@atproto/oauth-provider 0.13.1 → 0.13.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (169) hide show
  1. package/CHANGELOG.md +16 -0
  2. package/dist/access-token/access-token-mode.js.map +1 -1
  3. package/dist/account/account-manager.js.map +1 -1
  4. package/dist/account/account-store.js.map +1 -1
  5. package/dist/account/sign-in-data.js.map +1 -1
  6. package/dist/account/sign-up-input.js.map +1 -1
  7. package/dist/client/client-auth.js.map +1 -1
  8. package/dist/client/client-data.js.map +1 -1
  9. package/dist/client/client-id.js.map +1 -1
  10. package/dist/client/client-info.js.map +1 -1
  11. package/dist/client/client-manager.d.ts.map +1 -1
  12. package/dist/client/client-manager.js +8 -1
  13. package/dist/client/client-manager.js.map +1 -1
  14. package/dist/client/client-store.js.map +1 -1
  15. package/dist/client/client-utils.js.map +1 -1
  16. package/dist/client/client.js.map +1 -1
  17. package/dist/constants.js.map +1 -1
  18. package/dist/customization/branding.js.map +1 -1
  19. package/dist/customization/build-customization-css.js.map +1 -1
  20. package/dist/customization/build-customization-data.js.map +1 -1
  21. package/dist/customization/colors.js.map +1 -1
  22. package/dist/customization/customization.js.map +1 -1
  23. package/dist/customization/links.js.map +1 -1
  24. package/dist/device/device-data.js.map +1 -1
  25. package/dist/device/device-id.js.map +1 -1
  26. package/dist/device/device-manager.d.ts +8 -8
  27. package/dist/device/device-manager.js.map +1 -1
  28. package/dist/device/device-store.js.map +1 -1
  29. package/dist/device/session-id.js.map +1 -1
  30. package/dist/dpop/dpop-manager.js.map +1 -1
  31. package/dist/dpop/dpop-nonce.js.map +1 -1
  32. package/dist/dpop/dpop-proof.js.map +1 -1
  33. package/dist/errors/access-denied-error.js.map +1 -1
  34. package/dist/errors/account-selection-required-error.js.map +1 -1
  35. package/dist/errors/authorization-error.js.map +1 -1
  36. package/dist/errors/consent-required-error.js.map +1 -1
  37. package/dist/errors/error-parser.js.map +1 -1
  38. package/dist/errors/handle-unavailable-error.js.map +1 -1
  39. package/dist/errors/invalid-authorization-details-error.js.map +1 -1
  40. package/dist/errors/invalid-client-error.js.map +1 -1
  41. package/dist/errors/invalid-client-id-error.js.map +1 -1
  42. package/dist/errors/invalid-client-metadata-error.js.map +1 -1
  43. package/dist/errors/invalid-dpop-key-binding-error.js.map +1 -1
  44. package/dist/errors/invalid-dpop-proof-error.js.map +1 -1
  45. package/dist/errors/invalid-grant-error.js.map +1 -1
  46. package/dist/errors/invalid-invite-code-error.js.map +1 -1
  47. package/dist/errors/invalid-redirect-uri-error.js.map +1 -1
  48. package/dist/errors/invalid-request-error.js.map +1 -1
  49. package/dist/errors/invalid-scope-error.js.map +1 -1
  50. package/dist/errors/invalid-token-error.js.map +1 -1
  51. package/dist/errors/login-required-error.js.map +1 -1
  52. package/dist/errors/oauth-error.js.map +1 -1
  53. package/dist/errors/second-authentication-factor-required-error.js.map +1 -1
  54. package/dist/errors/unauthorized-client-error.js.map +1 -1
  55. package/dist/errors/use-dpop-nonce-error.js.map +1 -1
  56. package/dist/errors/www-authenticate-error.js.map +1 -1
  57. package/dist/index.js.map +1 -1
  58. package/dist/lexicon/lexicon-data.js.map +1 -1
  59. package/dist/lexicon/lexicon-getter.js.map +1 -1
  60. package/dist/lexicon/lexicon-manager.js.map +1 -1
  61. package/dist/lexicon/lexicon-store.js.map +1 -1
  62. package/dist/lib/csp/index.js.map +1 -1
  63. package/dist/lib/hcaptcha.js.map +1 -1
  64. package/dist/lib/html/build-document.js.map +1 -1
  65. package/dist/lib/html/escapers.js.map +1 -1
  66. package/dist/lib/html/html.js.map +1 -1
  67. package/dist/lib/html/hydration-data.js.map +1 -1
  68. package/dist/lib/html/index.js.map +1 -1
  69. package/dist/lib/html/tags.js.map +1 -1
  70. package/dist/lib/html/util.js.map +1 -1
  71. package/dist/lib/http/accept.js.map +1 -1
  72. package/dist/lib/http/context.js.map +1 -1
  73. package/dist/lib/http/headers.js.map +1 -1
  74. package/dist/lib/http/index.js.map +1 -1
  75. package/dist/lib/http/method.js.map +1 -1
  76. package/dist/lib/http/middleware.js.map +1 -1
  77. package/dist/lib/http/parser.js.map +1 -1
  78. package/dist/lib/http/path.js.map +1 -1
  79. package/dist/lib/http/request.js.map +1 -1
  80. package/dist/lib/http/response.js.map +1 -1
  81. package/dist/lib/http/route.js.map +1 -1
  82. package/dist/lib/http/router.js.map +1 -1
  83. package/dist/lib/http/security-headers.js.map +1 -1
  84. package/dist/lib/http/stream.js.map +1 -1
  85. package/dist/lib/http/types.js.map +1 -1
  86. package/dist/lib/http/url.js.map +1 -1
  87. package/dist/lib/nsid.js.map +1 -1
  88. package/dist/lib/redis.js.map +1 -1
  89. package/dist/lib/send-web-page.js.map +1 -1
  90. package/dist/lib/util/authorization-header.js.map +1 -1
  91. package/dist/lib/util/cast.js.map +1 -1
  92. package/dist/lib/util/color.js.map +1 -1
  93. package/dist/lib/util/crypto.js.map +1 -1
  94. package/dist/lib/util/date.js.map +1 -1
  95. package/dist/lib/util/error.js.map +1 -1
  96. package/dist/lib/util/function.js.map +1 -1
  97. package/dist/lib/util/locale.js.map +1 -1
  98. package/dist/lib/util/redirect-uri.js.map +1 -1
  99. package/dist/lib/util/time.js.map +1 -1
  100. package/dist/lib/util/type.js.map +1 -1
  101. package/dist/lib/util/ui8.js.map +1 -1
  102. package/dist/lib/util/well-known.js.map +1 -1
  103. package/dist/lib/util/zod-error.js.map +1 -1
  104. package/dist/metadata/build-metadata.js.map +1 -1
  105. package/dist/oauth-client.js.map +1 -1
  106. package/dist/oauth-dpop.js.map +1 -1
  107. package/dist/oauth-errors.js.map +1 -1
  108. package/dist/oauth-hooks.js.map +1 -1
  109. package/dist/oauth-middleware.js.map +1 -1
  110. package/dist/oauth-provider.d.ts +128 -98
  111. package/dist/oauth-provider.d.ts.map +1 -1
  112. package/dist/oauth-provider.js.map +1 -1
  113. package/dist/oauth-store.js.map +1 -1
  114. package/dist/oauth-verifier.js.map +1 -1
  115. package/dist/oidc/sub.js.map +1 -1
  116. package/dist/replay/replay-manager.js.map +1 -1
  117. package/dist/replay/replay-store-memory.js.map +1 -1
  118. package/dist/replay/replay-store-redis.js.map +1 -1
  119. package/dist/replay/replay-store.js.map +1 -1
  120. package/dist/request/code.js.map +1 -1
  121. package/dist/request/request-data.js.map +1 -1
  122. package/dist/request/request-id.js.map +1 -1
  123. package/dist/request/request-manager.d.ts +18 -18
  124. package/dist/request/request-manager.d.ts.map +1 -1
  125. package/dist/request/request-manager.js.map +1 -1
  126. package/dist/request/request-store.js.map +1 -1
  127. package/dist/request/request-uri.js.map +1 -1
  128. package/dist/result/authorization-redirect-parameters.js.map +1 -1
  129. package/dist/result/authorization-result-authorize-page.js.map +1 -1
  130. package/dist/result/authorization-result-redirect.js.map +1 -1
  131. package/dist/router/assets/assets-manifest.js.map +1 -1
  132. package/dist/router/assets/assets.js.map +1 -1
  133. package/dist/router/assets/csrf.js.map +1 -1
  134. package/dist/router/assets/send-account-page.js.map +1 -1
  135. package/dist/router/assets/send-authorization-page.js.map +1 -1
  136. package/dist/router/assets/send-error-page.js.map +1 -1
  137. package/dist/router/create-account-page-middleware.js.map +1 -1
  138. package/dist/router/create-api-middleware.js.map +1 -1
  139. package/dist/router/create-authorization-page-middleware.js.map +1 -1
  140. package/dist/router/create-oauth-middleware.js.map +1 -1
  141. package/dist/router/error-handler.js.map +1 -1
  142. package/dist/router/middleware-options.js.map +1 -1
  143. package/dist/router/send-redirect.js.map +1 -1
  144. package/dist/signer/access-token-payload.d.ts +4113 -1362
  145. package/dist/signer/access-token-payload.d.ts.map +1 -1
  146. package/dist/signer/access-token-payload.js.map +1 -1
  147. package/dist/signer/api-token-payload.d.ts +3974 -1223
  148. package/dist/signer/api-token-payload.d.ts.map +1 -1
  149. package/dist/signer/api-token-payload.js.map +1 -1
  150. package/dist/signer/signer.d.ts +46 -26
  151. package/dist/signer/signer.d.ts.map +1 -1
  152. package/dist/signer/signer.js.map +1 -1
  153. package/dist/token/refresh-token.js.map +1 -1
  154. package/dist/token/token-claims.js.map +1 -1
  155. package/dist/token/token-data.js.map +1 -1
  156. package/dist/token/token-id.js.map +1 -1
  157. package/dist/token/token-manager.js.map +1 -1
  158. package/dist/token/token-store.js.map +1 -1
  159. package/dist/types/authorization-response-error.js.map +1 -1
  160. package/dist/types/color-hue.js.map +1 -1
  161. package/dist/types/email-otp.js.map +1 -1
  162. package/dist/types/email.js.map +1 -1
  163. package/dist/types/handle.js.map +1 -1
  164. package/dist/types/invite-code.js.map +1 -1
  165. package/dist/types/par-response-error.js.map +1 -1
  166. package/dist/types/password.js.map +1 -1
  167. package/dist/types/rgb-color.js.map +1 -1
  168. package/package.json +9 -9
  169. package/src/client/client-manager.ts +16 -2
package/CHANGELOG.md CHANGED
@@ -1,5 +1,21 @@
1
1
  # @atproto/oauth-provider
2
2
 
3
+ ## 0.13.2
4
+
5
+ ### Patch Changes
6
+
7
+ - [#4256](https://github.com/bluesky-social/atproto/pull/4256) [`e71d265dd`](https://github.com/bluesky-social/atproto/commit/e71d265dd4ef35dcd5bb7606b528f417d6af2b70) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Improve error in case of invalid loopback client metadata
8
+
9
+ - Updated dependencies [[`09439d7d6`](https://github.com/bluesky-social/atproto/commit/09439d7d688294ad1a0c78a74b901ba2f7c5f4c3), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`fefe70126`](https://github.com/bluesky-social/atproto/commit/fefe70126d0ea82507ac750f669b3478290f186b), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`09439d7d6`](https://github.com/bluesky-social/atproto/commit/09439d7d688294ad1a0c78a74b901ba2f7c5f4c3), [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815), [`09439d7d6`](https://github.com/bluesky-social/atproto/commit/09439d7d688294ad1a0c78a74b901ba2f7c5f4c3), [`09439d7d6`](https://github.com/bluesky-social/atproto/commit/09439d7d688294ad1a0c78a74b901ba2f7c5f4c3)]:
10
+ - @atproto/oauth-types@0.4.2
11
+ - @atproto/jwk@0.6.0
12
+ - @atproto/did@0.2.1
13
+ - @atproto/oauth-provider-api@0.3.1
14
+ - @atproto/oauth-provider-frontend@0.2.2
15
+ - @atproto/oauth-provider-ui@0.3.2
16
+ - @atproto/jwk-jose@0.1.11
17
+ - @atproto/oauth-scopes@0.2.1
18
+
3
19
  ## 0.13.1
4
20
 
5
21
  ### Patch Changes
package/dist/access-token/access-token-mode.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"access-token-mode.js","sourceRoot":"","sources":["../../src/access-token/access-token-mode.ts"],"names":[],"mappings":";;;AAAA,IAAY,eAGX;AAHD,WAAY,eAAe;IACzB,0CAAuB,CAAA;IACvB,wCAAqB,CAAA;AACvB,CAAC,EAHW,eAAe,+BAAf,eAAe,QAG1B"}
1
+ {"version":3,"file":"access-token-mode.js","sourceRoot":"","sources":["../../src/access-token/access-token-mode.ts"],"names":[],"mappings":";;;AAAA,IAAY,eAGX;AAHD,WAAY,eAAe;IACzB,0CAAuB,CAAA;IACvB,wCAAqB,CAAA;AACvB,CAAC,EAHW,eAAe,+BAAf,eAAe,QAG1B","sourcesContent":["export enum AccessTokenMode {\n stateless = 'stateless',\n stateful = 'stateful',\n}\n"]}
package/dist/account/account-manager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account-manager.js","sourceRoot":"","sources":["../../src/account/account-manager.ts"],"names":[],"mappings":";;;AAAA,sDAG6B;AAG7B,iFAAwE;AACxE,oDAAyE;AACzE,iDAAkD;AAgBlD,MAAM,8BAA8B,GAAG,GAAG,CAAA;AAC1C,MAAM,4BAA4B,GAAG,GAAG,CAAA;AAExC,MAAa,cAAc;IAMJ;IACA;IANF,kBAAkB,CAAS;IAC3B,cAAc,CAAiB;IAElD,YACE,MAA6B,EACV,KAAmB,EACnB,KAAiB,EACpC,aAA4B;QAFT,UAAK,GAAL,KAAK,CAAc;QACnB,UAAK,GAAL,KAAK,CAAY;QAGpC,IAAI,CAAC,kBAAkB,GAAG,aAAa,CAAC,kBAAkB,KAAK,KAAK,CAAA;QACpE,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC,QAAQ;YAC1C,CAAC,CAAC,IAAI,4BAAc,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,aAAa,CAAC,QAAQ,CAAC;YACtE,CAAC,CAAC,SAAS,CAAA;IACf,CAAC;IAES,KAAK,CAAC,oBAAoB,CAClC,KAAkB,EAClB,QAAkB,EAClB,cAA+B;QAE/B,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,MAAM,IAAI,8CAAmB,CAAC,4BAA4B,CAAC,CAAA;QAC7D,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAClD,cAAc,CAAC,SAAS,EACxB,KAAK,CAAC,MAAM,EACZ,cAAc,CAAC,SAAS,CACzB,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc;aACrC,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,aAAa,EAAE,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC;aACvE,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAA;QACrE,CAAC,CAAC,CAAA;QAEJ,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,IAAI,CAAC,IAAI,EAAE;YAC5C,KAAK;YACL,QAAQ;YACR,cAAc;YACd,MAAM;YACN,MAAM;SACP,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QACvD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAA;QACrE,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAES,KAAK,CAAC,iBAAiB,CAC/B,KAAkB,EAClB,SAAmB,EACnB,eAAgC;QAEhC,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,IAAI,8CAAmB,CAAC,yBAAyB,CAAC,CAAA;QAC1D,CAAC;QAED,OAAO,KAAK,CAAC,UAAU,CAAA;IACzB,CAAC;IAES,KAAK,CAAC,eAAe,CAC7B,KAAkB,EAClB,QAAkB,EAClB,cAA+B;QAE/B,MAAM,CAAC,cAAc,EAAE,UAAU,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACrD,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC;YAC1D,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC;SACxD,CAAC,CAAA;QAEF,OAAO,EAAE,GAAG,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,CAAA;IACjD,CAAC;IAEM,KAAK,CAAC,aAAa,CACxB,QAAkB,EAClB,cAA+B,EAC/B,KAAkB;QAElB,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,EAAE;YAC3C,KAAK;YACL,QAAQ;YACR,cAAc;SACf,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;QAExE,mDAAmD;QACnD,gDAAgD;QAChD,MAAM,OAAO,GAAG,MAAM,IAAA,sBAAY,EAChC,4BAA4B,EAC5B,KAAK,IAAI,EAAE;YACT,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;QACvC,CAAC,CACF,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACd,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAA;QAChE,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,EAAE;gBACtC,IAAI;gBACJ,OAAO;gBACP,QAAQ;gBACR,cAAc;aACf,CAAC,CAAA;YAEF,OAAO,OAAO,CAAA;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;YAErD,MAAM,8CAAmB,CAAC,IAAI,CAC5B,GAAG,EACH,gFAAgF,CACjF,CAAA;QACH,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAC9B,QAAkB,EAClB,cAA+B,EAC/B,IAAgB;QAEhB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,EAAE;gBAC3C,IAAI;gBACJ,QAAQ;gBACR,cAAc;aACf,CAAC,CAAA;YAEF,MAAM,OAAO,GAAG,MAAM,IAAA,sBAAY,EAChC,8BAA8B,EAC9B,KAAK,IAAI,EAAE;gBACT,OAAO,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAA;YAC7C,CAAC,CACF,CAAA;YAED,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,EAAE;gBACtC,IAAI;gBACJ,OAAO;gBACP,QAAQ;gBACR,cAAc;aACf,CAAC,CAAA;YAEF,OAAO,OAAO,CAAA;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,8CAAmB,CAAC,IAAI,CAC5B,GAAG,EACH,qDAAqD,CACtD,CAAA;QACH,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAC9B,QAAkB,EAClB,GAAQ;QAER,MAAM,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;IACrD,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAC3B,QAAkB,EAClB,GAAQ;QAER,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACtE,IAAI,CAAC,aAAa;YAAE,MAAM,IAAI,8CAAmB,CAAC,mBAAmB,CAAC,CAAA;QAEtE,OAAO,aAAa,CAAA;IACtB,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAC9B,OAAgB,EAChB,MAAc,EACd,IAA0B;QAE1B,+DAA+D;QAC/D,IAAI,IAAA,qCAAuB,EAAC,MAAM,CAAC,EAAE,CAAC;YAAE,OAAM;QAE9C,MAAM,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACpE,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,GAAQ;QAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAQ;QAC3D,OAAO,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;IACtD,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAC7B,QAAkB;QAElB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC;YACzD,QAAQ;SACT,CAAC,CAAA;QAEF,OAAO,cAAc,CAAC,aAAa;aAChC,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAA;IACnE,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAAC,GAAQ;QACtC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC;YACzD,GAAG;SACJ,CAAC,CAAA;QAEF,OAAO,cAAc,CAAC,aAAa;aAChC,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,KAAK,GAAG,CAAC,CAAA;IACjE,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAC/B,QAAkB,EAClB,cAA+B,EAC/B,KAAgC;QAEhC,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,IAAI,CAAC,IAAI,EAAE;YAClD,KAAK;YACL,QAAQ;YACR,cAAc;SACf,CAAC,CAAA;QAEF,OAAO,IAAA,sBAAY,EAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;QAC9C,CAAC,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAC/B,QAAkB,EAClB,cAA+B,EAC/B,KAAgC;QAEhC,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,IAAI,CAAC,IAAI,EAAE;YAClD,KAAK;YACL,QAAQ;YACR,cAAc;SACf,CAAC,CAAA;QAEF,OAAO,IAAA,sBAAY,EAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;QAC9C,CAAC,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,wBAAwB,CAAC,MAAc;QAClD,OAAO,IAAA,sBAAY,EAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC7D,OAAO,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAA;QACpD,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAlQD,wCAkQC"}
1
+ {"version":3,"file":"account-manager.js","sourceRoot":"","sources":["../../src/account/account-manager.ts"],"names":[],"mappings":";;;AAAA,sDAG6B;AAG7B,iFAAwE;AACxE,oDAAyE;AACzE,iDAAkD;AAgBlD,MAAM,8BAA8B,GAAG,GAAG,CAAA;AAC1C,MAAM,4BAA4B,GAAG,GAAG,CAAA;AAExC,MAAa,cAAc;IAMJ;IACA;IANF,kBAAkB,CAAS;IAC3B,cAAc,CAAiB;IAElD,YACE,MAA6B,EACV,KAAmB,EACnB,KAAiB,EACpC,aAA4B;QAFT,UAAK,GAAL,KAAK,CAAc;QACnB,UAAK,GAAL,KAAK,CAAY;QAGpC,IAAI,CAAC,kBAAkB,GAAG,aAAa,CAAC,kBAAkB,KAAK,KAAK,CAAA;QACpE,IAAI,CAAC,cAAc,GAAG,aAAa,CAAC,QAAQ;YAC1C,CAAC,CAAC,IAAI,4BAAc,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,aAAa,CAAC,QAAQ,CAAC;YACtE,CAAC,CAAC,SAAS,CAAA;IACf,CAAC;IAES,KAAK,CAAC,oBAAoB,CAClC,KAAkB,EAClB,QAAkB,EAClB,cAA+B;QAE/B,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,MAAM,IAAI,8CAAmB,CAAC,4BAA4B,CAAC,CAAA;QAC7D,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAClD,cAAc,CAAC,SAAS,EACxB,KAAK,CAAC,MAAM,EACZ,cAAc,CAAC,SAAS,CACzB,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc;aACrC,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,aAAa,EAAE,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC;aACvE,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAA;QACrE,CAAC,CAAC,CAAA;QAEJ,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,IAAI,CAAC,IAAI,EAAE;YAC5C,KAAK;YACL,QAAQ;YACR,cAAc;YACd,MAAM;YACN,MAAM;SACP,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;QACvD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAA;QACrE,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAES,KAAK,CAAC,iBAAiB,CAC/B,KAAkB,EAClB,SAAmB,EACnB,eAAgC;QAEhC,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7B,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,IAAI,8CAAmB,CAAC,yBAAyB,CAAC,CAAA;QAC1D,CAAC;QAED,OAAO,KAAK,CAAC,UAAU,CAAA;IACzB,CAAC;IAES,KAAK,CAAC,eAAe,CAC7B,KAAkB,EAClB,QAAkB,EAClB,cAA+B;QAE/B,MAAM,CAAC,cAAc,EAAE,UAAU,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACrD,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC;YAC1D,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC;SACxD,CAAC,CAAA;QAEF,OAAO,EAAE,GAAG,KAAK,EAAE,cAAc,EAAE,UAAU,EAAE,CAAA;IACjD,CAAC;IAEM,KAAK,CAAC,aAAa,CACxB,QAAkB,EAClB,cAA+B,EAC/B,KAAkB;QAElB,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,EAAE;YAC3C,KAAK;YACL,QAAQ;YACR,cAAc;SACf,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAA;QAExE,mDAAmD;QACnD,gDAAgD;QAChD,MAAM,OAAO,GAAG,MAAM,IAAA,sBAAY,EAChC,4BAA4B,EAC5B,KAAK,IAAI,EAAE;YACT,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;QACvC,CAAC,CACF,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACd,MAAM,8CAAmB,CAAC,IAAI,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAA;QAChE,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,EAAE;gBACtC,IAAI;gBACJ,OAAO;gBACP,QAAQ;gBACR,cAAc;aACf,CAAC,CAAA;YAEF,OAAO,OAAO,CAAA;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAA;YAErD,MAAM,8CAAmB,CAAC,IAAI,CAC5B,GAAG,EACH,gFAAgF,CACjF,CAAA;QACH,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAC9B,QAAkB,EAClB,cAA+B,EAC/B,IAAgB;QAEhB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,EAAE;gBAC3C,IAAI;gBACJ,QAAQ;gBACR,cAAc;aACf,CAAC,CAAA;YAEF,MAAM,OAAO,GAAG,MAAM,IAAA,sBAAY,EAChC,8BAA8B,EAC9B,KAAK,IAAI,EAAE;gBACT,OAAO,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAA;YAC7C,CAAC,CACF,CAAA;YAED,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,EAAE;gBACtC,IAAI;gBACJ,OAAO;gBACP,QAAQ;gBACR,cAAc;aACf,CAAC,CAAA;YAEF,OAAO,OAAO,CAAA;QAChB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,8CAAmB,CAAC,IAAI,CAC5B,GAAG,EACH,qDAAqD,CACtD,CAAA;QACH,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAC9B,QAAkB,EAClB,GAAQ;QAER,MAAM,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;IACrD,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAC3B,QAAkB,EAClB,GAAQ;QAER,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACtE,IAAI,CAAC,aAAa;YAAE,MAAM,IAAI,8CAAmB,CAAC,mBAAmB,CAAC,CAAA;QAEtE,OAAO,aAAa,CAAA;IACtB,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAC9B,OAAgB,EAChB,MAAc,EACd,IAA0B;QAE1B,+DAA+D;QAC/D,IAAI,IAAA,qCAAuB,EAAC,MAAM,CAAC,EAAE,CAAC;YAAE,OAAM;QAE9C,MAAM,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACpE,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,GAAQ;QAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;IACnC,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAQ;QAC3D,OAAO,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;IACtD,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAC7B,QAAkB;QAElB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC;YACzD,QAAQ;SACT,CAAC,CAAA;QAEF,OAAO,cAAc,CAAC,aAAa;aAChC,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAA;IACnE,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAAC,GAAQ;QACtC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC;YACzD,GAAG;SACJ,CAAC,CAAA;QAEF,OAAO,cAAc,CAAC,aAAa;aAChC,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,KAAK,GAAG,CAAC,CAAA;IACjE,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAC/B,QAAkB,EAClB,cAA+B,EAC/B,KAAgC;QAEhC,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,IAAI,CAAC,IAAI,EAAE;YAClD,KAAK;YACL,QAAQ;YACR,cAAc;SACf,CAAC,CAAA;QAEF,OAAO,IAAA,sBAAY,EAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;QAC9C,CAAC,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAC/B,QAAkB,EAClB,cAA+B,EAC/B,KAAgC;QAEhC,MAAM,IAAI,CAAC,KAAK,CAAC,sBAAsB,EAAE,IAAI,CAAC,IAAI,EAAE;YAClD,KAAK;YACL,QAAQ;YACR,cAAc;SACf,CAAC,CAAA;QAEF,OAAO,IAAA,sBAAY,EAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC7D,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;QAC9C,CAAC,CAAC,CAAA;IACJ,CAAC;IAEM,KAAK,CAAC,wBAAwB,CAAC,MAAc;QAClD,OAAO,IAAA,sBAAY,EAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC7D,OAAO,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,MAAM,CAAC,CAAA;QACpD,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAlQD,wCAkQC","sourcesContent":["import {\n OAuthIssuerIdentifier,\n isOAuthClientIdLoopback,\n} from '@atproto/oauth-types'\nimport { Client } from '../client/client.js'\nimport { DeviceId } from '../device/device-id.js'\nimport { InvalidRequestError } from '../errors/invalid-request-error.js'\nimport { HCaptchaClient, HcaptchaVerifyResult } from '../lib/hcaptcha.js'\nimport { constantTime } from '../lib/util/time.js'\nimport { OAuthHooks, RequestMetadata } from '../oauth-hooks.js'\nimport { Customization } from '../oauth-provider.js'\nimport { Sub } from '../oidc/sub.js'\nimport {\n Account,\n AccountStore,\n AuthorizedClientData,\n DeviceAccount,\n ResetPasswordConfirmInput,\n ResetPasswordRequestInput,\n SignUpData,\n} from './account-store.js'\nimport { SignInData } from './sign-in-data.js'\nimport { SignUpInput } from './sign-up-input.js'\n\nconst TIMING_ATTACK_MITIGATION_DELAY = 400\nconst BRUTE_FORCE_MITIGATION_DELAY = 300\n\nexport class AccountManager {\n protected readonly inviteCodeRequired: boolean\n protected readonly hcaptchaClient?: HCaptchaClient\n\n constructor(\n issuer: OAuthIssuerIdentifier,\n protected readonly store: AccountStore,\n protected readonly hooks: OAuthHooks,\n customization: Customization,\n ) {\n this.inviteCodeRequired = customization.inviteCodeRequired !== false\n this.hcaptchaClient = customization.hcaptcha\n ? new HCaptchaClient(new URL(issuer).hostname, customization.hcaptcha)\n : undefined\n }\n\n protected async processHcaptchaToken(\n input: SignUpInput,\n deviceId: DeviceId,\n deviceMetadata: RequestMetadata,\n ): Promise<HcaptchaVerifyResult | undefined> {\n if (!this.hcaptchaClient) {\n return undefined\n }\n\n if (!input.hcaptchaToken) {\n throw new InvalidRequestError('hCaptcha token is required')\n }\n\n const tokens = this.hcaptchaClient.buildClientTokens(\n deviceMetadata.ipAddress,\n input.handle,\n deviceMetadata.userAgent,\n )\n\n const result = await this.hcaptchaClient\n .verify('signup', input.hcaptchaToken, deviceMetadata.ipAddress, tokens)\n .catch((err) => {\n throw InvalidRequestError.from(err, 'hCaptcha verification failed')\n })\n\n await this.hooks.onHcaptchaResult?.call(null, {\n input,\n deviceId,\n deviceMetadata,\n tokens,\n result,\n })\n\n try {\n this.hcaptchaClient.checkVerifyResult(result, tokens)\n } catch (err) {\n throw InvalidRequestError.from(err, 'hCaptcha verification failed')\n }\n\n return result\n }\n\n protected async enforceInviteCode(\n input: SignUpInput,\n _deviceId: DeviceId,\n _deviceMetadata: RequestMetadata,\n ): Promise<string | undefined> {\n if (!this.inviteCodeRequired) {\n return undefined\n }\n\n if (!input.inviteCode) {\n throw new InvalidRequestError('Invite code is required')\n }\n\n return input.inviteCode\n }\n\n protected async buildSignupData(\n input: SignUpInput,\n deviceId: DeviceId,\n deviceMetadata: RequestMetadata,\n ): Promise<SignUpData> {\n const [hcaptchaResult, inviteCode] = await Promise.all([\n this.processHcaptchaToken(input, deviceId, deviceMetadata),\n this.enforceInviteCode(input, deviceId, deviceMetadata),\n ])\n\n return { ...input, hcaptchaResult, inviteCode }\n }\n\n public async createAccount(\n deviceId: DeviceId,\n deviceMetadata: RequestMetadata,\n input: SignUpInput,\n ): Promise<Account> {\n await this.hooks.onSignUpAttempt?.call(null, {\n input,\n deviceId,\n deviceMetadata,\n })\n\n const data = await this.buildSignupData(input, deviceId, deviceMetadata)\n\n // Mitigation against brute forcing email of users.\n // @TODO Add rate limit to all the OAuth routes.\n const account = await constantTime(\n BRUTE_FORCE_MITIGATION_DELAY,\n async () => {\n return this.store.createAccount(data)\n },\n ).catch((err) => {\n throw InvalidRequestError.from(err, 'Account creation failed')\n })\n\n try {\n await this.hooks.onSignedUp?.call(null, {\n data,\n account,\n deviceId,\n deviceMetadata,\n })\n\n return account\n } catch (err) {\n await this.removeDeviceAccount(deviceId, account.sub)\n\n throw InvalidRequestError.from(\n err,\n 'The account was successfully created but something went wrong, try signing-in.',\n )\n }\n }\n\n public async authenticateAccount(\n deviceId: DeviceId,\n deviceMetadata: RequestMetadata,\n data: SignInData,\n ): Promise<Account> {\n try {\n await this.hooks.onSignInAttempt?.call(null, {\n data,\n deviceId,\n deviceMetadata,\n })\n\n const account = await constantTime(\n TIMING_ATTACK_MITIGATION_DELAY,\n async () => {\n return this.store.authenticateAccount(data)\n },\n )\n\n await this.hooks.onSignedIn?.call(null, {\n data,\n account,\n deviceId,\n deviceMetadata,\n })\n\n return account\n } catch (err) {\n throw InvalidRequestError.from(\n err,\n 'Unable to sign-in due to an unexpected server error',\n )\n }\n }\n\n public async upsertDeviceAccount(\n deviceId: DeviceId,\n sub: Sub,\n ): Promise<void> {\n await this.store.upsertDeviceAccount(deviceId, sub)\n }\n\n public async getDeviceAccount(\n deviceId: DeviceId,\n sub: Sub,\n ): Promise<DeviceAccount> {\n const deviceAccount = await this.store.getDeviceAccount(deviceId, sub)\n if (!deviceAccount) throw new InvalidRequestError(`Account not found`)\n\n return deviceAccount\n }\n\n public async setAuthorizedClient(\n account: Account,\n client: Client,\n data: AuthorizedClientData,\n ): Promise<void> {\n // \"Loopback\" clients are not distinguishable from one another.\n if (isOAuthClientIdLoopback(client.id)) return\n\n await this.store.setAuthorizedClient(account.sub, client.id, data)\n }\n\n public async getAccount(sub: Sub) {\n return this.store.getAccount(sub)\n }\n\n public async removeDeviceAccount(deviceId: DeviceId, sub: Sub) {\n return this.store.removeDeviceAccount(deviceId, sub)\n }\n\n public async listDeviceAccounts(\n deviceId: DeviceId,\n ): Promise<DeviceAccount[]> {\n const deviceAccounts = await this.store.listDeviceAccounts({\n deviceId,\n })\n\n return deviceAccounts // Fool proof\n .filter((deviceAccount) => deviceAccount.deviceId === deviceId)\n }\n\n public async listAccountDevices(sub: Sub): Promise<DeviceAccount[]> {\n const deviceAccounts = await this.store.listDeviceAccounts({\n sub,\n })\n\n return deviceAccounts // Fool proof\n .filter((deviceAccount) => deviceAccount.account.sub === sub)\n }\n\n public async resetPasswordRequest(\n deviceId: DeviceId,\n deviceMetadata: RequestMetadata,\n input: ResetPasswordRequestInput,\n ) {\n await this.hooks.onResetPasswordRequest?.call(null, {\n input,\n deviceId,\n deviceMetadata,\n })\n\n return constantTime(TIMING_ATTACK_MITIGATION_DELAY, async () => {\n await this.store.resetPasswordRequest(input)\n })\n }\n\n public async resetPasswordConfirm(\n deviceId: DeviceId,\n deviceMetadata: RequestMetadata,\n input: ResetPasswordConfirmInput,\n ) {\n await this.hooks.onResetPasswordConfirm?.call(null, {\n input,\n deviceId,\n deviceMetadata,\n })\n\n return constantTime(TIMING_ATTACK_MITIGATION_DELAY, async () => {\n await this.store.resetPasswordConfirm(input)\n })\n }\n\n public async verifyHandleAvailability(handle: string): Promise<void> {\n return constantTime(TIMING_ATTACK_MITIGATION_DELAY, async () => {\n return this.store.verifyHandleAvailability(handle)\n })\n }\n}\n"]}
package/dist/account/account-store.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account-store.js","sourceRoot":"","sources":["../../src/account/account-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAoMA,wCAKC;AA/LD,iDAAsE;AACtE,wDAI2B;AAsBzB,uGAzBA,wCAAsB,OAyBA;AACtB,oGAzBA,qCAAmB,OAyBA;AACnB,wHAzBA,yDAAuC,OAyBA;AAnBzC,kEAAkE;AAElE,yDAAsC;AACtC,2DAAwC;AACxC,yDAAsC;AACtC,iDAA8B;AAC9B,2DAAwC;AA4J3B,QAAA,cAAc,GAAG,IAAA,+BAAqB,EAAe;IAChE,eAAe;IACf,qBAAqB;IACrB,qBAAqB;IACrB,YAAY;IACZ,qBAAqB;IACrB,kBAAkB;IAClB,qBAAqB;IACrB,oBAAoB;IACpB,sBAAsB;IACtB,sBAAsB;IACtB,0BAA0B;CAC3B,CAAC,CAAA;AAEF,SAAgB,cAAc,CAAI,cAAiB;IACjD,IAAI,CAAC,cAAc,IAAI,CAAC,IAAA,sBAAc,EAAC,cAAc,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;IACxD,CAAC;IACD,OAAO,cAAc,CAAA;AACvB,CAAC"}
1
+ {"version":3,"file":"account-store.js","sourceRoot":"","sources":["../../src/account/account-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAoMA,wCAKC;AA/LD,iDAAsE;AACtE,wDAI2B;AAsBzB,uGAzBA,wCAAsB,OAyBA;AACtB,oGAzBA,qCAAmB,OAyBA;AACnB,wHAzBA,yDAAuC,OAyBA;AAnBzC,kEAAkE;AAElE,yDAAsC;AACtC,2DAAwC;AACxC,yDAAsC;AACtC,iDAA8B;AAC9B,2DAAwC;AA4J3B,QAAA,cAAc,GAAG,IAAA,+BAAqB,EAAe;IAChE,eAAe;IACf,qBAAqB;IACrB,qBAAqB;IACrB,YAAY;IACZ,qBAAqB;IACrB,kBAAkB;IAClB,qBAAqB;IACrB,oBAAoB;IACpB,sBAAsB;IACtB,sBAAsB;IACtB,0BAA0B;CAC3B,CAAC,CAAA;AAEF,SAAgB,cAAc,CAAI,cAAiB;IACjD,IAAI,CAAC,cAAc,IAAI,CAAC,IAAA,sBAAc,EAAC,cAAc,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;IACxD,CAAC;IACD,OAAO,cAAc,CAAA;AACvB,CAAC","sourcesContent":["import {\n Account,\n ConfirmResetPasswordInput,\n InitiatePasswordResetInput,\n} from '@atproto/oauth-provider-api'\nimport { OAuthScope } from '@atproto/oauth-types'\nimport { ClientId } from '../client/client-id.js'\nimport { DeviceId } from '../device/device-id.js'\nimport { DeviceData } from '../device/device-store.js'\nimport { HcaptchaVerifyResult } from '../lib/hcaptcha.js'\nimport { Awaitable, buildInterfaceChecker } from '../lib/util/type.js'\nimport {\n HandleUnavailableError,\n InvalidRequestError,\n SecondAuthenticationFactorRequiredError,\n} from '../oauth-errors.js'\nimport { Sub } from '../oidc/sub.js'\nimport { InviteCode } from '../types/invite-code.js'\nimport { SignUpInput } from './sign-up-input.js'\n\n// Export all types needed to implement the AccountStore interface\n\nexport * from '../client/client-id.js'\nexport * from '../device/device-data.js'\nexport * from '../device/device-id.js'\nexport * from '../oidc/sub.js'\nexport * from '../request/request-id.js'\n\nexport type {\n Account,\n HcaptchaVerifyResult,\n InviteCode,\n OAuthScope,\n SignUpInput,\n}\n\nexport {\n HandleUnavailableError,\n InvalidRequestError,\n SecondAuthenticationFactorRequiredError,\n}\n\nexport type ResetPasswordRequestInput = InitiatePasswordResetInput\nexport type ResetPasswordConfirmInput = ConfirmResetPasswordInput\n\nexport type CreateAccountData = {\n locale: string\n email: string\n password: string\n handle: string\n inviteCode?: string | undefined\n}\n\nexport type AuthenticateAccountData = {\n locale: string\n password: string\n username: string\n emailOtp?: string | undefined\n}\n\nexport type AuthorizedClientData = { authorizedScopes: readonly string[] }\nexport type AuthorizedClients = Map<ClientId, AuthorizedClientData>\n\nexport type DeviceAccount = {\n deviceId: DeviceId\n\n /**\n * The data associated with the device, created through the\n * {@link DeviceStore}. This data is used to identify devices on which a user\n * has logged in.\n */\n deviceData: DeviceData\n\n /**\n * The account associated with the device account.\n */\n account: Account\n\n /**\n * The list of clients that are authorized by the account, as created through\n * the {@link AccountStore.setAuthorizedClient} method.\n */\n authorizedClients: AuthorizedClients\n\n /**\n * The date at which the device account was created. This value is currently\n * not used.\n */\n createdAt: Date\n\n /**\n * The date at which the device account was last updated. This value is used\n * to determine the date at which the user last authenticated on a device\n */\n updatedAt: Date\n}\n\nexport type SignUpData = SignUpInput & {\n hcaptchaResult?: HcaptchaVerifyResult\n inviteCode?: InviteCode\n}\n\nexport interface AccountStore {\n /**\n * @throws {HandleUnavailableError} - To indicate that the handle is already taken\n * @throws {InvalidRequestError} - To indicate that some data is invalid\n */\n createAccount(data: CreateAccountData): Awaitable<Account>\n\n /**\n * @throws {InvalidRequestError} - When the credentials are not valid\n * @throws {SecondAuthenticationFactorRequiredError} - To indicate that an {@link SecondAuthenticationFactorRequiredError.type} is required in the credentials\n */\n authenticateAccount(data: AuthenticateAccountData): Awaitable<Account>\n\n /**\n * Add a client & scopes to the list of authorized clients for the given account.\n */\n setAuthorizedClient(\n sub: Sub,\n clientId: ClientId,\n data: AuthorizedClientData,\n ): Awaitable<void>\n\n /**\n * @throws {InvalidRequestError} - When the credentials are not valid\n */\n getAccount(sub: Sub): Awaitable<{\n account: Account\n authorizedClients: AuthorizedClients\n }>\n\n /**\n * @param data.requestId - If provided, the inserted account must be bound to\n * that particular requestId.\n *\n * @note Whenever a particular device account is created, all **unbound**\n * device accounts for the same `deviceId` & `sub` should be deleted.\n *\n * @note When a particular request is deleted (through\n * {@link RequestStore.deleteRequest}), all accounts bound to that request\n * should be deleted as well.\n */\n upsertDeviceAccount(deviceId: DeviceId, sub: Sub): Awaitable<void>\n\n /**\n * @param requestId - If provided, the result must either have the same\n * requestId, or not be bound to a particular requestId. If `null`, the\n * result must not be bound to a particular requestId.\n * @throws {InvalidRequestError} - Instead of returning `null` in order to\n * provide a custom error message\n */\n getDeviceAccount(\n deviceId: DeviceId,\n sub: Sub,\n ): Awaitable<DeviceAccount | null>\n\n /**\n * Removes *all* the unbound device-accounts associated with the given device\n * & account.\n *\n * @note Noop if the device-account is not found.\n */\n removeDeviceAccount(deviceId: DeviceId, sub: Sub): Awaitable<void>\n\n /**\n * @returns **all** the device accounts that match the {@link requestId}\n * criteria and given {@link filter}.\n */\n listDeviceAccounts(\n filter: { sub: Sub } | { deviceId: DeviceId },\n ): Awaitable<DeviceAccount[]>\n\n resetPasswordRequest(data: ResetPasswordRequestInput): Awaitable<void>\n resetPasswordConfirm(data: ResetPasswordConfirmInput): Awaitable<void>\n\n /**\n * @throws {HandleUnavailableError} - To indicate that the handle is already taken\n */\n verifyHandleAvailability(handle: string): Awaitable<void>\n}\n\nexport const isAccountStore = buildInterfaceChecker<AccountStore>([\n 'createAccount',\n 'authenticateAccount',\n 'setAuthorizedClient',\n 'getAccount',\n 'upsertDeviceAccount',\n 'getDeviceAccount',\n 'removeDeviceAccount',\n 'listDeviceAccounts',\n 'resetPasswordRequest',\n 'resetPasswordConfirm',\n 'verifyHandleAvailability',\n])\n\nexport function asAccountStore<V>(implementation: V): V & AccountStore {\n if (!implementation || !isAccountStore(implementation)) {\n throw new Error('Invalid AccountStore implementation')\n }\n return implementation\n}\n"]}
package/dist/account/sign-in-data.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sign-in-data.js","sourceRoot":"","sources":["../../src/account/sign-in-data.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qDAAoD;AACpD,wDAAsD;AACtD,sDAA2E;AAE9D,QAAA,gBAAgB,GAAG,OAAC;KAC9B,MAAM,CAAC;IACN,MAAM,EAAE,wBAAY;IACpB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,+BAAiB,EAAE,+BAAiB,CAAC,CAAC;IACzD,QAAQ,EAAE,6BAAc,CAAC,QAAQ,EAAE;CACpC,CAAC;KACD,MAAM,EAAE,CAAA"}
1
+ {"version":3,"file":"sign-in-data.js","sourceRoot":"","sources":["../../src/account/sign-in-data.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qDAAoD;AACpD,wDAAsD;AACtD,sDAA2E;AAE9D,QAAA,gBAAgB,GAAG,OAAC;KAC9B,MAAM,CAAC;IACN,MAAM,EAAE,wBAAY;IACpB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,+BAAiB,EAAE,+BAAiB,CAAC,CAAC;IACzD,QAAQ,EAAE,6BAAc,CAAC,QAAQ,EAAE;CACpC,CAAC;KACD,MAAM,EAAE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { localeSchema } from '../lib/util/locale.js'\nimport { emailOtpSchema } from '../types/email-otp.js'\nimport { newPasswordSchema, oldPasswordSchema } from '../types/password.js'\n\nexport const signInDataSchema = z\n .object({\n locale: localeSchema,\n username: z.string(),\n password: z.union([oldPasswordSchema, newPasswordSchema]),\n emailOtp: emailOtpSchema.optional(),\n })\n .strict()\n\nexport type SignInData = z.output<typeof signInDataSchema>\n"]}
package/dist/account/sign-up-input.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sign-up-input.js","sourceRoot":"","sources":["../../src/account/sign-up-input.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,oDAAwD;AACxD,qDAAoD;AACpD,gDAA+C;AAC/C,kDAAiD;AACjD,4DAA0D;AAC1D,sDAAwD;AAE3C,QAAA,iBAAiB,GAAG,OAAC;KAC/B,MAAM,CAAC;IACN,MAAM,EAAE,wBAAY;IACpB,MAAM,EAAE,wBAAY;IACpB,KAAK,EAAE,sBAAW;IAClB,QAAQ,EAAE,+BAAiB;IAC3B,UAAU,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IACvC,aAAa,EAAE,iCAAmB,CAAC,QAAQ,EAAE;CAC9C,CAAC;KACD,MAAM,EAAE,CAAA"}
1
+ {"version":3,"file":"sign-up-input.js","sourceRoot":"","sources":["../../src/account/sign-up-input.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,oDAAwD;AACxD,qDAAoD;AACpD,gDAA+C;AAC/C,kDAAiD;AACjD,4DAA0D;AAC1D,sDAAwD;AAE3C,QAAA,iBAAiB,GAAG,OAAC;KAC/B,MAAM,CAAC;IACN,MAAM,EAAE,wBAAY;IACpB,MAAM,EAAE,wBAAY;IACpB,KAAK,EAAE,sBAAW;IAClB,QAAQ,EAAE,+BAAiB;IAC3B,UAAU,EAAE,iCAAgB,CAAC,QAAQ,EAAE;IACvC,aAAa,EAAE,iCAAmB,CAAC,QAAQ,EAAE;CAC9C,CAAC;KACD,MAAM,EAAE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { hcaptchaTokenSchema } from '../lib/hcaptcha.js'\nimport { localeSchema } from '../lib/util/locale.js'\nimport { emailSchema } from '../types/email.js'\nimport { handleSchema } from '../types/handle.js'\nimport { inviteCodeSchema } from '../types/invite-code.js'\nimport { newPasswordSchema } from '../types/password.js'\n\nexport const signUpInputSchema = z\n .object({\n locale: localeSchema,\n handle: handleSchema,\n email: emailSchema,\n password: newPasswordSchema,\n inviteCode: inviteCodeSchema.optional(),\n hcaptchaToken: hcaptchaTokenSchema.optional(),\n })\n .strict()\n\nexport type SignUpInput = z.output<typeof signUpInputSchema>\n"]}
package/dist/client/client-auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client-auth.js","sourceRoot":"","sources":["../../src/client/client-auth.ts"],"names":[],"mappings":""}
1
