@venizia/ignis 0.0.9-13 → 0.0.9-15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/base/models/enrichers/tz.enricher.d.ts.map +1 -1
- package/dist/base/models/enrichers/tz.enricher.js +5 -2
- package/dist/base/models/enrichers/tz.enricher.js.map +1 -1
- package/dist/base/repositories/core/readable.d.ts.map +1 -1
- package/dist/base/repositories/core/readable.js +16 -4
- package/dist/base/repositories/core/readable.js.map +1 -1
- package/dist/components/auth/authorize/adapters/base-filtered.d.ts +26 -56
- package/dist/components/auth/authorize/adapters/base-filtered.d.ts.map +1 -1
- package/dist/components/auth/authorize/adapters/base-filtered.js +23 -70
- package/dist/components/auth/authorize/adapters/base-filtered.js.map +1 -1
- package/dist/components/auth/authorize/adapters/index.d.ts +2 -1
- package/dist/components/auth/authorize/adapters/index.d.ts.map +1 -1
- package/dist/components/auth/authorize/adapters/index.js +2 -1
- package/dist/components/auth/authorize/adapters/index.js.map +1 -1
- package/dist/components/auth/authorize/adapters/scoped-casbin.adapter.d.ts +131 -0
- package/dist/components/auth/authorize/adapters/scoped-casbin.adapter.d.ts.map +1 -0
- package/dist/components/auth/authorize/adapters/scoped-casbin.adapter.js +293 -0
- package/dist/components/auth/authorize/adapters/scoped-casbin.adapter.js.map +1 -0
- package/dist/components/auth/authorize/adapters/types.d.ts +31 -0
- package/dist/components/auth/authorize/adapters/types.d.ts.map +1 -0
- package/dist/components/auth/authorize/adapters/types.js +3 -0
- package/dist/components/auth/authorize/adapters/types.js.map +1 -0
- package/dist/components/auth/authorize/common/constants.d.ts +127 -12
- package/dist/components/auth/authorize/common/constants.d.ts.map +1 -1
- package/dist/components/auth/authorize/common/constants.js +139 -16
- package/dist/components/auth/authorize/common/constants.js.map +1 -1
- package/dist/components/auth/authorize/common/index.d.ts +2 -0
- package/dist/components/auth/authorize/common/index.d.ts.map +1 -1
- package/dist/components/auth/authorize/common/index.js +2 -0
- package/dist/components/auth/authorize/common/index.js.map +1 -1
- package/dist/components/auth/authorize/common/object-match.d.ts +21 -0
- package/dist/components/auth/authorize/common/object-match.d.ts.map +1 -0
- package/dist/components/auth/authorize/common/object-match.js +33 -0
- package/dist/components/auth/authorize/common/object-match.js.map +1 -0
- package/dist/components/auth/authorize/common/resolve-request-domain.d.ts +20 -0
- package/dist/components/auth/authorize/common/resolve-request-domain.d.ts.map +1 -0
- package/dist/components/auth/authorize/common/resolve-request-domain.js +59 -0
- package/dist/components/auth/authorize/common/resolve-request-domain.js.map +1 -0
- package/dist/components/auth/authorize/common/types.d.ts +65 -22
- package/dist/components/auth/authorize/common/types.d.ts.map +1 -1
- package/dist/components/auth/authorize/enforcers/casbin.enforcer.d.ts +119 -30
- package/dist/components/auth/authorize/enforcers/casbin.enforcer.d.ts.map +1 -1
- package/dist/components/auth/authorize/enforcers/casbin.enforcer.js +302 -168
- package/dist/components/auth/authorize/enforcers/casbin.enforcer.js.map +1 -1
- package/dist/components/auth/authorize/enforcers/enforcer-registry.d.ts +19 -1
- package/dist/components/auth/authorize/enforcers/enforcer-registry.d.ts.map +1 -1
- package/dist/components/auth/authorize/enforcers/enforcer-registry.js +23 -0
- package/dist/components/auth/authorize/enforcers/enforcer-registry.js.map +1 -1
- package/dist/components/auth/authorize/enforcers/index.d.ts +1 -0
- package/dist/components/auth/authorize/enforcers/index.d.ts.map +1 -1
- package/dist/components/auth/authorize/enforcers/index.js +1 -0
- package/dist/components/auth/authorize/enforcers/index.js.map +1 -1
- package/dist/components/auth/authorize/enforcers/models/index.d.ts +2 -0
- package/dist/components/auth/authorize/enforcers/models/index.d.ts.map +1 -0
- package/dist/components/auth/authorize/{models/abilities → enforcers/models}/index.js +1 -2
- package/dist/components/auth/authorize/enforcers/models/index.js.map +1 -0
- package/dist/components/auth/authorize/enforcers/models/rbac-domain.model.d.ts +32 -0
- package/dist/components/auth/authorize/enforcers/models/rbac-domain.model.d.ts.map +1 -0
- package/dist/components/auth/authorize/enforcers/models/rbac-domain.model.js +54 -0
- package/dist/components/auth/authorize/enforcers/models/rbac-domain.model.js.map +1 -0
- package/dist/components/auth/authorize/models/index.d.ts +0 -1
- package/dist/components/auth/authorize/models/index.d.ts.map +1 -1
- package/dist/components/auth/authorize/models/index.js +0 -1
- package/dist/components/auth/authorize/models/index.js.map +1 -1
- package/dist/components/auth/authorize/providers/authorization.provider.d.ts.map +1 -1
- package/dist/components/auth/authorize/providers/authorization.provider.js +12 -0
- package/dist/components/auth/authorize/providers/authorization.provider.js.map +1 -1
- package/dist/components/mail/helpers/executors/internal-queue-executor.helper.d.ts.map +1 -1
- package/dist/components/mail/helpers/executors/internal-queue-executor.helper.js +1 -1
- package/dist/components/mail/helpers/executors/internal-queue-executor.helper.js.map +1 -1
- package/package.json +3 -3
- package/dist/components/auth/authorize/adapters/drizzle-casbin.d.ts +0 -46
- package/dist/components/auth/authorize/adapters/drizzle-casbin.d.ts.map +0 -1
- package/dist/components/auth/authorize/adapters/drizzle-casbin.js +0 -104
- package/dist/components/auth/authorize/adapters/drizzle-casbin.js.map +0 -1
- package/dist/components/auth/authorize/models/abilities/index.d.ts +0 -3
- package/dist/components/auth/authorize/models/abilities/index.d.ts.map +0 -1
- package/dist/components/auth/authorize/models/abilities/index.js.map +0 -1
- package/dist/components/auth/authorize/models/abilities/string-action.model.d.ts +0 -14
- package/dist/components/auth/authorize/models/abilities/string-action.model.d.ts.map +0 -1
- package/dist/components/auth/authorize/models/abilities/string-action.model.js +0 -23
- package/dist/components/auth/authorize/models/abilities/string-action.model.js.map +0 -1
- package/dist/components/auth/authorize/models/abilities/string-resource.model.d.ts +0 -13
- package/dist/components/auth/authorize/models/abilities/string-resource.model.d.ts.map +0 -1
- package/dist/components/auth/authorize/models/abilities/string-resource.model.js +0 -19
- package/dist/components/auth/authorize/models/abilities/string-resource.model.js.map +0 -1
|
@@ -18,14 +18,27 @@ const injectors_1 = require("../../../../base/metadata/injectors");
|
|
|
18
18
|
const ignis_helpers_1 = require("@venizia/ignis-helpers");
|
|
19
19
|
const common_1 = require("../common");
|
|
20
20
|
// Casbin Authorization Enforcer — wraps casbin (optional peer dep)
|
|
21
|
+
//
|
|
22
|
+
// Each request evaluates on its OWN enforcer borrowed from a BasePoolHelper<Enforcer>. This kills the
|
|
23
|
+
// shared-model concurrency race: a borrowed enforcer is clearPolicy'd + loaded with THIS user's lines +
|
|
24
|
+
// buildRoleLinks'd + enforceSync'd atomically inside the same pool.use callback, and the pool destroys
|
|
25
|
+
// the enforcer on any error (fail-closed). Pooled enforcers are created WITHOUT an adapter (no DB load at
|
|
26
|
+
// warmup); the adapter is only used by the isolated throwaway extractor (extractUserLines).
