@arcblock/did-connect-service 4.0.4 → 4.0.6

package/dist/og/passport-svg.js

@@ -0,0 +1,157 @@
+import { Hasher } from "@ocap/mcrypto";
+import { toHex } from "@ocap/util";
+export const DEFAULT_COLORS = {
+    "did-space": { start: "#7D3AC5", end: "#9761D1" },
+    "app-space": { start: "#6CC68D", end: "#47B871" },
+    "app-purchase": { start: "#DE7021", end: "#E48D4E" },
+    "app-passport": { start: "#3882C7", end: "#7AB2F6" },
+    "app-kyc": { start: "#3882C7", end: "#7AB2F6" },
+};
+/**
+ * Convert RGB color to HSL color.
+ * @param rgbString - The RGB color value (e.g. "#FF0000").
+ * @returns A [h, s, l] tuple with values in [0, 1].
+ */
+export function rgbToHsl(rgbString) {
+    const color = rgbString.replace("#", "");
+    const r = parseInt(color.slice(0, 2), 16) / 255;
+    const g = parseInt(color.slice(2, 4), 16) / 255;
+    const b = parseInt(color.slice(4, 6), 16) / 255;
+    const max = Math.max(r, g, b);
+    const min = Math.min(r, g, b);
+    let h = 0;
+    let s = 0;
+    const l = (max + min) / 2;
+    if (max === min) {
+        h = 0;
+        s = 0;
+    }
+    else {
+        const d = max - min;
+        s = l > 0.5 ? d / (2 - max - min) : d / (max + min);
+        switch (max) {
+            case r:
+                h = (g - b) / d + (g < b ? 6 : 0);
+                break;
+            case g:
+                h = (b - r) / d + 2;
+                break;
+            case b:
+                h = (r - g) / d + 4;
+                break;
+            default:
+                break;
+        }
+        h /= 6;
+    }
+    return [h, s, l];
+}
+/**
+ * Convert HSL color value to an RGB hex string.
+ * @param h - Hue in [0, 1].
+ * @param s - Saturation in [0, 1].
+ * @param l - Lightness in [0, 1].
+ * @returns A hex color string like "#rrggbb".
+ */
+export function hslToRgb(h, s, l) {
+    let r;
+    let g;
+    let b;
+    if (s === 0) {
+        r = l;
+        g = l;
+        b = l;
+    }
+    else {
+        const hue2rgb = (p, q, t2) => {
+            let t = t2;
+            if (t < 0)
+                t += 1;
+            if (t > 1)
+                t -= 1;
+            if (t < 1 / 6)
+                return p + (q - p) * 6 * t;
+            if (t < 1 / 2)
+                return q;
+            if (t < 2 / 3)
+                return p + (q - p) * (2 / 3 - t) * 6;
+            return p;
+        };
+        const q = l < 0.5 ? l * (1 + s) : l + s - l * s;
+        const p = 2 * l - q;
+        r = hue2rgb(p, q, h + 1 / 3);
+        g = hue2rgb(p, q, h);
+        b = hue2rgb(p, q, h - 1 / 3);
+    }
+    return `#${[Math.round(r * 255), Math.round(g * 255), Math.round(b * 255)]
+        .map((e) => e.toString(16).padStart(2, "0"))
+        .join("")}`;
+}
+/**
+ * Convert a single color to usable NFT gradient background colors.
+ * Clamps saturation to ≤0.7 and lightness to [0.3, 0.6].
+ * @param rgbString - The background color in RGB hex format.
+ * @returns An NFTColor with clamped start and end gradient colors.
+ */
+export function getNftBGColor(rgbString) {
+    if (rgbString) {
+        const data = rgbToHsl(rgbString);
+        // Hue h can be arbitrary
+        // Saturation s should not exceed 0.7
+        // Lightness l should not exceed 0.6 and should be above 0.3
+        const h = data[0];
+        const s = data[1] > 0.7 ? 0.7 : data[1];
+        const l = data[2] > 0.6 ? 0.6 : data[2] < 0.3 ? 0.3 : data[2];
+        const newColor = hslToRgb(h, s, l);
+        const newRepeatColor = hslToRgb(h, s, l - 0.1);
+        return {
+            start: newRepeatColor,
+            end: newColor,
+        };
+    }
+    return DEFAULT_COLORS["app-passport"];
+}
+/**
+ * Derive a deterministic passport color hex string from a DID.
+ * @param did - The DID string.
+ * @returns A 7-character hex color string like "#rrggbb".
+ */
+export function getPassportColorFromDid(did) {
+    return `#${toHex(Hasher.SHA3.hash224(did)).slice(-6)}`;
+}
+/**
+ * Get NFT background color derived from a DID.
+ * @param did - The DID string.
+ * @returns An NFTColor with start and end gradient colors.
+ */
+export function getNftBGColorFromDid(did) {
+    return getNftBGColor(getPassportColorFromDid(did));
+}
+/**
+ * Get the passport gradient color for display.
+ * @param preferredColor - "default" | "auto" | a hex color string | undefined
+ * @param did - The DID string (used when preferredColor is "auto").
+ * @returns An NFTColor with start and end gradient colors.
+ */
+export function getPassportColor(preferredColor, did) {
+    if (preferredColor === "default" || !preferredColor) {
+        return DEFAULT_COLORS["app-passport"];
+    }
+    if (preferredColor === "auto") {
+        return getNftBGColorFromDid(did);
+    }
+    return getNftBGColor(preferredColor);
+}
+/**
+ * Choose readable text color based on background luminance.
+ * @param background - A hex color string like "#rrggbb".
+ * @returns "#111" for light backgrounds, "#EEE" for dark backgrounds.
+ */
+export function getTextColor(background) {
+    const r = parseInt(background.slice(1, 3), 16);
+    const g = parseInt(background.slice(3, 5), 16);
+    const b = parseInt(background.slice(5, 7), 16);
+    const luminance = (0.299 * r + 0.587 * g + 0.114 * b) / 255;
+    return luminance > 0.5 ? "#111" : "#EEE";
+}
+//# sourceMappingURL=passport-svg.js.map

