samlify 2.12.0 → 2.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/build/src/api.js +41 -3
- package/build/src/api.js.map +1 -1
- package/build/src/binding-post.js +236 -182
- package/build/src/binding-post.js.map +1 -1
- package/build/src/binding-redirect.js +303 -215
- package/build/src/binding-redirect.js.map +1 -1
- package/build/src/binding-simplesign.js +285 -137
- package/build/src/binding-simplesign.js.map +1 -1
- package/build/src/entity-idp.js +130 -47
- package/build/src/entity-idp.js.map +1 -1
- package/build/src/entity-sp.js +81 -39
- package/build/src/entity-sp.js.map +1 -1
- package/build/src/entity.js +100 -62
- package/build/src/entity.js.map +1 -1
- package/build/src/extractor.js +118 -151
- package/build/src/extractor.js.map +1 -1
- package/build/src/flow.js +100 -96
- package/build/src/flow.js.map +1 -1
- package/build/src/libsaml.js +315 -259
- package/build/src/libsaml.js.map +1 -1
- package/build/src/metadata-idp.js +60 -30
- package/build/src/metadata-idp.js.map +1 -1
- package/build/src/metadata-sp.js +51 -41
- package/build/src/metadata-sp.js.map +1 -1
- package/build/src/metadata.js +47 -43
- package/build/src/metadata.js.map +1 -1
- package/build/src/options.js +73 -0
- package/build/src/options.js.map +1 -0
- package/build/src/urn.js +28 -1
- package/build/src/urn.js.map +1 -1
- package/build/src/utility.js +140 -85
- package/build/src/utility.js.map +1 -1
- package/build/src/validator.js +27 -10
- package/build/src/validator.js.map +1 -1
- package/package.json +16 -5
- package/types/src/api.d.ts +33 -3
- package/types/src/binding-post.d.ts +67 -34
- package/types/src/binding-redirect.d.ts +58 -31
- package/types/src/binding-simplesign.d.ts +77 -21
- package/types/src/entity-idp.d.ts +40 -31
- package/types/src/entity-sp.d.ts +37 -27
- package/types/src/entity.d.ts +71 -77
- package/types/src/extractor.d.ts +31 -22
- package/types/src/flow.d.ts +24 -2
- package/types/src/libsaml.d.ts +172 -118
- package/types/src/metadata-idp.d.ts +27 -11
- package/types/src/metadata-sp.d.ts +29 -19
- package/types/src/metadata.d.ts +59 -34
- package/types/src/options.d.ts +37 -0
- package/types/src/types.d.ts +250 -24
- package/types/src/urn.d.ts +7 -0
- package/types/src/utility.d.ts +139 -90
- package/types/src/validator.d.ts +21 -0
- package/.circleci/config.yml +0 -98
- package/.editorconfig +0 -19
- package/.github/FUNDING.yml +0 -1
- package/.github/workflows/deploy-docs.yml +0 -56
- package/.pre-commit.sh +0 -15
- package/.snyk +0 -4
- package/Makefile +0 -25
- package/index.ts +0 -28
- package/samlify-2.11.0.tgz +0 -0
- package/src/api.ts +0 -48
- package/src/binding-post.ts +0 -336
- package/src/binding-redirect.ts +0 -335
- package/src/binding-simplesign.ts +0 -231
- package/src/entity-idp.ts +0 -145
- package/src/entity-sp.ts +0 -114
- package/src/entity.ts +0 -243
- package/src/extractor.ts +0 -399
- package/src/flow.ts +0 -469
- package/src/libsaml.ts +0 -779
- package/src/metadata-idp.ts +0 -146
- package/src/metadata-sp.ts +0 -203
- package/src/metadata.ts +0 -166
- package/src/types.ts +0 -127
- package/src/urn.ts +0 -210
- package/src/utility.ts +0 -259
- package/src/validator.ts +0 -44
- package/tsconfig.json +0 -41
- package/tslint.json +0 -35
- package/types.d.ts +0 -2
- package/vitest.config.ts +0 -12
package/build/src/flow.js
CHANGED
|
@@ -56,6 +56,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
56
56
|
};
|
|
57
57
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
58
58
|
exports.flow = flow;
|
|
59
|
+
/**
|
|
60
|
+
* @file flow.ts
|
|
61
|
+
* @author tngan
|
|
62
|
+
* @desc Inbound SAML message pipeline. Dispatches between POST, Redirect,
|
|
63
|
+
* and POST-SimpleSign flows, handling decoding, schema validation, status
|
|
64
|
+
* checks, signature verification, and time-window validation.
|
|
65
|
+
*/
|
|
59
66
|
var utility_1 = require("./utility");
|
|
60
67
|
var validator_1 = require("./validator");
|
|
61
68
|
var libsaml_1 = __importDefault(require("./libsaml"));
|
|
@@ -63,14 +70,20 @@ var extractor_1 = require("./extractor");
|
|
|
63
70
|
var urn_1 = require("./urn");
|
|
64
71
|
var bindDict = urn_1.wording.binding;
|
|
65
72
|
var urlParams = urn_1.wording.urlParams;
|
|
66
|
-
|
|
73
|
+
/**
|
|
74
|
+
* Map a parser type onto the default extractor fields that populate
|
|
75
|
+
* {@link FlowResult.extract}. Login-response extraction is parameterised by
|
|
76
|
+
* the verified assertion fragment to defend against wrapping attacks.
|
|
77
|
+
*
|
|
78
|
+
* @param parserType SAML message type
|
|
79
|
+
* @param assertion verified assertion XML (required for SAMLResponse)
|
|
80
|
+
*/
|
|
67
81
|
function getDefaultExtractorFields(parserType, assertion) {
|
|
68
82
|
switch (parserType) {
|
|
69
83
|
case urn_1.ParserType.SAMLRequest:
|
|
70
84
|
return extractor_1.loginRequestFields;
|
|
71
85
|
case urn_1.ParserType.SAMLResponse:
|
|
72
86
|
if (!assertion) {
|
|
73
|
-
// unexpected hit
|
|
74
87
|
throw new Error('ERR_EMPTY_ASSERTION');
|
|
75
88
|
}
|
|
76
89
|
return (0, extractor_1.loginResponseFields)(assertion);
|
|
@@ -82,47 +95,48 @@ function getDefaultExtractorFields(parserType, assertion) {
|
|
|
82
95
|
throw new Error('ERR_UNDEFINED_PARSERTYPE');
|
|
83
96
|
}
|
|
84
97
|
}
|
|
85
|
-
|
|
98
|
+
/**
|
|
99
|
+
* Redirect-binding flow: reads the base64/deflate SAML message from query
|
|
100
|
+
* params and, when required, verifies the detached signature over the
|
|
101
|
+
* canonical octet string.
