@sync-in/server 1.11.0 → 2.0.0

package/server/authentication/auth.config.js

@@ -1,8 +1,4 @@
-/*
- * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
- * This file is part of Sync-in | The open source file sync and share solution
- * See the LICENSE file for licensing details
- */ "use strict";
+"use strict";
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
@@ -16,18 +12,6 @@ _export(exports, {
     get AuthConfig () {
         return AuthConfig;
     },
-    get AuthMethodLdapAttributesConfig () {
-        return AuthMethodLdapAttributesConfig;
-    },
-    get AuthMethodLdapConfig () {
-        return AuthMethodLdapConfig;
-    },
-    get AuthMfaConfig () {
-        return AuthMfaConfig;
-    },
-    get AuthMfaTotpConfig () {
-        return AuthMfaTotpConfig;
-    },
     get AuthTokenAccessConfig () {
         return AuthTokenAccessConfig;
     },
@@ -46,9 +30,11 @@ _export(exports, {
 });
 const _classtransformer = require("class-transformer");
 const _classvalidator = require("class-validator");
-const _shared = require("../common/shared");
 const _auth = require("./constants/auth");
-const _authldap = require("./constants/auth-ldap");
+const _authprovidersconstants = require("./providers/auth-providers.constants");
+const _authldapconfig = require("./providers/ldap/auth-ldap.config");
+const _authoidcconfig = require("./providers/oidc/auth-oidc.config");
+const _authtwofaconfig = require("./providers/two-fa/auth-two-fa.config");
 function _ts_decorate(decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -58,31 +44,6 @@ function _ts_decorate(decorators, target, key, desc) {
 function _ts_metadata(k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 }
-let AuthMfaTotpConfig = class AuthMfaTotpConfig {
-    constructor(){
-        this.enabled = true;
-        this.issuer = _shared.SERVER_NAME;
-    }
-};
-_ts_decorate([
-    (0, _classvalidator.IsBoolean)()
-], AuthMfaTotpConfig.prototype, "enabled", void 0);
-_ts_decorate([
-    (0, _classvalidator.IsString)()
-], AuthMfaTotpConfig.prototype, "issuer", void 0);
-let AuthMfaConfig = class AuthMfaConfig {
-    constructor(){
-        this.totp = new AuthMfaTotpConfig();
-    }
-};
-_ts_decorate([
-    (0, _classvalidator.IsDefined)(),
-    (0, _classvalidator.IsNotEmptyObject)(),
-    (0, _classvalidator.IsObject)(),
-    (0, _classvalidator.ValidateNested)(),
-    (0, _classtransformer.Type)(()=>AuthMfaTotpConfig),
-    _ts_metadata("design:type", typeof AuthMfaTotpConfig === "undefined" ? Object : AuthMfaTotpConfig)
-], AuthMfaConfig.prototype, "totp", void 0);
 let AuthTokenAccessConfig = class AuthTokenAccessConfig {
     constructor(){
         this.// force default name
@@ -179,87 +140,18 @@ _ts_decorate([
     (0, _classtransformer.Type)(()=>AuthTokenWSConfig),
     _ts_metadata("design:type", typeof AuthTokenWSConfig === "undefined" ? Object : AuthTokenWSConfig)
 ], AuthTokenConfig.prototype, "ws", void 0);
-let AuthMethodLdapAttributesConfig = class AuthMethodLdapAttributesConfig {
-    constructor(){
-        this.login = _authldap.LDAP_LOGIN_ATTR.UID;
-        this.email = _authldap.LDAP_COMMON_ATTR.MAIL;
-    }
-};
-_ts_decorate([
-    (0, _classvalidator.IsOptional)(),
-    (0, _classvalidator.IsString)(),
-    (0, _classtransformer.Transform)(({ value })=>value || _authldap.LDAP_LOGIN_ATTR.UID),
-    (0, _classvalidator.IsEnum)(_authldap.LDAP_LOGIN_ATTR),
-    _ts_metadata("design:type", typeof _authldap.LDAP_LOGIN_ATTR === "undefined" ? Object : _authldap.LDAP_LOGIN_ATTR)
-], AuthMethodLdapAttributesConfig.prototype, "login", void 0);
-_ts_decorate([
-    (0, _classvalidator.IsOptional)(),
-    (0, _classvalidator.IsString)(),
-    (0, _classtransformer.Transform)(({ value })=>value || _authldap.LDAP_COMMON_ATTR.MAIL),
-    _ts_metadata("design:type", String)
-], AuthMethodLdapAttributesConfig.prototype, "email", void 0);
-let AuthMethodLdapConfig = class AuthMethodLdapConfig {
-    constructor(){
-        this.attributes = new AuthMethodLdapAttributesConfig();
-    }
-};
-_ts_decorate([
-    (0, _classtransformer.Transform)(({ value })=>Array.isArray(value) ? value.filter((v)=>Boolean(v)) : value),
-    (0, _classvalidator.ArrayNotEmpty)(),
-    (0, _classvalidator.IsArray)(),
-    (0, _classvalidator.IsString)({
-        each: true
-    }),
-    _ts_metadata("design:type", Array)
-], AuthMethodLdapConfig.prototype, "servers", void 0);
-_ts_decorate([
-    (0, _classvalidator.IsString)(),
-    (0, _classvalidator.IsNotEmpty)(),
-    _ts_metadata("design:type", String)
-], AuthMethodLdapConfig.prototype, "baseDN", void 0);
-_ts_decorate([
-    (0, _classvalidator.IsOptional)(),
-    (0, _classvalidator.IsString)(),
-    _ts_metadata("design:type", String)
-], AuthMethodLdapConfig.prototype, "filter", void 0);
-_ts_decorate([
-    (0, _classvalidator.IsDefined)(),
-    (0, _classvalidator.IsNotEmptyObject)(),
-    (0, _classvalidator.IsObject)(),
-    (0, _classvalidator.ValidateNested)(),
-    (0, _classtransformer.Type)(()=>AuthMethodLdapAttributesConfig),
-    _ts_metadata("design:type", typeof AuthMethodLdapAttributesConfig === "undefined" ? Object : AuthMethodLdapAttributesConfig)
-], AuthMethodLdapConfig.prototype, "attributes", void 0);
-_ts_decorate([
-    (0, _classvalidator.IsOptional)(),
-    (0, _classvalidator.IsString)(),
-    _ts_metadata("design:type", String)
-], AuthMethodLdapConfig.prototype, "adminGroup", void 0);
-_ts_decorate([
-    (0, _classvalidator.IsOptional)(),
-    (0, _classvalidator.IsString)(),
-    _ts_metadata("design:type", String)
-], AuthMethodLdapConfig.prototype, "upnSuffix", void 0);
-_ts_decorate([
-    (0, _classvalidator.IsOptional)(),
-    (0, _classvalidator.IsString)(),
-    _ts_metadata("design:type", String)
-], AuthMethodLdapConfig.prototype, "netbiosName", void 0);
 let AuthConfig = class AuthConfig {
     constructor(){
-        this.method = 'mysql';
-        this.mfa = new AuthMfaConfig();
+        this.provider = _authprovidersconstants.AUTH_PROVIDER.MYSQL;
+        this.mfa = new _authtwofaconfig.AuthMFAConfig();
         this.cookieSameSite = 'strict';
     }
 };
 _ts_decorate([
     (0, _classvalidator.IsString)(),
-    (0, _classvalidator.IsIn)([
-        'mysql',
-        'ldap'
-    ]),
-    _ts_metadata("design:type", String)
-], AuthConfig.prototype, "method", void 0);
+    (0, _classvalidator.IsEnum)(_authprovidersconstants.AUTH_PROVIDER),
+    _ts_metadata("design:type", typeof _authprovidersconstants.AUTH_PROVIDER === "undefined" ? Object : _authprovidersconstants.AUTH_PROVIDER)
+], AuthConfig.prototype, "provider", void 0);
 _ts_decorate([
     (0, _classvalidator.IsOptional)(),
     (0, _classvalidator.IsString)(),
@@ -270,8 +162,8 @@ _ts_decorate([
     (0, _classvalidator.IsNotEmptyObject)(),
     (0, _classvalidator.IsObject)(),
     (0, _classvalidator.ValidateNested)(),
-    (0, _classtransformer.Type)(()=>AuthMfaConfig),
-    _ts_metadata("design:type", typeof AuthMfaConfig === "undefined" ? Object : AuthMfaConfig)
+    (0, _classtransformer.Type)(()=>_authtwofaconfig.AuthMFAConfig),
+    _ts_metadata("design:type", typeof _authtwofaconfig.AuthMFAConfig === "undefined" ? Object : _authtwofaconfig.AuthMFAConfig)
 ], AuthConfig.prototype, "mfa", void 0);
 _ts_decorate([
     (0, _classvalidator.IsString)(),
@@ -290,12 +182,20 @@ _ts_decorate([
     _ts_metadata("design:type", typeof AuthTokenConfig === "undefined" ? Object : AuthTokenConfig)
 ], AuthConfig.prototype, "token", void 0);
 _ts_decorate([
-    (0, _classvalidator.ValidateIf)((o)=>o.method === 'ldap'),
+    (0, _classvalidator.ValidateIf)((o)=>o.provider === _authprovidersconstants.AUTH_PROVIDER.LDAP),
     (0, _classvalidator.IsDefined)(),
     (0, _classvalidator.IsObject)(),
     (0, _classvalidator.ValidateNested)(),
-    (0, _classtransformer.Type)(()=>AuthMethodLdapConfig),
-    _ts_metadata("design:type", typeof AuthMethodLdapConfig === "undefined" ? Object : AuthMethodLdapConfig)
+    (0, _classtransformer.Type)(()=>_authldapconfig.AuthProviderLDAPConfig),
+    _ts_metadata("design:type", typeof _authldapconfig.AuthProviderLDAPConfig === "undefined" ? Object : _authldapconfig.AuthProviderLDAPConfig)
 ], AuthConfig.prototype, "ldap", void 0);
+_ts_decorate([
+    (0, _classvalidator.ValidateIf)((o)=>o.provider === _authprovidersconstants.AUTH_PROVIDER.OIDC),
+    (0, _classvalidator.IsDefined)(),
+    (0, _classvalidator.IsObject)(),
+    (0, _classvalidator.ValidateNested)(),
+    (0, _classtransformer.Type)(()=>_authoidcconfig.AuthProviderOIDCConfig),
+    _ts_metadata("design:type", typeof _authoidcconfig.AuthProviderOIDCConfig === "undefined" ? Object : _authoidcconfig.AuthProviderOIDCConfig)
+], AuthConfig.prototype, "oidc", void 0);
 
 //# sourceMappingURL=auth.config.js.map

package/server/authentication/auth.config.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../backend/src/authentication/auth.config.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Exclude, Transform, Type } from 'class-transformer'\nimport {\n  ArrayNotEmpty,\n  IsArray,\n  IsBoolean,\n  IsDefined,\n  IsEnum,\n  IsIn,\n  IsNotEmpty,\n  IsNotEmptyObject,\n  IsObject,\n  IsOptional,\n  IsString,\n  ValidateIf,\n  ValidateNested\n} from 'class-validator'\nimport { SERVER_NAME } from '../common/shared'\nimport { ACCESS_KEY, CSRF_KEY, REFRESH_KEY, WS_KEY } from './constants/auth'\nimport { LDAP_COMMON_ATTR, LDAP_LOGIN_ATTR } from './constants/auth-ldap'\n\nexport class AuthMfaTotpConfig {\n  @IsBoolean()\n  enabled = true\n\n  @IsString()\n  issuer = SERVER_NAME\n}\n\nexport class AuthMfaConfig {\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthMfaTotpConfig)\n  totp: AuthMfaTotpConfig = new AuthMfaTotpConfig()\n}\n\nexport class AuthTokenAccessConfig {\n  @Exclude({ toClassOnly: true })\n  // force default name\n  name = ACCESS_KEY\n\n  @IsString()\n  @IsNotEmpty()\n  secret: string\n\n  @IsString()\n  @IsNotEmpty()\n  expiration = '30m'\n}\n\nexport class AuthTokenRefreshConfig {\n  @Exclude({ toClassOnly: true })\n  // force default name\n  name = REFRESH_KEY\n\n  @IsString()\n  @IsNotEmpty()\n  secret: string\n\n  @IsString()\n  @IsNotEmpty()\n  expiration = '4h'\n}\n\nexport class AuthTokenCsrfConfig extends AuthTokenRefreshConfig {\n  @IsString()\n  @IsNotEmpty()\n  override name: string = CSRF_KEY\n}\n\nexport class AuthTokenWSConfig extends AuthTokenRefreshConfig {\n  @IsString()\n  @IsNotEmpty()\n  override name: string = WS_KEY\n}\n\nexport class AuthTokenConfig {\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthTokenAccessConfig)\n  access: AuthTokenAccessConfig\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthTokenRefreshConfig)\n  refresh: AuthTokenRefreshConfig\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthTokenCsrfConfig)\n  csrf: AuthTokenCsrfConfig\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthTokenWSConfig)\n  ws: AuthTokenWSConfig\n}\n\nexport class AuthMethodLdapAttributesConfig {\n  @IsOptional()\n  @IsString()\n  @Transform(({ value }) => value || LDAP_LOGIN_ATTR.UID)\n  @IsEnum(LDAP_LOGIN_ATTR)\n  login: LDAP_LOGIN_ATTR = LDAP_LOGIN_ATTR.UID\n\n  @IsOptional()\n  @IsString()\n  @Transform(({ value }) => value || LDAP_COMMON_ATTR.MAIL)\n  email: string = LDAP_COMMON_ATTR.MAIL\n}\n\nexport class AuthMethodLdapConfig {\n  @Transform(({ value }) => (Array.isArray(value) ? value.filter((v: string) => Boolean(v)) : value))\n  @ArrayNotEmpty()\n  @IsArray()\n  @IsString({ each: true })\n  servers: string[]\n\n  @IsString()\n  @IsNotEmpty()\n  baseDN: string\n\n  @IsOptional()\n  @IsString()\n  filter?: string\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthMethodLdapAttributesConfig)\n  attributes: AuthMethodLdapAttributesConfig = new AuthMethodLdapAttributesConfig()\n\n  @IsOptional()\n  @IsString()\n  adminGroup?: string\n\n  @IsOptional()\n  @IsString()\n  upnSuffix?: string\n\n  @IsOptional()\n  @IsString()\n  netbiosName?: string\n}\n\nexport class AuthConfig {\n  @IsString()\n  @IsIn(['mysql', 'ldap'])\n  method: 'mysql' | 'ldap' = 'mysql'\n\n  @IsOptional()\n  @IsString()\n  encryptionKey: string\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthMfaConfig)\n  mfa: AuthMfaConfig = new AuthMfaConfig()\n\n  @IsString()\n  @IsIn(['lax', 'strict'])\n  cookieSameSite: 'lax' | 'strict' = 'strict'\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthTokenConfig)\n  token: AuthTokenConfig\n\n  @ValidateIf((o: AuthConfig) => o.method === 'ldap')\n  @IsDefined()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthMethodLdapConfig)\n  ldap: AuthMethodLdapConfig\n}\n"],"names":["AuthConfig","AuthMethodLdapAttributesConfig","AuthMethodLdapConfig","AuthMfaConfig","AuthMfaTotpConfig","AuthTokenAccessConfig","AuthTokenConfig","AuthTokenCsrfConfig","AuthTokenRefreshConfig","AuthTokenWSConfig","enabled","issuer","SERVER_NAME","totp","name","ACCESS_KEY","expiration","toClassOnly","REFRESH_KEY","CSRF_KEY","WS_KEY","login","LDAP_LOGIN_ATTR","UID","email","LDAP_COMMON_ATTR","MAIL","value","attributes","Array","isArray","filter","v","Boolean","each","method","mfa","cookieSameSite","o"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QA6JYA;eAAAA;;QAhDAC;eAAAA;;QAaAC;eAAAA;;QA5FAC;eAAAA;;QARAC;eAAAA;;QAiBAC;eAAAA;;QAwCAC;eAAAA;;QAZAC;eAAAA;;QAdAC;eAAAA;;QAoBAC;eAAAA;;;kCAvE4B;gCAelC;wBACqB;sBAC8B;0BACR;;;;;;;;;;AAE3C,IAAA,AAAML,oBAAN,MAAMA;;aAEXM,UAAU;aAGVC,SAASC,mBAAW;;AACtB;;;;;;;AAEO,IAAA,AAAMT,gBAAN,MAAMA;;aAMXU,OAA0B,IAAIT;;AAChC;;;;;;oCAFcA;;;AAIP,IAAA,AAAMC,wBAAN,MAAMA;;aAEX,qBAAqB;QACrBS,OAAOC,gBAAU;aAQjBC,aAAa;;AACf;;;QAXaC,aAAa;;;;;;;;;;;;AAanB,IAAA,AAAMT,yBAAN,MAAMA;;aAEX,qBAAqB;QACrBM,OAAOI,iBAAW;aAQlBF,aAAa;;AACf;;;QAXaC,aAAa;;;;;;;;;;;;AAanB,IAAA,AAAMV,sBAAN,MAAMA,4BAA4BC;;QAAlC,qBAGIM,OAAeK,cAAQ;;AAClC;;;;;;AAEO,IAAA,AAAMV,oBAAN,MAAMA,0BAA0BD;;QAAhC,qBAGIM,OAAeM,YAAM;;AAChC;;;;;;AAEO,IAAA,AAAMd,kBAAN,MAAMA;AA4Bb;;;;;;oCAvBcD;;;;;;;;oCAOAG;;;;;;;;oCAOAD;;;;;;;;oCAOAE;;;AAIP,IAAA,AAAMR,iCAAN,MAAMA;;aAKXoB,QAAyBC,yBAAe,CAACC,GAAG;aAK5CC,QAAgBC,0BAAgB,CAACC,IAAI;;AACvC;;;;sCARc,EAAEC,KAAK,EAAE,GAAKA,SAASL,yBAAe,CAACC,GAAG;;;;;;;sCAM1C,EAAEI,KAAK,EAAE,GAAKA,SAASF,0BAAgB,CAACC,IAAI;;;AAInD,IAAA,AAAMxB,uBAAN,MAAMA;;aAoBX0B,aAA6C,IAAI3B;;AAanD;;sCAhCc,EAAE0B,KAAK,EAAE,GAAME,MAAMC,OAAO,CAACH,SAASA,MAAMI,MAAM,CAAC,CAACC,IAAcC,QAAQD,MAAML;;;;QAGhFO,MAAM;;;;;;;;;;;;;;;;;;;oCAeNjC;;;;;;;;;;;;;;;;;;AAgBP,IAAA,AAAMD,aAAN,MAAMA;;aAGXmC,SAA2B;aAW3BC,MAAqB,IAAIjC;aAIzBkC,iBAAmC;;AAerC;;;;QA/BS;QAAS;;;;;;;;;;;;;;oCAWJlC;;;;;;QAIL;QAAO;;;;;;;;;oCAOFG;;;;qCAGCgC,IAAkBA,EAAEH,MAAM,KAAK;;;;oCAIhCjC"}
