carta-controller 4.1.0 → 5.0.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config/config_schema.json +59 -1
- package/dist/auth/external.js +38 -6
- package/dist/auth/external.js.map +1 -1
- package/dist/auth/google.js +80 -25
- package/dist/auth/google.js.map +1 -1
- package/dist/auth/index.js +20 -11
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/ldap.js +7 -5
- package/dist/auth/ldap.js.map +1 -1
- package/dist/auth/local.js +47 -11
- package/dist/auth/local.js.map +1 -1
- package/dist/auth/oidc.js +48 -13
- package/dist/auth/oidc.js.map +1 -1
- package/dist/auth/oidcRefreshManager.js +10 -11
- package/dist/auth/oidcRefreshManager.js.map +1 -1
- package/dist/auth/pam.js +1 -2
- package/dist/auth/pam.js.map +1 -1
- package/dist/config.js +51 -15
- package/dist/controllerTests.js +60 -20
- package/dist/database.js +21 -18
- package/dist/index.js +69 -32
- package/dist/serverHandlers.js +57 -15
- package/dist/types.js +1 -1
- package/dist/util.js +6 -7
- package/docs/src/almalinux8_instructions.rst +37 -11
- package/docs/src/configuration.rst +1 -1
- package/docs/src/installation.rst +13 -3
- package/docs/src/introduction.rst +7 -4
- package/docs/src/ubuntu_focal_instructions.rst +20 -1
- package/package.json +23 -21
- package/public/dashboard.js +17 -68
- package/public/templated.css +6 -3
- package/scripts/carta_kill_script.sh +27 -12
- package/views/templated.pug +3 -6
|
@@ -31,7 +31,10 @@
|
|
|
31
31
|
"additionalProperties": false,
|
|
32
32
|
"required": [
|
|
33
33
|
"clientId",
|
|
34
|
-
"userLookupTable"
|
|
34
|
+
"userLookupTable",
|
|
35
|
+
"publicKeyLocation",
|
|
36
|
+
"privateKeyLocation",
|
|
37
|
+
"issuer"
|
|
35
38
|
],
|
|
36
39
|
"properties": {
|
|
37
40
|
"clientId": {
|
|
@@ -66,6 +69,61 @@
|
|
|
66
69
|
"examples": [
|
|
67
70
|
"/etc/carta/userlookup.txt"
|
|
68
71
|
]
|
|
72
|
+
},
|
|
73
|
+
"publicKeyLocation": {
|
|
74
|
+
"description": "Path to public key (in PEM format) used for verifying JWTs",
|
|
75
|
+
"type": "string",
|
|
76
|
+
"examples": [
|
|
77
|
+
"/etc/carta/carta_public.pem"
|
|
78
|
+
]
|
|
79
|
+
},
|
|
80
|
+
"privateKeyLocation": {
|
|
81
|
+
"description": "Path to private key (in PEM format) used for signing JWTs",
|
|
82
|
+
"type": "string",
|
|
83
|
+
"examples": [
|
|
84
|
+
"/etc/carta/carta_private.pem"
|
|
85
|
+
]
|
|
86
|
+
},
|
|
87
|
+
"keyAlgorithm": {
|
|
88
|
+
"$ref": "#/definitions/keyAlgorithm",
|
|
89
|
+
"default": "RS256"
|
|
90
|
+
},
|
|
91
|
+
"issuer": {
|
|
92
|
+
"description": "Issuer field for JWT",
|
|
93
|
+
"type": "string",
|
|
94
|
+
"examples": [
|
|
95
|
+
"my-carta-server"
|
|
96
|
+
]
|
|
97
|
+
},
|
|
98
|
+
"refreshTokenAge": {
|
|
99
|
+
"description": "Lifetime of refresh tokens",
|
|
100
|
+
"type": "string",
|
|
101
|
+
"default": "1w",
|
|
102
|
+
"examples": [
|
|
103
|
+
"1w",
|
|
104
|
+
"15h",
|
|
105
|
+
"2d"
|
|
106
|
+
]
|
|
107
|
+
},
|
|
108
|
+
"accessTokenAge": {
|
|
109
|
+
"description": "Lifetime of access tokens",
|
|
110
|
+
"type": "string",
|
|
111
|
+
"default": "15m",
|
|
112
|
+
"examples": [
|
|
113
|
+
"90s",
|
|
114
|
+
"1h",
|
|
115
|
+
"15m"
|
|
116
|
+
]
|
|
117
|
+
},
|
|
118
|
+
"scriptingTokenAge": {
|
|
119
|
+
"description": "Lifetime of scripting tokens",
|
|
120
|
+
"type": "string",
|
|
121
|
+
"default": "1w",
|
|
122
|
+
"examples": [
|
|
123
|
+
"1w",
|
|
124
|
+
"5d",
|
|
125
|
+
"10h"
|
|
126
|
+
]
|
|
69
127
|
}
|
|
70
128
|
}
|
|
71
129
|
},
|
package/dist/auth/external.js
CHANGED
|
@@ -1,7 +1,41 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
2
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
4
|
-
|
|
36
|
+
exports.watchUserTable = watchUserTable;
|
|
37
|
+
exports.generateExternalVerifiers = generateExternalVerifiers;
|
|
38
|
+
const fs = __importStar(require("fs"));
|
|
5
39
|
const jwt = require("jsonwebtoken");
|
|
6
40
|
function populateUserMap(userMaps, issuer, filename) {
|
|
7
41
|
const userMap = new Map();
|
|
@@ -10,8 +44,8 @@ function populateUserMap(userMaps, issuer, filename) {
|
|
|
10
44
|
const lines = contents.split("\n");
|
|
11
45
|
for (let line of lines) {
|
|
12
46
|
line = line.trim();
|
|
13
|
-
// Skip comments
|
|
14
|
-
if (line.startsWith("#")) {
|
|
47
|
+
// Skip comments and empty lines
|
|
48
|
+
if (line.startsWith("#") || !/\S/.test(line)) {
|
|
15
49
|
continue;
|
|
16
50
|
}
|
|
17
51
|
// Ensure line is in format <username1> <username2>
|
|
@@ -40,7 +74,6 @@ function watchUserTable(userMaps, issuers, filename) {
|
|
|
40
74
|
populateUserMap(userMaps, issuers, filename);
|
|
41
75
|
fs.watchFile(filename, () => populateUserMap(userMaps, issuers, filename));
|
|
42
76
|
}
|
|
43
|
-
exports.watchUserTable = watchUserTable;
|
|
44
77
|
function generateExternalVerifiers(verifierMap, authConf) {
