@access-dlsu/leapify 0.260505.5 → 0.260507.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (199) hide show
  1. package/dist/app.d.ts +15 -0
  2. package/dist/app.d.ts.map +1 -0
  3. package/dist/auth/auth.d.ts +99 -0
  4. package/dist/auth/auth.d.ts.map +1 -0
  5. package/dist/auth/middleware.d.ts +20 -0
  6. package/dist/auth/middleware.d.ts.map +1 -0
  7. package/dist/auth/types.d.ts +17 -0
  8. package/dist/auth/types.d.ts.map +1 -0
  9. package/dist/bun-sqlite-dialect-na--YwnN-NIYANHVJ.cjs +162 -0
  10. package/dist/bun-sqlite-dialect-na--YwnN-NIYANHVJ.cjs.map +1 -0
  11. package/dist/bun-sqlite-dialect-na--YwnN-XVQNOKSL.js +160 -0
  12. package/dist/bun-sqlite-dialect-na--YwnN-XVQNOKSL.js.map +1 -0
  13. package/dist/chunk-4DPT2KQR.cjs +467 -0
  14. package/dist/chunk-4DPT2KQR.cjs.map +1 -0
  15. package/dist/chunk-5JKLV7IE.cjs +2962 -0
  16. package/dist/chunk-5JKLV7IE.cjs.map +1 -0
  17. package/dist/chunk-5OQD5ALM.cjs +76 -0
  18. package/dist/chunk-5OQD5ALM.cjs.map +1 -0
  19. package/dist/{chunk-FLR7TNLN.js → chunk-63CUZGSZ.js} +4 -12
  20. package/dist/chunk-63CUZGSZ.js.map +1 -0
  21. package/dist/chunk-6MMWL46O.cjs +7170 -0
  22. package/dist/chunk-6MMWL46O.cjs.map +1 -0
  23. package/dist/chunk-ANNHE3PZ.js +2285 -0
  24. package/dist/chunk-ANNHE3PZ.js.map +1 -0
  25. package/dist/chunk-EGRHWZRV.js +3 -0
  26. package/dist/chunk-EGRHWZRV.js.map +1 -0
  27. package/dist/chunk-EMMSS5I5.cjs +37 -0
  28. package/dist/chunk-EMMSS5I5.cjs.map +1 -0
  29. package/dist/chunk-FUCJEA2S.js +6196 -0
  30. package/dist/chunk-FUCJEA2S.js.map +1 -0
  31. package/dist/chunk-G3PMV62Z.js +33 -0
  32. package/dist/chunk-G3PMV62Z.js.map +1 -0
  33. package/dist/chunk-GNRL67OU.js +2949 -0
  34. package/dist/chunk-GNRL67OU.js.map +1 -0
  35. package/dist/chunk-HHNEB7YR.js +8 -0
  36. package/dist/chunk-HHNEB7YR.js.map +1 -0
  37. package/dist/chunk-IQEWVHLM.js +889 -0
  38. package/dist/chunk-IQEWVHLM.js.map +1 -0
  39. package/dist/chunk-JIZPYG6H.js +72 -0
  40. package/dist/chunk-JIZPYG6H.js.map +1 -0
  41. package/dist/chunk-JPVIXCF5.cjs +10 -0
  42. package/dist/chunk-JPVIXCF5.cjs.map +1 -0
  43. package/dist/chunk-JQSZJWBN.cjs +3075 -0
  44. package/dist/chunk-JQSZJWBN.cjs.map +1 -0
  45. package/dist/chunk-MNEW2V4T.js +447 -0
  46. package/dist/chunk-MNEW2V4T.js.map +1 -0
  47. package/dist/chunk-MY37YE52.js +3034 -0
  48. package/dist/chunk-MY37YE52.js.map +1 -0
  49. package/dist/chunk-NKIQRCOM.cjs +4 -0
  50. package/dist/chunk-NKIQRCOM.cjs.map +1 -0
  51. package/dist/chunk-OK6RVPEH.cjs +6200 -0
  52. package/dist/chunk-OK6RVPEH.cjs.map +1 -0
  53. package/dist/chunk-QARF2YFF.cjs +2296 -0
  54. package/dist/chunk-QARF2YFF.cjs.map +1 -0
  55. package/dist/chunk-RFP2X2FA.cjs +903 -0
  56. package/dist/chunk-RFP2X2FA.cjs.map +1 -0
  57. package/dist/chunk-XJSWMHDL.js +7142 -0
  58. package/dist/chunk-XJSWMHDL.js.map +1 -0
  59. package/dist/{chunk-3ZWIJNZG.cjs → chunk-YFJBE3AU.cjs} +4 -12
  60. package/dist/chunk-YFJBE3AU.cjs.map +1 -0
  61. package/dist/client/{index.d.cts → auth.d.ts} +140 -394
  62. package/dist/client/auth.d.ts.map +1 -0
  63. package/dist/client/index.cjs +909 -48
  64. package/dist/client/index.cjs.map +1 -1
  65. package/dist/client/index.d.ts +83 -1134
  66. package/dist/client/index.d.ts.map +1 -0
  67. package/dist/client/index.js +908 -47
  68. package/dist/client/index.js.map +1 -1
  69. package/dist/client/pow.d.ts +28 -0
  70. package/dist/client/pow.d.ts.map +1 -0
  71. package/dist/client/session.d.ts +29 -0
  72. package/dist/client/session.d.ts.map +1 -0
  73. package/dist/client/types.d.ts +58 -38
  74. package/dist/client/types.d.ts.map +1 -0
  75. package/dist/cron/batch-release.d.ts +9 -0
  76. package/dist/cron/batch-release.d.ts.map +1 -0
  77. package/dist/cron/lifecycle-check.d.ts +10 -0
