@atproto/bsky 0.0.198 → 0.0.199

package/dist/api/age-assurance/kws/external-payload.js

@@ -0,0 +1,124 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KWSExternalPayloadV2Schema = exports.KWSExternalPayloadV1Schema = exports.KWSExternalPayloadVersion = exports.KWSExternalPayloadTooLargeError = exports.KWS_EXTERNAL_PAYLOAD_CHAR_LIMIT = void 0;
+exports.parseKWSExternalPayloadVersion = parseKWSExternalPayloadVersion;
+exports.parseKWSExternalPayloadV1 = parseKWSExternalPayloadV1;
+exports.serializeKWSExternalPayloadV1 = serializeKWSExternalPayloadV1;
+exports.parseKWSExternalPayloadV1WithV2Compat = parseKWSExternalPayloadV1WithV2Compat;
+exports.serializeKWSExternalPayloadV2 = serializeKWSExternalPayloadV2;
+exports.parseKWSExternalPayloadV2 = parseKWSExternalPayloadV2;
+const zod_1 = require("zod");
+exports.KWS_EXTERNAL_PAYLOAD_CHAR_LIMIT = 250;
+/**
+ * Thrown when the provided external payload exceeds KWS's character limit.
+ *
+ * This is most commonly caused by DIDs that are too long, such as for
+ * `did:web` DIDs. But it's very rare, and the client has special handling for
+ * this case.
+ */
+class KWSExternalPayloadTooLargeError extends Error {
+}
+exports.KWSExternalPayloadTooLargeError = KWSExternalPayloadTooLargeError;
+var KWSExternalPayloadVersion;
+(function (KWSExternalPayloadVersion) {
+    KWSExternalPayloadVersion["V1"] = "1";
+    KWSExternalPayloadVersion["V2"] = "2";
+})(KWSExternalPayloadVersion || (exports.KWSExternalPayloadVersion = KWSExternalPayloadVersion = {}));
+function parseKWSExternalPayloadVersion(raw) {
+    switch (raw) {
+        case KWSExternalPayloadVersion.V2:
+            return KWSExternalPayloadVersion.V2;
+        default:
+            return KWSExternalPayloadVersion.V1;
+    }
+}
+exports.KWSExternalPayloadV1Schema = zod_1.z.object({
+    actorDid: zod_1.z.string(),
+    attemptId: zod_1.z.string(),
+});
+function parseKWSExternalPayloadV1(raw) {
+    try {
+        const value = JSON.parse(raw);
+        return exports.KWSExternalPayloadV1Schema.parse(value);
+    }
+    catch (err) {
+        throw new Error(`Failed to parse KWSExternalPayloadV1`, {
+            cause: err,
+        });
+    }
+}
+function serializeKWSExternalPayloadV1(payload) {
+    try {
+        return JSON.stringify(exports.KWSExternalPayloadV1Schema.parse(payload));
+    }
+    catch (err) {
+        throw new Error('Failed to serialize KWSExternalPayloadV1', { cause: err });
+    }
+}
+/**
+ * During our migration from v1 to v2 of the KWS external payload, we'll be
+ * sending v2 payloads on the v1 flow (the `adult-verified` email flow). We use
+ * this utility to parse either v1 or v2 payloads in that flow.
+ *
+ * Check for the `version` field on the output of this method to discriminate
+ * between the two types and handle them differently.
+ */
+function parseKWSExternalPayloadV1WithV2Compat(raw) {
+    const deserialized = JSON.parse(raw);
+    const v2 = deserialized.v === KWSExternalPayloadVersion.V2;
+    if (v2) {
+        return parseKWSExternalPayloadV2(raw);
+    }
+    else {
+        return {
+            ...parseKWSExternalPayloadV1(raw),
+            version: KWSExternalPayloadVersion.V1,
+        };
+    }
+}
+exports.KWSExternalPayloadV2Schema = zod_1.z.object({
+    v: zod_1.z.string(),
+    id: zod_1.z.string(),
+    did: zod_1.z.string(),
+    gc: zod_1.z.string().length(2),
+    gr: zod_1.z.string().optional(),
+});
+function serializeKWSExternalPayloadV2(payload) {
+    let compressed;
+    try {
+        compressed = exports.KWSExternalPayloadV2Schema.parse({
+            v: KWSExternalPayloadVersion.V2, // version
+            id: payload.attemptId,
+            did: payload.actorDid,
+            gc: payload.countryCode, // geolocation country
+            gr: payload.regionCode, // geolocation region
+        });
+    }
+    catch (err) {
+        throw new Error('Failed to serialize KWSExternalPayloadV2', { cause: err });
+    }
+    const serialized = JSON.stringify(compressed);
+    if (serialized.length > exports.KWS_EXTERNAL_PAYLOAD_CHAR_LIMIT) {
+        throw new KWSExternalPayloadTooLargeError(`Serialized external payload size ${serialized.length} exceeds limit of ${exports.KWS_EXTERNAL_PAYLOAD_CHAR_LIMIT}`);
+    }
+    return serialized;
+}
+function parseKWSExternalPayloadV2(raw) {
+    try {
+        const deserialized = JSON.parse(raw);
+        const parsed = exports.KWSExternalPayloadV2Schema.parse(deserialized);
+        return {
+            version: KWSExternalPayloadVersion.V2,
+            attemptId: parsed.id,
+            actorDid: parsed.did,
+            countryCode: parsed.gc,
+            regionCode: parsed.gr,
+        };
+    }
+    catch (err) {
+        throw new Error(`Failed to parse KWSExternalPayloadV2`, {
+            cause: err,
+        });
+    }
+}
+//# sourceMappingURL=external-payload.js.map

