carta-controller 5.1.1 → 6.0.0-beta.1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/auth/oidc.js CHANGED
@@ -51,12 +51,12 @@ exports.generateLocalOidcVerifier = generateLocalOidcVerifier;
51
51
  exports.oidcLoginStart = oidcLoginStart;
52
52
  exports.oidcCallbackHandler = oidcCallbackHandler;
53
53
  exports.oidcLogoutHandler = oidcLogoutHandler;
54
+ const node_crypto_1 = require("node:crypto");
55
+ const fs = __importStar(require("node:fs"));
54
56
  const axios_1 = __importDefault(require("axios"));
55
- const fs = __importStar(require("fs"));
56
57
  const jose = __importStar(require("jose"));
57
- const util_1 = require("../util");
58
58
  const config_1 = require("../config");
59
- const crypto_1 = require("crypto");
59
+ const util_1 = require("../util");
60
60
  const oidcRefreshManager_1 = require("./oidcRefreshManager");
61
61
  let privateKey;
62
62
  let publicKey;
@@ -71,36 +71,54 @@ function initOidc(authConf) {
71
71
  return __awaiter(this, void 0, void 0, function* () {
72
72
  var _a;
73
73
  // Load public & private keys
74
- publicKey = (0, crypto_1.createPublicKey)(fs.readFileSync(authConf.localPublicKeyLocation));
75
- privateKey = (0, crypto_1.createPrivateKey)(fs.readFileSync(authConf.localPrivateKeyLocation));
76
- symmetricKey = (0, crypto_1.createSecretKey)(Buffer.from(fs.readFileSync(authConf.symmetricKeyLocation, 'utf-8'), 'base64'));
74
+ try {
75
+ publicKey = (0, node_crypto_1.createPublicKey)(fs.readFileSync(authConf.localPublicKeyLocation));
76
+ }
77
+ catch (e) {
78
+ util_1.logger.crit(`Failed to read public key: ${e.message}`);
79
+ process.exit(1);
80
+ }
81
+ try {
82
+ privateKey = (0, node_crypto_1.createPrivateKey)(fs.readFileSync(authConf.localPrivateKeyLocation));
83
+ }
84
+ catch (e) {
85
+ util_1.logger.crit(`Failed to read private key: ${e.message}`);
86
+ process.exit(1);
87
+ }
88
+ try {
89
+ symmetricKey = (0, node_crypto_1.createSecretKey)(Buffer.from(fs.readFileSync(authConf.symmetricKeyLocation, "utf-8"), "base64"));
90
+ }
91
+ catch (e) {
92
+ util_1.logger.crit(`Failed to read symmetric key: ${e.message}`);
93
+ process.exit(1);
94
+ }
77
95
  // Parse details of IdP from metadata URL
78
- const idpConfig = yield axios_1.default.get(authConf.idpUrl + "/.well-known/openid-configuration");
79
- oidcAuthEndpoint = idpConfig.data['authorization_endpoint'];
80
- oidcIssuer = idpConfig.data['issuer'];
81
- oidcLogoutEndpoint = idpConfig.data['end_session_endpoint'];
82
- oidcTokenEndpoint = idpConfig.data['token_endpoint'];
96
+ const idpConfig = yield axios_1.default.get(`${authConf.idpUrl}/.well-known/openid-configuration`);
97
+ oidcAuthEndpoint = idpConfig.data.authorization_endpoint;
98
+ oidcIssuer = idpConfig.data.issuer;
99
+ oidcLogoutEndpoint = idpConfig.data.end_session_endpoint;
100
+ oidcTokenEndpoint = idpConfig.data.token_endpoint;
83
101
  // Init JWKS key management
84
- util_1.logger.info(`Setting up JWKS management for ${idpConfig.data['jwks_uri']}`);
85
- jwksManager = jose.createRemoteJWKSet(new URL(idpConfig.data['jwks_uri']));
102
+ util_1.logger.info(`Setting up JWKS management for ${idpConfig.data.jwks_uri}`);
103
+ jwksManager = jose.createRemoteJWKSet(new URL(idpConfig.data.jwks_uri));
86
104
  // Set logout redirect URL
87
105
  if (authConf.postLogoutRedirect !== undefined) {
88
106
  postLogoutRedirect = authConf.postLogoutRedirect;
89
107
  }
90
108
  else {
91
- postLogoutRedirect = (_a = config_1.ServerConfig.serverAddress) !== null && _a !== void 0 ? _a : '';
109
+ postLogoutRedirect = (_a = config_1.ServerConfig.serverAddress) !== null && _a !== void 0 ? _a : "";
92
110
  }
93
111
  // Init refresh token management
94
112
  yield (0, oidcRefreshManager_1.initRefreshManager)();
95
113
  });
96
114
  }
97
115
  function returnErrorMsg(req, res, statusCode, msg) {
98
- if (req.header('accept') == 'application/json') {
116
+ if (req.header("accept") === "application/json") {
99
117
  return res.status(statusCode).json({ statusCode: statusCode, message: msg });
100
118
  }
101
119
  else {
102
120
  // Errors are presented to the user on the dashboard rather than returned via JSON messages
103
- return res.redirect(`${new URL(`${config_1.RuntimeConfig.dashboardAddress}`, config_1.ServerConfig.serverAddress).href}?${new URLSearchParams({ 'err': msg }).toString()}`);
121
+ return res.redirect(`${new URL(`${config_1.RuntimeConfig.dashboardAddress}`, config_1.ServerConfig.serverAddress).href}?${new URLSearchParams({ err: msg }).toString()}`);
104
122
  }
105
123
  }
106
124
  // A helper function as initial call to the IdP token endpoint and renewals are mostly the same
@@ -112,32 +130,31 @@ function callIdpTokenEndpoint(usp_1, req_1, res_1, authConf_1) {
112
130
  usp.set("scope", authConf.scope);
113
131
  try {
114
132
  const result = yield axios_1.default.post(`${oidcTokenEndpoint}`, usp);
115
- if (result.status != 200) {
133
+ if (result.status !== 200) {
116
134
  return returnErrorMsg(req, res, 500, "Authentication error");
117
135
  }
118
- const { payload, protectedHeader } = yield jose.jwtVerify(result.data['id_token'], jwksManager, {
119
- issuer: oidcIssuer,
136
+ const { payload } = yield jose.jwtVerify(result.data.id_token, jwksManager, {
137
+ issuer: oidcIssuer
120
138
  });
121
139
  // Check audience
122
- if (payload.aud != authConf.clientId) {
140
+ if (payload.aud !== authConf.clientId) {
123
141
  return returnErrorMsg(req, res, 500, "Service received an ID token directed to a different service");
124
142
  }
125
143
  // Create / retrieve session encryption key
126
144
  if (sessionEncKey === undefined) {
127
- sessionEncKey = (0, crypto_1.randomBytes)(32);
145
+ sessionEncKey = (0, node_crypto_1.randomBytes)(32);
128
146
  }
129
- let username = payload[authConf.uniqueField];
147
+ const username = payload[authConf.uniqueField];
130
148
  if (username === undefined) {
131
149
  return returnErrorMsg(req, res, 500, "Unable to match to a local user");
132
150
  }
133
151
  // Update DB to reflect new token + associated access token expiry
134
- if (result.data['refresh_token'] !== undefined) {
135
- (0, oidcRefreshManager_1.setRefreshToken)(username, sessionId, result.data['refresh_token'], sessionEncKey, parseInt(result.data['refresh_expires_in']));
152
+ if ("refresh_token" in result.data && result.data.refresh_token != null) {
153
+ (0, oidcRefreshManager_1.setRefreshToken)(username, sessionId, result.data.refresh_token, sessionEncKey, parseInt(result.data.refresh_expires_in));
136
154
  }
137
- const refreshExpiry = result.data['refresh_expires_in'] !== undefined ? result.data['refresh_expires_in'] : result.data['expires_in'];
138
- //refreshData['access_token_expiry'] = floor(new Date().getTime() / 1000) + result.data['expires_in'];
139
- if (result.data['expires_in'] !== undefined) {
140
- (0, oidcRefreshManager_1.setAccessTokenExpiry)(username, sessionId, parseInt(result.data['expires_in']));
155
+ const refreshExpiry = result.data.refresh_expires_in !== undefined ? result.data.refresh_expires_in : result.data.expires_in;
156
+ if ("expires_in" in result.data && result.data.expires_in != null) {
157
+ (0, oidcRefreshManager_1.setAccessTokenExpiry)(username, sessionId, parseInt(result.data.expires_in));
141
158
  }
142
159
  // Check group membership
143
160
  if (authConf.requiredGroup !== undefined) {
@@ -160,14 +177,9 @@ function callIdpTokenEndpoint(usp_1, req_1, res_1, authConf_1) {
160
177
  const refreshData = {
161
178
  username,
162
179
  sessionId,
163
- sessionEncKey: sessionEncKey.toString('hex')
180
+ sessionEncKey: sessionEncKey.toString("hex")
164
181
  };
165
- const rt = yield new jose.EncryptJWT(refreshData)
166
- .setProtectedHeader({ alg: 'dir', enc: authConf.symmetricKeyType })
167
- .setIssuedAt()
168
- .setIssuer(authConf.issuer)
169
- .setExpirationTime(`${refreshExpiry}s`)
170
- .encrypt(symmetricKey);
182
+ const rt = yield new jose.EncryptJWT(refreshData).setProtectedHeader({ alg: "dir", enc: authConf.symmetricKeyType }).setIssuedAt().setIssuer(authConf.issuer).setExpirationTime(`${refreshExpiry}s`).encrypt(symmetricKey);
171
183
  res.cookie("Refresh-Token", rt, {
172
184
  path: config_1.RuntimeConfig.authPath,
173
185
  maxAge: parseInt(refreshExpiry) * 1000,
@@ -175,8 +187,8 @@ function callIdpTokenEndpoint(usp_1, req_1, res_1, authConf_1) {
175
187
  secure: !config_1.ServerConfig.httpOnly,
176
188
  sameSite: "strict"
177
189
  });
178
- if (result.data['id_token'] !== undefined) {
179
- res.cookie("Logout-Token", result.data['id_token'], {
190
+ if (result.data.id_token !== undefined) {
191
+ res.cookie("Logout-Token", result.data.id_token, {
180
192
  path: config_1.RuntimeConfig.logoutAddress,
