@ytsaurus/ui 1.12.1 → 1.13.0

package/build/esm/server/controllers/login.js

@@ -12,10 +12,8 @@ import crypto from 'crypto';
 // @ts-ignore
 import ytLib from '@ytsaurus/javascript-wrapper';
 import { getXSRFToken } from '../components/cluster-queries';
+import { getAuthCluster } from '../components/yt-auth';
 var yt = ytLib();
-function throwAuthDisabled() {
-  throw new Error('Cluster for password authentication is disabled. You have to define ytAuthCluster to use it.');
-}
 export function handleLogin(_x, _x2) {
   return _handleLogin.apply(this, arguments);
 }
@@ -26,24 +24,18 @@ function _handleLogin() {
       while (1) switch (_context2.prev = _context2.next) {
         case 0:
           _context2.prev = 0;
-          ytAuthCluster = req.ctx.config.ytAuthCluster;
-          if (ytAuthCluster) {
-            _context2.next = 4;
-            break;
-          }
-          return _context2.abrupt("return", throwAuthDisabled());
-        case 4:
+          ytAuthCluster = getAuthCluster(req.ctx.config);
           _ref = JSON.parse(req.body) || {}, username = _ref.username, password = _ref.password;
           if (!(!username || !password)) {
-            _context2.next = 7;
+            _context2.next = 5;
             break;
           }
           throw new Error('Username and password must not be empty');
-        case 7:
+        case 5:
           _getYTApiClusterSetup = getYTApiClusterSetup(ytAuthCluster), proxyBaseUrl = _getYTApiClusterSetup.proxyBaseUrl;
           requestUrl = "".concat(proxyBaseUrl, "/login");
           basicAuth = Buffer.from("".concat(username, ":").concat(password)).toString('base64');
-          _context2.next = 12;
+          _context2.next = 10;
           return axios.request({
             url: requestUrl,
             method: req.method,
@@ -75,22 +67,22 @@ function _handleLogin() {
                 }
               }, _callee);
             }));
-            return function (_x7) {
+            return function (_x5) {
               return _ref2.apply(this, arguments);
             };
           }());
-        case 12:
-          _context2.next = 17;
+        case 10:
+          _context2.next = 15;
           break;
-        case 14:
-          _context2.prev = 14;
+        case 12:
+          _context2.prev = 12;
           _context2.t0 = _context2["catch"](0);
           sendAndLogError(req.ctx, res, 500, _context2.t0);
-        case 17:
+        case 15:
         case "end":
           return _context2.stop();
       }
-    }, _callee2, null, [[0, 14]]);
+    }, _callee2, null, [[0, 12]]);
   }));
   return _handleLogin.apply(this, arguments);
 }
@@ -115,86 +107,47 @@ function removeSecureFlagIfOriginInsecure(req, headers) {
     return acc;
   }, {});
 }
-export function handleLogout(_x3, _x4) {
-  return _handleLogout.apply(this, arguments);
-}
-function _handleLogout() {
-  _handleLogout = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee3(req, res) {
-    var ytAuthCluster;
-    return _regeneratorRuntime.wrap(function _callee3$(_context3) {
-      while (1) switch (_context3.prev = _context3.next) {
-        case 0:
-          _context3.prev = 0;
-          ytAuthCluster = req.ctx.config.ytAuthCluster;
-          if (ytAuthCluster) {
-            _context3.next = 4;
-            break;
-          }
-          return _context3.abrupt("return", throwAuthDisabled());
-        case 4:
-          res.setHeader('set-cookie', "".concat(YT_CYPRESS_COOKIE_NAME, "=deleted; Path=/; Max-Age=0;"));
-          res.sendStatus(401).send('Logout');
-          _context3.next = 11;
-          break;
-        case 8:
-          _context3.prev = 8;
-          _context3.t0 = _context3["catch"](0);
-          sendAndLogError(req.ctx, res, 500, _context3.t0);
-        case 11:
-        case "end":
-          return _context3.stop();
-      }
-    }, _callee3, null, [[0, 8]]);
-  }));
-  return _handleLogout.apply(this, arguments);
-}
-export function handleChangePassword(_x5, _x6) {
+export function handleChangePassword(_x3, _x4) {
   return _handleChangePassword.apply(this, arguments);
 }
 function _handleChangePassword() {
-  _handleChangePassword = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee4(req, res) {
+  _handleChangePassword = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee3(req, res) {
     var ytAuthCluster, _ref3, newPassword, currentPassword, new_password_sha256, current_password_sha256, cfg, _cfg, setup, _yield$getXSRFToken, login, csrf_token;
-    return _regeneratorRuntime.wrap(function _callee4$(_context4) {
-      while (1) switch (_context4.prev = _context4.next) {
+    return _regeneratorRuntime.wrap(function _callee3$(_context3) {
+      while (1) switch (_context3.prev = _context3.next) {
         case 0:
-          _context4.prev = 0;
-          ytAuthCluster = req.ctx.config.ytAuthCluster;
-          if (ytAuthCluster) {
-            _context4.next = 4;
-            break;
-          }
-          return _context4.abrupt("return", throwAuthDisabled());
-        case 4:
+          _context3.prev = 0;
+          ytAuthCluster = getAuthCluster(req.ctx.config);
           _ref3 = JSON.parse(req.body) || {}, newPassword = _ref3.newPassword, currentPassword = _ref3.currentPassword;
           if (!(!newPassword || !currentPassword)) {
-            _context4.next = 7;
+            _context3.next = 5;
             break;
           }
           throw new Error('New and current password must not be empty');
-        case 7:
+        case 5:
           new_password_sha256 = crypto.createHash('sha256').update(newPassword).digest('hex');
           current_password_sha256 = crypto.createHash('sha256').update(currentPassword).digest('hex');
-          _context4.prev = 9;
+          _context3.prev = 7;
           cfg = getUserYTApiSetup(ytAuthCluster, req);
-          _context4.next = 17;
+          _context3.next = 15;
           break;
-        case 13:
-          _context4.prev = 13;
-          _context4.t0 = _context4["catch"](9);
-          sendAndLogError(req.ctx, res, 400, _context4.t0);
-          return _context4.abrupt("return");
-        case 17:
+        case 11:
+          _context3.prev = 11;
+          _context3.t0 = _context3["catch"](7);
+          sendAndLogError(req.ctx, res, 400, _context3.t0);
+          return _context3.abrupt("return");
+        case 15:
           _cfg = cfg, setup = _cfg.setup;
-          _context4.next = 20;
+          _context3.next = 18;
           return getXSRFToken(req, cfg);
-        case 20:
-          _yield$getXSRFToken = _context4.sent;
+        case 18:
+          _yield$getXSRFToken = _context3.sent;
           login = _yield$getXSRFToken.login;
           csrf_token = _yield$getXSRFToken.csrf_token;
           yt.setup.createOption('requestHeaders', 'object', {
             'X-Csrf-Token': csrf_token
           });
-          _context4.next = 26;
+          _context3.next = 24;
           return yt.v4.setUserPassword({
             setup: setup,
             parameters: {
@@ -209,18 +162,18 @@ function _handleChangePassword() {
           })["catch"](function (err) {
             sendAndLogError(req.ctx, res, 500, err);
           });
-        case 26:
-          _context4.next = 31;
+        case 24:
+          _context3.next = 29;
           break;
-        case 28:
-          _context4.prev = 28;
-          _context4.t1 = _context4["catch"](0);
-          sendAndLogError(req.ctx, res, 500, _context4.t1);
-        case 31:
+        case 26:
+          _context3.prev = 26;
+          _context3.t1 = _context3["catch"](0);
+          sendAndLogError(req.ctx, res, 500, _context3.t1);
+        case 29:
         case "end":
-          return _context4.stop();
+          return _context3.stop();
       }
-    }, _callee4, null, [[0, 28], [9, 13]]);
+    }, _callee3, null, [[0, 26], [7, 11]]);
   }));
   return _handleChangePassword.apply(this, arguments);
 }

