diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4615c0c --- /dev/null +++ b/.gitignore @@ -0,0 +1,76 @@ +# Byte-compiled Python files +*.py[cod] +__pycache__/ + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# Virtual environments +venv/ +ENV/ +env/ +.venv/ +.env/ + +# Setuptools +*.lock +*.log +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +*.cover +coverage.* +.cache +.pytest_cache/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# Editor / IDE-specific files +.vscode/ +.idea/ +*.swp +*~ +*.sublime-workspace + +# Build scripts +.DS_Store +*.bak +*.tmp + +# Ignore local environment and configuration files +.env +.env.* +.idea/ +.vscode/ +coverage/ + +# Ignore local examples +chat_examples/embed_chat/secure-embed-chat/node_modules +chat_examples/embed_chat/anonymous-embed-chat/node_modules +*node_modules diff --git a/embed_chat_examples/README.md b/embed_chat_examples/README.md new file mode 100644 index 0000000..ea08239 --- /dev/null +++ b/embed_chat_examples/README.md @@ -0,0 +1,73 @@ +# IBM watsonx Orchestrate Embed Chat Examples + +This directory contains example implementations for integrating IBM watsonx Orchestrate embed chat into your applications. + +## Available Examples + +### 1. [Anonymous Embed Chat (Node.js)](./anonymous-embed-chat-node) + +A simple, anonymous embed chat integration **without security enabled**. + +**Use this when:** +- You're in development/testing phase +- Your chatbot is public-facing and doesn't require user authentication +- You're building a proof-of-concept +- No sensitive data or systems are accessed + +**Quick start:** +```bash +cd anonymous-embed-chat-node +npm install +npm start +``` + +--- + +### 2. [Secure Embed Chat (Node.js)](./secure-embed-chat-node) + +A secure embed chat implementation with JWT-based authentication and encryption. + +**Use this when:** +- You need user authentication in production environments +- You want to pass user context securely to the chat +- You need to encrypt sensitive user data +- You're implementing SSO integration (On-Behalf-Of flow) +- Your instance accesses sensitive data or protected systems + +**Quick start:** +```bash +cd secure-embed-chat-node +npm install +npm start +``` + +--- + +## Documentation + +- [Getting Started with Embedded Chat](https://developer.watson-orchestrate.ibm.com/webchat/get_started) +- [Context Variables](https://developer.watson-orchestrate.ibm.com/webchat/context_variables) +- [Security Architecture](https://developer.watson-orchestrate.ibm.com/agents/integrate_agents#security-architecture) +- [IBM Docs: Securing Embedded Chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=applications-securing-embedded-chat) +- [Configuring security for embedded chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-embedded) +- [Configuring security with scripting](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-scripting) + +## Quick Comparison + +| Feature | Anonymous | Secure | +|---------|-----------|--------| +| User Authentication | ❌ No | ✅ Yes | +| JWT Required | ❌ No | ✅ Yes | +| Production Ready | ⚠️ Public only | ✅ Yes | +| Sensitive Data | ❌ Not recommended | ✅ Yes | + +## Requirements + +All examples require: +- Node.js version 16.15.1 or higher +- npm (Node Package Manager) +- OpenSSL (for key generation in secure mode) + +## Support + +For issues, questions, or contributions, please refer to the main project documentation or contact IBM watsonx Orchestrate support. \ No newline at end of file diff --git a/embed_chat_examples/anonymous-embed-chat-node/README.md b/embed_chat_examples/anonymous-embed-chat-node/README.md new file mode 100644 index 0000000..4b90e5f --- /dev/null +++ b/embed_chat_examples/anonymous-embed-chat-node/README.md @@ -0,0 +1,171 @@ +# Anonymous Embed Chat for IBM watsonx Orchestrate (Sample) + +**For complete documentation, please visit:** +- [Getting Started with Embedded Chat](https://developer.watson-orchestrate.ibm.com/webchat/get_started) +- [Context Variables](https://developer.watson-orchestrate.ibm.com/webchat/context_variables) +- [IBM Docs: Securing Embedded Chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=applications-securing-embedded-chat) +- [Configuring security for embedded chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-embedded) +- [Configuring security with scripting](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-scripting) + +## Overview + +This example demonstrates a simple, anonymous embed chat integration **without security enabled**. When security is disabled, anonymous authentication is enabled for a limited set of APIs required for the chat to work for anonymous users. + +### ⚠️ Critical Security Warning + +**Use this mode ONLY when:** +- You're in development/testing phase +- Your chatbot is public-facing and doesn't require user authentication +- You're building a proof-of-concept +- **Your instance does NOT show or provide access to sensitive data** +- **Your instance does NOT have tools configured with functional credentials that access sensitive data in protected systems** + +### 🔒 When to Use Secure Mode Instead + +**You MUST use [secure-embed-chat-node](../secure-embed-chat-node) if:** +- You're deploying to production with authenticated users +- Your instance accesses sensitive data or protected systems +- You need user-specific context or audit trails +- You're implementing SSO or On-Behalf-Of (OBO) flow +- Your application requires compliance with security standards + +**Before disabling security, you must:** +1. Review ALL integrations in your instance +2. Ensure no sensitive data is exposed +3. Verify no tools have credentials accessing protected systems +4. Document the security decision and rationale + +## What This Example Demonstrates + +- Basic wxO embed chat integration without JWT authentication +- Simple HTML page with embedded chat +- Anonymous user access (no authentication required) +- Limited API access (only anonymous-enabled endpoints) + +## Security Implications + +### What You Lose Without Security + +When security is disabled, you lose: +- **User authentication** - No way to verify user identity +- **Access control** - Cannot restrict access based on user permissions +- **Encrypted payloads** - Sensitive data cannot be securely transmitted +- **Audit trails** - Limited ability to track user actions +- **SSO integration** - Cannot use On-Behalf-Of (OBO) flow +- **User context** - Cannot pass authenticated user information + +### Risks of Anonymous Mode + +- **Data exposure** - Any data accessible to the agent is accessible to anyone +- **Unauthorized access** - No way to prevent access to the chat +- **No accountability** - Cannot track who performed what actions +- **Limited functionality** - Some features require authenticated users +- **Compliance issues** - May not meet regulatory requirements + +## Running the Code + +This example requires having NodeJS installed (version 16.15.1 or higher). + +### Running the Server + +The server serves the static HTML file from `http://localhost:5555`. + +1. Navigate to the anonymous-embed-chat-node directory: + ```bash + cd embed_chat_examples/anonymous-embed-chat-node + ``` +2. Install dependencies: + ```bash + npm install + ``` +3. Start the server: + ```bash + npm start + ``` +4. The server will be available at `http://localhost:5555`. + +### Viewing the Example + +- After starting the server, open [http://localhost:5555/](http://localhost:5555/) in your browser. +- The wxO embed chat will load without requiring authentication. + +## Setting up your own agent + +This example is configured to use placeholder values. To use your own agent: + +1. **Configure your agent**: + - Open [`static/index.html`](static/index.html) + - Replace the entire `wxOConfiguration` object with the configuration from your embed script + - You can find the embed script in your agent's settings in the watsonx Orchestrate console + - The `wxOConfiguration` should include: + - `orchestrationID` - Your orchestration ID from the embed code + - `hostURL` - Your watsonx Orchestrate instance URL + - `agentId` - Your agent's unique identifier + - `agentEnvironmentId` - Your agent's environment identifier (optional) + + **Note about `agentEnvironmentId`:** + - This field is **optional** and **not required** for draft environments + - Only include `agentEnvironmentId` when connecting to a **live environment** + - For draft environments, you can omit this field from the configuration + +2. **Disable security in watsonx Orchestrate** (if enabled): + - Open the Security settings for your wxO embed chat in the watsonx Orchestrate console + - Ensure security is disabled for anonymous access + - For detailed instructions, see: + - [IBM Docs: Securing Embedded Chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=applications-securing-embedded-chat) + - [Configuring security for embedded chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-embedded) + - [Configuring security with scripting](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-scripting) + +## Key Files + +- [`server.js`](server.js) - Simple Express server for serving static files +- [`static/index.html`](static/index.html) - wxO embed chat integration without authentication + +## When to Use This Example + +Use this anonymous embed chat example **ONLY** when: +- You're in development/testing phase +- Your chatbot is public-facing and doesn't require user authentication +- You're building a proof-of-concept or demo +- **No sensitive data or systems are accessed** +- **No compliance requirements exist** + +## When to Use Secure Embed Chat + +Switch to the [secure-embed-chat-node](../secure-embed-chat-node) example when: +- You need to authenticate users +- You're deploying to production with authenticated users +- You need to pass user-specific context or data +- You require audit trails of user interactions +- Your instance accesses sensitive data or protected systems +- You need SSO integration or On-Behalf-Of (OBO) flow +- Compliance or regulatory requirements apply + +## Comparison: Anonymous vs Secure + +| Feature | Anonymous (This Example) | Secure | +|---------|-------------------------|--------| +| User Authentication | ❌ No | ✅ Yes | +| JWT Required | ❌ No | ✅ Yes | +| Encrypted Payloads | ❌ No | ✅ Yes | +| User Context | ❌ None | ✅ Full | +| Audit Trails | ❌ Limited | ✅ Complete | +| SSO Integration | ❌ No | ✅ Yes | +| Production Ready | ⚠️ Public only | ✅ Yes | +| Sensitive Data | ❌ Not recommended | ✅ Yes | + +For production deployments with authentication, see the [secure-embed-chat-node](../secure-embed-chat-node) example which demonstrates: +- JWT-based authentication with RS256 signing +- User payload encryption using IBM's public key +- Context variable passing with user identity +- Secure cookie handling and token lifecycle management +- Key management and rotation procedures + +## Additional Resources + +- [Getting Started Guide](https://developer.watson-orchestrate.ibm.com/webchat/get_started) +- [Security Architecture](https://developer.watson-orchestrate.ibm.com/agents/integrate_agents#security-architecture) +- [IBM Docs: Securing Embedded Chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=applications-securing-embedded-chat) +- [Configuring security for embedded chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-embedded) +- [Configuring security with scripting](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-scripting) +- [Agent Integration Documentation](https://developer.watson-orchestrate.ibm.com/agents/integrate_agents) diff --git a/embed_chat_examples/anonymous-embed-chat-node/package-lock.json b/embed_chat_examples/anonymous-embed-chat-node/package-lock.json new file mode 100644 index 0000000..4f7915b --- /dev/null +++ b/embed_chat_examples/anonymous-embed-chat-node/package-lock.json @@ -0,0 +1,1164 @@ +{ + "name": "wxo-secure-embed-chat", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "wxo-secure-embed-chat", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "cookie-parser": "~1.4.4", + "cors": "^2.8.5", + "express": "^4.21.2", + "http-errors": "~1.6.3", + "jsonwebtoken": "^9.0.0", + "node-rsa": "^1.1.1", + "uuid": "^14.0.0" + }, + "devDependencies": {}, + "engines": { + "node": "^16.15.1" + } + }, + "node_modules/accepts": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "license": "MIT", + "dependencies": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/array-flatten": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", + "license": "MIT" + }, + "node_modules/asn1": { + "version": "0.2.6", + "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz", + "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==", + "license": "MIT", + "dependencies": { + "safer-buffer": "~2.1.0" + } + }, + "node_modules/body-parser": { + "version": "1.20.4", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz", + "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "content-type": "~1.0.5", + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "~1.2.0", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "on-finished": "~2.4.1", + "qs": "~6.14.0", + "raw-body": "~2.5.3", + "type-is": "~1.6.18", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/body-parser/node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/body-parser/node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/body-parser/node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==", + "license": "BSD-3-Clause" + }, + "node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/content-disposition": { + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", + "license": "MIT", + "dependencies": { + "safe-buffer": "5.2.1" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie-parser": { + "version": "1.4.7", + "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.7.tgz", + "integrity": "sha512-nGUvgXnotP3BsjiLX2ypbQnWoGUPIIfHQNZkkC668ntrzGWEZVW70HDEB1qnNGMicPje6EttlIgzo51YSwNQGw==", + "license": "MIT", + "dependencies": { + "cookie": "0.7.2", + "cookie-signature": "1.0.6" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/cookie-signature": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==", + "license": "MIT" + }, + "node_modules/cors": { + "version": "2.8.5", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", + "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "license": "MIT", + "dependencies": { + "object-assign": "^4", + "vary": "^1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/destroy": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", + "license": "MIT", + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "license": "Apache-2.0", + "dependencies": { + "safe-buffer": "^5.0.1" + } + }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "license": "MIT" + }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "license": "MIT" + }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express": { + "version": "4.22.1", + "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", + "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==", + "license": "MIT", + "dependencies": { + "accepts": "~1.3.8", + "array-flatten": "1.1.1", + "body-parser": "~1.20.3", + "content-disposition": "~0.5.4", + "content-type": "~1.0.4", + "cookie": "~0.7.1", + "cookie-signature": "~1.0.6", + "debug": "2.6.9", + "depd": "2.0.