  78. package/dist/cron/lifecycle-check.d.ts.map +1 -0
  79. package/dist/cron/reconcile-slots.d.ts +10 -0
  80. package/dist/cron/reconcile-slots.d.ts.map +1 -0
  81. package/dist/cron/reminder-emails.d.ts +9 -0
  82. package/dist/cron/reminder-emails.d.ts.map +1 -0
  83. package/dist/cron/renew-watches.d.ts +9 -0
  84. package/dist/cron/renew-watches.d.ts.map +1 -0
  85. package/dist/d1-sqlite-dialect-C2B7YsIT-6TVV7EJ5.js +122 -0
  86. package/dist/d1-sqlite-dialect-C2B7YsIT-6TVV7EJ5.js.map +1 -0
  87. package/dist/d1-sqlite-dialect-C2B7YsIT-PE74FLHQ.cjs +124 -0
  88. package/dist/d1-sqlite-dialect-C2B7YsIT-PE74FLHQ.cjs.map +1 -0
  89. package/dist/db/index.d.ts +7 -0
  90. package/dist/db/index.d.ts.map +1 -0
  91. package/dist/db/migrate.d.ts +23 -0
  92. package/dist/db/migrate.d.ts.map +1 -0
  93. package/dist/db/schema/auth.d.ts +649 -0
  94. package/dist/db/schema/auth.d.ts.map +1 -0
  95. package/dist/db/schema/bookmarks.d.ts +88 -0
  96. package/dist/db/schema/bookmarks.d.ts.map +1 -0
  97. package/dist/db/schema/events.d.ts +546 -0
  98. package/dist/db/schema/events.d.ts.map +1 -0
  99. package/dist/db/schema/faqs.d.ts +137 -0
  100. package/dist/db/schema/faqs.d.ts.map +1 -0
  101. package/dist/db/schema/index.d.ts +9 -0
  102. package/dist/db/schema/index.d.ts.map +1 -0
  103. package/dist/db/schema/organizations.d.ts +125 -0
  104. package/dist/db/schema/organizations.d.ts.map +1 -0
  105. package/dist/db/schema/site-config.d.ts +64 -0
  106. package/dist/db/schema/site-config.d.ts.map +1 -0
  107. package/dist/db/schema/themes.d.ts +104 -0
  108. package/dist/db/schema/themes.d.ts.map +1 -0
  109. package/dist/{types-lTjxCp88.d.cts → db/schema/users.d.ts} +11 -96
  110. package/dist/db/schema/users.d.ts.map +1 -0
  111. package/dist/dist-DZHA5VYX.cjs +260 -0
  112. package/dist/dist-DZHA5VYX.cjs.map +1 -0
  113. package/dist/dist-RRQUBLLO.js +258 -0
  114. package/dist/dist-RRQUBLLO.js.map +1 -0
  115. package/dist/index.cjs +38065 -937
  116. package/dist/index.cjs.map +1 -1
  117. package/dist/index.d.ts +23 -1818
  118. package/dist/index.d.ts.map +1 -0
  119. package/dist/index.js +37940 -816
  120. package/dist/index.js.map +1 -1
  121. package/dist/kysely-adapter-C76KJVG7.js +10 -0
  122. package/dist/kysely-adapter-C76KJVG7.js.map +1 -0
  123. package/dist/kysely-adapter-TGY4UUP5.cjs +27 -0
  124. package/dist/kysely-adapter-TGY4UUP5.cjs.map +1 -0
  125. package/dist/lib/errors.d.ts +15 -0
  126. package/dist/lib/errors.d.ts.map +1 -0
  127. package/dist/lib/middleware/cors.d.ts +3 -0
  128. package/dist/lib/middleware/cors.d.ts.map +1 -0
  129. package/dist/lib/middleware/error-handler.d.ts +3 -0
  130. package/dist/lib/middleware/error-handler.d.ts.map +1 -0
  131. package/dist/lib/middleware/pow-challenge.cjs +7 -7
  132. package/dist/lib/middleware/pow-challenge.d.ts +29 -18
  133. package/dist/lib/middleware/pow-challenge.d.ts.map +1 -0
  134. package/dist/lib/middleware/pow-challenge.js +2 -2
  135. package/dist/lib/middleware/rate-limit.d.ts +48 -0
  136. package/dist/lib/middleware/rate-limit.d.ts.map +1 -0
  137. package/dist/lib/middleware/referer-guard.d.ts +18 -0
  138. package/dist/lib/middleware/referer-guard.d.ts.map +1 -0
  139. package/dist/lib/retry.d.ts +12 -0
  140. package/dist/lib/retry.d.ts.map +1 -0
  141. package/dist/node-sqlite-dialect-B3H37T3R.cjs +162 -0
  142. package/dist/node-sqlite-dialect-B3H37T3R.cjs.map +1 -0
  143. package/dist/node-sqlite-dialect-GDP7ZE54.js +160 -0
  144. package/dist/node-sqlite-dialect-GDP7ZE54.js.map +1 -0
  145. package/dist/queues/handlers.d.ts +13 -0
  146. package/dist/queues/handlers.d.ts.map +1 -0
  147. package/dist/queues/jobs.d.ts +42 -0
  148. package/dist/queues/jobs.d.ts.map +1 -0
  149. package/dist/routes/events.d.ts +4 -0
