@atproto/oauth-client 0.6.1 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/CHANGELOG.md +28 -0
  2. package/dist/constants.js +1 -4
  3. package/dist/constants.js.map +1 -1
  4. package/dist/errors/auth-method-unsatisfiable-error.js +1 -5
  5. package/dist/errors/auth-method-unsatisfiable-error.js.map +1 -1
  6. package/dist/errors/token-invalid-error.js +2 -11
  7. package/dist/errors/token-invalid-error.js.map +1 -1
  8. package/dist/errors/token-refresh-error.js +2 -11
  9. package/dist/errors/token-refresh-error.js.map +1 -1
  10. package/dist/errors/token-revoked-error.js +2 -11
  11. package/dist/errors/token-revoked-error.js.map +1 -1
  12. package/dist/fetch-dpop.js +6 -9
  13. package/dist/fetch-dpop.js.map +1 -1
  14. package/dist/identity-resolver.js +1 -5
  15. package/dist/identity-resolver.js.map +1 -1
  16. package/dist/index.d.ts +1 -1
  17. package/dist/index.d.ts.map +1 -1
  18. package/dist/index.js +24 -44
  19. package/dist/index.js.map +1 -1
  20. package/dist/lock.js +1 -5
  21. package/dist/lock.js.map +1 -1
  22. package/dist/oauth-authorization-server-metadata-resolver.js +13 -29
  23. package/dist/oauth-authorization-server-metadata-resolver.js.map +1 -1
  24. package/dist/oauth-callback-error.js +3 -17
  25. package/dist/oauth-callback-error.js.map +1 -1
  26. package/dist/oauth-client-auth.js +13 -17
  27. package/dist/oauth-client-auth.js.map +1 -1
  28. package/dist/oauth-client.js +49 -111
  29. package/dist/oauth-client.js.map +1 -1
  30. package/dist/oauth-protected-resource-metadata-resolver.js +13 -29
  31. package/dist/oauth-protected-resource-metadata-resolver.js.map +1 -1
  32. package/dist/oauth-resolver-error.js +3 -7
  33. package/dist/oauth-resolver-error.js.map +1 -1
  34. package/dist/oauth-resolver.js +15 -34
  35. package/dist/oauth-resolver.js.map +1 -1
  36. package/dist/oauth-response-error.js +6 -32
  37. package/dist/oauth-response-error.js.map +1 -1
  38. package/dist/oauth-server-agent.js +23 -79
  39. package/dist/oauth-server-agent.js.map +1 -1
  40. package/dist/oauth-server-factory.js +9 -43
  41. package/dist/oauth-server-factory.js.map +1 -1
  42. package/dist/oauth-session.js +12 -37
  43. package/dist/oauth-session.js.map +1 -1
  44. package/dist/runtime-implementation.d.ts +1 -1
  45. package/dist/runtime-implementation.d.ts.map +1 -1
  46. package/dist/runtime-implementation.js +1 -2
  47. package/dist/runtime-implementation.js.map +1 -1
  48. package/dist/runtime.js +8 -29
  49. package/dist/runtime.js.map +1 -1
  50. package/dist/session-getter.js +23 -38
  51. package/dist/session-getter.js.map +1 -1
  52. package/dist/state-store.js +1 -2
  53. package/dist/types.d.ts.map +1 -1
  54. package/dist/types.js +6 -9
  55. package/dist/types.js.map +1 -1
  56. package/dist/util.js +3 -9
  57. package/dist/util.js.map +1 -1
  58. package/dist/validate-client-metadata.js +9 -12
  59. package/dist/validate-client-metadata.js.map +1 -1
  60. package/package.json +17 -16
  61. package/src/core-js.d.ts +1 -0
  62. package/src/index.ts +1 -1
  63. package/src/runtime-implementation.ts +2 -2
  64. package/tsconfig.build.tsbuildinfo +1 -1
package/dist/oauth-session.js CHANGED
@@ -1,39 +1,15 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.OAuthSession = void 0;
4
- const fetch_1 = require("@atproto-labs/fetch");
5
- const token_invalid_error_js_1 = require("./errors/token-invalid-error.js");
6
- const token_revoked_error_js_1 = require("./errors/token-revoked-error.js");
7
- const fetch_dpop_js_1 = require("./fetch-dpop.js");
1
+ import { bindFetch } from '@atproto-labs/fetch';
2
+ import { TokenInvalidError } from './errors/token-invalid-error.js';
3
+ import { TokenRevokedError } from './errors/token-revoked-error.js';
4
+ import { dpopFetchWrapper } from './fetch-dpop.js';
8
5
  const ReadableStream = globalThis.ReadableStream;
9
- class OAuthSession {
6
+ export class OAuthSession {
10
7
  constructor(server, sub, sessionGetter, fetch = globalThis.fetch) {
11
- Object.defineProperty(this, "server", {
12
- enumerable: true,
13
- configurable: true,
14
- writable: true,
15
- value: server
16
- });
17
- Object.defineProperty(this, "sub", {
18
- enumerable: true,
19
- configurable: true,
20
- writable: true,
21
- value: sub
22
- });
23
- Object.defineProperty(this, "sessionGetter", {
24
- enumerable: true,
25
- configurable: true,
26
- writable: true,
27
- value: sessionGetter
28
- });
29
- Object.defineProperty(this, "dpopFetch", {
30
- enumerable: true,
31
- configurable: true,
32
- writable: true,
33
- value: void 0
34
- });
35
- this.dpopFetch = (0, fetch_dpop_js_1.dpopFetchWrapper)({
36
- fetch: (0, fetch_1.bindFetch)(fetch),
8
+ this.server = server;
9
+ this.sub = sub;
10
+ this.sessionGetter = sessionGetter;
11
+ this.dpopFetch = dpopFetchWrapper({
12
+ fetch: bindFetch(fetch),
37
13
  key: server.dpopKey,
38
14
  supportedAlgs: server.serverMetadata.dpop_signing_alg_values_supported,
39
15
  sha256: async (v) => server.runtime.sha256(v),
@@ -79,7 +55,7 @@ class OAuthSession {
79
55
  await this.server.revoke(tokenSet.access_token);
80
56
  }
81
57
  finally {
82
- await this.sessionGetter.delStored(this.sub, new token_revoked_error_js_1.TokenRevokedError(this.sub));
58
+ await this.sessionGetter.delStored(this.sub, new TokenRevokedError(this.sub));
83
59
  }
84
60
  }
85
61
  async fetchHandler(pathname, init) {
@@ -124,12 +100,11 @@ class OAuthSession {
124
100
  // @TODO Is there a "softer" way to handle this, e.g. by marking the
125
101
  // session as "expired" in the session store, allowing the user to trigger
126
102
  // a new login (using login_hint)?
127
- await this.sessionGetter.delStored(this.sub, new token_invalid_error_js_1.TokenInvalidError(this.sub));
103
+ await this.sessionGetter.delStored(this.sub, new TokenInvalidError(this.sub));
128
104
  }
129
105
  return finalResponse;
130
106
  }
131
107
  }
132
- exports.OAuthSession = OAuthSession;
133
108
  /**
134
109
  * @see {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3}
135
110
  * @see {@link https://datatracker.ietf.org/doc/html/rfc9449#name-resource-server-provided-no}
package/dist/oauth-session.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-session.js","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":";;;AAKA,+CAAsD;AACtD,4EAAmE;AACnE,4EAAmE;AACnE,mDAAkD;AAIlD,MAAM,cAAc,GAAG,UAAU,CAAC,cAErB,CAAA;AAYb,MAAa,YAAY;IAGvB,YACkB,MAAwB,EACxB,GAAe,EACd,aAA4B,EAC7C,QAAe,UAAU,CAAC,KAAK;QAH/B;;;;mBAAgB,MAAM;WAAkB;QACxC;;;;mBAAgB,GAAG;WAAY;QAC/B;;;;mBAAiB,aAAa;WAAe;QALrC;;;;;WAAyB;QAQjC,IAAI,CAAC,SAAS,GAAG,IAAA,gCAAgB,EAAO;YACtC,KAAK,EAAE,IAAA,iBAAS,EAAC,KAAK,CAAC;YACvB,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,iCAAiC;YACtE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,GAAG,CAAA;IACjB,CAAC;IAED,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAA;IACnC,CAAC;IAED;;;;;OAKG;IACO,KAAK,CAAC,WAAW,CAAC,OAAyB;QACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAE3E,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,UAA4B,MAAM;QACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QAChD,MAAM,SAAS,GACb,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;QAEzE,OAAO;YACL,SAAS;YACT,IAAI,OAAO;gBACT,OAAO,SAAS,IAAI,IAAI;oBACtB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAA;YAC5C,CAAC;YACD,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;SAClB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YAC9C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QACjD,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,IAAkB;QACrD,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;QAE/C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAoB,CAAC,CAAA;QACnE,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAA;QAErE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAA;QAEzC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;YACvD,GAAG,IAAI;YACP,OAAO;SACR,CAAC,CAAA;QAEF,2DAA2D;QAC3D,IAAI,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,IAAI,aAAuB,CAAA;QAC3B,IAAI,CAAC;YACH,kBAAkB;YAClB,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,2EAA2E;QAC3E,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,IAAI,cAAc,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC3D,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,aAAa,CAAC,UAAU,IAAI,aAAa,CAAC,YAAY,EAAE,CAAA;QAC7E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;QAErD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;QAEvC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QAE1E,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;QACzE,iEAAiE;QACjE,IAAI,sBAAsB,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1C,oEAAoE;YACpE,0EAA0E;YAC1E,kCAAkC;YAClC,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,0CAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;CACF;AAjID,oCAiIC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,QAAkB;IAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IACxD,OAAO,CACL,OAAO,IAAI,IAAI;QACf,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAC1C,CAAA;AACH,CAAC","sourcesContent":["import { AtprotoDid } from '@atproto/did'\nimport {\n AtprotoOAuthScope,\n OAuthAuthorizationServerMetadata,\n} from '@atproto/oauth-types'\nimport { Fetch, bindFetch } from '@atproto-labs/fetch'\nimport { TokenInvalidError } from './errors/token-invalid-error.js'\nimport { TokenRevokedError } from './errors/token-revoked-error.js'\nimport { dpopFetchWrapper } from './fetch-dpop.js'\nimport { OAuthServerAgent, TokenSet } from './oauth-server-agent.js'\nimport { SessionGetter } from './session-getter.js'\n\nconst ReadableStream = globalThis.ReadableStream as\n | typeof globalThis.ReadableStream\n | undefined\n\nexport type { AtprotoDid, AtprotoOAuthScope }\nexport type TokenInfo = {\n expiresAt?: Date\n expired?: boolean\n scope: AtprotoOAuthScope\n iss: string\n aud: string\n sub: AtprotoDid\n}\n\nexport class OAuthSession {\n protected dpopFetch: Fetch<unknown>\n\n constructor(\n public readonly server: OAuthServerAgent,\n public readonly sub: AtprotoDid,\n private readonly sessionGetter: SessionGetter,\n fetch: Fetch = globalThis.fetch,\n ) {\n this.dpopFetch = dpopFetchWrapper<void>({\n fetch: bindFetch(fetch),\n key: server.dpopKey,\n supportedAlgs: server.serverMetadata.dpop_signing_alg_values_supported,\n sha256: async (v) => server.runtime.sha256(v),\n nonces: server.dpopNonces,\n isAuthServer: false,\n })\n }\n\n get did(): AtprotoDid {\n return this.sub\n }\n\n get serverMetadata(): Readonly<OAuthAuthorizationServerMetadata> {\n return this.server.serverMetadata\n }\n\n /**\n * @param refresh When `true`, the credentials will be refreshed even if they\n * are not expired. When `false`, the credentials will not be refreshed even\n * if they are expired. When `undefined`, the credentials will be refreshed\n * if, and only if, they are (about to be) expired. Defaults to `undefined`.\n */\n protected async getTokenSet(refresh: boolean | 'auto'): Promise<TokenSet> {\n const { tokenSet } = await this.sessionGetter.getSession(this.sub, refresh)\n\n return tokenSet\n }\n\n async getTokenInfo(refresh: boolean | 'auto' = 'auto'): Promise<TokenInfo> {\n const tokenSet = await this.getTokenSet(refresh)\n const expiresAt =\n tokenSet.expires_at == null ? undefined : new Date(tokenSet.expires_at)\n\n return {\n expiresAt,\n get expired() {\n return expiresAt == null\n ? undefined\n : expiresAt.getTime() < Date.now() - 5e3\n },\n scope: tokenSet.scope,\n iss: tokenSet.iss,\n aud: tokenSet.aud,\n sub: tokenSet.sub,\n }\n }\n\n async signOut(): Promise<void> {\n try {\n const tokenSet = await this.getTokenSet(false)\n await this.server.revoke(tokenSet.access_token)\n } finally {\n await this.sessionGetter.delStored(\n this.sub,\n new TokenRevokedError(this.sub),\n )\n }\n }\n\n async fetchHandler(pathname: string, init?: RequestInit): Promise<Response> {\n // This will try and refresh the token if it is known to be expired\n const tokenSet = await this.getTokenSet('auto')\n\n const initialUrl = new URL(pathname, tokenSet.aud satisfies string)\n const initialAuth = `${tokenSet.token_type} ${tokenSet.access_token}`\n\n const headers = new Headers(init?.headers)\n headers.set('Authorization', initialAuth)\n\n const initialResponse = await this.dpopFetch(initialUrl, {\n ...init,\n headers,\n })\n\n // If the token is not expired, we don't need to refresh it\n if (!isInvalidTokenResponse(initialResponse)) {\n return initialResponse\n }\n\n let tokenSetFresh: TokenSet\n try {\n // Force a refresh\n tokenSetFresh = await this.getTokenSet(true)\n } catch (err) {\n return initialResponse\n }\n\n // The stream was already consumed. We cannot retry the request. A solution\n // would be to tee() the input stream but that would bufferize the entire\n // stream in memory which can lead to memory starvation. Instead, we will\n // return the original response and let the calling code handle retries.