@atproto/oauth-provider 0.13.1 → 0.13.3

package/dist/lib/http/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/lib/http/types.ts"],"names":[],"mappings":""}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/lib/http/types.ts"],"names":[],"mappings":"","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\n\nexport type NextFunction = (err?: unknown) => void\n\nexport type Middleware<\n  T = void,\n  Req = IncomingMessage,\n  Res = ServerResponse,\n> = (this: T, req: Req, res: Res, next: NextFunction) => void\n\nexport type Handler<T = void, Req = IncomingMessage, Res = ServerResponse> = (\n  this: T,\n  req: Req,\n  res: Res,\n  next?: NextFunction,\n) => void\n"]}

package/dist/lib/http/url.js.map

@@ -1 +1 @@
-{"version":3,"file":"url.js","sourceRoot":"","sources":["../../../src/lib/http/url.ts"],"names":[],"mappings":";;AAMA,4BAgBC;AAhBD,SAAgB,QAAQ,CAAC,GAAQ,EAAE,SAAuB;IACxD,IAAI,SAAS,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;IACnD,CAAC;IAED,IAAI,SAAS,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACrC,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAA;IACvD,CAAC;IAED,IAAI,SAAS,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACzC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;YAClD,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAA;QACvD,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC"}
+{"version":3,"file":"url.js","sourceRoot":"","sources":["../../../src/lib/http/url.ts"],"names":[],"mappings":";;AAMA,4BAgBC;AAhBD,SAAgB,QAAQ,CAAC,GAAQ,EAAE,SAAuB;IACxD,IAAI,SAAS,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;IACnD,CAAC;IAED,IAAI,SAAS,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACrC,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAA;IACvD,CAAC;IAED,IAAI,SAAS,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACzC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;YAClD,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAA;QACvD,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC","sourcesContent":["export type UrlReference = {\n  origin?: string\n  pathname?: string\n  searchParams?: Iterable<readonly [string, string]> // compatible with URLSearchParams\n}\n\nexport function urlMatch(url: URL, reference: UrlReference) {\n  if (reference.origin !== undefined) {\n    if (url.origin !== reference.origin) return false\n  }\n\n  if (reference.pathname !== undefined) {\n    if (url.pathname !== reference.pathname) return false\n  }\n\n  if (reference.searchParams !== undefined) {\n    for (const [key, value] of reference.searchParams) {\n      if (url.searchParams.get(key) !== value) return false\n    }\n  }\n\n  return true\n}\n"]}

package/dist/lib/nsid.js.map

@@ -1 +1 @@
-{"version":3,"file":"nsid.js","sourceRoot":"","sources":["../../src/lib/nsid.ts"],"names":[],"mappings":";;;AAGA,8BAMC;AATD,4CAAsC;AAC7B,qFADA,aAAI,OACA;AAEb,SAAgB,SAAS,CAAC,KAAa;IACrC,IAAI,CAAC;QACH,OAAO,aAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC"}
+{"version":3,"file":"nsid.js","sourceRoot":"","sources":["../../src/lib/nsid.ts"],"names":[],"mappings":";;;AAGA,8BAMC;AATD,4CAAsC;AAC7B,qFADA,aAAI,OACA;AAEb,SAAgB,SAAS,CAAC,KAAa;IACrC,IAAI,CAAC;QACH,OAAO,aAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC","sourcesContent":["import { NSID } from '@atproto/syntax'\nexport { NSID }\n\nexport function parseNSID(value: string): NSID | null {\n  try {\n    return NSID.parse(value)\n  } catch {\n    return null\n  }\n}\n"]}

package/dist/lib/redis.js.map

@@ -1 +1 @@
-{"version":3,"file":"redis.js","sourceRoot":"","sources":["../../src/lib/redis.ts"],"names":[],"mappings":";;AAMA,kCAkBC;AAxBD,qCAAkD;AAMlD,SAAgB,WAAW,CAAC,OAA2B;IACrD,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,OAAO,EAAE,CAChE,CAAA;QAED,OAAO,IAAI,eAAK,CAAC;YACf,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC,CAAA;IACJ,CAAC;SAAM,IAAI,IAAI,IAAI,OAAO,IAAI,MAAM,IAAI,OAAO,IAAI,KAAK,IAAI,OAAO,EAAE,CAAC;QACpE,4EAA4E;QAC5E,+DAA+D;QAC/D,OAAO,OAAO,CAAA;IAChB,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,eAAK,CAAC,OAAO,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC"}
+{"version":3,"file":"redis.js","sourceRoot":"","sources":["../../src/lib/redis.ts"],"names":[],"mappings":";;AAMA,kCAkBC;AAxBD,qCAAkD;AAMlD,SAAgB,WAAW,CAAC,OAA2B;IACrD,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CACjB,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,OAAO,EAAE,CAChE,CAAA;QAED,OAAO,IAAI,eAAK,CAAC;YACf,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC,CAAA;IACJ,CAAC;SAAM,IAAI,IAAI,IAAI,OAAO,IAAI,MAAM,IAAI,OAAO,IAAI,KAAK,IAAI,OAAO,EAAE,CAAC;QACpE,4EAA4E;QAC5E,+DAA+D;QAC/D,OAAO,OAAO,CAAA;IAChB,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,eAAK,CAAC,OAAO,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC","sourcesContent":["import { Redis, type RedisOptions } from 'ioredis'\n\nexport type { Redis, RedisOptions }\n\nexport type CreateRedisOptions = Redis | RedisOptions | string\n\nexport function createRedis(options: CreateRedisOptions): Redis {\n  if (typeof options === 'string') {\n    const url = new URL(\n      options.startsWith('redis://') ? options : `redis://${options}`,\n    )\n\n    return new Redis({\n      host: url.hostname,\n      port: parseInt(url.port, 10),\n      password: url.password,\n    })\n  } else if ('on' in options && 'call' in options && 'acl' in options) {\n    // Not using \"instanceof\" here in case the options is an instance of another\n    // version of ioredis (Redis is both a class and an interface).\n    return options\n  } else {\n    return new Redis(options)\n  }\n}\n"]}

