npm - @sync-in/server - Versions diffs - 1.11.0 → 2.0.0 - Mend

@sync-in/server 1.11.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1040) hide show

package/server/authentication/constants/auth-ldap.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../backend/src/authentication/constants/auth-ldap.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nexport enum LDAP_LOGIN_ATTR {\n UID = 'uid',\n CN = 'cn',\n MAIL = 'mail',\n SAM = 'sAMAccountName',\n UPN = 'userPrincipalName'\n}\n\nexport const LDAP_COMMON_ATTR = {\n MAIL: 'mail',\n GIVEN_NAME: 'givenName',\n SN: 'sn',\n CN: 'cn',\n DISPLAY_NAME: 'displayName',\n MEMBER_OF: 'memberOf'\n} as const\n\nexport const ALL_LDAP_ATTRIBUTES = [...Object.values(LDAP_LOGIN_ATTR), ...Object.values(LDAP_COMMON_ATTR)]\n"],"names":["ALL_LDAP_ATTRIBUTES","LDAP_COMMON_ATTR","LDAP_LOGIN_ATTR","MAIL","GIVEN_NAME","SN","CN","DISPLAY_NAME","MEMBER_OF","Object","values"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAmBYA;eAAAA;;QATAC;eAAAA;;QARDC;eAAAA;;;AAAL,IAAA,AAAKA,yCAAAA;;;;;;WAAAA;;AAQL,MAAMD,mBAAmB;IAC9BE,MAAM;IACNC,YAAY;IACZC,IAAI;IACJC,IAAI;IACJC,cAAc;IACdC,WAAW;AACb;AAEO,MAAMR,sBAAsB;OAAIS,OAAOC,MAAM,CAACR;OAAqBO,OAAOC,MAAM,CAACT;CAAkB"}

package/server/authentication/dto/two-fa-verify.dto.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../backend/src/authentication/dto/two-fa-verify.dto.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { IsBoolean, IsNotEmpty, IsOptional, IsString } from 'class-validator'\n\nexport class TwoFaVerifyDto {\n @IsString()\n @IsNotEmpty()\n code!: string\n\n @IsOptional()\n @IsBoolean()\n isRecoveryCode?: boolean\n}\n\nexport class TwoFaVerifyWithPasswordDto extends TwoFaVerifyDto {\n @IsString()\n @IsNotEmpty()\n password!: string\n}\n"],"names":["TwoFaVerifyDto","TwoFaVerifyWithPasswordDto"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAIYA;eAAAA;;QAUAC;eAAAA;;;gCAZ+C;;;;;;;;;;AAErD,IAAA,AAAMD,iBAAN,MAAMA;AAQb;;;;;;;;;;;AAEO,IAAA,AAAMC,6BAAN,MAAMA,mCAAmCD;AAIhD"}

package/server/authentication/guards/auth-two-fa-guard.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../backend/src/authentication/guards/auth-two-fa-guard.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { CanActivate, ExecutionContext, HttpException, HttpStatus, Injectable, mixin, Type } from '@nestjs/common'\nimport { configuration } from '../../configuration/config.environment'\nimport { TWO_FA_HEADER_CODE, TWO_FA_HEADER_PASSWORD } from '../constants/auth'\nimport { FastifyAuthenticatedRequest } from '../interfaces/auth-request.interface'\nimport { AuthMethod2FA } from '../services/auth-methods/auth-method-two-fa.service'\n\nexport const AuthTwoFaGuard = AuthTwoFaGuardFactory()\nexport const AuthTwoFaGuardWithoutPassword = AuthTwoFaGuardFactory({ withPassword: false })\n\ninterface TwoFaGuardOptions {\n withPassword?: boolean\n}\n\nfunction AuthTwoFaGuardFactory(options: TwoFaGuardOptions = { withPassword: true }): Type<CanActivate> {\n @Injectable()\n class MixinAuthTwoFaGuard implements CanActivate {\n constructor(private readonly authMethod2FA: AuthMethod2FA) {}\n\n async canActivate(ctx: ExecutionContext): Promise<boolean> {\n const req: FastifyAuthenticatedRequest = ctx.switchToHttp().getRequest()\n const user = await this.authMethod2FA.loadUser(req.user.id, req.ip)\n\n if (options.withPassword) {\n if (!req.headers[TWO_FA_HEADER_PASSWORD]) {\n throw new HttpException('Missing TWO-FA password', HttpStatus.FORBIDDEN)\n }\n await this.authMethod2FA.verifyUserPassword(user, req.headers[TWO_FA_HEADER_PASSWORD] as string, req.ip)\n }\n\n if (!configuration.auth.mfa.totp.enabled || !user.twoFaEnabled) {\n return true\n }\n\n if (!req.headers[TWO_FA_HEADER_CODE]) {\n throw new HttpException('Missing TWO-FA code', HttpStatus.FORBIDDEN)\n }\n\n const auth = await this.authMethod2FA.verify({ code: req.headers[TWO_FA_HEADER_CODE] as string }, req)\n\n if (!auth.success) {\n throw new HttpException(auth.message, HttpStatus.FORBIDDEN)\n }\n\n return true\n }\n }\n\n return mixin(MixinAuthTwoFaGuard)\n}\n"],"names":["AuthTwoFaGuard","AuthTwoFaGuardWithoutPassword","AuthTwoFaGuardFactory","withPassword","options","MixinAuthTwoFaGuard","canActivate","ctx","req","switchToHttp","getRequest","user","authMethod2FA","loadUser","id","ip","headers","TWO_FA_HEADER_PASSWORD","HttpException","HttpStatus","FORBIDDEN","verifyUserPassword","configuration","auth","mfa","totp","enabled","twoFaEnabled","TWO_FA_HEADER_CODE","verify","code","success","message","mixin"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAQYA;eAAAA;;QACAC;eAAAA;;;wBAPqF;mCACpE;sBAC6B;wCAE7B;;;;;;;;;;AAEvB,MAAMD,iBAAiBE;AACvB,MAAMD,gCAAgCC,sBAAsB;IAAEC,cAAc;AAAM;AAMzF,SAASD,sBAAsBE,UAA6B;IAAED,cAAc;AAAK,CAAC;IAChF,IAAA,AACME,sBADN,MACMA;QAGJ,MAAMC,YAAYC,GAAqB,EAAoB;YACzD,MAAMC,MAAmCD,IAAIE,YAAY,GAAGC,UAAU;YACtE,MAAMC,OAAO,MAAM,IAAI,CAACC,aAAa,CAACC,QAAQ,CAACL,IAAIG,IAAI,CAACG,EAAE,EAAEN,IAAIO,EAAE;YAElE,IAAIX,QAAQD,YAAY,EAAE;gBACxB,IAAI,CAACK,IAAIQ,OAAO,CAACC,4BAAsB,CAAC,EAAE;oBACxC,MAAM,IAAIC,qBAAa,CAAC,2BAA2BC,kBAAU,CAACC,SAAS;gBACzE;gBACA,MAAM,IAAI,CAACR,aAAa,CAACS,kBAAkB,CAACV,MAAMH,IAAIQ,OAAO,CAACC,4BAAsB,CAAC,EAAYT,IAAIO,EAAE;YACzG;YAEA,IAAI,CAACO,gCAAa,CAACC,IAAI,CAACC,GAAG,CAACC,IAAI,CAACC,OAAO,IAAI,CAACf,KAAKgB,YAAY,EAAE;gBAC9D,OAAO;YACT;YAEA,IAAI,CAACnB,IAAIQ,OAAO,CAACY,wBAAkB,CAAC,EAAE;gBACpC,MAAM,IAAIV,qBAAa,CAAC,uBAAuBC,kBAAU,CAACC,SAAS;YACrE;YAEA,MAAMG,OAAO,MAAM,IAAI,CAACX,aAAa,CAACiB,MAAM,CAAC;gBAAEC,MAAMtB,IAAIQ,OAAO,CAACY,wBAAkB,CAAC;YAAW,GAAGpB;YAElG,IAAI,CAACe,KAAKQ,OAAO,EAAE;gBACjB,MAAM,IAAIb,qBAAa,CAACK,KAAKS,OAAO,EAAEb,kBAAU,CAACC,SAAS;YAC5D;YAEA,OAAO;QACT;QA5BA,YAAY,AAAiBR,aAA4B,CAAE;iBAA9BA,gBAAAA;QAA+B;IA6B9D;;;;;;;;IAEA,OAAOqB,IAAAA,aAAK,EAAC5B;AACf"}

package/server/authentication/interfaces/two-fa-setup.interface.js DELETED Viewed

@@ -1,10 +0,0 @@
-/*
- * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
- * This file is part of Sync-in | The open source file sync and share solution
- * See the LICENSE file for licensing details
- */ "use strict";
-Object.defineProperty(exports, "__esModule", {
-    value: true
-});
-//# sourceMappingURL=two-fa-setup.interface.js.map

package/server/authentication/interfaces/two-fa-setup.interface.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../backend/src/authentication/interfaces/two-fa-setup.interface.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nexport interface TwoFaSetup {\n secret: string\n qrDataUrl: string\n}\n\nexport interface TwoFaVerifyResult {\n success: boolean\n message: string\n}\n\nexport interface TwoFaEnableResult extends TwoFaVerifyResult {\n recoveryCodes: string[]\n}\n"],"names":[],"mappings":"AAAA;;;;CAIC"}

package/server/authentication/models/auth-method.js DELETED Viewed

@@ -1,18 +0,0 @@
-/*
- * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
- * This file is part of Sync-in | The open source file sync and share solution
- * See the LICENSE file for licensing details
- */ "use strict";
-Object.defineProperty(exports, "__esModule", {
-    value: true
-});
-Object.defineProperty(exports, "AuthMethod", {
-    enumerable: true,
-    get: function() {
-        return AuthMethod;
-    }
-});
-let AuthMethod = class AuthMethod {
-};
-//# sourceMappingURL=auth-method.js.map

package/server/authentication/models/auth-method.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../backend/src/authentication/models/auth-method.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport type { UserModel } from '../../applications/users/models/user.model'\nimport type { AUTH_SCOPE } from '../constants/scope'\n\nexport abstract class AuthMethod {\n abstract validateUser(loginOrEmail: string, password: string, ip?: string, scope?: AUTH_SCOPE): Promise<UserModel>\n}\n"],"names":["AuthMethod"],"mappings":"AAAA;;;;CAIC;;;;+BAKqBA;;;eAAAA;;;AAAf,IAAA,AAAeA,aAAf,MAAeA;AAEtB"}

