aws-service-stack 0.18.374 → 0.18.376
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/controller/controller-api.js +4 -4
- package/dist/controller/controller-api.js.map +1 -1
- package/dist/controller/controller-role.d.ts +1 -1
- package/dist/controller/controller-role.js +13 -10
- package/dist/controller/controller-role.js.map +1 -1
- package/dist/utils/data.util.d.ts +20 -0
- package/dist/utils/data.util.js +73 -0
- package/dist/utils/data.util.js.map +1 -0
- package/dist/utils/date.util.d.ts +13 -0
- package/dist/utils/date.util.js +35 -0
- package/dist/utils/date.util.js.map +1 -1
- package/dist/utils/index.d.ts +1 -0
- package/dist/utils/index.js +1 -0
- package/dist/utils/index.js.map +1 -1
- package/package.json +31 -31
|
@@ -31,13 +31,13 @@ class ControllerApi {
|
|
|
31
31
|
try {
|
|
32
32
|
let req = (0, index_1.parseHttpRequest)(event, this.adminGroupNames);
|
|
33
33
|
const policy = (0, index_1.findMatchedPolicy)(req.methode, event?.requestContext?.resourcePath, this.config.ENDPOINT_POLICY);
|
|
34
|
-
if (
|
|
34
|
+
if (policy.access?.length) {
|
|
35
|
+
this.checkPermission(policy?.access, req.requestType);
|
|
36
|
+
}
|
|
37
|
+
else if (this.config.PERMISSION_MAP && this.roleController) {
|
|
35
38
|
const resource = this.getResource();
|
|
36
39
|
await this.roleController.checkRbacAccess(req, resource, this.config.PERMISSION_MAP.scopeMap, this.adminGroupNames);
|
|
37
40
|
}
|
|
38
|
-
else {
|
|
39
|
-
this.checkPermission(policy?.access, req.requestType);
|
|
40
|
-
}
|
|
41
41
|
this.validateRequest(policy?.validator, req.body);
|
|
42
42
|
if (req.identity) {
|
|
43
43
|
log.debug("groups: " + JSON.stringify(req.identity.groups, null, 2));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"controller-api.js","sourceRoot":"","sources":["../../src/controller/controller-api.ts"],"names":[],"mappings":";;;AAAA,oCAgBkB;AAElB,4CAA2D;AAE3D,sDAAuD;AAEvD,uDAAmD;AAEnD,MAAsB,aAAa;IACd,OAAO,CAAI;IACpB,MAAM,CAAe;IACrB,eAAe,CAAW;IAE5B,cAAc,CAAiB;IAEvC,YAAsB,WAAc,EAAE,MAAoB;QACxD,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC;QAE3B,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5B,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,gBAAgB,CAAC;QACjD,CAAC;QAED,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QAC5E,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,+CAA+C;IACrC,WAAW;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAA2B;QAClD,IAAI,CAAC;YACH,IAAI,GAAG,GAAG,IAAA,wBAAgB,EAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;YAExD,MAAM,MAAM,GAA+B,IAAA,yBAAiB,EAC1D,GAAG,CAAC,OAAO,EACX,KAAK,EAAE,cAAc,EAAE,YAAY,EACnC,IAAI,CAAC,MAAM,CAAC,eAAe,CAC5B,CAAC;YAEF,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CACvC,GAAG,EACH,QAAQ,EACR,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,EACnC,IAAI,CAAC,eAAe,CACrB,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;YACxD,CAAC;YAED,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAElD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBACrE,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7D,GAAG,CAAC,KAAK,CACP,UAAU,GAAG,CAAC,QAAQ,CAAC,MAAM,aAAa,GAAG,CAAC,QAAQ,CAAC,OAAO,YAAY,GAAG,CAAC,QAAQ,CAAC,GAAG,eAAe,GAAG,CAAC,QAAQ,CAAC,OAAO,cAAc,GAAG,CAAC,QAAQ,CAAC,QAAQ,iBAAiB,GAAG,CAAC,WAAW,EAAE,CACnM,CAAC;YACJ,CAAC;YAED,0BAA0B;YAC1B,yCAAyC;YACzC,6CAA6C;YAC7C,SAAS;YAET,GAAG,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;YAE5C,IAAI,QAAQ,GAAQ,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAEvD,IAAI,QAAQ;gBAAE,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;;gBACrE,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;YAEvE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;gBACtB,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;YAExE,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,IAAA,4BAAgB,EAAC,GAAG,CAAC,CAAC;YACpC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACjB,OAAO,IAAA,yBAAiB,EAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,SAAS,CAAC,MAAoB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAgB;QAC1C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,OAAoB,EAAE,QAAqB;QACtE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAES,KAAK,CAAC,UAAU,CAAC,OAAmB,EAAE,IAAY,EAAE,OAAoB;QAChF,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1F,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,SAAS,EAAE,CAAC;YACtG,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,eAAe,EAAE,CAAC;YAC5G,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,IACE,OAAO,KAAK,KAAK;YACjB,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,2BAA2B,EAC9F,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,EAAE,CAAC;YACpG,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,IAAY;QAC7D,OAAO,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IAClH,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,WAAgB,EAAE,aAA2B;QAC1F,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAE7C,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,IAAI,IAAI,CAAC;QAEnE,yBAAyB;QACzB,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAC;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,aAA2B;QACxE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,gDAAgD,CAAC,CAAC;QAE5G,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACtD,CAAC;IAES,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,aAA2B;QACvE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEpE,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,2BAA2B,QAAQ,YAAY,CAAC,CAAC;IACzG,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,MAAW,EAAE,aAA2B;QACtF,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QAEzG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,0CAA0C,CAAC,CAAC;QACvG,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QACzG,CAAC;QAED,MAAM,CAAC,EAAE,GAAG,QAAQ,CAAC;QAErB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,MAAS,EAAE,WAAwB;QAClE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,iBAAiB;QACjB,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;QACzD,IAAI,SAAS,GAAG,OAAO,CAAC;QACxB,IAAI,QAAgB,CAAC;QAErB,mCAAmC;QACnC,IAAI,WAAW,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;YACzC,QAAQ,GAAG,aAAa,CAAC;QAC3B,CAAC;aAAM,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YAExC,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,WAAW,CAAC,QAAQ,EAAE,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;YAE1F,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;YAChC,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC;QAClC,CAAC;QAED,iDAAiD;QACjD,OAAO,MAAM,CAAC,aAAa,CAAC;QAC5B,OAAO,MAAM,CAAC,OAAO,CAAC;QAEtB,cAAc;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IACrE,CAAC;IAIS,mBAAmB,CAAC,IAAY;QACxC,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YACtE,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;YAC7C,OAAO,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAExD,MAAM,YAAY,GAAG;YACnB,QAAQ;YACR,GAAG,QAAQ,SAAS;YACpB,GAAG,QAAQ,OAAO;YAClB,GAAG,QAAQ,eAAe;YAC1B,GAAG,QAAQ,2BAA2B;SACvC,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC,CAAC;QAEnE,OAAO,WAAW,IAAI,aAAa,CAAC;IACtC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,aAAa,GAAG,OAAO,KAAK,OAAO,CAAC;QAC1C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,aAAa,IAAI,cAAc,CAAC;IACzC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,cAAc,GAAG,OAAO,KAAK,QAAQ,CAAC;QAC5C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,cAAc,IAAI,cAAc,CAAC;IAC1C,CAAC;IAES,cAAc,CAAC,OAAmB,EAAE,IAAY;QACxD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,MAAM,WAAW,GAAG,OAAO,KAAK,MAAM,CAAC;QACvC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,YAAY,CAAC,OAAmB,EAAE,IAAY;QACtD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAgB;QAC/C,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,EAAE,cAAc,EAAE,YAAY,CAAC;QAErD,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAE1C,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1G,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClG,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChG,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxG,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9F,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QAE1F,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CAAC,QAAa,EAAE,cAA8B;QAClE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAA,oBAAY,EAAC,QAAQ,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,QAAQ,CAAC,KAAK,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;YAC9F,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,IAAA,oBAAY,EAAC,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;IAED,yDAAyD;IACjD,kBAAkB,CAAC,WAAwB;QACjD,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,KAAK,CAAC;YACtB,KAAK,mBAAW,CAAC,IAAI;gBACnB,OAAO,cAAM,CAAC,IAAI,CAAC;YACrB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB,KAAK,mBAAW,CAAC,MAAM;gBACrB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB;gBACE,OAAO,cAAM,CAAC,MAAM,CAAC;QACzB,CAAC;IACH,CAAC;IAED,iEAAiE;IACzD,eAAe,CAAC,aAAuB,EAAE,WAAwB;QACvE,MAAM,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAEhE,mGAAmG;QACnG,MAAM,aAAa,GACjB,aAAa,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAC1C,CAAC,WAAW,KAAK,mBAAW,CAAC,IAAI,IAAI,aAAa,CAAC,QAAQ,CAAC,cAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAE7E,IAAI,aAAa;YAAE,OAAO;QAE1B,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,4BAA4B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,kBAAkB,EAAE,CACvF,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,OAAY,EAAE,OAAgB,EAAE,SAAiB;QACrE,IAAI,OAAO,IAAI,CAAC,SAAS;YAAE,OAAO;QAClC,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,IAAI,SAAS,CAAC;QACtE,OAAO,CAAC,aAAa,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC;QACpD,OAAO,OAAO,CAAC,aAAa,CAAC;IAC/B,CAAC;IAEO,WAAW,CAAC,WAAgB;QAClC,IAAI,CAAC,WAAW;YAAE,OAAO,EAAO,CAAC;QACjC,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IACjF,CAAC;IAEO,eAAe,CAAC,MAAW,EAAE,WAAgB;QACnD,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC;YACH,IAAA,0BAAkB,EAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,IAAA,oBAAY,EAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,eAAe,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;CACF;AAvXD,sCAuXC","sourcesContent":["import {\n Access,\n APIResponse,\n BaseEntity,\n createApiResponse,\n EndpointPolicy,\n findMatchedPolicy,\n formatErrors,\n HttpMethod,\n HttpRequest,\n List,\n parseHttpRequest,\n removeFields,\n RequestType,\n ResponseFields,\n validateWithSchema,\n} from \"../index\";\nimport { APIGatewayProxyEvent } from \"aws-lambda\";\nimport { errorHandlerHttp, ErrorHttp } from \"../exception\";\nimport { CognitoUser, EntityConfig } from \"@chinggis/types\";\nimport { trimSpecialChar } from \"../utils/string.util\";\nimport { CrudService } from \"../service\";\nimport { ControllerRole } from \"./controller-role\";\n\nexport abstract class ControllerApi<R extends BaseEntity, T extends CrudService<R>> {\n protected readonly service: T;\n protected config: EntityConfig;\n protected adminGroupNames: string[];\n\n private roleController: ControllerRole;\n\n protected constructor(baseService: T, config: EntityConfig) {\n this.service = baseService;\n\n if (!config) return;\n\n this.config = config;\n\n if (config.ADMIN_GROUP_NAME) {\n this.adminGroupNames = config.ADMIN_GROUP_NAME;\n }\n\n if (config.PERMISSION_MAP) {\n this.roleController = new ControllerRole(config.PERMISSION_MAP.roleTable);\n }\n\n this.service.setConfig(config);\n }\n\n /** Return constructor-defined resource name */\n protected getResource(): string {\n return this.config.BASE_PATH.replace(\"/\", \"\");\n }\n\n async resolveCrudRequest(event: APIGatewayProxyEvent): Promise<APIResponse> {\n try {\n let req = parseHttpRequest(event, this.adminGroupNames);\n\n const policy: EndpointPolicy | undefined = findMatchedPolicy(\n req.methode,\n event?.requestContext?.resourcePath,\n this.config.ENDPOINT_POLICY,\n );\n\n if (this.config.PERMISSION_MAP && this.roleController) {\n const resource = this.getResource();\n await this.roleController.checkRbacAccess(\n req,\n resource,\n this.config.PERMISSION_MAP.scopeMap,\n this.adminGroupNames,\n );\n } else {\n this.checkPermission(policy?.access, req.requestType);\n }\n\n this.validateRequest(policy?.validator, req.body);\n\n if (req.identity) {\n log.debug(\"groups: \" + JSON.stringify(req.identity.groups, null, 2));\n log.debug(`claims:${JSON.stringify(req.identity, null, 2)}`);\n log.debug(\n `groups:${req.identity.groups}, isAdmin:${req.identity.isAdmin}, userId:${req.identity.sub}, profileId:${req.identity.profile}, username:${req.identity.username}, requestType:${req.requestType}`,\n );\n }\n\n // if (req.isAdmin) {\n // delete req.filter[\"profileId\"];\n // delete req.filter[\"ownerParentId\"];\n // }\n\n req = await this.processCrudRequestPre(req);\n\n let response: any = await this.handleCrudByMethod(req);\n\n if (response) response = await this.processCrudRequestPost(req, response);\n else response = await this.processCrudRequest(req); // Custom Endpoints\n\n if (!policy?.response) {\n return createApiResponse(200, response);\n }\n\n const filteredResponse = this.filterResponse(response, policy.response);\n\n return createApiResponse(200, filteredResponse);\n } catch (err) {\n const error = errorHandlerHttp(err);\n log.error(error);\n return createApiResponse(error.statusCode, error.content);\n }\n }\n\n setConfig(config: EntityConfig): void {\n this.config = config;\n }\n\n async processCrudRequestPre(req: HttpRequest): Promise<HttpRequest> {\n return req;\n }\n\n async processCrudRequestPost(request: HttpRequest, response: R | List<R>): Promise<R | List<R>> {\n return response;\n }\n\n protected async handleList(methode: HttpMethod, path: string, request: HttpRequest): Promise<any> {\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH)) {\n return await this.service.find(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search\") {\n return this.service.search(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query\") {\n return this.service.searchQuery(request?.filter);\n }\n\n if (\n methode === \"GET\" &&\n trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query/total-count\"\n ) {\n return this.service.searchQueryTotalCount(request?.filter);\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/scan\") {\n return await this.service.scan(request?.filter || {});\n }\n }\n\n protected async handlePermission(req: HttpRequest, path: string) {\n return this.roleController.handlePermissionRequest(req, path, this.config.PERMISSION_MAP, this.adminGroupNames);\n }\n\n protected async handleUpdate(entityId: string, requestBody: any, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PATCH resource without id field\");\n\n const entity = this.parseEntity(requestBody);\n\n if (Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No fields to update\");\n }\n\n const fieldName = this.config.DYNAMO_DB?.MAP?.partitionKey ?? \"id\";\n\n // id change is forbidden\n if (entity[fieldName]) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot modify the id field\");\n }\n\n entity[fieldName] = entityId;\n return this.service.update(entity, requestedUser);\n }\n\n protected async handleDelete(entityId: string, requestedUser?: CognitoUser): Promise<boolean> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot delete resource without id field\");\n\n return this.service.remove(entityId, requestedUser);\n }\n\n protected async handleFetch(entityId: string, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot fetch resource without id field\");\n\n const result = await this.service.findById(entityId, requestedUser);\n\n if (result) return result;\n\n throw new ErrorHttp({ code: 404, error: \"NotFound\" }, `[CORE] Resource with ID ${entityId} not found`);\n }\n\n protected async handleReplace(entityId: string, entity: any, requestedUser?: CognitoUser) {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n\n if (!Object.keys(entity).length) {\n throw new ErrorHttp({ code: 400, error: \"Bad Request\" }, \"[CORE] No entity provided for PUT update\");\n }\n\n if (!entityId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n }\n\n entity.id = entityId;\n\n return this.service.update(entity, requestedUser);\n }\n\n protected async handlePostCreate(entity: R, cognitoUser: CognitoUser) {\n if (!entity || Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No entity payload provided\");\n }\n\n if (!entity.ownerId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No ownerId provided\");\n }\n\n // Initialize IDs\n const { ownerId, ownerParentId: inputParentId } = entity;\n let profileId = ownerId;\n let parentId: string;\n\n // Determine parentId and profileId\n if (cognitoUser.isAdmin && inputParentId) {\n parentId = inputParentId;\n } else if (cognitoUser.isParent) {\n console.log(\"is parent becomming true\");\n\n parentId = cognitoUser.profile;\n } else {\n console.log(\"is parent not becomming true\");\n console.log(\"the value of isParent: \", cognitoUser.isParent, typeof cognitoUser.isParent);\n\n parentId = cognitoUser.parentId;\n profileId = cognitoUser.profile;\n }\n\n // Remove fields that shouldn't be saved directly\n delete entity.ownerParentId;\n delete entity.ownerId;\n\n // Save entity\n return this.service.save(entity, profileId, parentId, cognitoUser);\n }\n\n protected abstract processCrudRequest(event: HttpRequest): Promise<any>;\n\n protected isPermissionRequest(path: string): boolean {\n if (this.config.PERMISSION_MAP && this.roleController) {\n const rolePath = trimSpecialChar(this.config.PERMISSION_MAP.rolePath);\n const normalizedPath = trimSpecialChar(path);\n return normalizedPath.includes(rolePath);\n }\n\n return false;\n }\n\n protected isListRequest(methode: HttpMethod, path: string): boolean {\n const basePath = trimSpecialChar(this.config.BASE_PATH);\n\n const allowedPaths = [\n basePath,\n `${basePath}/search`,\n `${basePath}/scan`,\n `${basePath}/search/query`,\n `${basePath}/search/query/total-count`,\n ];\n\n const isMethodGet = methode === \"GET\";\n const isAllowedPath = allowedPaths.includes(trimSpecialChar(path));\n\n return isMethodGet && isAllowedPath;\n }\n\n protected isUpdateRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodPatch = methode === \"PATCH\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodPatch && isExpectedPath;\n }\n\n protected isDeleteRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodDelete = methode === \"DELETE\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodDelete && isExpectedPath;\n }\n\n protected isFetchRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"GET\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPostRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}`;\n const isMethodGet = methode === \"POST\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPutRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"PUT\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n private async handleCrudByMethod(req: HttpRequest): Promise<any> {\n const path = req.event?.requestContext?.resourcePath;\n\n const entity = this.parseEntity(req.body);\n\n if (this.isPermissionRequest(path)) return this.handlePermission(req, path);\n if (this.isUpdateRequest(req.methode, path)) return this.handleUpdate(req.entityId, entity, req.identity);\n if (this.isDeleteRequest(req.methode, path)) return this.handleDelete(req.entityId, req.identity);\n if (this.isFetchRequest(req.methode, path)) return this.handleFetch(req.entityId, req.identity);\n if (this.isPutRequest(req.methode, path)) return this.handleReplace(req.entityId, entity, req.identity);\n if (this.isPostRequest(req.methode, path)) return this.handlePostCreate(entity, req.identity);\n if (this.isListRequest(req.methode, path)) return this.handleList(req.methode, path, req);\n\n return null;\n }\n\n private filterResponse(response: any, responsePolicy: ResponseFields): any {\n if (Array.isArray(response)) {\n return removeFields(response, responsePolicy.include, responsePolicy.exclude);\n }\n\n if (response?.items && Array.isArray(response.items)) {\n response.items = removeFields(response.items, responsePolicy.include, responsePolicy.exclude);\n return response;\n }\n\n return removeFields([response], responsePolicy.include, responsePolicy.exclude)[0];\n }\n\n /** Map RequestType to Access for permission checking */\n private getUserAccessLevel(requestType: RequestType): Access {\n switch (requestType) {\n case RequestType.ADMIN:\n return Access.ADMIN;\n case RequestType.USER:\n return Access.USER;\n case RequestType.GUEST:\n return Access.PUBLIC;\n case RequestType.SYSTEM:\n return Access.SYSTEM;\n default:\n return Access.PUBLIC;\n }\n }\n\n /** Check if the user has permission for the current operation */\n private checkPermission(allowedAccess: Access[], requestType: RequestType) {\n const currentAccessLevel = this.getUserAccessLevel(requestType);\n\n // This means USER can access OWNER-level permissions, but the service will verify actual ownership\n const hasPermission =\n allowedAccess.includes(currentAccessLevel) ||\n (requestType === RequestType.USER && allowedAccess.includes(Access.OWNER));\n\n if (hasPermission) return;\n\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Access denied. Required: ${allowedAccess.join(\", \")}, Current: ${currentAccessLevel}`,\n );\n }\n\n private setUserFilter(request: any, isAdmin: boolean, profileId: string) {\n if (isAdmin && !profileId) return;\n const ownerIdFieldName = this.config.OWNER_ID_FIELD_NAME || \"ownerId\";\n request.filterAndSort[ownerIdFieldName] = profileId;\n return request.filterAndSort;\n }\n\n private parseEntity(requestBody: any): R {\n if (!requestBody) return {} as R;\n return typeof requestBody === \"string\" ? JSON.parse(requestBody) : requestBody;\n }\n\n private validateRequest(schema: any, requestBody: any) {\n if (!schema) return;\n\n try {\n validateWithSchema(schema, requestBody);\n } catch (error) {\n const formattedErrors = formatErrors(error);\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, formattedErrors);\n }\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"controller-api.js","sourceRoot":"","sources":["../../src/controller/controller-api.ts"],"names":[],"mappings":";;;AAAA,oCAgBkB;AAElB,4CAA2D;AAE3D,sDAAuD;AAEvD,uDAAmD;AAEnD,MAAsB,aAAa;IACd,OAAO,CAAI;IACpB,MAAM,CAAe;IACrB,eAAe,CAAW;IAE5B,cAAc,CAAiB;IAEvC,YAAsB,WAAc,EAAE,MAAoB;QACxD,IAAI,CAAC,OAAO,GAAG,WAAW,CAAC;QAE3B,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC5B,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,gBAAgB,CAAC;QACjD,CAAC;QAED,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;QAC5E,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,+CAA+C;IACrC,WAAW;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAA2B;QAClD,IAAI,CAAC;YACH,IAAI,GAAG,GAAG,IAAA,wBAAgB,EAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;YAExD,MAAM,MAAM,GAA+B,IAAA,yBAAiB,EAC1D,GAAG,CAAC,OAAO,EACX,KAAK,EAAE,cAAc,EAAE,YAAY,EACnC,IAAI,CAAC,MAAM,CAAC,eAAe,CAC5B,CAAC;YAEF,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;gBAC1B,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;YACxD,CAAC;iBAAM,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC7D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACpC,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CACvC,GAAG,EACH,QAAQ,EACR,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,EACnC,IAAI,CAAC,eAAe,CACrB,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAElD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;gBACrE,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7D,GAAG,CAAC,KAAK,CACP,UAAU,GAAG,CAAC,QAAQ,CAAC,MAAM,aAAa,GAAG,CAAC,QAAQ,CAAC,OAAO,YAAY,GAAG,CAAC,QAAQ,CAAC,GAAG,eAAe,GAAG,CAAC,QAAQ,CAAC,OAAO,cAAc,GAAG,CAAC,QAAQ,CAAC,QAAQ,iBAAiB,GAAG,CAAC,WAAW,EAAE,CACnM,CAAC;YACJ,CAAC;YAED,0BAA0B;YAC1B,yCAAyC;YACzC,6CAA6C;YAC7C,SAAS;YAET,GAAG,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;YAE5C,IAAI,QAAQ,GAAQ,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAEvD,IAAI,QAAQ;gBAAE,QAAQ,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;;gBACrE,QAAQ,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;YAEvE,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC;gBACtB,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;YAExE,OAAO,IAAA,yBAAiB,EAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,IAAA,4BAAgB,EAAC,GAAG,CAAC,CAAC;YACpC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACjB,OAAO,IAAA,yBAAiB,EAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,SAAS,CAAC,MAAoB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAgB;QAC1C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,OAAoB,EAAE,QAAqB;QACtE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAES,KAAK,CAAC,UAAU,CAAC,OAAmB,EAAE,IAAY,EAAE,OAAoB;QAChF,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1F,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,SAAS,EAAE,CAAC;YACtG,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACpD,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,eAAe,EAAE,CAAC;YAC5G,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,IACE,OAAO,KAAK,KAAK;YACjB,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,2BAA2B,EAC9F,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,IAAI,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,OAAO,EAAE,CAAC;YACpG,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,GAAgB,EAAE,IAAY;QAC7D,OAAO,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IAClH,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,WAAgB,EAAE,aAA2B;QAC1F,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAE7C,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,IAAI,IAAI,CAAC;QAEnE,yBAAyB;QACzB,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,CAAC,SAAS,CAAC,GAAG,QAAQ,CAAC;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,aAA2B;QACxE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,gDAAgD,CAAC,CAAC;QAE5G,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACtD,CAAC;IAES,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,aAA2B;QACvE,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAE3G,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEpE,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,2BAA2B,QAAQ,YAAY,CAAC,CAAC;IACzG,CAAC;IAES,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,MAAW,EAAE,aAA2B;QACtF,IAAI,CAAC,QAAQ;YACX,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QAEzG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,0CAA0C,CAAC,CAAC;QACvG,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,6CAA6C,CAAC,CAAC;QACzG,CAAC;QAED,MAAM,CAAC,EAAE,GAAG,QAAQ,CAAC;QAErB,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACpD,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,MAAS,EAAE,WAAwB;QAClE