+{"version":3,"sources":["../../../backend/src/authentication/auth.config.ts"],"sourcesContent":["import { Exclude, Type } from 'class-transformer'\nimport { IsDefined, IsEnum, IsIn, IsNotEmpty, IsNotEmptyObject, IsObject, IsOptional, IsString, ValidateIf, ValidateNested } from 'class-validator'\nimport { ACCESS_KEY, CSRF_KEY, REFRESH_KEY, WS_KEY } from './constants/auth'\nimport { AUTH_PROVIDER } from './providers/auth-providers.constants'\nimport { AuthProviderLDAPConfig } from './providers/ldap/auth-ldap.config'\nimport { AuthProviderOIDCConfig } from './providers/oidc/auth-oidc.config'\nimport { AuthMFAConfig } from './providers/two-fa/auth-two-fa.config'\n\nexport class AuthTokenAccessConfig {\n  @Exclude({ toClassOnly: true })\n  // force default name\n  name = ACCESS_KEY\n\n  @IsString()\n  @IsNotEmpty()\n  secret: string\n\n  @IsString()\n  @IsNotEmpty()\n  expiration = '30m'\n}\n\nexport class AuthTokenRefreshConfig {\n  @Exclude({ toClassOnly: true })\n  // force default name\n  name = REFRESH_KEY\n\n  @IsString()\n  @IsNotEmpty()\n  secret: string\n\n  @IsString()\n  @IsNotEmpty()\n  expiration = '4h'\n}\n\nexport class AuthTokenCsrfConfig extends AuthTokenRefreshConfig {\n  @IsString()\n  @IsNotEmpty()\n  override name: string = CSRF_KEY\n}\n\nexport class AuthTokenWSConfig extends AuthTokenRefreshConfig {\n  @IsString()\n  @IsNotEmpty()\n  override name: string = WS_KEY\n}\n\nexport class AuthTokenConfig {\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthTokenAccessConfig)\n  access: AuthTokenAccessConfig\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthTokenRefreshConfig)\n  refresh: AuthTokenRefreshConfig\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthTokenCsrfConfig)\n  csrf: AuthTokenCsrfConfig\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthTokenWSConfig)\n  ws: AuthTokenWSConfig\n}\n\nexport class AuthConfig {\n  @IsString()\n  @IsEnum(AUTH_PROVIDER)\n  provider: AUTH_PROVIDER = AUTH_PROVIDER.MYSQL\n\n  @IsOptional()\n  @IsString()\n  encryptionKey: string\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthMFAConfig)\n  mfa: AuthMFAConfig = new AuthMFAConfig()\n\n  @IsString()\n  @IsIn(['lax', 'strict'])\n  cookieSameSite: 'lax' | 'strict' = 'strict'\n\n  @IsDefined()\n  @IsNotEmptyObject()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthTokenConfig)\n  token: AuthTokenConfig\n\n  @ValidateIf((o: AuthConfig) => o.provider === AUTH_PROVIDER.LDAP)\n  @IsDefined()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthProviderLDAPConfig)\n  ldap: AuthProviderLDAPConfig\n\n  @ValidateIf((o: AuthConfig) => o.provider === AUTH_PROVIDER.OIDC)\n  @IsDefined()\n  @IsObject()\n  @ValidateNested()\n  @Type(() => AuthProviderOIDCConfig)\n  oidc: AuthProviderOIDCConfig\n}\n"],"names":["AuthConfig","AuthTokenAccessConfig","AuthTokenConfig","AuthTokenCsrfConfig","AuthTokenRefreshConfig","AuthTokenWSConfig","name","ACCESS_KEY","expiration","toClassOnly","REFRESH_KEY","CSRF_KEY","WS_KEY","provider","AUTH_PROVIDER","MYSQL","mfa","AuthMFAConfig","cookieSameSite","o","LDAP","AuthProviderLDAPConfig","OIDC","AuthProviderOIDCConfig"],"mappings":";;;;;;;;;;;QA8EaA;eAAAA;;QAtEAC;eAAAA;;QAwCAC;eAAAA;;QAZAC;eAAAA;;QAdAC;eAAAA;;QAoBAC;eAAAA;;;kCA1CiB;gCACoG;sBACxE;wCAC5B;gCACS;gCACA;iCACT;;;;;;;;;;AAEvB,IAAA,AAAMJ,wBAAN,MAAMA;;aAEX,qBAAqB;QACrBK,OAAOC,gBAAU;aAQjBC,aAAa;;AACf;;;QAXaC,aAAa;;;;;;;;;;;;AAanB,IAAA,AAAML,yBAAN,MAAMA;;aAEX,qBAAqB;QACrBE,OAAOI,iBAAW;aAQlBF,aAAa;;AACf;;;QAXaC,aAAa;;;;;;;;;;;;AAanB,IAAA,AAAMN,sBAAN,MAAMA,4BAA4BC;;QAAlC,qBAGIE,OAAeK,cAAQ;;AAClC;;;;;;AAEO,IAAA,AAAMN,oBAAN,MAAMA,0BAA0BD;;QAAhC,qBAGIE,OAAeM,YAAM;;AAChC;;;;;;AAEO,IAAA,AAAMV,kBAAN,MAAMA;AA4Bb;;;;;;oCAvBcD;;;;;;;;oCAOAG;;;;;;;;oCAOAD;;;;;;;;oCAOAE;;;AAIP,IAAA,AAAML,aAAN,MAAMA;;aAGXa,WAA0BC,qCAAa,CAACC,KAAK;aAW7CC,MAAqB,IAAIC,8BAAa;aAItCC,iBAAmC;;AAsBrC;;;;;;;;;;;;;;;;oCA3BcD,8BAAa;;;;;;QAIlB;QAAO;;;;;;;;;oCAOFf;;;;qCAGCiB,IAAkBA,EAAEN,QAAQ,KAAKC,qCAAa,CAACM,IAAI;;;;oCAIpDC,sCAAsB;;;;qCAGrBF,IAAkBA,EAAEN,QAAQ,KAAKC,qCAAa,CAACQ,IAAI;;;;oCAIpDC,sCAAsB"}

package/server/authentication/auth.controller.js

@@ -1,8 +1,4 @@
-/*
- * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
- * This file is part of Sync-in | The open source file sync and share solution
- * See the LICENSE file for licensing details
- */ "use strict";
+"use strict";
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
@@ -19,17 +15,17 @@ const _rolesdecorator = require("../applications/users/decorators/roles.decorato
 const _userdecorator = require("../applications/users/decorators/user.decorator");
 const _rolesguard = require("../applications/users/guards/roles.guard");
 const _usermodel = require("../applications/users/models/user.model");
+const _authservice = require("./auth.service");
 const _auth = require("./constants/auth");
 const _routes = require("./constants/routes");
 const _authtokenskipdecorator = require("./decorators/auth-token-skip.decorator");
-const _twofaverifydto = require("./dto/two-fa-verify.dto");
 const _authlocalguard = require("./guards/auth-local.guard");
 const _authtokenrefreshguard = require("./guards/auth-token-refresh.guard");
-const _authtwofaguard = require("./guards/auth-two-fa-guard");
 const _authrequestinterface = require("./interfaces/auth-request.interface");
 const _tokeninterface = require("./interfaces/token.interface");
-const _authmanagerservice = require("./services/auth-manager.service");
-const _authmethodtwofaservice = require("./services/auth-methods/auth-method-two-fa.service");
+const _authprovidertwofaservice = require("./providers/two-fa/auth-provider-two-fa.service");
+const _authtwofaguard = require("./providers/two-fa/auth-two-fa-guard");
+const _authtwofadtos = require("./providers/two-fa/auth-two-fa.dtos");
 function _ts_decorate(decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -60,17 +56,20 @@ let AuthController = class AuthController {
     refreshToken(user) {
         return this.authManager.getTokens(user, true);
     }
+    authSettings() {
+        return this.authManager.authSettings();
+    }
     /* TWO-FA Part */ twoFaInit(user) {
-        return this.authMethod2FA.initTwoFactor(user);
+        return this.authProvider2FA.initTwoFactor(user);
     }
     twoFaEnable(body, req) {
-        return this.authMethod2FA.enableTwoFactor(body, req);
+        return this.authProvider2FA.enableTwoFactor(body, req);
     }
     twoFaDisable(body, req) {
-        return this.authMethod2FA.disableTwoFactor(body, req);
+        return this.authProvider2FA.disableTwoFactor(body, req);
     }
     async twoFaLogin(body, req, res) {
-        const [authStatus, user] = await this.authMethod2FA.verify(body, req, true);
+        const [authStatus, user] = await this.authProvider2FA.verify(body, req, true);
         if (authStatus.success) {
             const loginResponseDto = await this.authManager.setCookies(user, res);
             // clear the temporary 2FA cookie
@@ -86,11 +85,11 @@ let AuthController = class AuthController {
         return authStatus;
     }
     twoFaReset(userId) {
-        return this.authMethod2FA.adminResetUserTwoFa(userId);
+        return this.authProvider2FA.adminResetUserTwoFa(userId);
     }
-    constructor(authManager, authMethod2FA){
+    constructor(authManager, authProvider2FA){
         this.authManager = authManager;
-        this.authMethod2FA = authMethod2FA;
+        this.authProvider2FA = authProvider2FA;
     }
 };
 _ts_decorate([
@@ -157,6 +156,13 @@ _ts_decorate([
     ]),
     _ts_metadata("design:returntype", typeof Promise === "undefined" ? Object : Promise)
 ], AuthController.prototype, "refreshToken", null);
+_ts_decorate([
+    (0, _common.Get)(_routes.AUTH_ROUTE.SETTINGS),
+    (0, _authtokenskipdecorator.AuthTokenSkip)(),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", []),
+    _ts_metadata("design:returntype", Object)
+], AuthController.prototype, "authSettings", null);
 _ts_decorate([
     (0, _common.Get)(`${_routes.AUTH_ROUTE.TWO_FA_BASE}/${_routes.AUTH_ROUTE.TWO_FA_ENABLE}`),
     (0, _common.UseGuards)(_rolesguard.UserRolesGuard),
@@ -176,7 +182,7 @@ _ts_decorate([
     _ts_param(1, (0, _common.Req)()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof _twofaverifydto.TwoFaVerifyWithPasswordDto === "undefined" ? Object : _twofaverifydto.TwoFaVerifyWithPasswordDto,
+        typeof _authtwofadtos.TwoFaVerifyWithPasswordDto === "undefined" ? Object : _authtwofadtos.TwoFaVerifyWithPasswordDto,
         typeof _authrequestinterface.FastifyAuthenticatedRequest === "undefined" ? Object : _authrequestinterface.FastifyAuthenticatedRequest
     ]),
     _ts_metadata("design:returntype", typeof Promise === "undefined" ? Object : Promise)
@@ -189,7 +195,7 @@ _ts_decorate([
     _ts_param(1, (0, _common.Req)()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof _twofaverifydto.TwoFaVerifyWithPasswordDto === "undefined" ? Object : _twofaverifydto.TwoFaVerifyWithPasswordDto,
+        typeof _authtwofadtos.TwoFaVerifyWithPasswordDto === "undefined" ? Object : _authtwofadtos.TwoFaVerifyWithPasswordDto,
         typeof _authrequestinterface.FastifyAuthenticatedRequest === "undefined" ? Object : _authrequestinterface.FastifyAuthenticatedRequest
     ]),
     _ts_metadata("design:returntype", typeof Promise === "undefined" ? Object : Promise)
@@ -205,7 +211,7 @@ _ts_decorate([
     })),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof _twofaverifydto.TwoFaVerifyDto === "undefined" ? Object : _twofaverifydto.TwoFaVerifyDto,
+        typeof _authtwofadtos.TwoFaVerifyDto === "undefined" ? Object : _authtwofadtos.TwoFaVerifyDto,
         typeof _authrequestinterface.FastifyAuthenticatedRequest === "undefined" ? Object : _authrequestinterface.FastifyAuthenticatedRequest,
         typeof _fastify.FastifyReply === "undefined" ? Object : _fastify.FastifyReply
     ]),
@@ -226,8 +232,8 @@ AuthController = _ts_decorate([
     (0, _common.Controller)(_routes.AUTH_ROUTE.BASE),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof _authmanagerservice.AuthManager === "undefined" ? Object : _authmanagerservice.AuthManager,
-        typeof _authmethodtwofaservice.AuthMethod2FA === "undefined" ? Object : _authmethodtwofaservice.AuthMethod2FA
+        typeof _authservice.AuthManager === "undefined" ? Object : _authservice.AuthManager,
+        typeof _authprovidertwofaservice.AuthProvider2FA === "undefined" ? Object : _authprovidertwofaservice.AuthProvider2FA
     ])
 ], AuthController);
 

