npm - @actuate-media/cms-core - Versions diffs - 0.12.0 → 0.14.0 - Mend

@actuate-media/cms-core 0.12.0 → 0.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

package/LICENSE +21 -21
package/dist/__tests__/api/api-key-auth.test.d.ts +2 -0
package/dist/__tests__/api/api-key-auth.test.d.ts.map +1 -0
package/dist/__tests__/api/api-key-auth.test.js +217 -0
package/dist/__tests__/api/api-key-auth.test.js.map +1 -0
package/dist/__tests__/api/health.test.d.ts +2 -0
package/dist/__tests__/api/health.test.d.ts.map +1 -0
package/dist/__tests__/api/health.test.js +140 -0
package/dist/__tests__/api/health.test.js.map +1 -0
package/dist/__tests__/auth/oauth.test.d.ts +2 -0
package/dist/__tests__/auth/oauth.test.d.ts.map +1 -0
package/dist/__tests__/auth/oauth.test.js +406 -0
package/dist/__tests__/auth/oauth.test.js.map +1 -0
package/dist/__tests__/auth/reset.test.d.ts +2 -0
package/dist/__tests__/auth/reset.test.d.ts.map +1 -0
package/dist/__tests__/auth/reset.test.js +303 -0
package/dist/__tests__/auth/reset.test.js.map +1 -0
package/dist/__tests__/diagnostics/env.test.d.ts +2 -0
package/dist/__tests__/diagnostics/env.test.d.ts.map +1 -0
package/dist/__tests__/diagnostics/env.test.js +119 -0
package/dist/__tests__/diagnostics/env.test.js.map +1 -0
package/dist/__tests__/diagnostics/logger.test.d.ts +2 -0
package/dist/__tests__/diagnostics/logger.test.d.ts.map +1 -0
package/dist/__tests__/diagnostics/logger.test.js +111 -0
package/dist/__tests__/diagnostics/logger.test.js.map +1 -0
package/dist/__tests__/security/api-key-enhanced.test.d.ts +2 -0
package/dist/__tests__/security/api-key-enhanced.test.d.ts.map +1 -0
package/dist/__tests__/security/api-key-enhanced.test.js +110 -0
package/dist/__tests__/security/api-key-enhanced.test.js.map +1 -0
package/dist/__tests__/security/rate-limit.test.js +42 -0
package/dist/__tests__/security/rate-limit.test.js.map +1 -1
package/dist/actions.d.ts.map +1 -1
package/dist/actions.js +7 -6
package/dist/actions.js.map +1 -1
package/dist/api/handler-factory.d.ts.map +1 -1
package/dist/api/handler-factory.js +31 -8
package/dist/api/handler-factory.js.map +1 -1
package/dist/api/handlers.d.ts.map +1 -1
package/dist/api/handlers.js +508 -55
package/dist/api/handlers.js.map +1 -1
package/dist/auth/oauth.d.ts.map +1 -1
package/dist/auth/oauth.js +5 -1
package/dist/auth/oauth.js.map +1 -1
package/dist/auth/reset.d.ts.map +1 -1
package/dist/auth/reset.js +2 -1
package/dist/auth/reset.js.map +1 -1
package/dist/config/runtime.d.ts +99 -0
package/dist/config/runtime.d.ts.map +1 -0
package/dist/config/runtime.js +43 -0
package/dist/config/runtime.js.map +1 -0
package/dist/config/types.d.ts +21 -0
package/dist/config/types.d.ts.map +1 -1
package/dist/diagnostics/env.d.ts +44 -0
package/dist/diagnostics/env.d.ts.map +1 -0
package/dist/diagnostics/env.js +293 -0
package/dist/diagnostics/env.js.map +1 -0
package/dist/diagnostics/logger.d.ts +38 -0
package/dist/diagnostics/logger.d.ts.map +1 -0
package/dist/diagnostics/logger.js +89 -0
package/dist/diagnostics/logger.js.map +1 -0
package/dist/page-builder/blocks.d.ts.map +1 -1
package/dist/page-builder/blocks.js +6 -1
package/dist/page-builder/blocks.js.map +1 -1
package/dist/security/api-key-enhanced.d.ts +48 -5
package/dist/security/api-key-enhanced.d.ts.map +1 -1
package/dist/security/api-key-enhanced.js +60 -9
package/dist/security/api-key-enhanced.js.map +1 -1
package/dist/security/audit.d.ts.map +1 -1
package/dist/security/audit.js +3 -1
package/dist/security/audit.js.map +1 -1
package/dist/security/rate-limit.d.ts +8 -0
