@atproto/aws 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,22 @@
1
1
  # @atproto/aws
2
2
 
3
+ ## 0.1.4
4
+
5
+ ### Patch Changes
6
+
7
+ - Updated dependencies [[`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423)]:
8
+ - @atproto/common@0.3.3
9
+ - @atproto/crypto@0.2.3
10
+ - @atproto/repo@0.3.4
11
+
12
+ ## 0.1.3
13
+
14
+ ### Patch Changes
15
+
16
+ - Updated dependencies []:
17
+ - @atproto/repo@0.3.3
18
+ - @atproto/common@0.3.2
19
+
3
20
  ## 0.1.2
4
21
 
5
22
  ### Patch Changes
package/LICENSE.txt ADDED
@@ -0,0 +1,7 @@
1
+ Dual MIT/Apache-2.0 License
2
+
3
+ Copyright (c) 2022-2023 Bluesky PBC, and Contributors
4
+
5
+ Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
6
+
7
+ Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
@@ -0,0 +1,11 @@
1
+ import { ImageInvalidator } from './types';
2
+ export declare type BunnyConfig = {
3
+ accessKey: string;
4
+ urlPrefix: string;
5
+ };
6
+ export declare class BunnyInvalidator implements ImageInvalidator {
7
+ cfg: BunnyConfig;
8
+ constructor(cfg: BunnyConfig);
9
+ invalidate(_subject: string, paths: string[]): Promise<void>;
10
+ }
11
+ export default BunnyInvalidator;
@@ -1,4 +1,5 @@
1
1
  import * as aws from '@aws-sdk/client-cloudfront';
2
+ import { ImageInvalidator } from './types';
2
3
  export declare type CloudfrontConfig = {
3
4
  distributionId: string;
4
5
  pathPrefix?: string;
@@ -11,6 +12,3 @@ export declare class CloudfrontInvalidator implements ImageInvalidator {
11
12
  invalidate(subject: string, paths: string[]): Promise<void>;
12
13
  }
13
14
  export default CloudfrontInvalidator;
14
- interface ImageInvalidator {
15
- invalidate(subject: string, paths: string[]): Promise<void>;
16
- }
package/dist/index.d.ts CHANGED
@@ -1,3 +1,6 @@
1
1
  export * from './kms';
2
2
  export * from './s3';
3
3
  export * from './cloudfront';
4
+ export * from './bunny';
5
+ export * from './util';
6
+ export * from './types';
package/dist/index.js CHANGED
@@ -618,13 +618,13 @@ var require_s3 = __commonJS({
618
618
  var isDnsCompatibleBucketName = (bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName);
619
619
  exports.isDnsCompatibleBucketName = isDnsCompatibleBucketName;
620
620
  var isArnBucketName = (bucketName) => {
621
- const [arn, partition, service, region, account, typeOrId] = bucketName.split(":");
621
+ const [arn, partition, service2, region, account, typeOrId] = bucketName.split(":");
622
622
  const isArn = arn === "arn" && bucketName.split(":").length >= 6;
623
- const isValidArn = [arn, partition, service, account, typeOrId].filter(Boolean).length === 5;
623
+ const isValidArn = [arn, partition, service2, account, typeOrId].filter(Boolean).length === 5;
624
624
  if (isArn && !isValidArn) {
625
625
  throw new Error(`Invalid ARN: ${bucketName} was an invalid ARN.`);
626
626
  }
627
- return arn === "arn" && !!partition && !!service && !!account && !!typeOrId;
627
+ return arn === "arn" && !!partition && !!service2 && !!account && !!typeOrId;
628
628
  };
629
629
  exports.isArnBucketName = isArnBucketName;
630
630
  }
@@ -12118,11 +12118,11 @@ var require_credentialDerivation = __commonJS({
12118
12118
  var constants_1 = require_constants4();
12119
12119
  var signingKeyCache = {};
12120
12120
  var cacheQueue = [];
12121
- var createScope = (shortDate, region, service) => `${shortDate}/${region}/${service}/${constants_1.KEY_TYPE_IDENTIFIER}`;
12121
+ var createScope = (shortDate, region, service2) => `${shortDate}/${region}/${service2}/${constants_1.KEY_TYPE_IDENTIFIER}`;
12122
12122
  exports.createScope = createScope;
12123
- var getSigningKey = async (sha256Constructor, credentials, shortDate, region, service) => {
12123
+ var getSigningKey = async (sha256Constructor, credentials, shortDate, region, service2) => {
12124
12124
