raindancers-cloudfront 0.0.0

package/lib/cloudfront/patterns/cognito-secured-cloudfront.js

@@ -0,0 +1,285 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CognitoSecuredCloudFront = void 0;
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const core = __importStar(require("aws-cdk-lib"));
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const constructs = __importStar(require("constructs"));
+const securedCloudFront_1 = require("./securedCloudFront");
+const function_composer_1 = require("../cloudfront-functions/function-composer");
+class CognitoSecuredCloudFront extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const redirectUri = `https://${props.domainNames[0]}/oauth2/callback`;
+        const p = props.authSsmParamPrefix;
+        const configSecretArn = aws_cdk_lib_1.aws_ssm.StringParameter.valueForStringParameter(this, `${p}/configSecretArn`);
+        const kmsKeyArn = aws_cdk_lib_1.aws_ssm.StringParameter.valueForStringParameter(this, `${p}/kmsKeyArn`);
+        const authTableArn = aws_cdk_lib_1.aws_ssm.StringParameter.valueForStringParameter(this, `${p}/authTableArn`);
+        const kvsArn = aws_cdk_lib_1.aws_ssm.StringParameter.valueForStringParameter(this, `${p}/kvsArn`);
+        const cognitoDomain = aws_cdk_lib_1.aws_ssm.StringParameter.valueForStringParameter(this, `${p}/cognitoDomain`);
+        const clientId = aws_cdk_lib_1.aws_ssm.StringParameter.valueForStringParameter(this, `${p}/clientId`);
+        this.cognitoDomain = cognitoDomain;
+        this.clientId = clientId;
+        this.redirectUri = redirectUri;
+        const kvs = aws_cdk_lib_1.aws_cloudfront.KeyValueStore.fromKeyValueStoreArn(this, 'KVS', kvsArn);
+        this.kvs = kvs;
+        const lambdaEdgeRole = new aws_cdk_lib_1.aws_iam.Role(this, 'LambdaEdgeRole', {
+            assumedBy: new aws_cdk_lib_1.aws_iam.CompositePrincipal(new aws_cdk_lib_1.aws_iam.ServicePrincipal('lambda.amazonaws.com'), new aws_cdk_lib_1.aws_iam.ServicePrincipal('edgelambda.amazonaws.com')),
+            managedPolicies: [
+                aws_cdk_lib_1.aws_iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaBasicExecutionRole'),
+            ],
+        });
+        lambdaEdgeRole.addToPolicy(new aws_cdk_lib_1.aws_iam.PolicyStatement({
+            effect: aws_cdk_lib_1.aws_iam.Effect.ALLOW,
+            actions: ['secretsmanager:GetSecretValue', 'secretsmanager:DescribeSecret'],
+            resources: [configSecretArn],
+        }));
+        lambdaEdgeRole.addToPolicy(new aws_cdk_lib_1.aws_iam.PolicyStatement({
+            effect: aws_cdk_lib_1.aws_iam.Effect.ALLOW,
+            actions: ['kms:Decrypt'],
+            resources: [kmsKeyArn],
+        }));
+        lambdaEdgeRole.addToPolicy(new aws_cdk_lib_1.aws_iam.PolicyStatement({
+            effect: aws_cdk_lib_1.aws_iam.Effect.ALLOW,
+            actions: ['dynamodb:GetItem', 'dynamodb:PutItem', 'dynamodb:Query', 'dynamodb:Scan', 'dynamodb:UpdateItem', 'dynamodb:DeleteItem'],
+            resources: [authTableArn],
+        }));
+        const configPyContent = `# Generated configuration
+import json
+import boto3
+import logging
+
+logger = logging.getLogger()
+
+CONFIG_SECRET_NAME = 'cloudfront-auth-config-${props.domainNames[0]}'
+CONFIG_REGION = '${props.authRegion}'
+
+def get_config():
+    logger.info(f'Loading config from Secrets Manager')
+    try:
+        client = boto3.client('secretsmanager', region_name=CONFIG_REGION)
+        response = client.get_secret_value(SecretId=CONFIG_SECRET_NAME)
+        return json.loads(response['SecretString'])
+    except Exception as e:
+        logger.error(f'Failed to get secret: {str(e)}')
+        raise
+`;
+        const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'cognito-auth-'));
+        const configPyPath = path.join(tempDir, 'config_generated.py');
+        fs.writeFileSync(configPyPath, configPyContent);
+        const oauthCallbackFn = new aws_cdk_lib_1.aws_cloudfront.experimental.EdgeFunction(this, 'OAuthCallback', {
+            runtime: aws_cdk_lib_1.aws_lambda.Runtime.PYTHON_3_11,
+            handler: 'oauth-callback.lambda_handler',
+            code: aws_cdk_lib_1.aws_lambda.Code.fromAsset(path.join(__dirname, '../lambda/cognito-auth'), {
+                bundling: {
+                    image: aws_cdk_lib_1.aws_lambda.Runtime.PYTHON_3_11.bundlingImage,
+                    command: [
+                        'bash', '-c',
+                        'pip install -r requirements.txt -t /asset-output && ' +
+                            'cp -r . /asset-output && ' +
+                            'cp /tmp/config_generated.py /asset-output/config_generated.py',
+                    ],
+                    volumes: [
+                        {
+                            hostPath: configPyPath,
+                            containerPath: '/tmp/config_generated.py',
+                        },
+                    ],
+                },
+            }),
+            timeout: core.Duration.seconds(30),
+            memorySize: 128,
+            role: lambdaEdgeRole,
+        });
+        const authCheckCode = this.buildAuthCheckCode(cognitoDomain, clientId, redirectUri);
+        this.authCheckFunction = new aws_cdk_lib_1.aws_cloudfront.Function(this, 'AuthCheck', {
+            code: aws_cdk_lib_1.aws_cloudfront.FunctionCode.fromInline(authCheckCode),
+            runtime: aws_cdk_lib_1.aws_cloudfront.FunctionRuntime.JS_2_0,
+            keyValueStore: kvs,
+            comment: 'Cognito auth check',
+        });
+        this.lastCreatedFunction = this.authCheckFunction;
+        if (props.enableUserInfoInjection !== false) {
+            if (!props.userInfoNameFields || props.userInfoNameFields.length === 0) {
+                throw new Error('userInfoNameFields must be provided when enableUserInfoInjection is true');
+            }
+            const userInfoCode = this.loadAndReplaceUserInfoCode(props.userInfoNameFields);
+            this.userInfoFunction = new aws_cdk_lib_1.aws_cloudfront.Function(this, 'UserInfoEndpoint', {
+                code: aws_cdk_lib_1.aws_cloudfront.FunctionCode.fromInline(userInfoCode),
+                runtime: aws_cdk_lib_1.aws_cloudfront.FunctionRuntime.JS_2_0,
+                keyValueStore: kvs,
+                comment: 'Returns user info JSON from JWT',
+            });
+            this.userInfoFunction.node.addDependency(this.authCheckFunction);
+            this.lastCreatedFunction = this.userInfoFunction;
+        }
+        this.tlsOriginRequestPolicy = new aws_cdk_lib_1.aws_cloudfront.OriginRequestPolicy(this, 'TlsOriginRequestPolicy', {
+            headerBehavior: aws_cdk_lib_1.aws_cloudfront.OriginRequestHeaderBehavior.allowList('CloudFront-Viewer-TLS'),
+            cookieBehavior: aws_cdk_lib_1.aws_cloudfront.OriginRequestCookieBehavior.none(),
+            queryStringBehavior: aws_cdk_lib_1.aws_cloudfront.OriginRequestQueryStringBehavior.none(),
+        });
+        this.functionComposer = new function_composer_1.FunctionComposer();
+        this.composedFunctions = new Map();
+        const oauthCallbackBehavior = {
+            origin: props.defaultBehavior.origin,
+            viewerProtocolPolicy: aws_cdk_lib_1.aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+            edgeLambdas: [{
+                    functionVersion: oauthCallbackFn.currentVersion,
+                    eventType: aws_cdk_lib_1.aws_cloudfront.LambdaEdgeEventType.ORIGIN_REQUEST,
+                }],
+            cachePolicy: new aws_cdk_lib_1.aws_cloudfront.CachePolicy(this, 'CallbackCachePolicy', {
+                cachePolicyName: `${core.Stack.of(this).stackName}-cognito-callback`,
+                defaultTtl: core.Duration.seconds(0),
+                minTtl: core.Duration.seconds(0),
+                maxTtl: core.Duration.seconds(1),
+                cookieBehavior: aws_cdk_lib_1.aws_cloudfront.CacheCookieBehavior.allowList('oauth_state', 'code_verifier'),
+                headerBehavior: aws_cdk_lib_1.aws_cloudfront.CacheHeaderBehavior.none(),
+                queryStringBehavior: aws_cdk_lib_1.aws_cloudfront.CacheQueryStringBehavior.all(),
+                enableAcceptEncodingGzip: false,
+                enableAcceptEncodingBrotli: false,
+            }),
+        };
+        this.distribution = new aws_cdk_lib_1.aws_cloudfront.Distribution(this, 'Distribution', {
+            httpVersion: aws_cdk_lib_1.aws_cloudfront.HttpVersion.HTTP2_AND_3,
+            minimumProtocolVersion: aws_cdk_lib_1.aws_cloudfront.SecurityPolicyProtocol.TLS_V1_2_2025,
+            defaultBehavior: (() => {
+                const built = this.buildFunctionAssociations(props.defaultExtensions, props.defaultExtensionConfig);
+                return {
+                    ...props.defaultBehavior,
+                    functionAssociations: built?.functionAssociations,
+                    originRequestPolicy: built?.originRequestPolicy,
+                };
+            })(),
+            additionalBehaviors: {
+                '/oauth2/callback': oauthCallbackBehavior,
+            },
+            domainNames: props.domainNames,
+            certificate: props.certificate,
+            defaultRootObject: props.defaultRootObject ?? 'index.html',
+            errorResponses: [