package/server/authentication/services/auth-manager.service.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../backend/src/authentication/services/auth-manager.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\nimport { unsign, UnsignResult } from '@fastify/cookie'\nimport { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common'\nimport { JwtService } from '@nestjs/jwt'\nimport { FastifyReply, FastifyRequest } from 'fastify'\nimport crypto from 'node:crypto'\nimport { HTTP_CSRF_IGNORED_METHODS } from '../../applications/applications.constants'\nimport { UserModel } from '../../applications/users/models/user.model'\nimport { convertHumanTimeToSeconds } from '../../common/functions'\nimport { currentTimeStamp } from '../../common/shared'\nimport { configuration, serverConfig } from '../../configuration/config.environment'\nimport { CSRF_ERROR, CSRF_KEY, TOKEN_2FA_TYPES, TOKEN_PATHS, TOKEN_TYPES } from '../constants/auth'\nimport { LoginResponseDto, LoginVerify2FaDto } from '../dto/login-response.dto'\nimport { TokenResponseDto } from '../dto/token-response.dto'\nimport { JwtIdentity2FaPayload, JwtIdentityPayload, JwtPayload } from '../interfaces/jwt-payload.interface'\nimport { TOKEN_TYPE } from '../interfaces/token.interface'\n\n@Injectable()\nexport class AuthManager {\n private readonly logger = new Logger(AuthManager.name)\n\n constructor(private readonly jwt: JwtService) {}\n\n async getTokens(user: UserModel, refresh = false): Promise<TokenResponseDto> {\n const currentTime = currentTimeStamp()\n if (refresh && user.exp < currentTime) {\n this.logger.error(`${this.getTokens.name} - token refresh has incorrect expiration : *${user.login}*`)\n throw new HttpException('Token has expired', HttpStatus.FORBIDDEN)\n }\n const accessExpiration = convertHumanTimeToSeconds(configuration.auth.token.access.expiration)\n const refreshExpiration = refresh ? user.exp - currentTime : convertHumanTimeToSeconds(configuration.auth.token.refresh.expiration)\n return {\n [TOKEN_TYPE.ACCESS]: await this.jwtSign(user, TOKEN_TYPE.ACCESS, accessExpiration),\n [TOKEN_TYPE.REFRESH]: await this.jwtSign(user, TOKEN_TYPE.REFRESH, refreshExpiration),\n [`${TOKEN_TYPE.ACCESS}_expiration`]: accessExpiration + currentTime,\n [`${TOKEN_TYPE.REFRESH}_expiration`]: refreshExpiration + currentTime\n }\n }\n\n async setCookies(user: UserModel, res: FastifyReply, init2FaVerify: true): Promise<LoginVerify2FaDto>\n async setCookies(user: UserModel, res: FastifyReply, init2FaVerify?: false): Promise<LoginResponseDto>\n async setCookies(user: UserModel, res: FastifyReply, init2FaVerify = false): Promise<LoginResponseDto | LoginVerify2FaDto> {\n // If `verify2Fa` is true, it sets the cookies and response required for valid 2FA authentication.\n const verify2Fa = init2FaVerify && configuration.auth.mfa.totp.enabled && user.twoFaEnabled\n const response = verify2Fa ? new LoginVerify2FaDto(serverConfig) : new LoginResponseDto(user, serverConfig)\n const currentTime = currentTimeStamp()\n const csrfToken: string = crypto.randomUUID()\n const tokenTypes: TOKEN_TYPE[] = verify2Fa ? TOKEN_2FA_TYPES : TOKEN_TYPES\n for (const type of tokenTypes) {\n const isCSRFToken = type === TOKEN_TYPE.CSRF || type === TOKEN_TYPE.CSRF_2FA\n const tokenExpiration = convertHumanTimeToSeconds(configuration.auth.token[type].expiration)\n let cookieValue: string\n if (isCSRFToken) {\n cookieValue = csrfToken\n } else if (verify2Fa) {\n cookieValue = await this.jwtSign2Fa(user, type, tokenExpiration, csrfToken)\n } else {\n cookieValue = await this.jwtSign(user, type, tokenExpiration, csrfToken)\n }\n res.setCookie(configuration.auth.token[type].name, cookieValue, {\n signed: isCSRFToken,\n path: TOKEN_PATHS[type],\n maxAge: tokenExpiration,\n httpOnly: !isCSRFToken\n })\n if (type === TOKEN_TYPE.ACCESS || type === TOKEN_TYPE.REFRESH || type === TOKEN_TYPE.ACCESS_2FA) {\n response.token[`${type}_expiration`] = tokenExpiration + currentTime\n }\n }\n return response\n }\n\n async refreshCookies(user: UserModel, res: FastifyReply): Promise<TokenResponseDto> {\n const response = {} as TokenResponseDto\n const currentTime = currentTimeStamp()\n let refreshTokenExpiration: number\n // refresh cookie must have the `exp` attribute\n // reuse token expiration to make it final\n if (user.exp && user.exp > currentTime) {\n refreshTokenExpiration = user.exp - currentTime\n } else {\n this.logger.error(`${this.refreshCookies.name} - token ${TOKEN_TYPE.REFRESH} has incorrect expiration : *${user.login}*`)\n throw new HttpException('Token has expired', HttpStatus.FORBIDDEN)\n }\n const csrfToken: string = crypto.randomUUID()\n for (const type of TOKEN_TYPES) {\n const tokenExpiration =\n type === TOKEN_TYPE.ACCESS ? convertHumanTimeToSeconds(configuration.auth.token[TOKEN_TYPE.ACCESS].expiration) : refreshTokenExpiration\n const cookieValue: string = type === TOKEN_TYPE.CSRF ? csrfToken : await this.jwtSign(user, type, tokenExpiration, csrfToken)\n res.setCookie(configuration.auth.token[type].name, cookieValue, {\n signed: type === TOKEN_TYPE.CSRF,\n path: TOKEN_PATHS[type],\n maxAge: tokenExpiration,\n httpOnly: type !== TOKEN_TYPE.CSRF\n })\n if (type === TOKEN_TYPE.ACCESS || type === TOKEN_TYPE.REFRESH) {\n response[`${type}_expiration`] = tokenExpiration + currentTime\n }\n }\n return response\n }\n\n async clearCookies(res: FastifyReply) {\n for (const [type, path] of Object.entries(TOKEN_PATHS)) {\n res.clearCookie(configuration.auth.token[type].name, { path: path })\n }\n }\n\n csrfValidation(req: FastifyRequest, jwtPayload: JwtPayload, type: TOKEN_TYPE.ACCESS | TOKEN_TYPE.REFRESH): void {\n // ignore safe methods\n if (HTTP_CSRF_IGNORED_METHODS.has(req.method)) {\n return\n }\n\n // check csrf only for access and refresh cookies\n if (typeof req.cookies !== 'object' || req.cookies[configuration.auth.token[type].name] === undefined) {\n return\n }\n\n if (!jwtPayload.csrf) {\n this.logger.warn(`${this.csrfValidation.name} - ${CSRF_ERROR.MISSING_JWT}`)\n throw new HttpException(CSRF_ERROR.MISSING_JWT, HttpStatus.FORBIDDEN)\n }\n\n if (!req.headers[CSRF_KEY]) {\n this.logger.warn(`${this.csrfValidation.name} - ${CSRF_ERROR.MISSING_HEADERS}`)\n throw new HttpException(CSRF_ERROR.MISSING_HEADERS, HttpStatus.FORBIDDEN)\n }\n\n const csrfHeader: UnsignResult = unsign(req.headers[CSRF_KEY] as string, configuration.auth.token.csrf.secret)\n if (jwtPayload.csrf !== csrfHeader.value) {\n this.logger.warn(`${this.csrfValidation.name} - ${CSRF_ERROR.MISMATCH}`)\n throw new HttpException(CSRF_ERROR.MISMATCH, HttpStatus.FORBIDDEN)\n }\n }\n\n private jwtSign(user: UserModel, type: TOKEN_TYPE, expiration: number, csrfToken?: string): Promise<string> {\n return this.jwt.signAsync(\n {\n identity: {\n id: user.id,\n login: user.login,\n email: user.email,\n fullName: user.fullName,\n language: user.language,\n role: user.role,\n applications: user.applications,\n impersonatedFromId: user.impersonatedFromId || undefined,\n impersonatedClientId: user.impersonatedClientId || undefined,\n clientId: user.clientId || undefined,\n twoFaEnabled: user.twoFaEnabled || undefined\n } satisfies JwtIdentityPayload,\n ...