lucifer-gate 0.8.10 → 0.8.11-alpha.2.4cc9d8a
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/domains/command-gateway/api/register_execute_routes.js +20 -28
- package/dist/server/domains/command-gateway/api/register_execute_routes.js.map +1 -1
- package/dist/server/domains/command-gateway/service/resolve_execution_plan.js +37 -0
- package/dist/server/domains/command-gateway/service/resolve_execution_plan.js.map +1 -0
- package/dist/server/domains/request-proxy/service/proxy_auth.js +126 -48
- package/dist/server/domains/request-proxy/service/proxy_auth.js.map +1 -1
- package/package.json +1 -1
|
@@ -3,7 +3,7 @@ import rateLimit from 'express-rate-limit';
|
|
|
3
3
|
import { authenticateRequest, createRateLimiter } from '../service/authenticate_request.js';
|
|
4
4
|
import { executeAndAudit } from '../service/execute_and_audit.js';
|
|
5
5
|
import { handleManualApproval } from '../service/handle_manual_approval.js';
|
|
6
|
-
import {
|
|
6
|
+
import { resolveExecutionPlan } from '../service/resolve_execution_plan.js';
|
|
7
7
|
function validateExecuteInput(command, cwd) {
|
|
8
8
|
if (!command || typeof command !== 'string') {
|
|
9
9
|
return {
|
|
@@ -71,46 +71,40 @@ export function registerExecuteRoutes(deps) {
|
|
|
71
71
|
apiKeyName,
|
|
72
72
|
ip,
|
|
73
73
|
});
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
74
|
+
const plan = resolveExecutionPlan({
|
|
75
|
+
command,
|
|
76
|
+
aliases: config.aliases,
|
|
77
|
+
commandRulesStore,
|
|
78
|
+
approvalStore,
|
|
79
|
+
});
|
|
80
|
+
if (plan.kind === 'alias-args-bypass') {
|
|
81
|
+
// ADR-009: reject commands that start with an alias name but are not an
|
|
82
|
+
// exact alias invocation, before any rule match runs. Without this check
|
|
83
|
+
// a prefix-based command rule on the alias name would shadow-bypass the
|
|
84
|
+
// alias's shell-free execution guarantee.
|
|
82
85
|
auditLog.append({
|
|
83
86
|
ts: new Date().toISOString(),
|
|
84
87
|
type: 'denied',
|
|
85
88
|
requestId,
|
|
86
89
|
command,
|
|
87
|
-
error: `alias '${
|
|
90
|
+
error: `alias '${plan.alias}' does not accept arguments`,
|
|
88
91
|
});
|
|
89
92
|
res.status(403).json({
|
|
90
93
|
code: 'ALIAS_ARGS_NOT_SUPPORTED',
|
|
91
|
-
message: `Alias '${
|
|
94
|
+
message: `Alias '${plan.alias}' does not accept arguments in this version. Send '${plan.alias}' exactly.`,
|
|
92
95
|
retryable: false,
|
|
93
96
|
});
|
|
94
97
|
return;
|
|
95
98
|
}
|
|
96
|
-
// Resolve the alias once up front so audit entries for rule decisions,
|
|
97
|
-
// approval checks, and execution all carry `aliasPath`/`aliasType` when
|
|
98
|
-
// the command runs as an alias. `resolveAlias` is pure and cheap; the
|
|
99
|
-
// executor does its own lookup to stay self-contained.
|
|
100
|
-
const resolvedAlias = resolveAlias(command, config.aliases);
|
|
101
|
-
const aliasAudit = resolvedAlias
|
|
102
|
-
? { aliasPath: resolvedAlias.path, aliasType: resolvedAlias.type }
|
|
103
|
-
: {};
|
|
104
|
-
// Match against command rules
|
|
105
|
-
const ruleMatch = commandRulesStore.matchRule(command);
|
|
106
99
|
auditLog.append({
|
|
107
100
|
ts: new Date().toISOString(),
|
|
108
101
|
type: 'rule_match',
|
|
109
102
|
requestId,
|
|
110
103
|
command,
|
|
111
|
-
ruleAction:
|
|
104
|
+
ruleAction: plan.ruleAction,
|
|
112
105
|
});
|
|
113
|
-
|
|
106
|
+
const { aliasAudit } = plan;
|
|
107
|
+
if (plan.kind === 'rule-deny') {
|
|
114
108
|
auditLog.append({ ts: new Date().toISOString(), type: 'denied', requestId, command, ...aliasAudit });
|
|
115
109
|
res.status(403).json({
|
|
116
110
|
code: 'COMMAND_DENIED',
|
|
@@ -119,14 +113,12 @@ export function registerExecuteRoutes(deps) {
|
|
|
119
113
|
});
|
|
120
114
|
return;
|
|
121
115
|
}
|
|
122
|
-
if (
|
|
116
|
+
if (plan.kind === 'always-approve') {
|
|
123
117
|
auditLog.append({ ts: new Date().toISOString(), type: 'approved', requestId, command, duration: 'policy', ...aliasAudit });
|
|
124
118
|
await executeAndAudit({ command, requestId, cwd, config, auditLog, aliasAudit, res });
|
|
125
119
|
return;
|
|
126
120
|
}
|
|
127
|
-
|
|
128
|
-
const existingApproval = approvalStore.findApproval(command);
|
|
129
|
-
if (existingApproval) {
|
|
121
|
+
if (plan.kind === 'cached-approval') {
|
|
130
122
|
auditLog.append({
|
|
131
123
|
ts: new Date().toISOString(),
|
|
132
124
|
type: 'approval_check',
|
|
@@ -138,7 +130,7 @@ export function registerExecuteRoutes(deps) {
|
|
|
138
130
|
await executeAndAudit({ command, requestId, cwd, config, auditLog, aliasAudit, res });
|
|
139
131
|
return;
|
|
140
132
|
}
|
|
141
|
-
//
|
|
133
|
+
// plan.kind === 'manual-approve'
|
|
142
134
|
await handleManualApproval({
|
|
143
135
|
command, requestId, apiKeyName, ip, cwd, config,