|
|
102
|
+
*/
|
|
86
103
|
function redirectFlow(options) {
|
|
87
104
|
return __awaiter(this, void 0, void 0, function () {
|
|
88
|
-
var request, parserType, self, _a, checkSignature, from, query, octetString, sigAlg, signature, targetEntityMetadata, direction, content, xmlString,
|
|
89
|
-
|
|
90
|
-
|
|
105
|
+
var request, parserType, self, _a, checkSignature, from, query, octetString, _b, sigAlg, signature, targetEntityMetadata, direction, content, xmlString, _c, assertion, verifiedDoc, extractorFields, parseResult, base64Signature, decodeSigAlg, verified, issuer, extractedProperties;
|
|
106
|
+
var _d;
|
|
107
|
+
return __generator(this, function (_e) {
|
|
108
|
+
switch (_e.label) {
|
|
91
109
|
case 0:
|
|
92
110
|
request = options.request, parserType = options.parserType, self = options.self, _a = options.checkSignature, checkSignature = _a === void 0 ? true : _a, from = options.from;
|
|
93
111
|
query = request.query, octetString = request.octetString;
|
|
94
|
-
sigAlg =
|
|
112
|
+
_b = query, sigAlg = _b.SigAlg, signature = _b.Signature;
|
|
95
113
|
targetEntityMetadata = from.entityMeta;
|
|
96
114
|
direction = libsaml_1.default.getQueryParamByType(parserType);
|
|
97
115
|
content = query[direction];
|
|
98
|
-
// query must contain the saml content
|
|
99
116
|
if (content === undefined) {
|
|
100
|
-
return [2 /*return*/, Promise.reject('ERR_REDIRECT_FLOW_BAD_ARGS')];
|
|
117
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_REDIRECT_FLOW_BAD_ARGS'))];
|
|
101
118
|
}
|
|
102
119
|
xmlString = (0, utility_1.inflateString)(decodeURIComponent(content));
|
|
103
|
-
|
|
120
|
+
_e.label = 1;
|
|
104
121
|
case 1:
|
|
105
|
-
|
|
122
|
+
_e.trys.push([1, 3, , 4]);
|
|
106
123
|
return [4 /*yield*/, libsaml_1.default.isValidXml(xmlString)];
|
|
107
124
|
case 2:
|
|
108
|
-
|
|
125
|
+
_e.sent();
|
|
109
126
|
return [3 /*break*/, 4];
|
|
110
127
|
case 3:
|
|
111
|
-
|
|
112
|
-
return [2 /*return*/, Promise.reject('ERR_INVALID_XML')];
|
|
113
|
-
case 4:
|
|
114
|
-
// check status based on different scenarios
|
|
115
|
-
return [4 /*yield*/, checkStatus(xmlString, parserType)];
|
|
128
|
+
_c = _e.sent();
|
|
129
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_INVALID_XML'))];
|
|
130
|
+
case 4: return [4 /*yield*/, checkStatus(xmlString, parserType)];
|
|
116
131
|
case 5:
|
|
117
|
-
|
|
118
|
-
_b.sent();
|
|
132
|
+
_e.sent();
|
|
119
133
|
assertion = '';
|
|
120
134
|
if (parserType === urlParams.samlResponse) {
|
|
121
135
|
verifiedDoc = (0, extractor_1.extract)(xmlString, [{
|
|
122
136
|
key: 'assertion',
|
|
123
137
|
localPath: ['~Response', 'Assertion'],
|
|
124
138
|
attributes: [],
|
|
125
|
-
context: true
|
|
139
|
+
context: true,
|
|
126
140
|
}]);
|
|
127
141
|
if (verifiedDoc && verifiedDoc.assertion) {
|
|
128
142
|
assertion = verifiedDoc.assertion;
|
|
@@ -134,54 +148,53 @@ function redirectFlow(options) {
|
|
|
134
148
|
sigAlg: null,
|
|
135
149
|
extract: (0, extractor_1.extract)(xmlString, extractorFields),
|
|
136
150
|
};
|
|
137
|
-
// see if signature check is required
|
|
138
|
-
// only verify message signature is enough
|
|
139
151
|
if (checkSignature) {
|
|
140
152
|
if (!signature || !sigAlg) {
|
|
141
|
-
return [2 /*return*/, Promise.reject('ERR_MISSING_SIG_ALG')];
|
|
153
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_MISSING_SIG_ALG'))];
|
|
142
154
|
}
|
|
143
155
|
base64Signature = Buffer.from(decodeURIComponent(signature), 'base64');
|
|
144
156
|
decodeSigAlg = decodeURIComponent(sigAlg);
|
|
145
157
|
verified = libsaml_1.default.verifyMessageSignature(targetEntityMetadata, octetString, base64Signature, sigAlg);
|
|
146
158
|
if (!verified) {
|
|
147
|
-
|
|
148
|
-
return [2 /*return*/, Promise.reject('ERR_FAILED_MESSAGE_SIGNATURE_VERIFICATION')];
|
|
159
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_FAILED_MESSAGE_SIGNATURE_VERIFICATION'))];
|
|
149
160
|
}
|
|
150
161
|
parseResult.sigAlg = decodeSigAlg;
|
|
151
162
|
}
|
|
152
163
|
issuer = targetEntityMetadata.getEntityID();
|
|
153
164
|
extractedProperties = parseResult.extract;
|
|
154
|
-
// unmatched issuer
|
|
155
165
|
if ((parserType === 'LogoutResponse' || parserType === 'SAMLResponse')
|
|
156
166
|
&& extractedProperties
|
|
157
167
|
&& extractedProperties.issuer !== issuer) {
|
|
158
|
-
return [2 /*return*/, Promise.reject('ERR_UNMATCH_ISSUER')];
|
|
168
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_UNMATCH_ISSUER'))];
|
|
159
169
|
}
|
|
160
|
-
//
|
|
161
|
-
// only run the verifyTime when `SessionNotOnOrAfter` exists
|
|
170
|
+
// Session expiration — only enforced when SessionNotOnOrAfter is present.
|
|
162
171
|
if (parserType === 'SAMLResponse'
|
|
163
|
-
&& extractedProperties.sessionIndex.sessionNotOnOrAfter
|
|
172
|
+
&& ((_d = extractedProperties.sessionIndex) === null || _d === void 0 ? void 0 : _d.sessionNotOnOrAfter)
|
|
164
173
|
&& !(0, validator_1.verifyTime)(undefined, extractedProperties.sessionIndex.sessionNotOnOrAfter, self.entitySetting.clockDrifts)) {
|
|
165
|
-
return [2 /*return*/, Promise.reject('ERR_EXPIRED_SESSION')];
|
|
174
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_EXPIRED_SESSION'))];
|
|
166
175
|
}
|
|
167
|
-
//
|
|
168
|
-
// 2.4.1.2 https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
|
|
176
|
+
// Assertion validity window. SAML core 2.4.1.2.
|
|
169
177
|
if (parserType === 'SAMLResponse'
|
|
170
178
|
&& extractedProperties.conditions
|
|
171
179
|
&& !(0, validator_1.verifyTime)(extractedProperties.conditions.notBefore, extractedProperties.conditions.notOnOrAfter, self.entitySetting.clockDrifts)) {
|
|
172
|
-
return [2 /*return*/, Promise.reject('ERR_SUBJECT_UNCONFIRMED')];
|
|
180
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_SUBJECT_UNCONFIRMED'))];
|
|
173
181
|
}
|
|
174
182
|
return [2 /*return*/, Promise.resolve(parseResult)];
|
|
175
183
|
}
|
|
176
184
|
});
|
|
177
185
|
});
|
|
178
186
|
}
|
|
179
|
-
|
|
187
|
+
/**
|
|
188
|
+
* POST-binding flow: reads the base64 SAML message from the request body
|
|
189
|
+
* and verifies the embedded XML signature. Supports both encrypted-then-
|
|
190
|
+
* signed and signed-then-encrypted assertion pipelines.
