@twin.org/node-core 0.0.3-next.2 → 0.0.3-next.21

package/dist/es/bootstrap.js

@@ -1,374 +0,0 @@
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-import { PasswordHelper } from "@twin.org/api-auth-entity-storage-service";
-import { TenantIdContextIdHandler, TenantIdHelper } from "@twin.org/api-tenant-processor";
-import { ContextIdHandlerFactory, ContextIdKeys, ContextIdStore } from "@twin.org/context";
-import { Coerce, ComponentFactory, Converter, I18n, Is, RandomHelper } from "@twin.org/core";
-import { PasswordGenerator } from "@twin.org/crypto";
-import { AuthenticationComponentType } from "@twin.org/engine-server-types";
-import { EntityStorageConnectorFactory } from "@twin.org/entity-storage-models";
-import { DidContextIdHandler, DocumentHelper, IdentityConnectorFactory, IdentityProfileConnectorFactory, IdentityResolverConnectorFactory } from "@twin.org/identity-models";
-import { VaultConnectorFactory, VaultKeyType } from "@twin.org/vault-models";
-import { ATTESTATION_VERIFICATION_METHOD_ID, AUTH_SIGNING_KEY_ID, BLOB_STORAGE_ENCRYPTION_KEY_ID, IMMUTABLE_PROOF_VERIFICATION_METHOD_ID, SYNCHRONISED_STORAGE_BLOB_STORAGE_ENCRYPTION_KEY_ID, VC_AUTHENTICATION_VERIFICATION_METHOD_ID } from "./defaults.js";
-import { createIdentity } from "./identity.js";
-import { NodeFeatures } from "./models/nodeFeatures.js";
-import { getFeatures } from "./utils.js";
-const DEFAULT_NODE_ADMIN_USERNAME = "admin@node";
-/**
- * Bootstrap the application.
- * @param engineCore The engine core for the node.
- * @param context The context for the node.
- * @param envVars The environment variables for the node.
- */
-export async function bootstrap(engineCore, context, envVars) {
-    const features = getFeatures(envVars);
-    await bootstrapContextIdHandlers(engineCore, context, envVars, features);
-    await bootstrapNodeId(engineCore, context, envVars, features);
-    await ContextIdStore.run(engineCore.getContextIds() ?? {}, async () => {
-        await bootstrapTenantId(engineCore, context, envVars, features);
-        await bootstrapNodeAdminUser(engineCore, context, envVars, features);
-        await bootstrapAuth(engineCore, context, envVars, features);
-        await bootstrapBlobEncryption(engineCore, context, envVars, features);
-        const defaultAttestationConnectorType = engineCore.getRegisteredInstanceTypeOptional("attestationConnector");
-        if (!Is.empty(defaultAttestationConnectorType) &&
-            Is.stringValue(context.state.nodeOrganizationId)) {
-            await addVerificationMethod(engineCore, context, context.state.nodeOrganizationId, "attestation", envVars.attestationVerificationMethodId ?? ATTESTATION_VERIFICATION_METHOD_ID);
-        }
-        const defaultImmutableProofComponentType = engineCore.getRegisteredInstanceTypeOptional("immutableProofComponent");
-        if (!Is.empty(defaultImmutableProofComponentType) &&
-            Is.stringValue(context.state.nodeOrganizationId)) {
-            await addVerificationMethod(engineCore, context, context.state.nodeOrganizationId, "immutable proof", envVars.immutableProofVerificationMethodId ?? IMMUTABLE_PROOF_VERIFICATION_METHOD_ID);
-        }
-        if ((Coerce.boolean(envVars.vcAuthenticationEnabled) ?? false) &&
-            Is.stringValue(context.state.nodeId)) {
-            await addVerificationMethod(engineCore, context, context.state.nodeId, "verifiable credential authentication", envVars.vcAuthenticationVerificationMethodId ?? VC_AUTHENTICATION_VERIFICATION_METHOD_ID);
-        }
-        await bootstrapSynchronisedStorage(engineCore, context, envVars, features);
-    });
-}
-/**
- * Bootstrap the context id handlers creating any necessary resources.
- * @param engineCore The engine core for the node.
- * @param context The context for the node.
- * @param envVars The environment variables for the node.
- * @param features The features that are enabled on the node. The features that are enabled on the node.
- */
-export async function bootstrapContextIdHandlers(engineCore, context, envVars, features) {
-    ContextIdHandlerFactory.register(ContextIdKeys.Node, () => new DidContextIdHandler());
-    ContextIdHandlerFactory.register(ContextIdKeys.Tenant, () => new TenantIdContextIdHandler());
-    ContextIdHandlerFactory.register(ContextIdKeys.Organization, () => new DidContextIdHandler());
-    ContextIdHandlerFactory.register(ContextIdKeys.User, () => new DidContextIdHandler());
-}
-/**
- * Bootstrap the node creating any necessary resources.
- * @param engineCore The engine core for the node.
- * @param context The context for the node.
- * @param envVars The environment variables for the node.
- * @param features The features that are enabled on the node. The features that are enabled on the node.
- */
-export async function bootstrapNodeId(engineCore, context, envVars, features) {
-    if (features.includes(NodeFeatures.NodeId)) {
-        const existingNodeId = envVars.nodeIdentity ?? context.state.nodeId;
-        context.state.nodeId = await createIdentity(engineCore, envVars, existingNodeId, envVars.nodeMnemonic, existingNodeId, "node", features.includes(NodeFeatures.NodeWallet));
-        context.stateDirty = true;
-        engineCore.logInfo(I18n.formatMessage("node.nodeId", {
-            identity: context.state.nodeId
-        }));
-        engineCore.addContextId(ContextIdKeys.Node, context.state.nodeId);
-    }
-}
-/**
- * Bootstrap the node creating any necessary resources.
- * @param engineCore The engine core for the node.
- * @param context The context for the node.
- * @param envVars The environment variables for the node.
- * @param features The features that are enabled on the node. The features that are enabled on the node.
- */
-export async function bootstrapTenantId(engineCore, context, envVars, features) {
-    // If tenants are enabled we need to add a context id for the node
-    // so that services such a logging have a default tenant context id
-    // this will get overwritten by any incoming API requests with the tenant context id
-    if (Coerce.boolean(envVars.tenantEnabled) ?? false) {
-        let tenantId = envVars.tenantId ?? context.state.nodeTenantId;
-        if (!Is.stringValue(tenantId)) {
-            const tenantAdminServiceComponentType = engineCore.getRegisteredInstanceType("tenantAdminComponent");
-            const tenantAdminService = ComponentFactory.get(tenantAdminServiceComponentType);
-            tenantId = TenantIdHelper.generateTenantId();
-            const apiKey = envVars.tenantApiKey ?? TenantIdHelper.generateApiKey();
-            await tenantAdminService.set({
-                id: tenantId,
-                apiKey,
-                dateCreated: new Date(Date.now()).toISOString(),
-                label: "node-tenant"
-            });
-            engineCore.logInfo(I18n.formatMessage("node.createdTenantId", {
-                identity: tenantId,
-                apiKey
-            }));
-        }
-        else {
-            engineCore.logInfo(I18n.formatMessage("node.existingTenantId", {
-                identity: context.state.nodeTenantId
-            }));
-        }
-        context.state.nodeTenantId = tenantId;
-        context.stateDirty = true;
-        engineCore.addContextId(ContextIdKeys.Tenant, context.state.nodeTenantId);
-    }
-}
-/**
- * Bootstrap the user.
- * @param engineCore The engine core for the node.
- * @param context The context for the node.
- * @param envVars The environment variables for the node.
- * @param features The features that are enabled on the node.
