aws-service-stack 0.18.370 → 0.18.371
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +149 -0
- package/dist/_examples/controller/property/property-crud.d.ts +4 -0
- package/dist/_examples/controller/property/property-crud.js +58 -0
- package/dist/_examples/controller/property/property-crud.js.map +1 -0
- package/dist/_examples/controller/property/property.config.d.ts +10 -0
- package/dist/_examples/controller/property/property.config.js +55 -0
- package/dist/_examples/controller/property/property.config.js.map +1 -0
- package/dist/_examples/controller/property/property.controller.d.ts +14 -0
- package/dist/_examples/controller/property/property.controller.js +72 -0
- package/dist/_examples/controller/property/property.controller.js.map +1 -0
- package/dist/_examples/controller/property/property.permissions.d.ts +2 -0
- package/dist/_examples/controller/property/property.permissions.js +19 -0
- package/dist/_examples/controller/property/property.permissions.js.map +1 -0
- package/dist/controller/controller-api.d.ts +8 -0
- package/dist/controller/controller-api.js +39 -1
- package/dist/controller/controller-api.js.map +1 -1
- package/dist/controller/controller-role.d.ts +56 -0
- package/dist/controller/controller-role.js +140 -0
- package/dist/controller/controller-role.js.map +1 -0
- package/dist/controller/index.d.ts +1 -0
- package/dist/controller/index.js +1 -0
- package/dist/controller/index.js.map +1 -1
- package/dist/function/cognito/cognito.function.d.ts +5 -0
- package/dist/function/cognito/cognito.function.js +22 -0
- package/dist/function/cognito/cognito.function.js.map +1 -1
- package/dist/function/cognito/index.d.ts +3 -1
- package/dist/function/cognito/index.js +2 -0
- package/dist/function/cognito/index.js.map +1 -1
- package/dist/function/index.d.ts +2 -0
- package/dist/model/base.config.d.ts +12 -1
- package/dist/model/base.config.js +20 -0
- package/dist/model/base.config.js.map +1 -1
- package/dist/model/base.model.d.ts +19 -0
- package/dist/model/base.model.js +14 -1
- package/dist/model/base.model.js.map +1 -1
- package/dist/model/index.d.ts +1 -0
- package/dist/model/index.js.map +1 -1
- package/dist/model/role.model.d.ts +20 -0
- package/dist/model/role.model.js +12 -0
- package/dist/model/role.model.js.map +1 -0
- package/dist/model/validation.model.d.ts +1 -1
- package/dist/model/validation.model.js.map +1 -1
- package/dist/service/index.d.ts +3 -0
- package/dist/service/index.js +3 -0
- package/dist/service/index.js.map +1 -1
- package/dist/service/permission.cache.d.ts +24 -0
- package/dist/service/permission.cache.js +61 -0
- package/dist/service/permission.cache.js.map +1 -0
- package/dist/service/permission.repo.d.ts +16 -0
- package/dist/service/permission.repo.js +63 -0
- package/dist/service/permission.repo.js.map +1 -0
- package/dist/service/permission.service.d.ts +39 -0
- package/dist/service/permission.service.js +151 -0
- package/dist/service/permission.service.js.map +1 -0
- package/dist/utils/date.util.d.ts +0 -13
- package/dist/utils/date.util.js +0 -35
- package/dist/utils/date.util.js.map +1 -1
- package/dist/utils/index.d.ts +0 -1
- package/dist/utils/index.js +0 -1
- package/dist/utils/index.js.map +1 -1
- package/package.json +31 -31
- package/dist/utils/data.util.d.ts +0 -20
- package/dist/utils/data.util.js +0 -73
- package/dist/utils/data.util.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"controller-api.js","sourceRoot":"","sources":["../../src/controller/controller-api.ts"],"names":[],"mappings":";;;AAAA,oCAgBkB;AAElB,4CAA2D;AAE3D,sDAAuD;AAGvD,MAAsB,aAAa;IACd,OAAO,CAAI;IACpB,MAAM,CAAe;IACrB,eAAe,CAAW;IAEpC,YAAsB,WAAc,EAAE,MAAoB;QACxD,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC;QAE3B,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5B,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,gBAAgB,CAAC;QACjD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAA2B;QAClD,IAAI,CAAC;YACH,IAAI,GAAG,GAAG,IAAA,wBAAgB,EAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;YAExD,MAAM,MAAM,GAA+B,IAAA,yBAAiB,EAC1D,GAAG,CAAC,OAAO,EACX,KAAK,EAAE,cAAc,EAAE,YAAY,EACnC,IAAI,CAAC,MAAM,CAAC,eAAe,CAC5B,CAAC;YAEF,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAElD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBACrE,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7D,GAAG,CAAC,KAAK,CACP,UAAU,GAAG,CAAC,QAAQ,CAAC,MAAM,aAAa,GAAG,CAAC,QAAQ,CAAC,OAAO,YAAY,GAAG,CAAC,QAAQ,CAAC,GAAG,eAAe,GAAG,CAAC,QAAQ,CAAC,OAAO,cAAc,GAAG,CAAC,QAAQ,CAAC,QAAQ,iBAAiB,GAAG,CAAC,WAAW,EAAE,CACnM,CAAC;YACJ,CAAC;YAED,0BAA0B;YAC1B,yCAAyC;YACzC,6CAA6C;YAC7C,SAAS;YAET,GAAG,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;YAE5C,IAAI,QAAQ,GAAQ,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAEvD,IAAI,QAAQ;gBAAE,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;;gBACrE,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;YAEvE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;gBACtB,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;YAExE,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,IAAA,4BAAgB,EAAC,GAAG,CAAC,CAAC;YACpC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACjB,OAAO,IAAA,yBAAiB,EAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,SAAS,CAAC,MAAoB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAgB;QAC1C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,OAAoB,EAAE,QAAqB;QACtE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAES,KAAK,CAAC,UAAU,CAAC,OAAmB,EAAE,IAAY,EAAE,OAAoB;QAChF,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1F,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,SAAS,EAAE,CAAC;YACtG,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,eAAe,EAAE,CAAC;YAC5G,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,IACE,OAAO,KAAK,KAAK;YACjB,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,2BAA2B,EAC9F,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,EAAE,CAAC;YACpG,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,WAAgB,EAAE,aAA2B;QAC1F,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAE7C,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,IAAI,IAAI,CAAC;QAEnE,yBAAyB;QACzB,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAC;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,aAA2B;QACxE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,gDAAgD,CAAC,CAAC;QAE5G,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACtD,CAAC;IAES,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,aAA2B;QACvE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEpE,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,2BAA2B,QAAQ,YAAY,CAAC,CAAC;IACzG,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,MAAW,EAAE,aAA2B;QACtF,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QAEzG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,0CAA0C,CAAC,CAAC;QACvG,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QACzG,CAAC;QAED,MAAM,CAAC,EAAE,GAAG,QAAQ,CAAC;QAErB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,MAAS,EAAE,WAAwB;QAClE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,iBAAiB;QACjB,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;QACzD,IAAI,SAAS,GAAG,OAAO,CAAC;QACxB,IAAI,QAAgB,CAAC;QAErB,mCAAmC;QACnC,IAAI,WAAW,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;YACzC,QAAQ,GAAG,aAAa,CAAC;QAC3B,CAAC;aAAM,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YAExC,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,WAAW,CAAC,QAAQ,EAAE,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;YAE1F,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;YAChC,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC;QAClC,CAAC;QAED,iDAAiD;QACjD,OAAO,MAAM,CAAC,aAAa,CAAC;QAC5B,OAAO,MAAM,CAAC,OAAO,CAAC;QAEtB,cAAc;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IACrE,CAAC;IAIS,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAExD,MAAM,YAAY,GAAG;YACnB,QAAQ;YACR,GAAG,QAAQ,SAAS;YACpB,GAAG,QAAQ,OAAO;YAClB,GAAG,QAAQ,eAAe;YAC1B,GAAG,QAAQ,2BAA2B;SACvC,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC,CAAC;QAEnE,OAAO,WAAW,IAAI,aAAa,CAAC;IACtC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,aAAa,GAAG,OAAO,KAAK,OAAO,CAAC;QAC1C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,aAAa,IAAI,cAAc,CAAC;IACzC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,cAAc,GAAG,OAAO,KAAK,QAAQ,CAAC;QAC5C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,cAAc,IAAI,cAAc,CAAC;IAC1C,CAAC;IAES,cAAc,CAAC,OAAmB,EAAE,IAAY;QACxD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,MAAM,WAAW,GAAG,OAAO,KAAK,MAAM,CAAC;QACvC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,YAAY,CAAC,OAAmB,EAAE,IAAY;QACtD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAgB;QAC/C,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,EAAE,cAAc,EAAE,YAAY,CAAC;QAErD,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAE1C,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1G,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClG,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChG,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxG,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9F,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QAE1F,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CAAC,QAAa,EAAE,cAA8B;QAClE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAA,oBAAY,EAAC,QAAQ,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,QAAQ,CAAC,KAAK,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;YAC9F,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,IAAA,oBAAY,EAAC,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;IAED,yDAAyD;IACjD,kBAAkB,CAAC,WAAwB;QACjD,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,KAAK,CAAC;YACtB,KAAK,mBAAW,CAAC,IAAI;gBACnB,OAAO,cAAM,CAAC,IAAI,CAAC;YACrB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB,KAAK,mBAAW,CAAC,MAAM;gBACrB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB;gBACE,OAAO,cAAM,CAAC,MAAM,CAAC;QACzB,CAAC;IACH,CAAC;IAED,iEAAiE;IACzD,eAAe,CAAC,aAAuB,EAAE,WAAwB;QACvE,MAAM,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAEhE,mGAAmG;QACnG,MAAM,aAAa,GACjB,aAAa,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAC1C,CAAC,WAAW,KAAK,mBAAW,CAAC,IAAI,IAAI,aAAa,CAAC,QAAQ,CAAC,cAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAE7E,IAAI,aAAa;YAAE,OAAO;QAE1B,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,4BAA4B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,kBAAkB,EAAE,CACvF,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,OAAY,EAAE,OAAgB,EAAE,SAAiB;QACrE,IAAI,OAAO,IAAI,CAAC,SAAS;YAAE,OAAO;QAClC,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,IAAI,SAAS,CAAC;QACtE,OAAO,CAAC,aAAa,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC;QACpD,OAAO,OAAO,CAAC,aAAa,CAAC;IAC/B,CAAC;IAEO,WAAW,CAAC,WAAgB;QAClC,IAAI,CAAC,WAAW;YAAE,OAAO,EAAO,CAAC;QACjC,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IACjF,CAAC;IAEO,eAAe,CAAC,MAAW,EAAE,WAAgB;QACnD,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC;YACH,IAAA,0BAAkB,EAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,IAAA,oBAAY,EAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,eAAe,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;CACF;AAlVD,sCAkVC","sourcesContent":["import {\n Access,\n APIResponse,\n BaseEntity,\n createApiResponse,\n EndpointPolicy,\n findMatchedPolicy,\n formatErrors,\n HttpMethod,\n HttpRequest,\n List,\n parseHttpRequest,\n removeFields,\n RequestType,\n ResponseFields,\n validateWithSchema,\n} from \"../index\";\nimport { APIGatewayProxyEvent } from \"aws-lambda\";\nimport { errorHandlerHttp, ErrorHttp } from \"../exception\";\nimport { CognitoUser, EntityConfig } from \"@chinggis/types\";\nimport { trimSpecialChar } from \"../utils/string.util\";\nimport { CrudService } from \"../service\";\n\nexport abstract class ControllerApi<R extends BaseEntity, T extends CrudService<R>> {\n protected readonly service: T;\n protected config: EntityConfig;\n protected adminGroupNames: string[];\n\n protected constructor(baseService: T, config: EntityConfig) {\n this.service = baseService;\n\n if (!config) return;\n\n this.config = config;\n\n if (config.ADMIN_GROUP_NAME) {\n this.adminGroupNames = config.ADMIN_GROUP_NAME;\n }\n\n this.service.setConfig(config);\n }\n\n async resolveCrudRequest(event: APIGatewayProxyEvent): Promise<APIResponse> {\n try {\n let req = parseHttpRequest(event, this.adminGroupNames);\n\n const policy: EndpointPolicy | undefined = findMatchedPolicy(\n req.methode,\n event?.requestContext?.resourcePath,\n this.config.ENDPOINT_POLICY,\n );\n\n this.checkPermission(policy?.access, req.requestType);\n this.validateRequest(policy?.validator, req.body);\n\n if (req.identity) {\n log.debug(\"groups: \" + JSON.stringify(req.identity.groups, null, 2));\n log.debug(`claims:${JSON.stringify(req.identity, null, 2)}`);\n log.debug(\n `groups:${req.identity.groups}, isAdmin:${req.identity.isAdmin}, userId:${req.identity.sub}, profileId:${req.identity.profile}, username:${req.identity.username}, requestType:${req.requestType}`,\n );\n }\n\n // if (req.isAdmin) {\n // delete req.filter[\"profileId\"];\n // delete req.filter[\"ownerParentId\"];\n // }\n\n req = await this.processCrudRequestPre(req);\n\n let response: any = await this.handleCrudByMethod(req);\n\n if (response) response = await this.processCrudRequestPost(req, response);\n else response = await this.processCrudRequest(req); // Custom Endpoints\n\n if (!policy?.response) {\n return createApiResponse(200, response);\n }\n\n const filteredResponse = this.filterResponse(response, policy.response);\n\n return createApiResponse(200, filteredResponse);\n } catch (err) {\n const error = errorHandlerHttp(err);\n log.error(error);\n return createApiResponse(error.statusCode, error.content);\n }\n }\n\n setConfig(config: EntityConfig): void {\n this.config = config;\n }\n\n async processCrudRequestPre(req: HttpRequest): Promise<HttpRequest> {\n return req;\n }\n\n async processCrudRequestPost(request: HttpRequest, response: R | List<R>): Promise<R | List<R>> {\n return response;\n }\n\n protected async handleList(methode: HttpMethod, path: string, request: HttpRequest): Promise<any> {\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH)) {\n return await this.service.find(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search\") {\n return this.service.search(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query\") {\n return this.service.searchQuery(request?.filter);\n }\n\n if (\n methode === \"GET\" &&\n trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query/total-count\"\n ) {\n return this.service.searchQueryTotalCount(request?.filter);\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/scan\") {\n return await this.service.scan(request?.filter || {});\n }\n }\n\n protected async handleUpdate(entityId: string, requestBody: any, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PATCH resource without id field\");\n\n const entity = this.parseEntity(requestBody);\n\n if (Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No fields to update\");\n }\n\n const fieldName = this.config.DYNAMO_DB?.MAP?.partitionKey ?? \"id\";\n\n // id change is forbidden\n if (entity[fieldName]) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot modify the id field\");\n }\n\n entity[fieldName] = entityId;\n return this.service.update(entity, requestedUser);\n }\n\n protected async