package/build/esm/server/controllers/login.js.map

@@ -1 +1 @@
-{"version":3,"names":["axios","YT_CYPRESS_COOKIE_NAME","getUserYTApiSetup","getYTApiClusterSetup","UNEXPECTED_PIPE_AXIOS_RESPONSE","pipeAxiosResponse","sendAndLogError","crypto","ytLib","getXSRFToken","yt","throwAuthDisabled","Error","handleLogin","_x","_x2","_handleLogin","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee2","req","res","ytAuthCluster","_ref","username","password","_getYTApiClusterSetup","proxyBaseUrl","requestUrl","basicAuth","wrap","_callee2$","_context2","prev","next","ctx","config","abrupt","JSON","parse","body","concat","Buffer","from","toString","request","url","method","headers","_objectSpread","getMetadata","Authorization","timeout","responseType","then","_ref2","_callee","response","pipedSize","_callee$","_context","undefined","removeSecureFlagIfOriginInsecure","sent","stop","_x7","t0","ytAuthAllowInsecure","origin","startsWith","_reduce","acc","v","k","tmp","_map","item","replace","handleLogout","_x3","_x4","_handleLogout","_callee3","_callee3$","_context3","setHeader","sendStatus","send","handleChangePassword","_x5","_x6","_handleChangePassword","_callee4","_ref3","newPassword","currentPassword","new_password_sha256","current_password_sha256","cfg","_cfg","setup","_yield$getXSRFToken","login","csrf_token","_callee4$","_context4","createHash","update","digest","createOption","v4","setUserPassword","parameters","user","result","status","err","t1"],"sources":["login.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport axios from 'axios';\nimport _ from 'lodash';\nimport {YT_CYPRESS_COOKIE_NAME} from '../../shared/constants';\nimport {getUserYTApiSetup, getYTApiClusterSetup} from '../components/requestsSetup';\nimport {UNEXPECTED_PIPE_AXIOS_RESPONSE, pipeAxiosResponse, sendAndLogError} from '../utils';\nimport crypto from 'crypto';\n\n// @ts-ignore\nimport ytLib from '@ytsaurus/javascript-wrapper';\nimport {getXSRFToken} from '../components/cluster-queries';\n\nconst yt = ytLib();\n\nfunction throwAuthDisabled() {\n    throw new Error(\n        'Cluster for password authentication is disabled. You have to define ytAuthCluster to use it.',\n    );\n}\n\nexport async function handleLogin(req: Request, res: Response) {\n    try {\n        const {ytAuthCluster} = req.ctx.config;\n        if (!ytAuthCluster) {\n            return throwAuthDisabled();\n        }\n\n        const {username, password} = JSON.parse(req.body) || {};\n        if (!username || !password) {\n            throw new Error('Username and password must not be empty');\n        }\n\n        const {proxyBaseUrl} = getYTApiClusterSetup(ytAuthCluster);\n        const requestUrl = `${proxyBaseUrl}/login`;\n\n        const basicAuth = Buffer.from(`${username}:${password}`).toString('base64');\n\n        await axios\n            .request({\n                url: requestUrl,\n                method: req.method as any,\n                headers: {...req.ctx.getMetadata(), Authorization: `Basic ${basicAuth}`},\n                timeout: 10000,\n                responseType: 'stream',\n            })\n            .then(async (response) => {\n                const pipedSize = await pipeAxiosResponse(\n                    req.ctx,\n                    res,\n                    response,\n                    undefined,\n                    (headers) => removeSecureFlagIfOriginInsecure(req, headers),\n                );\n                if (!pipedSize) {\n                    throw new Error(UNEXPECTED_PIPE_AXIOS_RESPONSE);\n                }\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n\nfunction removeSecureFlagIfOriginInsecure(\n    req: Request,\n    headers: Record<string, string | Array<string>>,\n) {\n    const {ytAuthAllowInsecure} = req.ctx.config;\n    const {origin} = req.headers;\n\n    if (!ytAuthAllowInsecure || 'string' !== typeof origin || !origin.startsWith('http://')) {\n        return headers;\n    }\n\n    return _.reduce(\n        headers,\n        (acc, v, k) => {\n            if (k !== 'set-cookie') {\n                acc[k] = v;\n            } else {\n                const tmp = _.map(v as Array<string>, (item) => {\n                    if (item.startsWith(YT_CYPRESS_COOKIE_NAME)) {\n                        return item.replace(/\\s*Secure;/, '');\n                    }\n                    return item;\n                });\n                acc[k] = tmp;\n            }\n            return acc;\n        },\n        {} as typeof headers,\n    );\n}\n\nexport async function handleLogout(req: Request, res: Response) {\n    try {\n        const {ytAuthCluster} = req.ctx.config;\n        if (!ytAuthCluster) {\n            return throwAuthDisabled();\n        }\n        res.setHeader('set-cookie', `${YT_CYPRESS_COOKIE_NAME}=deleted; Path=/; Max-Age=0;`);\n        res.sendStatus(401).send('Logout');\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n\nexport async function handleChangePassword(req: Request, res: Response) {\n    try {\n        const {ytAuthCluster} = req.ctx.config;\n        if (!ytAuthCluster) {\n            return throwAuthDisabled();\n        }\n\n        const {newPassword, currentPassword} = JSON.parse(req.body) || {};\n        if (!newPassword || !currentPassword) {\n            throw new Error('New and current password must not be empty');\n        }\n\n        const new_password_sha256 = crypto.createHash('sha256').update(newPassword).digest('hex');\n        const current_password_sha256 = crypto\n            .createHash('sha256')\n            .update(currentPassword)\n            .digest('hex');\n\n        let cfg;\n        try {\n            cfg = getUserYTApiSetup(ytAuthCluster, req);\n        } catch (e: any) {\n            sendAndLogError(req.ctx, res, 400, e);\n            return;\n        }\n\n        const {setup} = cfg;\n        const {login, csrf_token} = await getXSRFToken(req, cfg);\n\n        yt.setup.createOption('requestHeaders', 'object', {\n            'X-Csrf-Token': csrf_token,\n        });\n\n        await yt.v4\n            .setUserPassword({\n                setup,\n                parameters: {user: login, new_password_sha256, current_password_sha256},\n            })\n            .then((result: unknown) => {\n                res.status(200).send({result});\n            })\n            .catch((err: any) => {\n                sendAndLogError(req.ctx, res, 500, err);\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n"],"mappings":";;;;;AACA,OAAOA,KAAK,MAAM,OAAO;AAEzB,SAAQC,sBAAsB,QAAO,wBAAwB;AAC7D,SAAQC,iBAAiB,EAAEC,oBAAoB,QAAO,6BAA6B;AACnF,SAAQC,8BAA8B,EAAEC,iBAAiB,EAAEC,eAAe,QAAO,UAAU;AAC3F,OAAOC,MAAM,MAAM,QAAQ;;AAE3B;AACA,OAAOC,KAAK,MAAM,8BAA8B;AAChD,SAAQC,YAAY,QAAO,+BAA+B;AAE1D,IAAMC,EAAE,GAAGF,KAAK,CAAC,CAAC;AAElB,SAASG,iBAAiBA,CAAA,EAAG;EACzB,MAAM,IAAIC,KAAK,CACX,8FACJ,CAAC;AACL;AAEA,gBAAsBC,WAAWA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAwChC,SAAAF,aAAA;EAAAA,YAAA,GAAAG,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAxCM,SAAAC,SAA2BC,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAAC,IAAA,EAAAC,QAAA,EAAAC,QAAA,EAAAC,qBAAA,EAAAC,YAAA,EAAAC,UAAA,EAAAC,SAAA;IAAA,OAAAZ,mBAAA,CAAAa,IAAA,UAAAC,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAC,IAAA,GAAAD,SAAA,CAAAE,IAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAE9CX,aAAa,GAAIF,GAAG,CAACe,GAAG,CAACC,MAAM,CAA/Bd,aAAa;UAAA,IACfA,aAAa;YAAAU,SAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,OAAAF,SAAA,CAAAK,MAAA,WACP7B,iBAAiB,CAAC,CAAC;QAAA;UAAAe,IAAA,GAGDe,IAAI,CAACC,KAAK,CAACnB,GAAG,CAACoB,IAAI,CAAC,IAAI,CAAC,CAAC,EAAhDhB,QAAQ,GAAAD,IAAA,CAARC,QAAQ,EAAEC,QAAQ,GAAAF,IAAA,CAARE,QAAQ;UAAA,MACrB,CAACD,QAAQ,IAAI,CAACC,QAAQ;YAAAO,SAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,MAChB,IAAIzB,KAAK,CAAC,yCAAyC,CAAC;QAAA;UAAAiB,qBAAA,GAGvC1B,oBAAoB,CAACsB,aAAa,CAAC,EAAnDK,YAAY,GAAAD,qBAAA,CAAZC,YAAY;UACbC,UAAU,MAAAa,MAAA,CAAMd,YAAY;UAE5BE,SAAS,GAAGa,MAAM,CAACC,IAAI,IAAAF,MAAA,CAAIjB,QAAQ,OAAAiB,MAAA,CAAIhB,QAAQ,CAAE,CAAC,CAACmB,QAAQ,CAAC,QAAQ,CAAC;UAAAZ,SAAA,CAAAE,IAAA;UAAA,OAErErC,KAAK,CACNgD,OAAO,CAAC;YACLC,GAAG,EAAElB,UAAU;YACfmB,MAAM,EAAE3B,GAAG,CAAC2B,MAAa;YACzBC,OAAO,EAAAC,aAAA,CAAAA,aAAA,KAAM7B,GAAG,CAACe,GAAG,CAACe,WAAW,CAAC,CAAC;cAAEC,aAAa,WAAAV,MAAA,CAAWZ,SAAS;YAAE,EAAC;YACxEuB,OAAO,EAAE,KAAK;YACdC,YAAY,EAAE;UAClB,CAAC,CAAC,CACDC,IAAI;YAAA,IAAAC,KAAA,GAAAvC,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAAC,SAAAsC,QAAOC,QAAQ;cAAA,IAAAC,SAAA;cAAA,OAAAzC,mBAAA,CAAAa,IAAA,UAAA6B,SAAAC,QAAA;gBAAA,kBAAAA,QAAA,CAAA3B,IAAA,GAAA2B,QAAA