package/dist/api/age-assurance/kws/external-payload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"external-payload.js","sourceRoot":"","sources":["../../../../src/api/age-assurance/kws/external-payload.ts"],"names":[],"mappings":";;;AAkBA,wEAOC;AAYD,8DASC;AAED,sEAQC;AAUD,sFAgBC;AAsBD,sEAyBC;AAED,8DAiBC;AApJD,6BAAuB;AAEV,QAAA,+BAA+B,GAAG,GAAG,CAAA;AAElD;;;;;;GAMG;AACH,MAAa,+BAAgC,SAAQ,KAAK;CAAG;AAA7D,0EAA6D;AAE7D,IAAY,yBAGX;AAHD,WAAY,yBAAyB;IACnC,qCAAQ,CAAA;IACR,qCAAQ,CAAA;AACV,CAAC,EAHW,yBAAyB,yCAAzB,yBAAyB,QAGpC;AAED,SAAgB,8BAA8B,CAAC,GAAW;IACxD,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,yBAAyB,CAAC,EAAE;YAC/B,OAAO,yBAAyB,CAAC,EAAE,CAAA;QACrC;YACE,OAAO,yBAAyB,CAAC,EAAE,CAAA;IACvC,CAAC;AACH,CAAC;AAOY,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAA;AAEF,SAAgB,yBAAyB,CAAC,GAAW;IACnD,IAAI,CAAC;QACH,MAAM,KAAK,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACtC,OAAO,kCAA0B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IAChD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,sCAAsC,EAAE;YACtD,KAAK,EAAE,GAAG;SACX,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAgB,6BAA6B,CAC3C,OAA6B;IAE7B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,kCAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAA;IAClE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,0CAA0C,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;IAC7E,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,qCAAqC,CACnD,GAAW;IAIX,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACpC,MAAM,EAAE,GAAG,YAAY,CAAC,CAAC,KAAK,yBAAyB,CAAC,EAAE,CAAA;IAE1D,IAAI,EAAE,EAAE,CAAC;QACP,OAAO,yBAAyB,CAAC,GAAG,CAAC,CAAA;IACvC,CAAC;SAAM,CAAC;QACN,OAAO;YACL,GAAG,yBAAyB,CAAC,GAAG,CAAC;YACjC,OAAO,EAAE,yBAAyB,CAAC,EAAE;SACtC,CAAA;IACH,CAAC;AACH,CAAC;AAcY,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,CAAC,EAAE,OAAC,CAAC,MAAM,EAAE;IACb,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IACxB,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC1B,CAAC,CAAA;AAEF,SAAgB,6BAA6B,CAC3C,OAA6B;IAE7B,IAAI,UAAsD,CAAA;IAC1D,IAAI,CAAC;QACH,UAAU,GAAG,kCAA0B,CAAC,KAAK,CAAC;YAC5C,CAAC,EAAE,yBAAyB,CAAC,EAAE,EAAE,UAAU;YAC3C,EAAE,EAAE,OAAO,CAAC,SAAS;YACrB,GAAG,EAAE,OAAO,CAAC,QAAQ;YACrB,EAAE,EAAE,OAAO,CAAC,WAAW,EAAE,sBAAsB;YAC/C,EAAE,EAAE,OAAO,CAAC,UAAU,EAAE,qBAAqB;SAC9C,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,0CAA0C,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;IAC7E,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;IAE7C,IAAI,UAAU,CAAC,MAAM,GAAG,uCAA+B,EAAE,CAAC;QACxD,MAAM,IAAI,+BAA+B,CACvC,oCAAoC,UAAU,CAAC,MAAM,qBAAqB,uCAA+B,EAAE,CAC5G,CAAA;IACH,CAAC;IAED,OAAO,UAAU,CAAA;AACnB,CAAC;AAED,SAAgB,yBAAyB,CAAC,GAAW;IACnD,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACpC,MAAM,MAAM,GAAG,kCAA0B,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;QAE7D,OAAO;YACL,OAAO,EAAE,yBAAyB,CAAC,EAAE;YACrC,SAAS,EAAE,MAAM,CAAC,EAAE;YACpB,QAAQ,EAAE,MAAM,CAAC,GAAG;YACpB,WAAW,EAAE,MAAM,CAAC,EAAE;YACtB,UAAU,EAAE,MAAM,CAAC,EAAE;SACtB,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,sCAAsC,EAAE;YACtD,KAAK,EAAE,GAAG;SACX,CAAC,CAAA;IACJ,CAAC;AACH,CAAC","sourcesContent":["import { z } from 'zod'\n\nexport const KWS_EXTERNAL_PAYLOAD_CHAR_LIMIT = 250\n\n/**\n * Thrown when the provided external payload exceeds KWS's character limit.\n *\n * This is most commonly caused by DIDs that are too long, such as for\n * `did:web` DIDs. But it's very rare, and the client has special handling for\n * this case.\n */\nexport class KWSExternalPayloadTooLargeError extends Error {}\n\nexport enum KWSExternalPayloadVersion {\n  V1 = '1',\n  V2 = '2',\n}\n\nexport function parseKWSExternalPayloadVersion(raw: string) {\n  switch (raw) {\n    case KWSExternalPayloadVersion.V2:\n      return KWSExternalPayloadVersion.V2\n    default:\n      return KWSExternalPayloadVersion.V1\n  }\n}\n\nexport type KWSExternalPayloadV1 = {\n  actorDid: string\n  attemptId: string\n}\n\nexport const KWSExternalPayloadV1Schema = z.object({\n  actorDid: z.string(),\n  attemptId: z.string(),\n})\n\nexport function parseKWSExternalPayloadV1(raw: string): KWSExternalPayloadV1 {\n  try {\n    const value: unknown = JSON.parse(raw)\n    return KWSExternalPayloadV1Schema.parse(value)\n  } catch (err) {\n    throw new Error(`Failed to parse KWSExternalPayloadV1`, {\n      cause: err,\n    })\n  }\n}\n\nexport function serializeKWSExternalPayloadV1(\n  payload: KWSExternalPayloadV1,\n): string {\n  try {\n    return JSON.stringify(KWSExternalPayloadV1Schema.parse(payload))\n  } catch (err) {\n    throw new Error('Failed to serialize KWSExternalPayloadV1', { cause: err })\n  }\n}\n\n/**\n * During our migration from v1 to v2 of the KWS external payload, we'll be\n * sending v2 payloads on the v1 flow (the `adult-verified` email flow). We use\n * this utility to parse either v1 or v2 payloads in that flow.\n *\n * Check for the `version` field on the output of this method to discriminate\n * between the two types and handle them differently.\n */\nexport function parseKWSExternalPayloadV1WithV2Compat(\n  raw: string,\n):\n  | (KWSExternalPayloadV1 & { version: KWSExternalPayloadVersion.V1 })\n  | KWSExternalPayloadV2 {\n  const deserialized = JSON.parse(raw)\n  const v2 = deserialized.v === KWSExternalPayloadVersion.V2\n\n  if (v2) {\n    return parseKWSExternalPayloadV2(raw)\n  } else {\n    return {\n      ...parseKWSExternalPayloadV1(raw),\n      version: KWSExternalPayloadVersion.V1,\n    }\n  }\n}\n\n/***************************\n * KWS External Payload V2 *\n ***************************/\n\nexport type KWSExternalPayloadV2 = {\n  version: KWSExternalPayloadVersion.V2\n  attemptId: string\n  actorDid: string\n  countryCode: string\n  regionCode?: string\n}\n\nexport const KWSExternalPayloadV2Schema = z.object({\n  v: z.string(),\n  id: z.string(),\n  did: z.string(),\n  gc: z.string().length(2),\n  gr: z.string().optional(),\n})\n\nexport function serializeKWSExternalPayloadV2(\n  payload: KWSExternalPayloadV2,\n): string {\n  let compressed: z.infer<typeof KWSExternalPayloadV2Schema>\n  try {\n    compressed = KWSExternalPayloadV2Schema.parse({\n      v: KWSExternalPayloadVersion.V2, // version\n      id: payload.attemptId,\n      did: payload.actorDid,\n      gc: payload.countryCode, // geolocation country\n      gr: payload.regionCode, // geolocation region\n    })\n  } catch (err) {\n    throw new Error('Failed to serialize KWSExternalPayloadV2', { cause: err })\n  }\n\n  const serialized = JSON.stringify(compressed)\n\n  if (serialized.length > KWS_EXTERNAL_PAYLOAD_CHAR_LIMIT) {\n    throw new KWSExternalPayloadTooLargeError(\n      `Serialized external payload size ${serialized.length} exceeds limit of ${KWS_EXTERNAL_PAYLOAD_CHAR_LIMIT}`,\n    )\n  }\n\n  return serialized\n}\n\nexport function parseKWSExternalPayloadV2(raw: string): KWSExternalPayloadV2 {\n  try {\n    const deserialized = JSON.parse(raw)\n    const parsed = KWSExternalPayloadV2Schema.parse(deserialized)\n\n    return {\n      version: KWSExternalPayloadVersion.V2,\n      attemptId: parsed.id,\n      actorDid: parsed.did,\n      countryCode: parsed.gc,\n      regionCode: parsed.gr,\n    }\n  } catch (err) {\n    throw new Error(`Failed to parse KWSExternalPayloadV2`, {\n      cause: err,\n    })\n  }\n}\n"]}

