oidc-spa 8.4.7 → 8.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -5
- package/core/createOidc.js +3 -1
- package/core/createOidc.js.map +1 -1
- package/core/earlyInit.d.ts +45 -7
- package/core/earlyInit.js +69 -153
- package/core/earlyInit.js.map +1 -1
- package/core/oidcClientTsUserToTokens.d.ts +1 -0
- package/core/oidcClientTsUserToTokens.js +11 -1
- package/core/oidcClientTsUserToTokens.js.map +1 -1
- package/core/tokenExfiltrationDefense.d.ts +6 -0
- package/core/tokenExfiltrationDefense.js +607 -0
- package/core/tokenExfiltrationDefense.js.map +1 -0
- package/core/tokenExfiltrationDefense_legacy.d.ts +8 -0
- package/core/tokenExfiltrationDefense_legacy.js +133 -0
- package/core/tokenExfiltrationDefense_legacy.js.map +1 -0
- package/core/tokenPlaceholderSubstitution.d.ts +13 -0
- package/core/tokenPlaceholderSubstitution.js +79 -0
- package/core/tokenPlaceholderSubstitution.js.map +1 -0
- package/esm/core/createOidc.js +3 -1
- package/esm/core/createOidc.js.map +1 -1
- package/esm/core/earlyInit.d.ts +45 -7
- package/esm/core/earlyInit.js +69 -153
- package/esm/core/earlyInit.js.map +1 -1
- package/esm/core/oidcClientTsUserToTokens.d.ts +1 -0
- package/esm/core/oidcClientTsUserToTokens.js +11 -1
- package/esm/core/oidcClientTsUserToTokens.js.map +1 -1
- package/esm/core/tokenExfiltrationDefense.d.ts +6 -0
- package/esm/core/tokenExfiltrationDefense.js +604 -0
- package/esm/core/tokenExfiltrationDefense.js.map +1 -0
- package/esm/core/tokenExfiltrationDefense_legacy.d.ts +8 -0
- package/esm/core/tokenExfiltrationDefense_legacy.js +130 -0
- package/esm/core/tokenExfiltrationDefense_legacy.js.map +1 -0
- package/esm/core/tokenPlaceholderSubstitution.d.ts +13 -0
- package/esm/core/tokenPlaceholderSubstitution.js +73 -0
- package/esm/core/tokenPlaceholderSubstitution.js.map +1 -0
- package/esm/tools/isDomain.d.ts +1 -0
- package/esm/tools/isDomain.js +16 -0
- package/esm/tools/isDomain.js.map +1 -0
- package/esm/tools/isHostnameAuthorized.d.ts +5 -0
- package/esm/tools/isHostnameAuthorized.js +74 -0
- package/esm/tools/isHostnameAuthorized.js.map +1 -0
- package/esm/tools/isLikelyDevServer.js +18 -10
- package/esm/tools/isLikelyDevServer.js.map +1 -1
- package/package.json +1 -1
- package/src/core/createOidc.ts +2 -0
- package/src/core/earlyInit.ts +138 -192
- package/src/core/oidcClientTsUserToTokens.ts +14 -0
- package/src/core/tokenExfiltrationDefense.ts +862 -0
- package/src/core/tokenExfiltrationDefense_legacy.ts +165 -0
- package/src/core/tokenPlaceholderSubstitution.ts +105 -0
- package/src/tools/isDomain.ts +18 -0
- package/src/tools/isHostnameAuthorized.ts +91 -0
- package/src/tools/isLikelyDevServer.ts +23 -11
- package/src/vite-plugin/handleClientEntrypoint.ts +57 -20
- package/src/vite-plugin/vite-plugin.ts +5 -10
- package/tools/isDomain.d.ts +1 -0
- package/tools/isDomain.js +19 -0
- package/tools/isDomain.js.map +1 -0
- package/tools/isHostnameAuthorized.d.ts +5 -0
- package/tools/isHostnameAuthorized.js +77 -0
- package/tools/isHostnameAuthorized.js.map +1 -0
- package/tools/isLikelyDevServer.js +18 -10
- package/tools/isLikelyDevServer.js.map +1 -1
- package/vite-plugin/handleClientEntrypoint.js +36 -17
- package/vite-plugin/handleClientEntrypoint.js.map +1 -1
- package/vite-plugin/vite-plugin.d.ts +3 -4
- package/vite-plugin/vite-plugin.js +1 -5
- package/vite-plugin/vite-plugin.js.map +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidcClientTsUserToTokens.js","sourceRoot":"","sources":["../src/core/oidcClientTsUserToTokens.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"oidcClientTsUserToTokens.js","sourceRoot":"","sources":["../src/core/oidcClientTsUserToTokens.ts"],"names":[],"mappings":";;AASA,4DAwPC;AAhQD,kDAA+C;AAC/C,0CAAuC;AACvC,8EAA2E;AAC3E,kDAA+C;AAE/C,0DAAuD;AACvD,iFAAsG;AAEtG,SAAgB,wBAAwB,CAAiD,MASxF;IACG,MAAM,EACF,QAAQ,EACR,gBAAgB,EAChB,oBAAoB,EACpB,gCAAgC,EAChC,uBAAuB,EACvB,GAAG,EACN,GAAG,MAAM,CAAC;IAEX,MAAM,WAAW,GAAG,uBAAuB,KAAK,SAAS,CAAC;IAE1D,MAAM,WAAW,GAAG,gBAAgB,CAAC,YAAY,CAAC;IAElD,MAAM,YAAY,GAAG,gBAAgB,CAAC,aAAa,CAAC;IAEpD,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC;IAE1C,IAAA,eAAM,EAAC,OAAO,KAAK,SAAS,EAAE,yCAAyC,CAAC,CAAC;IAEzE,MAAM,uBAAuB,GAAG,IAAA,qBAAS,EAA0C,OAAO,CAAC,CAAC;IAE5F,IAAI,WAAW,EAAE,CAAC;QACd,GAAG,EAAE,CACD;YACI,kBAAkB;YAClB,oBAAoB,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,0CAA0C;YACpF,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,IAAI,EAAE,CAAC,CAAC;SACnD,CAAC,IAAI,CAAC,EAAE,CAAC,CACb,CAAC;IACN,CAAC;IAED,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE;QACzB,IAAI,cAA8B,CAAC;QAEnC,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;YACrC,cAAc,GAAG,oBAAoB,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAErE,IAAI,WAAW,EAAE,CAAC;gBACd,GAAG,EAAE,CACD;oBACI,yDAAyD;oBACzD,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;iBAC1C,CAAC,IAAI,CAAC,EAAE,CAAC,CACb,CAAC;YACN,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,mBAAmB;YACnB,cAAc,GAAG,uBAAuB,CAAC;QAC7C,CAAC;QAED,IACI,uBAAuB,KAAK,SAAS;YACrC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,EAC5E,CAAC;YACC,2EAA2E;YAC3E,OAAO,uBAAuB,CAAC;QACnC,CAAC;QAED,OAAO,cAAc,CAAC;IAC1B,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;QACvB,0DAA0D;QAC1D,2DAA2D;QAC3D,6BAA6B;QAC7B,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;YACvB,IAAI,GAAuB,CAAC;YAE5B,IAAI,CAAC;gBACD,MAAM,cAAc,GAAG,uBAAuB,CAAC,GAAG,CAAC;gBACnD,IAAA,eAAM,EAAC,cAAc,KAAK,SAAS,IAAI,OAAO,cAAc,KAAK,QAAQ,CAAC,CAAC;gBAC3E,GAAG,GAAG,cAAc,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACL,GAAG,GAAG,SAAS,CAAC;YACpB,CAAC;YAED,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACpB,OAAO,SAAS,CAAC;YACrB,CAAC;YAED,OAAO,GAAG,CAAC;QACf,CAAC,CAAC,EAAE,CAAC;QAEL,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC;QACtB,CAAC;QAED,OAAO,YAAY,GAAG,IAAI,CAAC;IAC/B,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,aAAa,GAAuC;QACtD,GAAG,CAAC,gCAAgC;YAChC,CAAC,CAAC;gBACI,WAAW,EAAE,OAAO;gBACpB,yBAAyB,EAAE,CAAC,GAAG,EAAE;oBAC7B,MAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,OAAO,CAAC,CAAC;oBAExD,IAAA,eAAM,EACF,cAAc,KAAK,SAAS,EAC5B,oGAAoG,CACvG,CAAC;oBAEF,OAAO,cAAc,CAAC;gBAC1B,CAAC,CAAC,EAAE;aACP;YACH,CAAC,CAAC;gBACI,WAAW;gBACX,yBAAyB,EAAE,CAAC,GAAG,EAAE;oBAC7B,aAAa,EAAE,CAAC;wBACZ,MAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,WAAW,CAAC,CAAC;wBAE5D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;4BAC/B,MAAM,aAAa,CAAC;wBACxB,CAAC;wBAED,OAAO,cAAc,CAAC;oBAC1B,CAAC;oBAED,mCAAmC,EAAE,CAAC;wBAClC,MAAM,EAAE,UAAU,EAAE,