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "finalhandler": "~1.3.1", + "fresh": "~0.5.2", + "http-errors": "~2.0.0", + "merge-descriptors": "1.0.3", + "methods": "~1.1.2", + "on-finished": "~2.4.1", + "parseurl": "~1.3.3", + "path-to-regexp": "~0.1.12", + "proxy-addr": "~2.0.7", + "qs": "~6.14.0", + "range-parser": "~1.2.1", + "safe-buffer": "5.2.1", + "send": "~0.19.0", + "serve-static": "~1.16.2", + "setprototypeof": "1.2.0", + "statuses": "~2.0.1", + "type-is": "~1.6.18", + "utils-merge": "1.0.1", + "vary": "~1.1.2" + }, + "engines": { + "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/express/node_modules/http-errors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "license": "MIT", + "dependencies": { + "depd": "2.0.0", + "inherits": "2.0.4", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "toidentifier": "1.0.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/express/node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/finalhandler": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz", + "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "on-finished": "2.4.1", + "parseurl": "~1.3.3", + "statuses": "2.0.1", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fresh": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz", + "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/http-errors": { + "version": "1.6.3", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz", + "integrity": "sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A==", + "license": "MIT", + "dependencies": { + "depd": "~1.1.2", + "inherits": "2.0.3", + "setprototypeof": "1.1.0", + "statuses": ">= 1.4.0 < 2" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/http-errors/node_modules/depd": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", + "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/http-errors/node_modules/setprototypeof": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz", + "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==", + "license": "ISC" + }, + "node_modules/http-errors/node_modules/statuses": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", + "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/iconv-lite": { + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/inherits": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", + "integrity": "sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw==", + "license": "ISC" + }, + "node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/jsonwebtoken": { + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", + "license": "MIT", + "dependencies": { + "jws": "^3.2.2", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12", + "npm": ">=6" + } + }, + "node_modules/jsonwebtoken/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/jwa": { + "version": "1.4.2", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.2.tgz", + "integrity": "sha512-eeH5JO+21J78qMvTIDdBXidBd6nG2kZjg5Ohz/1fpa28Z4CcsWUzJ1ZZyFq/3z3N17aZy+ZuBoHljASbL1WfOw==", + "license": "MIT", + "dependencies": { + "buffer-equal-constant-time": "^1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/jws": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.3.tgz", + "integrity": "sha512-byiJ0FLRdLdSVSReO/U4E7RoEyOCKnEnEPMjq3HxWtvzLsV08/i5RQKsFVNkCldrCaPr2vDNAOMsfs8T/Hze7g==", + "license": "MIT", + "dependencies": { + "jwa": "^1.4.2", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==", + "license": "MIT" + }, + "node_modules/lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==", + "license": "MIT" + }, + "node_modules/lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==", + "license": "MIT" + }, + "node_modules/lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==", + "license": "MIT" + }, + "node_modules/lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==", + "license": "MIT" + }, + "node_modules/lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==", + "license": "MIT" + }, + "node_modules/lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", + "license": "MIT" + }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/media-typer": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/merge-descriptors": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz", + "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/methods": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", + "license": "MIT", + "bin": { + "mime": "cli.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/negotiator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/node-rsa": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz", + "integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==", + "license": "MIT", + "dependencies": { + "asn1": "^0.2.4" + } + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-inspect": { + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/path-to-regexp": { + "version": "0.1.13", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz", + "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==", + "license": "MIT" + }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "license": "MIT", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/qs": { + "version": "6.14.2", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz", + "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.1.0" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "2.5.3", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz", + "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/raw-body/node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/raw-body/node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/raw-body/node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "license": "MIT" + }, + "node_modules/semver": { + "version": "7.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", + "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/send": { + "version": "0.19.0", + "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", + "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "0.5.2", + "http-errors": "2.0.0", + "mime": "1.6.0", + "ms": "2.1.3", + "on-finished": "2.4.1", + "range-parser": "~1.2.1", + "statuses": "2.0.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/send/node_modules/encodeurl": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/send/node_modules/http-errors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "license": "MIT", + "dependencies": { + "depd": "2.0.0", + "inherits": "2.0.4", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "toidentifier": "1.0.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/send/node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/send/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/serve-static": { + "version": "1.16.2", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz", + "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==", + "license": "MIT", + "dependencies": { + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "parseurl": "~1.3.3", + "send": "0.19.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", + "license": "ISC" + }, + "node_modules/side-channel": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz", + "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.4" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/statuses": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "license": "MIT", + "engines": { + "node": ">=0.6" + } + }, + "node_modules/type-is": { + "version": "1.6.18", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "license": "MIT", + "dependencies": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/utils-merge": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", + "license": "MIT", + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/uuid": { + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], + "license": "MIT", + "bin": { + "uuid": "dist-node/bin/uuid" + } + }, + "node_modules/vary": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + } + } +} diff --git a/embed_chat_examples/anonymous-embed-chat-node/package.json b/embed_chat_examples/anonymous-embed-chat-node/package.json new file mode 100644 index 0000000..35a6150 --- /dev/null +++ b/embed_chat_examples/anonymous-embed-chat-node/package.json @@ -0,0 +1,25 @@ +{ + "name": "wxo-secure-embed-chat", + "version": "1.0.0", + "engines": { + "node": "^16.15.1" + }, + "scripts": { + "start": "node ./server.js" + }, + "dependencies": { + "cookie-parser": "~1.4.4", + "cors": "^2.8.5", + "express": "^4.21.2", + "http-errors": "~1.6.3", + "jsonwebtoken": "^9.0.0", + "node-rsa": "^1.1.1", + "uuid": "^14.0.0" + }, + "description": "**For a full walk through of how this code works, please visit the [security architecture documentation](https://developer.watson-orchestrate.ibm.com/agents/integrate_agents#security-architecture) in the IBM watsonx Orchestrate developer documentation.**", + "main": "server.js", + "keywords": [], + "author": "", + "license": "ISC", + "type": "commonjs" +} diff --git a/embed_chat_examples/anonymous-embed-chat-node/server.js b/embed_chat_examples/anonymous-embed-chat-node/server.js new file mode 100644 index 0000000..7a812b1 --- /dev/null +++ b/embed_chat_examples/anonymous-embed-chat-node/server.js @@ -0,0 +1,79 @@ +/** + * This file starts up a basic NodeJS server with express, adds some routes, and adds some error handling. This is + * mostly boilerplate content that can be adjusted as needed. + * + * The server defaults to being available on port 3001. + */ + +const { createServer } = require('http'); + +const cookieParser = require('cookie-parser'); +const cors = require('cors'); +const express = require('express'); + +const PORT = 5555; + +const app = express(); + +// Enable all CORS requests. In a production environment, you will likely want to remove this or set it to something +// more restrictive. +app.use(cors({ origin: '*' })); +app.use(express.json()); +app.use(express.urlencoded({ extended: false })); +app.use(cookieParser()); + + +app.use(express.static('static')); + +// Send a 404 response if no handler was found. +app.use(function (request, response) { + response.status(404).send(); +}); + +// Error handler. +app.use(function (error, request, response, next) { + console.error('An error occurred', error); + response.status(500).send(); +}); + +// Get port from environment and store in Express. +app.set('port', PORT); + +// Create HTTP server. +const server = createServer(app); + +// Listen on provided port, on all network interfaces. +server.listen(PORT); +server.on('error', onError); +server.on('listening', onListening); + +/** + * Event listener for HTTP server "error" event. + */ +function onError(error) { + if (error.syscall !== 'listen') { + throw error; + } + + // Handle specific listen errors with friendly messages + switch (error.code) { + case 'EACCES': + console.error(`${PORT} requires elevated privileges`); + process.exit(1); + break; + case 'EADDRINUSE': + console.error(`${PORT} is already in use`); + process.exit(1); + break; + default: + throw error; + } +} + +/** + * Event listener for HTTP server "listening" event. + */ +function onListening() { + console.log(`Listening on ${server.address().port}`); + console.log(`Open http://localhost:${server.address().port}/index.html in your browser to view the example.`); +} diff --git a/embed_chat_examples/anonymous-embed-chat-node/static/index.html b/embed_chat_examples/anonymous-embed-chat-node/static/index.html new file mode 100644 index 0000000..994baa6 --- /dev/null +++ b/embed_chat_examples/anonymous-embed-chat-node/static/index.html @@ -0,0 +1,1372 @@ + + + + + + + Northstar Operations - Smart Services Demo + + + + + + + + + +
+ + +
+
+
+
+
+ + + + + +
+
+
+ + Trusted by growing teams +
+

