@atproto/oauth-provider 0.13.0 → 0.13.2

package/dist/replay/replay-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"replay-manager.js","sourceRoot":"","sources":["../../src/replay/replay-manager.ts"],"names":[],"mappings":";;;AACA,kDAKwB;AAGxB,MAAM,cAAc,GAAG,GAAG,CAAA,CAAC,8BAA8B;AACzD,MAAM,WAAW,GAAG,CAAC,SAAiB,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,cAAc,CAAC,CAAA;AAEhF,MAAa,aAAa;IACO;IAA/B,YAA+B,WAAwB;QAAxB,gBAAW,GAAX,WAAW,CAAa;IAAG,CAAC;IAE3D,KAAK,CAAC,UAAU,CACd,GAAW,EACX,QAAkB,EAClB,GAAY;QAEZ,MAAM,SAAS,GACb,GAAG,IAAI,IAAI;YACT,CAAC,CAAC,WAAW,CAAC,uCAAwB,CAAC;YACvC,CAAC,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAC7B,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW,EAAE,QAAkB;QAC7C,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAC5B,OAAO,QAAQ,EAAE,EACjB,GAAG,EACH,WAAW,CAAC,0BAAW,CAAC,CACzB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAW,EAAE,QAAmB;QAC/C,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAC5B,QAAQ,CAAC,CAAC,CAAC,QAAQ,QAAQ,EAAE,CAAC,CAAC,CAAC,MAAM,EACtC,GAAG,EACH,WAAW,CAAC,iCAAkB,CAAC,CAChC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,SAAiB;QACzC,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAC5B,eAAe,EACf,SAAS,EACT,WAAW,CAAC,8CAA+B,CAAC,CAC7C,CAAA;IACH,CAAC;CACF;AAtCD,sCAsCC"}
+{"version":3,"file":"replay-manager.js","sourceRoot":"","sources":["../../src/replay/replay-manager.ts"],"names":[],"mappings":";;;AACA,kDAKwB;AAGxB,MAAM,cAAc,GAAG,GAAG,CAAA,CAAC,8BAA8B;AACzD,MAAM,WAAW,GAAG,CAAC,SAAiB,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,cAAc,CAAC,CAAA;AAEhF,MAAa,aAAa;IACO;IAA/B,YAA+B,WAAwB;QAAxB,gBAAW,GAAX,WAAW,CAAa;IAAG,CAAC;IAE3D,KAAK,CAAC,UAAU,CACd,GAAW,EACX,QAAkB,EAClB,GAAY;QAEZ,MAAM,SAAS,GACb,GAAG,IAAI,IAAI;YACT,CAAC,CAAC,WAAW,CAAC,uCAAwB,CAAC;YACvC,CAAC,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAC7B,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,QAAQ,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW,EAAE,QAAkB;QAC7C,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAC5B,OAAO,QAAQ,EAAE,EACjB,GAAG,EACH,WAAW,CAAC,0BAAW,CAAC,CACzB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAW,EAAE,QAAmB;QAC/C,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAC5B,QAAQ,CAAC,CAAC,CAAC,QAAQ,QAAQ,EAAE,CAAC,CAAC,CAAC,MAAM,EACtC,GAAG,EACH,WAAW,CAAC,iCAAkB,CAAC,CAChC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,SAAiB;QACzC,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAC5B,eAAe,EACf,SAAS,EACT,WAAW,CAAC,8CAA+B,CAAC,CAC7C,CAAA;IACH,CAAC;CACF;AAtCD,sCAsCC","sourcesContent":["import { ClientId } from '../client/client-id.js'\nimport {\n  CLIENT_ASSERTION_MAX_AGE,\n  CODE_CHALLENGE_REPLAY_TIMEFRAME,\n  DPOP_NONCE_MAX_AGE,\n  JAR_MAX_AGE,\n} from '../constants.js'\nimport { ReplayStore } from './replay-store.js'\n\nconst SECURITY_RATIO = 1.1 // 10% extra time for security\nconst asTimeFrame = (timeFrame: number) => Math.ceil(timeFrame * SECURITY_RATIO)\n\nexport class ReplayManager {\n  constructor(protected readonly replayStore: ReplayStore) {}\n\n  async uniqueAuth(\n    jti: string,\n    clientId: ClientId,\n    exp?: number,\n  ): Promise<boolean> {\n    const timeFrame =\n      exp == null\n        ? asTimeFrame(CLIENT_ASSERTION_MAX_AGE)\n        : exp * 1000 - Date.now()\n    return this.replayStore.unique(`Auth@${clientId}`, jti, timeFrame)\n  }\n\n  async uniqueJar(jti: string, clientId: ClientId): Promise<boolean> {\n    return this.replayStore.unique(\n      `JAR@${clientId}`,\n      jti,\n      asTimeFrame(JAR_MAX_AGE),\n    )\n  }\n\n  async uniqueDpop(jti: string, clientId?: ClientId): Promise<boolean> {\n    return this.replayStore.unique(\n      clientId ? `DPoP@${clientId}` : `DPoP`,\n      jti,\n      asTimeFrame(DPOP_NONCE_MAX_AGE),\n    )\n  }\n\n  async uniqueCodeChallenge(challenge: string): Promise<boolean> {\n    return this.replayStore.unique(\n      'CodeChallenge',\n      challenge,\n      asTimeFrame(CODE_CHALLENGE_REPLAY_TIMEFRAME),\n    )\n  }\n}\n"]}

package/dist/replay/replay-store-memory.js.map

@@ -1 +1 @@
-{"version":3,"file":"replay-store-memory.js","sourceRoot":"","sources":["../../src/replay/replay-store-memory.ts"],"names":[],"mappings":";;;AAEA,MAAa,iBAAiB;IACpB,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACxB,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAA;IAE1C;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,KAAa,EACb,SAAiB;QAEjB,IAAI,CAAC,OAAO,EAAE,CAAA;QACd,MAAM,GAAG,GAAG,GAAG,SAAS,IAAI,KAAK,EAAE,CAAA;QAEnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,CAAA;QAErC,OAAO,GAAG,IAAI,IAAI,IAAI,GAAG,GAAG,GAAG,CAAA;IACjC,CAAC;IAEO,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,IAAI,IAAI,CAAC,WAAW,GAAG,GAAG,GAAG,MAAM,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACzC,IAAI,OAAO,GAAG,GAAG;oBAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC5C,CAAC;YACD,IAAI,CAAC,WAAW,GAAG,GAAG,CAAA;QACxB,CAAC;IACH,CAAC;CACF;AAjCD,8CAiCC"}
+{"version":3,"file":"replay-store-memory.js","sourceRoot":"","sources":["../../src/replay/replay-store-memory.ts"],"names":[],"mappings":";;;AAEA,MAAa,iBAAiB;IACpB,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACxB,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAA;IAE1C;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,KAAa,EACb,SAAiB;QAEjB,IAAI,CAAC,OAAO,EAAE,CAAA;QACd,MAAM,GAAG,GAAG,GAAG,SAAS,IAAI,KAAK,EAAE,CAAA;QAEnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAChC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,CAAA;QAErC,OAAO,GAAG,IAAI,IAAI,IAAI,GAAG,GAAG,GAAG,CAAA;IACjC,CAAC;IAEO,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEtB,IAAI,IAAI,CAAC,WAAW,GAAG,GAAG,GAAG,MAAM,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACzC,IAAI,OAAO,GAAG,GAAG;oBAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAC5C,CAAC;YACD,IAAI,CAAC,WAAW,GAAG,GAAG,CAAA;QACxB,CAAC;IACH,CAAC;CACF;AAjCD,8CAiCC","sourcesContent":["import type { ReplayStore } from './replay-store.js'\n\nexport class ReplayStoreMemory implements ReplayStore {\n  private lastCleanup = Date.now()\n  private nonces = new Map<string, number>()\n\n  /**\n   * Returns true if the nonce is unique within the given time frame.\n   */\n  async unique(\n    namespace: string,\n    nonce: string,\n    timeFrame: number,\n  ): Promise<boolean> {\n    this.cleanup()\n    const key = `${namespace}:${nonce}`\n\n    const now = Date.now()\n\n    const exp = this.nonces.get(key)\n    this.nonces.set(key, now + timeFrame)\n\n    return exp == null || exp < now\n  }\n\n  private cleanup() {\n    const now = Date.now()\n\n    if (this.lastCleanup < now - 60_000) {\n      for (const [key, expires] of this.nonces) {\n        if (expires < now) this.nonces.delete(key)\n      }\n      this.lastCleanup = now\n    }\n  }\n}\n"]}

package/dist/replay/replay-store-redis.js.map

@@ -1 +1 @@
-{"version":3,"file":"replay-store-redis.js","sourceRoot":"","sources":["../../src/replay/replay-store-redis.ts"],"names":[],"mappings":";;;AACA,8CAAiE;AASjE,MAAa,gBAAgB;IACV,KAAK,CAAO;IAE7B,YAAY,OAAgC;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAA,sBAAW,EAAC,OAAO,CAAC,KAAK,CAAC,CAAA;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,KAAa,EACb,SAAiB;QAEjB,MAAM,GAAG,GAAG,UAAU,SAAS,IAAI,KAAK,EAAE,CAAA;QAC1C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAA;QACnE,OAAO,IAAI,IAAI,IAAI,CAAA;IACrB,CAAC;CACF;AAnBD,4CAmBC"}
+{"version":3,"file":"replay-store-redis.js","sourceRoot":"","sources":["../../src/replay/replay-store-redis.ts"],"names":[],"mappings":";;;AACA,8CAAiE;AASjE,MAAa,gBAAgB;IACV,KAAK,CAAO;IAE7B,YAAY,OAAgC;QAC1C,IAAI,CAAC,KAAK,GAAG,IAAA,sBAAW,EAAC,OAAO,CAAC,KAAK,CAAC,CAAA;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,KAAa,EACb,SAAiB;QAEjB,MAAM,GAAG,GAAG,UAAU,SAAS,IAAI,KAAK,EAAE,CAAA;QAC1C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAA;QACnE,OAAO,IAAI,IAAI,IAAI,CAAA;IACrB,CAAC;CACF;AAnBD,4CAmBC","sourcesContent":["import type { Redis } from 'ioredis'\nimport { CreateRedisOptions, createRedis } from '../lib/redis.js'\nimport type { ReplayStore } from './replay-store.js'\n\nexport type { CreateRedisOptions, Redis }\n\nexport type ReplayStoreRedisOptions = {\n  redis: CreateRedisOptions\n}\n\nexport class ReplayStoreRedis implements ReplayStore {\n  private readonly redis: Redis\n\n  constructor(options: ReplayStoreRedisOptions) {\n    this.redis = createRedis(options.redis)\n  }\n\n  /**\n   * Returns true if the nonce is unique within the given time frame.\n   */\n  async unique(\n    namespace: string,\n    nonce: string,\n    timeFrame: number,\n  ): Promise<boolean> {\n    const key = `nonces:${namespace}:${nonce}`\n    const prev = await this.redis.set(key, '1', 'PX', timeFrame, 'GET')\n    return prev == null\n  }\n}\n"]}

package/dist/replay/replay-store.js.map

@@ -1 +1 @@
-{"version":3,"file":"replay-store.js","sourceRoot":"","sources":["../../src/replay/replay-store.ts"],"names":[],"mappings":";;AAoBA,sCAIC;AAED,sCAQC;AAED,sCAOC;AAvBD,SAAgB,aAAa,CAC3B,cAA8D;IAE9D,OAAO,OAAO,cAAc,CAAC,MAAM,KAAK,UAAU,CAAA;AACpD,CAAC;AAED,SAAgB,aAAa,CAC3B,cAA+D;IAE/D,IAAI,cAAc,IAAI,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC;QACpD,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAgB,aAAa,CAC3B,cAA+D;IAE/D,MAAM,KAAK,GAAG,aAAa,CAAC,cAAc,CAAC,CAAA;IAC3C,IAAI,KAAK;QAAE,OAAO,KAAK,CAAA;IAEvB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;AACvD,CAAC"}
+{"version":3,"file":"replay-store.js","sourceRoot":"","sources":["../../src/replay/replay-store.ts"],"names":[],"mappings":";;AAoBA,sCAIC;AAED,sCAQC;AAED,sCAOC;AAvBD,SAAgB,aAAa,CAC3B,cAA8D;IAE9D,OAAO,OAAO,cAAc,CAAC,MAAM,KAAK,UAAU,CAAA;AACpD,CAAC;AAED,SAAgB,aAAa,CAC3B,cAA+D;IAE/D,IAAI,cAAc,IAAI,aAAa,CAAC,cAAc,CAAC,EAAE,CAAC;QACpD,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAgB,aAAa,CAC3B,cAA+D;IAE/D,MAAM,KAAK,GAAG,aAAa,CAAC,cAAc,CAAC,CAAA;IAC3C,IAAI,KAAK;QAAE,OAAO,KAAK,CAAA;IAEvB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;AACvD,CAAC","sourcesContent":["import { Awaitable } from '../lib/util/type.js'\n\n// Export all types needed to implement the ReplayStore interface\nexport type { Awaitable }\n\nexport interface ReplayStore {\n  /**\n   * Returns true if the nonce is unique within the given time frame. While not\n   * strictly necessary for security purposes, the namespace should be used to\n   * mitigate denial of service attacks from one client to the other.\n   *\n   * @param timeFrame expressed in milliseconds.\n   */\n  unique(\n    namespace: string,\n    nonce: string,\n    timeFrame: number,\n  ): Awaitable<boolean>\n}\n\nexport function isReplayStore(\n  implementation: Record<string, unknown> & Partial<ReplayStore>,\n): implementation is Record<string, unknown> & ReplayStore {\n  return typeof implementation.unique === 'function'\n}\n\nexport function ifReplayStore(\n  implementation?: Record<string, unknown> & Partial<ReplayStore>,\n): ReplayStore | undefined {\n  if (implementation && isReplayStore(implementation)) {\n    return implementation\n  }\n\n  return undefined\n}\n\nexport function asReplayStore(\n  implementation?: Record<string, unknown> & Partial<ReplayStore>,\n): ReplayStore {\n  const store = ifReplayStore(implementation)\n  if (store) return store\n\n  throw new Error('Invalid ReplayStore implementation')\n}\n"]}

package/dist/request/code.js.map

@@ -1 +1 @@
-{"version":3,"file":"code.js","sourceRoot":"","sources":["../../src/request/code.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,kDAAgE;AAChE,qDAAmD;AAEtC,QAAA,WAAW,GAAG,0BAAW,CAAC,MAAM,GAAG,gCAAiB,GAAG,CAAC,CAAA,CAAC,eAAe;AAExE,QAAA,UAAU,GAAG,OAAC;KACxB,MAAM,EAAE;KACR,MAAM,CAAC,mBAAW,CAAC,CAAC,eAAe;KACnC,MAAM,CACL,CAAC,CAAC,EAAyC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,0BAAW,CAAC,EACvE;IACE,OAAO,EAAE,qBAAqB;CAC/B,CACF,CAAA;AAEI,MAAM,MAAM,GAAG,CAAC,IAAa,EAAgB,EAAE,CACpD,kBAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,CAAA;AADvB,QAAA,MAAM,UACiB;AAG7B,MAAM,YAAY,GAAG,KAAK,IAAmB,EAAE;IACpD,OAAO,GAAG,0BAAW,GAAG,MAAM,IAAA,uBAAW,EAAC,gCAAiB,CAAC,EAAE,CAAA;AAChE,CAAC,CAAA;AAFY,QAAA,YAAY,gBAExB"}
+{"version":3,"file":"code.js","sourceRoot":"","sources":["../../src/request/code.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,kDAAgE;AAChE,qDAAmD;AAEtC,QAAA,WAAW,GAAG,0BAAW,CAAC,MAAM,GAAG,gCAAiB,GAAG,CAAC,CAAA,CAAC,eAAe;AAExE,QAAA,UAAU,GAAG,OAAC;KACxB,MAAM,EAAE;KACR,MAAM,CAAC,mBAAW,CAAC,CAAC,eAAe;KACnC,MAAM,CACL,CAAC,CAAC,EAAyC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,0BAAW,CAAC,EACvE;IACE,OAAO,EAAE,qBAAqB;CAC/B,CACF,CAAA;AAEI,MAAM,MAAM,GAAG,CAAC,IAAa,EAAgB,EAAE,CACpD,kBAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,CAAA;AADvB,QAAA,MAAM,UACiB;AAG7B,MAAM,YAAY,GAAG,KAAK,IAAmB,EAAE;IACpD,OAAO,GAAG,0BAAW,GAAG,MAAM,IAAA,uBAAW,EAAC,gCAAiB,CAAC,EAAE,CAAA;AAChE,CAAC,CAAA;AAFY,QAAA,YAAY,gBAExB","sourcesContent":["import { z } from 'zod'\nimport { CODE_BYTES_LENGTH, CODE_PREFIX } from '../constants.js'\nimport { randomHexId } from '../lib/util/crypto.js'\n\nexport const CODE_LENGTH = CODE_PREFIX.length + CODE_BYTES_LENGTH * 2 // hex encoding\n\nexport const codeSchema = z\n  .string()\n  .length(CODE_LENGTH) // hex encoding\n  .refine(\n    (v): v is `${typeof CODE_PREFIX}${string}` => v.startsWith(CODE_PREFIX),\n    {\n      message: `Invalid code format`,\n    },\n  )\n\nexport const isCode = (data: unknown): data is Code =>\n  codeSchema.safeParse(data).success\n\nexport type Code = z.infer<typeof codeSchema>\nexport const generateCode = async (): Promise<Code> => {\n  return `${CODE_PREFIX}${await randomHexId(CODE_BYTES_LENGTH)}`\n}\n"]}

package/dist/request/request-data.js.map

@@ -1 +1 @@
-{"version":3,"file":"request-data.js","sourceRoot":"","sources":["../../src/request/request-data.ts"],"names":[],"mappings":";;;AAiCO,MAAM,uBAAuB,GAAG,CACrC,IAAiB,EACc,EAAE,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAA;AAFlE,QAAA,uBAAuB,2BAE2C"}
+{"version":3,"file":"request-data.js","sourceRoot":"","sources":["../../src/request/request-data.ts"],"names":[],"mappings":";;;AAiCO,MAAM,uBAAuB,GAAG,CACrC,IAAiB,EACc,EAAE,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAA;AAFlE,QAAA,uBAAuB,2BAE2C","sourcesContent":["import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'\nimport { ClientAuth, ClientAuthLegacy } from '../client/client-auth.js'\nimport { ClientId } from '../client/client-id.js'\nimport { DeviceId } from '../device/device-id.js'\nimport { NonNullableKeys } from '../lib/util/type.js'\nimport { Sub } from '../oidc/sub.js'\nimport { Code } from './code.js'\n\nexport type {\n  ClientAuth,\n  ClientAuthLegacy,\n  ClientId,\n  Code,\n  DeviceId,\n  OAuthAuthorizationRequestParameters,\n  Sub,\n}\n\nexport type RequestData = {\n  clientId: ClientId\n  clientAuth: null | ClientAuth | ClientAuthLegacy\n  parameters: Readonly<OAuthAuthorizationRequestParameters>\n  expiresAt: Date\n  deviceId: DeviceId | null\n  sub: Sub | null\n  code: Code | null\n}\n\nexport type RequestDataAuthorized = NonNullableKeys<\n  RequestData,\n  'sub' | 'deviceId'\n>\n\nexport const isRequestDataAuthorized = (\n  data: RequestData,\n): data is RequestDataAuthorized => data.sub !== null && data.deviceId !== null\n"]}

package/dist/request/request-id.js.map

@@ -1 +1 @@
-{"version":3,"file":"request-id.js","sourceRoot":"","sources":["../../src/request/request-id.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,kDAA4E;AAC5E,qDAAmD;AAEtC,QAAA,iBAAiB,GAC5B,gCAAiB,CAAC,MAAM,GAAG,sCAAuB,GAAG,CAAC,CAAA,CAAC,eAAe;AAE3D,QAAA,eAAe,GAAG,OAAC;KAC7B,MAAM,EAAE;KACR,MAAM,CAAC,yBAAiB,CAAC;KACzB,MAAM,CACL,CAAC,CAAC,EAA+C,EAAE,CACjD,CAAC,CAAC,UAAU,CAAC,gCAAiB,CAAC,EACjC;IACE,OAAO,EAAE,2BAA2B;CACrC,CACF,CAAA;AAGI,MAAM,iBAAiB,GAAG,KAAK,IAAwB,EAAE;IAC9D,OAAO,GAAG,gCAAiB,GAAG,MAAM,IAAA,uBAAW,EAAC,sCAAuB,CAAC,EAAE,CAAA;AAC5E,CAAC,CAAA;AAFY,QAAA,iBAAiB,qBAE7B"}
+{"version":3,"file":"request-id.js","sourceRoot":"","sources":["../../src/request/request-id.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,kDAA4E;AAC5E,qDAAmD;AAEtC,QAAA,iBAAiB,GAC5B,gCAAiB,CAAC,MAAM,GAAG,sCAAuB,GAAG,CAAC,CAAA,CAAC,eAAe;AAE3D,QAAA,eAAe,GAAG,OAAC;KAC7B,MAAM,EAAE;KACR,MAAM,CAAC,yBAAiB,CAAC;KACzB,MAAM,CACL,CAAC,CAAC,EAA+C,EAAE,CACjD,CAAC,CAAC,UAAU,CAAC,gCAAiB,CAAC,EACjC;IACE,OAAO,EAAE,2BAA2B;CACrC,CACF,CAAA;AAGI,MAAM,iBAAiB,GAAG,KAAK,IAAwB,EAAE;IAC9D,OAAO,GAAG,gCAAiB,GAAG,MAAM,IAAA,uBAAW,EAAC,sCAAuB,CAAC,EAAE,CAAA;AAC5E,CAAC,CAAA;AAFY,QAAA,iBAAiB,qBAE7B","sourcesContent":["import { z } from 'zod'\nimport { REQUEST_ID_BYTES_LENGTH, REQUEST_ID_PREFIX } from '../constants.js'\nimport { randomHexId } from '../lib/util/crypto.js'\n\nexport const REQUEST_ID_LENGTH =\n  REQUEST_ID_PREFIX.length + REQUEST_ID_BYTES_LENGTH * 2 // hex encoding\n\nexport const requestIdSchema = z\n  .string()\n  .length(REQUEST_ID_LENGTH)\n  .refine(\n    (v): v is `${typeof REQUEST_ID_PREFIX}${string}` =>\n      v.startsWith(REQUEST_ID_PREFIX),\n    {\n      message: `Invalid request ID format`,\n    },\n  )\n\nexport type RequestId = z.infer<typeof requestIdSchema>\nexport const generateRequestId = async (): Promise<RequestId> => {\n  return `${REQUEST_ID_PREFIX}${await randomHexId(REQUEST_ID_BYTES_LENGTH)}`\n}\n"]}