package/dist/og/passport-svg.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passport-svg.js","sourceRoot":"","sources":["../../src/og/passport-svg.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAOnC,MAAM,CAAC,MAAM,cAAc,GAA6B;IACtD,WAAW,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE;IACjD,WAAW,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE;IACjD,cAAc,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE;IACpD,cAAc,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE;IACpD,SAAS,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE;CAChD,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,QAAQ,CAAC,SAAiB;IACxC,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACzC,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC;IAChD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC;IAChD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC;IAChD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAE1B,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;QAChB,CAAC,GAAG,CAAC,CAAC;QACN,CAAC,GAAG,CAAC,CAAC;IACR,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;QACpB,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;QACpD,QAAQ,GAAG,EAAE,CAAC;YACZ,KAAK,CAAC;gBACJ,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClC,MAAM;YACR,KAAK,CAAC;gBACJ,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACpB,MAAM;YACR,KAAK,CAAC;gBACJ,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACpB,MAAM;YACR;gBACE,MAAM;QACV,CAAC;QACD,CAAC,IAAI,CAAC,CAAC;IACT,CAAC;IAED,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,QAAQ,CAAC,CAAS,EAAE,CAAS,EAAE,CAAS;IACtD,IAAI,CAAS,CAAC;IACd,IAAI,CAAS,CAAC;IACd,IAAI,CAAS,CAAC;IAEd,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACZ,CAAC,GAAG,CAAC,CAAC;QACN,CAAC,GAAG,CAAC,CAAC;QACN,CAAC,GAAG,CAAC,CAAC;IACR,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAU,EAAU,EAAE;YAC3D,IAAI,CAAC,GAAG,EAAE,CAAC;YACX,IAAI,CAAC,GAAG,CAAC;gBAAE,CAAC,IAAI,CAAC,CAAC;YAClB,IAAI,CAAC,GAAG,CAAC;gBAAE,CAAC,IAAI,CAAC,CAAC;YAClB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1C,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,CAAC,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACpD,OAAO,CAAC,CAAC;QACX,CAAC,CAAC;QAEF,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7B,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACrB,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/B,CAAC;IAED,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,GAAG,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,GAAG,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;SACvE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,SAAiB;IAC7C,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAEjC,yBAAyB;QACzB,qCAAqC;QACrC,4DAA4D;QAC5D,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACnC,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC;QAE/C,OAAO;YACL,KAAK,EAAE,cAAc;YACrB,GAAG,EAAE,QAAQ;SACd,CAAC;IACJ,CAAC;IAED,OAAO,cAAc,CAAC,cAAc,CAAC,CAAC;AACxC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAW;IACjD,OAAO,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACzD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAW;IAC9C,OAAO,aAAa,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC;AACrD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,cAAkC,EAAE,GAAW;IAC9E,IAAI,cAAc,KAAK,SAAS,IAAI,CAAC,cAAc,EAAE,CAAC;QACpD,OAAO,cAAc,CAAC,cAAc,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,cAAc,KAAK,MAAM,EAAE,CAAC;QAC9B,OAAO,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,aAAa,CAAC,cAAc,CAAC,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,UAAkB;IAC7C,MAAM,CAAC,GAAG,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/C,MAAM,CAAC,GAAG,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,CAAC,KAAK,GAAG,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;IAC5D,OAAO,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;AAC3C,CAAC"}

