@ytsaurus/ui 1.12.2 → 1.13.0

package/build/esm/server/components/oauth.js

@@ -0,0 +1,169 @@
+import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
+import _regeneratorRuntime from "@babel/runtime/regenerator";
+import axios from 'axios';
+import { YT_OAUTH_ACCESS_TOKEN_NAME, YT_OAUTH_REFRESH_TOKEN_NAME } from '../../shared/constants';
+export function isOAuthAllowed(req) {
+  var config = req.ctx.config.ytOAuthSettings;
+  return Boolean(config && config.baseURL && config.authPath && config.tokenPath && config.clientId && config.clientSecret);
+}
+export function getOAuthSettings(req) {
+  var config = req.ctx.config.ytOAuthSettings;
+  if (!config) {
+    throw new Error('OAuth settings is not specified');
+  }
+  return config;
+}
+
+// See https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.3.3
+
+export function isUserOAuthLogged(req) {
+  return Boolean(req.cookies[YT_OAUTH_ACCESS_TOKEN_NAME]) || Boolean(req.cookies[YT_OAUTH_REFRESH_TOKEN_NAME]);
+}
+export function getOAuthAccessToken(_x, _x2) {
+  return _getOAuthAccessToken.apply(this, arguments);
+}
+function _getOAuthAccessToken() {
+  _getOAuthAccessToken = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(req, res) {
+    var tokens;
+    return _regeneratorRuntime.wrap(function _callee$(_context) {
+      while (1) switch (_context.prev = _context.next) {
+        case 0:
+          if (!req.cookies[YT_OAUTH_ACCESS_TOKEN_NAME]) {
+            _context.next = 4;
+            break;
+          }
+          return _context.abrupt("return", req.cookies[YT_OAUTH_ACCESS_TOKEN_NAME]);
+        case 4:
+          if (!req.cookies[YT_OAUTH_REFRESH_TOKEN_NAME]) {
+            _context.next = 10;
+            break;
+          }
+          _context.next = 7;
+          return refreshOAuthToken(req, req.cookies[YT_OAUTH_REFRESH_TOKEN_NAME]);
+        case 7:
+          tokens = _context.sent;
+          saveOAuthTokensInCookies(res, tokens);
+          return _context.abrupt("return", tokens.access_token);
+        case 10:
+          return _context.abrupt("return", undefined);
+        case 11:
+        case "end":
+          return _context.stop();
+      }
+    }, _callee);
+  }));
+  return _getOAuthAccessToken.apply(this, arguments);
+}
+export function removeOAuthCookies(res) {
+  res.clearCookie(YT_OAUTH_ACCESS_TOKEN_NAME);
+  res.clearCookie(YT_OAUTH_REFRESH_TOKEN_NAME);
+}
+export function saveOAuthTokensInCookies(res, tokens) {
+  res.cookie(YT_OAUTH_ACCESS_TOKEN_NAME, tokens.access_token, {
+    maxAge: tokens.expires_in * 1000,
+    httpOnly: true,
+    secure: true
+  });
+  if (tokens.refresh_token) {
+    res.cookie(YT_OAUTH_REFRESH_TOKEN_NAME, tokens.refresh_token, {
+      maxAge: tokens.refresh_expires_in,
+      httpOnly: true,
+      secure: true
+    });
+  }
+}
+export function getOAuthLoginPath(req) {
+  var config = getOAuthSettings(req);
+  var host = req.get('host');
+  var params = new URLSearchParams({
+    response_type: 'code',
+    client_id: config.clientId,
+    scope: config.scope,
+    redirect_uri: "https://".concat(host, "/api/oauth/callback")
+  });
+  var url = new URL(config.authPath, config.baseURL);
+  url.search = params.toString();
+  return url.toString();
+}
+export function getOAuthLogoutPath(req) {
+  var config = getOAuthSettings(req);
+  var host = req.get('host');
+  var params = new URLSearchParams({
+    post_logout_redirect_uri: "https://".concat(host, "/api/oauth/logout/callback"),
+    client_id: config.clientId
+  });
+  var url = new URL(config.logoutPath, config.baseURL);
+  url.search = params.toString();
+  return url.toString();
+}
+export function refreshOAuthToken(_x3, _x4) {
+  return _refreshOAuthToken.apply(this, arguments);
+}
+function _refreshOAuthToken() {
+  _refreshOAuthToken = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee2(req, token) {
+    var config, params, _yield$axios$post, data;
+    return _regeneratorRuntime.wrap(function _callee2$(_context2) {
+      while (1) switch (_context2.prev = _context2.next) {
+        case 0:
+          config = getOAuthSettings(req);
+          params = new URLSearchParams({
+            grant_type: 'refresh_token',
+            client_id: config === null || config === void 0 ? void 0 : config.clientId,
+            refresh_token: token,
+            client_secret: config === null || config === void 0 ? void 0 : config.clientSecret
+          });
+          _context2.next = 4;
+          return axios.post(new URL(config.tokenPath, config.baseURL).toString(), params.toString(), {
+            headers: {
+              'Content-type': 'application/x-www-form-urlencoded'
+            }
+          });
+        case 4:
+          _yield$axios$post = _context2.sent;
+          data = _yield$axios$post.data;
+          return _context2.abrupt("return", data);
+        case 7:
+        case "end":
+          return _context2.stop();
+      }
+    }, _callee2);
+  }));
+  return _refreshOAuthToken.apply(this, arguments);
+}
+export function exchangeOAuthToken(_x5, _x6) {
+  return _exchangeOAuthToken.apply(this, arguments);
+}
+function _exchangeOAuthToken() {
+  _exchangeOAuthToken = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee3(req, code) {
+    var config, host, params, _yield$axios$post2, data;
+    return _regeneratorRuntime.wrap(function _callee3$(_context3) {
+      while (1) switch (_context3.prev = _context3.next) {
+        case 0:
+          config = getOAuthSettings(req);
+          host = req.get('host');
+          params = new URLSearchParams({
+            grant_type: 'authorization_code',
+            client_id: config.clientId,
+            code: code,
+            client_secret: config.clientSecret,
+            redirect_uri: "https://".concat(host, "/api/oauth/callback")
+          });
+          _context3.next = 5;
+          return axios.post(new URL(config.tokenPath, config.baseURL).toString(), params.toString(), {
+            headers: {
+              'Content-type': 'application/x-www-form-urlencoded'
+            }
+          });
+        case 5:
+          _yield$axios$post2 = _context3.sent;
+          data = _yield$axios$post2.data;
+          return _context3.abrupt("return", data);
+        case 8:
+        case "end":
+          return _context3.stop();
+      }
+    }, _callee3);
+  }));
+  return _exchangeOAuthToken.apply(this, arguments);
+}
+// #sourceMappingURL=oauth.js.map