- */
-export async function bootstrapNodeAdminUser(engineCore, context, envVars, features) {
-    if (features.includes(NodeFeatures.NodeAdminUser)) {
-        context.state.nodeOrganizationId =
-            envVars.organizationIdentity ?? context.state.nodeOrganizationId;
-        context.state.nodeAdminUserId = envVars.adminUserIdentity ?? context.state.nodeAdminUserId;
-        const defaultAuthenticationComponentType = engineCore.getRegisteredInstanceType("authenticationComponent");
-        if (defaultAuthenticationComponentType.startsWith(AuthenticationComponentType.EntityStorage) &&
-            Is.stringValue(context.state.nodeId)) {
-            const authUserEntityStorage = EntityStorageConnectorFactory.get("authentication-user");
-            // If we don't have an organization identity, create one
-            if (!Is.stringValue(context.state.nodeOrganizationId)) {
-                context.state.nodeOrganizationId = await createIdentity(engineCore, envVars, context.state.nodeOrganizationId, envVars.organizationMnemonic, context.state.nodeId, "organization", features.includes(NodeFeatures.NodeWallet));
-                context.stateDirty = true;
-            }
-            if (!Is.stringValue(context.state.nodeAdminUserId)) {
-                context.state.nodeAdminUserId = await createIdentity(engineCore, envVars, context.state.nodeAdminUserId, envVars.adminUserMnemonic, context.state.nodeOrganizationId, "user", false);
-                context.stateDirty = true;
-            }
-            const adminEmail = envVars.adminUserName ?? DEFAULT_NODE_ADMIN_USERNAME;
-            let nodeAdminUser = await authUserEntityStorage.get(adminEmail);
-            // If the node admin user doesn't exist, create it
-            if (Is.empty(nodeAdminUser)) {
-                engineCore.logInfo(I18n.formatMessage("node.creatingUser", { email: adminEmail }));
-                const generatedPassword = envVars.adminUserPassword ?? PasswordGenerator.generate(16);
-                const passwordBytes = Converter.utf8ToBytes(generatedPassword);
-                const saltBytes = RandomHelper.generate(16);
-                const hashedPassword = await PasswordHelper.hashPassword(passwordBytes, saltBytes);
-                nodeAdminUser = {
-                    email: adminEmail,
-                    password: hashedPassword,
-                    salt: Converter.bytesToBase64(saltBytes),
-                    identity: context.state.nodeAdminUserId,
-                    organization: context.state.nodeOrganizationId
-                };
-                engineCore.logInfo(I18n.formatMessage("node.nodeAdminUserEmail", { email: adminEmail }));
-                engineCore.logInfo(I18n.formatMessage("node.nodeAdminUserPassword", { password: generatedPassword }));
-                await authUserEntityStorage.set(nodeAdminUser);
-            }
-            else {
-                engineCore.logInfo(I18n.formatMessage("node.existingUser", { email: adminEmail }));
-                // The user already exists, so double check the other details match
-                let needsUpdate = false;
-                if (nodeAdminUser.identity !== context.state.nodeAdminUserId) {
-                    nodeAdminUser.identity = context.state.nodeAdminUserId;
-                    needsUpdate = true;
-                }
-                if (Is.stringValue(envVars.adminUserPassword)) {
-                    const passwordBytes = Converter.utf8ToBytes(envVars.adminUserPassword);
-                    const saltBytes = Converter.base64ToBytes(nodeAdminUser.salt);
-                    const hashedPassword = await PasswordHelper.hashPassword(passwordBytes, saltBytes);
-                    if (nodeAdminUser.password !== hashedPassword) {
-                        nodeAdminUser.password = hashedPassword;
-                        needsUpdate = true;
-                    }
-                }
-                if (needsUpdate) {
-                    await authUserEntityStorage.set(nodeAdminUser);
-                }
-            }
-            // We have create a node user, now we need to create a profile for the user
-            const defaultIdentityProfileConnectorType = engineCore.getRegisteredInstanceType("identityProfileConnector");
-            const identityProfileConnector = IdentityProfileConnectorFactory.get(defaultIdentityProfileConnectorType);
-            if (identityProfileConnector) {
-                // Add the organization context id when creating the profile
-                // so that it is partitioned under the organization
-                const contextIds = (await ContextIdStore.getContextIds()) ?? {};
-                contextIds[ContextIdKeys.Organization] = context.state.nodeOrganizationId;
-                await ContextIdStore.run(contextIds, async () => {
-                    let userProfile;
-                    if (Is.stringValue(nodeAdminUser.identity)) {
-                        try {
-                            userProfile = await identityProfileConnector.get(nodeAdminUser.identity);
-                        }
-                        catch { }
-                    }
-                    if (Is.empty(userProfile)) {
-                        engineCore.logInfo(I18n.formatMessage("node.creatingUserProfile", {
-                            identity: nodeAdminUser.identity
-                        }));
-                        const publicProfile = {
-                            "@context": "https://schema.org",
-                            "@type": "Person",
-                            name: "Node Administrator"
-                        };
-                        const privateProfile = {
-                            "@context": "https://schema.org",
-                            "@type": "Person",
-                            givenName: "Node",
-                            familyName: "Administrator",
-                            email: adminEmail
-                        };
-                        await identityProfileConnector.create(nodeAdminUser.identity, publicProfile, privateProfile);
-                    }
-                    else {
-                        engineCore.logInfo(I18n.formatMessage("node.existingUserProfile", {
-                            identity: nodeAdminUser.identity
-                        }));
-                    }
-                });
-            }
-        }
-    }
-}
-/**
- * Bootstrap the immutable proof verification methods.
- * @param engineCore The engine core for the node.
- * @param context The context for the node.
- * @param envVars The environment variables for the node.
- * @param features The features that are enabled on the node.
- */
-export async function bootstrapImmutableProofMethod(engineCore, context, envVars, features) { }
-/**
- * Bootstrap the keys for blob encryption.
- * @param engineCore The engine core for the node.
- * @param context The context for the node.
- * @param envVars The environment variables for the node.
- * @param features The features that are enabled on the node.
- */
-export async function bootstrapBlobEncryption(engineCore, context, envVars, features) {
-    if ((Coerce.boolean(envVars.blobStorageEnableEncryption) ?? false) &&
-        Is.stringValue(context.state.nodeOrganizationId)) {
-        // Create a new key for encrypting blobs
-        const defaultVaultConnectorType = engineCore.getRegisteredInstanceType("vaultConnector");
-        const vaultConnector = VaultConnectorFactory.get(defaultVaultConnectorType);
-        const keyName = `${context.state.nodeOrganizationId}/${envVars.blobStorageEncryptionKeyId ?? BLOB_STORAGE_ENCRYPTION_KEY_ID}`;
-        let existingKey;
-        try {
-            existingKey = await vaultConnector.getKey(keyName);
-        }
-        catch { }
-        if (Is.empty(existingKey)) {
-            if (Is.stringBase64(envVars.blobStorageSymmetricEncryptionKey)) {
-                engineCore.logInfo(I18n.formatMessage("node.addingBlobEncryptionKey", { keyName }));
-                await vaultConnector.addKey(keyName, VaultKeyType.ChaCha20Poly1305, Converter.base64ToBytes(envVars.blobStorageSymmetricEncryptionKey));
-            }
-            else {
-                engineCore.logInfo(I18n.formatMessage("node.creatingBlobEncryptionKey", { keyName }));
-                const key = await vaultConnector.createKey(keyName, VaultKeyType.ChaCha20Poly1305);
-                engineCore.logInfo(I18n.formatMessage("node.createdBlobEncryptionKey", {
-                    keyName,
-                    keyValue: Converter.bytesToBase64(key)
-                }));
-            }
-        }
-        else {
-            engineCore.logInfo(I18n.formatMessage("node.existingBlobEncryptionKey", { keyName }));
-        }
-    }
-}
-/**
- * Bootstrap the JWT signing key.
- * @param engineCore The engine core for the node.
- * @param context The context for the node.
- * @param envVars The environment variables for the node.
- * @param features The features that are enabled on the node.
- */
-export async function bootstrapAuth(engineCore, context, envVars, features) {
-    const defaultAuthenticationComponentType = engineCore.getRegisteredInstanceTypeOptional("authenticationComponent");
-    if (Is.stringValue(defaultAuthenticationComponentType) &&
-        defaultAuthenticationComponentType.startsWith(AuthenticationComponentType.EntityStorage) &&
-        Is.stringValue(context.state.nodeId)) {
-        // Create a new JWT signing key and a user login for the node
-        const defaultVaultConnectorType = engineCore.getRegisteredInstanceType("vaultConnector");
-        const vaultConnector = VaultConnectorFactory.get(defaultVaultConnectorType);
-        const keyName = `${context.state.nodeId}/${envVars.authSigningKeyId ?? AUTH_SIGNING_KEY_ID}`;
-        let existingKey;
-        try {
-            existingKey = await vaultConnector.getKey(keyName);
-        }
-        catch { }
-        if (Is.empty(existingKey)) {
-            engineCore.logInfo(I18n.formatMessage("node.creatingAuthKey", { keyName }));
-            await vaultConnector.createKey(keyName, VaultKeyType.Ed25519);
-        }
-        else {
-            engineCore.logInfo(I18n.formatMessage("node.existingAuthKey", { keyName }));
-        }
-    }
-}
-/**
- * Bootstrap the synchronised storage blob encryption and verification methods.
- * @param engineCore The engine core for the node.
- * @param context The context for the node.
- * @param envVars The environment variables for the node.
- * @param features The features that are enabled on the node.
- */
-export async function bootstrapSynchronisedStorage(engineCore, context, envVars, features) {
-    if (Coerce.boolean(envVars.synchronisedStorageEnabled) ?? false) {
-        // If this is a trusted node we need to add the blob encryption key pair
-        if (Is.stringBase64(envVars.synchronisedStorageBlobStorageKey)) {
-            const defaultVaultConnectorType = engineCore.getRegisteredInstanceType("vaultConnector");
-            const vaultConnector = VaultConnectorFactory.get(defaultVaultConnectorType);
-            const keyName = envVars.synchronisedStorageBlobStorageEncryptionKeyId ??
-                SYNCHRONISED_STORAGE_BLOB_STORAGE_ENCRYPTION_KEY_ID;
-            let existingKey;
-            try {
-                existingKey = await vaultConnector.getKey(keyName);
-            }
-            catch { }
-            if (Is.empty(existingKey)) {
-                engineCore.logInfo(I18n.formatMessage("node.addingSynchronisedStorageBlobEncryptionKey", { keyName }));
-                await vaultConnector.addKey(keyName, VaultKeyType.ChaCha20Poly1305, Converter.base64ToBytes(envVars.synchronisedStorageBlobStorageKey));
-            }
-            else {
-                engineCore.logInfo(I18n.formatMessage("node.existingSynchronisedStorageBlobEncryptionKey", { keyName }));
-            }
-        }
-    }
-}
-/**
- * Add a verification method if it doesn't exist.
- * @param engineCore The engine core for the node.
- * @param context The context for the node.
- * @param identity The identity to add the verification method to.
- * @param verificationMethodTitle The verification method title.
- * @param verificationMethodId The verification method ID.