GAAG,gBAAgB,CAAC,wBAAwB,CAAC;wBAEjE,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;4BAC3B,MAAM,mCAAmC,CAAC;wBAC9C,CAAC;wBAED,IAAA,eAAM,EAAC,OAAO,UAAU,KAAK,QAAQ,EAAE,SAAS,CAAC,CAAC;wBAElD,OAAO,UAAU,GAAG,IAAI,CAAC;oBAC7B,CAAC;oBAED,mCAAmC,EAAE,CAAC;wBAClC,MAAM,EAAE,UAAU,EAAE,GAAG,gBAAgB,CAAC,wBAAwB,CAAC;wBAEjE,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;4BAC3B,MAAM,mCAAmC,CAAC;wBAC9C,CAAC;wBAED,IAAA,eAAM,EAAC,OAAO,UAAU,KAAK,QAAQ,EAAE,WAAW,CAAC,CAAC;wBAEpD,OAAO,YAAY,GAAG,UAAU,GAAG,IAAK,CAAC;oBAC7C,CAAC;oBAED,IAAA,eAAM,EAAC,KAAK,EAAE,4CAA4C,CAAC,CAAC;gBAChE,CAAC,CAAC,EAAE;aACP,CAAC;QACR,OAAO;QACP,cAAc;QACd,uBAAuB;QACvB,YAAY;QACZ,gBAAgB,EAAE,CAAC,GAAG,EAAE;YACpB,MAAM,kBAAkB,GAAG,gBAAgB,CAAC,mCAAmC,CAAC;YAChF,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,YAAY,GAAG,kBAAkB,CAAC,CAAC;QAClE,CAAC,CAAC,EAAE;KACP,CAAC;IAEF,MAAM,MAAM,GACR,YAAY,KAAK,SAAS;QACtB,CAAC,CAAC,IAAA,OAAE,EAAkD;YAChD,GAAG,aAAa;YAChB,eAAe,EAAE,KAAK;SACzB,CAAC;QACJ,CAAC,CAAC,IAAA,OAAE,EAA+C;YAC7C,GAAG,aAAa;YAChB,eAAe,EAAE,IAAI;YACrB,YAAY;YACZ,0BAA0B,EAAE,CAAC,GAAG,EAAE;gBAC9B,mCAAmC,EAAE,CAAC;oBAClC,MAAM,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,wBAAwB,CAAC;oBAEzE,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;wBACnC,MAAM,mCAAmC,CAAC;oBAC9C,CAAC;oBAED,IAAA,eAAM,EAAC,OAAO,kBAAkB,KAAK,QAAQ,EAAE,SAAS,CAAC,CAAC;oBAE1D,IAAI,kBAAkB,KAAK,CAAC,EAAE,CAAC;wBAC3B,OAAO,6BAAa,CAAC;oBACzB,CAAC;oBAED,OAAO,kBAAkB,GAAG,IAAI,CAAC;gBACrC,CAAC;gBAED,mCAAmC,EAAE,CAAC;oBAClC,MAAM,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,wBAAwB,CAAC;oBAEzE,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;wBACnC,MAAM,mCAAmC,CAAC;oBAC9C,CAAC;oBAED,IAAA,eAAM,EAAC,OAAO,kBAAkB,KAAK,QAAQ,EAAE,YAAY,CAAC,CAAC;oBAE7D,IAAI,kBAAkB,KAAK,CAAC,EAAE,CAAC;wBAC3B,OAAO,6BAAa,CAAC;oBACzB,CAAC;oBAED,OAAO,YAAY,GAAG,kBAAkB,GAAG,IAAI,CAAC;gBACpD,CAAC;gBAED,aAAa,EAAE,CAAC;oBACZ,MAAM,cAAc,GAAG,IAAA,iDAAuB,EAAC,YAAY,CAAC,CAAC;oBAE7D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;wBAC/B,MAAM,aAAa,CAAC;oBACxB,CAAC;oBAED,OAAO,cAAc,CAAC;gBAC1B,CAAC;gBAED,OAAO,SAAS,CAAC;YACrB,CAAC,CAAC,EAAE;SACP,CAAC,CAAC;IAEb,IAAI,IAAA,4DAA6B,GAAE,EAAE,CAAC;QAClC,MAAM,YAAY,GAAG,IAAA,oDAAqB,EAAC;YACvC,QAAQ;YACR,MAAM;SACT,CAAC,CAAC;QAEH,MAAM,CAAC,WAAW,GAAG,YAAY,CAAC,WAAW,CAAC;QAC9C,MAAM,CAAC,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC;QACtC,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC,YAAY,CAAC;IACpD,CAAC;IAED,IACI,WAAW;QACX,MAAM,CAAC,eAAe;QACtB,MAAM,CAAC,0BAA0B,KAAK,SAAS;QAC/C,MAAM,CAAC,0BAA0B,GAAG,MAAM,CAAC,yBAAyB,EACtE,CAAC;QACC,OAAO,CAAC,IAAI,CACR;YACI,oFAAoF;YACpF,uDAAuD;SAC1D,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IACN,CAAC;IAED,OAAO,MAAM,CAAC;AAClB,CAAC"}
|
|
@@ -0,0 +1,607 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.enableTokenExfiltrationDefense = enableTokenExfiltrationDefense;
|
|
4
|
+
const assert_1 = require("../tools/tsafe/assert");
|
|
5
|
+
const tokenPlaceholderSubstitution_1 = require("./tokenPlaceholderSubstitution");
|
|
6
|
+
const isHostnameAuthorized_1 = require("../tools/isHostnameAuthorized");
|
|
7
|
+
const viteHashedJsAssetPathRegExp = /\/assets\/[^/]+-[a-zA-Z0-9_-]{8}\.js$/;
|
|
8
|
+
function enableTokenExfiltrationDefense(params) {
|
|
9
|
+
const { resourceServersAllowedHostnames = [], serviceWorkersAllowedHostnames = [] } = params;
|
|
10
|
+
(0, tokenPlaceholderSubstitution_1.markTokenSubstitutionAdEnabled)();
|
|
11
|
+
patchFetchApiToSubstituteTokenPlaceholder({ resourceServersAllowedHostnames });
|
|
12
|
+
patchXMLHttpRequestApiToSubstituteTokenPlaceholder({ resourceServersAllowedHostnames });
|
|
13
|
+
patchWebSocketApiToSubstituteTokenPlaceholder({ resourceServersAllowedHostnames });
|
|
14
|
+
patchEventSourceApiToSubstituteTokenPlaceholder({ resourceServersAllowedHostnames });
|
|
15
|
+
patchNavigatorSendBeaconApiToSubstituteTokenPlaceholder({ resourceServersAllowedHostnames });
|
|
16
|
+
restrictServiceWorkerRegistration({ serviceWorkersAllowedHostnames });
|
|
17
|
+
runMonkeyPatchingPrevention();
|
|
18
|
+
}
|
|
19
|
+
function patchFetchApiToSubstituteTokenPlaceholder(params) {
|
|
20
|
+
const { resourceServersAllowedHostnames } = params;
|
|
21
|
+
const fetch_actual = window.fetch;
|
|
22
|
+
window.fetch = async function fetch(input, init) {
|
|
23
|
+
const request = input instanceof Request ? input : new Request(input, init);
|
|
24
|
+
prevent_fetching_of_hashed_js_assets: {
|
|
25
|
+
const { pathname } = new URL(request.url, window.location.href);
|
|
26
|
+
if (!viteHashedJsAssetPathRegExp.test(pathname)) {
|
|
27
|
+
break prevent_fetching_of_hashed_js_assets;
|
|
28
|
+
}
|
|
29
|
+
throw new Error("oidc-spa: Blocked request to hashed js static asset.");
|
|
30
|
+
}
|
|
31
|
+
let didSubstitute = false;
|
|
32
|
+
const headers = new Headers();
|
|
33
|
+
request.headers.forEach((value, key) => {
|
|
34
|
+
const nextValue = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(value);
|
|
35
|
+
if (nextValue !== value) {
|
|
36
|
+
didSubstitute = true;
|
|
37
|
+
}
|
|
38
|
+
headers.set(key, nextValue);
|
|
39
|
+
});
|
|
40
|
+
let body;
|
|
41
|
+
handle_body: {
|
|
42
|
+
from_init: {
|
|
43
|
+
if (!init) {
|
|
44
|
+
break from_init;
|
|
45
|
+
}
|
|
46
|
+
if (!init.body) {
|
|
47
|
+
break from_init;
|
|
48
|
+
}
|
|
49
|
+
if (input instanceof Request && input.body !== null) {
|
|
50
|
+
break from_init;
|
|
51
|
+
}
|
|
52
|
+
if (typeof init.body === "string") {
|
|
53
|
+
body = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(init.body);
|
|
54
|
+
if (init.body !== body) {
|
|
55
|
+
didSubstitute = true;
|
|
56
|
+
}
|
|
57
|
+
break handle_body;
|
|
58
|
+
}
|
|
59
|
+
if (init.body instanceof URLSearchParams) {
|
|
60
|
+
let didUrlSearchParamsSubstitute = false;
|
|
61
|
+
const next = new URLSearchParams();
|
|
62
|
+
init.body.forEach((value, key) => {
|
|
63
|
+
const nextValue = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(value);
|
|
64
|
+
if (nextValue !== value) {
|
|
65
|
+
didUrlSearchParamsSubstitute = true;
|
|
66
|
+
}
|
|
67
|
+
next.append(key, nextValue);
|
|
68
|
+
});
|
|
69
|
+
if (didUrlSearchParamsSubstitute) {
|
|
70
|
+
didSubstitute = true;
|
|
71
|
+
}
|
|
72
|
+
body = didUrlSearchParamsSubstitute ? next : init.body;
|
|
73
|
+
break handle_body;
|
|
74
|
+
}
|
|
75
|
+
if (init.body instanceof FormData) {
|
|
76
|
+
let didFormDataSubstitute = false;
|
|
77
|
+
const next = new FormData();
|
|
78
|
+
init.body.forEach((value, key) => {
|
|
79
|
+