package/build/esm/server/components/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["axios","YT_OAUTH_ACCESS_TOKEN_NAME","YT_OAUTH_REFRESH_TOKEN_NAME","isOAuthAllowed","req","config","ctx","ytOAuthSettings","Boolean","baseURL","authPath","tokenPath","clientId","clientSecret","getOAuthSettings","Error","isUserOAuthLogged","cookies","getOAuthAccessToken","_x","_x2","_getOAuthAccessToken","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee","res","tokens","wrap","_callee$","_context","prev","next","abrupt","refreshOAuthToken","sent","saveOAuthTokensInCookies","access_token","undefined","stop","removeOAuthCookies","clearCookie","cookie","maxAge","expires_in","httpOnly","secure","refresh_token","refresh_expires_in","getOAuthLoginPath","host","get","params","URLSearchParams","response_type","client_id","scope","redirect_uri","concat","url","URL","search","toString","getOAuthLogoutPath","post_logout_redirect_uri","logoutPath","_x3","_x4","_refreshOAuthToken","_callee2","token","_yield$axios$post","data","_callee2$","_context2","grant_type","client_secret","post","headers","exchangeOAuthToken","_x5","_x6","_exchangeOAuthToken","_callee3","code","_yield$axios$post2","_callee3$","_context3"],"sources":["oauth.ts"],"sourcesContent":["import axios from 'axios';\nimport type {Request, Response} from 'express';\nimport {YT_OAUTH_ACCESS_TOKEN_NAME, YT_OAUTH_REFRESH_TOKEN_NAME} from '../../shared/constants';\n\nexport function isOAuthAllowed(req: Request) {\n    const config = req.ctx.config.ytOAuthSettings;\n    return Boolean(\n        config &&\n            config.baseURL &&\n            config.authPath &&\n            config.tokenPath &&\n            config.clientId &&\n            config.clientSecret,\n    );\n}\n\nexport function getOAuthSettings(req: Request) {\n    const config = req.ctx.config.ytOAuthSettings;\n    if (!config) {\n        throw new Error('OAuth settings is not specified');\n    }\n    return config;\n}\n\n// See https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.3.3\nexport type OAuthAuthorizationTokens = {\n    access_token: string;\n    expires_in: number;\n    refresh_token: string;\n    refresh_expires_in: number;\n};\n\nexport function isUserOAuthLogged(req: Request) {\n    return (\n        Boolean(req.cookies[YT_OAUTH_ACCESS_TOKEN_NAME]) ||\n        Boolean(req.cookies[YT_OAUTH_REFRESH_TOKEN_NAME])\n    );\n}\n\nexport async function getOAuthAccessToken(req: Request, res: Response) {\n    if (req.cookies[YT_OAUTH_ACCESS_TOKEN_NAME]) {\n        return req.cookies[YT_OAUTH_ACCESS_TOKEN_NAME];\n    } else if (req.cookies[YT_OAUTH_REFRESH_TOKEN_NAME]) {\n        const tokens = await refreshOAuthToken(\n            req,\n            req.cookies[YT_OAUTH_REFRESH_TOKEN_NAME] as string,\n        );\n        saveOAuthTokensInCookies(res, tokens);\n        return tokens.access_token;\n    }\n    return undefined;\n}\n\nexport function removeOAuthCookies(res: Response) {\n    res.clearCookie(YT_OAUTH_ACCESS_TOKEN_NAME);\n    res.clearCookie(YT_OAUTH_REFRESH_TOKEN_NAME);\n}\n\nexport function saveOAuthTokensInCookies(res: Response, tokens: OAuthAuthorizationTokens) {\n    res.cookie(YT_OAUTH_ACCESS_TOKEN_NAME, tokens.access_token, {\n        maxAge: tokens.expires_in * 1000,\n        httpOnly: true,\n        secure: true,\n    });\n\n    if (tokens.refresh_token) {\n        res.cookie(YT_OAUTH_REFRESH_TOKEN_NAME, tokens.refresh_token, {\n            maxAge: tokens.refresh_expires_in,\n            httpOnly: true,\n            secure: true,\n        });\n    }\n}\n\nexport function getOAuthLoginPath(req: Request) {\n    const config = getOAuthSettings(req);\n    const host = req.get('host');\n    const params = new URLSearchParams({\n        response_type: 'code',\n        client_id: config.clientId,\n        scope: config.scope,\n        redirect_uri: `https://${host}/api/oauth/callback`,\n    });\n\n    const url = new URL(config.authPath, config.baseURL);\n    url.search = params.toString();\n\n    return url.toString();\n}\n\nexport function getOAuthLogoutPath(req: Request) {\n    const config = getOAuthSettings(req);\n    const host = req.get('host');\n    const params = new URLSearchParams({\n        post_logout_redirect_uri: `https://${host}/api/oauth/logout/callback`,\n        client_id: config.clientId,\n    });\n\n    const url = new URL(config.logoutPath, config.baseURL);\n    url.search = params.toString();\n\n    return url.toString();\n}\n\nexport async function refreshOAuthToken(\n    req: Request,\n    token: string,\n): Promise<OAuthAuthorizationTokens> {\n    const config = getOAuthSettings(req);\n    const params = new URLSearchParams({\n        grant_type: 'refresh_token',\n        client_id: config?.clientId,\n        refresh_token: token,\n        client_secret: config?.clientSecret,\n    });\n    const {data} = await axios.post(\n        new URL(config.tokenPath, config.baseURL).toString(),\n        params.toString(),\n        {\n            headers: {\n                'Content-type': 'application/x-www-form-urlencoded',\n            },\n        },\n    );\n    return data;\n}\n\nexport async function exchangeOAuthToken(\n    req: Request,\n    code: string,\n): Promise<OAuthAuthorizationTokens> {\n    const config = getOAuthSettings(req);\n    const host = req.get('host');\n    const params = new URLSearchParams({\n        grant_type: 'authorization_code',\n        client_id: config.clientId,\n        code: code as string,\n        client_secret: config.clientSecret,\n        redirect_uri: `https://${host}/api/oauth/callback`,\n    });\n\n    const {data} = await axios.post(\n        new URL(config.tokenPath, config.baseURL).toString(),\n        params.toString(),\n        {\n            headers: {\n                'Content-type': 'application/x-www-form-urlencoded',\n            },\n        },\n    );\n    return data;\n}\n"],"mappings":";;AAAA,OAAOA,KAAK,MAAM,OAAO;AAEzB,SAAQC,0BAA0B,EAAEC,2BAA2B,QAAO,wBAAwB;AAE9F,OAAO,SAASC,cAAcA,CAACC,GAAY,EAAE;EACzC,IAAMC,MAAM,GAAGD,GAAG,CAACE,GAAG,CAACD,MAAM,CAACE,eAAe;EAC7C,OAAOC,OAAO,CACVH,MAAM,IACFA,MAAM,CAACI,OAAO,IACdJ,MAAM,CAACK,QAAQ,IACfL,MAAM,CAACM,SAAS,IAChBN,MAAM,CAACO,QAAQ,IACfP,MAAM,CAACQ,YACf,CAAC;AACL;AAEA,OAAO,SAASC,gBAAgBA,CAACV,GAAY,EAAE;EAC3C,IAAMC,MAAM,GAAGD,GAAG,CAACE,GAAG,CAACD,MAAM,CAACE,eAAe;EAC7C,IAAI,CAACF,MAAM,EAAE;IACT,MAAM,IAAIU,KAAK,CAAC,iCAAiC,CAAC;EACtD;EACA,OAAOV,MAAM;AACjB;;AAEA;;AAQA,OAAO,SAASW,iBAAiBA,CAACZ,GAAY,EAAE;EAC5C,OACII,OAAO,CAACJ,GAAG,CAACa,OAAO,CAAChB,0BAA0B,CAAC,CAAC,IAChDO,OAAO,CAACJ,GAAG,CAACa,OAAO,CAACf,2BAA2B,CAAC,CAAC;AAEzD;AAEA,gBAAsBgB,mBAAmBA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,oBAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAYxC,SAAAF,qBAAA;EAAAA,oBAAA,GAAAG,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAZM,SAAAC,QAAmCvB,GAAY,EAAEwB,GAAa;IAAA,IAAAC,MAAA;IAAA,OAAAJ,mBAAA,CAAAK,IAAA,UAAAC,SAAAC,QAAA;MAAA,kBAAAA,QAAA,CAAAC,IAAA,GAAAD,QAAA,CAAAE,IAAA;QAAA;UAAA,KAC7D9B,GAAG,CAACa,OAAO,CAAChB,0BAA0B,CAAC;YAAA+B,QAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,OAAAF,QAAA,CAAAG,MAAA,WAChC/B,GAAG,CAACa,OAAO,CAAChB,0BAA0B,CAAC;QAAA;UAAA,KACvCG,GAAG,CAACa,OAAO,CAACf,2BAA2B,CAAC;YAAA8B,QAAA,CAAAE,IAAA;YAAA;UAAA;UAAAF,QAAA,CAAAE,IAAA;UAAA,OAC1BE,iBAAiB,CAClChC,GAAG,EACHA,GAAG,CAACa,OAAO,CAACf,2BAA2B,CAC3C,CAAC;QAAA;UAHK2B,MAAM,GAAAG,QAAA,CAAAK,IAAA;UAIZC,wBAAwB,CAACV,GAAG,EAAEC,MAAM,CAAC;UAAC,OAAAG,QAAA,CAAAG,MAAA,WAC/BN,MAAM,CAACU,YAAY;QAAA;UAAA,OAAAP,QAAA,CAAAG,MAAA,WAEvBK,SAAS;QAAA;QAAA;UAAA,OAAAR,QAAA,CAAAS,IAAA;MAAA;IAAA,GAAAd,OAAA;EAAA,CACnB;EAAA,OAAAN,oBAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAED,OAAO,SAASmB,kBAAkBA,CAACd,GAAa,EAAE;EAC9CA,GAAG,CAACe,WAAW,CAAC1C,0BAA0B,CAAC;EAC3C2B,GAAG,CAACe,WAAW,CAACzC,2BAA2B,CAAC;AAChD;AAEA,OAAO,SAASoC,wBAAwBA,CAACV,GAAa,EAAEC,MAAgC,EAAE;EACtFD,GAAG,CAACgB,MAAM,CAAC3C,0BAA0B,EAAE4B,MAAM,CAACU,YAAY,EAAE;IACxDM,MAAM,EAAEhB,MAAM,CAACiB,UAAU,GAAG,IAAI;IAChCC,QAAQ,EAAE,IAAI;IACdC,MAAM,EAAE;EACZ,CAAC,CAAC;EAEF,IAAInB,MAAM,CAACoB,aAAa,EAAE;IACtBrB,GAAG,CAACgB,MAAM,CAAC1C,2BAA2B,EAAE2B,MAAM,CAACoB,aAAa,EAAE;MAC1DJ,MAAM,EAAEhB,MAAM,CAACqB,kBAAkB;MACjCH,QAAQ,EAAE,IAAI;MACdC,MAAM,EAAE;IACZ,CAAC,CAAC;EACN;AACJ;AAEA,OAAO,SAASG,iBAAiBA,CAAC/C,GAAY,EAAE;EAC5C,IAAMC,MAAM,GAAGS,gBAAgB,CAACV,GAAG,CAAC;EACpC,IAAMgD,IAAI,GAAGhD,GAAG,CAACiD,GAAG,CAAC,MAAM,CAAC;EAC5B,IAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IAC/BC,aAAa,EAAE,MAAM;IACrBC,SAAS,EAAEpD,MAAM,CAACO,QAAQ;IAC1B8C,KAAK,EAAErD,MAAM,CAACqD,KAAK;IACnBC,YAAY,aAAAC,MAAA,CAAaR,IAAI;EACjC,CAAC,CAAC;EAEF,IAAMS,GAAG,GAAG,IAAIC,GAAG,CAACzD,MAAM,CAACK,QAAQ,EAAEL,MAAM,CAACI,OAAO,CAAC;EACpDoD,GAAG,CAACE,MAAM,GAAGT,MAAM,CAACU,QAAQ,CAAC,CAAC;EAE9B,OAAOH,GAAG,CAACG,QAAQ,CAAC,CAAC;AACzB;AAEA,OAAO,SAASC,kBAAkBA,CAAC7D,GAAY,EAAE;EAC7C,IAAMC,MAAM,GAAGS,gBAAgB,CAACV,GAAG,CAAC;EACpC,IAAMgD,IAAI,GAAGhD,GAAG,CAACiD,GAAG,CAAC,MAAM,CAAC;EAC5B,IAAMC,MAAM,GAAG,IAAIC,eAAe,CAAC;IAC/BW,wBAAwB,aAAAN,MAAA,CAAaR,IAAI,+BAA4B;IACrEK,SAAS,EAAEpD,MAAM,CAACO;EACtB,CAAC,CAAC;EAEF,IAAMiD,GAAG,GAAG,IAAIC,GAAG,CAACzD,MAAM,CAAC8D,UAAU,EAAE9D,MAAM,CAACI,OAAO,CAAC;EACtDoD,GAAG,CAACE,MAAM,GAAGT,MAAM,CAACU,QAAQ,CAAC,CAAC;EAE9B,OAAOH,GAAG,CAACG,QAAQ,CAAC,CAAC;AACzB;AAEA,gBAAsB5B,iBAAiBA,CAAAgC,GAAA,EAAAC,GAAA;EAAA,OAAAC,kBAAA,CAAAhD,KAAA,OAAAC,SAAA;AAAA;AAqBtC,SAAA+C,mBAAA;EAAAA,kBAAA,GAAA9C,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CArBM,SAAA6C,SACHnE,GAAY,EACZoE,KAAa;IAAA,IAAAnE,MAAA,EAAAiD,MAAA,EAAAmB,iBAAA,EAAAC,IAAA;IAAA,OAAAjD,mBAAA,CAAAK,IAAA,UAAA6C,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAA3C,IAAA,GAAA2C,SAAA,CAAA1C,IAAA;QAAA;UAEP7B,MAAM,GAAGS,gBAAgB,CAACV,GAAG,CAAC;UAC9BkD,MAAM,GAAG,IAAIC,eAAe,CAAC;YAC/BsB,UAAU,EAAE,eAAe;YAC3BpB,SAAS,EAAEpD,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEO,QAAQ;YAC3BqC,aAAa,EAAEuB,KAAK;YACpBM,aAAa,EAAEzE,MAAM,aAANA,MAAM,uBAANA,MAAM,CAAEQ;UAC3B,CAAC,CAAC;UAAA+D,SAAA,CAAA1C,IAAA;UAAA,OACmBlC,KAAK,CAAC+E,IAAI,CAC3B,IAAIjB,GAAG,CAACzD,MAAM,CAACM,SAAS,EAAEN,MAAM,CAACI,OAAO,CAAC,CAACuD,QAAQ,CAAC,CAAC,EACpDV,MAAM,CAACU,QAAQ,CAAC,CAAC,EACjB;YACIgB,OAAO,EAAE;cACL,cAAc,EAAE;YACpB;UACJ,CACJ,CAAC;QAAA;UAAAP,iBAAA,GAAAG,SAAA,CAAAvC,IAAA;UARMqC,IAAI,GAAAD,iBAAA,CAAJC,IAAI;UAAA,OAAAE,SAAA,CAAAzC,MAAA,WASJuC,IAAI;QAAA;QAAA;UAAA,OAAAE,SAAA,CAAAnC,IAAA;MAAA;IAAA,GAAA8B,QAAA;EAAA,CACd;EAAA,OAAAD,kBAAA,CAAAhD,KAAA,OAAAC,SAAA;AAAA;AAED,gBAAsB0D,kBAAkBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,mBAAA,CAAA9D,KAAA,OAAAC,SAAA;AAAA;AAwBvC,SAAA6D,oBAAA;EAAAA,mBAAA,GAAA5D,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAxBM,SAAA2D,SACHjF,GAAY,EACZkF,IAAY;IAAA,IAAAjF,MAAA,EAAA+C,IAAA,EAAAE,MAAA,EAAAiC,kBAAA,EAAAb,IAAA;IAAA,OAAAjD,mBAAA,CAAAK,IAAA,UAAA0D,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAxD,IAAA,GAAAwD,SAAA,CAAAvD,IAAA;QAAA;UAEN7B,MAAM,GAAGS,gBAAgB,CAACV,GAAG,CAAC;UAC9BgD,IAAI,GAAGhD,GAAG,CAACiD,GAAG,CAAC,MAAM,CAAC;UACtBC,MAAM,GAAG,IAAIC,eAAe,CAAC;YAC/BsB,UAAU,EAAE,oBAAoB;YAChCpB,SAAS,EAAEpD,MAAM,CAACO,QAAQ;YAC1B0E,IAAI,EAAEA,IAAc;YACpBR,aAAa,EAAEzE,MAAM,CAACQ,YAAY;YAClC8C,YAAY,aAAAC,MAAA,CAAaR,IAAI;UACjC,CAAC,CAAC;UAAAqC,SAAA,CAAAvD,IAAA;UAAA,OAEmBlC,KAAK,CAAC+E,IAAI,CAC3B,IAAIjB,GAAG,CAACzD,MAAM,CAACM,SAAS,EAAEN,MAAM,CAACI,OAAO,CAAC,CAACuD,QAAQ,CAAC,CAAC,EACpDV,MAAM,CAACU,QAAQ,CAAC,CAAC,EACjB;YACIgB,OAAO,EAAE;cACL,cAAc,EAAE;YACpB;UACJ,CACJ,CAAC;QAAA;UAAAO,kBAAA,GAAAE,SAAA,CAAApD,IAAA;UARMqC,IAAI,GAAAa,kBAAA,CAAJb,IAAI;UAAA,OAAAe,SAAA,CAAAtD,MAAA,WASJuC,IAAI;QAAA;QAAA;UAAA,OAAAe,SAAA,CAAAhD,IAAA;MAAA;IAAA,GAAA4C,QAAA;EAAA,CACd;EAAA,OAAAD,mBAAA,CAAA9D,KAAA,OAAAC,SAAA;AAAA"}