handleDelete(entityId: string, requestedUser?: CognitoUser): Promise<boolean> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot delete resource without id field\");\n\n return this.service.remove(entityId, requestedUser);\n }\n\n protected async handleFetch(entityId: string, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot fetch resource without id field\");\n\n const result = await this.service.findById(entityId, requestedUser);\n\n if (result) return result;\n\n throw new ErrorHttp({ code: 404, error: \"NotFound\" }, `[CORE] Resource with ID ${entityId} not found`);\n }\n\n protected async handleReplace(entityId: string, entity: any, requestedUser?: CognitoUser) {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n\n if (!Object.keys(entity).length) {\n throw new ErrorHttp({ code: 400, error: \"Bad Request\" }, \"[CORE] No entity provided for PUT update\");\n }\n\n if (!entityId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n }\n\n entity.id = entityId;\n\n return this.service.update(entity, requestedUser);\n }\n\n protected async handlePostCreate(entity: R, cognitoUser: CognitoUser) {\n if (!entity || Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No entity payload provided\");\n }\n\n if (!entity.ownerId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No ownerId provided\");\n }\n\n // Initialize IDs\n const { ownerId, ownerParentId: inputParentId } = entity;\n let profileId = ownerId;\n let parentId: string;\n\n // Determine parentId and profileId\n if (cognitoUser.isAdmin && inputParentId) {\n parentId = inputParentId;\n } else if (cognitoUser.isParent) {\n console.log(\"is parent becomming true\");\n\n parentId = cognitoUser.profile;\n } else {\n console.log(\"is parent not becomming true\");\n console.log(\"the value of isParent: \", cognitoUser.isParent, typeof cognitoUser.isParent);\n\n parentId = cognitoUser.parentId;\n profileId = cognitoUser.profile;\n }\n\n // Remove fields that shouldn't be saved directly\n delete entity.ownerParentId;\n delete entity.ownerId;\n\n // Save entity\n return this.service.save(entity, profileId, parentId, cognitoUser);\n }\n\n protected abstract processCrudRequest(event: HttpRequest): Promise<any>;\n\n protected isListRequest(methode: HttpMethod, path: string): boolean {\n const basePath = trimSpecialChar(this.config.BASE_PATH);\n\n const allowedPaths = [\n basePath,\n `${basePath}/search`,\n `${basePath}/scan`,\n `${basePath}/search/query`,\n `${basePath}/search/query/total-count`,\n ];\n\n const isMethodGet = methode === \"GET\";\n const isAllowedPath = allowedPaths.includes(trimSpecialChar(path));\n\n return isMethodGet && isAllowedPath;\n }\n\n protected isUpdateRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodPatch = methode === \"PATCH\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodPatch && isExpectedPath;\n }\n\n protected isDeleteRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodDelete = methode === \"DELETE\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodDelete && isExpectedPath;\n }\n\n protected isFetchRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"GET\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPostRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}`;\n const isMethodGet = methode === \"POST\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPutRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"PUT\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n private async handleCrudByMethod(req: HttpRequest): Promise<any> {\n const path = req.event?.requestContext?.resourcePath;\n\n const entity = this.parseEntity(req.body);\n\n if (this.isUpdateRequest(req.methode, path)) return this.handleUpdate(req.entityId, entity, req.identity);\n if (this.isDeleteRequest(req.methode, path)) return this.handleDelete(req.entityId, req.identity);\n if (this.isFetchRequest(req.methode, path)) return this.handleFetch(req.entityId, req.identity);\n if (this.isPutRequest(req.methode, path)) return this.handleReplace(req.entityId, entity, req.identity);\n if (this.isPostRequest(req.methode, path)) return this.handlePostCreate(entity, req.identity);\n if (this.isListRequest(req.methode, path)) return this.handleList(req.methode, path, req);\n\n return null;\n }\n\n private filterResponse(response: any, responsePolicy: ResponseFields): any {\n if (Array.isArray(response)) {\n return removeFields(response, responsePolicy.include, responsePolicy.exclude);\n }\n\n if (response?.items && Array.isArray(response.items)) {\n response.items = removeFields(response.items, responsePolicy.include, responsePolicy.exclude);\n return response;\n }\n\n return removeFields([response], responsePolicy.include, responsePolicy.exclude)[0];\n }\n\n /** Map RequestType to Access for permission checking */\n private getUserAccessLevel(requestType: RequestType): Access {\n switch (requestType) {\n case RequestType.ADMIN:\n return Access.ADMIN;\n case RequestType.USER:\n return Access.USER;\n case RequestType.GUEST:\n return Access.PUBLIC;\n case RequestType.SYSTEM:\n return Access.SYSTEM;\n default:\n return Access.PUBLIC;\n }\n }\n\n /** Check if the user has permission for the current operation */\n private checkPermission(allowedAccess: Access[], requestType: RequestType) {\n const currentAccessLevel = this.getUserAccessLevel(requestType);\n\n // This means USER can access OWNER-level permissions, but the service will verify actual ownership\n const hasPermission =\n allowedAccess.includes(currentAccessLevel) ||\n (requestType === RequestType.USER && allowedAccess.includes(Access.OWNER));\n\n if (hasPermission) return;\n\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Access denied. Required: ${allowedAccess.join(\", \")}, Current: ${currentAccessLevel}`,\n );\n }\n\n private setUserFilter(request: any, isAdmin: boolean, profileId: string) {\n if (isAdmin && !profileId) return;\n const ownerIdFieldName = this.config.OWNER_ID_FIELD_NAME || \"ownerId\";\n request.filterAndSort[ownerIdFieldName] = profileId;\n return request.filterAndSort;\n }\n\n private parseEntity(requestBody: any): R {\n if (!requestBody) return {} as R;\n return typeof requestBody === \"string\" ? JSON.parse(requestBody) : requestBody;\n }\n\n private validateRequest(schema: any, requestBody: any) {\n if (!schema) return;\n\n try {\n validateWithSchema(schema, requestBody);\n } catch (error) {\n const formattedErrors = formatErrors(error);\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, formattedErrors);\n }\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"controller-api.js","sourceRoot":"","sources":["../../src/controller/controller-api.ts"],"names":[],"mappings":";;;AAAA,oCAgBkB;AAElB,4CAA2D;AAE3D,sDAAuD;AAEvD,uDAAmD;AAEnD,MAAsB,aAAa;IACd,OAAO,CAAI;IACpB,MAAM,CAAe;IACrB,eAAe,CAAW;IAE5B,cAAc,CAAiB;IAEvC,YAAsB,WAAc,EAAE,MAAoB;QACxD,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC;QAE3B,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5B,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,gBAAgB,CAAC;QACjD,CAAC;QAED,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YAC9D,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,+CAA+C;IACrC,WAAW;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAA2B;QAClD,IAAI,CAAC;YACH,IAAI,GAAG,GAAG,IAAA,wBAAgB,EAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;YAExD,MAAM,MAAM,GAA+B,IAAA,yBAAiB,EAC1D,GAAG,CAAC,OAAO,EACX,KAAK,EAAE,cAAc,EAAE,YAAY,EACnC,IAAI,CAAC,MAAM,CAAC,eAAe,CAC5B,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,GAAG,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAClF,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;YACxD,CAAC;YAED,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAElD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBACrE,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7D,GAAG,CAAC,KAAK,CACP,UAAU,GAAG,CAAC,QAAQ,CAAC,MAAM,aAAa,GAAG,CAAC,QAAQ,CAAC,OAAO,YAAY,GAAG,CAAC,QAAQ,CAAC,GAAG,eAAe,GAAG,CAAC,QAAQ,CAAC,OAAO,cAAc,GAAG,CAAC,QAAQ,CAAC,QAAQ,iBAAiB,GAAG,CAAC,WAAW,EAAE,CACnM,CAAC;YACJ,CAAC;YAED,0BAA0B;YAC1B,yCAAyC;YACzC,6CAA6C;YAC7C,SAAS;YAET,GAAG,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;YAE5C,IAAI,QAAQ,GAAQ,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAEvD,IAAI,QAAQ;gBAAE,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;;gBACrE,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;YAEvE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;gBACtB,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;YAExE,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,IAAA,4BAAgB,EAAC,GAAG,CAAC,CAAC;YACpC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACjB,OAAO,IAAA,yBAAiB,EAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,SAAS,CAAC,MAAoB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAgB;QAC1C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,OAAoB,EAAE,QAAqB;QACtE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAES,KAAK,CAAC,UAAU,CAAC,OAAmB,EAAE,IAAY,EAAE,OAAoB;QAChF,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1F,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,SAAS,EAAE,CAAC;YACtG,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,eAAe,EAAE,CAAC;YAC5G,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,IACE,OAAO,KAAK,KAAK;YACjB,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,2BAA2B,EAC9F,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,EAAE,CAAC;YACpG,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,IAAY;QAC7D,IAAI,GAAG,CAAC,OAAO,KAAK,MAAM,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,WAAW;YAC1G,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAE7F,IAAI,GAAG,CAAC,OAAO,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC;QACxE,IAAI,GAAG,CAAC,OAAO,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/E,IAAI,GAAG,CAAC,OAAO,KAAK,OAAO;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACjG,IAAI,GAAG,CAAC,OAAO,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAExF,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;IACvF,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,WAAgB,EAAE,aAA2B;QAC1F,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAE7C,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,IAAI,IAAI,CAAC;QAEnE,yBAAyB;QACzB,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAC;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,aAA2B;QACxE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,gDAAgD,CAAC,CAAC;QAE5G,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACtD,CAAC;IAES,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,aAA2B;QACvE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEpE,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,2BAA2B,QAAQ,YAAY,CAAC,CAAC;IACzG,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,MAAW,EAAE,aAA2B;QACtF,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QAEzG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,0CAA0C,CAAC,CAAC;QACvG,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QACzG,CAAC;QAED,MAAM,CAAC,EAAE,GAAG,QAAQ,CAAC;QAErB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,MAAS,EAAE,WAAwB;QAClE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,iBAAiB;QACjB,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;QACzD,IAAI,SAAS,GAAG,OAAO,CAAC;QACxB,IAAI,QAAgB,CAAC;QAErB,mCAAmC;QACnC,IAAI,WAAW,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;YACzC,QAAQ,GAAG,aAAa,CAAC;QAC3B,CAAC;aAAM,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YAExC,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,WAAW,CAAC,QAAQ,EAAE,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;YAE1F,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;YAChC,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC;QAClC,CAAC;QAED,iDAAiD;QACjD,OAAO,MAAM,CAAC,aAAa,CAAC;QAC5B,OAAO,MAAM,CAAC,OAAO,CAAC;QAEtB,cAAc;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IACrE,CAAC;IAIS,mBAAmB,CAAC,IAAY;QACxC,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC3E,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxD,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;YAC7C,OAAO,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAExD,MAAM,YAAY,GAAG;YACnB,QAAQ;YACR,GAAG,QAAQ,SAAS;YACpB,GAAG,QAAQ,OAAO;YAClB,GAAG,QAAQ,eAAe;YAC1B,GAAG,QAAQ,2BAA2B;SACvC,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC,CAAC;QAEnE,OAAO,WAAW,IAAI,aAAa,CAAC;IACtC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,aAAa,GAAG,OAAO,KAAK,OAAO,CAAC;QAC1C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,aAAa,IAAI,cAAc,CAAC;IACzC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,cAAc,GAAG,OAAO,KAAK,QAAQ,CAAC;QAC5C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,cAAc,IAAI,cAAc,CAAC;IAC1C,CAAC;IAES,cAAc,CAAC,OAAmB,EAAE,IAAY;QACxD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,MAAM,WAAW,GAAG,OAAO,KAAK,MAAM,CAAC;QACvC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,YAAY,CAAC,OAAmB,EAAE,IAAY;QACtD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAgB;QAC/C,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,EAAE,cAAc,EAAE,YAAY,CAAC;QAErD,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAE1C,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1G,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClG,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChG,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxG,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9F,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QAE1F,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CAAC,QAAa,EAAE,cAA8B;QAClE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAA,oBAAY,EAAC,QAAQ,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,QAAQ,CAAC,KAAK,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;YAC9F,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,IAAA,oBAAY,EAAC,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;IAED,yDAAyD;IACjD,kBAAkB,CAAC,WAAwB;QACjD,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,KAAK,CAAC;YACtB,KAAK,mBAAW,CAAC,IAAI;gBACnB,OAAO,cAAM,CAAC,IAAI,CAAC;YACrB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB,KAAK,mBAAW,CAAC,MAAM;gBACrB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB;gBACE,OAAO,cAAM,CAAC,MAAM,CAAC;QACzB,CAAC;IACH,CAAC;IAED,iEAAiE;IACzD,eAAe,CAAC,aAAuB,EAAE,WAAwB;QACvE,MAAM,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAEhE,mGAAmG;QACnG,MAAM,aAAa,GACjB,aAAa,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAC1C,CAAC,WAAW,KAAK,mBAAW,CAAC,IAAI,IAAI,aAAa,CAAC,QAAQ,CAAC,cAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAE7E,IAAI,aAAa;YAAE,OAAO;QAE1B,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,4BAA4B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,kBAAkB,EAAE,CACvF,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,OAAY,EAAE,OAAgB,EAAE,SAAiB;QACrE,IAAI,OAAO,IAAI,CAAC,SAAS;YAAE,OAAO;QAClC,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,IAAI,SAAS,CAAC;QACtE,OAAO,CAAC,aAAa,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC;QACpD,OAAO,OAAO,CAAC,aAAa,CAAC;IAC/B,CAAC;IAEO,WAAW,CAAC,WAAgB;QAClC,IAAI,CAAC,WAAW;YAAE,OAAO,EAAO,CAAC;QACjC,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IACjF,CAAC;IAEO,eAAe,CAAC,MAAW,EAAE,WAAgB;QACnD,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC;YACH,IAAA,0BAAkB,EAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,IAAA,oBAAY,EAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,eAAe,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;CACF;AA1XD,sCA0XC","sourcesContent":["import {\n Access,\n APIResponse,\n BaseEntity,\n createApiResponse,\n EndpointPolicy,\n findMatchedPolicy,\n formatErrors,\n HttpMethod,\n HttpRequest,\n List,\n parseHttpRequest,\n removeFields,\n RequestType,\n ResponseFields,\n validateWithSchema,\n} from \"../index\";\nimport { APIGatewayProxyEvent } from \"aws-lambda\";\nimport { errorHandlerHttp, ErrorHttp } from \"../exception\";\nimport { CognitoUser, EntityConfig } from \"@chinggis/types\";\nimport { trimSpecialChar } from \"../utils/string.util\";\nimport { CrudService } from \"../service\";\nimport { ControllerRole } from \"./controller-role\";\n\nexport abstract class ControllerApi<R extends BaseEntity, T extends CrudService<R>> {\n protected readonly service: T;\n protected config: EntityConfig;\n protected adminGroupNames: string[];\n\n private roleController: ControllerRole;\n\n protected constructor(baseService: T, config: EntityConfig) {\n this.service = baseService;\n\n if (!config) return;\n\n this.config = config;\n\n if (config.ADMIN_GROUP_NAME) {\n this.adminGroupNames = config.ADMIN_GROUP_NAME;\n }\n\n if (config.ROLE_PATH && config.ROLE_TABLE && config.SCOPE_MAP) {\n this.roleController = new ControllerRole(config.ROLE_TABLE);\n }\n\n this.service.setConfig(config);\n }\n\n /** Return constructor-defined resource name */\n protected getResource(): string {\n return this.config.BASE_PATH.replace(\"/\", \"\");\n }\n\n async resolveCrudRequest(event: APIGatewayProxyEvent): Promise<APIResponse> {\n try {\n let req = parseHttpRequest(event, this.adminGroupNames);\n\n const policy: EndpointPolicy | undefined = findMatchedPolicy(\n req.methode,\n event?.requestContext?.resourcePath,\n this.config.ENDPOINT_POLICY,\n );\n\n if (this.config.ROLE_TABLE && this.config.SCOPE_MAP?.size > 0 && this.roleController) {\n const resource = this.getResource();\n await this.roleController.checkRbacAccess(req, resource, this.config.SCOPE_MAP);\n } else {\n this.checkPermission(policy?.access, req.requestType);\n }\n\n this.validateRequest(policy?.validator, req.body);\n\n if (req.identity) {\n log.debug(\"groups: \" + JSON.stringify(req.identity.groups, null, 2));\n log.debug(`claims:${JSON.stringify(req.identity, null, 2)}`);\n log.debug(\n `groups:${req.identity.groups}, isAdmin:${req.identity.isAdmin}, userId:${req.identity.sub}, profileId:${req.identity.profile}, username:${req.identity.username}, requestType:${req.requestType}`,\n );\n }\n\n // if (req.isAdmin) {\n // delete req.filter[\"profileId\"];\n // delete req.filter[\"ownerParentId\"];\n // }\n\n req = await this.processCrudRequestPre(req);\n\n let response: any = await this.handleCrudByMethod(req);\n\n if (response) response = await this.processCrudRequestPost(req, response);\n else response = await this.processCrudRequest(req); // Custom Endpoints\n\n if (!policy?.response) {\n return createApiResponse(200, response);\n }\n\n const filteredResponse = this.filterResponse(response, policy.response);\n\n return createApiResponse(200, filteredResponse);\n } catch (err) {\n const error = errorHandlerHttp(err);\n log.error(error);\n return createApiResponse(error.statusCode, error.content);\n }\n }\n\n setConfig(config: EntityConfig): void {\n this.config = config;\n }\n\n async processCrudRequestPre(req: HttpRequest): Promise<HttpRequest> {\n return req;\n }\n\n async processCrudRequestPost(request: HttpRequest, response: R | List<R>): Promise<R | List<R>> {\n return response;\n }\n\n protected async handleList(methode: HttpMethod, path: string, request: HttpRequest): Promise<any> {\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH)) {\n return await this.service.find(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search\") {\n return this.service.search(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query\") {\n return this.service.searchQuery(request?.filter);\n }\n\n if (\n methode === \"GET\" &&\n trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query/total-count\"\n ) {\n return this.service.searchQueryTotalCount(request?.filter);\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/scan\") {\n return await this.service.scan(request?.filter || {});\n }\n }\n\n protected async handlePermission(req: HttpRequest, path: string) {\n if (req.methode === \"POST\" && trimSpecialChar(path) === trimSpecialChar(this.config.ROLE_PATH) + \"/add-role\")\n return this.roleController.addRole(\"userPoolId\", req.body.groupName, req.body.description);\n\n if (req.methode === \"GET\") return this.roleController.listPermissions();\n if (req.methode === \"POST\") return this.roleController.addPermission(req.body);\n if (req.methode === \"PATCH\") return this.roleController.updatePermission(req.entityId, req.body);\n if (req.methode === \"DELETE\") return this.roleController.deletePermission(req.entityId);\n\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] unsupported method\");\n }\n\n protected async handleUpdate(entityId: string, requestBody: any, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PATCH resource without id field\");\n\n const entity = this.parseEntity(requestBody);\n\n if (Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No fields to update\");\n }\n\n const fieldName = this.config.DYNAMO_DB?.MAP?.partitionKey ?? \"id\";\n\n // id change is forbidden\n if (entity[fieldName]) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot modify the id field\");\n }\n\n entity[fieldName] = entityId;\n return this.service.update(entity, requestedUser);\n }\n\n protected async handleDelete(entityId: string, requestedUser?: CognitoUser): Promise<boolean> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot delete resource without id field\");\n\n return this.service.remove(entityId, requestedUser);\n }\n\n protected async handleFetch(entityId: string, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot fetch resource without id field\");\n\n const result = await this.service.findById(entityId, requestedUser);\n\n if (result) return result;\n\n throw new ErrorHttp({ code: 404, error: \"NotFound\" }, `[CORE] Resource with ID ${entityId} not found`);\n }\n\n protected async handleReplace(entityId: string, entity: any, requestedUser?: CognitoUser) {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n\n if (!Object.keys(entity).length) {\n throw new ErrorHttp({ code: 400, error: \"Bad Request\" }, \"[CORE] No entity provided for PUT update\");\n }\n\n if (!entityId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n }\n\n entity.id = entityId;\n\n return this.service.update(entity, requestedUser);\n }\n\n protected async handlePostCreate(entity: R, cognitoUser: CognitoUser) {\n if (!entity || Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No entity payload provided\");\n }\n\n if (!entity.ownerId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No ownerId provided\");\n }\n\n // Initialize IDs\n const { ownerId, ownerParentId: inputParentId } = entity;\n let profileId = ownerId;\n let parentId: string;\n\n // Determine parentId and profileId\n if (cognitoUser.isAdmin && inputParentId) {\n parentId = inputParentId;\n } else if (cognitoUser.isParent) {\n console.log(\"is parent becomming true\");\n\n parentId = cognitoUser.profile;\n } else {\n console.log(\"is parent not becomming true\");\n console.log(\"the value of isParent: \", cognitoUser.isParent, typeof cognitoUser.isParent);\n\n parentId = cognitoUser.parentId;\n profileId = cognitoUser.profile;\n }\n\n // Remove fields that shouldn't be saved directly\n delete entity.ownerParentId;\n delete entity.ownerId;\n\n // Save entity\n return this.service.save(entity, profileId, parentId, cognitoUser);\n }\n\n protected abstract processCrudRequest(event: HttpRequest): Promise<any>;\n\n protected isPermissionRequest(path: string): boolean {\n if (this.config.ROLE_PATH && this.config.ROLE_TABLE && this.roleController) {\n const rolePath = trimSpecialChar(this.config.ROLE_PATH);\n const normalizedPath = trimSpecialChar(path);\n return normalizedPath.includes(rolePath);\n }\n\n return false;\n }\n\n protected isListRequest(methode: HttpMethod, path: string): boolean {\n const basePath = trimSpecialChar(this.config.BASE_PATH);\n\n const allowedPaths = [\n basePath,\n `${basePath}/search`,\n `${basePath}/scan`,\n `${basePath}/search/query`,\n `${basePath}/search/query/total-count`,\n ];\n\n const isMethodGet = methode === \"GET\";\n const isAllowedPath = allowedPaths.includes(trimSpecialChar(path));\n\n return isMethodGet && isAllowedPath;\n }\n\n protected isUpdateRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodPatch = methode === \"PATCH\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodPatch && isExpectedPath;\n }\n\n protected isDeleteRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodDelete = methode === \"DELETE\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodDelete && isExpectedPath;\n }\n\n protected isFetchRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"GET\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPostRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}`;\n const isMethodGet = methode === \"POST\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPutRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"PUT\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n private async handleCrudByMethod(req: HttpRequest): Promise<any> {\n const path = req.event?.requestContext?.resourcePath;\n\n const entity = this.parseEntity(req.body);\n\n if (this.isPermissionRequest(path)) return this.handlePermission(req, path);\n if (this.isUpdateRequest(req.methode, path)) return this.handleUpdate(req.entityId, entity, req.identity);\n if (this.isDeleteRequest(req.methode, path)) return this.handleDelete(req.entityId, req.identity);\n if (this.isFetchRequest(req.methode, path)) return this.handleFetch(req.entityId, req.identity);\n if (this.isPutRequest(req.methode, path)) return this.handleReplace(req.entityId, entity, req.identity);\n if (this.isPostRequest(req.methode, path)) return this.handlePostCreate(entity, req.identity);\n if (this.isListRequest(req.methode, path)) return this.handleList(req.methode, path, req);\n\n return null;\n }\n\n private filterResponse(response: any, responsePolicy: ResponseFields): any {\n if (Array.isArray(response)) {\n return removeFields(response, responsePolicy.include, responsePolicy.exclude);\n }\n\n if (response?.items && Array.isArray(response.items)) {\n response.items = removeFields(response.items, responsePolicy.include, responsePolicy.exclude);\n return response;\n }\n\n return removeFields([response], responsePolicy.include, responsePolicy.exclude)[0];\n }\n\n /** Map RequestType to Access for permission checking */\n private getUserAccessLevel(requestType: RequestType): Access {\n switch (requestType) {\n case RequestType.ADMIN:\n return Access.ADMIN;\n case RequestType.USER:\n return Access.USER;\n case RequestType.GUEST:\n return Access.PUBLIC;\n case RequestType.SYSTEM:\n return Access.SYSTEM;\n default:\n return Access.PUBLIC;\n }\n }\n\n /** Check if the user has permission for the current operation */\n private checkPermission(allowedAccess: Access[], requestType: RequestType) {\n const currentAccessLevel = this.getUserAccessLevel(requestType);\n\n // This means USER can access OWNER-level permissions, but the service will verify actual ownership\n const hasPermission =\n allowedAccess.includes(currentAccessLevel) ||\n (requestType === RequestType.USER && allowedAccess.includes(Access.OWNER));\n\n if (hasPermission) return;\n\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Access denied. Required: ${allowedAccess.join(\", \")}, Current: ${currentAccessLevel}`,\n );\n }\n\n private setUserFilter(request: any, isAdmin: boolean, profileId: string) {\n if (isAdmin && !profileId) return;\n const ownerIdFieldName = this.config.OWNER_ID_FIELD_NAME || \"ownerId\";\n request.filterAndSort[ownerIdFieldName] = profileId;\n return request.filterAndSort;\n }\n\n private parseEntity(requestBody: any): R {\n if (!requestBody) return {} as R;\n return typeof requestBody === \"string\" ? JSON.parse(requestBody) : requestBody;\n }\n\n private validateRequest(schema: any, requestBody: any) {\n if (!schema) return;\n\n try {\n validateWithSchema(schema, requestBody);\n } catch (error) {\n const formattedErrors = formatErrors(error);\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, formattedErrors);\n }\n }\n}\n"]}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import { Permission } from "../model/role.model";
|
|
2
|
+
import { ScopeMap } from "../model/base.model";
|
|
3
|
+
import { HttpRequest } from "../utils/http/http.util";
|
|
4
|
+
import { PermissionService } from "../service/permission.service";
|
|
5
|
+
/**
|
|
6
|
+
* ControllerRole — centralized Permission CRUD + RBAC access enforcement.
|
|
7
|
+
*
|
|
8
|
+
* All caching and DB orchestration lives in PermissionService.
|
|
9
|
+
*
|
|
10
|
+
* Scope validation, scope filtering, and permission checks are centralized here
|
|
11
|
+
* so that ControllerApi (and any other consumer) delegates without duplicating logic.
|
|
12
|
+
*/
|
|
13
|
+
export declare class ControllerRole {
|
|
14
|
+
protected readonly permissionService: PermissionService;
|
|
15
|
+
constructor(roleTableName: string);
|
|
16
|
+
addPermission(input: {
|
|
17
|
+
role: string;
|
|
18
|
+
resource: string;
|
|
19
|
+
scope: string;
|
|
20
|
+
method: Permission["method"];
|
|
21
|
+
}): Promise<Permission>;
|
|
22
|
+
updatePermission(id: string, updates: Partial<Pick<Permission, "role" | "resource" | "scope" | "method">>): Promise<Permission>;
|
|
23
|
+
deletePermission(id: string): Promise<boolean>;
|
|
24
|
+
getPermission(id: string): Promise<Permission | null>;
|
|
25
|
+
listPermissions(): Promise<Permission[]>;
|
|
26
|
+
addRole(userPoolId: string, groupName: string, description?: string): Promise<{
|
|
27
|
+
groupName: string;
|
|
28
|
+
description?: string;
|
|
29
|
+
}>;
|
|
30
|
+
assignRole(userPoolId: string, username: string, groupName: string): Promise<void>;
|
|
31
|
+
hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean>;
|
|
32
|
+
getPermissionByKey(permissionKey: string): Promise<Permission | null>;
|
|
33
|
+
/**
|
|
34
|
+
* Centralized RBAC check: validates scope, checks permission via DB, applies scope filter.
|
|
35
|
+
*
|
|
36
|
+
* Only runs when both `role` and `scope` are present in the request.
|
|
37
|
+
* When either is absent, scope filters are cleared to block user injection.
|
|
38
|
+
*
|
|
39
|
+
* @param req The parsed HTTP request
|
|
40
|
+
* @param resource The resource name (e.g. "property")
|
|
41
|
+
* @param scopeMap The scope configuration from EntityConfig
|
|
42
|
+
*/
|
|
43
|
+
checkRbacAccess(req: HttpRequest, resource: string, scopeMap: ScopeMap): Promise<void>;
|
|
44
|
+
/** Extract user role from JWT groups. */
|
|
45
|
+
private extractRole;
|
|
46
|
+
/** Resolve and validate the scope query param against the ScopeMap. */
|
|
47
|
+
private resolveScope;
|
|
48
|
+
/**
|
|
49
|
+
* Apply scope-based data filter from identity claims.
|
|
50
|
+
* Clears ALL scope-controlled filter fields first (block injection),
|
|
51
|
+
* then sets only the matched scope's claim value.