package/dist/security/rate-limit.d.ts.map +1 -1
package/dist/security/rate-limit.js +81 -3
package/dist/security/rate-limit.js.map +1 -1
package/generated/browser.ts +109 -0
package/generated/client.ts +133 -0
package/generated/commonInputTypes.ts +709 -0
package/generated/enums.ts +125 -0
package/generated/internal/class.ts +376 -0
package/generated/internal/prismaNamespace.ts +2617 -0
package/generated/internal/prismaNamespaceBrowser.ts +611 -0
package/generated/models/ApiKey.ts +1550 -0
package/generated/models/AuditLog.ts +1206 -0
package/generated/models/BackupRecord.ts +1250 -0
package/generated/models/ContentLock.ts +1472 -0
package/generated/models/ContentTemplate.ts +1416 -0
package/generated/models/Document.ts +3005 -0
package/generated/models/Folder.ts +1904 -0
package/generated/models/FormSubmission.ts +1200 -0
package/generated/models/InAppNotification.ts +1457 -0
package/generated/models/Media.ts +2340 -0
package/generated/models/MediaUsage.ts +1472 -0
package/generated/models/OAuthAccount.ts +1463 -0
package/generated/models/Redirect.ts +1284 -0
package/generated/models/Session.ts +1492 -0
package/generated/models/Site.ts +1206 -0
package/generated/models/User.ts +3513 -0
package/generated/models/Version.ts +1511 -0
package/generated/models/WorkflowState.ts +1514 -0
package/generated/models.ts +29 -0
package/package.json +1 -1
package/prisma/cms-schema.prisma +306 -306
package/prisma/migrations/0001_init/migration.sql +384 -384
package/prisma/migrations/0002_folders/migration.sql +39 -39
package/prisma/migrations/0003_search_and_webhooks/migration.sql +50 -50
package/prisma/migrations/0004_script_tags/migration.sql +21 -21
package/prisma/migrations/0005_password_reset_tokens/migration.sql +20 -20
package/prisma/migrations/0006_page_builder/migration.sql +38 -38
package/prisma/migrations/migration_lock.toml +3 -3
package/prisma/schema.prisma +549 -549

package/LICENSE CHANGED Viewed

@@ -1,21 +1,21 @@
-MIT License
-Copyright (c) 2026 Actuate Media
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+Copyright (c) 2026 Actuate Media
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/__tests__/api/api-key-auth.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=api-key-auth.test.d.ts.map

package/dist/__tests__/api/api-key-auth.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"api-key-auth.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/api/api-key-auth.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/api/api-key-auth.test.js ADDED Viewed

@@ -0,0 +1,217 @@
+import { beforeEach, describe, expect, it } from 'vitest';
+import { handleActuateAPI } from '../../api/index.js';
+import { initDB } from '../../db.js';
+import { generateApiKey } from '../../security/api-key-enhanced.js';
+// Make sure the API surface that authenticates via API keys actually:
+//   1. accepts an `Authorization: Bearer act_sk_*` token without CSRF,
+//   2. enforces the key's scopes (collection + action),
+//   3. rejects revoked/expired keys.
+//
+// We don't spin up the real database for these — a mock Prisma client that
+// answers `apiKey.findUnique` and a minimal `document` interface is enough
+// to exercise the auth + CSRF skip + scope check paths.
+const VALID_SECRET = 'a'.repeat(48);
+function createMockDB(opts) {
+    const apiKey = opts.apiKey;
+    return {
+        apiKey: {
+            // `hasModel` probes for `findMany` to decide whether the model exists
+            // on the Prisma client. Including a stub here is enough to clear the
+            // check even though our tests only exercise findUnique/update.