|
|
144
136
|
approvalChannel, pendingStore, auditLog, aliasAudit, res,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register_execute_routes.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/api/register_execute_routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,SAAS,MAAM,oBAAoB,CAAC;AAK3C,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC5F,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5E,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"register_execute_routes.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/api/register_execute_routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,SAAS,MAAM,oBAAoB,CAAC;AAK3C,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAC5F,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,sCAAsC,CAAC;AAO5E,SAAS,oBAAoB,CAAC,OAAgB,EAAE,GAAY;IAC1D,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO;YACL,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,8CAA8C,EAAE,SAAS,EAAE,KAAK,EAAE;SAC7G,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QAC1B,OAAO;YACL,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,sCAAsC,EAAE,SAAS,EAAE,KAAK,EAAE;SACtG,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1E,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,IAAI,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,sDAAsD,EAAE,SAAS,EAAE,KAAK,EAAE;aACjH,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAaD,SAAS,aAAa,CAAC,GAAY;IACjC,OAAQ,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;WACnE,GAAG,CAAC,MAAM,CAAC,aAAa;WACxB,SAAS,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAsB;IAC1D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC;IACxH,MAAM,WAAW,GAAG,MAAM,CAAC,wBAAwB,IAAI,MAAM,CAAC,kBAAkB,CAAC;IACjF,MAAM,UAAU,GAAG,MAAM,CAAC,uBAAuB,IAAI,MAAM,CAAC,kBAAkB,CAAC;IAE/E,MAAM,WAAW,GAAG,iBAAiB,CACnC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAC5D,CAAC;IAEF,MAAM,aAAa,GAAG,SAAS,CAAC;QAC9B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU;QACnE,eAAe,EAAE,IAAI;QACrB,aAAa,EAAE,KAAK;QACpB,YAAY,EAAE,aAAa;QAC3B,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,uCAAuC,EAAE,SAAS,EAAE,IAAI,EAAE;KACrG,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,aAAa,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAClF,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAuB,CAAC;QAC9D,MAAM,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,IAA0C,CAAC;QAEpF,MAAM,eAAe,GAAG,oBAAoB,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,eAAe,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,yDAAyD;QACzD,MAAM,OAAO,GAAG,UAAW,CAAC;QAE5B,MAAM,UAAU,GAAG,mBAAmB,CAAC,WAAW,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACzD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC;QAE7C,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,SAAS;YACf,SAAS;YACT,OAAO;YACP,UAAU;YACV,EAAE;SACH,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,oBAAoB,CAAC;YAChC,OAAO;YACP,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,iBAAiB;YACjB,aAAa;SACd,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YACtC,wEAAwE;YACxE,yEAAyE;YACzE,wEAAwE;YACxE,0CAA0C;YAC1C,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,QAAQ;gBACd,SAAS;gBACT,OAAO;gBACP,KAAK,EAAE,UAAU,IAAI,CAAC,KAAK,6BAA6B;aACzD,CAAC,CAAC;YACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,0BAA0B;gBAChC,OAAO,EAAE,UAAU,IAAI,CAAC,KAAK,sDAAsD,IAAI,CAAC,KAAK,YAAY;gBACzG,SAAS,EAAE,KAAK;aACO,CAAC,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,QAAQ,CAAC,MAAM,CAAC;YACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,YAAY;YAClB,SAAS;YACT,OAAO;YACP,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;QAEH,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;QAE5B,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;YACrG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,oCAAoC;gBAC7C,SAAS,EAAE,KAAK;aACO,CAAC,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACnC,QAAQ,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;YAC3H,MAAM,eAAe,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;YACtF,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;YACpC,QAAQ,CAAC,MAAM,CAAC;gBACd,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBAC5B,IAAI,EAAE,gBAAgB;gBACtB,SAAS;gBACT,OAAO;gBACP,QAAQ,EAAE,QAAQ;gBAClB,GAAG,UAAU;aACd,CAAC,CAAC;YACH,MAAM,eAAe,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC,CAAC;YACtF,OAAO;QACT,CAAC;QAED,iCAAiC;QACjC,MAAM,oBAAoB,CAAC;YACzB,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM;YAC/C,eAAe,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG;SACzD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
import { findAliasArgsBypass, resolveAlias } from './resolve_alias.js';
|
|
2
|
+
/**
|
|
3
|
+
* Pure decision function — no audit writes, no HTTP, no I/O side effects.