package/dist/og/ssrf-guard.d.ts

@@ -0,0 +1,38 @@
+/**
+ * SSRF guard for server-side image fetches.
+ *
+ * The OG generator fetches caller-supplied `cover`/`logo` URLs from a public
+ * endpoint. Without a guard, an attacker could probe internal HTTPS hosts
+ * (cloud metadata, private services). This module:
+ *   - enforces https
+ *   - rejects private / loopback / link-local / unique-local / metadata
+ *     targets, checked against the resolved IPs (not just the hostname) so a
+ *     public domain pointing at a private address is still blocked
+ *   - exposes a streaming reader that hard-caps the byte count instead of
+ *     trusting the (forgeable) Content-Length header
+ *
+ * Residual risk: a narrow DNS-rebinding window between the resolve check and
+ * the fetch. Mitigated in practice by the short-lived fetch and the literal-IP
+ * checks; full pinning would require a custom connect-time hook.
+ */
+/** DNS resolver shape — overridable in tests to avoid real network lookups. */
+export type LookupImpl = (host: string) => Promise<Array<{
+    address: string;
+}>>;
+export declare class SsrfBlockedError extends Error {
+    statusCode: number;
+    constructor(message: string);
+}
+/** True if an IPv4/IPv6 literal is private, loopback, link-local, etc. */
+export declare function isPrivateAddress(ip: string): boolean;
+/**
+ * Reject a URL that isn't safe to fetch server-side. Throws SsrfBlockedError
+ * (400) on https violation or a private/blocked resolved address.
+ */
+export declare function assertFetchableUrl(rawUrl: string, lookupImpl?: LookupImpl): Promise<void>;
+/**
+ * Read a fetch Response body into a Buffer, aborting once `maxBytes` is
+ * exceeded. Does not trust Content-Length.
+ */
+export declare function readBodyCapped(res: Response, maxBytes: number): Promise<Buffer>;
+//# sourceMappingURL=ssrf-guard.d.ts.map

package/dist/og/ssrf-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf-guard.d.ts","sourceRoot":"","sources":["../../src/og/ssrf-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAKH,+EAA+E;AAC/E,MAAM,MAAM,UAAU,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAAC;AAI/E,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,UAAU,SAAO;gBACL,OAAO,EAAE,MAAM;CAI5B;AAED,0EAA0E;AAC1E,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAKpD;AA4ED;;;GAGG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,GAAE,UAA0B,GAAG,OAAO,CAAC,IAAI,CAAC,CA+B9G;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAoBrF"}