+ Practical Solutions for + Modern Business Operations +

+

+ Northstar Operations is a fictional services company helping businesses streamline support, onboarding, and + internal workflows with a polished digital experience. +

+
+ + +
+
+
+
250+
+
Client Engagements
+
+
+
12
+
Industry Verticals
+
+
+
24/7
+
Service Availability
+
+
+
+
+ + +
+
+

What We Do

+

A dummy company website showcasing services, delivery strengths, and support

+
+ +
+
+
+ +
+

Operations Consulting

+

We help teams simplify processes, remove bottlenecks, and design scalable operating models.

+
    +
  • Workflow assessments
    • +
  • SOP design
    • +
  • Process improvement plans
    • +
+
+ +
+
+ +
+

Customer Support Enablement

+

Build support experiences that feel fast, consistent, and easy for both teams and customers.

+
    +
  • Help desk optimization
    • +
  • Knowledge base planning
    • +
  • Service playbooks
    • +
+
+ +
+
+ +
+

Employee Onboarding

+

Create repeatable onboarding journeys that reduce ramp-up time and improve first-week confidence.

+
    +
  • Role-based checklists
    • +
  • Starter documentation
    • +
  • Cross-team coordination
    • +
+
+ +
+
+ +
+

Logistics Coordination

+

Support inventory movement, vendor collaboration, and delivery visibility across distributed teams.

+
    +
  • Vendor communications
    • +
  • Dispatch workflows
    • +
  • Status reporting
    • +
+
+ +
+
+ +
+

Business Reporting

+

Turn operational data into practical summaries for leaders, managers, and client stakeholders.

+
    +
  • Weekly KPI reviews
    • +
  • Executive dashboards
    • +
  • Trend summaries
    • +
+
+ +
+
+ +
+

Client Success Services

+

Strengthen retention with structured account check-ins, onboarding support, and renewal readiness.

+
    +
  • Success planning
    • +
  • Account reviews
    • +
  • Escalation coordination
    • +
+
+
+
+ + +
+
+

How We Work

+

A quick look at how Northstar Operations supports clients from kickoff to delivery

+
+ +
+
+
+
+ +
+
+

Discovery First

+

We begin with stakeholder interviews, workflow mapping, and a clear view of service pain points.

+
+
+ +
+
+ +
+
+

Structured Delivery

+

Each engagement includes milestones, owners, and documented handoffs so teams stay aligned.

+
+
+ +
+
+ +
+
+

Continuous Improvement

+

We measure outcomes, refine processes, and help your teams sustain better operational habits.

+
+
+ +
+
+ Sample Engagement Plan + +
+ 
Northstar Operations Engagement
+1. Discovery workshop
+2. Current-state process review
+3. Service blueprint and ownership map
+4. Rollout plan with training
+5. KPI review after launch
+
+
+ +
+
+
+
+ + + +
+ Client Journey Snapshot +
+
+
+
+
+ +
+
+ Welcome to Northstar Operations. We help teams improve service delivery, onboarding, and internal + coordination. +
+
+
+
+ What does your onboarding support include? +
+
+ +
+
+
+
+ +
+
+ We design onboarding checklists, manager handoff plans, training resources, and first-30-day support + workflows. +
+
+
+ + + +
+
+
+
+
+
+
+ + +
+
+

Contact Our Team

+

Use this sample contact form for your dummy company website demo

+
+ +
+
+

Why Choose Northstar Operations?

+

We combine practical service design, operational clarity, and friendly client support in one fictional brand experience.