((type === TOKEN_TYPE.ACCESS || type === TOKEN_TYPE.REFRESH) && { csrf: csrfToken })\n },\n {\n secret: configuration.auth.token[type].secret,\n expiresIn: expiration\n }\n )\n }\n\n private jwtSign2Fa(user: UserModel, type: TOKEN_TYPE, expiration: number, csrfToken: string): Promise<string> {\n // Restrict the temporary token to the minimum required information\n return this.jwt.signAsync(\n {\n identity: {\n id: user.id,\n login: user.login,\n language: user.language,\n role: user.role,\n twoFaEnabled: true\n } satisfies JwtIdentity2FaPayload,\n csrf: csrfToken\n },\n {\n secret: configuration.auth.token[type].secret,\n expiresIn: expiration\n }\n )\n }\n}\n"],"names":["AuthManager","getTokens","user","refresh","currentTime","currentTimeStamp","exp","logger","error","name","login","HttpException","HttpStatus","FORBIDDEN","accessExpiration","convertHumanTimeToSeconds","configuration","auth","token","access","expiration","refreshExpiration","TOKEN_TYPE","ACCESS","jwtSign","REFRESH","setCookies","res","init2FaVerify","verify2Fa","mfa","totp","enabled","twoFaEnabled","response","LoginVerify2FaDto","serverConfig","LoginResponseDto","csrfToken","crypto","randomUUID","tokenTypes","TOKEN_2FA_TYPES","TOKEN_TYPES","type","isCSRFToken","CSRF","CSRF_2FA","tokenExpiration","cookieValue","jwtSign2Fa","setCookie","signed","path","TOKEN_PATHS","maxAge","httpOnly","ACCESS_2FA","refreshCookies","refreshTokenExpiration","clearCookies","Object","entries","clearCookie","csrfValidation","req","jwtPayload","HTTP_CSRF_IGNORED_METHODS","has","method","cookies","undefined","csrf","warn","CSRF_ERROR","MISSING_JWT","headers","CSRF_KEY","MISSING_HEADERS","csrfHeader","unsign","secret","value","MISMATCH","jwt","signAsync","identity","id","email","fullName","language","role","applications","impersonatedFromId","impersonatedClientId","clientId","expiresIn","Logger"],"mappings":"AAAA;;;;CAIC;;;;+BAkBYA;;;eAAAA;;;wBAjBwB;wBACyB;qBACnC;mEAER;uCACuB;2BAEA;wBACT;mCACW;sBACoC;kCAC5B;gCAGzB;;;;;;;;;;;;;;;AAGpB,IAAA,AAAMA,cAAN,MAAMA;IAKX,MAAMC,UAAUC,IAAe,EAAEC,UAAU,KAAK,EAA6B;QAC3E,MAAMC,cAAcC,IAAAA,wBAAgB;QACpC,IAAIF,WAAWD,KAAKI,GAAG,GAAGF,aAAa;YACrC,IAAI,CAACG,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACP,SAAS,CAACQ,IAAI,CAAC,6CAA6C,EAAEP,KAAKQ,KAAK,CAAC,CAAC,CAAC;YACrG,MAAM,IAAIC,qBAAa,CAAC,qBAAqBC,kBAAU,CAACC,SAAS;QACnE;QACA,MAAMC,mBAAmBC,IAAAA,oCAAyB,EAACC,gCAAa,CAACC,IAAI,CAACC,KAAK,CAACC,MAAM,CAACC,UAAU;QAC7F,MAAMC,oBAAoBlB,UAAUD,KAAKI,GAAG,GAAGF,cAAcW,IAAAA,oCAAyB,EAACC,gCAAa,CAACC,IAAI,CAACC,KAAK,CAACf,OAAO,CAACiB,UAAU;QAClI,OAAO;YACL,CAACE,0BAAU,CAACC,MAAM,CAAC,EAAE,MAAM,IAAI,CAACC,OAAO,CAACtB,MAAMoB,0BAAU,CAACC,MAAM,EAAET;YACjE,CAACQ,0BAAU,CAACG,OAAO,CAAC,EAAE,MAAM,IAAI,CAACD,OAAO,CAACtB,MAAMoB,0BAAU,CAACG,OAAO,EAAEJ;YACnE,CAAC,GAAGC,0BAAU,CAACC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAET,mBAAmBV;YACxD,CAAC,GAAGkB,0BAAU,CAACG,OAAO,CAAC,WAAW,CAAC,CAAC,EAAEJ,oBAAoBjB;QAC5D;IACF;IAIA,MAAMsB,WAAWxB,IAAe,EAAEyB,GAAiB,EAAEC,gBAAgB,KAAK,EAAiD;QACzH,kGAAkG;QAClG,MAAMC,YAAYD,iBAAiBZ,gCAAa,CAACC,IAAI,CAACa,GAAG,CAACC,IAAI,CAACC,OAAO,IAAI9B,KAAK+B,YAAY;QAC3F,MAAMC,WAAWL,YAAY,IAAIM,mCAAiB,CAACC,+BAAY,IAAI,IAAIC,kCAAgB,CAACnC,MAAMkC,+BAAY;QAC1G,MAAMhC,cAAcC,IAAAA,wBAAgB;QACpC,MAAMiC,YAAoBC,mBAAM,CAACC,UAAU;QAC3C,MAAMC,aAA2BZ,YAAYa,qBAAe,GAAGC,iBAAW;QAC1E,KAAK,MAAMC,QAAQH,WAAY;YAC7B,MAAMI,cAAcD,SAAStB,0BAAU,CAACwB,IAAI,IAAIF,SAAStB,0BAAU,CAACyB,QAAQ;YAC5E,MAAMC,kBAAkBjC,IAAAA,oCAAyB,EAACC,gCAAa,CAACC,IAAI,CAACC,KAAK,CAAC0B,KAAK,CAACxB,UAAU;YAC3F,IAAI6B;YACJ,IAAIJ,aAAa;gBACfI,cAAcX;YAChB,OAAO,IAAIT,WAAW;gBACpBoB,cAAc,MAAM,IAAI,CAACC,UAAU,CAAChD,MAAM0C,MAAMI,iBAAiBV;YACnE,OAAO;gBACLW,cAAc,MAAM,IAAI,CAACzB,OAAO,CAACtB,MAAM0C,MAAMI,iBAAiBV;YAChE;YACAX,IAAIwB,SAAS,CAACnC,gCAAa,CAACC,IAAI,CAACC,KAAK,CAAC0B,KAAK,CAACnC,IAAI,EAAEwC,aAAa;gBAC9DG,QAAQP;gBACRQ,MAAMC,iBAAW,CAACV,KAAK;gBACvBW,QAAQP;gBACRQ,UAAU,CAACX;YACb;YACA,IAAID,SAAStB,0BAAU,CAACC,MAAM,IAAIqB,SAAStB,0BAAU,CAACG,OAAO,IAAImB,SAAStB,0BAAU,CAACmC,UAAU,EAAE;gBAC/FvB,SAAShB,KAAK,CAAC,GAAG0B,KAAK,WAAW,CAAC,CAAC,GAAGI,kBAAkB5C;YAC3D;QACF;QACA,OAAO8B;IACT;IAEA,MAAMwB,eAAexD,IAAe,EAAEyB,GAAiB,EAA6B;QAClF,MAAMO,WAAW,CAAC;QAClB,MAAM9B,cAAcC,IAAAA,wBAAgB;QACpC,IAAIsD;QACJ,+CAA+C;QAC/C,0CAA0C;QAC1C,IAAIzD,KAAKI,GAAG,IAAIJ,KAAKI,GAAG,GAAGF,aAAa;YACtCuD,yBAAyBzD,KAAKI,GAAG,GAAGF;QACtC,OAAO;YACL,IAAI,CAACG,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACkD,cAAc,CAACjD,IAAI,CAAC,SAAS,EAAEa,0BAAU,CAACG,OAAO,CAAC,6BAA6B,EAAEvB,KAAKQ,KAAK,CAAC,CAAC,CAAC;YACxH,MAAM,IAAIC,qBAAa,CAAC,qBAAqBC,kBAAU,CAACC,SAAS;QACnE;QACA,MAAMyB,YAAoBC,mBAAM,CAACC,UAAU;QAC3C,KAAK,MAAMI,QAAQD,iBAAW,CAAE;YAC9B,MAAMK,kBACJJ,SAAStB,0BAAU,CAACC,MAAM,GAAGR,IAAAA,oCAAyB,EAACC,gCAAa,CAACC,IAAI,CAACC,KAAK,CAACI,0BAAU,CAACC,MAAM,CAAC,CAACH,UAAU,IAAIuC;YACnH,MAAMV,cAAsBL,SAAStB,0BAAU,CAACwB,IAAI,GAAGR,YAAY,MAAM,IAAI,CAACd,OAAO,CAACtB,MAAM0C,MAAMI,iBAAiBV;YACnHX,IAAIwB,SAAS,CAACnC,gCAAa,CAACC,IAAI,CAACC,KAAK,CAAC0B,KAAK,CAACnC,IAAI,EAAEwC,aAAa;gBAC9DG,QAAQR,SAAStB,0BAAU,CAACwB,IAAI;gBAChCO,MAAMC,iBAAW,CAACV,KAAK;gBACvBW,QAAQP;gBACRQ,UAAUZ,SAAStB,0BAAU,CAACwB,IAAI;YACpC;YACA,IAAIF,SAAStB,0BAAU,CAACC,MAAM,IAAIqB,SAAStB,0BAAU,CAACG,OAAO,EAAE;gBAC7DS,QAAQ,CAAC,GAAGU,KAAK,WAAW,CAAC,CAAC,GAAGI,kBAAkB5C;YACrD;QACF;QACA,OAAO8B;IACT;IAEA,MAAM0B,aAAajC,GAAiB,EAAE;QACpC,KAAK,MAAM,CAACiB,MAAMS,KAAK,IAAIQ,OAAOC,OAAO,CAACR,iBAAW,EAAG;YACtD3B,IAAIoC,WAAW,CAAC/C,gCAAa,CAACC,IAAI,CAACC,KAAK,CAAC0B,KAAK,CAACnC,IAAI,EAAE;gBAAE4C,MAAMA;YAAK;QACpE;IACF;IAEAW,eAAeC,GAAmB,EAAEC,UAAsB,EAAEtB,IAA4C,EAAQ;QAC9G,sBAAsB;QACtB,IAAIuB,gDAAyB,CAACC,GAAG,CAACH,IAAII,MAAM,GAAG;YAC7C;QACF;QAEA,iDAAiD;QACjD,IAAI,OAAOJ,IAAIK,OAAO,KAAK,YAAYL,IAAIK,OAAO,CAACtD,gCAAa,CAACC,IAAI,CAACC,KAAK,CAAC0B,KAAK,CAACnC,IAAI,CAAC,KAAK8D,WAAW;YACrG;QACF;QAEA,IAAI,CAACL,WAAWM,IAAI,EAAE;YACpB,IAAI,CAACjE,MAAM,CAACkE,IAAI,CAAC,GAAG,IAAI,CAACT,cAAc,CAACvD,IAAI,CAAC,GAAG,EAAEiE,gBAAU,CAACC,WAAW,EAAE;YAC1E,MAAM,IAAIhE,qBAAa,CAAC+D,gBAAU,CAACC,WAAW,EAAE/D,kBAAU,CAACC,SAAS;QACtE;QAEA,IAAI,CAACoD,IAAIW,OAAO,CAACC,cAAQ,CAAC,EAAE;YAC1B,IAAI,CAACtE,MAAM,CAACkE,IAAI,CAAC,GAAG,IAAI,CAACT,cAAc,CAACvD,IAAI,CAAC,GAAG,EAAEiE,gBAAU,CAACI,eAAe,EAAE;YAC9E,MAAM,IAAInE,qBAAa,CAAC+D,gBAAU,CAACI,eAAe,EAAElE,kBAAU,CAACC,SAAS;QAC1E;QAEA,MAAMkE,aAA2BC,IAAAA,cAAM,EAACf,IAAIW,OAAO,CAACC,cAAQ,CAAC,EAAY7D,gCAAa,CAACC,IAAI,CAACC,KAAK,CAACsD,IAAI,CAACS,MAAM;QAC7G,IAAIf,WAAWM,IAAI,KAAKO,WAAWG,KAAK,EAAE;YACxC,IAAI,CAAC3E,MAAM,CAACkE,IAAI,CAAC,GAAG,IAAI,CAACT,cAAc,CAACvD,IAAI,CAAC,GAAG,EAAEiE,gBAAU,CAACS,QAAQ,EAAE;YACvE,MAAM,IAAIxE,qBAAa,CAAC+D,gBAAU,CAACS,QAAQ,EAAEvE,kBAAU,CAACC,SAAS;QACnE;IACF;IAEQW,QAAQtB,IAAe,EAAE0C,IAAgB,EAAExB,UAAkB,EAAEkB,SAAkB,EAAmB;QAC1G,OAAO,IAAI,CAAC8C,GAAG,CAACC,SAAS,CACvB;YACEC,UAAU;gBACRC,IAAIrF,KAAKqF,EAAE;gBACX7E,OAAOR,KAAKQ,KAAK;gBACjB8E,OAAOtF,KAAKsF,KAAK;gBACjBC,UAAUvF,KAAKuF,QAAQ;gBACvBC,UAAUxF,KAAKwF,QAAQ;gBACvBC,MAAMzF,KAAKyF,IAAI;gBACfC,cAAc1F,KAAK0F,YAAY;gBAC/BC,oBAAoB3F,KAAK2F,kBAAkB,IAAItB;gBAC/CuB,sBAAsB5F,KAAK4F,oBAAoB,IAAIvB;gBACnDwB,UAAU7F,KAAK6F,QAAQ,IAAIxB;gBAC3BtC,cAAc/B,KAAK+B,YAAY,IAAIsC;YACrC;YACA,GAAI,AAAC3B,CAAAA,SAAStB,0BAAU,CAACC,MAAM,IAAIqB,SAAStB,0BAAU,CAACG,OAAO,AAAD,KAAM;gBAAE+C,MAAMlC;YAAU,CAAC;QACxF,GACA;YACE2C,QAAQjE,gCAAa,CAACC,IAAI,CAACC,KAAK,CAAC0B,KAAK,CAACqC,MAAM;YAC7Ce,WAAW5E;QACb;IAEJ;IAEQ8B,WAAWhD,IAAe,EAAE0C,IAAgB,EAAExB,UAAkB,EAAEkB,SAAiB,EAAmB;QAC5G,mEAAmE;QACnE,OAAO,IAAI,CAAC8C,GAAG,CAACC,SAAS,CACvB;YACEC,UAAU;gBACRC,IAAIrF,KAAKqF,EAAE;gBACX7E,OAAOR,KAAKQ,KAAK;gBACjBgF,UAAUxF,KAAKwF,QAAQ;gBACvBC,MAAMzF,KAAKyF,IAAI;gBACf1D,cAAc;YAChB;YACAuC,MAAMlC;QACR,GACA;YACE2C,QAAQjE,gCAAa,CAACC,IAAI,CAACC,KAAK,CAAC0B,KAAK,CAACqC,MAAM;YAC7Ce,WAAW5E;QACb;IAEJ;IA9JA,YAAY,AAAiBgE,GAAe,CAAE;aAAjBA,MAAAA;aAFZ7E,SAAS,IAAI0F,cAAM,CAACjG,YAAYS,IAAI;IAEN;AA+JjD"}