181
193
  httpOnly: true,
182
194
  secure: !config_1.ServerConfig.httpOnly,
@@ -186,32 +198,27 @@ function callIdpTokenEndpoint(usp_1, req_1, res_1, authConf_1) {
186
198
  // After login redirect to the dashboard, but otherwise return a bearer token
187
199
  if (isLogin) {
188
200
  const loginUsp = new URLSearchParams();
189
- loginUsp.set('oidcuser', `${username}`);
190
- if (req.cookies['redirectParams']) {
191
- loginUsp.set('redirectParams', req.cookies['redirectParams']);
192
- res.cookie('redirectParams', '', {
201
+ loginUsp.set("oidcuser", `${username}`);
202
+ if (req.cookies.redirectParams) {
203
+ loginUsp.set("redirectParams", req.cookies.redirectParams);
204
+ res.cookie("redirectParams", "", {
193
205
  maxAge: 600000,
194
206
  httpOnly: true,
195
- secure: !config_1.ServerConfig.httpOnly,
207
+ secure: !config_1.ServerConfig.httpOnly
196
208
  });
197
209
  }
198
210
  return res.redirect(`${new URL(`${config_1.RuntimeConfig.dashboardAddress}`, config_1.ServerConfig.serverAddress).href}?${loginUsp.toString()}`);
199
211
  }
200
212
  else {
201
- let newAccessToken = { username };
213
+ const newAccessToken = { username: `${username}` };
202
214
  if (scriptingToken)
203
- newAccessToken['scripting'] = true;
204
- const newAccessTokenJWT = yield new jose.SignJWT(newAccessToken)
205
- .setProtectedHeader({ alg: authConf.keyAlgorithm })
206
- .setIssuedAt()
207
- .setIssuer(authConf.issuer)
208
- .setExpirationTime(`${result.data['expires_in']}s`)
209
- .sign(privateKey);
215
+ newAccessToken.scripting = true;
216
+ const newAccessTokenJWT = yield new jose.SignJWT(newAccessToken).setProtectedHeader({ alg: authConf.keyAlgorithm }).setIssuedAt().setIssuer(authConf.issuer).setExpirationTime(`${result.data.expires_in}s`).sign(privateKey);
210
217
  return res.json({
211
218
  access_token: newAccessTokenJWT,
212
219
  token_type: "bearer",
213
220
  username: payload.username,
214
- expires_in: result.data['expires_in']
221
+ expires_in: result.data.expires_in
215
222
  });
216
223
  }
217
224
  }
@@ -229,7 +236,7 @@ function generateLocalOidcRefreshHandler(authConf) {
229
236
  if (refreshTokenCookie) {
230
237
  try {
231
238
  // Verify that the token is legit
232
- const { payload, protectedHeader } = yield jose.jwtDecrypt(refreshTokenCookie, symmetricKey, {
239
+ const { payload } = yield jose.jwtDecrypt(refreshTokenCookie, symmetricKey, {
233
240
  issuer: authConf.issuer
234
241
  });
235
242
  try {
@@ -238,18 +245,19 @@ function generateLocalOidcRefreshHandler(authConf) {
238
245
  }
239
246
  }
240
247
  catch (err) {
248
+ util_1.logger.debug(err);
241
249
  return returnErrorMsg(req, res, 500, "Locking error");
242
250
  }
243
251
  try {
244
252
  // Check if access token validity is there and at least cacheAccessTokenMinValidity seconds from expiry
245
253
  const remainingValidity = yield (0, oidcRefreshManager_1.getAccessTokenExpiry)(payload.username, payload.sessionId);
246
254
  if (remainingValidity > authConf.cacheAccessTokenMinValidity) {
247
- let newAccessToken = {
248
- username: payload.username,
255
+ const newAccessToken = {
256
+ username: `${payload.username}`,
249
257
  expires_in: remainingValidity
250
258
  };
251
259
  if (scriptingToken)
252
- newAccessToken['scripting'] = true;
260
+ newAccessToken.scripting = true;
253
261
  const newAccessTokenJWT = yield new jose.SignJWT(newAccessToken)
254
262
  .setProtectedHeader({ alg: authConf.keyAlgorithm })
255
263
  .setIssuedAt()
@@ -266,10 +274,10 @@ function generateLocalOidcRefreshHandler(authConf) {
266
274
  else {
267
275
  // Need to request a new token from upstream
268
276
  const usp = new URLSearchParams();
269
- const sessionEncKey = Buffer.from(`${payload === null || payload === void 0 ? void 0 : payload.sessionEncKey}`, 'hex');
277
+ const sessionEncKey = Buffer.from(`${payload === null || payload === void 0 ? void 0 : payload.sessionEncKey}`, "hex");
270
278
  usp.set("grant_type", "refresh_token");
271
279
  usp.set("refresh_token", `${yield (0, oidcRefreshManager_1.getRefreshToken)(payload.username, payload.sessionId, sessionEncKey)}`);
272
- return yield callIdpTokenEndpoint(usp, req, res, authConf, scriptingToken, false, `${payload['sessionId']}`, sessionEncKey);
280
+ return yield callIdpTokenEndpoint(usp, req, res, authConf, scriptingToken, false, `${payload.sessionId}`, sessionEncKey);
273
281
  }
274
282
  }
275
283
  finally {
@@ -277,6 +285,7 @@ function generateLocalOidcRefreshHandler(authConf) {
277
285
  }
278
286
  }
279
287
  catch (err) {
288
+ util_1.logger.debug(err);
280
289
  return returnErrorMsg(req, res, 400, "Invalid refresh token");
281
290
  }
282
291
  }
@@ -300,43 +309,38 @@ function oidcLoginStart(req, res, authConf) {
300
309
  try {
301
310
  const usp = new URLSearchParams();
302
311
  // Generate PKCE verifier & challenge
303
- const urlSafeChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~";
304
- const codeVerifier = Array.from({ length: 64 }, (_, i) => urlSafeChars[Math.floor(Math.random() * urlSafeChars.length)]).join("");
305
- const encryptedCodeVerifier = yield new jose.CompactEncrypt(new TextEncoder().encode(codeVerifier))
306
- .setProtectedHeader({ alg: 'RSA-OAEP', enc: 'A128GCM' })
307
- .encrypt(publicKey);
308
- res.cookie('oidcVerifier', encryptedCodeVerifier, {
312
+ const codeVerifier = (0, util_1.generateUrlSafeString)(64);
313
+ const encryptedCodeVerifier = yield new jose.CompactEncrypt(new TextEncoder().encode(codeVerifier)).setProtectedHeader({ alg: "RSA-OAEP", enc: "A128GCM" }).encrypt(publicKey);
314
+ res.cookie("oidcVerifier", encryptedCodeVerifier, {
309
315
  maxAge: 600000,
310
316
  httpOnly: true,
311
- secure: !config_1.ServerConfig.httpOnly,
317
+ secure: !config_1.ServerConfig.httpOnly
312
318
  });
313
- const codeChallenge = (0, crypto_1.createHash)('sha256')
314
- .update(codeVerifier, 'utf-8')
315
- .digest('base64url');
316
- usp.set('code_challenge_method', 'S256');
317
- usp.set('code_challenge', codeChallenge);
319
+ const codeChallenge = (0, node_crypto_1.createHash)("sha256").update(codeVerifier, "utf-8").digest("base64url");
320
+ usp.set("code_challenge_method", "S256");
321
+ usp.set("code_challenge", codeChallenge);
318
322
  // Create session key
319
- const sessionId = Array.from({ length: 32 }, (_, i) => urlSafeChars[Math.floor(Math.random() * urlSafeChars.length)]).join("");
320
- res.cookie('sessionId', sessionId, {
323
+ const sessionId = (0, util_1.generateUrlSafeString)(32);
324
+ res.cookie("sessionId", sessionId, {
321
325
  maxAge: 600000,
322
326
  httpOnly: true,
323
- secure: !config_1.ServerConfig.httpOnly,
327
+ secure: !config_1.ServerConfig.httpOnly
324
328
  });
325
- usp.set('state', sessionId);
326
- usp.set('client_id', authConf.clientId);
327
- usp.set('redirect_uri', (new URL(config_1.RuntimeConfig.apiAddress + '/auth/oidcCallback', config_1.ServerConfig.serverAddress)).href);
328
- usp.set('response_type', 'code');
329
- usp.set('scope', authConf.scope);
329
+ usp.set("state", sessionId);
330
+ usp.set("client_id", authConf.clientId);
331
+ usp.set("redirect_uri", new URL(`${config_1.RuntimeConfig.apiAddress}/auth/oidcCallback`, config_1.ServerConfig.serverAddress).href);
332
+ usp.set("response_type", "code");
333
+ usp.set("scope", authConf.scope);
330
334
  // Allow arbitrary params to be passed for IdPs like Google that require additional ones
331
335
  for (const item of authConf.additionalAuthParams) {
332
336
  usp.set(item[0], item[1]);
333
337
  }
334
338
  // Store redirectParams to redirect post-login
335
- if ('redirectParams' in req.query) {
336
- res.cookie('redirectParams', req.query['redirectParams'], {
339
+ if ("redirectParams" in req.query) {
340
+ res.cookie("redirectParams", req.query.redirectParams, {
337
341
  maxAge: 600000,
338
342
  httpOnly: true,
339
- secure: !config_1.ServerConfig.httpOnly,
343
+ secure: !config_1.ServerConfig.httpOnly
340
344
  });
341
345
  }
342
346
  // Return redirect
@@ -352,25 +356,25 @@ function oidcCallbackHandler(req, res, authConf) {
352
356
  return __awaiter(this, void 0, void 0, function* () {
353
357
  try {
354
358
  const usp = new URLSearchParams();
355
- if (req.cookies['oidcVerifier'] === undefined) {
359
+ if (req.cookies.oidcVerifier === undefined) {
356
360
  return returnErrorMsg(req, res, 400, "Missing OIDC verifier");
357
361
  }
358
- if (req.cookies['sessionId'] === undefined) {
362
+ if (req.cookies.sessionId === undefined) {
359
363
  return returnErrorMsg(req, res, 400, "Missing session ID");
360
364
  }
361
- else if (req.cookies['sessionId'] != `${req.query.state}`) {
365
+ else if (`${req.cookies.sessionId}` !== `${req.query.state}`) {
362