+            findMany: async () => (apiKey ? [apiKey] : []),
+            findUnique: async ({ where }) => {
+                if (!apiKey)
+                    return null;
+                if (apiKey.keyHash !== where.keyHash)
+                    return null;
+                return apiKey;
+            },
+            update: async () => apiKey,
+        },
+        document: {
+            findMany: async () => [],
+            count: async () => 0,
+            create: async ({ data }) => ({ ...data, id: 'doc-1', createdAt: new Date(), updatedAt: new Date() }),
+        },
+        user: {},
+        session: {},
+        media: {},
+    };
+}
+async function makeKey(scopes) {
+    const { key, keyHash, keyPrefix } = await generateApiKey({ prefix: 'act_sk', scopes });
+    return {
+        key,
+        record: {
+            id: 'apikey-1',
+            keyHash,
+            keyPrefix,
+            userId: 'user-1',
+            scopes,
+            ipRestrictions: null,
+            expiresAt: null,
+            lastUsedAt: null,
+            revokedAt: null,
+        },
+    };
+}
+describe('API key authentication', () => {
+    beforeEach(() => {
+        delete globalThis.__actuateConfig;
+        process.env.CMS_SECRET = VALID_SECRET;
+    });
+    it('allows a request authenticated by a valid API key (no CSRF token)', async () => {
+        const { key, record } = await makeKey({ collections: ['posts'], actions: ['read'] });
+        const db = createMockDB({ apiKey: record });
+        initDB(db);
+        const handler = handleActuateAPI({
+            prismaClient: db,
+            config: { collections: { posts: { slug: 'posts', labels: { singular: 'Post', plural: 'Posts' }, fields: {} } } },
+        });
+        const response = await handler(new Request('https://example.com/api/cms/collections/posts', {
+            headers: { Authorization: `Bearer ${key}` },
+        }));
+        expect(response.status).toBe(200);
+    });
+    it('rejects with 401 when bearer token does not match any API key in the DB', async () => {
+        const { record } = await makeKey({ admin: true });
+        const db = createMockDB({ apiKey: record });
+        initDB(db);
+        const handler = handleActuateAPI({
+            prismaClient: db,
+            config: { collections: { posts: { slug: 'posts', labels: { singular: 'Post', plural: 'Posts' }, fields: {} } } },
+        });
+        const fakeKey = 'act_sk_' + 'f'.repeat(64);
+        const response = await handler(new Request('https://example.com/api/cms/collections/posts', {
+            headers: { Authorization: `Bearer ${fakeKey}` },
+        }));
+        expect(response.status).toBe(401);
+    });
+    it('rejects revoked API keys', async () => {
+        const { key, record } = await makeKey({ admin: true });
+        record.revokedAt = new Date();
+        const db = createMockDB({ apiKey: record });
+        initDB(db);
+        const handler = handleActuateAPI({
+            prismaClient: db,
+            config: { collections: { posts: { slug: 'posts', labels: { singular: 'Post', plural: 'Posts' }, fields: {} } } },
+        });
+        const response = await handler(new Request('https://example.com/api/cms/collections/posts', {
+            headers: { Authorization: `Bearer ${key}` },
+        }));
+        expect(response.status).toBe(401);
+    });
+    it('rejects expired API keys', async () => {
+        const { key, record } = await makeKey({ admin: true });
+        record.expiresAt = new Date(Date.now() - 60_000);
+        const db = createMockDB({ apiKey: record });
+        initDB(db);
+        const handler = handleActuateAPI({
+            prismaClient: db,
+            config: { collections: { posts: { slug: 'posts', labels: { singular: 'Post', plural: 'Posts' }, fields: {} } } },
+        });
+        const response = await handler(new Request('https://example.com/api/cms/collections/posts', {
+            headers: { Authorization: `Bearer ${key}` },
+        }));
+        expect(response.status).toBe(401);
+    });
+    it('rejects with 403 when scope does not include the requested collection', async () => {
+        const { key, record } = await makeKey({ collections: ['posts'], actions: ['read'] });
+        const db = createMockDB({ apiKey: record });
+        initDB(db);
+        const handler = handleActuateAPI({
+            prismaClient: db,
+            config: {
+                collections: {
+                    posts: { slug: 'posts', labels: { singular: 'Post', plural: 'Posts' }, fields: {} },
+                    pages: { slug: 'pages', labels: { singular: 'Page', plural: 'Pages' }, fields: {} },
+                },
+            },
+        });
+        const response = await handler(new Request('https://example.com/api/cms/collections/pages', {
+            headers: { Authorization: `Bearer ${key}` },
+        }));
+        expect(response.status).toBe(403);
+    });
+    it('rejects with 403 when scope does not include the requested action', async () => {
+        const { key, record } = await makeKey({ collections: ['posts'], actions: ['read'] });
+        const db = createMockDB({ apiKey: record });
+        initDB(db);
+        const handler = handleActuateAPI({
+            prismaClient: db,
+            config: { collections: { posts: { slug: 'posts', labels: { singular: 'Post', plural: 'Posts' }, fields: {} } } },
+        });
+        // POST should be blocked without `create` in actions — and crucially the
+        // request has no CSRF token, so we're confirming that the API-key path
+        // bypassed CSRF and got as far as scope enforcement before failing.
