npm - @atproto/oauth-provider - Versions diffs - 0.1.0 - Mend

@atproto/oauth-provider 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (631) hide show

package/.postcssrc.yml +3 -0
package/CHANGELOG.md +19 -0
package/LICENSE.txt +7 -0
package/dist/access-token/access-token-type.d.ts +6 -0
package/dist/access-token/access-token-type.d.ts.map +1 -0
package/dist/access-token/access-token-type.js +10 -0
package/dist/access-token/access-token-type.js.map +1 -0
package/dist/account/account-manager.d.ts +14 -0
package/dist/account/account-manager.d.ts.map +1 -0
package/dist/account/account-manager.js +39 -0
package/dist/account/account-manager.js.map +1 -0
package/dist/account/account-store.d.ts +39 -0
package/dist/account/account-store.d.ts.map +1 -0
package/dist/account/account-store.js +19 -0
package/dist/account/account-store.js.map +1 -0
package/dist/account/account.d.ts +8 -0
package/dist/account/account.d.ts.map +1 -0
package/dist/account/account.js +3 -0
package/dist/account/account.js.map +1 -0
package/dist/assets/app/bundle-manifest.json +22 -0
package/dist/assets/app/main.css +3 -0
package/dist/assets/app/main.js +20 -0
package/dist/assets/app/main.js.map +1 -0
package/dist/assets/asset.d.ts +9 -0
package/dist/assets/asset.d.ts.map +1 -0
package/dist/assets/asset.js +3 -0
package/dist/assets/asset.js.map +1 -0
package/dist/assets/assets-middleware.d.ts +2 -0
package/dist/assets/assets-middleware.d.ts.map +1 -0
package/dist/assets/assets-middleware.js +30 -0
package/dist/assets/assets-middleware.js.map +1 -0
package/dist/assets/index.d.ts +4 -0
package/dist/assets/index.d.ts.map +1 -0
package/dist/assets/index.js +65 -0
package/dist/assets/index.js.map +1 -0
package/dist/client/client-auth.d.ts +13 -0
package/dist/client/client-auth.d.ts.map +1 -0
package/dist/client/client-auth.js +35 -0
package/dist/client/client-auth.js.map +1 -0
package/dist/client/client-data.d.ts +8 -0
package/dist/client/client-data.d.ts.map +1 -0
package/dist/client/client-data.js +3 -0
package/dist/client/client-data.js.map +1 -0
package/dist/client/client-id.d.ts +4 -0
package/dist/client/client-id.d.ts.map +1 -0
package/dist/client/client-id.js +6 -0
package/dist/client/client-id.js.map +1 -0
package/dist/client/client-info.d.ts +13 -0
package/dist/client/client-info.d.ts.map +1 -0
package/dist/client/client-info.js +3 -0
package/dist/client/client-info.js.map +1 -0
package/dist/client/client-manager.d.ts +38 -0
package/dist/client/client-manager.d.ts.map +1 -0
package/dist/client/client-manager.js +534 -0
package/dist/client/client-manager.js.map +1 -0
package/dist/client/client-store.d.ts +13 -0
package/dist/client/client-store.d.ts.map +1 -0
package/dist/client/client-store.js +39 -0
package/dist/client/client-store.js.map +1 -0
package/dist/client/client-utils.d.ts +6 -0
package/dist/client/client-utils.d.ts.map +1 -0
package/dist/client/client-utils.js +40 -0
package/dist/client/client-utils.js.map +1 -0
package/dist/client/client.d.ts +41 -0
package/dist/client/client.d.ts.map +1 -0
package/dist/client/client.js +163 -0
package/dist/client/client.js.map +1 -0
package/dist/constants.d.ts +42 -0
package/dist/constants.d.ts.map +1 -0
package/dist/constants.js +53 -0
package/dist/constants.js.map +1 -0
package/dist/device/device-data.d.ts +20 -0
package/dist/device/device-data.d.ts.map +1 -0
package/dist/device/device-data.js +11 -0
package/dist/device/device-data.js.map +1 -0
package/dist/device/device-details.d.ts +17 -0
package/dist/device/device-details.d.ts.map +1 -0
package/dist/device/device-details.js +34 -0
package/dist/device/device-details.js.map +1 -0
package/dist/device/device-id.d.ts +6 -0
package/dist/device/device-id.d.ts.map +1 -0
package/dist/device/device-id.js +18 -0
package/dist/device/device-id.js.map +1 -0
package/dist/device/device-manager.d.ts +88 -0
package/dist/device/device-manager.d.ts.map +1 -0
package/dist/device/device-manager.js +206 -0
package/dist/device/device-manager.js.map +1 -0
package/dist/device/device-store.d.ts +15 -0
package/dist/device/device-store.d.ts.map +1 -0
package/dist/device/device-store.js +36 -0
package/dist/device/device-store.js.map +1 -0
package/dist/device/session-id.d.ts +6 -0
package/dist/device/session-id.d.ts.map +1 -0
package/dist/device/session-id.js +18 -0
package/dist/device/session-id.js.map +1 -0
package/dist/dpop/dpop-manager.d.ts +33 -0
package/dist/dpop/dpop-manager.d.ts.map +1 -0
package/dist/dpop/dpop-manager.js +115 -0
package/dist/dpop/dpop-manager.js.map +1 -0
package/dist/dpop/dpop-nonce.d.ts +13 -0
package/dist/dpop/dpop-nonce.d.ts.map +1 -0
package/dist/dpop/dpop-nonce.js +94 -0
package/dist/dpop/dpop-nonce.js.map +1 -0
package/dist/errors/access-denied-error.d.ts +8 -0
package/dist/errors/access-denied-error.d.ts.map +1 -0
package/dist/errors/access-denied-error.js +21 -0
package/dist/errors/access-denied-error.js.map +1 -0
package/dist/errors/account-selection-required-error.d.ts +6 -0
package/dist/errors/account-selection-required-error.d.ts.map +1 -0
package/dist/errors/account-selection-required-error.js +11 -0
package/dist/errors/account-selection-required-error.js.map +1 -0
package/dist/errors/consent-required-error.d.ts +6 -0
package/dist/errors/consent-required-error.d.ts.map +1 -0
package/dist/errors/consent-required-error.js +11 -0
package/dist/errors/consent-required-error.js.map +1 -0
package/dist/errors/invalid-authorization-details-error.d.ts +20 -0
package/dist/errors/invalid-authorization-details-error.d.ts.map +1 -0
package/dist/errors/invalid-authorization-details-error.js +26 -0
package/dist/errors/invalid-authorization-details-error.js.map +1 -0
package/dist/errors/invalid-client-error.d.ts +18 -0
package/dist/errors/invalid-client-error.d.ts.map +1 -0
package/dist/errors/invalid-client-error.js +24 -0
package/dist/errors/invalid-client-error.js.map +1 -0
package/dist/errors/invalid-client-id-error.d.ts +13 -0
package/dist/errors/invalid-client-id-error.d.ts.map +1 -0
package/dist/errors/invalid-client-id-error.js +25 -0
package/dist/errors/invalid-client-id-error.js.map +1 -0
package/dist/errors/invalid-client-metadata-error.d.ts +13 -0
package/dist/errors/invalid-client-metadata-error.d.ts.map +1 -0
package/dist/errors/invalid-client-metadata-error.js +23 -0
package/dist/errors/invalid-client-metadata-error.js.map +1 -0
package/dist/errors/invalid-dpop-key-binding-error.d.ts +12 -0
package/dist/errors/invalid-dpop-key-binding-error.d.ts.map +1 -0
package/dist/errors/invalid-dpop-key-binding-error.js +20 -0
package/dist/errors/invalid-dpop-key-binding-error.js.map +1 -0
package/dist/errors/invalid-dpop-proof-error.d.ts +5 -0
package/dist/errors/invalid-dpop-proof-error.d.ts.map +1 -0
package/dist/errors/invalid-dpop-proof-error.js +12 -0
package/dist/errors/invalid-dpop-proof-error.js.map +1 -0
package/dist/errors/invalid-grant-error.d.ts +14 -0
package/dist/errors/invalid-grant-error.d.ts.map +1 -0
package/dist/errors/invalid-grant-error.js +20 -0
package/dist/errors/invalid-grant-error.js.map +1 -0
package/dist/errors/invalid-parameters-error.d.ts +6 -0
package/dist/errors/invalid-parameters-error.d.ts.map +1 -0
package/dist/errors/invalid-parameters-error.js +11 -0
