npm - @tasenor/common-node - Versions diffs - 1.9.16 - Mend

@tasenor/common-node 1.9.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (326) hide show

package/dist/tasenor-common-node/src/net/middleware.js ADDED Viewed

@@ -0,0 +1,220 @@
+import cors from 'cors';
+import express from 'express';
+import { error, log, MAX_UPLOAD_SIZE } from '@dataplug/tasenor-common';
+import { tokens } from './tokens';
+import { vault } from './vault';
+import helmet from 'helmet';
+/**
+ * Hide tokens from URL.
+ * @param url
+ */
+export function cleanUrl(url) {
+    return url.replace(/\btoken=[^&]+\b/, 'token=xxxx');
+}
+/**
+ * Construct standard initial part of stack of commonly shared middlewares.
+ */
+export function tasenorInitialStack(args) {
+    const stack = [];
+    // Add logger.
+    stack.push((req, res, next) => {
+        if (req.method !== 'OPTIONS') {
+            let owner;
+            const token = tokens.get(req);
+            if (token) {
+                const parsed = tokens.parse(token);
+                if (parsed && parsed.payload) {
+                    const payload = parsed.payload;
+                    owner = payload.data.owner;
+                    let aud = payload.aud;
+                    if (payload.aud === 'refresh') {
+                        aud = payload.data.audience;
+                    }
+                    switch (aud) {
+                        case 'sites':
+                            owner = `Site ${owner}`;
+                            break;
+                        case 'bookkeeping':
+                            owner = `User ${owner}`;
+                            break;
+                    }
+                }
+            }
+            const user = owner ? `${owner} from ${req.ip}` : `${req.ip}`;
+            const message = `${user} ${req.method} ${req.hostname} ${cleanUrl(req.originalUrl)}`;
+            log(message);
+        }
+        next();
+    });
+    // Add cors.
+    stack.push(cors({ origin: args.origin }));
+    // Add helmet.
+    let contentSecurityPolicy;
+    if (args.api) {
+        const apiOrigin = new URL(args.api).origin;
+        contentSecurityPolicy = {
+            useDefaults: true,
+            crossOriginResourcePolicy: { policy: 'same-site' },
+            directives: {
+                defaultSrc: ["'self'", apiOrigin],
+                imgSrc: ["'self'", 'data:', apiOrigin],
+                scriptSrc: ["'self'", "'unsafe-eval'"]
+            }
+        };
+        stack.push(helmet({
+            contentSecurityPolicy
+        }));
+    }
+    return stack;
+}
+/**
+ * Construct standard final part of stack of commonly shared middlewares.
+ */
+export function tasenorFinalStack() {
+    const stack = [];
+    // Add error catcher.
+    stack.push((err, req, res, next) => {
+        error('Internal error:', err);
+        if (res.headersSent) {
+            return next(err);
+        }
+        res.status(500).send({ message: 'Internal server error.' });
+        const message = `${req.ip} ${req.method} ${req.hostname} ${cleanUrl(req.originalUrl)} => ${res.statusCode}`;
+        error(message);
+    });
+    return stack;
+}
+/**
+ * A constructor for tasenor middleware stack based on the arguments.
+ *
+ * Each flag adds one or more functions to the stack returned.
+ *
+ * Flags:
+ * - `url` Urlenconder parser.
+ * - `json` JSON body parser.
+ * - `token` Look for token from the request, but do not verify it yet.
+ * - `user` Check that user token is present and for bookkeeper.
+ * - `uuid` Check that UUID header is present and parse owner from the token. Verify signature of the token for ANY audience.
+ * - `admin` Check that the valid bookkeeper user token exists and has admin feat.
+ * - `superuser` Check that the valid bookkeeper user token exists and has superuser feat.
+ * - `audience` The token audience to check token against (user or admin implies 'bookkeeper' unless explicitly given).
+ * - `upload` If set, allow much bigger body for request.
+ *
+ * The output on the res.locals is:
+ *
+ * - `token` Raw token string.
+ * - `auth` Content of the token if verified.
+ * - `user` Name of the owner of the token if verified,
+ * - `uuid` If X-UUID header was found, the value of it.
+ * - `owner` Set when UUID is found and token signed for ANY audience.
+ */
+export function tasenorStack({ url, json, user, uuid, admin, superuser, audience, token, upload }) {
+    const stack = [];
+    // Set automatic up implications.
+    if (superuser) {
+        admin = true;
+        token = true;
+    }
+    if (admin) {
+        user = true;
+        token = true;
+    }
+    if (user && !audience) {
+        audience = 'bookkeeping';
+    }
+    if (audience) {
+        token = true;
+    }
+    if (uuid) {
+        token = true;
+    }
+    // Add some space for upload.