|
|
52
|
+
*/
|
|
53
|
+
private applyScopeFilter;
|
|
54
|
+
/** Clear all scope-controlled filter fields — prevents user injection when no RBAC applies. */
|
|
55
|
+
private removeScopeFilter;
|
|
56
|
+
}
|
|
@@ -0,0 +1,140 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ControllerRole = void 0;
|
|
4
|
+
const exception_1 = require("../exception");
|
|
5
|
+
const permission_service_1 = require("../service/permission.service");
|
|
6
|
+
const cognito_1 = require("../function/cognito");
|
|
7
|
+
/**
|
|
8
|
+
* ControllerRole — centralized Permission CRUD + RBAC access enforcement.
|
|
9
|
+
*
|
|
10
|
+
* All caching and DB orchestration lives in PermissionService.
|
|
11
|
+
*
|
|
12
|
+
* Scope validation, scope filtering, and permission checks are centralized here
|
|
13
|
+
* so that ControllerApi (and any other consumer) delegates without duplicating logic.
|
|
14
|
+
*/
|
|
15
|
+
class ControllerRole {
|
|
16
|
+
permissionService;
|
|
17
|
+
constructor(roleTableName) {
|
|
18
|
+
this.permissionService = new permission_service_1.PermissionService(roleTableName);
|
|
19
|
+
}
|
|
20
|
+
// ---------------------------------------------------------------------------
|
|
21
|
+
// CRUD
|
|
22
|
+
// ---------------------------------------------------------------------------
|
|
23
|
+
async addPermission(input) {
|
|
24
|
+
return this.permissionService.createPermission(input);
|
|
25
|
+
}
|
|
26
|
+
async updatePermission(id, updates) {
|
|
27
|
+
return this.permissionService.updatePermission(id, updates);
|
|
28
|
+
}
|
|
29
|
+
async deletePermission(id) {
|
|
30
|
+
return this.permissionService.deletePermission(id);
|
|
31
|
+
}
|
|
32
|
+
async getPermission(id) {
|
|
33
|
+
if (!id)
|
|
34
|
+
throw new exception_1.ErrorHttp({ code: 400, error: "BadRequest" }, "Permission id is required");
|
|
35
|
+
return this.permissionService.getPermissionById(id);
|
|
36
|
+
}
|
|
37
|
+
async listPermissions() {
|
|
38
|
+
return this.permissionService.listPermissions();
|
|
39
|
+
}
|
|
40
|
+
// ---------------------------------------------------------------------------
|
|
41
|
+
// Role (Cognito group)
|
|
42
|
+
// ---------------------------------------------------------------------------
|
|
43
|
+
async addRole(userPoolId, groupName, description) {
|
|
44
|
+
return (0, cognito_1.createGroup)(userPoolId, groupName, description);
|
|
45
|
+
}
|
|
46
|
+
async assignRole(userPoolId, username, groupName) {
|
|
47
|
+
return (0, cognito_1.addUserToGroup)(userPoolId, username, groupName);
|
|
48
|
+
}
|
|
49
|
+
// ---------------------------------------------------------------------------
|
|
50
|
+
// Permission check
|
|
51
|
+
// ---------------------------------------------------------------------------
|
|
52
|
+
async hasPermission(role, resource, scope, method) {
|
|
53
|
+
return this.permissionService.hasPermission(role, resource, scope, method);
|
|
54
|
+
}
|
|
55
|
+
async getPermissionByKey(permissionKey) {
|
|
56
|
+
return this.permissionService.getPermissionByKey(permissionKey);
|
|
57
|
+
}
|
|
58
|
+
// ---------------------------------------------------------------------------
|
|
59
|
+
// RBAC access enforcement (used by ControllerApi)
|
|
60
|
+
// ---------------------------------------------------------------------------
|
|
61
|
+
/**
|
|
62
|
+
* Centralized RBAC check: validates scope, checks permission via DB, applies scope filter.
|
|
63
|
+
*
|
|
64
|
+
* Only runs when both `role` and `scope` are present in the request.
|
|
65
|
+
* When either is absent, scope filters are cleared to block user injection.
|
|
66
|
+
*
|
|
67
|
+
* @param req The parsed HTTP request
|
|
68
|
+
* @param resource The resource name (e.g. "property")
|
|
69
|
+
* @param scopeMap The scope configuration from EntityConfig
|
|
70
|
+
*/
|
|
71
|
+
async checkRbacAccess(req, resource, scopeMap) {
|
|
72
|
+
const role = this.extractRole(req);
|
|
73
|
+
const scope = this.resolveScope(req, scopeMap);
|
|
74
|
+
const method = req.methode.toUpperCase();
|
|
75
|
+
if (role && scope) {
|
|
76
|
+
const allowed = await this.permissionService.hasPermission(role, resource, scope, method);
|
|
77
|
+
if (!allowed) {
|
|
78
|
+
const key = `${role}#${resource}#${scope}`;
|
|
79
|
+
throw new exception_1.ErrorHttp({ code: 403, error: "PermissionDenied" }, `Permission denied: role="${role}" lacks "${key}.${method}"`);
|
|
80
|
+
}
|
|
81
|
+
this.applyScopeFilter(req, scope, scopeMap);
|
|
82
|
+
}
|
|
83
|
+
else {
|
|
84
|
+
this.removeScopeFilter(req, scopeMap);
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
// ---------------------------------------------------------------------------
|
|
88
|
+
// Scope helpers (private — single source of truth)
|
|
89
|
+
// ---------------------------------------------------------------------------
|
|
90
|
+
/** Extract user role from JWT groups. */
|
|
91
|
+
extractRole(req) {
|
|
92
|
+
return req.identity?.groups?.[0];
|
|
93
|
+
}
|
|
94
|
+
/** Resolve and validate the scope query param against the ScopeMap. */
|
|
95
|
+
resolveScope(req, scopeMap) {
|
|
96
|
+
if (!scopeMap?.size)
|
|
97
|
+
return undefined;
|
|
98
|
+
const scope = req.queryStringParameters?.scope || req.customQueryParameters?.scope;
|
|
99
|
+
if (!scope)
|
|
100
|
+
return undefined;
|
|
101
|
+
if (!scopeMap.has(scope)) {
|
|
102
|
+
const allowed = Array.from(scopeMap.keys()).join(", ");
|
|
103
|
+
throw new exception_1.ErrorHttp({ code: 400, error: "BadRequest" }, `Invalid scope "${scope}". Allowed: ${allowed}`);
|
|
104
|
+
}
|
|
105
|
+
return scope;
|
|
106
|
+
}
|
|
107
|
+
/**
|
|
108
|
+
* Apply scope-based data filter from identity claims.
|
|
109
|
+
* Clears ALL scope-controlled filter fields first (block injection),
|
|
110
|
+
* then sets only the matched scope's claim value.
|
|
111
|
+
*/
|
|
112
|
+
applyScopeFilter(req, scope, scopeMap) {
|
|
113
|
+
if (!req.filter)
|
|
114
|
+
req.filter = {};
|
|
115
|
+
for (const [, entry] of scopeMap) {
|
|
116
|
+
delete req.filter[entry.filterField];
|
|
117
|
+
}
|
|
118
|
+
const mapping = scopeMap.get(scope);
|
|
119
|
+
if (!mapping)
|
|
120
|
+
return;
|
|
121
|
+
const claimKey = mapping.claimKey ?? "custom:" + scope;
|
|
122
|
+
const claimValue = req.identity?.[claimKey] || req.identity?.attributes?.[claimKey];
|
|
123
|
+
if (!claimValue) {
|
|
124
|
+
throw new exception_1.ErrorHttp({ code: 403, error: "PermissionDenied" }, `Missing claim "${claimKey}" for scope "${scope}"`);
|
|
125
|
+
}
|
|
126
|
+
req.filter[mapping.filterField] = claimValue;
|
|
127
|
+
delete req.filter?.scope;
|
|
128
|
+
}
|
|
129
|
+
/** Clear all scope-controlled filter fields — prevents user injection when no RBAC applies. */
|
|
130
|
+
removeScopeFilter(req, scopeMap) {
|
|
131
|
+
if (!req.filter)
|
|
132
|
+
req.filter = {};
|
|
133
|
+
for (const [, entry] of scopeMap) {
|
|
134
|
+
delete req.filter[entry.filterField];
|
|
135
|
+
}
|
|
136
|
+
delete req.filter["scope"];
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
exports.ControllerRole = ControllerRole;
|
|
140
|
+
//# sourceMappingURL=controller-role.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"controller-role.js","sourceRoot":"","sources":["../../src/controller/controller-role.ts"],"names":[],"mappings":";;;AAAA,4CAAyC;AAIzC,sEAAkE;AAClE,iDAAkE;AAElE;;;;;;;GAOG;AACH,MAAa,cAAc;IACN,iBAAiB,CAAoB;IAExD,YAAY,aAAqB;QAC/B,IAAI,CAAC,iBAAiB,GAAG,IAAI,sCAAiB,CAAC,aAAa,CAAC,CAAC;IAChE,CAAC;IAED,8EAA8E;IAC9E,OAAO;IACP,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,KAKnB;QACC,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,EAAU,EACV,OAA4E;QAE5E,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,EAAU;QAC/B,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAU;QAC5B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;QAC9F,OAAO,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,iBAAiB,CAAC,eAAe,EAAE,CAAC;IAClD,CAAC;IAED,8EAA8E;IAC9E,uBAAuB;IACvB,8EAA8E;IAE9E,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAE,SAAiB,EAAE,WAAoB;QACvE,OAAO,IAAA,qBAAW,EAAC,UAAU,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;QACtE,OAAO,IAAA,wBAAc,EAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC;IAED,8EAA8E;IAC9E,mBAAmB;IACnB,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,QAAgB,EAAE,KAAa,EAAE,MAAc;QAC/E,OAAO,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,aAAqB;QAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAClE,CAAC;IAED,8EAA8E;IAC9E,kDAAkD;IAClD,8EAA8E;IAE9E;;;;;;;;;OASG;IACH,KAAK,CAAC,eAAe,CAAC,GAAgB,EAAE,QAAgB,EAAE,QAAkB;QAC1E,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAEzC,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;YAClB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAE1F,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,GAAG,GAAG,GAAG,IAAI,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAC3C,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,4BAA4B,IAAI,YAAY,GAAG,IAAI,MAAM,GAAG,CAC7D,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,mDAAmD;IACnD,8EAA8E;IAE9E,yCAAyC;IACjC,WAAW,CAAC,GAAgB;QAClC,OAAO,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACnC,CAAC;IAED,uEAAuE;IAC/D,YAAY,CAAC,GAAgB,EAAE,QAAkB;QACvD,IAAI,CAAC,QAAQ,EAAE,IAAI;YAAE,OAAO,SAAS,CAAC;QAEtC,MAAM,KAAK,GAAG,GAAG,CAAC,qBAAqB,EAAE,KAAK,IAAI,GAAG,CAAC,qBAAqB,EAAE,KAAK,CAAC;QACnF,IAAI,CAAC,KAAK;YAAE,OAAO,SAAS,CAAC;QAE7B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,kBAAkB,KAAK,eAAe,OAAO,EAAE,CAAC,CAAC;QAC3G,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACK,gBAAgB,CAAC,GAAgB,EAAE,KAAa,EAAE,QAAkB;QAC1E,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjC,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO;YAAE,OAAO;QAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,GAAG,KAAK,CAAC;QACvD,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEpF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,kBAAkB,QAAQ,gBAAgB,KAAK,GAAG,CAAC,CAAC;QACpH,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,UAAU,CAAC;QAC7C,OAAO,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC;IAC3B,CAAC;IAED,+FAA+F;IACvF,iBAAiB,CAAC,GAAgB,EAAE,QAAkB;QAC5D,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjC,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;CACF;AA/JD,wCA+JC","sourcesContent":["import { ErrorHttp } from \"../exception\";\nimport { Permission } from \"../model/role.model\";\nimport { ScopeMap } from \"../model/base.model\";\nimport { HttpRequest } from \"../utils/http/http.util\";\nimport { PermissionService } from \"../service/permission.service\";\nimport { createGroup, addUserToGroup } from \"../function/cognito\";\n\n/**\n * ControllerRole — centralized Permission CRUD + RBAC access enforcement.\n *\n * All caching and DB orchestration lives in PermissionService.\n *\n * Scope validation, scope filtering, and permission checks are centralized here\n * so that ControllerApi (and any other consumer) delegates without duplicating logic.\n */\nexport class ControllerRole {\n protected readonly permissionService: PermissionService;\n\n constructor(roleTableName: string) {\n this.permissionService = new PermissionService(roleTableName);\n }\n\n // ---------------------------------------------------------------------------\n // CRUD\n // ---------------------------------------------------------------------------\n\n async addPermission(input: {\n role: string;\n resource: string;\n scope: string;\n method: Permission[\"method\"];\n }): Promise<Permission> {\n return this.permissionService.createPermission(input);\n }\n\n async updatePermission(\n id: string,\n updates: Partial<Pick<Permission, \"role\" | \"resource\" | \"scope\" | \"method\">>,\n ): Promise<Permission> {\n return this.permissionService.updatePermission(id, updates);\n }\n\n async deletePermission(id: string): Promise<boolean> {\n return this.permissionService.deletePermission(id);\n }\n\n async getPermission(id: string): Promise<Permission | null> {\n if (!id) throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"Permission id is required\");\n return this.permissionService.getPermissionById(id);\n }\n\n async listPermissions(): Promise<Permission[]> {\n return this.permissionService.listPermissions();\n }\n\n // ---------------------------------------------------------------------------\n // Role (Cognito group)\n // ---------------------------------------------------------------------------\n\n async addRole(userPoolId: string, groupName: string, description?: string) {\n return createGroup(userPoolId, groupName, description);\n }\n\n async assignRole(userPoolId: string, username: string, groupName: string): Promise<void> {\n return addUserToGroup(userPoolId, username, groupName);\n }\n\n // ---------------------------------------------------------------------------\n // Permission check\n // ---------------------------------------------------------------------------\n\n async hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean> {\n return this.permissionService.hasPermission(role, resource, scope, method);\n }\n\n async getPermissionByKey(permissionKey: string): Promise<Permission | null> {\n return this.permissionService.getPermissionByKey(permissionKey);\n }\n\n // ---------------------------------------------------------------------------\n // RBAC access enforcement (used by ControllerApi)\n // ---------------------------------------------------------------------------\n\n /**\n * Centralized RBAC check: validates scope, checks permission via DB, applies scope filter.\n *\n * Only runs when both `role` and `scope` are present in the request.\n * When either is absent, scope filters are cleared to block user injection.