package/dist/errors/invalid-parameters-error.js.map +1 -0
package/dist/errors/invalid-redirect-uri-error.d.ts +11 -0
package/dist/errors/invalid-redirect-uri-error.d.ts.map +1 -0
package/dist/errors/invalid-redirect-uri-error.js +21 -0
package/dist/errors/invalid-redirect-uri-error.js.map +1 -0
package/dist/errors/invalid-request-error.d.ts +28 -0
package/dist/errors/invalid-request-error.d.ts.map +1 -0
package/dist/errors/invalid-request-error.js +34 -0
package/dist/errors/invalid-request-error.js.map +1 -0
package/dist/errors/invalid-token-error.d.ts +16 -0
package/dist/errors/invalid-token-error.d.ts.map +1 -0
package/dist/errors/invalid-token-error.js +45 -0
package/dist/errors/invalid-token-error.js.map +1 -0
package/dist/errors/login-required-error.d.ts +6 -0
package/dist/errors/login-required-error.d.ts.map +1 -0
package/dist/errors/login-required-error.js +11 -0
package/dist/errors/login-required-error.js.map +1 -0
package/dist/errors/oauth-error.d.ts +13 -0
package/dist/errors/oauth-error.d.ts.map +1 -0
package/dist/errors/oauth-error.js +29 -0
package/dist/errors/oauth-error.js.map +1 -0
package/dist/errors/unauthorized-client-error.d.ts +18 -0
package/dist/errors/unauthorized-client-error.d.ts.map +1 -0
package/dist/errors/unauthorized-client-error.js +24 -0
package/dist/errors/unauthorized-client-error.js.map +1 -0
package/dist/errors/use-dpop-nonce-error.d.ts +18 -0
package/dist/errors/use-dpop-nonce-error.d.ts.map +1 -0
package/dist/errors/use-dpop-nonce-error.js +27 -0
package/dist/errors/use-dpop-nonce-error.js.map +1 -0
package/dist/errors/www-authenticate-error.d.ts +9 -0
package/dist/errors/www-authenticate-error.d.ts.map +1 -0
package/dist/errors/www-authenticate-error.js +46 -0
package/dist/errors/www-authenticate-error.js.map +1 -0
package/dist/index.d.ts +14 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +31 -0
package/dist/index.js.map +1 -0
package/dist/lib/html/build-document.d.ts +32 -0
package/dist/lib/html/build-document.d.ts.map +1 -0
package/dist/lib/html/build-document.js +61 -0
package/dist/lib/html/build-document.js.map +1 -0
package/dist/lib/html/escapers.d.ts +9 -0
package/dist/lib/html/escapers.d.ts.map +1 -0
package/dist/lib/html/escapers.js +66 -0
package/dist/lib/html/escapers.js.map +1 -0
package/dist/lib/html/html.d.ts +13 -0
package/dist/lib/html/html.d.ts.map +1 -0
package/dist/lib/html/html.js +53 -0
package/dist/lib/html/html.js.map +1 -0
package/dist/lib/html/index.d.ts +4 -0
package/dist/lib/html/index.d.ts.map +1 -0
package/dist/lib/html/index.js +21 -0
package/dist/lib/html/index.js.map +1 -0
package/dist/lib/html/tags.d.ts +34 -0
package/dist/lib/html/tags.d.ts.map +1 -0
package/dist/lib/html/tags.js +47 -0
package/dist/lib/html/tags.js.map +1 -0
package/dist/lib/html/util.d.ts +4 -0
package/dist/lib/html/util.d.ts.map +1 -0
package/dist/lib/html/util.js +20 -0
package/dist/lib/html/util.js.map +1 -0
package/dist/lib/http/accept.d.ts +29 -0
package/dist/lib/http/accept.d.ts.map +1 -0
package/dist/lib/http/accept.js +67 -0
package/dist/lib/http/accept.js.map +1 -0
package/dist/lib/http/context.d.ts +5 -0
package/dist/lib/http/context.d.ts.map +1 -0
package/dist/lib/http/context.js +10 -0
package/dist/lib/http/context.js.map +1 -0
package/dist/lib/http/index.d.ts +10 -0
package/dist/lib/http/index.d.ts.map +1 -0
package/dist/lib/http/index.js +26 -0
package/dist/lib/http/index.js.map +1 -0
package/dist/lib/http/method.d.ts +6 -0
package/dist/lib/http/method.d.ts.map +1 -0
package/dist/lib/http/method.js +19 -0
package/dist/lib/http/method.js.map +1 -0
package/dist/lib/http/middleware.d.ts +18 -0
package/dist/lib/http/middleware.d.ts.map +1 -0
package/dist/lib/http/middleware.js +118 -0
package/dist/lib/http/middleware.js.map +1 -0
package/dist/lib/http/parser.d.ts +33 -0
package/dist/lib/http/parser.d.ts.map +1 -0
package/dist/lib/http/parser.js +48 -0
package/dist/lib/http/parser.js.map +1 -0
package/dist/lib/http/path.d.ts +9 -0
package/dist/lib/http/path.d.ts.map +1 -0
package/dist/lib/http/path.js +54 -0
package/dist/lib/http/path.js.map +1 -0
package/dist/lib/http/request.d.ts +33 -0
package/dist/lib/http/request.d.ts.map +1 -0
package/dist/lib/http/request.js +86 -0
package/dist/lib/http/request.js.map +1 -0
package/dist/lib/http/response.d.ts +13 -0
package/dist/lib/http/response.d.ts.map +1 -0
package/dist/lib/http/response.js +98 -0
package/dist/lib/http/response.js.map +1 -0
package/dist/lib/http/route.d.ts +25 -0
package/dist/lib/http/route.d.ts.map +1 -0
package/dist/lib/http/route.js +39 -0
package/dist/lib/http/route.js.map +1 -0
package/dist/lib/http/router.d.ts +32 -0
package/dist/lib/http/router.d.ts.map +1 -0
package/dist/lib/http/router.js +74 -0
package/dist/lib/http/router.js.map +1 -0
package/dist/lib/http/stream.d.ts +13 -0
package/dist/lib/http/stream.d.ts.map +1 -0
package/dist/lib/http/stream.js +46 -0
package/dist/lib/http/stream.js.map +1 -0
package/dist/lib/http/types.d.ts +7 -0
package/dist/lib/http/types.d.ts.map +1 -0
package/dist/lib/http/types.js +3 -0
package/dist/lib/http/types.js.map +1 -0
package/dist/lib/http/url.d.ts +8 -0
package/dist/lib/http/url.d.ts.map +1 -0
package/dist/lib/http/url.js +22 -0
package/dist/lib/http/url.js.map +1 -0
package/dist/lib/redis.d.ts +5 -0
package/dist/lib/redis.d.ts.map +1 -0
package/dist/lib/redis.js +22 -0
package/dist/lib/redis.js.map +1 -0
package/dist/lib/util/authorization-header.d.ts +4 -0
package/dist/lib/util/authorization-header.d.ts.map +1 -0
package/dist/lib/util/authorization-header.js +23 -0
package/dist/lib/util/authorization-header.js.map +1 -0
package/dist/lib/util/cast.d.ts +2 -0
package/dist/lib/util/cast.d.ts.map +1 -0
package/dist/lib/util/cast.js +10 -0
package/dist/lib/util/cast.js.map +1 -0
package/dist/lib/util/crypto.d.ts +3 -0
package/dist/lib/util/crypto.d.ts.map +1 -0
package/dist/lib/util/crypto.js +29 -0
package/dist/lib/util/crypto.js.map +1 -0
package/dist/lib/util/date.d.ts +3 -0
package/dist/lib/util/date.d.ts.map +1 -0
package/dist/lib/util/date.js +12 -0
package/dist/lib/util/date.js.map +1 -0
package/dist/lib/util/hostname.d.ts +6 -0
package/dist/lib/util/hostname.d.ts.map +1 -0
package/dist/lib/util/hostname.js +24 -0
package/dist/lib/util/hostname.js.map +1 -0
package/dist/lib/util/redirect-uri.d.ts +7 -0
package/dist/lib/util/redirect-uri.d.ts.map +1 -0
package/dist/lib/util/redirect-uri.js +44 -0
package/dist/lib/util/redirect-uri.js.map +1 -0
package/dist/lib/util/time.d.ts +6 -0
package/dist/lib/util/time.d.ts.map +1 -0
package/dist/lib/util/time.js +28 -0
package/dist/lib/util/time.js.map +1 -0
package/dist/lib/util/type.d.ts +6 -0
package/dist/lib/util/type.d.ts.map +1 -0
package/dist/lib/util/type.js +3 -0
package/dist/lib/util/type.js.map +1 -0
package/dist/lib/util/well-known.d.ts +3 -0
package/dist/lib/util/well-known.d.ts.map +1 -0
package/dist/lib/util/well-known.js +11 -0
package/dist/lib/util/well-known.js.map +1 -0
package/dist/metadata/build-metadata.d.ts +14 -0
package/dist/metadata/build-metadata.d.ts.map +1 -0
package/dist/metadata/build-metadata.js +132 -0
package/dist/metadata/build-metadata.js.map +1 -0
package/dist/oauth-client.d.ts +4 -0
package/dist/oauth-client.d.ts.map +1 -0