package/build/esm/server/components/yt-auth.d.ts

@@ -0,0 +1,6 @@
+import { AppConfig } from '@gravity-ui/nodekit';
+import type { Response } from 'express';
+export declare function isYtAuthEnabled(config: AppConfig): boolean;
+export declare function assertAuthEnabled(ytAuthCluster?: string): asserts ytAuthCluster is string;
+export declare function getAuthCluster(config: AppConfig): string;
+export declare function YTAuthLogout(res: Response): void;

package/build/esm/server/components/yt-auth.js

@@ -0,0 +1,17 @@
+import { YT_CYPRESS_COOKIE_NAME } from '../../shared/constants';
+export function isYtAuthEnabled(config) {
+  return Boolean(config.ytAuthCluster);
+}
+export function assertAuthEnabled(ytAuthCluster) {
+  if (!ytAuthCluster) {
+    throw new Error('Cluster for password authentication is disabled. You have to define ytAuthCluster to use it.');
+  }
+}
+export function getAuthCluster(config) {
+  assertAuthEnabled(config.ytAuthCluster);
+  return config.ytAuthCluster;
+}
+export function YTAuthLogout(res) {
+  res.setHeader('set-cookie', "".concat(YT_CYPRESS_COOKIE_NAME, "=deleted; Path=/; Max-Age=0;"));
+}
+// #sourceMappingURL=yt-auth.js.map

package/build/esm/server/components/yt-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["YT_CYPRESS_COOKIE_NAME","isYtAuthEnabled","config","Boolean","ytAuthCluster","assertAuthEnabled","Error","getAuthCluster","YTAuthLogout","res","setHeader","concat"],"sources":["yt-auth.ts"],"sourcesContent":["import {AppConfig} from '@gravity-ui/nodekit';\nimport type {Response} from 'express';\nimport {YT_CYPRESS_COOKIE_NAME} from '../../shared/constants';\n\nexport function isYtAuthEnabled(config: AppConfig) {\n    return Boolean(config.ytAuthCluster);\n}\n\nexport function assertAuthEnabled(ytAuthCluster?: string): asserts ytAuthCluster is string {\n    if (!ytAuthCluster) {\n        throw new Error(\n            'Cluster for password authentication is disabled. You have to define ytAuthCluster to use it.',\n        );\n    }\n}\n\nexport function getAuthCluster(config: AppConfig) {\n    assertAuthEnabled(config.ytAuthCluster);\n    return config.ytAuthCluster;\n}\n\nexport function YTAuthLogout(res: Response) {\n    res.setHeader('set-cookie', `${YT_CYPRESS_COOKIE_NAME}=deleted; Path=/; Max-Age=0;`);\n}\n"],"mappings":"AAEA,SAAQA,sBAAsB,QAAO,wBAAwB;AAE7D,OAAO,SAASC,eAAeA,CAACC,MAAiB,EAAE;EAC/C,OAAOC,OAAO,CAACD,MAAM,CAACE,aAAa,CAAC;AACxC;AAEA,OAAO,SAASC,iBAAiBA,CAACD,aAAsB,EAAmC;EACvF,IAAI,CAACA,aAAa,EAAE;IAChB,MAAM,IAAIE,KAAK,CACX,8FACJ,CAAC;EACL;AACJ;AAEA,OAAO,SAASC,cAAcA,CAACL,MAAiB,EAAE;EAC9CG,iBAAiB,CAACH,MAAM,CAACE,aAAa,CAAC;EACvC,OAAOF,MAAM,CAACE,aAAa;AAC/B;AAEA,OAAO,SAASI,YAAYA,CAACC,GAAa,EAAE;EACxCA,GAAG,CAACC,SAAS,CAAC,YAAY,KAAAC,MAAA,CAAKX,sBAAsB,iCAA8B,CAAC;AACxF"}

package/build/esm/server/controllers/login.d.ts

@@ -1,4 +1,3 @@
 import type { Request, Response } from 'express';
 export declare function handleLogin(req: Request, res: Response): Promise<void>;
-export declare function handleLogout(req: Request, res: Response): Promise<void>;
 export declare function handleChangePassword(req: Request, res: Response): Promise<void>;

package/build/esm/server/controllers/login.js

@@ -12,10 +12,8 @@ import crypto from 'crypto';
 // @ts-ignore
 import ytLib from '@ytsaurus/javascript-wrapper';
 import { getXSRFToken } from '../components/cluster-queries';
+import { getAuthCluster } from '../components/yt-auth';
 var yt = ytLib();
-function throwAuthDisabled() {
-  throw new Error('Cluster for password authentication is disabled. You have to define ytAuthCluster to use it.');
-}
 export function handleLogin(_x, _x2) {
   return _handleLogin.apply(this, arguments);
 }
@@ -26,24 +24,18 @@ function _handleLogin() {
       while (1) switch (_context2.prev = _context2.next) {
         case 0:
           _context2.prev = 0;
-          ytAuthCluster = req.ctx.config.ytAuthCluster;
-          if (ytAuthCluster) {
-            _context2.next = 4;
-            break;
-          }
-          return _context2.abrupt("return", throwAuthDisabled());
-        case 4:
+          ytAuthCluster = getAuthCluster(req.ctx.config);
           _ref = JSON.parse(req.body) || {}, username = _ref.username, password = _ref.password;
           if (!(!username || !password)) {
-            _context2.next = 7;
+            _context2.next = 5;
             break;
           }
           throw new Error('Username and password must not be empty');
-        case 7:
+        case 5:
           _getYTApiClusterSetup = getYTApiClusterSetup(ytAuthCluster), proxyBaseUrl = _getYTApiClusterSetup.proxyBaseUrl;
           requestUrl = "".concat(proxyBaseUrl, "/login");
           basicAuth = Buffer.from("".concat(username, ":").concat(password)).toString('base64');
-          _context2.next = 12;
+          _context2.next = 10;
           return axios.request({
             url: requestUrl,
             method: req.method,
@@ -75,22 +67,22 @@ function _handleLogin() {
                 }
               }, _callee);
             }));
-            return function (_x7) {
+            return function (_x5) {
               return _ref2.apply(this, arguments);
             };
           }());
-        case 12:
-          _context2.next = 17;
+        case 10:
+          _context2.next = 15;
           break;
-        case 14:
-          _context2.prev = 14;
+        case 12:
+          _context2.prev = 12;
           _context2.t0 = _context2["catch"](0);
           sendAndLogError(req.ctx, res, 500, _context2.t0);
-        case 17:
+        case 15:
         case "end":
           return _context2.stop();
       }
-    }, _callee2, null, [[0, 14]]);
+    }, _callee2, null, [[0, 12]]);
   }));
   return _handleLogin.apply(this, arguments);
 }
@@ -115,86 +107,47 @@ function removeSecureFlagIfOriginInsecure(req, headers) {
     return acc;
   }, {});
 }
-export function handleLogout(_x3, _x4) {
-  return _handleLogout.apply(this, arguments);
-}
-function _handleLogout() {
-  _handleLogout = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee3(req, res) {
-    var ytAuthCluster;
-    return _regeneratorRuntime.wrap(function _callee3$(_context3) {
-      while (1) switch (_context3.prev = _context3.next) {
-        case 0:
-          _context3.prev = 0;
-          ytAuthCluster = req.ctx.config.ytAuthCluster;
-          if (ytAuthCluster) {
-            _context3.next = 4;
-            break;
-          }
-          return _context3.abrupt("return", throwAuthDisabled());
-        case 4:
-          res.setHeader('set-cookie', "".concat(YT_CYPRESS_COOKIE_NAME, "=deleted; Path=/; Max-Age=0;"));
-          res.status(401).send('Logout');
-          _context3.next = 11;
-          break;
-        case 8:
-          _context3.prev = 8;
-          _context3.t0 = _context3["catch"](0);
-          sendAndLogError(req.ctx, res, 500, _context3.t0);
-        case 11:
-        case "end":
-          return _context3.stop();
-      }
-    }, _callee3, null, [[0, 8]]);
-  }));
-  return _handleLogout.apply(this, arguments);
-}
-export function handleChangePassword(_x5, _x6) {
+export function handleChangePassword(_x3, _x4) {
   return _handleChangePassword.apply(this, arguments);
 }
 function _handleChangePassword() {
-  _handleChangePassword = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee4(req, res) {
+  _handleChangePassword = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee3(req, res) {
     var ytAuthCluster, _ref3, newPassword, currentPassword, new_password_sha256, current_password_sha256, cfg, _cfg, setup, _yield$getXSRFToken, login, csrf_token;
-    return _regeneratorRuntime.wrap(function _callee4$(_context4) {
-      while (1) switch (_context4.prev = _context4.next) {
+    return _regeneratorRuntime.wrap(function _callee3$(_context3) {
+      while (1) switch (_context3.prev = _context3.next) {
         case 0:
-          _context4.prev = 0;
-          ytAuthCluster = req.ctx.config.ytAuthCluster;
-          if (ytAuthCluster) {
-            _context4.next = 4;
-            break;
-          }
-          return _context4.abrupt("return", throwAuthDisabled());
-        case 4:
+          _context3.prev = 0;
+          ytAuthCluster = getAuthCluster(req.ctx.config);
           _ref3 = JSON.parse(req.body) || {}, newPassword = _ref3.newPassword, currentPassword = _ref3.currentPassword;
           if (!(!newPassword || !currentPassword)) {
-            _context4.next = 7;
+            _context3.next = 5;
             break;
           }
           throw new Error('New and current password must not be empty');
-        case 7:
+        case 5:
           new_password_sha256 = crypto.createHash('sha256').update(newPassword).digest('hex');
           current_password_sha256 = crypto.createHash('sha256').update(currentPassword).digest('hex');
-          _context4.prev = 9;
+          _context3.prev = 7;
           cfg = getUserYTApiSetup(ytAuthCluster, req);
-          _context4.next = 17;
+          _context3.next = 15;
           break;
-        case 13:
-          _context4.prev = 13;
-          _context4.t0 = _context4["catch"](9);
-          sendAndLogError(req.ctx, res, 400, _context4.t0);
-          return _context4.abrupt("return");
-        case 17:
+        case 11:
+          _context3.prev = 11;
+          _context3.t0 = _context3["catch"](7);
+          sendAndLogError(req.ctx, res, 400, _context3.t0);
+          return _context3.abrupt("return");
+        case 15:
           _cfg = cfg, setup = _cfg.setup;
-          _context4.next = 20;
+          _context3.next = 18;
           return getXSRFToken(req, cfg);
-        case 20:
-          _yield$getXSRFToken = _context4.sent;
+        case 18:
+          _yield$getXSRFToken = _context3.sent;
           login = _yield$getXSRFToken.login;
           csrf_token = _yield$getXSRFToken.csrf_token;
           yt.setup.createOption('requestHeaders', 'object', {
             'X-Csrf-Token': csrf_token
           });
-          _context4.next = 26;
+          _context3.next = 24;
           return yt.v4.setUserPassword({
             setup: setup,
             parameters: {
@@ -209,18 +162,18 @@ function _handleChangePassword() {
           })["catch"](function (err) {
             sendAndLogError(req.ctx, res, 500, err);
           });
-        case 26:
-          _context4.next = 31;
+        case 24:
+          _context3.next = 29;
           break;
-        case 28:
-          _context4.prev = 28;
-          _context4.t1 = _context4["catch"](0);
-          sendAndLogError(req.ctx, res, 500, _context4.t1);
-        case 31:
+        case 26:
+          _context3.prev = 26;
+          _context3.t1 = _context3["catch"](0);
+          sendAndLogError(req.ctx, res, 500, _context3.t1);
+        case 29:
         case "end":
-          return _context4.stop();
+          return _context3.stop();
       }
-    }, _callee4, null, [[0, 28], [9, 13]]);
+    }, _callee3, null, [[0, 26], [7, 11]]);
   }));
   return _handleChangePassword.apply(this, arguments);
 }