|
|
191
|
+
*/
|
|
180
192
|
function postFlow(options) {
|
|
181
193
|
return __awaiter(this, void 0, void 0, function () {
|
|
182
194
|
var request, from, self, parserType, _a, checkSignature, body, direction, encodedRequest, samlContent, verificationOptions, decryptRequired, extractorFields, _b, verified, verifiedAssertionNode, result, result, decryptedDoc, _c, decryptedDocVerified, verifiedDecryptedAssertion, parseResult, targetEntityMetadata, issuer, extractedProperties;
|
|
183
|
-
|
|
184
|
-
|
|
195
|
+
var _d;
|
|
196
|
+
return __generator(this, function (_e) {
|
|
197
|
+
switch (_e.label) {
|
|
185
198
|
case 0:
|
|
186
199
|
request = options.request, from = options.from, self = options.self, parserType = options.parserType, _a = options.checkSignature, checkSignature = _a === void 0 ? true : _a;
|
|
187
200
|
body = request.body;
|
|
@@ -194,53 +207,46 @@ function postFlow(options) {
|
|
|
194
207
|
};
|
|
195
208
|
decryptRequired = from.entitySetting.isAssertionEncrypted;
|
|
196
209
|
extractorFields = [];
|
|
197
|
-
// validate the xml first
|
|
198
210
|
return [4 /*yield*/, libsaml_1.default.isValidXml(samlContent)];
|
|
199
211
|
case 1:
|
|
200
|
-
|
|
201
|
-
_d.sent();
|
|
212
|
+
_e.sent();
|
|
202
213
|
if (parserType !== urlParams.samlResponse) {
|
|
203
214
|
extractorFields = getDefaultExtractorFields(parserType, null);
|
|
204
215
|
}
|
|
205
|
-
// check status based on different scenarios
|
|
206
216
|
return [4 /*yield*/, checkStatus(samlContent, parserType)];
|
|
207
217
|
case 2:
|
|
208
|
-
|
|
209
|
-
_d.sent();
|
|
218
|
+
_e.sent();
|
|
210
219
|
if (!checkSignature) return [3 /*break*/, 7];
|
|
211
220
|
_b = __read(libsaml_1.default.verifySignature(samlContent, verificationOptions), 2), verified = _b[0], verifiedAssertionNode = _b[1];
|
|
212
221
|
if (!(decryptRequired && verified && parserType === 'SAMLResponse' && verifiedAssertionNode)) return [3 /*break*/, 4];
|
|
213
222
|
return [4 /*yield*/, libsaml_1.default.decryptAssertion(self, verifiedAssertionNode)];
|
|
214
223
|
case 3:
|
|
215
|
-
result =
|
|
224
|
+
result = _e.sent();
|
|
216
225
|
samlContent = result[0];
|
|
217
|
-
// extractor depends on signed content
|
|
218
226
|
extractorFields = getDefaultExtractorFields(parserType, result[1]);
|
|
219
227
|
return [3 /*break*/, 7];
|
|
220
228
|
case 4:
|
|
221
229
|
if (!(decryptRequired && !verified)) return [3 /*break*/, 6];
|
|
222
230
|
return [4 /*yield*/, libsaml_1.default.decryptAssertion(self, samlContent)];
|
|
223
231
|
case 5:
|
|
224
|
-
result =
|
|
232
|
+
result = _e.sent();
|
|
225
233
|
decryptedDoc = result[0];
|
|
226
234
|
_c = __read(libsaml_1.default.verifySignature(decryptedDoc, verificationOptions), 2), decryptedDocVerified = _c[0], verifiedDecryptedAssertion = _c[1];
|
|
227
235
|
if (decryptedDocVerified) {
|
|
228
|
-
// extractor depends on signed content
|
|
229
236
|
extractorFields = getDefaultExtractorFields(parserType, verifiedDecryptedAssertion);
|
|
230
237
|
}
|
|
231
238
|
else {
|
|
232
|
-
return [2 /*return*/, Promise.reject('FAILED_TO_VERIFY_SIGNATURE')];
|
|
239
|
+
return [2 /*return*/, Promise.reject(new Error('FAILED_TO_VERIFY_SIGNATURE'))];
|
|
233
240
|
}
|
|
234
241
|
return [3 /*break*/, 7];
|
|
235
242
|
case 6:
|
|
236
243
|
if (verified) {
|
|
237
|
-
// extractor depends on signed content
|
|
238
244
|
extractorFields = getDefaultExtractorFields(parserType, verifiedAssertionNode);
|
|
239
245
|
}
|
|
240
246
|
else {
|
|
241
|
-
return [2 /*return*/, Promise.reject('FAILED_TO_VERIFY_SIGNATURE')];
|
|
247
|
+
return [2 /*return*/, Promise.reject(new Error('FAILED_TO_VERIFY_SIGNATURE'))];
|
|
242
248
|
}
|
|
243
|
-
|
|
249
|
+
_e.label = 7;
|
|
244
250
|
case 7:
|
|
245
251
|
parseResult = {
|
|
246
252
|
samlContent: samlContent,
|
|
@@ -249,37 +255,36 @@ function postFlow(options) {
|
|
|
249
255
|
targetEntityMetadata = from.entityMeta;
|
|
250
256
|
issuer = targetEntityMetadata.getEntityID();
|
|
251
257
|
extractedProperties = parseResult.extract;
|
|
252
|
-
// unmatched issuer
|
|
253
258
|
if ((parserType === 'LogoutResponse' || parserType === 'SAMLResponse')
|
|
254
259
|
&& extractedProperties
|
|
255
260
|
&& extractedProperties.issuer !== issuer) {
|
|
256
|
-
return [2 /*return*/, Promise.reject('ERR_UNMATCH_ISSUER')];
|
|
261
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_UNMATCH_ISSUER'))];
|
|
257
262
|
}
|
|
258
|
-
// invalid session time
|
|
259
|
-
// only run the verifyTime when `SessionNotOnOrAfter` exists
|
|
260
263
|
if (parserType === 'SAMLResponse'
|
|
261
|
-
&& extractedProperties.sessionIndex.sessionNotOnOrAfter
|
|
264
|
+
&& ((_d = extractedProperties.sessionIndex) === null || _d === void 0 ? void 0 : _d.sessionNotOnOrAfter)
|
|
262
265
|
&& !(0, validator_1.verifyTime)(undefined, extractedProperties.sessionIndex.sessionNotOnOrAfter, self.entitySetting.clockDrifts)) {
|
|
263
|
-
return [2 /*return*/, Promise.reject('ERR_EXPIRED_SESSION')];
|
|
266
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_EXPIRED_SESSION'))];
|
|
264
267
|
}
|
|
265
|
-
// invalid time
|
|
266
|
-
// 2.4.1.2 https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
|
|
267
268
|
if (parserType === 'SAMLResponse'
|
|
268
269
|
&& extractedProperties.conditions
|
|
269
270
|
&& !(0, validator_1.verifyTime)(extractedProperties.conditions.notBefore, extractedProperties.conditions.notOnOrAfter, self.entitySetting.clockDrifts)) {
|
|
270
|
-
return [2 /*return*/, Promise.reject('ERR_SUBJECT_UNCONFIRMED')];
|
|
271
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_SUBJECT_UNCONFIRMED'))];
|
|
271
272
|
}
|
|
272
273
|
return [2 /*return*/, Promise.resolve(parseResult)];
|
|
273
274
|
}
|
|
274
275
|
});
|
|
275
276
|
});
|
|
276
277
|
}
|
|
277
|
-
|
|
278
|
+
/**
|
|
279
|
+
* POST-SimpleSign flow: reads the base64 SAML message from the request body
|
|
280
|
+
* together with a detached signature over the SimpleSign octet string.
|
|
281
|
+
*/
|
|
278
282
|
function postSimpleSignFlow(options) {
|
|
279
283
|
return __awaiter(this, void 0, void 0, function () {
|
|
280
|
-
var request, parserType, self, _a, checkSignature, from, body, octetString, targetEntityMetadata, direction, encodedRequest, sigAlg, signature, xmlString,
|
|
281
|
-
|
|
282
|
-
|
|
284
|
+
var request, parserType, self, _a, checkSignature, from, body, octetString, targetEntityMetadata, direction, encodedRequest, sigAlg, signature, xmlString, _b, assertion, verifiedDoc, extractorFields, parseResult, base64Signature, verified, issuer, extractedProperties;
|
|
285
|
+
var _c;
|
|
286
|
+
return __generator(this, function (_d) {
