAA4F;AAC5F,wCAA6C;AAE7C,0DAAkD;AAClD,iCAAiC;AACjC,wCAAmH;AACnH,iEAA2D;AAC3D,mEAA6D;AAC7D,kDAA4D;AAGrD,KAAK,UAAU,aAAa,CAAC,UAAkC;IAClE,OAAO,IAAA,aAAM,EACT,IAAA,mBAAY,EAAC,UAAU,CAAC,EACxB,CAAC,CAAO,EAAE,EAAE;QACR,OAAO,IAAA,aAAM,EAAC,IAAA,wBAAQ,EAAC,oBAAoB,EAAE,iCAAqB,CAAC,EAAE,KAAK,EAAE,KAA4B,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,IAAA,WAAI,EAAC,IAAA,eAAQ,EAAC,kCAAc,CAAC,CAAC,CAAC,CAAC;IACtK,CAAC,CACJ,CAAC;AACN,CAAC;AAPD,sCAOC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,OAAO,CAAC,UAAkC,EAAE,KAAa;IAC3E,KAAK,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,IAAA,iBAAU,GAAE,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAE1D,OAAO,IAAA,aAAM,EACT,IAAA,mBAAY,EAAC,UAAU,CAAC,EACxB,IAAA,aAAM,EACF,CAAC,CAAO,EAAE,EAAE;QACR,OAAO,IAAA,aAAM,EAAC,IAAA,wBAAQ,EAAC,oBAAoB,EAAE,iCAAqB,CAAC,EAAE,IAAA,cAAO,EACxE,CAAC,KAA4B,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,EAC7D,GAAG,EAAE,CAAC,IAAA,aAAM,EAAC,CAAC,EAAE,IAAA,mBAAY,EAAC,EAAE,WAAW,EAAE,gBAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,IAAA,eAAQ,EAAC,gCAAa,CAAC,CAAC,EACvF,GAAG,EAAE;YACD,MAAM,IAAI,mBAAY,CAAC,kBAAkB,CAAC,CAAC;QAC/C,CAAC,CACJ,CAAC,CAAA;IACN,CAAC,EACD,CAAC,GAAG,EAAE,CAAO,EAAE,EAAE;QACb,OAAO,IAAA,aAAM,EACT,GAAG,EAAE,CAAC,CAAC;QAEP,6BAA6B;QAC7B,IAAA,eAAQ,EAAC,sBAAe,EAAE,GAAG,CAAC;QAE9B,2BAA2B;QAC3B,GAAG,EAAE;YACD,MAAM,GAAG,CAAC;QACd,CAAC,CACJ,CAAC;IACN,CAAC,CACJ,CACJ,CAAC;AACN,CAAC;AA9BD,0BA8BC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { Log } from '@spinajs/log';
|
|
2
2
|
import { CliCommand } from '@spinajs/cli';
|
|
3
3
|
import { TwoFactorAuthProvider } from "@spinajs/rbac-http";
|
|
4
|
+
import "../2fa/Default2FaToken.js";
|
|
4
5
|
export declare class EnableUser2Fa extends CliCommand {
|
|
5
6
|
protected Log: Log;
|
|
6
7
|
protected TwoFa: TwoFactorAuthProvider;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"EnableUser2Fa.d.ts","sourceRoot":"","sources":["../../../src/cli/EnableUser2Fa.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAY,UAAU,EAAW,MAAM,cAAc,CAAC;AAE7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAG3D,qBAEa,aAAc,SAAQ,UAAU;IAE3C,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC;IAGnB,SAAS,CAAC,KAAK,EAAE,qBAAqB,CAAC;IAE1B,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAItD"}
|
|
1
|
+
{"version":3,"file":"EnableUser2Fa.d.ts","sourceRoot":"","sources":["../../../src/cli/EnableUser2Fa.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAY,UAAU,EAAW,MAAM,cAAc,CAAC;AAE7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAG3D,OAAO,2BAA2B,CAAC;AAEnC,qBAEa,aAAc,SAAQ,UAAU;IAE3C,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC;IAGnB,SAAS,CAAC,KAAK,EAAE,qBAAqB,CAAC;IAE1B,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAItD"}
|
|
@@ -15,10 +15,11 @@ const cli_1 = require("@spinajs/cli");
|
|
|
15
15
|
const configuration_1 = require("@spinajs/configuration");
|
|
16
16
|
const rbac_http_1 = require("@spinajs/rbac-http");
|
|
17
17
|
const _2fa_js_1 = require("../actions/2fa.js");
|
|
18
|
+
require("../2fa/Default2FaToken.js");
|
|
18
19
|
let EnableUser2Fa = class EnableUser2Fa extends cli_1.CliCommand {
|
|
19
20
|
async execute(idOrUuid) {
|
|
20
|
-
await (0, _2fa_js_1.enableUser2Fa)(idOrUuid);
|
|
21
|
-
this.Log.success(`2fa enabled for user ${idOrUuid}`);
|
|
21
|
+
const result = await (0, _2fa_js_1.enableUser2Fa)(idOrUuid);
|
|
22
|
+
this.Log.success(`2fa enabled for user ${idOrUuid}, otp: ${result}`);
|
|
22
23
|
}
|
|
23
24
|
};
|
|
24
25
|
exports.EnableUser2Fa = EnableUser2Fa;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"EnableUser2Fa.js","sourceRoot":"","sources":["../../../src/cli/EnableUser2Fa.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,sCAA2C;AAC3C,sCAA6D;AAC7D,0DAA2D;AAC3D,kDAA2D;AAC3D,+CAAkD;
|
|
1
|
+
{"version":3,"file":"EnableUser2Fa.js","sourceRoot":"","sources":["../../../src/cli/EnableUser2Fa.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,sCAA2C;AAC3C,sCAA6D;AAC7D,0DAA2D;AAC3D,kDAA2D;AAC3D,+CAAkD;AAElD,qCAAmC;AAI5B,IAAM,aAAa,GAAnB,MAAM,aAAc,SAAQ,gBAAU;IAOpC,KAAK,CAAC,OAAO,CAAC,QAAgB;QACnC,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAa,EAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,wBAAwB,QAAQ,UAAU,MAAM,EAAE,CAAC,CAAC;IACvE,CAAC;CACF,CAAA;AAXY,sCAAa;AAEd;IADT,IAAA,YAAM,EAAC,gBAAgB,CAAC;8BACV,SAAG;0CAAC;AAGT;IADT,IAAA,iCAAiB,EAAC,oBAAoB,CAAC;8BACvB,iCAAqB;4CAAC;wBAL5B,aAAa;IAFzB,IAAA,aAAO,EAAC,sBAAsB,EAAE,6CAA6C,CAAC;IAC9E,IAAA,cAAQ,EAAC,UAAU,EAAE,IAAI,EAAE,oBAAoB,CAAC;GACpC,aAAa,CAWzB"}
|
|
@@ -2,8 +2,7 @@ declare const rbacHttp: {
|
|
|
2
2
|
system: {
|
|
3
3
|
dirs: {
|
|
4
4
|
controllers: string[];
