npm - @strapi/admin - Versions diffs - 5.23.6 → 5.24.0 - Mend

@strapi/admin 5.23.6 → 5.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

package/dist/server/server/src/content-types/session.js ADDED Viewed

@@ -0,0 +1,91 @@
+'use strict';
+var session = {
+    collectionName: 'strapi_sessions',
+    info: {
+        name: 'Session',
+        description: 'Session Manager storage',
+        singularName: 'session',
+        pluralName: 'sessions',
+        displayName: 'Session'
+    },
+    options: {
+        draftAndPublish: false
+    },
+    pluginOptions: {
+        'content-manager': {
+            visible: false
+        },
+        'content-type-builder': {
+            visible: false
+        },
+        i18n: {
+            localized: false
+        }
+    },
+    attributes: {
+        userId: {
+            type: 'string',
+            required: true,
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        sessionId: {
+            type: 'string',
+            unique: true,
+            required: true,
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        childId: {
+            type: 'string',
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        deviceId: {
+            type: 'string',
+            required: true,
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        origin: {
+            type: 'string',
+            required: true,
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        expiresAt: {
+            type: 'datetime',
+            required: true,
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        absoluteExpiresAt: {
+            type: 'datetime',
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        status: {
+            type: 'string',
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        type: {
+            type: 'string',
+            configurable: false,
+            private: true,
+            searchable: false
+        }
+    }
+};
+module.exports = session;
+//# sourceMappingURL=session.js.map

package/dist/server/server/src/content-types/session.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session.js","sources":["../../../../../server/src/content-types/session.ts"],"sourcesContent":["export default {\n collectionName: 'strapi_sessions',\n info: {\n name: 'Session',\n description: 'Session Manager storage',\n singularName: 'session',\n pluralName: 'sessions',\n displayName: 'Session',\n },\n options: {\n draftAndPublish: false,\n },\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n i18n: {\n localized: false,\n },\n },\n attributes: {\n userId: {\n type: 'string',\n required: true,\n configurable: false,\n private: true,\n searchable: false,\n },\n sessionId: {\n type: 'string',\n unique: true,\n required: true,\n configurable: false,\n private: true,\n searchable: false,\n },\n childId: {\n type: 'string',\n configurable: false,\n private: true,\n searchable: false,\n },\n deviceId: {\n type: 'string',\n required: true,\n configurable: false,\n private: true,\n searchable: false,\n },\n origin: {\n type: 'string',\n required: true,\n configurable: false,\n private: true,\n searchable: false,\n },\n expiresAt: {\n type: 'datetime',\n required: true,\n configurable: false,\n private: true,\n searchable: false,\n },\n absoluteExpiresAt: {\n type: 'datetime',\n configurable: false,\n private: true,\n searchable: false,\n },\n status: {\n type: 'string',\n configurable: false,\n private: true,\n searchable: false,\n },\n type: {\n type: 'string',\n configurable: false,\n private: true,\n searchable: false,\n },\n },\n};\n"],"names":["collectionName","info","name","description","singularName","pluralName","displayName","options","draftAndPublish","pluginOptions","visible","i18n","localized","attributes","userId","type","required","configurable","private","searchable","sessionId","unique","childId","deviceId","origin","expiresAt","absoluteExpiresAt","status"],"mappings":";;AAAA,cAAe;IACbA,cAAgB,EAAA,iBAAA;IAChBC,IAAM,EAAA;QACJC,IAAM,EAAA,SAAA;QACNC,WAAa,EAAA,yBAAA;QACbC,YAAc,EAAA,SAAA;QACdC,UAAY,EAAA,UAAA;QACZC,WAAa,EAAA;AACf,KAAA;IACAC,OAAS,EAAA;QACPC,eAAiB,EAAA;AACnB,KAAA;IACAC,aAAe,EAAA;QACb,iBAAmB,EAAA;YACjBC,OAAS,EAAA;AACX,SAAA;QACA,sBAAwB,EAAA;YACtBA,OAAS,EAAA;AACX,SAAA;QACAC,IAAM,EAAA;YACJC,SAAW,EAAA;AACb;AACF,KAAA;IACAC,UAAY,EAAA;QACVC,MAAQ,EAAA;YACNC,IAAM,EAAA,QAAA;YACNC,QAAU,EAAA,IAAA;YACVC,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAC,SAAW,EAAA;YACTL,IAAM,EAAA,QAAA;YACNM,MAAQ,EAAA,IAAA;YACRL,QAAU,EAAA,IAAA;YACVC,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAG,OAAS,EAAA;YACPP,IAAM,EAAA,QAAA;YACNE,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAI,QAAU,EAAA;YACRR,IAAM,EAAA,QAAA;YACNC,QAAU,EAAA,IAAA;YACVC,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAK,MAAQ,EAAA;YACNT,IAAM,EAAA,QAAA;YACNC,QAAU,EAAA,IAAA;YACVC,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAM,SAAW,EAAA;YACTV,IAAM,EAAA,UAAA;YACNC,QAAU,EAAA,IAAA;YACVC,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAO,iBAAmB,EAAA;YACjBX,IAAM,EAAA,UAAA;YACNE,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAQ,MAAQ,EAAA;YACNZ,IAAM,EAAA,QAAA;YACNE,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAJ,IAAM,EAAA;YACJA,IAAM,EAAA,QAAA;YACNE,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd;AACF;AACF,CAAE;;;;"}