  150. package/dist/routes/events.d.ts.map +1 -0
  151. package/dist/routes/faqs.d.ts +4 -0
  152. package/dist/routes/faqs.d.ts.map +1 -0
  153. package/dist/routes/health.d.ts +4 -0
  154. package/dist/routes/health.d.ts.map +1 -0
  155. package/dist/routes/internal/gforms-webhook.d.ts +4 -0
  156. package/dist/routes/internal/gforms-webhook.d.ts.map +1 -0
  157. package/dist/routes/organizations.d.ts +4 -0
  158. package/dist/routes/organizations.d.ts.map +1 -0
  159. package/dist/routes/site-config.d.ts +4 -0
  160. package/dist/routes/site-config.d.ts.map +1 -0
  161. package/dist/routes/themes.d.ts +4 -0
  162. package/dist/routes/themes.d.ts.map +1 -0
  163. package/dist/routes/uploads.d.ts +4 -0
  164. package/dist/routes/uploads.d.ts.map +1 -0
  165. package/dist/routes/users.d.ts +4 -0
  166. package/dist/routes/users.d.ts.map +1 -0
  167. package/dist/services/cache.d.ts +22 -0
  168. package/dist/services/cache.d.ts.map +1 -0
  169. package/dist/services/contentful-management.d.ts +38 -0
  170. package/dist/services/contentful-management.d.ts.map +1 -0
  171. package/dist/services/contentful.d.ts +97 -0
  172. package/dist/services/contentful.d.ts.map +1 -0
  173. package/dist/services/email.d.ts +75 -0
  174. package/dist/services/email.d.ts.map +1 -0
  175. package/dist/services/gforms.d.ts +60 -0
  176. package/dist/services/gforms.d.ts.map +1 -0
  177. package/dist/services/resend.d.ts +35 -0
  178. package/dist/services/resend.d.ts.map +1 -0
  179. package/dist/services/ses.d.ts +58 -0
  180. package/dist/services/ses.d.ts.map +1 -0
  181. package/dist/services/slots.d.ts +48 -0
  182. package/dist/services/slots.d.ts.map +1 -0
  183. package/dist/services/snapshot.d.ts +95 -0
  184. package/dist/services/snapshot.d.ts.map +1 -0
  185. package/dist/types.d.ts +66 -0
  186. package/dist/types.d.ts.map +1 -0
  187. package/dist/worker-handler.d.ts +64 -0
  188. package/dist/worker-handler.d.ts.map +1 -0
  189. package/dist/worker.d.ts +36 -0
  190. package/dist/worker.d.ts.map +1 -0
  191. package/dist/worker.js +1172 -583
  192. package/dist/worker.js.map +1 -1
  193. package/package.json +153 -152
  194. package/dist/chunk-3ZWIJNZG.cjs.map +0 -1
  195. package/dist/chunk-FLR7TNLN.js.map +0 -1
  196. package/dist/client/types.d.cts +0 -192
  197. package/dist/index.d.cts +0 -1879
  198. package/dist/lib/middleware/pow-challenge.d.cts +0 -47
  199. package/dist/types-lTjxCp88.d.ts +0 -208
package/dist/{chunk-3ZWIJNZG.cjs → chunk-YFJBE3AU.cjs} RENAMED
@@ -114,19 +114,11 @@ function challengePageHtml(challengeId, difficulty, originalUrl) {
114
114
  const challengeId = ${JSON.stringify(challengeId)};
115
115
  const difficulty = ${difficulty};
116
116
  const prefix = '0'.repeat(Math.ceil(difficulty / 4));
117
- const data = new TextEncoder().encode(challengeId + ':');
118
- const buf = new ArrayBuffer(data.byteLength + 16);
119
- new Uint8Array(buf).set(data);
120
- const view = new DataView(buf);
121
- view.setUint32(data.length, 0);
122
- view.setUint32(data.length + 4, 0);
123
- view.setUint32(data.length + 8, 0);
124
- view.setUint32(data.length + 12, 0);
125
117
  let nonce = 0;
126
118
  const t0 = performance.now();
127
119
  while (true) {
128
- view.setUint32(data.length, nonce);
129
- const hash = await crypto.subtle.digest('SHA-256', buf);
120
+ const input = challengeId + ':' + nonce;
121
+ const hash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(input));
130
122
  const hex = Array.from(new Uint8Array(hash)).map(b => b.toString(16).padStart(2, '0')).join('');
131
123
  if (hex.startsWith(prefix)) {
132
124
  const elapsed = performance.now() - t0;
@@ -222,5 +214,5 @@ exports.POW_PATH = POW_PATH;
222
214
  exports.POW_VERIFY_PATH = POW_VERIFY_PATH;
223
215