+ {"version":3,"file":"client-auth.js","sourceRoot":"","sources":["../../src/client/client-auth.ts"],"names":[],"mappings":"","sourcesContent":["import { CLIENT_ASSERTION_TYPE_JWT_BEARER } from '@atproto/oauth-types'\n\nexport type ClientAuth =\n | { method: 'none' }\n | {\n method: 'private_key_jwt'\n\n /**\n * Algorithm used for client authentication.\n *\n * @note We could allow clients to use a different algorithm over time\n * (e.g. because new safer algorithms become available). For now, we\n * require that the algorithm remains the same, as it is a bad practice to\n * use the same key for different purposes.\n */\n alg: string\n\n /**\n * ID of the key that was used for client authentication.\n *\n * @note The most important thing to validate is that the actual key didn't change (which is )\n */\n kid: string\n\n /**\n * Thumbprint of the key used for client authentication. This value must\n * be the same during token refreshes as the thumbprint of the key used\n * during initial token issuance.\n *\n * @note This value is computed by the AS to ensure that the key used for\n * client auth does not change\n */\n jkt: string\n\n /**\n * Nonce used to prevent replay attacks. This value is generated by the\n * client when generating it's assertion JWT and must be unique for each\n * request.\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7523.html#section-3}\n */\n jti: string\n\n /**\n * \"exp\" (expiration time) claim that limits the time window during which\n * the JWT can be used.\n *\n * @note This field is optional for legacy reasons.\n */\n exp?: number\n }\n\n/**\n * @note In its previous version, the code was storing the\n * \"client_assertion_type\" instead of the authentication method, which was\n * confusing and prevented proper comparison with the client's\n * \"token_endpoint_auth_method\" metadata.\n */\nexport type ClientAuthLegacy = {\n method: typeof CLIENT_ASSERTION_TYPE_JWT_BEARER\n alg: string\n kid: string\n jkt: string\n}\n"]}
package/dist/client/client-data.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client-data.js","sourceRoot":"","sources":["../../src/client/client-data.ts"],"names":[],"mappings":""}
1
+ {"version":3,"file":"client-data.js","sourceRoot":"","sources":["../../src/client/client-data.ts"],"names":[],"mappings":"","sourcesContent":["import { Jwks } from '@atproto/jwk'\nimport { OAuthClientMetadata } from '@atproto/oauth-types'\n\nexport type { OAuthClientMetadata }\n\nexport type ClientData = {\n metadata: OAuthClientMetadata\n jwks?: Jwks\n}\n"]}
package/dist/client/client-id.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client-id.js","sourceRoot":"","sources":["../../src/client/client-id.ts"],"names":[],"mappings":";;;AAAA,sDAAyE;AAG5D,QAAA,cAAc,GAAG,iCAAmB,CAAA"}
1
+ {"version":3,"file":"client-id.js","sourceRoot":"","sources":["../../src/client/client-id.ts"],"names":[],"mappings":";;;AAAA,sDAAyE;AAG5D,QAAA,cAAc,GAAG,iCAAmB,CAAA","sourcesContent":["import { OAuthClientId, oauthClientIdSchema } from '@atproto/oauth-types'\n\nexport type ClientId = OAuthClientId\nexport const clientIdSchema = oauthClientIdSchema\n"]}
package/dist/client/client-info.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client-info.js","sourceRoot":"","sources":["../../src/client/client-info.ts"],"names":[],"mappings":""}
1
+ {"version":3,"file":"client-info.js","sourceRoot":"","sources":["../../src/client/client-info.ts"],"names":[],"mappings":"","sourcesContent":["export type ClientInfo = {\n /**\n * Defaults to `false`\n */\n isFirstParty: boolean\n\n /**\n * Defaults to `true` if the client is isFirstParty, or if the client was\n * loaded from the store. (i.e. false in case of \"loopback\" & \"discoverable\"\n * clients)\n */\n isTrusted: boolean\n}\n"]}
package/dist/client/client-manager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client-manager.d.ts","sourceRoot":"","sources":["../../src/client/client-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAiB,MAAM,cAAc,CAAA;AAC1D,OAAO,EACL,gCAAgC,EAChC,yBAAyB,EACzB,qBAAqB,EACrB,mBAAmB,EACnB,wBAAwB,EAKzB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,KAAK,EAKN,MAAM,qBAAqB,CAAA;AAG5B,OAAO,EACL,YAAY,EAEZ,WAAW,EACZ,MAAM,4BAA4B,CAAA;AAInC,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAepC,MAAM,MAAM,sBAAsB,GAAG,CACnC,GAAG,EAAE,MAAM,KACR,SAAS,CAAC,wBAAwB,CAAC,CAAA;AAExC,qBAAa,aAAa;IAKtB,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,gCAAgC;IACnE,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACjC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,GAAG,IAAI;IAC5C,SAAS,CAAC,QAAQ,CAAC,gBAAgB,EAAE,sBAAsB,GAAG,IAAI;IARpE,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACnD,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,YAAY,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;gBAGvD,cAAc,EAAE,gCAAgC,EAChD,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,UAAU,EACjB,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,gBAAgB,GAAE,sBAAsB,GAAG,IAAI,aAAO,EACzE,SAAS,EAAE,KAAK,EAChB,eAAe,EAAE,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,EAC1C,mBAAmB,EAAE,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC;IAsB/D;;;OAGG;IACU,SAAS,CAAC,QAAQ,EAAE,QAAQ;IAiC5B,WAAW,CACtB,SAAS,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAC7B,EACE,OAEC,GACF,GAAE;QACD,OAAO,CAAC,EAAE,CACR,GAAG,EAAE,OAAO,EACZ,QAAQ,EAAE,QAAQ,KACf,SAAS,CAAC,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAA;KACrC,GACL,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;cAoBjB,iBAAiB,CAC/B,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,mBAAmB,CAAC;cAYf,yBAAyB,CACvC,QAAQ,EAAE,qBAAqB,GAC9B,OAAO,CAAC,mBAAmB,CAAC;cAaf,6BAA6B,CAC3C,QAAQ,EAAE,yBAAyB,GAClC,OAAO,CAAC,mBAAmB,CAAC;cAYf,uBAAuB,CACrC,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,mBAAmB,CAAC;IAS/B;;;;;OAKG;IACH,SAAS,CAAC,sBAAsB,CAC9B,QAAQ,EAAE,QAAQ,EAClB,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;IA8btB,8BAA8B,CAC5B,QAAQ,EAAE,qBAAqB,EAC/B,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;IAuCtB,kCAAkC,CAChC,QAAQ,EAAE,yBAAyB,EACnC,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;CAmEvB"}
1
+ {"version":3,"file":"client-manager.d.ts","sourceRoot":"","sources":["../../src/client/client-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAiB,MAAM,cAAc,CAAA;AAC1D,OAAO,EACL,gCAAgC,EAChC,yBAAyB,EACzB,qBAAqB,EACrB,mBAAmB,EACnB,wBAAwB,EAKzB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,KAAK,EAKN,MAAM,qBAAqB,CAAA;AAG5B,OAAO,EACL,YAAY,EAEZ,WAAW,EACZ,MAAM,4BAA4B,CAAA;AAInC,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAE/C,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAepC,MAAM,MAAM,sBAAsB,GAAG,CACnC,GAAG,EAAE,MAAM,KACR,SAAS,CAAC,wBAAwB,CAAC,CAAA;AAExC,qBAAa,aAAa;IAKtB,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,gCAAgC;IACnE,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM;IACjC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU;IACpC,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,GAAG,IAAI;IAC5C,SAAS,CAAC,QAAQ,CAAC,gBAAgB,EAAE,sBAAsB,GAAG,IAAI;IARpE,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACnD,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,YAAY,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAA;gBAGvD,cAAc,EAAE,gCAAgC,EAChD,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,UAAU,EACjB,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,gBAAgB,GAAE,sBAAsB,GAAG,IAAI,aAAO,EACzE,SAAS,EAAE,KAAK,EAChB,eAAe,EAAE,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,EAC1C,mBAAmB,EAAE,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC;IAsB/D;;;OAGG;IACU,SAAS,CAAC,QAAQ,EAAE,QAAQ;IAiC5B,WAAW,CACtB,SAAS,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAC7B,EACE,OAEC,GACF,GAAE;QACD,OAAO,CAAC,EAAE,CACR,GAAG,EAAE,OAAO,EACZ,QAAQ,EAAE,QAAQ,KACf,SAAS,CAAC,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAA;KACrC,GACL,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;cAoBjB,iBAAiB,CAC/B,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,mBAAmB,CAAC;cAYf,yBAAyB,CACvC,QAAQ,EAAE,qBAAqB,GAC9B,OAAO,CAAC,mBAAmB,CAAC;cA2Bf,6BAA6B,CAC3C,QAAQ,EAAE,yBAAyB,GAClC,OAAO,CAAC,mBAAmB,CAAC;cAYf,uBAAuB,CACrC,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,mBAAmB,CAAC;IAS/B;;;;;OAKG;IACH,SAAS,CAAC,sBAAsB,CAC9B,QAAQ,EAAE,QAAQ,EAClB,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;IA8btB,8BAA8B,CAC5B,QAAQ,EAAE,qBAAqB,EAC/B,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;IAuCtB,kCAAkC,CAChC,QAAQ,EAAE,yBAAyB,EACnC,QAAQ,EAAE,mBAAmB,GAC5B,mBAAmB;CAmEvB"}
package/dist/client/client-manager.js CHANGED
@@ -93,7 +93,14 @@ class ClientManager {
93
93
  if (!loopbackMetadata) {
94
94
  throw new invalid_client_metadata_error_js_1.InvalidClientMetadataError('Loopback clients are not allowed');
95
95
  }
96
- const metadata = oauth_types_1.oauthClientMetadataSchema.parse(await loopbackMetadata(clientId));
96
+ const metadataRaw = await (0, function_js_1.callAsync)(loopbackMetadata, clientId).catch((err) => {
97
+ throw invalid_client_metadata_error_js_1.InvalidClientMetadataError.from(err, `Invalid loopback client id "${clientId}"`);
98
+ });
99
+ const metadata = await oauth_types_1.oauthClientMetadataSchema
100
+ .parseAsync(metadataRaw)
101
+ .catch((err) => {
102
+ throw invalid_client_metadata_error_js_1.InvalidClientMetadataError.from(err, `Invalid loopback client metadata for "${clientId}"`);
103
+ });
97
104
  return this.validateClientMetadata(clientId, metadata);
98
105
  }
99
106
  async getDiscoverableClientMetadata(clientId) {
package/dist/client/client-manager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client-manager.js","sourceRoot":"","sources":["../../src/client/client-manager.ts"],"names":[],"mappings":";;;AAAA,sCAA0D;AAC1D,sDAU6B;AAC7B,+CAM4B;AAC5B,yDAA0D;AAC1D,6CAAyC;AACzC,6DAImC;AACnC,iGAAuF;AACvF,2FAAiF;AACjF,yDAAmD;AAKnD,uDAA+E;AAC/E,2CAAoC;AAEpC,MAAM,oBAAoB,GAAG,IAAA,WAAI,EAC/B,IAAA,wBAAgB,GAAE;AAClB,8IAA8I;AAC9I,IAAA,0BAAkB,EAAC,kBAAkB,EAAE,IAAI,CAAC,EAC5C,IAAA,6BAAqB,EAAC,uCAAyB,CAAC,CACjD,CAAA;AAED,MAAM,gBAAgB,GAAG,IAAA,WAAI,EAC3B,IAAA,wBAAgB,GAAE,EAClB,IAAA,0BAAkB,EAAC,kBAAkB,EAAE,KAAK,CAAC,EAC7C,IAAA,6BAAqB,EAAC,mBAAa,CAAC,CACrC,CAAA;AAMD,MAAa,aAAa;IAKH;IACA;IACA;IACA;IACA;IARF,IAAI,CAA4B;IAChC,cAAc,CAA2C;IAE5E,YACqB,cAAgD,EAChD,MAAc,EACd,KAAiB,EACjB,KAAyB,EACzB,mBAAkD,IAAI,EACzE,SAAgB,EAChB,eAA0C,EAC1C,mBAA6D;QAP1C,mBAAc,GAAd,cAAc,CAAkC;QAChD,WAAM,GAAN,MAAM,CAAQ;QACd,UAAK,GAAL,KAAK,CAAY;QACjB,UAAK,GAAL,KAAK,CAAoB;QACzB,qBAAgB,GAAhB,gBAAgB,CAAsC;QAKzE,MAAM,KAAK,GAAG,IAAA,iBAAS,EAAC,SAAS,CAAC,CAAA;QAElC,IAAI,CAAC,IAAI,GAAG,IAAI,2BAAY,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;YAClD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAC9D,gBAAgB,CACjB,CAAA;YAED,OAAO,IAAI,CAAA;QACb,CAAC,EAAE,eAAe,CAAC,CAAA;QAEnB,IAAI,CAAC,cAAc,GAAG,IAAI,2BAAY,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;YAC5D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAClE,oBAAoB,CACrB,CAAA;YAED,+DAA+D;YAC/D,OAAO,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACnD,CAAC,EAAE,mBAAmB,CAAC,CAAA;IACzB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,SAAS,CAAC,QAAkB;QACvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACpE,MAAM,6DAA0B,CAAC,IAAI,CACnC,GAAG,EACH,yCAAyC,QAAQ,GAAG,CACrD,CAAA;QACH,CAAC,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ;YAC5B,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACnD,MAAM,6DAA0B,CAAC,IAAI,CACnC,GAAG,EACH,+BAA+B,QAAQ,CAAC,QAAQ,UAAU,QAAQ,GAAG,CACtE,CAAA;YACH,CAAC,CAAC;YACJ,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,WAAW,GAAG,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,QAAQ,EAAE;YACtE,QAAQ;YACR,IAAI;SACL,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACf,MAAM,6DAA0B,CAAC,IAAI,CACnC,GAAG,EACH,oCAAoC,QAAQ,GAAG,CAChD,CAAA;QACH,CAAC,CAAC,CAAA;QAEF,MAAM,YAAY,GAAG,WAAW,EAAE,YAAY,IAAI,KAAK,CAAA;QACvD,MAAM,SAAS,GAAG,WAAW,EAAE,SAAS,IAAI,YAAY,CAAA;QAExD,OAAO,IAAI,kBAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC,CAAA;IAC1E,CAAC;IAEM,KAAK,CAAC,WAAW,CACtB,SAA6B,EAC7B,EACE,OAAO,GAAG,CAAC,GAAG,EAAE,EAAE;QAChB,MAAM,GAAG,CAAA;IACX,CAAC,MAMC,EAAE;QAEN,yDAAyD;QACzD,MAAM,eAAe,GACnB,SAAS,YAAY,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAA;QAE3D,wCAAwC;QACxC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,CAC7C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAChE,CACF,CAAA;QAED,gCAAgC;QAChC,OAAO,IAAI,GAAG,CACZ,OAAO;aACJ,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,kBAAM,CAAC;aAC/C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CACzB,CAAA;IACH,CAAC;IAES,KAAK,CAAC,iBAAiB,CAC/B,QAAkB;QAElB,IAAI,IAAA,qCAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAA;QACjD,CAAC;aAAM,IAAI,IAAA,yCAA2B,EAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAA;QACrD,CAAC;aAAM,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAA;QAC/C,CAAC;QAED,MAAM,IAAI,6DAA0B,CAAC,sBAAsB,QAAQ,GAAG,CAAC,CAAA;IACzE,CAAC;IAES,KAAK,CAAC,yBAAyB,CACvC,QAA+B;QAE/B,MAAM,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAA;QACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAI,6DAA0B,CAAC,kCAAkC,CAAC,CAAA;QAC1E,CAAC;QAED,MAAM,QAAQ,GAAG,uCAAyB,CAAC,KAAK,CAC9C,MAAM,gBAAgB,CAAC,QAAQ,CAAC,CACjC,CAAA;QAED,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IACxD,CAAC;IAES,KAAK,CAAC,6BAA6B,CAC3C,QAAmC;QAEnC,MAAM,WAAW,GAAG,IAAA,2CAAyB,EAAC,QAAQ,CAAC,CAAA;QAEvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAEhE,sEAAsE;QACtE,mEAAmE;QACnE,EAAE;QACF,iEAAiE;QACjE,OAAO,QAAQ,CAAA;IACjB,CAAC;IAES,KAAK,CAAC,uBAAuB,CACrC,QAAkB;QAElB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;YACtD,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACxD,CAAC;QAED,MAAM,IAAI,6DAA0B,CAAC,sBAAsB,QAAQ,GAAG,CAAC,CAAA;IACzE,CAAC;IAED;;;;;OAKG;IACO,sBAAsB,CAC9B,QAAkB,EAClB,QAA6B;QAE7B,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,IAAI,6DAA0B,CAClC,0CAA0C,CAC3C,CAAA;QACH,CAAC;QAED,iCAAiC;QACjC,KAAK,MAAM,CAAC,IAAI;YACd,iBAAiB;YACjB,8BAA8B;YAC9B,8BAA8B;YAC9B,iCAAiC;SACzB,EAAE,CAAC;YACX,IAAI,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;gBACxB,MAAM,IAAI,6DAA0B,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,UAAU;YACtC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC9B,CAAC,CAAC,IAAI,CAAA;QAER,IAAI,YAAY,IAAI,IAAA,4BAAe,EAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3D,MAAM,IAAI,6DAA0B,CAAC,gCAAgC,CAAC,CAAA;QACxE,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;QAEzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,6DAA0B,CAAC,wBAAwB,CAAC,CAAA;QAChE,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,6DAA0B,CAAC,yBAAyB,CAAC,CAAA;QACjE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,6DAA0B,CAAC,oBAAoB,QAAQ,GAAG,CAAC,CAAA;QACvE,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAC3D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,6DAA0B,CAClC,yBAAyB,YAAY,GAAG,CACzC,CAAA;QACH,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC7C,QAAQ,SAAS,EAAE,CAAC;gBAClB,KAAK,UAAU;oBACb,yBAAyB;oBACzB,MAAM,IAAI,6DAA0B,CAClC,eAAe,SAAS,kBAAkB,CAC3C,CAAA;gBAEH,kDAAkD;gBAClD,6BAA6B;gBAC7B,mBAAmB;gBACnB,KAAK,oBAAoB,CAAC;gBAC1B,KAAK,eAAe;oBAClB,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,qBAAqB,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;wBACpE,MAAM,IAAI,6DAA0B,CAClC,2BAA2B,SAAS,GAAG,CACxC,CAAA;oBACH,CAAC;oBACD,MAAK;gBAEP;oBACE,MAAM,IAAI,6DAA0B,CAClC,eAAe,SAAS,oBAAoB,CAC7C,CAAA;YACL,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,6DAA0B,CAAC,0BAA0B,CAAC,CAAA;QAClE,CAAC;QAED,IAAI,QAAQ,CAAC,YAAY,IAAI,QAAQ,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;YAChE,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,CAC1C,CAAA;QACH,CAAC;QAED,QAAQ,QAAQ,CAAC,0BAA0B,EAAE,CAAC;YAC5C,KAAK,MAAM;gBACT,IAAI,QAAQ,CAAC,+BAA+B,EAAE,CAAC;oBAC7C,MAAM,IAAI,6DAA0B,CAClC,iFAAiF,CAClF,CAAA;gBACH,CAAC;gBACD,MAAK;YAEP,KAAK,iBAAiB;gBACpB,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;oBACzC,MAAM,IAAI,6DAA0B,CAClC,uDAAuD,CACxD,CAAA;gBACH,CAAC;gBACD,IAAI,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACrC,MAAM,IAAI,6DAA0B,CAClC,+DAA+D,CAChE,CAAA;gBACH,CAAC;gBACD,IAAI,CAAC,QAAQ,CAAC,+BAA+B,EAAE,CAAC;oBAC9C,MAAM,IAAI,6DAA0B,CAClC,yDAAyD,CAC1D,CAAA;gBACH,CAAC;gBACD,MAAK;YAEP;gBACE,MAAM,IAAI,6DAA0B,CAClC,6CAA6C,QAAQ,CAAC,0BAA0B,gEAAgE,kBAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAC9L,CAAA;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,oCAAoC,EAAE,CAAC;YAClD,MAAM,IAAI,6DAA0B,CAClC,mDAAmD,CACpD,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,0CAA0C,EAAE,CAAC;YACxD,MAAM,IAAI,6DAA0B,CAClC,kDAAkD,CACnD,CAAA;QACH,CAAC;QAED,IACE,QAAQ,CAAC,oCAAoC;YAC7C,CAAC,QAAQ,CAAC,oCAAoC,EAC9C,CAAC;YACD,MAAM,IAAI,6DAA0B,CAClC,oFAAoF,CACrF,CAAA;QACH,CAAC;QAED,uEAAuE;QACvE,IAAI,QAAQ,CAAC,wBAAwB,KAAK,IAAI,EAAE,CAAC;YAC/C,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,CAC1C,CAAA;QACH,CAAC;QAED,+DAA+D;QAC/D,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,6DAA0B,CAAC,oCAAoC,CAAC,CAAA;QAC5E,CAAC;aAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAChE,oBAAoB;YACpB,MAAM,IAAI,6DAA0B,CAClC,oFAAoF,CACrF,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,2BAA2B,EAAE,MAAM,EAAE,CAAC;YACjD,MAAM,kBAAkB,GACtB,QAAQ,CAAC,2BAA2B,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;YACxD,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,kBAAkB,GAAG,CAC/D,CAAA;YACH,CAAC;YAED,MAAM,kCAAkC,GACtC,IAAI,CAAC,cAAc,CAAC,qCAAqC,CAAA;YAC3D,IAAI,CAAC,kCAAkC,EAAE,CAAC;gBACxC,MAAM,IAAI,6DAA0B,CAClC,+CAA+C,CAChD,CAAA;YACH,CAAC;YACD,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,2BAA2B,EAAE,CAAC;gBACxD,IAAI,CAAC,kCAAkC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvD,MAAM,IAAI,6DAA0B,CAClC,2CAA2C,IAAI,GAAG,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,MAAM,EAAE,CAAC;YACpC,mEAAmE;YAEnE,MAAM,IAAI,6DAA0B,CAClC,uCAAuC,CACxC,CAAA;QACH,CAAC;QAED,IACE,QAAQ,CAAC,gBAAgB,KAAK,QAAQ;YACtC,QAAQ,CAAC,0BAA0B,KAAK,MAAM,EAC9C,CAAC;YACD,4DAA4D;YAC5D,EAAE;YACF,mEAAmE;YACnE,iEAAiE;YACjE,yEAAyE;YACzE,wEAAwE;YACxE,0EAA0E;YAC1E,mEAAmE;YACnE,iBAAiB;YAEjB,0EAA0E;YAC1E,yFAAyF;YACzF,eAAe;YAEf,MAAM,IAAI,6DAA0B,CAClC,sDAAsD,CACvD,CAAA;QACH,CAAC;QAED,IACE,QAAQ,CAAC,gBAAgB,KAAK,KAAK;YACnC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EACzC,CAAC;YACD,8EAA8E;YAC9E,EAAE;YACF,mEAAmE;YACnE,gEAAgE;YAChE,gEAAgE;YAChE,cAAc;YAEd,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;gBACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;gBACzC,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC9B,MAAM,IAAI,uDAAuB,CAC/B,0CAA0C,CAC3C,CAAA;gBACH,CAAC;gBAED,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACjC,MAAM,IAAI,uDAAuB,CAC/B,oDAAoD,CACrD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjC,mEAAmE;gBACnE,MAAM,IAAI,uDAAuB,CAC/B,gBAAgB,GAAG,+BAA+B,CACnD,CAAA;YACH,CAAC;YAED,QAAQ,IAAI,EAAE,CAAC;gBACb,gEAAgE;gBAEhE,KAAK,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC;oBAClC,4DAA4D;oBAC5D,EAAE;oBACF,+CAA+C;oBAC/C,wEAAwE;oBACxE,oEAAoE;oBACpE,wEAAwE;oBACxE,oEAAoE;oBACpE,kEAAkE;oBAClE,qEAAqE;oBACrE,qCAAqC;oBACrC,MAAM,IAAI,uDAAuB,CAC/B,yBAAyB,GAAG,4CAA4C,CACzE,CAAA;gBACH,CAAC;gBAED,KAAK,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC;gBAClC,KAAK,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC;oBAC9B,+BAA+B;oBAC/B,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;wBAC3C,MAAM,IAAI,uDAAuB,CAC/B,yDAAyD,CAC1D,CAAA;oBACH,CAAC;oBAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBACb,4DAA4D;wBAC5D,EAAE;wBACF,oEAAoE;wBACpE,8DAA8D;wBAC9D,gEAAgE;wBAChE,0DAA0D;wBAC1D,EAAE;wBACF,gEAAgE;wBAChE,+DAA+D;wBAC/D,+DAA+D;wBAC/D,oDAAoD;wBACpD,0BAA0B;oBAC5B,CAAC;oBAED,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;wBAC7B,4DAA4D;wBAC5D,EAAE;wBACF,qEAAqE;wBACrE,iEAAiE;wBACjE,sEAAsE;wBACtE,+CAA+C;wBAC/C,MAAM,IAAI,uDAAuB,CAC/B,yBAAyB,GAAG,gBAAgB,CAC7C,CAAA;oBACH,CAAC;oBAED,MAAK;gBACP,CAAC;gBAED,yCAAyC;gBAEzC,KAAK,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC;oBAC9B,8EAA8E;oBAC9E,EAAE;oBACF,gEAAgE;oBAChE,mEAAmE;oBACnE,YAAY;oBACZ,EAAE;oBACF,iEAAiE;oBACjE,mCAAmC;oBAEnC,8EAA8E;oBAC9E,EAAE;oBACF,kEAAkE;oBAClE,6DAA6D;oBAC7D,aAAa;oBACb,MAAM,IAAI,uDAAuB,CAC/B,kEAAkE,CACnE,CAAA;gBACH,CAAC;gBAED,KAAK,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC;oBAC/B,IAAI,IAAA,4BAAe,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,MAAM,IAAI,uDAAuB,CAC/B,iBAAiB,GAAG,8CAA8C,CACnE,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,mEAAmE;oBACnE,mEAAmE;oBACnE,kEAAkE;oBAClE,oEAAoE;oBACpE,gCAAgC;oBAChC,EAAE;oBACF,oEAAoE;oBACpE,uDAAuD;oBACvD,EAAE;oBACF,qEAAqE;oBACrE,iEAAiE;oBACjE,gCAAgC;oBAEhC,oEAAoE;oBACpE,kEAAkE;oBAClE,yBAAyB;oBACzB,EAAE;oBACF,8EAA8E;oBAC9E,EAAE;oBACF,gEAAgE;oBAChE,qEAAqE;oBACrE,iEAAiE;oBACjE,0DAA0D;oBAC1D,EAAE;oBACF,gDAAgD;oBAChD,uCAAuC;oBACvC,qEAAqE;oBACrE,MAAM;oBACN,IAAI;oBAEJ,MAAK;gBACP,CAAC;gBAED,KAAK,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAChC,4DAA4D;oBAC5D,EAAE;oBACF,oEAAoE;oBACpE,iEAAiE;oBACjE,iEAAiE;oBACjE,2CAA2C;oBAE3C,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;wBAC3C,MAAM,IAAI,uDAAuB,CAC/B,sEAAsE,CACvE,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,mEAAmE;oBACnE,mEAAmE;oBACnE,kEAAkE;oBAClE,oEAAoE;oBACpE,gCAAgC;oBAChC,EAAE;oBACF,+DAA+D;oBAC/D,iEAAiE;oBACjE,gDAAgD;oBAEhD,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;oBAE1D,IAAI,IAAA,4BAAe,EAAC,SAAS,CAAC,EAAE,CAAC;wBAC/B,MAAM,IAAI,uDAAuB,CAC/B,kEAAkE,CACnE,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,qEAAqE;oBACrE,sEAAsE;oBACtE,6DAA6D;oBAC7D,IACE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,QAAQ,IAAI,CAAC;wBACxC,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,IAAI,EACR,CAAC;wBACD,MAAM,IAAI,uDAAuB,CAC/B,8CAA8C,GAAG,CAAC,QAAQ,SAAS,CACpE,CAAA;oBACH,CAAC;oBAED,MAAK;gBACP,CAAC;gBAED;oBACE,4DAA4D;oBAC5D,EAAE;oBACF,oEAAoE;oBACpE,+CAA+C;oBAC/C,MAAM,IAAI,uDAAuB,CAC/B,gCAAgC,GAAG,CAAC,QAAQ,GAAG,CAChD,CAAA;YACL,CAAC;QACH,CAAC;QAED,IAAI,IAAA,qCAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAChE,CAAC;aAAM,IAAI,IAAA,yCAA2B,EAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,kCAAkC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACpE,CAAC;aAAM,CAAC;YACN,OAAO,QAAQ,CAAA;QACjB,CAAC;IACH,CAAC;IAED,8BAA8B,CAC5B,QAA+B,EAC/B,QAA6B;QAE7B,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,MAAM,IAAI,6DAA0B,CAClC,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,IAAI,6DAA0B,CAClC,sDAAsD,CACvD,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,0BAA0B,CAAA;QAClD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,6DAA0B,CAClC,wEAAwE,MAAM,EAAE,CACjF,CAAA;QACH,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBAC7B,MAAM,IAAI,uDAAuB,CAC/B,8CAA8C,CAC/C,CAAA;YACH,CAAC;YAED,IAAI,CAAC,IAAA,4BAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,uDAAuB,CAC/B,kDAAkD,CACnD,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,kCAAkC,CAChC,QAAmC,EACnC,QAA6B;QAE7B,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,kIAAkI;YAClI,MAAM,IAAI,6DAA0B,CAClC,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,MAAM,WAAW,GAAG,IAAA,2CAAyB,EAAC,QAAQ,CAAC,CAAA;QAEvD,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,kIAAkI;YAClI,EAAE;YACF,sEAAsE;YACtE,yBAAyB;YAEzB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;YAEjD,IAAI,YAAY,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;gBAC/C,MAAM,IAAI,6DAA0B,CAClC,uDAAuD,CACxD,CAAA;YACH,CAAC;YAED,IAAI,WAAW,CAAC,QAAQ,KAAK,YAAY,CAAC,QAAQ,EAAE,CAAC;gBACnD,IACE,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAC9B,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;oBACjC,CAAC,CAAC,YAAY,CAAC,QAAQ;oBACvB,CAAC,CAAC,GAAG,YAAY,CAAC,QAAQ,GAAG,CAChC,EACD,CAAC;oBACD,MAAM,IAAI,6DAA0B,CAClC,kDAAkD,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,4DAA4D;gBAC5D,EAAE;gBACF,mEAAmE;gBACnE,mEAAmE;gBACnE,kEAAkE;gBAClE,oEAAoE;gBACpE,gCAAgC;gBAEhC,kIAAkI;gBAClI,EAAE;gBACF,kEAAkE;gBAClE,mEAAmE;gBACnE,yDAAyD;gBACzD,MAAM,QAAQ,GAAG,GAAG,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAA;gBAC1D,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC9B,MAAM,IAAI,uDAAuB,CAC/B,6JAA6J,QAAQ,GAAG,CACzK,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;CACF;AAptBD,sCAotBC;AAED,SAAS,WAAW,CAElB,KAAQ,EAAE,KAAa,EAAE,KAAU;IACnC,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAA;AACzC,CAAC;AAED,SAAS,aAAa,CAAC,MAAc;IACnC,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAQ;IACrC,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AACnC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW,EAAE,OAA0B;IAClE,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE;QACtB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;QACvC,mDAAmD;QACnD,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAChD,MAAM,EAAE,OAAO,EAAE,MAAM;QACvB,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAA;AACJ,CAAC"}
1
+ {"version":3,"file":"client-manager.js","sourceRoot":"","sources":["../../src/client/client-manager.ts"],"names":[],"mappings":";;;AAAA,sCAA0D;AAC1D,sDAU6B;AAC7B,+CAM4B;AAC5B,yDAA0D;AAC1D,6CAAyC;AACzC,6DAImC;AACnC,iGAAuF;AACvF,2FAAiF;AACjF,yDAAmD;AAKnD,uDAA+E;AAC/E,2CAAoC;AAEpC,MAAM,oBAAoB,GAAG,IAAA,WAAI,EAC/B,IAAA,wBAAgB,GAAE;AAClB,8IAA8I;AAC9I,IAAA,0BAAkB,EAAC,kBAAkB,EAAE,IAAI,CAAC,EAC5C,IAAA,6BAAqB,EAAC,uCAAyB,CAAC,CACjD,CAAA;AAED,MAAM,gBAAgB,GAAG,IAAA,WAAI,EAC3B,IAAA,wBAAgB,GAAE,EAClB,IAAA,0BAAkB,EAAC,kBAAkB,EAAE,KAAK,CAAC,EAC7C,IAAA,6BAAqB,EAAC,mBAAa,CAAC,CACrC,CAAA;AAMD,MAAa,aAAa;IAKH;IACA;IACA;IACA;IACA;IARF,IAAI,CAA4B;IAChC,cAAc,CAA2C;IAE5E,YACqB,cAAgD,EAChD,MAAc,EACd,KAAiB,EACjB,KAAyB,EACzB,mBAAkD,IAAI,EACzE,SAAgB,EAChB,eAA0C,EAC1C,mBAA6D;QAP1C,mBAAc,GAAd,cAAc,CAAkC;QAChD,WAAM,GAAN,MAAM,CAAQ;QACd,UAAK,GAAL,KAAK,CAAY;QACjB,UAAK,GAAL,KAAK,CAAoB;QACzB,qBAAgB,GAAhB,gBAAgB,CAAsC;QAKzE,MAAM,KAAK,GAAG,IAAA,iBAAS,EAAC,SAAS,CAAC,CAAA;QAElC,IAAI,CAAC,IAAI,GAAG,IAAI,2BAAY,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;YAClD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAC9D,gBAAgB,CACjB,CAAA;YAED,OAAO,IAAI,CAAA;QACb,CAAC,EAAE,eAAe,CAAC,CAAA;QAEnB,IAAI,CAAC,cAAc,GAAG,IAAI,2BAAY,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;YAC5D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAClE,oBAAoB,CACrB,CAAA;YAED,+DAA+D;YAC/D,OAAO,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACnD,CAAC,EAAE,mBAAmB,CAAC,CAAA;IACzB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,SAAS,CAAC,QAAkB;QACvC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACpE,MAAM,6DAA0B,CAAC,IAAI,CACnC,GAAG,EACH,yCAAyC,QAAQ,GAAG,CACrD,CAAA;QACH,CAAC,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ;YAC5B,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACnD,MAAM,6DAA0B,CAAC,IAAI,CACnC,GAAG,EACH,+BAA+B,QAAQ,CAAC,QAAQ,UAAU,QAAQ,GAAG,CACtE,CAAA;YACH,CAAC,CAAC;YACJ,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,WAAW,GAAG,MAAM,IAAA,uBAAS,EAAC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,QAAQ,EAAE;YACtE,QAAQ;YACR,IAAI;SACL,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACf,MAAM,6DAA0B,CAAC,IAAI,CACnC,GAAG,EACH,oCAAoC,QAAQ,GAAG,CAChD,CAAA;QACH,CAAC,CAAC,CAAA;QAEF,MAAM,YAAY,GAAG,WAAW,EAAE,YAAY,IAAI,KAAK,CAAA;QACvD,MAAM,SAAS,GAAG,WAAW,EAAE,SAAS,IAAI,YAAY,CAAA;QAExD,OAAO,IAAI,kBAAM,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC,CAAA;IAC1E,CAAC;IAEM,KAAK,CAAC,WAAW,CACtB,SAA6B,EAC7B,EACE,OAAO,GAAG,CAAC,GAAG,EAAE,EAAE;QAChB,MAAM,GAAG,CAAA;IACX,CAAC,MAMC,EAAE;QAEN,yDAAyD;QACzD,MAAM,eAAe,GACnB,SAAS,YAAY,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC,CAAA;QAE3D,wCAAwC;QACxC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,CAC7C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAChE,CACF,CAAA;QAED,gCAAgC;QAChC,OAAO,IAAI,GAAG,CACZ,OAAO;aACJ,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,YAAY,kBAAM,CAAC;aAC/C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CACzB,CAAA;IACH,CAAC;IAES,KAAK,CAAC,iBAAiB,CAC/B,QAAkB;QAElB,IAAI,IAAA,qCAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAA;QACjD,CAAC;aAAM,IAAI,IAAA,yCAA2B,EAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAA;QACrD,CAAC;aAAM,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAA;QAC/C,CAAC;QAED,MAAM,IAAI,6DAA0B,CAAC,sBAAsB,QAAQ,GAAG,CAAC,CAAA;IACzE,CAAC;IAES,KAAK,CAAC,yBAAyB,CACvC,QAA+B;QAE/B,MAAM,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAA;QACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAI,6DAA0B,CAAC,kCAAkC,CAAC,CAAA;QAC1E,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAA,uBAAS,EAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC,KAAK,CACnE,CAAC,GAAG,EAAE,EAAE;YACN,MAAM,6DAA0B,CAAC,IAAI,CACnC,GAAG,EACH,+BAA+B,QAAQ,GAAG,CAC3C,CAAA;QACH,CAAC,CACF,CAAA;QAED,MAAM,QAAQ,GAAG,MAAM,uCAAyB;aAC7C,UAAU,CAAC,WAAW,CAAC;aACvB,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,MAAM,6DAA0B,CAAC,IAAI,CACnC,GAAG,EACH,yCAAyC,QAAQ,GAAG,CACrD,CAAA;QACH,CAAC,CAAC,CAAA;QAEJ,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IACxD,CAAC;IAES,KAAK,CAAC,6BAA6B,CAC3C,QAAmC;QAEnC,MAAM,WAAW,GAAG,IAAA,2CAAyB,EAAC,QAAQ,CAAC,CAAA;QAEvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAEhE,sEAAsE;QACtE,mEAAmE;QACnE,EAAE;QACF,iEAAiE;QACjE,OAAO,QAAQ,CAAA;IACjB,CAAC;IAES,KAAK,CAAC,uBAAuB,CACrC,QAAkB;QAElB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;YACtD,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACxD,CAAC;QAED,MAAM,IAAI,6DAA0B,CAAC,sBAAsB,QAAQ,GAAG,CAAC,CAAA;IACzE,CAAC;IAED;;;;;OAKG;IACO,sBAAsB,CAC9B,QAAkB,EAClB,QAA6B;QAE7B,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,IAAI,6DAA0B,CAClC,0CAA0C,CAC3C,CAAA;QACH,CAAC;QAED,iCAAiC;QACjC,KAAK,MAAM,CAAC,IAAI;YACd,iBAAiB;YACjB,8BAA8B;YAC9B,8BAA8B;YAC9B,iCAAiC;SACzB,EAAE,CAAC;YACX,IAAI,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;gBACxB,MAAM,IAAI,6DAA0B,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,UAAU;YACtC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC9B,CAAC,CAAC,IAAI,CAAA;QAER,IAAI,YAAY,IAAI,IAAA,4BAAe,EAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3D,MAAM,IAAI,6DAA0B,CAAC,gCAAgC,CAAC,CAAA;QACxE,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;QAEzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,6DAA0B,CAAC,wBAAwB,CAAC,CAAA;QAChE,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,6DAA0B,CAAC,yBAAyB,CAAC,CAAA;QACjE,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,6DAA0B,CAAC,oBAAoB,QAAQ,GAAG,CAAC,CAAA;QACvE,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAC3D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,6DAA0B,CAClC,yBAAyB,YAAY,GAAG,CACzC,CAAA;QACH,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC7C,QAAQ,SAAS,EAAE,CAAC;gBAClB,KAAK,UAAU;oBACb,yBAAyB;oBACzB,MAAM,IAAI,6DAA0B,CAClC,eAAe,SAAS,kBAAkB,CAC3C,CAAA;gBAEH,kDAAkD;gBAClD,6BAA6B;gBAC7B,mBAAmB;gBACnB,KAAK,oBAAoB,CAAC;gBAC1B,KAAK,eAAe;oBAClB,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,qBAAqB,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;wBACpE,MAAM,IAAI,6DAA0B,CAClC,2BAA2B,SAAS,GAAG,CACxC,CAAA;oBACH,CAAC;oBACD,MAAK;gBAEP;oBACE,MAAM,IAAI,6DAA0B,CAClC,eAAe,SAAS,oBAAoB,CAC7C,CAAA;YACL,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,SAAS,IAAI,QAAQ,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,6DAA0B,CAAC,0BAA0B,CAAC,CAAA;QAClE,CAAC;QAED,IAAI,QAAQ,CAAC,YAAY,IAAI,QAAQ,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;YAChE,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,CAC1C,CAAA;QACH,CAAC;QAED,QAAQ,QAAQ,CAAC,0BAA0B,EAAE,CAAC;YAC5C,KAAK,MAAM;gBACT,IAAI,QAAQ,CAAC,+BAA+B,EAAE,CAAC;oBAC7C,MAAM,IAAI,6DAA0B,CAClC,iFAAiF,CAClF,CAAA;gBACH,CAAC;gBACD,MAAK;YAEP,KAAK,iBAAiB;gBACpB,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;oBACzC,MAAM,IAAI,6DAA0B,CAClC,uDAAuD,CACxD,CAAA;gBACH,CAAC;gBACD,IAAI,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACrC,MAAM,IAAI,6DAA0B,CAClC,+DAA+D,CAChE,CAAA;gBACH,CAAC;gBACD,IAAI,CAAC,QAAQ,CAAC,+BAA+B,EAAE,CAAC;oBAC9C,MAAM,IAAI,6DAA0B,CAClC,yDAAyD,CAC1D,CAAA;gBACH,CAAC;gBACD,MAAK;YAEP;gBACE,MAAM,IAAI,6DAA0B,CAClC,6CAA6C,QAAQ,CAAC,0BAA0B,gEAAgE,kBAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAC9L,CAAA;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,oCAAoC,EAAE,CAAC;YAClD,MAAM,IAAI,6DAA0B,CAClC,mDAAmD,CACpD,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,0CAA0C,EAAE,CAAC;YACxD,MAAM,IAAI,6DAA0B,CAClC,kDAAkD,CACnD,CAAA;QACH,CAAC;QAED,IACE,QAAQ,CAAC,oCAAoC;YAC7C,CAAC,QAAQ,CAAC,oCAAoC,EAC9C,CAAC;YACD,MAAM,IAAI,6DAA0B,CAClC,oFAAoF,CACrF,CAAA;QACH,CAAC;QAED,uEAAuE;QACvE,IAAI,QAAQ,CAAC,wBAAwB,KAAK,IAAI,EAAE,CAAC;YAC/C,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,CAC1C,CAAA;QACH,CAAC;QAED,+DAA+D;QAC/D,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,6DAA0B,CAAC,oCAAoC,CAAC,CAAA;QAC5E,CAAC;aAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAChE,oBAAoB;YACpB,MAAM,IAAI,6DAA0B,CAClC,oFAAoF,CACrF,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,2BAA2B,EAAE,MAAM,EAAE,CAAC;YACjD,MAAM,kBAAkB,GACtB,QAAQ,CAAC,2BAA2B,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;YACxD,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,IAAI,6DAA0B,CAClC,yCAAyC,kBAAkB,GAAG,CAC/D,CAAA;YACH,CAAC;YAED,MAAM,kCAAkC,GACtC,IAAI,CAAC,cAAc,CAAC,qCAAqC,CAAA;YAC3D,IAAI,CAAC,kCAAkC,EAAE,CAAC;gBACxC,MAAM,IAAI,6DAA0B,CAClC,+CAA+C,CAChD,CAAA;YACH,CAAC;YACD,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,2BAA2B,EAAE,CAAC;gBACxD,IAAI,CAAC,kCAAkC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvD,MAAM,IAAI,6DAA0B,CAClC,2CAA2C,IAAI,GAAG,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,MAAM,EAAE,CAAC;YACpC,mEAAmE;YAEnE,MAAM,IAAI,6DAA0B,CAClC,uCAAuC,CACxC,CAAA;QACH,CAAC;QAED,IACE,QAAQ,CAAC,gBAAgB,KAAK,QAAQ;YACtC,QAAQ,CAAC,0BAA0B,KAAK,MAAM,EAC9C,CAAC;YACD,4DAA4D;YAC5D,EAAE;YACF,mEAAmE;YACnE,iEAAiE;YACjE,yEAAyE;YACzE,wEAAwE;YACxE,0EAA0E;YAC1E,mEAAmE;YACnE,iBAAiB;YAEjB,0EAA0E;YAC1E,yFAAyF;YACzF,eAAe;YAEf,MAAM,IAAI,6DAA0B,CAClC,sDAAsD,CACvD,CAAA;QACH,CAAC;QAED,IACE,QAAQ,CAAC,gBAAgB,KAAK,KAAK;YACnC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EACzC,CAAC;YACD,8EAA8E;YAC9E,EAAE;YACF,mEAAmE;YACnE,gEAAgE;YAChE,gEAAgE;YAChE,cAAc;YAEd,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;gBACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;gBACzC,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC9B,MAAM,IAAI,uDAAuB,CAC/B,0CAA0C,CAC3C,CAAA;gBACH,CAAC;gBAED,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACjC,MAAM,IAAI,uDAAuB,CAC/B,oDAAoD,CACrD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjC,mEAAmE;gBACnE,MAAM,IAAI,uDAAuB,CAC/B,gBAAgB,GAAG,+BAA+B,CACnD,CAAA;YACH,CAAC;YAED,QAAQ,IAAI,EAAE,CAAC;gBACb,gEAAgE;gBAEhE,KAAK,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC;oBAClC,4DAA4D;oBAC5D,EAAE;oBACF,+CAA+C;oBAC/C,wEAAwE;oBACxE,oEAAoE;oBACpE,wEAAwE;oBACxE,oEAAoE;oBACpE,kEAAkE;oBAClE,qEAAqE;oBACrE,qCAAqC;oBACrC,MAAM,IAAI,uDAAuB,CAC/B,yBAAyB,GAAG,4CAA4C,CACzE,CAAA;gBACH,CAAC;gBAED,KAAK,GAAG,CAAC,QAAQ,KAAK,WAAW,CAAC;gBAClC,KAAK,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC;oBAC9B,+BAA+B;oBAC/B,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;wBAC3C,MAAM,IAAI,uDAAuB,CAC/B,yDAAyD,CAC1D,CAAA;oBACH,CAAC;oBAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBACb,4DAA4D;wBAC5D,EAAE;wBACF,oEAAoE;wBACpE,8DAA8D;wBAC9D,gEAAgE;wBAChE,0DAA0D;wBAC1D,EAAE;wBACF,gEAAgE;wBAChE,+DAA+D;wBAC/D,+DAA+D;wBAC/D,oDAAoD;wBACpD,0BAA0B;oBAC5B,CAAC;oBAED,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;wBAC7B,4DAA4D;wBAC5D,EAAE;wBACF,qEAAqE;wBACrE,iEAAiE;wBACjE,sEAAsE;wBACtE,+CAA+C;wBAC/C,MAAM,IAAI,uDAAuB,CAC/B,yBAAyB,GAAG,gBAAgB,CAC7C,CAAA;oBACH,CAAC;oBAED,MAAK;gBACP,CAAC;gBAED,yCAAyC;gBAEzC,KAAK,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC;oBAC9B,8EAA8E;oBAC9E,EAAE;oBACF,gEAAgE;oBAChE,mEAAmE;oBACnE,YAAY;oBACZ,EAAE;oBACF,iEAAiE;oBACjE,mCAAmC;oBAEnC,8EAA8E;oBAC9E,EAAE;oBACF,kEAAkE;oBAClE,6DAA6D;oBAC7D,aAAa;oBACb,MAAM,IAAI,uDAAuB,CAC/B,kEAAkE,CACnE,CAAA;gBACH,CAAC;gBAED,KAAK,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC;oBAC/B,IAAI,IAAA,4BAAe,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,MAAM,IAAI,uDAAuB,CAC/B,iBAAiB,GAAG,8CAA8C,CACnE,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,mEAAmE;oBACnE,mEAAmE;oBACnE,kEAAkE;oBAClE,oEAAoE;oBACpE,gCAAgC;oBAChC,EAAE;oBACF,oEAAoE;oBACpE,uDAAuD;oBACvD,EAAE;oBACF,qEAAqE;oBACrE,iEAAiE;oBACjE,gCAAgC;oBAEhC,oEAAoE;oBACpE,kEAAkE;oBAClE,yBAAyB;oBACzB,EAAE;oBACF,8EAA8E;oBAC9E,EAAE;oBACF,gEAAgE;oBAChE,qEAAqE;oBACrE,iEAAiE;oBACjE,0DAA0D;oBAC1D,EAAE;oBACF,gDAAgD;oBAChD,uCAAuC;oBACvC,qEAAqE;oBACrE,MAAM;oBACN,IAAI;oBAEJ,MAAK;gBACP,CAAC;gBAED,KAAK,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;oBAChC,4DAA4D;oBAC5D,EAAE;oBACF,oEAAoE;oBACpE,iEAAiE;oBACjE,iEAAiE;oBACjE,2CAA2C;oBAE3C,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;wBAC3C,MAAM,IAAI,uDAAuB,CAC/B,sEAAsE,CACvE,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,mEAAmE;oBACnE,mEAAmE;oBACnE,kEAAkE;oBAClE,oEAAoE;oBACpE,gCAAgC;oBAChC,EAAE;oBACF,+DAA+D;oBAC/D,iEAAiE;oBACjE,gDAAgD;oBAEhD,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;oBAE1D,IAAI,IAAA,4BAAe,EAAC,SAAS,CAAC,EAAE,CAAC;wBAC/B,MAAM,IAAI,uDAAuB,CAC/B,kEAAkE,CACnE,CAAA;oBACH,CAAC;oBAED,4DAA4D;oBAC5D,EAAE;oBACF,qEAAqE;oBACrE,sEAAsE;oBACtE,6DAA6D;oBAC7D,IACE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,QAAQ,IAAI,CAAC;wBACxC,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,QAAQ;wBACZ,GAAG,CAAC,IAAI,EACR,CAAC;wBACD,MAAM,IAAI,uDAAuB,CAC/B,8CAA8C,GAAG,CAAC,QAAQ,SAAS,CACpE,CAAA;oBACH,CAAC;oBAED,MAAK;gBACP,CAAC;gBAED;oBACE,4DAA4D;oBAC5D,EAAE;oBACF,oEAAoE;oBACpE,+CAA+C;oBAC/C,MAAM,IAAI,uDAAuB,CAC/B,gCAAgC,GAAG,CAAC,QAAQ,GAAG,CAChD,CAAA;YACL,CAAC;QACH,CAAC;QAED,IAAI,IAAA,qCAAuB,EAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAChE,CAAC;aAAM,IAAI,IAAA,yCAA2B,EAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC,kCAAkC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACpE,CAAC;aAAM,CAAC;YACN,OAAO,QAAQ,CAAA;QACjB,CAAC;IACH,CAAC;IAED,8BAA8B,CAC5B,QAA+B,EAC/B,QAA6B;QAE7B,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,MAAM,IAAI,6DAA0B,CAClC,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,IAAI,6DAA0B,CAClC,sDAAsD,CACvD,CAAA;QACH,CAAC;QAED,MAAM,MAAM,GAAG,QAAQ,CAAC,0BAA0B,CAAA;QAClD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,6DAA0B,CAClC,wEAAwE,MAAM,EAAE,CACjF,CAAA;QACH,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBAC7B,MAAM,IAAI,uDAAuB,CAC/B,8CAA8C,CAC/C,CAAA;YACH,CAAC;YAED,IAAI,CAAC,IAAA,4BAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,uDAAuB,CAC/B,kDAAkD,CACnD,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,kCAAkC,CAChC,QAAmC,EACnC,QAA6B;QAE7B,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC;YACxB,kIAAkI;YAClI,MAAM,IAAI,6DAA0B,CAClC,gDAAgD,CACjD,CAAA;QACH,CAAC;QAED,MAAM,WAAW,GAAG,IAAA,2CAAyB,EAAC,QAAQ,CAAC,CAAA;QAEvD,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,kIAAkI;YAClI,EAAE;YACF,sEAAsE;YACtE,yBAAyB;YAEzB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;YAEjD,IAAI,YAAY,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;gBAC/C,MAAM,IAAI,6DAA0B,CAClC,uDAAuD,CACxD,CAAA;YACH,CAAC;YAED,IAAI,WAAW,CAAC,QAAQ,KAAK,YAAY,CAAC,QAAQ,EAAE,CAAC;gBACnD,IACE,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAC9B,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;oBACjC,CAAC,CAAC,YAAY,CAAC,QAAQ;oBACvB,CAAC,CAAC,GAAG,YAAY,CAAC,QAAQ,GAAG,CAChC,EACD,CAAC;oBACD,MAAM,IAAI,6DAA0B,CAClC,kDAAkD,CACnD,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,IAAA,kCAAgB,EAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,4DAA4D;gBAC5D,EAAE;gBACF,mEAAmE;gBACnE,mEAAmE;gBACnE,kEAAkE;gBAClE,oEAAoE;gBACpE,gCAAgC;gBAEhC,kIAAkI;gBAClI,EAAE;gBACF,kEAAkE;gBAClE,mEAAmE;gBACnE,yDAAyD;gBACzD,MAAM,QAAQ,GAAG,GAAG,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAA;gBAC1D,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;oBAC9B,MAAM,IAAI,uDAAuB,CAC/B,6JAA6J,QAAQ,GAAG,CACzK,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC;CACF;AAluBD,sCAkuBC;AAED,SAAS,WAAW,CAElB,KAAQ,EAAE,KAAa,EAAE,KAAU;IACnC,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,CAAA;AACzC,CAAC;AAED,SAAS,aAAa,CAAC,MAAc;IACnC,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAQ;IACrC,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AACnC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW,EAAE,OAA0B;IAClE,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE;QACtB,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;QACvC,mDAAmD;QACnD,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAChD,MAAM,EAAE,OAAO,EAAE,MAAM;QACvB,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { Jwks, Keyset, jwksPubSchema } from '@atproto/jwk'\nimport {\n OAuthAuthorizationServerMetadata,\n OAuthClientIdDiscoverable,\n OAuthClientIdLoopback,\n OAuthClientMetadata,\n OAuthClientMetadataInput,\n isLoopbackHost,\n isOAuthClientIdDiscoverable,\n isOAuthClientIdLoopback,\n oauthClientMetadataSchema,\n} from '@atproto/oauth-types'\nimport {\n Fetch,\n bindFetch,\n fetchJsonProcessor,\n fetchJsonZodProcessor,\n fetchOkProcessor,\n} from '@atproto-labs/fetch'\nimport { isLocalHostname } from '@atproto-labs/fetch-node'\nimport { pipe } from '@atproto-labs/pipe'\nimport {\n CachedGetter,\n GetCachedOptions,\n SimpleStore,\n} from '@atproto-labs/simple-store'\nimport { InvalidClientMetadataError } from '../errors/invalid-client-metadata-error.js'\nimport { InvalidRedirectUriError } from '../errors/invalid-redirect-uri-error.js'\nimport { callAsync } from '../lib/util/function.js'\nimport { Awaitable } from '../lib/util/type.js'\nimport { OAuthHooks } from '../oauth-hooks.js'\nimport { ClientId } from './client-id.js'\nimport { ClientStore } from './client-store.js'\nimport { parseDiscoverableClientId, parseRedirectUri } from './client-utils.js'\nimport { Client } from './client.js'\n\nconst fetchMetadataHandler = pipe(\n