@atproto/oauth-provider 0.13.1 → 0.13.2

package/dist/device/device-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"device-manager.js","sourceRoot":"","sources":["../../src/device/device-manager.ts"],"names":[],"mappings":";;;AACA,6BAAuB;AACvB,kDAA0D;AAC1D,mDAAuD;AACvD,uDAI+B;AAE/B,iDAKuB;AAEvB,mDAAoE;AAEpE;;GAEG;AACU,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,IAAI,EAAE,OAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IACpD,MAAM,EAAE,OAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,OAAC,CAAC,GAAG,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC;IACnE,KAAK,EAAE,OAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,OAAC,CAAC,GAAG,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;CAClE,CAAC,CAAA;AAEW,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;;OAGG;IACH,UAAU,EAAE,OAAC;SACV,QAAQ,EAAE;SACV,IAAI,CAAsC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC;SACjE,OAAO,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC;SACpB,QAAQ,EAAE;IAEb;;;;OAIG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACvC;;OAEG;IACH,MAAM,EAAE,OAAC;SACN,MAAM,CAAC;QACN,IAAI,EAAE,qBAAa,CAAC,QAAQ,EAAE;QAC9B;;;;;;WAMG;QACH,GAAG,EAAE,OAAC;aACH,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,OAAO,CAAC,EAAE,GAAG,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACvC;;;;WAIG;QACH,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QACjC;;;;WAIG;QACH,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;KACnD,CAAC;SACD,OAAO,CAAC,EAAE,CAAC;CACf,CAAC,CAAA;AAcF;;;;GAIG;AACH,MAAa,aAAa;IAIL;IAHF,OAAO,CAA4C;IAEpE,YACmB,KAAkB,EACnC,UAAgC,EAAE;QADjB,UAAK,GAAL,KAAK,CAAa;QAGnC,IAAI,CAAC,OAAO,GAAG,kCAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IAC1D,CAAC;IAEM,KAAK,CAAC,IAAI,CACf,GAAoB,EACpB,GAAmB,EACnB,WAAW,GAAG,KAAK;QAEnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAC9C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,IAAI,CAAC,OAAO,CACjB,GAAG,EACH,GAAG,EACH,MAAM,CAAC,KAAK,EACZ,WAAW,IAAI,MAAM,CAAC,UAAU,CACjC,CAAA;QACH,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAC9B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,MAAM,CAClB,GAAoB,EACpB,GAAmB;QAEnB,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAEnD,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC9C,IAAA,+BAAgB,GAAE;YAClB,IAAA,iCAAiB,GAAE;SACX,CAAC,CAAA;QAEX,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE;YACtC,SAAS;YACT,UAAU,EAAE,IAAI,IAAI,EAAE;YACtB,SAAS,EAAE,cAAc,CAAC,SAAS,IAAI,IAAI;YAC3C,SAAS,EAAE,cAAc,CAAC,SAAS;SACpC,CAAC,CAAA;QAEF,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAA;QAExD,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAA;IACrC,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,GAAoB,EACpB,GAAmB,EACnB,EAAE,QAAQ,EAAE,SAAS,EAAe,EACpC,WAAW,GAAG,KAAK;QAEnB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;QAClD,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAEvC,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,EAAE,CAAA;QAE7C,IAAI,SAAS,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,GAAG,IAAI,uCAAwB,EAAE,CAAC;gBACpC,iEAAiE;gBACjE,4CAA4C;gBAC5C,WAAW,GAAG,IAAI,CAAA;YACpB,CAAC;iBAAM,CAAC;gBACN,iDAAiD;gBACjD,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;gBACvC,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9B,CAAC;QACH,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAEnD,IACE,WAAW;YACX,cAAc,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS;YAC3C,cAAc,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS;YAC3C,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAC/B,CAAC;YACD,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE;gBACpC,SAAS,EAAE,cAAc,CAAC,SAAS;gBACnC,SAAS,EAAE,cAAc,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS;aACtD,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAA;IACrC,CAAC;IAEO,KAAK,CAAC,MAAM,CAClB,GAAoB,EACpB,GAAmB,EACnB,QAAkB,EAClB,IAA4D;QAE5D,MAAM,SAAS,GAAG,MAAM,IAAA,iCAAiB,GAAE,CAAA;QAE3C,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE;YACtC,GAAG,IAAI;YACP,SAAS;YACT,UAAU,EAAE,IAAI,IAAI,EAAE;SACvB,CAAC,CAAA;QAEF,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAA;IAC1D,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,GAAoB,EACpB,GAAmB;QAEnB,MAAM,OAAO,GAAG,IAAA,2BAAgB,EAAC,GAAG,CAAC,CAAA;QAErC,yEAAyE;QACzE,oEAAoE;QACpE,2EAA2E;QAC3E,4DAA4D;QAC5D,0EAA0E;QAC1E,sEAAsE;QACtE,2EAA2E;QAC3E,yEAAyE;QACzE,0EAA0E;QAC1E,iDAAiD;QAEjD,MAAM,MAAM,GACV,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,6BAAc,CAAC;YACnD,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,6BAAc,CAAC,CAAA;QACxD,MAAM,OAAO,GACX,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,+BAAe,CAAC;YACpD,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,EAAE,+BAAe,CAAC,CAAA;QAE1D,MAAM,QAAQ,GAAG,MAAM,EAAE,KAAK,CAAA;QAC9B,MAAM,SAAS,GAAG,OAAO,EAAE,KAAK,CAAA;QAEhC,6CAA6C;QAC7C,IAAI,IAAA,yBAAU,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,IAAI,OAAO,CAAC,WAAW,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1E,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAA;QACrD,CAAC;QACD,IAAI,OAAO,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAClD,MAAM,OAAO,GAAG,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,CAAC,EAAW,CAAA;YAChE,IAAA,sBAAS,EAAC,GAAG,EAAE,WAAW,EAAE,EAAE,EAAE,OAAO,CAAC,CAAA;YACxC,IAAA,sBAAS,EAAC,GAAG,EAAE,YAAY,EAAE,EAAE,EAAE,OAAO,CAAC,CAAA;QAC3C,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5B,sDAAsD;YACtD,IAAI,QAAQ;gBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;YAErD,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO;YACL,KAAK,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE;YAC9B,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU;SACpD,CAAA;IACH,CAAC;IAEO,WAAW,CACjB,OAA2C,EAC3C,IAAY,EACZ,MAA4D;QAE5D,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACpE,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAA;QAE1B,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;QACzC,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,IAAI,CAAA;QAEhC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAA;QAEzB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,GAAG,IAAI,OAAO,CAAA;YAE/B,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YACxE,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAI,CAAA;YAEtB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;YAC1D,IAAI,GAAG,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAA;YAExB,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,KAAK,CAAC,EAAE,CAAA;QACzC,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,CAAA;IACrC,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,GAAoB,EACpB,GAAmB,EACnB,EAAE,QAAQ,EAAE,SAAS,EAAe;QAEpC,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACzC,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAA;IAC5C,CAAC;IAEO,WAAW,CAAC,GAAmB,EAAE,IAAY,EAAE,KAAc;QACnE,MAAM,aAAa,GAAG;YACpB,MAAM,EAAE,KAAK;gBACX,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI;oBAC/B,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI;gBAClC,CAAC,CAAC,CAAC;YACL,QAAQ,EAAE,IAAI;YACd,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,KAAK;YAC5C,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ;SAC9B,CAAA;QAEV,IAAA,sBAAS,EAAC,GAAG,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE,EAAE,aAAa,CAAC,CAAA;QAEhD,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;YAC9D,IAAA,sBAAS,EAAC,GAAG,EAAE,GAAG,IAAI,OAAO,EAAE,IAAI,EAAE,aAAa,CAAC,CAAA;QACrD,CAAC;IACH,CAAC;IAEM,kBAAkB,CAAC,GAAoB;QAC5C,OAAO,IAAA,mCAAsB,EAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAA;IAClD,CAAC;CACF;AA7ND,sCA6NC"}
+{"version":3,"file":"device-manager.js","sourceRoot":"","sources":["../../src/device/device-manager.ts"],"names":[],"mappings":";;;AACA,6BAAuB;AACvB,kDAA0D;AAC1D,mDAAuD;AACvD,uDAI+B;AAE/B,iDAKuB;AAEvB,mDAAoE;AAEpE;;GAEG;AACU,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,IAAI,EAAE,OAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,OAAO,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IACpD,MAAM,EAAE,OAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,OAAC,CAAC,GAAG,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC;IACnE,KAAK,EAAE,OAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,CAAC,OAAC,CAAC,GAAG,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;CAClE,CAAC,CAAA;AAEW,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;;OAGG;IACH,UAAU,EAAE,OAAC;SACV,QAAQ,EAAE;SACV,IAAI,CAAsC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC;SACjE,OAAO,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC;SACpB,QAAQ,EAAE;IAEb;;;;OAIG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACvC;;OAEG;IACH,MAAM,EAAE,OAAC;SACN,MAAM,CAAC;QACN,IAAI,EAAE,qBAAa,CAAC,QAAQ,EAAE;QAC9B;;;;;;WAMG;QACH,GAAG,EAAE,OAAC;aACH,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,OAAO,CAAC,EAAE,GAAG,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QACvC;;;;WAIG;QACH,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QACjC;;;;WAIG;QACH,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;KACnD,CAAC;SACD,OAAO,CAAC,EAAE,CAAC;CACf,CAAC,CAAA;AAcF;;;;GAIG;AACH,MAAa,aAAa;IAIL;IAHF,OAAO,CAA4C;IAEpE,YACmB,KAAkB,EACnC,UAAgC,EAAE;QADjB,UAAK,GAAL,KAAK,CAAa;QAGnC,IAAI,CAAC,OAAO,GAAG,kCAA0B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IAC1D,CAAC;IAEM,KAAK,CAAC,IAAI,CACf,GAAoB,EACpB,GAAmB,EACnB,WAAW,GAAG,KAAK;QAEnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAC9C,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,IAAI,CAAC,OAAO,CACjB,GAAG,EACH,GAAG,EACH,MAAM,CAAC,KAAK,EACZ,WAAW,IAAI,MAAM,CAAC,UAAU,CACjC,CAAA;QACH,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAC9B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,MAAM,CAClB,GAAoB,EACpB,GAAmB;QAEnB,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAEnD,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC9C,IAAA,+BAAgB,GAAE;YAClB,IAAA,iCAAiB,GAAE;SACX,CAAC,CAAA;QAEX,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE;YACtC,SAAS;YACT,UAAU,EAAE,IAAI,IAAI,EAAE;YACtB,SAAS,EAAE,cAAc,CAAC,SAAS,IAAI,IAAI;YAC3C,SAAS,EAAE,cAAc,CAAC,SAAS;SACpC,CAAC,CAAA;QAEF,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAA;QAExD,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAA;IACrC,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,GAAoB,EACpB,GAAmB,EACnB,EAAE,QAAQ,EAAE,SAAS,EAAe,EACpC,WAAW,GAAG,KAAK;QAEnB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAA;QAClD,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAEvC,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,EAAE,CAAA;QAE7C,IAAI,SAAS,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,GAAG,IAAI,uCAAwB,EAAE,CAAC;gBACpC,iEAAiE;gBACjE,4CAA4C;gBAC5C,WAAW,GAAG,IAAI,CAAA;YACpB,CAAC;iBAAM,CAAC;gBACN,iDAAiD;gBACjD,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;gBACvC,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9B,CAAC;QACH,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;QAEnD,IACE,WAAW;YACX,cAAc,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS;YAC3C,cAAc,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS;YAC3C,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAC/B,CAAC;YACD,MAAM,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE;gBACpC,SAAS,EAAE,cAAc,CAAC,SAAS;gBACnC,SAAS,EAAE,cAAc,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS;aACtD,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAA;IACrC,CAAC;IAEO,KAAK,CAAC,MAAM,CAClB,GAAoB,EACpB,GAAmB,EACnB,QAAkB,EAClB,IAA4D;QAE5D,MAAM,SAAS,GAAG,MAAM,IAAA,iCAAiB,GAAE,CAAA;QAE3C,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE;YACtC,GAAG,IAAI;YACP,SAAS;YACT,UAAU,EAAE,IAAI,IAAI,EAAE;SACvB,CAAC,CAAA;QAEF,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAA;IAC1D,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,GAAoB,EACpB,GAAmB;QAEnB,MAAM,OAAO,GAAG,IAAA,2BAAgB,EAAC,GAAG,CAAC,CAAA;QAErC,yEAAyE;QACzE,oEAAoE;QACpE,2EAA2E;QAC3E,4DAA4D;QAC5D,0EAA0E;QAC1E,sEAAsE;QACtE,2EAA2E;QAC3E,yEAAyE;QACzE,0EAA0E;QAC1E,iDAAiD;QAEjD,MAAM,MAAM,GACV,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,6BAAc,CAAC;YACnD,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,6BAAc,CAAC,CAAA;QACxD,MAAM,OAAO,GACX,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,QAAQ,EAAE,+BAAe,CAAC;YACpD,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,EAAE,+BAAe,CAAC,CAAA;QAE1D,MAAM,QAAQ,GAAG,MAAM,EAAE,KAAK,CAAA;QAC9B,MAAM,SAAS,GAAG,OAAO,EAAE,KAAK,CAAA;QAEhC,6CAA6C;QAC7C,IAAI,IAAA,yBAAU,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,IAAI,OAAO,CAAC,WAAW,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1E,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAA;QACrD,CAAC;QACD,IAAI,OAAO,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAClD,MAAM,OAAO,GAAG,EAAE,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,CAAC,EAAW,CAAA;YAChE,IAAA,sBAAS,EAAC,GAAG,EAAE,WAAW,EAAE,EAAE,EAAE,OAAO,CAAC,CAAA;YACxC,IAAA,sBAAS,EAAC,GAAG,EAAE,YAAY,EAAE,EAAE,EAAE,OAAO,CAAC,CAAA;QAC3C,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5B,sDAAsD;YACtD,IAAI,QAAQ;gBAAE,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;YAErD,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO;YACL,KAAK,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE;YAC9B,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU;SACpD,CAAA;IACH,CAAC;IAEO,WAAW,CACjB,OAA2C,EAC3C,IAAY,EACZ,MAA4D;QAE5D,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACpE,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAA;QAE1B,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;QACzC,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,IAAI,CAAA;QAEhC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAA;QAEzB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,GAAG,IAAI,OAAO,CAAA;YAE/B,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YACxE,IAAI,CAAC,IAAI;gBAAE,OAAO,IAAI,CAAA;YAEtB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;YAC1D,IAAI,GAAG,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAA;YAExB,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,KAAK,CAAC,EAAE,CAAA;QACzC,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,CAAA;IACrC,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,GAAoB,EACpB,GAAmB,EACnB,EAAE,QAAQ,EAAE,SAAS,EAAe;QAEpC,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAA;QACzC,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAA;IAC5C,CAAC;IAEO,WAAW,CAAC,GAAmB,EAAE,IAAY,EAAE,KAAc;QACnE,MAAM,aAAa,GAAG;YACpB,MAAM,EAAE,KAAK;gBACX,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI,IAAI;oBAC/B,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI;gBAClC,CAAC,CAAC,CAAC;YACL,QAAQ,EAAE,IAAI;YACd,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,KAAK;YAC5C,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ;SAC9B,CAAA;QAEV,IAAA,sBAAS,EAAC,GAAG,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE,EAAE,aAAa,CAAC,CAAA;QAEhD,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;YAC9D,IAAA,sBAAS,EAAC,GAAG,EAAE,GAAG,IAAI,OAAO,EAAE,IAAI,EAAE,aAAa,CAAC,CAAA;QACrD,CAAC;IACH,CAAC;IAEM,kBAAkB,CAAC,GAAoB;QAC5C,OAAO,IAAA,mCAAsB,EAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAA;IAClD,CAAC;CACF;AA7ND,sCA6NC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { z } from 'zod'\nimport { SESSION_FIXATION_MAX_AGE } from '../constants.js'\nimport { parseHttpCookies } from '../lib/http/index.js'\nimport {\n  RequestMetadata,\n  extractRequestMetadata,\n  setCookie,\n} from '../lib/http/request.js'\nimport { DeviceData } from './device-data.js'\nimport {\n  DeviceId,\n  deviceIdSchema,\n  generateDeviceId,\n  isDeviceId,\n} from './device-id.js'\nimport { DeviceStore } from './device-store.js'\nimport { generateSessionId, sessionIdSchema } from './session-id.js'\n\n/**\n * @see {@link https://www.npmjs.com/package/keygrip | Keygrip}\n */\nexport const keygripSchema = z.object({\n  sign: z.function().args(z.any()).returns(z.string()),\n  verify: z.function().args(z.any(), z.string()).returns(z.boolean()),\n  index: z.function().args(z.any(), z.string()).returns(z.number()),\n})\n\nexport const deviceManagerOptionsSchema = z.object({\n  /**\n   * Controls whether the IP address is read from the `X-Forwarded-For` header\n   * (if `true`), or from the `req.socket.remoteAddress` property (if `false`).\n   */\n  trustProxy: z\n    .function()\n    .args<[addr: z.ZodString, i: z.ZodNumber]>(z.string(), z.number())\n    .returns(z.boolean())\n    .optional(),\n\n  /**\n   * Amount of time (in ms) after which session IDs will be rotated\n   *\n   * @default 300e3 // (5 minutes)\n   */\n  rotationRate: z.number().default(300e3),\n  /**\n   * Cookie options\n   */\n  cookie: z\n    .object({\n      keys: keygripSchema.optional(),\n      /**\n       * Amount of time (in ms) after which the session cookie will expire.\n       * If set to `null`, the cookie will be a session cookie (deleted when the\n       * browser is closed).\n       *\n       * @default 10 years\n       */\n      age: z\n        .number()\n        .nullable()\n        .default(10 * 365.2 * 24 * 60 * 60e3),\n      /**\n       * Controls whether the cookie is only sent over HTTPS (if `true`), or also\n       * over HTTP (if `false`). This should **NOT** be set to `false` in\n       * production.\n       */\n      secure: z.boolean().default(true),\n      /**\n       * Controls whether the cookie is sent along with cross-site requests.\n       *\n       * @default 'lax'\n       */\n      sameSite: z.enum(['lax', 'strict']).default('lax'),\n    })\n    .default({}),\n})\n\nexport type DeviceManagerOptions = z.input<typeof deviceManagerOptionsSchema>\n\ntype CookieValue = {\n  deviceId: DeviceId\n  sessionId: string\n}\n\nexport type DeviceInfo = {\n  deviceId: DeviceId\n  deviceMetadata: RequestMetadata\n}\n\n/**\n * This class provides an abstraction for keeping track of DEVICE sessions. It\n * relies on a {@link DeviceStore} to persist session data and a cookie to\n * identify the session.\n */\nexport class DeviceManager {\n  private readonly options: z.infer<typeof deviceManagerOptionsSchema>\n\n  constructor(\n    private readonly store: DeviceStore,\n    options: DeviceManagerOptions = {},\n  ) {\n    this.options = deviceManagerOptionsSchema.parse(options)\n  }\n\n  public async load(\n    req: IncomingMessage,\n    res: ServerResponse,\n    forceRotate = false,\n  ): Promise<DeviceInfo> {\n    const cookie = await this.getCookies(req, res)\n    if (cookie) {\n      return this.refresh(\n        req,\n        res,\n        cookie.value,\n        forceRotate || cookie.mustRotate,\n      )\n    } else {\n      return this.create(req, res)\n    }\n  }\n\n  private async create(\n    req: IncomingMessage,\n    res: ServerResponse,\n  ): Promise<DeviceInfo> {\n    const deviceMetadata = this.getRequestMetadata(req)\n\n    const [deviceId, sessionId] = await Promise.all([\n      generateDeviceId(),\n      generateSessionId(),\n    ] as const)\n\n    await this.store.createDevice(deviceId, {\n      sessionId,\n      lastSeenAt: new Date(),\n      userAgent: deviceMetadata.userAgent ?? null,\n      ipAddress: deviceMetadata.ipAddress,\n    })\n\n    await this.setCookies(req, res, { deviceId, sessionId })\n\n    return { deviceId, deviceMetadata }\n  }\n\n  private async refresh(\n    req: IncomingMessage,\n    res: ServerResponse,\n    { deviceId, sessionId }: CookieValue,\n    forceRotate = false,\n  ): Promise<DeviceInfo> {\n    const data = await this.store.readDevice(deviceId)\n    if (!data) return this.create(req, res)\n\n    const lastSeenAt = new Date(data.lastSeenAt)\n    const age = Date.now() - lastSeenAt.getTime()\n\n    if (sessionId !== data.sessionId) {\n      if (age <= SESSION_FIXATION_MAX_AGE) {\n        // The cookie was probably rotated by a concurrent request. Let's\n        // update the cookie with the new sessionId.\n        forceRotate = true\n      } else {\n        // Something's wrong. Let's create a new session.\n        await this.store.deleteDevice(deviceId)\n        return this.create(req, res)\n      }\n    }\n\n    const deviceMetadata = this.getRequestMetadata(req)\n\n    if (\n      forceRotate ||\n      deviceMetadata.ipAddress !== data.ipAddress ||\n      deviceMetadata.userAgent !== data.userAgent ||\n      age > this.options.rotationRate\n    ) {\n      await this.rotate(req, res, deviceId, {\n        ipAddress: deviceMetadata.ipAddress,\n        userAgent: deviceMetadata.userAgent || data.userAgent,\n      })\n    }\n\n    return { deviceId, deviceMetadata }\n  }\n\n  private async rotate(\n    req: IncomingMessage,\n    res: ServerResponse,\n    deviceId: DeviceId,\n    data?: Partial<Omit<DeviceData, 'sessionId' | 'lastSeenAt'>>,\n  ): Promise<void> {\n    const sessionId = await generateSessionId()\n\n    await this.store.updateDevice(deviceId, {\n      ...data,\n      sessionId,\n      lastSeenAt: new Date(),\n    })\n\n    await this.setCookies(req, res, { deviceId, sessionId })\n  }\n\n  private async getCookies(\n    req: IncomingMessage,\n    res: ServerResponse,\n  ): Promise<{ value: CookieValue; mustRotate: boolean } | null> {\n    const cookies = parseHttpCookies(req)\n\n    // Old cookies were set for the \"/oauth/authorize\" path while new cookies\n    // need to be set for the \"/\" path (in order to be valid on the api,\n    // authorization page and account page). This means that if a user has both\n    // cookies set, the browser would use the old cookie for the\n    // \"/oauth/authorize\" path and the new cookie for all other paths. Because\n    // of this, different \"phantom\" sessions would be created for the same\n    // device. To avoid this, we needed to change the cookie name. We can still\n    // attempt to read the old cookie in order to carry over the session from\n    // the \"/oauth/authorize\" path to the \"/\" path. This will only work if the\n    // user visits the \"/oauth/authorize\" path first.\n\n    const device =\n      this.parseCookie(cookies, `dev-id`, deviceIdSchema) ||\n      this.parseCookie(cookies, 'device-id', deviceIdSchema)\n    const session =\n      this.parseCookie(cookies, `ses-id`, sessionIdSchema) ||\n      this.parseCookie(cookies, 'session-id', sessionIdSchema)\n\n    const deviceId = device?.value\n    const sessionId = session?.value\n\n    // Clear the legacy cookies, if they are set.\n    if (isDeviceId(cookies['device-id']) && cookies['device-id'] !== deviceId) {\n      await this.store.deleteDevice(cookies['device-id'])\n    }\n    if (cookies['device-id'] || cookies['session-id']) {\n      const options = { path: '/oauth/authorize', maxAge: 0 } as const\n      setCookie(res, 'device-id', '', options)\n      setCookie(res, 'session-id', '', options)\n    }\n\n    // Silently ignore invalid cookies\n    if (!deviceId || !sessionId) {\n      // If the device cookie is valid, let's cleanup the DB\n      if (deviceId) await this.store.deleteDevice(deviceId)\n\n      return null\n    }\n\n    return {\n      value: { deviceId, sessionId },\n      mustRotate: device.mustRotate || session.mustRotate,\n    }\n  }\n\n  private parseCookie<T>(\n    cookies: Record<string, string | undefined>,\n    name: string,\n    schema: z.ZodType<T> | z.ZodEffects<z.ZodTypeAny, T, string>,\n  ): null | { value: T; mustRotate: boolean } {\n    const rawValue = Object.hasOwn(cookies, name) ? cookies[name] : null\n    if (!rawValue) return null\n\n    const result = schema.safeParse(rawValue)\n    if (!result.success) return null\n\n    const value = result.data\n\n    if (this.options.cookie.keys) {\n      const hashName = `${name}:hash`\n\n      const hash = Object.hasOwn(cookies, hashName) ? cookies[hashName] : null\n      if (!hash) return null\n\n      const idx = this.options.cookie.keys.index(rawValue, hash)\n      if (idx < 0) return null\n\n      return { value, mustRotate: idx !== 0 }\n    }\n\n    return { value, mustRotate: false }\n  }\n\n  private async setCookies(\n    req: IncomingMessage,\n    res: ServerResponse,\n    { deviceId, sessionId }: CookieValue,\n  ) {\n    this.writeCookie(res, `dev-id`, deviceId)\n    this.writeCookie(res, `ses-id`, sessionId)\n  }\n\n  private writeCookie(res: ServerResponse, name: string, value?: string) {\n    const cookieOptions = {\n      maxAge: value\n        ? this.options.cookie.age == null\n          ? undefined\n          : this.options.cookie.age / 1000\n        : 0,\n      httpOnly: true,\n      path: '/',\n      secure: this.options.cookie.secure !== false,\n      sameSite: this.options.cookie.sameSite,\n    } as const\n\n    setCookie(res, name, value || '', cookieOptions)\n\n    if (this.options.cookie.keys) {\n      const hash = value ? this.options.cookie.keys.sign(value) : ''\n      setCookie(res, `${name}:hash`, hash, cookieOptions)\n    }\n  }\n\n  public getRequestMetadata(req: IncomingMessage) {\n    return extractRequestMetadata(req, this.options)\n  }\n}\n"]}