\n if (ReadableStream && init?.body instanceof ReadableStream) {\n return initialResponse\n }\n\n const finalAuth = `${tokenSetFresh.token_type} ${tokenSetFresh.access_token}`\n const finalUrl = new URL(pathname, tokenSetFresh.aud)\n\n headers.set('Authorization', finalAuth)\n\n const finalResponse = await this.dpopFetch(finalUrl, { ...init, headers })\n\n // The token was successfully refreshed, but is still not accepted by the\n // resource server. This might be due to the resource server not accepting\n // credentials from the authorization server (e.g. because some migration\n // occurred). Any ways, there is no point in keeping the session.\n if (isInvalidTokenResponse(finalResponse)) {\n // @TODO Is there a \"softer\" way to handle this, e.g. by marking the\n // session as \"expired\" in the session store, allowing the user to trigger\n // a new login (using login_hint)?\n await this.sessionGetter.delStored(\n this.sub,\n new TokenInvalidError(this.sub),\n )\n }\n\n return finalResponse\n }\n}\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc9449#name-resource-server-provided-no}\n */\nfunction isInvalidTokenResponse(response: Response) {\n if (response.status !== 401) return false\n const wwwAuth = response.headers.get('WWW-Authenticate')\n return (\n wwwAuth != null &&\n (wwwAuth.startsWith('Bearer ') || wwwAuth.startsWith('DPoP ')) &&\n wwwAuth.includes('error=\"invalid_token\"')\n )\n}\n"]}
1
+ {"version":3,"file":"oauth-session.js","sourceRoot":"","sources":["../src/oauth-session.ts"],"names":[],"mappings":"AAKA,OAAO,EAAS,SAAS,EAAE,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAIlD,MAAM,cAAc,GAAG,UAAU,CAAC,cAErB,CAAA;AAYb,MAAM,OAAO,YAAY;IAGvB,YACkB,MAAwB,EACxB,GAAe,EACd,aAA4B,EAC7C,QAAe,UAAU,CAAC,KAAK;QAHf,WAAM,GAAN,MAAM,CAAkB;QACxB,QAAG,GAAH,GAAG,CAAY;QACd,kBAAa,GAAb,aAAa,CAAe;QAG7C,IAAI,CAAC,SAAS,GAAG,gBAAgB,CAAO;YACtC,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC;YACvB,GAAG,EAAE,MAAM,CAAC,OAAO;YACnB,aAAa,EAAE,MAAM,CAAC,cAAc,CAAC,iCAAiC;YACtE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;YAC7C,MAAM,EAAE,MAAM,CAAC,UAAU;YACzB,YAAY,EAAE,KAAK;SACpB,CAAC,CAAA;IACJ,CAAC;IAED,IAAI,GAAG;QACL,OAAO,IAAI,CAAC,GAAG,CAAA;IACjB,CAAC;IAED,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,CAAA;IACnC,CAAC;IAED;;;;;OAKG;IACO,KAAK,CAAC,WAAW,CAAC,OAAyB;QACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QAE3E,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,UAA4B,MAAM;QACnD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QAChD,MAAM,SAAS,GACb,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;QAEzE,OAAO;YACL,SAAS;YACT,IAAI,OAAO;gBACT,OAAO,SAAS,IAAI,IAAI;oBACtB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAA;YAC5C,CAAC;YACD,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;YACjB,GAAG,EAAE,QAAQ,CAAC,GAAG;SAClB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YAC9C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;QACjD,CAAC;gBAAS,CAAC;YACT,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,IAAkB;QACrD,mEAAmE;QACnE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAA;QAE/C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAoB,CAAC,CAAA;QACnE,MAAM,WAAW,GAAG,GAAG,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAA;QAErE,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,WAAW,CAAC,CAAA;QAEzC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE;YACvD,GAAG,IAAI;YACP,OAAO;SACR,CAAC,CAAA;QAEF,2DAA2D;QAC3D,IAAI,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,IAAI,aAAuB,CAAA;QAC3B,IAAI,CAAC;YACH,kBAAkB;YAClB,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAC9C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,2EAA2E;QAC3E,yEAAyE;QACzE,yEAAyE;QACzE,wEAAwE;QACxE,IAAI,cAAc,IAAI,IAAI,EAAE,IAAI,YAAY,cAAc,EAAE,CAAC;YAC3D,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,aAAa,CAAC,UAAU,IAAI,aAAa,CAAC,YAAY,EAAE,CAAA;QAC7E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;QAErD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;QAEvC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;QAE1E,yEAAyE;QACzE,0EAA0E;QAC1E,yEAAyE;QACzE,iEAAiE;QACjE,IAAI,sBAAsB,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1C,oEAAoE;YACpE,0EAA0E;YAC1E,kCAAkC;YAClC,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAChC,IAAI,CAAC,GAAG,EACR,IAAI,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAChC,CAAA;QACH,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC;CACF;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAAC,QAAkB;IAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IACxD,OAAO,CACL,OAAO,IAAI,IAAI;QACf,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAC1C,CAAA;AACH,CAAC","sourcesContent":["import { AtprotoDid } from '@atproto/did'\nimport {\n AtprotoOAuthScope,\n OAuthAuthorizationServerMetadata,\n} from '@atproto/oauth-types'\nimport { Fetch, bindFetch } from '@atproto-labs/fetch'\nimport { TokenInvalidError } from './errors/token-invalid-error.js'\nimport { TokenRevokedError } from './errors/token-revoked-error.js'\nimport { dpopFetchWrapper } from './fetch-dpop.js'\nimport { OAuthServerAgent, TokenSet } from './oauth-server-agent.js'\nimport { SessionGetter } from './session-getter.js'\n\nconst ReadableStream = globalThis.ReadableStream as\n | typeof globalThis.ReadableStream\n | undefined\n\nexport type { AtprotoDid, AtprotoOAuthScope }\nexport type TokenInfo = {\n expiresAt?: Date\n expired?: boolean\n scope: AtprotoOAuthScope\n iss: string\n aud: string\n sub: AtprotoDid\n}\n\nexport class OAuthSession {\n protected dpopFetch: Fetch<unknown>\n\n constructor(\n public readonly server: OAuthServerAgent,\n public readonly sub: AtprotoDid,\n private readonly sessionGetter: SessionGetter,\n fetch: Fetch = globalThis.fetch,\n ) {\n this.dpopFetch = dpopFetchWrapper<void>({\n fetch: bindFetch(fetch),\n key: server.dpopKey,\n supportedAlgs: server.serverMetadata.dpop_signing_alg_values_supported,\n sha256: async (v) => server.runtime.sha256(v),\n nonces: server.dpopNonces,\n isAuthServer: false,\n })\n }\n\n get did(): AtprotoDid {\n return this.sub\n }\n\n get serverMetadata(): Readonly<OAuthAuthorizationServerMetadata> {\n return this.server.serverMetadata\n }\n\n /**\n * @param refresh When `true`, the credentials will be refreshed even if they\n * are not expired. When `false`, the credentials will not be refreshed even\n * if they are expired. When `undefined`, the credentials will be refreshed\n * if, and only if, they are (about to be) expired. Defaults to `undefined`.\n */\n protected async getTokenSet(refresh: boolean | 'auto'): Promise<TokenSet> {\n const { tokenSet } = await this.sessionGetter.getSession(this.sub, refresh)\n\n return tokenSet\n }\n\n async getTokenInfo(refresh: boolean | 'auto' = 'auto'): Promise<TokenInfo> {\n const tokenSet = await this.getTokenSet(refresh)\n const expiresAt =\n tokenSet.expires_at == null ? undefined : new Date(tokenSet.expires_at)\n\n return {\n expiresAt,\n get expired() {\n return expiresAt == null\n ? undefined\n : expiresAt.getTime() < Date.now() - 5e3\n },\n scope: tokenSet.scope,\n iss: tokenSet.iss,\n aud: tokenSet.aud,\n sub: tokenSet.sub,\n }\n }\n\n async signOut(): Promise<void> {\n try {\n const tokenSet = await this.getTokenSet(false)\n await this.server.revoke(tokenSet.access_token)\n } finally {\n await this.sessionGetter.delStored(\n this.sub,\n new TokenRevokedError(this.sub),\n )\n }\n }\n\n async fetchHandler(pathname: string, init?: RequestInit): Promise<Response> {\n // This will try and refresh the token if it is known to be expired\n const tokenSet = await this.getTokenSet('auto')\n\n const initialUrl = new URL(pathname, tokenSet.aud satisfies string)\n const initialAuth = `${tokenSet.token_type} ${tokenSet.access_token}`\n\n const headers = new Headers(init?.headers)\n headers.set('Authorization', initialAuth)\n\n const initialResponse = await this.dpopFetch(initialUrl, {\n ...init,\n headers,\n })\n\n // If the token is not expired, we don't need to refresh it\n if (!isInvalidTokenResponse(initialResponse)) {\n return initialResponse\n }\n\n let tokenSetFresh: TokenSet\n try {\n // Force a refresh\n tokenSetFresh = await this.getTokenSet(true)\n } catch (err) {\n return initialResponse\n }\n\n // The stream was already consumed. We cannot retry the request. A solution\n // would be to tee() the input stream but that would bufferize the entire\n // stream in memory which can lead to memory starvation. Instead, we will\n // return the original response and let the calling code handle retries.\n if (ReadableStream && init?.body instanceof ReadableStream) {\n return initialResponse\n }\n\n const finalAuth = `${tokenSetFresh.token_type} ${tokenSetFresh.access_token}`\n const finalUrl = new URL(pathname, tokenSetFresh.aud)\n\n headers.set('Authorization', finalAuth)\n\n const finalResponse = await this.dpopFetch(finalUrl, { ...init, headers })\n\n // The token was successfully refreshed, but is still not accepted by the\n // resource server. This might be due to the resource server not accepting\n // credentials from the authorization server (e.g. because some migration\n // occurred). Any ways, there is no point in keeping the session.\n if (isInvalidTokenResponse(finalResponse)) {\n // @TODO Is there a \"softer\" way to handle this, e.g. by marking the\n // session as \"expired\" in the session store, allowing the user to trigger\n // a new login (using login_hint)?\n await this.sessionGetter.delStored(\n this.sub,\n new TokenInvalidError(this.sub),\n )\n }\n\n return finalResponse\n }\n}\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc9449#name-resource-server-provided-no}\n */\nfunction isInvalidTokenResponse(response: Response) {\n if (response.status !== 401) return false\n const wwwAuth = response.headers.get('WWW-Authenticate')\n return (\n wwwAuth != null &&\n (wwwAuth.startsWith('Bearer ') || wwwAuth.startsWith('DPoP ')) &&\n wwwAuth.includes('error=\"invalid_token\"')\n )\n}\n"]}
package/dist/runtime-implementation.d.ts CHANGED
@@ -6,7 +6,7 @@ export type RuntimeRandomValues = (length: number) => Awaitable<Uint8Array>;
6
6
  export type DigestAlgorithm = {
7
7
  name: 'sha256' | 'sha384' | 'sha512';
8
8
  };
9
- export type RuntimeDigest = (data: Uint8Array, alg: DigestAlgorithm) => Awaitable<Uint8Array>;
9
+ export type RuntimeDigest = (data: Uint8Array<ArrayBuffer>, alg: DigestAlgorithm) => Awaitable<Uint8Array<ArrayBuffer>>;
10
10
  export type RuntimeLock = <T>(name: string, fn: () => Awaitable<T>) => Awaitable<T>;
11
11
  export interface RuntimeImplementation {
12
12
  createKey: RuntimeKeyFactory;
package/dist/runtime-implementation.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"runtime-implementation.d.ts","sourceRoot":"","sources":["../src/runtime-implementation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AAErC,YAAY,EAAE,GAAG,EAAE,CAAA;AACnB,MAAM,MAAM,iBAAiB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,CAAA;AAE1E,MAAM,MAAM,mBAAmB,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,SAAS,CAAC,UAAU,CAAC,CAAA;AAE3E,MAAM,MAAM,eAAe,GAAG;IAAE,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAA;CAAE,CAAA;AACtE,MAAM,MAAM,aAAa,GAAG,CAC1B,IAAI,EAAE,UAAU,EAChB,GAAG,EAAE,eAAe,KACjB,SAAS,CAAC,UAAU,CAAC,CAAA;AAE1B,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,EAC1B,IAAI,EAAE,MAAM,EACZ,EAAE,EAAE,MAAM,SAAS,CAAC,CAAC,CAAC,KACnB,SAAS,CAAC,CAAC,CAAC,CAAA;AAEjB,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,iBAAiB,CAAA;IAC5B,eAAe,EAAE,mBAAmB,CAAA;IACpC,MAAM,EAAE,aAAa,CAAA;IACrB,WAAW,CAAC,EAAE,WAAW,CAAA;CAC1B"}
1