|
|
287
|
+
switch (_d.label) {
|
|
283
288
|
case 0:
|
|
284
289
|
request = options.request, parserType = options.parserType, self = options.self, _a = options.checkSignature, checkSignature = _a === void 0 ? true : _a, from = options.from;
|
|
285
290
|
body = request.body, octetString = request.octetString;
|
|
@@ -288,34 +293,30 @@ function postSimpleSignFlow(options) {
|
|
|
288
293
|
encodedRequest = body[direction];
|
|
289
294
|
sigAlg = body['SigAlg'];
|
|
290
295
|
signature = body['Signature'];
|
|
291
|
-
// query must contain the saml content
|
|
292
296
|
if (encodedRequest === undefined) {
|
|
293
|
-
return [2 /*return*/, Promise.reject('ERR_SIMPLESIGN_FLOW_BAD_ARGS')];
|
|
297
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_SIMPLESIGN_FLOW_BAD_ARGS'))];
|
|
294
298
|
}
|
|
295
299
|
xmlString = String((0, utility_1.base64Decode)(encodedRequest));
|
|
296
|
-
|
|
300
|
+
_d.label = 1;
|
|
297
301
|
case 1:
|
|
298
|
-
|
|
302
|
+
_d.trys.push([1, 3, , 4]);
|
|
299
303
|
return [4 /*yield*/, libsaml_1.default.isValidXml(xmlString)];
|
|
300
304
|
case 2:
|
|
301
|
-
|
|
305
|
+
_d.sent();
|
|
302
306
|
return [3 /*break*/, 4];
|
|
303
307
|
case 3:
|
|
304
|
-
|
|
305
|
-
return [2 /*return*/, Promise.reject('ERR_INVALID_XML')];
|
|
306
|
-
case 4:
|
|
307
|
-
// check status based on different scenarios
|
|
308
|
-
return [4 /*yield*/, checkStatus(xmlString, parserType)];
|
|
308
|
+
_b = _d.sent();
|
|
309
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_INVALID_XML'))];
|
|
310
|
+
case 4: return [4 /*yield*/, checkStatus(xmlString, parserType)];
|
|
309
311
|
case 5:
|
|
310
|
-
|
|
311
|
-
_b.sent();
|
|
312
|
+
_d.sent();
|
|
312
313
|
assertion = '';
|
|
313
314
|
if (parserType === urlParams.samlResponse) {
|
|
314
315
|
verifiedDoc = (0, extractor_1.extract)(xmlString, [{
|
|
315
316
|
key: 'assertion',
|
|
316
317
|
localPath: ['~Response', 'Assertion'],
|
|
317
318
|
attributes: [],
|
|
318
|
-
context: true
|
|
319
|
+
context: true,
|
|
319
320
|
}]);
|
|
320
321
|
if (verifiedDoc && verifiedDoc.assertion) {
|
|
321
322
|
assertion = verifiedDoc.assertion;
|
|
@@ -327,49 +328,48 @@ function postSimpleSignFlow(options) {
|
|
|
327
328
|
sigAlg: null,
|
|
328
329
|
extract: (0, extractor_1.extract)(xmlString, extractorFields),
|
|
329
330
|
};
|
|
330
|
-
// see if signature check is required
|
|
331
|
-
// only verify message signature is enough
|
|
332
331
|
if (checkSignature) {
|
|
333
332
|
if (!signature || !sigAlg) {
|
|
334
|
-
return [2 /*return*/, Promise.reject('ERR_MISSING_SIG_ALG')];
|
|
333
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_MISSING_SIG_ALG'))];
|
|
335
334
|
}
|
|
336
335
|
base64Signature = Buffer.from(signature, 'base64');
|
|
337
336
|
verified = libsaml_1.default.verifyMessageSignature(targetEntityMetadata, octetString, base64Signature, sigAlg);
|
|
338
337
|
if (!verified) {
|
|
339
|
-
|
|
340
|
-
return [2 /*return*/, Promise.reject('ERR_FAILED_MESSAGE_SIGNATURE_VERIFICATION')];
|
|
338
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_FAILED_MESSAGE_SIGNATURE_VERIFICATION'))];
|
|
341
339
|
}
|
|
342
340
|
parseResult.sigAlg = sigAlg;
|
|
343
341
|
}
|
|
344
342
|
issuer = targetEntityMetadata.getEntityID();
|
|
345
343
|
extractedProperties = parseResult.extract;
|
|
346
|
-
// unmatched issuer
|
|
347
344
|
if ((parserType === 'LogoutResponse' || parserType === 'SAMLResponse')
|
|
348
345
|
&& extractedProperties
|
|
349
346
|
&& extractedProperties.issuer !== issuer) {
|
|
350
|
-
return [2 /*return*/, Promise.reject('ERR_UNMATCH_ISSUER')];
|
|
347
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_UNMATCH_ISSUER'))];
|
|
351
348
|
}
|
|
352
|
-
// invalid session time
|
|
353
|
-
// only run the verifyTime when `SessionNotOnOrAfter` exists
|
|
354
349
|
if (parserType === 'SAMLResponse'
|
|
355
|
-
&& extractedProperties.sessionIndex.sessionNotOnOrAfter
|
|
350
|
+
&& ((_c = extractedProperties.sessionIndex) === null || _c === void 0 ? void 0 : _c.sessionNotOnOrAfter)
|
|
356
351
|
&& !(0, validator_1.verifyTime)(undefined, extractedProperties.sessionIndex.sessionNotOnOrAfter, self.entitySetting.clockDrifts)) {
|
|
357
|
-
return [2 /*return*/, Promise.reject('ERR_EXPIRED_SESSION')];
|
|
352
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_EXPIRED_SESSION'))];
|
|
358
353
|
}
|
|
359
|
-
// invalid time
|
|
360
|
-
// 2.4.1.2 https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
|
|
361
354
|
if (parserType === 'SAMLResponse'
|
|
362
355
|
&& extractedProperties.conditions
|
|
363
356
|
&& !(0, validator_1.verifyTime)(extractedProperties.conditions.notBefore, extractedProperties.conditions.notOnOrAfter, self.entitySetting.clockDrifts)) {
|
|
364
|
-
return [2 /*return*/, Promise.reject('ERR_SUBJECT_UNCONFIRMED')];
|
|
357
|
+
return [2 /*return*/, Promise.reject(new Error('ERR_SUBJECT_UNCONFIRMED'))];
|
|
365
358
|
}
|
|
366
359
|
return [2 /*return*/, Promise.resolve(parseResult)];
|
|
367
360
|
}
|
|
368
361
|
});
|
|
369
362
|
});
|
|
370
363
|
}
|
|
364
|
+
/**
|
|
365
|
+
* Inspect the SAML `<Status>` code on a response and reject with a
|
|
366
|
+
* detailed error string when the top-tier code is not `Success`.
|
|
367
|
+
*
|
|
368
|
+
* @param content response XML
|
|
369
|
+
* @param parserType parser type (only SAMLResponse/LogoutResponse are checked)
|
|
370
|
+
* @returns `"OK"` when success or `"SKIPPED"` for non-response messages
|
|
371
|
+
*/
|
|
371
372
|
function checkStatus(content, parserType) {
|
|
372
|
-
// only check response parser
|
|
373
373
|
if (parserType !== urlParams.samlResponse && parserType !== urlParams.logoutResponse) {
|
|
374
374
|
return Promise.resolve('SKIPPED');
|
|
375
375
|
}
|
|
@@ -377,21 +377,25 @@ function checkStatus(content, parserType) {
|
|
|
377
377
|
? extractor_1.loginResponseStatusFields
|
|
378
378
|
: extractor_1.logoutResponseStatusFields;
|
|
379
379
|
var _a = (0, extractor_1.extract)(content, fields), top = _a.top, second = _a.second;
|
|
380
|
-
// only resolve when top-tier status code is success
|
|
381
380
|
if (top === urn_1.StatusCode.Success) {
|
|
382
381
|
return Promise.resolve('OK');
|
|
383
382
|
}
|
|
384
383
|
if (!top) {
|
|
385
384
|
throw new Error('ERR_UNDEFINED_STATUS');
|
|
386
385
|
}
|
|
387
|
-
// returns a detailed error for two-tier error code
|
|
388
386
|
throw new Error("ERR_FAILED_STATUS with top tier code: ".concat(top, ", second tier code: ").concat(second));
|
|
389
387
|
}
|
|
388
|
+
/**
|
|
389
|
+
* Entry point: dispatch an inbound SAML message to the matching binding
|
|
390
|
+
* handler based on `options.binding`.
