UNPKG

@cipherstash/jseql

Version:

Encrypted Query Language JavaScript Library

github.com/cipherstash/jseql

cipherstash/jseql

1 lines 38.5 kB
1
{"version":3,"sources":["../src/index.ts","../src/ffi/index.ts","../../utils/logger/index.ts","../src/ffi/env-check.ts","../src/ffi/payload-helpers.ts","../src/identify/index.ts","../src/eql/index.ts"],"sourcesContent":["import { EqlClient } from './ffi'\n\nexport const eql = (): Promise<EqlClient> => {\n const client = new EqlClient()\n return client.init()\n}\n\nexport type { EqlClient } from './ffi'\nexport * from './cs_plaintext_v1'\nexport * from './identify'\nexport * from './eql'\n","import {\n newClient,\n encrypt as ffiEncrypt,\n decrypt as ffiDecrypt,\n encryptBulk as ffiEncryptBulk,\n decryptBulk as ffiDecryptBulk,\n} from '@cipherstash/jseql-ffi'\nimport { logger } from '../../../utils/logger'\nimport { checkEnvironmentVariables } from './env-check'\nimport {\n normalizeBulkEncryptPayloads,\n normalizeBulkDecryptPayloads,\n normalizeBulkEncryptPayloadsWithLockContext,\n normalizeBulkDecryptPayloadsWithLockContext,\n} from './payload-helpers'\nimport type { LockContext } from '../identify'\n\n// ------------------------\n// Type Definitions\n// ------------------------\nexport type EncryptPayload = string | null\n\nexport type EncryptedPayload = { c: string } | null\n\nexport type BulkEncryptPayload = {\n plaintext: string\n id: string\n}[]\n\nexport type BulkEncryptedData =\n | {\n c: string\n id: string\n }[]\n | null\n\nexport type BulkDecryptedData =\n | ({\n plaintext: string\n id: string\n } | null)[]\n | null\n\nexport type EncryptOptions = {\n column: string\n table: string\n}\n\ntype Client = Awaited<ReturnType<typeof newClient>> | undefined\n\n// ------------------------\n// Reusable functions\n// ------------------------\nconst noClientError = () =>\n new Error(\n 'The EQL client has not been initialized. Please call init() before using the client.',\n )\n\n// ------------------------\n// Encrhyption operation implementations\n// ------------------------\nclass EncryptOperation implements PromiseLike<EncryptedPayload> {\n private client: Client\n private plaintext: EncryptPayload\n private column: string\n private table: string\n\n constructor(client: Client, plaintext: EncryptPayload, opts: EncryptOptions) {\n this.client = client\n this.plaintext = plaintext\n this.column = opts.column\n this.table = opts.table\n }\n\n public withLockContext(\n lockContext: LockContext,\n ): EncryptOperationWithLockContext {\n return new EncryptOperationWithLockContext(this, lockContext)\n }\n\n /** Implement the PromiseLike interface so `await` works. */\n public then<TResult1 = EncryptedPayload, TResult2 = never>(\n onfulfilled?:\n | ((value: EncryptedPayload) => TResult1 | PromiseLike<TResult1>)\n | null,\n // biome-ignore lint/suspicious/noExplicitAny: Rejections require an any type\n onrejected?: ((reason: any) => TResult2 | PromiseLike<TResult2>) | null,\n ): Promise<TResult1 | TResult2> {\n return this.execute().then(onfulfilled, onrejected)\n }\n\n /** Actual encryption logic, deferred until `then()` is called. */\n private async execute(): Promise<EncryptedPayload> {\n if (!this.client) {\n throw noClientError()\n }\n\n if (this.plaintext === null) {\n return null\n }\n\n logger.debug('Encrypting data WITHOUT a lock context', {\n column: this.column,\n table: this.table,\n })\n\n logger.debug('SHOULD NEVER BE LOGGED: Plaintext for encryption')\n\n const val = await ffiEncrypt(this.client, this.plaintext, this.column)\n return { c: val }\n }\n\n public getOperation(): {\n client: Client\n plaintext: EncryptPayload\n column: string\n table: string\n } {\n return {\n client: this.client,\n plaintext: this.plaintext,\n column: this.column,\n table: this.table,\n }\n }\n}\n\nclass EncryptOperationWithLockContext implements PromiseLike<EncryptedPayload> {\n private operation: EncryptOperation\n private lockContext: LockContext\n\n constructor(operation: EncryptOperation, lockContext: LockContext) {\n this.operation = operation\n this.lockContext = lockContext\n }\n\n public then<TResult1 = EncryptedPayload, TResult2 = never>(\n onfulfilled?:\n | ((value: EncryptedPayload) => TResult1 | PromiseLike<TResult1>)\n | null,\n // biome-ignore lint/suspicious/noExplicitAny: Rejections require an any type\n onrejected?: ((reason: any) => TResult2 | PromiseLike<TResult2>) | null,\n ): Promise<TResult1 | TResult2> {\n return this.execute().then(onfulfilled, onrejected)\n }\n\n private async execute(): Promise<EncryptedPayload> {\n const { client, plaintext, column, table } = this.operation.getOperation()\n\n if (!client) {\n throw noClientError()\n }\n\n if (plaintext === null) {\n return null\n }\n\n logger.debug('Encrypting data WITH a lock context')\n\n const context = this.lockContext?.getLockContext()\n\n if (!context?.success) {\n throw new Error(`[jseql]: ${context?.error}`)\n }\n\n logger.debug('SENSITIVE TO BE DELETED: Lock context for encryption', {\n context: context.context,\n ctsToken: context.ctsToken,\n accessToken: context.ctsToken?.accessToken,\n })\n\n const val = await ffiEncrypt(\n client,\n plaintext,\n column,\n context.context,\n context.ctsToken,\n )\n return { c: val }\n }\n}\n\n// ------------------------\n// Decryption operation implementations\n// ------------------------\nclass DecryptOperation implements PromiseLike<string | null> {\n private client: Client\n private encryptedPayload: EncryptedPayload\n\n constructor(client: Client, encryptedPayload: EncryptedPayload) {\n this.client = client\n this.encryptedPayload = encryptedPayload\n }\n\n public withLockContext(\n lockContext: LockContext,\n ): DecryptOperationWithLockContext {\n return new DecryptOperationWithLockContext(this, lockContext)\n }\n\n public then<TResult1 = string | null, TResult2 = never>(\n onfulfilled?:\n | ((value: string | null) => TResult1 | PromiseLike<TResult1>)\n | null,\n // biome-ignore lint/suspicious/noExplicitAny: Rejections require an any type\n onrejected?: ((reason: any) => TResult2 | PromiseLike<TResult2>) | null,\n ): Promise<TResult1 | TResult2> {\n return this.execute().then(onfulfilled, onrejected)\n }\n\n private async execute(): Promise<string | null> {\n if (!this.client) {\n throw noClientError()\n }\n\n if (this.encryptedPayload === null) {\n return null\n }\n\n logger.debug('Decrypting data WITHOUT a lock context')\n\n logger.debug('SHOULD NEVER BE LOGGED: Encrypted payload for decryption')\n\n return await ffiDecrypt(this.client, this.encryptedPayload.c)\n }\n\n public getOperation(): {\n client: Client\n encryptedPayload: EncryptedPayload\n } {\n return {\n client: this.client,\n encryptedPayload: this.encryptedPayload,\n }\n }\n}\n\nclass DecryptOperationWithLockContext implements PromiseLike<string | null> {\n private operation: DecryptOperation\n private lockContext: LockContext\n\n constructor(operation: DecryptOperation, lockContext: LockContext) {\n this.operation = operation\n this.lockContext = lockContext\n }\n\n public then<TResult1 = string | null, TResult2 = never>(\n onfulfilled?:\n | ((value: string | null) => TResult1 | PromiseLike<TResult1>)\n | null,\n // biome-ignore lint/suspicious/noExplicitAny: Rejections require an any type\n onrejected?: ((reason: any) => TResult2 | PromiseLike<TResult2>) | null,\n ): Promise<TResult1 | TResult2> {\n return this.execute().then(onfulfilled, onrejected)\n }\n\n private async execute(): Promise<string | null> {\n const { client, encryptedPayload } = this.operation.getOperation()\n\n if (!client) {\n throw noClientError()\n }\n\n if (encryptedPayload === null) {\n return null\n }\n\n logger.debug('Decrypting data WITH a lock context')\n\n const context = this.lockContext?.getLockContext()\n\n if (!context?.success) {\n throw new Error(`[jseql]: ${context?.error}`)\n }\n\n logger.debug('SENSITIVE TO BE DELETED: Lock context for decryption', {\n context: context.context,\n ctsToken: context.ctsToken,\n accessToken: context.ctsToken?.accessToken,\n })\n\n return await ffiDecrypt(\n client,\n encryptedPayload.c,\n context.context,\n context.ctsToken,\n )\n }\n}\n\n// ------------------------\n// Bulk Encryption operation implementations\n// ------------------------\nclass BulkEncryptOperation implements PromiseLike<BulkEncryptedData> {\n private client: Client\n private plaintexts: BulkEncryptPayload\n private column: string\n private table: string\n\n constructor(\n client: Client,\n plaintexts: BulkEncryptPayload,\n opts: EncryptOptions,\n ) {\n this.client = client\n this.plaintexts = plaintexts\n this.column = opts.column\n this.table = opts.table\n }\n\n public withLockContext(\n lockContext: LockContext,\n ): BulkEncryptOperationWithLockContext {\n return new BulkEncryptOperationWithLockContext(this, lockContext)\n }\n\n public then<TResult1 = BulkEncryptedData, TResult2 = never>(\n onfulfilled?:\n | ((value: BulkEncryptedData) => TResult1 | PromiseLike<TResult1>)\n | null,\n // biome-ignore lint/suspicious/noExplicitAny: Rejections require an any type\n onrejected?: ((reason: any) => TResult2 | PromiseLike<TResult2>) | null,\n ): Promise<TResult1 | TResult2> {\n return this.execute().then(onfulfilled, onrejected)\n }\n\n private async execute(): Promise<BulkEncryptedData> {\n if (!this.client) {\n throw noClientError()\n }\n\n if (!this.plaintexts || this.plaintexts.length === 0) {\n return null\n }\n\n const encryptPayloads = normalizeBulkEncryptPayloads(\n this.plaintexts,\n this.column,\n )\n\n logger.debug('Bulk encrypting data WITHOUT a lock context', {\n column: this.column,\n table: this.table,\n })\n\n logger.debug('SHOULD NEVER BE LOGGED: Plaintexts for bulk encryption')\n\n const encryptedData = await ffiEncryptBulk(this.client, encryptPayloads)\n return encryptedData.map((enc, index) => ({\n c: enc,\n id: this.plaintexts[index].id,\n }))\n }\n\n public getOperation(): {\n client: Client\n plaintexts: BulkEncryptPayload\n column: string\n table: string\n } {\n return {\n client: this.client,\n plaintexts: this.plaintexts,\n column: this.column,\n table: this.table,\n }\n }\n}\n\nclass BulkEncryptOperationWithLockContext\n implements PromiseLike<BulkEncryptedData>\n{\n private operation: BulkEncryptOperation\n private lockContext: LockContext\n\n constructor(operation: BulkEncryptOperation, lockContext: LockContext) {\n this.operation = operation\n this.lockContext = lockContext\n }\n\n public then<TResult1 = BulkEncryptedData, TResult2 = never>(\n onfulfilled?:\n | ((value: BulkEncryptedData) => TResult1 | PromiseLike<TResult1>)\n | null,\n // biome-ignore lint/suspicious/noExplicitAny: Rejections require an any type\n onrejected?: ((reason: any) => TResult2 | PromiseLike<TResult2>) | null,\n ): Promise<TResult1 | TResult2> {\n return this.execute().then(onfulfilled, onrejected)\n }\n\n private async execute(): Promise<BulkEncryptedData> {\n const { client, plaintexts, column, table } = this.operation.getOperation()\n\n if (!client) {\n throw noClientError()\n }\n\n if (!plaintexts || plaintexts.length === 0) {\n return null\n }\n\n const encryptPayloads = normalizeBulkEncryptPayloadsWithLockContext(\n plaintexts,\n column,\n this.lockContext,\n )\n\n logger.debug('Bulk encrypting data WITH a lock context', {\n column,\n table,\n })\n\n const context = this.lockContext.getLockContext()\n\n if (!context.success) {\n throw new Error(`[jseql]: ${context?.error}`)\n }\n\n logger.debug('SENSITIVE TO BE DELETED: Lock context for bulk encryption', {\n context: context.context,\n ctsToken: context.ctsToken,\n accessToken: context.ctsToken?.accessToken,\n })\n\n const encryptedData = await ffiEncryptBulk(\n client,\n encryptPayloads,\n context.ctsToken,\n )\n\n return encryptedData.map((enc, index) => ({\n c: enc,\n id: plaintexts[index].id,\n }))\n }\n}\n\n// ------------------------\n// Bulk Decryption operation implementations\n// ------------------------\nclass BulkDecryptOperation implements PromiseLike<BulkDecryptedData> {\n private client: Client\n private encryptedPayloads: BulkEncryptedData\n\n constructor(client: Client, encryptedPayloads: BulkEncryptedData) {\n this.client = client\n this.encryptedPayloads = encryptedPayloads\n }\n\n public withLockContext(\n lockContext: LockContext,\n ): BulkDecryptOperationWithLockContext {\n return new BulkDecryptOperationWithLockContext(this, lockContext)\n }\n\n public then<TResult1 = BulkDecryptedData, TResult2 = never>(\n onfulfilled?:\n | ((value: BulkDecryptedData) => TResult1 | PromiseLike<TResult1>)\n | null,\n // biome-ignore lint/suspicious/noExplicitAny: Rejections require an any type\n onrejected?: ((reason: any) => TResult2 | PromiseLike<TResult2>) | null,\n ): Promise<TResult1 | TResult2> {\n return this.execute().then(onfulfilled, onrejected)\n }\n\n private async execute(): Promise<BulkDecryptedData> {\n if (!this.client) {\n throw noClientError()\n }\n\n if (!this.encryptedPayloads) {\n return null\n }\n\n const decryptPayloads = normalizeBulkDecryptPayloads(this.encryptedPayloads)\n\n if (!decryptPayloads) {\n return null\n }\n\n logger.debug('Bulk decrypting data WITHOUT a lock context')\n\n logger.debug(\n 'SHOULD NEVER BE LOGGED: Encrypted payloads for bulk decryption',\n )\n\n const decryptedData = await ffiDecryptBulk(this.client, decryptPayloads)\n return decryptedData.map((dec, index) => {\n if (!this.encryptedPayloads) return null\n return {\n plaintext: dec,\n id: this.encryptedPayloads[index].id,\n }\n })\n }\n\n public getOperation(): {\n client: Client\n encryptedPayloads: BulkEncryptedData\n } {\n return {\n client: this.client,\n encryptedPayloads: this.encryptedPayloads,\n }\n }\n}\n\nclass BulkDecryptOperationWithLockContext\n implements PromiseLike<BulkDecryptedData>\n{\n private operation: BulkDecryptOperation\n private lockContext: LockContext\n\n constructor(operation: BulkDecryptOperation, lockContext: LockContext) {\n this.operation = operation\n this.lockContext = lockContext\n }\n\n public then<TResult1 = BulkDecryptedData, TResult2 = never>(\n onfulfilled?:\n | ((value: BulkDecryptedData) => TResult1 | PromiseLike<TResult1>)\n | null,\n // biome-ignore lint/suspicious/noExplicitAny: Rejections require an any type\n onrejected?: ((reason: any) => TResult2 | PromiseLike<TResult2>) | null,\n ): Promise<TResult1 | TResult2> {\n return this.execute().then(onfulfilled, onrejected)\n }\n\n private async execute(): Promise<BulkDecryptedData> {\n const { client, encryptedPayloads } = this.operation.getOperation()\n\n if (!client) {\n throw noClientError()\n }\n\n if (!encryptedPayloads) {\n return null\n }\n\n const decryptPayloads = normalizeBulkDecryptPayloadsWithLockContext(\n encryptedPayloads,\n this.lockContext,\n )\n\n if (!decryptPayloads) {\n return null\n }\n\n logger.debug('Bulk decrypting data WITH a lock context')\n\n const context = this.lockContext.getLockContext()\n\n if (!context.success) {\n throw new Error(`[jseql]: ${context?.error}`)\n }\n\n logger.debug('SENSITIVE TO BE DELETED: Lock context for bulk decryption', {\n context: context.context,\n ctsToken: context.ctsToken,\n accessToken: context.ctsToken?.accessToken,\n })\n\n const decryptedData = await ffiDecryptBulk(\n client,\n decryptPayloads,\n context.ctsToken,\n )\n\n return decryptedData.map((dec, index) => {\n if (!encryptedPayloads) return null\n return {\n plaintext: dec,\n id: encryptedPayloads[index].id,\n }\n })\n }\n}\n\n// ------------------------\n// Main EQL Client\n// ------------------------\nexport class EqlClient {\n private client: Client\n private workspaceId: string | undefined\n\n constructor() {\n checkEnvironmentVariables()\n\n logger.info(\n 'Successfully initialized the EQL client with your defined environment variables.',\n )\n\n this.workspaceId = process.env.CS_WORKSPACE_ID\n }\n\n async init(): Promise<EqlClient> {\n const c = await newClient()\n this.client = c\n return this\n }\n\n /**\n * Encryption - returns a thenable object.\n * Usage:\n * await eqlClient.encrypt(plaintext, { column, table })\n * await eqlClient.encrypt(plaintext, { column, table }).withLockContext(lockContext)\n */\n encrypt(plaintext: EncryptPayload, opts: EncryptOptions): EncryptOperation {\n if (!this.client) {\n throw noClientError()\n }\n\n return new EncryptOperation(this.client, plaintext, opts)\n }\n\n /**\n * Decryption - returns a thenable object.\n * Usage:\n * await eqlClient.decrypt(encryptedPayload)\n * await eqlClient.decrypt(encryptedPayload).withLockContext(lockContext)\n */\n decrypt(encryptedPayload: EncryptedPayload): DecryptOperation {\n if (!this.client) {\n throw noClientError()\n }\n\n return new DecryptOperation(this.client, encryptedPayload)\n }\n\n /**\n * Bulk Encrypt - returns a thenable object.\n * Usage:\n * await eqlClient.bulkEncrypt([{ plaintext, id }, ...], { column, table })\n * await eqlClient\n * .bulkEncrypt([{ plaintext, id }, ...], { column, table })\n * .withLockContext(lockContext)\n */\n bulkEncrypt(\n plaintexts: BulkEncryptPayload,\n opts: EncryptOptions,\n ): BulkEncryptOperation {\n if (!this.client) {\n throw noClientError()\n }\n\n return new BulkEncryptOperation(this.client, plaintexts, opts)\n }\n\n /**\n * Bulk Decrypt - returns a thenable object.\n * Usage:\n * await eqlClient.bulkDecrypt(encryptedPayloads)\n * await eqlClient.bulkDecrypt(encryptedPayloads).withLockContext(lockContext)\n */\n bulkDecrypt(encryptedPayloads: BulkEncryptedData): BulkDecryptOperation {\n if (!this.client) {\n throw noClientError()\n }\n\n return new BulkDecryptOperation(this.client, encryptedPayloads)\n }\n\n /** e.g., debugging or environment info */\n clientInfo() {\n return {\n workspaceId: this.workspaceId,\n }\n }\n}\n","function getLevelValue(level: string): number {\n switch (level) {\n case 'debug':\n return 10\n case 'info':\n return 20\n case 'error':\n return 30\n default:\n return 30 // default to error level\n }\n}\n\nconst envLogLevel = process.env.JSEQL_LOG_LEVEL || 'info'\nconst currentLevel = getLevelValue(envLogLevel)\n\nfunction debug(...args: unknown[]): void {\n if (currentLevel <= getLevelValue('debug')) {\n console.debug('[jseql] DEBUG', ...args)\n }\n}\n\nfunction info(...args: unknown[]): void {\n if (currentLevel <= getLevelValue('info')) {\n console.info('[jseql] INFO', ...args)\n }\n}\n\nfunction error(...args: unknown[]): void {\n if (currentLevel <= getLevelValue('error')) {\n console.error('[jseql] ERROR', ...args)\n }\n}\n\nexport const logger = {\n debug,\n info,\n error,\n}\n","import { logger } from '../../../utils/logger'\n\nlet message = ''\nconst errorMessage = (message: string) => `Initialization error: ${message}`\n\nexport const checkEnvironmentVariables = () => {\n if (!process.env.CS_WORKSPACE_ID) {\n message = errorMessage(\n 'The environment variable \"CS_WORKSPACE_ID\" must be set. You can find your workspace ID in the CipherStash dashboard.',\n )\n\n logger.error(message)\n throw new Error(`[jseql]: ${message}`)\n }\n\n if (!process.env.CS_CLIENT_ID || !process.env.CS_CLIENT_KEY) {\n message = errorMessage(\n 'The environment variables \"CS_CLIENT_ID\" and \"CS_CLIENT_KEY\" must be set. You must use the CipherStash CLI to generate a new client key pair.',\n )\n\n logger.error(message)\n throw new Error(`[jseql]: ${message}`)\n }\n\n if (!process.env.CS_CLIENT_ACCESS_KEY) {\n message = errorMessage(\n 'The environment variable \"CS_CLIENT_ACCESS_KEY\" must be set. Generate a new access token in the CipherStash dashboard or CLI.',\n )\n\n logger.error(message)\n throw new Error(`[jseql]: ${message}`)\n }\n}\n","import type {\n BulkEncryptPayload as InternalBulkEncryptPayload,\n BulkDecryptPayload as InternalBulkDecryptPayload,\n} from '@cipherstash/jseql-ffi'\n\nimport type { BulkEncryptPayload, BulkEncryptedData } from './index'\nimport type { LockContext } from '../identify'\n\nconst getLockContextPayload = (lockContext: LockContext) => {\n const context = lockContext.getLockContext()\n\n if (!context.ctsToken?.accessToken) {\n throw new Error(\n '[jseql]: LockContext must be initialized with a valid CTS token before using it.',\n )\n }\n\n return {\n lockContext: context.context,\n }\n}\n\nexport const normalizeBulkDecryptPayloads = (\n encryptedPayloads: BulkEncryptedData,\n) =>\n encryptedPayloads?.reduce((acc, encryptedPayload) => {\n const payload = {\n ciphertext: encryptedPayload.c,\n }\n\n acc.push(payload)\n return acc\n }, [] as InternalBulkDecryptPayload[])\n\nexport const normalizeBulkEncryptPayloads = (\n plaintexts: BulkEncryptPayload,\n column: string,\n) =>\n plaintexts.reduce((acc, plaintext) => {\n const payload = {\n plaintext: plaintext.plaintext,\n column,\n }\n\n acc.push(payload)\n return acc\n }, [] as InternalBulkEncryptPayload[])\n\nexport const normalizeBulkDecryptPayloadsWithLockContext = (\n encryptedPayloads: BulkEncryptedData,\n lockContext: LockContext,\n) =>\n encryptedPayloads?.reduce((acc, encryptedPayload) => {\n const payload = {\n ciphertext: encryptedPayload.c,\n ...getLockContextPayload(lockContext),\n }\n\n acc.push(payload)\n return acc\n }, [] as InternalBulkDecryptPayload[])\n\nexport const normalizeBulkEncryptPayloadsWithLockContext = (\n plaintexts: BulkEncryptPayload,\n column: string,\n lockContext: LockContext,\n) =>\n plaintexts.reduce((acc, plaintext) => {\n const payload = {\n plaintext: plaintext.plaintext,\n column,\n ...getLockContextPayload(lockContext),\n }\n\n acc.push(payload)\n return acc\n }, [] as InternalBulkEncryptPayload[])\n","import { logger } from '../../../utils/logger'\n\nexport type CtsRegions = 'ap-southeast-2'\n\nexport type IdentifyOptions = {\n fetchFromCts?: boolean\n}\n\nexport type CtsToken = {\n accessToken: string\n expiry: number\n}\n\nexport type Context = {\n identityClaim: string[]\n}\n\nexport type LockContextOptions = {\n context?: Context\n ctsToken?: CtsToken\n}\n\nexport type GetLockContextResponse =\n | {\n success: boolean\n error: string\n ctsToken?: never\n context?: never\n }\n | {\n success: boolean\n error?: never\n ctsToken: CtsToken\n context: Context\n }\n\nexport class LockContext {\n private ctsToken: CtsToken | undefined\n private workspaceId: string\n private context: Context\n\n constructor({\n context = { identityClaim: ['sub'] },\n ctsToken,\n }: LockContextOptions = {}) {\n if (!process.env.CS_WORKSPACE_ID) {\n const errorMessage =\n 'CS_WORKSPACE_ID environment variable is not set, and is required to initialize a LockContext.'\n logger.error(errorMessage)\n throw new Error(`[jseql]: ${errorMessage}`)\n }\n\n if (ctsToken) {\n this.ctsToken = ctsToken\n }\n\n this.workspaceId = process.env.CS_WORKSPACE_ID\n this.context = context\n logger.debug('Successfully initialized the EQL lock context.')