package/dist/og/ssrf-guard.js

@@ -0,0 +1,188 @@
+/**
+ * SSRF guard for server-side image fetches.
+ *
+ * The OG generator fetches caller-supplied `cover`/`logo` URLs from a public
+ * endpoint. Without a guard, an attacker could probe internal HTTPS hosts
+ * (cloud metadata, private services). This module:
+ *   - enforces https
+ *   - rejects private / loopback / link-local / unique-local / metadata
+ *     targets, checked against the resolved IPs (not just the hostname) so a
+ *     public domain pointing at a private address is still blocked
+ *   - exposes a streaming reader that hard-caps the byte count instead of
+ *     trusting the (forgeable) Content-Length header
+ *
+ * Residual risk: a narrow DNS-rebinding window between the resolve check and
+ * the fetch. Mitigated in practice by the short-lived fetch and the literal-IP
+ * checks; full pinning would require a custom connect-time hook.
+ */
+import { lookup as dnsLookup } from "node:dns/promises";
+import { isIP } from "node:net";
+const defaultLookup = (host) => dnsLookup(host, { all: true });
+export class SsrfBlockedError extends Error {
+    statusCode = 400;
+    constructor(message) {
+        super(message);
+        this.name = "SsrfBlockedError";
+    }
+}
+/** True if an IPv4/IPv6 literal is private, loopback, link-local, etc. */
+export function isPrivateAddress(ip) {
+    const kind = isIP(ip);
+    if (kind === 4)
+        return isPrivateIPv4(ip);
+    if (kind === 6)
+        return isPrivateIPv6(ip.toLowerCase());
+    return true; // not a parseable IP → treat as unsafe
+}
+function isPrivateIPv4(ip) {
+    const o = ip.split(".").map(Number);
+    if (o.length !== 4 || o.some((n) => Number.isNaN(n) || n < 0 || n > 255))
+        return true;
+    const [a, b] = o;
+    if (a === 0)
+        return true; // 0.0.0.0/8
+    if (a === 10)
+        return true; // 10/8 private
+    if (a === 127)
+        return true; // loopback
+    if (a === 169 && b === 254)
+        return true; // link-local + cloud metadata 169.254.169.254
+    if (a === 172 && b >= 16 && b <= 31)
+        return true; // 172.16/12 private
+    if (a === 192 && b === 168)
+        return true; // 192.168/16 private
+    if (a === 100 && b >= 64 && b <= 127)
+        return true; // 100.64/10 CGNAT
+    if (a >= 224)
+        return true; // multicast + reserved
+    return false;
+}
+/**
+ * Expand an IPv6 string (with `::` compression and/or a trailing dotted IPv4)
+ * into its 8 16-bit hextet values. Returns null if it can't be parsed.
+ */
+function expandIPv6(ip) {
+    const parts = ip.split("::");
+    if (parts.length > 2)
+        return null;
+    const toHextets = (segment) => {
+        if (segment === "")
+            return [];
+        const out = [];
+        for (const piece of segment.split(":")) {
+            if (piece.includes(".")) {
+                // Embedded dotted IPv4 → two hextets.
+                const o = piece.split(".").map(Number);
+                if (o.length !== 4 || o.some((n) => Number.isNaN(n) || n < 0 || n > 255))
+                    return null;
+                out.push((o[0] << 8) | o[1], (o[2] << 8) | o[3]);
+            }
+            else {
+                if (!/^[0-9a-fA-F]{1,4}$/.test(piece))
+                    return null;
+                out.push(parseInt(piece, 16));
+            }
+        }
+        return out;
+    };
+    const head = toHextets(parts[0]);
+    const tail = parts.length === 2 ? toHextets(parts[1]) : [];
+    if (head === null || tail === null)
+        return null;
+    if (parts.length === 2) {
+        const gap = 8 - head.length - tail.length;
+        if (gap < 0)
+            return null;
+        return [...head, ...Array(gap).fill(0), ...tail];
+    }
+    return head.length === 8 ? head : null;
+}
+function isPrivateIPv6(ip) {
+    const h = expandIPv6(ip);
+    if (!h)
+        return true; // unparseable → unsafe
+    // Loopback (::1) and unspecified (::)
+    if (h.every((x, i) => (i < 7 ? x === 0 : x === 0 || x === 1)))
+        return true;
+    // IPv4-mapped (::ffff:a.b.c.d, any notation) and deprecated IPv4-compatible
+    // (::a.b.c.d): first 5 hextets zero, optional ffff marker → check embedded v4.
+    const firstFiveZero = h.slice(0, 5).every((x) => x === 0);
+    if (firstFiveZero && (h[5] === 0xffff || h[5] === 0)) {
+        const v4 = `${h[6] >> 8}.${h[6] & 0xff}.${h[7] >> 8}.${h[7] & 0xff}`;
+        return isPrivateIPv4(v4);
+    }
+    const first = h[0];
+    if ((first & 0xff00) === 0xff00)
+        return true; // multicast ff00::/8
+    if ((first & 0xffc0) === 0xfe80)
+        return true; // link-local fe80::/10
+    if ((first & 0xfe00) === 0xfc00)
+        return true; // unique local fc00::/7
+    return false;
+}
+/**
+ * Reject a URL that isn't safe to fetch server-side. Throws SsrfBlockedError
+ * (400) on https violation or a private/blocked resolved address.
+ */
+export async function assertFetchableUrl(rawUrl, lookupImpl = defaultLookup) {
+    let url;
+    try {
+        url = new URL(rawUrl);
+    }
+    catch {
+        throw new SsrfBlockedError(`invalid url: ${rawUrl}`);
+    }
+    if (url.protocol !== "https:") {
+        throw new SsrfBlockedError(`only https image URLs are allowed: ${rawUrl}`);
+    }
+    const host = url.hostname;
+    // Literal IP in the host → check directly (no DNS).
+    if (isIP(host)) {
+        if (isPrivateAddress(host))
+            throw new SsrfBlockedError(`blocked private address: ${host}`);
+        return;
+    }
+    // Hostname → resolve and ensure EVERY address is public.
+    let addrs;
+    try {
+        addrs = await lookupImpl(host);
+    }
+    catch {
+        throw new SsrfBlockedError(`dns resolution failed: ${host}`);
+    }
+    if (addrs.length === 0)
+        throw new SsrfBlockedError(`no addresses for host: ${host}`);
+    for (const { address } of addrs) {
+        if (isPrivateAddress(address)) {
+            throw new SsrfBlockedError(`host ${host} resolves to blocked address ${address}`);
+        }
+    }
+}
+/**
+ * Read a fetch Response body into a Buffer, aborting once `maxBytes` is
+ * exceeded. Does not trust Content-Length.
+ */
+export async function readBodyCapped(res, maxBytes) {
+    if (!res.body) {
+        const buf = Buffer.from(await res.arrayBuffer());
+        if (buf.byteLength > maxBytes)
+            throw new SsrfBlockedError(`response too large (> ${maxBytes} bytes)`);
+        return buf;
+    }
+    const chunks = [];
+    let total = 0;
+    const reader = res.body.getReader();
+    for (;;) {
+        const { done, value } = await reader.read();
+        if (done)
+            break;
+        total += value.byteLength;
+        if (total > maxBytes) {
+            await reader.cancel().catch(() => { });
+            throw new SsrfBlockedError(`response too large (> ${maxBytes} bytes)`);
+        }
+        chunks.push(Buffer.from(value));
+    }
+    return Buffer.concat(chunks);
+}
+//# sourceMappingURL=ssrf-guard.js.map