+    const params = {};
+    if (upload) {
+        params.limit = MAX_UPLOAD_SIZE;
+    }
+    // Add URL encoding middleware.
+    if (url || (upload && !url && !json)) {
+        stack.push(express.urlencoded({ extended: true, ...params }));
+    }
+    // Add JSON middleware.
+    if (json) {
+        stack.push(express.json({ ...params }));
+    }
+    // Find the token.
+    if (token) {
+        stack.push(async (req, res, next) => {
+            res.locals.token = tokens.get(req);
+            next();
+        });
+    }
+    // Set the UUID and owner.
+    if (uuid) {
+        stack.push(async (req, res, next) => {
+            if (!res.locals.token) {
+                error('There is no token in the request and we are looking for UUID.');
+                return res.status(403).send({ message: 'Forbidden.' });
+            }
+            const uuid = req.headers['x-uuid'];
+            if (!uuid) {
+                error('Cannot find UUID from the request.');
+                return res.status(403).send({ message: 'Forbidden.' });
+            }
+            const parsed = tokens.parse(res.locals.token);
+            if (!parsed) {
+                error(`Cannot parse payload from the token ${res.locals.token}`);
+                return res.status(403).send({ message: 'Forbidden.' });
+            }
+            const payload = parsed.payload;
+            const audience = payload.aud;
+            const secret = vault.getPrivateSecret();
+            const ok = tokens.verify(res.locals.token, secret, audience);
+            if (!ok) {
+                error(`Failed to verify token ${res.locals.token} for audience ${audience}.`);
+                return res.status(403).send({ message: 'Forbidden.' });
+            }
+            res.locals.uuid = uuid;
+            res.locals.owner = ok.owner;
+            next();
+        });
+    }
+    // Add token check middleware.
+    if (audience) {
+        stack.push(async (req, res, next) => {
+            const token = res.locals.token;
+            if (!token) {
+                error(`Request ${req.method} ${cleanUrl(req.originalUrl)} from ${req.ip} has no token.`);
+                res.status(401).send({ message: 'Unauthorized.' });
+                return;
+            }
+            const secret = audience === 'refresh' ? await vault.get('SECRET') : vault.getPrivateSecret();
+            if (!secret) {
+                error('Cannot find SECRET.');
+                return res.status(500).send({ message: 'Unable to handle authorized requests at the moment.' });
+            }
+            if (!audience) {
+                return res.status(500).send({ message: 'Internal error.' });
+            }
+            const payload = tokens.verify(token, secret, audience);
+            if (!payload) {
+                error(`Request from ${req.ip} has bad token ${token}`);
+                return res.status(403).send({ message: 'Forbidden.' });
+            }
+            // Check admin.
+            if (admin && !payload.feats.ADMIN && !payload.feats.SUPERUSER) {
+                error(`Request denied for admin access to ${JSON.stringify(payload)}`);
+                return res.status(403).send({ message: 'Forbidden.' });
+            }
+            // Check superuser.
+            if (superuser && !payload.feats.SUPERUSER) {
+                error(`Request denied for superuser access to ${JSON.stringify(payload)}`);
+                return res.status(403).send({ message: 'Forbidden.' });
+            }
+            res.locals.auth = payload;
+            res.locals.user = payload.owner;
+            next();
+        });
+    }
+    return stack;
+}
+//# sourceMappingURL=middleware.js.map