package/dist/api/age-assurance/kws/external-payload.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=external-payload.test.d.ts.map

package/dist/api/age-assurance/kws/external-payload.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"external-payload.test.d.ts","sourceRoot":"","sources":["../../../../src/api/age-assurance/kws/external-payload.test.ts"],"names":[],"mappings":""}

package/dist/api/age-assurance/kws/external-payload.test.js

@@ -0,0 +1,65 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const globals_1 = require("@jest/globals");
+const external_payload_1 = require("./external-payload");
+(0, globals_1.describe)('parseKWSExternalPayloadVersion', () => {
+    (0, globals_1.it)('should return V2 for "2"', () => {
+        const result = (0, external_payload_1.parseKWSExternalPayloadVersion)('2');
+        (0, globals_1.expect)(result).toBe('2');
+    });
+    (0, globals_1.it)('should return V1 for unknown versions', () => {
+        const result = (0, external_payload_1.parseKWSExternalPayloadVersion)('unknown');
+        (0, globals_1.expect)(result).toBe('1');
+    });
+});
+(0, globals_1.describe)('parseKWSExternalPayloadV1WithV2Compat', () => {
+    (0, globals_1.it)('should parse V1 payload correctly', () => {
+        const payload = {
+            attemptId: '123',
+            actorDid: 'did:plc:123',
+        };
+        const serialized = (0, external_payload_1.serializeKWSExternalPayloadV1)(payload);
+        const result = (0, external_payload_1.parseKWSExternalPayloadV1WithV2Compat)(serialized);
+        (0, globals_1.expect)(result).toEqual({
+            version: external_payload_1.KWSExternalPayloadVersion.V1,
+            ...payload,
+        });
+    });
+    (0, globals_1.it)('should parse V2 payload correctly', () => {
+        const payload = {
+            version: external_payload_1.KWSExternalPayloadVersion.V2,
+            attemptId: '123',
+            actorDid: 'did:plc:123',
+            countryCode: 'US',
+        };
+        const serialized = (0, external_payload_1.serializeKWSExternalPayloadV2)(payload);
+        const result = (0, external_payload_1.parseKWSExternalPayloadV1WithV2Compat)(serialized);
+        (0, globals_1.expect)(result).toEqual(payload);
+    });
+});
+(0, globals_1.describe)('serializeKWSExternalPayloadV2 & parseKWSExternalPayloadV2', () => {
+    const payload = {
+        version: external_payload_1.KWSExternalPayloadVersion.V2,
+        attemptId: '123',
+        actorDid: 'did:plc:123',
+        countryCode: 'US',
+        regionCode: 'CA',
+    };
+    (0, globals_1.it)('compresses when serializing', () => {
+        const serialized = (0, external_payload_1.serializeKWSExternalPayloadV2)(payload);
+        const comparison = JSON.stringify({
+            v: external_payload_1.KWSExternalPayloadVersion.V2,
+            id: payload.attemptId,
+            did: payload.actorDid,
+            gc: payload.countryCode,
+            gr: payload.regionCode,
+        });
+        (0, globals_1.expect)(serialized).toEqual(comparison);
+    });
+    (0, globals_1.it)('decompresses when parsing', () => {
+        const serialized = (0, external_payload_1.serializeKWSExternalPayloadV2)(payload);
+        const deserialized = (0, external_payload_1.parseKWSExternalPayloadV2)(serialized);
+        (0, globals_1.expect)(deserialized).toEqual(payload);
+    });
+});
+//# sourceMappingURL=external-payload.test.js.map

