@atproto/oauth-provider 0.13.0 → 0.13.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (169) hide show
  1. package/CHANGELOG.md +23 -0
  2. package/dist/access-token/access-token-mode.js.map +1 -1
  3. package/dist/account/account-manager.js.map +1 -1
  4. package/dist/account/account-store.js.map +1 -1
  5. package/dist/account/sign-in-data.js.map +1 -1
  6. package/dist/account/sign-up-input.js.map +1 -1
  7. package/dist/client/client-auth.js.map +1 -1
  8. package/dist/client/client-data.js.map +1 -1
  9. package/dist/client/client-id.js.map +1 -1
  10. package/dist/client/client-info.js.map +1 -1
  11. package/dist/client/client-manager.d.ts.map +1 -1
  12. package/dist/client/client-manager.js +8 -1
  13. package/dist/client/client-manager.js.map +1 -1
  14. package/dist/client/client-store.js.map +1 -1
  15. package/dist/client/client-utils.js.map +1 -1
  16. package/dist/client/client.js.map +1 -1
  17. package/dist/constants.js.map +1 -1
  18. package/dist/customization/branding.js.map +1 -1
  19. package/dist/customization/build-customization-css.js.map +1 -1
  20. package/dist/customization/build-customization-data.js.map +1 -1
  21. package/dist/customization/colors.js.map +1 -1
  22. package/dist/customization/customization.js.map +1 -1
  23. package/dist/customization/links.js.map +1 -1
  24. package/dist/device/device-data.js.map +1 -1
  25. package/dist/device/device-id.js.map +1 -1
  26. package/dist/device/device-manager.d.ts +8 -8
  27. package/dist/device/device-manager.js.map +1 -1
  28. package/dist/device/device-store.js.map +1 -1
  29. package/dist/device/session-id.js.map +1 -1
  30. package/dist/dpop/dpop-manager.js.map +1 -1
  31. package/dist/dpop/dpop-nonce.js.map +1 -1
  32. package/dist/dpop/dpop-proof.js.map +1 -1
  33. package/dist/errors/access-denied-error.js.map +1 -1
  34. package/dist/errors/account-selection-required-error.js.map +1 -1
  35. package/dist/errors/authorization-error.js.map +1 -1
  36. package/dist/errors/consent-required-error.js.map +1 -1
  37. package/dist/errors/error-parser.js.map +1 -1
  38. package/dist/errors/handle-unavailable-error.js.map +1 -1
  39. package/dist/errors/invalid-authorization-details-error.js.map +1 -1
  40. package/dist/errors/invalid-client-error.js.map +1 -1
  41. package/dist/errors/invalid-client-id-error.js.map +1 -1
  42. package/dist/errors/invalid-client-metadata-error.js.map +1 -1
  43. package/dist/errors/invalid-dpop-key-binding-error.js.map +1 -1
  44. package/dist/errors/invalid-dpop-proof-error.js.map +1 -1
  45. package/dist/errors/invalid-grant-error.js.map +1 -1
  46. package/dist/errors/invalid-invite-code-error.js.map +1 -1
  47. package/dist/errors/invalid-redirect-uri-error.js.map +1 -1
  48. package/dist/errors/invalid-request-error.js.map +1 -1
  49. package/dist/errors/invalid-scope-error.js.map +1 -1
  50. package/dist/errors/invalid-token-error.js.map +1 -1
  51. package/dist/errors/login-required-error.js.map +1 -1
  52. package/dist/errors/oauth-error.js.map +1 -1
  53. package/dist/errors/second-authentication-factor-required-error.js.map +1 -1
  54. package/dist/errors/unauthorized-client-error.js.map +1 -1
  55. package/dist/errors/use-dpop-nonce-error.js.map +1 -1
  56. package/dist/errors/www-authenticate-error.js.map +1 -1
  57. package/dist/index.js.map +1 -1
  58. package/dist/lexicon/lexicon-data.js.map +1 -1
  59. package/dist/lexicon/lexicon-getter.js.map +1 -1
  60. package/dist/lexicon/lexicon-manager.js.map +1 -1
  61. package/dist/lexicon/lexicon-store.js.map +1 -1
  62. package/dist/lib/csp/index.js.map +1 -1
  63. package/dist/lib/hcaptcha.js.map +1 -1
  64. package/dist/lib/html/build-document.js.map +1 -1
  65. package/dist/lib/html/escapers.js.map +1 -1
  66. package/dist/lib/html/html.js.map +1 -1
  67. package/dist/lib/html/hydration-data.js.map +1 -1
  68. package/dist/lib/html/index.js.map +1 -1
  69. package/dist/lib/html/tags.js.map +1 -1
  70. package/dist/lib/html/util.js.map +1 -1
  71. package/dist/lib/http/accept.js.map +1 -1
  72. package/dist/lib/http/context.js.map +1 -1
  73. package/dist/lib/http/headers.js.map +1 -1
  74. package/dist/lib/http/index.js.map +1 -1
  75. package/dist/lib/http/method.js.map +1 -1
  76. package/dist/lib/http/middleware.js.map +1 -1
  77. package/dist/lib/http/parser.js.map +1 -1
  78. package/dist/lib/http/path.js.map +1 -1
  79. package/dist/lib/http/request.js.map +1 -1
  80. package/dist/lib/http/response.js.map +1 -1
  81. package/dist/lib/http/route.js.map +1 -1
  82. package/dist/lib/http/router.js.map +1 -1
  83. package/dist/lib/http/security-headers.js.map +1 -1
  84. package/dist/lib/http/stream.js.map +1 -1
  85. package/dist/lib/http/types.js.map +1 -1
  86. package/dist/lib/http/url.js.map +1 -1
  87. package/dist/lib/nsid.js.map +1 -1
  88. package/dist/lib/redis.js.map +1 -1
  89. package/dist/lib/send-web-page.js.map +1 -1
  90. package/dist/lib/util/authorization-header.js.map +1 -1
  91. package/dist/lib/util/cast.js.map +1 -1
  92. package/dist/lib/util/color.js.map +1 -1
  93. package/dist/lib/util/crypto.js.map +1 -1
  94. package/dist/lib/util/date.js.map +1 -1
  95. package/dist/lib/util/error.js.map +1 -1
  96. package/dist/lib/util/function.js.map +1 -1
  97. package/dist/lib/util/locale.js.map +1 -1
  98. package/dist/lib/util/redirect-uri.js.map +1 -1
  99. package/dist/lib/util/time.js.map +1 -1
  100. package/dist/lib/util/type.js.map +1 -1
  101. package/dist/lib/util/ui8.js.map +1 -1
  102. package/dist/lib/util/well-known.js.map +1 -1
  103. package/dist/lib/util/zod-error.js.map +1 -1
  104. package/dist/metadata/build-metadata.js.map +1 -1
  105. package/dist/oauth-client.js.map +1 -1
  106. package/dist/oauth-dpop.js.map +1 -1
  107. package/dist/oauth-errors.js.map +1 -1
  108. package/dist/oauth-hooks.js.map +1 -1
  109. package/dist/oauth-middleware.js.map +1 -1
  110. package/dist/oauth-provider.d.ts +128 -98
  111. package/dist/oauth-provider.d.ts.map +1 -1
  112. package/dist/oauth-provider.js.map +1 -1
  113. package/dist/oauth-store.js.map +1 -1
  114. package/dist/oauth-verifier.js.map +1 -1
  115. package/dist/oidc/sub.js.map +1 -1
  116. package/dist/replay/replay-manager.js.map +1 -1
  117. package/dist/replay/replay-store-memory.js.map +1 -1
  118. package/dist/replay/replay-store-redis.js.map +1 -1