+        const response = await handler(new Request('https://example.com/api/cms/collections/posts', {
+            method: 'POST',
+            headers: { Authorization: `Bearer ${key}`, 'Content-Type': 'application/json' },
+            body: JSON.stringify({ title: 'Hello' }),
+        }));
+        expect(response.status).toBe(403);
+    });
+    it('CSRF middleware does not block API-key POST requests', async () => {
+        // Same shape as the previous test but with create scope — the request
+        // should make it past CSRF, past scope, and at least into the action
+        // handler. A 500/400 from the action layer here would still mean the
+        // CSRF check passed (which is what we're asserting).
+        const { key, record } = await makeKey({ collections: ['posts'], actions: ['create'], admin: false });
+        const db = createMockDB({ apiKey: record });
+        initDB(db);
+        const handler = handleActuateAPI({
+            prismaClient: db,
+            config: { collections: { posts: { slug: 'posts', labels: { singular: 'Post', plural: 'Posts' }, fields: {} } } },
+        });
+        const response = await handler(new Request('https://example.com/api/cms/collections/posts', {
+            method: 'POST',
+            headers: { Authorization: `Bearer ${key}`, 'Content-Type': 'application/json' },
+            body: JSON.stringify({ title: 'Hello' }),
+        }));
+        // Should not be a 403 CSRF rejection.
+        expect(response.status).not.toBe(403);
+        if (response.status === 403) {
+            const body = await response.json().catch(() => ({}));
+            expect(body.error).not.toBe('Invalid CSRF token');
+        }
+    });
+    it('non-API-key requests still require CSRF for POST', async () => {
+        const db = createMockDB({});
+        initDB(db);
+        const handler = handleActuateAPI({
+            prismaClient: db,
+            config: { collections: { posts: { slug: 'posts', labels: { singular: 'Post', plural: 'Posts' }, fields: {} } } },
+        });
+        const response = await handler(new Request('https://example.com/api/cms/collections/posts', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ title: 'Hello' }),
+        }));
+        expect(response.status).toBe(403);
+        const body = await response.json().catch(() => ({}));
+        expect(body.error).toBe('Invalid CSRF token');
+    });
+    it('admin scope grants access to any collection', async () => {
+        const { key, record } = await makeKey({ admin: true });
+        const db = createMockDB({ apiKey: record });
+        initDB(db);
+        const handler = handleActuateAPI({
+            prismaClient: db,
+            config: {
+                collections: {
+                    posts: { slug: 'posts', labels: { singular: 'Post', plural: 'Posts' }, fields: {} },
+                    pages: { slug: 'pages', labels: { singular: 'Page', plural: 'Pages' }, fields: {} },
+                },
+            },
+        });
+        const a = await handler(new Request('https://example.com/api/cms/collections/posts', {
+            headers: { Authorization: `Bearer ${key}` },
+        }));
+        const b = await handler(new Request('https://example.com/api/cms/collections/pages', {
+            headers: { Authorization: `Bearer ${key}` },
+        }));
+        expect(a.status).toBe(200);
+        expect(b.status).toBe(200);
+    });
+});
+//# sourceMappingURL=api-key-auth.test.js.map

package/dist/__tests__/api/api-key-auth.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"api-key-auth.test.js","sourceRoot":"","sources":["../../../src/__tests__/api/api-key-auth.