package/dist/request/request-manager.d.ts

@@ -27,8 +27,16 @@ export declare class RequestManager {
         parameters: Readonly<{
             client_id: string;
             response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
-            redirect_uri?: `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}` | undefined;
             scope?: string | undefined;
+            redirect_uri?: `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}` | undefined;
+            authorization_details?: {
+                type: string;
+                locations?: `${string}:${string}`[] | undefined;
+                actions?: string[] | undefined;
+                datatypes?: string[] | undefined;
+                identifier?: string | undefined;
+                privileges?: string[] | undefined;
+            }[] | undefined;
             nonce?: string | undefined;
             state?: string | undefined;
             code_challenge?: string | undefined;
@@ -46,14 +54,6 @@ export declare class RequestManager {
             id_token_hint?: `${string}.${string}.${string}` | undefined;
             display?: "page" | "popup" | "touch" | "wap" | undefined;
             prompt?: "none" | "login" | "consent" | "select_account" | undefined;
-            authorization_details?: {
-                type: string;
-                locations?: `${string}:${string}`[] | undefined;
-                actions?: string[] | undefined;
-                datatypes?: string[] | undefined;
-                identifier?: string | undefined;
-                privileges?: string[] | undefined;
-            }[] | undefined;
         }>;
     }>;
     protected validate(client: Client, clientAuth: null | ClientAuth, parameters: Readonly<OAuthAuthorizationRequestParameters>): Promise<Readonly<OAuthAuthorizationRequestParameters>>;
@@ -63,8 +63,16 @@ export declare class RequestManager {
         parameters: Readonly<{
             client_id: string;
             response_type: "code" | "none" | "token" | "code id_token token" | "code id_token" | "code token" | "id_token token" | "id_token";
-            redirect_uri?: `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}` | undefined;
             scope?: string | undefined;
+            redirect_uri?: `http://[::1]${string}` | "http://127.0.0.1" | `http://127.0.0.1#${string}` | `http://127.0.0.1?${string}` | `http://127.0.0.1/${string}` | `http://127.0.0.1:${string}` | `https://${string}` | `${string}.${string}:/${string}` | undefined;
+            authorization_details?: {
+                type: string;
+                locations?: `${string}:${string}`[] | undefined;
+                actions?: string[] | undefined;
+                datatypes?: string[] | undefined;
+                identifier?: string | undefined;
+                privileges?: string[] | undefined;
+            }[] | undefined;
             nonce?: string | undefined;
             state?: string | undefined;
             code_challenge?: string | undefined;
@@ -82,14 +90,6 @@ export declare class RequestManager {
             id_token_hint?: `${string}.${string}.${string}` | undefined;
             display?: "page" | "popup" | "touch" | "wap" | undefined;
             prompt?: "none" | "login" | "consent" | "select_account" | undefined;
-            authorization_details?: {
-                type: string;
-                locations?: `${string}:${string}`[] | undefined;
-                actions?: string[] | undefined;
-                datatypes?: string[] | undefined;
-                identifier?: string | undefined;
-                privileges?: string[] | undefined;
-            }[] | undefined;
         }>;
         clientId: string;
     }>;

package/dist/request/request-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"request-manager.d.ts","sourceRoot":"","sources":["../../src/request/request-manager.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AAE1D,OAAO,EACL,mCAAmC,EACnC,gCAAgC,EACjC,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAO5C,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AAQjD,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAA;AAC9D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,IAAI,EAAgB,MAAM,WAAW,CAAA;AAC9C,OAAO,EACL,qBAAqB,EAEtB,MAAM,mBAAmB,CAAA;AAE1B,OAAO,EAAE,YAAY,EAAqB,MAAM,oBAAoB,CAAA;AACpE,OAAO,EACL,UAAU,EAGX,MAAM,kBAAkB,CAAA;AAEzB,qBAAa,cAAc;IAEvB,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,YAAY;IACtC,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,cAAc;IACjD,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACjC,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,gCAAgC;IAC7D,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,WAAW;gBALX,KAAK,EAAE,YAAY,EACnB,cAAc,EAAE,cAAc,EAC9B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,gCAAgC,EAC1C,KAAK,EAAE,UAAU,EACjB,WAAW,SAAgB;IAGhD,SAAS,CAAC,iBAAiB;IAIrB,0BAA0B,CAC9B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,IAAI,GAAG,UAAU,EAC7B,KAAK,EAAE,QAAQ,CAAC,mCAAmC,CAAC,EACpD,QAAQ,EAAE,IAAI,GAAG,QAAQ;;;;;;;;;;;;;;;;qBAiIa,CAAC;sBAEnC,CAAP;yBAGO,CAAH;;;;;;;;;yBAYO,CAAC;uBAAuD,CAAA;yBAIzD,CAAC;0BAA0C,CAAC;0BAChD,CAAC;;;;cA5HU,QAAQ,CACtB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,IAAI,GAAG,UAAU,EAC7B,UAAU,EAAE,QAAQ,CAAC,mCAAmC,CAAC,GACxD,OAAO,CAAC,QAAQ,CAAC,mCAAmC,CAAC,CAAC;IA+NnD,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,EAAE,QAAQ;;;;;;;;;;;;;;;;qBA7HjC,CAAC;sBAEnC,CAAP;yBAGO,CAAH;;;;;;;;;yBAYO,CAAC;uBAAuD,CAAA;yBAIzD,CAAC;0BAA0C,CAAC;0BAChD,CAAC;;;;;IAiKA,aAAa,CACjB,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,QAAQ,EAClB,cAAc,EAAE,eAAe,EAC/B,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC;IAiFhB;;;OAGG;IACU,WAAW,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,qBAAqB,CAAC;IA2B9D,MAAM,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;CAIpD"}
+{"version":3,"file":"request-manager.d.ts","sourceRoot":"","sources":["../../src/request/request-manager.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AAE1D,OAAO,EACL,mCAAmC,EACnC,gCAAgC,EACjC,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AACrD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAO5C,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AAQjD,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAA;AAC9D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,IAAI,EAAgB,MAAM,WAAW,CAAA;AAC9C,OAAO,EACL,qBAAqB,EAEtB,MAAM,mBAAmB,CAAA;AAE1B,OAAO,EAAE,YAAY,EAAqB,MAAM,oBAAoB,CAAA;AACpE,OAAO,EACL,UAAU,EAGX,MAAM,kBAAkB,CAAA;AAEzB,qBAAa,cAAc;IAEvB,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,YAAY;IACtC,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,cAAc;IACjD,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACjC,SAAS,CAAC,QAAQ,CAAC,QAAQ,EAAE,gCAAgC;IAC7D,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,WAAW;gBALX,KAAK,EAAE,YAAY,EACnB,cAAc,EAAE,cAAc,EAC9B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,gCAAgC,EAC1C,KAAK,EAAE,UAAU,EACjB,WAAW,SAAgB;IAGhD,SAAS,CAAC,iBAAiB;IAIrB,0BAA0B,CAC9B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,IAAI,GAAG,UAAU,EAC7B,KAAK,EAAE,QAAQ,CAAC,mCAAmC,CAAC,EACpD,QAAQ,EAAE,IAAI,GAAG,QAAQ;;;;;;;;;;yBAqHqC,CAAA;uBACzB,CAAC;yBACrC,CAAC;0BAA2C,CAAA;0BACvC,CAAC;;;;;;;;;;qBAqBA,CAAC;sBAGJ,CADC;yBACD,CAAP;;;;;;;;;cArHiB,QAAQ,CACtB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,IAAI,GAAG,UAAU,EAC7B,UAAU,EAAE,QAAQ,CAAC,mCAAmC,CAAC,GACxD,OAAO,CAAC,QAAQ,CAAC,mCAAmC,CAAC,CAAC;IA+NnD,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,EAAE,QAAQ;;;;;;;;;;yBAzIT,CAAA;uBACzB,CAAC;yBACrC,CAAC;0BAA2C,CAAA;0BACvC,CAAC;;;;;;;;;;qBAqBA,CAAC;sBAGJ,CADC;yBACD,CAAP;;;;;;;;;;IAwKO,aAAa,CACjB,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,QAAQ,EAClB,cAAc,EAAE,eAAe,EAC/B,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC;IAiFhB;;;OAGG;IACU,WAAW,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,qBAAqB,CAAC;IA2B9D,MAAM,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;CAIpD"}