,CAAA1B,IAAA;kBAAA;oBAAA0B,QAAA,CAAA1B,IAAA;oBAAA,OACOhC,iBAAiB,CACrCkB,GAAG,CAACe,GAAG,EACPd,GAAG,EACHoC,QAAQ,EACRI,SAAS,EACT,UAACb,OAAO;sBAAA,OAAKc,gCAAgC,CAAC1C,GAAG,EAAE4B,OAAO,CAAC;oBAAA,CAC/D,CAAC;kBAAA;oBANKU,SAAS,GAAAE,QAAA,CAAAG,IAAA;oBAAA,IAOVL,SAAS;sBAAAE,QAAA,CAAA1B,IAAA;sBAAA;oBAAA;oBAAA,MACJ,IAAIzB,KAAK,CAACR,8BAA8B,CAAC;kBAAA;kBAAA;oBAAA,OAAA2D,QAAA,CAAAI,IAAA;gBAAA;cAAA,GAAAR,OAAA;YAAA,CAEtD;YAAA,iBAAAS,GAAA;cAAA,OAAAV,KAAA,CAAAzC,KAAA,OAAAC,SAAA;YAAA;UAAA,IAAC;QAAA;UAAAiB,SAAA,CAAAE,IAAA;UAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAAAD,SAAA,CAAAkC,EAAA,GAAAlC,SAAA;UAEN7B,eAAe,CAACiB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAAW,SAAA,CAAAkC,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAlC,SAAA,CAAAgC,IAAA;MAAA;IAAA,GAAA7C,QAAA;EAAA,CAE7C;EAAA,OAAAN,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAED,SAAS+C,gCAAgCA,CACrC1C,GAAY,EACZ4B,OAA+C,EACjD;EACE,IAAOmB,mBAAmB,GAAI/C,GAAG,CAACe,GAAG,CAACC,MAAM,CAArC+B,mBAAmB;EAC1B,IAAOC,MAAM,GAAIhD,GAAG,CAAC4B,OAAO,CAArBoB,MAAM;EAEb,IAAI,CAACD,mBAAmB,IAAI,QAAQ,KAAK,OAAOC,MAAM,IAAI,CAACA,MAAM,CAACC,UAAU,CAAC,SAAS,CAAC,EAAE;IACrF,OAAOrB,OAAO;EAClB;EAEA,OAAOsB,OAAA,CACHtB,OAAO,EACP,UAACuB,GAAG,EAAEC,CAAC,EAAEC,CAAC,EAAK;IACX,IAAIA,CAAC,KAAK,YAAY,EAAE;MACpBF,GAAG,CAACE,CAAC,CAAC,GAAGD,CAAC;IACd,CAAC,MAAM;MACH,IAAME,GAAG,GAAGC,IAAA,CAAMH,CAAC,EAAmB,UAACI,IAAI,EAAK;QAC5C,IAAIA,IAAI,CAACP,UAAU,CAACvE,sBAAsB,CAAC,EAAE;UACzC,OAAO8E,IAAI,CAACC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;QACzC;QACA,OAAOD,IAAI;MACf,CAAC,CAAC;MACFL,GAAG,CAACE,CAAC,CAAC,GAAGC,GAAG;IAChB;IACA,OAAOH,GAAG;EACd,CAAC,EACD,CAAC,CACL,CAAC;AACL;AAEA,gBAAsBO,YAAYA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,aAAA,CAAAnE,KAAA,OAAAC,SAAA;AAAA;AAWjC,SAAAkE,cAAA;EAAAA,aAAA,GAAAjE,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAXM,SAAAgE,SAA4B9D,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA;IAAA,OAAAL,mBAAA,CAAAa,IAAA,UAAAqD,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAnD,IAAA,GAAAmD,SAAA,CAAAlD,IAAA;QAAA;UAAAkD,SAAA,CAAAnD,IAAA;UAE/CX,aAAa,GAAIF,GAAG,CAACe,GAAG,CAACC,MAAM,CAA/Bd,aAAa;UAAA,IACfA,aAAa;YAAA8D,SAAA,CAAAlD,IAAA;YAAA;UAAA;UAAA,OAAAkD,SAAA,CAAA/C,MAAA,WACP7B,iBAAiB,CAAC,CAAC;QAAA;UAE9Ba,GAAG,CAACgE,SAAS,CAAC,YAAY,KAAA5C,MAAA,CAAK3C,sBAAsB,iCAA8B,CAAC;UACpFuB,GAAG,CAACiE,UAAU,CAAC,GAAG,CAAC,CAACC,IAAI,CAAC,QAAQ,CAAC;UAACH,SAAA,CAAAlD,IAAA;UAAA;QAAA;UAAAkD,SAAA,CAAAnD,IAAA;UAAAmD,SAAA,CAAAlB,EAAA,GAAAkB,SAAA;UAEnCjF,eAAe,CAACiB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAA+D,SAAA,CAAAlB,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAkB,SAAA,CAAApB,IAAA;MAAA;IAAA,GAAAkB,QAAA;EAAA,CAE7C;EAAA,OAAAD,aAAA,CAAAnE,KAAA,OAAAC,SAAA;AAAA;AAED,gBAAsByE,oBAAoBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,qBAAA,CAAA7E,KAAA,OAAAC,SAAA;AAAA;AA+CzC,SAAA4E,sBAAA;EAAAA,qBAAA,GAAA3E,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CA/CM,SAAA0E,SAAoCxE,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAAuE,KAAA,EAAAC,WAAA,EAAAC,eAAA,EAAAC,mBAAA,EAAAC,uBAAA,EAAAC,GAAA,EAAAC,IAAA,EAAAC,KAAA,EAAAC,mBAAA,EAAAC,KAAA,EAAAC,UAAA;IAAA,OAAAtF,mBAAA,CAAAa,IAAA,UAAA0E,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAxE,IAAA,GAAAwE,SAAA,CAAAvE,IAAA;QAAA;UAAAuE,SAAA,CAAAxE,IAAA;UAEvDX,aAAa,GAAIF,GAAG,CAACe,GAAG,CAACC,MAAM,CAA/Bd,aAAa;UAAA,IACfA,aAAa;YAAAmF,SAAA,CAAAvE,IAAA;YAAA;UAAA;UAAA,OAAAuE,SAAA,CAAApE,MAAA,WACP7B,iBAAiB,CAAC,CAAC;QAAA;UAAAqF,KAAA,GAGSvD,IAAI,CAACC,KAAK,CAACnB,GAAG,CAACoB,IAAI,CAAC,IAAI,CAAC,CAAC,EAA1DsD,WAAW,GAAAD,KAAA,CAAXC,WAAW,EAAEC,eAAe,GAAAF,KAAA,CAAfE,eAAe;UAAA,MAC/B,CAACD,WAAW,IAAI,CAACC,eAAe;YAAAU,SAAA,CAAAvE,IAAA;YAAA;UAAA;UAAA,MAC1B,IAAIzB,KAAK,CAAC,4CAA4C,CAAC;QAAA;UAG3DuF,mBAAmB,GAAG5F,MAAM,CAACsG,UAAU,CAAC,QAAQ,CAAC,CAACC,MAAM,CAACb,WAAW,CAAC,CAACc,MAAM,CAAC,KAAK,CAAC;UACnFX,uBAAuB,GAAG7F,MAAM,CACjCsG,UAAU,CAAC,QAAQ,CAAC,CACpBC,MAAM,CAACZ,eAAe,CAAC,CACvBa,MAAM,CAAC,KAAK,CAAC;UAAAH,SAAA,CAAAxE,IAAA;UAIdiE,GAAG,GAAGnG,iBAAiB,CAACuB,aAAa,EAAEF,GAAG,CAAC;UAACqF,SAAA,CAAAvE,IAAA;UAAA;QAAA;UAAAuE,SAAA,CAAAxE,IAAA;UAAAwE,SAAA,CAAAvC,EAAA,GAAAuC,SAAA;UAE5CtG,eAAe,CAACiB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAAoF,SAAA,CAAAvC,EAAG,CAAC;UAAC,OAAAuC,SAAA,CAAApE,MAAA;QAAA;UAAA8D,IAAA,GAI1BD,GAAG,EAAZE,KAAK,GAAAD,IAAA,CAALC,KAAK;UAAAK,SAAA,CAAAvE,IAAA;UAAA,OACsB5B,YAAY,CAACc,GAAG,EAAE8E,GAAG,CAAC;QAAA;UAAAG,mBAAA,GAAAI,SAAA,CAAA1C,IAAA;UAAjDuC,KAAK,GAAAD,mBAAA,CAALC,KAAK;UAAEC,UAAU,GAAAF,mBAAA,CAAVE,UAAU;UAExBhG,EAAE,CAAC6F,KAAK,CAACS,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE;YAC9C,cAAc,EAAEN;UACpB,CAAC,CAAC;UAACE,SAAA,CAAAvE,IAAA;UAAA,OAEG3B,EAAE,CAACuG,EAAE,CACNC,eAAe,CAAC;YACbX,KAAK,EAALA,KAAK;YACLY,UAAU,EAAE;cAACC,IAAI,EAAEX,KAAK;cAAEN,mBAAmB,EAAnBA,mBAAmB;cAAEC,uBAAuB,EAAvBA;YAAuB;UAC1E,CAAC,CAAC,CACD3C,IAAI,CAAC,UAAC4D,MAAe,EAAK;YACvB7F,GAAG,CAAC8F,MAAM,CAAC,GAAG,CAAC,CAAC5B,IAAI,CAAC;cAAC2B,MAAM,EAANA;YAAM,CAAC,CAAC;UAClC,CAAC,CAAC,SACI,CAAC,UAACE,GAAQ,EAAK;YACjBjH,eAAe,CAACiB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAE+F,GAAG,CAAC;UAC3C,CAAC,CAAC;QAAA;UAAAX,SAAA,CAAAvE,IAAA;UAAA;QAAA;UAAAuE,SAAA,CAAAxE,IAAA;UAAAwE,SAAA,CAAAY,EAAA,GAAAZ,SAAA;UAENtG,eAAe,CAACiB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAAoF,SAAA,CAAAY,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAZ,SAAA,CAAAzC,IAAA;MAAA;IAAA,GAAA4B,QAAA;EAAA,CAE7C;EAAA,OAAAD,qBAAA,CAAA7E,KAAA,OAAAC,SAAA;AAAA"}
+{"version":3,"names":["axios","YT_CYPRESS_COOKIE_NAME","getUserYTApiSetup","getYTApiClusterSetup","UNEXPECTED_PIPE_AXIOS_RESPONSE","pipeAxiosResponse","sendAndLogError","crypto","ytLib","getXSRFToken","getAuthCluster","yt","handleLogin","_x","_x2","_handleLogin","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee2","req","res","ytAuthCluster","_ref","username","password","_getYTApiClusterSetup","proxyBaseUrl","requestUrl","basicAuth","wrap","_callee2$","_context2","prev","next","ctx","config","JSON","parse","body","Error","concat","Buffer","from","toString","request","url","method","headers","_objectSpread","getMetadata","Authorization","timeout","responseType","then","_ref2","_callee","response","pipedSize","_callee$","_context","undefined","removeSecureFlagIfOriginInsecure","sent","stop","_x5","t0","ytAuthAllowInsecure","origin","startsWith","_reduce","acc","v","k","tmp","_map","item","replace","handleChangePassword","_x3","_x4","_handleChangePassword","_callee3","_ref3","newPassword","currentPassword","new_password_sha256","current_password_sha256","cfg","_cfg","setup","_yield$getXSRFToken","login","csrf_token","_callee3$","_context3","createHash","update","digest","abrupt","createOption","v4","setUserPassword","parameters","user","result","status","send","err","t1"],"sources":["login.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport axios from 'axios';\nimport _ from 'lodash';\nimport {YT_CYPRESS_COOKIE_NAME} from '../../shared/constants';\nimport {getUserYTApiSetup, getYTApiClusterSetup} from '../components/requestsSetup';\nimport {UNEXPECTED_PIPE_AXIOS_RESPONSE, pipeAxiosResponse, sendAndLogError} from '../utils';\nimport crypto from 'crypto';\n\n// @ts-ignore\nimport ytLib from '@ytsaurus/javascript-wrapper';\nimport {getXSRFToken} from '../components/cluster-queries';\nimport {getAuthCluster} from '../components/yt-auth';\n\nconst yt = ytLib();\n\nexport async function handleLogin(req: Request, res: Response) {\n    try {\n        const ytAuthCluster = getAuthCluster(req.ctx.config);\n\n        const {username, password} = JSON.parse(req.body) || {};\n        if (!username || !password) {\n            throw new Error('Username and password must not be empty');\n        }\n\n        const {proxyBaseUrl} = getYTApiClusterSetup(ytAuthCluster);\n        const requestUrl = `${proxyBaseUrl}/login`;\n\n        const basicAuth = Buffer.from(`${username}:${password}`).toString('base64');\n\n        await axios\n            .request({\n                url: requestUrl,\n                method: req.method as any,\n                headers: {...req.ctx.getMetadata(), Authorization: `Basic ${basicAuth}`},\n                timeout: 10000,\n                responseType: 'stream',\n            })\n            .then(async (response) => {\n                const pipedSize = await pipeAxiosResponse(\n                    req.ctx,\n                    res,\n                    response,\n                    undefined,\n                    (headers) => removeSecureFlagIfOriginInsecure(req, headers),\n                );\n                if (!pipedSize) {\n                    throw new Error(UNEXPECTED_PIPE_AXIOS_RESPONSE);\n                }\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n\nfunction removeSecureFlagIfOriginInsecure(\n    req: Request,\n    headers: Record<string, string | Array<string>>,\n) {\n    const {ytAuthAllowInsecure} = req.ctx.config;\n    const {origin} = req.headers;\n\n    if (!ytAuthAllowInsecure || 'string' !