package/build/esm/server/controllers/login.js.map

@@ -1 +1 @@
-{"version":3,"names":["axios","YT_CYPRESS_COOKIE_NAME","getUserYTApiSetup","getYTApiClusterSetup","UNEXPECTED_PIPE_AXIOS_RESPONSE","pipeAxiosResponse","sendAndLogError","crypto","ytLib","getXSRFToken","yt","throwAuthDisabled","Error","handleLogin","_x","_x2","_handleLogin","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee2","req","res","ytAuthCluster","_ref","username","password","_getYTApiClusterSetup","proxyBaseUrl","requestUrl","basicAuth","wrap","_callee2$","_context2","prev","next","ctx","config","abrupt","JSON","parse","body","concat","Buffer","from","toString","request","url","method","headers","_objectSpread","getMetadata","Authorization","timeout","responseType","then","_ref2","_callee","response","pipedSize","_callee$","_context","undefined","removeSecureFlagIfOriginInsecure","sent","stop","_x7","t0","ytAuthAllowInsecure","origin","startsWith","_reduce","acc","v","k","tmp","_map","item","replace","handleLogout","_x3","_x4","_handleLogout","_callee3","_callee3$","_context3","setHeader","status","send","handleChangePassword","_x5","_x6","_handleChangePassword","_callee4","_ref3","newPassword","currentPassword","new_password_sha256","current_password_sha256","cfg","_cfg","setup","_yield$getXSRFToken","login","csrf_token","_callee4$","_context4","createHash","update","digest","createOption","v4","setUserPassword","parameters","user","result","err","t1"],"sources":["login.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport axios from 'axios';\nimport _ from 'lodash';\nimport {YT_CYPRESS_COOKIE_NAME} from '../../shared/constants';\nimport {getUserYTApiSetup, getYTApiClusterSetup} from '../components/requestsSetup';\nimport {UNEXPECTED_PIPE_AXIOS_RESPONSE, pipeAxiosResponse, sendAndLogError} from '../utils';\nimport crypto from 'crypto';\n\n// @ts-ignore\nimport ytLib from '@ytsaurus/javascript-wrapper';\nimport {getXSRFToken} from '../components/cluster-queries';\n\nconst yt = ytLib();\n\nfunction throwAuthDisabled() {\n    throw new Error(\n        'Cluster for password authentication is disabled. You have to define ytAuthCluster to use it.',\n    );\n}\n\nexport async function handleLogin(req: Request, res: Response) {\n    try {\n        const {ytAuthCluster} = req.ctx.config;\n        if (!ytAuthCluster) {\n            return throwAuthDisabled();\n        }\n\n        const {username, password} = JSON.parse(req.body) || {};\n        if (!username || !password) {\n            throw new Error('Username and password must not be empty');\n        }\n\n        const {proxyBaseUrl} = getYTApiClusterSetup(ytAuthCluster);\n        const requestUrl = `${proxyBaseUrl}/login`;\n\n        const basicAuth = Buffer.from(`${username}:${password}`).toString('base64');\n\n        await axios\n            .request({\n                url: requestUrl,\n                method: req.method as any,\n                headers: {...req.ctx.getMetadata(), Authorization: `Basic ${basicAuth}`},\n                timeout: 10000,\n                responseType: 'stream',\n            })\n            .then(async (response) => {\n                const pipedSize = await pipeAxiosResponse(\n                    req.ctx,\n                    res,\n                    response,\n                    undefined,\n                    (headers) => removeSecureFlagIfOriginInsecure(req, headers),\n                );\n                if (!pipedSize) {\n                    throw new Error(UNEXPECTED_PIPE_AXIOS_RESPONSE);\n                }\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n\nfunction removeSecureFlagIfOriginInsecure(\n    req: Request,\n    headers: Record<string, string | Array<string>>,\n) {\n    const {ytAuthAllowInsecure} = req.ctx.config;\n    const {origin} = req.headers;\n\n    if (!ytAuthAllowInsecure || 'string' !== typeof origin || !origin.startsWith('http://')) {\n        return headers;\n    }\n\n    return _.reduce(\n        headers,\n        (acc, v, k) => {\n            if (k !== 'set-cookie') {\n                acc[k] = v;\n            } else {\n                const tmp = _.map(v as Array<string>, (item) => {\n                    if (item.startsWith(YT_CYPRESS_COOKIE_NAME)) {\n                        return item.replace(/\\s*Secure;/, '');\n                    }\n                    return item;\n                });\n                acc[k] = tmp;\n            }\n            return acc;\n        },\n        {} as typeof headers,\n    );\n}\n\nexport async function handleLogout(req: Request, res: Response) {\n    try {\n        const {ytAuthCluster} = req.ctx.config;\n        if (!ytAuthCluster) {\n            return throwAuthDisabled();\n        }\n        res.setHeader('set-cookie', `${YT_CYPRESS_COOKIE_NAME}=deleted; Path=/; Max-Age=0;`);\n        res.status(401).send('Logout');\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n\nexport async function handleChangePassword(req: Request, res: Response) {\n    try {\n        const {ytAuthCluster} = req.ctx.config;\n        if (!ytAuthCluster) {\n            return throwAuthDisabled();\n        }\n\n        const {newPassword, currentPassword} = JSON.parse(req.body) || {};\n        if (!newPassword || !currentPassword) {\n            throw new Error('New and current password must not be empty');\n        }\n\n        const new_password_sha256 = crypto.createHash('sha256').update(newPassword).digest('hex');\n        const current_password_sha256 = crypto\n            .createHash('sha256')\n            .update(currentPassword)\n            .digest('hex');\n\n        let cfg;\n        try {\n            cfg = getUserYTApiSetup(ytAuthCluster, req);\n        } catch (e: any) {\n            sendAndLogError(req.ctx, res, 400, e);\n            return;\n        }\n\n        const {setup} = cfg;\n        const {login, csrf_token} = await getXSRFToken(req, cfg);\n\n        yt.setup.createOption('requestHeaders', 'object', {\n            'X-Csrf-Token': csrf_token,\n        });\n\n        await yt.v4\n            .setUserPassword({\n                setup,\n                parameters: {user: login, new_password_sha256, current_password_sha256},\n            })\n            .then((result: unknown) => {\n                res.status(200).send({result});\n            })\n            .catch((err: any) => {\n                sendAndLogError(req.ctx, res, 500, err);\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n"],"mappings":";;;;;AACA,OAAOA,KAAK,MAAM,OAAO;AAEzB,SAAQC,sBAAsB,QAAO,wBAAwB;AAC7D,SAAQC,iBAAiB,EAAEC,oBAAoB,QAAO,6BAA6B;AACnF,SAAQC,8BAA8B,EAAEC,iBAAiB,EAAEC,eAAe,QAAO,UAAU;AAC3F,OAAOC,MAAM,MAAM,QAAQ;;AAE3B;AACA,OAAOC,KAAK,MAAM,8BAA8B;AAChD,SAAQC,YAAY,QAAO,+BAA+B;AAE1D,IAAMC,EAAE,GAAGF,KAAK,CAAC,CAAC;AAElB,SAASG,iBAAiBA,CAAA,EAAG;EACzB,MAAM,IAAIC,KAAK,CACX,8FACJ,CAAC;AACL;AAEA,gBAAsBC,WAAWA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAwChC,SAAAF,aAAA;EAAAA,YAAA,GAAAG,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAxCM,SAAAC,SAA2BC,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAAC,IAAA,EAAAC,QAAA,EAAAC,QAAA,EAAAC,qBAAA,EAAAC,YAAA,EAAAC,UAAA,EAAAC,SAAA;IAAA,OAAAZ,mBAAA,CAAAa,IAAA,UAAAC,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAC,IAAA,GAAAD,SAAA,CAAAE,IAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAE9CX,aAAa,GAAIF,GAAG,CAACe,GAAG,CAACC,MAAM,CAA/Bd,aAAa;UAAA,IACfA,aAAa;YAAAU,SAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,OAAAF,SAAA,CAAAK,MAAA,WACP7B,iBAAiB,CAAC,CAAC;QAAA;UAAAe,IAAA,GAGDe,IAAI,CAACC,KAAK,CAACnB,GAAG,CAACoB,IAAI,CAAC,IAAI,CAAC,CAAC,EAAhDhB,QAAQ,GAAAD,IAAA,CAARC,QAAQ,EAAEC,QAAQ,GAAAF,IAAA,CAARE,QAAQ;UAAA,MACrB,CAACD,QAAQ,IAAI,CAACC,QAAQ;YAAAO,SAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,MAChB,IAAIzB,KAAK,CAAC,yCAAyC,CAAC;QAAA;UAAAiB,qBAAA,GAGvC1B,oBAAoB,CAACsB,aAAa,CAAC,EAAnDK,YAAY,GAAAD,qBAAA,CAAZC,YAAY;UACbC,UAAU,MAAAa,MAAA,CAAMd,YAAY;UAE5BE,SAAS,GAAGa,MAAM,CAACC,IAAI,IAAAF,MAAA,CAAIjB,QAAQ,OAAAiB,MAAA,CAAIhB,QAAQ,CAAE,CAAC,CAACmB,QAAQ,CAAC,QAAQ,CAAC;UAAAZ,SAAA,CAAAE,IAAA;UAAA,OAErErC,KAAK,CACNgD,OAAO,CAAC;YACLC,GAAG,EAAElB,UAAU;YACfmB,MAAM,EAAE3B,GAAG,CAAC2B,MAAa;YACzBC,OAAO,EAAAC,aAAA,CAAAA,aAAA,KAAM7B,GAAG,CAACe,GAAG,CAACe,WAAW,CAAC,CAAC;cAAEC,aAAa,WAAAV,MAAA,CAAWZ,SAAS;YAAE,EAAC;YACxEuB,OAAO,EAAE,KAAK;YACdC,YAAY,EAAE;UAClB,CAAC,CAAC,CACDC,IAAI;YAAA,IAAAC,KAAA,GAAAvC,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAAC,SAAAsC,QAAOC,QAAQ;cAAA,IAAAC,SAAA;cAAA,OAAAzC,mBAAA,CAAAa,IAAA,UAAA6B,SAAAC,QAAA;gBAAA,kBAAAA,QAAA,CAAA3B,IAAA,GAAA2B,QAAA,CAAA1B,IAAA;kBAAA;oBAAA0B,QAAA,CAAA1B,IAAA;oBAAA,OACOhC,iBAAiB,CACrCkB,GAAG,CAACe,GAAG,EACPd,GAAG,EACHoC,QAAQ,EACRI,SAAS,EACT,UAACb,OAAO;sBAAA,OAAKc,gCAAgC,CAAC1C,GAAG,EAAE4B,OAAO,CAAC;oBAAA,CAC/D,CAAC;kBAAA;oBANKU,SAAS,GAAAE,QAAA,CAAAG,IAAA;oBAAA,IAOVL,SAAS;sBAAAE,QAAA,CAAA1B,IAAA;sBAAA;oBAAA;oBAAA,MACJ,IAAIzB,KAAK,CAACR,8BAA8B,CAAC;kBAAA;kBAAA;oBAAA,OAAA2D,QAAA,CAAAI,IAAA;gBAAA;cAAA,GAAAR,OAAA;YAAA,CAEtD;YAAA,iBAAAS,GAAA;cAAA,OAAAV,KAAA,CAAAzC,KAAA,OAAAC,SAAA;YAAA;UAAA,IAAC;QAAA;UAAAiB,SAAA,CAAAE,IAAA;UAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAAAD,SAAA,CAAAkC,EAAA,GAAAlC,SAAA;UAEN7B,eAAe,CAACiB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAAW,SAAA,CAAAkC,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAlC,SAAA,CAAAgC,IAAA;MAAA;IAAA,GAAA7C,QAAA;EAAA,CAE7C;EAAA,OAAAN,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAED,SAAS+C,gCAAgCA,CACrC1C,GAAY,EACZ4B,OAA+C,EACjD;EACE,IAAOmB,mBAAmB,GAAI/C,GAAG,CAACe,GAAG,CAACC,MAAM,CAArC+B,mBAAmB;EAC1B,IAAOC,MAAM,GAAIhD,GAAG,CAAC4B,OAAO,CAArBoB,MAAM;EAEb,IAAI,CAACD,mBAAmB,IAAI,QAAQ,KAAK,OAAOC,MAAM,IAAI,CAACA,MAAM,CAACC,UAAU,CAAC,SAAS,CAAC,EAAE;IACrF,OAAOrB,OAAO;EAClB;EAEA,OAAOsB,OAAA,CACHtB,OAAO,EACP,UAACuB,GAAG,EAAEC,CAAC,EAAEC,CAAC,EAAK;IACX,IAAIA,CAAC,KAAK,YAAY,EAAE;MACpBF,GAAG,CAACE,CAAC,CAAC,GAAGD,CAAC;IACd,CAAC,MAAM;MACH,IAAME,GAAG,GAAGC,IAAA,CAAMH,CAAC,EAAmB,UAACI,IAAI,EAAK;QAC5C,IAAIA,IAAI,CAACP,UAAU,CAACvE,sBAAsB,CAAC,EAAE;UACzC,OAAO8E,IAAI,CAACC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;QACzC;QACA,OAAOD,IAAI;MACf,CAAC,CAAC;MACFL,GAAG,CAACE,CAAC,CAAC,GAAGC,GAAG;IAChB;IACA,OAAOH,GAAG;EACd,CAAC,EACD,CAAC,CACL,CAAC;AACL;AAEA,gBAAsBO,YAAYA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,aAAA,CAAAnE,KAAA,OAAAC,SAAA;AAAA;AAWjC,SAAAkE,cAAA;EAAAA,aAAA,GAAAjE,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAXM,SAAAgE,SAA4B9D,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA;IAAA,OAAAL,mBAAA,CAAAa,IAAA,UAAAqD,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAnD,IAAA,GAAAmD,SAAA,CAAAlD,IAAA;QAAA;UAAAkD,SAAA,CAAAnD,IAAA;UAE/CX,aAAa,GAAIF,GAAG,CAACe,GAAG,CAACC,MAAM,CAA/Bd,aAAa;UAAA,IACfA,aAAa;YAAA8D,SAAA,CAAAlD,IAAA;YAAA;UAAA;UAAA,OAAAkD,SAAA,CAAA/C,MAAA,WACP7B,iBAAiB,CAAC,CAAC;QAAA;UAE9Ba,GAAG,CAACgE,SAAS,CAAC,YAAY,KAAA5C,MAAA,CAAK3C,sBAAsB,iCAA8B,CAAC;UACpFuB,GAAG,CAACiE,MAAM,CAAC,GAAG,CAAC,CAACC,IAAI,CAAC,QAAQ,CAAC;UAACH,SAAA,CAAAlD,IAAA;UAAA;QAAA;UAAAkD,SAAA,CAAAnD,IAAA;UAAAmD,SAAA,CAAAlB,EAAA,GAAAkB,SAAA;UAE/BjF,eAAe,CAACiB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAA+D,SAAA,CAAAlB,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAkB,SAAA,CAAApB,IAAA;MAAA;IAAA,GAAAkB,QAAA;EAAA,CAE7C;EAAA,OAAAD,aAAA,CAAAnE,KAAA,OAAAC,SAAA;AAAA;AAED,gBAAsByE,oBAAoBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,qBAAA,CAAA7E,KAAA,OAAAC,SAAA;AAAA;AA+CzC,SAAA4E,sBAAA;EAAAA,qBAAA,GAAA3E,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CA/CM,SAAA0E,SAAoCxE,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAAuE,KAAA,EAAAC,WAAA,EAAAC,eAAA,EAAAC,mBAAA,EAAAC,uBAAA,EAAAC,GAAA,EAAAC,IAAA,EAAAC,KAAA,EAAAC,mBAAA,EAAAC,KAAA,EAAAC,UAAA;IAAA,OAAAtF,mBAAA,CAAAa,IAAA,UAAA0E,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAxE,IAAA,GAAAwE,SAAA,CAAAvE,IAAA;QAAA;UAAAuE,SAAA,CAAAxE,IAAA;UAEvDX,aAAa,GAAIF,GAAG,CAACe,GAAG,CAACC,MAAM,CAA/Bd,aAAa;UAAA,IACfA,aAAa;YAAAmF,SAAA,CAAAvE,IAAA;YAAA;UAAA;UAAA,OAAAuE,SAAA,CAAApE,MAAA,WACP7B,iBAAiB,CAAC,CAAC;QAAA;UAAAqF,KAAA,GAGSvD,IAAI,CAACC,KAAK,CAACnB,GAAG,CAACoB,IAAI,CAAC,IAAI,CAAC,CAAC,EAA1DsD,WAAW,GAAAD,KAAA,CAAXC,WAAW,EAAEC,eAAe,GAAAF,KAAA,CAAfE,eAAe;UAAA,MAC/B,CAACD,WAAW,IAAI,CAACC,eAAe;YAAAU,SAAA,CAAAvE,IAAA;YAAA;UAAA;UAAA,MAC1B,IAAIzB,KAAK,CAAC,4CAA4C,CAAC;QAAA;UAG3DuF,mBAAmB,GAAG5F,MAAM,CAACsG,UAAU,CAAC,QAAQ,CAAC,CAACC,MAAM,CAACb,WAAW,CAAC,CAACc,MAAM,CAAC,KAAK,CAAC;UACnFX,uBAAuB,GAAG7F,MAAM,CACjCsG,UAAU,CAAC,QAAQ,CAAC,CACpBC,MAAM,CAACZ,eAAe,CAAC,CACvBa,MAAM,CAAC,KAAK,CAAC;UAAAH,SAAA,CAAAxE,IAAA;UAIdiE,GAAG,GAAGnG,iBAAiB,CAACuB,aAAa,EAAEF,GAAG,CAAC;UAACqF,SAAA,CAAAvE,IAAA;UAAA;QAAA;UAAAuE,SAAA,CAAAxE,IAAA;UAAAwE,SAAA,CAAAvC,EAAA,GAAAuC,SAAA;UAE5CtG,eAAe,CAACiB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAAoF,SAAA,CAAAvC,EAAG,CAAC;UAAC,OAAAuC,SAAA,CAAApE,MAAA;QAAA;UAAA8D,IAAA,GAI1BD,GAAG,EAAZE,KAAK,GAAAD,IAAA,CAALC,KAAK;UAAAK,SAAA,CAAAvE,IAAA;UAAA,OACsB5B,YAAY,CAACc,GAAG,EAAE8E,GAAG,CAAC;QAAA;UAAAG,mBAAA,GAAAI,SAAA,CAAA1C,IAAA;UAAjDuC,KAAK,GAAAD,mBAAA,CAALC,KAAK;UAAEC,UAAU,GAAAF,mBAAA,CAAVE,UAAU;UAExBhG,EAAE,CAAC6F,KAAK,CAACS,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE;YAC9C,cAAc,EAAEN;UACpB,CAAC,CAAC;UAACE,SAAA,CAAAvE,IAAA;UAAA,OAEG3B,EAAE,CAACuG,EAAE,CACNC,eAAe,CAAC;YACbX,KAAK,EAALA,KAAK;YACLY,UAAU,EAAE;cAACC,IAAI,EAAEX,KAAK;cAAEN,mBAAmB,EAAnBA,mBAAmB;cAAEC,uBAAuB,EAAvBA;YAAuB;UAC1E,CAAC,CAAC,CACD3C,IAAI,CAAC,UAAC4D,MAAe,EAAK;YACvB7F,GAAG,CAACiE,MAAM,CAAC,GAAG,CAAC,CAACC,IAAI,CAAC;cAAC2B,MAAM,EAANA;YAAM,CAAC,CAAC;UAClC,CAAC,CAAC,SACI,CAAC,UAACC,GAAQ,EAAK;YACjBhH,eAAe,CAACiB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAE8F,GAAG,CAAC;UAC3C,CAAC,CAAC;QAAA;UAAAV,SAAA,CAAAvE,IAAA;UAAA;QAAA;UAAAuE,SAAA,CAAAxE,IAAA;UAAAwE,SAAA,CAAAW,EAAA,GAAAX,SAAA;UAENtG,eAAe,CAACiB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAAoF,SAAA,CAAAW,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAX,SAAA,CAAAzC,IAAA;MAAA;IAAA,GAAA4B,QAAA;EAAA,CAE7C;EAAA,OAAAD,qBAAA,CAAA7E,KAAA,OAAAC,SAAA;AAAA"}
+{"version":3,"names":["axios","YT_CYPRESS_COOKIE_NAME","getUserYTApiSetup","getYTApiClusterSetup","UNEXPECTED_PIPE_AXIOS_RESPONSE","pipeAxiosResponse","sendAndLogError","crypto","ytLib","getXSRFToken","getAuthCluster","yt","handleLogin","_x","_x2","_handleLogin","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee2","req","res","ytAuthCluster","_ref","username","password","_getYTApiClusterSetup","proxyBaseUrl","requestUrl","basicAuth","wrap","_callee2$","_context2","prev","next","ctx","config","JSON","parse","body","Error","concat","Buffer","from","toString","request","url","method","headers","_objectSpread","getMetadata","Authorization","timeout","responseType","then","_ref2","_callee","response","pipedSize","_callee$","_context","undefined","removeSecureFlagIfOriginInsecure","sent","stop","_x5","t0","ytAuthAllowInsecure","origin","startsWith","_reduce","acc","v","k","tmp","_map","item","replace","handleChangePassword","_x3","_x4","_handleChangePassword","_callee3","_ref3","newPassword","currentPassword","new_password_sha256","current_password_sha256","cfg","_cfg","setup","_yield$getXSRFToken","login","csrf_token","_callee3$","_context3","createHash","update","digest","abrupt","createOption","v4","setUserPassword","parameters","user","result","status","send","err","t1"],"sources":["login.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport axios from 'axios';\nimport _ from 'lodash';\nimport {YT_CYPRESS_COOKIE_NAME} from '../../shared/constants';\nimport {getUserYTApiSetup, getYTApiClusterSetup} from '../components/requestsSetup';\nimport {UNEXPECTED_PIPE_AXIOS_RESPONSE, pipeAxiosResponse, sendAndLogError} from '../utils';\nimport crypto from 'crypto';\n\n// @ts-ignore\nimport ytLib from '@ytsaurus/javascript-wrapper';\nimport {getXSRFToken} from '../components/cluster-queries';\nimport {getAuthCluster} from '../components/yt-auth';\n\nconst yt = ytLib();\n\nexport async function handleLogin(req: Request, res: Response) {\n    try {\n        const ytAuthCluster = getAuthCluster(req.ctx.config);\n\n        const {username, password} = JSON.parse(req.body) || {};\n        if (!username || !password) {\n            throw new Error('Username and password must not be empty');\n        }\n\n        const {proxyBaseUrl} = getYTApiClusterSetup(ytAuthCluster);\n        const requestUrl = `${proxyBaseUrl}/login`;\n\n        const basicAuth = Buffer.from(`${username}:${password}`).toString('base64');\n\n        await axios\n            .request({\n                url: requestUrl,\n                method: req.method as any,\n                headers: {...req.ctx.getMetadata(), Authorization: `Basic ${basicAuth}`},\n                timeout: 10000,\n                responseType: 'stream',\n            })\n            .then(async (response) => {\n                const pipedSize = await pipeAxiosResponse(\n                    req.ctx,\n                    res,\n                    response,\n                    undefined,\n                    (headers) => removeSecureFlagIfOriginInsecure(req, headers),\n                );\n                if (!pipedSize) {\n                    throw new Error(UNEXPECTED_PIPE_AXIOS_RESPONSE);\n                }\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n\nfunction removeSecureFlagIfOriginInsecure(\n    req: Request,\n    headers: Record<string, string | Array<string>>,\n) {\n    const {ytAuthAllowInsecure} = req.ctx.config;\n    const {origin} = req.headers;\n\n    if (!ytAuthAllowInsecure || 'string' !