package/dist/api/age-assurance/kws/external-payload.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"external-payload.test.js","sourceRoot":"","sources":["../../../../src/api/age-assurance/kws/external-payload.test.ts"],"names":[],"mappings":";;AAAA,2CAAoD;AACpD,yDAO2B;AAE3B,IAAA,kBAAQ,EAAC,gCAAgC,EAAE,GAAG,EAAE;IAC9C,IAAA,YAAE,EAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,MAAM,GAAG,IAAA,iDAA8B,EAAC,GAAG,CAAC,CAAA;QAClD,IAAA,gBAAM,EAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC1B,CAAC,CAAC,CAAA;IACF,IAAA,YAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,MAAM,GAAG,IAAA,iDAA8B,EAAC,SAAS,CAAC,CAAA;QACxD,IAAA,gBAAM,EAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAC1B,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,IAAA,kBAAQ,EAAC,uCAAuC,EAAE,GAAG,EAAE;IACrD,IAAA,YAAE,EAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,OAAO,GAAG;YACd,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE,aAAa;SACxB,CAAA;QACD,MAAM,UAAU,GAAG,IAAA,gDAA6B,EAAC,OAAO,CAAC,CAAA;QACzD,MAAM,MAAM,GAAG,IAAA,wDAAqC,EAAC,UAAU,CAAC,CAAA;QAChE,IAAA,gBAAM,EAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,OAAO,EAAE,4CAAyB,CAAC,EAAE;YACrC,GAAG,OAAO;SACX,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IACF,IAAA,YAAE,EAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,OAAO,GAAG;YACd,OAAO,EAAE,4CAAyB,CAAC,EAAW;YAC9C,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE,aAAa;YACvB,WAAW,EAAE,IAAI;SAClB,CAAA;QACD,MAAM,UAAU,GAAG,IAAA,gDAA6B,EAAC,OAAO,CAAC,CAAA;QACzD,MAAM,MAAM,GAAG,IAAA,wDAAqC,EAAC,UAAU,CAAC,CAAA;QAChE,IAAA,gBAAM,EAAC,MAAM,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;IACjC,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,IAAA,kBAAQ,EAAC,2DAA2D,EAAE,GAAG,EAAE;IACzE,MAAM,OAAO,GAAG;QACd,OAAO,EAAE,4CAAyB,CAAC,EAAW;QAC9C,SAAS,EAAE,KAAK;QAChB,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,IAAI;QACjB,UAAU,EAAE,IAAI;KACjB,CAAA;IACD,IAAA,YAAE,EAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,UAAU,GAAG,IAAA,gDAA6B,EAAC,OAAO,CAAC,CAAA;QACzD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;YAChC,CAAC,EAAE,4CAAyB,CAAC,EAAE;YAC/B,EAAE,EAAE,OAAO,CAAC,SAAS;YACrB,GAAG,EAAE,OAAO,CAAC,QAAQ;YACrB,EAAE,EAAE,OAAO,CAAC,WAAW;YACvB,EAAE,EAAE,OAAO,CAAC,UAAU;SACvB,CAAC,CAAA;QACF,IAAA,gBAAM,EAAC,UAAU,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;IACF,IAAA,YAAE,EAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,UAAU,GAAG,IAAA,gDAA6B,EAAC,OAAO,CAAC,CAAA;QACzD,MAAM,YAAY,GAAG,IAAA,4CAAyB,EAAC,UAAU,CAAC,CAAA;QAC1D,IAAA,gBAAM,EAAC,YAAY,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA","sourcesContent":["import { describe, expect, it } from '@jest/globals'\nimport {\n  KWSExternalPayloadVersion,\n  parseKWSExternalPayloadV1WithV2Compat,\n  parseKWSExternalPayloadV2,\n  parseKWSExternalPayloadVersion,\n  serializeKWSExternalPayloadV1,\n  serializeKWSExternalPayloadV2,\n} from './external-payload'\n\ndescribe('parseKWSExternalPayloadVersion', () => {\n  it('should return V2 for \"2\"', () => {\n    const result = parseKWSExternalPayloadVersion('2')\n    expect(result).toBe('2')\n  })\n  it('should return V1 for unknown versions', () => {\n    const result = parseKWSExternalPayloadVersion('unknown')\n    expect(result).toBe('1')\n  })\n})\n\ndescribe('parseKWSExternalPayloadV1WithV2Compat', () => {\n  it('should parse V1 payload correctly', () => {\n    const payload = {\n      attemptId: '123',\n      actorDid: 'did:plc:123',\n    }\n    const serialized = serializeKWSExternalPayloadV1(payload)\n    const result = parseKWSExternalPayloadV1WithV2Compat(serialized)\n    expect(result).toEqual({\n      version: KWSExternalPayloadVersion.V1,\n      ...payload,\n    })\n  })\n  it('should parse V2 payload correctly', () => {\n    const payload = {\n      version: KWSExternalPayloadVersion.V2 as const,\n      attemptId: '123',\n      actorDid: 'did:plc:123',\n      countryCode: 'US',\n    }\n    const serialized = serializeKWSExternalPayloadV2(payload)\n    const result = parseKWSExternalPayloadV1WithV2Compat(serialized)\n    expect(result).toEqual(payload)\n  })\n})\n\ndescribe('serializeKWSExternalPayloadV2 & parseKWSExternalPayloadV2', () => {\n  const payload = {\n    version: KWSExternalPayloadVersion.V2 as const,\n    attemptId: '123',\n    actorDid: 'did:plc:123',\n    countryCode: 'US',\n    regionCode: 'CA',\n  }\n  it('compresses when serializing', () => {\n    const serialized = serializeKWSExternalPayloadV2(payload)\n    const comparison = JSON.stringify({\n      v: KWSExternalPayloadVersion.V2,\n      id: payload.attemptId,\n      did: payload.actorDid,\n      gc: payload.countryCode,\n      gr: payload.regionCode,\n    })\n    expect(serialized).toEqual(comparison)\n  })\n  it('decompresses when parsing', () => {\n    const serialized = serializeKWSExternalPayloadV2(payload)\n    const deserialized = parseKWSExternalPayloadV2(serialized)\n    expect(deserialized).toEqual(payload)\n  })\n})\n"]}

package/dist/api/age-assurance/redirects/kws-age-verified.d.ts

@@ -0,0 +1,4 @@
+import { RequestHandler } from 'express';
+import { AppContextWithAA } from '../types';
+export declare const handler: (ctx: AppContextWithAA) => RequestHandler;
+//# sourceMappingURL=kws-age-verified.d.ts.map

package/dist/api/age-assurance/redirects/kws-age-verified.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kws-age-verified.d.ts","sourceRoot":"","sources":["../../../../src/api/age-assurance/redirects/kws-age-verified.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAUjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAA;AA8B3C,eAAO,MAAM,OAAO,GACjB,KAAK,gBAAgB,KAAG,cAiExB,CAAA"}

package/dist/api/age-assurance/redirects/kws-age-verified.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handler = void 0;
+const logger_1 = require("../../../logger");
+const util_1 = require("../../kws/util");
+const const_1 = require("../const");
+const age_verified_1 = require("../kws/age-verified");
+const external_payload_1 = require("../kws/external-payload");
+const stash_1 = require("../stash");
+const util_2 = require("../util");
+function parseQueryParams(ctx, req) {
+    try {
+        const status = String(req.query.status);
+        const externalPayload = String(req.query.externalPayload);
+        const signature = String(req.query.signature);
+        (0, util_1.validateSignature)(ctx.cfg.kws.ageVerifiedRedirectSecret, `${status}:${externalPayload}`, signature);
+        return {
+            status,
+            externalPayload,
+        };
+    }
+    catch (err) {
+        throw new Error('Invalid KWS API request', { cause: err });
+    }
+}
+const handler = (ctx) => async (req, res) => {
+    let externalPayload;
+    try {
+        const query = parseQueryParams(ctx, req);
+        const { verified, verifiedMinimumAge } = (0, age_verified_1.parseKWSAgeVerifiedStatus)(query.status);
+        externalPayload = (0, external_payload_1.parseKWSExternalPayloadV2)(query.externalPayload);
+        const { actorDid, attemptId, countryCode, regionCode } = externalPayload;
+        /*
+         * KWS does not send unverified webhooks for age verification, so we
+         * expect all webhooks to be verified. This is just a sanity check.
+         */
+        if (!verified) {
+            const message = 'Expected KWS verification redirect to have verified status';
+            logger_1.ageAssuranceLogger.error({}, message);
+            throw new Error(message);
+        }
+        const { access } = (0, util_2.computeAgeAssuranceAccessOrThrow)(const_1.AGE_ASSURANCE_CONFIG, {
+            countryCode,
+            regionCode,
+            verifiedMinimumAge,
+        });
+        await (0, stash_1.createEvent)(ctx, actorDid, {
+            attemptId,
+            // Assumes `app.set('trust proxy', ...)` configured with `true` or specific values.
+            completeIp: req.ip,
+            completeUa: (0, util_1.getClientUa)(req),
+            countryCode,
+            regionCode,
+            status: 'assured',
+            access,
+        });
+        const q = new URLSearchParams({ actorDid, result: 'success' });
+        return res
+            .status(302)
+            .setHeader('Location', `${ctx.cfg.kws.redirectUrl}?${q}`)
+            .end();
+    }
+    catch (err) {
+        logger_1.ageAssuranceLogger.error({ err, ...externalPayload }, 'Failed to handle KWS verification redirect');
+        const q = new URLSearchParams({
+            ...(externalPayload ? { actorDid: externalPayload.actorDid } : {}),
+            result: 'unknown',
+        });
+        return res
+            .status(302)
+            .setHeader('Location', `${ctx.cfg.kws.redirectUrl}?${q}`)
+            .end();
+    }
+};
+exports.handler = handler;
+//# sourceMappingURL=kws-age-verified.js.map

