keycloak-angular 8.4.0 → 9.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/README.md +56 -30
  2. package/{esm2015/keycloak-angular.js → esm2020/keycloak-angular.mjs} +0 -0
  3. package/esm2020/lib/core/core.module.mjs +33 -0
  4. package/esm2020/lib/core/interceptors/keycloak-bearer.interceptor.mjs +51 -0
  5. package/esm2020/lib/core/interfaces/keycloak-event.mjs +12 -0
  6. package/esm2020/lib/core/interfaces/keycloak-options.mjs +2 -0
  7. package/esm2020/lib/core/services/keycloak-auth-guard.mjs +17 -0
  8. package/esm2020/lib/core/services/keycloak.service.mjs +200 -0
  9. package/esm2020/lib/keycloak-angular.module.mjs +15 -0
  10. package/esm2020/public_api.mjs +7 -0
  11. package/fesm2015/{keycloak-angular.js → keycloak-angular.mjs} +91 -57
  12. package/fesm2015/keycloak-angular.mjs.map +1 -0
  13. package/fesm2020/keycloak-angular.mjs +317 -0
  14. package/fesm2020/keycloak-angular.mjs.map +1 -0
  15. package/keycloak-angular.d.ts +1 -0
  16. package/lib/core/core.module.d.ts +5 -0
  17. package/lib/core/interceptors/keycloak-bearer.interceptor.d.ts +5 -1
  18. package/lib/core/interfaces/keycloak-event.d.ts +3 -2
  19. package/lib/core/interfaces/keycloak-options.d.ts +4 -0
  20. package/lib/core/services/keycloak.service.d.ts +10 -5
  21. package/lib/keycloak-angular.module.d.ts +5 -0
  22. package/package.json +24 -12
  23. package/bundles/keycloak-angular.umd.js +0 -766
  24. package/bundles/keycloak-angular.umd.js.map +0 -1
  25. package/esm2015/lib/core/core.module.js +0 -21
  26. package/esm2015/lib/core/interceptors/keycloak-bearer.interceptor.js +0 -41
  27. package/esm2015/lib/core/interfaces/keycloak-event.js +0 -11
  28. package/esm2015/lib/core/interfaces/keycloak-options.js +0 -2
  29. package/esm2015/lib/core/services/keycloak-auth-guard.js +0 -21
  30. package/esm2015/lib/core/services/keycloak.service.js +0 -209
  31. package/esm2015/lib/keycloak-angular.module.js +0 -10
  32. package/esm2015/public_api.js +0 -7
  33. package/fesm2015/keycloak-angular.js.map +0 -1
  34. package/keycloak-angular.metadata.json +0 -1
package/esm2020/public_api.mjs ADDED
@@ -0,0 +1,7 @@
1
+ export { KeycloakEventType } from './lib/core/interfaces/keycloak-event';
2
+ export { KeycloakAuthGuard } from './lib/core/services/keycloak-auth-guard';
3
+ export { KeycloakService } from './lib/core/services/keycloak.service';
4
+ export { KeycloakBearerInterceptor } from './lib/core/interceptors/keycloak-bearer.interceptor';
5
+ export { CoreModule } from './lib/core/core.module';
6
+ export { KeycloakAngularModule } from './lib/keycloak-angular.module';
7
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHVibGljX2FwaS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3Byb2plY3RzL2tleWNsb2FrLWFuZ3VsYXIvc3JjL3B1YmxpY19hcGkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBUUEsT0FBTyxFQUVMLGlCQUFpQixFQUNsQixNQUFNLHNDQUFzQyxDQUFDO0FBRTlDLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLHlDQUF5QyxDQUFDO0FBQzVFLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxzQ0FBc0MsQ0FBQztBQUN2RSxPQUFPLEVBQUUseUJBQXlCLEVBQUUsTUFBTSxxREFBcUQsQ0FBQztBQUNoRyxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDcEQsT0FBTyxFQUFFLHFCQUFxQixFQUFFLE1BQU0sK0JBQStCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqIEBsaWNlbnNlXG4gKiBDb3B5cmlnaHQgTWF1cmljaW8gR2VtZWxsaSBWaWdvbG8gYW5kIGNvbnRyaWJ1dG9ycy5cbiAqXG4gKiBVc2Ugb2YgdGhpcyBzb3VyY2UgY29kZSBpcyBnb3Zlcm5lZCBieSBhIE1JVC1zdHlsZSBsaWNlbnNlIHRoYXQgY2FuIGJlXG4gKiBmb3VuZCBpbiB0aGUgTElDRU5TRSBmaWxlIGF0IGh0dHBzOi8vZ2l0aHViLmNvbS9tYXVyaWNpb3ZpZ29sby9rZXljbG9hay1hbmd1bGFyL2Jsb2IvbWFzdGVyL0xJQ0VOU0UubWRcbiAqL1xuXG5leHBvcnQge1xuICBLZXljbG9ha0V2ZW50LFxuICBLZXljbG9ha0V2ZW50VHlwZVxufSBmcm9tICcuL2xpYi9jb3JlL2ludGVyZmFjZXMva2V5Y2xvYWstZXZlbnQnO1xuZXhwb3J0IHsgS2V5Y2xvYWtPcHRpb25zIH0gZnJvbSAnLi9saWIvY29yZS9pbnRlcmZhY2VzL2tleWNsb2FrLW9wdGlvbnMnO1xuZXhwb3J0IHsgS2V5Y2xvYWtBdXRoR3VhcmQgfSBmcm9tICcuL2xpYi9jb3JlL3NlcnZpY2VzL2tleWNsb2FrLWF1dGgtZ3VhcmQnO1xuZXhwb3J0IHsgS2V5Y2xvYWtTZXJ2aWNlIH0gZnJvbSAnLi9saWIvY29yZS9zZXJ2aWNlcy9rZXljbG9hay5zZXJ2aWNlJztcbmV4cG9ydCB7IEtleWNsb2FrQmVhcmVySW50ZXJjZXB0b3IgfSBmcm9tICcuL2xpYi9jb3JlL2ludGVyY2VwdG9ycy9rZXljbG9hay1iZWFyZXIuaW50ZXJjZXB0b3InO1xuZXhwb3J0IHsgQ29yZU1vZHVsZSB9IGZyb20gJy4vbGliL2NvcmUvY29yZS5tb2R1bGUnO1xuZXhwb3J0IHsgS2V5Y2xvYWtBbmd1bGFyTW9kdWxlIH0gZnJvbSAnLi9saWIva2V5Y2xvYWstYW5ndWxhci5tb2R1bGUnO1xuIl19
package/fesm2015/{keycloak-angular.js → keycloak-angular.mjs} RENAMED
@@ -1,9 +1,10 @@
1
1
  import { __awaiter } from 'tslib';
2
+ import * as i0 from '@angular/core';
2
3
  import { Injectable, NgModule } from '@angular/core';
3
4
  import { HttpHeaders, HTTP_INTERCEPTORS } from '@angular/common/http';
4
- import { Subject, from } from 'rxjs';
5
+ import { Subject, from, combineLatest } from 'rxjs';
5
6
  import { map, mergeMap } from 'rxjs/operators';
6
- import * as Keycloak_ from 'keycloak-js';
7
+ import Keycloak from 'keycloak-js';
7
8
  import { CommonModule } from '@angular/common';
8
9
 
9
10
  var KeycloakEventType;
@@ -15,6 +16,7 @@ var KeycloakEventType;
15
16
  KeycloakEventType[KeycloakEventType["OnAuthSuccess"] = 4] = "OnAuthSuccess";
16
17
  KeycloakEventType[KeycloakEventType["OnReady"] = 5] = "OnReady";
17
18
  KeycloakEventType[KeycloakEventType["OnTokenExpired"] = 6] = "OnTokenExpired";
19
+ KeycloakEventType[KeycloakEventType["OnActionUpdate"] = 7] = "OnActionUpdate";
18
20
  })(KeycloakEventType || (KeycloakEventType = {}));
19
21
 
20
22
  class KeycloakAuthGuard {
@@ -23,21 +25,19 @@ class KeycloakAuthGuard {
23
25
  this.keycloakAngular = keycloakAngular;
24
26
  }
25
27
  canActivate(route, state) {
26
- return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {
28
+ return __awaiter(this, void 0, void 0, function* () {
27
29
  try {
28
30
  this.authenticated = yield this.keycloakAngular.isLoggedIn();
29
31
  this.roles = yield this.keycloakAngular.getUserRoles(true);
30
- const result = yield this.isAccessAllowed(route, state);
31
- resolve(result);
32
+ return yield this.isAccessAllowed(route, state);
32
33
  }
33
34
  catch (error) {
34
- reject('An error happened during access validation. Details:' + error);
35
+ throw new Error('An error happened during access validation. Details:' + error);
35
36
  }
36
- }));
37
+ });
37
38
  }
38
39
  }
39
40
 
40
- const Keycloak = Keycloak_;
41
41
  class KeycloakService {
42
42
  constructor() {
43
43
  this._keycloakEvents$ = new Subject();
@@ -46,7 +46,7 @@ class KeycloakService {
46
46