== typeof origin || !origin.startsWith('http://')) {\n        return headers;\n    }\n\n    return _.reduce(\n        headers,\n        (acc, v, k) => {\n            if (k !== 'set-cookie') {\n                acc[k] = v;\n            } else {\n                const tmp = _.map(v as Array<string>, (item) => {\n                    if (item.startsWith(YT_CYPRESS_COOKIE_NAME)) {\n                        return item.replace(/\\s*Secure;/, '');\n                    }\n                    return item;\n                });\n                acc[k] = tmp;\n            }\n            return acc;\n        },\n        {} as typeof headers,\n    );\n}\n\nexport async function handleChangePassword(req: Request, res: Response) {\n    try {\n        const ytAuthCluster = getAuthCluster(req.ctx.config);\n\n        const {newPassword, currentPassword} = JSON.parse(req.body) || {};\n        if (!newPassword || !currentPassword) {\n            throw new Error('New and current password must not be empty');\n        }\n\n        const new_password_sha256 = crypto.createHash('sha256').update(newPassword).digest('hex');\n        const current_password_sha256 = crypto\n            .createHash('sha256')\n            .update(currentPassword)\n            .digest('hex');\n\n        let cfg;\n        try {\n            cfg = getUserYTApiSetup(ytAuthCluster, req);\n        } catch (e: any) {\n            sendAndLogError(req.ctx, res, 400, e);\n            return;\n        }\n\n        const {setup} = cfg;\n        const {login, csrf_token} = await getXSRFToken(req, cfg);\n\n        yt.setup.createOption('requestHeaders', 'object', {\n            'X-Csrf-Token': csrf_token,\n        });\n\n        await yt.v4\n            .setUserPassword({\n                setup,\n                parameters: {user: login, new_password_sha256, current_password_sha256},\n            })\n            .then((result: unknown) => {\n                res.status(200).send({result});\n            })\n            .catch((err: any) => {\n                sendAndLogError(req.ctx, res, 500, err);\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n"],"mappings":";;;;;AACA,OAAOA,KAAK,MAAM,OAAO;AAEzB,SAAQC,sBAAsB,QAAO,wBAAwB;AAC7D,SAAQC,iBAAiB,EAAEC,oBAAoB,QAAO,6BAA6B;AACnF,SAAQC,8BAA8B,EAAEC,iBAAiB,EAAEC,eAAe,QAAO,UAAU;AAC3F,OAAOC,MAAM,MAAM,QAAQ;;AAE3B;AACA,OAAOC,KAAK,MAAM,8BAA8B;AAChD,SAAQC,YAAY,QAAO,+BAA+B;AAC1D,SAAQC,cAAc,QAAO,uBAAuB;AAEpD,IAAMC,EAAE,GAAGH,KAAK,CAAC,CAAC;AAElB,gBAAsBI,WAAWA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAqChC,SAAAF,aAAA;EAAAA,YAAA,GAAAG,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CArCM,SAAAC,SAA2BC,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAAC,IAAA,EAAAC,QAAA,EAAAC,QAAA,EAAAC,qBAAA,EAAAC,YAAA,EAAAC,UAAA,EAAAC,SAAA;IAAA,OAAAZ,mBAAA,CAAAa,IAAA,UAAAC,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAC,IAAA,GAAAD,SAAA,CAAAE,IAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAE/CX,aAAa,GAAGd,cAAc,CAACY,GAAG,CAACe,GAAG,CAACC,MAAM,CAAC;UAAAb,IAAA,GAEvBc,IAAI,CAACC,KAAK,CAAClB,GAAG,CAACmB,IAAI,CAAC,IAAI,CAAC,CAAC,EAAhDf,QAAQ,GAAAD,IAAA,CAARC,QAAQ,EAAEC,QAAQ,GAAAF,IAAA,CAARE,QAAQ;UAAA,MACrB,CAACD,QAAQ,IAAI,CAACC,QAAQ;YAAAO,SAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,MAChB,IAAIM,KAAK,CAAC,yCAAyC,CAAC;QAAA;UAAAd,qBAAA,GAGvCzB,oBAAoB,CAACqB,aAAa,CAAC,EAAnDK,YAAY,GAAAD,qBAAA,CAAZC,YAAY;UACbC,UAAU,MAAAa,MAAA,CAAMd,YAAY;UAE5BE,SAAS,GAAGa,MAAM,CAACC,IAAI,IAAAF,MAAA,CAAIjB,QAAQ,OAAAiB,MAAA,CAAIhB,QAAQ,CAAE,CAAC,CAACmB,QAAQ,CAAC,QAAQ,CAAC;UAAAZ,SAAA,CAAAE,IAAA;UAAA,OAErEpC,KAAK,CACN+C,OAAO,CAAC;YACLC,GAAG,EAAElB,UAAU;YACfmB,MAAM,EAAE3B,GAAG,CAAC2B,MAAa;YACzBC,OAAO,EAAAC,aAAA,CAAAA,aAAA,KAAM7B,GAAG,CAACe,GAAG,CAACe,WAAW,CAAC,CAAC;cAAEC,aAAa,WAAAV,MAAA,CAAWZ,SAAS;YAAE,EAAC;YACxEuB,OAAO,EAAE,KAAK;YACdC,YAAY,EAAE;UAClB,CAAC,CAAC,CACDC,IAAI;YAAA,IAAAC,KAAA,GAAAvC,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAAC,SAAAsC,QAAOC,QAAQ;cAAA,IAAAC,SAAA;cAAA,OAAAzC,mBAAA,CAAAa,IAAA,UAAA6B,SAAAC,QAAA;gBAAA,kBAAAA,QAAA,CAAA3B,IAAA,GAAA2B,QAAA,CAAA1B,IAAA;kBAAA;oBAAA0B,QAAA,CAAA1B,IAAA;oBAAA,OACO/B,iBAAiB,CACrCiB,GAAG,CAACe,GAAG,EACPd,GAAG,EACHoC,QAAQ,EACRI,SAAS,EACT,UAACb,OAAO;sBAAA,OAAKc,gCAAgC,CAAC1C,GAAG,EAAE4B,OAAO,CAAC;oBAAA,CAC/D,CAAC;kBAAA;oBANKU,SAAS,GAAAE,QAAA,CAAAG,IAAA;oBAAA,IAOVL,SAAS;sBAAAE,QAAA,CAAA1B,IAAA;sBAAA;oBAAA;oBAAA,MACJ,IAAIM,KAAK,CAACtC,8BAA8B,CAAC;kBAAA;kBAAA;oBAAA,OAAA0D,QAAA,CAAAI,IAAA;gBAAA;cAAA,GAAAR,OAAA;YAAA,CAEtD;YAAA,iBAAAS,GAAA;cAAA,OAAAV,KAAA,CAAAzC,KAAA,OAAAC,SAAA;YAAA;UAAA,IAAC;QAAA;UAAAiB,SAAA,CAAAE,IAAA;UAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAAAD,SAAA,CAAAkC,EAAA,GAAAlC,SAAA;UAEN5B,eAAe,CAACgB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAAW,SAAA,CAAAkC,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAlC,SAAA,CAAAgC,IAAA;MAAA;IAAA,GAAA7C,QAAA;EAAA,CAE7C;EAAA,OAAAN,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAED,SAAS+C,gCAAgCA,CACrC1C,GAAY,EACZ4B,OAA+C,EACjD;EACE,IAAOmB,mBAAmB,GAAI/C,GAAG,CAACe,GAAG,CAACC,MAAM,CAArC+B,mBAAmB;EAC1B,IAAOC,MAAM,GAAIhD,GAAG,CAAC4B,OAAO,CAArBoB,MAAM;EAEb,IAAI,CAACD,mBAAmB,IAAI,QAAQ,KAAK,OAAOC,MAAM,IAAI,CAACA,MAAM,CAACC,UAAU,CAAC,SAAS,CAAC,EAAE;IACrF,OAAOrB,OAAO;EAClB;EAEA,OAAOsB,OAAA,CACHtB,OAAO,EACP,UAACuB,GAAG,EAAEC,CAAC,EAAEC,CAAC,EAAK;IACX,IAAIA,CAAC,KAAK,YAAY,EAAE;MACpBF,GAAG,CAACE,CAAC,CAAC,GAAGD,CAAC;IACd,CAAC,MAAM;MACH,IAAME,GAAG,GAAGC,IAAA,CAAMH,CAAC,EAAmB,UAACI,IAAI,EAAK;QAC5C,IAAIA,IAAI,CAACP,UAAU,CAACtE,sBAAsB,CAAC,EAAE;UACzC,OAAO6E,IAAI,CAACC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;QACzC;QACA,OAAOD,IAAI;MACf,CAAC,CAAC;MACFL,GAAG,CAACE,CAAC,CAAC,GAAGC,GAAG;IAChB;IACA,OAAOH,GAAG;EACd,CAAC,EACD,CAAC,CACL,CAAC;AACL;AAEA,gBAAsBO,oBAAoBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,qBAAA,CAAAnE,KAAA,OAAAC,SAAA;AAAA;AA4CzC,SAAAkE,sBAAA;EAAAA,qBAAA,GAAAjE,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CA5CM,SAAAgE,SAAoC9D,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAA6D,KAAA,EAAAC,WAAA,EAAAC,eAAA,EAAAC,mBAAA,EAAAC,uBAAA,EAAAC,GAAA,EAAAC,IAAA,EAAAC,KAAA,EAAAC,mBAAA,EAAAC,KAAA,EAAAC,UAAA;IAAA,OAAA5E,mBAAA,CAAAa,IAAA,UAAAgE,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAA9D,IAAA,GAAA8D,SAAA,CAAA7D,IAAA;QAAA;UAAA6D,SAAA,CAAA9D,IAAA;UAExDX,aAAa,GAAGd,cAAc,CAACY,GAAG,CAACe,GAAG,CAACC,MAAM,CAAC;UAAA+C,KAAA,GAEb9C,IAAI,CAACC,KAAK,CAAClB,GAAG,CAACmB,IAAI,CAAC,IAAI,CAAC,CAAC,EAA1D6C,WAAW,GAAAD,KAAA,CAAXC,WAAW,EAAEC,eAAe,GAAAF,KAAA,CAAfE,eAAe;UAAA,MAC/B,CAACD,WAAW,IAAI,CAACC,eAAe;YAAAU,SAAA,CAAA7D,IAAA;YAAA;UAAA;UAAA,MAC1B,IAAIM,KAAK,CAAC,4CAA4C,CAAC;QAAA;UAG3D8C,mBAAmB,GAAGjF,MAAM,CAAC2F,UAAU,CAAC,QAAQ,CAAC,CAACC,MAAM,CAACb,WAAW,CAAC,CAACc,MAAM,CAAC,KAAK,CAAC;UACnFX,uBAAuB,GAAGlF,MAAM,CACjC2F,UAAU,CAAC,QAAQ,CAAC,CACpBC,MAAM,CAACZ,eAAe,CAAC,CACvBa,MAAM,CAAC,KAAK,CAAC;UAAAH,SAAA,CAAA9D,IAAA;UAIduD,GAAG,GAAGxF,iBAAiB,CAACsB,aAAa,EAAEF,GAAG,CAAC;UAAC2E,SAAA,CAAA7D,IAAA;UAAA;QAAA;UAAA6D,SAAA,CAAA9D,IAAA;UAAA8D,SAAA,CAAA7B,EAAA,GAAA6B,SAAA;UAE5C3F,eAAe,CAACgB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAA0E,SAAA,CAAA7B,EAAG,CAAC;UAAC,OAAA6B,SAAA,CAAAI,MAAA;QAAA;UAAAV,IAAA,GAI1BD,GAAG,EAAZE,KAAK,GAAAD,IAAA,CAALC,KAAK;UAAAK,SAAA,CAAA7D,IAAA;UAAA,OACsB3B,YAAY,CAACa,GAAG,EAAEoE,GAAG,CAAC;QAAA;UAAAG,mBAAA,GAAAI,SAAA,CAAAhC,IAAA;UAAjD6B,KAAK,GAAAD,mBAAA,CAALC,KAAK;UAAEC,UAAU,GAAAF,mBAAA,CAAVE,UAAU;UAExBpF,EAAE,CAACiF,KAAK,CAACU,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE;YAC9C,cAAc,EAAEP;UACpB,CAAC,CAAC;UAACE,SAAA,CAAA7D,IAAA;UAAA,OAEGzB,EAAE,CAAC4F,EAAE,CACNC,eAAe,CAAC;YACbZ,KAAK,EAALA,KAAK;YACLa,UAAU,EAAE;cAACC,IAAI,EAAEZ,KAAK;cAAEN,mBAAmB,EAAnBA,mBAAmB;cAAEC,uBAAuB,EAAvBA;YAAuB;UAC1E,CAAC,CAAC,CACDjC,IAAI,CAAC,UAACmD,MAAe,EAAK;YACvBpF,GAAG,CAACqF,MAAM,CAAC,GAAG,CAAC,CAACC,IAAI,CAAC;cAACF,MAAM,EAANA;YAAM,CAAC,CAAC;UAClC,CAAC,CAAC,SACI,CAAC,UAACG,GAAQ,EAAK;YACjBxG,eAAe,CAACgB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAEuF,GAAG,CAAC;UAC3C,CAAC,CAAC;QAAA;UAAAb,SAAA,CAAA7D,IAAA;UAAA;QAAA;UAAA6D,SAAA,CAAA9D,IAAA;UAAA8D,SAAA,CAAAc,EAAA,GAAAd,SAAA;UAEN3F,eAAe,CAACgB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAA0E,SAAA,CAAAc,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAd,SAAA,CAAA/B,IAAA;MAAA;IAAA,GAAAkB,QAAA;EAAA,CAE7C;EAAA,OAAAD,qBAAA,CAAAnE,KAAA,OAAAC,SAAA;AAAA"}

