oidc-spa 7.1.10 → 7.2.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (172) hide show
  1. package/backend.js +235 -352
  2. package/backend.js.map +1 -1
  3. package/core/AuthResponse.js +12 -49
  4. package/core/AuthResponse.js.map +1 -1
  5. package/core/Oidc.d.ts +1 -2
  6. package/core/OidcInitializationError.d.ts +2 -2
  7. package/core/OidcInitializationError.js +230 -297
  8. package/core/OidcInitializationError.js.map +1 -1
  9. package/core/OidcMetadata.js +1 -1
  10. package/core/OidcMetadata.js.map +1 -1
  11. package/core/StateData.d.ts +5 -5
  12. package/core/StateData.js +25 -25
  13. package/core/StateData.js.map +1 -1
  14. package/core/configId.js +1 -1
  15. package/core/configId.js.map +1 -1
  16. package/core/createOidc.d.ts +8 -0
  17. package/core/createOidc.js +999 -1294
  18. package/core/createOidc.js.map +1 -1
  19. package/core/evtIsUserActive.js +26 -27
  20. package/core/evtIsUserActive.js.map +1 -1
  21. package/core/handleOidcCallback.js +99 -154
  22. package/core/handleOidcCallback.js.map +1 -1
  23. package/core/iframeMessageProtection.d.ts +1 -1
  24. package/core/iframeMessageProtection.js +40 -106
  25. package/core/iframeMessageProtection.js.map +1 -1
  26. package/core/index.d.ts +1 -1
  27. package/core/index.js +3 -3
  28. package/core/index.js.map +1 -1
  29. package/core/initialLocationHref.js +1 -1
  30. package/core/initialLocationHref.js.map +1 -1
  31. package/core/isNewBrowserSession.js +8 -8
  32. package/core/isNewBrowserSession.js.map +1 -1
  33. package/core/loginOrGoToAuthServer.d.ts +1 -1
  34. package/core/loginOrGoToAuthServer.js +188 -310
  35. package/core/loginOrGoToAuthServer.js.map +1 -1
  36. package/core/loginPropagationToOtherTabs.js +15 -16
  37. package/core/loginPropagationToOtherTabs.js.map +1 -1
  38. package/core/loginSilent.d.ts +2 -3
  39. package/core/loginSilent.js +118 -214
  40. package/core/loginSilent.js.map +1 -1
  41. package/core/logoutPropagationToOtherTabs.js +15 -16
  42. package/core/logoutPropagationToOtherTabs.js.map +1 -1
  43. package/core/oidcClientTsUserToTokens.d.ts +1 -1
  44. package/core/oidcClientTsUserToTokens.js +75 -72
  45. package/core/oidcClientTsUserToTokens.js.map +1 -1
  46. package/core/ongoingLoginOrRefreshProcesses.js +23 -89
  47. package/core/ongoingLoginOrRefreshProcesses.js.map +1 -1
  48. package/core/persistedAuthState.js +13 -13
  49. package/core/persistedAuthState.js.map +1 -1
  50. package/entrypoint.js +9 -9
  51. package/entrypoint.js.map +1 -1
  52. package/index.d.ts +1 -1
  53. package/index.js +1 -2
  54. package/index.js.map +1 -1
  55. package/keycloak/index.d.ts +3 -0
  56. package/keycloak/index.js +8 -0
  57. package/keycloak/index.js.map +1 -0
  58. package/keycloak/isKeycloak.d.ts +3 -0
  59. package/keycloak/isKeycloak.js +20 -0
  60. package/keycloak/isKeycloak.js.map +1 -0
  61. package/keycloak/keycloak-js/Keycloak.d.ts +284 -0
  62. package/keycloak/keycloak-js/Keycloak.js +778 -0
  63. package/keycloak/keycloak-js/Keycloak.js.map +1 -0
  64. package/keycloak/keycloak-js/index.d.ts +2 -0
  65. package/keycloak/keycloak-js/index.js +6 -0
  66. package/keycloak/keycloak-js/index.js.map +1 -0
  67. package/keycloak/keycloak-js/types.d.ts +361 -0
  68. package/keycloak/keycloak-js/types.js +3 -0
  69. package/keycloak/keycloak-js/types.js.map +1 -0
  70. package/keycloak/keycloakIssuerUriParsed.d.ts +9 -0
  71. package/keycloak/keycloakIssuerUriParsed.js +19 -0
  72. package/keycloak/keycloakIssuerUriParsed.js.map +1 -0
  73. package/keycloak/keycloakUtils.d.ts +37 -0
  74. package/keycloak/keycloakUtils.js +47 -0
  75. package/keycloak/keycloakUtils.js.map +1 -0
  76. package/keycloak-js.d.ts +1 -0
  77. package/keycloak-js.js +18 -0
  78. package/keycloak-js.js.map +1 -0
  79. package/mock/oidc.js +147 -194
  80. package/mock/oidc.js.map +1 -1
  81. package/mock/react.js +2 -2
  82. package/mock/react.js.map +1 -1
  83. package/package.json +38 -9
  84. package/react/react.js +133 -244
  85. package/react/react.js.map +1 -1
  86. package/src/core/AuthResponse.ts +2 -0
  87. package/src/core/Oidc.ts +1 -2
  88. package/src/core/OidcInitializationError.ts +30 -30
  89. package/src/core/OidcMetadata.ts +1 -1
  90. package/src/core/StateData.ts +24 -24
  91. package/src/core/createOidc.ts +24 -31
  92. package/src/core/handleOidcCallback.ts +44 -23
  93. package/src/core/iframeMessageProtection.ts +7 -7
  94. package/src/core/index.ts +1 -1
  95. package/src/core/loginOrGoToAuthServer.ts +1 -1
  96. package/src/core/loginSilent.ts +14 -11
  97. package/src/core/oidcClientTsUserToTokens.ts +1 -1
  98. package/src/index.ts +1 -7
  99. package/src/keycloak/index.ts +8 -0
  100. package/src/keycloak/isKeycloak.ts +23 -0
  101. package/src/keycloak/keycloak-js/Keycloak.ts +1097 -0
  102. package/src/keycloak/keycloak-js/index.ts +2 -0
  103. package/src/keycloak/keycloak-js/types.ts +442 -0
  104. package/src/keycloak/keycloakIssuerUriParsed.ts +29 -0
  105. package/src/keycloak/keycloakUtils.ts +90 -0
  106. package/src/keycloak-js.ts +1 -0
  107. package/src/react/react.tsx +17 -1
  108. package/src/tools/decodeJwt.ts +95 -2
  109. package/src/tools/parseKeycloakIssuerUri.ts +11 -30
  110. package/src/vendor/frontend/oidc-client-ts.ts +1 -0
  111. package/src/vendor/frontend/tsafe.ts +1 -0
  112. package/tools/Deferred.js +13 -35
  113. package/tools/Deferred.js.map +1 -1
  114. package/tools/EphemeralSessionStorage.js +46 -48
  115. package/tools/EphemeralSessionStorage.js.map +1 -1