  this._instance.onAuthError = (errorData) => {
47
47
  this._keycloakEvents$.next({
48
48
  args: errorData,
49
- type: KeycloakEventType.OnAuthError,
49
+ type: KeycloakEventType.OnAuthError
50
50
  });
51
51
  };
52
52
  this._instance.onAuthLogout = () => {
@@ -54,12 +54,12 @@ class KeycloakService {
54
54
  };
55
55
  this._instance.onAuthRefreshSuccess = () => {
56
56
  this._keycloakEvents$.next({
57
- type: KeycloakEventType.OnAuthRefreshSuccess,
57
+ type: KeycloakEventType.OnAuthRefreshSuccess
58
58
  });
59
59
  };
60
60
  this._instance.onAuthRefreshError = () => {
61
61
  this._keycloakEvents$.next({
62
- type: KeycloakEventType.OnAuthRefreshError,
62
+ type: KeycloakEventType.OnAuthRefreshError
63
63
  });
64
64
  };
65
65
  this._instance.onAuthSuccess = () => {
@@ -67,13 +67,19 @@ class KeycloakService {
67
67
  };
68
68
  this._instance.onTokenExpired = () => {
69
69
  this._keycloakEvents$.next({
70
- type: KeycloakEventType.OnTokenExpired,
70
+ type: KeycloakEventType.OnTokenExpired
71
+ });
72
+ };
73
+ this._instance.onActionUpdate = (state) => {
74
+ this._keycloakEvents$.next({
75
+ args: state,
76
+ type: KeycloakEventType.OnActionUpdate
71
77
  });
72
78
  };
73
79
  this._instance.onReady = (authenticated) => {
74
80
  this._keycloakEvents$.next({
75
81
  args: authenticated,
76
- type: KeycloakEventType.OnReady,
82
+ type: KeycloakEventType.OnReady
77
83
  });
78
84
  };
79
85
  }
@@ -87,20 +93,23 @@ class KeycloakService {
87
93
  else {
88
94
  excludedUrl = {
89
95
  urlPattern: new RegExp(item.url, 'i'),
90
- httpMethods: item.httpMethods,
96
+ httpMethods: item.httpMethods
91
97
  };
92
98
  }
93
99
  excludedUrls.push(excludedUrl);
94
100
  }
95
101
  return excludedUrls;
96
102
  }
97
- initServiceValues({ enableBearerInterceptor = true, loadUserProfileAtStartUp = false, bearerExcludedUrls = [], authorizationHeaderName = 'Authorization', bearerPrefix = 'Bearer', initOptions, }) {
103
+ initServiceValues({ enableBearerInterceptor = true, loadUserProfileAtStartUp = false, bearerExcludedUrls = [], authorizationHeaderName = 'Authorization', bearerPrefix = 'Bearer', initOptions, updateMinValidity = 20, shouldAddToken = () => true, shouldUpdateToken = () => true }) {
98
104
  this._enableBearerInterceptor = enableBearerInterceptor;
99
105
  this._loadUserProfileAtStartUp = loadUserProfileAtStartUp;
100
106
  this._authorizationHeaderName = authorizationHeaderName;
101
107
  this._bearerPrefix = bearerPrefix.trim().concat(' ');
102
108
  this._excludedUrls = this.loadExcludedUrls(bearerExcludedUrls);
103
109
  this._silentRefresh = initOptions ? initOptions.flow === 'implicit' : false;
110
+ this._updateMinValidity = updateMinValidity;
111
+ this.shouldAddToken = shouldAddToken;
112
+ this.shouldUpdateToken = shouldUpdateToken;
104
113
  }
105
114
  init(options = {}) {
106
115
  return __awaiter(this, void 0, void 0, function* () {
@@ -126,7 +135,7 @@ class KeycloakService {
126
135
  logout(redirectUri) {
127
136
  return __awaiter(this, void 0, void 0, function* () {
128
137
  const options = {
129
- redirectUri,
138
+ redirectUri
130
139
  };
131
140
  yield this._instance.logout(options);
132
141
  this._userProfile = undefined;
@@ -165,11 +174,7 @@ class KeycloakService {
165
174
  isLoggedIn() {
166
175
  return __awaiter(this, void 0, void 0, function* () {
167
176
  try {
168
- if (!this._instance.authenticated) {
169
- return false;
170
- }
171
- yield this.updateToken(20);
172
- return true;
177
+ return this._instance.authenticated;
173
178
  }
174
179
  catch (error) {
175
180
  return false;
@@ -179,7 +184,7 @@ class KeycloakService {
179
184
  isTokenExpired(minValidity = 0) {
180
185
  return this._instance.isTokenExpired(minValidity);
181
186
  }
182
- updateToken(minValidity = 5) {
187
+ updateToken() {
183
188
  return __awaiter(this, void 0, void 0, function* () {
184
189
  if (this._silentRefresh) {
185
190
  if (this.isTokenExpired()) {
@@ -190,7 +195,7 @@ class KeycloakService {
190
195
  if (!this._instance) {
191
196
  throw new Error('Keycloak Angular library is not initialized.');
192
197
  }
193
- return this._instance.updateToken(minValidity);
198
+ return this._instance.updateToken(this._updateMinValidity);
194
199
  });
195
200
  }
196
201
  loadUserProfile(forceReload = false) {
@@ -201,12 +206,11 @@ class KeycloakService {
201
206
  if (!this._instance.authenticated) {
202
207
  throw new Error('The user profile was not loaded as the user is not logged in.');
203
208
  }
204
- return this._userProfile = yield this._instance.loadUserProfile();
209
+ return (this._userProfile = yield this._instance.loadUserProfile());
205
210
  });
206
211
  }
207
212
  getToken() {
208
213
  return __awaiter(this, void 0, void 0, function* () {
209
- yield this.updateToken(10);
210
214
  return this._instance.token;
211
215
  });
212
216
  }
@@ -220,7 +224,9 @@ class KeycloakService {
220
224
  this._instance.clearToken();
221
225
  }
222
226
  addTokenToHeader(headers = new HttpHeaders()) {
223
- return from(this.getToken()).pipe(map((token) => token ? headers.set(this._authorizationHeaderName, this._bearerPrefix + token) : headers));
227
+ return from(this.getToken()).pipe(map((token) => token
228
+ ? headers.set(this._authorizationHeaderName, this._bearerPrefix + token)
229
+ : headers));
224
230
  }
225
231
  getKeycloakInstance() {
226
232
  return this._instance;
@@ -235,14 +241,24 @@ class KeycloakService {
235
241
  return this._keycloakEvents$;
236
242
  }
237
243
  }
238
- KeycloakService.decorators = [
239
- { type: Injectable }
240
- ];
244
+ KeycloakService.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: KeycloakService, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
245
+ KeycloakService.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: KeycloakService });
246
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: KeycloakService, decorators: [{
247
+ type: Injectable
248
+ }] });
241
249
 
242
250
  class KeycloakBearerInterceptor {
243
251
  constructor(keycloak) {
244
252
  this.keycloak = keycloak;
245
253
  }
254
+ conditionallyUpdateToken(req) {
255
+ return __awaiter(this, void 0, void 0, function* () {
256
+ if (this.keycloak.shouldUpdateToken(req)) {
257
+ return yield this.keycloak.updateToken();
258
+ }
259
+ return true;
260
+ });
261
+ }
246
262
  isUrlExcluded({ method, url }, { urlPattern, httpMethods }) {
247
263
  const httpTest = httpMethods.length === 0 ||
248
264