  const credsHash = await hmac2(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId);
12125
- const cacheKey = `${shortDate}:${region}:${service}:${(0, util_hex_encoding_1.toHex)(credsHash)}:${credentials.sessionToken}`;
12125
+ const cacheKey = `${shortDate}:${region}:${service2}:${(0, util_hex_encoding_1.toHex)(credsHash)}:${credentials.sessionToken}`;
12126
12126
  if (cacheKey in signingKeyCache) {
12127
12127
  return signingKeyCache[cacheKey];
12128
12128
  }
@@ -12131,7 +12131,7 @@ var require_credentialDerivation = __commonJS({
12131
12131
  delete signingKeyCache[cacheQueue.shift()];
12132
12132
  }
12133
12133
  let key = `AWS4${credentials.secretAccessKey}`;
12134
- for (const signable of [shortDate, region, service, constants_1.KEY_TYPE_IDENTIFIER]) {
12134
+ for (const signable of [shortDate, region, service2, constants_1.KEY_TYPE_IDENTIFIER]) {
12135
12135
  key = await hmac2(sha256Constructor, key, signable);
12136
12136
  }
12137
12137
  return signingKeyCache[cacheKey] = key;
@@ -12433,8 +12433,8 @@ var require_SignatureV4 = __commonJS({
12433
12433
  var prepareRequest_1 = require_prepareRequest();
12434
12434
  var utilDate_1 = require_utilDate();
12435
12435
  var SignatureV4 = class {
12436
- constructor({ applyChecksum, credentials, region, service, sha256: sha2564, uriEscapePath = true }) {
12437
- this.service = service;
12436
+ constructor({ applyChecksum, credentials, region, service: service2, sha256: sha2564, uriEscapePath = true }) {
12437
+ this.service = service2;
12438
12438
  this.sha256 = sha2564;
12439
12439
  this.uriEscapePath = uriEscapePath;
12440
12440
  this.applyChecksum = typeof applyChecksum === "boolean" ? applyChecksum : true;
@@ -12565,8 +12565,8 @@ ${(0, util_hex_encoding_1.toHex)(hashedRequest)}`;
12565
12565
  hash2.update(stringToSign);
12566
12566
  return (0, util_hex_encoding_1.toHex)(await hash2.digest());
12567
12567
  }
12568
- getSigningKey(credentials, region, shortDate, service) {
12569
- return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region, service || this.service);
12568
+ getSigningKey(credentials, region, shortDate, service2) {
12569
+ return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region, service2 || this.service);
12570
12570
  }
12571
12571
  validateResolvedCredentials(credentials) {
12572
12572
  if (typeof credentials !== "object" || typeof credentials.accessKeyId !== "string" || typeof credentials.secretAccessKey !== "string") {
@@ -19305,12 +19305,12 @@ var require_parseArn = __commonJS({
19305
19305
  const segments = value.split(":");
19306
19306
  if (segments.length < 6)
19307
19307
  return null;
19308
- const [arn, partition, service, region, accountId, ...resourceId] = segments;
19309
- if (arn !== "arn" || partition === "" || service === "" || resourceId[0] === "")
19308
+ const [arn, partition, service2, region, accountId, ...resourceId] = segments;
19309
+ if (arn !== "arn" || partition === "" || service2 === "" || resourceId[0] === "")
19310
19310
  return null;
19311
19311
  return {
19312
19312
  partition,
19313
- service,
19313
+ service: service2,
19314
19314
  region,
19315
19315
  accountId,
19316
19316
  resourceId: resourceId[0].includes("/") ? resourceId[0].split("/") : resourceId
@@ -33760,13 +33760,13 @@ var require_s32 = __commonJS({
33760
33760
  var isDnsCompatibleBucketName = (bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName);
33761
33761
  exports.isDnsCompatibleBucketName = isDnsCompatibleBucketName;
33762
33762
  var isArnBucketName = (bucketName) => {
33763
- const [arn, partition, service, region, account, typeOrId] = bucketName.split(":");
33763
+ const [arn, partition, service2, region, account, typeOrId] = bucketName.split(":");
33764
33764
  const isArn = arn === "arn" && bucketName.split(":").length >= 6;