package/dist/device/device-store.js.map

@@ -1 +1 @@
-{"version":3,"file":"device-store.js","sourceRoot":"","sources":["../../src/device/device-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAyBA,sCAKC;AA9BD,iDAAsE;AAItE,iEAAiE;AACjE,mDAAgC;AAChC,iDAA8B;AAC9B,kDAA+B;AAWlB,QAAA,aAAa,GAAG,IAAA,+BAAqB,EAAc;IAC9D,cAAc;IACd,YAAY;IACZ,cAAc;IACd,cAAc;CACf,CAAC,CAAA;AAEF,SAAgB,aAAa,CAAI,cAAiB;IAChD,IAAI,CAAC,cAAc,IAAI,CAAC,IAAA,qBAAa,EAAC,cAAc,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IACvD,CAAC;IACD,OAAO,cAAc,CAAA;AACvB,CAAC"}
+{"version":3,"file":"device-store.js","sourceRoot":"","sources":["../../src/device/device-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAyBA,sCAKC;AA9BD,iDAAsE;AAItE,iEAAiE;AACjE,mDAAgC;AAChC,iDAA8B;AAC9B,kDAA+B;AAWlB,QAAA,aAAa,GAAG,IAAA,+BAAqB,EAAc;IAC9D,cAAc;IACd,YAAY;IACZ,cAAc;IACd,cAAc;CACf,CAAC,CAAA;AAEF,SAAgB,aAAa,CAAI,cAAiB;IAChD,IAAI,CAAC,cAAc,IAAI,CAAC,IAAA,qBAAa,EAAC,cAAc,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;IACvD,CAAC;IACD,OAAO,cAAc,CAAA;AACvB,CAAC","sourcesContent":["import { Awaitable, buildInterfaceChecker } from '../lib/util/type.js'\nimport { DeviceData } from './device-data.js'\nimport { DeviceId } from './device-id.js'\n\n// Export all types needed to implement the DeviceStore interface\nexport * from './device-data.js'\nexport * from './device-id.js'\nexport * from './session-id.js'\n\nexport type { Awaitable }\n\nexport interface DeviceStore {\n  createDevice(deviceId: DeviceId, data: DeviceData): Awaitable<void>\n  readDevice(deviceId: DeviceId): Awaitable<DeviceData | null>\n  updateDevice(deviceId: DeviceId, data: Partial<DeviceData>): Awaitable<void>\n  deleteDevice(deviceId: DeviceId): Awaitable<void>\n}\n\nexport const isDeviceStore = buildInterfaceChecker<DeviceStore>([\n  'createDevice',\n  'readDevice',\n  'updateDevice',\n  'deleteDevice',\n])\n\nexport function asDeviceStore<V>(implementation: V): V & DeviceStore {\n  if (!implementation || !isDeviceStore(implementation)) {\n    throw new Error('Invalid DeviceStore implementation')\n  }\n  return implementation\n}\n"]}

package/dist/device/session-id.js.map

@@ -1 +1 @@
-{"version":3,"file":"session-id.js","sourceRoot":"","sources":["../../src/device/session-id.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,kDAA4E;AAC5E,qDAAmD;AAEtC,QAAA,iBAAiB,GAC5B,gCAAiB,CAAC,MAAM,GAAG,sCAAuB,GAAG,CAAC,CAAA,CAAC,eAAe;AAE3D,QAAA,eAAe,GAAG,OAAC;KAC7B,MAAM,EAAE;KACR,MAAM,CAAC,yBAAiB,CAAC;KACzB,MAAM,CACL,CAAC,CAAC,EAA+C,EAAE,CACjD,CAAC,CAAC,UAAU,CAAC,gCAAiB,CAAC,EACjC;IACE,OAAO,EAAE,2BAA2B;CACrC,CACF,CAAA;AAEI,MAAM,iBAAiB,GAAG,KAAK,IAAwB,EAAE;IAC9D,OAAO,GAAG,gCAAiB,GAAG,MAAM,IAAA,uBAAW,EAAC,sCAAuB,CAAC,EAAE,CAAA;AAC5E,CAAC,CAAA;AAFY,QAAA,iBAAiB,qBAE7B"}
+{"version":3,"file":"session-id.js","sourceRoot":"","sources":["../../src/device/session-id.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,kDAA4E;AAC5E,qDAAmD;AAEtC,QAAA,iBAAiB,GAC5B,gCAAiB,CAAC,MAAM,GAAG,sCAAuB,GAAG,CAAC,CAAA,CAAC,eAAe;AAE3D,QAAA,eAAe,GAAG,OAAC;KAC7B,MAAM,EAAE;KACR,MAAM,CAAC,yBAAiB,CAAC;KACzB,MAAM,CACL,CAAC,CAAC,EAA+C,EAAE,CACjD,CAAC,CAAC,UAAU,CAAC,gCAAiB,CAAC,EACjC;IACE,OAAO,EAAE,2BAA2B;CACrC,CACF,CAAA;AAEI,MAAM,iBAAiB,GAAG,KAAK,IAAwB,EAAE;IAC9D,OAAO,GAAG,gCAAiB,GAAG,MAAM,IAAA,uBAAW,EAAC,sCAAuB,CAAC,EAAE,CAAA;AAC5E,CAAC,CAAA;AAFY,QAAA,iBAAiB,qBAE7B","sourcesContent":["import { z } from 'zod'\nimport { SESSION_ID_BYTES_LENGTH, SESSION_ID_PREFIX } from '../constants.js'\nimport { randomHexId } from '../lib/util/crypto.js'\n\nexport const SESSION_ID_LENGTH =\n  SESSION_ID_PREFIX.length + SESSION_ID_BYTES_LENGTH * 2 // hex encoding\n\nexport const sessionIdSchema = z\n  .string()\n  .length(SESSION_ID_LENGTH)\n  .refine(\n    (v): v is `${typeof SESSION_ID_PREFIX}${string}` =>\n      v.startsWith(SESSION_ID_PREFIX),\n    {\n      message: `Invalid session ID format`,\n    },\n  )\nexport type SessionId = z.infer<typeof sessionIdSchema>\nexport const generateSessionId = async (): Promise<SessionId> => {\n  return `${SESSION_ID_PREFIX}${await randomHexId(SESSION_ID_BYTES_LENGTH)}`\n}\n"]}

package/dist/dpop/dpop-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"dpop-manager.js","sourceRoot":"","sources":["../../src/dpop/dpop-manager.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,+BAA6E;AAC7E,6BAAuB;AACvB,sCAA8C;AAC9C,kDAAoD;AACpD,uFAA6E;AAC7E,+EAAqE;AACrE,iDAA2C;AAC3C,mDAKwB;AAKf,0FATP,yBAAS,OASO;AAFlB,MAAM,EAAE,SAAS,EAAE,GAAG,aAAM,CAAA;AAIf,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C;;;;;OAKG;IACH,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,gCAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpE,oBAAoB,EAAE,sCAAsB,CAAC,QAAQ,EAAE;CACxD,CAAC,CAAA;AAGF,MAAa,WAAW;IACH,SAAS,CAAY;IAExC,YAAY,UAA8B,EAAE;QAC1C,MAAM,EAAE,UAAU,EAAE,oBAAoB,EAAE,GACxC,gCAAwB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QACzC,IAAI,CAAC,SAAS;YACZ,UAAU,KAAK,KAAK;gBAClB,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,IAAI,yBAAS,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAA;IACvD,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAA;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,UAAkB,EAClB,OAAsB,EACtB,WAA0D,EAC1D,WAAoB;QAEpB,4CAA4C;QAC5C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAA;QAChD,CAAC;QAED,MAAM,KAAK,GAAG,YAAY,CAAC,WAAW,CAAC,CAAA;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QAEvB,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAAC,KAAK,EAAE,kBAAW,EAAE;YACvE,GAAG,EAAE,UAAU;YACf,WAAW,EAAE,EAAE,EAAE,iDAAiD;YAClE,cAAc,EAAE,iCAAkB,GAAG,GAAG;SACzC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACf,MAAM,yBAAyB,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAA;QACrE,CAAC,CAAC,CAAA;QAEF,mEAAmE;QACnE,2EAA2E;QAC3E,4CAA4C;QAE5C,+DAA+D;QAC/D,yBAAyB;QACzB,sBAAsB;QACtB,kEAAkE;QAClE,OAAO;QAEP,2EAA2E;QAC3E,oCAAoC;QACpC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;QAE7C,IAAI,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,IAAI,mDAAqB,CAAC,2BAA2B,CAAC,CAAA;QAC9D,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,mDAAqB,CAAC,oBAAoB,CAAC,CAAA;QACvD,CAAC;QAED,yEAAyE;QACzE,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;YAC/B,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;QACxD,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,mDAAqB,CAAC,yBAAyB,CAAC,CAAA;QAC5D,CAAC;QAED,uEAAuE;QACvE,gEAAgE;QAChE,mEAAmE;QACnE,6BAA6B;QAC7B,EAAE;QACF,wGAAwG;QACxG,IAAI,CAAC,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;QACxD,CAAC;QAED,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,2CAAiB,EAAE,CAAA;QAC/B,CAAC;QAED,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,2CAAiB,CAAC,uBAAuB,CAAC,CAAA;QACtD,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,eAAe,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,EAAE,CAAA;YACzE,IAAI,GAAG,KAAK,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClD,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,mDAAqB,CAAC,8BAA8B,CAAC,CAAA;QACjE,CAAC;QAED,oEAAoE;QACpE,oCAAoC;QACpC,MAAM,GAAG,GAAG,eAAe,CAAC,GAAI,CAAA;QAChC,MAAM,GAAG,GAAG,MAAM,IAAA,6BAAsB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACpE,MAAM,yBAAyB,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAA;QACjE,CAAC,CAAC,CAAA;QAEF,0EAA0E;QAC1E,UAAU;QACV,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;IAC9C,CAAC;CACF;AA9GD,kCA8GC;AAED,SAAS,YAAY,CACnB,WAA0D;IAE1D,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;IACtC,QAAQ,OAAO,UAAU,EAAE,CAAC;QAC1B,KAAK,QAAQ;YACX,IAAI,UAAU;gBAAE,OAAO,UAAU,CAAA;YACjC,MAAM,IAAI,mDAAqB,CAAC,6BAA6B,CAAC,CAAA;QAChE,KAAK,QAAQ;YACX,yEAAyE;YACzE,uDAAuD;YACvD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC;gBAAE,OAAO,UAAU,CAAC,CAAC,CAAE,CAAA;YACnE,MAAM,IAAI,mDAAqB,CAAC,yCAAyC,CAAC,CAAA;QAC5E;YACE,OAAO,IAAI,CAAA;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,eAAe,CAAC,GAAkB;IACzC,mEAAmE;IACnE,OAAO,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;AAClC,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IAC3B,MAAM,GAAG,GAAG,IAAA,eAAK,EAAC,GAAG,CAAC,CAAA;IACtB,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,mDAAqB,CAAC,+BAA+B,CAAC,CAAA;IAClE,CAAC;IAED,4EAA4E;IAC5E,yEAAyE;IACzE,0BAA0B;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,mDAAqB,CAAC,yCAAyC,CAAC,CAAA;IAC5E,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,IAAI,mDAAqB,CAAC,kCAAkC,CAAC,CAAA;IACrE,CAAC;IAED,0EAA0E;IAC1E,2EAA2E;IAC3E,oDAAoD;IAEpD,0CAA0C;IAC1C,OAAO,eAAe,CAAC,GAAG,CAAC,CAAA;AAC7B,CAAC;AAED,SAAS,yBAAyB,CAChC,GAAY,EACZ,KAAa;IAEb,MAAM,GAAG,GACP,GAAG,YAAY,SAAS,IAAI,GAAG,YAAY,qBAAe;QACxD,CAAC,CAAC,GAAG,KAAK,KAAK,GAAG,CAAC,OAAO,EAAE;QAC5B,CAAC,CAAC,KAAK,CAAA;IACX,OAAO,IAAI,mDAAqB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;AAC5C,CAAC"}
+{"version":3,"file":"dpop-manager.js","sourceRoot":"","sources":["../../src/dpop/dpop-manager.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,+BAA6E;AAC7E,6BAAuB;AACvB,sCAA8C;AAC9C,kDAAoD;AACpD,uFAA6E;AAC7E,+EAAqE;AACrE,iDAA2C;AAC3C,mDAKwB;AAKf,0FATP,yBAAS,OASO;AAFlB,MAAM,EAAE,SAAS,EAAE,GAAG,aAAM,CAAA;AAIf,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C;;;;;OAKG;IACH,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,gCAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpE,oBAAoB,EAAE,sCAAsB,CAAC,QAAQ,EAAE;CACxD,CAAC,CAAA;AAGF,MAAa,WAAW;IACH,SAAS,CAAY;IAExC,YAAY,UAA8B,EAAE;QAC1C,MAAM,EAAE,UAAU,EAAE,oBAAoB,EAAE,GACxC,gCAAwB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QACzC,IAAI,CAAC,SAAS;YACZ,UAAU,KAAK,KAAK;gBAClB,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,IAAI,yBAAS,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAA;IACvD,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAA;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,UAAkB,EAClB,OAAsB,EACtB,WAA0D,EAC1D,WAAoB;QAEpB,4CAA4C;QAC5C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAA;QAChD,CAAC;QAED,MAAM,KAAK,GAAG,YAAY,CAAC,WAAW,CAAC,CAAA;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QAEvB,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,GAAG,MAAM,IAAA,gBAAS,EAAC,KAAK,EAAE,kBAAW,EAAE;YACvE,GAAG,EAAE,UAAU;YACf,WAAW,EAAE,EAAE,EAAE,iDAAiD;YAClE,cAAc,EAAE,iCAAkB,GAAG,GAAG;SACzC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACf,MAAM,yBAAyB,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAA;QACrE,CAAC,CAAC,CAAA;QAEF,mEAAmE;QACnE,2EAA2E;QAC3E,4CAA4C;QAE5C,+DAA+D;QAC/D,yBAAyB;QACzB,sBAAsB;QACtB,kEAAkE;QAClE,OAAO;QAEP,2EAA2E;QAC3E,oCAAoC;QACpC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;QAE7C,IAAI,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,IAAI,mDAAqB,CAAC,2BAA2B,CAAC,CAAA;QAC9D,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,mDAAqB,CAAC,oBAAoB,CAAC,CAAA;QACvD,CAAC;QAED,yEAAyE;QACzE,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;YAC/B,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;QACxD,CAAC;QAED,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,mDAAqB,CAAC,yBAAyB,CAAC,CAAA;QAC5D,CAAC;QAED,uEAAuE;QACvE,gEAAgE;QAChE,mEAAmE;QACnE,6BAA6B;QAC7B,EAAE;QACF,wGAAwG;QACxG,IAAI,CAAC,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,KAAK,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;QACxD,CAAC;QAED,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,2CAAiB,EAAE,CAAA;QAC/B,CAAC;QAED,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,2CAAiB,CAAC,uBAAuB,CAAC,CAAA;QACtD,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,eAAe,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,EAAE,CAAA;YACzE,IAAI,GAAG,KAAK,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClD,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;YACxD,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,mDAAqB,CAAC,8BAA8B,CAAC,CAAA;QACjE,CAAC;QAED,oEAAoE;QACpE,oCAAoC;QACpC,MAAM,GAAG,GAAG,eAAe,CAAC,GAAI,CAAA;QAChC,MAAM,GAAG,GAAG,MAAM,IAAA,6BAAsB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACpE,MAAM,yBAAyB,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAA;QACjE,CAAC,CAAC,CAAA;QAEF,0EAA0E;QAC1E,UAAU;QACV,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;IAC9C,CAAC;CACF;AA9GD,kCA8GC;AAED,SAAS,YAAY,CACnB,WAA0D;IAE1D,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;IACtC,QAAQ,OAAO,UAAU,EAAE,CAAC;QAC1B,KAAK,QAAQ;YACX,IAAI,UAAU;gBAAE,OAAO,UAAU,CAAA;YACjC,MAAM,IAAI,mDAAqB,CAAC,6BAA6B,CAAC,CAAA;QAChE,KAAK,QAAQ;YACX,yEAAyE;YACzE,uDAAuD;YACvD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC;gBAAE,OAAO,UAAU,CAAC,CAAC,CAAE,CAAA;YACnE,MAAM,IAAI,mDAAqB,CAAC,yCAAyC,CAAC,CAAA;QAC5E;YACE,OAAO,IAAI,CAAA;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,eAAe,CAAC,GAAkB;IACzC,mEAAmE;IACnE,OAAO,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;AAClC,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IAC3B,MAAM,GAAG,GAAG,IAAA,eAAK,EAAC,GAAG,CAAC,CAAA;IACtB,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,mDAAqB,CAAC,+BAA+B,CAAC,CAAA;IAClE,CAAC;IAED,4EAA4E;IAC5E,yEAAyE;IACzE,0BAA0B;IAE1B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,mDAAqB,CAAC,yCAAyC,CAAC,CAAA;IAC5E,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1D,MAAM,IAAI,mDAAqB,CAAC,kCAAkC,CAAC,CAAA;IACrE,CAAC;IAED,0EAA0E;IAC1E,2EAA2E;IAC3E,oDAAoD;IAEpD,0CAA0C;IAC1C,OAAO,eAAe,CAAC,GAAG,CAAC,CAAA;AAC7B,CAAC;AAED,SAAS,yBAAyB,CAChC,GAAY,EACZ,KAAa;IAEb,MAAM,GAAG,GACP,GAAG,YAAY,SAAS,IAAI,GAAG,YAAY,qBAAe;QACxD,CAAC,CAAC,GAAG,KAAK,KAAK,GAAG,CAAC,OAAO,EAAE;QAC5B,CAAC,CAAC,KAAK,CAAA;IACX,OAAO,IAAI,mDAAqB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;AAC5C,CAAC","sourcesContent":["import { createHash } from 'node:crypto'\nimport { EmbeddedJWK, calculateJwkThumbprint, errors, jwtVerify } from 'jose'\nimport { z } from 'zod'\nimport { ValidationError } from '@atproto/jwk'\nimport { DPOP_NONCE_MAX_AGE } from '../constants.js'\nimport { InvalidDpopProofError } from '../errors/invalid-dpop-proof-error.js'\nimport { UseDpopNonceError } from '../errors/use-dpop-nonce-error.js'\nimport { ifURL } from '../lib/util/cast.js'\nimport {\n  DpopNonce,\n  DpopSecret,\n  dpopSecretSchema,\n  rotationIntervalSchema,\n} from './dpop-nonce.js'\nimport { DpopProof } from './dpop-proof.js'\n\nconst { JOSEError } = errors\n\nexport { DpopNonce, type DpopSecret }\n\nexport const dpopManagerOptionsSchema = z.object({\n  /**\n   * Set this to `false` to disable the use of nonces in DPoP proofs. Set this\n   * to a secret Uint8Array or hex encoded string to use a predictable seed for\n   * all nonces (typically useful when multiple instances are running). Leave\n   * undefined to generate a random seed at startup.\n   */\n  dpopSecret: z.union([z.literal(false), dpopSecretSchema]).optional(),\n  dpopRotationInterval: rotationIntervalSchema.optional(),\n})\nexport type DpopManagerOptions = z.input<typeof dpopManagerOptionsSchema>\n\nexport class DpopManager {\n  protected readonly dpopNonce?: DpopNonce\n\n  constructor(options: DpopManagerOptions = {}) {\n    const { dpopSecret, dpopRotationInterval } =\n      dpopManagerOptionsSchema.parse(options)\n    this.dpopNonce =\n      dpopSecret === false\n        ? undefined\n        : new DpopNonce(dpopSecret, dpopRotationInterval)\n  }\n\n  nextNonce(): string | undefined {\n    return this.dpopNonce?.next()\n  }\n\n  /**\n   * @see {@link https://datatracker.ietf.org/doc/html/rfc9449#section-4.3}\n   */\n  async checkProof(\n    httpMethod: string,\n    httpUrl: Readonly<URL>,\n    httpHeaders: Record<string, undefined | string | string[]>,\n    accessToken?: string,\n  ): Promise<null | DpopProof> {\n    // Fool proofing against use of empty string\n    if (!httpMethod) {\n      throw new TypeError('HTTP method is required')\n    }\n\n    const proof = extractProof(httpHeaders)\n    if (!proof) return null\n\n    const { protectedHeader, payload } = await jwtVerify(proof, EmbeddedJWK, {\n      typ: 'dpop+jwt',\n      maxTokenAge: 10, // Will ensure presence & validity of \"iat\" claim\n      clockTolerance: DPOP_NONCE_MAX_AGE / 1e3,\n    }).catch((err) => {\n      throw wrapInvalidDpopProofError(err, 'Failed to verify DPoP proof')\n    })\n\n    // @NOTE For legacy & backwards compatibility reason, we cannot use\n    // `jwtPayloadSchema` here as it will reject DPoP proofs containing a query\n    // or fragment component in the \"htu\" claim.\n\n    // const { ath, htm, htu, jti, nonce } = await jwtPayloadSchema\n    //   .parseAsync(payload)\n    //   .catch((err) => {\n    //     throw buildInvalidDpopProofError('Invalid DPoP proof', err)\n    //   })\n\n    // @TODO Uncomment previous lines (and remove redundant checks bellow) once\n    // we decide to drop legacy support.\n    const { ath, htm, htu, jti, nonce } = payload\n\n    if (nonce !== undefined && typeof nonce !== 'string') {\n      throw new InvalidDpopProofError('Invalid DPoP \"nonce\" type')\n    }\n\n    if (!jti || typeof jti !== 'string') {\n      throw new InvalidDpopProofError('DPoP \"jti\" missing')\n    }\n\n    // Note rfc9110#section-9.1 states that the method name is case-sensitive\n    if (!htm || htm !== httpMethod) {\n      throw new InvalidDpopProofError('DPoP \"htm\" mismatch')\n    }\n\n    if (!htu || typeof htu !== 'string') {\n      throw new InvalidDpopProofError('Invalid DPoP \"htu\" type')\n    }\n\n    // > To reduce the likelihood of false negatives, servers SHOULD employ\n    // > syntax-based normalization (Section 6.2.2 of [RFC3986]) and\n    // > scheme-based normalization (Section 6.2.3 of [RFC3986]) before\n    // > comparing the htu claim.\n    //\n    // RFC9449 section 4.3. Checking DPoP Proofs - https://datatracker.ietf.org/doc/html/rfc9449#section-4.3\n    if (!htu || parseHtu(htu) !== normalizeHtuUrl(httpUrl)) {\n      throw new InvalidDpopProofError('DPoP \"htu\" mismatch')\n    }\n\n    if (!nonce && this.dpopNonce) {\n      throw new UseDpopNonceError()\n    }\n\n    if (nonce && !this.dpopNonce?.check(nonce)) {\n      throw new UseDpopNonceError('DPoP \"nonce\" mismatch')\n    }\n\n    if (accessToken) {\n      const accessTokenHash = createHash('sha256').update(accessToken).digest()\n      if (ath !== accessTokenHash.toString('base64url')) {\n        throw new InvalidDpopProofError('DPoP \"ath\" mismatch')\n      }\n    } else if (ath !== undefined) {\n      throw new InvalidDpopProofError('DPoP \"ath\" claim not allowed')\n    }\n\n    // @NOTE we can assert there is a jwk because the jwtVerify used the\n    // EmbeddedJWK key getter mechanism.\n    const jwk = protectedHeader.jwk!\n    const jkt = await calculateJwkThumbprint(jwk, 'sha256').catch((err) => {\n      throw wrapInvalidDpopProofError(err, 'Failed to calculate jkt')\n    })\n\n    // @NOTE We freeze the proof to prevent accidental modification (esp. from\n    // hooks).\n    return Object.freeze({ jti, jkt, htm, htu })\n  }\n}\n\nfunction extractProof(\n  httpHeaders: Record<string, undefined | string | string[]>,\n): string | null {\n  const dpopHeader = httpHeaders['dpop']\n  switch (typeof dpopHeader) {\n    case 'string':\n      if (dpopHeader) return dpopHeader\n      throw new InvalidDpopProofError('DPoP header cannot be empty')\n    case 'object':\n      // @NOTE the \"0\" case should never happen a node.js HTTP server will only\n      // return an array if the header is set multiple times.\n      if (dpopHeader.length === 1 && dpopHeader[0]) return dpopHeader[0]!\n      throw new InvalidDpopProofError('DPoP header must contain a single proof')\n    default:\n      return null\n  }\n}\n\n/**\n * Constructs the HTTP URI (htu) claim as defined in RFC9449.\n *\n * The htu claim is the normalized URL of the HTTP request, excluding the query\n * string and fragment. This function ensures that the URL is normalized by\n * removing the search and hash components, as well as by using an URL object to\n * simplify the pathname (e.g. removing dot segments).\n *\n * @returns The normalized URL as a string.\n * @see {@link https://datatracker.ietf.org/doc/html/rfc9449#section-4.3}\n */\nfunction normalizeHtuUrl(url: Readonly<URL>): string {\n  // NodeJS's `URL` normalizes the pathname, so we can just use that.\n  return url.origin + url.pathname\n}\n\nfunction parseHtu(htu: string): string {\n  const url = ifURL(htu)\n  if (!url) {\n    throw new InvalidDpopProofError('DPoP \"htu\" is not a valid URL')\n  }\n\n  // @NOTE the checks bellow can be removed once once jwtPayloadSchema is used\n  // to validate the DPoP proof payload as it already performs these checks\n  // (though the htuSchema).\n\n  if (url.password || url.username) {\n    throw new InvalidDpopProofError('DPoP \"htu\" must not contain credentials')\n  }\n\n  if (url.protocol !== 'http:' && url.protocol !== 'https:') {\n    throw new InvalidDpopProofError('DPoP \"htu\" must be http or https')\n  }\n\n  // @NOTE For legacy & backwards compatibility reason, we allow a query and\n  // fragment in the DPoP proof's htu. This is not a standard behavior as the\n  // htu is not supposed to contain query or fragment.\n\n  // NodeJS's `URL` normalizes the pathname.\n  return normalizeHtuUrl(url)\n}\n\nfunction wrapInvalidDpopProofError(\n  err: unknown,\n  title: string,\n): InvalidDpopProofError {\n  const msg =\n    err instanceof JOSEError || err instanceof ValidationError\n      ? `${title}: ${err.message}`\n      : title\n  return new InvalidDpopProofError(msg, err)\n}\n"]}