|
|
5
|
-
|
|
6
|
-
views: string[];
|
|
5
|
+
cli: string[];
|
|
7
6
|
};
|
|
8
7
|
};
|
|
9
8
|
rbac: {
|
|
@@ -22,6 +21,7 @@ declare const rbacHttp: {
|
|
|
22
21
|
};
|
|
23
22
|
twoFactorAuth: {
|
|
24
23
|
enabled: boolean;
|
|
24
|
+
forceUser: boolean;
|
|
25
25
|
service: string;
|
|
26
26
|
};
|
|
27
27
|
fingerprint: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rbac-http.d.ts","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":"AAQA,QAAA,MAAM,QAAQ
|
|
1
|
+
{"version":3,"file":"rbac-http.d.ts","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":"AAQA,QAAA,MAAM,QAAQ;;;;;;;;;YASR;;eAEG;;YAGH;;eAEG;;;;;;;;;;;;;;;;;;;;;;;YAyBH;;eAEG;;;QAGL;;WAEG;;;;CAQN,CAAC;AAEF,eAAe,QAAQ,CAAC"}
|
|
@@ -9,8 +9,7 @@ const rbacHttp = {
|
|
|
9
9
|
system: {
|
|
10
10
|
dirs: {
|
|
11
11
|
controllers: [dir('controllers')],
|
|
12
|
-
|
|
13
|
-
views: [dir('views')],
|
|
12
|
+
cli: [dir('cli')]
|
|
14
13
|
},
|
|
15
14
|
},
|
|
16
15
|
rbac: {
|
|
@@ -29,6 +28,7 @@ const rbacHttp = {
|
|
|
29
28
|
},
|
|
30
29
|
twoFactorAuth: {
|
|
31
30
|
enabled: true,
|
|
31
|
+
forceUser: false,
|
|
32
32
|
service: 'Default2FaToken',
|
|
33
33
|
},
|
|
34
34
|
fingerprint: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rbac-http.js","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":";;AAAA,+BAAgD;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC;IACjD,OAAO,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,gBAAgB,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACxI,CAAC;AAGD,MAAM,QAAQ,GAAG;IACf,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,WAAW,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACjC,
|
|
1
|
+
{"version":3,"file":"rbac-http.js","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":";;AAAA,+BAAgD;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC;IACjD,OAAO,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,gBAAgB,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACxI,CAAC;AAGD,MAAM,QAAQ,GAAG;IACf,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,WAAW,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACjC,GAAG,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;SAClB;KACF;IACD,IAAI,EAAE;QACJ,OAAO,EAAE;YACP;;eAEG;YACH,MAAM,EAAE,SAAS;YAEjB;;eAEG;YACH,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,CAAC;YACT,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,CAAC;SACV;QACD,aAAa,EAAE;YACb,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,KAAK;YAChB,OAAO,EAAE,iBAAiB;SAC3B;QACD,WAAW,EAAE;YACX,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,eAAe;SACzB;QACD,OAAO,EAAC;YACN,MAAM,EAAE;gBACN,QAAQ,EAAE,KAAK;aAChB;SACF;QACD,QAAQ,EAAE;YACR,sCAAsC;YACtC,QAAQ,EAAE,EAAE;YAEZ;;eAEG;YACH,kBAAkB,EAAE,CAAC;SACtB;QACD;;WAEG;QACH,cAAc,EAAE,KAAK;KACtB;IACD,IAAI,EAAE;IACJ,iBAAiB;IACjB,+CAA+C;IAC/C,KAAK;KACN;CACF,CAAC;AAEF,kBAAe,QAAQ,CAAC"}
|
|
@@ -9,6 +9,7 @@ export declare class LoginController extends BaseController {
|
|
|
9
9
|
protected SessionProvider: SessionProvider;
|
|
10
10
|
protected SessionExpirationTime: number;
|
|
11
11
|
protected TwoFactorAuthEnabled: boolean;
|
|
12
|
+
protected TwoFactorAuthForceUser: boolean;
|
|
12
13
|
protected SessionCookieConfig: any;
|
|
13
14
|
protected AC: AccessControl;
|
|
14
15
|
login(credentials: UserLoginDto): Promise<Ok | Unauthorized>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"LoginController.d.ts","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAwB,EAAE,EAAe,YAAY,EAAU,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,
|
|
1
|
+
{"version":3,"file":"LoginController.d.ts","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAwB,EAAE,EAAe,YAAY,EAAU,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAsB,aAAa,EAAiB,MAAM,eAAe,CAAC;AAEhH,OAAO,EAA6B,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAGlF,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,qBACa,eAAgB,SAAQ,cAAc;IAEjD,SAAS,CAAC,aAAa,EAAE,aAAa,CAAC;IAGvC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC;IAGrC,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAK3C,SAAS,CAAC,qBAAqB,EAAE,MAAM,CAAC;IAKxC,SAAS,CAAC,oBAAoB,EAAE,OAAO,CAAC;IAMxC,SAAS,CAAC,sBAAsB,EAAE,OAAO,CAAC;IAG1C,SAAS,CAAC,mBAAmB,EAAE,GAAG,CAAC;IAGnC,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAIf,KAAK,CAAS,WAAW,EAAE,YAAY;IAsGvC,MAAM,CAAW,IAAI,EAAE,MAAM;IA4B7B,MAAM,CAAiB,IAAI,EAAE,IAAI;CAK/C"}
|
|
@@ -23,7 +23,7 @@ const rbac_2 = require("@spinajs/rbac");
|
|
|
23
23
|
let LoginController = class LoginController extends http_1.BaseController {
|
|
24
24
|
async login(credentials) {
|
|
25
25
|
try {
|
|
26
|
-
const user = await (0, rbac_1.