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,mCAAmC,CAAC,CAAC;QAC/F,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,4BAA4B,CAAC,CAAC;QACxF,CAAC;QAED,iBAAiB;QACjB,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;QACzD,IAAI,SAAS,GAAG,OAAO,CAAC;QACxB,IAAI,QAAgB,CAAC;QAErB,mCAAmC;QACnC,IAAI,WAAW,CAAC,OAAO,IAAI,aAAa,EAAE,CAAC;YACzC,QAAQ,GAAG,aAAa,CAAC;QAC3B,CAAC;aAAM,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YAExC,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,WAAW,CAAC,QAAQ,EAAE,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;YAE1F,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;YAChC,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC;QAClC,CAAC;QAED,iDAAiD;QACjD,OAAO,MAAM,CAAC,aAAa,CAAC;QAC5B,OAAO,MAAM,CAAC,OAAO,CAAC;QAEtB,cAAc;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;IACrE,CAAC;IAIS,mBAAmB,CAAC,IAAY;QACxC,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YACtE,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;YAC7C,OAAO,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAExD,MAAM,YAAY,GAAG;YACnB,QAAQ;YACR,GAAG,QAAQ,SAAS;YACpB,GAAG,QAAQ,OAAO;YAClB,GAAG,QAAQ,eAAe;YAC1B,GAAG,QAAQ,2BAA2B;SACvC,CAAC;QAEF,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC,CAAC;QAEnE,OAAO,WAAW,IAAI,aAAa,CAAC;IACtC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,aAAa,GAAG,OAAO,KAAK,OAAO,CAAC;QAC1C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,aAAa,IAAI,cAAc,CAAC;IACzC,CAAC;IAES,eAAe,CAAC,OAAmB,EAAE,IAAY;QACzD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,cAAc,GAAG,OAAO,KAAK,QAAQ,CAAC;QAC5C,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,cAAc,IAAI,cAAc,CAAC;IAC1C,CAAC;IAES,cAAc,CAAC,OAAmB,EAAE,IAAY;QACxD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,aAAa,CAAC,OAAmB,EAAE,IAAY;QACvD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,MAAM,WAAW,GAAG,OAAO,KAAK,MAAM,CAAC;QACvC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAES,YAAY,CAAC,OAAmB,EAAE,IAAY;QACtD,MAAM,YAAY,GAAG,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC;QACtE,MAAM,WAAW,GAAG,OAAO,KAAK,KAAK,CAAC;QACtC,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,KAAK,YAAY,CAAC;QAE9D,OAAO,WAAW,IAAI,cAAc,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,GAAgB;QAC/C,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,EAAE,cAAc,EAAE,YAAY,CAAC;QAErD,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAE1C,IAAI,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC1G,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClG,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChG,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxG,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9F,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QAE1F,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CAAC,QAAa,EAAE,cAA8B;QAClE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,IAAA,oBAAY,EAAC,QAAQ,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,QAAQ,CAAC,KAAK,GAAG,IAAA,oBAAY,EAAC,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC;YAC9F,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,OAAO,IAAA,oBAAY,EAAC,CAAC,QAAQ,CAAC,EAAE,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;IAED,yDAAyD;IACjD,kBAAkB,CAAC,WAAwB;QACjD,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,KAAK,CAAC;YACtB,KAAK,mBAAW,CAAC,IAAI;gBACnB,OAAO,cAAM,CAAC,IAAI,CAAC;YACrB,KAAK,mBAAW,CAAC,KAAK;gBACpB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB,KAAK,mBAAW,CAAC,MAAM;gBACrB,OAAO,cAAM,CAAC,MAAM,CAAC;YACvB;gBACE,OAAO,cAAM,CAAC,MAAM,CAAC;QACzB,CAAC;IACH,CAAC;IAED,iEAAiE;IACzD,eAAe,CAAC,aAAuB,EAAE,WAAwB;QACvE,MAAM,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAEhE,mGAAmG;QACnG,MAAM,aAAa,GACjB,aAAa,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAC1C,CAAC,WAAW,KAAK,mBAAW,CAAC,IAAI,IAAI,aAAa,CAAC,QAAQ,CAAC,cAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAE7E,IAAI,aAAa;YAAE,OAAO;QAE1B,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,4BAA4B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,kBAAkB,EAAE,CACvF,CAAC;IACJ,CAAC;IAEO,aAAa,CAAC,OAAY,EAAE,OAAgB,EAAE,SAAiB;QACrE,IAAI,OAAO,IAAI,CAAC,SAAS;YAAE,OAAO;QAClC,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,mBAAmB,IAAI,SAAS,CAAC;QACtE,OAAO,CAAC,aAAa,CAAC,gBAAgB,CAAC,GAAG,SAAS,CAAC;QACpD,OAAO,OAAO,CAAC,aAAa,CAAC;IAC/B,CAAC;IAEO,WAAW,CAAC,WAAgB;QAClC,IAAI,CAAC,WAAW;YAAE,OAAO,EAAO,CAAC;QACjC,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC;IACjF,CAAC;IAEO,eAAe,CAAC,MAAW,EAAE,WAAgB;QACnD,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,IAAI,CAAC;YACH,IAAA,0BAAkB,EAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,IAAA,oBAAY,EAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,eAAe,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;CACF;AAvXD,sCAuXC","sourcesContent":["import {\n Access,\n APIResponse,\n BaseEntity,\n createApiResponse,\n EndpointPolicy,\n findMatchedPolicy,\n formatErrors,\n HttpMethod,\n HttpRequest,\n List,\n parseHttpRequest,\n removeFields,\n RequestType,\n ResponseFields,\n validateWithSchema,\n} from \"../index\";\nimport { APIGatewayProxyEvent } from \"aws-lambda\";\nimport { errorHandlerHttp, ErrorHttp } from \"../exception\";\nimport { CognitoUser, EntityConfig } from \"@chinggis/types\";\nimport { trimSpecialChar } from \"../utils/string.util\";\nimport { CrudService } from \"../service\";\nimport { ControllerRole } from \"./controller-role\";\n\nexport abstract class ControllerApi<R extends BaseEntity, T extends CrudService<R>> {\n protected readonly service: T;\n protected config: EntityConfig;\n protected adminGroupNames: string[];\n\n private roleController: ControllerRole;\n\n protected constructor(baseService: T, config: EntityConfig) {\n this.service = baseService;\n\n if (!config) return;\n\n this.config = config;\n\n if (config.ADMIN_GROUP_NAME) {\n this.adminGroupNames = config.ADMIN_GROUP_NAME;\n }\n\n if (config.PERMISSION_MAP) {\n this.roleController = new ControllerRole(config.PERMISSION_MAP.roleTable);\n }\n\n this.service.setConfig(config);\n }\n\n /** Return constructor-defined resource name */\n protected getResource(): string {\n return this.config.BASE_PATH.replace(\"/\", \"\");\n }\n\n async resolveCrudRequest(event: APIGatewayProxyEvent): Promise<APIResponse> {\n try {\n let req = parseHttpRequest(event, this.adminGroupNames);\n\n const policy: EndpointPolicy | undefined = findMatchedPolicy(\n req.methode,\n event?.requestContext?.resourcePath,\n this.config.ENDPOINT_POLICY,\n );\n\n if (policy.access?.length) {\n this.checkPermission(policy?.access, req.requestType);\n } else if (this.config.PERMISSION_MAP && this.roleController) {\n const resource = this.getResource();\n await this.roleController.checkRbacAccess(\n req,\n resource,\n this.config.PERMISSION_MAP.scopeMap,\n this.adminGroupNames,\n );\n }\n\n this.validateRequest(policy?.validator, req.body);\n\n if (req.identity) {\n log.debug(\"groups: \" + JSON.stringify(req.identity.groups, null, 2));\n log.debug(`claims:${JSON.stringify(req.identity, null, 2)}`);\n log.debug(\n `groups:${req.identity.groups}, isAdmin:${req.identity.isAdmin}, userId:${req.identity.sub}, profileId:${req.identity.profile}, username:${req.identity.username}, requestType:${req.requestType}`,\n );\n }\n\n // if (req.isAdmin) {\n // delete req.filter[\"profileId\"];\n // delete req.filter[\"ownerParentId\"];\n // }\n\n req = await this.processCrudRequestPre(req);\n\n let response: any = await this.handleCrudByMethod(req);\n\n if (response) response = await this.processCrudRequestPost(req, response);\n else response = await this.processCrudRequest(req); // Custom Endpoints\n\n if (!policy?.response) {\n return createApiResponse(200, response);\n }\n\n const filteredResponse = this.filterResponse(response, policy.response);\n\n return createApiResponse(200, filteredResponse);\n } catch (err) {\n const error = errorHandlerHttp(err);\n log.error(error);\n return createApiResponse(error.statusCode, error.content);\n }\n }\n\n setConfig(config: EntityConfig): void {\n this.config = config;\n }\n\n async processCrudRequestPre(req: HttpRequest): Promise<HttpRequest> {\n return req;\n }\n\n async processCrudRequestPost(request: HttpRequest, response: R | List<R>): Promise<R | List<R>> {\n return response;\n }\n\n protected async handleList(methode: HttpMethod, path: string, request: HttpRequest): Promise<any> {\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH)) {\n return await this.service.find(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search\") {\n return this.service.search(request?.filter || {});\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query\") {\n return this.service.searchQuery(request?.filter);\n }\n\n if (\n methode === \"GET\" &&\n trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/search/query/total-count\"\n ) {\n return this.service.searchQueryTotalCount(request?.filter);\n }\n\n if (methode === \"GET\" && trimSpecialChar(path) === trimSpecialChar(this.config.BASE_PATH) + \"/scan\") {\n return await this.service.scan(request?.filter || {});\n }\n }\n\n protected async handlePermission(req: HttpRequest, path: string) {\n return this.roleController.handlePermissionRequest(req, path, this.config.PERMISSION_MAP, this.adminGroupNames);\n }\n\n protected async handleUpdate(entityId: string, requestBody: any, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PATCH resource without id field\");\n\n const entity = this.parseEntity(requestBody);\n\n if (Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No fields to update\");\n }\n\n const fieldName = this.config.DYNAMO_DB?.MAP?.partitionKey ?? \"id\";\n\n // id change is forbidden\n if (entity[fieldName]) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot modify the id field\");\n }\n\n entity[fieldName] = entityId;\n return this.service.update(entity, requestedUser);\n }\n\n protected async handleDelete(entityId: string, requestedUser?: CognitoUser): Promise<boolean> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot delete resource without id field\");\n\n return this.service.remove(entityId, requestedUser);\n }\n\n protected async handleFetch(entityId: string, requestedUser?: CognitoUser): Promise<R> {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot fetch resource without id field\");\n\n const result = await this.service.findById(entityId, requestedUser);\n\n if (result) return result;\n\n throw new ErrorHttp({ code: 404, error: \"NotFound\" }, `[CORE] Resource with ID ${entityId} not found`);\n }\n\n protected async handleReplace(entityId: string, entity: any, requestedUser?: CognitoUser) {\n if (!entityId)\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n\n if (!Object.keys(entity).length) {\n throw new ErrorHttp({ code: 400, error: \"Bad Request\" }, \"[CORE] No entity provided for PUT update\");\n }\n\n if (!entityId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] Cannot PUT resource without id field\");\n }\n\n entity.id = entityId;\n\n return this.service.update(entity, requestedUser);\n }\n\n protected async handlePostCreate(entity: R, cognitoUser: CognitoUser) {\n if (!entity || Object.keys(entity).length === 0) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No entity payload provided\");\n }\n\n if (!entity.ownerId) {\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] No ownerId provided\");\n }\n\n // Initialize IDs\n const { ownerId, ownerParentId: inputParentId } = entity;\n let profileId = ownerId;\n let parentId: string;\n\n // Determine parentId and profileId\n if (cognitoUser.isAdmin && inputParentId) {\n parentId = inputParentId;\n } else if (cognitoUser.isParent) {\n console.log(\"is parent becomming true\");\n\n parentId = cognitoUser.profile;\n } else {\n console.log(\"is parent not becomming true\");\n console.log(\"the value of isParent: \", cognitoUser.isParent, typeof cognitoUser.isParent);\n\n parentId = cognitoUser.parentId;\n profileId = cognitoUser.profile;\n }\n\n // Remove fields that shouldn't be saved directly\n delete entity.ownerParentId;\n delete entity.ownerId;\n\n // Save entity\n return this.service.save(entity, profileId, parentId, cognitoUser);\n }\n\n protected abstract processCrudRequest(event: HttpRequest): Promise<any>;\n\n protected isPermissionRequest(path: string): boolean {\n if (this.config.PERMISSION_MAP && this.roleController) {\n const rolePath = trimSpecialChar(this.config.PERMISSION_MAP.rolePath);\n const normalizedPath = trimSpecialChar(path);\n return normalizedPath.includes(rolePath);\n }\n\n return false;\n }\n\n protected isListRequest(methode: HttpMethod, path: string): boolean {\n const basePath = trimSpecialChar(this.config.BASE_PATH);\n\n const allowedPaths = [\n basePath,\n `${basePath}/search`,\n `${basePath}/scan`,\n `${basePath}/search/query`,\n `${basePath}/search/query/total-count`,\n ];\n\n const isMethodGet = methode === \"GET\";\n const isAllowedPath = allowedPaths.includes(trimSpecialChar(path));\n\n return isMethodGet && isAllowedPath;\n }\n\n protected isUpdateRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodPatch = methode === \"PATCH\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodPatch && isExpectedPath;\n }\n\n protected isDeleteRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodDelete = methode === \"DELETE\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodDelete && isExpectedPath;\n }\n\n