package/server/authentication/services/auth-manager.service.spec.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../backend/src/authentication/services/auth-manager.service.spec.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { ConfigService } from '@nestjs/config'\nimport { JwtService } from '@nestjs/jwt'\nimport { Test, TestingModule } from '@nestjs/testing'\nimport { AuthManager } from './auth-manager.service'\n\ndescribe(AuthManager.name, () => {\n let authManager: AuthManager\n\n beforeAll(async () => {\n const module: TestingModule = await Test.createTestingModule({\n providers: [AuthManager, { provide: JwtService, useValue: {} }, { provide: ConfigService, useValue: { get: () => null } }]\n }).compile()\n\n module.useLogger(['fatal'])\n authManager = module.get<AuthManager>(AuthManager)\n })\n\n it('should be defined', () => {\n expect(authManager).toBeDefined()\n })\n})\n"],"names":["describe","AuthManager","name","authManager","beforeAll","module","Test","createTestingModule","providers","provide","JwtService","useValue","ConfigService","get","compile","useLogger","it","expect","toBeDefined"],"mappings":"AAAA;;;;CAIC;;;;wBAE6B;qBACH;yBACS;oCACR;AAE5BA,SAASC,+BAAW,CAACC,IAAI,EAAE;IACzB,IAAIC;IAEJC,UAAU;QACR,MAAMC,SAAwB,MAAMC,aAAI,CAACC,mBAAmB,CAAC;YAC3DC,WAAW;gBAACP,+BAAW;gBAAE;oBAAEQ,SAASC,eAAU;oBAAEC,UAAU,CAAC;gBAAE;gBAAG;oBAAEF,SAASG,qBAAa;oBAAED,UAAU;wBAAEE,KAAK,IAAM;oBAAK;gBAAE;aAAE;QAC5H,GAAGC,OAAO;QAEVT,OAAOU,SAAS,CAAC;YAAC;SAAQ;QAC1BZ,cAAcE,OAAOQ,GAAG,CAAcZ,+BAAW;IACnD;IAEAe,GAAG,qBAAqB;QACtBC,OAAOd,aAAae,WAAW;IACjC;AACF"}

