box-node-sdk 3.8.0 → 3.8.2

package/lib-esm/token-manager.d.ts

@@ -0,0 +1,191 @@
+/**
+ * @fileoverview Token Manager
+ */
+import Promise from 'bluebird';
+import APIRequestManager from './api-request-manager';
+type Config = Record<string, any>;
+/**
+ * Token request options. Set by the consumer to add/modify the params sent to the
+ * request.
+ *
+ * @typedef {Object} TokenRequestOptions
+ * @property {string} [ip] The IP Address of the requesting user. This IP will be reflected in authentication
+ *                         notification emails sent to your users on login. Defaults to the IP address of the
+ *                         server requesting the tokens.
+ */
+type TokenRequestOptions = {
+    ip?: string;
+};
+/**
+ * Parameters for creating a token using a Box shared link via token exchange
+ * @typedef {Object} SharedLinkParams
+ * @property {string} url Shared link URL
+ */
+type SharedLinkParams = {
+    url: string;
+};
+/**
+ * Parameters for creating an actor token via token exchange
+ * @typedef {Object} ActorParams
+ * @property {string} id The external identifier for the actor
+ * @property {string} name The display name of the actor
+ */
+type ActorParams = {
+    id: string;
+    name: string;
+};
+/**
+ * An object representing all token information for a single Box user.
+ *
+ * @typedef {Object} TokenInfo
+ * @property {string} accessToken    The API access token. Used to authenticate API requests to a certain
+ *                                   user and/or application.
+ * @property {int} acquiredAtMS      The time that the tokens were acquired.
+ * @property {int} accessTokenTTLMS  The TTL of the access token. Can be used with acquiredAtMS to
+ *                                   calculate if the current access token has expired.
+ * @property {string} [refreshToken] The API refresh token is a Longer-lasting than an access token, and can
+ *                                   be used to gain a new access token if the current access token becomes
+ *                                   expired. Grants like the 'client credentials' grant don't return a
+ *                                   refresh token, and have no refresh capabilities.
+ */
+type TokenInfo = {
+    accessToken: string;
+    acquiredAtMS: number;
+    accessTokenTTLMS: number;
+    refreshToken?: string;
+};
+/**
+ * Manager for API access abd refresh tokens
+ *
+ * @param {Config} config The config object
+ * @param {APIRequestManager} requestManager The API Request Manager
+ * @constructor
+ */
+declare class TokenManager {
+    config: Config;
+    requestManager: APIRequestManager;
+    oauthBaseURL: string;
+    constructor(config: Config, requestManager: APIRequestManager);
+    /**
+     * Given a TokenInfo object, returns whether its access token is expired. An access token is considered
+     * expired once its TTL surpasses the current time outside of the given buffer. This is a public method so
+     * that other modules may check the validity of their tokens.
+     *
+     * @param {TokenInfo} tokenInfo the token info to be written
+     * @param {int} [bufferMS] An optional buffer we'd like to test against. The greater this buffer, the more aggressively
+     * we'll call a token invalid.
+     * @returns {boolean} True if token is valid outside of buffer, otherwise false
+     */
+    isAccessTokenValid(tokenInfo: TokenInfo, bufferMS?: number): boolean;
+    /**
+     * Acquires OAuth2 tokens using a grant type (authorization_code, password, refresh_token)
+     *
+     * @param {Object} formParams - should contain all params expected by Box OAuth2 token endpoint
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant, null for default behavior
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     * @private
+     */
+    getTokens(formParams: Record<string, any>, options?: TokenRequestOptions | null): Promise<{
+        accessToken: any;
+        refreshToken: any;
+        accessTokenTTLMS: number;
+        acquiredAtMS: number;
+    }>;
+    /**
+     * Acquires token info using an authorization code
+     *
+     * @param {string} authorizationCode - authorization code issued by Box
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensAuthorizationCodeGrant(authorizationCode: string, options?: TokenRequestOptions): Promise<{
+        accessToken: any;
+        refreshToken: any;
+        accessTokenTTLMS: number;
+        acquiredAtMS: number;
+    }>;
+    /**
+     * Acquires token info using the client credentials grant.
+     *
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensClientCredentialsGrant(options?: TokenRequestOptions): Promise<{
+        accessToken: any;
+        refreshToken: any;
+        accessTokenTTLMS: number;
+        acquiredAtMS: number;
+    }>;
+    /**
+     * Refreshes the access and refresh tokens for a given refresh token.