  httpMethods.join().indexOf(method.toUpperCase()) > -1;
@@ -254,51 +270,69 @@ class KeycloakBearerInterceptor {
254
270
  if (!enableBearerInterceptor) {
255
271
  return next.handle(req);
256
272
  }
257
- const shallPass = excludedUrls.findIndex(item => this.isUrlExcluded(req, item)) > -1;
273
+ const shallPass = !this.keycloak.shouldAddToken(req) ||
274
+ excludedUrls.findIndex((item) => this.isUrlExcluded(req, item)) > -1;
258
275
  if (shallPass) {
259
276
  return next.handle(req);
260
277
  }
261
- return from(this.keycloak.isLoggedIn()).pipe(mergeMap((loggedIn) => loggedIn
278
+ return combineLatest([
279
+ this.conditionallyUpdateToken(req),
280
+ this.keycloak.isLoggedIn()
281
+ ]).pipe(mergeMap(([_, loggedIn]) => loggedIn
262
282
  ? this.handleRequestWithTokenHeader(req, next)
263
283
  : next.handle(req)));
264
284
  }
265
285
  handleRequestWithTokenHeader(req, next) {
266
- return this.keycloak.addTokenToHeader(req.headers).pipe(mergeMap(headersWithBearer => {
286
+ return this.keycloak.addTokenToHeader(req.headers).pipe(mergeMap((headersWithBearer) => {
267
287
  const kcReq = req.clone({ headers: headersWithBearer });
268
288
  return next.handle(kcReq);
269
289
  }));
270
290
  }
271
291
  }
272
- KeycloakBearerInterceptor.decorators = [
273
- { type: Injectable }
274
- ];
275
- KeycloakBearerInterceptor.ctorParameters = () => [
276
- { type: KeycloakService }
277
- ];
292
+ KeycloakBearerInterceptor.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: KeycloakBearerInterceptor, deps: [{ token: KeycloakService }], target: i0.ɵɵFactoryTarget.Injectable });
293
+ KeycloakBearerInterceptor.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: KeycloakBearerInterceptor });
294
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: KeycloakBearerInterceptor, decorators: [{
295
+ type: Injectable
296
+ }], ctorParameters: function () { return [{ type: KeycloakService }]; } });
278
297
 
279
298
  class CoreModule {
280
299
  }
281
- CoreModule.decorators = [
282
- { type: NgModule, args: [{
283
- imports: [CommonModule],
284
- providers: [
285
- KeycloakService,
286
- {
287
- provide: HTTP_INTERCEPTORS,
288
- useClass: KeycloakBearerInterceptor,
289
- multi: true
290
- }
291
- ]
292
- },] }
293
- ];
300
+ CoreModule.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: CoreModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule });
301
+ CoreModule.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: CoreModule, imports: [CommonModule] });
302
+ CoreModule.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: CoreModule, providers: [
303
+ KeycloakService,
304
+ {
305
+ provide: HTTP_INTERCEPTORS,
306
+ useClass: KeycloakBearerInterceptor,
307
+ multi: true
308
+ }
309
+ ], imports: [[CommonModule]] });
310
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: CoreModule, decorators: [{
311
+ type: NgModule,
312
+ args: [{
313
+ imports: [CommonModule],
314
+ providers: [
315
+ KeycloakService,
316
+ {
317
+ provide: HTTP_INTERCEPTORS,
318
+ useClass: KeycloakBearerInterceptor,
319
+ multi: true
320
+ }
321
+ ]
322
+ }]
323
+ }] });
294
324
 
295
325
  class KeycloakAngularModule {
296
326
  }
297
- KeycloakAngularModule.decorators = [
298
- { type: NgModule, args: [{
299
- imports: [CoreModule]
300
- },] }
301
- ];
327
+ KeycloakAngularModule.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: KeycloakAngularModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule });
328
+ KeycloakAngularModule.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: KeycloakAngularModule, imports: [CoreModule] });
329
+ KeycloakAngularModule.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: KeycloakAngularModule, imports: [[CoreModule]] });
330
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.1", ngImport: i0, type: KeycloakAngularModule, decorators: [{
331
+ type: NgModule,
332
+ args: [{
333
+ imports: [CoreModule]
334
+ }]
335
+ }] });
302
336
 
303
337
  export { CoreModule, KeycloakAngularModule, KeycloakAuthGuard, KeycloakBearerInterceptor, KeycloakEventType, KeycloakService };
304
- //# sourceMappingURL=keycloak-angular.js.map
338
+ //# sourceMappingURL=keycloak-angular.mjs.map
package/fesm2015/keycloak-angular.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"keycloak-angular.mjs","sources":["../../../projects/keycloak-angular/src/lib/core/interfaces/keycloak-event.ts","../../../projects/keycloak-angular/src/lib/core/services/keycloak-auth-guard.ts","../../../projects/keycloak-angular/src/lib/core/services/keycloak.service.ts","../../../projects/keycloak-angular/src/lib/core/interceptors/keycloak-bearer.interceptor.ts","../../../projects/keycloak-angular/src/lib/core/core.module.ts","../../../projects/keycloak-angular/src/lib/keycloak-angular.module.ts"],"sourcesContent":["/**\n * @license\n * Copyright Mauricio Gemelli Vigolo and contributors.\n *\n * Use of this source code is governed by a MIT-style license that can be\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/master/LICENSE.md\n */\n\n/**\n * Keycloak event types, as described at the keycloak-js documentation:\n * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events\n */\nexport enum KeycloakEventType {\n /**\n * Called if there was an error during authentication.\n */\n OnAuthError,\n /**\n * Called if the user is logged out\n * (will only be called if the session status iframe is enabled, or in Cordova mode).\n */\n OnAuthLogout,\n /**\n * Called if there was an error while trying to refresh the token.\n */\n OnAuthRefreshError,\n /**\n * Called when the token is refreshed.\n */\n OnAuthRefreshSuccess,\n /**\n * Called when a user is successfully authenticated.\n */\n OnAuthSuccess,\n /**\n * Called when the adapter is initialized.\n */\n OnReady,\n /**\n * Called when the access token is expired. If a refresh token is available the token\n * can be refreshed with updateToken, or in cases where it is not (that is, with implicit flow)\n * you can redirect to login screen to obtain a new access token.\n */\n OnTokenExpired,\n /**\n * Called when a AIA has been requested by the application.\n */\n OnActionUpdate\n}\n\n/**\n * Structure of an event triggered by Keycloak, contains it's type\n * and arguments (if any).\n */\nexport interface KeycloakEvent {\n /**\n * Event type as described at {@link KeycloakEventType}.\n */\n type: KeycloakEventType;\n /**\n * Arguments from the keycloak-js event function.