33765
- const isValidArn = [arn, partition, service, account, typeOrId].filter(Boolean).length === 5;
33765
+ const isValidArn = [arn, partition, service2, account, typeOrId].filter(Boolean).length === 5;
33766
33766
  if (isArn && !isValidArn) {
33767
33767
  throw new Error(`Invalid ARN: ${bucketName} was an invalid ARN.`);
33768
33768
  }
33769
- return arn === "arn" && !!partition && !!service && !!account && !!typeOrId;
33769
+ return arn === "arn" && !!partition && !!service2 && !!account && !!typeOrId;
33770
33770
  };
33771
33771
  exports.isArnBucketName = isArnBucketName;
33772
33772
  }
@@ -47437,10 +47437,10 @@ var require_dist_cjs57 = __commonJS({
47437
47437
  const segments = arn.split(":");
47438
47438
  if (segments.length < 6 || segments[0] !== "arn")
47439
47439
  throw new Error("Malformed ARN");
47440
- const [, partition, service, region, accountId, ...resource] = segments;
47440
+ const [, partition, service2, region, accountId, ...resource] = segments;
47441
47441
  return {
47442
47442
  partition,
47443
- service,
47443
+ service: service2,
47444
47444
  region,
47445
47445
  accountId,
47446
47446
  resource: resource.join(":")
@@ -47448,11 +47448,11 @@ var require_dist_cjs57 = __commonJS({
47448
47448
  };
47449
47449
  exports.parse = parse;
47450
47450
  var build = (arnObject) => {
47451
- const { partition = "aws", service, region, accountId, resource } = arnObject;
47452
- if ([service, region, accountId, resource].some((segment) => typeof segment !== "string")) {
47451
+ const { partition = "aws", service: service2, region, accountId, resource } = arnObject;
47452
+ if ([service2, region, accountId, resource].some((segment) => typeof segment !== "string")) {
47453
47453
  throw new Error("Input ARN object is invalid");
47454
47454
  }
47455
- return `arn:${partition}:${service}:${region}:${accountId}:${resource}`;
47455
+ return `arn:${partition}:${service2}:${region}:${accountId}:${resource}`;
47456
47456
  };
47457
47457
  exports.build = build;
47458
47458
  }
@@ -47597,20 +47597,20 @@ var require_bucketHostnameUtils = __commonJS({
47597
47597
  }
47598
47598
  };
47599
47599
  exports.validateArnEndpointOptions = validateArnEndpointOptions;
47600
- var validateService = (service) => {
47601
- if (service !== "s3" && service !== "s3-outposts" && service !== "s3-object-lambda") {
47600
+ var validateService = (service2) => {
47601
+ if (service2 !== "s3" && service2 !== "s3-outposts" && service2 !== "s3-object-lambda") {
47602
47602
  throw new Error("Expect 's3' or 's3-outposts' or 's3-object-lambda' in ARN service component");
47603
47603
  }
47604
47604
  };
47605
47605
  exports.validateService = validateService;
47606
- var validateS3Service = (service) => {
47607
- if (service !== "s3") {
47606
+ var validateS3Service = (service2) => {
47607
+ if (service2 !== "s3") {
47608
47608
  throw new Error("Expect 's3' in Accesspoint ARN service component");
47609
47609
  }
47610
47610
  };
47611
47611
  exports.validateS3Service = validateS3Service;
47612
- var validateOutpostService = (service) => {
47613
- if (service !== "s3-outposts") {
47612
+ var validateOutpostService = (service2) => {
47613
+ if (service2 !== "s3-outposts") {
47614
47614
  throw new Error("Expect 's3-posts' in Outpost ARN service component");
47615
47615
  }
47616
47616
  };
@@ -47742,12 +47742,12 @@ var require_bucketHostname = __commonJS({
47742
47742
  const hostnameSuffix = isCustomEndpoint ? baseHostname : (0, bucketHostnameUtils_1.getSuffixForArnEndpoint)(baseHostname)[1];
47743
47743
  const { pathStyleEndpoint, accelerateEndpoint = false, fipsEndpoint = false, tlsCompatible = true, bucketName, clientPartition = "aws" } = options;
47744
47744
  (0, bucketHostnameUtils_1.validateArnEndpointOptions)({ pathStyleEndpoint, accelerateEndpoint, tlsCompatible });