== typeof origin || !origin.startsWith('http://')) {\n        return headers;\n    }\n\n    return _.reduce(\n        headers,\n        (acc, v, k) => {\n            if (k !== 'set-cookie') {\n                acc[k] = v;\n            } else {\n                const tmp = _.map(v as Array<string>, (item) => {\n                    if (item.startsWith(YT_CYPRESS_COOKIE_NAME)) {\n                        return item.replace(/\\s*Secure;/, '');\n                    }\n                    return item;\n                });\n                acc[k] = tmp;\n            }\n            return acc;\n        },\n        {} as typeof headers,\n    );\n}\n\nexport async function handleChangePassword(req: Request, res: Response) {\n    try {\n        const ytAuthCluster = getAuthCluster(req.ctx.config);\n\n        const {newPassword, currentPassword} = JSON.parse(req.body) || {};\n        if (!newPassword || !currentPassword) {\n            throw new Error('New and current password must not be empty');\n        }\n\n        const new_password_sha256 = crypto.createHash('sha256').update(newPassword).digest('hex');\n        const current_password_sha256 = crypto\n            .createHash('sha256')\n            .update(currentPassword)\n            .digest('hex');\n\n        let cfg;\n        try {\n            cfg = getUserYTApiSetup(ytAuthCluster, req);\n        } catch (e: any) {\n            sendAndLogError(req.ctx, res, 400, e);\n            return;\n        }\n\n        const {setup} = cfg;\n        const {login, csrf_token} = await getXSRFToken(req, cfg);\n\n        yt.setup.createOption('requestHeaders', 'object', {\n            'X-Csrf-Token': csrf_token,\n        });\n\n        await yt.v4\n            .setUserPassword({\n                setup,\n                parameters: {user: login, new_password_sha256, current_password_sha256},\n            })\n            .then((result: unknown) => {\n                res.status(200).send({result});\n            })\n            .catch((err: any) => {\n                sendAndLogError(req.ctx, res, 500, err);\n            });\n    } catch (e: any) {\n        sendAndLogError(req.ctx, res, 500, e);\n    }\n}\n"],"mappings":";;;;;AACA,OAAOA,KAAK,MAAM,OAAO;AAEzB,SAAQC,sBAAsB,QAAO,wBAAwB;AAC7D,SAAQC,iBAAiB,EAAEC,oBAAoB,QAAO,6BAA6B;AACnF,SAAQC,8BAA8B,EAAEC,iBAAiB,EAAEC,eAAe,QAAO,UAAU;AAC3F,OAAOC,MAAM,MAAM,QAAQ;;AAE3B;AACA,OAAOC,KAAK,MAAM,8BAA8B;AAChD,SAAQC,YAAY,QAAO,+BAA+B;AAC1D,SAAQC,cAAc,QAAO,uBAAuB;AAEpD,IAAMC,EAAE,GAAGH,KAAK,CAAC,CAAC;AAElB,gBAAsBI,WAAWA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAqChC,SAAAF,aAAA;EAAAA,YAAA,GAAAG,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CArCM,SAAAC,SAA2BC,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAAC,IAAA,EAAAC,QAAA,EAAAC,QAAA,EAAAC,qBAAA,EAAAC,YAAA,EAAAC,UAAA,EAAAC,SAAA;IAAA,OAAAZ,mBAAA,CAAAa,IAAA,UAAAC,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAAC,IAAA,GAAAD,SAAA,CAAAE,IAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAE/CX,aAAa,GAAGd,cAAc,CAACY,GAAG,CAACe,GAAG,CAACC,MAAM,CAAC;UAAAb,IAAA,GAEvBc,IAAI,CAACC,KAAK,CAAClB,GAAG,CAACmB,IAAI,CAAC,IAAI,CAAC,CAAC,EAAhDf,QAAQ,GAAAD,IAAA,CAARC,QAAQ,EAAEC,QAAQ,GAAAF,IAAA,CAARE,QAAQ;UAAA,MACrB,CAACD,QAAQ,IAAI,CAACC,QAAQ;YAAAO,SAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,MAChB,IAAIM,KAAK,CAAC,yCAAyC,CAAC;QAAA;UAAAd,qBAAA,GAGvCzB,oBAAoB,CAACqB,aAAa,CAAC,EAAnDK,YAAY,GAAAD,qBAAA,CAAZC,YAAY;UACbC,UAAU,MAAAa,MAAA,CAAMd,YAAY;UAE5BE,SAAS,GAAGa,MAAM,CAACC,IAAI,IAAAF,MAAA,CAAIjB,QAAQ,OAAAiB,MAAA,CAAIhB,QAAQ,CAAE,CAAC,CAACmB,QAAQ,CAAC,QAAQ,CAAC;UAAAZ,SAAA,CAAAE,IAAA;UAAA,OAErEpC,KAAK,CACN+C,OAAO,CAAC;YACLC,GAAG,EAAElB,UAAU;YACfmB,MAAM,EAAE3B,GAAG,CAAC2B,MAAa;YACzBC,OAAO,EAAAC,aAAA,CAAAA,aAAA,KAAM7B,GAAG,CAACe,GAAG,CAACe,WAAW,CAAC,CAAC;cAAEC,aAAa,WAAAV,MAAA,CAAWZ,SAAS;YAAE,EAAC;YACxEuB,OAAO,EAAE,KAAK;YACdC,YAAY,EAAE;UAClB,CAAC,CAAC,CACDC,IAAI;YAAA,IAAAC,KAAA,GAAAvC,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAAC,SAAAsC,QAAOC,QAAQ;cAAA,IAAAC,SAAA;cAAA,OAAAzC,mBAAA,CAAAa,IAAA,UAAA6B,SAAAC,QAAA;gBAAA,kBAAAA,QAAA,CAAA3B,IAAA,GAAA2B,QAAA,CAAA1B,IAAA;kBAAA;oBAAA0B,QAAA,CAAA1B,IAAA;oBAAA,OACO/B,iBAAiB,CACrCiB,GAAG,CAACe,GAAG,EACPd,GAAG,EACHoC,QAAQ,EACRI,SAAS,EACT,UAACb,OAAO;sBAAA,OAAKc,gCAAgC,CAAC1C,GAAG,EAAE4B,OAAO,CAAC;oBAAA,CAC/D,CAAC;kBAAA;oBANKU,SAAS,GAAAE,QAAA,CAAAG,IAAA;oBAAA,IAOVL,SAAS;sBAAAE,QAAA,CAAA1B,IAAA;sBAAA;oBAAA;oBAAA,MACJ,IAAIM,KAAK,CAACtC,8BAA8B,CAAC;kBAAA;kBAAA;oBAAA,OAAA0D,QAAA,CAAAI,IAAA;gBAAA;cAAA,GAAAR,OAAA;YAAA,CAEtD;YAAA,iBAAAS,GAAA;cAAA,OAAAV,KAAA,CAAAzC,KAAA,OAAAC,SAAA;YAAA;UAAA,IAAC;QAAA;UAAAiB,SAAA,CAAAE,IAAA;UAAA;QAAA;UAAAF,SAAA,CAAAC,IAAA;UAAAD,SAAA,CAAAkC,EAAA,GAAAlC,SAAA;UAEN5B,eAAe,CAACgB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAAW,SAAA,CAAAkC,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAlC,SAAA,CAAAgC,IAAA;MAAA;IAAA,GAAA7C,QAAA;EAAA,CAE7C;EAAA,OAAAN,YAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAED,SAAS+C,gCAAgCA,CACrC1C,GAAY,EACZ4B,OAA+C,EACjD;EACE,IAAOmB,mBAAmB,GAAI/C,GAAG,CAACe,GAAG,CAACC,MAAM,CAArC+B,mBAAmB;EAC1B,IAAOC,MAAM,GAAIhD,GAAG,CAAC4B,OAAO,CAArBoB,MAAM;EAEb,IAAI,CAACD,mBAAmB,IAAI,QAAQ,KAAK,OAAOC,MAAM,IAAI,CAACA,MAAM,CAACC,UAAU,CAAC,SAAS,CAAC,EAAE;IACrF,OAAOrB,OAAO;EAClB;EAEA,OAAOsB,OAAA,CACHtB,OAAO,EACP,UAACuB,GAAG,EAAEC,CAAC,EAAEC,CAAC,EAAK;IACX,IAAIA,CAAC,KAAK,YAAY,EAAE;MACpBF,GAAG,CAACE,CAAC,CAAC,GAAGD,CAAC;IACd,CAAC,MAAM;MACH,IAAME,GAAG,GAAGC,IAAA,CAAMH,CAAC,EAAmB,UAACI,IAAI,EAAK;QAC5C,IAAIA,IAAI,CAACP,UAAU,CAACtE,sBAAsB,CAAC,EAAE;UACzC,OAAO6E,IAAI,CAACC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;QACzC;QACA,OAAOD,IAAI;MACf,CAAC,CAAC;MACFL,GAAG,CAACE,CAAC,CAAC,GAAGC,GAAG;IAChB;IACA,OAAOH,GAAG;EACd,CAAC,EACD,CAAC,CACL,CAAC;AACL;AAEA,gBAAsBO,oBAAoBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,qBAAA,CAAAnE,KAAA,OAAAC,SAAA;AAAA;AA4CzC,SAAAkE,sBAAA;EAAAA,qBAAA,GAAAjE,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CA5CM,SAAAgE,SAAoC9D,GAAY,EAAEC,GAAa;IAAA,IAAAC,aAAA,EAAA6D,KAAA,EAAAC,WAAA,EAAAC,eAAA,EAAAC,mBAAA,EAAAC,uBAAA,EAAAC,GAAA,EAAAC,IAAA,EAAAC,KAAA,EAAAC,mBAAA,EAAAC,KAAA,EAAAC,UAAA;IAAA,OAAA5E,mBAAA,CAAAa,IAAA,UAAAgE,UAAAC,SAAA;MAAA,kBAAAA,SAAA,CAAA9D,IAAA,GAAA8D,SAAA,CAAA7D,IAAA;QAAA;UAAA6D,SAAA,CAAA9D,IAAA;UAExDX,aAAa,GAAGd,cAAc,CAACY,GAAG,CAACe,GAAG,CAACC,MAAM,CAAC;UAAA+C,KAAA,GAEb9C,IAAI,CAACC,KAAK,CAAClB,GAAG,CAACmB,IAAI,CAAC,IAAI,CAAC,CAAC,EAA1D6C,WAAW,GAAAD,KAAA,CAAXC,WAAW,EAAEC,eAAe,GAAAF,KAAA,CAAfE,eAAe;UAAA,MAC/B,CAACD,WAAW,IAAI,CAACC,eAAe;YAAAU,SAAA,CAAA7D,IAAA;YAAA;UAAA;UAAA,MAC1B,IAAIM,KAAK,CAAC,4CAA4C,CAAC;QAAA;UAG3D8C,mBAAmB,GAAGjF,MAAM,CAAC2F,UAAU,CAAC,QAAQ,CAAC,CAACC,MAAM,CAACb,WAAW,CAAC,CAACc,MAAM,CAAC,KAAK,CAAC;UACnFX,uBAAuB,GAAGlF,MAAM,CACjC2F,UAAU,CAAC,QAAQ,CAAC,CACpBC,MAAM,CAACZ,eAAe,CAAC,CACvBa,MAAM,CAAC,KAAK,CAAC;UAAAH,SAAA,CAAA9D,IAAA;UAIduD,GAAG,GAAGxF,iBAAiB,CAACsB,aAAa,EAAEF,GAAG,CAAC;UAAC2E,SAAA,CAAA7D,IAAA;UAAA;QAAA;UAAA6D,SAAA,CAAA9D,IAAA;UAAA8D,SAAA,CAAA7B,EAAA,GAAA6B,SAAA;UAE5C3F,eAAe,CAACgB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAA0E,SAAA,CAAA7B,EAAG,CAAC;UAAC,OAAA6B,SAAA,CAAAI,MAAA;QAAA;UAAAV,IAAA,GAI1BD,GAAG,EAAZE,KAAK,GAAAD,IAAA,CAALC,KAAK;UAAAK,SAAA,CAAA7D,IAAA;UAAA,OACsB3B,YAAY,CAACa,GAAG,EAAEoE,GAAG,CAAC;QAAA;UAAAG,mBAAA,GAAAI,SAAA,CAAAhC,IAAA;UAAjD6B,KAAK,GAAAD,mBAAA,CAALC,KAAK;UAAEC,UAAU,GAAAF,mBAAA,CAAVE,UAAU;UAExBpF,EAAE,CAACiF,KAAK,CAACU,YAAY,CAAC,gBAAgB,EAAE,QAAQ,EAAE;YAC9C,cAAc,EAAEP;UACpB,CAAC,CAAC;UAACE,SAAA,CAAA7D,IAAA;UAAA,OAEGzB,EAAE,CAAC4F,EAAE,CACNC,eAAe,CAAC;YACbZ,KAAK,EAALA,KAAK;YACLa,UAAU,EAAE;cAACC,IAAI,EAAEZ,KAAK;cAAEN,mBAAmB,EAAnBA,mBAAmB;cAAEC,uBAAuB,EAAvBA;YAAuB;UAC1E,CAAC,CAAC,CACDjC,IAAI,CAAC,UAACmD,MAAe,EAAK;YACvBpF,GAAG,CAACqF,MAAM,CAAC,GAAG,CAAC,CAACC,IAAI,CAAC;cAACF,MAAM,EAANA;YAAM,CAAC,CAAC;UAClC,CAAC,CAAC,SACI,CAAC,UAACG,GAAQ,EAAK;YACjBxG,eAAe,CAACgB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAEuF,GAAG,CAAC;UAC3C,CAAC,CAAC;QAAA;UAAAb,SAAA,CAAA7D,IAAA;UAAA;QAAA;UAAA6D,SAAA,CAAA9D,IAAA;UAAA8D,SAAA,CAAAc,EAAA,GAAAd,SAAA;UAEN3F,eAAe,CAACgB,GAAG,CAACe,GAAG,EAAEd,GAAG,EAAE,GAAG,EAAA0E,SAAA,CAAAc,EAAG,CAAC;QAAC;QAAA;UAAA,OAAAd,SAAA,CAAA/B,IAAA;MAAA;IAAA,GAAAkB,QAAA;EAAA,CAE7C;EAAA,OAAAD,qBAAA,CAAAnE,KAAA,OAAAC,SAAA;AAAA"}

