@volcanicminds/typeorm 2.2.7 → 2.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/README.md +46 -19
  2. package/dist/index.d.ts +2 -2
  3. package/dist/index.d.ts.map +1 -1
  4. package/dist/index.js +7 -4
  5. package/dist/index.js.map +1 -1
  6. package/dist/lib/loader/dataBaseManager.js +2 -2
  7. package/dist/lib/loader/dataBaseManager.js.map +1 -1
  8. package/dist/lib/query.d.ts +1 -0
  9. package/dist/lib/query.d.ts.map +1 -1
  10. package/dist/lib/query.js +45 -11
  11. package/dist/lib/query.js.map +1 -1
  12. package/dist/lib/util/crypto.d.ts.map +1 -1
  13. package/dist/lib/util/crypto.js +28 -15
  14. package/dist/lib/util/crypto.js.map +1 -1
  15. package/lib/loader/dataBaseManager.ts +2 -2
  16. package/lib/query.ts +55 -14
  17. package/lib/util/crypto.ts +33 -14
  18. package/package.json +1 -1
package/README.md CHANGED
@@ -15,6 +15,9 @@
15
15
  - Switched to pure ECMAScript Modules (`NodeNext`). CommonJS/`require` is no longer supported.
16
16
  - Introduced support for complex boolean logic in filtering using the `_logic` parameter.
17
17
  - Enhanced filtering capabilities with additional operators and nested relation queries.
18
+ - **Security Update**: The `:raw` operator is now **disabled by default**. To enable it, you must set `VOLCANIC_CUSTOM_QUERY_OPERATORS=true` in your environment variables. Please use this operator with **extreme caution** to avoid SQL injection vulnerabilities.
19
+ - **Security Update**: Added protection against Prototype Pollution and ReDoS attacks.
20
+ - **Security Update**: Filters on sensitive fields (e.g., `password`, `mfaSecret`) are now blocked by default.
18
21
 
19
22
  ## Based on
20
23
 
@@ -31,6 +34,7 @@ And, what you see in [package.json](package.json).
31
34
  - **Complex Boolean Logic**: Construct intricate queries with nested `AND` and `OR` conditions using a powerful `_logic` parameter.
32
35
  - **Hybrid Database Support**: Write a single API endpoint that works transparently with both PostgreSQL and MongoDB for standard queries.
33
36
  - **Standalone or Integrated**: Use it as a standalone utility with any Node.js framework or enjoy seamless integration with `@volcanicminds/backend`.
37
+ - **Security Hardening**: Built-in protections against SQL Injection (via strict operator control), Prototype Pollution, and ReDoS.
34
38
 
35
39
  ## Installation
36
40
 
@@ -48,6 +52,22 @@ This allows you to build flexible and powerful data APIs with minimal boilerplat
48
52
 
49
53
  ## Usage
50
54
 
55
+ ### Configuration (Optional)
56
+
57
+ You can customize the list of sensitive fields that should be blocked from filtering during the initialization.
58
+
59
+ ```typescript
60
+ import { start } from '@volcanicminds/typeorm'
61
+
62
+ await start({
63
+ type: 'postgres',
64
+ // ... other TypeORM options
65
+ sensitiveFields: ['password', 'secretKey', 'ssn'] // Overrides default blacklist
66
+ })
67
+ ```
68
+
69
+ Default sensitive fields are: `['password', 'mfaSecret', 'resetPasswordToken', 'confirmationToken']`.
70
+
51
71
  ### Use Case 1: Integrated with `@volcanicminds/backend`
52
72
 
53
73
  This is the most straightforward way to use the library. The `executeFindQuery` function handles everything for you.
@@ -115,25 +135,26 @@ Filters are applied by using `fieldName:operator=value`. If no operator is speci
115
135
 
116
136
  #### Operators Table
117
137
 
118
- | Operator | Description | Example URL | PostgreSQL | MongoDB |
119
- | :----------- | :----------------------------------- | :-------------------------------------------- | :--------: | :-----: |
120
- | `:eq` | Equals | `...&status:eq=active` | ✅ | ✅ |
121
- | `:neq` | Not equals | `...&status:neq=archived` | ✅ | ✅ |
122
- | `:gt`, `:ge` | Greater than / Greater than or equal | `...&visits:gt=100` | ✅ | ✅ |
123
- | `:lt`, `:le` | Less than / Less than or equal | `...&price:lt=99.99` | ✅ | ✅ |
124
- | `:in` | Included in an array (comma-sep.) | `...&status:in=active,pending` | ✅ | ✅ |
125
- | `:nin` | Not included in an array | `...&category:nin=old,obsolete` | ✅ | ✅ |
126
- | `:overlap` | Array overlap (has common elements) | `...&companies:overlap=acme,globex` | ✅ | ✅ |
127
- | `:between` | Is between two values (colon-sep.) | `...&createdAt:between=2024-01-01:2024-12-31` | ✅ | ✅ |
128
- | `:null` | Is null | `...&deletedAt:null=true` | ✅ | ✅ |
129
- | `:notNull` | Is not null | `...&updatedAt:notNull=true` | ✅ | ✅ |
130
- | `:contains` | Contains (case-sensitive) | `...&name:contains=Corp` | ✅ | ❌ |
131
- | `:containsi` | Contains (case-insensitive) | `...&name:containsi=corp` | ✅ | ✅ |
132
- | `:starts` | Starts with (case-sensitive) | `...&code:starts=INV-` | ✅ | ❌ |
133
- | `:startsi` | Starts with (case-insensitive) | `...&code:startsi=inv-` | ✅ | ✅ |
134
- | `:ends` | Ends with (case-sensitive) | `...&file:ends=.pdf` | ✅ | ❌ |
135
- | `:endsi` | Ends with (case-insensitive) | `...&file:endsi=.pdf` | ✅ | ✅ |
136
- | `:eqi` | Equals (case-insensitive) | `...&country:eqi=it` | ✅ | ✅ |
138
+ | Operator | Description | Example URL | PostgreSQL | MongoDB |
139
+ | :----------- | :------------------------------------------------------------------------ | :-------------------------------------------- | :--------: | :-----: |
140
+ | `:eq` | Equals | `...&status:eq=active` | ✅ | ✅ |
141
+ | `:neq` | Not equals | `...&status:neq=archived` | ✅ | ✅ |
142
+ | `:gt`, `:ge` | Greater than / Greater than or equal | `...&visits:gt=100` | ✅ | ✅ |
143
+ | `:lt`, `:le` | Less than / Less than or equal | `...&price:lt=99.99` | ✅ | ✅ |
144
+ | `:in` | Included in an array (comma-sep.) | `...&status:in=active,pending` | ✅ | ✅ |
145
+ | `:nin` | Not included in an array | `...&category:nin=old,obsolete` | ✅ | ✅ |
146
+ | `:overlap` | Array overlap (has common elements) | `...&companies:overlap=acme,globex` | ✅ | ✅ |
147
+ | `:between` | Is between two values (colon-sep.) | `...&createdAt:between=2024-01-01:2024-12-31` | ✅ | ✅ |
148
+ | `:null` | Is null | `...&deletedAt:null=true` | ✅ | ✅ |
149
+ | `:notNull` | Is not null | `...&updatedAt:notNull=true` | ✅ | ✅ |
150
+ | `:contains` | Contains (case-sensitive) | `...&name:contains=Corp` | ✅ | ❌ |
151
+ | `:containsi` | Contains (case-insensitive) | `...&name:containsi=corp` | ✅ | ✅ |
152
+ | `:starts` | Starts with (case-sensitive) | `...&code:starts=INV-` | ✅ | ❌ |
153
+ | `:startsi` | Starts with (case-insensitive) | `...&code:startsi=inv-` | ✅ | ✅ |
154
+ | `:ends` | Ends with (case-sensitive) | `...&file:ends=.pdf` | ✅ | ❌ |
155
+ | `:endsi` | Ends with (case-insensitive) | `...&file:endsi=.pdf` | ✅ | ✅ |
156
+ | `:eqi` | Equals (case-insensitive) | `...&country:eqi=it` | ✅ | ✅ |
157
+ | `:raw` | Raw SQL ⚠️ **Dangerous** Raw SQL injection ⚠️ Requires env var to enable. | `...&age:raw=> 18` | ✅ | ✅ |
137
158
 
138
159
  #### Nested Relation Filters
139
160
 
@@ -166,6 +187,8 @@ This powerful syntax allows for the construction of virtually any query structur
166
187
 
167
188
  ## API Reference
168
189
 
190
+ - **`start(options)`**: Initializes the database connection. `options` can now include `sensitiveFields` (array of strings) to customize blocked filter fields.
191
+ - **`configureSensitiveFields(fields)`**: Helper to update sensitive fields at runtime.
169
192
  - **`executeFindQuery(repo, relations, data, extraWhere, extraOptions)`**: The main high-level function. Handles a full find-and-count query, processes all parameters, and returns records and pagination headers.
170
193
  - **`executeCountQuery(repo, data, extraWhere)`**: A utility to only count records based on filters.
171
194
  - **`applyQuery(data, extraWhere, repo)`**: The core translation function. Takes the raw query parameters and returns a TypeORM-compatible query object.
@@ -179,3 +202,7 @@ This powerful syntax allows for the construction of virtually any query structur
179
202
  ## License
180
203
 