+     *
+     * @param {string} refreshToken - A valid OAuth refresh token
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensRefreshGrant(refreshToken: string, options?: TokenRequestOptions): Promise<{
+        accessToken: any;
+        refreshToken: any;
+        accessTokenTTLMS: number;
+        acquiredAtMS: number;
+    }>;
+    /**
+     * Gets tokens for enterprise administration of app users
+     * @param {string} type The type of token to create, "user" or "enterprise"
+     * @param {string} id The ID of the enterprise to generate a token for
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensJWTGrant(type: string, id: string, options?: TokenRequestOptions): Promise<any>;
+    /**
+     * Attempt a retry if possible and create a new JTI claim. If the request hasn't exceeded it's maximum number of retries,
+     * re-execute the request (after the retry interval). Otherwise, propagate a new error.
+     *
+     * @param {Object} claims - JTI claims object
+     * @param {Object} [jwtOptions] - JWT options for the signature
+     * @param {Object} keyParams - Key JWT parameters object that contains the private key and the passphrase
+     * @param {Object} params - Should contain all params expected by Box OAuth2 token endpoint
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @param {Error} error - Error from the previous JWT request
+     * @param {int} numRetries - Number of retries attempted
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    retryJWTGrant(claims: any, jwtOptions: any, keyParams: any, params: any, options: TokenRequestOptions | undefined, error: any, numRetries: number): any;
+    /**
+     * Exchange a valid access token for one with a lower scope, or delegated to
+     * an external user identifier.
+     *
+     * @param {string} accessToken - The valid access token to exchange
+     * @param {string|string[]} scopes - The scope(s) of the new access token
+     * @param {string} [resource] - The absolute URL of an API resource to restrict the new token to
+     * @param {Object} [options] - Optional parameters
+     * @param {TokenRequestOptions} [options.tokenRequestOptions] - Sets optional behavior for the token grant
+     * @param {ActorParams} [options.actor] - Optional actor parameters for creating annotator tokens
+     * @param {SharedLinkParams} [options.sharedLink] - Optional shared link parameters for creating tokens using shared links
+     * @returns {Promise<TokenInfo>} Promise resolving to the new token info
+     */
+    exchangeToken(accessToken: string, scopes: string | string[], resource?: string, options?: {
+        tokenRequestOptions?: TokenRequestOptions;
+        actor?: ActorParams;
+        sharedLink?: SharedLinkParams;
+    }): Promise<{
+        accessToken: any;
+        refreshToken: any;
+        accessTokenTTLMS: number;
+        acquiredAtMS: number;
+    }>;
+    /**
+     * Revokes a token pair associated with a given access or refresh token.
+     *
+     * @param {string} token - A valid access or refresh token to revoke
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise} Promise resolving if the revoke succeeds
+     */
+    revokeTokens(token: string, options?: TokenRequestOptions): Promise<unknown>;
+}
+/**
+ * Provides interactions with Box OAuth2 tokening system.
+ *
+ * @module box-node-sdk/lib/token-manager
+ */
+export = TokenManager;

package/lib-esm/token-manager.js

@@ -0,0 +1,453 @@
+"use strict";
+/**
+ * @fileoverview Token Manager
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+// ------------------------------------------------------------------------------
+// Requirements
+// ------------------------------------------------------------------------------
+const bluebird_1 = __importDefault(require("bluebird"));
+const http_status_1 = __importDefault(require("http-status"));
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const uuid_1 = require("uuid");
+const errors_1 = __importDefault(require("./util/errors"));
+const exponential_backoff_1 = __importDefault(require("./util/exponential-backoff"));
+/**
+ *	Determines whether a JWT auth error can be retried
+ * @param {Error} err The JWT auth error
+ * @returns {boolean} True if the error is retryable
+ */
+function isJWTAuthErrorRetryable(err /* FIXME */) {
+    if (err.authExpired &&
+        err.response.headers.date &&
+        (err.response.body.error_description.indexOf('exp') > -1 ||
+            err.response.body.error_description.indexOf('jti') > -1)) {
+        return true;
+    }
+    else if (err.statusCode === 429 || err.statusCode >= 500) {
+        return true;
+    }
+    return false;
+}
+// ------------------------------------------------------------------------------
+// Constants
+// ------------------------------------------------------------------------------
+/**
+ * Collection of grant types that can be used to acquire tokens via OAuth2
+ *
+ * @readonly
+ * @enum {string}
+ */
+var grantTypes = {
+    AUTHORIZATION_CODE: 'authorization_code',
+    REFRESH_TOKEN: 'refresh_token',
+    CLIENT_CREDENTIALS: 'client_credentials',
+    JWT: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+    TOKEN_EXCHANGE: 'urn:ietf:params:oauth:grant-type:token-exchange',
+};
+/**
+ * Collection of paths to interact with Box OAuth2 tokening system
+ *
+ * @readonly
+ * @enum {string}
+ */
+var tokenPaths;
+(function (tokenPaths) {
+    tokenPaths["ROOT"] = "/oauth2";
+    tokenPaths["GET"] = "/token";
+    tokenPaths["REVOKE"] = "/revoke";
+})(tokenPaths || (tokenPaths = {}));
+// Timer used to track elapsed time starting with executing an async request and ending with emitting the response.