package/dist/og/ssrf-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf-guard.js","sourceRoot":"","sources":["../../src/og/ssrf-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,MAAM,IAAI,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAKhC,MAAM,aAAa,GAAe,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;AAE3E,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,UAAU,GAAG,GAAG,CAAC;IACjB,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED,0EAA0E;AAC1E,MAAM,UAAU,gBAAgB,CAAC,EAAU;IACzC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC;IACtB,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,aAAa,CAAC,EAAE,CAAC,CAAC;IACzC,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,aAAa,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;IACvD,OAAO,IAAI,CAAC,CAAC,uCAAuC;AACtD,CAAC;AAED,SAAS,aAAa,CAAC,EAAU;IAC/B,MAAM,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACtF,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;IACjB,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,YAAY;IACtC,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC,CAAC,eAAe;IAC1C,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,WAAW;IACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,8CAA8C;IACvF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC,CAAC,oBAAoB;IACtE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,qBAAqB;IAC9D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,kBAAkB;IACrE,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,uBAAuB;IAClD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,EAAU;IAC5B,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAElC,MAAM,SAAS,GAAG,CAAC,OAAe,EAAmB,EAAE;QACrD,IAAI,OAAO,KAAK,EAAE;YAAE,OAAO,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAa,EAAE,CAAC;QACzB,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACvC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,sCAAsC;gBACtC,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACvC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACtF,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACnD,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACnD,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC;IAEF,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3D,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAEhD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1C,IAAI,GAAG,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO,CAAC,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AACzC,CAAC;AAED,SAAS,aAAa,CAAC,EAAU;IAC/B,MAAM,CAAC,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC;IACzB,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,uBAAuB;IAE5C,sCAAsC;IACtC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3E,4EAA4E;IAC5E,+EAA+E;IAC/E,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC1D,IAAI,aAAa,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC;QACrE,OAAO,aAAa,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IAED,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACnB,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,CAAC,qBAAqB;IACnE,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,CAAC,uBAAuB;IACrE,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC,CAAC,wBAAwB;IACtE,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAc,EAAE,aAAyB,aAAa;IAC7F,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,gBAAgB,CAAC,gBAAgB,MAAM,EAAE,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,gBAAgB,CAAC,sCAAsC,MAAM,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC;IAE1B,oDAAoD;IACpD,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACf,IAAI,gBAAgB,CAAC,IAAI,CAAC;YAAE,MAAM,IAAI,gBAAgB,CAAC,4BAA4B,IAAI,EAAE,CAAC,CAAC;QAC3F,OAAO;IACT,CAAC;IAED,yDAAyD;IACzD,IAAI,KAAiC,CAAC;IACtC,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,gBAAgB,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,gBAAgB,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;IACrF,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,KAAK,EAAE,CAAC;QAChC,IAAI,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,gBAAgB,CAAC,QAAQ,IAAI,gCAAgC,OAAO,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAa,EAAE,QAAgB;IAClE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACd,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QACjD,IAAI,GAAG,CAAC,UAAU,GAAG,QAAQ;YAAE,MAAM,IAAI,gBAAgB,CAAC,yBAAyB,QAAQ,SAAS,CAAC,CAAC;QACtG,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;IACpC,SAAS,CAAC;QACR,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;QAC5C,IAAI,IAAI;YAAE,MAAM;QAChB,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC;QAC1B,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;YACrB,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACtC,MAAM,IAAI,gBAAgB,CAAC,yBAAyB,QAAQ,SAAS,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC"}