|
|
45
78
|
const publicKey = fs.readFileSync(authConf.publicKeyLocation);
|
|
46
79
|
const verifier = (cookieString) => {
|
|
@@ -60,5 +93,4 @@ function generateExternalVerifiers(verifierMap, authConf) {
|
|
|
60
93
|
verifierMap.set(iss, verifier);
|
|
61
94
|
}
|
|
62
95
|
}
|
|
63
|
-
exports.generateExternalVerifiers = generateExternalVerifiers;
|
|
64
96
|
//# sourceMappingURL=external.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"external.js","sourceRoot":"","sources":["../../src/auth/external.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"external.js","sourceRoot":"","sources":["../../src/auth/external.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCA,wCAGC;AAED,8DAkBC;AA/DD,uCAAyB;AAEzB,oCAAqC;AAGrC,SAAS,eAAe,CAAC,QAA8B,EAAE,MAAyB,EAAE,QAAgB;IAChG,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC1C,IAAI,CAAC;QACD,MAAM,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACnC,KAAK,IAAI,IAAI,IAAI,KAAK,EAAE,CAAC;YACrB,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAEnB,gCAAgC;YAChC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3C,SAAS;YACb,CAAC;YAED,mDAAmD;YACnD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,oCAAoC,IAAI,EAAE,CAAC,CAAC;gBACxD,SAAS;YACb,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,wBAAwB,OAAO,CAAC,IAAI,UAAU,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACvB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC/B,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC;AACL,CAAC;AAED,SAAgB,cAAc,CAAC,QAA8B,EAAE,OAA0B,EAAE,QAAgB;IACvG,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC7C,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,SAAgB,yBAAyB,CAAC,WAAkC,EAAE,QAAiC;IAC3G,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,CAAC,YAAoB,EAAE,EAAE;QACtC,MAAM,OAAO,GAAQ,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,EAAE,EAAC,SAAS,EAAE,QAAQ,CAAC,YAAY,EAAkB,CAAC,CAAC;QAC9G,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACnE,0CAA0C;YAC1C,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACvB,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACrD,CAAC;YACD,OAAO,OAAO,CAAC;QACnB,CAAC;aAAM,CAAC;YACJ,OAAO,SAAS,CAAC;QACrB,CAAC;IACL,CAAC,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACjC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC;AACL,CAAC"}
|
package/dist/auth/google.js
CHANGED
|
@@ -8,35 +8,90 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
8
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
11
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.
|
|
15
|
+
exports.googleCallbackHandler = googleCallbackHandler;
|
|
16
|
+
exports.generateGoogleRefreshHandler = generateGoogleRefreshHandler;
|
|
17
|
+
const config_1 = require("../config");
|
|
18
|
+
const types_1 = require("../types");
|
|
13
19
|
const google_auth_library_1 = require("google-auth-library");
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
const
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
20
|
+
const local_1 = require("./local");
|
|
21
|
+
const index_1 = require("./index");
|
|
22
|
+
const ms_1 = __importDefault(require("ms"));
|
|
23
|
+
function googleCallbackHandler(req, res, authConf) {
|
|
24
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
25
|
+
var _a;
|
|
26
|
+
// Check for g_csrf_token match between cookie and body
|
|
27
|
+
if (!req.cookies["g_csrf_token"] || !req.body["g_csrf_token"] || req.cookies["g_csrf_token"] !== req.body["g_csrf_token"]) {
|
|
28
|
+
return res.status(400).json({ "error": "Missing or non-matching CSRF token" });
|
|
29
|
+
}
|
|
30
|
+
const oAuth2Client = new google_auth_library_1.OAuth2Client();
|
|
31
|
+
try {
|
|
32
|
+
const result = yield oAuth2Client.verifyIdToken({ idToken: (_a = req === null || req === void 0 ? void 0 : req.body) === null || _a === void 0 ? void 0 : _a.credential, audience: authConf.clientId });
|
|
33
|
+
const payload = result.getPayload();
|
|
34
|
+
// Do the mapping
|
|
35
|
+
const username = authConf.useEmailAsId ? payload === null || payload === void 0 ? void 0 : payload.email : payload === null || payload === void 0 ? void 0 : payload.sub;
|
|
36
|
+
// check that username exists and email is verified
|
|
37
|
+
if (!username || !(payload === null || payload === void 0 ? void 0 : payload.email_verified)) {
|
|
38
|
+
console.log("Google auth rejected due to lack of unique ID or email verification");
|
|
39
|
+
return res.status(500).json({ "error": "An error occured processing your login" });
|
|
40
|
+
}
|
|
41
|
+
// check that domain is valid
|
|
42
|
+
if (authConf.validDomain && authConf.validDomain !== payload.hd) {
|
|
43
|
+
console.log(`Google auth rejected due to incorrect domain: ${payload.hd}`);
|
|
44
|
+
return res.status(500).json({ "error": "An error occured processing your login" });