47745
- const { service, partition, accountId, region, resource } = bucketName;
47746
- (0, bucketHostnameUtils_1.validateService)(service);
47745
+ const { service: service2, partition, accountId, region, resource } = bucketName;
47746
+ (0, bucketHostnameUtils_1.validateService)(service2);
47747
47747
  (0, bucketHostnameUtils_1.validatePartition)(partition, { clientPartition });
47748
47748
  (0, bucketHostnameUtils_1.validateAccountId)(accountId);
47749
47749
  const { accesspointName, outpostId } = (0, bucketHostnameUtils_1.getArnResources)(resource);
47750
- if (service === "s3-object-lambda") {
47750
+ if (service2 === "s3-object-lambda") {
47751
47751
  return getEndpointFromObjectLambdaArn({ ...options, tlsCompatible, bucketName, accesspointName, hostnameSuffix });
47752
47752
  }
47753
47753
  if (region === "") {
@@ -47759,7 +47759,7 @@ var require_bucketHostname = __commonJS({
47759
47759
  return getEndpointFromAccessPointArn({ ...options, clientRegion, accesspointName, hostnameSuffix });
47760
47760
  };
47761
47761
  var getEndpointFromObjectLambdaArn = ({ dualstackEndpoint = false, fipsEndpoint = false, tlsCompatible = true, useArnRegion, clientRegion, clientSigningRegion = clientRegion, accesspointName, bucketName, hostnameSuffix }) => {
47762
- const { accountId, region, service } = bucketName;
47762
+ const { accountId, region, service: service2 } = bucketName;
47763
47763
  (0, bucketHostnameUtils_1.validateRegionalClient)(clientRegion);
47764
47764
  (0, bucketHostnameUtils_1.validateRegion)(region, {
47765
47765
  useArnRegion,
@@ -47775,9 +47775,9 @@ var require_bucketHostname = __commonJS({
47775
47775
  const signingRegion = useArnRegion ? region : clientSigningRegion;
47776
47776
  return {
47777
47777
  bucketEndpoint: true,
47778
- hostname: `${DNSHostLabel}.${service}${fipsEndpoint ? "-fips" : ""}.${endpointRegion}.${hostnameSuffix}`,
47778
+ hostname: `${DNSHostLabel}.${service2}${fipsEndpoint ? "-fips" : ""}.${endpointRegion}.${hostnameSuffix}`,
47779
47779
  signingRegion,
47780
- signingService: service
47780
+ signingService: service2
47781
47781
  };
47782
47782
  };
47783
47783
  var getEndpointFromMRAPArn = ({ disableMultiregionAccessPoints, dualstackEndpoint = false, isCustomEndpoint, mrapAlias, hostnameSuffix }) => {
@@ -56676,11 +56676,11 @@ var require_credentialDerivation2 = __commonJS({
56676
56676
  var constants_1 = require_constants13();
56677
56677
  var signingKeyCache = {};
56678
56678
  var cacheQueue = [];
56679
- var createScope = (shortDate, region, service) => `${shortDate}/${region}/${service}/${constants_1.KEY_TYPE_IDENTIFIER}`;
56679
+ var createScope = (shortDate, region, service2) => `${shortDate}/${region}/${service2}/${constants_1.KEY_TYPE_IDENTIFIER}`;
56680
56680
  exports.createScope = createScope;
56681
- var getSigningKey = async (sha256Constructor, credentials, shortDate, region, service) => {
56681
+ var getSigningKey = async (sha256Constructor, credentials, shortDate, region, service2) => {
56682
56682
  const credsHash = await hmac2(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId);
56683
- const cacheKey = `${shortDate}:${region}:${service}:${(0, util_hex_encoding_1.toHex)(credsHash)}:${credentials.sessionToken}`;
56683
+ const cacheKey = `${shortDate}:${region}:${service2}:${(0, util_hex_encoding_1.toHex)(credsHash)}:${credentials.sessionToken}`;
56684
56684
  if (cacheKey in signingKeyCache) {
56685
56685
  return signingKeyCache[cacheKey];
56686
56686
  }
@@ -56689,7 +56689,7 @@ var require_credentialDerivation2 = __commonJS({
56689
56689
  delete signingKeyCache[cacheQueue.shift()];
56690
56690
  }
56691
56691
  let key = `AWS4${credentials.secretAccessKey}`;
56692