package/dist/lib/send-web-page.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-web-page.js","sourceRoot":"","sources":["../../src/lib/send-web-page.ts"],"names":[],"mappings":";;;AAkBA,kCAiBC;AAnCD,6CAAwC;AAExC,6CAA8D;AAC9D,8CAKwB;AACxB,oDAAgE;AAEnD,QAAA,WAAW,GAAc;IACpC,2BAA2B,EAAE,IAAI;IACjC,aAAa,EAAE,CAAC,QAAQ,CAAC;CAC1B,CAAA;AAID,SAAgB,WAAW,CACzB,GAAmB,EACnB,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAsB;IAEjD,8EAA8E;IAC9E,qEAAqE;IACrE,0EAA0E;IAC1E,8EAA8E;IAC9E,eAAe;IACf,MAAM,GAAG,GAAG,IAAA,mBAAQ,EAAC,mBAAW,EAAE,QAAQ,EAAE;QAC1C,UAAU,EAAE,OAAO,CAAC,IAAI,EAAE,MAAyC;QACnE,YAAY,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC;QACvE,WAAW,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC;KACtE,CAAC,CAAA;IAEF,MAAM,IAAI,GAAG,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAA;IAC9C,IAAA,uBAAS,EAAC,GAAG,EAAE,IAAI,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,EAAE,CAAC,CAAA;AAC3C,CAAC;AAED,SAAS,UAAU,CAAC,KAAuB;IACzC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,SAAS,CAAA;IACnC,IAAI,KAAK,YAAY,eAAI,EAAE,CAAC;QAC1B,4CAA4C;QAC5C,MAAM,IAAI,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAA;QACjC,KAAK,MAAM,QAAQ,IAAI,KAAK;YAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;QACnD,OAAO,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAA;IAC5C,CAAC;SAAM,CAAC;QACN,iDAAiD;QACjD,IAAI,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACpE,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAA8C,CAAA;QAC1E,CAAC;QAED,kDAAkD;QAClD,OAAO,QAAQ,CAAA;IACjB,CAAC;AACH,CAAC"}
+{"version":3,"file":"send-web-page.js","sourceRoot":"","sources":["../../src/lib/send-web-page.ts"],"names":[],"mappings":";;;AAkBA,kCAiBC;AAnCD,6CAAwC;AAExC,6CAA8D;AAC9D,8CAKwB;AACxB,oDAAgE;AAEnD,QAAA,WAAW,GAAc;IACpC,2BAA2B,EAAE,IAAI;IACjC,aAAa,EAAE,CAAC,QAAQ,CAAC;CAC1B,CAAA;AAID,SAAgB,WAAW,CACzB,GAAmB,EACnB,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,OAAO,EAAsB;IAEjD,8EAA8E;IAC9E,qEAAqE;IACrE,0EAA0E;IAC1E,8EAA8E;IAC9E,eAAe;IACf,MAAM,GAAG,GAAG,IAAA,mBAAQ,EAAC,mBAAW,EAAE,QAAQ,EAAE;QAC1C,UAAU,EAAE,OAAO,CAAC,IAAI,EAAE,MAAyC;QACnE,YAAY,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC;QACvE,WAAW,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC;KACtE,CAAC,CAAA;IAEF,MAAM,IAAI,GAAG,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAA;IAC9C,IAAA,uBAAS,EAAC,GAAG,EAAE,IAAI,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,EAAE,CAAC,CAAA;AAC3C,CAAC;AAED,SAAS,UAAU,CAAC,KAAuB;IACzC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,SAAS,CAAA;IACnC,IAAI,KAAK,YAAY,eAAI,EAAE,CAAC;QAC1B,4CAA4C;QAC5C,MAAM,IAAI,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAA;QACjC,KAAK,MAAM,QAAQ,IAAI,KAAK;YAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;QACnD,OAAO,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAA;IAC5C,CAAC;SAAM,CAAC;QACN,iDAAiD;QACjD,IAAI,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACpE,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAA8C,CAAA;QAC1E,CAAC;QAED,kDAAkD;QAClD,OAAO,QAAQ,CAAA;IACjB,CAAC;AACH,CAAC","sourcesContent":["import { createHash } from 'node:crypto'\nimport type { ServerResponse } from 'node:http'\nimport { CspConfig, CspValue, mergeCsp } from './csp/index.js'\nimport {\n  AssetRef,\n  BuildDocumentOptions,\n  Html,\n  buildDocument,\n} from './html/index.js'\nimport { WriteHtmlOptions, writeHtml } from './http/response.js'\n\nexport const DEFAULT_CSP: CspConfig = {\n  'upgrade-insecure-requests': true,\n  'default-src': [\"'none'\"],\n}\n\nexport type SendWebPageOptions = BuildDocumentOptions & WriteHtmlOptions\n\nexport function sendWebPage(\n  res: ServerResponse,\n  { csp: inputCsp, ...options }: SendWebPageOptions,\n): void {\n  // @NOTE the csp string might be quite long. In that case it might be tempting\n  // to set it through the http-equiv <meta> in the HTML. However, some\n  // directives cannot be enforced by browsers when set through the meta tag\n  // (e.g. 'frame-ancestors'). Therefore, it's better to set the CSP through the\n  // HTTP header.\n  const csp = mergeCsp(DEFAULT_CSP, inputCsp, {\n    'base-uri': options.base?.origin as undefined | `https://${string}`,\n    'script-src': options.scripts?.map(assetToCsp).filter((v) => v != null),\n    'style-src': options.styles?.map(assetToCsp).filter((v) => v != null),\n  })\n\n  const html = buildDocument(options).toString()\n  writeHtml(res, html, { ...options, csp })\n}\n\nfunction assetToCsp(asset?: Html | AssetRef): undefined | CspValue {\n  if (asset == null) return undefined\n  if (asset instanceof Html) {\n    // Inline assets are \"allowed\" by their hash\n    const hash = createHash('sha256')\n    for (const fragment of asset) hash.update(fragment)\n    return `'sha256-${hash.digest('base64')}'`\n  } else {\n    // External assets are referenced by their origin\n    if (asset.url.startsWith('https:') || asset.url.startsWith('http:')) {\n      return new URL(asset.url).origin as `https:${string}` | `http:${string}`\n    }\n\n    // Internal assets are served from the same origin\n    return `'self'`\n  }\n}\n"]}

package/dist/lib/util/authorization-header.js.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-header.js","sourceRoot":"","sources":["../../../src/lib/util/authorization-header.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sDAG6B;AAC7B,oFAA2E;AAC3E,sFAA6E;AAEhE,QAAA,yBAAyB,GAAG,OAAC,CAAC,KAAK,CAAC;IAC/C,kCAAoB;IACpB,oCAAsB;CACvB,CAAC,CAAA;AAEK,MAAM,wBAAwB,GAAG,CAAC,MAAe,EAAE,EAAE;IAC1D,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,gDAAoB,CAC5B,iBAAiB,EACjB,+BAA+B,EAC/B,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CACzB,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,iCAAyB,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;IACrE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,8CAAmB,CAAC,8BAA8B,CAAC,CAAA;IAC/D,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAA;AACpB,CAAC,CAAA;AAdY,QAAA,wBAAwB,4BAcpC"}
+{"version":3,"file":"authorization-header.js","sourceRoot":"","sources":["../../../src/lib/util/authorization-header.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,sDAG6B;AAC7B,oFAA2E;AAC3E,sFAA6E;AAEhE,QAAA,yBAAyB,GAAG,OAAC,CAAC,KAAK,CAAC;IAC/C,kCAAoB;IACpB,oCAAsB;CACvB,CAAC,CAAA;AAEK,MAAM,wBAAwB,GAAG,CAAC,MAAe,EAAE,EAAE;IAC1D,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,gDAAoB,CAC5B,iBAAiB,EACjB,+BAA+B,EAC/B,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CACzB,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,iCAAyB,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;IACrE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,8CAAmB,CAAC,8BAA8B,CAAC,CAAA;IAC/D,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAA;AACpB,CAAC,CAAA;AAdY,QAAA,wBAAwB,4BAcpC","sourcesContent":["import { z } from 'zod'\nimport {\n  oauthAccessTokenSchema,\n  oauthTokenTypeSchema,\n} from '@atproto/oauth-types'\nimport { InvalidRequestError } from '../../errors/invalid-request-error.js'\nimport { WWWAuthenticateError } from '../../errors/www-authenticate-error.js'\n\nexport const authorizationHeaderSchema = z.tuple([\n  oauthTokenTypeSchema,\n  oauthAccessTokenSchema,\n])\n\nexport const parseAuthorizationHeader = (header: unknown) => {\n  if (typeof header !== 'string') {\n    throw new WWWAuthenticateError(\n      'invalid_request',\n      'Authorization header required',\n      { Bearer: {}, DPoP: {} },\n    )\n  }\n\n  const parsed = authorizationHeaderSchema.safeParse(header.split(' '))\n  if (!parsed.success) {\n    throw new InvalidRequestError('Invalid authorization header')\n  }\n  return parsed.data\n}\n"]}

package/dist/lib/util/cast.js.map

@@ -1 +1 @@
-{"version":3,"file":"cast.js","sourceRoot":"","sources":["../../../src/lib/util/cast.ts"],"names":[],"mappings":";;AAAA,0BAGC;AAED,sBAEC;AAED,sBAQC;AAjBD,SAAgB,OAAO,CAAI,KAAc;IACvC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,EAAE,CAAA;IAC5B,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;AAC/C,CAAC;AAED,SAAgB,KAAK,CAAC,KAA0C;IAC9D,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;AACvB,CAAC;AAED,SAAgB,KAAK,CACnB,KAA0C;IAE1C,IAAI,CAAC;QACH,OAAO,KAAK,CAAC,KAAK,CAAC,CAAA;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAA;IAClB,CAAC;AACH,CAAC"}
+{"version":3,"file":"cast.js","sourceRoot":"","sources":["../../../src/lib/util/cast.ts"],"names":[],"mappings":";;AAAA,0BAGC;AAED,sBAEC;AAED,sBAQC;AAjBD,SAAgB,OAAO,CAAI,KAAc;IACvC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,EAAE,CAAA;IAC5B,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;AAC/C,CAAC;AAED,SAAgB,KAAK,CAAC,KAA0C;IAC9D,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;AACvB,CAAC;AAED,SAAgB,KAAK,CACnB,KAA0C;IAE1C,IAAI,CAAC;QACH,OAAO,KAAK,CAAC,KAAK,CAAC,CAAA;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAA;IAClB,CAAC;AACH,CAAC","sourcesContent":["export function asArray<T>(value: T | T[]): T[] {\n  if (value == null) return []\n  return Array.isArray(value) ? value : [value]\n}\n\nexport function asURL(value: string | { toString: () => string }): URL {\n  return new URL(value)\n}\n\nexport function ifURL(\n  value: string | { toString: () => string },\n): URL | undefined {\n  try {\n    return asURL(value)\n  } catch {\n    return undefined\n  }\n}\n"]}