|
|
45
|
+
}
|
|
46
|
+
// create initial refresh token
|
|
47
|
+
const refreshToken = (0, local_1.generateToken)(authConf, username, local_1.TokenType.Refresh);
|
|
48
|
+
res.cookie("Refresh-Token", refreshToken, {
|
|
49
|
+
path: config_1.RuntimeConfig.authPath,
|
|
50
|
+
maxAge: (0, ms_1.default)(authConf.refreshTokenAge),
|
|
51
|
+
httpOnly: true,
|
|
52
|
+
secure: !config_1.ServerConfig.httpOnly,
|
|
53
|
+
sameSite: "strict"
|
|
54
|
+
});
|
|
55
|
+
return res.redirect(`${config_1.RuntimeConfig.dashboardAddress}?googleuser=${username}`);
|
|
56
|
+
}
|
|
57
|
+
catch (e) {
|
|
58
|
+
console.debug(e);
|
|
59
|
+
return res.status(500).json({ "error": "An error occured processing your login" });
|
|
60
|
+
}
|
|
61
|
+
});
|
|
62
|
+
}
|
|
63
|
+
function generateGoogleRefreshHandler(authConf) {
|
|
64
|
+
return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
|
|
65
|
+
var _a;
|
|
66
|
+
const refreshTokenCookie = req.cookies["Refresh-Token"];
|
|
67
|
+
const scriptingToken = ((_a = req.body) === null || _a === void 0 ? void 0 : _a.scripting) === true;
|
|
68
|
+
if (refreshTokenCookie) {
|
|
69
|
+
try {
|
|
70
|
+
const refreshToken = yield (0, index_1.verifyToken)(refreshTokenCookie);
|
|
71
|
+
if (!refreshToken || !refreshToken.username || !refreshToken.refresh) {
|
|
72
|
+
next({ statusCode: 403, message: "Not authorized" });
|
|
73
|
+
}
|
|
74
|
+
else if (scriptingToken && config_1.ServerConfig.scriptingAccess !== types_1.ScriptingAccess.Enabled) {
|
|
75
|
+
next({ statusCode: 500, message: "Scripting access not enabled for this server" });
|
|
76
|
+
}
|
|
77
|
+
else {
|
|
78
|
+
const access_token = (0, local_1.generateToken)(authConf, refreshToken.username, scriptingToken ? local_1.TokenType.Scripting : local_1.TokenType.Access);
|
|
79
|
+
console.log(`Refreshed ${scriptingToken ? "scripting" : "access"} token for user ${refreshToken.username}`);
|
|
80
|
+
res.json({
|
|
81
|
+
access_token,
|
|
82
|
+
token_type: "bearer",
|
|
83
|
+
username: refreshToken.username,
|
|
84
|
+
expires_in: (0, ms_1.default)(scriptingToken ? authConf.scriptingTokenAge : authConf.accessTokenAge) / 1000
|
|
85
|
+
});
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
catch (err) {
|
|
89
|
+
next({ statusCode: 400, message: "Invalid refresh token" });
|
|
90
|
+
}
|
|
29
91
|
}
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
console.log(`Google auth rejected due to incorrect domain: ${payload.hd}`);
|
|
33
|
-
return undefined;
|
|
92
|
+
else {
|
|
93
|
+
next({ statusCode: 400, message: "Missing refresh token" });
|
|
34
94
|
}
|
|
35
|
-
return Object.assign(Object.assign({}, payload), { username });
|
|
36
95
|
});
|
|
37
|
-
for (const iss of exports.validGoogleIssuers) {
|
|
38
|
-
verifierMap.set(iss, verifier);
|
|
39
|
-
}
|
|
40
96
|
}
|
|
41
|
-
exports.generateGoogleVerifier = generateGoogleVerifier;
|
|
42
97
|
//# sourceMappingURL=google.js.map
|
package/dist/auth/google.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/auth/google.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"google.js","sourceRoot":"","sources":["../../src/auth/google.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAQA,sDA0CC;AAGD,oEA4BC;AAjFD,sCAAsD;AACtD,oCAA0E;AAC1E,6DAAiD;AACjD,mCAAiD;AACjD,mCAA6C;AAC7C,4CAAoB;AAGpB,SAAsB,qBAAqB,CAAE,GAAY,EAAE,GAAa,EAAE,QAA+B;;;QACrG,uDAAuD;QACvD,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;YACxH,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,oCAAoC,EAAC,CAAC,CAAA;QAChF,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,kCAAY,EAAE,CAAC;QACxC,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,aAAa,CAAC,EAAC,OAAO,EAAE,MAAA,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,IAAI,0CAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAC,CAAC,CAAC;YAC/G,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;YAEnC,iBAAiB;YACjB,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,KAAK,CAAC,CAAC,CAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,GAAG,CAAC;YAEvE,mDAAmD;YACnD,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,CAAA,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,qEAAqE,CAAC,CAAC;gBACnF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,wCAAwC,EAAC,CAAC,CAAC;YACrF,CAAC;YAED,6BAA6B;YAC7B,IAAI,QAAQ,CAAC,WAAW,IAAI,QAAQ,CAAC,WAAW,KAAK,OAAO,CAAC,EAAE,EAAE,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,iDAAiD,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,wCAAwC,EAAC,CAAC,CAAC;YACrF,CAAC;YAED,+BAA+B;YAC/B,MAAM,YAAY,GAAG,IAAA,qBAAa,EAAC,QAAQ,EAAE,QAAQ,EAAE,iBAAS,CAAC,OAAO,CAAC,CAAC;YAC1E,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,YAAY,EAAE;gBACtC,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,IAAA,YAAE,EAAC,QAAQ,CAAC,eAAyB