366
  return returnErrorMsg(req, res, 400, "Invalid session ID");
363
367
  }
364
368
  else {
365
- res.clearCookie('sessionId');
369
+ res.clearCookie("sessionId");
366
370
  }
367
- const decryptedCodeVerifier = yield jose.compactDecrypt(req.cookies['oidcVerifier'], privateKey);
371
+ const decryptedCodeVerifier = yield jose.compactDecrypt(req.cookies.oidcVerifier, privateKey);
368
372
  const codeVerifier = new TextDecoder().decode(decryptedCodeVerifier.plaintext);
369
- usp.set('code_verifier', codeVerifier);
373
+ usp.set("code_verifier", codeVerifier);
370
374
  res.clearCookie("oidcVerifier");
371
375
  usp.set("code", `${req.query.code}`);
372
376
  usp.set("grant_type", "authorization_code");
373
- usp.set('redirect_uri', (new URL(config_1.RuntimeConfig.apiAddress + '/auth/oidcCallback', config_1.ServerConfig.serverAddress)).href);
377
+ usp.set("redirect_uri", new URL(`${config_1.RuntimeConfig.apiAddress}/auth/oidcCallback`, config_1.ServerConfig.serverAddress).href);
374
378
  return yield callIdpTokenEndpoint(usp, req, res, authConf, false, true, `${req.query.state}`, undefined);
375
379
  }
376
380
  catch (err) {
@@ -391,11 +395,11 @@ function oidcLogoutHandler(req, res) {
391
395
  });
392
396
  if (oidcLogoutEndpoint !== undefined) {
393
397
  // Redirect to the IdP to perform the logout
394
- let usp = new URLSearchParams();
395
- if (req.cookies['Logout-Token'] !== undefined) {
396
- usp.set('id_token_hint', req.cookies['Logout-Token']);
398
+ const usp = new URLSearchParams();
399
+ if (req.cookies["Logout-Token"] !== undefined) {
400
+ usp.set("id_token_hint", req.cookies["Logout-Token"]);
397
401
  }
398
- usp.set('post_logout_redirect_uri', postLogoutRedirect);
402
+ usp.set("post_logout_redirect_uri", postLogoutRedirect);
399
403
  res.cookie("Logout-Token", "", {
400
404
  path: config_1.RuntimeConfig.logoutAddress,
401
405
  maxAge: 0,
@@ -1 +1 @@
1
- {"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../src/auth/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,4BA2BC;AAiJD,0EA6DC;AAED,8DASC;AAED,wCAwDC;AAED,kDA6BC;AAED,8CAoCC;AA5YD,kDAA0B;AAE1B,uCAAyB;AACzB,2CAA6B;AAG7B,kCAAiC;AAEjC,sCAAsD;AAEtD,mCAAgH;AAChH,6DAA2L;AAE3L,IAAI,UAAqB,CAAC;AAC1B,IAAI,SAAoB,CAAC;AACzB,IAAI,YAAuB,CAAC;AAC5B,IAAI,WAA6E,CAAC;AAElF,IAAI,gBAAwB,CAAC;AAC7B,IAAI,UAAkB,CAAC;AACvB,IAAI,kBAA0B,CAAC;AAC/B,IAAI,iBAAyB,CAAC;AAE9B,IAAI,kBAA0B,CAAC;AAE/B,SAAsB,QAAQ,CAAC,QAA6B;;;QACxD,6BAA6B;QAC7B,SAAS,GAAG,IAAA,wBAAe,EAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC,CAAC;QAC9E,UAAU,GAAG,IAAA,yBAAgB,EAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC,CAAC;QACjF,YAAY,GAAG,IAAA,wBAAe,EAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QAE/G,yCAAyC;QACzC,MAAM,SAAS,GAAG,MAAM,eAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,mCAAmC,CAAC,CAAC;QACzF,gBAAgB,GAAG,SAAS,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAC5D,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtC,kBAAkB,GAAG,SAAS,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC5D,iBAAiB,GAAG,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAErD,2BAA2B;QAC3B,aAAM,CAAC,IAAI,CAAC,kCAAkC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC5E,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAE3E,0BAA0B;QAC1B,IAAI,QAAQ,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAC5C,kBAAkB,GAAG,QAAQ,CAAC,kBAAkB,CAAC;QACrD,CAAC;aACI,CAAC;YACF,kBAAkB,GAAG,MAAA,qBAAY,CAAC,aAAa,mCAAI,EAAE,CAAC;QAC1D,CAAC;QAED,gCAAgC;QAChC,MAAM,IAAA,uCAAkB,GAAE,CAAC;IAC/B,CAAC;CAAA;AAED,SAAS,cAAc,CAAE,GAAY,EAAE,GAAa,EAAE,UAAkB,EAAE,GAAW;IACjF,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,kBAAkB,EAAE,CAAC;QAC7C,OAAO,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAA;IAChF,CAAC;SACI,CAAC;QACF,2FAA2F;QAC3F,OAAO,GAAG,CAAC,QAAQ,CACf,GAAG,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,IAAI,eAAe,CAAC,EAAC,KAAK,EAAC,GAAG,EAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,CACpI,CAAC;IACN,CAAC;AACL,CAAC;AAED,+FAA+F;AAC/F,SAAe,oBAAoB;yDAAE,GAAoB,EAAE,GAAY,EAAE,GAAa,EACjD,QAA6B,EAAE,iBAA0B,KAAK,EAC9D,UAAmB,KAAK,EAAE,SAAiB,EAAE,aAAiC;QAE/G,sCAAsC;QACtC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxC,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,YAAY,CAAC,CAAC;QAChD,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;QAEjC,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,eAAK,CAAC,IAAI,CAAC,GAAG,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;gBACvB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,sBAAsB,CAAC,CAAC;YACjE,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,WAAW,EAAE;gBAC5F,MAAM,EAAE,UAAU;aACrB,CAAC,CAAC;YAEH,iBAAiB;YACjB,IAAI,OAAO,CAAC,GAAG,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACnC,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8DAA8D,CAAC,CAAC;YACzG,CAAC;YAED,2CAA2C;YAC3C,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAC9B,aAAa,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;YACpC,CAAC;YAED,IAAI,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC7C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACzB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,iCAAiC,CAAC,CAAC;YAC5E,CAAC;YAED,kEAAkE;YAClE,IAAI,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC7C,IAAA,oCAAe,EAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EACjD,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;YAChF,CAAC;YAED,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACtI,uGAAuG;YACvG,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC1C,IAAA,yCAAoB,EAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACnF,CAAC;YAED,yBAAyB;YACzB,IAAI,QAAQ,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;gBACvC,IAAI,OAAO,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,SAAS,EAAE,CAAC;oBACnD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,mDAAmD,CAAC,CAAC;gBAC9F,CAAC;gBACD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;gBACrD,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC3B,MAAM,SAAS,GAAa,SAAS,CAAC;oBACtC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,aAAa,EAAE,CAAC,EAAE,CAAC;wBACnD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,4BAA4B,CAAC,CAAC;oBACvE,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACJ,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wCAAwC,CAAC,CAAC;gBACnF,CAAC;YACL,CAAC;YAED,sBAAsB;YACtB,mGAAmG;YACnG,MAAM,WAAW,GAAG;gBAChB,QAAQ;gBACR,SAAS;gBACT,aAAa,EAAE,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC;aAC/C,CAAC;YACF,MAAM,EAAE,GAAG,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;iBAC5C,kBAAkB,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,gBAAgB,EAAE,CAAC;iBAClE,WAAW,EAAE;iBACb,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;iBAC1B,iBAAiB,CAAC,GAAG,aAAa,GAAG,CAAC;iBACtC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC3B,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;gBAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,GAAG,IAAI;gBACtC,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;gBACxC,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE;oBAChD,IAAI,EAAE,sBAAa,CAAC,aAAa;oBACjC,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;oBAC9B,QAAQ,EAAE,QAAQ;iBACrB,CAAC,CAAC;YACP,CAAC;YAED,6EAA6E;YAC7E,IAAI,OAAO,EAAE,CAAC;gBACV,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;gBACvC,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAC,GAAG,QAAQ,EAAE,CAAC,CAAC;gBACvC,IAAI,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;oBAChC,QAAQ,CAAC,GAAG,CAAC,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;oBAC9D,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,EAAE,EAAE;wBAC7B,MAAM,EAAE,MAAM;wBACd,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;qBACjC,CAAC,CAAC;gBACP,CAAC;gBACD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACnI,CAAC;iBACI,CAAC;gBACF,IAAI,cAAc,GAAG,EAAE,QAAQ,EAAE,CAAC;gBAClC,IAAI,cAAc;oBACd,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC;gBACvC,MAAM,iBAAiB,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;qBAC3D,kBAAkB,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC;qBAClD,WAAW,EAAE;qBACb,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;qBAC1B,iBAAiB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;qBAClD,IAAI,CAAC,UAAU,CAAC,CAAC;gBACtB,OAAO,GAAG,CAAC,IAAI,CAAC;oBACZ,YAAY,EAAE,iBAAiB;oBAC/B,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC;iBACxC,CAAC,CAAC;YACP,CAAC;QAEL,CAAC;QAAC,OAAM,GAAG,EAAE,CAAC;YACV,aAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,gDAAgD,CAAC,CAAC;QAC3F,CAAC;IACL,CAAC;CAAA;AAED,SAAgB,+BAA+B,CAAE,QAA6B;IAC1E,OAAO,CAAO,GAAY,EAAE,GAAa,EAAE,EAAE;;QACzC,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QAEpD,IAAI,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACD,iCAAiC;gBACjC