- */
-async function addVerificationMethod(engineCore, context, identity, verificationMethodTitle, verificationMethodId) {
-    if (Is.stringValue(identity) &&
-        Is.arrayValue(context.config.types.identityConnector) &&
-        Is.stringValue(verificationMethodId)) {
-        const defaultIdentityConnectorType = engineCore.getRegisteredInstanceType("identityConnector");
-        const identityConnector = IdentityConnectorFactory.get(defaultIdentityConnectorType);
-        const defaultIdentityResolverConnectorType = engineCore.getRegisteredInstanceType("identityResolverConnector");
-        const identityResolverConnector = IdentityResolverConnectorFactory.get(defaultIdentityResolverConnectorType);
-        const identityDocument = await identityResolverConnector.resolveDocument(identity);
-        const fullMethodId = `${identityDocument.id}#${verificationMethodId}`;
-        let exists = false;
-        try {
-            DocumentHelper.getVerificationMethod(identityDocument, fullMethodId, "assertionMethod");
-            exists = true;
-        }
-        catch { }
-        if (!exists) {
-            engineCore.logInfo(I18n.formatMessage("node.addingVerificationMethod", {
-                title: verificationMethodTitle,
-                methodId: fullMethodId
-            }));
-            await identityConnector.addVerificationMethod(identity, identity, "assertionMethod", verificationMethodId);
-        }
-        else {
-            engineCore.logInfo(I18n.formatMessage("node.existingVerificationMethod", {
-                title: verificationMethodTitle,
-                methodId: fullMethodId
-            }));
-        }
-    }
-}
-//# sourceMappingURL=bootstrap.js.map

package/dist/es/bootstrap.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"bootstrap.js","sourceRoot":"","sources":["../../src/bootstrap.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,cAAc,EAA2B,MAAM,2CAA2C,CAAC;AACpG,OAAO,EACN,wBAAwB,EACxB,cAAc,EAEd,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,uBAAuB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3F,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC7F,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAErD,OAAO,EACN,2BAA2B,EAE3B,MAAM,+BAA+B,CAAC;AACvC,OAAO,EACN,6BAA6B,EAE7B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACN,mBAAmB,EACnB,cAAc,EACd,wBAAwB,EACxB,+BAA+B,EAC/B,gCAAgC,EAChC,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,qBAAqB,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAE7E,OAAO,EACN,kCAAkC,EAClC,mBAAmB,EACnB,8BAA8B,EAC9B,sCAAsC,EACtC,mDAAmD,EACnD,wCAAwC,EACxC,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAG/C,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,2BAA2B,GAAG,YAAY,CAAC;AAEjD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC9B,UAAuB,EACvB,OAAkE,EAClE,OAAkC;IAElC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAEtC,MAAM,0BAA0B,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAEzE,MAAM,eAAe,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAE9D,MAAM,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,aAAa,EAAE,IAAI,EAAE,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,iBAAiB,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEhE,MAAM,sBAAsB,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QACrE,MAAM,aAAa,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC5D,MAAM,uBAAuB,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEtE,MAAM,+BAA+B,GACpC,UAAU,CAAC,iCAAiC,CAAC,sBAAsB,CAAC,CAAC;QACtE,IACC,CAAC,EAAE,CAAC,KAAK,CAAC,+BAA+B,CAAC;YAC1C,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAC/C,CAAC;YACF,MAAM,qBAAqB,CAC1B,UAAU,EACV,OAAO,EACP,OAAO,CAAC,KAAK,CAAC,kBAAkB,EAChC,aAAa,EACb,OAAO,CAAC,+BAA+B,IAAI,kCAAkC,CAC7E,CAAC;QACH,CAAC;QAED,MAAM,kCAAkC,GACvC,UAAU,CAAC,iCAAiC,CAAC,yBAAyB,CAAC,CAAC;QAEzE,IACC,CAAC,EAAE,CAAC,KAAK,CAAC,kCAAkC,CAAC;YAC7C,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAC/C,CAAC;YACF,MAAM,qBAAqB,CAC1B,UAAU,EACV,OAAO,EACP,OAAO,CAAC,KAAK,CAAC,kBAAkB,EAChC,iBAAiB,EACjB,OAAO,CAAC,kCAAkC,IAAI,sCAAsC,CACpF,CAAC;QACH,CAAC;QAED,IACC,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,uBAAuB,CAAC,IAAI,KAAK,CAAC;YAC1D,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,EACnC,CAAC;YACF,MAAM,qBAAqB,CAC1B,UAAU,EACV,OAAO,EACP,OAAO,CAAC,KAAK,CAAC,MAAM,EACpB,sCAAsC,EACtC,OAAO,CAAC,oCAAoC,IAAI,wCAAwC,CACxF,CAAC;QACH,CAAC;QAED,MAAM,4BAA4B,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC/C,UAAuB,EACvB,OAAkE,EAClE,OAAkC,EAClC,QAAwB;IAExB,uBAAuB,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IACtF,uBAAuB,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,IAAI,wBAAwB,EAAE,CAAC,CAAC;IAC7F,uBAAuB,CAAC,QAAQ,CAAC,aAAa,CAAC,YAAY,EAAE,GAAG,EAAE,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;IAC9F,uBAAuB,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;AACvF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACpC,UAAuB,EACvB,OAAkE,EAClE,OAAkC,EAClC,QAAwB;IAExB,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;QAC5C,MAAM,cAAc,GAAG,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC;QAEpE,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,MAAM,cAAc,CAC1C,UAAU,EACV,OAAO,EACP,cAAc,EACd,OAAO,CAAC,YAAY,EACpB,cAAc,EACd,MAAM,EACN,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,UAAU,CAAC,CAC1C,CAAC;QACF,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;QAE1B,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE;YACjC,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM;SAC9B,CAAC,CACF,CAAC;QAEF,UAAU,CAAC,YAAY,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACnE,CAAC;AACF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACtC,UAAuB,EACvB,OAAkE,EAClE,OAAkC,EAClC,QAAwB;IAExB,kEAAkE;IAClE,mEAAmE;IACnE,oFAAoF;IACpF,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,KAAK,EAAE,CAAC;QACpD,IAAI,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC;QAE9D,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,MAAM,+BAA+B,GACpC,UAAU,CAAC,yBAAyB,CAAC,sBAAsB,CAAC,CAAC;YAE9D,MAAM,kBAAkB,GAAG,gBAAgB,CAAC,GAAG,CAC9C,+BAA+B,CAC/B,CAAC;YAEF,QAAQ,GAAG,cAAc,CAAC,gBAAgB,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,IAAI,cAAc,CAAC,cAAc,EAAE,CAAC;YAEvE,MAAM,kBAAkB,CAAC,GAAG,CAAC;gBAC5B,EAAE,EAAE,QAAQ;gBACZ,MAAM;gBACN,WAAW,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,WAAW,EAAE;gBAC/C,KAAK,EAAE,aAAa;aACpB,CAAC,CAAC;YAEH,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,sBAAsB,EAAE;gBAC1C,QAAQ,EAAE,QAAQ;gBAClB,MAAM;aACN,CAAC,CACF,CAAC;QACH,CAAC;aAAM,CAAC;YACP,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,uBAAuB,EAAE;gBAC3C,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,YAAY;aACpC,CAAC,CACF,CAAC;QACH,CAAC;QAED,OAAO,CAAC,KAAK,CAAC,YAAY,GAAG,QAAQ,CAAC;QACtC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;QAE1B,UAAU,CAAC,YAAY,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC3E,CAAC;AACF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC3C,UAAuB,EACvB,OAAkE,EAClE,OAAkC,EAClC,QAAwB;IAExB,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,KAAK,CAAC,kBAAkB;YAC/B,OAAO,CAAC,oBAAoB,IAAI,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC;QAClE,OAAO,CAAC,KAAK,CAAC,eAAe,GAAG,OAAO,CAAC,iBAAiB,IAAI,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC;QAE3F,MAAM,kCAAkC,GACvC,UAAU,CAAC,yBAAyB,CAAC,yBAAyB,CAAC,CAAC;QACjE,IACC,kCAAkC,CAAC,UAAU,CAAC,2BAA2B,CAAC,aAAa,CAAC;YACxF,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,EACnC,CAAC;YACF,MAAM,qBAAqB,GAC1B,6BAA6B,CAAC,GAAG,uBAEhC,CAAC;YAEH,wDAAwD;YACxD,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACvD,OAAO,CAAC,KAAK,CAAC,kBAAkB,GAAG,MAAM,cAAc,CACtD,UAAU,EACV,OAAO,EACP,OAAO,CAAC,KAAK,CAAC,kBAAkB,EAChC,OAAO,CAAC,oBAAoB,EAC5B,OAAO,CAAC,KAAK,CAAC,MAAM,EACpB,cAAc,EACd,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,UAAU,CAAC,CAC1C,CAAC;gBACF,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;YAC3B,CAAC;YAED,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;gBACpD,OAAO,CAAC,KAAK,CAAC,eAAe,GAAG,MAAM,cAAc,CACnD,UAAU,EACV,OAAO,EACP,OAAO,CAAC,KAAK,CAAC,eAAe,EAC7B,OAAO,CAAC,iBAAiB,EACzB,OAAO,CAAC,KAAK,CAAC,kBAAkB,EAChC,MAAM,EACN,KAAK,CACL,CAAC;gBACF,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;YAC3B,CAAC;YAED,