  119. package/dist/replay/replay-store.js.map +1 -1
  120. package/dist/request/code.js.map +1 -1
  121. package/dist/request/request-data.js.map +1 -1
  122. package/dist/request/request-id.js.map +1 -1
  123. package/dist/request/request-manager.d.ts +18 -18
  124. package/dist/request/request-manager.d.ts.map +1 -1
  125. package/dist/request/request-manager.js.map +1 -1
  126. package/dist/request/request-store.js.map +1 -1
  127. package/dist/request/request-uri.js.map +1 -1
  128. package/dist/result/authorization-redirect-parameters.js.map +1 -1
  129. package/dist/result/authorization-result-authorize-page.js.map +1 -1
  130. package/dist/result/authorization-result-redirect.js.map +1 -1
  131. package/dist/router/assets/assets-manifest.js.map +1 -1
  132. package/dist/router/assets/assets.js.map +1 -1
  133. package/dist/router/assets/csrf.js.map +1 -1
  134. package/dist/router/assets/send-account-page.js.map +1 -1
  135. package/dist/router/assets/send-authorization-page.js.map +1 -1
  136. package/dist/router/assets/send-error-page.js.map +1 -1
  137. package/dist/router/create-account-page-middleware.js.map +1 -1
  138. package/dist/router/create-api-middleware.js.map +1 -1
  139. package/dist/router/create-authorization-page-middleware.js.map +1 -1
  140. package/dist/router/create-oauth-middleware.js.map +1 -1
  141. package/dist/router/error-handler.js.map +1 -1
  142. package/dist/router/middleware-options.js.map +1 -1
  143. package/dist/router/send-redirect.js.map +1 -1
  144. package/dist/signer/access-token-payload.d.ts +4113 -1362
  145. package/dist/signer/access-token-payload.d.ts.map +1 -1
  146. package/dist/signer/access-token-payload.js.map +1 -1
  147. package/dist/signer/api-token-payload.d.ts +3974 -1223
  148. package/dist/signer/api-token-payload.d.ts.map +1 -1
  149. package/dist/signer/api-token-payload.js.map +1 -1
  150. package/dist/signer/signer.d.ts +46 -26
  151. package/dist/signer/signer.d.ts.map +1 -1
  152. package/dist/signer/signer.js.map +1 -1
  153. package/dist/token/refresh-token.js.map +1 -1
  154. package/dist/token/token-claims.js.map +1 -1
  155. package/dist/token/token-data.js.map +1 -1
  156. package/dist/token/token-id.js.map +1 -1
  157. package/dist/token/token-manager.js.map +1 -1
  158. package/dist/token/token-store.js.map +1 -1
  159. package/dist/types/authorization-response-error.js.map +1 -1
  160. package/dist/types/color-hue.js.map +1 -1
  161. package/dist/types/email-otp.js.map +1 -1
  162. package/dist/types/email.js.map +1 -1
  163. package/dist/types/handle.js.map +1 -1
  164. package/dist/types/invite-code.js.map +1 -1
  165. package/dist/types/par-response-error.js.map +1 -1
  166. package/dist/types/password.js.map +1 -1
  167. package/dist/types/rgb-color.js.map +1 -1
  168. package/package.json +10 -10
  169. package/src/client/client-manager.ts +16 -2
package/dist/router/create-authorization-page-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"create-authorization-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-authorization-page-middleware.ts"],"names":[],"mappings":";;AAiCA,8EA2HC;AA3JD,sDAG6B;AAC7B,6EAAqE;AACrE,iFAAwE;AACxE,mDAS6B;AAC7B,mDAAkD;AAGlD,8DAA4D;AAE5D,oFAA8E;AAC9E,oEAAkE;AAClE,yEAA6D;AAE7D,yDAK2B;AAE3B,SAAgB,iCAAiC,CAK/C,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,iBAAiB,GAAG,IAAA,qDAAwB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IACxE,MAAM,aAAa,GAAG,IAAA,yCAAoB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAEhE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,MAAM,CAAC,GAAG,CACR,kBAAkB,EAClB,gBAAgB,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACvC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;QAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;QAEnC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,CAAA;QAC9C,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;QAEjC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QAEvD,MAAM,iBAAiB,GAAG,MAAM,0CAA4B;aACzD,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;aACtC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEzE,IAAI,eAAe,IAAI,iBAAiB,EAAE,CAAC;YACzC,MAAM,IAAI,8CAAmB,CAAC,oCAAoC,CAAC,CAAA;QACrE,CAAC;QAED,MAAM,oBAAoB,GAAG,MAAM,kDAAoC;aACpE,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;aACtC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEzE,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE5D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CACnC,iBAAiB,EACjB,oBAAoB,EACpB,UAAU,CAAC,QAAQ,EACnB,UAAU,CAAC,cAAc,CAC1B,CAAA;YAED,IAAI,UAAU,IAAI,MAAM,EAAE,CAAC;gBACzB,OAAO,qBAAqB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;YAC3C,CAAC;iBAAM,CAAC;gBACN,OAAO,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;YAC5C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8BAA8B,CAAC,CAAA;YAExD,IAAI,GAAG,YAAY,2CAAkB,EAAE,CAAC;gBACtC,IAAI,CAAC;oBACH,OAAO,qBAAqB,CAAC,GAAG,EAAE;wBAChC,MAAM,EAAE,MAAM,CAAC,MAAM;wBACrB,UAAU,EAAE,GAAG,CAAC,UAAU;wBAC1B,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE;qBACvB,CAAC,CAAA;gBACJ,CAAC;gBAAC,MAAM,CAAC;oBACP,oEAAoE;gBACtE,CAAC;YACH,CAAC;YAED,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;QACrC,CAAC;IACH,CAAC,CAAC,CACH,CAAA;IAED,uEAAuE;IACvE,2EAA2E;IAC3E,sEAAsE;IACtE,oDAAoD;IACpD,MAAM,CAAC,GAAG,CACR,2BAA2B,EAC3B,gBAAgB,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACvC,6CAA6C;QAC7C,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,CAAA;QACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;QAEjC,MAAM,QAAQ,GAAG,IAAA,2BAAgB,EAAC,GAAG,EAAE;YACrC,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,kBAAkB;SAC7B,CAAC,CAAA;QAEF,mDAAmD;QACnD,iCAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAA;QAEhE,OAAO,IAAA,+BAAY,EAAC,GAAG,EAAE,IAAA,2CAAgB,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;IACtD,CAAC,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,SAAS,gBAAgB,CACvB,OAAyD;QAEzD,OAAO,KAAK,WAAW,GAAG,EAAE,GAAG;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACpC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;gBAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBACrB,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC9B,CAAC;YACH,CAAC;QACH,CAAC,CAAA;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY,EAAE,MAAc;IACvD,MAAM,IAAI,8CAAmB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC9D,CAAC;AAED,SAAS,qBAAqB,CAC5B,GAAmB,EACnB,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAA+B;IAE7D,MAAM,WAAW,GAAG,IAAA,mCAAgB,EAAC,UAAU,CAAC,CAAA;IAChD,MAAM,IAAI,GAAG,IAAA,oCAAiB,EAAC,UAAU,CAAC,CAAA;IAC1C,MAAM,MAAM,GAAG,IAAA,sCAAmB,EAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAA;IAChE,OAAO,IAAA,+BAAY,EAAC,GAAG,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAA;AACzD,CAAC"}