package/dist/request/request-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"request-manager.js","sourceRoot":"","sources":["../../src/request/request-manager.ts"],"names":[],"mappings":";;;AAAA,sCAA2C;AAC3C,gEAAkE;AAElE,wDAA2D;AAK3D,4CAA+C;AAI/C,kDAKwB;AAExB,6EAAoE;AACpE,6EAAqE;AACrE,mFAA0E;AAC1E,6GAAmG;AACnG,6EAAoE;AACpE,iFAAwE;AACxE,6EAAoE;AAKpE,uCAA8C;AAC9C,uDAG0B;AAC1B,mDAAmD;AAEnD,qDAIyB;AAEzB,MAAa,cAAc;IAEJ;IACA;IACA;IACA;IACA;IACA;IANrB,YACqB,KAAmB,EACnB,cAA8B,EAC9B,MAAc,EACd,QAA0C,EAC1C,KAAiB,EACjB,cAAc,4BAAa;QAL3B,UAAK,GAAL,KAAK,CAAc;QACnB,mBAAc,GAAd,cAAc,CAAgB;QAC9B,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAkC;QAC1C,UAAK,GAAL,KAAK,CAAY;QACjB,gBAAW,GAAX,WAAW,CAAgB;IAC7C,CAAC;IAEM,iBAAiB;QACzB,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,MAAc,EACd,UAA6B,EAC7B,KAAoD,EACpD,QAAyB;QAEzB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,CAAC,CAAA;QAEjE,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,IAAI,CAAC,IAAI,EAAE;YAClD,MAAM;YACN,UAAU;YACV,UAAU;SACX,CAAC,CAAA;QAEF,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,6BAAc,CAAC,CAAA;QACvD,MAAM,SAAS,GAAG,MAAM,IAAA,iCAAiB,GAAE,CAAA;QAE3C,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE;YACxC,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,UAAU;YACV,UAAU;YACV,SAAS;YACT,QAAQ;YACR,GAAG,EAAE,IAAI;YACT,IAAI,EAAE,IAAI;SACX,CAAC,CAAA;QAEF,MAAM,UAAU,GAAG,IAAA,iCAAgB,EAAC,SAAS,CAAC,CAAA;QAC9C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAC9C,CAAC;IAES,KAAK,CAAC,QAAQ,CACtB,MAAc,EACd,UAA6B,EAC7B,UAAyD;QAEzD,kCAAkC;QAClC,kCAAkC;QAClC,kCAAkC;QAElC,KAAK,MAAM,CAAC,IAAI;YACd,oCAAoC;YACpC,QAAQ;YACR,eAAe;YACf,OAAO,EAAE,gDAAgD;SACjD,EAAE,CAAC;YACX,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;gBAChC,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,CAAA;YAC1E,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,0BAA0B;QAC1B,0BAA0B;QAE1B,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,QAAQ,CAC/C,UAAU,CAAC,aAAa,CACzB,EACD,CAAC;YACD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,8BAA8B,UAAU,CAAC,aAAa,GAAG,EACzD,2BAA2B,CAC5B,CAAA;QACH,CAAC;QAED,IACE,UAAU,CAAC,aAAa,KAAK,MAAM;YACnC,CAAC,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EACpE,CAAC;YACD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,6CAA6C,EAC7C,iBAAiB,CAClB,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;YACrC,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACtD,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,QAAQ,CAC5D,MAAM,CAAC,IAAI,CACZ,EACD,CAAC;oBACD,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,6CAA6C,MAAM,CAAC,IAAI,GAAG,CAC5D,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,0BAA0B;QAC1B,0BAA0B;QAE1B,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;QAE/C,sBAAsB;QACtB,sBAAsB;QACtB,sBAAsB;QAEtB,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;YAC7B,yEAAyE;YACzE,0BAA0B;YAC1B,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,wBAAwB,CAAC,CAAA;QACpE,CAAC;QAED,+EAA+E;QAC/E,qEAAqE;QACrE,yEAAyE;QACzE,2EAA2E;QAC3E,sEAAsE;QACtE,2EAA2E;QAC3E,sEAAsE;QAEtE,uEAAuE;QACvE,SAAS;QACT,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;QAEpD,0EAA0E;QAC1E,yEAAyE;QACzE,0EAA0E;QAC1E,sDAAsD;QACtD,MAAM,KAAK,GACT,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,kCAAmB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,SAAS,CAAA;QACvE,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,KAAK,EAAE,CAAA;QAErC,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;YAC9B,QAAQ,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACzC,KAAK,SAAS;oBACZ,4DAA4D;oBAC5D,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,qBAAqB,EAAE,OAAO,EAAE,CAAA;gBAChE,gBAAgB;gBAChB,KAAK,OAAO,CAAC;gBACb,KAAK,MAAM;oBACT,MAAK;gBACP,OAAO,CAAC,CAAC,CAAC;oBACR,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,sCAAsC,UAAU,CAAC,qBAAqB,GAAG,CAC1E,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACrC,8DAA8D;gBAC9D,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,mEAAmE,CACpE,CAAA;YACH,CAAC;YAED,iFAAiF;YACjF,EAAE;YACF,oEAAoE;YACpE,qEAAqE;YACrE,4DAA4D;YAC5D,sEAAsE;YACtE,aAAa;YACb,EAAE;YACF,wEAAwE;YACxE,qEAAqE;YACrE,4DAA4D;YAC5D,EAAE;YACF,uEAAuE;YACvE,2CAA2C;YAE3C,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,yBAAyB,CAAC,CAAA;QACrE,CAAC;QAED,oBAAoB;QACpB,oBAAoB;QACpB,oBAAoB;QAEpB,IAAI,UAAU,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACxC,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,0CAAiB,CAAC,UAAU,EAAE,iCAAiC,CAAC,CAAA;QAC5E,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,+CAA+C,CAChD,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;YAChD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,sDAAsD,CACvD,CAAA;QACH,CAAC;QAED,0EAA0E;QAC1E,wEAAwE;QACxE,sEAAsE;QACtE,SAAS;QACT,IACE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;YACtB,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;YACzB,MAAM,CAAC,QAAQ,CAAC,0BAA0B,KAAK,MAAM,EACrD,CAAC;YACD,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBACjC,MAAM,IAAI,gDAAoB,CAC5B,UAAU,EACV,sDAAsD,CACvD,CAAA;YACH,CAAC;YAED,2DAA2D;YAC3D,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;QACnD,CAAC;QAED,yEAAyE;QACzE,qEAAqE;QACrE,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,EAAE,WAAW,EAAE,CAAA;QACjD,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,IAAA,kBAAY,EAAC,IAAI,CAAC,IAAI,CAAC,IAAA,sBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,uBAAuB,IAAI,GAAG,CAAC,CAAA;YAC1E,CAAC;YAED,0EAA0E;YAC1E,yEAAyE;YAEzE,yDAAyD;YACzD,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,CAAA;QAClD,CAAC;QAED,4EAA4E;QAC5E,UAAU;QACV,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;YACxE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,wBAAwB;gBACxB,IAAI,GAAG,YAAY,yCAAsB,EAAE,CAAC;oBAC1C,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,GAAG,CAAC,OAAO,EACX,eAAe,EACf,GAAG,CACJ,CAAA;gBACH,CAAC;gBAED,mBAAmB;gBACnB,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAsB,EAAE,QAAkB,EAAE,QAAmB;QACvE,MAAM,SAAS,GAAG,IAAA,iCAAgB,EAAC,UAAU,CAAC,CAAA;QAE9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;QACpD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,8CAAmB,CAAC,qBAAqB,CAAC,CAAA;QAE/D,MAAM,OAAO,GAAsB,EAAE,CAAA;QAErC,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1B,wEAAwE;gBACxE,wBAAwB;gBACxB,MAAM,IAAI,0CAAiB,CACzB,IAAI,CAAC,UAAU,EACf,qCAAqC,CACtC,CAAA;YACH,CAAC;YAED,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAChC,MAAM,IAAI,0CAAiB,CAAC,IAAI,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YAC1E,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,SAAS,GAAG,IAAI,IAAI,CAC1B,IAAI,CAAC,GAAG,EAAE,GAAG,+CAAgC,CAC9C,CAAA;YACH,CAAC;YAED,IAAI,QAAQ,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACnD,MAAM,IAAI,0CAAiB,CACzB,IAAI,CAAC,UAAU,EACf,+CAA+C,CAChD,CAAA;YACH,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAA;YAC7B,CAAC;iBAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACtC,MAAM,IAAI,0CAAiB,CACzB,IAAI,CAAC,UAAU,EACf,gDAAgD,CACjD,CAAA;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YACzC,MAAM,GAAG,CAAA;QACX,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QACpD,CAAC;QAED,OAAO;YACL,UAAU;YACV,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS;YAC9C,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,UAAsB,EACtB,MAAc,EACd,OAAgB,EAChB,QAAkB,EAClB,cAA+B,EAC/B,aAAsB;QAEtB,MAAM,SAAS,GAAG,IAAA,iCAAgB,EAAC,UAAU,CAAC,CAAA;QAE9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;QACpD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,8CAAmB,CAAC,qBAAqB,CAAC,CAAA;QAE/D,IAAI,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAEzB,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAChC,MAAM,IAAI,0CAAiB,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YACrE,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,gCAAgC,CACjC,CAAA;YACH,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC/B,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,gDAAgD,CACjD,CAAA;YACH,CAAC;YACD,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1B,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,qCAAqC,CACtC,CAAA;YACH,CAAC;YAED,sEAAsE;YACtE,qEAAqE;YACrE,0EAA0E;YAC1E,2BAA2B;YAC3B,IAAI,aAAa,IAAI,IAAI,EAAE,CAAC;gBAC1B,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;gBACvD,MAAM,cAAc,GAAG,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;gBAEnD,qEAAqE;gBACrE,MAAM,SAAS,GAAG,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;gBAErE,+CAA+C;gBAC/C,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,iCAAiC,CAClC,CAAA;gBACH,CAAC;gBAED,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;YAC5D,CAAC;YAED,uCAAuC;YACvC,MAAM,IAAI,GAAG,MAAM,IAAA,sBAAY,GAAE,CAAA;YAEjC,wEAAwE;YACxE,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE;gBACxC,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,IAAI;gBACJ,gFAAgF;gBAChF,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,+CAAgC,CAAC;gBAClE,UAAU;aACX,CAAC,CAAA;YAEF,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACxC,MAAM;gBACN,OAAO;gBACP,UAAU;gBACV,QAAQ;gBACR,cAAc;gBACd,SAAS;aACV,CAAC,CAAA;YAEF,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YACzC,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,WAAW,CAAC,IAAU;QACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAA;QACxD,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,0CAAiB,CAAC,cAAc,CAAC,CAAA;QAExD,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,MAAM,CAAA;QAElC,yEAAyE;QACzE,0DAA0D;QAC1D,IAAI,uBAAQ,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;YACtD,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAA,yCAAuB,EAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACzD,kEAAkE;YAClE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;QAC7C,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;QACtD,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,UAAsB;QACjC,MAAM,SAAS,GAAG,IAAA,iCAAgB,EAAC,UAAU,CAAC,CAAA;QAC9C,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;IAC3C,CAAC;CACF;AArcD,wCAqcC"}
+{"version":3,"file":"request-manager.js","sourceRoot":"","sources":["../../src/request/request-manager.ts"],"names":[],"mappings":";;;AAAA,sCAA2C;AAC3C,gEAAkE;AAElE,wDAA2D;AAK3D,4CAA+C;AAI/C,kDAKwB;AAExB,6EAAoE;AACpE,6EAAqE;AACrE,mFAA0E;AAC1E,6GAAmG;AACnG,6EAAoE;AACpE,iFAAwE;AACxE,6EAAoE;AAKpE,uCAA8C;AAC9C,uDAG0B;AAC1B,mDAAmD;AAEnD,qDAIyB;AAEzB,MAAa,cAAc;IAEJ;IACA;IACA;IACA;IACA;IACA;IANrB,YACqB,KAAmB,EACnB,cAA8B,EAC9B,MAAc,EACd,QAA0C,EAC1C,KAAiB,EACjB,cAAc,4BAAa;QAL3B,UAAK,GAAL,KAAK,CAAc;QACnB,mBAAc,GAAd,cAAc,CAAgB;QAC9B,WAAM,GAAN,MAAM,CAAQ;QACd,aAAQ,GAAR,QAAQ,CAAkC;QAC1C,UAAK,GAAL,KAAK,CAAY;QACjB,gBAAW,GAAX,WAAW,CAAgB;IAC7C,CAAC;IAEM,iBAAiB;QACzB,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,MAAc,EACd,UAA6B,EAC7B,KAAoD,EACpD,QAAyB;QAEzB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,KAAK,CAAC,CAAA;QAEjE,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,IAAI,CAAC,IAAI,EAAE;YAClD,MAAM;YACN,UAAU;YACV,UAAU;SACX,CAAC,CAAA;QAEF,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,6BAAc,CAAC,CAAA;QACvD,MAAM,SAAS,GAAG,MAAM,IAAA,iCAAiB,GAAE,CAAA;QAE3C,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE;YACxC,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,UAAU;YACV,UAAU;YACV,SAAS;YACT,QAAQ;YACR,GAAG,EAAE,IAAI;YACT,IAAI,EAAE,IAAI;SACX,CAAC,CAAA;QAEF,MAAM,UAAU,GAAG,IAAA,iCAAgB,EAAC,SAAS,CAAC,CAAA;QAC9C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAC9C,CAAC;IAES,KAAK,CAAC,QAAQ,CACtB,MAAc,EACd,UAA6B,EAC7B,UAAyD;QAEzD,kCAAkC;QAClC,kCAAkC;QAClC,kCAAkC;QAElC,KAAK,MAAM,CAAC,IAAI;YACd,oCAAoC;YACpC,QAAQ;YACR,eAAe;YACf,OAAO,EAAE,gDAAgD;SACjD,EAAE,CAAC;YACX,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;gBAChC,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,gBAAgB,CAAC,aAAa,CAAC,CAAA;YAC1E,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,0BAA0B;QAC1B,0BAA0B;QAE1B,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,QAAQ,CAC/C,UAAU,CAAC,aAAa,CACzB,EACD,CAAC;YACD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,8BAA8B,UAAU,CAAC,aAAa,GAAG,EACzD,2BAA2B,CAC5B,CAAA;QACH,CAAC;QAED,IACE,UAAU,CAAC,aAAa,KAAK,MAAM;YACnC,CAAC,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EACpE,CAAC;YACD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,6CAA6C,EAC7C,iBAAiB,CAClB,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;YACrC,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACtD,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,qCAAqC,EAAE,QAAQ,CAC5D,MAAM,CAAC,IAAI,CACZ,EACD,CAAC;oBACD,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,6CAA6C,MAAM,CAAC,IAAI,GAAG,CAC5D,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,0BAA0B;QAC1B,0BAA0B;QAE1B,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;QAE/C,sBAAsB;QACtB,sBAAsB;QACtB,sBAAsB;QAEtB,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;YAC7B,yEAAyE;YACzE,0BAA0B;YAC1B,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,wBAAwB,CAAC,CAAA;QACpE,CAAC;QAED,+EAA+E;QAC/E,qEAAqE;QACrE,yEAAyE;QACzE,2EAA2E;QAC3E,sEAAsE;QACtE,2EAA2E;QAC3E,sEAAsE;QAEtE,uEAAuE;QACvE,SAAS;QACT,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;QAEpD,0EAA0E;QAC1E,yEAAyE;QACzE,0EAA0E;QAC1E,sDAAsD;QACtD,MAAM,KAAK,GACT,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,kCAAmB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,SAAS,CAAA;QACvE,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,KAAK,EAAE,CAAA;QAErC,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;YAC9B,QAAQ,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACzC,KAAK,SAAS;oBACZ,4DAA4D;oBAC5D,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,qBAAqB,EAAE,OAAO,EAAE,CAAA;gBAChE,gBAAgB;gBAChB,KAAK,OAAO,CAAC;gBACb,KAAK,MAAM;oBACT,MAAK;gBACP,OAAO,CAAC,CAAC,CAAC;oBACR,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,sCAAsC,UAAU,CAAC,qBAAqB,GAAG,CAC1E,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACrC,8DAA8D;gBAC9D,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,mEAAmE,CACpE,CAAA;YACH,CAAC;YAED,iFAAiF;YACjF,EAAE;YACF,oEAAoE;YACpE,qEAAqE;YACrE,4DAA4D;YAC5D,sEAAsE;YACtE,aAAa;YACb,EAAE;YACF,wEAAwE;YACxE,qEAAqE;YACrE,4DAA4D;YAC5D,EAAE;YACF,uEAAuE;YACvE,2CAA2C;YAE3C,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,yBAAyB,CAAC,CAAA;QACrE,CAAC;QAED,oBAAoB;QACpB,oBAAoB;QACpB,oBAAoB;QAEpB,IAAI,UAAU,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACxC,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,0CAAiB,CAAC,UAAU,EAAE,iCAAiC,CAAC,CAAA;QAC5E,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,+CAA+C,CAChD,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;YAChD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,sDAAsD,CACvD,CAAA;QACH,CAAC;QAED,0EAA0E;QAC1E,wEAAwE;QACxE,sEAAsE;QACtE,SAAS;QACT,IACE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;YACtB,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;YACzB,MAAM,CAAC,QAAQ,CAAC,0BAA0B,KAAK,MAAM,EACrD,CAAC;YACD,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBACjC,MAAM,IAAI,gDAAoB,CAC5B,UAAU,EACV,sDAAsD,CACvD,CAAA;YACH,CAAC;YAED,2DAA2D;YAC3D,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;QACnD,CAAC;QAED,yEAAyE;QACzE,qEAAqE;QACrE,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,EAAE,WAAW,EAAE,CAAA;QACjD,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,IAAA,kBAAY,EAAC,IAAI,CAAC,IAAI,CAAC,IAAA,sBAAa,EAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,uBAAuB,IAAI,GAAG,CAAC,CAAA;YAC1E,CAAC;YAED,0EAA0E;YAC1E,yEAAyE;YAEzE,yDAAyD;YACzD,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,UAAU,EAAE,IAAI,EAAE,CAAA;QAClD,CAAC;QAED,4EAA4E;QAC5E,UAAU;QACV,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;YACxE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,wBAAwB;gBACxB,IAAI,GAAG,YAAY,yCAAsB,EAAE,CAAC;oBAC1C,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,GAAG,CAAC,OAAO,EACX,eAAe,EACf,GAAG,CACJ,CAAA;gBACH,CAAC;gBAED,mBAAmB;gBACnB,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAsB,EAAE,QAAkB,EAAE,QAAmB;QACvE,MAAM,SAAS,GAAG,IAAA,iCAAgB,EAAC,UAAU,CAAC,CAAA;QAE9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;QACpD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,8CAAmB,CAAC,qBAAqB,CAAC,CAAA;QAE/D,MAAM,OAAO,GAAsB,EAAE,CAAA;QAErC,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1B,wEAAwE;gBACxE,wBAAwB;gBACxB,MAAM,IAAI,0CAAiB,CACzB,IAAI,CAAC,UAAU,EACf,qCAAqC,CACtC,CAAA;YACH,CAAC;YAED,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAChC,MAAM,IAAI,0CAAiB,CAAC,IAAI,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YAC1E,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,SAAS,GAAG,IAAI,IAAI,CAC1B,IAAI,CAAC,GAAG,EAAE,GAAG,+CAAgC,CAC9C,CAAA;YACH,CAAC;YAED,IAAI,QAAQ,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACnD,MAAM,IAAI,0CAAiB,CACzB,IAAI,CAAC,UAAU,EACf,+CAA+C,CAChD,CAAA;YACH,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAA;YAC7B,CAAC;iBAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACtC,MAAM,IAAI,0CAAiB,CACzB,IAAI,CAAC,UAAU,EACf,gDAAgD,CACjD,CAAA;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YACzC,MAAM,GAAG,CAAA;QACX,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QACpD,CAAC;QAED,OAAO;YACL,UAAU;YACV,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS;YAC9C,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,UAAsB,EACtB,MAAc,EACd,OAAgB,EAChB,QAAkB,EAClB,cAA+B,EAC/B,aAAsB;QAEtB,MAAM,SAAS,GAAG,IAAA,iCAAgB,EAAC,UAAU,CAAC,CAAA;QAE9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;QACpD,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,8CAAmB,CAAC,qBAAqB,CAAC,CAAA;QAE/D,IAAI,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAEzB,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAChC,MAAM,IAAI,0CAAiB,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YACrE,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnB,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,gCAAgC,CACjC,CAAA;YACH,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC/B,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,gDAAgD,CACjD,CAAA;YACH,CAAC;YACD,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC1B,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,qCAAqC,CACtC,CAAA;YACH,CAAC;YAED,sEAAsE;YACtE,qEAAqE;YACrE,0EAA0E;YAC1E,2BAA2B;YAC3B,IAAI,aAAa,IAAI,IAAI,EAAE,CAAC;gBAC1B,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;gBACvD,MAAM,cAAc,GAAG,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;gBAEnD,qEAAqE;gBACrE,MAAM,SAAS,GAAG,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;gBAErE,+CAA+C;gBAC/C,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,iCAAiC,CAClC,CAAA;gBACH,CAAC;gBAED,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;YAC5D,CAAC;YAED,uCAAuC;YACvC,MAAM,IAAI,GAAG,MAAM,IAAA,sBAAY,GAAE,CAAA;YAEjC,wEAAwE;YACxE,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,EAAE;gBACxC,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,IAAI;gBACJ,gFAAgF;gBAChF,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,+CAAgC,CAAC;gBAClE,UAAU;aACX,CAAC,CAAA;YAEF,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,IAAI,EAAE;gBACxC,MAAM;gBACN,OAAO;gBACP,UAAU;gBACV,QAAQ;gBACR,cAAc;gBACd,SAAS;aACV,CAAC,CAAA;YAEF,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YACzC,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,WAAW,CAAC,IAAU;QACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAA;QACxD,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,0CAAiB,CAAC,cAAc,CAAC,CAAA;QAExD,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,MAAM,CAAA;QAElC,yEAAyE;QACzE,0DAA0D;QAC1D,IAAI,uBAAQ,KAAK,YAAY,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;YACtD,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAA,yCAAuB,EAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YACzD,kEAAkE;YAClE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;QAC7C,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAChC,MAAM,IAAI,0CAAiB,CAAC,uBAAuB,CAAC,CAAA;QACtD,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,UAAsB;QACjC,MAAM,SAAS,GAAG,IAAA,iCAAgB,EAAC,UAAU,CAAC,CAAA;QAC9C,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;IAC3C,CAAC;CACF;AArcD,wCAqcC","sourcesContent":["import { isAtprotoDid } from '@atproto/did'\nimport { LexiconResolutionError } from '@atproto/lexicon-resolver'\nimport type { Account } from '@atproto/oauth-provider-api'\nimport { isAtprotoOauthScope } from '@atproto/oauth-scopes'\nimport {\n  OAuthAuthorizationRequestParameters,\n  OAuthAuthorizationServerMetadata,\n} from '@atproto/oauth-types'\nimport { isValidHandle } from '@atproto/syntax'\nimport { ClientAuth } from '../client/client-auth.js'\nimport { ClientId } from '../client/client-id.js'\nimport { Client } from '../client/client.js'\nimport {\n  AUTHORIZATION_INACTIVITY_TIMEOUT,\n  NODE_ENV,\n  PAR_EXPIRES_IN,\n  TOKEN_MAX_AGE,\n} from '../constants.js'\nimport { DeviceId } from '../device/device-id.js'\nimport { AccessDeniedError } from '../errors/access-denied-error.js'\nimport { AuthorizationError } from '../errors/authorization-error.js'\nimport { ConsentRequiredError } from '../errors/consent-required-error.js'\nimport { InvalidAuthorizationDetailsError } from '../errors/invalid-authorization-details-error.js'\nimport { InvalidGrantError } from '../errors/invalid-grant-error.js'\nimport { InvalidRequestError } from '../errors/invalid-request-error.js'\nimport { InvalidScopeError } from '../errors/invalid-scope-error.js'\nimport { LexiconManager } from '../lexicon/lexicon-manager.js'\nimport { RequestMetadata } from '../lib/http/request.js'\nimport { OAuthHooks } from '../oauth-hooks.js'\nimport { Signer } from '../signer/signer.js'\nimport { Code, generateCode } from './code.js'\nimport {\n  RequestDataAuthorized,\n  isRequestDataAuthorized,\n} from './request-data.js'\nimport { generateRequestId } from './request-id.js'\nimport { RequestStore, UpdateRequestData } from './request-store.js'\nimport {\n  RequestUri,\n  decodeRequestUri,\n  encodeRequestUri,\n} from './request-uri.js'\n\nexport class RequestManager {\n  constructor(\n    protected readonly store: RequestStore,\n    protected readonly lexiconManager: LexiconManager,\n    protected readonly signer: Signer,\n    protected readonly metadata: OAuthAuthorizationServerMetadata,\n    protected readonly hooks: OAuthHooks,\n    protected readonly tokenMaxAge = TOKEN_MAX_AGE,\n  ) {}\n\n  protected createTokenExpiry() {\n    return new Date(Date.now() + this.tokenMaxAge)\n  }\n\n  async createAuthorizationRequest(\n    client: Client,\n    clientAuth: null | ClientAuth,\n    input: Readonly<OAuthAuthorizationRequestParameters>,\n    deviceId: null | DeviceId,\n  ) {\n    const parameters = await this.validate(client, clientAuth, input)\n\n    await this.hooks.onAuthorizationRequest?.call(null, {\n      client,\n      clientAuth,\n      parameters,\n    })\n\n    const expiresAt = new Date(Date.now() + PAR_EXPIRES_IN)\n    const requestId = await generateRequestId()\n\n    await this.store.createRequest(requestId, {\n      clientId: client.id,\n      clientAuth,\n      parameters,\n      expiresAt,\n      deviceId,\n      sub: null,\n      code: null,\n    })\n\n    const requestUri = encodeRequestUri(requestId)\n    return { requestUri, expiresAt, parameters }\n  }\n\n  protected async validate(\n    client: Client,\n    clientAuth: null | ClientAuth,\n    parameters: Readonly<OAuthAuthorizationRequestParameters>,\n  ): Promise<Readonly<OAuthAuthorizationRequestParameters>> {\n    // -------------------------------\n    // Validate unsupported parameters\n    // -------------------------------\n\n    for (const k of [\n      // Known unsupported OIDC parameters\n      'claims',\n      'id_token_hint',\n      'nonce', // note that OIDC \"nonce\" is redundant with PKCE\n    ] as const) {\n      if (parameters[k] !== undefined) {\n        throw new AuthorizationError(parameters, `Unsupported \"${k}\" parameter`)\n      }\n    }\n\n    // -----------------------\n    // Validate against server\n    // -----------------------\n\n    if (\n      !this.metadata.response_types_supported?.includes(\n        parameters.response_type,\n      )\n    ) {\n      throw new AuthorizationError(\n        parameters,\n        `Unsupported response_type \"${parameters.response_type}\"`,\n        'unsupported_response_type',\n      )\n    }\n\n    if (\n      parameters.response_type === 'code' &&\n      !this.metadata.grant_types_supported?.includes('authorization_code')\n    ) {\n      throw new AuthorizationError(\n        parameters,\n        `Unsupported grant_type \"authorization_code\"`,\n        'invalid_request',\n      )\n    }\n\n    if (parameters.authorization_details) {\n      for (const detail of parameters.authorization_details) {\n        if (\n          !this.metadata.authorization_details_types_supported?.includes(\n            detail.type,\n          )\n        ) {\n          throw new InvalidAuthorizationDetailsError(\n            parameters,\n            `Unsupported \"authorization_details\" type \"${detail.type}\"`,\n          )\n        }\n      }\n    }\n\n    // -----------------------\n    // Validate against client\n    // -----------------------\n\n    parameters = client.validateRequest(parameters)\n\n    // -------------------\n    // Validate parameters\n    // -------------------\n\n    if (!parameters.redirect_uri) {\n      // Should already be ensured by client.validateRequest(). Adding here for\n      // clarity & extra safety.\n      throw new AuthorizationError(parameters, 'Missing \"redirect_uri\"')\n    }\n\n    // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#section-1.4.1\n    // > The authorization server MAY fully or partially ignore the scope\n    // > requested by the client, based on the authorization server policy or\n    // > the resource owner's instructions. If the issued access token scope is\n    // > different from the one requested by the client, the authorization\n    // > server MUST include the scope response parameter in the token response\n    // > (Section 3.2.3) to inform the client of the actual scope granted.\n\n    // Let's make sure the scopes are unique (to reduce the token & storage\n    // size).\n    const scopes = new Set(parameters.scope?.split(' '))\n\n    // @NOTE An app requesting a not yet supported list of scopes will need to\n    // re-authenticate the user once the scopes are supported. This is due to\n    // the fact that the AS does not know how to properly display those scopes\n    // to the user, so it cannot properly ask for consent.\n    const scope =\n      Array.from(scopes).filter(isAtprotoOauthScope).join(' ') || undefined\n    parameters = { ...parameters, scope }\n\n    if (parameters.code_challenge) {\n      switch (parameters.code_challenge_method) {\n        case undefined:\n          // https://datatracker.ietf.org/doc/html/rfc7636#section-4.3\n          parameters = { ...parameters, code_challenge_method: 'plain' }\n        // falls through\n        case 'plain':\n        case 'S256':\n          break\n        default: {\n          throw new AuthorizationError(\n            parameters,\n            `Unsupported code_challenge_method \"${parameters.code_challenge_method}\"`,\n          )\n        }\n      }\n    } else {\n      if (parameters.code_challenge_method) {\n        // https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1\n        throw new AuthorizationError(\n          parameters,\n          'code_challenge is required when code_challenge_method is provided',\n        )\n      }\n\n      // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-4.1.2.1\n      //\n      // > An AS MUST reject requests without a code_challenge from public\n      // > clients, and MUST reject such requests from other clients unless\n      // > there is reasonable assurance that the client mitigates\n      // > authorization code injection in other ways. See Section 7.5.1 for\n      // > details.\n      //\n      // > [...] In the specific deployment and the specific request, there is\n      // > reasonable assurance by the authorization server that the client\n      // > implements the OpenID Connect nonce mechanism properly.\n      //\n      // atproto does not implement the OpenID Connect nonce mechanism, so we\n      // require the use of PKCE for all clients.\n\n      throw new AuthorizationError(parameters, 'Use of PKCE is required')\n    }\n\n    // -----------------\n    // atproto extension\n    // -----------------\n\n    if (parameters.response_type !== 'code') {\n      throw new AuthorizationError(\n        parameters,\n        'atproto only supports the \"code\" response_type',\n      )\n    }\n\n    if (!scopes.has('atproto')) {\n      throw new InvalidScopeError(parameters, 'The \"atproto\" scope is required')\n    } else if (scopes.has('openid')) {\n      throw new InvalidScopeError(\n        parameters,\n        'OpenID Connect is not compatible with atproto',\n      )\n    }\n\n    if (parameters.code_challenge_method !== 'S256') {\n      throw new AuthorizationError(\n        parameters,\n        'atproto requires use of \"S256\" code_challenge_method',\n      )\n    }\n\n    // atproto extension: if the client is not trusted, and not authenticated,\n    // force users to consent to authorization requests. We do this to avoid\n    // unauthenticated clients from being able to silently re-authenticate\n    // users.\n    if (\n      !client.info.isTrusted &&\n      !client.info.isFirstParty &&\n      client.metadata.token_endpoint_auth_method === 'none'\n    ) {\n      if (parameters.prompt === 'none') {\n        throw new ConsentRequiredError(\n          parameters,\n          'Public clients are not allowed to use silent-sign-on',\n        )\n      }\n\n      // force \"consent\" for unauthenticated, third party clients\n      parameters = { ...parameters, prompt: 'consent' }\n    }\n\n    // atproto extension: ensure that the login_hint is a valid handle or DID\n    // @NOTE we to allow invalid case here, which is not spec'd anywhere.\n    const hint = parameters.login_hint?.toLowerCase()\n    if (hint) {\n      if (!isAtprotoDid(hint) && !isValidHandle(hint)) {\n        throw new AuthorizationError(parameters, `Invalid login_hint \"${hint}\"`)\n      }\n\n      // @TODO: ensure that the account actually exists on this server (there is\n      // no point in showing the UI to the user if the account does not exist).\n\n      // Update the parameters to ensure the right case is used\n      parameters = { ...parameters, login_hint: hint }\n    }\n\n    // Make sure that every nsid in the scope resolves to a valid permission set\n    // lexicon\n    if (parameters.scope) {\n      try {\n        await this.lexiconManager.getPermissionSetsFromScope(parameters.scope)\n      } catch (err) {\n        // Parse expected errors\n        if (err instanceof LexiconResolutionError) {\n          throw new AuthorizationError(\n            parameters,\n            err.message,\n            'invalid_scope',\n            err,\n          )\n        }\n\n        // Unexpected error\n        throw err\n      }\n    }\n\n    return parameters\n  }\n\n  async get(requestUri: RequestUri, deviceId: DeviceId, clientId?: ClientId) {\n    const requestId = decodeRequestUri(requestUri)\n\n    const data = await this.store.readRequest(requestId)\n    if (!data) throw new InvalidRequestError('Unknown request_uri')\n\n    const updates: UpdateRequestData = {}\n\n    try {\n      if (data.sub || data.code) {\n        // If an account was linked to the request, the next step is to exchange\n        // the code for a token.\n        throw new AccessDeniedError(\n          data.parameters,\n          'This request was already authorized',\n        )\n      }\n\n      if (data.expiresAt < new Date()) {\n        throw new AccessDeniedError(data.parameters, 'This request has expired')\n      } else {\n        updates.expiresAt = new Date(\n          Date.now() + AUTHORIZATION_INACTIVITY_TIMEOUT,\n        )\n      }\n\n      if (clientId != null && data.clientId !== clientId) {\n        throw new AccessDeniedError(\n          data.parameters,\n          'This request was initiated for another client',\n        )\n      }\n\n      if (!data.deviceId) {\n        updates.deviceId = deviceId\n      } else if (data.deviceId !== deviceId) {\n        throw new AccessDeniedError(\n          data.parameters,\n          'This request was initiated from another device',\n        )\n      }\n    } catch (err) {\n      await this.store.deleteRequest(requestId)\n      throw err\n    }\n\n    if (Object.keys(updates).length > 0) {\n      await this.store.updateRequest(requestId, updates)\n    }\n\n    return {\n      requestUri,\n      expiresAt: updates.expiresAt || data.expiresAt,\n      parameters: data.parameters,\n      clientId: data.clientId,\n    }\n  }\n\n  async setAuthorized(\n    requestUri: RequestUri,\n    client: Client,\n    account: Account,\n    deviceId: DeviceId,\n    deviceMetadata: RequestMetadata,\n    scopeOverride?: string,\n  ): Promise<Code> {\n    const requestId = decodeRequestUri(requestUri)\n\n    const data = await this.store.readRequest(requestId)\n    if (!data) throw new InvalidRequestError('Unknown request_uri')\n\n    let { parameters } = data\n\n    try {\n      if (data.expiresAt < new Date()) {\n        throw new AccessDeniedError(parameters, 'This request has expired')\n      }\n      if (!data.deviceId) {\n        throw new AccessDeniedError(\n          parameters,\n          'This request was not initiated',\n        )\n      }\n      if (data.deviceId !== deviceId) {\n        throw new AccessDeniedError(\n          parameters,\n          'This request was initiated from another device',\n        )\n      }\n      if (data.sub || data.code) {\n        throw new AccessDeniedError(\n          parameters,\n          'This request was already authorized',\n        )\n      }\n\n      // If a new scope value is provided, update the parameters by ensuring\n      // that every existing scope in the parameters is also present in the\n      // override value. This allows the user to remove scopes from the request,\n      // but not to add new ones.\n      if (scopeOverride != null) {\n        const allowedScopes = new Set(scopeOverride.split(' '))\n        const existingScopes = parameters.scope?.split(' ')\n\n        // Compute the intersection of the existing scopes and the overrides.\n        const newScopes = existingScopes?.filter((s) => allowedScopes.has(s))\n\n        // Validate: make sure the new scopes are valid\n        if (!newScopes?.includes('atproto')) {\n          throw new AccessDeniedError(\n            parameters,\n            'The \"atproto\" scope is required',\n          )\n        }\n\n        parameters = { ...parameters, scope: newScopes.join(' ') }\n      }\n\n      // Only response_type=code is supported\n      const code = await generateCode()\n\n      // Bind the request to the account, preventing it from being used again.\n      await this.store.updateRequest(requestId, {\n        sub: account.sub,\n        code,\n        // Allow the client to exchange the code for a token within the next 60 seconds.\n        expiresAt: new Date(Date.now() + AUTHORIZATION_INACTIVITY_TIMEOUT),\n        parameters,\n      })\n\n      await this.hooks.onAuthorized?.call(null, {\n        client,\n        account,\n        parameters,\n        deviceId,\n        deviceMetadata,\n        requestId,\n      })\n\n      return code\n    } catch (err) {\n      await this.store.deleteRequest(requestId)\n      throw err\n    }\n  }\n\n  /**\n   * @note If this method throws an error, any token previously generated from\n   * the same `code` **must** me revoked.\n   */\n  public async consumeCode(code: Code): Promise<RequestDataAuthorized> {\n    const result = await this.store.consumeRequestCode(code)\n    if (!result) throw new InvalidGrantError('Invalid code')\n\n    const { requestId, data } = result\n\n    // Fool-proofing the store implementation against code replay attacks (in\n    // case consumeRequestCode() does not delete the request).\n    if (NODE_ENV !== 'production') {\n      const result = await this.store.readRequest(requestId)\n      if (result) {\n        throw new Error('Invalid store implementation: request not deleted')\n      }\n    }\n\n    if (!isRequestDataAuthorized(data) || data.code !== code) {\n      // Should never happen: maybe the store implementation is faulty ?\n      throw new Error('Unexpected request state')\n    }\n\n    if (data.expiresAt < new Date()) {\n      throw new InvalidGrantError('This code has expired')\n    }\n\n    return data\n  }\n\n  async delete(requestUri: RequestUri): Promise<void> {\n    const requestId = decodeRequestUri(requestUri)\n    await this.store.deleteRequest(requestId)\n  }\n}\n"]}