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,IAAI,2BAA2B,CAAC;YAExE,IAAI,aAAa,GAAG,MAAM,qBAAqB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAEhE,kDAAkD;YAClD,IAAI,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC7B,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;gBAEnF,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBACtF,MAAM,aAAa,GAAG,SAAS,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;gBAC/D,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;gBAC5C,MAAM,cAAc,GAAG,MAAM,cAAc,CAAC,YAAY,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;gBAEnF,aAAa,GAAG;oBACf,KAAK,EAAE,UAAU;oBACjB,QAAQ,EAAE,cAAc;oBACxB,IAAI,EAAE,SAAS,CAAC,aAAa,CAAC,SAAS,CAAC;oBACxC,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,eAAe;oBACvC,YAAY,EAAE,OAAO,CAAC,KAAK,CAAC,kBAAkB;iBAC9C,CAAC;gBAEF,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;gBACzF,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,4BAA4B,EAAE,EAAE,QAAQ,EAAE,iBAAiB,EAAE,CAAC,CACjF,CAAC;gBAEF,MAAM,qBAAqB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACP,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;gBAEnF,mEAAmE;gBACnE,IAAI,WAAW,GAAG,KAAK,CAAC;gBAExB,IAAI,aAAa,CAAC,QAAQ,KAAK,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;oBAC9D,aAAa,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC;oBACvD,WAAW,GAAG,IAAI,CAAC;gBACpB,CAAC;gBAED,IAAI,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC/C,MAAM,aAAa,GAAG,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;oBACvE,MAAM,SAAS,GAAG,SAAS,CAAC,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;oBAC9D,MAAM,cAAc,GAAG,MAAM,cAAc,CAAC,YAAY,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;oBAEnF,IAAI,aAAa,CAAC,QAAQ,KAAK,cAAc,EAAE,CAAC;wBAC/C,aAAa,CAAC,QAAQ,GAAG,cAAc,CAAC;wBACxC,WAAW,GAAG,IAAI,CAAC;oBACpB,CAAC;gBACF,CAAC;gBAED,IAAI,WAAW,EAAE,CAAC;oBACjB,MAAM,qBAAqB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;gBAChD,CAAC;YACF,CAAC;YAED,2EAA2E;YAC3E,MAAM,mCAAmC,GAAG,UAAU,CAAC,yBAAyB,CAC/E,0BAA0B,CAC1B,CAAC;YACF,MAAM,wBAAwB,GAAG,+BAA+B,CAAC,GAAG,CACnE,mCAAmC,CACnC,CAAC;YAEF,IAAI,wBAAwB,EAAE,CAAC;gBAC9B,4DAA4D;gBAC5D,mDAAmD;gBACnD,MAAM,UAAU,GAAG,CAAC,MAAM,cAAc,CAAC,aAAa,EAAE,CAAC,IAAI,EAAE,CAAC;gBAChE,UAAU,CAAC,aAAa,CAAC,YAAY,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC;gBAC1E,MAAM,cAAc,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,IAAI,EAAE;oBAC/C,IAAI,WAAW,CAAC;oBAChB,IAAI,EAAE,CAAC,WAAW,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAC5C,IAAI,CAAC;4BACJ,WAAW,GAAG,MAAM,wBAAwB,CAAC,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;wBAC1E,CAAC;wBAAC,MAAM,CAAC,CAAA,CAAC;oBACX,CAAC;oBACD,IAAI,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;wBAC3B,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,0BAA0B,EAAE;4BAC9C,QAAQ,EAAE,aAAa,CAAC,QAAQ;yBAChC,CAAC,CACF,CAAC;wBAEF,MAAM,aAAa,GAAwB;4BAC1C,UAAU,EAAE,oBAAoB;4BAChC,OAAO,EAAE,QAAQ;4BACjB,IAAI,EAAE,oBAAoB;yBAC1B,CAAC;wBACF,MAAM,cAAc,GAAwB;4BAC3C,UAAU,EAAE,oBAAoB;4BAChC,OAAO,EAAE,QAAQ;4BACjB,SAAS,EAAE,MAAM;4BACjB,UAAU,EAAE,eAAe;4BAC3B,KAAK,EAAE,UAAU;yBACjB,CAAC;wBACF,MAAM,wBAAwB,CAAC,MAAM,CACpC,aAAa,CAAC,QAAQ,EACtB,aAAa,EACb,cAAc,CACd,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACP,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,0BAA0B,EAAE;4BAC9C,QAAQ,EAAE,aAAa,CAAC,QAAQ;yBAChC,CAAC,CACF,CAAC;oBACH,CAAC;gBACF,CAAC,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;IACF,CAAC;AACF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CAClD,UAAuB,EACvB,OAAkE,EAClE,OAAkC,EAClC,QAAwB,IACP,CAAC;AAEnB;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC5C,UAAuB,EACvB,OAAkE,EAClE,OAAkC,EAClC,QAAwB;IAExB,IACC,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,2BAA2B,CAAC,IAAI,KAAK,CAAC;QAC9D,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAC/C,CAAC;QACF,wCAAwC;QACxC,MAAM,yBAAyB,GAAG,UAAU,CAAC,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;QACzF,MAAM,cAAc,GAAG,qBAAqB,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QAE5E,MAAM,OAAO,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,IAAI,OAAO,CAAC,0BAA0B,IAAI,8BAA8B,EAAE,CAAC;QAE9H,IAAI,WAAW,CAAC;QAEhB,IAAI,CAAC;YACJ,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,IAAI,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3B,IAAI,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,iCAAiC,CAAC,EAAE,CAAC;gBAChE,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,8BAA8B,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;gBACpF,MAAM,cAAc,CAAC,MAAM,CAC1B,OAAO,EACP,YAAY,CAAC,gBAAgB,EAC7B,SAAS,CAAC,aAAa,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAClE,CAAC;YACH,CAAC;iBAAM,CAAC;gBACP,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,gCAAgC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;gBACtF,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,YAAY,CAAC,gBAAgB,CAAC,CAAC;gBACnF,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,+BAA+B,EAAE;oBACnD,OAAO;oBACP,QAAQ,EAAE,SAAS,CAAC,aAAa,CAAC,GAAG,CAAC;iBACtC,CAAC,CACF,CAAC;YACH,CAAC;QACF,CAAC;aAAM,CAAC;YACP,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,gCAAgC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QACvF,CAAC;IACF,CAAC;AACF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAClC,UAAuB,EACvB,OAAkE,EAClE,OAAkC,EAClC,QAAwB;IAExB,MAAM,kCAAkC,GACvC,UAAU,CAAC,iCAAiC,CAAC,yBAAyB,CAAC,CAAC;IACzE,IACC,EAAE,CAAC,WAAW,CAAC,kCAAkC,CAAC;QAClD,kCAAkC,CAAC,UAAU,CAAC,2BAA2B,CAAC,aAAa,CAAC;QACxF,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,EACnC,CAAC;QACF,6DAA6D;QAC7D,MAAM,yBAAyB,GAAG,UAAU,CAAC,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;QACzF,MAAM,cAAc,GAAG,qBAAqB,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QAE5E,MAAM,OAAO,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,gBAAgB,IAAI,mBAAmB,EAAE,CAAC;QAE7F,IAAI,WAAW,CAAC;QAChB,IAAI,CAAC;YACJ,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,IAAI,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;YAC3B,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,sBAAsB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;YAC5E,MAAM,cAAc,CAAC,SAAS,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACP,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,sBAAsB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QAC7E,CAAC;IACF,CAAC;AACF,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CACjD,UAAuB,EACvB,OAAkE,EAClE,OAAkC,EAClC,QAAwB;IAExB,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,0BAA0B,CAAC,IAAI,KAAK,EAAE,CAAC;QACjE,wEAAwE;QACxE,IAAI,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,iCAAiC,CAAC,EAAE,CAAC;YAChE,MAAM,yBAAyB,GAAG,UAAU,CAAC,yBAAyB,CAAC,gBAAgB,CAAC,CAAC;YACzF,MAAM,cAAc,GAAG,qBAAqB,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YAE5E,MAAM,OAAO,GACZ,OAAO,CAAC,6CAA6C;gBACrD,mDAAmD,CAAC;YACrD,IAAI,WAAW,CAAC;YAEhB,IAAI,CAAC;gBACJ,WAAW,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACpD,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;YAEV,IAAI,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3B,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,iDAAiD,EAAE,EAAE,OAAO,EAAE,CAAC,CAClF,CAAC;gBACF,MAAM,cAAc,CAAC,MAAM,CAC1B,OAAO,EACP,YAAY,CAAC,gBAAgB,EAC7B,SAAS,CAAC,aAAa,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAClE,CAAC;YACH,CAAC;iBAAM,CAAC;gBACP,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,mDAAmD,EAAE,EAAE,OAAO,EAAE,CAAC,CACpF,CAAC;YACH,CAAC;QACF,CAAC;IACF,CAAC;AACF,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,qBAAqB,CACnC,UAAuB,EACvB,OAAkE,EAClE,QAAgB,EAChB,uBAA+B,EAC/B,oBAAwC;IAExC,IACC,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC;QACxB,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC;QACrD,EAAE,CAAC,WAAW,CAAC,oBAAoB,CAAC,EACnC,CAAC;QACF,MAAM,4BAA4B,GAAG,UAAU,CAAC,yBAAyB,CAAC,mBAAmB,CAAC,CAAC;QAC/F,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAErF,MAAM,oCAAoC,GAAG,UAAU,CAAC,yBAAyB,CAChF,2BAA2B,CAC3B,CAAC;QACF,MAAM,yBAAyB,GAAG,gCAAgC,CAAC,GAAG,CACrE,oCAAoC,CACpC,CAAC;QAEF,MAAM,gBAAgB,GAAG,MAAM,yBAAyB,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAEnF,MAAM,YAAY,GAAG,GAAG,gBAAgB,CAAC,EAAE,IAAI,oBAAoB,EAAE,CAAC;QAEtE,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC;YACJ,cAAc,CAAC,qBAAqB,CAAC,gBAAgB,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC;YACxF,MAAM,GAAG,IAAI,CAAC;QACf,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,IAAI,CAAC,MAAM,EAAE,CAAC;YACb,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,+BAA+B,EAAE;gBACnD,KAAK,EAAE,uBAAuB;gBAC9B,QAAQ,EAAE,YAAY;aACtB,CAAC,CACF,CAAC;YACF,MAAM,iBAAiB,CAAC,qBAAqB,CAC5C,QAAQ,EACR,QAAQ,EACR,iBAAiB,EACjB,oBAAoB,CACpB,CAAC;QACH,CAAC;aAAM,CAAC;YACP,UAAU,CAAC,OAAO,CACjB,IAAI,CAAC,aAAa,CAAC,iCAAiC,EAAE;gBACrD,KAAK,EAAE,uBAAuB;gBAC9B,QAAQ,EAAE,YAAY;aACtB,CAAC,CACF,CAAC;QACH,CAAC;IACF,CAAC;AACF,CAAC","sourcesContent":["// Copyright 