package/dist/oauth-client.js +19 -0
package/dist/oauth-client.js.map +1 -0
package/dist/oauth-dpop.d.ts +3 -0
package/dist/oauth-dpop.d.ts.map +1 -0
package/dist/oauth-dpop.js +19 -0
package/dist/oauth-dpop.js.map +1 -0
package/dist/oauth-errors.d.ts +20 -0
package/dist/oauth-errors.d.ts.map +1 -0
package/dist/oauth-errors.js +43 -0
package/dist/oauth-errors.js.map +1 -0
package/dist/oauth-hooks.d.ts +42 -0
package/dist/oauth-hooks.d.ts.map +1 -0
package/dist/oauth-hooks.js +3 -0
package/dist/oauth-hooks.js.map +1 -0
package/dist/oauth-provider.d.ts +179 -0
package/dist/oauth-provider.d.ts.map +1 -0
package/dist/oauth-provider.js +748 -0
package/dist/oauth-provider.js.map +1 -0
package/dist/oauth-store.d.ts +11 -0
package/dist/oauth-store.d.ts.map +1 -0
package/dist/oauth-store.js +27 -0
package/dist/oauth-store.js.map +1 -0
package/dist/oauth-verifier.d.ts +66 -0
package/dist/oauth-verifier.d.ts.map +1 -0
package/dist/oauth-verifier.js +94 -0
package/dist/oauth-verifier.js.map +1 -0
package/dist/oidc/claims.d.ts +16 -0
package/dist/oidc/claims.d.ts.map +1 -0
package/dist/oidc/claims.js +29 -0
package/dist/oidc/claims.js.map +1 -0
package/dist/oidc/sub.d.ts +4 -0
package/dist/oidc/sub.d.ts.map +1 -0
package/dist/oidc/sub.js +6 -0
package/dist/oidc/sub.js.map +1 -0
package/dist/oidc/userinfo.d.ts +7 -0
package/dist/oidc/userinfo.d.ts.map +1 -0
package/dist/oidc/userinfo.js +3 -0
package/dist/oidc/userinfo.js.map +1 -0
package/dist/output/build-error-payload.d.ts +6 -0
package/dist/output/build-error-payload.d.ts.map +1 -0
package/dist/output/build-error-payload.js +108 -0
package/dist/output/build-error-payload.js.map +1 -0
package/dist/output/customization.d.ts +37 -0
package/dist/output/customization.d.ts.map +1 -0
package/dist/output/customization.js +62 -0
package/dist/output/customization.js.map +1 -0
package/dist/output/send-authorize-page.d.ts +43 -0
package/dist/output/send-authorize-page.d.ts.map +1 -0
package/dist/output/send-authorize-page.js +49 -0
package/dist/output/send-authorize-page.js.map +1 -0
package/dist/output/send-authorize-redirect.d.ts +25 -0
package/dist/output/send-authorize-redirect.d.ts.map +1 -0
package/dist/output/send-authorize-redirect.js +72 -0
package/dist/output/send-authorize-redirect.js.map +1 -0
package/dist/output/send-error-page.d.ts +5 -0
package/dist/output/send-error-page.d.ts.map +1 -0
package/dist/output/send-error-page.js +31 -0
package/dist/output/send-error-page.js.map +1 -0
package/dist/output/send-web-page.d.ts +8 -0
package/dist/output/send-web-page.d.ts.map +1 -0
package/dist/output/send-web-page.js +48 -0
package/dist/output/send-web-page.js.map +1 -0
package/dist/parameters/claims-requested.d.ts +3 -0
package/dist/parameters/claims-requested.d.ts.map +1 -0
package/dist/parameters/claims-requested.js +77 -0
package/dist/parameters/claims-requested.js.map +1 -0
package/dist/parameters/oidc-payload.d.ts +31 -0
package/dist/parameters/oidc-payload.d.ts.map +1 -0
package/dist/parameters/oidc-payload.js +25 -0
package/dist/parameters/oidc-payload.js.map +1 -0
package/dist/replay/replay-manager.d.ts +10 -0
package/dist/replay/replay-manager.d.ts.map +1 -0
package/dist/replay/replay-manager.js +23 -0
package/dist/replay/replay-manager.js.map +1 -0
package/dist/replay/replay-store-memory.d.ts +11 -0
package/dist/replay/replay-store-memory.d.ts.map +1 -0
package/dist/replay/replay-store-memory.js +30 -0
package/dist/replay/replay-store-memory.js.map +1 -0
package/dist/replay/replay-store-redis.d.ts +16 -0
package/dist/replay/replay-store-redis.d.ts.map +1 -0
package/dist/replay/replay-store-redis.js +20 -0
package/dist/replay/replay-store-redis.js.map +1 -0
package/dist/replay/replay-store.d.ts +16 -0
package/dist/replay/replay-store.d.ts.map +1 -0
package/dist/replay/replay-store.js +22 -0
package/dist/replay/replay-store.js.map +1 -0
package/dist/request/code.d.ts +7 -0
package/dist/request/code.d.ts.map +1 -0
package/dist/request/code.js +20 -0
package/dist/request/code.js.map +1 -0
package/dist/request/request-data.d.ts +21 -0
package/dist/request/request-data.d.ts.map +1 -0
package/dist/request/request-data.js +6 -0
package/dist/request/request-data.js.map +1 -0
package/dist/request/request-id.d.ts +6 -0
package/dist/request/request-id.d.ts.map +1 -0
package/dist/request/request-id.js +18 -0
package/dist/request/request-id.js.map +1 -0
package/dist/request/request-info.d.ts +12 -0
package/dist/request/request-info.d.ts.map +1 -0
package/dist/request/request-info.js +3 -0
package/dist/request/request-info.js.map +1 -0
package/dist/request/request-manager.d.ts +40 -0
package/dist/request/request-manager.d.ts.map +1 -0
package/dist/request/request-manager.js +310 -0
package/dist/request/request-manager.js.map +1 -0
package/dist/request/request-store-memory.d.ts +16 -0
package/dist/request/request-store-memory.d.ts.map +1 -0
package/dist/request/request-store-memory.js +31 -0
package/dist/request/request-store-memory.js.map +1 -0
package/dist/request/request-store-redis.d.ts +24 -0
package/dist/request/request-store-redis.d.ts.map +1 -0
package/dist/request/request-store-redis.js +58 -0
package/dist/request/request-store-redis.js.map +1 -0
package/dist/request/request-store.d.ts +27 -0
package/dist/request/request-store.d.ts.map +1 -0
package/dist/request/request-store.js +37 -0
package/dist/request/request-store.js.map +1 -0
package/dist/request/request-uri.d.ts +8 -0
package/dist/request/request-uri.d.ts.map +1 -0
package/dist/request/request-uri.js +24 -0
package/dist/request/request-uri.js.map +1 -0
package/dist/request/types.d.ts +328 -0
package/dist/request/types.d.ts.map +1 -0
package/dist/request/types.js +27 -0
package/dist/request/types.js.map +1 -0
package/dist/signer/signed-token-payload.d.ts +1694 -0
package/dist/signer/signed-token-payload.d.ts.map +1 -0
package/dist/signer/signed-token-payload.js +32 -0
package/dist/signer/signed-token-payload.js.map +1 -0
package/dist/signer/signer.d.ts +193 -0
package/dist/signer/signer.d.ts.map +1 -0
package/dist/signer/signer.js +101 -0
package/dist/signer/signer.js.map +1 -0
package/dist/token/refresh-token.d.ts +7 -0
package/dist/token/refresh-token.d.ts.map +1 -0
package/dist/token/refresh-token.js +20 -0
package/dist/token/refresh-token.js.map +1 -0
package/dist/token/token-claims.d.ts +1687 -0
package/dist/token/token-claims.d.ts.map +1 -0
package/dist/token/token-claims.js +30 -0
package/dist/token/token-claims.js.map +1 -0
package/dist/token/token-data.d.ts +20 -0
package/dist/token/token-data.d.ts.map +1 -0
package/dist/token/token-data.js +3 -0
package/dist/token/token-data.js.map +1 -0
package/dist/token/token-id.d.ts +7 -0
package/dist/token/token-id.d.ts.map +1 -0
package/dist/token/token-id.js +20 -0
package/dist/token/token-id.js.map +1 -0
package/dist/token/token-manager.d.ts +48 -0
package/dist/token/token-manager.d.ts.map +1 -0
package/dist/token/token-manager.js +421 -0
package/dist/token/token-manager.js.map +1 -0
package/dist/token/token-store.d.ts +35 -0
package/dist/token/token-store.d.ts.map +1 -0
package/dist/token/token-store.js +38 -0
package/dist/token/token-store.js.map +1 -0
package/dist/token/types.d.ts +250 -0