package/dist/lib/util/color.js.map

@@ -1 +1 @@
-{"version":3,"file":"color.js","sourceRoot":"","sources":["../../../src/lib/util/color.ts"],"names":[],"mappings":";;AAOA,gCAeC;AAED,sCAuBC;AAED,sCAQC;AAED,wCAWC;AAKD,8CAEC;AAwBD,gCA8BC;AAnID,qCAAmD;AAOnD,SAAgB,UAAU,CAAC,KAAa;IACtC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,aAAa,CAAC,KAAK,CAAC,CAAA;IAC7B,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,OAAO,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9B,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7B,OAAO,aAAa,CAAC,KAAK,CAAC,CAAA;IAC7B,CAAC;IAED,qEAAqE;IACrE,MAAM,IAAI,SAAS,CAAC,wBAAwB,KAAK,EAAE,CAAC,CAAA;AACtD,CAAC;AAED,SAAgB,aAAa,CAAC,CAAS;IACrC,wEAAwE;IACxE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,EAAE,CAAC,CAAA;IACtD,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QACrC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QACrC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QACrC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAChE,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;IACjD,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAA,oBAAW,EAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAC/D,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;IACjD,CAAC;IAED,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,EAAE,CAAC,CAAA;AACtD,CAAC;AAED,SAAgB,aAAa,CAAC,CAAS;IACrC,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAA;IAC7E,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,EAAE,CAAC,CAAA;IAElE,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;AACpB,CAAC;AAED,SAAgB,cAAc,CAAC,CAAS;IACtC,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CACrB,iEAAiE,CAClE,CAAA;IACD,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,SAAS,CAAC,6BAA6B,CAAC,EAAE,CAAC,CAAA;IAEnE,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;AACvB,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,GAAa,EAAE,CAAW,EAAE,CAAW;IACvE,OAAO,oBAAoB,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,oBAAoB,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AAC5E,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAY;IAC9C,OAAO,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAA;AACrE,CAAC;AAED,SAAS,MAAM,CAAC,KAAK;IACnB,MAAM,GAAG,GAAG,KAAK,GAAG,GAAG,CAAA;IACvB,OAAO,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,GAAG,KAAK,EAAE,GAAG,CAAC,CAAA;AAC3E,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,CAAW,EAAE,CAAW;IACpD,MAAM,IAAI,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,IAAI,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;IACnE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;AAC3C,CAAC;AAED,SAAgB,UAAU,CAAC,KAAe;IACxC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,GAAG,CAAA;IACvB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,GAAG,CAAA;IACvB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,GAAG,CAAA;IAEvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;IAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;IAE7B,MAAM,MAAM,GAAG,GAAG,GAAG,GAAG,CAAA;IAExB,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,GAAG;YACN,OAAO,CAAC,CAAA,CAAC,aAAa;QACxB,KAAK,CAAC,CAAC,CAAC,CAAC;YACP,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAA;YAChC,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;YAC7C,OAAO,EAAE,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC,CAAA;QAC/B,CAAC;QACD,KAAK,CAAC,CAAC,CAAC,CAAC;YACP,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAA;YAChC,MAAM,KAAK,GAAG,GAAG,GAAG,EAAE,CAAA;YACtB,OAAO,EAAE,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC,CAAA;QAC/B,CAAC;QACD,6EAA6E;QAC7E,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAA;YAChC,MAAM,KAAK,GAAG,GAAG,GAAG,EAAE,CAAA;YACtB,OAAO,EAAE,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC,CAAA;QAC/B,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"color.js","sourceRoot":"","sources":["../../../src/lib/util/color.ts"],"names":[],"mappings":";;AAOA,gCAeC;AAED,sCAuBC;AAED,sCAQC;AAED,wCAWC;AAKD,8CAEC;AAwBD,gCA8BC;AAnID,qCAAmD;AAOnD,SAAgB,UAAU,CAAC,KAAa;IACtC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,aAAa,CAAC,KAAK,CAAC,CAAA;IAC7B,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,OAAO,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9B,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7B,OAAO,aAAa,CAAC,KAAK,CAAC,CAAA;IAC7B,CAAC;IAED,qEAAqE;IACrE,MAAM,IAAI,SAAS,CAAC,wBAAwB,KAAK,EAAE,CAAC,CAAA;AACtD,CAAC;AAED,SAAgB,aAAa,CAAC,CAAS;IACrC,wEAAwE;IACxE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,EAAE,CAAC,CAAA;IACtD,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QACrC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QACrC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QACrC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAA,oBAAW,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAChE,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;IACjD,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAA,oBAAW,EAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAC/D,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;IACjD,CAAC;IAED,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,EAAE,CAAC,CAAA;AACtD,CAAC;AAED,SAAgB,aAAa,CAAC,CAAS;IACrC,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAA;IAC7E,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,EAAE,CAAC,CAAA;IAElE,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;AACpB,CAAC;AAED,SAAgB,cAAc,CAAC,CAAS;IACtC,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CACrB,iEAAiE,CAClE,CAAA;IACD,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,SAAS,CAAC,6BAA6B,CAAC,EAAE,CAAC,CAAA;IAEnE,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;AACvB,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,GAAa,EAAE,CAAW,EAAE,CAAW;IACvE,OAAO,oBAAoB,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,oBAAoB,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AAC5E,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAY;IAC9C,OAAO,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAA;AACrE,CAAC;AAED,SAAS,MAAM,CAAC,KAAK;IACnB,MAAM,GAAG,GAAG,KAAK,GAAG,GAAG,CAAA;IACvB,OAAO,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,GAAG,KAAK,EAAE,GAAG,CAAC,CAAA;AAC3E,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,CAAW,EAAE,CAAW;IACpD,MAAM,IAAI,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,IAAI,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;IACnE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;AAC3C,CAAC;AAED,SAAgB,UAAU,CAAC,KAAe;IACxC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,GAAG,CAAA;IACvB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,GAAG,CAAA;IACvB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,GAAG,CAAA;IAEvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;IAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;IAE7B,MAAM,MAAM,GAAG,GAAG,GAAG,GAAG,CAAA;IAExB,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,GAAG;YACN,OAAO,CAAC,CAAA,CAAC,aAAa;QACxB,KAAK,CAAC,CAAC,CAAC,CAAC;YACP,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAA;YAChC,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAA;YAC7C,OAAO,EAAE,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC,CAAA;QAC/B,CAAC;QACD,KAAK,CAAC,CAAC,CAAC,CAAC;YACP,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAA;YAChC,MAAM,KAAK,GAAG,GAAG,GAAG,EAAE,CAAA;YACtB,OAAO,EAAE,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC,CAAA;QAC/B,CAAC;QACD,6EAA6E;QAC7E,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,MAAM,CAAA;YAChC,MAAM,KAAK,GAAG,GAAG,GAAG,EAAE,CAAA;YACtB,OAAO,EAAE,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC,CAAA;QAC/B,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["import { parseUi8Dec, parseUi8Hex } from './ui8.js'\n\nexport type RgbColor = { r: number; g: number; b: number }\nexport type HslColor = { h: number; s: number; l: number }\nexport type RgbaColor = { r: number; g: number; b: number; a: number }\nexport type HslaColor = { h: number; s: number; l: number; a: number }\n\nexport function parseColor(color: string): RgbColor | RgbaColor {\n  if (color.startsWith('#')) {\n    return parseHexColor(color)\n  }\n\n  if (color.startsWith('rgba(')) {\n    return parseRgbaColor(color)\n  }\n\n  if (color.startsWith('rgb(')) {\n    return parseRgbColor(color)\n  }\n\n  // Should never happen (as long as the input is a validated WebColor)\n  throw new TypeError(`Invalid color value: ${color}`)\n}\n\nexport function parseHexColor(v: string): RgbColor | RgbaColor {\n  // parseInt('az', 16) does not return NaN so we need to check the format\n  if (!/^#[0-9a-f]+$/i.test(v)) {\n    throw new TypeError(`Invalid hex color value: ${v}`)\n  }\n\n  if (v.length === 4 || v.length === 5) {\n    const r = parseUi8Hex(v[1].repeat(2))\n    const g = parseUi8Hex(v[2].repeat(2))\n    const b = parseUi8Hex(v[3].repeat(2))\n    const a = v.length > 4 ? parseUi8Hex(v[4].repeat(2)) : undefined\n    return a == null ? { r, g, b } : { r, g, b, a }\n  }\n\n  if (v.length === 7 || v.length === 9) {\n    const r = parseUi8Hex(v.slice(1, 3))\n    const g = parseUi8Hex(v.slice(3, 5))\n    const b = parseUi8Hex(v.slice(5, 7))\n    const a = v.length > 8 ? parseUi8Hex(v.slice(7, 9)) : undefined\n    return a == null ? { r, g, b } : { r, g, b, a }\n  }\n\n  throw new TypeError(`Invalid hex color value: ${v}`)\n}\n\nexport function parseRgbColor(v: string): RgbColor {\n  const matches = v.match(/^\\s*rgb\\(\\s*(\\d+)\\s*,\\s*(\\d+)\\s*,\\s*(\\d+)\\s*\\)\\s*$/)\n  if (!matches) throw new TypeError(`Invalid rgb color value: ${v}`)\n\n  const r = parseUi8Dec(matches[1])\n  const g = parseUi8Dec(matches[2])\n  const b = parseUi8Dec(matches[3])\n  return { r, g, b }\n}\n\nexport function parseRgbaColor(v: string): RgbaColor {\n  const matches = v.match(\n    /^\\s*rgba\\(\\s*(\\d+)\\s*,\\s*(\\d+)\\s*,\\s*(\\d+)\\s*,\\s*(\\d+)\\s*\\)\\s*$/,\n  )\n  if (!matches) throw new TypeError(`Invalid rgba color value: ${v}`)\n\n  const r = parseUi8Dec(matches[1])\n  const g = parseUi8Dec(matches[2])\n  const b = parseUi8Dec(matches[3])\n  const a = parseUi8Dec(matches[4])\n  return { r, g, b, a }\n}\n\n/**\n * Return the color that has the best contrast with the reference color.\n */\nexport function pickContrastColor(ref: RgbColor, a: RgbColor, b: RgbColor) {\n  return computeContrastRatio(ref, a) > computeContrastRatio(ref, b) ? a : b\n}\n\n/**\n * @see {@link https://www.w3.org/TR/2008/REC-WCAG20-20081211/#relativeluminancedef}\n */\nfunction relativeLuminance({ r, g, b }: RgbColor) {\n  return rgbLum(r) * 0.2126 + rgbLum(g) * 0.7152 + rgbLum(b) * 0.0722\n}\n\nfunction rgbLum(value) {\n  const rgb = value / 255\n  return rgb < 0.03928 ? rgb / 12.92 : Math.pow((rgb + 0.055) / 1.055, 2.4)\n}\n\n/**\n * @see {@link https://www.w3.org/TR/2008/REC-WCAG20-20081211/#contrast-ratiodef}\n */\nfunction computeContrastRatio(a: RgbColor, b: RgbColor) {\n  const aLum = relativeLuminance(a)\n  const bLum = relativeLuminance(b)\n  const [lighter, darker] = aLum > bLum ? [aLum, bLum] : [bLum, aLum]\n  return (lighter + 0.05) / (darker + 0.05)\n}\n\nexport function extractHue(input: RgbColor): number {\n  const r = input.r / 255\n  const g = input.g / 255\n  const b = input.b / 255\n\n  const max = Math.max(r, g, b)\n  const min = Math.min(r, g, b)\n\n  const chroma = max - min\n\n  switch (max) {\n    case min:\n      return 0 // Achromatic\n    case r: {\n      const segment = (g - b) / chroma\n      const shift = segment < 0 ? 360 / 60 : 0 / 60\n      return 60 * (segment + shift)\n    }\n    case g: {\n      const segment = (b - r) / chroma\n      const shift = 120 / 60\n      return 60 * (segment + shift)\n    }\n    // \"default\" needed for type safety. In practice, should be same as \"case b:\"\n    default: {\n      const segment = (r - g) / chroma\n      const shift = 240 / 60\n      return 60 * (segment + shift)\n    }\n  }\n}\n"]}