|
|
21
27
|
let CasbinAuthorizationEnforcer = CasbinAuthorizationEnforcer_1 = class CasbinAuthorizationEnforcer extends ignis_helpers_1.BaseHelper {
|
|
22
28
|
constructor(options) {
|
|
23
29
|
super({ scope: CasbinAuthorizationEnforcer_1.name });
|
|
24
30
|
this.options = options;
|
|
25
31
|
this.name = CasbinAuthorizationEnforcer_1.name;
|
|
26
32
|
this.MIN_EXPIRES_IN = 10_000;
|
|
27
|
-
this.
|
|
28
|
-
this.
|
|
33
|
+
this.pool = null;
|
|
34
|
+
this.helper = null;
|
|
35
|
+
// cacheKey → the in-progress line-fetch for that key. Lets concurrent misses for the SAME user
|
|
36
|
+
// share one extraction instead of all hitting the DB (see fetchLinesWithRedisCache).
|
|
37
|
+
this.pendingLineFetches = new Map();
|
|
38
|
+
// Resolved once in configure(): options.normalizePayloadFn / scoped are fixed after configure, so
|
|
39
|
+
// we memoize the payload normalizer instead of rebuilding a closure on every evaluate() (hot path).
|
|
40
|
+
// Stays `null` until configure() runs; resolves to `undefined` when not scoped + no custom fn (3-arg path).
|
|
41
|
+
this.resolvedPayloadFn = null;
|
|
29
42
|
}
|
|
30
43
|
// Lifecycle
|
|
31
44
|
async configure() {
|
|
@@ -43,65 +56,75 @@ let CasbinAuthorizationEnforcer = CasbinAuthorizationEnforcer_1 = class CasbinAu
|
|
|
43
56
|
message: '[CasbinAuthorizationEnforcer] options.model is required.',
|
|
44
57
|
});
|
|
45
58
|
}
|
|
46
|
-
|
|
59
|
+
this.helper = casbin.Helper;
|
|
60
|
+
// Memoize the payload normalizer once — options.{normalizePayloadFn,scoped} are fixed after configure(),
|
|
61
|
+
// so evaluate() reads this field instead of rebuilding a closure per request (hot path).
|
|
62
|
+
this.resolvedPayloadFn = this.options.normalizePayloadFn ?? this.defaultScopedPayloadFn();
|
|
47
63
|
const { cached } = this.options;
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
64
|
+
if (cached.use) {
|
|
65
|
+
this.validateExpiresIn({ expiresIn: cached.options.expiresIn });
|
|
66
|
+
}
|
|
67
|
+
this.pool = new ignis_helpers_1.BasePoolHelper({
|
|
68
|
+
scope: `${CasbinAuthorizationEnforcer_1.name}.Pool`,
|
|
69
|
+
size: this.options.poolSize ?? 16,
|
|
70
|
+
acquireTimeoutMs: this.options.poolAcquireTimeoutMs ?? 5000,
|
|
71
|
+
create: async () => {
|
|
72
|
+
const model = this.resolveModel({ casbin, model: this.options.model });
|
|
73
|
+
// NO adapter → no DB load at warmup. Policies are loaded per-request in evaluate().
|
|
74
|
+
const enforcer = await casbin.newEnforcer(model);
|
|
75
|
+
await this.registerMatchers({ enforcer, casbin });
|
|
76
|
+
this.assertMatcherCompilesSync({ enforcer });
|
|
77
|
+
return enforcer;
|
|
78
|
+
},
|
|
53
79
|
});
|
|
54
|
-
await this.
|
|
80
|
+
await this.pool.warmup();
|
|
55
81
|
this.logger
|
|
56
82
|
.for(this.configure.name)
|
|
57
|
-
.info('Casbin enforcer
|
|
83
|
+
.info('Casbin enforcer pool ready (size: %s, cached: %s)', this.options.poolSize ?? 16, cached.use ? cached.driver : 'none');
|
|
58
84
|
}
|
|
59
85
|
destroy() {
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
}
|
|
63
|
-
clearInterval(this.inMemoryInvalidationTimer);
|
|
64
|
-
this.inMemoryInvalidationTimer = null;
|
|
86
|
+
this.pool?.destroy().catch(error => {
|
|
87
|
+
this.logger.for(this.destroy.name).warn('Pool destroy failed: %s', error);
|
|
88
|
+
});
|
|
65
89
|
}
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
90
|
+
/**
|
|
91
|
+
* Boot-time smoke test for the matcher. casbin compiles the matcher expression LAZILY — not in
|
|
92
|
+
* newEnforcer() or buildRoleLinks(), but on the first enforce — so a broken matcher would otherwise
|
|
93
|
+
* only surface on the first real request (a 500 for a real user). Running one dummy enforceSync here
|
|
94
|
+
* forces that compile at warmup, turning these into a fail-at-boot for an authz component:
|
|
95
|
+
* - matcher syntax errors in the model,
|
|
96
|
+
* - references to functions that registerMatchers() didn't register (e.g. a renamed g-relation),
|
|
97
|
+
* - request arity mismatch (4-token scoped model vs the 3/4 args we pass).
|
|
98
|
+
* Bonus: enforceSync also throws if a matcher func is async — but every func we register is a sync
|
|
99
|
+
* built-in, so that branch is effectively unreachable; the real value is the compile/wiring check above.
|
|
100
|
+
*/
|
|
101
|
+
assertMatcherCompilesSync(opts) {
|
|
102
|
+
try {
|
|
103
|
+
if (this.options.isScoped || this.options.normalizePayloadFn) {
|
|
104
|
+
opts.enforcer.enforceSync('::warmup', '::warmup', '::warmup', '::warmup');
|
|
105
|
+
return;
|
|
106
|
+
}
|
|
107
|
+
opts.enforcer.enforceSync('::warmup', '::warmup', '::warmup');
|
|
73
108
|
}
|
|
74
|
-
|
|
109
|
+
catch (error) {
|
|
75
110
|
throw (0, ignis_helpers_1.getError)({
|
|
76
|
-
message:
|
|
111
|
+
message: `[CasbinAuthorizationEnforcer] Matcher smoke test failed at warmup — the model matcher did not compile (check matcher syntax, that every referenced function is registered, and the request arity). ${String(error)}`,
|
|
77
112
|
});
|
|
78
113
|
}
|
|
114
|
+
}
|
|
115
|
+
// IAuthorizationEnforcer — public API
|
|
116
|
+
async buildRules(opts) {
|
|
117
|
+
const { user } = opts;
|
|
79
118
|
const cached = this.options.cached;
|
|
80
|
-
|
|
81
|
-
await this.
|
|
82
|
-
|
|
83
|
-
}
|
|
84
|
-
switch (cached.driver) {
|
|
85
|
-
case common_1.CasbinEnforcerCachedDrivers.IN_MEMORY: {
|
|
86
|
-
await this.loadPoliciesFromAdapter({ user });
|
|
87
|
-
break;
|
|
88
|
-
}
|
|
89
|
-
case common_1.CasbinEnforcerCachedDrivers.REDIS: {
|
|
90
|
-
await this.loadPoliciesWithRedisCache({ user, cached });
|
|
91
|
-
break;
|
|
92
|
-
}
|
|
93
|
-
default: {
|
|
94
|
-
throw (0, ignis_helpers_1.getError)({
|
|
95
|
-
message: `[buildRules] Invalid cached.driver | Valids: [${common_1.CasbinEnforcerCachedDrivers.IN_MEMORY}, ${common_1.CasbinEnforcerCachedDrivers.REDIS}]`,
|
|
96
|
-
});
|
|
97
|
-
}
|
|
98
|
-
}
|
|
99
|
-
return user;
|
|
119
|
+
const lines = cached.use
|
|
120
|
+
? await this.fetchLinesWithRedisCache({ user, cached })
|
|
121
|
+
: await this.extractUserLines({ user });
|
|
122
|
+
return { user, lines };
|
|
100
123
|
}
|
|
101
124
|
async evaluate(opts) {
|
|
102
|
-
if (!this.