package/dist/tasenor-common-node/src/net/middleware.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../../src/net/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAA;AACvB,OAAO,OAAmE,MAAM,SAAS,CAAA;AACzF,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,eAAe,EAAqC,MAAM,0BAA0B,CAAA;AACzG,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAA;AAC/B,OAAO,MAAM,MAAM,QAAQ,CAAA;AAG3B;;;GAGG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAW;IAClC,OAAO,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAA;AACrD,CAAC;AAUD;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAsC;IACxE,MAAM,KAAK,GAAsB,EAAE,CAAA;IAEnC,cAAc;IACd,KAAK,CAAC,IAAI,CAAC,CAAC,GAAY,EAAE,GAAa,EAAE,IAA8B,EAAE,EAAE;QACzE,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE;YAC5B,IAAI,KAAK,CAAA;YACT,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAC7B,IAAI,KAAK,EAAE;gBACT,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;gBAClC,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE;oBAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAqB,CAAA;oBAC5C,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAA;oBAC1B,IAAI,GAAG,GAAG,OAAO,CAAC,GAAG,CAAA;oBACrB,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE;wBAC7B,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAA;qBAC5B;oBACD,QAAQ,GAAG,EAAE;wBACX,KAAK,OAAO;4BACV,KAAK,GAAG,QAAQ,KAAK,EAAE,CAAA;4BACvB,MAAK;wBACP,KAAK,aAAa;4BAChB,KAAK,GAAG,QAAQ,KAAK,EAAE,CAAA;4BACvB,MAAK;qBACR;iBACF;aACF;YACD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,SAAS,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,EAAE,EAAE,CAAA;YAC5D,MAAM,OAAO,GAAG,GAAG,IAAI,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,QAAQ,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAA;YACpF,GAAG,CAAC,OAAO,CAAC,CAAA;SACb;QACD,IAAI,EAAE,CAAA;IACR,CAAC,CAAC,CAAA;IAEF,YAAY;IACZ,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAA;IAEzC,cAAc;IACd,IAAI,qBAAqB,CAAA;IACzB,IAAI,IAAI,CAAC,GAAG,EAAE;QACZ,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAA;QAC1C,qBAAqB,GAAG;YACtB,WAAW,EAAE,IAAI;YACjB,yBAAyB,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;YAClD,UAAU,EAAE;gBACV,UAAU,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;gBACjC,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;gBACtC,SAAS,EAAE,CAAC,QAAQ,EAAE,eAAe,CAAC;aACvC;SACF,CAAA;QACD,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;YAChB,qBAAqB;SACtB,CAAC,CAAC,CAAA;KACJ;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,KAAK,GAA8C,EAAE,CAAA;IAE3D,qBAAqB;IACrB,KAAK,CAAC,IAAI,CAAC,CAAC,GAAU,EAAE,GAAY,EAAE,GAAa,EAAE,IAA8B,EAAE,EAAE;QACrF,KAAK,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAA;QAC7B,IAAI,GAAG,CAAC,WAAW,EAAE;YACnB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAA;SACjB;QACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAA;QAC3D,MAAM,OAAO,GAAG,GAAG,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,QAAQ,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,GAAG,CAAC,UAAU,EAAE,CAAA;QAC3G,KAAK,CAAC,OAAO,CAAC,CAAA;IAChB,CAAC,CAAC,CAAA;IAEF,OAAO,KAAK,CAAA;AACd,CAAC;AAiBD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,YAAY,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAA6B;IAC1H,MAAM,KAAK,GAAqB,EAAE,CAAA;IAElC,iCAAiC;IACjC,IAAI,SAAS,EAAE;QACb,KAAK,GAAG,IAAI,CAAA;QACZ,KAAK,GAAG,IAAI,CAAA;KACb;IACD,IAAI,KAAK,EAAE;QACT,IAAI,GAAG,IAAI,CAAA;QACX,KAAK,GAAG,IAAI,CAAA;KACb;IACD,IAAI,IAAI,IAAI,CAAC,QAAQ,EAAE;QACrB,QAAQ,GAAG,aAAa,CAAA;KACzB;IACD,IAAI,QAAQ,EAAE;QACZ,KAAK,GAAG,IAAI,CAAA;KACb;IACD,IAAI,IAAI,EAAE;QACR,KAAK,GAAG,IAAI,CAAA;KACb;IAED,6BAA6B;IAC7B,MAAM,MAAM,GAA4B,EAAE,CAAA;IAC1C,IAAI,MAAM,EAAE;QACV,MAAM,CAAC,KAAK,GAAG,eAAe,CAAA;KAC/B;IAED,+BAA+B;IAC/B,IAAI,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE;QACpC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAA;KAC9D;IAED,uBAAuB;IACvB,IAAI,IAAI,EAAE;QACR,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAA;KACxC;IAED,kBAAkB;IAClB,IAAI,KAAK,EAAE;QACT,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAA8B,EAAE,EAAE;YAC/E,GAAG,CAAC,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAClC,IAAI,EAAE,CAAA;QACR,CAAC,CAAC,CAAA;KACH;IAED,0BAA0B;IAC1B,IAAI,IAAI,EAAE;QACR,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAA8B,EAAE,EAAE;YAC/E,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE;gBACrB,KAAK,CAAC,+DAA+D,CAAC,CAAA;gBACtE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAA;aACvD;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;YAClC,IAAI,CAAC,IAAI,EAAE;gBACT,KAAK,CAAC,oCAAoC,CAAC,CAAA;gBAC3C,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAA;aACvD;YACD,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YAC7C,IAAI,CAAC,MAAM,EAAE;gBACX,KAAK,CAAC,uCAAuC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAA;gBAChE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAA;aACvD;YACD,MAAM,OAAO,GAAe,MAAM,CAAC,OAAqB,CAAA;YACxD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAoB,CAAA;YAC7C,MAAM,MAAM,GAAG,KAAK,CAAC,gBAAgB,EAAE,CAAA;YACvC,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;YAC5D,IAAI,CAAC,EAAE,EAAE;gBACP,KAAK,CAAC,0BAA0B,GAAG,CAAC,MAAM,CAAC,KAAK,iBAAiB,QAAQ,GAAG,CAAC,CAAA;gBAC7E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAA;aACvD;YACD,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAA;YACtB,GAAG,CAAC,MAAM,CAAC,KAAK,GAAG,EAAE,CAAC,KAAK,CAAA;YAC3B,IAAI,EAAE,CAAA;QACR,CAAC,CAAC,CAAA;KACH;IAED,8BAA8B;IAC9B,IAAI,QAAQ,EAAE;QACZ,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAA8B,EAAE,EAAE;YAC/E,MAAM,KAAK,GAAU,GAAG,CAAC,MAAM,CAAC,KAAK,CAAA;YACrC,IAAI,CAAC,KAAK,EAAE;gBACV,KAAK,CAAC,WAAW,GAAG,CAAC,MAAM,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,GAAG,CAAC,EAAE,gBAAgB,CAAC,CAAA;gBACxF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAA;gBAClD,OAAM;aACP;YACD,MAAM,MAAM,GAAW,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAW,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAA;YAC9G,IAAI,CAAC,MAAM,EAAE;gBACX,KAAK,CAAC,qBAAqB,CAAC,CAAA;gBAC5B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,qDAAqD,EAAE,CAAC,CAAA;aAChG;YACD,IAAI,CAAC,QAAQ,EAAE;gBACb,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAA;aAC5D;YACD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAA;YACtD,IAAI,CAAC,OAAO,EAAE;gBACZ,KAAK,CAAC,gBAAgB,GAAG,CAAC,EAAE,kBAAkB,KAAK,EAAE,CAAC,CAAA;gBACtD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAA;aACvD;YACD,eAAe;YACf,IAAI,KAAK,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE;gBAC7D,KAAK,CAAC,sCAAsC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;gBACtE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAA;aACvD;YACD,mBAAmB;YACnB,IAAI,SAAS,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE;gBACzC,KAAK,CAAC,0CAA0C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;gBAC1E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAA;aACvD;YACD,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,OAAO,CAAA;YACzB,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,OAAO,CAAC,KAAK,CAAA;YAC/B,IAAI,EAAE,CAAA;QACR,CAAC,CAAC,CAAA;KACH;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}

package/dist/tasenor-common-node/src/net/tokens.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import { TokenPayload, Secret, TokenAudience, Token, TokenPair } from '@dataplug/tasenor-common';
+import { Jwt } from 'jsonwebtoken';
+/**
+ * Find a token from the request if available.
+ * @param request A HTTP request.
+ */
+declare function get(request: any): Token | undefined;
+/**
+ * Sign the payload with the given secret.
+ * @param payload
+ * @param expires
+ * @returns A JSON web token.
+ */
+declare function sign(payload: TokenPayload, audience: TokenAudience, expires?: number): Promise<Token>;
+/**
+ * Sign both the normal token and refresh token for it.
+ * @param payload
+ * @param audience
+ * @param expires
+ */
+declare function sign2(payload: TokenPayload, audience: TokenAudience, expires?: number): Promise<TokenPair>;
+/**
+ * Check the token validity.
+ * @param token
+ * @param secret
+ * @param quiet If set, do not trigger errors.
+ * @returns Token payload if valid.
+ */
+declare function verify(token: Token, secret: Secret, audience: TokenAudience | TokenAudience[], quiet?: boolean): TokenPayload | null;
+/**
+ * Parse the payload of the token without verifying.
+ * @param token
+ */
+declare function parse(token: Token): Jwt | null;
+/**
+ * A checker for token validity.
+ * @param token
+ * @param audience
+ * @param quiet If set, do not trigger errors.
+ */
+declare function check(token: Token, audience: TokenAudience, quiet?: boolean): Promise<boolean>;
+export declare const tokens: {
+    check: typeof check;
+    get: typeof get;
+    parse: typeof parse;
+    sign: typeof sign;
+    sign2: typeof sign2;
+    verify: typeof verify;
+};
+export {};

package/dist/tasenor-common-node/src/net/tokens.js ADDED Viewed

@@ -0,0 +1,141 @@
+import { error, REFRESH_TOKEN_EXPIRY_TIME, TOKEN_EXPIRY_TIME, TOKEN_ISSUER } from '@dataplug/tasenor-common';
+import jwt from 'jsonwebtoken';
+import { create } from 'ts-opaque';
+import { vault } from './vault';
+/**
+ * Find a token from the request if available.