  exports.createPowChallengeMiddleware = createPowChallengeMiddleware;
224
216
  exports.handlePowVerify = handlePowVerify;
225
- //# sourceMappingURL=chunk-3ZWIJNZG.cjs.map
226
- //# sourceMappingURL=chunk-3ZWIJNZG.cjs.map
217
+ //# sourceMappingURL=chunk-YFJBE3AU.cjs.map
218
+ //# sourceMappingURL=chunk-YFJBE3AU.cjs.map
package/dist/chunk-YFJBE3AU.cjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/lib/middleware/pow-challenge.ts"],"names":["createMiddleware"],"mappings":";;;;;AAyBO,IAAM,QAAA,GAAW;AAGjB,IAAM,eAAA,GAAkB,GAAG,QAAQ,CAAA,OAAA;AAGnC,IAAM,eAAA,GAAkB;AAG/B,IAAM,mBAAA,GAAsB,gBAAA;AAG5B,IAAM,sBAAA,GAAyB,CAAA;AAG/B,IAAM,iBAAA,GAAoB,GAAA;AAG1B,IAAM,kBAAA,GAAqB,IAAA;AAG3B,IAAM,YAAA,GAAe,CAAC,SAAA,EAAW,WAAA,EAAa,WAAW,CAAA;AAIzD,SAAS,gBAAgB,KAAA,EAA2B;AAClD,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAA,IAAU,MAAA,CAAO,aAAa,IAAI,CAAA;AAAA,EACpC;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC/E;AAEA,SAAS,gBAAgB,GAAA,EAAsC;AAC7D,EAAA,MAAM,MAAA,GAAS,IAAI,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AACvD,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,QAAQ,IAAI,UAAA,CAAW,IAAI,WAAA,CAAY,MAAA,CAAO,MAAM,CAAC,CAAA;AAC3D,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA;AACT;AAIA,eAAe,mBAAA,GAAuC;AACpD,EAAA,MAAM,QAAQ,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,EAAE,CAAC,CAAA;AACvD,EAAA,OAAO,gBAAgB,KAAK,CAAA;AAC9B;AAEA,eAAe,cAAc,MAAA,EAAoC;AAC/D,EAAA,OAAO,OAAO,MAAA,CAAO,SAAA;AAAA,IACnB,KAAA;AAAA,IACA,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,MAAM,CAAA;AAAA,IAC/B,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IAChC,KAAA;AAAA,IACA,CAAC,QAAQ,QAAQ;AAAA,GACnB;AACF;AAEA,eAAe,UAAA,CAAW,QAAgB,EAAA,EAA6B;AACrE,EAAA,MAAM,EAAA,GAAK,KAAK,GAAA,EAAI;AACpB,EAAA,MAAM,KAAA,GAAQ,gBAAgB,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,CAAC,CAAC,CAAC,CAAA;AACvE,EAAA,MAAM,UAAU,CAAA,EAAG,EAAE,CAAA,CAAA,EAAI,EAAE,IAAI,KAAK,CAAA,CAAA;AACpC,EAAA,MAAM,GAAA,GAAM,MAAM,aAAA,CAAc,MAAM,CAAA;AACtC,EAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,MAAA,CAAO,IAAA;AAAA,IAC9B,MAAA;AAAA,IACA,GAAA;AAAA,IACA,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,OAAO;AAAA,GAClC;AACA,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,IAAI,UAAA,CAAW,GAAG,CAAC,CAAA;AAClD,EAAA,OAAO,CAAA,EAAG,eAAA,CAAgB,IAAI,WAAA,EAAY,CAAE,OAAO,OAAO,CAAC,CAAC,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACxE;AAEA,eAAe,cAAA,CACb,MAAA,EACA,MAAA,EACA,EAAA,EACkB;AAClB,EAAA,IAAI;AACF,IAAA,MAAM,CAAC,UAAA,EAAY,MAAM,CAAA,GAAI,MAAA,CAAO,MAAM,GAAG,CAAA;AAC7C,IAAA,IAAI,CAAC,UAAA,IAAc,CAAC,MAAA,EAAQ,OAAO,KAAA;AAEnC,IAAA,MAAM,YAAA,GAAe,gBAAgB,UAAU,CAAA;AAC/C,IAAA,MAAM,QAAA,GAAW,gBAAgB,MAAM,CAAA;AAGvC,IAAA,MAAM,GAAA,GAAM,MAAM,aAAA,CAAc,MAAM,CAAA;AACtC,IAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA;AAAA,MAChC,MAAA;AAAA,MACA,GAAA;AAAA,MACA,QAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,IAAI,CAAC,OAAO,OAAO,KAAA;AAGnB,IAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY,CAAE,OAAO,YAAY,CAAA;AACrD,IAAA,MAAM,CAAC,QAAA,EAAU,KAAK,CAAA,GAAI,OAAA,CAAQ,MAAM,GAAG,CAAA;AAG3C,IAAA,IAAI,QAAA,KAAa,IAAI,OAAO,KAAA;AAG5B,IAAA,MAAM,EAAA,GAAK,QAAA,CAAS,KAAA,EAAO,EAAE,CAAA;AAC7B,IAAA,IAAI,KAAA,CAAM,EAAE,CAAA,IAAK,IAAA,CAAK,KAAI,GAAI,EAAA,GAAK,kBAAA,GAAqB,GAAA,EAAM,OAAO,KAAA;AAErE,IAAA,OAAO,IAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEA,SAAS,YAAY,CAAA,EAAmD;AACtE,EAAA,OACE,CAAA,CAAE,IAAI,MAAA,CAAO,kBAAkB,KAC/B,CAAA,CAAE,GAAA,CAAI,OAAO,WAAW,CAAA,IACxB,EAAE,GAAA,CAAI,MAAA,CAAO,iBAAiB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK,IACrD,SAAA;AAEJ;AAEA,SAAS,cAAc,GAAA,EAA8B;AACnD,EAAA,MAAM,MAAM,GAAA,CAAI,cAAA;AAChB,EAAA,IAAI,CAAC,KAAK,OAAO,sBAAA;AACjB,EAAA,MAAM,MAAA,GAAS,QAAA,CAAS,GAAA,EAAK,EAAE,CAAA;AAC/B,EAAA,OAAO,KAAA,CAAM,MAAM,CAAA,GACf,sBAAA,GACA,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,IAAA,CAAK,GAAA,CAAI,MAAA,EAAQ,CAAC,CAAC,CAAA;AACrC;AAIA,SAAS,iBAAA,CACP,WAAA,EACA,UAAA,EACA,WAAA,EACQ;AACR,EAAA,OAAO,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,0BAAA,EAwBmB,IAAA,CAAK,SAAA,CAAU,WAAW,CAAC,CAAA;AAAA,yBAAA,EAC5B,UAAU,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kCAAA,EAUD,IAAA,CAAK,SAAA,CAAU,eAAe,CAAC,CAAA;AAAA;AAAA;AAAA,2EAAA,EAGU,IAAA,CAAK,SAAA,CAAU,WAAW,CAAC,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,OAAA,CAAA;AAaxG;AAUA,eAAsB,gBACpB,CAAA,EACA;AACA,EAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAKtB;AAEH,EAAA,MAAM,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAM,GAAI,IAAA;AAE7B,EAAA,IAAI,CAAC,EAAA,IAAM,OAAO,KAAA,KAAU,QAAA,EAAU;AACpC,IAAA,OAAO,CAAA,CAAE,IAAA;AAAA,MACP;AAAA,QACE,KAAA,EAAO;AAAA,UACL,IAAA,EAAM,kBAAA;AAAA,UACN,OAAA,EAAS;AAAA;AACX,OACF;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAGA,EAAA,MAAM,SAAA,GAAY,MAAM,CAAA,CAAE,GAAA,CAAI,EAAA,CAAG,IAAI,CAAA,EAAG,mBAAmB,CAAA,EAAG,EAAE,CAAA,CAAE,CAAA;AAClE,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,OAAO,CAAA,CAAE,IAAA;AAAA,MACP,EAAE,KAAA,EAAO,EAAE,MAAM,WAAA,EAAa,OAAA,EAAS,gCAA+B,EAAE;AAAA,MACxE;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,EAAE,UAAA,EAAW,GAAI,IAAA,CAAK,MAAM,SAAS,CAAA;AAG3C,EAAA,MAAM,KAAA,GAAQ,IAAI,WAAA,EAAY,CAAE,OAAO,CAAA,EAAG,EAAE,CAAA,CAAA,EAAI,KAAK,CAAA,CAAE,CAAA;AACvD,EAAA,MAAM,OAAO,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,WAAW,KAAK,CAAA;AACxD,EAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAI,WAAW,IAAI,CAAC,EACxC,GAAA,CAAI,CAAC,MAAM,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG,CAAC,CAAA,CAC1C,IAAA,CAAK,EAAE,CAAA;AAEV,EAAA,MAAM,iBAAiB,GAAA,CAAI,MAAA,CAAO,KAAK,IAAA,CAAK,UAAA,GAAa,CAAC,CAAC,CAAA;AAC3D,EAAA,IAAI,CAAC,GAAA,CAAI,UAAA,CAAW,cAAc,CAAA,EAAG;AACnC,IAAA,OAAO,CAAA,CAAE,IAAA;AAAA,MACP,EAAE,KAAA,EAAO,EAAE,MAAM,kBAAA,EAAoB,OAAA,EAAS,yBAAwB,EAAE;AAAA,MACxE;AAAA,KACF;AAAA,EACF;AAGA,EAAA,MAAM,CAAA,CAAE,IAAI,EAAA,CAAG,MAAA,CAAO,GAAG,mBAAmB,CAAA,EAAG,EAAE,CAAA,CAAE,CAAA;AAGnD,EAAA,MAAM,MAAA,GAAS,EAAE,GAAA,CAAI,mBAAA;AACrB,EAAA,MAAM,EAAA,GAAK,YAAY,CAAC,CAAA;AACxB,EAAA,MAAM,KAAA,GAAQ,MAAM,UAAA,CAAW,MAAA,EAAQ,EAAE,CAAA;AAEzC,EAAA,CAAA,CAAE,MAAA;AAAA,IACA,YAAA;AAAA,IACA,CAAA,EAAG,eAAe,CAAA,CAAA,EAAI,KAAK,qBAAqB,kBAAkB,CAAA,gCAAA;AAAA,GACpE;AAEA,EAAA,OAAO,EAAE,IAAA,CAAK,EAAE,QAAA,EAAU,KAAA,IAAS,KAAK,CAAA;AAC1C;AAYO,SAAS,4BAAA,GAA+B;AAC7C,EAAA,OAAOA,wBAAA,CAAgD,OAAO,CAAA,EAAG,IAAA,KAAS;AAExE,IAAA,IAAI,CAAA,CAAE,GAAA,CAAI,IAAA,KAAS,eAAA,SAAwB,IAAA,EAAK;AAGhD,IAAA,IAAI,YAAA,CAAa,IAAA,CAAK,CAAC,CAAA,KAAM,CAAA,CAAE,GAAA,CAAI,IAAA,CAAK,UAAA,CAAW,CAAC,CAAC,CAAA,EAAG,OAAO,IAAA,EAAK;AAGpE,IAAA,IAAI,EAAE,GAAA,CAAI,MAAA,CAAO,eAAe,CAAA,SAAU,IAAA,EAAK;AAG/C,IAAA,MAAM,YAAA,GAAe,CAAA,CAAE,GAAA,CAAI,MAAA,CAAO,QAAQ,CAAA,IAAK,EAAA;AAC/C,IAAA,MAAM,cAAc,YAAA,CAAa,KAAA;AAAA,MAC/B,IAAI,MAAA,CAAO,CAAA,EAAG,eAAe,CAAA,QAAA,CAAU;AAAA,KACzC;AACA,IAAA,IAAI,WAAA,EAAa;AACf,MAAA,MAAM,MAAA,GAAS,EAAE,GAAA,CAAI,mBAAA;AACrB,MAAA,MAAM,EAAA,GAAK,YAAY,CAAC,CAAA;AACxB,MAAA,MAAM,QAAQ,MAAM,cAAA,CAAe,QAAQ,WAAA,CAAY,CAAC,GAAG,EAAE,CAAA;AAC7D,MAAA,IAAI,KAAA,SAAc,IAAA,EAAK;AAAA,IACzB;AAIA,IAAA,MAAM,UAAA,GAAa,aAAA,CAAc,CAAA,CAAE,GAAG,CAAA;AACtC,IAAA,MAAM,WAAA,GAAc,MAAM,mBAAA,EAAoB;AAG9C,IAAA,MAAM,CAAA,CAAE,IAAI,EAAA,CAAG,GAAA;AAAA,MACb,CAAA,EAAG,mBAAmB,CAAA,EAAG,WAAW,CAAA,CAAA;AAAA,MACpC,IAAA,CAAK,UAAU,EAAE,UAAA,EAAY,WAAW,IAAA,CAAK,GAAA,IAAO,CAAA;AAAA,MACpD,EAAE,eAAe,iBAAA;AAAkB,KACrC;AAGA,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,GAAA,CAAI,IAAA,IAAQ,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA,GAAI,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA,GAAI,EAAA,CAAA;AACxE,IAAA,MAAM,IAAA,GAAO,iBAAA,CAAkB,WAAA,EAAa,UAAA,EAAY,WAAW,CAAA;AAEnE,IAAA,OAAO,CAAA,CAAE,IAAA,CAAK,IAAA,EAAM,GAAG,CAAA;AAAA,EACzB,CAAC,CAAA;AACH","file":"chunk-YFJBE3AU.cjs","sourcesContent":["/**\r\n * Proof-of-Work Challenge Middleware (ADR-006, Layer 7).