|
|
26
|
+
const user = await (0, rbac_1.login)(credentials.Email, credentials.Password);
|
|
27
27
|
const session = new rbac_1.UserSession();
|
|
28
28
|
const coockies = [
|
|
29
29
|
{
|
|
@@ -40,35 +40,52 @@ let LoginController = class LoginController extends http_1.BaseController {
|
|
|
40
40
|
},
|
|
41
41
|
},
|
|
42
42
|
];
|
|
43
|
+
let result = {};
|
|
43
44
|
session.Data.set('User', user.Uuid);
|
|
45
|
+
// we have two states for user
|
|
46
|
+
// LOGGED - when user use proper login/password and session is created
|
|
47
|
+
// AUTHORIZED - when user is atuhenticated eg. by 2fa check. If 2fa is disabled
|
|
48
|
+
// user is automatically authorized at login
|
|
49
|
+
session.Data.set('Logged', true);
|
|
44
50
|
// set expiration time ( default val in config )
|
|
45
51
|
session.extend();
|
|
46
|
-
|
|
47
|
-
|
|
52
|
+
if (this.TwoFactorAuthForceUser && !user.Metadata['2fa:enabled']) {
|
|
53
|
+
this._log.trace('User logged in, 2fa init required', {
|
|
54
|
+
Uuid: user.Uuid
|
|
55
|
+
});
|
|
56
|
+
session.Data.set('Authorized', false);
|
|
57
|
+
session.Data.set('TwoFactorAuth', true);
|
|
58
|
+
result = {
|
|
59
|
+
TwoFactorInitRequired: true,
|
|
60
|
+
};
|
|
61
|
+
}
|
|
62
|
+
else if (this.TwoFactorAuthEnabled && user.Metadata['2fa:enabled']) {
|
|
48
63
|
this._log.trace('User logged in, 2fa required', {
|
|
49
64
|
Uuid: user.Uuid
|
|
50
65
|
});
|
|
51
66
|
session.Data.set('Authorized', false);
|
|
52
67
|
session.Data.set('TwoFactorAuth', true);
|
|
53
|
-
|
|
68
|
+
result = {
|
|
54
69
|
TwoFactorAuthRequired: true,
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
70
|
+
};
|
|
71
|
+
}
|
|
72
|
+
else {
|
|
73
|
+
session.Data.set('Authorized', true);
|
|
74
|
+
const grants = this.AC.getGrants();
|
|
75
|
+
const userGrants = user.Role.map(r => (0, rbac_1._unwindGrants)(r, grants));
|
|
76
|
+
const combinedGrants = Object.assign({}, ...userGrants);
|
|
77
|
+
result = {
|
|
78
|
+
...user.dehydrateWithRelations({
|
|
79
|
+
dateTimeFormat: "iso"
|
|
80
|
+
}),
|
|
81
|
+
Grants: combinedGrants,
|
|
82
|
+
};
|
|
59
83
|
}
|
|
60
84
|
this._log.trace('User logged in, no 2fa required', {
|
|
61
85
|
Uuid: user.Uuid
|
|
62
86
|
});
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
const combinedGrants = Object.assign({}, ...userGrants);
|
|
66
|
-
return new http_1.Ok({
|
|
67
|
-
...user.dehydrateWithRelations({
|
|
68
|
-
dateTimeFormat: "iso"
|
|
69
|
-
}),
|
|
70
|
-
Grants: combinedGrants,
|
|
71
|
-
}, {
|
|
87
|
+
await this.SessionProvider.save(session);
|
|
88
|
+
return new http_1.Ok(result, {
|
|
72
89
|
Coockies: coockies
|
|
73
90
|
});
|
|
74
91
|
}
|
|
@@ -134,6 +151,12 @@ __decorate([
|
|
|
134
151
|
}),
|
|
135
152
|
__metadata("design:type", Boolean)
|
|
136
153
|
], LoginController.prototype, "TwoFactorAuthEnabled", void 0);
|
|
154
|
+
__decorate([
|
|
155
|
+
(0, configuration_1.Config)('rbac.twoFactorAuth.forceUser', {
|
|
156
|
+
defaultValue: false,
|
|
157
|
+
}),
|
|
158
|
+
__metadata("design:type", Boolean)
|
|
159
|
+
], LoginController.prototype, "TwoFactorAuthForceUser", void 0);
|
|
137
160
|
__decorate([
|
|
138
161
|
(0, configuration_1.Config)('rbac.session.cookie', {}),
|
|
139
162
|
__metadata("design:type", Object)
|
|
@@ -144,7 +167,7 @@ __decorate([
|
|
|
144
167
|
], LoginController.prototype, "AC", void 0);
|
|
145
168
|
__decorate([
|
|
146
169
|
(0, http_1.Post)(),
|
|
147
|
-
(0, http_1.Policy)(rbac_http_1.
|
|
170
|
+
(0, http_1.Policy)(rbac_http_1.NotAuthorizedPolicy),
|
|
148
171
|
__param(0, (0, http_1.Body)()),
|
|
149
172
|
__metadata("design:type", Function),
|
|
150
173
|
__metadata("design:paramtypes", [userLogin_dto_js_1.UserLoginDto]),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"LoginController.js","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8DAAuD;AACvD,wCAA4G;AAC5G,
|
|
1
|
+
{"version":3,"file":"LoginController.js","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8DAAuD;AACvD,wCAA4G;AAC5G,wCAAgH;AAChH,oCAAyC;AACzC,0DAAkF;AAElF,kDAA6F;AAC7F,wCAAqC;AAE9B,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,qBAAc;IAkCpC,AAAN,KAAK,CAAC,KAAK,CAAS,WAAyB;QAClD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAA,YAAK,EAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YAClE,MAAM,OAAO,GAAG,IAAI,kBAAW,EAAE,CAAC;YAElC,MAAM,QAAQ,GAAG;gBACf;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,OAAO,CAAC,SAAS;oBACxB,OAAO,EAAE;wBACP,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE,IAAI;wBAEd,4BAA4B;wBAC5B,MAAM,EAAE,IAAI,CAAC,qBAAqB,GAAG,IAAI;wBAEzC,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF,CAAC;YACF,IAAI,MAAM,GAAQ,EAAE,CAAC;YAErB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAEpC,8BAA8B;YAC9B,sEAAsE;YACtE,+EAA+E;YAC/E,yDAAyD;YACzD,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAEjC,gDAAgD;YAChD,OAAO,CAAC,MAAM,EAAE,CAAC;YAGjB,IAAI,IAAI,CAAC,sBAAsB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACjE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,mCAAmC,EAAE;oBACnD,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;gBAExC,MAAM,GAAG;oBACP,qBAAqB,EAAE,IAAI;iBAC5B,CAAC;YACJ,CAAC;iBACI,IAAI,IAAI,CAAC,oBAAoB,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBAEnE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,8BAA8B,EAAE;oBAC9C,