package/dist/api/age-assurance/redirects/kws-age-verified.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kws-age-verified.js","sourceRoot":"","sources":["../../../../src/api/age-assurance/redirects/kws-age-verified.ts"],"names":[],"mappings":";;;AACA,4CAA8D;AAC9D,yCAA+D;AAC/D,oCAA+C;AAC/C,sDAA+D;AAC/D,8DAGgC;AAChC,oCAAsC;AAEtC,kCAA0D;AAE1D,SAAS,gBAAgB,CACvB,GAAqB,EACrB,GAAoB;IAKpB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QACvC,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAA;QACzD,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAE7C,IAAA,wBAAiB,EACf,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,yBAAyB,EACrC,GAAG,MAAM,IAAI,eAAe,EAAE,EAC9B,SAAS,CACV,CAAA;QAED,OAAO;YACL,MAAM;YACN,eAAe;SAChB,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;IAC5D,CAAC;AACH,CAAC;AAEM,MAAM,OAAO,GAClB,CAAC,GAAqB,EAAkB,EAAE,CAC1C,KAAK,EAAE,GAAoB,EAAE,GAAqB,EAAE,EAAE;IACpD,IAAI,eAAiD,CAAA;IAErD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QACxC,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,IAAA,wCAAyB,EAChE,KAAK,CAAC,MAAM,CACb,CAAA;QACD,eAAe,GAAG,IAAA,4CAAyB,EAAC,KAAK,CAAC,eAAe,CAAC,CAAA;QAClE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,eAAe,CAAA;QAExE;;;WAGG;QACH,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,OAAO,GACX,4DAA4D,CAAA;YAC9D,2BAAM,CAAC,KAAK,CAAC,EAAE,EAAE,OAAO,CAAC,CAAA;YACzB,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAA;QAC1B,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,uCAAgC,EACjD,4BAAoB,EACpB;YACE,WAAW;YACX,UAAU;YACV,kBAAkB;SACnB,CACF,CAAA;QAED,MAAM,IAAA,mBAAW,EAAC,GAAG,EAAE,QAAQ,EAAE;YAC/B,SAAS;YACT,mFAAmF;YACnF,UAAU,EAAE,GAAG,CAAC,EAAE;YAClB,UAAU,EAAE,IAAA,kBAAW,EAAC,GAAG,CAAC;YAC5B,WAAW;YACX,UAAU;YACV,MAAM,EAAE,SAAS;YACjB,MAAM;SACP,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAA;QAE9D,OAAO,GAAG;aACP,MAAM,CAAC,GAAG,CAAC;aACX,SAAS,CAAC,UAAU,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,EAAE,CAAC;aACxD,GAAG,EAAE,CAAA;IACV,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,2BAAM,CAAC,KAAK,CACV,EAAE,GAAG,EAAE,GAAG,eAAe,EAAE,EAC3B,4CAA4C,CAC7C,CAAA;QAED,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC;YAC5B,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,eAAe,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,MAAM,EAAE,SAAS;SAClB,CAAC,CAAA;QAEF,OAAO,GAAG;aACP,MAAM,CAAC,GAAG,CAAC;aACX,SAAS,CAAC,UAAU,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,EAAE,CAAC;aACxD,GAAG,EAAE,CAAA;IACV,CAAC;AACH,CAAC,CAAA;AAlEU,QAAA,OAAO,WAkEjB","sourcesContent":["import express, { RequestHandler } from 'express'\nimport { ageAssuranceLogger as logger } from '../../../logger'\nimport { getClientUa, validateSignature } from '../../kws/util'\nimport { AGE_ASSURANCE_CONFIG } from '../const'\nimport { parseKWSAgeVerifiedStatus } from '../kws/age-verified'\nimport {\n  type KWSExternalPayloadV2,\n  parseKWSExternalPayloadV2,\n} from '../kws/external-payload'\nimport { createEvent } from '../stash'\nimport { AppContextWithAA } from '../types'\nimport { computeAgeAssuranceAccessOrThrow } from '../util'\n\nfunction parseQueryParams(\n  ctx: AppContextWithAA,\n  req: express.Request,\n): {\n  status: string\n  externalPayload: string\n} {\n  try {\n    const status = String(req.query.status)\n    const externalPayload = String(req.query.externalPayload)\n    const signature = String(req.query.signature)\n\n    validateSignature(\n      ctx.cfg.kws.ageVerifiedRedirectSecret,\n      `${status}:${externalPayload}`,\n      signature,\n    )\n\n    return {\n      status,\n      externalPayload,\n    }\n  } catch (err) {\n    throw new Error('Invalid KWS API request', { cause: err })\n  }\n}\n\nexport const handler =\n  (ctx: AppContextWithAA): RequestHandler =>\n  async (req: express.Request, res: express.Response) => {\n    let externalPayload: KWSExternalPayloadV2 | undefined\n\n    try {\n      const query = parseQueryParams(ctx, req)\n      const { verified, verifiedMinimumAge } = parseKWSAgeVerifiedStatus(\n        query.status,\n      )\n      externalPayload = parseKWSExternalPayloadV2(query.externalPayload)\n      const { actorDid, attemptId, countryCode, regionCode } = externalPayload\n\n      /*\n       * KWS does not send unverified webhooks for age verification, so we\n       * expect all webhooks to be verified. This is just a sanity check.\n       */\n      if (!verified) {\n        const message =\n          'Expected KWS verification redirect to have verified status'\n        logger.error({}, message)\n        throw new Error(message)\n      }\n\n      const { access } = computeAgeAssuranceAccessOrThrow(\n        AGE_ASSURANCE_CONFIG,\n        {\n          countryCode,\n          regionCode,\n          verifiedMinimumAge,\n        },\n      )\n\n      await createEvent(ctx, actorDid, {\n        attemptId,\n        // Assumes `app.set('trust proxy', ...)` configured with `true` or specific values.\n        completeIp: req.ip,\n        completeUa: getClientUa(req),\n        countryCode,\n        regionCode,\n        status: 'assured',\n        access,\n      })\n\n      const q = new URLSearchParams({ actorDid, result: 'success' })\n\n      return res\n        .status(302)\n        .setHeader('Location', `${ctx.cfg.kws.redirectUrl}?${q}`)\n        .end()\n    } catch (err) {\n      logger.error(\n        { err, ...externalPayload },\n        'Failed to handle KWS verification redirect',\n      )\n\n      const q = new URLSearchParams({\n        ...(externalPayload ? { actorDid: externalPayload.actorDid } : {}),\n        result: 'unknown',\n      })\n\n      return res\n        .status(302)\n        .setHeader('Location', `${ctx.cfg.kws.redirectUrl}?${q}`)\n        .end()\n    }\n  }\n"]}