package/dist/request/request-store.js.map

@@ -1 +1 @@
-{"version":3,"file":"request-store.js","sourceRoot":"","sources":["../../src/request/request-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAoDA,wCAOC;AA3DD,6EAAoE;AAsB3D,kGAtBA,0CAAiB,OAsBA;AArB1B,iDAAsE;AAKtE,kEAAkE;AAClE,4CAAyB;AACzB,oDAAiC;AACjC,kDAA+B;AAmClB,QAAA,cAAc,GAAG,IAAA,+BAAqB,EAAe;IAChE,eAAe;IACf,aAAa;IACb,eAAe;IACf,eAAe;IACf,oBAAoB;CACrB,CAAC,CAAA;AAEF,SAAgB,cAAc,CAC5B,cAAkB;IAElB,IAAI,CAAC,cAAc,IAAI,CAAC,IAAA,sBAAc,EAAC,cAAc,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;IACxD,CAAC;IACD,OAAO,cAAc,CAAA;AACvB,CAAC"}
+{"version":3,"file":"request-store.js","sourceRoot":"","sources":["../../src/request/request-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAoDA,wCAOC;AA3DD,6EAAoE;AAsB3D,kGAtBA,0CAAiB,OAsBA;AArB1B,iDAAsE;AAKtE,kEAAkE;AAClE,4CAAyB;AACzB,oDAAiC;AACjC,kDAA+B;AAmClB,QAAA,cAAc,GAAG,IAAA,+BAAqB,EAAe;IAChE,eAAe;IACf,aAAa;IACb,eAAe;IACf,eAAe;IACf,oBAAoB;CACrB,CAAC,CAAA;AAEF,SAAgB,cAAc,CAC5B,cAAkB;IAElB,IAAI,CAAC,cAAc,IAAI,CAAC,IAAA,sBAAc,EAAC,cAAc,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;IACxD,CAAC;IACD,OAAO,cAAc,CAAA;AACvB,CAAC","sourcesContent":["import { InvalidGrantError } from '../errors/invalid-grant-error.js'\nimport { Awaitable, buildInterfaceChecker } from '../lib/util/type.js'\nimport { Code } from './code.js'\nimport { RequestData } from './request-data.js'\nimport { RequestId } from './request-id.js'\n\n// Export all types needed to implement the RequestStore interface\nexport * from './code.js'\nexport * from './request-data.js'\nexport * from './request-id.js'\nexport type { Awaitable }\n\nexport type UpdateRequestData = Pick<\n  Partial<RequestData>,\n  'sub' | 'code' | 'deviceId' | 'expiresAt' | 'parameters'\n>\n\nexport type FoundRequestResult = {\n  requestId: RequestId\n  data: RequestData\n}\n\nexport { InvalidGrantError }\n\nexport interface RequestStore {\n  createRequest(requestId: RequestId, data: RequestData): Awaitable<void>\n  /**\n   * Note that expired requests **can** be returned to yield a different error\n   * message than if the request was not found.\n   */\n  readRequest(requestId: RequestId): Awaitable<RequestData | null>\n  updateRequest(requestId: RequestId, data: UpdateRequestData): Awaitable<void>\n  deleteRequest(requestId: RequestId): void | Awaitable<void>\n  /**\n   * @note it is **IMPORTANT** that this method prevents concurrent retrieval of\n   * the same code. If two requests are made with the same code, only one of\n   * them should succeed and return the request data.\n   *\n   * @throws {InvalidGrantError} - When the request is not found or has expired\n   * (allows to provide an error message instead of returning `null`).\n   */\n  consumeRequestCode(code: Code): Awaitable<FoundRequestResult | null>\n}\n\nexport const isRequestStore = buildInterfaceChecker<RequestStore>([\n  'createRequest',\n  'readRequest',\n  'updateRequest',\n  'deleteRequest',\n  'consumeRequestCode',\n])\n\nexport function asRequestStore<V extends Partial<RequestStore>>(\n  implementation?: V,\n): V & RequestStore {\n  if (!implementation || !isRequestStore(implementation)) {\n    throw new Error('Invalid RequestStore implementation')\n  }\n  return implementation\n}\n"]}

package/dist/request/request-uri.js.map

@@ -1 +1 @@
-{"version":3,"file":"request-uri.js","sourceRoot":"","sources":["../../src/request/request-uri.ts"],"names":[],"mappings":";;;AAmBA,4CAEC;AAED,4CAGC;AA1BD,6BAAuB;AACvB,mDAA4D;AAE/C,QAAA,kBAAkB,GAAG,oCAAoC,CAAA;AAEzD,QAAA,gBAAgB,GAAG,OAAC;KAC9B,MAAM,EAAE;KACR,UAAU,CACT,CAAC,IAAI,EAAsD,EAAE,CAC3D,IAAI,CAAC,UAAU,CAAC,0BAAkB,CAAC;IACnC,+BAAe,CAAC,SAAS,CAAC,gBAAgB,CAAC,IAAW,CAAC,CAAC,CAAC,OAAO,EAClE;IACE,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;IAC3B,OAAO,EAAE,4BAA4B;CACtC,CACF,CAAA;AAIH,SAAgB,gBAAgB,CAAC,SAAoB;IACnD,OAAO,GAAG,0BAAkB,GAAG,kBAAkB,CAAC,SAAS,CAAc,EAAE,CAAA;AAC7E,CAAC;AAED,SAAgB,gBAAgB,CAAC,UAAsB;IACrD,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,0BAAkB,CAAC,MAAM,CAAC,CAAA;IAChE,OAAO,kBAAkB,CAAC,YAAY,CAAc,CAAA;AACtD,CAAC"}
+{"version":3,"file":"request-uri.js","sourceRoot":"","sources":["../../src/request/request-uri.ts"],"names":[],"mappings":";;;AAmBA,4CAEC;AAED,4CAGC;AA1BD,6BAAuB;AACvB,mDAA4D;AAE/C,QAAA,kBAAkB,GAAG,oCAAoC,CAAA;AAEzD,QAAA,gBAAgB,GAAG,OAAC;KAC9B,MAAM,EAAE;KACR,UAAU,CACT,CAAC,IAAI,EAAsD,EAAE,CAC3D,IAAI,CAAC,UAAU,CAAC,0BAAkB,CAAC;IACnC,+BAAe,CAAC,SAAS,CAAC,gBAAgB,CAAC,IAAW,CAAC,CAAC,CAAC,OAAO,EAClE;IACE,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;IAC3B,OAAO,EAAE,4BAA4B;CACtC,CACF,CAAA;AAIH,SAAgB,gBAAgB,CAAC,SAAoB;IACnD,OAAO,GAAG,0BAAkB,GAAG,kBAAkB,CAAC,SAAS,CAAc,EAAE,CAAA;AAC7E,CAAC;AAED,SAAgB,gBAAgB,CAAC,UAAsB;IACrD,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,0BAAkB,CAAC,MAAM,CAAC,CAAA;IAChE,OAAO,kBAAkB,CAAC,YAAY,CAAc,CAAA;AACtD,CAAC","sourcesContent":["import { z } from 'zod'\nimport { RequestId, requestIdSchema } from './request-id.js'\n\nexport const REQUEST_URI_PREFIX = 'urn:ietf:params:oauth:request_uri:'\n\nexport const requestUriSchema = z\n  .string()\n  .refinement(\n    (data): data is `${typeof REQUEST_URI_PREFIX}${RequestId}` =>\n      data.startsWith(REQUEST_URI_PREFIX) &&\n      requestIdSchema.safeParse(decodeRequestUri(data as any)).success,\n    {\n      code: z.ZodIssueCode.custom,\n      message: 'Invalid request_uri format',\n    },\n  )\n\nexport type RequestUri = z.infer<typeof requestUriSchema>\n\nexport function encodeRequestUri(requestId: RequestId): RequestUri {\n  return `${REQUEST_URI_PREFIX}${encodeURIComponent(requestId) as RequestId}`\n}\n\nexport function decodeRequestUri(requestUri: RequestUri): RequestId {\n  const requestIdEnc = requestUri.slice(REQUEST_URI_PREFIX.length)\n  return decodeURIComponent(requestIdEnc) as RequestId\n}\n"]}

package/dist/result/authorization-redirect-parameters.js.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-redirect-parameters.js","sourceRoot":"","sources":["../../src/result/authorization-redirect-parameters.ts"],"names":[],"mappings":""}
+{"version":3,"file":"authorization-redirect-parameters.js","sourceRoot":"","sources":["../../src/result/authorization-redirect-parameters.ts"],"names":[],"mappings":"","sourcesContent":["import { OAuthTokenType } from '@atproto/oauth-types'\nimport { Code } from '../request/code.js'\n\n/**\n * @note `iss` and `state` will be added from the\n * {@link AuthorizationResultRedirect} object.\n */\nexport type AuthorizationRedirectParameters =\n  | {\n      // iss: string\n      // state?: string\n      code: Code\n      id_token?: string\n      access_token?: string\n      token_type?: OAuthTokenType\n      expires_in?: string\n    }\n  | {\n      // iss: string\n      // state?: string\n      error: string\n      error_description?: string\n      error_uri?: string\n    }\n"]}

package/dist/result/authorization-result-authorize-page.js.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-result-authorize-page.js","sourceRoot":"","sources":["../../src/result/authorization-result-authorize-page.ts"],"names":[],"mappings":""}
+{"version":3,"file":"authorization-result-authorize-page.js","sourceRoot":"","sources":["../../src/result/authorization-result-authorize-page.ts"],"names":[],"mappings":"","sourcesContent":["import type { LexPermissionSet } from '@atproto/lexicon'\nimport type { Session } from '@atproto/oauth-provider-api'\nimport type { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'\nimport type { Client } from '../client/client.js'\nimport type { RequestUri } from '../request/request-uri.js'\n\nexport type AuthorizationResultAuthorizePage = {\n  issuer: string\n  client: Client\n  parameters: OAuthAuthorizationRequestParameters\n  permissionSets: Map<string, LexPermissionSet>\n\n  requestUri: RequestUri\n  sessions: readonly Session[]\n}\n"]}

package/dist/result/authorization-result-redirect.js.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-result-redirect.js","sourceRoot":"","sources":["../../src/result/authorization-result-redirect.ts"],"names":[],"mappings":""}
+{"version":3,"file":"authorization-result-redirect.js","sourceRoot":"","sources":["../../src/result/authorization-result-redirect.ts"],"names":[],"mappings":"","sourcesContent":["import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'\nimport { AuthorizationRedirectParameters } from './authorization-redirect-parameters.js'\n\nexport type AuthorizationResultRedirect = {\n  issuer: string\n  parameters: OAuthAuthorizationRequestParameters\n  redirect: AuthorizationRedirectParameters\n}\n"]}

package/dist/router/assets/assets-manifest.js.map

@@ -1 +1 @@
-{"version":3,"file":"assets-manifest.js","sourceRoot":"","sources":["../../../src/router/assets/assets-manifest.ts"],"names":[],"mappings":";;AAiCA,kDAyEC;AA1GD,qCAA0C;AAC1C,yCAAgC;AAChC,6CAAsC;AAGtC,sDAKgC;AAqBhC,MAAM,iBAAiB,GAAG,mCAAmC,CAAA;AAE7D,SAAgB,mBAAmB,CAAC,YAAoB;IACtD,yEAAyE;IACzE,uDAAuD;IAEvD,2BAA2B;IAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,CAAa,CAAA;IAElD,MAAM,MAAM,GAAG,IAAI,GAAG,CACpB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,EAAE;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACxD,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,YAAY,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;QACnD,MAAM,MAAM,GAAG,MAAM;YACnB,CAAC,CAAC,GAAG,EAAE,CAAC,sBAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,CAAC,CAAC,GAAG,EAAE,CAAC,IAAA,0BAAgB,EAAC,QAAQ,CAAC,CAAA;QACpC,OAAO,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,CAAC,CAAA;IACxC,CAAC,CAAC,CACH,CAAA;IAED,MAAM,gBAAgB,GAAe,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACtD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,EAAE,CAAA;QAChE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,iBAAiB,CAAC;YAAE,OAAO,IAAI,EAAE,CAAA;QAE1D,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAA;QAC5E,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,EAAE,CAAA;QAE5B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAClC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,EAAE,CAAA;QAEzB,IAAI,CAAC;YACH,oEAAoE;YACpE,uCAAuC;YACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAA;YACnE,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC/D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,GAAG,CAAC,CAAA;QAClB,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YAClD,OAAO,KAAK,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;QACtC,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;QACnC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,qCAAqC,CAAC,CAAA;QAErE,IAAA,sBAAW,EAAC,GAAG,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAA;IAED,OAAO;QACL,SAAS;QACT,gBAAgB;KACjB,CAAA;IAED,SAAS,SAAS,CAAC,SAAiB;QAClC,MAAM,OAAO,GAAG,UAAU,CAAC,SAAS,CAAC,CAAA;QACrC,IAAI,CAAC,OAAO,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAChC,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,CAAA;QACnC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;IAC5B,CAAC;IAED,SAAS,UAAU,CAAC,SAAiB;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;aACtB,MAAM,CACL,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CACZ,KAAK,CAAC,IAAI,KAAK,OAAO,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,CACtE;aACA,GAAG,CAAC,aAAa,CAAC,CAAA;IACvB,CAAC;IAED,SAAS,SAAS,CAAC,UAAkB;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;aACtB,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,UAAU,CAAC;aAChD,GAAG,CAAC,aAAa,CAAC,CAAA;IACvB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,CAAC,QAAQ,CAAkB;IAChD,OAAO,EAAE,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAA;AACpC,CAAC;AAED,SAAS,QAAQ,CAAC,QAAgB;IAChC,OAAO,GAAG,iBAAiB,GAAG,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAA;AAC9D,CAAC"}
+{"version":3,"file":"assets-manifest.js","sourceRoot":"","sources":["../../../src/router/assets/assets-manifest.ts"],"names":[],"mappings":";;AAiCA,kDAyEC;AA1GD,qCAA0C;AAC1C,yCAAgC;AAChC,6CAAsC;AAGtC,sDAKgC;AAqBhC,MAAM,iBAAiB,GAAG,mCAAmC,CAAA;AAE7D,SAAgB,mBAAmB,CAAC,YAAoB;IACtD,yEAAyE;IACzE,uDAAuD;IAEvD,2BAA2B;IAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,CAAa,CAAA;IAElD,MAAM,MAAM,GAAG,IAAI,GAAG,CACpB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,EAAE;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACxD,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,YAAY,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;QACnD,MAAM,MAAM,GAAG,MAAM;YACnB,CAAC,CAAC,GAAG,EAAE,CAAC,sBAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,CAAC,CAAC,GAAG,EAAE,CAAC,IAAA,0BAAgB,EAAC,QAAQ,CAAC,CAAA;QACpC,OAAO,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,CAAC,CAAA;IACxC,CAAC,CAAC,CACH,CAAA;IAED,MAAM,gBAAgB,GAAe,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACtD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,EAAE,CAAA;QAChE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,iBAAiB,CAAC;YAAE,OAAO,IAAI,EAAE,CAAA;QAE1D,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAA;QAC5E,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,EAAE,CAAA;QAE5B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAClC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,EAAE,CAAA;QAEzB,IAAI,CAAC;YACH,oEAAoE;YACpE,uCAAuC;YACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAA;YACnE,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC/D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,GAAG,CAAC,CAAA;QAClB,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YAClD,OAAO,KAAK,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;QACtC,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;QACnC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,qCAAqC,CAAC,CAAA;QAErE,IAAA,sBAAW,EAAC,GAAG,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAA;IAED,OAAO;QACL,SAAS;QACT,gBAAgB;KACjB,CAAA;IAED,SAAS,SAAS,CAAC,SAAiB;QAClC,MAAM,OAAO,GAAG,UAAU,CAAC,SAAS,CAAC,CAAA;QACrC,IAAI,CAAC,OAAO,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAChC,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,CAAA;QACnC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;IAC5B,CAAC;IAED,SAAS,UAAU,CAAC,SAAiB;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;aACtB,MAAM,CACL,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CACZ,KAAK,CAAC,IAAI,KAAK,OAAO,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,CACtE;aACA,GAAG,CAAC,aAAa,CAAC,CAAA;IACvB,CAAC;IAED,SAAS,SAAS,CAAC,UAAkB;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;aACtB,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,UAAU,CAAC;aAChD,GAAG,CAAC,aAAa,CAAC,CAAA;IACvB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,CAAC,QAAQ,CAAkB;IAChD,OAAO,EAAE,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAA;AACpC,CAAC;AAED,SAAS,QAAQ,CAAC,QAAgB;IAChC,OAAO,GAAG,iBAAiB,GAAG,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAA;AAC9D,CAAC","sourcesContent":["import { createReadStream } from 'node:fs'\nimport { join } from 'node:path'\nimport { Readable } from 'node:stream'\nimport type { Manifest } from '@atproto-labs/rollup-plugin-bundle-manifest'\nimport { AssetRef } from '../../lib/html/build-document.js'\nimport {\n  Middleware,\n  validateFetchDest,\n  validateFetchSite,\n  writeStream,\n} from '../../lib/http/index.js'\n\ntype Asset =\n  | {\n      type: 'asset'\n      mime?: string\n      sha256: string\n      stream: () => Readable\n    }\n  | {\n      type: 'chunk'\n      mime: string\n      sha256: string\n      dynamicImports: string[]\n      isDynamicEntry: boolean\n      isEntry: boolean\n      isImplicitEntry: boolean\n      name: string\n      stream: () => Readable\n    }\n\nconst ASSETS_URL_PREFIX = '/@atproto/oauth-provider/~assets/'\n\nexport function parseAssetsManifest(manifestPath: string) {\n  // Using `require` instead of `JSON.parse(readFileSync())` so that node's\n  // watch mode can pick up changes to the manifest file.\n\n  // eslint-disable-next-line\n  const manifest = require(manifestPath) as Manifest\n\n  const assets = new Map<string, Asset>(\n    Object.entries(manifest).map(([filename, { data, ...item }]) => {\n      const buffer = data ? Buffer.from(data, 'base64') : null\n      const filepath = join(manifestPath, '..', filename)\n      const stream = buffer\n        ? () => Readable.from(buffer)\n        : () => createReadStream(filepath)\n      return [filename, { ...item, stream }]\n    }),\n  )\n\n  const assetsMiddleware: Middleware = (req, res, next) => {\n    if (req.method !== 'GET' && req.method !== 'HEAD') return next()\n    if (!req.url?.startsWith(ASSETS_URL_PREFIX)) return next()\n\n    const filename = decodeURIComponent(req.url.slice(ASSETS_URL_PREFIX.length))\n    if (!filename) return next()\n\n    const asset = assets.get(filename)\n    if (!asset) return next()\n\n    try {\n      // Allow \"null\" (ie. no header) to allow loading assets outside of a\n      // fetch context (not from a web page).\n      validateFetchSite(req, [null, 'none', 'cross-site', 'same-origin'])\n      validateFetchDest(req, [null, 'document', 'style', 'script'])\n    } catch (err) {\n      return next(err)\n    }\n\n    if (req.headers['if-none-match'] === asset.sha256) {\n      return void res.writeHead(304).end()\n    }\n\n    res.setHeader('ETag', asset.sha256)\n    res.setHeader('Cache-Control', 'public, max-age=31536000, immutable')\n\n    writeStream(res, asset.stream(), { contentType: asset.mime })\n  }\n\n  return {\n    getAssets,\n    assetsMiddleware,\n  }\n\n  function getAssets(entryName: string) {\n    const scripts = getScripts(entryName)\n    if (!scripts.length) return null\n    const styles = getStyles(entryName)\n    return { scripts, styles }\n  }\n\n  function getScripts(entryName: string) {\n    return Array.from(assets)\n      .filter(\n        ([, asset]) =>\n          asset.type === 'chunk' && asset.isEntry && asset.name === entryName,\n      )\n      .map(assetEntryUrl)\n  }\n\n  function getStyles(_entryName: string) {\n    return Array.from(assets)\n      .filter(([, asset]) => asset.mime === 'text/css')\n      .map(assetEntryUrl)\n  }\n}\n\nfunction assetEntryUrl([filename]: [string, Asset]): AssetRef {\n  return { url: assetUrl(filename) }\n}\n\nfunction assetUrl(filename: string) {\n  return `${ASSETS_URL_PREFIX}${encodeURIComponent(filename)}`\n}\n"]}

package/dist/router/assets/assets.js.map

@@ -1 +1 @@
-{"version":3,"file":"assets.js","sourceRoot":"","sources":["../../../src/router/assets/assets.ts"],"names":[],"mappings":";;;AAuBA,8BAMC;AA1BD,gEAAiE;AAEjE,6DAA0D;AAE1D,6EAA6E;AAC7E,4BAA4B;AAC5B,EAAE;AACF,+DAA+D;AAC/D,wEAAwE;AACxE,IAAI;AAEJ,MAAM,EAAE,GAAG,IAAA,wCAAmB,EAC5B,OAAO,CAAC,OAAO,CAAC,iDAAiD,CAAC,CACnE,CAAA;AACD,MAAM,EAAE,GAAG,IAAA,wCAAmB,EAC5B,OAAO,CAAC,OAAO,CAAC,uDAAuD,CAAC,CACzE,CAAA;AAID,SAAgB,SAAS,CAAC,SAA8B;IACtD,MAAM,QAAQ,GAAG,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC,CAAA;IACnE,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAE7B,mCAAmC;IACnC,MAAM,IAAI,KAAK,CAAC,UAAU,SAAS,uBAAuB,CAAC,CAAA;AAC7D,CAAC;AAEY,QAAA,gBAAgB,GAAG,IAAA,kCAAkB,EAAC;IACjD,EAAE,CAAC,gBAAgB;IACnB,EAAE,CAAC,gBAAgB;CACpB,CAAC,CAAA;AAEW,QAAA,OAAO,GAAc;IAChC,wCAAwC;IACxC,aAAa,EAAE,CAAC,QAAQ,CAAC;IACzB,2CAA2C;IAC3C,SAAS,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC;IAC9B,+BAA+B;IAC/B,iBAAiB,EAAE,CAAC,QAAQ,CAAC;CAC9B,CAAA;AAED;;GAEG;AACU,QAAA,YAAY,GAAc;IACrC,YAAY,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAChE,WAAW,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAC/D,WAAW,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAC/D,aAAa,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;CAClE,CAAA"}
+{"version":3,"file":"assets.js","sourceRoot":"","sources":["../../../src/router/assets/assets.ts"],"names":[],"mappings":";;;AAuBA,8BAMC;AA1BD,gEAAiE;AAEjE,6DAA0D;AAE1D,6EAA6E;AAC7E,4BAA4B;AAC5B,EAAE;AACF,+DAA+D;AAC/D,wEAAwE;AACxE,IAAI;AAEJ,MAAM,EAAE,GAAG,IAAA,wCAAmB,EAC5B,OAAO,CAAC,OAAO,CAAC,iDAAiD,CAAC,CACnE,CAAA;AACD,MAAM,EAAE,GAAG,IAAA,wCAAmB,EAC5B,OAAO,CAAC,OAAO,CAAC,uDAAuD,CAAC,CACzE,CAAA;AAID,SAAgB,SAAS,CAAC,SAA8B;IACtD,MAAM,QAAQ,GAAG,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC,CAAA;IACnE,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAE7B,mCAAmC;IACnC,MAAM,IAAI,KAAK,CAAC,UAAU,SAAS,uBAAuB,CAAC,CAAA;AAC7D,CAAC;AAEY,QAAA,gBAAgB,GAAG,IAAA,kCAAkB,EAAC;IACjD,EAAE,CAAC,gBAAgB;IACnB,EAAE,CAAC,gBAAgB;CACpB,CAAC,CAAA;AAEW,QAAA,OAAO,GAAc;IAChC,wCAAwC;IACxC,aAAa,EAAE,CAAC,QAAQ,CAAC;IACzB,2CAA2C;IAC3C,SAAS,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC;IAC9B,+BAA+B;IAC/B,iBAAiB,EAAE,CAAC,QAAQ,CAAC;CAC9B,CAAA;AAED;;GAEG;AACU,QAAA,YAAY,GAAc;IACrC,YAAY,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAChE,WAAW,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAC/D,WAAW,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAC/D,aAAa,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;CAClE,CAAA","sourcesContent":["import type { HydrationData as FeHydrationData } from '@atproto/oauth-provider-frontend/hydration-data'\nimport type { HydrationData as UiHydrationData } from '@atproto/oauth-provider-ui/hydration-data'\nimport { CspConfig } from '../../lib/csp/index.js'\nimport { combineMiddlewares } from '../../lib/http/middleware.js'\nimport { Simplify } from '../../lib/util/type.js'\nimport { parseAssetsManifest } from './assets-manifest.js'\n\n// If the \"ui\" and \"frontend\" packages are ever unified, this can be replaced\n// with a single expression:\n//\n// const { getAssets, assetsMiddleware } = parseAssetsManifest(\n//   require.resolve('@atproto/oauth-provider-ui/bundle-manifest.json'),\n// )\n\nconst ui = parseAssetsManifest(\n  require.resolve('@atproto/oauth-provider-ui/bundle-manifest.json'),\n)\nconst fe = parseAssetsManifest(\n  require.resolve('@atproto/oauth-provider-frontend/bundle-manifest.json'),\n)\n\nexport type HydrationData = Simplify<UiHydrationData & FeHydrationData>\n\nexport function getAssets(entryName: keyof HydrationData) {\n  const assetRef = ui.getAssets(entryName) || fe.getAssets(entryName)\n  if (assetRef) return assetRef\n\n  // Fool-proof. Should never happen.\n  throw new Error(`Entry \"${entryName}\" not found in assets`)\n}\n\nexport const assetsMiddleware = combineMiddlewares([\n  ui.assetsMiddleware,\n  fe.assetsMiddleware,\n])\n\nexport const SPA_CSP: CspConfig = {\n  // API calls are made to the same origin\n  'connect-src': [\"'self'\"],\n  // Allow loading of PDS logo & User avatars\n  'img-src': ['data:', 'https:'],\n  // Prevent embedding in iframes\n  'frame-ancestors': [\"'none'\"],\n}\n\n/**\n * @see {@link https://docs.hcaptcha.com/#content-security-policy-settings}\n */\nexport const HCAPTCHA_CSP: CspConfig = {\n  'script-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],\n  'frame-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],\n  'style-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],\n  'connect-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],\n}\n"]}