package/server/authentication/auth.controller.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../backend/src/authentication/auth.controller.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Body, Controller, Get, Param, ParseIntPipe, Post, Req, Res, UseGuards } from '@nestjs/common'\nimport { FastifyReply } from 'fastify'\nimport { USER_ROLE } from '../applications/users/constants/user'\nimport { UserHaveRole } from '../applications/users/decorators/roles.decorator'\nimport { GetUser } from '../applications/users/decorators/user.decorator'\nimport { UserRolesGuard } from '../applications/users/guards/roles.guard'\nimport { UserModel } from '../applications/users/models/user.model'\nimport { ACCESS_KEY, TOKEN_PATHS } from './constants/auth'\nimport { AUTH_ROUTE } from './constants/routes'\nimport { AuthTokenSkip } from './decorators/auth-token-skip.decorator'\nimport { LoginResponseDto, LoginVerify2FaDto, TwoFaResponseDto } from './dto/login-response.dto'\nimport { TokenResponseDto } from './dto/token-response.dto'\nimport { TwoFaVerifyDto, TwoFaVerifyWithPasswordDto } from './dto/two-fa-verify.dto'\nimport { AuthLocalGuard } from './guards/auth-local.guard'\nimport { AuthTokenRefreshGuard } from './guards/auth-token-refresh.guard'\nimport { AuthTwoFaGuard } from './guards/auth-two-fa-guard'\nimport { FastifyAuthenticatedRequest } from './interfaces/auth-request.interface'\nimport { TOKEN_TYPE } from './interfaces/token.interface'\nimport { TwoFaSetup, TwoFaVerifyResult } from './interfaces/two-fa-setup.interface'\nimport { AuthManager } from './services/auth-manager.service'\nimport { AuthMethod2FA } from './services/auth-methods/auth-method-two-fa.service'\n\n@Controller(AUTH_ROUTE.BASE)\nexport class AuthController {\n  constructor(\n    private readonly authManager: AuthManager,\n    private readonly authMethod2FA: AuthMethod2FA\n  ) {}\n\n  @Post(AUTH_ROUTE.LOGIN)\n  @AuthTokenSkip()\n  @UseGuards(AuthLocalGuard)\n  login(@GetUser() user: UserModel, @Res({ passthrough: true }) res: FastifyReply): Promise<LoginResponseDto | LoginVerify2FaDto> {\n    return this.authManager.setCookies(user, res, true)\n  }\n\n  @Post(AUTH_ROUTE.LOGOUT)\n  @AuthTokenSkip()\n  logout(@Res({ passthrough: true }) res: FastifyReply) {\n    return this.authManager.clearCookies(res)\n  }\n\n  @Post(AUTH_ROUTE.REFRESH)\n  @AuthTokenSkip()\n  @UseGuards(AuthTokenRefreshGuard)\n  refreshCookies(@GetUser() user: UserModel, @Res({ passthrough: true }) res: FastifyReply): Promise<TokenResponseDto> {\n    return this.authManager.refreshCookies(user, res)\n  }\n\n  @Post(AUTH_ROUTE.TOKEN)\n  @AuthTokenSkip()\n  @UseGuards(AuthLocalGuard)\n  token(@GetUser() user: UserModel): Promise<TokenResponseDto> {\n    return this.authManager.getTokens(user)\n  }\n\n  @Post(AUTH_ROUTE.TOKEN_REFRESH)\n  @AuthTokenSkip()\n  @UseGuards(AuthTokenRefreshGuard)\n  refreshToken(@GetUser() user: UserModel): Promise<TokenResponseDto> {\n    return this.authManager.getTokens(user, true)\n  }\n\n  /* TWO-FA Part */\n\n  @Get(`${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_ENABLE}`)\n  @UseGuards(UserRolesGuard)\n  @UserHaveRole(USER_ROLE.USER)\n  twoFaInit(@GetUser() user: UserModel): Promise<TwoFaSetup> {\n    return this.authMethod2FA.initTwoFactor(user)\n  }\n\n  @Post(`${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_ENABLE}`)\n  @UseGuards(UserRolesGuard)\n  @UserHaveRole(USER_ROLE.USER)\n  twoFaEnable(@Body() body: TwoFaVerifyWithPasswordDto, @Req() req: FastifyAuthenticatedRequest): Promise<TwoFaVerifyResult> {\n    return this.authMethod2FA.enableTwoFactor(body, req)\n  }\n\n  @Post(`${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_DISABLE}`)\n  @UseGuards(UserRolesGuard)\n  @UserHaveRole(USER_ROLE.USER)\n  twoFaDisable(@Body() body: TwoFaVerifyWithPasswordDto, @Req() req: FastifyAuthenticatedRequest): Promise<TwoFaVerifyResult> {\n    return this.authMethod2FA.disableTwoFactor(body, req)\n  }\n\n  @Post(`${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_LOGIN_VERIFY}`)\n  @UseGuards(UserRolesGuard)\n  @UserHaveRole(USER_ROLE.USER)\n  async twoFaLogin(\n    @Body() body: TwoFaVerifyDto,\n    @Req() req: FastifyAuthenticatedRequest,\n    @Res({ passthrough: true }) res: FastifyReply\n  ): Promise<TwoFaResponseDto | TwoFaVerifyResult> {\n    const [authStatus, user] = await this.authMethod2FA.verify(body, req, true)\n    if (authStatus.success) {\n      const loginResponseDto = await this.authManager.setCookies(user, res)\n      // clear the temporary 2FA cookie\n      res.clearCookie(ACCESS_KEY, { path: TOKEN_PATHS[TOKEN_TYPE.ACCESS_2FA], httpOnly: true })\n      return { ...loginResponseDto, ...authStatus } satisfies TwoFaResponseDto\n    }\n    return authStatus\n  }\n\n  @Post(`${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_ADMIN_RESET_USER}/:id`)\n  @UseGuards(UserRolesGuard, AuthTwoFaGuard)\n  @UserHaveRole(USER_ROLE.ADMINISTRATOR)\n  twoFaReset(@Param('id', ParseIntPipe) userId: number): Promise<TwoFaVerifyResult> {\n    return this.authMethod2FA.adminResetUserTwoFa(userId)\n  }\n}\n"],"names":["AuthController","login","user","res","authManager","setCookies","logout","clearCookies","refreshCookies","token","getTokens","refreshToken","twoFaInit","authMethod2FA","initTwoFactor","twoFaEnable","body","req","enableTwoFactor","twoFaDisable","disableTwoFactor","twoFaLogin","authStatus","verify","success","loginResponseDto","clearCookie","ACCESS_KEY","path","TOKEN_PATHS","TOKEN_TYPE","ACCESS_2FA","httpOnly","twoFaReset","userId","adminResetUserTwoFa","LOGIN","passthrough","LOGOUT","REFRESH","TOKEN","TOKEN_REFRESH","AUTH_ROUTE","TWO_FA_BASE","TWO_FA_ENABLE","USER","TWO_FA_DISABLE","TWO_FA_LOGIN_VERIFY","TWO_FA_ADMIN_RESET_USER","ADMINISTRATOR","BASE"],"mappings":"AAAA;;;;CAIC;;;;+BAyBYA;;;eAAAA;;;wBAvByE;yBACzD;sBACH;gCACG;+BACL;4BACO;2BACL;sBACc;wBACb;wCACG;gCAG6B;gCAC5B;uCACO;gCACP;sCACa;gCACjB;oCAEC;wCACE;;;;;;;;;;;;;;;AAGvB,IAAA,AAAMA,iBAAN,MAAMA;IASXC,MAAM,AAAWC,IAAe,EAAE,AAA4BC,GAAiB,EAAiD;QAC9H,OAAO,IAAI,CAACC,WAAW,CAACC,UAAU,CAACH,MAAMC,KAAK;IAChD;IAIAG,OAAO,AAA4BH,GAAiB,EAAE;QACpD,OAAO,IAAI,CAACC,WAAW,CAACG,YAAY,CAACJ;IACvC;IAKAK,eAAe,AAAWN,IAAe,EAAE,AAA4BC,GAAiB,EAA6B;QACnH,OAAO,IAAI,CAACC,WAAW,CAACI,cAAc,CAACN,MAAMC;IAC/C;IAKAM,MAAM,AAAWP,IAAe,EAA6B;QAC3D,OAAO,IAAI,CAACE,WAAW,CAACM,SAAS,CAACR;IACpC;IAKAS,aAAa,AAAWT,IAAe,EAA6B;QAClE,OAAO,IAAI,CAACE,WAAW,CAACM,SAAS,CAACR,MAAM;IAC1C;IAEA,eAAe,GAEf,AAGAU,UAAU,AAAWV,IAAe,EAAuB;QACzD,OAAO,IAAI,CAACW,aAAa,CAACC,aAAa,CAACZ;IAC1C;IAKAa,YAAY,AAAQC,IAAgC,EAAE,AAAOC,GAAgC,EAA8B;QACzH,OAAO,IAAI,CAACJ,aAAa,CAACK,eAAe,CAACF,MAAMC;IAClD;IAKAE,aAAa,AAAQH,IAAgC,EAAE,AAAOC,GAAgC,EAA8B;QAC1H,OAAO,IAAI,CAACJ,aAAa,CAACO,gBAAgB,CAACJ,MAAMC;IACnD;IAEA,MAGMI,WACJ,AAAQL,IAAoB,EAC5B,AAAOC,GAAgC,EACvC,AAA4Bd,GAAiB,EACE;QAC/C,MAAM,CAACmB,YAAYpB,KAAK,GAAG,MAAM,IAAI,CAACW,aAAa,CAACU,MAAM,CAACP,MAAMC,KAAK;QACtE,IAAIK,WAAWE,OAAO,EAAE;YACtB,MAAMC,mBAAmB,MAAM,IAAI,CAACrB,WAAW,CAACC,UAAU,CAACH,MAAMC;YACjE,iCAAiC;YACjCA,IAAIuB,WAAW,CAACC,gBAAU,EAAE;gBAAEC,MAAMC,iBAAW,CAACC,0BAAU,CAACC,UAAU,CAAC;gBAAEC,UAAU;YAAK;YACvF,OAAO;gBAAE,GAAGP,gBAAgB;gBAAE,GAAGH,UAAU;YAAC;QAC9C;QACA,OAAOA;IACT;IAKAW,WAAW,AAA2BC,MAAc,EAA8B;QAChF,OAAO,IAAI,CAACrB,aAAa,CAACsB,mBAAmB,CAACD;IAChD;IArFA,YACE,AAAiB9B,WAAwB,EACzC,AAAiBS,aAA4B,CAC7C;aAFiBT,cAAAA;aACAS,gBAAAA;IAChB;AAmFL;;yCAjFmBuB;;;;;QAGwBC,aAAa;;;;;;;;;;yCAIrCC;;;QAEHD,aAAa;;;;;;;;;yCAIVE;;;;;QAGiCF,aAAa;;;;;;;;;;yCAI9CG;;;;;;;;;;;yCAOAC;;;;;;;;;;;wBASTC,kBAAU,CAACC,WAAW,CAAC,CAAC,EAAED,kBAAU,CAACE,aAAa;;sDAElCC;;;;;;;;;yBAKfH,kBAAU,CAACC,WAAW,CAAC,CAAC,EAAED,kBAAU,CAACE,aAAa;;sDAEnCC;;;;;;;;;;;yBAKfH,kBAAU,CAACC,WAAW,CAAC,CAAC,EAAED,kBAAU,CAACI,cAAc;;sDAEpCD;;;;;;;;;;;yBAKfH,kBAAU,CAACC,WAAW,CAAC,CAAC,EAAED,kBAAU,CAACK,mBAAmB;;sDAEzCF;;;;QAIfR,aAAa;;;;;;;;;;;yBAYbK,kBAAU,CAACC,WAAW,CAAC,CAAC,EAAED,kBAAU,CAACM,uBAAuB,CAAC,IAAI;;sDAElDC;;;;;;;;;+CApFHC"}
+{"version":3,"sources":["../../../backend/src/authentication/auth.controller.ts"],"sourcesContent":["import { Body, Controller, Get, Param, ParseIntPipe, Post, Req, Res, UseGuards } from '@nestjs/common'\nimport { FastifyReply } from 'fastify'\nimport { USER_ROLE } from '../applications/users/constants/user'\nimport { UserHaveRole } from '../applications/users/decorators/roles.decorator'\nimport { GetUser } from '../applications/users/decorators/user.decorator'\nimport { UserRolesGuard } from '../applications/users/guards/roles.guard'\nimport { UserModel } from '../applications/users/models/user.model'\nimport { AuthManager } from './auth.service'\nimport { ACCESS_KEY, TOKEN_PATHS } from './constants/auth'\nimport { AUTH_ROUTE } from './constants/routes'\nimport { AuthTokenSkip } from './decorators/auth-token-skip.decorator'\nimport { LoginResponseDto, LoginVerify2FaDto } from './dto/login-response.dto'\nimport { TokenResponseDto } from './dto/token-response.dto'\nimport { AuthLocalGuard } from './guards/auth-local.guard'\nimport { AuthTokenRefreshGuard } from './guards/auth-token-refresh.guard'\nimport { FastifyAuthenticatedRequest } from './interfaces/auth-request.interface'\nimport { TOKEN_TYPE } from './interfaces/token.interface'\nimport type { AuthOIDCSettings } from './providers/oidc/auth-oidc.interfaces'\nimport { AuthProvider2FA } from './providers/two-fa/auth-provider-two-fa.service'\nimport { AuthTwoFaGuard } from './providers/two-fa/auth-two-fa-guard'\nimport { TwoFaResponseDto, TwoFaVerifyDto, TwoFaVerifyWithPasswordDto } from './providers/two-fa/auth-two-fa.dtos'\nimport { TwoFaSetup, TwoFaVerifyResult } from './providers/two-fa/auth-two-fa.interfaces'\n\n@Controller(AUTH_ROUTE.BASE)\nexport class AuthController {\n  constructor(\n    private readonly authManager: AuthManager,\n    private readonly authProvider2FA: AuthProvider2FA\n  ) {}\n\n  @Post(AUTH_ROUTE.LOGIN)\n  @AuthTokenSkip()\n  @UseGuards(AuthLocalGuard)\n  login(@GetUser() user: UserModel, @Res({ passthrough: true }) res: FastifyReply): Promise<LoginResponseDto | LoginVerify2FaDto> {\n    return this.authManager.setCookies(user, res, true)\n  }\n\n  @Post(AUTH_ROUTE.LOGOUT)\n  @AuthTokenSkip()\n  logout(@Res({ passthrough: true }) res: FastifyReply) {\n    return this.authManager.clearCookies(res)\n  }\n\n  @Post(AUTH_ROUTE.REFRESH)\n  @AuthTokenSkip()\n  @UseGuards(AuthTokenRefreshGuard)\n  refreshCookies(@GetUser() user: UserModel, @Res({ passthrough: true }) res: FastifyReply): Promise<TokenResponseDto> {\n    return this.authManager.refreshCookies(user, res)\n  }\n\n  @Post(AUTH_ROUTE.TOKEN)\n  @AuthTokenSkip()\n  @UseGuards(AuthLocalGuard)\n  token(@GetUser() user: UserModel): Promise<TokenResponseDto> {\n    return this.authManager.getTokens(user)\n  }\n\n  @Post(AUTH_ROUTE.TOKEN_REFRESH)\n  @AuthTokenSkip()\n  @UseGuards(AuthTokenRefreshGuard)\n  refreshToken(@GetUser() user: UserModel): Promise<TokenResponseDto> {\n    return this.authManager.getTokens(user, true)\n  }\n\n  @Get(AUTH_ROUTE.SETTINGS)\n  @AuthTokenSkip()\n  authSettings(): AuthOIDCSettings | false {\n    return this.authManager.authSettings()\n  }\n\n  /* TWO-FA Part */\n\n  @Get(`${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_ENABLE}`)\n  @UseGuards(UserRolesGuard)\n  @UserHaveRole(USER_ROLE.USER)\n  twoFaInit(@GetUser() user: UserModel): Promise<TwoFaSetup> {\n    return this.authProvider2FA.initTwoFactor(user)\n  }\n\n  @Post(`${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_ENABLE}`)\n  @UseGuards(UserRolesGuard)\n  @UserHaveRole(USER_ROLE.USER)\n  twoFaEnable(@Body() body: TwoFaVerifyWithPasswordDto, @Req() req: FastifyAuthenticatedRequest): Promise<TwoFaVerifyResult> {\n    return this.authProvider2FA.enableTwoFactor(body, req)\n  }\n\n  @Post(`${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_DISABLE}`)\n  @UseGuards(UserRolesGuard)\n  @UserHaveRole(USER_ROLE.USER)\n  twoFaDisable(@Body() body: TwoFaVerifyWithPasswordDto, @Req() req: FastifyAuthenticatedRequest): Promise<TwoFaVerifyResult> {\n    return this.authProvider2FA.disableTwoFactor(body, req)\n  }\n\n  @Post(`${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_LOGIN_VERIFY}`)\n  @UseGuards(UserRolesGuard)\n  @UserHaveRole(USER_ROLE.USER)\n  async twoFaLogin(\n    @Body() body: TwoFaVerifyDto,\n    @Req() req: FastifyAuthenticatedRequest,\n    @Res({ passthrough: true }) res: FastifyReply\n  ): Promise<TwoFaResponseDto | TwoFaVerifyResult> {\n    const [authStatus, user] = await this.authProvider2FA.verify(body, req, true)\n    if (authStatus.success) {\n      const loginResponseDto = await this.authManager.setCookies(user, res)\n      // clear the temporary 2FA cookie\n      res.clearCookie(ACCESS_KEY, { path: TOKEN_PATHS[TOKEN_TYPE.ACCESS_2FA], httpOnly: true })\n      return { ...loginResponseDto, ...authStatus } satisfies TwoFaResponseDto\n    }\n    return authStatus\n  }\n\n  @Post(`${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_ADMIN_RESET_USER}/:id`)\n  @UseGuards(UserRolesGuard, AuthTwoFaGuard)\n  @UserHaveRole(USER_ROLE.ADMINISTRATOR)\n  twoFaReset(@Param('id', ParseIntPipe) userId: number): Promise<TwoFaVerifyResult> {\n    return this.authProvider2FA.adminResetUserTwoFa(userId)\n  }\n}\n"],"names":["AuthController","login","user","res","authManager","setCookies","logout","clearCookies","refreshCookies","token","getTokens","refreshToken","authSettings","twoFaInit","authProvider2FA","initTwoFactor","twoFaEnable","body","req","enableTwoFactor","twoFaDisable","disableTwoFactor","twoFaLogin","authStatus","verify","success","loginResponseDto","clearCookie","ACCESS_KEY","path","TOKEN_PATHS","TOKEN_TYPE","ACCESS_2FA","httpOnly","twoFaReset","userId","adminResetUserTwoFa","LOGIN","passthrough","LOGOUT","REFRESH","TOKEN","TOKEN_REFRESH","SETTINGS","AUTH_ROUTE","TWO_FA_BASE","TWO_FA_ENABLE","USER","TWO_FA_DISABLE","TWO_FA_LOGIN_VERIFY","TWO_FA_ADMIN_RESET_USER","ADMINISTRATOR","BASE"],"mappings":";;;;+BAwBaA;;;eAAAA;;;wBAxByE;yBACzD;sBACH;gCACG;+BACL;4BACO;2BACL;6BACE;sBACY;wBACb;wCACG;gCAGC;uCACO;sCACM;gCACjB;0CAEK;gCACD;+BAC8C;;;;;;;;;;;;;;;AAItE,IAAA,AAAMA,iBAAN,MAAMA;IASXC,MAAM,AAAWC,IAAe,EAAE,AAA4BC,GAAiB,EAAiD;QAC9H,OAAO,IAAI,CAACC,WAAW,CAACC,UAAU,CAACH,MAAMC,KAAK;IAChD;IAIAG,OAAO,AAA4BH,GAAiB,EAAE;QACpD,OAAO,IAAI,CAACC,WAAW,CAACG,YAAY,CAACJ;IACvC;IAKAK,eAAe,AAAWN,IAAe,EAAE,AAA4BC,GAAiB,EAA6B;QACnH,OAAO,IAAI,CAACC,WAAW,CAACI,cAAc,CAACN,MAAMC;IAC/C;IAKAM,MAAM,AAAWP,IAAe,EAA6B;QAC3D,OAAO,IAAI,CAACE,WAAW,CAACM,SAAS,CAACR;IACpC;IAKAS,aAAa,AAAWT,IAAe,EAA6B;QAClE,OAAO,IAAI,CAACE,WAAW,CAACM,SAAS,CAACR,MAAM;IAC1C;IAIAU,eAAyC;QACvC,OAAO,IAAI,CAACR,WAAW,CAACQ,YAAY;IACtC;IAEA,eAAe,GAEf,AAGAC,UAAU,AAAWX,IAAe,EAAuB;QACzD,OAAO,IAAI,CAACY,eAAe,CAACC,aAAa,CAACb;IAC5C;IAKAc,YAAY,AAAQC,IAAgC,EAAE,AAAOC,GAAgC,EAA8B;QACzH,OAAO,IAAI,CAACJ,eAAe,CAACK,eAAe,CAACF,MAAMC;IACpD;IAKAE,aAAa,AAAQH,IAAgC,EAAE,AAAOC,GAAgC,EAA8B;QAC1H,OAAO,IAAI,CAACJ,eAAe,CAACO,gBAAgB,CAACJ,MAAMC;IACrD;IAEA,MAGMI,WACJ,AAAQL,IAAoB,EAC5B,AAAOC,GAAgC,EACvC,AAA4Bf,GAAiB,EACE;QAC/C,MAAM,CAACoB,YAAYrB,KAAK,GAAG,MAAM,IAAI,CAACY,eAAe,CAACU,MAAM,CAACP,MAAMC,KAAK;QACxE,IAAIK,WAAWE,OAAO,EAAE;YACtB,MAAMC,mBAAmB,MAAM,IAAI,CAACtB,WAAW,CAACC,UAAU,CAACH,MAAMC;YACjE,iCAAiC;YACjCA,IAAIwB,WAAW,CAACC,gBAAU,EAAE;gBAAEC,MAAMC,iBAAW,CAACC,0BAAU,CAACC,UAAU,CAAC;gBAAEC,UAAU;YAAK;YACvF,OAAO;gBAAE,GAAGP,gBAAgB;gBAAE,GAAGH,UAAU;YAAC;QAC9C;QACA,OAAOA;IACT;IAKAW,WAAW,AAA2BC,MAAc,EAA8B;QAChF,OAAO,IAAI,CAACrB,eAAe,CAACsB,mBAAmB,CAACD;IAClD;IA3FA,YACE,AAAiB/B,WAAwB,EACzC,AAAiBU,eAAgC,CACjD;aAFiBV,cAAAA;aACAU,kBAAAA;IAChB;AAyFL;;yCAvFmBuB;;;;;QAGwBC,aAAa;;;;;;;;;;yCAIrCC;;;QAEHD,aAAa;;;;;;;;;yCAIVE;;;;;QAGiCF,aAAa;;;;;;;;;;yCAI9CG;;;;;;;;;;;yCAOAC;;;;;;;;;;;wCAODC;;;;;;;wBAQRC,kBAAU,CAACC,WAAW,CAAC,CAAC,EAAED,kBAAU,CAACE,aAAa;;sDAElCC;;;;;;;;;yBAKfH,kBAAU,CAACC,WAAW,CAAC,CAAC,EAAED,kBAAU,CAACE,aAAa;;sDAEnCC;;;;;;;;;;;yBAKfH,kBAAU,CAACC,WAAW,CAAC,CAAC,EAAED,kBAAU,CAACI,cAAc;;sDAEpCD;;;;;;;;;;;yBAKfH,kBAAU,CAACC,WAAW,CAAC,CAAC,EAAED,kBAAU,CAACK,mBAAmB;;sDAEzCF;;;;QAIfT,aAAa;;;;;;;;;;;yBAYbM,kBAAU,CAACC,WAAW,CAAC,CAAC,EAAED,kBAAU,CAACM,uBAAuB,CAAC,IAAI;;sDAElDC;;;;;;;;;+CA1FHC"}

package/server/authentication/auth.controller.spec.js

@@ -1,8 +1,4 @@
-/*
- * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
- * This file is part of Sync-in | The open source file sync and share solution
- * See the LICENSE file for licensing details
- */ "use strict";
+"use strict";
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
@@ -20,12 +16,12 @@ const _configenvironment = require("../configuration/config.environment");
 const _cacheservice = require("../infrastructure/cache/services/cache.service");
 const _constants = require("../infrastructure/database/constants");
 const _authcontroller = require("./auth.controller");
+const _authservice = require("./auth.service");
 const _auth = require("./constants/auth");
 const _loginresponsedto = require("./dto/login-response.dto");
-const _authtwofaguard = require("./guards/auth-two-fa-guard");
 const _tokeninterface = require("./interfaces/token.interface");
-const _authmanagerservice = require("./services/auth-manager.service");
-const _authmethodtwofaservice = require("./services/auth-methods/auth-method-two-fa.service");
+const _authprovidertwofaservice = require("./providers/two-fa/auth-provider-two-fa.service");
+const _authtwofaguard = require("./providers/two-fa/auth-two-fa-guard");
 describe(_authcontroller.AuthController.name, ()=>{
     let module;
     let authController;
@@ -47,9 +43,9 @@ describe(_authcontroller.AuthController.name, ()=>{
             ],
             providers: [
                 _config.ConfigService,
-                _authmanagerservice.AuthManager,
+                _authservice.AuthManager,
                 _jwt.JwtService,
-                _authmethodtwofaservice.AuthMethod2FA,
+                _authprovidertwofaservice.AuthProvider2FA,
                 _authtwofaguard.AuthTwoFaGuard,
                 {
                     provide: _constants.DB_TOKEN_PROVIDER,

package/server/authentication/auth.controller.spec.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../backend/src/authentication/auth.controller.spec.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { ConfigModule, ConfigService } from '@nestjs/config'\nimport { JwtService } from '@nestjs/jwt'\nimport { PassportModule } from '@nestjs/passport'\nimport { Test, TestingModule } from '@nestjs/testing'\nimport { NotificationsManager } from '../applications/notifications/services/notifications-manager.service'\nimport { UserModel } from '../applications/users/models/user.model'\nimport { UsersManager } from '../applications/users/services/users-manager.service'\nimport { generateUserTest } from '../applications/users/utils/test'\nimport { convertHumanTimeToSeconds } from '../common/functions'\nimport { currentTimeStamp } from '../common/shared'\nimport { exportConfiguration } from '../configuration/config.environment'\nimport { Cache } from '../infrastructure/cache/services/cache.service'\nimport { DB_TOKEN_PROVIDER } from '../infrastructure/database/constants'\nimport { AuthConfig } from './auth.config'\nimport { AuthController } from './auth.controller'\nimport { TOKEN_PATHS } from './constants/auth'\nimport { LoginResponseDto } from './dto/login-response.dto'\nimport { AuthTwoFaGuard } from './guards/auth-two-fa-guard'\nimport { TOKEN_TYPE } from './interfaces/token.interface'\nimport { AuthManager } from './services/auth-manager.service'\nimport { AuthMethod2FA } from './services/auth-methods/auth-method-two-fa.service'\n\ndescribe(AuthController.name, () => {\n  let module: TestingModule\n  let authController: AuthController\n  let authConfig: AuthConfig\n  let userTest: UserModel\n\n  beforeAll(async () => {\n    module = await Test.createTestingModule({\n      imports: [await ConfigModule.forRoot({ load: [exportConfiguration], isGlobal: true }), PassportModule],\n      controllers: [AuthController],\n      providers: [\n        ConfigService,\n        AuthManager,\n        JwtService,\n        AuthMethod2FA,\n        AuthTwoFaGuard,\n        { provide: DB_TOKEN_PROVIDER, useValue: {} },\n        { provide: Cache, useValue: {} },\n        { provide: UsersManager, useValue: {} },\n        { provide: NotificationsManager, useValue: {} }\n      ]\n    }).compile()\n\n    module.useLogger(['fatal'])\n    authConfig = module.get<ConfigService>(ConfigService).get<AuthConfig>('auth')\n    authController = module.get<AuthController>(AuthController)\n    userTest = new UserModel({ ...generateUserTest(), id: 888 }, false)\n  })\n\n  afterAll(async () => {\n    await module.close()\n  })\n\n  it('should be defined', () => {\n    expect(authConfig).toBeDefined()\n    expect(authController).toBeDefined()\n    expect(userTest).toBeDefined()\n  })\n\n  it('should set JWT in cookies', async () => {\n    const res: any = { setCookie: jest.fn() }\n    const result = await authController.login(userTest, res)\n    expect(result).toBeDefined()\n    expect(result).toBeInstanceOf(LoginResponseDto)\n    expect(res.setCookie).toHaveBeenCalledTimes(4)\n    expect(result.token.access_expiration).toBeCloseTo(convertHumanTimeToSeconds(authConfig.token.access.expiration) + currentTimeStamp(), -1)\n    expect(result.token.refresh_expiration).toBeCloseTo(convertHumanTimeToSeconds(authConfig.token.refresh.expiration) + currentTimeStamp(), -1)\n  })\n\n  it('should clear JWT in cookies', async () => {\n    const res: any = { clearCookie: jest.fn() }\n    await expect(authController.logout(res)).resolves.not.toThrow()\n    expect(res.clearCookie).toHaveBeenCalledTimes(Object.keys(TOKEN_PATHS).length)\n  })\n\n  it('should refresh JWT in cookies', async () => {\n    userTest.exp = currentTimeStamp() + convertHumanTimeToSeconds('30s')\n    const res: any = { setCookie: jest.fn() }\n    const result = await authController.refreshCookies(userTest, res)\n    expect(result).toBeDefined()\n    expect(res.setCookie).toHaveBeenCalledTimes(4)\n    expect(result.access_expiration).toBeCloseTo(convertHumanTimeToSeconds(authConfig.token.access.expiration) + currentTimeStamp(), -1)\n    expect(result.refresh_expiration).toBe(userTest.exp)\n  })\n\n  it('should not refresh JWT in cookies', async () => {\n    userTest.exp = currentTimeStamp() - 1\n    const res: any = { setCookie: jest.fn() }\n    await expect(authController.refreshCookies(userTest, res)).rejects.toThrow()\n  })\n\n  it('should get JWT in response body', async () => {\n    const result = await authController.token(userTest)\n    expect(result[TOKEN_TYPE.ACCESS]).toBeDefined()\n    expect(result[TOKEN_TYPE.REFRESH]).toBeDefined()\n    expect(result[`${TOKEN_TYPE.ACCESS}_expiration`]).toBeCloseTo(\n      convertHumanTimeToSeconds(authConfig.token.access.expiration) + currentTimeStamp(),\n      -1\n    )\n    expect(result[`${TOKEN_TYPE.REFRESH}_expiration`]).toBeCloseTo(\n      convertHumanTimeToSeconds(authConfig.token.refresh.expiration) + currentTimeStamp(),\n      -1\n    )\n  })\n\n  it('should refresh JWT in response body', async () => {\n    userTest.exp = currentTimeStamp() + convertHumanTimeToSeconds('30s')\n    const result = await authController.refreshToken(userTest)\n    expect(result[TOKEN_TYPE.ACCESS]).toBeDefined()\n    expect(result[TOKEN_TYPE.REFRESH]).toBeDefined()\n    expect(result[`${TOKEN_TYPE.ACCESS}_expiration`]).toBeCloseTo(\n      convertHumanTimeToSeconds(authConfig.token.access.expiration) + currentTimeStamp(),\n      -1\n    )\n    expect(result[`${TOKEN_TYPE.REFRESH}_expiration`]).toBe(userTest.exp)\n  })\n\n  it('should not refresh JWT in response body', async () => {\n    userTest.exp = currentTimeStamp() - 1\n    await expect(authController.refreshToken(userTest)).rejects.toThrow()\n  })\n})\n"],"names":["describe","AuthController","name","module","authController","authConfig","userTest","beforeAll","Test","createTestingModule","imports","ConfigModule","forRoot","load","exportConfiguration","isGlobal","PassportModule","controllers","providers","ConfigService","AuthManager","JwtService","AuthMethod2FA","AuthTwoFaGuard","provide","DB_TOKEN_PROVIDER","useValue","Cache","UsersManager","NotificationsManager","compile","useLogger","get","UserModel","generateUserTest","id","afterAll","close","it","expect","toBeDefined","res","setCookie","jest","fn","result","login","toBeInstanceOf","LoginResponseDto","toHaveBeenCalledTimes","token","access_expiration","toBeCloseTo","convertHumanTimeToSeconds","access","expiration","currentTimeStamp","refresh_expiration","refresh","clearCookie","logout","resolves","not","toThrow","Object","keys","TOKEN_PATHS","length","exp","refreshCookies","toBe","rejects","TOKEN_TYPE","ACCESS","REFRESH","refreshToken"],"mappings":"AAAA;;;;CAIC;;;;wBAE2C;qBACjB;0BACI;yBACK;6CACC;2BACX;qCACG;sBACI;2BACS;wBACT;mCACG;8BACd;2BACY;gCAEH;sBACH;kCACK;gCACF;gCACJ;oCACC;wCACE;AAE9BA,SAASC,8BAAc,CAACC,IAAI,EAAE;IAC5B,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAEJC,UAAU;QACRJ,SAAS,MAAMK,aAAI,CAACC,mBAAmB,CAAC;YACtCC,SAAS;gBAAC,MAAMC,oBAAY,CAACC,OAAO,CAAC;oBAAEC,MAAM;wBAACC,sCAAmB;qBAAC;oBAAEC,UAAU;gBAAK;gBAAIC,wBAAc;aAAC;YACtGC,aAAa;gBAAChB,8BAAc;aAAC;YAC7BiB,WAAW;gBACTC,qBAAa;gBACbC,+BAAW;gBACXC,eAAU;gBACVC,qCAAa;gBACbC,8BAAc;gBACd;oBAAEC,SAASC,4BAAiB;oBAAEC,UAAU,CAAC;gBAAE;gBAC3C;oBAAEF,SAASG,mBAAK;oBAAED,UAAU,CAAC;gBAAE;gBAC/B;oBAAEF,SAASI,iCAAY;oBAAEF,UAAU,CAAC;gBAAE;gBACtC;oBAAEF,SAASK,iDAAoB;oBAAEH,UAAU,CAAC;gBAAE;aAC/C;QACH,GAAGI,OAAO;QAEV3B,OAAO4B,SAAS,CAAC;YAAC;SAAQ;QAC1B1B,aAAaF,OAAO6B,GAAG,CAAgBb,qBAAa,EAAEa,GAAG,CAAa;QACtE5B,iBAAiBD,OAAO6B,GAAG,CAAiB/B,8BAAc;QAC1DK,WAAW,IAAI2B,oBAAS,CAAC;YAAE,GAAGC,IAAAA,sBAAgB,GAAE;YAAEC,IAAI;QAAI,GAAG;IAC/D;IAEAC,SAAS;QACP,MAAMjC,OAAOkC,KAAK;IACpB;IAEAC,GAAG,qBAAqB;QACtBC,OAAOlC,YAAYmC,WAAW;QAC9BD,OAAOnC,gBAAgBoC,WAAW;QAClCD,OAAOjC,UAAUkC,WAAW;IAC9B;IAEAF,GAAG,6BAA6B;QAC9B,MAAMG,MAAW;YAAEC,WAAWC,KAAKC,EAAE;QAAG;QACxC,MAAMC,SAAS,MAAMzC,eAAe0C,KAAK,CAACxC,UAAUmC;QACpDF,OAAOM,QAAQL,WAAW;QAC1BD,OAAOM,QAAQE,cAAc,CAACC,kCAAgB;QAC9CT,OAAOE,IAAIC,SAAS,EAAEO,qBAAqB,CAAC;QAC5CV,OAAOM,OAAOK,KAAK,CAACC,iBAAiB,EAAEC