+var asyncRequestTimer /* FIXME */;
+// The XFF header label - Used to give the API better information for uploads, rate-limiting, etc.
+const HEADER_XFF = 'X-Forwarded-For';
+const ACCESS_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:access_token';
+const ACTOR_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:id_token';
+const BOX_JWT_AUDIENCE = 'https://api.box.com/oauth2/token';
+// ------------------------------------------------------------------------------
+// Private
+// ------------------------------------------------------------------------------
+/**
+ * Parse the response body to create a new TokenInfo object.
+ *
+ * @param {Object} grantResponseBody - (Request lib) response body containing granted token info from API
+ * @returns {TokenInfo} A TokenInfo object.
+ * @private
+ */
+function getTokensFromGrantResponse(grantResponseBody /* FIXME */) {
+    return {
+        // Set the access token & refresh token (if passed)
+        accessToken: grantResponseBody.access_token,
+        refreshToken: grantResponseBody.refresh_token,
+        // Box API sends back expires_in in seconds, we convert to ms for consistency of keeping all time in ms
+        accessTokenTTLMS: parseInt(grantResponseBody.expires_in, 10) * 1000,
+        acquiredAtMS: Date.now(),
+    };
+}
+/**
+ * Determines if a given string could represent an authorization code or token.
+ *
+ * @param {string} codeOrToken The code or token to check.
+ * @returns {boolean} True if codeOrToken is valid, false if not.
+ * @private
+ */
+function isValidCodeOrToken(codeOrToken) {
+    return typeof codeOrToken === 'string' && codeOrToken.length > 0;
+}
+/**
+ * Determines if a token grant response is valid
+ *
+ * @param {string} grantType the type of token grant
+ * @param {Object} responseBody the body of the response to check
+ * @returns {boolean} True if response body has expected fields, false if not.
+ * @private
+ */
+function isValidTokenResponse(grantType, responseBody /* FIXME */) {
+    if (!isValidCodeOrToken(responseBody.access_token)) {
+        return false;
+    }
+    if (typeof responseBody.expires_in !== 'number') {
+        return false;
+    }
+    // Check the refresh_token for certain types of grants
+    if (grantType === 'authorization_code' || grantType === 'refresh_token') {
+        if (!isValidCodeOrToken(responseBody.refresh_token)) {
+            return false;
+        }
+    }
+    return true;
+}
+// ------------------------------------------------------------------------------
+// Public
+// ------------------------------------------------------------------------------
+/**
+ * Manager for API access abd refresh tokens
+ *
+ * @param {Config} config The config object
+ * @param {APIRequestManager} requestManager The API Request Manager
+ * @constructor
+ */
+class TokenManager {
+    constructor(config, requestManager) {
+        this.config = config;
+        this.oauthBaseURL = config.apiRootURL + tokenPaths.ROOT;
+        this.requestManager = requestManager;
+    }
+    /**
+     * Given a TokenInfo object, returns whether its access token is expired. An access token is considered
+     * expired once its TTL surpasses the current time outside of the given buffer. This is a public method so
+     * that other modules may check the validity of their tokens.
+     *
+     * @param {TokenInfo} tokenInfo the token info to be written
+     * @param {int} [bufferMS] An optional buffer we'd like to test against. The greater this buffer, the more aggressively
+     * we'll call a token invalid.
+     * @returns {boolean} True if token is valid outside of buffer, otherwise false
+     */
+    isAccessTokenValid(tokenInfo, bufferMS) {
+        if (typeof tokenInfo.acquiredAtMS === 'undefined' ||
+            typeof tokenInfo.accessTokenTTLMS === 'undefined') {
+            return false;
+        }
+        bufferMS = bufferMS || 0;
+        var expireTime = tokenInfo.acquiredAtMS + tokenInfo.accessTokenTTLMS - bufferMS;
+        return expireTime > Date.now();
+    }
+    /**
+     * Acquires OAuth2 tokens using a grant type (authorization_code, password, refresh_token)
+     *
+     * @param {Object} formParams - should contain all params expected by Box OAuth2 token endpoint
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant, null for default behavior
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     * @private
+     */
+    getTokens(formParams, options) {
+        var params = {
+            method: 'POST',
+            url: this.oauthBaseURL + tokenPaths.GET,
+            headers: {},
+            form: formParams,
+        };
+        options = options || {};
+        // add in app-specific id and secret to auth with Box
+        params.form.client_id = this.config.clientID;
+        params.form.client_secret = this.config.clientSecret;
+        if (options.ip) {
+            params.headers[HEADER_XFF] = options.ip;
+        }
+        return this.requestManager
+            .makeRequest(params)
+            .then((response /* FIXME */) => {
+            // Response Error: The API is telling us that we attempted an invalid token grant. This
+            // means that our refresh token or auth code has exipred, so propagate an "Expired Tokens"
+            // error.