\n */\n args?: unknown;\n}\n","/**\n * @license\n * Copyright Mauricio Gemelli Vigolo and contributors.\n *\n * Use of this source code is governed by a MIT-style license that can be\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/master/LICENSE.md\n */\n\nimport {\n CanActivate,\n Router,\n ActivatedRouteSnapshot,\n RouterStateSnapshot,\n UrlTree\n} from '@angular/router';\n\nimport { KeycloakService } from './keycloak.service';\n\n/**\n * A simple guard implementation out of the box. This class should be inherited and\n * implemented by the application. The only method that should be implemented is #isAccessAllowed.\n * The reason for this is that the authorization flow is usually not unique, so in this way you will\n * have more freedom to customize your authorization flow.\n */\nexport abstract class KeycloakAuthGuard implements CanActivate {\n /**\n * Indicates if the user is authenticated or not.\n */\n protected authenticated: boolean;\n /**\n * Roles of the logged user. It contains the clientId and realm user roles.\n */\n protected roles: string[];\n\n constructor(\n protected router: Router,\n protected keycloakAngular: KeycloakService\n ) {}\n\n /**\n * CanActivate checks if the user is logged in and get the full list of roles (REALM + CLIENT)\n * of the logged user. This values are set to authenticated and roles params.\n *\n * @param route\n * @param state\n */\n async canActivate(\n route: ActivatedRouteSnapshot,\n state: RouterStateSnapshot\n ): Promise<boolean | UrlTree> {\n try {\n this.authenticated = await this.keycloakAngular.isLoggedIn();\n this.roles = await this.keycloakAngular.getUserRoles(true);\n\n return await this.isAccessAllowed(route, state);\n } catch (error) {\n throw new Error(\n 'An error happened during access validation. Details:' + error\n );\n }\n }\n\n /**\n * Create your own customized authorization flow in this method. From here you already known\n * if the user is authenticated (this.authenticated) and the user roles (this.roles).\n *\n * Return a UrlTree if the user should be redirected to another route.\n *\n * @param route\n * @param state\n */\n abstract isAccessAllowed(\n route: ActivatedRouteSnapshot,\n state: RouterStateSnapshot\n ): Promise<boolean | UrlTree>;\n}\n","/**\n * @license\n * Copyright Mauricio Gemelli Vigolo and contributors.\n *\n * Use of this source code is governed by a MIT-style license that can be\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/master/LICENSE.md\n */\n\nimport { Injectable } from '@angular/core';\nimport { HttpHeaders, HttpRequest } from '@angular/common/http';\n\nimport { Subject, from } from 'rxjs';\nimport { map } from 'rxjs/operators';\nimport Keycloak from 'keycloak-js';\n\nimport {\n ExcludedUrl,\n ExcludedUrlRegex,\n KeycloakOptions\n} from '../interfaces/keycloak-options';\nimport { KeycloakEvent, KeycloakEventType } from '../interfaces/keycloak-event';\n\n/**\n * Service to expose existent methods from the Keycloak JS adapter, adding new\n * functionalities to improve the use of keycloak in Angular v > 4.3 applications.\n *\n * This class should be injected in the application bootstrap, so the same instance will be used\n * along the web application.\n */\n@Injectable()\nexport class KeycloakService {\n /**\n * Keycloak-js instance.\n */\n private _instance: Keycloak.KeycloakInstance;\n /**\n * User profile as KeycloakProfile interface.\n */\n private _userProfile: Keycloak.KeycloakProfile;\n /**\n * Flag to indicate if the bearer will not be added to the authorization header.\n */\n private _enableBearerInterceptor: boolean;\n /**\n * When the implicit flow is choosen there must exist a silentRefresh, as there is\n * no refresh token.\n */\n private _silentRefresh: boolean;\n /**\n * Indicates that the user profile should be loaded at the keycloak initialization,\n * just after the login.\n */\n private _loadUserProfileAtStartUp: boolean;\n /**\n * The bearer prefix that will be appended to the Authorization Header.\n */\n private _bearerPrefix: string;\n /**\n * Value that will be used as the Authorization Http Header name.\n */\n private _authorizationHeaderName: string;\n /**\n * @deprecated\n * The excluded urls patterns that must skip the KeycloakBearerInterceptor.\n */\n private _excludedUrls: ExcludedUrlRegex[];\n /**\n * Observer for the keycloak events\n */\n private _keycloakEvents$: Subject<KeycloakEvent> =\n new Subject<KeycloakEvent>();\n /**\n * The amount of required time remaining before expiry of the token before the token will be refreshed.\n */\n private _updateMinValidity: number;\n /**\n * Returns true if the request should have the token added to the headers by the KeycloakBearerInterceptor.\n */\n shouldAddToken: (request: HttpRequest<unknown>) => boolean;\n /**\n * Returns true if the request being made should potentially update the token.\n */\n shouldUpdateToken: (request: HttpRequest<unknown>) => boolean;\n\n /**\n * Binds the keycloak-js events to the keycloakEvents Subject\n * which is a good way to monitor for changes, if needed.\n *\n * The keycloakEvents returns the keycloak-js event type and any\n * argument if the source function provides any.\n */\n private bindsKeycloakEvents(): void {\n this._instance.onAuthError = (errorData) => {\n this._keycloakEvents$.next({\n args: errorData,\n type: KeycloakEventType.OnAuthError\n });\n };\n\n this._instance.onAuthLogout = () => {\n this._keycloakEvents$.next({ type: KeycloakEventType.OnAuthLogout });\n };\n\n this._instance.onAuthRefreshSuccess = () => {\n this._keycloakEvents$.next({\n type: KeycloakEventType.OnAuthRefreshSuccess\n });\n };\n\n this._instance.onAuthRefreshError = () => {\n this._keycloakEvents$.next({\n type: KeycloakEventType.OnAuthRefreshError\n });\n };\n\n this._instance.onAuthSuccess = () => {\n this._keycloakEvents$.next({ type: KeycloakEventType.OnAuthSuccess });\n };\n\n this._instance.onTokenExpired = () => {\n this._keycloakEvents$.next({\n type: KeycloakEventType.OnTokenExpired\n });\n };\n\n this._instance.onActionUpdate = (state) => {\n this._keycloakEvents$.next({\n args: state,\n type: KeycloakEventType.OnActionUpdate\n });\n };\n\n this._instance.onReady = (authenticated) => {\n this._keycloakEvents$.next({\n args: authenticated,\n type: KeycloakEventType.OnReady\n });\n };\n }\n\n /**\n * Loads all bearerExcludedUrl content in a uniform type: ExcludedUrl,\n * so it becomes easier to handle.\n *\n * @param bearerExcludedUrls array of strings or ExcludedUrl that includes\n * the url and HttpMethod.