package/dist/server/server/src/content-types/session.mjs ADDED Viewed

@@ -0,0 +1,89 @@
+var session = {
+    collectionName: 'strapi_sessions',
+    info: {
+        name: 'Session',
+        description: 'Session Manager storage',
+        singularName: 'session',
+        pluralName: 'sessions',
+        displayName: 'Session'
+    },
+    options: {
+        draftAndPublish: false
+    },
+    pluginOptions: {
+        'content-manager': {
+            visible: false
+        },
+        'content-type-builder': {
+            visible: false
+        },
+        i18n: {
+            localized: false
+        }
+    },
+    attributes: {
+        userId: {
+            type: 'string',
+            required: true,
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        sessionId: {
+            type: 'string',
+            unique: true,
+            required: true,
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        childId: {
+            type: 'string',
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        deviceId: {
+            type: 'string',
+            required: true,
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        origin: {
+            type: 'string',
+            required: true,
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        expiresAt: {
+            type: 'datetime',
+            required: true,
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        absoluteExpiresAt: {
+            type: 'datetime',
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        status: {
+            type: 'string',
+            configurable: false,
+            private: true,
+            searchable: false
+        },
+        type: {
+            type: 'string',
+            configurable: false,
+            private: true,
+            searchable: false
+        }
+    }
+};
+export { session as default };
+//# sourceMappingURL=session.mjs.map

package/dist/server/server/src/content-types/session.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session.mjs","sources":["../../../../../server/src/content-types/session.ts"],"sourcesContent":["export default {\n collectionName: 'strapi_sessions',\n info: {\n name: 'Session',\n description: 'Session Manager storage',\n singularName: 'session',\n pluralName: 'sessions',\n displayName: 'Session',\n },\n options: {\n draftAndPublish: false,\n },\n pluginOptions: {\n 'content-manager': {\n visible: false,\n },\n 'content-type-builder': {\n visible: false,\n },\n i18n: {\n localized: false,\n },\n },\n attributes: {\n userId: {\n type: 'string',\n required: true,\n configurable: false,\n private: true,\n searchable: false,\n },\n sessionId: {\n type: 'string',\n unique: true,\n required: true,\n configurable: false,\n private: true,\n searchable: false,\n },\n childId: {\n type: 'string',\n configurable: false,\n private: true,\n searchable: false,\n },\n deviceId: {\n type: 'string',\n required: true,\n configurable: false,\n private: true,\n searchable: false,\n },\n origin: {\n type: 'string',\n required: true,\n configurable: false,\n private: true,\n searchable: false,\n },\n expiresAt: {\n type: 'datetime',\n required: true,\n configurable: false,\n private: true,\n searchable: false,\n },\n absoluteExpiresAt: {\n type: 'datetime',\n configurable: false,\n private: true,\n searchable: false,\n },\n status: {\n type: 'string',\n configurable: false,\n private: true,\n searchable: false,\n },\n type: {\n type: 'string',\n configurable: false,\n private: true,\n searchable: false,\n },\n },\n};\n"],"names":["collectionName","info","name","description","singularName","pluralName","displayName","options","draftAndPublish","pluginOptions","visible","i18n","localized","attributes","userId","type","required","configurable","private","searchable","sessionId","unique","childId","deviceId","origin","expiresAt","absoluteExpiresAt","status"],"mappings":"AAAA,cAAe;IACbA,cAAgB,EAAA,iBAAA;IAChBC,IAAM,EAAA;QACJC,IAAM,EAAA,SAAA;QACNC,WAAa,EAAA,yBAAA;QACbC,YAAc,EAAA,SAAA;QACdC,UAAY,EAAA,UAAA;QACZC,WAAa,EAAA;AACf,KAAA;IACAC,OAAS,EAAA;QACPC,eAAiB,EAAA;AACnB,KAAA;IACAC,aAAe,EAAA;QACb,iBAAmB,EAAA;YACjBC,OAAS,EAAA;AACX,SAAA;QACA,sBAAwB,EAAA;YACtBA,OAAS,EAAA;AACX,SAAA;QACAC,IAAM,EAAA;YACJC,SAAW,EAAA;AACb;AACF,KAAA;IACAC,UAAY,EAAA;QACVC,MAAQ,EAAA;YACNC,IAAM,EAAA,QAAA;YACNC,QAAU,EAAA,IAAA;YACVC,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAC,SAAW,EAAA;YACTL,IAAM,EAAA,QAAA;YACNM,MAAQ,EAAA,IAAA;YACRL,QAAU,EAAA,IAAA;YACVC,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAG,OAAS,EAAA;YACPP,IAAM,EAAA,QAAA;YACNE,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAI,QAAU,EAAA;YACRR,IAAM,EAAA,QAAA;YACNC,QAAU,EAAA,IAAA;YACVC,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAK,MAAQ,EAAA;YACNT,IAAM,EAAA,QAAA;YACNC,QAAU,EAAA,IAAA;YACVC,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAM,SAAW,EAAA;YACTV,IAAM,EAAA,UAAA;YACNC,QAAU,EAAA,IAAA;YACVC,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAO,iBAAmB,EAAA;YACjBX,IAAM,EAAA,UAAA;YACNE,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAQ,MAAQ,EAAA;YACNZ,IAAM,EAAA,QAAA;YACNE,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd,SAAA;QACAJ,IAAM,EAAA;YACJA,IAAM,EAAA,QAAA;YACNE,YAAc,EAAA,KAAA;YACdC,OAAS,EAAA,IAAA;YACTC,UAAY,EAAA;AACd;AACF;AACF,CAAE;;;;"}

package/dist/server/server/src/controllers/authentication.js CHANGED Viewed

@@ -5,14 +5,19 @@ var compose = require('koa-compose');
 require('@strapi/types');
 var utils = require('@strapi/utils');
 var index = require('../utils/index.js');
+var sessionAuth = require('../../../shared/utils/session-auth.js');
 var register = require('../validation/authentication/register.js');
 var forgotPassword = require('../validation/authentication/forgot-password.js');
 var resetPassword = require('../validation/authentication/reset-password.js');
-var renewToken = require('../validation/authentication/renew-token.js');
+var login = require('../validation/authentication/login.js');
 const { ApplicationError, ValidationError } = utils.errors;
 var authentication = {
     login: compose([
+        async (ctx, next)=>{
+            await login(ctx.request.body ?? {});
+            return next();
+        },
         (ctx, next)=>{
             return passport.authenticate('local', {
                 session: false
@@ -46,31 +51,38 @@ var authentication = {
                 return next();
             })(ctx, next);
         },
-        (ctx)=>{
+        async (ctx)=>{
             const { user } = ctx.state;
-            ctx.body = {
-                data: {
-                    token: index.getService('token').createJwtToken(user),
-                    user: index.getService('user').sanitizeUser(ctx.state.user)
+            try {
+                const sessionManager = sessionAuth.getSessionManager();
+                if (!sessionManager) {
+                    return ctx.internalServerError();
                 }
-            };
+                const userId = String(user.id);
+                const { deviceId, rememberMe } = sessionAuth.extractDeviceParams(ctx.request.body);
+                const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
+                    type: rememberMe ? 'refresh' : 'session'
+                });
+                const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
+                ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
+                const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
+                if ('error' in accessResult) {
+                    return ctx.internalServerError();
+                }
+                const { token: accessToken } = accessResult;
+                ctx.body = {
+                    data: {
+                        token: accessToken,
+                        accessToken,
+                        user: index.getService('user').sanitizeUser(ctx.state.user)
+                    }
+                };
+            } catch (error) {
+                strapi.log.error('Failed to create admin refresh session', error);
+                return ctx.internalServerError();
+            }
         }
     ]),
-    async renewToken (ctx) {
-        await renewToken(ctx.request.body);
-        const { token } = ctx.request.body;
-        const { isValid, payload } = index.getService('token').decodeJwtToken(token);
-        if (!isValid) {
-            throw new ValidationError('Invalid token');
-        }
-        ctx.body = {
-            data: {
-                token: index.getService('token').createJwtToken({
-                    id: payload.id
-                })
-            }
-        };
-    },
     async registrationInfo (ctx) {