package/dist/token/types.d.ts.map +1 -0
package/dist/token/types.js +36 -0
package/dist/token/types.js.map +1 -0
package/dist/token/verify-token-claims.d.ts +17 -0
package/dist/token/verify-token-claims.d.ts.map +1 -0
package/dist/token/verify-token-claims.js +39 -0
package/dist/token/verify-token-claims.js.map +1 -0
package/package.json +83 -0
package/rollup.config.js +55 -0
package/src/access-token/access-token-type.ts +5 -0
package/src/account/account-manager.ts +55 -0
package/src/account/account-store.ts +74 -0
package/src/account/account.ts +10 -0
package/src/assets/app/app.tsx +28 -0
package/src/assets/app/backend-data.ts +65 -0
package/src/assets/app/components/accept-form.tsx +112 -0
package/src/assets/app/components/account-identifier.tsx +18 -0
package/src/assets/app/components/account-picker.tsx +108 -0
package/src/assets/app/components/client-identifier.tsx +32 -0
package/src/assets/app/components/client-name.tsx +30 -0
package/src/assets/app/components/error-card.tsx +41 -0
package/src/assets/app/components/help-card.tsx +42 -0
package/src/assets/app/components/layout-title-page.tsx +43 -0
package/src/assets/app/components/layout-welcome.tsx +58 -0
package/src/assets/app/components/sign-in-form.tsx +290 -0
package/src/assets/app/components/sign-up-account-form.tsx +210 -0
package/src/assets/app/components/sign-up-disclaimer.tsx +44 -0
package/src/assets/app/components/url-viewer.tsx +70 -0
package/src/assets/app/cookies.ts +11 -0
package/src/assets/app/hooks/use-api.ts +104 -0
package/src/assets/app/hooks/use-bound-dispatch.ts +5 -0
package/src/assets/app/hooks/use-csrf-token.ts +5 -0
package/src/assets/app/lib/api.ts +64 -0
package/src/assets/app/lib/clsx.ts +4 -0
package/src/assets/app/lib/util.ts +10 -0
package/src/assets/app/main.css +11 -0
package/src/assets/app/main.tsx +28 -0
package/src/assets/app/views/accept-view.tsx +51 -0
package/src/assets/app/views/authorize-view.tsx +101 -0
package/src/assets/app/views/error-view.tsx +27 -0
package/src/assets/app/views/sign-in-view.tsx +121 -0
package/src/assets/app/views/sign-up-view.tsx +93 -0
package/src/assets/app/views/welcome-view.tsx +61 -0
package/src/assets/asset.ts +8 -0
package/src/assets/assets-middleware.ts +32 -0
package/src/assets/index.ts +74 -0
package/src/client/client-auth.ts +45 -0
package/src/client/client-data.ts +9 -0
package/src/client/client-id.ts +4 -0
package/src/client/client-info.ts +13 -0
package/src/client/client-manager.ts +818 -0
package/src/client/client-store.ts +38 -0
package/src/client/client-utils.ts +43 -0
package/src/client/client.ts +231 -0
package/src/constants.ts +69 -0
package/src/device/device-data.ts +11 -0
package/src/device/device-details.ts +43 -0
package/src/device/device-id.ts +23 -0
package/src/device/device-manager.ts +287 -0
package/src/device/device-store.ts +35 -0
package/src/device/session-id.ts +22 -0
package/src/dpop/dpop-manager.ts +147 -0
package/src/dpop/dpop-nonce.ts +104 -0
package/src/errors/access-denied-error.ts +26 -0
package/src/errors/account-selection-required-error.ts +12 -0
package/src/errors/consent-required-error.ts +12 -0
package/src/errors/invalid-authorization-details-error.ts +22 -0
package/src/errors/invalid-client-error.ts +20 -0
package/src/errors/invalid-client-id-error.ts +20 -0
package/src/errors/invalid-client-metadata-error.ts +19 -0
package/src/errors/invalid-dpop-key-binding-error.ts +21 -0
package/src/errors/invalid-dpop-proof-error.ts +13 -0
package/src/errors/invalid-grant-error.ts +16 -0
package/src/errors/invalid-parameters-error.ts +12 -0
package/src/errors/invalid-redirect-uri-error.ts +17 -0
package/src/errors/invalid-request-error.ts +30 -0
package/src/errors/invalid-token-error.ts +59 -0
package/src/errors/login-required-error.ts +12 -0
package/src/errors/oauth-error.ts +28 -0
package/src/errors/unauthorized-client-error.ts +20 -0
package/src/errors/use-dpop-nonce-error.ts +32 -0
package/src/errors/www-authenticate-error.ts +65 -0
package/src/index.ts +15 -0
package/src/lib/html/README.md +9 -0
package/src/lib/html/build-document.ts +98 -0
package/src/lib/html/escapers.ts +66 -0
package/src/lib/html/html.ts +61 -0
package/src/lib/html/index.ts +5 -0
package/src/lib/html/tags.ts +58 -0
package/src/lib/html/util.ts +21 -0
package/src/lib/http/README.md +11 -0
package/src/lib/http/accept.ts +91 -0
package/src/lib/http/context.ts +11 -0
package/src/lib/http/index.ts +9 -0
package/src/lib/http/method.ts +18 -0
package/src/lib/http/middleware.ts +183 -0
package/src/lib/http/parser.ts +64 -0
package/src/lib/http/path.ts +82 -0
package/src/lib/http/request.ts +141 -0
package/src/lib/http/response.ts +133 -0
package/src/lib/http/route.ts +56 -0
package/src/lib/http/router.ts +118 -0
package/src/lib/http/stream.ts +78 -0
package/src/lib/http/types.ts +22 -0
package/src/lib/http/url.ts +23 -0
package/src/lib/redis.ts +23 -0
package/src/lib/util/authorization-header.ts +26 -0
package/src/lib/util/cast.ts +4 -0
package/src/lib/util/crypto.ts +27 -0
package/src/lib/util/date.ts +7 -0
package/src/lib/util/hostname.ts +19 -0
package/src/lib/util/redirect-uri.ts +46 -0
package/src/lib/util/time.ts +33 -0
package/src/lib/util/type.ts +4 -0
package/src/lib/util/well-known.ts +8 -0
package/src/metadata/build-metadata.ts +165 -0
package/src/oauth-client.ts +3 -0
package/src/oauth-dpop.ts +2 -0
package/src/oauth-errors.ts +21 -0
package/src/oauth-hooks.ts +66 -0
package/src/oauth-provider.ts +1409 -0
package/src/oauth-store.ts +11 -0
package/src/oauth-verifier.ts +219 -0
package/src/oidc/claims.ts +35 -0
package/src/oidc/sub.ts +4 -0
package/src/oidc/userinfo.ts +11 -0
package/src/output/build-error-payload.ts +143 -0
package/src/output/customization.ts +96 -0
package/src/output/send-authorize-page.ts +111 -0
package/src/output/send-authorize-redirect.ts +130 -0
package/src/output/send-error-page.ts +41 -0
package/src/output/send-web-page.ts +66 -0
package/src/parameters/claims-requested.ts +106 -0
package/src/parameters/oidc-payload.ts +28 -0
package/src/replay/replay-manager.ts +38 -0
package/src/replay/replay-store-memory.ts +36 -0
package/src/replay/replay-store-redis.ts +31 -0
package/src/replay/replay-store.ts +44 -0
package/src/request/code.ts +24 -0
package/src/request/request-data.ts +26 -0
package/src/request/request-id.ts +23 -0
package/src/request/request-info.ts +12 -0
package/src/request/request-manager.ts +479 -0
package/src/request/request-store-memory.ts +39 -0
package/src/request/request-store-redis.ts +71 -0
package/src/request/request-store.ts +54 -0
package/src/request/request-uri.ts +29 -0
package/src/request/types.ts +48 -0
package/src/signer/signed-token-payload.ts +35 -0
package/src/signer/signer.ts +165 -0
package/src/token/refresh-token.ts +31 -0
package/src/token/token-claims.ts +31 -0
package/src/token/token-data.ts +33 -0
package/src/token/token-id.ts +26 -0
package/src/token/token-manager.ts +591 -0
package/src/token/token-store.ts +78 -0
package/src/token/types.ts +86 -0
package/src/token/verify-token-claims.ts +65 -0
package/tailwind.config.js +13 -0
package/tsconfig.backend.json +9 -0
package/tsconfig.frontend.json +11 -0
package/tsconfig.json +8 -0
package/tsconfig.tools.json +8 -0