package/dist/lib/util/crypto.js.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../../src/lib/util/crypto.ts"],"names":[],"mappings":";;;AAEA,oCAOC;AAED,kCAGC;AAdD,6CAAyC;AAElC,KAAK,UAAU,YAAY,CAAC,WAAW,GAAG,EAAE;IACjD,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC7C,IAAA,yBAAW,EAAC,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACpC,IAAI,GAAG;gBAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAA;YAC3B,OAAO,CAAC,GAAG,CAAC,CAAA;QACd,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,WAAW,GAAG,EAAE;IAChD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,CAAA;IAC9C,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC/B,CAAC;AAED,8DAA8D;AAC9D,mFAAmF;AACtE,QAAA,YAAY,GAAG;IAC1B,OAAO;IACP,OAAO;IACP,OAAO;IAEP,OAAO;IACP,OAAO;IACP,OAAO;IAEP,OAAO;IACP,QAAQ;IACR,OAAO;IACP,OAAO;CACC,CAAA"}
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../../src/lib/util/crypto.ts"],"names":[],"mappings":";;;AAEA,oCAOC;AAED,kCAGC;AAdD,6CAAyC;AAElC,KAAK,UAAU,YAAY,CAAC,WAAW,GAAG,EAAE;IACjD,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC7C,IAAA,yBAAW,EAAC,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACpC,IAAI,GAAG;gBAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAA;YAC3B,OAAO,CAAC,GAAG,CAAC,CAAA;QACd,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC;AAEM,KAAK,UAAU,WAAW,CAAC,WAAW,GAAG,EAAE;IAChD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,CAAA;IAC9C,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC/B,CAAC;AAED,8DAA8D;AAC9D,mFAAmF;AACtE,QAAA,YAAY,GAAG;IAC1B,OAAO;IACP,OAAO;IACP,OAAO;IAEP,OAAO;IACP,OAAO;IACP,OAAO;IAEP,OAAO;IACP,QAAQ;IACR,OAAO;IACP,OAAO;CACC,CAAA","sourcesContent":["import { randomBytes } from 'node:crypto'\n\nexport async function randomBuffer(bytesLength = 16) {\n  return new Promise<Buffer>((resolve, reject) => {\n    randomBytes(bytesLength, (err, buf) => {\n      if (err) return reject(err)\n      resolve(buf)\n    })\n  })\n}\n\nexport async function randomHexId(bytesLength = 16) {\n  const buffer = await randomBuffer(bytesLength)\n  return buffer.toString('hex')\n}\n\n// Basically all algorithms supported by \"jose\"'s jwtVerify().\n// @TODO Is there a way to get this list from the runtime instead of hardcoding it?\nexport const VERIFY_ALGOS = [\n  'RS256',\n  'RS384',\n  'RS512',\n\n  'PS256',\n  'PS384',\n  'PS512',\n\n  'ES256',\n  'ES256K',\n  'ES384',\n  'ES512',\n] as const\n"]}