package/dist/dpop/dpop-nonce.js.map

@@ -1 +1 @@
-{"version":3,"file":"dpop-nonce.js","sourceRoot":"","sources":["../../src/dpop/dpop-nonce.ts"],"names":[],"mappings":";;;AAAA,6CAAqD;AACrD,6BAAuB;AACvB,kDAAoD;AAEpD,MAAM,qBAAqB,GAAG,iCAAkB,GAAG,CAAC,CAAA;AACpD,MAAM,qBAAqB,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;AAEtD,QAAA,sBAAsB,GAAG,OAAC;KACpC,MAAM,EAAE;KACR,GAAG,EAAE;KACL,GAAG,CAAC,qBAAqB,CAAC;KAC1B,GAAG,CAAC,qBAAqB,CAAC,CAAA;AAE7B,MAAM,kBAAkB,GAAG,EAAE,CAAA;AAEhB,QAAA,iBAAiB,GAAG,OAAC;KAC/B,UAAU,CAAC,UAAU,CAAC;KACtB,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,KAAK,kBAAkB,EAAE;IACxD,OAAO,EAAE,0BAA0B,kBAAkB,aAAa;CACnE,CAAC,CAAA;AAES,QAAA,eAAe,GAAG,OAAC;KAC7B,MAAM,EAAE;KACR,KAAK,CACJ,cAAc,EACd,oBAAoB,kBAAkB,GAAG,CAAC,mBAAmB,CAC9D;KACA,MAAM,CAAC,kBAAkB,GAAG,CAAC,CAAC;KAC9B,SAAS,CAAC,CAAC,GAAG,EAAc,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;AAE7C,QAAA,gBAAgB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,yBAAiB,EAAE,uBAAe,CAAC,CAAC,CAAA;AAG7E,MAAa,SAAS;IACX,iBAAiB,CAAQ;IACzB,OAAO,CAAY;IAE5B,cAAc;IACd,QAAQ,CAAQ;IAChB,KAAK,CAAQ;IACb,IAAI,CAAQ;IACZ,KAAK,CAAQ;IAEb,YACE,SAAqB,IAAA,yBAAW,EAAC,kBAAkB,CAAC,EACpD,gBAAgB,GAAG,qBAAqB;QAExC,IAAI,CAAC,iBAAiB,GAAG,8BAAsB,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAA;QACvE,IAAI,CAAC,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,wBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;QAE9D,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAA;QACnC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAA;QAC5C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAA;IAC9C,CAAC;IAED;;OAEG;IACH,IAAc,cAAc;QAC1B,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;IAClD,CAAC;IAES,MAAM;QACd,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAA;QACnC,QAAQ,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAChC,KAAK,CAAC;gBACJ,6CAA6C;gBAC7C,OAAM;YACR,KAAK,CAAC;gBACJ,+CAA+C;gBAC/C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAA;gBACtB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAA;gBACtB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC,CAAA;gBACtC,MAAK;YACP,KAAK,CAAC;gBACJ,wCAAwC;gBACxC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAA;gBACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;gBACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC,CAAA;gBACtC,MAAK;YACP;gBACE,uDAAuD;gBACvD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC,CAAA;gBACtC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;gBACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC,CAAA;gBACtC,MAAK;QACT,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAA;IACzB,CAAC;IAES,OAAO,CAAC,OAAe;QAC/B,OAAO,IAAA,wBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC;aACtC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;aAC5B,MAAM,EAAE;aACR,QAAQ,CAAC,WAAW,CAAC,CAAA;IAC1B,CAAC;IAEM,IAAI;QACT,IAAI,CAAC,MAAM,EAAE,CAAA;QACb,OAAO,IAAI,CAAC,KAAK,CAAA;IACnB,CAAC;IAEM,KAAK,CAAC,KAAa;QACxB,OAAO,IAAI,CAAC,KAAK,KAAK,KAAK,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK,CAAA;IAC5E,CAAC;CACF;AAzED,8BAyEC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;IAC7B,iEAAiE;IACjE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAA;IACjB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,OAAO,GAAG,CAAA;AACZ,CAAC"}
+{"version":3,"file":"dpop-nonce.js","sourceRoot":"","sources":["../../src/dpop/dpop-nonce.ts"],"names":[],"mappings":";;;AAAA,6CAAqD;AACrD,6BAAuB;AACvB,kDAAoD;AAEpD,MAAM,qBAAqB,GAAG,iCAAkB,GAAG,CAAC,CAAA;AACpD,MAAM,qBAAqB,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAA;AAEtD,QAAA,sBAAsB,GAAG,OAAC;KACpC,MAAM,EAAE;KACR,GAAG,EAAE;KACL,GAAG,CAAC,qBAAqB,CAAC;KAC1B,GAAG,CAAC,qBAAqB,CAAC,CAAA;AAE7B,MAAM,kBAAkB,GAAG,EAAE,CAAA;AAEhB,QAAA,iBAAiB,GAAG,OAAC;KAC/B,UAAU,CAAC,UAAU,CAAC;KACtB,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,KAAK,kBAAkB,EAAE;IACxD,OAAO,EAAE,0BAA0B,kBAAkB,aAAa;CACnE,CAAC,CAAA;AAES,QAAA,eAAe,GAAG,OAAC;KAC7B,MAAM,EAAE;KACR,KAAK,CACJ,cAAc,EACd,oBAAoB,kBAAkB,GAAG,CAAC,mBAAmB,CAC9D;KACA,MAAM,CAAC,kBAAkB,GAAG,CAAC,CAAC;KAC9B,SAAS,CAAC,CAAC,GAAG,EAAc,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;AAE7C,QAAA,gBAAgB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,yBAAiB,EAAE,uBAAe,CAAC,CAAC,CAAA;AAG7E,MAAa,SAAS;IACX,iBAAiB,CAAQ;IACzB,OAAO,CAAY;IAE5B,cAAc;IACd,QAAQ,CAAQ;IAChB,KAAK,CAAQ;IACb,IAAI,CAAQ;IACZ,KAAK,CAAQ;IAEb,YACE,SAAqB,IAAA,yBAAW,EAAC,kBAAkB,CAAC,EACpD,gBAAgB,GAAG,qBAAqB;QAExC,IAAI,CAAC,iBAAiB,GAAG,8BAAsB,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAA;QACvE,IAAI,CAAC,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,wBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAA;QAE9D,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAA;QACnC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAA;QAC5C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAA;IAC9C,CAAC;IAED;;OAEG;IACH,IAAc,cAAc;QAC1B,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAA;IAClD,CAAC;IAES,MAAM;QACd,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAA;QACnC,QAAQ,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAChC,KAAK,CAAC;gBACJ,6CAA6C;gBAC7C,OAAM;YACR,KAAK,CAAC;gBACJ,+CAA+C;gBAC/C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAA;gBACtB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAA;gBACtB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC,CAAA;gBACtC,MAAK;YACP,KAAK,CAAC;gBACJ,wCAAwC;gBACxC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAA;gBACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;gBACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC,CAAA;gBACtC,MAAK;YACP;gBACE,uDAAuD;gBACvD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC,CAAA;gBACtC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;gBACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC,CAAA;gBACtC,MAAK;QACT,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAA;IACzB,CAAC;IAES,OAAO,CAAC,OAAe;QAC/B,OAAO,IAAA,wBAAU,EAAC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC;aACtC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;aAC5B,MAAM,EAAE;aACR,QAAQ,CAAC,WAAW,CAAC,CAAA;IAC1B,CAAC;IAEM,IAAI;QACT,IAAI,CAAC,MAAM,EAAE,CAAA;QACb,OAAO,IAAI,CAAC,KAAK,CAAA;IACnB,CAAC;IAEM,KAAK,CAAC,KAAa;QACxB,OAAO,IAAI,CAAC,KAAK,KAAK,KAAK,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK,CAAA;IAC5E,CAAC;CACF;AAzED,8BAyEC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;IAC7B,iEAAiE;IACjE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,CAAA;IACjB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAA;IAClB,OAAO,GAAG,CAAA;AACZ,CAAC","sourcesContent":["import { createHmac, randomBytes } from 'node:crypto'\nimport { z } from 'zod'\nimport { DPOP_NONCE_MAX_AGE } from '../constants.js'\n\nconst MAX_ROTATION_INTERVAL = DPOP_NONCE_MAX_AGE / 3\nconst MIN_ROTATION_INTERVAL = Math.min(1000, MAX_ROTATION_INTERVAL)\n\nexport const rotationIntervalSchema = z\n  .number()\n  .int()\n  .min(MIN_ROTATION_INTERVAL)\n  .max(MAX_ROTATION_INTERVAL)\n\nconst SECRET_BYTE_LENGTH = 32\n\nexport const secretBytesSchema = z\n  .instanceof(Uint8Array)\n  .refine((secret) => secret.length === SECRET_BYTE_LENGTH, {\n    message: `Secret must be exactly ${SECRET_BYTE_LENGTH} bytes long`,\n  })\n\nexport const secretHexSchema = z\n  .string()\n  .regex(\n    /^[0-9a-f]+$/i,\n    `Secret must be a ${SECRET_BYTE_LENGTH * 2} chars hex string`,\n  )\n  .length(SECRET_BYTE_LENGTH * 2)\n  .transform((hex): Uint8Array => Buffer.from(hex, 'hex'))\n\nexport const dpopSecretSchema = z.union([secretBytesSchema, secretHexSchema])\nexport type DpopSecret = z.input<typeof dpopSecretSchema>\n\nexport class DpopNonce {\n  readonly #rotationInterval: number\n  readonly #secret: Uint8Array\n\n  // Nonce state\n  #counter: number\n  #prev: string\n  #now: string\n  #next: string\n\n  constructor(\n    secret: DpopSecret = randomBytes(SECRET_BYTE_LENGTH),\n    rotationInterval = MAX_ROTATION_INTERVAL,\n  ) {\n    this.#rotationInterval = rotationIntervalSchema.parse(rotationInterval)\n    this.#secret = Uint8Array.from(dpopSecretSchema.parse(secret))\n\n    this.#counter = this.currentCounter\n    this.#prev = this.compute(this.#counter - 1)\n    this.#now = this.compute(this.#counter)\n    this.#next = this.compute(this.#counter + 1)\n  }\n\n  /**\n   * Returns the number of full rotations since the epoch\n   */\n  protected get currentCounter() {\n    return (Date.now() / this.#rotationInterval) | 0\n  }\n\n  protected rotate() {\n    const counter = this.currentCounter\n    switch (counter - this.#counter) {\n      case 0:\n        // counter === this.#counter => nothing to do\n        return\n      case 1:\n        // Optimization: avoid recomputing #prev & #now\n        this.#prev = this.#now\n        this.#now = this.#next\n        this.#next = this.compute(counter + 1)\n        break\n      case 2:\n        // Optimization: avoid recomputing #prev\n        this.#prev = this.#next\n        this.#now = this.compute(counter)\n        this.#next = this.compute(counter + 1)\n        break\n      default:\n        // All nonces are outdated, so we recompute all of them\n        this.#prev = this.compute(counter - 1)\n        this.#now = this.compute(counter)\n        this.#next = this.compute(counter + 1)\n        break\n    }\n    this.#counter = counter\n  }\n\n  protected compute(counter: number) {\n    return createHmac('sha256', this.#secret)\n      .update(numTo64bits(counter))\n      .digest()\n      .toString('base64url')\n  }\n\n  public next() {\n    this.rotate()\n    return this.#next\n  }\n\n  public check(nonce: string) {\n    return this.#next === nonce || this.#now === nonce || this.#prev === nonce\n  }\n}\n\nfunction numTo64bits(num: number) {\n  const arr = new Uint8Array(8)\n  // @NOTE Assigning to an uint8 will only keep the last 8 int bits\n  arr[7] = num |= 0\n  arr[6] = num >>= 8\n  arr[5] = num >>= 8\n  arr[4] = num >>= 8\n  arr[3] = num >>= 8\n  arr[2] = num >>= 8\n  arr[1] = num >>= 8\n  arr[0] = num >>= 8\n  return arr\n}\n"]}

package/dist/dpop/dpop-proof.js.map

@@ -1 +1 @@
-{"version":3,"file":"dpop-proof.js","sourceRoot":"","sources":["../../src/dpop/dpop-proof.ts"],"names":[],"mappings":""}
+{"version":3,"file":"dpop-proof.js","sourceRoot":"","sources":["../../src/dpop/dpop-proof.ts"],"names":[],"mappings":"","sourcesContent":["export type DpopProof = Readonly<{\n  jti: string\n  jkt: string\n  htm: string\n  htu: string\n}>\n"]}

package/dist/errors/access-denied-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"access-denied-error.js","sourceRoot":"","sources":["../../src/errors/access-denied-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D,MAAa,iBAAkB,SAAQ,2CAAkB;IACvD,YACE,UAA+C,EAC/C,iBAAiB,GAAG,eAAe,EACnC,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,eAAe,EAAE,KAAK,CAAC,CAAA;IAC9D,CAAC;CACF;AARD,8CAQC"}
+{"version":3,"file":"access-denied-error.js","sourceRoot":"","sources":["../../src/errors/access-denied-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D,MAAa,iBAAkB,SAAQ,2CAAkB;IACvD,YACE,UAA+C,EAC/C,iBAAiB,GAAG,eAAe,EACnC,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,eAAe,EAAE,KAAK,CAAC,CAAA;IAC9D,CAAC;CACF;AARD,8CAQC","sourcesContent":["import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'\nimport { AuthorizationError } from './authorization-error.js'\n\nexport class AccessDeniedError extends AuthorizationError {\n  constructor(\n    parameters: OAuthAuthorizationRequestParameters,\n    error_description = 'Access denied',\n    cause?: unknown,\n  ) {\n    super(parameters, error_description, 'access_denied', cause)\n  }\n}\n"]}

package/dist/errors/account-selection-required-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"account-selection-required-error.js","sourceRoot":"","sources":["../../src/errors/account-selection-required-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D,MAAa,6BAA8B,SAAQ,2CAAkB;IACnE,YACE,UAA+C,EAC/C,iBAAiB,GAAG,4BAA4B,EAChD,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,KAAK,CAAC,CAAA;IAC3E,CAAC;CACF;AARD,sEAQC"}
+{"version":3,"file":"account-selection-required-error.js","sourceRoot":"","sources":["../../src/errors/account-selection-required-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D,MAAa,6BAA8B,SAAQ,2CAAkB;IACnE,YACE,UAA+C,EAC/C,iBAAiB,GAAG,4BAA4B,EAChD,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,4BAA4B,EAAE,KAAK,CAAC,CAAA;IAC3E,CAAC;CACF;AARD,sEAQC","sourcesContent":["import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'\nimport { AuthorizationError } from './authorization-error.js'\n\nexport class AccountSelectionRequiredError extends AuthorizationError {\n  constructor(\n    parameters: OAuthAuthorizationRequestParameters,\n    error_description = 'Account selection required',\n    cause?: unknown,\n  ) {\n    super(parameters, error_description, 'account_selection_required', cause)\n  }\n}\n"]}

package/dist/errors/authorization-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-error.js","sourceRoot":"","sources":["../../src/errors/authorization-error.ts"],"names":[],"mappings":";;;AACA,8FAGiD;AACjD,uDAAqD;AACrD,qDAA6C;AAI7C,MAAa,kBAAmB,SAAQ,2BAAU;IAE9B;IADlB,YACkB,UAA+C,EAC/D,iBAAyB,EACzB,QAAoC,iBAAiB,EACrD,KAAe;QAEf,KAAK,CAAC,KAAK,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;QAL3B,eAAU,GAAV,UAAU,CAAqC;IAMjE,CAAC;IAED,MAAM,CAAC,IAAI,CACT,UAA+C,EAC/C,KAAc;QAEd,IAAI,KAAK,YAAY,kBAAkB;YAAE,OAAO,KAAK,CAAA;QACrD,MAAM,OAAO,GAAG,IAAA,mCAAiB,EAAC,KAAK,CAAC,CAAA;QACxC,OAAO,IAAI,kBAAkB,CAC3B,UAAU,EACV,OAAO,CAAC,iBAAiB,EACzB,IAAA,8DAA4B,EAAC,OAAO,CAAC,KAAK,CAAC;YACzC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,2CAA2C;YAC3D,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,YAAY,2BAAU;gBACtC,CAAC,CAAC,iBAAiB;gBACnB,CAAC,CAAC,cAAc,EACpB,KAAK,CACN,CAAA;IACH,CAAC;CACF;AA3BD,gDA2BC;AAED,SAAS,SAAS,CAAC,GAAY;IAC7B,OAAO,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QACjD,GAAG,GAAG,GAAG,CAAC,KAAK,CAAA;IACjB,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC"}
+{"version":3,"file":"authorization-error.js","sourceRoot":"","sources":["../../src/errors/authorization-error.ts"],"names":[],"mappings":";;;AACA,8FAGiD;AACjD,uDAAqD;AACrD,qDAA6C;AAI7C,MAAa,kBAAmB,SAAQ,2BAAU;IAE9B;IADlB,YACkB,UAA+C,EAC/D,iBAAyB,EACzB,QAAoC,iBAAiB,EACrD,KAAe;QAEf,KAAK,CAAC,KAAK,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;QAL3B,eAAU,GAAV,UAAU,CAAqC;IAMjE,CAAC;IAED,MAAM,CAAC,IAAI,CACT,UAA+C,EAC/C,KAAc;QAEd,IAAI,KAAK,YAAY,kBAAkB;YAAE,OAAO,KAAK,CAAA;QACrD,MAAM,OAAO,GAAG,IAAA,mCAAiB,EAAC,KAAK,CAAC,CAAA;QACxC,OAAO,IAAI,kBAAkB,CAC3B,UAAU,EACV,OAAO,CAAC,iBAAiB,EACzB,IAAA,8DAA4B,EAAC,OAAO,CAAC,KAAK,CAAC;YACzC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,2CAA2C;YAC3D,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,YAAY,2BAAU;gBACtC,CAAC,CAAC,iBAAiB;gBACnB,CAAC,CAAC,cAAc,EACpB,KAAK,CACN,CAAA;IACH,CAAC;CACF;AA3BD,gDA2BC;AAED,SAAS,SAAS,CAAC,GAAY;IAC7B,OAAO,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QACjD,GAAG,GAAG,GAAG,CAAC,KAAK,CAAA;IACjB,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC","sourcesContent":["import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'\nimport {\n  AuthorizationResponseError,\n  isAuthorizationResponseError,\n} from '../types/authorization-response-error.js'\nimport { buildErrorPayload } from './error-parser.js'\nimport { OAuthError } from './oauth-error.js'\n\nexport type { AuthorizationResponseError, OAuthAuthorizationRequestParameters }\n\nexport class AuthorizationError extends OAuthError {\n  constructor(\n    public readonly parameters: OAuthAuthorizationRequestParameters,\n    error_description: string,\n    error: AuthorizationResponseError = 'invalid_request',\n    cause?: unknown,\n  ) {\n    super(error, error_description, 400, cause)\n  }\n\n  static from(\n    parameters: OAuthAuthorizationRequestParameters,\n    cause: unknown,\n  ): AuthorizationError {\n    if (cause instanceof AuthorizationError) return cause\n    const payload = buildErrorPayload(cause)\n    return new AuthorizationError(\n      parameters,\n      payload.error_description,\n      isAuthorizationResponseError(payload.error)\n        ? payload.error // Propagate \"error\" derived from the cause\n        : rootCause(cause) instanceof OAuthError\n          ? 'invalid_request'\n          : 'server_error',\n      cause,\n    )\n  }\n}\n\nfunction rootCause(err: unknown): unknown {\n  while (err instanceof Error && err.cause != null) {\n    err = err.cause\n  }\n  return err\n}\n"]}

package/dist/errors/consent-required-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"consent-required-error.js","sourceRoot":"","sources":["../../src/errors/consent-required-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D,MAAa,oBAAqB,SAAQ,2CAAkB;IAC1D,YACE,UAA+C,EAC/C,iBAAiB,GAAG,uBAAuB,EAC3C,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,KAAK,CAAC,CAAA;IACjE,CAAC;CACF;AARD,oDAQC"}
+{"version":3,"file":"consent-required-error.js","sourceRoot":"","sources":["../../src/errors/consent-required-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D,MAAa,oBAAqB,SAAQ,2CAAkB;IAC1D,YACE,UAA+C,EAC/C,iBAAiB,GAAG,uBAAuB,EAC3C,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,KAAK,CAAC,CAAA;IACjE,CAAC;CACF;AARD,oDAQC","sourcesContent":["import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'\nimport { AuthorizationError } from './authorization-error.js'\n\nexport class ConsentRequiredError extends AuthorizationError {\n  constructor(\n    parameters: OAuthAuthorizationRequestParameters,\n    error_description = 'User consent required',\n    cause?: unknown,\n  ) {\n    super(parameters, error_description, 'consent_required', cause)\n  }\n}\n"]}