\r\n *\r\n * Anubis-inspired PoW challenge, implemented natively as Hono middleware.\r\n * Requires browsers to solve a SHA-256 PoW puzzle before accessing API endpoints.\r\n * After solving, a signed cookie is issued so subsequent requests bypass the challenge.\r\n *\r\n * Flow:\r\n * 1. Request arrives → no valid PoW cookie → serve challenge HTML page\r\n * 2. Browser runs JS PoW (find nonce where SHA-256(challengeId:nonce) meets difficulty)\r\n * 3. Client POSTs solution to /.well-known/leapify/pow/verify\r\n * 4. Server validates → sets signed cookie → redirects back to original URL\r\n * 5. Subsequent requests include cookie → pass through immediately\r\n *\r\n * Signing key: INTERNAL_API_SECRET (reused — same HMAC purpose as internal route auth)\r\n * Difficulty: POW_DIFFICULTY env var or DEFAULT_POW_DIFFICULTY (leading zero bits)\r\n */\r\n\r\nimport { createMiddleware } from 'hono/factory'\r\nimport type { Context } from 'hono'\r\nimport type { LeapifyBindings } from '../../types'\r\n\r\n// ─── Constants ──────────────────────────────────────────────────────────────────\r\n\r\n/** Base path for PoW challenge routes */\r\nexport const POW_PATH = '/.well-known/leapify/pow'\r\n\r\n/** Challenge verification endpoint */\r\nexport const POW_VERIFY_PATH = `${POW_PATH}/verify`\r\n\r\n/** Cookie name for PoW auth token */\r\nexport const POW_COOKIE_NAME = 'leapify-pow'\r\n\r\n/** KV key prefix for stored challenges */\r\nconst CHALLENGE_KV_PREFIX = 'pow:challenge:'\r\n\r\n/** Default difficulty (leading zero bits required in SHA-256 hash) */\r\nconst DEFAULT_POW_DIFFICULTY = 4\r\n\r\n/** Challenge expiration time in seconds */\r\nconst CHALLENGE_TTL_SEC = 120\r\n\r\n/** Cookie expiration time in seconds (1 hour) */\r\nconst COOKIE_MAX_AGE_SEC = 3600\r\n\r\n/** Paths exempt from PoW challenge */\r\nconst EXEMPT_PATHS = ['/health', '/internal', '/api/auth']\r\n\r\n// ─── Base64url Utilities ────────────────────────────────────────────────────────\r\n\r\nfunction base64urlEncode(bytes: Uint8Array): string {\r\n let binary = ''\r\n for (const byte of bytes) {\r\n binary += String.fromCharCode(byte)\r\n }\r\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '')\r\n}\r\n\r\nfunction base64urlDecode(str: string): Uint8Array<ArrayBuffer> {\r\n const padded = str.replace(/-/g, '+').replace(/_/g, '/')\r\n const binary = atob(padded)\r\n const bytes = new Uint8Array(new ArrayBuffer(binary.length))\r\n for (let i = 0; i < binary.length; i++) {\r\n bytes[i] = binary.charCodeAt(i)\r\n }\r\n return bytes\r\n}\r\n\r\n// ─── Crypto Helpers ─────────────────────────────────────────────────────────────\r\n\r\nasync function generateChallengeId(): Promise<string> {\r\n const bytes = crypto.getRandomValues(new Uint8Array(16))\r\n return base64urlEncode(bytes)\r\n}\r\n\r\nasync function importHmacKey(secret: string): Promise<CryptoKey> {\r\n return crypto.subtle.importKey(\r\n 'raw',\r\n new TextEncoder().encode(secret),\r\n { name: 'HMAC', hash: 'SHA-256' },\r\n false,\r\n ['sign', 'verify']\r\n )\r\n}\r\n\r\nasync function signCookie(secret: string, ip: string): Promise<string> {\r\n const ts = Date.now()\r\n const nonce = base64urlEncode(crypto.getRandomValues(new Uint8Array(8)))\r\n const payload = `${ip}:${ts}:${nonce}`\r\n const key = await importHmacKey(secret)\r\n const sig = await crypto.subtle.sign(\r\n 'HMAC',\r\n key,\r\n new TextEncoder().encode(payload)\r\n )\r\n const sigB64 = base64urlEncode(new Uint8Array(sig))\r\n return `${base64urlEncode(new TextEncoder().encode(payload))}.${sigB64}`\r\n}\r\n\r\nasync function validateCookie(\r\n secret: string,\r\n cookie: string,\r\n ip: string\r\n): Promise<boolean> {\r\n try {\r\n const [payloadB64, sigB64] = cookie.split('.')