+                { httpStatus: 403, responseHttpStatus: 200, responsePagePath: props.errorResponsePagePath ?? '/error.html', ttl: core.Duration.minutes(5) },
+                { httpStatus: 404, responseHttpStatus: 200, responsePagePath: props.errorResponsePagePath ?? '/error.html', ttl: core.Duration.minutes(5) },
+                { httpStatus: 500, responseHttpStatus: 200, responsePagePath: props.errorResponsePagePath ?? '/error.html', ttl: core.Duration.seconds(10) },
+                { httpStatus: 502, responseHttpStatus: 200, responsePagePath: props.errorResponsePagePath ?? '/error.html', ttl: core.Duration.seconds(10) },
+                { httpStatus: 503, responseHttpStatus: 200, responsePagePath: props.errorResponsePagePath ?? '/error.html', ttl: core.Duration.seconds(10) },
+                { httpStatus: 504, responseHttpStatus: 200, responsePagePath: props.errorResponsePagePath ?? '/error.html', ttl: core.Duration.seconds(10) },
+            ],
+        });
+        if (this.userInfoFunction) {
+            this.distribution.addBehavior('/userinfo', props.defaultBehavior.origin, {
+                viewerProtocolPolicy: aws_cdk_lib_1.aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
+                functionAssociations: [{ function: this.userInfoFunction, eventType: aws_cdk_lib_1.aws_cloudfront.FunctionEventType.VIEWER_REQUEST }],
+                cachePolicy: aws_cdk_lib_1.aws_cloudfront.CachePolicy.CACHING_DISABLED,
+            });
+        }
+    }
+    addBehavior(pathPattern, origin, options = {}) {
+        const built = this.buildFunctionAssociations(options.extensions, options.extensionConfig);
+        this.distribution.addBehavior(pathPattern, origin, {
+            ...options.behaviorOptions,
+            functionAssociations: built?.functionAssociations ?? options.behaviorOptions?.functionAssociations,
+            originRequestPolicy: built?.originRequestPolicy ?? options.behaviorOptions?.originRequestPolicy,
+        });
+    }
+    buildFunctionAssociations(extensions, config) {
+        if (!extensions || extensions.length === 0) {
+            return undefined;
+        }
+        const cacheKey = this.generateFunctionCacheKey(extensions, config);
+        let func = this.composedFunctions.get(cacheKey);
+        if (!func) {
+            const code = this.functionComposer.compose(extensions, config, {
+                cognitoDomain: this.cognitoDomain,
+                clientId: this.clientId,
+                redirectUri: this.redirectUri,
+            });
+            const functionId = this.generateFunctionId(extensions, config);
+            const functionProps = extensions.includes(securedCloudFront_1.Extension.REQUIRE_AUTH)
+                ? { code: aws_cdk_lib_1.aws_cloudfront.FunctionCode.fromInline(code), runtime: aws_cdk_lib_1.aws_cloudfront.FunctionRuntime.JS_2_0, comment: `Combined: ${extensions.join(', ')}`, keyValueStore: this.kvs }
+                : { code: aws_cdk_lib_1.aws_cloudfront.FunctionCode.fromInline(code), runtime: aws_cdk_lib_1.aws_cloudfront.FunctionRuntime.JS_2_0, comment: `Combined: ${extensions.join(', ')}` };
+            func = new aws_cdk_lib_1.aws_cloudfront.Function(this, functionId, functionProps);
+            if (this.lastCreatedFunction) {
+                func.node.addDependency(this.lastCreatedFunction);
+            }
+            this.lastCreatedFunction = func;
+            this.composedFunctions.set(cacheKey, func);
+        }
+        const result = {
+            functionAssociations: [{ function: func, eventType: aws_cdk_lib_1.aws_cloudfront.FunctionEventType.VIEWER_REQUEST }],
+        };
+        if (extensions.includes(securedCloudFront_1.Extension.REQUIRE_TLS_13)) {
+            result.originRequestPolicy = this.tlsOriginRequestPolicy;
+        }
+        return result;
+    }
+    generateFunctionCacheKey(extensions, config) {
+        const parts = [extensions.sort().join(',')];
+        if (config?.requiredRoles) {
+            parts.push([...config.requiredRoles].sort().join(','));
+        }
+        if (config?.roleMatchMode && config.roleMatchMode !== securedCloudFront_1.RoleMatchMode.OR) {
+            parts.push(config.roleMatchMode);
+        }
+        return parts.join('|');
+    }
+    generateFunctionId(extensions, config) {
+        const extensionPart = extensions.map(e => e.replace('REQUIRE_', '')).join('');
+        if (config?.requiredRoles && config.requiredRoles.length > 0) {
+            const roleHash = config.requiredRoles.join('').replace(/[^a-zA-Z0-9]/g, '').substring(0, 8);
+            const modePart = config.roleMatchMode && config.roleMatchMode !== securedCloudFront_1.RoleMatchMode.OR ? config.roleMatchMode : '';
+            return `ComposedFunction${extensionPart}${roleHash}${modePart}`;
+        }
+        return `ComposedFunction${extensionPart}`;
+    }
+    buildAuthCheckCode(cognitoDomain, clientId, redirectUri) {
+        const codePath = path.join(__dirname, '../cloudfront-functions/modules/cognito-auth-check.js');
+        let code = fs.readFileSync(codePath, 'utf-8');
+        code = code.replace(/COGNITO_DOMAIN_PLACEHOLDER/g, cognitoDomain);
+        code = code.replace(/CLIENT_ID_PLACEHOLDER/g, clientId);
+        code = code.replace(/REDIRECT_URI_PLACEHOLDER/g, redirectUri);
+        return code;
+    }
+    loadAndReplaceUserInfoCode(nameFields) {
+        const codePath = path.join(__dirname, '../cloudfront-functions/userinfo-endpoint.js');
+        let code = fs.readFileSync(codePath, 'utf-8');
+        code = code.replace("var nameFields = ['key1', 'key2', 'key3'];", `var nameFields = ${JSON.stringify(nameFields)};`);
+        return code;
+    }
+}
+exports.CognitoSecuredCloudFront = CognitoSecuredCloudFront;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0by1zZWN1cmVkLWNsb3VkZnJvbnQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2xvdWRmcm9udC9wYXR0ZXJucy9jb2duaXRvLXNlY3VyZWQtY2xvdWRmcm9udC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSx1Q0FBeUI7QUFDekIsdUNBQXlCO0FBQ3pCLDJDQUE2QjtBQUM3QixrREFBb0M7QUFDcEMsNkNBS3FCO0FBQ3JCLHVEQUF5QztBQUN6QywyREFBb0c7QUFDcEcsaUZBQTZFO0FBZ0I3RSxNQUFhLHdCQUF3RCxTQUFRLFVBQVUsQ0FBQyxTQUFTO0lBYS9GLFlBQVksS0FBMkIsRUFBRSxFQUFVLEVBQUUsS0FBb0M7UUFDdkYsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUVqQixNQUFNLFdBQVcsR0FBRyxXQUFXLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLGtCQUFrQixDQUFDO1FBRXRFLE1BQU0sQ0FBQyxHQUFHLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQztRQUNuQyxNQUFNLGVBQWUsR0FBRyxxQkFBRyxDQUFDLGVBQWUsQ0FBQyx1QkFBdUIsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDbEcsTUFBTSxTQUFTLEdBQUcscUJBQUcsQ0FBQyxlQUFlLENBQUMsdUJBQXVCLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUN0RixNQUFNLFlBQVksR0FBRyxxQkFBRyxDQUFDLGVBQWUsQ0FBQyx1QkFBdUIsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQzVGLE1BQU0sTUFBTSxHQUFHLHFCQUFHLENBQUMsZUFBZSxDQUFDLHVCQUF1QixDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDaEYsTUFBTSxhQUFhLEdBQUcscUJBQUcsQ0FBQyxlQUFlLENBQUMsdUJBQXVCLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQzlGLE1BQU0sUUFBUSxHQUFHLHFCQUFHLENBQUMsZUFBZSxDQUFDLHVCQUF1QixDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsV0FBVyxDQUFDLENBQUM7UUFFcEYsSUFBSSxDQUFDLGFBQWEsR0FBRyxhQUFhLENBQUM7UUFDbkMsSUFBSSxDQUFDLFFBQVEsR0FBRyxRQUFRLENBQUM7UUFDekIsSUFBSSxDQUFDLFdBQVcsR0FBRyxXQUFXLENBQUM7UUFFL0IsTUFBTSxHQUFHLEdBQUcsNEJBQVUsQ0FBQyxhQUFhLENBQUMsb0JBQW9CLENBQUMsSUFBSSxFQUFFLEtBQUssRUFBRSxNQUFNLENBQUMsQ0FBQztRQUMvRSxJQUFJLENBQUMsR0FBRyxHQUFHLEdBQUcsQ0FBQztRQUVmLE1BQU0sY0FBYyxHQUFHLElBQUkscUJBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLGdCQUFnQixFQUFFO1lBQzFELFNBQVMsRUFBRSxJQUFJLHFCQUFHLENBQUMsa0JBQWtCLENBQ25DLElBQUkscUJBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxzQkFBc0IsQ0FBQyxFQUNoRCxJQUFJLHFCQUFHLENBQUMsZ0JBQWdCLENBQUMsMEJBQTBCLENBQUMsQ0FDckQ7WUFDRCxlQUFlLEVBQUU7Z0JBQ2YscUJBQUcsQ0FBQyxhQUFhLENBQUMsd0JBQXdCLENBQUMsMENBQTBDLENBQUM7YUFDdkY7U0FDRixDQUFDLENBQUM7UUFFSCxjQUFjLENBQUMsV0FBVyxDQUFDLElBQUkscUJBQUcsQ0FBQyxlQUFlLENBQUM7WUFDakQsTUFBTSxFQUFFLHFCQUFHLENBQUMsTUFBTSxDQUFDLEtBQUs7WUFDeEIsT0FBTyxFQUFFLENBQUMsK0JBQStCLEVBQUUsK0JBQStCLENBQUM7WUFDM0UsU0FBUyxFQUFFLENBQUMsZUFBZSxDQUFDO1NBQzdCLENBQUMsQ0FBQyxDQUFDO1FBRUosY0FBYyxDQUFDLFdBQVcsQ0FBQyxJQUFJLHFCQUFHLENBQUMsZUFBZSxDQUFDO1lBQ2pELE1BQU0sRUFBRSxxQkFBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLO1lBQ3hCLE9BQU8sRUFBRSxDQUFDLGFBQWEsQ0FBQztZQUN4QixTQUFTLEVBQUUsQ0FBQyxTQUFTLENBQUM7U0FDdkIsQ0FBQyxDQUFDLENBQUM7UUFFSixjQUFjLENBQUMsV0FBVyxDQUFDLElBQUkscUJBQUcsQ0FBQyxlQUFlLENBQUM7WUFDakQsTUFBTSxFQUFFLHFCQUFHLENBQUMsTUFBTSxDQUFDLEtBQUs7WUFDeEIsT0FBTyxFQUFFLENBQUMsa0JBQWtCLEVBQUUsa0JBQWtCLEVBQUUsZ0JBQWdCLEVBQUUsZUFBZSxFQUFFLHFCQUFxQixFQUFFLHFCQUFxQixDQUFDO1lBQ2xJLFNBQVMsRUFBRSxDQUFDLFlBQVksQ0FBQztTQUMxQixDQUFDLENBQUMsQ0FBQztRQUVKLE1BQU0sZUFBZSxHQUFHOzs7Ozs7OytDQU9tQixLQUFLLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQzttQkFDaEQsS0FBSyxDQUFDLFVBQVU7Ozs7Ozs7Ozs7O0NBV2xDLENBQUM7UUFFRSxNQUFNLE9BQU8sR0FBRyxFQUFFLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLE1BQU0sRUFBRSxFQUFFLGVBQWUsQ0FBQyxDQUFDLENBQUM7UUFDeEUsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUscUJBQXFCLENBQUMsQ0FBQztRQUMvRCxFQUFFLENBQUMsYUFBYSxDQUFDLFlBQVksRUFBRSxlQUFlLENBQUMsQ0FBQztRQUVoRCxNQUFNLGVBQWUsR0FBRyxJQUFJLDRCQUFVLENBQUMsWUFBWSxDQUFDLFlBQVksQ0FBQyxJQUFJLEVBQUUsZUFBZSxFQUFFO1lBQ3RGLE9BQU8sRUFBRSx3QkFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXO1lBQ25DLE9BQU8sRUFBRSwrQkFBK0I7WUFDeEMsSUFBSSxFQUFFLHdCQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSx3QkFBd0IsQ0FBQyxFQUFFO2dCQUMxRSxRQUFRLEVBQUU7b0JBQ1IsS0FBSyxFQUFFLHdCQUFNLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxhQUFhO29CQUMvQyxPQUFPLEVBQUU7d0JBQ1AsTUFBTSxFQUFFLElBQUk7d0JBQ1osc0RBQXNEOzRCQUN0RCwyQkFBMkI7NEJBQzNCLCtEQUErRDtxQkFDaEU7b0JBQ0QsT0FBTyxFQUFFO3dCQUNQOzRCQUNFLFFBQVEsRUFBRSxZQUFZOzRCQUN0QixhQUFhLEVBQUUsMEJBQTBCO3lCQUMxQztxQkFDRjtpQkFDRjthQUNGLENBQUM7WUFDRixPQUFPLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ2xDLFVBQVUsRUFBRSxHQUFHO1lBQ2YsSUFBSSxFQUFFLGNBQWM7U0FDckIsQ0FBQyxDQUFDO1FBRUgsTUFBTSxhQUFhLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDLGFBQWEsRUFBRSxRQUFRLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFFcEYsSUFBSSxDQUFDLGlCQUFpQixHQUFHLElBQUksNEJBQVUsQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLFdBQVcsRUFBRTtZQUNsRSxJQUFJLEVBQUUsNEJBQVUsQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQztZQUN2RCxPQUFPLEVBQUUsNEJBQVUsQ0FBQyxlQUFlLENBQUMsTUFBTTtZQUMxQyxhQUFhLEVBQUUsR0FBRztZQUNsQixPQUFPLEVBQUUsb0JBQW9CO1NBQzlCLENBQUMsQ0FBQztRQUNILElBQUksQ0FBQyxtQkFBbUIsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUM7UUFFbEQsSUFBSSxLQUFLLENBQUMsdUJBQXVCLEtBQUssS0FBSyxFQUFFLENBQUM7WUFDNUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxrQkFBa0IsSUFBSSxLQUFLLENBQUMsa0JBQWtCLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUN2RSxNQUFNLElBQUksS0FBSyxDQUFDLDBFQUEwRSxDQUFDLENBQUM7WUFDOUYsQ0FBQztZQUNELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQywwQkFBMEIsQ0FBQyxLQUFLLENBQUMsa0JBQWtCLENBQUMsQ0FBQztZQUMvRSxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSw0QkFBVSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsa0JBQWtCLEVBQUU7Z0JBQ3hFLElBQUksRUFBRSw0QkFBVSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDO2dCQUN0RCxPQUFPLEVBQUUsNEJBQVUsQ0FBQyxlQUFlLENBQUMsTUFBTTtnQkFDMUMsYUFBYSxFQUFFLEdBQUc7Z0JBQ2xCLE9BQU8sRUFBRSxpQ0FBaUM7YUFDM0MsQ0FBQyxDQUFDO1lBQ0gsSUFBSSxDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDakUsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQztRQUNuRCxDQUFDO1FBRUQsSUFBSSxDQUFDLHNCQUFzQixHQUFHLElBQUksNEJBQVUsQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLEVBQUUsd0JBQXdCLEVBQUU7WUFDL0YsY0FBYyxFQUFFLDRCQUFVLENBQUMsMkJBQTJCLENBQUMsU0FBUyxDQUFDLHVCQUF1QixDQUFDO1lBQ3pGLGNBQWMsRUFBRSw0QkFBVSxDQUFDLDJCQUEyQixDQUFDLElBQUksRUFBRTtZQUM3RCxtQkFBbUIsRUFBRSw0QkFBVSxDQUFDLGdDQUFnQyxDQUFDLElBQUksRUFBRTtTQUN4RSxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxvQ0FBZ0IsRUFBRSxDQUFDO1FBQy9DLElBQUksQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLEdBQUcsRUFBRSxDQUFDO1FBRW5DLE1BQU0scUJBQXFCLEdBQStCO1lBQ3hELE1BQU0sRUFBRSxLQUFLLENBQUMsZUFBZSxDQUFDLE1BQU07WUFDcEMsb0JBQW9CLEVBQUUsNEJBQVUsQ0FBQyxvQkFBb0IsQ0FBQyxpQkFBaUI7WUFDdkUsV0FBVyxFQUFFLENBQUM7b0JBQ1osZUFBZSxFQUFFLGVBQWUsQ0FBQyxjQUFjO29CQUMvQyxTQUFTLEVBQUUsNEJBQVUsQ0FBQyxtQkFBbUIsQ0FBQyxjQUFjO2lCQUN6RCxDQUFDO1lBQ0YsV0FBVyxFQUFFLElBQUksNEJBQVUsQ0FBQyxXQUFXLENBQUMsSUFBSSxFQUFFLHFCQUFxQixFQUFFO2dCQUNuRSxlQUFlLEVBQUUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxTQUFTLG1CQUFtQjtnQkFDcEUsVUFBVSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztnQkFDcEMsTUFBTSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztnQkFDaEMsTUFBTSxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztnQkFDaEMsY0FBYyxFQUFFLDRCQUFVLENBQUMsbUJBQW1CLENBQUMsU0FBUyxDQUFDLGFBQWEsRUFBRSxlQUFlLENBQUM7Z0JBQ3hGLGNBQWMsRUFBRSw0QkFBVSxDQUFDLG1CQUFtQixDQUFDLElBQUksRUFBRTtnQkFDckQsbUJBQW1CLEVBQUUsNEJBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxHQUFHLEVBQUU7Z0JBQzlELHdCQUF3QixFQUFFLEtBQUs7Z0JBQy9CLDBCQUEwQixFQUFFLEtBQUs7YUFDbEMsQ0FBQztTQUNILENBQUM7UUFFRixJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksNEJBQVUsQ0FBQyxZQUFZLENBQUMsSUFBSSxFQUFFLGNBQWMsRUFBRTtZQUNwRSxXQUFXLEVBQUUsNEJBQVUsQ0FBQyxXQUFXLENBQUMsV0FBVztZQUMvQyxzQkFBc0IsRUFBRSw0QkFBVSxDQUFDLHNCQUFzQixDQUFDLGFBQWE7WUFDdkUsZUFBZSxFQUFFLENBQUMsR0FBRyxFQUFFO2dCQUNyQixNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMseUJBQXlCLENBQUMsS0FBSyxDQUFDLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO2dCQUNwRyxPQUFPO29CQUNMLEdBQUcsS0FBSyxDQUFDLGVBQWU7b0JBQ3hCLG9CQUFvQixFQUFFLEtBQUssRUFBRSxvQkFBb0I7b0JBQ2pELG1CQUFtQixFQUFFLEtBQUssRUFBRSxtQkFBbUI7aUJBQ2hELENBQUM7WUFDSixDQUFDLENBQUMsRUFBRTtZQUNKLG1CQUFtQixFQUFFO2dCQUNuQixrQkFBa0IsRUFBRSxxQkFBcUI7YUFDMUM7WUFDRCxXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7WUFDOUIsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO1lBQzlCLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxpQkFBaUIsSUFBSSxZQUFZO1lBQzFELGNBQWMsRUFBRTtnQkFDZCxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsa0JBQWtCLEVBQUUsR0FBRyxFQUFFLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxxQkFBcUIsSUFBSSxhQUFhLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFO2dCQUMzSSxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsa0JBQWtCLEVBQUUsR0FBRyxFQUFFLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxxQkFBcUIsSUFBSSxhQUFhLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFO2dCQUMzSSxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsa0JBQWtCLEVBQUUsR0FBRyxFQUFFLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxxQkFBcUIsSUFBSSxhQUFhLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQyxFQUFFO2dCQUM1SSxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsa0JBQWtCLEVBQUUsR0FBRyxFQUFFLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxxQkFBcUIsSUFBSSxhQUFhLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQyxFQUFFO2dCQUM1SSxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsa0JBQWtCLEVBQUUsR0FBRyxFQUFFLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxxQkFBcUIsSUFBSSxhQUFhLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQyxFQUFFO2dCQUM1SSxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsa0JBQWtCLEVBQUUsR0FBRyxFQUFFLGdCQUFnQixFQUFFLEtBQUssQ0FBQyxxQkFBcUIsSUFBSSxhQUFhLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQyxFQUFFO2FBQzdJO1NBQ0YsQ0FBQyxDQUFDO1FBRUgsSUFBSSxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUMxQixJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxXQUFXLEVBQUUsS0FBSyxDQUFDLGVBQWUsQ0FBQyxNQUFNLEVBQUU7Z0JBQ3ZFLG9CQUFvQixFQUFFLDRCQUFVLENBQUMsb0JBQW9CLENBQUMsaUJBQWlCO2dCQUN2RSxvQkFBb0IsRUFBRSxDQUFDLEVBQUUsUUFBUSxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxTQUFTLEVBQUUsNEJBQVUsQ0FBQyxpQkFBaUIsQ0FBQyxjQUFjLEVBQUUsQ0FBQztnQkFDbkgsV0FBVyxFQUFFLDRCQUFVLENBQUMsV0FBVyxDQUFDLGdCQUFnQjthQUNyRCxDQUFDLENBQUM7UUFDTCxDQUFDO0lBQ0gsQ0FBQztJQUVNLFdBQVcsQ0FDaEIsV0FBbUIsRUFDbkIsTUFBMEIsRUFDMUIsVUFBcUMsRUFBRTtRQUV2QyxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMseUJBQXlCLENBQUMsT0FBTyxDQUFDLFVBQVUsRUFBRSxPQUFPLENBQUMsZUFBZSxDQUFDLENBQUM7UUFDMUYsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsV0FBVyxFQUFFLE1BQU0sRUFBRTtZQUNqRCxHQUFHLE9BQU8sQ0FBQyxlQUFlO1lBQzFCLG9CQUFvQixFQUFFLEtBQUssRUFBRSxvQkFBb0IsSUFBSSxPQUFPLENBQUMsZUFBZSxFQUFFLG9CQUFvQjtZQUNsRyxtQkFBbUIsRUFBRSxLQUFLLEVBQUUsbUJBQW1CLElBQUksT0FBTyxDQUFDLGVBQWUsRUFBRSxtQkFBbUI7U0FDaEcsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVPLHlCQUF5QixDQUMvQixVQUF3QixFQUN4QixNQUErQjtRQUUvQixJQUFJLENBQUMsVUFBVSxJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDM0MsT0FBTyxTQUFTLENBQUM7UUFDbkIsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDbkUsSUFBSSxJQUFJLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUVoRCxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDVixNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxDQUFDLFVBQVUsRUFBRSxNQUFNLEVBQUU7Z0JBQzdELGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtnQkFDakMsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO2dCQUN2QixXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVc7YUFDOUIsQ0FBQyxDQUFDO1lBRUgsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDLFVBQVUsRUFBRSxNQUFNLENBQUMsQ0FBQztZQUMvRCxNQUFNLGFBQWEsR0FBRyxVQUFVLENBQUMsUUFBUSxDQUFDLDZCQUFTLENBQUMsWUFBWSxDQUFDO2dCQUMvRCxDQUFDLENBQUMsRUFBRSxJQUFJLEVBQUUsNEJBQVUsQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSw0QkFBVSxDQUFDLGVBQWUsQ0FBQyxNQUFNLEVBQUUsT0FBTyxFQUFFLGFBQWEsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLGFBQWEsRUFBRSxJQUFJLENBQUMsR0FBRyxFQUFFO2dCQUN4SyxDQUFDLENBQUMsRUFBRSxJQUFJLEVBQUUsNEJBQVUsQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSw0QkFBVSxDQUFDLGVBQWUsQ0FBQyxNQUFNLEVBQUUsT0FBTyxFQUFFLGFBQWEsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLENBQUM7WUFFbEosSUFBSSxHQUFHLElBQUksNEJBQVUsQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLFVBQVUsRUFBRSxhQUFhLENBQUMsQ0FBQztZQUNoRSxJQUFJLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO2dCQUM3QixJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQztZQUNwRCxDQUFDO1lBQ0QsSUFBSSxDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQztZQUNoQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUM3QyxDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQXFIO1lBQy9ILG9CQUFvQixFQUFFLENBQUMsRUFBRSxRQUFRLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSw0QkFBVSxDQUFDLGlCQUFpQixDQUFDLGNBQWMsRUFBRSxDQUFDO1NBQ25HLENBQUM7UUFFRixJQUFJLFVBQVUsQ0FBQyxRQUFRLENBQUMsNkJBQVMsQ0FBQyxjQUFjLENBQUMsRUFBRSxDQUFDO1lBQ2xELE1BQU0sQ0FBQyxtQkFBbUIsR0FBRyxJQUFJLENBQUMsc0JBQXNCLENBQUM7UUFDM0QsQ0FBQztRQUVELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFTyx3QkFBd0IsQ0FBQyxVQUF1QixFQUFFLE1BQStCO1FBQ3ZGLE1BQU0sS0FBSyxHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO1FBQzVDLElBQUksTUFBTSxFQUFFLGFBQWEsRUFBRSxDQUFDO1lBQzFCLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQyxHQUFHLE1BQU0sQ0FBQyxhQUFhLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztRQUN6RCxDQUFDO1FBQ0QsSUFBSSxNQUFNLEVBQUUsYUFBYSxJQUFJLE1BQU0sQ0FBQyxhQUFhLEtBQUssaUNBQWEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUN2RSxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUNuQyxDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3pCLENBQUM7SUFFTyxrQkFBa0IsQ0FBQyxVQUF1QixFQUFFLE1BQStCO1FBQ2pGLE1BQU0sYUFBYSxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFVBQVUsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUM5RSxJQUFJLE1BQU0sRUFBRSxhQUFhLElBQUksTUFBTSxDQUFDLGFBQWEsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDN0QsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQzVGLE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxhQUFhLElBQUksTUFBTSxDQUFDLGFBQWEsS0FBSyxpQ0FBYSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO1lBQy9HLE9BQU8sbUJBQW1CLGFBQWEsR0FBRyxRQUFRLEdBQUcsUUFBUSxFQUFFLENBQUM7UUFDbEUsQ0FBQztRQUNELE9BQU8sbUJBQW1CLGFBQWEsRUFBRSxDQUFDO0lBQzVDLENBQUM7SUFFTyxrQkFBa0IsQ0FBQyxhQUFxQixFQUFFLFFBQWdCLEVBQUUsV0FBbUI7UUFDckYsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsdURBQXVELENBQUMsQ0FBQztRQUMvRixJQUFJLElBQUksR0FBRyxFQUFFLENBQUMsWUFBWSxDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUM5QyxJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyw2QkFBNkIsRUFBRSxhQUFhLENBQUMsQ0FBQztRQUNsRSxJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyx3QkFBd0IsRUFBRSxRQUFRLENBQUMsQ0FBQztRQUN4RCxJQUFJLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQywyQkFBMkIsRUFBRSxXQUFXLENBQUMsQ0FBQztRQUM5RCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTywwQkFBMEIsQ0FBQyxVQUFvQjtRQUNyRCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSw4Q0FBOEMsQ0FBQyxDQUFDO1FBQ3RGLElBQUksSUFBSSxHQUFHLEVBQUUsQ0FBQyxZQUFZLENBQUMsUUFBUSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQzlDLElBQUksR0FBRyxJQUFJLENBQUMsT0FBTyxDQUNqQiw0Q0FBNEMsRUFDNUMsb0JBQW9CLElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FDbEQsQ0FBQztRQUNGLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztDQUNGO0FBdlNELDREQXVTQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGZzIGZyb20gJ2ZzJztcbmltcG9ydCAqIGFzIG9zIGZyb20gJ29zJztcbmltcG9ydCAqIGFzIHBhdGggZnJvbSAncGF0aCc7XG5pbXBvcnQgKiBhcyBjb3JlIGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCB7XG4gIGF3c19jbG91ZGZyb250IGFzIGNsb3VkZnJvbnQsXG4gIGF3c19pYW0gYXMgaWFtLFxuICBhd3NfbGFtYmRhIGFzIGxhbWJkYSxcbiAgYXdzX3NzbSBhcyBzc20sXG59IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgeyBFeHRlbnNpb24sIEV4dGVuc2lvbkNvbmZpZywgQWRkQmVoYXZpb3JPcHRpb25zLCBSb2xlTWF0Y2hNb2RlIH0gZnJvbSAnLi9zZWN1cmVkQ2xvdWRGcm9udCc7XG5pbXBvcnQgeyBGdW5jdGlvbkNvbXBvc2VyIH0gZnJvbSAnLi4vY2xvdWRmcm9udC1mdW5jdGlvbnMvZnVuY3Rpb24tY29tcG9zZXInO1xuXG5leHBvcnQgaW50ZXJmYWNlIENvZ25pdG9DbG91ZEZyb250UHJvcHM8VFJvbGUgZXh0ZW5kcyBzdHJpbmcgPSBzdHJpbmc+IHtcbiAgcmVhZG9ubHkgZGVmYXVsdEJlaGF2aW9yOiBPbWl0PGNsb3VkZnJvbnQuQmVoYXZpb3JPcHRpb25zLCAnZnVuY3Rpb25Bc3NvY2lhdGlvbnMnPjtcbiAgcmVhZG9ubHkgZG9tYWluTmFtZXM6IHN0cmluZ1tdO1xuICByZWFkb25seSBjZXJ0aWZpY2F0ZTogYW55O1xuICByZWFkb25seSBhdXRoU3NtUGFyYW1QcmVmaXg6IHN0cmluZztcbiAgcmVhZG9ubHkgYXV0aFJlZ2lvbjogc3RyaW5nO1xuICByZWFkb25seSBkZWZhdWx0RXh0ZW5zaW9ucz86IEV4dGVuc2lvbltdO1xuICByZWFkb25seSBkZWZhdWx0RXh0ZW5zaW9uQ29uZmlnPzogRXh0ZW5zaW9uQ29uZmlnPFRSb2xlPjtcbiAgcmVhZG9ubHkgZGVmYXVsdFJvb3RPYmplY3Q/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGVycm9yUmVzcG9uc2VQYWdlUGF0aD86IHN0cmluZztcbiAgcmVhZG9ubHkgZW5hYmxlVXNlckluZm9JbmplY3Rpb24/OiBib29sZWFuO1xuICByZWFkb25seSB1c2VySW5mb05hbWVGaWVsZHM/OiBzdHJpbmdbXTtcbn1cblxuZXhwb3J0IGNsYXNzIENvZ25pdG9TZWN1cmVkQ2xvdWRGcm9udDxUUm9sZSBleHRlbmRzIHN0cmluZyA9IHN0cmluZz4gZXh0ZW5kcyBjb25zdHJ1Y3RzLkNvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSBkaXN0cmlidXRpb246IGNsb3VkZnJvbnQuRGlzdHJpYnV0aW9uO1xuICBwcml2YXRlIHJlYWRvbmx5IGF1dGhDaGVja0Z1bmN0aW9uOiBjbG91ZGZyb250LkZ1bmN0aW9uO1xuICBwcml2YXRlIHJlYWRvbmx5IHVzZXJJbmZvRnVuY3Rpb24/OiBjbG91ZGZyb250LkZ1bmN0aW9uO1xuICBwcml2YXRlIHJlYWRvbmx5IGZ1bmN0aW9uQ29tcG9zZXI6IEZ1bmN0aW9uQ29tcG9zZXI7XG4gIHByaXZhdGUgcmVhZG9ubHkgY29tcG9zZWRGdW5jdGlvbnM6IE1hcDxzdHJpbmcsIGNsb3VkZnJvbnQuRnVuY3Rpb24+O1xuICBwcml2YXRlIGxhc3RDcmVhdGVkRnVuY3Rpb246IGNsb3VkZnJvbnQuRnVuY3Rpb24gfCB1bmRlZmluZWQ7XG4gIHByaXZhdGUgcmVhZG9ubHkgdGxzT3JpZ2luUmVxdWVzdFBvbGljeTogY2xvdWRmcm9udC5PcmlnaW5SZXF1ZXN0UG9saWN5O1xuICBwcml2YXRlIHJlYWRvbmx5IGNvZ25pdG9Eb21haW46IHN0cmluZztcbiAgcHJpdmF0ZSByZWFkb25seSBjbGllbnRJZDogc3RyaW5nO1xuICBwcml2YXRlIHJlYWRvbmx5IHJlZGlyZWN0VXJpOiBzdHJpbmc7XG4gIHByaXZhdGUgcmVhZG9ubHkga3ZzOiBjbG91ZGZyb250LklLZXlWYWx1ZVN0b3JlO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBjb25zdHJ1Y3RzLkNvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IENvZ25pdG9DbG91ZEZyb250UHJvcHM8VFJvbGU+KSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHJlZGlyZWN0VXJpID0gYGh0dHBzOi8vJHtwcm9wcy5kb21haW5OYW1lc1swXX0vb2F1dGgyL2NhbGxiYWNrYDtcblxuICAgIGNvbnN0IHAgPSBwcm9wcy5hdXRoU3NtUGFyYW1QcmVmaXg7XG4gICAgY29uc3QgY29uZmlnU2VjcmV0QXJuID0gc3NtLlN0cmluZ1BhcmFtZXRlci52YWx1ZUZvclN0cmluZ1BhcmFtZXRlcih0aGlzLCBgJHtwfS9jb25maWdTZWNyZXRBcm5gKTtcbiAgICBjb25zdCBrbXNLZXlBcm4gPSBzc20uU3RyaW5nUGFyYW1ldGVyLnZhbHVlRm9yU3RyaW5nUGFyYW1ldGVyKHRoaXMsIGAke3B9L2ttc0tleUFybmApO1xuICAgIGNvbnN0IGF1dGhUYWJsZUFybiA9IHNzbS5TdHJpbmdQYXJhbWV0ZXIudmFsdWVGb3JTdHJpbmdQYXJhbWV0ZXIodGhpcywgYCR7cH0vYXV0aFRhYmxlQXJuYCk7XG4gICAgY29uc3Qga3ZzQXJuID0gc3NtLlN0cmluZ1BhcmFtZXRlci52YWx1ZUZvclN0cmluZ1BhcmFtZXRlcih0aGlzLCBgJHtwfS9rdnNBcm5gKTtcbiAgICBjb25zdCBjb2duaXRvRG9tYWluID0gc3NtLlN0cmluZ1BhcmFtZXRlci52YWx1ZUZvclN0cmluZ1BhcmFtZXRlcih0aGlzLCBgJHtwfS9jb2duaXRvRG9tYWluYCk7XG4gICAgY29uc3QgY2xpZW50SWQgPSBzc20uU3RyaW5nUGFyYW1ldGVyLnZhbHVlRm9yU3RyaW5nUGFyYW1ldGVyKHRoaXMsIGAke3B9L2NsaWVudElkYCk7XG5cbiAgICB0aGlzLmNvZ25pdG9Eb21haW4gPSBjb2duaXRvRG9tYWluO1xuICAgIHRoaXMuY2xpZW50SWQgPSBjbGllbnRJZDtcbiAgICB0aGlzLnJlZGlyZWN0VXJpID0gcmVkaXJlY3RVcmk7XG5cbiAgICBjb25zdCBrdnMgPSBjbG91ZGZyb250LktleVZhbHVlU3RvcmUuZnJvbUtleVZhbHVlU3RvcmVBcm4odGhpcywgJ0tWUycsIGt2c0Fybik7XG4gICAgdGhpcy5rdnMgPSBrdnM7XG5cbiAgICBjb25zdCBsYW1iZGFFZGdlUm9sZSA9IG5ldyBpYW0uUm9sZSh0aGlzLCAnTGFtYmRhRWRnZVJvbGUnLCB7XG4gICAgICBhc3N1bWVkQnk6IG5ldyBpYW0uQ29tcG9zaXRlUHJpbmNpcGFsKFxuICAgICAgICBuZXcgaWFtLlNlcnZpY2VQcmluY2lwYWwoJ2xhbWJkYS5hbWF6b25hd3MuY29tJyksXG4gICAgICAgIG5ldyBpYW0uU2VydmljZVByaW5jaXBhbCgnZWRnZWxhbWJkYS5hbWF6b25hd3MuY29tJyksXG4gICAgICApLFxuICAgICAgbWFuYWdlZFBvbGljaWVzOiBbXG4gICAgICAgIGlhbS5NYW5hZ2VkUG9saWN5LmZyb21Bd3NNYW5hZ2VkUG9saWN5TmFtZSgnc2VydmljZS1yb2xlL0FXU0xhbWJkYUJhc2ljRXhlY3V0aW9uUm9sZScpLFxuICAgICAgXSxcbiAgICB9KTtcblxuICAgIGxhbWJkYUVkZ2VSb2xlLmFkZFRvUG9saWN5KG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgIGVmZmVjdDogaWFtLkVmZmVjdC5BTExPVyxcbiAgICAgIGFjdGlvbnM6IFsnc2VjcmV0c21hbmFnZXI6R2V0U2VjcmV0VmFsdWUnLCAnc2VjcmV0c21hbmFnZXI6RGVzY3JpYmVTZWNyZXQnXSxcbiAgICAgIHJlc291cmNlczogW2NvbmZpZ1NlY3JldEFybl0sXG4gICAgfSkpO1xuXG4gICAgbGFtYmRhRWRnZVJvbGUuYWRkVG9Qb2xpY3kobmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgZWZmZWN0OiBpYW0uRWZmZWN0LkFMTE9XLFxuICAgICAgYWN0aW9uczogWydrbXM6RGVjcnlwdCddLFxuICAgICAgcmVzb3VyY2VzOiBba21zS2V5QXJuXSxcbiAgICB9KSk7XG5cbiAgICBsYW1iZGFFZGdlUm9sZS5hZGRUb1BvbGljeShuZXcgaWFtLlBvbGljeVN0YXRlbWVudCh7XG4gICAgICBlZmZlY3Q6IGlhbS5FZmZlY3QuQUxMT1csXG4gICAgICBhY3Rpb25zOiBbJ2R5bmFtb2RiOkdldEl0ZW0nLCAnZHluYW1vZGI6UHV0SXRlbScsICdkeW5hbW9kYjpRdWVyeScsICdkeW5hbW9kYjpTY2FuJywgJ2R5bmFtb2RiOlVwZGF0ZUl0ZW0nLCAnZHluYW1vZGI6RGVsZXRlSXRlbSddLFxuICAgICAgcmVzb3VyY2VzOiBbYXV0aFRhYmxlQXJuXSxcbiAgICB9KSk7XG5cbiAgICBjb25zdCBjb25maWdQeUNvbnRlbnQgPSBgIyBHZW5lcmF0ZWQgY29uZmlndXJhdGlvblxuaW1wb3J0IGpzb25cbmltcG9ydCBib3RvM1xuaW1wb3J0IGxvZ2dpbmdcblxubG9nZ2VyID0gbG9nZ2luZy5nZXRMb2dnZXIoKVxuXG5DT05GSUdfU0VDUkVUX05BTUUgPSAnY2xvdWRmcm9udC1hdXRoLWNvbmZpZy0ke3Byb3BzLmRvbWFpbk5hbWVzWzBdfSdcbkNPTkZJR19SRUdJT04gPSAnJHtwcm9wcy5hdXRoUmVnaW9ufSdcblxuZGVmIGdldF9jb25maWcoKTpcbiAgICBsb2dnZXIuaW5mbyhmJ0xvYWRpbmcgY29uZmlnIGZyb20gU2VjcmV0cyBNYW5hZ2VyJylcbiAgICB0cnk6XG4gICAgICAgIGNsaWVudCA9IGJvdG8zLmNsaWVudCgnc2VjcmV0c21hbmFnZXInLCByZWdpb25fbmFtZT1DT05GSUdfUkVHSU9OKVxuICAgICAgICByZXNwb25zZSA9IGNsaWVudC5nZXRfc2VjcmV0X3ZhbHVlKFNlY3JldElkPUNPTkZJR19TRUNSRVRfTkFNRSlcbiAgICAgICAgcmV0dXJuIGpzb24ubG9hZHMocmVzcG9uc2VbJ1NlY3JldFN0cmluZyddKVxuICAgIGV4Y2VwdCBFeGNlcHRpb24gYXMgZTpcbiAgICAgICAgbG9nZ2VyLmVycm9yKGYnRmFpbGVkIHRvIGdldCBzZWNyZXQ6IHtzdHIoZSl9JylcbiAgICAgICAgcmFpc2VcbmA7XG5cbiAgICBjb25zdCB0ZW1wRGlyID0gZnMubWtkdGVtcFN5bmMocGF0aC5qb2luKG9zLnRtcGRpcigpLCAnY29nbml0by1hdXRoLScpKTtcbiAgICBjb25zdCBjb25maWdQeVBhdGggPSBwYXRoLmpvaW4odGVtcERpciwgJ2NvbmZpZ19nZW5lcmF0ZWQucHknKTtcbiAgICBmcy53cml0ZUZpbGVTeW5jKGNvbmZpZ1B5UGF0aCwgY29uZmlnUHlDb250ZW50KTtcblxuICAgIGNvbnN0IG9hdXRoQ2FsbGJhY2tGbiA9IG5ldyBjbG91ZGZyb250LmV4cGVyaW1lbnRhbC5FZGdlRnVuY3Rpb24odGhpcywgJ09BdXRoQ2FsbGJhY2snLCB7XG4gICAgICBydW50aW1lOiBsYW1iZGEuUnVudGltZS5QWVRIT05fM18xMSxcbiAgICAgIGhhbmRsZXI6ICdvYXV0aC1jYWxsYmFjay5sYW1iZGFfaGFuZGxlcicsXG4gICAgICBjb2RlOiBsYW1iZGEuQ29kZS5mcm9tQXNzZXQocGF0aC5qb2luKF9fZGlybmFtZSwgJy4uL2xhbWJkYS9jb2duaXRvLWF1dGgnKSwge1xuICAgICAgICBidW5kbGluZzoge1xuICAgICAgICAgIGltYWdlOiBsYW1iZGEuUnVudGltZS5QWVRIT05fM18xMS5idW5kbGluZ0ltYWdlLFxuICAgICAgICAgIGNvbW1hbmQ6IFtcbiAgICAgICAgICAgICdiYXNoJywgJy1jJyxcbiAgICAgICAgICAgICdwaXAgaW5zdGFsbCAtciByZXF1aXJlbWVudHMudHh0IC10IC9hc3NldC1vdXRwdXQgJiYgJyArXG4gICAgICAgICAgICAnY3AgLXIgLiAvYXNzZXQtb3V0cHV0ICYmICcgK1xuICAgICAgICAgICAgJ2NwIC90bXAvY29uZmlnX2dlbmVyYXRlZC5weSAvYXNzZXQtb3V0cHV0L2NvbmZpZ19nZW5lcmF0ZWQucHknLFxuICAgICAgICAgIF0sXG4gICAgICAgICAgdm9sdW1lczogW1xuICAgICAgICAgICAge1xuICAgICAgICAgICAgICBob3N0UGF0aDogY29uZmlnUHlQYXRoLFxuICAgICAgICAgICAgICBjb250YWluZXJQYXRoOiAnL3RtcC9jb25maWdfZ2VuZXJhdGVkLnB5JyxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgXSxcbiAgICAgICAgfSxcbiAgICAgIH0pLFxuICAgICAgdGltZW91dDogY29yZS5EdXJhdGlvbi5zZWNvbmRzKDMwKSxcbiAgICAgIG1lbW9yeVNpemU6IDEyOCxcbiAgICAgIHJvbGU6IGxhbWJkYUVkZ2VSb2xlLFxuICAgIH0pO1xuXG4gICAgY29uc3QgYXV0aENoZWNrQ29kZSA9IHRoaXMuYnVpbGRBdXRoQ2hlY2tDb2RlKGNvZ25pdG9Eb21haW4sIGNsaWVudElkLCByZWRpcmVjdFVyaSk7XG5cbiAgICB0aGlzLmF1dGhDaGVja0Z1bmN0aW9uID0gbmV3IGNsb3VkZnJvbnQuRnVuY3Rpb24odGhpcywgJ0F1dGhDaGVjaycsIHtcbiAgICAgIGNvZGU6IGNsb3VkZnJvbnQuRnVuY3Rpb25Db2RlLmZyb21JbmxpbmUoYXV0aENoZWNrQ29kZSksXG4gICAgICBydW50aW1lOiBjbG91ZGZyb250LkZ1bmN0aW9uUnVudGltZS5KU18yXzAsXG4gICAgICBrZXlWYWx1ZVN0b3JlOiBrdnMsXG4gICAgICBjb21tZW50OiAnQ29nbml0byBhdXRoIGNoZWNrJyxcbiAgICB9KTtcbiAgICB0aGlzLmxhc3RDcmVhdGVkRnVuY3Rpb24gPSB0aGlzLmF1dGhDaGVja0Z1bmN0aW9uO1xuXG4gICAgaWYgKHByb3BzLmVuYWJsZVVzZXJJbmZvSW5qZWN0aW9uICE9PSBmYWxzZSkge1xuICAgICAgaWYgKCFwcm9wcy51c2VySW5mb05hbWVGaWVsZHMgfHwgcHJvcHMudXNlckluZm9OYW1lRmllbGRzLmxlbmd0aCA9PT0gMCkge1xuICAgICAgICB0aHJvdyBuZXcgRXJyb3IoJ3VzZXJJbmZvTmFtZUZpZWxkcyBtdXN0IGJlIHByb3ZpZGVkIHdoZW4gZW5hYmxlVXNlckluZm9JbmplY3Rpb24gaXMgdHJ1ZScpO1xuICAgICAgfVxuICAgICAgY29uc3QgdXNlckluZm9Db2RlID0gdGhpcy5sb2FkQW5kUmVwbGFjZVVzZXJJbmZvQ29kZShwcm9wcy51c2VySW5mb05hbWVGaWVsZHMpO1xuICAgICAgdGhpcy51c2VySW5mb0Z1bmN0aW9uID0gbmV3IGNsb3VkZnJvbnQuRnVuY3Rpb24odGhpcywgJ1VzZXJJbmZvRW5kcG9pbnQnLCB7XG4gICAgICAgIGNvZGU6IGNsb3VkZnJvbnQuRnVuY3Rpb25Db2RlLmZyb21JbmxpbmUodXNlckluZm9Db2RlKSxcbiAgICAgICAgcnVudGltZTogY2xvdWRmcm9udC5GdW5jdGlvblJ1bnRpbWUuSlNfMl8wLFxuICAgICAgICBrZXlWYWx1ZVN0b3JlOiBrdnMsXG4gICAgICAgIGNvbW1lbnQ6ICdSZXR1cm5zIHVzZXIgaW5mbyBKU09OIGZyb20gSldUJyxcbiAgICAgIH0pO1xuICAgICAgdGhpcy51c2VySW5mb0Z1bmN0aW9uLm5vZGUuYWRkRGVwZW5kZW5jeSh0aGlzLmF1dGhDaGVja0Z1bmN0aW9uKTtcbiAgICAgIHRoaXMubGFzdENyZWF0ZWRGdW5jdGlvbiA9IHRoaXMudXNlckluZm9GdW5jdGlvbjtcbiAgICB9XG5cbiAgICB0aGlzLnRsc09yaWdpblJlcXVlc3RQb2xpY3kgPSBuZXcgY2xvdWRmcm9udC5PcmlnaW5SZXF1ZXN0UG9saWN5KHRoaXMsICdUbHNPcmlnaW5SZXF1ZXN0UG9saWN5Jywge1xuICAgICAgaGVhZGVyQmVoYXZpb3I6IGNsb3VkZnJvbnQuT3JpZ2luUmVxdWVzdEhlYWRlckJlaGF2aW9yLmFsbG93TGlzdCgnQ2xvdWRGcm9udC1WaWV3ZXItVExTJyksXG4gICAgICBjb29raWVCZWhhdmlvcjogY2xvdWRmcm9udC5PcmlnaW5SZXF1ZXN0Q29va2llQmVoYXZpb3Iubm9uZSgpLFxuICAgICAgcXVlcnlTdHJpbmdCZWhhdmlvcjogY2xvdWRmcm9udC5PcmlnaW5SZXF1ZXN0UXVlcnlTdHJpbmdCZWhhdmlvci5ub25lKCksXG4gICAgfSk7XG5cbiAgICB0aGlzLmZ1bmN0aW9uQ29tcG9zZXIgPSBuZXcgRnVuY3Rpb25Db21wb3NlcigpO1xuICAgIHRoaXMuY29tcG9zZWRGdW5jdGlvbnMgPSBuZXcgTWFwKCk7XG5cbiAgICBjb25zdCBvYXV0aENhbGxiYWNrQmVoYXZpb3I6IGNsb3VkZnJvbnQuQmVoYXZpb3JPcHRpb25zID0ge1xuICAgICAgb3JpZ2luOiBwcm9wcy5kZWZhdWx0QmVoYXZpb3Iub3JpZ2luLFxuICAgICAgdmlld2VyUHJvdG9jb2xQb2xpY3k6IGNsb3VkZnJvbnQuVmlld2VyUHJvdG9jb2xQb2xpY3kuUkVESVJFQ1RfVE9fSFRUUFMsXG4gICAgICBlZGdlTGFtYmRhczogW3tcbiAgICAgICAgZnVuY3Rpb25WZXJzaW9uOiBvYXV0aENhbGxiYWNrRm4uY3VycmVudFZlcnNpb24sXG4gICAgICAgIGV2ZW50VHlwZTogY2xvdWRmcm9udC5MYW1iZGFFZGdlRXZlbnRUeXBlLk9SSUdJTl9SRVFVRVNULFxuICAgICAgfV0sXG4gICAgICBjYWNoZVBvbGljeTogbmV3IGNsb3VkZnJvbnQuQ2FjaGVQb2xpY3kodGhpcywgJ0NhbGxiYWNrQ2FjaGVQb2xpY3knLCB7XG4gICAgICAgIGNhY2hlUG9saWN5TmFtZTogYCR7Y29yZS5TdGFjay5vZih0aGlzKS5zdGFja05hbWV9LWNvZ25pdG8tY2FsbGJhY2tgLFxuICAgICAgICBkZWZhdWx0VHRsOiBjb3JlLkR1cmF0aW9uLnNlY29uZHMoMCksXG4gICAgICAgIG1pblR0bDogY29yZS5EdXJhdGlvbi5zZWNvbmRzKDApLFxuICAgICAgICBtYXhUdGw6IGNvcmUuRHVyYXRpb24uc2Vjb25kcygxKSxcbiAgICAgICAgY29va2llQmVoYXZpb3I6IGNsb3VkZnJvbnQuQ2FjaGVDb29raWVCZWhhdmlvci5hbGxvd0xpc3QoJ29hdXRoX3N0YXRlJywgJ2NvZGVfdmVyaWZpZXInKSxcbiAgICAgICAgaGVhZGVyQmVoYXZpb3I6IGNsb3VkZnJvbnQuQ2FjaGVIZWFkZXJCZWhhdmlvci5ub25lKCksXG4gICAgICAgIHF1ZXJ5U3RyaW5nQmVoYXZpb3I6IGNsb3VkZnJvbnQuQ2FjaGVRdWVyeVN0cmluZ0JlaGF2aW9yLmFsbCgpLFxuICAgICAgICBlbmFibGVBY2NlcHRFbmNvZGluZ0d6aXA6IGZhbHNlLFxuICAgICAgICBlbmFibGVBY2NlcHRFbmNvZGluZ0Jyb3RsaTogZmFsc2UsXG4gICAgICB9KSxcbiAgICB9O1xuXG4gICAgdGhpcy5kaXN0cmlidXRpb24gPSBuZXcgY2xvdWRmcm9udC5EaXN0cmlidXRpb24odGhpcywgJ0Rpc3RyaWJ1dGlvbicsIHtcbiAgICAgIGh0dHBWZXJzaW9uOiBjbG91ZGZyb250Lkh0dHBWZXJzaW9uLkhUVFAyX0FORF8zLFxuICAgICAgbWluaW11bVByb3RvY29sVmVyc2lvbjogY2xvdWRmcm9udC5TZWN1cml0eVBvbGljeVByb3RvY29sLlRMU19WMV8yXzIwMjUsXG4gICAgICBkZWZhdWx0QmVoYXZpb3I6ICgoKSA9PiB7XG4gICAgICAgIGNvbnN0IGJ1aWx0ID0gdGhpcy5idWlsZEZ1bmN0aW9uQXNzb2NpYXRpb25zKHByb3BzLmRlZmF1bHRFeHRlbnNpb25zLCBwcm9wcy5kZWZhdWx0RXh0ZW5zaW9uQ29uZmlnKTtcbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICAuLi5wcm9wcy5kZWZhdWx0QmVoYXZpb3IsXG4gICAgICAgICAgZnVuY3Rpb25Bc3NvY2lhdGlvbnM6IGJ1aWx0Py5mdW5jdGlvbkFzc29jaWF0aW9ucyxcbiAgICAgICAgICBvcmlnaW5SZXF1ZXN0UG9saWN5OiBidWlsdD8ub3JpZ2luUmVxdWVzdFBvbGljeSxcbiAgICAgICAgfTtcbiAgICAgIH0pKCksXG4gICAgICBhZGRpdGlvbmFsQmVoYXZpb3JzOiB7XG4gICAgICAgICcvb2F1dGgyL2NhbGxiYWNrJzogb2F1dGhDYWxsYmFja0JlaGF2aW9yLFxuICAgICAgfSxcbiAgICAgIGRvbWFpbk5hbWVzOiBwcm9wcy5kb21haW5OYW1lcyxcbiAgICAgIGNlcnRpZmljYXRlOiBwcm9wcy5jZXJ0aWZpY2F0ZSxcbiAgICAgIGRlZmF1bHRSb290T2JqZWN0OiBwcm9wcy5kZWZhdWx0Um9vdE9iamVjdCA/PyAnaW5kZXguaHRtbCcsXG4gICAgICBlcnJvclJlc3BvbnNlczogW1xuICAgICAgICB7IGh0dHBTdGF0dXM6IDQwMywgcmVzcG9uc2VIdHRwU3RhdHVzOiAyMDAsIHJlc3BvbnNlUGFnZVBhdGg6IHByb3BzLmVycm9yUmVzcG9uc2VQYWdlUGF0aCA/PyAnL2Vycm9yLmh0bWwnLCB0dGw6IGNvcmUuRHVyYXRpb24ubWludXRlcyg1KSB9LFxuICAgICAgICB7IGh0dHBTdGF0dXM6IDQwNCwgcmVzcG9uc2VIdHRwU3RhdHVzOiAyMDAsIHJlc3BvbnNlUGFnZVBhdGg6IHByb3BzLmVycm9yUmVzcG9uc2VQYWdlUGF0aCA/PyAnL2Vycm9yLmh0bWwnLCB0dGw6IGNvcmUuRHVyYXRpb24ubWludXRlcyg1KSB9LFxuICAgICAgICB7IGh0dHBTdGF0dXM6IDUwMCwgcmVzcG9uc2VIdHRwU3RhdHVzOiAyMDAsIHJlc3BvbnNlUGFnZVBhdGg6IHByb3BzLmVycm9yUmVzcG9uc2VQYWdlUGF0aCA/PyAnL2Vycm9yLmh0bWwnLCB0dGw6IGNvcmUuRHVyYXRpb24uc2Vjb25kcygxMCkgfSxcbiAgICAgICAgeyBodHRwU3RhdHVzOiA1MDIsIHJlc3BvbnNlSHR0cFN0YXR1czogMjAwLCByZXNwb25zZVBhZ2VQYXRoOiBwcm9wcy5lcnJvclJlc3BvbnNlUGFnZVBhdGggPz8gJy9lcnJvci5odG1sJywgdHRsOiBjb3JlLkR1cmF0aW9uLnNlY29uZHMoMTApIH0sXG4gICAgICAgIHsgaHR0cFN0YXR1czogNTAzLCByZXNwb25zZUh0dHBTdGF0dXM6IDIwMCwgcmVzcG9uc2VQYWdlUGF0aDogcHJvcHMuZXJyb3JSZXNwb25zZVBhZ2VQYXRoID8/ICcvZXJyb3IuaHRtbCcsIHR0bDogY29yZS5EdXJhdGlvbi5zZWNvbmRzKDEwKSB9LFxuICAgICAgICB7IGh0dHBTdGF0dXM6IDUwNCwgcmVzcG9uc2VIdHRwU3RhdHVzOiAyMDAsIHJlc3BvbnNlUGFnZVBhdGg6IHByb3BzLmVycm9yUmVzcG9uc2VQYWdlUGF0aCA/PyAnL2Vycm9yLmh0bWwnLCB0dGw6IGNvcmUuRHVyYXRpb24uc2Vjb25kcygxMCkgfSxcbiAgICAgIF0sXG4gICAgfSk7XG5cbiAgICBpZiAodGhpcy51c2VySW5mb0Z1bmN0aW9uKSB7XG4gICAgICB0aGlzLmRpc3RyaWJ1dGlvbi5hZGRCZWhhdmlvcignL3VzZXJpbmZvJywgcHJvcHMuZGVmYXVsdEJlaGF2aW9yLm9yaWdpbiwge1xuICAgICAgICB2aWV3ZXJQcm90b2NvbFBvbGljeTogY2xvdWRmcm9udC5WaWV3ZXJQcm90b2NvbFBvbGljeS5SRURJUkVDVF9UT19IVFRQUyxcbiAgICAgICAgZnVuY3Rpb25Bc3NvY2lhdGlvbnM6IFt7IGZ1bmN0aW9uOiB0aGlzLnVzZXJJbmZvRnVuY3Rpb24sIGV2ZW50VHlwZTogY2xvdWRmcm9udC5GdW5jdGlvbkV2ZW50VHlwZS5WSUVXRVJfUkVRVUVTVCB9XSxcbiAgICAgICAgY2FjaGVQb2xpY3k6IGNsb3VkZnJvbnQuQ2FjaGVQb2xpY3kuQ0FDSElOR19ESVNBQkxFRCxcbiAgICAgIH0pO1xuICAgIH1cbiAgfVxuXG4gIHB1YmxpYyBhZGRCZWhhdmlvcihcbiAgICBwYXRoUGF0dGVybjogc3RyaW5nLFxuICAgIG9yaWdpbjogY2xvdWRmcm9udC5JT3JpZ2luLFxuICAgIG9wdGlvbnM6IEFkZEJlaGF2aW9yT3B0aW9uczxUUm9sZT4gPSB7fSxcbiAgKTogdm9pZCB7XG4gICAgY29uc3QgYnVpbHQgPSB0aGlzLmJ1aWxkRnVuY3Rpb25Bc3NvY2lhdGlvbnMob3B0aW9ucy5leHRlbnNpb25zLCBvcHRpb25zLmV4dGVuc2lvbkNvbmZpZyk7XG4gICAgdGhpcy5kaXN0cmlidXRpb24uYWRkQmVoYXZpb3IocGF0aFBhdHRlcm4sIG9yaWdpbiwge1xuICAgICAgLi4ub3B0aW9ucy5iZWhhdmlvck9wdGlvbnMsXG4gICAgICBmdW5jdGlvbkFzc29jaWF0aW9uczogYnVpbHQ/LmZ1bmN0aW9uQXNzb2NpYXRpb25zID8/IG9wdGlvbnMuYmVoYXZpb3JPcHRpb25zPy5mdW5jdGlvbkFzc29jaWF0aW9ucyxcbiAgICAgIG9yaWdpblJlcXVlc3RQb2xpY3k6IGJ1aWx0Py5vcmlnaW5SZXF1ZXN0UG9saWN5ID8/IG9wdGlvbnMuYmVoYXZpb3JPcHRpb25zPy5vcmlnaW5SZXF1ZXN0UG9saWN5LFxuICAgIH0pO1xuICB9XG5cbiAgcHJpdmF0ZSBidWlsZEZ1bmN0aW9uQXNzb2NpYXRpb25zKFxuICAgIGV4dGVuc2lvbnM/OiBFeHRlbnNpb25bXSxcbiAgICBjb25maWc/OiBFeHRlbnNpb25Db25maWc8VFJvbGU+LFxuICApOiB7IGZ1bmN0aW9uQXNzb2NpYXRpb25zOiBjbG91ZGZyb250LkZ1bmN0aW9uQXNzb2NpYXRpb25bXTsgb3JpZ2luUmVxdWVzdFBvbGljeT86IGNsb3VkZnJvbnQuT3JpZ2luUmVxdWVzdFBvbGljeSB9IHwgdW5kZWZpbmVkIHtcbiAgICBpZiAoIWV4dGVuc2lvbnMgfHwgZXh0ZW5zaW9ucy5sZW5ndGggPT09IDApIHtcbiAgICAgIHJldHVybiB1bmRlZmluZWQ7XG4gICAgfVxuXG4gICAgY29uc3QgY2FjaGVLZXkgPSB0aGlzLmdlbmVyYXRlRnVuY3Rpb25DYWNoZUtleShleHRlbnNpb25zLCBjb25maWcpO1xuICAgIGxldCBmdW5jID0gdGhpcy5jb21wb3NlZEZ1bmN0aW9ucy5nZXQoY2FjaGVLZXkpO1xuXG4gICAgaWYgKCFmdW5jKSB7XG4gICAgICBjb25zdCBjb2RlID0gdGhpcy5mdW5jdGlvbkNvbXBvc2VyLmNvbXBvc2UoZXh0ZW5zaW9ucywgY29uZmlnLCB7XG4gICAgICAgIGNvZ25pdG9Eb21haW46IHRoaXMuY29nbml0b0RvbWFpbixcbiAgICAgICAgY2xpZW50SWQ6IHRoaXMuY2xpZW50SWQsXG4gICAgICAgIHJlZGlyZWN0VXJpOiB0aGlzLnJlZGlyZWN0VXJpLFxuICAgICAgfSk7XG5cbiAgICAgIGNvbnN0IGZ1bmN0aW9uSWQgPSB0aGlzLmdlbmVyYXRlRnVuY3Rpb25JZChleHRlbnNpb25zLCBjb25maWcpO1xuICAgICAgY29uc3QgZnVuY3Rpb25Qcm9wcyA9IGV4dGVuc2lvbnMuaW5jbHVkZXMoRXh0ZW5zaW9uLlJFUVVJUkVfQVVUSClcbiAgICAgICAgPyB7IGNvZGU6IGNsb3VkZnJvbnQuRnVuY3Rpb25Db2RlLmZyb21JbmxpbmUoY29kZSksIHJ1bnRpbWU6IGNsb3VkZnJvbnQuRnVuY3Rpb25SdW50aW1lLkpTXzJfMCwgY29tbWVudDogYENvbWJpbmVkOiAke2V4dGVuc2lvbnMuam9pbignLCAnKX1gLCBrZXlWYWx1ZVN0b3JlOiB0aGlzLmt2cyB9XG4gICAgICAgIDogeyBjb2RlOiBjbG91ZGZyb250LkZ1bmN0aW9uQ29kZS5mcm9tSW5saW5lKGNvZGUpLCBydW50aW1lOiBjbG91ZGZyb250