         await register.validateRegistrationInfoQuery(ctx.request.query);
         const { registrationToken } = ctx.request.query;
@@ -86,12 +98,34 @@ var authentication = {
         const input = ctx.request.body;
         await register.validateRegistrationInput(input);
         const user = await index.getService('user').register(input);
-        ctx.body = {
-            data: {
-                token: index.getService('token').createJwtToken(user),
-                user: index.getService('user').sanitizeUser(user)
+        try {
+            const sessionManager = sessionAuth.getSessionManager();
+            if (!sessionManager) {
+                return ctx.internalServerError();
             }
-        };
+            const userId = String(user.id);
+            const { deviceId, rememberMe } = sessionAuth.extractDeviceParams(ctx.request.body);
+            const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
+                type: rememberMe ? 'refresh' : 'session'
+            });
+            const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
+            ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
+            const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
+            if ('error' in accessResult) {
+                return ctx.internalServerError();
+            }
+            const { token: accessToken } = accessResult;
+            ctx.body = {
+                data: {
+                    token: accessToken,
+                    accessToken,
+                    user: index.getService('user').sanitizeUser(user)
+                }
+            };
+        } catch (error) {
+            strapi.log.error('Failed to create admin refresh session during register', error);
+            return ctx.internalServerError();
+        }
     },
     async registerAdmin (ctx) {
         const input = ctx.request.body;
@@ -113,12 +147,34 @@ var authentication = {
             ] : []
         });
         strapi.telemetry.send('didCreateFirstAdmin');
-        ctx.body = {
-            data: {
-                token: index.getService('token').createJwtToken(user),
-                user: index.getService('user').sanitizeUser(user)
+        try {
+            const sessionManager = sessionAuth.getSessionManager();
+            if (!sessionManager) {
+                return ctx.internalServerError();
             }
-        };
+            const userId = String(user.id);
+            const { deviceId, rememberMe } = sessionAuth.extractDeviceParams(ctx.request.body);
+            const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
+                type: rememberMe ? 'refresh' : 'session'
+            });
+            const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry(rememberMe ? 'refresh' : 'session', absoluteExpiresAt);
+            ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
+            const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
+            if ('error' in accessResult) {
+                return ctx.internalServerError();
+            }
+            const { token: accessToken } = accessResult;
+            ctx.body = {
+                data: {
+                    token: accessToken,
+                    accessToken,
+                    user: index.getService('user').sanitizeUser(user)
+                }
+            };
+        } catch (error) {
+            strapi.log.error('Failed to create admin refresh session during register-admin', error);
+            return ctx.internalServerError();
+        }
     },
     async forgotPassword (ctx) {
         const input = ctx.request.body;
@@ -130,18 +186,93 @@ var authentication = {
         const input = ctx.request.body;
         await resetPassword(input);
         const user = await index.getService('auth').resetPassword(input);
-        ctx.body = {
-            data: {
-                token: index.getService('token').createJwtToken(user),
-                user: index.getService('user').sanitizeUser(user)
+        // Issue a new admin refresh session and access token after password reset.
+        try {
+            const sessionManager = sessionAuth.getSessionManager();
+            if (!sessionManager) {
+                return ctx.internalServerError();
             }
-        };
+            const userId = String(user.id);
+            const deviceId = sessionAuth.generateDeviceId();
+            // Invalidate all existing sessions before creating a new one
+            await sessionManager('admin').invalidateRefreshToken(userId);
+            const { token: refreshToken, absoluteExpiresAt } = await sessionManager('admin').generateRefreshToken(userId, deviceId, {