package/server/authentication/services/auth-methods/auth-method-database.service.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-database.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { AUTH_SCOPE } from '../../constants/scope'\nimport { AuthMethod } from '../../models/auth-method'\n\n@Injectable()\nexport class AuthMethodDatabase implements AuthMethod {\n private readonly logger = new Logger(AuthMethodDatabase.name)\n\n constructor(private readonly usersManager: UsersManager) {}\n\n async validateUser(loginOrEmail: string, password: string, ip?: string, scope?: AUTH_SCOPE): Promise<UserModel> {\n let user: UserModel\n try {\n user = await this.usersManager.findUser(loginOrEmail, false)\n } catch (e) {\n this.logger.error(`${this.validateUser.name} - ${e}`)\n throw new HttpException(\n CONNECT_ERROR_CODE.has(e.cause?.code) ? 'Authentication service error' : e.cause?.code || e.message,\n HttpStatus.INTERNAL_SERVER_ERROR\n )\n }\n if (!user) {\n this.logger.warn(`${this.validateUser.name} - login or email not found for *${loginOrEmail}*`)\n return null\n }\n return await this.usersManager.logUser(user, password, ip, scope)\n }\n}\n"],"names":["AuthMethodDatabase","validateUser","loginOrEmail","password","ip","scope","user","usersManager","findUser","e","logger","error","name","HttpException","CONNECT_ERROR_CODE","has","cause","code","message","HttpStatus","INTERNAL_SERVER_ERROR","warn","logUser","Logger"],"mappings":"AAAA;;;;CAIC;;;;+BAUYA;;;eAAAA;;;wBARiD;8BAC3B;qCAEN;;;;;;;;;;AAKtB,IAAA,AAAMA,qBAAN,MAAMA;IAKX,MAAMC,aAAaC,YAAoB,EAAEC,QAAgB,EAAEC,EAAW,EAAEC,KAAkB,EAAsB;QAC9G,IAAIC;QACJ,IAAI;YACFA,OAAO,MAAM,IAAI,CAACC,YAAY,CAACC,QAAQ,CAACN,cAAc;QACxD,EAAE,OAAOO,GAAG;YACV,IAAI,CAACC,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACV,YAAY,CAACW,IAAI,CAAC,GAAG,EAAEH,GAAG;YACpD,MAAM,IAAII,qBAAa,CACrBC,gCAAkB,CAACC,GAAG,CAACN,EAAEO,KAAK,EAAEC,QAAQ,iCAAiCR,EAAEO,KAAK,EAAEC,QAAQR,EAAES,OAAO,EACnGC,kBAAU,CAACC,qBAAqB;QAEpC;QACA,IAAI,CAACd,MAAM;YACT,IAAI,CAACI,MAAM,CAACW,IAAI,CAAC,GAAG,IAAI,CAACpB,YAAY,CAACW,IAAI,CAAC,iCAAiC,EAAEV,aAAa,CAAC,CAAC;YAC7F,OAAO;QACT;QACA,OAAO,MAAM,IAAI,CAACK,YAAY,CAACe,OAAO,CAAChB,MAAMH,UAAUC,IAAIC;IAC7D;IAlBA,YAAY,AAAiBE,YAA0B,CAAE;aAA5BA,eAAAA;aAFZG,SAAS,IAAIa,cAAM,CAACvB,mBAAmBY,IAAI;IAEF;AAmB5D"}

package/server/authentication/services/auth-methods/auth-method-database.service.spec.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-database.service.spec.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Test, TestingModule } from '@nestjs/testing'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { NotificationsManager } from '../../../applications/notifications/services/notifications-manager.service'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { AdminUsersManager } from '../../../applications/users/services/admin-users-manager.service'\nimport { AdminUsersQueries } from '../../../applications/users/services/admin-users-queries.service'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { UsersQueries } from '../../../applications/users/services/users-queries.service'\nimport { generateUserTest } from '../../../applications/users/utils/test'\nimport { hashPassword } from '../../../common/functions'\nimport { Cache } from '../../../infrastructure/cache/services/cache.service'\nimport { DB_TOKEN_PROVIDER } from '../../../infrastructure/database/constants'\nimport { AuthManager } from '../auth-manager.service'\nimport { AuthMethodDatabase } from './auth-method-database.service'\n\ndescribe(AuthMethodDatabase.name, () => {\n let authMethodDatabase: AuthMethodDatabase\n let usersManager: UsersManager\n let userTest: UserModel\n\n beforeAll(async () => {\n const module: TestingModule = await Test.createTestingModule({\n providers: [\n AuthMethodDatabase,\n UsersManager,\n UsersQueries,\n AdminUsersManager,\n AdminUsersQueries,\n { provide: AuthManager, useValue: {} },\n { provide: DB_TOKEN_PROVIDER, useValue: {} },\n { provide: Cache, useValue: {} },\n { provide: NotificationsManager, useValue: {} }\n ]\n }).compile()\n\n authMethodDatabase = module.get<AuthMethodDatabase>(AuthMethodDatabase)\n usersManager = module.get<UsersManager>(UsersManager)\n module.useLogger(['fatal'])\n // mocks\n userTest = new UserModel(generateUserTest(), false)\n usersManager.updateAccesses = jest.fn(() => Promise.resolve())\n })\n\n it('should be defined', () => {\n expect(authMethodDatabase).toBeDefined()\n expect(usersManager).toBeDefined()\n expect(userTest).toBeDefined()\n })\n\n it('should validate the user', async () => {\n userTest.makePaths = jest.fn()\n usersManager.findUser = jest.fn().mockReturnValue({ ...userTest, password: await hashPassword(userTest.password) })\n expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeDefined()\n expect(userTest.makePaths).toHaveBeenCalled()\n })\n\n it('should not validate the user', async () => {\n usersManager.findUser = jest\n .fn()\n .mockReturnValueOnce(null)\n .mockReturnValueOnce({ ...userTest, password: await hashPassword('bar') })\n .mockRejectedValueOnce({ message: 'db error', code: 'OTHER' })\n .mockRejectedValueOnce(\n new Error('Authentication service error', {\n cause: { code: Array.from(CONNECT_ERROR_CODE)[0] }\n })\n )\n expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeNull()\n expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeNull()\n await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow(/db error/i)\n await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow(/authentication service/i)\n })\n})\n"],"names":["describe","AuthMethodDatabase","name","authMethodDatabase","usersManager","userTest","beforeAll","module","Test","createTestingModule","providers","UsersManager","UsersQueries","AdminUsersManager","AdminUsersQueries","provide","AuthManager","useValue","DB_TOKEN_PROVIDER","Cache","NotificationsManager","compile","get","useLogger","UserModel","generateUserTest","updateAccesses","jest","fn","Promise","resolve","it","expect","toBeDefined","makePaths","findUser","mockReturnValue","password","hashPassword","validateUser","login","toHaveBeenCalled","mockReturnValueOnce","mockRejectedValueOnce","message","code","Error","cause","Array","from","CONNECT_ERROR_CODE","toBeNull","rejects","toThrow"],"mappings":"AAAA;;;;CAIC;;;;yBAEmC;8BACD;6CACE;2BACX;0CACQ;0CACA;qCACL;qCACA;sBACI;2BACJ;8BACP;2BACY;oCACN;2CACO;AAEnCA,SAASC,6CAAkB,CAACC,IAAI,EAAE;IAChC,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAEJC,UAAU;QACR,MAAMC,SAAwB,MAAMC,aAAI,CAACC,mBAAmB,CAAC;YAC3DC,WAAW;gBACTT,6CAAkB;gBAClBU,iCAAY;gBACZC,iCAAY;gBACZC,2CAAiB;gBACjBC,2CAAiB;gBACjB;oBAAEC,SAASC,+BAAW;oBAAEC,UAAU,CAAC;gBAAE;gBACrC;oBAAEF,SAASG,4BAAiB;oBAAED,UAAU,CAAC;gBAAE;gBAC3C;oBAAEF,SAASI,mBAAK;oBAAEF,UAAU,CAAC;gBAAE;gBAC/B;oBAAEF,SAASK,iDAAoB;oBAAEH,UAAU,CAAC;gBAAE;aAC/C;QACH,GAAGI,OAAO;QAEVlB,qBAAqBI,OAAOe,GAAG,CAAqBrB,6CAAkB;QACtEG,eAAeG,OAAOe,GAAG,CAAeX,iCAAY;QACpDJ,OAAOgB,SAAS,CAAC;YAAC;SAAQ;QAC1B,QAAQ;QACRlB,WAAW,IAAImB,oBAAS,CAACC,IAAAA,sBAAgB,KAAI;QAC7CrB,aAAasB,cAAc,GAAGC,KAAKC,EAAE,CAAC,IAAMC,QAAQC,OAAO;IAC7D;IAEAC,GAAG,qBAAqB;QACtBC,OAAO7B,oBAAoB8B,WAAW;QACtCD,OAAO5B,cAAc6B,WAAW;QAChCD,OAAO3B,UAAU4B,WAAW;IAC9B;IAEAF,GAAG,4BAA4B;QAC7B1B,SAAS6B,SAAS,GAAGP,KAAKC,EAAE;QAC5BxB,aAAa+B,QAAQ,GAAGR,KAAKC,EAAE,GAAGQ,eAAe,CAAC;YAAE,GAAG/B,QAAQ;YAAEgC,UAAU,MAAMC,IAAAA,uBAAY,EAACjC,SAASgC,QAAQ;QAAE;QACjHL,OAAO,MAAM7B,mBAAmBoC,YAAY,CAAClC,SAASmC,KAAK,EAAEnC,SAASgC,QAAQ,GAAGJ,WAAW;QAC5FD,OAAO3B,SAAS6B,SAAS,EAAEO,gBAAgB;IAC7C;IAEAV,GAAG,gCAAgC;QACjC3B,aAAa+B,QAAQ,GAAGR,KACrBC,EAAE,GACFc,mBAAmB,CAAC,MACpBA,mBAAmB,CAAC;YAAE,GAAGrC,QAAQ;YAAEgC,UAAU,MAAMC,IAAAA,uBAAY,EAAC;QAAO,GACvEK,qBAAqB,CAAC;YAAEC,SAAS;YAAYC,MAAM;QAAQ,GAC3DF,qBAAqB,CACpB,IAAIG,MAAM,gCAAgC;YACxCC,OAAO;gBAAEF,MAAMG,MAAMC,IAAI,CAACC,gCAAkB,CAAC,CAAC,EAAE;YAAC;QACnD;QAEJlB,OAAO,MAAM7B,mBAAmBoC,YAAY,CAAClC,SAASmC,KAAK,EAAEnC,SAASgC,QAAQ,GAAGc,QAAQ;QACzFnB,OAAO,MAAM7B,mBAAmBoC,YAAY,CAAClC,SAASmC,KAAK,EAAEnC,SAASgC,QAAQ,GAAGc,QAAQ;QACzF,MAAMnB,OAAO7B,mBAAmBoC,YAAY,CAAClC,SAASmC,KAAK,EAAEnC,SAASgC,QAAQ,GAAGe,OAAO,CAACC,OAAO,CAAC;QACjG,MAAMrB,OAAO7B,mBAAmBoC,YAAY,CAAClC,SAASmC,KAAK,EAAEnC,SAASgC,QAAQ,GAAGe,OAAO,CAACC,OAAO,CAAC;IACnG;AACF"}

package/server/authentication/services/auth-methods/auth-method-ldap.service.js DELETED Viewed