,WAAW,CAACC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACI,MAAM,CAACC,UAAU,IAAIC,IAAAA,wBAAgB,KAAI,CAAC;QACxIjB,OAAOM,OAAOK,KAAK,CAACO,kBAAkB,EAAEL,WAAW,CAACC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACQ,OAAO,CAACH,UAAU,IAAIC,IAAAA,wBAAgB,KAAI,CAAC;IAC5I;IAEAlB,GAAG,+BAA+B;QAChC,MAAMG,MAAW;YAAEkB,aAAahB,KAAKC,EAAE;QAAG;QAC1C,MAAML,OAAOnC,eAAewD,MAAM,CAACnB,MAAMoB,QAAQ,CAACC,GAAG,CAACC,OAAO;QAC7DxB,OAAOE,IAAIkB,WAAW,EAAEV,qBAAqB,CAACe,OAAOC,IAAI,CAACC,iBAAW,EAAEC,MAAM;IAC/E;IAEA7B,GAAG,iCAAiC;QAClChC,SAAS8D,GAAG,GAAGZ,IAAAA,wBAAgB,MAAKH,IAAAA,oCAAyB,EAAC;QAC9D,MAAMZ,MAAW;YAAEC,WAAWC,KAAKC,EAAE;QAAG;QACxC,MAAMC,SAAS,MAAMzC,eAAeiE,cAAc,CAAC/D,UAAUmC;QAC7DF,OAAOM,QAAQL,WAAW;QAC1BD,OAAOE,IAAIC,SAAS,EAAEO,qBAAqB,CAAC;QAC5CV,OAAOM,OAAOM,iBAAiB,EAAEC,WAAW,CAACC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACI,MAAM,CAACC,UAAU,IAAIC,IAAAA,wBAAgB,KAAI,CAAC;QAClIjB,OAAOM,OAAOY,kBAAkB,EAAEa,IAAI,CAAChE,SAAS8D,GAAG;IACrD;IAEA9B,GAAG,qCAAqC;QACtChC,SAAS8D,GAAG,GAAGZ,IAAAA,wBAAgB,MAAK;QACpC,MAAMf,MAAW;YAAEC,WAAWC,KAAKC,EAAE;QAAG;QACxC,MAAML,OAAOnC,eAAeiE,cAAc,CAAC/D,UAAUmC,MAAM8B,OAAO,CAACR,OAAO;IAC5E;IAEAzB,GAAG,mCAAmC;QACpC,MAAMO,SAAS,MAAMzC,eAAe8C,KAAK,CAAC5C;QAC1CiC,OAAOM,MAAM,CAAC2B,0BAAU,CAACC,MAAM,CAAC,EAAEjC,WAAW;QAC7CD,OAAOM,MAAM,CAAC2B,0BAAU,CAACE,OAAO,CAAC,EAAElC,WAAW;QAC9CD,OAAOM,MAAM,CAAC,GAAG2B,0BAAU,CAACC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAErB,WAAW,CAC3DC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACI,MAAM,CAACC,UAAU,IAAIC,IAAAA,wBAAgB,KAChF,CAAC;QAEHjB,OAAOM,MAAM,CAAC,GAAG2B,0BAAU,CAACE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAEtB,WAAW,CAC5DC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACQ,OAAO,CAACH,UAAU,IAAIC,IAAAA,wBAAgB,KACjF,CAAC;IAEL;IAEAlB,GAAG,uCAAuC;QACxChC,SAAS8D,GAAG,GAAGZ,IAAAA,wBAAgB,MAAKH,IAAAA,oCAAyB,EAAC;QAC9D,MAAMR,SAAS,MAAMzC,eAAeuE,YAAY,CAACrE;QACjDiC,OAAOM,MAAM,CAAC2B,0BAAU,CAACC,MAAM,CAAC,EAAEjC,WAAW;QAC7CD,OAAOM,MAAM,CAAC2B,0BAAU,CAACE,OAAO,CAAC,EAAElC,WAAW;QAC9CD,OAAOM,MAAM,CAAC,GAAG2B,0BAAU,CAACC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAErB,WAAW,CAC3DC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACI,MAAM,CAACC,UAAU,IAAIC,IAAAA,wBAAgB,KAChF,CAAC;QAEHjB,OAAOM,MAAM,CAAC,GAAG2B,0BAAU,CAACE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAEJ,IAAI,CAAChE,SAAS8D,GAAG;IACtE;IAEA9B,GAAG,2CAA2C;QAC5ChC,SAAS8D,GAAG,GAAGZ,IAAAA,wBAAgB,MAAK;QACpC,MAAMjB,OAAOnC,eAAeuE,YAAY,CAACrE,WAAWiE,OAAO,CAACR,OAAO;IACrE;AACF"}
+{"version":3,"sources":["../../../backend/src/authentication/auth.controller.spec.ts"],"sourcesContent":["import { ConfigModule, ConfigService } from '@nestjs/config'\nimport { JwtService } from '@nestjs/jwt'\nimport { PassportModule } from '@nestjs/passport'\nimport { Test, TestingModule } from '@nestjs/testing'\nimport { NotificationsManager } from '../applications/notifications/services/notifications-manager.service'\nimport { UserModel } from '../applications/users/models/user.model'\nimport { UsersManager } from '../applications/users/services/users-manager.service'\nimport { generateUserTest } from '../applications/users/utils/test'\nimport { convertHumanTimeToSeconds } from '../common/functions'\nimport { currentTimeStamp } from '../common/shared'\nimport { exportConfiguration } from '../configuration/config.environment'\nimport { Cache } from '../infrastructure/cache/services/cache.service'\nimport { DB_TOKEN_PROVIDER } from '../infrastructure/database/constants'\nimport { AuthConfig } from './auth.config'\nimport { AuthController } from './auth.controller'\nimport { AuthManager } from './auth.service'\nimport { TOKEN_PATHS } from './constants/auth'\nimport { LoginResponseDto } from './dto/login-response.dto'\nimport { TOKEN_TYPE } from './interfaces/token.interface'\nimport { AuthProvider2FA } from './providers/two-fa/auth-provider-two-fa.service'\nimport { AuthTwoFaGuard } from './providers/two-fa/auth-two-fa-guard'\n\ndescribe(AuthController.name, () => {\n  let module: TestingModule\n  let authController: AuthController\n  let authConfig: AuthConfig\n  let userTest: UserModel\n\n  beforeAll(async () => {\n    module = await Test.createTestingModule({\n      imports: [await ConfigModule.forRoot({ load: [exportConfiguration], isGlobal: true }), PassportModule],\n      controllers: [AuthController],\n      providers: [\n        ConfigService,\n        AuthManager,\n        JwtService,\n        AuthProvider2FA,\n        AuthTwoFaGuard,\n        { provide: DB_TOKEN_PROVIDER, useValue: {} },\n        { provide: Cache, useValue: {} },\n        { provide: UsersManager, useValue: {} },\n        { provide: NotificationsManager, useValue: {} }\n      ]\n    }).compile()\n\n    module.useLogger(['fatal'])\n    authConfig = module.get<ConfigService>(ConfigService).get<AuthConfig>('auth')\n    authController = module.get<AuthController>(AuthController)\n    userTest = new UserModel({ ...generateUserTest(), id: 888 }, false)\n  })\n\n  afterAll(async () => {\n    await module.close()\n  })\n\n  it('should be defined', () => {\n    expect(authConfig).toBeDefined()\n    expect(authController).toBeDefined()\n    expect(userTest).toBeDefined()\n  })\n\n  it('should set JWT in cookies', async () => {\n    const res: any = { setCookie: jest.fn() }\n    const result = await authController.login(userTest, res)\n    expect(result).toBeDefined()\n    expect(result).toBeInstanceOf(LoginResponseDto)\n    expect(res.setCookie).toHaveBeenCalledTimes(4)\n    expect(result.token.access_expiration).toBeCloseTo(convertHumanTimeToSeconds(authConfig.token.access.expiration) + currentTimeStamp(), -1)\n    expect(result.token.refresh_expiration).toBeCloseTo(convertHumanTimeToSeconds(authConfig.token.refresh.expiration) + currentTimeStamp(), -1)\n  })\n\n  it('should clear JWT in cookies', async () => {\n    const res: any = { clearCookie: jest.fn() }\n    await expect(authController.logout(res)).resolves.not.toThrow()\n    expect(res.clearCookie).toHaveBeenCalledTimes(Object.keys(TOKEN_PATHS).length)\n  })\n\n  it('should refresh JWT in cookies', async () => {\n    userTest.exp = currentTimeStamp() + convertHumanTimeToSeconds('30s')\n    const res: any = { setCookie: jest.fn() }\n    const result = await authController.refreshCookies(userTest, res)\n    expect(result).toBeDefined()\n    expect(res.setCookie).toHaveBeenCalledTimes(4)\n    expect(result.access_expiration).toBeCloseTo(convertHumanTimeToSeconds(authConfig.token.access.expiration) + currentTimeStamp(), -1)\n    expect(result.refresh_expiration).toBe(userTest.exp)\n  })\n\n  it('should not refresh JWT in cookies', async () => {\n    userTest.exp = currentTimeStamp() - 1\n    const res: any = { setCookie: jest.fn() }\n    await expect(authController.refreshCookies(userTest, res)).rejects.toThrow()\n  })\n\n  it('should get JWT in response body', async () => {\n    const result = await authController.token(userTest)\n    expect(result[TOKEN_TYPE.ACCESS]).toBeDefined()\n    expect(result[TOKEN_TYPE.REFRESH]).toBeDefined()\n    expect(result[`${TOKEN_TYPE.ACCESS}_expiration`]).toBeCloseTo(\n      convertHumanTimeToSeconds(authConfig.token.access.expiration) + currentTimeStamp(),\n      -1\n    )\n    expect(result[`${TOKEN_TYPE.REFRESH}_expiration`]).toBeCloseTo(\n      convertHumanTimeToSeconds(authConfig.token.refresh.expiration) + currentTimeStamp(),\n      -1\n    )\n  })\n\n  it('should refresh JWT in response body', async () => {\n    userTest.exp = currentTimeStamp() + convertHumanTimeToSeconds('30s')\n    const result = await authController.refreshToken(userTest)\n    expect(result[TOKEN_TYPE.ACCESS]).toBeDefined()\n    expect(result[TOKEN_TYPE.REFRESH]).toBeDefined()\n    expect(result[`${TOKEN_TYPE.ACCESS}_expiration`]).toBeCloseTo(\n      convertHumanTimeToSeconds(authConfig.token.access.expiration) + currentTimeStamp(),\n      -1\n    )\n    expect(result[`${TOKEN_TYPE.REFRESH}_expiration`]).toBe(userTest.exp)\n  })\n\n  it('should not refresh JWT in response body', async () => {\n    userTest.exp = currentTimeStamp() - 1\n    await expect(authController.refreshToken(userTest)).rejects.toThrow()\n  })\n})\n"],"names":["describe","AuthController","name","module","authController","authConfig","userTest","beforeAll","Test","createTestingModule","imports","ConfigModule","forRoot","load","exportConfiguration","isGlobal","PassportModule","controllers","providers","ConfigService","AuthManager","JwtService","AuthProvider2FA","AuthTwoFaGuard","provide","DB_TOKEN_PROVIDER","useValue","Cache","UsersManager","NotificationsManager","compile","useLogger","get","UserModel","generateUserTest","id","afterAll","close","it","expect","toBeDefined","res","setCookie","jest","fn","result","login","toBeInstanceOf","LoginResponseDto","toHaveBeenCalledTimes","token","access_expiration","toBeCloseTo","convertHumanTimeToSeconds","access","expiration","currentTimeStamp","refresh_expiration","refresh","clearCookie","logout","resolves","not","toThrow","Object","keys","TOKEN_PATHS","length","exp","refreshCookies","toBe","rejects","TOKEN_TYPE","ACCESS","REFRESH","refreshToken"],"mappings":";;;;wBAA4C;qBACjB;0BACI;yBACK;6CACC;2BACX;qCACG;sBACI;2BACS;wBACT;mCACG;8BACd;2BACY;gCAEH;6BACH;sBACA;kCACK;gCACN;0CACK;gCACD;AAE/BA,SAASC,8BAAc,CAACC,IAAI,EAAE;IAC5B,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAEJC,UAAU;QACRJ,SAAS,MAAMK,aAAI,CAACC,mBAAmB,CAAC;YACtCC,SAAS;gBAAC,MAAMC,oBAAY,CAACC,OAAO,CAAC;oBAAEC,MAAM;wBAACC,sCAAmB;qBAAC;oBAAEC,UAAU;gBAAK;gBAAIC,wBAAc;aAAC;YACtGC,aAAa;gBAAChB,8BAAc;aAAC;YAC7BiB,WAAW;gBACTC,qBAAa;gBACbC,wBAAW;gBACXC,eAAU;gBACVC,yCAAe;gBACfC,8BAAc;gBACd;oBAAEC,SAASC,4BAAiB;oBAAEC,UAAU,CAAC;gBAAE;gBAC3C;oBAAEF,SAASG,mBAAK;oBAAED,UAAU,CAAC;gBAAE;gBAC/B;oBAAEF,SAASI,iCAAY;oBAAEF,UAAU,CAAC;gBAAE;gBACtC;oBAAEF,SAASK,iDAAoB;oBAAEH,UAAU,CAAC;gBAAE;aAC/C;QACH,GAAGI,OAAO;QAEV3B,OAAO4B,SAAS,CAAC;YAAC;SAAQ;QAC1B1B,aAAaF,OAAO6B,GAAG,CAAgBb,qBAAa,EAAEa,GAAG,CAAa;QACtE5B,iBAAiBD,OAAO6B,GAAG,CAAiB/B,8BAAc;QAC1DK,WAAW,IAAI2B,oBAAS,CAAC;YAAE,GAAGC,IAAAA,sBAAgB,GAAE;YAAEC,IAAI;QAAI,GAAG;IAC/D;IAEAC,SAAS;QACP,MAAMjC,OAAOkC,KAAK;IACpB;IAEAC,GAAG,qBAAqB;QACtBC,OAAOlC,YAAYmC,WAAW;QAC9BD,OAAOnC,gBAAgBoC,WAAW;QAClCD,OAAOjC,UAAUkC,WAAW;IAC9B;IAEAF,GAAG,6BAA6B;QAC9B,MAAMG,MAAW;YAAEC,WAAWC,KAAKC,EAAE;QAAG;QACxC,MAAMC,SAAS,MAAMzC,eAAe0C,KAAK,CAACxC,UAAUmC;QACpDF,OAAOM,QAAQL,WAAW;QAC1BD,OAAOM,QAAQE,cAAc,CAACC,kCAAgB;QAC9CT,OAAOE,IAAIC,SAAS,EAAEO,qBAAqB,CAAC;QAC5CV,OAAOM,OAAOK,KAAK,CAACC,iBAAiB,EAAEC,WAAW,CAACC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACI,MAAM,CAACC,UAAU,IAAIC,IAAAA,wBAAgB,KAAI,CAAC;QACxIjB,OAAOM,OAAOK,KAAK,CAACO,kBAAkB,EAAEL,WAAW,CAACC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACQ,OAAO,CAACH,UAAU,IAAIC,IAAAA,wBAAgB,KAAI,CAAC;IAC5I;IAEAlB,GAAG,+BAA+B;QAChC,MAAMG,MAAW;YAAEkB,aAAahB,KAAKC,EAAE;QAAG;QAC1C,MAAML,OAAOnC,eAAewD,MAAM,CAACnB,MAAMoB,QAAQ,CAACC,GAAG,CAACC,OAAO;QAC7DxB,OAAOE,IAAIkB,WAAW,EAAEV,qBAAqB,CAACe,OAAOC,IAAI,CAACC,iBAAW,EAAEC,MAAM;IAC/E;IAEA7B,GAAG,iCAAiC;QAClChC,SAAS8D,GAAG,GAAGZ,IAAAA,wBAAgB,MAAKH,IAAAA,oCAAyB,EAAC;QAC9D,MAAMZ,MAAW;YAAEC,WAAWC,KAAKC,EAAE;QAAG;QACxC,MAAMC,SAAS,MAAMzC,eAAeiE,cAAc,CAAC/D,UAAUmC;QAC7DF,OAAOM,QAAQL,WAAW;QAC1BD,OAAOE,IAAIC,SAAS,EAAEO,qBAAqB,CAAC;QAC5CV,OAAOM,OAAOM,iBAAiB,EAAEC,WAAW,CAACC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACI,MAAM,CAACC,UAAU,IAAIC,IAAAA,wBAAgB,KAAI,CAAC;QAClIjB,OAAOM,OAAOY,kBAAkB,EAAEa,IAAI,CAAChE,SAAS8D,GAAG;IACrD;IAEA9B,GAAG,qCAAqC;QACtChC,SAAS8D,GAAG,GAAGZ,IAAAA,wBAAgB,MAAK;QACpC,MAAMf,MAAW;YAAEC,WAAWC,KAAKC,EAAE;QAAG;QACxC,MAAML,OAAOnC,eAAeiE,cAAc,CAAC/D,UAAUmC,MAAM8B,OAAO,CAACR,OAAO;IAC5E;IAEAzB,GAAG,mCAAmC;QACpC,MAAMO,SAAS,MAAMzC,eAAe8C,KAAK,CAAC5C;QAC1CiC,OAAOM,MAAM,CAAC2B,0BAAU,CAACC,MAAM,CAAC,EAAEjC,WAAW;QAC7CD,OAAOM,MAAM,CAAC2B,0BAAU,CAACE,OAAO,CAAC,EAAElC,WAAW;QAC9CD,OAAOM,MAAM,CAAC,GAAG2B,0BAAU,CAACC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAErB,WAAW,CAC3DC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACI,MAAM,CAACC,UAAU,IAAIC,IAAAA,wBAAgB,KAChF,CAAC;QAEHjB,OAAOM,MAAM,CAAC,GAAG2B,0BAAU,CAACE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAEtB,WAAW,CAC5DC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACQ,OAAO,CAACH,UAAU,IAAIC,IAAAA,wBAAgB,KACjF,CAAC;IAEL;IAEAlB,GAAG,uCAAuC;QACxChC,SAAS8D,GAAG,GAAGZ,IAAAA,wBAAgB,MAAKH,IAAAA,oCAAyB,EAAC;QAC9D,MAAMR,SAAS,MAAMzC,eAAeuE,YAAY,CAACrE;QACjDiC,OAAOM,MAAM,CAAC2B,0BAAU,CAACC,MAAM,CAAC,EAAEjC,WAAW;QAC7CD,OAAOM,MAAM,CAAC2B,0BAAU,CAACE,OAAO,CAAC,EAAElC,WAAW;QAC9CD,OAAOM,MAAM,CAAC,GAAG2B,0BAAU,CAACC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAErB,WAAW,CAC3DC,IAAAA,oCAAyB,EAAChD,WAAW6C,KAAK,CAACI,MAAM,CAACC,UAAU,IAAIC,IAAAA,wBAAgB,KAChF,CAAC;QAEHjB,OAAOM,MAAM,CAAC,GAAG2B,0BAAU,CAACE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAEJ,IAAI,CAAChE,SAAS8D,GAAG;IACtE;IAEA9B,GAAG,2CAA2C;QAC5ChC,SAAS8D,GAAG,GAAGZ,IAAAA,wBAAgB,MAAK;QACpC,MAAMjB,OAAOnC,eAAeuE,YAAY,CAACrE,WAAWiE,OAAO,CAACR,OAAO;IACrE;AACF"}