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;gBAExC,MAAM,GAAG;oBACP,qBAAqB,EAAE,IAAI;iBAC5B,CAAC;YACJ,CAAC;iBAAM,CAAC;gBAEN,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;gBAErC,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;gBACnC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAA,oBAAa,EAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;gBAChE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC;gBAExD,MAAM,GAAG;oBACP,GAAG,IAAI,CAAC,sBAAsB,CAAC;wBAC7B,cAAc,EAAE,KAAK;qBACtB,CAAC;oBACF,MAAM,EAAE,cAAc;iBACvB,CAAC;YACJ,CAAC;YAGD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,iCAAiC,EAAE;gBACjD,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YAGH,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzC,OAAO,IAAI,SAAE,CAAC,MAAM,EAAE;gBACpB,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QAEL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAErB,OAAO,IAAI,mBAAY,CAAC;gBACtB,KAAK,EAAE;oBACL,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,6BAA6B;iBACvC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAIY,AAAN,KAAK,CAAC,MAAM,CAAW,IAAY;QACxC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,SAAE,EAAE,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAExC,gDAAgD;QAChD,OAAO,IAAI,SAAE,CAAC,IAAI,EAAE;YAClB,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE;wBACP,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC;wBAET,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAIY,AAAN,KAAK,CAAC,MAAM,CAAiB,IAAU;QAE5C,kCAAkC;QAClC,OAAO,IAAI,SAAE,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;CACF,CAAA;AAzKY,0CAAe;AAEhB;IADT,IAAA,eAAU,GAAE;8BACY,6BAAa;sDAAC;AAG7B;IADT,IAAA,iCAAiB,EAAC,WAAW,CAAC;8BACP,mBAAY;qDAAC;AAG3B;IADT,IAAA,iCAAiB,EAAC,cAAc,CAAC;8BACP,sBAAe;wDAAC;AAKjC;IAHT,IAAA,sBAAM,EAAC,yBAAyB,EAAE;QACjC,YAAY,EAAE,GAAG;KAClB,CAAC;;8DACsC;AAK9B;IAHT,IAAA,sBAAM,EAAC,4BAA4B,EAAE;QACpC,YAAY,EAAE,KAAK;KACpB,CAAC;;6DACsC;AAM9B;IAHT,IAAA,sBAAM,EAAC,8BAA8B,EAAE;QACtC,YAAY,EAAE,KAAK;KACpB,CAAC;;+DACwC;AAGhC;IADT,IAAA,sBAAM,EAAC,qBAAqB,EAAE,EAAE,CAAC;;4DACC;AAGzB;IADT,IAAA,eAAU,EAAC,oBAAa,CAAC;8BACZ,oBAAa;2CAAC;AAIf;IAFZ,IAAA,WAAI,GAAE;IACN,IAAA,aAAM,EAAC,+BAAmB,CAAC;IACR,WAAA,IAAA,WAAI,GAAE,CAAA;;qCAAc,+BAAY;;4CAkGnD;AAIY;IAFZ,IAAA,UAAG,GAAE;IACL,IAAA,aAAM,EAAC,wBAAY,CAAC;IACA,WAAA,IAAA,aAAM,GAAE,CAAA;;;;6CAwB5B;AAIY;IAFZ,IAAA,UAAG,GAAE;IACL,IAAA,aAAM,EAAC,wBAAY,CAAC;IACA,WAAA,IAAA,gBAAY,GAAE,CAAA;;qCAAO,WAAI;;6CAI7C;0BAxKU,eAAe;IAD3B,IAAA,eAAQ,EAAC,MAAM,CAAC;GACJ,eAAe,CAyK3B"}
|
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import { TokenDto } from './../dto/token-dto.js';
|
|
2
|
-
import { BaseController, Ok,
|
|
3
|
-
import { ISession, SessionProvider, User as UserModel } from '@spinajs/rbac';
|
|
2
|
+
import { BaseController, Ok, ForbiddenResponse } from '@spinajs/http';
|
|
3
|
+
import { ISession, SessionProvider, User as UserModel, AccessControl } from '@spinajs/rbac';
|
|
4
4
|
import { QueueService } from '@spinajs/queue';
|
|
5
5
|
export declare class TwoFactorAuthController extends BaseController {
|
|
6
6
|
protected Queue: QueueService;
|
|
7
7
|
protected SessionProvider: SessionProvider;
|
|
8
|
-
|
|
8
|
+
protected AC: AccessControl;
|
|
9
|
+
enable2fa(user: UserModel): Promise<Ok>;
|
|
10
|
+
verifyToken(logged: UserModel, token: TokenDto, session: ISession): Promise<Ok | ForbiddenResponse>;
|
|
9
11
|
}
|
|
10
12
|
//# sourceMappingURL=TwoFactorAuthController.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TwoFactorAuthController.d.ts","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAY,EAAE,
|
|
1
|
+
{"version":3,"file":"TwoFactorAuthController.d.ts","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAY,EAAE,EAAa,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAC3F,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,IAAI,SAAS,EAAyC,aAAa,EAAE,MAAM,eAAe,CAAC;AAOnI,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAM9C,qBAGa,uBAAwB,SAAQ,cAAc;IAEvD,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC;IAG9B,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAG3C,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAGf,SAAS,CAAS,IAAI,EAAE,SAAS;IAejC,WAAW,CAAS,MAAM,EAAE,SAAS,EAAU,KAAK,EAAE,QAAQ,EAAa,OAAO,EAAE,QAAQ;CAuC5G"}
|
|
@@ -24,7 +24,19 @@ const di_1 = require("@spinajs/di");
|
|
|
24
24
|
const queue_1 = require("@spinajs/queue");
|
|
25
25
|
const rbac_http_2 = require("@spinajs/rbac-http");
|
|
26
26
|
const _2fa_js_1 = require("./../actions/2fa.js");
|
|
27
|
+
const _2fa_js_2 = require("../actions/2fa.js");
|
|
27
28
|
let TwoFactorAuthController = class TwoFactorAuthController extends http_1.BaseController {
|
|
29
|
+
async enable2fa(user) {
|
|
30
|
+
if (user.Metadata['2fa:enabled']) {
|
|
31
|
+
return new http_1.Ok({
|
|
32
|
+
otp: user.Metadata['2fa:otp'],
|
|
33
|
+
});
|
|
34
|
+
}
|
|
35
|
+
const result = await (0, _2fa_js_2.enableUser2Fa)(user);
|
|
36
|
+
return new http_1.Ok({
|
|
37
|
+
otp: result
|
|
38
|
+
});
|
|
39
|
+
}
|
|
28
40
|
async verifyToken(logged, token, session) {
|
|
29
41
|
try {
|
|
30
42
|
await (0, _2fa_js_1.auth2Fa)(logged, token.Token);
|
|
@@ -48,7 +60,7 @@ let TwoFactorAuthController = class TwoFactorAuthController extends http_1.BaseC
|
|
|
48
60
|
}
|
|
49
61
|
catch (err) {
|
|
50
62
|
this._log.error(err);
|
|
51
|
-
return new http_1.