@@ -1,326 +0,0 @@
-/*
- * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
- * This file is part of Sync-in | The open source file sync and share solution
- * See the LICENSE file for licensing details
- */ "use strict";
-Object.defineProperty(exports, "__esModule", {
-    value: true
-});
-Object.defineProperty(exports, "AuthMethodLdapService", {
-    enumerable: true,
-    get: function() {
-        return AuthMethodLdapService;
-    }
-});
-const _common = require("@nestjs/common");
-const _ldapts = require("ldapts");
-const _appconstants = require("../../../app.constants");
-const _user = require("../../../applications/users/constants/user");
-const _adminusersmanagerservice = require("../../../applications/users/services/admin-users-manager.service");
-const _usersmanagerservice = require("../../../applications/users/services/users-manager.service");
-const _functions = require("../../../common/functions");
-const _configenvironment = require("../../../configuration/config.environment");
-const _authldap = require("../../constants/auth-ldap");
-function _ts_decorate(decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-}
-function _ts_metadata(k, v) {
-    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
-}
-let AuthMethodLdapService = class AuthMethodLdapService {
-    async validateUser(login, password, ip, scope) {
-        // Find user from his login or email
-        let user = await this.usersManager.findUser(this.dbLogin(login), false);
-        if (user) {
-            if (user.isGuest) {
-                // Allow guests to be authenticated from db and check if the current user is defined as active
-                return this.usersManager.logUser(user, password, ip);
-            }
-            if (!user.isActive) {
-                this.logger.error(`${this.validateUser.name} - user *${user.login}* is locked`);
-                throw new _common.HttpException('Account locked', _common.HttpStatus.FORBIDDEN);
-            }
-        }
-        // If a user was found, use the stored login. This allows logging in with an email.
-        const entry = await this.checkAuth(user?.login || login, password);
-        if (entry === false) {
-            // LDAP auth failed
-            if (user) {
-                let authSuccess = false;
-                if (scope) {
-                    // Try user app password
-                    authSuccess = await this.usersManager.validateAppPassword(user, password, ip, scope);
-                }
-                this.usersManager.updateAccesses(user, ip, authSuccess).catch((e)=>this.logger.error(`${this.validateUser.name} : ${e}`));
-                if (authSuccess) {
-                    // Logged with app password
-                    return user;
-                }
-            }
-            return null;
-        } else if (!entry[this.ldapConfig.attributes.login] || !entry[this.ldapConfig.attributes.email]) {
-            this.logger.error(`${this.validateUser.name} - required ldap fields are missing :
-      [${this.ldapConfig.attributes.login}, ${this.ldapConfig.attributes.email}] =>
-      (${JSON.stringify(entry)})`);
-            return null;
-        }
-        const identity = this.createIdentity(entry, password);
-        user = await this.updateOrCreateUser(identity, user);
-        this.usersManager.updateAccesses(user, ip, true).catch((e)=>this.logger.error(`${this.validateUser.name} : ${e}`));
-        return user;
-    }
-    async checkAuth(login, password) {
-        const ldapLogin = this.buildLdapLogin(login);
-        // AD: bind directly with the user input (UPN or DOMAIN\user)
-        // Generic LDAP: build DN from login attribute + baseDN
-        const bindUserDN = this.isAD ? ldapLogin : `${this.ldapConfig.attributes.login}=${ldapLogin},${this.ldapConfig.baseDN}`;
-        let client;
-        let error;
-        for (const s of this.ldapConfig.servers){
-            client = new _ldapts.Client({
-                ...this.clientOptions,
-                url: s
-            });
-            try {
-                await client.bind(bindUserDN, password);
-                return await this.checkAccess(ldapLogin, client);
-            } catch (e) {
-                if (e.errors?.length) {
-                    for (const err of e.errors){
-                        this.logger.warn(`${this.checkAuth.name} - ${ldapLogin} : ${err}`);
-                        error = err;
-                    }
-                } else {
-                    error = e;
-                    this.logger.warn(`${this.checkAuth.name} - ${ldapLogin} : ${e}`);
-                }
-                if (error instanceof _ldapts.InvalidCredentialsError) {
-                    return false;
-                }
-            } finally{
-                await client.unbind();
-            }
-        }
-        if (error && _appconstants.CONNECT_ERROR_CODE.has(error.code)) {
-            throw new _common.HttpException('Authentication service error', _common.HttpStatus.INTERNAL_SERVER_ERROR);
-        }
-        return false;
-    }
-    async checkAccess(login, client) {
-        const searchFilter = this.buildUserFilter(login, this.ldapConfig.filter);
-        try {
-            const { searchEntries } = await client.search(this.ldapConfig.baseDN, {
-                scope: 'sub',
-                filter: searchFilter,
-                attributes: _authldap.ALL_LDAP_ATTRIBUTES
-            });
-            if (searchEntries.length === 0) {
-                this.logger.debug(`${this.checkAccess.name} - search filter : ${searchFilter}`);
-                this.logger.warn(`${this.checkAccess.name} - no LDAP entry found for : ${login}`);
-                return false;
-            }
-            if (searchEntries.length > 1) {
-                this.logger.warn(`${this.checkAccess.name} - multiple LDAP entries found for : ${login}, using first one`);
-            }
-            // Always return the first valid entry
-            return this.convertToLdapUserEntry(searchEntries[0]);
-        } catch (e) {
-            this.logger.debug(`${this.checkAccess.name} - search filter : ${searchFilter}`);
-            this.logger.error(`${this.checkAccess.name} - ${login} : ${e}`);
-            return false;
-        }
-    }
-    async updateOrCreateUser(identity, user) {
-        if (user === null) {
-            // Create
-            const createdUser = await this.adminUsersManager.createUserOrGuest(identity, identity.role);
-            const freshUser = await this.usersManager.fromUserId(createdUser.id);
-            if (!freshUser) {
-                this.logger.error(`${this.updateOrCreateUser.name} - user was not found : ${createdUser.login} (${createdUser.id})`);
-                throw new _common.HttpException('User not found', _common.HttpStatus.NOT_FOUND);
-            }
-            return freshUser;
-        }
-        if (identity.login !== user.login) {
-            this.logger.error(`${this.updateOrCreateUser.name} - user login mismatch : ${identity.login} !== ${user.login}`);
-            throw new _common.HttpException('Account matching error', _common.HttpStatus.FORBIDDEN);
-        }
-        // Update: check if user information has changed
-        const identityHasChanged = Object.fromEntries((await Promise.all(Object.keys(identity).map(async (key)=>{
-            if (key === 'password') {
-                const isSame = await (0, _functions.comparePassword)(identity[key], user.password);
-                return isSame ? null : [
-                    key,
-                    identity[key]
-                ];
-            }
-            return identity[key] !== user[key] ? [
-                key,
-                identity[key]
-            ] : null;
-        }))).filter(Boolean));
-        if (Object.keys(identityHasChanged).length > 0) {
-            try {
-                if (identityHasChanged?.role != null) {
-                    if (user.role === _user.USER_ROLE.ADMINISTRATOR && !this.ldapConfig.adminGroup) {
-                        // Prevent removing the admin role when adminGroup was removed or not defined
-                        delete identityHasChanged.role;
-                    }
-                }
-                // Update user properties
-                await this.adminUsersManager.updateUserOrGuest(user.id, identityHasChanged);
-                // Extra stuff
-                if (identityHasChanged?.password) {
-                    delete identityHasChanged.password;
-                }
-                Object.assign(user, identityHasChanged);
-                if ('lastName' in identityHasChanged || 'firstName' in identityHasChanged) {
-                    // Force fullName update in the current user model
-                    user.setFullName(true);
-                }
-            } catch (e) {
-                this.logger.warn(`${this.updateOrCreateUser.name} - unable to update user *${user.login}* : ${e}`);
-            }
-        }
-        return user;
-    }
-    convertToLdapUserEntry(entry) {
-        for (const attr of _authldap.ALL_LDAP_ATTRIBUTES){
-            if (attr === _authldap.LDAP_COMMON_ATTR.MEMBER_OF && entry[attr]) {
-                entry[attr] = (Array.isArray(entry[attr]) ? entry[attr] : entry[attr] ? [
-                    entry[attr]
-                ] : []).filter((v)=>typeof v === 'string').map((v)=>v.match(/cn\s*=\s*([^,]+)/i)?.[1]?.trim()).filter(Boolean);
-                continue;
-            }
-            if (Array.isArray(entry[attr])) {
-                // Keep only the first value for all other attributes (e.g., email)
-                entry[attr] = entry[attr].length > 0 ? entry[attr][0] : null;
-            }
-        }
-        return entry;
-    }
-    createIdentity(entry, password) {
-        const isAdmin = typeof this.ldapConfig.adminGroup === 'string' && this.ldapConfig.adminGroup && entry[_authldap.LDAP_COMMON_ATTR.MEMBER_OF]?.includes(this.ldapConfig.adminGroup);
-        return {
-            login: this.dbLogin(entry[this.ldapConfig.attributes.login]),
-            email: entry[this.ldapConfig.attributes.email],
-            password: password,
-            role: isAdmin ? _user.USER_ROLE.ADMINISTRATOR : _user.USER_ROLE.USER,
-            ...this.getFirstNameAndLastName(entry)
-        };
-    }
-    getFirstNameAndLastName(entry) {
-        // 1) Prefer structured attributes
-        if (entry.sn && entry.givenName) {
-            return {
-                firstName: entry.givenName,
-                lastName: entry.sn
-            };
-        }
-        // 2) Fallback to displayName if available
-        if (entry.displayName && entry.displayName.trim()) {
-            return (0, _functions.splitFullName)(entry.displayName);
-        }
-        // 3) Fallback to cn
-        if (entry.cn && entry.cn.trim()) {
-            return (0, _functions.splitFullName)(entry.cn);
-        }
-        // 4) Nothing usable
-        return {
-            firstName: '',
-            lastName: ''
-        };
-    }
-    dbLogin(login) {
-        if (login.includes('\\')) {
-            return login.split('\\').slice(-1)[0];
-        }
-        return login;
-    }
-    buildLdapLogin(login) {
-        if (this.ldapConfig.attributes.login === _authldap.LDAP_LOGIN_ATTR.UPN) {
-            if (this.ldapConfig.upnSuffix && !login.includes('@')) {
-                return `${login}@${this.ldapConfig.upnSuffix}`;
-            }
-        } else if (this.ldapConfig.attributes.login === _authldap.LDAP_LOGIN_ATTR.SAM) {
-            if (this.ldapConfig.netbiosName && !login.includes('\\')) {
-                return `${this.ldapConfig.netbiosName}\\${login}`;
-            }
-        }
-        return login;
-    }
-    buildUserFilter(login, extraFilter) {
-        // Build a safe LDAP filter to search for a user.
-        // Important: - Values passed to EqualityFilter are auto-escaped by ldapts
-        //            - extraFilter is appended as-is (assumed trusted configuration)
-        // Output: (&(|(userPrincipalName=john.doe@sync-in.com)(sAMAccountName=john.doe)(cn=john.doe)(uid=john.doe)(mail=john.doe@sync-in.com))(*extraFilter*))
-        // Handle the case where the sAMAccountName is provided in domain-qualified format (e.g., SYNC_IN\\user)
-        // Note: sAMAccountName is always stored without the domain in Active Directory.
-        const dbLogin = this.dbLogin(login);
-        const or = new _ldapts.OrFilter({
-            filters: this.isAD ? [
-                new _ldapts.EqualityFilter({
-                    attribute: _authldap.LDAP_LOGIN_ATTR.SAM,
-                    value: dbLogin
-                }),
-                new _ldapts.EqualityFilter({
-                    attribute: _authldap.LDAP_LOGIN_ATTR.UPN,
-                    value: dbLogin
-                }),
-                new _ldapts.EqualityFilter({
-                    attribute: _authldap.LDAP_LOGIN_ATTR.MAIL,
-                    value: dbLogin
-                })
-            ] : [
-                new _ldapts.EqualityFilter({
-                    attribute: _authldap.LDAP_LOGIN_ATTR.UID,
-                    value: dbLogin
-                }),
-                new _ldapts.EqualityFilter({
-                    attribute: _authldap.LDAP_LOGIN_ATTR.CN,
-                    value: dbLogin
-                }),
-                new _ldapts.EqualityFilter({
-                    attribute: _authldap.LDAP_LOGIN_ATTR.MAIL,
-                    value: dbLogin
-                })
-            ]
-        });
-        // Convert to LDAP filter string
-        let filterString = new _ldapts.AndFilter({
-            filters: [
-                or
-            ]
-        }).toString();
-        // Optionally append an extra filter from config (trusted source)
-        if (extraFilter && extraFilter.trim()) {
-            filterString = `(&${filterString}${extraFilter})`;
-        }
-        return filterString;
-    }
-    constructor(usersManager, adminUsersManager){
-        this.usersManager = usersManager;
-        this.adminUsersManager = adminUsersManager;
-        this.logger = new _common.Logger(AuthMethodLdapService.name);
-        this.ldapConfig = _configenvironment.configuration.auth.ldap;
-        this.isAD = this.ldapConfig.attributes.login === _authldap.LDAP_LOGIN_ATTR.SAM || this.ldapConfig.attributes.login === _authldap.LDAP_LOGIN_ATTR.UPN;
-        this.clientOptions = {
-            timeout: 6000,
-            connectTimeout: 6000,
-            url: ''
-        };
-    }
-};
-AuthMethodLdapService = _ts_decorate([
-    (0, _common.Injectable)(),
-    _ts_metadata("design:type", Function),
-    _ts_metadata("design:paramtypes", [
-        typeof _usersmanagerservice.UsersManager === "undefined" ? Object : _usersmanagerservice.UsersManager,
-        typeof _adminusersmanagerservice.AdminUsersManager === "undefined" ? Object : _adminusersmanagerservice.AdminUsersManager
-    ])
-], AuthMethodLdapService);
-//# sourceMappingURL=auth-method-ldap.service.js.map