2024 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport { PasswordHelper, type AuthenticationUser } from \"@twin.org/api-auth-entity-storage-service\";\nimport {\n\tTenantIdContextIdHandler,\n\tTenantIdHelper,\n\ttype ITenantAdminComponent\n} from \"@twin.org/api-tenant-processor\";\nimport { ContextIdHandlerFactory, ContextIdKeys, ContextIdStore } from \"@twin.org/context\";\nimport { Coerce, ComponentFactory, Converter, I18n, Is, RandomHelper } from \"@twin.org/core\";\nimport { PasswordGenerator } from \"@twin.org/crypto\";\nimport type { IEngineCore, IEngineCoreContext } from \"@twin.org/engine-models\";\nimport {\n\tAuthenticationComponentType,\n\ttype IEngineServerConfig\n} from \"@twin.org/engine-server-types\";\nimport {\n\tEntityStorageConnectorFactory,\n\ttype IEntityStorageConnector\n} from \"@twin.org/entity-storage-models\";\nimport {\n\tDidContextIdHandler,\n\tDocumentHelper,\n\tIdentityConnectorFactory,\n\tIdentityProfileConnectorFactory,\n\tIdentityResolverConnectorFactory\n} from \"@twin.org/identity-models\";\nimport { nameofKebabCase } from \"@twin.org/nameof\";\nimport { VaultConnectorFactory, VaultKeyType } from \"@twin.org/vault-models\";\nimport type { Person, WithContext } from \"schema-dts\";\nimport {\n\tATTESTATION_VERIFICATION_METHOD_ID,\n\tAUTH_SIGNING_KEY_ID,\n\tBLOB_STORAGE_ENCRYPTION_KEY_ID,\n\tIMMUTABLE_PROOF_VERIFICATION_METHOD_ID,\n\tSYNCHRONISED_STORAGE_BLOB_STORAGE_ENCRYPTION_KEY_ID,\n\tVC_AUTHENTICATION_VERIFICATION_METHOD_ID\n} from \"./defaults.js\";\nimport { createIdentity } from \"./identity.js\";\nimport type { INodeEngineState } from \"./models/INodeEngineState.js\";\nimport type { INodeEnvironmentVariables } from \"./models/INodeEnvironmentVariables.js\";\nimport { NodeFeatures } from \"./models/nodeFeatures.js\";\nimport { getFeatures } from \"./utils.js\";\n\nconst DEFAULT_NODE_ADMIN_USERNAME = \"admin@node\";\n\n/**\n * Bootstrap the application.\n * @param engineCore The engine core for the node.\n * @param context The context for the node.\n * @param envVars The environment variables for the node.\n */\nexport async function bootstrap(\n\tengineCore: IEngineCore,\n\tcontext: IEngineCoreContext<IEngineServerConfig, INodeEngineState>,\n\tenvVars: INodeEnvironmentVariables\n): Promise<void> {\n\tconst features = getFeatures(envVars);\n\n\tawait bootstrapContextIdHandlers(engineCore, context, envVars, features);\n\n\tawait bootstrapNodeId(engineCore, context, envVars, features);\n\n\tawait ContextIdStore.run(engineCore.getContextIds() ?? {}, async () => {\n\t\tawait bootstrapTenantId(engineCore, context, envVars, features);\n\n\t\tawait bootstrapNodeAdminUser(engineCore, context, envVars, features);\n\t\tawait bootstrapAuth(engineCore, context, envVars, features);\n\t\tawait bootstrapBlobEncryption(engineCore, context, envVars, features);\n\n\t\tconst defaultAttestationConnectorType =\n\t\t\tengineCore.getRegisteredInstanceTypeOptional(\"attestationConnector\");\n\t\tif (\n\t\t\t!Is.empty(defaultAttestationConnectorType) &&\n\t\t\tIs.stringValue(context.state.nodeOrganizationId)\n\t\t) {\n\t\t\tawait addVerificationMethod(\n\t\t\t\tengineCore,\n\t\t\t\tcontext,\n\t\t\t\tcontext.state.nodeOrganizationId,\n\t\t\t\t\"attestation\",\n\t\t\t\tenvVars.attestationVerificationMethodId ?? ATTESTATION_VERIFICATION_METHOD_ID\n\t\t\t);\n\t\t}\n\n\t\tconst defaultImmutableProofComponentType =\n\t\t\tengineCore.getRegisteredInstanceTypeOptional(\"immutableProofComponent\");\n\n\t\tif (\n\t\t\t!Is.empty(defaultImmutableProofComponentType) &&\n\t\t\tIs.stringValue(context.state.nodeOrganizationId)\n\t\t) {\n\t\t\tawait addVerificationMethod(\n\t\t\t\tengineCore,\n\t\t\t\tcontext,\n\t\t\t\tcontext.state.nodeOrganizationId,\n\t\t\t\t\"immutable proof\",\n\t\t\t\tenvVars.immutableProofVerificationMethodId ?? IMMUTABLE_PROOF_VERIFICATION_METHOD_ID\n\t\t\t);\n\t\t}\n\n\t\tif (\n\t\t\t(Coerce.boolean(envVars.vcAuthenticationEnabled) ?? false) &&\n\t\t\tIs.stringValue(context.state.nodeId)\n\t\t) {\n\t\t\tawait addVerificationMethod(\n\t\t\t\tengineCore,\n\t\t\t\tcontext,\n\t\t\t\tcontext.state.nodeId,\n\t\t\t\t\"verifiable credential authentication\",\n\t\t\t\tenvVars.vcAuthenticationVerificationMethodId ?? VC_AUTHENTICATION_VERIFICATION_METHOD_ID\n\t\t\t);\n\t\t}\n\n\t\tawait bootstrapSynchronisedStorage(engineCore, context, envVars, features);\n\t});\n}\n\n/**\n * Bootstrap the context id handlers creating any necessary resources.\n * @param engineCore The engine core for the node.\n * @param context The context for the node.\n * @param envVars The environment variables for the node.\n * @param features The features that are enabled on the node. The features that are enabled on the node.\n */\nexport async function bootstrapContextIdHandlers(\n\tengineCore: IEngineCore,\n\tcontext: IEngineCoreContext<IEngineServerConfig, INodeEngineState>,\n\tenvVars: INodeEnvironmentVariables,\n\tfeatures: NodeFeatures[]\n): Promise<void> {\n\tContextIdHandlerFactory.register(ContextIdKeys.Node, () => new DidContextIdHandler());\n\tContextIdHandlerFactory.register(ContextIdKeys.Tenant, () => new TenantIdContextIdHandler());\n\tContextIdHandlerFactory.register(ContextIdKeys.Organization, () => new DidContextIdHandler());\n\tContextIdHandlerFactory.register(ContextIdKeys.User, () => new DidContextIdHandler());\n}\n\n/**\n * Bootstrap the node creating any necessary resources.\n * @param engineCore The engine core for the node.\n * @param context The context for the node.\n * @param envVars The environment variables for the node.\n * @param features The features that are enabled on the node. The features that are enabled on the node.\n */\nexport async function bootstrapNodeId(\n\tengineCore: IEngineCore,\n\tcontext: IEngineCoreContext<IEngineServerConfig, INodeEngineState>,\n\tenvVars: INodeEnvironmentVariables,\n\tfeatures: NodeFeatures[]\n): Promise<void> {\n\tif (features.includes(NodeFeatures.NodeId)) {\n\t\tconst existingNodeId = envVars.nodeIdentity ?? context.state.nodeId;\n\n\t\tcontext.state.nodeId = await createIdentity(\n\t\t\tengineCore,\n\t\t\tenvVars,\n\t\t\texistingNodeId,\n\t\t\tenvVars.nodeMnemonic,\n\t\t\texistingNodeId,\n\t\t\t\"node\",\n\t\t\tfeatures.includes(NodeFeatures.NodeWallet)\n\t\t);\n\t\tcontext.stateDirty = true;\n\n\t\tengineCore.logInfo(\n\t\t\tI18n.formatMessage(\"node.nodeId\", {\n\t\t\t\tidentity: context.state.nodeId\n\t\t\t})\n\t\t);\n\n\t\tengineCore.addContextId(ContextIdKeys.Node, context.state.nodeId);\n\t}\n}\n\n/**\n * Bootstrap the node creating any necessary resources.\n * @param engineCore The engine core for the node.\n * @param context The context for the node.\n * @param envVars The environment variables for the node.\n * @param features The features that are enabled on the node. The features that are enabled on the node.