package/dist/errors/error-parser.js.map

@@ -1 +1 @@
-{"version":3,"file":"error-parser.js","sourceRoot":"","sources":["../../src/errors/error-parser.ts"],"names":[],"mappings":";;AAWA,4CAwCC;AAOD,8CAqDC;AA/GD,+BAA6B;AAC7B,6BAA8B;AAC9B,sCAA6C;AAC7C,2DAAyD;AACzD,qDAA6C;AAE7C,MAAM,EAAE,SAAS,EAAE,GAAG,aAAM,CAAA;AAE5B,MAAM,eAAe,GAAG,iBAAiB,CAAA;AACzC,MAAM,YAAY,GAAG,cAAc,CAAA;AAEnC,SAAgB,gBAAgB,CAAC,KAAc;IAC7C,IAAI,KAAK,YAAY,2BAAU,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC,UAAU,CAAA;IACzB,CAAC;IAED,IAAI,KAAK,YAAY,oBAAc,EAAE,CAAC;QACpC,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,IAAI,KAAK,YAAY,cAAQ,EAAE,CAAC;QAC9B,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;QAC/B,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;QAC/B,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,MAAM,CAAC,UAAU,CAAA;IAChC,CAAC;IAED,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC,IAAI,CAAA;IACnB,CAAC;IAED,MAAM,MAAM,GAAI,KAAa,EAAE,MAAM,CAAA;IACrC,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;QACvB,MAAM,IAAI,GAAG;QACb,MAAM,GAAG,GAAG,EACZ,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AAOD,SAAgB,iBAAiB,CAAC,KAAc;IAC9C,IAAI,KAAK,YAAY,2BAAU,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC,MAAM,EAAE,CAAA;IACvB,CAAC;IAED,IAAI,KAAK,YAAY,cAAQ,EAAE,CAAC;QAC9B,OAAO;YACL,KAAK,EAAE,eAAe;YACtB,iBAAiB,EAAE,IAAA,6BAAc,EAAC,KAAK,EAAE,kBAAkB,CAAC;SAC7D,CAAA;IACH,CAAC;IAED,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,eAAe;YACtB,iBAAiB,EAAE,KAAK,CAAC,OAAO;SACjC,CAAA;IACH,CAAC;IAED,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,eAAe;YACtB,iBAAiB,EAAE,KAAK,CAAC,OAAO;SACjC,CAAA;IACH,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO;YACL,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,YAAY;YACtE,iBAAiB,EACf,KAAK,CAAC,MAAM,CAAC,UAAU,IAAI,GAAG;gBAC5B,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC;oBACpC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO;oBAC9B,CAAC,CAAC,KAAK,CAAC,OAAO;gBACjB,CAAC,CAAC,cAAc;SACrB,CAAA;IACH,CAAC;IAED,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,YAAY;YACzD,iBAAiB,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO;SACzC,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAA;IACtC,OAAO;QACL,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,YAAY;QACpD,iBAAiB,EACf,KAAK,YAAY,KAAK,IAAK,KAAa,EAAE,MAAM,KAAK,IAAI;YACvD,CAAC,CAAC,KAAK,CAAC,OAAO;YACf,CAAC,CAAC,cAAc;KACrB,CAAA;AACH,CAAC;AAED,SAAS,MAAM,CAAC,CAAU;IAIxB,OAAO,CACL,CAAC,YAAY,KAAK;QACjB,CAAS,CAAC,MAAM,KAAK,IAAI;QAC1B,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAC7C,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAAC,CAAU;IAI7B,OAAO,CACL,CAAC,YAAY,KAAK;QAClB,eAAe,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC1B,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAC5B,CAAA;AACH,CAAC;AAED,SAAS,eAAe,CAAC,CAAU;IACjC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;AACtE,CAAC;AAED,SAAS,aAAa,CAAC,CAAU;IAC/B,OAAO,CACL,CAAC,IAAI,IAAI;QACT,OAAO,CAAC,KAAK,QAAQ;QACrB,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ;QAC9B,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,QAAQ,CACjC,CAAA;AACH,CAAC"}
+{"version":3,"file":"error-parser.js","sourceRoot":"","sources":["../../src/errors/error-parser.ts"],"names":[],"mappings":";;AAWA,4CAwCC;AAOD,8CAqDC;AA/GD,+BAA6B;AAC7B,6BAA8B;AAC9B,sCAA6C;AAC7C,2DAAyD;AACzD,qDAA6C;AAE7C,MAAM,EAAE,SAAS,EAAE,GAAG,aAAM,CAAA;AAE5B,MAAM,eAAe,GAAG,iBAAiB,CAAA;AACzC,MAAM,YAAY,GAAG,cAAc,CAAA;AAEnC,SAAgB,gBAAgB,CAAC,KAAc;IAC7C,IAAI,KAAK,YAAY,2BAAU,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC,UAAU,CAAA;IACzB,CAAC;IAED,IAAI,KAAK,YAAY,oBAAc,EAAE,CAAC;QACpC,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,IAAI,KAAK,YAAY,cAAQ,EAAE,CAAC;QAC9B,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;QAC/B,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;QAC/B,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,MAAM,CAAC,UAAU,CAAA;IAChC,CAAC;IAED,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC,IAAI,CAAA;IACnB,CAAC;IAED,MAAM,MAAM,GAAI,KAAa,EAAE,MAAM,CAAA;IACrC,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;QACvB,MAAM,IAAI,GAAG;QACb,MAAM,GAAG,GAAG,EACZ,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC;AAOD,SAAgB,iBAAiB,CAAC,KAAc;IAC9C,IAAI,KAAK,YAAY,2BAAU,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC,MAAM,EAAE,CAAA;IACvB,CAAC;IAED,IAAI,KAAK,YAAY,cAAQ,EAAE,CAAC;QAC9B,OAAO;YACL,KAAK,EAAE,eAAe;YACtB,iBAAiB,EAAE,IAAA,6BAAc,EAAC,KAAK,EAAE,kBAAkB,CAAC;SAC7D,CAAA;IACH,CAAC;IAED,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,eAAe;YACtB,iBAAiB,EAAE,KAAK,CAAC,OAAO;SACjC,CAAA;IACH,CAAC;IAED,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;QAC/B,OAAO;YACL,KAAK,EAAE,eAAe;YACtB,iBAAiB,EAAE,KAAK,CAAC,OAAO;SACjC,CAAA;IACH,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO;YACL,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,YAAY;YACtE,iBAAiB,EACf,KAAK,CAAC,MAAM,CAAC,UAAU,IAAI,GAAG;gBAC5B,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC;oBACpC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO;oBAC9B,CAAC,CAAC,KAAK,CAAC,OAAO;gBACjB,CAAC,CAAC,cAAc;SACrB,CAAA;IACH,CAAC;IAED,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,YAAY;YACzD,iBAAiB,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO;SACzC,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAA;IACtC,OAAO;QACL,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,YAAY;QACpD,iBAAiB,EACf,KAAK,YAAY,KAAK,IAAK,KAAa,EAAE,MAAM,KAAK,IAAI;YACvD,CAAC,CAAC,KAAK,CAAC,OAAO;YACf,CAAC,CAAC,cAAc;KACrB,CAAA;AACH,CAAC;AAED,SAAS,MAAM,CAAC,CAAU;IAIxB,OAAO,CACL,CAAC,YAAY,KAAK;QACjB,CAAS,CAAC,MAAM,KAAK,IAAI;QAC1B,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAC7C,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAAC,CAAU;IAI7B,OAAO,CACL,CAAC,YAAY,KAAK;QAClB,eAAe,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC1B,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAC5B,CAAA;AACH,CAAC;AAED,SAAS,eAAe,CAAC,CAAU;IACjC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;AACtE,CAAC;AAED,SAAS,aAAa,CAAC,CAAU;IAC/B,OAAO,CACL,CAAC,IAAI,IAAI;QACT,OAAO,CAAC,KAAK,QAAQ;QACrB,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ;QAC9B,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,QAAQ,CACjC,CAAA;AACH,CAAC","sourcesContent":["import { errors } from 'jose'\nimport { ZodError } from 'zod'\nimport { JwtVerifyError } from '@atproto/jwk'\nimport { formatZodError } from '../lib/util/zod-error.js'\nimport { OAuthError } from './oauth-error.js'\n\nconst { JOSEError } = errors\n\nconst INVALID_REQUEST = 'invalid_request'\nconst SERVER_ERROR = 'server_error'\n\nexport function buildErrorStatus(error: unknown): number {\n  if (error instanceof OAuthError) {\n    return error.statusCode\n  }\n\n  if (error instanceof JwtVerifyError) {\n    return 400\n  }\n\n  if (error instanceof ZodError) {\n    return 400\n  }\n\n  if (error instanceof JOSEError) {\n    return 400\n  }\n\n  if (error instanceof TypeError) {\n    return 400\n  }\n\n  if (isBoom(error)) {\n    return error.output.statusCode\n  }\n\n  if (isXrpcError(error)) {\n    return error.type\n  }\n\n  const status = (error as any)?.status\n  if (\n    typeof status === 'number' &&\n    status === (status | 0) &&\n    status >= 400 &&\n    status < 600\n  ) {\n    return status\n  }\n\n  return 500\n}\n\nexport type ErrorPayload = {\n  error: string\n  error_description: string\n}\n\nexport function buildErrorPayload(error: unknown): ErrorPayload {\n  if (error instanceof OAuthError) {\n    return error.toJSON()\n  }\n\n  if (error instanceof ZodError) {\n    return {\n      error: INVALID_REQUEST,\n      error_description: formatZodError(error, 'Validation error'),\n    }\n  }\n\n  if (error instanceof JOSEError) {\n    return {\n      error: INVALID_REQUEST,\n      error_description: error.message,\n    }\n  }\n\n  if (error instanceof TypeError) {\n    return {\n      error: INVALID_REQUEST,\n      error_description: error.message,\n    }\n  }\n\n  if (isBoom(error)) {\n    return {\n      error: error.output.statusCode <= 500 ? INVALID_REQUEST : SERVER_ERROR,\n      error_description:\n        error.output.statusCode <= 500\n          ? isPayloadLike(error.output?.payload)\n            ? error.output.payload.message\n            : error.message\n          : 'Server error',\n    }\n  }\n\n  if (isXrpcError(error)) {\n    return {\n      error: error.type <= 500 ? INVALID_REQUEST : SERVER_ERROR,\n      error_description: error.payload.message,\n    }\n  }\n\n  const status = buildErrorStatus(error)\n  return {\n    error: status < 500 ? INVALID_REQUEST : SERVER_ERROR,\n    error_description:\n      error instanceof Error && (error as any)?.expose === true\n        ? error.message\n        : 'Server error',\n  }\n}\n\nfunction isBoom(v: unknown): v is Error & {\n  isBoom: true\n  output: { statusCode: number; payload: unknown }\n} {\n  return (\n    v instanceof Error &&\n    (v as any).isBoom === true &&\n    isHttpErrorCode(v['output']?.['statusCode'])\n  )\n}\n\nfunction isXrpcError(v: unknown): v is Error & {\n  type: number\n  payload: { error: string; message: string }\n} {\n  return (\n    v instanceof Error &&\n    isHttpErrorCode(v['type']) &&\n    isPayloadLike(v['payload'])\n  )\n}\n\nfunction isHttpErrorCode(v: unknown): v is number {\n  return typeof v === 'number' && v >= 400 && v < 600 && v === (v | 0)\n}\n\nfunction isPayloadLike(v: unknown): v is { error: string; message: string } {\n  return (\n    v != null &&\n    typeof v === 'object' &&\n    typeof v['error'] === 'string' &&\n    typeof v['message'] === 'string'\n  )\n}\n"]}

package/dist/errors/handle-unavailable-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"handle-unavailable-error.js","sourceRoot":"","sources":["../../src/errors/handle-unavailable-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C,MAAa,sBAAuB,SAAQ,2BAAU;IAEzC;IADX,YACW,MAA8C,EACvD,UAAkB,8BAA8B,EAChD,KAAe;QAEf,KAAK,CAAC,oBAAoB,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;QAJvC,WAAM,GAAN,MAAM,CAAwC;IAKzD,CAAC;IAED,MAAM;QACJ,OAAO;YACL,GAAG,KAAK,CAAC,MAAM,EAAE;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;SACX,CAAA;IACZ,CAAC;CACF;AAfD,wDAeC"}
+{"version":3,"file":"handle-unavailable-error.js","sourceRoot":"","sources":["../../src/errors/handle-unavailable-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C,MAAa,sBAAuB,SAAQ,2BAAU;IAEzC;IADX,YACW,MAA8C,EACvD,UAAkB,8BAA8B,EAChD,KAAe;QAEf,KAAK,CAAC,oBAAoB,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;QAJvC,WAAM,GAAN,MAAM,CAAwC;IAKzD,CAAC;IAED,MAAM;QACJ,OAAO;YACL,GAAG,KAAK,CAAC,MAAM,EAAE;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;SACX,CAAA;IACZ,CAAC;CACF;AAfD,wDAeC","sourcesContent":["import { OAuthError } from './oauth-error.js'\n\nexport class HandleUnavailableError extends OAuthError {\n  constructor(\n    readonly reason: 'syntax' | 'domain' | 'slur' | 'taken',\n    details: string = 'That handle is not available',\n    cause?: unknown,\n  ) {\n    super('handle_unavailable', details, 400, cause)\n  }\n\n  toJSON() {\n    return {\n      ...super.toJSON(),\n      reason: this.reason,\n    } as const\n  }\n}\n"]}

package/dist/errors/invalid-authorization-details-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-authorization-details-error.js","sourceRoot":"","sources":["../../src/errors/invalid-authorization-details-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D;;;;;;;;;;;;;;GAcG;AACH,MAAa,gCAAiC,SAAQ,2CAAkB;IACtE,YACE,UAA+C,EAC/C,iBAAyB,EACzB,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,+BAA+B,EAAE,KAAK,CAAC,CAAA;IAC9E,CAAC;CACF;AARD,4EAQC"}
+{"version":3,"file":"invalid-authorization-details-error.js","sourceRoot":"","sources":["../../src/errors/invalid-authorization-details-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D;;;;;;;;;;;;;;GAcG;AACH,MAAa,gCAAiC,SAAQ,2CAAkB;IACtE,YACE,UAA+C,EAC/C,iBAAyB,EACzB,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,+BAA+B,EAAE,KAAK,CAAC,CAAA;IAC9E,CAAC;CACF;AARD,4EAQC","sourcesContent":["import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'\nimport { AuthorizationError } from './authorization-error.js'\n\n/**\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc9396#section-14.6 | RFC 9396 - OAuth Dynamic Client Registration Metadata Registration Error}\n *\n * The AS MUST refuse to process any unknown authorization details type or\n * authorization details not conforming to the respective type definition. The\n * AS MUST abort processing and respond with an error\n * invalid_authorization_details to the client if any of the following are true\n * of the objects in the authorization_details structure:\n *  - contains an unknown authorization details type value,\n *  - is an object of known type but containing unknown fields,\n *  - contains fields of the wrong type for the authorization details type,\n *  - contains fields with invalid values for the authorization details type, or\n *  - is missing required fields for the authorization details type.\n */\nexport class InvalidAuthorizationDetailsError extends AuthorizationError {\n  constructor(\n    parameters: OAuthAuthorizationRequestParameters,\n    error_description: string,\n    cause?: unknown,\n  ) {\n    super(parameters, error_description, 'invalid_authorization_details', cause)\n  }\n}\n"]}

package/dist/errors/invalid-client-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-client-error.js","sourceRoot":"","sources":["../../src/errors/invalid-client-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;;;;;;;GAYG;AACH,MAAa,kBAAmB,SAAQ,2BAAU;IAChD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACxD,CAAC;CACF;AAJD,gDAIC"}
+{"version":3,"file":"invalid-client-error.js","sourceRoot":"","sources":["../../src/errors/invalid-client-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;;;;;;;GAYG;AACH,MAAa,kBAAmB,SAAQ,2BAAU;IAChD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACxD,CAAC;CACF;AAJD,gDAIC","sourcesContent":["import { OAuthError } from './oauth-error.js'\n\n/**\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token }\n *\n * Client authentication failed (e.g., unknown client, no client authentication\n * included, or unsupported authentication method). The authorization server MAY\n * return an HTTP 401 (Unauthorized) status code to indicate which HTTP\n * authentication schemes are supported.  If the client attempted to\n * authenticate via the \"Authorization\" request header field, the authorization\n * server MUST respond with an HTTP 401 (Unauthorized) status code and include\n * the \"WWW-Authenticate\" response header field matching the authentication\n * scheme used by the client.\n */\nexport class InvalidClientError extends OAuthError {\n  constructor(error_description: string, cause?: unknown) {\n    super('invalid_client', error_description, 400, cause)\n  }\n}\n"]}

package/dist/errors/invalid-client-id-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-client-id-error.js","sourceRoot":"","sources":["../../src/errors/invalid-client-id-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;GAMG;AACH,MAAa,oBAAqB,SAAQ,2BAAU;IAClD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,mBAAmB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IAC3D,CAAC;IAED,MAAM,CAAC,IAAI,CACT,KAAc,EACd,eAAe,GAAG,2BAA2B;QAE7C,IAAI,KAAK,YAAY,oBAAoB,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAA;QACd,CAAC;QACD,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;YAC/B,yEAAyE;YACzE,oEAAoE;YACpE,yEAAyE;YACzE,oCAAoC;YACpC,OAAO,IAAI,oBAAoB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACvD,CAAC;QACD,OAAO,IAAI,oBAAoB,CAAC,eAAe,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;CACF;AArBD,oDAqBC"}
+{"version":3,"file":"invalid-client-id-error.js","sourceRoot":"","sources":["../../src/errors/invalid-client-id-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;GAMG;AACH,MAAa,oBAAqB,SAAQ,2BAAU;IAClD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,mBAAmB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IAC3D,CAAC;IAED,MAAM,CAAC,IAAI,CACT,KAAc,EACd,eAAe,GAAG,2BAA2B;QAE7C,IAAI,KAAK,YAAY,oBAAoB,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAA;QACd,CAAC;QACD,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;YAC/B,yEAAyE;YACzE,oEAAoE;YACpE,yEAAyE;YACzE,oCAAoC;YACpC,OAAO,IAAI,oBAAoB,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QACvD,CAAC;QACD,OAAO,IAAI,oBAAoB,CAAC,eAAe,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;CACF;AArBD,oDAqBC","sourcesContent":["import { OAuthError } from './oauth-error.js'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.2 | RFC7591 - Client Registration Error Response}\n *\n * The value of one of the client metadata fields is invalid and the server has\n * rejected this request.  Note that an authorization server MAY choose to\n * substitute a valid value for any requested parameter of a client's metadata.\n */\nexport class InvalidClientIdError extends OAuthError {\n  constructor(error_description: string, cause?: unknown) {\n    super('invalid_client_id', error_description, 400, cause)\n  }\n\n  static from(\n    cause: unknown,\n    fallbackMessage = 'Invalid client identifier',\n  ): InvalidClientIdError {\n    if (cause instanceof InvalidClientIdError) {\n      return cause\n    }\n    if (cause instanceof TypeError) {\n      // This method is meant to be used in the context of parsing & validating\n      // a client client metadata. In that context, a TypeError would more\n      // likely represent a problem with the data (e.g. invalid URL constructor\n      // arg) and not a programming error.\n      return new InvalidClientIdError(cause.message, cause)\n    }\n    return new InvalidClientIdError(fallbackMessage, cause)\n  }\n}\n"]}

package/dist/errors/invalid-client-metadata-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-client-metadata-error.js","sourceRoot":"","sources":["../../src/errors/invalid-client-metadata-error.ts"],"names":[],"mappings":";;;AAAA,6BAA8B;AAC9B,+CAAgD;AAChD,qDAA6C;AAE7C;;;;;;GAMG;AACH,MAAa,0BAA2B,SAAQ,2BAAU;IACxD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,yBAAyB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACjE,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,KAAc,EAAE,OAAO,GAAG,yBAAyB;QAC7D,IAAI,KAAK,YAAY,2BAAU,EAAE,CAAC;YAChC,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAI,KAAK,YAAY,kBAAU,EAAE,CAAC;YAChC,MAAM,IAAI,0BAA0B,CAClC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,OAAO,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,EACvD,KAAK,CACN,CAAA;QACH,CAAC;QAED,IAAI,KAAK,YAAY,cAAQ,EAAE,CAAC;YAC9B,MAAM,YAAY,GAChB,KAAK,CAAC,MAAM;iBACT,GAAG,CACF,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CACpB,aAAa,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAuB,OAAO,EAAE,CAC5F;iBACA,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,OAAO,CAAA;YAE/B,MAAM,IAAI,0BAA0B,CAClC,YAAY,CAAC,CAAC,CAAC,GAAG,OAAO,KAAK,YAAY,EAAE,CAAC,CAAC,CAAC,OAAO,EACtD,KAAK,CACN,CAAA;QACH,CAAC;QAED,IACE,KAAK,YAAY,KAAK;YACtB,MAAM,IAAI,KAAK;YACf,KAAK,CAAC,IAAI,KAAK,6BAA6B,EAC5C,CAAC;YACD,MAAM,IAAI,0BAA0B,CAClC,GAAG,OAAO,2BAA2B,EACrC,KAAK,CACN,CAAA;QACH,CAAC;QAED,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;YAC/B,yEAAyE;YACzE,oEAAoE;YACpE,yEAAyE;YACzE,oCAAoC;YACpC,OAAO,IAAI,0BAA0B,CACnC,GAAG,OAAO,KAAK,KAAK,CAAC,OAAO,EAAE,EAC9B,KAAK,CACN,CAAA;QACH,CAAC;QAED,OAAO,IAAI,0BAA0B,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IACvD,CAAC;CACF;AAxDD,gEAwDC"}
+{"version":3,"file":"invalid-client-metadata-error.js","sourceRoot":"","sources":["../../src/errors/invalid-client-metadata-error.ts"],"names":[],"mappings":";;;AAAA,6BAA8B;AAC9B,+CAAgD;AAChD,qDAA6C;AAE7C;;;;;;GAMG;AACH,MAAa,0BAA2B,SAAQ,2BAAU;IACxD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,yBAAyB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACjE,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,KAAc,EAAE,OAAO,GAAG,yBAAyB;QAC7D,IAAI,KAAK,YAAY,2BAAU,EAAE,CAAC;YAChC,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAI,KAAK,YAAY,kBAAU,EAAE,CAAC;YAChC,MAAM,IAAI,0BAA0B,CAClC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,OAAO,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,EACvD,KAAK,CACN,CAAA;QACH,CAAC;QAED,IAAI,KAAK,YAAY,cAAQ,EAAE,CAAC;YAC9B,MAAM,YAAY,GAChB,KAAK,CAAC,MAAM;iBACT,GAAG,CACF,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CACpB,aAAa,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAuB,OAAO,EAAE,CAC5F;iBACA,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,OAAO,CAAA;YAE/B,MAAM,IAAI,0BAA0B,CAClC,YAAY,CAAC,CAAC,CAAC,GAAG,OAAO,KAAK,YAAY,EAAE,CAAC,CAAC,CAAC,OAAO,EACtD,KAAK,CACN,CAAA;QACH,CAAC;QAED,IACE,KAAK,YAAY,KAAK;YACtB,MAAM,IAAI,KAAK;YACf,KAAK,CAAC,IAAI,KAAK,6BAA6B,EAC5C,CAAC;YACD,MAAM,IAAI,0BAA0B,CAClC,GAAG,OAAO,2BAA2B,EACrC,KAAK,CACN,CAAA;QACH,CAAC;QAED,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;YAC/B,yEAAyE;YACzE,oEAAoE;YACpE,yEAAyE;YACzE,oCAAoC;YACpC,OAAO,IAAI,0BAA0B,CACnC,GAAG,OAAO,KAAK,KAAK,CAAC,OAAO,EAAE,EAC9B,KAAK,CACN,CAAA;QACH,CAAC;QAED,OAAO,IAAI,0BAA0B,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IACvD,CAAC;CACF;AAxDD,gEAwDC","sourcesContent":["import { ZodError } from 'zod'\nimport { FetchError } from '@atproto-labs/fetch'\nimport { OAuthError } from './oauth-error.js'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.2 | RFC7591 - Client Registration Error Response}\n *\n * The value of one of the client metadata fields is invalid and the server has\n * rejected this request.  Note that an authorization server MAY choose to\n * substitute a valid value for any requested parameter of a client's metadata.\n */\nexport class InvalidClientMetadataError extends OAuthError {\n  constructor(error_description: string, cause?: unknown) {\n    super('invalid_client_metadata', error_description, 400, cause)\n  }\n\n  static from(cause: unknown, message = 'Invalid client metadata'): OAuthError {\n    if (cause instanceof OAuthError) {\n      return cause\n    }\n\n    if (cause instanceof FetchError) {\n      throw new InvalidClientMetadataError(\n        cause.expose ? `${message}: ${cause.message}` : message,\n        cause,\n      )\n    }\n\n    if (cause instanceof ZodError) {\n      const causeMessage =\n        cause.issues\n          .map(\n            ({ path, message }) =>\n              `Validation${path.length ? ` of \"${path.join('.')}\"` : ''} failed with error: ${message}`,\n          )\n          .join(' ') || cause.message\n\n      throw new InvalidClientMetadataError(\n        causeMessage ? `${message}: ${causeMessage}` : message,\n        cause,\n      )\n    }\n\n    if (\n      cause instanceof Error &&\n      'code' in cause &&\n      cause.code === 'DEPTH_ZERO_SELF_SIGNED_CERT'\n    ) {\n      throw new InvalidClientMetadataError(\n        `${message}: Self-signed certificate`,\n        cause,\n      )\n    }\n\n    if (cause instanceof TypeError) {\n      // This method is meant to be used in the context of parsing & validating\n      // a client client metadata. In that context, a TypeError would more\n      // likely represent a problem with the data (e.g. invalid URL constructor\n      // arg) and not a programming error.\n      return new InvalidClientMetadataError(\n        `${message}: ${cause.message}`,\n        cause,\n      )\n    }\n\n    return new InvalidClientMetadataError(message, cause)\n  }\n}\n"]}