package/server/authentication/auth.e2e-spec.js

@@ -1,8 +1,4 @@
-/*
- * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
- * This file is part of Sync-in | The open source file sync and share solution
- * See the LICENSE file for licensing details
- */ "use strict";
+"use strict";
 Object.defineProperty(exports, "__esModule", {
     value: true
 });

package/server/authentication/auth.e2e-spec.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../backend/src/authentication/auth.e2e-spec.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { ConfigService } from '@nestjs/config'\nimport { JwtService } from '@nestjs/jwt'\nimport { NestFastifyApplication } from '@nestjs/platform-fastify'\nimport { appBootstrap } from '../app.bootstrap'\nimport { USER_ROLE } from '../applications/users/constants/user'\nimport { DeleteUserDto } from '../applications/users/dto/delete-user.dto'\nimport { UserModel } from '../applications/users/models/user.model'\nimport { AdminUsersManager } from '../applications/users/services/admin-users-manager.service'\nimport { generateUserTest } from '../applications/users/utils/test'\nimport { convertHumanTimeToSeconds, transformAndValidate } from '../common/functions'\nimport { currentTimeStamp, decodeUrl } from '../common/shared'\nimport { dbCheckConnection } from '../infrastructure/database/utils'\nimport { AuthConfig } from './auth.config'\nimport { CSRF_ERROR, TOKEN_PATHS, TOKEN_TYPES } from './constants/auth'\nimport { API_AUTH_LOGIN, API_AUTH_LOGOUT, API_AUTH_REFRESH, API_AUTH_TOKEN, API_AUTH_TOKEN_REFRESH } from './constants/routes'\nimport { TokenResponseDto } from './dto/token-response.dto'\nimport { JwtPayload } from './interfaces/jwt-payload.interface'\nimport { TOKEN_TYPE } from './interfaces/token.interface'\n\ndescribe('Auth (e2e)', () => {\n  let app: NestFastifyApplication\n  let authConfig: AuthConfig\n  let jwtService: JwtService\n  let adminUsersManager: AdminUsersManager\n  let userTest: UserModel\n  let refreshToken: string\n  let csrfToken: string\n\n  beforeAll(async () => {\n    app = await appBootstrap()\n    await app.init()\n    await app.getHttpAdapter().getInstance().ready()\n    authConfig = app.get<ConfigService>(ConfigService).get<AuthConfig>('auth')\n    jwtService = app.get<JwtService>(JwtService)\n    adminUsersManager = app.get<AdminUsersManager>(AdminUsersManager)\n    userTest = new UserModel(generateUserTest(false), false)\n  })\n\n  afterAll(async () => {\n    await expect(\n      adminUsersManager.deleteUserOrGuest(userTest.id, userTest.login, { deleteSpace: true, isGuest: false } satisfies DeleteUserDto)\n    ).resolves.not.toThrow()\n    await app.close()\n  })\n\n  it('should be defined', () => {\n    expect(authConfig).toBeDefined()\n    expect(jwtService).toBeDefined()\n    expect(adminUsersManager).toBeDefined()\n    expect(userTest).toBeDefined()\n  })\n\n  it('should get the database connection', async () => {\n    expect(await dbCheckConnection(app)).toBe(true)\n  })\n\n  it(`POST ${API_AUTH_LOGIN} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGIN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_LOGIN} => 201`, async () => {\n    const userId = (await adminUsersManager.createUserOrGuest({ ...userTest }, USER_ROLE.USER)).id\n    expect(userId).toBeDefined()\n    userTest.id = userId\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGIN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(Object.keys(res.json())).toEqual(expect.arrayContaining(['user', 'token']))\n    expect(res.headers['set-cookie']).toHaveLength(4)\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = getCookies(res.headers['set-cookie'] as string[])\n    /* Access cookie\n        [\n        'sync-in-access=value,\n        'Max-Age=3600',\n        'Path=/',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* Refresh cookie\n        [\n        'sync-in-refresh=value,\n        'Max-Age=14400',\n        'Path=/api/auth/refresh',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* WS cookie\n        [\n        'sync-in-ws=value,\n        'Max-Age=14400',\n        'Path=/socket.io',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* CSRF cookie\n        [\n        'sync-in-csrf=value,\n        'Max-Age=14400',\n        'Path=/',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    cookiesChecks(cookies)\n    // Verify token\n    for (const cookie of cookies) {\n      const token = cookie.content[0].substring(cookie.content[0].indexOf('=') + 1)\n      if (cookie.type === TOKEN_TYPE.CSRF) {\n        // needed for the following tests\n        csrfToken = decodeUrl(token)\n        continue\n      }\n      const decodedToken: JwtPayload = await jwtService.verifyAsync(token, {\n        secret: authConfig.token[cookie.type].secret\n      })\n      expect(decodedToken.iat).toBeCloseTo(currentTimeStamp(), -1)\n      expect(decodedToken.exp).toBeCloseTo(currentTimeStamp() + convertHumanTimeToSeconds(authConfig.token[cookie.type].expiration), -1)\n      expect(decodedToken.identity.id).toBe(userTest.id)\n      if (cookie.type === TOKEN_TYPE.REFRESH) {\n        // needed for the following tests\n        refreshToken = token\n      }\n    }\n  })\n\n  it(`POST ${API_AUTH_LOGOUT} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGOUT,\n      body: null\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(res.headers['set-cookie']).toHaveLength(5)\n    /* Access cookie\n     [\n       'sync-in-access=',\n       'Max-Age=0',\n       'Path=/',\n       'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n       'HttpOnly',\n       'Secure',\n       'SameSite=Strict'\n     ]\n    */\n    /* Refresh cookie\n      [\n        'sync-in-refresh=',\n        'Max-Age=0',\n        'Path=/api/auth/refresh',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    /* WS cookie\n      [\n        'sync-in-ws=',\n        'Max-Age=0',\n        'Path=/socket.io',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    /* CSRF cookie\n      [\n        'sync-in-csrf=',\n        'Max-Age=0',\n        'Path=/api/auth/refresh',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    /* Access cookie 2FA\n      [\n        'sync-in-access=',\n        'Max-Age=0',\n        'Path=/api/auth/2fa/login/verify',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      headers: { [authConfig.token.csrf.name]: csrfToken },\n      url: API_AUTH_REFRESH,\n      cookies: { [authConfig.token.refresh.name]: refreshToken }\n    })\n    expect(res.statusCode).toEqual(201)\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = getCookies(res.headers['set-cookie'] as string[])\n    cookiesChecks(cookies)\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 401 (with CSRF)`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_REFRESH,\n      headers: { [authConfig.token.csrf.name]: csrfToken },\n      cookies: { [authConfig.token.refresh.name]: 'bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 403 (without CSRF)`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_REFRESH,\n      cookies: { [authConfig.token.refresh.name]: refreshToken }\n    })\n    expect(res.statusCode).toEqual(403)\n    expect(res.json().message).toEqual(CSRF_ERROR.MISSING_HEADERS)\n  })\n\n  it(`POST ${API_AUTH_TOKEN} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN,\n      body: { login: userTest.login, password: 'bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_TOKEN} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(201)\n    const content = res.json()\n    expect(() => transformAndValidate(TokenResponseDto, content)).not.toThrow()\n    for (const type of TOKEN_TYPES.filter((p) => p === TOKEN_TYPE.ACCESS || p === TOKEN_TYPE.REFRESH)) {\n      expect(content[type]).toBeDefined()\n      expect(content[`${type}_expiration`]).toBeCloseTo(currentTimeStamp() + convertHumanTimeToSeconds(authConfig.token[type].expiration), -1)\n    }\n  })\n\n  it(`POST ${API_AUTH_TOKEN_REFRESH} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN_REFRESH,\n      headers: { authorization: 'Bearer bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_TOKEN_REFRESH} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN_REFRESH,\n      headers: { authorization: `Bearer ${refreshToken}` }\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(() => transformAndValidate(TokenResponseDto, res.json())).not.toThrow()\n  })\n\n  function getCookies(setCookie: string[]): { type: TOKEN_TYPE; content: string[] }[] {\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = []\n    for (const c of setCookie) {\n      const cookieName = c.split('=')[0]\n      const cookieValues = c.split('; ')\n      switch (cookieName) {\n        case authConfig.token.access.name:\n          cookies.push({ type: TOKEN_TYPE.ACCESS, content: cookieValues })\n          break\n        case authConfig.token.refresh.name:\n          cookies.push({ type: TOKEN_TYPE.REFRESH, content: cookieValues })\n          break\n        case authConfig.token.ws.name:\n          cookies.push({ type: TOKEN_TYPE.WS, content: cookieValues })\n          break\n        case authConfig.token.csrf.name:\n          cookies.push({ type: TOKEN_TYPE.CSRF, content: cookieValues })\n          break\n      }\n    }\n    return cookies\n  }\n\n  function cookiesChecks(cookies: { type: TOKEN_TYPE; content: string[] }[], clear = false) {\n    for (const cookie of cookies) {\n      expect(cookie.content[0].split('=')[0]).toBe(authConfig.token[cookie.type].name)\n      expect(cookie.content[2].split('=')[1]).toBe(TOKEN_PATHS[cookie.type])\n      if (cookie.type === TOKEN_TYPE.CSRF) {\n        expect(cookie.content).not.toContain('HttpOnly')\n      } else {\n        expect(cookie.content).toContain('HttpOnly')\n      }\n      expect(cookie.content).not.toContain('Secure')\n      expect(cookie.content[cookie.content.length - 1].split('=')[1].toLowerCase()).toBe(authConfig.cookieSameSite)\n      if (clear) {\n        expect(cookie.content[0].split('=')[1]).toBe('')\n        expect(cookie.content[1].split('=')[1]).toBe('0')\n        expect(cookie.content[3].split('=')[1]).toBe('Thu, 01 Jan 1970 00:00:00 GMT')\n      } else {\n        expect(parseInt(cookie.content[1].split('=')[1])).toBeCloseTo(convertHumanTimeToSeconds(authConfig.token[cookie.type].expiration), -1)\n        expect(cookie.content[0].split('=')[1]).not.toBe('')\n      }\n    }\n  }\n})\n"],"names":["describe","app","authConfig","jwtService","adminUsersManager","userTest","refreshToken","csrfToken","beforeAll","appBootstrap","init","getHttpAdapter","getInstance","ready","get","ConfigService","JwtService","AdminUsersManager","UserModel","generateUserTest","afterAll","expect","deleteUserOrGuest","id","login","deleteSpace","isGuest","resolves","not","toThrow","close","it","toBeDefined","dbCheckConnection","toBe","API_AUTH_LOGIN","res","inject","method","url","body","password","statusCode","toEqual","userId","createUserOrGuest","USER_ROLE","USER","Object","keys","json","arrayContaining","headers","toHaveLength","cookies","getCookies","cookiesChecks","cookie","token","content","substring","indexOf","type","TOKEN_TYPE","CSRF","decodeUrl","decodedToken","verifyAsync","secret","iat","toBeCloseTo","currentTimeStamp","exp","convertHumanTimeToSeconds","expiration","identity","REFRESH","API_AUTH_LOGOUT","API_AUTH_REFRESH","csrf","name","refresh","message","CSRF_ERROR","MISSING_HEADERS","API_AUTH_TOKEN","transformAndValidate","TokenResponseDto","TOKEN_TYPES","filter","p","ACCESS","API_AUTH_TOKEN_REFRESH","authorization","setCookie","c","cookieName","split","cookieValues","access","push","ws","WS","clear","TOKEN_PATHS","toContain","length","toLowerCase","cookieSameSite","parseInt"],"mappings":"AAAA;;;;CAIC;;;;wBAE6B;qBACH;8BAEE;sBACH;2BAEA;0CACQ;sBACD;2BAC+B;wBACpB;uBACV;sBAEmB;wBACqD;kCACzE;gCAEN;AAE3BA,SAAS,cAAc;IACrB,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAEJC,UAAU;QACRP,MAAM,MAAMQ,IAAAA,0BAAY;QACxB,MAAMR,IAAIS,IAAI;QACd,MAAMT,IAAIU,cAAc,GAAGC,WAAW,GAAGC,KAAK;QAC9CX,aAAaD,IAAIa,GAAG,CAAgBC,qBAAa,EAAED,GAAG,CAAa;QACnEX,aAAaF,IAAIa,GAAG,CAAaE,eAAU;QAC3CZ,oBAAoBH,IAAIa,GAAG,CAAoBG,2CAAiB;QAChEZ,WAAW,IAAIa,oBAAS,CAACC,IAAAA,sBAAgB,EAAC,QAAQ;IACpD;IAEAC,SAAS;QACP,MAAMC,OACJjB,kBAAkBkB,iBAAiB,CAACjB,SAASkB,EAAE,EAAElB,SAASmB,KAAK,EAAE;YAAEC,aAAa;YAAMC,SAAS;QAAM,IACrGC,QAAQ,CAACC,GAAG,CAACC,OAAO;QACtB,MAAM5B,IAAI6B,KAAK;IACjB;IAEAC,GAAG,qBAAqB;QACtBV,OAAOnB,YAAY8B,WAAW;QAC9BX,OAAOlB,YAAY6B,WAAW;QAC9BX,OAAOjB,mBAAmB4B,WAAW;QACrCX,OAAOhB,UAAU2B,WAAW;IAC9B;IAEAD,GAAG,sCAAsC;QACvCV,OAAO,MAAMY,IAAAA,wBAAiB,EAAChC,MAAMiC,IAAI,CAAC;IAC5C;IAEAH,GAAG,CAAC,KAAK,EAAEI,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMC,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKJ,sBAAc;YACnBK,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAUpC,SAASoC,QAAQ;YAAC;QAC7D;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAEI,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMS,SAAS,AAAC,CAAA,MAAMxC,kBAAkByC,iBAAiB,CAAC;YAAE,GAAGxC,QAAQ;QAAC,GAAGyC,eAAS,CAACC,IAAI,CAAA,EAAGxB,EAAE;QAC9FF,OAAOuB,QAAQZ,WAAW;QAC1B3B,SAASkB,EAAE,GAAGqB;QACd,MAAMR,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKJ,sBAAc;YACnBK,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAUpC,SAASoC,QAAQ;YAAC;QAC7D;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAO2B,OAAOC,IAAI,CAACb,IAAIc,IAAI,KAAKP,OAAO,CAACtB,OAAO8B,eAAe,CAAC;YAAC;YAAQ;SAAQ;QAChF9B,OAAOe,IAAIgB,OAAO,CAAC,aAAa,EAAEC,YAAY,CAAC;QAC/C,MAAMC,UAAqDC,WAAWnB,IAAIgB,OAAO,CAAC,aAAa;QAC/F;;;;;;;;;KASC,GACD;;;;;;;;;KASC,GACD;;;;;;;;;KASC,GACD;;;;;;;;KAQC,GACDI,cAAcF;QACd,eAAe;QACf,KAAK,MAAMG,UAAUH,QAAS;YAC5B,MAAMI,QAAQD,OAAOE,OAAO,CAAC,EAAE,CAACC,SAAS,CAACH,OAAOE,OAAO,CAAC,EAAE,CAACE,OAAO,CAAC,OAAO;YAC3E,IAAIJ,OAAOK,IAAI,KAAKC,0BAAU,CAACC,IAAI,EAAE;gBACnC,iCAAiC;gBACjCzD,YAAY0D,IAAAA,iBAAS,EAACP;gBACtB;YACF;YACA,MAAMQ,eAA2B,MAAM/D,WAAWgE,WAAW,CAACT,OAAO;gBACnEU,QAAQlE,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACM,MAAM;YAC9C;YACA/C,OAAO6C,aAAaG,GAAG,EAAEC,WAAW,CAACC,IAAAA,wBAAgB,KAAI,CAAC;YAC1DlD,OAAO6C,aAAaM,GAAG,EAAEF,WAAW,CAACC,IAAAA,wBAAgB,MAAKE,IAAAA,oCAAyB,EAACvE,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACY,UAAU,GAAG,CAAC;YAChIrD,OAAO6C,aAAaS,QAAQ,CAACpD,EAAE,EAAEW,IAAI,CAAC7B,SAASkB,EAAE;YACjD,IAAIkC,OAAOK,IAAI,KAAKC,0BAAU,CAACa,OAAO,EAAE;gBACtC,iCAAiC;gBACjCtE,eAAeoD;YACjB;QACF;IACF;IAEA3B,GAAG,CAAC,KAAK,EAAE8C,uBAAe,CAAC,OAAO,CAAC,EAAE;QACnC,MAAMzC,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKsC,uBAAe;YACpBrC,MAAM;QACR;QACAnB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAOe,IAAIgB,OAAO,CAAC,aAAa,EAAEC,YAAY,CAAC;IAC/C;;;;;;;;;;IAUA,GACA;;;;;;;;;;IAUA,GACA;;;;;;;;;;IAUA,GACA;;;;;;;;;IASA,GACA;;;;;;;;;;IAUA,GACF;IAEAtB,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,OAAO,CAAC,EAAE;QACpC,MAAM1C,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRc,SAAS;gBAAE,CAAClD,WAAWwD,KAAK,CAACqB,IAAI,CAACC,IAAI,CAAC,EAAEzE;YAAU;YACnDgC,KAAKuC,wBAAgB;YACrBxB,SAAS;gBAAE,CAACpD,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE1E;YAAa;QAC3D;QACAe,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/B,MAAMW,UAAqDC,WAAWnB,IAAIgB,OAAO,CAAC,aAAa;QAC/FI,cAAcF;IAChB;IAEAvB,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,mBAAmB,CAAC,EAAE;QAChD,MAAM1C,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKuC,wBAAgB;YACrB1B,SAAS;gBAAE,CAAClD,WAAWwD,KAAK,CAACqB,IAAI,CAACC,IAAI,CAAC,EAAEzE;YAAU;YACnD+C,SAAS;gBAAE,CAACpD,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE;YAAM;QACpD;QACA3D,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,sBAAsB,CAAC,EAAE;QACnD,MAAM1C,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKuC,wBAAgB;YACrBxB,SAAS;gBAAE,CAACpD,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE1E;YAAa;QAC3D;QACAe,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAOe,IAAIc,IAAI,GAAGgC,OAAO,EAAEvC,OAAO,CAACwC,gBAAU,CAACC,eAAe;IAC/D;IAEArD,GAAG,CAAC,KAAK,EAAEsD,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMjD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAK8C,sBAAc;YACnB7C,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAU;YAAM;QACjD;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAEsD,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMjD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAK8C,sBAAc;YACnB7C,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAUpC,SAASoC,QAAQ;YAAC;QAC7D;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/B,MAAMgB,UAAUvB,IAAIc,IAAI;QACxB7B,OAAO,IAAMiE,IAAAA,+BAAoB,EAACC,kCAAgB,EAAE5B,UAAU/B,GAAG,CAACC,OAAO;QACzE,KAAK,MAAMiC,QAAQ0B,iBAAW,CAACC,MAAM,CAAC,CAACC,IAAMA,MAAM3B,0BAAU,CAAC4B,MAAM,IAAID,MAAM3B,0BAAU,CAACa,OAAO,EAAG;YACjGvD,OAAOsC,OAAO,CAACG,KAAK,EAAE9B,WAAW;YACjCX,OAAOsC,OAAO,CAAC,GAAGG,KAAK,WAAW,CAAC,CAAC,EAAEQ,WAAW,CAACC,IAAAA,wBAAgB,MAAKE,IAAAA,oCAAyB,EAACvE,WAAWwD,KAAK,CAACI,KAAK,CAACY,UAAU,GAAG,CAAC;QACxI;IACF;IAEA3C,GAAG,CAAC,KAAK,EAAE6D,8BAAsB,CAAC,OAAO,CAAC,EAAE;QAC1C,MAAMxD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKqD,8BAAsB;YAC3BxC,SAAS;gBAAEyC,eAAe;YAAa;QACzC;QACAxE,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAE6D,8BAAsB,CAAC,OAAO,CAAC,EAAE;QAC1C,MAAMxD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKqD,8BAAsB;YAC3BxC,SAAS;gBAAEyC,eAAe,CAAC,OAAO,EAAEvF,cAAc;YAAC;QACrD;QACAe,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAO,IAAMiE,IAAAA,+BAAoB,EAACC,kCAAgB,EAAEnD,IAAIc,IAAI,KAAKtB,GAAG,CAACC,OAAO;IAC9E;IAEA,SAAS0B,WAAWuC,SAAmB;QACrC,MAAMxC,UAAqD,EAAE;QAC7D,KAAK,MAAMyC,KAAKD,UAAW;YACzB,MAAME,aAAaD,EAAEE,KAAK,CAAC,IAAI,CAAC,EAAE;YAClC,MAAMC,eAAeH,EAAEE,KAAK,CAAC;YAC7B,OAAQD;gBACN,KAAK9F,WAAWwD,KAAK,CAACyC,MAAM,CAACnB,IAAI;oBAC/B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAAC4B,MAAM;wBAAEhC,SAASuC;oBAAa;oBAC9D;gBACF,KAAKhG,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI;oBAChC1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACa,OAAO;wBAAEjB,SAASuC;oBAAa;oBAC/D;gBACF,KAAKhG,WAAWwD,KAAK,CAAC2C,EAAE,CAACrB,IAAI;oBAC3B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACuC,EAAE;wBAAE3C,SAASuC;oBAAa;oBAC1D;gBACF,KAAKhG,WAAWwD,KAAK,CAACqB,IAAI,CAACC,IAAI;oBAC7B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACC,IAAI;wBAAEL,SAASuC;oBAAa;oBAC5D;YACJ;QACF;QACA,OAAO5C;IACT;IAEA,SAASE,cAAcF,OAAkD,EAAEiD,QAAQ,KAAK;QACtF,KAAK,MAAM9C,UAAUH,QAAS;YAC5BjC,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAChC,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACkB,IAAI;YAC/E3D,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAACsE,iBAAW,CAAC/C,OAAOK,IAAI,CAAC;YACrE,IAAIL,OAAOK,IAAI,KAAKC,0BAAU,CAACC,IAAI,EAAE;gBACnC3C,OAAOoC,OAAOE,OAAO,EAAE/B,GAAG,CAAC6E,SAAS,CAAC;YACvC,OAAO;gBACLpF,OAAOoC,OAAOE,OAAO,EAAE8C,SAAS,CAAC;YACnC;YACApF,OAAOoC,OAAOE,OAAO,EAAE/B,GAAG,CAAC6E,SAAS,CAAC;YACrCpF,OAAOoC,OAAOE,OAAO,CAACF,OAAOE,OAAO,CAAC+C,MAAM,GAAG,EAAE,CAACT,KAAK,CAAC,IAAI,CAAC,EAAE,CAACU,WAAW,IAAIzE,IAAI,CAAChC,WAAW0G,cAAc;YAC5G,IAAIL,OAAO;gBACTlF,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;gBAC7Cb,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;gBAC7Cb,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;YAC/C,OAAO;gBACLb,OAAOwF,SAASpD,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG3B,WAAW,CAACG,IAAAA,oCAAyB,EAACvE,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACY,UAAU,GAAG,CAAC;gBACpIrD,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAErE,GAAG,CAACM,IAAI,CAAC;YACnD;QACF;IACF;AACF"}
+{"version":3,"sources":["../../../backend/src/authentication/auth.e2e-spec.ts"],"sourcesContent":["import { ConfigService } from '@nestjs/config'\nimport { JwtService } from '@nestjs/jwt'\nimport { NestFastifyApplication } from '@nestjs/platform-fastify'\nimport { appBootstrap } from '../app.bootstrap'\nimport { USER_ROLE } from '../applications/users/constants/user'\nimport { DeleteUserDto } from '../applications/users/dto/delete-user.dto'\nimport { UserModel } from '../applications/users/models/user.model'\nimport { AdminUsersManager } from '../applications/users/services/admin-users-manager.service'\nimport { generateUserTest } from '../applications/users/utils/test'\nimport { convertHumanTimeToSeconds, transformAndValidate } from '../common/functions'\nimport { currentTimeStamp, decodeUrl } from '../common/shared'\nimport { dbCheckConnection } from '../infrastructure/database/utils'\nimport { AuthConfig } from './auth.config'\nimport { CSRF_ERROR, TOKEN_PATHS, TOKEN_TYPES } from './constants/auth'\nimport { API_AUTH_LOGIN, API_AUTH_LOGOUT, API_AUTH_REFRESH, API_AUTH_TOKEN, API_AUTH_TOKEN_REFRESH } from './constants/routes'\nimport { TokenResponseDto } from './dto/token-response.dto'\nimport { JwtPayload } from './interfaces/jwt-payload.interface'\nimport { TOKEN_TYPE } from './interfaces/token.interface'\n\ndescribe('Auth (e2e)', () => {\n  let app: NestFastifyApplication\n  let authConfig: AuthConfig\n  let jwtService: JwtService\n  let adminUsersManager: AdminUsersManager\n  let userTest: UserModel\n  let refreshToken: string\n  let csrfToken: string\n\n  beforeAll(async () => {\n    app = await appBootstrap()\n    await app.init()\n    await app.getHttpAdapter().getInstance().ready()\n    authConfig = app.get<ConfigService>(ConfigService).get<AuthConfig>('auth')\n    jwtService = app.get<JwtService>(JwtService)\n    adminUsersManager = app.get<AdminUsersManager>(AdminUsersManager)\n    userTest = new UserModel(generateUserTest(false), false)\n  })\n\n  afterAll(async () => {\n    await expect(\n      adminUsersManager.deleteUserOrGuest(userTest.id, userTest.login, { deleteSpace: true, isGuest: false } satisfies DeleteUserDto)\n    ).resolves.not.toThrow()\n    await app.close()\n  })\n\n  it('should be defined', () => {\n    expect(authConfig).toBeDefined()\n    expect(jwtService).toBeDefined()\n    expect(adminUsersManager).toBeDefined()\n    expect(userTest).toBeDefined()\n  })\n\n  it('should get the database connection', async () => {\n    expect(await dbCheckConnection(app)).toBe(true)\n  })\n\n  it(`POST ${API_AUTH_LOGIN} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGIN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_LOGIN} => 201`, async () => {\n    const userId = (await adminUsersManager.createUserOrGuest({ ...userTest }, USER_ROLE.USER)).id\n    expect(userId).toBeDefined()\n    userTest.id = userId\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGIN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(Object.keys(res.json())).toEqual(expect.arrayContaining(['user', 'token']))\n    expect(res.headers['set-cookie']).toHaveLength(4)\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = getCookies(res.headers['set-cookie'] as string[])\n    /* Access cookie\n        [\n        'sync-in-access=value,\n        'Max-Age=3600',\n        'Path=/',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* Refresh cookie\n        [\n        'sync-in-refresh=value,\n        'Max-Age=14400',\n        'Path=/api/auth/refresh',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* WS cookie\n        [\n        'sync-in-ws=value,\n        'Max-Age=14400',\n        'Path=/socket.io',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* CSRF cookie\n        [\n        'sync-in-csrf=value,\n        'Max-Age=14400',\n        'Path=/',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    cookiesChecks(cookies)\n    // Verify token\n    for (const cookie of cookies) {\n      const token = cookie.content[0].substring(cookie.content[0].indexOf('=') + 1)\n      if (cookie.type === TOKEN_TYPE.CSRF) {\n        // needed for the following tests\n        csrfToken = decodeUrl(token)\n        continue\n      }\n      const decodedToken: JwtPayload = await jwtService.verifyAsync(token, {\n        secret: authConfig.token[cookie.type].secret\n      })\n      expect(decodedToken.iat).toBeCloseTo(currentTimeStamp(), -1)\n      expect(decodedToken.exp).toBeCloseTo(currentTimeStamp() + convertHumanTimeToSeconds(authConfig.token[cookie.type].expiration), -1)\n      expect(decodedToken.identity.id).toBe(userTest.id)\n      if (cookie.type === TOKEN_TYPE.REFRESH) {\n        // needed for the following tests\n        refreshToken = token\n      }\n    }\n  })\n\n  it(`POST ${API_AUTH_LOGOUT} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGOUT,\n      body: null\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(res.headers['set-cookie']).toHaveLength(5)\n    /* Access cookie\n     [\n       'sync-in-access=',\n       'Max-Age=0',\n       'Path=/',\n       'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n       'HttpOnly',\n       'Secure',\n       'SameSite=Strict'\n     ]\n    */\n    /* Refresh cookie\n      [\n        'sync-in-refresh=',\n        'Max-Age=0',\n        'Path=/api/auth/refresh',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    /* WS cookie\n      [\n        'sync-in-ws=',\n        'Max-Age=0',\n        'Path=/socket.io',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    /* CSRF cookie\n      [\n        'sync-in-csrf=',\n        'Max-Age=0',\n        'Path=/api/auth/refresh',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    /* Access cookie 2FA\n      [\n        'sync-in-access=',\n        'Max-Age=0',\n        'Path=/api/auth/2fa/login/verify',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      headers: { [authConfig.token.csrf.name]: csrfToken },\n      url: API_AUTH_REFRESH,\n      cookies: { [authConfig.token.refresh.name]: refreshToken }\n    })\n    