\n */\nexport async function bootstrapTenantId(\n\tengineCore: IEngineCore,\n\tcontext: IEngineCoreContext<IEngineServerConfig, INodeEngineState>,\n\tenvVars: INodeEnvironmentVariables,\n\tfeatures: NodeFeatures[]\n): Promise<void> {\n\t// If tenants are enabled we need to add a context id for the node\n\t// so that services such a logging have a default tenant context id\n\t// this will get overwritten by any incoming API requests with the tenant context id\n\tif (Coerce.boolean(envVars.tenantEnabled) ?? false) {\n\t\tlet tenantId = envVars.tenantId ?? context.state.nodeTenantId;\n\n\t\tif (!Is.stringValue(tenantId)) {\n\t\t\tconst tenantAdminServiceComponentType =\n\t\t\t\tengineCore.getRegisteredInstanceType(\"tenantAdminComponent\");\n\n\t\t\tconst tenantAdminService = ComponentFactory.get<ITenantAdminComponent>(\n\t\t\t\ttenantAdminServiceComponentType\n\t\t\t);\n\n\t\t\ttenantId = TenantIdHelper.generateTenantId();\n\t\t\tconst apiKey = envVars.tenantApiKey ?? TenantIdHelper.generateApiKey();\n\n\t\t\tawait tenantAdminService.set({\n\t\t\t\tid: tenantId,\n\t\t\t\tapiKey,\n\t\t\t\tdateCreated: new Date(Date.now()).toISOString(),\n\t\t\t\tlabel: \"node-tenant\"\n\t\t\t});\n\n\t\t\tengineCore.logInfo(\n\t\t\t\tI18n.formatMessage(\"node.createdTenantId\", {\n\t\t\t\t\tidentity: tenantId,\n\t\t\t\t\tapiKey\n\t\t\t\t})\n\t\t\t);\n\t\t} else {\n\t\t\tengineCore.logInfo(\n\t\t\t\tI18n.formatMessage(\"node.existingTenantId\", {\n\t\t\t\t\tidentity: context.state.nodeTenantId\n\t\t\t\t})\n\t\t\t);\n\t\t}\n\n\t\tcontext.state.nodeTenantId = tenantId;\n\t\tcontext.stateDirty = true;\n\n\t\tengineCore.addContextId(ContextIdKeys.Tenant, context.state.nodeTenantId);\n\t}\n}\n\n/**\n * Bootstrap the user.\n * @param engineCore The engine core for the node.\n * @param context The context for the node.\n * @param envVars The environment variables for the node.\n * @param features The features that are enabled on the node.\n */\nexport async function bootstrapNodeAdminUser(\n\tengineCore: IEngineCore,\n\tcontext: IEngineCoreContext<IEngineServerConfig, INodeEngineState>,\n\tenvVars: INodeEnvironmentVariables,\n\tfeatures: NodeFeatures[]\n): Promise<void> {\n\tif (features.includes(NodeFeatures.NodeAdminUser)) {\n\t\tcontext.state.nodeOrganizationId =\n\t\t\tenvVars.organizationIdentity ?? context.state.nodeOrganizationId;\n\t\tcontext.state.nodeAdminUserId = envVars.adminUserIdentity ?? context.state.nodeAdminUserId;\n\n\t\tconst defaultAuthenticationComponentType =\n\t\t\tengineCore.getRegisteredInstanceType(\"authenticationComponent\");\n\t\tif (\n\t\t\tdefaultAuthenticationComponentType.startsWith(AuthenticationComponentType.EntityStorage) &&\n\t\t\tIs.stringValue(context.state.nodeId)\n\t\t) {\n\t\t\tconst authUserEntityStorage =\n\t\t\t\tEntityStorageConnectorFactory.get<IEntityStorageConnector<AuthenticationUser>>(\n\t\t\t\t\tnameofKebabCase<AuthenticationUser>()\n\t\t\t\t);\n\n\t\t\t// If we don't have an organization identity, create one\n\t\t\tif (!Is.stringValue(context.state.nodeOrganizationId)) {\n\t\t\t\tcontext.state.nodeOrganizationId = await createIdentity(\n\t\t\t\t\tengineCore,\n\t\t\t\t\tenvVars,\n\t\t\t\t\tcontext.state.nodeOrganizationId,\n\t\t\t\t\tenvVars.organizationMnemonic,\n\t\t\t\t\tcontext.state.nodeId,\n\t\t\t\t\t\"organization\",\n\t\t\t\t\tfeatures.includes(NodeFeatures.NodeWallet)\n\t\t\t\t);\n\t\t\t\tcontext.stateDirty = true;\n\t\t\t}\n\n\t\t\tif (!Is.stringValue(context.state.nodeAdminUserId)) {\n\t\t\t\tcontext.state.nodeAdminUserId = await createIdentity(\n\t\t\t\t\tengineCore,\n\t\t\t\t\tenvVars,\n\t\t\t\t\tcontext.state.nodeAdminUserId,\n\t\t\t\t\tenvVars.adminUserMnemonic,\n\t\t\t\t\tcontext.state.nodeOrganizationId,\n\t\t\t\t\t\"user\",\n\t\t\t\t\tfalse\n\t\t\t\t);\n\t\t\t\tcontext.stateDirty = true;\n\t\t\t}\n\n\t\t\tconst adminEmail = envVars.adminUserName ?? DEFAULT_NODE_ADMIN_USERNAME;\n\n\t\t\tlet nodeAdminUser = await authUserEntityStorage.get(adminEmail);\n\n\t\t\t// If the node admin user doesn't exist, create it\n\t\t\tif (Is.empty(nodeAdminUser)) {\n\t\t\t\tengineCore.logInfo(I18n.formatMessage(\"node.creatingUser\", { email: adminEmail }));\n\n\t\t\t\tconst generatedPassword = envVars.adminUserPassword ?? PasswordGenerator.generate(16);\n\t\t\t\tconst passwordBytes = Converter.utf8ToBytes(generatedPassword);\n\t\t\t\tconst saltBytes = RandomHelper.generate(16);\n\t\t\t\tconst hashedPassword = await PasswordHelper.hashPassword(passwordBytes, saltBytes);\n\n\t\t\t\tnodeAdminUser = {\n\t\t\t\t\temail: adminEmail,\n\t\t\t\t\tpassword: hashedPassword,\n\t\t\t\t\tsalt: Converter.bytesToBase64(saltBytes),\n\t\t\t\t\tidentity: context.state.nodeAdminUserId,\n\t\t\t\t\torganization: context.state.nodeOrganizationId\n\t\t\t\t};\n\n\t\t\t\tengineCore.logInfo(I18n.formatMessage(\"node.nodeAdminUserEmail\", { email: adminEmail }));\n\t\t\t\tengineCore.logInfo(\n\t\t\t\t\tI18n.formatMessage(\"node.nodeAdminUserPassword\", { password: generatedPassword })\n\t\t\t\t);\n\n\t\t\t\tawait authUserEntityStorage.set(nodeAdminUser);\n\t\t\t} else {\n\t\t\t\tengineCore.logInfo(I18n.formatMessage(\"node.existingUser\", { email: adminEmail }));\n\n\t\t\t\t// The user already exists, so double check the other details match\n\t\t\t\tlet needsUpdate = false;\n\n\t\t\t\tif (nodeAdminUser.identity !== context.state.nodeAdminUserId) {\n\t\t\t\t\tnodeAdminUser.identity = context.state.nodeAdminUserId;\n\t\t\t\t\tneedsUpdate = true;\n\t\t\t\t}\n\n\t\t\t\tif (Is.stringValue(envVars.adminUserPassword)) {\n\t\t\t\t\tconst passwordBytes = Converter.utf8ToBytes(envVars.adminUserPassword);\n\t\t\t\t\tconst saltBytes = Converter.base64ToBytes(nodeAdminUser.salt);\n\t\t\t\t\tconst hashedPassword = await PasswordHelper.hashPassword(passwordBytes, saltBytes);\n\n\t\t\t\t\tif (nodeAdminUser.password !== hashedPassword) {\n\t\t\t\t\t\tnodeAdminUser.password = hashedPassword;\n\t\t\t\t\t\tneedsUpdate = true;\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (needsUpdate) {\n\t\t\t\t\tawait authUserEntityStorage.set(nodeAdminUser);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// We have create a node user, now we need to create a profile for the user\n\t\t\tconst defaultIdentityProfileConnectorType = engineCore.getRegisteredInstanceType(\n\t\t\t\t\"identityProfileConnector\"\n\t\t\t);\n\t\t\tconst identityProfileConnector = IdentityProfileConnectorFactory.get(\n\t\t\t\tdefaultIdentityProfileConnectorType\n\t\t\t);\n\n\t\t\tif (identityProfileConnector) {\n\t\t\t\t// Add the organization context id when creating the profile\n\t\t\t\t// so that it is partitioned under the organization\n\t\t\t\tconst contextIds = (await ContextIdStore.getContextIds()) ?? {};\n\t\t\t\tcontextIds[ContextIdKeys.Organization] = context.state.nodeOrganizationId;\n\t\t\t\tawait ContextIdStore.run(contextIds, async () => {\n\t\t\t\t\tlet userProfile;\n\t\t\t\t\tif (Is.stringValue(nodeAdminUser.identity)) {\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tuserProfile = await identityProfileConnector.get(nodeAdminUser.identity);\n\t\t\t\t\t\t} catch {}\n\t\t\t\t\t}\n\t\t\t\t\tif (Is.empty(userProfile)) {\n\t\t\t\t\t\tengineCore.logInfo(\n\t\t\t\t\t\t\tI18n.formatMessage(\"node.creatingUserProfile\", {\n\t\t\t\t\t\t\t\tidentity: nodeAdminUser.identity\n\t\t\t\t\t\t\t})\n\t\t\t\t\t\t);\n\n\t\t\t\t\t\tconst publicProfile: WithContext<Person> = {\n\t\t\t\t\t\t\t\"@context\": \"https://schema.org\",\n\t\t\t\t\t\t\t\"@type\": \"Person\",\n\t\t\t\t\t\t\tname: \"Node Administrator\"\n\t\t\t\t\t\t};\n\t\t\t\t\t\tconst privateProfile: WithContext<Person> = {\n\t\t\t\t\t\t\t\"@context\": \"https://schema.org\",\n\t\t\t\t\t\t\t\"@type\": \"Person\",\n\t\t\t\t\t\t\tgivenName: \"Node\",\n\t\t\t\t\t\t\tfamilyName: \"Administrator\",\n\t\t\t\t\t\t\temail: adminEmail\n\t\t\t\t\t\t};\n\t\t\t\t\t\tawait identityProfileConnector.create(\n\t\t\t\t\t\t\tnodeAdminUser.identity,\n\t\t\t\t\t\t\tpublicProfile,\n\t\t\t\t\t\t\tprivateProfile\n\t\t\t\t\t\t);\n\t\t\t\t\t} else {\n\t\t\t\t\t\tengineCore.logInfo(\n\t\t\t\t\t\t\tI18n.formatMessage(\"node.existingUserProfile\", {\n\t\t\t\t\t\t\t\tidentity: nodeAdminUser.identity\n\t\t\t\t\t\t\t})\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t});\n\t\t\t}\n\t\t}\n\t}\n}\n\n/**\n * Bootstrap the immutable proof verification methods.\n * @param engineCore The engine core for the node.\n * @param context The context for the node.\n * @param envVars The environment variables for the node.\n * @param features The features that are enabled on the node.\n */\nexport async function bootstrapImmutableProofMethod(\n\tengineCore: IEngineCore,\n\tcontext: IEngineCoreContext<IEngineServerConfig, INodeEngineState>,\n\tenvVars: INodeEnvironmentVariables,\n\tfeatures: NodeFeatures[]\n): Promise<void> {}\n\n/**\n * Bootstrap the keys for blob encryption.\n * @param engineCore The engine core for the node.\n * @param context The context for the node.