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,YAAY,EAAE;oBACzF,MAAM,EAAE,QAAQ,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,IAAI,CAAC;oBACD,IAAI,CAAE,CAAA,MAAM,IAAA,uCAAkB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAC,EAAE,CAAC,CAAA,EAAE,CAAC;wBACpD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,mCAAmC,CAAC,CAAC;oBAC9E,CAAC;gBACL,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACX,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;gBAC1D,CAAC;gBAED,IAAI,CAAC;oBACD,uGAAuG;oBACvG,MAAM,iBAAiB,GAAG,MAAM,IAAA,yCAAoB,EAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;oBAC1F,IAAI,iBAAiB,GAAG,QAAQ,CAAC,2BAA2B,EAAE,CAAC;wBAC3D,IAAI,cAAc,GAAG;4BACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,UAAU,EAAE,iBAAiB;yBAChC,CAAC;wBACF,IAAI,cAAc;4BACd,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC;wBACvC,MAAM,iBAAiB,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;6BAC3D,kBAAkB,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC;6BAClD,WAAW,EAAE;6BACb,SAAS,CAAC,GAAG,MAAA,qBAAY,CAAC,aAAa,CAAC,IAAI,0CAAE,MAAM,EAAE,CAAC;6BACvD,iBAAiB,CAAC,GAAG,iBAAiB,GAAG,CAAC;6BAC1C,IAAI,CAAC,UAAU,CAAC,CAAC;wBAEtB,OAAO,GAAG,CAAC,IAAI,CAAC;4BACZ,YAAY,EAAE,iBAAiB;4BAC/B,UAAU,EAAE,QAAQ;4BACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,UAAU,EAAE,iBAAiB;yBAChC,CAAC,CAAC;oBACP,CAAC;yBAAM,CAAC;wBACJ,4CAA4C;wBAC5C,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;wBAClC,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,EAAE,EAAE,KAAK,CAAC,CAAC;wBACtE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;wBACvC,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,MAAM,IAAA,oCAAe,EAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;wBACzG,OAAO,MAAM,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;oBAChI,CAAC;gBACL,CAAC;wBAAS,CAAC;oBACP,MAAM,IAAA,uCAAkB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC;gBACjD,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;YAClE,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QAClE,CAAC;IACL,CAAC,CAAA,CAAA;AACL,CAAC;AAED,SAAgB,yBAAyB,CAAE,WAAkC,EAAE,QAA6B;IACxG,wEAAwE;IACxE,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAM,YAAY,EAAC,EAAE;QAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,EAAE;YAC1D,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;SACtC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,OAAO,CAAC;IAC1B,CAAC,CAAA,CAAC,CAAC;AACP,CAAC;AAED,SAAsB,cAAc,CAAE,GAAY,EAAE,GAAa,EAAE,QAA6B;;QAC5F,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;YAElC,qCAAqC;YACrC,MAAM,YAAY,GAAG,oEAAoE,CAAC;YAC1F,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,EAAC,MAAM,EAAC,EAAE,EAAC,EAAE,CAAC,CAAC,EAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC9H,MAAM,qBAAqB,GAAG,MAAM,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;iBAC9D,kBAAkB,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;iBACvD,OAAO,CAAC,SAAS,CAAC,CAAC;YAExD,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,qBAAqB,EAAE;gBAC9C,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;aACjC,CAAC,CAAC;YACH,MAAM,aAAa,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC;iBACrB,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC;iBAC7B,MAAM,CAAC,WAAW,CAAC,CAAA;YACxC,GAAG,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;YACzC,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;YAEzC,qBAAqB;YACrB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,EAAC,MAAM,EAAC,EAAE,EAAC,EAAE,CAAC,CAAC,EAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3H,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;aACjC,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAE5B,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxC,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,IAAI,GAAG,CAAC,sBAAa,CAAC,UAAU,GAAG,oBAAoB,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACrH,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YACjC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;YAEjC,wFAAwF;YACxF,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,oBAAoB,EAAE,CAAC;gBAC/C,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;YAC5B,CAAC;YAED,8CAA8C;YAC9C,IAAI,gBAAgB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBAChC,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE;oBACtD,MAAM,EAAE,MAAM;oBACd,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;iBACjC,CAAC,CAAC;YACP,CAAC;YAED,kBAAkB;YAClB,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,gBAAgB,IAAI,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA;AAED,SAAsB,mBAAmB,CAAC,GAAY,EAAE,GAAa,EAAE,QAA6B;;QAChG,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;YAElC,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC5C,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,SAAS,EAAE,CAAC;gBACzC,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAC/D,CAAC;iBAAM,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;gBAC1D,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YACjC,CAAC;YAED,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,UAAU,CAAC,CAAC;YACjG,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC;YAE/E,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;YACvC,GAAG,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YAChC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACrC,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;YAC5C,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,IAAI,GAAG,CAAC,sBAAa,CAAC,UAAU,GAAG,oBAAoB,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAErH,OAAO,MAAM,oBAAoB,CAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9G,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA;AAED,SAAsB,iBAAiB,CAAC,GAAY,EAAE,GAAa;;QAC/D,IAAI,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;gBAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;gBACnC,4CAA4C;gBAC5C,IAAI,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;gBAChC,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,SAAS,EAAE,CAAC;oBAC5C,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAA;gBACzD,CAAC;gBAED,GAAG,CAAC,GAAG,CAAC,0BAA0B,EAAE,kBAAkB,CAAC,CAAC;gBAExD,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,EAAE;oBAC3B,IAAI,EAAE,sBAAa,CAAC,aAAa;oBACjC,MAAM,EAAE,CAAC;oBACT,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;oBAC9B,QAAQ,EAAE,QAAQ;iBACrB,CAAC,CAAC;gBAEH,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,kBAAkB,IAAI,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YAEnE,CAAC;iBAAM,CAAC;gBACJ,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,qBAAY,CAAC,aAAa,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA"}
1
+ {"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../src/auth/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuBA,4BAyCC;AA4HD,0EA8DC;AAED,8DASC;AAED,wCAmDC;AAED,kDA6BC;AAED,8CAmCC;AA9XD,6CAAwH;AACxH,4CAA8B;AAC9B,kDAA0B;AAE1B,2CAA6B;AAE7B,sCAAsD;AAEtD,kCAAsD;AACtD,6DAA8K;AAE9K,IAAI,UAAqB,CAAC;AAC1B,IAAI,SAAoB,CAAC;AACzB,IAAI,YAAuB,CAAC;AAC5B,IAAI,WAA6E,CAAC;AAElF,IAAI,gBAAwB,CAAC;AAC7B,IAAI,UAAkB,CAAC;AACvB,IAAI,kBAA0B,CAAC;AAC/B,IAAI,iBAAyB,CAAC;AAE9B,IAAI,kBAA0B,CAAC;AAE/B,SAAsB,QAAQ,CAAC,QAA6B;;;QACxD,6BAA6B;QAC7B,IAAI,CAAC;YACD,SAAS,GAAG,IAAA,6BAAe,EAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC,CAAC;QAClF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QACD,IAAI,CAAC;YACD,UAAU,GAAG,IAAA,8BAAgB,EAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC,CAAC;QACrF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QACD,IAAI,CAAC;YACD,YAAY,GAAG,IAAA,6BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QACnH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QAED,yCAAyC;QACzC,MAAM,SAAS,GAAG,MAAM,eAAK,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,MAAM,mCAAmC,CAAC,CAAC;QACzF,gBAAgB,GAAG,SAAS,CAAC,IAAI,CAAC,sBAAsB,CAAC;QACzD,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;QACnC,kBAAkB,GAAG,SAAS,CAAC,IAAI,CAAC,oBAAoB,CAAC;QACzD,iBAAiB,GAAG,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC;QAElD,2BAA2B;QAC3B,aAAM,CAAC,IAAI,CAAC,kCAAkC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzE,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAExE,0BAA0B;QAC1B,IAAI,QAAQ,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;YAC5C,kBAAkB,GAAG,QAAQ,CAAC,kBAAkB,CAAC;QACrD,CAAC;aAAM,CAAC;YACJ,kBAAkB,GAAG,MAAA,qBAAY,CAAC,aAAa,mCAAI,EAAE,CAAC;QAC1D,CAAC;QAED,gCAAgC;QAChC,MAAM,IAAA,uCAAkB,GAAE,CAAC;IAC/B,CAAC;CAAA;AAED,SAAS,cAAc,CAAC,GAAY,EAAE,GAAa,EAAE,UAAkB,EAAE,GAAW;IAChF,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,kBAAkB,EAAE,CAAC;QAC9C,OAAO,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAC,CAAC,CAAC;IAC/E,CAAC;SAAM,CAAC;QACJ,2FAA2F;QAC3F,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,IAAI,eAAe,CAAC,EAAC,GAAG,EAAE,GAAG,EAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC1J,CAAC;AACL