+                type: 'session'
+            });
+            // No rememberMe flow here; expire with session by default (session cookie)
+            const cookieOptions = sessionAuth.buildCookieOptionsWithExpiry('session', absoluteExpiresAt);
+            ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, refreshToken, cookieOptions);
+            const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);
+            if ('error' in accessResult) {
+                return ctx.internalServerError();
+            }
+            const { token } = accessResult;
+            ctx.body = {
+                data: {
+                    token,
+                    user: index.getService('user').sanitizeUser(user)
+                }
+            };
+        } catch (err) {
+            strapi.log.error('Failed to create admin refresh session during reset-password', err);
+            return ctx.internalServerError();
+        }
     },
-    logout (ctx) {
+    async accessToken (ctx) {
+        const refreshToken = ctx.cookies.get(sessionAuth.REFRESH_COOKIE_NAME);
+        if (!refreshToken) {
+            return ctx.unauthorized('Missing refresh token');
+        }
+        try {
+            const sessionManager = sessionAuth.getSessionManager();
+            if (!sessionManager) {
+                return ctx.internalServerError();
+            }
+            // Single-use renewal: rotate on access exchange, then create access token
+            // from the new refresh token
+            const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);
+            if ('error' in rotation) {
+                return ctx.unauthorized('Invalid refresh token');
+            }
+            const result = await sessionManager('admin').generateAccessToken(rotation.token);
+            if ('error' in result) {
+                return ctx.unauthorized('Invalid refresh token');
+            }
+            const { token } = result;
+            // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt
+            const opts = sessionAuth.buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt);
+            ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, rotation.token, opts);
+            ctx.body = {
+                data: {
+                    token
+                }
+            };
+        } catch (err) {
+            strapi.log.error('Failed to generate access token from refresh token', err);
+            return ctx.internalServerError();
+        }
+    },
+    async logout (ctx) {
         const sanitizedUser = index.getService('user').sanitizeUser(ctx.state.user);
         strapi.eventHub.emit('admin.logout', {
             user: sanitizedUser
         });
+        const bodyDeviceId = ctx.request.body?.deviceId;
+        const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;
+        // Clear cookie regardless of token validity
+        ctx.cookies.set(sessionAuth.REFRESH_COOKIE_NAME, '', {
+            ...sessionAuth.getRefreshCookieOptions(),
+            expires: new Date(0)
+        });
+        try {
+            const sessionManager = sessionAuth.getSessionManager();
+            if (sessionManager) {
+                const userId = String(ctx.state.user.id);
+                await sessionManager('admin').invalidateRefreshToken(userId, deviceId);
+            }
+        } catch (err) {
+            strapi.log.error('Failed to revoke admin sessions during logout', err);
+        }
         ctx.body = {
             data: {}
         };

package/dist/server/server/src/controllers/authentication.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateRenewTokenInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n RenewToken,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n ctx.body = {\n data: {\n token: getService('token').createJwtToken(user),\n user: getService('user').sanitizeUser(ctx.state.user), // TODO: fetch more detailed info\n },\n } satisfies Login.Response;\n },\n ]),\n\n async renewToken(ctx: Context) {\n await validateRenewTokenInput(ctx.request.body);\n\n const { token } = ctx.request.body as RenewToken.Request['body'];\n\n const { isValid, payload } = getService('token').decodeJwtToken(token);\n\n if (!isValid) {\n throw new ValidationError('Invalid token');\n }\n\n ctx.body = {\n data: {\n token: getService('token').createJwtToken({ id: payload.id }),\n },\n } satisfies RenewToken.Response;\n },\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n ctx.body = {\n data: {\n token: getService('token').createJwtToken(user),\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n ctx.body = {\n data: {\n token: getService('token').createJwtToken(user),\n user: getService('user').sanitizeUser(user),\n },\n };\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n ctx.body = {\n data: {\n token: getService('token').createJwtToken(user),\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n },\n\n logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","body","data","token","createJwtToken","renewToken","validateRenewTokenInput","request","isValid","payload","decodeJwtToken","id","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","logout"],"mappings":";;;;;;;;;;;;AAyBA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAQ,CAAA;AACb,QAAA,CAACC,GAAcC,EAAAA,IAAAA,GAAAA;YACb,OAAOC,QAAAA,CAASC,YAAY,CAAC,OAAS,EAAA;gBAAEC,OAAS,EAAA;aAAS,EAAA,CAACC,KAAKC,IAAMC,EAAAA,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAK,EAAA;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBAAEC,KAAON,EAAAA,GAAAA;wBAAKO,QAAU,EAAA;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAIQ,CAAAA,OAAO,EAAEC,IAAAA,KAAS,mBAAqB,EAAA;wBAC7C,MAAMT,GAAAA;AACR;;AAGA,oBAAA,OAAOL,IAAIe,cAAc,EAAA;AAC3B;AAEA,gBAAA,IAAI,CAACT,IAAM,EAAA;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBACvCC,KAAO,EAAA,IAAIK,KAAMT,CAAAA,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAU,EAAA;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIjB,gBAAiBY,CAAAA,IAAAA,CAAKU,OAAO,CAAA;AACzC;gBAEA,MAAMC,KAAAA,GAAQlB,IAAImB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAgBC,GAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;oBAAEJ,IAAMc,EAAAA,aAAAA;oBAAeR,QAAU,EAAA;AAAQ,iBAAA,CAAA;gBAEpF,OAAOX,IAAAA,EAAAA;AACT,aAAA,CAAA,CAAGD,GAAKC,EAAAA,IAAAA,CAAAA;AACV,SAAA;QACA,CAACD,GAAAA,GAAAA;AACC,YAAA,MAAM,EAAEM,IAAI,EAAE,GAAGN,IAAImB,KAAK;AAE1BnB,YAAAA,GAAAA,CAAIuB,IAAI,GAAG;gBACTC,IAAM,EAAA;oBACJC,KAAOJ,EAAAA,gBAAAA,CAAW,OAASK,CAAAA,CAAAA,cAAc,CAACpB,IAAAA,CAAAA;AAC1CA,oBAAAA,IAAAA,EAAMe,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACtB,GAAImB,CAAAA,KAAK,CAACb,IAAI;AACtD;AACF,aAAA;AACF;AACD,KAAA,CAAA;AAED,IAAA,MAAMqB,YAAW3B,GAAY,EAAA;AAC3B,QAAA,MAAM4B,UAAwB5B,CAAAA,GAAAA,CAAI6B,OAAO,CAACN,IAAI,CAAA;AAE9C,QAAA,MAAM,EAAEE,KAAK,EAAE,GAAGzB,GAAI6B,CAAAA,OAAO,CAACN,IAAI;QAElC,MAAM,EAAEO,OAAO,EAAEC,OAAO,EAAE,GAAGV,gBAAAA,CAAW,OAASW,CAAAA,CAAAA,cAAc,CAACP,KAAAA,CAAAA;AAEhE,QAAA,IAAI,CAACK,OAAS,EAAA;AACZ,YAAA,MAAM,IAAIlC,eAAgB,CAAA,eAAA,CAAA;AAC5B;AAEAI,QAAAA,GAAAA,CAAIuB,IAAI,GAAG;YACTC,IAAM,EAAA;gBACJC,KAAOJ,EAAAA,gBAAAA,CAAW,OAASK,CAAAA,CAAAA,cAAc,CAAC;AAAEO,oBAAAA,EAAAA,EAAIF,QAAQE;AAAG,iBAAA;AAC7D;AACF,SAAA;AACF,KAAA;AAEA,IAAA,MAAMC,kBAAiBlC,GAAY,EAAA;AACjC,QAAA,MAAMmC,sCAA8BnC,CAAAA,GAAAA,CAAI6B,OAAO,CAACX,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEkB,iBAAiB,EAAE,GAAGpC,GAAI6B,CAAAA,OAAO,CAACX,KAAK;AAE/C,QAAA,MAAMgB,gBAAmB,GAAA,MAAMb,gBAAW,CAAA,MAAA,CAAA,CAAQgB,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAkB,EAAA;AACrB,YAAA,MAAM,IAAItC,eAAgB,CAAA,2BAAA,CAAA;AAC5B;AAEAI,QAAAA,GAAAA,CAAIuB,IAAI,GAAG;YAAEC,IAAMU,EAAAA;AAAiB,SAAA;AACtC,KAAA;AAEA,IAAA,MAAMI,UAAStC,GAAY,EAAA;AACzB,QAAA,MAAMuC,KAAQvC,GAAAA,GAAAA,CAAI6B,OAAO,CAACN,IAAI;AAE9B,QAAA,MAAMiB,kCAA0BD,CAAAA,KAAAA,CAAAA;AAEhC,QAAA,MAAMjC,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQiB,QAAQ,CAACC,KAAAA,CAAAA;AAE/CvC,QAAAA,GAAAA,CAAIuB,IAAI,GAAG;YACTC,IAAM,EAAA;gBACJC,KAAOJ,EAAAA,gBAAAA,CAAW,OAASK,CAAAA,CAAAA,cAAc,CAACpB,IAAAA,CAAAA;gBAC1CA,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,SAAA;AACF,KAAA;AAEA,IAAA,MAAMmC,eAAczC,GAAY,EAAA;AAC9B,QAAA,MAAMuC,KAAQvC,GAAAA,GAAAA,CAAI6B,OAAO,CAACN,IAAI;AAE9B,QAAA,MAAMmB,uCAA+BH,CAAAA,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAW,GAAA,MAAMtB,gBAAW,CAAA,MAAA,CAAA,CAAQuB,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAU,EAAA;AACZ,YAAA,MAAM,IAAIhD,gBAAiB,CAAA,uCAAA,CAAA;AAC7B;AAEA,QAAA,MAAMkD,cAAiB,GAAA,MAAMxB,gBAAW,CAAA,MAAA,CAAA,CAAQyB,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,YAAA,MAAM,IAAIlD,gBACR,CAAA,6EAAA,CAAA;AAEJ;AAEA,QAAA,MAAMW,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQ0B,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAmB,EAAA,IAAA;YACnBY,QAAU,EAAA,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAiB,GAAA;AAACA,gBAAAA,cAAAA,CAAeZ;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEAzB,MAAO0C,CAAAA,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;AAEtBnD,QAAAA,GAAAA,CAAIuB,IAAI,GAAG;YACTC,IAAM,EAAA;gBACJC,KAAOJ,EAAAA,gBAAAA,CAAW,OAASK,CAAAA,CAAAA,cAAc,CAACpB,IAAAA,CAAAA;gBAC1CA,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,SAAA;AACF,KAAA;AAEA,IAAA,MAAM8C,gBAAepD,GAAY,EAAA;AAC/B,QAAA,MAAMuC,KAAQvC,GAAAA,GAAAA,CAAI6B,OAAO,CAACN,IAAI;AAE9B,QAAA,MAAM8B,cAA4Bd,CAAAA,KAAAA,CAAAA;QAElClB,gBAAW,CAAA,MAAA,CAAA,CAAQ+B,cAAc,CAACb,KAAAA,CAAAA;AAElCvC,QAAAA,GAAAA,CAAIsD,MAAM,GAAG,GAAA;AACf,KAAA;AAEA,IAAA,MAAMC,eAAcvD,GAAY,EAAA;AAC9B,QAAA,MAAMuC,KAAQvC,GAAAA,GAAAA,CAAI6B,OAAO,CAACN,IAAI;AAE9B,QAAA,MAAMiC,aAA2BjB,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAMjC,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQkC,aAAa,CAAChB,KAAAA,CAAAA;AAEpDvC,QAAAA,GAAAA,CAAIuB,IAAI,GAAG;YACTC,IAAM,EAAA;gBACJC,KAAOJ,EAAAA,gBAAAA,CAAW,OAASK,CAAAA,CAAAA,cAAc,CAACpB,IAAAA,CAAAA;gBAC1CA,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,SAAA;AACF,KAAA;AAEAmD,IAAAA,MAAAA,CAAAA,CAAOzD,GAAY,EAAA;QACjB,MAAMoB,aAAAA,GAAgBC,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACtB,GAAImB,CAAAA,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAgB,EAAA;YAAEJ,IAAMc,EAAAA;AAAc,SAAA,CAAA;AAC3DpB,QAAAA,GAAAA,CAAIuB,IAAI,GAAG;AAAEC,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB;AACF,CAAE;;;;"}
1	+ {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry('session', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(rotation.type, rotation.absoluteExpiresAt);\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string \| undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAQ,CAAA;AACb,QAAA,OAAOC,GAAcC,EAAAA,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAIG,CAAAA,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,SAAA;AACA,QAAA,CAACD,GAAcC,EAAAA,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAS,EAAA;gBAAEC,OAAS,EAAA;aAAS,EAAA,CAACC,KAAKC,IAAMC,EAAAA,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAK,EAAA;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBAAEC,KAAON,EAAAA,GAAAA;wBAAKO,QAAU,EAAA;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAIQ,CAAAA,OAAO,EAAEC,IAAAA,KAAS,mBAAqB,EAAA;wBAC7C,MAAMT,GAAAA;AACR;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B;AAEA,gBAAA,IAAI,CAACT,IAAM,EAAA;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;wBACvCC,KAAO,EAAA,IAAIK,KAAMT,CAAAA,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAU,EAAA;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAiBe,CAAAA,IAAAA,CAAKU,OAAO,CAAA;AACzC;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAgBC,GAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;oBAAEJ,IAAMc,EAAAA,aAAAA;oBAAeR,QAAU,EAAA;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,aAAA,CAAA,CAAGD,GAAKC,EAAAA,IAAAA,CAAAA;AACV,SAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;gBACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AACjC,iBAAA,CAAA;AAEA,gBAAA,MAAMO,aAAgBC,GAAAA,wCAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,gBAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,gBAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,oBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT4C,IAAM,EAAA;wBACJb,KAAOY,EAAAA,WAAAA;AACPA,wBAAAA,WAAAA;AACAtC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,aAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,gBAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,wCAA0CA,EAAAA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF;AACD,KAAA,CAAA;AAED,IAAA,MAAMsB,kBAAiBlD,GAAY,EAAA;AACjC,QAAA,MAAMmD,sCAA8BnD,CAAAA,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAE+B,iBAAiB,EAAE,GAAGpD,GAAIG,CAAAA,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM6B,gBAAmB,GAAA,MAAM1B,gBAAW,CAAA,MAAA,CAAA,CAAQ6B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAkB,EAAA;AACrB,YAAA,MAAM,IAAItD,eAAgB,CAAA,2BAAA,CAAA;AAC5B;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE4C,IAAME,EAAAA;AAAiB,SAAA;AACtC,KAAA;AAEA,IAAA,MAAMI,UAAStD,GAAY,EAAA;AACzB,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMoD,kCAA0BD,CAAAA,KAAAA,CAAAA;AAEhC,QAAA,MAAM9C,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQ8B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM7B,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;AAEpF,YAAA,MAAMO,aAAgBC,GAAAA,wCAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;oBACJb,KAAOY,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAtC,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,wDAA0DA,EAAAA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAM6B,eAAczD,GAAY,EAAA;AAC9B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMsD,uCAA+BH,CAAAA,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAW,GAAA,MAAMnC,gBAAW,CAAA,MAAA,CAAA,CAAQoC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAU,EAAA;AACZ,YAAA,MAAM,IAAIhE,gBAAiB,CAAA,uCAAA,CAAA;AAC7B;AAEA,QAAA,MAAMkE,cAAiB,GAAA,MAAMrC,gBAAW,CAAA,MAAA,CAAA,CAAQsC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,YAAA,MAAM,IAAIlE,gBACR,CAAA,6EAAA,CAAA;AAEJ;AAEA,QAAA,MAAMc,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQuC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAmB,EAAA,