|
|
391
|
+
*
|
|
392
|
+
* @param options flow inputs (request, parserType, entities, binding)
|
|
393
|
+
* @returns resolved {@link FlowResult} on success
|
|
394
|
+
*/
|
|
390
395
|
function flow(options) {
|
|
391
396
|
var binding = options.binding;
|
|
392
397
|
var parserType = options.parserType;
|
|
393
398
|
options.supportBindings = [urn_1.BindingNamespace.Redirect, urn_1.BindingNamespace.Post, urn_1.BindingNamespace.SimpleSign];
|
|
394
|
-
// saml response allows POST, REDIRECT
|
|
395
399
|
if (parserType === urn_1.ParserType.SAMLResponse) {
|
|
396
400
|
options.supportBindings = [urn_1.BindingNamespace.Post, urn_1.BindingNamespace.Redirect, urn_1.BindingNamespace.SimpleSign];
|
|
397
401
|
}
|
|
@@ -404,6 +408,6 @@ function flow(options) {
|
|
|
404
408
|
if (binding === bindDict.simpleSign) {
|
|
405
409
|
return postSimpleSignFlow(options);
|
|
406
410
|
}
|
|
407
|
-
return Promise.reject('ERR_UNEXPECTED_FLOW');
|
|
411
|
+
return Promise.reject(new Error('ERR_UNEXPECTED_FLOW'));
|
|
408
412
|
}
|
|
409
413
|
//# sourceMappingURL=flow.js.map
|
package/build/src/flow.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.js","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2bA,oBAyBC;AApdD,qCAAwD;AACxD,yCAAyC;AACzC,sDAAgC;AAChC,yCASqB;AAErB,6BAMe;AAEf,IAAM,QAAQ,GAAG,aAAO,CAAC,OAAO,CAAC;AACjC,IAAM,SAAS,GAAG,aAAO,CAAC,SAAS,CAAC;AAQpC,2DAA2D;AAC3D,SAAS,yBAAyB,CAAC,UAAsB,EAAE,SAAe;IACxE,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,gBAAU,CAAC,WAAW;YACzB,OAAO,8BAAkB,CAAC;QAC5B,KAAK,gBAAU,CAAC,YAAY;YAC1B,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,iBAAiB;gBACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YACD,OAAO,IAAA,+BAAmB,EAAC,SAAS,CAAC,CAAC;QACxC,KAAK,gBAAU,CAAC,aAAa;YAC3B,OAAO,+BAAmB,CAAC;QAC7B,KAAK,gBAAU,CAAC,cAAc;YAC5B,OAAO,gCAAoB,CAAC;QAC9B;YACE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAChD,CAAC;AACH,CAAC;AAED,oCAAoC;AACpC,SAAe,YAAY,CAAC,OAAO;;;;;;oBAEzB,OAAO,GAAoD,OAAO,QAA3D,EAAE,UAAU,GAAwC,OAAO,WAA/C,EAAE,IAAI,GAAkC,OAAO,KAAzC,EAAE,KAAgC,OAAO,eAAlB,EAArB,cAAc,mBAAG,IAAI,KAAA,EAAE,IAAI,GAAK,OAAO,KAAZ,CAAa;oBACnE,KAAK,GAAkB,OAAO,MAAzB,EAAE,WAAW,GAAK,OAAO,YAAZ,CAAa;oBACvB,MAAM,GAA2B,KAAK,OAAhC,EAAa,SAAS,GAAK,KAAK,UAAV,CAAW;oBAEjD,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC;oBAGvC,SAAS,GAAG,iBAAO,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;oBACpD,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC;oBAEjC,sCAAsC;oBACtC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;wBAC1B,sBAAO,OAAO,CAAC,MAAM,CAAC,4BAA4B,CAAC,EAAC;oBACtD,CAAC;oBAEK,SAAS,GAAG,IAAA,uBAAa,EAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;;;;oBAI3D,qBAAM,iBAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAA;;oBAAnC,SAAmC,CAAC;;;;oBAEpC,sBAAO,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAC;;gBAG3C,4CAA4C;gBAC5C,qBAAM,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,EAAA;;oBADxC,4CAA4C;oBAC5C,SAAwC,CAAC;oBAErC,SAAS,GAAW,EAAE,CAAC;oBAE3B,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,EAAC,CAAC;wBAEnC,WAAW,GAAG,IAAA,mBAAO,EAAC,SAAS,EAAE,CAAC;gCACtC,GAAG,EAAE,WAAW;gCAChB,SAAS,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;gCACrC,UAAU,EAAE,EAAE;gCACd,OAAO,EAAE,IAAI;6BACd,CAAC,CAAC,CAAC;wBACJ,IAAI,WAAW,IAAI,WAAW,CAAC,SAAS,EAAC,CAAC;4BACxC,SAAS,GAAG,WAAW,CAAC,SAAmB,CAAC;wBAC9C,CAAC;oBACH,CAAC;oBAEK,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;oBAEjG,WAAW,GAAmE;wBAClF,WAAW,EAAE,SAAS;wBACtB,MAAM,EAAE,IAAI;wBACZ,OAAO,EAAE,IAAA,mBAAO,EAAC,SAAS,EAAE,eAAe,CAAC;qBAC7C,CAAC;oBAEF,qCAAqC;oBACrC,0CAA0C;oBAC1C,IAAI,cAAc,EAAE,CAAC;wBACnB,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC;4BAC1B,sBAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAC;wBAC/C,CAAC;wBAGK,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC;wBACvE,YAAY,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;wBAE1C,QAAQ,GAAG,iBAAO,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;wBAE5G,IAAI,CAAC,QAAQ,EAAE,CAAC;4BACd,mCAAmC;4BACnC,sBAAO,OAAO,CAAC,MAAM,CAAC,2CAA2C,CAAC,EAAC;wBACrE,CAAC;wBAED,WAAW,CAAC,MAAM,GAAG,YAAY,CAAC;oBACpC,CAAC;oBAKK,MAAM,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;oBAC5C,mBAAmB,GAAG,WAAW,CAAC,OAAO,CAAC;oBAEhD,mBAAmB;oBACnB,IACE,CAAC,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,cAAc,CAAC;2BAC/D,mBAAmB;2BACnB,mBAAmB,CAAC,MAAM,KAAK,MAAM,EACxC,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAAC;oBAC9C,CAAC;oBAED,uBAAuB;oBACvB,4DAA4D;oBAC5D,IACE,UAAU,KAAK,cAAc;2BAC1B,mBAAmB,CAAC,YAAY,CAAC,mBAAmB;2BACpD,CAAC,IAAA,sBAAU,EACZ,SAAS,EACT,mBAAmB,CAAC,YAAY,CAAC,mBAAmB,EACpD,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAC;oBAC/C,CAAC;oBAED,eAAe;oBACf,8EAA8E;oBAC9E,IACE,UAAU,KAAK,cAAc;2BAC1B,mBAAmB,CAAC,UAAU;2BAC9B,CAAC,IAAA,sBAAU,EACZ,mBAAmB,CAAC,UAAU,CAAC,SAAS,EACxC,mBAAmB,CAAC,UAAU,CAAC,YAAY,EAC3C,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,yBAAyB,CAAC,EAAC;oBACnD,CAAC;oBAED,sBAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,EAAC;;;;CACrC;AAED,wBAAwB;AACxB,SAAe,QAAQ,CAAC,OAAO;;;;;;oBAG3B,OAAO,GAKL,OAAO,QALF,EACP,IAAI,GAIF,OAAO,KAJL,EACJ,IAAI,GAGF,OAAO,KAHL,EACJ,UAAU,GAER,OAAO,WAFC,EACV,KACE,OAAO,eADY,EAArB,cAAc,mBAAG,IAAI,KAAA,CACX;oBAEJ,IAAI,GAAK,OAAO,KAAZ,CAAa;oBAEnB,SAAS,GAAG,iBAAO,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;oBACpD,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;oBAEnC,WAAW,GAAG,MAAM,CAAC,IAAA,sBAAY,EAAC,cAAc,CAAC,CAAC,CAAC;oBAEjD,mBAAmB,GAAG;wBAC1B,QAAQ,EAAE,IAAI,CAAC,UAAU;wBACzB,kBAAkB,EAAE,IAAI,CAAC,aAAa,CAAC,yBAAyB;qBACjE,CAAC;oBAEI,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBAE5D,eAAe,GAAoB,EAAE,CAAC;oBAE1C,yBAAyB;oBACzB,qBAAM,iBAAO,CAAC,UAAU,CAAC,WAAW,CAAC,EAAA;;oBADrC,yBAAyB;oBACzB,SAAqC,CAAC;oBAEtC,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,EAAE,CAAC;wBAC1C,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;oBAChE,CAAC;oBAED,4CAA4C;oBAC5C,qBAAM,WAAW,CAAC,WAAW,EAAE,UAAU,CAAC,EAAA;;oBAD1C,4CAA4C;oBAC5C,SAA0