fetchOkProcessor(),\n // https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html#section-4.1\n fetchJsonProcessor('application/json', true),\n fetchJsonZodProcessor(oauthClientMetadataSchema),\n)\n\nconst fetchJwksHandler = pipe(\n fetchOkProcessor(),\n fetchJsonProcessor('application/json', false),\n fetchJsonZodProcessor(jwksPubSchema),\n)\n\nexport type LoopbackMetadataGetter = (\n url: string,\n) => Awaitable<OAuthClientMetadataInput>\n\nexport class ClientManager {\n protected readonly jwks: CachedGetter<string, Jwks>\n protected readonly metadataGetter: CachedGetter<string, OAuthClientMetadata>\n\n constructor(\n protected readonly serverMetadata: OAuthAuthorizationServerMetadata,\n protected readonly keyset: Keyset,\n protected readonly hooks: OAuthHooks,\n protected readonly store: ClientStore | null,\n protected readonly loopbackMetadata: LoopbackMetadataGetter | null = null,\n safeFetch: Fetch,\n clientJwksCache: SimpleStore<string, Jwks>,\n clientMetadataCache: SimpleStore<string, OAuthClientMetadata>,\n ) {\n const fetch = bindFetch(safeFetch)\n\n this.jwks = new CachedGetter(async (uri, options) => {\n const jwks = await fetch(buildJsonGetRequest(uri, options)).then(\n fetchJwksHandler,\n )\n\n return jwks\n }, clientJwksCache)\n\n this.metadataGetter = new CachedGetter(async (uri, options) => {\n const metadata = await fetch(buildJsonGetRequest(uri, options)).then(\n fetchMetadataHandler,\n )\n\n // Validate within the getter to avoid caching invalid metadata\n return this.validateClientMetadata(uri, metadata)\n }, clientMetadataCache)\n }\n\n /**\n *\n * @see {@link https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2 OIDC Client Registration}\n */\n public async getClient(clientId: ClientId) {\n const metadata = await this.getClientMetadata(clientId).catch((err) => {\n throw InvalidClientMetadataError.from(\n err,\n `Unable to obtain client metadata for \"${clientId}\"`,\n )\n })\n\n const jwks = metadata.jwks_uri\n ? await this.jwks.get(metadata.jwks_uri).catch((err) => {\n throw InvalidClientMetadataError.from(\n err,\n `Unable to obtain jwks from \"${metadata.jwks_uri}\" for \"${clientId}\"`,\n )\n })\n : undefined\n\n const partialInfo = await callAsync(this.hooks.getClientInfo, clientId, {\n metadata,\n jwks,\n }).catch((err) => {\n throw InvalidClientMetadataError.from(\n err,\n `Rejected client information for \"${clientId}\"`,\n )\n })\n\n const isFirstParty = partialInfo?.isFirstParty ?? false\n const isTrusted = partialInfo?.isTrusted ?? isFirstParty\n\n return new Client(clientId, metadata, jwks, { isFirstParty, isTrusted })\n }\n\n public async loadClients(\n clientIds: Iterable<ClientId>,\n {\n onError = (err) => {\n throw err\n },\n }: {\n onError?: (\n err: unknown,\n clientId: ClientId,\n ) => Awaitable<Client | null | undefined>\n } = {},\n ): Promise<Map<ClientId, Client>> {\n // Make sure we don't load the same client multiple times\n const uniqueClientIds =\n clientIds instanceof Set ? clientIds : new Set(clientIds)\n\n // Load all (unique) clients in parallel\n const clients = await Promise.all(\n Array.from(uniqueClientIds, async (clientId) =>\n this.getClient(clientId).catch((err) => onError(err, clientId)),\n ),\n )\n\n // Return a map for easy lookups\n return new Map(\n clients\n .filter((c) => c != null && c instanceof Client)\n .map((c) => [c.id, c]),\n )\n }\n\n protected async getClientMetadata(\n clientId: ClientId,\n ): Promise<OAuthClientMetadata> {\n if (isOAuthClientIdLoopback(clientId)) {\n return this.getLoopbackClientMetadata(clientId)\n } else if (isOAuthClientIdDiscoverable(clientId)) {\n return this.getDiscoverableClientMetadata(clientId)\n } else if (this.store) {\n return this.getStoredClientMetadata(clientId)\n }\n\n throw new InvalidClientMetadataError(`Invalid client ID \"${clientId}\"`)\n }\n\n protected async getLoopbackClientMetadata(\n clientId: OAuthClientIdLoopback,\n ): Promise<OAuthClientMetadata> {\n const { loopbackMetadata } = this\n if (!loopbackMetadata) {\n throw new InvalidClientMetadataError('Loopback clients are not allowed')\n }\n\n const metadataRaw = await callAsync(loopbackMetadata, clientId).catch(\n (err) => {\n throw InvalidClientMetadataError.from(\n err,\n `Invalid loopback client id \"${clientId}\"`,\n )\n },\n )\n\n const metadata = await oauthClientMetadataSchema\n .parseAsync(metadataRaw)\n .catch((err) => {\n throw InvalidClientMetadataError.from(\n err,\n `Invalid loopback client metadata for \"${clientId}\"`,\n )\n })\n\n return this.validateClientMetadata(clientId, metadata)\n }\n\n protected async getDiscoverableClientMetadata(\n clientId: OAuthClientIdDiscoverable,\n ): Promise<OAuthClientMetadata> {\n const metadataUrl = parseDiscoverableClientId(clientId)\n\n const metadata = await this.metadataGetter.get(metadataUrl.href)\n\n // Note: we do *not* re-validate the metadata here, as the metadata is\n // validated within the getter. This is to avoid double validation.\n //\n // return this.validateClientMetadata(metadataUrl.href, metadata)\n return metadata\n }\n\n protected async getStoredClientMetadata(\n clientId: ClientId,\n ): Promise<OAuthClientMetadata> {\n if (this.store) {\n const metadata = await this.store.findClient(clientId)\n return this.validateClientMetadata(clientId, metadata)\n }\n\n throw new InvalidClientMetadataError(`Invalid client ID \"${clientId}\"`)\n }\n\n /**\n * This method will ensure that the client metadata is valid w.r.t. the OAuth\n * and OIDC specifications. It will also ensure that the metadata is\n * compatible with the implementation of this library, and ATPROTO's\n * requirements.\n */\n protected validateClientMetadata(\n clientId: ClientId,\n metadata: OAuthClientMetadata,\n ): OAuthClientMetadata {\n if (metadata.jwks && metadata.jwks_uri) {\n throw new InvalidClientMetadataError(\n 'jwks_uri and jwks are mutually exclusive',\n )\n }\n\n // Known OIDC specific parameters\n for (const k of [\n 'default_max_age',\n 'userinfo_signed_response_alg',\n 'id_token_signed_response_alg',\n 'userinfo_encrypted_response_alg',\n ] as const) {\n if (metadata[k] != null) {\n throw new InvalidClientMetadataError(`Unsupported \"${k}\" parameter`)\n }\n }\n\n const clientUriUrl = metadata.client_uri\n ? new URL(metadata.client_uri)\n : null\n\n if (clientUriUrl && isLocalHostname(clientUriUrl.hostname)) {\n throw new InvalidClientMetadataError('client_uri hostname is invalid')\n }\n\n const scopes = metadata.scope?.split(' ')\n\n if (!scopes) {\n throw new InvalidClientMetadataError('Missing scope property')\n }\n\n if (!scopes.includes('atproto')) {\n throw new InvalidClientMetadataError('Missing \"atproto\" scope')\n }\n\n const dupScope = scopes?.find(isDuplicate)\n if (dupScope) {\n throw new InvalidClientMetadataError(`Duplicate scope \"${dupScope}\"`)\n }\n\n const dupGrantType = metadata.grant_types.find(isDuplicate)\n if (dupGrantType) {\n throw new InvalidClientMetadataError(\n `Duplicate grant type \"${dupGrantType}\"`,\n )\n }\n\n for (const grantType of metadata.grant_types) {\n switch (grantType) {\n case 'implicit':\n // Never allowed (unsafe)\n throw new InvalidClientMetadataError(\n `Grant type \"${grantType}\" is not allowed`,\n )\n\n // @TODO Add support (e.g. for first party client)\n // case 'client_credentials':\n // case 'password':\n case 'authorization_code':\n case 'refresh_token':\n if (!this.serverMetadata.grant_types_supported?.includes(grantType)) {\n throw new InvalidClientMetadataError(\n `Unsupported grant type \"${grantType}\"`,\n )\n }\n break\n\n default:\n throw new InvalidClientMetadataError(\n `Grant type \"${grantType}\" is not supported`,\n )\n }\n }\n\n if (metadata.client_id && metadata.client_id !== clientId) {\n throw new InvalidClientMetadataError('client_id does not match')\n }\n\n if (metadata.subject_type && metadata.subject_type !== 'public') {\n throw new InvalidClientMetadataError(\n 'Only \"public\" subject_type is supported',\n )\n }\n\n switch (metadata.token_endpoint_auth_method) {\n case 'none':\n if (metadata.token_endpoint_auth_signing_alg) {\n throw new InvalidClientMetadataError(\n `token_endpoint_auth_method \"none\" must not have token_endpoint_auth_signing_alg`,\n )\n }\n break\n\n case 'private_key_jwt':\n if (!metadata.jwks && !metadata.jwks_uri) {\n throw new InvalidClientMetadataError(\n `private_key_jwt auth method requires jwks or jwks_uri`,\n )\n }\n if (metadata.jwks?.keys.length === 0) {\n throw new InvalidClientMetadataError(\n `private_key_jwt auth method requires at least one key in jwks`,\n )\n }\n if (!metadata.token_endpoint_auth_signing_alg) {\n throw new InvalidClientMetadataError(\n `Missing token_endpoint_auth_signing_alg client metadata`,\n )\n }\n break\n\n default:\n throw new InvalidClientMetadataError(\n `Unsupported client authentication method \"${metadata.token_endpoint_auth_method}\". Make sure \"token_endpoint_auth_method\" is set to one of: \"${Client.AUTH_METHODS_SUPPORTED.join('\", \"')}\"`,\n )\n }\n\n if (metadata.authorization_encrypted_response_enc) {\n throw new InvalidClientMetadataError(\n 'Encrypted authorization response is not supported',\n )\n }\n\n if (metadata.tls_client_certificate_bound_access_tokens) {\n throw new InvalidClientMetadataError(\n 'Mutual-TLS bound access tokens are not supported',\n )\n }\n\n if (\n metadata.authorization_encrypted_response_enc &&\n !metadata.authorization_encrypted_response_alg\n ) {\n throw new InvalidClientMetadataError(\n 'authorization_encrypted_response_enc requires authorization_encrypted_response_alg',\n )\n }\n\n // ATPROTO spec requires the use of DPoP (OAuth spec defaults to false)\n if (metadata.dpop_bound_access_tokens !== true) {\n throw new InvalidClientMetadataError(\n '\"dpop_bound_access_tokens\" must be true',\n )\n }\n\n // ATPROTO spec requires the use of PKCE, does not support OIDC\n if (!metadata.response_types.includes('code')) {\n throw new InvalidClientMetadataError('response_types must include \"code\"')\n } else if (!metadata.grant_types.includes('authorization_code')) {\n // Consistency check\n throw new InvalidClientMetadataError(\n `The \"code\" response type requires that \"grant_types\" contains \"authorization_code\"`,\n )\n }\n\n if (metadata.authorization_details_types?.length) {\n const dupAuthDetailsType =\n metadata.authorization_details_types.find(isDuplicate)\n if (dupAuthDetailsType) {\n throw new InvalidClientMetadataError(\n `Duplicate authorization_details_type \"${dupAuthDetailsType}\"`,\n )\n }\n\n const authorizationDetailsTypesSupported =\n this.serverMetadata.authorization_details_types_supported\n if (!authorizationDetailsTypesSupported) {\n throw new InvalidClientMetadataError(\n 'authorization_details_types are not supported',\n )\n }\n for (const type of metadata.authorization_details_types) {\n if (!authorizationDetailsTypesSupported.includes(type)) {\n throw new InvalidClientMetadataError(\n `Unsupported authorization_details_type \"${type}\"`,\n )\n }\n }\n }\n\n if (!metadata.redirect_uris?.length) {\n // ATPROTO spec requires that at least one redirect URI is provided\n\n throw new InvalidClientMetadataError(\n 'At least one redirect_uri is required',\n )\n }\n\n if (\n metadata.application_type === 'native' &&\n metadata.token_endpoint_auth_method !== 'none'\n ) {\n // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n //\n // > Except when using a mechanism like Dynamic Client Registration\n // > [RFC7591] to provision per-instance secrets, native apps are\n // > classified as public clients, as defined by Section 2.1 of OAuth 2.0\n // > [RFC6749]; they MUST be registered with the authorization server as\n // > such. Authorization servers MUST record the client type in the client\n // > registration details in order to identify and process requests\n // > accordingly.\n\n // @NOTE We may want to remove this restriction in the future, for example\n // if https://github.com/bluesky-social/proposals/tree/main/0010-client-assertion-backend\n // gets adopted\n\n throw new InvalidClientMetadataError(\n 'Native clients must authenticate using \"none\" method',\n )\n }\n\n if (\n metadata.application_type === 'web' &&\n metadata.grant_types.includes('implicit')\n ) {\n // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2\n //\n // > Web Clients [as defined by \"application_type\"] using the OAuth\n // > Implicit Grant Type MUST only register URLs using the https\n // > scheme as redirect_uris; they MUST NOT use localhost as the\n // > hostname.\n\n for (const redirectUri of metadata.redirect_uris) {\n const url = parseRedirectUri(redirectUri)\n if (url.protocol !== 'https:') {\n throw new InvalidRedirectUriError(\n `Web clients must use HTTPS redirect URIs`,\n )\n }\n\n if (url.hostname === 'localhost') {\n throw new InvalidRedirectUriError(\n `Web clients must not use localhost as the hostname`,\n )\n }\n }\n }\n\n for (const redirectUri of metadata.redirect_uris) {\n const url = parseRedirectUri(redirectUri)\n\n if (url.username || url.password) {\n // Is this a valid concern? Should we allow credentials in the URI?\n throw new InvalidRedirectUriError(\n `Redirect URI ${url} must not contain credentials`,\n )\n }\n\n switch (true) {\n // FIRST: Loopback redirect URI exception (only for native apps)\n\n case url.hostname === 'localhost': {\n // https://datatracker.ietf.org/doc/html/rfc8252#section-8.3\n //\n // > While redirect URIs using localhost (i.e.,\n // > \"http://localhost:{port}/{path}\") function similarly to loopback IP\n // > redirects described in Section 7.3, the use of localhost is NOT\n // > RECOMMENDED. Specifying a redirect URI with the loopback IP literal\n // > rather than localhost avoids inadvertently listening on network\n // > interfaces other than the loopback interface. It is also less\n // > susceptible to client-side firewalls and misconfigured host name\n // > resolution on the user's device.\n throw new InvalidRedirectUriError(\n `Loopback redirect URI ${url} is not allowed (use explicit IPs instead)`,\n )\n }\n\n case url.hostname === '127.0.0.1':\n case url.hostname === '[::1]': {\n // Only allowed for native apps\n if (metadata.application_type !== 'native') {\n throw new InvalidRedirectUriError(\n `Loopback redirect URIs are only allowed for native apps`,\n )\n }\n\n if (url.port) {\n // https://datatracker.ietf.org/doc/html/rfc8252#section-7.3\n //\n // > The authorization server MUST allow any port to be specified at\n // > the time of the request for loopback IP redirect URIs, to\n // > accommodate clients that obtain an available ephemeral port\n // > from the operating system at the time of the request.\n //\n // Note: although validation of the redirect_uri will ignore the\n // port we still allow it to be specified, as the spec does not\n // forbid it. If a port number is specified, ports will need to\n // match when validating authorization requests. See\n // \"compareRedirectUri()\".\n }\n\n if (url.protocol !== 'http:') {\n // https://datatracker.ietf.org/doc/html/rfc8252#section-7.3\n //\n // > Loopback redirect URIs use the \"http\" scheme and are constructed\n // > with the loopback IP literal and whatever port the client is\n // > listening on. That is, \"http://127.0.0.1:{port}/{path}\" for IPv4,\n // > and \"http://[::1]:{port}/{path}\" for IPv6.\n throw new InvalidRedirectUriError(\n `Loopback redirect URI ${url} must use HTTP`,\n )\n }\n\n break\n }\n\n // SECOND: Protocol-based URI Redirection\n\n case url.protocol === 'http:': {\n // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2\n //\n // > request_uri [...] URLs MUST use the https scheme unless the\n // > target Request Object is signed in a way that is verifiable by\n // > the OP.\n //\n // OIDC/Request Object are not supported. ATproto spec should not\n // allow HTTP redirect URIs either.\n\n // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2\n //\n // > Authorization Servers MAY reject Redirection URI values using\n // > the http scheme, other than the loopback case for Native\n // > Clients.\n throw new InvalidRedirectUriError(\n 'Only loopback redirect URIs are allowed to use the \"http\" scheme',\n )\n }\n\n case url.protocol === 'https:': {\n if (isLocalHostname(url.hostname)) {\n throw new InvalidRedirectUriError(\n `Redirect URI \"${url}\"'s domain name must not be a local hostname`,\n )\n }\n\n // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n //\n // > In addition to the collision-resistant properties, requiring a\n // > URI scheme based on a domain name that is under the control of\n // > the app can help to prove ownership in the event of a dispute\n // > where two apps claim the same private-use URI scheme (where one\n // > app is acting maliciously).\n //\n // We can't enforce this here (in generic client validation) because\n // we don't have a concept of generic proven ownership.\n //\n // Discoverable clients, however, will have this check covered in the\n // `validateDiscoverableClientMetadata`, by using the client_id's\n // domain as \"proven ownership\".\n\n // The following restriction from OIDC is *not* enforced for clients\n // as it prevents \"App Links\" / \"Apple Universal Links\" from being\n // used as redirect URIs.\n //\n // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2\n //\n // > Native Clients [as defined by \"application_type\"] MUST only\n // > register redirect_uris using custom URI schemes or loopback URLs\n // > using the http scheme; loopback URLs use localhost or the IP\n // > loopback literals 127.0.0.1 or [::1] as the hostname.\n //\n // if (metadata.application_type === 'native') {\n // throw new InvalidRedirectUriError(\n // `Native clients must use custom URI schemes or loopback URLs`,\n // )\n // }\n\n break\n }\n\n case isPrivateUseUriScheme(url): {\n // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n //\n // > When choosing a URI scheme to associate with the app, apps MUST\n // > use a URI scheme based on a domain name under their control,\n // > expressed in reverse order, as recommended by Section 3.8 of\n // > [RFC7595] for private-use URI schemes.\n\n if (metadata.application_type !== 'native') {\n throw new InvalidRedirectUriError(\n `Private-Use URI Scheme redirect URI are only allowed for native apps`,\n )\n }\n\n // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n //\n // > In addition to the collision-resistant properties, requiring a\n // > URI scheme based on a domain name that is under the control of\n // > the app can help to prove ownership in the event of a dispute\n // > where two apps claim the same private-use URI scheme (where one\n // > app is acting maliciously).\n //\n // We can't check for ownership here (as there is no concept of\n // proven ownership in the generic client validation), but we can\n // check that the domain is a valid domain name.\n\n const urlDomain = reverseDomain(url.protocol.slice(0, -1))\n\n if (isLocalHostname(urlDomain)) {\n throw new InvalidRedirectUriError(\n `Private-use URI Scheme redirect URI must not be a local hostname`,\n )\n }\n\n // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n //\n // > Following the requirements of Section 3.2 of [RFC3986], as there\n // > is no naming authority for private-use URI scheme redirects, only\n // > a single slash (\"/\") appears after the scheme component.\n if (\n url.href.startsWith(`${url.protocol}//`) ||\n url.username ||\n url.password ||\n url.hostname ||\n url.port\n ) {\n throw new InvalidRedirectUriError(\n `Private-Use URI Scheme must be in the form ${url.protocol}/<path>`,\n )\n }\n\n break\n }\n\n default:\n // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n //\n // > At a minimum, any private-use URI scheme that doesn't contain a\n // > period character (\".\") SHOULD be rejected.\n throw new InvalidRedirectUriError(\n `Invalid redirect URI scheme \"${url.protocol}\"`,\n )\n }\n }\n\n if (isOAuthClientIdLoopback(clientId)) {\n return this.validateLoopbackClientMetadata(clientId, metadata)\n } else if (isOAuthClientIdDiscoverable(clientId)) {\n return this.validateDiscoverableClientMetadata(clientId, metadata)\n } else {\n return metadata\n }\n }\n\n validateLoopbackClientMetadata(\n clientId: OAuthClientIdLoopback,\n metadata: OAuthClientMetadata,\n ): OAuthClientMetadata {\n if (metadata.client_uri) {\n throw new InvalidClientMetadataError(\n 'client_uri is not allowed for loopback clients',\n )\n }\n\n if (metadata.application_type !