\n */\n private loadExcludedUrls(\n bearerExcludedUrls: (string | ExcludedUrl)[]\n ): ExcludedUrlRegex[] {\n const excludedUrls: ExcludedUrlRegex[] = [];\n for (const item of bearerExcludedUrls) {\n let excludedUrl: ExcludedUrlRegex;\n if (typeof item === 'string') {\n excludedUrl = { urlPattern: new RegExp(item, 'i'), httpMethods: [] };\n } else {\n excludedUrl = {\n urlPattern: new RegExp(item.url, 'i'),\n httpMethods: item.httpMethods\n };\n }\n excludedUrls.push(excludedUrl);\n }\n return excludedUrls;\n }\n\n /**\n * Handles the class values initialization.\n *\n * @param options\n */\n private initServiceValues({\n enableBearerInterceptor = true,\n loadUserProfileAtStartUp = false,\n bearerExcludedUrls = [],\n authorizationHeaderName = 'Authorization',\n bearerPrefix = 'Bearer',\n initOptions,\n updateMinValidity = 20,\n shouldAddToken = () => true,\n shouldUpdateToken = () => true\n }: KeycloakOptions): void {\n this._enableBearerInterceptor = enableBearerInterceptor;\n this._loadUserProfileAtStartUp = loadUserProfileAtStartUp;\n this._authorizationHeaderName = authorizationHeaderName;\n this._bearerPrefix = bearerPrefix.trim().concat(' ');\n this._excludedUrls = this.loadExcludedUrls(bearerExcludedUrls);\n this._silentRefresh = initOptions ? initOptions.flow === 'implicit' : false;\n this._updateMinValidity = updateMinValidity;\n this.shouldAddToken = shouldAddToken;\n this.shouldUpdateToken = shouldUpdateToken;\n }\n\n /**\n * Keycloak initialization. It should be called to initialize the adapter.\n * Options is a object with 2 main parameters: config and initOptions. The first one\n * will be used to create the Keycloak instance. The second one are options to initialize the\n * keycloak instance.\n *\n * @param options\n * Config: may be a string representing the keycloak URI or an object with the\n * following content:\n * - url: Keycloak json URL\n * - realm: realm name\n * - clientId: client id\n *\n * initOptions:\n * Options to initialize the Keycloak adapter, matches the options as provided by Keycloak itself.\n *\n * enableBearerInterceptor:\n * Flag to indicate if the bearer will added to the authorization header.\n *\n * loadUserProfileInStartUp:\n * Indicates that the user profile should be loaded at the keycloak initialization,\n * just after the login.\n *\n * bearerExcludedUrls:\n * String Array to exclude the urls that should not have the Authorization Header automatically\n * added.\n *\n * authorizationHeaderName:\n * This value will be used as the Authorization Http Header name.\n *\n * bearerPrefix:\n * This value will be included in the Authorization Http Header param.\n *\n * tokenUpdateExcludedHeaders:\n * Array of Http Header key/value maps that should not trigger the token to be updated.\n *\n * updateMinValidity:\n * This value determines if the token will be refreshed based on its expiration time.\n *\n * @returns\n * A Promise with a boolean indicating if the initialization was successful.\n */\n public async init(options: KeycloakOptions = {}) {\n this.initServiceValues(options);\n const { config, initOptions } = options;\n\n this._instance = Keycloak(config);\n this.bindsKeycloakEvents();\n\n const authenticated = await this._instance.init(initOptions);\n\n if (authenticated && this._loadUserProfileAtStartUp) {\n await this.loadUserProfile();\n }\n\n return authenticated;\n }\n\n /**\n * Redirects to login form on (options is an optional object with redirectUri and/or\n * prompt fields).\n *\n * @param options\n * Object, where:\n * - redirectUri: Specifies the uri to redirect to after login.\n * - prompt:By default the login screen is displayed if the user is not logged-in to Keycloak.\n * To only authenticate to the application if the user is already logged-in and not display the\n * login page if the user is not logged-in, set this option to none. To always require\n * re-authentication and ignore SSO, set this option to login .\n * - maxAge: Used just if user is already authenticated. Specifies maximum time since the\n * authentication of user happened. If user is already authenticated for longer time than\n * maxAge, the SSO is ignored and he will need to re-authenticate again.\n * - loginHint: Used to pre-fill the username/email field on the login form.\n * - action: If value is 'register' then user is redirected to registration page, otherwise to\n * login page.\n * - locale: Specifies the desired locale for the UI.\n * @returns\n * A void Promise if the login is successful and after the user profile loading.\n */\n public async login(options: Keycloak.KeycloakLoginOptions = {}) {\n await this._instance.login(options);\n\n if (this._loadUserProfileAtStartUp) {\n await this.loadUserProfile();\n }\n }\n\n /**\n * Redirects to logout.\n *\n * @param redirectUri\n * Specifies the uri to redirect to after logout.\n * @returns\n * A void Promise if the logout was successful, cleaning also the userProfile.\n */\n public async logout(redirectUri?: string) {\n const options = {\n redirectUri\n };\n\n await this._instance.logout(options);\n this._userProfile = undefined;\n }\n\n /**\n * Redirects to registration form. Shortcut for login with option\n * action = 'register'. Options are same as for the login method but 'action' is set to\n * 'register'.\n *\n * @param options\n * login options\n * @returns\n * A void Promise if the register flow was successful.\n */\n public async register(\n options: Keycloak.KeycloakLoginOptions = { action: 'register' }\n ) {\n await this._instance.register(options);\n }\n\n /**\n * Check if the user has access to the specified role. It will look for roles in\n * realm and clientId, but will not check if the user is logged in for better performance.\n *\n * @param role\n * role name\n * @param resource\n * resource name If not specified, `clientId` is used\n * @returns\n * A boolean meaning if the user has the specified Role.\n */\n isUserInRole(role: string, resource?: string): boolean {\n let hasRole: boolean;\n hasRole = this._instance.hasResourceRole(role, resource);\n if (!hasRole) {\n hasRole = this._instance.hasRealmRole(role);\n }\n return hasRole;\n }\n\n /**\n * Return the roles of the logged user. The allRoles parameter, with default value\n * true, will return the clientId and realm roles associated with the logged user. If set to false\n * it will only return the user roles associated with the clientId.