+ * @param request A HTTP request.
+ */
+function get(request) {
+    let token;
+    if (request.query && request.query.token) {
+        token = request.query.token;
+    }
+    else if (request.headers.authorization && /^Bearer /.test(request.headers.authorization)) {
+        token = request.headers.authorization.substr(7);
+    }
+    return token;
+}
+/**
+ * Sign the payload with the given secret.
+ * @param payload
+ * @param expires
+ * @returns A JSON web token.
+ */
+async function sign(payload, audience, expires = 0) {
+    const secret = audience === 'refresh' ? await vault.get('SECRET') : vault.getPrivateSecret();
+    if (!secret) {
+        throw new Error('Cannot fins secret to sign token.');
+    }
+    if (!expires) {
+        expires = audience === 'refresh' ? REFRESH_TOKEN_EXPIRY_TIME : TOKEN_EXPIRY_TIME;
+    }
+    const options = {
+        audience,
+        expiresIn: expires,
+        issuer: TOKEN_ISSUER
+    };
+    const token = create(jwt.sign({ data: payload }, secret, options));
+    return token;
+}
+/**
+ * Sign both the normal token and refresh token for it.
+ * @param payload
+ * @param audience
+ * @param expires
+ */
+async function sign2(payload, audience, expires = 0) {
+    const token = await sign(payload, audience, expires);
+    const refresh = await sign({ audience, owner: payload.owner, feats: payload.feats, plugins: payload.plugins }, 'refresh', expires * 2);
+    return { token, refresh };
+}
+/**
+ * Check the token validity.
+ * @param token
+ * @param secret
+ * @param quiet If set, do not trigger errors.
+ * @returns Token payload if valid.
+ */
+function verify(token, secret, audience, quiet = false) {
+    if (!secret)
+        throw new Error('Cannot verify token since no secret given.');
+    if (!audience)
+        throw new Error('Cannot verify token since no audience given.');
+    function fail(msg) {
+        if (!quiet)
+            error(msg);
+    }
+    try {
+        const decoded = jwt.verify(token, secret, { audience, issuer: [TOKEN_ISSUER] });
+        if (!decoded) {
+            fail('Cannot decode the token.');
+        }
+        else if (!decoded.data) {
+            fail(`Cannot find any payload from the token ${token}.`);
+        }
+        else {
+            if (!decoded.exp) {
+                fail(`Token content ${decoded} does not have exp-field.`);
+                return null;
+            }
+            if (decoded.data.audience) {
+                const data = decoded.data;
+                if (!data.owner || !data.feats) {
+                    fail(`Cannot find proper payload from the refresh token with content ${JSON.stringify(decoded)}.`);
+                    return null;
+                }
+                else {
+                    return data;
+                }
+            }
+            else {
+                const data = decoded.data;
+                if (!data.owner || !data.feats) {
+                    fail(`Cannot find proper payload from the token with content ${JSON.stringify(decoded)}.`);
+                    return null;
+                }
+                else {
+                    return data;
+                }
+            }
+        }
+    }
+    catch (err) {
+        fail(`Token verification failed ${err} for ${JSON.stringify(parse(token))}`);
+    }
+    return null;
+}
+/**
+ * Parse the payload of the token without verifying.
+ * @param token
+ */
+function parse(token) {
+    const decoded = jwt.decode(token, { json: true, complete: true });
+    return decoded;
+}
+/**
+ * A checker for token validity.
+ * @param token
+ * @param audience
+ * @param quiet If set, do not trigger errors.
