xypriss 2.3.6 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +21 -19
- package/dist/cjs/mods/security/src/index.js +1 -1
- package/dist/cjs/src/cluster/modules/CrossPlatformMemory.js +2 -2
- package/dist/cjs/src/cluster/modules/CrossPlatformMemory.js.map +1 -1
- package/dist/cjs/src/middleware/built-in/BuiltInMiddleware.js +51 -2
- package/dist/cjs/src/middleware/built-in/BuiltInMiddleware.js.map +1 -1
- package/dist/cjs/src/middleware/built-in/security/BrowserOnlyProtector.js +550 -0
- package/dist/cjs/src/middleware/built-in/security/BrowserOnlyProtector.js.map +1 -0
- package/dist/cjs/src/middleware/built-in/security/TerminalOnlyProtector.js +477 -0
- package/dist/cjs/src/middleware/built-in/security/TerminalOnlyProtector.js.map +1 -0
- package/dist/cjs/src/middleware/security-middleware.js +238 -81
- package/dist/cjs/src/middleware/security-middleware.js.map +1 -1
- package/dist/cjs/src/server/components/fastapi/templates/redirectTemp.js +1 -1
- package/dist/cjs/src/server/const/default.js +1 -1
- package/dist/cjs/src/server/const/default.js.map +1 -1
- package/dist/esm/mods/security/src/index.js +1 -1
- package/dist/esm/src/cluster/modules/CrossPlatformMemory.js +2 -2
- package/dist/esm/src/cluster/modules/CrossPlatformMemory.js.map +1 -1
- package/dist/esm/src/middleware/built-in/BuiltInMiddleware.js +51 -2
- package/dist/esm/src/middleware/built-in/BuiltInMiddleware.js.map +1 -1
- package/dist/esm/src/middleware/built-in/security/BrowserOnlyProtector.js +548 -0
- package/dist/esm/src/middleware/built-in/security/BrowserOnlyProtector.js.map +1 -0
- package/dist/esm/src/middleware/built-in/security/TerminalOnlyProtector.js +475 -0
- package/dist/esm/src/middleware/built-in/security/TerminalOnlyProtector.js.map +1 -0
- package/dist/esm/src/middleware/security-middleware.js +238 -81
- package/dist/esm/src/middleware/security-middleware.js.map +1 -1
- package/dist/esm/src/server/components/fastapi/templates/redirectTemp.js +1 -1
- package/dist/esm/src/server/const/default.js +1 -1
- package/dist/esm/src/server/const/default.js.map +1 -1
- package/dist/index.d.ts +187 -6
- package/package.json +6 -5
- package/scripts/install-memory-cli.js +1 -1
|
@@ -0,0 +1,475 @@
|
|
|
1
|
+
import { Logger } from '../../../../shared/logger/Logger.js';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Terminal-Only Protector - Enhanced Version
|
|
5
|
+
* Aggressively blocks browser requests while allowing terminal/API tools
|
|
6
|
+
* Perfect for API-only endpoints or development tools
|
|
7
|
+
*/
|
|
8
|
+
class TerminalOnlyProtector {
|
|
9
|
+
constructor(options = {}, logger) {
|
|
10
|
+
// Known legitimate API tools and their patterns
|
|
11
|
+
this.KNOWN_API_TOOLS = [
|
|
12
|
+
"curl",
|
|
13
|
+
"wget",
|
|
14
|
+
"httpie",
|
|
15
|
+
"postman",
|
|
16
|
+
"insomnia",
|
|
17
|
+
"axios",
|
|
18
|
+
"fetch",
|
|
19
|
+
"node-fetch",
|
|
20
|
+
"got",
|
|
21
|
+
"superagent",
|
|
22
|
+
"python-requests",
|
|
23
|
+
"python-urllib",
|
|
24
|
+
"java/",
|
|
25
|
+
"okhttp",
|
|
26
|
+
"rest-client",
|
|
27
|
+
"paw",
|
|
28
|
+
"thunder client",
|
|
29
|
+
"advanced rest client",
|
|
30
|
+
"go-http-client",
|
|
31
|
+
"ruby",
|
|
32
|
+
"perl",
|
|
33
|
+
"php",
|
|
34
|
+
"dart",
|
|
35
|
+
"kotlin",
|
|
36
|
+
"swift",
|
|
37
|
+
"apache-httpclient",
|
|
38
|
+
"jetty",
|
|
39
|
+
"k6/",
|
|
40
|
+
"jmeter",
|
|
41
|
+
"gatling",
|
|
42
|
+
"artillery",
|
|
43
|
+
];
|
|
44
|
+
// Browser engine signatures (highly specific to avoid false positives)
|
|
45
|
+
this.BROWSER_ENGINES = [
|
|
46
|
+
"gecko/",
|
|
47
|
+
"applewebkit/",
|
|
48
|
+
"webkit/",
|
|
49
|
+
"blink/",
|
|
50
|
+
"trident/",
|
|
51
|
+
"edgehtml/",
|
|
52
|
+
];
|
|
53
|
+
// Known browser names (specific versions to avoid false positives)
|
|
54
|
+
this.BROWSER_NAMES = [
|
|
55
|
+
"firefox/",
|
|
56
|
+
"chrome/",
|
|
57
|
+
"safari/",
|
|
58
|
+
"edge/",
|
|
59
|
+
"opera/",
|
|
60
|
+
"chromium/",
|
|
61
|
+
"brave/",
|
|
62
|
+
"vivaldi/",
|
|
63
|
+
"seamonkey/",
|
|
64
|
+
"palemoon/",
|
|
65
|
+
];
|
|
66
|
+
this.config = {
|
|
67
|
+
blockSecFetch: true,
|
|
68
|
+
allowedTools: [],
|
|
69
|
+
blockBrowserIndicators: true,
|
|
70
|
+
requireSimpleAccept: false,
|
|
71
|
+