+            if (response.body &&
+                response.body.error &&
+                response.body.error === 'invalid_grant') {
+                var errDescription = response.body.error_description;
+                var message = errDescription
+                    ? `Auth Error: ${errDescription}`
+                    : undefined;
+                throw errors_1.default.buildAuthError(response, message);
+            }
+            // Unexpected Response: If the token request couldn't get a valid response, then we're
+            // out of options. Build an "Unexpected Response" error and propagate it out for the
+            // consumer to handle.
+            if (response.statusCode !== http_status_1.default.OK ||
+                response.body instanceof Buffer) {
+                throw errors_1.default.buildUnexpectedResponseError(response);
+            }
+            // Check to see if token response is valid in case the API returns us a 200 with a malformed token
+            if (!isValidTokenResponse(formParams.grant_type, response.body)) {
+                throw errors_1.default.buildResponseError(response, 'Token format from response invalid');
+            }
+            // Got valid token response. Parse out the TokenInfo and propagate it back.
+            return getTokensFromGrantResponse(response.body);
+        });
+    }
+    /**
+     * Acquires token info using an authorization code
+     *
+     * @param {string} authorizationCode - authorization code issued by Box
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensAuthorizationCodeGrant(authorizationCode, options) {
+        if (!isValidCodeOrToken(authorizationCode)) {
+            return bluebird_1.default.reject(new Error('Invalid authorization code.'));
+        }
+        var params = {
+            grant_type: grantTypes.AUTHORIZATION_CODE,
+            code: authorizationCode,
+        };
+        return this.getTokens(params, options);
+    }
+    /**
+     * Acquires token info using the client credentials grant.
+     *
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensClientCredentialsGrant(options) {
+        var params = {
+            grant_type: grantTypes.CLIENT_CREDENTIALS,
+            box_subject_type: this.config.boxSubjectType,
+            box_subject_id: this.config.boxSubjectId,
+        };
+        return this.getTokens(params, options);
+    }
+    /**
+     * Refreshes the access and refresh tokens for a given refresh token.
+     *
+     * @param {string} refreshToken - A valid OAuth refresh token
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensRefreshGrant(refreshToken, options) {
+        if (!isValidCodeOrToken(refreshToken)) {
+            return bluebird_1.default.reject(new Error('Invalid refresh token.'));
+        }
+        var params = {
+            grant_type: grantTypes.REFRESH_TOKEN,
+            refresh_token: refreshToken,
+        };
+        return this.getTokens(params, options);
+    }
+    /**
+     * Gets tokens for enterprise administration of app users
+     * @param {string} type The type of token to create, "user" or "enterprise"
+     * @param {string} id The ID of the enterprise to generate a token for
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensJWTGrant(type, id, options) {
+        if (!this.config.appAuth || !this.config.appAuth.keyID) {
+            return bluebird_1.default.reject(new Error('Must provide app auth configuration to use JWT Grant'));
+        }
+        var claims = {
+            exp: Math.floor(Date.now() / 1000) + this.config.appAuth.expirationTime,
+            box_sub_type: type,
+        };
+        var jwtOptions = {
+            algorithm: this.config.appAuth.algorithm,
+            audience: BOX_JWT_AUDIENCE,
+            subject: id,
+            issuer: this.config.clientID,
+            jwtid: (0, uuid_1.v4)(),
+            noTimestamp: !this.config.appAuth.verifyTimestamp,
+            keyid: this.config.appAuth.keyID,
+        };
+        var keyParams = {
+            key: this.config.appAuth.privateKey,
+            passphrase: this.config.appAuth.passphrase,
+        };
+        var assertion;
+        try {
+            assertion = jsonwebtoken_1.default.sign(claims, keyParams, jwtOptions);
+        }
+        catch (jwtErr) {
+            return bluebird_1.default.reject(jwtErr);
+        }
+        var params = {
+            grant_type: grantTypes.JWT,
+            assertion,
+        };
+        // Start the request timer immediately before executing the async request
+        asyncRequestTimer = process.hrtime();
+        return this.getTokens(params, options).catch((err) => this.retryJWTGrant(claims, jwtOptions, keyParams, params, options, err, 0));
+    }
+    /**
+     * Attempt a retry if possible and create a new JTI claim. If the request hasn't exceeded it's maximum number of retries,
+     * re-execute the request (after the retry interval). Otherwise, propagate a new error.