+ +
+
+ + Dedicated onboarding guidance +
+
+ + Flexible service packages +
+
+ + Clear project communication +
+
+ + Practical reporting cadence +
+
+ + +
+ +
+
+
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ + +
+
+
+
+ + + + + + + + + + diff --git a/embed_chat_examples/secure-embed-chat-node/README.md b/embed_chat_examples/secure-embed-chat-node/README.md new file mode 100644 index 0000000..7ae4824 --- /dev/null +++ b/embed_chat_examples/secure-embed-chat-node/README.md @@ -0,0 +1,333 @@ +# Enabling Security for IBM watsonx Orchestrate Embed Chat (Sample) + +**For complete documentation, please visit:** +- [Getting Started with Embedded Chat](https://developer.watson-orchestrate.ibm.com/webchat/get_started) +- [Context Variables](https://developer.watson-orchestrate.ibm.com/webchat/context_variables) +- [Security Architecture](https://developer.watson-orchestrate.ibm.com/agents/integrate_agents#security-architecture) +- [IBM Docs: Securing Embedded Chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=applications-securing-embedded-chat) +- [Configuring security for embedded chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-embedded) +- [Configuring security with scripting](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-scripting) + +## Overview + +This example demonstrates a **secure embed chat** integration for IBM watsonx Orchestrate using JWT-based authentication and RSA public-key cryptography. + +When security is enabled for embedded chat: + +- **Identity is established** through authenticated requests +- **Access is controlled** with signed JSON Web Tokens (JWT) +- **Context can be trusted** through encrypted payloads +- **Operations are protected** with proper key management + +If you are new to developing with wxO embed chat, start with the [agent integration documentation](https://developer.watson-orchestrate.ibm.com/agents/integrate_agents). + +### ✅ When to Use This Example + +Use this example when: + +- You're deploying to production with authenticated users +- Your instance accesses sensitive data or protected systems +- You need user-specific context or audit trails +- You're implementing SSO or On-Behalf-Of (OBO) flow +- Your application must comply with organizational or regulatory security requirements + +### ⚠️ Do Not Use Anonymous Mode If + +You should **not** use anonymous embed chat when: + +- The agent can access sensitive information +- Tools are configured with credentials to protected systems +- You need to know which user performed an action +- You must pass authenticated identity or user-specific context +- You require strong access controls or compliance alignment + +## Security Model + +When security is enabled, all communication between your web application and IBM watsonx Orchestrate relies on: + +### Two Independent RSA Key Pairs + +**1. Client Application Key Pair** (Your Identity) +- **Generated by:** You or your organization's key management infrastructure +- **Public key:** Uploaded to watsonx Orchestrate for JWT signature verification +- **Private key:** Kept secure on your server, used to sign JWTs +- **Purpose:** Authenticates your application and verifies token integrity + +**2. IBM Key Pair** (For Encrypted Payloads) +- **Generated by:** watsonx Orchestrate instance +- **Public key:** Shared with you to encrypt `user_payload` section +- **Private key:** Held securely by IBM to decrypt `user_payload` +- **Purpose:** Ensures sensitive user context (like SSO tokens) cannot be inspected by intermediaries +- **Note:** Only required if using On-Behalf-Of (OBO) flow with `sso_token` + +### Authentication Flow + +1. Your web application generates a JWT signed with your **client private key** +2. JWT includes user identity (`sub`) and optionally encrypted `user_payload` +3. Every API request to embed chat includes this JWT +4. watsonx Orchestrate validates the JWT signature using your **client public key** +5. If valid, the request is authenticated and authorized under User permissions + +### Voice Capabilities Security + +Voice interactions use the same security model: +- Voice audio streams are authenticated through JWT tokens +- Audio session is tied to the user identity +- Same encryption and validation as text-based interactions + +## What This Example Demonstrates + +- Secure wxO embed chat integration with JWT authentication +- A Node.js Express backend that generates signed JWTs +- RSA key usage for signature verification and optional payload encryption +- Authenticated user identity via the `sub` claim +- Context passing and supported JWT fields +- Token lifecycle management for active sessions + +The server code for generating JWTs is in [`routes/createJWT.js`](routes/createJWT.js). The embed chat client code is in [`static/index.html`](static/index.html). + +## JWT Structure and Supported Fields + +The JWT token contains three main sections: + +### 1. Subject (`sub`) +- **Required:** Yes +- **Purpose:** Unique identifier for the user +- **Example:** `"user-12345"` or email address +- **Note:** Should be stable across sessions for the same user + +### 2. User Payload (`user_payload`) - Encrypted +- **Required:** No (only if using OBO flow) +- **Encryption:** Encrypted with IBM's public key +- **Decryption:** Only IBM watsonx Orchestrate can decrypt +- **Supported Fields:** + - `sso_token` - Single sign-on token (**ONLY supported field**) +- **Purpose:** Securely pass sensitive authentication tokens +- **Security:** Cannot be inspected by intermediaries or client-side code + +### 3. Context (`context`) - Not Encrypted +- **Required:** No +- **Encryption:** None (plaintext, accessible by agent and client) +- **Supported Fields:** Custom context variables + - Examples: `clientID`, `name`, `role`, `department`, etc. +- **Restrictions:** + - **Do NOT use `wxo_` prefix** - it's reserved for system variables + - Do not include sensitive data (use `user_payload` instead) +- **Purpose:** Pass non-sensitive user metadata to the agent + +### Example JWT Structure +```javascript +{ + "sub": "user-12345", // User identifier + "user_payload": "", // Encrypted with IBM's public key + "context": { // NOT encrypted + "clientID": "865511", + "name": "John Doe", + "role": "Admin", + "department": "Engineering" + }, + "iat": 1234567890, // Issued at (auto-generated) + "exp": 1234574990 // Expires at (auto-generated, max 7100s from iat) +} +``` + +For complete details on context variables and supported fields, see the [Context Variables documentation](https://developer.watson-orchestrate.ibm.com/webchat/context_variables). + +## Running the Code + +**DO NOT USE THE PUBLIC AND PRIVATE KEYS FROM THIS EXAMPLE FOR PRODUCTION USE!** You should generate your own public and private keys. + +If you do not have a public and private key pair, you can generate one using either of the following methods: + +**Method 1: Using ssh-keygen** +```bash +ssh-keygen -t rsa -b 4096 -m PEM -f example-jwtRS256.key +openssl rsa -in example-jwtRS256.key -pubout -outform PEM -out example-jwtRS256.key.pub +``` + +**Method 2: Using openssl directly** +```bash +# Generate private key +openssl genrsa -out example-jwtRS256.key 4096 + +# Generate public key from private key +openssl rsa -in example-jwtRS256.key -pubout -out example-jwtRS256.key.pub +``` + +### Running the Server + +This example requires having NodeJS installed (version 16.15.1 or higher). + +The server is required for creating the JWTs that are required to enable security and for authenticating a user. It serves requests from `http://localhost:5555`. + +1. Navigate to the secure-embed-chat-node directory: + ```bash + cd embed_chat_examples/secure-embed-chat-node + ``` +2. Install dependencies: + ```bash + npm install + ``` +3. Start the server: + ```bash + npm start + ``` +4. The server will be available at `http://localhost:5555`. + +### Viewing the Example + +- After starting the server, open [http://localhost:5555/](http://localhost:5555/) in your browser. +- The wxO embed chat will load with security enabled using JWT authentication. +- The page will request a JWT token from the backend before chat initialization. + +## Setting up your own agent + +This example uses sample values. To configure it for your own agent: + +1. **Generate your keys** (if you haven't already): + + **Method 1: Using ssh-keygen** + ```bash + ssh-keygen -t rsa -b 4096 -m PEM -f example-jwtRS256.key + openssl rsa -in example-jwtRS256.key -pubout -outform PEM -out example-jwtRS256.key.pub + ``` + + **Method 2: Using openssl directly** + ```bash + # Generate private key + openssl genrsa -out example-jwtRS256.key 4096 + + # Generate public key from private key + openssl rsa -in example-jwtRS256.key -pubout -out example-jwtRS256.key.pub + ``` + +2. **Update the keys in your project**: + - Copy your public key into [`keys/example-jwtRS256.key.pub`](keys/example-jwtRS256.key.pub) + - Copy your private key into [`keys/example-jwtRS256.key`](keys/example-jwtRS256.key) + - Restart the server after changing either file + +3. **Configure your agent in the client page**: + - Open [`static/index.html`](static/index.html) + - Replace the `window.wxOConfiguration` values with the values from your agent embed code + - Update: + - `orchestrationID` + - `hostURL` + - `agentId` + - `agentEnvironmentId` (optional for live environments) + + **Note about `agentEnvironmentId`:** + - This field is **optional** + - It is typically omitted for draft environments + - Include it when your embed code provides a live environment identifier + +4. **Configure your JWT generation logic**: + - Open [`routes/createJWT.js`](routes/createJWT.js) + - Update the claims you want to send, such as `sub`, `context`, and optional encrypted `user_payload` + - Only place sensitive authentication data in encrypted `user_payload` + - Do not use the reserved `wxo_` prefix in custom `context` fields + +5. **Configure security in watsonx Orchestrate**: + - Open the Security settings for your wxO embed chat in the watsonx Orchestrate console + - Upload or paste your client public key + - If using encrypted `user_payload`, ensure you are using IBM's public key correctly + - Follow the IBM documentation for setup details: + - [IBM Docs: Securing Embedded Chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=applications-securing-embedded-chat) + - [Configuring security for embedded chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-embedded) + - [Configuring security with scripting](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-scripting) + +## Key Files + +- [`server.js`](server.js) - Express server for serving the static site and JWT endpoint wiring +- [`routes/createJWT.js`](routes/createJWT.js) - JWT creation logic with RS256 signing and optional payload encryption +- [`static/index.html`](static/index.html) - Secure wxO embed chat page that fetches a JWT before initialization +- [`keys/`](keys/) - RSA key directory for client signing keys and IBM's public key + +## Security Notes and Best Practices + +### Critical Security Requirements + +1. **Private Key Protection** + - Always keep your client private key secure and never expose it to the client side + - Store private keys using industry-standard secret management practices + - Never commit private keys to version control + - Rotate keys regularly according to your security policies + +2. **Server-Side Token Generation** + - JWT tokens must be generated server-side only + - Never generate or sign JWTs in client-side JavaScript + - Validate all inputs before generating tokens + +3. **HTTPS in Production** + - Always use HTTPS in production environments + - Set appropriate cookie security flags (`secure: true`, `httpOnly: true`, `sameSite: 'Strict'`) + - Implement proper CORS policies + +4. **JWT Expiration Management** + - **Maximum JWT expiry: 7100 seconds (~118 minutes)** + - Set expiration based on your security requirements within this limit + - Implement token refresh mechanism using `updateAuthToken()` method + - Monitor and log token usage for audit trails + +5. **Payload Encryption** + - Use IBM's public key to encrypt `user_payload` when passing sensitive data + - Only `sso_token` is supported in `user_payload` + - Never include sensitive data in unencrypted `context` fields + +6. **Field Validation** + - Only use supported fields in JWT claims + - Do NOT use `wxo_` prefix for custom context variables (reserved for system use) + - Validate all context data before including in JWT + +### Key Management Lifecycle + +**Generation:** +- Use strong RSA keys (4096-bit recommended) +- Generate keys in secure environments +- Document key generation procedures + +**Storage:** +- Store private keys in secure key management systems +- Restrict access to