+ */
+async function check(token, audience, quiet = false) {
+    if (!token) {
+        return false;
+    }
+    const secret = audience === 'refresh' ? await vault.get('SECRET') : vault.getPrivateSecret();
+    if (!secret) {
+        return false;
+    }
+    const payload = tokens.verify(token, secret, audience, quiet);
+    return !!payload;
+}
+export const tokens = {
+    check,
+    get,
+    parse,
+    sign,
+    sign2,
+    verify
+};
+//# sourceMappingURL=tokens.js.map

package/dist/tasenor-common-node/src/net/tokens.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tokens.js","sourceRoot":"","sources":["../../../../src/net/tokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAkG,yBAAyB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAC5M,OAAO,GAAY,MAAM,cAAc,CAAA;AACvC,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAA;AAClC,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAA;AAE/B;;;GAGG;AACH,SAAS,GAAG,CAAC,OAAO;IAClB,IAAI,KAAK,CAAA;IACT,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE;QACxC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAA;KAC5B;SAAM,IAAI,OAAO,CAAC,OAAO,CAAC,aAAa,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;QAC1F,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;KAChD;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,IAAI,CAAC,OAAqB,EAAE,QAAuB,EAAE,OAAO,GAAG,CAAC;IAC7E,MAAM,MAAM,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAW,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAA;IACtG,IAAI,CAAC,MAAM,EAAE;QACX,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAA;KACrD;IACD,IAAI,CAAC,OAAO,EAAE;QACZ,OAAO,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,iBAAiB,CAAA;KACjF;IACD,MAAM,OAAO,GAAG;QACd,QAAQ;QACR,SAAS,EAAE,OAAO;QAClB,MAAM,EAAE,YAAY;KACrB,CAAA;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,CAAU,CAAA;IAC3E,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,KAAK,CAAC,OAAqB,EAAE,QAAuB,EAAE,OAAO,GAAG,CAAC;IAC9E,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;IACpD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,GAAG,CAAC,CAAC,CAAA;IACtI,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAA;AAC3B,CAAC;AAED;;;;;;GAMG;AACH,SAAS,MAAM,CAAC,KAAY,EAAE,MAAc,EAAE,QAAyC,EAAE,KAAK,GAAG,KAAK;IACpG,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAA;IAC1E,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAA;IAE9E,SAAS,IAAI,CAAC,GAAW;QACvB,IAAI,CAAC,KAAK;YAAE,KAAK,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC;IAED,IAAI;QACF,MAAM,OAAO,GAAmB,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,YAAY,CAAC,EAAE,CAAmB,CAAA;QACjH,IAAI,CAAC,OAAO,EAAE;YACZ,IAAI,CAAC,0BAA0B,CAAC,CAAA;SACjC;aAAM,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;YACxB,IAAI,CAAC,0CAA0C,KAAK,GAAG,CAAC,CAAA;SACzD;aAAM;YACL,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE;gBAChB,IAAI,CAAC,iBAAiB,OAAO,2BAA2B,CAAC,CAAA;gBACzD,OAAO,IAAI,CAAA;aACZ;YACD,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE;gBACzB,MAAM,IAAI,GAAG,OAAO,CAAC,IAA2B,CAAA;gBAChD,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;oBAC9B,IAAI,CAAC,kEAAkE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBAClG,OAAO,IAAI,CAAA;iBACZ;qBAAM;oBACL,OAAO,IAAI,CAAA;iBACZ;aACF;iBAAM;gBACL,MAAM,IAAI,GAAG,OAAO,CAAC,IAA0B,CAAA;gBAC/C,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;oBAC9B,IAAI,CAAC,0DAA0D,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;oBAC1F,OAAO,IAAI,CAAA;iBACZ;qBAAM;oBACL,OAAO,IAAI,CAAA;iBACZ;aACF;SACF;KACF;IAAC,OAAO,GAAG,EAAE;QACZ,IAAI,CAAC,6BAA6B,GAAG,QAAQ,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;KAC7E;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;GAGG;AACH,SAAS,KAAK,CAAC,KAAY;IACzB,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAA;IACjE,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,KAAK,CAAC,KAAY,EAAE,QAAuB,EAAE,KAAK,GAAG,KAAK;IACvE,IAAI,CAAC,KAAK,EAAE;QACV,OAAO,KAAK,CAAA;KACb;IACD,MAAM,MAAM,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAW,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAA;IACtG,IAAI,CAAC,MAAM,EAAE;QACX,OAAO,KAAK,CAAA;KACb;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,KAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAA;IACtE,OAAO,CAAC,CAAC,OAAO,CAAA;AAClB,CAAC;AAED,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,KAAK;IACL,GAAG;IACH,KAAK;IACL,IAAI;IACJ,KAAK;IACL,MAAM;CACP,CAAA"}

package/dist/tasenor-common-node/src/net/vault.d.ts ADDED Viewed

@@ -0,0 +1,67 @@
+import { Secret } from '@dataplug/tasenor-common';
+export declare const ALLOWED_VAULT_VARIABLES: string[];
+export type VaultVariable = typeof ALLOWED_VAULT_VARIABLES[number];
+export type VaultValue = string;
+/**
+ * Base class for a secret vault implementations.
+ */
+export declare class Vault {
+    url: string;
+    values: {
+        [key: string]: VaultValue;
+    };
+    initialized: boolean;
+    secret: Secret | null;
+    constructor(url: string);
+    /**
+     * Retrieve all secret values.
+     */
+    initialize(): Promise<void>;
+    /**
+     * Get a secret value.