LkZ1bmN0aW9uUnVudGltZS5KU18yXzAsIGNvbW1lbnQ6IGBDb21iaW5lZDogJHtleHRlbnNpb25zLmpvaW4oJywgJyl9YCB9O1xuXG4gICAgICBmdW5jID0gbmV3IGNsb3VkZnJvbnQuRnVuY3Rpb24odGhpcywgZnVuY3Rpb25JZCwgZnVuY3Rpb25Qcm9wcyk7XG4gICAgICBpZiAodGhpcy5sYXN0Q3JlYXRlZEZ1bmN0aW9uKSB7XG4gICAgICAgIGZ1bmMubm9kZS5hZGREZXBlbmRlbmN5KHRoaXMubGFzdENyZWF0ZWRGdW5jdGlvbik7XG4gICAgICB9XG4gICAgICB0aGlzLmxhc3RDcmVhdGVkRnVuY3Rpb24gPSBmdW5jO1xuICAgICAgdGhpcy5jb21wb3NlZEZ1bmN0aW9ucy5zZXQoY2FjaGVLZXksIGZ1bmMpO1xuICAgIH1cblxuICAgIGNvbnN0IHJlc3VsdDogeyBmdW5jdGlvbkFzc29jaWF0aW9uczogY2xvdWRmcm9udC5GdW5jdGlvbkFzc29jaWF0aW9uW107IG9yaWdpblJlcXVlc3RQb2xpY3k/OiBjbG91ZGZyb250Lk9yaWdpblJlcXVlc3RQb2xpY3kgfSA9IHtcbiAgICAgIGZ1bmN0aW9uQXNzb2NpYXRpb25zOiBbeyBmdW5jdGlvbjogZnVuYywgZXZlbnRUeXBlOiBjbG91ZGZyb250LkZ1bmN0aW9uRXZlbnRUeXBlLlZJRVdFUl9SRVFVRVNUIH1dLFxuICAgIH07XG5cbiAgICBpZiAoZXh0ZW5zaW9ucy5pbmNsdWRlcyhFeHRlbnNpb24uUkVRVUlSRV9UTFNfMTMpKSB7XG4gICAgICByZXN1bHQub3JpZ2luUmVxdWVzdFBvbGljeSA9IHRoaXMudGxzT3JpZ2luUmVxdWVzdFBvbGljeTtcbiAgICB9XG5cbiAgICByZXR1cm4gcmVzdWx0O1xuICB9XG5cbiAgcHJpdmF0ZSBnZW5lcmF0ZUZ1bmN0aW9uQ2FjaGVLZXkoZXh0ZW5zaW9uczogRXh0ZW5zaW9uW10sIGNvbmZpZz86IEV4dGVuc2lvbkNvbmZpZzxUUm9sZT4pOiBzdHJpbmcge1xuICAgIGNvbnN0IHBhcnRzID0gW2V4dGVuc2lvbnMuc29ydCgpLmpvaW4oJywnKV07XG4gICAgaWYgKGNvbmZpZz8ucmVxdWlyZWRSb2xlcykge1xuICAgICAgcGFydHMucHVzaChbLi4uY29uZmlnLnJlcXVpcmVkUm9sZXNdLnNvcnQoKS5qb2luKCcsJykpO1xuICAgIH1cbiAgICBpZiAoY29uZmlnPy5yb2xlTWF0Y2hNb2RlICYmIGNvbmZpZy5yb2xlTWF0Y2hNb2RlICE9PSBSb2xlTWF0Y2hNb2RlLk9SKSB7XG4gICAgICBwYXJ0cy5wdXNoKGNvbmZpZy5yb2xlTWF0Y2hNb2RlKTtcbiAgICB9XG4gICAgcmV0dXJuIHBhcnRzLmpvaW4oJ3wnKTtcbiAgfVxuXG4gIHByaXZhdGUgZ2VuZXJhdGVGdW5jdGlvbklkKGV4dGVuc2lvbnM6IEV4dGVuc2lvbltdLCBjb25maWc/OiBFeHRlbnNpb25Db25maWc8VFJvbGU+KTogc3RyaW5nIHtcbiAgICBjb25zdCBleHRlbnNpb25QYXJ0ID0gZXh0ZW5zaW9ucy5tYXAoZSA9PiBlLnJlcGxhY2UoJ1JFUVVJUkVfJywgJycpKS5qb2luKCcnKTtcbiAgICBpZiAoY29uZmlnPy5yZXF1aXJlZFJvbGVzICYmIGNvbmZpZy5yZXF1aXJlZFJvbGVzLmxlbmd0aCA+IDApIHtcbiAgICAgIGNvbnN0IHJvbGVIYXNoID0gY29uZmlnLnJlcXVpcmVkUm9sZXMuam9pbignJykucmVwbGFjZSgvW15hLXpBLVowLTldL2csICcnKS5zdWJzdHJpbmcoMCwgOCk7XG4gICAgICBjb25zdCBtb2RlUGFydCA9IGNvbmZpZy5yb2xlTWF0Y2hNb2RlICYmIGNvbmZpZy5yb2xlTWF0Y2hNb2RlICE9PSBSb2xlTWF0Y2hNb2RlLk9SID8gY29uZmlnLnJvbGVNYXRjaE1vZGUgOiAnJztcbiAgICAgIHJldHVybiBgQ29tcG9zZWRGdW5jdGlvbiR7ZXh0ZW5zaW9uUGFydH0ke3JvbGVIYXNofSR7bW9kZVBhcnR9YDtcbiAgICB9XG4gICAgcmV0dXJuIGBDb21wb3NlZEZ1bmN0aW9uJHtleHRlbnNpb25QYXJ0fWA7XG4gIH1cblxuICBwcml2YXRlIGJ1aWxkQXV0aENoZWNrQ29kZShjb2duaXRvRG9tYWluOiBzdHJpbmcsIGNsaWVudElkOiBzdHJpbmcsIHJlZGlyZWN0VXJpOiBzdHJpbmcpOiBzdHJpbmcge1xuICAgIGNvbnN0IGNvZGVQYXRoID0gcGF0aC5qb2luKF9fZGlybmFtZSwgJy4uL2Nsb3VkZnJvbnQtZnVuY3Rpb25zL21vZHVsZXMvY29nbml0by1hdXRoLWNoZWNrLmpzJyk7XG4gICAgbGV0IGNvZGUgPSBmcy5yZWFkRmlsZVN5bmMoY29kZVBhdGgsICd1dGYtOCcpO1xuICAgIGNvZGUgPSBjb2RlLnJlcGxhY2UoL0NPR05JVE9fRE9NQUlOX1BMQUNFSE9MREVSL2csIGNvZ25pdG9Eb21haW4pO1xuICAgIGNvZGUgPSBjb2RlLnJlcGxhY2UoL0NMSUVOVF9JRF9QTEFDRUhPTERFUi9nLCBjbGllbnRJZCk7XG4gICAgY29kZSA9IGNvZGUucmVwbGFjZSgvUkVESVJFQ1RfVVJJX1BMQUNFSE9MREVSL2csIHJlZGlyZWN0VXJpKTtcbiAgICByZXR1cm4gY29kZTtcbiAgfVxuXG4gIHByaXZhdGUgbG9hZEFuZFJlcGxhY2VVc2VySW5mb0NvZGUobmFtZUZpZWxkczogc3RyaW5nW10pOiBzdHJpbmcge1xuICAgIGNvbnN0IGNvZGVQYXRoID0gcGF0aC5qb2luKF9fZGlybmFtZSwgJy4uL2Nsb3VkZnJvbnQtZnVuY3Rpb25zL3VzZXJpbmZvLWVuZHBvaW50LmpzJyk7XG4gICAgbGV0IGNvZGUgPSBmcy5yZWFkRmlsZVN5bmMoY29kZVBhdGgsICd1dGYtOCcpO1xuICAgIGNvZGUgPSBjb2RlLnJlcGxhY2UoXG4gICAgICBcInZhciBuYW1lRmllbGRzID0gWydrZXkxJywgJ2tleTInLCAna2V5MyddO1wiLFxuICAgICAgYHZhciBuYW1lRmllbGRzID0gJHtKU09OLnN0cmluZ2lmeShuYW1lRmllbGRzKX07YCxcbiAgICApO1xuICAgIHJldHVybiBjb2RlO1xuICB9XG59XG4iXX0=

package/lib/cloudfront/patterns/cognitoAuthInfrastructure.d.ts

@@ -0,0 +1,28 @@
+import * as core from 'aws-cdk-lib';
+import { aws_cognito as cognito } from 'aws-cdk-lib';
+import * as constructs from 'constructs';
+import { AppSpec } from './authInfrastructure';
+export interface CognitoAuthInfrastructureProps {
+    readonly ssmParamPrefix?: string;
+    readonly zoneName: string;
+    readonly appSpec: AppSpec;
+    readonly cognitoDomainPrefix: string;
+    readonly securityAlertsTopicArn?: string;
+    readonly sessionRevocationTopicArn?: string;
+    readonly autoRevokeOnReuse?: boolean;
+    readonly jwtClaimsWhitelist?: string[];
+    readonly hmacSecretRotationSchedule?: core.Duration;
+    readonly auditLogRetentionDays?: number;
+    readonly auditArchiveRetentionDays?: number;
+    readonly removalPolicy?: core.RemovalPolicy;
+}
+export declare class CognitoAuthInfrastructure extends constructs.Construct {
+    readonly configSecretArn: string;
+    readonly kmsKeyArn: string;
+    readonly authTableArn: string;
+    readonly kvsArn: string;
+    readonly userPool: cognito.UserPool;
+    readonly userPoolClient: cognito.UserPoolClient;
+    readonly cognitoDomain: cognito.UserPoolDomain;
+    constructor(scope: constructs.Construct, id: string, props: CognitoAuthInfrastructureProps);
+}

package/lib/cloudfront/patterns/cognitoAuthInfrastructure.js

@@ -0,0 +1,157 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CognitoAuthInfrastructure = void 0;
+const path = __importStar(require("path"));
+const core = __importStar(require("aws-cdk-lib"));
+const aws_cdk_lib_1 = require("aws-cdk-lib");
+const constructs = __importStar(require("constructs"));
+const authLambdaFunctions_1 = require("../auth/authLambdaFunctions");
+const cognitoAuthSecretManager_1 = require("../auth/cognitoAuthSecretManager");
+const authSecurityTable_1 = require("../authSecurityTable");
+const auditLogArchive_1 = require("../logging/auditLogArchive");
+const ssmCrossRegionWriter_1 = require("../ssmCrossRegionWriter");
+class CognitoAuthInfrastructure extends constructs.Construct {
+    constructor(scope, id, props) {
+        super(scope, id);
+        const preTokenLambda = new aws_cdk_lib_1.aws_lambda.Function(this, 'PreTokenLambda', {
+            runtime: aws_cdk_lib_1.aws_lambda.Runtime.PYTHON_3_12,
+            handler: 'index.handler',
+            code: aws_cdk_lib_1.aws_lambda.Code.fromAsset(path.join(__dirname, '../cloudfront/lambda/pre-token')),
+            timeout: core.Duration.seconds(5),
+        });
+        this.userPool = new aws_cdk_lib_1.aws_cognito.UserPool(this, 'UserPool', {
+            userPoolName: `${props.appSpec.name}-user-pool`,
+            selfSignUpEnabled: false,
+            signInAliases: { email: true },
+            mfa: aws_cdk_lib_1.aws_cognito.Mfa.REQUIRED,
+            mfaSecondFactor: { otp: true, sms: false },
+            passwordPolicy: {
+                minLength: 12,
+                requireLowercase: true,
+                requireUppercase: true,
+                requireDigits: true,
+                requireSymbols: true,
+            },
+            removalPolicy: props.removalPolicy ?? core.RemovalPolicy.RETAIN,
+        });
+        this.userPool.addTrigger(aws_cdk_lib_1.aws_cognito.UserPoolOperation.PRE_TOKEN_GENERATION_CONFIG, preTokenLambda, aws_cdk_lib_1.aws_cognito.LambdaVersion.V2_0);
+        if (props.appSpec.groups) {
+            for (const group of props.appSpec.groups) {
+                new aws_cdk_lib_1.aws_cognito.CfnUserPoolGroup(this, `Group${group}`, {
+                    userPoolId: this.userPool.userPoolId,
+                    groupName: group,
+                });
+            }
+        }
+        this.userPoolClient = new aws_cdk_lib_1.aws_cognito.UserPoolClient(this, 'UserPoolClient', {
+            userPool: this.userPool,
+            generateSecret: false,
+            authFlows: { userSrp: true },
+            oAuth: {
+                flows: { authorizationCodeGrant: true },
+                scopes: [
+                    aws_cdk_lib_1.aws_cognito.OAuthScope.OPENID,
+                    aws_cdk_lib_1.aws_cognito.OAuthScope.EMAIL,
+                    aws_cdk_lib_1.aws_cognito.OAuthScope.PROFILE,
+                ],
+                callbackUrls: [`https://${props.zoneName}/oauth2/callback`],
+                logoutUrls: [`https://${props.zoneName}`],
+            },
+            supportedIdentityProviders: [aws_cdk_lib_1.aws_cognito.UserPoolClientIdentityProvider.COGNITO],
+        });
+        this.cognitoDomain = this.userPool.addDomain('CognitoDomain', {
+            cognitoDomain: { domainPrefix: props.cognitoDomainPrefix },
+        });
+        const authSecurityTable = new authSecurityTable_1.AuthSecurityTable(this, 'AuthSecurityTable', {
+            tableName: `auth-security-${props.zoneName}`,
+            removalPolicy: props.removalPolicy ?? core.RemovalPolicy.RETAIN,
+        });
+        const cognitoRegion = core.Stack.of(this).region;
+        const cognitoDomainUrl = `${props.cognitoDomainPrefix}.auth.${cognitoRegion}.amazoncognito.com`;
+        const secretManager = new cognitoAuthSecretManager_1.CognitoAuthSecretManager(this, 'SecretManager', {
+            domainName: props.zoneName,
+            tableName: authSecurityTable.table.tableName,
+            tableRegion: cognitoRegion,
+            userPoolId: this.userPool.userPoolId,
+            clientId: this.userPoolClient.userPoolClientId,
+            cognitoDomain: cognitoDomainUrl,
+            cognitoRegion: cognitoRegion,
+            securityAlertsTopicArn: props.securityAlertsTopicArn,
+            autoRevokeOnReuse: props.autoRevokeOnReuse,