package/dist/api/age-assurance/stash.d.ts

@@ -0,0 +1,4 @@
+import { AppContext } from '../../context';
+import { Event as AgeAssuranceEvent } from '../../lexicon/types/app/bsky/ageassurance/defs';
+export declare function createEvent(ctx: AppContext, actorDid: string, event: Omit<AgeAssuranceEvent, 'createdAt'>): Promise<AgeAssuranceEvent>;
+//# sourceMappingURL=stash.d.ts.map

package/dist/api/age-assurance/stash.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stash.d.ts","sourceRoot":"","sources":["../../../src/api/age-assurance/stash.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAC1C,OAAO,EAAE,KAAK,IAAI,iBAAiB,EAAE,MAAM,gDAAgD,CAAA;AAG3F,wBAAsB,WAAW,CAC/B,GAAG,EAAE,UAAU,EACf,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,IAAI,CAAC,iBAAiB,EAAE,WAAW,CAAC,8BAa5C"}

package/dist/api/age-assurance/stash.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createEvent = createEvent;
+const common_1 = require("@atproto/common");
+const stash_1 = require("../../stash");
+async function createEvent(ctx, actorDid, event) {
+    const payload = {
+        createdAt: new Date().toISOString(),
+        ...event,
+    };
+    await ctx.stashClient.create({
+        actorDid: actorDid,
+        namespace: stash_1.Namespaces.AppBskyAgeassuranceDefsEvent,
+        key: common_1.TID.nextStr(),
+        payload,
+    });
+    return payload;
+}
+//# sourceMappingURL=stash.js.map

package/dist/api/age-assurance/stash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stash.js","sourceRoot":"","sources":["../../../src/api/age-assurance/stash.ts"],"names":[],"mappings":";;AAKA,kCAgBC;AArBD,4CAAqC;AAGrC,uCAAwC;AAEjC,KAAK,UAAU,WAAW,CAC/B,GAAe,EACf,QAAgB,EAChB,KAA2C;IAE3C,MAAM,OAAO,GAAsB;QACjC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,GAAG,KAAK;KACT,CAAA;IACD,MAAM,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC;QAC3B,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,kBAAU,CAAC,4BAA4B;QAClD,GAAG,EAAE,YAAG,CAAC,OAAO,EAAE;QAClB,OAAO;KACR,CAAC,CAAA;IACF,OAAO,OAAO,CAAA;AAChB,CAAC","sourcesContent":["import { TID } from '@atproto/common'\nimport { AppContext } from '../../context'\nimport { Event as AgeAssuranceEvent } from '../../lexicon/types/app/bsky/ageassurance/defs'\nimport { Namespaces } from '../../stash'\n\nexport async function createEvent(\n  ctx: AppContext,\n  actorDid: string,\n  event: Omit<AgeAssuranceEvent, 'createdAt'>,\n) {\n  const payload: AgeAssuranceEvent = {\n    createdAt: new Date().toISOString(),\n    ...event,\n  }\n  await ctx.stashClient.create({\n    actorDid: actorDid,\n    namespace: Namespaces.AppBskyAgeassuranceDefsEvent,\n    key: TID.nextStr(),\n    payload,\n  })\n  return payload\n}\n"]}

package/dist/api/age-assurance/types.d.ts

@@ -0,0 +1,10 @@
+import { KwsConfig, ServerConfig } from '../../config';
+import { AppContext } from '../../context';
+import { KwsClient } from '../../kws';
+export type AppContextWithAA = AppContext & {
+    kwsClient: KwsClient;
+    cfg: ServerConfig & {
+        kws: KwsConfig;
+    };
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/api/age-assurance/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/api/age-assurance/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AAErC,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG;IAC1C,SAAS,EAAE,SAAS,CAAA;IACpB,GAAG,EAAE,YAAY,GAAG;QAClB,GAAG,EAAE,SAAS,CAAA;KACf,CAAA;CACF,CAAA"}

package/dist/api/age-assurance/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/api/age-assurance/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/api/age-assurance/types.ts"],"names":[],"mappings":"","sourcesContent":["import { KwsConfig, ServerConfig } from '../../config'\nimport { AppContext } from '../../context'\nimport { KwsClient } from '../../kws'\n\nexport type AppContextWithAA = AppContext & {\n  kwsClient: KwsClient\n  cfg: ServerConfig & {\n    kws: KwsConfig\n  }\n}\n"]}

package/dist/api/age-assurance/util.d.ts

@@ -0,0 +1,15 @@
+import { type AppBskyAgeassuranceDefs } from '@atproto/api';
+/**
+ * Compute age assurance access based on verified minimum age. Thrown errors
+ * are internal errors, so handle them accordingly.
+ */
+export declare function computeAgeAssuranceAccessOrThrow(config: AppBskyAgeassuranceDefs.Config, { countryCode, regionCode, verifiedMinimumAge, }: {
+    countryCode: string;
+    regionCode?: string;
+    verifiedMinimumAge: number;
+}): {
+    access: AppBskyAgeassuranceDefs.Access;
+    reason: import("@atproto/api").AgeAssuranceRuleID;
+};
+export declare function createLocationString(countryCode: string, regionCode?: string): string;
+//# sourceMappingURL=util.d.ts.map

package/dist/api/age-assurance/util.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../src/api/age-assurance/util.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,uBAAuB,EAG7B,MAAM,cAAc,CAAA;AAErB;;;GAGG;AACH,wBAAgB,gCAAgC,CAC9C,MAAM,EAAE,uBAAuB,CAAC,MAAM,EACtC,EACE,WAAW,EACX,UAAU,EACV,kBAAkB,GACnB,EAAE;IACD,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,kBAAkB,EAAE,MAAM,CAAA;CAC3B;YAgCW,wBAAyB,MAAM;;EAO5C;AAED,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,UAI5E"}