package/server/authentication/services/auth-methods/auth-method-ldap.service.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../../../backend/src/authentication/services/auth-methods/auth-method-ldap.service.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common'\nimport { AndFilter, Client, ClientOptions, Entry, EqualityFilter, InvalidCredentialsError, OrFilter } from 'ldapts'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { USER_ROLE } from '../../../applications/users/constants/user'\nimport type { CreateUserDto, UpdateUserDto } from '../../../applications/users/dto/create-or-update-user.dto'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { AdminUsersManager } from '../../../applications/users/services/admin-users-manager.service'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { comparePassword, splitFullName } from '../../../common/functions'\nimport { configuration } from '../../../configuration/config.environment'\nimport { ALL_LDAP_ATTRIBUTES, LDAP_COMMON_ATTR, LDAP_LOGIN_ATTR } from '../../constants/auth-ldap'\nimport type { AUTH_SCOPE } from '../../constants/scope'\nimport { AuthMethod } from '../../models/auth-method'\n\ntype LdapUserEntry = Entry & Record<LDAP_LOGIN_ATTR | (typeof LDAP_COMMON_ATTR)[keyof typeof LDAP_COMMON_ATTR], string>\n\n@Injectable()\nexport class AuthMethodLdapService implements AuthMethod {\n private readonly logger = new Logger(AuthMethodLdapService.name)\n private readonly ldapConfig = configuration.auth.ldap\n private readonly isAD = this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.SAM || this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.UPN\n private clientOptions: ClientOptions = { timeout: 6000, connectTimeout: 6000, url: '' }\n\n constructor(\n private readonly usersManager: UsersManager,\n private readonly adminUsersManager: AdminUsersManager\n ) {}\n\n async validateUser(login: string, password: string, ip?: string, scope?: AUTH_SCOPE): Promise<UserModel> {\n // Find user from his login or email\n let user: UserModel = await this.usersManager.findUser(this.dbLogin(login), false)\n if (user) {\n if (user.isGuest) {\n // Allow guests to be authenticated from db and check if the current user is defined as active\n return this.usersManager.logUser(user, password, ip)\n }\n if (!user.isActive) {\n this.logger.error(`${this.validateUser.name} - user *${user.login}* is locked`)\n throw new HttpException('Account locked', HttpStatus.FORBIDDEN)\n }\n }\n // If a user was found, use the stored login. This allows logging in with an email.\n const entry: false | LdapUserEntry = await this.checkAuth(user?.login || login, password)\n if (entry === false) {\n // LDAP auth failed\n if (user) {\n let authSuccess = false\n if (scope) {\n // Try user app password\n authSuccess = await this.usersManager.validateAppPassword(user, password, ip, scope)\n }\n this.usersManager.updateAccesses(user, ip, authSuccess).catch((e: Error) => this.logger.error(`${this.validateUser.name} : ${e}`))\n if (authSuccess) {\n // Logged with app password\n return user\n }\n }\n return null\n } else if (!entry[this.ldapConfig.attributes.login] || !entry[this.ldapConfig.attributes.email]) {\n this.logger.error(`${this.validateUser.name} - required ldap fields are missing : \n [${this.ldapConfig.attributes.login}, ${this.ldapConfig.attributes.email}] => \n (${JSON.stringify(entry)})`)\n return null\n }\n const identity = this.createIdentity(entry, password)\n user = await this.updateOrCreateUser(identity, user)\n this.usersManager.updateAccesses(user, ip, true).catch((e: Error) => this.logger.error(`${this.validateUser.name} : ${e}`))\n return user\n }\n\n private async checkAuth(login: string, password: string): Promise<LdapUserEntry | false> {\n const ldapLogin = this.buildLdapLogin(login)\n // AD: bind directly with the user input (UPN or DOMAIN\\user)\n // Generic LDAP: build DN from login attribute + baseDN\n const bindUserDN = this.isAD ? ldapLogin : `${this.ldapConfig.attributes.login}=${ldapLogin},${this.ldapConfig.baseDN}`\n let client: Client\n let error: any\n for (const s of this.ldapConfig.servers) {\n client = new Client({ ...this.clientOptions, url: s })\n try {\n await client.bind(bindUserDN, password)\n return await this.checkAccess(ldapLogin, client)\n } catch (e) {\n if (e.errors?.length) {\n for (const err of e.errors) {\n this.logger.warn(`${this.checkAuth.name} - ${ldapLogin} : ${err}`)\n error = err\n }\n } else {\n error = e\n this.logger.warn(`${this.checkAuth.name} - ${ldapLogin} : ${e}`)\n }\n if (error instanceof InvalidCredentialsError) {\n return false\n }\n } finally {\n await client.unbind()\n }\n }\n if (error && CONNECT_ERROR_CODE.has(error.code)) {\n throw new HttpException('Authentication service error', HttpStatus.INTERNAL_SERVER_ERROR)\n }\n return false\n }\n\n private async checkAccess(login: string, client: Client): Promise<LdapUserEntry | false> {\n const searchFilter = this.buildUserFilter(login, this.ldapConfig.filter)\n try {\n const { searchEntries } = await client.search(this.ldapConfig.baseDN, {\n scope: 'sub',\n filter: searchFilter,\n attributes: ALL_LDAP_ATTRIBUTES\n })\n\n if (searchEntries.length === 0) {\n this.logger.debug(`${this.checkAccess.name} - search filter : ${searchFilter}`)\n this.logger.warn(`${this.checkAccess.name} - no LDAP entry found for : ${login}`)\n return false\n }\n\n if (searchEntries.length > 1) {\n this.logger.warn(`${this.checkAccess.name} - multiple LDAP entries found for : ${login}, using first one`)\n }\n\n // Always return the first valid entry\n return this.convertToLdapUserEntry(searchEntries[0])\n } catch (e) {\n this.logger.debug(`${this.checkAccess.name} - search filter : ${searchFilter}`)\n this.logger.error(`${this.checkAccess.name} - ${login} : ${e}`)\n return false\n }\n }\n\n private async updateOrCreateUser(identity: CreateUserDto, user: UserModel): Promise<UserModel> {\n if (user === null) {\n // Create\n const createdUser = await this.adminUsersManager.createUserOrGuest(identity, identity.role)\n const freshUser = await this.usersManager.fromUserId(createdUser.id)\n if (!freshUser) {\n this.logger.error(`${this.updateOrCreateUser.name} - user was not found : ${createdUser.login} (${createdUser.id})`)\n throw new HttpException('User not found', HttpStatus.NOT_FOUND)\n }\n return freshUser\n }\n if (identity.login !== user.login) {\n this.logger.error(`${this.updateOrCreateUser.name} - user login mismatch : ${identity.login} !== ${user.login}`)\n throw new HttpException('Account matching error', HttpStatus.FORBIDDEN)\n }\n // Update: check if user information has changed\n const identityHasChanged: UpdateUserDto = Object.fromEntries(\n (\n await Promise.all(\n Object.keys(identity).map(async (key: string) => {\n if (key === 'password') {\n const isSame = await comparePassword(identity[key], user.password)\n return isSame ? null : [key, identity[key]]\n }\n return identity[key] !== user[key] ? [key, identity[key]] : null\n })\n )\n ).filter(Boolean)\n )\n if (Object.keys(identityHasChanged).length > 0) {\n try {\n if (identityHasChanged?.role != null) {\n if (user.role === USER_ROLE.ADMINISTRATOR && !this.ldapConfig.adminGroup) {\n // Prevent removing the admin role when adminGroup was removed or not defined\n delete identityHasChanged.role\n }\n }\n // Update user properties\n await this.adminUsersManager.updateUserOrGuest(user.id, identityHasChanged)\n // Extra stuff\n if (identityHasChanged?.password) {\n delete identityHasChanged.password\n }\n Object.assign(user, identityHasChanged)\n if ('lastName' in identityHasChanged || 'firstName' in identityHasChanged) {\n // Force fullName update in the current user model\n user.setFullName(true)\n }\n } catch (e) {\n this.logger.warn(`${this.updateOrCreateUser.name} - unable to update user *${user.login}* : ${e}`)\n }\n }\n return user\n }\n\n private convertToLdapUserEntry(entry: Entry): LdapUserEntry {\n for (const attr of ALL_LDAP_ATTRIBUTES) {\n if (attr === LDAP_COMMON_ATTR.MEMBER_OF && entry[attr]) {\n entry[attr] = (Array.isArray(entry[attr]) ? entry[attr] : entry[attr] ? [entry[attr]] : [])\n .filter((v: any) => typeof v === 'string')\n .map((v) => v.match(/cn\\s*=\\s*([^,]+)/i)?.[1]?.trim())\n .filter(Boolean)\n continue\n }\n if (Array.isArray(entry[attr])) {\n // Keep only the first value for all other attributes (e.g., email)\n entry[attr] = entry[attr].length > 0 ? entry[attr][0] : null\n }\n }\n return entry as LdapUserEntry\n }\n\n private createIdentity(entry: LdapUserEntry, password: string): CreateUserDto {\n const isAdmin =\n typeof this.ldapConfig.adminGroup === 'string' &&\n this.ldapConfig.adminGroup &&\n entry[LDAP_COMMON_ATTR.MEMBER_OF]?.includes(this.ldapConfig.adminGroup)\n return {\n login: this.dbLogin(entry[this.ldapConfig.attributes.login]),\n email: entry[this.ldapConfig.attributes.email] as string,\n password: password,\n role: isAdmin ? USER_ROLE.ADMINISTRATOR : USER_ROLE.USER,\n ...this.getFirstNameAndLastName(entry)\n } satisfies CreateUserDto\n }\n\n private getFirstNameAndLastName(entry: LdapUserEntry): { firstName: string; lastName: string } {\n // 1) Prefer structured attributes\n if (entry.sn && entry.givenName) {\n return { firstName: entry.givenName, lastName: entry.sn }\n }\n // 2) Fallback to displayName if available\n if (entry.displayName && entry.displayName.trim()) {\n return splitFullName(entry.displayName)\n }\n // 3) Fallback to cn\n if (entry.cn && entry.cn.trim()) {\n return splitFullName(entry.cn)\n }\n // 4) Nothing usable\n return { firstName: '', lastName: '' }\n }\n\n private dbLogin(login: string): string {\n if (login.includes('\\\\')) {\n return login.split('\\\\').slice(-1)[0]\n }\n return login\n }\n\n private buildLdapLogin(login: string): string {\n if (this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.UPN) {\n if (this.ldapConfig.upnSuffix && !login.includes('@')) {\n return `${login}@${this.ldapConfig.upnSuffix}`\n }\n } else if (this.ldapConfig.attributes.login === LDAP_LOGIN_ATTR.SAM) {\n if (this.ldapConfig.netbiosName && !login.includes('\\\\')) {\n return `${this.ldapConfig.netbiosName}\\\\${login}`\n }\n }\n return login\n }\n\n private buildUserFilter(login: string, extraFilter?: string): string {\n // Build a safe LDAP filter to search for a user.\n // Important: - Values passed to EqualityFilter are auto-escaped by ldapts\n // - extraFilter is appended as-is (assumed trusted configuration)\n // Output: (&(|(userPrincipalName=john.doe@sync-in.com)(sAMAccountName=john.doe)(cn=john.doe)(uid=john.doe)(mail=john.doe@sync-in.com))(*extraFilter*))\n\n // Handle the case where the sAMAccountName is provided in domain-qualified format (e.g., SYNC_IN\\\\user)\n // Note: sAMAccountName is always stored without the domain in Active Directory.