package/dist/errors/invalid-dpop-key-binding-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-dpop-key-binding-error.js","sourceRoot":"","sources":["../../src/errors/invalid-dpop-key-binding-error.ts"],"names":[],"mappings":";;;AAAA,2EAAkE;AAElE;;;;;;GAMG;AACH,MAAa,0BAA2B,SAAQ,gDAAoB;IAClE,YAAY,KAAe;QACzB,MAAM,KAAK,GAAG,eAAe,CAAA;QAC7B,MAAM,iBAAiB,GAAG,0BAA0B,CAAA;QACpD,KAAK,CACH,KAAK,EACL,iBAAiB,EACjB,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EACtC,KAAK,CACN,CAAA;IACH,CAAC;CACF;AAXD,gEAWC"}
+{"version":3,"file":"invalid-dpop-key-binding-error.js","sourceRoot":"","sources":["../../src/errors/invalid-dpop-key-binding-error.ts"],"names":[],"mappings":";;;AAAA,2EAAkE;AAElE;;;;;;GAMG;AACH,MAAa,0BAA2B,SAAQ,gDAAoB;IAClE,YAAY,KAAe;QACzB,MAAM,KAAK,GAAG,eAAe,CAAA;QAC7B,MAAM,iBAAiB,GAAG,0BAA0B,CAAA;QACpD,KAAK,CACH,KAAK,EACL,iBAAiB,EACjB,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EACtC,KAAK,CACN,CAAA;IACH,CAAC;CACF;AAXD,gEAWC","sourcesContent":["import { WWWAuthenticateError } from './www-authenticate-error.js'\n\n/**\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 | RFC6750 - The WWW-Authenticate Response Header Field}\n *\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc9449#name-the-dpop-authentication-sch | RFC9449 - The DPoP Authentication Scheme}\n */\nexport class InvalidDpopKeyBindingError extends WWWAuthenticateError {\n  constructor(cause?: unknown) {\n    const error = 'invalid_token'\n    const error_description = 'Invalid DPoP key binding'\n    super(\n      error,\n      error_description,\n      { DPoP: { error, error_description } },\n      cause,\n    )\n  }\n}\n"]}

package/dist/errors/invalid-dpop-proof-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-dpop-proof-error.js","sourceRoot":"","sources":["../../src/errors/invalid-dpop-proof-error.ts"],"names":[],"mappings":";;;AAAA,2EAAkE;AAElE,MAAa,qBAAsB,SAAQ,gDAAoB;IAC7D,YAAY,iBAAyB,EAAE,KAAe;QACpD,MAAM,KAAK,GAAG,oBAAoB,CAAA;QAClC,KAAK,CACH,KAAK,EACL,iBAAiB,EACjB,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EACtC,KAAK,CACN,CAAA;IACH,CAAC;CACF;AAVD,sDAUC"}
+{"version":3,"file":"invalid-dpop-proof-error.js","sourceRoot":"","sources":["../../src/errors/invalid-dpop-proof-error.ts"],"names":[],"mappings":";;;AAAA,2EAAkE;AAElE,MAAa,qBAAsB,SAAQ,gDAAoB;IAC7D,YAAY,iBAAyB,EAAE,KAAe;QACpD,MAAM,KAAK,GAAG,oBAAoB,CAAA;QAClC,KAAK,CACH,KAAK,EACL,iBAAiB,EACjB,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EACtC,KAAK,CACN,CAAA;IACH,CAAC;CACF;AAVD,sDAUC","sourcesContent":["import { WWWAuthenticateError } from './www-authenticate-error.js'\n\nexport class InvalidDpopProofError extends WWWAuthenticateError {\n  constructor(error_description: string, cause?: unknown) {\n    const error = 'invalid_dpop_proof'\n    super(\n      error,\n      error_description,\n      { DPoP: { error, error_description } },\n      cause,\n    )\n  }\n}\n"]}

package/dist/errors/invalid-grant-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-grant-error.js","sourceRoot":"","sources":["../../src/errors/invalid-grant-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;;;GAQG;AACH,MAAa,iBAAkB,SAAQ,2BAAU;IAC/C,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,eAAe,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACvD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAY,EAAE,iBAAyB;QACjD,IAAI,GAAG,YAAY,iBAAiB;YAAE,OAAO,GAAG,CAAA;QAChD,OAAO,IAAI,iBAAiB,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAA;IACtD,CAAC;CACF;AATD,8CASC"}
+{"version":3,"file":"invalid-grant-error.js","sourceRoot":"","sources":["../../src/errors/invalid-grant-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;;;GAQG;AACH,MAAa,iBAAkB,SAAQ,2BAAU;IAC/C,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,eAAe,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACvD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAY,EAAE,iBAAyB;QACjD,IAAI,GAAG,YAAY,iBAAiB;YAAE,OAAO,GAAG,CAAA;QAChD,OAAO,IAAI,iBAAiB,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAA;IACtD,CAAC;CACF;AATD,8CASC","sourcesContent":["import { OAuthError } from './oauth-error.js'\n\n/**\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token }\n *\n * The provided authorization grant (e.g., authorization code, resource owner\n * credentials) or refresh token is invalid, expired, revoked, does not match\n * the redirection URI used in the authorization request, or was issued to\n * another client.\n */\nexport class InvalidGrantError extends OAuthError {\n  constructor(error_description: string, cause?: unknown) {\n    super('invalid_grant', error_description, 400, cause)\n  }\n\n  static from(err: unknown, error_description: string): InvalidGrantError {\n    if (err instanceof InvalidGrantError) return err\n    return new InvalidGrantError(error_description, err)\n  }\n}\n"]}

package/dist/errors/invalid-invite-code-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-invite-code-error.js","sourceRoot":"","sources":["../../src/errors/invalid-invite-code-error.ts"],"names":[],"mappings":";;;AAAA,mEAA6D;AAE7D,MAAa,sBAAuB,SAAQ,2CAAmB;IAC7D,YAAY,OAAgB,EAAE,KAAe;QAC3C,KAAK,CACH,8BAA8B,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAC/D,KAAK,CACN,CAAA;IACH,CAAC;CACF;AAPD,wDAOC"}
+{"version":3,"file":"invalid-invite-code-error.js","sourceRoot":"","sources":["../../src/errors/invalid-invite-code-error.ts"],"names":[],"mappings":";;;AAAA,mEAA6D;AAE7D,MAAa,sBAAuB,SAAQ,2CAAmB;IAC7D,YAAY,OAAgB,EAAE,KAAe;QAC3C,KAAK,CACH,8BAA8B,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAC/D,KAAK,CACN,CAAA;IACH,CAAC;CACF;AAPD,wDAOC","sourcesContent":["import { InvalidRequestError } from './invalid-request-error'\n\nexport class InvalidInviteCodeError extends InvalidRequestError {\n  constructor(details?: string, cause?: unknown) {\n    super(\n      'This invite code is invalid.' + (details ? ` ${details}` : ''),\n      cause,\n    )\n  }\n}\n"]}

package/dist/errors/invalid-redirect-uri-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-redirect-uri-error.js","sourceRoot":"","sources":["../../src/errors/invalid-redirect-uri-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;GAIG;AACH,MAAa,uBAAwB,SAAQ,2BAAU;IACrD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,sBAAsB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,KAAe;QACzB,IAAI,KAAK,YAAY,uBAAuB;YAAE,OAAO,KAAK,CAAA;QAC1D,OAAO,IAAI,uBAAuB,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAA;IACnE,CAAC;CACF;AATD,0DASC"}
+{"version":3,"file":"invalid-redirect-uri-error.js","sourceRoot":"","sources":["../../src/errors/invalid-redirect-uri-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;GAIG;AACH,MAAa,uBAAwB,SAAQ,2BAAU;IACrD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,sBAAsB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IAC9D,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,KAAe;QACzB,IAAI,KAAK,YAAY,uBAAuB;YAAE,OAAO,KAAK,CAAA;QAC1D,OAAO,IAAI,uBAAuB,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAA;IACnE,CAAC;CACF;AATD,0DASC","sourcesContent":["import { OAuthError } from './oauth-error.js'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.2 | RFC7591}\n *\n * The value of one or more redirection URIs is invalid.\n */\nexport class InvalidRedirectUriError extends OAuthError {\n  constructor(error_description: string, cause?: unknown) {\n    super('invalid_redirect_uri', error_description, 400, cause)\n  }\n\n  static from(cause?: unknown): InvalidRedirectUriError {\n    if (cause instanceof InvalidRedirectUriError) return cause\n    return new InvalidRedirectUriError('Invalid redirect URI', cause)\n  }\n}\n"]}

package/dist/errors/invalid-request-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-request-error.js","sourceRoot":"","sources":["../../src/errors/invalid-request-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAa,mBAAoB,SAAQ,2BAAU;IACjD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAY,EAAE,OAAO,GAAG,sBAAsB;QACxD,IAAI,GAAG,YAAY,2BAAU;YAAE,OAAO,GAAG,CAAA;QACzC,OAAO,IAAI,mBAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IAC9C,CAAC;CACF;AATD,kDASC"}
+{"version":3,"file":"invalid-request-error.js","sourceRoot":"","sources":["../../src/errors/invalid-request-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAa,mBAAoB,SAAQ,2BAAU;IACjD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAY,EAAE,OAAO,GAAG,sBAAsB;QACxD,IAAI,GAAG,YAAY,2BAAU;YAAE,OAAO,GAAG,CAAA;QACzC,OAAO,IAAI,mBAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IAC9C,CAAC;CACF;AATD,kDASC","sourcesContent":["import { OAuthError } from './oauth-error.js'\n\n/**\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token}\n * : The request is missing a required parameter, includes an unsupported\n * parameter value (other than grant type), repeats a parameter, includes\n * multiple credentials, utilizes more than one mechanism for authenticating the\n * client, or is otherwise malformed.\n *\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 | RFC6749 - Authorization Code Grant, Authorization Request}\n * : The request is missing a required parameter, includes an invalid parameter\n * value, includes a parameter more than once, or is otherwise malformed.\n *\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 | RFC6750 - The WWW-Authenticate Response Header Field}\n * : The request is missing a required parameter, includes an unsupported\n * parameter or parameter value, repeats the same parameter, uses more than one\n * method for including an access token, or is otherwise malformed. The resource\n * server SHOULD respond with the HTTP 400 (Bad Request) status code.\n */\nexport class InvalidRequestError extends OAuthError {\n  constructor(error_description: string, cause?: unknown) {\n    super('invalid_request', error_description, 400, cause)\n  }\n\n  static from(err: unknown, message = 'Invalid request data'): OAuthError {\n    if (err instanceof OAuthError) return err\n    return new InvalidRequestError(message, err)\n  }\n}\n"]}

package/dist/errors/invalid-scope-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-scope-error.js","sourceRoot":"","sources":["../../src/errors/invalid-scope-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D;;GAEG;AACH,MAAa,iBAAkB,SAAQ,2CAAkB;IACvD,YACE,UAA+C,EAC/C,iBAAyB,EACzB,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,eAAe,EAAE,KAAK,CAAC,CAAA;IAC9D,CAAC;CACF;AARD,8CAQC"}
+{"version":3,"file":"invalid-scope-error.js","sourceRoot":"","sources":["../../src/errors/invalid-scope-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D;;GAEG;AACH,MAAa,iBAAkB,SAAQ,2CAAkB;IACvD,YACE,UAA+C,EAC/C,iBAAyB,EACzB,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,eAAe,EAAE,KAAK,CAAC,CAAA;IAC9D,CAAC;CACF;AARD,8CAQC","sourcesContent":["import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'\nimport { AuthorizationError } from './authorization-error.js'\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-4.1.2.1}\n */\nexport class InvalidScopeError extends AuthorizationError {\n  constructor(\n    parameters: OAuthAuthorizationRequestParameters,\n    error_description: string,\n    cause?: unknown,\n  ) {\n    super(parameters, error_description, 'invalid_scope', cause)\n  }\n}\n"]}

package/dist/errors/invalid-token-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-token-error.js","sourceRoot":"","sources":["../../src/errors/invalid-token-error.ts"],"names":[],"mappings":";;;AAAA,+BAA6B;AAC7B,6BAA8B;AAC9B,sCAA6C;AAC7C,qDAA6C;AAC7C,2EAAkE;AAElE,MAAM,EAAE,SAAS,EAAE,GAAG,aAAM,CAAA;AAE5B;;;;;;;;GAQG;AACH,MAAa,iBAAkB,SAAQ,gDAAoB;IA8B9C;IA7BX,MAAM,CAAC,IAAI,CACT,GAAY,EACZ,SAAiB,EACjB,eAAe,GAAG,eAAe;QAEjC,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;YACrC,OAAO,GAAG,CAAA;QACZ,CAAC;QAED,IAAI,GAAG,YAAY,2BAAU,EAAE,CAAC;YAC9B,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAA;QACrE,CAAC;QAED,IAAI,GAAG,YAAY,SAAS,EAAE,CAAC;YAC7B,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC3D,CAAC;QAED,IAAI,GAAG,YAAY,oBAAc,EAAE,CAAC;YAClC,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC3D,CAAC;QAED,IAAI,GAAG,YAAY,cAAQ,EAAE,CAAC;YAC5B,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC3D,CAAC;QAED,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,eAAe,EAAE,GAAG,CAAC,CAAA;IAC/D,CAAC;IAED,YACW,SAAiB,EAC1B,iBAAyB,EACzB,KAAe;QAEf,MAAM,KAAK,GAAG,eAAe,CAAA;QAC7B,KAAK,CACH,KAAK,EACL,iBAAiB,EACjB,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EAC7C,KAAK,CACN,CAAA;QAVQ,cAAS,GAAT,SAAS,CAAQ;IAW5B,CAAC;CACF;AA1CD,8CA0CC"}
+{"version":3,"file":"invalid-token-error.js","sourceRoot":"","sources":["../../src/errors/invalid-token-error.ts"],"names":[],"mappings":";;;AAAA,+BAA6B;AAC7B,6BAA8B;AAC9B,sCAA6C;AAC7C,qDAA6C;AAC7C,2EAAkE;AAElE,MAAM,EAAE,SAAS,EAAE,GAAG,aAAM,CAAA;AAE5B;;;;;;;;GAQG;AACH,MAAa,iBAAkB,SAAQ,gDAAoB;IA8B9C;IA7BX,MAAM,CAAC,IAAI,CACT,GAAY,EACZ,SAAiB,EACjB,eAAe,GAAG,eAAe;QAEjC,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;YACrC,OAAO,GAAG,CAAA;QACZ,CAAC;QAED,IAAI,GAAG,YAAY,2BAAU,EAAE,CAAC;YAC9B,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAA;QACrE,CAAC;QAED,IAAI,GAAG,YAAY,SAAS,EAAE,CAAC;YAC7B,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC3D,CAAC;QAED,IAAI,GAAG,YAAY,oBAAc,EAAE,CAAC;YAClC,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC3D,CAAC;QAED,IAAI,GAAG,YAAY,cAAQ,EAAE,CAAC;YAC5B,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC3D,CAAC;QAED,OAAO,IAAI,iBAAiB,CAAC,SAAS,EAAE,eAAe,EAAE,GAAG,CAAC,CAAA;IAC/D,CAAC;IAED,YACW,SAAiB,EAC1B,iBAAyB,EACzB,KAAe;QAEf,MAAM,KAAK,GAAG,eAAe,CAAA;QAC7B,KAAK,CACH,KAAK,EACL,iBAAiB,EACjB,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EAC7C,KAAK,CACN,CAAA;QAVQ,cAAS,GAAT,SAAS,CAAQ;IAW5B,CAAC;CACF;AA1CD,8CA0CC","sourcesContent":["import { errors } from 'jose'\nimport { ZodError } from 'zod'\nimport { JwtVerifyError } from '@atproto/jwk'\nimport { OAuthError } from './oauth-error.js'\nimport { WWWAuthenticateError } from './www-authenticate-error.js'\n\nconst { JOSEError } = errors\n\n/**\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 | RFC6750 - The WWW-Authenticate Response Header Field }\n *\n * The access token provided is expired, revoked, malformed, or invalid for\n * other reasons.  The resource SHOULD respond with the HTTP 401 (Unauthorized)\n * status code.  The client MAY request a new access token and retry the\n * protected resource request.\n */\nexport class InvalidTokenError extends WWWAuthenticateError {\n  static from(\n    err: unknown,\n    tokenType: string,\n    fallbackMessage = 'Invalid token',\n  ): InvalidTokenError {\n    if (err instanceof InvalidTokenError) {\n      return err\n    }\n\n    if (err instanceof OAuthError) {\n      return new InvalidTokenError(tokenType, err.error_description, err)\n    }\n\n    if (err instanceof JOSEError) {\n      return new InvalidTokenError(tokenType, err.message, err)\n    }\n\n    if (err instanceof JwtVerifyError) {\n      return new InvalidTokenError(tokenType, err.message, err)\n    }\n\n    if (err instanceof ZodError) {\n      return new InvalidTokenError(tokenType, err.message, err)\n    }\n\n    return new InvalidTokenError(tokenType, fallbackMessage, err)\n  }\n\n  constructor(\n    readonly tokenType: string,\n    error_description: string,\n    cause?: unknown,\n  ) {\n    const error = 'invalid_token'\n    super(\n      error,\n      error_description,\n      { [tokenType]: { error, error_description } },\n      cause,\n    )\n  }\n}\n"]}

package/dist/errors/login-required-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"login-required-error.js","sourceRoot":"","sources":["../../src/errors/login-required-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D,MAAa,kBAAmB,SAAQ,2CAAkB;IACxD,YACE,UAA+C,EAC/C,iBAAiB,GAAG,mBAAmB,EACvC,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAA;IAC/D,CAAC;CACF;AARD,gDAQC"}
+{"version":3,"file":"login-required-error.js","sourceRoot":"","sources":["../../src/errors/login-required-error.ts"],"names":[],"mappings":";;;AACA,qEAA6D;AAE7D,MAAa,kBAAmB,SAAQ,2CAAkB;IACxD,YACE,UAA+C,EAC/C,iBAAiB,GAAG,mBAAmB,EACvC,KAAe;QAEf,KAAK,CAAC,UAAU,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAA;IAC/D,CAAC;CACF;AARD,gDAQC","sourcesContent":["import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types'\nimport { AuthorizationError } from './authorization-error.js'\n\nexport class LoginRequiredError extends AuthorizationError {\n  constructor(\n    parameters: OAuthAuthorizationRequestParameters,\n    error_description = 'Login is required',\n    cause?: unknown,\n  ) {\n    super(parameters, error_description, 'login_required', cause)\n  }\n}\n"]}

package/dist/errors/oauth-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-error.js","sourceRoot":"","sources":["../../src/errors/oauth-error.ts"],"names":[],"mappings":";;;AAAA,MAAa,UAAW,SAAQ,KAAK;IAIjB;IACA;IACA;IALX,MAAM,CAAS;IAEtB,YACkB,KAAa,EACb,iBAAyB,EACzB,SAAS,GAAG,EAC5B,KAAe;QAEf,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QALnB,UAAK,GAAL,KAAK,CAAQ;QACb,sBAAiB,GAAjB,iBAAiB,CAAQ;QACzB,WAAM,GAAN,MAAM,CAAM;QAK5B,KAAK,CAAC,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QAEjD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAA;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,GAAG,GAAG,CAAA;IAC5B,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;IAED,MAAM;QACJ,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;SAC1C,CAAA;IACH,CAAC;CACF;AA3BD,gCA2BC"}
+{"version":3,"file":"oauth-error.js","sourceRoot":"","sources":["../../src/errors/oauth-error.ts"],"names":[],"mappings":";;;AAAA,MAAa,UAAW,SAAQ,KAAK;IAIjB;IACA;IACA;IALX,MAAM,CAAS;IAEtB,YACkB,KAAa,EACb,iBAAyB,EACzB,SAAS,GAAG,EAC5B,KAAe;QAEf,KAAK,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QALnB,UAAK,GAAL,KAAK,CAAQ;QACb,sBAAiB,GAAjB,iBAAiB,CAAQ;QACzB,WAAM,GAAN,MAAM,CAAM;QAK5B,KAAK,CAAC,iBAAiB,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAA;QAEjD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAA;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,GAAG,GAAG,CAAA;IAC5B,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;IAED,MAAM;QACJ,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;SAC1C,CAAA;IACH,CAAC;CACF;AA3BD,gCA2BC","sourcesContent":["export class OAuthError extends Error {\n  public expose: boolean\n\n  constructor(\n    public readonly error: string,\n    public readonly error_description: string,\n    public readonly status = 400,\n    cause?: unknown,\n  ) {\n    super(error_description, { cause })\n\n    Error.captureStackTrace?.(this, this.constructor)\n\n    this.name = this.constructor.name\n    this.expose = status < 500\n  }\n\n  get statusCode() {\n    return this.status\n  }\n\n  toJSON() {\n    return {\n      error: this.error,\n      error_description: this.error_description,\n    }\n  }\n}\n"]}

package/dist/errors/second-authentication-factor-required-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"second-authentication-factor-required-error.js","sourceRoot":"","sources":["../../src/errors/second-authentication-factor-required-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C,MAAa,uCAAwC,SAAQ,2BAAU;IAE5D;IACA;IAFT,YACS,IAAgB,EAChB,IAAY,EACnB,KAAe;QAEf,MAAM,KAAK,GAAG,uCAAuC,CAAA;QACrD,KAAK,CACH,KAAK,EACL,GAAG,IAAI,0CAA0C,IAAI,GAAG,EACxD,GAAG,EACH,KAAK,CACN,CAAA;QAVM,SAAI,GAAJ,IAAI,CAAY;QAChB,SAAI,GAAJ,IAAI,CAAQ;IAUrB,CAAC;IAED,MAAM;QACJ,OAAO;YACL,GAAG,KAAK,CAAC,MAAM,EAAE;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;SACP,CAAA;IACZ,CAAC;CACF;AAtBD,0FAsBC"}
+{"version":3,"file":"second-authentication-factor-required-error.js","sourceRoot":"","sources":["../../src/errors/second-authentication-factor-required-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C,MAAa,uCAAwC,SAAQ,2BAAU;IAE5D;IACA;IAFT,YACS,IAAgB,EAChB,IAAY,EACnB,KAAe;QAEf,MAAM,KAAK,GAAG,uCAAuC,CAAA;QACrD,KAAK,CACH,KAAK,EACL,GAAG,IAAI,0CAA0C,IAAI,GAAG,EACxD,GAAG,EACH,KAAK,CACN,CAAA;QAVM,SAAI,GAAJ,IAAI,CAAY;QAChB,SAAI,GAAJ,IAAI,CAAQ;IAUrB,CAAC;IAED,MAAM;QACJ,OAAO;YACL,GAAG,KAAK,CAAC,MAAM,EAAE;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,IAAI,EAAE,IAAI,CAAC,IAAI;SACP,CAAA;IACZ,CAAC;CACF;AAtBD,0FAsBC","sourcesContent":["import { OAuthError } from './oauth-error.js'\n\nexport class SecondAuthenticationFactorRequiredError extends OAuthError {\n  constructor(\n    public type: 'emailOtp',\n    public hint: string,\n    cause?: unknown,\n  ) {\n    const error = 'second_authentication_factor_required'\n    super(\n      error,\n      `${type} authentication factor required (hint: ${hint})`,\n      401,\n      cause,\n    )\n  }\n\n  toJSON() {\n    return {\n      ...super.toJSON(),\n      type: this.type,\n      hint: this.hint,\n    } as const\n  }\n}\n"]}

package/dist/errors/unauthorized-client-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"unauthorized-client-error.js","sourceRoot":"","sources":["../../src/errors/unauthorized-client-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;;;;;;;GAYG;AACH,MAAa,uBAAwB,SAAQ,2BAAU;IACrD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,qBAAqB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IAC7D,CAAC;CACF;AAJD,0DAIC"}
+{"version":3,"file":"unauthorized-client-error.js","sourceRoot":"","sources":["../../src/errors/unauthorized-client-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;;;;;;;GAYG;AACH,MAAa,uBAAwB,SAAQ,2BAAU;IACrD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,qBAAqB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IAC7D,CAAC;CACF;AAJD,0DAIC","sourcesContent":["import { OAuthError } from './oauth-error.js'\n\n/**\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token }\n *\n * The authenticated client is not authorized to use this authorization grant\n * type.\n *\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 | RFC6749 - Authorization Code Grant, Authorization Request}\n *\n * The client is not authorized to request an authorization code using this\n * method.\n */\nexport class UnauthorizedClientError extends OAuthError {\n  constructor(error_description: string, cause?: unknown) {\n    super('unauthorized_client', error_description, 400, cause)\n  }\n}\n"]}