181
204
  This project is licensed under the MIT License.
205
+
206
+ ```
207
+
208
+ ```
package/dist/index.d.ts CHANGED
@@ -6,8 +6,8 @@ import * as dataBaseManager from './lib/loader/dataBaseManager.js';
6
6
  import { User } from './lib/entities/user.js';
7
7
  import { Token } from './lib/entities/token.js';
8
8
  import { Change } from './lib/entities/change.js';
9
- import { applyQuery, executeCountQuery, executeCountView, executeFindQuery, executeFindView, useOrder, useWhere } from './lib/query.js';
9
+ import { applyQuery, executeCountQuery, executeCountView, executeFindQuery, executeFindView, useOrder, useWhere, configureSensitiveFields } from './lib/query.js';
10
10
  declare function start(options: any): Promise<DataSource>;
11
11
  export { Database } from './types/global.js';
12
- export { start, User, Token, Change, userManager, tokenManager, dataBaseManager, DataSource, applyQuery, executeCountQuery, executeCountView, executeFindQuery, executeFindView, useOrder, useWhere };
12
+ export { start, User, Token, Change, userManager, tokenManager, dataBaseManager, DataSource, applyQuery, executeCountQuery, executeCountView, executeFindQuery, executeFindView, useOrder, useWhere, configureSensitiveFields };
13
13
  //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAIA,OAAO,kBAAkB,CAAA;AACzB,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AAEpC,OAAO,KAAK,WAAW,MAAM,6BAA6B,CAAA;AAC1D,OAAO,KAAK,YAAY,MAAM,8BAA8B,CAAA;AAC5D,OAAO,KAAK,eAAe,MAAM,iCAAiC,CAAA;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAA;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAA;AACjD,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,QAAQ,EACR,QAAQ,EACT,MAAM,gBAAgB,CAAA;AAIvB,iBAAe,KAAK,CAAC,OAAO,KAAA,uBA2D3B;AAED,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EACL,KAAK,EACL,IAAI,EACJ,KAAK,EACL,MAAM,EACN,WAAW,EACX,YAAY,EACZ,eAAe,EACf,UAAU,EACV,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,QAAQ,EACR,QAAQ,EACT,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAIA,OAAO,kBAAkB,CAAA;AACzB,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AAEpC,OAAO,KAAK,WAAW,MAAM,6BAA6B,CAAA;AAC1D,OAAO,KAAK,YAAY,MAAM,8BAA8B,CAAA;AAC5D,OAAO,KAAK,eAAe,MAAM,iCAAiC,CAAA;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAA;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAA;AACjD,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,QAAQ,EACR,QAAQ,EACR,wBAAwB,EACzB,MAAM,gBAAgB,CAAA;AAIvB,iBAAe,KAAK,CAAC,OAAO,KAAA,uBA+D3B;AAED,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EACL,KAAK,EACL,IAAI,EACJ,KAAK,EACL,MAAM,EACN,WAAW,EACX,YAAY,EACZ,eAAe,EACf,UAAU,EACV,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,QAAQ,EACR,QAAQ,EACR,wBAAwB,EACzB,CAAA"}
package/dist/index.js CHANGED
@@ -9,7 +9,7 @@ import * as dataBaseManager from './lib/loader/dataBaseManager.js';
9
9
  import { User } from './lib/entities/user.js';
10
10
  import { Token } from './lib/entities/token.js';
11
11
  import { Change } from './lib/entities/change.js';
12
- import { applyQuery, executeCountQuery, executeCountView, executeFindQuery, executeFindView, useOrder, useWhere } from './lib/query.js';
12
+ import { applyQuery, executeCountQuery, executeCountView, executeFindQuery, executeFindView, useOrder, useWhere, configureSensitiveFields } from './lib/query.js';
13
13
  import * as log from './lib/util/logger.js';
14
14
  import yn from './lib/util/yn.js';
15
15
  async function start(options) {
@@ -29,6 +29,9 @@ async function start(options) {
29
29
  if (options == null || Object.keys(options).length == 0) {
30
30
  throw new Error('Volcanic Database: options not specified');
31
31
  }
32
+ if (options.sensitiveFields) {
33
+ configureSensitiveFields(options.sensitiveFields);
34
+ }
32
35
  const { LOG_DB_LEVEL = 'warn', LOG_COLORIZE = true, DB_SYNCHRONIZE_SCHEMA_AT_STARTUP = false } = process.env;
33
36
  const logLevel = LOG_DB_LEVEL === 'trace'
34
37
  ? 'all'
@@ -51,9 +54,9 @@ async function start(options) {
51
54
  const ds = new DataSource(options);
52
55
  await ds.initialize();
53
56
  if (yn(DB_SYNCHRONIZE_SCHEMA_AT_STARTUP, false)) {
54
- log.warn('Database schema synchronization started');
57
+ log.warn('Volcanic-TypeORM: Database schema synchronization started');
55
58
  await ds.synchronize();
56
- log.warn('Database schema synchronization finished');
59
+ log.warn('Volcanic-TypeORM: Database schema synchronization finished');
57
60
  }
58
61
  const repository = {};
59
62
  Object.keys(repositories).map((r) => (repository[r] = ds.getRepository(repositories[r])));
@@ -62,5 +65,5 @@ async function start(options) {
62
65
  global.repository = repository;
63
66
  return ds;
64
67
  }
65
- export { start, User, Token, Change, userManager, tokenManager, dataBaseManager, DataSource, applyQuery, executeCountQuery, executeCountView, executeFindQuery, executeFindView, useOrder, useWhere };
68
+ export { start, User, Token, Change, userManager, tokenManager, dataBaseManager, DataSource, applyQuery, executeCountQuery, executeCountView, executeFindQuery, executeFindView, useOrder, useWhere, configureSensitiveFields };
66
69
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AACA,OAAO,MAAM,MAAM,QAAQ,CAAA;AAC3B,MAAM,CAAC,MAAM,EAAE,CAAA;AAEf,OAAO,kBAAkB,CAAA;AACzB,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,KAAK,cAAc,MAAM,0BAA0B,CAAA;AAC1D,OAAO,KAAK,WAAW,MAAM,6BAA6B,CAAA;AAC1D,OAAO,KAAK,YAAY,MAAM,8BAA8B,CAAA;AAC5D,OAAO,KAAK,eAAe,MAAM,iCAAiC,CAAA;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAA;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAA;AACjD,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,QAAQ,EACR,QAAQ,EACT,MAAM,gBAAgB,CAAA;AACvB,OAAO,KAAK,GAAG,MAAM,sBAAsB,CAAA;AAC3C,OAAO,EAAE,MAAM,kBAAkB,CAAA;AAEjC,KAAK,UAAU,KAAK,CAAC,OAAO;IAC1B,IAAK,MAAc,CAAC,qBAAqB,EAAE,CAAC;QAC1C,OAAO,GAAG;YACR,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,WAAW;YACjB,IAAI,EAAE,IAAI;YACV,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,IAAI;YACjB,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,EAAE;SACX,CAAA;IACH,CAAC;IAED,IAAI,OAAO,IAAI,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAC7D,CAAC;IAED,MAAM,EAAE,YAAY,GAAG,MAAM,EAAE,YAAY,GAAG,IAAI,EAAE,gCAAgC,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC,GAAG,CAAA;IAE5G,MAAM,QAAQ,GACZ,YAAY,KAAK,OAAO;QACtB,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,YAAY,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,YAAY,KAAK,MAAM;gBACzB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,YAAY,KAAK,MAAM;oBACzB,CAAC,CAAC,MAAM;oBACR,CAAC,CAAC,YAAY,KAAK,OAAO;wBAC1B,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,YAAY,CAEjB;IAAC,MAAc,CAAC,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,KAAK,CAC7D;IAAC,MAAc,CAAC,gBAAgB,GAAG,OAAO,EAAE,OAAO,IAAI,IAAI,CAAA;IAE5D,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,CAAA;IACvE,OAAO,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAA;IACrE,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,gBAAgB,CAAA;IACrE,OAAO,CAAC,OAAO,GAAG,QAAQ,CAAA;IAC1B,OAAO,CAAC,WAAW,GAAG,KAAK,CAAA;IAE3B,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,CAAA;IAClC,MAAM,EAAE,CAAC,UAAU,EAAE,CAAA;IAErB,IAAI,EAAE,CAAC,gCAAgC,EAAE,KAAK,CAAC,EAAE,CAAC;QAChD,GAAG,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAA;QACnD,MAAM,EAAE,CAAC,WAAW,EAAE,CAAA;QACtB,GAAG,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAA;IACtD,CAAC;IAGD,MAAM,UAAU,GAAG,EAAE,CAAA;IACrB,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACxF;IAAC,MAAc,CAAC,UAAU,GAAG,EAAE,CAC/B;IAAC,MAAc,CAAC,MAAM,GAAG,OAAO,CAChC;IAAC,MAAc,CAAC,UAAU,GAAG,UAAU,CAAA;IACxC,OAAO,EAAE,CAAA;AACX,CAAC;AAGD,OAAO,EACL,KAAK,EACL,IAAI,EACJ,KAAK,EACL,MAAM,EACN,WAAW,EACX,YAAY,EACZ,eAAe,EACf,UAAU,EACV,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,QAAQ,EACR,QAAQ,EACT,CAAA"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AACA,OAAO,MAAM,MAAM,QAAQ,CAAA;AAC3B,MAAM,CAAC,MAAM,EAAE,CAAA;AAEf,OAAO,kBAAkB,CAAA;AACzB,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,KAAK,cAAc,MAAM,0BAA0B,CAAA;AAC1D,OAAO,KAAK,WAAW,MAAM,6BAA6B,CAAA;AAC1D,OAAO,KAAK,YAAY,MAAM,8BAA8B,CAAA;AAC5D,OAAO,KAAK,eAAe,MAAM,iCAAiC,CAAA;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,wBAAwB,CAAA;AAC7C,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAA;AACjD,OAAO,EACL,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,QAAQ,EACR,QAAQ,EACR,wBAAwB,EACzB,MAAM,gBAAgB,CAAA;AACvB,OAAO,KAAK,GAAG,MAAM,sBAAsB,CAAA;AAC3C,OAAO,EAAE,MAAM,kBAAkB,CAAA;AAEjC,KAAK,UAAU,KAAK,CAAC,OAAO;IAC1B,IAAK,MAAc,CAAC,qBAAqB,EAAE,CAAC;QAC1C,OAAO,GAAG;YACR,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,WAAW;YACjB,IAAI,EAAE,IAAI;YACV,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,IAAI;YACjB,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,EAAE;SACX,CAAA;IACH,CAAC;IAED,IAAI,OAAO,IAAI,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAC7D,CAAC;IAED,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;QAC5B,wBAAwB,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IACnD,CAAC;IAED,MAAM,EAAE,YAAY,GAAG,MAAM,EAAE,YAAY,GAAG,IAAI,EAAE,gCAAgC,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC,GAAG,CAAA;IAE5G,MAAM,QAAQ,GACZ,YAAY,KAAK,OAAO;QACtB,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,YAAY,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,YAAY,KAAK,MAAM;gBACzB,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,YAAY,KAAK,MAAM;oBACzB,CAAC,CAAC,MAAM;oBACR,CAAC,CAAC,YAAY,KAAK,OAAO;wBAC1B,CAAC,CAAC,OAAO;wBACT,CAAC,CAAC,YAAY,CAEjB;IAAC,MAAc,CAAC,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,KAAK,CAC7D;IAAC,MAAc,CAAC,gBAAgB,GAAG,OAAO,EAAE,OAAO,IAAI,IAAI,CAAA;IAE5D,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,CAAA;IACvE,OAAO,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAA;IACrE,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,gBAAgB,CAAA;IACrE,OAAO,CAAC,OAAO,GAAG,QAAQ,CAAA;IAC1B,OAAO,CAAC,WAAW,GAAG,KAAK,CAAA;IAE3B,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,CAAA;IAClC,MAAM,EAAE,CAAC,UAAU,EAAE,CAAA;IAErB,IAAI,EAAE,CAAC,gCAAgC,EAAE,KAAK,CAAC,EAAE,CAAC;QAChD,GAAG,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAA;QACrE,MAAM,EAAE,CAAC,WAAW,EAAE,CAAA;QACtB,GAAG,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAA;IACxE,CAAC;IAGD,MAAM,UAAU,GAAG,EAAE,CAAA;IACrB,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACxF;IAAC,MAAc,CAAC,UAAU,GAAG,EAAE,CAC/B;IAAC,MAAc,CAAC,MAAM,GAAG,OAAO,CAChC;IAAC,MAAc,CAAC,UAAU,GAAG,UAAU,CAAA;IACxC,OAAO,EAAE,CAAA;AACX,CAAC;AAGD,OAAO,EACL,KAAK,EACL,IAAI,EACJ,KAAK,EACL,MAAM,EACN,WAAW,EACX,YAAY,EACZ,eAAe,EACf,UAAU,EACV,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,QAAQ,EACR,QAAQ,EACR,wBAAwB,EACzB,CAAA"}
package/dist/lib/loader/dataBaseManager.js CHANGED
@@ -17,7 +17,7 @@ export async function retrieveBy(entityName, entityId) {
17
17
  }
18
18
  catch (error) {
19
19
  if (!(entityName in global.entity)) {
20
- log.error(`${entityName} not found in global.entity`);
20
+ log.error(`Volcanic-TypeORM: ${entityName} not found in global.entity`);
21
21
  }
22
22
  throw error;
23
23
  }
@@ -29,7 +29,7 @@ export async function addChange(entityName, entityId, status, userId, contents,
29
29
  }
30
30
  catch (error) {
31
31
  if (!(changeEntity in global.entity)) {
32
- log.error(`${changeEntity} not found in global.entity`);
32
+ log.error(`Volcanic-TypeORM: ${changeEntity} not found in global.entity`);
33
33
  }
34
34
  throw error;
35
35
  }