|
|
63
|
+
return new http_1.ForbiddenResponse({
|
|
52
64
|
error: {
|
|
53
65
|
code: 'E_2FA_FAILED',
|
|
54
66
|
message: '2fa check failed',
|
|
@@ -66,6 +78,17 @@ __decorate([
|
|
|
66
78
|
(0, configuration_1.AutoinjectService)('rbac.session'),
|
|
67
79
|
__metadata("design:type", rbac_1.SessionProvider)
|
|
68
80
|
], TwoFactorAuthController.prototype, "SessionProvider", void 0);
|
|
81
|
+
__decorate([
|
|
82
|
+
(0, di_1.Autoinject)(rbac_1.AccessControl),
|
|
83
|
+
__metadata("design:type", rbac_1.AccessControl)
|
|
84
|
+
], TwoFactorAuthController.prototype, "AC", void 0);
|
|
85
|
+
__decorate([
|
|
86
|
+
(0, http_1.Get)('2fa/enable'),
|
|
87
|
+
__param(0, (0, rbac_http_2.User)()),
|
|
88
|
+
__metadata("design:type", Function),
|
|
89
|
+
__metadata("design:paramtypes", [rbac_1.User]),
|
|
90
|
+
__metadata("design:returntype", Promise)
|
|
91
|
+
], TwoFactorAuthController.prototype, "enable2fa", null);
|
|
69
92
|
__decorate([
|
|
70
93
|
(0, http_1.Post)('2fa/verify'),
|
|
71
94
|
__param(0, (0, rbac_http_2.User)()),
|
|
@@ -76,7 +99,8 @@ __decorate([
|
|
|
76
99
|
__metadata("design:returntype", Promise)
|
|
77
100
|
], TwoFactorAuthController.prototype, "verifyToken", null);
|
|
78
101
|
exports.TwoFactorAuthController = TwoFactorAuthController = __decorate([
|
|
79
|
-
(0, http_1.BasePath)('
|
|
80
|
-
(0, http_2.Policy)(_2FaPolicy_js_1.TwoFacRouteEnabled)
|
|
102
|
+
(0, http_1.BasePath)('auth'),
|
|
103
|
+
(0, http_2.Policy)(_2FaPolicy_js_1.TwoFacRouteEnabled),
|
|
104
|
+
(0, http_2.Policy)(rbac_http_2.NotAuthorizedPolicy)
|
|
81
105
|
], TwoFactorAuthController);
|
|
82
106
|
//# sourceMappingURL=TwoFactorAuthController.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TwoFactorAuthController.js","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,wDAAiD;AACjD,
|
|
1
|
+
{"version":3,"file":"TwoFactorAuthController.js","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,wDAAiD;AACjD,wCAA2F;AAC3F,wCAAmI;AACnI,kDAA6C;AAC7C,wCAA6C;AAE7C,4DAA8D;AAC9D,0DAAqE;AACrE,oCAAyC;AACzC,0CAA8C;AAE9C,kDAAgE;AAChE,iDAA8C;AAC9C,+CAAkD;AAK3C,IAAM,uBAAuB,GAA7B,MAAM,uBAAwB,SAAQ,qBAAc;IAW1C,AAAN,KAAK,CAAC,SAAS,CAAS,IAAe;QAE1C,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,SAAE,CAAC;gBACV,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;aAChC,CAAC,CAAC;QACP,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAa,EAAC,IAAI,CAAC,CAAC;QACzC,OAAO,IAAI,SAAE,CAAC;YACV,GAAG,EAAE,MAAM;SACd,CAAC,CAAC;IACP,CAAC;IAGY,AAAN,KAAK,CAAC,WAAW,CAAS,MAAiB,EAAU,KAAe,EAAa,OAAiB;QAErG,IAAI,CAAC;YACD,MAAM,IAAA,iBAAO,EAAC,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAEnC,mCAAmC;YACnC,4CAA4C;YAC5C,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;YACrC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YACrC,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gCAAgC,EAAE;gBAC9C,IAAI,EAAE,MAAM,CAAC,IAAI;aACpB,CAAC,CAAC;YAGH,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAA,oBAAa,EAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;YAClE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC;YAGxD,OAAO,IAAI,SAAE,CAAC;gBACV,GAAG,MAAM,CAAC,sBAAsB,CAAC;oBAC7B,cAAc,EAAE,KAAK;iBACxB,CAAC;gBACF,MAAM,EAAE,cAAc;aACzB,CAAC,CAAC;QACP,CAAC;QACD,OAAO,GAAG,EAAE,CAAC;YACT,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAErB,OAAO,IAAI,wBAAiB,CAAC;gBACzB,KAAK,EAAE;oBACH,IAAI,EAAE,cAAc;oBACpB,OAAO,EAAE,kBAAkB;iBAC9B;aACJ,CAAC,CAAC;QACP,CAAC;IACL,CAAC;CACJ,CAAA;AAjEY,0DAAuB;AAEtB;IADT,IAAA,eAAU,EAAC,oBAAY,CAAC;8BACR,oBAAY;sDAAC;AAGpB;IADT,IAAA,iCAAiB,EAAC,cAAc,CAAC;8BACP,sBAAe;gEAAC;AAGjC;IADT,IAAA,eAAU,EAAC,oBAAa,CAAC;8BACZ,oBAAa;mDAAC;AAGf;IADZ,IAAA,UAAG,EAAC,YAAY,CAAC;IACM,WAAA,IAAA,gBAAI,GAAE,CAAA;;qCAAO,WAAS;;wDAY7C;AAGY;IADZ,IAAA,WAAI,EAAC,YAAY,CAAC;IACO,WAAA,IAAA,gBAAI,GAAE,CAAA;IAAqB,WAAA,IAAA,WAAI,GAAE,CAAA;IAAmB,WAAA,IAAA,mBAAO,GAAE,CAAA;;qCAA9C,WAAS,EAAiB,uBAAQ;;0DAsC1E;kCAhEQ,uBAAuB;IAHnC,IAAA,eAAQ,EAAC,MAAM,CAAC;IAChB,IAAA,aAAM,EAAC,kCAAkB,CAAC;IAC1B,IAAA,aAAM,EAAC,+BAAmB,CAAC;GACf,uBAAuB,CAiEnC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"UserController.d.ts","sourceRoot":"","sources":["../../../src/controllers/UserController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,gBAAgB,EAAE,eAAe,EAAgD,aAAa,EAAE,MAAM,eAAe,CAAC;AAClJ,OAAO,EAAE,cAAc,EAAiB,EAAE,EAA+B,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"UserController.d.ts","sourceRoot":"","sources":["../../../src/controllers/UserController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,gBAAgB,EAAE,eAAe,EAAgD,aAAa,EAAE,MAAM,eAAe,CAAC;AAClJ,OAAO,EAAE,cAAc,EAAiB,EAAE,EAA+B,MAAM,eAAe,CAAC;AAW/F,qBAGa,cAAe,SAAQ,cAAc;IAEhD,SAAS,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;IAG7C,SAAS,CAAC,aAAa,EAAE,MAAM,CAAC;IAGhC,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAG3C,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAIf,OAAO,CAAS,IAAI,EAAE,SAAS,EAAY,IAAI,EAAE,MAAM;IAmBvD,SAAS,CAAS,IAAI,EAAE,SAAS;IAYjC,WAAW,CAAS,IAAI,EAAE,SAAS,EAAU,GAAG,EAAE,WAAW;CAkB3E"}
|
|
@@ -121,6 +121,6 @@ __decorate([
|
|
|
121
121
|
exports.UserController = UserController = __decorate([
|
|
122
122
|
(0, http_1.BasePath)('user'),
|
|
123
123
|
(0, rbac_http_1.Resource)('user'),
|
|
124
|
-
(0, http_1.Policy)(rbac_http_1.