protected isFetchRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"GET\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPostRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}`;\n const isMethodGet = methode === \"POST\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n protected isPutRequest(methode: HttpMethod, path: string): boolean {\n const expectedPath = `${trimSpecialChar(this.config.BASE_PATH)}/{id}`;\n const isMethodGet = methode === \"PUT\";\n const isExpectedPath = trimSpecialChar(path) === expectedPath;\n\n return isMethodGet && isExpectedPath;\n }\n\n private async handleCrudByMethod(req: HttpRequest): Promise<any> {\n const path = req.event?.requestContext?.resourcePath;\n\n const entity = this.parseEntity(req.body);\n\n if (this.isPermissionRequest(path)) return this.handlePermission(req, path);\n if (this.isUpdateRequest(req.methode, path)) return this.handleUpdate(req.entityId, entity, req.identity);\n if (this.isDeleteRequest(req.methode, path)) return this.handleDelete(req.entityId, req.identity);\n if (this.isFetchRequest(req.methode, path)) return this.handleFetch(req.entityId, req.identity);\n if (this.isPutRequest(req.methode, path)) return this.handleReplace(req.entityId, entity, req.identity);\n if (this.isPostRequest(req.methode, path)) return this.handlePostCreate(entity, req.identity);\n if (this.isListRequest(req.methode, path)) return this.handleList(req.methode, path, req);\n\n return null;\n }\n\n private filterResponse(response: any, responsePolicy: ResponseFields): any {\n if (Array.isArray(response)) {\n return removeFields(response, responsePolicy.include, responsePolicy.exclude);\n }\n\n if (response?.items && Array.isArray(response.items)) {\n response.items = removeFields(response.items, responsePolicy.include, responsePolicy.exclude);\n return response;\n }\n\n return removeFields([response], responsePolicy.include, responsePolicy.exclude)[0];\n }\n\n /** Map RequestType to Access for permission checking */\n private getUserAccessLevel(requestType: RequestType): Access {\n switch (requestType) {\n case RequestType.ADMIN:\n return Access.ADMIN;\n case RequestType.USER:\n return Access.USER;\n case RequestType.GUEST:\n return Access.PUBLIC;\n case RequestType.SYSTEM:\n return Access.SYSTEM;\n default:\n return Access.PUBLIC;\n }\n }\n\n /** Check if the user has permission for the current operation */\n private checkPermission(allowedAccess: Access[], requestType: RequestType) {\n const currentAccessLevel = this.getUserAccessLevel(requestType);\n\n // This means USER can access OWNER-level permissions, but the service will verify actual ownership\n const hasPermission =\n allowedAccess.includes(currentAccessLevel) ||\n (requestType === RequestType.USER && allowedAccess.includes(Access.OWNER));\n\n if (hasPermission) return;\n\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Access denied. Required: ${allowedAccess.join(\", \")}, Current: ${currentAccessLevel}`,\n );\n }\n\n private setUserFilter(request: any, isAdmin: boolean, profileId: string) {\n if (isAdmin && !profileId) return;\n const ownerIdFieldName = this.config.OWNER_ID_FIELD_NAME || \"ownerId\";\n request.filterAndSort[ownerIdFieldName] = profileId;\n return request.filterAndSort;\n }\n\n private parseEntity(requestBody: any): R {\n if (!requestBody) return {} as R;\n return typeof requestBody === \"string\" ? JSON.parse(requestBody) : requestBody;\n }\n\n private validateRequest(schema: any, requestBody: any) {\n if (!schema) return;\n\n try {\n validateWithSchema(schema, requestBody);\n } catch (error) {\n const formattedErrors = formatErrors(error);\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, formattedErrors);\n }\n }\n}\n"]}
|
|
@@ -46,7 +46,7 @@ export declare class ControllerRole {
|
|
|
46
46
|
checkAdminPermission(cognitoGroups: string[], adminGroups: string[]): boolean;
|
|
47
47
|
private isAdmin;
|
|
48
48
|
private validate;
|
|
49
|
-
private
|
|
49
|
+
private extractRoles;
|
|
50
50
|
private resolveScope;
|
|
51
51
|
private applyScopeFilter;
|
|
52
52
|
private clearScopeFilters;
|
|
@@ -140,21 +140,24 @@ class ControllerRole {
|
|
|
140
140
|
// RBAC access enforcement (used by ControllerApi)
|
|
141
141
|
// ---------------------------------------------------------------------------
|
|
142
142
|
async checkRbacAccess(req, resource, scopeMap, adminGroups) {
|
|
143
|
-
const
|
|
144
|
-
if (!
|
|
143
|
+
const roles = this.extractRoles(req);
|
|
144
|
+
if (!roles.length) {
|
|
145
145
|
throw new exception_1.ErrorHttp({ code: 403, error: "PermissionDenied" }, "Permission denied: Role Not Found");
|
|
146
146
|
}
|
|
147
|
-
if (adminGroups?.length && this.isAdmin(
|
|
147
|
+
if (adminGroups?.length && this.isAdmin(roles, adminGroups)) {
|
|
148
148
|
return;
|
|
149
149
|
}
|
|
150
150
|
const scope = this.resolveScope(req, scopeMap);
|
|
151
151
|
const method = req.methode.toUpperCase();
|
|
152
|
-
const
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
152
|
+
for (const role of roles) {
|
|
153
|
+
const allowed = await this.permissionService.hasPermission(role, resource, scope, method);
|
|
154
|
+
if (allowed) {
|
|
155
|
+
this.applyScopeFilter(req, scope, scopeMap);
|
|
156
|
+
return;
|
|
157
|
+
}
|
|
156
158
|
}
|
|
157
|
-
|
|
159
|
+
const key = `${roles.join(",")}#${resource}#${scope}`;
|
|
160
|
+
throw new exception_1.ErrorHttp({ code: 403, error: "PermissionDenied" }, `Permission denied: roles=${roles.join(",")} "${key}.${method}"`);
|
|
158
161
|
}
|
|
159
162
|
checkAdminPermission(cognitoGroups, adminGroups) {
|
|
160
163
|
if (!this.isAdmin(cognitoGroups, adminGroups)) {
|
|
@@ -177,8 +180,8 @@ class ControllerRole {
|
|
|
177
180
|
throw new exception_1.ErrorHttp({ code: 400, error: "BadRequest" }, formattedErrors);
|
|
178
181
|
}
|
|
179
182
|
}
|
|
180
|
-
|
|
181
|
-
return req.identity?.groups
|
|
183
|
+
extractRoles(req) {
|
|
184
|
+
return req.identity?.groups ?? [];
|
|
182
185
|
}
|
|
183
186
|
resolveScope(req, scopeMap) {
|
|
184
187
|
const scope = req.queryStringParameters?.scope || req.customQueryParameters?.scope;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"controller-role.js","sourceRoot":"","sources":["../../src/controller/controller-role.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,4CAAyC;AAIzC,sEAAkE;AAClE,iDAAoG;AACpG,8DAA4E;AAC5E,sDAAuD;AAEvD,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E,MAAM,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5B,GAAG,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC3B,IAAI,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC7B,GAAG,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC3B,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,kBAAkB,CAAC;IAC3C,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC;IACnD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,mBAAmB,CAAC;IAC7C,MAAM,EAAE,YAAY;CACrB,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE;IACtD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC,CAAC,QAAQ,EAAE;IAC9D,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC,QAAQ,EAAE;IACxD,MAAM,EAAE,YAAY,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;AAEvD,MAAM,QAAQ,GAAG,OAAC,CAAC,MAAM,CAAC;IACxB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC;IACvD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;IACrD,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5B,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC;IACvD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC;IACnD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;CACtD,CAAC,CAAC;AAQH;;;;;;;GAOG;AACH,MAAa,cAAc;IACN,iBAAiB,CAAoB;IAEvC,SAAS,GAAiC;QACzD,YAAY,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC;QACzF,iBAAiB,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;QAC9F,eAAe,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC;QAC7E,oBAAoB,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;KACpG,CAAC;IAEF,YAAY,aAAqB;QAC/B,IAAI,CAAC,iBAAiB,GAAG,IAAI,sCAAiB,CAAC,aAAa,CAAC,CAAC;IAChE,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,KAKnB;QACC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,EAAU,EACV,OAA4E;QAE5E,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC9B,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,EAAU;QAC/B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAU;QAC5B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,iBAAiB,CAAC,eAAe,EAAE,CAAC;IAClD,CAAC;IAED,8EAA8E;IAC9E,uBAAuB;IACvB,8EAA8E;IAE9E,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAE,SAAiB,EAAE,WAAoB;QACvE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;QAChE,OAAO,IAAA,qBAAW,EAAC,UAAU,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,SAAiB;QACpD,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QACnD,OAAO,IAAA,qBAAW,EAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;QACtE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;QACjE,OAAO,IAAA,wBAAc,EAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;QACxE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;QACjE,OAAO,IAAA,6BAAmB,EAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC9D,CAAC;IAED,8EAA8E;IAC9E,mBAAmB;IACnB,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,QAAgB,EAAE,KAAa,EAAE,MAAc;QAC/E,OAAO,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,aAAqB;QAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAClE,CAAC;IAED,8EAA8E;IAC9E,yDAAyD;IACzD,8EAA8E;IAE9E,KAAK,CAAC,uBAAuB,CAC3B,GAAgB,EAChB,IAAY,EACZ,aAA4B,EAC5B,WAAqB;QAErB,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAE5D,IAAI,GAAG,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC3B,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;YAC7C,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,aAAa,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;YAE/D,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/D,IAAI,cAAc,KAAK,GAAG,QAAQ,GAAG,MAAM,EAAE,EAAE,CAAC;oBAC9C,OAAO,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtC,CAAC;QAED,QAAQ,GAAG,CAAC,OAAO,EAAE,CAAC;YACpB,KAAK,KAAK;gBACR,OAAO,IAAI,CAAC,eAAe,EAAE,CAAC;YAChC,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YACvD,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC7C;gBACE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,kDAAkD;IAClD,8EAA8E;IAE9E,KAAK,CAAC,eAAe,CAAC,GAAgB,EAAE,QAAgB,EAAE,QAAkB,EAAE,WAAsB;QAClG,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAEnC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,mCAAmC,CAAC,CAAC;QACrG,CAAC;QAED,IAAI,WAAW,EAAE,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC;YAC3E,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAEzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAE1F,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,IAAI,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YAC3C,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,2BAA2B,IAAI,KAAK,GAAG,IAAI,MAAM,GAAG,CACrD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED,oBAAoB,CAAC,aAAuB,EAAE,WAAqB;QACjE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,WAAW,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,0BAA0B,CAAC,CAAC;QAC7F,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAEtE,OAAO,CAAC,aAAmC,EAAE,WAAqB;QACxE,OAAO,aAAa,EAAE,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC;IAC9E,CAAC;IAEO,QAAQ,CAAsB,MAAS,EAAE,IAAa;QAC5D,IAAI,CAAC;YACH,OAAO,IAAA,oCAAkB,EAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,IAAA,8BAAY,EAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,eAAe,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,GAAgB;QAClC,OAAO,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACnC,CAAC;IAEO,YAAY,CAAC,GAAgB,EAAE,QAAkB;QACvD,MAAM,KAAK,GAAG,GAAG,CAAC,qBAAqB,EAAE,KAAK,IAAI,GAAG,CAAC,qBAAqB,EAAE,KAAK,CAAC;QAEnF,IAAI,CAAC,KAAK;YAAE,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAM,CAAC;QAEjD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,kBAAkB,KAAK,eAAe,OAAO,EAAE,CAAC,CAAC;QAC3G,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,gBAAgB,CAAC,GAAgB,EAAE,KAAa,EAAE,QAAkB;QAC1E,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAEtC,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO;YAAE,OAAO;QAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,GAAG,KAAK,CAAC;QACvD,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEpF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,kBAAkB,QAAQ,gBAAgB,KAAK,GAAG,CAAC,CAAC;QACpH,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,UAAU,CAAC;QAC7C,OAAO,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC;IAC3B,CAAC;IAEO,iBAAiB,CAAC,GAAgB,EAAE,QAAkB;QAC5D,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;CACF;AA7ND,wCA6NC","sourcesContent":["import { z } from \"zod\";\nimport { ErrorHttp } from \"../exception\";\nimport { Permission } from \"../model/role.model\";\nimport { PermissionMap, ScopeMap } from \"../model/base.model\";\nimport { HttpRequest } from \"../utils/http/http.util\";\nimport { PermissionService } from \"../service/permission.service\";\nimport { createGroup, deleteGroup, addUserToGroup, removeUserFromGroup } from \"../function/cognito\";\nimport { validateWithSchema, formatErrors } from \"../utils/validation.util\";\nimport { trimSpecialChar } from \"../utils/string.util\";\n\n// ---------------------------------------------------------------------------\n// DTO Schemas\n// ---------------------------------------------------------------------------\n\nconst MethodSchema = z.object({\n GET: z.boolean().optional(),\n POST: z.boolean().optional(),\n PATCH: z.boolean().optional(),\n PUT: z.boolean().optional(),\n DELETE: z.boolean().optional(),\n});\n\nconst AddPermissionDto = z.object({\n role: z.string().min(1, \"Role is required\"),\n resource: z.string().min(1, \"Resource is required\"),\n scope: z.string().min(1, \"Scope is required\"),\n method: MethodSchema,\n});\n\nconst UpdatePermissionDto = z.object({\n role: z.string().min(1, \"Role is required\").optional(),\n resource: z.string().min(1, \"Resource is required\").optional(),\n scope: z.string().min(1, \"Scope is required\").optional(),\n method: MethodSchema.optional(),\n});\n\nconst IdParamDto = z.string().min(1, \"Id is required\");\n\nconst GroupDto = z.object({\n userPoolId: z.string().min(1, \"UserPoolId is required\"),\n groupName: z.string().min(1, \"GroupName is required\"),\n description: z.string().optional(),\n});\n\nconst UserGroupDto = z.object({\n userPoolId: z.string().min(1, \"UserPoolId is required\"),\n username: z.string().min(1, \"Username is required\"),\n groupName: z.string().min(1, \"GroupName is required\"),\n});\n\n// ---------------------------------------------------------------------------\n// Route map for permission sub-paths (POST only)\n// ---------------------------------------------------------------------------\n\ntype RouteHandler = (permissionMap: PermissionMap, body: any) => Promise<any>;\n\n/**\n * ControllerRole — centralized Permission CRUD + RBAC access enforcement.