@atcute/oauth-types 0.1.1 → 1.0.0

package/lib/schemas/oauth-token-response.ts

@@ -1,22 +1,22 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
 
-import { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.js';
-import { oauthTokenTypeSchema } from './oauth-token-type.js';
+import { oauthAuthorizationDetailsSchema } from './oauth-authorization-details.ts';
+import { oauthTokenTypeSchema } from './oauth-token-type.ts';
 
 /**
  * @see {@link https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1 | RFC 6749 (OAuth2), Section 5.1}
  */
-export const oauthTokenResponseSchema = v.object({
+export const oauthTokenResponseSchema = v.looseObject({
 	// https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1
 	access_token: v.string(),
 	token_type: oauthTokenTypeSchema,
-	scope: v.string().optional(),
-	refresh_token: v.string().optional(),
-	expires_in: v.number().optional(),
+	scope: v.optional(v.string()),
+	refresh_token: v.optional(v.string()),
+	expires_in: v.optional(v.number()),
 	// https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
-	id_token: v.string().optional(),
+	id_token: v.optional(v.string()),
 	// https://datatracker.ietf.org/doc/html/rfc9396#name-enriched-authorization-deta
-	authorization_details: oauthAuthorizationDetailsSchema.optional(),
+	authorization_details: v.optional(oauthAuthorizationDetailsSchema),
 });
 
-export type OAuthTokenResponse = v.Infer<typeof oauthTokenResponseSchema>;
+export type OAuthTokenResponse = v.InferOutput<typeof oauthTokenResponseSchema>;

package/lib/schemas/oauth-token-type.ts

@@ -1,15 +1,19 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
 
 /** token type (case-insensitive input, normalized output) */
-export const oauthTokenTypeSchema = v.string().chain((input) => {
-	const lower = input.toLowerCase();
-	if (lower === 'dpop') {
-		return v.ok('DPoP');
-	}
-	if (lower === 'bearer') {
-		return v.ok('Bearer');
-	}
-	return v.err(`must be "DPoP" or "Bearer"`);
-});
+export const oauthTokenTypeSchema = v.pipe(
+	v.string(),
+	v.rawTransform<string, 'DPoP' | 'Bearer'>(({ dataset, addIssue, NEVER }) => {
+		const lower = dataset.value.toLowerCase();
+		if (lower === 'dpop') {
+			return 'DPoP';
+		}
+		if (lower === 'bearer') {
+			return 'Bearer';
+		}
+		addIssue({ message: `must be "DPoP" or "Bearer"` });
+		return NEVER;
+	}),
+);
 
-export type OAuthTokenType = v.Infer<typeof oauthTokenTypeSchema>;
+export type OAuthTokenType = v.InferOutput<typeof oauthTokenTypeSchema>;

package/lib/schemas/uri.ts

@@ -1,100 +1,113 @@
-import * as v from '@badrap/valita';
+import * as v from 'valibot';
 
-import { isHostnameIP, isLocalHostname, isLoopbackHost } from './utils.js';
+import { isHostnameIP, isLocalHostname, isLoopbackHost } from './utils.ts';
 
 /**
  * valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).
  *
  * any value that matches this schema is safe to parse using `new URL()`.
  */
-export const urlSchema = v.string().chain((input) => {
-	if (input.includes(':') && URL.canParse(input)) {
-		return v.ok(input);
-	}
-	return v.err(`must be a valid url`);
-});
+export const urlSchema = v.pipe(
+	v.string(),
+	v.check((input) => input.includes(':') && URL.canParse(input), `must be a valid url`),
+);
 
 /** loopback URL (http://localhost, http://127.0.0.1, http://[::1]) */
-export const loopbackUriSchema = urlSchema.chain((input) => {
-	if (!input.startsWith('http://')) {
-		return v.err(`loopback url must use http: protocol`);
-	}
-
-	const url = new URL(input);
-	if (!isLoopbackHost(url.hostname)) {
-		return v.err(`loopback url must use localhost, 127.0.0.1, or [::1] as hostname`);
-	}
-
-	return v.ok(input);
-});
+export const loopbackUriSchema = v.pipe(
+	urlSchema,
+	v.rawCheck(({ dataset, addIssue }) => {
+		if (!dataset.typed) {
+			return;
+		}
+		const input = dataset.value;
+		if (!input.startsWith('http://')) {
+			addIssue({ message: `loopback url must use http: protocol` });
+			return;
+		}
+		if (!isLoopbackHost(new URL(input).hostname)) {
+			addIssue({ message: `loopback url must use localhost, 127.0.0.1, or [::1] as hostname` });
+		}
+	}),
+);
 
 /** HTTPS URL with additional restrictions */
-export const httpsUriSchema = urlSchema.chain((input) => {
-	if (!input.startsWith('https://')) {
-		return v.err(`url must use https: protocol`);
-	}
-
-	const url = new URL(input);
-
-	if (isLoopbackHost(url.hostname)) {
-		return v.err(`https url must not use a loopback host`);
-	}
-
-	if (!isHostnameIP(url.hostname)) {
-		if (!url.hostname.includes('.')) {
-			return v.err(`domain name must contain at least two segments`);
+export const httpsUriSchema = v.pipe(
+	urlSchema,
+	v.rawCheck(({ dataset, addIssue }) => {
+		if (!dataset.typed) {
+			return;
 		}
-		if (url.hostname.endsWith('.local')) {
-			return v.err(`domain name must not end with .local`);
+		const input = dataset.value;
+		if (!input.startsWith('https://')) {
+			addIssue({ message: `url must use https: protocol` });
+			return;
 		}
-	}
 