if (typeof value === "string") {
|
|
80
|
+
const nextValue = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(value);
|
|
81
|
+
if (nextValue !== value) {
|
|
82
|
+
didFormDataSubstitute = true;
|
|
83
|
+
}
|
|
84
|
+
next.append(key, nextValue);
|
|
85
|
+
return;
|
|
86
|
+
}
|
|
87
|
+
next.append(key, value);
|
|
88
|
+
});
|
|
89
|
+
if (didFormDataSubstitute) {
|
|
90
|
+
didSubstitute = true;
|
|
91
|
+
}
|
|
92
|
+
body = didFormDataSubstitute ? next : init.body;
|
|
93
|
+
break handle_body;
|
|
94
|
+
}
|
|
95
|
+
if (init.body instanceof Blob) {
|
|
96
|
+
break from_init;
|
|
97
|
+
}
|
|
98
|
+
body = init.body;
|
|
99
|
+
break handle_body;
|
|
100
|
+
}
|
|
101
|
+
if (request.body === null) {
|
|
102
|
+
body = undefined;
|
|
103
|
+
break handle_body;
|
|
104
|
+
}
|
|
105
|
+
const shouldInspectBody = (() => {
|
|
106
|
+
let ct = request.headers.get("Content-Type");
|
|
107
|
+
if (ct === null) {
|
|
108
|
+
return false;
|
|
109
|
+
}
|
|
110
|
+
ct = ct.toLocaleLowerCase();
|
|
111
|
+
if (!ct.startsWith("application/json") &&
|
|
112
|
+
!ct.startsWith("application/x-www-form-urlencoded")) {
|
|
113
|
+
return false;
|
|
114
|
+
}
|
|
115
|
+
const len_str = request.headers.get("Content-Length");
|
|
116
|
+
if (!len_str) {
|
|
117
|
+
return false;
|
|
118
|
+
}
|
|
119
|
+
const len = parseInt(len_str, 10);
|
|
120
|
+
if (!Number.isFinite(len) || len > 100000) {
|
|
121
|
+
return false;
|
|
122
|
+
}
|
|
123
|
+
return true;
|
|
124
|
+
})();
|
|
125
|
+
if (!shouldInspectBody) {
|
|
126
|
+
body = request.body;
|
|
127
|
+
break handle_body;
|
|
128
|
+
}
|
|
129
|
+
const bodyText = await request.clone().text();
|
|
130
|
+
const nextBodyText = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(bodyText);
|
|
131
|
+
if (nextBodyText !== bodyText) {
|
|
132
|
+
didSubstitute = true;
|
|
133
|
+
}
|
|
134
|
+
body = nextBodyText;
|
|
135
|
+
}
|
|
136
|
+
block_authed_request_to_unauthorized_hostnames: {
|
|
137
|
+
if (!didSubstitute) {
|
|
138
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
139
|
+
}
|
|
140
|
+
const { hostname } = new URL(request.url, window.location.href);
|
|
141
|
+
if ((0, isHostnameAuthorized_1.getIsHostnameAuthorized)({
|
|
142
|
+
allowedHostnames: resourceServersAllowedHostnames,
|
|
143
|
+
extendAuthorizationToParentDomain: true,
|
|
144
|
+
hostname
|
|
145
|
+
})) {
|
|
146
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
147
|
+
}
|
|
148
|
+
throw new Error([
|
|
149
|
+
`oidc-spa: Blocked authed request to ${hostname}.`,
|
|
150
|
+
`To authorize this request add "${hostname}" to`,
|
|
151
|
+
"`resourceServersAllowedHostnames`."
|
|
152
|
+
].join(" "));
|
|
153
|
+
}
|
|
154
|
+
return fetch_actual(request.url, {
|
|
155
|
+
method: request.method,
|
|
156
|
+
headers,
|
|
157
|
+
body,
|
|
158
|
+
mode: request.mode,
|
|
159
|
+
credentials: request.credentials,
|
|
160
|
+
cache: request.cache,
|
|
161
|
+
redirect: request.redirect,
|
|
162
|
+
referrer: request.referrer,
|
|
163
|
+
referrerPolicy: request.referrerPolicy,
|
|
164
|
+
integrity: request.integrity,
|
|
165
|
+
keepalive: request.keepalive,
|
|
166
|
+
signal: request.signal
|
|
167
|
+
});
|
|
168
|
+
};
|
|
169
|
+
}
|
|
170
|
+
function patchXMLHttpRequestApiToSubstituteTokenPlaceholder(params) {
|
|
171
|
+
const { resourceServersAllowedHostnames } = params;
|
|
172
|
+
const open_actual = XMLHttpRequest.prototype.open;
|
|
173
|
+
const send_actual = XMLHttpRequest.prototype.send;
|
|
174
|
+
const setRequestHeader_actual = XMLHttpRequest.prototype.setRequestHeader;
|
|
175
|
+
const xhrDataSymbol = Symbol("oidc-spa XMLHttpRequest data");
|
|
176
|
+
const getXhrData = (xhr) => {
|
|
177
|
+
const xhr_any = xhr;
|
|
178
|
+
if (xhr_any[xhrDataSymbol] !== undefined) {
|
|
179
|
+
return xhr_any[xhrDataSymbol];
|
|
180
|
+
}
|
|
181
|
+
const data = {
|
|
182
|
+
url: "",
|
|
183
|
+
didSubstitute: false
|
|
184
|
+
};
|
|
185
|
+
xhr_any[xhrDataSymbol] = data;
|
|
186
|
+
return data;
|
|
187
|
+
};
|
|
188
|
+
XMLHttpRequest.prototype.open = function open(method, url, async, username, password) {
|
|
189
|
+
const xhrData = getXhrData(this);
|
|
190
|
+
xhrData.url = typeof url === "string" ? url : url.href;
|
|
191
|
+
xhrData.didSubstitute = false;
|
|
192
|
+
if (async === undefined) {
|
|
193
|
+
return open_actual.bind(this)(method, url);
|
|
194
|
+
}
|
|
195
|
+
else {
|
|
196
|
+
return open_actual.call(this, method, url, async, username, password);
|
|
197
|
+
}
|
|
198
|
+
};
|
|
199
|
+
XMLHttpRequest.prototype.setRequestHeader = function setRequestHeader(name, value) {
|
|
200
|
+
const xhrData = getXhrData(this);
|
|
201
|
+
const nextValue = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(value);
|
|
202
|
+
if (nextValue !== value) {
|
|
203
|
+
xhrData.didSubstitute = true;
|
|
204
|
+
}
|
|
205
|
+
return setRequestHeader_actual.call(this, name, nextValue);
|
|
206
|
+
};
|
|
207
|
+
XMLHttpRequest.prototype.send = function send(body) {
|
|
208
|
+
const xhrData = getXhrData(this);
|
|
209
|
+
prevent_fetching_of_hashed_js_assets: {
|
|
210
|
+
const { pathname } = new URL(xhrData.url, window.location.href);
|
|
211
|
+
if (!viteHashedJsAssetPathRegExp.test(pathname)) {
|
|
212
|
+
break prevent_fetching_of_hashed_js_assets;
|
|
213
|
+
}
|
|
214
|
+
throw new Error("oidc-spa: Blocked request to hashed static asset.");
|
|
215
|
+
}
|
|
216
|
+
let nextBody = body;
|
|
217
|
+
if (typeof body === "string") {
|
|
218
|
+
const nextBodyText = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(body);
|
|
219
|
+
if (nextBodyText !== body) {
|
|
220
|
+
xhrData.didSubstitute = true;
|
|
221
|
+
}
|
|
222
|
+
nextBody = nextBodyText;
|
|
223
|
+
}
|
|
224
|
+
block_authed_request_to_unauthorized_hostnames: {
|
|
225
|
+
if (!xhrData.didSubstitute) {
|
|
226
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
227
|
+
}
|
|
228
|
+
const { hostname } = new URL(xhrData.url, window.location.href);
|
|
229
|
+
if ((0, isHostnameAuthorized_1.getIsHostnameAuthorized)({
|
|
230
|
+
allowedHostnames: resourceServersAllowedHostnames,
|
|
231
|
+
extendAuthorizationToParentDomain: true,
|
|
232
|
+
hostname
|
|
233
|
+
})) {
|
|
234
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
235
|
+
}
|
|
236
|
+
throw new Error([
|
|
237
|
+
`oidc-spa: Blocked authed request to ${hostname}.`,
|
|
238
|
+
`To authorize this request add "${hostname}" to`,
|
|
239
|
+
"`resourceServersAllowedHostnames`."