\n *\n * @param req The parsed HTTP request\n * @param resource The resource name (e.g. \"property\")\n * @param scopeMap The scope configuration from EntityConfig\n */\n async checkRbacAccess(req: HttpRequest, resource: string, scopeMap: ScopeMap): Promise<void> {\n const role = this.extractRole(req);\n const scope = this.resolveScope(req, scopeMap);\n const method = req.methode.toUpperCase();\n\n if (role && scope) {\n const allowed = await this.permissionService.hasPermission(role, resource, scope, method);\n\n if (!allowed) {\n const key = `${role}#${resource}#${scope}`;\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Permission denied: role=\"${role}\" lacks \"${key}.${method}\"`,\n );\n }\n\n this.applyScopeFilter(req, scope, scopeMap);\n } else {\n this.removeScopeFilter(req, scopeMap);\n }\n }\n\n // ---------------------------------------------------------------------------\n // Scope helpers (private — single source of truth)\n // ---------------------------------------------------------------------------\n\n /** Extract user role from JWT groups. */\n private extractRole(req: HttpRequest): string | undefined {\n return req.identity?.groups?.[0];\n }\n\n /** Resolve and validate the scope query param against the ScopeMap. */\n private resolveScope(req: HttpRequest, scopeMap: ScopeMap): string | undefined {\n if (!scopeMap?.size) return undefined;\n\n const scope = req.queryStringParameters?.scope || req.customQueryParameters?.scope;\n if (!scope) return undefined;\n\n if (!scopeMap.has(scope)) {\n const allowed = Array.from(scopeMap.keys()).join(\", \");\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, `Invalid scope \"${scope}\". Allowed: ${allowed}`);\n }\n\n return scope;\n }\n\n /**\n * Apply scope-based data filter from identity claims.\n * Clears ALL scope-controlled filter fields first (block injection),\n * then sets only the matched scope's claim value.\n */\n private applyScopeFilter(req: HttpRequest, scope: string, scopeMap: ScopeMap): void {\n if (!req.filter) req.filter = {};\n\n for (const [, entry] of scopeMap) {\n delete req.filter[entry.filterField];\n }\n\n const mapping = scopeMap.get(scope);\n if (!mapping) return;\n\n const claimKey = mapping.claimKey ?? \"custom:\" + scope;\n const claimValue = req.identity?.[claimKey] || req.identity?.attributes?.[claimKey];\n\n if (!claimValue) {\n throw new ErrorHttp({ code: 403, error: \"PermissionDenied\" }, `Missing claim \"${claimKey}\" for scope \"${scope}\"`);\n }\n\n req.filter[mapping.filterField] = claimValue;\n delete req.filter?.scope;\n }\n\n /** Clear all scope-controlled filter fields — prevents user injection when no RBAC applies. */\n private removeScopeFilter(req: HttpRequest, scopeMap: ScopeMap): void {\n if (!req.filter) req.filter = {};\n\n for (const [, entry] of scopeMap) {\n delete req.filter[entry.filterField];\n }\n delete req.filter[\"scope\"];\n }\n}\n"]}
|
package/dist/controller/index.js
CHANGED
|
@@ -17,4 +17,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
17
17
|
__exportStar(require("./base-controller"), exports);
|
|
18
18
|
__exportStar(require("./controller-api"), exports);
|
|
19
19
|
__exportStar(require("./controller-stream"), exports);
|
|
20
|
+
__exportStar(require("./controller-role"), exports);
|
|
20
21
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/controller/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,mDAAiC;AACjC,sDAAoC","sourcesContent":["export * from \"./base-controller\";\nexport * from \"./controller-api\";\nexport * from \"./controller-stream\";\n"]}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/controller/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,mDAAiC;AACjC,sDAAoC;AACpC,oDAAkC","sourcesContent":["export * from \"./base-controller\";\nexport * from \"./controller-api\";\nexport * from \"./controller-stream\";\nexport * from \"./controller-role\";\n"]}
|
|
@@ -25,3 +25,8 @@ export declare function setProfileId(userPoolId: string, user: CognitoUser, prof
|
|
|
25
25
|
export declare function setCustomValue(userPoolId: string, user: CognitoUser, customFieldName: string, fieldValue: any): Promise<CognitoUser>;
|
|
26
26
|
export declare function persistCustomValue(userPoolId: string, user: CognitoUser, customFieldName: string, fieldValue: any): Promise<void>;
|
|
27
27
|
export declare function findAll(userPoolId: string, page?: number, size?: number): Promise<CognitoUser[]>;
|
|
28
|
+
export declare function createGroup(userPoolId: string, groupName: string, description?: string): Promise<{
|
|
29
|
+
groupName: string;
|
|
30
|
+
description?: string;
|
|
31
|
+
}>;
|
|
32
|
+
export declare function addUserToGroup(userPoolId: string, username: string, groupName: string): Promise<void>;
|
|
@@ -48,6 +48,8 @@ exports.setProfileId = setProfileId;
|
|
|
48
48
|
exports.setCustomValue = setCustomValue;
|
|
49
49
|
exports.persistCustomValue = persistCustomValue;
|
|
50
50
|
exports.findAll = findAll;
|
|
51
|
+
exports.createGroup = createGroup;
|
|
52
|
+
exports.addUserToGroup = addUserToGroup;
|
|
51
53
|
const client_cognito_identity_provider_1 = require("@aws-sdk/client-cognito-identity-provider");
|
|
52
54
|
const cognito_user_model_1 = require("../../model/cognito-user.model");
|
|
53
55
|
function mapCognitoAttributes(attributes) {
|
|
@@ -343,4 +345,24 @@ async function findAll(userPoolId, page = 1, size = 50) {
|
|
|
343
345
|
}
|
|
344
346
|
return users;
|
|
345
347
|
}
|
|
348
|
+
async function createGroup(userPoolId, groupName, description) {
|
|
349
|
+
const command = new client_cognito_identity_provider_1.CreateGroupCommand({
|
|
350
|
+
UserPoolId: userPoolId,
|
|
351
|
+
GroupName: groupName,
|
|
352
|
+
Description: description,
|
|
353
|
+
});
|
|
354
|
+
const response = await cognitoClient.send(command);
|
|
355
|
+
return {
|
|
356
|
+
groupName: response.Group?.GroupName,
|
|
357
|
+
description: response.Group?.Description,
|
|
358
|
+
};
|
|
359
|
+
}
|
|
360
|
+
async function addUserToGroup(userPoolId, username, groupName) {
|
|
361
|
+
const command = new client_cognito_identity_provider_1.AdminAddUserToGroupCommand({
|
|
362
|
+
UserPoolId: userPoolId,
|
|
363
|
+
Username: username,
|
|
364
|
+
GroupName: groupName,
|
|
365
|
+
});
|
|
366
|
+
await cognitoClient.send(command);
|
|
367
|
+
}
|
|
346
368
|
//# sourceMappingURL=cognito.function.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cognito.function.js","sourceRoot":"","sources":["../../../src/function/cognito/cognito.function.ts"],"names":[],"mappings":";AAAA,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2BtB,8CAkDC;AAED,8CAyDC;AAED,8CAIC;AAED,gDAIC;AAED,8CAOC;AAED,wCAuBC;AAED,oDAuCC;AAED,kDAUC;AAED,kDAcC;AAKD,wDAQC;AAMD,oCAcC;AAMD,wCAmBC;AAGD,gDAeC;AAED,0BA+CC;AAtXD,gGAUmD;AACnD,uEAA0F;AAE1F,SAAS,oBAAoB,CAAC,UAA4B;IACxD,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,UAAU,IAAI,EAAE,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,aAAa,GAAG,IAAI,gEAA6B,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;AAErF,KAAK,UAAU,iBAAiB,CACrC,UAAkB,EAClB,IAAiB,EACjB,QAAiB;IAEjB,MAAM,cAAc,GAAoB,EAAE,CAAC;IAE3C,IAAI,IAAI,CAAC,KAAK;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1E,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,YAAY;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IAC/F,IAAI,IAAI,CAAC,SAAS;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACvF,IAAI,IAAI,CAAC,UAAU;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAC1F,IAAI,IAAI,CAAC,MAAM;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,IAAI,IAAI,CAAC,QAAQ;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnF,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,SAAS;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACtF,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,kBAAkB;QACzB,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,0BAA0B,EAAE,KAAK,EAAE,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAC5F,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,QAAQ;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEnF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC;YACnE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,mEAAgC,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,cAAc;KAC/B,CAAC,CACH,CAAC;IAEF,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,EAAE,2BAA2B,EAAE,GAAG,wDAAa,2CAA2C,GAAC,CAAC;QAClG,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,2BAA2B,CAAC;YAC9B,UAAU,EAAE,UAAU;YACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,IAAI;SAChB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,cAAc,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,UAAkB,EAClB,IAAiB,EACjB,QAAiB;IAEjB,MAAM,cAAc,GAAoB;QACtC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;QACpC,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE;QACzC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE,EAAE;QACnD,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE;QACrD,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE;QACrD,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE,EAAE;QAC5C,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE;QAChD,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE,EAAE;QAClD,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,CAAC,YAAY,IAAI,EAAE,EAAE;QACxD,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE;QACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,IAAI,CAAC,kBAAkB,IAAI,EAAE,EAAE;QACpE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE;KACjD,CAAC;IAEF,wBAAwB;IACxB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC;YACnE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC;QACzC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,cAAc;QAC9B,iBAAiB,EAAE,QAAQ;QAC3B,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,EAAE,gDAAgD;KACnG,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAE9D,OAAO;QACL,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ;QAClD,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;QAC7B,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE,UAA+B;QAC1D,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,OAAO;QAC/B,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE;QACvD,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE;QAC7D,SAAS,EAAE,6BAAQ,CAAC,EAAE;KACvB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,UAAU,EAAE,QAAQ;IAC1D,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE3F,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAEM,KAAK,UAAU,kBAAkB,CAAC,UAAU,EAAE,QAAQ;IAC3D,MAAM,OAAO,GAAG,IAAI,0DAAuB,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE5F,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,UAAkB,EAAE,QAAgB;IAC1E,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC;QACzC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IAEH,OAAO,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAEM,KAAK,UAAU,cAAc,CAAC,UAAkB,EAAE,QAAgB;IACvE,MAAM,OAAO,GAAG,IAAI,sDAAmB,CAAC;QACtC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAE5D,OAAO;QACL,QAAQ;QACR,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;QAC7B,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,QAAQ,CAAC,UAA+B;QACpD,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,SAAS,EAAE,QAAQ,CAAC,cAAc,EAAE,WAAW,EAAE;QACjD,SAAS,EAAE,QAAQ,CAAC,oBAAoB,EAAE,WAAW,EAAE;QACvD,SAAS,EAAE,6BAAQ,CAAC,EAAE;KACvB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,UAAkB,EAClB,aAAqB,EACrB,cAAsB;IAEtB,MAAM,OAAO,GAAG,IAAI,mDAAgB,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,MAAM,EAAE,GAAG,aAAa,OAAO,cAAc,GAAG;KACjD,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,gBAAgB,GAAkB,EAAE,CAAC;QAE3C,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,gBAAgB,CAAC;QAElD,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEpD,gBAAgB,CAAC,IAAI,CAAC;gBACpB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,SAAS,EAAE,KAAK,CAAC,UAAU;gBAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;gBAC7B,UAAU,EAAE,KAAK;gBACjB,UAAU,EAAE,IAAI,CAAC,UAA+B;gBAChD,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,IAAI,CAAC,cAAc,EAAE,WAAW,EAAE;gBAC7C,SAAS,EAAE,IAAI,CAAC,oBAAoB,EAAE,WAAW,EAAE;gBACnD,SAAS,EAAE,6BAAQ,CAAC,EAAE;aACvB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,mBAAmB,CAAC,UAAkB,EAAE,KAAa,EAAE,SAAiB;IAC5F,+BAA+B;IAC/B,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,iCAAiC;IACnF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC;IAElD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,mBAAmB,KAAK,YAAY,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,UAAkB,EAClB,WAAmB,EACnB,SAAiB;IAEjB,sCAAsC;IACtC,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,iCAAiC;IACnF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,WAAW,CAAC,CAAC;IAE/D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,0BAA0B,WAAW,YAAY,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AACD;;;GAGG;AACI,KAAK,UAAU,sBAAsB,CAC1C,UAAkB,EAClB,QAAgB,EAChB,SAAiB;IAEjB,qBAAqB;IACrB,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACxD,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,YAAY,CAAC,UAAkB,EAAE,IAAiB,EAAE,SAAiB;IACzF,0CAA0C;IAC1C,MAAM,kBAAkB,CAAC,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,SAAS,CAAC,CAAC;IAE1E,iCAAiC;IACjC,MAAM,aAAa,GAAG;QACpB,GAAG,IAAI,CAAC,UAAU;QAClB,kBAAkB,EAAE,SAAS;KAC9B,CAAC;IAEF,OAAO;QACL,GAAG,IAAI;QACP,UAAU,EAAE,aAAa;KAC1B,CAAC;AACJ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,cAAc,CAClC,UAAkB,EAClB,IAAiB,EACjB,eAAuB,EACvB,UAAe;IAEf,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,eAAe,EAAE,CAAC;IAEvG,0CAA0C;IAC1C,MAAM,kBAAkB,CAAC,UAAU,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,CAAC,CAAC;IAExE,iCAAiC;IACjC,OAAO;QACL,GAAG,IAAI;QACP,UAAU,EAAE;YACV,GAAG,IAAI,CAAC,UAAU;YAClB,CAAC,QAAQ,CAAC,EAAE,UAAU;SACvB;KACF,CAAC;AACJ,CAAC;AAED,gDAAgD;AACzC,KAAK,UAAU,kBAAkB,CACtC,UAAkB,EAClB,IAAiB,EACjB,eAAuB,EACvB,UAAe;IAEf,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,eAAe,EAAE,CAAC;IAEvG,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,mEAAgC,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;KAChE,CAAC,CACH,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,OAAO,CAAC,UAAkB,EAAE,OAAe,CAAC,EAAE,OAAe,EAAE;IACnF,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,UAAU;QACtB,KAAK,EAAE,IAAI;QACX,eAAe,EAAE,SAA+B;KACjD,CAAC;IAEF,0BAA0B;IAC1B,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,KAAK,GAAkB,EAAE,CAAC;IAE9B,OAAO,WAAW,IAAI,IAAI,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,IAAI,mDAAgB,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAQ,CAAC;QAE5D,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,KAAK;gBACH,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE;oBAC7B,MAAM,KAAK,GAA2B,EAAE,CAAC;oBACzC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;wBACnC,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK;4BAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;oBACjD,CAAC;oBAED,OAAO;wBACL,QAAQ,EAAE,CAAC,CAAC,QAAQ;wBACpB,GAAG,EAAE,KAAK,CAAC,GAAG;wBACd,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,WAAW,EAAE,KAAK,CAAC,YAAY;wBAC/B,SAAS,EAAE,KAAK,CAAC,UAAU;wBAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;wBAC7B,UAAU,EAAE,KAAK;wBACjB,UAAU,EAAE,CAAC,CAAC,UAA+B;wBAC7C,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,SAAS,EAAE,CAAC,CAAC,cAAc,EAAE,WAAW,EAAE;wBAC1C,SAAS,EAAE,CAAC,CAAC,oBAAoB,EAAE,WAAW,EAAE;wBAChD,SAAS,EAAE,IAAI;qBACD,CAAC;gBACnB,CAAC,CAAC,IAAI,EAAE,CAAC;QACb,CAAC;QAED,MAAM,CAAC,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClD,IAAI,CAAC,MAAM,CAAC,eAAe;YAAE,MAAM;QAEnC,WAAW,EAAE,CAAC;IAChB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["// cognito.function.ts\n\nimport {\n AdminCreateUserCommand,\n AdminGetUserCommand,\n AdminDeleteUserCommand,\n AdminUpdateUserAttributesCommand,\n AttributeType,\n CognitoIdentityProviderClient,\n ListUsersCommand,\n AdminEnableUserCommand,\n AdminDisableUserCommand,\n} from \"@aws-sdk/client-cognito-identity-provider\";\nimport { CognitoUser, CognitoUserStatus, TokenUse } from \"../../model/cognito-user.model\";\n\nfunction mapCognitoAttributes(attributes?: AttributeType[]): Record<string, string> {\n const result: Record<string, string> = {};\n for (const attr of attributes || []) {\n if (attr.Name && attr.Value) {\n result[attr.Name] = attr.Value;\n }\n }\n return result;\n}\n\nconst cognitoClient = new CognitoIdentityProviderClient({ region: process.env.AWS_REGION });\n\nexport async function updateCognitoUser(\n userPoolId: string,\n user: CognitoUser,\n password?: string,\n): Promise<CognitoUser> {\n const userAttributes: AttributeType[] = [];\n\n if (user.email) userAttributes.push({ Name: \"email\", Value: user.email });\n if (user.profile) userAttributes.push({ Name: \"profile\", Value: user.profile });\n if (user.phone_number) userAttributes.push({ Name: \"phone_number\", Value: user.phone_number });\n if (user.givenName) userAttributes.push({ Name: \"given_name\", Value: user.givenName });\n if (user.familyName) userAttributes.push({ Name: \"family_name\", Value: user.familyName });\n if (user.gender) userAttributes.push({ Name: \"gender\", Value: user.gender });\n if (user.nickname) userAttributes.push({ Name: \"nickname\", Value: user.nickname });\n if (user.address) userAttributes.push({ Name: \"address\", Value: user.address });\n if (user.birthdate) userAttributes.push({ Name: \"birthdate\", Value: user.birthdate });\n if (user.picture) userAttributes.push({ Name: \"picture\", Value: user.picture });\n if (user.preferred_username)\n userAttributes.push({ Name: \"preff.preferred_username\", Value: user.preferred_username });\n if (user.website) userAttributes.push({ Name: \"website\", Value: user.website });\n if (user.zoneinfo) userAttributes.push({ Name: \"zoneinfo\", Value: user.zoneinfo });\n\n if (user.attributes) {\n for (const [key, value] of Object.entries(user.attributes)) {\n const attrName = key.startsWith(\"custom:\") ? key : `custom:${key}`;\n userAttributes.push({ Name: attrName, Value: String(value) });\n }\n }\n\n await cognitoClient.send(\n new AdminUpdateUserAttributesCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: userAttributes,\n }),\n );\n\n if (password) {\n const { AdminSetUserPasswordCommand } = await import(\"@aws-sdk/client-cognito-identity-provider\");\n await cognitoClient.send(\n new AdminSetUserPasswordCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n Password: password,\n Permanent: true,\n }),\n );\n }\n\n return await getCognitoUser(userPoolId, user.username);\n}\n\nexport async function createCognitoUser(\n userPoolId: string,\n user: CognitoUser,\n password?: string,\n): Promise<CognitoUser> {\n const userAttributes: AttributeType[] = [\n { Name: \"email\", Value: user.email },\n { Name: \"email_verified\", Value: \"true\" },\n { Name: \"profile\", Value: user.profile ?? \"\" },\n { Name: \"given_name\", Value: user.givenName ?? \"\" },\n { Name: \"family_name\", Value: user.familyName ?? \"\" },\n { Name: \"middle_name\", Value: user.middleName ?? \"\" },\n { Name: \"gender\", Value: user.gender ?? \"\" },\n { Name: \"nickname\", Value: user.nickname ?? \"\" },\n { Name: \"address\", Value: user.address ?? \"\" },\n { Name: \"birthdate\", Value: user.birthdate ?? \"\" },\n { Name: \"picture\", Value: user.picture ?? \"\" },\n { Name: \"phone_number\", Value: user.phone_number ?? \"\" },\n { Name: \"phone_number_verified\", Value: user.phone_number_verified ? \"true\" : \"false\" },\n { Name: \"preferred_username\", Value: user.preferred_username ?? \"\" },\n { Name: \"website\", Value: user.website ?? \"\" },\n { Name: \"zoneinfo\", Value: user.zoneinfo ?? \"\" },\n ];\n\n // Add custom attributes\n if (user.attributes) {\n for (const [key, value] of Object.entries(user.attributes)) {\n const attrName = key.startsWith(\"custom:\") ? key : `custom:${key}`;\n userAttributes.push({ Name: attrName, Value: value });\n }\n }\n\n const command = new AdminCreateUserCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: userAttributes,\n TemporaryPassword: password,\n MessageAction: password ? \"SUPPRESS\" : undefined, // Don't send welcome email if password provided\n });\n\n const response = await cognitoClient.send(command);\n const attrs = mapCognitoAttributes(response.User?.Attributes);\n\n return {\n username: response.User?.Username || user.username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: response.User?.UserStatus as CognitoUserStatus,\n enabled: response.User?.Enabled,\n createdAt: response.User?.UserCreateDate?.toISOString(),\n updatedAt: response.User?.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n };\n}\n\nexport async function enableCognitoUser(userPoolId, username) {\n const command = new AdminEnableUserCommand({ UserPoolId: userPoolId, Username: username });\n\n return cognitoClient.send(command);\n}\n\nexport async function disableCognitoUser(userPoolId, username) {\n const command = new AdminDisableUserCommand({ UserPoolId: userPoolId, Username: username });\n\n return cognitoClient.send(command);\n}\n\nexport async function deleteCognitoUser(userPoolId: string, username: string): Promise<any> {\n const command = new AdminDeleteUserCommand({\n UserPoolId: userPoolId,\n Username: username,\n });\n\n return await cognitoClient.send(command);\n}\n\nexport async function getCognitoUser(userPoolId: string, username: string): Promise<CognitoUser> {\n const command = new AdminGetUserCommand({\n UserPoolId: userPoolId,\n Username: username,\n });\n\n const response = await cognitoClient.send(command);\n const attrs = mapCognitoAttributes(response.UserAttributes);\n\n return {\n username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: response.UserStatus as CognitoUserStatus,\n enabled: response.Enabled,\n createdAt: response.UserCreateDate?.toISOString(),\n updatedAt: response.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n };\n}\n\nexport async function listUsersByAttribute(\n userPoolId: string,\n attributeName: string,\n attributeValue: string,\n): Promise<CognitoUser[]> {\n const command = new ListUsersCommand({\n UserPoolId: userPoolId,\n Filter: `${attributeName} = \"${attributeValue}\"`,\n });\n\n try {\n const response = await cognitoClient.send(command);\n const cognitoUsersList: CognitoUser[] = [];\n\n if (response.Users.length === 0) cognitoUsersList;\n\n for (const user of response.Users) {\n const attrs = mapCognitoAttributes(user.Attributes);\n\n cognitoUsersList.push({\n username: user.Username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: user.UserStatus as CognitoUserStatus,\n enabled: user.Enabled,\n createdAt: user.UserCreateDate?.toISOString(),\n updatedAt: user.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n });\n }\n\n return cognitoUsersList;\n } catch (err) {\n console.error(\"Error listing users:\", err);\n }\n}\n\nexport async function setProfileIdByEmail(userPoolId: string, email: string, profileId: string): Promise<CognitoUser> {\n // Find the user by email first\n const users = await findAll(userPoolId, 1, 1000); // Get all users to find by email\n const user = users.find((u) => u.email === email);\n\n if (!user) {\n throw new Error(`User with email ${email} not found`);\n }\n\n return setProfileId(userPoolId, user, profileId);\n}\n\nexport async function setProfileIdByPhone(\n userPoolId: string,\n phoneNumber: string,\n profileId: string,\n): Promise<CognitoUser> {\n // Find the user by phone number first\n const users = await findAll(userPoolId, 1, 1000); // Get all users to find by phone\n const user = users.find((u) => u.phone_number === phoneNumber);\n\n if (!user) {\n throw new Error(`User with phone number ${phoneNumber} not found`);\n }\n\n return setProfileId(userPoolId, user, profileId);\n}\n/**\n * Sets a profileId as a Cognito custom attribute.\n * Returns a **new CognitoUser object** with the attribute updated.\n */\nexport async function setProfileIdByUsername(\n userPoolId: string,\n username: string,\n profileId: string,\n): Promise<CognitoUser> {\n // Get the user first\n const user = await getCognitoUser(userPoolId, username);\n return setProfileId(userPoolId, user, profileId);\n}\n\n/**\n * Sets a profileId as a Cognito custom attribute.\n * Saves the changes to the Cognito user pool and returns the updated CognitoUser object.\n */\nexport async function setProfileId(userPoolId: string, user: CognitoUser, profileId: string): Promise<CognitoUser> {\n // Persist the custom attribute to Cognito\n await persistCustomValue(userPoolId, user, \"custom:profileId\", profileId);\n\n // Return the updated user object\n const newAttributes = {\n ...user.attributes,\n \"custom:profileId\": profileId,\n };\n\n return {\n ...user,\n attributes: newAttributes,\n };\n}\n\n/**\n * Sets a custom attribute on a CognitoUser object.\n * Saves the changes to the Cognito user pool and returns the updated CognitoUser object.\n */\nexport async function setCustomValue(\n userPoolId: string,\n user: CognitoUser,\n customFieldName: string,\n fieldValue: any,\n): Promise<CognitoUser> {\n const attrName = customFieldName.startsWith(\"custom:\") ? customFieldName : `custom:${customFieldName}`;\n\n // Persist the custom attribute to Cognito\n await persistCustomValue(userPoolId, user, customFieldName, fieldValue);\n\n // Return the updated user object\n return {\n ...user,\n attributes: {\n ...user.attributes,\n [attrName]: fieldValue,\n },\n };\n}\n\n// Optional: Persist custom attribute to Cognito\nexport async function persistCustomValue(\n userPoolId: string,\n user: CognitoUser,\n customFieldName: string,\n fieldValue: any,\n): Promise<void> {\n const attrName = customFieldName.startsWith(\"custom:\") ? customFieldName : `custom:${customFieldName}`;\n\n await cognitoClient.send(\n new AdminUpdateUserAttributesCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: [{ Name: attrName, Value: String(fieldValue) }],\n }),\n );\n}\n\nexport async function findAll(userPoolId: string, page: number = 1, size: number = 50): Promise<CognitoUser[]> {\n const params = {\n UserPoolId: userPoolId,\n Limit: size,\n PaginationToken: undefined as string | undefined,\n };\n\n // simple pagination logic\n let currentPage = 1;\n let users: CognitoUser[] = [];\n\n while (currentPage <= page) {\n const command = new ListUsersCommand(params);\n const response = (await cognitoClient.send(command)) as any;\n\n if (currentPage === page) {\n users =\n response.Users?.map((u: any) => {\n const attrs: Record<string, string> = {};\n for (const a of u.Attributes || []) {\n if (a.Name && a.Value) attrs[a.Name] = a.Value;\n }\n\n return {\n username: u.Username,\n sub: attrs.sub,\n email: attrs.email,\n phoneNumber: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: u.UserStatus as CognitoUserStatus,\n enabled: u.Enabled,\n createdAt: u.UserCreateDate?.toISOString(),\n updatedAt: u.UserLastModifiedDate?.toISOString(),\n token_use: \"id\",\n } as CognitoUser;\n }) || [];\n }\n\n params.PaginationToken = response.PaginationToken;\n if (!params.PaginationToken) break;\n\n currentPage++;\n }\n\n return users;\n}\n"]}
|
|
1
|
+