package/dist/router/assets/csrf.js.map

@@ -1 +1 @@
-{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../../../src/router/assets/csrf.ts"],"names":[],"mappings":";;;;;AAuBA,wCAUC;AAED,8CAUC;AA5CD,8DAAyC;AACzC,oEAAgF;AAChF,sDAIgC;AAChC,wDAAsD;AAEtD,MAAM,iBAAiB,GAAG,EAAE,CAAA;AAC5B,MAAM,YAAY,GAAG,iBAAiB,GAAG,CAAC,CAAA,CAAC,uBAAuB;AAElE,6EAA6E;AAC7E,0DAA0D;AAC1D,MAAM,mBAAmB,GAAqC;IAC5D,OAAO,EAAE,SAAS,EAAE,mBAAmB;IACvC,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,KAAK,EAAE,wCAAwC;IACzD,QAAQ,EAAE,KAAK;IACf,IAAI,EAAE,GAAG;CACV,CAAA;AAEM,KAAK,UAAU,cAAc,CAClC,GAAoB,EACpB,GAAmB;IAEnB,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAA,uBAAW,EAAC,iBAAiB,CAAC,CAAC,CAAA;IAE1E,oDAAoD;IACpD,IAAA,oBAAS,EAAC,GAAG,EAAE,qCAAgB,EAAE,KAAK,EAAE,mBAAmB,CAAC,CAAA;IAE5D,OAAO,KAAK,CAAA;AACd,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB;IAEnB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IAClD,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;IAEvC,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,IAAA,qBAAe,EAAC,GAAG,EAAE,eAAe,CAAC,CAAA;IAC7C,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,GAAoB;IACzC,MAAM,OAAO,GAAG,IAAA,2BAAgB,EAAC,GAAG,CAAC,CAAA;IACrC,MAAM,WAAW,GAAG,OAAO,CAAC,qCAAgB,CAAC,CAAA;IAC7C,IAAI,WAAW,EAAE,MAAM,KAAK,YAAY,EAAE,CAAC;QACzC,OAAO,WAAW,CAAA;IACpB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,GAAoB;IAC1C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,qCAAgB,CAAC,CAAA;IACjD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QAC3E,OAAO,WAAW,CAAA;IACpB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC"}
+{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../../../src/router/assets/csrf.ts"],"names":[],"mappings":";;;;;AAuBA,wCAUC;AAED,8CAUC;AA5CD,8DAAyC;AACzC,oEAAgF;AAChF,sDAIgC;AAChC,wDAAsD;AAEtD,MAAM,iBAAiB,GAAG,EAAE,CAAA;AAC5B,MAAM,YAAY,GAAG,iBAAiB,GAAG,CAAC,CAAA,CAAC,uBAAuB;AAElE,6EAA6E;AAC7E,0DAA0D;AAC1D,MAAM,mBAAmB,GAAqC;IAC5D,OAAO,EAAE,SAAS,EAAE,mBAAmB;IACvC,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,KAAK,EAAE,wCAAwC;IACzD,QAAQ,EAAE,KAAK;IACf,IAAI,EAAE,GAAG;CACV,CAAA;AAEM,KAAK,UAAU,cAAc,CAClC,GAAoB,EACpB,GAAmB;IAEnB,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAA,uBAAW,EAAC,iBAAiB,CAAC,CAAC,CAAA;IAE1E,oDAAoD;IACpD,IAAA,oBAAS,EAAC,GAAG,EAAE,qCAAgB,EAAE,KAAK,EAAE,mBAAmB,CAAC,CAAA;IAE5D,OAAO,KAAK,CAAA;AACd,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB;IAEnB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IAClD,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;IAEvC,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,IAAA,qBAAe,EAAC,GAAG,EAAE,eAAe,CAAC,CAAA;IAC7C,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,GAAoB;IACzC,MAAM,OAAO,GAAG,IAAA,2BAAgB,EAAC,GAAG,CAAC,CAAA;IACrC,MAAM,WAAW,GAAG,OAAO,CAAC,qCAAgB,CAAC,CAAA;IAC7C,IAAI,WAAW,EAAE,MAAM,KAAK,YAAY,EAAE,CAAC;QACzC,OAAO,WAAW,CAAA;IACpB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,GAAoB;IAC1C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,qCAAgB,CAAC,CAAA;IACjD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QAC3E,OAAO,WAAW,CAAA;IACpB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport createHttpError from 'http-errors'\nimport { CSRF_COOKIE_NAME, CSRF_HEADER_NAME } from '@atproto/oauth-provider-api'\nimport {\n  CookieSerializeOptions,\n  parseHttpCookies,\n  setCookie,\n} from '../../lib/http/index.js'\nimport { randomHexId } from '../../lib/util/crypto.js'\n\nconst TOKEN_BYTE_LENGTH = 12\nconst TOKEN_LENGTH = TOKEN_BYTE_LENGTH * 2 // 2 hex chars per byte\n\n// @NOTE Cookie based CSRF protection is redundant with session cookies using\n// `SameSite` and could probably be removed in the future.\nconst CSRF_COOKIE_OPTIONS: Readonly<CookieSerializeOptions> = {\n  expires: undefined, // \"session\" cookie\n  secure: true,\n  httpOnly: false, // Need to be accessible from JavaScript\n  sameSite: 'lax',\n  path: `/`,\n}\n\nexport async function setupCsrfToken(\n  req: IncomingMessage,\n  res: ServerResponse,\n): Promise<string> {\n  const token = getCookieCsrf(req) || (await randomHexId(TOKEN_BYTE_LENGTH))\n\n  // Refresh cookie (See Chrome's \"Lax+POST\" behavior)\n  setCookie(res, CSRF_COOKIE_NAME, token, CSRF_COOKIE_OPTIONS)\n\n  return token\n}\n\nexport async function validateCsrfToken(\n  req: IncomingMessage,\n  res: ServerResponse,\n) {\n  const cookieValue = await setupCsrfToken(req, res)\n  const headerValue = getHeadersCsrf(req)\n\n  if (cookieValue !== headerValue) {\n    throw createHttpError(400, `CSRF mismatch`)\n  }\n}\n\nfunction getCookieCsrf(req: IncomingMessage) {\n  const cookies = parseHttpCookies(req)\n  const cookieValue = cookies[CSRF_COOKIE_NAME]\n  if (cookieValue?.length === TOKEN_LENGTH) {\n    return cookieValue\n  }\n  return undefined\n}\n\nfunction getHeadersCsrf(req: IncomingMessage) {\n  const headerValue = req.headers[CSRF_HEADER_NAME]\n  if (typeof headerValue === 'string' && headerValue.length === TOKEN_LENGTH) {\n    return headerValue\n  }\n  return undefined\n}\n"]}

package/dist/router/assets/send-account-page.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-account-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-account-page.ts"],"names":[],"mappings":";;AAaA,wDA6BC;AAxCD,+FAAsF;AACtF,iGAAwF;AAExF,wEAAuE;AACvE,sDAAiD;AACjD,oDAA6C;AAC7C,4EAA8E;AAC9E,iEAAwD;AACxD,2CAA+D;AAC/D,uCAA0C;AAE1C,SAAgB,sBAAsB,CAAC,aAA4B;IACjE,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,cAAc,CAAC,CAAA;IAErD,OAAO,KAAK,UAAU,eAAe,CACnC,GAAoB,EACpB,GAAmB,EACnB,IAEC;QAED,MAAM,IAAA,wBAAc,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAAgC;YACjE,mBAAmB,EAAE,iBAAiB;YACtC,gBAAgB,EAAE,IAAI,CAAC,cAAc;SACtC,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,cAAI,EAAA,uBAAuB;YACjC,GAAG,EAAE,mBAAO;YACZ,IAAI,EAAE,+CAAyB,CAAC,cAAc;YAC9C,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}
+{"version":3,"file":"send-account-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-account-page.ts"],"names":[],"mappings":";;AAaA,wDA6BC;AAxCD,+FAAsF;AACtF,iGAAwF;AAExF,wEAAuE;AACvE,sDAAiD;AACjD,oDAA6C;AAC7C,4EAA8E;AAC9E,iEAAwD;AACxD,2CAA+D;AAC/D,uCAA0C;AAE1C,SAAgB,sBAAsB,CAAC,aAA4B;IACjE,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,cAAc,CAAC,CAAA;IAErD,OAAO,KAAK,UAAU,eAAe,CACnC,GAAoB,EACpB,GAAmB,EACnB,IAEC;QAED,MAAM,IAAA,wBAAc,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAAgC;YACjE,mBAAmB,EAAE,iBAAiB;YACtC,gBAAgB,EAAE,IAAI,CAAC,cAAc;SACtC,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,cAAI,EAAA,uBAAuB;YACjC,GAAG,EAAE,mBAAO;YACZ,IAAI,EAAE,+CAAyB,CAAC,cAAc;YAC9C,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport type { ActiveDeviceSession } from '@atproto/oauth-provider-api'\nimport { buildCustomizationCss } from '../../customization/build-customization-css.js'\nimport { buildCustomizationData } from '../../customization/build-customization-data.js'\nimport { Customization } from '../../customization/customization.js'\nimport { declareHydrationData } from '../../lib/html/hydration-data.js'\nimport { cssCode } from '../../lib/html/index.js'\nimport { html } from '../../lib/html/tags.js'\nimport { CrossOriginEmbedderPolicy } from '../../lib/http/security-headers.js'\nimport { sendWebPage } from '../../lib/send-web-page.js'\nimport { HydrationData, SPA_CSP, getAssets } from './assets.js'\nimport { setupCsrfToken } from './csrf.js'\n\nexport function sendAccountPageFactory(customization: Customization) {\n  // Pre-computed options:\n  const customizationData = buildCustomizationData(customization)\n  const customizationCss = cssCode(buildCustomizationCss(customization))\n  const { scripts, styles } = getAssets('account-page')\n\n  return async function sendAccountPage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    data: {\n      deviceSessions: readonly ActiveDeviceSession[]\n    },\n  ): Promise<void> {\n    await setupCsrfToken(req, res)\n\n    const script = declareHydrationData<HydrationData['account-page']>({\n      __customizationData: customizationData,\n      __deviceSessions: data.deviceSessions,\n    })\n\n    return sendWebPage(res, {\n      meta: [{ name: 'robots', content: 'noindex' }],\n      body: html`<div id=\"root\"></div>`,\n      csp: SPA_CSP,\n      coep: CrossOriginEmbedderPolicy.credentialless,\n      scripts: [script, ...scripts],\n      styles: [...styles, customizationCss],\n    })\n  }\n}\n"]}

package/dist/router/assets/send-authorization-page.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-authorization-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":";;AAaA,4DAiDC;AA7DD,+FAAsF;AACtF,iGAAwF;AAExF,qDAAiD;AACjD,wEAAuE;AACvE,sDAAuD;AACvD,4EAA8E;AAC9E,iEAAwD;AAExD,2CAA6E;AAC7E,uCAA0C;AAE1C,SAAgB,wBAAwB,CAAC,aAA4B;IACnE,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,oBAAoB,CAAC,CAAA;IAC3D,MAAM,GAAG,GAAG,IAAA,mBAAQ,EAClB,mBAAO,EACP,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAY,CAAC,CAAC,CAAC,SAAS,CACnD,CAAA;IACD,MAAM,IAAI,GAAG,aAAa,EAAE,QAAQ;QAClC,CAAC,CAAC,wDAAwD;YACxD,wEAAwE;YACxE,+CAAyB,CAAC,UAAU;QACtC,CAAC,CAAC,+CAAyB,CAAC,cAAc,CAAA;IAE5C,OAAO,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB,EACnB,IAAsC;QAEtC,MAAM,IAAA,wBAAc,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAAsC;YACvE,mBAAmB,EAAE,iBAAiB;YACtC,eAAe,EAAE;gBACf,UAAU,EAAE,IAAI,CAAC,UAAU;gBAE3B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;gBACxB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBACpC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;gBACzC,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAE/C,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK;gBAC5B,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;gBACrC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;gBACrC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,cAAc,CAAC;aACxD;YACD,UAAU,EAAE,IAAI,CAAC,QAAQ;SAC1B,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;YACjC,GAAG;YACH,IAAI;YACJ,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}
+{"version":3,"file":"send-authorization-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":";;AAaA,4DAiDC;AA7DD,+FAAsF;AACtF,iGAAwF;AAExF,qDAAiD;AACjD,wEAAuE;AACvE,sDAAuD;AACvD,4EAA8E;AAC9E,iEAAwD;AAExD,2CAA6E;AAC7E,uCAA0C;AAE1C,SAAgB,wBAAwB,CAAC,aAA4B;IACnE,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,oBAAoB,CAAC,CAAA;IAC3D,MAAM,GAAG,GAAG,IAAA,mBAAQ,EAClB,mBAAO,EACP,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAY,CAAC,CAAC,CAAC,SAAS,CACnD,CAAA;IACD,MAAM,IAAI,GAAG,aAAa,EAAE,QAAQ;QAClC,CAAC,CAAC,wDAAwD;YACxD,wEAAwE;YACxE,+CAAyB,CAAC,UAAU;QACtC,CAAC,CAAC,+CAAyB,CAAC,cAAc,CAAA;IAE5C,OAAO,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB,EACnB,IAAsC;QAEtC,MAAM,IAAA,wBAAc,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAAsC;YACvE,mBAAmB,EAAE,iBAAiB;YACtC,eAAe,EAAE;gBACf,UAAU,EAAE,IAAI,CAAC,UAAU;gBAE3B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;gBACxB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBACpC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;gBACzC,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;gBAE/C,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK;gBAC5B,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;gBACrC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;gBACrC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,cAAc,CAAC;aACxD;YACD,UAAU,EAAE,IAAI,CAAC,QAAQ;SAC1B,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;YACjC,GAAG;YACH,IAAI;YACJ,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { buildCustomizationCss } from '../../customization/build-customization-css.js'\nimport { buildCustomizationData } from '../../customization/build-customization-data.js'\nimport { Customization } from '../../customization/customization.js'\nimport { mergeCsp } from '../../lib/csp/index.js'\nimport { declareHydrationData } from '../../lib/html/hydration-data.js'\nimport { cssCode, html } from '../../lib/html/index.js'\nimport { CrossOriginEmbedderPolicy } from '../../lib/http/security-headers.js'\nimport { sendWebPage } from '../../lib/send-web-page.js'\nimport { AuthorizationResultAuthorizePage } from '../../result/authorization-result-authorize-page.js'\nimport { HCAPTCHA_CSP, HydrationData, SPA_CSP, getAssets } from './assets.js'\nimport { setupCsrfToken } from './csrf.js'\n\nexport function sendAuthorizePageFactory(customization: Customization) {\n  // Pre-computed options:\n  const customizationData = buildCustomizationData(customization)\n  const customizationCss = cssCode(buildCustomizationCss(customization))\n  const { scripts, styles } = getAssets('authorization-page')\n  const csp = mergeCsp(\n    SPA_CSP,\n    customization?.hcaptcha ? HCAPTCHA_CSP : undefined,\n  )\n  const coep = customization?.hcaptcha\n    ? // https://github.com/hCaptcha/react-hcaptcha/issues/259\n      // @TODO Remove the use of `unsafeNone` once the issue above is resolved\n      CrossOriginEmbedderPolicy.unsafeNone\n    : CrossOriginEmbedderPolicy.credentialless\n\n  return async function sendAuthorizePage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    data: AuthorizationResultAuthorizePage,\n  ): Promise<void> {\n    await setupCsrfToken(req, res)\n\n    const script = declareHydrationData<HydrationData['authorization-page']>({\n      __customizationData: customizationData,\n      __authorizeData: {\n        requestUri: data.requestUri,\n\n        clientId: data.client.id,\n        clientMetadata: data.client.metadata,\n        clientTrusted: data.client.info.isTrusted,\n        clientFirstParty: data.client.info.isFirstParty,\n\n        scope: data.parameters.scope,\n        uiLocales: data.parameters.ui_locales,\n        loginHint: data.parameters.login_hint,\n        permissionSets: Object.fromEntries(data.permissionSets),\n      },\n      __sessions: data.sessions,\n    })\n\n    return sendWebPage(res, {\n      meta: [{ name: 'robots', content: 'noindex' }],\n      body: html`<div id=\"root\"></div>`,\n      csp,\n      coep,\n      scripts: [script, ...scripts],\n      styles: [...styles, customizationCss],\n    })\n  }\n}\n"]}

package/dist/router/assets/send-error-page.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-error-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-error-page.ts"],"names":[],"mappings":";;AAeA,oDA0BC;AAxCD,+FAAsF;AACtF,iGAAwF;AAExF,kEAGqC;AACrC,wEAAuE;AACvE,sDAAiD;AACjD,oDAA6C;AAC7C,4EAA8E;AAC9E,iEAAwD;AACxD,2CAA+D;AAE/D,SAAgB,oBAAoB,CAAC,aAA4B;IAC/D,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,YAAY,CAAC,CAAA;IAEnD,OAAO,SAAS,aAAa,CAC3B,GAAoB,EACpB,GAAmB,EACnB,GAAY;QAEZ,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAA8B;YAC/D,mBAAmB,EAAE,iBAAiB;YACtC,WAAW,EAAE,IAAA,mCAAiB,EAAC,GAAG,CAAC;SACpC,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,MAAM,EAAE,IAAA,kCAAgB,EAAC,GAAG,CAAC;YAC7B,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,cAAI,EAAA,uBAAuB;YACjC,GAAG,EAAE,mBAAO;YACZ,IAAI,EAAE,+CAAyB,CAAC,cAAc;YAC9C,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}
+{"version":3,"file":"send-error-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-error-page.ts"],"names":[],"mappings":";;AAeA,oDA0BC;AAxCD,+FAAsF;AACtF,iGAAwF;AAExF,kEAGqC;AACrC,wEAAuE;AACvE,sDAAiD;AACjD,oDAA6C;AAC7C,4EAA8E;AAC9E,iEAAwD;AACxD,2CAA+D;AAE/D,SAAgB,oBAAoB,CAAC,aAA4B;IAC/D,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,YAAY,CAAC,CAAA;IAEnD,OAAO,SAAS,aAAa,CAC3B,GAAoB,EACpB,GAAmB,EACnB,GAAY;QAEZ,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAA8B;YAC/D,mBAAmB,EAAE,iBAAiB;YACtC,WAAW,EAAE,IAAA,mCAAiB,EAAC,GAAG,CAAC;SACpC,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,MAAM,EAAE,IAAA,kCAAgB,EAAC,GAAG,CAAC;YAC7B,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,cAAI,EAAA,uBAAuB;YACjC,GAAG,EAAE,mBAAO;YACZ,IAAI,EAAE,+CAAyB,CAAC,cAAc;YAC9C,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { buildCustomizationCss } from '../../customization/build-customization-css.js'\nimport { buildCustomizationData } from '../../customization/build-customization-data.js'\nimport { Customization } from '../../customization/customization.js'\nimport {\n  buildErrorPayload,\n  buildErrorStatus,\n} from '../../errors/error-parser.js'\nimport { declareHydrationData } from '../../lib/html/hydration-data.js'\nimport { cssCode } from '../../lib/html/index.js'\nimport { html } from '../../lib/html/tags.js'\nimport { CrossOriginEmbedderPolicy } from '../../lib/http/security-headers.js'\nimport { sendWebPage } from '../../lib/send-web-page.js'\nimport { HydrationData, SPA_CSP, getAssets } from './assets.js'\n\nexport function sendErrorPageFactory(customization: Customization) {\n  // Pre-computed options:\n  const customizationData = buildCustomizationData(customization)\n  const customizationCss = cssCode(buildCustomizationCss(customization))\n  const { scripts, styles } = getAssets('error-page')\n\n  return function sendErrorPage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    err: unknown,\n  ): void {\n    const script = declareHydrationData<HydrationData['error-page']>({\n      __customizationData: customizationData,\n      __errorData: buildErrorPayload(err),\n    })\n\n    return sendWebPage(res, {\n      status: buildErrorStatus(err),\n      meta: [{ name: 'robots', content: 'noindex' }],\n      body: html`<div id=\"root\"></div>`,\n      csp: SPA_CSP,\n      coep: CrossOriginEmbedderPolicy.credentialless,\n      scripts: [script, ...scripts],\n      styles: [...styles, customizationCss],\n    })\n  }\n}\n"]}