  116. package/tools/Evt.js +14 -14
  117. package/tools/Evt.js.map +1 -1
  118. package/tools/StatefulEvt.js +5 -5
  119. package/tools/StatefulEvt.js.map +1 -1
  120. package/tools/asymmetricEncryption.js +81 -172
  121. package/tools/asymmetricEncryption.js.map +1 -1
  122. package/tools/base64.js +2 -2
  123. package/tools/base64.js.map +1 -1
  124. package/tools/createObjectThatThrowsIfAccessed.js +13 -61
  125. package/tools/createObjectThatThrowsIfAccessed.js.map +1 -1
  126. package/tools/decodeJwt.d.ts +25 -2
  127. package/tools/decodeJwt.js +61 -3
  128. package/tools/decodeJwt.js.map +1 -1
  129. package/tools/generateUrlSafeRandom.js +5 -30
  130. package/tools/generateUrlSafeRandom.js.map +1 -1
  131. package/tools/getDownlinkAndRtt.js +8 -30
  132. package/tools/getDownlinkAndRtt.js.map +1 -1
  133. package/tools/getIsOnline.js +3 -3
  134. package/tools/getIsOnline.js.map +1 -1
  135. package/tools/getIsValidRemoteJson.js +12 -59
  136. package/tools/getIsValidRemoteJson.js.map +1 -1
  137. package/tools/getPrUserInteraction.js +4 -4
  138. package/tools/getPrUserInteraction.js.map +1 -1
  139. package/tools/getUserEnvironmentInfo.js +17 -12
  140. package/tools/getUserEnvironmentInfo.js.map +1 -1
  141. package/tools/haveSharedParentDomain.js +5 -5
  142. package/tools/haveSharedParentDomain.js.map +1 -1
  143. package/tools/isDev.js +2 -2
  144. package/tools/isDev.js.map +1 -1
  145. package/tools/parseKeycloakIssuerUri.d.ts +2 -0
  146. package/tools/parseKeycloakIssuerUri.js +11 -42
  147. package/tools/parseKeycloakIssuerUri.js.map +1 -1
  148. package/tools/readExpirationTimeInJwt.js +4 -4
  149. package/tools/readExpirationTimeInJwt.js.map +1 -1
  150. package/tools/startCountdown.js +17 -65
  151. package/tools/startCountdown.js.map +1 -1
  152. package/tools/subscribeToUserInteraction.js +17 -66
  153. package/tools/subscribeToUserInteraction.js.map +1 -1
  154. package/tools/toFullyQualifiedUrl.js +7 -7
  155. package/tools/toFullyQualifiedUrl.js.map +1 -1
  156. package/tools/toHumanReadableDuration.js +13 -13
  157. package/tools/toHumanReadableDuration.js.map +1 -1
  158. package/tools/urlSearchParams.js +28 -50
  159. package/tools/urlSearchParams.js.map +1 -1
  160. package/tools/workerTimers.js +10 -10
  161. package/tools/workerTimers.js.map +1 -1
  162. package/vendor/frontend/oidc-client-ts.d.ts +1 -0
  163. package/vendor/frontend/oidc-client-ts.js +3686 -0
  164. package/vendor/frontend/tsafe.d.ts +1 -0
  165. package/vendor/frontend/tsafe.js +1 -1
  166. package/core/trustedFetch.d.ts +0 -2
  167. package/core/trustedFetch.js +0 -12
  168. package/core/trustedFetch.js.map +0 -1
  169. package/src/core/trustedFetch.ts +0 -9
  170. package/src/vendor/frontend/oidc-client-ts-and-jwt-decode.ts +0 -4
  171. package/vendor/frontend/oidc-client-ts-and-jwt-decode.d.ts +0 -3
  172. package/vendor/frontend/oidc-client-ts-and-jwt-decode.js +0 -3
package/backend.js CHANGED
@@ -32,363 +32,246 @@ var __importStar = (this && this.__importStar) || (function () {
32
32
  return result;
33
33
  };
34
34
  })();
35
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
36
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
37
- return new (P || (P = Promise))(function (resolve, reject) {
38
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
39
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
40
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
41
- step((generator = generator.apply(thisArg, _arguments || [])).next());
42
- });
43
- };
44
- var __generator = (this && this.__generator) || function (thisArg, body) {
45
- var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
46
- return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
47
- function verb(n) { return function (v) { return step([n, v]); }; }
48
- function step(op) {
49
- if (f) throw new TypeError("Generator is already executing.");
50
- while (g && (g = 0, op[0] && (_ = 0)), _) try {
51
- if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
52
- if (y = 0, t) op = [op[0] & 2, t.value];
53
- switch (op[0]) {
54
- case 0: case 1: t = op; break;
55
- case 4: _.label++; return { value: op[1], done: false };
56
- case 5: _.label++; y = op[1]; op = [0]; continue;
57
- case 7: op = _.ops.pop(); _.trys.pop(); continue;
58
- default:
59
- if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
60
- if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
61
- if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
62
- if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
63
- if (t[2]) _.ops.pop();
64
- _.trys.pop(); continue;
65
- }
66
- op = body.call(thisArg, _);
67
- } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
68
- if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
69
- }
70
- };
71
35
  Object.defineProperty(exports, "__esModule", { value: true });
72
36
  exports.createOidcBackend = createOidcBackend;
73
- var node_fetch_1 = require("./vendor/backend/node-fetch");
74
- var tsafe_1 = require("./vendor/backend/tsafe");
75
- var node_jose_1 = require("./vendor/backend/node-jose");
76
- var jwt = __importStar(require("./vendor/backend/jsonwebtoken"));
77
- var zod_1 = require("./vendor/backend/zod");
78
- var evt_1 = require("./vendor/backend/evt");
79
- var evt_2 = require("./vendor/backend/evt");
80
- function createOidcBackend(params) {
81
- return __awaiter(this, void 0, void 0, function () {
82
- var issuerUri, _a, decodedAccessTokenSchema, publicSigningKeys, evtInvalidSignature;
83
- var _this = this;
84