+ {"version":3,"file":"runtime-implementation.d.ts","sourceRoot":"","sources":["../src/runtime-implementation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,cAAc,CAAA;AAClC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AAErC,YAAY,EAAE,GAAG,EAAE,CAAA;AACnB,MAAM,MAAM,iBAAiB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,CAAA;AAE1E,MAAM,MAAM,mBAAmB,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,SAAS,CAAC,UAAU,CAAC,CAAA;AAE3E,MAAM,MAAM,eAAe,GAAG;IAAE,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAA;CAAE,CAAA;AACtE,MAAM,MAAM,aAAa,GAAG,CAC1B,IAAI,EAAE,UAAU,CAAC,WAAW,CAAC,EAC7B,GAAG,EAAE,eAAe,KACjB,SAAS,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAA;AAEvC,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,EAC1B,IAAI,EAAE,MAAM,EACZ,EAAE,EAAE,MAAM,SAAS,CAAC,CAAC,CAAC,KACnB,SAAS,CAAC,CAAC,CAAC,CAAA;AAEjB,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,iBAAiB,CAAA;IAC5B,eAAe,EAAE,mBAAmB,CAAA;IACpC,MAAM,EAAE,aAAa,CAAA;IACrB,WAAW,CAAC,EAAE,WAAW,CAAA;CAC1B"}
package/dist/runtime-implementation.js CHANGED
@@ -1,3 +1,2 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
1
+ export {};
3
2
  //# sourceMappingURL=runtime-implementation.js.map
package/dist/runtime-implementation.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"runtime-implementation.js","sourceRoot":"","sources":["../src/runtime-implementation.ts"],"names":[],"mappings":"","sourcesContent":["import { Key } from '@atproto/jwk'\nimport { Awaitable } from './util.js'\n\nexport type { Key }\nexport type RuntimeKeyFactory = (algs: string[]) => Key | PromiseLike<Key>\n\nexport type RuntimeRandomValues = (length: number) => Awaitable<Uint8Array>\n\nexport type DigestAlgorithm = { name: 'sha256' | 'sha384' | 'sha512' }\nexport type RuntimeDigest = (\n data: Uint8Array,\n alg: DigestAlgorithm,\n) => Awaitable<Uint8Array>\n\nexport type RuntimeLock = <T>(\n name: string,\n fn: () => Awaitable<T>,\n) => Awaitable<T>\n\nexport interface RuntimeImplementation {\n createKey: RuntimeKeyFactory\n getRandomValues: RuntimeRandomValues\n digest: RuntimeDigest\n requestLock?: RuntimeLock\n}\n"]}
1
+ {"version":3,"file":"runtime-implementation.js","sourceRoot":"","sources":["../src/runtime-implementation.ts"],"names":[],"mappings":"","sourcesContent":["import { Key } from '@atproto/jwk'\nimport { Awaitable } from './util.js'\n\nexport type { Key }\nexport type RuntimeKeyFactory = (algs: string[]) => Key | PromiseLike<Key>\n\nexport type RuntimeRandomValues = (length: number) => Awaitable<Uint8Array>\n\nexport type DigestAlgorithm = { name: 'sha256' | 'sha384' | 'sha512' }\nexport type RuntimeDigest = (\n data: Uint8Array<ArrayBuffer>,\n alg: DigestAlgorithm,\n) => Awaitable<Uint8Array<ArrayBuffer>>\n\nexport type RuntimeLock = <T>(\n name: string,\n fn: () => Awaitable<T>,\n) => Awaitable<T>\n\nexport interface RuntimeImplementation {\n createKey: RuntimeKeyFactory\n getRandomValues: RuntimeRandomValues\n digest: RuntimeDigest\n requestLock?: RuntimeLock\n}\n"]}
package/dist/runtime.js CHANGED
@@ -1,34 +1,14 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.Runtime = void 0;
4
- const base64_1 = require("multiformats/bases/base64");
5
- const lock_js_1 = require("./lock.js");
6
- class Runtime {
1
+ import { base64url } from 'multiformats/bases/base64';
2
+ import { requestLocalLock } from './lock.js';
3
+ export class Runtime {
7
4
  constructor(implementation) {
8
- Object.defineProperty(this, "implementation", {
9
- enumerable: true,
10
- configurable: true,
11
- writable: true,
12
- value: implementation
13
- });
14
- Object.defineProperty(this, "hasImplementationLock", {
15
- enumerable: true,
16
- configurable: true,
17
- writable: true,
18
- value: void 0
19
- });
20
- Object.defineProperty(this, "usingLock", {
21
- enumerable: true,
22
- configurable: true,
23
- writable: true,
24
- value: void 0
25
- });
5
+ this.implementation = implementation;
26
6
  const { requestLock } = implementation;
27
7
  this.hasImplementationLock = requestLock != null;
28
8
  this.usingLock =
29
9
  requestLock?.bind(implementation) ||
30
10
  // Falling back to a local lock
31
- lock_js_1.requestLocalLock;
11
+ requestLocalLock;
32
12
  }
33
13
  async generateKey(algs) {
34
14
  const algsSorted = Array.from(algs).sort(compareAlgos);
@@ -37,11 +17,11 @@ class Runtime {
37
17
  async sha256(text) {
38
18
  const bytes = new TextEncoder().encode(text);
39
19
  const digest = await this.implementation.digest(bytes, { name: 'sha256' });
40
- return base64_1.base64url.baseEncode(digest);
20
+ return base64url.baseEncode(digest);
41
21
  }
42
22
  async generateNonce(length = 16) {
43
23
  const bytes = await this.implementation.getRandomValues(length);
44
- return base64_1.base64url.baseEncode(bytes);
24
+ return base64url.baseEncode(bytes);
45
25
  }
46
26
  async generatePKCE(byteLength) {
47
27
  const verifier = await this.generateVerifier(byteLength);
@@ -68,10 +48,9 @@ class Runtime {
68
48
  throw new TypeError('Invalid code_verifier length');
69
49
  }
70
50
  const bytes = await this.implementation.getRandomValues(byteLength);
71
- return base64_1.base64url.baseEncode(bytes);
51
+ return base64url.baseEncode(bytes);
72
52
  }
73
53
  }
74
- exports.Runtime = Runtime;
75
54
  function extractJktComponents(jwk) {
76
55
  const get = (field) => {
77
56
  const value = jwk[field];
package/dist/runtime.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":";;;AAAA,sDAAqD;AAErD,uCAA4C;AAG5C,MAAa,OAAO;IAIlB,YAAsB,cAAqC;QAA/C;;;;mBAAU,cAAc;WAAuB;QAHlD;;;;;WAA8B;QAC9B;;;;;WAAsB;QAG7B,MAAM,EAAE,WAAW,EAAE,GAAG,cAAc,CAAA;QAEtC,IAAI,CAAC,qBAAqB,GAAG,WAAW,IAAI,IAAI,CAAA;QAChD,IAAI,CAAC,SAAS;YACZ,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC;gBACjC,+BAA+B;gBAC/B,0BAAgB,CAAA;IACpB,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,IAAc;QACrC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACtD,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;IAClD,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC1E,OAAO,kBAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE;QACpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;QAC/D,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,UAAmB;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;QACxD,OAAO;YACL,QAAQ;YACR,SAAS,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,MAAM,EAAE,MAAe;SACxB,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,GAAG;QACrC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAA;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC1B,CAAC;IAED;;;;;;OAMG;IACO,KAAK,CAAC,gBAAgB,CAAC,UAAU,GAAG,EAAE;QAC9C,IAAI,UAAU,GAAG,EAAE,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAA;QACrD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;QACnE,OAAO,kBAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;CACF;AA3DD,0BA2DC;AAED,SAAS,oBAAoB,CAAC,GAAG;IAC/B,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,EAAE;QACpB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,MAAM,IAAI,SAAS,CAAC,IAAI,KAAK,gCAAgC,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC,CAAA;IAED,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI;YACP,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACvE,KAAK,KAAK;YACR,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QAC1D,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACtD,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAA;QACzC;YACE,MAAM,IAAI,SAAS,CAAC,mDAAmD,CAAC,CAAA;IAC5E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,CAAS,EAAE,CAAS;IACxC,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC,CAAA;IAC7B,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAA;IAE5B,KAAK,MAAM,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBAEpC,6BAA6B;gBAC7B,OAAO,IAAI,GAAG,IAAI,CAAA;YACpB,CAAC;YACD,OAAO,CAAC,CAAC,CAAA;QACX,CAAC;aAAM,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,CAAA;QACV,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,OAAO,CAAC,CAAA;AACV,CAAC","sourcesContent":["import { base64url } from 'multiformats/bases/base64'\nimport { Key } from '@atproto/jwk'\nimport { requestLocalLock } from './lock.js'\nimport { RuntimeImplementation, RuntimeLock } from './runtime-implementation.js'\n\nexport class Runtime {\n readonly hasImplementationLock: boolean\n readonly usingLock: RuntimeLock\n\n constructor(protected implementation: RuntimeImplementation) {\n const { requestLock } = implementation\n\n this.hasImplementationLock = requestLock != null\n this.usingLock =\n requestLock?.bind(implementation) ||\n // Falling back to a local lock\n requestLocalLock\n }\n\n public async generateKey(algs: string[]): Promise<Key> {\n const algsSorted = Array.from(algs).sort(compareAlgos)\n return this.implementation.createKey(algsSorted)\n }\n\n public async sha256(text: string): Promise<string> {\n const bytes = new TextEncoder().encode(text)\n const digest = await this.implementation.digest(bytes, { name: 'sha256' })\n return base64url.baseEncode(digest)\n }\n\n public async generateNonce(length = 16): Promise<string> {\n const bytes = await this.implementation.getRandomValues(length)\n return base64url.baseEncode(bytes)\n }\n\n public async generatePKCE(byteLength?: number) {\n const verifier = await this.generateVerifier(byteLength)\n return {\n verifier,\n challenge: await this.sha256(verifier),\n method: 'S256' as const,\n }\n }\n\n public async calculateJwkThumbprint(jwk) {\n const components = extractJktComponents(jwk)\n const data = JSON.stringify(components)\n return this.sha256(data)\n }\n\n /**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7636#section-4.1}\n * @note It is RECOMMENDED that the output of a suitable random number generator\n * be used to create a 32-octet sequence. The octet sequence is then\n * base64url-encoded to produce a 43-octet URL safe string to use as the code\n * verifier.\n */\n protected async generateVerifier(byteLength = 32) {\n if (byteLength < 32 || byteLength > 96) {\n throw new TypeError('Invalid code_verifier length')\n }\n const bytes = await this.implementation.getRandomValues(byteLength)\n return base64url.baseEncode(bytes)\n }\n}\n\nfunction extractJktComponents(jwk) {\n const get = (field) => {\n const value = jwk[field]\n if (typeof value !== 'string' || !value) {\n throw new TypeError(`\"${field}\" Parameter missing or invalid`)\n }\n return value\n }\n\n switch (jwk.kty) {\n case 'EC':\n return { crv: get('crv'), kty: get('kty'), x: get('x'), y: get('y') }\n case 'OKP':\n return { crv: get('crv'), kty: get('kty'), x: get('x') }\n case 'RSA':\n return { e: get('e'), kty: get('kty'), n: get('n') }\n case 'oct':\n return { k: get('k'), kty: get('kty') }\n default:\n throw new TypeError('\"kty\" (Key Type) Parameter missing or unsupported')\n }\n}\n\n/**\n * 256K > ES (256 > 384 > 512) > PS (256 > 384 > 512) > RS (256 > 384 > 512) > other (in original order)\n */\nfunction compareAlgos(a: string, b: string): number {\n if (a === 'ES256K') return -1\n if (b === 'ES256K') return 1\n\n for (const prefix of ['ES', 'PS', 'RS']) {\n if (a.startsWith(prefix)) {\n if (b.startsWith(prefix)) {\n const aLen = parseInt(a.slice(2, 5))\n const bLen = parseInt(b.slice(2, 5))\n\n // Prefer shorter key lengths\n return aLen - bLen\n }\n return -1\n } else if (b.startsWith(prefix)) {\n return 1\n }\n }\n\n // Don't know how to compare, keep original order\n return 0\n}\n"]}
1