package/dist/router/create-account-page-middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"create-account-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-account-page-middleware.ts"],"names":[],"mappings":";;AAeA,kEA6DC;AA1ED,mDAO6B;AAE7B,wEAAsE;AACtE,oEAAkE;AAGlE,SAAgB,2BAA2B,CAKzC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,eAAe,GAAG,IAAA,6CAAsB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IACpE,MAAM,aAAa,GAAG,IAAA,yCAAoB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAEhE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,2CAA2C;IAC3C,uDAAuD;IACvD,MAAM,CAAC,GAAG,CAAC,8BAA8B,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACvD,IAAA,wBAAa,EAAC,GAAG,EAAE,IAAI,GAAG,CAAC,yBAAyB,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,gCAAgC;IAChC,MAAM,CAAC,GAAG,CAAQ,sBAAsB,EAAE,KAAK,WAAW,GAAG,EAAE,GAAG;QAChE,IAAI,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;YAE/C,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;YAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;YAEnC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YAEjC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9D,MAAM,cAAc,GAClB,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;YAE1D,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE;gBACxB,cAAc,EAAE,cAAc,CAAC,GAAG,CAChC,CAAC,aAAa,EAAuB,EAAE,CAAC,CAAC;oBACvC,OAAO,EAAE,aAAa,CAAC,OAAO;oBAC9B,aAAa,EAAE,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC;iBACxD,CAAC,CACH;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;YAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;AACjC,CAAC"}
+{"version":3,"file":"create-account-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-account-page-middleware.ts"],"names":[],"mappings":";;AAeA,kEA6DC;AA1ED,mDAO6B;AAE7B,wEAAsE;AACtE,oEAAkE;AAGlE,SAAgB,2BAA2B,CAKzC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,eAAe,GAAG,IAAA,6CAAsB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IACpE,MAAM,aAAa,GAAG,IAAA,yCAAoB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAEhE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,2CAA2C;IAC3C,uDAAuD;IACvD,MAAM,CAAC,GAAG,CAAC,8BAA8B,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACvD,IAAA,wBAAa,EAAC,GAAG,EAAE,IAAI,GAAG,CAAC,yBAAyB,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,gCAAgC;IAChC,MAAM,CAAC,GAAG,CAAQ,sBAAsB,EAAE,KAAK,WAAW,GAAG,EAAE,GAAG;QAChE,IAAI,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;YAE/C,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;YAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;YAEnC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YAEjC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9D,MAAM,cAAc,GAClB,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;YAE1D,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE;gBACxB,cAAc,EAAE,cAAc,CAAC,GAAG,CAChC,CAAC,aAAa,EAAuB,EAAE,CAAC,CAAC;oBACvC,OAAO,EAAE,aAAa,CAAC,OAAO;oBAC9B,aAAa,EAAE,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC;iBACxD,CAAC,CACH;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;YAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;AACjC,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport type { ActiveDeviceSession } from '@atproto/oauth-provider-api'\nimport {\n  Middleware,\n  Router,\n  validateFetchDest,\n  validateFetchMode,\n  validateOrigin,\n  writeRedirect,\n} from '../lib/http/index.js'\nimport type { OAuthProvider } from '../oauth-provider.js'\nimport { sendAccountPageFactory } from './assets/send-account-page.js'\nimport { sendErrorPageFactory } from './assets/send-error-page.js'\nimport type { MiddlewareOptions } from './middleware-options.js'\n\nexport function createAccountPageMiddleware<\n  Ctx extends object | void = void,\n  Req extends IncomingMessage = IncomingMessage,\n  Res extends ServerResponse = ServerResponse,\n>(\n  server: OAuthProvider,\n  { onError }: MiddlewareOptions<Req, Res>,\n): Middleware<Ctx, Req, Res> {\n  const sendAccountPage = sendAccountPageFactory(server.customization)\n  const sendErrorPage = sendErrorPageFactory(server.customization)\n\n  const issuerUrl = new URL(server.issuer)\n  const issuerOrigin = issuerUrl.origin\n\n  const router = new Router<Ctx, Req, Res>(issuerUrl)\n\n  // Create password reset discovery endpoint\n  // https://w3c.github.io/webappsec-change-password-url/\n  router.get('/.well-known/change-password', (_req, res) => {\n    writeRedirect(res, new URL('/account/reset-password', issuerUrl).toString())\n  })\n\n  // Create frontend account pages\n  router.get<never>(/^\\/account(?:\\/.*)?$/, async function (req, res) {\n    try {\n      res.setHeader('Referrer-Policy', 'same-origin')\n\n      res.setHeader('Cache-Control', 'no-store')\n      res.setHeader('Pragma', 'no-cache')\n\n      validateFetchMode(req, ['navigate'])\n      validateFetchDest(req, ['document'])\n      validateOrigin(req, issuerOrigin)\n\n      const { deviceId } = await server.deviceManager.load(req, res)\n      const deviceAccounts =\n        await server.accountManager.listDeviceAccounts(deviceId)\n\n      sendAccountPage(req, res, {\n        deviceSessions: deviceAccounts.map(\n          (deviceAccount): ActiveDeviceSession => ({\n            account: deviceAccount.account,\n            loginRequired: server.checkLoginRequired(deviceAccount),\n          }),\n        ),\n      })\n    } catch (err) {\n      onError?.(\n        req,\n        res,\n        err,\n        `Failed to handle navigation request to \"${req.url}\"`,\n      )\n\n      if (!res.headersSent) {\n        sendErrorPage(req, res, err)\n      }\n    }\n  })\n\n  return router.buildMiddleware()\n}\n"]}