|
|
240
|
+
].join(" "));
|
|
241
|
+
}
|
|
242
|
+
return send_actual.call(this, nextBody);
|
|
243
|
+
};
|
|
244
|
+
}
|
|
245
|
+
function patchWebSocketApiToSubstituteTokenPlaceholder(params) {
|
|
246
|
+
const { resourceServersAllowedHostnames } = params;
|
|
247
|
+
const WebSocket_actual = window.WebSocket;
|
|
248
|
+
const send_actual = WebSocket_actual.prototype.send;
|
|
249
|
+
const wsDataByWs = new WeakMap();
|
|
250
|
+
const WebSocketPatched = function WebSocket(url, protocols) {
|
|
251
|
+
const urlStr = typeof url === "string" ? url : url.href;
|
|
252
|
+
const nextUrl = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(urlStr);
|
|
253
|
+
let didSubstitute = nextUrl !== urlStr;
|
|
254
|
+
const nextProtocols = (() => {
|
|
255
|
+
if (protocols === undefined) {
|
|
256
|
+
return protocols;
|
|
257
|
+
}
|
|
258
|
+
if (typeof protocols === "string") {
|
|
259
|
+
const next = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(protocols);
|
|
260
|
+
if (next !== protocols) {
|
|
261
|
+
didSubstitute = true;
|
|
262
|
+
}
|
|
263
|
+
return next;
|
|
264
|
+
}
|
|
265
|
+
let didProtocolsSubstitute = false;
|
|
266
|
+
const next = protocols.map(protocol => {
|
|
267
|
+
const nextProtocol = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(protocol);
|
|
268
|
+
if (nextProtocol !== protocol) {
|
|
269
|
+
didProtocolsSubstitute = true;
|
|
270
|
+
}
|
|
271
|
+
return nextProtocol;
|
|
272
|
+
});
|
|
273
|
+
if (didProtocolsSubstitute) {
|
|
274
|
+
didSubstitute = true;
|
|
275
|
+
}
|
|
276
|
+
return next;
|
|
277
|
+
})();
|
|
278
|
+
const { hostname, pathname } = new URL(nextUrl, window.location.href);
|
|
279
|
+
block_authed_request_to_unauthorized_hostnames: {
|
|
280
|
+
if (!didSubstitute) {
|
|
281
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
282
|
+
}
|
|
283
|
+
if ((0, isHostnameAuthorized_1.getIsHostnameAuthorized)({
|
|
284
|
+
allowedHostnames: resourceServersAllowedHostnames,
|
|
285
|
+
extendAuthorizationToParentDomain: true,
|
|
286
|
+
hostname
|
|
287
|
+
})) {
|
|
288
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
289
|
+
}
|
|
290
|
+
throw new Error([
|
|
291
|
+
`oidc-spa: Blocked authed request to ${hostname}.`,
|
|
292
|
+
`To authorize this request add "${hostname}" to`,
|
|
293
|
+
"`resourceServersAllowedHostnames`."
|
|
294
|
+
].join(" "));
|
|
295
|
+
}
|
|
296
|
+
const ws = new WebSocket_actual(nextUrl, nextProtocols);
|
|
297
|
+
wsDataByWs.set(ws, {
|
|
298
|
+
url: nextUrl,
|
|
299
|
+
hostname,
|
|
300
|
+
pathname,
|
|
301
|
+
didSubstitute
|
|
302
|
+
});
|
|
303
|
+
return ws;
|
|
304
|
+
};
|
|
305
|
+
WebSocketPatched.prototype = WebSocket_actual.prototype;
|
|
306
|
+
for (const name of ["CONNECTING", "OPEN", "CLOSING", "CLOSED"]) {
|
|
307
|
+
Object.defineProperty(WebSocketPatched, name, {
|
|
308
|
+
value: WebSocket_actual[name],
|
|
309
|
+
writable: false,
|
|
310
|
+
enumerable: true,
|
|
311
|
+
configurable: false
|
|
312
|
+
});
|
|
313
|
+
}
|
|
314
|
+
window.WebSocket = WebSocketPatched;
|
|
315
|
+
WebSocket_actual.prototype.send = function send(data) {
|
|
316
|
+
const wsData = wsDataByWs.get(this);
|
|
317
|
+
if (wsData === undefined) {
|
|
318
|
+
// NOTE: This can happen for Vite's dev server websocket
|
|
319
|
+
return send_actual.call(this, data);
|
|
320
|
+
}
|
|
321
|
+
let nextData = data;
|
|
322
|
+
if (typeof data === "string") {
|
|
323
|
+
const nextDataText = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(data);
|
|
324
|
+
if (nextDataText !== data) {
|
|
325
|
+
wsData.didSubstitute = true;
|
|
326
|
+
}
|
|
327
|
+
nextData = nextDataText;
|
|
328
|
+
}
|
|
329
|
+
block_authed_request_to_unauthorized_hostnames: {
|
|
330
|
+
if (!wsData.didSubstitute) {
|
|
331
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
332
|
+
}
|
|
333
|
+
if ((0, isHostnameAuthorized_1.getIsHostnameAuthorized)({
|
|
334
|
+
allowedHostnames: resourceServersAllowedHostnames,
|
|
335
|
+
extendAuthorizationToParentDomain: true,
|
|
336
|
+
hostname: wsData.hostname
|
|
337
|
+
})) {
|
|
338
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
339
|
+
}
|
|
340
|
+
throw new Error([
|
|
341
|
+
`oidc-spa: Blocked authed request to ${wsData.hostname}.`,
|
|
342
|
+
`To authorize this request add "${wsData.hostname}" to`,
|
|
343
|
+
"`resourceServersAllowedHostnames`."
|
|
344
|
+
].join(" "));
|
|
345
|
+
}
|
|
346
|
+
prevent_fetching_of_hashed_js_assets: {
|
|
347
|
+
if (!viteHashedJsAssetPathRegExp.test(wsData.pathname)) {
|
|
348
|
+
break prevent_fetching_of_hashed_js_assets;
|
|
349
|
+
}
|
|
350
|
+
throw new Error("oidc-spa: Blocked request to hashed static asset.");
|
|
351
|
+
}
|
|
352
|
+
return send_actual.call(this, nextData);
|
|
353
|
+
};
|
|
354
|
+
}
|
|
355
|
+
function patchEventSourceApiToSubstituteTokenPlaceholder(params) {
|
|
356
|
+
const { resourceServersAllowedHostnames } = params;
|
|
357
|
+
const EventSource_actual = window.EventSource;
|
|
358
|
+
if (EventSource_actual === undefined) {
|
|
359
|
+
return;
|
|
360
|
+
}
|
|
361
|
+
const EventSourcePatched = function EventSource(url, eventSourceInitDict) {
|
|
362
|
+
const urlStr = typeof url === "string" ? url : url.href;
|
|
363
|
+
const nextUrl = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(urlStr);
|
|
364
|
+
const didSubstitute = nextUrl !== urlStr;
|
|
365
|
+
const { hostname } = new URL(nextUrl, window.location.href);
|
|
366
|
+
block_authed_request_to_unauthorized_hostnames: {
|
|
367
|
+
if (!didSubstitute) {
|
|
368
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
369
|
+
}
|
|
370
|
+
if ((0, isHostnameAuthorized_1.getIsHostnameAuthorized)({
|
|
371
|
+
allowedHostnames: resourceServersAllowedHostnames,
|
|
372
|
+
extendAuthorizationToParentDomain: true,
|
|
373
|
+
hostname
|
|
374
|
+
})) {
|
|
375
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
376
|
+
}
|
|
377
|
+
throw new Error([
|
|
378
|
+
`oidc-spa: Blocked authed request to ${hostname}.`,
|
|
379
|
+
`To authorize this request add "${hostname}" to`,
|
|
380
|
+
"`resourceServersAllowedHostnames`."