errorMessage: "Terminal/API access required. Browser access blocked.",
|
|
72
|
+
statusCode: 403,
|
|
73
|
+
debug: false,
|
|
74
|
+
strictness: "normal",
|
|
75
|
+
enableFingerprinting: true,
|
|
76
|
+
minConfidenceScore: 70,
|
|
77
|
+
...options,
|
|
78
|
+
};
|
|
79
|
+
if (options.customValidator !== undefined) {
|
|
80
|
+
this.config.customValidator = options.customValidator;
|
|
81
|
+
}
|
|
82
|
+
this.logger =
|
|
83
|
+
logger ||
|
|
84
|
+
new Logger({
|
|
85
|
+
enabled: true,
|
|
86
|
+
level: "debug",
|
|
87
|
+
components: { security: true },
|
|
88
|
+
types: { debug: true },
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Get the terminal-only middleware function
|
|
93
|
+
*/
|
|
94
|
+
getMiddleware() {
|
|
95
|
+
return (req, res, next) => {
|
|
96
|
+
this.handleRequest(req, res, next);
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Handle incoming request and determine if it's from a terminal/API tool
|
|
101
|
+
*/
|
|
102
|
+
handleRequest(req, res, next) {
|
|
103
|
+
this.logger.debug("security", "TermOn middleware called for request");
|
|
104
|
+
if (this.config.debug) {
|
|
105
|
+
this.logRequestDetails(req);
|
|
106
|
+
}
|
|
107
|
+
// Custom validator takes precedence
|
|
108
|
+
if (this.config.customValidator &&
|
|
109
|
+
typeof this.config.customValidator === "function") {
|
|
110
|
+
if (!this.config.customValidator(req)) {
|
|
111
|
+
return this.blockRequest(res, "TERMINAL_ONLY", "Custom validator failed");
|
|
112
|
+
}
|
|
113
|
+
return next();
|
|
114
|
+
}
|
|
115
|
+
// Check whitelist first if configured
|
|
116
|
+
if (this.config.allowedTools && this.config.allowedTools.length > 0) {
|
|
117
|
+
if (!this.isAllowedTool(req)) {
|
|
118
|
+
return this.blockRequest(res, "TOOL_NOT_ALLOWED", `Tool not in allowed list. Allowed tools: ${this.config.allowedTools.join(", ")}`);
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
// Run comprehensive detection
|
|
122
|
+
const detection = this.detectRequestType(req);
|
|
123
|
+
if (this.config.debug) {
|
|
124
|
+
this.logger.debug("security", "Detection result", {
|
|
125
|
+
isBrowser: detection.isBrowser,
|
|
126
|
+
confidence: detection.confidence,
|
|
127
|
+
reasons: detection.reasons,
|
|
128
|
+
indicators: detection.indicators,
|
|
129
|
+
});
|
|
130
|
+
}
|
|
131
|
+
// Block if detected as browser with sufficient confidence
|
|
132
|
+
if (detection.isBrowser &&
|
|
133
|
+
detection.confidence >= this.config.minConfidenceScore) {
|
|
134
|
+
return this.blockRequest(res, "BROWSER_DETECTED", `Browser detected with ${detection.confidence}% confidence: ${detection.reasons.join(", ")}`);
|
|
135
|
+
}
|
|
136
|
+
// If we get here, it's likely a terminal/API request - allow it
|
|
137
|
+
next();
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* Comprehensive browser detection with confidence scoring
|
|
141
|
+
*/
|
|
142
|
+
detectRequestType(req) {
|
|
143
|
+
const result = {
|
|
144
|
+
isBrowser: false,
|
|
145
|
+
confidence: 0,
|
|
146
|
+
reasons: [],
|
|
147
|
+
indicators: [],
|
|
148
|
+
};
|
|
149
|
+
let score = 0;
|
|
150
|
+
const maxScore = this.calculateMaxScore();
|
|
151
|
+
// 1. Sec-Fetch headers (browsers only, very reliable - 30 points)
|
|
152
|
+
if (this.config.blockSecFetch && this.hasSecFetchHeaders(req)) {
|
|
153
|
+
score += 30;
|
|
154
|
+
result.reasons.push("Sec-Fetch headers present");
|
|
155
|
+
result.indicators.push("sec-fetch");
|
|
156
|
+
}
|
|
157
|
+
// 2. Browser engine detection (very reliable - 25 points)
|
|
158
|
+
const engineDetection = this.detectBrowserEngine(req);
|
|
159
|
+
if (engineDetection.detected) {
|
|
160
|
+
score += 25;
|
|
161
|
+
result.reasons.push(`Browser engine: ${engineDetection.engine}`);
|
|
162
|
+
result.indicators.push("browser-engine");
|
|
163
|
+
}
|
|
164
|
+
// 3. Browser name detection (reliable - 20 points)
|
|
165
|
+
const browserDetection = this.detectBrowserName(req);
|
|
166
|
+
if (browserDetection.detected) {
|
|
167
|
+
score += 20;
|
|
168
|
+
result.reasons.push(`Browser: ${browserDetection.name}`);
|
|
169
|
+
result.indicators.push("browser-name");
|
|
170
|
+
}
|
|
171
|
+
// 4. Complex Accept header (moderately reliable - 15 points)
|
|
172
|
+