|
|
125
|
+
if (!this.pool) {
|
|
103
126
|
throw (0, ignis_helpers_1.getError)({
|
|
104
|
-
message: '[CasbinAuthorizationEnforcer]
|
|
127
|
+
message: '[CasbinAuthorizationEnforcer] Not configured. Call configure() first.',
|
|
105
128
|
});
|
|
106
129
|
}
|
|
107
130
|
if (!opts.request?.action || !opts.request?.resource) {
|
|
@@ -109,76 +132,126 @@ let CasbinAuthorizationEnforcer = CasbinAuthorizationEnforcer_1 = class CasbinAu
|
|
|
109
132
|
message: '[CasbinAuthorizationEnforcer] request.action and request.resource are required.',
|
|
110
133
|
});
|
|
111
134
|
}
|
|
112
|
-
const { rules
|
|
113
|
-
const
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
135
|
+
const { rules, request, context } = opts;
|
|
136
|
+
const { user, lines } = rules;
|
|
137
|
+
return this.pool.use({
|
|
138
|
+
fn: async (enforcer) => {
|
|
139
|
+
// Load THIS user's lines + buildRoleLinks BEFORE any enforceSync on the borrowed enforcer.
|
|
140
|
+
await this.loadPolicyLinesIntoModel({ enforcer, lines });
|
|
141
|
+
const normalizePayloadFn = this.resolvedPayloadFn;
|
|
142
|
+
if (!normalizePayloadFn) {
|
|
143
|
+
const subject = `${user.principalType}_${user.userId}`;
|
|
144
|
+
const isAllowed = this.enforceWithExplain({
|
|
145
|
+
enforcer,
|
|
146
|
+
vals: [subject, String(request.resource), String(request.action)],
|
|
147
|
+
});
|
|
148
|
+
return isAllowed ? common_1.AuthorizationDecisions.ALLOW : common_1.AuthorizationDecisions.DENY;
|
|
149
|
+
}
|
|
150
|
+
const normalized = normalizePayloadFn({
|
|
151
|
+
user,
|
|
152
|
+
action: request.action,
|
|
153
|
+
resource: request.resource,
|
|
154
|
+
context,
|
|
155
|
+
});
|
|
156
|
+
// Domain-aware enforcement: enforceSync(sub, dom, obj, act).
|
|
157
|
+
// In scoped mode the model is 4-token (r = sub, dom, obj, act); a request with no resolvable
|
|
158
|
+
// domain MUST still enforce with a domain — default to SYSTEM_WIDE, never fall through to the
|
|
159
|
+
// 3-arg path (which would shift args against the scoped model and silently misjudge).
|
|
160
|
+
const domain = normalized.domain ??
|
|
161
|
+
request.domain ??
|
|
162
|
+
(this.options.isScoped ? common_1.AuthorizationDomainScopes.SYSTEM_WIDE : undefined);
|
|
163
|
+
const vals = domain
|
|
164
|
+
? [normalized.subject, domain, normalized.resource, normalized.action]
|
|
165
|
+
: [normalized.subject, normalized.resource, normalized.action];
|
|
166
|
+
const isAllowed = this.enforceWithExplain({ enforcer, vals });
|
|
167
|
+
return isAllowed ? common_1.AuthorizationDecisions.ALLOW : common_1.AuthorizationDecisions.DENY;
|
|
168
|
+
},
|
|
125
169
|
});
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
170
|
+
}
|
|
171
|
+
/**
|
|
172
|
+
* Run the matcher synchronously and, on DENY, log WHICH policy rule decided it. enforceExSync returns
|
|
173
|
+
* `[isAllowed, matchedPolicy]` where matchedPolicy is the deciding rule (or `[]` when nothing matched →
|
|
174
|
+
* default-deny). The explain index is computed by the effector regardless of this call, so capturing it
|
|
175
|
+
* carries no meaningful cost over enforceSync — it just surfaces the reason for a denial to the logs.
|
|
176
|
+
*/
|
|
177
|
+
enforceWithExplain(opts) {
|
|
178
|
+
const [isAllowed, matchedPolicy] = opts.enforcer.enforceExSync(...opts.vals);
|
|
179
|
+
if (!isAllowed) {
|
|
180
|
+
this.logger
|
|
181
|
+
.for(this.evaluate.name)
|
|
182
|
+
.info('DENY | request: [%s] | matchedPolicy: %s', opts.vals.join(', '), matchedPolicy.length ? matchedPolicy.join(', ') : '<none — default-deny>');
|
|
134
183
|
}
|
|
135
|
-
|
|
136
|
-
|
|
184
|
+
return isAllowed;
|
|
185
|
+
}
|
|
186
|
+
// Cache management — optional IAuthorizationEnforcer members (on-demand)
|
|
187
|
+
async invalidateUserCache(opts) {
|
|
188
|
+
const cached = this.requireRedisCache();
|
|
189
|
+
const cacheKey = await this.resolveCacheKey({ user: opts.user, cached });
|
|
190
|
+
const invalidatedKeys = await cached.options.connection.client.del(cacheKey);
|
|
191
|
+
this.logger
|
|
192
|
+
.for(this.invalidateUserCache.name)
|
|
193
|
+
.info('Invalidated authz cache | user: %s | key: %s | deleted: %s', opts.user.userId, cacheKey, invalidatedKeys);
|
|
194
|
+
return { invalidatedKeys };
|
|
195
|
+
}
|
|
196
|
+
async rebuildUserCache(opts) {
|
|
197
|
+
const cached = this.requireRedisCache();
|
|
198
|
+
// Resolve the key once: drop the stale entry, then re-cache warm. Extraction runs on an ISOLATED
|
|
199
|
+
// throwaway enforcer (not a serving model), so a concurrent request cannot make us cache another
|
|
200
|
+
// user's policies under this key.