,CAAC;gBAC9C,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,sBAAa,CAAC,gBAAgB,eAAe,QAAQ,EAAE,CAAC,CAAA;QAEnF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,OAAO,EAAE,wCAAwC,EAAC,CAAC,CAAA;QACpF,CAAC;IACL,CAAC;CAAA;AAGD,SAAgB,4BAA4B,CAAC,QAA+B;IACxE,OAAO,CAAO,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;;QAC7D,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QACpD,IAAI,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACD,MAAM,YAAY,GAAG,MAAM,IAAA,mBAAW,EAAC,kBAAkB,CAAC,CAAC;gBAC3D,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;oBACnE,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;gBACvD,CAAC;qBAAM,IAAI,cAAc,IAAI,qBAAY,CAAC,eAAe,KAAK,uBAAe,CAAC,OAAO,EAAE,CAAC;oBACpF,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,8CAA8C,EAAC,CAAC,CAAC;gBACrF,CAAC;qBAAM,CAAC;oBACJ,MAAM,YAAY,GAAG,IAAA,qBAAa,EAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,iBAAS,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAS,CAAC,MAAM,CAAC,CAAC;oBAC7H,OAAO,CAAC,GAAG,CAAC,aAAa,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,mBAAmB,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC;oBAC5G,GAAG,CAAC,IAAI,CAAC;wBACL,YAAY;wBACZ,UAAU,EAAE,QAAQ;wBACpB,QAAQ,EAAE,YAAY,CAAC,QAAQ;wBAC/B,UAAU,EAAE,IAAA,YAAE,EAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAE,QAAQ,CAAC,cAAyB,CAAC,GAAG,IAAI;qBAC3G,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;YAC9D,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;QAC9D,CAAC;IACL,CAAC,CAAA,CAAC;AACN,CAAC"}
|
package/dist/auth/index.js
CHANGED
|
@@ -8,10 +8,16 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
8
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
9
|
});
|
|
10
10
|
};
|
|
11
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
12
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
13
|
+
};
|
|
11
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.authRouter =
|
|
15
|
+
exports.authRouter = void 0;
|
|
16
|
+
exports.verifyToken = verifyToken;
|
|
17
|
+
exports.getUser = getUser;
|
|
18
|
+
exports.authGuard = authGuard;
|
|
13
19
|
const jwt = require("jsonwebtoken");
|
|
14
|
-
const
|
|
20
|
+
const express_1 = __importDefault(require("express"));
|
|
15
21
|
const util_1 = require("../util");
|
|
16
22
|
const config_1 = require("../config");
|
|
17
23
|
const external_1 = require("./external");
|
|
@@ -31,7 +37,7 @@ let refreshHandler = (req, res) => {
|
|
|
31
37
|
throw { statusCode: 501, message: "Token refresh not implemented" };
|
|
32
38
|
};
|
|
33
39
|
let callbackHandler = (req, res) => {
|
|
34
|
-
throw { statusCode: 501, message: "
|
|
40
|
+
throw { statusCode: 501, message: "Callback handler not implemented" };
|
|
35
41
|
};
|
|
36
42
|
// Local providers
|
|
37
43
|
if (config_1.ServerConfig.authProviders.pam) {
|
|
@@ -48,9 +54,11 @@ else if (config_1.ServerConfig.authProviders.ldap) {
|
|
|
48
54
|
}
|
|
49
55
|
else if (config_1.ServerConfig.authProviders.google) {
|
|
50
56
|
const authConf = config_1.ServerConfig.authProviders.google;
|
|
51
|
-
(0,
|
|
57
|
+
(0, local_1.generateLocalVerifier)(tokenVerifiers, authConf);
|
|
58
|
+
refreshHandler = (0, google_1.generateGoogleRefreshHandler)(authConf);
|
|
59
|
+
callbackHandler = (req, res) => (0, google_1.googleCallbackHandler)(req, res, authConf);
|
|
52
60
|
if (authConf.userLookupTable) {
|
|
53
|
-
(0, external_1.watchUserTable)(userMaps,
|
|
61
|
+
(0, external_1.watchUserTable)(userMaps, authConf.issuer, authConf.userLookupTable);
|
|
54
62
|
}
|
|
55
63
|
}
|
|
56
64
|
else if (config_1.ServerConfig.authProviders.external) {
|
|
@@ -90,7 +98,6 @@ function verifyToken(cookieString) {
|
|
|
90
98
|
return undefined;
|
|
91
99
|
});
|
|
92
100
|
}
|
|
93
|
-
exports.verifyToken = verifyToken;
|
|
94
101
|
function getUser(username, issuer) {
|
|
95
102
|
const userMap = userMaps.get(issuer);
|
|
96
103
|
if (userMap) {
|
|
@@ -100,7 +107,6 @@ function getUser(username, issuer) {
|
|
|
100
107
|
return username;
|
|
101
108
|
}
|
|
102
109
|
}
|
|
103
|
-
exports.getUser = getUser;
|
|
104
110
|
// Express middleware to guard against unauthorized access. Writes the username to the request object
|
|
105
111
|
function authGuard(req, res, next) {
|
|
106
112
|
return __awaiter(this, void 0, void 0, function* () {
|
|
@@ -128,7 +134,6 @@ function authGuard(req, res, next) {
|
|
|
128
134
|
}
|
|
129
135
|
});
|
|
130
136
|
}
|
|
131
|
-
exports.authGuard = authGuard;
|
|
132
137
|
function logoutHandler(req, res) {
|
|
133
138
|
res.cookie("Refresh-Token", "", {
|
|
134
139
|
path: config_1.RuntimeConfig.authPath,
|
|
@@ -137,7 +142,7 @@ function logoutHandler(req, res) {
|
|
|
137
142
|
secure: !config_1.ServerConfig.httpOnly,
|
|
138
143
|
sameSite: "strict"
|
|
139
144
|
});
|
|
140
|
-
return res.