|
|
124
|
+
(0, http_1.Policy)(rbac_http_1.AuthorizedPolicy)
|
|
125
125
|
], UserController);
|
|
126
126
|
//# sourceMappingURL=UserController.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"UserController.js","sourceRoot":"","sources":["../../../src/controllers/UserController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,4DAAqD;AACrD,wCAAkJ;AAClJ,wCAA+F;AAC/F,oDAAsD;AACtD,oCAAyC;AACzC,0DAAgD;AAChD,qDAAuC;AAEvC,
|
|
1
|
+
{"version":3,"file":"UserController.js","sourceRoot":"","sources":["../../../src/controllers/UserController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,4DAAqD;AACrD,wCAAkJ;AAClJ,wCAA+F;AAC/F,oDAAsD;AACtD,oCAAyC;AACzC,0DAAgD;AAChD,qDAAuC;AAEvC,kDAAkF;AAClF,wCAAgD;AAOzC,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,qBAAc;IAenC,AAAN,KAAK,CAAC,OAAO,CAAS,IAAe,EAAY,IAAY;QAClE,wBAAwB;QACxB,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAE/B,+BAA+B;QAC/B,MAAM,GAAG,GAAmB,EAAE,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAChE,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxD,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,OAAO,IAAI,SAAE,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAClC,CAAC;IAIY,AAAN,KAAK,CAAC,SAAS,CAAS,IAAe;QAE5C,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAA,oBAAa,EAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;QAChE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC;QAExD,OAAO,IAAI,SAAE,CAAC,cAAc,CAAC,CAAC;IAChC,CAAC;IAKY,AAAN,KAAK,CAAC,WAAW,CAAS,IAAe,EAAU,GAAgB;QACxE,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,eAAe,EAAE,CAAC;YACzC,MAAM,IAAI,4BAAe,CAAC,yBAAyB,CAAC,CAAC;QACvD,CAAC;QAGD,OAAO,IAAI,SAAE,CACX,IAAA,aAAM,EACJ,IAAI,EACJ,IAAA,cAAO,EACL,IAAA,oBAAa,EAAC,GAAG,CAAC,WAAW,CAAC,EAC9B,IAAA,qBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAC5B,GAAG,EAAE;YACH,MAAM,IAAI,4BAAe,CAAC,2BAA2B,CAAC,CAAC;QACzD,CAAC,CAAC,CACL,CACF,CAAC;IACJ,CAAC;CACF,CAAA;AAhEY,wCAAc;AAEf;IADT,IAAA,eAAU,GAAE;8BACe,uBAAgB;wDAAC;AAGnC;IADT,IAAA,sBAAM,EAAC,oBAAoB,CAAC;;qDACG;AAGtB;IADT,IAAA,eAAU,GAAE;8BACc,sBAAe;uDAAC;AAGjC;IADT,IAAA,eAAU,EAAC,oBAAa,CAAC;8BACZ,oBAAa;0CAAC;AAIf;IAFZ,IAAA,UAAG,GAAE;IACL,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IACF,WAAA,IAAA,gBAAI,GAAE,CAAA;IAAmB,WAAA,IAAA,aAAM,GAAE,CAAA;;qCAApB,WAAS;;6CAe3C;AAIY;IAFZ,IAAA,UAAG,EAAC,QAAQ,CAAC;IACb,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IACA,WAAA,IAAA,gBAAI,GAAE,CAAA;;qCAAO,WAAS;;+CAO7C;AAKY;IAFZ,IAAA,YAAK,EAAC,UAAU,CAAC;IACjB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IACA,WAAA,IAAA,gBAAI,GAAE,CAAA;IAAmB,WAAA,IAAA,WAAI,GAAE,CAAA;;qCAAlB,WAAS,EAAe,6BAAW;;iDAiBzE;yBA/DU,cAAc;IAH1B,IAAA,eAAQ,EAAC,MAAM,CAAC;IAChB,IAAA,oBAAQ,EAAC,MAAM,CAAC;IAChB,IAAA,aAAM,EAAC,4BAAgB,CAAC;GACZ,cAAc,CAgE1B"}
|
|
@@ -197,6 +197,6 @@ __decorate([
|
|
|
197
197
|
exports.UserMetadataController = UserMetadataController = __decorate([
|
|
198
198
|
(0, http_1.BasePath)('user'),
|
|
199
199
|
(0, rbac_http_1.Resource)('user.metadata'),
|
|
200
|
-
(0, http_1.Policy)(rbac_http_1.