|
|
4
|
+
*
|
|
5
|
+
* Order of checks (invariant; ADR-009):
|
|
6
|
+
* 1. Alias-args bypass detection — reject commands that look like alias
|
|
7
|
+
* invocations with arguments so they never fall through to a rule match.
|
|
8
|
+
* 2. Alias resolution for audit enrichment.
|
|
9
|
+
* 3. Command-rule match → deny / always-approve / manual-approve branch.
|
|
10
|
+
* 4. For `manual_approve`, probe the approval store for an existing cached
|
|
11
|
+
* approval before asking a human.
|
|
12
|
+
*/
|
|
13
|
+
export function resolveExecutionPlan(deps) {
|
|
14
|
+
const { command, aliases, commandRulesStore, approvalStore } = deps;
|
|
15
|
+
const aliasBypass = findAliasArgsBypass(command, aliases);
|
|
16
|
+
if (aliasBypass) {
|
|
17
|
+
return { kind: 'alias-args-bypass', alias: aliasBypass };
|
|
18
|
+
}
|
|
19
|
+
const resolved = resolveAlias(command, aliases);
|
|
20
|
+
const aliasAudit = resolved
|
|
21
|
+
? { aliasPath: resolved.path, aliasType: resolved.type }
|
|
22
|
+
: {};
|
|
23
|
+
const ruleMatch = commandRulesStore.matchRule(command);
|
|
24
|
+
const ruleAction = ruleMatch.action;
|
|
25
|
+
if (ruleAction === 'always_deny') {
|
|
26
|
+
return { kind: 'rule-deny', aliasAudit, ruleAction };
|
|
27
|
+
}
|
|
28
|
+
if (ruleAction === 'always_approve') {
|
|
29
|
+
return { kind: 'always-approve', aliasAudit, ruleAction };
|
|
30
|
+
}
|
|
31
|
+
// manual_approve — check cached approval first.
|
|
32
|
+
if (approvalStore.findApproval(command)) {
|
|
33
|
+
return { kind: 'cached-approval', aliasAudit, ruleAction };
|
|
34
|
+
}
|
|
35
|
+
return { kind: 'manual-approve', aliasAudit, ruleAction };
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=resolve_execution_plan.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve_execution_plan.js","sourceRoot":"","sources":["../../../../../server/src/domains/command-gateway/service/resolve_execution_plan.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AA0BvE;;;;;;;;;;GAUG;AACH,MAAM,UAAU,oBAAoB,CAAC,IAA8B;IACjE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;IAEpE,MAAM,WAAW,GAAG,mBAAmB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1D,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;IAC3D,CAAC;IAED,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,UAAU,GAAe,QAAQ;QACrC,CAAC,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;QACxD,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,SAAS,GAAG,iBAAiB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC;IAEpC,IAAI,UAAU,KAAK,aAAa,EAAE,CAAC;QACjC,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;IACvD,CAAC;IACD,IAAI,UAAU,KAAK,gBAAgB,EAAE,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;IAC5D,CAAC;IAED,gDAAgD;IAChD,IAAI,aAAa,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;QACxC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;IAC7D,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AAC5D,CAAC"}
|
|
@@ -19,111 +19,185 @@ export async function authorizeProxyRequest(req, deps) {
|
|
|
19
19
|
// analyzer from painting `port`/`method`/`path` as derived from the
|
|
20
20
|
// header-configuration fields (`apiKeyHeader`, `apiKeyPrefix`), which are
|
|
21
21
|
// only header *names*, not credentials.
|
|
22
|
-
const
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
22
|
+
const ctx = {
|
|
23
|
+
requestId,
|
|
24
|
+
port: mapping.port,
|
|
25
|
+
method: req.method ?? 'GET',
|
|
26
|
+
path: req.url ?? '/',
|
|
27
|
+
ip: callerIp(req),
|
|
28
|
+
};
|
|
29
|
+
const headerCheck = stepAuthModeAndHeader(authMode, mapping, audit, ctx);
|
|
30
|
+
if (headerCheck.kind === 'decided')
|
|
31
|
+
return headerCheck.decision;
|
|
32
|
+
const credentialCheck = stepExtractAndValidate(req, headerCheck.value.headerName, mapping.apiKeyPrefix, validator, audit, ctx);
|
|
33
|
+
if (credentialCheck.kind === 'decided')
|
|
34
|
+
return credentialCheck.decision;
|
|
35
|
+
const apiKeyGate = stepApiKeyShortCircuit(authMode, credentialCheck.value, audit, ctx);
|
|
36
|
+
if (apiKeyGate.kind === 'decided')
|
|
37
|
+
return apiKeyGate.decision;
|
|
38
|
+
return stepApproval(apiKeyGate.value, mapping, approvalRequester, cache, audit, ctx);
|
|
39
|
+
}
|
|
40
|
+
/**
|
|
41
|
+
* Step 1 — authMode + header config gate.