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AAEzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AACpC,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAA;AAGnE,sEAAsE;AACtE,uEAAuE;AACvE,wDAAwD;AACxD,qCAAqC;AACrC,EAAE;AACF,2EAA2E;AAC3E,2EAA2E;AAC3E,wDAAwD;AAExD,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;AAcnC,SAAS,YAAY,CAAC,IAAiE;IACrF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAA;IAC1B,OAAO;QACL,MAAM,EAAE;YACN,sEAAsE;YACtE,qEAAqE;YACrE,+DAA+D;YAC/D,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9C,UAAU,EAAE,KAAK,EAAE,EAAE,KAAK,EAAkC,EAAE,EAAE;gBAC9D,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAA;gBACxB,IAAI,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO;oBAAE,OAAO,IAAI,CAAA;gBACjD,OAAO,MAAM,CAAA;YACf,CAAC;YACD,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC,MAAM;SAC3B;QACD,QAAQ,EAAE;YACR,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;YACxB,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;YACpB,MAAM,EAAE,KAAK,EAAE,EAAE,IAAI,EAAO,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;SAC1G;QACD,IAAI,EAAE,EAAE;QACR,OAAO,EAAE,EAAE;QACX,KAAK,EAAE,EAAE;KACH,CAAA;AACV,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,MAAmB;IACxC,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,MAAM,cAAc,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;IACtF,OAAO;QACL,GAAG;QACH,MAAM,EAAE;YACN,EAAE,EAAE,UAAU;YACd,OAAO;YACP,SAAS;YACT,MAAM,EAAE,QAAQ;YAChB,MAAM;YACN,cAAc,EAAE,IAAI;YACpB,SAAS,EAAE,IAAI;YACf,UAAU,EAAE,IAAI;YAChB,SAAS,EAAE,IAAI;SAChB;KACF,CAAA;AACH,CAAC;AAED,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,UAAU,CAAC,GAAG,EAAE;QACd,OAAQ,UAAkB,CAAC,eAAe,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,YAAY,CAAA;IACvC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QACpF,MAAM,EAAE,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QAC3C,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE;SACjH,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,+CAA+C,EAAE;YAC3D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE;SAC5C,CAAC,CACH,CAAA;QAED,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACjD,MAAM,EAAE,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QAC3C,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE;SACjH,CAAC,CAAA;QAEF,MAAM,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QAC1C,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,+CAA+C,EAAE;YAC3D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,OAAO,EAAE,EAAE;SAChD,CAAC,CACH,CAAA;QAED,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAA;QAC7B,MAAM,EAAE,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QAC3C,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE;SACjH,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,+CAA+C,EAAE;YAC3D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE;SAC5C,CAAC,CACH,CAAA;QAED,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,CAAA;QAChD,MAAM,EAAE,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QAC3C,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE;SACjH,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,+CAA+C,EAAE;YAC3D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE;SAC5C,CAAC,CACH,CAAA;QAED,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uEAAuE,EAAE,KAAK,IAAI,EAAE;QACrF,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QACpF,MAAM,EAAE,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QAC3C,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE;gBACN,WAAW,EAAE;oBACX,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;oBACnF,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;iBACpF;aACF;SACF,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,+CAA+C,EAAE;YAC3D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE;SAC5C,CAAC,CACH,CAAA;QAED,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QACpF,MAAM,EAAE,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QAC3C,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE;SACjH,CAAC,CAAA;QAEF,yEAAyE;QACzE,uEAAuE;QACvE,oEAAoE;QACpE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,+CAA+C,EAAE;YAC3D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;SACzC,CAAC,CACH,CAAA;QAED,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,sEAAsE;QACtE,qEAAqE;QACrE,qEAAqE;QACrE,qDAAqD;QACrD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,QAAQ,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAA;QACpG,MAAM,EAAE,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QAC3C,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE;SACjH,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,+CAA+C,EAAE;YAC3D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;SACzC,CAAC,CACH,CAAA;QAED,sCAAsC;QACtC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACrC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;YACpD,MAAM,CAAE,IAAY,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;QAC5D,