+ {"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAErD,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAA;AAG5C,MAAM,OAAO,OAAO;IAIlB,YAAsB,cAAqC;QAArC,mBAAc,GAAd,cAAc,CAAuB;QACzD,MAAM,EAAE,WAAW,EAAE,GAAG,cAAc,CAAA;QAEtC,IAAI,CAAC,qBAAqB,GAAG,WAAW,IAAI,IAAI,CAAA;QAChD,IAAI,CAAC,SAAS;YACZ,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC;gBACjC,+BAA+B;gBAC/B,gBAAgB,CAAA;IACpB,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,IAAc;QACrC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACtD,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;IAClD,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,IAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC5C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC1E,OAAO,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,EAAE;QACpC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;QAC/D,OAAO,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,UAAmB;QAC3C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAA;QACxD,OAAO;YACL,QAAQ;YACR,SAAS,EAAE,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,MAAM,EAAE,MAAe;SACxB,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,GAAG;QACrC,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAA;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC1B,CAAC;IAED;;;;;;OAMG;IACO,KAAK,CAAC,gBAAgB,CAAC,UAAU,GAAG,EAAE;QAC9C,IAAI,UAAU,GAAG,EAAE,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,SAAS,CAAC,8BAA8B,CAAC,CAAA;QACrD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;QACnE,OAAO,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,CAAC;CACF;AAED,SAAS,oBAAoB,CAAC,GAAG;IAC/B,MAAM,GAAG,GAAG,CAAC,KAAK,EAAE,EAAE;QACpB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAA;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,MAAM,IAAI,SAAS,CAAC,IAAI,KAAK,gCAAgC,CAAC,CAAA;QAChE,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC,CAAA;IAED,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI;YACP,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACvE,KAAK,KAAK;YACR,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QAC1D,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAA;QACtD,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAA;QACzC;YACE,MAAM,IAAI,SAAS,CAAC,mDAAmD,CAAC,CAAA;IAC5E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,CAAS,EAAE,CAAS;IACxC,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC,CAAA;IAC7B,IAAI,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAA;IAE5B,KAAK,MAAM,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;gBAEpC,6BAA6B;gBAC7B,OAAO,IAAI,GAAG,IAAI,CAAA;YACpB,CAAC;YACD,OAAO,CAAC,CAAC,CAAA;QACX,CAAC;aAAM,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,CAAA;QACV,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,OAAO,CAAC,CAAA;AACV,CAAC","sourcesContent":["import { base64url } from 'multiformats/bases/base64'\nimport { Key } from '@atproto/jwk'\nimport { requestLocalLock } from './lock.js'\nimport { RuntimeImplementation, RuntimeLock } from './runtime-implementation.js'\n\nexport class Runtime {\n readonly hasImplementationLock: boolean\n readonly usingLock: RuntimeLock\n\n constructor(protected implementation: RuntimeImplementation) {\n const { requestLock } = implementation\n\n this.hasImplementationLock = requestLock != null\n this.usingLock =\n requestLock?.bind(implementation) ||\n // Falling back to a local lock\n requestLocalLock\n }\n\n public async generateKey(algs: string[]): Promise<Key> {\n const algsSorted = Array.from(algs).sort(compareAlgos)\n return this.implementation.createKey(algsSorted)\n }\n\n public async sha256(text: string): Promise<string> {\n const bytes = new TextEncoder().encode(text)\n const digest = await this.implementation.digest(bytes, { name: 'sha256' })\n return base64url.baseEncode(digest)\n }\n\n public async generateNonce(length = 16): Promise<string> {\n const bytes = await this.implementation.getRandomValues(length)\n return base64url.baseEncode(bytes)\n }\n\n public async generatePKCE(byteLength?: number) {\n const verifier = await this.generateVerifier(byteLength)\n return {\n verifier,\n challenge: await this.sha256(verifier),\n method: 'S256' as const,\n }\n }\n\n public async calculateJwkThumbprint(jwk) {\n const components = extractJktComponents(jwk)\n const data = JSON.stringify(components)\n return this.sha256(data)\n }\n\n /**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7636#section-4.1}\n * @note It is RECOMMENDED that the output of a suitable random number generator\n * be used to create a 32-octet sequence. The octet sequence is then\n * base64url-encoded to produce a 43-octet URL safe string to use as the code\n * verifier.\n */\n protected async generateVerifier(byteLength = 32) {\n if (byteLength < 32 || byteLength > 96) {\n throw new TypeError('Invalid code_verifier length')\n }\n const bytes = await this.implementation.getRandomValues(byteLength)\n return base64url.baseEncode(bytes)\n }\n}\n\nfunction extractJktComponents(jwk) {\n const get = (field) => {\n const value = jwk[field]\n if (typeof value !== 'string' || !value) {\n throw new TypeError(`\"${field}\" Parameter missing or invalid`)\n }\n return value\n }\n\n switch (jwk.kty) {\n case 'EC':\n return { crv: get('crv'), kty: get('kty'), x: get('x'), y: get('y') }\n case 'OKP':\n return { crv: get('crv'), kty: get('kty'), x: get('x') }\n case 'RSA':\n return { e: get('e'), kty: get('kty'), n: get('n') }\n case 'oct':\n return { k: get('k'), kty: get('kty') }\n default:\n throw new TypeError('\"kty\" (Key Type) Parameter missing or unsupported')\n }\n}\n\n/**\n * 256K > ES (256 > 384 > 512) > PS (256 > 384 > 512) > RS (256 > 384 > 512) > other (in original order)\n */\nfunction compareAlgos(a: string, b: string): number {\n if (a === 'ES256K') return -1\n if (b === 'ES256K') return 1\n\n for (const prefix of ['ES', 'PS', 'RS']) {\n if (a.startsWith(prefix)) {\n if (b.startsWith(prefix)) {\n const aLen = parseInt(a.slice(2, 5))\n const bLen = parseInt(b.slice(2, 5))\n\n // Prefer shorter key lengths\n return aLen - bLen\n }\n return -1\n } else if (b.startsWith(prefix)) {\n return 1\n }\n }\n\n // Don't know how to compare, keep original order\n return 0\n}\n"]}
package/dist/session-getter.js CHANGED
@@ -1,4 +1,3 @@
1
- "use strict";
2
1
  var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) {
3
2
  if (value !== null && value !== void 0) {
4
3
  if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected.");
@@ -51,21 +50,18 @@ var __disposeResources = (this && this.__disposeResources) || (function (Suppres
51
50
  var e = new Error(message);
52
51
  return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
53
52
  });
54
- Object.defineProperty(exports, "__esModule", { value: true });
55
- exports.SessionGetter = void 0;
56
- exports.isExpectedSessionError = isExpectedSessionError;
57
- const simple_store_1 = require("@atproto-labs/simple-store");
58
- const auth_method_unsatisfiable_error_js_1 = require("./errors/auth-method-unsatisfiable-error.js");
59
- const token_invalid_error_js_1 = require("./errors/token-invalid-error.js");
60
- const token_refresh_error_js_1 = require("./errors/token-refresh-error.js");
61
- const token_revoked_error_js_1 = require("./errors/token-revoked-error.js");
62
- const oauth_response_error_js_1 = require("./oauth-response-error.js");
63
- const util_js_1 = require("./util.js");
64
- function isExpectedSessionError(err) {
65
- return (err instanceof token_refresh_error_js_1.TokenRefreshError ||
66
- err instanceof token_revoked_error_js_1.TokenRevokedError ||
67
- err instanceof token_invalid_error_js_1.TokenInvalidError ||
68
- err instanceof auth_method_unsatisfiable_error_js_1.AuthMethodUnsatisfiableError ||
53
+ import { CachedGetter, } from '@atproto-labs/simple-store';
54
+ import { AuthMethodUnsatisfiableError } from './errors/auth-method-unsatisfiable-error.js';
55
+ import { TokenInvalidError } from './errors/token-invalid-error.js';
56
+ import { TokenRefreshError } from './errors/token-refresh-error.js';
57
+ import { TokenRevokedError } from './errors/token-revoked-error.js';
58
+ import { OAuthResponseError } from './oauth-response-error.js';
59
+ import { combineSignals } from './util.js';
60
+ export function isExpectedSessionError(err) {
61
+ return (err instanceof TokenRefreshError ||
62
+ err instanceof TokenRevokedError ||
63
+ err instanceof TokenInvalidError ||
64
+ err instanceof AuthMethodUnsatisfiableError ||
69
65
  // The stored session is invalid (e.g. missing properties) and cannot
70
66
  // be used properly
71
67
  err instanceof TypeError);
@@ -77,7 +73,7 @@ function isExpectedSessionError(err) {
77
73
  * contains the logic for reading from the cache which, if the cache is based on
78
74
  * localStorage/indexedDB, will sync across multiple tabs (for a given sub).
79
75
  */
80
- class SessionGetter extends simple_store_1.CachedGetter {
76
+ export class SessionGetter extends CachedGetter {
81
77
  constructor(sessionStore, serverFactory, runtime, hooks = {}) {
82
78
  super(async (sub, { signal }, storedSession) => {
83
79
  // There needs to be a previous session to be able to refresh. If
@@ -90,7 +86,7 @@ class SessionGetter extends simple_store_1.CachedGetter {
90
86
  // synchronization mechanism between instances of this class. Let's
91
87
  // make sure an event is dispatched here if this occurs.
92
88
  const msg = 'The session was deleted by another process';
93
- const cause = new token_refresh_error_js_1.TokenRefreshError(sub, msg);
89
+ const cause = new TokenRefreshError(sub, msg);
94
90
  await hooks.onDelete?.call(null, sub, cause);
95
91
  throw cause;
96
92
  }
@@ -100,10 +96,10 @@ class SessionGetter extends simple_store_1.CachedGetter {
100
96
  const { dpopKey, authMethod, tokenSet } = storedSession;
101
97
  if (sub !== tokenSet.sub) {
102
98
  // Fool-proofing (e.g. against invalid session storage)
103
- throw new token_refresh_error_js_1.TokenRefreshError(sub, 'Stored session sub mismatch');
99
+ throw new TokenRefreshError(sub, 'Stored session sub mismatch');
104
100
  }
105
101
  if (!tokenSet.refresh_token) {
106
- throw new token_refresh_error_js_1.TokenRefreshError(sub, 'No refresh token available');
102
+ throw new TokenRefreshError(sub, 'No refresh token available');
107
103
  }
108
104
  const server = await serverFactory.fromIssuer(tokenSet.iss, authMethod, dpopKey);
109
105
  // Because refresh tokens can only be used once, we must not use the
@@ -116,7 +112,7 @@ class SessionGetter extends simple_store_1.CachedGetter {
116
112
  const newTokenSet = await server.refresh(tokenSet);
117
113
  if (sub !== newTokenSet.sub) {
118
114
  // The server returned another sub. Was the tokenSet manipulated?
119
- throw new token_refresh_error_js_1.TokenRefreshError(sub, 'Token set sub mismatch');
115
+ throw new TokenRefreshError(sub, 'Token set sub mismatch');
120
116
  }
121
117
  return {
122
118
  dpopKey,
@@ -135,7 +131,7 @@ class SessionGetter extends simple_store_1.CachedGetter {
135
131
  // that is not always possible. Let's try to recover from concurrency
136
132
  // issues, or force the session to be deleted by throwing a
137
133
  // TokenRefreshError.
138
- if (cause instanceof oauth_response_error_js_1.OAuthResponseError &&
134
+ if (cause instanceof OAuthResponseError &&
139
135
  cause.status === 400 &&
140
136
  cause.error === 'invalid_grant') {
141
137
  // In case there is no lock implementation in the runtime, we will
@@ -152,7 +148,7 @@ class SessionGetter extends simple_store_1.CachedGetter {
152
148
  // purposes. Also, throwing a TokenRefreshError to trigger
153
149
  // deletion through the deleteOnError callback.
154
150
  const msg = 'The session was deleted by another process';
155
- throw new token_refresh_error_js_1.TokenRefreshError(sub, msg, { cause });
151
+ throw new TokenRefreshError(sub, msg, { cause });
156
152
  }
157
153
  else if (stored.tokenSet.access_token !== tokenSet.access_token ||
158
154
  stored.tokenSet.refresh_token !== tokenSet.refresh_token) {
@@ -166,7 +162,7 @@ class SessionGetter extends simple_store_1.CachedGetter {
166
162
  }
167
163
  // Make sure the session gets deleted from the store
168
164
  const msg = cause.errorDescription ?? 'The session was revoked';
169
- throw new token_refresh_error_js_1.TokenRefreshError(sub, msg, { cause });
165
+ throw new TokenRefreshError(sub, msg, { cause });
170
166
  }
171
167
  throw cause;
172
168
  }
@@ -203,18 +199,8 @@ class SessionGetter extends simple_store_1.CachedGetter {
203
199
  },
204
200
  deleteOnError: isExpectedSessionError,
205
201
  });
206
- Object.defineProperty(this, "runtime", {
207
- enumerable: true,
208
- configurable: true,
209
- writable: true,
210
- value: runtime
211
- });
212
- Object.defineProperty(this, "hooks", {
213
- enumerable: true,
214
- configurable: true,
215
- writable: true,
216
- value: hooks
217
- });
202
+ this.runtime = runtime;
203
+ this.hooks = hooks;
218
204
  }
219
205
  async getStored(sub, options) {
220
206
  return super.getStored(sub, options);
@@ -242,7 +228,7 @@ class SessionGetter extends simple_store_1.CachedGetter {
242
228
  // Make sure, even if there is no signal in the options, that the
243
229
  // request will be cancelled after at most 30 seconds.