-	return v.ok(input);
-});
+		const url = new URL(input);
 
-/** web URL (either loopback http or https) */
-export const webUriSchema = urlSchema.chain((input, options) => {
-	if (input.startsWith('http://')) {
-		return loopbackUriSchema.try(input, options);
-	}
+		if (isLoopbackHost(url.hostname)) {
+			addIssue({ message: `https url must not use a loopback host` });
+			return;
+		}
 
-	if (input.startsWith('https://')) {
-		return httpsUriSchema.try(input, options);
-	}
+		if (!isHostnameIP(url.hostname)) {
+			if (!url.hostname.includes('.')) {
+				addIssue({ message: `domain name must contain at least two segments` });
+				return;
+			}
+			if (url.hostname.endsWith('.local')) {
+				addIssue({ message: `domain name must not end with .local` });
+			}
+		}
+	}),
+);
 
-	return v.err(`url must use http: or https: protocol`);
-});
+/** web URL (either loopback http or https) */
+export const webUriSchema = v.union(
+	[loopbackUriSchema, httpsUriSchema],
+	`url must use http: or https: protocol`,
+);
 
 /** web URL with a non-local hostname */
-export const nonLocalWebUriSchema = webUriSchema.chain((input) => {
-	const url = new URL(input);
-	if (isLocalHostname(url.hostname)) {
-		return v.err(`hostname is invalid`);
-	}
-	return v.ok(input);
-});
+export const nonLocalWebUriSchema = v.pipe(
+	webUriSchema,
+	v.check((input) => !isLocalHostname(new URL(input).hostname), `hostname is invalid`),
+);
 
 /** private-use URI scheme (e.g., com.example.app:/callback) */
-export const privateUseUriSchema = urlSchema.chain((input) => {
-	const dotIdx = input.indexOf('.');
-	const colonIdx = input.indexOf(':');
-
-	if (dotIdx === -1 || colonIdx === -1 || dotIdx > colonIdx) {
-		return v.err(`private-use uri scheme must contain a dot in the protocol`);
-	}
-
-	const url = new URL(input);
-	const scheme = url.protocol.slice(0, -1);
-	const domain = scheme.split('.').reverse().join('.');
+export const privateUseUriSchema = v.pipe(
+	urlSchema,
+	v.rawCheck(({ dataset, addIssue }) => {
+		if (!dataset.typed) {
+			return;
+		}
+		const input = dataset.value;
 
-	if (isLocalHostname(domain)) {
-		return v.err(`private-use uri scheme must not be a local hostname`);
-	}
+		const dotIdx = input.indexOf('.');
+		const colonIdx = input.indexOf(':');
+		if (dotIdx === -1 || colonIdx === -1 || dotIdx > colonIdx) {
+			addIssue({ message: `private-use uri scheme must contain a dot in the protocol` });
+			return;
+		}
 
-	// RFC 8252: private-use URIs must use single slash after scheme
-	if (url.href.startsWith(`${url.protocol}//`) || url.username || url.password || url.hostname || url.port) {
-		return v.err(`private-use uri must be in the form scheme:/<path>`);
-	}
+		const url = new URL(input);
+		const scheme = url.protocol.slice(0, -1);
+		// oxlint-disable-next-line unicorn/no-array-reverse -- split already clones
+		const domain = scheme.split('.').reverse().join('.');
+		if (isLocalHostname(domain)) {
+			addIssue({ message: `private-use uri scheme must not be a local hostname` });
+			return;
+		}
 
-	return v.ok(input);
-});
+		// RFC 8252: private-use URIs must use single slash after scheme
+		if (
+			url.href.startsWith(`${url.protocol}//`) ||
+			url.username ||
+			url.password ||
+			url.hostname ||
+			url.port
+		) {
+			addIssue({ message: `private-use uri must be in the form scheme:/<path>` });
+		}
+	}),
+);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atcute/oauth-types",
-  "version": "0.1.1",
+  "version": "1.0.0",
   "description": "OAuth types and schemas for AT Protocol",
   "license": "0BSD",
   "repository": {
@@ -11,7 +11,8 @@
     "dist/",
     "lib/",
     "!lib/**/*.bench.ts",
-    "!lib/**/*.test.ts"
+    "!lib/**/*.test.ts",
+    "!dist/**/*.{test,bench}.*"
   ],
   "type": "module",
   "sideEffects": false,
@@ -22,16 +23,16 @@
     "access": "public"
   },
   "dependencies": {
-    "@badrap/valita": "^0.4.6",
-    "@atcute/identity": "^1.1.3",
-    "@atcute/lexicons": "^1.2.7",
-    "@atcute/oauth-keyset": "^0.1.0"
+    "valibot": "^1.4.0",
+    "@atcute/lexicons": "^2.0.0",
+    "@atcute/identity": "^2.0.0",
+    "@atcute/oauth-keyset": "^0.1.1"
   },
   "devDependencies": {
-    "vitest": "^4.0.16"
+    "vitest": "^4.1.5"
   },
   "scripts": {
-    "build": "tsgo --project tsconfig.build.json",
+    "build": "tsgo",
     "test": "vitest",
     "prepublish": "rm -rf dist; pnpm run build"
   }