1
+ {"version":3,"file":"create-authorization-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-authorization-page-middleware.ts"],"names":[],"mappings":";;AAiCA,8EA2HC;AA3JD,sDAG6B;AAC7B,6EAAqE;AACrE,iFAAwE;AACxE,mDAS6B;AAC7B,mDAAkD;AAGlD,8DAA4D;AAE5D,oFAA8E;AAC9E,oEAAkE;AAClE,yEAA6D;AAE7D,yDAK2B;AAE3B,SAAgB,iCAAiC,CAK/C,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,iBAAiB,GAAG,IAAA,qDAAwB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IACxE,MAAM,aAAa,GAAG,IAAA,yCAAoB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAEhE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,MAAM,CAAC,GAAG,CACR,kBAAkB,EAClB,gBAAgB,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACvC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;QAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;QAEnC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,CAAA;QAC9C,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;QAEjC,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QAEvD,MAAM,iBAAiB,GAAG,MAAM,0CAA4B;aACzD,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;aACtC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEzE,IAAI,eAAe,IAAI,iBAAiB,EAAE,CAAC;YACzC,MAAM,IAAI,8CAAmB,CAAC,oCAAoC,CAAC,CAAA;QACrE,CAAC;QAED,MAAM,oBAAoB,GAAG,MAAM,kDAAoC;aACpE,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;aACtC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEzE,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE5D,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CACnC,iBAAiB,EACjB,oBAAoB,EACpB,UAAU,CAAC,QAAQ,EACnB,UAAU,CAAC,cAAc,CAC1B,CAAA;YAED,IAAI,UAAU,IAAI,MAAM,EAAE,CAAC;gBACzB,OAAO,qBAAqB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;YAC3C,CAAC;iBAAM,CAAC;gBACN,OAAO,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;YAC5C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,8BAA8B,CAAC,CAAA;YAExD,IAAI,GAAG,YAAY,2CAAkB,EAAE,CAAC;gBACtC,IAAI,CAAC;oBACH,OAAO,qBAAqB,CAAC,GAAG,EAAE;wBAChC,MAAM,EAAE,MAAM,CAAC,MAAM;wBACrB,UAAU,EAAE,GAAG,CAAC,UAAU;wBAC1B,QAAQ,EAAE,GAAG,CAAC,MAAM,EAAE;qBACvB,CAAC,CAAA;gBACJ,CAAC;gBAAC,MAAM,CAAC;oBACP,oEAAoE;gBACtE,CAAC;YACH,CAAC;YAED,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;QACrC,CAAC;IACH,CAAC,CAAC,CACH,CAAA;IAED,uEAAuE;IACvE,2EAA2E;IAC3E,sEAAsE;IACtE,oDAAoD;IACpD,MAAM,CAAC,GAAG,CACR,2BAA2B,EAC3B,gBAAgB,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACvC,6CAA6C;QAC7C,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,CAAA;QACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;QACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;QAEjC,MAAM,QAAQ,GAAG,IAAA,2BAAgB,EAAC,GAAG,EAAE;YACrC,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,kBAAkB;SAC7B,CAAC,CAAA;QAEF,mDAAmD;QACnD,iCAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAA;QAEhE,OAAO,IAAA,+BAAY,EAAC,GAAG,EAAE,IAAA,2CAAgB,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;IACtD,CAAC,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,SAAS,gBAAgB,CACvB,OAAyD;QAEzD,OAAO,KAAK,WAAW,GAAG,EAAE,GAAG;YAC7B,IAAI,CAAC;gBACH,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACpC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;gBAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBACrB,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC9B,CAAC;YACH,CAAC;QACH,CAAC,CAAA;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY,EAAE,MAAc;IACvD,MAAM,IAAI,8CAAmB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC9D,CAAC;AAED,SAAS,qBAAqB,CAC5B,GAAmB,EACnB,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAA+B;IAE7D,MAAM,WAAW,GAAG,IAAA,mCAAgB,EAAC,UAAU,CAAC,CAAA;IAChD,MAAM,IAAI,GAAG,IAAA,oCAAiB,EAAC,UAAU,CAAC,CAAA;IAC1C,MAAM,MAAM,GAAG,IAAA,sCAAmB,EAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAA;IAChE,OAAO,IAAA,+BAAY,EAAC,GAAG,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAA;AACzD,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport {\n oauthAuthorizationRequestQuerySchema,\n oauthClientCredentialsSchema,\n} from '@atproto/oauth-types'\nimport { AuthorizationError } from '../errors/authorization-error.js'\nimport { InvalidRequestError } from '../errors/invalid-request-error.js'\nimport {\n Middleware,\n Router,\n RouterCtx,\n validateFetchDest,\n validateFetchMode,\n validateFetchSite,\n validateOrigin,\n validateReferrer,\n} from '../lib/http/index.js'\nimport { formatError } from '../lib/util/error.js'\nimport type { Awaitable } from '../lib/util/type.js'\nimport type { OAuthProvider } from '../oauth-provider.js'\nimport { requestUriSchema } from '../request/request-uri.js'\nimport { AuthorizationResultRedirect } from '../result/authorization-result-redirect.js'\nimport { sendAuthorizePageFactory } from './assets/send-authorization-page.js'\nimport { sendErrorPageFactory } from './assets/send-error-page.js'\nimport { parseRedirectUrl } from './create-api-middleware.js'\nimport type { MiddlewareOptions } from './middleware-options.js'\nimport {\n buildRedirectMode,\n buildRedirectParams,\n buildRedirectUri,\n sendRedirect,\n} from './send-redirect.js'\n\nexport function createAuthorizationPageMiddleware<\n Ctx extends object | void = void,\n Req extends IncomingMessage = IncomingMessage,\n Res extends ServerResponse = ServerResponse,\n>(\n server: OAuthProvider,\n { onError }: MiddlewareOptions<Req, Res>,\n): Middleware<Ctx, Req, Res> {\n const sendAuthorizePage = sendAuthorizePageFactory(server.customization)\n const sendErrorPage = sendErrorPageFactory(server.customization)\n\n const issuerUrl = new URL(server.issuer)\n const issuerOrigin = issuerUrl.origin\n\n const router = new Router<Ctx, Req, Res>(issuerUrl)\n\n router.get(\n '/oauth/authorize',\n withErrorHandler(async function (req, res) {\n res.setHeader('Cache-Control', 'no-store')\n res.setHeader('Pragma', 'no-cache')\n\n validateFetchSite(req, ['cross-site', 'none'])\n validateFetchMode(req, ['navigate'])\n validateFetchDest(req, ['document'])\n validateOrigin(req, issuerOrigin)\n\n const query = Object.fromEntries(this.url.searchParams)\n\n const clientCredentials = await oauthClientCredentialsSchema\n .parseAsync(query, { path: ['query'] })\n .catch((err) => throwInvalidRequest(err, 'Invalid client credentials'))\n\n if ('client_secret' in clientCredentials) {\n throw new InvalidRequestError('Client secret must not be provided')\n }\n\n const authorizationRequest = await oauthAuthorizationRequestQuerySchema\n .parseAsync(query, { path: ['query'] })\n .catch((err) => throwInvalidRequest(err, 'Invalid request parameters'))\n\n const deviceInfo = await server.deviceManager.load(req, res)\n\n try {\n const result = await server.authorize(\n clientCredentials,\n authorizationRequest,\n deviceInfo.deviceId,\n deviceInfo.deviceMetadata,\n )\n\n if ('redirect' in result) {\n return sendAuthorizeRedirect(res, result)\n } else {\n return sendAuthorizePage(req, res, result)\n }\n } catch (err) {\n onError?.