- return __generator(this, function (_b) {
85
- switch (_b.label) {
86
- case 0:
87
- issuerUri = params.issuerUri, _a = params.decodedAccessTokenSchema, decodedAccessTokenSchema = _a === void 0 ? zod_1.z.record(zod_1.z.unknown()) : _a;
88
- return [4 /*yield*/, fetchPublicSigningKeys({ issuerUri: issuerUri })];
89
- case 1:
90
- publicSigningKeys = _b.sent();
91
- evtInvalidSignature = evt_1.Evt.create();
92
- evtInvalidSignature.pipe((0, evt_2.throttleTime)(3600000)).attach(function () { return __awaiter(_this, void 0, void 0, function () {
93
- var publicSigningKeys_new;
94
- return __generator(this, function (_a) {
95
- switch (_a.label) {
96
- case 0: return [4 /*yield*/, (function callee(count) {
97
- return __awaiter(this, void 0, void 0, function () {
98
- var wrap, error_1, delayMs_1;
99
- return __generator(this, function (_a) {
100
- switch (_a.label) {
101
- case 0:
102
- _a.trys.push([0, 2, , 4]);
103
- return [4 /*yield*/, fetchPublicSigningKeys({ issuerUri: issuerUri })];
104
- case 1:
105
- wrap = _a.sent();
106
- return [3 /*break*/, 4];
107
- case 2:
108
- error_1 = _a.sent();
109
- if (count === 9) {
110
- console.warn("Failed to refresh public key and signing algorithm after ".concat(count + 1, " attempts"));
111
- return [2 /*return*/, undefined];
112
- }
113
- delayMs_1 = 1000 * Math.pow(2, count);
114
- console.warn("Failed to refresh public key and signing algorithm: ".concat(String(error_1), ", retrying in ").concat(delayMs_1, "ms"));
115
- return [4 /*yield*/, new Promise(function (resolve) { return setTimeout(resolve, delayMs_1); })];
116
- case 3:
117
- _a.sent();
118
- return [2 /*return*/, callee(count + 1)];
119
- case 4: return [2 /*return*/, wrap];
120
- }
121
- });
122
- });
123
- })(0)];
124
- case 1:
125
- publicSigningKeys_new = _a.sent();
126
- if (publicSigningKeys_new === undefined) {
127
- return [2 /*return*/];
128
- }
129
- publicSigningKeys = publicSigningKeys_new;
130
- return [2 /*return*/];
131
- }
132
- });
133
- }); });
134
- return [2 /*return*/, {
135
- verifyAndDecodeAccessToken: function (_a) {
136
- var accessToken = _a.accessToken;
137
- var kid;
138
- var alg;
139
- {
140
- var jwtHeader_b64 = accessToken.split(".")[0];
141
- var jwtHeader = void 0;
142
- try {
143
- jwtHeader = Buffer.from(jwtHeader_b64, "base64").toString("utf8");
144
- }
145
- catch (_b) {
146
- return {
147
- isValid: false,
148
- errorCase: "invalid signature",
149
- errorMessage: "Failed to decode the JWT header as a base64 string"
150
- };
151
- }
152
- var decodedHeader = void 0;
153
- try {
154
- decodedHeader = JSON.parse(jwtHeader);
155
- }
156
- catch (_c) {
157
- return {
158
- isValid: false,
159
- errorCase: "invalid signature",
160
- errorMessage: "Failed to parse the JWT header as a JSON"
161
- };
162
- }
163
- var zDecodedHeader = zod_1.z.object({
164
- kid: zod_1.z.string(),
165
- alg: zod_1.z.string()
166
- });
167
- (0, tsafe_1.assert)();
168
- try {
169
- zDecodedHeader.parse(decodedHeader);
170
- }
171
- catch (_d) {
172
- return {
173
- isValid: false,
174
- errorCase: "invalid signature",
175
- errorMessage: "The decoded JWT header does not have a kid property"
176
- };
177
- }
178
- (0, tsafe_1.assert)((0, tsafe_1.is)(decodedHeader));
179
- {
180
- var supportedAlgs = [
181
- "RS256",
182
- "RS384",
183
- "RS512",
184
- "ES256",
185
- "ES384",
186
- "ES512",
187
- "PS256",
188
- "PS384",
189
- "PS512"
190
- ];
191
- (0, tsafe_1.assert)();
192
- if (!(0, tsafe_1.isAmong)(supportedAlgs, decodedHeader.alg)) {
193
- return {
194
- isValid: false,
195
- errorCase: "invalid signature",
196
- errorMessage: "Unsupported or too week algorithm ".concat(decodedHeader.alg)
197
- };
198
- }
199
- }
200
- kid = decodedHeader.kid;
201
- alg = decodedHeader.alg;
202
- }
203
- var publicSigningKey = publicSigningKeys.find(function (publicSigningKey) { return publicSigningKey.kid === kid; });
204
- if (publicSigningKey === undefined) {
205
- return {
206
- isValid: false,
207
- errorCase: "invalid signature",
208
- errorMessage: "No public signing key found with kid ".concat(kid)
209
- };
210
- }
211
- var result = (0, tsafe_1.id)(undefined);
212
- jwt.verify(accessToken, publicSigningKey.publicKey, { algorithms: [alg] }, function (err, decoded) {
213
- invalid: {
214
- if (!err) {
215
- break invalid;
216
- }
217
- if (err.name === "TokenExpiredError") {
218
- result = (0, tsafe_1.id)({
219
- isValid: false,
220
- errorCase: "expired",
221
- errorMessage: err.message
222
- });
223
- return;
224
- }
225
- evtInvalidSignature.post();
226
- result = (0, tsafe_1.id)({
227
- isValid: false,
228
- errorCase: "invalid signature",
229
- errorMessage: err.message
230
- });
231
- return;
232
- }
233
- var decodedAccessToken;
234
- try {
235
- decodedAccessToken = decodedAccessTokenSchema.parse(decoded);
236
- }
237
- catch (error) {
238
- result = (0, tsafe_1.id)({
239
- isValid: false,
240
- errorCase: "does not respect schema",
241
- errorMessage: String(error)
242
- });
243
- return;
244
- }
245
- result = (0, tsafe_1.id)({
246
- isValid: true,
247
- decodedAccessToken: decodedAccessToken
248
- });
249
- });
250
- (0, tsafe_1.assert)(result !== undefined, "0522e6");
251
- return result;
252
- }
253
- }];
37
+ const node_fetch_1 = require("./vendor/backend/node-fetch");
38
+ const tsafe_1 = require("./vendor/backend/tsafe");
39
+ const node_jose_1 = require("./vendor/backend/node-jose");
40
+ const jwt = __importStar(require("./vendor/backend/jsonwebtoken"));
41
+ const zod_1 = require("./vendor/backend/zod");
42
+ const evt_1 = require("./vendor/backend/evt");
43
+ const evt_2 = require("./vendor/backend/evt");
44
+ async function createOidcBackend(params) {
45
+ const { issuerUri, decodedAccessTokenSchema = zod_1.z.record(zod_1.z.unknown()) } = params;
46
+ let publicSigningKeys = await fetchPublicSigningKeys({ issuerUri });
47
+ const evtInvalidSignature = evt_1.Evt.create();
48
+ evtInvalidSignature.pipe((0, evt_2.throttleTime)(3600000)).attach(async () => {
49
+ const publicSigningKeys_new = await (async function callee(count) {
50
+ let wrap;
51
+ try {
52
+ wrap = await fetchPublicSigningKeys({ issuerUri });
254
53
  }
255
- });
54
+ catch (error) {
55
+ if (count === 9) {
56
+ console.warn(`Failed to refresh public key and signing algorithm after ${count + 1} attempts`);
57
+ return undefined;
58
+ }
59
+ const delayMs = 1000 * Math.pow(2, count);
60
+ console.warn(`Failed to refresh public key and signing algorithm: ${String(error)}, retrying in ${delayMs}ms`);
61
+ await new Promise(resolve => setTimeout(resolve, delayMs));
62
+ return callee(count + 1);
63
+ }
64
+ return wrap;
65
+ })(0);
66
+ if (publicSigningKeys_new === undefined) {
67
+ return;
68
+ }
69
+ publicSigningKeys = publicSigningKeys_new;
256
70
  });
71
+ return {
72
+ verifyAndDecodeAccessToken: ({ accessToken }) => {
73
+ let kid;
74
+ let alg;
75
+ {
76
+ const jwtHeader_b64 = accessToken.split(".")[0];
77
+ let jwtHeader;
78
+ try {
79
+ jwtHeader = Buffer.from(jwtHeader_b64, "base64").toString("utf8");
80
+ }
81
+ catch {
82
+ return {
83
+ isValid: false,
84
+ errorCase: "invalid signature",
85
+ errorMessage: "Failed to decode the JWT header as a base64 string"
86
+ };
87
+ }
88
+ let decodedHeader;
89
+ try {
90
+ decodedHeader = JSON.parse(jwtHeader);
91
+ }
92
+ catch {
93
+ return {
94
+ isValid: false,
95
+ errorCase: "invalid signature",
96
+ errorMessage: "Failed to parse the JWT header as a JSON"
97
+ };
98
+ }
99
+ const zDecodedHeader = zod_1.z.object({
100
+ kid: zod_1.z.string(),
101
+ alg: zod_1.z.string()
102
+ });
103
+ (0, tsafe_1.assert)();
104
+ try {
105
+ zDecodedHeader.parse(decodedHeader);
106
+ }
107
+ catch {
108
+ return {
109
+ isValid: false,
110
+ errorCase: "invalid signature",
111
+ errorMessage: "The decoded JWT header does not have a kid property"
112
+ };
113
+ }
114
+ (0, tsafe_1.assert)((0, tsafe_1.is)(decodedHeader));
115
+ {
116
+ const supportedAlgs = [
117
+ "RS256",
118
+ "RS384",
119
+ "RS512",
120
+ "ES256",
121
+ "ES384",
122
+ "ES512",
123
+ "PS256",
124
+ "PS384",
125
+ "PS512"
126
+ ];
127
+ (0, tsafe_1.assert)();
128
+ if (!(0, tsafe_1.isAmong)(supportedAlgs, decodedHeader.alg)) {
129
+ return {
130
+ isValid: false,
131
+ errorCase: "invalid signature",
132
+ errorMessage: `Unsupported or too week algorithm ${decodedHeader.alg}`
133
+ };
134
+ }
135
+ }
136
+ kid = decodedHeader.kid;
137
+ alg = decodedHeader.alg;
138
+ }
139
+ const publicSigningKey = publicSigningKeys.find(publicSigningKey => publicSigningKey.kid === kid);
140
+ if (publicSigningKey === undefined) {
141
+ return {
142
+ isValid: false,
143
+ errorCase: "invalid signature",
144
+ errorMessage: `No public signing key found with kid ${kid}`
145
+ };
146
+ }
147
+ let result = (0, tsafe_1.id)(undefined);
148
+ jwt.verify(accessToken, publicSigningKey.publicKey, { algorithms: [alg] }, (err, decoded) => {
149
+ invalid: {
150
+ if (!err) {
151
+ break invalid;
152
+ }
153
+ if (err.name === "TokenExpiredError") {
154
+ result = (0, tsafe_1.id)({
155
+ isValid: false,
156
+ errorCase: "expired",
157
+ errorMessage: err.message
158
+ });
159
+ return;
160
+ }
161
+ evtInvalidSignature.post();
162
+ result = (0, tsafe_1.id)({
163
+ isValid: false,
164
+ errorCase: "invalid signature",
165
+ errorMessage: err.message
166
+ });
167
+ return;
168
+ }
169
+ let decodedAccessToken;
170
+ try {
171
+ decodedAccessToken = decodedAccessTokenSchema.parse(decoded);
172
+ }
173
+ catch (error) {
174
+ result = (0, tsafe_1.id)({
175
+ isValid: false,
176
+ errorCase: "does not respect schema",
177
+ errorMessage: String(error)
178
+ });
179
+ return;
180
+ }
181
+ result = (0, tsafe_1.id)({
182
+ isValid: true,
183
+ decodedAccessToken: decodedAccessToken
184
+ });
185
+ });
186
+ (0, tsafe_1.assert)(result !== undefined, "0522e6");
187
+ return result;
188
+ }
189
+ };
257
190
  }
258
- function fetchPublicSigningKeys(params) {
259
- return __awaiter(this, void 0, void 0, function () {
260
- var issuerUri, jwks_uri, jwks, publicSigningKeys;
261
- var _this = this;
262
- return __generator(this, function (_a) {
263
- switch (_a.label) {
264
- case 0:
265
- issuerUri = params.issuerUri;
266
- return [4 /*yield*/, (function () { return __awaiter(_this, void 0, void 0, function () {
267
- var url, response, data, error_2, zWellKnownConfiguration, jwks_uri;
268
- return __generator(this, function (_a) {
269
- switch (_a.label) {
270
- case 0:
271
- url = "".concat(issuerUri.replace(/\/$/, ""), "/.well-known/openid-configuration");
272
- return [4 /*yield*/, (0, node_fetch_1.fetch)(url)];
273
- case 1:
274
- response = _a.sent();
275
- if (!response.ok) {
276
- throw new Error("Failed to fetch openid configuration of the issuerUri: ".concat(issuerUri, " (").concat(url, "): ").concat(response.statusText));
277
- }
278
- _a.label = 2;
279
- case 2:
280
- _a.trys.push([2, 4, , 5]);
281
- return [4 /*yield*/, response.json()];
282
- case 3:
283
- data = _a.sent();
284
- return [3 /*break*/, 5];
285
- case 4:
286
- error_2 = _a.sent();
287
- throw new Error("Failed to parse json from ".concat(url, ": ").concat(String(error_2)));