private keys +- Use environment variables or secure vaults, never hardcode + +**Rotation:** +- Implement regular key rotation policies +- To rotate keys: disable security, generate new keys, re-enable with new keys +- Maintain key version history for audit purposes + +**Revocation:** +- Have procedures for immediate key revocation if compromised +- Monitor for unauthorized token usage +- Implement token blacklisting if needed + +### Access Control + +- JWT determines the authorization context for the embedded chat session +- All API calls execute under **User permissions** defined by the `sub` claim +- Implement proper user permission validation in your application +- Review and audit user access regularly + +## Comparison: Anonymous vs Secure + +| Feature | Anonymous | Secure (This Example) | +|---------|-----------|------------------------| +| User Authentication | ❌ No | ✅ Yes | +| JWT Required | ❌ No | ✅ Yes | +| Encrypted Payloads | ❌ No | ✅ Yes | +| User Context | ❌ None | ✅ Full | +| Audit Trails | ❌ Limited | ✅ Complete | +| SSO Integration | ❌ No | ✅ Yes | +| Production Ready | ⚠️ Public only | ✅ Yes | +| Sensitive Data | ❌ Not recommended | ✅ Yes | + +For simpler public demos without authentication, see the [anonymous-embed-chat-node](../anonymous-embed-chat-node) example. + +## Additional Resources + +- [Getting Started Guide](https://developer.watson-orchestrate.ibm.com/webchat/get_started) +- [Security Architecture](https://developer.watson-orchestrate.ibm.com/agents/integrate_agents#security-architecture) +- [IBM Docs: Securing Embedded Chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=applications-securing-embedded-chat) +- [Configuring security for embedded chat](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-embedded) +- [Configuring security with scripting](https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=chat-configuring-security-scripting) +- [Context Variables Documentation](https://developer.watson-orchestrate.ibm.com/webchat/context_variables) +- [Agent Integration Documentation](https://developer.watson-orchestrate.ibm.com/agents/integrate_agents) diff --git a/embed_chat_examples/secure-embed-chat-node/keys/example-jwtRS256.key b/embed_chat_examples/secure-embed-chat-node/keys/example-jwtRS256.key new file mode 100644 index 0000000..345871d --- /dev/null +++ b/embed_chat_examples/secure-embed-chat-node/keys/example-jwtRS256.key @@ -0,0 +1,86 @@ +/* + * ============================================================ + * CLIENT PRIVATE KEY — KEEP THIS FILE SECURE + * ============================================================ + * This is your CLIENT PRIVATE KEY used for signing JWTs (RS256) + * for watsonx Orchestrate secure embedded chat. + * + * Client Key Pair + * ------------------------------------------------------------ + * Generated by: You (or your security configuration tool) + * + * Private key (this file): + * • MUST remain confidential. + * • Used only on your server to sign JWTs using RS256. + * • Never expose this key in browser code, mobile apps, + * public repos, logs, or anywhere outside secure backend storage. + * + * Public key (example-jwtRS256.key.pub): + * • Safe to share. + * • Must be uploaded to your watsonx Orchestrate instance in the + * embedded chat security settings. + * • Orchestrate uses it to validate that your JWTs truly come + * from your application. + * + * + * ------------------------------------------------------------ + * How this key was generated: + * ------------------------------------------------------------ + * You can generate this key pair using either method: + * + * Method 1 — ssh-keygen (recommended) + * # Generate PRIVATE key + * ssh-keygen -t rsa -b 4096 -m PEM -f example-jwtRS256.key + * + * # Extract PUBLIC key + * openssl rsa -in example-jwtRS256.key -pubout -outform PEM \ + * -out example-jwtRS256.key.pub + * + * + * Method 2 — openssl only + * # Generate PRIVATE key + * openssl genrsa -out example-jwtRS256.key 4096 + * + * # Extract PUBLIC key + * openssl rsa -in example-jwtRS256.key -pubout \ + * -out example-jwtRS256.key.pub + * + * + * ------------------------------------------------------------ + * Usage (based on secure-embed-chat/createJWT.js): + * ------------------------------------------------------------ + * • Load this private key server-side: + * + * const PRIVATE_KEY = fs.readFileSync( + * path.join(__dirname, "../keys/example-jwtRS256.key") + * ); + * + * • Sign JWTs using RS256: + * + * const token = jwt.sign(jwtContent, PRIVATE_KEY, { + * algorithm: "RS256", + * expiresIn: "1h" + * }); + * + * • JWTs must include: + * - `sub` (unique user ID) + * - `user_payload` (encrypted with IBM_PUBLIC_KEY) + * - Optional `context` object + * + * • watsonx Orchestrate will verify this signature using: + * example-jwtRS256.key.pub + * + * + * ------------------------------------------------------------ + * Security Recommendations: + * ------------------------------------------------------------ + * • Store this file in a secure, backend-only location. + * • Never host it in frontend, CDN, or browser-accessible paths. + * • Rotate keys periodically. + * • Restrict access using filesystem permissions, KMS, or secrets manager. + * • Use HTTPS for all communications. + * + * ============================================================ + * DO NOT COMMIT REAL PRODUCTION PRIVATE KEYS TO SOURCE CONTROL + * ============================================================ + */ diff --git a/embed_chat_examples/secure-embed-chat-node/keys/example-jwtRS256.key.pub b/embed_chat_examples/secure-embed-chat-node/keys/example-jwtRS256.key.pub new file mode 100644 index 0000000..fe30788 --- /dev/null +++ b/embed_chat_examples/secure-embed-chat-node/keys/example-jwtRS256.key.pub @@ -0,0 +1,46 @@ +/* + * ============================================================ + * CLIENT PUBLIC KEY — SAFE TO SHARE + * ============================================================ + * This is the CLIENT PUBLIC KEY generated as part of the RSA + * key pair used for secure embedded chat with watsonx Orchestrate. + * + * Generated by: + * • You (or an external security configuration tool) + * + * Purpose: + * • This PUBLIC key must be shared with watsonx Orchestrate. + * • It is used by the service to verify RS256-signed JWT + * identity tokens originating from your application. + * • The corresponding PRIVATE key (example-jwtRS256.key) + * remains with you and must be securely stored. + * + * ------------------------------------------------------------ + * How this PUBLIC key was generated (two supported methods): + * ------------------------------------------------------------ + * + * Method 1 — ssh-keygen (recommended) + * # Generate PRIVATE key + * ssh-keygen -t rsa -b 4096 -m PEM -f example-jwtRS256.key + * + * # Extract PUBLIC key (this file) + * openssl rsa -in example-jwtRS256.key -pubout -outform PEM \ + * -out example-jwtRS256.key.pub + * + * Method 2 — openssl only + * # Generate PRIVATE key + * openssl genrsa -out example-jwtRS256.key 4096 + * + * # Extract PUBLIC key (this file) + * openssl rsa -in example-jwtRS256.key -pubout -out \ + * example-jwtRS256.key.pub + * + * ------------------------------------------------------------ + * Usage: + * • Paste the contents of this file into the + * “Chat user identity” → “Client public key” + * section of the Embedded Chat Security settings. + * • watsonx Orchestrate will use it to validate that + * incoming JWTs truly originate from your application. + * ============================================================ + */ diff --git a/embed_chat_examples/secure-embed-chat-node/keys/ibmPublic.key.pub b/embed_chat_examples/secure-embed-chat-node/keys/ibmPublic.key.pub new file mode 100644 index 0000000..93bc3a8 --- /dev/null +++ b/embed_chat_examples/secure-embed-chat-node/keys/ibmPublic.key.pub @@ -0,0 +1,72 @@ +/* + * ============================================================ + * IBM PUBLIC KEY — SAFE TO SHARE + * ============================================================ + * This is the IBM PUBLIC KEY used for encrypting the + * `user_payload` field in your JWT for secure embedded chat. + * + * IBM Key Pair + * ------------------------------------------------------------ + * Generated by: watsonx Orchestrate service + * + * Public key (this file): + * • Shared with your application. + * • Your server uses this key to encrypt the `user_payload` + * section of the JWT sent to watsonx Orchestrate. + * + * Private key: + * • Stored securely inside the watsonx Orchestrate service. + * • Never leaves IBM systems. + * • Used by the service to decrypt the encrypted `user_payload`. + * + * + * ------------------------------------------------------------ + * How this key was generated: + * ------------------------------------------------------------ + * This IBM PUBLIC key is produced automatically when you run: + * + * examples/embed_chat/secure-embed-chat/wxo-embed-security-tool-v2.sh + * + * That script calls: + * + * POST /v1/embed/secure/generate-key-pair + * + * The watsonx Orchestrate backend will then: + * • Generate a fresh RSA-4096 IBM key pair + * • Return ONLY the PUBLIC key (this file) + * • Store the IBM PRIVATE key securely inside the service + * + * + * ------------------------------------------------------------ + * Usage (based on secure-embed-chat/createJWT.js): + * ------------------------------------------------------------ + * • Load this key server-side only: + * + * const IBM_PUBLIC_KEY = fs.readFileSync( + * path.join(__dirname, "../keys/ibmPublic.key.pub") + * ); + * + * • Use this key to encrypt the `user_payload` section of your JWT: + * + * const rsa = new NodeRSA(IBM_PUBLIC_KEY); + * jwtContent.user_payload = rsa.encrypt( + * Buffer.from(JSON.stringify(userPayload)), "base64" + * ); + * + * • The encrypted payload ensures: + * - Sensitive data cannot be read by the browser + * - Only watsonx Orchestrate can decrypt it + * + * • The rest of the JWT is signed with your private key + * (example-jwtRS256.key) using RS256. + * + * + * ------------------------------------------------------------ + * Security Recommendations: + * ------------------------------------------------------------ + * • NEVER store this key on the client or expose it in frontend code. + * • Perform all JWT creation and encryption server-side only. + * • Always use HTTPS in production. + * + * ============================================================ + */ diff --git a/embed_chat_examples/secure-embed-chat-node/package-lock.json b/embed_chat_examples/secure-embed-chat-node/package-lock.json new file mode 100644 index 0000000..4f7915b --- /dev/null +++ b/embed_chat_examples/secure-embed-chat-node/package-lock.json @@ -0,0 +1,1164 @@ +{ + "name": "wxo-secure-embed-chat", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "wxo-secure-embed-chat", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "cookie-parser": "~1.4.4", + "cors": "^2.8.5", + "express": "^4.21.2", + "http-errors": "~1.6.3", + "jsonwebtoken": "^9.0.0", + "node-rsa": "^1.1.1", + "uuid": "^14.0.0" + }, + "devDependencies": {}, + "engines": { + "node": "^16.15.1" + } + }, + "node_modules/accepts": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "license": "MIT", + "dependencies": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/array-flatten": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", + "license": "MIT" + }, + "node_modules/asn1": { + "version": "0.2.6", + "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz", + "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==", + "license": "MIT", + "dependencies": { + "safer-buffer": "~2.1.0" + } + }, + "node_modules/body-parser": { + "version": "1.20.4", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz", + "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "content-type": "~1.0.5", + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "~1.2.0", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "on-finished": "~2.4.1", + "qs": "~6.14.0", + "raw-body": "~2.5.3", + "type-is": "~1.6.18", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/body-parser/node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/body-parser/node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/body-parser/node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==", + "license": "BSD-3-Clause" + }, + "node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/content-disposition": { + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", + "license": "MIT", + "dependencies": { + "safe-buffer": "5.2.1" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie-parser": { + "version": "1.4.7", + "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.7.tgz", + "integrity": "sha512-nGUvgXnotP3BsjiLX2ypbQnWoGUPIIfHQNZkkC668ntrzGWEZVW70HDEB1qnNGMicPje6EttlIgzo51YSwNQGw==", + "license": "MIT", + "dependencies": { + "cookie": "0.7.2", + "cookie-signature": "1.0.6" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/cookie-signature": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==", + "license": "MIT" + }, + "node_modules/cors": { + "version": "2.8.5", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", + "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "license": "MIT", + "dependencies": { + "object-assign": "^4", + "vary": "^1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/destroy": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", + "license": "MIT", + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "license": "Apache-2.0", + "dependencies": { + "safe-buffer": "^5.0.1" + } + }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "license": "MIT" + }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "license": "MIT" + }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express": { + "version": "4.22.1", + "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", + "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==", + "license": "MIT", + "dependencies": { + "accepts": "~1.3.8", + "array-flatten": "1.1.1", + "body-parser": "~1.20.3", + "content-disposition": "~0.5.4", + "content-type": "~1.0.4", + "cookie": "~0.7.1", + "cookie-signature": "~1.0.6", + "debug": "2.6.9", + "depd": "2.0.