package/dist/errors/use-dpop-nonce-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"use-dpop-nonce-error.js","sourceRoot":"","sources":["../../src/errors/use-dpop-nonce-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAC7C,2EAAkE;AAElE;;;GAGG;AACH,MAAa,iBAAkB,SAAQ,2BAAU;IAC/C,YACE,iBAAiB,GAAG,mDAAmD,EACvE,KAAe;QAEf,KAAK,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACxD,CAAC;IAED;;;;;;OAMG;IACH,sBAAsB;QACpB,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAA;QACzC,OAAO,IAAI,gDAAoB,CAC7B,KAAK,EACL,iBAAiB,EACjB,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EACtC,IAAI,CACL,CAAA;IACH,CAAC;CACF;AAxBD,8CAwBC"}
+{"version":3,"file":"use-dpop-nonce-error.js","sourceRoot":"","sources":["../../src/errors/use-dpop-nonce-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAC7C,2EAAkE;AAElE;;;GAGG;AACH,MAAa,iBAAkB,SAAQ,2BAAU;IAC/C,YACE,iBAAiB,GAAG,mDAAmD,EACvE,KAAe;QAEf,KAAK,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACxD,CAAC;IAED;;;;;;OAMG;IACH,sBAAsB;QACpB,MAAM,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAA;QACzC,OAAO,IAAI,gDAAoB,CAC7B,KAAK,EACL,iBAAiB,EACjB,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,EACtC,IAAI,CACL,CAAA;IACH,CAAC;CACF;AAxBD,8CAwBC","sourcesContent":["import { OAuthError } from './oauth-error.js'\nimport { WWWAuthenticateError } from './www-authenticate-error.js'\n\n/**\n * @see\n * {@link https://datatracker.ietf.org/doc/html/rfc9449#section-8 | RFC9449 - Section 8. Authorization Server-Provided Nonce}\n */\nexport class UseDpopNonceError extends OAuthError {\n  constructor(\n    error_description = 'Authorization server requires nonce in DPoP proof',\n    cause?: unknown,\n  ) {\n    super('use_dpop_nonce', error_description, 400, cause)\n  }\n\n  /**\n   * Convert this error into an error meant to be used as \"Resource\n   * Server-Provided Nonce\" error.\n   *\n   * @see\n   * {@link https://datatracker.ietf.org/doc/html/rfc9449#section-9 | RFC9449 - Section 9. Resource Server-Provided Nonce}\n   */\n  toWwwAuthenticateError(): WWWAuthenticateError {\n    const { error, error_description } = this\n    return new WWWAuthenticateError(\n      error,\n      error_description,\n      { DPoP: { error, error_description } },\n      this,\n    )\n  }\n}\n"]}

package/dist/errors/www-authenticate-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"www-authenticate-error.js","sourceRoot":"","sources":["../../src/errors/www-authenticate-error.ts"],"names":[],"mappings":";;;AAAA,qDAAoD;AACpD,qDAA6C;AAK7C,MAAa,oBAAqB,SAAQ,2BAAU;IAClC,eAAe,CAAiB;IAEhD,YACE,KAAa,EACb,iBAAyB,EACzB,eAAgC,EAChC,KAAe;QAEf,KAAK,CAAC,KAAK,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;QAE3C,IAAI,CAAC,eAAe;YAClB,eAAe,CAAC,MAAM,CAAC,IAAI,IAAI;gBAC7B,CAAC,CAAC;oBACE,GAAG,eAAe;oBAClB,IAAI,EAAE,EAAE,IAAI,EAAE,wBAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,EAAE;iBACnE;gBACH,CAAC,CAAC,eAAe,CAAA;IACvB,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,2BAA2B,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IAC1D,CAAC;CACF;AAvBD,oDAuBC;AAED,SAAS,2BAA2B,CAAC,eAAgC;IACnE,OAAO,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC;SACnC,MAAM,CAAC,sBAAsB,CAAC;SAC9B,GAAG,CAAC,4BAA4B,CAAC;SACjC,IAAI,CAAC,IAAI,CAAC,CAAA;AACf,CAAC;AAGD,SAAS,sBAAsB,CAC7B,KAAwB;IAExB,MAAM,CAAC,EAAE,KAAK,CAAC,GAAG,KAAK,CAAA;IACvB,OAAO,KAAK,IAAI,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,CAAA;AACnD,CAAC;AAED,SAAS,4BAA4B,CAAC,CAAC,IAAI,EAAE,MAAM,CAAuB;IACxE,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;SACrC,MAAM,CAAC,YAAY,CAAC;SACpB,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAE1B,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;AACpE,CAAC;AAID,SAAS,YAAY,CAAC,KAAwB;IAC5C,MAAM,CAAC,EAAE,KAAK,CAAC,GAAG,KAAK,CAAA;IACvB,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AAC1E,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAC,IAAI,EAAE,KAAK,CAAa;IACnD,OAAO,GAAG,IAAI,KAAK,KAAK,GAAG,CAAA;AAC7B,CAAC"}
+{"version":3,"file":"www-authenticate-error.js","sourceRoot":"","sources":["../../src/errors/www-authenticate-error.ts"],"names":[],"mappings":";;;AAAA,qDAAoD;AACpD,qDAA6C;AAK7C,MAAa,oBAAqB,SAAQ,2BAAU;IAClC,eAAe,CAAiB;IAEhD,YACE,KAAa,EACb,iBAAyB,EACzB,eAAgC,EAChC,KAAe;QAEf,KAAK,CAAC,KAAK,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;QAE3C,IAAI,CAAC,eAAe;YAClB,eAAe,CAAC,MAAM,CAAC,IAAI,IAAI;gBAC7B,CAAC,CAAC;oBACE,GAAG,eAAe;oBAClB,IAAI,EAAE,EAAE,IAAI,EAAE,wBAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,EAAE;iBACnE;gBACH,CAAC,CAAC,eAAe,CAAA;IACvB,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,2BAA2B,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IAC1D,CAAC;CACF;AAvBD,oDAuBC;AAED,SAAS,2BAA2B,CAAC,eAAgC;IACnE,OAAO,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC;SACnC,MAAM,CAAC,sBAAsB,CAAC;SAC9B,GAAG,CAAC,4BAA4B,CAAC;SACjC,IAAI,CAAC,IAAI,CAAC,CAAA;AACf,CAAC;AAGD,SAAS,sBAAsB,CAC7B,KAAwB;IAExB,MAAM,CAAC,EAAE,KAAK,CAAC,GAAG,KAAK,CAAA;IACvB,OAAO,KAAK,IAAI,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,CAAA;AACnD,CAAC;AAED,SAAS,4BAA4B,CAAC,CAAC,IAAI,EAAE,MAAM,CAAuB;IACxE,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;SACrC,MAAM,CAAC,YAAY,CAAC;SACpB,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAE1B,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;AACpE,CAAC;AAID,SAAS,YAAY,CAAC,KAAwB;IAC5C,MAAM,CAAC,EAAE,KAAK,CAAC,GAAG,KAAK,CAAA;IACvB,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AAC1E,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAC,IAAI,EAAE,KAAK,CAAa;IACnD,OAAO,GAAG,IAAI,KAAK,KAAK,GAAG,CAAA;AAC7B,CAAC","sourcesContent":["import { VERIFY_ALGOS } from '../lib/util/crypto.js'\nimport { OAuthError } from './oauth-error.js'\n\nexport type WWWAuthenticateParams = Record<string, string | undefined>\nexport type WWWAuthenticate = Record<string, undefined | WWWAuthenticateParams>\n\nexport class WWWAuthenticateError extends OAuthError {\n  public readonly wwwAuthenticate: WWWAuthenticate\n\n  constructor(\n    error: string,\n    error_description: string,\n    wwwAuthenticate: WWWAuthenticate,\n    cause?: unknown,\n  ) {\n    super(error, error_description, 401, cause)\n\n    this.wwwAuthenticate =\n      wwwAuthenticate['DPoP'] != null\n        ? {\n            ...wwwAuthenticate,\n            DPoP: { algs: VERIFY_ALGOS.join(' '), ...wwwAuthenticate['DPoP'] },\n          }\n        : wwwAuthenticate\n  }\n\n  get wwwAuthenticateHeader() {\n    return formatWWWAuthenticateHeader(this.wwwAuthenticate)\n  }\n}\n\nfunction formatWWWAuthenticateHeader(wwwAuthenticate: WWWAuthenticate): string {\n  return Object.entries(wwwAuthenticate)\n    .filter(isWWWAuthenticateEntry)\n    .map(wwwAuthenticateEntryToString)\n    .join(', ')\n}\n\ntype WWWAuthenticateEntry = [type: string, params: WWWAuthenticateParams]\nfunction isWWWAuthenticateEntry(\n  entry: [string, unknown],\n): entry is WWWAuthenticateEntry {\n  const [, value] = entry\n  return value != null && typeof value === 'object'\n}\n\nfunction wwwAuthenticateEntryToString([type, params]: WWWAuthenticateEntry) {\n  const paramsEnc = Object.entries(params)\n    .filter(isParamEntry)\n    .map(paramEntryToString)\n\n  return paramsEnc.length ? `${type} ${paramsEnc.join(', ')}` : type\n}\n\ntype ParamEntry = [name: string, value: string]\n\nfunction isParamEntry(entry: [string, unknown]): entry is ParamEntry {\n  const [, value] = entry\n  return typeof value === 'string' && value !== '' && !value.includes('\"')\n}\n\nfunction paramEntryToString([name, value]: ParamEntry): string {\n  return `${name}=\"${value}\"`\n}\n"]}

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAqD;AACrD,sDAAmC;AACnC,2DAAwC;AACxC,+CAA4B;AAC5B,oDAAiC;AACjC,uDAAoC;AAEpC,iDAA8B;AAC9B,oDAAiC;AACjC,kDAA+B;AAC/B,oDAAiC;AACjC,mDAAgC;AAChC,wDAAqC;AACrC,sDAAmC;AACnC,mDAAgC;AAChC,sDAAmC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,qDAAqD;AACrD,sDAAmC;AACnC,2DAAwC;AACxC,+CAA4B;AAC5B,oDAAiC;AACjC,uDAAoC;AAEpC,iDAA8B;AAC9B,oDAAiC;AACjC,kDAA+B;AAC/B,oDAAiC;AACjC,mDAAgC;AAChC,wDAAqC;AACrC,sDAAmC;AACnC,mDAAgC;AAChC,sDAAmC","sourcesContent":["// Avoid having to explicitly depend sub dependencies\nexport * from '@atproto-labs/fetch'\nexport * from '@atproto-labs/fetch-node'\nexport * from '@atproto/jwk'\nexport * from '@atproto/jwk-jose'\nexport * from '@atproto/oauth-types'\n\nexport * from './constants.js'\nexport * from './oauth-client.js'\nexport * from './oauth-dpop.js'\nexport * from './oauth-errors.js'\nexport * from './oauth-hooks.js'\nexport * from './oauth-middleware.js'\nexport * from './oauth-provider.js'\nexport * from './oauth-store.js'\nexport * from './oauth-verifier.js'\n"]}

package/dist/lexicon/lexicon-data.js.map

@@ -1 +1 @@
-{"version":3,"file":"lexicon-data.js","sourceRoot":"","sources":["../../src/lexicon/lexicon-data.ts"],"names":[],"mappings":""}
+{"version":3,"file":"lexicon-data.js","sourceRoot":"","sources":["../../src/lexicon/lexicon-data.ts"],"names":[],"mappings":"","sourcesContent":["import { LexiconDoc } from '@atproto/lexicon'\n\nexport type LexiconData = {\n  createdAt: Date\n  updatedAt: Date\n  lastSucceededAt: null | Date\n  uri: null | string\n  lexicon: null | LexiconDoc\n}\n"]}

package/dist/lexicon/lexicon-getter.js.map

@@ -1 +1 @@
-{"version":3,"file":"lexicon-getter.js","sourceRoot":"","sources":["../../src/lexicon/lexicon-getter.ts"],"names":[],"mappings":";;;AAAA,gEAIkC;AAElC,6DAAyD;AACzD,kDAA2D;AAG3D;;;;;;GAMG;AACH,MAAa,aAAc,SAAQ,2BAA+B;IAChE,YAAY,KAAmB,EAAE,WAA4B,iCAAc;QACzE,KAAK,CACH,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE;YACnC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;YACtB,oEAAoE;YACpE,oEAAoE;YACpE,sBAAsB;YACtB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACjD,kEAAkE;gBAClE,mEAAmE;gBACnE,mEAAmE;gBACnE,gEAAgE;gBAChE,IAAI,GAAG,YAAY,yCAAsB;oBAAE,OAAO,SAAS,CAAA;gBAE3D,kCAAkC;gBAClC,MAAM,GAAG,CAAA;YACX,CAAC,CAAC,CAAA;YAEF,OAAO;gBACL,wCAAwC;gBACxC,SAAS,EAAE,UAAU,EAAE,SAAS,IAAI,GAAG;gBACvC,0BAA0B;gBAC1B,SAAS,EAAE,GAAG;gBACd,gEAAgE;gBAChE,6BAA6B;gBAC7B,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,eAAe,IAAI,IAAI;gBACnE,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,UAAU,EAAE,GAAG,IAAI,IAAI;gBAC7D,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,OAAO,IAAI,IAAI;aAC/D,CAAA;QACH,CAAC,EACD;YACE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC;YACzD,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,SAAS;YACjE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC;SAC/C,EACD;YACE,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE;gBACtB,MAAM,mBAAmB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAA;gBACjE,OAAO,mBAAmB,IAAI,wCAAyB,CAAA;YACzD,CAAC;SACF,CACF,CAAA;IACH,CAAC;CACF;AA5CD,sCA4CC"}
+{"version":3,"file":"lexicon-getter.js","sourceRoot":"","sources":["../../src/lexicon/lexicon-getter.ts"],"names":[],"mappings":";;;AAAA,gEAIkC;AAElC,6DAAyD;AACzD,kDAA2D;AAG3D;;;;;;GAMG;AACH,MAAa,aAAc,SAAQ,2BAA+B;IAChE,YAAY,KAAmB,EAAE,WAA4B,iCAAc;QACzE,KAAK,CACH,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE;YACnC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;YACtB,oEAAoE;YACpE,oEAAoE;YACpE,sBAAsB;YACtB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACjD,kEAAkE;gBAClE,mEAAmE;gBACnE,mEAAmE;gBACnE,gEAAgE;gBAChE,IAAI,GAAG,YAAY,yCAAsB;oBAAE,OAAO,SAAS,CAAA;gBAE3D,kCAAkC;gBAClC,MAAM,GAAG,CAAA;YACX,CAAC,CAAC,CAAA;YAEF,OAAO;gBACL,wCAAwC;gBACxC,SAAS,EAAE,UAAU,EAAE,SAAS,IAAI,GAAG;gBACvC,0BAA0B;gBAC1B,SAAS,EAAE,GAAG;gBACd,gEAAgE;gBAChE,6BAA6B;gBAC7B,eAAe,EAAE,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,eAAe,IAAI,IAAI;gBACnE,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,UAAU,EAAE,GAAG,IAAI,IAAI;gBAC7D,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,OAAO,IAAI,IAAI;aAC/D,CAAA;QACH,CAAC,EACD;YACE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC;YACzD,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,SAAS;YACjE,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC;SAC/C,EACD;YACE,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE;gBACtB,MAAM,mBAAmB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAA;gBACjE,OAAO,mBAAmB,IAAI,wCAAyB,CAAA;YACzD,CAAC;SACF,CACF,CAAA;IACH,CAAC;CACF;AA5CD,sCA4CC","sourcesContent":["import {\n  LexiconResolutionError,\n  LexiconResolver,\n  resolveLexicon,\n} from '@atproto/lexicon-resolver'\nimport { Nsid } from '@atproto/oauth-scopes'\nimport { CachedGetter } from '@atproto-labs/simple-store'\nimport { LEXICON_REFRESH_FREQUENCY } from '../constants.js'\nimport { LexiconData, LexiconStore } from './lexicon-store.js'\n\n/**\n * This utility class handles the retrieval and caching of lexicon\n * data. In particular, it handles failed retrieval attempts by returning cached\n * data.\n *\n * @private\n */\nexport class LexiconGetter extends CachedGetter<Nsid, LexiconData> {\n  constructor(store: LexiconStore, resolver: LexiconResolver = resolveLexicon) {\n    super(\n      async (input, options, storedData) => {\n        const now = new Date()\n        // @TODO We would want to be able to explicit that the Lexicon needs\n        // to be fresh, which is not possible yet with the current interface\n        // of LexiconResolver.\n        const result = await resolver(input).catch((err) => {\n          // We swallow LexiconResolutionError errors, returning potentially\n          // \"null\" values here to avoid hammering the resolver with requests\n          // for the same lexicon that is known to be unavailable. The getter\n          // should be called again based on the isStale() function below.\n          if (err instanceof LexiconResolutionError) return undefined\n\n          // Unexpected error are propagated\n          throw err\n        })\n\n        return {\n          // Keep original createdAt, if available\n          createdAt: storedData?.createdAt ?? now,\n          // Always update updatedAt\n          updatedAt: now,\n          // Update the data with fresh data, if available, or keep cached\n          // values (if any) otherwise.\n          lastSucceededAt: result ? now : storedData?.lastSucceededAt ?? null,\n          uri: result ? result.uri.toString() : storedData?.uri ?? null,\n          lexicon: result ? result.lexicon : storedData?.lexicon ?? null,\n        }\n      },\n      {\n        set: async (nsid, data) => store.storeLexicon(nsid, data),\n        get: async (nsid) => (await store.findLexicon(nsid)) ?? undefined,\n        del: async (nsid) => store.deleteLexicon(nsid),\n      },\n      {\n        isStale: (nsid, data) => {\n          const timeSinceLastUpdate = Date.now() - data.updatedAt.getTime()\n          return timeSinceLastUpdate >= LEXICON_REFRESH_FREQUENCY\n        },\n      },\n    )\n  }\n}\n"]}

package/dist/lexicon/lexicon-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"lexicon-manager.js","sourceRoot":"","sources":["../../src/lexicon/lexicon-manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AA6GA,wDAMC;AAlHD,gEAGkC;AAClC,wDAA0D;AAC1D,2DAAmD;AAGnD,qDAAkC;AAElC,MAAa,cAAc;IACN,aAAa,CAAe;IAE/C,YAAY,KAAmB,EAAE,cAAgC;QAC/D,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CAAC,KAAK,EAAE,cAAc,CAAC,CAAA;IAC/D,CAAC;IAEM,KAAK,CAAC,0BAA0B,CAAC,KAAc;QACpD,MAAM,EAAE,aAAa,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;QAC3C,OAAO,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAA;IAClD,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,eAAe,CAAC,KAAa;QACxC,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;QAExD,8EAA8E;QAC9E,IAAI,CAAC,aAAa,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QAEvC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAA;QAEtE,OAAO,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC;aAC7B,OAAO,CAAC,sBAAsB,EAAE,cAAc,CAAC;aAC/C,MAAM,CAAC,WAAW,CAAC;aACnB,IAAI,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED;;;OAGG;IACO,KAAK,CAAC,qBAAqB,CAAC,aAA6B;QACjE,MAAM,KAAK,GAAG,YAAY,CAAC,aAAa,CAAC,CAAA;QACzC,OAAO,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAA;IACtC,CAAC;IAES,KAAK,CAAC,iBAAiB,CAAC,KAAgB;QAChD,OAAO,IAAI,GAAG,CACZ,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC,CACvE,CAAA;IACH,CAAC;IAES,KAAK,CAAC,qBAAqB,CACnC,IAAU;QAEV,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAA;QACvD,OAAO,CAAC,IAAI,EAAE,aAAa,CAAC,CAAA;IAC9B,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,IAAU;QACzC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAEtD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,yCAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzC,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACjD,MAAM,WAAW,GAAG,0CAA0C,CAAA;YAC9D,MAAM,yCAAsB,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;QACtD,CAAC;QAED,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAA;IAC1B,CAAC;CACF;AAnED,wCAmEC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,aAAa,GAAmB,EAAE,CAAA;IACxC,MAAM,WAAW,GAAa,EAAE,CAAA;IAEhC,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,UAAU,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,2BAAY,CAAC,UAAU,CAAC,UAAU,CAAC,CAAA;YAClD,IAAI,MAAM,EAAE,CAAC;gBACX,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAC5B,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,aAAa;QACb,WAAW;KACZ,CAAA;AACH,CAAC;AAED,SAAS,YAAY,CAAC,aAA6B;IACjD,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC,CAAA;AACxD,CAAC;AAED,SAAS,WAAW,CAAC,SAAuB;IAC1C,OAAO,SAAS,CAAC,IAAI,CAAA;AACvB,CAAC;AAED,SAAgB,sBAAsB,CAEpC,YAA0B;IAE1B,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAE,CAAA;IAClD,OAAO,YAAY,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AAC9D,CAAC"}
+{"version":3,"file":"lexicon-manager.js","sourceRoot":"","sources":["../../src/lexicon/lexicon-manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AA6GA,wDAMC;AAlHD,gEAGkC;AAClC,wDAA0D;AAC1D,2DAAmD;AAGnD,qDAAkC;AAElC,MAAa,cAAc;IACN,aAAa,CAAe;IAE/C,YAAY,KAAmB,EAAE,cAAgC;QAC/D,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CAAC,KAAK,EAAE,cAAc,CAAC,CAAA;IAC/D,CAAC;IAEM,KAAK,CAAC,0BAA0B,CAAC,KAAc;QACpD,MAAM,EAAE,aAAa,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;QAC3C,OAAO,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAA;IAClD,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,eAAe,CAAC,KAAa;QACxC,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;QAExD,8EAA8E;QAC9E,IAAI,CAAC,aAAa,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QAEvC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAA;QAEtE,OAAO,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC;aAC7B,OAAO,CAAC,sBAAsB,EAAE,cAAc,CAAC;aAC/C,MAAM,CAAC,WAAW,CAAC;aACnB,IAAI,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IAED;;;OAGG;IACO,KAAK,CAAC,qBAAqB,CAAC,aAA6B;QACjE,MAAM,KAAK,GAAG,YAAY,CAAC,aAAa,CAAC,CAAA;QACzC,OAAO,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAA;IACtC,CAAC;IAES,KAAK,CAAC,iBAAiB,CAAC,KAAgB;QAChD,OAAO,IAAI,GAAG,CACZ,MAAM,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC,CACvE,CAAA;IACH,CAAC;IAES,KAAK,CAAC,qBAAqB,CACnC,IAAU;QAEV,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAA;QACvD,OAAO,CAAC,IAAI,EAAE,aAAa,CAAC,CAAA;IAC9B,CAAC;IAES,KAAK,CAAC,gBAAgB,CAAC,IAAU;QACzC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAEtD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,yCAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACzC,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACjD,MAAM,WAAW,GAAG,0CAA0C,CAAA;YAC9D,MAAM,yCAAsB,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;QACtD,CAAC;QAED,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAA;IAC1B,CAAC;CACF;AAnED,wCAmEC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,aAAa,GAAmB,EAAE,CAAA;IACxC,MAAM,WAAW,GAAa,EAAE,CAAA;IAEhC,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,UAAU,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,2BAAY,CAAC,UAAU,CAAC,UAAU,CAAC,CAAA;YAClD,IAAI,MAAM,EAAE,CAAC;gBACX,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAC5B,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,aAAa;QACb,WAAW;KACZ,CAAA;AACH,CAAC;AAED,SAAS,YAAY,CAAC,aAA6B;IACjD,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC,CAAA;AACxD,CAAC;AAED,SAAS,WAAW,CAAC,SAAuB;IAC1C,OAAO,SAAS,CAAC,IAAI,CAAA;AACvB,CAAC;AAED,SAAgB,sBAAsB,CAEpC,YAA0B;IAE1B,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAE,CAAA;IAClD,OAAO,YAAY,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AAC9D,CAAC","sourcesContent":["import { LexPermissionSet } from '@atproto/lexicon'\nimport {\n  LexiconResolutionError,\n  LexiconResolver,\n} from '@atproto/lexicon-resolver'\nimport { IncludeScope, Nsid } from '@atproto/oauth-scopes'\nimport { LexiconGetter } from './lexicon-getter.js'\nimport { LexiconStore } from './lexicon-store.js'\n\nexport * from './lexicon-store.js'\n\nexport class LexiconManager {\n  protected readonly lexiconGetter: LexiconGetter\n\n  constructor(store: LexiconStore, resolveLexicon?: LexiconResolver) {\n    this.lexiconGetter = new LexiconGetter(store, resolveLexicon)\n  }\n\n  public async getPermissionSetsFromScope(scope?: string) {\n    const { includeScopes } = parseScope(scope)\n    return this.extractPermissionSets(includeScopes)\n  }\n\n  /**\n   * Transforms a scope string from an authorization request into a scope\n   * composed solely of granular permission scopes, transforming any NSID\n   * into its corresponding permission scopes.\n   */\n  public async buildTokenScope(scope: string): Promise<string> {\n    const { includeScopes, otherScopes } = parseScope(scope)\n\n    // If the scope does not contain any \"include:<nsid>\" scopes, return it as-is.\n    if (!includeScopes.length) return scope\n\n    const permissionSets = await this.extractPermissionSets(includeScopes)\n\n    return Array.from(includeScopes)\n      .flatMap(nsidToPermissionScopes, permissionSets)\n      .concat(otherScopes)\n      .join(' ')\n  }\n\n  /**\n   * Given a list of scope values, extract those that are NSIDs and return their\n   * corresponding permission sets.\n   */\n  protected async extractPermissionSets(includeScopes: IncludeScope[]) {\n    const nsids = extractNsids(includeScopes)\n    return this.getPermissionSets(nsids)\n  }\n\n  protected async getPermissionSets(nsids: Set<Nsid>) {\n    return new Map<string, LexPermissionSet>(\n      await Promise.all(Array.from(nsids, this.getPermissionSetEntry, this)),\n    )\n  }\n\n  protected async getPermissionSetEntry(\n    nsid: Nsid,\n  ): Promise<[nsid: Nsid, permissionSet: LexPermissionSet]> {\n    const permissionSet = await this.getPermissionSet(nsid)\n    return [nsid, permissionSet]\n  }\n\n  protected async getPermissionSet(nsid: Nsid): Promise<LexPermissionSet> {\n    const { lexicon } = await this.lexiconGetter.get(nsid)\n\n    if (!lexicon) {\n      throw LexiconResolutionError.from(nsid)\n    }\n\n    if (lexicon.defs.main?.type !== 'permission-set') {\n      const description = 'Lexicon document is not a permission set'\n      throw LexiconResolutionError.from(nsid, description)\n    }\n\n    return lexicon.defs.main\n  }\n}\n\nfunction parseScope(scope?: string) {\n  const includeScopes: IncludeScope[] = []\n  const otherScopes: string[] = []\n\n  if (scope) {\n    for (const scopeValue of scope.split(' ')) {\n      const parsed = IncludeScope.fromString(scopeValue)\n      if (parsed) {\n        includeScopes.push(parsed)\n      } else {\n        otherScopes.push(scopeValue)\n      }\n    }\n  }\n\n  return {\n    includeScopes,\n    otherScopes,\n  }\n}\n\nfunction extractNsids(includeScopes: IncludeScope[]): Set<Nsid> {\n  return new Set(Array.from(includeScopes, extractNsid))\n}\n\nfunction extractNsid(nsidScope: IncludeScope): Nsid {\n  return nsidScope.nsid\n}\n\nexport function nsidToPermissionScopes(\n  this: Map<string, LexPermissionSet>,\n  includeScope: IncludeScope,\n): string[] {\n  const permissionSet = this.get(includeScope.nsid)!\n  return includeScope.toPermissions(permissionSet).map(String)\n}\n"]}