288
- case 5:
289
- {
290
- zWellKnownConfiguration = zod_1.z.object({
291
- jwks_uri: zod_1.z.string()
292
- });
293
- (0, tsafe_1.assert)();
294
- try {
295
- zWellKnownConfiguration.parse(data);
296
- }
297
- catch (_b) {
298
- throw new Error("".concat(url, " does not have a jwks_uri property"));
299
- }
300
- (0, tsafe_1.assert)((0, tsafe_1.is)(data));
301
- }
302
- jwks_uri = data.jwks_uri;
303
- return [2 /*return*/, { jwks_uri: jwks_uri }];
304
- }
305
- });
306
- }); })()];
307
- case 1:
308
- jwks_uri = (_a.sent()).jwks_uri;
309
- return [4 /*yield*/, (function () { return __awaiter(_this, void 0, void 0, function () {
310
- var response, jwks, error_3, zJwks;
311
- return __generator(this, function (_a) {
312
- switch (_a.label) {
313
- case 0: return [4 /*yield*/, (0, node_fetch_1.fetch)(jwks_uri)];
314
- case 1:
315
- response = _a.sent();
316
- if (!response.ok) {
317
- throw new Error("Failed to fetch public key and algorithm from ".concat(jwks_uri, ": ").concat(response.statusText));
318
- }
319
- _a.label = 2;
320
- case 2:
321
- _a.trys.push([2, 4, , 5]);
322
- return [4 /*yield*/, response.json()];
323
- case 3:
324
- jwks = _a.sent();
325
- return [3 /*break*/, 5];
326
- case 4:
327
- error_3 = _a.sent();
328
- throw new Error("Failed to parse json from ".concat(jwks_uri, ": ").concat(String(error_3)));
329
- case 5:
330
- {
331
- zJwks = zod_1.z.object({
332
- keys: zod_1.z.array(zod_1.z.object({
333
- kid: zod_1.z.string(),
334
- kty: zod_1.z.string(),
335
- e: zod_1.z.string().optional(),
336
- n: zod_1.z.string().optional(),
337
- use: zod_1.z.string()
338
- }))
339
- });
340
- (0, tsafe_1.assert)();
341
- try {
342
- zJwks.parse(jwks);
343
- }
344
- catch (_b) {
345
- throw new Error("".concat(jwks_uri, " does not have the expected shape"));
346
- }
347
- (0, tsafe_1.assert)((0, tsafe_1.is)(jwks));
348
- }
349
- return [2 /*return*/, { jwks: jwks }];
350
- }
351
- });
352
- }); })()];
353
- case 2:
354
- jwks = (_a.sent()).jwks;
355
- return [4 /*yield*/, Promise.all(jwks.keys
356
- .filter(function (_a) {
357
- var use = _a.use;
358
- return use === "sig";
359
- })
360
- .map(function (_a) {
361
- var kid = _a.kid, kty = _a.kty, e = _a.e, n = _a.n;
362
- if (kty !== "RSA") {
363
- return undefined;
364
- }
365
- (0, tsafe_1.assert)(e !== undefined, "e is undefined");
366
- (0, tsafe_1.assert)(n !== undefined, "n is undefined");
367
- return { kid: kid, e: e, n: n };
368
- })
369
- .filter((0, tsafe_1.exclude)(undefined))
370
- .map(function (_a) { return __awaiter(_this, [_a], void 0, function (_b) {
371
- var key, publicKey;
372
- var kid = _b.kid, e = _b.e, n = _b.n;
373
- return __generator(this, function (_c) {
374
- switch (_c.label) {
375
- case 0: return [4 /*yield*/, node_jose_1.JWK.asKey({ kty: "RSA", e: e, n: n })];
376
- case 1:
377
- key = _c.sent();
378
- publicKey = key.toPEM(false);
379
- return [2 /*return*/, {
380
- kid: kid,
381
- publicKey: publicKey
382
- }];
383
- }
384
- });
385
- }); }))];
386
- case 3:
387
- publicSigningKeys = _a.sent();
388
- (0, tsafe_1.assert)(publicSigningKeys.length !== 0, "No public signing key found at ".concat(jwks_uri, ", ").concat(JSON.stringify(jwks, null, 2)));
389
- return [2 /*return*/, publicSigningKeys];
191
+ async function fetchPublicSigningKeys(params) {
192
+ const { issuerUri } = params;
193
+ const { jwks_uri } = await (async () => {
194
+ const url = `${issuerUri.replace(/\/$/, "")}/.well-known/openid-configuration`;
195
+ const response = await (0, node_fetch_1.fetch)(url);
196
+ if (!response.ok) {
197
+ throw new Error(`Failed to fetch openid configuration of the issuerUri: ${issuerUri} (${url}): ${response.statusText}`);
198
+ }
199
+ let data;
200
+ try {
201
+ data = await response.json();
202
+ }
203
+ catch (error) {
204
+ throw new Error(`Failed to parse json from ${url}: ${String(error)}`);
205
+ }
206
+ {
207
+ const zWellKnownConfiguration = zod_1.z.object({
208
+ jwks_uri: zod_1.z.string()
209
+ });
210
+ (0, tsafe_1.assert)();
211
+ try {
212
+ zWellKnownConfiguration.parse(data);
390
213
  }
391
- });
392
- });
214
+ catch {
215
+ throw new Error(`${url} does not have a jwks_uri property`);
216
+ }
217
+ (0, tsafe_1.assert)((0, tsafe_1.is)(data));
218
+ }
219
+ const { jwks_uri } = data;
220
+ return { jwks_uri };
221
+ })();
222
+ const { jwks } = await (async () => {
223
+ const response = await (0, node_fetch_1.fetch)(jwks_uri);
224
+ if (!response.ok) {
225
+ throw new Error(`Failed to fetch public key and algorithm from ${jwks_uri}: ${response.statusText}`);
226
+ }
227
+ let jwks;
228
+ try {
229
+ jwks = await response.json();
230
+ }
231
+ catch (error) {
232
+ throw new Error(`Failed to parse json from ${jwks_uri}: ${String(error)}`);
233
+ }
234
+ {
235
+ const zJwks = zod_1.z.object({
236
+ keys: zod_1.z.array(zod_1.z.object({
237
+ kid: zod_1.z.string(),
238
+ kty: zod_1.z.string(),
239
+ e: zod_1.z.string().optional(),
240
+ n: zod_1.z.string().optional(),
241
+ use: zod_1.z.string()
242
+ }))
243
+ });
244
+ (0, tsafe_1.assert)();
245
+ try {
246
+ zJwks.parse(jwks);
247
+ }
248
+ catch {
249
+ throw new Error(`${jwks_uri} does not have the expected shape`);
250
+ }
251
+ (0, tsafe_1.assert)((0, tsafe_1.is)(jwks));
252
+ }
253
+ return { jwks };
254
+ })();
255
+ const publicSigningKeys = await Promise.all(jwks.keys
256
+ .filter(({ use }) => use === "sig")
257
+ .map(({ kid, kty, e, n }) => {
258
+ if (kty !== "RSA") {
259
+ return undefined;
260
+ }
261