|
|
200
|
+
(0, http_1.Policy)(rbac_http_1.AuthorizedPolicy)
|
|
201
201
|
], UserMetadataController);
|
|
202
202
|
//# sourceMappingURL=UserMetadataController.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"UserMetadataController.js","sourceRoot":"","sources":["../../../src/controllers/UserMetadataController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,wCAAgH;AAChH,wCAAgE;AAChE,
|
|
1
|
+
{"version":3,"file":"UserMetadataController.js","sourceRoot":"","sources":["../../../src/controllers/UserMetadataController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,wCAAgH;AAChH,wCAAgE;AAChE,kDAA4E;AAC5E,gDAAiG;AACjG,4DAAyD;AACzD,sCAA0D;AAC1D,mFAA6E;AAKtE,IAAM,sBAAsB,GAA5B,MAAM,sBAAuB,SAAQ,qBAAc;IAGtD;;OAEG;IAIU,AAAN,KAAK,CAAC,YAAY,CACc,IAAe,EACzC,UAA0B,EAC1B,KAAgB,EAEzB,MAAkB;QAElB,OAAO,IAAI,SAAE,CAAC,kDAAsB,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC;YAChD,OAAO,EAAE,IAAI,CAAC,EAAE;SACnB,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;aACZ,IAAI,CAAC,UAAU,EAAE,KAAK,IAAI,SAAS,CAAC;aACpC,IAAI,CAAC,UAAU,EAAE,KAAK,GAAG,UAAU,EAAE,IAAI,IAAI,CAAC,CAAC;aAC/C,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,IAAI,EAAE,KAAK,EAAE,KAAK,IAAI,eAAS,CAAC,IAAI,CAAC,CAChE,CAAC;IACN,CAAC;IAKY,AAAN,KAAK,CAAC,WAAW,CACe,IAAe,EACzC,GAAW;QACpB,OAAO,IAAI,SAAE,CAAC,mBAAY,CAAC,KAAK,CAAC;YAC7B,GAAG,EAAE,GAAG;YACR,OAAO,EAAE,IAAI,CAAC,EAAE;SACnB,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACtB,CAAC;IAIY,AAAN,KAAK,CAAC,eAAe,CACW,IAAe,EACvC,QAAsB;QAEjC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,QAAQ,CAAC,MAAM,CAAC,qBAAe,CAAC,cAAc,CAAC,CAAC;QACtD,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAIY,AAAN,KAAK,CAAC,kBAAkB,CAOxB,IAAkB,EACc,KAAgB,EAC3C,IAAqB;QAC7B,MAAM,IAAI,CAAC,MAAM,CAAC;YACd,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;SAClB,CAAC,CAAA;QAEF,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAIY,AAAN,KAAK,CAAC,kBAAkB,CACQ,IAAe,EACzC,IAAY;QACrB,MAAM,mBAAY,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC;YAC/B,EAAE,EAAE,IAAI;YACR,OAAO,EAAE,IAAI,CAAC,EAAE;SACnB,CAAC,CAAC;QAEH,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAID;;OAEG;IAMU,AAAN,KAAK,CAAC,QAAQ,CACR,UAA0B,EAC1B,KAAgB,EAEzB,MAAkB;QAElB,OAAO,IAAI,SAAE,CAAC,kDAAsB,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;aACvD,IAAI,CAAC,UAAU,EAAE,KAAK,IAAI,SAAS,CAAC;aACpC,IAAI,CAAC,UAAU,EAAE,KAAK,GAAG,UAAU,EAAE,IAAI,IAAI,CAAC,CAAC;aAC/C,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,IAAI,EAAE,KAAK,EAAE,KAAK,IAAI,eAAS,CAAC,IAAI,CAAC,CAChE,CAAC;IACN,CAAC;IAIY,AAAN,KAAK,CAAC,OAAO,CAAU,GAAW;QACrC,OAAO,IAAI,SAAE,CAAC,mBAAY,CAAC,KAAK,CAAC;YAC7B,GAAG,EAAE,GAAG;SACX,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACtB,CAAC;IAIY,AAAN,KAAK,CAAC,WAAW,CAAY,QAAsB;QACtD,MAAM,QAAQ,CAAC,MAAM,CAAC,qBAAe,CAAC,cAAc,CAAC,CAAC;IAC1D,CAAC;IAIY,AAAN,KAAK,CAAC,cAAc,CAAU,IAAY,EAAU,IAAqB;QAC5E,MAAM,mBAAY,CAAC,MAAM,CAAC;YACtB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;SAClB,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAE1C,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;IAIY,AAAN,KAAK,CAAC,cAAc,CAAU,IAAY;QAC7C,MAAM,mBAAY,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC;YAC/B,EAAE,EAAE,IAAI;SACX,CAAC,CAAC;QAEH,OAAO,IAAI,SAAE,EAAE,CAAC;IACpB,CAAC;CACJ,CAAA;AA5IY,wDAAsB;AASlB;IAFZ,IAAA,UAAG,EAAC,gBAAgB,CAAC;IACrB,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IAEnB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,iBAAM,EAAC,kDAAsB,CAAC,CAAA;;qCAHU,WAAS;QAC5B,wBAAa;QAClB,mBAAQ;;0DAW5B;AAKY;IAFZ,IAAA,UAAG,EAAC,qBAAqB,CAAC;IAC1B,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IAEnB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,YAAK,GAAE,CAAA;;qCADiC,WAAS;;yDAMrD;AAIY;IAFZ,IAAA,WAAI,EAAC,gBAAgB,CAAC;IACtB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IAErB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,kBAAO,GAAE,CAAA;;qCAD+B,WAAS;QAC7B,mBAAY;;6DAKpC;AAIY;IAFZ,IAAA,YAAK,EAAC,uBAAuB,CAAC;IAC9B,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IAErB,WAAA,IAAA,oBAAS,EAAC;QACP,KAAK,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,IAAI;YAC7B,OAAO,IAAI,CAAC,KAAK,CAAC;gBACd,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;YAC/C,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAA;QACnC,CAAC,CAAC;KACL,CAAC,CAAA;IACD,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,WAAI,GAAE,CAAA;;qCAFE,mBAAY;QACqB,WAAS;QACrC,iCAAe;;gEAQhC;AAIY;IAFZ,IAAA,UAAG,EAAC,sBAAsB,CAAC;IAC3B,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IAErB,WAAA,IAAA,oBAAS,EAAC,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAA;IACjC,WAAA,IAAA,YAAK,GAAE,CAAA;;qCADiC,WAAS;;gEAQrD;AAYY;IAFZ,IAAA,UAAG,EAAC,UAAU,CAAC;IACf,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IAEnB,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,YAAK,GAAE,CAAA;IACP,WAAA,IAAA,iBAAM,EAAC,kDAAsB,CAAC,CAAA;;qCAFT,wBAAa;QAClB,mBAAQ;;sDAS5B;AAIY;IAFZ,IAAA,UAAG,EAAC,eAAe,CAAC;IACpB,IAAA,sBAAU,EAAC,CAAC,SAAS,CAAC,CAAC;IACF,WAAA,IAAA,YAAK,GAAE,CAAA;;;;qDAI5B;AAIY;IAFZ,IAAA,WAAI,EAAC,UAAU,CAAC;IAChB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IACA,WAAA,IAAA,kBAAO,GAAE,CAAA;;qCAAW,mBAAY;;yDAEzD;AAIY;IAFZ,IAAA,YAAK,EAAC,gBAAgB,CAAC;IACvB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IACG,WAAA,IAAA,YAAK,GAAE,CAAA;IAAgB,WAAA,IAAA,WAAI,GAAE,CAAA;;6CAAO,iCAAe;;4DAQ/E;AAIY;IAFZ,IAAA,UAAG,EAAC,gBAAgB,CAAC;IACrB,IAAA,sBAAU,EAAC,CAAC,WAAW,CAAC,CAAC;IACG,WAAA,IAAA,YAAK,GAAE,CAAA;;;;4DAMnC;iCA3IQ,sBAAsB;IAHlC,IAAA,eAAQ,EAAC,MAAM,CAAC;IAChB,IAAA,oBAAQ,EAAC,eAAe,CAAC;IACzB,IAAA,aAAM,EAAC,4BAAgB,CAAC;GACZ,sBAAsB,CA4IlC"}
