npm - box-node-sdk - Versions diffs - 3.8.1 → 3.8.2 - Mend

box-node-sdk 3.8.1 → 3.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (358) hide show

package/lib-esm/token-manager.d.ts ADDED Viewed

@@ -0,0 +1,191 @@
+/**
+ * @fileoverview Token Manager
+ */
+import Promise from 'bluebird';
+import APIRequestManager from './api-request-manager';
+type Config = Record<string, any>;
+/**
+ * Token request options. Set by the consumer to add/modify the params sent to the
+ * request.
+ *
+ * @typedef {Object} TokenRequestOptions
+ * @property {string} [ip] The IP Address of the requesting user. This IP will be reflected in authentication
+ *                         notification emails sent to your users on login. Defaults to the IP address of the
+ *                         server requesting the tokens.
+ */
+type TokenRequestOptions = {
+    ip?: string;
+};
+/**
+ * Parameters for creating a token using a Box shared link via token exchange
+ * @typedef {Object} SharedLinkParams
+ * @property {string} url Shared link URL
+ */
+type SharedLinkParams = {
+    url: string;
+};
+/**
+ * Parameters for creating an actor token via token exchange
+ * @typedef {Object} ActorParams
+ * @property {string} id The external identifier for the actor
+ * @property {string} name The display name of the actor
+ */
+type ActorParams = {
+    id: string;
+    name: string;
+};
+/**
+ * An object representing all token information for a single Box user.
+ *
+ * @typedef {Object} TokenInfo
+ * @property {string} accessToken    The API access token. Used to authenticate API requests to a certain
+ *                                   user and/or application.
+ * @property {int} acquiredAtMS      The time that the tokens were acquired.
+ * @property {int} accessTokenTTLMS  The TTL of the access token. Can be used with acquiredAtMS to
+ *                                   calculate if the current access token has expired.
+ * @property {string} [refreshToken] The API refresh token is a Longer-lasting than an access token, and can
+ *                                   be used to gain a new access token if the current access token becomes
+ *                                   expired. Grants like the 'client credentials' grant don't return a
+ *                                   refresh token, and have no refresh capabilities.
+ */
+type TokenInfo = {
+    accessToken: string;
+    acquiredAtMS: number;
+    accessTokenTTLMS: number;
+    refreshToken?: string;
+};
+/**
+ * Manager for API access abd refresh tokens
+ *
+ * @param {Config} config The config object
+ * @param {APIRequestManager} requestManager The API Request Manager
+ * @constructor
+ */
+declare class TokenManager {
+    config: Config;
+    requestManager: APIRequestManager;
+    oauthBaseURL: string;
+    constructor(config: Config, requestManager: APIRequestManager);
+    /**
+     * Given a TokenInfo object, returns whether its access token is expired. An access token is considered
+     * expired once its TTL surpasses the current time outside of the given buffer. This is a public method so
+     * that other modules may check the validity of their tokens.
+     *
+     * @param {TokenInfo} tokenInfo the token info to be written
+     * @param {int} [bufferMS] An optional buffer we'd like to test against. The greater this buffer, the more aggressively
+     * we'll call a token invalid.
+     * @returns {boolean} True if token is valid outside of buffer, otherwise false
+     */
+    isAccessTokenValid(tokenInfo: TokenInfo, bufferMS?: number): boolean;
+    /**
+     * Acquires OAuth2 tokens using a grant type (authorization_code, password, refresh_token)
+     *
+     * @param {Object} formParams - should contain all params expected by Box OAuth2 token endpoint
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant, null for default behavior
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     * @private
+     */
+    getTokens(formParams: Record<string, any>, options?: TokenRequestOptions | null): Promise<{
+        accessToken: any;
+        refreshToken: any;
+        accessTokenTTLMS: number;
+        acquiredAtMS: number;
+    }>;
+    /**
+     * Acquires token info using an authorization code
+     *
+     * @param {string} authorizationCode - authorization code issued by Box
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensAuthorizationCodeGrant(authorizationCode: string, options?: TokenRequestOptions): Promise<{
+        accessToken: any;
+        refreshToken: any;
+        accessTokenTTLMS: number;
+        acquiredAtMS: number;
+    }>;
+    /**
+     * Acquires token info using the client credentials grant.
+     *
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensClientCredentialsGrant(options?: TokenRequestOptions): Promise<{
+        accessToken: any;
+        refreshToken: any;
+        accessTokenTTLMS: number;
+        acquiredAtMS: number;
+    }>;
+    /**
+     * Refreshes the access and refresh tokens for a given refresh token.