package/build/esm/server/controllers/logout.d.ts

@@ -0,0 +1,2 @@
+import type { Request, Response } from 'express';
+export declare function handleLogout(req: Request, res: Response): void;

package/build/esm/server/controllers/logout.js

@@ -0,0 +1,11 @@
+import { getOAuthLogoutPath, isOAuthAllowed, isUserOAuthLogged } from '../components/oauth';
+import { YTAuthLogout, isYtAuthEnabled } from '../components/yt-auth';
+export function handleLogout(req, res) {
+  if (isOAuthAllowed(req) && isUserOAuthLogged(req)) {
+    res.redirect(getOAuthLogoutPath(req));
+  } else if (isYtAuthEnabled(req.ctx.config)) {
+    YTAuthLogout(res);
+  }
+  res.redirect('/');
+}
+// #sourceMappingURL=logout.js.map

package/build/esm/server/controllers/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getOAuthLogoutPath","isOAuthAllowed","isUserOAuthLogged","YTAuthLogout","isYtAuthEnabled","handleLogout","req","res","redirect","ctx","config"],"sources":["logout.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport {getOAuthLogoutPath, isOAuthAllowed, isUserOAuthLogged} from '../components/oauth';\nimport {YTAuthLogout, isYtAuthEnabled} from '../components/yt-auth';\n\nexport function handleLogout(req: Request, res: Response) {\n    if (isOAuthAllowed(req) && isUserOAuthLogged(req)) {\n        res.redirect(getOAuthLogoutPath(req));\n    } else if (isYtAuthEnabled(req.ctx.config)) {\n        YTAuthLogout(res);\n    }\n    res.redirect('/');\n}\n"],"mappings":"AACA,SAAQA,kBAAkB,EAAEC,cAAc,EAAEC,iBAAiB,QAAO,qBAAqB;AACzF,SAAQC,YAAY,EAAEC,eAAe,QAAO,uBAAuB;AAEnE,OAAO,SAASC,YAAYA,CAACC,GAAY,EAAEC,GAAa,EAAE;EACtD,IAAIN,cAAc,CAACK,GAAG,CAAC,IAAIJ,iBAAiB,CAACI,GAAG,CAAC,EAAE;IAC/CC,GAAG,CAACC,QAAQ,CAACR,kBAAkB,CAACM,GAAG,CAAC,CAAC;EACzC,CAAC,MAAM,IAAIF,eAAe,CAACE,GAAG,CAACG,GAAG,CAACC,MAAM,CAAC,EAAE;IACxCP,YAAY,CAACI,GAAG,CAAC;EACrB;EACAA,GAAG,CAACC,QAAQ,CAAC,GAAG,CAAC;AACrB"}

package/build/esm/server/controllers/oauth-login.d.ts

@@ -0,0 +1,4 @@
+import type { Request, Response } from 'express';
+export declare function oauthLogin(req: Request, res: Response): void;
+export declare function oauthLogout(_: Request, res: Response): void;
+export declare function oauthCallback(req: Request, res: Response): Promise<void>;

package/build/esm/server/controllers/oauth-login.js

@@ -0,0 +1,50 @@
+import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
+import _regeneratorRuntime from "@babel/runtime/regenerator";
+import { exchangeOAuthToken, getOAuthLoginPath, removeOAuthCookies, saveOAuthTokensInCookies } from '../components/oauth';
+export function oauthLogin(req, res) {
+  res.redirect(getOAuthLoginPath(req));
+}
+export function oauthLogout(_, res) {
+  removeOAuthCookies(res);
+  res.redirect('/');
+}
+export function oauthCallback(_x, _x2) {
+  return _oauthCallback.apply(this, arguments);
+}
+function _oauthCallback() {
+  _oauthCallback = _asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee(req, res) {
+    var code, tokens, message;
+    return _regeneratorRuntime.wrap(function _callee$(_context) {
+      while (1) switch (_context.prev = _context.next) {
+        case 0:
+          code = req.query.code;
+          if (code) {
+            _context.next = 3;
+            break;
+          }
+          throw new Error('Authorization code is not specified');
+        case 3:
+          _context.prev = 3;
+          _context.next = 6;
+          return exchangeOAuthToken(req, code);
+        case 6:
+          tokens = _context.sent;
+          saveOAuthTokensInCookies(res, tokens);
+          res.redirect('/');
+          _context.next = 16;
+          break;
+        case 11:
+          _context.prev = 11;
+          _context.t0 = _context["catch"](3);
+          req.ctx.logError('exchange token error', _context.t0);
+          message = _context.t0 instanceof Error ? _context.t0.message : 'Unknown error';
+          res.status(500).send(message);
+        case 16:
+        case "end":
+          return _context.stop();
+      }
+    }, _callee, null, [[3, 11]]);
+  }));
+  return _oauthCallback.apply(this, arguments);
+}
+// #sourceMappingURL=oauth-login.js.map

package/build/esm/server/controllers/oauth-login.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["exchangeOAuthToken","getOAuthLoginPath","removeOAuthCookies","saveOAuthTokensInCookies","oauthLogin","req","res","redirect","oauthLogout","_","oauthCallback","_x","_x2","_oauthCallback","apply","arguments","_asyncToGenerator","_regeneratorRuntime","mark","_callee","code","tokens","message","wrap","_callee$","_context","prev","next","query","Error","sent","t0","ctx","logError","status","send","stop"],"sources":["oauth-login.ts"],"sourcesContent":["import type {Request, Response} from 'express';\nimport {\n    exchangeOAuthToken,\n    getOAuthLoginPath,\n    removeOAuthCookies,\n    saveOAuthTokensInCookies,\n} from '../components/oauth';\n\nexport function oauthLogin(req: Request, res: Response) {\n    res.redirect(getOAuthLoginPath(req));\n}\n\nexport function oauthLogout(_: Request, res: Response) {\n    removeOAuthCookies(res);\n    res.redirect('/');\n}\n\nexport async function oauthCallback(req: Request, res: Response) {\n    const {code} = req.query;\n    if (!code) {\n        throw new Error('Authorization code is not specified');\n    }\n\n    try {\n        const tokens = await exchangeOAuthToken(req, code as string);\n\n        saveOAuthTokensInCookies(res, tokens);\n\n        res.redirect('/');\n    } catch (e) {\n        req.ctx.logError('exchange token error', e);\n        const message = e instanceof Error ? e.message : 'Unknown error';\n        res.status(500).send(message);\n    }\n}\n"],"mappings":";;AACA,SACIA,kBAAkB,EAClBC,iBAAiB,EACjBC,kBAAkB,EAClBC,wBAAwB,QACrB,qBAAqB;AAE5B,OAAO,SAASC,UAAUA,CAACC,GAAY,EAAEC,GAAa,EAAE;EACpDA,GAAG,CAACC,QAAQ,CAACN,iBAAiB,CAACI,GAAG,CAAC,CAAC;AACxC;AAEA,OAAO,SAASG,WAAWA,CAACC,CAAU,EAAEH,GAAa,EAAE;EACnDJ,kBAAkB,CAACI,GAAG,CAAC;EACvBA,GAAG,CAACC,QAAQ,CAAC,GAAG,CAAC;AACrB;AAEA,gBAAsBG,aAAaA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,cAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAiBlC,SAAAF,eAAA;EAAAA,cAAA,GAAAG,iBAAA,eAAAC,mBAAA,CAAAC,IAAA,CAjBM,SAAAC,QAA6Bd,GAAY,EAAEC,GAAa;IAAA,IAAAc,IAAA,EAAAC,MAAA,EAAAC,OAAA;IAAA,OAAAL,mBAAA,CAAAM,IAAA,UAAAC,SAAAC,QAAA;MAAA,kBAAAA,QAAA,CAAAC,IAAA,GAAAD,QAAA,CAAAE,IAAA;QAAA;UACpDP,IAAI,GAAIf,GAAG,CAACuB,KAAK,CAAjBR,IAAI;UAAA,IACNA,IAAI;YAAAK,QAAA,CAAAE,IAAA;YAAA;UAAA;UAAA,MACC,IAAIE,KAAK,CAAC,qCAAqC,CAAC;QAAA;UAAAJ,QAAA,CAAAC,IAAA;UAAAD,QAAA,CAAAE,IAAA;UAAA,OAIjC3B,kBAAkB,CAACK,GAAG,EAAEe,IAAc,CAAC;QAAA;UAAtDC,MAAM,GAAAI,QAAA,CAAAK,IAAA;UAEZ3B,wBAAwB,CAACG,GAAG,EAAEe,MAAM,CAAC;UAErCf,GAAG,CAACC,QAAQ,CAAC,GAAG,CAAC;UAACkB,QAAA,CAAAE,IAAA;UAAA;QAAA;UAAAF,QAAA,CAAAC,IAAA;UAAAD,QAAA,CAAAM,EAAA,GAAAN,QAAA;UAElBpB,GAAG,CAAC2B,GAAG,CAACC,QAAQ,CAAC,sBAAsB,EAAAR,QAAA,CAAAM,EAAG,CAAC;UACrCT,OAAO,GAAGG,QAAA,CAAAM,EAAA,YAAaF,KAAK,GAAGJ,QAAA,CAAAM,EAAA,CAAET,OAAO,GAAG,eAAe;UAChEhB,GAAG,CAAC4B,MAAM,CAAC,GAAG,CAAC,CAACC,IAAI,CAACb,OAAO,CAAC;QAAC;QAAA;UAAA,OAAAG,QAAA,CAAAW,IAAA;MAAA;IAAA,GAAAjB,OAAA;EAAA,CAErC;EAAA,OAAAN,cAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA"}