C,CAAC;yBAIzC,cAAc,EAAd,wBAAc;oBAGR,KAAA,OAAoC,iBAAO,CAAC,eAAe,CAAC,WAAW,EAAE,mBAAmB,CAAC,IAAA,EAA5F,QAAQ,QAAA,EAAE,qBAAqB,QAAA,CAA8D;yBAIhG,CAAA,eAAe,IAAI,QAAQ,IAAI,UAAU,KAAK,cAAc,IAAI,qBAAqB,CAAA,EAArF,wBAAqF;oBAExE,qBAAM,iBAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,qBAAqB,CAAC,EAAA;;oBAApE,MAAM,GAAG,SAA2D;oBAC1E,WAAW,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;oBACxB,sCAAsC;oBACtC,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;;;yBAC1D,CAAA,eAAe,IAAI,CAAC,QAAQ,CAAA,EAA5B,wBAA4B;oBAEtB,qBAAM,iBAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,WAAW,CAAC,EAAA;;oBAA1D,MAAM,GAAG,SAAiD;oBAC1D,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;oBACzB,KAAA,OAAqD,iBAAO,CAAC,eAAe,CAAC,YAAY,EAAE,mBAAmB,CAAC,IAAA,EAA9G,oBAAoB,QAAA,EAAE,0BAA0B,QAAA,CAA+D;oBACtH,IAAI,oBAAoB,EAAE,CAAC;wBACzB,sCAAsC;wBACtC,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;oBACtF,CAAC;yBAAM,CAAC;wBACN,sBAAO,OAAO,CAAC,MAAM,CAAC,4BAA4B,CAAC,EAAC;oBACtD,CAAC;;;oBACI,IAAI,QAAQ,EAAE,CAAC;wBACpB,sCAAsC;wBACtC,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;oBACjF,CAAC;yBAAM,CAAC;wBACN,sBAAO,OAAO,CAAC,MAAM,CAAC,4BAA4B,CAAC,EAAC;oBACtD,CAAC;;;oBAGG,WAAW,GAAG;wBAClB,WAAW,EAAE,WAAW;wBACxB,OAAO,EAAE,IAAA,mBAAO,EAAC,WAAW,EAAE,eAAe,CAAC;qBAC/C,CAAC;oBAKI,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC;oBACvC,MAAM,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;oBAC5C,mBAAmB,GAAG,WAAW,CAAC,OAAO,CAAC;oBAEhD,mBAAmB;oBACnB,IACE,CAAC,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,cAAc,CAAC;2BAC/D,mBAAmB;2BACnB,mBAAmB,CAAC,MAAM,KAAK,MAAM,EACxC,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAAC;oBAC9C,CAAC;oBAED,uBAAuB;oBACvB,4DAA4D;oBAC5D,IACE,UAAU,KAAK,cAAc;2BAC1B,mBAAmB,CAAC,YAAY,CAAC,mBAAmB;2BACpD,CAAC,IAAA,sBAAU,EACZ,SAAS,EACT,mBAAmB,CAAC,YAAY,CAAC,mBAAmB,EACpD,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAC;oBAC/C,CAAC;oBAED,eAAe;oBACf,8EAA8E;oBAC9E,IACE,UAAU,KAAK,cAAc;2BAC1B,mBAAmB,CAAC,UAAU;2BAC9B,CAAC,IAAA,sBAAU,EACZ,mBAAmB,CAAC,UAAU,CAAC,SAAS,EACxC,mBAAmB,CAAC,UAAU,CAAC,YAAY,EAC3C,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,yBAAyB,CAAC,EAAC;oBACnD,CAAC;oBAED,sBAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,EAAC;;;;CACrC;AAGD,4CAA4C;AAC5C,SAAe,kBAAkB,CAAC,OAAO;;;;;;oBAE/B,OAAO,GAAoD,OAAO,QAA3D,EAAE,UAAU,GAAwC,OAAO,WAA/C,EAAE,IAAI,GAAkC,OAAO,KAAzC,EAAE,KAAgC,OAAO,eAAlB,EAArB,cAAc,mBAAG,IAAI,KAAA,EAAE,IAAI,GAAK,OAAO,KAAZ,CAAa;oBAEnE,IAAI,GAAkB,OAAO,KAAzB,EAAE,WAAW,GAAK,OAAO,YAAZ,CAAa;oBAEhC,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC;oBAGvC,SAAS,GAAG,iBAAO,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;oBACpD,cAAc,GAAW,IAAI,CAAC,SAAS,CAAC,CAAC;oBACzC,MAAM,GAAW,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAChC,SAAS,GAAW,IAAI,CAAC,WAAW,CAAC,CAAC;oBAE5C,sCAAsC;oBACtC,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;wBACjC,sBAAO,OAAO,CAAC,MAAM,CAAC,8BAA8B,CAAC,EAAC;oBACxD,CAAC;oBAEK,SAAS,GAAG,MAAM,CAAC,IAAA,sBAAY,EAAC,cAAc,CAAC,CAAC,CAAC;;;;oBAIrD,qBAAM,iBAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAA;;oBAAnC,SAAmC,CAAC;;;;oBAEpC,sBAAO,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAC;;gBAG3C,4CAA4C;gBAC5C,qBAAM,WAAW,CAAC,SAAS,EAAE,UAAU,CAAC,EAAA;;oBADxC,4CAA4C;oBAC5C,SAAwC,CAAC;oBAErC,SAAS,GAAW,EAAE,CAAC;oBAE3B,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,EAAC,CAAC;wBAEnC,WAAW,GAAG,IAAA,mBAAO,EAAC,SAAS,EAAE,CAAC;gCACtC,GAAG,EAAE,WAAW;gCAChB,SAAS,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;gCACrC,UAAU,EAAE,EAAE;gCACd,OAAO,EAAE,IAAI;6BACd,CAAC,CAAC,CAAC;wBACJ,IAAI,WAAW,IAAI,WAAW,CAAC,SAAS,EAAC,CAAC;4BACxC,SAAS,GAAG,WAAW,CAAC,SAAmB,CAAC;wBAC9C,CAAC;oBACH,CAAC;oBAEK,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;oBAEjG,WAAW,GAAmE;wBAClF,WAAW,EAAE,SAAS;wBACtB,MAAM,EAAE,IAAI;wBACZ,OAAO,EAAE,IAAA,mBAAO,EAAC,SAAS,EAAE,eAAe,CAAC;qBAC7C,CAAC;oBAEF,qCAAqC;oBACrC,0CAA0C;oBAC1C,IAAI,cAAc,EAAE,CAAC;wBACnB,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC;4BAC1B,sBAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAC;wBAC/C,CAAC;wBAGK,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;wBAEnD,QAAQ,GAAG,iBAAO,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;wBAE5G,IAAI,CAAC,QAAQ,EAAE,CAAC;4BACd,mCAAmC;4BACnC,sBAAO,OAAO,CAAC,MAAM,CAAC,2CAA2C,CAAC,EAAC;wBACrE,CAAC;wBAED,WAAW,CAAC,MAAM,GAAG,MAAM,CAAC;oBAC9B,CAAC;oBAKK,MAAM,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;oBAC5C,mBAAmB,GAAG,WAAW,CAAC,OAAO,CAAC;oBAEhD,mBAAmB;oBACnB,IACE,CAAC,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,cAAc,CAAC;2BAC/D,mBAAmB;2BACnB,mBAAmB,CAAC,MAAM,KAAK,MAAM,EACxC,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,EAAC;oBAC9C,CAAC;oBAED,uBAAuB;oBACvB,4DAA4D;oBAC5D,IACE,UAAU,KAAK,cAAc;2BAC1B,mBAAmB,CAAC,YAAY,CAAC,mBAAmB;2BACpD,CAAC,IAAA,sBAAU,EACZ,SAAS,EACT,mBAAmB,CAAC,YAAY,CAAC,mBAAmB,EACpD,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,EAAC;oBAC/C,CAAC;oBAED,eAAe;oBACf,8EAA8E;oBAC9E,IACE,UAAU,KAAK,cAAc;2BAC1B,mBAAmB,CAAC,UAAU;2BAC9B,CAAC,IAAA,sBAAU,EACZ,mBAAmB,CAAC,UAAU,CAAC,SAAS,EACxC,mBAAmB,CAAC,UAAU,CAAC,YAAY,EAC3C,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,yBAAyB,CAAC,EAAC;oBACnD,CAAC;oBAED,sBAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,EAAC;;;;CACrC;AAGD,SAAS,WAAW,CAAC,OAAe,EAAE,UAAkB;IAEtD,6BAA6B;IAC7B,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,IAAI,UAAU,KAAK,SAAS,CAAC,cAAc,EAAE,CAAC;QACrF,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC;IAED,IAAM,MAAM,GAAG,UAAU,KAAK,SAAS,CAAC,YAAY;QAClD,CAAC,CAAC,qCAAyB;QAC3B,CAAC,CAAC,sCAA0B,CAAC;IAEzB,IAAA,KAAgB,IAAA,mBAAO,EAAC,OAAO,EAAE,MAAM,CAAC,EAAvC,GAAG,SAAA,EAAE,MAAM,YAA4B,CAAC;IAE/C,oDAAoD;IACpD,IAAI,GAAG,KAAK,gBAAU,CAAC,OAAO,EAAE,CAAC;QAC/B,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,mDAAmD;IACnD,MAAM,IAAI,KAAK,CAAC,gDAAyC,GAAG,iCAAuB,MAAM,CAAE,CAAC,CAAC;AAC/F,CAAC;AAED,SAAgB,IAAI,CAAC,OAAO;IAE1B,IAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAChC,IAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAEtC,OAAO,CAAC,eAAe,GAAG,CAAC,sBAAgB,CAAC,QAAQ,EAAE,sBAAgB,CAAC,IAAI,EAAE,sBAAgB,CAAC,UAAU,CAAC,CAAC;IAC1G,uCAAuC;IACvC,IAAI,UAAU,KAAK,gBAAU,CAAC,YAAY,EAAE,CAAC;QAC3C,OAAO,CAAC,eAAe,GAAG,CAAC,sBAAgB,CAAC,IAAI,EAAE,sBAAgB,CAAC,QAAQ,EAAE,sBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5G,CAAC;IAED,IAAI,OAAO,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED,IAAI,OAAO,KAAK,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAClC,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,OAAO,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC;QACpC,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,OAAO,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;AAE/C,CAAC"}