+     *
+     * @param {string} refreshToken - A valid OAuth refresh token
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensRefreshGrant(refreshToken: string, options?: TokenRequestOptions): Promise<{
+        accessToken: any;
+        refreshToken: any;
+        accessTokenTTLMS: number;
+        acquiredAtMS: number;
+    }>;
+    /**
+     * Gets tokens for enterprise administration of app users
+     * @param {string} type The type of token to create, "user" or "enterprise"
+     * @param {string} id The ID of the enterprise to generate a token for
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensJWTGrant(type: string, id: string, options?: TokenRequestOptions): Promise<any>;
+    /**
+     * Attempt a retry if possible and create a new JTI claim. If the request hasn't exceeded it's maximum number of retries,
+     * re-execute the request (after the retry interval). Otherwise, propagate a new error.
+     *
+     * @param {Object} claims - JTI claims object
+     * @param {Object} [jwtOptions] - JWT options for the signature
+     * @param {Object} keyParams - Key JWT parameters object that contains the private key and the passphrase
+     * @param {Object} params - Should contain all params expected by Box OAuth2 token endpoint
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @param {Error} error - Error from the previous JWT request
+     * @param {int} numRetries - Number of retries attempted
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    retryJWTGrant(claims: any, jwtOptions: any, keyParams: any, params: any, options: TokenRequestOptions | undefined, error: any, numRetries: number): any;
+    /**
+     * Exchange a valid access token for one with a lower scope, or delegated to
+     * an external user identifier.
+     *
+     * @param {string} accessToken - The valid access token to exchange
+     * @param {string|string[]} scopes - The scope(s) of the new access token
+     * @param {string} [resource] - The absolute URL of an API resource to restrict the new token to
+     * @param {Object} [options] - Optional parameters
+     * @param {TokenRequestOptions} [options.tokenRequestOptions] - Sets optional behavior for the token grant
+     * @param {ActorParams} [options.actor] - Optional actor parameters for creating annotator tokens
+     * @param {SharedLinkParams} [options.sharedLink] - Optional shared link parameters for creating tokens using shared links
+     * @returns {Promise<TokenInfo>} Promise resolving to the new token info
+     */
+    exchangeToken(accessToken: string, scopes: string | string[], resource?: string, options?: {
+        tokenRequestOptions?: TokenRequestOptions;
+        actor?: ActorParams;
+        sharedLink?: SharedLinkParams;
+    }): Promise<{
+        accessToken: any;
+        refreshToken: any;
+        accessTokenTTLMS: number;
+        acquiredAtMS: number;
+    }>;
+    /**
+     * Revokes a token pair associated with a given access or refresh token.
+     *
+     * @param {string} token - A valid access or refresh token to revoke
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise} Promise resolving if the revoke succeeds
+     */
+    revokeTokens(token: string, options?: TokenRequestOptions): Promise<unknown>;
+}
+/**
+ * Provides interactions with Box OAuth2 tokening system.
+ *
+ * @module box-node-sdk/lib/token-manager
+ */
+export = TokenManager;

package/lib-esm/token-manager.js ADDED Viewed

@@ -0,0 +1,453 @@
+"use strict";
+/**
+ * @fileoverview Token Manager
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+// ------------------------------------------------------------------------------
+// Requirements
+// ------------------------------------------------------------------------------
+const bluebird_1 = __importDefault(require("bluebird"));
+const http_status_1 = __importDefault(require("http-status"));
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const uuid_1 = require("uuid");
+const errors_1 = __importDefault(require("./util/errors"));
+const exponential_backoff_1 = __importDefault(require("./util/exponential-backoff"));
+/**
+ *	Determines whether a JWT auth error can be retried
+ * @param {Error} err The JWT auth error
+ * @returns {boolean} True if the error is retryable
+ */
+function isJWTAuthErrorRetryable(err /* FIXME */) {
+    if (err.authExpired &&
+        err.response.headers.date &&
+        (err.response.body.error_description.indexOf('exp') > -1 ||
+            err.response.body.error_description.indexOf('jti') > -1)) {
+        return true;
+    }
+    else if (err.statusCode === 429 || err.statusCode >= 500) {
+        return true;
+    }
+    return false;
+}
+// ------------------------------------------------------------------------------
+// Constants
+// ------------------------------------------------------------------------------
+/**
+ * Collection of grant types that can be used to acquire tokens via OAuth2
+ *
+ * @readonly
+ * @enum {string}
+ */
+var grantTypes = {
+    AUTHORIZATION_CODE: 'authorization_code',
+    REFRESH_TOKEN: 'refresh_token',
+    CLIENT_CREDENTIALS: 'client_credentials',
+    JWT: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
+    TOKEN_EXCHANGE: 'urn:ietf:params:oauth:grant-type:token-exchange',
+};
+/**
+ * Collection of paths to interact with Box OAuth2 tokening system
+ *
+ * @readonly
+ * @enum {string}
+ */
+var tokenPaths;
+(function (tokenPaths) {
+    tokenPaths["ROOT"] = "/oauth2";
+    tokenPaths["GET"] = "/token";
+    tokenPaths["REVOKE"] = "/revoke";
+})(tokenPaths || (tokenPaths = {}));
+// Timer used to track elapsed time starting with executing an async request and ending with emitting the response.