|
|
201
|
+
const cacheKey = await this.resolveCacheKey({ user: opts.user, cached });
|
|
202
|
+
await cached.options.connection.client.del(cacheKey);
|
|
203
|
+
const lines = await this.extractUserLines({ user: opts.user });
|
|
204
|
+
await this.writeCachedPolicyLines({ cacheKey, lines, options: cached.options });
|
|
205
|
+
this.logger
|
|
206
|
+
.for(this.rebuildUserCache.name)
|
|
207
|
+
.info('Rebuilt authz cache | user: %s | key: %s | lines: %s', opts.user.userId, cacheKey, lines.length);
|
|
208
|
+
return { cacheKey, lineCount: lines.length };
|
|
209
|
+
}
|
|
210
|
+
/** Compute the user's cache key and reject an empty result — consistent with the read path. */
|
|
211
|
+
async resolveCacheKey(opts) {
|
|
212
|
+
const cacheKey = await opts.cached.options.keyFn({ user: opts.user });
|
|
213
|
+
if (!cacheKey) {
|
|
214
|
+
throw (0, ignis_helpers_1.getError)({
|
|
215
|
+
statusCode: ignis_helpers_1.HTTP.ResultCodes.RS_4.BadRequest,
|
|
216
|
+
message: '[CasbinAuthorizationEnforcer] keyFn returned an empty cache key.',
|
|
217
|
+
});
|
|
137
218
|
}
|
|
138
|
-
return
|
|
219
|
+
return cacheKey;
|
|
139
220
|
}
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
const {
|
|
221
|
+
/** Narrow `options.cached` to the redis variant; cache management is redis-only. */
|
|
222
|
+
requireRedisCache() {
|
|
223
|
+
const { cached } = this.options;
|
|
143
224
|
if (!cached.use) {
|
|
144
|
-
|
|
225
|
+
throw (0, ignis_helpers_1.getError)({
|
|
226
|
+
message: '[CasbinAuthorizationEnforcer] Cache management requires the redis cache driver, but caching is disabled.',
|
|
227
|
+
});
|
|
145
228
|
}
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
return enforcer;
|
|
155
|
-
}
|
|
156
|
-
case common_1.CasbinEnforcerCachedDrivers.REDIS: {
|
|
157
|
-
this.validateExpiresIn({ expiresIn: cached.options.expiresIn });
|
|
158
|
-
return casbin.newEnforcer(model, adapter);
|
|
159
|
-
}
|
|
160
|
-
default: {
|
|
229
|
+
return cached;
|
|
230
|
+
}
|
|
231
|
+
// Matchers & model resolvers
|
|
232
|
+
async registerMatchers(opts) {
|
|
233
|
+
const { enforcer, casbin } = opts;
|
|
234
|
+
const { domainMatching, isScoped } = this.options;
|
|
235
|
+
if (domainMatching) {
|
|
236
|
+
if (!enforcer.getNamedRoleManager(domainMatching.roleDefinition)) {
|
|
161
237
|
throw (0, ignis_helpers_1.getError)({
|
|
162
|
-
message: `[
|
|
238
|
+
message: `[registerMatchers] Role definition "${domainMatching.roleDefinition}" is not declared in the Casbin model. Declare it under [role_definition] (e.g. \`g = _, _, _\`) before enabling domainMatching.`,
|
|
163
239
|
});
|
|
164
240
|
}
|
|
241
|
+
const matchFn = this.resolveDomainMatchingFn({ casbin, name: domainMatching.fn });
|
|
242
|
+
await enforcer.addNamedDomainMatchingFunc(domainMatching.roleDefinition, matchFn);
|
|
165
243
|
}
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
if (!this.enforcer) {
|
|
173
|
-
throw (0, ignis_helpers_1.getError)({
|
|
174
|
-
message: '[registerDomainMatchingFunc] Enforcer not initialized. Call configure() first.',
|
|
175
|
-
});
|
|
176
|
-
}
|
|
177
|
-
if (!this.enforcer.getNamedRoleManager(domainMatching.roleDefinition)) {
|
|
178
|
-
throw (0, ignis_helpers_1.getError)({
|
|
179
|
-
message: `[registerDomainMatchingFunc] Role definition "${domainMatching.roleDefinition}" is not declared in the Casbin model. Declare it under [role_definition] (e.g. \`g = _, _, _\`) before enabling domainMatching.`,
|
|
180
|
-
});
|
|
244
|
+
if (isScoped) {
|
|
245
|
+
await enforcer.addNamedDomainMatchingFunc(common_1.CasbinRuleVariants.G, casbin.Util.keyMatchFunc);
|
|
246
|
+
await enforcer.addFunction('objectMatch', common_1.objectMatch);
|
|
247
|
+
// objectMatch is the matching func for the resource hierarchy relation (g4 under the
|
|
248
|
+
// request-tuple numbering); reference the constant so it tracks any future renumber.
|
|
249
|
+
await enforcer.addNamedMatchingFunc(common_1.AuthorizationPolicyVariants.RESOURCE_INHERITS.rule, common_1.objectMatch);
|
|
181
250
|
}
|
|
251
|
+
await enforcer.buildRoleLinks();
|
|
252
|
+
}
|
|
253
|
+
/** Map a CasbinDomainMatchingFunctions value to casbin's Util.*Func matcher. */
|
|
254
|
+
resolveDomainMatchingFn(opts) {
|
|
182
255
|
// `Util` is casbin's bag of built-in comparison functions. Each `*Func` takes two strings
|
|
183
256
|
// (the request value, the stored/policy value) and returns whether they "match":
|
|
184
257
|
// keyMatchFunc — `*` is the only wildcard. keyMatch("anything","*")=true; exact otherwise.
|
|
@@ -189,40 +262,42 @@ let CasbinAuthorizationEnforcer = CasbinAuthorizationEnforcer_1 = class CasbinAu
|
|
|
189
262
|
// keyMatch4Func — `{param}` with repeated-name equality checks.
|
|
190
263
|
// regexMatchFunc — treats the stored value as a full regular expression.
|
|
191
264
|
const { Util } = opts.casbin;
|
|
192
|
-
|
|
193
|
-
switch (domainMatching.fn) {
|
|
265
|
+
switch (opts.name) {
|
|
194
266
|
case common_1.CasbinDomainMatchingFunctions.KEY_MATCH: {
|
|
195
|
-
|
|
196
|
-
break;
|
|
267
|
+
return Util.keyMatchFunc;
|
|
197
268
|
}
|
|
198
269
|
case common_1.CasbinDomainMatchingFunctions.KEY_MATCH_2: {
|
|
199
|
-
|
|
200
|
-
break;
|
|
270
|
+
return Util.keyMatch2Func;
|
|
201
271
|
}
|
|
202
272
|
case common_1.CasbinDomainMatchingFunctions.KEY_MATCH_3: {
|
|
203
|
-
|
|
204
|
-
break;
|
|
273
|
+
return Util.keyMatch3Func;
|
|
205
274
|
}
|
|
206
275
|
case common_1.CasbinDomainMatchingFunctions.KEY_MATCH_4: {
|
|
207
|
-
|
|
208
|
-
break;
|
|
276
|
+
return Util.keyMatch4Func;
|
|
209
277
|
}
|
|
210
278
|
case common_1.CasbinDomainMatchingFunctions.REGEX_MATCH: {
|
|
211
|
-
|
|
212
|
-
break;
|
|
279
|
+
return Util.regexMatchFunc;
|
|
213
280
|
}
|
|
214
281
|
default: {
|
|
215
282
|
throw (0, ignis_helpers_1.getError)({
|
|
216
|
-
message: `[
|
|
283
|
+
message: `[resolveDomainMatchingFn] Unsupported func: ${opts.name} | Valids: [${[...common_1.CasbinDomainMatchingFunctions.SCHEME_SET].join(', ')}]`,
|
|
217
284
|
});
|
|
218
285
|
}
|
|
219
286
|
}
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
this.
|
|
224
|
-
|
|
225
|
-
|
|
287
|
+
}
|
|
288
|
+
/** Default (sub,dom,obj,act) payload for the scoped model; domain comes from request.domain. */
|
|
289
|
+
defaultScopedPayloadFn() {
|
|
290
|
+
if (!this.options.isScoped) {
|
|
291
|
+
return undefined;
|
|
292
|
+
}
|
|
293
|
+
return (opts) => {
|
|
294
|
+
// No domain here — evaluate() fills it from request.domain (set by the provider).
|
|
295
|
+
return {
|
|
296
|
+
subject: `${opts.user.principalType}_${opts.user.userId}`,
|
|
297
|
+
resource: String(opts.resource),
|
|
298
|
+
action: String(opts.action),
|
|
299
|
+
};
|
|
300
|
+
};
|
|
226
301
|
}
|
|
227
302
|
resolveModel(opts) {
|
|
228
303
|
const { casbin, model } = opts;
|
|
@@ -249,67 +324,126 @@ let CasbinAuthorizationEnforcer = CasbinAuthorizationEnforcer_1 = class CasbinAu
|
|
|
249
324
|
});
|
|
250
325
|
}
|
|
251
326
|
// Policy loading internals
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
327
|
+
/**
|
|
328
|
+
* Fetch the user's policy lines, collapsing concurrent cache misses for the same key onto a single
|
|
329
|
+
* extraction (via `pendingLineFetches`) instead of letting every request hit the DB at once.
|
|
330
|
+
* Note: best-effort — two misses can both get past the cache read before either records its fetch
|
|
331
|
+
* in the map, so both extract once (benign: per-user lines are identical). It collapses the common
|
|
332
|
+
* case; the fast cache-hit path stays OUTSIDE the map to avoid needless contention.