+            jwtClaimsWhitelist: props.jwtClaimsWhitelist,
+        });
+        const auditLogRetentionDays = props.auditLogRetentionDays ?? 30;
+        const auditArchiveRetentionDays = props.auditArchiveRetentionDays ?? 365;
+        const lambdaFunctions = new authLambdaFunctions_1.AuthLambdaFunctions(this, 'LambdaFunctions', {
+            configSecret: secretManager.configSecret,
+            kmsKey: secretManager.kmsKey,
+            kvs: secretManager.kvs,
+            authTable: authSecurityTable.table,
+            rotationSchedule: props.hmacSecretRotationSchedule,
+            sessionRevocationTopicArn: props.sessionRevocationTopicArn,
+            logRetentionDays: auditLogRetentionDays,
+        });
+        new auditLogArchive_1.AuditLogArchive(this, 'AuditLogArchive', {
+            logGroupNames: lambdaFunctions.logGroups.map(lg => lg.logGroupName),
+            kmsKey: secretManager.kmsKey,
+            retentionDays: auditLogRetentionDays,
+            archiveRetentionDays: auditArchiveRetentionDays,
+            bucketName: `auth-audit-logs-cognito-${core.Stack.of(this).account}-${core.Stack.of(this).region}`,
+            databaseName: 'auth_audit_logs_cognito',
+            removalPolicy: props.removalPolicy ?? core.RemovalPolicy.RETAIN,
+        });
+        const prefix = props.ssmParamPrefix ?? `/auth/${props.zoneName}`;
+        new ssmCrossRegionWriter_1.SsmCrossRegionWriter(this, 'SsmWriter', {
+            prefix: prefix,
+            region: 'us-east-1',
+            params: {
+                configSecretArn: secretManager.configSecret.secretArn,
+                kmsKeyArn: secretManager.kmsKey.keyArn,
+                authTableArn: authSecurityTable.table.tableArn,
+                kvsArn: secretManager.kvs.keyValueStoreArn,
+                cognitoDomain: cognitoDomainUrl,
+                clientId: this.userPoolClient.userPoolClientId,
+                userPoolId: this.userPool.userPoolId,
+            },
+        });
+        this.configSecretArn = secretManager.configSecret.secretArn;
+        this.kmsKeyArn = secretManager.kmsKey.keyArn;
+        this.authTableArn = authSecurityTable.table.tableArn;
+        this.kvsArn = secretManager.kvs.keyValueStoreArn;
+    }
+}
+exports.CognitoAuthInfrastructure = CognitoAuthInfrastructure;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29nbml0b0F1dGhJbmZyYXN0cnVjdHVyZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jbG91ZGZyb250L3BhdHRlcm5zL2NvZ25pdG9BdXRoSW5mcmFzdHJ1Y3R1cmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMkNBQTZCO0FBQzdCLGtEQUFvQztBQUNwQyw2Q0FHcUI7QUFDckIsdURBQXlDO0FBQ3pDLHFFQUFrRTtBQUNsRSwrRUFBNEU7QUFDNUUsNERBQXlEO0FBQ3pELGdFQUE2RDtBQUM3RCxrRUFBK0Q7QUFrQi9ELE1BQWEseUJBQTBCLFNBQVEsVUFBVSxDQUFDLFNBQVM7SUFTakUsWUFBWSxLQUEyQixFQUFFLEVBQVUsRUFBRSxLQUFxQztRQUN4RixLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRWpCLE1BQU0sY0FBYyxHQUFHLElBQUksd0JBQU0sQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLGdCQUFnQixFQUFFO1lBQ2pFLE9BQU8sRUFBRSx3QkFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXO1lBQ25DLE9BQU8sRUFBRSxlQUFlO1lBQ3hCLElBQUksRUFBRSx3QkFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsZ0NBQWdDLENBQUMsQ0FBQztZQUNuRixPQUFPLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO1NBQ2xDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSx5QkFBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQ3JELFlBQVksRUFBRSxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsSUFBSSxZQUFZO1lBQy9DLGlCQUFpQixFQUFFLEtBQUs7WUFDeEIsYUFBYSxFQUFFLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRTtZQUM5QixHQUFHLEVBQUUseUJBQU8sQ0FBQyxHQUFHLENBQUMsUUFBUTtZQUN6QixlQUFlLEVBQUUsRUFBRSxHQUFHLEVBQUUsSUFBSSxFQUFFLEdBQUcsRUFBRSxLQUFLLEVBQUU7WUFDMUMsY0FBYyxFQUFFO2dCQUNkLFNBQVMsRUFBRSxFQUFFO2dCQUNiLGdCQUFnQixFQUFFLElBQUk7Z0JBQ3RCLGdCQUFnQixFQUFFLElBQUk7Z0JBQ3RCLGFBQWEsRUFBRSxJQUFJO2dCQUNuQixjQUFjLEVBQUUsSUFBSTthQUNyQjtZQUNELGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYSxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTTtTQUNoRSxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyx5QkFBTyxDQUFDLGlCQUFpQixDQUFDLDJCQUEyQixFQUFFLGNBQWMsRUFBRSx5QkFBTyxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUU1SCxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDekIsS0FBSyxNQUFNLEtBQUssSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUN6QyxJQUFJLHlCQUFPLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxFQUFFLFFBQVEsS0FBSyxFQUFFLEVBQUU7b0JBQ2xELFVBQVUsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLFVBQVU7b0JBQ3BDLFNBQVMsRUFBRSxLQUFLO2lCQUNqQixDQUFDLENBQUM7WUFDTCxDQUFDO1FBQ0gsQ0FBQztRQUVELElBQUksQ0FBQyxjQUFjLEdBQUcsSUFBSSx5QkFBTyxDQUFDLGNBQWMsQ0FBQyxJQUFJLEVBQUUsZ0JBQWdCLEVBQUU7WUFDdkUsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO1lBQ3ZCLGNBQWMsRUFBRSxLQUFLO1lBQ3JCLFNBQVMsRUFBRSxFQUFFLE9BQU8sRUFBRSxJQUFJLEVBQUU7WUFDNUIsS0FBSyxFQUFFO2dCQUNMLEtBQUssRUFBRSxFQUFFLHNCQUFzQixFQUFFLElBQUksRUFBRTtnQkFDdkMsTUFBTSxFQUFFO29CQUNOLHlCQUFPLENBQUMsVUFBVSxDQUFDLE1BQU07b0JBQ3pCLHlCQUFPLENBQUMsVUFBVSxDQUFDLEtBQUs7b0JBQ3hCLHlCQUFPLENBQUMsVUFBVSxDQUFDLE9BQU87aUJBQzNCO2dCQUNELFlBQVksRUFBRSxDQUFDLFdBQVcsS0FBSyxDQUFDLFFBQVEsa0JBQWtCLENBQUM7Z0JBQzNELFVBQVUsRUFBRSxDQUFDLFdBQVcsS0FBSyxDQUFDLFFBQVEsRUFBRSxDQUFDO2FBQzFDO1lBQ0QsMEJBQTBCLEVBQUUsQ0FBQyx5QkFBTyxDQUFDLDhCQUE4QixDQUFDLE9BQU8sQ0FBQztTQUM3RSxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLGVBQWUsRUFBRTtZQUM1RCxhQUFhLEVBQUUsRUFBRSxZQUFZLEVBQUUsS0FBSyxDQUFDLG1CQUFtQixFQUFFO1NBQzNELENBQUMsQ0FBQztRQUVILE1BQU0saUJBQWlCLEdBQUcsSUFBSSxxQ0FBaUIsQ0FBQyxJQUFJLEVBQUUsbUJBQW1CLEVBQUU7WUFDekUsU0FBUyxFQUFFLGlCQUFpQixLQUFLLENBQUMsUUFBUSxFQUFFO1lBQzVDLGFBQWEsRUFBRSxLQUFLLENBQUMsYUFBYSxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTTtTQUNoRSxDQUFDLENBQUM7UUFFSCxNQUFNLGFBQWEsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLENBQUM7UUFDakQsTUFBTSxnQkFBZ0IsR0FBRyxHQUFHLEtBQUssQ0FBQyxtQkFBbUIsU0FBUyxhQUFhLG9CQUFvQixDQUFDO1FBRWhHLE1BQU0sYUFBYSxHQUFHLElBQUksbURBQXdCLENBQUMsSUFBSSxFQUFFLGVBQWUsRUFBRTtZQUN4RSxVQUFVLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDMUIsU0FBUyxFQUFFLGlCQUFpQixDQUFDLEtBQUssQ0FBQyxTQUFTO1lBQzVDLFdBQVcsRUFBRSxhQUFhO1lBQzFCLFVBQVUsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLFVBQVU7WUFDcEMsUUFBUSxFQUFFLElBQUksQ0FBQyxjQUFjLENBQUMsZ0JBQWdCO1lBQzlDLGFBQWEsRUFBRSxnQkFBZ0I7WUFDL0IsYUFBYSxFQUFFLGFBQWE7WUFDNUIsc0JBQXNCLEVBQUUsS0FBSyxDQUFDLHNCQUFzQjtZQUNwRCxpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO1lBQzFDLGtCQUFrQixFQUFFLEtBQUssQ0FBQyxrQkFBa0I7U0FDN0MsQ0FBQyxDQUFDO1FBRUgsTUFBTSxxQkFBcUIsR0FBRyxLQUFLLENBQUMscUJBQXFCLElBQUksRUFBRSxDQUFDO1FBQ2hFLE1BQU0seUJBQXlCLEdBQUcsS0FBSyxDQUFDLHlCQUF5QixJQUFJLEdBQUcsQ0FBQztRQUV6RSxNQUFNLGVBQWUsR0FBRyxJQUFJLHlDQUFtQixDQUFDLElBQUksRUFBRSxpQkFBaUIsRUFBRTtZQUN2RSxZQUFZLEVBQUUsYUFBYSxDQUFDLFlBQVk7WUFDeEMsTUFBTSxFQUFFLGFBQWEsQ0FBQyxNQUFNO1lBQzVCLEdBQUcsRUFBRSxhQUFhLENBQUMsR0FBRztZQUN0QixTQUFTLEVBQUUsaUJBQWlCLENBQUMsS0FBSztZQUNsQyxnQkFBZ0IsRUFBRSxLQUFLLENBQUMsMEJBQTBCO1lBQ2xELHlCQUF5QixFQUFFLEtBQUssQ0FBQyx5QkFBeUI7WUFDMUQsZ0JBQWdCLEVBQUUscUJBQXFCO1NBQ3hDLENBQUMsQ0FBQztRQUVILElBQUksaUNBQWUsQ0FBQyxJQUFJLEVBQUUsaUJBQWlCLEVBQUU7WUFDM0MsYUFBYSxFQUFFLGVBQWUsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLFlBQVksQ0FBQztZQUNuRSxNQUFNLEVBQUUsYUFBYSxDQUFDLE1BQU07WUFDNUIsYUFBYSxFQUFFLHFCQUFxQjtZQUNwQyxvQkFBb0IsRUFBRSx5QkFBeUI7WUFDL0MsVUFBVSxFQUFFLDJCQUEyQixJQUFJLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxPQUFPLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxFQUFFO1lBQ2xHLFlBQVksRUFBRSx5QkFBeUI7WUFDdkMsYUFBYSxFQUFFLEtBQUssQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLGFBQWEsQ0FBQyxNQUFNO1NBQ2hFLENBQUMsQ0FBQztRQUVILE1BQU0sTUFBTSxHQUFHLEtBQUssQ0FBQyxjQUFjLElBQUksU0FBUyxLQUFLLENBQUMsUUFBUSxFQUFFLENBQUM7UUFFakUsSUFBSSwyQ0FBb0IsQ0FBQyxJQUFJLEVBQUUsV0FBVyxFQUFFO1lBQzFDLE1BQU0sRUFBRSxNQUFNO1lBQ2QsTUFBTSxFQUFFLFdBQVc7WUFDbkIsTUFBTSxFQUFFO2dCQUNOLGVBQWUsRUFBRSxhQUFhLENBQUMsWUFBWSxDQUFDLFNBQVM7Z0JBQ3JELFNBQVMsRUFBRSxhQUFhLENBQUMsTUFBTSxDQUFDLE1BQU07Z0JBQ3RDLFlBQVksRUFBRSxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsUUFBUTtnQkFDOUMsTUFBTSxFQUFFLGFBQWEsQ0FBQyxHQUFHLENBQUMsZ0JBQWdCO2dCQUMxQyxhQUFhLEVBQUUsZ0JBQWdCO2dCQUMvQixRQUFRLEVBQUUsSUFBSSxDQUFDLGNBQWMsQ0FBQyxnQkFBZ0I7Z0JBQzlDLFVBQVUsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLFVBQVU7YUFDckM7U0FDRixDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsZUFBZSxHQUFHLGFBQWEsQ0FBQyxZQUFZLENBQUMsU0FBUyxDQUFDO1FBQzVELElBQUksQ0FBQyxTQUFTLEdBQUcsYUFBYSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUM7UUFDN0MsSUFBSSxDQUFDLFlBQVksR0FBRyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDO1FBQ3JELElBQUksQ0FBQyxNQUFNLEdBQUcsYUFBYSxDQUFDLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQztJQUNuRCxDQUFDO0NBQ0Y7QUFwSUQsOERBb0lDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgcGF0aCBmcm9tICdwYXRoJztcbmltcG9ydCAqIGFzIGNvcmUgZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHtcbiAgYXdzX2NvZ25pdG8gYXMgY29nbml0byxcbiAgYXdzX2xhbWJkYSBhcyBsYW1iZGEsXG59IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGNvbnN0cnVjdHMgZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgeyBBdXRoTGFtYmRhRnVuY3Rpb25zIH0gZnJvbSAnLi4vYXV0aC9hdXRoTGFtYmRhRnVuY3Rpb25zJztcbmltcG9ydCB7IENvZ25pdG9BdXRoU2VjcmV0TWFuYWdlciB9IGZyb20gJy4uL2F1dGgvY29nbml0b0F1dGhTZWNyZXRNYW5hZ2VyJztcbmltcG9ydCB7IEF1dGhTZWN1cml0eVRhYmxlIH0gZnJvbSAnLi4vYXV0aFNlY3VyaXR5VGFibGUnO1xuaW1wb3J0IHsgQXVkaXRMb2dBcmNoaXZlIH0gZnJvbSAnLi4vbG9nZ2luZy9hdWRpdExvZ0FyY2hpdmUnO1xuaW1wb3J0IHsgU3NtQ3Jvc3NSZWdpb25Xcml0ZXIgfSBmcm9tICcuLi9zc21Dcm9zc1JlZ2lvbldyaXRlcic7XG5pbXBvcnQgeyBBcHBTcGVjIH0gZnJvbSAnLi9hdXRoSW5mcmFzdHJ1Y3R1cmUnO1xuXG5leHBvcnQgaW50ZXJmYWNlIENvZ25pdG9BdXRoSW5mcmFzdHJ1Y3R1cmVQcm9wcyB7XG4gIHJlYWRvbmx5IHNzbVBhcmFtUHJlZml4Pzogc3RyaW5nO1xuICByZWFkb25seSB6b25lTmFtZTogc3RyaW5nO1xuICByZWFkb25seSBhcHBTcGVjOiBBcHBTcGVjO1xuICByZWFkb25seSBjb2duaXRvRG9tYWluUHJlZml4OiBzdHJpbmc7XG4gIHJlYWRvbmx5IHNlY3VyaXR5QWxlcnRzVG9waWNBcm4/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IHNlc3Npb25SZXZvY2F0aW9uVG9waWNBcm4/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGF1dG9SZXZva2VPblJldXNlPzogYm9vbGVhbjtcbiAgcmVhZG9ubHkgand0Q2xhaW1zV2hpdGVsaXN0Pzogc3RyaW5nW107XG4gIHJlYWRvbmx5IGhtYWNTZWNyZXRSb3RhdGlvblNjaGVkdWxlPzogY29yZS5EdXJhdGlvbjtcbiAgcmVhZG9ubHkgYXVkaXRMb2dSZXRlbnRpb25EYXlzPzogbnVtYmVyO1xuICByZWFkb25seSBhdWRpdEFyY2hpdmVSZXRlbnRpb25EYXlzPzogbnVtYmVyO1xuICByZWFkb25seSByZW1vdmFsUG9saWN5PzogY29yZS5SZW1vdmFsUG9saWN5O1xufVxuXG5leHBvcnQgY2xhc3MgQ29nbml0b0F1dGhJbmZyYXN0cnVjdHVyZSBleHRlbmRzIGNvbnN0cnVjdHMuQ29uc3RydWN0IHtcbiAgcHVibGljIHJlYWRvbmx5IGNvbmZpZ1NlY3JldEFybjogc3RyaW5nO1xuICBwdWJsaWMgcmVhZG9ubHkga21zS2V5QXJuOiBzdHJpbmc7XG4gIHB1YmxpYyByZWFkb25seSBhdXRoVGFibGVBcm46IHN0cmluZztcbiAgcHVibGljIHJlYWRvbmx5IGt2c0Fybjogc3RyaW5nO1xuICBwdWJsaWMgcmVhZG9ubHkgdXNlclBvb2w6IGNvZ25pdG8uVXNlclBvb2w7XG4gIHB1YmxpYyByZWFkb25seSB1c2VyUG9vbENsaWVudDogY29nbml0by5Vc2VyUG9vbENsaWVudDtcbiAgcHVibGljIHJlYWRvbmx5IGNvZ25pdG9Eb21haW46IGNvZ25pdG8uVXNlclBvb2xEb21haW47XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IGNvbnN0cnVjdHMuQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogQ29nbml0b0F1dGhJbmZyYXN0cnVjdHVyZVByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcblxuICAgIGNvbnN0IHByZVRva2VuTGFtYmRhID0gbmV3IGxhbWJkYS5GdW5jdGlvbih0aGlzLCAnUHJlVG9rZW5MYW1iZGEnLCB7XG4gICAgICBydW50aW1lOiBsYW1iZGEuUnVudGltZS5QWVRIT05fM18xMixcbiAgICAgIGhhbmRsZXI6ICdpbmRleC5oYW5kbGVyJyxcbiAgICAgIGNvZGU6IGxhbWJkYS5Db2RlLmZyb21Bc3NldChwYXRoLmpvaW4oX19kaXJuYW1lLCAnLi4vY2xvdWRmcm9udC9sYW1iZGEvcHJlLXRva2VuJykpLFxuICAgICAgdGltZW91dDogY29yZS5EdXJhdGlvbi5zZWNvbmRzKDUpLFxuICAgIH0pO1xuXG4gICAgdGhpcy51c2VyUG9vbCA9IG5ldyBjb2duaXRvLlVzZXJQb29sKHRoaXMsICdVc2VyUG9vbCcsIHtcbiAgICAgIHVzZXJQb29sTmFtZTogYCR7cHJvcHMuYXBwU3BlYy5uYW1lfS11c2VyLXBvb2xgLFxuICAgICAgc2VsZlNpZ25VcEVuYWJsZWQ6IGZhbHNlLFxuICAgICAgc2lnbkluQWxpYXNlczogeyBlbWFpbDogdHJ1ZSB9LFxuICAgICAgbWZhOiBjb2duaXRvLk1mYS5SRVFVSVJFRCxcbiAgICAgIG1mYVNlY29uZEZhY3RvcjogeyBvdHA6IHRydWUsIHNtczogZmFsc2UgfSxcbiAgICAgIHBhc3N3b3JkUG9saWN5OiB7XG4gICAgICAgIG1pbkxlbmd0aDogMTIsXG4gICAgICAgIHJlcXVpcmVMb3dlcmNhc2U6IHRydWUsXG4gICAgICAgIHJlcXVpcmVVcHBlcmNhc2U6IHRydWUsXG4gICAgICAgIHJlcXVpcmVEaWdpdHM6IHRydWUsXG4gICAgICAgIHJlcXVpcmVTeW1ib2xzOiB0cnVlLFxuICAgICAgfSxcbiAgICAgIHJlbW92YWxQb2xpY3k6IHByb3BzLnJlbW92YWxQb2xpY3kgPz8gY29yZS5SZW1vdmFsUG9saWN5LlJFVEFJTixcbiAgICB9KTtcblxuICAgIHRoaXMudXNlclBvb2wuYWRkVHJpZ2dlcihjb2duaXRvLlVzZXJQb29sT3BlcmF0aW9uLlBSRV9UT0tFTl9HRU5FUkFUSU9OX0NPTkZJRywgcHJlVG9rZW5MYW1iZGEsIGNvZ25pdG8uTGFtYmRhVmVyc2lvbi5WMl8wKTtcblxuICAgIGlmIChwcm9wcy5hcHBTcGVjLmdyb3Vwcykge1xuICAgICAgZm9yIChjb25zdCBncm91cCBvZiBwcm9wcy5hcHBTcGVjLmdyb3Vwcykge1xuICAgICAgICBuZXcgY29nbml0by5DZm5Vc2VyUG9vbEdyb3VwKHRoaXMsIGBHcm91cCR7Z3JvdXB9YCwge1xuICAgICAgICAgIHVzZXJQb29sSWQ6IHRoaXMudXNlclBvb2wudXNlclBvb2xJZCxcbiAgICAgICAgICBncm91cE5hbWU6IGdyb3VwLFxuICAgICAgICB9KTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICB0aGlzLnVzZXJQb29sQ2xpZW50ID0gbmV3IGNvZ25pdG8uVXNlclBvb2xDbGllbnQodGhpcywgJ1VzZXJQb29sQ2xpZW50Jywge1xuICAgICAgdXNlclBvb2w6IHRoaXMudXNlclBvb2wsXG4gICAgICBnZW5lcmF0ZVNlY3JldDogZmFsc2UsXG4gICAgICBhdXRoRmxvd3M6IHsgdXNlclNycDogdHJ1ZSB9LFxuICAgICAgb0F1dGg6IHtcbiAgICAgICAgZmxvd3M6IHsgYXV0aG9yaXphdGlvbkNvZGVHcmFudDogdHJ1ZSB9LFxuICAgICAgICBzY29wZXM6IFtcbiAgICAgICAgICBjb2duaXRvLk9BdXRoU2NvcGUuT1BFTklELFxuICAgICAgICAgIGNvZ25pdG8uT0F1dGhTY29wZS5FTUFJTCxcbiAgICAgICAgICBjb2duaXRvLk9BdXRoU2NvcGUuUFJPRklMRSxcbiAgICAgICAgXSxcbiAgICAgICAgY2FsbGJhY2tVcmxzOiBbYGh0dHBzOi8vJHtwcm9wcy56b25lTmFtZX0vb2F1dGgyL2NhbGxiYWNrYF0sXG4gICAgICAgIGxvZ291dFVybHM6IFtgaHR0cHM6Ly8ke3Byb3BzLnpvbmVOYW1lfWBdLFxuICAgICAgfSxcbiAgICAgIHN1cHBvcnRlZElkZW50aXR5UHJvdmlkZXJzOiBbY29nbml0by5Vc2VyUG9vbENsaWVudElkZW50aXR5UHJvdmlkZXIuQ09HTklUT10sXG4gICAgfSk7XG5cbiAgICB0aGlzLmNvZ25pdG9Eb21haW4gPSB0aGlzLnVzZXJQb29sLmFkZERvbWFpbignQ29nbml0b0RvbWFpbicsIHtcbiAgICAgIGNvZ25pdG9Eb21haW46IHsgZG9tYWluUHJlZml4OiBwcm9wcy5jb2duaXRvRG9tYWluUHJlZml4IH0sXG4gICAgfSk7XG5cbiAgICBjb25zdCBhdXRoU2VjdXJpdHlUYWJsZSA9IG5ldyBBdXRoU2VjdXJpdHlUYWJsZSh0aGlzLCAnQXV0aFNlY3VyaXR5VGFibGUnLCB7XG4gICAgICB0YWJsZU5hbWU6IGBhdXRoLXNlY3VyaXR5LSR7cHJvcHMuem9uZU5hbWV9YCxcbiAgICAgIHJlbW92YWxQb2xpY3k6IHByb3BzLnJlbW92YWxQb2xpY3kgPz8gY29yZS5SZW1vdmFsUG9saWN5LlJFVEFJTixcbiAgICB9KTtcblxuICAgIGNvbnN0IGNvZ25pdG9SZWdpb24gPSBjb3JlLlN0YWNrLm9mKHRoaXMpLnJlZ2lvbjtcbiAgICBjb25zdCBjb2duaXRvRG9tYWluVXJsID0gYCR7cHJvcHMuY29nbml0b0RvbWFpblByZWZpeH0uYXV0aC4ke2NvZ25pdG9SZWdpb259LmFtYXpvbmNvZ25pdG8uY29tYDtcblxuICAgIGNvbnN0IHNlY3JldE1hbmFnZXIgPSBuZXcgQ29nbml0b0F1dGhTZWNyZXRNYW5hZ2VyKHRoaXMsICdTZWNyZXRNYW5hZ2VyJywge1xuICAgICAgZG9tYWluTmFtZTogcHJvcHMuem9uZU5hbWUsXG4gICAgICB0YWJsZU5hbWU6IGF1dGhTZWN1cml0eVRhYmxlLnRhYmxlLnRhYmxlTmFtZSxcbiAgICAgIHRhYmxlUmVnaW9uOiBjb2duaXRvUmVnaW9uLFxuICAgICAgdXNlclBvb2xJZDogdGhpcy51c2VyUG9vbC51c2VyUG9vbElkLFxuICAgICAgY2xpZW50SWQ6IHRoaXMudXNlclBvb2xDbGllbnQudXNlclBvb2xDbGllbnRJZCxcbiAgICAgIGNvZ25pdG9Eb21haW46IGNvZ25pdG9Eb21haW5VcmwsXG4gICAgICBjb2duaXRvUmVnaW9uOiBjb2duaXRvUmVnaW9uLFxuICAgICAgc2VjdXJpdHlBbGVydHNUb3BpY0FybjogcHJvcHMuc2VjdXJpdHlBbGVydHNUb3BpY0FybixcbiAgICAgIGF1dG9SZXZva2VPblJldXNlOiBwcm9wcy5hdXRvUmV2b2tlT25SZXVzZSxcbiAgICAgIGp3dENsYWltc1doaXRlbGlzdDogcHJvcHMuand0Q2xhaW1zV2hpdGVsaXN0LFxuICAgIH0pO1xuXG4gICAgY29uc3QgYXVkaXRMb2dSZXRlbnRpb25EYXlzID0gcHJvcHMuYXVkaXRMb2dSZXRlbnRpb25EYXlzID8/IDMwO1xuICAgIGNvbnN0IGF1ZGl0QXJjaGl2ZVJldGVudGlvbkRheXMgPSBwcm9wcy5hdWRpdEFyY2hpdmVSZXRlbnRpb25EYXlzID8/IDM2NTtcblxuICAgIGNvbnN0IGxhbWJkYUZ1bmN0aW9ucyA9IG5ldyBBdXRoTGFtYmRhRnVuY3Rpb25zKHRoaXMsICdMYW1iZGFGdW5jdGlvbnMnLCB7XG4gICAgICBjb25maWdTZWNyZXQ6IHNlY3JldE1hbmFnZXIuY29uZmlnU2VjcmV0LFxuICAgICAga21zS2V5OiBzZWNyZXRNYW5hZ2VyLmttc0tleSxcbiAgICAgIGt2czogc2VjcmV0TWFuYWdlci5rdnMsXG4gICAgICBhdXRoVGFibGU6IGF1dGhTZWN1cml0eVRhYmxlLnRhYmxlLFxuICAgICAgcm90YXRpb25TY2hlZHVsZTogcHJvcHMuaG1hY1NlY3JldFJvdGF0aW9uU2NoZWR1bGUsXG4gICAgICBzZXNzaW9uUmV2b2NhdGlvblRvcGljQXJuOiBwcm9wcy5zZXNzaW9uUmV2b2NhdGlvblRvcGljQXJuLFxuICAgICAgbG9nUmV0ZW50aW9uRGF5czogYXVkaXRMb2dSZXRlbnRpb25EYXlzLFxuICAgIH0pO1xuXG4gICAgbmV3IEF1ZGl0TG9nQXJjaGl2ZSh0aGlzLCAnQXVkaXRMb2dBcmNoaXZlJywge1xuICAgICAgbG9nR3JvdXBOYW1lczogbGFtYmRhRnVuY3Rpb25zLmxvZ0dyb3Vwcy5tYXAobGcgPT4gbGcubG9nR3JvdXBOYW1lKSxcbiAgICAgIGttc0tleTogc2VjcmV0TWFuYWdlci5rbXNLZXksXG4gICAgICByZXRlbnRpb25EYXlzOiBhdWRpdExvZ1JldGVudGlvbkRheXMsXG4gICAgICBhcmNoaXZlUmV0ZW50aW9uRGF5czogYXVkaXRBcmNoaXZlUmV0ZW50aW9uRGF5cyxcbiAgICAgIGJ1Y2tldE5hbWU6IGBhdXRoLWF1ZGl0LWxvZ3MtY29nbml0by0ke2NvcmUuU3RhY2sub2YodGhpcykuYWNjb3VudH0tJHtjb3JlLlN0YWNrLm9mKHRoaXMpLnJlZ2lvbn1gLFxuICAgICAgZGF0YWJhc2VOYW1lOiAnYXV0aF9hdWRpdF9sb2dzX2NvZ25pdG8nLFxuICAgICAgcmVtb3ZhbFBvbGljeTogcHJvcHMucmVtb3ZhbFBvbGljeSA/PyBjb3JlLlJlbW92YWxQb2xpY3kuUkVUQUlOLFxuICAgIH0pO1xuXG4gICAgY29uc3QgcHJlZml4ID0gcHJvcHMuc3NtUGFyYW1QcmVmaXggPz8gYC9hdXRoLyR7cHJvcHMuem9uZU5hbWV9YDtcblxuICAgIG5ldyBTc21Dcm9zc1JlZ2lvbldyaXRlcih0aGlzLCAnU3NtV3JpdGVyJywge1xuICAgICAgcHJlZml4OiBwcmVmaXgsXG4gICAgICByZWdpb246ICd1cy1lYXN0LTEnLFxuICAgICAgcGFyYW1zOiB7XG4gICAgICAgIGNvbmZpZ1NlY3JldEFybjogc2VjcmV0TWFuYWdlci5jb25maWdTZWNyZXQuc2VjcmV0QXJuLFxuICAgICAgICBrbXNLZXlBcm46IHNlY3JldE1hbmFnZXIua21zS2V5LmtleUFybixcbiAgICAgICAgYXV0aFRhYmxlQXJuOiBhdXRoU2VjdXJpdHlUYWJsZS50YWJsZS50YWJsZUFybixcbiAgICAgICAga3ZzQXJuOiBzZWNyZXRNYW5hZ2VyLmt2cy5rZXlWYWx1ZVN0b3JlQXJuLFxuICAgICAgICBjb2duaXRvRG9tYWluOiBjb2duaXRvRG9tYWluVXJsLFxuICAgICAgICBjbGllbnRJZDogdGhpcy51c2VyUG9vbENsaWVudC51c2VyUG9vbENsaWVudElkLFxuICAgICAgICB1c2VyUG9vbElkOiB0aGlzLnVzZXJQb29sLnVzZXJQb29sSWQsXG4gICAgICB9LFxuICAgIH0pO1xuXG4gICAgdGhpcy5jb25maWdTZWNyZXRBcm4gPSBzZWNyZXRNYW5hZ2VyLmNvbmZpZ1NlY3JldC5zZWNyZXRBcm47XG4gICAgdGhpcy5rbXNLZXlBcm4gPSBzZWNyZXRNYW5hZ2VyLmttc0tleS5rZXlBcm47XG4gICAgdGhpcy5hdXRoVGFibGVBcm4gPSBhdXRoU2VjdXJpdHlUYWJsZS50YWJsZS50YWJsZUFybjtcbiAgICB0aGlzLmt2c0FybiA9IHNlY3JldE1hbmFnZXIua3ZzLmtleVZhbHVlU3RvcmVBcm47XG4gIH1cbn1cbiJdfQ==

package/lib/cloudfront/patterns/index.d.ts

@@ -0,0 +1,4 @@
+export * from './securedCloudFront';
+export * from './cognito-secured-cloudfront';
+export * from './authInfrastructure';
+export * from './cognitoAuthInfrastructure';

package/lib/cloudfront/patterns/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./securedCloudFront"), exports);
+__exportStar(require("./cognito-secured-cloudfront"), exports);
+__exportStar(require("./authInfrastructure"), exports);
+__exportStar(require("./cognitoAuthInfrastructure"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvY2xvdWRmcm9udC9wYXR0ZXJucy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsc0RBQW9DO0FBQ3BDLCtEQUE2QztBQUM3Qyx1REFBcUM7QUFDckMsOERBQTRDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0ICogZnJvbSAnLi9zZWN1cmVkQ2xvdWRGcm9udCc7XG5leHBvcnQgKiBmcm9tICcuL2NvZ25pdG8tc2VjdXJlZC1jbG91ZGZyb250JztcbmV4cG9ydCAqIGZyb20gJy4vYXV0aEluZnJhc3RydWN0dXJlJztcbmV4cG9ydCAqIGZyb20gJy4vY29nbml0b0F1dGhJbmZyYXN0cnVjdHVyZSc7XG4iXX0=