\n }\n\n async identify(jwtToken: string): Promise<LockContext> {\n const workspaceId = this.workspaceId\n\n const ctsEndoint =\n process.env.CS_CTS_ENDPOINT ||\n 'https://ap-southeast-2.aws.auth.viturhosted.net'\n\n const ctsResponse = await fetch(`${ctsEndoint}/api/authorize`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n workspaceId,\n oidcToken: jwtToken,\n }),\n })\n\n if (!ctsResponse.ok) {\n throw new Error(\n `[jseql]: Failed to fetch CTS token: ${ctsResponse.statusText}`,\n )\n }\n\n const ctsToken = (await ctsResponse.json()) as CtsToken\n\n if (!ctsToken.accessToken) {\n const errorMessage =\n 'The response from the CipherStash API did not contain an access token. Please contact support.'\n logger.error(errorMessage)\n throw new Error(errorMessage)\n }\n\n this.ctsToken = ctsToken\n return this\n }\n\n getLockContext(): GetLockContextResponse {\n if (!this.ctsToken?.accessToken && !this.ctsToken?.expiry) {\n return {\n success: false,\n error:\n 'The CTS token is not set. Please call identify() with a users JWT token, or pass an existing CTS token to the LockContext constructor before calling getLockContext().',\n }\n }\n\n return {\n success: true,\n context: this.context,\n ctsToken: this.ctsToken,\n }\n }\n}\n","import type {\n CsPlaintextV1Schema,\n ForQuery,\n SchemaVersion,\n Table,\n Column,\n Plaintext,\n} from '../cs_plaintext_v1'\nimport { logger } from '../../../utils/logger'\n\nexport type CreateEqlPayload = {\n plaintext: Plaintext\n table: Table\n column: Column\n schemaVersion?: SchemaVersion\n queryType?: ForQuery | null\n}\n\nexport type Result = {\n failure?: boolean\n error?: Error\n plaintext?: Plaintext\n}\n\nexport const createEqlPayload = ({\n plaintext,\n table,\n column,\n schemaVersion = 1,\n queryType = null,\n}: CreateEqlPayload): CsPlaintextV1Schema => {\n const payload: CsPlaintextV1Schema = {\n v: schemaVersion,\n k: 'pt',\n p: plaintext ?? '',\n i: {\n t: table,\n c: column,\n },\n }\n\n if (queryType) {\n payload.q = queryType\n }\n\n logger.debug('Creating the EQL payload', payload)\n return payload\n}\n\nexport const getPlaintext = (payload: CsPlaintextV1Schema): Result => {\n if (payload?.p && payload?.k === 'pt') {\n logger.debug('Returning the plaintext data from the EQL payload', payload)\n return {\n failure: false,\n plaintext: payload.p,\n }\n }\n\n logger.error('No plaintext data found in the EQL payload', payload ?? {})\n return {\n failure: true,\n error: new Error('No plaintext data found in the EQL payload'),\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,uBAMO;;;ACNP,SAAS,cAAc,OAAuB;AAC5C,UAAQ,OAAO;AAAA,IACb,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT;AACE,aAAO;AAAA,EACX;AACF;AAEA,IAAM,cAAc,QAAQ,IAAI,mBAAmB;AACnD,IAAM,eAAe,cAAc,WAAW;AAE9C,SAAS,SAAS,MAAuB;AACvC,MAAI,gBAAgB,cAAc,OAAO,GAAG;AAC1C,YAAQ,MAAM,iBAAiB,GAAG,IAAI;AAAA,EACxC;AACF;AAEA,SAAS,QAAQ,MAAuB;AACtC,MAAI,gBAAgB,cAAc,MAAM,GAAG;AACzC,YAAQ,KAAK,gBAAgB,GAAG,IAAI;AAAA,EACtC;AACF;AAEA,SAAS,SAAS,MAAuB;AACvC,MAAI,gBAAgB,cAAc,OAAO,GAAG;AAC1C,YAAQ,MAAM,iBAAiB,GAAG,IAAI;AAAA,EACxC;AACF;AAEO,IAAM,SAAS;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AACF;;;ACpCA,IAAI,UAAU;AACd,IAAM,eAAe,CAACA,aAAoB,yBAAyBA,QAAO;AAEnE,IAAM,4BAA4B,MAAM;AAC7C,MAAI,CAAC,QAAQ,IAAI,iBAAiB;AAChC,cAAU;AAAA,MACR;AAAA,IACF;AAEA,WAAO,MAAM,OAAO;AACpB,UAAM,IAAI,MAAM,YAAY,OAAO,EAAE;AAAA,EACvC;AAEA,MAAI,CAAC,QAAQ,IAAI,gBAAgB,CAAC,QAAQ,IAAI,eAAe;AAC3D,cAAU;AAAA,MACR;AAAA,IACF;AAEA,WAAO,MAAM,OAAO;AACpB,UAAM,IAAI,MAAM,YAAY,OAAO,EAAE;AAAA,EACvC;AAEA,MAAI,CAAC,QAAQ,IAAI,sBAAsB;AACrC,cAAU;AAAA,MACR;AAAA,IACF;AAEA,WAAO,MAAM,OAAO;AACpB,UAAM,IAAI,MAAM,YAAY,OAAO,EAAE;AAAA,EACvC;AACF;;;ACxBA,IAAM,wBAAwB,CAAC,gBAA6B;AAC1D,QAAM,UAAU,YAAY,eAAe;AAE3C,MAAI,CAAC,QAAQ,UAAU,aAAa;AAClC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,aAAa,QAAQ;AAAA,EACvB;AACF;AAEO,IAAM,+BAA+B,CAC1C,sBAEA,mBAAmB,OAAO,CAAC,KAAK,qBAAqB;AACnD,QAAM,UAAU;AAAA,IACd,YAAY,iBAAiB;AAAA,EAC/B;AAEA,MAAI,KAAK,OAAO;AAChB,SAAO;AACT,GAAG,CAAC,CAAiC;AAEhC,IAAM,+BAA+B,CAC1C,YACA,WAEA,WAAW,OAAO,CAAC,KAAK,cAAc;AACpC,QAAM,UAAU;AAAA,IACd,WAAW,UAAU;AAAA,IACrB;AAAA,EACF;AAEA,MAAI,KAAK,OAAO;AAChB,SAAO;AACT,GAAG,CAAC,CAAiC;AAEhC,IAAM,8CAA8C,CACzD,mBACA,gBAEA,mBAAmB,OAAO,CAAC,KAAK,qBAAqB;AACnD,QAAM,UAAU;AAAA,IACd,YAAY,iBAAiB;AAAA,IAC7B,GAAG,sBAAsB,WAAW;AAAA,EACtC;AAEA,MAAI,KAAK,OAAO;AAChB,SAAO;AACT,GAAG,CAAC,CAAiC;AAEhC,IAAM,8CAA8C,CACzD,YACA,QACA,gBAEA,WAAW,OAAO,CAAC,KAAK,cAAc;AACpC,QAAM,UAAU;AAAA,IACd,WAAW,UAAU;AAAA,IACrB;AAAA,IACA,GAAG,sBAAsB,WAAW;AAAA,EACtC;AAEA,MAAI,KAAK,OAAO;AAChB,SAAO;AACT,GAAG,CAAC,CAAiC;;;AHvBvC,IAAM,gBAAgB,MACpB,IAAI;AAAA,EACF;AACF;AAKF,IAAM,mBAAN,MAAgE;AAAA,EACtD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,YAAY,QAAgB,WAA2B,MAAsB;AAC3E,SAAK,SAAS;AACd,SAAK,YAAY;AACjB,SAAK,SAAS,KAAK;AACnB,SAAK,QAAQ,KAAK;AAAA,EACpB;AAAA,EAEO,gBACL,aACiC;AACjC,WAAO,IAAI,gCAAgC,MAAM,WAAW;AAAA,EAC9D;AAAA;AAAA,EAGO,KACL,aAIA,YAC8B;AAC9B,WAAO,KAAK,QAAQ,EAAE,KAAK,aAAa,UAAU;AAAA,EACpD;AAAA;AAAA,EAGA,MAAc,UAAqC;AACjD,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,cAAc;AAAA,IACtB;AAEA,QAAI,KAAK,cAAc,MAAM;AAC3B,aAAO;AAAA,IACT;AAEA,WAAO,MAAM,0CAA0C;AAAA,MACrD,QAAQ,KAAK;AAAA,MACb,OAAO,KAAK;AAAA,IACd,CAAC;AAED,WAAO,MAAM,kDAAkD;AAE/D,UAAM,MAAM,UAAM,iBAAAC,SAAW,KAAK,QAAQ,KAAK,WAAW,KAAK,MAAM;AACrE,WAAO,EAAE,GAAG,IAAI;AAAA,EAClB;AAAA,EAEO,eAKL;AACA,WAAO;AAAA,MACL,QAAQ,KAAK;AAAA,MACb,WAAW,KAAK;AAAA,MAChB,QAAQ,KAAK;AAAA,MACb,OAAO,KAAK;AAAA,IACd;AAAA,EACF;AACF;AAEA,IAAM,kCAAN,MAA+E;AAAA,EACrE;AAAA,EACA;AAAA,EAER,YAAY,WAA6B,aAA0B;AACjE,SAAK,YAAY;AACjB,SAAK,cAAc;AAAA,EACrB;AAAA,EAEO,KACL,aAIA,YAC8B;AAC9B,WAAO,KAAK,QAAQ,EAAE,KAAK,aAAa,UAAU;AAAA,EACpD;AAAA,EAEA,MAAc,UAAqC;AACjD,UAAM,EAAE,QAAQ,WAAW,QAAQ,MAAM,IAAI,KAAK,UAAU,aAAa;AAEzE,QAAI,CAAC,QAAQ;AACX,YAAM,cAAc;AAAA,IACtB;AAEA,QAAI,cAAc,MAAM;AACtB,aAAO;AAAA,IACT;AAEA,WAAO,MAAM,qCAAqC;AAElD,UAAM,UAAU,KAAK,aAAa,eAAe;AAEjD,QAAI,CAAC,SAAS,SAAS;AACrB,YAAM,IAAI,MAAM,YAAY,SAAS,KAAK,EAAE;AAAA,IAC9C;AAEA,WAAO,MAAM,wDAAwD;AAAA,MACnE,SAAS,QAAQ;AAAA,MACjB,UAAU,QAAQ;AAAA,MAClB,aAAa,QAAQ,UAAU;AAAA,IACjC,CAAC;AAED,UAAM,MAAM,UAAM,iBAAAA;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV;AACA,WAAO,EAAE,GAAG,IAAI;AAAA,EAClB;AACF;AAKA,IAAM,mBAAN,MAA6D;AAAA,EACnD;AAAA,EACA;AAAA,EAER,YAAY,QAAgB,kBAAoC;AAC9D,SAAK,SAAS;AACd,SAAK,mBAAmB;AAAA,EAC1B;AAAA,EAEO,gBACL,aACiC;AACjC,WAAO,IAAI,gCAAgC,MAAM,WAAW;AAAA,EAC9D;AAAA,EAEO,KACL,aAIA,YAC8B;AAC9B,WAAO,KAAK,QAAQ,EAAE,KAAK,aAAa,UAAU;AAAA,EACpD;AAAA,EAEA,MAAc,UAAkC;AAC9C,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,cAAc;AAAA,IACtB;AAEA,QAAI,KAAK,qBAAqB,MAAM;AAClC,aAAO;AAAA,IACT;AAEA,WAAO,MAAM,wCAAwC;AAErD,WAAO,MAAM,0DAA0D;AAEvE,WAAO,UAAM,iBAAAC,SAAW,KAAK,QAAQ,KAAK,iBAAiB,CAAC;AAAA,EAC9D;AAAA,EAEO,eAGL;AACA,WAAO;AAAA,MACL,QAAQ,KAAK;AAAA,MACb,kBAAkB,KAAK;AAAA,IACzB;AAAA,EACF;AACF;AAEA,IAAM,kCAAN,MAA4E;AAAA,EAClE;AAAA,EACA;AAAA,EAER,YAAY,WAA6B,aAA0B;AACjE,SAAK,YAAY;AACjB,SAAK,cAAc;AAAA,EACrB;AAAA,EAEO,KACL,aAIA,YAC8B;AAC9B,WAAO,KAAK,QAAQ,EAAE,KAAK,aAAa,UAAU;AAAA,EACpD;AAAA,EAEA,MAAc,UAAkC;AAC9C,UAAM,EAAE,QAAQ,iBAAiB,IAAI,KAAK,UAAU,aAAa;AAEjE,QAAI,CAAC,QAAQ;AACX,YAAM,cAAc;AAAA,IACtB;AAEA,QAAI,qBAAqB,MAAM;AAC7B,aAAO;AAAA,IACT;AAEA,WAAO,MAAM,qCAAqC;AAElD,UAAM,UAAU,KAAK,aAAa,eAAe;AAEjD,QAAI,CAAC,SAAS,SAAS;AACrB,YAAM,IAAI,MAAM,YAAY,SAAS,KAAK,EAAE;AAAA,IAC9C;AAEA,WAAO,MAAM,wDAAwD;AAAA,MACnE,SAAS,QAAQ;AAAA,MACjB,UAAU,QAAQ;AAAA,MAClB,aAAa,QAAQ,UAAU;AAAA,IACjC,CAAC;AAED,WAAO,UAAM,iBAAAA;AAAA,MACX;AAAA,MACA,iBAAiB;AAAA,MACjB,QAAQ;AAAA,MACR,QAAQ;AAAA,IACV;AAAA,EACF;AACF;AAKA,IAAM,uBAAN,MAAqE;AAAA,EAC3D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,YACE,QACA,YACA,MACA;AACA,SAAK,SAAS;AACd,SAAK,aAAa;AAClB,SAAK,SAAS,KAAK;AACnB,SAAK,QAAQ,KAAK;AAAA,EACpB;AAAA,EAEO,gBACL,aACqC;AACrC,WAAO,IAAI,oCAAoC,MAAM,WAAW;AAAA,EAClE;AAAA,EAEO,KACL,aAIA,YAC8B;AAC9B,WAAO,KAAK,QAAQ,EAAE,KAAK,aAAa,UAAU;AAAA,EACpD;AAAA,EAEA,MAAc,UAAsC;AAClD,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,cAAc;AAAA,IACtB;AAEA,QAAI,CAAC,KAAK,cAAc,KAAK,WAAW,WAAW,GAAG;AACpD,aAAO;AAAA,IACT;AAEA,UAAM,kBAAkB;AAAA,MACtB,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAEA,WAAO,MAAM,+CAA+C;AAAA,MAC1D,QAAQ,KAAK;AAAA,MACb,OAAO,KAAK;AAAA,IACd,CAAC;AAED,WAAO,MAAM,wDAAwD;AAErE,UAAM,gBAAgB,UAAM,iBAAAC,aAAe,KAAK,QAAQ,eAAe;AACvE,WAAO,cAAc,IAAI,CAAC,KAAK,WAAW;AAAA,MACxC,GAAG;AAAA,MACH,IAAI,KAAK,WAAW,KAAK,EAAE;AAAA,IAC7B,EAAE;AAAA,EACJ;AAAA,EAEO,eAKL;AACA,WAAO;AAAA,MACL,QAAQ,KAAK;AAAA,MACb,YAAY,KAAK;AAAA,MACjB,QAAQ,KAAK;AAAA,MACb,OAAO,KAAK;AAAA,IACd;AAAA,EACF;AACF;AAEA,IAAM,sCAAN,MAEA;AAAA,EACU;AAAA,EACA;AAAA,EAER,YAAY,WAAiC,aAA0B;AACrE,SAAK,YAAY;AACjB,SAAK,cAAc;AAAA,EACrB;AAAA,EAEO,KACL,aAIA,YAC8B;AAC9B,WAAO,KAAK,QAAQ,EAAE,KAAK,aAAa,UAAU;AAAA,EACpD;AAAA,EAEA,MAAc,UAAsC;AAClD,UAAM,EAAE,QAAQ,YAAY,QAAQ,MAAM,IAAI,KAAK,UAAU,aAAa;AAE1E,QAAI,CAAC,QAAQ;AACX,YAAM,cAAc;AAAA,IACtB;AAEA,QAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,aAAO;AAAA,IACT;AAEA,UAAM,kBAAkB;AAAA,MACtB;AAAA,MACA;AAAA,MACA,KAAK;AAAA,IACP;AAEA,WAAO,MAAM,4CAA4C;AAAA,MACvD;AAAA,MACA;AAAA,IACF,CAAC;AAED,UAAM,UAAU,KAAK,YAAY,eAAe;AAEhD,QAAI,CAAC,QAAQ,SAAS;AACpB,YAAM,IAAI,MAAM,YAAY,SAAS,KAAK,EAAE;AAAA,IAC9C;AAEA,WAAO,MAAM,6DAA6D;AAAA,MACxE,SAAS,QAAQ;AAAA,MACjB,UAAU,QAAQ;AAAA,MAClB,aAAa,QAAQ,UAAU;AAAA,IACjC,CAAC;AAED,UAAM,gBAAgB,UAAM,iBAAAA;AAAA,MAC1B;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAEA,WAAO,cAAc,IAAI,CAAC,KAAK,WAAW;AAAA,MACxC,GAAG;AAAA,MACH,IAAI,WAAW,KAAK,EAAE;AAAA,IACxB,EAAE;AAAA,EACJ;AACF;AAKA,IAAM,uBAAN,MAAqE;AAAA,EAC3D;AAAA,EACA;AAAA,EAER,YAAY,QAAgB,mBAAsC;AAChE,SAAK,SAAS;AACd,SAAK,oBAAoB;AAAA,EAC3B;AAAA,EAEO,gBACL,aACqC;AACrC,WAAO,IAAI,oCAAoC,MAAM,WAAW;AAAA,EAClE;AAAA,EAEO