|
|
145
|
+
return res.redirect(`${config_1.RuntimeConfig.dashboardAddress}`);
|
|
141
146
|
}
|
|
142
147
|
function handleCheckAuth(req, res) {
|
|
143
148
|
res.json({
|
|
@@ -145,15 +150,19 @@ function handleCheckAuth(req, res) {
|
|
|
145
150
|
username: req.username
|
|
146
151
|
});
|
|
147
152
|
}
|
|
148
|
-
exports.authRouter =
|
|
153
|
+
exports.authRouter = express_1.default.Router();
|
|
149
154
|
if (config_1.ServerConfig.authProviders.oidc) {
|
|
150
155
|
exports.authRouter.get("/logout", util_1.noCache, oidc_1.oidcLogoutHandler);
|
|
151
156
|
exports.authRouter.get("/oidcCallback", util_1.noCache, callbackHandler);
|
|
152
157
|
exports.authRouter.get("/login", util_1.noCache, loginHandler);
|
|
153
158
|
}
|
|
159
|
+
else if (config_1.ServerConfig.authProviders.google) {
|
|
160
|
+
exports.authRouter.post("/googleCallback", util_1.noCache, callbackHandler);
|
|
161
|
+
exports.authRouter.get("/logout", util_1.noCache, logoutHandler);
|
|
162
|
+
}
|
|
154
163
|
else {
|
|
155
164
|
exports.authRouter.post("/login", util_1.noCache, loginHandler);
|
|
156
|
-
exports.authRouter.
|
|
165
|
+
exports.authRouter.get("/logout", util_1.noCache, logoutHandler);
|
|
157
166
|
}
|
|
158
167
|
exports.authRouter.post("/refresh", util_1.noCache, refreshHandler);
|
|
159
168
|
exports.authRouter.get("/status", authGuard, util_1.noCache, handleCheckAuth);
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AA0EA,kCAUC;AAED,0BAOC;AAGD,8BAqBC;AArHD,oCAAqC;AACrC,sDAA0C;AAC1C,kCAAgC;AAEhC,sCAAsD;AACtD,yCAAqE;AACrE,mCAA2E;AAC3E,iCAAoJ;AACpJ,iCAA2C;AAC3C,+BAAyC;AACzC,qCAA6E;AAE7E,2CAA2C;AAC3C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAoB,CAAC;AACnD,qCAAqC;AACrC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;AAE5C,IAAI,YAAY,GAAmB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC5C,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC;AAC9D,CAAC,CAAC;AAEF,IAAI,cAAc,GAAwB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACnD,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,+BAA+B,EAAC,CAAC;AACtE,CAAC,CAAC;AAEF,IAAI,eAAe,GAAwB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACpD,MAAM,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,kCAAkC,EAAC,CAAC;AACzE,CAAC,CAAC;AAEF,kBAAkB;AAClB,IAAI,qBAAY,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC;IACjC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,GAAG,CAAC;IAChD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,IAAA,wBAAkB,EAAC,QAAQ,CAAC,CAAC;IAC5C,cAAc,GAAG,IAAA,mCAA2B,EAAC,QAAQ,CAAC,CAAC;AAC3D,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC;IACjD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,YAAY,GAAG,IAAA,0BAAmB,EAAC,QAAQ,CAAC,CAAC;IAC7C,cAAc,GAAG,IAAA,mCAA2B,EAAC,QAAQ,CAAC,CAAC;AAC3D,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,MAAM,CAAC;IACnD,IAAA,6BAAqB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IAChD,cAAc,GAAG,IAAA,qCAA4B,EAAC,QAAQ,CAAC,CAAC;IACxD,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAA,8BAAqB,EAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC1E,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;QAC3B,IAAA,yBAAc,EAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;IACxE,CAAC;AACL,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;IAC7C,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,QAAQ,CAAC;IACrD,IAAA,oCAAyB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC;IAC3C,IAAI,SAAS,EAAE,CAAC;QACZ,IAAA,yBAAc,EAAC,QAAQ,EAAE,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC1D,CAAC;AACL,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,qBAAY,CAAC,aAAa,CAAC,IAAI,CAAC;IACjD,IAAA,gCAAyB,EAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACpD,cAAc,GAAG,IAAA,sCAA+B,EAAC,QAAQ,CAAC,CAAC;IAC3D,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAA,qBAAc,EAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAChE,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAA,0BAAmB,EAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACxE,IAAA,eAAQ,EAAC,QAAQ,CAAC,CAAC;IACnB,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,SAAS,QAAQ,CAAC,eAAe,mBAAmB,CAAC,CAAC;QAClE,IAAA,yBAAc,EAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;IACxE,CAAC;AACL,CAAC;AAED,iCAAiC;AACjC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACvB,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,SAAsB,WAAW,CAAC,YAAoB;;QAClD,MAAM,SAAS,GAAQ,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAEhD,IAAI,SAAS,IAAI,SAAS,CAAC,GAAG,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACX,OAAO,MAAM,QAAQ,CAAC,YAAY,CAAC,CAAC;YACxC,CAAC;QACL,CAAC;QACD,OAAO,SAAS,CAAC;IACrB,CAAC;CAAA;AAED,SAAgB,OAAO,CAAC,QAAgB,EAAE,MAAc;IACpD,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,OAAO,EAAE,CAAC;QACV,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjC,CAAC;SAAM,CAAC;QACJ,OAAO,QAAQ,CAAC;IACpB,CAAC;AACL,CAAC;AAED,qGAAqG;AACrG,SAAsB,SAAS,CAAC,GAAyB,EAAE,GAAqB,EAAE,IAA0B;;QACxG,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC;QAC9B,IAAI,WAAW,EAAE,CAAC;YACd,IAAI,CAAC;gBACD,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;gBAE7C,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;oBAC5B,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;gBACvD,CAAC;qBAAM,CAAC;oBACJ,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClD,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;wBAClB,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC;oBACzB,CAAC;oBACD,IAAI,EAAE,CAAC;gBACX,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAC,CAAC,CAAC;YAClD,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