(req, res, err, 'Authorization request denied')\n\n if (err instanceof AuthorizationError) {\n try {\n return sendAuthorizeRedirect(res, {\n issuer: server.issuer,\n parameters: err.parameters,\n redirect: err.toJSON(),\n })\n } catch {\n // If we fail to send the redirect, we fall back to sending an error\n }\n }\n\n return sendErrorPage(req, res, err)\n }\n }),\n )\n\n // This is a private endpoint that will be called by the user after the\n // authorization request was either approved or denied. The logic performed\n // here **could** be performed directly in the frontend. We decided to\n // implement it here to avoid duplicating the logic.\n router.get(\n '/oauth/authorize/redirect',\n withErrorHandler(async function (req, res) {\n // Ensure we come from the authorization page\n validateFetchSite(req, ['same-origin'])\n validateFetchMode(req, ['navigate'])\n validateFetchDest(req, ['document'])\n validateOrigin(req, issuerOrigin)\n\n const referrer = validateReferrer(req, {\n origin: issuerOrigin,\n pathname: '/oauth/authorize',\n })\n\n // Ensure we are coming from the authorization page\n requestUriSchema.parse(referrer.searchParams.get('request_uri'))\n\n return sendRedirect(res, parseRedirectUrl(this.url))\n }),\n )\n\n return router.buildMiddleware()\n\n function withErrorHandler<T extends RouterCtx>(\n handler: (this: T, req: Req, res: Res) => Awaitable<void>,\n ): Middleware<T, Req, Res> {\n return async function (req, res) {\n try {\n await handler.call(this, req, res)\n } catch (err) {\n onError?.(\n req,\n res,\n err,\n `Failed to handle navigation request to \"${req.url}\"`,\n )\n\n if (!res.headersSent) {\n sendErrorPage(req, res, err)\n }\n }\n }\n }\n}\n\nfunction throwInvalidRequest(err: unknown, prefix: string): never {\n throw new InvalidRequestError(formatError(err, prefix), err)\n}\n\nfunction sendAuthorizeRedirect(\n res: ServerResponse,\n { issuer, parameters, redirect }: AuthorizationResultRedirect,\n) {\n const redirectUri = buildRedirectUri(parameters)\n const mode = buildRedirectMode(parameters)\n const params = buildRedirectParams(issuer, parameters, redirect)\n return sendRedirect(res, { mode, redirectUri, params })\n}\n"]}
package/dist/router/create-oauth-middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"create-oauth-middleware.js","sourceRoot":"","sources":["../../src/router/create-oauth-middleware.ts"],"names":[],"mappings":";;AA6DA,sDAuLC;AAnPD,sDAK6B;AAC7B,+DAA+E;AAC/E,+EAAsE;AACtE,6EAAoE;AACpE,iFAAwE;AACxE,mFAA0E;AAC1E,mDAQ6B;AAC7B,mDAAkD;AAClD,wDAA+C;AAI/C,iBAAiB;AACjB,MAAM,WAAW,GAAe,UAAU,GAAG,EAAE,GAAG,EAAE,IAAI;IACtD,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAA,CAAC,QAAQ;IAEzD,wFAAwF;IACxF,EAAE;IACF,mEAAmE;IACnE,+DAA+D;IAC/D,4DAA4D;IAC5D,kEAAkE;IAClE,WAAW;IACX,EAAE;IACF,4DAA4D;IAC5D,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAA;IAEjD,yFAAyF;IACzF,8DAA8D;IAC9D,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,eAAe;IACf,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAA;IAElD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,mBAAmB,CAAC,CAAA;IAElE,IAAI,EAAE,CAAA;AACR,CAAC,CAAA;AAED,MAAM,aAAa,GAAe,IAAA,6BAAkB,EAAC;IACnD,WAAW;IACX,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACX,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC1B,CAAC;CACF,CAAC,CAAA;AAEF,SAAgB,qBAAqB,CAKnC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;IAEhE,0BAA0B;IAE1B,MAAM,CAAC,OAAO,CAAC,yCAAyC,EAAE,aAAa,CAAC,CAAA;IACxE,MAAM,CAAC,GAAG,CACR,yCAAyC,EACzC,WAAW,EACX,IAAA,iCAAsB,EAAC,GAAG,CAAC,EAC3B,IAAA,+BAAoB,EAAC,MAAM,CAAC,QAAQ,CAAC,CACtC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC,CAAA;IAC5C,MAAM,CAAC,GAAG,CACR,aAAa,EACb,WAAW,EACX,IAAA,iCAAsB,EAAC,GAAG,CAAC,EAC3B,IAAA,+BAAoB,EAAC,MAAM,CAAC,IAAI,CAAC,CAClC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,aAAa,CAAC,CAAA;IAC3C,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,oEAAoE;QACpE,0DAA0D;QAE1D,MAAM,WAAW,GAAG,MAAM,0CAA4B;aACnD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAExE,MAAM,oBAAoB,GAAG,MAAM,gDAAkC;aAClE,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CACb,mBAAmB,CAAC,GAAG,EAAE,+BAA+B,CAAC,CAC1D,CAAA;QAEH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,OAAO,MAAM,CAAC,0BAA0B,CACtC,WAAW,EACX,oBAAoB,EACpB,SAAS,CACV,CAAA;IACH,CAAC,EAAE,GAAG,CAAC,CACR,CAAA;IACD,4DAA4D;IAC5D,yEAAyE;IACzE,gEAAgE;IAChE,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACpC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC1B,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,aAAa,CAAC,CAAA;IAC7C,MAAM,CAAC,IAAI,CACT,cAAc,EACd,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAEzE,MAAM,iBAAiB,GAAG,MAAM,0CAA4B;aACzD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEvE,MAAM,YAAY,GAAG,MAAM,qCAAuB;aAC/C,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC,CAAA;QAEpE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,OAAO,MAAM,CAAC,KAAK,CACjB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,SAAS,CACV,CAAA;IACH,CAAC,CAAC,CACH,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,aAAa,CAAC,CAAA;IAC9C,MAAM,CAAC,IAAI,CACT,eAAe,EACf,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACnC,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,MAAM,WAAW,GAAG,MAAM,0CAA4B;aACnD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEzE,MAAM,mBAAmB,GAAG,MAAM,4CAA8B;aAC7D,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC,CAAA;QAEtE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