package/dist/api/age-assurance/util.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeAgeAssuranceAccessOrThrow = computeAgeAssuranceAccessOrThrow;
+exports.createLocationString = createLocationString;
+const api_1 = require("@atproto/api");
+/**
+ * Compute age assurance access based on verified minimum age. Thrown errors
+ * are internal errors, so handle them accordingly.
+ */
+function computeAgeAssuranceAccessOrThrow(config, { countryCode, regionCode, verifiedMinimumAge, }) {
+    const region = (0, api_1.getAgeAssuranceRegionConfig)(config, {
+        countryCode,
+        regionCode,
+    });
+    if (region) {
+        const result = (0, api_1.computeAgeAssuranceRegionAccess)(region, {
+            assuredAge: verifiedMinimumAge,
+            /*
+             * We don't care about this here, this is a client-only rule. If we have
+             * verified data, we can use that, and the account creation date is
+             * irrelevant.
+             */
+            accountCreatedAt: undefined,
+        });
+        if (result) {
+            return result;
+        }
+        else {
+            /*
+             * If we don't get a result, it's because none of the rules matched,
+             * which is a configuration error: there should always be a default
+             * rule.
+             */
+            throw new Error('Cound not compute age assurance region access');
+        }
+    }
+    else {
+        /**
+         * If we had geolocation data, but we don't have a region config for this
+         * geolocation, then it means a user outside of our configured regions
+         * has completed age verification. In this case, we can't determine their
+         * access level, so we throw an error.
+         *
+         * This case is also guarded in `app.bsky.ageassurance.begin`.
+         */
+        throw new Error('Could not get config for region');
+    }
+}
+function createLocationString(countryCode, regionCode) {
+    return regionCode
+        ? `${countryCode.toUpperCase()}-${regionCode.toUpperCase()}`
+        : countryCode.toUpperCase();
+}
+//# sourceMappingURL=util.js.map

package/dist/api/age-assurance/util.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"util.js","sourceRoot":"","sources":["../../../src/api/age-assurance/util.ts"],"names":[],"mappings":";;AAUA,4EAiDC;AAED,oDAIC;AAjED,sCAIqB;AAErB;;;GAGG;AACH,SAAgB,gCAAgC,CAC9C,MAAsC,EACtC,EACE,WAAW,EACX,UAAU,EACV,kBAAkB,GAKnB;IAED,MAAM,MAAM,GAAG,IAAA,iCAA2B,EAAC,MAAM,EAAE;QACjD,WAAW;QACX,UAAU;KACX,CAAC,CAAA;IAEF,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,MAAM,GAAG,IAAA,qCAA+B,EAAC,MAAM,EAAE;YACrD,UAAU,EAAE,kBAAkB;YAC9B;;;;eAIG;YACH,gBAAgB,EAAE,SAAS;SAC5B,CAAC,CAAA;QAEF,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAA;QACf,CAAC;aAAM,CAAC;YACN;;;;eAIG;YACH,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAA;QAClE,CAAC;IACH,CAAC;SAAM,CAAC;QACN;;;;;;;WAOG;QACH,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;IACpD,CAAC;AACH,CAAC;AAED,SAAgB,oBAAoB,CAAC,WAAmB,EAAE,UAAmB;IAC3E,OAAO,UAAU;QACf,CAAC,CAAC,GAAG,WAAW,CAAC,WAAW,EAAE,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE;QAC5D,CAAC,CAAC,WAAW,CAAC,WAAW,EAAE,CAAA;AAC/B,CAAC","sourcesContent":["import {\n  type AppBskyAgeassuranceDefs,\n  computeAgeAssuranceRegionAccess,\n  getAgeAssuranceRegionConfig,\n} from '@atproto/api'\n\n/**\n * Compute age assurance access based on verified minimum age. Thrown errors\n * are internal errors, so handle them accordingly.\n */\nexport function computeAgeAssuranceAccessOrThrow(\n  config: AppBskyAgeassuranceDefs.Config,\n  {\n    countryCode,\n    regionCode,\n    verifiedMinimumAge,\n  }: {\n    countryCode: string\n    regionCode?: string\n    verifiedMinimumAge: number\n  },\n) {\n  const region = getAgeAssuranceRegionConfig(config, {\n    countryCode,\n    regionCode,\n  })\n\n  if (region) {\n    const result = computeAgeAssuranceRegionAccess(region, {\n      assuredAge: verifiedMinimumAge,\n      /*\n       * We don't care about this here, this is a client-only rule. If we have\n       * verified data, we can use that, and the account creation date is\n       * irrelevant.\n       */\n      accountCreatedAt: undefined,\n    })\n\n    if (result) {\n      return result\n    } else {\n      /*\n       * If we don't get a result, it's because none of the rules matched,\n       * which is a configuration error: there should always be a default\n       * rule.\n       */\n      throw new Error('Cound not compute age assurance region access')\n    }\n  } else {\n    /**\n     * If we had geolocation data, but we don't have a region config for this\n     * geolocation, then it means a user outside of our configured regions\n     * has completed age verification. In this case, we can't determine their\n     * access level, so we throw an error.\n     *\n     * This case is also guarded in `app.bsky.ageassurance.begin`.\n     */\n    throw new Error('Could not get config for region')\n  }\n}\n\nexport function createLocationString(countryCode: string, regionCode?: string) {\n  return regionCode\n    ? `${countryCode.toUpperCase()}-${regionCode.toUpperCase()}`\n    : countryCode.toUpperCase()\n}\n"]}

package/dist/api/age-assurance/webhooks/kws-age-verified.d.ts

@@ -0,0 +1,4 @@
+import { RequestHandler } from 'express';
+import { type AppContextWithAA } from '../types';
+export declare const handler: (ctx: AppContextWithAA) => RequestHandler;
+//# sourceMappingURL=kws-age-verified.d.ts.map

package/dist/api/age-assurance/webhooks/kws-age-verified.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kws-age-verified.d.ts","sourceRoot":"","sources":["../../../../src/api/age-assurance/webhooks/kws-age-verified.ts"],"names":[],"mappings":"AAAA,OAAgB,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AASjD,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,UAAU,CAAA;AAGhD,eAAO,MAAM,OAAO,GACjB,KAAK,gBAAgB,KAAG,cA6DxB,CAAA"}