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,MAAM,EAAE,GAAG,YAAY,CAAC,EAAE,CAAC,CAAA;QAC3B,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE;SACjH,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,+CAA+C,EAAE;YAC3D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;SACzC,CAAC,CACH,CAAA;QAED,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACjC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;QACpD,MAAM,CAAE,IAAY,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAA;IACxD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QACtD,MAAM,EAAE,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;QAC3C,MAAM,CAAC,EAAE,CAAC,CAAA;QACV,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE,EAAE;YAChB,MAAM,EAAE;gBACN,WAAW,EAAE;oBACX,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;oBACnF,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;iBACpF;aACF;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,MAAM,OAAO,CACrB,IAAI,OAAO,CAAC,+CAA+C,EAAE;YAC3D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE;SAC5C,CAAC,CACH,CAAA;QACD,MAAM,CAAC,GAAG,MAAM,OAAO,CACrB,IAAI,OAAO,CAAC,+CAA+C,EAAE;YAC3D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,EAAE,EAAE;SAC5C,CAAC,CACH,CAAA;QAED,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAC1B,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}

package/dist/__tests__/api/health.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=health.test.d.ts.map

package/dist/__tests__/api/health.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"health.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/api/health.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/api/health.test.js ADDED Viewed

@@ -0,0 +1,140 @@
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+import { handleActuateAPI } from '../../api/index.js';
+import { setActuateConfig } from '../../config/runtime.js';
+import { initDB } from '../../db.js';
+const VALID_SECRET = 'a-real-cms-secret-of-at-least-32-characters';
+describe('/api/cms/health status derivation', () => {
+    // Snapshot every env var any test in this file mutates so we can restore
+    // them in `afterEach`. NOTE: `CMS_SESSION_SECRET` is included even though
+    // only one test sets it — Bugbot caught the original test where cleanup
+    // ran inline and was therefore skipped on assertion failure, leaking the
+    // legacy secret into the next `it.each` iteration and causing the
+    // config-file path test to pass for the wrong reason.
+    const original = {
+        CMS_SECRET: process.env.CMS_SECRET,
+        CMS_SESSION_SECRET: process.env.CMS_SESSION_SECRET,
+        CMS_ENCRYPTION_KEY: process.env.CMS_ENCRYPTION_KEY,
+        CRON_SECRET: process.env.CRON_SECRET,
+        DATABASE_URL: process.env.DATABASE_URL,
+    };
+    beforeEach(() => {
+        process.env.CMS_SECRET = VALID_SECRET;
+        process.env.DATABASE_URL = 'postgres://x';
+        delete process.env.CMS_SESSION_SECRET;
+        delete process.env.CMS_ENCRYPTION_KEY;
+        delete process.env.CRON_SECRET;
+    });
+    afterEach(() => {
+        for (const [k, v] of Object.entries(original)) {
+            if (v === undefined)
+                delete process.env[k];
+            else
+                process.env[k] = v;
+        }
+        // Tests within this file share `globalThis`, so explicitly clear any
+        // config a single test stashed (see `runtime.ts` doc — "Tests reset
+        // between suites").
+        delete globalThis.__actuateConfig;
+    });
+    // Bugbot review (PR #41): the early-return DB-failure path hardcoded
+    // `status: 'degraded'`, ignoring the env validation result computed two
+    // lines above. A deploy with both a broken DB *and* a malformed CMS_SECRET
+    // would report `degraded` even though it's actually `unhealthy` —
+    // defeating M6's whole point of catching env misconfig at /health time.
+    it('returns "unhealthy" when env is misconfigured AND db() throws', async () => {
+        process.env.CMS_SECRET = 'too-short'; // triggers env error
+        // Force db() to throw by initializing with an object that the route's
+        // model probes will treat as unusable while leaving db() itself callable.
+        // The simplest way is to trip the catch by leaving DB uninitialized.