\r\n if (!payloadB64 || !sigB64) return false\r\n\r\n const payloadBytes = base64urlDecode(payloadB64)\r\n const sigBytes = base64urlDecode(sigB64)\r\n\r\n // Verify HMAC signature\r\n const key = await importHmacKey(secret)\r\n const valid = await crypto.subtle.verify(\r\n 'HMAC',\r\n key,\r\n sigBytes,\r\n payloadBytes\r\n )\r\n if (!valid) return false\r\n\r\n // Parse payload: ip:ts:nonce\r\n const payload = new TextDecoder().decode(payloadBytes)\r\n const [cookieIp, tsStr] = payload.split(':')\r\n\r\n // Verify IP matches (prevent cookie sharing)\r\n if (cookieIp !== ip) return false\r\n\r\n // Verify not expired\r\n const ts = parseInt(tsStr, 10)\r\n if (isNaN(ts) || Date.now() - ts > COOKIE_MAX_AGE_SEC * 1000) return false\r\n\r\n return true\r\n } catch {\r\n return false\r\n }\r\n}\r\n\r\nfunction getClientIp(c: Context<{ Bindings: LeapifyBindings }>): string {\r\n return (\r\n c.req.header('CF-Connecting-IP') ??\r\n c.req.header('X-Real-IP') ??\r\n c.req.header('X-Forwarded-For')?.split(',')[0]?.trim() ??\r\n 'unknown'\r\n )\r\n}\r\n\r\nfunction getDifficulty(env: LeapifyBindings): number {\r\n const raw = env.POW_DIFFICULTY\r\n if (!raw) return DEFAULT_POW_DIFFICULTY\r\n const parsed = parseInt(raw, 10)\r\n return isNaN(parsed)\r\n ? DEFAULT_POW_DIFFICULTY\r\n : Math.max(1, Math.min(parsed, 8))\r\n}\r\n\r\n// ─── Challenge Page HTML ────────────────────────────────────────────────────────\r\n\r\nfunction challengePageHtml(\r\n challengeId: string,\r\n difficulty: number,\r\n originalUrl: string\r\n): string {\r\n return `<!DOCTYPE html>\r\n<html>\r\n<head>\r\n <meta charset=\"utf-8\">\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\r\n <title>Verifying your browser</title>\r\n <style>\r\n * { margin: 0; padding: 0; box-sizing: border-box; }\r\n body { font-family: system-ui, -apple-system, sans-serif; display: flex; justify-content: center; align-items: center; min-height: 100vh; background: #f5f5f5; color: #333; }\r\n .card { background: #fff; border-radius: 12px; padding: 2rem; box-shadow: 0 2px 12px rgba(0,0,0,0.08); text-align: center; max-width: 400px; }\r\n .spinner { width: 40px; height: 40px; border: 3px solid #e0e0e0; border-top-color: #333; border-radius: 50%; animation: spin 0.8s linear infinite; margin: 0 auto 1rem; }\r\n @keyframes spin { to { transform: rotate(360deg); } }\r\n h1 { font-size: 1.1rem; font-weight: 600; margin-bottom: 0.5rem; }\r\n p { font-size: 0.9rem; color: #666; }\r\n </style>\r\n</head>\r\n<body>\r\n <div class=\"card\">\r\n <div class=\"spinner\"></div>\r\n <h1>Verifying your browser</h1>\r\n <p>This should only take a moment&hellip;</p>\r\n </div>\r\n <script>\r\n (async () => {\r\n const challengeId = ${JSON.stringify(challengeId)};\r\n const difficulty = ${difficulty};\r\n const prefix = '0'.repeat(Math.ceil(difficulty / 4));\r\n let nonce = 0;\r\n const t0 = performance.now();\r\n while (true) {\r\n const input = challengeId + ':' + nonce;\r\n const hash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(input));\r\n const hex = Array.from(new Uint8Array(hash)).map(b => b.toString(16).padStart(2, '0')).join('');\r\n if (hex.startsWith(prefix)) {\r\n const elapsed = performance.now() - t0;\r\n const res = await fetch(${JSON.stringify(POW_VERIFY_PATH)}, {\r\n method: 'POST',\r\n headers: { 'Content-Type': 'application/json' },\r\n body: JSON.stringify({ id: challengeId, nonce, elapsed, redir: ${JSON.stringify(originalUrl)} }),\r\n });\r\n const data = await res.json();\r\n if (data.redirect) window.location.href = data.redirect;\r\n else window.location.reload();\r\n break;\r\n }\r\n nonce++;\r\n }\r\n })();\r\n </script>\r\n</body>\r\n</html>`\r\n}\r\n\r\n// ─── Verify Handler ─────────────────────────────────────────────────────────────\r\n\r\n/**\r\n * POST /.well-known/leapify/pow/verify\r\n *\r\n * Validates a completed PoW challenge and issues a signed cookie.