+     *
+     * @param {Object} claims - JTI claims object
+     * @param {Object} [jwtOptions] - JWT options for the signature
+     * @param {Object} keyParams - Key JWT parameters object that contains the private key and the passphrase
+     * @param {Object} params - Should contain all params expected by Box OAuth2 token endpoint
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @param {Error} error - Error from the previous JWT request
+     * @param {int} numRetries - Number of retries attempted
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    // eslint-disable-next-line max-params
+    retryJWTGrant(claims /* FIXME */, jwtOptions /* FIXME */, keyParams /* FIXME */, params /* FIXME */, options, error /* FIXME */, numRetries) {
+        if (numRetries < this.config.numMaxRetries &&
+            isJWTAuthErrorRetryable(error)) {
+            var retryTimeoutinSeconds;
+            numRetries += 1;
+            // If the retry strategy is defined, then use it to determine the time (in ms) until the next retry or to
+            // propagate an error to the user.
+            if (this.config.retryStrategy) {
+                // Get the total elapsed time so far since the request was executed
+                var totalElapsedTime = process.hrtime(asyncRequestTimer);
+                var totalElapsedTimeMS = totalElapsedTime[0] * 1000 + totalElapsedTime[1] / 1000000;
+                var retryOptions = {
+                    error,
+                    numRetryAttempts: numRetries,
+                    numMaxRetries: this.config.numMaxRetries,
+                    retryIntervalMS: this.config.retryIntervalMS,
+                    totalElapsedTimeMS,
+                };
+                retryTimeoutinSeconds = this.config.retryStrategy(retryOptions);
+                // If the retry strategy doesn't return a number/time in ms, then propagate the response error to the user.
+                // However, if the retry strategy returns its own error, this will be propagated to the user instead.
+                if (typeof retryTimeoutinSeconds !== 'number') {
+                    if (retryTimeoutinSeconds instanceof Error) {
+                        error = retryTimeoutinSeconds;
+                    }
+                    throw error;
+                }
+            }
+            else if (error.hasOwnProperty('response') &&
+                error.response.hasOwnProperty('headers') &&
+                error.response.headers.hasOwnProperty('retry-after')) {
+                retryTimeoutinSeconds = error.response.headers['retry-after'];
+            }
+            else {
+                retryTimeoutinSeconds = Math.ceil((0, exponential_backoff_1.default)(numRetries, this.config.retryIntervalMS) / 1000);
+            }
+            var time = Math.floor(Date.now() / 1000);
+            if (error.response.headers.date) {
+                time = Math.floor(Date.parse(error.response.headers.date) / 1000);
+            }
+            // Add length of retry timeout to current expiration time to calculate the expiration time for the JTI claim.
+            claims.exp = Math.ceil(time + this.config.appAuth.expirationTime + retryTimeoutinSeconds);
+            jwtOptions.jwtid = (0, uuid_1.v4)();
+            try {
+                params.assertion = jsonwebtoken_1.default.sign(claims, keyParams, jwtOptions);
+            }
+            catch (jwtErr) {
+                throw jwtErr;
+            }
+            return bluebird_1.default.delay(retryTimeoutinSeconds).then(() => {
+                // Start the request timer immediately before executing the async request
+                asyncRequestTimer = process.hrtime();
+                return this.getTokens(params, options).catch((err) => this.retryJWTGrant(claims, jwtOptions, keyParams, params, options, err, numRetries));
+            });
+        }
+        else if (numRetries >= this.config.numMaxRetries) {
+            error.maxRetriesExceeded = true;
+        }
+        throw error;
+    }
+    /**
+     * Exchange a valid access token for one with a lower scope, or delegated to
+     * an external user identifier.
+     *
+     * @param {string} accessToken - The valid access token to exchange
+     * @param {string|string[]} scopes - The scope(s) of the new access token
+     * @param {string} [resource] - The absolute URL of an API resource to restrict the new token to
+     * @param {Object} [options] - Optional parameters
+     * @param {TokenRequestOptions} [options.tokenRequestOptions] - Sets optional behavior for the token grant
+     * @param {ActorParams} [options.actor] - Optional actor parameters for creating annotator tokens
+     * @param {SharedLinkParams} [options.sharedLink] - Optional shared link parameters for creating tokens using shared links
+     * @returns {Promise<TokenInfo>} Promise resolving to the new token info
+     */
+    exchangeToken(accessToken, scopes, resource, options) {
+        var params = {
+            grant_type: grantTypes.TOKEN_EXCHANGE,
+            subject_token_type: ACCESS_TOKEN_TYPE,
+            subject_token: accessToken,
+            scope: typeof scopes === 'string' ? scopes : scopes.join(' '),
+        };
+        if (resource) {
+            params.resource = resource;
+        }
+        if (options && options.sharedLink) {
+            params.box_shared_link = options.sharedLink.url;
+        }
+        if (options && options.actor) {
+            var payload = {
+                iss: this.config.clientID,
+                sub: options.actor.id,
+                aud: BOX_JWT_AUDIENCE,
+                box_sub_type: 'external',
+                name: options.actor.name,
+            };
+            var jwtOptions = {
+                algorithm: 'none',
+                expiresIn: '1m',
+                noTimestamp: true,
+                jwtid: (0, uuid_1.v4)(),
+            };
+            var token;
+            try {
+                token = jsonwebtoken_1.default.sign(payload, 'UNUSED', jwtOptions /* FIXME */);
+            }
+            catch (jwtError) {
+                return bluebird_1.default.reject(jwtError);
+            }
+            params.actor_token = token;
+            params.actor_token_type = ACTOR_TOKEN_TYPE;
+        }
+        return this.getTokens(params, options && options.tokenRequestOptions
+            ? options.tokenRequestOptions
+            : null);
+    }
+    /**
+     * Revokes a token pair associated with a given access or refresh token.