package/dist/lib/util/date.js.map

@@ -1 +1 @@
-{"version":3,"file":"date.js","sourceRoot":"","sources":["../../../src/lib/util/date.ts"],"names":[],"mappings":";;AAAA,kCAEC;AAED,sDAEC;AAND,SAAgB,WAAW,CAAC,OAAa,IAAI,IAAI,EAAE;IACjD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;AAC1C,CAAC;AAED,SAAgB,qBAAqB,CAAC,IAAU;IAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAA;AACzD,CAAC"}
+{"version":3,"file":"date.js","sourceRoot":"","sources":["../../../src/lib/util/date.ts"],"names":[],"mappings":";;AAAA,kCAEC;AAED,sDAEC;AAND,SAAgB,WAAW,CAAC,OAAa,IAAI,IAAI,EAAE;IACjD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;AAC1C,CAAC;AAED,SAAgB,qBAAqB,CAAC,IAAU;IAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAA;AACzD,CAAC","sourcesContent":["export function dateToEpoch(date: Date = new Date()) {\n  return Math.floor(date.getTime() / 1000)\n}\n\nexport function dateToRelativeSeconds(date: Date) {\n  return Math.floor((date.getTime() - Date.now()) / 1000)\n}\n"]}

package/dist/lib/util/error.js.map

@@ -1 +1 @@
-{"version":3,"file":"error.js","sourceRoot":"","sources":["../../../src/lib/util/error.ts"],"names":[],"mappings":";;AAGA,kCAGC;AAND,6BAA8B;AAC9B,iDAA+C;AAE/C,SAAgB,WAAW,CAAC,GAAY,EAAE,MAAc;IACtD,IAAI,GAAG,YAAY,cAAQ;QAAE,OAAO,IAAA,6BAAc,EAAC,GAAG,EAAE,MAAM,CAAC,CAAA;IAC/D,OAAO,MAAM,CAAA;AACf,CAAC"}
+{"version":3,"file":"error.js","sourceRoot":"","sources":["../../../src/lib/util/error.ts"],"names":[],"mappings":";;AAGA,kCAGC;AAND,6BAA8B;AAC9B,iDAA+C;AAE/C,SAAgB,WAAW,CAAC,GAAY,EAAE,MAAc;IACtD,IAAI,GAAG,YAAY,cAAQ;QAAE,OAAO,IAAA,6BAAc,EAAC,GAAG,EAAE,MAAM,CAAC,CAAA;IAC/D,OAAO,MAAM,CAAA;AACf,CAAC","sourcesContent":["import { ZodError } from 'zod'\nimport { formatZodError } from './zod-error.js'\n\nexport function formatError(err: unknown, prefix: string): string {\n  if (err instanceof ZodError) return formatZodError(err, prefix)\n  return prefix\n}\n"]}

package/dist/lib/util/function.js.map

@@ -1 +1 @@
-{"version":3,"file":"function.js","sourceRoot":"","sources":["../../../src/lib/util/function.ts"],"names":[],"mappings":";;AAeA,8BAKC;AAED,gCAYC;AAED,gCAEC;AAvBM,KAAK,UAAU,SAAS,CAC7B,EAAM,EACN,GAAG,IAAmB;IAEtB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,CAAuC,CAAA;AACpE,CAAC;AAED,SAAgB,UAAU,CACxB,EAAK;IAEL,IAAI,UAAU,GAAa,EAAE,CAAA;IAC7B,OAAO,UAAU,GAAG,IAAI;QACtB,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,EAAE,GAAG,UAAU,CAAA;YACrB,UAAU,GAAG,IAAI,CAAA;YACjB,OAAO,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAA;QAC/B,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;IACnD,CAAM,CAAA;AACR,CAAC;AAED,SAAgB,UAAU,CAAwB,KAAQ;IACxD,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC7B,CAAC"}
+{"version":3,"file":"function.js","sourceRoot":"","sources":["../../../src/lib/util/function.ts"],"names":[],"mappings":";;AAeA,8BAKC;AAED,gCAYC;AAED,gCAEC;AAvBM,KAAK,UAAU,SAAS,CAC7B,EAAM,EACN,GAAG,IAAmB;IAEtB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,CAAuC,CAAA;AACpE,CAAC;AAED,SAAgB,UAAU,CACxB,EAAK;IAEL,IAAI,UAAU,GAAa,EAAE,CAAA;IAC7B,OAAO,UAAU,GAAG,IAAI;QACtB,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,EAAE,GAAG,UAAU,CAAA;YACrB,UAAU,GAAG,IAAI,CAAA;YACjB,OAAO,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAA;QAC/B,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;IACnD,CAAM,CAAA;AACR,CAAC;AAED,SAAgB,UAAU,CAAwB,KAAQ;IACxD,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC7B,CAAC","sourcesContent":["/**\n * This function serves two purposes:\n * - It ensures that the return value is a Promise, even if the function returns\n *   a \"thenable\" (i.e. a Promise-like object).\n * - It allows to avoid assigning a `this` context to the function, which is\n *   particularly useful when the function is a member of a \"private\" object.\n */\nexport async function callAsync<F extends (...args: any[]) => unknown>(\n  fn: F,\n  ...args: Parameters<F>\n): Promise<Awaited<ReturnType<F>>>\nexport async function callAsync<F extends (...args: any[]) => unknown>(\n  fn?: F,\n  ...args: Parameters<F>\n): Promise<Awaited<ReturnType<F>> | undefined>\nexport async function callAsync<F extends (...args: any[]) => unknown>(\n  fn?: F,\n  ...args: Parameters<F>\n): Promise<Awaited<ReturnType<F>> | undefined> {\n  return (await fn?.(...args)) as Awaited<ReturnType<F>> | undefined\n}\n\nexport function invokeOnce<T extends (this: any, ...a: any[]) => any>(\n  fn: T,\n): T {\n  let fnNullable: T | null = fn\n  return function (...args) {\n    if (fnNullable) {\n      const fn = fnNullable\n      fnNullable = null\n      return fn.call(this, ...args)\n    }\n    throw new Error('Function called multiple times')\n  } as T\n}\n\nexport function includedIn<T>(this: readonly T[], value: T): boolean {\n  return this.includes(value)\n}\n"]}

package/dist/lib/util/locale.js.map

@@ -1 +1 @@
-{"version":3,"file":"locale.js","sourceRoot":"","sources":["../../../src/lib/util/locale.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,EAAE;KACR,KAAK,CAAC,0BAA0B,EAAE,gBAAgB,CAAC,CAAA;AAGzC,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAC3C,oBAAY,EACZ,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CACtB,CAAA"}
+{"version":3,"file":"locale.js","sourceRoot":"","sources":["../../../src/lib/util/locale.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,EAAE;KACR,KAAK,CAAC,0BAA0B,EAAE,gBAAgB,CAAC,CAAA;AAGzC,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAC3C,oBAAY,EACZ,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CACtB,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const localeSchema = z\n  .string()\n  .regex(/^[a-z]{2,3}(-[A-Z]{2})?$/, 'Invalid locale')\nexport type Locale = z.infer<typeof localeSchema>\n\nexport const multiLangStringSchema = z.record(\n  localeSchema,\n  z.string().optional(),\n)\nexport type MultiLangString = z.infer<typeof multiLangStringSchema>\n"]}