- for (const signable of [shortDate, region, service, constants_1.KEY_TYPE_IDENTIFIER]) {
56692
+ for (const signable of [shortDate, region, service2, constants_1.KEY_TYPE_IDENTIFIER]) {
56693
56693
  key = await hmac2(sha256Constructor, key, signable);
56694
56694
  }
56695
56695
  return signingKeyCache[cacheKey] = key;
@@ -56980,8 +56980,8 @@ var require_SignatureV42 = __commonJS({
56980
56980
  var prepareRequest_1 = require_prepareRequest2();
56981
56981
  var utilDate_1 = require_utilDate2();
56982
56982
  var SignatureV4 = class {
56983
- constructor({ applyChecksum, credentials, region, service, sha256: sha2564, uriEscapePath = true }) {
56984
- this.service = service;
56983
+ constructor({ applyChecksum, credentials, region, service: service2, sha256: sha2564, uriEscapePath = true }) {
56984
+ this.service = service2;
56985
56985
  this.sha256 = sha2564;
56986
56986
  this.uriEscapePath = uriEscapePath;
56987
56987
  this.applyChecksum = typeof applyChecksum === "boolean" ? applyChecksum : true;
@@ -57112,8 +57112,8 @@ ${(0, util_hex_encoding_1.toHex)(hashedRequest)}`;
57112
57112
  hash2.update(stringToSign);
57113
57113
  return (0, util_hex_encoding_1.toHex)(await hash2.digest());
57114
57114
  }
57115
- getSigningKey(credentials, region, shortDate, service) {
57116
- return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region, service || this.service);
57115
+ getSigningKey(credentials, region, shortDate, service2) {
57116
+ return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region, service2 || this.service);
57117
57117
  }
57118
57118
  validateResolvedCredentials(credentials) {
57119
57119
  if (typeof credentials !== "object" || typeof credentials.accessKeyId !== "string" || typeof credentials.secretAccessKey !== "string") {
@@ -62482,12 +62482,12 @@ var require_parseArn2 = __commonJS({
62482
62482
  const segments = value.split(":");
62483
62483
  if (segments.length < 6)
62484
62484
  return null;
62485
- const [arn, partition, service, region, accountId, ...resourceId] = segments;
62486
- if (arn !== "arn" || partition === "" || service === "" || resourceId[0] === "")
62485
+ const [arn, partition, service2, region, accountId, ...resourceId] = segments;
62486
+ if (arn !== "arn" || partition === "" || service2 === "" || resourceId[0] === "")
62487
62487
  return null;
62488
62488
  return {
62489
62489
  partition,
62490
- service,
62490
+ service: service2,
62491
62491
  region,
62492
62492
  accountId,
62493
62493
  resourceId: resourceId[0].includes("/") ? resourceId[0].split("/") : resourceId
@@ -81004,13 +81004,13 @@ var require_s33 = __commonJS({
81004
81004
  var isDnsCompatibleBucketName = (bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName);
81005
81005
  exports.isDnsCompatibleBucketName = isDnsCompatibleBucketName;
81006
81006
  var isArnBucketName = (bucketName) => {
81007
- const [arn, partition, service, region, account, typeOrId] = bucketName.split(":");
81007
+ const [arn, partition, service2, region, account, typeOrId] = bucketName.split(":");
81008
81008
  const isArn = arn === "arn" && bucketName.split(":").length >= 6;
81009
- const isValidArn = [arn, partition, service, account, typeOrId].filter(Boolean).length === 5;
81009
+ const isValidArn = [arn, partition, service2, account, typeOrId].filter(Boolean).length === 5;
81010
81010
  if (isArn && !isValidArn) {
81011
81011
  throw new Error(`Invalid ARN: ${bucketName} was an invalid ARN.`);
81012
81012
  }
81013
- return arn === "arn" && !!partition && !!service && !!account && !!typeOrId;
81013
+ return arn === "arn" && !!partition && !!service2 && !!account && !!typeOrId;
81014
81014
  };
81015
81015
  exports.isArnBucketName = isArnBucketName;
81016
81016
  }
@@ -96694,13 +96694,13 @@ var require_s34 = __commonJS({
96694
96694