package/build/esm/server/index.js

@@ -1,10 +1,14 @@
+import _toConsumableArray from "@babel/runtime/helpers/toConsumableArray";
 var _nodekit$config$adjus, _nodekit$config3;
 import path from 'path';
 import { NodeKit } from '@gravity-ui/nodekit';
 import { ExpressKit } from '@gravity-ui/expresskit';
 import { configureApp } from './configure-app';
-import { createYTAuthMiddleware } from './middlewares/yt-auth';
+import { createYTAuthorizationResolver } from './middlewares/yt-auth';
 import routes from './routes';
+import { createOAuthAuthorizationResolver } from './middlewares/oauth';
+import { createAuthMiddleware } from './middlewares/authorization';
+import { authorizationResolver } from './utils/authorization';
 var nodekit = new NodeKit({
   configsPath: path.resolve(__dirname, './configs')
 });
@@ -26,7 +30,8 @@ if (ytAuthCluster) {
   if (appAuthHandler) {
     nodekit.ctx.fail(new Error('"appAuthHandler" option will be ignored cause "ytAuthCluster" option is provided.'));
   }
-  nodekit.config.appAuthHandler = createYTAuthMiddleware(ytAuthCluster);
+  nodekit.config.appBeforeAuthMiddleware = [].concat(_toConsumableArray(nodekit.config.appBeforeAuthMiddleware || []), [authorizationResolver(createOAuthAuthorizationResolver()), authorizationResolver(createYTAuthorizationResolver())]);
+  nodekit.config.appAuthHandler = createAuthMiddleware(ytAuthCluster);
 }
 (_nodekit$config$adjus = (_nodekit$config3 = nodekit.config).adjustAppConfig) === null || _nodekit$config$adjus === void 0 || _nodekit$config$adjus.call(_nodekit$config3, nodekit);
 var app = new ExpressKit(nodekit, routes);

package/build/esm/server/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["path","NodeKit","ExpressKit","configureApp","createYTAuthMiddleware","routes","nodekit","configsPath","resolve","__dirname","_nodekit$config","config","appName","appEnv","appInstallation","appDevMode","ctx","log","_nodekit$config2","ytAuthCluster","appAuthHandler","fail","Error","_nodekit$config$adjus","_nodekit$config3","adjustAppConfig","call","app","require","main","module","run"],"sources":["index.ts"],"sourcesContent":["import path from 'path';\nimport _reduce from 'lodash/reduce';\nimport {NodeKit} from '@gravity-ui/nodekit';\nimport {ExpressKit} from '@gravity-ui/expresskit';\n\nimport {configureApp} from './configure-app';\n\nimport {createYTAuthMiddleware} from './middlewares/yt-auth';\nimport routes from './routes';\n\nconst nodekit = new NodeKit({configsPath: path.resolve(__dirname, './configs')});\n\nconst {appName, appEnv, appInstallation, appDevMode} = nodekit.config;\nnodekit.ctx.log('AppConfig details', {\n    appName,\n    appEnv,\n    appInstallation,\n    appDevMode,\n});\n\nconst {ytAuthCluster, appAuthHandler} = nodekit.config;\n\nif (ytAuthCluster) {\n    if (appAuthHandler) {\n        nodekit.ctx.fail(\n            new Error(\n                '\"appAuthHandler\" option will be ignored cause \"ytAuthCluster\" option is provided.',\n            ),\n        );\n    }\n\n    nodekit.config.appAuthHandler = createYTAuthMiddleware(ytAuthCluster);\n}\n\nnodekit.config.adjustAppConfig?.(nodekit);\n\nconst app = new ExpressKit(nodekit, routes);\nconfigureApp(app);\n\nif (require.main === module) {\n    app.run();\n}\n\nexport default app;\n"],"mappings":";AAAA,OAAOA,IAAI,MAAM,MAAM;AAEvB,SAAQC,OAAO,QAAO,qBAAqB;AAC3C,SAAQC,UAAU,QAAO,wBAAwB;AAEjD,SAAQC,YAAY,QAAO,iBAAiB;AAE5C,SAAQC,sBAAsB,QAAO,uBAAuB;AAC5D,OAAOC,MAAM,MAAM,UAAU;AAE7B,IAAMC,OAAO,GAAG,IAAIL,OAAO,CAAC;EAACM,WAAW,EAAEP,IAAI,CAACQ,OAAO,CAACC,SAAS,EAAE,WAAW;AAAC,CAAC,CAAC;AAEhF,IAAAC,eAAA,GAAuDJ,OAAO,CAACK,MAAM;EAA9DC,OAAO,GAAAF,eAAA,CAAPE,OAAO;EAAEC,MAAM,GAAAH,eAAA,CAANG,MAAM;EAAEC,eAAe,GAAAJ,eAAA,CAAfI,eAAe;EAAEC,UAAU,GAAAL,eAAA,CAAVK,UAAU;AACnDT,OAAO,CAACU,GAAG,CAACC,GAAG,CAAC,mBAAmB,EAAE;EACjCL,OAAO,EAAPA,OAAO;EACPC,MAAM,EAANA,MAAM;EACNC,eAAe,EAAfA,eAAe;EACfC,UAAU,EAAVA;AACJ,CAAC,CAAC;AAEF,IAAAG,gBAAA,GAAwCZ,OAAO,CAACK,MAAM;EAA/CQ,aAAa,GAAAD,gBAAA,CAAbC,aAAa;EAAEC,cAAc,GAAAF,gBAAA,CAAdE,cAAc;AAEpC,IAAID,aAAa,EAAE;EACf,IAAIC,cAAc,EAAE;IAChBd,OAAO,CAACU,GAAG,CAACK,IAAI,CACZ,IAAIC,KAAK,CACL,mFACJ,CACJ,CAAC;EACL;EAEAhB,OAAO,CAACK,MAAM,CAACS,cAAc,GAAGhB,sBAAsB,CAACe,aAAa,CAAC;AACzE;AAEA,CAAAI,qBAAA,IAAAC,gBAAA,GAAAlB,OAAO,CAACK,MAAM,EAACc,eAAe,cAAAF,qBAAA,eAA9BA,qBAAA,CAAAG,IAAA,CAAAF,gBAAA,EAAiClB,OAAO,CAAC;AAEzC,IAAMqB,GAAG,GAAG,IAAIzB,UAAU,CAACI,OAAO,EAAED,MAAM,CAAC;AAC3CF,YAAY,CAACwB,GAAG,CAAC;AAEjB,IAAIC,OAAO,CAACC,IAAI,KAAKC,MAAM,EAAE;EACzBH,GAAG,CAACI,GAAG,CAAC,CAAC;AACb;AAEA,eAAeJ,GAAG"}
+{"version":3,"names":["path","NodeKit","ExpressKit","configureApp","createYTAuthorizationResolver","routes","createOAuthAuthorizationResolver","createAuthMiddleware","authorizationResolver","nodekit","configsPath","resolve","__dirname","_nodekit$config","config","appName","appEnv","appInstallation","appDevMode","ctx","log","_nodekit$config2","ytAuthCluster","appAuthHandler","fail","Error","appBeforeAuthMiddleware","concat","_toConsumableArray","_nodekit$config$adjus","_nodekit$config3","adjustAppConfig","call","app","require","main","module","run"],"sources":["index.ts"],"sourcesContent":["import path from 'path';\nimport _reduce from 'lodash/reduce';\nimport {NodeKit} from '@gravity-ui/nodekit';\nimport {ExpressKit} from '@gravity-ui/expresskit';\n\nimport {configureApp} from './configure-app';\n\nimport {createYTAuthorizationResolver} from './middlewares/yt-auth';\nimport routes from './routes';\nimport {createOAuthAuthorizationResolver} from './middlewares/oauth';\nimport {createAuthMiddleware} from './middlewares/authorization';\nimport {authorizationResolver} from './utils/authorization';\n\nconst nodekit = new NodeKit({configsPath: path.resolve(__dirname, './configs')});\n\nconst {appName, appEnv, appInstallation, appDevMode} = nodekit.config;\nnodekit.ctx.log('AppConfig details', {\n    appName,\n    appEnv,\n    appInstallation,\n    appDevMode,\n});\n\nconst {ytAuthCluster, appAuthHandler} = nodekit.config;\n\nif (ytAuthCluster) {\n    if (appAuthHandler) {\n        nodekit.ctx.fail(\n            new Error(\n                '\"appAuthHandler\" option will be ignored cause \"ytAuthCluster\" option is provided.',\n            ),\n        );\n    }\n\n    nodekit.config.appBeforeAuthMiddleware = [\n        ...(nodekit.config.appBeforeAuthMiddleware || []),\n        authorizationResolver(createOAuthAuthorizationResolver()),\n        authorizationResolver(createYTAuthorizationResolver()),\n    ];\n    nodekit.config.appAuthHandler = createAuthMiddleware(ytAuthCluster);\n}\n\nnodekit.config.adjustAppConfig?.(nodekit);\n\nconst app = new ExpressKit(nodekit, routes);\nconfigureApp(app);\n\nif (require.main === module) {\n    app.run();\n}\n\nexport default app;\n"],"mappings":";;AAAA,OAAOA,IAAI,MAAM,MAAM;AAEvB,SAAQC,OAAO,QAAO,qBAAqB;AAC3C,SAAQC,UAAU,QAAO,wBAAwB;AAEjD,SAAQC,YAAY,QAAO,iBAAiB;AAE5C,SAAQC,6BAA6B,QAAO,uBAAuB;AACnE,OAAOC,MAAM,MAAM,UAAU;AAC7B,SAAQC,gCAAgC,QAAO,qBAAqB;AACpE,SAAQC,oBAAoB,QAAO,6BAA6B;AAChE,SAAQC,qBAAqB,QAAO,uBAAuB;AAE3D,IAAMC,OAAO,GAAG,IAAIR,OAAO,CAAC;EAACS,WAAW,EAAEV,IAAI,CAACW,OAAO,CAACC,SAAS,EAAE,WAAW;AAAC,CAAC,CAAC;AAEhF,IAAAC,eAAA,GAAuDJ,OAAO,CAACK,MAAM;EAA9DC,OAAO,GAAAF,eAAA,CAAPE,OAAO;EAAEC,MAAM,GAAAH,eAAA,CAANG,MAAM;EAAEC,eAAe,GAAAJ,eAAA,CAAfI,eAAe;EAAEC,UAAU,GAAAL,eAAA,CAAVK,UAAU;AACnDT,OAAO,CAACU,GAAG,CAACC,GAAG,CAAC,mBAAmB,EAAE;EACjCL,OAAO,EAAPA,OAAO;EACPC,MAAM,EAANA,MAAM;EACNC,eAAe,EAAfA,eAAe;EACfC,UAAU,EAAVA;AACJ,CAAC,CAAC;AAEF,IAAAG,gBAAA,GAAwCZ,OAAO,CAACK,MAAM;EAA/CQ,aAAa,GAAAD,gBAAA,CAAbC,aAAa;EAAEC,cAAc,GAAAF,gBAAA,CAAdE,cAAc;AAEpC,IAAID,aAAa,EAAE;EACf,IAAIC,cAAc,EAAE;IAChBd,OAAO,CAACU,GAAG,CAACK,IAAI,CACZ,IAAIC,KAAK,CACL,mFACJ,CACJ,CAAC;EACL;EAEAhB,OAAO,CAACK,MAAM,CAACY,uBAAuB,MAAAC,MAAA,CAAAC,kBAAA,CAC9BnB,OAAO,CAACK,MAAM,CAACY,uBAAuB,IAAI,EAAE,IAChDlB,qBAAqB,CAACF,gCAAgC,CAAC,CAAC,CAAC,EACzDE,qBAAqB,CAACJ,6BAA6B,CAAC,CAAC,CAAC,EACzD;EACDK,OAAO,CAACK,MAAM,CAACS,cAAc,GAAGhB,oBAAoB,CAACe,aAAa,CAAC;AACvE;AAEA,CAAAO,qBAAA,IAAAC,gBAAA,GAAArB,OAAO,CAACK,MAAM,EAACiB,eAAe,cAAAF,qBAAA,eAA9BA,qBAAA,CAAAG,IAAA,CAAAF,gBAAA,EAAiCrB,OAAO,CAAC;AAEzC,IAAMwB,GAAG,GAAG,IAAI/B,UAAU,CAACO,OAAO,EAAEJ,MAAM,CAAC;AAC3CF,YAAY,CAAC8B,GAAG,CAAC;AAEjB,IAAIC,OAAO,CAACC,IAAI,KAAKC,MAAM,EAAE;EACzBH,GAAG,CAACI,GAAG,CAAC,CAAC;AACb;AAEA,eAAeJ,GAAG"}