package/build/esm/server/controllers/logout.d.ts

@@ -0,0 +1,2 @@
+import type { Request, Response } from 'express';
+export declare function handleLogout(req: Request, res: Response): void;

package/build/esm/server/controllers/logout.js

@@ -0,0 +1,11 @@
+import { getOAuthLogoutPath, isOAuthAllowed, isUserOAuthLogged } from '../components/oauth';
+import { YTAuthLogout, isYtAuthEnabled } from '../components/yt-auth';
+export function handleLogout(req, res) {
+  if (isOAuthAllowed(req) && isUserOAuthLogged(req)) {
+    res.redirect(getOAuthLogoutPath(req));
+  } else if (isYtAuthEnabled(req.ctx.config)) {
+    YTAuthLogout(res);
+  }
+  res.redirect('/');
+}
+// #sourceMappingURL=logout.js.map

package/build/esm/server/controllers/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getOAuthLogoutPath","isOAuthAllowed","isUserOAuthLogged","YTAuthLogout","isYtAuthEnabled","handleLogout","req","res","redirect","ctx","config"],"sources":["logout.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport {getOAuthLogoutPath, isOAuthAllowed, isUserOAuthLogged} from '../components/oauth';\nimport {YTAuthLogout, isYtAuthEnabled} from '../components/yt-auth';\n\nexport function handleLogout(req: Request, res: Response) {\n    if (isOAuthAllowed(req) && isUserOAuthLogged(req)) {\n        res.redirect(getOAuthLogoutPath(req));\n    } else if (isYtAuthEnabled(req.ctx.config)) {\n        YTAuthLogout(res);\n    }\n    res.redirect('/');\n}\n"],"mappings":"AACA,SAAQA,kBAAkB,EAAEC,cAAc,EAAEC,iBAAiB,QAAO,qBAAqB;AACzF,SAAQC,YAAY,EAAEC,eAAe,QAAO,uBAAuB;AAEnE,OAAO,SAASC,YAAYA,CAACC,GAAY,EAAEC,GAAa,EAAE;EACtD,IAAIN,cAAc,CAACK,GAAG,CAAC,IAAIJ,iBAAiB,CAACI,GAAG,CAAC,EAAE;IAC/CC,GAAG,CAACC,QAAQ,CAACR,kBAAkB,CAACM,GAAG,CAAC,CAAC;EACzC,CAAC,MAAM,IAAIF,eAAe,CAACE,GAAG,CAACG,GAAG,CAACC,MAAM,CAAC,EAAE;IACxCP,YAAY,CAACI,GAAG,CAAC;EACrB;EACAA,GAAG,CAACC,QAAQ,CAAC,GAAG,CAAC;AACrB"}

package/build/esm/server/controllers/oauth-login.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response } from 'express';
+export declare function oauthLogin(req: Request, res: Response): void;
+export declare function oauthLogout(_: Request, res: Response): void;
+export declare function oauthCallback(req: Request, res: Response): Promise<void>;

package/build/esm/server/controllers/oauth-login.js

@@ -0,0 +1,50 @@
+import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
+import _regeneratorRuntime from "@babel/runtime/regenerator";
+import { exchangeOAuthToken, getOAuthLoginPath, removeOAuthCookies, saveOAuthTokensInCookies } from '../components/oauth';
+export function oauthLogin(req, res) {
+  res.redirect(getOAuthLoginPath(req));
+}
+export function oauthLogout(_, res) {
+  removeOAuthCookies(res);
+  res.redirect('/');
+}
+export function oauthCallback(_x, _x2) {
+  return _oauthCallback.apply(this, arguments);
+}
+function _oauthCallback() {
+  _oauthCallback = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(req, res) {
+    var code, tokens, message;
+    return _regeneratorRuntime.wrap(function _callee$(_context) {
+      while (1) switch (_context.prev = _context.next) {
+        case 0:
+          code = req.query.code;
+          if (code) {
+            _context.next = 3;
+            break;
+          }
+          throw new Error('Authorization code is not specified');
+        case 3:
+          _context.prev = 3;
+          _context.next = 6;
+          return exchangeOAuthToken(req, code);
+        case 6:
+          tokens = _context.sent;
+          saveOAuthTokensInCookies(res, tokens);
+          res.redirect('/');
+          _context.next = 16;
+          break;
+        case 11:
+          _context.prev = 11;
+          _context.t0 = _context["catch"](3);
+          req.ctx.logError('exchange token error', _context.t0);
+          message = _context.t0 instanceof Error ? _context.t0.message : 'Unknown error';
+          res.status(500).send(message);
+        case 16:
+        case "end":
+          return _context.stop();
+      }
+    }, _callee, null, [[3, 11]]);
+  }));
+  return _oauthCallback.apply(this, arguments);
+}
+// #sourceMappingURL=oauth-login.js.map