  var isDnsCompatibleBucketName = (bucketName) => DOMAIN_PATTERN.test(bucketName) && !IP_ADDRESS_PATTERN.test(bucketName) && !DOTS_PATTERN.test(bucketName);
96695
96695
  exports.isDnsCompatibleBucketName = isDnsCompatibleBucketName;
96696
96696
  var isArnBucketName = (bucketName) => {
96697
- const [arn, partition, service, region, account, typeOrId] = bucketName.split(":");
96697
+ const [arn, partition, service2, region, account, typeOrId] = bucketName.split(":");
96698
96698
  const isArn = arn === "arn" && bucketName.split(":").length >= 6;
96699
- const isValidArn = [arn, partition, service, account, typeOrId].filter(Boolean).length === 5;
96699
+ const isValidArn = [arn, partition, service2, account, typeOrId].filter(Boolean).length === 5;
96700
96700
  if (isArn && !isValidArn) {
96701
96701
  throw new Error(`Invalid ARN: ${bucketName} was an invalid ARN.`);
96702
96702
  }
96703
- return arn === "arn" && !!partition && !!service && !!account && !!typeOrId;
96703
+ return arn === "arn" && !!partition && !!service2 && !!account && !!typeOrId;
96704
96704
  };
96705
96705
  exports.isArnBucketName = isArnBucketName;
96706
96706
  }
@@ -98356,11 +98356,11 @@ var require_credentialDerivation3 = __commonJS({
98356
98356
  var constants_1 = require_constants21();
98357
98357
  var signingKeyCache = {};
98358
98358
  var cacheQueue = [];
98359
- var createScope = (shortDate, region, service) => `${shortDate}/${region}/${service}/${constants_1.KEY_TYPE_IDENTIFIER}`;
98359
+ var createScope = (shortDate, region, service2) => `${shortDate}/${region}/${service2}/${constants_1.KEY_TYPE_IDENTIFIER}`;
98360
98360
  exports.createScope = createScope;
98361
- var getSigningKey = async (sha256Constructor, credentials, shortDate, region, service) => {
98361
+ var getSigningKey = async (sha256Constructor, credentials, shortDate, region, service2) => {
98362
98362
  const credsHash = await hmac2(sha256Constructor, credentials.secretAccessKey, credentials.accessKeyId);
98363
- const cacheKey = `${shortDate}:${region}:${service}:${(0, util_hex_encoding_1.toHex)(credsHash)}:${credentials.sessionToken}`;
98363
+ const cacheKey = `${shortDate}:${region}:${service2}:${(0, util_hex_encoding_1.toHex)(credsHash)}:${credentials.sessionToken}`;
98364
98364
  if (cacheKey in signingKeyCache) {
98365
98365
  return signingKeyCache[cacheKey];
98366
98366
  }
@@ -98369,7 +98369,7 @@ var require_credentialDerivation3 = __commonJS({
98369
98369
  delete signingKeyCache[cacheQueue.shift()];
98370
98370
  }
98371
98371
  let key = `AWS4${credentials.secretAccessKey}`;
98372
- for (const signable of [shortDate, region, service, constants_1.KEY_TYPE_IDENTIFIER]) {
98372
+ for (const signable of [shortDate, region, service2, constants_1.KEY_TYPE_IDENTIFIER]) {
98373
98373
  key = await hmac2(sha256Constructor, key, signable);
98374
98374
  }
98375
98375
  return signingKeyCache[cacheKey] = key;
@@ -98627,8 +98627,8 @@ var require_SignatureV43 = __commonJS({
98627
98627
  var prepareRequest_1 = require_prepareRequest3();
98628
98628
  var utilDate_1 = require_utilDate3();
98629
98629
  var SignatureV4 = class {
98630
- constructor({ applyChecksum, credentials, region, service, sha256: sha2564, uriEscapePath = true }) {
98631
- this.service = service;
98630
+ constructor({ applyChecksum, credentials, region, service: service2, sha256: sha2564, uriEscapePath = true }) {
98631
+ this.service = service2;
98632
98632
  this.sha256 = sha2564;
98633
98633
  this.uriEscapePath = uriEscapePath;
98634
98634
  this.applyChecksum = typeof applyChecksum === "boolean" ? applyChecksum : true;
@@ -98759,8 +98759,8 @@ ${(0, util_hex_encoding_1.toHex)(hashedRequest)}`;
98759
98759
  hash2.update((0, util_utf8_1.toUint8Array)(stringToSign));
98760
98760
  return (0, util_hex_encoding_1.toHex)(await hash2.digest());
98761