package/dist/lexicon/lexicon-store.js.map

@@ -1 +1 @@
-{"version":3,"file":"lexicon-store.js","sourceRoot":"","sources":["../../src/lexicon/lexicon-store.ts"],"names":[],"mappings":";;;AAkBA,wCAQC;AAED,wCAOC;AAlCD,iDAAsE;AAWzD,QAAA,cAAc,GAAG,IAAA,+BAAqB,EAAe;IAChE,aAAa;IACb,cAAc;IACd,eAAe;CAChB,CAAC,CAAA;AAEF,SAAgB,cAAc,CAC5B,cAAkB;IAElB,IAAI,cAAc,IAAI,IAAA,sBAAc,EAAC,cAAc,CAAC,EAAE,CAAC;QACrD,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAgB,cAAc,CAC5B,cAAkB;IAElB,MAAM,KAAK,GAAG,cAAc,CAAC,cAAc,CAAC,CAAA;IAC5C,IAAI,KAAK;QAAE,OAAO,KAAK,CAAA;IAEvB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;AACxD,CAAC"}
+{"version":3,"file":"lexicon-store.js","sourceRoot":"","sources":["../../src/lexicon/lexicon-store.ts"],"names":[],"mappings":";;;AAkBA,wCAQC;AAED,wCAOC;AAlCD,iDAAsE;AAWzD,QAAA,cAAc,GAAG,IAAA,+BAAqB,EAAe;IAChE,aAAa;IACb,cAAc;IACd,eAAe;CAChB,CAAC,CAAA;AAEF,SAAgB,cAAc,CAC5B,cAAkB;IAElB,IAAI,cAAc,IAAI,IAAA,sBAAc,EAAC,cAAc,CAAC,EAAE,CAAC;QACrD,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAgB,cAAc,CAC5B,cAAkB;IAElB,MAAM,KAAK,GAAG,cAAc,CAAC,cAAc,CAAC,CAAA;IAC5C,IAAI,KAAK;QAAE,OAAO,KAAK,CAAA;IAEvB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;AACxD,CAAC","sourcesContent":["import { LexiconDoc } from '@atproto/lexicon'\nimport { Awaitable, buildInterfaceChecker } from '../lib/util/type.js'\nimport { LexiconData } from './lexicon-data.js'\n\nexport type { Awaitable, LexiconData, LexiconDoc }\n\nexport interface LexiconStore {\n  findLexicon(nsid: string): Awaitable<LexiconData | null>\n  storeLexicon(nsid: string, data: LexiconData): Awaitable<void>\n  deleteLexicon(nsid: string): Awaitable<void>\n}\n\nexport const isLexiconStore = buildInterfaceChecker<LexiconStore>([\n  'findLexicon',\n  'storeLexicon',\n  'deleteLexicon',\n])\n\nexport function ifLexiconStore<V extends Partial<LexiconStore>>(\n  implementation?: V,\n): (V & LexiconStore) | undefined {\n  if (implementation && isLexiconStore(implementation)) {\n    return implementation\n  }\n\n  return undefined\n}\n\nexport function asLexiconStore<V extends Partial<LexiconStore>>(\n  implementation?: V,\n): V & LexiconStore {\n  const store = ifLexiconStore(implementation)\n  if (store) return store\n\n  throw new Error('Invalid LexiconStore implementation')\n}\n"]}

package/dist/lib/csp/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/lib/csp/index.ts"],"names":[],"mappings":";;AA4CA,4BAkBC;AAED,4BAIC;AAED,gCA8BC;AApFD,MAAM,iBAAiB,GAAG,CAAC,UAAU,CAAU,CAAA;AAC/C,MAAM,kBAAkB,GAAG;IACzB,2BAA2B;IAC3B,yBAAyB;CACjB,CAAA;AACV,MAAM,gBAAgB,GAAG;IACvB,aAAa;IACb,aAAa;IACb,aAAa;IACb,iBAAiB;IACjB,WAAW;IACX,SAAS;IACT,YAAY;IACZ,WAAW;CACH,CAAA;AAYV,MAAM,IAAI,GAAG,QAAQ,CAAA;AAErB,SAAgB,QAAQ,CAAC,MAAiB;IACxC,MAAM,MAAM,GAAa,EAAE,CAAA;IAE3B,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACtC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,IAAI,MAAM,CAAC,IAAI,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,yCAAyC;QACzC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAC5D,IAAI,GAAG,EAAE,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC1B,CAAC;AAED,SAAgB,QAAQ,CACtB,GAAG,OAAU;IAEb,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,CAAC,UAAU,CAAqB,CAAA;AAChF,CAAC;AAED,SAAgB,UAAU,CAAC,CAAY,EAAE,CAAY;IACnD,MAAM,MAAM,GAAc,EAAE,CAAA;IAE5B,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACtC,wCAAwC;QACxC,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAA;QAChC,IAAI,KAAK,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAA;IACzC,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;YACvD,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;YACvD,2BAA2B;YAC3B,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,IAAI,QAAQ,IAAI,IAAI,CAAA;QAC7C,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;YAC5B,IAAI,CAAC,CAAC,IAAI,CAAC;gBAAE,KAAK,MAAM,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC;oBAAE,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;YACxD,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACnD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAA;QACzB,CAAC;aAAM,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAA;QACnC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/lib/csp/index.ts"],"names":[],"mappings":";;AA4CA,4BAkBC;AAED,4BAIC;AAED,gCA8BC;AApFD,MAAM,iBAAiB,GAAG,CAAC,UAAU,CAAU,CAAA;AAC/C,MAAM,kBAAkB,GAAG;IACzB,2BAA2B;IAC3B,yBAAyB;CACjB,CAAA;AACV,MAAM,gBAAgB,GAAG;IACvB,aAAa;IACb,aAAa;IACb,aAAa;IACb,iBAAiB;IACjB,WAAW;IACX,SAAS;IACT,YAAY;IACZ,WAAW;CACH,CAAA;AAYV,MAAM,IAAI,GAAG,QAAQ,CAAA;AAErB,SAAgB,QAAQ,CAAC,MAAiB;IACxC,MAAM,MAAM,GAAa,EAAE,CAAA;IAE3B,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACtC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,IAAI,MAAM,CAAC,IAAI,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,yCAAyC;QACzC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAC5D,IAAI,GAAG,EAAE,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC1B,CAAC;AAED,SAAgB,QAAQ,CACtB,GAAG,OAAU;IAEb,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,CAAC,UAAU,CAAqB,CAAA;AAChF,CAAC;AAED,SAAgB,UAAU,CAAC,CAAY,EAAE,CAAY;IACnD,MAAM,MAAM,GAAc,EAAE,CAAA;IAE5B,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACtC,wCAAwC;QACxC,MAAM,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAA;QAChC,IAAI,KAAK,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAA;IACzC,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;YACvD,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;YACvD,2BAA2B;YAC3B,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,IAAI,QAAQ,IAAI,IAAI,CAAA;QAC7C,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;YAC5B,IAAI,CAAC,CAAC,IAAI,CAAC;gBAAE,KAAK,MAAM,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC;oBAAE,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;YACxD,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACnD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAA;QACzB,CAAC;aAAM,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAA;QACnC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC","sourcesContent":["import { CombinedTuple, Simplify } from '../util/type.js'\n\nexport type CspValue =\n  | `data:`\n  | `http:${string}`\n  | `https:${string}`\n  | `'none'`\n  | `'self'`\n  | `'sha256-${string}'`\n  | `'nonce-${string}'`\n  | `'unsafe-inline'`\n  | `'unsafe-eval'`\n  | `'strict-dynamic'`\n  | `'report-sample'`\n  | `'unsafe-hashes'`\n\nconst STRING_DIRECTIVES = ['base-uri'] as const\nconst BOOLEAN_DIRECTIVES = [\n  'upgrade-insecure-requests',\n  'block-all-mixed-content',\n] as const\nconst ARRAY_DIRECTIVES = [\n  'connect-src',\n  'default-src',\n  'form-action',\n  'frame-ancestors',\n  'frame-src',\n  'img-src',\n  'script-src',\n  'style-src',\n] as const\n\nexport type CspConfig = Simplify<\n  {\n    [K in (typeof BOOLEAN_DIRECTIVES)[number]]?: boolean\n  } & {\n    [K in (typeof STRING_DIRECTIVES)[number]]?: CspValue\n  } & {\n    [K in (typeof ARRAY_DIRECTIVES)[number]]?: Iterable<CspValue>\n  }\n>\n\nconst NONE = \"'none'\"\n\nexport function buildCsp(config: CspConfig): string {\n  const values: string[] = []\n\n  for (const name of BOOLEAN_DIRECTIVES) {\n    if (config[name] === true) values.push(name)\n  }\n\n  for (const name of STRING_DIRECTIVES) {\n    if (config[name]) values.push(`${name} ${config[name]}`)\n  }\n\n  for (const name of ARRAY_DIRECTIVES) {\n    // Remove duplicate values by using a Set\n    const val = config[name] ? new Set(config[name]) : undefined\n    if (val?.size) values.push(`${name} ${Array.from(val).join(' ')}`)\n  }\n\n  return values.join('; ')\n}\n\nexport function mergeCsp<C extends (CspConfig | null | undefined)[]>(\n  ...configs: C\n) {\n  return configs.filter((v) => v != null).reduce(combineCsp) as CombinedTuple<C>\n}\n\nexport function combineCsp(a: CspConfig, b: CspConfig): CspConfig {\n  const result: CspConfig = {}\n\n  for (const name of BOOLEAN_DIRECTIVES) {\n    // @NOTE b (if defined) takes precedence\n    const value = b[name] ?? a[name]\n    if (value != null) result[name] = value\n  }\n\n  for (const name of STRING_DIRECTIVES) {\n    if (a[name] || b[name]) {\n      const aNotNone = a[name] === NONE ? undefined : a[name]\n      const bNotNone = b[name] === NONE ? undefined : b[name]\n      // @NOTE b takes precedence\n      result[name] = bNotNone || aNotNone || NONE\n    }\n  }\n\n  for (const name of ARRAY_DIRECTIVES) {\n    if (a[name] && b[name]) {\n      const set = new Set(a[name])\n      if (b[name]) for (const value of b[name]) set.add(value)\n      if (set.size > 1 && set.has(NONE)) set.delete(NONE)\n      result[name] = [...set]\n    } else if (a[name] || b[name]) {\n      result[name] = a[name] || b[name]\n    }\n  }\n\n  return result\n}\n"]}

package/dist/lib/hcaptcha.js.map

@@ -1 +1 @@
-{"version":3,"file":"hcaptcha.js","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,6BAAuB;AACvB,+CAO4B;AAC5B,6CAAyC;AAE5B,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;AAGvC,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;;;;;OAMG;IACH,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAA;AAGF;;GAEG;AACU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B;;;OAGG;IACH,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C;;;OAGG;IACH,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B;;OAEG;IACH,eAAe,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjD;;OAEG;IACH,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC;;OAEG;IACH,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC/C;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA;AAUF,MAAM,mBAAmB,GAAG,IAAA,WAAI,EAC9B,IAAA,wBAAgB,GAAE,EAClB,IAAA,0BAAkB,GAAE,EACpB,IAAA,6BAAqB,EAAC,kCAA0B,CAAC,CAClD,CAAA;AAED,MAAa,cAAc;IAGd;IACA;IAHQ,KAAK,CAAY;IACpC,YACW,QAAgB,EAChB,MAAsB,EAC/B,QAAe,UAAU,CAAC,KAAK;QAFtB,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAgB;QAG/B,IAAI,CAAC,KAAK,GAAG,IAAA,iBAAS,EAAC,KAAK,CAAC,CAAA;IAC/B,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,YAAgC,EAChC,QAAgB,EAChB,QAAgB,EAChB,YAAkC;QAElC,OAAO,IAAI,CAAC,KAAK,CAAC,qCAAqC,EAAE;YACvD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAC7B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC5B,aAAa,EAAE,YAAY;gBAC3B,QAAQ;gBACR,QAAQ;gBACR,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;aAC5C,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;IAC9B,CAAC;IAEM,iBAAiB,CACtB,MAA4B,EAC5B,MAA4B;QAE5B,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;QAEjC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,MAAM,IAAI,mBAAmB,CAC3B,MAAM,EACN,MAAM,EACN,6BAA6B,CAC9B,CAAA;QACH,CAAC;QAED,kEAAkE;QAElE,uEAAuE;QACvE,wEAAwE;QACxE,4EAA4E;QAC5E,uEAAuE;QACvE,2EAA2E;QAC3E,gDAAgD;QAEhD;QACE,8CAA8C;QAC9C,KAAK,IAAI,IAAI;YACb,oCAAoC;YACpC,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI;YAClC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EACnC,CAAC;YACD,MAAM,IAAI,mBAAmB,CAC3B,MAAM,EACN,MAAM,EACN,SAAS,KAAK,2BAA2B,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CACtE,CAAA;QACH,CAAC;IACH,CAAC;IAEM,iBAAiB,CACtB,QAAgB,EAChB,MAAc,EACd,SAAkB;QAElB,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;YAClC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;YACpC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;SACnE,CAAA;IACH,CAAC;IAES,SAAS,CAAC,KAAa;QAC/B,MAAM,IAAI,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAA;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAClB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACzC,CAAC;CACF;AAxFD,wCAwFC;AAED,MAAa,mBAAoB,SAAQ,KAAK;IAEjC;IACA;IAFX,YACW,MAA4B,EAC5B,MAA4B,EACrC,OAAgB;QAEhB,KAAK,CAAC,OAAO,CAAC,CAAA;QAJL,WAAM,GAAN,MAAM,CAAsB;QAC5B,WAAM,GAAN,MAAM,CAAsB;IAIvC,CAAC;CACF;AARD,kDAQC"}
+{"version":3,"file":"hcaptcha.js","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,6BAAuB;AACvB,+CAO4B;AAC5B,6CAAyC;AAE5B,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;AAGvC,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;;;;;OAMG;IACH,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAA;AAGF;;GAEG;AACU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B;;;OAGG;IACH,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C;;;OAGG;IACH,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B;;OAEG;IACH,eAAe,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjD;;OAEG;IACH,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC;;OAEG;IACH,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC/C;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA;AAUF,MAAM,mBAAmB,GAAG,IAAA,WAAI,EAC9B,IAAA,wBAAgB,GAAE,EAClB,IAAA,0BAAkB,GAAE,EACpB,IAAA,6BAAqB,EAAC,kCAA0B,CAAC,CAClD,CAAA;AAED,MAAa,cAAc;IAGd;IACA;IAHQ,KAAK,CAAY;IACpC,YACW,QAAgB,EAChB,MAAsB,EAC/B,QAAe,UAAU,CAAC,KAAK;QAFtB,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAgB;QAG/B,IAAI,CAAC,KAAK,GAAG,IAAA,iBAAS,EAAC,KAAK,CAAC,CAAA;IAC/B,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,YAAgC,EAChC,QAAgB,EAChB,QAAgB,EAChB,YAAkC;QAElC,OAAO,IAAI,CAAC,KAAK,CAAC,qCAAqC,EAAE;YACvD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAC7B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC5B,aAAa,EAAE,YAAY;gBAC3B,QAAQ;gBACR,QAAQ;gBACR,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;aAC5C,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;IAC9B,CAAC;IAEM,iBAAiB,CACtB,MAA4B,EAC5B,MAA4B;QAE5B,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,CAAA;QAEjC,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,MAAM,IAAI,mBAAmB,CAC3B,MAAM,EACN,MAAM,EACN,6BAA6B,CAC9B,CAAA;QACH,CAAC;QAED,kEAAkE;QAElE,uEAAuE;QACvE,wEAAwE;QACxE,4EAA4E;QAC5E,uEAAuE;QACvE,2EAA2E;QAC3E,gDAAgD;QAEhD;QACE,8CAA8C;QAC9C,KAAK,IAAI,IAAI;YACb,oCAAoC;YACpC,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI;YAClC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EACnC,CAAC;YACD,MAAM,IAAI,mBAAmB,CAC3B,MAAM,EACN,MAAM,EACN,SAAS,KAAK,2BAA2B,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CACtE,CAAA;QACH,CAAC;IACH,CAAC;IAEM,iBAAiB,CACtB,QAAgB,EAChB,MAAc,EACd,SAAkB;QAElB,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;YAClC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;YACpC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;SACnE,CAAA;IACH,CAAC;IAES,SAAS,CAAC,KAAa;QAC/B,MAAM,IAAI,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAA;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAClB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACzC,CAAC;CACF;AAxFD,wCAwFC;AAED,MAAa,mBAAoB,SAAQ,KAAK;IAEjC;IACA;IAFX,YACW,MAA4B,EAC5B,MAA4B,EACrC,OAAgB;QAEhB,KAAK,CAAC,OAAO,CAAC,CAAA;QAJL,WAAM,GAAN,MAAM,CAAsB;QAC5B,WAAM,GAAN,MAAM,CAAsB;IAIvC,CAAC;CACF;AARD,kDAQC","sourcesContent":["import { createHash } from 'node:crypto'\nimport { z } from 'zod'\nimport {\n  Fetch,\n  FetchBound,\n  bindFetch,\n  fetchJsonProcessor,\n  fetchJsonZodProcessor,\n  fetchOkProcessor,\n} from '@atproto-labs/fetch'\nimport { pipe } from '@atproto-labs/pipe'\n\nexport const hcaptchaTokenSchema = z.string().min(1)\nexport type HcaptchaToken = z.infer<typeof hcaptchaTokenSchema>\n\nexport const hcaptchaConfigSchema = z.object({\n  /**\n   * The hCaptcha site key to use for the sign-up form.\n   */\n  siteKey: z.string().min(1),\n  /**\n   * The hCaptcha secret key to use for the sign-up form.\n   */\n  secretKey: z.string().min(1),\n  /**\n   * A salt to use when hashing client tokens.\n   */\n  tokenSalt: z.string().min(1),\n  /**\n   * The risk score above which the user is considered a threat and will be\n   * denied access. This will be ignored if the enterprise features are not\n   * available.\n   *\n   * Note: Score values ranges from 0.0 (no risk) to 1.0 (confirmed threat).\n   */\n  scoreThreshold: z.number().optional(),\n})\nexport type HcaptchaConfig = z.infer<typeof hcaptchaConfigSchema>\n\n/**\n * @see {@link https://docs.hcaptcha.com/#verify-the-user-response-server-side hCaptcha API}\n */\nexport const hcaptchaVerifyResultSchema = z.object({\n  /**\n   * is the passcode valid, and does it meet security criteria you specified, e.g. sitekey?\n   */\n  success: z.boolean(),\n  /**\n   * timestamp of the challenge (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)\n   */\n  challenge_ts: z.string(),\n  /**\n   * the hostname of the site where the challenge was passed\n   */\n  hostname: z.string().nullable(),\n  /**\n   * optional: any error codes returned by the hCaptcha API.\n   * @see {@link https://docs.hcaptcha.com/#siteverify-error-codes-table}\n   */\n  'error-codes': z.array(z.string()).optional(),\n  /**\n   * ENTERPRISE feature: a score denoting malicious activity. Value ranges from\n   * 0.0 (no risk) to 1.0 (confirmed threat).\n   */\n  score: z.number().optional(),\n  /**\n   * ENTERPRISE feature: reason(s) for score.\n   */\n  score_reason: z.array(z.string()).optional(),\n  /**\n   * sitekey of the request\n   */\n  sitekey: z.string().optional(),\n  /**\n   * obj of form: {'ip_device': 1, .. etc}\n   */\n  behavior_counts: z.record(z.unknown()).optional(),\n  /**\n   * how similar is this? (0.0 - 1.0, -1 on err)\n   */\n  similarity: z.number().optional(),\n  /**\n   * count of similar_tokens not processed\n   */\n  similarity_failures: z.number().optional(),\n  /**\n   * array of strings for any similarity errors\n   */\n  similarity_error_details: z.array(z.string()).optional(),\n  /**\n   * encoded clientID\n   */\n  scoped_uid_0: z.string().optional(),\n  /**\n   * encoded IP\n   */\n  scoped_uid_1: z.string().optional(),\n  /**\n   * encoded IP (APT)\n   */\n  scoped_uid_2: z.string().optional(),\n  /**\n   * Risk Insights (APT + RI)\n   */\n  risk_insights: z.record(z.unknown()).optional(),\n  /**\n   * Advanced Threat Signatures (APT)\n   */\n  sigs: z.record(z.unknown()).optional(),\n  /**\n   * tags added via Rules\n   */\n  tags: z.array(z.string()).optional(),\n})\n\nexport type HcaptchaVerifyResult = z.infer<typeof hcaptchaVerifyResultSchema>\n\nexport type HcaptchaClientTokens = {\n  hashedIp: string\n  hashedHandle: string\n  hashedUserAgent?: string\n}\n\nconst fetchSuccessHandler = pipe(\n  fetchOkProcessor(),\n  fetchJsonProcessor(),\n  fetchJsonZodProcessor(hcaptchaVerifyResultSchema),\n)\n\nexport class HCaptchaClient {\n  protected readonly fetch: FetchBound\n  constructor(\n    readonly hostname: string,\n    readonly config: HcaptchaConfig,\n    fetch: Fetch = globalThis.fetch,\n  ) {\n    this.fetch = bindFetch(fetch)\n  }\n\n  public async verify(\n    behaviorType: 'login' | 'signup',\n    response: string,\n    remoteip: string,\n    clientTokens: HcaptchaClientTokens,\n  ) {\n    return this.fetch('https://api.hcaptcha.com/siteverify', {\n      method: 'POST',\n      headers: {\n        'Content-Type': 'application/x-www-form-urlencoded',\n      },\n      body: new URLSearchParams({\n        secret: this.config.secretKey,\n        sitekey: this.config.siteKey,\n        behavior_type: behaviorType,\n        response,\n        remoteip,\n        client_tokens: JSON.stringify(clientTokens),\n      }).toString(),\n    }).then(fetchSuccessHandler)\n  }\n\n  public checkVerifyResult(\n    result: HcaptchaVerifyResult,\n    tokens: HcaptchaClientTokens,\n  ): void {\n    const { success, score } = result\n\n    if (success !== true) {\n      throw new HCaptchaVerifyError(\n        result,\n        tokens,\n        'Expected success to be true',\n      )\n    }\n\n    // https://docs.hcaptcha.com/#verify-the-user-response-server-side\n\n    // Please [...] note that the hostname field is derived from the user's\n    // browser, and should not be used for authentication of any kind; it is\n    // primarily useful as a statistical metric. Additionally, in the event that\n    // your site experiences unusually high challenge traffic, the hostname\n    // field may be returned as \"not-provided\" rather than the usual value; all\n    // other fields will return their normal values.\n\n    if (\n      // Ignore if enterprise feature is not enabled\n      score != null &&\n      // Ignore if disabled through config\n      this.config.scoreThreshold != null &&\n      score >= this.config.scoreThreshold\n    ) {\n      throw new HCaptchaVerifyError(\n        result,\n        tokens,\n        `Score ${score} is above the threshold ${this.config.scoreThreshold}`,\n      )\n    }\n  }\n\n  public buildClientTokens(\n    remoteip: string,\n    handle: string,\n    userAgent?: string,\n  ): HcaptchaClientTokens {\n    return {\n      hashedIp: this.hashToken(remoteip),\n      hashedHandle: this.hashToken(handle),\n      hashedUserAgent: userAgent ? this.hashToken(userAgent) : undefined,\n    }\n  }\n\n  protected hashToken(value: string) {\n    const hash = createHash('sha256')\n    hash.update(this.config.tokenSalt)\n    hash.update(value)\n    return hash.digest().toString('base64')\n  }\n}\n\nexport class HCaptchaVerifyError extends Error {\n  constructor(\n    readonly result: HcaptchaVerifyResult,\n    readonly tokens: HcaptchaClientTokens,\n    message?: string,\n  ) {\n    super(message)\n  }\n}\n"]}