package/dist/router/create-api-middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"create-api-middleware.js","sourceRoot":"","sources":["../../src/router/create-api-middleware.ts"],"names":[],"mappings":";;;;;AAyEA,kDAisBC;AA2BD,4CA4CC;AAh1BD,8DAAyC;AACzC,6BAAuB;AACvB,sCAA8C;AAC9C,oEAOoC;AACpC,sDAM6B;AAC7B,gEAA6D;AAC7D,kEAA+D;AAC/D,yDAAiE;AACjE,6EAAqE;AACrE,+DAIkC;AAClC,iFAAwE;AACxE,mFAA0E;AAC1E,mDAe6B;AAC7B,mDAA4D;AAC5D,iDAA6C;AAC7C,qDAAoD;AAGpD,2CAA+C;AAC/C,8DAAwE;AAExE,sDAAoD;AACpD,wDAAsD;AACtD,gDAA+C;AAC/C,kDAAiD;AACjD,sDAAwD;AACxD,8CAAoD;AAEpD,yDAQ2B;AAE3B,MAAM,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,wBAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAA;AAEtE,SAAgB,mBAAmB,CAKjC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IACrC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,6BAA6B;QACvC,MAAM,EAAE,kBAAkB;QAC1B,KAAK,CAAC,OAAO;YACX,MAAM,MAAM,CAAC,cAAc,CAAC,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;YACvE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAA;QACtC,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,oCAAiB;QACzB,mBAAmB,EAAE,IAAI;QACzB,KAAK,CAAC,OAAO;YACX,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;YAE5D,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,aAAa,CACvD,QAAQ,EACR,cAAc,EACd,KAAK,CACN,CAAA;YAED,2DAA2D;YAC3D,MAAM,QAAQ,GAAG,UAAU,IAAI,IAAI,CAAA;YAEnC,4EAA4E;YAC5E,cAAc;YACd,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;YACxE,CAAC;YAED,MAAM,cAAc,GAAG,QAAQ;gBAC7B,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC;oBACvC,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ;oBACR,UAAU,EAAE,IAAI,CAAC,UAAU;iBAC5B,CAAC,CAAA;YAEN,MAAM,IAAI,GAAG,EAAE,OAAO,EAAE,cAAc,EAAE,CAAA;YACxC,OAAO,EAAE,IAAI,EAAE,CAAA;QACjB,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,kCAAgB,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC;QACrE,mBAAmB,EAAE,IAAI;QACzB,KAAK,CAAC,OAAO;YACX,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;YAErD,2DAA2D;YAC3D,MAAM,EAAE,QAAQ,GAAG,UAAU,IAAI,IAAI,EAAE,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,KAAK,CAAA;YAE9D,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAC7D,QAAQ,EACR,cAAc,EACd,KAAK,CACN,CAAA;YAED,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;YACxE,CAAC;iBAAM,CAAC;gBACN,oEAAoE;gBACpE,iEAAiE;gBACjE,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;YACxE,CAAC;YAED,MAAM,cAAc,GAAG,QAAQ;gBAC7B,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC;oBACvC,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ;oBACR,UAAU;iBACX,CAAC,CAAA;YAEN,IAAI,UAAU,EAAE,CAAC;gBACf,kEAAkE;gBAClE,uDAAuD;gBAEvD,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,GAAG,CAC9D,UAAU,EACV,QAAQ,CACT,CAAA;gBAED,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,UAAU,CAClE,OAAO,CAAC,GAAG,CACZ,CAAA;gBAED,MAAM,IAAI,GAAG;oBACX,OAAO;oBACP,cAAc;oBACd,eAAe,EAAE,MAAM,CAAC,oBAAoB,CAC1C,UAAU,EACV,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAChC;iBACF,CAAA;gBAED,OAAO,EAAE,IAAI,EAAE,CAAA;YACjB,CAAC;YAED,MAAM,IAAI,GAAG,EAAE,OAAO,EAAE,cAAc,EAAE,CAAA;YACxC,OAAO,EAAE,IAAI,EAAE,CAAA;QACjB,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,WAAW;QACrB,MAAM,EAAE,OAAC;aACN,MAAM,CAAC;YACN,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,kBAAS,EAAE,OAAC,CAAC,KAAK,CAAC,kBAAS,CAAC,CAAC,CAAC;SAC9C,CAAC;aACD,MAAM,EAAE;QACX,mBAAmB,EAAE,IAAI;QACzB,KAAK,CAAC,OAAO;YACX,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAA,iBAAO,EAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;YAEnD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;gBAC7B,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;YACrE,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAa,EAAE,EAAE,CAAA;QAC7C,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,yBAAyB;QACnC,MAAM,EAAE,OAAC;aACN,MAAM,CAAC;YACN,MAAM,EAAE,wBAAY;YACpB,KAAK,EAAE,sBAAW;SACnB,CAAC;aACD,MAAM,EAAE;QACX,KAAK,CAAC,OAAO;YACX,MAAM,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAC9C,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,KAAK,CACX,CAAA;YACD,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAA;QACpC,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,yBAAyB;QACnC,MAAM,EAAE,OAAC;aACN,MAAM,CAAC;YACN,KAAK,EAAE,6BAAc;YACrB,QAAQ,EAAE,+BAAiB;SAC5B,CAAC;aACD,MAAM,EAAE;QACX,KAAK,CAAC,OAAO;YACX,MAAM,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAC9C,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,KAAK,CACX,CAAA;YACD,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAA;QACpC,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,SAAS;QACjB,KAAK,CAAC,OAAO;YACX,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CACnE,IAAI,CAAC,QAAQ,CACd,CAAA;YAED,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAC7B,CAAC,aAAa,EAAuB,EAAE,CAAC,CAAC;gBACvC,OAAO,EAAE,aAAa,CAAC,OAAO;gBAC9B,aAAa,EAAE,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC;aACxD,CAAC,CACH,CAAA;YAED,OAAO,EAAE,IAAI,EAAE,CAAA;QACjB,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,iBAAiB;QAC3B,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,kBAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7C,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;YACpB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAE3D,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAC5D,OAAO,CAAC,GAAG,CACZ,CAAA;YAED,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YAExE,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,WAAW,CAAC,SAAS,EAAE;gBAChE,OAAO,EAAE,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;oBACzB,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,yBAAyB,QAAQ,EAAE,CAAC,CAAA;oBAC7D,OAAO,SAAS,CAAA,CAAC,wCAAwC;gBAC3D,CAAC;aACF,CAAC,CAAA;YAEF,qEAAqE;YACrE,iEAAiE;YACjE,4DAA4D;YAC5D,iCAAiC;YACjC,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,EAAsB,EAAE;gBAC/D,OAAO;oBACL,OAAO,EAAE,EAAE;oBAEX,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAmB;oBACxD,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAmB;oBAExD,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,QAAQ;oBAEpD,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK;iBAC7B,CAAA;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,EAAE,IAAI,EAAE,CAAA;QACjB,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,mBAAmB;QAC7B,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,kBAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7C,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;YACpB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAE3D,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CACnE,OAAO,CAAC,GAAG,CACZ,CAAA;YAED,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAC7B,CAAC,cAAc,EAAwB,EAAE,CAAC,CAAC;gBACzC,QAAQ,EAAE,cAAc,CAAC,QAAQ;gBACjC,cAAc,EAAE;oBACd,SAAS,EAAE,cAAc,CAAC,UAAU,CAAC,SAAS;oBAC9C,SAAS,EAAE,cAAc,CAAC,UAAU,CAAC,SAAS;oBAC9C,UAAU,EACR,cAAc,CAAC,UAAU,CAAC,UAAU,CAAC,WAAW,EAAmB;iBACtE;gBAED,eAAe,EAAE,cAAc,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ;aAC3D,CAAC,CACH,CAAA;YAED,OAAO,EAAE,IAAI,EAAE,CAAA;QACjB,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,yBAAyB;QACnC,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,kBAAS,EAAE,QAAQ,EAAE,6BAAc,EAAE,CAAC,CAAC,MAAM,EAAE;QACvE,KAAK,CAAC,OAAO;YACX,oEAAoE;YACpE,oEAAoE;YACpE,WAAW;YAEX,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAC7C,IAAI,CAAC,KAAK,CAAC,QAAQ,EACnB,IAAI,CAAC,KAAK,CAAC,GAAG,CACf,CAAA;YAED,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAA;QACpC,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,uBAAuB;QACjC,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,kBAAS,EAAE,OAAO,EAAE,2BAAa,EAAE,CAAC,CAAC,MAAM,EAAE;QACrE,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;YACpB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAE3D,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,YAAY,CACtD,IAAI,CAAC,KAAK,CAAC,OAAO,CACnB,CAAA;YAED,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,GAAG,EAAE,CAAC;gBACxD,gDAAgD;gBAChD,MAAM,IAAI,8CAAmB,CAAC,eAAe,CAAC,CAAA;YAChD,CAAC;YAED,MAAM,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAEnD,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAA;QACpC,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,OAAC;aACN,MAAM,CAAC;YACN,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,kBAAS,EAAE,qBAAe,CAAC,CAAC;YAC1C,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SAC7B,CAAC;aACD,MAAM,EAAE;QACX,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;YACpB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrB,MAAM,IAAI,8CAAmB,CAC3B,mEAAmE,CACpE,CAAA;YACH,CAAC;YAED,wEAAwE;YACxE,8CAA8C;YAC9C,IAAI,CAAC;gBACH,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,GAAG,CAC9D,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,QAAQ,CACd,CAAA;gBAED,6DAA6D;gBAC7D,sBAAsB;gBACtB,IAAI,CAAC;oBACH,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,GAAG,MAAM,YAAY,CAAC,IAAI,CAC5D,IAAI,EACJ,GAAG,EACH,GAAG,CACJ,CAAA;oBAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;oBAE7D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,aAAa,CACpD,IAAI,CAAC,UAAU,EACf,MAAM,EACN,OAAO,EACP,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,KAAK,CAAC,KAAK,CACjB,CAAA;oBAED,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;oBAClD,IAAI,MAAM,CAAC,oBAAoB,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC;wBACxD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;wBAEpD,yDAAyD;wBAEzD,4DAA4D;wBAC5D,qCAAqC;wBACrC,KAAK,MAAM,CAAC,IAAI,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;4BAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;wBAEjE,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE;4BAC/D,GAAG,UAAU;4BACb,gBAAgB,EAAE,CAAC,GAAG,MAAM,CAAC;yBAC9B,CAAC,CAAA;oBACJ,CAAC;oBAED,MAAM,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;oBAEjE,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,CAAA;gBAC1B,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,6DAA6D;oBAC7D,sDAAsD;oBACtD,MAAM,2CAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,CAAA;gBAChD,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,yCAAyC,CAAC,CAAA;gBAEnE,kEAAkE;gBAClE,oDAAoD;gBACpD,IAAI,CAAC;oBACH,MAAM,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBACrD,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,0BAA0B,CAAC,CAAA;gBACtD,CAAC;gBAED,IAAI,GAAG,YAAY,2CAAkB,EAAE,CAAC;oBACtC,IAAI,CAAC;wBACH,MAAM,GAAG,GAAG,gBAAgB,CAC1B,MAAM,CAAC,MAAM,EACb,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,MAAM,EAAE,CACb,CAAA;wBAED,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,CAAA;oBAC1B,CAAC;oBAAC,MAAM,CAAC;wBACP,uCAAuC;oBACzC,CAAC;gBACH,CAAC;gBAED,iEAAiE;gBACjE,oEAAoE;gBACpE,8BAA8B;gBAC9B,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAA;YACpC,CAAC;QACH,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7B,mBAAmB,EAAE,IAAI;QACzB,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;YACpB,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;YAC3B,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,8CAAmB,CAC3B,mEAAmE,CACpE,CAAA;YACH,CAAC;YAED,+DAA+D;YAC/D,YAAY;YACZ,IAAI,CAAC;gBACH,sEAAsE;gBACtE,kDAAkD;gBAElD,wEAAwE;gBACxE,wEAAwE;gBACxE,sEAAsE;gBACtE,wEAAwE;gBACxE,uEAAuE;gBACvE,gEAAgE;gBAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,GAAG,CACpD,UAAU,EACV,IAAI,CAAC,QAAQ,CACd,CAAA;gBAED,MAAM,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE;oBACtD,KAAK,EAAE,eAAe;oBACtB,iBAAiB,EAAE,+BAA+B;iBACnD,CAAC,CAAA;gBAEF,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,CAAA;YAC1B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wCAAwC,CAAC,CAAA;gBAElE,IAAI,GAAG,YAAY,2CAAkB,EAAE,CAAC;oBACtC,IAAI,CAAC;wBACH,MAAM,GAAG,GAAG,gBAAgB,CAC1B,MAAM,CAAC,MAAM,EACb,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,MAAM,EAAE,CACb,CAAA;wBAED,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,CAAA;oBAC1B,CAAC;oBAAC,MAAM,CAAC;wBACP,uCAAuC;oBACzC,CAAC;gBACH,CAAC;gBAED,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAA;YACpC,CAAC;oBAAS,CAAC;gBACT,MAAM,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBAC3D,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,0BAA0B,CAAC,CAAA;gBACtD,CAAC,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;KACF,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,KAAK,UAAU,YAAY,CAEzB,GAAQ,EACR,GAAQ;QAER,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;QAC3D,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,0EAA0E;gBAC1E,+DAA+D;gBAC/D,MAAM,cAAc,GAAG,qBAAe,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;gBAC9D,MAAM,EAAE,OAAO,EAAE,GACf,MAAM,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAA;gBAE1D,IACE,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,KAAK,CAAC,GAAG;oBAC9B,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ;oBAClC,OAAO,CAAC,UAAU,KAAK,IAAI,CAAC,UAAU,EACtC,CAAC;oBACD,OAAO,MAAM,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAC5D,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wCAAwC,CAAC,CAAA;gBAClE,4CAA4C;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,wDAAwD;YACxD,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,gBAAgB,CAChE,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,KAAK,CAAC,GAAG,CACf,CAAA;YAED,kDAAkD;YAClD,IAAI,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,8CAAmB,CAAC,gBAAgB,CAAC,CAAA;YACjD,CAAC;YAED,OAAO,aAAa,CAAA;QACtB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,gDAAoB,CAC5B,cAAc,EACd,QAAQ,IAAI,CAAC,KAAK,CAAC,GAAG,mCAAmC,EACzD,EAAE,MAAM,EAAE,EAAE,EAAE,EACd,GAAG,CACJ,CAAA;QACH,CAAC;IACH,CAAC;IAwBD;;;;OAIG;IACH,SAAS,QAAQ,CAiBf,OAUD;QACC,OAAO,IAAA,sBAAW,EAChB,OAAO,CAAC,MAAM,EACd,GAAG,wCAAmB,GAAG,OAAO,CAAC,QAAQ,EAAE,EAC3C,aAAa,CAAC,OAAO,CAAC,CACvB,CAAA;IACH,CAAC;IAED,SAAS,aAAa,CAAqD,EACzE,MAAM,EACN,MAAM,EACN,mBAAmB,EACnB,OAAO,GAUR;QACC,MAAM,UAAU,GACd,MAAM,IAAI,IAAI,CAAC,oDAAoD;YACjE,CAAC,CAAC,KAAK,WAAW,GAAG;gBACjB,MAAM,IAAA,sBAAW,EAAC,GAAG,CAAC,CAAA;gBACtB,OAAO,SAAS,CAAA;YAClB,CAAC;YACH,CAAC,CAAC,MAAM,KAAK,MAAM;gBACjB,CAAC,CAAC,KAAK,WAAW,GAAG;oBACjB,MAAM,IAAI,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;oBAClD,OAAO,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;gBACpD,CAAC;gBACH,CAAC,CAAC,KAAK,WAAW,GAAG;oBACjB,MAAM,IAAA,sBAAW,EAAC,GAAG,CAAC,CAAA;oBACtB,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;oBACvD,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;gBACtD,CAAC,CAAA;QAET,OAAO,IAAA,sBAAW,EAAc,KAAK,WAAW,GAAG,EAAE,GAAG;YACtD,IAAI,CAAC;gBACH,gCAAgC;gBAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;gBAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;gBAEnC,wBAAwB;gBACxB,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,CAAA;gBACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,CAAA;gBACvC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;gBACjC,MAAM,QAAQ,GAAG,IAAA,2BAAgB,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAA;gBAEhE,mCAAmC;gBACnC;gBACE,mCAAmC;gBACnC,QAAQ,CAAC,QAAQ,KAAK,kBAAkB;oBACxC,QAAQ,CAAC,QAAQ,KAAK,UAAU;oBAChC,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAC1C,CAAC;oBACD,MAAM,IAAA,qBAAe,EAAC,GAAG,EAAE,oBAAoB,QAAQ,EAAE,CAAC,CAAA;gBAC5D,CAAC;gBAED,0DAA0D;gBAC1D,MAAM,UAAU,GACd,QAAQ,CAAC,QAAQ,KAAK,kBAAkB;oBACtC,CAAC,CAAC,MAAM,iCAAgB,CAAC,UAAU,CAC/B,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CACzC;oBACH,CAAC,CAAC,SAAS,CAAA;gBAEf,sBAAsB;gBACtB,MAAM,IAAA,2BAAiB,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBAEjC,oCAAoC;gBACpC,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;gBAE9C,2DAA2D;gBAC3D,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAClE,GAAG,EACH,GAAG,EACH,mBAAmB,CACpB,CAAA;gBAED,MAAM,OAAO,GAAsC,IAAA,iBAAM,EAAC,IAAI,EAAE;oBAC9D,KAAK;oBACL,UAAU;oBACV,QAAQ;oBACR,cAAc;iBACf,CAAC,CAAA;gBAEF,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8BAA8B,CAAC,CAAA;gBAExD,6CAA6C;gBAC7C,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAA;YACpC,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAY;IAC1C,0DAA0D;IAC1D,MAAM,IAAI,GAAG,IAAA,mCAAiB,EAAC,GAAG,CAAC,CAAA;IACnC,MAAM,MAAM,GAAG,IAAA,kCAAgB,EAAC,GAAG,CAAC,CAAA;IAEpC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;AACzB,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAW,EACX,UAA+C,EAC/C,QAAyC;IAEzC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAA;IAErD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,IAAA,oCAAiB,EAAC,UAAU,CAAC,CAAC,CAAA;IACpE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,IAAA,mCAAgB,EAAC,UAAU,CAAC,CAAC,CAAA;IAElE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAA,sCAAmB,EAAC,GAAG,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC1E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAClC,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAA;AACjB,CAAC;AAED,SAAgB,gBAAgB,CAAC,GAAQ;IACvC,IAAI,GAAG,CAAC,QAAQ,KAAK,2BAA2B,EAAE,CAAC;QACjD,MAAM,IAAI,8CAAmB,CAC3B,yBAAyB,GAAG,CAAC,QAAQ,sBAAsB,CAC5D,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAA4C,EAAE,CAAA;IAE1D,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAC3C,IAAI,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAA;IAExC,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;IACvC,IAAI,GAAG;QAAE,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAA;IAElC,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,KAAK,MAAM,GAAG,IAAI,wCAAqB,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACvC,IAAI,KAAK,IAAI,IAAI;gBAAE,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,KAAK,MAAM,GAAG,IAAI,sCAAmB,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACvC,IAAI,KAAK,IAAI,IAAI;gBAAE,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,8CAAmB,CAC3B,oDAAoD,CACrD,CAAA;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,GAAsB,qCAAuB,CAAC,KAAK,CAC3D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CACtC,CAAA;QAED,MAAM,WAAW,GAAqB,oCAAsB,CAAC,KAAK,CAChE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CACrC,CAAA;QAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAA;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,sBAAsB,CAAC,CAAA;IAC7D,CAAC;AACH,CAAC"}
+{"version":3,"file":"create-api-middleware.js","sourceRoot":"","sources":["../../src/router/create-api-middleware.ts"],"names":[],"mappings":";;;;;AAyEA,kDAisBC;AA2BD,4CA4CC;AAh1BD,8DAAyC;AACzC,6BAAuB;AACvB,sCAA8C;AAC9C,oEAOoC;AACpC,sDAM6B;AAC7B,gEAA6D;AAC7D,kEAA+D;AAC/D,yDAAiE;AACjE,6EAAqE;AACrE,+DAIkC;AAClC,iFAAwE;AACxE,mFAA0E;AAC1E,mDAe6B;AAC7B,mDAA4D;AAC5D,iDAA6C;AAC7C,qDAAoD;AAGpD,2CAA+C;AAC/C,8DAAwE;AAExE,sDAAoD;AACpD,wDAAsD;AACtD,gDAA+C;AAC/C,kDAAiD;AACjD,sDAAwD;AACxD,8CAAoD;AAEpD,yDAQ2B;AAE3B,MAAM,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,wBAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAA;AAEtE,SAAgB,mBAAmB,CAKjC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IACrC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,6BAA6B;QACvC,MAAM,EAAE,kBAAkB;QAC1B,KAAK,CAAC,OAAO;YACX,MAAM,MAAM,CAAC,cAAc,CAAC,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;YACvE,OAAO,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAA;QACtC,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,oCAAiB;QACzB,mBAAmB,EAAE,IAAI;QACzB,KAAK,CAAC,OAAO;YACX,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;YAE5D,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,aAAa,CACvD,QAAQ,EACR,cAAc,EACd,KAAK,CACN,CAAA;YAED,2DAA2D;YAC3D,MAAM,QAAQ,GAAG,UAAU,IAAI,IAAI,CAAA;YAEnC,4EAA4E;YAC5E,cAAc;YACd,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;YACxE,CAAC;YAED,MAAM,cAAc,GAAG,QAAQ;gBAC7B,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC;oBACvC,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ;oBACR,UAAU,EAAE,IAAI,CAAC,UAAU;iBAC5B,CAAC,CAAA;YAEN,MAAM,IAAI,GAAG,EAAE,OAAO,EAAE,cAAc,EAAE,CAAA;YACxC,OAAO,EAAE,IAAI,EAAE,CAAA;QACjB,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,kCAAgB,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC;QACrE,mBAAmB,EAAE,IAAI;QACzB,KAAK,CAAC,OAAO;YACX,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;YAErD,2DAA2D;YAC3D,MAAM,EAAE,QAAQ,GAAG,UAAU,IAAI,IAAI,EAAE,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC,KAAK,CAAA;YAE9D,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAC7D,QAAQ,EACR,cAAc,EACd,KAAK,CACN,CAAA;YAED,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;YACxE,CAAC;iBAAM,CAAC;gBACN,oEAAoE;gBACpE,iEAAiE;gBACjE,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;YACxE,CAAC;YAED,MAAM,cAAc,GAAG,QAAQ;gBAC7B,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC;oBACvC,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ;oBACR,UAAU;iBACX,CAAC,CAAA;YAEN,IAAI,UAAU,EAAE,CAAC;gBACf,kEAAkE;gBAClE,uDAAuD;gBAEvD,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,GAAG,CAC9D,UAAU,EACV,QAAQ,CACT,CAAA;gBAED,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,UAAU,CAClE,OAAO,CAAC,GAAG,CACZ,CAAA;gBAED,MAAM,IAAI,GAAG;oBACX,OAAO;oBACP,cAAc;oBACd,eAAe,EAAE,MAAM,CAAC,oBAAoB,CAC1C,UAAU,EACV,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAChC;iBACF,CAAA;gBAED,OAAO,EAAE,IAAI,EAAE,CAAA;YACjB,CAAC;YAED,MAAM,IAAI,GAAG,EAAE,OAAO,EAAE,cAAc,EAAE,CAAA;YACxC,OAAO,EAAE,IAAI,EAAE,CAAA;QACjB,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,WAAW;QACrB,MAAM,EAAE,OAAC;aACN,MAAM,CAAC;YACN,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,kBAAS,EAAE,OAAC,CAAC,KAAK,CAAC,kBAAS,CAAC,CAAC,CAAC;SAC9C,CAAC;aACD,MAAM,EAAE;QACX,mBAAmB,EAAE,IAAI;QACzB,KAAK,CAAC,OAAO;YACX,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAA,iBAAO,EAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;YAEnD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;gBAC7B,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;YACrE,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAa,EAAE,EAAE,CAAA;QAC7C,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,yBAAyB;QACnC,MAAM,EAAE,OAAC;aACN,MAAM,CAAC;YACN,MAAM,EAAE,wBAAY;YACpB,KAAK,EAAE,sBAAW;SACnB,CAAC;aACD,MAAM,EAAE;QACX,KAAK,CAAC,OAAO;YACX,MAAM,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAC9C,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,KAAK,CACX,CAAA;YACD,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAA;QACpC,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,yBAAyB;QACnC,MAAM,EAAE,OAAC;aACN,MAAM,CAAC;YACN,KAAK,EAAE,6BAAc;YACrB,QAAQ,EAAE,+BAAiB;SAC5B,CAAC;aACD,MAAM,EAAE;QACX,KAAK,CAAC,OAAO;YACX,MAAM,MAAM,CAAC,cAAc,CAAC,oBAAoB,CAC9C,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,KAAK,CACX,CAAA;YACD,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAA;QACpC,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,SAAS;QACjB,KAAK,CAAC,OAAO;YACX,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CACnE,IAAI,CAAC,QAAQ,CACd,CAAA;YAED,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAC7B,CAAC,aAAa,EAAuB,EAAE,CAAC,CAAC;gBACvC,OAAO,EAAE,aAAa,CAAC,OAAO;gBAC9B,aAAa,EAAE,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC;aACxD,CAAC,CACH,CAAA;YAED,OAAO,EAAE,IAAI,EAAE,CAAA;QACjB,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,iBAAiB;QAC3B,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,kBAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7C,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;YACpB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAE3D,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAC5D,OAAO,CAAC,GAAG,CACZ,CAAA;YAED,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YAExE,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,WAAW,CAAC,SAAS,EAAE;gBAChE,OAAO,EAAE,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;oBACzB,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,yBAAyB,QAAQ,EAAE,CAAC,CAAA;oBAC7D,OAAO,SAAS,CAAA,CAAC,wCAAwC;gBAC3D,CAAC;aACF,CAAC,CAAA;YAEF,qEAAqE;YACrE,iEAAiE;YACjE,4DAA4D;YAC5D,iCAAiC;YACjC,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,EAAsB,EAAE;gBAC/D,OAAO;oBACL,OAAO,EAAE,EAAE;oBAEX,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAmB;oBACxD,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAmB;oBAExD,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,QAAQ;oBAEpD,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK;iBAC7B,CAAA;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,EAAE,IAAI,EAAE,CAAA;QACjB,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,mBAAmB;QAC7B,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,kBAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7C,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;YACpB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAE3D,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CACnE,OAAO,CAAC,GAAG,CACZ,CAAA;YAED,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAC7B,CAAC,cAAc,EAAwB,EAAE,CAAC,CAAC;gBACzC,QAAQ,EAAE,cAAc,CAAC,QAAQ;gBACjC,cAAc,EAAE;oBACd,SAAS,EAAE,cAAc,CAAC,UAAU,CAAC,SAAS;oBAC9C,SAAS,EAAE,cAAc,CAAC,UAAU,CAAC,SAAS;oBAC9C,UAAU,EACR,cAAc,CAAC,UAAU,CAAC,UAAU,CAAC,WAAW,EAAmB;iBACtE;gBAED,eAAe,EAAE,cAAc,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ;aAC3D,CAAC,CACH,CAAA;YAED,OAAO,EAAE,IAAI,EAAE,CAAA;QACjB,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,yBAAyB;QACnC,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,kBAAS,EAAE,QAAQ,EAAE,6BAAc,EAAE,CAAC,CAAC,MAAM,EAAE;QACvE,KAAK,CAAC,OAAO;YACX,oEAAoE;YACpE,oEAAoE;YACpE,WAAW;YAEX,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAC7C,IAAI,CAAC,KAAK,CAAC,QAAQ,EACnB,IAAI,CAAC,KAAK,CAAC,GAAG,CACf,CAAA;YAED,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAA;QACpC,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,uBAAuB;QACjC,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,kBAAS,EAAE,OAAO,EAAE,2BAAa,EAAE,CAAC,CAAC,MAAM,EAAE;QACrE,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;YACpB,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAE3D,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,YAAY,CACtD,IAAI,CAAC,KAAK,CAAC,OAAO,CACnB,CAAA;YAED,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,GAAG,EAAE,CAAC;gBACxD,gDAAgD;gBAChD,MAAM,IAAI,8CAAmB,CAAC,eAAe,CAAC,CAAA;YAChD,CAAC;YAED,MAAM,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;YAEnD,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAA;QACpC,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,OAAC;aACN,MAAM,CAAC;YACN,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,kBAAS,EAAE,qBAAe,CAAC,CAAC;YAC1C,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SAC7B,CAAC;aACD,MAAM,EAAE;QACX,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;YACpB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrB,MAAM,IAAI,8CAAmB,CAC3B,mEAAmE,CACpE,CAAA;YACH,CAAC;YAED,wEAAwE;YACxE,8CAA8C;YAC9C,IAAI,CAAC;gBACH,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,GAAG,CAC9D,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,QAAQ,CACd,CAAA;gBAED,6DAA6D;gBAC7D,sBAAsB;gBACtB,IAAI,CAAC;oBACH,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,GAAG,MAAM,YAAY,CAAC,IAAI,CAC5D,IAAI,EACJ,GAAG,EACH,GAAG,CACJ,CAAA;oBAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;oBAE7D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,aAAa,CACpD,IAAI,CAAC,UAAU,EACf,MAAM,EACN,OAAO,EACP,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,cAAc,EACnB,IAAI,CAAC,KAAK,CAAC,KAAK,CACjB,CAAA;oBAED,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;oBAClD,IAAI,MAAM,CAAC,oBAAoB,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC;wBACxD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAA;wBAEpD,yDAAyD;wBAEzD,4DAA4D;wBAC5D,qCAAqC;wBACrC,KAAK,MAAM,CAAC,IAAI,UAAU,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE;4BAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;wBAEjE,MAAM,MAAM,CAAC,cAAc,CAAC,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE;4BAC/D,GAAG,UAAU;4BACb,gBAAgB,EAAE,CAAC,GAAG,MAAM,CAAC;yBAC9B,CAAC,CAAA;oBACJ,CAAC;oBAED,MAAM,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;oBAEjE,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,CAAA;gBAC1B,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,6DAA6D;oBAC7D,sDAAsD;oBACtD,MAAM,2CAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,CAAA;gBAChD,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,yCAAyC,CAAC,CAAA;gBAEnE,kEAAkE;gBAClE,oDAAoD;gBACpD,IAAI,CAAC;oBACH,MAAM,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBACrD,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,0BAA0B,CAAC,CAAA;gBACtD,CAAC;gBAED,IAAI,GAAG,YAAY,2CAAkB,EAAE,CAAC;oBACtC,IAAI,CAAC;wBACH,MAAM,GAAG,GAAG,gBAAgB,CAC1B,MAAM,CAAC,MAAM,EACb,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,MAAM,EAAE,CACb,CAAA;wBAED,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,CAAA;oBAC1B,CAAC;oBAAC,MAAM,CAAC;wBACP,uCAAuC;oBACzC,CAAC;gBACH,CAAC;gBAED,iEAAiE;gBACjE,oEAAoE;gBACpE,8BAA8B;gBAC9B,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAA;YACpC,CAAC;QACH,CAAC;KACF,CAAC,CACH,CAAA;IAED,MAAM,CAAC,GAAG,CACR,QAAQ,CAAC;QACP,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE;QAC7B,mBAAmB,EAAE,IAAI;QACzB,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG;YACpB,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;YAC3B,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,IAAI,8CAAmB,CAC3B,mEAAmE,CACpE,CAAA;YACH,CAAC;YAED,+DAA+D;YAC/D,YAAY;YACZ,IAAI,CAAC;gBACH,sEAAsE;gBACtE,kDAAkD;gBAElD,wEAAwE;gBACxE,wEAAwE;gBACxE,sEAAsE;gBACtE,wEAAwE;gBACxE,uEAAuE;gBACvE,gEAAgE;gBAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,GAAG,CACpD,UAAU,EACV,IAAI,CAAC,QAAQ,CACd,CAAA;gBAED,MAAM,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE;oBACtD,KAAK,EAAE,eAAe;oBACtB,iBAAiB,EAAE,+BAA+B;iBACnD,CAAC,CAAA;gBAEF,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,CAAA;YAC1B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wCAAwC,CAAC,CAAA;gBAElE,IAAI,GAAG,YAAY,2CAAkB,EAAE,CAAC;oBACtC,IAAI,CAAC;wBACH,MAAM,GAAG,GAAG,gBAAgB,CAC1B,MAAM,CAAC,MAAM,EACb,GAAG,CAAC,UAAU,EACd,GAAG,CAAC,MAAM,EAAE,CACb,CAAA;wBAED,OAAO,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,EAAE,CAAA;oBAC1B,CAAC;oBAAC,MAAM,CAAC;wBACP,uCAAuC;oBACzC,CAAC;gBACH,CAAC;gBAED,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAA;YACpC,CAAC;oBAAS,CAAC;gBACT,MAAM,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBAC3D,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,0BAA0B,CAAC,CAAA;gBACtD,CAAC,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;KACF,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,KAAK,UAAU,YAAY,CAEzB,GAAQ,EACR,GAAQ;QAER,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;QAC3D,IAAI,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;YAClD,IAAI,CAAC;gBACH,0EAA0E;gBAC1E,+DAA+D;gBAC/D,MAAM,cAAc,GAAG,qBAAe,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;gBAC9D,MAAM,EAAE,OAAO,EAAE,GACf,MAAM,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAA;gBAE1D,IACE,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,KAAK,CAAC,GAAG;oBAC9B,OAAO,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ;oBAClC,OAAO,CAAC,UAAU,KAAK,IAAI,CAAC,UAAU,EACtC,CAAC;oBACD,OAAO,MAAM,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAC5D,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wCAAwC,CAAC,CAAA;gBAClE,4CAA4C;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,wDAAwD;YACxD,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,gBAAgB,CAChE,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,KAAK,CAAC,GAAG,CACf,CAAA;YAED,kDAAkD;YAClD,IAAI,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,8CAAmB,CAAC,gBAAgB,CAAC,CAAA;YACjD,CAAC;YAED,OAAO,aAAa,CAAA;QACtB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,gDAAoB,CAC5B,cAAc,EACd,QAAQ,IAAI,CAAC,KAAK,CAAC,GAAG,mCAAmC,EACzD,EAAE,MAAM,EAAE,EAAE,EAAE,EACd,GAAG,CACJ,CAAA;QACH,CAAC;IACH,CAAC;IAwBD;;;;OAIG;IACH,SAAS,QAAQ,CAiBf,OAUD;QACC,OAAO,IAAA,sBAAW,EAChB,OAAO,CAAC,MAAM,EACd,GAAG,wCAAmB,GAAG,OAAO,CAAC,QAAQ,EAAE,EAC3C,aAAa,CAAC,OAAO,CAAC,CACvB,CAAA;IACH,CAAC;IAED,SAAS,aAAa,CAAqD,EACzE,MAAM,EACN,MAAM,EACN,mBAAmB,EACnB,OAAO,GAUR;QACC,MAAM,UAAU,GACd,MAAM,IAAI,IAAI,CAAC,oDAAoD;YACjE,CAAC,CAAC,KAAK,WAAW,GAAG;gBACjB,MAAM,IAAA,sBAAW,EAAC,GAAG,CAAC,CAAA;gBACtB,OAAO,SAAS,CAAA;YAClB,CAAC;YACH,CAAC,CAAC,MAAM,KAAK,MAAM;gBACjB,CAAC,CAAC,KAAK,WAAW,GAAG;oBACjB,MAAM,IAAI,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;oBAClD,OAAO,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;gBACpD,CAAC;gBACH,CAAC,CAAC,KAAK,WAAW,GAAG;oBACjB,MAAM,IAAA,sBAAW,EAAC,GAAG,CAAC,CAAA;oBACtB,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;oBACvD,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;gBACtD,CAAC,CAAA;QAET,OAAO,IAAA,sBAAW,EAAc,KAAK,WAAW,GAAG,EAAE,GAAG;YACtD,IAAI,CAAC;gBACH,gCAAgC;gBAChC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;gBAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;gBAEnC,wBAAwB;gBACxB,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,CAAA;gBACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,CAAA;gBACvC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;gBACjC,MAAM,QAAQ,GAAG,IAAA,2BAAgB,EAAC,GAAG,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAA;gBAEhE,mCAAmC;gBACnC;gBACE,mCAAmC;gBACnC,QAAQ,CAAC,QAAQ,KAAK,kBAAkB;oBACxC,QAAQ,CAAC,QAAQ,KAAK,UAAU;oBAChC,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAC1C,CAAC;oBACD,MAAM,IAAA,qBAAe,EAAC,GAAG,EAAE,oBAAoB,QAAQ,EAAE,CAAC,CAAA;gBAC5D,CAAC;gBAED,0DAA0D;gBAC1D,MAAM,UAAU,GACd,QAAQ,CAAC,QAAQ,KAAK,kBAAkB;oBACtC,CAAC,CAAC,MAAM,iCAAgB,CAAC,UAAU,CAC/B,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CACzC;oBACH,CAAC,CAAC,SAAS,CAAA;gBAEf,sBAAsB;gBACtB,MAAM,IAAA,2BAAiB,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBAEjC,oCAAoC;gBACpC,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;gBAE9C,2DAA2D;gBAC3D,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAClE,GAAG,EACH,GAAG,EACH,mBAAmB,CACpB,CAAA;gBAED,MAAM,OAAO,GAAsC,IAAA,iBAAM,EAAC,IAAI,EAAE;oBAC9D,KAAK;oBACL,UAAU;oBACV,QAAQ;oBACR,cAAc;iBACf,CAAC,CAAA;gBAEF,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8BAA8B,CAAC,CAAA;gBAExD,6CAA6C;gBAC7C,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAA;YACpC,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAY;IAC1C,0DAA0D;IAC1D,MAAM,IAAI,GAAG,IAAA,mCAAiB,EAAC,GAAG,CAAC,CAAA;IACnC,MAAM,MAAM,GAAG,IAAA,kCAAgB,EAAC,GAAG,CAAC,CAAA;IAEpC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;AACzB,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAW,EACX,UAA+C,EAC/C,QAAyC;IAEzC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAA;IAErD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,IAAA,oCAAiB,EAAC,UAAU,CAAC,CAAC,CAAA;IACpE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,IAAA,mCAAgB,EAAC,UAAU,CAAC,CAAC,CAAA;IAElE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAA,sCAAmB,EAAC,GAAG,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC1E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAClC,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAA;AACjB,CAAC;AAED,SAAgB,gBAAgB,CAAC,GAAQ;IACvC,IAAI,GAAG,CAAC,QAAQ,KAAK,2BAA2B,EAAE,CAAC;QACjD,MAAM,IAAI,8CAAmB,CAC3B,yBAAyB,GAAG,CAAC,QAAQ,sBAAsB,CAC5D,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAA4C,EAAE,CAAA;IAE1D,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IAC3C,IAAI,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAA;IAExC,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;IACvC,IAAI,GAAG;QAAE,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAA;IAElC,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,KAAK,MAAM,GAAG,IAAI,wCAAqB,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACvC,IAAI,KAAK,IAAI,IAAI;gBAAE,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,KAAK,MAAM,GAAG,IAAI,sCAAmB,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACvC,IAAI,KAAK,IAAI,IAAI;gBAAE,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,8CAAmB,CAC3B,oDAAoD,CACrD,CAAA;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,GAAsB,qCAAuB,CAAC,KAAK,CAC3D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CACtC,CAAA;QAED,MAAM,WAAW,GAAqB,oCAAsB,CAAC,KAAK,CAChE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CACrC,CAAA;QAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAA;IACtC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,sBAAsB,CAAC,CAAA;IAC7D,CAAC;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport createHttpError from 'http-errors'\nimport { z } from 'zod'\nimport { signedJwtSchema } from '@atproto/jwk'\nimport {\n  API_ENDPOINT_PREFIX,\n  ActiveAccountSession,\n  ActiveDeviceSession,\n  ActiveOAuthSession,\n  ApiEndpoints,\n  ISODateString,\n} from '@atproto/oauth-provider-api'\nimport {\n  OAuthAuthorizationRequestParameters,\n  OAuthRedirectUri,\n  OAuthResponseMode,\n  oauthRedirectUriSchema,\n  oauthResponseModeSchema,\n} from '@atproto/oauth-types'\nimport { signInDataSchema } from '../account/sign-in-data.js'\nimport { signUpInputSchema } from '../account/sign-up-input.js'\nimport { DeviceId, deviceIdSchema } from '../device/device-id.js'\nimport { AuthorizationError } from '../errors/authorization-error.js'\nimport {\n  ErrorPayload,\n  buildErrorPayload,\n  buildErrorStatus,\n} from '../errors/error-parser.js'\nimport { InvalidRequestError } from '../errors/invalid-request-error.js'\nimport { WWWAuthenticateError } from '../errors/www-authenticate-error.js'\nimport {\n  JsonResponse,\n  Middleware,\n  RequestMetadata,\n  Router,\n  RouterCtx,\n  SubCtx,\n  flushStream,\n  jsonHandler,\n  parseHttpRequest,\n  subCtx,\n  validateFetchMode,\n  validateFetchSite,\n  validateOrigin,\n  validateReferrer,\n} from '../lib/http/index.js'\nimport { RouteCtx, createRoute } from '../lib/http/route.js'\nimport { asArray } from '../lib/util/cast.js'\nimport { localeSchema } from '../lib/util/locale.js'\nimport type { Awaitable } from '../lib/util/type.js'\nimport type { OAuthProvider } from '../oauth-provider.js'\nimport { Sub, subSchema } from '../oidc/sub.js'\nimport { RequestUri, requestUriSchema } from '../request/request-uri.js'\nimport { AuthorizationRedirectParameters } from '../result/authorization-redirect-parameters.js'\nimport { tokenIdSchema } from '../token/token-id.js'\nimport { emailOtpSchema } from '../types/email-otp.js'\nimport { emailSchema } from '../types/email.js'\nimport { handleSchema } from '../types/handle.js'\nimport { newPasswordSchema } from '../types/password.js'\nimport { validateCsrfToken } from './assets/csrf.js'\nimport type { MiddlewareOptions } from './middleware-options.js'\nimport {\n  ERROR_REDIRECT_KEYS,\n  OAuthRedirectOptions,\n  OAuthRedirectQueryParameter,\n  SUCCESS_REDIRECT_KEYS,\n  buildRedirectMode,\n  buildRedirectParams,\n  buildRedirectUri,\n} from './send-redirect.js'\n\nconst verifyHandleSchema = z.object({ handle: handleSchema }).strict()\n\nexport function createApiMiddleware<\n  Ctx extends object | void = void,\n  Req extends IncomingMessage = IncomingMessage,\n  Res extends ServerResponse = ServerResponse,\n>(\n  server: OAuthProvider,\n  { onError }: MiddlewareOptions<Req, Res>,\n): Middleware<Ctx, Req, Res> {\n  const issuerUrl = new URL(server.issuer)\n  const issuerOrigin = issuerUrl.origin\n  const router = new Router<Ctx, Req, Res>(issuerUrl)\n\n  router.use(\n    apiRoute({\n      method: 'POST',\n      endpoint: '/verify-handle-availability',\n      schema: verifyHandleSchema,\n      async handler() {\n        await server.accountManager.verifyHandleAvailability(this.input.handle)\n        return { json: { available: true } }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'POST',\n      endpoint: '/sign-up',\n      schema: signUpInputSchema,\n      rotateDeviceCookies: true,\n      async handler() {\n        const { deviceId, deviceMetadata, input, requestUri } = this\n\n        const account = await server.accountManager.createAccount(\n          deviceId,\n          deviceMetadata,\n          input,\n        )\n\n        // Remember when not in the context of a request by default\n        const remember = requestUri == null\n\n        // Only \"remember\" the newly created account if it was not created during an\n        // OAuth flow.\n        if (remember) {\n          await server.accountManager.upsertDeviceAccount(deviceId, account.sub)\n        }\n\n        const ephemeralToken = remember\n          ? undefined\n          : await server.signer.createEphemeralToken({\n              sub: account.sub,\n              deviceId,\n              requestUri: this.requestUri,\n            })\n\n        const json = { account, ephemeralToken }\n        return { json }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'POST',\n      endpoint: '/sign-in',\n      schema: signInDataSchema.extend({ remember: z.boolean().optional() }),\n      rotateDeviceCookies: true,\n      async handler() {\n        const { deviceId, deviceMetadata, requestUri } = this\n\n        // Remember when not in the context of a request by default\n        const { remember = requestUri == null, ...input } = this.input\n\n        const account = await server.accountManager.authenticateAccount(\n          deviceId,\n          deviceMetadata,\n          input,\n        )\n\n        if (remember) {\n          await server.accountManager.upsertDeviceAccount(deviceId, account.sub)\n        } else {\n          // In case the user was already signed in, and signed in again, this\n          // time without \"remember me\", let's sign them off of the device.\n          await server.accountManager.removeDeviceAccount(deviceId, account.sub)\n        }\n\n        const ephemeralToken = remember\n          ? undefined\n          : await server.signer.createEphemeralToken({\n              sub: account.sub,\n              deviceId,\n              requestUri,\n            })\n\n        if (requestUri) {\n          // Check if a consent is required for the client, but only if this\n          // call is made within the context of an oauth request.\n\n          const { clientId, parameters } = await server.requestManager.get(\n            requestUri,\n            deviceId,\n          )\n\n          const { authorizedClients } = await server.accountManager.getAccount(\n            account.sub,\n          )\n\n          const json = {\n            account,\n            ephemeralToken,\n            consentRequired: server.checkConsentRequired(\n              parameters,\n              authorizedClients.get(clientId),\n            ),\n          }\n\n          return { json }\n        }\n\n        const json = { account, ephemeralToken }\n        return { json }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'POST',\n      endpoint: '/sign-out',\n      schema: z\n        .object({\n          sub: z.union([subSchema, z.array(subSchema)]),\n        })\n        .strict(),\n      rotateDeviceCookies: true,\n      async handler() {\n        const uniqueSubs = new Set(asArray(this.input.sub))\n\n        for (const sub of uniqueSubs) {\n          await server.accountManager.removeDeviceAccount(this.deviceId, sub)\n        }\n\n        return { json: { success: true as const } }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'POST',\n      endpoint: '/reset-password-request',\n      schema: z\n        .object({\n          locale: localeSchema,\n          email: emailSchema,\n        })\n        .strict(),\n      async handler() {\n        await server.accountManager.resetPasswordRequest(\n          this.deviceId,\n          this.deviceMetadata,\n          this.input,\n        )\n        return { json: { success: true } }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'POST',\n      endpoint: '/reset-password-confirm',\n      schema: z\n        .object({\n          token: emailOtpSchema,\n          password: newPasswordSchema,\n        })\n        .strict(),\n      async handler() {\n        await server.accountManager.resetPasswordConfirm(\n          this.deviceId,\n          this.deviceMetadata,\n          this.input,\n        )\n        return { json: { success: true } }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'GET',\n      endpoint: '/device-sessions',\n      schema: undefined,\n      async handler() {\n        const deviceAccounts = await server.accountManager.listDeviceAccounts(\n          this.deviceId,\n        )\n\n        const json = deviceAccounts.map(\n          (deviceAccount): ActiveDeviceSession => ({\n            account: deviceAccount.account,\n            loginRequired: server.checkLoginRequired(deviceAccount),\n          }),\n        )\n\n        return { json }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'GET',\n      endpoint: '/oauth-sessions',\n      schema: z.object({ sub: subSchema }).strict(),\n      async handler(req, res) {\n        const { account } = await authenticate.call(this, req, res)\n\n        const tokenInfos = await server.tokenManager.listAccountTokens(\n          account.sub,\n        )\n\n        const clientIds = tokenInfos.map((tokenInfo) => tokenInfo.data.clientId)\n\n        const clients = await server.clientManager.loadClients(clientIds, {\n          onError: (err, clientId) => {\n            onError?.(req, res, err, `Failed to load client ${clientId}`)\n            return undefined // metadata won't be available in the UI\n          },\n        })\n\n        // @TODO: We should ideally filter sessions that are expired (or even\n        // expose the expiration date). This requires a change to the way\n        // TokenInfo are stored (see TokenManager#isTokenExpired and\n        // TokenManager#isTokenInactive).\n        const json = tokenInfos.map(({ id, data }): ActiveOAuthSession => {\n          return {\n            tokenId: id,\n\n            createdAt: data.createdAt.toISOString() as ISODateString,\n            updatedAt: data.updatedAt.toISOString() as ISODateString,\n\n            clientId: data.clientId,\n            clientMetadata: clients.get(data.clientId)?.metadata,\n\n            scope: data.parameters.scope,\n          }\n        })\n\n        return { json }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'GET',\n      endpoint: '/account-sessions',\n      schema: z.object({ sub: subSchema }).strict(),\n      async handler(req, res) {\n        const { account } = await authenticate.call(this, req, res)\n\n        const deviceAccounts = await server.accountManager.listAccountDevices(\n          account.sub,\n        )\n\n        const json = deviceAccounts.map(\n          (accountSession): ActiveAccountSession => ({\n            deviceId: accountSession.deviceId,\n            deviceMetadata: {\n              ipAddress: accountSession.deviceData.ipAddress,\n              userAgent: accountSession.deviceData.userAgent,\n              lastSeenAt:\n                accountSession.deviceData.lastSeenAt.toISOString() as ISODateString,\n            },\n\n            isCurrentDevice: accountSession.deviceId === this.deviceId,\n          }),\n        )\n\n        return { json }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'POST',\n      endpoint: '/revoke-account-session',\n      schema: z.object({ sub: subSchema, deviceId: deviceIdSchema }).strict(),\n      async handler() {\n        // @NOTE This route is not authenticated. If a user is able to steal\n        // another user's session cookie, we allow them to revoke the device\n        // session.\n\n        await server.accountManager.removeDeviceAccount(\n          this.input.deviceId,\n          this.input.sub,\n        )\n\n        return { json: { success: true } }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'POST',\n      endpoint: '/revoke-oauth-session',\n      schema: z.object({ sub: subSchema, tokenId: tokenIdSchema }).strict(),\n      async handler(req, res) {\n        const { account } = await authenticate.call(this, req, res)\n\n        const tokenInfo = await server.tokenManager.getTokenInfo(\n          this.input.tokenId,\n        )\n\n        if (!tokenInfo || tokenInfo.account.sub !== account.sub) {\n          // report this as though the token was not found\n          throw new InvalidRequestError(`Invalid token`)\n        }\n\n        await server.tokenManager.deleteToken(tokenInfo.id)\n\n        return { json: { success: true } }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'POST',\n      endpoint: '/consent',\n      schema: z\n        .object({\n          sub: z.union([subSchema, signedJwtSchema]),\n          scope: z.string().optional(),\n        })\n        .strict(),\n      async handler(req, res) {\n        if (!this.requestUri) {\n          throw new InvalidRequestError(\n            'This endpoint can only be used in the context of an OAuth request',\n          )\n        }\n\n        // Any AuthorizationError caught in this block will result in a redirect\n        // to the client's redirect_uri with an error.\n        try {\n          const { clientId, parameters } = await server.requestManager.get(\n            this.requestUri,\n            this.deviceId,\n          )\n\n          // Any error thrown in this block will be transformed into an\n          // AuthorizationError.\n          try {\n            const { account, authorizedClients } = await authenticate.call(\n              this,\n              req,\n              res,\n            )\n\n            const client = await server.clientManager.getClient(clientId)\n\n            const code = await server.requestManager.setAuthorized(\n              this.requestUri,\n              client,\n              account,\n              this.deviceId,\n              this.deviceMetadata,\n              this.input.scope,\n            )\n\n            const clientData = authorizedClients.get(clientId)\n            if (server.checkConsentRequired(parameters, clientData)) {\n              const scopes = new Set(clientData?.authorizedScopes)\n\n              // Add the newly accepted scopes to the authorized scopes\n\n              // @NOTE `oauthScopeSchema` ensures that `scope` contains no\n              // leading/trailing/duplicate spaces.\n              for (const s of parameters.scope?.split(' ') ?? []) scopes.add(s)\n\n              await server.accountManager.setAuthorizedClient(account, client, {\n                ...clientData,\n                authorizedScopes: [...scopes],\n              })\n            }\n\n            const url = buildRedirectUrl(server.issuer, parameters, { code })\n\n            return { json: { url } }\n          } catch (err) {\n            // Since we have access to the parameters, we can re-throw an\n            // AuthorizationError with the redirect_uri parameter.\n            throw AuthorizationError.from(parameters, err)\n          }\n        } catch (err) {\n          onError?.(req, res, err, 'Failed to consent authorization request')\n\n          // If any error happened (unauthenticated, invalid request, etc.),\n          // lets make sure the request can no longer be used.\n          try {\n            await server.requestManager.delete(this.requestUri)\n          } catch (err) {\n            onError?.(req, res, err, 'Failed to delete request')\n          }\n\n          if (err instanceof AuthorizationError) {\n            try {\n              const url = buildRedirectUrl(\n                server.issuer,\n                err.parameters,\n                err.toJSON(),\n              )\n\n              return { json: { url } }\n            } catch {\n              // Unable to build redirect URL, ignore\n            }\n          }\n\n          // @NOTE Not re-throwing the error here, as the error was already\n          // handled by the `onError` callback, and apiRoute (`apiMiddleware`)\n          // would call `onError` again.\n          return buildErrorJsonResponse(err)\n        }\n      },\n    }),\n  )\n\n  router.use(\n    apiRoute({\n      method: 'POST',\n      endpoint: '/reject',\n      schema: z.object({}).strict(),\n      rotateDeviceCookies: true,\n      async handler(req, res) {\n        const { requestUri } = this\n        if (!requestUri) {\n          throw new InvalidRequestError(\n            'This endpoint can only be used in the context of an OAuth request',\n          )\n        }\n\n        // Once this endpoint is called, the request will definitely be\n        // rejected.\n        try {\n          // No need to authenticate the user here as they are not authorizing a\n          // particular account (CSRF protection is enough).\n\n          // @NOTE that the client could *technically* trigger this endpoint while\n          // the user is on the authorize page by forging the request (because the\n          // client knows the RequestURI from PAR and has all the info needed to\n          // forge the request, including CSRF). This cannot be used as DoS attack\n          // as the request ID is not guessable and would only result in a bad UX\n          // for misbehaving clients, only for the users of those clients.\n\n          const { parameters } = await server.requestManager.get(\n            requestUri,\n            this.deviceId,\n          )\n\n          const url = buildRedirectUrl(server.issuer, parameters, {\n            error: 'access_denied',\n            error_description: 'The user rejected the request',\n          })\n\n          return { json: { url } }\n        } catch (err) {\n          onError?.(req, res, err, 'Failed to reject authorization request')\n\n          if (err instanceof AuthorizationError) {\n            try {\n              const url = buildRedirectUrl(\n                server.issuer,\n                err.parameters,\n                err.toJSON(),\n              )\n\n              return { json: { url } }\n            } catch {\n              // Unable to build redirect URL, ignore\n            }\n          }\n\n          return buildErrorJsonResponse(err)\n        } finally {\n          await server.requestManager.delete(requestUri).catch((err) => {\n            onError?.(req, res, err, 'Failed to delete request')\n          })\n        }\n      },\n    }),\n  )\n\n  return router.buildMiddleware()\n\n  async function authenticate(\n    this: ApiContext<void, { sub: Sub }>,\n    req: Req,\n    res: Res,\n  ) {\n    const authorization = req.headers.authorization?.split(' ')\n    if (authorization?.[0].toLowerCase() === 'bearer') {\n      try {\n        // If there is an authorization header, verify that the ephemeral token it\n        // contains is a jwt bound to the right [sub, device, request].\n        const ephemeralToken = signedJwtSchema.parse(authorization[1])\n        const { payload } =\n          await server.signer.verifyEphemeralToken(ephemeralToken)\n\n        if (\n          payload.sub === this.input.sub &&\n          payload.deviceId === this.deviceId &&\n          payload.requestUri === this.requestUri\n        ) {\n          return await server.accountManager.getAccount(payload.sub)\n        }\n      } catch (err) {\n        onError?.(req, res, err, 'Failed to authenticate ephemeral token')\n        // Fall back to session based authentication\n      }\n    }\n\n    try {\n      // Ensures the \"sub\" has an active session on the device\n      const deviceAccount = await server.accountManager.getDeviceAccount(\n        this.deviceId,\n        this.input.sub,\n      )\n\n      // The session exists but was created too long ago\n      if (server.checkLoginRequired(deviceAccount)) {\n        throw new InvalidRequestError('Login required')\n      }\n\n      return deviceAccount\n    } catch (err) {\n      throw new WWWAuthenticateError(\n        'unauthorized',\n        `User ${this.input.sub} not authenticated on this device`,\n        { Bearer: {} },\n        err,\n      )\n    }\n  }\n\n  type ApiContext<T extends object | void, I = void> = SubCtx<\n    T,\n    {\n      deviceId: DeviceId\n      deviceMetadata: RequestMetadata\n\n      /**\n       * The parsed input data (json payload if \"POST\", query params if \"GET\").\n       */\n      input: I\n\n      /**\n       * When defined, the request originated from the authorize page.\n       */\n      requestUri?: RequestUri\n    }\n  >\n\n  type InferValidation<S extends void | z.ZodTypeAny> = S extends z.ZodTypeAny\n    ? z.infer<S>\n    : void\n\n  /**\n   * The main purpose of this function is to ensure that the endpoint\n   * implementation matches its type definition from {@link ApiEndpoints}.\n   * @private\n   */\n  function apiRoute<\n    C extends RouterCtx<Ctx>,\n    M extends 'GET' | 'POST',\n    E extends `/${string}` &\n      // Extract all the endpoint path that match the method (allows for\n      // auto-complete & better error reporting)\n      {\n        [E in keyof ApiEndpoints]: ApiEndpoints[E] extends { method: M }\n          ? E\n          : never\n      }[keyof ApiEndpoints],\n    S extends // A schema that validates the POST input or GET params\n      ApiEndpoints[E] extends { method: 'POST'; input: infer I }\n        ? z.ZodType<I>\n        : ApiEndpoints[E] extends { method: 'GET'; params: infer P }\n          ? z.ZodType<P>\n          : void,\n  >(options: {\n    method: M\n    endpoint: E\n    schema: S\n    rotateDeviceCookies?: boolean\n    handler: (\n      this: ApiContext<RouteCtx<C>, InferValidation<S>>,\n      req: Req,\n      res: Res,\n    ) => Awaitable<JsonResponse<ErrorPayload | ApiEndpoints[E]['output']>>\n  }): Middleware<C, Req, Res> {\n    return createRoute(\n      options.method,\n      `${API_ENDPOINT_PREFIX}${options.endpoint}`,\n      apiMiddleware(options),\n    )\n  }\n\n  function apiMiddleware<C extends RouterCtx, S extends void | z.ZodTypeAny>({\n    method,\n    schema,\n    rotateDeviceCookies,\n    handler,\n  }: {\n    method: 'GET' | 'POST'\n    schema: S\n    rotateDeviceCookies?: boolean\n    handler: (\n      this: ApiContext<C, InferValidation<S>>,\n      req: Req,\n      res: Res,\n    ) => Awaitable<JsonResponse>\n  }): Middleware<C, Req, Res> {\n    const parseInput: (this: C, req: Req) => Promise<InferValidation<S>> =\n      schema == null // No schema means endpoint doesn't accept any input\n        ? async function (req) {\n            await flushStream(req)\n            return undefined\n          }\n        : method === 'POST'\n          ? async function (req) {\n              const body = await parseHttpRequest(req, ['json'])\n              return schema.parseAsync(body, { path: ['body'] })\n            }\n          : async function (req) {\n              await flushStream(req)\n              const query = Object.fromEntries(this.url.searchParams)\n              return schema.parseAsync(query, { path: ['query'] })\n            }\n\n    return jsonHandler<C, Req, Res>(async function (req, res) {\n      try {\n        // Prevent caching of API routes\n        res.setHeader('Cache-Control', 'no-store')\n        res.setHeader('Pragma', 'no-cache')\n\n        // Prevent CORS requests\n        validateFetchMode(req, ['same-origin'])\n        validateFetchSite(req, ['same-origin'])\n        validateOrigin(req, issuerOrigin)\n        const referrer = validateReferrer(req, { origin: issuerOrigin })\n\n        // Ensure we are one the right page\n        if (\n          // trailing slashes are not allowed\n          referrer.pathname !== '/oauth/authorize' &&\n          referrer.pathname !== '/account' &&\n          !referrer.pathname.startsWith(`/account/`)\n        ) {\n          throw createHttpError(400, `Invalid referrer ${referrer}`)\n        }\n\n        // Check if the request originated from the authorize page\n        const requestUri =\n          referrer.pathname === '/oauth/authorize'\n            ? await requestUriSchema.parseAsync(\n                referrer.searchParams.get('request_uri'),\n              )\n            : undefined\n\n        // Validate CSRF token\n        await validateCsrfToken(req, res)\n\n        // Parse and validate the input data\n        const input = await parseInput.call(this, req)\n\n        // Load session data, rotating the session cookie if needed\n        const { deviceId, deviceMetadata } = await server.deviceManager.load(\n          req,\n          res,\n          rotateDeviceCookies,\n        )\n\n        const context: ApiContext<C, InferValidation<S>> = subCtx(this, {\n          input,\n          requestUri,\n          deviceId,\n          deviceMetadata,\n        })\n\n        return await handler.call(context, req, res)\n      } catch (err) {\n        onError?.(req, res, err, `Failed to handle API request`)\n\n        // Make sore to always return a JSON response\n        return buildErrorJsonResponse(err)\n      }\n    })\n  }\n}\n\nfunction buildErrorJsonResponse(err: unknown) {\n  // @TODO Rework the API error responses (relying on codes)\n  const json = buildErrorPayload(err)\n  const status = buildErrorStatus(err)\n\n  return { json, status }\n}\n\nfunction buildRedirectUrl(\n  iss: string,\n  parameters: OAuthAuthorizationRequestParameters,\n  redirect: AuthorizationRedirectParameters,\n): string {\n  const url = new URL('/oauth/authorize/redirect', iss)\n\n  url.searchParams.set('redirect_mode', buildRedirectMode(parameters))\n  url.searchParams.set('redirect_uri', buildRedirectUri(parameters))\n\n  for (const [key, value] of buildRedirectParams(iss, parameters, redirect)) {\n    url.searchParams.set(key, value)\n  }\n\n  return url.href\n}\n\nexport function parseRedirectUrl(url: URL): OAuthRedirectOptions {\n  if (url.pathname !== '/oauth/authorize/redirect') {\n    throw new InvalidRequestError(\n      `Invalid redirect URL: ${url.pathname} is not a valid path`,\n    )\n  }\n\n  const params: [OAuthRedirectQueryParameter, string][] = []\n\n  const state = url.searchParams.get('state')\n  if (state) params.push(['state', state])\n\n  const iss = url.searchParams.get('iss')\n  if (iss) params.push(['iss', iss])\n\n  if (url.searchParams.has('code')) {\n    for (const key of SUCCESS_REDIRECT_KEYS) {\n      const value = url.searchParams.get(key)\n      if (value != null) params.push([key, value])\n    }\n  } else if (url.searchParams.has('error')) {\n    for (const key of ERROR_REDIRECT_KEYS) {\n      const value = url.searchParams.get(key)\n      if (value != null) params.push([key, value])\n    }\n  } else {\n    throw new InvalidRequestError(\n      'Invalid redirect URL: neither code nor error found',\n    )\n  }\n\n  try {\n    const mode: OAuthResponseMode = oauthResponseModeSchema.parse(\n      url.searchParams.get('redirect_mode'),\n    )\n\n    const redirectUri: OAuthRedirectUri = oauthRedirectUriSchema.parse(\n      url.searchParams.get('redirect_uri'),\n    )\n\n    return { mode, redirectUri, params }\n  } catch (err) {\n    throw InvalidRequestError.from(err, 'Invalid redirect URL')\n  }\n}\n"]}