package/src/errors/invalid-client-id-error.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { OAuthError } from './oauth-error.js'
+/**
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.2 | RFC7591 - Client Registration Error Response}
+ *
+ * The value of one of the client metadata fields is invalid and the server has
+ * rejected this request.  Note that an authorization server MAY choose to
+ * substitute a valid value for any requested parameter of a client's metadata.
+ */
+export class InvalidClientIdError extends OAuthError {
+  constructor(error_description: string, cause?: unknown) {
+    super('invalid_client_id', error_description, 400, cause)
+  }
+  static from(err: unknown): InvalidClientIdError {
+    if (err instanceof InvalidClientIdError) return err
+    if (err instanceof TypeError) return new InvalidClientIdError(err.message)
+    return new InvalidClientIdError('Invalid client identifier', err)
+  }
+}

package/src/errors/invalid-client-metadata-error.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { OAuthError } from './oauth-error.js'
+/**
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.2 | RFC7591 - Client Registration Error Response}
+ *
+ * The value of one of the client metadata fields is invalid and the server has
+ * rejected this request.  Note that an authorization server MAY choose to
+ * substitute a valid value for any requested parameter of a client's metadata.
+ */
+export class InvalidClientMetadataError extends OAuthError {
+  constructor(error_description: string, cause?: unknown) {
+    super('invalid_client_metadata', error_description, 400, cause)
+  }
+  static from(cause: unknown): InvalidClientMetadataError {
+    if (cause instanceof InvalidClientMetadataError) return cause
+    return new InvalidClientMetadataError('Invalid client configuration', cause)
+  }
+}