package/dist/lib/loader/dataBaseManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"dataBaseManager.js","sourceRoot":"","sources":["../../../lib/loader/dataBaseManager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,mBAAmB,CAAA;AAExC,MAAM,UAAU,aAAa;IAC3B,OAAO,IAAI,CAAA;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,CAAA;QACrC,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAU,EAAE,QAAQ;IACnD,IAAI,CAAC;QACH,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;IAC9D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,CAAC,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,GAAG,CAAC,KAAK,CAAC,GAAG,UAAU,6BAA6B,CAAC,CAAA;QACvD,CAAC;QACD,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,GAAG,QAAQ;IACrG,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC9G,OAAO,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,CAAC,YAAY,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,GAAG,CAAC,KAAK,CAAC,GAAG,YAAY,6BAA6B,CAAC,CAAA;QACzD,CAAC;QACD,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"dataBaseManager.js","sourceRoot":"","sources":["../../../lib/loader/dataBaseManager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,GAAG,MAAM,mBAAmB,CAAA;AAExC,MAAM,UAAU,aAAa;IAC3B,OAAO,IAAI,CAAA;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,UAAU,CAAC,WAAW,EAAE,CAAA;QACrC,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAU,EAAE,QAAQ;IACnD,IAAI,CAAC;QACH,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;IAC9D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,CAAC,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,GAAG,CAAC,KAAK,CAAC,qBAAqB,UAAU,6BAA6B,CAAC,CAAA;QACzE,CAAC;QACD,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,GAAG,QAAQ;IACrG,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC9G,OAAO,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACpD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,CAAC,YAAY,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,GAAG,CAAC,KAAK,CAAC,qBAAqB,YAAY,6BAA6B,CAAC,CAAA;QAC3E,CAAC;QACD,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC"}
package/dist/lib/query.d.ts CHANGED
@@ -1,3 +1,4 @@
1
+ export declare const configureSensitiveFields: (fields: string[]) => void;
1
2
  export declare const useOrder: (order?: string[]) => {};
2
3
  export declare const useWhere: (where: any, repo?: any) => {
3
4
  allConditions: {};
package/dist/lib/query.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"query.d.ts","sourceRoot":"","sources":["../../lib/query.ts"],"names":[],"mappings":"AAqBA,eAAO,MAAM,QAAQ,GAAI,QAAO,MAAM,EAAO,OAqB5C,CAAA;AAWD,eAAO,MAAM,QAAQ,GAAI,OAAO,GAAG,EAAE,OAAO,GAAG;;;CAwF9C,CAAA;AAED,wBAAgB,UAAU,CAAC,IAAI,KAAA,EAAE,UAAU,KAAA,EAAE,IAAI,KAAA;WAQtC,MAAM;WACN,MAAM;YACL,MAAM;YACN,MAAM,GAAG,MAAM,EAAE;EAmC5B;AAED,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,GAAG,EACT,SAAS,GAAE,GAAQ,EACnB,IAAI,GAAE,GAAQ,EACd,UAAU,GAAE,GAAQ,EACpB,YAAY,GAAE,GAAQ;;;;;;;;;GAoBvB;AAED,wBAAsB,eAAe,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,GAAE,GAAQ,EAAE,YAAY,GAAE,GAAQ;;;;;;;;;GAkBlH;AAED,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,KAAK,EAAE,UAAU,GAAE,GAAQ,gBAGjF;AAED,wBAAsB,gBAAgB,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,KAAK,EAAE,UAAU,GAAE,GAAQ,gBAGtF"}
1
+ {"version":3,"file":"query.d.ts","sourceRoot":"","sources":["../../lib/query.ts"],"names":[],"mappings":"AAuBA,eAAO,MAAM,wBAAwB,GAAI,QAAQ,MAAM,EAAE,SAKxD,CAAA;AAWD,eAAO,MAAM,QAAQ,GAAI,QAAO,MAAM,EAAO,OA4B5C,CAAA;AAWD,eAAO,MAAM,QAAQ,GAAI,OAAO,GAAG,EAAE,OAAO,GAAG;;;CAwG9C,CAAA;AAED,wBAAgB,UAAU,CAAC,IAAI,KAAA,EAAE,UAAU,KAAA,EAAE,IAAI,KAAA;WAQtC,MAAM;WACN,MAAM;YACL,MAAM;YACN,MAAM,GAAG,MAAM,EAAE;EAmC5B;AAED,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,GAAG,EACT,SAAS,GAAE,GAAQ,EACnB,IAAI,GAAE,GAAQ,EACd,UAAU,GAAE,GAAQ,EACpB,YAAY,GAAE,GAAQ;;;;;;;;;GAoBvB;AAED,wBAAsB,eAAe,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,GAAE,GAAQ,EAAE,UAAU,GAAE,GAAQ,EAAE,YAAY,GAAE,GAAQ;;;;;;;;;GAkBlH;AAED,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,KAAK,EAAE,UAAU,GAAE,GAAQ,gBAGjF;AAED,wBAAsB,gBAAgB,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,KAAK,EAAE,UAAU,GAAE,GAAQ,gBAGtF"}
package/dist/lib/query.js CHANGED
@@ -1,7 +1,20 @@
1
1
  import { Not, Like, ILike, Raw, Equal, IsNull, In, Between, MoreThan, MoreThanOrEqual, LessThan, LessThanOrEqual } from 'typeorm';
2
+ import yn from './util/yn.js';
3
+ import * as log from './util/logger.js';
2
4
  import { parseLogicExpression } from './query/parser.js';
3
5
  import { buildWhereFromAst } from './query/builder.js';
6
+ let sensitiveFields = ['password', 'mfaSecret', 'resetPasswordToken', 'confirmationToken'];
7
+ export const configureSensitiveFields = (fields) => {
8
+ if (fields && Array.isArray(fields)) {
9
+ log.info(`Volcanic-TypeORM: Overrided sensitive fields: ${fields.join(', ')}`);
10
+ sensitiveFields = fields;
11
+ }
12
+ };
4
13
  const evalOrder = (val = '') => (['desc', 'd', 'false', '1'].includes(val.toLowerCase()) ? 'desc' : 'asc');
14
+ const escapeRegExp = (string) => {
15
+ return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
16
+ };
17
+ const hasProtoRisk = (str) => ['__proto__', 'constructor', 'prototype', 'toString', 'valueOf', 'toLocaleString'].includes(str);
5
18
  export const useOrder = (order = []) => {
6
19
  const result = {};
7
20
  order
@@ -13,9 +26,15 @@ export const useOrder = (order = []) => {
13
26
  let target = result;
14
27
  while (fieldFullPath.length > 1) {
15
28
  const fieldPath = fieldFullPath.shift() || '';
29
+ if (hasProtoRisk(fieldPath)) {
30
+ continue;
31
+ }
16
32
  target = target[fieldPath] = target[fieldPath] || {};
17
33
  }
18
34
  const fieldName = fieldFullPath[0];
35
+ if (hasProtoRisk(fieldName)) {
36
+ return;
37
+ }
19
38
  target[fieldName] = sortType;
20
39
  });
21
40
  return result;
@@ -39,16 +58,15 @@ export const useWhere = (where, repo) => {
39
58
  const reservedOperators = {
40
59
  ':null': (v) => (typecastValue(v) === false ? Not(IsNull()) : IsNull()),
41
60
  ':notNull': (v) => (typecastValue(v) === true ? Not(IsNull()) : IsNull()),
42
- ':raw': (v) => Raw((alias) => `${alias} ${v}`),
43
61
  ':in': (v) => In(val(v).split(',').map(typecastValue)),
44
62
  ':nin': (v) => Not(In(val(v).split(',').map(typecastValue))),
45
- ':likei': (v) => (isTargetMongo ? new RegExp(val(v), 'i') : ILike(`%${val(v)}%`)),
46
- ':containsi': (v) => (isTargetMongo ? new RegExp(val(v), 'i') : ILike(`%${val(v)}%`)),
47
- ':ncontainsi': (v) => (isTargetMongo ? Not(new RegExp(val(v), 'i')) : Not(ILike(`%${val(v)}%`))),
48
- ':startsi': (v) => (isTargetMongo ? new RegExp(`^${val(v)}`, 'i') : ILike(`${val(v)}%`)),
49
- ':endsi': (v) => (isTargetMongo ? new RegExp(`${val(v)}$`, 'i') : ILike(`%${val(v)}`)),
50
- ':eqi': (v) => (isTargetMongo ? new RegExp(`^${val(v)}$`, 'i') : ILike(v)),
51
- ':neqi': (v) => (isTargetMongo ? Not(new RegExp(`^${val(v)}$`, 'i')) : Not(ILike(v))),
63
+ ':likei': (v) => (isTargetMongo ? new RegExp(escapeRegExp(val(v)), 'i') : ILike(`%${val(v)}%`)),
64
+ ':containsi': (v) => (isTargetMongo ? new RegExp(escapeRegExp(val(v)), 'i') : ILike(`%${val(v)}%`)),
65
+ ':ncontainsi': (v) => (isTargetMongo ? Not(new RegExp(escapeRegExp(val(v)), 'i')) : Not(ILike(`%${val(v)}%`))),
66
+ ':startsi': (v) => (isTargetMongo ? new RegExp(`^${escapeRegExp(val(v))}`, 'i') : ILike(`${val(v)}%`)),
67
+ ':endsi': (v) => (isTargetMongo ? new RegExp(`${escapeRegExp(val(v))}$`, 'i') : ILike(`%${val(v)}`)),
68
+ ':eqi': (v) => (isTargetMongo ? new RegExp(`^${escapeRegExp(val(v))}$`, 'i') : ILike(v)),
69
+ ':neqi': (v) => (isTargetMongo ? Not(new RegExp(`^${escapeRegExp(val(v))}$`, 'i')) : Not(ILike(v))),
52
70
  ':like': (v) => Like(`${val(v)}`),
53
71
  ':contains': (v) => Like(`%${val(v)}%`),
54
72
  ':ncontains': (v) => Not(Like(`%${val(v)}%`)),
@@ -77,12 +95,19 @@ export const useWhere = (where, repo) => {
77
95
  return Raw((alias) => `${alias} && ARRAY[:...overlapValues]::text[]`, { overlapValues: values });
78
96
  }
79
97
  };
98
+ if (yn(process.env.VOLCANIC_CUSTOM_QUERY_OPERATORS, false)) {
99
+ log.warn('Volcanic-TypeORM: Custom query operators (:raw) enabled. SECURITY RISK!');
100
+ reservedOperators[':raw'] = (v) => Raw((alias) => `${alias} ${v}`);
101
+ }
80
102
  const reservedWords = Object.keys(reservedOperators).join('|');
81
103
  const aliasRegex = /\[([^\]]+)\]$/;
82
104
  const allConditions = {};
83
105
  for (const rawKey in where) {
84
106
  let alias = '';
85
107
  let key = rawKey;
108
+ if (hasProtoRisk(rawKey)) {
109
+ continue;
110
+ }
86
111
  const aliasMatch = rawKey.match(aliasRegex);
87
112
  if (aliasMatch) {
88
113
  alias = aliasMatch[1];
@@ -95,6 +120,9 @@ export const useWhere = (where, repo) => {
95
120
  const operator = m?.length ? m[0] : ':eq';
96
121
  const fullPath = key.replace(operator, '');
97
122
  const parts = fullPath.split('.');
123
+ if (sensitiveFields.some((field) => fullPath.includes(field))) {
124
+ continue;
125
+ }
98
126
  let value = where[rawKey];
99
127
  if (operator && reservedOperators[operator]) {
100
128
  value = reservedOperators[operator](value);
@@ -103,11 +131,17 @@ export const useWhere = (where, repo) => {
103
131
  let target = condition;
104
132
  while (parts.length > 1) {
105
133
  const part = parts.shift() || '';
134
+ if (hasProtoRisk(part)) {
135
+ break;
136
+ }
106
137
  target = target[part] = target[part] || {};
107
138
  }
108
- target[parts[0]] = value;
109
- aliasMap.set(alias, condition);
110
- Object.assign(allConditions, condition);
139
+ const finalFieldName = parts[0];
140
+ if (!hasProtoRisk(finalFieldName)) {
141
+ target[finalFieldName] = value;
142
+ aliasMap.set(alias, condition);
143
+ Object.assign(allConditions, condition);
144
+ }
111
145
  }
112
146
  return { allConditions, aliasMap };
113
147
  };
package/dist/lib/query.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"query.js","sourceRoot":"","sources":["../../lib/query.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,GAAG,EACH,IAAI,EACJ,KAAK,EACL,GAAG,EACH,KAAK,EACL,MAAM,EACN,EAAE,EACF,OAAO,EACP,QAAQ,EACR,eAAe,EACf,QAAQ,EACR,eAAe,EAChB,MAAM,SAAS,CAAA;AAChB,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAEtD,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;AAElH,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,QAAkB,EAAE,EAAE,EAAE;IAC/C,MAAM,MAAM,GAAG,EAAE,CAAA;IACjB,KAAK;SACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;SAClB,OAAO,CAAC,CAAC,CAAS,EAAE,EAAE;QACrB,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC1B,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACzC,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QAEpC,IAAI,MAAM,GAAG,MAAM,CAAA;QACnB,OAAO,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,SAAS,GAAW,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,CAAA;YACrD,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,CAAA;QACtD,CAAC;QAED,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,CAAC,CAAA;QAElC,MAAM,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAA;IAC9B,CAAC,CAAC,CAAA;IAEJ,OAAO,MAAM,CAAA;AACf,CAAC,CAAA;AAED,MAAM,aAAa,GAAG,CAAC,KAAU,EAAE,EAAE;IACnC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAC3C,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAA;IACtC,IAAI,UAAU,KAAK,MAAM;QAAE,OAAO,IAAI,CAAA;IACtC,IAAI,UAAU,KAAK,OAAO;QAAE,OAAO,KAAK,CAAA;IACxC,IAAI,UAAU,KAAK,MAAM;QAAE,OAAO,IAAI,CAAA;IACtC,OAAO,KAAK,CAAA;AACd,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,KAAU,EAAE,IAAU,EAAE,EAAE;IACjD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAe,CAAA;IACvC,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACnC,MAAM,GAAG,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,UAAU,CAAA;IAElC,MAAM,iBAAiB,GAAG;QACxB,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACvE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACzE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,EAAE,CAAC;QAC9C,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACtD,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;QAC5D,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACjF,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACrF,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAChG,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACxF,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtF,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC1E,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACjC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACvC,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC7C,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACpC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAClC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE;YACX,MAAM,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,CAAA;YACnC,IAAI,UAAU,KAAK,IAAI;gBAAE,OAAO,MAAM,EAAE,CAAA;YACxC,OAAO,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QACvD,CAAC;QACD,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzB,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC;QAChC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzB,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC;QAChC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE;YAChB,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;YACvB,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QACjD,CAAC;QACD,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE;YAChB,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;YACnD,IAAI,aAAa,EAAE,CAAC;gBAElB,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,CAAA;YACxB,CAAC;YAED,OAAO,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,sCAAsC,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAA;QAClG,CAAC;KACF,CAAA;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC9D,MAAM,UAAU,GAAG,eAAe,CAAA;IAElC,MAAM,aAAa,GAAG,EAAE,CAAA;IAExB,KAAK,MAAM,MAAM,IAAI,KAAK,EAAE,CAAC;QAC3B,IAAI,KAAK,GAAG,EAAE,CAAA;QACd,IAAI,GAAG,GAAG,MAAM,CAAA;QAEhB,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QAC3C,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;YACrB,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;QACtC,CAAC;aAAM,CAAC;YACN,KAAK,GAAG,GAAG,CAAA;QACb,CAAC;QAED,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,aAAa,MAAM,EAAE,IAAI,CAAC,CAAC,CAAA;QAC9D,MAAM,QAAQ,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;QACzC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;QAC1C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACjC,IAAI,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAA;QAEzB,IAAI,QAAQ,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5C,KAAK,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAA;QAC5C,CAAC;QAED,IAAI,SAAS,GAAG,EAAE,CAAA;QAClB,IAAI,MAAM,GAAG,SAAS,CAAA;QACtB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,GAAW,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,CAAA;YACxC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;QAC5C,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAA;QAExB,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAA;QAC9B,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,CAAA;IACzC,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,CAAA;AACpC,CAAC,CAAA;AAED,MAAM,UAAU,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI;IAC/C,MAAM,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,QAAQ,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,KAAK,EAAE,GAAG,IAAI,CAAA;IAClG,MAAM,IAAI,GAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IACxC,MAAM,IAAI,GAAW,EAAE,IAAI,QAAQ,CAAA;IACnC,MAAM,IAAI,GAAW,EAAE,IAAI,IAAI,GAAG,QAAQ,CAAA;IAC1C,MAAM,KAAK,GAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IAEnD,MAAM,KAAK,GAAG,EAKb,CAAA;IAED,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;IAC3B,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;IAC3B,IAAI,KAAK;QAAE,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IAExC,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;IAEzD,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAA;YACxC,KAAK,CAAC,KAAK,GAAG,iBAAiB,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAA;QAC/D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE,CAAC,CAAC,CAAA;YACrE,KAAK,CAAC,KAAK,GAAG,aAAa,CAAA;QAC7B,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,KAAK,GAAG,aAAa,CAAA;IAC7B,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,EAAE,aAAa,EAAE,eAAe,EAAE,GAAG,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;QACrE,IAAI,KAAK,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvD,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClB,KAAK,CAAC,KAAK,GAAG,EAAE,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,eAAe,CAAC,EAAE,CAAA;YACxD,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,KAAK,GAAG,EAAE,GAAG,KAAK,CAAC,KAAK,EAAE,GAAG,eAAe,EAAE,CAAA;YACtD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,KAAK,GAAG,eAAe,CAAA;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAS,EACT,YAAiB,EAAE,EACnB,OAAY,EAAE,EACd,aAAkB,EAAE,EACpB,eAAoB,EAAE;IAEtB,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;IAEhD,MAAM,CAAC,OAAO,GAAG,EAAE,EAAE,UAAU,CAAC,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;QACzD,SAAS,EAAE,SAAS;QACpB,GAAG,KAAK;QACR,GAAG,YAAY;KAChB,CAAC,CAAA;IAEF,OAAO;QACL,OAAO;QACP,OAAO,EAAE;YACP,SAAS,EAAE,OAAO,CAAC,MAAM;YACzB,SAAS,EAAE,UAAU;YACrB,QAAQ,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC;YACxB,YAAY,EAAE,KAAK,CAAC,IAAI;YACxB,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;SACnE;KACF,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,UAAe,EAAE,OAAY,EAAE,EAAE,aAAkB,EAAE,EAAE,eAAoB,EAAE;IACjH,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;IAEhD,MAAM,CAAC,OAAO,GAAG,EAAE,EAAE,UAAU,CAAC,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,UAAU,EAAE;QAC1F,GAAG,KAAK;QACR,GAAG,YAAY;KAChB,CAAC,CAAA;IAEF,OAAO;QACL,OAAO;QACP,OAAO,EAAE;YACP,SAAS,EAAE,OAAO,CAAC,MAAM;YACzB,SAAS,EAAE,UAAU;YACrB,QAAQ,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC;YACxB,YAAY,EAAE,KAAK,CAAC,IAAI;YACxB,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;SACnE;KACF,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAS,EAAE,IAAI,GAAG,EAAE,EAAE,aAAkB,EAAE;IAChF,MAAM,EAAE,KAAK,GAAG,EAAE,EAAE,GAAG,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;IACzD,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;AACnE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,UAAe,EAAE,IAAI,GAAG,EAAE,EAAE,aAAkB,EAAE;IACrF,MAAM,EAAE,KAAK,GAAG,EAAE,EAAE,GAAG,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;IACzD,OAAO,MAAM,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;AAC5E,CAAC;AAED,SAAS,OAAO,CAAC,IAAI;IACnB,OAAO,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,IAAI,IAAI,CAAA;AACzD,CAAC;AAED,SAAS,OAAO,CAAC,IAAI;IACnB,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,CAAA;AACpC,CAAC"}
1
+ {"version":3,"file":"query.js","sourceRoot":"","sources":["../../lib/query.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,GAAG,EACH,IAAI,EACJ,KAAK,EACL,GAAG,EACH,KAAK,EACL,MAAM,EACN,EAAE,EACF,OAAO,EACP,QAAQ,EACR,eAAe,EACf,QAAQ,EACR,eAAe,EAChB,MAAM,SAAS,CAAA;AAChB,OAAO,EAAE,MAAM,cAAc,CAAA;AAC7B,OAAO,KAAK,GAAG,MAAM,kBAAkB,CAAA;AACvC,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAEtD,IAAI,eAAe,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,oBAAoB,EAAE,mBAAmB,CAAC,CAAA;AAE1F,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,MAAgB,EAAE,EAAE;IAC3D,IAAI,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACpC,GAAG,CAAC,IAAI,CAAC,iDAAiD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC9E,eAAe,GAAG,MAAM,CAAA;IAC1B,CAAC;AACH,CAAC,CAAA;AAED,MAAM,SAAS,GAAG,CAAC,MAAc,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;AAElH,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,EAAE;IAC9B,OAAO,MAAM,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAA;AACtD,CAAC,CAAA;AAED,MAAM,YAAY,GAAG,CAAC,GAAW,EAAE,EAAE,CACnC,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AAElG,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,QAAkB,EAAE,EAAE,EAAE;IAC/C,MAAM,MAAM,GAAG,EAAE,CAAA;IACjB,KAAK;SACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;SAClB,OAAO,CAAC,CAAC,CAAS,EAAE,EAAE;QACrB,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC1B,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACzC,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QAEpC,IAAI,MAAM,GAAG,MAAM,CAAA;QACnB,OAAO,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,SAAS,GAAW,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,CAAA;YACrD,IAAI,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC5B,SAAQ;YACV,CAAC;YAED,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,CAAA;QACtD,CAAC;QAED,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,CAAC,CAAA;QAClC,IAAI,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5B,OAAM;QACR,CAAC;QAED,MAAM,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAA;IAC9B,CAAC,CAAC,CAAA;IAEJ,OAAO,MAAM,CAAA;AACf,CAAC,CAAA;AAED,MAAM,aAAa,GAAG,CAAC,KAAU,EAAE,EAAE;IACnC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAC3C,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAA;IACtC,IAAI,UAAU,KAAK,MAAM;QAAE,OAAO,IAAI,CAAA;IACtC,IAAI,UAAU,KAAK,OAAO;QAAE,OAAO,KAAK,CAAA;IACxC,IAAI,UAAU,KAAK,MAAM;QAAE,OAAO,IAAI,CAAA;IACtC,OAAO,KAAK,CAAA;AACd,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,KAAU,EAAE,IAAU,EAAE,EAAE;IACjD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAe,CAAA;IACvC,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACnC,MAAM,GAAG,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,UAAU,CAAA;IAElC,MAAM,iBAAiB,GAAG;QACxB,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACvE,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACzE,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACtD,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;QAC5D,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC/F,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACnG,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9G,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACtG,QAAQ,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACpG,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACxF,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnG,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACjC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACvC,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC7C,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACpC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAClC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE;YACX,MAAM,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,CAAA;YACnC,IAAI,UAAU,KAAK,IAAI;gBAAE,OAAO,MAAM,EAAE,CAAA;YACxC,OAAO,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QACvD,CAAC;QACD,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzB,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC;QAChC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzB,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC;QAChC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE;YAChB,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;YACvB,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QACjD,CAAC;QACD,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE;YAChB,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;YACnD,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,CAAA;YACxB,CAAC;YACD,OAAO,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,sCAAsC,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAA;QAClG,CAAC;KACF,CAAA;IAED,IAAI,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,KAAK,CAAC,EAAE,CAAC;QAC3D,GAAG,CAAC,IAAI,CAAC,yEAAyE,CAAC,CAAA;QACnF,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,IAAI,CAAC,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC9D,MAAM,UAAU,GAAG,eAAe,CAAA;IAElC,MAAM,aAAa,GAAG,EAAE,CAAA;IAExB,KAAK,MAAM,MAAM,IAAI,KAAK,EAAE,CAAC;QAC3B,IAAI,KAAK,GAAG,EAAE,CAAA;QACd,IAAI,GAAG,GAAG,MAAM,CAAA;QAChB,IAAI,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,SAAQ;QACV,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QAC3C,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;YACrB,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;QACtC,CAAC;aAAM,CAAC;YACN,KAAK,GAAG,GAAG,CAAA;QACb,CAAC;QAED,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,aAAa,MAAM,EAAE,IAAI,CAAC,CAAC,CAAA;QAC9D,MAAM,QAAQ,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;QACzC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;QAC1C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAEjC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YAC9D,SAAQ;QACV,CAAC;QAED,IAAI,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAA;QACzB,IAAI,QAAQ,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5C,KAAK,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAA;QAC5C,CAAC;QAED,IAAI,SAAS,GAAG,EAAE,CAAA;QAClB,IAAI,MAAM,GAAG,SAAS,CAAA;QACtB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,GAAW,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,CAAA;YACxC,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,MAAK;YACP,CAAC;YAED,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;QAC5C,CAAC;QAED,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QAC/B,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,EAAE,CAAC;YAClC,MAAM,CAAC,cAAc,CAAC,GAAG,KAAK,CAAA;YAC9B,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAA;YAC9B,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,CAAA;QACzC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,CAAA;AACpC,CAAC,CAAA;AAED,MAAM,UAAU,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI;IAC/C,MAAM,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,QAAQ,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,KAAK,EAAE,GAAG,IAAI,CAAA;IAClG,MAAM,IAAI,GAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IACxC,MAAM,IAAI,GAAW,EAAE,IAAI,QAAQ,CAAA;IACnC,MAAM,IAAI,GAAW,EAAE,IAAI,IAAI,GAAG,QAAQ,CAAA;IAC1C,MAAM,KAAK,GAAa,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IAEnD,MAAM,KAAK,GAAG,EAKb,CAAA;IAED,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;IAC3B,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAA;IAC3B,IAAI,KAAK;QAAE,KAAK,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IAExC,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;IAEzD,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAA;YACxC,KAAK,CAAC,KAAK,GAAG,iBAAiB,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAA;QAC/D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE,CAAC,CAAC,CAAA;YACrE,KAAK,CAAC,KAAK,GAAG,aAAa,CAAA;QAC7B,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,KAAK,GAAG,aAAa,CAAA;IAC7B,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,EAAE,aAAa,EAAE,eAAe,EAAE,GAAG,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;QACrE,IAAI,KAAK,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvD,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClB,KAAK,CAAC,KAAK,GAAG,EAAE,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,eAAe,CAAC,EAAE,CAAA;YACxD,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,KAAK,GAAG,EAAE,GAAG,KAAK,CAAC,KAAK,EAAE,GAAG,eAAe,EAAE,CAAA;YACtD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,KAAK,GAAG,eAAe,CAAA;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAS,EACT,YAAiB,EAAE,EACnB,OAAY,EAAE,EACd,aAAkB,EAAE,EACpB,eAAoB,EAAE;IAEtB,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;IAEhD,MAAM,CAAC,OAAO,GAAG,EAAE,EAAE,UAAU,CAAC,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;QACzD,SAAS,EAAE,SAAS;QACpB,GAAG,KAAK;QACR,GAAG,YAAY;KAChB,CAAC,CAAA;IAEF,OAAO;QACL,OAAO;QACP,OAAO,EAAE;YACP,SAAS,EAAE,OAAO,CAAC,MAAM;YACzB,SAAS,EAAE,UAAU;YACrB,QAAQ,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC;YACxB,YAAY,EAAE,KAAK,CAAC,IAAI;YACxB,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;SACnE;KACF,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,UAAe,EAAE,OAAY,EAAE,EAAE,aAAkB,EAAE,EAAE,eAAoB,EAAE;IACjH,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;IAEhD,MAAM,CAAC,OAAO,GAAG,EAAE,EAAE,UAAU,CAAC,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,UAAU,EAAE;QAC1F,GAAG,KAAK;QACR,GAAG,YAAY;KAChB,CAAC,CAAA;IAEF,OAAO;QACL,OAAO;QACP,OAAO,EAAE;YACP,SAAS,EAAE,OAAO,CAAC,MAAM;YACzB,SAAS,EAAE,UAAU;YACrB,QAAQ,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC;YACxB,YAAY,EAAE,KAAK,CAAC,IAAI;YACxB,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;SACnE;KACF,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAS,EAAE,IAAI,GAAG,EAAE,EAAE,aAAkB,EAAE;IAChF,MAAM,EAAE,KAAK,GAAG,EAAE,EAAE,GAAG,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;IACzD,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;AACnE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,UAAe,EAAE,IAAI,GAAG,EAAE,EAAE,aAAkB,EAAE;IACrF,MAAM,EAAE,KAAK,GAAG,EAAE,EAAE,GAAG,UAAU,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAA;IACzD,OAAO,MAAM,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;AAC5E,CAAC;AAED,SAAS,OAAO,CAAC,IAAI;IACnB,OAAO,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,IAAI,IAAI,CAAA;AACzD,CAAC;AAED,SAAS,OAAO,CAAC,IAAI;IACnB,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,CAAA;AACpC,CAAC"}
package/dist/lib/util/crypto.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../../lib/util/crypto.ts"],"names":[],"mappings":"AAaA,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAO5C;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAU5C"}
1
+ {"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../../lib/util/crypto.ts"],"names":[],"mappings":"AAcA,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAQ5C;AAED,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CA2B5C"}
package/dist/lib/util/crypto.js CHANGED
@@ -1,33 +1,46 @@
1
1
  import * as crypto from 'crypto';
2
- const ALGORITHM = 'aes-256-cbc';
2
+ const ALGORITHM_NEW = 'aes-256-gcm';
3
+ const ALGORITHM_OLD = 'aes-256-cbc';
3
4
  const SECRET_KEY = process.env.MFA_DB_SECRET || process.env.JWT_SECRET;
4
- const IV_LENGTH = 16;
5
+ const IV_LENGTH_NEW = 12;
5
6
  function getKey() {
6
7
  if (!SECRET_KEY) {
7
8
  throw new Error('Secret key is not defined in environment variables.');
8
9
  }
9
- return crypto.createHash('sha256').update(String(SECRET_KEY)).digest('base64').substr(0, 32);
10
+ return crypto.createHash('sha256').update(String(SECRET_KEY)).digest('base64').substring(0, 32);
10
11
  }
11
12
  export function encrypt(text) {
12
13
  if (!text)
13
14
  return text;
14
- const iv = crypto.randomBytes(IV_LENGTH);
15
- const cipher = crypto.createCipheriv(ALGORITHM, Buffer.from(getKey()), iv);
16
- let encrypted = cipher.update(text);
15
+ const iv = crypto.randomBytes(IV_LENGTH_NEW);
16
+ const cipher = crypto.createCipheriv(ALGORITHM_NEW, Buffer.from(getKey()), iv);
17
+ let encrypted = cipher.update(text, 'utf8');
17
18
  encrypted = Buffer.concat([encrypted, cipher.final()]);
18
- return iv.toString('hex') + ':' + encrypted.toString('hex');
19
+ const authTag = cipher.getAuthTag();
20
+ return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted.toString('hex');
19
21
  }
20
22
  export function decrypt(text) {
21
23
  if (!text)
22
24
  return text;
23
25
  const textParts = text.split(':');
24
- if (textParts.length < 2)
25
- return text;
26
- const iv = Buffer.from(textParts.shift(), 'hex');
27
- const encryptedText = Buffer.from(textParts.join(':'), 'hex');
28
- const decipher = crypto.createDecipheriv(ALGORITHM, Buffer.from(getKey()), iv);
29
- let decrypted = decipher.update(encryptedText);
30
- decrypted = Buffer.concat([decrypted, decipher.final()]);
31
- return decrypted.toString();
26
+ if (textParts.length === 2) {
27
+ const iv = Buffer.from(textParts[0], 'hex');
28
+ const encryptedText = Buffer.from(textParts[1], 'hex');
29
+ const decipher = crypto.createDecipheriv(ALGORITHM_OLD, Buffer.from(getKey()), iv);
30
+ let decrypted = decipher.update(encryptedText);
31
+ decrypted = Buffer.concat([decrypted, decipher.final()]);
32
+ return decrypted.toString();
33
+ }
34
+ if (textParts.length === 3) {
35
+ const iv = Buffer.from(textParts[0], 'hex');
36
+ const authTag = Buffer.from(textParts[1], 'hex');
37
+ const encryptedText = Buffer.from(textParts[2], 'hex');
38
+ const decipher = crypto.createDecipheriv(ALGORITHM_NEW, Buffer.from(getKey()), iv);
39
+ decipher.setAuthTag(authTag);
40
+ let decrypted = decipher.update(encryptedText, undefined, 'utf8');
41
+ decrypted += decipher.final('utf8');
42
+ return decrypted;
43
+ }
44
+ return text;
32
45
  }
33
46
  //# sourceMappingURL=crypto.js.map
package/dist/lib/util/crypto.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../../lib/util/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAEhC,MAAM,SAAS,GAAG,aAAa,CAAA;AAC/B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAA;AACtE,MAAM,SAAS,GAAG,EAAE,CAAA;AAEpB,SAAS,MAAM;IACb,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAA;IACxE,CAAC;IACD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AAC9F,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAA;IACtB,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;IACxC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC,CAAA;IAC1E,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IACnC,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;IACtD,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC7D,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAA;IACtB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjC,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IACrC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAG,EAAE,KAAK,CAAC,CAAA;IACjD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAA;IAC7D,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC,CAAA;IAC9E,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAC9C,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;IACxD,OAAO,SAAS,CAAC,QAAQ,EAAE,CAAA;AAC7B,CAAC"}
1
+ {"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../../lib/util/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAEhC,MAAM,aAAa,GAAG,aAAa,CAAA;AACnC,MAAM,aAAa,GAAG,aAAa,CAAA;AACnC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAA;AACtE,MAAM,aAAa,GAAG,EAAE,CAAA;AAExB,SAAS,MAAM;IACb,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAA;IACxE,CAAC;IACD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AACjG,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAA;IACtB,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,CAAA;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC,CAAA;IAC9E,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAC3C,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;IACtD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;IACnC,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC7F,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,IAAY;IAClC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAA;IACtB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAEjC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;QAC3C,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;QACtD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC,CAAA;QAClF,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;QAC9C,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;QACxD,OAAO,SAAS,CAAC,QAAQ,EAAE,CAAA;IAC7B,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;QAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;QAChD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;QAEtD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC,CAAA;QAClF,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;QAE5B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,aAAa,EAAE,SAAS,EAAE,MAAM,CAAC,CAAA;QACjE,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QACnC,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC"}
package/lib/loader/dataBaseManager.ts CHANGED
@@ -19,7 +19,7 @@ export async function retrieveBy(entityName, entityId) {
19
19
  return await global.entity[entityName].findOneById(entityId)
20
20
  } catch (error) {
21
21
  if (!(entityName in global.entity)) {
22
- log.error(`${entityName} not found in global.entity`)
22
+ log.error(`Volcanic-TypeORM: ${entityName} not found in global.entity`)
23
23
  }
24
24
  throw error
25
25
  }
@@ -31,7 +31,7 @@ export async function addChange(entityName, entityId, status, userId, contents,
31
31
  return global.entity[changeEntity].save(newChange)
32
32
  } catch (error) {
33
33
  if (!(changeEntity in global.entity)) {
34
- log.error(`${changeEntity} not found in global.entity`)
34
+ log.error(`Volcanic-TypeORM: ${changeEntity} not found in global.entity`)
35
35
  }
36
36
  throw error
37
37
  }
package/lib/query.ts CHANGED
@@ -14,11 +14,29 @@ import {
14
14
  LessThan,
15
15
  LessThanOrEqual
16
16
  } from 'typeorm'
17
+ import yn from './util/yn.js'
18
+ import * as log from './util/logger.js'
17
19
  import { parseLogicExpression } from './query/parser.js'
18
20
  import { buildWhereFromAst } from './query/builder.js'
19
21
 