\n * @param envVars The environment variables for the node.\n * @param features The features that are enabled on the node.\n */\nexport async function bootstrapBlobEncryption(\n\tengineCore: IEngineCore,\n\tcontext: IEngineCoreContext<IEngineServerConfig, INodeEngineState>,\n\tenvVars: INodeEnvironmentVariables,\n\tfeatures: NodeFeatures[]\n): Promise<void> {\n\tif (\n\t\t(Coerce.boolean(envVars.blobStorageEnableEncryption) ?? false) &&\n\t\tIs.stringValue(context.state.nodeOrganizationId)\n\t) {\n\t\t// Create a new key for encrypting blobs\n\t\tconst defaultVaultConnectorType = engineCore.getRegisteredInstanceType(\"vaultConnector\");\n\t\tconst vaultConnector = VaultConnectorFactory.get(defaultVaultConnectorType);\n\n\t\tconst keyName = `${context.state.nodeOrganizationId}/${envVars.blobStorageEncryptionKeyId ?? BLOB_STORAGE_ENCRYPTION_KEY_ID}`;\n\n\t\tlet existingKey;\n\n\t\ttry {\n\t\t\texistingKey = await vaultConnector.getKey(keyName);\n\t\t} catch {}\n\n\t\tif (Is.empty(existingKey)) {\n\t\t\tif (Is.stringBase64(envVars.blobStorageSymmetricEncryptionKey)) {\n\t\t\t\tengineCore.logInfo(I18n.formatMessage(\"node.addingBlobEncryptionKey\", { keyName }));\n\t\t\t\tawait vaultConnector.addKey(\n\t\t\t\t\tkeyName,\n\t\t\t\t\tVaultKeyType.ChaCha20Poly1305,\n\t\t\t\t\tConverter.base64ToBytes(envVars.blobStorageSymmetricEncryptionKey)\n\t\t\t\t);\n\t\t\t} else {\n\t\t\t\tengineCore.logInfo(I18n.formatMessage(\"node.creatingBlobEncryptionKey\", { keyName }));\n\t\t\t\tconst key = await vaultConnector.createKey(keyName, VaultKeyType.ChaCha20Poly1305);\n\t\t\t\tengineCore.logInfo(\n\t\t\t\t\tI18n.formatMessage(\"node.createdBlobEncryptionKey\", {\n\t\t\t\t\t\tkeyName,\n\t\t\t\t\t\tkeyValue: Converter.bytesToBase64(key)\n\t\t\t\t\t})\n\t\t\t\t);\n\t\t\t}\n\t\t} else {\n\t\t\tengineCore.logInfo(I18n.formatMessage(\"node.existingBlobEncryptionKey\", { keyName }));\n\t\t}\n\t}\n}\n\n/**\n * Bootstrap the JWT signing key.\n * @param engineCore The engine core for the node.\n * @param context The context for the node.\n * @param envVars The environment variables for the node.\n * @param features The features that are enabled on the node.\n */\nexport async function bootstrapAuth(\n\tengineCore: IEngineCore,\n\tcontext: IEngineCoreContext<IEngineServerConfig, INodeEngineState>,\n\tenvVars: INodeEnvironmentVariables,\n\tfeatures: NodeFeatures[]\n): Promise<void> {\n\tconst defaultAuthenticationComponentType =\n\t\tengineCore.getRegisteredInstanceTypeOptional(\"authenticationComponent\");\n\tif (\n\t\tIs.stringValue(defaultAuthenticationComponentType) &&\n\t\tdefaultAuthenticationComponentType.startsWith(AuthenticationComponentType.EntityStorage) &&\n\t\tIs.stringValue(context.state.nodeId)\n\t) {\n\t\t// Create a new JWT signing key and a user login for the node\n\t\tconst defaultVaultConnectorType = engineCore.getRegisteredInstanceType(\"vaultConnector\");\n\t\tconst vaultConnector = VaultConnectorFactory.get(defaultVaultConnectorType);\n\n\t\tconst keyName = `${context.state.nodeId}/${envVars.authSigningKeyId ?? AUTH_SIGNING_KEY_ID}`;\n\n\t\tlet existingKey;\n\t\ttry {\n\t\t\texistingKey = await vaultConnector.getKey(keyName);\n\t\t} catch {}\n\n\t\tif (Is.empty(existingKey)) {\n\t\t\tengineCore.logInfo(I18n.formatMessage(\"node.creatingAuthKey\", { keyName }));\n\t\t\tawait vaultConnector.createKey(keyName, VaultKeyType.Ed25519);\n\t\t} else {\n\t\t\tengineCore.logInfo(I18n.formatMessage(\"node.existingAuthKey\", { keyName }));\n\t\t}\n\t}\n}\n\n/**\n * Bootstrap the synchronised storage blob encryption and verification methods.\n * @param engineCore The engine core for the node.\n * @param context The context for the node.\n * @param envVars The environment variables for the node.\n * @param features The features that are enabled on the node.\n */\nexport async function bootstrapSynchronisedStorage(\n\tengineCore: IEngineCore,\n\tcontext: IEngineCoreContext<IEngineServerConfig, INodeEngineState>,\n\tenvVars: INodeEnvironmentVariables,\n\tfeatures: NodeFeatures[]\n): Promise<void> {\n\tif (Coerce.boolean(envVars.synchronisedStorageEnabled) ?? false) {\n\t\t// If this is a trusted node we need to add the blob encryption key pair\n\t\tif (Is.stringBase64(envVars.synchronisedStorageBlobStorageKey)) {\n\t\t\tconst defaultVaultConnectorType = engineCore.getRegisteredInstanceType(\"vaultConnector\");\n\t\t\tconst vaultConnector = VaultConnectorFactory.get(defaultVaultConnectorType);\n\n\t\t\tconst keyName =\n\t\t\t\tenvVars.synchronisedStorageBlobStorageEncryptionKeyId ??\n\t\t\t\tSYNCHRONISED_STORAGE_BLOB_STORAGE_ENCRYPTION_KEY_ID;\n\t\t\tlet existingKey;\n\n\t\t\ttry {\n\t\t\t\texistingKey = await vaultConnector.getKey(keyName);\n\t\t\t} catch {}\n\n\t\t\tif (Is.empty(existingKey)) {\n\t\t\t\tengineCore.logInfo(\n\t\t\t\t\tI18n.formatMessage(\"node.addingSynchronisedStorageBlobEncryptionKey\", { keyName })\n\t\t\t\t);\n\t\t\t\tawait vaultConnector.addKey(\n\t\t\t\t\tkeyName,\n\t\t\t\t\tVaultKeyType.ChaCha20Poly1305,\n\t\t\t\t\tConverter.base64ToBytes(envVars.synchronisedStorageBlobStorageKey)\n\t\t\t\t);\n\t\t\t} else {\n\t\t\t\tengineCore.logInfo(\n\t\t\t\t\tI18n.formatMessage(\"node.existingSynchronisedStorageBlobEncryptionKey\", { keyName })\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\t}\n}\n\n/**\n * Add a verification method if it doesn't exist.\n * @param engineCore The engine core for the node.\n * @param context The context for the node.\n * @param identity The identity to add the verification method to.\n * @param verificationMethodTitle The verification method title.\n * @param verificationMethodId The verification method ID.\n */\nasync function addVerificationMethod(\n\tengineCore: IEngineCore,\n\tcontext: IEngineCoreContext<IEngineServerConfig, INodeEngineState>,\n\tidentity: string,\n\tverificationMethodTitle: string,\n\tverificationMethodId: string | undefined\n): Promise<void> {\n\tif (\n\t\tIs.stringValue(identity) &&\n\t\tIs.arrayValue(context.config.types.identityConnector) &&\n\t\tIs.stringValue(verificationMethodId)\n\t) {\n\t\tconst defaultIdentityConnectorType = engineCore.getRegisteredInstanceType(\"identityConnector\");\n\t\tconst identityConnector = IdentityConnectorFactory.get(defaultIdentityConnectorType);\n\n\t\tconst defaultIdentityResolverConnectorType = engineCore.getRegisteredInstanceType(\n\t\t\t\"identityResolverConnector\"\n\t\t);\n\t\tconst identityResolverConnector = IdentityResolverConnectorFactory.get(\n\t\t\tdefaultIdentityResolverConnectorType\n\t\t);\n\n\t\tconst identityDocument = await identityResolverConnector.resolveDocument(identity);\n\n\t\tconst fullMethodId = `${identityDocument.id}#${verificationMethodId}`;\n\n\t\tlet exists = false;\n\t\ttry {\n\t\t\tDocumentHelper.getVerificationMethod(identityDocument, fullMethodId, \"assertionMethod\");\n\t\t\texists = true;\n\t\t} catch {}\n\n\t\tif (!exists) {\n\t\t\tengineCore.logInfo(\n\t\t\t\tI18n.formatMessage(\"node.addingVerificationMethod\", {\n\t\t\t\t\ttitle: verificationMethodTitle,\n\t\t\t\t\tmethodId: fullMethodId\n\t\t\t\t})\n\t\t\t);\n\t\t\tawait identityConnector.addVerificationMethod(\n\t\t\t\tidentity,\n\t\t\t\tidentity,\n\t\t\t\t\"assertionMethod\",\n\t\t\t\tverificationMethodId\n\t\t\t);\n\t\t} else {\n\t\t\tengineCore.logInfo(\n\t\t\t\tI18n.formatMessage(\"node.existingVerificationMethod\", {\n\t\t\t\t\ttitle: verificationMethodTitle,\n\t\t\t\t\tmethodId: fullMethodId\n\t\t\t\t})\n\t\t\t);\n\t\t}\n\t}\n}\n"]}

package/dist/es/identity.js

@@ -1,169 +0,0 @@
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-import { Converter, I18n, Is, RandomHelper, Urn } from "@twin.org/core";
-import { Bip39 } from "@twin.org/crypto";
-import { IdentityConnectorType, WalletConnectorType } from "@twin.org/engine-types";
-import { EntityStorageConnectorFactory } from "@twin.org/entity-storage-models";
-import { IdentityConnectorFactory, IdentityResolverConnectorFactory } from "@twin.org/identity-models";
-import { VaultConnectorFactory } from "@twin.org/vault-models";
-import { WalletConnectorFactory } from "@twin.org/wallet-models";
-/**
- * Generate an identity and fund it.