+        initDB(null); // db() will throw "Prisma client not initialised"
+        const handler = handleActuateAPI({ prismaClient: null });
+        const response = await handler(new Request('https://example.com/api/cms/health', { method: 'GET' }));
+        expect(response.status).toBe(200);
+        const payload = (await response.json());
+        expect(payload.data.databaseConnected).toBe(false);
+        expect(payload.data.status).toBe('unhealthy');
+    });
+    it('returns "degraded" when only db() throws (env is fine)', async () => {
+        initDB(null);
+        const handler = handleActuateAPI({ prismaClient: null });
+        const response = await handler(new Request('https://example.com/api/cms/health', { method: 'GET' }));
+        const payload = (await response.json());
+        expect(payload.data.status).toBe('degraded');
+    });
+    // Bugbot review (PR #41): the unauthenticated /health response embeds the
+    // full env validation, so any "ok" message that mentions the configured
+    // secret length leaks that length to anonymous callers. Validate the
+    // serialized response here so a regression in either the env module or the
+    // health route is caught.
+    it('does not leak exact secret lengths in the /health JSON', async () => {
+        process.env.CMS_SECRET = 'a'.repeat(45);
+        process.env.CRON_SECRET = 'a-real-cron-secret-with-known-length';
+        process.env.CMS_ENCRYPTION_KEY = 'a1b2'.repeat(16);
+        initDB({
+            document: { count: async () => 0 },
+            user: { count: async () => 0 },
+            media: { count: async () => 0 },
+        });
+        const handler = handleActuateAPI({
+            prismaClient: {
+                document: { count: async () => 0 },
+                user: { count: async () => 0 },
+                media: { count: async () => 0 },
+            },
+        });
+        const response = await handler(new Request('https://example.com/api/cms/health', { method: 'GET' }));
+        const text = await response.text();
+        // No "Configured (N chars)." anywhere. Use a regex broad enough to catch
+        // both "42 chars" and "42 chars." variants.
+        expect(text).not.toMatch(/\d+\s*chars?/i);
+        // And specifically, the configured lengths must not appear next to the
+        // secret names in the response body.
+        expect(text).not.toContain('45');
+    });
+    // Bugbot review (PR #43): `validateEnvShape()` only inspected
+    // `process.env.CMS_SECRET`, but `getSessionSecret()` also accepts the
+    // secret from the legacy `CMS_SESSION_SECRET` env var or `actuate.config.ts
+    // → secret`. Without the wrapping the route now applies, a deploy that
+    // configures the secret via the config file would get the contradictory
+    // response `secretConfigured: true` AND `status: "unhealthy"`, tripping
+    // monitoring / load-balancer health probes for no real fault.
+    it.each([
+        [
+            'CMS_SESSION_SECRET (legacy env var)',
+            () => {
+                delete process.env.CMS_SECRET;
+                process.env.CMS_SESSION_SECRET = 'a'.repeat(40);
+            },
+        ],
+        [
+            'actuate.config.ts → secret (config-file path)',
+            () => {
+                delete process.env.CMS_SECRET;
+                setActuateConfig({ secret: 'a'.repeat(40) });
+            },
+        ],
+    ])('does not report unhealthy when CMS_SECRET is supplied via %s', async (_label, setup) => {
+        setup();
+        initDB({
+            document: { count: async () => 0 },
+            user: { count: async () => 0 },
+            media: { count: async () => 0 },
+        });
+        const handler = handleActuateAPI({
+            prismaClient: {
+                document: { count: async () => 0 },
+                user: { count: async () => 0 },
+                media: { count: async () => 0 },
+            },
+        });
+        const response = await handler(new Request('https://example.com/api/cms/health', { method: 'GET' }));
+        const payload = (await response.json());
+        // Both signals must agree — no contradictory `secretConfigured: true`
+        // alongside `status: "unhealthy"`.