22
+ let sensitiveFields = ['password', 'mfaSecret', 'resetPasswordToken', 'confirmationToken']
23
+
24
+ export const configureSensitiveFields = (fields: string[]) => {
25
+ if (fields && Array.isArray(fields)) {
26
+ log.info(`Volcanic-TypeORM: Overrided sensitive fields: ${fields.join(', ')}`)
27
+ sensitiveFields = fields
28
+ }
29
+ }
30
+
20
31
  const evalOrder = (val: string = '') => (['desc', 'd', 'false', '1'].includes(val.toLowerCase()) ? 'desc' : 'asc')
21
32
 
33
+ const escapeRegExp = (string) => {
34
+ return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')
35
+ }
36
+
37
+ const hasProtoRisk = (str: string) =>
38
+ ['__proto__', 'constructor', 'prototype', 'toString', 'valueOf', 'toLocaleString'].includes(str)
39
+
22
40
  export const useOrder = (order: string[] = []) => {
23
41
  const result = {}
24
42
  order
@@ -31,10 +49,17 @@ export const useOrder = (order: string[] = []) => {
31
49
  let target = result
32
50
  while (fieldFullPath.length > 1) {
33
51
  const fieldPath: string = fieldFullPath.shift() || ''
52
+ if (hasProtoRisk(fieldPath)) {
53
+ continue
54
+ }
55
+
34
56
  target = target[fieldPath] = target[fieldPath] || {}
35
57
  }
36
58
 