|
|
381
|
+
].join(" "));
|
|
382
|
+
}
|
|
383
|
+
return new EventSource_actual(nextUrl, eventSourceInitDict);
|
|
384
|
+
};
|
|
385
|
+
EventSourcePatched.prototype = EventSource_actual.prototype;
|
|
386
|
+
if ("CONNECTING" in EventSource_actual) {
|
|
387
|
+
for (const name of ["CONNECTING", "OPEN", "CLOSED"]) {
|
|
388
|
+
Object.defineProperty(EventSourcePatched, name, {
|
|
389
|
+
value: EventSource_actual[name],
|
|
390
|
+
writable: false,
|
|
391
|
+
enumerable: true,
|
|
392
|
+
configurable: false
|
|
393
|
+
});
|
|
394
|
+
}
|
|
395
|
+
}
|
|
396
|
+
window.EventSource = EventSourcePatched;
|
|
397
|
+
}
|
|
398
|
+
function patchNavigatorSendBeaconApiToSubstituteTokenPlaceholder(params) {
|
|
399
|
+
const { resourceServersAllowedHostnames } = params;
|
|
400
|
+
const sendBeacon_actual = navigator.sendBeacon?.bind(navigator);
|
|
401
|
+
if (sendBeacon_actual === undefined) {
|
|
402
|
+
return;
|
|
403
|
+
}
|
|
404
|
+
navigator.sendBeacon = function sendBeacon(url, data) {
|
|
405
|
+
const urlStr = typeof url === "string" ? url : url.href;
|
|
406
|
+
const nextUrl = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(urlStr);
|
|
407
|
+
let didSubstitute = nextUrl !== urlStr;
|
|
408
|
+
const { hostname } = new URL(nextUrl, window.location.href);
|
|
409
|
+
let nextData = data;
|
|
410
|
+
if (typeof data === "string") {
|
|
411
|
+
const next = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(data);
|
|
412
|
+
if (next !== data) {
|
|
413
|
+
didSubstitute = true;
|
|
414
|
+
}
|
|
415
|
+
nextData = next;
|
|
416
|
+
}
|
|
417
|
+
else if (data instanceof URLSearchParams) {
|
|
418
|
+
let didUrlSearchParamsSubstitute = false;
|
|
419
|
+
const next = new URLSearchParams();
|
|
420
|
+
data.forEach((value, key) => {
|
|
421
|
+
const nextValue = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(value);
|
|
422
|
+
if (nextValue !== value) {
|
|
423
|
+
didUrlSearchParamsSubstitute = true;
|
|
424
|
+
}
|
|
425
|
+
next.append(key, nextValue);
|
|
426
|
+
});
|
|
427
|
+
if (didUrlSearchParamsSubstitute) {
|
|
428
|
+
didSubstitute = true;
|
|
429
|
+
nextData = next;
|
|
430
|
+
}
|
|
431
|
+
}
|
|
432
|
+
else if (data instanceof FormData) {
|
|
433
|
+
let didFormDataSubstitute = false;
|
|
434
|
+
const next = new FormData();
|
|
435
|
+
data.forEach((value, key) => {
|
|
436
|
+
if (typeof value === "string") {
|
|
437
|
+
const nextValue = (0, tokenPlaceholderSubstitution_1.substitutePlaceholderByRealToken)(value);
|
|
438
|
+
if (nextValue !== value) {
|
|
439
|
+
didFormDataSubstitute = true;
|
|
440
|
+
}
|
|
441
|
+
next.append(key, nextValue);
|
|
442
|
+
return;
|
|
443
|
+
}
|
|
444
|
+
next.append(key, value);
|
|
445
|
+
});
|
|
446
|
+
if (didFormDataSubstitute) {
|
|
447
|
+
didSubstitute = true;
|
|
448
|
+
nextData = next;
|
|
449
|
+
}
|
|
450
|
+
}
|
|
451
|
+
block_authed_request_to_unauthorized_hostnames: {
|
|
452
|
+
if (!didSubstitute) {
|
|
453
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
454
|
+
}
|
|
455
|
+
if ((0, isHostnameAuthorized_1.getIsHostnameAuthorized)({
|
|
456
|
+
allowedHostnames: resourceServersAllowedHostnames,
|
|
457
|
+
extendAuthorizationToParentDomain: true,
|
|
458
|
+
hostname
|
|
459
|
+
})) {
|
|
460
|
+
break block_authed_request_to_unauthorized_hostnames;
|
|
461
|
+
}
|
|
462
|
+
throw new Error([
|
|
463
|
+
`oidc-spa: Blocked authed request to ${hostname}.`,
|
|
464
|
+
`To authorize this request add "${hostname}" to`,
|
|
465
|
+
"`resourceServersAllowedHostnames`."
|
|
466
|
+
].join(" "));
|
|
467
|
+
}
|
|
468
|
+
return sendBeacon_actual(nextUrl, nextData);
|
|
469
|
+
};
|
|
470
|
+
}
|
|
471
|
+
function runMonkeyPatchingPrevention() {
|
|
472
|
+
const createWriteError = (target) => new Error([
|
|
473
|
+
`oidc-spa: Monkey patching of ${target} has been blocked.`,
|
|
474
|
+
`Read: https://docs.oidc-spa.dev/v/v8/resources/blocked-monkey-patching`
|
|
475
|
+
].join(" "));
|
|
476
|
+
for (const name of [
|
|
477
|
+
"fetch",
|
|
478
|
+
"XMLHttpRequest",
|
|
479
|
+
"WebSocket",
|
|
480
|
+
"Headers",
|
|
481
|
+
"URLSearchParams",
|
|
482
|
+
"EventSource",
|
|
483
|
+
"ServiceWorkerContainer",
|
|
484
|
+
"ServiceWorkerRegistration",
|
|
485
|
+
"ServiceWorker",
|
|
486
|
+
"FormData",
|
|
487
|
+
"Blob",
|
|
488
|
+
"String",
|
|
489
|
+
"Object",
|
|
490
|
+
"Promise",
|
|
491
|
+
"Array",
|
|
492
|
+
"RegExp",
|
|
493
|
+
"TextEncoder",
|
|
494
|
+
"Uint8Array",
|
|
495
|
+
"Uint32Array",
|
|
496
|
+
"Response",
|
|
497
|
+
"Reflect",
|
|
498
|
+
"JSON",
|
|
499
|
+
"encodeURIComponent",
|
|
500
|
+
"decodeURIComponent",
|
|
501
|
+
"atob",
|
|
502
|
+
"btoa"
|
|
503
|
+
]) {
|
|
504
|
+
const original = window[name];
|
|
505
|
+
if (!original) {
|
|
506
|
+
continue;
|
|
507
|
+
}
|
|
508
|
+
if ("prototype" in original) {
|
|
509
|
+
for (const propertyName of Object.getOwnPropertyNames(original.prototype)) {
|
|
510
|
+
if (name === "Object") {
|
|
511
|
+
if (propertyName === "toString" ||
|
|
512
|
+
propertyName === "constructor" ||
|
|
513
|
+
propertyName === "valueOf") {
|
|
514
|
+
continue;
|
|
515
|
+
}
|
|
516
|
+
}
|
|
517
|
+
if (name === "Array") {
|
|
518
|
+
if (propertyName === "constructor" || propertyName === "concat") {
|
|
519
|
+
continue;
|
|
520
|
+
}
|
|
521
|
+
}
|
|
522
|
+
const pd = Object.getOwnPropertyDescriptor(original.prototype, propertyName);
|
|
523
|
+
(0, assert_1.assert)(pd !== undefined);
|
|
524
|
+
if (!pd.configurable) {
|
|
525
|
+
continue;
|
|
526
|
+
}
|
|
527
|
+
Object.defineProperty(original.prototype, propertyName, {
|
|
528
|
+
enumerable: pd.enumerable,
|
|
529
|
+
configurable: false,
|
|
530
|
+
...("value" in pd
|
|
531
|
+
? {
|
|
532
|
+
get: () => pd.value,
|
|
533
|
+
set: () => {
|
|
534
|
+
throw createWriteError(`window.${name}.prototype.${propertyName}`);
|
|
535
|
+
}
|
|
536
|
+
}
|
|
537
|
+
: {
|
|
538
|
+
get: pd.get,
|
|
539
|
+
set: pd.set ??
|
|
540
|
+
(() => {
|
|
541
|
+
throw createWriteError(`window.${name}.prototype.${propertyName}`);
|
|
542
|
+
})
|
|
543
|
+
})
|
|
544
|
+
});
|
|
545
|
+
}
|
|
546
|
+
}
|
|
547
|
+
Object.defineProperty(window, name, {
|
|
548
|
+
configurable: false,
|
|
549
|
+
enumerable: true,
|
|
550
|
+
get: () => original,
|
|
551
|
+
set: () => {
|
|
552
|
+
throw createWriteError(`window.${name}`);
|
|
553
|
+
}
|
|
554
|
+
});
|
|
555
|
+
}
|
|
556
|
+
{
|
|
557
|
+
const name = "serviceWorker";
|
|
558
|
+
const original = navigator[name];
|
|
559
|
+
Object.defineProperty(navigator, name, {
|
|
560
|
+
configurable: false,
|
|
561
|
+
enumerable: true,
|
|
562
|
+
get: () => original,
|
|
563
|
+
set: () => {
|
|
564
|
+
throw createWriteError(`window.navigator.${name}`);
|
|
565
|
+
}
|
|
566
|
+
});
|
|
567
|
+
}
|
|
568
|
+
for (const name of ["call", "apply", "bind"]) {
|
|
569
|
+
const original = Function.prototype[name];
|
|
570
|
+
Object.defineProperty(Function.prototype, name, {
|
|
571
|
+
configurable: false,
|
|
572
|
+
enumerable: true,
|
|
573
|
+
get: () => original,
|
|
574
|
+
set: () => {
|
|
575
|
+
throw createWriteError(`window.Function.prototype.${name})`);
|
|
576
|
+
}
|
|
577
|
+
});
|
|
578
|
+
}
|
|
579
|
+
}
|
|
580
|
+
function restrictServiceWorkerRegistration(params) {
|
|
581
|
+
const { serviceWorkersAllowedHostnames } = params;
|
|
582
|
+
const { serviceWorker } = navigator;
|
|
583
|
+
const register_actual = serviceWorker.register.bind(serviceWorker);
|
|
584
|
+
serviceWorker.register = function register(scriptURL, options) {
|
|
585
|
+
const { hostname, protocol } = new URL(typeof scriptURL === "string" ? scriptURL : scriptURL.href, window.location.href);
|
|
586
|
+
if (protocol === "blob:") {
|
|
587
|
+
throw new Error([
|
|
588
|
+
"oidc-spa: Blocked service worker registration from blob.",
|
|
589
|
+
"Only solution: Set enableTokenExfiltrationDefense to false",
|
|
590
|
+
"or load the worker script from a remote url."
|
|
591
|
+
].join(" "));
|
|
592
|
+
}
|
|
593
|
+
if (!(0, isHostnameAuthorized_1.getIsHostnameAuthorized)({
|
|
594
|
+
allowedHostnames: serviceWorkersAllowedHostnames,
|
|
595
|
+
extendAuthorizationToParentDomain: false,
|
|
596
|
+
hostname
|
|
597
|
+
})) {
|
|
598
|
+
throw new Error([
|
|
599
|
+
`oidc-spa: Blocked service worker registration to ${hostname}.`,
|
|
600
|
+
`To authorize this registration add "${hostname}" to`,
|
|
601
|
+
"`serviceWorkersAllowedHostnames`."