+     *
+     * @param {string} token - A valid access or refresh token to revoke
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise} Promise resolving if the revoke succeeds
+     */
+    revokeTokens(token, options) {
+        var params = {
+            method: 'POST',
+            url: this.oauthBaseURL + tokenPaths.REVOKE,
+            form: {
+                token,
+                client_id: this.config.clientID,
+                client_secret: this.config.clientSecret,
+            },
+        };
+        if (options && options.ip) {
+            params.headers = {};
+            params.headers[HEADER_XFF] = options.ip;
+        }
+        return this.requestManager.makeRequest(params);
+    }
+}
+module.exports = TokenManager;
+//# sourceMappingURL=token-manager.js.map

package/lib-esm/token-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;AAEH,iFAAiF;AACjF,eAAe;AACf,iFAAiF;AAEjF,wDAA+B;AAC/B,8DAA0C;AAC1C,gEAA+B;AAC/B,+BAAoC;AAEpC,2DAAmC;AACnC,qFAAyD;AA8DzD;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,GAAQ,CAAC,WAAW;IACnD,IACE,GAAG,CAAC,WAAW;QACf,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI;QACzB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACtD,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAC1D,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,iFAAiF;AACjF,YAAY;AACZ,iFAAiF;AAEjF;;;;;GAKG;AACH,IAAI,UAAU,GAAG;IACf,kBAAkB,EAAE,oBAAoB;IACxC,aAAa,EAAE,eAAe;IAC9B,kBAAkB,EAAE,oBAAoB;IACxC,GAAG,EAAE,6CAA6C;IAClD,cAAc,EAAE,iDAAiD;CAClE,CAAC;AAEF;;;;;GAKG;AACH,IAAK,UAIJ;AAJD,WAAK,UAAU;IACb,8BAAgB,CAAA;IAChB,4BAAc,CAAA;IACd,gCAAkB,CAAA;AACpB,CAAC,EAJI,UAAU,KAAV,UAAU,QAId;AAED,mHAAmH;AACnH,IAAI,iBAAsB,CAAC,WAAW,CAAC;AAEvC,kGAAkG;AAClG,MAAM,UAAU,GAAG,iBAAiB,CAAC;AACrC,MAAM,iBAAiB,GAAG,+CAA+C,CAAC;AAC1E,MAAM,gBAAgB,GAAG,2CAA2C,CAAC;AACrE,MAAM,gBAAgB,GAAG,kCAAkC,CAAC;AAE5D,iFAAiF;AACjF,UAAU;AACV,iFAAiF;AAEjF;;;;;;GAMG;AACH,SAAS,0BAA0B,CACjC,iBAAsC,CAAC,WAAW;IAElD,OAAO;QACL,mDAAmD;QACnD,WAAW,EAAE,iBAAiB,CAAC,YAAY;QAC3C,YAAY,EAAE,iBAAiB,CAAC,aAAa;QAC7C,uGAAuG;QACvG,gBAAgB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,UAAU,EAAE,EAAE,CAAC,GAAG,IAAI;QACnE,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;KACzB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,kBAAkB,CAAC,WAAmB;IAC7C,OAAO,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;AACnE,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,oBAAoB,CAC3B,SAAiB,EACjB,YAAiC,CAAC,WAAW;IAE7C,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,YAAY,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,sDAAsD;IACtD,IAAI,SAAS,KAAK,oBAAoB,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;QACxE,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC;YACpD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iFAAiF;AACjF,SAAS;AACT,iFAAiF;AAEjF;;;;;;GAMG;AACH,MAAM,YAAY;IAKhB,YAAY,MAAc,EAAE,cAAiC;QAC3D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC;QACxD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;IAED;;;;;;;;;OASG;IACH,kBAAkB,CAAC,SAAoB,EAAE,QAAiB;QACxD,IACE,OAAO,SAAS,CAAC,YAAY,KAAK,WAAW;YAC7C,OAAO,SAAS,CAAC,gBAAgB,KAAK,WAAW,EACjD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,QAAQ,GAAG,QAAQ,IAAI,CAAC,CAAC;QACzB,IAAI,UAAU,GACZ,SAAS,CAAC,YAAY,GAAG,SAAS,CAAC,gBAAgB,GAAG,QAAQ,CAAC;QACjE,OAAO,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACH,SAAS,CACP,UAA+B,EAC/B,OAAoC;QAEpC,IAAI,MAAM,GAAG;YACX,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,GAAG;YACvC,OAAO,EAAE,EAAyB;YAClC,IAAI,EAAE,UAAU;SACjB,CAAC;QACF,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;QAExB,qDAAqD;QACrD,MAAM,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;QAErD,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,EAAE,CAAC;QAC1C,CAAC;QAED,OAAO,IAAI,CAAC,cAAc;aACvB,WAAW,CAAC,MAAM,CAAC;aACnB,IAAI,CAAC,CAAC,QAAa,CAAC,WAAW,EAAE,EAAE;YAClC,uFAAuF;YACvF,0FAA0F;YAC1F,SAAS;YACT,IACE,QAAQ,CAAC,IAAI;gBACb,QAAQ,CAAC,IAAI,CAAC,KAAK;gBACnB,QAAQ,CAAC,IAAI,CAAC,KAAK,KAAK,eAAe,EACvC,CAAC;gBACD,IAAI,cAAc,GAAG,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC;gBACrD,IAAI,OAAO,GAAG,cAAc;oBAC1B,CAAC,CAAC,eAAe,cAAc,EAAE;oBACjC,CAAC,CAAC,SAAS,CAAC;gBACd,MAAM,gBAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACjD,CAAC;YAED,sFAAsF;YACtF,oFAAoF;YACpF,sBAAsB;YACtB,IACE,QAAQ,CAAC,UAAU,KAAK,qBAAe,CAAC,EAAE;gBAC1C,QAAQ,CAAC,IAAI,YAAY,MAAM,EAC/B,CAAC;gBACD,MAAM,gBAAM,CAAC,4BAA4B,CAAC,QAAQ,CAAC,CAAC;YACtD,CAAC;YAED,kGAAkG;YAClG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChE,MAAM,gBAAM,CAAC,kBAAkB,CAC7B,QAAQ,EACR,oCAAoC,CACrC,CAAC;YACJ,CAAC;YAED,2EAA2E;YAC3E,OAAO,0BAA0B,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;;;;;OAMG;IACH,+BAA+B,CAC7B,iBAAyB,EACzB,OAA6B;QAE7B,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAC3C,OAAO,kBAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,MAAM,GAAG;YACX,UAAU,EAAE,UAAU,CAAC,kBAAkB;YACzC,IAAI,EAAE,iBAAiB;SACxB,CAAC;QAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;;;OAKG;IACH,+BAA+B,CAAC,OAA6B;QAC3D,IAAI,MAAM,GAAG;YACX,UAAU,EAAE,UAAU,CAAC,kBAAkB;YACzC,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;YAC5C,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACzC,CAAC;QACF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;;;;OAMG;IACH,qBAAqB,CAAC,YAAoB,EAAE,OAA6B;QACvE,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;YACtC,OAAO,kBAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,MAAM,GAAG;YACX,UAAU,EAAE,UAAU,CAAC,aAAa;YACpC,aAAa,EAAE,YAAY;SAC5B,CAAC;QAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;;;;OAMG;IACH,iBAAiB,CAAC,IAAY,EAAE,EAAU,EAAE,OAA6B;QACvE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACvD,OAAO,kBAAO,CAAC,MAAM,CACnB,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAClE,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,GAAG;YACX,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc;YACvE,YAAY,EAAE,IAAI;SACnB,CAAC;QACF,IAAI,UAAU,GAAG;YACf,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS;YACxC,QAAQ,EAAE,gBAAgB;YAC1B,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC5B,KAAK,EAAE,IAAA,SAAM,GAAE;YACf,WAAW,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe;YACjD,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK;SACjC,CAAC;QACF,IAAI,SAAS,GAAG;YACd,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU;YACnC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU;SAC3C,CAAC;QAEF,IAAI,SAAS,CAAC;QACd,IAAI,CAAC;YACH,SAAS,GAAG,sBAAG,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,OAAO,kBAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,MAAM,GAAG;YACX,UAAU,EAAE,UAAU,CAAC,GAAG;YAC1B,SAAS;SACV,CAAC;QACF,yEAAyE;QACzE,iBAAiB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CACnD,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAC3E,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,sCAAsC;IACtC,aAAa,CACX,MAAW,CAAC,WAAW,EACvB,UAAe,CAAC,WAAW,EAC3B,SAAc,CAAC,WAAW,EAC1B,MAAW,CAAC,WAAW,EACvB,OAAwC,EACxC,KAAU,CAAC,WAAW,EACtB,UAAkB;QAElB,IACE,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa;YACtC,uBAAuB,CAAC,KAAK,CAAC,EAC9B,CAAC;YACD,IAAI,qBAAqB,CAAC;YAC1B,UAAU,IAAI,CAAC,CAAC;YAChB,yGAAyG;YACzG,kCAAkC;YAClC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAC9B,mEAAmE;gBACnE,IAAI,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;gBACzD,IAAI,kBAAkB,GACpB,gBAAgB,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC;gBAC7D,IAAI,YAAY,GAAG;oBACjB,KAAK;oBACL,gBAAgB,EAAE,UAAU;oBAC5B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa;oBACxC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe;oBAC5C,kBAAkB;iBACnB,CAAC;gBAEF,qBAAqB,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBAEhE,2GAA2G;gBAC3G,qGAAqG;gBACrG,IAAI,OAAO,qBAAqB,KAAK,QAAQ,EAAE,CAAC;oBAC9C,IAAI,qBAAqB,YAAY,KAAK,EAAE,CAAC;wBAC3C,KAAK,GAAG,qBAAqB,CAAC;oBAChC,CAAC;oBACD,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;iBAAM,IACL,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC;gBAChC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC;gBACxC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,EACpD,CAAC;gBACD,qBAAqB,GAAG,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAChE,CAAC;iBAAM,CAAC;gBACN,qBAAqB,GAAG,IAAI,CAAC,IAAI,CAC/B,IAAA,6BAAe,EAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,IAAI,CAChE,CAAC;YACJ,CAAC;YAED,IAAI,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YACzC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAChC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YACpE,CAAC;YACD,6GAA6G;YAC7G,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CACpB,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,GAAG,qBAAqB,CAClE,CAAC;YACF,UAAU,CAAC,KAAK,GAAG,IAAA,SAAM,GAAE,CAAC;YAE5B,IAAI,CAAC;gBACH,MAAM,CAAC,SAAS,GAAG,sBAAG,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAC7D,CAAC;YAAC,OAAO,MAAM,EAAE,CAAC;gBAChB,MAAM,MAAM,CAAC;YACf,CAAC;YAED,OAAO,kBAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,yEAAyE;gBACzE,iBAAiB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;gBACrC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CACnD,IAAI,CAAC,aAAa,CAChB,MAAM,EACN,UAAU,EACV,SAAS,EACT,MAAM,EACN,OAAO,EACP,GAAG,EACH,UAAU,CACX,CACF,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YACnD,KAAK,CAAC,kBAAkB,GAAG,IAAI,CAAC;QAClC,CAAC;QAED,MAAM,KAAK,CAAC;IACd,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,aAAa,CACX,WAAmB,EACnB,MAAyB,EACzB,QAAiB,EACjB,OAIC;QAED,IAAI,MAAM,GASN;YACF,UAAU,EAAE,UAAU,CAAC,cAAc;YACrC,kBAAkB,EAAE,iBAAiB;YACrC,aAAa,EAAE,WAAW;YAC1B,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SAC9D,CAAC;QAEF,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,CAAC;QAED,IAAI,OAAO,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YAClC,MAAM,CAAC,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QAClD,CAAC;QAED,IAAI,OAAO,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAC7B,IAAI,OAAO,GAAG;gBACZ,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBACzB,GAAG,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;gBACrB,GAAG,EAAE,gBAAgB;gBACrB,YAAY,EAAE,UAAU;gBACxB,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;aACzB,CAAC;YAEF,IAAI,UAAU,GAAG;gBACf,SAAS,EAAE,MAAM;gBACjB,SAAS,EAAE,IAAI;gBACf,WAAW,EAAE,IAAI;gBACjB,KAAK,EAAE,IAAA,SAAM,GAAE;aAChB,CAAC;YAEF,IAAI,KAAK,CAAC;YACV,IAAI,CAAC;gBACH,KAAK,GAAG,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAiB,CAAC,WAAW,CAAC,CAAC;YACrE,CAAC;YAAC,OAAO,QAAQ,EAAE,CAAC;gBAClB,OAAO,kBAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClC,CAAC;YAED,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC;YAC3B,MAAM,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QAC7C,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CACnB,MAAM,EACN,OAAO,IAAI,OAAO,CAAC,mBAAmB;YACpC,CAAC,CAAC,OAAO,CAAC,mBAAmB;YAC7B,CAAC,CAAC,IAAI,CACT,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,YAAY,CAAC,KAAa,EAAE,OAA6B;QACvD,IAAI,MAAM,GAKN;YACF,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,MAAM;YAC1C,IAAI,EAAE;gBACJ,KAAK;gBACL,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;aACxC;SACF,CAAC;QAEF,IAAI,OAAO,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;YAC1B,MAAM,CAAC,OAAO,GAAG,EAAE,CAAC;YACpB,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,EAAE,CAAC;QAC1C,CAAC;QAED,OAAO,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACjD,CAAC;CACF;AAOD,iBAAS,YAAY,CAAC"}