+     * @param variable
+     * @returns
+     */
+    get(variable: VaultVariable, def?: undefined | VaultValue): VaultValue;
+    /**
+     * Get the internally generated secret and generate new if none yet generated.
+     */
+    getPrivateSecret(): Secret;
+    /**
+     * Set the internal secret (use only in developement).
+     */
+    setPrivateSecret(secret: Secret): void;
+}
+/**
+ * A secret vault using environment variables only.
+ */
+export declare class EnvironmentVault extends Vault {
+    initialize(): Promise<void>;
+}
+export declare function getVault(): Vault;
+/**
+ * Retrieve a value from the vault.
+ * @param variable
+ * @returns
+ */
+declare function get(variable: VaultVariable, def?: undefined | VaultValue): VaultValue;
+/**
+ * Get the internally generated secret and generate new if none yet generated.
+ */
+declare function getPrivateSecret(): Secret;
+/**
+ * Set the internal secret.
+ */
+declare function setPrivateSecret(secret: Secret): void;
+/**
+ * Set up the vault.
+ */
+declare function initialize(): Promise<void>;
+export declare const vault: {
+    get: typeof get;
+    getPrivateSecret: typeof getPrivateSecret;
+    getVault: typeof getVault;
+    initialize: typeof initialize;
+    setPrivateSecret: typeof setPrivateSecret;
+};
+export {};

package/dist/tasenor-common-node/src/net/vault.js ADDED Viewed

@@ -0,0 +1,145 @@
+import { randomString } from './crypto';
+export const ALLOWED_VAULT_VARIABLES = [
+    'TASENOR_API_URL',
+    'API_SITE_TOKEN',
+    'DATABASE_ROOT_PASSWORD',
+    'DATABASE_ROOT_USER',
+    'DATABASE_URL',
+    'SECRET',
+    'TASENOR_SITE_TOKEN'
+];
+const validVariables = new Set(ALLOWED_VAULT_VARIABLES);
+/**
+ * Base class for a secret vault implementations.
+ */
+export class Vault {
+    url;
+    values;
+    initialized;
+    secret;
+    constructor(url) {
+        this.url = url;
+        this.values = {};
+        this.initialized = false;
+        this.secret = null;
+    }
+    /**
+     * Retrieve all secret values.
+     */
+    async initialize() {
+        throw new Error(`A class ${this.constructor.name} does not implement initialize().`);
+    }
+    /**
+     * Get a secret value.
+     * @param variable
+     * @returns
+     */
+    get(variable, def = undefined) {
+        if (!validVariables.has(variable))
+            throw new Error(`A variable ${variable} is not valid vault value.`);
+        if (!(variable in this.values)) {
+            if (def !== undefined) {
+                return def;
+            }
+            throw new Error(`Cannot find variable ${variable} from the vault.`);
+        }
+        return this.values[variable];
+    }
+    /**
+     * Get the internally generated secret and generate new if none yet generated.
+     */
+    getPrivateSecret() {
+        if (this.secret === null) {
+            this.secret = randomString(512);
+        }
+        return this.secret;
+    }
+    /**
+     * Set the internal secret (use only in developement).
+     */
+    setPrivateSecret(secret) {
+        this.secret = secret;
+    }
+}
+/**
+ * A secret vault using environment variables only.
+ */
+export class EnvironmentVault extends Vault {
+    async initialize() {
+        for (const variable of ALLOWED_VAULT_VARIABLES) {
+            const value = process.env[variable];
+            if (value !== undefined) {
+                this.values[variable] = value;
+            }
+        }
+    }
+}
+/**
+ * Instantiate and return the current vault based on the environment VAULT_URL.
+ */
+let currentVault;
+export function getVault() {
+    if (currentVault && currentVault.url === process.env.VAULT_URL)
+        return currentVault;
+    if (!process.env.VAULT_URL) {
+        throw new Error('No VAULT_URL set and cannot instantiate the vault.');
+    }
+    const url = new URL(process.env.VAULT_URL);
+    switch (url.protocol) {
+        case 'env:':
+            currentVault = new EnvironmentVault(process.env.VAULT_URL);
+            break;
+        default:
+            throw new Error(`Cannot recognize protocol ${url.protocol} of vault URL ${process.env.VAULT_URL}`);
+    }
+    return currentVault;
+}
+/**
+ * Retrieve a value from the vault.
+ * @param variable
+ * @returns
+ */
+function get(variable, def = undefined) {
+    const vault = getVault();
+    if (!vault.initialized) {
+        throw new Error('Cannot use the vault before it is initialized.');
+    }
+    const value = vault.get(variable, def);
+    if (value === undefined) {
+        throw new Error(`Cannot find value ${variable} from the vault.`);
+    }
+    return value;
+}
+/**
+ * Get the internally generated secret and generate new if none yet generated.