{"version":3,"file":"cognito.function.js","sourceRoot":"","sources":["../../../src/function/cognito/cognito.function.ts"],"names":[],"mappings":";AAAA,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6BtB,8CAkDC;AAED,8CAyDC;AAED,8CAIC;AAED,gDAIC;AAED,8CAOC;AAED,wCAuBC;AAED,oDAuCC;AAED,kDAUC;AAED,kDAcC;AAKD,wDAQC;AAMD,oCAcC;AAMD,wCAmBC;AAGD,gDAeC;AAED,0BA+CC;AAED,kCAiBC;AAED,wCAQC;AArZD,gGAYmD;AACnD,uEAA0F;AAE1F,SAAS,oBAAoB,CAAC,UAA4B;IACxD,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,IAAI,IAAI,UAAU,IAAI,EAAE,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC;QACjC,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,aAAa,GAAG,IAAI,gEAA6B,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;AAErF,KAAK,UAAU,iBAAiB,CACrC,UAAkB,EAClB,IAAiB,EACjB,QAAiB;IAEjB,MAAM,cAAc,GAAoB,EAAE,CAAC;IAE3C,IAAI,IAAI,CAAC,KAAK;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC1E,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,YAAY;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;IAC/F,IAAI,IAAI,CAAC,SAAS;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACvF,IAAI,IAAI,CAAC,UAAU;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAC1F,IAAI,IAAI,CAAC,MAAM;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,IAAI,IAAI,CAAC,QAAQ;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnF,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,SAAS;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IACtF,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,kBAAkB;QACzB,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,0BAA0B,EAAE,KAAK,EAAE,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAC5F,IAAI,IAAI,CAAC,OAAO;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAChF,IAAI,IAAI,CAAC,QAAQ;QAAE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEnF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC;YACnE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,mEAAgC,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,cAAc;KAC/B,CAAC,CACH,CAAC;IAEF,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,EAAE,2BAA2B,EAAE,GAAG,wDAAa,2CAA2C,GAAC,CAAC;QAClG,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,2BAA2B,CAAC;YAC9B,UAAU,EAAE,UAAU;YACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,IAAI;SAChB,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,cAAc,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,UAAkB,EAClB,IAAiB,EACjB,QAAiB;IAEjB,MAAM,cAAc,GAAoB;QACtC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;QACpC,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE;QACzC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE,EAAE;QACnD,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE;QACrD,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE,EAAE;QACrD,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE,EAAE;QAC5C,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE;QAChD,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,CAAC,SAAS,IAAI,EAAE,EAAE;QAClD,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,CAAC,YAAY,IAAI,EAAE,EAAE;QACxD,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE;QACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,IAAI,CAAC,kBAAkB,IAAI,EAAE,EAAE;QACpE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE,EAAE;QAC9C,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE;KACjD,CAAC;IAEF,wBAAwB;IACxB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3D,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC;YACnE,cAAc,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC;QACzC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,cAAc;QAC9B,iBAAiB,EAAE,QAAQ;QAC3B,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,EAAE,gDAAgD;KACnG,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAE9D,OAAO;QACL,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,QAAQ,IAAI,IAAI,CAAC,QAAQ;QAClD,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;QAC7B,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE,UAA+B;QAC1D,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,OAAO;QAC/B,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,cAAc,EAAE,WAAW,EAAE;QACvD,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE;QAC7D,SAAS,EAAE,6BAAQ,CAAC,EAAE;KACvB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,UAAU,EAAE,QAAQ;IAC1D,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE3F,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAEM,KAAK,UAAU,kBAAkB,CAAC,UAAU,EAAE,QAAQ;IAC3D,MAAM,OAAO,GAAG,IAAI,0DAAuB,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE5F,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,UAAkB,EAAE,QAAgB;IAC1E,MAAM,OAAO,GAAG,IAAI,yDAAsB,CAAC;QACzC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IAEH,OAAO,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC3C,CAAC;AAEM,KAAK,UAAU,cAAc,CAAC,UAAkB,EAAE,QAAgB;IACvE,MAAM,OAAO,GAAG,IAAI,sDAAmB,CAAC;QACtC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,oBAAoB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAE5D,OAAO;QACL,QAAQ;QACR,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;QAC7B,UAAU,EAAE,KAAK;QACjB,UAAU,EAAE,QAAQ,CAAC,UAA+B;QACpD,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,SAAS,EAAE,QAAQ,CAAC,cAAc,EAAE,WAAW,EAAE;QACjD,SAAS,EAAE,QAAQ,CAAC,oBAAoB,EAAE,WAAW,EAAE;QACvD,SAAS,EAAE,6BAAQ,CAAC,EAAE;KACvB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,UAAkB,EAClB,aAAqB,EACrB,cAAsB;IAEtB,MAAM,OAAO,GAAG,IAAI,mDAAgB,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,MAAM,EAAE,GAAG,aAAa,OAAO,cAAc,GAAG;KACjD,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,gBAAgB,GAAkB,EAAE,CAAC;QAE3C,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,gBAAgB,CAAC;QAElD,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEpD,gBAAgB,CAAC,IAAI,CAAC;gBACpB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,SAAS,EAAE,KAAK,CAAC,UAAU;gBAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;gBAC7B,UAAU,EAAE,KAAK;gBACjB,UAAU,EAAE,IAAI,CAAC,UAA+B;gBAChD,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,IAAI,CAAC,cAAc,EAAE,WAAW,EAAE;gBAC7C,SAAS,EAAE,IAAI,CAAC,oBAAoB,EAAE,WAAW,EAAE;gBACnD,SAAS,EAAE,6BAAQ,CAAC,EAAE;aACvB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,mBAAmB,CAAC,UAAkB,EAAE,KAAa,EAAE,SAAiB;IAC5F,+BAA+B;IAC/B,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,iCAAiC;IACnF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC;IAElD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,mBAAmB,KAAK,YAAY,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,UAAkB,EAClB,WAAmB,EACnB,SAAiB;IAEjB,sCAAsC;IACtC,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,iCAAiC;IACnF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,WAAW,CAAC,CAAC;IAE/D,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,0BAA0B,WAAW,YAAY,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AACD;;;GAGG;AACI,KAAK,UAAU,sBAAsB,CAC1C,UAAkB,EAClB,QAAgB,EAChB,SAAiB;IAEjB,qBAAqB;IACrB,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACxD,OAAO,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;AACnD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,YAAY,CAAC,UAAkB,EAAE,IAAiB,EAAE,SAAiB;IACzF,0CAA0C;IAC1C,MAAM,kBAAkB,CAAC,UAAU,EAAE,IAAI,EAAE,kBAAkB,EAAE,SAAS,CAAC,CAAC;IAE1E,iCAAiC;IACjC,MAAM,aAAa,GAAG;QACpB,GAAG,IAAI,CAAC,UAAU;QAClB,kBAAkB,EAAE,SAAS;KAC9B,CAAC;IAEF,OAAO;QACL,GAAG,IAAI;QACP,UAAU,EAAE,aAAa;KAC1B,CAAC;AACJ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,cAAc,CAClC,UAAkB,EAClB,IAAiB,EACjB,eAAuB,EACvB,UAAe;IAEf,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,eAAe,EAAE,CAAC;IAEvG,0CAA0C;IAC1C,MAAM,kBAAkB,CAAC,UAAU,EAAE,IAAI,EAAE,eAAe,EAAE,UAAU,CAAC,CAAC;IAExE,iCAAiC;IACjC,OAAO;QACL,GAAG,IAAI;QACP,UAAU,EAAE;YACV,GAAG,IAAI,CAAC,UAAU;YAClB,CAAC,QAAQ,CAAC,EAAE,UAAU;SACvB;KACF,CAAC;AACJ,CAAC;AAED,gDAAgD;AACzC,KAAK,UAAU,kBAAkB,CACtC,UAAkB,EAClB,IAAiB,EACjB,eAAuB,EACvB,UAAe;IAEf,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,eAAe,EAAE,CAAC;IAEvG,MAAM,aAAa,CAAC,IAAI,CACtB,IAAI,mEAAgC,CAAC;QACnC,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,cAAc,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;KAChE,CAAC,CACH,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,OAAO,CAAC,UAAkB,EAAE,OAAe,CAAC,EAAE,OAAe,EAAE;IACnF,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,UAAU;QACtB,KAAK,EAAE,IAAI;QACX,eAAe,EAAE,SAA+B;KACjD,CAAC;IAEF,0BAA0B;IAC1B,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,KAAK,GAAkB,EAAE,CAAC;IAE9B,OAAO,WAAW,IAAI,IAAI,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,IAAI,mDAAgB,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAQ,CAAC;QAE5D,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,KAAK;gBACH,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE;oBAC7B,MAAM,KAAK,GAA2B,EAAE,CAAC;oBACzC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;wBACnC,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,KAAK;4BAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;oBACjD,CAAC;oBAED,OAAO;wBACL,QAAQ,EAAE,CAAC,CAAC,QAAQ;wBACpB,GAAG,EAAE,KAAK,CAAC,GAAG;wBACd,KAAK,EAAE,KAAK,CAAC,KAAK;wBAClB,WAAW,EAAE,KAAK,CAAC,YAAY;wBAC/B,SAAS,EAAE,KAAK,CAAC,UAAU;wBAC3B,UAAU,EAAE,KAAK,CAAC,WAAW;wBAC7B,UAAU,EAAE,KAAK;wBACjB,UAAU,EAAE,CAAC,CAAC,UAA+B;wBAC7C,OAAO,EAAE,CAAC,CAAC,OAAO;wBAClB,SAAS,EAAE,CAAC,CAAC,cAAc,EAAE,WAAW,EAAE;wBAC1C,SAAS,EAAE,CAAC,CAAC,oBAAoB,EAAE,WAAW,EAAE;wBAChD,SAAS,EAAE,IAAI;qBACD,CAAC;gBACnB,CAAC,CAAC,IAAI,EAAE,CAAC;QACb,CAAC;QAED,MAAM,CAAC,eAAe,GAAG,QAAQ,CAAC,eAAe,CAAC;QAClD,IAAI,CAAC,MAAM,CAAC,eAAe;YAAE,MAAM;QAEnC,WAAW,EAAE,CAAC;IAChB,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAEM,KAAK,UAAU,WAAW,CAC/B,UAAkB,EAClB,SAAiB,EACjB,WAAoB;IAEpB,MAAM,OAAO,GAAG,IAAI,qDAAkB,CAAC;QACrC,UAAU,EAAE,UAAU;QACtB,SAAS,EAAE,SAAS;QACpB,WAAW,EAAE,WAAW;KACzB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEnD,OAAO;QACL,SAAS,EAAE,QAAQ,CAAC,KAAK,EAAE,SAAS;QACpC,WAAW,EAAE,QAAQ,CAAC,KAAK,EAAE,WAAW;KACzC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,cAAc,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;IAC1F,MAAM,OAAO,GAAG,IAAI,6DAA0B,CAAC;QAC7C,UAAU,EAAE,UAAU;QACtB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,SAAS;KACrB,CAAC,CAAC;IAEH,MAAM,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC","sourcesContent":["// cognito.function.ts\n\nimport {\n AdminCreateUserCommand,\n AdminGetUserCommand,\n AdminDeleteUserCommand,\n AdminUpdateUserAttributesCommand,\n CreateGroupCommand,\n AdminAddUserToGroupCommand,\n AttributeType,\n CognitoIdentityProviderClient,\n ListUsersCommand,\n AdminEnableUserCommand,\n AdminDisableUserCommand,\n} from \"@aws-sdk/client-cognito-identity-provider\";\nimport { CognitoUser, CognitoUserStatus, TokenUse } from \"../../model/cognito-user.model\";\n\nfunction mapCognitoAttributes(attributes?: AttributeType[]): Record<string, string> {\n const result: Record<string, string> = {};\n for (const attr of attributes || []) {\n if (attr.Name && attr.Value) {\n result[attr.Name] = attr.Value;\n }\n }\n return result;\n}\n\nconst cognitoClient = new CognitoIdentityProviderClient({ region: process.env.AWS_REGION });\n\nexport async function updateCognitoUser(\n userPoolId: string,\n user: CognitoUser,\n password?: string,\n): Promise<CognitoUser> {\n const userAttributes: AttributeType[] = [];\n\n if (user.email) userAttributes.push({ Name: \"email\", Value: user.email });\n if (user.profile) userAttributes.push({ Name: \"profile\", Value: user.profile });\n if (user.phone_number) userAttributes.push({ Name: \"phone_number\", Value: user.phone_number });\n if (user.givenName) userAttributes.push({ Name: \"given_name\", Value: user.givenName });\n if (user.familyName) userAttributes.push({ Name: \"family_name\", Value: user.familyName });\n if (user.gender) userAttributes.push({ Name: \"gender\", Value: user.gender });\n if (user.nickname) userAttributes.push({ Name: \"nickname\", Value: user.nickname });\n if (user.address) userAttributes.push({ Name: \"address\", Value: user.address });\n if (user.birthdate) userAttributes.push({ Name: \"birthdate\", Value: user.birthdate });\n if (user.picture) userAttributes.push({ Name: \"picture\", Value: user.picture });\n if (user.preferred_username)\n userAttributes.push({ Name: \"preff.preferred_username\", Value: user.preferred_username });\n if (user.website) userAttributes.push({ Name: \"website\", Value: user.website });\n if (user.zoneinfo) userAttributes.push({ Name: \"zoneinfo\", Value: user.zoneinfo });\n\n if (user.attributes) {\n for (const [key, value] of Object.entries(user.attributes)) {\n const attrName = key.startsWith(\"custom:\") ? key : `custom:${key}`;\n userAttributes.push({ Name: attrName, Value: String(value) });\n }\n }\n\n await cognitoClient.send(\n new AdminUpdateUserAttributesCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: userAttributes,\n }),\n );\n\n if (password) {\n const { AdminSetUserPasswordCommand } = await import(\"@aws-sdk/client-cognito-identity-provider\");\n await cognitoClient.send(\n new AdminSetUserPasswordCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n Password: password,\n Permanent: true,\n }),\n );\n }\n\n return await getCognitoUser(userPoolId, user.username);\n}\n\nexport async function createCognitoUser(\n userPoolId: string,\n user: CognitoUser,\n password?: string,\n): Promise<CognitoUser> {\n const userAttributes: AttributeType[] = [\n { Name: \"email\", Value: user.email },\n { Name: \"email_verified\", Value: \"true\" },\n { Name: \"profile\", Value: user.profile ?? \"\" },\n { Name: \"given_name\", Value: user.givenName ?? \"\" },\n { Name: \"family_name\", Value: user.familyName ?? \"\" },\n { Name: \"middle_name\", Value: user.middleName ?? \"\" },\n { Name: \"gender\", Value: user.gender ?? \"\" },\n { Name: \"nickname\", Value: user.nickname ?? \"\" },\n { Name: \"address\", Value: user.address ?? \"\" },\n { Name: \"birthdate\", Value: user.birthdate ?? \"\" },\n { Name: \"picture\", Value: user.picture ?? \"\" },\n { Name: \"phone_number\", Value: user.phone_number ?? \"\" },\n { Name: \"phone_number_verified\", Value: user.phone_number_verified ? \"true\" : \"false\" },\n { Name: \"preferred_username\", Value: user.preferred_username ?? \"\" },\n { Name: \"website\", Value: user.website ?? \"\" },\n { Name: \"zoneinfo\", Value: user.zoneinfo ?? \"\" },\n ];\n\n // Add custom attributes\n if (user.attributes) {\n for (const [key, value] of Object.entries(user.attributes)) {\n const attrName = key.startsWith(\"custom:\") ? key : `custom:${key}`;\n userAttributes.push({ Name: attrName, Value: value });\n }\n }\n\n const command = new AdminCreateUserCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: userAttributes,\n TemporaryPassword: password,\n MessageAction: password ? \"SUPPRESS\" : undefined, // Don't send welcome email if password provided\n });\n\n const response = await cognitoClient.send(command);\n const attrs = mapCognitoAttributes(response.User?.Attributes);\n\n return {\n username: response.User?.Username || user.username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: response.User?.UserStatus as CognitoUserStatus,\n enabled: response.User?.Enabled,\n createdAt: response.User?.UserCreateDate?.toISOString(),\n updatedAt: response.User?.