expect(res.statusCode).toEqual(201)\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = getCookies(res.headers['set-cookie'] as string[])\n    cookiesChecks(cookies)\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 401 (with CSRF)`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_REFRESH,\n      headers: { [authConfig.token.csrf.name]: csrfToken },\n      cookies: { [authConfig.token.refresh.name]: 'bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 403 (without CSRF)`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_REFRESH,\n      cookies: { [authConfig.token.refresh.name]: refreshToken }\n    })\n    expect(res.statusCode).toEqual(403)\n    expect(res.json().message).toEqual(CSRF_ERROR.MISSING_HEADERS)\n  })\n\n  it(`POST ${API_AUTH_TOKEN} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN,\n      body: { login: userTest.login, password: 'bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_TOKEN} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(201)\n    const content = res.json()\n    expect(() => transformAndValidate(TokenResponseDto, content)).not.toThrow()\n    for (const type of TOKEN_TYPES.filter((p) => p === TOKEN_TYPE.ACCESS || p === TOKEN_TYPE.REFRESH)) {\n      expect(content[type]).toBeDefined()\n      expect(content[`${type}_expiration`]).toBeCloseTo(currentTimeStamp() + convertHumanTimeToSeconds(authConfig.token[type].expiration), -1)\n    }\n  })\n\n  it(`POST ${API_AUTH_TOKEN_REFRESH} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN_REFRESH,\n      headers: { authorization: 'Bearer bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_TOKEN_REFRESH} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN_REFRESH,\n      headers: { authorization: `Bearer ${refreshToken}` }\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(() => transformAndValidate(TokenResponseDto, res.json())).not.toThrow()\n  })\n\n  function getCookies(setCookie: string[]): { type: TOKEN_TYPE; content: string[] }[] {\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = []\n    for (const c of setCookie) {\n      const cookieName = c.split('=')[0]\n      const cookieValues = c.split('; ')\n      switch (cookieName) {\n        case authConfig.token.access.name:\n          cookies.push({ type: TOKEN_TYPE.ACCESS, content: cookieValues })\n          break\n        case authConfig.token.refresh.name:\n          cookies.push({ type: TOKEN_TYPE.REFRESH, content: cookieValues })\n          break\n        case authConfig.token.ws.name:\n          cookies.push({ type: TOKEN_TYPE.WS, content: cookieValues })\n          break\n        case authConfig.token.csrf.name:\n          cookies.push({ type: TOKEN_TYPE.CSRF, content: cookieValues })\n          break\n      }\n    }\n    return cookies\n  }\n\n  function cookiesChecks(cookies: { type: TOKEN_TYPE; content: string[] }[], clear = false) {\n    for (const cookie of cookies) {\n      expect(cookie.content[0].split('=')[0]).toBe(authConfig.token[cookie.type].name)\n      expect(cookie.content[2].split('=')[1]).toBe(TOKEN_PATHS[cookie.type])\n      if (cookie.type === TOKEN_TYPE.CSRF) {\n        expect(cookie.content).not.toContain('HttpOnly')\n      } else {\n        expect(cookie.content).toContain('HttpOnly')\n      }\n      expect(cookie.content).not.toContain('Secure')\n      expect(cookie.content[cookie.content.length - 1].split('=')[1].toLowerCase()).toBe(authConfig.cookieSameSite)\n      if (clear) {\n        expect(cookie.content[0].split('=')[1]).toBe('')\n        expect(cookie.content[1].split('=')[1]).toBe('0')\n        expect(cookie.content[3].split('=')[1]).toBe('Thu, 01 Jan 1970 00:00:00 GMT')\n      } else {\n        expect(parseInt(cookie.content[1].split('=')[1])).toBeCloseTo(convertHumanTimeToSeconds(authConfig.token[cookie.type].expiration), -1)\n        expect(cookie.content[0].split('=')[1]).not.toBe('')\n      }\n    }\n  }\n})\n"],"names":["describe","app","authConfig","jwtService","adminUsersManager","userTest","refreshToken","csrfToken","beforeAll","appBootstrap","init","getHttpAdapter","getInstance","ready","get","ConfigService","JwtService","AdminUsersManager","UserModel","generateUserTest","afterAll","expect","deleteUserOrGuest","id","login","deleteSpace","isGuest","resolves","not","toThrow","close","it","toBeDefined","dbCheckConnection","toBe","API_AUTH_LOGIN","res","inject","method","url","body","password","statusCode","toEqual","userId","createUserOrGuest","USER_ROLE","USER","Object","keys","json","arrayContaining","headers","toHaveLength","cookies","getCookies","cookiesChecks","cookie","token","content","substring","indexOf","type","TOKEN_TYPE","CSRF","decodeUrl","decodedToken","verifyAsync","secret","iat","toBeCloseTo","currentTimeStamp","exp","convertHumanTimeToSeconds","expiration","identity","REFRESH","API_AUTH_LOGOUT","API_AUTH_REFRESH","csrf","name","refresh","message","CSRF_ERROR","MISSING_HEADERS","API_AUTH_TOKEN","transformAndValidate","TokenResponseDto","TOKEN_TYPES","filter","p","ACCESS","API_AUTH_TOKEN_REFRESH","authorization","setCookie","c","cookieName","split","cookieValues","access","push","ws","WS","clear","TOKEN_PATHS","toContain","length","toLowerCase","cookieSameSite","parseInt"],"mappings":";;;;wBAA8B;qBACH;8BAEE;sBACH;2BAEA;0CACQ;sBACD;2BAC+B;wBACpB;uBACV;sBAEmB;wBACqD;kCACzE;gCAEN;AAE3BA,SAAS,cAAc;IACrB,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAEJC,UAAU;QACRP,MAAM,MAAMQ,IAAAA,0BAAY;QACxB,MAAMR,IAAIS,IAAI;QACd,MAAMT,IAAIU,cAAc,GAAGC,WAAW,GAAGC,KAAK;QAC9CX,aAAaD,IAAIa,GAAG,CAAgBC,qBAAa,EAAED,GAAG,CAAa;QACnEX,aAAaF,IAAIa,GAAG,CAAaE,eAAU;QAC3CZ,oBAAoBH,IAAIa,GAAG,CAAoBG,2CAAiB;QAChEZ,WAAW,IAAIa,oBAAS,CAACC,IAAAA,sBAAgB,EAAC,QAAQ;IACpD;IAEAC,SAAS;QACP,MAAMC,OACJjB,kBAAkBkB,iBAAiB,CAACjB,SAASkB,EAAE,EAAElB,SAASmB,KAAK,EAAE;YAAEC,aAAa;YAAMC,SAAS;QAAM,IACrGC,QAAQ,CAACC,GAAG,CAACC,OAAO;QACtB,MAAM5B,IAAI6B,KAAK;IACjB;IAEAC,GAAG,qBAAqB;QACtBV,OAAOnB,YAAY8B,WAAW;QAC9BX,OAAOlB,YAAY6B,WAAW;QAC9BX,OAAOjB,mBAAmB4B,WAAW;QACrCX,OAAOhB,UAAU2B,WAAW;IAC9B;IAEAD,GAAG,sCAAsC;QACvCV,OAAO,MAAMY,IAAAA,wBAAiB,EAAChC,MAAMiC,IAAI,CAAC;IAC5C;IAEAH,GAAG,CAAC,KAAK,EAAEI,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMC,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKJ,sBAAc;YACnBK,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAUpC,SAASoC,QAAQ;YAAC;QAC7D;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAEI,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMS,SAAS,AAAC,CAAA,MAAMxC,kBAAkByC,iBAAiB,CAAC;YAAE,GAAGxC,QAAQ;QAAC,GAAGyC,eAAS,CAACC,IAAI,CAAA,EAAGxB,EAAE;QAC9FF,OAAOuB,QAAQZ,WAAW;QAC1B3B,SAASkB,EAAE,GAAGqB;QACd,MAAMR,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKJ,sBAAc;YACnBK,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAUpC,SAASoC,QAAQ;YAAC;QAC7D;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAO2B,OAAOC,IAAI,CAACb,IAAIc,IAAI,KAAKP,OAAO,CAACtB,OAAO8B,eAAe,CAAC;YAAC;YAAQ;SAAQ;QAChF9B,OAAOe,IAAIgB,OAAO,CAAC,aAAa,EAAEC,YAAY,CAAC;QAC/C,MAAMC,UAAqDC,WAAWnB,IAAIgB,OAAO,CAAC,aAAa;QAC/F;;;;;;;;;KASC,GACD;;;;;;;;;KASC,GACD;;;;;;;;;KASC,GACD;;;;;;;;KAQC,GACDI,cAAcF;QACd,eAAe;QACf,KAAK,MAAMG,UAAUH,QAAS;YAC5B,MAAMI,QAAQD,OAAOE,OAAO,CAAC,EAAE,CAACC,SAAS,CAACH,OAAOE,OAAO,CAAC,EAAE,CAACE,OAAO,CAAC,OAAO;YAC3E,IAAIJ,OAAOK,IAAI,KAAKC,0BAAU,CAACC,IAAI,EAAE;gBACnC,iCAAiC;gBACjCzD,YAAY0D,IAAAA,iBAAS,EAACP;gBACtB;YACF;YACA,MAAMQ,eAA2B,MAAM/D,WAAWgE,WAAW,CAACT,OAAO;gBACnEU,QAAQlE,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACM,MAAM;YAC9C;YACA/C,OAAO6C,aAAaG,GAAG,EAAEC,WAAW,CAACC,IAAAA,wBAAgB,KAAI,CAAC;YAC1DlD,OAAO6C,aAAaM,GAAG,EAAEF,WAAW,CAACC,IAAAA,wBAAgB,MAAKE,IAAAA,oCAAyB,EAACvE,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACY,UAAU,GAAG,CAAC;YAChIrD,OAAO6C,aAAaS,QAAQ,CAACpD,EAAE,EAAEW,IAAI,CAAC7B,SAASkB,EAAE;YACjD,IAAIkC,OAAOK,IAAI,KAAKC,0BAAU,CAACa,OAAO,EAAE;gBACtC,iCAAiC;gBACjCtE,eAAeoD;YACjB;QACF;IACF;IAEA3B,GAAG,CAAC,KAAK,EAAE8C,uBAAe,CAAC,OAAO,CAAC,EAAE;QACnC,MAAMzC,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKsC,uBAAe;YACpBrC,MAAM;QACR;QACAnB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAOe,IAAIgB,OAAO,CAAC,aAAa,EAAEC,YAAY,CAAC;IAC/C;;;;;;;;;;IAUA,GACA;;;;;;;;;;IAUA,GACA;;;;;;;;;;IAUA,GACA;;;;;;;;;IASA,GACA;;;;;;;;;;IAUA,GACF;IAEAtB,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,OAAO,CAAC,EAAE;QACpC,MAAM1C,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRc,SAAS;gBAAE,CAAClD,WAAWwD,KAAK,CAACqB,IAAI,CAACC,IAAI,CAAC,EAAEzE;YAAU;YACnDgC,KAAKuC,wBAAgB;YACrBxB,SAAS;gBAAE,CAACpD,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE1E;YAAa;QAC3D;QACAe,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/B,MAAMW,UAAqDC,WAAWnB,IAAIgB,OAAO,CAAC,aAAa;QAC/FI,cAAcF;IAChB;IAEAvB,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,mBAAmB,CAAC,EAAE;QAChD,MAAM1C,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKuC,wBAAgB;YACrB1B,SAAS;gBAAE,CAAClD,WAAWwD,KAAK,CAACqB,IAAI,CAACC,IAAI,CAAC,EAAEzE;YAAU;YACnD+C,SAAS;gBAAE,CAACpD,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE;YAAM;QACpD;QACA3D,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,sBAAsB,CAAC,EAAE;QACnD,MAAM1C,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKuC,wBAAgB;YACrBxB,SAAS;gBAAE,CAACpD,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE1E;YAAa;QAC3D;QACAe,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAOe,IAAIc,IAAI,GAAGgC,OAAO,EAAEvC,OAAO,CAACwC,gBAAU,CAACC,eAAe;IAC/D;IAEArD,GAAG,CAAC,KAAK,EAAEsD,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMjD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAK8C,sBAAc;YACnB7C,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAU;YAAM;QACjD;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAEsD,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMjD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAK8C,sBAAc;YACnB7C,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAUpC,SAASoC,QAAQ;YAAC;QAC7D;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/B,MAAMgB,UAAUvB,IAAIc,IAAI;QACxB7B,OAAO,IAAMiE,IAAAA,+BAAoB,EAACC,kCAAgB,EAAE5B,UAAU/B,GAAG,CAACC,OAAO;QACzE,KAAK,MAAMiC,QAAQ0B,iBAAW,CAACC,MAAM,CAAC,CAACC,IAAMA,MAAM3B,0BAAU,CAAC4B,MAAM,IAAID,MAAM3B,0BAAU,CAACa,OAAO,EAAG;YACjGvD,OAAOsC,OAAO,CAACG,KAAK,EAAE9B,WAAW;YACjCX,OAAOsC,OAAO,CAAC,GAAGG,KAAK,WAAW,CAAC,CAAC,EAAEQ,WAAW,CAACC,IAAAA,wBAAgB,MAAKE,IAAAA,oCAAyB,EAACvE,WAAWwD,KAAK,CAACI,KAAK,CAACY,UAAU,GAAG,CAAC;QACxI;IACF;IAEA3C,GAAG,CAAC,KAAK,EAAE6D,8BAAsB,CAAC,OAAO,CAAC,EAAE;QAC1C,MAAMxD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKqD,8BAAsB;YAC3BxC,SAAS;gBAAEyC,eAAe;YAAa;QACzC;QACAxE,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAE6D,8BAAsB,CAAC,OAAO,CAAC,EAAE;QAC1C,MAAMxD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKqD,8BAAsB;YAC3BxC,SAAS;gBAAEyC,eAAe,CAAC,OAAO,EAAEvF,cAAc;YAAC;QACrD;QACAe,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAO,IAAMiE,IAAAA,+BAAoB,EAACC,kCAAgB,EAAEnD,IAAIc,IAAI,KAAKtB,GAAG,CAACC,OAAO;IAC9E;IAEA,SAAS0B,WAAWuC,SAAmB;QACrC,MAAMxC,UAAqD,EAAE;QAC7D,KAAK,MAAMyC,KAAKD,UAAW;YACzB,MAAME,aAAaD,EAAEE,KAAK,CAAC,IAAI,CAAC,EAAE;YAClC,MAAMC,eAAeH,EAAEE,KAAK,CAAC;YAC7B,OAAQD;gBACN,KAAK9F,WAAWwD,KAAK,CAACyC,MAAM,CAACnB,IAAI;oBAC/B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAAC4B,MAAM;wBAAEhC,SAASuC;oBAAa;oBAC9D;gBACF,KAAKhG,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI;oBAChC1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACa,OAAO;wBAAEjB,SAASuC;oBAAa;oBAC/D;gBACF,KAAKhG,WAAWwD,KAAK,CAAC2C,EAAE,CAACrB,IAAI;oBAC3B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACuC,EAAE;wBAAE3C,SAASuC;oBAAa;oBAC1D;gBACF,KAAKhG,WAAWwD,KAAK,CAACqB,IAAI,CAACC,IAAI;oBAC7B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACC,IAAI;wBAAEL,SAASuC;oBAAa;oBAC5D;YACJ;QACF;QACA,OAAO5C;IACT;IAEA,SAASE,cAAcF,OAAkD,EAAEiD,QAAQ,KAAK;QACtF,KAAK,MAAM9C,UAAUH,QAAS;YAC5BjC,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAChC,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACkB,IAAI;YAC/E3D,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAACsE,iBAAW,CAAC/C,OAAOK,IAAI,CAAC;YACrE,IAAIL,OAAOK,IAAI,KAAKC,0BAAU,CAACC,IAAI,EAAE;gBACnC3C,OAAOoC,OAAOE,OAAO,EAAE/B,GAAG,CAAC6E,SAAS,CAAC;YACvC,OAAO;gBACLpF,OAAOoC,OAAOE,OAAO,EAAE8C,SAAS,CAAC;YACnC;YACApF,OAAOoC,OAAOE,OAAO,EAAE/B,GAAG,CAAC6E,SAAS,CAAC;YACrCpF,OAAOoC,OAAOE,OAAO,CAACF,OAAOE,OAAO,CAAC+C,MAAM,GAAG,EAAE,CAACT,KAAK,CAAC,IAAI,CAAC,EAAE,CAACU,WAAW,IAAIzE,IAAI,CAAChC,WAAW0G,cAAc;YAC5G,IAAIL,OAAO;gBACTlF,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;gBAC7Cb,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;gBAC7Cb,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;YAC/C,OAAO;gBACLb,OAAOwF,SAASpD,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG3B,WAAW,CAACG,IAAAA,oCAAyB,EAACvE,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACY,UAAU,GAAG,CAAC;gBACpIrD,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAErE,GAAG,CAACM,IAAI,CAAC;YACnD;QACF;IACF;AACF"}