244
230
  const signal = AbortSignal.timeout(30e3);
245
- const abortController = __addDisposableResource(env_1, (0, util_js_1.combineSignals)([options?.signal, signal]), false);
231
+ const abortController = __addDisposableResource(env_1, combineSignals([options?.signal, signal]), false);
246
232
  return await super.get(sub, {
247
233
  ...options,
248
234
  signal: abortController.signal,
@@ -275,5 +261,4 @@ class SessionGetter extends simple_store_1.CachedGetter {
275
261
  });
276
262
  }
277
263
  }
278
- exports.SessionGetter = SessionGetter;
279
264
  //# sourceMappingURL=session-getter.js.map
package/dist/session-getter.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"session-getter.js","sourceRoot":"","sources":["../src/session-getter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmCA,wDAUC;AA3CD,6DAKmC;AACnC,oGAA0F;AAC1F,4EAAmE;AACnE,4EAAmE;AACnE,4EAAmE;AAEnE,uEAA8D;AAI9D,uCAA0C;AAkB1C,SAAgB,sBAAsB,CAAC,GAAY;IACjD,OAAO,CACL,GAAG,YAAY,0CAAiB;QAChC,GAAG,YAAY,0CAAiB;QAChC,GAAG,YAAY,0CAAiB;QAChC,GAAG,YAAY,iEAA4B;QAC3C,qEAAqE;QACrE,mBAAmB;QACnB,GAAG,YAAY,SAAS,CACzB,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAa,aAAc,SAAQ,2BAAiC;IAClE,YACE,YAA0B,EAC1B,aAAiC,EAChB,OAAgB,EAChB,QAAsB,EAAE;QAEzC,KAAK,CACH,KAAK,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,EAAE,aAAa,EAAE,EAAE;YACvC,iEAAiE;YACjE,uEAAuE;YACvE,+BAA+B;YAC/B,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAChC,mEAAmE;gBACnE,iEAAiE;gBACjE,iEAAiE;gBACjE,mEAAmE;gBACnE,wDAAwD;gBACxD,MAAM,GAAG,GAAG,4CAA4C,CAAA;gBACxD,MAAM,KAAK,GAAG,IAAI,0CAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC7C,MAAM,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;gBAC5C,MAAM,KAAK,CAAA;YACb,CAAC;YAED,uEAAuE;YACvE,sEAAsE;YACtE,UAAU;YAEV,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAA;YAEvD,IAAI,GAAG,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;gBACzB,uDAAuD;gBACvD,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAA;YACjE,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;gBAC5B,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAA;YAChE,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAC3C,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,CACR,CAAA;YAED,oEAAoE;YACpE,sEAAsE;YACtE,6DAA6D;YAC7D,8DAA8D;YAC9D,8DAA8D;YAC9D,MAAM,EAAE,cAAc,EAAE,CAAA;YAExB,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;gBAElD,IAAI,GAAG,KAAK,WAAW,CAAC,GAAG,EAAE,CAAC;oBAC5B,iEAAiE;oBACjE,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,wBAAwB,CAAC,CAAA;gBAC5D,CAAC;gBAED,OAAO;oBACL,OAAO;oBACP,QAAQ,EAAE,WAAW;oBACrB,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B,CAAA;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,gEAAgE;gBAChE,mEAAmE;gBACnE,kEAAkE;gBAClE,oEAAoE;gBACpE,mEAAmE;gBACnE,mEAAmE;gBACnE,qEAAqE;gBACrE,qEAAqE;gBACrE,2DAA2D;gBAC3D,qBAAqB;gBACrB,IACE,KAAK,YAAY,4CAAkB;oBACnC,KAAK,CAAC,MAAM,KAAK,GAAG;oBACpB,KAAK,CAAC,KAAK,KAAK,eAAe,EAC/B,CAAC;oBACD,kEAAkE;oBAClE,iEAAiE;oBACjE,kEAAkE;oBAClE,8DAA8D;oBAC9D,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;wBACnC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAA;wBAE7C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;wBACxC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;4BACzB,6DAA6D;4BAC7D,sDAAsD;4BAEtD,sDAAsD;4BACtD,0DAA0D;4BAC1D,+CAA+C;4BAC/C,MAAM,GAAG,GAAG,4CAA4C,CAAA;4BACxD,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;wBAClD,CAAC;6BAAM,IACL,MAAM,CAAC,QAAQ,CAAC,YAAY,KAAK,QAAQ,CAAC,YAAY;4BACtD,MAAM,CAAC,QAAQ,CAAC,aAAa,KAAK,QAAQ,CAAC,aAAa,EACxD,CAAC;4BACD,6DAA6D;4BAC7D,OAAO,MAAM,CAAA;wBACf,CAAC;6BAAM,CAAC;4BACN,0DAA0D;4BAC1D,0BAA0B;wBAC5B,CAAC;oBACH,CAAC;oBAED,oDAAoD;oBACpD,MAAM,GAAG,GAAG,KAAK,CAAC,gBAAgB,IAAI,yBAAyB,CAAA;oBAC/D,MAAM,IAAI,0CAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;gBAClD,CAAC;gBAED,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC,EACD,YAAY,EACZ;YACE,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;gBAC7B,OAAO,CACL,QAAQ,CAAC,UAAU,IAAI,IAAI;oBAC3B,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;wBACrC,IAAI,CAAC,GAAG,EAAE;4BACR,8DAA8D;4BAC9D,sBAAsB;4BACtB,IAAI;4BACJ,wDAAwD;4BACxD,qDAAqD;4BACrD,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,CACzB,CAAA;YACH,CAAC;YACD,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE;gBAClE,sDAAsD;gBACtD,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAC3C,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,CACR,CAAA;oBACD,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAA;gBACtE,CAAC;gBAAC,MAAM,CAAC;oBACP,uBAAuB;gBACzB,CAAC;gBAED,qEAAqE;gBACrE,qDAAqD;gBACrD,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBAChC,CAAC;gBAAC,MAAM,CAAC;oBACP,0DAA0D;gBAC5D,CAAC;gBAED,MAAM,GAAG,CAAA;YACX,CAAC;YACD,aAAa,EAAE,sBAAsB;SACtC,CACF,CAAA;QA1JD;;;;mBAAiB,OAAO;WAAS;QACjC;;;;mBAAiB,KAAK;WAAmB;IA0J3C,CAAC;IAEQ,KAAK,CAAC,SAAS,CACtB,GAAe,EACf,OAAoB;QAEpB,OAAO,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACtC,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,GAAe,EAAE,OAAgB;QACxD,0CAA0C;QAC1C,IAAI,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;QAClE,CAAC;QACD,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QACnC,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IACrD,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,GAAe,EAAE,KAAe;QACvD,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;QACjC,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACnD,CAAC;IAED;;;OAGG;IACM,KAAK,CAAC,GAAG,CAChB,GAAe,EACf,OAA0B;QAE1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAC1C,yBAAyB,GAAG,EAAE,EAC9B,KAAK,IAAI,EAAE;;;gBACT,iEAAiE;gBACjE,sDAAsD;gBACtD,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;gBAExC,MAAM,eAAe,kCAAG,IAAA,wBAAc,EAAC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,QAAA,CAAA;gBAEjE,OAAO,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;oBAC1B,GAAG,OAAO;oBACV,MAAM,EAAE,eAAe,CAAC,MAAM;iBAC/B,CAAC,CAAA;;;;;;;;;SACH,CACF,CAAA;QAED,IAAI,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjC,uDAAuD;YACvD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;QAC9D,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CAAC,GAAe,EAAE,UAA4B,MAAM;QAClE,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;YACnB,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;IACJ,CAAC;CACF;AAlOD,sCAkOC","sourcesContent":["import { AtprotoDid } from '@atproto/did'\nimport { Key } from '@atproto/jwk'\nimport {\n CachedGetter,\n GetCachedOptions,\n GetOptions,\n SimpleStore,\n} from '@atproto-labs/simple-store'\nimport { AuthMethodUnsatisfiableError } from './errors/auth-method-unsatisfiable-error.js'\nimport { TokenInvalidError } from './errors/token-invalid-error.js'\nimport { TokenRefreshError } from './errors/token-refresh-error.js'\nimport { TokenRevokedError } from './errors/token-revoked-error.js'\nimport { ClientAuthMethod } from './oauth-client-auth.js'\nimport { OAuthResponseError } from './oauth-response-error.js'\nimport { TokenSet } from './oauth-server-agent.js'\nimport { OAuthServerFactory } from './oauth-server-factory.js'\nimport { Runtime } from './runtime.js'\nimport { combineSignals } from './util.js'\n\nexport type Session = {\n dpopKey: Key\n authMethod: ClientAuthMethod\n tokenSet: TokenSet\n}\n\nexport type SessionStore = SimpleStore<string, Session>\n\nexport type SessionHooks = {\n onUpdate?: (sub: AtprotoDid, session: Session) => void\n onDelete?: (\n sub: AtprotoDid,\n cause: TokenRefreshError | TokenRevokedError | TokenInvalidError | unknown,\n ) => void\n}\n\nexport function isExpectedSessionError(err: unknown) {\n return (\n err instanceof TokenRefreshError ||\n err instanceof TokenRevokedError ||\n err instanceof TokenInvalidError ||\n err instanceof AuthMethodUnsatisfiableError ||\n // The stored session is invalid (e.g. missing properties) and cannot\n // be used properly\n err instanceof TypeError\n )\n}\n\n/**\n * There are several advantages to wrapping the sessionStore in a (single)\n * CachedGetter, the main of which is that the cached getter will ensure that at\n * most one fresh call is ever being made. Another advantage, is that it\n * contains the logic for reading from the cache which, if the cache is based on\n * localStorage/indexedDB, will sync across multiple tabs (for a given sub).\n */\nexport class SessionGetter extends CachedGetter<AtprotoDid, Session> {\n constructor(\n sessionStore: SessionStore,\n serverFactory: OAuthServerFactory,\n private readonly runtime: Runtime,\n private readonly hooks: SessionHooks = {},\n ) {\n super(\n async (sub, { signal }, storedSession) => {\n // There needs to be a previous session to be able to refresh. If\n // storedSession is undefined, it means that the store does not contain\n // a session for the given sub.\n if (storedSession === undefined) {\n // Because the session is not in the store, this.delStored() method\n // will not be called by the CachedGetter class (because there is\n // nothing to delete). This would typically happen if there is no\n // synchronization mechanism between instances of this class. Let's\n // make sure an event is dispatched here if this occurs.\n const msg = 'The session was deleted by another process'\n const cause = new TokenRefreshError(sub, msg)\n await hooks.onDelete?.call(null, sub, cause)\n throw cause\n }\n\n // @NOTE Throwing a TokenRefreshError (or any other error class defined\n // in the deleteOnError options) will result in this.delStored() being\n // called.\n\n const { dpopKey, authMethod, tokenSet } = storedSession\n\n if (sub !== tokenSet.sub) {\n // Fool-proofing (e.g. against invalid session storage)\n throw new TokenRefreshError(sub, 'Stored session sub mismatch')\n }\n\n if (!tokenSet.refresh_token) {\n throw new TokenRefreshError(sub, 'No refresh token available')\n }\n\n const server = await serverFactory.fromIssuer(\n tokenSet.iss,\n authMethod,\n dpopKey,\n )\n\n // Because refresh tokens can only be used once, we must not use the\n // \"signal\" to abort the refresh, or throw any abort error beyond this\n // point. Any thrown error beyond this point will prevent the\n // TokenGetter from obtaining, and storing, the new token set,\n // effectively rendering the currently saved session unusable.\n signal?.throwIfAborted()\n\n try {\n const newTokenSet = await server.refresh(tokenSet)\n\n if (sub !== newTokenSet.sub) {\n // The server returned another sub. Was the tokenSet manipulated?\n throw new TokenRefreshError(sub, 'Token set sub mismatch')\n }\n\n return {\n dpopKey,\n tokenSet: newTokenSet,\n authMethod: server.authMethod,\n }\n } catch (cause) {\n // Since refresh tokens can only be used once, we might run into\n // concurrency issues if multiple instances (e.g. browser tabs) are\n // trying to refresh the same token simultaneously. The chances of\n // this happening when multiple instances are started simultaneously\n // is reduced by randomizing the expiry time (see isStale() below).\n // The best solution is to use a mutex/lock to ensure that only one\n // instance is refreshing the token at a time (runtime.usingLock) but\n // that is not always possible. Let's try to recover from concurrency\n // issues, or force the session to be deleted by throwing a\n // TokenRefreshError.