if (this.hasComplexAcceptHeader(req)) {
|
|
173
|
+
score += 15;
|
|
174
|
+
result.reasons.push("Complex Accept header");
|
|
175
|
+
result.indicators.push("complex-accept");
|
|
176
|
+
}
|
|
177
|
+
// 5. Origin/Referer headers (reliable - 20 points)
|
|
178
|
+
if (this.hasNavigationHeaders(req)) {
|
|
179
|
+
score += 20;
|
|
180
|
+
result.reasons.push("Navigation headers present");
|
|
181
|
+
result.indicators.push("navigation-headers");
|
|
182
|
+
}
|
|
183
|
+
// 6. Accept-Language patterns (moderately reliable - 15 points)
|
|
184
|
+
if (this.hasBrowserLanguagePattern(req)) {
|
|
185
|
+
score += 15;
|
|
186
|
+
result.reasons.push("Browser-style language preferences");
|
|
187
|
+
result.indicators.push("accept-language");
|
|
188
|
+
}
|
|
189
|
+
// 7. Cache control patterns (moderately reliable - 10 points)
|
|
190
|
+
if (this.hasBrowserCachePattern(req)) {
|
|
191
|
+
score += 10;
|
|
192
|
+
result.reasons.push("Browser cache patterns");
|
|
193
|
+
result.indicators.push("cache-control");
|
|
194
|
+
}
|
|
195
|
+
// 8. Connection header patterns (less reliable - 10 points)
|
|
196
|
+
if (this.hasBrowserConnectionPattern(req)) {
|
|
197
|
+
score += 10;
|
|
198
|
+
result.reasons.push("Browser connection patterns");
|
|
199
|
+
result.indicators.push("connection");
|
|
200
|
+
}
|
|
201
|
+
// 9. DNT (Do Not Track) header (browsers only - 10 points)
|
|
202
|
+
if (this.hasDNTHeader(req)) {
|
|
203
|
+
score += 10;
|
|
204
|
+
result.reasons.push("DNT header present");
|
|
205
|
+
result.indicators.push("dnt");
|
|
206
|
+
}
|
|
207
|
+
// 10. Upgrade-Insecure-Requests (browsers only - 10 points)
|
|
208
|
+
if (this.hasUpgradeInsecureRequests(req)) {
|
|
209
|
+
score += 10;
|
|
210
|
+
result.reasons.push("Upgrade-Insecure-Requests header");
|
|
211
|
+
result.indicators.push("upgrade-insecure");
|
|
212
|
+
}
|
|
213
|
+
// 11. Accept-Encoding patterns (less reliable - 5 points)
|
|
214
|
+
if (this.hasBrowserEncodingPattern(req)) {
|
|
215
|
+
score += 5;
|
|
216
|
+
result.reasons.push("Browser encoding patterns");
|
|
217
|
+
result.indicators.push("accept-encoding");
|
|
218
|
+
}
|
|
219
|
+
// 12. Check for known API tools (negative scoring - reduces confidence)
|
|
220
|
+
if (this.isKnownAPITool(req)) {
|
|
221
|
+
score = Math.max(0, score - 40); // Reduce score significantly
|
|
222
|
+
result.reasons.push("Known API tool detected");
|
|
223
|
+
result.indicators.push("api-tool");
|
|
224
|
+
}
|
|
225
|
+
// 13. Allowed tools whitelist check
|
|
226
|
+
if (this.config.allowedTools && this.config.allowedTools.length > 0) {
|
|
227
|
+
if (!this.isAllowedTool(req)) {
|
|
228
|
+
score += 10;
|
|
229
|
+
result.reasons.push("Tool not in whitelist");
|
|
230
|
+
result.indicators.push("not-whitelisted");
|
|
231
|
+
}
|
|
232
|
+
else {
|
|
233
|
+
score = Math.max(0, score - 30);
|
|
234
|
+
result.reasons.push("Tool in whitelist");
|
|
235
|
+
result.indicators.push("whitelisted");
|
|
236
|
+
}
|
|
237
|
+
}
|
|
238
|
+
// Calculate confidence percentage
|
|
239
|
+
result.confidence = Math.round((score / maxScore) * 100);
|
|
240
|
+
result.isBrowser = result.confidence >= this.config.minConfidenceScore;
|
|
241
|
+
// Apply strictness modifiers
|
|
242
|
+
if (this.config.strictness === "high" && result.confidence >= 50) {
|
|
243
|
+
result.isBrowser = true;
|
|
244
|
+
}
|
|
245
|
+
else if (this.config.strictness === "paranoid" &&
|
|
246
|
+
result.confidence >= 30) {
|
|
247
|
+
result.isBrowser = true;
|
|
248
|
+
}
|
|
249
|
+
return result;
|
|
250
|
+
}
|
|
251
|
+
/**
|
|
252
|
+
* Calculate maximum possible score based on configuration
|
|
253
|
+
*/
|
|
254
|
+
calculateMaxScore() {
|
|
255
|
+
return 180; // Sum of all positive scoring checks
|
|
256
|
+
}
|
|
257
|
+
/**
|
|
258
|
+
* Check for Sec-Fetch headers (browsers only)
|
|
259
|
+
*/
|
|
260
|
+
hasSecFetchHeaders(req) {
|
|
261
|
+
return !!(req.headers["sec-fetch-dest"] ||
|
|
262
|
+
req.headers["sec-fetch-mode"] ||
|
|
263
|
+
req.headers["sec-fetch-site"] ||
|
|
264
|
+
req.headers["sec-fetch-user"]);
|
|
265
|
+
}
|
|
266
|
+
/**
|
|
267
|
+
* Detect browser engine with high specificity
|
|
268
|
+
*/
|
|
269
|
+
detectBrowserEngine(req) {
|
|
270
|
+