;QACvD,CAAC;IACL,CAAC;CAAA;AAED,SAAS,aAAa,CAAC,GAAoB,EAAE,GAAqB;IAC9D,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;QAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;QAC5B,MAAM,EAAE,CAAC;QACT,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;QAC9B,QAAQ,EAAE,QAAQ;KACrB,CAAC,CAAC;IACC,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,eAAe,CAAC,GAAyB,EAAE,GAAqB;IACrE,GAAG,CAAC,IAAI,CAAC;QACL,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACzB,CAAC,CAAC;AACP,CAAC;AAEY,QAAA,UAAU,GAAG,iBAAO,CAAC,MAAM,EAAE,CAAC;AAC3C,IAAI,qBAAY,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;IAClC,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,cAAO,EAAE,wBAAiB,CAAC,CAAC;IACtD,kBAAU,CAAC,GAAG,CAAC,eAAe,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC;IAC1D,kBAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAO,EAAE,YAAY,CAAC,CAAC;AACpD,CAAC;KAAM,IAAI,qBAAY,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;IAC3C,kBAAU,CAAC,IAAI,CAAC,iBAAiB,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC;IAC7D,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,cAAO,EAAE,aAAa,CAAC,CAAC;AACtD,CAAC;KACI,CAAC;IACF,kBAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAO,EAAE,YAAY,CAAC,CAAC;IACjD,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,cAAO,EAAE,aAAa,CAAC,CAAC;AACtD,CAAC;AACD,kBAAU,CAAC,IAAI,CAAC,UAAU,EAAE,cAAO,EAAE,cAAc,CAAC,CAAC;AACrD,kBAAU,CAAC,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,cAAO,EAAE,eAAe,CAAC,CAAC"}
|
package/dist/auth/ldap.js
CHANGED
|
@@ -1,12 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
2
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.getLdapLoginHandler =
|
|
4
|
-
const
|
|
6
|
+
exports.getLdapLoginHandler = getLdapLoginHandler;
|
|
7
|
+
const ldapauth_fork_1 = __importDefault(require("ldapauth-fork"));
|
|
5
8
|
const local_1 = require("./local");
|
|
6
9
|
const util_1 = require("../util");
|
|
7
10
|
let ldap;
|
|
8
11
|
function getLdapLoginHandler(authConf) {
|
|
9
|
-
ldap = new
|
|
12
|
+
ldap = new ldapauth_fork_1.default(authConf.ldapOptions);
|
|
10
13
|
ldap.on("error", err => console.error("LdapAuth: ", err));
|
|
11
14
|
setTimeout(() => {
|
|
12
15
|
var _a;
|
|
@@ -51,7 +54,7 @@ function getLdapLoginHandler(authConf) {
|
|
|
51
54
|
if ((_a = errorObj === null || errorObj === void 0 ? void 0 : errorObj.name) === null || _a === void 0 ? void 0 : _a.includes("ConfidentialityRequiredError")) {
|
|
52
55
|
console.log(`TLS error encountered. Reconnecting to the LDAP server!`);
|
|
53
56
|
ldap.close();
|
|
54
|
-
ldap = new
|
|
57
|
+
ldap = new ldapauth_fork_1.default(authConf.ldapOptions);
|
|
55
58
|
ldap.on("error", err => console.error("LdapAuth: ", err));
|
|
56
59
|
// Wait for the connection to be re-established
|
|
57
60
|
setTimeout(() => {
|
|
@@ -64,5 +67,4 @@ function getLdapLoginHandler(authConf) {
|
|
|
64
67
|
});
|
|
65
68
|
};
|
|
66
69
|
}
|
|
67
|
-
exports.getLdapLoginHandler = getLdapLoginHandler;
|
|
68
70
|
//# sourceMappingURL=ldap.js.map
|
package/dist/auth/ldap.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":";;;;;AAQA,kDAwDC;AA/DD,kEAAqC;AAErC,mCAA4C;AAC5C,kCAA4D;AAE5D,IAAI,IAAc,CAAC;AAEnB,SAAgB,mBAAmB,CAAC,QAA6B;IAC7D,IAAI,GAAG,IAAI,uBAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1D,UAAU,CAAC,GAAG,EAAE;;QACZ,MAAM,aAAa,GAAG,MAAC,IAAY,aAAZ,IAAI,uBAAJ,IAAI,CAAU,WAAW,0CAAE,SAAS,CAAC;QAC5D,IAAI,aAAa,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;IACL,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;QACvF,CAAC;QAED,MAAM,UAAU,GAAG,CAAC,GAAmB,EAAE,IAAS,EAAE,EAAE;YAClD,IAAI,GAAG,EAAE,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;YAC/F,CAAC;YACD,IAAI,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,MAAK,QAAQ,EAAE,CAAC;gBACzB,OAAO,CAAC,IAAI,CAAC,sBAAsB,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,8BAA8B,QAAQ,GAAG,CAAC,CAAC;gBACvF,IAAA,iBAAU,EAAC,IAAI,CAAC,CAAC;YACrB,CAAC;YACD,IAAI,CAAC;gBACD,MAAM,GAAG,GAAG,IAAA,gBAAS,EAAC,QAAQ,CAAC,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,aAAa,CAAC,CAAC;gBAC5E,OAAO,IAAA,2BAAmB,EAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACxD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IAAA,mBAAY,EAAC,CAAC,CAAC,CAAC;gBAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;YACnF,CAAC;QACL,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;;YAClD,MAAM,QAAQ,GAAG,KAAc,CAAC;YAChC,oDAAoD;YACpD,IAAI,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,EAAE,CAAC;gBAC3D,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;gBACvE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,IAAI,GAAG,IAAI,uBAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC1D,+CAA+C;gBAC/C,UAAU,CAAC,GAAG,EAAE;oBACZ,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBACtD,CAAC,EAAE,GAAG,CAAC,CAAC;YACZ,CAAC;iBAAM,CAAC;gBACJ,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC5B,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC"}
|
package/dist/auth/local.js
CHANGED
|
@@ -1,4 +1,37 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
2
35
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
36
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
37
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
@@ -8,14 +41,21 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
41
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
42
|
});
|
|
10
43
|
};
|
|
44
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
45
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
46
|
+
};
|
|
11
47
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.