,mBAAmB,EAAE,SAAS,CAAC,CAAA;QAClE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,kEAAkE;YAClE,uEAAuE;YACvE,uEAAuE;YACvE,gCAAgC;YAChC,EAAE;YACF,4DAA4D;YAE5D,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAA;QACpD,CAAC;QAED,OAAO,EAAE,CAAA;IACX,CAAC,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,SAAS,YAAY,CACnB,kBAA4D,EAC5D,MAAe;QAEf,OAAO,IAAA,sBAAW,EAAc,KAAK,WAAW,GAAG,EAAE,GAAG;YACtD,IAAI,CAAC;gBACH,0DAA0D;gBAC1D,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;gBAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;gBAEnC,4DAA4D;gBAC5D,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;gBACxC,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,IAAI,GAAG,YAAY,CAAA;oBACzB,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;oBAC9B,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAA;gBACzD,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC1D,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;YACzB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,YAAY,4BAAU;oBACvB,CAAC,CAAC,UAAU,GAAG,CAAC,KAAK,SAAS;oBAC9B,CAAC,CAAC,kBAAkB,CACvB,CAAA;gBAED,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,YAAY,gDAAoB,EAAE,CAAC;oBAC5D,MAAM,IAAI,GAAG,kBAAkB,CAAA;oBAC/B,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,qBAAqB,CAAC,CAAA;oBAC9C,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAA;gBACzD,CAAC;gBAED,MAAM,MAAM,GAAG,IAAA,kCAAgB,EAAC,GAAG,CAAC,CAAA;gBACpC,MAAM,IAAI,GAAG,IAAA,mCAAiB,EAAC,GAAG,CAAC,CAAA;gBAEnC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;YACzB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAY,EAAE,MAAc;IACrD,MAAM,IAAI,0CAAiB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC5D,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY,EAAE,MAAc;IACtD,MAAM,IAAI,4CAAkB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC7D,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY,EAAE,MAAc;IACvD,MAAM,IAAI,8CAAmB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC9D,CAAC"}
1
+ {"version":3,"file":"create-oauth-middleware.js","sourceRoot":"","sources":["../../src/router/create-oauth-middleware.ts"],"names":[],"mappings":";;AA6DA,sDAuLC;AAnPD,sDAK6B;AAC7B,+DAA+E;AAC/E,+EAAsE;AACtE,6EAAoE;AACpE,iFAAwE;AACxE,mFAA0E;AAC1E,mDAQ6B;AAC7B,mDAAkD;AAClD,wDAA+C;AAI/C,iBAAiB;AACjB,MAAM,WAAW,GAAe,UAAU,GAAG,EAAE,GAAG,EAAE,IAAI;IACtD,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAA,CAAC,QAAQ;IAEzD,wFAAwF;IACxF,EAAE;IACF,mEAAmE;IACnE,+DAA+D;IAC/D,4DAA4D;IAC5D,kEAAkE;IAClE,WAAW;IACX,EAAE;IACF,4DAA4D;IAC5D,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAA;IAEjD,yFAAyF;IACzF,8DAA8D;IAC9D,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,eAAe;IACf,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAA;IAElD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,mBAAmB,CAAC,CAAA;IAElE,IAAI,EAAE,CAAA;AACR,CAAC,CAAA;AAED,MAAM,aAAa,GAAe,IAAA,6BAAkB,EAAC;IACnD,WAAW;IACX,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACX,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC1B,CAAC;CACF,CAAC,CAAA;AAEF,SAAgB,qBAAqB,CAKnC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;IAEhE,0BAA0B;IAE1B,MAAM,CAAC,OAAO,CAAC,yCAAyC,EAAE,aAAa,CAAC,CAAA;IACxE,MAAM,CAAC,GAAG,CACR,yCAAyC,EACzC,WAAW,EACX,IAAA,iCAAsB,EAAC,GAAG,CAAC,EAC3B,IAAA,+BAAoB,EAAC,MAAM,CAAC,QAAQ,CAAC,CACtC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC,CAAA;IAC5C,MAAM,CAAC,GAAG,CACR,aAAa,EACb,WAAW,EACX,IAAA,iCAAsB,EAAC,GAAG,CAAC,EAC3B,IAAA,+BAAoB,EAAC,MAAM,CAAC,IAAI,CAAC,CAClC,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,aAAa,CAAC,CAAA;IAC3C,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,oEAAoE;QACpE,0DAA0D;QAE1D,MAAM,WAAW,GAAG,MAAM,0CAA4B;aACnD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAExE,MAAM,oBAAoB,GAAG,MAAM,gDAAkC;aAClE,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CACb,mBAAmB,CAAC,GAAG,EAAE,+BAA+B,CAAC,CAC1D,CAAA;QAEH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,OAAO,MAAM,CAAC,0BAA0B,CACtC,WAAW,EACX,oBAAoB,EACpB,SAAS,CACV,CAAA;IACH,CAAC,EAAE,GAAG,CAAC,CACR,CAAA;IACD,4DAA4D;IAC5D,yEAAyE;IACzE,gEAAgE;IAChE,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACpC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;IAC1B,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,aAAa,CAAC,CAAA;IAC7C,MAAM,CAAC,IAAI,CACT,cAAc,EACd,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAEzE,MAAM,iBAAiB,GAAG,MAAM,0CAA4B;aACzD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEvE,MAAM,YAAY,GAAG,MAAM,qCAAuB;aAC/C,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC,CAAA;QAEpE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,OAAO,MAAM,CAAC,KAAK,CACjB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,SAAS,CACV,CAAA;IACH,CAAC,CAAC,CACH,CAAA;IAED,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,aAAa,CAAC,CAAA;IAC9C,MAAM,CAAC,IAAI,CACT,eAAe,EACf,WAAW,EACX,YAAY,CAAC,KAAK,WAAW,GAAG,EAAE,GAAG;QACnC,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAgB,EAAC,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAA;QAEnE,MAAM,WAAW,GAAG,MAAM,0CAA4B;aACnD,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAA;QAEzE,MAAM,mBAAmB,GAAG,MAAM,4CAA8B;aAC7D,UAAU,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;aACvC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC,CAAA;QAEtE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,cAAc,CAC3C,GAAG,CAAC,MAAO,EACX,IAAI,CAAC,GAAG,EACR,GAAG,CAAC,OAAO,CACZ,CAAA;QAED,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,mBAAmB,EAAE,SAAS,CAAC,CAAA;QAClE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,kEAAkE;YAClE,uEAAuE;YACvE,uEAAuE;YACvE,gCAAgC;YAChC,EAAE;YACF,4DAA4D;YAE5D,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAA;QACpD,CAAC;QAED,OAAO,EAAE,CAAA;IACX,CAAC,CAAC,CACH,CAAA;IAED,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;IAE/B,SAAS,YAAY,CACnB,kBAA4D,EAC5D,MAAe;QAEf,OAAO,IAAA,sBAAW,EAAc,KAAK,WAAW,GAAG,EAAE,GAAG;YACtD,IAAI,CAAC;gBACH,0DAA0D;gBAC1D,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;gBAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;gBAEnC,4DAA4D;gBAC5D,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,EAAE,CAAA;gBACxC,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,IAAI,GAAG,YAAY,CAAA;oBACzB,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;oBAC9B,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAA;gBACzD,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