package/dist/lib/html/build-document.js.map

@@ -1 +1 @@
-{"version":3,"file":"build-document.js","sourceRoot":"","sources":["../../../src/lib/html/build-document.ts"],"names":[],"mappings":";;;AACA,uCAAgC;AAChC,uCAAgC;AAQhC;;GAEG;AACH,MAAM,uBAAuB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC5C,WAAW;IACX,QAAQ;IACR,WAAW;IACX,cAAc;IACd,UAAU;IACV,QAAQ;IACR,MAAM;IACN,MAAM;IACN,SAAS;IACT,UAAU;IACV,IAAI;IACJ,eAAe;IACf,MAAM;IACN,UAAU;IACV,YAAY;IACZ,UAAU;IACV,SAAS;IACT,WAAW;IACX,MAAM;IACN,gBAAgB;IAChB,QAAQ;IACR,YAAY;IACZ,kBAAkB;CACV,CAAC,CAAA;AAEJ,MAAM,SAAS,GAAG,CAAC,GAAY,EAAkB,EAAE,CACvD,uBAA8C,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AADlD,QAAA,SAAS,aACyC;AAU/D,MAAM,eAAe,GAAG,IAAA,cAAI,EAAA;;;GAGzB,CAAA;AAgBI,MAAM,aAAa,GAAG,CAAC,EAC5B,SAAS,EACT,IAAI,EACJ,KAAK,EACL,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,IAAI,EACJ,KAAK,EACL,QAAQ,EACR,OAAO,EACP,MAAM,GACe,EAAE,EAAE,CAAC,IAAA,cAAI,EAAA;OACzB,WAAW,CAAC,SAAS,CAAC;;;MAGvB,KAAK,IAAI,IAAA,cAAI,EAAA,UAAU,KAAK,UAAU;MACtC,IAAI,IAAI,IAAA,cAAI,EAAA,eAAe,IAAI,CAAC,IAAI,MAAM;MAC1C,IAAI,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe;MACnD,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC;MACrB,QAAQ,EAAE,GAAG,CAAC,WAAW,CAAC;MAC1B,KAAK,EAAE,GAAG,CAAC,UAAU,CAAC;MACtB,IAAI;MACJ,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC;;SAErB,WAAW,CAAC,SAAS,CAAC,IAAI,IAAI,GAAG,OAAO,EAAE,GAAG,CAAC,YAAY,CAAC;QAC5D,CAAA;AA1BK,QAAA,aAAa,iBA0BlB;AAER,SAAS,cAAc,CACrB,KAAQ;IAER,OAAO,MAAM,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,CAAA;AACrD,CAAC;AAED,SAAS,UAAU,CAAC,KAAgB;IAClC,OAAO,IAAA,cAAI,EAAA,QAAQ,WAAW,CAAC,KAAK,CAAC,KAAK,CAAA;AAC5C,CAAC;AAED,SAAS,UAAU,CAAC,KAAgB;IAClC,OAAO,IAAA,cAAI,EAAA,QAAQ,WAAW,CAAC,KAAK,CAAC,KAAK,CAAA;AAC5C,CAAC;AAED,QAAQ,CAAC,CAAC,WAAW,CAAC,KAAa;IACjC,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAClD,IAAI,KAAK,IAAI,IAAI;gBAAE,SAAQ;iBACtB,IAAI,KAAK,KAAK,KAAK;gBAAE,SAAQ;iBAC7B,IAAI,KAAK,KAAK,IAAI;gBAAE,MAAM,IAAA,cAAI,EAAA,IAAI,IAAI,EAAE,CAAA;;gBACxC,MAAM,IAAA,cAAI,EAAA,IAAI,IAAI,KAAK,KAAK,GAAG,CAAA;QACtC,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAe;IAClC,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;IAEtC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,IAAA,cAAI,EAAA,mCAAmC,KAAK,CAAC,GAAG,MAAM,CAAA;IAC/D,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAA,cAAI,EAAA,6BAA6B,KAAK,CAAC,GAAG,iBAAiB,CAAA;IACpE,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,YAAY,CAAC,MAAwB;IAC5C,IAAI,MAAM,IAAI,IAAI;QAAE,OAAO,SAAS,CAAA;IACpC,OAAO,MAAM,YAAY,cAAI;QAC3B,CAAC,CAAC,kBAAkB;YAClB,IAAA,cAAI,EAAA,WAAW,MAAM,WAAW,CAAC,qDAAqD;QACxF,CAAC,CAAC,IAAA,cAAI,EAAA,8BAA8B,MAAM,CAAC,GAAG,aAAa,CAAA;AAC/D,CAAC;AAED,SAAS,WAAW,CAAC,KAAuB;IAC1C,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,SAAS,CAAA;IACnC,OAAO,KAAK,YAAY,cAAI;QAC1B,CAAC,CAAC,kBAAkB;YAClB,IAAA,cAAI,EAAA,UAAU,KAAK,UAAU,CAAC,qDAAqD;QACrF,CAAC,CAAC,IAAA,cAAI,EAAA,gCAAgC,KAAK,CAAC,GAAG,MAAM,CAAA;AACzD,CAAC"}
+{"version":3,"file":"build-document.js","sourceRoot":"","sources":["../../../src/lib/html/build-document.ts"],"names":[],"mappings":";;;AACA,uCAAgC;AAChC,uCAAgC;AAQhC;;GAEG;AACH,MAAM,uBAAuB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC5C,WAAW;IACX,QAAQ;IACR,WAAW;IACX,cAAc;IACd,UAAU;IACV,QAAQ;IACR,MAAM;IACN,MAAM;IACN,SAAS;IACT,UAAU;IACV,IAAI;IACJ,eAAe;IACf,MAAM;IACN,UAAU;IACV,YAAY;IACZ,UAAU;IACV,SAAS;IACT,WAAW;IACX,MAAM;IACN,gBAAgB;IAChB,QAAQ;IACR,YAAY;IACZ,kBAAkB;CACV,CAAC,CAAA;AAEJ,MAAM,SAAS,GAAG,CAAC,GAAY,EAAkB,EAAE,CACvD,uBAA8C,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AADlD,QAAA,SAAS,aACyC;AAU/D,MAAM,eAAe,GAAG,IAAA,cAAI,EAAA;;;GAGzB,CAAA;AAgBI,MAAM,aAAa,GAAG,CAAC,EAC5B,SAAS,EACT,IAAI,EACJ,KAAK,EACL,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,IAAI,EACJ,KAAK,EACL,QAAQ,EACR,OAAO,EACP,MAAM,GACe,EAAE,EAAE,CAAC,IAAA,cAAI,EAAA;OACzB,WAAW,CAAC,SAAS,CAAC;;;MAGvB,KAAK,IAAI,IAAA,cAAI,EAAA,UAAU,KAAK,UAAU;MACtC,IAAI,IAAI,IAAA,cAAI,EAAA,eAAe,IAAI,CAAC,IAAI,MAAM;MAC1C,IAAI,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe;MACnD,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC;MACrB,QAAQ,EAAE,GAAG,CAAC,WAAW,CAAC;MAC1B,KAAK,EAAE,GAAG,CAAC,UAAU,CAAC;MACtB,IAAI;MACJ,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC;;SAErB,WAAW,CAAC,SAAS,CAAC,IAAI,IAAI,GAAG,OAAO,EAAE,GAAG,CAAC,YAAY,CAAC;QAC5D,CAAA;AA1BK,QAAA,aAAa,iBA0BlB;AAER,SAAS,cAAc,CACrB,KAAQ;IAER,OAAO,MAAM,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,CAAA;AACrD,CAAC;AAED,SAAS,UAAU,CAAC,KAAgB;IAClC,OAAO,IAAA,cAAI,EAAA,QAAQ,WAAW,CAAC,KAAK,CAAC,KAAK,CAAA;AAC5C,CAAC;AAED,SAAS,UAAU,CAAC,KAAgB;IAClC,OAAO,IAAA,cAAI,EAAA,QAAQ,WAAW,CAAC,KAAK,CAAC,KAAK,CAAA;AAC5C,CAAC;AAED,QAAQ,CAAC,CAAC,WAAW,CAAC,KAAa;IACjC,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAClD,IAAI,KAAK,IAAI,IAAI;gBAAE,SAAQ;iBACtB,IAAI,KAAK,KAAK,KAAK;gBAAE,SAAQ;iBAC7B,IAAI,KAAK,KAAK,IAAI;gBAAE,MAAM,IAAA,cAAI,EAAA,IAAI,IAAI,EAAE,CAAA;;gBACxC,MAAM,IAAA,cAAI,EAAA,IAAI,IAAI,KAAK,KAAK,GAAG,CAAA;QACtC,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAe;IAClC,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;IAEtC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,IAAA,cAAI,EAAA,mCAAmC,KAAK,CAAC,GAAG,MAAM,CAAA;IAC/D,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAA,cAAI,EAAA,6BAA6B,KAAK,CAAC,GAAG,iBAAiB,CAAA;IACpE,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,YAAY,CAAC,MAAwB;IAC5C,IAAI,MAAM,IAAI,IAAI;QAAE,OAAO,SAAS,CAAA;IACpC,OAAO,MAAM,YAAY,cAAI;QAC3B,CAAC,CAAC,kBAAkB;YAClB,IAAA,cAAI,EAAA,WAAW,MAAM,WAAW,CAAC,qDAAqD;QACxF,CAAC,CAAC,IAAA,cAAI,EAAA,8BAA8B,MAAM,CAAC,GAAG,aAAa,CAAA;AAC/D,CAAC;AAED,SAAS,WAAW,CAAC,KAAuB;IAC1C,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,SAAS,CAAA;IACnC,OAAO,KAAK,YAAY,cAAI;QAC1B,CAAC,CAAC,kBAAkB;YAClB,IAAA,cAAI,EAAA,UAAU,KAAK,UAAU,CAAC,qDAAqD;QACrF,CAAC,CAAC,IAAA,cAAI,EAAA,gCAAgC,KAAK,CAAC,GAAG,MAAM,CAAA;AACzD,CAAC","sourcesContent":["import { HtmlValue } from './escapers.js'\nimport { Html } from './html.js'\nimport { html } from './tags.js'\n\nexport type AssetRef = {\n  url: string\n}\n\nexport type Attrs = Record<string, boolean | string | undefined>\n\n/**\n * @see {@link https://developer.mozilla.org/fr/docs/Web/HTML/Attributes/rel}\n */\nconst ALLOWED_LINK_REL_VALUES = Object.freeze([\n  'alternate',\n  'author',\n  'canonical',\n  'dns-prefetch',\n  'external',\n  'expect',\n  'help',\n  'icon',\n  'license',\n  'manifest',\n  'me',\n  'modulepreload',\n  'next',\n  'pingback',\n  'preconnect',\n  'prefetch',\n  'preload',\n  'prerender',\n  'prev',\n  'privacy-policy',\n  'search',\n  'stylesheet',\n  'terms-of-service',\n] as const)\nexport type LinkRel = (typeof ALLOWED_LINK_REL_VALUES)[number]\nexport const isLinkRel = (rel: unknown): rel is LinkRel =>\n  (ALLOWED_LINK_REL_VALUES as readonly unknown[]).includes(rel)\n\nexport type LinkAttrs = Attrs & {\n  href: string\n  rel: LinkRel\n}\nexport type MetaAttrs =\n  | { name: string; content: string }\n  | { 'http-equiv': string; content: string }\n\nconst defaultViewport = html`<meta\n  name=\"viewport\"\n  content=\"width=device-width, initial-scale=1.0\"\n/>`\n\nexport type BuildDocumentOptions = {\n  htmlAttrs?: Attrs\n  base?: URL\n  meta?: readonly MetaAttrs[]\n  links?: readonly LinkAttrs[]\n  preloads?: readonly AssetRef[]\n  head?: HtmlValue\n  title?: HtmlValue\n  scripts?: readonly (Html | AssetRef | undefined)[]\n  styles?: readonly (Html | AssetRef | undefined)[]\n  body?: HtmlValue\n  bodyAttrs?: Attrs\n}\n\nexport const buildDocument = ({\n  htmlAttrs,\n  head,\n  title,\n  body,\n  bodyAttrs,\n  base,\n  meta,\n  links,\n  preloads,\n  scripts,\n  styles,\n}: BuildDocumentOptions) => html`<!doctype html>\n<html${attrsToHtml(htmlAttrs)}>\n  <head>\n    <meta charset=\"UTF-8\" />\n    ${title && html`<title>${title}</title>`}\n    ${base && html`<base href=\"${base.href}\" />`}\n    ${meta?.some(isViewportMeta) ? null : defaultViewport}\n    ${meta?.map(metaToHtml)}\n    ${preloads?.map(linkPreload)}\n    ${links?.map(linkToHtml)}\n    ${head}\n    ${styles?.map(styleToHtml)}\n  </head>\n  <body${attrsToHtml(bodyAttrs)}>${body}${scripts?.map(scriptToHtml)}</body>\n</html>`\n\nfunction isViewportMeta<T extends MetaAttrs>(\n  attrs: T,\n): attrs is T & { name: 'viewport' } {\n  return 'name' in attrs && attrs.name === 'viewport'\n}\n\nfunction linkToHtml(attrs: LinkAttrs) {\n  return html`<link${attrsToHtml(attrs)} />`\n}\n\nfunction metaToHtml(attrs: MetaAttrs) {\n  return html`<meta${attrsToHtml(attrs)} />`\n}\n\nfunction* attrsToHtml(attrs?: Attrs) {\n  if (attrs) {\n    for (const [name, value] of Object.entries(attrs)) {\n      if (value == null) continue\n      else if (value === false) continue\n      else if (value === true) yield html` ${name}`\n      else yield html` ${name}=\"${value}\"`\n    }\n  }\n}\n\nfunction linkPreload(asset: AssetRef) {\n  const [path] = asset.url.split('?', 2)\n\n  if (path.endsWith('.js')) {\n    return html`<link rel=\"modulepreload\" href=\"${asset.url}\" />`\n  }\n\n  if (path.endsWith('.css')) {\n    return html`<link rel=\"preload\" href=\"${asset.url}\" as=\"style\" />`\n  }\n\n  return undefined\n}\n\nfunction scriptToHtml(script?: Html | AssetRef): Html | undefined {\n  if (script == null) return undefined\n  return script instanceof Html\n    ? // prettier-ignore\n      html`<script>${script}</script>` // hash validity requires no space around the content\n    : html`<script type=\"module\" src=\"${script.url}\"></script>`\n}\n\nfunction styleToHtml(style?: Html | AssetRef): Html | undefined {\n  if (style == null) return undefined\n  return style instanceof Html\n    ? // prettier-ignore\n      html`<style>${style}</style>` // hash validity requires no space around the content\n    : html`<link rel=\"stylesheet\" href=\"${style.url}\" />`\n}\n"]}

package/dist/lib/html/escapers.js.map

@@ -1 +1 @@
-{"version":3,"file":"escapers.js","sourceRoot":"","sources":["../../../src/lib/html/escapers.ts"],"names":[],"mappings":";;AAGA,8CAIC;AAED,kCAOC;AAED,gCAEC;AAKD,kCAUC;AAnCD,uCAAgC;AAChC,uCAA0D;AAE1D,QAAe,CAAC,CAAC,iBAAiB,CAAC,IAAY;IAC7C,6EAA6E;IAC7E,2CAA2C;IAC3C,KAAK,CAAC,CAAC,IAAA,wBAAc,EAAC,IAAI,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAA;AAC7D,CAAC;AAED,QAAe,CAAC,CAAC,WAAW,CAAC,KAAc;IACzC,sEAAsE;IACtE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IAClC,IAAI,IAAI,KAAK,SAAS;QAAE,MAAM,IAAI,SAAS,CAAC,0BAA0B,CAAC,CAAA;IACvE,0EAA0E;IAC1E,qBAAqB;IACrB,KAAK,CAAC,CAAC,IAAA,wBAAc,EAAC,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;AAC7C,CAAC;AAED,QAAe,CAAC,CAAC,UAAU,CAAC,GAAW;IACrC,KAAK,CAAC,CAAC,IAAA,wBAAc,EAAC,GAAG,EAAE,UAAU,EAAE,gBAAgB,CAAC,CAAA;AAC1D,CAAC;AAKD,QAAe,CAAC,CAAC,WAAW,CAC1B,aAAmC,EACnC,MAA4B;IAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,aAAa,CAAC,CAAC,CAAE,CAAA;QAEvB,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;QACvB,IAAI,KAAK,IAAI,IAAI;YAAE,KAAK,CAAC,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;IAC1D,CAAC;AACH,CAAC;AAED,QAAQ,CAAC,CAAC,uBAAuB,CAC/B,KAAgB;IAEhB,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;QAClB,OAAM;IACR,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,MAAM,CAAC,KAAK,CAAC,CAAA;IACrB,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,MAAM,CAAC,KAAK,CAAC,CAAA;IACrB,CAAC;SAAM,IAAI,KAAK,YAAY,cAAI,EAAE,CAAC;QACjC,MAAM,KAAK,CAAA;IACb,CAAC;SAAM,CAAC;QACN,6CAA6C;QAC7C,KAAK,MAAM,CAAC,IAAI,KAAK;YAAE,KAAK,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAA;IAC1D,CAAC;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG,UAAU,CAAA;AACpC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,CAAC,GAAG,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,QAAQ,CAAC;IACf,CAAC,GAAG,EAAE,QAAQ,CAAC;IACf,CAAC,GAAG,EAAE,OAAO,CAAC;CACf,CAAC,CAAA;AACF,MAAM,iBAAiB,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAE,CAAA;AAC/D,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,KAAK,CAAC,OAAO,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,CAAA;AAC5D,CAAC"}
+{"version":3,"file":"escapers.js","sourceRoot":"","sources":["../../../src/lib/html/escapers.ts"],"names":[],"mappings":";;AAGA,8CAIC;AAED,kCAOC;AAED,gCAEC;AAKD,kCAUC;AAnCD,uCAAgC;AAChC,uCAA0D;AAE1D,QAAe,CAAC,CAAC,iBAAiB,CAAC,IAAY;IAC7C,6EAA6E;IAC7E,2CAA2C;IAC3C,KAAK,CAAC,CAAC,IAAA,wBAAc,EAAC,IAAI,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAA;AAC7D,CAAC;AAED,QAAe,CAAC,CAAC,WAAW,CAAC,KAAc;IACzC,sEAAsE;IACtE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IAClC,IAAI,IAAI,KAAK,SAAS;QAAE,MAAM,IAAI,SAAS,CAAC,0BAA0B,CAAC,CAAA;IACvE,0EAA0E;IAC1E,qBAAqB;IACrB,KAAK,CAAC,CAAC,IAAA,wBAAc,EAAC,IAAI,EAAE,GAAG,EAAE,SAAS,CAAC,CAAA;AAC7C,CAAC;AAED,QAAe,CAAC,CAAC,UAAU,CAAC,GAAW;IACrC,KAAK,CAAC,CAAC,IAAA,wBAAc,EAAC,GAAG,EAAE,UAAU,EAAE,gBAAgB,CAAC,CAAA;AAC1D,CAAC;AAKD,QAAe,CAAC,CAAC,WAAW,CAC1B,aAAmC,EACnC,MAA4B;IAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,aAAa,CAAC,CAAC,CAAE,CAAA;QAEvB,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;QACvB,IAAI,KAAK,IAAI,IAAI;YAAE,KAAK,CAAC,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAA;IAC1D,CAAC;AACH,CAAC;AAED,QAAQ,CAAC,CAAC,uBAAuB,CAC/B,KAAgB;IAEhB,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;QAClB,OAAM;IACR,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,MAAM,CAAC,KAAK,CAAC,CAAA;IACrB,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,MAAM,CAAC,KAAK,CAAC,CAAA;IACrB,CAAC;SAAM,IAAI,KAAK,YAAY,cAAI,EAAE,CAAC;QACjC,MAAM,KAAK,CAAA;IACb,CAAC;SAAM,CAAC;QACN,6CAA6C;QAC7C,KAAK,MAAM,CAAC,IAAI,KAAK;YAAE,KAAK,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAA;IAC1D,CAAC;AACH,CAAC;AAED,MAAM,iBAAiB,GAAG,UAAU,CAAA;AACpC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,CAAC,GAAG,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,QAAQ,CAAC;IACf,CAAC,GAAG,EAAE,QAAQ,CAAC;IACf,CAAC,GAAG,EAAE,OAAO,CAAC;CACf,CAAC,CAAA;AACF,MAAM,iBAAiB,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAE,CAAA;AAC/D,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,KAAK,CAAC,OAAO,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,CAAA;AAC5D,CAAC","sourcesContent":["import { Html } from './html.js'\nimport { NestedIterable, stringReplacer } from './util.js'\n\nexport function* javascriptEscaper(code: string) {\n  // \"</script>\" can only appear in javascript strings, so we can safely escape\n  // the \"<\" without breaking the javascript.\n  yield* stringReplacer(code, '</script>', '\\\\u003c/script>')\n}\n\nexport function* jsonEscaper(value: unknown) {\n  // https://redux.js.org/usage/server-rendering#security-considerations\n  const json = JSON.stringify(value)\n  if (json === undefined) throw new TypeError('Cannot serialize to JSON')\n  // \"<\" can only appear in JSON strings, so we can safely escape it without\n  // breaking the JSON.\n  yield* stringReplacer(json, '<', '\\\\u003c')\n}\n\nexport function* cssEscaper(css: string) {\n  yield* stringReplacer(css, '</style>', '\\\\u003c/style>')\n}\n\nexport type HtmlVariable = Html | string | number | null | undefined\nexport type HtmlValue = NestedIterable<HtmlVariable>\n\nexport function* htmlEscaper(\n  htmlFragments: TemplateStringsArray,\n  values: readonly HtmlValue[],\n): Generator<string | Html, void, undefined> {\n  for (let i = 0; i < htmlFragments.length; i++) {\n    yield htmlFragments[i]!\n\n    const value = values[i]\n    if (value != null) yield* htmlVariableToFragments(value)\n  }\n}\n\nfunction* htmlVariableToFragments(\n  value: HtmlValue,\n): Generator<string | Html, void, undefined> {\n  if (value == null) {\n    return\n  } else if (typeof value === 'number') {\n    yield String(value)\n  } else if (typeof value === 'string') {\n    yield encode(value)\n  } else if (value instanceof Html) {\n    yield value\n  } else {\n    // Will throw if the value is not an iterable\n    for (const v of value) yield* htmlVariableToFragments(v)\n  }\n}\n\nconst specialCharRegExp = /[<>\"'&]/g\nconst specialCharMap = new Map([\n  ['<', '&lt;'],\n  ['>', '&gt;'],\n  ['\"', '&quot;'],\n  [\"'\", '&apos;'],\n  ['&', '&amp;'],\n])\nconst specialCharMapGet = (c: string) => specialCharMap.get(c)!\nfunction encode(value: string): string {\n  return value.replace(specialCharRegExp, specialCharMapGet)\n}\n"]}