|
|
42
|
+
*
|
|
43
|
+
* - `authMode === 'none'` passes immediately (no credential required).
|
|
44
|
+
* - Any auth mode requires `apiKeyHeader`; if it is missing, fail closed
|
|
45
|
+
* with a 500. The config loader should already have rejected this shape,
|
|
46
|
+
* but we double-check here because the cost of a silent pass is high.
|
|
47
|
+
*/
|
|
48
|
+
function stepAuthModeAndHeader(authMode, mapping, audit, ctx) {
|
|
26
49
|
if (authMode === 'none') {
|
|
27
|
-
return { kind: 'pass', requestId };
|
|
50
|
+
return { kind: 'decided', decision: { kind: 'pass', requestId: ctx.requestId } };
|
|
28
51
|
}
|
|
29
52
|
const headerName = mapping.apiKeyHeader;
|
|
30
53
|
if (headerName === undefined) {
|
|
31
|
-
// Config loader should reject this, but fail closed if we ever see it.
|
|
32
54
|
recordAudit(audit, {
|
|
33
|
-
type: 'proxy_auth_denied', requestId
|
|
55
|
+
type: 'proxy_auth_denied', requestId: ctx.requestId,
|
|
56
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip,
|
|
34
57
|
reason: 'apiKeyHeader not configured',
|
|
35
58
|
});
|
|
36
59
|
return {
|
|
37
|
-
kind: '
|
|
38
|
-
|
|
39
|
-
|
|
60
|
+
kind: 'decided',
|
|
61
|
+
decision: {
|
|
62
|
+
kind: 'reject', requestId: ctx.requestId,
|
|
63
|
+
status: 500, code: 'misconfigured',
|
|
64
|
+
message: 'Proxy mapping is misconfigured (apiKeyHeader missing).',
|
|
65
|
+
},
|
|
40
66
|
};
|
|
41
67
|
}
|
|
68
|
+
return { kind: 'continue', value: { headerName } };
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Step 2 — extract the credential and resolve it to an identity.
|
|
72
|
+
*
|
|
73
|
+
* Covers three failure modes:
|
|
74
|
+
* - no validator wired (misconfiguration → 500),
|
|
75
|
+
* - header missing/malformed (401),
|
|
76
|
+
* - token unknown to the validator (401).
|
|
77
|
+
*/
|
|
78
|
+
function stepExtractAndValidate(req, headerName, prefix, validator, audit, ctx) {
|
|
42
79
|
if (!validator) {
|
|
43
80
|
recordAudit(audit, {
|
|
44
|
-
type: 'proxy_auth_denied', requestId
|
|
81
|
+
type: 'proxy_auth_denied', requestId: ctx.requestId,
|
|
82
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip,
|
|
45
83
|
reason: 'no validator wired',
|
|
46
84
|
});
|
|
47
85
|
return {
|
|
48
|
-
kind: '
|
|
49
|
-
|
|
50
|
-
|
|
86
|
+
kind: 'decided',
|
|
87
|
+
decision: {
|
|
88
|
+
kind: 'reject', requestId: ctx.requestId,
|
|
89
|
+
status: 500, code: 'misconfigured',
|
|
90
|
+
message: 'Proxy auth is configured but no token validator is available.',
|
|
91
|
+
},
|
|
51
92
|
};
|
|
52
93
|
}
|
|
53
|
-
const rawToken = extractToken(req, headerName,
|
|
94
|
+
const rawToken = extractToken(req, headerName, prefix);
|
|
54
95
|
if (rawToken === undefined) {
|
|
55
96
|
recordAudit(audit, {
|
|
56
|
-
type: 'proxy_auth_denied', requestId
|
|
97
|
+
type: 'proxy_auth_denied', requestId: ctx.requestId,
|
|
98
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip,
|
|
57
99
|
reason: 'missing or malformed header',
|
|
58
100
|
});
|
|
59
101
|
return {
|
|
60
|
-
kind: '
|
|
61
|
-
|
|
62
|
-
|
|
102
|
+
kind: 'decided',
|
|
103
|
+
decision: {
|
|
104
|
+
kind: 'reject', requestId: ctx.requestId,
|
|
105
|
+
status: 401, code: 'unauthorized',
|
|
106
|
+
message: 'Missing or malformed authentication header.',
|
|
107
|
+
},
|
|
63
108
|
};
|
|
64
109
|
}
|
|
65
110
|
const identity = validator.validate(rawToken);
|
|
66
111
|
if (!identity) {
|
|
67
112
|
recordAudit(audit, {
|
|
68
|
-
type: 'proxy_auth_denied', requestId
|
|
113
|
+
type: 'proxy_auth_denied', requestId: ctx.requestId,
|
|
114
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip,
|
|
69
115
|
reason: 'invalid token',
|
|
70
116
|
});
|
|
71
117
|
return {
|
|
72
|
-
kind: '
|
|
73
|
-
|
|
74
|
-
|
|
118
|
+
kind: 'decided',
|
|
119
|
+
decision: {
|
|
120
|
+
kind: 'reject', requestId: ctx.requestId,
|
|
121
|
+
status: 401, code: 'unauthorized',
|
|
122
|
+
message: 'Invalid authentication token.',
|
|
123
|
+
},
|
|
75
124
|
};
|
|
76
125
|
}
|
|
126
|
+
return { kind: 'continue', value: identity };
|
|
127
|
+
}
|
|
128
|
+
/**
|
|
129
|
+
* Step 3 — `authMode === 'api-key'` passes as soon as the identity is known.