+        expect(payload.data.secretConfigured).toBe(true);
+        expect(payload.data.status).not.toBe('unhealthy');
+        const cmsSecretCheck = payload.data.env.checks.find((c) => c.name === 'CMS_SECRET');
+        expect(cmsSecretCheck?.status).toBe('ok');
+    });
+});
+//# sourceMappingURL=health.test.js.map

package/dist/__tests__/api/health.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"health.test.js","sourceRoot":"","sources":["../../../src/__tests__/api/health.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AAEpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAEpC,MAAM,YAAY,GAAG,6CAA6C,CAAA;AAElE,QAAQ,CAAC,mCAAmC,EAAE,GAAG,EAAE;IACjD,yEAAyE;IACzE,0EAA0E;IAC1E,wEAAwE;IACxE,yEAAyE;IACzE,kEAAkE;IAClE,sDAAsD;IACtD,MAAM,QAAQ,GAAG;QACf,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;QAClC,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAClD,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAClD,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW;QACpC,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY;KACvC,CAAA;IAED,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,YAAY,CAAA;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,GAAG,cAAc,CAAA;QACzC,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;QACrC,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;QACrC,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAA;IAChC,CAAC,CAAC,CAAA;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,OAAO,CAAC,GAAG,CAAC,CAA0B,CAAC,CAAA;;gBAC9D,OAAO,CAAC,GAAG,CAAC,CAA0B,CAAC,GAAG,CAAC,CAAA;QAClD,CAAC;QACD,qEAAqE;QACrE,oEAAoE;QACpE,oBAAoB;QACpB,OAAQ,UAA4C,CAAC,eAAe,CAAA;IACtE,CAAC,CAAC,CAAA;IAEF,qEAAqE;IACrE,wEAAwE;IACxE,2EAA2E;IAC3E,kEAAkE;IAClE,wEAAwE;IACxE,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,WAAW,CAAA,CAAC,qBAAqB;QAC1D,sEAAsE;QACtE,0EAA0E;QAC1E,qEAAqE;QACrE,MAAM,CAAC,IAAa,CAAC,CAAA,CAAC,kDAAkD;QAExE,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,IAAa,EAAE,CAAC,CAAA;QACjE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,oCAAoC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CACrE,CAAA;QACD,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACjC,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAErC,CAAA;QACD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAClD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAC/C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,CAAC,IAAa,CAAC,CAAA;QACrB,MAAM,OAAO,GAAG,gBAAgB,CAAC,EAAE,YAAY,EAAE,IAAa,EAAE,CAAC,CAAA;QACjE,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,oCAAoC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CACrE,CAAA;QACD,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAiC,CAAA;QACvE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAC9C,CAAC,CAAC,CAAA;IAEF,0EAA0E;IAC1E,wEAAwE;IACxE,qEAAqE;IACrE,2EAA2E;IAC3E,0BAA0B;IAC1B,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QACvC,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,sCAAsC,CAAA;QAChE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QAClD,MAAM,CAAC;YACL,QAAQ,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;YAClC,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;YAC9B,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;SACvB,CAAC,CAAA;QAEX,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE;gBACZ,QAAQ,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;gBAClC,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;gBAC9B,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;aACvB;SACX,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,oCAAoC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CACrE,CAAA;QACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAA;QAClC,yEAAyE;QACzE,4CAA4C;QAC5C,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;QACzC,uEAAuE;QACvE,qCAAqC;QACrC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,8DAA8D;IAC9D,sEAAsE;IACtE,4EAA4E;IAC5E,uEAAuE;IACvE,wEAAwE;IACxE,wEAAwE;IACxE,8DAA8D;IAC9D,EAAE,CAAC,IAAI,CAAC;QACN;YACE,qCAAqC;YACrC,GAAG,EAAE;gBACH,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAA;gBAC7B,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;YACjD,CAAC;SACF;QACD;YACE,+CAA+C;YAC/C,GAAG,EAAE;gBACH,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAA;gBAC7B,gBAAgB,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAW,CAAC,CAAA;YACvD,CAAC;SACF;KACF,CAAC,CAAC,8DAA8D,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE;QACzF,KAAK,EAAE,CAAA;QACP,MAAM,CAAC;YACL,QAAQ,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;YAClC,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;YAC9B,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;SACvB,CAAC,CAAA;QACX,MAAM,OAAO,GAAG,gBAAgB,CAAC;YAC/B,YAAY,EAAE;gBACZ,QAAQ,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;gBAClC,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;gBAC9B,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE;aACvB;SACX,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG,MAAM,OAAO,CAC5B,IAAI,OAAO,CAAC,oCAAoC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CACrE,CAAA;QACD,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAMrC,CAAA;QACD,sEAAsE;QACtE,mCAAmC;QACnC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAChD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QACjD,MAAM,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAA;QACnF,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3C,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}

package/dist/__tests__/auth/oauth.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=oauth.test.d.ts.map

package/dist/__tests__/auth/oauth.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"oauth.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/auth/oauth.test.ts"],"names":[],"mappings":""}