package/dist/lib/util/redirect-uri.js.map

@@ -1 +1 @@
-{"version":3,"file":"redirect-uri.js","sourceRoot":"","sources":["../../../src/lib/util/redirect-uri.ts"],"names":[],"mappings":";;AAOA,gDAsCC;AA7CD,sDAAqD;AAErD;;;;GAIG;AACH,SAAgB,kBAAkB,CAChC,WAAmB,EACnB,WAAmB;IAEnB,4DAA4D;IAC5D,EAAE;IACF,0EAA0E;IAC1E,yEAAyE;IACzE,wEAAwE;IACxE,wEAAwE;IACxE,kEAAkE;IAClE,IAAI,WAAW,KAAK,WAAW;QAAE,OAAO,IAAI,CAAA;IAE5C,4DAA4D;IAC5D,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAA;IACvC,IAAI,IAAA,4BAAc,EAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAA;QAEvC,OAAO;QACL,wEAAwE;QACxE,sEAAsE;QACtE,uEAAuE;QACvE,sCAAsC;QACtC,EAAE;QACF,wEAAwE;QACxE,aAAa;QACb,CAAC,CAAC,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI,CAAC;YACzD,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ;YAC3C,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ;YAC3C,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ;YAC3C,UAAU,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM;YACvC,UAAU,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI;YACnC,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ;YAC3C,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ,CAC5C,CAAA;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC"}
+{"version":3,"file":"redirect-uri.js","sourceRoot":"","sources":["../../../src/lib/util/redirect-uri.ts"],"names":[],"mappings":";;AAOA,gDAsCC;AA7CD,sDAAqD;AAErD;;;;GAIG;AACH,SAAgB,kBAAkB,CAChC,WAAmB,EACnB,WAAmB;IAEnB,4DAA4D;IAC5D,EAAE;IACF,0EAA0E;IAC1E,yEAAyE;IACzE,wEAAwE;IACxE,wEAAwE;IACxE,kEAAkE;IAClE,IAAI,WAAW,KAAK,WAAW;QAAE,OAAO,IAAI,CAAA;IAE5C,4DAA4D;IAC5D,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAA;IACvC,IAAI,IAAA,4BAAc,EAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxC,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAA;QAEvC,OAAO;QACL,wEAAwE;QACxE,sEAAsE;QACtE,uEAAuE;QACvE,sCAAsC;QACtC,EAAE;QACF,wEAAwE;QACxE,aAAa;QACb,CAAC,CAAC,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI,CAAC;YACzD,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ;YAC3C,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ;YAC3C,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ;YAC3C,UAAU,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM;YACvC,UAAU,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI;YACnC,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ;YAC3C,UAAU,CAAC,QAAQ,KAAK,UAAU,CAAC,QAAQ,CAC5C,CAAA;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC","sourcesContent":["import { isLoopbackHost } from '@atproto/oauth-types'\n\n/**\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8252#section-8.4}\n * @see {@link https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-8.4.2}\n */\nexport function compareRedirectUri(\n  allowed_uri: string,\n  request_uri: string,\n): boolean {\n  // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n  //\n  // > Authorization servers MUST require clients to register their complete\n  // > redirect URI (including the path component) and reject authorization\n  // > requests that specify a redirect URI that doesn't exactly match the\n  // > one that was registered; the exception is loopback redirects, where\n  // > an exact match is required except for the port URI component.\n  if (allowed_uri === request_uri) return true\n\n  // https://datatracker.ietf.org/doc/html/rfc8252#section-7.3\n  const allowedUri = new URL(allowed_uri)\n  if (isLoopbackHost(allowedUri.hostname)) {\n    const requestUri = new URL(request_uri)\n\n    return (\n      // > The authorization server MUST allow any port to be specified at the\n      // > time of the request for loopback IP redirect URIs, to accommodate\n      // > clients that obtain an available ephemeral port from the operating\n      // > system at the time of the request\n      //\n      // Note: We only apply this rule if the allowed URI does not have a port\n      // specified.\n      (!allowedUri.port || allowedUri.port === requestUri.port) &&\n      allowedUri.hostname === requestUri.hostname &&\n      allowedUri.pathname === requestUri.pathname &&\n      allowedUri.protocol === requestUri.protocol &&\n      allowedUri.search === requestUri.search &&\n      allowedUri.hash === requestUri.hash &&\n      allowedUri.username === requestUri.username &&\n      allowedUri.password === requestUri.password\n    )\n  }\n\n  return false\n}\n"]}

package/dist/lib/util/time.js.map

@@ -1 +1 @@
-{"version":3,"file":"time.js","sourceRoot":"","sources":["../../../src/lib/util/time.ts"],"names":[],"mappings":";;AAGA,8CASC;AAKD,oCA+BC;AAhDD,mDAA0D;AAG1D,SAAgB,iBAAiB,CAAC,OAKjC;IACC,OAAO,CAAC,IAAI,CACV,oCAAoC,OAAO,CAAC,OAAO,6BAA6B,OAAO,CAAC,IAAI,gFAAgF,CAC7K,CAAA;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,YAAY,CAChC,IAAY,EACZ,EAAsB,EACtB,UAAU,GAAG,iBAAiB;IAE9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,SAAS,CAAC,kCAAkC,CAAC,CAAA;IACzD,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACxB,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,EAAE,CAAA;IACnB,CAAC;YAAS,CAAC;QACT,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,OAAO,GAAG,GAAG,GAAG,KAAK,CAAA;QAE3B,MAAM,SAAS,GAAG,IAAI,GAAG,OAAO,CAAA;QAChC,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;YACnB,qDAAqD;YACrD,MAAM,IAAA,qBAAK,EAAC,SAAS,CAAC,CAAA;QACxB,CAAC;aAAM,CAAC;YACN,iDAAiD;YACjD,UAAU,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;YAEzC,iEAAiE;YACjE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;YAC5C,MAAM,SAAS,GAAG,UAAU,GAAG,IAAI,GAAG,OAAO,CAAA;YAE7C,MAAM,IAAA,qBAAK,EAAC,SAAS,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"time.js","sourceRoot":"","sources":["../../../src/lib/util/time.ts"],"names":[],"mappings":";;AAGA,8CASC;AAKD,oCA+BC;AAhDD,mDAA0D;AAG1D,SAAgB,iBAAiB,CAAC,OAKjC;IACC,OAAO,CAAC,IAAI,CACV,oCAAoC,OAAO,CAAC,OAAO,6BAA6B,OAAO,CAAC,IAAI,gFAAgF,CAC7K,CAAA;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,YAAY,CAChC,IAAY,EACZ,EAAsB,EACtB,UAAU,GAAG,iBAAiB;IAE9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,SAAS,CAAC,kCAAkC,CAAC,CAAA;IACzD,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACxB,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,EAAE,CAAA;IACnB,CAAC;YAAS,CAAC;QACT,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,OAAO,GAAG,GAAG,GAAG,KAAK,CAAA;QAE3B,MAAM,SAAS,GAAG,IAAI,GAAG,OAAO,CAAA;QAChC,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;YACnB,qDAAqD;YACrD,MAAM,IAAA,qBAAK,EAAC,SAAS,CAAC,CAAA;QACxB,CAAC;aAAM,CAAC;YACN,iDAAiD;YACjD,UAAU,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;YAEzC,iEAAiE;YACjE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAA;YAC5C,MAAM,SAAS,GAAG,UAAU,GAAG,IAAI,GAAG,OAAO,CAAA;YAE7C,MAAM,IAAA,qBAAK,EAAC,SAAS,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["import { setTimeout as sleep } from 'node:timers/promises'\nimport { Awaitable } from './type.js'\n\nexport function onOvertimeDefault(options: {\n  start: number\n  end: number\n  elapsed: number\n  time: number\n}): void {\n  console.warn(\n    `constantTime: execution time was ${options.elapsed}ms (which is greater than ${options.time}ms). You should increase the \"time\" to properly defend against timing attacks.`,\n  )\n}\n\n/**\n * Utility function to protect against timing attacks.\n */\nexport async function constantTime<R>(\n  time: number,\n  fn: () => Awaitable<R>,\n  onOvertime = onOvertimeDefault,\n): Promise<R> {\n  if (!Number.isFinite(time) || time <= 0) {\n    throw new TypeError(`\"time\" must be a positive number`)\n  }\n\n  const start = Date.now()\n  try {\n    return await fn()\n  } finally {\n    const end = Date.now()\n    const elapsed = end - start\n\n    const remaining = time - elapsed\n    if (remaining >= 0) {\n      // Happy path, execution time was smaller than \"time\"\n      await sleep(remaining)\n    } else {\n      // The function execution took longer than \"time\"\n      onOvertime({ start, end, elapsed, time })\n\n      // Sleep until the next multiple of \"time\" to mitigate any attack\n      const multiplier = Math.ceil(elapsed / time)\n      const remaining = multiplier * time - elapsed\n\n      await sleep(remaining)\n    }\n  }\n}\n"]}