|
|
130
|
+
* For `authMode === 'api-key-telegram'` we continue into the approval stage.
|
|
131
|
+
*/
|
|
132
|
+
function stepApiKeyShortCircuit(authMode, identity, audit, ctx) {
|
|
77
133
|
if (authMode === 'api-key') {
|
|
78
134
|
recordAudit(audit, {
|
|
79
|
-
type: 'proxy_auth_ok', requestId
|
|
135
|
+
type: 'proxy_auth_ok', requestId: ctx.requestId,
|
|
136
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip, identity,
|
|
80
137
|
});
|
|
81
|
-
return {
|
|
138
|
+
return {
|
|
139
|
+
kind: 'decided',
|
|
140
|
+
decision: { kind: 'pass', requestId: ctx.requestId, keyId: identity.keyId, keyName: identity.keyName },
|
|
141
|
+
};
|
|
82
142
|
}
|
|
83
|
-
|
|
143
|
+
return { kind: 'continue', value: identity };
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Step 4 — Telegram-based human approval.
|
|
147
|
+
*
|
|
148
|
+
* Terminal for every call: either returns a decision or throws never —
|
|
149
|
+
* every approval outcome (approved / timeout / error / denied) and every
|
|
150
|
+
* misconfiguration (no requester) maps to a concrete `ProxyAuthDecision`.
|
|
151
|
+
* Cache hits bypass the approval channel entirely.
|
|
152
|
+
*/
|
|
153
|
+
async function stepApproval(identity, mapping, approvalRequester, cache, audit, ctx) {
|
|
84
154
|
if (!approvalRequester) {
|
|
85
155
|
recordAudit(audit, {
|
|
86
|
-
type: 'proxy_approval_error', requestId
|
|
156
|
+
type: 'proxy_approval_error', requestId: ctx.requestId,
|
|
157
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip, identity,
|
|
87
158
|
reason: 'no approval requester wired',
|
|
88
159
|
});
|
|
89
160
|
return {
|
|
90
|
-
kind: 'reject', requestId,
|
|
161
|
+
kind: 'reject', requestId: ctx.requestId,
|
|
91
162
|
status: 500, code: 'misconfigured',
|
|
92
163
|
message: 'Telegram approval is configured but no approval channel is available.',
|
|
93
164
|
};
|
|
94
165
|
}
|
|
95
|
-
const cacheKey = { keyId: identity.keyId, port };
|
|
166
|
+
const cacheKey = { keyId: identity.keyId, port: ctx.port };
|
|
96
167
|
if (cache?.has(cacheKey)) {
|
|
97
168
|
recordAudit(audit, {
|
|
98
|
-
type: 'proxy_approval_approved', requestId
|
|
169
|
+
type: 'proxy_approval_approved', requestId: ctx.requestId,
|
|
170
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip, identity, source: 'cache',
|
|
99
171
|
});
|
|
100
|
-
return { kind: 'pass', requestId, keyId: identity.keyId, keyName: identity.keyName };
|
|
172
|
+
return { kind: 'pass', requestId: ctx.requestId, keyId: identity.keyId, keyName: identity.keyName };
|
|
101
173
|
}
|
|
102
174
|
const approvalCtx = {
|
|
103
|
-
port,
|
|
175
|
+
port: ctx.port,
|
|
104
176
|
baseUrl: mapping.baseUrl,
|
|
105
|
-
method,
|
|
106
|
-
path,
|
|
177
|
+
method: ctx.method,
|
|
178
|
+
path: ctx.path,
|
|
107
179
|
keyId: identity.keyId,
|
|
108
180
|
keyName: identity.keyName,
|
|
109
|
-
ip,
|
|
110
|
-
requestId,
|
|
181
|
+
ip: ctx.ip,
|
|
182
|
+
requestId: ctx.requestId,
|
|
111
183
|
};
|
|
112
184
|
recordAudit(audit, {
|
|
113
|
-
type: 'proxy_approval_requested', requestId
|
|
185
|
+
type: 'proxy_approval_requested', requestId: ctx.requestId,
|
|
186
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip, identity,
|
|
114
187
|
});
|
|
115
188
|
let outcome;
|
|
116
189
|
try {
|
|
117
190
|
outcome = await approvalRequester.request(approvalCtx);
|
|
118
191
|
}
|
|
119
192
|
catch (err) {
|
|
120
|
-
log.error({ err, requestId, port }, 'Approval requester threw');
|
|
193
|
+
log.error({ err, requestId: ctx.requestId, port: ctx.port }, 'Approval requester threw');
|
|
121
194
|
recordAudit(audit, {
|
|
122
|
-
type: 'proxy_approval_error', requestId
|
|
195
|
+
type: 'proxy_approval_error', requestId: ctx.requestId,
|
|
196
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip, identity,
|
|
123
197
|
reason: err instanceof Error ? err.message : 'approval error',
|
|
124
198
|
});
|
|
125
199
|
return {
|
|
126
|
-
kind: 'reject', requestId,
|
|
200
|
+
kind: 'reject', requestId: ctx.requestId,
|
|
127
201
|
status: 503, code: 'approval_error',
|
|
128
202
|
message: 'Approval channel failed.',
|
|
129
203
|
};
|
|
@@ -132,37 +206,41 @@ export async function authorizeProxyRequest(req, deps) {
|
|
|
132
206
|
const ttl = mapping.telegramApprovalTtlSeconds ?? DEFAULT_PROXY_APPROVAL_TTL_SECONDS;
|
|
133
207
|
cache?.set(cacheKey, ttl);
|
|
134
208
|
recordAudit(audit, {
|
|
135
|
-
type: 'proxy_approval_approved', requestId
|
|
209
|
+
type: 'proxy_approval_approved', requestId: ctx.requestId,
|
|
210
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip, identity, source: 'telegram',
|
|
136
211
|
});
|
|
137
|
-
return { kind: 'pass', requestId, keyId: identity.keyId, keyName: identity.keyName };
|
|
212
|
+
return { kind: 'pass', requestId: ctx.requestId, keyId: identity.keyId, keyName: identity.keyName };
|
|
138
213
|
}
|
|
139
214
|
if (outcome === 'timeout') {
|
|
140
215
|
recordAudit(audit, {
|
|
141
|
-
type: 'proxy_approval_timeout', requestId
|
|
216