37
59
  const fieldName = fieldFullPath[0]
60
+ if (hasProtoRisk(fieldName)) {
61
+ return
62
+ }
38
63
 
39
64
  target[fieldName] = sortType
40
65
  })
@@ -59,16 +84,15 @@ export const useWhere = (where: any, repo?: any) => {
59
84
  const reservedOperators = {
60
85
  ':null': (v) => (typecastValue(v) === false ? Not(IsNull()) : IsNull()),
61
86
  ':notNull': (v) => (typecastValue(v) === true ? Not(IsNull()) : IsNull()),
62
- ':raw': (v) => Raw((alias) => `${alias} ${v}`),
63
87
  ':in': (v) => In(val(v).split(',').map(typecastValue)),
64
88
  ':nin': (v) => Not(In(val(v).split(',').map(typecastValue))),
65
- ':likei': (v) => (isTargetMongo ? new RegExp(val(v), 'i') : ILike(`%${val(v)}%`)),
66
- ':containsi': (v) => (isTargetMongo ? new RegExp(val(v), 'i') : ILike(`%${val(v)}%`)),
67
- ':ncontainsi': (v) => (isTargetMongo ? Not(new RegExp(val(v), 'i')) : Not(ILike(`%${val(v)}%`))),
68
- ':startsi': (v) => (isTargetMongo ? new RegExp(`^${val(v)}`, 'i') : ILike(`${val(v)}%`)),
69
- ':endsi': (v) => (isTargetMongo ? new RegExp(`${val(v)}$`, 'i') : ILike(`%${val(v)}`)),
70
- ':eqi': (v) => (isTargetMongo ? new RegExp(`^${val(v)}$`, 'i') : ILike(v)),
71
- ':neqi': (v) => (isTargetMongo ? Not(new RegExp(`^${val(v)}$`, 'i')) : Not(ILike(v))),
89
+ ':likei': (v) => (isTargetMongo ? new RegExp(escapeRegExp(val(v)), 'i') : ILike(`%${val(v)}%`)),
90
+ ':containsi': (v) => (isTargetMongo ? new RegExp(escapeRegExp(val(v)), 'i') : ILike(`%${val(v)}%`)),
91
+ ':ncontainsi': (v) => (isTargetMongo ? Not(new RegExp(escapeRegExp(val(v)), 'i')) : Not(ILike(`%${val(v)}%`))),
92
+ ':startsi': (v) => (isTargetMongo ? new RegExp(`^${escapeRegExp(val(v))}`, 'i') : ILike(`${val(v)}%`)),
93
+ ':endsi': (v) => (isTargetMongo ? new RegExp(`${escapeRegExp(val(v))}$`, 'i') : ILike(`%${val(v)}`)),
94
+ ':eqi': (v) => (isTargetMongo ? new RegExp(`^${escapeRegExp(val(v))}$`, 'i') : ILike(v)),
95
+ ':neqi': (v) => (isTargetMongo ? Not(new RegExp(`^${escapeRegExp(val(v))}$`, 'i')) : Not(ILike(v))),
72
96
  ':like': (v) => Like(`${val(v)}`),
73
97
  ':contains': (v) => Like(`%${val(v)}%`),
74
98
  ':ncontains': (v) => Not(Like(`%${val(v)}%`)),
@@ -91,14 +115,17 @@ export const useWhere = (where: any, repo?: any) => {
91
115
  ':overlap': (v) => {
92
116
  const values = val(v).split(',').map(typecastValue)
93
117
  if (isTargetMongo) {
94
- // MongoDB: usa $in per trovare documenti dove l'array contiene almeno uno dei valori
95
118
  return { $in: values }
96
119
  }
97
- // PostgreSQL: usa l'operatore && per array overlap
98
120
  return Raw((alias) => `${alias} && ARRAY[:...overlapValues]::text[]`, { overlapValues: values })
99
121
  }
100
122
  }
101
123
 