package/src/errors/invalid-dpop-key-binding-error.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { WWWAuthenticateError } from './www-authenticate-error.js'
+/**
+ * @see
+ * {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 | RFC6750 - The WWW-Authenticate Response Header Field}
+ *
+ * @see
+ * {@link https://datatracker.ietf.org/doc/html/rfc9449#name-the-dpop-authentication-sch | RFC9449 - The DPoP Authentication Scheme}
+ */
+export class InvalidDpopKeyBindingError extends WWWAuthenticateError {
+  constructor(cause?: unknown) {
+    const error = 'invalid_token'
+    const error_description = 'Invalid DPoP key binding'
+    super(
+      error,
+      error_description,
+      { DPoP: { error, error_description } },
+      cause,
+    )
+  }
+}

package/src/errors/invalid-dpop-proof-error.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { WWWAuthenticateError } from './www-authenticate-error.js'
+export class InvalidDpopProofError extends WWWAuthenticateError {
+  constructor(error_description: string, cause?: unknown) {
+    const error = 'invalid_dpop_proof'
+    super(
+      error,
+      error_description,
+      { DPoP: { error, error_description } },
+      cause,
+    )
+  }
+}

package/src/errors/invalid-grant-error.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import { OAuthError } from './oauth-error.js'
+/**
+ * @see
+ * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token }
+ *
+ * The provided authorization grant (e.g., authorization code, resource owner
+ * credentials) or refresh token is invalid, expired, revoked, does not match
+ * the redirection URI used in the authorization request, or was issued to
+ * another client.
+ */
+export class InvalidGrantError extends OAuthError {
+  constructor(error_description: string, cause?: unknown) {
+    super('invalid_grant', error_description, 400, cause)
+  }
+}

package/src/errors/invalid-parameters-error.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { OAuthAuthenticationRequestParameters } from '@atproto/oauth-types'
+import { AccessDeniedError } from './access-denied-error.js'
+export class InvalidParametersError extends AccessDeniedError {
+  constructor(
+    parameters: OAuthAuthenticationRequestParameters,
+    error_description: string,
+    cause?: unknown,
+  ) {
+    super(parameters, error_description, 'invalid_request', cause)
+  }
+}

package/src/errors/invalid-redirect-uri-error.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { OAuthError } from './oauth-error.js'
+/**
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.2 | RFC7591}
+ *
+ * The value of one or more redirection URIs is invalid.
+ */
+export class InvalidRedirectUriError extends OAuthError {
+  constructor(error_description: string, cause?: unknown) {
+    super('invalid_redirect_uri', error_description, 400, cause)
+  }
+  static from(cause?: unknown): InvalidRedirectUriError {
+    if (cause instanceof InvalidRedirectUriError) return cause
+    return new InvalidRedirectUriError('Invalid redirect URI', cause)
+  }
+}

package/src/errors/invalid-request-error.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import { OAuthError } from './oauth-error.js'
+/**
+ * @see
+ * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token }
+ *
+ * The request is missing a required parameter, includes an unsupported
+ * parameter value (other than grant type), repeats a parameter, includes
+ * multiple credentials, utilizes more than one mechanism for authenticating the
+ * client, or is otherwise malformed.
+ *
+ * @see
+ * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 | RFC6749 - Authorization Code Grant, Authorization Request}
+ *
+ * The request is missing a required parameter, includes an invalid parameter
+ * value, includes a parameter more than once, or is otherwise malformed.
+ *
+ * @see
+ * {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 | RFC6750 - The WWW-Authenticate Response Header Field }
+ *
+ * The request is missing a required parameter, includes an unsupported
+ * parameter or parameter value, repeats the same parameter, uses more than one
+ * method for including an access token, or is otherwise malformed. The resource
+ * server SHOULD respond with the HTTP 400 (Bad Request) status code.
+ */
+export class InvalidRequestError extends OAuthError {
+  constructor(error_description: string, cause?: unknown) {
+    super('invalid_request', error_description, 400, cause)
+  }
+}

package/src/errors/invalid-token-error.ts ADDED Viewed

@@ -0,0 +1,59 @@
+import { JwtVerifyError } from '@atproto/jwk'
+import { JOSEError } from 'jose/errors'
+import { ZodError } from 'zod'
+import { OAuthError } from './oauth-error.js'
+import { WWWAuthenticateError } from './www-authenticate-error.js'
+/**
+ * @see
+ * {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 | RFC6750 - The WWW-Authenticate Response Header Field }
+ *
+ * The access token provided is expired, revoked, malformed, or invalid for
+ * other reasons.  The resource SHOULD respond with the HTTP 401 (Unauthorized)
+ * status code.  The client MAY request a new access token and retry the
+ * protected resource request.
+ */
+export class InvalidTokenError extends WWWAuthenticateError {
+  static from(
+    err: unknown,
+    tokenType: string,
+    fallbackMessage = 'Invalid token',
+  ): InvalidTokenError {
+    if (err instanceof InvalidTokenError) {
+      return err
+    }
+    if (err instanceof OAuthError) {
+      return new InvalidTokenError(tokenType, err.error_description, err)
+    }
+    if (err instanceof JOSEError) {
+      return new InvalidTokenError(tokenType, err.message, err)
+    }
+    if (err instanceof JwtVerifyError) {
+      return new InvalidTokenError(tokenType, err.message, err)
+    }
+    if (err instanceof ZodError) {
+      return new InvalidTokenError(tokenType, err.message, err)
+    }
+    return new InvalidTokenError(tokenType, fallbackMessage, err)
+  }
+  constructor(
+    readonly tokenType: string,
+    error_description: string,
+    cause?: unknown,
+  ) {
+    const error = 'invalid_token'
+    super(
+      error,
+      error_description,
+      { [tokenType]: { error, error_description } },
+      cause,
+    )
+  }
+}