|
|
602
|
+
].join(" "));
|
|
603
|
+
}
|
|
604
|
+
return register_actual(scriptURL, options);
|
|
605
|
+
};
|
|
606
|
+
}
|
|
607
|
+
//# sourceMappingURL=tokenExfiltrationDefense.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tokenExfiltrationDefense.js","sourceRoot":"","sources":["../src/core/tokenExfiltrationDefense.ts"],"names":[],"mappings":";;AAcA,wEAaC;AA3BD,kDAA+C;AAC/C,iFAGwC;AACxC,wEAAwE;AAOxE,MAAM,2BAA2B,GAAG,uCAAuC,CAAC;AAE5E,SAAgB,8BAA8B,CAAC,MAAc;IACzD,MAAM,EAAE,+BAA+B,GAAG,EAAE,EAAE,8BAA8B,GAAG,EAAE,EAAE,GAAG,MAAM,CAAC;IAE7F,IAAA,6DAA8B,GAAE,CAAC;IAEjC,yCAAyC,CAAC,EAAE,+BAA+B,EAAE,CAAC,CAAC;IAC/E,kDAAkD,CAAC,EAAE,+BAA+B,EAAE,CAAC,CAAC;IACxF,6CAA6C,CAAC,EAAE,+BAA+B,EAAE,CAAC,CAAC;IACnF,+CAA+C,CAAC,EAAE,+BAA+B,EAAE,CAAC,CAAC;IACrF,uDAAuD,CAAC,EAAE,+BAA+B,EAAE,CAAC,CAAC;IAC7F,iCAAiC,CAAC,EAAE,8BAA8B,EAAE,CAAC,CAAC;IAEtE,2BAA2B,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,yCAAyC,CAAC,MAElD;IACG,MAAM,EAAE,+BAA+B,EAAE,GAAG,MAAM,CAAC;IAEnD,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC;IAElC,MAAM,CAAC,KAAK,GAAG,KAAK,UAAU,KAAK,CAAC,KAAK,EAAE,IAAI;QAC3C,MAAM,OAAO,GAAG,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAE5E,oCAAoC,EAAE,CAAC;YACnC,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEhE,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9C,MAAM,oCAAoC,CAAC;YAC/C,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC5E,CAAC;QAED,IAAI,aAAa,GAAG,KAAK,CAAC;QAE1B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;QAC9B,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YACnC,MAAM,SAAS,GAAG,IAAA,+DAAgC,EAAC,KAAK,CAAC,CAAC;YAE1D,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;gBACtB,aAAa,GAAG,IAAI,CAAC;YACzB,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,IAAI,IAA0B,CAAC;QAE/B,WAAW,EAAE,CAAC;YACV,SAAS,EAAE,CAAC;gBACR,IAAI,CAAC,IAAI,EAAE,CAAC;oBACR,MAAM,SAAS,CAAC;gBACpB,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACb,MAAM,SAAS,CAAC;gBACpB,CAAC;gBAED,IAAI,KAAK,YAAY,OAAO,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;oBAClD,MAAM,SAAS,CAAC;gBACpB,CAAC;gBAED,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAChC,IAAI,GAAG,IAAA,+DAAgC,EAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAEnD,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;wBACrB,aAAa,GAAG,IAAI,CAAC;oBACzB,CAAC;oBAED,MAAM,WAAW,CAAC;gBACtB,CAAC;gBAED,IAAI,IAAI,CAAC,IAAI,YAAY,eAAe,EAAE,CAAC;oBACvC,IAAI,4BAA4B,GAAG,KAAK,CAAC;oBACzC,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;oBAEnC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;wBAC7B,MAAM,SAAS,GAAG,IAAA,+DAAgC,EAAC,KAAK,CAAC,CAAC;wBAE1D,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;4BACtB,4BAA4B,GAAG,IAAI,CAAC;wBACxC,CAAC;wBAED,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;oBAChC,CAAC,CAAC,CAAC;oBAEH,IAAI,4BAA4B,EAAE,CAAC;wBAC/B,aAAa,GAAG,IAAI,CAAC;oBACzB,CAAC;oBAED,IAAI,GAAG,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBAEvD,MAAM,WAAW,CAAC;gBACtB,CAAC;gBAED,IAAI,IAAI,CAAC,IAAI,YAAY,QAAQ,EAAE,CAAC;oBAChC,IAAI,qBAAqB,GAAG,KAAK,CAAC;oBAClC,MAAM,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;oBAE5B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;wBAC7B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;4BAC5B,MAAM,SAAS,GAAG,IAAA,+DAAgC,EAAC,KAAK,CAAC,CAAC;4BAE1D,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;gCACtB,qBAAqB,GAAG,IAAI,CAAC;4BACjC,CAAC;4BAED,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;4BAE5B,OAAO;wBACX,CAAC;wBAED,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;oBAC5B,CAAC,CAAC,CAAC;oBAEH,IAAI,qBAAqB,EAAE,CAAC;wBACxB,aAAa,GAAG,IAAI,CAAC;oBACzB,CAAC;oBAED,IAAI,GAAG,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;oBAEhD,MAAM,WAAW,CAAC;gBACtB,CAAC;gBAED,IAAI,IAAI,CAAC,IAAI,YAAY,IAAI,EAAE,CAAC;oBAC5B,MAAM,SAAS,CAAC;gBACpB,CAAC;gBAED,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBACjB,MAAM,WAAW,CAAC;YACtB,CAAC;YAED,IAAI,OAAO,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;gBACxB,IAAI,GAAG,SAAS,CAAC;gBACjB,MAAM,WAAW,CAAC;YACtB,CAAC;YAED,MAAM,iBAAiB,GAAG,CAAC,GAAG,EAAE;gBAC5B,IAAI,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;gBAE7C,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;oBACd,OAAO,KAAK,CAAC;gBACjB,CAAC;gBAED,EAAE,GAAG,EAAE,CAAC,iBAAiB,EAAE,CAAC;gBAE5B,IACI,CAAC,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC;oBAClC,CAAC,EAAE,CAAC,UAAU,CAAC,mCAAmC,CAAC,EACrD,CAAC;oBACC,OAAO,KAAK,CAAC;gBACjB,CAAC;gBAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBAEtD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACX,OAAO,KAAK,CAAC;gBACjB,CAAC;gBAED,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBAElC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,MAAO,EAAE,CAAC;oBACzC,OAAO,KAAK,CAAC;gBACjB,CAAC;gBAED,OAAO,IAAI,CAAC;YAChB,CAAC,CAAC,EAAE,CAAC;YAEL,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACrB,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBACpB,MAAM,WAAW,CAAC;YACtB,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;YAC9C,MAAM,YAAY,GAAG,IAAA,+DAAgC,EAAC,QAAQ,CAAC,CAAC;YAEhE,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;gBAC5B,aAAa,GAAG,IAAI,CAAC;YACzB,CAAC;YAED,IAAI,GAAG,YAAY,CAAC;QACxB,CAAC;QAED,8CAA8C,EAAE,CAAC;YAC7C,IAAI,CAAC,aAAa,EAAE,CAAC;gBACjB,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEhE,IACI,IAAA,8CAAuB,EAAC;gBACpB,gBAAgB,EAAE,+BAA+B;gBACjD,iCAAiC,EAAE,IAAI;gBACvC,QAAQ;aACX,CAAC,EACJ,CAAC;gBACC,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,MAAM,IAAI,KAAK,CACX;gBACI,uCAAuC,QAAQ,GAAG;gBAClD,kCAAkC,QAAQ,MAAM;gBAChD,oCAAoC;aACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;QACN,CAAC;QAED,OAAO,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE;YAC7B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO;YACP,IAAI;YACJ,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;SACzB,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC;AAED,SAAS,kDAAkD,CAAC,MAE3D;IACG,MAAM,EAAE,+BAA+B,EAAE,GAAG,MAAM,CAAC;IAEnD,MAAM,WAAW,GAAG,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC;IAClD,MAAM,WAAW,GAAG,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC;IAClD,MAAM,uBAAuB,GAAG,cAAc,CAAC,SAAS,CAAC,gBAAgB,CAAC;IAO1E,MAAM,aAAa,GAAG,MAAM,CAAC,8BAA8B,CAAC,CAAC;IAE7D,MAAM,UAAU,GAAG,CAAC,GAAmB,EAAW,EAAE;QAChD,MAAM,OAAO,GAAG,GAAU,CAAC;QAE3B,IAAI,OAAO,CAAC,aAAa,CAAC,KAAK,SAAS,EAAE,CAAC;YACvC,OAAO,OAAO,CAAC,aAAa,CAAC,CAAC;QAClC,CAAC;QAED,MAAM,IAAI,GAAY;YAClB,GAAG,EAAE,EAAE;YACP,aAAa,EAAE,KAAK;SACvB,CAAC;QAEF,OAAO,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;QAE9B,OAAO,IAAI,CAAC;IAChB,CAAC,CAAC;IAEF,cAAc,CAAC,SAAS,CAAC,IAAI,GAAG,SAAS,IAAI,CACzC,MAAc,EACd,GAAiB,EACjB,KAAe,EACf,QAAwB,EACxB,QAAwB;QAExB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;QAEjC,OAAO,CAAC,GAAG,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;QACvD,OAAO,CAAC,aAAa,GAAG,KAAK,CAAC;QAE9B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACtB,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACJ,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC1E,CAAC;IACL,CAAC,CAAC;IAEF,cAAc,CAAC,SAAS,CAAC,gBAAgB,GAAG,SAAS,gBAAgB,CAAC,IAAI,EAAE,KAAK;QAC7E,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,SAAS,GAAG,IAAA,+DAAgC,EAAC,KAAK,CAAC,CAAC;QAE1D,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;QACjC,CAAC;QAED,OAAO,uBAAuB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;IAC/D,CAAC,CAAC;IAEF,cAAc,CAAC,SAAS,CAAC,IAAI,GAAG,SAAS,IAAI,CAAC,IAAI;QAC9C,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;QAEjC,oCAAoC,EAAE,CAAC;YACnC,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEhE,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9C,MAAM,oCAAoC,CAAC;YAC/C,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,QAAQ,GAAG,IAAI,CAAC;QAEpB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,MAAM,YAAY,GAAG,IAAA,+DAAgC,EAAC,IAAI,CAAC,CAAC;YAE5D,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;gBACxB,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;YACjC,CAAC;YAED,QAAQ,GAAG,YAAY,CAAC;QAC5B,CAAC;QAED,8CAA8C,EAAE,CAAC;YAC7C,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;gBACzB,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEhE,IACI,IAAA,8CAAuB,EAAC;gBACpB,gBAAgB,EAAE,+BAA+B;gBACjD,iCAAiC,EAAE,IAAI;gBACvC,QAAQ;aACX,CAAC,EACJ,CAAC;gBACC,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,MAAM,IAAI,KAAK,CACX;gBACI,uCAAuC,QAAQ,GAAG;gBAClD,kCAAkC,QAAQ,MAAM;gBAChD,oCAAoC;aACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;QACN,CAAC;QAED,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,QAAiD,CAAC,CAAC;IACrF,CAAC,CAAC;AACN,CAAC;AAED,SAAS,6CAA6C,CAAC,MAEtD;IACG,MAAM,EAAE,+BAA+B,EAAE,GAAG,MAAM,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,CAAC,SAAS,CAAC;IAC1C,MAAM,WAAW,GAAG,gBAAgB,CAAC,SAAS,CAAC,IAAI,CAAC;IASpD,MAAM,UAAU,GAAG,IAAI,OAAO,EAAqB,CAAC;IAEpD,MAAM,gBAAgB,GAAG,SAAS,SAAS,CAAC,GAAiB,EAAE,SAA6B;QACxF,MAAM,MAAM,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;QACxD,MAAM,OAAO,GAAG,IAAA,+DAAgC,EAAC,MAAM,CAAC,CAAC;QACzD,IAAI,aAAa,GAAG,OAAO,KAAK,MAAM,CAAC;QAEvC,MAAM,aAAa,GAAG,CAAC,GAAG,EAAE;YACxB,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC1B,OAAO,SAAS,CAAC;YACrB,CAAC;YAED,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAChC,MAAM,IAAI,GAAG,IAAA,+DAAgC,EAAC,SAAS,CAAC,CAAC;gBAEzD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;oBACrB,aAAa,GAAG,IAAI,CAAC;gBACzB,CAAC;gBAED,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,IAAI,sBAAsB,GAAG,KAAK,CAAC;YAEnC,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE;gBAClC,MAAM,YAAY,GAAG,IAAA,+DAAgC,EAAC,QAAQ,CAAC,CAAC;gBAEhE,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;oBAC5B,sBAAsB,GAAG,IAAI,CAAC;gBAClC,CAAC;gBAED,OAAO,YAAY,CAAC;YACxB,CAAC,CAAC,CAAC;YAEH,IAAI,sBAAsB,EAAE,CAAC;gBACzB,aAAa,GAAG,IAAI,CAAC;YACzB,CAAC;YAED,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC,EAAE,CAAC;QAEL,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEtE,8CAA8C,EAAE,CAAC;YAC7C,IAAI,CAAC,aAAa,EAAE,CAAC;gBACjB,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,IACI,IAAA,8CAAuB,EAAC;gBACpB,gBAAgB,EAAE,+BAA+B;gBACjD,iCAAiC,EAAE,IAAI;gBACvC,QAAQ;aACX,CAAC,EACJ,CAAC;gBACC,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,MAAM,IAAI,KAAK,CACX;gBACI,uCAAuC,QAAQ,GAAG;gBAClD,kCAAkC,QAAQ,MAAM;gBAChD,oCAAoC;aACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;QACN,CAAC;QAED,MAAM,EAAE,GAAG,IAAI,gBAAgB,CAAC,OAAO,EAAE,aAAgD,CAAC,CAAC;QAE3F,UAAU,CAAC,GAAG,CAAC,EAAE,EAAE;YACf,GAAG,EAAE,OAAO;YACZ,QAAQ;YACR,QAAQ;YACR,aAAa;SAChB,CAAC,CAAC;QAEH,OAAO,EAAE,CAAC;IACd,CAAC,CAAC;IAEF,gBAAgB,CAAC,SAAS,GAAG,gBAAgB,CAAC,SAAS,CAAC;IAExD,KAAK,MAAM,IAAI,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAU,EAAE,CAAC;QACtE,MAAM,CAAC,cAAc,CAAC,gBAAgB,EAAE,IAAI,EAAE;YAC1C,KAAK,EAAE,gBAAgB,CAAC,IAAI,CAAC;YAC7B,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,KAAK;SACtB,CAAC,CAAC;IACP,CAAC;IAED,MAAM,CAAC,SAAS,GAAG,gBAA+C,CAAC;IAEnE,gBAAgB,CAAC,SAAS,CAAC,IAAI,GAAG,SAAS,IAAI,CAAC,IAAI;QAChD,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAEpC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACvB,wDAAwD;YACxD,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,QAAQ,GAAG,IAAI,CAAC;QAEpB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,MAAM,YAAY,GAAG,IAAA,+DAAgC,EAAC,IAAI,CAAC,CAAC;YAE5D,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;gBACxB,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;YAChC,CAAC;YAED,QAAQ,GAAG,YAAY,CAAC;QAC5B,CAAC;QAED,8CAA8C,EAAE,CAAC;YAC7C,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBACxB,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,IACI,IAAA,8CAAuB,EAAC;gBACpB,gBAAgB,EAAE,+BAA+B;gBACjD,iCAAiC,EAAE,IAAI;gBACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC5B,CAAC,EACJ,CAAC;gBACC,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,MAAM,IAAI,KAAK,CACX;gBACI,uCAAuC,MAAM,CAAC,QAAQ,GAAG;gBACzD,kCAAkC,MAAM,CAAC,QAAQ,MAAM;gBACvD,oCAAoC;aACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;QACN,CAAC;QAED,oCAAoC,EAAE,CAAC;YACnC,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACrD,MAAM,oCAAoC,CAAC;YAC/C,CAAC;YAED,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACzE,CAAC;QAED,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC,CAAC;AACN,CAAC;AAED,SAAS,+CAA+C,CAAC,MAExD;IACG,MAAM,EAAE,+BAA+B,EAAE,GAAG,MAAM,CAAC;IAEnD,MAAM,kBAAkB,GAAG,MAAM,CAAC,WAAW,CAAC;IAE9C,IAAI,kBAAkB,KAAK,SAAS,EAAE,CAAC;QACnC,OAAO;IACX,CAAC;IAED,MAAM,kBAAkB,GAAG,SAAS,WAAW,CAC3C,GAAiB,EACjB,mBAAqC;QAErC,MAAM,MAAM,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;QACxD,MAAM,OAAO,GAAG,IAAA,+DAAgC,EAAC,MAAM,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,KAAK,MAAM,CAAC;QAEzC,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAE5D,8CAA8C,EAAE,CAAC;YAC7C,IAAI,CAAC,aAAa,EAAE,CAAC;gBACjB,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,IACI,IAAA,8CAAuB,EAAC;gBACpB,gBAAgB,EAAE,+BAA+B;gBACjD,iCAAiC,EAAE,IAAI;gBACvC,QAAQ;aACX,CAAC,EACJ,CAAC;gBACC,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,MAAM,IAAI,KAAK,CACX;gBACI,uCAAuC,QAAQ,GAAG;gBAClD,kCAAkC,QAAQ,MAAM;gBAChD,oCAAoC;aACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;QACN,CAAC;QAED,OAAO,IAAI,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IAChE,CAAC,CAAC;IAEF,kBAAkB,CAAC,SAAS,GAAG,kBAAkB,CAAC,SAAS,CAAC;IAE5D,IAAI,YAAY,IAAI,kBAAkB,EAAE,CAAC;QACrC,KAAK,MAAM,IAAI,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,CAAU,EAAE,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,kBAAkB,EAAE,IAAI,EAAE;gBAC5C,KAAK,EAAG,kBAA0B,CAAC,IAAI,CAAC;gBACxC,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,IAAI;gBAChB,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IAED,MAAM,CAAC,WAAW,GAAG,kBAAmD,CAAC;AAC7E,CAAC;AAED,SAAS,uDAAuD,CAAC,MAEhE;IACG,MAAM,EAAE,+BAA+B,EAAE,GAAG,MAAM,CAAC;IAEnD,MAAM,iBAAiB,GAAG,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAEhE,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;QAClC,OAAO;IACX,CAAC;IAED,SAAS,CAAC,UAAU,GAAG,SAAS,UAAU,CAAC,GAAiB,EAAE,IAAsB;QAChF,MAAM,MAAM,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;QACxD,MAAM,OAAO,GAAG,IAAA,+DAAgC,EAAC,MAAM,CAAC,CAAC;QACzD,IAAI,aAAa,GAAG,OAAO,KAAK,MAAM,CAAC;QAEvC,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAE5D,IAAI,QAAQ,GAAG,IAAI,CAAC;QAEpB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,IAAA,+DAAgC,EAAC,IAAI,CAAC,CAAC;YAEpD,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBAChB,aAAa,GAAG,IAAI,CAAC;YACzB,CAAC;YAED,QAAQ,GAAG,IAAI,CAAC;QACpB,CAAC;aAAM,IAAI,IAAI,YAAY,eAAe,EAAE,CAAC;YACzC,IAAI,4BAA4B,GAAG,KAAK,CAAC;YACzC,MAAM,IAAI,GAAG,IAAI,eAAe,EAAE,CAAC;YAEnC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACxB,MAAM,SAAS,GAAG,IAAA,+DAAgC,EAAC,KAAK,CAAC,CAAC;gBAE1D,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;oBACtB,4BAA4B,GAAG,IAAI,CAAC;gBACxC,CAAC;gBAED,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAChC,CAAC,CAAC,CAAC;YAEH,IAAI,4BAA4B,EAAE,CAAC;gBAC/B,aAAa,GAAG,IAAI,CAAC;gBACrB,QAAQ,GAAG,IAAI,CAAC;YACpB,CAAC;QACL,CAAC;aAAM,IAAI,IAAI,YAAY,QAAQ,EAAE,CAAC;YAClC,IAAI,qBAAqB,GAAG,KAAK,CAAC;YAClC,MAAM,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;YAE5B,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;gBACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAC5B,MAAM,SAAS,GAAG,IAAA,+DAAgC,EAAC,KAAK,CAAC,CAAC;oBAE1D,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;wBACtB,qBAAqB,GAAG,IAAI,CAAC;oBACjC,CAAC;oBAED,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;oBAE5B,OAAO;gBACX,CAAC;gBAED,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,qBAAqB,EAAE,CAAC;gBACxB,aAAa,GAAG,IAAI,CAAC;gBACrB,QAAQ,GAAG,IAAI,CAAC;YACpB,CAAC;QACL,CAAC;QAED,8CAA8C,EAAE,CAAC;YAC7C,IAAI,CAAC,aAAa,EAAE,CAAC;gBACjB,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,IACI,IAAA,8CAAuB,EAAC;gBACpB,gBAAgB,EAAE,+BAA+B;gBACjD,iCAAiC,EAAE,IAAI;gBACvC,QAAQ;aACX,CAAC,EACJ,CAAC;gBACC,MAAM,8CAA8C,CAAC;YACzD,CAAC;YAED,MAAM,IAAI,KAAK,CACX;gBACI,uCAAuC,QAAQ,GAAG;gBAClD,kCAAkC,QAAQ,MAAM;gBAChD,oCAAoC;aACvC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;QACN,CAAC;QAED,OAAO,iBAAiB,CAAC,OAAO,EAAE,QAAsD,CAAC,CAAC;IAC9F,CAAC,CAAC;AACN,CAAC;AAED,SAAS,2BAA2B;IAChC,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAAE,EAAE,CACxC,IAAI,KAAK,CACL;QACI,gCAAgC,MAAM,oBAAoB;QAC1D,wEAAwE;KAC3E,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;IAEN,KAAK,MAAM,IAAI,IAAI;QACf,OAAO;QACP,gBAAgB;QAChB,WAAW;QACX,SAAS;QACT,iBAAiB;QACjB,aAAa;QACb,wBAAwB;QACxB,2BAA2B;QAC3B,eAAe;QACf,UAAU;QACV,MAAM;QACN,QAAQ;QACR,QAAQ;QACR,SAAS;QACT,OAAO;QACP,QAAQ;QACR,aAAa;QACb,YAAY;QACZ,aAAa;QACb,UAAU;QACV,SAAS;QACT,MAAM;QACN,oBAAoB;QACpB,oBAAoB;QACpB,MAAM;QACN,MAAM;KACA,EAAE,CAAC;QACT,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QAE9B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACZ,SAAS;QACb,CAAC;QAED,IAAI,WAAW,IAAI,QAAQ,EAAE,CAAC;YAC1B,KAAK,MAAM,YAAY,IAAI,MAAM,CAAC,mBAAmB,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACxE,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACpB,IACI,YAAY,KAAK,UAAU;wBAC3B,YAAY,KAAK,aAAa;wBAC9B,YAAY,KAAK,SAAS,EAC5B,CAAC;wBACC,SAAS;oBACb,CAAC;gBACL,CAAC;gBAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;oBACnB,IAAI,YAAY,KAAK,aAAa,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;wBAC9D,SAAS;oBACb,CAAC;gBACL,CAAC;gBAED,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC,QAAQ,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;gBAE7E,IAAA,eAAM,EAAC,EAAE,KAAK,SAAS,CAAC,CAAC;gBAEzB,IAAI,CAAC,EAAE,CAAC,YAAY,EAAE,CAAC;oBACnB,SAAS;gBACb,CAAC;gBAED,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,YAAY,EAAE;oBACpD,UAAU,EAAE,EAAE,CAAC,UAAU;oBACzB,YAAY,EAAE,KAAK;oBACnB,GAAG,CAAC,OAAO,IAAI,EAAE;wBACb,CAAC,CAAC;4BACI,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK;4BACnB,GAAG,EAAE,GAAG,EAAE;gCACN,MAAM,gBAAgB,CAAC,UAAU,IAAI,cAAc,YAAY,EAAE,CAAC,CAAC;4BACvE,CAAC;yBACJ;wBACH,CAAC,CAAC;4BACI,GAAG,EAAE,EAAE,CAAC,GAAG;4BACX,GAAG,EACC,EAAE,CAAC,GAAG;gCACN,CAAC,GAAG,EAAE;oCACF,MAAM,gBAAgB,CAAC,UAAU,IAAI,cAAc,YAAY,EAAE,CAAC,CAAC;gCACvE,CAAC,CAAC;yBACT,CAAC;iBACX,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE;YAChC,YAAY,EAAE,KAAK;YACnB,UAAU,EAAE,IAAI;YAChB,GAAG,EAAE,GAAG,EAAE,CAAC,QAAQ;YACnB,GAAG,EAAE,GAAG,EAAE;gBACN,MAAM,gBAAgB,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;YAC7C,CAAC;SACJ,CAAC,CAAC;IACP,CAAC;IAED,CAAC;QACG,MAAM,IAAI,GAAG,eAAe,CAAC;QAE7B,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAEjC,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,IAAI,EAAE;YACnC,YAAY,EAAE,KAAK;YACnB,UAAU,EAAE,IAAI;YAChB,GAAG,EAAE,GAAG,EAAE,CAAC,QAAQ;YACnB,GAAG,EAAE,GAAG,EAAE;gBACN,MAAM,gBAAgB,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;YACvD,CAAC;SACJ,CAAC,CAAC;IACP,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAU,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAE1C,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,EAAE;YAC5C,YAAY,EAAE,KAAK;YACnB,UAAU,EAAE,IAAI;YAChB,GAAG,EAAE,GAAG,EAAE,CAAC,QAAQ;YACnB,GAAG,EAAE,GAAG,EAAE;gBACN,MAAM,gBAAgB,CAAC,6BAA6B,IAAI,GAAG,CAAC,CAAC;YACjE,CAAC;SACJ,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED,SAAS,iCAAiC,CAAC,MAAoD;IAC3F,MAAM,EAAE,8BAA8B,EAAE,GAAG,MAAM,CAAC;IAElD,MAAM,EAAE,aAAa,EAAE,GAAG,SAAS,CAAC;IAEpC,MAAM,eAAe,GAAG,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAEnE,aAAa,CAAC,QAAQ,GAAG,SAAS,QAAQ,CACtC,SAA4D,EAC5D,OAA2D;QAE3D,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,IAAI,GAAG,CAClC,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,EAC1D,MAAM,CAAC,QAAQ,CAAC,IAAI,CACvB,CAAC;QAEF,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CACX;gBACI,0DAA0D;gBAC1D,4DAA4D;gBAC5D,8CAA8C;aACjD,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;QACN,CAAC;QAED,IACI,CAAC,IAAA,8CAAuB,EAAC;YACrB,gBAAgB,EAAE,8BAA8B;YAChD,iCAAiC,EAAE,KAAK;YACxC,QAAQ;SACX,CAAC,EACJ,CAAC;YACC,MAAM,IAAI,KAAK,CACX;gBACI,oDAAoD,QAAQ,GAAG;gBAC/D,uCAAuC,QAAQ,MAAM;gBACrD,mCAAmC;aACtC,CAAC,IAAI,CAAC,GAAG,CAAC,CACd,CAAC;QACN,CAAC;QAED,OAAO,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC,CAAC;AACN,CAAC"}
|