+var asyncRequestTimer /* FIXME */;
+// The XFF header label - Used to give the API better information for uploads, rate-limiting, etc.
+const HEADER_XFF = 'X-Forwarded-For';
+const ACCESS_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:access_token';
+const ACTOR_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:id_token';
+const BOX_JWT_AUDIENCE = 'https://api.box.com/oauth2/token';
+// ------------------------------------------------------------------------------
+// Private
+// ------------------------------------------------------------------------------
+/**
+ * Parse the response body to create a new TokenInfo object.
+ *
+ * @param {Object} grantResponseBody - (Request lib) response body containing granted token info from API
+ * @returns {TokenInfo} A TokenInfo object.
+ * @private
+ */
+function getTokensFromGrantResponse(grantResponseBody /* FIXME */) {
+    return {
+        // Set the access token & refresh token (if passed)
+        accessToken: grantResponseBody.access_token,
+        refreshToken: grantResponseBody.refresh_token,
+        // Box API sends back expires_in in seconds, we convert to ms for consistency of keeping all time in ms
+        accessTokenTTLMS: parseInt(grantResponseBody.expires_in, 10) * 1000,
+        acquiredAtMS: Date.now(),
+    };
+}
+/**
+ * Determines if a given string could represent an authorization code or token.
+ *
+ * @param {string} codeOrToken The code or token to check.
+ * @returns {boolean} True if codeOrToken is valid, false if not.
+ * @private
+ */
+function isValidCodeOrToken(codeOrToken) {
+    return typeof codeOrToken === 'string' && codeOrToken.length > 0;
+}
+/**
+ * Determines if a token grant response is valid
+ *
+ * @param {string} grantType the type of token grant
+ * @param {Object} responseBody the body of the response to check
+ * @returns {boolean} True if response body has expected fields, false if not.
+ * @private
+ */
+function isValidTokenResponse(grantType, responseBody /* FIXME */) {
+    if (!isValidCodeOrToken(responseBody.access_token)) {
+        return false;
+    }
+    if (typeof responseBody.expires_in !== 'number') {
+        return false;
+    }
+    // Check the refresh_token for certain types of grants
+    if (grantType === 'authorization_code' || grantType === 'refresh_token') {
+        if (!isValidCodeOrToken(responseBody.refresh_token)) {
+            return false;
+        }
+    }
+    return true;
+}
+// ------------------------------------------------------------------------------
+// Public
+// ------------------------------------------------------------------------------
+/**
+ * Manager for API access abd refresh tokens
+ *
+ * @param {Config} config The config object
+ * @param {APIRequestManager} requestManager The API Request Manager
+ * @constructor
+ */
+class TokenManager {
+    constructor(config, requestManager) {
+        this.config = config;
+        this.oauthBaseURL = config.apiRootURL + tokenPaths.ROOT;
+        this.requestManager = requestManager;
+    }
+    /**
+     * Given a TokenInfo object, returns whether its access token is expired. An access token is considered
+     * expired once its TTL surpasses the current time outside of the given buffer. This is a public method so
+     * that other modules may check the validity of their tokens.
+     *
+     * @param {TokenInfo} tokenInfo the token info to be written
+     * @param {int} [bufferMS] An optional buffer we'd like to test against. The greater this buffer, the more aggressively
+     * we'll call a token invalid.
+     * @returns {boolean} True if token is valid outside of buffer, otherwise false
+     */
+    isAccessTokenValid(tokenInfo, bufferMS) {
+        if (typeof tokenInfo.acquiredAtMS === 'undefined' ||
+            typeof tokenInfo.accessTokenTTLMS === 'undefined') {
+            return false;
+        }
+        bufferMS = bufferMS || 0;
+        var expireTime = tokenInfo.acquiredAtMS + tokenInfo.accessTokenTTLMS - bufferMS;
+        return expireTime > Date.now();
+    }
+    /**
+     * Acquires OAuth2 tokens using a grant type (authorization_code, password, refresh_token)
+     *
+     * @param {Object} formParams - should contain all params expected by Box OAuth2 token endpoint
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant, null for default behavior
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     * @private
+     */
+    getTokens(formParams, options) {
+        var params = {
+            method: 'POST',
+            url: this.oauthBaseURL + tokenPaths.GET,
+            headers: {},
+            form: formParams,
+        };
+        options = options || {};
+        // add in app-specific id and secret to auth with Box
+        params.form.client_id = this.config.clientID;
+        params.form.client_secret = this.config.clientSecret;
+        if (options.ip) {
+            params.headers[HEADER_XFF] = options.ip;
+        }
+        return this.requestManager
+            .makeRequest(params)
+            .then((response /* FIXME */) => {
+            // Response Error: The API is telling us that we attempted an invalid token grant. This
+            // means that our refresh token or auth code has exipred, so propagate an "Expired Tokens"
+            // error.