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "finalhandler": "~1.3.1", + "fresh": "~0.5.2", + "http-errors": "~2.0.0", + "merge-descriptors": "1.0.3", + "methods": "~1.1.2", + "on-finished": "~2.4.1", + "parseurl": "~1.3.3", + "path-to-regexp": "~0.1.12", + "proxy-addr": "~2.0.7", + "qs": "~6.14.0", + "range-parser": "~1.2.1", + "safe-buffer": "5.2.1", + "send": "~0.19.0", + "serve-static": "~1.16.2", + "setprototypeof": "1.2.0", + "statuses": "~2.0.1", + "type-is": "~1.6.18", + "utils-merge": "1.0.1", + "vary": "~1.1.2" + }, + "engines": { + "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/express/node_modules/http-errors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "license": "MIT", + "dependencies": { + "depd": "2.0.0", + "inherits": "2.0.4", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "toidentifier": "1.0.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/express/node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/finalhandler": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz", + "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "on-finished": "2.4.1", + "parseurl": "~1.3.3", + "statuses": "2.0.1", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fresh": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz", + "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/http-errors": { + "version": "1.6.3", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz", + "integrity": "sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A==", + "license": "MIT", + "dependencies": { + "depd": "~1.1.2", + "inherits": "2.0.3", + "setprototypeof": "1.1.0", + "statuses": ">= 1.4.0 < 2" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/http-errors/node_modules/depd": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", + "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/http-errors/node_modules/setprototypeof": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz", + "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==", + "license": "ISC" + }, + "node_modules/http-errors/node_modules/statuses": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", + "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/iconv-lite": { + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/inherits": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", + "integrity": "sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw==", + "license": "ISC" + }, + "node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/jsonwebtoken": { + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", + "license": "MIT", + "dependencies": { + "jws": "^3.2.2", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12", + "npm": ">=6" + } + }, + "node_modules/jsonwebtoken/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/jwa": { + "version": "1.4.2", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.2.tgz", + "integrity": "sha512-eeH5JO+21J78qMvTIDdBXidBd6nG2kZjg5Ohz/1fpa28Z4CcsWUzJ1ZZyFq/3z3N17aZy+ZuBoHljASbL1WfOw==", + "license": "MIT", + "dependencies": { + "buffer-equal-constant-time": "^1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/jws": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.3.tgz", + "integrity": "sha512-byiJ0FLRdLdSVSReO/U4E7RoEyOCKnEnEPMjq3HxWtvzLsV08/i5RQKsFVNkCldrCaPr2vDNAOMsfs8T/Hze7g==", + "license": "MIT", + "dependencies": { + "jwa": "^1.4.2", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==", + "license": "MIT" + }, + "node_modules/lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==", + "license": "MIT" + }, + "node_modules/lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==", + "license": "MIT" + }, + "node_modules/lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==", + "license": "MIT" + }, + "node_modules/lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==", + "license": "MIT" + }, + "node_modules/lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==", + "license": "MIT" + }, + "node_modules/lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", + "license": "MIT" + }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/media-typer": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/merge-descriptors": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz", + "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/methods": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", + "license": "MIT", + "bin": { + "mime": "cli.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/negotiator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/node-rsa": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz", + "integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==", + "license": "MIT", + "dependencies": { + "asn1": "^0.2.4" + } + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-inspect": { + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/path-to-regexp": { + "version": "0.1.13", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.13.tgz", + "integrity": "sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==", + "license": "MIT" + }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "license": "MIT", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/qs": { + "version": "6.14.2", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz", + "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.1.0" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "2.5.3", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz", + "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/raw-body/node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/raw-body/node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/raw-body/node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "license": "MIT" + }, + "node_modules/semver": { + "version": "7.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", + "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/send": { + "version": "0.19.0", + "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", + "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "0.5.2", + "http-errors": "2.0.0", + "mime": "1.6.0", + "ms": "2.1.3", + "on-finished": "2.4.1", + "range-parser": "~1.2.1", + "statuses": "2.0.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/send/node_modules/encodeurl": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/send/node_modules/http-errors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "license": "MIT", + "dependencies": { + "depd": "2.0.0", + "inherits": "2.0.4", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "toidentifier": "1.0.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/send/node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/send/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/serve-static": { + "version": "1.16.2", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz", + "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==", + "license": "MIT", + "dependencies": { + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "parseurl": "~1.3.3", + "send": "0.19.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", + "license": "ISC" + }, + "node_modules/side-channel": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz", + "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.4" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/statuses": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "license": "MIT", + "engines": { + "node": ">=0.6" + } + }, + "node_modules/type-is": { + "version": "1.6.18", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "license": "MIT", + "dependencies": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/utils-merge": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", + "license": "MIT", + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/uuid": { + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], + "license": "MIT", + "bin": { + "uuid": "dist-node/bin/uuid" + } + }, + "node_modules/vary": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + } + } +} diff --git a/embed_chat_examples/secure-embed-chat-node/package.json b/embed_chat_examples/secure-embed-chat-node/package.json new file mode 100644 index 0000000..35a6150 --- /dev/null +++ b/embed_chat_examples/secure-embed-chat-node/package.json @@ -0,0 +1,25 @@ +{ + "name": "wxo-secure-embed-chat", + "version": "1.0.0", + "engines": { + "node": "^16.15.1" + }, + "scripts": { + "start": "node ./server.js" + }, + "dependencies": { + "cookie-parser": "~1.4.4", + "cors": "^2.8.5", + "express": "^4.21.2", + "http-errors": "~1.6.3", + "jsonwebtoken": "^9.0.0", + "node-rsa": "^1.1.1", + "uuid": "^14.0.0" + }, + "description": "**For a full walk through of how this code works, please visit the [security architecture documentation](https://developer.watson-orchestrate.ibm.com/agents/integrate_agents#security-architecture) in the IBM watsonx Orchestrate developer documentation.**", + "main": "server.js", + "keywords": [], + "author": "", + "license": "ISC", + "type": "commonjs" +} diff --git a/embed_chat_examples/secure-embed-chat-node/routes/createJWT.js b/embed_chat_examples/secure-embed-chat-node/routes/createJWT.js new file mode 100644 index 0000000..c5ee800 --- /dev/null +++ b/embed_chat_examples/secure-embed-chat-node/routes/createJWT.js @@ -0,0 +1,299 @@ +/** + * JWT Creation Service for watsonx Orchestrate Secure Embed Chat + * + * This module handles the server-side creation of JSON Web Tokens (JWTs) for secure + * authentication with IBM watsonx Orchestrate embed chat. + * + * SECURITY MODEL: + * When security is enabled, all communication relies on: + * - Authenticated requests via JSON Web Tokens (JWT) + * - Signed tokens using RS256 algorithm with your private key + * - Encrypted payloads through RSA public-key cryptography + * - User identity verification for access control + * + * TWO INDEPENDENT RSA KEY PAIRS: + * 1. Client Application Key Pair (Your Identity): + * - Private key: Signs JWTs (kept secure on your server) + * - Public key: Uploaded to watsonx Orchestrate for JWT verification + * - Purpose: Authenticates your application and verifies token integrity + * + * 2. IBM Key Pair (For Encrypted Payloads): + * - Public key: Shared with you to encrypt user_payload section + * - Private key: Held by IBM to decrypt user_payload + * - Purpose: Ensures sensitive user context cannot be inspected by intermediaries + * - Note: Only required if using On-Behalf-Of (OBO) flow with sso_token + * + * AUTHENTICATION FLOW: + * 1. Your web application generates a JWT signed with your client private key + * 2. JWT includes user identity (sub) and optionally encrypted user_payload + * 3. Every API request to embed chat includes this JWT + * 4. watsonx Orchestrate validates the JWT signature using your client public key + * 5. If valid, the request is authenticated and authorized under User permissions + * + * VOICE CAPABILITIES: + * Voice interactions use the same security model: + * - Voice audio streams are authenticated through JWT tokens + * - Audio session is tied to the user identity + * - Same encryption and validation as text-based interactions + * + * This module demonstrates: + * 1. RS256 JWT signing using your private key + * 2. Optional user payload encryption using IBM's public key + * 3. Cookie-based user tracking for session continuity + * 4. Session-based user information enrichment + * + * For complete documentation, see: + * - https://developer.watson-orchestrate.ibm.com/webchat/get_started + * - https://developer.watson-orchestrate.ibm.com/webchat/context_variables + * - https://www.ibm.com/docs/en/watsonx/watson-orchestrate/base?topic=applications-securing-embedded-chat + * + * CRITICAL SECURITY NOTES: + * - Never expose your private key to the client side + * - Always generate JWTs server-side only + * - Use HTTPS in production environments + * - Maximum JWT expiry: 7100 seconds (~118 minutes) + * - Implement token refresh using updateAuthToken() method + * - Rotate keys regularly according to your security policies + */ + +const fs = require("fs"); +const path = require("path"); +const express = require("express"); +const { v4: uuid } = require("uuid"); +const jwtLib = require("jsonwebtoken"); +const NodeRSA = require("node-rsa"); + +const router = express.Router(); + +/** + * Load your server-side RSA private key (PEM format) + * + * This key is used to sign JWTs with the RS256 algorithm. The corresponding public key + * must be uploaded to your watsonx Orchestrate instance security settings. + * + * IMPORTANT: Keep this file secure and never expose it to clients! + * + * Generate a new key pair using either method: + * + * Method 1 - Using ssh-keygen: + * ssh-keygen -t rsa -b 4096 -m PEM -f example-jwtRS256.key + * openssl rsa -in example-jwtRS256.key -pubout -outform PEM -out example-jwtRS256.key.pub + * + * Method 2 - Using openssl directly: + * openssl genrsa -out example-jwtRS256.key 4096 + * openssl rsa -in example-jwtRS256.key -pubout -out example-jwtRS256.key.pub + */ +const PRIVATE_KEY_PATH = path.join(__dirname, "../keys/example-jwtRS256.key"); +if (!fs.existsSync(PRIVATE_KEY_PATH)) { + throw new Error(`Private key not found at ${PRIVATE_KEY_PATH}`); +} +const PRIVATE_KEY = fs.readFileSync(PRIVATE_KEY_PATH); + +/** + * Load IBM's RSA public key (PEM format) + * + * This key is provided by IBM watsonx Orchestrate and is used to encrypt the user_payload + * field in the JWT. This ensures that sensitive user information cannot be read by clients, + * as only IBM's servers can decrypt it. + * + * You can obtain this key by: + * 1. Running the wxo-embed-security-v4.sh script (recommended) + * 2. Calling the generate-key-pair API endpoint manually + * + * The encrypted payload will be decrypted server-side by watsonx Orchestrate. + */ +const IBM_PUBLIC_KEY_PATH = path.join(__dirname, "../keys/ibmPublic.key.pub"); +if (!fs.existsSync(IBM_PUBLIC_KEY_PATH)) { + throw new Error(`IBM public key not found at ${IBM_PUBLIC_KEY_PATH}`); +} +const IBM_PUBLIC_KEY = fs.readFileSync(IBM_PUBLIC_KEY_PATH); + +/** + * Cookie lifetime configuration + * + * This defines how long the anonymous user ID cookie will persist. + * Set to a reasonable duration for maintaining user session continuity. + * Note: This is separate from JWT expiration (max 7100 seconds). + */ +const COOKIE_MAX_AGE = 45 * 24 * 60 * 60 * 1000; // 45 days in milliseconds + +/** + * Create a signed JWT string for the wxO embed chat client + * + * This function constructs a JWT with the following structure: + * + * @param {string} secureUserID - A stable identifier for users (from cookie) + * @param {object|null} sessionInfo - Optional authenticated user session data + * + * JWT Claims: + * - sub: Subject (user identifier) - should be a stable, unique ID for the user + * - user_payload: (Optional) Encrypted user data that will be decrypted by watsonx Orchestrate + * - sso_token: Single sign-on token (ONLY supported field in user_payload) + * - context: Additional context data accessible by the agent + * - Custom context variables (e.g., clientID, name, role) + * - NOTE: Do NOT use 'wxo_' prefix - it's reserved for system variables + * + * For more details on supported fields and context variables, see: + * https://developer.watson-orchestrate.ibm.com/webchat/context_variables + * + * @returns {string} A signed JWT token string + */ +function createJWTString(secureUserID, sessionInfo) { + // Base JWT claims structure + // Customize these fields based on your application's requirements + const jwtContent = { + // Subject: Unique identifier for the user + // Using the secure user ID from the cookie + sub: secureUserID, + + // User payload: Will be encrypted with IBM's public key + // This data is sensitive and will only be readable by watsonx Orchestrate servers + // IMPORTANT: Only 'sso_token' field is supported in user_payload + // See: https://developer.watson-orchestrate.ibm.com/webchat/context_variables + user_payload: { + sso_token: "sso_token", + }, + + // Context: Additional metadata accessible by the agent + // This data is NOT encrypted and can be read by the client + // NOTE: Do NOT use 'wxo_' prefix for custom variables - it's reserved for system use + // See: https://developer.watson-orchestrate.ibm.com/webchat/context_variables + context: { + clientID: "865511", // Your client/organization ID + name: "Ava", // Display name in chat + role: "Admin", // User role + }, + }; + + // Enrich the JWT with authenticated session data if available + // In production, this would come from your authentication system + // IMPORTANT: Only sso_token is supported in user_payload + if (sessionInfo && sessionInfo.ssoToken) { + jwtContent.user_payload.sso_token = sessionInfo.ssoToken; + } + + // Encrypt the user_payload using IBM's RSA public key + // This ensures sensitive user data cannot be read by clients + // Only watsonx Orchestrate servers can decrypt this data + if (jwtContent.user_payload) { + const rsaKey = new NodeRSA(IBM_PUBLIC_KEY); + const dataString = JSON.stringify(jwtContent.user_payload); + const utf8Data = Buffer.from(dataString, "utf-8"); + // Encrypt and encode as base64 string + jwtContent.user_payload = rsaKey.encrypt(utf8Data, "base64"); + } + + // Sign the JWT using RS256 algorithm with your private key + // The token expiration should be set based on your security requirements + // IMPORTANT: Maximum expiry time is 7100 seconds (~118 minutes) + // Common values: "1h" (3600s), "2h" (7200s - exceeds max, use 7100s instead) + const jwtString = jwtLib.sign(jwtContent, PRIVATE_KEY, { + algorithm: "RS256", + expiresIn: "3600s", // 1 hour - adjust based on your needs (max: 7100s) + }); + + return jwtString; +} + +/** + * Retrieve or create a stable secure user ID stored in a cookie + * + * This function ensures that users maintain a consistent identity across + * page refreshes and sessions. The ID is stored in a secure HTTP-only cookie. + * + * Benefits: + * - Prevents user identity from changing mid-session + * - Enables conversation continuity for users + * - Provides basic user tracking without requiring authentication + * + * @param {object} request - Express request object + * @param {object} response - Express response object + * @returns {string} The secure user ID + */ +function getOrSetSecureUserID(request, response) { + // Check if a secure user ID already exists in cookies + let secureUserID = request.cookies["SECURE-USER-ID"]; + + // Generate a new ID if none exists + if (!secureUserID) { + // Create a short, readable ID using UUID (first 5 characters for demo) + // In production, you might want to use the full UUID for better uniqueness + secureUserID = `user-${uuid().slice(0, 5)}`; + } + + // Set/refresh the cookie with each request to maintain the session + // Note: Cookie expiration is independent of JWT expiration (max 7100s) + response.cookie("SECURE-USER-ID", secureUserID, { + maxAge: COOKIE_MAX_AGE, // Cookie lifetime (45 days) + httpOnly: true, // Prevents client-side JavaScript from accessing the cookie (security) + sameSite: "Lax", // Provides CSRF protection while allowing normal navigation + secure: false, // Set to true in production when using HTTPS + }); + + return secureUserID; +} + +/** + * Parse authenticated session information from cookies + * + * This function retrieves user session data if the user is authenticated. + * In a production application, you would: + * 1. Verify the session token/cookie + * 2. Fetch user information from your database or identity provider + * 3. Validate user permissions + * + * For this demo, we simply parse a JSON string from a cookie. + * + * @param {object} request - Express request object + * @returns {object|null} Session info object or null if not authenticated + */ +function getSessionInfo(request) { + const sessionInfo = request.cookies?.SESSION_INFO; + if (!sessionInfo) return null; + + try { + // Parse the JSON session data + return JSON.parse(sessionInfo); + } catch { + // Return null if parsing fails (invalid JSON) + return null; + } +} + +/** + * Express route handler for JWT creation + * + * This endpoint is called by the client to obtain a fresh JWT token. + * The token is required for secure authentication with watsonx Orchestrate embed chat. + * + * Flow: + * 1. Retrieve or create a secure user ID (stored in cookie) + * 2. Check for authenticated session information + * 3. Generate a signed JWT with user data + * 4. Return the JWT as plain text response + * + * The client will include this JWT in the wxOConfiguration.token field + * when initializing the embed chat. + * + * @param {object} request - Express request object + * @param {object} response - Express response object + */ +function createJWT(request, response) { + // Ensure we have a stable user ID + const secureUserID = getOrSetSecureUserID(request, response); + + // Get authenticated session data if available + const sessionInfo = getSessionInfo(request); + + // Create and sign the JWT + const token = createJWTString(secureUserID, sessionInfo); + + // Return the JWT as plain text + response.send(token); +} + +// Define the GET endpoint that returns a signed JWT string +// This endpoint is called by the client before initializing the chat +router.get("/", createJWT); + +module.exports = router; diff --git a/embed_chat_examples/secure-embed-chat-node/server.js b/embed_chat_examples/secure-embed-chat-node/server.js new file mode 100644 index 0000000..cf3676c --- /dev/null +++ b/embed_chat_examples/secure-embed-chat-node/server.js @@ -0,0 +1,83 @@ +/** + * This file starts up a basic NodeJS server with express, adds some routes, and adds some error handling. This is + * mostly boilerplate content that can be adjusted as needed. + * + * The server defaults to being available on port 3001. + */ + +const { createServer } = require('http'); + +const cookieParser = require('cookie-parser'); +const cors = require('cors'); +const express = require('express'); + +const PORT = 5555; + +const app = express(); + +// Enable all CORS requests. In a production environment, you will likely want to remove this or set it to something +// more restrictive. +app.use(cors({ origin: '*' })); +app.use(express.json()); +app.use(express.urlencoded({ extended: false })); +app.use(cookieParser()); + +// The routes needed by the application. +const createJWTRouter = require('./routes/createJWT'); + +app.use('/createJWT/', createJWTRouter); + +app.use(express.static('static')); + +// Send a 404 response if no handler was found. +app.use(function (request, response) { + response.status(404).send(); +}); + +// Error handler. +app.use(function (error, request, response, next) { + console.error('An error occurred', error); + response.status(500).send(); +}); + +// Get port from environment and store in Express. +app.set('port', PORT); + +// Create HTTP server. +const server = createServer(app); + +// Listen on provided port, on all network interfaces. +server.listen(PORT); +server.on('error', onError); +server.on('listening', onListening); + +/** + * Event listener for HTTP server "error" event. + */ +function onError(error) { + if (error.syscall !== 'listen') { + throw error; + } + + // Handle specific listen errors with friendly messages + switch (error.code) { + case 'EACCES': + console.error(`${PORT} requires elevated privileges`); + process.exit(1); + break; + case 'EADDRINUSE': + console.error(`${PORT} is already in use`); + process.exit(1); + break; + default: + throw error; + } +} + +/** + * Event listener for HTTP server "listening" event. + */ +function onListening() { + console.log(`Listening on ${server.address().port}`); + console.log(`Open http://localhost:${server.address().port}/index.html in your browser to view the example.`); +} diff --git a/embed_chat_examples/secure-embed-chat-node/static/index.html b/embed_chat_examples/secure-embed-chat-node/static/index.html new file mode 100644 index 0000000..70a50c4 --- /dev/null +++ b/embed_chat_examples/secure-embed-chat-node/static/index.html @@ -0,0 +1,1411 @@ + + + + + + + Northstar Operations - Smart Services Demo + + + + + + + + + + + + +
+ + +
+
+
+
+
+ + + + + +
+
+
+ + Trusted by growing teams +
+