\n *\n * All caching and DB orchestration lives in PermissionService.\n *\n * Scope validation, scope filtering, and permission checks are centralized here\n * so that ControllerApi (and any other consumer) delegates without duplicating logic.\n */\nexport class ControllerRole {\n protected readonly permissionService: PermissionService;\n\n private readonly subRoutes: Record<string, RouteHandler> = {\n \"/add-group\": (pm, body) => this.addRole(pm.userPoolId, body.groupName, body.description),\n \"/add-user-group\": (pm, body) => this.assignRole(pm.userPoolId, body.username, body.groupName),\n \"/remove-group\": (pm, body) => this.removeRole(pm.userPoolId, body.groupName),\n \"/remove-user-group\": (pm, body) => this.unassignRole(pm.userPoolId, body.username, body.groupName),\n };\n\n constructor(roleTableName: string) {\n this.permissionService = new PermissionService(roleTableName);\n }\n\n // ---------------------------------------------------------------------------\n // Permission CRUD\n // ---------------------------------------------------------------------------\n\n async addPermission(input: {\n role: string;\n resource: string;\n scope: string;\n method: Permission[\"method\"];\n }): Promise<Permission> {\n this.validate(AddPermissionDto, input);\n return this.permissionService.createPermission(input);\n }\n\n async updatePermission(\n id: string,\n updates: Partial<Pick<Permission, \"role\" | \"resource\" | \"scope\" | \"method\">>,\n ): Promise<Permission> {\n this.validate(IdParamDto, id);\n this.validate(UpdatePermissionDto, updates);\n return this.permissionService.updatePermission(id, updates);\n }\n\n async deletePermission(id: string): Promise<boolean> {\n this.validate(IdParamDto, id);\n return this.permissionService.deletePermission(id);\n }\n\n async getPermission(id: string): Promise<Permission | null> {\n this.validate(IdParamDto, id);\n return this.permissionService.getPermissionById(id);\n }\n\n async listPermissions(): Promise<Permission[]> {\n return this.permissionService.listPermissions();\n }\n\n // ---------------------------------------------------------------------------\n // Role (Cognito group)\n // ---------------------------------------------------------------------------\n\n async addRole(userPoolId: string, groupName: string, description?: string) {\n this.validate(GroupDto, { userPoolId, groupName, description });\n return createGroup(userPoolId, groupName, description);\n }\n\n async removeRole(userPoolId: string, groupName: string) {\n this.validate(GroupDto, { userPoolId, groupName });\n return deleteGroup(userPoolId, groupName);\n }\n\n async assignRole(userPoolId: string, username: string, groupName: string) {\n this.validate(UserGroupDto, { userPoolId, username, groupName });\n return addUserToGroup(userPoolId, username, groupName);\n }\n\n async unassignRole(userPoolId: string, username: string, groupName: string) {\n this.validate(UserGroupDto, { userPoolId, username, groupName });\n return removeUserFromGroup(userPoolId, username, groupName);\n }\n\n // ---------------------------------------------------------------------------\n // Permission check\n // ---------------------------------------------------------------------------\n\n async hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean> {\n return this.permissionService.hasPermission(role, resource, scope, method);\n }\n\n async getPermissionByKey(permissionKey: string): Promise<Permission | null> {\n return this.permissionService.getPermissionByKey(permissionKey);\n }\n\n // ---------------------------------------------------------------------------\n // Permission request handler (routes from ControllerApi)\n // ---------------------------------------------------------------------------\n\n async handlePermissionRequest(\n req: HttpRequest,\n path: string,\n permissionMap: PermissionMap,\n adminGroups: string[],\n ): Promise<any> {\n this.checkAdminPermission(req.identity.groups, adminGroups);\n\n if (req.methode === \"POST\") {\n const normalizedPath = trimSpecialChar(path);\n const rolePath = trimSpecialChar(permissionMap.rolePath ?? \"\");\n\n for (const [suffix, handler] of Object.entries(this.subRoutes)) {\n if (normalizedPath === `${rolePath}${suffix}`) {\n return handler(permissionMap, req.body);\n }\n }\n\n return this.addPermission(req.body);\n }\n\n switch (req.methode) {\n case \"GET\":\n return this.listPermissions();\n case \"PATCH\":\n return this.updatePermission(req.entityId, req.body);\n case \"DELETE\":\n return this.deletePermission(req.entityId);\n default:\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] unsupported method\");\n }\n }\n\n // ---------------------------------------------------------------------------\n // RBAC access enforcement (used by ControllerApi)\n // ---------------------------------------------------------------------------\n\n async checkRbacAccess(req: HttpRequest, resource: string, scopeMap: ScopeMap, adminGroups?: string[]): Promise<void> {\n const role = this.extractRole(req);\n\n if (!role) {\n throw new ErrorHttp({ code: 403, error: \"PermissionDenied\" }, \"Permission denied: Role Not Found\");\n }\n\n if (adminGroups?.length && this.isAdmin(req.identity?.groups, adminGroups)) {\n return;\n }\n\n const scope = this.resolveScope(req, scopeMap);\n const method = req.methode.toUpperCase();\n\n const allowed = await this.permissionService.hasPermission(role, resource, scope, method);\n\n if (!allowed) {\n const key = `${role}#${resource}#${scope}`;\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Permission denied: role=${role} \"${key}.${method}\"`,\n );\n }\n\n this.applyScopeFilter(req, scope, scopeMap);\n }\n\n checkAdminPermission(cognitoGroups: string[], adminGroups: string[]) {\n if (!this.isAdmin(cognitoGroups, adminGroups)) {\n throw new ErrorHttp({ code: 403, error: \"Permission Denied\" }, \"[CORE] Permission Denied\");\n }\n return true;\n }\n\n // ---------------------------------------------------------------------------\n // Private helpers\n // ---------------------------------------------------------------------------\n\n private isAdmin(cognitoGroups: string[] | undefined, adminGroups: string[]): boolean {\n return cognitoGroups?.some((group) => adminGroups.includes(group)) ?? false;\n }\n\n private validate<T extends z.ZodType>(schema: T, data: unknown): z.infer<T> {\n try {\n return validateWithSchema(schema, data);\n } catch (error) {\n const formattedErrors = formatErrors(error);\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, formattedErrors);\n }\n }\n\n private extractRole(req: HttpRequest): string | undefined {\n return req.identity?.groups?.[0];\n }\n\n private resolveScope(req: HttpRequest, scopeMap: ScopeMap): string {\n const scope = req.queryStringParameters?.scope || req.customQueryParameters?.scope;\n\n if (!scope) return scopeMap.keys().next().value!;\n\n if (!scopeMap.has(scope)) {\n const allowed = Array.from(scopeMap.keys()).join(\", \");\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, `Invalid scope \"${scope}\". Allowed: ${allowed}`);\n }\n\n return scope;\n }\n\n private applyScopeFilter(req: HttpRequest, scope: string, scopeMap: ScopeMap): void {\n if (!req.filter) req.filter = {};\n\n this.clearScopeFilters(req, scopeMap);\n\n const mapping = scopeMap.get(scope);\n if (!mapping) return;\n\n const claimKey = mapping.claimKey ?? \"custom:\" + scope;\n const claimValue = req.identity?.[claimKey] || req.identity?.attributes?.[claimKey];\n\n if (!claimValue) {\n throw new ErrorHttp({ code: 403, error: \"PermissionDenied\" }, `Missing claim \"${claimKey}\" for scope \"${scope}\"`);\n }\n\n req.filter[mapping.filterField] = claimValue;\n delete req.filter?.scope;\n }\n\n private clearScopeFilters(req: HttpRequest, scopeMap: ScopeMap): void {\n for (const [, entry] of scopeMap) {\n delete req.filter[entry.filterField];\n }\n delete req.filter[\"scope\"];\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"controller-role.js","sourceRoot":"","sources":["../../src/controller/controller-role.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,4CAAyC;AAIzC,sEAAkE;AAClE,iDAAoG;AACpG,8DAA4E;AAC5E,sDAAuD;AAEvD,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E,MAAM,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5B,GAAG,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC3B,IAAI,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC7B,GAAG,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC3B,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,kBAAkB,CAAC;IAC3C,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC;IACnD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,mBAAmB,CAAC;IAC7C,MAAM,EAAE,YAAY;CACrB,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE;IACtD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC,CAAC,QAAQ,EAAE;IAC9D,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC,QAAQ,EAAE;IACxD,MAAM,EAAE,YAAY,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;AAEvD,MAAM,QAAQ,GAAG,OAAC,CAAC,MAAM,CAAC;IACxB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC;IACvD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;IACrD,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5B,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC;IACvD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC;IACnD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;CACtD,CAAC,CAAC;AAQH;;;;;;;GAOG;AACH,MAAa,cAAc;IACN,iBAAiB,CAAoB;IAEvC,SAAS,GAAiC;QACzD,YAAY,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC;QACzF,iBAAiB,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;QAC9F,eAAe,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC;QAC7E,oBAAoB,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC;KACpG,CAAC;IAEF,YAAY,aAAqB;QAC/B,IAAI,CAAC,iBAAiB,GAAG,IAAI,sCAAiB,CAAC,aAAa,CAAC,CAAC;IAChE,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,KAKnB;QACC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,EAAU,EACV,OAA4E;QAE5E,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC9B,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,EAAU;QAC/B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAU;QAC5B,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAC9B,OAAO,IAAI,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,iBAAiB,CAAC,eAAe,EAAE,CAAC;IAClD,CAAC;IAED,8EAA8E;IAC9E,uBAAuB;IACvB,8EAA8E;IAE9E,KAAK,CAAC,OAAO,CAAC,UAAkB,EAAE,SAAiB,EAAE,WAAoB;QACvE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,CAAC;QAChE,OAAO,IAAA,qBAAW,EAAC,UAAU,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,SAAiB;QACpD,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QACnD,OAAO,IAAA,qBAAW,EAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;QACtE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;QACjE,OAAO,IAAA,wBAAc,EAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,UAAkB,EAAE,QAAgB,EAAE,SAAiB;QACxE,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;QACjE,OAAO,IAAA,6BAAmB,EAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC9D,CAAC;IAED,8EAA8E;IAC9E,mBAAmB;IACnB,8EAA8E;IAE9E,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,QAAgB,EAAE,KAAa,EAAE,MAAc;QAC/E,OAAO,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,aAAqB;QAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAClE,CAAC;IAED,8EAA8E;IAC9E,yDAAyD;IACzD,8EAA8E;IAE9E,KAAK,CAAC,uBAAuB,CAC3B,GAAgB,EAChB,IAAY,EACZ,aAA4B,EAC5B,WAAqB;QAErB,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAE5D,IAAI,GAAG,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC3B,MAAM,cAAc,GAAG,IAAA,6BAAe,EAAC,IAAI,CAAC,CAAC;YAC7C,MAAM,QAAQ,GAAG,IAAA,6BAAe,EAAC,aAAa,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;YAE/D,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/D,IAAI,cAAc,KAAK,GAAG,QAAQ,GAAG,MAAM,EAAE,EAAE,CAAC;oBAC9C,OAAO,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