const userAgent = (req.headers["user-agent"] || "").toLowerCase();
|
|
271
|
+
for (const engine of this.BROWSER_ENGINES) {
|
|
272
|
+
if (userAgent.includes(engine)) {
|
|
273
|
+
return { detected: true, engine };
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
return { detected: false, engine: "" };
|
|
277
|
+
}
|
|
278
|
+
/**
|
|
279
|
+
* Detect browser name with version specificity
|
|
280
|
+
*/
|
|
281
|
+
detectBrowserName(req) {
|
|
282
|
+
const userAgent = (req.headers["user-agent"] || "").toLowerCase();
|
|
283
|
+
for (const browser of this.BROWSER_NAMES) {
|
|
284
|
+
if (userAgent.includes(browser)) {
|
|
285
|
+
return { detected: true, name: browser };
|
|
286
|
+
}
|
|
287
|
+
}
|
|
288
|
+
return { detected: false, name: "" };
|
|
289
|
+
}
|
|
290
|
+
/**
|
|
291
|
+
* Check for complex Accept header (browsers send detailed MIME types)
|
|
292
|
+
*/
|
|
293
|
+
hasComplexAcceptHeader(req) {
|
|
294
|
+
const accept = req.headers["accept"] || "";
|
|
295
|
+
// Browsers typically send text/html with high priority
|
|
296
|
+
if (accept.includes("text/html") && accept.includes("q=")) {
|
|
297
|
+
return true;
|
|
298
|
+
}
|
|
299
|
+
// Multiple MIME types with quality values
|
|
300
|
+
const parts = accept.split(",");
|
|
301
|
+
if (parts.length >= 4) {
|
|
302
|
+
return true;
|
|
303
|
+
}
|
|
304
|
+
// Check for browser-specific MIME type combinations
|
|
305
|
+
if (accept.includes("application/xhtml+xml") ||
|
|
306
|
+
accept.includes("application/xml;q=") ||
|
|
307
|
+
accept.includes("image/webp") ||
|
|
308
|
+
accept.includes("image/apng")) {
|
|
309
|
+
return true;
|
|
310
|
+
}
|
|
311
|
+
return false;
|
|
312
|
+
}
|
|
313
|
+
/**
|
|
314
|
+
* Check for navigation headers (Origin/Referer)
|
|
315
|
+
*/
|
|
316
|
+
hasNavigationHeaders(req) {
|
|
317
|
+
return !!(req.headers["origin"] || req.headers["referer"]);
|
|
318
|
+
}
|
|
319
|
+
/**
|
|
320
|
+
* Check for browser-style language patterns
|
|
321
|
+
*/
|
|
322
|
+
hasBrowserLanguagePattern(req) {
|
|
323
|
+
const acceptLanguage = req.headers["accept-language"];
|
|
324
|
+
if (!acceptLanguage) {
|
|
325
|
+
return false;
|
|
326
|
+
}
|
|
327
|
+
// Browsers send multiple languages with quality values
|
|
328
|
+
if (acceptLanguage.includes("q=") &&
|
|
329
|
+
acceptLanguage.split(",").length >= 2) {
|
|
330
|
+
return true;
|
|
331
|
+
}
|
|
332
|
+
// Check for region-specific language codes (e.g., en-US, fr-FR)
|
|
333
|
+
if (/[a-z]{2}-[A-Z]{2}/.test(acceptLanguage)) {
|
|
334
|
+
return true;
|
|
335
|
+
}
|
|
336
|
+
return false;
|
|
337
|
+
}
|
|
338
|
+
/**
|
|
339
|
+
* Check for browser cache control patterns
|
|
340
|
+
*/
|
|
341
|
+
hasBrowserCachePattern(req) {
|
|
342
|
+
const cacheControl = req.headers["cache-control"];
|
|
343
|
+
const pragma = req.headers["pragma"];
|
|
344
|
+
// Browsers often send max-age=0 or no-cache
|
|
345
|
+
if (cacheControl &&
|
|
346
|
+
(cacheControl.includes("max-age=0") || cacheControl === "no-cache")) {
|
|
347
|
+
return true;
|
|
348
|
+
}
|
|
349
|
+
// Pragma: no-cache is browser behavior
|
|
350
|
+
if (pragma === "no-cache") {
|
|
351
|
+
return true;
|
|
352
|
+
}
|
|
353
|
+
return false;
|
|
354
|
+
}
|
|
355
|
+
/**
|
|
356
|
+
* Check for browser connection patterns
|
|
357
|
+
*/
|
|
358
|
+
hasBrowserConnectionPattern(req) {
|
|
359
|
+
const connection = (req.headers["connection"] || "").toLowerCase();
|
|
360
|
+
// Browsers typically use keep-alive
|
|
361
|
+
return connection === "keep-alive";
|
|
362
|
+
}
|
|
363
|
+
/**
|
|
364
|
+
* Check for DNT (Do Not Track) header
|
|
365
|
+
*/
|
|
366
|
+
hasDNTHeader(req) {
|
|
367
|
+
return !!req.headers["dnt"];
|
|
368
|
+
}
|
|
369
|
+
/**
|
|
370
|
+
* Check for Upgrade-Insecure-Requests header
|
|
371
|
+
*/
|
|
372
|
+
hasUpgradeInsecureRequests(req) {
|
|
373
|
+
return req.headers["upgrade-insecure-requests"] === "1";
|
|
374
|
+
}
|
|
375
|
+
/**
|
|
376
|
+
* Check for browser encoding patterns
|
|
377
|
+
*/
|
|
378
|
+
hasBrowserEncodingPattern(req) {
|
|
379
|
+
const encoding = req.headers["accept-encoding"] || "";
|
|
380
|
+
// Browsers typically support multiple encodings including br (Brotli)
|
|
381
|
+
if (encoding.includes("br") || encoding.split(",").length >= 3) {