== 'native') {\n throw new InvalidClientMetadataError(\n 'Loopback clients must have application_type \"native\"',\n )\n }\n\n const method = metadata.token_endpoint_auth_method\n if (method !== 'none') {\n throw new InvalidClientMetadataError(\n `Loopback clients are not allowed to use \"token_endpoint_auth_method\" ${method}`,\n )\n }\n\n for (const redirectUri of metadata.redirect_uris) {\n const url = parseRedirectUri(redirectUri)\n\n if (url.protocol !== 'http:') {\n throw new InvalidRedirectUriError(\n `Loopback clients must use HTTP redirect URIs`,\n )\n }\n\n if (!isLoopbackHost(url.hostname)) {\n throw new InvalidRedirectUriError(\n `Loopback clients must use loopback redirect URIs`,\n )\n }\n }\n\n return metadata\n }\n\n validateDiscoverableClientMetadata(\n clientId: OAuthClientIdDiscoverable,\n metadata: OAuthClientMetadata,\n ): OAuthClientMetadata {\n if (!metadata.client_id) {\n // https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html\n throw new InvalidClientMetadataError(\n `client_id is required for discoverable clients`,\n )\n }\n\n const clientIdUrl = parseDiscoverableClientId(clientId)\n\n if (metadata.client_uri) {\n // https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html\n //\n // The client_uri must be a parent of the client_id URL. This might be\n // relaxed in the future.\n\n const clientUriUrl = new URL(metadata.client_uri)\n\n if (clientUriUrl.origin !== clientIdUrl.origin) {\n throw new InvalidClientMetadataError(\n `client_uri must have the same origin as the client_id`,\n )\n }\n\n if (clientIdUrl.pathname !== clientUriUrl.pathname) {\n if (\n !clientIdUrl.pathname.startsWith(\n clientUriUrl.pathname.endsWith('/')\n ? clientUriUrl.pathname\n : `${clientUriUrl.pathname}/`,\n )\n ) {\n throw new InvalidClientMetadataError(\n `client_uri must be a parent URL of the client_id`,\n )\n }\n }\n }\n\n for (const redirectUri of metadata.redirect_uris) {\n const url = parseRedirectUri(redirectUri)\n\n if (isPrivateUseUriScheme(url)) {\n // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n //\n // > In addition to the collision-resistant properties, requiring a\n // > URI scheme based on a domain name that is under the control of\n // > the app can help to prove ownership in the event of a dispute\n // > where two apps claim the same private-use URI scheme (where one\n // > app is acting maliciously).\n\n // https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html\n //\n // Fully qualified domain name (FQDN) of the client_id, in reverse\n // order. This could be relaxed to allow same apex domain names, or\n // parent domains, but for now we require an exact match.\n const protocol = `${reverseDomain(clientIdUrl.hostname)}:`\n if (url.protocol !== protocol) {\n throw new InvalidRedirectUriError(\n `Private-Use URI Scheme redirect URI, for discoverable client metadata, must be the fully qualified domain name (FQDN) of the client_id, in reverse order (${protocol})`,\n )\n }\n }\n }\n\n return metadata\n }\n}\n\nfunction isDuplicate<\n T extends string | number | boolean | null | undefined | symbol,\n>(value: T, index: number, array: T[]) {\n return array.includes(value, index + 1)\n}\n\nfunction reverseDomain(domain: string) {\n return domain.split('.').reverse().join('.')\n}\n\nfunction isPrivateUseUriScheme(uri: URL) {\n return uri.protocol.includes('.')\n}\n\nfunction buildJsonGetRequest(uri: string, options?: GetCachedOptions) {\n return new Request(uri, {\n headers: { accept: 'application/json' },\n // @ts-expect-error invalid types in \"undici-types\"\n cache: options?.noCache ? 'no-cache' : undefined,\n signal: options?.signal,\n redirect: 'error',\n })\n}\n"]}
package/dist/client/client-store.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client-store.js","sourceRoot":"","sources":["../../src/client/client-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAiBA,sCAQC;AAED,sCAOC;AAjCD,iDAAsE;AAGtE,iEAAiE;AACjE,mDAAgC;AAChC,iDAA8B;AAOjB,QAAA,aAAa,GAAG,IAAA,+BAAqB,EAAc;IAC9D,YAAY,EAAE,EAAE;CACjB,CAAC,CAAA;AAEF,SAAgB,aAAa,CAC3B,cAAkB;IAElB,IAAI,cAAc,IAAI,IAAA,qBAAa,EAAC,cAAc,CAAC,EAAE,CAAC;QACpD,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAgB,aAAa,CAC3B,cAAkB;IAElB,MAAM,KAAK,GAAG,aAAa,CAAC,cAAc,CAAC,CAAA;IAC3C,IAAI,KAAK;QAAE,OAAO,KAAK,CAAA;IAEvB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;AACvD,CAAC"}
1
+ {"version":3,"file":"client-store.js","sourceRoot":"","sources":["../../src/client/client-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAiBA,sCAQC;AAED,sCAOC;AAjCD,iDAAsE;AAGtE,iEAAiE;AACjE,mDAAgC;AAChC,iDAA8B;AAOjB,QAAA,aAAa,GAAG,IAAA,+BAAqB,EAAc;IAC9D,YAAY,EAAE,EAAE;CACjB,CAAC,CAAA;AAEF,SAAgB,aAAa,CAC3B,cAAkB;IAElB,IAAI,cAAc,IAAI,IAAA,qBAAa,EAAC,cAAc,CAAC,EAAE,CAAC;QACpD,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAgB,aAAa,CAC3B,cAAkB;IAElB,MAAM,KAAK,GAAG,aAAa,CAAC,cAAc,CAAC,CAAA;IAC3C,IAAI,KAAK;QAAE,OAAO,KAAK,CAAA;IAEvB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;AACvD,CAAC","sourcesContent":["import { OAuthClientMetadata } from '@atproto/oauth-types'\nimport { Awaitable, buildInterfaceChecker } from '../lib/util/type.js'\nimport { ClientId } from './client-id.js'\n\n// Export all types needed to implement the ClientStore interface\nexport * from './client-data.js'\nexport * from './client-id.js'\nexport type { Awaitable, OAuthClientMetadata }\n\nexport interface ClientStore {\n findClient(clientId: ClientId): Awaitable<OAuthClientMetadata>\n}\n\nexport const isClientStore = buildInterfaceChecker<ClientStore>([\n 'findClient', //\n])\n\nexport function ifClientStore<V extends Partial<ClientStore>>(\n implementation?: V,\n): (V & ClientStore) | undefined {\n if (implementation && isClientStore(implementation)) {\n return implementation\n }\n\n return undefined\n}\n\nexport function asClientStore<V extends Partial<ClientStore>>(\n implementation?: V,\n): V & ClientStore {\n const store = ifClientStore(implementation)\n if (store) return store\n\n throw new Error('Invalid ClientStore implementation')\n}\n"]}
package/dist/client/client-utils.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client-utils.js","sourceRoot":"","sources":["../../src/client/client-utils.ts"],"names":[],"mappings":";;AAQA,4CAMC;AAED,8DAoBC;AApCD,sDAG6B;AAC7B,yDAA0D;AAC1D,qFAA2E;AAC3E,2FAAiF;AAEjF,SAAgB,gBAAgB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,WAAW,CAAC,CAAA;IAC7B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,uDAAuB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzC,CAAC;AACH,CAAC;AAED,SAAgB,yBAAyB,CACvC,QAAmC;IAEnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4CAA8B,EAAC,QAAQ,CAAC,CAAA;QAEpD,oEAAoE;QACpE,IAAI,IAAA,4BAAe,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,iDAAoB,CAC5B,kDAAkD,CACnD,CAAA;QACH,CAAC;QAED,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,iDAAoB,CAAC,IAAI,CAC7B,GAAG,EACH,wCAAwC,CACzC,CAAA;IACH,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"client-utils.js","sourceRoot":"","sources":["../../src/client/client-utils.ts"],"names":[],"mappings":";;AAQA,4CAMC;AAED,8DAoBC;AApCD,sDAG6B;AAC7B,yDAA0D;AAC1D,qFAA2E;AAC3E,2FAAiF;AAEjF,SAAgB,gBAAgB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,WAAW,CAAC,CAAA;IAC7B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,uDAAuB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACzC,CAAC;AACH,CAAC;AAED,SAAgB,yBAAyB,CACvC,QAAmC;IAEnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAA,4CAA8B,EAAC,QAAQ,CAAC,CAAA;QAEpD,oEAAoE;QACpE,IAAI,IAAA,4BAAe,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,iDAAoB,CAC5B,kDAAkD,CACnD,CAAA;QACH,CAAC;QAED,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,iDAAoB,CAAC,IAAI,CAC7B,GAAG,EACH,wCAAwC,CACzC,CAAA;IACH,CAAC;AACH,CAAC","sourcesContent":["import {\n OAuthClientIdDiscoverable,\n parseOAuthDiscoverableClientId,\n} from '@atproto/oauth-types'\nimport { isLocalHostname } from '@atproto-labs/fetch-node'\nimport { InvalidClientIdError } from '../errors/invalid-client-id-error.js'\nimport { InvalidRedirectUriError } from '../errors/invalid-redirect-uri-error.js'\n\nexport function parseRedirectUri(redirectUri: string): URL {\n try {\n return new URL(redirectUri)\n } catch (err) {\n throw InvalidRedirectUriError.from(err)\n }\n}\n\nexport function parseDiscoverableClientId(\n clientId: OAuthClientIdDiscoverable,\n): URL {\n try {\n const url = parseOAuthDiscoverableClientId(clientId)\n\n // Extra validation, prevent usage of invalid internet domain names.\n if (isLocalHostname(url.hostname)) {\n throw new InvalidClientIdError(\n \"The client_id's TLD must not be a local hostname\",\n )\n }\n\n return url\n } catch (err) {\n throw InvalidClientIdError.from(\n err,\n 'Invalid discoverable client identifier',\n )\n }\n}\n"]}
package/dist/client/client.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client/client.ts"],"names":[],"mappings":";;;AAiYA,8CAQC;AAzYD,+BAgBa;AAEb,sDAM6B;AAC7B,kDAAuE;AACvE,6EAAqE;AACrE,6GAAmG;AACnG,+EAAsE;AACtE,iGAAuF;AACvF,iFAAwE;AACxE,6EAAoE;AACpE,iDAA6C;AAC7C,iEAAgE;AAMhE,MAAM,EAAE,SAAS,EAAE,GAAG,aAAM,CAAA;AAE5B,MAAa,MAAM;IAWC;IACA;IACA;IACA;IAblB;;OAEG;IACH,MAAM,CAAU,sBAAsB,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAU,CAAA;IAE5D,SAAS,CAEU;IAEpC,YACkB,EAAY,EACZ,QAA6B,EAC7B,OAAyB,QAAQ,CAAC,IAAI,EACtC,IAAgB;QAHhB,OAAE,GAAF,EAAE,CAAU;QACZ,aAAQ,GAAR,QAAQ,CAAqB;QAC7B,SAAI,GAAJ,IAAI,CAAkC;QACtC,SAAI,GAAJ,IAAI,CAAY;QAEhC,2EAA2E;QAC3E,IAAI,CAAC,SAAS;YACZ,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBACxB,CAAC,CAAC,IAAA,wBAAiB,EAAC,IAAI,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;gBACzC,CAAC,CAAC,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAC9B,GAA4B,EAC5B,QAAgB;QAEhB,oEAAoE;QACpE,0EAA0E;QAC1E,0EAA0E;QAC1E,yEAAyE;QACzE,wEAAwE;QACxE,mCAAmC;QACnC,IAAI,CAAC;YACH,yEAAyE;YACzE,6CAA6C;YAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,0BAA0B,KAAK,MAAM,EAAE,CAAC;gBACxD,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE;oBACxC,QAAQ;oBACR,WAAW,EAAE,0BAAW,GAAG,GAAG;oBAC9B,oBAAoB,EAAE,IAAI;oBAC1B,kBAAkB,EAAE,IAAI;iBACzB,CAAC,CAAA;YACJ,CAAC;YAED,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;gBAC/B,QAAQ;gBACR,WAAW,EAAE,0BAAW,GAAG,GAAG;gBAC9B,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,0BAA0B;oBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAC;oBAC5C,CAAC,CAAC,8EAA8E;wBAC9E,EAAE;wBACF,uEAAuE;wBACvE,4BAA4B;wBAC5B,SAAS;aACd,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,SAAS;gBACtB,CAAC,CAAC,6BAA6B,GAAG,CAAC,OAAO,EAAE;gBAC5C,CAAC,CAAC,0BAA0B,CAAA;YAEhC,MAAM,IAAI,8CAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;IAES,KAAK,CAAC,kBAAkB,CAChC,KAAa,EACb,EACE,QAAQ,EACR,oBAAoB,GAAG,KAAK,EAC5B,kBAAkB,GAAG,KAAK,EAC1B,GAAG,OAAO,KAIR,EAAE;QAEN,wEAAwE;QACxE,yEAAyE;QACzE,WAAW;QAEX,MAAM,MAAM,GAAG,mBAAY,CAAC,MAAM,CAAc,KAAK,EAAE,OAAO,CAAC,CAAA;QAE/D,IAAI,CAAC,kBAAkB,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YACtD,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;gBACnC,MAAM,IAAI,SAAS,CAAC,wBAAwB,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAA;YACpE,CAAC;QACH,CAAC;QAED,IAAI,CAAC,oBAAoB,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YACxD,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,UAAU,GAAG,IAAA,iBAAO,EAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAC9C,IAAI,CAAC,IAAA,iBAAO,EAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;oBAC/D,MAAM,IAAI,SAAS,CAAC,wBAAwB,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAA;gBACpE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAES,KAAK,CAAC,SAAS,CACvB,KAAa,EACb,OAA0C;QAE1C,OAAO,IAAA,gBAAS,EAAc,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;YACnD,GAAG,OAAO;YACV,MAAM,EAAE,IAAI,CAAC,EAAE;SAChB,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,YAAY,CACvB,KAA6B,EAC7B,MAEC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAA;QAEvD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;QAC3B,CAAC;QAED,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;YACjC,IAAI,CAAC,CAAC,kBAAkB,IAAI,KAAK,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,8CAAmB,CAC3B,iCAAiC,MAAM,iCAAiC,CACzE,CAAA;YACH,CAAC;YAED,IAAI,KAAK,CAAC,qBAAqB,KAAK,8CAAgC,EAAE,CAAC;gBACrE,wDAAwD;gBAExD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAGhC,KAAK,CAAC,gBAAgB,EAAE;oBACzB,oEAAoE;oBACpE,6DAA6D;oBAC7D,EAAE;oBACF,iDAAiD;oBAEjD,oEAAoE;oBACpE,sEAAsE;oBACtE,oEAAoE;oBACpE,oDAAoD;oBACpD,OAAO,EAAE,IAAI,CAAC,EAAE;oBAEhB,mEAAmE;oBACnE,qEAAqE;oBACrE,oEAAoE;oBACpE,mEAAmE;oBACnE,gEAAgE;oBAChE,QAAQ,EAAE,MAAM,CAAC,6BAA6B;oBAE9C,cAAc,EAAE;wBACd,kEAAkE;wBAClE,gEAAgE;wBAChE,EAAE;wBACF,gEAAgE;wBAChE,mEAAmE;wBACnE,wDAAwD;wBACxD,mEAAmE;wBACnE,+CAA+C;wBAE/C,SAAS;wBAET,kEAAkE;wBAClE,iEAAiE;wBACjE,oEAAoE;wBACpE,iEAAiE;wBACjE,mEAAmE;wBACnE,gBAAgB;wBAChB,KAAK;qBACN;oBAED,4DAA4D;oBAC5D,8DAA8D;oBAC9D,gCAAgC;oBAChC,EAAE;oBACF,mCAAmC;oBAEnC,sEAAsE;oBACtE,4DAA4D;oBAC5D,sEAAsE;oBACtE,6CAA6C;oBAC7C,WAAW,EAAE,uCAAwB,GAAG,IAAI;iBAC7C,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACf,MAAM,GAAG,GACP,GAAG,YAAY,SAAS;wBACtB,CAAC,CAAC,4CAA4C,GAAG,CAAC,OAAO,EAAE;wBAC3D,CAAC,CAAC,yCAAyC,CAAA;oBAE/C,MAAM,IAAI,4CAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBACxC,CAAC,CAAC,CAAA;gBAEF,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC;oBAChC,MAAM,IAAI,4CAAkB,CAAC,oCAAoC,CAAC,CAAA;gBACpE,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,iBAAiB;oBACzB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG;oBACvB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG;oBACvB,GAAG,EAAE,MAAM,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC;oBACxC,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;oBAC/B,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;iBAChC,CAAA;YACH,CAAC;YAED,MAAM,IAAI,4CAAkB,CAC1B,sCAAsC,KAAK,CAAC,qBAAqB,GAAG,CACrE,CAAA;QACH,CAAC;QAED,wEAAwE;QACxE,4CAA4C;QAC5C,IAAI,MAAM,CAAC,sBAAsB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,+CAA+C;gBAC7C,MAAM,CAAC,sBAAsB;aAC9B,EAAE,CACJ,CAAA;QACH,CAAC;QAED,MAAM,IAAI,6DAA0B,CAClC,2CAA2C,MAAM,GAAG,CACrD,CAAA;IACH,CAAC;IAED;;OAEG;IACI,eAAe,CACpB,UAAyD;QAEzD,IAAI,UAAU,CAAC,SAAS,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,0FAA0F,CAC3F,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACnC,qEAAqE;YACrE,YAAY;YACZ,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;YAEtD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,+CAA+C,CAChD,CAAA;YACH,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,UAAU,KAAK,0CAA0C,CAC1D,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,0BAA0B,UAAU,CAAC,aAAa,2BAA2B,CAC9E,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9D,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,uEAAuE,CACxE,CAAA;YACH,CAAC;QACH,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,GAAG,UAAU,CAAA;QACnC,IAAI,YAAY,EAAE,CAAC;YACjB,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACxC,IAAA,oCAAkB,EAAC,GAAG,EAAE,YAAY,CAAC,CACtC,EACD,CAAC;gBACD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,wBAAwB,YAAY,EAAE,CACvC,CAAA;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,kBAAkB,EAAE,GAAG,IAAI,CAAA;YACnC,IAAI,kBAAkB,EAAE,CAAC;gBACvB,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAA;YAClE,CAAC;iBAAM,CAAC;gBACN,uFAAuF;gBACvF,EAAE;gBACF,wEAAwE;gBACxE,4EAA4E;gBAC5E,YAAY;gBACZ,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;YACrC,MAAM,EAAE,2BAA2B,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAA;YACrD,IAAI,CAAC,2BAA2B,EAAE,CAAC;gBACjC,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,8DAA8D,CAC/D,CAAA;YACH,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACtD,IAAI,CAAC,2BAA2B,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,yEAAyE,MAAM,CAAC,IAAI,GAAG,CACxF,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,IAAI,kBAAkB;QACpB,MAAM,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAA;QACvC,OAAO,aAAa,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAClE,CAAC;;AArVH,wBAsVC;AAEM,KAAK,UAAU,iBAAiB,CACrC,GAAyB;IAEzB,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,6BAAsB,EAAC,MAAM,IAAA,gBAAS,EAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAA;IACrE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,4CAAkB,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAA;IACvE,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client/client.ts"],"names":[],"mappings":";;;AAiYA,8CAQC;AAzYD,+BAgBa;AAEb,sDAM6B;AAC7B,kDAAuE;AACvE,6EAAqE;AACrE,6GAAmG;AACnG,+EAAsE;AACtE,iGAAuF;AACvF,iFAAwE;AACxE,6EAAoE;AACpE,iDAA6C;AAC7C,iEAAgE;AAMhE,MAAM,EAAE,SAAS,EAAE,GAAG,aAAM,CAAA;AAE5B,MAAa,MAAM;IAWC;IACA;IACA;IACA;IAblB;;OAEG;IACH,MAAM,CAAU,sBAAsB,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAU,CAAA;IAE5D,SAAS,CAEU;IAEpC,YACkB,EAAY,EACZ,QAA6B,EAC7B,OAAyB,QAAQ,CAAC,IAAI,EACtC,IAAgB;QAHhB,OAAE,GAAF,EAAE,CAAU;QACZ,aAAQ,GAAR,QAAQ,CAAqB;QAC7B,SAAI,GAAJ,IAAI,CAAkC;QACtC,SAAI,GAAJ,IAAI,CAAY;QAEhC,2EAA2E;QAC3E,IAAI,CAAC,SAAS;YACZ,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBACxB,CAAC,CAAC,IAAA,wBAAiB,EAAC,IAAI,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;gBACzC,CAAC,CAAC,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAC9B,GAA4B,EAC5B,QAAgB;QAEhB,oEAAoE;QACpE,0EAA0E;QAC1E,0EAA0E;QAC1E,yEAAyE;QACzE,wEAAwE;QACxE,mCAAmC;QACnC,IAAI,CAAC;YACH,yEAAyE;YACzE,6CAA6C;YAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,0BAA0B,KAAK,MAAM,EAAE,CAAC;gBACxD,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE;oBACxC,QAAQ;oBACR,WAAW,EAAE,0BAAW,GAAG,GAAG;oBAC9B,oBAAoB,EAAE,IAAI;oBAC1B,kBAAkB,EAAE,IAAI;iBACzB,CAAC,CAAA;YACJ,CAAC;YAED,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;gBAC/B,QAAQ;gBACR,WAAW,EAAE,0BAAW,GAAG,GAAG;gBAC9B,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,0BAA0B;oBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAC;oBAC5C,CAAC,CAAC,8EAA8E;wBAC9E,EAAE;wBACF,uEAAuE;wBACvE,4BAA4B;wBAC5B,SAAS;aACd,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,SAAS;gBACtB,CAAC,CAAC,6BAA6B,GAAG,CAAC,OAAO,EAAE;gBAC5C,CAAC,CAAC,0BAA0B,CAAA;YAEhC,MAAM,IAAI,8CAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;IAES,KAAK,CAAC,kBAAkB,CAChC,KAAa,EACb,EACE,QAAQ,EACR,oBAAoB,GAAG,KAAK,EAC5B,kBAAkB,GAAG,KAAK,EAC1B,GAAG,OAAO,KAIR,EAAE;QAEN,wEAAwE;QACxE,yEAAyE;QACzE,WAAW;QAEX,MAAM,MAAM,GAAG,mBAAY,CAAC,MAAM,CAAc,KAAK,EAAE,OAAO,CAAC,CAAA;QAE/D,IAAI,CAAC,kBAAkB,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YACtD,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;gBACnC,MAAM,IAAI,SAAS,CAAC,wBAAwB,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAA;YACpE,CAAC;QACH,CAAC;QAED,IAAI,CAAC,oBAAoB,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YACxD,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,UAAU,GAAG,IAAA,iBAAO,EAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAC9C,IAAI,CAAC,IAAA,iBAAO,EAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;oBAC/D,MAAM,IAAI,SAAS,CAAC,wBAAwB,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAA;gBACpE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAES,KAAK,CAAC,SAAS,CACvB,KAAa,EACb,OAA0C;QAE1C,OAAO,IAAA,gBAAS,EAAc,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;YACnD,GAAG,OAAO;YACV,MAAM,EAAE,IAAI,CAAC,EAAE;SAChB,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,YAAY,CACvB,KAA6B,EAC7B,MAEC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAA;QAEvD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;QAC3B,CAAC;QAED,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;YACjC,IAAI,CAAC,CAAC,kBAAkB,IAAI,KAAK,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,8CAAmB,CAC3B,iCAAiC,MAAM,iCAAiC,CACzE,CAAA;YACH,CAAC;YAED,IAAI,KAAK,CAAC,qBAAqB,KAAK,8CAAgC,EAAE,CAAC;gBACrE,wDAAwD;gBAExD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAGhC,KAAK,CAAC,gBAAgB,EAAE;oBACzB,oEAAoE;oBACpE,6DAA6D;oBAC7D,EAAE;oBACF,iDAAiD;oBAEjD,oEAAoE;oBACpE,sEAAsE;oBACtE,oEAAoE;oBACpE,oDAAoD;oBACpD,OAAO,EAAE,IAAI,CAAC,EAAE;oBAEhB,mEAAmE;oBACnE,qEAAqE;oBACrE,oEAAoE;oBACpE,mEAAmE;oBACnE,gEAAgE;oBAChE,QAAQ,EAAE,MAAM,CAAC,6BAA6B;oBAE9C,cAAc,EAAE;wBACd,kEAAkE;wBAClE,gEAAgE;wBAChE,EAAE;wBACF,gEAAgE;wBAChE,mEAAmE;wBACnE,wDAAwD;wBACxD,mEAAmE;wBACnE,+CAA+C;wBAE/C,SAAS;wBAET,kEAAkE;wBAClE,iEAAiE;wBACjE,oEAAoE;wBACpE,iEAAiE;wBACjE,mEAAmE;wBACnE,gBAAgB;wBAChB,KAAK;qBACN;oBAED,4DAA4D;oBAC5D,8DAA8D;oBAC9D,gCAAgC;oBAChC,EAAE;oBACF,mCAAmC;oBAEnC,sEAAsE;oBACtE,4DAA4D;oBAC5D,sEAAsE;oBACtE,6CAA6C;oBAC7C,WAAW,EAAE,uCAAwB,GAAG,IAAI;iBAC7C,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACf,MAAM,GAAG,GACP,GAAG,YAAY,SAAS;wBACtB,CAAC,CAAC,4CAA4C,GAAG,CAAC,OAAO,EAAE;wBAC3D,CAAC,CAAC,yCAAyC,CAAA;oBAE/C,MAAM,IAAI,4CAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBACxC,CAAC,CAAC,CAAA;gBAEF,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC;oBAChC,MAAM,IAAI,4CAAkB,CAAC,oCAAoC,CAAC,CAAA;gBACpE,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,iBAAiB;oBACzB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG;oBACvB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG;oBACvB,GAAG,EAAE,MAAM,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC;oBACxC,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;oBAC/B,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;iBAChC,CAAA;YACH,CAAC;YAED,MAAM,IAAI,4CAAkB,CAC1B,sCAAsC,KAAK,CAAC,qBAAqB,GAAG,CACrE,CAAA;QACH,CAAC;QAED,wEAAwE;QACxE,4CAA4C;QAC5C,IAAI,MAAM,CAAC,sBAAsB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,+CAA+C;gBAC7C,MAAM,CAAC,sBAAsB;aAC9B,EAAE,CACJ,CAAA;QACH,CAAC;QAED,MAAM,IAAI,6DAA0B,CAClC,2CAA2C,MAAM,GAAG,CACrD,CAAA;IACH,CAAC;IAED;;OAEG;IACI,eAAe,CACpB,UAAyD;QAEzD,IAAI,UAAU,CAAC,SAAS,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,0FAA0F,CAC3F,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACnC,qEAAqE;YACrE,YAAY;YACZ,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;YAEtD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,+CAA+C,CAChD,CAAA;YACH,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,UAAU,KAAK,0CAA0C,CAC1D,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,0BAA0B,UAAU,CAAC,aAAa,2BAA2B,CAC9E,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9D,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,uEAAuE,CACxE,CAAA;YACH,CAAC;QACH,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,GAAG,UAAU,CAAA;QACnC,IAAI,YAAY,EAAE,CAAC;YACjB,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACxC,IAAA,oCAAkB,EAAC,GAAG,EAAE,YAAY,CAAC,CACtC,EACD,CAAC;gBACD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,wBAAwB,YAAY,EAAE,CACvC,CAAA;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,kBAAkB,EAAE,GAAG,IAAI,CAAA;YACnC,IAAI,kBAAkB,EAAE,CAAC;gBACvB,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAA;YAClE,CAAC;iBAAM,CAAC;gBACN,uFAAuF;gBACvF,EAAE;gBACF,wEAAwE;gBACxE,4EAA4E;gBAC5E,YAAY;gBACZ,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;YACrC,MAAM,EAAE,2BAA2B,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAA;YACrD,IAAI,CAAC,2BAA2B,EAAE,CAAC;gBACjC,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,8DAA8D,CAC/D,CAAA;YACH,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACtD,IAAI,CAAC,2BAA2B,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,yEAAyE,MAAM,CAAC,IAAI,GAAG,CACxF,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,IAAI,kBAAkB;QACpB,MAAM,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAA;QACvC,OAAO,aAAa,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAClE,CAAC;;AArVH,wBAsVC;AAEM,KAAK,UAAU,iBAAiB,CACrC,GAAyB;IAEzB,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,6BAAsB,EAAC,MAAM,IAAA,gBAAS,EAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAA;IACrE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,4CAAkB,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAA;IACvE,CAAC;AACH,CAAC","sourcesContent":["import {\n JWTClaimVerificationOptions,\n type JWTHeaderParameters,\n type JWTPayload,\n type JWTVerifyOptions,\n type JWTVerifyResult,\n type KeyLike,\n type ResolvedKey,\n UnsecuredJWT,\n type UnsecuredResult,\n calculateJwkThumbprint,\n createLocalJWKSet,\n createRemoteJWKSet,\n errors,\n exportJWK,\n jwtVerify,\n} from 'jose'\nimport { Jwks, SignedJwt, UnsignedJwt } from '@atproto/jwk'\nimport {\n CLIENT_ASSERTION_TYPE_JWT_BEARER,\n OAuthAuthorizationRequestParameters,\n OAuthClientCredentials,\n OAuthClientMetadata,\n OAuthRedirectUri,\n} from '@atproto/oauth-types'\nimport { CLIENT_ASSERTION_MAX_AGE, JAR_MAX_AGE } from '../constants.js'\nimport { AuthorizationError } from '../errors/authorization-error.js'\nimport { InvalidAuthorizationDetailsError } from '../errors/invalid-authorization-details-error.js'\nimport { InvalidClientError } from '../errors/invalid-client-error.js'\nimport { InvalidClientMetadataError } from '../errors/invalid-client-metadata-error.js'\nimport { InvalidRequestError } from '../errors/invalid-request-error.js'\nimport { InvalidScopeError } from '../errors/invalid-scope-error.js'\nimport { asArray } from '../lib/util/cast.js'\nimport { compareRedirectUri } from '../lib/util/redirect-uri.js'\nimport { Awaitable } from '../lib/util/type.js'\nimport { ClientAuth } from './client-auth.js'\nimport { ClientId } from './client-id.js'\nimport { ClientInfo } from './client-info.js'\n\nconst { JOSEError } = errors\n\nexport class Client {\n /**\n * @see {@link https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method}\n */\n static readonly AUTH_METHODS_SUPPORTED = ['none', 'private_key_jwt'] as const\n\n private readonly keyGetter: (\n protectedHeader: JWTHeaderParameters,\n ) => Awaitable<KeyLike | Uint8Array>\n\n constructor(\n public readonly id: ClientId,\n public readonly metadata: OAuthClientMetadata,\n public readonly jwks: undefined | Jwks = metadata.jwks,\n public readonly info: ClientInfo,\n ) {\n // If the remote JWKS content is provided, we don't need to fetch it again.\n this.keyGetter =\n jwks || !metadata.jwks_uri\n ? createLocalJWKSet(jwks || { keys: [] })\n : createRemoteJWKSet(new URL(metadata.jwks_uri), {})\n }\n\n /**\n * @see {@link https://www.rfc-editor.org/rfc/rfc9101.html#name-request-object-2}\n */\n public async decodeRequestObject(\n jar: SignedJwt | UnsignedJwt,\n audience: string,\n ) {\n // https://www.rfc-editor.org/rfc/rfc9101.html#name-request-object-2\n // > If signed, the Authorization Request Object SHOULD contain the Claims\n // > iss (issuer) and aud (audience) as members with their semantics being\n // > the same as defined in the JWT [RFC7519] specification. The value of\n // > aud should be the value of the authorization server (AS) issuer, as\n // > defined in RFC 8414 [RFC8414].\n try {\n // We need to special case the \"none\" algorithm, as the validation method\n // is different for signed and unsigned JWTs.\n if (this.metadata.request_object_signing_alg === 'none') {\n return await this.jwtVerifyUnsecured(jar, {\n audience,\n maxTokenAge: JAR_MAX_AGE / 1e3,\n allowMissingAudience: true,\n allowMissingIssuer: true,\n })\n }\n\n return await this.jwtVerify(jar, {\n audience,\n maxTokenAge: JAR_MAX_AGE / 1e3,\n algorithms: this.metadata.request_object_signing_alg\n ? [this.metadata.request_object_signing_alg]\n : // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2\n //\n // > The default, if omitted, is that any algorithm supported by the OP\n // > and the RP MAY be used.\n undefined,\n })\n } catch (err) {\n const message =\n err instanceof JOSEError\n ? `Invalid \"request\" object: ${err.message}`\n : `Invalid \"request\" object`\n\n throw new InvalidRequestError(message, err)\n }\n }\n\n protected async jwtVerifyUnsecured<PayloadType = JWTPayload>(\n token: string,\n {\n audience,\n allowMissingAudience = false,\n allowMissingIssuer = false,\n ...options\n }: Omit<JWTClaimVerificationOptions, 'issuer'> & {\n allowMissingIssuer?: boolean\n allowMissingAudience?: boolean\n } = {},\n ): Promise<UnsecuredResult<PayloadType>> {\n // jose does not support `allowMissingAudience` and `allowMissingIssuer`\n // options, so we need to handle audience and issuer checks manually (see\n // bellow).\n\n const result = UnsecuredJWT.decode<PayloadType>(token, options)\n\n if (!allowMissingIssuer || result.payload.iss != null) {\n if (result.payload.iss !== this.id) {\n throw new JOSEError(`Invalid \"iss\" claim \"${result.payload.iss}\"`)\n }\n }\n\n if (!allowMissingAudience || result.payload.aud != null) {\n if (audience != null) {\n const payloadAud = asArray(result.payload.aud)\n if (!asArray(audience).some((aud) => payloadAud.includes(aud))) {\n throw new JOSEError(`Invalid \"aud\" claim \"${result.payload.aud}\"`)\n }\n }\n }\n\n return result\n }\n\n protected async jwtVerify<PayloadType = JWTPayload>(\n token: string,\n options?: Omit<JWTVerifyOptions, 'issuer'>,\n ): Promise<JWTVerifyResult<PayloadType> & ResolvedKey<KeyLike>> {\n return jwtVerify<PayloadType>(token, this.keyGetter, {\n ...options,\n issuer: this.id,\n })\n }\n\n /**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}\n * @see {@link https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method}\n */\n public async authenticate(\n input: OAuthClientCredentials,\n checks: {\n authorizationServerIdentifier: string\n },\n ): Promise<ClientAuth> {\n const method = this.metadata.token_endpoint_auth_method\n\n if (method === 'none') {\n return { method: 'none' }\n }\n\n if (method === 'private_key_jwt') {\n if (!('client_assertion' in input)) {\n throw new InvalidRequestError(\n `client authentication method \"${method}\" required a \"client_assertion\"`,\n )\n }\n\n if (input.client_assertion_type === CLIENT_ASSERTION_TYPE_JWT_BEARER) {\n // https://www.rfc-editor.org/rfc/rfc7523.html#section-3\n\n const result = await this.jwtVerify<{\n jti: string\n exp?: number\n }>(input.client_assertion, {\n // > 1. The JWT MUST contain an \"iss\" (issuer) claim that contains a\n // > unique identifier for the entity that issued the JWT.\n //\n // The \"issuer\" is already checked by jwtVerify()\n\n // > 2. The JWT MUST contain a \"sub\" (subject) claim identifying the\n // > principal that is the subject of the JWT. Two cases need to be\n // > differentiated: [...] For client authentication, the subject\n // > MUST be the \"client_id\" of the OAuth client.\n subject: this.id,\n\n // > 3. The JWT MUST contain an \"aud\" (audience) claim containing a\n // > value that identifies the authorization server as an intended\n // > audience. The token endpoint URL of the authorization server\n // > MAY be used as a value for an \"aud\" element to identify the\n // > authorization server as an intended audience of the JWT.\n audience: checks.authorizationServerIdentifier,\n\n requiredClaims: [\n // > 4. The JWT MUST contain an \"exp\" (expiration time) claim that\n // > limits the time window during which the JWT can be used.\n //\n // @TODO The presence of \"exp\" didn't use to be enforced by this\n // implementation (or provided by the oauth-client). This is mostly\n // fine because \"iat\" *is* required, but this makes this\n // implementation non compliant with RFC7523. We can't just make it\n // required as it might break existing clients.\n\n // 'exp',\n\n // > 7. The JWT MAY contain a \"jti\" (JWT ID) claim that provides a\n // > unique identifier for the token. The authorization server\n // > MAY ensure that JWTs are not replayed by maintaining the set\n // > of used \"jti\" values for the length of time for which the\n // > JWT would be considered valid based on the applicable \"exp\"\n // > instant.\n 'jti',\n ],\n\n // > 5. The JWT MAY contain an \"nbf\" (not before) claim that\n // > identifies the time before which the token MUST NOT be\n // > accepted for processing.\n //\n // This is already enforced by jose\n\n // > 6. The JWT MAY contain an \"iat\" (issued at) claim that identifies\n // > the time at which the JWT was issued. Note that the\n // > authorization server may reject JWTs with an \"iat\" claim value\n // > that is unreasonably far in the past.\n maxTokenAge: CLIENT_ASSERTION_MAX_AGE / 1000,\n }).catch((err) => {\n const msg =\n err instanceof JOSEError\n ? `Validation of \"client_assertion\" failed: ${err.message}`\n : `Unable to verify \"client_assertion\" JWT`\n\n throw new InvalidClientError(msg, err)\n })\n\n if (!result.protectedHeader.kid) {\n throw new InvalidClientError(`\"kid\" required in client_assertion`)\n }\n\n return {\n method: 'private_key_jwt',\n jti: result.payload.jti,\n exp: result.payload.exp,\n jkt: await authJwkThumbprint(result.key),\n alg: result.protectedHeader.alg,\n kid: result.protectedHeader.kid,\n }\n }\n\n throw new InvalidClientError(\n `Unsupported client_assertion_type \"${input.client_assertion_type}\"`,\n )\n }\n\n // @ts-expect-error Ensure to keep Client.AUTH_METHODS_SUPPORTED in sync\n // with the implementation of this function.\n if (Client.AUTH_METHODS_SUPPORTED.includes(method)) {\n throw new Error(\n `verifyCredentials() should implement all of ${[\n Client.AUTH_METHODS_SUPPORTED,\n ]}`,\n )\n }\n\n throw new InvalidClientMetadataError(\n `Unsupported token_endpoint_auth_method \"${method}\"`,\n )\n }\n\n /**\n * Validates the request parameters against the client metadata.\n */\n public validateRequest(\n parameters: Readonly<OAuthAuthorizationRequestParameters>,\n ): Readonly<OAuthAuthorizationRequestParameters> {\n if (parameters.client_id !== this.id) {\n throw new AuthorizationError(\n parameters,\n 'The \"client_id\" parameter field does not match the value used to authenticate the client',\n )\n }\n\n if (parameters.scope !== undefined) {\n // Any scope requested by the client must be registered in the client\n // metadata.\n const declaredScopes = this.metadata.scope?.split(' ')\n\n if (!declaredScopes) {\n throw new InvalidScopeError(\n parameters,\n 'Client has no declared scopes in its metadata',\n )\n }\n\n for (const scope of parameters.scope.split(' ')) {\n if (!declaredScopes.includes(scope)) {\n throw new InvalidScopeError(\n parameters,\n `Scope \"${scope}\" is not declared in the client metadata`,\n )\n }\n }\n }\n\n if (!this.metadata.response_types.includes(parameters.response_type)) {\n throw new AuthorizationError(\n parameters,\n `Invalid response_type \"${parameters.response_type}\" requested by the client`,\n )\n }\n\n if (parameters.response_type.includes('code')) {\n if (!this.metadata.grant_types.includes('authorization_code')) {\n throw new AuthorizationError(\n parameters,\n `This client is not allowed to use the \"authorization_code\" grant type`,\n )\n }\n }\n\n const { redirect_uri } = parameters\n if (redirect_uri) {\n if (\n !this.metadata.redirect_uris.some((uri) =>\n compareRedirectUri(uri, redirect_uri),\n )\n ) {\n throw new AuthorizationError(\n parameters,\n `Invalid redirect_uri ${redirect_uri}`,\n )\n }\n } else {\n const { defaultRedirectUri } = this\n if (defaultRedirectUri) {\n parameters = { ...parameters, redirect_uri: defaultRedirectUri }\n } else {\n // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#authorization-request\n //\n // > \"redirect_uri\": OPTIONAL if only one redirect URI is registered for\n // > this client. REQUIRED if multiple redirect URIs are registered for this\n // > client.\n throw new AuthorizationError(parameters, 'redirect_uri is required')\n }\n }\n\n if (parameters.authorization_details) {\n const { authorization_details_types } = this.metadata\n if (!authorization_details_types) {\n throw new InvalidAuthorizationDetailsError(\n parameters,\n 'Client Metadata does not declare any \"authorization_details\"',\n )\n }\n\n for (const detail of parameters.authorization_details) {\n if (!authorization_details_types?.includes(detail.type)) {\n throw new InvalidAuthorizationDetailsError(\n parameters,\n `Client Metadata does not declare any \"authorization_details\" of type \"${detail.type}\"`,\n )\n }\n }\n }\n\n return parameters\n }\n\n get defaultRedirectUri(): OAuthRedirectUri | undefined {\n const { redirect_uris } = this.metadata\n return redirect_uris.length === 1 ? redirect_uris[0] : undefined\n }\n}\n\nexport async function authJwkThumbprint(\n key: Uint8Array | KeyLike,\n): Promise<string> {\n try {\n return await calculateJwkThumbprint(await exportJWK(key), 'sha512')\n } catch (err) {\n throw new InvalidClientError('Unable to compute JWK thumbprint', err)\n }\n}\n"]}
package/dist/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA,sDAAsD;;;AAEzC,QAAA,gBAAgB,GAAG,MAAM,CAAA;AACzB,QAAA,sBAAsB,GAAG,EAAE,CAAA,CAAC,WAAW;AAEvC,QAAA,iBAAiB,GAAG,MAAM,CAAA;AAC1B,QAAA,uBAAuB,GAAG,EAAE,CAAA,CAAC,8CAA8C;AAE3E,QAAA,oBAAoB,GAAG,MAAM,CAAA;AAC7B,QAAA,0BAA0B,GAAG,EAAE,CAAA,CAAC,WAAW;AAE3C,QAAA,eAAe,GAAG,MAAM,CAAA;AACxB,QAAA,qBAAqB,GAAG,EAAE,CAAA,CAAC,sDAAsD;AAEjF,QAAA,iBAAiB,GAAG,MAAM,CAAA;AAC1B,QAAA,uBAAuB,GAAG,EAAE,CAAA,CAAC,WAAW;AAExC,QAAA,WAAW,GAAG,MAAM,CAAA;AACpB,QAAA,iBAAiB,GAAG,EAAE,CAAA;AAEnC,MAAM,MAAM,GAAG,GAAG,CAAA;AAClB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,CAAA;AAC1B,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,CAAA;AACxB,MAAM,GAAG,GAAG,EAAE,GAAG,IAAI,CAAA;AACrB,MAAM,IAAI,GAAG,CAAC,GAAG,GAAG,CAAA;AACpB,MAAM,IAAI,GAAG,MAAM,GAAG,GAAG,CAAA;AACzB,MAAM,KAAK,GAAG,IAAI,GAAG,EAAE,CAAA;AAEvB,aAAa;AACA,QAAA,sBAAsB,GAAG,CAAC,GAAG,GAAG,CAAA;AAE7C,iBAAiB;AACJ,QAAA,yBAAyB,GAAG,EAAE,GAAG,MAAM,CAAA;AAEpD,iBAAiB;AACJ,QAAA,aAAa,GAAG,EAAE,GAAG,MAAM,CAAA;AAExC,gBAAgB;AACH,QAAA,gCAAgC,GAAG,CAAC,GAAG,MAAM,CAAA;AAE1D,aAAa;AACA,QAAA,8BAA8B,GAAG,CAAC,GAAG,IAAI,CAAA;AAEtD,kDAAkD;AACrC,QAAA,8BAA8B,GAAG,sCAA8B,CAAA;AAE5E,cAAc;AACD,QAAA,oCAAoC,GAAG,CAAC,GAAG,IAAI,CAAA;AAE5D,eAAe;AACF,QAAA,oCAAoC,GAAG,CAAC,GAAG,KAAK,CAAA;AAE7D,gBAAgB;AACH,QAAA,cAAc,GAAG,CAAC,GAAG,MAAM,CAAA;AAExC;;;;;;GAMG;AACU,QAAA,WAAW,GAAG,EAAE,GAAG,MAAM,CAAA;AAEtC,eAAe;AACF,QAAA,wBAAwB,GAAG,CAAC,GAAG,MAAM,CAAA;AAElD,gBAAgB;AACH,QAAA,kBAAkB,GAAG,CAAC,GAAG,MAAM,CAAA;AAE5C,gBAAgB;AACH,QAAA,wBAAwB,GAAG,CAAC,GAAG,MAAM,CAAA;AAElD,YAAY;AACC,QAAA,+BAA+B,GAAG,CAAC,GAAG,GAAG,CAAA;AAEtD,gBAAgB;AACH,QAAA,yBAAyB,GAAG,CAAC,GAAG,MAAM,CAAA;AAEtC,QAAA,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,YAAY,CAAA"}
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA,sDAAsD;;;AAEzC,QAAA,gBAAgB,GAAG,MAAM,CAAA;AACzB,QAAA,sBAAsB,GAAG,EAAE,CAAA,CAAC,WAAW;AAEvC,QAAA,iBAAiB,GAAG,MAAM,CAAA;AAC1B,QAAA,uBAAuB,GAAG,EAAE,CAAA,CAAC,8CAA8C;AAE3E,QAAA,oBAAoB,GAAG,MAAM,CAAA;AAC7B,QAAA,0BAA0B,GAAG,EAAE,CAAA,CAAC,WAAW;AAE3C,QAAA,eAAe,GAAG,MAAM,CAAA;AACxB,QAAA,qBAAqB,GAAG,EAAE,CAAA,CAAC,sDAAsD;AAEjF,QAAA,iBAAiB,GAAG,MAAM,CAAA;AAC1B,QAAA,uBAAuB,GAAG,EAAE,CAAA,CAAC,WAAW;AAExC,QAAA,WAAW,GAAG,MAAM,CAAA;AACpB,QAAA,iBAAiB,GAAG,EAAE,CAAA;AAEnC,MAAM,MAAM,GAAG,GAAG,CAAA;AAClB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,CAAA;AAC1B,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,CAAA;AACxB,MAAM,GAAG,GAAG,EAAE,GAAG,IAAI,CAAA;AACrB,MAAM,IAAI,GAAG,CAAC,GAAG,GAAG,CAAA;AACpB,MAAM,IAAI,GAAG,MAAM,GAAG,GAAG,CAAA;AACzB,MAAM,KAAK,GAAG,IAAI,GAAG,EAAE,CAAA;AAEvB,aAAa;AACA,QAAA,sBAAsB,GAAG,CAAC,GAAG,GAAG,CAAA;AAE7C,iBAAiB;AACJ,QAAA,yBAAyB,GAAG,EAAE,GAAG,MAAM,CAAA;AAEpD,iBAAiB;AACJ,QAAA,aAAa,GAAG,EAAE,GAAG,MAAM,CAAA;AAExC,gBAAgB;AACH,QAAA,gCAAgC,GAAG,CAAC,GAAG,MAAM,CAAA;AAE1D,aAAa;AACA,QAAA,8BAA8B,GAAG,CAAC,GAAG,IAAI,CAAA;AAEtD,kDAAkD;AACrC,QAAA,8BAA8B,GAAG,sCAA8B,CAAA;AAE5E,cAAc;AACD,QAAA,oCAAoC,GAAG,CAAC,GAAG,IAAI,CAAA;AAE5D,eAAe;AACF,QAAA,oCAAoC,GAAG,CAAC,GAAG,KAAK,CAAA;AAE7D,gBAAgB;AACH,QAAA,cAAc,GAAG,CAAC,GAAG,MAAM,CAAA;AAExC;;;;;;GAMG;AACU,QAAA,WAAW,GAAG,EAAE,GAAG,MAAM,CAAA;AAEtC,eAAe;AACF,QAAA,wBAAwB,GAAG,CAAC,GAAG,MAAM,CAAA;AAElD,gBAAgB;AACH,QAAA,kBAAkB,GAAG,CAAC,GAAG,MAAM,CAAA;AAE5C,gBAAgB;AACH,QAAA,wBAAwB,GAAG,CAAC,GAAG,MAAM,CAAA;AAElD,YAAY;AACC,QAAA,+BAA+B,GAAG,CAAC,GAAG,GAAG,CAAA;AAEtD,gBAAgB;AACH,QAAA,yBAAyB,GAAG,CAAC,GAAG,MAAM,CAAA;AAEtC,QAAA,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,YAAY,CAAA","sourcesContent":["// The purpose of the prefix is to provide type safety\n\nexport const DEVICE_ID_PREFIX = 'dev-'\nexport const DEVICE_ID_BYTES_LENGTH = 16 // 128 bits\n\nexport const SESSION_ID_PREFIX = 'ses-'\nexport const SESSION_ID_BYTES_LENGTH = 16 // 128 bits - only valid if device id is valid\n\nexport const REFRESH_TOKEN_PREFIX = 'ref-'\nexport const REFRESH_TOKEN_BYTES_LENGTH = 32 // 256 bits\n\nexport const TOKEN_ID_PREFIX = 'tok-'\nexport const TOKEN_ID_BYTES_LENGTH = 16 // 128 bits - used as `jti` in JWTs (cannot be forged)\n\nexport const REQUEST_ID_PREFIX = 'req-'\nexport const REQUEST_ID_BYTES_LENGTH = 16 // 128 bits\n\nexport const CODE_PREFIX = 'cod-'\nexport const CODE_BYTES_LENGTH = 32\n\nconst SECOND = 1e3\nconst MINUTE = 60 * SECOND\nconst HOUR = 60 * MINUTE\nconst DAY = 24 * HOUR\nconst WEEK = 7 * DAY\nconst YEAR = 365.25 * DAY\nconst MONTH = YEAR / 12\n\n/** 7 days */\nexport const AUTHENTICATION_MAX_AGE = 7 * DAY\n\n/** 15 minutes */\nexport const EPHEMERAL_SESSION_MAX_AGE = 15 * MINUTE\n\n/** 60 minutes */\nexport const TOKEN_MAX_AGE = 60 * MINUTE\n\n/** 5 minutes */\nexport const AUTHORIZATION_INACTIVITY_TIMEOUT = 5 * MINUTE\n\n/** 2 week */\nexport const PUBLIC_CLIENT_SESSION_LIFETIME = 2 * WEEK\n\n/** @see {@link PUBLIC_CLIENT_SESSION_LIFETIME} */\nexport const PUBLIC_CLIENT_REFRESH_LIFETIME = PUBLIC_CLIENT_SESSION_LIFETIME\n\n/** 2 years */\nexport const CONFIDENTIAL_CLIENT_SESSION_LIFETIME = 2 * YEAR\n\n/** 3 months */\nexport const CONFIDENTIAL_CLIENT_REFRESH_LIFETIME = 3 * MONTH\n\n/** 5 minutes */\nexport const PAR_EXPIRES_IN = 5 * MINUTE\n\n/**\n * 59 seconds (should be less than a minute)\n *\n * > \"A general guidance for the validity time would be less than a minute.\"\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc9101#section-10.2 | JWT-Secured Authorization Request (JAR) - Section 10.2 (d)}\n */\nexport const JAR_MAX_AGE = 59 * SECOND\n\n/** 1 minute */\nexport const CLIENT_ASSERTION_MAX_AGE = 1 * MINUTE\n\n/** 3 minutes */\nexport const DPOP_NONCE_MAX_AGE = 3 * MINUTE\n\n/** 5 seconds */\nexport const SESSION_FIXATION_MAX_AGE = 5 * SECOND\n\n/** 1 day */\nexport const CODE_CHALLENGE_REPLAY_TIMEFRAME = 1 * DAY\n\n/** 5 minutes */\nexport const LEXICON_REFRESH_FREQUENCY = 5 * MINUTE\n\nexport const NODE_ENV = process.env.NODE_ENV || 'production'\n"]}