package/dist/lib/util/type.js.map

@@ -1 +1 @@
-{"version":3,"file":"type.js","sourceRoot":"","sources":["../../../src/lib/util/type.ts"],"names":[],"mappings":";;;AA4IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACI,MAAM,qBAAqB,GAChC,CAAmB,IAA+C,EAAE,EAAE,CACtE,CAAuB,KAAQ,EAAmC,EAAE,CAClE,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAA;AAHtC,QAAA,qBAAqB,yBAGiB;AAEnD,mBAAmB"}
+{"version":3,"file":"type.js","sourceRoot":"","sources":["../../../src/lib/util/type.ts"],"names":[],"mappings":";;;AA4IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACI,MAAM,qBAAqB,GAChC,CAAmB,IAA+C,EAAE,EAAE,CACtE,CAAuB,KAAQ,EAAmC,EAAE,CAClE,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAA;AAHtC,QAAA,qBAAqB,yBAGiB;AAEnD,mBAAmB","sourcesContent":["// eslint-disable-next-line @typescript-eslint/ban-types\nexport type Simplify<T> = { [K in keyof T]: T[K] } & {}\nexport type Override<T, V> = Simplify<{\n  [K in keyof (V & T)]: K extends keyof V\n    ? V[K]\n    : K extends keyof T\n      ? T[K]\n      : never\n}>\nexport type Awaitable<T> = T | Promise<T>\nexport type NonNullableKeys<T, K extends keyof T> = Simplify<\n  OmitKey<T, K> & {\n    [P in K]-?: NonNullable<T[P]>\n  }\n>\n/**\n * When a type has an `[x: string]: unknown` index signature, in addition to\n * some known properties, using {@link Omit} will result in a type that only has\n * the index signature, and no known properties.\n *\n * ```ts\n * Omit<{ a: 3; b: 4; [x: string]: unknown }, 'a'> // { [x: string]: unknown }\n * ```\n *\n * In order to properly omit specific known properties from a type with an index\n * signature, we need to use another utility type that will behave correctly.\n *\n * ```ts\n * OmitKey<{ a: 3; b: 4; [x: string]: unknown }, 'a'> // { b: 4; [x: string]: unknown }\n * ```\n */\nexport type OmitKey<T, K extends keyof T> = {\n  [K2 in keyof T as K2 extends K ? never : K2]: T[K2]\n}\n\nexport type RequiredKey<T, K extends keyof T = never> = Simplify<\n  T & {\n    [L in K]-?: unknown extends T[L]\n      ? NonNullable<unknown> | null\n      : Exclude<T[L], undefined>\n  }\n>\n\n/**\n * Converts a tuple to the equivalent type of combining every item into a single\n * one. If any of the item in the tuple is non nullish, the result will be non\n * nullish.\n */\nexport type CombinedTuple<T extends readonly unknown[]> = T extends []\n  ? undefined\n  : Exclude<\n      T[number],\n      // If any item in the tuple is never `null` (resp. `undefined`), exclude\n      // `null` (resp. `undefined`) from `T[number]`\n      {\n        [K in keyof T]-?:\n          | (null extends T[K] ? never : null)\n          | (undefined extends T[K] ? never : undefined)\n      }[keyof T]\n    >\n\n/**\n * Similar to {@link Required} but also ensures that all values are defined.\n */\nexport type RequiredDefined<T> = { [K in keyof T]-?: Exclude<T[K], undefined> }\n\n// <hardcore-mode> (don't touch this)\n\n/**\n * @example\n * ```ts\n * type F = UnionToFnUnion<'a' | 'b'> // (() => 'a') | (() => 'b')\n * ```\n */\ntype UnionToFnUnion<T> = T extends any ? () => T : never\n\n/**\n * @example\n * ```ts\n * type A = UnionToIntersection<(() => 'a') | (() => 'b')> // (() => 'a') & (() => 'b')\n *\n * UnionToIntersection<{ foo: string | number } | { foo: number; bar: 4 }> // { foo: number; bar: 4 }\n * ```\n */\ntype UnionToIntersection<T> = (T extends any ? (x: T) => void : never) extends (\n  x: infer U,\n) => void\n  ? U\n  : never\n\n/**\n * @example\n * ```ts\n * type B = ExtractUnionItem<'a' | 'b'> // 'b'\n * ```\n */\ntype ExtractUnionItem<T> =\n  // There exists a quirk in the way TypeScript works when inferring return\n  // types of an (disjoined) intersection of functions:\n  //\n  // type AnB = (() => 'a') & (() => 'b')\n  // type B = AnB extends () => infer R ? R : never // 'b'\n  //\n  // By turning the input union T (e.g. 'a' | 'b') into a union of function\n  // (() => 'a') | (() => 'b') and then into an intersection of those functions\n  // (() => 'a') & (() => 'b'), we can exploit the special TypeScript behavior\n  // to infer only the last return type from the functions, which is effectively\n  // equal to the last item of the input union T.\n  UnionToIntersection<UnionToFnUnion<T>> extends () => infer R ? R : never\n\n/**\n * Utility that turn a union of types (`'a' | 'b'`) into a tuple with matching\n * types (`['a', 'b']`).\n *\n * @note this only work with unions of \"const\" types. Using this with globals\n * types (`string`, etc.) will yield unexpected results.\n *\n * @example\n * ```ts\n * type T = UnionToTuple<'a' | 'b'> // ['a', 'b']\n * type T = UnionToTuple<'a' | 'b' | 'c'> // ['a', 'b', 'c']\n * ```\n */\ntype UnionToTuple<T> = UnionToTupleInternal<T>\n\ntype UnionToTupleInternal<\n  T,\n  // Accumulator for terminal recursivity (initialized to empty tuple)\n  Acc extends readonly any[] = [],\n  // Get the next item from the union (if any)\n  Next = ExtractUnionItem<T>,\n> =\n  // If there were no more items to extract from the union T, then we are done\n  [Next] extends [never]\n    ? // Return result of previous recursive calls\n      Acc\n    : // Recursively call UnionToTupleInternal by Exclude'ing the Next item from\n      // the union (T) and adding it to the accumulator.\n      UnionToTupleInternal<Exclude<T, Next>, readonly [Next, ...Acc]>\n\n/**\n * This utility allows to create an assertion function that checks if a\n * particular interface is fully implemented by some value.\n *\n * The use of the (rather complex) {@link UnionToTuple} allows to ensure that,\n * at runtime, all the required interface keys are indeed checked, and that\n * future additions to the interface do not result in a false sense of type\n * safety.\n *\n * @note This function should not be made public, as it relies on a quirk of\n * TypeScript to work properly.\n *\n * @example Valid use\n *\n * ```ts\n * const isFoo = buildInterfaceChecker<{ foo: string }>(['foo'])\n * const isFooBar = buildInterfaceChecker<{ foo: string; bar: boolean }>([\n *   'foo',\n *   'bar',\n * ])\n *\n * declare const val: { foo?: string }\n *\n * if (isFoo(val)) {\n *   val // { foo: string }\n * }\n * ```\n *\n * @example Use cases where the runtime keys do not match the interface keys\n *\n * ```ts\n * buildInterfaceChecker<{ foo: string }>([])\n * buildInterfaceChecker<{ foo: string }>(['fee'])\n * buildInterfaceChecker<{ foo: string; bar: string }>(['foo'])\n * buildInterfaceChecker<{ foo: string; bar: string }>(['foo', 'baz'])\n * ```\n */\nexport const buildInterfaceChecker =\n  <I extends object>(keys: readonly string[] & UnionToTuple<keyof I>) =>\n  <V extends Partial<I>>(value: V): value is V & RequiredDefined<I> =>\n    keys.every((name) => value[name] !== undefined)\n\n// </hardcore-mode>\n"]}