|
|
48
|
+
exports.TokenType = void 0;
|
|
49
|
+
exports.generateToken = generateToken;
|
|
50
|
+
exports.addTokensToResponse = addTokensToResponse;
|
|
51
|
+
exports.generateLocalVerifier = generateLocalVerifier;
|
|
52
|
+
exports.generateLocalRefreshHandler = generateLocalRefreshHandler;
|
|
13
53
|
const types_1 = require("../types");
|
|
14
|
-
const fs = require("fs");
|
|
54
|
+
const fs = __importStar(require("fs"));
|
|
15
55
|
const jwt = require("jsonwebtoken");
|
|
16
56
|
const index_1 = require("./index");
|
|
17
57
|
const config_1 = require("../config");
|
|
18
|
-
const
|
|
58
|
+
const ms_1 = __importDefault(require("ms"));
|
|
19
59
|
const util_1 = require("../util");
|
|
20
60
|
let privateKey;
|
|
21
61
|
var TokenType;
|
|
@@ -23,7 +63,7 @@ var TokenType;
|
|
|
23
63
|
TokenType[TokenType["Access"] = 0] = "Access";
|
|
24
64
|
TokenType[TokenType["Refresh"] = 1] = "Refresh";
|
|
25
65
|
TokenType[TokenType["Scripting"] = 2] = "Scripting";
|
|
26
|
-
})(TokenType
|
|
66
|
+
})(TokenType || (exports.TokenType = TokenType = {}));
|
|
27
67
|
function generateToken(authConf, username, tokenType) {
|
|
28
68
|
if (!privateKey) {
|
|
29
69
|
privateKey = fs.readFileSync(authConf.privateKeyLocation);
|
|
@@ -49,12 +89,11 @@ function generateToken(authConf, username, tokenType) {
|
|
|
49
89
|
}
|
|
50
90
|
return jwt.sign(payload, privateKey, options);
|
|
51
91
|
}
|
|
52
|
-
exports.generateToken = generateToken;
|
|
53
92
|
function addTokensToResponse(res, authConf, username) {
|
|
54
93
|
const refreshToken = generateToken(authConf, username, TokenType.Refresh);
|
|
55
94
|
res.cookie("Refresh-Token", refreshToken, {
|
|
56
95
|
path: config_1.RuntimeConfig.authPath,
|
|
57
|
-
maxAge:
|
|
96
|
+
maxAge: (0, ms_1.default)(authConf.refreshTokenAge),
|
|
58
97
|
httpOnly: true,
|
|
59
98
|
secure: !config_1.ServerConfig.httpOnly,
|
|
60
99
|
sameSite: "strict"
|
|
@@ -63,10 +102,9 @@ function addTokensToResponse(res, authConf, username) {
|
|
|
63
102
|
res.json({
|
|
64
103
|
access_token,
|
|
65
104
|
token_type: "bearer",
|
|
66
|
-
expires_in:
|
|
105
|
+
expires_in: (0, ms_1.default)(authConf.accessTokenAge) / 1000
|
|
67
106
|
});
|
|
68
107
|
}
|
|
69
|
-
exports.addTokensToResponse = addTokensToResponse;
|
|
70
108
|
function generateLocalVerifier(verifierMap, authConf) {
|
|
71
109
|
const publicKey = fs.readFileSync(authConf.publicKeyLocation);
|
|
72
110
|
verifierMap.set(authConf.issuer, cookieString => {
|
|
@@ -79,7 +117,6 @@ function generateLocalVerifier(verifierMap, authConf) {
|
|
|
79
117
|
}
|
|
80
118
|
});
|
|
81
119
|
}
|
|
82
|
-
exports.generateLocalVerifier = generateLocalVerifier;
|
|
83
120
|
function generateLocalRefreshHandler(authConf) {
|
|
84
121
|
return (req, res, next) => __awaiter(this, void 0, void 0, function* () {
|
|
85
122
|
var _a;
|
|
@@ -102,7 +139,7 @@ function generateLocalRefreshHandler(authConf) {
|
|
|
102
139
|
access_token,
|
|
103
140
|
token_type: "bearer",
|
|
104
141
|
username: refreshToken.username,
|
|
105
|
-
expires_in:
|
|
142
|
+
expires_in: (0, ms_1.default)(scriptingToken ? authConf.scriptingTokenAge : authConf.accessTokenAge) / 1000
|
|
106
143
|
});
|
|
107
144
|
}
|
|
108
145
|
}
|
|
@@ -115,5 +152,4 @@ function generateLocalRefreshHandler(authConf) {
|
|
|
115
152
|
}
|
|
116
153
|
});
|
|
117
154
|
}
|
|
118
|
-
exports.generateLocalRefreshHandler = generateLocalRefreshHandler;
|
|
119
155
|
//# sourceMappingURL=local.js.map
|