+ (0, tsafe_1.assert)(e !== undefined, "e is undefined");
262
+ (0, tsafe_1.assert)(n !== undefined, "n is undefined");
263
+ return { kid, e, n };
264
+ })
265
+ .filter((0, tsafe_1.exclude)(undefined))
266
+ .map(async ({ kid, e, n }) => {
267
+ const key = await node_jose_1.JWK.asKey({ kty: "RSA", e, n });
268
+ const publicKey = key.toPEM(false);
269
+ return {
270
+ kid,
271
+ publicKey
272
+ };
273
+ }));
274
+ (0, tsafe_1.assert)(publicSigningKeys.length !== 0, `No public signing key found at ${jwks_uri}, ${JSON.stringify(jwks, null, 2)}`);
275
+ return publicSigningKeys;
393
276
  }
394
277
  //# sourceMappingURL=backend.js.map
package/backend.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"backend.js","sourceRoot":"","sources":["src/backend.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyCA,8CAkNC;AA3PD,0DAAoD;AACpD,gDAAuF;AACvF,wDAAiD;AACjD,iEAAqD;AACrD,4CAAyC;AACzC,4CAA2C;AAC3C,4CAAoD;AAmCpD,SAAsB,iBAAiB,CACnC,MAAqD;;;;;;;oBAE7C,SAAS,GAAuD,MAAM,UAA7D,EAAE,KAAqD,MAAM,yBAAX,EAAhD,wBAAwB,mBAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,KAAA,CAAY;oBAEvD,qBAAM,sBAAsB,CAAC,EAAE,SAAS,WAAA,EAAE,CAAC,EAAA;;oBAA/D,iBAAiB,GAAG,SAA2C;oBAE7D,mBAAmB,GAAG,SAAG,CAAC,MAAM,EAAQ,CAAC;oBAE/C,mBAAmB,CAAC,IAAI,CAAC,IAAA,kBAAY,EAAC,OAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;;;;wCACtB,qBAAM,CAAC,SAAe,MAAM,CACtD,KAAa;;;;;;;wDAKF,qBAAM,sBAAsB,CAAC,EAAE,SAAS,WAAA,EAAE,CAAC,EAAA;;wDAAlD,IAAI,GAAG,SAA2C,CAAC;;;;wDAEnD,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;4DACd,OAAO,CAAC,IAAI,CACR,mEAA4D,KAAK,GAAG,CAAC,cAAW,CACnF,CAAC;4DAEF,sBAAO,SAAS,EAAC;wDACrB,CAAC;wDAEK,YAAU,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;wDAE1C,OAAO,CAAC,IAAI,CACR,8DAAuD,MAAM,CACzD,OAAK,CACR,2BAAiB,SAAO,OAAI,CAChC,CAAC;wDAEF,qBAAM,IAAI,OAAO,CAAC,UAAA,OAAO,IAAI,OAAA,UAAU,CAAC,OAAO,EAAE,SAAO,CAAC,EAA5B,CAA4B,CAAC,EAAA;;wDAA1D,SAA0D,CAAC;wDAE3D,sBAAO,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,EAAC;4DAG7B,sBAAO,IAAI,EAAC;;;;qCACf,CAAC,CAAC,CAAC,CAAC,EAAA;;oCA9BC,qBAAqB,GAAG,SA8BzB;oCAEL,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;wCACtC,sBAAO;oCACX,CAAC;oCAED,iBAAiB,GAAG,qBAAqB,CAAC;;;;yBAC7C,CAAC,CAAC;oBAEH,sBAAO;4BACH,0BAA0B,EAAE,UAAC,EAAe;oCAAb,WAAW,iBAAA;gCACtC,IAAI,GAAW,CAAC;gCAChB,IAAI,GAAkB,CAAC;gCAEvB,CAAC;oCACG,IAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;oCAEhD,IAAI,SAAS,SAAQ,CAAC;oCAEtB,IAAI,CAAC;wCACD,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oCACtE,CAAC;oCAAC,WAAM,CAAC;wCACL,OAAO;4CACH,OAAO,EAAE,KAAK;4CACd,SAAS,EAAE,mBAAmB;4CAC9B,YAAY,EAAE,oDAAoD;yCACrE,CAAC;oCACN,CAAC;oCAED,IAAI,aAAa,SAAS,CAAC;oCAE3B,IAAI,CAAC;wCACD,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;oCAC1C,CAAC;oCAAC,WAAM,CAAC;wCACL,OAAO;4CACH,OAAO,EAAE,KAAK;4CACd,SAAS,EAAE,mBAAmB;4CAC9B,YAAY,EAAE,0CAA0C;yCAC3D,CAAC;oCACN,CAAC;oCAOD,IAAM,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;wCAC5B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;wCACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;qCAClB,CAAC,CAAC;oCAEH,IAAA,cAAM,GAAyD,CAAC;oCAEhE,IAAI,CAAC;wCACD,cAAc,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;oCACxC,CAAC;oCAAC,WAAM,CAAC;wCACL,OAAO;4CACH,OAAO,EAAE,KAAK;4CACd,SAAS,EAAE,mBAAmB;4CAC9B,YAAY,EAAE,qDAAqD;yCACtE,CAAC;oCACN,CAAC;oCAED,IAAA,cAAM,EAAC,IAAA,UAAE,EAAgB,aAAa,CAAC,CAAC,CAAC;oCAEzC,CAAC;wCACG,IAAM,aAAa,GAAG;4CAClB,OAAO;4CACP,OAAO;4CACP,OAAO;4CACP,OAAO;4CACP,OAAO;4CACP,OAAO;4CACP,OAAO;4CACP,OAAO;4CACP,OAAO;yCACD,CAAC;wCAEX,IAAA,cAAM,GAKH,CAAC;wCAEJ,IAAI,CAAC,IAAA,eAAO,EAAC,aAAa,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;4CAC7C,OAAO;gDACH,OAAO,EAAE,KAAK;gDACd,SAAS,EAAE,mBAAmB;gDAC9B,YAAY,EAAE,4CAAqC,aAAa,CAAC,GAAG,CAAE;6CACzE,CAAC;wCACN,CAAC;oCACL,CAAC;oCAED,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC;oCACxB,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC;gCAC5B,CAAC;gCAED,IAAM,gBAAgB,GAAG,iBAAiB,CAAC,IAAI,CAC3C,UAAA,gBAAgB,IAAI,OAAA,gBAAgB,CAAC,GAAG,KAAK,GAAG,EAA5B,CAA4B,CACnD,CAAC;gCAEF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;oCACjC,OAAO;wCACH,OAAO,EAAE,KAAK;wCACd,SAAS,EAAE,mBAAmB;wCAC9B,YAAY,EAAE,+CAAwC,GAAG,CAAE;qCAC9D,CAAC;gCACN,CAAC;gCAED,IAAI,MAAM,GAAG,IAAA,UAAE,EAA4D,SAAS,CAAC,CAAC;gCAEtF,GAAG,CAAC,MAAM,CACN,WAAW,EACX,gBAAgB,CAAC,SAAS,EAC1B,EAAE,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,EACrB,UAAC,GAAG,EAAE,OAAO;oCACT,OAAO,EAAE,CAAC;wCACN,IAAI,CAAC,GAAG,EAAE,CAAC;4CACP,MAAM,OAAO,CAAC;wCAClB,CAAC;wCAED,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;4CACnC,MAAM,GAAG,IAAA,UAAE,EAAoC;gDAC3C,OAAO,EAAE,KAAK;gDACd,SAAS,EAAE,SAAS;gDACpB,YAAY,EAAE,GAAG,CAAC,OAAO;6CAC5B,CAAC,CAAC;4CACH,OAAO;wCACX,CAAC;wCAED,mBAAmB,CAAC,IAAI,EAAE,CAAC;wCAE3B,MAAM,GAAG,IAAA,UAAE,EAAoC;4CAC3C,OAAO,EAAE,KAAK;4CACd,SAAS,EAAE,mBAAmB;4CAC9B,YAAY,EAAE,GAAG,CAAC,OAAO;yCAC5B,CAAC,CAAC;wCAEH,OAAO;oCACX,CAAC;oCAED,IAAI,kBAAsC,CAAC;oCAE3C,IAAI,CAAC;wCACD,kBAAkB,GAAG,wBAAwB,CAAC,KAAK,CAC/C,OAAO,CACY,CAAC;oCAC5B,CAAC;oCAAC,OAAO,KAAK,EAAE,CAAC;wCACb,MAAM,GAAG,IAAA,UAAE,EAAoC;4CAC3C,OAAO,EAAE,KAAK;4CACd,SAAS,EAAE,yBAAyB;4CACpC,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC;yCAC9B,CAAC,CAAC;wCAEH,OAAO;oCACX,CAAC;oCAED,MAAM,GAAG,IAAA,UAAE,EAAsD;wCAC7D,OAAO,EAAE,IAAI;wCACb,kBAAkB,EAAE,kBAAkB;qCACzC,CAAC,CAAC;gCACP,CAAC,CACJ,CAAC;gCAEF,IAAA,cAAM,EAAC,MAAM,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;gCAEvC,OAAO,MAAM,CAAC;4BAClB,CAAC;yBACJ,EAAC;;;;CACL;AAOD,SAAe,sBAAsB,CAAC,MAA6B;;;;;;;oBACvD,SAAS,GAAK,MAAM,UAAX,CAAY;oBAER,qBAAM,CAAC;;;;;wCAClB,GAAG,GAAG,UAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,sCAAmC,CAAC;wCAE9D,qBAAM,IAAA,kBAAK,EAAC,GAAG,CAAC,EAAA;;wCAA3B,QAAQ,GAAG,SAAgB;wCAEjC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;4CACf,MAAM,IAAI,KAAK,CACX,iEAA0D,SAAS,eAAK,GAAG,gBAAM,QAAQ,CAAC,UAAU,CAAE,CACzG,CAAC;wCACN,CAAC;;;;wCAKU,qBAAM,QAAQ,CAAC,IAAI,EAAE,EAAA;;wCAA5B,IAAI,GAAG,SAAqB,CAAC;;;;wCAE7B,MAAM,IAAI,KAAK,CAAC,oCAA6B,GAAG,eAAK,MAAM,CAAC,OAAK,CAAC,CAAE,CAAC,CAAC;;wCAG1E,CAAC;4CAKS,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;gDACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;6CACvB,CAAC,CAAC;4CAEH,IAAA,cAAM,GAA2E,CAAC;4CAElF,IAAI,CAAC;gDACD,uBAAuB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;4CACxC,CAAC;4CAAC,WAAM,CAAC;gDACL,MAAM,IAAI,KAAK,CAAC,UAAG,GAAG,uCAAoC,CAAC,CAAC;4CAChE,CAAC;4CAED,IAAA,cAAM,EAAC,IAAA,UAAE,EAAyB,IAAI,CAAC,CAAC,CAAC;wCAC7C,CAAC;wCAEO,QAAQ,GAAK,IAAI,SAAT,CAAU;wCAE1B,sBAAO,EAAE,QAAQ,UAAA,EAAE,EAAC;;;6BACvB,CAAC,EAAE,EAAA;;oBA1CI,QAAQ,GAAK,CAAA,SA0CjB,CAAA,SA1CY;oBA4CC,qBAAM,CAAC;;;;4CACH,qBAAM,IAAA,kBAAK,EAAC,QAAQ,CAAC,EAAA;;wCAAhC,QAAQ,GAAG,SAAqB;wCAEtC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;4CACf,MAAM,IAAI,KAAK,CACX,wDAAiD,QAAQ,eAAK,QAAQ,CAAC,UAAU,CAAE,CACtF,CAAC;wCACN,CAAC;;;;wCAKU,qBAAM,QAAQ,CAAC,IAAI,EAAE,EAAA;;wCAA5B,IAAI,GAAG,SAAqB,CAAC;;;;wCAE7B,MAAM,IAAI,KAAK,CAAC,oCAA6B,QAAQ,eAAK,MAAM,CAAC,OAAK,CAAC,CAAE,CAAC,CAAC;;wCAG/E,CAAC;4CAWS,KAAK,GAAG,OAAC,CAAC,MAAM,CAAC;gDACnB,IAAI,EAAE,OAAC,CAAC,KAAK,CACT,OAAC,CAAC,MAAM,CAAC;oDACL,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;oDACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;oDACf,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;oDACxB,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;oDACxB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;iDAClB,CAAC,CACL;6CACJ,CAAC,CAAC;4CAEH,IAAA,cAAM,GAAuC,CAAC;4CAE9C,IAAI,CAAC;gDACD,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;4CACtB,CAAC;4CAAC,WAAM,CAAC;gDACL,MAAM,IAAI,KAAK,CAAC,UAAG,QAAQ,sCAAmC,CAAC,CAAC;4CACpE,CAAC;4CAED,IAAA,cAAM,EAAC,IAAA,UAAE,EAAO,IAAI,CAAC,CAAC,CAAC;wCAC3B,CAAC;wCAED,sBAAO,EAAE,IAAI,MAAA,EAAE,EAAC;;;6BACnB,CAAC,EAAE,EAAA;;oBApDI,IAAI,GAAK,CAAA,SAoDb,CAAA,KApDQ;oBAsDkC,qBAAM,OAAO,CAAC,GAAG,CAC3D,IAAI,CAAC,IAAI;6BACJ,MAAM,CAAC,UAAC,EAAO;gCAAL,GAAG,SAAA;4BAAO,OAAA,GAAG,KAAK,KAAK;wBAAb,CAAa,CAAC;6BAClC,GAAG,CAAC,UAAC,EAAkB;gCAAhB,GAAG,SAAA,EAAE,GAAG,SAAA,EAAE,CAAC,OAAA,EAAE,CAAC,OAAA;4BAClB,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gCAChB,OAAO,SAAS,CAAC;4BACrB,CAAC;4BAED,IAAA,cAAM,EAAC,CAAC,KAAK,SAAS,EAAE,gBAAgB,CAAC,CAAC;4BAC1C,IAAA,cAAM,EAAC,CAAC,KAAK,SAAS,EAAE,gBAAgB,CAAC,CAAC;4BAE1C,OAAO,EAAE,GAAG,KAAA,EAAE,CAAC,GAAA,EAAE,CAAC,GAAA,EAAE,CAAC;wBACzB,CAAC,CAAC;6BACD,MAAM,CAAC,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC;6BAC1B,GAAG,CAAC,gEAAO,EAAa;;gCAAX,GAAG,SAAA,EAAE,CAAC,OAAA,EAAE,CAAC,OAAA;;;4CACP,qBAAM,eAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,GAAA,EAAE,CAAC,GAAA,EAAE,CAAC,EAAA;;wCAA3C,GAAG,GAAG,SAAqC;wCAC3C,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;wCAEnC,sBAAO;gDACH,GAAG,KAAA;gDACH,SAAS,WAAA;6CACZ,EAAC;;;6BACL,CAAC,CACT,EAAA;;oBAvBK,iBAAiB,GAAuB,SAuB7C;oBAED,IAAA,cAAM,EACF,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAC9B,yCAAkC,QAAQ,eAAK,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAE,CACjF,CAAC;oBAEF,sBAAO,iBAAiB,EAAC;;;;CAC5B"}
1
+ {"version":3,"file":"backend.js","sourceRoot":"","sources":["src/backend.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyCA,8CAkNC;AA3PD,4DAAoD;AACpD,kDAAuF;AACvF,0DAAiD;AACjD,mEAAqD;AACrD,8CAAyC;AACzC,8CAA2C;AAC3C,8CAAoD;AAmC7C,KAAK,UAAU,iBAAiB,CACnC,MAAqD;IAErD,MAAM,EAAE,SAAS,EAAE,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC;IAE/E,IAAI,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IAEpE,MAAM,mBAAmB,GAAG,SAAG,CAAC,MAAM,EAAQ,CAAC;IAE/C,mBAAmB,CAAC,IAAI,CAAC,IAAA,kBAAY,EAAC,OAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;QAC/D,MAAM,qBAAqB,GAAG,MAAM,CAAC,KAAK,UAAU,MAAM,CACtD,KAAa;YAEb,IAAI,IAAI,CAAC;YAET,IAAI,CAAC;gBACD,IAAI,GAAG,MAAM,sBAAsB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;oBACd,OAAO,CAAC,IAAI,CACR,4DAA4D,KAAK,GAAG,CAAC,WAAW,CACnF,CAAC;oBAEF,OAAO,SAAS,CAAC;gBACrB,CAAC;gBAED,MAAM,OAAO,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;gBAE1C,OAAO,CAAC,IAAI,CACR,uDAAuD,MAAM,CACzD,KAAK,CACR,iBAAiB,OAAO,IAAI,CAChC,CAAC;gBAEF,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;gBAE3D,OAAO,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YAC7B,CAAC;YAED,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEN,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO;QACX,CAAC;QAED,iBAAiB,GAAG,qBAAqB,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,OAAO;QACH,0BAA0B,EAAE,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE;YAC5C,IAAI,GAAW,CAAC;YAChB,IAAI,GAAkB,CAAC;YAEvB,CAAC;gBACG,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAEhD,IAAI,SAAiB,CAAC;gBAEtB,IAAI,CAAC;oBACD,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACtE,CAAC;gBAAC,MAAM,CAAC;oBACL,OAAO;wBACH,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,mBAAmB;wBAC9B,YAAY,EAAE,oDAAoD;qBACrE,CAAC;gBACN,CAAC;gBAED,IAAI,aAAsB,CAAC;gBAE3B,IAAI,CAAC;oBACD,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBAC1C,CAAC;gBAAC,MAAM,CAAC;oBACL,OAAO;wBACH,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,mBAAmB;wBAC9B,YAAY,EAAE,0CAA0C;qBAC3D,CAAC;gBACN,CAAC;gBAOD,MAAM,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;oBAC5B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;oBACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;iBAClB,CAAC,CAAC;gBAEH,IAAA,cAAM,GAAyD,CAAC;gBAEhE,IAAI,CAAC;oBACD,cAAc,