package/build/esm/server/controllers/oauth-login.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["exchangeOAuthToken","getOAuthLoginPath","removeOAuthCookies","saveOAuthTokensInCookies","oauthLogin","req","res","redirect","oauthLogout","_","oauthCallback","_x","_x2","_oauthCallback","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee","code","tokens","message","wrap","_callee$","_context","prev","next","query","Error","sent","t0","ctx","logError","status","send","stop"],"sources":["oauth-login.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport {\n    exchangeOAuthToken,\n    getOAuthLoginPath,\n    removeOAuthCookies,\n    saveOAuthTokensInCookies,\n} from '../components/oauth';\n\nexport function oauthLogin(req: Request, res: Response) {\n    res.redirect(getOAuthLoginPath(req));\n}\n\nexport function oauthLogout(_: Request, res: Response) {\n    removeOAuthCookies(res);\n    res.redirect('/');\n}\n\nexport async function oauthCallback(req: Request, res: Response) {\n    const {code} = req.query;\n    if (!code) {\n        throw new Error('Authorization code is not specified');\n    }\n\n    try {\n        const tokens = await exchangeOAuthToken(req, code as string);\n\n        saveOAuthTokensInCookies(res, tokens);\n\n        res.redirect('/');\n    } catch (e) {\n        req.ctx.logError('exchange token error', e);\n        const message = e instanceof Error ? e.message : 'Unknown error';\n        res.status(500).send(message);\n    }\n}\n"],"mappings":";;AACA,SACIA,kBAAkB,EAClBC,iBAAiB,EACjBC,kBAAkB,EAClBC,wBAAwB,QACrB,qBAAqB;AAE5B,OAAO,SAASC,UAAUA,CAACC,GAAY,EAAEC,GAAa,EAAE;EACpDA,GAAG,CAACC,QAAQ,CAACN,iBAAiB,CAACI,GAAG,CAAC,CAAC;AACxC;AAEA,OAAO,SAASG,WAAWA,CAACC,CAAU,EAAEH,GAAa,EAAE;EACnDJ,kBAAkB,CAACI,GAAG,CAAC;EACvBA,GAAG,CAACC,QAAQ,CAAC,GAAG,CAAC;AACrB;AAEA,gBAAsBG,aAAaA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,cAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAiBlC,SAAAF,eAAA;EAAAA,cAAA,GAAAG,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAjBM,SAAAC,QAA6Bd,GAAY,EAAEC,GAAa;IAAA,IAAAc,IAAA,EAAAC,MAAA,EAAAC,OAAA;IAAA,OAAAL,mBAAA,CAAAM,IAAA,UAAAC,SAAAC,QAAA;MAAA,kBAAAA,QAAA,CAAAC,IAAA,GAAAD,QAAA,CAAAE,IAAA;QAAA;UACpDP,IAAI,GAAIf,GAAG,CAACuB,KAAK,CAAjBR,IAAI;UAAA,IACNA,IAAI;YAAAK,QAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,MACC,IAAIE,KAAK,CAAC,qCAAqC,CAAC;QAAA;UAAAJ,QAAA,CAAAC,IAAA;UAAAD,QAAA,CAAAE,IAAA;UAAA,OAIjC3B,kBAAkB,CAACK,GAAG,EAAEe,IAAc,CAAC;QAAA;UAAtDC,MAAM,GAAAI,QAAA,CAAAK,IAAA;UAEZ3B,wBAAwB,CAACG,GAAG,EAAEe,MAAM,CAAC;UAErCf,GAAG,CAACC,QAAQ,CAAC,GAAG,CAAC;UAACkB,QAAA,CAAAE,IAAA;UAAA;QAAA;UAAAF,QAAA,CAAAC,IAAA;UAAAD,QAAA,CAAAM,EAAA,GAAAN,QAAA;UAElBpB,GAAG,CAAC2B,GAAG,CAACC,QAAQ,CAAC,sBAAsB,EAAAR,QAAA,CAAAM,EAAG,CAAC;UACrCT,OAAO,GAAGG,QAAA,CAAAM,EAAA,YAAaF,KAAK,GAAGJ,QAAA,CAAAM,EAAA,CAAET,OAAO,GAAG,eAAe;UAChEhB,GAAG,CAAC4B,MAAM,CAAC,GAAG,CAAC,CAACC,IAAI,CAACb,OAAO,CAAC;QAAC;QAAA;UAAA,OAAAG,QAAA,CAAAW,IAAA;MAAA;IAAA,GAAAjB,OAAA;EAAA,CAErC;EAAA,OAAAN,cAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA"}

package/build/esm/server/index.js

@@ -1,10 +1,14 @@
+import _toConsumableArray from "@babel/runtime/helpers/toConsumableArray";
 var _nodekit$config$adjus, _nodekit$config3;
 import path from 'path';
 import { NodeKit } from '@gravity-ui/nodekit';
 import { ExpressKit } from '@gravity-ui/expresskit';
 import { configureApp } from './configure-app';
-import { createYTAuthMiddleware } from './middlewares/yt-auth';
+import { createYTAuthorizationResolver } from './middlewares/yt-auth';
 import routes from './routes';
+import { createOAuthAuthorizationResolver } from './middlewares/oauth';
+import { createAuthMiddleware } from './middlewares/authorization';
+import { authorizationResolver } from './utils/authorization';
 var nodekit = new NodeKit({
   configsPath: path.resolve(__dirname, './configs')
 });
@@ -26,7 +30,8 @@ if (ytAuthCluster) {
   if (appAuthHandler) {
     nodekit.ctx.fail(new Error('"appAuthHandler" option will be ignored cause "ytAuthCluster" option is provided.'));
   }
-  nodekit.config.appAuthHandler = createYTAuthMiddleware(ytAuthCluster);
+  nodekit.config.appBeforeAuthMiddleware = [].concat(_toConsumableArray(nodekit.config.appBeforeAuthMiddleware || []), [authorizationResolver(createOAuthAuthorizationResolver()), authorizationResolver(createYTAuthorizationResolver())]);
+  nodekit.config.appAuthHandler = createAuthMiddleware(ytAuthCluster);
 }
 (_nodekit$config$adjus = (_nodekit$config3 = nodekit.config).adjustAppConfig) === null || _nodekit$config$adjus === void 0 || _nodekit$config$adjus.call(_nodekit$config3, nodekit);
 var app = new ExpressKit(nodekit, routes);

package/build/esm/server/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["path","NodeKit","ExpressKit","configureApp","createYTAuthMiddleware","routes","nodekit","configsPath","resolve","__dirname","_nodekit$config","config","appName","appEnv","appInstallation","appDevMode","ctx","log","_nodekit$config2","ytAuthCluster","appAuthHandler","fail","Error","_nodekit$config$adjus","_nodekit$config3","adjustAppConfig","call","app","require","main","module","run"],"sources":["index.ts"],"sourcesContent":["import path from 'path';\nimport _reduce from 'lodash/reduce';\nimport {NodeKit} from '@gravity-ui/nodekit';\nimport {ExpressKit} from '@gravity-ui/expresskit';\n\nimport {configureApp} from './configure-app';\n\nimport {createYTAuthMiddleware} from './middlewares/yt-auth';\nimport routes from './routes';\n\nconst nodekit = new NodeKit({configsPath: path.resolve(__dirname, './configs')});\n\nconst {appName, appEnv, appInstallation, appDevMode} = nodekit.config;\nnodekit.ctx.log('AppConfig details', {\n    appName,\n    appEnv,\n    appInstallation,\n    appDevMode,\n});\n\nconst {ytAuthCluster, appAuthHandler} = nodekit.config;\n\nif (ytAuthCluster) {\n    if (appAuthHandler) {\n        nodekit.ctx.fail(\n            new Error(\n                '\"appAuthHandler\" option will be ignored cause \"ytAuthCluster\" option is provided.',\n            ),\n        );\n    }\n\n    nodekit.config.appAuthHandler = createYTAuthMiddleware(ytAuthCluster);\n}\n\nnodekit.config.adjustAppConfig?.(nodekit);\n\nconst app = new ExpressKit(nodekit, routes);\nconfigureApp(app);\n\nif (require.main === module) {\n    app.run();\n}\n\nexport default app;\n"],"mappings":";AAAA,OAAOA,IAAI,MAAM,MAAM;AAEvB,SAAQC,OAAO,QAAO,qBAAqB;AAC3C,SAAQC,UAAU,QAAO,wBAAwB;AAEjD,SAAQC,YAAY,QAAO,iBAAiB;AAE5C,SAAQC,sBAAsB,QAAO,uBAAuB;AAC5D,OAAOC,MAAM,MAAM,UAAU;AAE7B,IAAMC,OAAO,GAAG,IAAIL,OAAO,CAAC;EAACM,WAAW,EAAEP,IAAI,CAACQ,OAAO,CAACC,SAAS,EAAE,WAAW;AAAC,CAAC,CAAC;AAEhF,IAAAC,eAAA,GAAuDJ,OAAO,CAACK,MAAM;EAA9DC,OAAO,GAAAF,eAAA,CAAPE,OAAO;EAAEC,MAAM,GAAAH,eAAA,CAANG,MAAM;EAAEC,eAAe,GAAAJ,eAAA,CAAfI,eAAe;EAAEC,UAAU,GAAAL,eAAA,CAAVK,UAAU;AACnDT,OAAO,CAACU,GAAG,CAACC,GAAG,CAAC,mBAAmB,EAAE;EACjCL,OAAO,EAAPA,OAAO;EACPC,MAAM,EAANA,MAAM;EACNC,eAAe,EAAfA,eAAe;EACfC,UAAU,EAAVA;AACJ,CAAC,CAAC;AAEF,IAAAG,gBAAA,GAAwCZ,OAAO,CAACK,MAAM;EAA/CQ,aAAa,GAAAD,gBAAA,CAAbC,aAAa;EAAEC,cAAc,GAAAF,gBAAA,CAAdE,cAAc;AAEpC,IAAID,aAAa,EAAE;EACf,IAAIC,cAAc,EAAE;IAChBd,OAAO,CAACU,GAAG,CAACK,IAAI,CACZ,IAAIC,KAAK,CACL,mFACJ,CACJ,CAAC;EACL;EAEAhB,OAAO,CAACK,MAAM,CAACS,cAAc,GAAGhB,sBAAsB,CAACe,aAAa,CAAC;AACzE;AAEA,CAAAI,qBAAA,IAAAC,gBAAA,GAAAlB,OAAO,CAACK,MAAM,EAACc,eAAe,cAAAF,qBAAA,eAA9BA,qBAAA,CAAAG,IAAA,CAAAF,gBAAA,EAAiClB,OAAO,CAAC;AAEzC,IAAMqB,GAAG,GAAG,IAAIzB,UAAU,CAACI,OAAO,EAAED,MAAM,CAAC;AAC3CF,YAAY,CAACwB,GAAG,CAAC;AAEjB,IAAIC,OAAO,CAACC,IAAI,KAAKC,MAAM,EAAE;EACzBH,GAAG,CAACI,GAAG,CAAC,CAAC;AACb;AAEA,eAAeJ,GAAG"}
+{"version":3,"names":["path","NodeKit","ExpressKit","configureApp","createYTAuthorizationResolver","routes","createOAuthAuthorizationResolver","createAuthMiddleware","authorizationResolver","nodekit","configsPath","resolve","__dirname","_nodekit$config","config","appName","appEnv","appInstallation","appDevMode","ctx","log","_nodekit$config2","ytAuthCluster","appAuthHandler","fail","Error","appBeforeAuthMiddleware","concat","_toConsumableArray","_nodekit$config$adjus","_nodekit$config3","adjustAppConfig","call","app","require","main","module","run"],"sources":["index.ts"],"sourcesContent":["import path from 'path';\nimport _reduce from 'lodash/reduce';\nimport {NodeKit} from '@gravity-ui/nodekit';\nimport {ExpressKit} from '@gravity-ui/expresskit';\n\nimport {configureApp} from './configure-app';\n\nimport {createYTAuthorizationResolver} from './middlewares/yt-auth';\nimport routes from './routes';\nimport {createOAuthAuthorizationResolver} from './middlewares/oauth';\nimport {createAuthMiddleware} from './middlewares/authorization';\nimport {authorizationResolver} from './utils/authorization';\n\nconst nodekit = new NodeKit({configsPath: path.resolve(__dirname, './configs')});\n\nconst {appName, appEnv, appInstallation, appDevMode} = nodekit.config;\nnodekit.ctx.log('AppConfig details', {\n    appName,\n    appEnv,\n    appInstallation,\n    appDevMode,\n});\n\nconst {ytAuthCluster, appAuthHandler} = nodekit.config;\n\nif (ytAuthCluster) {\n    if (appAuthHandler) {\n        nodekit.ctx.fail(\n            new Error(\n                '\"appAuthHandler\" option will be ignored cause \"ytAuthCluster\" option is provided.',\n            ),\n        );\n    }\n\n    nodekit.config.appBeforeAuthMiddleware = [\n        ...(nodekit.config.appBeforeAuthMiddleware || []),\n        authorizationResolver(createOAuthAuthorizationResolver()),\n        authorizationResolver(createYTAuthorizationResolver()),\n    ];\n    nodekit.config.appAuthHandler = createAuthMiddleware(ytAuthCluster);\n}\n\nnodekit.config.adjustAppConfig?.(nodekit);\n\nconst app = new ExpressKit(nodekit, routes);\nconfigureApp(app);\n\nif (require.main === module) {\n    app.run();\n}\n\nexport default app;\n"],"mappings":";;AAAA,OAAOA,IAAI,MAAM,MAAM;AAEvB,SAAQC,OAAO,QAAO,qBAAqB;AAC3C,SAAQC,UAAU,QAAO,wBAAwB;AAEjD,SAAQC,YAAY,QAAO,iBAAiB;AAE5C,SAAQC,6BAA6B,QAAO,uBAAuB;AACnE,OAAOC,MAAM,MAAM,UAAU;AAC7B,SAAQC,gCAAgC,QAAO,qBAAqB;AACpE,SAAQC,oBAAoB,QAAO,6BAA6B;AAChE,SAAQC,qBAAqB,QAAO,uBAAuB;AAE3D,IAAMC,OAAO,GAAG,IAAIR,OAAO,CAAC;EAACS,WAAW,EAAEV,IAAI,CAACW,OAAO,CAACC,SAAS,EAAE,WAAW;AAAC,CAAC,CAAC;AAEhF,IAAAC,eAAA,GAAuDJ,OAAO,CAACK,MAAM;EAA9DC,OAAO,GAAAF,eAAA,CAAPE,OAAO;EAAEC,MAAM,GAAAH,eAAA,CAANG,MAAM;EAAEC,eAAe,GAAAJ,eAAA,CAAfI,eAAe;EAAEC,UAAU,GAAAL,eAAA,CAAVK,UAAU;AACnDT,OAAO,CAACU,GAAG,CAACC,GAAG,CAAC,mBAAmB,EAAE;EACjCL,OAAO,EAAPA,OAAO;EACPC,MAAM,EAANA,MAAM;EACNC,eAAe,EAAfA,eAAe;EACfC,UAAU,EAAVA;AACJ,CAAC,CAAC;AAEF,IAAAG,gBAAA,GAAwCZ,OAAO,CAACK,MAAM;EAA/CQ,aAAa,GAAAD,gBAAA,CAAbC,aAAa;EAAEC,cAAc,GAAAF,gBAAA,CAAdE,cAAc;AAEpC,IAAID,aAAa,EAAE;EACf,IAAIC,cAAc,EAAE;IAChBd,OAAO,CAACU,GAAG,CAACK,IAAI,CACZ,IAAIC,KAAK,CACL,mFACJ,CACJ,CAAC;EACL;EAEAhB,OAAO,CAACK,MAAM,CAACY,uBAAuB,MAAAC,MAAA,CAAAC,kBAAA,CAC9BnB,OAAO,CAACK,MAAM,CAACY,uBAAuB,IAAI,EAAE,IAChDlB,qBAAqB,CAACF,gCAAgC,CAAC,CAAC,CAAC,EACzDE,qBAAqB,CAACJ,6BAA6B,CAAC,CAAC,CAAC,EACzD;EACDK,OAAO,CAACK,MAAM,CAACS,cAAc,GAAGhB,oBAAoB,CAACe,aAAa,CAAC;AACvE;AAEA,CAAAO,qBAAA,IAAAC,gBAAA,GAAArB,OAAO,CAACK,MAAM,EAACiB,eAAe,cAAAF,qBAAA,eAA9BA,qBAAA,CAAAG,IAAA,CAAAF,gBAAA,EAAiCrB,OAAO,CAAC;AAEzC,IAAMwB,GAAG,GAAG,IAAI/B,UAAU,CAACO,OAAO,EAAEJ,MAAM,CAAC;AAC3CF,YAAY,CAAC8B,GAAG,CAAC;AAEjB,IAAIC,OAAO,CAACC,IAAI,KAAKC,MAAM,EAAE;EACzBH,GAAG,CAACI,GAAG,CAAC,CAAC;AACb;AAEA,eAAeJ,GAAG"}