\r\n * Exported for mounting in app.ts.\r\n */\r\nexport async function handlePowVerify(\r\n c: Context<{ Bindings: LeapifyBindings }>\r\n) {\r\n const body = await c.req.json<{\r\n id?: string\r\n nonce?: number\r\n elapsed?: number\r\n redir?: string\r\n }>()\r\n\r\n const { id, nonce, redir } = body\r\n\r\n if (!id || typeof nonce !== 'number') {\r\n return c.json(\r\n {\r\n error: {\r\n code: 'VALIDATION_ERROR',\r\n message: 'Missing challenge id or nonce'\r\n }\r\n },\r\n 422\r\n )\r\n }\r\n\r\n // Retrieve challenge from KV\r\n const challenge = await c.env.KV.get(`${CHALLENGE_KV_PREFIX}${id}`)\r\n if (!challenge) {\r\n return c.json(\r\n { error: { code: 'NOT_FOUND', message: 'Challenge expired or invalid' } },\r\n 404\r\n )\r\n }\r\n\r\n const { difficulty } = JSON.parse(challenge)\r\n\r\n // Verify PoW: SHA-256(challengeId:nonce) must have required leading zeros\r\n const input = new TextEncoder().encode(`${id}:${nonce}`)\r\n const hash = await crypto.subtle.digest('SHA-256', input)\r\n const hex = Array.from(new Uint8Array(hash))\r\n .map((b) => b.toString(16).padStart(2, '0'))\r\n .join('')\r\n\r\n const requiredPrefix = '0'.repeat(Math.ceil(difficulty / 4))\r\n if (!hex.startsWith(requiredPrefix)) {\r\n return c.json(\r\n { error: { code: 'VALIDATION_ERROR', message: 'Invalid proof of work' } },\r\n 422\r\n )\r\n }\r\n\r\n // Invalidate challenge (single-use)\r\n await c.env.KV.delete(`${CHALLENGE_KV_PREFIX}${id}`)\r\n\r\n // Issue signed cookie\r\n const secret = c.env.INTERNAL_API_SECRET\r\n const ip = getClientIp(c)\r\n const token = await signCookie(secret, ip)\r\n\r\n c.header(\r\n 'Set-Cookie',\r\n `${POW_COOKIE_NAME}=${token}; Path=/; Max-Age=${COOKIE_MAX_AGE_SEC}; Secure; HttpOnly; SameSite=Lax`\r\n )\r\n\r\n return c.json({ redirect: redir || '/' })\r\n}\r\n\r\n// ─── Main Middleware ─────────────────────────────────────────────────────────────\r\n\r\n/**\r\n * PoW challenge middleware.\r\n *\r\n * Mount AFTER cors, BEFORE everything else:\r\n * app.use('*', createCorsMiddleware(...))\r\n * app.use('*', createPowChallengeMiddleware()) ← here\r\n * app.use('*', createRefererGuard(...))\r\n */\r\nexport function createPowChallengeMiddleware() {\r\n return createMiddleware<{ Bindings: LeapifyBindings }>(async (c, next) => {\r\n // Always pass through the verify endpoint itself\r\n if (c.req.path === POW_VERIFY_PATH) return next()\r\n\r\n // Skip exempt paths (health, internal webhooks)\r\n if (EXEMPT_PATHS.some((p) => c.req.path.startsWith(p))) return next()\r\n\r\n // Skip if client has a valid Authorization header (Firebase JWT — auth middleware will handle)\r\n if (c.req.header('Authorization')) return next()\r\n\r\n // Check for valid PoW cookie\r\n const cookieHeader = c.req.header('Cookie') ?? ''\r\n const cookieMatch = cookieHeader.match(\r\n new RegExp(`${POW_COOKIE_NAME}=([^;]+)`)\r\n )\r\n if (cookieMatch) {\r\n const secret = c.env.INTERNAL_API_SECRET\r\n const ip = getClientIp(c)\r\n const valid = await validateCookie(secret, cookieMatch[1], ip)\r\n if (valid) return next()\r\n }\r\n\r\n // ── Issue challenge ──────────────────────────────────────────────────────\r\n\r\n const difficulty = getDifficulty(c.env)\r\n const challengeId = await generateChallengeId()\r\n\r\n // Store challenge in KV with TTL\r\n await c.env.KV.put(\r\n `${CHALLENGE_KV_PREFIX}${challengeId}`,\r\n JSON.stringify({ difficulty, createdAt: Date.now() }),\r\n { expirationTtl: CHALLENGE_TTL_SEC }\r\n )\r\n\r\n // Serve challenge page\r\n const originalUrl = c.req.path + (c.req.query('?') ? c.req.query('?') : '')\r\n const html = challengePageHtml(challengeId, difficulty, originalUrl)\r\n\r\n return c.html(html, 200)\r\n })\r\n}\r\n"]}