;gBAC1D,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;YACzB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,YAAY,4BAAU;oBACvB,CAAC,CAAC,UAAU,GAAG,CAAC,KAAK,SAAS;oBAC9B,CAAC,CAAC,kBAAkB,CACvB,CAAA;gBAED,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,YAAY,gDAAoB,EAAE,CAAC;oBAC5D,MAAM,IAAI,GAAG,kBAAkB,CAAA;oBAC/B,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,qBAAqB,CAAC,CAAA;oBAC9C,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAA;gBACzD,CAAC;gBAED,MAAM,MAAM,GAAG,IAAA,kCAAgB,EAAC,GAAG,CAAC,CAAA;gBACpC,MAAM,IAAI,GAAG,IAAA,mCAAiB,EAAC,GAAG,CAAC,CAAA;gBAEnC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;YACzB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAY,EAAE,MAAc;IACrD,MAAM,IAAI,0CAAiB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC5D,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY,EAAE,MAAc;IACtD,MAAM,IAAI,4CAAkB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC7D,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY,EAAE,MAAc;IACvD,MAAM,IAAI,8CAAmB,CAAC,IAAA,sBAAW,EAAC,GAAG,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC,CAAA;AAC9D,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport {\n oauthAuthorizationRequestParSchema,\n oauthClientCredentialsSchema,\n oauthTokenIdentificationSchema,\n oauthTokenRequestSchema,\n} from '@atproto/oauth-types'\nimport { buildErrorPayload, buildErrorStatus } from '../errors/error-parser.js'\nimport { InvalidClientError } from '../errors/invalid-client-error.js'\nimport { InvalidGrantError } from '../errors/invalid-grant-error.js'\nimport { InvalidRequestError } from '../errors/invalid-request-error.js'\nimport { WWWAuthenticateError } from '../errors/www-authenticate-error.js'\nimport {\n Middleware,\n Router,\n cacheControlMiddleware,\n combineMiddlewares,\n jsonHandler,\n parseHttpRequest,\n staticJsonMiddleware,\n} from '../lib/http/index.js'\nimport { formatError } from '../lib/util/error.js'\nimport { OAuthError } from '../oauth-errors.js'\nimport type { OAuthProvider } from '../oauth-provider.js'\nimport type { MiddlewareOptions } from './middleware-options.js'\n\n// CORS preflight\nconst corsHeaders: Middleware = function (req, res, next) {\n res.setHeader('Access-Control-Max-Age', '86400') // 1 day\n\n // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin\n //\n // > For requests without credentials, the literal value \"*\" can be\n // > specified as a wildcard; the value tells browsers to allow\n // > requesting code from any origin to access the resource.\n // > Attempting to use the wildcard with credentials results in an\n // > error.\n //\n // A \"*\" is safer to use than reflecting the request origin.\n res.setHeader('Access-Control-Allow-Origin', '*')\n\n // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods\n // > The value \"*\" only counts as a special wildcard value for\n // > requests without credentials (requests without HTTP cookies or\n // > HTTP authentication information). In requests with credentials,\n // > it is treated as the literal method name \"*\" without special\n // > semantics.\n res.setHeader('Access-Control-Allow-Methods', '*')\n\n res.setHeader('Access-Control-Allow-Headers', 'Content-Type,DPoP')\n\n next()\n}\n\nconst corsPreflight: Middleware = combineMiddlewares([\n corsHeaders,\n (req, res) => {\n res.writeHead(200).end()\n },\n])\n\nexport function createOAuthMiddleware<\n Ctx extends object | void = void,\n Req extends IncomingMessage = IncomingMessage,\n Res extends ServerResponse = ServerResponse,\n>(\n server: OAuthProvider,\n { onError }: MiddlewareOptions<Req, Res>,\n): Middleware<Ctx, Req, Res> {\n const router = new Router<Ctx, Req, Res>(new URL(server.issuer))\n\n //- Public OAuth endpoints\n\n router.options('/.well-known/oauth-authorization-server', corsPreflight)\n router.get(\n '/.well-known/oauth-authorization-server',\n corsHeaders,\n cacheControlMiddleware(300),\n staticJsonMiddleware(server.metadata),\n )\n\n router.options('/oauth/jwks', corsPreflight)\n router.get(\n '/oauth/jwks',\n corsHeaders,\n cacheControlMiddleware(300),\n staticJsonMiddleware(server.jwks),\n )\n\n router.options('/oauth/par', corsPreflight)\n router.post(\n '/oauth/par',\n corsHeaders,\n oauthHandler(async function (req) {\n const payload = await parseHttpRequest(req, ['json', 'urlencoded'])\n\n // https://datatracker.ietf.org/doc/html/rfc9126#name-error-response\n // https://datatracker.ietf.org/doc/html/rfc6749#autoid-56\n\n const credentials = await oauthClientCredentialsSchema\n .parseAsync(payload, { path: ['body'] })\n .catch((err) => throwInvalidClient(err, 'Client credentials missing'))\n\n const authorizationRequest = await oauthAuthorizationRequestParSchema\n .parseAsync(payload, { path: ['body'] })\n .catch((err) =>\n throwInvalidRequest(err, 'Invalid authorization request'),\n )\n\n const dpopProof = await server.checkDpopProof(\n req.method!,\n this.url,\n req.headers,\n )\n\n return server.pushedAuthorizationRequest(\n credentials,\n authorizationRequest,\n dpopProof,\n )\n }, 201),\n )\n // https://datatracker.ietf.org/doc/html/rfc9126#section-2.3\n // > If the request did not use the POST method, the authorization server\n // > responds with an HTTP 405 (Method Not Allowed) status code.\n router.all('/oauth/par', (req, res) => {\n res.writeHead(405).end()\n })\n\n router.options('/oauth/token', corsPreflight)\n router.post(\n '/oauth/token',\n corsHeaders,\n oauthHandler(async function (req) {\n const payload = await parseHttpRequest(req, ['json', 'urlencoded'])\n\n const clientMetadata = await server.deviceManager.getRequestMetadata(req)\n\n const clientCredentials = await oauthClientCredentialsSchema\n .parseAsync(payload, { path: ['body'] })\n .catch((err) => throwInvalidGrant(err, 'Client credentials missing'))\n\n const tokenRequest = await oauthTokenRequestSchema\n .parseAsync(payload, { path: ['body'] })\n .catch((err) => throwInvalidGrant(err, 'Invalid request payload'))\n\n const dpopProof = await server.checkDpopProof(\n req.method!,\n this.url,\n req.headers,\n )\n\n return server.token(\n clientCredentials,\n clientMetadata,\n tokenRequest,\n dpopProof,\n )\n }),\n )\n\n router.options('/oauth/revoke', corsPreflight)\n router.post(\n '/oauth/revoke',\n corsHeaders,\n oauthHandler(async function (req, res) {\n const payload = await parseHttpRequest(req, ['json', 'urlencoded'])\n\n const credentials = await oauthClientCredentialsSchema\n .parseAsync(payload, { path: ['body'] })\n .catch((err) => throwInvalidRequest(err, 'Client credentials missing'))\n\n const tokenIdentification = await oauthTokenIdentificationSchema\n .parseAsync(payload, { path: ['body'] })\n .catch((err) => throwInvalidRequest(err, 'Invalid request payload'))\n\n const dpopProof = await server.checkDpopProof(\n req.method!,\n this.url,\n req.headers,\n )\n\n try {\n await server.revoke(credentials, tokenIdentification, dpopProof)\n } catch (err) {\n // > Note: invalid tokens do not cause an error response since the\n // > client cannot handle such an error in a reasonable way. Moreover,\n // > the purpose of the revocation request, invalidating the particular\n // > token, is already achieved.