|
|
333
|
+
*/
|
|
334
|
+
async fetchLinesWithRedisCache(opts) {
|
|
335
|
+
const { user, cached } = opts;
|
|
336
|
+
const cacheKey = await this.resolveCacheKey({ user, cached });
|
|
337
|
+
const redisClient = cached.options.connection.client;
|
|
338
|
+
// Cache hit — Redis owns expiry (PX on write), so a present key is fresh by definition.
|
|
339
|
+
// A corrupted/legacy entry must NOT 500 the request: discard it and fall through to refetch.
|
|
340
|
+
const raw = await redisClient.get(cacheKey);
|
|
341
|
+
if (raw) {
|
|
342
|
+
const lines = this.parseCachedPolicyLines({ raw, cacheKey });
|
|
343
|
+
if (lines) {
|
|
344
|
+
return lines;
|
|
345
|
+
}
|
|
346
|
+
}
|
|
347
|
+
const existing = this.pendingLineFetches.get(cacheKey);
|
|
348
|
+
if (existing) {
|
|
349
|
+
return existing;
|
|
257
350
|
}
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
351
|
+
// Cache miss (or discarded corrupt entry) — extract from an ISOLATED enforcer so a concurrent
|
|
352
|
+
// load cannot contaminate the cache, persist it, then return the lines for THIS request.
|
|
353
|
+
const task = async () => {
|
|
354
|
+
const lines = await this.extractUserLines({ user });
|
|
355
|
+
await this.writeCachedPolicyLines({ cacheKey, lines, options: cached.options });
|
|
356
|
+
return lines;
|
|
357
|
+
};
|
|
358
|
+
const promise = task().finally(() => {
|
|
359
|
+
this.pendingLineFetches.delete(cacheKey);
|
|
261
360
|
});
|
|
361
|
+
this.pendingLineFetches.set(cacheKey, promise);
|
|
362
|
+
return promise;
|
|
262
363
|
}
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
364
|
+
/** Single source of truth for the Redis cache encoding. Used by miss-path and rebuild. */
|
|
365
|
+
async writeCachedPolicyLines(opts) {
|
|
366
|
+
await opts.options.connection.client.set(opts.cacheKey, JSON.stringify(opts.lines), 'PX', opts.options.expiresIn);
|
|
367
|
+
}
|
|
368
|
+
/** Decode cached policy lines; on any corruption, log and return null so the caller refetches. */
|
|
369
|
+
parseCachedPolicyLines(opts) {
|
|
370
|
+
try {
|
|
371
|
+
const parsed = JSON.parse(opts.raw);
|
|
372
|
+
if (!Array.isArray(parsed) || parsed.some(line => typeof line !== 'string')) {
|
|
373
|
+
throw (0, ignis_helpers_1.getError)({
|
|
374
|
+
message: '[CasbinAuthorizationEnforcer] Cached payload is not an array of policy lines.',
|
|
375
|
+
});
|
|
376
|
+
}
|
|
377
|
+
return parsed;
|
|
272
378
|
}
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
await this.loadPolicyLinesIntoModel({ lines });
|
|
279
|
-
logger.info('Loaded CACHED Policies into model | user: %s', user.userId);
|
|
280
|
-
return;
|
|
379
|
+
catch (error) {
|
|
380
|
+
this.logger
|
|
381
|
+
.for(this.parseCachedPolicyLines.name)
|
|
382
|
+
.warn('Discarding corrupted authz cache entry | key: %s | error: %s', opts.cacheKey, error);
|
|
383
|
+
return null;
|
|
281
384
|
}
|
|
282
|
-
// Cache miss — load from adapter, extract lines, cache in Redis
|
|
283
|
-
await this.loadPoliciesFromAdapter({ user });
|
|
284
|
-
const lines = await this.extractPolicyLines();
|
|
285
|
-
await redisClient.set(cacheKey, JSON.stringify(lines), 'PX', options.expiresIn);
|
|
286
|
-
logger.info('Loaded ADAPTER + CACHED Policies into model | user: %s', user.userId);
|
|
287
385
|
}
|
|
288
|
-
|
|
289
|
-
|
|
386
|
+
/**
|
|
387
|
+
* Extract a user's policy lines from an ISOLATED throwaway enforcer (its own model + the adapter),
|
|
388
|
+
* never a pooled serving enforcer. This is the core of the anti-poisoning design: concurrent requests
|
|
389
|
+
* on pooled enforcers can't change what we cache for this user. Used by buildRules + rebuild.
|
|
390
|
+
*/
|
|
391
|
+
async extractUserLines(opts) {
|
|
392
|
+
const casbin = await import('casbin');
|
|
393
|
+
const model = this.resolveModel({ casbin, model: this.options.model });
|
|
394
|
+
const loader = await casbin.newEnforcer(model, this.options.adapter);
|
|
395
|
+
if (!loader.loadFilteredPolicy) {
|
|
290
396
|
throw (0, ignis_helpers_1.getError)({
|
|
291
|
-
message: '[
|
|
397
|
+
message: '[extractUserLines] Adapter does not support loadFilteredPolicy.',
|
|
292
398
|
});
|
|
293
399
|
}
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
400
|
+
await loader.loadFilteredPolicy({
|
|
401
|
+
principal: { type: opts.user.principalType, id: opts.user.userId },
|
|
402
|
+
});
|
|
403
|
+
return this.extractLinesFrom(loader);
|
|
404
|
+
}
|
|
405
|
+
/**
|
|
406
|
+
* Serialize ALL policy + grouping rule types of an enforcer's model back into casbin lines.
|
|
407
|
+
* Covers every p-type (p, p2, …) and g-type (g, g2, g3, g4, g5, …) — not just `p`/`g` — so the
|
|
408
|
+
* cached payload is complete for the scoped model (resource/action/domain hierarchies + membership).
|
|
409
|
+
* Reads stored rules (independent of role-link matching funcs), so the loader needs none registered.
|
|
410
|
+
*/
|
|
411
|
+
async extractLinesFrom(enforcer) {
|
|
412
|
+
const model = enforcer.getModel();
|
|
413
|
+
const lines = [];
|
|
414
|
+
const policyTypes = model.model.get(common_1.CasbinRuleVariants.P);
|
|
415
|
+
if (policyTypes) {
|
|
416
|
+
for (const ptype of policyTypes.keys()) {
|
|
417
|
+
const rules = await enforcer.getNamedPolicy(ptype);
|
|
418
|
+
for (const rule of rules) {
|
|
419
|
+
lines.push([ptype, ...rule].join(', '));
|
|
420
|
+
}
|
|
421
|
+
}
|
|
422
|
+
}
|
|
423
|
+
const groupingTypes = model.model.get(common_1.CasbinRuleVariants.G);
|
|
424
|
+
if (groupingTypes) {
|
|
425
|
+
for (const gtype of groupingTypes.keys()) {
|
|
426
|
+
const rules = await enforcer.getNamedGroupingPolicy(gtype);
|
|
427
|
+
for (const rule of rules) {
|
|
428
|
+
lines.push([gtype, ...rule].join(', '));
|
|
429
|
+
}
|
|
430
|
+
}
|
|
431
|
+
}
|
|
432
|
+
return lines;
|
|
299
433
|
}
|
|
434
|
+
/** Atomically reset a borrowed enforcer's model to exactly `lines` + rebuild role links. */
|
|
300
435
|
async loadPolicyLinesIntoModel(opts) {
|
|
301
|
-
if (!this.