+            if (response.body &&
+                response.body.error &&
+                response.body.error === 'invalid_grant') {
+                var errDescription = response.body.error_description;
+                var message = errDescription
+                    ? `Auth Error: ${errDescription}`
+                    : undefined;
+                throw errors_1.default.buildAuthError(response, message);
+            }
+            // Unexpected Response: If the token request couldn't get a valid response, then we're
+            // out of options. Build an "Unexpected Response" error and propagate it out for the
+            // consumer to handle.
+            if (response.statusCode !== http_status_1.default.OK ||
+                response.body instanceof Buffer) {
+                throw errors_1.default.buildUnexpectedResponseError(response);
+            }
+            // Check to see if token response is valid in case the API returns us a 200 with a malformed token
+            if (!isValidTokenResponse(formParams.grant_type, response.body)) {
+                throw errors_1.default.buildResponseError(response, 'Token format from response invalid');
+            }
+            // Got valid token response. Parse out the TokenInfo and propagate it back.
+            return getTokensFromGrantResponse(response.body);
+        });
+    }
+    /**
+     * Acquires token info using an authorization code
+     *
+     * @param {string} authorizationCode - authorization code issued by Box
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensAuthorizationCodeGrant(authorizationCode, options) {
+        if (!isValidCodeOrToken(authorizationCode)) {
+            return bluebird_1.default.reject(new Error('Invalid authorization code.'));
+        }
+        var params = {
+            grant_type: grantTypes.AUTHORIZATION_CODE,
+            code: authorizationCode,
+        };
+        return this.getTokens(params, options);
+    }
+    /**
+     * Acquires token info using the client credentials grant.
+     *
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensClientCredentialsGrant(options) {
+        var params = {
+            grant_type: grantTypes.CLIENT_CREDENTIALS,
+            box_subject_type: this.config.boxSubjectType,
+            box_subject_id: this.config.boxSubjectId,
+        };
+        return this.getTokens(params, options);
+    }
+    /**
+     * Refreshes the access and refresh tokens for a given refresh token.
+     *
+     * @param {string} refreshToken - A valid OAuth refresh token
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensRefreshGrant(refreshToken, options) {
+        if (!isValidCodeOrToken(refreshToken)) {
+            return bluebird_1.default.reject(new Error('Invalid refresh token.'));
+        }
+        var params = {
+            grant_type: grantTypes.REFRESH_TOKEN,
+            refresh_token: refreshToken,
+        };
+        return this.getTokens(params, options);
+    }
+    /**
+     * Gets tokens for enterprise administration of app users
+     * @param {string} type The type of token to create, "user" or "enterprise"
+     * @param {string} id The ID of the enterprise to generate a token for
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    getTokensJWTGrant(type, id, options) {
+        if (!this.config.appAuth || !this.config.appAuth.keyID) {
+            return bluebird_1.default.reject(new Error('Must provide app auth configuration to use JWT Grant'));
+        }
+        var claims = {
+            exp: Math.floor(Date.now() / 1000) + this.config.appAuth.expirationTime,
+            box_sub_type: type,
+        };
+        var jwtOptions = {
+            algorithm: this.config.appAuth.algorithm,
+            audience: BOX_JWT_AUDIENCE,
+            subject: id,
+            issuer: this.config.clientID,
+            jwtid: (0, uuid_1.v4)(),
+            noTimestamp: !this.config.appAuth.verifyTimestamp,
+            keyid: this.config.appAuth.keyID,
+        };
+        var keyParams = {
+            key: this.config.appAuth.privateKey,
+            passphrase: this.config.appAuth.passphrase,
+        };
+        var assertion;
+        try {
+            assertion = jsonwebtoken_1.default.sign(claims, keyParams, jwtOptions);
+        }
+        catch (jwtErr) {
+            return bluebird_1.default.reject(jwtErr);
+        }
+        var params = {
+            grant_type: grantTypes.JWT,
+            assertion,
+        };
+        // Start the request timer immediately before executing the async request
+        asyncRequestTimer = process.hrtime();
+        return this.getTokens(params, options).catch((err) => this.retryJWTGrant(claims, jwtOptions, keyParams, params, options, err, 0));
+    }
+    /**
+     * Attempt a retry if possible and create a new JTI claim. If the request hasn't exceeded it's maximum number of retries,
+     * re-execute the request (after the retry interval). Otherwise, propagate a new error.
+     *
+     * @param {Object} claims - JTI claims object
+     * @param {Object} [jwtOptions] - JWT options for the signature
+     * @param {Object} keyParams - Key JWT parameters object that contains the private key and the passphrase
+     * @param {Object} params - Should contain all params expected by Box OAuth2 token endpoint
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @param {Error} error - Error from the previous JWT request
+     * @param {int} numRetries - Number of retries attempted
+     * @returns {Promise<TokenInfo>} Promise resolving to the token info
+     */
+    // eslint-disable-next-line max-params
+    retryJWTGrant(claims /* FIXME */, jwtOptions /* FIXME */, keyParams /* FIXME */, params /* FIXME */, options, error /* FIXME */, numRetries) {
+        if (numRetries < this.config.numMaxRetries &&
+            isJWTAuthErrorRetryable(error)) {
+            var retryTimeoutinSeconds;
+            numRetries += 1;
+            // If the retry strategy is defined, then use it to determine the time (in ms) until the next retry or to
+            // propagate an error to the user.