- * @param engineCore The engine core for the node.
- * @param envVars The environment variables for the node.
- * @param configIdentity A identity from config to use.
- * @param configMnemonic A mnemonic from config to use.
- * @param controller The controller for the identity.
- * @param identityType The type of identity.
- * @param addWallet Whether to add a wallet for the identity.
- * @returns The identity that was generated.
- */
-export async function createIdentity(engineCore, envVars, configIdentity, configMnemonic, controller, identityType, addWallet) {
-    engineCore.logInfo(I18n.formatMessage("node.processingIdentity", { identityType }));
-    // We have a chicken and egg problem in that we can't create the identity
-    // to store the mnemonic in the vault without an identity. We use a temporary identity
-    // and then replace it with the new identity later in the process.
-    const defaultVaultConnectorType = engineCore.getRegisteredInstanceType("vaultConnector");
-    const vaultConnector = VaultConnectorFactory.get(defaultVaultConnectorType);
-    const workingIdentity = configIdentity ?? `bootstrap-temp-${Converter.bytesToHex(RandomHelper.generate(16))}`;
-    const workingController = controller ?? workingIdentity;
-    await bootstrapMnemonic(engineCore, vaultConnector, workingIdentity, configMnemonic);
-    const addresses = addWallet ? await generateWallet(engineCore, envVars, workingIdentity) : [];
-    const finalIdentity = await generateIdentity(engineCore, envVars, workingController, workingIdentity, identityType);
-    await finaliseWallet(engineCore, envVars, finalIdentity, addresses);
-    await finaliseMnemonic(vaultConnector, workingIdentity, finalIdentity);
-    return finalIdentity;
-}
-/**
- * Generate a mnemonic for the node identity.
- * @param engineCore The engine core for the node.
- * @param vaultConnector The vault connector to use.
- * @param identity The identity of the node.
- * @param existingMnemonic An existing mnemonic to use.
- */
-async function bootstrapMnemonic(engineCore, vaultConnector, identity, existingMnemonic) {
-    let mnemonic = existingMnemonic;
-    let storeMnemonic = false;
-    try {
-        const storedMnemonic = await vaultConnector.getSecret(`${identity}/mnemonic`);
-        storeMnemonic = storedMnemonic !== mnemonic;
-        mnemonic = storedMnemonic;
-    }
-    catch {
-        storeMnemonic = true;
-    }
-    // If there is no mnemonic then we need to generate one
-    if (Is.empty(mnemonic)) {
-        mnemonic = Bip39.randomMnemonic();
-        storeMnemonic = true;
-        engineCore.logInfo(I18n.formatMessage("node.generatingMnemonic", { mnemonic }));
-    }
-    // If there is no mnemonic stored in the vault then we need to store it
-    if (storeMnemonic) {
-        engineCore.logInfo(I18n.formatMessage("node.storingMnemonic"));
-        await vaultConnector.setSecret(`${identity}/mnemonic`, mnemonic);
-    }
-    else {
-        engineCore.logInfo(I18n.formatMessage("node.existingMnemonic"));
-    }
-}
-/**
- * Finalise the mnemonic for the node identity.
- * @param vaultConnector The vault connector to use.
- * @param workingIdentity The identity of the node.
- * @param finalIdentity The final identity for the node.
- */
-async function finaliseMnemonic(vaultConnector, workingIdentity, finalIdentity) {
-    // Now that we have an identity we can remove the temporary one
-    // and store the mnemonic with the new identity
-    if (workingIdentity.startsWith("bootstrap-temp-") && workingIdentity !== finalIdentity) {
-        const mnemonic = await vaultConnector.getSecret(`${workingIdentity}/mnemonic`);
-        await vaultConnector.setSecret(`${finalIdentity}/mnemonic`, mnemonic);
-        await vaultConnector.removeSecret(`${workingIdentity}/mnemonic`);
-    }
-}
-/**
- * Bootstrap the identity for the node.
- * @param engineCore The engine core for the node.
- * @param envVars The environment variables for the node.
- * @param finalIdentity The identity of the node.
- * @param addresses The addresses for the wallet.
- */
-async function finaliseWallet(engineCore, envVars, finalIdentity, addresses) {
-    if (Is.arrayValue(addresses)) {
-        const defaultWalletConnectorType = engineCore.getRegisteredInstanceType("walletConnector");
-        // If we are using entity storage for wallet the identity associated with the
-        // address will be wrong, so fix it
-        if (defaultWalletConnectorType.startsWith(WalletConnectorType.EntityStorage)) {
-            const walletAddress = EntityStorageConnectorFactory.get("wallet-address");
-            const addr = await walletAddress.get(addresses[0]);
-            if (!Is.empty(addr)) {
-                addr.identity = finalIdentity;
-                await walletAddress.set(addr);
-            }
-        }
-    }
-}
-/**
- * Bootstrap the wallet for the node.
- * @param engineCore The engine core for the node.
- * @param envVars The environment variables for the node.
- * @param identity The identity to create the wallet for.
- * @returns The addresses for the wallet.
- */
-async function generateWallet(engineCore, envVars, identity) {
-    const defaultWalletConnectorType = engineCore.getRegisteredInstanceType("walletConnector");
-    const walletConnector = WalletConnectorFactory.get(defaultWalletConnectorType);
-    const addresses = await walletConnector.getAddresses(identity, 0, 0, 5);
-    const balance = await walletConnector.getBalance(identity, addresses[0]);
-    if (balance === 0n) {
-        let address0 = addresses[0];
-        if (defaultWalletConnectorType.startsWith(WalletConnectorType.Iota)) {
-            address0 = `${envVars.iotaExplorerEndpoint}address/${address0}?network=${envVars.iotaNetwork}`;
-        }
-        engineCore.logInfo(I18n.formatMessage("node.fundingWallet", { address: address0 }));
-        // Add some funds to the wallet from the faucet
-        await walletConnector.ensureBalance(identity, addresses[0], 1000000000n);
-    }
-    else {
-        engineCore.logInfo(I18n.formatMessage("node.fundedWallet"));
-    }
-    return addresses;
-}
-/**
- * Bootstrap the identity for the node.
- * @param engineCore The engine core for the node.
- * @param envVars The environment variables for the node.
- * @param controller The controller for the identity.
- * @param identity The existing identity if there is one.
- * @param identityType The type of identity.
- * @returns The addresses for the wallet.
- */
-async function generateIdentity(engineCore, envVars, controller, identity, identityType) {
-    const defaultIdentityConnectorType = engineCore.getRegisteredInstanceType("identityConnector");
-    // Now create an identity for the node controlled by the address we just funded
-    const identityConnector = IdentityConnectorFactory.get(defaultIdentityConnectorType);
-    let identityDocument;
-    try {
-        const defaultIdentityResolverConnectorType = engineCore.getRegisteredInstanceType("identityResolverConnector");
-        const identityResolverConnector = IdentityResolverConnectorFactory.get(defaultIdentityResolverConnectorType);
-        identityDocument = await identityResolverConnector.resolveDocument(identity);
-        engineCore.logInfo(I18n.formatMessage("node.existingIdentity", { identity }));
-    }
-    catch { }
-    if (Is.empty(identityDocument)) {
-        engineCore.logInfo(I18n.formatMessage("node.generatingIdentity", { identityType }));
-        identityDocument = await identityConnector.createDocument(controller);
-        engineCore.logInfo(I18n.formatMessage("node.createdIdentity", { identity: identityDocument.id }));
-    }
-    if (defaultIdentityConnectorType.startsWith(IdentityConnectorType.Iota)) {
-        const didUrn = Urn.fromValidString(identityDocument.id);
-        const didParts = didUrn.parts();
-        const objectId = didParts[3];
-        engineCore.logInfo(I18n.formatMessage("node.identityExplorer", {
-            url: `${envVars.iotaExplorerEndpoint}object/${objectId}?network=${envVars.iotaNetwork}`
-        }));
-    }
-    return identityDocument.id;
-}
-//# sourceMappingURL=identity.js.map