package/build/esm/server/middlewares/authorization.d.ts

@@ -0,0 +1,2 @@
+import { AppMiddleware } from '@gravity-ui/expresskit';
+export declare function createAuthMiddleware(ytAuthCluster: string): AppMiddleware;

package/build/esm/server/middlewares/authorization.js

@@ -0,0 +1,74 @@
+import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
+import _createClass from "@babel/runtime/helpers/createClass";
+import _classCallCheck from "@babel/runtime/helpers/classCallCheck";
+import _inherits from "@babel/runtime/helpers/inherits";
+import _createSuper from "@babel/runtime/helpers/createSuper";
+import _wrapNativeSuper from "@babel/runtime/helpers/wrapNativeSuper";
+import _regeneratorRuntime from "@babel/runtime/regenerator";
+import axios from 'axios';
+import { isAuthorized } from '../utils/authorization';
+import { getUserYTApiSetup } from '../components/requestsSetup';
+import { getXSRFToken } from '../components/cluster-queries';
+import { sendError } from '../utils';
+var AuthError = /*#__PURE__*/function (_Error) {
+  _inherits(AuthError, _Error);
+  var _super = _createSuper(AuthError);
+  function AuthError() {
+    _classCallCheck(this, AuthError);
+    return _super.call(this, 'Authorization required');
+  }
+  return _createClass(AuthError);
+}( /*#__PURE__*/_wrapNativeSuper(Error));
+function isAuthError(e) {
+  var _e$response;
+  return e instanceof AuthError || axios.isAxiosError(e) && ((_e$response = e.response) === null || _e$response === void 0 ? void 0 : _e$response.status) === 401;
+}
+export function createAuthMiddleware(ytAuthCluster) {
+  return /*#__PURE__*/function () {
+    var _authMiddleware = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(req, res, next) {
+      var cfg, _yield$getXSRFToken, login, isAuthFailed, error;
+      return _regeneratorRuntime.wrap(function _callee$(_context) {
+        while (1) switch (_context.prev = _context.next) {
+          case 0:
+            _context.prev = 0;
+            if (isAuthorized(req)) {
+              _context.next = 3;
+              break;
+            }
+            throw new AuthError();
+          case 3:
+            cfg = getUserYTApiSetup(ytAuthCluster, req);
+            _context.next = 6;
+            return getXSRFToken(req, cfg);
+          case 6:
+            _yield$getXSRFToken = _context.sent;
+            login = _yield$getXSRFToken.login;
+            req.yt.login = login;
+            _context.next = 18;
+            break;
+          case 11:
+            _context.prev = 11;
+            _context.t0 = _context["catch"](0);
+            isAuthFailed = isAuthError(_context.t0);
+            error = isAuthFailed ? undefined : _context.t0;
+            if (!(!req.routeInfo.ui && isAuthFailed)) {
+              _context.next = 18;
+              break;
+            }
+            sendError(res, error, 401);
+            return _context.abrupt("return");
+          case 18:
+            next();
+          case 19:
+          case "end":
+            return _context.stop();
+        }
+      }, _callee, null, [[0, 11]]);
+    }));
+    function authMiddleware(_x, _x2, _x3) {
+      return _authMiddleware.apply(this, arguments);
+    }
+    return authMiddleware;
+  }();
+}
+// #sourceMappingURL=authorization.js.map