|
|
1
|
+
{"version":3,"file":"flow.js","sourceRoot":"","sources":["../../src/flow.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAicA,oBAsBC;AAvdD;;;;;;GAMG;AACH,qCAAwD;AACxD,yCAAyC;AACzC,sDAAgC;AAChC,yCASqB;AAIrB,6BAKe;AAEf,IAAM,QAAQ,GAAG,aAAO,CAAC,OAAO,CAAC;AACjC,IAAM,SAAS,GAAG,aAAO,CAAC,SAAS,CAAC;AAqBpC;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAChC,UAA+B,EAC/B,SAAyB;IAEzB,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,gBAAU,CAAC,WAAW;YACzB,OAAO,8BAAkB,CAAC;QAC5B,KAAK,gBAAU,CAAC,YAAY;YAC1B,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACzC,CAAC;YACD,OAAO,IAAA,+BAAmB,EAAC,SAAS,CAAC,CAAC;QACxC,KAAK,gBAAU,CAAC,aAAa;YAC3B,OAAO,+BAAmB,CAAC;QAC7B,KAAK,gBAAU,CAAC,cAAc;YAC5B,OAAO,gCAAoB,CAAC;QAC9B;YACE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAChD,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAe,YAAY,CAAC,OAAoB;;;;;;;oBACtC,OAAO,GAAoD,OAAO,QAA3D,EAAE,UAAU,GAAwC,OAAO,WAA/C,EAAE,IAAI,GAAkC,OAAO,KAAzC,EAAE,KAAgC,OAAO,eAAlB,EAArB,cAAc,mBAAG,IAAI,KAAA,EAAE,IAAI,GAAK,OAAO,KAAZ,CAAa;oBACnE,KAAK,GAAkB,OAAO,MAAzB,EAAE,WAAW,GAAK,OAAO,YAAZ,CAAa;oBACjC,KAA2C,KAA2C,EAA5E,MAAM,YAAA,EAAa,SAAS,eAAA,CAAiD;oBAEvF,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC;oBAEvC,SAAS,GAAG,iBAAO,CAAC,mBAAmB,CAAC,UAAoB,CAAC,CAAC;oBAC9D,OAAO,GAAI,KAA4C,CAAC,SAAS,CAAC,CAAC;oBAEzE,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;wBAC1B,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAC;oBACjE,CAAC;oBAEK,SAAS,GAAG,IAAA,uBAAa,EAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;;;;oBAG3D,qBAAM,iBAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAA;;oBAAnC,SAAmC,CAAC;;;;oBAEpC,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,EAAC;wBAGtD,qBAAM,WAAW,CAAC,SAAS,EAAE,UAAoB,CAAC,EAAA;;oBAAlD,SAAkD,CAAC;oBAE/C,SAAS,GAAG,EAAE,CAAC;oBAEnB,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,EAAE,CAAC;wBACpC,WAAW,GAAG,IAAA,mBAAO,EAAC,SAAS,EAAE,CAAC;gCACtC,GAAG,EAAE,WAAW;gCAChB,SAAS,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;gCACrC,UAAU,EAAE,EAAE;gCACd,OAAO,EAAE,IAAI;6BACd,CAAC,CAAC,CAAC;wBACJ,IAAI,WAAW,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;4BACzC,SAAS,GAAG,WAAW,CAAC,SAAmB,CAAC;wBAC9C,CAAC;oBACH,CAAC;oBAEK,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;oBAEjG,WAAW,GAAe;wBAC9B,WAAW,EAAE,SAAS;wBACtB,MAAM,EAAE,IAAI;wBACZ,OAAO,EAAE,IAAA,mBAAO,EAAC,SAAS,EAAE,eAAe,CAAC;qBAC7C,CAAC;oBAEF,IAAI,cAAc,EAAE,CAAC;wBACnB,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC;4BAC1B,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,EAAC;wBAC1D,CAAC;wBAEK,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC;wBACvE,YAAY,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;wBAE1C,QAAQ,GAAG,iBAAO,CAAC,sBAAsB,CAC7C,oBAAoB,EACpB,WAAqB,EACrB,eAAe,EACf,MAAM,CACP,CAAC;wBAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;4BACd,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,EAAC;wBAChF,CAAC;wBAED,WAAW,CAAC,MAAM,GAAG,YAAY,CAAC;oBACpC,CAAC;oBAEK,MAAM,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;oBAC5C,mBAAmB,GAAG,WAAW,CAAC,OAAO,CAAC;oBAEhD,IACE,CAAC,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,cAAc,CAAC;2BAC/D,mBAAmB;2BACnB,mBAAmB,CAAC,MAAM,KAAK,MAAM,EACxC,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAC;oBACzD,CAAC;oBAED,0EAA0E;oBAC1E,IACE,UAAU,KAAK,cAAc;4BAC1B,MAAC,mBAAmB,CAAC,YAAmD,0CAAE,mBAAmB,CAAA;2BAC7F,CAAC,IAAA,sBAAU,EACZ,SAAS,EACR,mBAAmB,CAAC,YAAuC,CAAC,mBAAmB,EAChF,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,EAAC;oBAC1D,CAAC;oBAED,gDAAgD;oBAChD,IACE,UAAU,KAAK,cAAc;2BAC1B,mBAAmB,CAAC,UAAU;2BAC9B,CAAC,IAAA,sBAAU,EACX,mBAAmB,CAAC,UAAqC,CAAC,SAAS,EACnE,mBAAmB,CAAC,UAAqC,CAAC,YAAY,EACvE,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAC;oBAC9D,CAAC;oBAED,sBAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,EAAC;;;;CACrC;AAED;;;;GAIG;AACH,SAAe,QAAQ,CAAC,OAAoB;;;;;;;oBAExC,OAAO,GAKL,OAAO,QALF,EACP,IAAI,GAIF,OAAO,KAJL,EACJ,IAAI,GAGF,OAAO,KAHL,EACJ,UAAU,GAER,OAAO,WAFC,EACV,KACE,OAAO,eADY,EAArB,cAAc,mBAAG,IAAI,KAAA,CACX;oBAEJ,IAAI,GAAK,OAAO,KAAZ,CAAa;oBAEnB,SAAS,GAAG,iBAAO,CAAC,mBAAmB,CAAC,UAAoB,CAAC,CAAC;oBAC9D,cAAc,GAAI,IAA2C,CAAC,SAAS,CAAW,CAAC;oBAErF,WAAW,GAAG,MAAM,CAAC,IAAA,sBAAY,EAAC,cAAc,CAAC,CAAC,CAAC;oBAEjD,mBAAmB,GAAG;wBAC1B,QAAQ,EAAE,IAAI,CAAC,UAAU;wBACzB,kBAAkB,EAAE,IAAI,CAAC,aAAa,CAAC,yBAAyB;qBACjE,CAAC;oBAEI,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBAE5D,eAAe,GAAoB,EAAE,CAAC;oBAE1C,qBAAM,iBAAO,CAAC,UAAU,CAAC,WAAW,CAAC,EAAA;;oBAArC,SAAqC,CAAC;oBAEtC,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,EAAE,CAAC;wBAC1C,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;oBAChE,CAAC;oBAED,qBAAM,WAAW,CAAC,WAAW,EAAE,UAAoB,CAAC,EAAA;;oBAApD,SAAoD,CAAC;yBAEjD,cAAc,EAAd,wBAAc;oBACV,KAAA,OAAoC,iBAAO,CAAC,eAAe,CAAC,WAAW,EAAE,mBAAmB,CAAC,IAAA,EAA5F,QAAQ,QAAA,EAAE,qBAAqB,QAAA,CAA8D;yBAGhG,CAAA,eAAe,IAAI,QAAQ,IAAI,UAAU,KAAK,cAAc,IAAI,qBAAqB,CAAA,EAArF,wBAAqF;oBACxE,qBAAM,iBAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,qBAAqB,CAAC,EAAA;;oBAApE,MAAM,GAAG,SAA2D;oBAC1E,WAAW,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;oBACxB,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;;;yBAC1D,CAAA,eAAe,IAAI,CAAC,QAAQ,CAAA,EAA5B,wBAA4B;oBAEtB,qBAAM,iBAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,WAAW,CAAC,EAAA;;oBAA1D,MAAM,GAAG,SAAiD;oBAC1D,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;oBACzB,KAAA,OAAqD,iBAAO,CAAC,eAAe,CAAC,YAAY,EAAE,mBAAmB,CAAC,IAAA,EAA9G,oBAAoB,QAAA,EAAE,0BAA0B,QAAA,CAA+D;oBACtH,IAAI,oBAAoB,EAAE,CAAC;wBACzB,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;oBACtF,CAAC;yBAAM,CAAC;wBACN,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAC;oBACjE,CAAC;;;oBACI,IAAI,QAAQ,EAAE,CAAC;wBACpB,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;oBACjF,CAAC;yBAAM,CAAC;wBACN,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,EAAC;oBACjE,CAAC;;;oBAGG,WAAW,GAAe;wBAC9B,WAAW,aAAA;wBACX,OAAO,EAAE,IAAA,mBAAO,EAAC,WAAW,EAAE,eAAe,CAAC;qBAC/C,CAAC;oBAEI,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC;oBACvC,MAAM,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;oBAC5C,mBAAmB,GAAG,WAAW,CAAC,OAAO,CAAC;oBAEhD,IACE,CAAC,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,cAAc,CAAC;2BAC/D,mBAAmB;2BACnB,mBAAmB,CAAC,MAAM,KAAK,MAAM,EACxC,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAC;oBACzD,CAAC;oBAED,IACE,UAAU,KAAK,cAAc;4BAC1B,MAAC,mBAAmB,CAAC,YAAmD,0CAAE,mBAAmB,CAAA;2BAC7F,CAAC,IAAA,sBAAU,EACZ,SAAS,EACR,mBAAmB,CAAC,YAAuC,CAAC,mBAAmB,EAChF,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,EAAC;oBAC1D,CAAC;oBAED,IACE,UAAU,KAAK,cAAc;2BAC1B,mBAAmB,CAAC,UAAU;2BAC9B,CAAC,IAAA,sBAAU,EACX,mBAAmB,CAAC,UAAqC,CAAC,SAAS,EACnE,mBAAmB,CAAC,UAAqC,CAAC,YAAY,EACvE,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAC;oBAC9D,CAAC;oBAED,sBAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,EAAC;;;;CACrC;AAED;;;GAGG;AACH,SAAe,kBAAkB,CAAC,OAAoB;;;;;;;oBAC5C,OAAO,GAAoD,OAAO,QAA3D,EAAE,UAAU,GAAwC,OAAO,WAA/C,EAAE,IAAI,GAAkC,OAAO,KAAzC,EAAE,KAAgC,OAAO,eAAlB,EAArB,cAAc,mBAAG,IAAI,KAAA,EAAE,IAAI,GAAK,OAAO,KAAZ,CAAa;oBAEnE,IAAI,GAAkB,OAAO,KAAzB,EAAE,WAAW,GAAK,OAAO,YAAZ,CAAa;oBAEhC,oBAAoB,GAAG,IAAI,CAAC,UAAU,CAAC;oBAEvC,SAAS,GAAG,iBAAO,CAAC,mBAAmB,CAAC,UAAoB,CAAC,CAAC;oBAC9D,cAAc,GAAY,IAA+B,CAAC,SAAS,CAAC,CAAC;oBACrE,MAAM,GAAY,IAA+B,CAAC,QAAQ,CAAC,CAAC;oBAC5D,SAAS,GAAY,IAA+B,CAAC,WAAW,CAAC,CAAC;oBAExE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;wBACjC,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC,EAAC;oBACnE,CAAC;oBAEK,SAAS,GAAG,MAAM,CAAC,IAAA,sBAAY,EAAC,cAAc,CAAC,CAAC,CAAC;;;;oBAGrD,qBAAM,iBAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAA;;oBAAnC,SAAmC,CAAC;;;;oBAEpC,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,EAAC;wBAGtD,qBAAM,WAAW,CAAC,SAAS,EAAE,UAAoB,CAAC,EAAA;;oBAAlD,SAAkD,CAAC;oBAE/C,SAAS,GAAG,EAAE,CAAC;oBAEnB,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,EAAE,CAAC;wBACpC,WAAW,GAAG,IAAA,mBAAO,EAAC,SAAS,EAAE,CAAC;gCACtC,GAAG,EAAE,WAAW;gCAChB,SAAS,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC;gCACrC,UAAU,EAAE,EAAE;gCACd,OAAO,EAAE,IAAI;6BACd,CAAC,CAAC,CAAC;wBACJ,IAAI,WAAW,IAAI,WAAW,CAAC,SAAS,EAAE,CAAC;4BACzC,SAAS,GAAG,WAAW,CAAC,SAAmB,CAAC;wBAC9C,CAAC;oBACH,CAAC;oBAEK,eAAe,GAAG,yBAAyB,CAAC,UAAU,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;oBAEjG,WAAW,GAAe;wBAC9B,WAAW,EAAE,SAAS;wBACtB,MAAM,EAAE,IAAI;wBACZ,OAAO,EAAE,IAAA,mBAAO,EAAC,SAAS,EAAE,eAAe,CAAC;qBAC7C,CAAC;oBAEF,IAAI,cAAc,EAAE,CAAC;wBACnB,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC;4BAC1B,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,EAAC;wBAC1D,CAAC;wBAEK,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;wBAEnD,QAAQ,GAAG,iBAAO,CAAC,sBAAsB,CAC7C,oBAAoB,EACpB,WAAqB,EACrB,eAAe,EACf,MAAM,CACP,CAAC;wBAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;4BACd,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,EAAC;wBAChF,CAAC;wBAED,WAAW,CAAC,MAAM,GAAG,MAAM,CAAC;oBAC9B,CAAC;oBAEK,MAAM,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;oBAC5C,mBAAmB,GAAG,WAAW,CAAC,OAAO,CAAC;oBAEhD,IACE,CAAC,UAAU,KAAK,gBAAgB,IAAI,UAAU,KAAK,cAAc,CAAC;2BAC/D,mBAAmB;2BACnB,mBAAmB,CAAC,MAAM,KAAK,MAAM,EACxC,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAC;oBACzD,CAAC;oBAED,IACE,UAAU,KAAK,cAAc;4BAC1B,MAAC,mBAAmB,CAAC,YAAmD,0CAAE,mBAAmB,CAAA;2BAC7F,CAAC,IAAA,sBAAU,EACZ,SAAS,EACR,mBAAmB,CAAC,YAAuC,CAAC,mBAAmB,EAChF,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,EAAC;oBAC1D,CAAC;oBAED,IACE,UAAU,KAAK,cAAc;2BAC1B,mBAAmB,CAAC,UAAU;2BAC9B,CAAC,IAAA,sBAAU,EACX,mBAAmB,CAAC,UAAqC,CAAC,SAAS,EACnE,mBAAmB,CAAC,UAAqC,CAAC,YAAY,EACvE,IAAI,CAAC,aAAa,CAAC,WAAW,CAC/B,EACD,CAAC;wBACD,sBAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAC;oBAC9D,CAAC;oBAED,sBAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,EAAC;;;;CACrC;AAED;;;;;;;GAOG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,UAAkB;IACtD,IAAI,UAAU,KAAK,SAAS,CAAC,YAAY,IAAI,UAAU,KAAK,SAAS,CAAC,cAAc,EAAE,CAAC;QACrF,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC;IAED,IAAM,MAAM,GAAG,UAAU,KAAK,SAAS,CAAC,YAAY;QAClD,CAAC,CAAC,qCAAyB;QAC3B,CAAC,CAAC,sCAA0B,CAAC;IAEzB,IAAA,KAAkB,IAAA,mBAAO,EAAC,OAAO,EAAE,MAAM,CAAsC,EAA7E,GAAG,SAAA,EAAE,MAAM,YAAkE,CAAC;IAEtF,IAAI,GAAG,KAAK,gBAAU,CAAC,OAAO,EAAE,CAAC;QAC/B,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,gDAAyC,GAAG,iCAAuB,MAAM,CAAE,CAAC,CAAC;AAC/F,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,IAAI,CAAC,OAAoB;IACvC,IAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAChC,IAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAEtC,OAAO,CAAC,eAAe,GAAG,CAAC,sBAAgB,CAAC,QAAQ,EAAE,sBAAgB,CAAC,IAAI,EAAE,sBAAgB,CAAC,UAAU,CAAC,CAAC;IAC1G,IAAI,UAAU,KAAK,gBAAU,CAAC,YAAY,EAAE,CAAC;QAC3C,OAAO,CAAC,eAAe,GAAG,CAAC,sBAAgB,CAAC,IAAI,EAAE,sBAAgB,CAAC,QAAQ,EAAE,sBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5G,CAAC;IAED,IAAI,OAAO,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC9B,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAED,IAAI,OAAO,KAAK,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAClC,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,OAAO,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC;QACpC,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;AAC1D,CAAC"}
|