|
|
382
|
+
return true;
|
|
383
|
+
}
|
|
384
|
+
return false;
|
|
385
|
+
}
|
|
386
|
+
/**
|
|
387
|
+
* Check if request is from a known API tool
|
|
388
|
+
*/
|
|
389
|
+
isKnownAPITool(req) {
|
|
390
|
+
const userAgent = (req.headers["user-agent"] || "").toLowerCase();
|
|
391
|
+
return this.KNOWN_API_TOOLS.some((tool) => userAgent.includes(tool));
|
|
392
|
+
}
|
|
393
|
+
/**
|
|
394
|
+
* Check if request has browser indicators (legacy method, now uses comprehensive detection)
|
|
395
|
+
*/
|
|
396
|
+
hasBrowserIndicators(req) {
|
|
397
|
+
const detection = this.detectRequestType(req);
|
|
398
|
+
return detection.isBrowser;
|
|
399
|
+
}
|
|
400
|
+
/**
|
|
401
|
+
* Check if the tool is in the allowed list
|
|
402
|
+
*/
|
|
403
|
+
isAllowedTool(req) {
|
|
404
|
+
const userAgent = (req.headers["user-agent"] || "").toLowerCase();
|
|
405
|
+
return this.config.allowedTools.some((allowedTool) => {
|
|
406
|
+
const pattern = new RegExp(allowedTool.toLowerCase().replace(/\*/g, ".*"), "i");
|
|
407
|
+
return pattern.test(userAgent);
|
|
408
|
+
});
|
|
409
|
+
}
|
|
410
|
+
/**
|
|
411
|
+
* Check if Accept header is simple (typical of API tools)
|
|
412
|
+
*/
|
|
413
|
+
hasSimpleAccept(req) {
|
|
414
|
+
const accept = req.headers["accept"] || "";
|
|
415
|
+
return (accept === "*/*" ||
|
|
416
|
+
accept === "application/json" ||
|
|
417
|
+
accept === "text/plain" ||
|
|
418
|
+
accept.split(",").length <= 2);
|
|
419
|
+
}
|
|
420
|
+
/**
|
|
421
|
+
* Log detailed request information for debugging
|
|
422
|
+
*/
|
|
423
|
+
logRequestDetails(req) {
|
|
424
|
+
this.logger.debug("security", "TermOn analyzing request", {
|
|
425
|
+
secFetchDest: req.headers["sec-fetch-dest"],
|
|
426
|
+
secFetchMode: req.headers["sec-fetch-mode"],
|
|
427
|
+
accept: req.headers["accept"]?.substring(0, 150),
|
|
428
|
+
acceptLanguage: req.headers["accept-language"],
|
|
429
|
+
acceptEncoding: req.headers["accept-encoding"],
|
|
430
|
+
origin: req.headers["origin"],
|
|
431
|
+
});
|
|
432
|
+
}
|
|
433
|
+
/**
|
|
434
|
+
* Block the request with appropriate error response
|
|
435
|
+
*/
|
|
436
|
+
blockRequest(res, code, details) {
|
|
437
|
+
const isDevelopment = this.config.debug;
|
|
438
|
+
const response = {
|
|
439
|
+
error: isDevelopment ? this.config.errorMessage : "Access denied",
|
|
440
|
+
timestamp: new Date().toISOString(),
|
|
441
|
+
code: "NEHONIXYPTERM01",
|
|
442
|
+
};
|
|
443
|
+
if (isDevelopment) {
|
|
444
|
+
response.xypriss = {
|
|
445
|
+
module: "TerminalOnly",
|
|
446
|
+
code,
|
|
447
|
+
details,
|
|
448
|
+
userAgent: res.req?.headers["user-agent"]?.substring(0, 100),
|
|
449
|
+
};
|
|
450
|
+
}
|
|
451
|
+
if (this.config.debug) {
|
|
452
|
+
this.logger.debug("security", "TerminalOnly blocking request", {
|
|
453
|
+
code,
|
|
454
|
+
details,
|
|
455
|
+
userAgent: res.req?.headers["user-agent"]?.substring(0, 100),
|
|
456
|
+
});
|
|
457
|
+
}
|
|
458
|
+
res.status(this.config.statusCode).json(response);
|
|
459
|
+
}
|
|
460
|
+
/**
|
|
461
|
+
* Update configuration
|
|
462
|
+
*/
|
|
463
|
+
updateConfig(newConfig) {
|
|
464
|
+
this.config = { ...this.config, ...newConfig };
|
|
465
|
+
}
|
|
466
|
+
/**
|
|
467
|
+
* Get current configuration
|
|
468
|
+
*/
|
|
469
|
+
getConfig() {
|
|
470
|
+
return { ...this.config };
|
|
471
|
+
}
|
|
472
|
+
}
|
|
473
|
+
|
|
474
|
+
export { TerminalOnlyProtector };
|
|
475
|
+
//# sourceMappingURL=TerminalOnlyProtector.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TerminalOnlyProtector.js","sources":["../../../../../../src/middleware/built-in/security/TerminalOnlyProtector.