,KACL,aAIA,YAC8B;AAC9B,WAAO,KAAK,QAAQ,EAAE,KAAK,aAAa,UAAU;AAAA,EACpD;AAAA,EAEA,MAAc,UAAsC;AAClD,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,cAAc;AAAA,IACtB;AAEA,QAAI,CAAC,KAAK,mBAAmB;AAC3B,aAAO;AAAA,IACT;AAEA,UAAM,kBAAkB,6BAA6B,KAAK,iBAAiB;AAE3E,QAAI,CAAC,iBAAiB;AACpB,aAAO;AAAA,IACT;AAEA,WAAO,MAAM,6CAA6C;AAE1D,WAAO;AAAA,MACL;AAAA,IACF;AAEA,UAAM,gBAAgB,UAAM,iBAAAC,aAAe,KAAK,QAAQ,eAAe;AACvE,WAAO,cAAc,IAAI,CAAC,KAAK,UAAU;AACvC,UAAI,CAAC,KAAK,kBAAmB,QAAO;AACpC,aAAO;AAAA,QACL,WAAW;AAAA,QACX,IAAI,KAAK,kBAAkB,KAAK,EAAE;AAAA,MACpC;AAAA,IACF,CAAC;AAAA,EACH;AAAA,EAEO,eAGL;AACA,WAAO;AAAA,MACL,QAAQ,KAAK;AAAA,MACb,mBAAmB,KAAK;AAAA,IAC1B;AAAA,EACF;AACF;AAEA,IAAM,sCAAN,MAEA;AAAA,EACU;AAAA,EACA;AAAA,EAER,YAAY,WAAiC,aAA0B;AACrE,SAAK,YAAY;AACjB,SAAK,cAAc;AAAA,EACrB;AAAA,EAEO,KACL,aAIA,YAC8B;AAC9B,WAAO,KAAK,QAAQ,EAAE,KAAK,aAAa,UAAU;AAAA,EACpD;AAAA,EAEA,MAAc,UAAsC;AAClD,UAAM,EAAE,QAAQ,kBAAkB,IAAI,KAAK,UAAU,aAAa;AAElE,QAAI,CAAC,QAAQ;AACX,YAAM,cAAc;AAAA,IACtB;AAEA,QAAI,CAAC,mBAAmB;AACtB,aAAO;AAAA,IACT;AAEA,UAAM,kBAAkB;AAAA,MACtB;AAAA,MACA,KAAK;AAAA,IACP;AAEA,QAAI,CAAC,iBAAiB;AACpB,aAAO;AAAA,IACT;AAEA,WAAO,MAAM,0CAA0C;AAEvD,UAAM,UAAU,KAAK,YAAY,eAAe;AAEhD,QAAI,CAAC,QAAQ,SAAS;AACpB,YAAM,IAAI,MAAM,YAAY,SAAS,KAAK,EAAE;AAAA,IAC9C;AAEA,WAAO,MAAM,6DAA6D;AAAA,MACxE,SAAS,QAAQ;AAAA,MACjB,UAAU,QAAQ;AAAA,MAClB,aAAa,QAAQ,UAAU;AAAA,IACjC,CAAC;AAED,UAAM,gBAAgB,UAAM,iBAAAA;AAAA,MAC1B;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAEA,WAAO,cAAc,IAAI,CAAC,KAAK,UAAU;AACvC,UAAI,CAAC,kBAAmB,QAAO;AAC/B,aAAO;AAAA,QACL,WAAW;AAAA,QACX,IAAI,kBAAkB,KAAK,EAAE;AAAA,MAC/B;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAKO,IAAM,YAAN,MAAgB;AAAA,EACb;AAAA,EACA;AAAA,EAER,cAAc;AACZ,8BAA0B;AAE1B,WAAO;AAAA,MACL;AAAA,IACF;AAEA,SAAK,cAAc,QAAQ,IAAI;AAAA,EACjC;AAAA,EAEA,MAAM,OAA2B;AAC/B,UAAM,IAAI,UAAM,4BAAU;AAC1B,SAAK,SAAS;AACd,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,QAAQ,WAA2B,MAAwC;AACzE,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,cAAc;AAAA,IACtB;AAEA,WAAO,IAAI,iBAAiB,KAAK,QAAQ,WAAW,IAAI;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,QAAQ,kBAAsD;AAC5D,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,cAAc;AAAA,IACtB;AAEA,WAAO,IAAI,iBAAiB,KAAK,QAAQ,gBAAgB;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,YACE,YACA,MACsB;AACtB,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,cAAc;AAAA,IACtB;AAEA,WAAO,IAAI,qBAAqB,KAAK,QAAQ,YAAY,IAAI;AAAA,EAC/D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,YAAY,mBAA4D;AACtE,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,cAAc;AAAA,IACtB;AAEA,WAAO,IAAI,qBAAqB,KAAK,QAAQ,iBAAiB;AAAA,EAChE;AAAA;AAAA,EAGA,aAAa;AACX,WAAO;AAAA,MACL,aAAa,KAAK;AAAA,IACpB;AAAA,EACF;AACF;;;AIxnBO,IAAM,cAAN,MAAkB;AAAA,EACf;AAAA,EACA;AAAA,EACA;AAAA,EAER,YAAY;AAAA,IACV,UAAU,EAAE,eAAe,CAAC,KAAK,EAAE;AAAA,IACnC;AAAA,EACF,IAAwB,CAAC,GAAG;AAC1B,QAAI,CAAC,QAAQ,IAAI,iBAAiB;AAChC,YAAMC,gBACJ;AACF,aAAO,MAAMA,aAAY;AACzB,YAAM,IAAI,MAAM,YAAYA,aAAY,EAAE;AAAA,IAC5C;AAEA,QAAI,UAAU;AACZ,WAAK,WAAW;AAAA,IAClB;AAEA,SAAK,cAAc,QAAQ,IAAI;AAC/B,SAAK,UAAU;AACf,WAAO,MAAM,gDAAgD;AAAA,EAC/D;AAAA,EAEA,MAAM,SAAS,UAAwC;AACrD,UAAM,cAAc,KAAK;AAEzB,UAAM,aACJ,QAAQ,IAAI,mBACZ;AAEF,UAAM,cAAc,MAAM,MAAM,GAAG,UAAU,kBAAkB;AAAA,MAC7D,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,KAAK,UAAU;AAAA,QACnB;AAAA,QACA,WAAW;AAAA,MACb,CAAC;AAAA,IACH,CAAC;AAED,QAAI,CAAC,YAAY,IAAI;AACnB,YAAM,IAAI;AAAA,QACR,uCAAuC,YAAY,UAAU;AAAA,MAC/D;AAAA,IACF;AAEA,UAAM,WAAY,MAAM,YAAY,KAAK;AAEzC,QAAI,CAAC,SAAS,aAAa;AACzB,YAAMA,gBACJ;AACF,aAAO,MAAMA,aAAY;AACzB,YAAM,IAAI,MAAMA,aAAY;AAAA,IAC9B;AAEA,SAAK,WAAW;AAChB,WAAO;AAAA,EACT;AAAA,EAEA,iBAAyC;AACvC,QAAI,CAAC,KAAK,UAAU,eAAe,CAAC,KAAK,UAAU,QAAQ;AACzD,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OACE;AAAA,MACJ;AAAA,IACF;AAEA,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS,KAAK;AAAA,MACd,UAAU,KAAK;AAAA,IACjB;AAAA,EACF;AACF;;;ACzFO,IAAM,mBAAmB,CAAC;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA,gBAAgB;AAAA,EAChB,YAAY;AACd,MAA6C;AAC3C,QAAM,UAA+B;AAAA,IACnC,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG,aAAa;AAAA,IAChB,GAAG;AAAA,MACD,GAAG;AAAA,MACH,GAAG;AAAA,IACL;AAAA,EACF;AAEA,MAAI,WAAW;AACb,YAAQ,IAAI;AAAA,EACd;AAEA,SAAO,MAAM,4BAA4B,OAAO;AAChD,SAAO;AACT;AAEO,IAAM,eAAe,CAAC,YAAyC;AACpE,MAAI,SAAS,KAAK,SAAS,MAAM,MAAM;AACrC,WAAO,MAAM,qDAAqD,OAAO;AACzE,WAAO;AAAA,MACL,SAAS;AAAA,MACT,WAAW,QAAQ;AAAA,IACrB;AAAA,EACF;AAEA,SAAO,MAAM,8CAA8C,WAAW,CAAC,CAAC;AACxE,SAAO;AAAA,IACL,SAAS;AAAA,IACT,OAAO,IAAI,MAAM,4CAA4C;AAAA,EAC/D;AACF;;;AN7DO,IAAM,MAAM,MAA0B;AAC3C,QAAM,SAAS,IAAI,UAAU;AAC7B,SAAO,OAAO,KAAK;AACrB;","names":["message","ffiEncrypt","ffiDecrypt","ffiEncryptBulk","ffiDecryptBulk","errorMessage"]}