+            if (this.config.retryStrategy) {
+                // Get the total elapsed time so far since the request was executed
+                var totalElapsedTime = process.hrtime(asyncRequestTimer);
+                var totalElapsedTimeMS = totalElapsedTime[0] * 1000 + totalElapsedTime[1] / 1000000;
+                var retryOptions = {
+                    error,
+                    numRetryAttempts: numRetries,
+                    numMaxRetries: this.config.numMaxRetries,
+                    retryIntervalMS: this.config.retryIntervalMS,
+                    totalElapsedTimeMS,
+                };
+                retryTimeoutinSeconds = this.config.retryStrategy(retryOptions);
+                // If the retry strategy doesn't return a number/time in ms, then propagate the response error to the user.
+                // However, if the retry strategy returns its own error, this will be propagated to the user instead.
+                if (typeof retryTimeoutinSeconds !== 'number') {
+                    if (retryTimeoutinSeconds instanceof Error) {
+                        error = retryTimeoutinSeconds;
+                    }
+                    throw error;
+                }
+            }
+            else if (error.hasOwnProperty('response') &&
+                error.response.hasOwnProperty('headers') &&
+                error.response.headers.hasOwnProperty('retry-after')) {
+                retryTimeoutinSeconds = error.response.headers['retry-after'];
+            }
+            else {
+                retryTimeoutinSeconds = Math.ceil((0, exponential_backoff_1.default)(numRetries, this.config.retryIntervalMS) / 1000);
+            }
+            var time = Math.floor(Date.now() / 1000);
+            if (error.response.headers.date) {
+                time = Math.floor(Date.parse(error.response.headers.date) / 1000);
+            }
+            // Add length of retry timeout to current expiration time to calculate the expiration time for the JTI claim.
+            claims.exp = Math.ceil(time + this.config.appAuth.expirationTime + retryTimeoutinSeconds);
+            jwtOptions.jwtid = (0, uuid_1.v4)();
+            try {
+                params.assertion = jsonwebtoken_1.default.sign(claims, keyParams, jwtOptions);
+            }
+            catch (jwtErr) {
+                throw jwtErr;
+            }
+            return bluebird_1.default.delay(retryTimeoutinSeconds).then(() => {
+                // Start the request timer immediately before executing the async request
+                asyncRequestTimer = process.hrtime();
+                return this.getTokens(params, options).catch((err) => this.retryJWTGrant(claims, jwtOptions, keyParams, params, options, err, numRetries));
+            });
+        }
+        else if (numRetries >= this.config.numMaxRetries) {
+            error.maxRetriesExceeded = true;
+        }
+        throw error;
+    }
+    /**
+     * Exchange a valid access token for one with a lower scope, or delegated to
+     * an external user identifier.
+     *
+     * @param {string} accessToken - The valid access token to exchange
+     * @param {string|string[]} scopes - The scope(s) of the new access token
+     * @param {string} [resource] - The absolute URL of an API resource to restrict the new token to
+     * @param {Object} [options] - Optional parameters
+     * @param {TokenRequestOptions} [options.tokenRequestOptions] - Sets optional behavior for the token grant
+     * @param {ActorParams} [options.actor] - Optional actor parameters for creating annotator tokens
+     * @param {SharedLinkParams} [options.sharedLink] - Optional shared link parameters for creating tokens using shared links
+     * @returns {Promise<TokenInfo>} Promise resolving to the new token info
+     */
+    exchangeToken(accessToken, scopes, resource, options) {
+        var params = {
+            grant_type: grantTypes.TOKEN_EXCHANGE,
+            subject_token_type: ACCESS_TOKEN_TYPE,
+            subject_token: accessToken,
+            scope: typeof scopes === 'string' ? scopes : scopes.join(' '),
+        };
+        if (resource) {
+            params.resource = resource;
+        }
+        if (options && options.sharedLink) {
+            params.box_shared_link = options.sharedLink.url;
+        }
+        if (options && options.actor) {
+            var payload = {
+                iss: this.config.clientID,
+                sub: options.actor.id,
+                aud: BOX_JWT_AUDIENCE,
+                box_sub_type: 'external',
+                name: options.actor.name,
+            };
+            var jwtOptions = {
+                algorithm: 'none',
+                expiresIn: '1m',
+                noTimestamp: true,
+                jwtid: (0, uuid_1.v4)(),
+            };
+            var token;
+            try {
+                token = jsonwebtoken_1.default.sign(payload, 'UNUSED', jwtOptions /* FIXME */);
+            }
+            catch (jwtError) {
+                return bluebird_1.default.reject(jwtError);
+            }
+            params.actor_token = token;
+            params.actor_token_type = ACTOR_TOKEN_TYPE;
+        }
+        return this.getTokens(params, options && options.tokenRequestOptions
+            ? options.tokenRequestOptions
+            : null);
+    }
+    /**
+     * Revokes a token pair associated with a given access or refresh token.