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAAA;;;;AAIG;MAoCU,qBAAqB,CAAA;IA+D9B,WAAY,CAAA,OAAA,GAA8B,EAAE,EAAE,MAAe,EAAA;;AA1D5C,QAAA,IAAA,CAAA,eAAe,GAAG;YAC/B,MAAM;YACN,MAAM;YACN,QAAQ;YACR,SAAS;YACT,UAAU;YACV,OAAO;YACP,OAAO;YACP,YAAY;YACZ,KAAK;YACL,YAAY;YACZ,iBAAiB;YACjB,eAAe;YACf,OAAO;YACP,QAAQ;YACR,aAAa;YACb,KAAK;YACL,gBAAgB;YAChB,sBAAsB;YACtB,gBAAgB;YAChB,MAAM;YACN,MAAM;YACN,KAAK;YACL,MAAM;YACN,QAAQ;YACR,OAAO;YACP,mBAAmB;YACnB,OAAO;YACP,KAAK;YACL,QAAQ;YACR,SAAS;YACT,WAAW;SACd,CAAC;;AAGe,QAAA,IAAA,CAAA,eAAe,GAAG;YAC/B,QAAQ;YACR,cAAc;YACd,SAAS;YACT,QAAQ;YACR,UAAU;YACV,WAAW;SACd,CAAC;;AAGe,QAAA,IAAA,CAAA,aAAa,GAAG;YAC7B,UAAU;YACV,SAAS;YACT,SAAS;YACT,OAAO;YACP,QAAQ;YACR,WAAW;YACX,QAAQ;YACR,UAAU;YACV,YAAY;YACZ,WAAW;SACd,CAAC;QAGE,IAAI,CAAC,MAAM,GAAG;AACV,YAAA,aAAa,EAAE,IAAI;AACnB,YAAA,YAAY,EAAE,EAAE;AAChB,YAAA,sBAAsB,EAAE,IAAI;AAC5B,YAAA,mBAAmB,EAAE,KAAK;AAC1B,YAAA,YAAY,EACR,uDAAuD;AAC3D,YAAA,UAAU,EAAE,GAAG;AACf,YAAA,KAAK,EAAE,KAAK;AACZ,YAAA,UAAU,EAAE,QAAQ;AACpB,YAAA,oBAAoB,EAAE,IAAI;AAC1B,YAAA,kBAAkB,EAAE,EAAE;AACtB,YAAA,GAAG,OAAO;SACb,CAAC;AAEF,QAAA,IAAI,OAAO,CAAC,eAAe,KAAK,SAAS,EAAE;YACvC,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;SACzD;AAED,QAAA,IAAI,CAAC,MAAM;YACP,MAAM;AACN,gBAAA,IAAI,MAAM,CAAC;AACP,oBAAA,OAAO,EAAE,IAAI;AACb,oBAAA,KAAK,EAAE,OAAO;AACd,oBAAA,UAAU,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;AAC9B,oBAAA,KAAK,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;AACzB,iBAAA,CAAC,CAAC;KACV;AAED;;AAEG;IACI,aAAa,GAAA;AAChB,QAAA,OAAO,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,KAAI;YACrC,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;AACvC,SAAC,CAAC;KACL;AAED;;AAEG;AACK,IAAA,aAAa,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAA;QAC/C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,sCAAsC,CAAC,CAAC;AAEtE,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;AACnB,YAAA,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;SAC/B;;AAGD,QAAA,IACI,IAAI,CAAC,MAAM,CAAC,eAAe;YAC3B,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,KAAK,UAAU,EACnD;YACE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE;gBACnC,OAAO,IAAI,CAAC,YAAY,CACpB,GAAG,EACH,eAAe,EACf,yBAAyB,CAC5B,CAAC;aACL;YACD,OAAO,IAAI,EAAE,CAAC;SACjB;;AAGD,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;YACjE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE;gBAC1B,OAAO,IAAI,CAAC,YAAY,CACpB,GAAG,EACH,kBAAkB,EAClB,CAA4C,yCAAA,EAAA,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CACrE,IAAI,CACP,CAAE,CAAA,CACN,CAAC;aACL;SACJ;;QAGD,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;AAE9C,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACnB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,kBAAkB,EAAE;gBAC9C,SAAS,EAAE,SAAS,CAAC,SAAS;gBAC9B,UAAU,EAAE,SAAS,CAAC,UAAU;gBAChC,OAAO,EAAE,SAAS,CAAC,OAAO;gBAC1B,UAAU,EAAE,SAAS,CAAC,UAAU;AACnC,aAAA,CAAC,CAAC;SACN;;QAGD,IACI,SAAS,CAAC,SAAS;YACnB,SAAS,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAmB,EACzD;YACE,OAAO,IAAI,CAAC,YAAY,CACpB,GAAG,EACH,kBAAkB,EAClB,CAAA,sBAAA,EACI,SAAS,CAAC,UACd,CAAiB,cAAA,EAAA,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAE,CAAA,CAClD,CAAC;SACL;;AAGD,QAAA,IAAI,EAAE,CAAC;KACV;AAED;;AAEG;AACK,IAAA,iBAAiB,CAAC,GAAQ,EAAA;AAC9B,QAAA,MAAM,MAAM,GAAoB;AAC5B,YAAA,SAAS,EAAE,KAAK;AAChB,YAAA,UAAU,EAAE,CAAC;AACb,YAAA,OAAO,EAAE,EAAE;AACX,YAAA,UAAU,EAAE,EAAE;SACjB,CAAC;QAEF,IAAI,KAAK,GAAG,CAAC,CAAC;AACd,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;;AAG1C,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE;YAC3D,KAAK,IAAI,EAAE,CAAC;AACZ,YAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;AACjD,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;SACvC;;QAGD,MAAM,eAAe,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;AACtD,QAAA,IAAI,eAAe,CAAC,QAAQ,EAAE;YAC1B,KAAK,IAAI,EAAE,CAAC;YACZ,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAmB,gBAAA,EAAA,eAAe,CAAC,MAAM,CAAE,CAAA,CAAC,CAAC;AACjE,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;SAC5C;;QAGD,MAAM,gBAAgB,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;AACrD,QAAA,IAAI,gBAAgB,CAAC,QAAQ,EAAE;YAC3B,KAAK,IAAI,EAAE,CAAC;YACZ,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAY,SAAA,EAAA,gBAAgB,CAAC,IAAI,CAAE,CAAA,CAAC,CAAC;AACzD,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;SAC1C;;AAGD,QAAA,IAAI,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,EAAE;YAClC,KAAK,IAAI,EAAE,CAAC;AACZ,YAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;AAC7C,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;SAC5C;;AAGD,QAAA,IAAI,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE;YAChC,KAAK,IAAI,EAAE,CAAC;AACZ,YAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;AAClD,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;SAChD;;AAGD,QAAA,IAAI,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,EAAE;YACrC,KAAK,IAAI,EAAE,CAAC;AACZ,YAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;AAC1D,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;SAC7C;;AAGD,QAAA,IAAI,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,EAAE;YAClC,KAAK,IAAI,EAAE,CAAC;AACZ,YAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;AAC9C,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;SAC3C;;AAGD,QAAA,IAAI,IAAI,CAAC,2BAA2B,CAAC,GAAG,CAAC,EAAE;YACvC,KAAK,IAAI,EAAE,CAAC;AACZ,YAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;AACnD,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;SACxC;;AAGD,QAAA,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE;YACxB,KAAK,IAAI,EAAE,CAAC;AACZ,YAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;AAC1C,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;SACjC;;AAGD,QAAA,IAAI,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,EAAE;YACtC,KAAK,IAAI,EAAE,CAAC;AACZ,YAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;AACxD,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;SAC9C;;AAGD,QAAA,IAAI,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,EAAE;YACrC,KAAK,IAAI,CAAC,CAAC;AACX,YAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;AACjD,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;SAC7C;;AAGD,QAAA,IAAI,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE;AAC1B,YAAA,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,CAAC;AAChC,YAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;AAC/C,YAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACtC;;AAGD,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;YACjE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE;gBAC1B,KAAK,IAAI,EAAE,CAAC;AACZ,gBAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;AAC7C,gBAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;aAC7C;iBAAM;gBACH,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,EAAE,CAAC,CAAC;AAChC,gBAAA,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;AACzC,gBAAA,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;aACzC;SACJ;;AAGD,QAAA,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,GAAG,QAAQ,IAAI,GAAG,CAAC,CAAC;AACzD,QAAA,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAmB,CAAC;;AAGxE,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,KAAK,MAAM,IAAI,MAAM,CAAC,UAAU,IAAI,EAAE,EAAE;AAC9D,YAAA,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC;SAC3B;AAAM,aAAA,IACH,IAAI,CAAC,MAAM,CAAC,UAAU,KAAK,UAAU;AACrC,YAAA,MAAM,CAAC,UAAU,IAAI,EAAE,EACzB;AACE,YAAA,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC;SAC3B;AAED,QAAA,OAAO,MAAM,CAAC;KACjB;AAED;;AAEG;IACK,iBAAiB,GAAA;QACrB,OAAO,GAAG,CAAC;KACd;AAED;;AAEG;AACK,IAAA,kBAAkB,CAAC,GAAQ,EAAA;QAC/B,OAAO,CAAC,EACJ,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC;AAC7B,YAAA,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC;AAC7B,YAAA,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC;AAC7B,YAAA,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAChC,CAAC;KACL;AAED;;AAEG;AACK,IAAA,mBAAmB,CAAC,GAAQ,EAAA;AAIhC,QAAA,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,CAAC;AAElE,QAAA,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,eAAe,EAAE;AACvC,YAAA,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;AAC5B,gBAAA,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;aACrC;SACJ;QAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;KAC1C;AAED;;AAEG;AACK,IAAA,iBAAiB,CAAC,GAAQ,EAAA;AAC9B,QAAA,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,CAAC;AAElE,QAAA,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,aAAa,EAAE;AACtC,YAAA,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE;gBAC7B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;aAC5C;SACJ;QAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;KACxC;AAED;;AAEG;AACK,IAAA,sBAAsB,CAAC,GAAQ,EAAA;QACnC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;;AAG3C,QAAA,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;AACvD,YAAA,OAAO,IAAI,CAAC;SACf;;QAGD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAChC,QAAA,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE;AACnB,YAAA,OAAO,IAAI,CAAC;SACf;;AAGD,QAAA,IACI,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC;AACxC,YAAA,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAC;AACrC,YAAA,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC;AAC7B,YAAA,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAC/B;AACE,YAAA,OAAO,IAAI,CAAC;SACf;AAED,QAAA,OAAO,KAAK,CAAC;KAChB;AAED;;AAEG;AACK,IAAA,oBAAoB,CAAC,GAAQ,EAAA;AACjC,QAAA,OAAO,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;KAC9D;AAED;;AAEG;AACK,IAAA,yBAAyB,CAAC,GAAQ,EAAA;QACtC,MAAM,cAAc,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAEtD,IAAI,CAAC,cAAc,EAAE;AACjB,YAAA,OAAO,KAAK,CAAC;SAChB;;AAGD,QAAA,IACI,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC;YAC7B,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EACvC;AACE,YAAA,OAAO,IAAI,CAAC;SACf;;AAGD,QAAA,IAAI,mBAAmB,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE;AAC1C,YAAA,OAAO,IAAI,CAAC;SACf;AAED,QAAA,OAAO,KAAK,CAAC;KAChB;AAED;;AAEG;AACK,IAAA,sBAAsB,CAAC,GAAQ,EAAA;QACnC,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;;AAGrC,QAAA,IACI,YAAY;AACZ,aAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,YAAY,KAAK,UAAU,CAAC,EACrE;AACE,YAAA,OAAO,IAAI,CAAC;SACf;;AAGD,QAAA,IAAI,MAAM,KAAK,UAAU,EAAE;AACvB,YAAA,OAAO,IAAI,CAAC;SACf;AAED,QAAA,OAAO,KAAK,CAAC;KAChB;AAED;;AAEG;AACK,IAAA,2BAA2B,CAAC,GAAQ,EAAA;AACxC,QAAA,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,CAAC;;QAGnE,OAAO,UAAU,KAAK,YAAY,CAAC;KACtC;AAED;;AAEG;AACK,IAAA,YAAY,CAAC,GAAQ,EAAA;QACzB,OAAO,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;KAC/B;AAED;;AAEG;AACK,IAAA,0BAA0B,CAAC,GAAQ,EAAA;QACvC,OAAO,GAAG,CAAC,OAAO,CAAC,2BAA2B,CAAC,KAAK,GAAG,CAAC;KAC3D;AAED;;AAEG;AACK,IAAA,yBAAyB,CAAC,GAAQ,EAAA;QACtC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;;AAGtD,QAAA,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE;AAC5D,YAAA,OAAO,IAAI,CAAC;SACf;AAED,QAAA,OAAO,KAAK,CAAC;KAChB;AAED;;AAEG;AACK,IAAA,cAAc,CAAC,GAAQ,EAAA;AAC3B,QAAA,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,CAAC;AAElE,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;KACxE;AAED;;AAEG;AACK,IAAA,oBAAoB,CAAC,GAAQ,EAAA;QACjC,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;QAC9C,OAAO,SAAS,CAAC,SAAS,CAAC;KAC9B;AAED;;AAEG;AACK,IAAA,aAAa,CAAC,GAAQ,EAAA;AAC1B,QAAA,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,CAAC;QAElE,OAAO,IAAI,CAAC,MAAM,CAAC,YAAa,CAAC,IAAI,CAAC,CAAC,WAAW,KAAI;AAClD,YAAA,MAAM,OAAO,GAAG,IAAI,MAAM,CACtB,WAAW,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,EAC9C,GAAG,CACN,CAAC;AACF,YAAA,OAAO,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AACnC,SAAC,CAAC,CAAC;KACN;AAED;;AAEG;AACK,IAAA,eAAe,CAAC,GAAQ,EAAA;QAC5B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE3C,QACI,MAAM,KAAK,KAAK;AAChB,YAAA,MAAM,KAAK,kBAAkB;AAC7B,YAAA,MAAM,KAAK,YAAY;YACvB,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,EAC/B;KACL;AAED;;AAEG;AACK,IAAA,iBAAiB,CAAC,GAAQ,EAAA;QAC9B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,0BAA0B,EAAE;AACtD,YAAA,YAAY,EAAE,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC;AAC3C,YAAA,YAAY,EAAE,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC;AAC3C,YAAA,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;AAChD,YAAA,cAAc,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;AAC9C,YAAA,cAAc,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;AAC9C,YAAA,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;AAChC,SAAA,CAAC,CAAC;KACN;AAED;;AAEG;AACK,IAAA,YAAY,CAAC,GAAQ,EAAE,IAAY,EAAE,OAAgB,EAAA;AACzD,QAAA,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;AAExC,QAAA,MAAM,QAAQ,GAAQ;AAClB,YAAA,KAAK,EAAE,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,eAAe;AACjE,YAAA,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;AACnC,YAAA,IAAI,EAAE,iBAAiB;SAC1B,CAAC;QAEF,IAAI,aAAa,EAAE;YACf,QAAQ,CAAC,OAAO,GAAG;AACf,gBAAA,MAAM,EAAE,cAAc;gBACtB,IAAI;gBACJ,OAAO;AACP,gBAAA,SAAS,EAAE,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;aAC/D,CAAC;SACL;AAED,QAAA,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE;YACnB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,+BAA+B,EAAE;gBAC3D,IAAI;gBACJ,OAAO;AACP,gBAAA,SAAS,EAAE,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;AAC/D,aAAA,CAAC,CAAC;SACN;AAED,QAAA,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;KACrD;AAED;;AAEG;AACI,IAAA,YAAY,CAAC,SAAsC,EAAA;AACtD,QAAA,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;KAClD;AAED;;AAEG;IACI,SAAS,GAAA;AACZ,QAAA,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;KAC7B;AACJ;;;;"}
|