,CAAC;AAED,+FAA+F;AAC/F,SAAe,oBAAoB;yDAAC,GAAoB,EAAE,GAAY,EAAE,GAAa,EAAE,QAA6B,EAAE,iBAA0B,KAAK,EAAE,UAAmB,KAAK,EAAE,SAAiB,EAAE,aAAiC;QACjO,sCAAsC;QACtC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxC,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,YAAY,CAAC,CAAC;QAChD,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;QAEjC,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,eAAK,CAAC,IAAI,CAAC,GAAG,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACxB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,sBAAsB,CAAC,CAAC;YACjE,CAAC;YAED,MAAM,EAAC,OAAO,EAAC,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,EAAE;gBACtE,MAAM,EAAE,UAAU;aACrB,CAAC,CAAC;YAEH,iBAAiB;YACjB,IAAI,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,QAAQ,EAAE,CAAC;gBACpC,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8DAA8D,CAAC,CAAC;YACzG,CAAC;YAED,2CAA2C;YAC3C,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAC9B,aAAa,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC;YACpC,CAAC;YAED,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC/C,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACzB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,iCAAiC,CAAC,CAAC;YAC5E,CAAC;YAED,kEAAkE;YAClE,IAAI,eAAe,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,EAAE,CAAC;gBACtE,IAAA,oCAAe,EAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAC7H,CAAC;YAED,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7H,IAAI,YAAY,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,EAAE,CAAC;gBAChE,IAAA,yCAAoB,EAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAChF,CAAC;YAED,yBAAyB;YACzB,IAAI,QAAQ,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;gBACvC,IAAI,OAAO,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,SAAS,EAAE,CAAC;oBACnD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,mDAAmD,CAAC,CAAC;gBAC9F,CAAC;gBACD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;gBACrD,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC3B,MAAM,SAAS,GAAa,SAAS,CAAC;oBACtC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,aAAa,EAAE,CAAC,EAAE,CAAC;wBACnD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,4BAA4B,CAAC,CAAC;oBACvE,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACJ,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wCAAwC,CAAC,CAAC;gBACnF,CAAC;YACL,CAAC;YAED,sBAAsB;YACtB,mGAAmG;YACnG,MAAM,WAAW,GAAG;gBAChB,QAAQ;gBACR,SAAS;gBACT,aAAa,EAAE,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC;aAC/C,CAAC;YACF,MAAM,EAAE,GAAG,MAAM,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,kBAAkB,CAAC,EAAC,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,gBAAgB,EAAC,CAAC,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,GAAG,aAAa,GAAG,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YACzN,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;gBAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,GAAG,IAAI;gBACtC,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;gBACrC,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE;oBAC7C,IAAI,EAAE,sBAAa,CAAC,aAAa;oBACjC,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;oBAC9B,QAAQ,EAAE,QAAQ;iBACrB,CAAC,CAAC;YACP,CAAC;YAED,6EAA6E;YAC7E,IAAI,OAAO,EAAE,CAAC;gBACV,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;gBACvC,QAAQ,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,QAAQ,EAAE,CAAC,CAAC;gBACxC,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;oBAC7B,QAAQ,CAAC,GAAG,CAAC,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;oBAC3D,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,EAAE,EAAE;wBAC7B,MAAM,EAAE,MAAM;wBACd,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;qBACjC,CAAC,CAAC;gBACP,CAAC;gBACD,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,gBAAgB,EAAE,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACnI,CAAC;iBAAM,CAAC;gBACJ,MAAM,cAAc,GAAiB,EAAC,QAAQ,EAAE,GAAG,QAAQ,EAAE,EAAC,CAAC;gBAC/D,IAAI,cAAc;oBAAE,cAAc,CAAC,SAAS,GAAG,IAAI,CAAC;gBACpD,MAAM,iBAAiB,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,kBAAkB,CAAC,EAAC,GAAG,EAAE,QAAQ,CAAC,YAAY,EAAC,CAAC,CAAC,WAAW,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,iBAAiB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBAC5N,OAAO,GAAG,CAAC,IAAI,CAAC;oBACZ,YAAY,EAAE,iBAAiB;oBAC/B,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;iBACrC,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,gDAAgD,CAAC,CAAC;QAC3F,CAAC;IACL,CAAC;CAAA;AAED,SAAgB,+BAA+B,CAAC,QAA6B;IACzE,OAAO,CAAO,GAAY,EAAE,GAAa,EAAE,EAAE;;QACzC,MAAM,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACxD,MAAM,cAAc,GAAG,CAAA,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,MAAK,IAAI,CAAC;QAEpD,IAAI,kBAAkB,EAAE,CAAC;YACrB,IAAI,CAAC;gBACD,iCAAiC;gBACjC,MAAM,EAAC,OAAO,EAAC,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,kBAAkB,EAAE,YAAY,EAAE;oBACtE,MAAM,EAAE,QAAQ,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,IAAI,CAAC;oBACD,IAAI,CAAC,CAAC,MAAM,IAAA,uCAAkB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;wBACtD,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,mCAAmC,CAAC,CAAC;oBAC9E,CAAC;gBACL,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC;gBAC1D,CAAC;gBAED,IAAI,CAAC;oBACD,uGAAuG;oBACvG,MAAM,iBAAiB,GAAG,MAAM,IAAA,yCAAoB,EAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;oBAC1F,IAAI,iBAAiB,GAAG,QAAQ,CAAC,2BAA2B,EAAE,CAAC;wBAC3D,MAAM,cAAc,GAAiB;4BACjC,QAAQ,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE;4BAC/B,UAAU,EAAE,iBAAiB;yBAChC,CAAC;wBACF,IAAI,cAAc;4BAAE,cAAc,CAAC,SAAS,GAAG,IAAI,CAAC;wBACpD,MAAM,iBAAiB,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;6BAC3D,kBAAkB,CAAC,EAAC,GAAG,EAAE,QAAQ,CAAC,YAAY,EAAC,CAAC;6BAChD,WAAW,EAAE;6BACb,SAAS,CAAC,GAAG,MAAA,qBAAY,CAAC,aAAa,CAAC,IAAI,0CAAE,MAAM,EAAE,CAAC;6BACvD,iBAAiB,CAAC,GAAG,iBAAiB,GAAG,CAAC;6BAC1C,IAAI,CAAC,UAAU,CAAC,CAAC;wBAEtB,OAAO,GAAG,CAAC,IAAI,CAAC;4BACZ,YAAY,EAAE,iBAAiB;4BAC/B,UAAU,EAAE,QAAQ;4BACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,UAAU,EAAE,iBAAiB;yBAChC,CAAC,CAAC;oBACP,CAAC;yBAAM,CAAC;wBACJ,4CAA4C;wBAC5C,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;wBAClC,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa,EAAE,EAAE,KAAK,CAAC,CAAC;wBACtE,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;wBACvC,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,MAAM,IAAA,oCAAe,EAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;wBACzG,OAAO,MAAM,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,EAAE,aAAa,CAAC,CAAC;oBAC7H,CAAC;gBACL,CAAC;wBAAS,CAAC;oBACP,MAAM,IAAA,uCAAkB,EAAC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC;gBACjD,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;YAClE,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QAClE,CAAC;IACL,CAAC,CAAA,CAAC;AACN,CAAC;AAED,SAAgB,yBAAyB,CAAC,WAAkC,EAAE,QAA6B;IACvG,wEAAwE;IACxE,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAM,YAAY,EAAC,EAAE;QAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,EAAE;YAC1D,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,UAAU,EAAE,CAAC,QAAQ,CAAC,YAAY,CAAC;SACtC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,OAAO,CAAC;IAC1B,CAAC,CAAA,CAAC,CAAC;AACP,CAAC;AAED,SAAsB,cAAc,CAAC,GAAY,EAAE,GAAa,EAAE,QAA6B;;QAC3F,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;YAElC,qCAAqC;YACrC,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,EAAE,CAAC,CAAC;YAC/C,MAAM,qBAAqB,GAAG,MAAM,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,EAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAE7K,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,qBAAqB,EAAE;gBAC9C,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;aACjC,CAAC,CAAC;YACH,MAAM,aAAa,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YAC7F,GAAG,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;YACzC,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;YAEzC,qBAAqB;YACrB,MAAM,SAAS,GAAG,IAAA,4BAAqB,EAAC,EAAE,CAAC,CAAC;YAC5C,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE;gBAC/B,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;aACjC,CAAC,CAAC;YACH,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAE5B,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxC,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,UAAU,oBAAoB,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC;YACnH,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YACjC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;YAEjC,wFAAwF;YACxF,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,oBAAoB,EAAE,CAAC;gBAC/C,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9B,CAAC;YAED,8CAA8C;YAC9C,IAAI,gBAAgB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBAChC,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,GAAG,CAAC,KAAK,CAAC,cAAc,EAAE;oBACnD,MAAM,EAAE,MAAM;oBACd,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