package/dist/api/age-assurance/webhooks/kws-age-verified.js

@@ -0,0 +1,63 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handler = void 0;
+const logger_1 = require("../../../logger");
+const const_1 = require("../const");
+const age_verified_1 = require("../kws/age-verified");
+const external_payload_1 = require("../kws/external-payload");
+const stash_1 = require("../stash");
+const util_1 = require("../util");
+const handler = (ctx) => async (req, res) => {
+    let body;
+    try {
+        body = (0, age_verified_1.parseKWSAgeVerifiedWebhook)(req.body);
+    }
+    catch (err) {
+        const message = 'Failed to parse KWS webhook body';
+        logger_1.ageAssuranceLogger.error({ err }, message);
+        return res.status(400).json({ error: message });
+    }
+    const { status, externalPayload } = body.payload;
+    const { verified, verifiedMinimumAge } = status;
+    const { actorDid, countryCode, regionCode, attemptId } = (0, external_payload_1.parseKWSExternalPayloadV2)(externalPayload);
+    /*
+     * KWS does not send unverified webhooks for age verification, so we
+     * expect all webhooks to be verified. This is just a sanity check.
+     */
+    if (!verified) {
+        const message = 'Expected KWS webhook to have verified status';
+        logger_1.ageAssuranceLogger.error({}, message);
+        return res.status(400).json({ error: message });
+    }
+    let result;
+    try {
+        result = (0, util_1.computeAgeAssuranceAccessOrThrow)(const_1.AGE_ASSURANCE_CONFIG, {
+            countryCode,
+            regionCode,
+            verifiedMinimumAge,
+        });
+    }
+    catch (err) {
+        // internal errors
+        logger_1.ageAssuranceLogger.error({ err, attemptId, actorDid, countryCode, regionCode }, 'Failed to compute age assurance access');
+    }
+    try {
+        if (result) {
+            await (0, stash_1.createEvent)(ctx, actorDid, {
+                attemptId,
+                countryCode,
+                regionCode,
+                status: 'assured',
+                access: result.access,
+            });
+        }
+        return res.status(200).end();
+    }
+    catch (err) {
+        const message = 'Failed to handle KWS webhook';
+        logger_1.ageAssuranceLogger.error({ err, attemptId, actorDid, countryCode, regionCode }, message);
+        return res.status(500).json({ error: message });
+    }
+};
+exports.handler = handler;
+//# sourceMappingURL=kws-age-verified.js.map

package/dist/api/age-assurance/webhooks/kws-age-verified.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kws-age-verified.js","sourceRoot":"","sources":["../../../../src/api/age-assurance/webhooks/kws-age-verified.ts"],"names":[],"mappings":";;;AACA,4CAA8D;AAC9D,oCAA+C;AAC/C,sDAG4B;AAC5B,8DAAmE;AACnE,oCAAsC;AAEtC,kCAA0D;AAEnD,MAAM,OAAO,GAClB,CAAC,GAAqB,EAAkB,EAAE,CAC1C,KAAK,EAAE,GAAoB,EAAE,GAAqB,EAAE,EAAE;IACpD,IAAI,IAA2B,CAAA;IAC/B,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,yCAA0B,EAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IAC7C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,kCAAkC,CAAA;QAClD,2BAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,OAAO,CAAC,CAAA;QAC9B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;IACjD,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC,OAAO,CAAA;IAChD,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,MAAM,CAAA;IAC/C,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,GACpD,IAAA,4CAAyB,EAAC,eAAe,CAAC,CAAA;IAE5C;;;OAGG;IACH,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,OAAO,GAAG,8CAA8C,CAAA;QAC9D,2BAAM,CAAC,KAAK,CAAC,EAAE,EAAE,OAAO,CAAC,CAAA;QACzB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;IACjD,CAAC;IAED,IAAI,MAAuE,CAAA;IAC3E,IAAI,CAAC;QACH,MAAM,GAAG,IAAA,uCAAgC,EAAC,4BAAoB,EAAE;YAC9D,WAAW;YACX,UAAU;YACV,kBAAkB;SACnB,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,kBAAkB;QAClB,2BAAM,CAAC,KAAK,CACV,EAAE,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,EACrD,wCAAwC,CACzC,CAAA;IACH,CAAC;IAED,IAAI,CAAC;QACH,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,IAAA,mBAAW,EAAC,GAAG,EAAE,QAAQ,EAAE;gBAC/B,SAAS;gBACT,WAAW;gBACX,UAAU;gBACV,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,8BAA8B,CAAA;QAC9C,2BAAM,CAAC,KAAK,CACV,EAAE,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,EACrD,OAAO,CACR,CAAA;QACD,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;IACjD,CAAC;AACH,CAAC,CAAA;AA9DU,QAAA,OAAO,WA8DjB","sourcesContent":["import express, { RequestHandler } from 'express'\nimport { ageAssuranceLogger as logger } from '../../../logger'\nimport { AGE_ASSURANCE_CONFIG } from '../const'\nimport {\n  type KWSWebhookAgeVerified,\n  parseKWSAgeVerifiedWebhook,\n} from '../kws/age-verified'\nimport { parseKWSExternalPayloadV2 } from '../kws/external-payload'\nimport { createEvent } from '../stash'\nimport { type AppContextWithAA } from '../types'\nimport { computeAgeAssuranceAccessOrThrow } from '../util'\n\nexport const handler =\n  (ctx: AppContextWithAA): RequestHandler =>\n  async (req: express.Request, res: express.Response) => {\n    let body: KWSWebhookAgeVerified\n    try {\n      body = parseKWSAgeVerifiedWebhook(req.body)\n    } catch (err) {\n      const message = 'Failed to parse KWS webhook body'\n      logger.error({ err }, message)\n      return res.status(400).json({ error: message })\n    }\n\n    const { status, externalPayload } = body.payload\n    const { verified, verifiedMinimumAge } = status\n    const { actorDid, countryCode, regionCode, attemptId } =\n      parseKWSExternalPayloadV2(externalPayload)\n\n    /*\n     * KWS does not send unverified webhooks for age verification, so we\n     * expect all webhooks to be verified. This is just a sanity check.\n     */\n    if (!verified) {\n      const message = 'Expected KWS webhook to have verified status'\n      logger.error({}, message)\n      return res.status(400).json({ error: message })\n    }\n\n    let result: ReturnType<typeof computeAgeAssuranceAccessOrThrow> | undefined\n    try {\n      result = computeAgeAssuranceAccessOrThrow(AGE_ASSURANCE_CONFIG, {\n        countryCode,\n        regionCode,\n        verifiedMinimumAge,\n      })\n    } catch (err) {\n      // internal errors\n      logger.error(\n        { err, attemptId, actorDid, countryCode, regionCode },\n        'Failed to compute age assurance access',\n      )\n    }\n\n    try {\n      if (result) {\n        await createEvent(ctx, actorDid, {\n          attemptId,\n          countryCode,\n          regionCode,\n          status: 'assured',\n          access: result.access,\n        })\n      }\n\n      return res.status(200).end()\n    } catch (err) {\n      const message = 'Failed to handle KWS webhook'\n      logger.error(\n        { err, attemptId, actorDid, countryCode, regionCode },\n        message,\n      )\n      return res.status(500).json({ error: message })\n    }\n  }\n"]}

package/dist/api/app/bsky/ageassurance/begin.d.ts

@@ -0,0 +1,4 @@
+import { AppContext } from '../../../../context';
+import { Server } from '../../../../lexicon';
+export default function (server: Server, ctx: AppContext): void;
+//# sourceMappingURL=begin.d.ts.map

package/dist/api/app/bsky/ageassurance/begin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"begin.d.ts","sourceRoot":"","sources":["../../../../../src/api/app/bsky/ageassurance/begin.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAA;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAkB5C,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA2GvD"}