\n //\n // https://datatracker.ietf.org/doc/html/rfc7009#section-2.2\n\n onError?.(req, res, err, 'Failed to revoke token')\n }\n\n return {}\n }),\n )\n\n return router.buildMiddleware()\n\n function oauthHandler<T>(\n buildOAuthResponse: (this: T, req: Req, res: Res) => unknown,\n status?: number,\n ): Middleware<T, Req, Res> {\n return jsonHandler<T, Req, Res>(async function (req, res) {\n try {\n // https://www.rfc-editor.org/rfc/rfc6749.html#section-5.1\n res.setHeader('Cache-Control', 'no-store')\n res.setHeader('Pragma', 'no-cache')\n\n // https://datatracker.ietf.org/doc/html/rfc9449#section-8.2\n const dpopNonce = server.nextDpopNonce()\n if (dpopNonce) {\n const name = 'DPoP-Nonce'\n res.setHeader(name, dpopNonce)\n res.appendHeader('Access-Control-Expose-Headers', name)\n }\n\n const json = await buildOAuthResponse.call(this, req, res)\n return { json, status }\n } catch (err) {\n onError?.(\n req,\n res,\n err,\n err instanceof OAuthError\n ? `OAuth \"${err.error}\" error`\n : 'Unexpected error',\n )\n\n if (!res.headersSent && err instanceof WWWAuthenticateError) {\n const name = 'WWW-Authenticate'\n res.setHeader(name, err.wwwAuthenticateHeader)\n res.appendHeader('Access-Control-Expose-Headers', name)\n }\n\n const status = buildErrorStatus(err)\n const json = buildErrorPayload(err)\n\n return { json, status }\n }\n })\n }\n}\n\nfunction throwInvalidGrant(err: unknown, prefix: string): never {\n throw new InvalidGrantError(formatError(err, prefix), err)\n}\n\nfunction throwInvalidClient(err: unknown, prefix: string): never {\n throw new InvalidClientError(formatError(err, prefix), err)\n}\n\nfunction throwInvalidRequest(err: unknown, prefix: string): never {\n throw new InvalidRequestError(formatError(err, prefix), err)\n}\n"]}
package/dist/router/error-handler.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"error-handler.js","sourceRoot":"","sources":["../../src/router/error-handler.ts"],"names":[],"mappings":""}
1
+ {"version":3,"file":"error-handler.js","sourceRoot":"","sources":["../../src/router/error-handler.ts"],"names":[],"mappings":"","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\n\nexport type ErrorHandler<\n Req extends IncomingMessage = IncomingMessage,\n Res extends ServerResponse = ServerResponse,\n> = (req: Req, res: Res, err: unknown, message: string) => void\n"]}
package/dist/router/middleware-options.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middleware-options.js","sourceRoot":"","sources":["../../src/router/middleware-options.ts"],"names":[],"mappings":""}
1
+ {"version":3,"file":"middleware-options.js","sourceRoot":"","sources":["../../src/router/middleware-options.ts"],"names":[],"mappings":"","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport type { ErrorHandler } from './error-handler.js'\n\nexport type MiddlewareOptions<\n Req extends IncomingMessage = IncomingMessage,\n Res extends ServerResponse = ServerResponse,\n> = {\n onError?: ErrorHandler<Req, Res>\n}\n"]}
package/dist/router/send-redirect.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"send-redirect.js","sourceRoot":"","sources":["../../src/router/send-redirect.ts"],"names":[],"mappings":";;;AAiCA,4CAOC;AAED,8CAKC;AAED,kDAoBC;AAQD,oCAiBC;AAzFD,6EAAqE;AACrE,mDAA+C;AAC/C,8DAAqD;AAGrD,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,GAAG,CAAA;AAEnB,QAAA,qBAAqB,GAAG;IACnC,MAAM;IACN,UAAU;IACV,cAAc;IACd,YAAY;IACZ,YAAY;CACJ,CAAA;AAEG,QAAA,mBAAmB,GAAG;IACjC,OAAO;IACP,mBAAmB;IACnB,WAAW;CACH,CAAA;AAQV,SAAgB,gBAAgB,CAC9B,UAA+C;IAE/C,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAA;IACnC,IAAI,GAAG;QAAE,OAAO,GAAG,CAAA;IAEnB,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,CAAA;AAChF,CAAC;AAED,SAAgB,iBAAiB,CAC/B,UAA+C;IAE/C,MAAM,IAAI,GAAG,UAAU,CAAC,aAAa,IAAI,OAAO,CAAA,CAAC,+CAA+C;IAChG,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAgB,mBAAmB,CACjC,MAAc,EACd,UAA+C,EAC/C,QAAyC;IAEzC,MAAM,MAAM,GAA4C;QACtD,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,UAAU;KAC5B,CAAA;IAED,IAAI,UAAU,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAI,QAAQ,CAAC,CAAC,CAAC,6BAAqB,CAAC,CAAC,CAAC,2BAAmB,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,KAAK,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;IAC9C,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAQD,SAAgB,YAAY,CAC1B,GAAmB,EACnB,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,EAAwB;IAExD,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAE1C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACrC,KAAK,UAAU;YACb,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACxC,KAAK,WAAW;YACd,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,UAAU,CACjB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IACnE,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAC/D,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAA;IAClC,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,4CAA4C;IAC5C,uGAAuG;IACvG,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,4CAA4C,CAAC,CAAA;IACzE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAE5E,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;QACtB,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;QACzB,IAAI,EAAE,IAAA,eAAI,EAAA;oCACsB,GAAG;UAC7B,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC;YACrC,IAAA,eAAI,EAAA,8BAA8B,GAAG,YAAY,KAAK,MAAM;SAC7D,CAAC;;;KAGL;QACD,OAAO,EAAE,CAAC,IAAA,aAAE,EAAA,6BAA6B,CAAC;KAC3C,CAAC,CAAA;AACJ,CAAC"}
1