;YAED,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtC,CAAC;QAED,QAAQ,GAAG,CAAC,OAAO,EAAE,CAAC;YACpB,KAAK,KAAK;gBACR,OAAO,IAAI,CAAC,eAAe,EAAE,CAAC;YAChC,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YACvD,KAAK,QAAQ;gBACX,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC7C;gBACE,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,kDAAkD;IAClD,8EAA8E;IAE9E,KAAK,CAAC,eAAe,CAAC,GAAgB,EAAE,QAAgB,EAAE,QAAkB,EAAE,WAAsB;QAClG,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,mCAAmC,CAAC,CAAC;QACrG,CAAC;QAED,IAAI,WAAW,EAAE,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAEzC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC1F,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;gBAC5C,OAAO;YACT,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;QACtD,MAAM,IAAI,qBAAS,CACjB,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EACxC,4BAA4B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,IAAI,MAAM,GAAG,CACjE,CAAC;IACJ,CAAC;IAED,oBAAoB,CAAC,aAAuB,EAAE,WAAqB;QACjE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,WAAW,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,0BAA0B,CAAC,CAAC;QAC7F,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAEtE,OAAO,CAAC,aAAmC,EAAE,WAAqB;QACxE,OAAO,aAAa,EAAE,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC;IAC9E,CAAC;IAEO,QAAQ,CAAsB,MAAS,EAAE,IAAa;QAC5D,IAAI,CAAC;YACH,OAAO,IAAA,oCAAkB,EAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,eAAe,GAAG,IAAA,8BAAY,EAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,eAAe,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAEO,YAAY,CAAC,GAAgB;QACnC,OAAO,GAAG,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAC;IACpC,CAAC;IAEO,YAAY,CAAC,GAAgB,EAAE,QAAkB;QACvD,MAAM,KAAK,GAAG,GAAG,CAAC,qBAAqB,EAAE,KAAK,IAAI,GAAG,CAAC,qBAAqB,EAAE,KAAK,CAAC;QAEnF,IAAI,CAAC,KAAK;YAAE,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAM,CAAC;QAEjD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,kBAAkB,KAAK,eAAe,OAAO,EAAE,CAAC,CAAC;QAC3G,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,gBAAgB,CAAC,GAAgB,EAAE,KAAa,EAAE,QAAkB;QAC1E,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAEtC,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,OAAO;YAAE,OAAO;QAErB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,SAAS,GAAG,KAAK,CAAC;QACvD,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEpF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,qBAAS,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,kBAAkB,QAAQ,gBAAgB,KAAK,GAAG,CAAC,CAAC;QACpH,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,UAAU,CAAC;QAC7C,OAAO,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC;IAC3B,CAAC;IAEO,iBAAiB,CAAC,GAAgB,EAAE,QAAkB;QAC5D,KAAK,MAAM,CAAC,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;CACF;AA/ND,wCA+NC","sourcesContent":["import { z } from \"zod\";\nimport { ErrorHttp } from \"../exception\";\nimport { Permission } from \"../model/role.model\";\nimport { PermissionMap, ScopeMap } from \"../model/base.model\";\nimport { HttpRequest } from \"../utils/http/http.util\";\nimport { PermissionService } from \"../service/permission.service\";\nimport { createGroup, deleteGroup, addUserToGroup, removeUserFromGroup } from \"../function/cognito\";\nimport { validateWithSchema, formatErrors } from \"../utils/validation.util\";\nimport { trimSpecialChar } from \"../utils/string.util\";\n\n// ---------------------------------------------------------------------------\n// DTO Schemas\n// ---------------------------------------------------------------------------\n\nconst MethodSchema = z.object({\n GET: z.boolean().optional(),\n POST: z.boolean().optional(),\n PATCH: z.boolean().optional(),\n PUT: z.boolean().optional(),\n DELETE: z.boolean().optional(),\n});\n\nconst AddPermissionDto = z.object({\n role: z.string().min(1, \"Role is required\"),\n resource: z.string().min(1, \"Resource is required\"),\n scope: z.string().min(1, \"Scope is required\"),\n method: MethodSchema,\n});\n\nconst UpdatePermissionDto = z.object({\n role: z.string().min(1, \"Role is required\").optional(),\n resource: z.string().min(1, \"Resource is required\").optional(),\n scope: z.string().min(1, \"Scope is required\").optional(),\n method: MethodSchema.optional(),\n});\n\nconst IdParamDto = z.string().min(1, \"Id is required\");\n\nconst GroupDto = z.object({\n userPoolId: z.string().min(1, \"UserPoolId is required\"),\n groupName: z.string().min(1, \"GroupName is required\"),\n description: z.string().optional(),\n});\n\nconst UserGroupDto = z.object({\n userPoolId: z.string().min(1, \"UserPoolId is required\"),\n username: z.string().min(1, \"Username is required\"),\n groupName: z.string().min(1, \"GroupName is required\"),\n});\n\n// ---------------------------------------------------------------------------\n// Route map for permission sub-paths (POST only)\n// ---------------------------------------------------------------------------\n\ntype RouteHandler = (permissionMap: PermissionMap, body: any) => Promise<any>;\n\n/**\n * ControllerRole — centralized Permission CRUD + RBAC access enforcement.\n *\n * All caching and DB orchestration lives in PermissionService.\n *\n * Scope validation, scope filtering, and permission checks are centralized here\n * so that ControllerApi (and any other consumer) delegates without duplicating logic.\n */\nexport class ControllerRole {\n protected readonly permissionService: PermissionService;\n\n private readonly subRoutes: Record<string, RouteHandler> = {\n \"/add-group\": (pm, body) => this.addRole(pm.userPoolId, body.groupName, body.description),\n \"/add-user-group\": (pm, body) => this.assignRole(pm.userPoolId, body.username, body.groupName),\n \"/remove-group\": (pm, body) => this.removeRole(pm.userPoolId, body.groupName),\n \"/remove-user-group\": (pm, body) => this.unassignRole(pm.userPoolId, body.username, body.groupName),\n };\n\n constructor(roleTableName: string) {\n this.permissionService = new PermissionService(roleTableName);\n }\n\n // ---------------------------------------------------------------------------\n // Permission CRUD\n // ---------------------------------------------------------------------------\n\n async addPermission(input: {\n role: string;\n resource: string;\n scope: string;\n method: Permission[\"method\"];\n }): Promise<Permission> {\n this.validate(AddPermissionDto, input);\n return this.permissionService.createPermission(input);\n }\n\n async updatePermission(\n id: string,\n updates: Partial<Pick<Permission, \"role\" | \"resource\" | \"scope\" | \"method\">>,\n ): Promise<Permission> {\n this.validate(IdParamDto, id);\n this.validate(UpdatePermissionDto, updates);\n return this.permissionService.updatePermission(id, updates);\n }\n\n async deletePermission(id: string): Promise<boolean> {\n this.validate(IdParamDto, id);\n return this.permissionService.deletePermission(id);\n }\n\n async getPermission(id: string): Promise<Permission | null> {\n this.validate(IdParamDto, id);\n return this.permissionService.getPermissionById(id);\n }\n\n async listPermissions(): Promise<Permission[]> {\n return this.permissionService.listPermissions();\n }\n\n // ---------------------------------------------------------------------------\n // Role (Cognito group)\n // ---------------------------------------------------------------------------\n\n async addRole(userPoolId: string, groupName: string, description?: string) {\n this.validate(GroupDto, { userPoolId, groupName, description });\n return createGroup(userPoolId, groupName, description);\n }\n\n async removeRole(userPoolId: string, groupName: string) {\n this.validate(GroupDto, { userPoolId, groupName });\n return deleteGroup(userPoolId, groupName);\n }\n\n async assignRole(userPoolId: string, username: string, groupName: string) {\n this.validate(UserGroupDto, { userPoolId, username, groupName });\n return addUserToGroup(userPoolId, username, groupName);\n }\n\n async unassignRole(userPoolId: string, username: string, groupName: string) {\n this.validate(UserGroupDto, { userPoolId, username, groupName });\n return removeUserFromGroup(userPoolId, username, groupName);\n }\n\n // ---------------------------------------------------------------------------\n // Permission check\n // ---------------------------------------------------------------------------\n\n async hasPermission(role: string, resource: string, scope: string, method: string): Promise<boolean> {\n return this.permissionService.hasPermission(role, resource, scope, method);\n }\n\n async getPermissionByKey(permissionKey: string): Promise<Permission | null> {\n return this.permissionService.getPermissionByKey(permissionKey);\n }\n\n // ---------------------------------------------------------------------------\n // Permission request handler (routes from ControllerApi)\n // ---------------------------------------------------------------------------\n\n async handlePermissionRequest(\n req: HttpRequest,\n path: string,\n permissionMap: PermissionMap,\n adminGroups: string[],\n ): Promise<any> {\n this.checkAdminPermission(req.identity.groups, adminGroups);\n\n if (req.methode === \"POST\") {\n const normalizedPath = trimSpecialChar(path);\n const rolePath = trimSpecialChar(permissionMap.rolePath ?? \"\");\n\n for (const [suffix, handler] of Object.entries(this.subRoutes)) {\n if (normalizedPath === `${rolePath}${suffix}`) {\n return handler(permissionMap, req.body);\n }\n }\n\n return this.addPermission(req.body);\n }\n\n switch (req.methode) {\n case \"GET\":\n return this.listPermissions();\n case \"PATCH\":\n return this.updatePermission(req.entityId, req.body);\n case \"DELETE\":\n return this.deletePermission(req.entityId);\n default:\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, \"[CORE] unsupported method\");\n }\n }\n\n // ---------------------------------------------------------------------------\n // RBAC access enforcement (used by ControllerApi)\n // ---------------------------------------------------------------------------\n\n async checkRbacAccess(req: HttpRequest, resource: string, scopeMap: ScopeMap, adminGroups?: string[]): Promise<void> {\n const roles = this.extractRoles(req);\n \n if (!roles.length) {\n throw new ErrorHttp({ code: 403, error: \"PermissionDenied\" }, \"Permission denied: Role Not Found\");\n }\n\n if (adminGroups?.length && this.isAdmin(roles, adminGroups)) {\n return;\n }\n\n const scope = this.resolveScope(req, scopeMap);\n const method = req.methode.toUpperCase();\n\n for (const role of roles) {\n const allowed = await this.permissionService.hasPermission(role, resource, scope, method);\n if (allowed) {\n this.applyScopeFilter(req, scope, scopeMap);\n return;\n }\n }\n\n const key = `${roles.join(\",\")}#${resource}#${scope}`;\n throw new ErrorHttp(\n { code: 403, error: \"PermissionDenied\" },\n `Permission denied: roles=${roles.join(\",\")} \"${key}.${method}\"`,\n );\n }\n\n checkAdminPermission(cognitoGroups: string[], adminGroups: string[]) {\n if (!this.isAdmin(cognitoGroups, adminGroups)) {\n throw new ErrorHttp({ code: 403, error: \"Permission Denied\" }, \"[CORE] Permission Denied\");\n }\n return true;\n }\n\n // ---------------------------------------------------------------------------\n // Private helpers\n // ---------------------------------------------------------------------------\n\n private isAdmin(cognitoGroups: string[] | undefined, adminGroups: string[]): boolean {\n return cognitoGroups?.some((group) => adminGroups.includes(group)) ?? false;\n }\n\n private validate<T extends z.ZodType>(schema: T, data: unknown): z.infer<T> {\n try {\n return validateWithSchema(schema, data);\n } catch (error) {\n const formattedErrors = formatErrors(error);\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, formattedErrors);\n }\n }\n\n private extractRoles(req: HttpRequest): string[] {\n return req.identity?.groups ?? [];\n }\n\n private resolveScope(req: HttpRequest, scopeMap: ScopeMap): string {\n const scope = req.queryStringParameters?.scope || req.customQueryParameters?.scope;\n\n if (!scope) return scopeMap.keys().next().value!;\n\n if (!scopeMap.has(scope)) {\n const allowed = Array.from(scopeMap.keys()).join(\", \");\n throw new ErrorHttp({ code: 400, error: \"BadRequest\" }, `Invalid scope \"${scope}\". Allowed: ${allowed}`);\n }\n\n return scope;\n }\n\n private applyScopeFilter(req: HttpRequest, scope: string, scopeMap: ScopeMap): void {\n if (!req.filter) req.filter = {};\n\n this.clearScopeFilters(req, scopeMap);\n\n const mapping = scopeMap.get(scope);\n if (!mapping) return;\n\n const claimKey = mapping.claimKey ?? \"custom:\" + scope;\n const claimValue = req.identity?.[claimKey] || req.identity?.attributes?.[claimKey];\n\n if (!claimValue) {\n throw new ErrorHttp({ code: 403, error: \"PermissionDenied\" }, `Missing claim \"${claimKey}\" for scope \"${scope}\"`);\n }\n\n req.filter[mapping.filterField] = claimValue;\n delete req.filter?.scope;\n }\n\n private clearScopeFilters(req: HttpRequest, scopeMap: ScopeMap): void {\n for (const [, entry] of scopeMap) {\n delete req.filter[entry.filterField];\n }\n delete req.filter[\"scope\"];\n }\n}\n"]}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { z, ZodType } from "zod";
|
|
2
|
+
type InvalidConfig = boolean | string[];
|
|
3
|
+
/**
|
|
4
|
+
* EntityBuilder generates mock objects from a Zod schema.