|
|
436
|
+
if (!this.helper) {
|
|
302
437
|
throw (0, ignis_helpers_1.getError)({
|
|
303
|
-
message: '[loadPolicyLinesIntoModel]
|
|
438
|
+
message: '[loadPolicyLinesIntoModel] Not configured. Call configure() first.',
|
|
304
439
|
});
|
|
305
440
|
}
|
|
306
|
-
const
|
|
307
|
-
const model = this.enforcer.getModel();
|
|
441
|
+
const model = opts.enforcer.getModel();
|
|
308
442
|
model.clearPolicy();
|
|
309
443
|
for (const line of opts.lines) {
|
|
310
|
-
|
|
444
|
+
this.helper.loadPolicyLine(line, model);
|
|
311
445
|
}
|
|
312
|
-
await
|
|
446
|
+
await opts.enforcer.buildRoleLinks();
|
|
313
447
|
}
|
|
314
448
|
};
|
|
315
449
|
exports.CasbinAuthorizationEnforcer = CasbinAuthorizationEnforcer;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"casbin.enforcer.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/enforcers/casbin.enforcer.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AACA,yDAAmD;AACnD,0DAA+E;AAO/E,sCAcmB;AAEnB,mEAAmE;AAEnE,IAAa,2BAA2B,mCAAxC,MAAa,2BAKX,SAAQ,0BAAU;IASlB,YAEE,OAA8D;QAE9D,KAAK,CAAC,EAAE,KAAK,EAAE,6BAA2B,CAAC,IAAI,EAAE,CAAC,CAAC;QAF3C,YAAO,GAAP,OAAO,CAA+C;QARhE,SAAI,GAAG,6BAA2B,CAAC,IAAI,CAAC;QACvB,mBAAc,GAAG,MAAM,CAAC;QAEjC,aAAQ,GAA6D,IAAI,CAAC;QAC1E,8BAAyB,GAA8B,IAAI,CAAC;IAOpE,CAAC;IAED,YAAY;IAEZ,KAAK,CAAC,SAAS;QACb,IAAI,MAA+B,CAAC;QAEpC,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,yDAAyD;aACnE,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACxB,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,0DAA0D;aACpE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACvE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAEhC,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC;YAC/C,MAAM;YACN,KAAK;YACL,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;YAC7B,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,8BAA8B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAEtD,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aACxB,IAAI,CACH,sDAAsD,EACtD,MAAM,CAAC,GAAG,EACV,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CACpC,CAAC;IACN,CAAC;IAED,OAAO;QACL,IAAI,CAAC,IAAI,CAAC,yBAAyB,EAAE,CAAC;YACpC,OAAO;QACT,CAAC;QAED,aAAa,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC9C,IAAI,CAAC,yBAAyB,GAAG,IAAI,CAAC;IACxC,CAAC;IAED,sCAAsC;IAEtC,KAAK,CAAC,UAAU,CAAC,IAGhB;QACC,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;QAEtB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,iFAAiF;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,CAAC;YACtC,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,4EAA4E;aACtF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QAEnC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,uBAAuB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;YACtB,KAAK,oCAA2B,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC3C,MAAM,IAAI,CAAC,uBAAuB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC7C,MAAM;YACR,CAAC;YACD,KAAK,oCAA2B,CAAC,KAAK,CAAC,CAAC,CAAC;gBACvC,MAAM,IAAI,CAAC,0BAA0B,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;gBACxD,MAAM;YACR,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAA,wBAAQ,EAAC;oBACb,OAAO,EAAE,iDAAiD,oCAA2B,CAAC,SAAS,KAAK,oCAA2B,CAAC,KAAK,GAAG;iBACzI,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAId;QACC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,iFAAiF;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;YACrD,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,iFAAiF;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;QAC/C,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC;QAE3D,IAAI,SAAkB,CAAC;QAEvB,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACvD,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YACjF,OAAO,SAAS,CAAC,CAAC,CAAC,+BAAsB,CAAC,KAAK,CAAC,CAAC,CAAC,+BAAsB,CAAC,IAAI,CAAC;QAChF,CAAC;QAED,MAAM,UAAU,GAAG,kBAAkB,CAAC;YACpC,IAAI;YACJ,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,OAAO;SACR,CAAC,CAAC;QAEH,6DAA6D;QAC7D,gFAAgF;QAChF,6FAA6F;QAC7F,oFAAoF;QACpF,2FAA2F;QAC3F,sFAAsF;QACtF,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;YACtB,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CACnC,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,MAAM,EACjB,UAAU,CAAC,QAAQ,EACnB,UAAU,CAAC,MAAM,CAClB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CACnC,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,QAAQ,EACnB,UAAU,CAAC,MAAM,CAClB,CAAC;QACJ,CAAC;QAED,OAAO,SAAS,CAAC,CAAC,CAAC,+BAAsB,CAAC,KAAK,CAAC,CAAC,CAAC,+BAAsB,CAAC,IAAI,CAAC;IAChF,CAAC;IAED,6BAA6B;IAEnB,KAAK,CAAC,qBAAqB,CAAC,IAKrC;QACC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QAEhD,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAChB,OAAO,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC5C,CAAC;QAED,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;YACtB,KAAK,oCAA2B,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC3C,IAAI,CAAC,iBAAiB,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;gBAEhE,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;gBAEhE,IAAI,CAAC,yBAAyB,GAAG,WAAW,CAAC,GAAG,EAAE;oBAChD,QAAQ,CAAC,eAAe,EAAE,CAAC;oBAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,+DAA+D,EAC/D,IAAI,CAAC,IAAI,CACV,CAAC;gBACJ,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBAE7B,OAAO,QAAQ,CAAC;YAClB,CAAC;YACD,KAAK,oCAA2B,CAAC,KAAK,CAAC,CAAC,CAAC;gBACvC,IAAI,CAAC,iBAAiB,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;gBAChE,OAAO,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAC5C,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAA,wBAAQ,EAAC;oBACb,OAAO,EAAE,4DAA4D,oCAA2B,CAAC,SAAS,KAAK,oCAA2B,CAAC,KAAK,GAAG;iBACpJ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAES,KAAK,CAAC,8BAA8B,CAAC,IAE9C;QACC,MAAM,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QACxC,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,gFAAgF;aAC1F,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,cAAc,CAAC,cAAc,CAAC,EAAE,CAAC;YACtE,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,iDAAiD,cAAc,CAAC,cAAc,kIAAkI;aAC1N,CAAC,CAAC;QACL,CAAC;QAED,0FAA0F;QAC1F,iFAAiF;QACjF,+FAA+F;QAC/F,+FAA+F;QAC/F,uFAAuF;QACvF,qFAAqF;QACrF,+DAA+D;QAC/D,mEAAmE;QACnE,2EAA2E;QAC3E,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAC7B,IAAI,OAAgD,CAAC;QACrD,QAAQ,cAAc,CAAC,EAAE,EAAE,CAAC;YAC1B,KAAK,sCAA6B,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC7C,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC;gBAC5B,MAAM;YACR,CAAC;YACD,KAAK,sCAA6B,CAAC,WAAW,CAAC,CAAC,CAAC;gBAC/C,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC;gBAC7B,MAAM;YACR,CAAC;YACD,KAAK,sCAA6B,CAAC,WAAW,CAAC,CAAC,CAAC;gBAC/C,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC;gBAC7B,MAAM;YACR,CAAC;YACD,KAAK,sCAA6B,CAAC,WAAW,CAAC,CAAC,CAAC;gBAC/C,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC;gBAC7B,MAAM;YACR,CAAC;YACD,KAAK,sCAA6B,CAAC,WAAW,CAAC,CAAC,CAAC;gBAC/C,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC;gBAC9B,MAAM;YACR,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAA,wBAAQ,EAAC;oBACb,OAAO,EAAE,kDAAkD,cAAc,CAAC,EAAE,eAAe,CAAC,GAAG,sCAA6B,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;iBACvJ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAEvF,kGAAkG;QAClG,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;QAErC,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aACxB,IAAI,CACH,uEAAuE,EACvE,cAAc,CAAC,cAAc,EAC7B,cAAc,CAAC,EAAE,CAClB,CAAC;IACN,CAAC;IAES,YAAY,CAAC,IAGtB;QACC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;QAE/B,QAAQ,KAAK,CAAC,MAAM,EAAE,CAAC;YACrB,KAAK,mCAA0B,CAAC,IAAI,CAAC,CAAC,CAAC;gBACrC,OAAO,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACnD,CAAC;YACD,KAAK,mCAA0B,CAAC,IAAI,CAAC,CAAC,CAAC;gBACrC,OAAO,MAAM,CAAC,kBAAkB