+ */
+function getPrivateSecret() {
+    const vault = getVault();
+    if (!vault.initialized) {
+        throw new Error('Cannot use the vault before it is initialized.');
+    }
+    return vault.getPrivateSecret();
+}
+/**
+ * Set the internal secret.
+ */
+function setPrivateSecret(secret) {
+    const vault = getVault();
+    vault.setPrivateSecret(secret);
+}
+/**
+ * Set up the vault.
+ */
+async function initialize() {
+    const vault = getVault();
+    vault.initialized = true;
+    await vault.initialize();
+}
+export const vault = {
+    get,
+    getPrivateSecret,
+    getVault,
+    initialize,
+    setPrivateSecret
+};
+//# sourceMappingURL=vault.js.map

package/dist/tasenor-common-node/src/net/vault.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vault.js","sourceRoot":"","sources":["../../../../src/net/vault.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAEvC,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,iBAAiB;IACjB,gBAAgB;IAChB,wBAAwB;IACxB,oBAAoB;IACpB,cAAc;IACd,QAAQ;IACR,oBAAoB;CACrB,CAAA;AACD,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,uBAAuB,CAAC,CAAA;AAKvD;;GAEG;AACH,MAAM,OAAO,KAAK;IAChB,GAAG,CAAQ;IACX,MAAM,CAA+B;IACrC,WAAW,CAAS;IACpB,MAAM,CAAe;IAErB,YAAY,GAAW;QACrB,IAAI,CAAC,GAAG,GAAG,GAAG,CAAA;QACd,IAAI,CAAC,MAAM,GAAG,EAAE,CAAA;QAChB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAA;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAA;IACpB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,MAAM,IAAI,KAAK,CAAC,WAAW,IAAI,CAAC,WAAW,CAAC,IAAI,mCAAmC,CAAC,CAAA;IACtF,CAAC;IAED;;;;OAIG;IACH,GAAG,CAAC,QAAuB,EAAE,MAA8B,SAAS;QAClE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,cAAc,QAAQ,4BAA4B,CAAC,CAAA;QACtG,IAAI,CAAC,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,EAAE;YAC9B,IAAI,GAAG,KAAK,SAAS,EAAE;gBACrB,OAAO,GAAG,CAAA;aACX;YACD,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,kBAAkB,CAAC,CAAA;SACpE;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAC9B,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,EAAE;YACxB,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,GAAG,CAAW,CAAA;SAC1C;QACD,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,MAAc;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IAEzC,KAAK,CAAC,UAAU;QACd,KAAK,MAAM,QAAQ,IAAI,uBAAuB,EAAE;YAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;YACnC,IAAI,KAAK,KAAK,SAAS,EAAE;gBACvB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAA;aAC9B;SACF;IACH,CAAC;CACF;AAED;;GAEG;AACH,IAAI,YAA+B,CAAA;AACnC,MAAM,UAAU,QAAQ;IACtB,IAAI,YAAY,IAAI,YAAY,CAAC,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,SAAS;QAAE,OAAO,YAAY,CAAA;IACnF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE;QAC1B,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAA;KACtE;IACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;IAC1C,QAAQ,GAAG,CAAC,QAAQ,EAAE;QACpB,KAAK,MAAM;YACT,YAAY,GAAG,IAAI,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;YAC1D,MAAK;QACP;YACE,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,CAAC,QAAQ,iBAAiB,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAA;KACrG;IACD,OAAO,YAAY,CAAA;AACrB,CAAC;AAED;;;;GAIG;AACH,SAAS,GAAG,CAAC,QAAuB,EAAE,MAA8B,SAAS;IAC3E,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAA;IACxB,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;KAClE;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;IACtC,IAAI,KAAK,KAAK,SAAS,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,qBAAqB,QAAQ,kBAAkB,CAAC,CAAA;KACjE;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB;IACvB,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAA;IACxB,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;KAClE;IACD,OAAO,KAAK,CAAC,gBAAgB,EAAE,CAAA;AACjC,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,MAAc;IACtC,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAA;IACxB,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAA;AAChC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU;IACvB,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAA;IACxB,KAAK,CAAC,WAAW,GAAG,IAAI,CAAA;IACxB,MAAM,KAAK,CAAC,UAAU,EAAE,CAAA;AAC1B,CAAC;AAED,MAAM,CAAC,MAAM,KAAK,GAAG;IACnB,GAAG;IACH,gBAAgB;IAChB,QAAQ;IACR,UAAU;IACV,gBAAgB;CACjB,CAAA"}