;iBACjC,CAAC,CAAC;YACP,CAAC;YAED,kBAAkB;YAClB,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,gBAAgB,IAAI,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA;AAED,SAAsB,mBAAmB,CAAC,GAAY,EAAE,GAAa,EAAE,QAA6B;;QAChG,IAAI,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;YAElC,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;gBACzC,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACtC,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAC/D,CAAC;iBAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;gBAC7D,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAC/D,CAAC;iBAAM,CAAC;gBACJ,GAAG,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YACjC,CAAC;YAED,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAC9F,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,SAAS,CAAC,CAAC;YAE/E,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;YACvC,GAAG,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YAChC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACrC,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;YAC5C,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,GAAG,CAAC,GAAG,sBAAa,CAAC,UAAU,oBAAoB,EAAE,qBAAY,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC;YAEnH,OAAO,MAAM,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QAC7G,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA;AAED,SAAsB,iBAAiB,CAAC,GAAY,EAAE,GAAa;;QAC/D,IAAI,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE;gBAC5B,IAAI,EAAE,sBAAa,CAAC,QAAQ;gBAC5B,MAAM,EAAE,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;gBAC9B,QAAQ,EAAE,QAAQ;aACrB,CAAC,CAAC;YAEH,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;gBACnC,4CAA4C;gBAC5C,MAAM,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;gBAClC,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,SAAS,EAAE,CAAC;oBAC5C,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;gBAC1D,CAAC;gBAED,GAAG,CAAC,GAAG,CAAC,0BAA0B,EAAE,kBAAkB,CAAC,CAAC;gBAExD,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,EAAE;oBAC3B,IAAI,EAAE,sBAAa,CAAC,aAAa;oBACjC,MAAM,EAAE,CAAC;oBACT,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,CAAC,qBAAY,CAAC,QAAQ;oBAC9B,QAAQ,EAAE,QAAQ;iBACrB,CAAC,CAAC;gBAEH,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,kBAAkB,IAAI,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACnE,CAAC;iBAAM,CAAC;gBACJ,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,qBAAY,CAAC,aAAa,EAAE,CAAC,CAAC;YACzD,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;CAAA"}
@@ -16,10 +16,9 @@ exports.getRefreshToken = getRefreshToken;
16
16
  exports.setRefreshToken = setRefreshToken;
17
17
  exports.getAccessTokenExpiry = getAccessTokenExpiry;
18
18
  exports.setAccessTokenExpiry = setAccessTokenExpiry;
19
- exports.clearTokens = clearTokens;
20
- const mongodb_1 = require("mongodb");
19
+ const node_crypto_1 = require("node:crypto");
21
20
  const lodash_1 = require("lodash");
22
- const crypto_1 = require("crypto");
21
+ const mongodb_1 = require("mongodb");
23
22
  const config_1 = require("../config");
24
23
  const util_1 = require("../util");
25
24
  let lockCollection;
@@ -62,10 +61,10 @@ function initRefreshManager() {
62
61
  }
63
62
  const hasLockExpiryIndex = yield lockCollection.indexExists("lockExpiry");
64
63
  if (!hasLockExpiryIndex) {
65
- yield lockCollection.createIndex({ "expireAt": 1 }, { name: "lockExpiry", expireAfterSeconds: 0 });
64
+ yield lockCollection.createIndex({ expireAt: 1 }, { name: "lockExpiry", expireAfterSeconds: 0 });
66
65
  util_1.logger.info("Created expiry index for lockSession collection");
67
66
  }
68
- for (let coll of [refreshTokenCollection, accessTokenLifeTimesCollection]) {
67
+ for (const coll of [refreshTokenCollection, accessTokenLifeTimesCollection]) {
69
68
  const hasUserSessionIndex = yield coll.indexExists("userSession");
70
69
  if (!hasUserSessionIndex) {
71
70
  yield coll.createIndex({ username: 1, sessionid: 1 }, { name: "userSession", unique: true });
@@ -73,7 +72,7 @@ function initRefreshManager() {
73
72
  }
74
73
  const hasExpiryIndex = yield coll.indexExists("expiryIndex");
75
74
  if (!hasExpiryIndex) {
76
- yield coll.createIndex({ "expireAt": 1 }, { name: "expiryIndex", expireAfterSeconds: 0 });
75
+ yield coll.createIndex({ expireAt: 1 }, { name: "expiryIndex", expireAfterSeconds: 0 });
77
76
  util_1.logger.info(`Created index adding TTL for collection ${coll.collectionName}`);
78
77
  }
79
78
  }
@@ -138,12 +137,15 @@ function releaseRefreshLock(sessionid) {
138
137
  function getRefreshToken(username, sessionid, symmKey) {
139
138
  return __awaiter(this, void 0, void 0, function* () {
140
139
  try {
141
- let record = yield refreshTokenCollection.findOne({ username, sessionid });
140
+ const record = yield refreshTokenCollection.findOne({
141
+ username,
142
+ sessionid
143
+ });
142
144
  if ((record === null || record === void 0 ? void 0 : record.expireAt) < Date.now()) {
143
145
  // An already expired token that MongoDB hasn't clear out yet
144
146
  return;
145
147
  }
146
- let decipher = (0, crypto_1.createDecipheriv)("aes-256-cbc", symmKey, record === null || record === void 0 ? void 0 : record.iv.buffer);
148
+ const decipher = (0, node_crypto_1.createDecipheriv)("aes-256-cbc", symmKey, record === null || record === void 0 ? void 0 : record.iv.buffer);
147
149
  let decrypted = decipher.update(record === null || record === void 0 ? void 0 : record.refreshToken, "hex", "utf8");
148
150
  decrypted += decipher.final("utf8");
149
151
  return decrypted;
@@ -160,15 +162,17 @@ function setRefreshToken(username, sessionid, refreshToken, symmKey, expiresIn)
160
162
  return __awaiter(this, void 0, void 0, function* () {
161
163
  try {
162
164
  // Encrypt the token so gaining access to mongo isn't enough to steal the refresh token
163
- const iv = (0, crypto_1.randomBytes)(16);
164
- const cipher = (0, crypto_1.createCipheriv)("aes-256-cbc", symmKey, iv);
165
- const encrypted = cipher.update(refreshToken, "utf8", "hex") + cipher.final('hex');
165
+ const iv = (0, node_crypto_1.randomBytes)(16);
166
+ const cipher = (0, node_crypto_1.createCipheriv)("aes-256-cbc", symmKey, iv);
167
+ const encrypted = cipher.update(refreshToken, "utf8", "hex") + cipher.final("hex");
166
168
  const expireAt = new Date(Date.now() + expiresIn * 1000);
167
- const updateResult = yield refreshTokenCollection.updateOne({ username, sessionid }, { $set: {
169
+ const updateResult = yield refreshTokenCollection.updateOne({ username, sessionid }, {
170
+ $set: {
168
171
  expireAt,
169
172
  refreshToken: encrypted,
170
173
  iv: new mongodb_1.Binary(iv)
171
- } }, { upsert: true });
174
+ }
175
+ }, { upsert: true });
172
176
  return updateResult.acknowledged;
173
177
  }
174
178
  catch (e) {
@@ -181,7 +185,10 @@ function getAccessTokenExpiry(username, sessionid) {
181
185
  return __awaiter(this, void 0, void 0, function* () {
182
186
  try {
183
187
  // Lookup record in MongoDB using key
184
- let record = yield accessTokenLifeTimesCollection.findOne({ username, sessionid });
188
+ const record = yield accessTokenLifeTimesCollection.findOne({
189
+ username,
190
+ sessionid
191
+ });
185
192
  // Calculate expiry by subtracting the current time from stored key's expiry time
186
193
  const remaining = (0, lodash_1.floor)(((record === null || record === void 0 ? void 0 : record.expireAt.getTime()) - Date.now()) / 1000);
187
194
  if (remaining > 0) {
@@ -210,14 +217,4 @@ function setAccessTokenExpiry(username, sessionid, expiresIn) {
210
217
  }
211
218
  });
212
219
  }
213
- function clearTokens(username, sessionid) {
214
- return __awaiter(this, void 0, void 0, function* () {
215
- yield Promise.all([
216
- accessTokenLifeTimesCollection.deleteOne({ username, sessionid })
217
- .catch(e => util_1.logger.error(e)),
218
- refreshTokenCollection.deleteOne({ username, sessionid })
219
- .catch(e => util_1.logger.error(e))
220
- ]);
221
- });
222
- }
223
220