98761
  }
98762
- getSigningKey(credentials, region, shortDate, service) {
98763
- return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region, service || this.service);
98762
+ getSigningKey(credentials, region, shortDate, service2) {
98763
+ return (0, credentialDerivation_1.getSigningKey)(this.sha256, credentials, shortDate, region, service2 || this.service);
98764
98764
  }
98765
98765
  validateResolvedCredentials(credentials) {
98766
98766
  if (typeof credentials !== "object" || typeof credentials.accessKeyId !== "string" || typeof credentials.secretAccessKey !== "string") {
@@ -105253,12 +105253,12 @@ var require_parseArn3 = __commonJS({
105253
105253
  const segments = value.split(":");
105254
105254
  if (segments.length < 6)
105255
105255
  return null;
105256
- const [arn, partition, service, region, accountId, ...resourceId] = segments;
105257
- if (arn !== "arn" || partition === "" || service === "" || resourceId[0] === "")
105256
+ const [arn, partition, service2, region, accountId, ...resourceId] = segments;
105257
+ if (arn !== "arn" || partition === "" || service2 === "" || resourceId[0] === "")
105258
105258
  return null;
105259
105259
  return {
105260
105260
  partition,
105261
- service,
105261
+ service: service2,
105262
105262
  region,
105263
105263
  accountId,
105264
105264
  resourceId: resourceId[0].includes("/") ? resourceId[0].split("/") : resourceId
@@ -135549,8 +135549,10 @@ var require_dist_cjs167 = __commonJS({
135549
135549
  // src/index.ts
135550
135550
  var src_exports4 = {};
135551
135551
  __export(src_exports4, {
135552
+ BunnyInvalidator: () => BunnyInvalidator,
135552
135553
  CloudfrontInvalidator: () => CloudfrontInvalidator,
135553
135554
  KmsKeypair: () => KmsKeypair,
135555
+ MultiImageInvalidator: () => MultiImageInvalidator,
135554
135556
  S3BlobStore: () => S3BlobStore
135555
135557
  });
135556
135558
  module.exports = __toCommonJS(src_exports4);
@@ -138550,16 +138552,18 @@ var decompressPubkey2 = (compressed) => {
138550
138552
  };
138551
138553
 
138552
138554
  // ../crypto/src/p256/operations.ts
138553
- var verifyDidSig = async (did2, data, sig) => {
138555
+ var verifyDidSig = async (did2, data, sig, opts) => {
138554
138556
  const { jwtAlg, keyBytes } = parseDidKey(did2);
138555
138557
  if (jwtAlg !== P256_JWT_ALG) {
138556
138558
  throw new Error(`Not a P-256 did:key: ${did2}`);
138557
138559
  }
138558
- return verifySig(keyBytes, data, sig);
138560
+ return verifySig(keyBytes, data, sig, opts);
138559
138561
  };
138560
- var verifySig = async (publicKey, data, sig) => {
138562
+ var verifySig = async (publicKey, data, sig, opts) => {
138561
138563
  const msgHash = await sha256(data);
138562
- return p256.verify(sig, msgHash, publicKey, { lowS: true });
138564
+ return p256.verify(sig, msgHash, publicKey, {
138565
+ lowS: opts?.lowS ?? true
138566
+ });
138563
138567
  };
138564
138568
 
138565
138569
  // ../crypto/src/p256/plugin.ts
@@ -138571,16 +138575,18 @@ var p256Plugin = {
138571
138575
  var plugin_default = p256Plugin;
138572
138576
 
138573
138577
  // ../crypto/src/secp256k1/operations.ts
138574
- var verifyDidSig2 = async (did2, data, sig) => {
138578
+ var verifyDidSig2 = async (did2, data, sig, opts) => {
138575
138579
  const { jwtAlg, keyBytes } = parseDidKey(did2);
138576
138580
  if (jwtAlg !== SECP256K1_JWT_ALG) {
138577
138581
  throw new Error(`Not a secp256k1 did:key: ${did2}`);
138578
138582
  }
138579
- return verifySig2(keyBytes, data, sig);
138583
+ return verifySig2(keyBytes, data, sig, opts);
138580
138584
  };
138581
- var verifySig2 = async (publicKey, data, sig) => {
138585
+ var verifySig2 = async (publicKey, data, sig, opts) => {
138582
138586
  const msgHash = await sha256(data);
138583
- return secp256k1.verify(sig, msgHash, publicKey, { lowS: true });