|
+
type: 'proxy_approval_timeout', requestId: ctx.requestId,
|
|
217
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip, identity,
|
|
142
218
|
});
|
|
143
219
|
return {
|
|
144
|
-
kind: 'reject', requestId,
|
|
220
|
+
kind: 'reject', requestId: ctx.requestId,
|
|
145
221
|
status: 408, code: 'approval_timeout',
|
|
146
222
|
message: 'Approval timed out.',
|
|
147
223
|
};
|
|
148
224
|
}
|
|
149
225
|
if (outcome === 'error') {
|
|
150
226
|
recordAudit(audit, {
|
|
151
|
-
type: 'proxy_approval_error', requestId
|
|
227
|
+
type: 'proxy_approval_error', requestId: ctx.requestId,
|
|
228
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip, identity,
|
|
152
229
|
reason: 'approval channel error',
|
|
153
230
|
});
|
|
154
231
|
return {
|
|
155
|
-
kind: 'reject', requestId,
|
|
232
|
+
kind: 'reject', requestId: ctx.requestId,
|
|
156
233
|
status: 503, code: 'approval_error',
|
|
157
234
|
message: 'Approval channel failed.',
|
|
158
235
|
};
|
|
159
236
|
}
|
|
160
237
|
// outcome === 'denied'
|
|
161
238
|
recordAudit(audit, {
|
|
162
|
-
type: 'proxy_approval_denied', requestId
|
|
239
|
+
type: 'proxy_approval_denied', requestId: ctx.requestId,
|
|
240
|
+
port: ctx.port, method: ctx.method, path: ctx.path, ip: ctx.ip, identity,
|
|
163
241
|
});
|
|
164
242
|
return {
|
|
165
|
-
kind: 'reject', requestId,
|
|
243
|
+
kind: 'reject', requestId: ctx.requestId,
|
|
166
244
|
status: 403, code: 'forbidden',
|
|
167
245
|
message: 'Approval denied.',
|
|
168
246
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proxy_auth.js","sourceRoot":"","sources":["../../../../../server/src/domains/request-proxy/service/proxy_auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAUzC,OAAO,EAAE,kCAAkC,EAAE,MAAM,yBAAyB,CAAC;AAE7E,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;AAgB5C;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAyB,EACzB,IAAmB;IAEnB,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC;IACxF,MAAM,SAAS,GAAG,iBAAiB,CAAC,CAAC,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC;IACzE,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,MAAM,CAAC;IAE5C,wEAAwE;IACxE,0EAA0E;IAC1E,oEAAoE;IACpE,0EAA0E;IAC1E,wCAAwC;IACxC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC;IACnC,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;IAC5B,MAAM,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;IAEzB,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IACrC,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC;IACxC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,uEAAuE;QACvE,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,mBAAmB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;YAC5D,MAAM,EAAE,6BAA6B;SACtC,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS;YACzB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe;YAClC,OAAO,EAAE,wDAAwD;SAClE,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,mBAAmB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;YAC5D,MAAM,EAAE,oBAAoB;SAC7B,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS;YACzB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe;YAClC,OAAO,EAAE,+DAA+D;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IACrE,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,mBAAmB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;YAC5D,MAAM,EAAE,6BAA6B;SACtC,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS;YACzB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,cAAc;YACjC,OAAO,EAAE,6CAA6C;SACvD,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,mBAAmB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;YAC5D,MAAM,EAAE,eAAe;SACxB,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS;YACzB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,cAAc;YACjC,OAAO,EAAE,+BAA+B;SACzC,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ;SACnE,CAAC,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC;IACvF,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,sBAAsB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ;YACzE,MAAM,EAAE,6BAA6B;SACtC,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS;YACzB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe;YAClC,OAAO,EAAE,uEAAuE;SACjF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;IACjD,IAAI,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,yBAAyB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO;SAC9F,CAAC,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC;IACvF,CAAC;IAED,MAAM,WAAW,GAAyB;QACxC,IAAI;QACJ,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM;QACN,IAAI;QACJ,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,EAAE;QACF,SAAS;KACV,CAAC;IAEF,WAAW,CAAC,KAAK,EAAE;QACjB,IAAI,EAAE,0BAA0B,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ;KAC9E,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,0BAA0B,CAAC,CAAC;QAChE,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,sBAAsB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ;YACzE,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SAC9D,