\n *\n * @param allRoles\n * Flag to set if all roles should be returned.(Optional: default value is true)\n * @returns\n * Array of Roles associated with the logged user.\n */\n getUserRoles(allRoles: boolean = true): string[] {\n let roles: string[] = [];\n if (this._instance.resourceAccess) {\n for (const key in this._instance.resourceAccess) {\n if (this._instance.resourceAccess.hasOwnProperty(key)) {\n const resourceAccess = this._instance.resourceAccess[key];\n const clientRoles = resourceAccess['roles'] || [];\n roles = roles.concat(clientRoles);\n }\n }\n }\n if (allRoles && this._instance.realmAccess) {\n const realmRoles = this._instance.realmAccess['roles'] || [];\n roles.push(...realmRoles);\n }\n return roles;\n }\n\n /**\n * Check if user is logged in.\n *\n * @returns\n * A boolean that indicates if the user is logged in.\n */\n async isLoggedIn(): Promise<boolean> {\n try {\n return this._instance.authenticated;\n } catch (error) {\n return false;\n }\n }\n\n /**\n * Returns true if the token has less than minValidity seconds left before\n * it expires.\n *\n * @param minValidity\n * Seconds left. (minValidity) is optional. Default value is 0.\n * @returns\n * Boolean indicating if the token is expired.\n */\n isTokenExpired(minValidity: number = 0): boolean {\n return this._instance.isTokenExpired(minValidity);\n }\n\n /**\n * If the token expires within _updateMinValidity seconds the token is refreshed. If the\n * session status iframe is enabled, the session status is also checked.\n * Returns a promise telling if the token was refreshed or not. If the session is not active\n * anymore, the promise is rejected.\n *\n * @returns\n * Promise with a boolean indicating if the token was succesfully updated.\n */\n public async updateToken() {\n // TODO: this is a workaround until the silent refresh (issue #43)\n // is not implemented, avoiding the redirect loop.\n if (this._silentRefresh) {\n if (this.isTokenExpired()) {\n throw new Error(\n 'Failed to refresh the token, or the session is expired'\n );\n }\n\n return true;\n }\n\n if (!this._instance) {\n throw new Error('Keycloak Angular library is not initialized.');\n }\n\n return this._instance.updateToken(this._updateMinValidity);\n }\n\n /**\n * Loads the user profile.\n * Returns promise to set functions to be invoked if the profile was loaded\n * successfully, or if the profile could not be loaded.\n *\n * @param forceReload\n * If true will force the loadUserProfile even if its already loaded.\n * @returns\n * A promise with the KeycloakProfile data loaded.\n */\n public async loadUserProfile(forceReload = false) {\n if (this._userProfile && !forceReload) {\n return this._userProfile;\n }\n\n if (!this._instance.authenticated) {\n throw new Error(\n 'The user profile was not loaded as the user is not logged in.'\n );\n }\n\n return (this._userProfile = await this._instance.loadUserProfile());\n }\n\n /**\n * Returns the authenticated token, calling updateToken to get a refreshed one if necessary.\n */\n public async getToken() {\n return this._instance.token;\n }\n\n /**\n * Returns the logged username.\n *\n * @returns\n * The logged username.\n */\n public getUsername() {\n if (!this._userProfile) {\n throw new Error('User not logged in or user profile was not loaded.');\n }\n\n return this._userProfile.username;\n }\n\n /**\n * Clear authentication state, including tokens. This can be useful if application\n * has detected the session was expired, for example if updating token fails.\n * Invoking this results in onAuthLogout callback listener being invoked.\n */\n clearToken(): void {\n this._instance.clearToken();\n }\n\n /**\n * Adds a valid token in header. The key & value format is:\n * Authorization Bearer <token>.\n * If the headers param is undefined it will create the Angular headers object.\n *\n * @param headers\n * Updated header with Authorization and Keycloak token.\n * @returns\n * An observable with with the HTTP Authorization header and the current token.\n */\n public addTokenToHeader(headers: HttpHeaders = new HttpHeaders()) {\n return from(this.getToken()).pipe(\n map((token) =>\n token\n ? headers.set(\n this._authorizationHeaderName,\n this._bearerPrefix + token\n )\n : headers\n )\n );\n }\n\n /**\n * Returns the original Keycloak instance, if you need any customization that\n * this Angular service does not support yet. Use with caution.\n *\n * @returns\n * The KeycloakInstance from keycloak-js.\n */\n getKeycloakInstance(): Keycloak.KeycloakInstance {\n return this._instance;\n }\n\n /**\n * @deprecated\n * Returns the excluded URLs that should not be considered by\n * the http interceptor which automatically adds the authorization header in the Http Request.\n *\n * @returns\n * The excluded urls that must not be intercepted by the KeycloakBearerInterceptor.\n */\n get excludedUrls(): ExcludedUrlRegex[] {\n return this._excludedUrls;\n }\n\n /**\n * Flag to indicate if the bearer will be added to the authorization header.\n *\n * @returns\n * Returns if the bearer interceptor was set to be disabled.\n */\n get enableBearerInterceptor(): boolean {\n return this._enableBearerInterceptor;\n }\n\n /**\n * Keycloak subject to monitor the events triggered by keycloak-js.\n * The following events as available (as described at keycloak docs -\n * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events):\n * - OnAuthError\n * - OnAuthLogout\n * - OnAuthRefreshError\n * - OnAuthRefreshSuccess\n * - OnAuthSuccess\n * - OnReady\n * - OnTokenExpire\n * In each occurrence of any of these, this subject will return the event type,\n * described at {@link KeycloakEventType} enum and the function args from the keycloak-js\n * if provided any.\n *\n * @returns\n * A subject with the {@link KeycloakEvent} which describes the event type and attaches the\n * function args.\n */\n get keycloakEvents$(): Subject<KeycloakEvent> {\n return this._keycloakEvents$;\n }\n}\n","/**\n * @license\n * Copyright Mauricio Gemelli Vigolo and contributors.\n *\n * Use of this source code is governed by a MIT-style license that can be\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/master/LICENSE.md\n */\n\nimport { Injectable } from '@angular/core';\nimport {\n HttpInterceptor,\n HttpRequest,\n HttpHandler,\n HttpEvent\n} from '@angular/common/http';\n\nimport { Observable, combineLatest } from 'rxjs';\nimport { mergeMap } from 'rxjs/operators';\n\nimport { KeycloakService } from '../services/keycloak.service';\nimport { ExcludedUrlRegex } from '../interfaces/keycloak-options';\n\n/**\n * This interceptor includes the bearer by default in all HttpClient requests.