138587
+ return secp256k1.verify(sig, msgHash, publicKey, {
138588
+ lowS: opts?.lowS ?? true
138589
+ });
138584
138590
  };
138585
138591
 
138586
138592
  // ../crypto/src/secp256k1/plugin.ts
@@ -142345,6 +142351,21 @@ var ensureValidNsid = (nsid2) => {
142345
142351
  var InvalidNsidError = class extends Error {
142346
142352
  };
142347
142353
 
142354
+ // ../common-web/src/async.ts
142355
+ var handleAllSettledErrors = (results) => {
142356
+ const errors = results.filter(isRejected).map((res) => res.reason);
142357
+ if (errors.length === 0) {
142358
+ return;
142359
+ }
142360
+ if (errors.length === 1) {
142361
+ throw errors[0];
142362
+ }
142363
+ throw new AggregateError(errors, "Multiple errors: " + errors.map((err) => err?.message).join("\n"));
142364
+ };
142365
+ var isRejected = (result) => {
142366
+ return result.status === "rejected";
142367
+ };
142368
+
142348
142369
  // ../common-web/src/types.ts
142349
142370
  var cidSchema = z.any().refine((obj) => CID.asCID(obj) !== null, {
142350
142371
  message: "Not a CID"
@@ -142389,6 +142410,25 @@ var DAY = HOUR * 24;
142389
142410
  // ../common-web/src/strings.ts
142390
142411
  var import_graphemer = __toESM(require_lib4());
142391
142412
 
142413
+ // ../common-web/src/did-doc.ts
142414
+ var verificationMethod = z.object({
142415
+ id: z.string(),
142416
+ type: z.string(),
142417
+ controller: z.string(),
142418
+ publicKeyMultibase: z.string().optional()
142419
+ });
142420
+ var service = z.object({
142421
+ id: z.string(),
142422
+ type: z.string(),
142423
+ serviceEndpoint: z.union([z.string(), z.record(z.unknown())])
142424
+ });
142425
+ var didDocument = z.object({
142426
+ id: z.string(),
142427
+ alsoKnownAs: z.array(z.string()).optional(),
142428
+ verificationMethod: z.array(verificationMethod).optional(),
142429
+ service: z.array(service).optional()
142430
+ });
142431
+
142392
142432
  // ../lexicon/src/validators/formats.ts
142393
142433
  var import_iso_datestring_validator = __toESM(require_dist2());
142394
142434
 
@@ -146449,10 +146489,47 @@ var CloudfrontInvalidator = class {
146449
146489
  });
146450
146490
  }
146451
146491
  };
146492
+
146493
+ // src/bunny.ts
146494
+ var API_PURGE_URL = "https://api.bunny.net/purge";
146495
+ var BunnyInvalidator = class {
146496
+ constructor(cfg) {
146497
+ this.cfg = cfg;
146498
+ }
146499
+ async invalidate(_subject, paths) {
146500
+ const results = await Promise.allSettled(paths.map(async (path) => purgeUrl({
146501
+ url: this.cfg.urlPrefix + path,
146502
+ accessKey: this.cfg.accessKey
146503
+ })));
146504
+ handleAllSettledErrors(results);
146505
+ }
146506
+ };
146507
+ async function purgeUrl(opts) {
146508
+ const search = new URLSearchParams();
146509
+ search.set("async", "true");
146510
+ search.set("url", opts.url);
146511
+ await fetch(API_PURGE_URL + "?" + search.toString(), {
146512
+ method: "post",
146513
+ headers: { AccessKey: opts.accessKey }
146514
+ });
146515
+ }
146516
+
146517
+ // src/util.ts
146518
+ var MultiImageInvalidator = class {
146519
+ constructor(invalidators) {
146520
+ this.invalidators = invalidators;
146521
+ }
146522
+ async invalidate(subject, paths) {
146523
+ const results = await Promise.allSettled(this.invalidators.map((invalidator) => invalidator.invalidate(subject, paths)));
146524
+ handleAllSettledErrors(results);
146525
+ }
146526
+ };
146452
146527
  // Annotate the CommonJS export names for ESM import in node:
146453
146528
  0 && (module.exports = {
146529
+ BunnyInvalidator,
146454
146530
  CloudfrontInvalidator,
146455
146531
  KmsKeypair,
146532
+ MultiImageInvalidator,
146456
146533
  S3BlobStore
146457
146534
  });
146458
146535
  /*! *****************************************************************************