+     *
+     * @param {string} token - A valid access or refresh token to revoke
+     * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+     * @returns {Promise} Promise resolving if the revoke succeeds
+     */
+    revokeTokens(token, options) {
+        var params = {
+            method: 'POST',
+            url: this.oauthBaseURL + tokenPaths.REVOKE,
+            form: {
+                token,
+                client_id: this.config.clientID,
+                client_secret: this.config.clientSecret,
+            },
+        };
+        if (options && options.ip) {
+            params.headers = {};
+            params.headers[HEADER_XFF] = options.ip;
+        }
+        return this.requestManager.makeRequest(params);
+    }
+}
+module.exports = TokenManager;
+//# sourceMappingURL=token-manager.js.map

package/lib-esm/token-manager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;AAEH,iFAAiF;AACjF,eAAe;AACf,iFAAiF;AAEjF,wDAA+B;AAC/B,8DAA0C;AAC1C,gEAA+B;AAC/B,+BAAoC;AAEpC,2DAAmC;AACnC,qFAAyD;AA8DzD;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,GAAQ,CAAC,WAAW;IACnD,IACE,GAAG,CAAC,WAAW;QACf,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI;QACzB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACtD,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAC1D,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,iFAAiF;AACjF,YAAY;AACZ,iFAAiF;AAEjF;;;;;GAKG;AACH,IAAI,UAAU,GAAG;IACf,kBAAkB,EAAE,oBAAoB;IACxC,aAAa,EAAE,eAAe;IAC9B,kBAAkB,EAAE,oBAAoB;IACxC,GAAG,EAAE,6CAA6C;IAClD,cAAc,EAAE,iDAAiD;CAClE,CAAC;AAEF;;;;;GAKG;AACH,IAAK,UAIJ;AAJD,WAAK,UAAU;IACb,8BAAgB,CAAA;IAChB,4BAAc,CAAA;IACd,gCAAkB,CAAA;AACpB,CAAC,EAJI,UAAU,KAAV,UAAU,QAId;AAED,mHAAmH;AACnH,IAAI,iBAAsB,CAAC,WAAW,CAAC;AAEvC,kGAAkG;AAClG,MAAM,UAAU,GAAG,iBAAiB,CAAC;AACrC,MAAM,iBAAiB,GAAG,+CAA+C,CAAC;AAC1E,MAAM,gBAAgB,GAAG,2CAA2C,CAAC;AACrE,MAAM,gBAAgB,GAAG,kCAAkC,CAAC;AAE5D,iFAAiF;AACjF,UAAU;AACV,iFAAiF;AAEjF;;;;;;GAMG;AACH,SAAS,0BAA0B,CACjC,iBAAsC,CAAC,WAAW;IAElD,OAAO;QACL,mDAAmD;QACnD,WAAW,EAAE,iBAAiB,CAAC,YAAY;QAC3C,YAAY,EAAE,iBAAiB,CAAC,aAAa;QAC7C,uGAAuG;QACvG,gBAAgB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,UAAU,EAAE,EAAE,CAAC,GAAG,IAAI;QACnE,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;KACzB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,kBAAkB,CAAC,WAAmB;IAC7C,OAAO,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;AACnE,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,oBAAoB,CAC3B,SAAiB,EACjB,YAAiC,CAAC,WAAW;IAE7C,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,YAAY,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,sDAAsD;IACtD,IAAI,SAAS,KAAK,oBAAoB,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;QACxE,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC;YACpD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iFAAiF;AACjF,SAAS;AACT,iFAAiF;AAEjF;;;;;;GAMG;AACH,MAAM,YAAY;IAKhB,YAAY,MAAc,EAAE,cAAiC;QAC3D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC;QACxD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;IAED;;;;;;;;;OASG;IACH,kBAAkB,CAAC,SAAoB,EAAE,QAAiB;QACxD,IACE,OAAO,SAAS,CAAC,YAAY,KAAK,WAAW;YAC7C,OAAO,SAAS,CAAC,gBAAgB,KAAK,WAAW,EACjD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,QAAQ,GAAG,QAAQ,IAAI,CAAC,CAAC;QACzB,IAAI,UAAU,GACZ,SAAS,CAAC,YAAY,GAAG,SAAS,CAAC,gBAAgB,GAAG,QAAQ,CAAC;QACjE,OAAO,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACH,SAAS,CACP,UAA+B,EAC/B,OAAoC;QAEpC,IAAI,MAAM,GAAG;YACX,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,GAAG;YACvC,OAAO,EAAE,EAAyB;YAClC,IAAI,EAAE,UAAU;SACjB,CAAC;QACF,OAAO,GAAG,OAAO,IAAI,EAAE,CAAC;QAExB,qDAAqD;QACrD,MAAM,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;QAErD,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,EAAE,CAAC;QAC1C,CAAC;QAED,OAAO,IAAI,CAAC,cAAc;aACvB,WAAW,CAAC,MAAM,CAAC;aACnB,IAAI,CAAC,CAAC,QAAa,CAAC,WAAW,EAAE,EAAE;YAClC,uFAAuF;YACvF,0FAA0F;YAC1F,SAAS;YACT,IACE,QAAQ,CAAC,IAAI;gBACb,QAAQ,CAAC,IAAI,CAAC,KAAK;gBACnB,QAAQ,CAAC,IAAI,CAAC,KAAK,KAAK,eAAe,EACvC,CAAC;gBACD,IAAI,cAAc,GAAG,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC;gBACrD,IAAI,OAAO,GAAG,cAAc;oBAC1B,CAAC,CAAC,eAAe,cAAc,EAAE;oBACjC,CAAC,CAAC,SAAS,CAAC;gBACd,MAAM,gBAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACjD,CAAC;YAED,sFAAsF;YACtF,oFAAoF;YACpF,sBAAsB;YACtB,IACE,QAAQ,CAAC,UAAU,KAAK,qBAAe,CAAC,EAAE;gBAC1C,QAAQ,CAAC,IAAI,YAAY,MAAM,EAC/B,CAAC;gBACD,MAAM,gBAAM,CAAC,4BAA4B,CAAC,QAAQ,CAAC,CAAC;YACtD,CAAC;YAED,kGAAkG;YAClG,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChE,MAAM,gBAAM,CAAC,kBAAkB,CAC7B,QAAQ,EACR,oCAAoC,CACrC,CAAC;YACJ,CAAC;YAED,2EAA2E;YAC3E,OAAO,0BAA0B,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;;;;;OAMG;IACH,+BAA+B,CAC7B,iBAAyB,EACzB,OAA6B;QAE7B,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAC3C,OAAO,kBAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,MAAM,GAAG;YACX,UAAU,EAAE,UAAU,CAAC,kBAAkB;YACzC,IAAI,EAAE,iBAAiB;SACxB,CAAC;QAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;;;OAKG;IACH,+BAA+B,CAAC,OAA6B;QAC3D,IAAI,MAAM,GAAG;YACX,UAAU,EAAE,UAAU,CAAC,kBAAkB;YACzC,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;YAC5C,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;SACzC,CAAC;QACF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;;;;OAMG;IACH,qBAAqB,CAAC,YAAoB,EAAE,OAA6B;QACvE,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,EAAE,CAAC;YACtC,OAAO,kBAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,MAAM,GAAG;YACX,UAAU,EAAE,UAAU,CAAC,aAAa;YACpC,aAAa,EAAE,YAAY;SAC5B,CAAC;QAEF,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;;;;;OAMG;IACH,iBAAiB,CAAC,IAAY,EAAE,EAAU,EAAE,OAA6B;QACvE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACvD,OAAO,kBAAO,CAAC,MAAM,CACnB,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAClE,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,GAAG;YACX,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc;YACvE,YAAY,EAAE,IAAI;SACnB,CAAC;QACF,IAAI,UAAU,GAAG;YACf,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS;YACxC,QAAQ,EAAE,gBAAgB;YAC1B,OAAO,EAAE,EAAE;YACX,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;YAC5B,KAAK,EAAE,IAAA,SAAM,GAAE;YACf,WAAW,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe;YACjD,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK;SACjC,CAAC;QACF,IAAI,SAAS,GAAG;YACd,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU;YACnC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU;SAC3C,CAAC;QAEF,IAAI,SAAS,CAAC;QACd,IAAI,CAAC;YACH,SAAS,GAAG,sBAAG,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,OAAO,kBAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,MAAM,GAAG;YACX,UAAU,EAAE,UAAU,CAAC,GAAG;YAC1B,SAAS;SACV,CAAC;QACF,yEAAyE;QACzE,iBAAiB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CACnD,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAC3E,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,sCAAsC;IACtC,aAAa,CACX,MAAW,CAAC,WAAW,EACvB,UAAe,CAAC,WAAW,EAC3B,SAAc,CAAC,WAAW,EAC1B,MAAW,CAAC,WAAW,EACvB,OAAwC,EACxC,KAAU,CAAC,WAAW,EACtB,UAAkB;QAElB,IACE,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa;YACtC,uBAAuB,CAAC,KAAK,CAAC,EAC9B,CAAC;YACD,IAAI,qBAAqB,CAAC;YAC1B,UAAU,IAAI,CAAC,CAAC;YAChB,yGAAyG;YACzG,kCAAkC;YAClC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAC9B,mEAAmE;gBACnE,IAAI,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;gBACzD,IAAI,kBAAkB,GACpB,gBAAgB,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC;gBAC7D,IAAI,YAAY,GAAG;oBACjB,KAAK;oBACL,gBAAgB,EAAE,UAAU;oBAC5B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa;oBACxC,eAAe,