\n *\n * If you need to exclude some URLs from adding the bearer, please, take a look\n * at the {@link KeycloakOptions} bearerExcludedUrls property.\n */\n@Injectable()\nexport class KeycloakBearerInterceptor implements HttpInterceptor {\n constructor(private keycloak: KeycloakService) {}\n\n /**\n * Calls to update the keycloak token if the request should update the token.\n *\n * @param req http request from @angular http module.\n * @returns\n * A promise boolean for the token update or noop result.\n */\n private async conditionallyUpdateToken(\n req: HttpRequest<unknown>\n ): Promise<boolean> {\n if (this.keycloak.shouldUpdateToken(req)) {\n return await this.keycloak.updateToken();\n }\n\n return true;\n }\n\n /**\n * @deprecated\n * Checks if the url is excluded from having the Bearer Authorization\n * header added.\n *\n * @param req http request from @angular http module.\n * @param excludedUrlRegex contains the url pattern and the http methods,\n * excluded from adding the bearer at the Http Request.\n */\n private isUrlExcluded(\n { method, url }: HttpRequest<unknown>,\n { urlPattern, httpMethods }: ExcludedUrlRegex\n ): boolean {\n const httpTest =\n httpMethods.length === 0 ||\n httpMethods.join().indexOf(method.toUpperCase()) > -1;\n\n const urlTest = urlPattern.test(url);\n\n return httpTest && urlTest;\n }\n\n /**\n * Intercept implementation that checks if the request url matches the excludedUrls.\n * If not, adds the Authorization header to the request if the user is logged in.\n *\n * @param req\n * @param next\n */\n public intercept(\n req: HttpRequest<unknown>,\n next: HttpHandler\n ): Observable<HttpEvent<unknown>> {\n const { enableBearerInterceptor, excludedUrls } = this.keycloak;\n if (!enableBearerInterceptor) {\n return next.handle(req);\n }\n\n const shallPass: boolean =\n !this.keycloak.shouldAddToken(req) ||\n excludedUrls.findIndex((item) => this.isUrlExcluded(req, item)) > -1;\n if (shallPass) {\n return next.handle(req);\n }\n\n return combineLatest([\n this.conditionallyUpdateToken(req),\n this.keycloak.isLoggedIn()\n ]).pipe(\n mergeMap(([_, loggedIn]: [boolean, boolean]) =>\n loggedIn\n ? this.handleRequestWithTokenHeader(req, next)\n : next.handle(req)\n )\n );\n }\n\n /**\n * Adds the token of the current user to the Authorization header\n *\n * @param req\n * @param next\n */\n private handleRequestWithTokenHeader(\n req: HttpRequest<unknown>,\n next: HttpHandler\n ): Observable<HttpEvent<unknown>> {\n return this.keycloak.addTokenToHeader(req.headers).pipe(\n mergeMap((headersWithBearer) => {\n const kcReq = req.clone({ headers: headersWithBearer });\n return next.handle(kcReq);\n })\n );\n }\n}\n","/**\n * @license\n * Copyright Mauricio Gemelli Vigolo and contributors.\n *\n * Use of this source code is governed by a MIT-style license that can be\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/master/LICENSE.md\n */\n\nimport { NgModule } from '@angular/core';\nimport { CommonModule } from '@angular/common';\nimport { HTTP_INTERCEPTORS } from '@angular/common/http';\n\nimport { KeycloakService } from './services/keycloak.service';\nimport { KeycloakBearerInterceptor } from './interceptors/keycloak-bearer.interceptor';\n\n@NgModule({\n imports: [CommonModule],\n providers: [\n KeycloakService,\n {\n provide: HTTP_INTERCEPTORS,\n useClass: KeycloakBearerInterceptor,\n multi: true\n }\n ]\n})\nexport class CoreModule {}\n","/**\n * @license\n * Copyright Mauricio Gemelli Vigolo and contributors.\n *\n * Use of this source code is governed by a MIT-style license that can be\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/master/LICENSE.md\n */\n\nimport { NgModule } from '@angular/core';\n\nimport { CoreModule } from './core/core.module';\n\n@NgModule({\n imports: [CoreModule]\n})\nexport class KeycloakAngularModule {}\n"],"names":[],"mappings":";;;;;;;;;IAYY;AAAZ,WAAY,iBAAiB;IAI3B,uEAAW,CAAA;IAKX,yEAAY,CAAA;IAIZ,qFAAkB,CAAA;IAIlB,yFAAoB,CAAA;IAIpB,2EAAa,CAAA;IAIb,+DAAO,CAAA;IAMP,6EAAc,CAAA;IAId,6EAAc,CAAA;AAChB,CAAC,EApCW,iBAAiB,KAAjB,iBAAiB;;MCYP,iBAAiB;IAUrC,YACY,MAAc,EACd,eAAgC;QADhC,WAAM,GAAN,MAAM,CAAQ;QACd,oBAAe,GAAf,eAAe,CAAiB;KACxC;IASE,WAAW,CACf,KAA6B,EAC7B,KAA0B;;YAE1B,IAAI;gBACF,IAAI,CAAC,aAAa,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,CAAC;gBAC7D,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;gBAE3D,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;aACjD;YAAC,OAAO,KAAK,EAAE;gBACd,MAAM,IAAI,KAAK,CACb,sDAAsD,GAAG,KAAK,CAC/D,CAAC;aACH;SACF;KAAA;;;MC9BU,eAAe;IAD5B;QAwCU,qBAAgB,GACtB,IAAI,OAAO,EAAiB,CAAC;KA+dhC;IA1cS,mBAAmB;QACzB,IAAI,CAAC,SAAS,CAAC,WAAW,GAAG,CAAC,SAAS;YACrC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;gBACzB,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,iBAAiB,CAAC,WAAW;aACpC,CAAC,CAAC;SACJ,CAAC;QAEF,IAAI,CAAC,SAAS,CAAC,YAAY,GAAG;YAC5B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iBAAiB,CAAC,YAAY,EAAE,CAAC,CAAC;SACtE,CAAC;QAEF,IAAI,CAAC,SAAS,CAAC,oBAAoB,GAAG;YACpC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;gBACzB,IAAI,EAAE,iBAAiB,CAAC,oBAAoB;aAC7C,CAAC,CAAC;SACJ,CAAC;QAEF,IAAI,CAAC,SAAS,CAAC,kBAAkB,GAAG;YAClC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;gBACzB,IAAI,EAAE,iBAAiB,CAAC,kBAAkB;aAC3C,CAAC,CAAC;SACJ,CAAC;QAEF,IAAI,CAAC,SAAS,CAAC,aAAa,GAAG;YAC7B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iBAAiB,CAAC,aAAa,EAAE,CAAC,CAAC;SACvE,CAAC;QAEF,IAAI,CAAC,SAAS,CAAC,cAAc,GAAG;YAC9B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;gBACzB,IAAI,EAAE,iBAAiB,CAAC,cAAc;aACvC,CAAC,CAAC;SACJ,CAAC;QAEF,IAAI,CAAC,SAAS,CAAC,cAAc,GAAG,CAAC,KAAK;YACpC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;gBACzB,IAAI,EAAE,KAAK;gBACX,IAAI,EAAE,iBAAiB,CAAC,cAAc;aACvC,CAAC,CAAC;SACJ,CAAC;QAEF,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,CAAC,aAAa;YACrC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;gBACzB,IAAI,EAAE,aAAa;gBACnB,IAAI,EAAE,iBAAiB,CAAC,OAAO;aAChC,CAAC,CAAC;SACJ,CAAC;KACH;IASO,gBAAgB,CACtB,kBAA4C;QAE5C,MAAM,YAAY,GAAuB,EAAE,CAAC;QAC5C,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE;YACrC,IAAI,WAA6B,CAAC;YAClC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;gBAC5B,WAAW,GAAG,EAAE,UAAU,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;aACtE;iBAAM;gBACL,WAAW,GAAG;oBACZ,UAAU,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC;oBACrC,WAAW,EAAE,IAAI,CAAC,WAAW;iBAC9B,CAAC;aACH;YACD,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;SAChC;QACD,OAAO,YAAY,CAAC;KACrB;IAOO,iBAAiB,CAAC,EACxB,uBAAuB,GAAG,IAAI,EAC9B,wBAAwB,GAAG,KAAK,EAChC,kBAAkB,GAAG,EAAE,EACvB,uBAAuB,GAAG,eAAe,EACzC,YAAY,GAAG,QAAQ,EACvB,WAAW,EACX,iBAAiB,GAAG,EAAE,EACtB,cAAc,GAAG,MAAM,IAAI,EAC3B,iBAAiB,GAAG,MAAM,IAAI,EACd;QAChB,IAAI,CAAC,wBAAwB,GAAG,uBAAuB,CAAC;QACxD,IAAI,CAAC,yBAAyB,GAAG,wBAAwB,CAAC;QAC1D,IAAI,CAAC,wBAAwB,GAAG,uBAAuB,CAAC;QACxD,IAAI,CAAC,aAAa,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACrD,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;QAC/D,IAAI,CAAC,cAAc,GAAG,WAAW,GAAG,WAAW,CAAC,IAAI,KAAK,UAAU,GAAG,KAAK,CAAC;QAC5E,IAAI,CAAC,kBAAkB,GAAG,iBAAiB,CAAC;QAC5C,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;KAC5C;IA4CY,IAAI,CAAC,UAA2B,EAAE;;YAC7C,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAChC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YAExC,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAE3B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAE7D,IAAI,aAAa,IAAI,IAAI,CAAC,yBAAyB,EAAE;gBACnD,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;aAC9B;YAED,OAAO,aAAa,CAAC;SACtB;KAAA;IAuBY,KAAK,CAAC,UAAyC,EAAE;;YAC5D,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAEpC,IAAI,IAAI,CAAC,yBAAyB,EAAE;gBAClC,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;aAC9B;SACF;KAAA;IAUY,MAAM,CAAC,WAAoB;;YACtC,MAAM,OAAO,GAAG;gBACd,WAAW;aACZ,CAAC;YAEF,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;SAC/B;KAAA;IAYY,QAAQ,CACnB,UAAyC,EAAE,MAAM,EAAE,UAAU,EAAE;;YAE/D,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;SACxC;KAAA;IAaD,YAAY,CAAC,IAAY,EAAE,QAAiB;QAC1C,IAAI,OAAgB,CAAC;QACrB,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;SAC7C;QACD,OAAO,OAAO,CAAC;KAChB;IAYD,YAAY,CAAC,WAAoB,IAAI;QACnC,IAAI,KAAK,GAAa,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE;YACjC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE;gBAC/C,IAAI,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE;oBACrD,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;oBAC1D,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;oBAClD,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;iBACnC;aACF;SACF;QACD,IAAI,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE;YAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAC7D,KAAK,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;SAC3B;QACD,OAAO,KAAK,CAAC;KACd;IAQK,UAAU;;YACd,IAAI;gBACF,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;aACrC;YAAC,OAAO,KAAK,EAAE;gBACd,OAAO,KAAK,CAAC;aACd;SACF;KAAA;IAWD,cAAc,CAAC,cAAsB,CAAC;QACpC,OAAO,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;KACnD;IAWY,WAAW;;YAGtB,IAAI,IAAI,CAAC,cAAc,EAAE;gBACvB,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE;oBACzB,MAAM,IAAI,KAAK,CACb,wDAAwD,CACzD,CAAC;iBACH;gBAED,OAAO,IAAI,CAAC;aACb;YAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE;gBACnB,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACjE;YAED,OAAO,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;SAC5D;KAAA;IAYY,eAAe,CAAC,WAAW,GAAG,KAAK;;YAC9C,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,WAAW,EAAE;gBACrC,OAAO,IAAI,CAAC,YAAY,CAAC;aAC1B;YAED,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE;gBACjC,MAAM,IAAI,KAAK,CACb,+DAA+D,CAChE,CAAC;aACH;YAED,QAAQ,IAAI,CAAC,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,eAAe,EAAE,EAAE;SACrE;KAAA;IAKY,QAAQ;;YACnB,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;SAC7B;KAAA;IAQM,WAAW;QAChB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE;YACtB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;SACvE;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC;KACnC;IAOD,UAAU;QACR,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC;KAC7B;IAYM,gBAAgB,CAAC,UAAuB,IAAI,WAAW,EAAE;QAC9D,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAC/B,GAAG,CAAC,CAAC,KAAK,KACR,KAAK;cACD,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,wBAAwB,EAC7B,IAAI,CAAC,aAAa,GAAG,KAAK,CAC3B;cACD,OAAO,CACZ,CACF,CAAC;KACH;IASD,mBAAmB;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC;KACvB;IAUD,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;KAC3B;IAQD,IAAI,uBAAuB;QACzB,OAAO,IAAI,CAAC,wBAAwB,CAAC;KACtC;IAqBD,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;KAC9B;;4GAtgBU,eAAe;gHAAf,eAAe;2FAAf,eAAe;kBAD3B,UAAU;;;MCAE,yBAAyB;IACpC,YAAoB,QAAyB;QAAzB,aAAQ,GAAR,QAAQ,CAAiB;KAAI;IASnC,wBAAwB,CACpC,GAAyB;;YAEzB,IAAI,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,EAAE;gBACxC,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;aAC1C;YAED,OAAO,IAAI,CAAC;SACb;KAAA;IAWO,aAAa,CACnB,EAAE,MAAM,EAAE,GAAG,EAAwB,EACrC,EAAE,UAAU,EAAE,WAAW,EAAoB;QAE7C,MAAM,QAAQ,GACZ,WAAW,CAAC,MAAM,KAAK,CAAC;YACxB,WAAW,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAExD,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErC,OAAO,QAAQ,IAAI,OAAO,CAAC;KAC5B;IASM,SAAS,CACd,GAAyB,EACzB,IAAiB;QAEjB,MAAM,EAAE,uBAAuB,EAAE,YAAY,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAChE,IAAI,CAAC,uBAAuB,EAAE;YAC5B,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;SACzB;QAED,MAAM,SAAS,GACb,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,GAAG,CAAC;YAClC,YAAY,CAAC,SAAS,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACvE,IAAI,SAAS,EAAE;YACb,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;SACzB;QAED,OAAO,aAAa,CAAC;YACnB,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC;YAClC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE;SAC3B,CAAC,CAAC,IAAI,CACL,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAqB,KACzC,QAAQ;cACJ,IAAI,CAAC,4BAA4B,CAAC,GAAG,EAAE,IAAI,CAAC;cAC5C,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CACrB,CACF,CAAC;KACH;IAQO,4BAA4B,CAClC,GAAyB,EACzB,IAAiB;QAEjB,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CACrD,QAAQ,CAAC,CAAC,iBAAiB;YACzB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC3B,CAAC,CACH,CAAC;KACH;;sHA7FU,yBAAyB;0HAAzB,yBAAyB;2FAAzB,yBAAyB;kBADrC,UAAU;;;MCFE,UAAU;;uGAAV,UAAU;wGAAV,UAAU,YAVX,YAAY;wGAUX,UAAU,aATV;QACT,eAAe;QACf;YACE,OAAO,EAAE,iBAAiB;YAC1B,QAAQ,EAAE,yBAAyB;YACnC,KAAK,EAAE,IAAI;SACZ;KACF,YARQ,CAAC,YAAY,CAAC;2FAUZ,UAAU;kBAXtB,QAAQ;mBAAC;oBACR,OAAO,EAAE,CAAC,YAAY,CAAC;oBACvB,SAAS,EAAE;wBACT,eAAe;wBACf;4BACE,OAAO,EAAE,iBAAiB;4BAC1B,QAAQ,EAAE,yBAAyB;4BACnC,KAAK,EAAE,IAAI;yBACZ;qBACF;iBACF;;;MCVY,qBAAqB;;kHAArB,qBAAqB;mHAArB,qBAAqB,YAFtB,UAAU;mHAET,qBAAqB,YAFvB,CAAC,UAAU,CAAC;2FAEV,qBAAqB;kBAHjC,QAAQ;mBAAC;oBACR,OAAO,EAAE,CAAC,UAAU,CAAC;iBACtB;;;;;"}