+ {"version":3,"file":"send-redirect.js","sourceRoot":"","sources":["../../src/router/send-redirect.ts"],"names":[],"mappings":";;;AAiCA,4CAOC;AAED,8CAKC;AAED,kDAoBC;AAQD,oCAiBC;AAzFD,6EAAqE;AACrE,mDAA+C;AAC/C,8DAAqD;AAGrD,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,GAAG,CAAA;AAEnB,QAAA,qBAAqB,GAAG;IACnC,MAAM;IACN,UAAU;IACV,cAAc;IACd,YAAY;IACZ,YAAY;CACJ,CAAA;AAEG,QAAA,mBAAmB,GAAG;IACjC,OAAO;IACP,mBAAmB;IACnB,WAAW;CACH,CAAA;AAQV,SAAgB,gBAAgB,CAC9B,UAA+C;IAE/C,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAA;IACnC,IAAI,GAAG;QAAE,OAAO,GAAG,CAAA;IAEnB,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,CAAA;AAChF,CAAC;AAED,SAAgB,iBAAiB,CAC/B,UAA+C;IAE/C,MAAM,IAAI,GAAG,UAAU,CAAC,aAAa,IAAI,OAAO,CAAA,CAAC,+CAA+C;IAChG,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAgB,mBAAmB,CACjC,MAAc,EACd,UAA+C,EAC/C,QAAyC;IAEzC,MAAM,MAAM,GAA4C;QACtD,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,UAAU;KAC5B,CAAA;IAED,IAAI,UAAU,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAI,QAAQ,CAAC,CAAC,CAAC,6BAAqB,CAAC,CAAC,CAAC,2BAAmB,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,KAAK,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;IAC9C,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAQD,SAAgB,YAAY,CAC1B,GAAmB,EACnB,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,EAAwB;IAExD,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAE1C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACrC,KAAK,UAAU;YACb,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACxC,KAAK,WAAW;YACd,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,UAAU,CACjB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IACnE,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAC/D,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAA;IAClC,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,4CAA4C;IAC5C,uGAAuG;IACvG,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,4CAA4C,CAAC,CAAA;IACzE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAE5E,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;QACtB,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;QACzB,IAAI,EAAE,IAAA,eAAI,EAAA;oCACsB,GAAG;UAC7B,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC;YACrC,IAAA,eAAI,EAAA,8BAA8B,GAAG,YAAY,KAAK,MAAM;SAC7D,CAAC;;;KAGL;QACD,OAAO,EAAE,CAAC,IAAA,aAAE,EAAA,6BAA6B,CAAC;KAC3C,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import type { ServerResponse } from 'node:http'\nimport {\n OAuthAuthorizationRequestParameters,\n OAuthResponseMode,\n} from '@atproto/oauth-types'\nimport { AuthorizationError } from '../errors/authorization-error.js'\nimport { html, js } from '../lib/html/index.js'\nimport { sendWebPage } from '../lib/send-web-page.js'\nimport { AuthorizationRedirectParameters } from '../result/authorization-redirect-parameters.js'\n\n// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-7.5.4\nconst REDIRECT_STATUS_CODE = 303\n\nexport const SUCCESS_REDIRECT_KEYS = [\n 'code',\n 'id_token',\n 'access_token',\n 'expires_in',\n 'token_type',\n] as const\n\nexport const ERROR_REDIRECT_KEYS = [\n 'error',\n 'error_description',\n 'error_uri',\n] as const\n\nexport type OAuthRedirectQueryParameter =\n | 'iss'\n | 'state'\n | (typeof SUCCESS_REDIRECT_KEYS)[number]\n | (typeof ERROR_REDIRECT_KEYS)[number]\n\nexport function buildRedirectUri(\n parameters: OAuthAuthorizationRequestParameters,\n): string {\n const uri = parameters.redirect_uri\n if (uri) return uri\n\n throw new AuthorizationError(parameters, 'No redirect_uri', 'invalid_request')\n}\n\nexport function buildRedirectMode(\n parameters: OAuthAuthorizationRequestParameters,\n): OAuthResponseMode {\n const mode = parameters.response_mode || 'query' // @TODO default should depend on response_type\n return mode\n}\n\nexport function buildRedirectParams(\n issuer: string,\n parameters: OAuthAuthorizationRequestParameters,\n redirect: AuthorizationRedirectParameters,\n): [OAuthRedirectQueryParameter, string][] {\n const params: [OAuthRedirectQueryParameter, string][] = [\n ['iss', issuer], // rfc9207\n ]\n\n if (parameters.state != null) {\n params.push(['state', parameters.state])\n }\n\n const keys = 'code' in redirect ? SUCCESS_REDIRECT_KEYS : ERROR_REDIRECT_KEYS\n for (const key of keys) {\n const value = redirect[key]\n if (value != null) params.push([key, value])\n }\n\n return params\n}\n\nexport type OAuthRedirectOptions = {\n mode: OAuthResponseMode\n redirectUri: string\n params: Iterable<[string, string]>\n}\n\nexport function sendRedirect(\n res: ServerResponse,\n { mode, redirectUri: uri, params }: OAuthRedirectOptions,\n): void {\n res.setHeader('Cache-Control', 'no-store')\n\n switch (mode) {\n case 'query':\n return writeQuery(res, uri, params)\n case 'fragment':\n return writeFragment(res, uri, params)\n case 'form_post':\n return writeFormPost(res, uri, params)\n }\n\n // @ts-expect-error fool proof\n throw new Error(`Unsupported mode: ${mode}`)\n}\n\nfunction writeQuery(\n res: ServerResponse,\n uri: string,\n params: Iterable<[string, string]>,\n): void {\n const url = new URL(uri)\n for (const [key, value] of params) url.searchParams.set(key, value)\n res.writeHead(REDIRECT_STATUS_CODE, { Location: url.href }).end()\n}\n\nfunction writeFragment(\n res: ServerResponse,\n uri: string,\n params: Iterable<[string, string]>,\n): void {\n const url = new URL(uri)\n const searchParams = new URLSearchParams()\n for (const [key, value] of params) searchParams.set(key, value)\n url.hash = searchParams.toString()\n res.writeHead(REDIRECT_STATUS_CODE, { Location: url.href }).end()\n}\n\nfunction writeFormPost(\n res: ServerResponse,\n uri: string,\n params: Iterable<[string, string]>,\n): void {\n // Prevent the Chrome from caching this page\n // see: https://latesthackingnews.com/2023/12/12/google-updates-chrome-bfcache-for-faster-page-viewing/\n res.setHeader('Set-Cookie', `bfCacheBypass=foo; max-age=1; SameSite=Lax`)\n res.setHeader('Cache-Control', 'no-store')\n res.setHeader('Permissions-Policy', 'otp-credentials=*, document-domain=()')\n\n return sendWebPage(res, {\n htmlAttrs: { lang: 'en' },\n body: html`\n <form method=\"post\" action=\"${uri}\">\n ${Array.from(params, ([key, value]) => [\n html`<input type=\"hidden\" name=\"${key}\" value=\"${value}\" />`,\n ])}\n <input type=\"submit\" value=\"Continue\" />\n </form>\n `,\n scripts: [js`document.forms[0].submit();`],\n })\n}\n"]}