124
+ if (yn(process.env.VOLCANIC_CUSTOM_QUERY_OPERATORS, false)) {
125
+ log.warn('Volcanic-TypeORM: Custom query operators (:raw) enabled. SECURITY RISK!')
126
+ reservedOperators[':raw'] = (v) => Raw((alias) => `${alias} ${v}`)
127
+ }
128
+
102
129
  const reservedWords = Object.keys(reservedOperators).join('|')
103
130
  const aliasRegex = /\[([^\]]+)\]$/
104
131
 
@@ -107,6 +134,9 @@ export const useWhere = (where: any, repo?: any) => {
107
134
  for (const rawKey in where) {
108
135
  let alias = ''
109
136
  let key = rawKey
137
+ if (hasProtoRisk(rawKey)) {
138
+ continue
139
+ }
110
140
 
111
141
  const aliasMatch = rawKey.match(aliasRegex)
112
142
  if (aliasMatch) {
@@ -120,8 +150,12 @@ export const useWhere = (where: any, repo?: any) => {
120
150
  const operator = m?.length ? m[0] : ':eq'
121
151
  const fullPath = key.replace(operator, '')
122
152
  const parts = fullPath.split('.')
123
- let value = where[rawKey]
124
153
 
154
+ if (sensitiveFields.some((field) => fullPath.includes(field))) {
155
+ continue
156
+ }
157
+
158
+ let value = where[rawKey]
125
159
  if (operator && reservedOperators[operator]) {
126
160
  value = reservedOperators[operator](value)
127
161
  }
@@ -130,12 +164,19 @@ export const useWhere = (where: any, repo?: any) => {
130
164
  let target = condition
131
165
  while (parts.length > 1) {
132
166
  const part: string = parts.shift() || ''
167
+ if (hasProtoRisk(part)) {
168
+ break
169
+ }
170
+
133
171
  target = target[part] = target[part] || {}
134
172
  }
135
- target[parts[0]] = value
136
173
 
137
- aliasMap.set(alias, condition)
138
- Object.assign(allConditions, condition)
174
+ const finalFieldName = parts[0]
175
+ if (!hasProtoRisk(finalFieldName)) {
176
+ target[finalFieldName] = value
177
+ aliasMap.set(alias, condition)
178
+ Object.assign(allConditions, condition)
179
+ }
139
180
  }
140
181
 
141
182
  return { allConditions, aliasMap }
package/lib/util/crypto.ts CHANGED
@@ -1,33 +1,52 @@
1
1
  import * as crypto from 'crypto'
2
2
 
3
- const ALGORITHM = 'aes-256-cbc'
3
+ const ALGORITHM_NEW = 'aes-256-gcm'
4
+ const ALGORITHM_OLD = 'aes-256-cbc'
4
5
  const SECRET_KEY = process.env.MFA_DB_SECRET || process.env.JWT_SECRET
5
- const IV_LENGTH = 16
6
+ const IV_LENGTH_NEW = 12
6
7
 
7
8
  function getKey() {
8
9
  if (!SECRET_KEY) {
9
10
  throw new Error('Secret key is not defined in environment variables.')
10
11
  }
11
- return crypto.createHash('sha256').update(String(SECRET_KEY)).digest('base64').substr(0, 32)
12
+ return crypto.createHash('sha256').update(String(SECRET_KEY)).digest('base64').substring(0, 32)
12
13
  }
13
14
 
14
15
  export function encrypt(text: string): string {
15
16
  if (!text) return text
16
- const iv = crypto.randomBytes(IV_LENGTH)
17
- const cipher = crypto.createCipheriv(ALGORITHM, Buffer.from(getKey()), iv)
18
- let encrypted = cipher.update(text)
17
+ const iv = crypto.randomBytes(IV_LENGTH_NEW)
18
+ const cipher = crypto.createCipheriv(ALGORITHM_NEW, Buffer.from(getKey()), iv)
19
+ let encrypted = cipher.update(text, 'utf8')
19
20
  encrypted = Buffer.concat([encrypted, cipher.final()])
20
- return iv.toString('hex') + ':' + encrypted.toString('hex')
21
+ const authTag = cipher.getAuthTag()
22
+ return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted.toString('hex')
21
23
  }
22
24
 
23
25
  export function decrypt(text: string): string {
24
26
  if (!text) return text
25
27
  const textParts = text.split(':')
26
- if (textParts.length < 2) return text // Return as is if not encrypted properly
27
- const iv = Buffer.from(textParts.shift()!, 'hex')
28
- const encryptedText = Buffer.from(textParts.join(':'), 'hex')
29
- const decipher = crypto.createDecipheriv(ALGORITHM, Buffer.from(getKey()), iv)
30
- let decrypted = decipher.update(encryptedText)
31
- decrypted = Buffer.concat([decrypted, decipher.final()])
32
- return decrypted.toString()
28
+
29
+ if (textParts.length === 2) {
30
+ const iv = Buffer.from(textParts[0], 'hex')
31
+ const encryptedText = Buffer.from(textParts[1], 'hex')
32
+ const decipher = crypto.createDecipheriv(ALGORITHM_OLD, Buffer.from(getKey()), iv)
33
+ let decrypted = decipher.update(encryptedText)
34
+ decrypted = Buffer.concat([decrypted, decipher.final()])
35
+ return decrypted.toString()
36
+ }
37
+
38
+ if (textParts.length === 3) {
39
+ const iv = Buffer.from(textParts[0], 'hex')
40
+ const authTag = Buffer.from(textParts[1], 'hex')
41
+ const encryptedText = Buffer.from(textParts[2], 'hex')
42
+
43
+ const decipher = crypto.createDecipheriv(ALGORITHM_NEW, Buffer.from(getKey()), iv)
44
+ decipher.setAuthTag(authTag)
45
+
46
+ let decrypted = decipher.update(encryptedText, undefined, 'utf8')
47
+ decrypted += decipher.final('utf8')
48
+ return decrypted
49
+ }
50
+
51
+ return text
33
52
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@volcanicminds/typeorm",
3
- "version": "2.2.7",
3
+ "version": "2.2.9",
4
4
  "type": "module",
5
5
  "license": "MIT",
6
6
  "description": "TypeORM for the volcanic (minds) backend",