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe;oBAC5C,kBAAkB;iBACnB,CAAC;gBAEF,qBAAqB,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBAEhE,2GAA2G;gBAC3G,qGAAqG;gBACrG,IAAI,OAAO,qBAAqB,KAAK,QAAQ,EAAE,CAAC;oBAC9C,IAAI,qBAAqB,YAAY,KAAK,EAAE,CAAC;wBAC3C,KAAK,GAAG,qBAAqB,CAAC;oBAChC,CAAC;oBACD,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC;iBAAM,IACL,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC;gBAChC,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,SAAS,CAAC;gBACxC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,EACpD,CAAC;gBACD,qBAAqB,GAAG,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAChE,CAAC;iBAAM,CAAC;gBACN,qBAAqB,GAAG,IAAI,CAAC,IAAI,CAC/B,IAAA,6BAAe,EAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,IAAI,CAChE,CAAC;YACJ,CAAC;YAED,IAAI,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YACzC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAChC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YACpE,CAAC;YACD,6GAA6G;YAC7G,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CACpB,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,cAAc,GAAG,qBAAqB,CAClE,CAAC;YACF,UAAU,CAAC,KAAK,GAAG,IAAA,SAAM,GAAE,CAAC;YAE5B,IAAI,CAAC;gBACH,MAAM,CAAC,SAAS,GAAG,sBAAG,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAC7D,CAAC;YAAC,OAAO,MAAM,EAAE,CAAC;gBAChB,MAAM,MAAM,CAAC;YACf,CAAC;YAED,OAAO,kBAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,yEAAyE;gBACzE,iBAAiB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;gBACrC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CACnD,IAAI,CAAC,aAAa,CAChB,MAAM,EACN,UAAU,EACV,SAAS,EACT,MAAM,EACN,OAAO,EACP,GAAG,EACH,UAAU,CACX,CACF,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YACnD,KAAK,CAAC,kBAAkB,GAAG,IAAI,CAAC;QAClC,CAAC;QAED,MAAM,KAAK,CAAC;IACd,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,aAAa,CACX,WAAmB,EACnB,MAAyB,EACzB,QAAiB,EACjB,OAIC;QAED,IAAI,MAAM,GASN;YACF,UAAU,EAAE,UAAU,CAAC,cAAc;YACrC,kBAAkB,EAAE,iBAAiB;YACrC,aAAa,EAAE,WAAW;YAC1B,KAAK,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SAC9D,CAAC;QAEF,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,CAAC;QAED,IAAI,OAAO,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YAClC,MAAM,CAAC,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QAClD,CAAC;QAED,IAAI,OAAO,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAC7B,IAAI,OAAO,GAAG;gBACZ,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBACzB,GAAG,EAAE,OAAO,CAAC,KAAK,CAAC,EAAE;gBACrB,GAAG,EAAE,gBAAgB;gBACrB,YAAY,EAAE,UAAU;gBACxB,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,IAAI;aACzB,CAAC;YAEF,IAAI,UAAU,GAAG;gBACf,SAAS,EAAE,MAAM;gBACjB,SAAS,EAAE,IAAI;gBACf,WAAW,EAAE,IAAI;gBACjB,KAAK,EAAE,IAAA,SAAM,GAAE;aAChB,CAAC;YAEF,IAAI,KAAK,CAAC;YACV,IAAI,CAAC;gBACH,KAAK,GAAG,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAiB,CAAC,WAAW,CAAC,CAAC;YACrE,CAAC;YAAC,OAAO,QAAQ,EAAE,CAAC;gBAClB,OAAO,kBAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClC,CAAC;YAED,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC;YAC3B,MAAM,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QAC7C,CAAC;QAED,OAAO,IAAI,CAAC,SAAS,CACnB,MAAM,EACN,OAAO,IAAI,OAAO,CAAC,mBAAmB;YACpC,CAAC,CAAC,OAAO,CAAC,mBAAmB;YAC7B,CAAC,CAAC,IAAI,CACT,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,YAAY,CAAC,KAAa,EAAE,OAA6B;QACvD,IAAI,MAAM,GAKN;YACF,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,MAAM;YAC1C,IAAI,EAAE;gBACJ,KAAK;gBACL,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;aACxC;SACF,CAAC;QAEF,IAAI,OAAO,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;YAC1B,MAAM,CAAC,OAAO,GAAG,EAAE,CAAC;YACpB,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,EAAE,CAAC;QAC1C,CAAC;QAED,OAAO,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACjD,CAAC;CACF;AAOD,iBAAS,YAAY,CAAC"}