\n if (\n cause instanceof OAuthResponseError &&\n cause.status === 400 &&\n cause.error === 'invalid_grant'\n ) {\n // In case there is no lock implementation in the runtime, we will\n // wait for a short time to give the other concurrent instances a\n // chance to finish their refreshing of the token. If a concurrent\n // refresh did occur, we will pretend that this one succeeded.\n if (!runtime.hasImplementationLock) {\n await new Promise((r) => setTimeout(r, 1000))\n\n const stored = await this.getStored(sub)\n if (stored === undefined) {\n // A concurrent refresh occurred and caused the session to be\n // deleted (for a reason we can't know at this point).\n\n // Using a distinct error message mainly for debugging\n // purposes. Also, throwing a TokenRefreshError to trigger\n // deletion through the deleteOnError callback.\n const msg = 'The session was deleted by another process'\n throw new TokenRefreshError(sub, msg, { cause })\n } else if (\n stored.tokenSet.access_token !== tokenSet.access_token ||\n stored.tokenSet.refresh_token !== tokenSet.refresh_token\n ) {\n // A concurrent refresh occurred. Pretend this one succeeded.\n return stored\n } else {\n // There were no concurrent refresh. The token is (likely)\n // simply no longer valid.\n }\n }\n\n // Make sure the session gets deleted from the store\n const msg = cause.errorDescription ?? 'The session was revoked'\n throw new TokenRefreshError(sub, msg, { cause })\n }\n\n throw cause\n }\n },\n sessionStore,\n {\n isStale: (sub, { tokenSet }) => {\n return (\n tokenSet.expires_at != null &&\n new Date(tokenSet.expires_at).getTime() <\n Date.now() +\n // Add some lee way to ensure the token is not expired when it\n // reaches the server.\n 10e3 +\n // Add some randomness to reduce the chances of multiple\n // instances trying to refresh the token at the same.\n 30e3 * Math.random()\n )\n },\n onStoreError: async (err, sub, { tokenSet, dpopKey, authMethod }) => {\n // If the token data cannot be stored, let's revoke it\n try {\n const server = await serverFactory.fromIssuer(\n tokenSet.iss,\n authMethod,\n dpopKey,\n )\n await server.revoke(tokenSet.refresh_token ?? tokenSet.access_token)\n } catch {\n // At least we tried...\n }\n\n // Attempt to delete the session from the store. Note that this might\n // fail if the store is not available, which is fine.\n try {\n await this.delStored(sub, err)\n } catch {\n // Ignore (better to propagate the original storage error)\n }\n\n throw err\n },\n deleteOnError: isExpectedSessionError,\n },\n )\n }\n\n override async getStored(\n sub: AtprotoDid,\n options?: GetOptions,\n ): Promise<Session | undefined> {\n return super.getStored(sub, options)\n }\n\n override async setStored(sub: AtprotoDid, session: Session) {\n // Prevent tampering with the stored value\n if (sub !== session.tokenSet.sub) {\n throw new TypeError('Token set does not match the expected sub')\n }\n await super.setStored(sub, session)\n await this.hooks.onUpdate?.call(null, sub, session)\n }\n\n override async delStored(sub: AtprotoDid, cause?: unknown): Promise<void> {\n await super.delStored(sub, cause)\n await this.hooks.onDelete?.call(null, sub, cause)\n }\n\n /**\n * @deprecated Use {@link getSession} instead\n * @internal (not really deprecated)\n */\n override async get(\n sub: AtprotoDid,\n options?: GetCachedOptions,\n ): Promise<Session> {\n const session = await this.runtime.usingLock(\n `@atproto-oauth-client-${sub}`,\n async () => {\n // Make sure, even if there is no signal in the options, that the\n // request will be cancelled after at most 30 seconds.\n const signal = AbortSignal.timeout(30e3)\n\n using abortController = combineSignals([options?.signal, signal])\n\n return await super.get(sub, {\n ...options,\n signal: abortController.signal,\n })\n },\n )\n\n if (sub !== session.tokenSet.sub) {\n // Fool-proofing (e.g. against invalid session storage)\n throw new Error('Token set does not match the expected sub')\n }\n\n return session\n }\n\n /**\n * @param refresh When `true`, the credentials will be refreshed even if they\n * are not expired. When `false`, the credentials will not be refreshed even\n * if they are expired. When `undefined`, the credentials will be refreshed\n * if, and only if, they are (about to be) expired. Defaults to `undefined`.\n */\n async getSession(sub: AtprotoDid, refresh: boolean | 'auto' = 'auto') {\n return this.get(sub, {\n noCache: refresh === true,\n allowStale: refresh === false,\n })\n }\n}\n"]}
1
+ {"version":3,"file":"session-getter.js","sourceRoot":"","sources":["../src/session-getter.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,OAAO,EACL,YAAY,GAIb,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,4BAA4B,EAAE,MAAM,6CAA6C,CAAA;AAC1F,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AAEnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAA;AAI9D,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAkB1C,MAAM,UAAU,sBAAsB,CAAC,GAAY;IACjD,OAAO,CACL,GAAG,YAAY,iBAAiB;QAChC,GAAG,YAAY,iBAAiB;QAChC,GAAG,YAAY,iBAAiB;QAChC,GAAG,YAAY,4BAA4B;QAC3C,qEAAqE;QACrE,mBAAmB;QACnB,GAAG,YAAY,SAAS,CACzB,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,aAAc,SAAQ,YAAiC;IAClE,YACE,YAA0B,EAC1B,aAAiC,EAChB,OAAgB,EAChB,QAAsB,EAAE;QAEzC,KAAK,CACH,KAAK,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,EAAE,aAAa,EAAE,EAAE;YACvC,iEAAiE;YACjE,uEAAuE;YACvE,+BAA+B;YAC/B,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBAChC,mEAAmE;gBACnE,iEAAiE;gBACjE,iEAAiE;gBACjE,mEAAmE;gBACnE,wDAAwD;gBACxD,MAAM,GAAG,GAAG,4CAA4C,CAAA;gBACxD,MAAM,KAAK,GAAG,IAAI,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC7C,MAAM,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;gBAC5C,MAAM,KAAK,CAAA;YACb,CAAC;YAED,uEAAuE;YACvE,sEAAsE;YACtE,UAAU;YAEV,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,aAAa,CAAA;YAEvD,IAAI,GAAG,KAAK,QAAQ,CAAC,GAAG,EAAE,CAAC;gBACzB,uDAAuD;gBACvD,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAA;YACjE,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;gBAC5B,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAA;YAChE,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAC3C,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,CACR,CAAA;YAED,oEAAoE;YACpE,sEAAsE;YACtE,6DAA6D;YAC7D,8DAA8D;YAC9D,8DAA8D;YAC9D,MAAM,EAAE,cAAc,EAAE,CAAA;YAExB,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;gBAElD,IAAI,GAAG,KAAK,WAAW,CAAC,GAAG,EAAE,CAAC;oBAC5B,iEAAiE;oBACjE,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,wBAAwB,CAAC,CAAA;gBAC5D,CAAC;gBAED,OAAO;oBACL,OAAO;oBACP,QAAQ,EAAE,WAAW;oBACrB,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B,CAAA;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,gEAAgE;gBAChE,mEAAmE;gBACnE,kEAAkE;gBAClE,oEAAoE;gBACpE,mEAAmE;gBACnE,mEAAmE;gBACnE,qEAAqE;gBACrE,qEAAqE;gBACrE,2DAA2D;gBAC3D,qBAAqB;gBACrB,IACE,KAAK,YAAY,kBAAkB;oBACnC,KAAK,CAAC,MAAM,KAAK,GAAG;oBACpB,KAAK,CAAC,KAAK,KAAK,eAAe,EAC/B,CAAC;oBACD,kEAAkE;oBAClE,iEAAiE;oBACjE,kEAAkE;oBAClE,8DAA8D;oBAC9D,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC;wBACnC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAA;wBAE7C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;wBACxC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;4BACzB,6DAA6D;4BAC7D,sDAAsD;4BAEtD,sDAAsD;4BACtD,0DAA0D;4BAC1D,+CAA+C;4BAC/C,MAAM,GAAG,GAAG,4CAA4C,CAAA;4BACxD,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;wBAClD,CAAC;6BAAM,IACL,MAAM,CAAC,QAAQ,CAAC,YAAY,KAAK,QAAQ,CAAC,YAAY;4BACtD,MAAM,CAAC,QAAQ,CAAC,aAAa,KAAK,QAAQ,CAAC,aAAa,EACxD,CAAC;4BACD,6DAA6D;4BAC7D,OAAO,MAAM,CAAA;wBACf,CAAC;6BAAM,CAAC;4BACN,0DAA0D;4BAC1D,0BAA0B;wBAC5B,CAAC;oBACH,CAAC;oBAED,oDAAoD;oBACpD,MAAM,GAAG,GAAG,KAAK,CAAC,gBAAgB,IAAI,yBAAyB,CAAA;oBAC/D,MAAM,IAAI,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;gBAClD,CAAC;gBAED,MAAM,KAAK,CAAA;YACb,CAAC;QACH,CAAC,EACD,YAAY,EACZ;YACE,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;gBAC7B,OAAO,CACL,QAAQ,CAAC,UAAU,IAAI,IAAI;oBAC3B,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;wBACrC,IAAI,CAAC,GAAG,EAAE;4BACR,8DAA8D;4BAC9D,sBAAsB;4BACtB,IAAI;4BACJ,wDAAwD;4BACxD,qDAAqD;4BACrD,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,CACzB,CAAA;YACH,CAAC;YACD,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE;gBAClE,sDAAsD;gBACtD,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAC3C,QAAQ,CAAC,GAAG,EACZ,UAAU,EACV,OAAO,CACR,CAAA;oBACD,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAA;gBACtE,CAAC;gBAAC,MAAM,CAAC;oBACP,uBAAuB;gBACzB,CAAC;gBAED,qEAAqE;gBACrE,qDAAqD;gBACrD,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBAChC,CAAC;gBAAC,MAAM,CAAC;oBACP,0DAA0D;gBAC5D,CAAC;gBAED,MAAM,GAAG,CAAA;YACX,CAAC;YACD,aAAa,EAAE,sBAAsB;SACtC,CACF,CAAA;QA1JgB,YAAO,GAAP,OAAO,CAAS;QAChB,UAAK,GAAL,KAAK,CAAmB;IA0J3C,CAAC;IAEQ,KAAK,CAAC,SAAS,CACtB,GAAe,EACf,OAAoB;QAEpB,OAAO,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACtC,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,GAAe,EAAE,OAAgB;QACxD,0CAA0C;QAC1C,IAAI,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,SAAS,CAAC,2CAA2C,CAAC,CAAA;QAClE,CAAC;QACD,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QACnC,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IACrD,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,GAAe,EAAE,KAAe;QACvD,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;QACjC,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACnD,CAAC;IAED;;;OAGG;IACM,KAAK,CAAC,GAAG,CAChB,GAAe,EACf,OAA0B;QAE1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAC1C,yBAAyB,GAAG,EAAE,EAC9B,KAAK,IAAI,EAAE;;;gBACT,iEAAiE;gBACjE,sDAAsD;gBACtD,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;gBAExC,MAAM,eAAe,kCAAG,cAAc,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,QAAA,CAAA;gBAEjE,OAAO,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;oBAC1B,GAAG,OAAO;oBACV,MAAM,EAAE,eAAe,CAAC,MAAM;iBAC/B,CAAC,CAAA;;;;;;;;;SACH,CACF,CAAA;QAED,IAAI,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;YACjC,uDAAuD;YACvD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;QAC9D,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CAAC,GAAe,EAAE,UAA4B,MAAM;QAClE,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE;YACnB,OAAO,EAAE,OAAO,KAAK,IAAI;YACzB,UAAU,EAAE,OAAO,KAAK,KAAK;SAC9B,CAAC,CAAA;IACJ,CAAC;CACF","sourcesContent":["import { AtprotoDid } from '@atproto/did'\nimport { Key } from '@atproto/jwk'\nimport {\n CachedGetter,\n GetCachedOptions,\n GetOptions,\n SimpleStore,\n} from '@atproto-labs/simple-store'\nimport { AuthMethodUnsatisfiableError } from './errors/auth-method-unsatisfiable-error.js'\nimport { TokenInvalidError } from './errors/token-invalid-error.js'\nimport { TokenRefreshError } from './errors/token-refresh-error.js'\nimport { TokenRevokedError } from './errors/token-revoked-error.js'\nimport { ClientAuthMethod } from './oauth-client-auth.js'\nimport { OAuthResponseError } from './oauth-response-error.js'\nimport { TokenSet } from './oauth-server-agent.js'\nimport { OAuthServerFactory } from './oauth-server-factory.js'\nimport { Runtime } from './runtime.js'\nimport { combineSignals } from './util.js'\n\nexport type Session = {\n dpopKey: Key\n authMethod: ClientAuthMethod\n tokenSet: TokenSet\n}\n\nexport type SessionStore = SimpleStore<string, Session>\n\nexport type SessionHooks = {\n onUpdate?: (sub: AtprotoDid, session: Session) => void\n onDelete?: (\n sub: AtprotoDid,\n cause: TokenRefreshError | TokenRevokedError | TokenInvalidError | unknown,\n ) => void\n}\n\nexport function isExpectedSessionError(err: unknown) {\n return (\n err instanceof TokenRefreshError ||\n err instanceof TokenRevokedError ||\n err instanceof TokenInvalidError ||\n err instanceof AuthMethodUnsatisfiableError ||\n // The stored session is invalid (e.g. missing properties) and cannot\n // be used properly\n err instanceof TypeError\n )\n}\n\n/**\n * There are several advantages to wrapping the sessionStore in a (single)\n * CachedGetter, the main of which is that the cached getter will ensure that at\n * most one fresh call is ever being made. Another advantage, is that it\n * contains the logic for reading from the cache which, if the cache is based on\n * localStorage/indexedDB, will sync across multiple tabs (for a given sub).