+ Practical Solutions for + Modern Business Operations +

+

+ Northstar Operations is a fictional services company helping businesses streamline support, onboarding, and + internal workflows with a polished digital experience. +

+
+ + +
+
+
+
250+
+
Client Engagements
+
+
+
12
+
Industry Verticals
+
+
+
24/7
+
Service Availability
+
+
+
+
+ + +
+
+

What We Do

+

A dummy company website showcasing services, delivery strengths, and support

+
+ +
+
+
+ +
+

Operations Consulting

+

We help teams simplify processes, remove bottlenecks, and design scalable operating models.

+
    +
  • Workflow assessments
    • +
  • SOP design
    • +
  • Process improvement plans
    • +
+
+ +
+
+ +
+

Customer Support Enablement

+

Build support experiences that feel fast, consistent, and easy for both teams and customers.

+
    +
  • Help desk optimization
    • +
  • Knowledge base planning
    • +
  • Service playbooks
    • +
+
+ +
+
+ +
+

Employee Onboarding

+

Create repeatable onboarding journeys that reduce ramp-up time and improve first-week confidence.

+
    +
  • Role-based checklists
    • +
  • Starter documentation
    • +
  • Cross-team coordination
    • +
+
+ +
+
+ +
+

Logistics Coordination

+

Support inventory movement, vendor collaboration, and delivery visibility across distributed teams.

+
    +
  • Vendor communications
    • +
  • Dispatch workflows
    • +
  • Status reporting
    • +
+
+ +
+
+ +
+

Business Reporting

+

Turn operational data into practical summaries for leaders, managers, and client stakeholders.

+
    +
  • Weekly KPI reviews
    • +
  • Executive dashboards
    • +
  • Trend summaries
    • +
+
+ +
+
+ +
+

Client Success Services

+

Strengthen retention with structured account check-ins, onboarding support, and renewal readiness.

+
    +
  • Success planning
    • +
  • Account reviews
    • +
  • Escalation coordination
    • +
+
+
+
+ + +
+
+

How We Work

+

A quick look at how Northstar Operations supports clients from kickoff to delivery

+
+ +
+
+
+
+ +
+
+

Discovery First

+

We begin with stakeholder interviews, workflow mapping, and a clear view of service pain points.

+
+
+ +
+
+ +
+
+

Structured Delivery

+

Each engagement includes milestones, owners, and documented handoffs so teams stay aligned.

+
+
+ +
+
+ +
+
+

Continuous Improvement

+

We measure outcomes, refine processes, and help your teams sustain better operational habits.

+
+
+ +
+
+ Sample Engagement Plan + +
+ 
Northstar Operations Engagement
+1. Discovery workshop
+2. Current-state process review
+3. Service blueprint and ownership map
+4. Rollout plan with training
+5. KPI review after launch
+
+
+ +
+
+
+
+ + + +
+ Client Journey Snapshot +
+
+
+
+
+ +
+
+ Welcome to Northstar Operations. We help teams improve service delivery, onboarding, and internal coordination. +
+
+
+
+ What does your onboarding support include? +
+
+ +
+
+
+
+ +
+
+ We design onboarding checklists, manager handoff plans, training resources, and first-30-day support workflows. +
+
+
+ + + +
+
+
+
+
+
+
+ + +
+
+

Contact Our Team

+

Use this sample contact form for your dummy company website demo

+
+ +
+
+

Why Choose Northstar Operations?

+

We combine practical service design, operational clarity, and friendly client support in one fictional brand experience.

+ +
+
+ + Dedicated onboarding guidance +
+
+ + Flexible service packages +
+
+ + Clear project communication +
+
+ + Practical reporting cadence +
+
+ + +
+ +
+
+
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ + +
+
+
+
+ + + + + + + + + +