  //# sourceMappingURL=oidcRefreshManager.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"oidcRefreshManager.js","sourceRoot":"","sources":["../../src/auth/oidcRefreshManager.ts"],"names":[],"mappings":";;;;;;;;;;;AAWA,gDAyDC;AAOD,gDAgCC;AAED,gDASC;AAID,0CAkBC;AAID,0CAsBC;AAED,oDAgBC;AAED,oDAaC;AAGD,kCAOC;AAjND,qCAAwD;AACxD,mCAAqC;AACrC,mCAAuE;AAEvE,sCAAuC;AACvC,kCAA+B;AAE/B,IAAI,cAA0B,CAAC;AAC/B,IAAI,sBAAkC,CAAC;AACvC,IAAI,8BAA0C,CAAC;AAE/C,SAAsB,kBAAkB;;QACpC,IAAI,CAAC;YACD,4EAA4E;YAC5E,wCAAwC;YACxC,MAAM,MAAM,GAAG,MAAM,qBAAW,CAAC,OAAO,CAAC,qBAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpE,MAAM,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC,qBAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YAEzD,iFAAiF;YACjF,IAAI,CAAE,CAAA,MAAM,EAAE,CAAC,eAAe,CAAC,EAAC,IAAI,EAAE,WAAW,EAAC,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAC,OAAO,EAAE,CAAA,EAAE,CAAC;gBAChF,aAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAA;gBAC7C,cAAc,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,cAAc,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YACpD,CAAC;YACD,IAAI,CAAE,CAAA,MAAM,EAAE,CAAC,eAAe,CAAC,EAAC,IAAI,EAAE,eAAe,EAAC,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAC,OAAO,EAAE,CAAA,EAAE,CAAC;gBACpF,aAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAA;gBACjD,sBAAsB,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;YACtE,CAAC;iBAAM,CAAC;gBACN,sBAAsB,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAA;YAC/D,CAAC;YACD,IAAI,CAAE,CAAA,MAAM,EAAE,CAAC,eAAe,CAAC,EAAC,IAAI,EAAE,sBAAsB,EAAC,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAC,OAAO,EAAE,CAAA,EAAE,CAAC;gBAC3F,aAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAA;gBAC3D,8BAA8B,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;YACrF,CAAC;iBAAM,CAAC;gBACN,8BAA8B,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;YAC/E,CAAC;YAED,iBAAiB;YACjB,MAAM,mBAAmB,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;YAC5E,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,MAAM,cAAc,CAAC,WAAW,CAAC,EAAC,SAAS,EAAE,CAAC,EAAC,EAAE,EAAC,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,EAAC,CAAC,CAAC;gBACtF,aAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;YAClE,CAAC;YACD,MAAM,kBAAkB,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YAC1E,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,MAAM,cAAc,CAAC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,EAAE,EAAC,IAAI,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAC,EAAC,CAAC,CAAC;gBACjG,aAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YACjE,CAAC;YACD,KAAK,IAAI,IAAI,IAAI,CAAC,sBAAsB,EAAE,8BAA8B,CAAC,EAAE,CAAC;gBAC1E,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;gBAClE,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBACzB,MAAM,IAAI,CAAC,WAAW,CAAC,EAAC,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;oBAC5F,aAAM,CAAC,IAAI,CAAC,iDAAiD,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;gBACtF,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;gBAC7D,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,MAAM,IAAI,CAAC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC,CAAC;oBAC1F,aAAM,CAAC,IAAI,CAAC,2CAA2C,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;gBAChF,CAAC;YACH,CAAC;QAEL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,aAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAC/C,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACL,CAAC;CAAA;AAED;;;;EAIE;AACF,SAAsB,kBAAkB;yDAAC,SAAS,EAAE,SAAS,EAC3D,UAAU,GAAC,EAAE,EAAE,gBAAgB,GAAC,GAAG;QAEjC,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAC,IAAI,CAAC,CAAC;QAEvD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,0EAA0E;gBAC1E,8BAA8B;gBAC9B,MAAM,cAAc,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,IAAI,EAAE,EAAE,EAAE,CAAC,CAAA;gBAElE,MAAM,cAAc,CAAC,SAAS,CAAC;oBAC7B,SAAS;oBACT,QAAQ;iBACT,CAAC,CAAC;gBAEH,2DAA2D;gBAC3D,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;oBACrB,iFAAiF;oBACjF,aAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBACpB,CAAC;YACH,CAAC;YACD,wDAAwD;YACxD,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE;gBAC1B,UAAU,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACxC,CAAC,CAAC,CAAC;QACL,CAAC;QAED,oDAAoD;QACpD,OAAO,KAAK,CAAC;IACjB,CAAC;CAAA;AAED,SAAsB,kBAAkB,CAAC,SAAS;;QAChD,6BAA6B;QAC7B,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,SAAS,CAAC,EAAC,SAAS,EAAC,CAAC,CAAC;YACjE,OAAO,YAAY,CAAC,YAAY,CAAC;QACnC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CAAA;AAED,4EAA4E;AAC5E,8BAA8B;AAC9B,SAAsB,eAAe,CAAE,QAAQ,EAAE,SAAS,EAAE,OAAO;;QACjE,IAAI,CAAC;YACH,IAAI,MAAM,GAAG,MAAM,sBAAsB,CAAC,OAAO,CAAC,EAAC,QAAQ,EAAC,SAAS,EAAC,CAAC,CAAC;YAExE,IAAI,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,IAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAClC,6DAA6D;gBAC7D,OAAO;YACT,CAAC;YAED,IAAI,QAAQ,GAAG,IAAA,yBAAgB,EAAC,aAAa,EAAE,OAAO,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,EAAE,CAAC,MAAM,CAAC,CAAC;YAC3E,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,YAAY,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACrE,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAEpC,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO;QACT,CAAC;IACH,CAAC;CAAA;AAED,4EAA4E;AAC5E,8BAA8B;AAC9B,SAAsB,eAAe,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS;;QACzF,IAAI,CAAC;YACH,uFAAuF;YACvF,MAAM,EAAE,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;YAC3B,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,aAAa,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;YAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAEnF,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAC,IAAI,CAAC,CAAC;YACvD,MAAM,YAAY,GAAG,MAAM,sBAAsB,CAAC,SAAS,CACzD,EAAE,QAAQ,EAAC,SAAS,EAAE,EACtB,EAAE,IAAI,EAAE;oBACE,QAAQ;oBACR,YAAY,EAAE,SAAS;oBACvB,EAAE,EAAE,IAAI,gBAAM,CAAC,EAAE,CAAC;iBACnB,EAAC,EACV,EAAE,MAAM,EAAE,IAAI,EAAE,CACjB,CAAC;YACF,OAAO,YAAY,CAAC,YAAY,CAAC;QACnC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CAAA;AAED,SAAsB,oBAAoB,CAAC,QAAQ,EAAE,SAAS;;QAC5D,IAAI,CAAC;YACH,qCAAqC;YACrC,IAAI,MAAM,GAAG,MAAM,8BAA8B,CAAC,OAAO,CAAC,EAAC,QAAQ,EAAE,SAAS,EAAC,CAAC,CAAC;YACjF,iFAAiF;YACjF,MAAM,SAAS,GAAG,IAAA,cAAK,EAAC,CAAC,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,CAAC,OAAO,EAAE,IAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;YAC1E,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;gBAClB,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,6DAA6D;YAC7D,OAAO,CAAC,CAAC;QACX,CAAC;QACD,6DAA6D;QAC7D,OAAO,CAAC,CAAC;IACX,CAAC;CAAA;AAED,SAAsB,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS;;QACvE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAC,IAAI,CAAC,CAAC;YACvD,MAAM,YAAY,GAAG,MAAM,8BAA8B,CAAC,SAAS,CACjE,EAAE,QAAQ,EAAE,SAAS,EAAE,EACvB,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,EAAE,EACtB,EAAE,MAAM,EAAE,IAAI,EAAE,CACjB,CAAC;YACF,OAAO,YAAY,CAAC,YAAY,CAAC;QACnC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CAAA;AAGD,SAAsB,WAAW,CAAC,QAAQ,EAAE,SAAS;;QACnD,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,8BAA8B,CAAC,SAAS,CAAC,EAAC,QAAQ,EAAE,SAAS,EAAC,CAAC;iBAC5D,KAAK,CAAE,CAAC,CAAC,EAAE,CAAC,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC/B,sBAAsB,CAAC,SAAS,CAAC,EAAC,QAAQ,EAAE,SAAS,EAAC,CAAC;iBACpD,KAAK,CAAE,CAAC,CAAC,EAAE,CAAC,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAChC,CAAC,CAAA;IACJ,CAAC;CAAA"}
1
+ {"version":3,"file":"oidcRefreshManager.js","sourceRoot":"","sources":["../../src/auth/oidcRefreshManager.ts"],"names":[],"mappings":";;;;;;;;;;;AAWA,gDAwDC;AAOD,gDA8BC;AAED,gDASC;AAID,0CAqBC;AAID,0CAwBC;AAED,oDAmBC;AAED,oDASC;AAxMD,6CAA0E;AAC1E,mCAA6B;AAC7B,qCAA6D;AAE7D,sCAAuC;AACvC,kCAA+B;AAE/B,IAAI,cAA0B,CAAC;AAC/B,IAAI,sBAAkC,CAAC;AACvC,IAAI,8BAA0C,CAAC;AAE/C,SAAsB,kBAAkB;;QACpC,IAAI,CAAC;YACD,4EAA4E;YAC5E,wCAAwC;YACxC,MAAM,MAAM,GAAG,MAAM,qBAAW,CAAC,OAAO,CAAC,qBAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpE,MAAM,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC,qBAAY,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;YAEzD,iFAAiF;YACjF,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAC,IAAI,EAAE,WAAW,EAAC,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC/E,aAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;gBAC9C,cAAc,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC5D,CAAC;iBAAM,CAAC;gBACJ,cAAc,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;YACtD,CAAC;YACD,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAC,IAAI,EAAE,eAAe,EAAC,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBACnF,aAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;gBAClD,sBAAsB,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;YACxE,CAAC;iBAAM,CAAC;gBACJ,sBAAsB,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YAClE,CAAC;YACD,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,EAAC,IAAI,EAAE,sBAAsB,EAAC,EAAE,EAAC,QAAQ,EAAE,IAAI,EAAC,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBAC1F,aAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;gBAC5D,8BAA8B,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;YACvF,CAAC;iBAAM,CAAC;gBACJ,8BAA8B,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;YACjF,CAAC;YAED,iBAAiB;YACjB,MAAM,mBAAmB,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;YAC5E,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACvB,MAAM,cAAc,CAAC,WAAW,CAAC,EAAC,SAAS,EAAE,CAAC,EAAC,EAAE,EAAC,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,EAAC,CAAC,CAAC;gBACtF,aAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;YACpE,CAAC;YACD,MAAM,kBAAkB,GAAG,MAAM,cAAc,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YAC1E,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACtB,MAAM,cAAc,CAAC,WAAW,CAAC,EAAC,QAAQ,EAAE,CAAC,EAAC,EAAE,EAAC,IAAI,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAC,EAAC,CAAC,CAAC;gBAC7F,aAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YACnE,CAAC;YACD,KAAK,MAAM,IAAI,IAAI,CAAC,sBAAsB,EAAE,8BAA8B,CAAC,EAAE,CAAC;gBAC1E,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;gBAClE,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBACvB,MAAM,IAAI,CAAC,WAAW,CAAC,EAAC,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAC,EAAE,EAAC,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,IAAI,EAAC,CAAC,CAAC;oBACzF,aAAM,CAAC,IAAI,CAAC,iDAAiD,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;gBACxF,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;gBAC7D,IAAI,CAAC,cAAc,EAAE,CAAC;oBAClB,MAAM,IAAI,CAAC,WAAW,CAAC,EAAC,QAAQ,EAAE,CAAC,EAAC,EAAE,EAAC,IAAI,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC,EAAC,CAAC,CAAC;oBACpF,aAAM,CAAC,IAAI,CAAC,2CAA2C,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;gBAClF,CAAC;YACL,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,aAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAC/C,aAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;IACL,CAAC;CAAA;AAED;;;;EAIE;AACF,SAAsB,kBAAkB;yDAAC,SAAS,EAAE,SAAS,EAAE,UAAU,GAAG,EAAE,EAAE,gBAAgB,GAAG,GAAG;QAClG,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC;QAEzD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC;gBACD,0EAA0E;gBAC1E,8BAA8B;gBAC9B,MAAM,cAAc,CAAC,UAAU,CAAC,EAAC,QAAQ,EAAE,EAAC,GAAG,EAAE,IAAI,IAAI,EAAE,EAAC,EAAC,CAAC,CAAC;gBAE/D,MAAM,cAAc,CAAC,SAAS,CAAC;oBAC3B,SAAS;oBACT,QAAQ;iBACX,CAAC,CAAC;gBAEH,2DAA2D;gBAC3D,OAAO,IAAI,CAAC;YAChB,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACT,IAAI,CAAC,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;oBACnB,iFAAiF;oBACjF,aAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBACtB,CAAC;YACL,CAAC;YACD,wDAAwD;YACxD,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE;gBACxB,UAAU,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YAC1C,CAAC,CAAC,CAAC;QACP,CAAC;QAED,oDAAoD;QACpD,OAAO,KAAK,CAAC;IACjB,CAAC;CAAA;AAED,SAAsB,kBAAkB,CAAC,SAAS;;QAC9C,6BAA6B;QAC7B,IAAI,CAAC;YACD,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,SAAS,CAAC,EAAC,SAAS,EAAC,CAAC,CAAC;YACjE,OAAO,YAAY,CAAC,YAAY,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CAAA;AAED,4EAA4E;AAC5E,8BAA8B;AAC9B,SAAsB,eAAe,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO;;QAC9D,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,OAAO,CAAC;gBAChD,QAAQ;gBACR,SAAS;aACZ,CAAC,CAAC;YAEH,IAAI,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,IAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAChC,6DAA6D;gBAC7D,OAAO;YACX,CAAC;YAED,MAAM,QAAQ,GAAG,IAAA,8BAAgB,EAAC,aAAa,EAAE,OAAO,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,EAAE,CAAC,MAAM,CAAC,CAAC;YAC7E,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,YAAY,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACrE,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAEpC,OAAO,SAAS,CAAC;QACrB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO;QACX,CAAC;IACL,CAAC;CAAA;AAED,4EAA4E;AAC5E,8BAA8B;AAC9B,SAAsB,eAAe,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO,EAAE,SAAS;;QACvF,IAAI,CAAC;YACD,uFAAuF;YACvF,MAAM,EAAE,GAAG,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC;YAC3B,MAAM,MAAM,GAAG,IAAA,4BAAc,EAAC,aAAa,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;YAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAEnF,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC;YACzD,MAAM,YAAY,GAAG,MAAM,sBAAsB,CAAC,SAAS,CACvD,EAAC,QAAQ,EAAE,SAAS,EAAC,EACrB;gBACI,IAAI,EAAE;oBACF,QAAQ;oBACR,YAAY,EAAE,SAAS;oBACvB,EAAE,EAAE,IAAI,gBAAM,CAAC,EAAE,CAAC;iBACrB;aACJ,EACD,EAAC,MAAM,EAAE,IAAI,EAAC,CACjB,CAAC;YACF,OAAO,YAAY,CAAC,YAAY,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CAAA;AAED,SAAsB,oBAAoB,CAAC,QAAQ,EAAE,SAAS;;QAC1D,IAAI,CAAC;YACD,qCAAqC;YACrC,MAAM,MAAM,GAAG,MAAM,8BAA8B,CAAC,OAAO,CAAC;gBACxD,QAAQ;gBACR,SAAS;aACZ,CAAC,CAAC;YACH,iFAAiF;YACjF,MAAM,SAAS,GAAG,IAAA,cAAK,EAAC,CAAC,CAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,CAAC,OAAO,EAAE,IAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;YAC1E,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;gBAChB,OAAO,SAAS,CAAC;YACrB,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,6DAA6D;YAC7D,OAAO,CAAC,CAAC;QACb,CAAC;QACD,6DAA6D;QAC7D,OAAO,CAAC,CAAC;IACb,CAAC;CAAA;AAED,SAAsB,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS;;QACrE,IAAI,CAAC;YACD,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC;YACzD,MAAM,YAAY,GAAG,MAAM,8BAA8B,CAAC,SAAS,CAAC,EAAC,QAAQ,EAAE,SAAS,EAAC,EAAE,EAAC,IAAI,EAAE,EAAC,QAAQ,EAAC,EAAC,EAAE,EAAC,MAAM,EAAE,IAAI,EAAC,CAAC,CAAC;YAC/H,OAAO,YAAY,CAAC,YAAY,CAAC;QACrC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,aAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChB,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;CAAA"}
package/dist/auth/pam.js CHANGED
@@ -1,29 +1,32 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.getPamLoginHandler = getPamLoginHandler;
4
- const local_1 = require("./local");
5
4
  const util_1 = require("../util");
6
- const util_2 = require("../util");
5
+ const local_1 = require("./local");
7
6
  function getPamLoginHandler(authConf) {
8
7
  const { pamAuthenticate } = require("node-linux-pam");
9
8
  return (req, res) => {
10
9
  var _a, _b;
11
- let username = (_a = req.body) === null || _a === void 0 ? void 0 : _a.username;
10
+ const username = (_a = req.body) === null || _a === void 0 ? void 0 : _a.username;
12
11
  const password = (_b = req.body) === null || _b === void 0 ? void 0 : _b.password;
13
12
  if (!username || !password) {
14
13
  return res.status(400).json({ statusCode: 400, message: "Malformed login request" });
15
14
  }
16
15
  pamAuthenticate({ username, password }, (err, code) => {
17
16
  if (err) {
18
- return res.status(403).json({ statusCode: 403, message: "Invalid username/password combo" });
17
+ return res.status(403).json({
18
+ statusCode: 403,
19
+ message: "Invalid username/password combo"
20
+ });
19
21
  }
20
22
  else {
21
23
  try {
22
24
  const uid = (0, util_1.getUserId)(username);
23
- util_2.logger.info(`Authenticated as user ${username} with uid ${uid} using PAM`);
25
+ util_1.logger.info(`Authenticated as user ${username} with uid ${uid} using PAM`);
24
26
  return (0, local_1.addTokensToResponse)(res, authConf, username);
25
27
  }
26
28
  catch (e) {
29
+ util_1.logger.debug(`A PAM-related error occurred: ${e} (code ${code})`);
27
30
  return res.status(403).json({ statusCode: 403, message: "User does not exist" });
28
31
  }
29
32
  }
@@ -1 +1 @@
1
- {"version":3,"file":"pam.js","sourceRoot":"","sources":["../../src/auth/pam.ts"],"names":[],"mappings":";;AAMA,gDAyBC;AA7BD,mCAA4C;AAC5C,kCAAkC;AAClC,kCAAiC;AAEjC,SAAgB,kBAAkB,CAAC,QAA8B;IAC7D,MAAM,EAAC,eAAe,EAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;;QACnC,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;QACvF,CAAC;QAED,eAAe,CAAC,EAAC,QAAQ,EAAE,QAAQ,EAAC,EAAE,CAAC,GAAmB,EAAE,IAAY,EAAE,EAAE;YACxE,IAAI,GAAG,EAAE,CAAC;gBACN,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;YAC/F,CAAC;iBAAM,CAAC;gBACJ,IAAI,CAAC;oBACD,MAAM,GAAG,GAAG,IAAA,gBAAS,EAAC,QAAQ,CAAC,CAAC;oBAChC,aAAM,CAAC,IAAI,CAAC,yBAAyB,QAAQ,aAAa,GAAG,YAAY,CAAC,CAAC;oBAC3E,OAAO,IAAA,2BAAmB,EAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBACxD,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACT,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;gBACnF,CAAC;YACL,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC"}
1
+ {"version":3,"file":"pam.js","sourceRoot":"","sources":["../../src/auth/pam.ts"],"names":[],"mappings":";;AAKA,gDA6BC;AAhCD,kCAA0C;AAC1C,mCAA4C;AAE5C,SAAgB,kBAAkB,CAAC,QAA8B;IAC7D,MAAM,EAAC,eAAe,EAAC,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;;QACnC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;QACvF,CAAC;QAED,eAAe,CAAC,EAAC,QAAQ,EAAE,QAAQ,EAAC,EAAE,CAAC,GAAmB,EAAE,IAAY,EAAE,EAAE;YACxE,IAAI,GAAG,EAAE,CAAC;gBACN,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACxB,UAAU,EAAE,GAAG;oBACf,OAAO,EAAE,iCAAiC;iBAC7C,CAAC,CAAC;YACP,CAAC;iBAAM,CAAC;gBACJ,IAAI,CAAC;oBACD,MAAM,GAAG,GAAG,IAAA,gBAAS,EAAC,QAAQ,CAAC,CAAC;oBAChC,aAAM,CAAC,IAAI,CAAC,yBAAyB,QAAQ,aAAa,GAAG,YAAY,CAAC,CAAC;oBAC3E,OAAO,IAAA,2BAAmB,EAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBACxD,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACT,aAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;oBAClE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;gBACnF,CAAC;YACL,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC"}