package/src/errors/login-required-error.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { OAuthAuthenticationRequestParameters } from '@atproto/oauth-types'
+import { AccessDeniedError } from './access-denied-error.js'
+export class LoginRequiredError extends AccessDeniedError {
+  constructor(
+    parameters: OAuthAuthenticationRequestParameters,
+    error_description = 'Login is required',
+    cause?: unknown,
+  ) {
+    super(parameters, error_description, 'login_required', cause)
+  }
+}

package/src/errors/oauth-error.ts ADDED Viewed

@@ -0,0 +1,28 @@
+export class OAuthError extends Error {
+  public expose: boolean
+  constructor(
+    public readonly error: string,
+    public readonly error_description: string,
+    public readonly status = 400,
+    cause?: unknown,
+  ) {
+    super(error_description, { cause })
+    Error.captureStackTrace?.(this, this.constructor)
+    this.name = this.constructor.name
+    this.expose = status < 500
+  }
+  get statusCode() {
+    return this.status
+  }
+  toJSON() {
+    return {
+      error: this.error,
+      error_description: this.error_description,
+    } as const
+  }
+}

package/src/errors/unauthorized-client-error.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { OAuthError } from './oauth-error.js'
+/**
+ * @see
+ * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token }
+ *
+ * The authenticated client is not authorized to use this authorization grant
+ * type.
+ *
+ * @see
+ * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 | RFC6749 - Authorization Code Grant, Authorization Request}
+ *
+ * The client is not authorized to request an authorization code using this
+ * method.
+ */
+export class UnauthorizedClientError extends OAuthError {
+  constructor(error_description: string, cause?: unknown) {
+    super('unauthorized_client', error_description, 400, cause)
+  }
+}

package/src/errors/use-dpop-nonce-error.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { OAuthError } from './oauth-error.js'
+import { WWWAuthenticateError } from './www-authenticate-error.js'
+/**
+ * @see
+ * {@link https://datatracker.ietf.org/doc/html/rfc9449#section-8 | RFC9449 - Section 8. Authorization Server-Provided Nonce}
+ */
+export class UseDpopNonceError extends OAuthError {
+  constructor(
+    error_description = 'Authorization server requires nonce in DPoP proof',
+    cause?: unknown,
+  ) {
+    super('use_dpop_nonce', error_description, 400, cause)
+  }
+  /**
+   * Convert this error into an error meant to be used as "Resource
+   * Server-Provided Nonce" error.
+   *
+   * @see
+   * {@link https://datatracker.ietf.org/doc/html/rfc9449#section-9 | RFC9449 - Section 9. Resource Server-Provided Nonce}
+   */
+  toWwwAuthenticateError(): WWWAuthenticateError {
+    const { error, error_description } = this
+    return new WWWAuthenticateError(
+      error,
+      error_description,
+      { DPoP: { error, error_description } },
+      this,
+    )
+  }
+}

package/src/errors/www-authenticate-error.ts ADDED Viewed

@@ -0,0 +1,65 @@
+import { VERIFY_ALGOS } from '../lib/util/crypto.js'
+import { OAuthError } from './oauth-error.js'
+export type WWWAuthenticateParams = Record<string, string | undefined>
+export type WWWAuthenticate = Record<string, undefined | WWWAuthenticateParams>
+export class WWWAuthenticateError extends OAuthError {
+  public readonly wwwAuthenticate: WWWAuthenticate
+  constructor(
+    error: string,
+    error_description: string,
+    wwwAuthenticate: WWWAuthenticate,
+    cause?: unknown,
+  ) {
+    super(error, error_description, 401, cause)
+    this.wwwAuthenticate =
+      wwwAuthenticate['DPoP'] != null
+        ? {
+            ...wwwAuthenticate,
+            DPoP: { algs: VERIFY_ALGOS.join(' '), ...wwwAuthenticate['DPoP'] },
+          }
+        : wwwAuthenticate
+  }
+  get wwwAuthenticateHeader() {
+    return formatWWWAuthenticateHeader(this.wwwAuthenticate)
+  }
+}
+function formatWWWAuthenticateHeader(wwwAuthenticate: WWWAuthenticate): string {
+  return Object.entries(wwwAuthenticate)
+    .filter(isWWWAuthenticateEntry)
+    .map(wwwAuthenticateEntryToString)
+    .join(', ')
+}
+type WWWAuthenticateEntry = [type: string, params: WWWAuthenticateParams]
+function isWWWAuthenticateEntry(
+  entry: [string, unknown],
+): entry is WWWAuthenticateEntry {
+  const [, value] = entry
+  return value != null && typeof value === 'object'
+}
+function wwwAuthenticateEntryToString([type, params]: WWWAuthenticateEntry) {
+  const paramsEnc = Object.entries(params)
+    .filter(isParamEntry)
+    .map(paramEntryToString)
+  return paramsEnc.length ? `${type} ${paramsEnc.join(', ')}` : type
+}
+type ParamEntry = [name: string, value: string]
+function isParamEntry(entry: [string, unknown]): entry is ParamEntry {
+  const [, value] = entry
+  return typeof value === 'string' && value !== '' && !value.includes('"')
+}
+function paramEntryToString([name, value]: ParamEntry): string {
+  return `${name}="${value}"`
+}

package/src/index.ts ADDED Viewed

@@ -0,0 +1,15 @@
+// Avoid having to explicitly depend sub dependencies
+export * from '@atproto-labs/fetch'
+export * from '@atproto-labs/fetch-node'
+export * from '@atproto/jwk'
+export * from '@atproto/jwk-jose'
+export * from '@atproto/oauth-types'
+export * from './constants.js'
+export * from './oauth-client.js'
+export * from './oauth-dpop.js'
+export * from './oauth-errors.js'
+export * from './oauth-hooks.js'
+export * from './oauth-provider.js'
+export * from './oauth-store.js'
+export * from './oauth-verifier.js'

package/src/lib/html/README.md ADDED Viewed

@@ -0,0 +1,9 @@
+# Safe HTML generation and concatenation utility
+This library provides a safe way to generate and concatenate HTML strings.
+This code _could_ be used as a standalone library, but the Bluesky dev team does
+not want to maintain it as such. As it is currently only used by the
+`@atproto/oauth-provider` package, it is included here. Future development
+should aim to keep this library independent of the rest of the
+`@atproto/oauth-provider` package, so that it can be extracted and published.