package/build/esm/server/middlewares/authorization.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["axios","isAuthorized","getUserYTApiSetup","getXSRFToken","sendError","AuthError","_Error","_inherits","_super","_createSuper","_classCallCheck","call","_createClass","_wrapNativeSuper","Error","isAuthError","e","_e$response","isAxiosError","response","status","createAuthMiddleware","ytAuthCluster","_authMiddleware","_asyncToGenerator","_regeneratorRuntime","mark","_callee","req","res","next","cfg","_yield$getXSRFToken","login","isAuthFailed","error","wrap","_callee$","_context","prev","sent","yt","t0","undefined","routeInfo","ui","abrupt","stop","authMiddleware","_x","_x2","_x3","apply","arguments"],"sources":["authorization.ts"],"sourcesContent":["import axios from 'axios';\nimport {isAuthorized} from '../utils/authorization';\nimport {getUserYTApiSetup} from '../components/requestsSetup';\nimport {AppMiddleware} from '@gravity-ui/expresskit';\nimport {getXSRFToken} from '../components/cluster-queries';\nimport {sendError} from '../utils';\n\nclass AuthError extends Error {\n    constructor() {\n        super('Authorization required');\n    }\n}\n\nfunction isAuthError(e: unknown) {\n    return e instanceof AuthError || (axios.isAxiosError(e) && e.response?.status === 401);\n}\n\nexport function createAuthMiddleware(ytAuthCluster: string): AppMiddleware {\n    return async function authMiddleware(req, res, next) {\n        try {\n            if (!isAuthorized(req)) {\n                throw new AuthError();\n            }\n\n            const cfg = getUserYTApiSetup(ytAuthCluster, req);\n            const {login} = await getXSRFToken(req, cfg);\n            req.yt.login = login;\n        } catch (e) {\n            const isAuthFailed = isAuthError(e);\n            const error = isAuthFailed ? undefined : e;\n\n            if (!req.routeInfo.ui && isAuthFailed) {\n                sendError(res, error, 401);\n                return;\n            }\n        }\n\n        next();\n    };\n}\n"],"mappings":";;;;;;;AAAA,OAAOA,KAAK,MAAM,OAAO;AACzB,SAAQC,YAAY,QAAO,wBAAwB;AACnD,SAAQC,iBAAiB,QAAO,6BAA6B;AAE7D,SAAQC,YAAY,QAAO,+BAA+B;AAC1D,SAAQC,SAAS,QAAO,UAAU;AAAC,IAE7BC,SAAS,0BAAAC,MAAA;EAAAC,SAAA,CAAAF,SAAA,EAAAC,MAAA;EAAA,IAAAE,MAAA,GAAAC,YAAA,CAAAJ,SAAA;EACX,SAAAA,UAAA,EAAc;IAAAK,eAAA,OAAAL,SAAA;IAAA,OAAAG,MAAA,CAAAG,IAAA,OACJ,wBAAwB;EAClC;EAAC,OAAAC,YAAA,CAAAP,SAAA;AAAA,gBAAAQ,gBAAA,CAHmBC,KAAK;AAM7B,SAASC,WAAWA,CAACC,CAAU,EAAE;EAAA,IAAAC,WAAA;EAC7B,OAAOD,CAAC,YAAYX,SAAS,IAAKL,KAAK,CAACkB,YAAY,CAACF,CAAC,CAAC,IAAI,EAAAC,WAAA,GAAAD,CAAC,CAACG,QAAQ,cAAAF,WAAA,uBAAVA,WAAA,CAAYG,MAAM,MAAK,GAAI;AAC1F;AAEA,OAAO,SAASC,oBAAoBA,CAACC,aAAqB,EAAiB;EACvE;IAAA,IAAAC,eAAA,GAAAC,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAAO,SAAAC,QAA8BC,GAAG,EAAEC,GAAG,EAAEC,IAAI;MAAA,IAAAC,GAAA,EAAAC,mBAAA,EAAAC,KAAA,EAAAC,YAAA,EAAAC,KAAA;MAAA,OAAAV,mBAAA,CAAAW,IAAA,UAAAC,SAAAC,QAAA;QAAA,kBAAAA,QAAA,CAAAC,IAAA,GAAAD,QAAA,CAAAR,IAAA;UAAA;YAAAQ,QAAA,CAAAC,IAAA;YAAA,IAEtCtC,YAAY,CAAC2B,GAAG,CAAC;cAAAU,QAAA,CAAAR,IAAA;cAAA;YAAA;YAAA,MACZ,IAAIzB,SAAS,CAAC,CAAC;UAAA;YAGnB0B,GAAG,GAAG7B,iBAAiB,CAACoB,aAAa,EAAEM,GAAG,CAAC;YAAAU,QAAA,CAAAR,IAAA;YAAA,OAC3B3B,YAAY,CAACyB,GAAG,EAAEG,GAAG,CAAC;UAAA;YAAAC,mBAAA,GAAAM,QAAA,CAAAE,IAAA;YAArCP,KAAK,GAAAD,mBAAA,CAALC,KAAK;YACZL,GAAG,CAACa,EAAE,CAACR,KAAK,GAAGA,KAAK;YAACK,QAAA,CAAAR,IAAA;YAAA;UAAA;YAAAQ,QAAA,CAAAC,IAAA;YAAAD,QAAA,CAAAI,EAAA,GAAAJ,QAAA;YAEfJ,YAAY,GAAGnB,WAAW,CAAAuB,QAAA,CAAAI,EAAE,CAAC;YAC7BP,KAAK,GAAGD,YAAY,GAAGS,SAAS,GAAAL,QAAA,CAAAI,EAAI;YAAA,MAEtC,CAACd,GAAG,CAACgB,SAAS,CAACC,EAAE,IAAIX,YAAY;cAAAI,QAAA,CAAAR,IAAA;cAAA;YAAA;YACjC1B,SAAS,CAACyB,GAAG,EAAEM,KAAK,EAAE,GAAG,CAAC;YAAC,OAAAG,QAAA,CAAAQ,MAAA;UAAA;YAKnChB,IAAI,CAAC,CAAC;UAAC;UAAA;YAAA,OAAAQ,QAAA,CAAAS,IAAA;QAAA;MAAA,GAAApB,OAAA;IAAA,CACV;IAAA,SApBqBqB,cAAcA,CAAAC,EAAA,EAAAC,GAAA,EAAAC,GAAA;MAAA,OAAA5B,eAAA,CAAA6B,KAAA,OAAAC,SAAA;IAAA;IAAA,OAAdL,cAAc;EAAA;AAqBxC"}

package/build/esm/server/middlewares/oauth.d.ts

@@ -0,0 +1,2 @@
+import { AppMiddleware } from '@gravity-ui/expresskit';
+export declare function createOAuthAuthorizationResolver(): AppMiddleware;

package/build/esm/server/middlewares/oauth.js

@@ -0,0 +1,50 @@
+import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
+import _regeneratorRuntime from "@babel/runtime/regenerator";
+import { getOAuthAccessToken, isOAuthAllowed, isUserOAuthLogged } from '../components/oauth';
+export function createOAuthAuthorizationResolver() {
+  return /*#__PURE__*/function () {
+    var _resoleOAuthAuthorize = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(req, res, next) {
+      var token;
+      return _regeneratorRuntime.wrap(function _callee$(_context) {
+        while (1) switch (_context.prev = _context.next) {
+          case 0:
+            if (!(!isOAuthAllowed(req) || !isUserOAuthLogged(req))) {
+              _context.next = 3;
+              break;
+            }
+            next();
+            return _context.abrupt("return");
+          case 3:
+            _context.prev = 3;
+            _context.next = 6;
+            return getOAuthAccessToken(req, res);
+          case 6:
+            token = _context.sent;
+            req.yt = {
+              ytApiAuthHeaders: {
+                Authorization: "OAuth ".concat(token)
+              }
+            };
+            req.ctx.log('OAuth: provide a token');
+            _context.next = 14;
+            break;
+          case 11:
+            _context.prev = 11;
+            _context.t0 = _context["catch"](3);
+            req.ctx.logError('Can not resolve access token', _context.t0);
+          case 14:
+            next();
+            return _context.abrupt("return");
+          case 16:
+          case "end":
+            return _context.stop();
+        }
+      }, _callee, null, [[3, 11]]);
+    }));
+    function resoleOAuthAuthorize(_x, _x2, _x3) {
+      return _resoleOAuthAuthorize.apply(this, arguments);
+    }
+    return resoleOAuthAuthorize;
+  }();
+}
+// #sourceMappingURL=oauth.js.map

package/build/esm/server/middlewares/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getOAuthAccessToken","isOAuthAllowed","isUserOAuthLogged","createOAuthAuthorizationResolver","_resoleOAuthAuthorize","_asyncToGenerator","_regeneratorRuntime","mark","_callee","req","res","next","token","wrap","_callee$","_context","prev","abrupt","sent","yt","ytApiAuthHeaders","Authorization","concat","ctx","log","t0","logError","stop","resoleOAuthAuthorize","_x","_x2","_x3","apply","arguments"],"sources":["oauth.ts"],"sourcesContent":["import {AppMiddleware} from '@gravity-ui/expresskit';\nimport type {Request, Response} from 'express';\nimport {getOAuthAccessToken, isOAuthAllowed, isUserOAuthLogged} from '../components/oauth';\n\nexport function createOAuthAuthorizationResolver(): AppMiddleware {\n    return async function resoleOAuthAuthorize(req: Request, res: Response, next) {\n        if (!isOAuthAllowed(req) || !isUserOAuthLogged(req)) {\n            next();\n            return;\n        }\n        try {\n            const token = await getOAuthAccessToken(req, res);\n            req.yt = {\n                ytApiAuthHeaders: {\n                    Authorization: `OAuth ${token}`,\n                },\n            };\n            req.ctx.log('OAuth: provide a token');\n        } catch (e) {\n            req.ctx.logError('Can not resolve access token', e);\n        }\n        next();\n        return;\n    };\n}\n"],"mappings":";;AAEA,SAAQA,mBAAmB,EAAEC,cAAc,EAAEC,iBAAiB,QAAO,qBAAqB;AAE1F,OAAO,SAASC,gCAAgCA,CAAA,EAAkB;EAC9D;IAAA,IAAAC,qBAAA,GAAAC,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAAO,SAAAC,QAAoCC,GAAY,EAAEC,GAAa,EAAEC,IAAI;MAAA,IAAAC,KAAA;MAAA,OAAAN,mBAAA,CAAAO,IAAA,UAAAC,SAAAC,QAAA;QAAA,kBAAAA,QAAA,CAAAC,IAAA,GAAAD,QAAA,CAAAJ,IAAA;UAAA;YAAA,MACpE,CAACV,cAAc,CAACQ,GAAG,CAAC,IAAI,CAACP,iBAAiB,CAACO,GAAG,CAAC;cAAAM,QAAA,CAAAJ,IAAA;cAAA;YAAA;YAC/CA,IAAI,CAAC,CAAC;YAAC,OAAAI,QAAA,CAAAE,MAAA;UAAA;YAAAF,QAAA,CAAAC,IAAA;YAAAD,QAAA,CAAAJ,IAAA;YAAA,OAIaX,mBAAmB,CAACS,GAAG,EAAEC,GAAG,CAAC;UAAA;YAA3CE,KAAK,GAAAG,QAAA,CAAAG,IAAA;YACXT,GAAG,CAACU,EAAE,GAAG;cACLC,gBAAgB,EAAE;gBACdC,aAAa,WAAAC,MAAA,CAAWV,KAAK;cACjC;YACJ,CAAC;YACDH,GAAG,CAACc,GAAG,CAACC,GAAG,CAAC,wBAAwB,CAAC;YAACT,QAAA,CAAAJ,IAAA;YAAA;UAAA;YAAAI,QAAA,CAAAC,IAAA;YAAAD,QAAA,CAAAU,EAAA,GAAAV,QAAA;YAEtCN,GAAG,CAACc,GAAG,CAACG,QAAQ,CAAC,8BAA8B,EAAAX,QAAA,CAAAU,EAAG,CAAC;UAAC;YAExDd,IAAI,CAAC,CAAC;YAAC,OAAAI,QAAA,CAAAE,MAAA;UAAA;UAAA;YAAA,OAAAF,QAAA,CAAAY,IAAA;QAAA;MAAA,GAAAnB,OAAA;IAAA,CAEV;IAAA,SAlBqBoB,oBAAoBA,CAAAC,EAAA,EAAAC,GAAA,EAAAC,GAAA;MAAA,OAAA3B,qBAAA,CAAA4B,KAAA,OAAAC,SAAA;IAAA;IAAA,OAApBL,oBAAoB;EAAA;AAmB9C"}

package/build/esm/server/middlewares/yt-auth.d.ts

@@ -1,2 +1,2 @@
 import { AppMiddleware } from '@gravity-ui/expresskit';
-export declare function createYTAuthMiddleware(ytAuthCluster: string): AppMiddleware;
+export declare function createYTAuthorizationResolver(): AppMiddleware;