\n */\nexport class SessionGetter extends CachedGetter<AtprotoDid, Session> {\n constructor(\n sessionStore: SessionStore,\n serverFactory: OAuthServerFactory,\n private readonly runtime: Runtime,\n private readonly hooks: SessionHooks = {},\n ) {\n super(\n async (sub, { signal }, storedSession) => {\n // There needs to be a previous session to be able to refresh. If\n // storedSession is undefined, it means that the store does not contain\n // a session for the given sub.\n if (storedSession === undefined) {\n // Because the session is not in the store, this.delStored() method\n // will not be called by the CachedGetter class (because there is\n // nothing to delete). This would typically happen if there is no\n // synchronization mechanism between instances of this class. Let's\n // make sure an event is dispatched here if this occurs.\n const msg = 'The session was deleted by another process'\n const cause = new TokenRefreshError(sub, msg)\n await hooks.onDelete?.call(null, sub, cause)\n throw cause\n }\n\n // @NOTE Throwing a TokenRefreshError (or any other error class defined\n // in the deleteOnError options) will result in this.delStored() being\n // called.\n\n const { dpopKey, authMethod, tokenSet } = storedSession\n\n if (sub !== tokenSet.sub) {\n // Fool-proofing (e.g. against invalid session storage)\n throw new TokenRefreshError(sub, 'Stored session sub mismatch')\n }\n\n if (!tokenSet.refresh_token) {\n throw new TokenRefreshError(sub, 'No refresh token available')\n }\n\n const server = await serverFactory.fromIssuer(\n tokenSet.iss,\n authMethod,\n dpopKey,\n )\n\n // Because refresh tokens can only be used once, we must not use the\n // \"signal\" to abort the refresh, or throw any abort error beyond this\n // point. Any thrown error beyond this point will prevent the\n // TokenGetter from obtaining, and storing, the new token set,\n // effectively rendering the currently saved session unusable.\n signal?.throwIfAborted()\n\n try {\n const newTokenSet = await server.refresh(tokenSet)\n\n if (sub !== newTokenSet.sub) {\n // The server returned another sub. Was the tokenSet manipulated?\n throw new TokenRefreshError(sub, 'Token set sub mismatch')\n }\n\n return {\n dpopKey,\n tokenSet: newTokenSet,\n authMethod: server.authMethod,\n }\n } catch (cause) {\n // Since refresh tokens can only be used once, we might run into\n // concurrency issues if multiple instances (e.g. browser tabs) are\n // trying to refresh the same token simultaneously. The chances of\n // this happening when multiple instances are started simultaneously\n // is reduced by randomizing the expiry time (see isStale() below).\n // The best solution is to use a mutex/lock to ensure that only one\n // instance is refreshing the token at a time (runtime.usingLock) but\n // that is not always possible. Let's try to recover from concurrency\n // issues, or force the session to be deleted by throwing a\n // TokenRefreshError.\n if (\n cause instanceof OAuthResponseError &&\n cause.status === 400 &&\n cause.error === 'invalid_grant'\n ) {\n // In case there is no lock implementation in the runtime, we will\n // wait for a short time to give the other concurrent instances a\n // chance to finish their refreshing of the token. If a concurrent\n // refresh did occur, we will pretend that this one succeeded.\n if (!runtime.hasImplementationLock) {\n await new Promise((r) => setTimeout(r, 1000))\n\n const stored = await this.getStored(sub)\n if (stored === undefined) {\n // A concurrent refresh occurred and caused the session to be\n // deleted (for a reason we can't know at this point).\n\n // Using a distinct error message mainly for debugging\n // purposes. Also, throwing a TokenRefreshError to trigger\n // deletion through the deleteOnError callback.\n const msg = 'The session was deleted by another process'\n throw new TokenRefreshError(sub, msg, { cause })\n } else if (\n stored.tokenSet.access_token !== tokenSet.access_token ||\n stored.tokenSet.refresh_token !== tokenSet.refresh_token\n ) {\n // A concurrent refresh occurred. Pretend this one succeeded.\n return stored\n } else {\n // There were no concurrent refresh. The token is (likely)\n // simply no longer valid.\n }\n }\n\n // Make sure the session gets deleted from the store\n const msg = cause.errorDescription ?? 'The session was revoked'\n throw new TokenRefreshError(sub, msg, { cause })\n }\n\n throw cause\n }\n },\n sessionStore,\n {\n isStale: (sub, { tokenSet }) => {\n return (\n tokenSet.expires_at != null &&\n new Date(tokenSet.expires_at).getTime() <\n Date.now() +\n // Add some lee way to ensure the token is not expired when it\n // reaches the server.\n 10e3 +\n // Add some randomness to reduce the chances of multiple\n // instances trying to refresh the token at the same.\n 30e3 * Math.random()\n )\n },\n onStoreError: async (err, sub, { tokenSet, dpopKey, authMethod }) => {\n // If the token data cannot be stored, let's revoke it\n try {\n const server = await serverFactory.fromIssuer(\n tokenSet.iss,\n authMethod,\n dpopKey,\n )\n await server.revoke(tokenSet.refresh_token ?? tokenSet.access_token)\n } catch {\n // At least we tried...\n }\n\n // Attempt to delete the session from the store. Note that this might\n // fail if the store is not available, which is fine.\n try {\n await this.delStored(sub, err)\n } catch {\n // Ignore (better to propagate the original storage error)\n }\n\n throw err\n },\n deleteOnError: isExpectedSessionError,\n },\n )\n }\n\n override async getStored(\n sub: AtprotoDid,\n options?: GetOptions,\n ): Promise<Session | undefined> {\n return super.getStored(sub, options)\n }\n\n override async setStored(sub: AtprotoDid, session: Session) {\n // Prevent tampering with the stored value\n if (sub !== session.tokenSet.sub) {\n throw new TypeError('Token set does not match the expected sub')\n }\n await super.setStored(sub, session)\n await this.hooks.onUpdate?.call(null, sub, session)\n }\n\n override async delStored(sub: AtprotoDid, cause?: unknown): Promise<void> {\n await super.delStored(sub, cause)\n await this.hooks.onDelete?.call(null, sub, cause)\n }\n\n /**\n * @deprecated Use {@link getSession} instead\n * @internal (not really deprecated)\n */\n override async get(\n sub: AtprotoDid,\n options?: GetCachedOptions,\n ): Promise<Session> {\n const session = await this.runtime.usingLock(\n `@atproto-oauth-client-${sub}`,\n async () => {\n // Make sure, even if there is no signal in the options, that the\n // request will be cancelled after at most 30 seconds.\n const signal = AbortSignal.timeout(30e3)\n\n using abortController = combineSignals([options?.signal, signal])\n\n return await super.get(sub, {\n ...options,\n signal: abortController.signal,\n })\n },\n )\n\n if (sub !== session.tokenSet.sub) {\n // Fool-proofing (e.g. against invalid session storage)\n throw new Error('Token set does not match the expected sub')\n }\n\n return session\n }\n\n /**\n * @param refresh When `true`, the credentials will be refreshed even if they\n * are not expired. When `false`, the credentials will not be refreshed even\n * if they are expired. When `undefined`, the credentials will be refreshed\n * if, and only if, they are (about to be) expired. Defaults to `undefined`.\n */\n async getSession(sub: AtprotoDid, refresh: boolean | 'auto' = 'auto') {\n return this.get(sub, {\n noCache: refresh === true,\n allowStale: refresh === false,\n })\n }\n}\n"]}
package/dist/state-store.js CHANGED
@@ -1,3 +1,2 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
1
+ export {};
3
2
  //# sourceMappingURL=state-store.js.map
package/dist/types.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAC/B,OAAO,EACL,mCAAmC,EAIpC,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AAMpC,MAAM,MAAM,gBAAgB,GAAG,QAAQ,CACrC,IAAI,CACF,mCAAmC,EACjC,WAAW,GACX,eAAe,GACf,eAAe,GACf,YAAY,GACZ,gBAAgB,GAChB,uBAAuB,CAC1B,GAAG;IACF,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB,CACF,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,QAAQ,CACpC,OAAO,CAAC,IAAI,CAAC,mCAAmC,EAAE,cAAc,CAAC,CAAC,CACnE,CAAA;AAED,eAAO,MAAM,oBAAoB;mBAhBjB,EAAG,QAAQ,CAAC,EAAE,UAAU,CACpC,EAAA,SAAO;oBAaX,EAEA,UAAU,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;iBAO7B,EAAG,UAAU,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO;WACkJ,EAAG,WAAW,CAAC,EAAE,UAAU,CAAC,EAAE,SAAS;gCAAmD,EAAG,UAAU,CAAC,EAAE,OAAO;qCAAwL,EAAG,WAAW,CAAC,EAAE,SAAS;kCAAoC,EAAG,WAAW,CAAC,EAAE,SAAS;qCAAuC,EAAG,WAAW,CAAC,EAAE,SAAS;cAAgB,EAAG,WAAW,CAAC,EAAE,UAAU,CAAC,EAAE,SAAS;UAAsW,EAAG,WAAW,CAAC,EAAE,SAAS;cAAgB,EAAG,UAAU,CAAC,EAAE,QAAQ,CAAC,EAAE,UAAU;;;;eAAqG,CAAC;eAAwF,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;aAAmC,CAAC;aAAmC,CAAC;cAAoC,CAAC;cAAoC,CAAC;cAAoC,CAAC;eAAqC,CAAC;iBAAqB,CAAC;iBAAuC,CAAC;iBAAuC,CAAC;;;;;;;;;eAA0P,CAAC;eAA0D,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;;eAA6M,CAAC;eAAuC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;eAA+L,CAAC;eAAsC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;aAAwG,CAAC;;gBAAkD,EAAG,UAAU;;;;;eAA4G,CAAC;eAAwF,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;aAAmC,CAAC;aAAmC,CAAC;cAAoC,CAAC;cAAoC,CAAC;cAAoC,CAAC;eAAqC,CAAC;iBAAqB,CAAC;iBAAuC,CAAC;iBAAuC,CAAC;;;;;;;;;eAA0P,CAAC;eAA0D,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;;eAA6M,CAAC;eAAuC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;eAA+L,CAAC;eAAsC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;aAAwG,CAAC;;;;;sBAAuF,EAAG,UAAU,CAAC,EAAE,OAAO;kBAAuC,EAAG,UAAU,CAAC,EAAE,OAAO;gCAA0D,EAAG,WAAW,CAAC,EAAE,SAAS;kCAAoC,EAAG,WAAW,CAAC,EAAE,SAAS;uCAAyC,EAAG,UAAU,CAAC,EAAE,SAAS;0CAA4C,EAAG,WAAW,CAAC,EAAE,OAAO;0CAA+D,EAAG,WAAW,CAAC,EAAE,SAAS;eAAiB,EAAG,WAAW,CAAC,EAAE,SAAS;iBAAmB,EAAG,WAAW,CAAC,EAAE,SAAS;gBAAkB,EAAG,WAAW,CAAC,EAAE,UAAU,CAAC,EAAE,SAAS;gBAA4W,EAAG,WAAW,CAAC,EAAE,UAAU,CAAC,EAAE,SAAS;aAAyW,EAAG,WAAW,CAAC,EAAE,UAAU,CAAC,EAAE,SAAS;cAA0W,EAAG,WAAW,CAAC,EAAE,UAAU,CAAC,EAAE,SAAS;qBAAktB,EAAG,WAAW,CAAC,EAAE,SAAS;uBAAyB,EAAG,WAAW,CAAC,EAAE,UAAU;cAAgB,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;gDAA2D,EAAG,WAAW,CAAC,EAAE,UAAU;8BAAgC,EAAG,WAAW,CAAC,EAAE,UAAU;iCAAmC,EAAG,WAAW,CAAC,EAAE,QAAQ,CAAC,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;eAArwN,CAAC;eAAwF,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;aAAmC,CAAC;aAAmC,CAAC;cAAoC,CAAC;cAAoC,CAAC;cAAoC,CAAC;eAAqC,CAAC;iBAAqB,CAAC;iBAAuC,CAAC;iBAAuC,CAAC;;;;;;;;;eAA0P,CAAC;eAA0D,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;;eAA6M,CAAC;eAAuC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;eAA+L,CAAC;eAAsC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;aAAwG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAH5lS,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAA"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAC/B,OAAO,EACL,mCAAmC,EAIpC,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AAMpC,MAAM,MAAM,gBAAgB,GAAG,QAAQ,CACrC,IAAI,CACF,mCAAmC,EACjC,WAAW,GACX,eAAe,GACf,eAAe,GACf,YAAY,GACZ,gBAAgB,GAChB,uBAAuB,CAC1B,GAAG;IACF,MAAM,CAAC,EAAE,WAAW,CAAA;CACrB,CACF,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,QAAQ,CACpC,OAAO,CAAC,IAAI,CAAC,mCAAmC,EAAE,cAAc,CAAC,CAAC,CACnE,CAAA;AAED,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;eAQwqC,CAAC;eAAwF,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;aAAmC,CAAC;aAAmC,CAAC;cAAoC,CAAC;cAAoC,CAAC;cAAoC,CAAC;eAAqC,CAAC;iBAAqB,CAAC;iBAAuC,CAAC;iBAAuC,CAAC;;;;;;;;;eAA0P,CAAC;eAA0D,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;;eAA6M,CAAC;eAAuC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;eAA+L,CAAC;eAAsC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;aAAwG,CAAC;;;;;;;eAA2K,CAAC;eAAwF,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;aAAmC,CAAC;aAAmC,CAAC;cAAoC,CAAC;cAAoC,CAAC;cAAoC,CAAC;eAAqC,CAAC;iBAAqB,CAAC;iBAAuC,CAAC;iBAAuC,CAAC;;;;;;;;;eAA0P,CAAC;eAA0D,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;;eAA6M,CAAC;eAAuC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;eAA+L,CAAC;eAAsC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;aAAwG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAAr3H,CAAC;eAAwF,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;aAAmC,CAAC;aAAmC,CAAC;cAAoC,CAAC;cAAoC,CAAC;cAAoC,CAAC;eAAqC,CAAC;iBAAqB,CAAC;iBAAuC,CAAC;iBAAuC,CAAC;;;;;;;;;eAA0P,CAAC;eAA0D,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;;eAA6M,CAAC;eAAuC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;;;;eAA+L,CAAC;eAAsC,CAAC;eAAqC,CAAC;mBAAgD,CAAC;eAAmI,CAAC;eAAuC,CAAC;sBAA4C,CAAC;eAAqC,CAAC;eAAqC,CAAC;eAAsC,CAAC;eAAqC,CAAC;eAAqC,CAAC;mBAAyC,CAAC;;sBAA8D,CAAC;;aAA8D,CAAC;;;;aAAwG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAH5lS,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAA"}
package/dist/types.js CHANGED
@@ -1,12 +1,9 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.clientMetadataSchema = void 0;
4
- const zod_1 = require("zod");
5
- const oauth_types_1 = require("@atproto/oauth-types");
6
- exports.clientMetadataSchema = oauth_types_1.oauthClientMetadataSchema.extend({
7
- client_id: zod_1.z.union([
8
- oauth_types_1.oauthClientIdDiscoverableSchema,
9
- oauth_types_1.oauthClientIdLoopbackSchema,
1
+ import { z } from 'zod';
2
+ import { oauthClientIdDiscoverableSchema, oauthClientIdLoopbackSchema, oauthClientMetadataSchema, } from '@atproto/oauth-types';
3
+ export const clientMetadataSchema = oauthClientMetadataSchema.extend({
4
+ client_id: z.union([
5
+ oauthClientIdDiscoverableSchema,
6
+ oauthClientIdLoopbackSchema,
10
7
  ]),
11
8
  });
12
9
  //# sourceMappingURL=types.js.map
package/dist/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";;;AAAA,6BAA+B;AAC/B,sDAK6B;AAyBhB,QAAA,oBAAoB,GAAG,uCAAyB,CAAC,MAAM,CAAC;IACnE,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC;QACjB,6CAA+B;QAC/B,yCAA2B;KAC5B,CAAC;CACH,CAAC,CAAA","sourcesContent":["import { TypeOf, z } from 'zod'\nimport {\n OAuthAuthorizationRequestParameters,\n oauthClientIdDiscoverableSchema,\n oauthClientIdLoopbackSchema,\n oauthClientMetadataSchema,\n} from '@atproto/oauth-types'\nimport { Simplify } from './util.js'\n\n// Note: These types are not prefixed with `OAuth` because they are not specific\n// to OAuth. They are specific to this packages. OAuth specific types are in\n// `@atproto/oauth-types`.\n\nexport type AuthorizeOptions = Simplify<\n Omit<\n OAuthAuthorizationRequestParameters,\n | 'client_id'\n | 'response_mode'\n | 'response_type'\n | 'login_hint'\n | 'code_challenge'\n | 'code_challenge_method'\n > & {\n signal?: AbortSignal\n }\n>\n\nexport type CallbackOptions = Simplify<\n Partial<Pick<OAuthAuthorizationRequestParameters, 'redirect_uri'>>\n>\n\nexport const clientMetadataSchema = oauthClientMetadataSchema.extend({\n client_id: z.union([\n oauthClientIdDiscoverableSchema,\n oauthClientIdLoopbackSchema,\n ]),\n})\n\nexport type ClientMetadata = TypeOf<typeof clientMetadataSchema>\n"]}
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,CAAC,EAAE,MAAM,KAAK,CAAA;AAC/B,OAAO,EAEL,+BAA+B,EAC/B,2BAA2B,EAC3B,yBAAyB,GAC1B,MAAM,sBAAsB,CAAA;AAyB7B,MAAM,CAAC,MAAM,oBAAoB,GAAG,yBAAyB,CAAC,MAAM,CAAC;IACnE,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC;QACjB,+BAA+B;QAC/B,2BAA2B;KAC5B,CAAC;CACH,CAAC,CAAA","sourcesContent":["import { TypeOf, z } from 'zod'\nimport {\n OAuthAuthorizationRequestParameters,\n oauthClientIdDiscoverableSchema,\n oauthClientIdLoopbackSchema,\n oauthClientMetadataSchema,\n} from '@atproto/oauth-types'\nimport { Simplify } from './util.js'\n\n// Note: These types are not prefixed with `OAuth` because they are not specific\n// to OAuth. They are specific to this packages. OAuth specific types are in\n// `@atproto/oauth-types`.\n\nexport type AuthorizeOptions = Simplify<\n Omit<\n OAuthAuthorizationRequestParameters,\n | 'client_id'\n | 'response_mode'\n | 'response_type'\n | 'login_hint'\n | 'code_challenge'\n | 'code_challenge_method'\n > & {\n signal?: AbortSignal\n }\n>\n\nexport type CallbackOptions = Simplify<\n Partial<Pick<OAuthAuthorizationRequestParameters, 'redirect_uri'>>\n>\n\nexport const clientMetadataSchema = oauthClientMetadataSchema.extend({\n client_id: z.union([\n oauthClientIdDiscoverableSchema,\n oauthClientIdLoopbackSchema,\n ]),\n})\n\nexport type ClientMetadata = TypeOf<typeof clientMetadataSchema>\n"]}
package/dist/util.js CHANGED
@@ -1,14 +1,8 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.ifString = void 0;
4
- exports.contentMime = contentMime;
5
- exports.combineSignals = combineSignals;
6
- const ifString = (v) => (typeof v === 'string' ? v : undefined);
7
- exports.ifString = ifString;
8
- function contentMime(headers) {
1
+ export const ifString = (v) => (typeof v === 'string' ? v : undefined);
2
+ export function contentMime(headers) {
9
3
  return headers.get('content-type')?.split(';')[0].trim();
10
4
  }
11
- function combineSignals(signals) {
5
+ export function combineSignals(signals) {
12
6
  const controller = new DisposableAbortController();
13
7
  const onAbort = function (_event) {
14
8
  const reason = new Error('This operation was aborted', {
package/dist/util.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;;AAKA,kCAEC;AAED,wCA0BC;AAhCM,MAAM,QAAQ,GAAG,CAAI,CAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;AAA/D,QAAA,QAAQ,YAAuD;AAE5E,SAAgB,WAAW,CAAC,OAAgB;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAA;AAC3D,CAAC;AAED,SAAgB,cAAc,CAC5B,OAA6C;IAE7C,MAAM,UAAU,GAAG,IAAI,yBAAyB,EAAE,CAAA;IAElD,MAAM,OAAO,GAAG,UAA6B,MAAa;QACxD,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,4BAA4B,EAAE;YACrD,KAAK,EAAE,IAAI,CAAC,MAAM;SACnB,CAAC,CAAA;QAEF,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IAC1B,CAAC,CAAA;IAED,IAAI,CAAC;QACH,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,GAAG,EAAE,CAAC;gBACR,GAAG,CAAC,cAAc,EAAE,CAAA;gBACpB,GAAG,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;YACvE,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACrB,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,yBAA0B,SAAQ,eAAe;IACrD,CAAC,MAAM,CAAC,OAAO,CAAC;QACd,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAA;IACvD,CAAC;CACF","sourcesContent":["export type Awaitable<T> = T | PromiseLike<T>\nexport type Simplify<T> = { [K in keyof T]: T[K] } & NonNullable<unknown>\n\nexport const ifString = <V>(v: V) => (typeof v === 'string' ? v : undefined)\n\nexport function contentMime(headers: Headers): string | undefined {\n return headers.get('content-type')?.split(';')[0]!.trim()\n}\n\nexport function combineSignals(\n signals: readonly (AbortSignal | undefined)[],\n): AbortController & Disposable {\n const controller = new DisposableAbortController()\n\n const onAbort = function (this: AbortSignal, _event: Event) {\n const reason = new Error('This operation was aborted', {\n cause: this.reason,\n })\n\n controller.abort(reason)\n }\n\n try {\n for (const sig of signals) {\n if (sig) {\n sig.throwIfAborted()\n sig.addEventListener('abort', onAbort, { signal: controller.signal })\n }\n }\n\n return controller\n } catch (err) {\n controller.abort(err)\n throw err\n }\n}\n\n/**\n * Allows using {@link AbortController} with the `using` keyword, in order to\n * automatically abort them once the execution block ends.\n */\nclass DisposableAbortController extends AbortController implements Disposable {\n [Symbol.dispose]() {\n this.abort(new Error('AbortController was disposed'))\n }\n}\n"]}
1
+ {"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAI,CAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;AAE5E,MAAM,UAAU,WAAW,CAAC,OAAgB;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAA;AAC3D,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,OAA6C;IAE7C,MAAM,UAAU,GAAG,IAAI,yBAAyB,EAAE,CAAA;IAElD,MAAM,OAAO,GAAG,UAA6B,MAAa;QACxD,MAAM,MAAM,GAAG,IAAI,KAAK,CAAC,4BAA4B,EAAE;YACrD,KAAK,EAAE,IAAI,CAAC,MAAM;SACnB,CAAC,CAAA;QAEF,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IAC1B,CAAC,CAAA;IAED,IAAI,CAAC;QACH,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,IAAI,GAAG,EAAE,CAAC;gBACR,GAAG,CAAC,cAAc,EAAE,CAAA;gBACpB,GAAG,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAA;YACvE,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACrB,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,yBAA0B,SAAQ,eAAe;IACrD,CAAC,MAAM,CAAC,OAAO,CAAC;QACd,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAA;IACvD,CAAC;CACF","sourcesContent":["export type Awaitable<T> = T | PromiseLike<T>\nexport type Simplify<T> = { [K in keyof T]: T[K] } & NonNullable<unknown>\n\nexport const ifString = <V>(v: V) => (typeof v === 'string' ? v : undefined)\n\nexport function contentMime(headers: Headers): string | undefined {\n return headers.get('content-type')?.split(';')[0]!.trim()\n}\n\nexport function combineSignals(\n signals: readonly (AbortSignal | undefined)[],\n): AbortController & Disposable {\n const controller = new DisposableAbortController()\n\n const onAbort = function (this: AbortSignal, _event: Event) {\n const reason = new Error('This operation was aborted', {\n cause: this.reason,\n })\n\n controller.abort(reason)\n }\n\n try {\n for (const sig of signals) {\n if (sig) {\n sig.throwIfAborted()\n sig.addEventListener('abort', onAbort, { signal: controller.signal })\n }\n }\n\n return controller\n } catch (err) {\n controller.abort(err)\n throw err\n }\n}\n\n/**\n * Allows using {@link AbortController} with the `using` keyword, in order to\n * automatically abort them once the execution block ends.\n */\nclass DisposableAbortController extends AbortController implements Disposable {\n [Symbol.dispose]() {\n this.abort(new Error('AbortController was disposed'))\n }\n}\n"]}