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n };\n}\n\nexport async function enableCognitoUser(userPoolId, username) {\n const command = new AdminEnableUserCommand({ UserPoolId: userPoolId, Username: username });\n\n return cognitoClient.send(command);\n}\n\nexport async function disableCognitoUser(userPoolId, username) {\n const command = new AdminDisableUserCommand({ UserPoolId: userPoolId, Username: username });\n\n return cognitoClient.send(command);\n}\n\nexport async function deleteCognitoUser(userPoolId: string, username: string): Promise<any> {\n const command = new AdminDeleteUserCommand({\n UserPoolId: userPoolId,\n Username: username,\n });\n\n return await cognitoClient.send(command);\n}\n\nexport async function getCognitoUser(userPoolId: string, username: string): Promise<CognitoUser> {\n const command = new AdminGetUserCommand({\n UserPoolId: userPoolId,\n Username: username,\n });\n\n const response = await cognitoClient.send(command);\n const attrs = mapCognitoAttributes(response.UserAttributes);\n\n return {\n username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: response.UserStatus as CognitoUserStatus,\n enabled: response.Enabled,\n createdAt: response.UserCreateDate?.toISOString(),\n updatedAt: response.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n };\n}\n\nexport async function listUsersByAttribute(\n userPoolId: string,\n attributeName: string,\n attributeValue: string,\n): Promise<CognitoUser[]> {\n const command = new ListUsersCommand({\n UserPoolId: userPoolId,\n Filter: `${attributeName} = \"${attributeValue}\"`,\n });\n\n try {\n const response = await cognitoClient.send(command);\n const cognitoUsersList: CognitoUser[] = [];\n\n if (response.Users.length === 0) cognitoUsersList;\n\n for (const user of response.Users) {\n const attrs = mapCognitoAttributes(user.Attributes);\n\n cognitoUsersList.push({\n username: user.Username,\n sub: attrs.sub,\n email: attrs.email,\n phone_number: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: user.UserStatus as CognitoUserStatus,\n enabled: user.Enabled,\n createdAt: user.UserCreateDate?.toISOString(),\n updatedAt: user.UserLastModifiedDate?.toISOString(),\n token_use: TokenUse.ID,\n });\n }\n\n return cognitoUsersList;\n } catch (err) {\n console.error(\"Error listing users:\", err);\n }\n}\n\nexport async function setProfileIdByEmail(userPoolId: string, email: string, profileId: string): Promise<CognitoUser> {\n // Find the user by email first\n const users = await findAll(userPoolId, 1, 1000); // Get all users to find by email\n const user = users.find((u) => u.email === email);\n\n if (!user) {\n throw new Error(`User with email ${email} not found`);\n }\n\n return setProfileId(userPoolId, user, profileId);\n}\n\nexport async function setProfileIdByPhone(\n userPoolId: string,\n phoneNumber: string,\n profileId: string,\n): Promise<CognitoUser> {\n // Find the user by phone number first\n const users = await findAll(userPoolId, 1, 1000); // Get all users to find by phone\n const user = users.find((u) => u.phone_number === phoneNumber);\n\n if (!user) {\n throw new Error(`User with phone number ${phoneNumber} not found`);\n }\n\n return setProfileId(userPoolId, user, profileId);\n}\n/**\n * Sets a profileId as a Cognito custom attribute.\n * Returns a **new CognitoUser object** with the attribute updated.\n */\nexport async function setProfileIdByUsername(\n userPoolId: string,\n username: string,\n profileId: string,\n): Promise<CognitoUser> {\n // Get the user first\n const user = await getCognitoUser(userPoolId, username);\n return setProfileId(userPoolId, user, profileId);\n}\n\n/**\n * Sets a profileId as a Cognito custom attribute.\n * Saves the changes to the Cognito user pool and returns the updated CognitoUser object.\n */\nexport async function setProfileId(userPoolId: string, user: CognitoUser, profileId: string): Promise<CognitoUser> {\n // Persist the custom attribute to Cognito\n await persistCustomValue(userPoolId, user, \"custom:profileId\", profileId);\n\n // Return the updated user object\n const newAttributes = {\n ...user.attributes,\n \"custom:profileId\": profileId,\n };\n\n return {\n ...user,\n attributes: newAttributes,\n };\n}\n\n/**\n * Sets a custom attribute on a CognitoUser object.\n * Saves the changes to the Cognito user pool and returns the updated CognitoUser object.\n */\nexport async function setCustomValue(\n userPoolId: string,\n user: CognitoUser,\n customFieldName: string,\n fieldValue: any,\n): Promise<CognitoUser> {\n const attrName = customFieldName.startsWith(\"custom:\") ? customFieldName : `custom:${customFieldName}`;\n\n // Persist the custom attribute to Cognito\n await persistCustomValue(userPoolId, user, customFieldName, fieldValue);\n\n // Return the updated user object\n return {\n ...user,\n attributes: {\n ...user.attributes,\n [attrName]: fieldValue,\n },\n };\n}\n\n// Optional: Persist custom attribute to Cognito\nexport async function persistCustomValue(\n userPoolId: string,\n user: CognitoUser,\n customFieldName: string,\n fieldValue: any,\n): Promise<void> {\n const attrName = customFieldName.startsWith(\"custom:\") ? customFieldName : `custom:${customFieldName}`;\n\n await cognitoClient.send(\n new AdminUpdateUserAttributesCommand({\n UserPoolId: userPoolId,\n Username: user.username,\n UserAttributes: [{ Name: attrName, Value: String(fieldValue) }],\n }),\n );\n}\n\nexport async function findAll(userPoolId: string, page: number = 1, size: number = 50): Promise<CognitoUser[]> {\n const params = {\n UserPoolId: userPoolId,\n Limit: size,\n PaginationToken: undefined as string | undefined,\n };\n\n // simple pagination logic\n let currentPage = 1;\n let users: CognitoUser[] = [];\n\n while (currentPage <= page) {\n const command = new ListUsersCommand(params);\n const response = (await cognitoClient.send(command)) as any;\n\n if (currentPage === page) {\n users =\n response.Users?.map((u: any) => {\n const attrs: Record<string, string> = {};\n for (const a of u.Attributes || []) {\n if (a.Name && a.Value) attrs[a.Name] = a.Value;\n }\n\n return {\n username: u.Username,\n sub: attrs.sub,\n email: attrs.email,\n phoneNumber: attrs.phone_number,\n givenName: attrs.given_name,\n familyName: attrs.family_name,\n attributes: attrs,\n userStatus: u.UserStatus as CognitoUserStatus,\n enabled: u.Enabled,\n createdAt: u.UserCreateDate?.toISOString(),\n updatedAt: u.UserLastModifiedDate?.toISOString(),\n token_use: \"id\",\n } as CognitoUser;\n }) || [];\n }\n\n params.PaginationToken = response.PaginationToken;\n if (!params.PaginationToken) break;\n\n currentPage++;\n }\n\n return users;\n}\n\nexport async function createGroup(\n userPoolId: string,\n groupName: string,\n description?: string,\n): Promise<{ groupName: string; description?: string }> {\n const command = new CreateGroupCommand({\n UserPoolId: userPoolId,\n GroupName: groupName,\n Description: description,\n });\n\n const response = await cognitoClient.send(command);\n\n return {\n groupName: response.Group?.GroupName,\n description: response.Group?.Description,\n };\n}\n\nexport async function addUserToGroup(userPoolId: string, username: string, groupName: string): Promise<void> {\n const command = new AdminAddUserToGroupCommand({\n UserPoolId: userPoolId,\n Username: username,\n GroupName: groupName,\n });\n\n await cognitoClient.send(command);\n}\n"]}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export * from "./cognito.function";
|
|
2
|
-
import { createCognitoUser, findAll, getCognitoUser, persistCustomValue, listUsersByAttribute, setCustomValue, setProfileId, setProfileIdByEmail, setProfileIdByPhone, setProfileIdByUsername, updateCognitoUser, deleteCognitoUser, disableCognitoUser, enableCognitoUser } from "./cognito.function";
|
|
2
|
+
import { createCognitoUser, findAll, getCognitoUser, persistCustomValue, listUsersByAttribute, setCustomValue, setProfileId, setProfileIdByEmail, setProfileIdByPhone, setProfileIdByUsername, updateCognitoUser, deleteCognitoUser, disableCognitoUser, enableCognitoUser, createGroup, addUserToGroup } from "./cognito.function";
|
|
3
3
|
export declare const cognito: {
|
|
4
4
|
create: typeof createCognitoUser;
|
|
5
5
|
get: typeof getCognitoUser;
|
|
@@ -15,5 +15,7 @@ export declare const cognito: {
|
|
|
15
15
|
persistCustomValue: typeof persistCustomValue;
|
|
16
16
|
disable: typeof disableCognitoUser;
|
|
17
17
|
enable: typeof enableCognitoUser;
|
|
18
|
+
createGroup: typeof createGroup;
|
|
19
|
+
addUserToGroup: typeof addUserToGroup;
|
|
18
20
|
};
|
|
19
21
|
export type CognitoApi = typeof cognito;
|
|
@@ -32,5 +32,7 @@ exports.cognito = {
|
|
|
32
32
|
persistCustomValue: cognito_function_1.persistCustomValue,
|
|
33
33
|
disable: cognito_function_1.disableCognitoUser,
|
|
34
34
|
enable: cognito_function_1.enableCognitoUser,
|
|
35
|
+
createGroup: cognito_function_1.createGroup,
|
|
36
|
+
addUserToGroup: cognito_function_1.addUserToGroup,
|
|
35
37
|
};
|
|
36
38
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/function/cognito/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,qDAAmC;AAEnC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/function/cognito/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,qDAAmC;AAEnC,yDAiB4B;AAEf,QAAA,OAAO,GAAG;IACrB,MAAM,EAAE,oCAAiB;IACzB,GAAG,EAAE,iCAAc;IACnB,eAAe,EAAE,uCAAoB;IACrC,OAAO,EAAP,0BAAO;IACP,MAAM,EAAE,oCAAiB;IACzB,MAAM,EAAE,oCAAiB;IACzB,mBAAmB,EAAnB,sCAAmB;IACnB,mBAAmB,EAAnB,sCAAmB;IACnB,sBAAsB,EAAtB,yCAAsB;IACtB,YAAY,EAAZ,+BAAY;IACZ,cAAc,EAAd,iCAAc;IACd,kBAAkB,EAAlB,qCAAkB;IAClB,OAAO,EAAE,qCAAkB;IAC3B,MAAM,EAAE,oCAAiB;IACzB,WAAW,EAAX,8BAAW;IACX,cAAc,EAAd,iCAAc;CACf,CAAC","sourcesContent":["export * from \"./cognito.function\";\n\nimport {\n createCognitoUser,\n findAll,\n getCognitoUser,\n persistCustomValue,\n listUsersByAttribute,\n setCustomValue,\n setProfileId,\n setProfileIdByEmail,\n setProfileIdByPhone,\n setProfileIdByUsername,\n updateCognitoUser,\n deleteCognitoUser,\n disableCognitoUser,\n enableCognitoUser,\n createGroup,\n addUserToGroup,\n} from \"./cognito.function\";\n\nexport const cognito = {\n create: createCognitoUser,\n get: getCognitoUser,\n listByAttribute: listUsersByAttribute,\n findAll,\n update: updateCognitoUser,\n delete: deleteCognitoUser,\n setProfileIdByEmail,\n setProfileIdByPhone,\n setProfileIdByUsername,\n setProfileId,\n setCustomValue,\n persistCustomValue,\n disable: disableCognitoUser,\n enable: enableCognitoUser,\n createGroup,\n addUserToGroup,\n};\n\nexport type CognitoApi = typeof cognito;\n"]}
|
package/dist/function/index.d.ts
CHANGED
|
@@ -14,6 +14,8 @@ export declare const aws: {
|
|
|
14
14
|
persistCustomValue: typeof import("./cognito").persistCustomValue;
|
|
15
15
|
disable: typeof import("./cognito").disableCognitoUser;
|
|
16
16
|
enable: typeof import("./cognito").enableCognitoUser;
|
|
17
|
+
createGroup: typeof import("./cognito").createGroup;
|
|
18
|
+
addUserToGroup: typeof import("./cognito").addUserToGroup;
|
|
17
19
|
};
|
|
18
20
|
s3: {
|
|
19
21
|
createBucket: typeof import("./s3").createBucket;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { DynamoIndexMap, EndpointPolicy, TraceChange } from "../index.js";
|
|
1
|
+
import { DynamoIndexMap, EndpointPolicy, ScopeMap, TraceChange } from "../index.js";
|
|
2
2
|
/** Generic DynamoDB Configuration */
|
|
3
3
|
export declare class DynamoDBConfig {
|
|
4
4
|
NAME: string;
|
|
@@ -23,6 +23,9 @@ export interface EntityConfig {
|
|
|
23
23
|
OWNER_PARENT_ID_FIELD_NAME?: string;
|
|
24
24
|
OWNER_ID_FIELD_NAME?: string;
|
|
25
25
|
TRACE_CHANGE?: TraceChange;
|
|
26
|
+
SCOPE_MAP?: ScopeMap;
|
|
27
|
+
ROLE_TABLE?: string;
|
|
28
|
+
ROLE_PATH?: string;
|
|
26
29
|
}
|
|
27
30
|
/** Generic Entity Configuration Class **/
|
|
28
31
|
export declare class EntityConfigImpl implements EntityConfig {
|
|
@@ -32,6 +35,9 @@ export declare class EntityConfigImpl implements EntityConfig {
|
|
|
32
35
|
ENDPOINT_POLICY: EndpointPolicy[];
|
|
33
36
|
ADMIN_GROUP_NAME: string[];
|
|
34
37
|
TRACE_CHANGE?: TraceChange;
|
|
38
|
+
SCOPE_MAP?: ScopeMap;
|
|
39
|
+
ROLE_TABLE?: string;
|
|
40
|
+
ROLE_PATH?: string;
|
|
35
41
|
OWNER_PARENT_ID_FIELD_NAME?: string;
|
|
36
42
|
OWNER_ID_FIELD_NAME: string;
|
|
37
43
|
constructor(basePath: string, adminGroupName?: string[]);
|
|
@@ -40,6 +46,11 @@ export declare class EntityConfigImpl implements EntityConfig {
|
|
|
40
46
|
setDynamoDB(tableName: string, ownerFieldName: string, indexMap: DynamoIndexMap, ownerParentFieldName?: string): this;
|
|
41
47
|
/** Set OpenSearch configuration */
|
|
42
48
|
setOpenSearch(domain: string, index: string): this;
|
|
49
|
+
/** Set scope map for RBAC scope-based filtering */
|
|
50
|
+
setScopes(scopeMap: ScopeMap): this;
|
|
51
|
+
/** Set the DynamoDB table name for RBAC role permissions */
|
|
52
|
+
setRoleTable(tableName: string): this;
|
|
53
|
+
setRolePath(path: string): this;
|
|
43
54
|
/** Set path-based policies */
|
|
44
55
|
setPolicies(policies: EndpointPolicy[]): this;
|
|
45
56
|
/** Get configuration as a plain object (for BaseController compatibility) */
|