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS;YACzB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,gBAAgB;YACnC,OAAO,EAAE,0BAA0B;SACpC,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,OAAO,CAAC,0BAA0B,IAAI,kCAAkC,CAAC;QACrF,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC1B,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,yBAAyB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU;SACjG,CAAC,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC;IACvF,CAAC;IAED,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,wBAAwB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ;SAC5E,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS;YACzB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,kBAAkB;YACrC,OAAO,EAAE,qBAAqB;SAC/B,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,sBAAsB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ;YACzE,MAAM,EAAE,wBAAwB;SACjC,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS;YACzB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,gBAAgB;YACnC,OAAO,EAAE,0BAA0B;SACpC,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,WAAW,CAAC,KAAK,EAAE;QACjB,IAAI,EAAE,uBAAuB,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ;KAC3E,CAAC,CAAC;IACH,OAAO;QACL,IAAI,EAAE,QAAQ,EAAE,SAAS;QACzB,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW;QAC9B,OAAO,EAAE,kBAAkB;KAC5B,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,YAAY,CACnB,GAAyB,EACzB,UAAkB,EAClB,MAA0B;IAE1B,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACvC,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAChD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAEtE,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;YAAE,OAAO,SAAS,CAAC;QAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IACpD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,SAAS,QAAQ,CAAC,GAAyB;IACzC,OAAO,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,SAAS,CAAC;AAChD,CAAC;AAcD,SAAS,WAAW,CAAC,IAAgC,EAAE,IAAe;IACpE,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,KAAK,GAAoB;QAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK;QAC3B,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO;QAC/B,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC;IACF,IAAI,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,oCAAoC,CAAC,CAAC;IACrF,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"proxy_auth.js","sourceRoot":"","sources":["../../../../../server/src/domains/request-proxy/service/proxy_auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAUzC,OAAO,EAAE,kCAAkC,EAAE,MAAM,yBAAyB,CAAC;AAE7E,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D,MAAM,GAAG,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;AAqC5C;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,GAAyB,EACzB,IAAmB;IAEnB,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC;IACxF,MAAM,SAAS,GAAG,iBAAiB,CAAC,CAAC,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC;IACzE,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,MAAM,CAAC;IAE5C,wEAAwE;IACxE,0EAA0E;IAC1E,oEAAoE;IACpE,0EAA0E;IAC1E,wCAAwC;IACxC,MAAM,GAAG,GAAY;QACnB,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,KAAK;QAC3B,IAAI,EAAE,GAAG,CAAC,GAAG,IAAI,GAAG;QACpB,EAAE,EAAE,QAAQ,CAAC,GAAG,CAAC;KAClB,CAAC;IAEF,MAAM,WAAW,GAAG,qBAAqB,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACzE,IAAI,WAAW,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,WAAW,CAAC,QAAQ,CAAC;IAEhE,MAAM,eAAe,GAAG,sBAAsB,CAC5C,GAAG,EAAE,WAAW,CAAC,KAAK,CAAC,UAAU,EAAE,OAAO,CAAC,YAAY,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,CAC/E,CAAC;IACF,IAAI,eAAe,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,eAAe,CAAC,QAAQ,CAAC;IAExE,MAAM,UAAU,GAAG,sBAAsB,CAAC,QAAQ,EAAE,eAAe,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IACvF,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,UAAU,CAAC,QAAQ,CAAC;IAE9D,OAAO,YAAY,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;AACvF,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,qBAAqB,CAC5B,QAA2C,EAC3C,OAAqB,EACrB,KAAiC,EACjC,GAAY;IAEZ,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC;IACnF,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC;IACxC,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,mBAAmB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACnD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE;YAC9D,MAAM,EAAE,6BAA6B;SACtC,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe;gBAClC,OAAO,EAAE,wDAAwD;aAClE;SACF,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,UAAU,EAAE,EAAE,CAAC;AACrD,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,sBAAsB,CAC7B,GAAyB,EACzB,UAAkB,EAClB,MAA0B,EAC1B,SAA0C,EAC1C,KAAiC,EACjC,GAAY;IAEZ,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,mBAAmB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACnD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE;YAC9D,MAAM,EAAE,oBAAoB;SAC7B,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe;gBAClC,OAAO,EAAE,+DAA+D;aACzE;SACF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;IACvD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