IAAA;YACnBY,QAAU,EAAA,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAiB,GAAA;AAACA,gBAAAA,cAAAA,CAAe9B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAOuD,CAAAA,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMzC,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YACA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAoBlC,CAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAY,GAAA;AAAU,aAAA,CAAA;AAEpF,YAAA,MAAMO,aAAgBC,GAAAA,wCAAAA,CACpBR,UAAa,GAAA,SAAA,GAAY,SACzBI,EAAAA,iBAAAA,CAAAA;AAEFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;oBACJb,KAAOY,EAAAA,WAAAA;AACPA,oBAAAA,WAAAA;oBACAtC,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOK,KAAO,EAAA;AACdH,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,8DAAgEA,EAAAA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMwC,gBAAepE,GAAY,EAAA;AAC/B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMiE,cAA4Bd,CAAAA,KAAAA,CAAAA;QAElC/B,gBAAW,CAAA,MAAA,CAAA,CAAQ4C,cAAc,CAACb,KAAAA,CAAAA;AAElCvD,QAAAA,GAAAA,CAAIsE,MAAM,GAAG,GAAA;AACf,KAAA;AAEA,IAAA,MAAMC,eAAcvE,GAAY,EAAA;AAC9B,QAAA,MAAMuD,KAAQvD,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMoE,aAA2BjB,CAAAA,KAAAA,CAAAA;AAEjC,QAAA,MAAM9C,IAAO,GAAA,MAAMe,gBAAW,CAAA,MAAA,CAAA,CAAQ+C,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM7B,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAMC,MAAAA,GAASC,MAAOrB,CAAAA,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAWyC,GAAAA,4BAAAA,EAAAA;;YAGjB,MAAM/C,cAAAA,CAAe,OAASgD,CAAAA,CAAAA,sBAAsB,CAAC7C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cACvD,CAAA,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAU,EAAA;gBAAEO,IAAM,EAAA;AAAU,aAAA,CAAA;;YAG3D,MAAMC,aAAAA,GAAgBC,yCAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,YAAA,MAAMK,YAAe,GAAA,MAAMnB,cAAe,CAAA,OAAA,CAAA,CAASoB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWS,YAAc,EAAA;AAC3B,gBAAA,OAAO7C,IAAI4B,mBAAmB,EAAA;AAChC;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGU,YAAAA;AAElB7C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT4C,IAAM,EAAA;AACJb,oBAAAA,KAAAA;oBACA1B,IAAMe,EAAAA,gBAAAA,CAAW,MAAQC,CAAAA,CAAAA,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,SAAA,CAAE,OAAOD,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,8DAAgEN,EAAAA,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMmB,aAAY/C,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAepC,GAAAA,GAAAA,CAAI0C,OAAO,CAACiC,GAAG,CAAC/B,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACR,YAAc,EAAA;YACjB,OAAOpC,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;QAEA,IAAI;AACF,YAAA,MAAMlD,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAgB,EAAA;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC;;;AAIA,YAAA,MAAMiD,QAAW,GAAA,MAAMnD,cAAe,CAAA,OAAA,CAAA,CAASoD,kBAAkB,CAAC1C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWyC,QAAU,EAAA;gBACvB,OAAO7E,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;AAEA,YAAA,MAAMG,SAAS,MAAMrD,cAAAA,CAAe,SAASoB,mBAAmB,CAAC+B,SAAS1C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW4C,MAAQ,EAAA;gBACrB,OAAO/E,GAAAA,CAAI4E,YAAY,CAAC,uBAAA,CAAA;AAC1B;YAEA,MAAM,EAAEzC,KAAK,EAAE,GAAG4C,MAAAA;;AAElB,YAAA,MAAMC,OAAOvC,wCAA6BoC,CAAAA,QAAAA,CAAStC,IAAI,EAAEsC,SAASxC,iBAAiB,CAAA;AAEnFrC,YAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,+BAAqBiC,EAAAA,QAAAA,CAAS1C,KAAK,EAAE6C,IAAAA,CAAAA;AACrDhF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE4C,IAAM,EAAA;AAAEb,oBAAAA;AAAM;AAAE,aAAA;AAC/B,SAAA,CAAE,OAAO3B,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,oDAAsDN,EAAAA,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC;AACF,KAAA;AAEA,IAAA,MAAMqD,QAAOjF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAQC,CAAAA,CAAAA,YAAY,CAACzB,GAAIsB,CAAAA,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAgB,EAAA;YAAEJ,IAAMc,EAAAA;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM2D,YAAelF,GAAAA,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAW,GAAA,OAAOkD,YAAiB,KAAA,QAAA,GAAWA,YAAeC,GAAAA,SAAAA;;AAGnEnF,QAAAA,GAAAA,CAAI0C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAI,EAAA;AACvC,YAAA,GAAGwC,mCAAyB,EAAA;AAC5BC,YAAAA,OAAAA,EAAS,IAAIC,IAAK,CAAA,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM5D,cAAiBC,GAAAA,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAgB,EAAA;AAClB,gBAAA,MAAMG,SAASC,MAAO9B,CAAAA,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAe,CAAA,OAAA,CAAA,CAASgD,sBAAsB,CAAC7C,MAAQG,EAAAA,QAAAA,CAAAA;AAC/D;AACF,SAAA,CAAE,OAAOxB,GAAK,EAAA;AACZG,YAAAA,MAAAA,CAAOsC,GAAG,CAACnC,KAAK,CAAC,+CAAiDN,EAAAA,GAAAA,CAAAA;AACpE;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE4C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB;AACF,CAAE;;;;"}