package/dist/og/templates.d.ts

@@ -0,0 +1,26 @@
+import type { NFTColor } from "./passport-svg.js";
+export type OgTemplate = "default" | "section" | "cover" | "banner";
+export type OgFormat = "png" | "svg" | "html";
+export interface OgTemplateParams {
+    width: number;
+    height: number;
+    logo: string;
+    background: string;
+    logoRounded: boolean;
+    color: NFTColor;
+    title: string;
+    description: string;
+    section: string;
+    cover: string;
+    template: OgTemplate;
+    format: OgFormat;
+}
+/**
+ * Public brand-logo SVG helper. Returns an inline SVG string with the given
+ * stroke color. Not used by any of the 4 OG templates in this file — it's
+ * exported for external callers (e.g., admin UI, embed previews) that want
+ * the same brand mark with a custom stroke.
+ */
+export declare const getLogoSvg: (color: string) => string;
+export declare const getTemplate: (params: OgTemplateParams) => Promise<unknown>;
+//# sourceMappingURL=templates.d.ts.map

package/dist/og/templates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../src/og/templates.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAGlD,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,SAAS,GAAG,OAAO,GAAG,QAAQ,CAAC;AACpE,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,KAAK,GAAG,MAAM,CAAC;AAE9C,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,OAAO,CAAC;IACrB,KAAK,EAAE,QAAQ,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,CAAC;IACrB,MAAM,EAAE,QAAQ,CAAC;CAClB;AAWD;;;;;GAKG;AACH,eAAO,MAAM,UAAU,GAAI,OAAO,MAAM,KAAG,MAe1C,CAAC;AA+TF,eAAO,MAAM,WAAW,GAAU,QAAQ,gBAAgB,KAAG,OAAO,CAAC,OAAO,CAiB3E,CAAC"}