\n const dbLogin = this.dbLogin(login)\n\n const or = new OrFilter({\n filters: this.isAD\n ? [\n new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.SAM, value: dbLogin }),\n new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.UPN, value: dbLogin }),\n new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.MAIL, value: dbLogin })\n ]\n : [\n new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.UID, value: dbLogin }),\n new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.CN, value: dbLogin }),\n new EqualityFilter({ attribute: LDAP_LOGIN_ATTR.MAIL, value: dbLogin })\n ]\n })\n\n // Convert to LDAP filter string\n let filterString = new AndFilter({ filters: [or] }).toString()\n\n // Optionally append an extra filter from config (trusted source)\n if (extraFilter && extraFilter.trim()) {\n filterString = `(&${filterString}${extraFilter})`\n }\n return filterString\n }\n}\n"],"names":["AuthMethodLdapService","validateUser","login","password","ip","scope","user","usersManager","findUser","dbLogin","isGuest","logUser","isActive","logger","error","name","HttpException","HttpStatus","FORBIDDEN","entry","checkAuth","authSuccess","validateAppPassword","updateAccesses","catch","e","ldapConfig","attributes","email","JSON","stringify","identity","createIdentity","updateOrCreateUser","ldapLogin","buildLdapLogin","bindUserDN","isAD","baseDN","client","s","servers","Client","clientOptions","url","bind","checkAccess","errors","length","err","warn","InvalidCredentialsError","unbind","CONNECT_ERROR_CODE","has","code","INTERNAL_SERVER_ERROR","searchFilter","buildUserFilter","filter","searchEntries","search","ALL_LDAP_ATTRIBUTES","debug","convertToLdapUserEntry","createdUser","adminUsersManager","createUserOrGuest","role","freshUser","fromUserId","id","NOT_FOUND","identityHasChanged","Object","fromEntries","Promise","all","keys","map","key","isSame","comparePassword","Boolean","USER_ROLE","ADMINISTRATOR","adminGroup","updateUserOrGuest","assign","setFullName","attr","LDAP_COMMON_ATTR","MEMBER_OF","Array","isArray","v","match","trim","isAdmin","includes","USER","getFirstNameAndLastName","sn","givenName","firstName","lastName","displayName","splitFullName","cn","split","slice","LDAP_LOGIN_ATTR","UPN","upnSuffix","SAM","netbiosName","extraFilter","or","OrFilter","filters","EqualityFilter","attribute","value","MAIL","UID","CN","filterString","AndFilter","toString","Logger","configuration","auth","ldap","timeout","connectTimeout"],"mappings":"AAAA;;;;CAIC;;;;+BAmBYA;;;eAAAA;;;wBAjBiD;wBAC6C;8BACxE;sBACT;0CAGQ;qCACL;2BACkB;mCACjB;0BACyC;;;;;;;;;;AAOhE,IAAA,AAAMA,wBAAN,MAAMA;IAWX,MAAMC,aAAaC,KAAa,EAAEC,QAAgB,EAAEC,EAAW,EAAEC,KAAkB,EAAsB;QACvG,oCAAoC;QACpC,IAAIC,OAAkB,MAAM,IAAI,CAACC,YAAY,CAACC,QAAQ,CAAC,IAAI,CAACC,OAAO,CAACP,QAAQ;QAC5E,IAAII,MAAM;YACR,IAAIA,KAAKI,OAAO,EAAE;gBAChB,8FAA8F;gBAC9F,OAAO,IAAI,CAACH,YAAY,CAACI,OAAO,CAACL,MAAMH,UAAUC;YACnD;YACA,IAAI,CAACE,KAAKM,QAAQ,EAAE;gBAClB,IAAI,CAACC,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC,SAAS,EAAET,KAAKJ,KAAK,CAAC,WAAW,CAAC;gBAC9E,MAAM,IAAIc,qBAAa,CAAC,kBAAkBC,kBAAU,CAACC,SAAS;YAChE;QACF;QACA,mFAAmF;QACnF,MAAMC,QAA+B,MAAM,IAAI,CAACC,SAAS,CAACd,MAAMJ,SAASA,OAAOC;QAChF,IAAIgB,UAAU,OAAO;YACnB,mBAAmB;YACnB,IAAIb,MAAM;gBACR,IAAIe,cAAc;gBAClB,IAAIhB,OAAO;oBACT,wBAAwB;oBACxBgB,cAAc,MAAM,IAAI,CAACd,YAAY,CAACe,mBAAmB,CAAChB,MAAMH,UAAUC,IAAIC;gBAChF;gBACA,IAAI,CAACE,YAAY,CAACgB,cAAc,CAACjB,MAAMF,IAAIiB,aAAaG,KAAK,CAAC,CAACC,IAAa,IAAI,CAACZ,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC,GAAG,EAAEU,GAAG;gBAChI,IAAIJ,aAAa;oBACf,2BAA2B;oBAC3B,OAAOf;gBACT;YACF;YACA,OAAO;QACT,OAAO,IAAI,CAACa,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC,IAAI,CAACiB,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACC,KAAK,CAAC,EAAE;YAC/F,IAAI,CAACf,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC;OAC3C,EAAE,IAAI,CAACW,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC,EAAE,EAAE,IAAI,CAACwB,UAAU,CAACC,UAAU,CAACC,KAAK,CAAC;OACxE,EAAEC,KAAKC,SAAS,CAACX,OAAO,CAAC,CAAC;YAC3B,OAAO;QACT;QACA,MAAMY,WAAW,IAAI,CAACC,cAAc,CAACb,OAAOhB;QAC5CG,OAAO,MAAM,IAAI,CAAC2B,kBAAkB,CAACF,UAAUzB;QAC/C,IAAI,CAACC,YAAY,CAACgB,cAAc,CAACjB,MAAMF,IAAI,MAAMoB,KAAK,CAAC,CAACC,IAAa,IAAI,CAACZ,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACb,YAAY,CAACc,IAAI,CAAC,GAAG,EAAEU,GAAG;QACzH,OAAOnB;IACT;IAEA,MAAcc,UAAUlB,KAAa,EAAEC,QAAgB,EAAkC;QACvF,MAAM+B,YAAY,IAAI,CAACC,cAAc,CAACjC;QACtC,6DAA6D;QAC7D,uDAAuD;QACvD,MAAMkC,aAAa,IAAI,CAACC,IAAI,GAAGH,YAAY,GAAG,IAAI,CAACR,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC,CAAC,EAAEgC,UAAU,CAAC,EAAE,IAAI,CAACR,UAAU,CAACY,MAAM,EAAE;QACvH,IAAIC;QACJ,IAAIzB;QACJ,KAAK,MAAM0B,KAAK,IAAI,CAACd,UAAU,CAACe,OAAO,CAAE;YACvCF,SAAS,IAAIG,cAAM,CAAC;gBAAE,GAAG,IAAI,CAACC,aAAa;gBAAEC,KAAKJ;YAAE;YACpD,IAAI;gBACF,MAAMD,OAAOM,IAAI,CAACT,YAAYjC;gBAC9B,OAAO,MAAM,IAAI,CAAC2C,WAAW,CAACZ,WAAWK;YAC3C,EAAE,OAAOd,GAAG;gBACV,IAAIA,EAAEsB,MAAM,EAAEC,QAAQ;oBACpB,KAAK,MAAMC,OAAOxB,EAAEsB,MAAM,CAAE;wBAC1B,IAAI,CAAClC,MAAM,CAACqC,IAAI,CAAC,GAAG,IAAI,CAAC9B,SAAS,CAACL,IAAI,CAAC,GAAG,EAAEmB,UAAU,GAAG,EAAEe,KAAK;wBACjEnC,QAAQmC;oBACV;gBACF,OAAO;oBACLnC,QAAQW;oBACR,IAAI,CAACZ,MAAM,CAACqC,IAAI,CAAC,GAAG,IAAI,CAAC9B,SAAS,CAACL,IAAI,CAAC,GAAG,EAAEmB,UAAU,GAAG,EAAET,GAAG;gBACjE;gBACA,IAAIX,iBAAiBqC,+BAAuB,EAAE;oBAC5C,OAAO;gBACT;YACF,SAAU;gBACR,MAAMZ,OAAOa,MAAM;YACrB;QACF;QACA,IAAItC,SAASuC,gCAAkB,CAACC,GAAG,CAACxC,MAAMyC,IAAI,GAAG;YAC/C,MAAM,IAAIvC,qBAAa,CAAC,gCAAgCC,kBAAU,CAACuC,qBAAqB;QAC1F;QACA,OAAO;IACT;IAEA,MAAcV,YAAY5C,KAAa,EAAEqC,MAAc,EAAkC;QACvF,MAAMkB,eAAe,IAAI,CAACC,eAAe,CAACxD,OAAO,IAAI,CAACwB,UAAU,CAACiC,MAAM;QACvE,IAAI;YACF,MAAM,EAAEC,aAAa,EAAE,GAAG,MAAMrB,OAAOsB,MAAM,CAAC,IAAI,CAACnC,UAAU,CAACY,MAAM,EAAE;gBACpEjC,OAAO;gBACPsD,QAAQF;gBACR9B,YAAYmC,6BAAmB;YACjC;YAEA,IAAIF,cAAcZ,MAAM,KAAK,GAAG;gBAC9B,IAAI,CAACnC,MAAM,CAACkD,KAAK,CAAC,GAAG,IAAI,CAACjB,WAAW,CAAC/B,IAAI,CAAC,mBAAmB,EAAE0C,cAAc;gBAC9E,IAAI,CAAC5C,MAAM,CAACqC,IAAI,CAAC,GAAG,IAAI,CAACJ,WAAW,CAAC/B,IAAI,CAAC,6BAA6B,EAAEb,OAAO;gBAChF,OAAO;YACT;YAEA,IAAI0D,cAAcZ,MAAM,GAAG,GAAG;gBAC5B,IAAI,CAACnC,MAAM,CAACqC,IAAI,CAAC,GAAG,IAAI,CAACJ,WAAW,CAAC/B,IAAI,CAAC,qCAAqC,EAAEb,MAAM,iBAAiB,CAAC;YAC3G;YAEA,sCAAsC;YACtC,OAAO,IAAI,CAAC8D,sBAAsB,CAACJ,aAAa,CAAC,EAAE;QACrD,EAAE,OAAOnC,GAAG;YACV,IAAI,CAACZ,MAAM,CAACkD,KAAK,CAAC,GAAG,IAAI,CAACjB,WAAW,CAAC/B,IAAI,CAAC,mBAAmB,EAAE0C,cAAc;YAC9E,IAAI,CAAC5C,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACgC,WAAW,CAAC/B,IAAI,CAAC,GAAG,EAAEb,MAAM,GAAG,EAAEuB,GAAG;YAC9D,OAAO;QACT;IACF;IAEA,MAAcQ,mBAAmBF,QAAuB,EAAEzB,IAAe,EAAsB;QAC7F,IAAIA,SAAS,MAAM;YACjB,SAAS;YACT,MAAM2D,cAAc,MAAM,IAAI,CAACC,iBAAiB,CAACC,iBAAiB,CAACpC,UAAUA,SAASqC,IAAI;YAC1F,MAAMC,YAAY,MAAM,IAAI,CAAC9D,YAAY,CAAC+D,UAAU,CAACL,YAAYM,EAAE;YACnE,IAAI,CAACF,WAAW;gBACd,IAAI,CAACxD,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACmB,kBAAkB,CAAClB,IAAI,CAAC,wBAAwB,EAAEkD,YAAY/D,KAAK,CAAC,EAAE,EAAE+D,YAAYM,EAAE,CAAC,CAAC,CAAC;gBACnH,MAAM,IAAIvD,qBAAa,CAAC,kBAAkBC,kBAAU,CAACuD,SAAS;YAChE;YACA,OAAOH;QACT;QACA,IAAItC,SAAS7B,KAAK,KAAKI,KAAKJ,KAAK,EAAE;YACjC,IAAI,CAACW,MAAM,CAACC,KAAK,CAAC,GAAG,IAAI,CAACmB,kBAAkB,CAAClB,IAAI,CAAC,yBAAyB,EAAEgB,SAAS7B,KAAK,CAAC,KAAK,EAAEI,KAAKJ,KAAK,EAAE;YAC/G,MAAM,IAAIc,qBAAa,CAAC,0BAA0BC,kBAAU,CAACC,SAAS;QACxE;QACA,gDAAgD;QAChD,MAAMuD,qBAAoCC,OAAOC,WAAW,CAC1D,AACE,CAAA,MAAMC,QAAQC,GAAG,CACfH,OAAOI,IAAI,CAAC/C,UAAUgD,GAAG,CAAC,OAAOC;YAC/B,IAAIA,QAAQ,YAAY;gBACtB,MAAMC,SAAS,MAAMC,IAAAA,0BAAe,EAACnD,QAAQ,CAACiD,IAAI,EAAE1E,KAAKH,QAAQ;gBACjE,OAAO8E,SAAS,OAAO;oBAACD;oBAAKjD,QAAQ,CAACiD,IAAI;iBAAC;YAC7C;YACA,OAAOjD,QAAQ,CAACiD,IAAI,KAAK1E,IAAI,CAAC0E,IAAI,GAAG;gBAACA;gBAAKjD,QAAQ,CAACiD,IAAI;aAAC,GAAG;QAC9D,GACF,EACArB,MAAM,CAACwB;QAEX,IAAIT,OAAOI,IAAI,CAACL,oBAAoBzB,MAAM,GAAG,GAAG;YAC9C,IAAI;gBACF,IAAIyB,oBAAoBL,QAAQ,MAAM;oBACpC,IAAI9D,KAAK8D,IAAI,KAAKgB,eAAS,CAACC,aAAa,IAAI,CAAC,IAAI,CAAC3D,UAAU,CAAC4D,UAAU,EAAE;wBACxE,6EAA6E;wBAC7E,OAAOb,mBAAmBL,IAAI;oBAChC;gBACF;gBACA,yBAAyB;gBACzB,MAAM,IAAI,CAACF,iBAAiB,CAACqB,iBAAiB,CAACjF,KAAKiE,EAAE,EAAEE;gBACxD,cAAc;gBACd,IAAIA,oBAAoBtE,UAAU;oBAChC,OAAOsE,mBAAmBtE,QAAQ;gBACpC;gBACAuE,OAAOc,MAAM,CAAClF,MAAMmE;gBACpB,IAAI,cAAcA,sBAAsB,eAAeA,oBAAoB;oBACzE,kDAAkD;oBAClDnE,KAAKmF,WAAW,CAAC;gBACnB;YACF,EAAE,OAAOhE,GAAG;gBACV,IAAI,CAACZ,MAAM,CAACqC,IAAI,CAAC,GAAG,IAAI,CAACjB,kBAAkB,CAAClB,IAAI,CAAC,0BAA0B,EAAET,KAAKJ,KAAK,CAAC,IAAI,EAAEuB,GAAG;YACnG;QACF;QACA,OAAOnB;IACT;IAEQ0D,uBAAuB7C,KAAY,EAAiB;QAC1D,KAAK,MAAMuE,QAAQ5B,6BAAmB,CAAE;YACtC,IAAI4B,SAASC,0BAAgB,CAACC,SAAS,IAAIzE,KAAK,CAACuE,KAAK,EAAE;gBACtDvE,KAAK,CAACuE,KAAK,GAAG,AAACG,CAAAA,MAAMC,OAAO,CAAC3E,KAAK,CAACuE,KAAK,IAAIvE,KAAK,CAACuE,KAAK,GAAGvE,KAAK,CAACuE,KAAK,GAAG;oBAACvE,KAAK,CAACuE,KAAK;iBAAC,GAAG,EAAE,AAAD,EACtF/B,MAAM,CAAC,CAACoC,IAAW,OAAOA,MAAM,UAChChB,GAAG,CAAC,CAACgB,IAAMA,EAAEC,KAAK,CAAC,sBAAsB,CAAC,EAAE,EAAEC,QAC9CtC,MAAM,CAACwB;gBACV;YACF;YACA,IAAIU,MAAMC,OAAO,CAAC3E,KAAK,CAACuE,KAAK,GAAG;gBAC9B,mEAAmE;gBACnEvE,KAAK,CAACuE,KAAK,GAAGvE,KAAK,CAACuE,KAAK,CAAC1C,MAAM,GAAG,IAAI7B,KAAK,CAACuE,KAAK,CAAC,EAAE,GAAG;YAC1D;QACF;QACA,OAAOvE;IACT;IAEQa,eAAeb,KAAoB,EAAEhB,QAAgB,EAAiB;QAC5E,MAAM+F,UACJ,OAAO,IAAI,CAACxE,UAAU,CAAC4D,UAAU,KAAK,YACtC,IAAI,CAAC5D,UAAU,CAAC4D,UAAU,IAC1BnE,KAAK,CAACwE,0BAAgB,CAACC,SAAS,CAAC,EAAEO,SAAS,IAAI,CAACzE,UAAU,CAAC4D,UAAU;QACxE,OAAO;YACLpF,OAAO,IAAI,CAACO,OAAO,CAACU,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACzB,KAAK,CAAC;YAC3D0B,OAAOT,KAAK,CAAC,IAAI,CAACO,UAAU,CAACC,UAAU,CAACC,KAAK,CAAC;YAC9CzB,UAAUA;YACViE,MAAM8B,UAAUd,eAAS,CAACC,aAAa,GAAGD,eAAS,CAACgB,IAAI;YACxD,GAAG,IAAI,CAACC,uBAAuB,CAAClF,MAAM;QACxC;IACF;IAEQkF,wBAAwBlF,KAAoB,EAA2C;QAC7F,kCAAkC;QAClC,IAAIA,MAAMmF,EAAE,IAAInF,MAAMoF,SAAS,EAAE;YAC/B,OAAO;gBAAEC,WAAWrF,MAAMoF,SAAS;gBAAEE,UAAUtF,MAAMmF,EAAE;YAAC;QAC1D;QACA,0CAA0C;QAC1C,IAAInF,MAAMuF,WAAW,IAAIvF,MAAMuF,WAAW,CAACT,IAAI,IAAI;YACjD,OAAOU,IAAAA,wBAAa,EAACxF,MAAMuF,WAAW;QACxC;QACA,oBAAoB;QACpB,IAAIvF,MAAMyF,EAAE,IAAIzF,MAAMyF,EAAE,CAACX,IAAI,IAAI;YAC/B,OAAOU,IAAAA,wBAAa,EAACxF,MAAMyF,EAAE;QAC/B;QACA,oBAAoB;QACpB,OAAO;YAAEJ,WAAW;YAAIC,UAAU;QAAG;IACvC;IAEQhG,QAAQP,KAAa,EAAU;QACrC,IAAIA,MAAMiG,QAAQ,CAAC,OAAO;YACxB,OAAOjG,MAAM2G,KAAK,CAAC,MAAMC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE;QACvC;QACA,OAAO5G;IACT;IAEQiC,eAAejC,KAAa,EAAU;QAC5C,IAAI,IAAI,CAACwB,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAK6G,yBAAe,CAACC,GAAG,EAAE;YAC5D,IAAI,IAAI,CAACtF,UAAU,CAACuF,SAAS,IAAI,CAAC/G,MAAMiG,QAAQ,CAAC,MAAM;gBACrD,OAAO,GAAGjG,MAAM,CAAC,EAAE,IAAI,CAACwB,UAAU,CAACuF,SAAS,EAAE;YAChD;QACF,OAAO,IAAI,IAAI,CAACvF,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAK6G,yBAAe,CAACG,GAAG,EAAE;YACnE,IAAI,IAAI,CAACxF,UAAU,CAACyF,WAAW,IAAI,CAACjH,MAAMiG,QAAQ,CAAC,OAAO;gBACxD,OAAO,GAAG,IAAI,CAACzE,UAAU,CAACyF,WAAW,CAAC,EAAE,EAAEjH,OAAO;YACnD;QACF;QACA,OAAOA;IACT;IAEQwD,gBAAgBxD,KAAa,EAAEkH,WAAoB,EAAU;QACnE,iDAAiD;QACjD,0EAA0E;QAC1E,6EAA6E;QAC7E,uJAAuJ;QAEvJ,wGAAwG;QACxG,gFAAgF;QAChF,MAAM3G,UAAU,IAAI,CAACA,OAAO,CAACP;QAE7B,MAAMmH,KAAK,IAAIC,gBAAQ,CAAC;YACtBC,SAAS,IAAI,CAAClF,IAAI,GACd;gBACE,IAAImF,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACG,GAAG;oBAAEQ,OAAOjH;gBAAQ;gBACpE,IAAI+G,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACC,GAAG;oBAAEU,OAAOjH;gBAAQ;gBACpE,IAAI+G,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACY,IAAI;oBAAED,OAAOjH;gBAAQ;aACtE,GACD;gBACE,IAAI+G,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACa,GAAG;oBAAEF,OAAOjH;gBAAQ;gBACpE,IAAI+G,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACc,EAAE;oBAAEH,OAAOjH;gBAAQ;gBACnE,IAAI+G,sBAAc,CAAC;oBAAEC,WAAWV,yBAAe,CAACY,IAAI;oBAAED,OAAOjH;gBAAQ;aACtE;QACP;QAEA,gCAAgC;QAChC,IAAIqH,eAAe,IAAIC,iBAAS,CAAC;YAAER,SAAS;gBAACF;aAAG;QAAC,GAAGW,QAAQ;QAE5D,iEAAiE;QACjE,IAAIZ,eAAeA,YAAYnB,IAAI,IAAI;YACrC6B,eAAe,CAAC,EAAE,EAAEA,eAAeV,YAAY,CAAC,CAAC;QACnD;QACA,OAAOU;IACT;IAzQA,YACE,AAAiBvH,YAA0B,EAC3C,AAAiB2D,iBAAoC,CACrD;aAFiB3D,eAAAA;aACA2D,oBAAAA;aAPFrD,SAAS,IAAIoH,cAAM,CAACjI,sBAAsBe,IAAI;aAC9CW,aAAawG,gCAAa,CAACC,IAAI,CAACC,IAAI;aACpC/F,OAAO,IAAI,CAACX,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAK6G,yBAAe,CAACG,GAAG,IAAI,IAAI,CAACxF,UAAU,CAACC,UAAU,CAACzB,KAAK,KAAK6G,yBAAe,CAACC,GAAG;aACpIrE,gBAA+B;YAAE0F,SAAS;YAAMC,gBAAgB;YAAM1F,KAAK;QAAG;IAKnF;AAuQL"}