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACrD,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAA,wBAAQ,EAAC;oBACb,OAAO,EAAE,kDAAkD,mCAA0B,CAAC,IAAI,KAAK,mCAA0B,CAAC,IAAI,GAAG;iBAClI,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAES,iBAAiB,CAAC,IAA2B;QACrD,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,MAAM,IAAA,wBAAQ,EAAC;YACb,OAAO,EAAE,qEAAqE,IAAI,CAAC,cAAc,qBAAqB,IAAI,CAAC,SAAS,EAAE;SACvI,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAEjB,KAAK,CAAC,uBAAuB,CAAC,IAAqD;QAC3F,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EACL,oFAAoF;aACvF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YACrC,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa;YACtC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;SACjC,CAAC,CAAC;IACL,CAAC;IAES,KAAK,CAAC,0BAA0B,CAAC,IAG1C;QACC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC;QACrE,MAAM,EACJ,IAAI,EACJ,MAAM,EAAE,EAAE,OAAO,EAAE,GACpB,GAAG,IAAI,CAAC;QAET,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU;gBAC5C,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;QAE9C,6CAA6C;QAC7C,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACrC,MAAM,IAAI,CAAC,wBAAwB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YACzE,OAAO;QACT,CAAC;QAED,gEAAgE;QAChE,MAAM,IAAI,CAAC,uBAAuB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC9C,MAAM,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAChF,MAAM,CAAC,IAAI,CAAC,wDAAwD,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACrF,CAAC;IAES,KAAK,CAAC,kBAAkB;QAChC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,+EAA+E;aACzF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;QAC/C,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,2BAAkB,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QACvD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,2BAAkB,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAEpE,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IACxB,CAAC;IAES,KAAK,CAAC,wBAAwB,CAAC,IAAyB;QAChE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,8EAA8E;aACxF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QAE1C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACvC,KAAK,CAAC,WAAW,EAAE,CAAC;QAEpB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC;QAED,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;IACvC,CAAC;CACF,CAAA;AAxZY,kEAA2B;sCAA3B,2BAA2B;IAenC,WAAA,IAAA,kBAAM,EAAC,EAAE,GAAG,EAAE,6BAAoB,CAAC,eAAe,CAAC,mCAA0B,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;;GAfhF,2BAA2B,CAwZvC"}
|
|
1
|
+
{"version":3,"file":"casbin.enforcer.js","sourceRoot":"","sources":["../../../../../src/components/auth/authorize/enforcers/casbin.enforcer.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AACA,yDAAmD;AACnD,0DAA+F;AAG/F,sCAkBmB;AAUnB,mEAAmE;AACnE,EAAE;AACF,sGAAsG;AACtG,wGAAwG;AACxG,uGAAuG;AACvG,0GAA0G;AAC1G,4FAA4F;AAE5F,IAAa,2BAA2B,mCAAxC,MAAa,2BAKX,SAAQ,0BAAU;IAiBlB,YAEE,OAA8D;QAE9D,KAAK,CAAC,EAAE,KAAK,EAAE,6BAA2B,CAAC,IAAI,EAAE,CAAC,CAAC;QAF3C,YAAO,GAAP,OAAO,CAA+C;QAhBhE,SAAI,GAAG,6BAA2B,CAAC,IAAI,CAAC;QACvB,mBAAc,GAAG,MAAM,CAAC;QAEjC,SAAI,GAAkD,IAAI,CAAC;QAC3D,WAAM,GAAuC,IAAI,CAAC;QAC1D,+FAA+F;QAC/F,qFAAqF;QACpE,uBAAkB,GAAG,IAAI,GAAG,EAA6B,CAAC;QAE3E,kGAAkG;QAClG,oGAAoG;QACpG,4GAA4G;QACpG,sBAAiB,GAA0D,IAAI,CAAC;IAOxF,CAAC;IAED,YAAY;IAEZ,KAAK,CAAC,SAAS;QACb,IAAI,MAA+B,CAAC;QAEpC,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,yDAAyD;aACnE,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACxB,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,0DAA0D;aACpE,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAE5B,yGAAyG;QACzG,yFAAyF;QACzF,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAE1F,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAChC,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACf,IAAI,CAAC,iBAAiB,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,CAAC,IAAI,GAAG,IAAI,8BAAc,CAAqB;YACjD,KAAK,EAAE,GAAG,6BAA2B,CAAC,IAAI,OAAO;YACjD,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE;YACjC,gBAAgB,EAAE,IAAI,CAAC,OAAO,CAAC,oBAAoB,IAAI,IAAI;YAC3D,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;gBAEvE,oFAAoF;gBACpF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;gBACjD,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;gBAClD,IAAI,CAAC,yBAAyB,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAE7C,OAAO,QAAQ,CAAC;YAClB,CAAC;SACF,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QAEzB,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aACxB,IAAI,CACH,mDAAmD,EACnD,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,EAC3B,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CACpC,CAAC;IACN,CAAC;IAED,OAAO;QACL,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;YACjC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAC5E,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;OAUG;IACO,yBAAyB,CAAC,IAAsC;QACxE,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;gBAC7D,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;gBAC1E,OAAO;YACT,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,sMAAsM,MAAM,CAAC,KAAK,CAAC,EAAE;aAC/N,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sCAAsC;IAEtC,KAAK,CAAC,UAAU,CAAC,IAGhB;QACC,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QAEnC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG;YACtB,CAAC,CAAC,MAAM,IAAI,CAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;YACvD,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAE1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAId;QACC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACf,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,uEAAuE;aACjF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;YACrD,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,iFAAiF;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;QACzC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC;QAE9B,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YACnB,EAAE,EAAE,KAAK,EAAC,QAAQ,EAAC,EAAE;gBACnB,2FAA2F;gBAC3F,MAAM,IAAI,CAAC,wBAAwB,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;gBAEzD,MAAM,kBAAkB,GAAG,IAAI,CAAC,iBAAiB,CAAC;gBAElD,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBACxB,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;oBACvD,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC;wBACxC,QAAQ;wBACR,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;qBAClE,CAAC,CAAC;oBACH,OAAO,SAAS,CAAC,CAAC,CAAC,+BAAsB,CAAC,KAAK,CAAC,CAAC,CAAC,+BAAsB,CAAC,IAAI,CAAC;gBAChF,CAAC;gBAED,MAAM,UAAU,GAAG,kBAAkB,CAAC;oBACpC,IAAI;oBACJ,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,OAAO;iBACR,CAAC,CAAC;gBAEH,6DAA6D;gBAC7D,6FAA6F;gBAC7F,8FAA8F;gBAC9F,sFAAsF;gBACtF,MAAM,MAAM,GACV,UAAU,CAAC,MAAM;oBACjB,OAAO,CAAC,MAAM;oBACd,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,kCAAyB,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gBAE9E,MAAM,IAAI,GAAG,MAAM;oBACjB,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,MAAM,CAAC;oBACtE,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;gBACjE,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;gBAE9D,OAAO,SAAS,CAAC,CAAC,CAAC,+BAAsB,CAAC,KAAK,CAAC,CAAC,CAAC,+BAAsB,CAAC,IAAI,CAAC;YAChF,CAAC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACO,kBAAkB,CAAC,IAAsD;QACjF,MAAM,CAAC,SAAS,EAAE,aAAa,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;QAE7E,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,IAAI,CAAC,MAAM;iBACR,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;iBACvB,IAAI,CACH,0CAA0C,EAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EACpB,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAC1E,CAAC;QACN,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,yEAAyE;IACzE,KAAK,CAAC,mBAAmB,CAAC,IAEzB;QACC,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACzE,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE7E,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;aAClC,IAAI,CACH,4DAA4D,EAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,EAChB,QAAQ,EACR,eAAe,CAChB,CAAC;QAEJ,OAAO,EAAE,eAAe,EAAE,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,IAEtB;QACC,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAExC,iGAAiG;QACjG,iGAAiG;QACjG,kCAAkC;QAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACzE,MAAM,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAErD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/D,MAAM,IAAI,CAAC,sBAAsB,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAEhF,IAAI,CAAC,MAAM;aACR,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;aAC/B,IAAI,CACH,sDAAsD,EACtD,IAAI,CAAC,IAAI,CAAC,MAAM,EAChB,QAAQ,EACR,KAAK,CAAC,MAAM,CACb,CAAC;QAEJ,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;IAC/C,CAAC;IAED,+FAA+F;IACrF,KAAK,CAAC,eAAe,CAAC,IAG/B;QACC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACtE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAA,wBAAQ,EAAC;gBACb,UAAU,EAAE,oBAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU;gBAC5C,OAAO,EAAE,kEAAkE;aAC5E,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,oFAAoF;IAC1E,iBAAiB;QACzB,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAEhC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EACL,0GAA0G;aAC7G,CAAC,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6BAA6B;IAEnB,KAAK,CAAC,gBAAgB,CAAC,IAGhC;QACC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QAClC,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QAElD,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,cAAc,CAAC,cAAc,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAA,wBAAQ,EAAC;oBACb,OAAO,EAAE,uCAAuC,cAAc,CAAC,cAAc,kIAAkI;iBAChN,CAAC,CAAC;YACL,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,CAAC,uBAAuB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC;YAClF,MAAM,QAAQ,CAAC,0BAA0B,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACpF,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,QAAQ,CAAC,0BAA0B,CAAC,2BAAkB,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC1F,MAAM,QAAQ,CAAC,WAAW,CAAC,aAAa,EAAE,oBAAW,CAAC,CAAC;YAEvD,qFAAqF;YACrF,qFAAqF;YACrF,MAAM,QAAQ,CAAC,oBAAoB,CACjC,oCAA2B,CAAC,iBAAiB,CAAC,IAAI,EAClD,oBAAW,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,CAAC,cAAc,EAAE,CAAC;IAClC,CAAC;IAED,gFAAgF;IACtE,uBAAuB,CAAC,IAGjC;QACC,0FAA0F;QAC1F,iFAAiF;QACjF,+FAA+F;QAC/F,+FAA+F;QAC/F,uFAAuF;QACvF,qFAAqF;QACrF,+DAA+D;QAC/D,mEAAmE;QACnE,2EAA2E;QAC3E,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAC7B,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,sCAA6B,CAAC,SAAS,CAAC,CAAC,CAAC;gBAC7C,OAAO,IAAI,CAAC,YAAY,CAAC;YAC3B,CAAC;YACD,KAAK,sCAA6B,CAAC,WAAW,CAAC,CAAC,CAAC;gBAC/C,OAAO,IAAI,CAAC,aAAa,CAAC;YAC5B,CAAC;YACD,KAAK,sCAA6B,CAAC,WAAW,CAAC,CAAC,CAAC;gBAC/C,OAAO,IAAI,CAAC,aAAa,CAAC;YAC5B,CAAC;YACD,KAAK,sCAA6B,CAAC,WAAW,CAAC,CAAC,CAAC;gBAC/C,OAAO,IAAI,CAAC,aAAa,CAAC;YAC5B,CAAC;YACD,KAAK,sCAA6B,CAAC,WAAW,CAAC,CAAC,CAAC;gBAC/C,OAAO,IAAI,CAAC,cAAc,CAAC;YAC7B,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAA,wBAAQ,EAAC;oBACb,OAAO,EAAE,+CAA+C,IAAI,CAAC,IAAI,eAAe,CAAC,GAAG,sCAA6B,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;iBAC5I,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,gGAAgG;IACtF,sBAAsB;QAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,CAAC,IAIP,EAA0E,EAAE;YAC3E,kFAAkF;YAClF,OAAO;gBACL,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;gBACzD,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAC/B,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;aAC5B,CAAC;QACJ,CAAC,CAAC;IACJ,CAAC;IAES,YAAY,CAAC,IAGtB;QACC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;QAE/B,QAAQ,KAAK,CAAC,MAAM,EAAE,CAAC;YACrB,KAAK,mCAA0B,CAAC,IAAI,CAAC,CAAC,CAAC;gBACrC,OAAO,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACnD,CAAC;YACD,KAAK,mCAA0B,CAAC,IAAI,CAAC,CAAC,CAAC;gBACrC,OAAO,MAAM,CAAC,kBAAkB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACrD,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAA,wBAAQ,EAAC;oBACb,OAAO,EAAE,kDAAkD,mCAA0B,CAAC,IAAI,KAAK,mCAA0B,CAAC,IAAI,GAAG;iBAClI,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAES,iBAAiB,CAAC,IAA2B;QACrD,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,MAAM,IAAA,wBAAQ,EAAC;YACb,OAAO,EAAE,qEAAqE,IAAI,CAAC,cAAc,qBAAqB,IAAI,CAAC,SAAS,EAAE;SACvI,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAE3B;;;;;;OAMG;IACO,KAAK,CAAC,wBAAwB,CAAC,IAGxC;QACC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QAC9B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;QAErD,wFAAwF;QACxF,6FAA6F;QAC7F,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,KAAK,GAAG,IAAI,CAAC,sBAAsB,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;YAE7D,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACvD,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,8FAA8F;QAC9F,yFAAyF;QACzF,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE;YACtB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,MAAM,IAAI,CAAC,sBAAsB,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YAChF,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;YAClC,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,0FAA0F;IAChF,KAAK,CAAC,sBAAsB,CAAC,IAItC;QACC,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CACtC,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EAC1B,IAAI,EACJ,IAAI,CAAC,OAAO,CAAC,SAAS,CACvB,CAAC;IACJ,CAAC;IAED,kGAAkG;IACxF,sBAAsB,CAAC,IAAuC;QACtE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAEpC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,IAAI,KAAK,QAAQ,CAAC,EAAE,CAAC;gBAC5E,MAAM,IAAA,wBAAQ,EAAC;oBACb,OAAO,EAAE,+EAA+E;iBACzF,CAAC,CAAC;YACL,CAAC;YAED,OAAO,MAAkB,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM;iBACR,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC;iBACrC,IAAI,CAAC,8DAA8D,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAC9F,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;OAIG;IACO,KAAK,CAAC,gBAAgB,CAAC,IAAkC;QACjE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACvE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAErE,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;YAC/B,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,iEAAiE;aAC3E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,MAAM,CAAC,kBAAkB,CAAC;YAC9B,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;SACnE,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAED;;;;;OAKG;IACO,KAAK,CAAC,gBAAgB,CAAC,QAA4B;QAC3D,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAClC,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2BAAkB,CAAC,CAAC,CAAC,CAAC;QAC1D,IAAI,WAAW,EAAE,CAAC;YAChB,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;gBACvC,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBACnD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2BAAkB,CAAC,CAAC,CAAC,CAAC;QAC5D,IAAI,aAAa,EAAE,CAAC;YAClB,KAAK,MAAM,KAAK,IAAI,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC;gBACzC,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;gBAC3D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4FAA4F;IAClF,KAAK,CAAC,wBAAwB,CAAC,IAGxC;QACC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAA,wBAAQ,EAAC;gBACb,OAAO,EAAE,oEAAoE;aAC9E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACvC,KAAK,CAAC,WAAW,EAAE,CAAC;QAEpB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;IACvC,CAAC;CACF,CAAA;AAjkBY,kEAA2B;sCAA3B,2BAA2B;IAuBnC,WAAA,IAAA,kBAAM,EAAC,EAAE,GAAG,EAAE,6BAAoB,CAAC,eAAe,CAAC,mCAA0B,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;;GAvBhF,2BAA2B,CAikBvC"}
|