|
|
5
|
+
* - Can produce fully valid objects
|
|
6
|
+
* - Can produce random invalid objects (at least one field invalid)
|
|
7
|
+
* - Can produce targeted invalid objects (specific fields)
|
|
8
|
+
* - Arrays are autofilled with multiple elements if `arrayLength` > 1
|
|
9
|
+
*/
|
|
10
|
+
export declare class EntityBuilder<T extends ZodType<any, any, any>> {
|
|
11
|
+
private readonly schema;
|
|
12
|
+
private readonly invalid;
|
|
13
|
+
private readonly arrayLength;
|
|
14
|
+
private seed;
|
|
15
|
+
constructor(schema: T, invalid?: InvalidConfig, arrayLength?: number);
|
|
16
|
+
build(): z.infer<T>;
|
|
17
|
+
private buildFromZod;
|
|
18
|
+
private shouldInvalidate;
|
|
19
|
+
}
|
|
20
|
+
export {};
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.EntityBuilder = void 0;
|
|
4
|
+
const zod_1 = require("zod");
|
|
5
|
+
/**
|
|
6
|
+
* EntityBuilder generates mock objects from a Zod schema.
|
|
7
|
+
* - Can produce fully valid objects
|
|
8
|
+
* - Can produce random invalid objects (at least one field invalid)
|
|
9
|
+
* - Can produce targeted invalid objects (specific fields)
|
|
10
|
+
* - Arrays are autofilled with multiple elements if `arrayLength` > 1
|
|
11
|
+
*/
|
|
12
|
+
class EntityBuilder {
|
|
13
|
+
schema;
|
|
14
|
+
invalid;
|
|
15
|
+
arrayLength;
|
|
16
|
+
seed = 1;
|
|
17
|
+
constructor(schema, invalid = true, arrayLength = 1) {
|
|
18
|
+
this.schema = schema;
|
|
19
|
+
this.invalid = invalid;
|
|
20
|
+
this.arrayLength = arrayLength;
|
|
21
|
+
}
|
|
22
|
+
build() {
|
|
23
|
+
return this.buildFromZod(this.schema, this.invalid);
|
|
24
|
+
}
|
|
25
|
+
buildFromZod(schema, invalidConfig, path = []) {
|
|
26
|
+
// Optional / Nullable unwrap
|
|
27
|
+
if (schema instanceof zod_1.ZodOptional || schema instanceof zod_1.ZodNullable) {
|
|
28
|
+
const inner = schema._def.innerType;
|
|
29
|
+
return this.buildFromZod(inner, invalidConfig, path);
|
|
30
|
+
}
|
|
31
|
+
if (schema instanceof zod_1.ZodString) {
|
|
32
|
+
return this.shouldInvalidate(path, invalidConfig) ? "INVALID" : `valid_${path.join("_")}`;
|
|
33
|
+
}
|
|
34
|
+
if (schema instanceof zod_1.ZodNumber) {
|
|
35
|
+
return this.shouldInvalidate(path, invalidConfig) ? -1 : 1;
|
|
36
|
+
}
|
|
37
|
+
if (schema instanceof zod_1.ZodBoolean) {
|
|
38
|
+
return !this.shouldInvalidate(path, invalidConfig);
|
|
39
|
+
}
|
|
40
|
+
if (schema instanceof zod_1.ZodArray) {
|
|
41
|
+
const elementSchema = schema.element;
|
|
42
|
+
const arr = [];
|
|
43
|
+
for (let i = 0; i < this.arrayLength; i++) {
|
|
44
|
+
arr.push(this.buildFromZod(elementSchema, invalidConfig, path.concat([String(i)])));
|
|
45
|
+
}
|
|
46
|
+
return arr;
|
|
47
|
+
}
|
|
48
|
+
if (schema instanceof zod_1.ZodObject) {
|
|
49
|
+
const obj = {};
|
|
50
|
+
const shape = schema.shape;
|
|
51
|
+
for (const key in shape) {
|
|
52
|
+
obj[key] = this.buildFromZod(shape[key], invalidConfig, path.concat([key]));
|
|
53
|
+
}
|
|
54
|
+
return obj;
|
|
55
|
+
}
|
|
56
|
+
// fallback for unsupported types
|
|
57
|
+
return null;
|
|
58
|
+
}
|
|
59
|
+
shouldInvalidate(path, invalidConfig) {
|
|
60
|
+
if (invalidConfig === false) {
|
|
61
|
+
// random invalid
|
|
62
|
+
const x = Math.sin(this.seed++) * 10000;
|
|
63
|
+
return x - Math.floor(x) > 0.5;
|
|
64
|
+
}
|
|
65
|
+
if (Array.isArray(invalidConfig)) {
|
|
66
|
+
// targeted invalid
|
|
67
|
+
return invalidConfig.includes(path.join("."));
|
|
68
|
+
}
|
|
69
|
+
return false; // valid by default
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
exports.EntityBuilder = EntityBuilder;
|
|
73
|
+
//# sourceMappingURL=data.util.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"data.util.js","sourceRoot":"","sources":["../../src/utils/data.util.ts"],"names":[],"mappings":";;;AAAA,6BAAkH;AAIlH;;;;;;GAMG;AACH,MAAa,aAAa;IAIL;IACA;IACA;IALX,IAAI,GAAG,CAAC,CAAC;IAEjB,YACmB,MAAS,EACT,UAAyB,IAAI,EAC7B,cAAsB,CAAC;QAFvB,WAAM,GAAN,MAAM,CAAG;QACT,YAAO,GAAP,OAAO,CAAsB;QAC7B,gBAAW,GAAX,WAAW,CAAY;IACvC,CAAC;IAEJ,KAAK;QACH,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAe,CAAC;IACpE,CAAC;IAEO,YAAY,CAAC,MAA8B,EAAE,aAA4B,EAAE,OAAiB,EAAE;QACpG,6BAA6B;QAC7B,IAAI,MAAM,YAAY,iBAAW,IAAI,MAAM,YAAY,iBAAW,EAAE,CAAC;YACnE,MAAM,KAAK,GAAI,MAAc,CAAC,IAAI,CAAC,SAAmC,CAAC;YACvE,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,aAAa,EAAE,IAAI,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,MAAM,YAAY,eAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5F,CAAC;QAED,IAAI,MAAM,YAAY,eAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,MAAM,YAAY,gBAAU,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,MAAM,YAAY,cAAQ,EAAE,CAAC;YAC/B,MAAM,aAAa,GAAI,MAAwB,CAAC,OAAiC,CAAC;YAClF,MAAM,GAAG,GAAG,EAAE,CAAC;YACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC1C,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACtF,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,IAAI,MAAM,YAAY,eAAS,EAAE,CAAC;YAChC,MAAM,GAAG,GAAQ,EAAE,CAAC;YACpB,MAAM,KAAK,GAAI,MAAyB,CAAC,KAAK,CAAC;YAC/C,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;gBACxB,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC9E,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,iCAAiC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,gBAAgB,CAAC,IAAc,EAAE,aAA4B;QACnE,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;YAC5B,iBAAiB;YACjB,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC;YACxC,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QACjC,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YACjC,mBAAmB;YACnB,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,mBAAmB;IACnC,CAAC;CACF;AAlED,sCAkEC","sourcesContent":["import { z, ZodArray, ZodBoolean, ZodNullable, ZodNumber, ZodObject, ZodOptional, ZodString, ZodType } from \"zod\";\n\ntype InvalidConfig = boolean | string[];\n\n/**\n * EntityBuilder generates mock objects from a Zod schema.\n * - Can produce fully valid objects\n * - Can produce random invalid objects (at least one field invalid)\n * - Can produce targeted invalid objects (specific fields)\n * - Arrays are autofilled with multiple elements if `arrayLength` > 1\n */\nexport class EntityBuilder<T extends ZodType<any, any, any>> {\n private seed = 1;\n\n constructor(\n private readonly schema: T,\n private readonly invalid: InvalidConfig = true,\n private readonly arrayLength: number = 1, // default number of elements in arrays\n ) {}\n\n build(): z.infer<T> {\n return this.buildFromZod(this.schema, this.invalid) as z.infer<T>;\n }\n\n private buildFromZod(schema: ZodType<any, any, any>, invalidConfig: InvalidConfig, path: string[] = []): any {\n // Optional / Nullable unwrap\n if (schema instanceof ZodOptional || schema instanceof ZodNullable) {\n const inner = (schema as any)._def.innerType as ZodType<any, any, any>;\n return this.buildFromZod(inner, invalidConfig, path);\n }\n\n if (schema instanceof ZodString) {\n return this.shouldInvalidate(path, invalidConfig) ? \"INVALID\" : `valid_${path.join(\"_\")}`;\n }\n\n if (schema instanceof ZodNumber) {\n return this.shouldInvalidate(path, invalidConfig) ? -1 : 1;\n }\n\n if (schema instanceof ZodBoolean) {\n return !this.shouldInvalidate(path, invalidConfig);\n }\n\n if (schema instanceof ZodArray) {\n const elementSchema = (schema as ZodArray<any>).element as ZodType<any, any, any>;\n const arr = [];\n for (let i = 0; i < this.arrayLength; i++) {\n arr.push(this.buildFromZod(elementSchema, invalidConfig, path.concat([String(i)])));\n }\n return arr;\n }\n\n if (schema instanceof ZodObject) {\n const obj: any = {};\n const shape = (schema as ZodObject<any>).shape;\n for (const key in shape) {\n obj[key] = this.buildFromZod(shape[key], invalidConfig, path.concat([key]));\n }\n return obj;\n }\n\n // fallback for unsupported types\n return null;\n }\n\n private shouldInvalidate(path: string[], invalidConfig: InvalidConfig): boolean {\n if (invalidConfig === false) {\n // random invalid\n const x = Math.sin(this.seed++) * 10000;\n return x - Math.floor(x) > 0.5;\n }\n if (Array.isArray(invalidConfig)) {\n // targeted invalid\n return invalidConfig.includes(path.join(\".\"));\n }\n return false; // valid by default\n }\n}\n"]}
|
|
@@ -3,3 +3,16 @@ export declare function isValidDate(dateStr: string): boolean;
|
|
|
3
3
|
export declare function isSameYearMonth(date1: string | Date | Dayjs, date2: string | Date | Dayjs): boolean;
|
|
4
4
|
export declare function isCurrentMonth(date: string | Date | Dayjs): boolean;
|
|
5
5
|
export declare function isFutureMonth(date: string): boolean;
|
|
6
|
+
export declare function addSecondToDate(date: string | Date | Dayjs): Dayjs;
|
|
7
|
+
/**
|
|
8
|
+
* Returns the oldest date string from a list of date strings.
|
|
9
|
+
* @param dateStrList List of date strings (ISO or other formats supported by dayjs).
|
|
10
|
+
* @returns The oldest date string, or an empty string if the list is empty.
|
|
11
|
+
*/
|
|
12
|
+
export declare function minDateStr(dateStrList: any[]): string;
|
|
13
|
+
/**
|
|
14
|
+
* Returns the newest date string from a list of date strings.
|
|
15
|
+
* @param dateStrList List of date strings (ISO or other formats supported by dayjs).
|
|
16
|
+
* @returns The newest date string, or an empty string if the list is empty.
|
|
17
|
+
*/
|
|
18
|
+
export declare function maxDateStr(dateStrList: any[]): string;
|
package/dist/utils/date.util.js
CHANGED
|
@@ -7,6 +7,9 @@ exports.isValidDate = isValidDate;
|
|
|
7
7
|
exports.isSameYearMonth = isSameYearMonth;
|
|
8
8
|
exports.isCurrentMonth = isCurrentMonth;
|
|
9
9
|
exports.isFutureMonth = isFutureMonth;
|
|
10
|
+
exports.addSecondToDate = addSecondToDate;
|
|
11
|
+
exports.minDateStr = minDateStr;
|
|
12
|
+
exports.maxDateStr = maxDateStr;
|
|
10
13
|
const dayjs_1 = __importDefault(require("dayjs"));
|
|
11
14
|
function isValidDate(dateStr) {
|
|
12
15
|
const d = new Date(dateStr);
|
|
@@ -31,4 +34,36 @@ function isFutureMonth(date) {
|
|
|
31
34
|
// Compare year-month
|
|
32
35
|
return inputYear > currentYear || (inputYear === currentYear && inputMonth > currentMonth);
|
|
33
36
|
}
|
|
37
|
+
function addSecondToDate(date) {
|
|
38
|
+
return (0, dayjs_1.default)(date).add(1, "second");
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Returns the oldest date string from a list of date strings.
|
|
42
|
+
* @param dateStrList List of date strings (ISO or other formats supported by dayjs).
|
|
43
|
+
* @returns The oldest date string, or an empty string if the list is empty.
|
|
44
|
+
*/
|
|
45
|
+
function minDateStr(dateStrList) {
|
|
46
|
+
return minMaxDateStr(dateStrList, false);
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Returns the newest date string from a list of date strings.
|
|
50
|
+
* @param dateStrList List of date strings (ISO or other formats supported by dayjs).
|
|
51
|
+
* @returns The newest date string, or an empty string if the list is empty.