|
package/lib/cjs/index.d.ts
CHANGED
|
@@ -1,4 +1,7 @@
|
|
|
1
1
|
export * from './controllers/LoginController.js';
|
|
2
2
|
export * from './controllers/UserController.js';
|
|
3
3
|
export * from './controllers/UserMetadataController.js';
|
|
4
|
+
export * from "./controllers/TwoFactorAuthController.js";
|
|
5
|
+
export * from "./cli/EnableUser2Fa.js";
|
|
6
|
+
export * from "./2fa/Default2FaToken.js";
|
|
4
7
|
//# sourceMappingURL=index.d.ts.map
|
package/lib/cjs/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,kCAAkC,CAAC;AACjD,cAAc,iCAAiC,CAAC;AAChD,cAAc,yCAAyC,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,kCAAkC,CAAC;AACjD,cAAc,iCAAiC,CAAC;AAChD,cAAc,yCAAyC,CAAC;AACxD,cAAc,0CAA0C,CAAC;AAEzD,cAAc,wBAAwB,CAAC;AACvC,cAAc,0BAA0B,CAAC"}
|
package/lib/cjs/index.js
CHANGED
|
@@ -17,6 +17,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
17
17
|
__exportStar(require("./controllers/LoginController.js"), exports);
|
|
18
18
|
__exportStar(require("./controllers/UserController.js"), exports);
|
|
19
19
|
__exportStar(require("./controllers/UserMetadataController.js"), exports);
|
|
20
|
+
__exportStar(require("./controllers/TwoFactorAuthController.js"), exports);
|
|
21
|
+
__exportStar(require("./cli/EnableUser2Fa.js"), exports);
|
|
22
|
+
__exportStar(require("./2fa/Default2FaToken.js"), exports);
|
|
20
23
|
// export * from './2fa/SpeakEasy2FaToken.js';
|
|
21
24
|
// export * from "./fingerprint/FingerprintJs.js";
|
|
22
25
|
//# sourceMappingURL=index.js.map
|
package/lib/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mEAAiD;AACjD,kEAAgD;AAChD,0EAAwD;AACxD,8CAA8C;AAC9C,kDAAkD"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mEAAiD;AACjD,kEAAgD;AAChD,0EAAwD;AACxD,2EAAyD;AAEzD,yDAAuC;AACvC,2DAAyC;AACzC,8CAA8C;AAC9C,kDAAkD"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"2FaPolicy.d.ts","sourceRoot":"","sources":["../../../src/policies/2FaPolicy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"2FaPolicy.d.ts","sourceRoot":"","sources":["../../../src/policies/2FaPolicy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,eAAe,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAIzD,qBAAa,kBAAmB,SAAQ,UAAU;IAEhD,SAAS,CAAC,eAAe,EAAE,mBAAmB,CAAC;IAExC,SAAS,IAAI,OAAO;IAGpB,OAAO,CAAC,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;CAgB7C"}
|
|
@@ -25,8 +25,8 @@ class TwoFacRouteEnabled extends http_1.BasePolicy {
|
|
|
25
25
|
/**
|
|
26
26
|
* Check only if user passed login page and waiting for TwoFactorAuth
|
|
27
27
|
*/
|
|
28
|
-
if (!req.storage
|
|
29
|
-
throw new exceptions_2.
|
|
28
|
+
if (!req.storage.Session?.Data.get('TwoFactorAuth')) {
|
|
29
|
+
throw new exceptions_2.Forbidden('user does not have 2fa enabled');
|
|
30
30
|
}
|
|
31
31
|
return Promise.resolve();
|
|
32
32
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"2FaPolicy.js","sourceRoot":"","sources":["../../../src/policies/2FaPolicy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAuD;AACvD,0DAAgD;AAChD,wCAAgE;AAEhE,
|
|
1
|
+
{"version":3,"file":"2FaPolicy.js","sourceRoot":"","sources":["../../../src/policies/2FaPolicy.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAuD;AACvD,0DAAgD;AAChD,wCAAgE;AAEhE,oDAAgD;AAGhD,MAAa,kBAAmB,SAAQ,iBAAU;IAIzC,SAAS;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IACM,OAAO,CAAC,GAAa;QAC1B,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;YAC3C,MAAM,IAAI,6BAAgB,CAAC,8BAA8B,CAAC,CAAC;QAC7D,CAAC;QAGD;;WAEG;QACH,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,sBAAS,CAAC,gCAAgC,CAAC,CAAC;QACxD,CAAC;QAGD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;CACF;AAvBD,gDAuBC;AArBW;IADT,IAAA,sBAAM,EAAC,oBAAoB,CAAC;;2DACkB"}
|
|
@@ -3,7 +3,8 @@ import { Log } from '@spinajs/log';
|
|
|
3
3
|
import { TwoFactorAuthProvider } from "@spinajs/rbac-http";
|
|
4
4
|
export declare enum TWO_FA_METATADATA_KEYS {
|
|
5
5
|
TOKEN = "2fa:token",
|
|
6
|
-
ENABLED = "2fa:enabled"
|
|
6
|
+
ENABLED = "2fa:enabled",
|
|
7
|
+
OTP = "2fa:otp"
|
|
7
8
|
}
|
|
8
9
|
export declare class Default2FaToken extends TwoFactorAuthProvider {
|
|
9
10
|
protected Config: any;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Default2FaToken.d.ts","sourceRoot":"","sources":["../../../src/2fa/Default2FaToken.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAErC,OAAO,EAAE,GAAG,EAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"Default2FaToken.d.ts","sourceRoot":"","sources":["../../../src/2fa/Default2FaToken.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAErC,OAAO,EAAE,GAAG,EAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAI3D,oBAAY,sBAAsB;IAC9B,KAAK,cAAc;IACnB,OAAO,gBAAgB;IACvB,GAAG,YAAY;CAClB;AAED,qBACa,eAAgB,SAAQ,qBAAqB;IAEtD,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC;IAGtB,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC;;IAMnB,OAAO,CAAC,OAAO;IAYR,OAAO,CAAC,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAMzB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAgBxD,UAAU,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC;IAoBpC,aAAa,CAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAYlD,SAAS,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAKvC,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;CAI3D"}
|