package/dist/auth/local.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/auth/local.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/auth/local.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA,sCA2BC;AAED,kDAiBC;AAED,sDAUC;AAED,kEA6BC;AA3GD,oCAA+F;AAC/F,uCAAyB;AACzB,oCAAqC;AAGrC,mCAAoC;AACpC,sCAAsD;AACtD,4CAAoB;AACpB,kCAAkC;AAElC,IAAI,UAAkB,CAAC;AAEvB,IAAY,SAIX;AAJD,WAAY,SAAS;IACjB,6CAAM,CAAA;IACN,+CAAO,CAAA;IACP,mDAAS,CAAA;AACb,CAAC,EAJW,SAAS,yBAAT,SAAS,QAIpB;AAED,SAAgB,aAAa,CAAC,QAA8B,EAAE,QAAgB,EAAE,SAAoB;IAChG,IAAI,CAAC,UAAU,EAAE,CAAC;QACd,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,CAAC,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,MAAM,OAAO,GAAQ;QACjB,GAAG,EAAE,QAAQ,CAAC,MAAM;QACpB,QAAQ;KACX,CAAC;IAEF,MAAM,OAAO,GAAoB;QAC7B,SAAS,EAAE,QAAQ,CAAC,YAAY;QAChC,SAAS,EAAE,QAAQ,CAAC,cAAc;KACrC,CAAC;IAEF,IAAI,SAAS,KAAK,SAAS,CAAC,OAAO,EAAE,CAAC;QAClC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;QACvB,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC;IACjD,CAAC;SAAM,IAAI,SAAS,KAAK,SAAS,CAAC,SAAS,EAAE,CAAC;QAC3C,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,SAAS,GAAG,QAAQ,CAAC,iBAAiB,CAAC;IACnD,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AAClD,CAAC;AAED,SAAgB,mBAAmB,CAAC,GAAqB,EAAE,QAA8B,EAAE,QAAgB;IACvG,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,OAAO,CAAC,CAAC;IAC1E,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,YAAY,EAAE;QACtC,IAAI,EAAE,sBAAa,CAAC,QAAQ;QAC5B,MAAM,EAAE,IAAA,YAAE,EAAC,QAAQ,CAAC,eAAyB,CAAC;QAC9C,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;QAC9B,QAAQ,EAAE,QAAQ;KACrB,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC;IAEzE,GAAG,CAAC,IAAI,CAAC;QACL,YAAY;QACZ,UAAU,EAAE,QAAQ;QACpB,UAAU,EAAE,IAAA,YAAE,EAAC,QAAQ,CAAC,cAAwB,CAAC,GAAG,IAAI;KAC3D,CAAC,CAAC;AACP,CAAC;AAED,SAAgB,qBAAqB,CAAC,WAAkC,EAAE,QAA8B;IACpG,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAC9D,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE;QAC5C,MAAM,OAAO,GAAQ,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,EAAE,EAAC,SAAS,EAAE,QAAQ,CAAC,YAAY,EAAkB,CAAC,CAAC;QAC9G,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC7C,OAAO,OAAO,CAAC;QACnB,CAAC;aAAM,CAAC;YACJ,OAAO,SAAS,CAAC;QACrB,CAAC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAgB,2BAA2B,CAAC,QAA8B;IACtE,OAAO,CAAO,GAAoB,EAAE,GAAqB,EAAE,IAA0B,EAAE,EAAE;;QACrF,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QACpD,IAAI,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACD,MAAM,YAAY,GAAG,MAAM,IAAA,mBAAW,EAAC,kBAAkB,CAAC,CAAC;gBAC3D,IAAI,CAAC,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;oBACnE,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAC,CAAC,CAAC;gBACvD,CAAC;qBAAM,IAAI,cAAc,IAAI,qBAAY,CAAC,eAAe,KAAK,uBAAe,CAAC,OAAO,EAAE,CAAC;oBACpF,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,8CAA8C,EAAC,CAAC,CAAC;gBACrF,CAAC;qBAAM,CAAC;oBACJ,MAAM,GAAG,GAAG,IAAA,gBAAS,EAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;oBAC7C,MAAM,YAAY,GAAG,aAAa,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;oBAC7H,OAAO,CAAC,GAAG,CAAC,aAAa,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,mBAAmB,YAAY,CAAC,QAAQ,aAAa,GAAG,EAAE,CAAC,CAAC;oBAC5H,GAAG,CAAC,IAAI,CAAC;wBACL,YAAY;wBACZ,UAAU,EAAE,QAAQ;wBACpB,QAAQ,EAAE,YAAY,CAAC,QAAQ;wBAC/B,UAAU,EAAE,IAAA,YAAE,EAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAE,QAAQ,CAAC,cAAyB,CAAC,GAAG,IAAI;qBAC3G,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;YAC9D,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAC,CAAC,CAAC;QAC9D,CAAC;IACL,CAAC,CAAA,CAAC;AACN,CAAC"}
|