package/dist/customization/branding.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"branding.js","sourceRoot":"","sources":["../../src/customization/branding.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,2CAA0C;AAC1C,yCAAwC;AAE3B,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,wBAAY,CAAC,QAAQ,EAAE;IAC/B,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,sBAAW,CAAC,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAA"}
1
+ {"version":3,"file":"branding.js","sourceRoot":"","sources":["../../src/customization/branding.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,2CAA0C;AAC1C,yCAAwC;AAE3B,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,wBAAY,CAAC,QAAQ,EAAE;IAC/B,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,sBAAW,CAAC,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { colorsSchema } from './colors.js'\nimport { linksSchema } from './links.js'\n\nexport const brandingSchema = z.object({\n name: z.string().optional(),\n logo: z.string().url().optional(),\n colors: colorsSchema.optional(),\n links: z.array(linksSchema).optional(),\n})\nexport type BrandingInput = z.input<typeof brandingSchema>\nexport type Branding = z.infer<typeof brandingSchema>\n"]}
package/dist/customization/build-customization-css.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"build-customization-css.js","sourceRoot":"","sources":["../../src/customization/build-customization-css.ts"],"names":[],"mappings":";;AAKA,sDAKC;AAVD,mDAAoE;AAEpE,2CAAyC;AAGzC,SAAgB,qBAAqB,CAAC,EACpC,QAAQ,GACM;IACd,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAA;IACzD,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,WAAW,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAA;AACvD,CAAC;AAED,QAAQ,CAAC,CAAC,sBAAsB,CAAC,QAAmB;IAClD,IAAI,QAAQ,EAAE,MAAM,EAAE,CAAC;QACrB,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAA;QACzE,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;QAEjE,KAAK,MAAM,IAAI,IAAI,uBAAW,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACnC,IAAI,CAAC,KAAK;gBAAE,SAAQ,CAAC,sBAAsB;YAE3C,MAAM,QAAQ,GACZ,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC;gBAClC,IAAA,4BAAiB,EAAC,KAAK,EAAE,aAAa,EAAE,YAAY,CAAC,CAAA;YAEvD,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,IAAI,IAAA,qBAAU,EAAC,KAAK,CAAC,CAAA;YAE9D,MAAM,oBAAoB,IAAI,KAAK,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,GAAG,CAAA;YACnE,MAAM,oBAAoB,IAAI,cAAc,QAAQ,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAA;YACrF,MAAM,oBAAoB,IAAI,SAAS,GAAG,GAAG,CAAA;QAC/C,CAAC;IACH,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"build-customization-css.js","sourceRoot":"","sources":["../../src/customization/build-customization-css.ts"],"names":[],"mappings":";;AAKA,sDAKC;AAVD,mDAAoE;AAEpE,2CAAyC;AAGzC,SAAgB,qBAAqB,CAAC,EACpC,QAAQ,GACM;IACd,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAA;IACzD,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,WAAW,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAA;AACvD,CAAC;AAED,QAAQ,CAAC,CAAC,sBAAsB,CAAC,QAAmB;IAClD,IAAI,QAAQ,EAAE,MAAM,EAAE,CAAC;QACrB,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAA;QACzE,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;QAEjE,KAAK,MAAM,IAAI,IAAI,uBAAW,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACnC,IAAI,CAAC,KAAK;gBAAE,SAAQ,CAAC,sBAAsB;YAE3C,MAAM,QAAQ,GACZ,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC;gBAClC,IAAA,4BAAiB,EAAC,KAAK,EAAE,aAAa,EAAE,YAAY,CAAC,CAAA;YAEvD,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,IAAI,IAAA,qBAAU,EAAC,KAAK,CAAC,CAAA;YAE9D,MAAM,oBAAoB,IAAI,KAAK,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,GAAG,CAAA;YACnE,MAAM,oBAAoB,IAAI,cAAc,QAAQ,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAA;YACrF,MAAM,oBAAoB,IAAI,SAAS,GAAG,GAAG,CAAA;QAC/C,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["import { extractHue, pickContrastColor } from '../lib/util/color.js'\nimport { Branding } from './branding.js'\nimport { COLOR_NAMES } from './colors.js'\nimport { Customization } from './customization.js'\n\nexport function buildCustomizationCss({\n branding,\n}: Customization): undefined | string {\n const vars = Array.from(buildCustomizationVars(branding))\n if (vars.length) return `:root { ${vars.join(' ')} }`\n}\n\nfunction* buildCustomizationVars(branding?: Branding): Generator<string> {\n if (branding?.colors) {\n const contrastLight = branding.colors.light ?? { r: 255, g: 255, b: 255 }\n const contrastDark = branding.colors.dark ?? { r: 0, g: 0, b: 0 }\n\n for (const name of COLOR_NAMES) {\n const value = branding.colors[name]\n if (!value) continue // Skip missing colors\n\n const contrast =\n branding.colors[`${name}Contrast`] ??\n pickContrastColor(value, contrastLight, contrastDark)\n\n const hue = branding.colors[`${name}Hue`] ?? extractHue(value)\n\n yield `--branding-color-${name}: ${value.r} ${value.g} ${value.b};`\n yield `--branding-color-${name}-contrast: ${contrast.r} ${contrast.g} ${contrast.b};`\n yield `--branding-color-${name}-hue: ${hue};`\n }\n }\n}\n"]}
package/dist/customization/build-customization-data.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"build-customization-data.js","sourceRoot":"","sources":["../../src/customization/build-customization-data.ts"],"names":[],"mappings":";;AAGA,wDAkBC;AAlBD,SAAgB,sBAAsB,CAAC,EACrC,QAAQ,EACR,oBAAoB,EACpB,kBAAkB,EAClB,QAAQ,GACM;IACd,4EAA4E;IAC5E,iBAAiB;IACjB,6EAA6E;IAC7E,6DAA6D;IAC7D,OAAO;QACL,oBAAoB;QACpB,kBAAkB;QAClB,eAAe,EAAE,QAAQ,EAAE,OAAO;QAClC,IAAI,EAAE,QAAQ,EAAE,IAAI;QACpB,IAAI,EAAE,QAAQ,EAAE,IAAI;QACpB,KAAK,EAAE,QAAQ,EAAE,KAAK;KACvB,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"build-customization-data.js","sourceRoot":"","sources":["../../src/customization/build-customization-data.ts"],"names":[],"mappings":";;AAGA,wDAkBC;AAlBD,SAAgB,sBAAsB,CAAC,EACrC,QAAQ,EACR,oBAAoB,EACpB,kBAAkB,EAClB,QAAQ,GACM;IACd,4EAA4E;IAC5E,iBAAiB;IACjB,6EAA6E;IAC7E,6DAA6D;IAC7D,OAAO;QACL,oBAAoB;QACpB,kBAAkB;QAClB,eAAe,EAAE,QAAQ,EAAE,OAAO;QAClC,IAAI,EAAE,QAAQ,EAAE,IAAI;QACpB,IAAI,EAAE,QAAQ,EAAE,IAAI;QACpB,KAAK,EAAE,QAAQ,EAAE,KAAK;KACvB,CAAA;AACH,CAAC","sourcesContent":["import { CustomizationData } from '@atproto/oauth-provider-api'\nimport { Customization } from './customization.js'\n\nexport function buildCustomizationData({\n branding,\n availableUserDomains,\n inviteCodeRequired,\n hcaptcha,\n}: Customization): CustomizationData {\n // @NOTE the front end does not need colors here as they will be injected as\n // CSS variables.\n // @NOTE We only copy the values explicitly needed to avoid leaking sensitive\n // data (in case the caller passed more than what we expect).\n return {\n availableUserDomains,\n inviteCodeRequired,\n hcaptchaSiteKey: hcaptcha?.siteKey,\n name: branding?.name,\n logo: branding?.logo,\n links: branding?.links,\n }\n}\n"]}
package/dist/customization/colors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"colors.js","sourceRoot":"","sources":["../../src/customization/colors.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,wDAAsD;AACtD,wDAAsD;AAEzC,QAAA,WAAW,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,CAAU,CAAA;AAGjE,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,CAAC;IACN,KAAK,EAAE,6BAAc,CAAC,QAAQ,EAAE;IAChC,IAAI,EAAE,6BAAc,CAAC,QAAQ,EAAE;CAChC,CAAC;KACD,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,mBAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,6BAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CAC7D;KACA,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,mBAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,UAAU,EAAE,6BAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CAC1E;KACA,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,mBAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,KAAK,EAAE,6BAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CACrE,CAAA"}
1
+ {"version":3,"file":"colors.js","sourceRoot":"","sources":["../../src/customization/colors.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,wDAAsD;AACtD,wDAAsD;AAEzC,QAAA,WAAW,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,CAAU,CAAA;AAGjE,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,CAAC;IACN,KAAK,EAAE,6BAAc,CAAC,QAAQ,EAAE;IAChC,IAAI,EAAE,6BAAc,CAAC,QAAQ,EAAE;CAChC,CAAC;KACD,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,mBAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,6BAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CAC7D;KACA,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,mBAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,UAAU,EAAE,6BAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CAC1E;KACA,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,mBAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,KAAK,EAAE,6BAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CACrE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { colorHueSchema } from '../types/color-hue.js'\nimport { rgbColorSchema } from '../types/rgb-color.js'\n\nexport const COLOR_NAMES = ['primary', 'error', 'warning', 'success'] as const\nexport type ColorName = (typeof COLOR_NAMES)[number]\n\nexport const colorsSchema = z\n .object({\n light: rgbColorSchema.optional(),\n dark: rgbColorSchema.optional(),\n })\n .extend(\n Object.fromEntries(\n COLOR_NAMES.map((name) => [name, rgbColorSchema.optional()]),\n ) as Record<ColorName, z.ZodOptional<typeof rgbColorSchema>>,\n )\n .extend(\n Object.fromEntries(\n COLOR_NAMES.map((name) => [`${name}Contrast`, rgbColorSchema.optional()]),\n ) as Record<`${ColorName}Contrast`, z.ZodOptional<typeof rgbColorSchema>>,\n )\n .extend(\n Object.fromEntries(\n COLOR_NAMES.map((name) => [`${name}Hue`, colorHueSchema.optional()]),\n ) as Record<`${ColorName}Hue`, z.ZodOptional<typeof colorHueSchema>>,\n )\n\nexport type Colors = z.infer<typeof colorsSchema>\n"]}
package/dist/customization/customization.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"customization.js","sourceRoot":"","sources":["../../src/customization/customization.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,oDAAyD;AACzD,+CAA8C;AAEjC,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C;;;OAGG;IACH,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD;;OAEG;IACH,QAAQ,EAAE,4BAAc,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,kBAAkB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,QAAQ,EAAE,kCAAoB,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAA"}
1
+ {"version":3,"file":"customization.js","sourceRoot":"","sources":["../../src/customization/customization.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,oDAAyD;AACzD,+CAA8C;AAEjC,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C;;;OAGG;IACH,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD;;OAEG;IACH,QAAQ,EAAE,4BAAc,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,kBAAkB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,QAAQ,EAAE,kCAAoB,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { hcaptchaConfigSchema } from '../lib/hcaptcha.js'\nimport { brandingSchema } from './branding.js'\n\nexport const customizationSchema = z.object({\n /**\n * Available user domains that can be used to sign up. A non-empty array\n * is required to enable the sign-up feature.\n */\n availableUserDomains: z.array(z.string()).optional(),\n /**\n * UI customizations\n */\n branding: brandingSchema.optional(),\n /**\n * Is an invite code required to sign up?\n */\n inviteCodeRequired: z.boolean().optional(),\n /**\n * Enables hCaptcha during sign-up.\n */\n hcaptcha: hcaptchaConfigSchema.optional(),\n})\nexport type CustomizationInput = z.input<typeof customizationSchema>\nexport type Customization = z.infer<typeof customizationSchema>\n"]}
package/dist/customization/links.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"links.js","sourceRoot":"","sources":["../../src/customization/links.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qEAAyD;AACzD,qDAA6D;AAEhD,QAAA,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,iCAAqB,CAAC,CAAC;IACnD,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACtB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,6BAAS,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE;CACjE,CAAC,CAAA"}
1
+ {"version":3,"file":"links.js","sourceRoot":"","sources":["../../src/customization/links.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qEAAyD;AACzD,qDAA6D;AAEhD,QAAA,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,iCAAqB,CAAC,CAAC;IACnD,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACtB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,6BAAS,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE;CACjE,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { isLinkRel } from '../lib/html/build-document.js'\nimport { multiLangStringSchema } from '../lib/util/locale.js'\n\nexport const linksSchema = z.object({\n title: z.union([z.string(), multiLangStringSchema]),\n href: z.string().url(),\n rel: z.string().refine(isLinkRel, 'Invalid link rel').optional(),\n})\nexport type Links = z.infer<typeof linksSchema>\n"]}
package/dist/device/device-data.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"device-data.js","sourceRoot":"","sources":["../../src/device/device-data.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,mDAAiD;AAEpC,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,+BAAe;IAC1B,UAAU,EAAE,OAAC,CAAC,IAAI,EAAE;IACpB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAA"}
1
+ {"version":3,"file":"device-data.js","sourceRoot":"","sources":["../../src/device/device-data.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,mDAAiD;AAEpC,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,+BAAe;IAC1B,UAAU,EAAE,OAAC,CAAC,IAAI,EAAE;IACpB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { sessionIdSchema } from './session-id.js'\n\nexport const deviceDataSchema = z.object({\n sessionId: sessionIdSchema,\n lastSeenAt: z.date(),\n userAgent: z.string().nullable(),\n ipAddress: z.string(),\n})\n\nexport type DeviceData = z.infer<typeof deviceDataSchema>\n"]}
package/dist/device/device-id.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"device-id.js","sourceRoot":"","sources":["../../src/device/device-id.ts"],"names":[],"mappings":";;;AAoBA,gCAEC;AAtBD,6BAAuB;AACvB,kDAA0E;AAC1E,qDAAmD;AAEtC,QAAA,gBAAgB,GAC3B,+BAAgB,CAAC,MAAM,GAAG,qCAAsB,GAAG,CAAC,CAAA,CAAC,eAAe;AAEzD,QAAA,cAAc,GAAG,OAAC;KAC5B,MAAM,EAAE;KACR,MAAM,CAAC,wBAAgB,CAAC;KACxB,MAAM,CACL,CAAC,CAAC,EAA8C,EAAE,CAChD,CAAC,CAAC,UAAU,CAAC,+BAAgB,CAAC,EAChC;IACE,OAAO,EAAE,0BAA0B;CACpC,CACF,CAAA;AAIH,SAAgB,UAAU,CAAC,KAAc;IACvC,OAAO,sBAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AAChD,CAAC;AAEM,MAAM,gBAAgB,GAAG,KAAK,IAAuB,EAAE;IAC5D,OAAO,GAAG,+BAAgB,GAAG,MAAM,IAAA,uBAAW,EAAC,qCAAsB,CAAC,EAAE,CAAA;AAC1E,CAAC,CAAA;AAFY,QAAA,gBAAgB,oBAE5B"}
1
+ {"version":3,"file":"device-id.js","sourceRoot":"","sources":["../../src/device/device-id.ts"],"names":[],"mappings":";;;AAoBA,gCAEC;AAtBD,6BAAuB;AACvB,kDAA0E;AAC1E,qDAAmD;AAEtC,QAAA,gBAAgB,GAC3B,+BAAgB,CAAC,MAAM,GAAG,qCAAsB,GAAG,CAAC,CAAA,CAAC,eAAe;AAEzD,QAAA,cAAc,GAAG,OAAC;KAC5B,MAAM,EAAE;KACR,MAAM,CAAC,wBAAgB,CAAC;KACxB,MAAM,CACL,CAAC,CAAC,EAA8C,EAAE,CAChD,CAAC,CAAC,UAAU,CAAC,+BAAgB,CAAC,EAChC;IACE,OAAO,EAAE,0BAA0B;CACpC,CACF,CAAA;AAIH,SAAgB,UAAU,CAAC,KAAc;IACvC,OAAO,sBAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AAChD,CAAC;AAEM,MAAM,gBAAgB,GAAG,KAAK,IAAuB,EAAE;IAC5D,OAAO,GAAG,+BAAgB,GAAG,MAAM,IAAA,uBAAW,EAAC,qCAAsB,CAAC,EAAE,CAAA;AAC1E,CAAC,CAAA;AAFY,QAAA,gBAAgB,oBAE5B","sourcesContent":["import { z } from 'zod'\nimport { DEVICE_ID_BYTES_LENGTH, DEVICE_ID_PREFIX } from '../constants.js'\nimport { randomHexId } from '../lib/util/crypto.js'\n\nexport const DEVICE_ID_LENGTH =\n DEVICE_ID_PREFIX.length + DEVICE_ID_BYTES_LENGTH * 2 // hex encoding\n\nexport const deviceIdSchema = z\n .string()\n .length(DEVICE_ID_LENGTH)\n .refine(\n (v): v is `${typeof DEVICE_ID_PREFIX}${string}` =>\n v.startsWith(DEVICE_ID_PREFIX),\n {\n message: `Invalid device ID format`,\n },\n )\n\nexport type DeviceId = z.infer<typeof deviceIdSchema>\n\nexport function isDeviceId(value: unknown): value is DeviceId {\n return deviceIdSchema.safeParse(value).success\n}\n\nexport const generateDeviceId = async (): Promise<DeviceId> => {\n return `${DEVICE_ID_PREFIX}${await randomHexId(DEVICE_ID_BYTES_LENGTH)}`\n}\n"]}
package/dist/device/device-manager.d.ts CHANGED
@@ -11,12 +11,12 @@ export declare const keygripSchema: z.ZodObject<{
11
11
  verify: z.ZodFunction<z.ZodTuple<[z.ZodAny, z.ZodString], z.ZodUnknown>, z.ZodBoolean>;
12
12
  index: z.ZodFunction<z.ZodTuple<[z.ZodAny, z.ZodString], z.ZodUnknown>, z.ZodNumber>;
13
13
  }, "strip", z.ZodTypeAny, {
14
- sign: (args_0: any, ...args: unknown[]) => string;
15
14
  verify: (args_0: any, args_1: string, ...args: unknown[]) => boolean;
15
+ sign: (args_0: any, ...args: unknown[]) => string;
16
16
  index: (args_0: any, args_1: string, ...args: unknown[]) => number;
17
17
  }, {
18
- sign: (args_0: any, ...args: unknown[]) => string;
19
18
  verify: (args_0: any, args_1: string, ...args: unknown[]) => boolean;
19
+ sign: (args_0: any, ...args: unknown[]) => string;
20
20
  index: (args_0: any, args_1: string, ...args: unknown[]) => number;
21
21
  }>;
22
22
  export declare const deviceManagerOptionsSchema: z.ZodObject<{
@@ -40,12 +40,12 @@ export declare const deviceManagerOptionsSchema: z.ZodObject<{
40
40
  verify: z.ZodFunction<z.ZodTuple<[z.ZodAny, z.ZodString], z.ZodUnknown>, z.ZodBoolean>;
41
41
  index: z.ZodFunction<z.ZodTuple<[z.ZodAny, z.ZodString], z.ZodUnknown>, z.ZodNumber>;
42
42
  }, "strip", z.ZodTypeAny, {
43
- sign: (args_0: any, ...args: unknown[]) => string;
44
43
  verify: (args_0: any, args_1: string, ...args: unknown[]) => boolean;
44
+ sign: (args_0: any, ...args: unknown[]) => string;
45
45
  index: (args_0: any, args_1: string, ...args: unknown[]) => number;
46
46
  }, {
47
- sign: (args_0: any, ...args: unknown[]) => string;
48
47
  verify: (args_0: any, args_1: string, ...args: unknown[]) => boolean;
48
+ sign: (args_0: any, ...args: unknown[]) => string;
49
49
  index: (args_0: any, args_1: string, ...args: unknown[]) => number;
50
50
  }>>;
51
51
  /**
@@ -73,14 +73,14 @@ export declare const deviceManagerOptionsSchema: z.ZodObject<{
73
73
  sameSite: "strict" | "lax";
74
74
  secure: boolean;
75
75
  keys?: {
76
- sign: (args_0: any, ...args: unknown[]) => string;
77
76
  verify: (args_0: any, args_1: string, ...args: unknown[]) => boolean;
77
+ sign: (args_0: any, ...args: unknown[]) => string;
78
78
  index: (args_0: any, args_1: string, ...args: unknown[]) => number;
79
79
  } | undefined;
80
80
  }, {
81
81
  keys?: {
82
- sign: (args_0: any, ...args: unknown[]) => string;
83
82
  verify: (args_0: any, args_1: string, ...args: unknown[]) => boolean;
83
+ sign: (args_0: any, ...args: unknown[]) => string;
84
84
  index: (args_0: any, args_1: string, ...args: unknown[]) => number;
85
85
  } | undefined;
86
86
  age?: number | null | undefined;
@@ -93,8 +93,8 @@ export declare const deviceManagerOptionsSchema: z.ZodObject<{
93
93
  sameSite: "strict" | "lax";
94
94
  secure: boolean;
95
95
  keys?: {
96
- sign: (args_0: any, ...args: unknown[]) => string;
97
96
  verify: (args_0: any, args_1: string, ...args: unknown[]) => boolean;
97
+ sign: (args_0: any, ...args: unknown[]) => string;
98
98
  index: (args_0: any, args_1: string, ...args: unknown[]) => number;
99
99
  } | undefined;
100
100
  };
@@ -103,8 +103,8 @@ export declare const deviceManagerOptionsSchema: z.ZodObject<{
103
103
  }, {
104
104
  cookie?: {
105
105
  keys?: {
106
- sign: (args_0: any, ...args: unknown[]) => string;
107
106
  verify: (args_0: any, args_1: string, ...args: unknown[]) => boolean;
107
+ sign: (args_0: any, ...args: unknown[]) => string;
108
108
  index: (args_0: any, args_1: string, ...args: unknown[]) => number;
109
109
  } | undefined;
110
110
  age?: number | null | undefined;