,mBAAmB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACnD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE;YAC9D,MAAM,EAAE,6BAA6B;SACtC,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,cAAc;gBACjC,OAAO,EAAE,6CAA6C;aACvD;SACF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,mBAAmB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACnD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE;YAC9D,MAAM,EAAE,eAAe;SACxB,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,cAAc;gBACjC,OAAO,EAAE,+BAA+B;aACzC;SACF,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAC7B,QAA2C,EAC3C,QAAkB,EAClB,KAAiC,EACjC,GAAY;IAEZ,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YAC/C,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,QAAQ;SACzE,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,SAAS;YACf,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE;SACvG,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC/C,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,YAAY,CACzB,QAAkB,EAClB,OAAqB,EACrB,iBAAqD,EACrD,KAAqC,EACrC,KAAiC,EACjC,GAAY;IAEZ,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,sBAAsB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACtD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,QAAQ;YACxE,MAAM,EAAE,6BAA6B;SACtC,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACxC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe;YAClC,OAAO,EAAE,uEAAuE;SACjF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC;IAC3D,IAAI,KAAK,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,yBAAyB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACzD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO;SAC1F,CAAC,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC;IACtG,CAAC;IAED,MAAM,WAAW,GAAyB;QACxC,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAC;IAEF,WAAW,CAAC,KAAK,EAAE;QACjB,IAAI,EAAE,0BAA0B,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;QAC1D,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,QAAQ;KACzE,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,0BAA0B,CAAC,CAAC;QACzF,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,sBAAsB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACtD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,QAAQ;YACxE,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SAC9D,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACxC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,gBAAgB;YACnC,OAAO,EAAE,0BAA0B;SACpC,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,OAAO,CAAC,0BAA0B,IAAI,kCAAkC,CAAC;QACrF,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC1B,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,yBAAyB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACzD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU;SAC7F,CAAC,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC;IACtG,CAAC;IAED,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,wBAAwB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACxD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,QAAQ;SACzE,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACxC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,kBAAkB;YACrC,OAAO,EAAE,qBAAqB;SAC/B,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,WAAW,CAAC,KAAK,EAAE;YACjB,IAAI,EAAE,sBAAsB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACtD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,QAAQ;YACxE,MAAM,EAAE,wBAAwB;SACjC,CAAC,CAAC;QACH,OAAO;YACL,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;YACxC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,gBAAgB;YACnC,OAAO,EAAE,0BAA0B;SACpC,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,WAAW,CAAC,KAAK,EAAE;QACjB,IAAI,EAAE,uBAAuB,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;QACvD,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,QAAQ;KACzE,CAAC,CAAC;IACH,OAAO;QACL,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS;QACxC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW;QAC9B,OAAO,EAAE,kBAAkB;KAC5B,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAS,YAAY,CACnB,GAAyB,EACzB,UAAkB,EAClB,MAA0B;IAE1B,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACvC,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAChD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAEtE,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC;YAAE,OAAO,SAAS,CAAC;QAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IACpD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,SAAS,QAAQ,CAAC,GAAyB;IACzC,OAAO,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,SAAS,CAAC;AAChD,CAAC;AAcD,SAAS,WAAW,CAAC,IAAgC,EAAE,IAAe;IACpE,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,KAAK,GAAoB;QAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK;QAC3B,OAAO,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO;QAC/B,EAAE,EAAE,IAAI,CAAC,EAAE;QACX,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC;IACF,IAAI,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,EAAE,oCAAoC,CAAC,CAAC;IACrF,CAAC;AACH,CAAC"}
|