package/src/lib/html/build-document.ts ADDED Viewed

@@ -0,0 +1,98 @@
+import { HtmlValue } from './escapers.js'
+import { Html } from './html.js'
+import { html } from './tags.js'
+export type AssetRef = {
+  url: string
+  sha256: string
+}
+export type Attrs = Record<string, boolean | string | undefined>
+export type LinkAttrs = { href: string } & Attrs
+export type MetaAttrs =
+  | { name: string; content: string }
+  | { 'http-equiv': string; content: string }
+const defaultViewport = html`<meta
+  name="viewport"
+  content="width=device-width, initial-scale=1.0"
+/>`
+export type BuildDocumentOptions = {
+  htmlAttrs?: Attrs
+  base?: URL
+  meta?: readonly MetaAttrs[]
+  links?: readonly LinkAttrs[]
+  head?: HtmlValue
+  title?: HtmlValue
+  scripts?: readonly (Html | AssetRef)[]
+  styles?: readonly (Html | AssetRef)[]
+  body: HtmlValue
+  bodyAttrs?: Attrs
+}
+export const buildDocument = ({
+  htmlAttrs,
+  head,
+  title,
+  body,
+  bodyAttrs,
+  base,
+  meta,
+  links,
+  scripts,
+  styles,
+}: BuildDocumentOptions) => html`<!doctype html>
+<html${attrsToHtml(htmlAttrs)}>
+  <head>
+    <meta charset="UTF-8" />
+    ${title && html`<title>${title}</title>`}
+    ${base && html`<base href="${base.href}" />`}
+    ${meta?.some(isViewportMeta) ? null : defaultViewport}
+    ${meta?.map(metaToHtml)}
+    ${links?.map(linkToHtml)}
+    ${head} ${styles?.map(styleToHtml)}
+  </head>
+  <body${attrsToHtml(bodyAttrs)}>
+    ${body} ${scripts?.map(scriptToHtml)}
+  </body>
+</html>`
+function isViewportMeta<T extends MetaAttrs>(
+  attrs: T,
+): attrs is T & { name: 'viewport' } {
+  return 'name' in attrs && attrs.name === 'viewport'
+}
+function* linkToHtml(attrs: LinkAttrs) {
+  yield html`<link${attrsToHtml(attrs)} />`
+}
+function* metaToHtml(attrs: MetaAttrs) {
+  yield html`<meta${attrsToHtml(attrs)} />`
+}
+function* attrsToHtml(attrs?: Attrs) {
+  if (attrs) {
+    for (const [name, value] of Object.entries(attrs)) {
+      if (value == null) continue
+      else if (value === false) continue
+      else if (value === true) yield html` ${name}`
+      else yield html` ${name}="${value}"`
+    }
+  }
+}
+function* scriptToHtml(script: Html | AssetRef) {
+  yield script instanceof Html
+    ? // prettier-ignore
+      html`<script>${script}</script>` // hash validity requires no space around the content
+    : html`<script type="module" src="${script.url}?${script.sha256}"></script>`
+}
+function* styleToHtml(style: Html | AssetRef) {
+  yield style instanceof Html
+    ? // prettier-ignore
+      html`<style>${style}</style>` // hash validity requires no space around the content
+    : html`<link rel="stylesheet" href="${style.url}?${style.sha256}" />`
+}

package/src/lib/html/escapers.ts ADDED Viewed

@@ -0,0 +1,66 @@
+import { Html } from './html.js'
+import { NestedIterable, stringReplacer } from './util.js'
+export function* javascriptEscaper(code: string) {
+  // "</script>" can only appear in javascript strings, so we can safely escape
+  // the "<" without breaking the javascript.
+  yield* stringReplacer(code, '</script>', '\\u003c/script>')
+}
+export function* jsonEscaper(value: unknown) {
+  // https://redux.js.org/usage/server-rendering#security-considerations
+  const json = JSON.stringify(value)
+  if (json === undefined) throw new TypeError('Cannot serialize to JSON')
+  // "<" can only appear in JSON strings, so we can safely escape it without
+  // breaking the JSON.
+  yield* stringReplacer(json, '<', '\\u003c')
+}
+export function* cssEscaper(css: string) {
+  yield* stringReplacer(css, '</style>', '\\u003c/style>')
+}
+export type HtmlVariable = Html | string | number | null | undefined
+export type HtmlValue = NestedIterable<HtmlVariable>
+export function* htmlEscaper(
+  htmlFragments: TemplateStringsArray,
+  values: readonly HtmlValue[],
+): Generator<string | Html, void, undefined> {
+  for (let i = 0; i < htmlFragments.length; i++) {
+    yield htmlFragments[i]!
+    const value = values[i]
+    if (value != null) yield* htmlVariableToFragments(value)
+  }
+}
+function* htmlVariableToFragments(
+  value: HtmlValue,
+): Generator<string | Html, void, undefined> {
+  if (value == null) {
+    return
+  } else if (typeof value === 'number') {
+    yield String(value)
+  } else if (typeof value === 'string') {
+    yield encode(value)
+  } else if (value instanceof Html) {
+    yield value
+  } else {
+    // Will throw if the value is not an iterable
+    for (const v of value) yield* htmlVariableToFragments(v)
+  }
+}
+const specialCharRegExp = /[<>"'&]/g
+const specialCharMap = new Map([
+  ['<', '&lt;'],
+  ['>', '&gt;'],
+  ['"', '&quot;'],
+  ["'", '&apos;'],
+  ['&', '&amp;'],
+])
+const specialCharMapGet = (c: string) => specialCharMap.get(c)!
+function encode(value: string): string {
+  return value.replace(specialCharRegExp, specialCharMapGet)
+}

package/src/lib/html/html.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import { isString } from './util'
+const symbol = Symbol('Html.dangerouslyCreate')
+/**
+ * This class represents trusted HTML that can be safely embedded in a web page,
+ * or used as fragments to build a larger HTML document.
+ */
+export class Html {
+  #fragments: Iterable<Html | string>
+  private constructor(fragments: Iterable<Html | string>, guard: symbol) {
+    if (guard !== symbol) {
+      // Force developers to use `Html.dangerouslyCreate` to create an Html
+      // instance, to make it clear that the content needs to be trusted.
+      throw new TypeError(
+        'Use Html.dangerouslyCreate() to create an Html instance',
+      )
+    }
+    this.#fragments = fragments
+  }
+  toString(): string {
+    // Lazily compute & join the fragments when they are used, to avoid
+    // unnecessary intermediate strings when concatenating multiple Html as
+    // fragments.
+    if (
+      !Array.isArray(this.#fragments) ||
+      this.#fragments.length > 1 ||
+      !this.#fragments.every(isString)
+    ) {
+      // Will call `toString` recursively, as well as generating iterator
+      // results.
+      const fragment = Array.from(this.#fragments, String).join('')
+      this.#fragments = [fragment] // Cache result for future calls
+      return fragment
+    }
+    return this.#fragments.join('')
+  }
+  [Symbol.toPrimitive](hint): string {
+    switch (hint) {
+      case 'string':
+      case 'default':
+        return this.toString()
+      default:
+        throw new TypeError(`Cannot convert Html to a ${hint}`)
+    }
+  }
+  *[Symbol.iterator](): IterableIterator<string> {
+    // Using toString() here to use the optimized path for string concatenation
+    yield this.toString()
+  }
+  static dangerouslyCreate(fragments: Iterable<Html | string>): Html {
+    return new Html(fragments, symbol)
+  }
+}

package/src/lib/html/index.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export * from './html.js'
+export * from './tags.js'
+// Extra util
+export * from './build-document.js'