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;gBACxC,CAAC;gBAAC,MAAM,CAAC;oBACL,OAAO;wBACH,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,mBAAmB;wBAC9B,YAAY,EAAE,qDAAqD;qBACtE,CAAC;gBACN,CAAC;gBAED,IAAA,cAAM,EAAC,IAAA,UAAE,EAAgB,aAAa,CAAC,CAAC,CAAC;gBAEzC,CAAC;oBACG,MAAM,aAAa,GAAG;wBAClB,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;wBACP,OAAO;qBACD,CAAC;oBAEX,IAAA,cAAM,GAKH,CAAC;oBAEJ,IAAI,CAAC,IAAA,eAAO,EAAC,aAAa,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC7C,OAAO;4BACH,OAAO,EAAE,KAAK;4BACd,SAAS,EAAE,mBAAmB;4BAC9B,YAAY,EAAE,qCAAqC,aAAa,CAAC,GAAG,EAAE;yBACzE,CAAC;oBACN,CAAC;gBACL,CAAC;gBAED,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC;gBACxB,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC;YAC5B,CAAC;YAED,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,IAAI,CAC3C,gBAAgB,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,KAAK,GAAG,CACnD,CAAC;YAEF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACjC,OAAO;oBACH,OAAO,EAAE,KAAK;oBACd,SAAS,EAAE,mBAAmB;oBAC9B,YAAY,EAAE,wCAAwC,GAAG,EAAE;iBAC9D,CAAC;YACN,CAAC;YAED,IAAI,MAAM,GAAG,IAAA,UAAE,EAA4D,SAAS,CAAC,CAAC;YAEtF,GAAG,CAAC,MAAM,CACN,WAAW,EACX,gBAAgB,CAAC,SAAS,EAC1B,EAAE,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,EACrB,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;gBACb,OAAO,EAAE,CAAC;oBACN,IAAI,CAAC,GAAG,EAAE,CAAC;wBACP,MAAM,OAAO,CAAC;oBAClB,CAAC;oBAED,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;wBACnC,MAAM,GAAG,IAAA,UAAE,EAAoC;4BAC3C,OAAO,EAAE,KAAK;4BACd,SAAS,EAAE,SAAS;4BACpB,YAAY,EAAE,GAAG,CAAC,OAAO;yBAC5B,CAAC,CAAC;wBACH,OAAO;oBACX,CAAC;oBAED,mBAAmB,CAAC,IAAI,EAAE,CAAC;oBAE3B,MAAM,GAAG,IAAA,UAAE,EAAoC;wBAC3C,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,mBAAmB;wBAC9B,YAAY,EAAE,GAAG,CAAC,OAAO;qBAC5B,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,IAAI,kBAAsC,CAAC;gBAE3C,IAAI,CAAC;oBACD,kBAAkB,GAAG,wBAAwB,CAAC,KAAK,CAC/C,OAAO,CACY,CAAC;gBAC5B,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACb,MAAM,GAAG,IAAA,UAAE,EAAoC;wBAC3C,OAAO,EAAE,KAAK;wBACd,SAAS,EAAE,yBAAyB;wBACpC,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC;qBAC9B,CAAC,CAAC;oBAEH,OAAO;gBACX,CAAC;gBAED,MAAM,GAAG,IAAA,UAAE,EAAsD;oBAC7D,OAAO,EAAE,IAAI;oBACb,kBAAkB,EAAE,kBAAkB;iBACzC,CAAC,CAAC;YACP,CAAC,CACJ,CAAC;YAEF,IAAA,cAAM,EAAC,MAAM,KAAK,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEvC,OAAO,MAAM,CAAC;QAClB,CAAC;KACJ,CAAC;AACN,CAAC;AAOD,KAAK,UAAU,sBAAsB,CAAC,MAA6B;IAC/D,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7B,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE;QACnC,MAAM,GAAG,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,mCAAmC,CAAC;QAE/E,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAK,EAAC,GAAG,CAAC,CAAC;QAElC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACX,0DAA0D,SAAS,KAAK,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,CACzG,CAAC;QACN,CAAC;QAED,IAAI,IAAa,CAAC;QAElB,IAAI,CAAC;YACD,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,CAAC;YAKG,MAAM,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;gBACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;aACvB,CAAC,CAAC;YAEH,IAAA,cAAM,GAA2E,CAAC;YAElF,IAAI,CAAC;gBACD,uBAAuB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACxC,CAAC;YAAC,MAAM,CAAC;gBACL,MAAM,IAAI,KAAK,CAAC,GAAG,GAAG,oCAAoC,CAAC,CAAC;YAChE,CAAC;YAED,IAAA,cAAM,EAAC,IAAA,UAAE,EAAyB,IAAI,CAAC,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;QAE1B,OAAO,EAAE,QAAQ,EAAE,CAAC;IACxB,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE;QAC/B,MAAM,QAAQ,GAAG,MAAM,IAAA,kBAAK,EAAC,QAAQ,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACX,iDAAiD,QAAQ,KAAK,QAAQ,CAAC,UAAU,EAAE,CACtF,CAAC;QACN,CAAC;QAED,IAAI,IAAa,CAAC;QAElB,IAAI,CAAC;YACD,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,KAAK,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC/E,CAAC;QAED,CAAC;YAWG,MAAM,KAAK,GAAG,OAAC,CAAC,MAAM,CAAC;gBACnB,IAAI,EAAE,OAAC,CAAC,KAAK,CACT,OAAC,CAAC,MAAM,CAAC;oBACL,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;oBACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;oBACf,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;oBACxB,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;oBACxB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;iBAClB,CAAC,CACL;aACJ,CAAC,CAAC;YAEH,IAAA,cAAM,GAAuC,CAAC;YAE9C,IAAI,CAAC;gBACD,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;YAAC,MAAM,CAAC;gBACL,MAAM,IAAI,KAAK,CAAC,GAAG,QAAQ,mCAAmC,CAAC,CAAC;YACpE,CAAC;YAED,IAAA,cAAM,EAAC,IAAA,UAAE,EAAO,IAAI,CAAC,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,CAAC;IACpB,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,iBAAiB,GAAuB,MAAM,OAAO,CAAC,GAAG,CAC3D,IAAI,CAAC,IAAI;SACJ,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,GAAG,KAAK,KAAK,CAAC;SAClC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE;QACxB,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YAChB,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,IAAA,cAAM,EAAC,CAAC,KAAK,SAAS,EAAE,gBAAgB,CAAC,CAAC;QAC1C,IAAA,cAAM,EAAC,CAAC,KAAK,SAAS,EAAE,gBAAgB,CAAC,CAAC;QAE1C,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IACzB,CAAC,CAAC;SACD,MAAM,CAAC,IAAA,eAAO,EAAC,SAAS,CAAC,CAAC;SAC1B,GAAG,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE;QACzB,MAAM,GAAG,GAAG,MAAM,eAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEnC,OAAO;YACH,GAAG;YACH,SAAS;SACZ,CAAC;IACN,CAAC,CAAC,CACT,CAAC;IAEF,IAAA,cAAM,EACF,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAC9B,kCAAkC,QAAQ,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CACjF,CAAC;IAEF,OAAO,iBAAiB,CAAC;AAC7B,CAAC"}