|
|
52
|
+
*/
|
|
53
|
+
function maxDateStr(dateStrList) {
|
|
54
|
+
return minMaxDateStr(dateStrList, true);
|
|
55
|
+
}
|
|
56
|
+
function minMaxDateStr(dateStrList, isMax) {
|
|
57
|
+
if (!dateStrList || dateStrList.length === 0)
|
|
58
|
+
return "";
|
|
59
|
+
const filtered = dateStrList.filter((d) => !!d);
|
|
60
|
+
if (filtered.length === 0)
|
|
61
|
+
return "";
|
|
62
|
+
return filtered.reduce((newestDate, current) => {
|
|
63
|
+
if (isMax)
|
|
64
|
+
return (0, dayjs_1.default)(current).isAfter((0, dayjs_1.default)(newestDate)) ? current : newestDate;
|
|
65
|
+
else
|
|
66
|
+
return (0, dayjs_1.default)(current).isBefore((0, dayjs_1.default)(newestDate)) ? newestDate : current;
|
|
67
|
+
});
|
|
68
|
+
}
|
|
34
69
|
//# sourceMappingURL=date.util.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"date.util.js","sourceRoot":"","sources":["../../src/utils/date.util.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"date.util.js","sourceRoot":"","sources":["../../src/utils/date.util.ts"],"names":[],"mappings":";;;;;AAEA,kCAGC;AAED,0CAIC;AAED,wCAEC;AAED,sCAYC;AAED,0CAEC;AAMD,gCAEC;AAOD,gCAEC;AAlDD,kDAAqC;AAErC,SAAgB,WAAW,CAAC,OAAe;IACzC,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,SAAgB,eAAe,CAAC,KAA4B,EAAE,KAA4B;IACxF,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,KAAK,CAAC,CAAC;IACxB,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,KAAK,CAAC,CAAC;IACxB,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;AACzD,CAAC;AAED,SAAgB,cAAc,CAAC,IAA2B;IACxD,OAAO,eAAe,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;AAC3C,CAAC;AAED,SAAgB,aAAa,CAAC,IAAY;IACxC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC;IAEzB,yBAAyB;IACzB,MAAM,SAAS,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;IAC1C,MAAM,UAAU,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,oBAAoB;IAC7D,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IACxC,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEtC,qBAAqB;IACrB,OAAO,SAAS,GAAG,WAAW,IAAI,CAAC,SAAS,KAAK,WAAW,IAAI,UAAU,GAAG,YAAY,CAAC,CAAC;AAC7F,CAAC;AAED,SAAgB,eAAe,CAAC,IAA2B;IACzD,OAAO,IAAA,eAAK,EAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;AACtC,CAAC;AACD;;;;GAIG;AACH,SAAgB,UAAU,CAAC,WAAkB;IAC3C,OAAO,aAAa,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED;;;;GAIG;AACH,SAAgB,UAAU,CAAC,WAAkB;IAC3C,OAAO,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,aAAa,CAAC,WAAkB,EAAE,KAAc;IACvD,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAExD,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAErC,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE;QAC7C,IAAI,KAAK;YAAE,OAAO,IAAA,eAAK,EAAC,OAAO,CAAC,CAAC,OAAO,CAAC,IAAA,eAAK,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC;;YAC9E,OAAO,IAAA,eAAK,EAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAA,eAAK,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;IAChF,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import dayjs, { Dayjs } from \"dayjs\";\n\nexport function isValidDate(dateStr: string): boolean {\n const d = new Date(dateStr);\n return !Number.isNaN(d.getTime());\n}\n\nexport function isSameYearMonth(date1: string | Date | Dayjs, date2: string | Date | Dayjs): boolean {\n const d1 = dayjs(date1);\n const d2 = dayjs(date2);\n return d1.isSame(d2, \"month\") && d1.isSame(d2, \"year\");\n}\n\nexport function isCurrentMonth(date: string | Date | Dayjs): boolean {\n return isSameYearMonth(date, new Date());\n}\n\nexport function isFutureMonth(date: string): boolean {\n const inputDate = new Date(date);\n const today = new Date();\n\n // Extract year and month\n const inputYear = inputDate.getFullYear();\n const inputMonth = inputDate.getMonth(); // 0-based (0 = Jan)\n const currentYear = today.getFullYear();\n const currentMonth = today.getMonth();\n\n // Compare year-month\n return inputYear > currentYear || (inputYear === currentYear && inputMonth > currentMonth);\n}\n\nexport function addSecondToDate(date: string | Date | Dayjs): Dayjs {\n return dayjs(date).add(1, \"second\");\n}\n/**\n * Returns the oldest date string from a list of date strings.\n * @param dateStrList List of date strings (ISO or other formats supported by dayjs).\n * @returns The oldest date string, or an empty string if the list is empty.\n */\nexport function minDateStr(dateStrList: any[]): string {\n return minMaxDateStr(dateStrList, false);\n}\n\n/**\n * Returns the newest date string from a list of date strings.\n * @param dateStrList List of date strings (ISO or other formats supported by dayjs).\n * @returns The newest date string, or an empty string if the list is empty.\n */\nexport function maxDateStr(dateStrList: any[]): string {\n return minMaxDateStr(dateStrList, true);\n}\n\nfunction minMaxDateStr(dateStrList: any[], isMax: boolean): string {\n if (!dateStrList || dateStrList.length === 0) return \"\";\n\n const filtered = dateStrList.filter((d) => !!d);\n if (filtered.length === 0) return \"\";\n\n return filtered.reduce((newestDate, current) => {\n if (isMax) return dayjs(current).isAfter(dayjs(newestDate)) ? current : newestDate;\n else return dayjs(current).isBefore(dayjs(newestDate)) ? newestDate : current;\n });\n}\n"]}
|
package/dist/utils/index.d.ts
CHANGED
package/dist/utils/index.js
CHANGED
|
@@ -28,5 +28,6 @@ __exportStar(require("./reflection.util"), exports);
|
|
|
28
28
|
__exportStar(require("./validation.util"), exports);
|
|
29
29
|
__exportStar(require("./opensearch/opensearch.parser"), exports);
|
|
30
30
|
__exportStar(require("./opensearch/opensearch.transform"), exports);
|
|
31
|
+
__exportStar(require("./data.util"), exports);
|
|
31
32
|
__exportStar(require("../function/logger"), exports);
|
|
32
33
|
//# sourceMappingURL=index.js.map
|
package/dist/utils/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC;AACjC,sDAAoC;AACpC,+CAA6B;AAC7B,8CAA4B;AAC5B,8CAA4B;AAC5B,mDAAiC;AACjC,6CAA2B;AAC3B,+CAA6B;AAC7B,8CAA4B;AAC5B,qDAAmC;AACnC,oDAAkC;AAClC,oDAAkC;AAClC,iEAA+C;AAC/C,oEAAkD;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC;AACjC,sDAAoC;AACpC,+CAA6B;AAC7B,8CAA4B;AAC5B,8CAA4B;AAC5B,mDAAiC;AACjC,6CAA2B;AAC3B,+CAA6B;AAC7B,8CAA4B;AAC5B,qDAAmC;AACnC,oDAAkC;AAClC,oDAAkC;AAClC,iEAA+C;AAC/C,oEAAkD;AAClD,8CAA4B;AAE5B,qDAAmC","sourcesContent":["export * from \"./http/http.util\";\nexport * from \"./http/http-request\";\nexport * from \"./array.util\";\nexport * from \"./auth.util\";\nexport * from \"./date.util\";\nexport * from \"./dynamodb.utils\";\nexport * from \"./env.util\";\nexport * from \"./error.util\";\nexport * from \"./json.util\";\nexport * from \"./opensearch.utils\";\nexport * from \"./reflection.util\";\nexport * from \"./validation.util\";\nexport * from \"./opensearch/opensearch.parser\";\nexport * from \"./opensearch/opensearch.transform\";\nexport * from \"./data.util\";\n\nexport * from \"../function/logger\";\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "aws-service-stack",
|
|
3
|
-
"version": "0.18.
|
|
3
|
+
"version": "0.18.376",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"author": "chinggis.systems",
|
|
@@ -23,45 +23,45 @@
|
|
|
23
23
|
"tslib": "^2.8.1"
|
|
24
24
|
},
|
|
25
25
|
"peerDependencies": {
|
|
26
|
-
"@aws-sdk/client-api-gateway": "^3.
|
|
27
|
-
"@aws-sdk/client-apigatewaymanagementapi": "^3.
|
|
28
|
-
"@aws-sdk/client-cognito-identity-provider": "^3.
|
|
29
|
-
"@aws-sdk/client-dynamodb": "^3.
|
|
30
|
-
"@aws-sdk/client-lambda": "^3.
|
|
31
|
-
"@aws-sdk/client-pinpoint": "^3.
|
|
32
|
-
"@aws-sdk/client-secrets-manager": "^3.
|
|
33
|
-
"@aws-sdk/client-sqs": "^3.
|
|
34
|
-
"@aws-sdk/credential-provider-node": "^3.
|
|
35
|
-
"@aws-sdk/lib-dynamodb": "^3.
|
|
36
|
-
"@aws-sdk/s3-request-presigner": "^3.
|
|
37
|
-
"@aws-sdk/util-dynamodb": "^3.
|
|
26
|
+
"@aws-sdk/client-api-gateway": "^3.999.0",
|
|
27
|
+
"@aws-sdk/client-apigatewaymanagementapi": "^3.999.0",
|
|
28
|
+
"@aws-sdk/client-cognito-identity-provider": "^3.999.0",
|
|
29
|
+
"@aws-sdk/client-dynamodb": "^3.999.0",
|
|
30
|
+
"@aws-sdk/client-lambda": "^3.999.0",
|
|
31
|
+
"@aws-sdk/client-pinpoint": "^3.999.0",
|
|
32
|
+
"@aws-sdk/client-secrets-manager": "^3.999.0",
|
|
33
|
+
"@aws-sdk/client-sqs": "^3.999.0",
|
|
34
|
+
"@aws-sdk/credential-provider-node": "^3.972.14",
|
|
35
|
+
"@aws-sdk/lib-dynamodb": "^3.999.0",
|
|
36
|
+
"@aws-sdk/s3-request-presigner": "^3.999.0",
|
|
37
|
+
"@aws-sdk/util-dynamodb": "^3.996.1",
|
|
38
38
|
"@opensearch-project/opensearch": "^3.5.1",
|
|
39
|
-
"axios": "^1.
|
|
40
|
-
"dayjs": "^1.11.
|
|
41
|
-
"elastic-builder": "^
|
|
39
|
+
"axios": "^1.13.5",
|
|
40
|
+
"dayjs": "^1.11.19",
|
|
41
|
+
"elastic-builder": "^4.1.0",
|
|
42
42
|
"lodash.truncate": "^4.4.2",
|
|
43
|
-
"nodemailer": "^
|
|
43
|
+
"nodemailer": "^8.0.1",
|
|
44
44
|
"numeral": "^2.0.6",
|
|
45
45
|
"typedi": "0.10.0",
|
|
46
46
|
"yup": "^1.7.1",
|
|
47
|
-
"zod": "^4.
|
|
47
|
+
"zod": "^4.3.6"
|
|
48
48
|
},
|
|
49
49
|
"devDependencies": {
|
|
50
|
-
"@types/aws-lambda": "^8.10.
|
|
51
|
-
"@types/jest": "^
|
|
52
|
-
"eslint": "^
|
|
53
|
-
"@typescript-eslint/eslint-plugin": "^
|
|
54
|
-
"@typescript-eslint/parser": "^
|
|
55
|
-
"jest": "^
|
|
50
|
+
"@types/aws-lambda": "^8.10.161",
|
|
51
|
+
"@types/jest": "^30.0.0",
|
|
52
|
+
"eslint": "^10.0.2",
|
|
53
|
+
"@typescript-eslint/eslint-plugin": "^8.56.1",
|
|
54
|
+
"@typescript-eslint/parser": "^8.56.1",
|
|
55
|
+
"jest": "^30.2.0",
|
|
56
56
|
"jest-transform-stub": "^2.0.0",
|
|
57
|
-
"jsonc-eslint-parser": "^
|
|
58
|
-
"serverless-offline": "^14.
|
|
57
|
+
"jsonc-eslint-parser": "^3.1.0",
|
|
58
|
+
"serverless-offline": "^14.5.0",
|
|
59
59
|
"serverless-stage-manager": "^1.0.5",
|
|
60
|
-
"ts-jest": "^29.
|
|
60
|
+
"ts-jest": "^29.4.6",
|
|
61
61
|
"ts-node": "^10.9.2",
|
|
62
|
-
"tsc-alias": "^1.8.
|
|
63
|
-
"typescript": "^5.
|
|
64
|
-
"prettier": "^3.
|
|
65
|
-
"typescript-transform-paths": "^3.5.
|
|
62
|
+
"tsc-alias": "^1.8.16",
|
|
63
|
+
"typescript": "^5.9.3",
|
|
64
|
+
"prettier": "^3.8.1",
|
|
65
|
+
"typescript-transform-paths": "^3.5.6"
|
|
66
66
|
}
|
|
67
67
|
}
|