package/dist/lib/util/ui8.js.map

@@ -1 +1 @@
-{"version":3,"file":"ui8.js","sourceRoot":"","sources":["../../../src/lib/util/ui8.ts"],"names":[],"mappings":";;AAAA,kCAEC;AAED,kCAEC;AAED,sBAKC;AAbD,SAAgB,WAAW,CAAC,CAAS;IACnC,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;AAC/B,CAAC;AAED,SAAgB,WAAW,CAAC,CAAS;IACnC,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;AAC/B,CAAC;AAED,SAAgB,KAAK,CAAC,CAAS;IAC7B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IACvD,MAAM,IAAI,SAAS,CACjB,kBAAkB,CAAC,2CAA2C,CAC/D,CAAA;AACH,CAAC"}
+{"version":3,"file":"ui8.js","sourceRoot":"","sources":["../../../src/lib/util/ui8.ts"],"names":[],"mappings":";;AAAA,kCAEC;AAED,kCAEC;AAED,sBAKC;AAbD,SAAgB,WAAW,CAAC,CAAS;IACnC,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;AAC/B,CAAC;AAED,SAAgB,WAAW,CAAC,CAAS;IACnC,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;AAC/B,CAAC;AAED,SAAgB,KAAK,CAAC,CAAS;IAC7B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IACvD,MAAM,IAAI,SAAS,CACjB,kBAAkB,CAAC,2CAA2C,CAC/D,CAAA;AACH,CAAC","sourcesContent":["export function parseUi8Hex(v: string) {\n  return asUi8(parseInt(v, 16))\n}\n\nexport function parseUi8Dec(v: string) {\n  return asUi8(parseInt(v, 10))\n}\n\nexport function asUi8(v: number) {\n  if (v >= 0 && v <= 255 && Number.isInteger(v)) return v\n  throw new TypeError(\n    `Invalid value \"${v}\" (expected an integer between 0 and 255)`,\n  )\n}\n"]}

package/dist/lib/util/well-known.js.map

@@ -1 +1 @@
-{"version":3,"file":"well-known.js","sourceRoot":"","sources":["../../../src/lib/util/well-known.ts"],"names":[],"mappings":";;AAAA,8CAOC;AAPD,SAAgB,iBAAiB,CAAC,GAAQ,EAAE,IAAY;IACtD,MAAM,IAAI,GACR,GAAG,CAAC,QAAQ,KAAK,GAAG;QAClB,CAAC,CAAC,gBAAgB,IAAI,EAAE;QACxB,CAAC,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,IAAI,EAAE,CAAA;IAEnD,OAAO,IAAI,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;AAC3B,CAAC"}
+{"version":3,"file":"well-known.js","sourceRoot":"","sources":["../../../src/lib/util/well-known.ts"],"names":[],"mappings":";;AAAA,8CAOC;AAPD,SAAgB,iBAAiB,CAAC,GAAQ,EAAE,IAAY;IACtD,MAAM,IAAI,GACR,GAAG,CAAC,QAAQ,KAAK,GAAG;QAClB,CAAC,CAAC,gBAAgB,IAAI,EAAE;QACxB,CAAC,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,IAAI,EAAE,CAAA;IAEnD,OAAO,IAAI,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;AAC3B,CAAC","sourcesContent":["export function buildWellknownUrl(url: URL, name: string): URL {\n  const path =\n    url.pathname === '/'\n      ? `/.well-known/${name}`\n      : `${url.pathname.replace(/\\/+$/, '')}/${name}`\n\n  return new URL(path, url)\n}\n"]}

package/dist/lib/util/zod-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"zod-error.js","sourceRoot":"","sources":["../../../src/lib/util/zod-error.ts"],"names":[],"mappings":";;AAEA,wCAKC;AAED,wCAgBC;AAzBD,6BAAsD;AAEtD,SAAgB,cAAc,CAAC,GAAa,EAAE,MAAe;IAC3D,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM;QAC/B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;QAC3C,CAAC,CAAC,GAAG,CAAC,OAAO,CAAA,CAAC,qDAAqD;IACrE,OAAO,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,CAAA;AACnD,CAAC;AAED,SAAgB,cAAc,CAAC,KAAe;IAC5C,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAY,CAAC,aAAa,EAAE,CAAC;QAC9C,OAAO,KAAK,CAAC,WAAW;aACrB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;aACvD,IAAI,CAAC,OAAO,CAAC,CAAA;IAClB,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QACjE,OAAO,GAAG,KAAK,CAAC,OAAO,aAAa,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;IACrD,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACtB,OAAO,GAAG,KAAK,CAAC,OAAO,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;IACtD,CAAC;IAED,OAAO,KAAK,CAAC,OAAO,CAAA;AACtB,CAAC"}
+{"version":3,"file":"zod-error.js","sourceRoot":"","sources":["../../../src/lib/util/zod-error.ts"],"names":[],"mappings":";;AAEA,wCAKC;AAED,wCAgBC;AAzBD,6BAAsD;AAEtD,SAAgB,cAAc,CAAC,GAAa,EAAE,MAAe;IAC3D,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM;QAC/B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;QAC3C,CAAC,CAAC,GAAG,CAAC,OAAO,CAAA,CAAC,qDAAqD;IACrE,OAAO,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,CAAA;AACnD,CAAC;AAED,SAAgB,cAAc,CAAC,KAAe;IAC5C,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAY,CAAC,aAAa,EAAE,CAAC;QAC9C,OAAO,KAAK,CAAC,WAAW;aACrB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;aACvD,IAAI,CAAC,OAAO,CAAC,CAAA;IAClB,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QACjE,OAAO,GAAG,KAAK,CAAC,OAAO,aAAa,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAA;IACrD,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACtB,OAAO,GAAG,KAAK,CAAC,OAAO,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;IACtD,CAAC;IAED,OAAO,KAAK,CAAC,OAAO,CAAA;AACtB,CAAC","sourcesContent":["import { ZodError, ZodIssue, ZodIssueCode } from 'zod'\n\nexport function formatZodError(err: ZodError, prefix?: string): string {\n  const message = err.issues.length\n    ? err.issues.map(formatZodIssue).join('; ')\n    : err.message // Should never happen (issues should never be empty)\n  return prefix ? `${prefix}: ${message}` : message\n}\n\nexport function formatZodIssue(issue: ZodIssue): string {\n  if (issue.code === ZodIssueCode.invalid_union) {\n    return issue.unionErrors\n      .map((err) => err.issues.map(formatZodIssue).join('; '))\n      .join(', or ')\n  }\n\n  if (issue.path.length === 1 && typeof issue.path[0] === 'number') {\n    return `${issue.message} at index ${issue.path[0]}`\n  }\n\n  if (issue.path.length) {\n    return `${issue.message} at ${issue.path.join('.')}`\n  }\n\n  return issue.message\n}\n"]}

package/dist/metadata/build-metadata.js

@@ -81,7 +81,8 @@ function buildMetadata(issuer, keyset, customMetadata) {
         token_endpoint_auth_methods_supported: [...client_js_1.Client.AUTH_METHODS_SUPPORTED],
         token_endpoint_auth_signing_alg_values_supported: [...crypto_js_1.VERIFY_ALGOS],
         revocation_endpoint: new URL('/oauth/revoke', issuer).href,
-        introspection_endpoint: new URL('/oauth/introspect', issuer).href,
+        // @TODO Should we implement these endpoints?
+        // introspection_endpoint: new URL('/oauth/introspect', issuer).href,
         // end_session_endpoint: new URL('/oauth/logout', issuer).href,
         // https://datatracker.ietf.org/doc/html/rfc9126#section-5
         pushed_authorization_request_endpoint: new URL('/oauth/par', issuer).href,
@@ -90,9 +91,9 @@ function buildMetadata(issuer, keyset, customMetadata) {
         dpop_signing_alg_values_supported: [...crypto_js_1.VERIFY_ALGOS],
         // https://datatracker.ietf.org/doc/html/rfc9396#section-14.4
         authorization_details_types_supported: customMetadata?.authorization_details_types_supported,
-        // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-resource-metadata-05#section-4
+        // https://www.rfc-editor.org/rfc/rfc9728.html#section-4
         protected_resources: customMetadata?.protected_resources,
-        // https://drafts.aaronpk.com/draft-parecki-oauth-client-id-metadata-document/draft-parecki-oauth-client-id-metadata-document.html
+        // https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html
         client_id_metadata_document_supported: true,
     });
 }

package/dist/metadata/build-metadata.js.map

@@ -1 +1 @@
-{"version":3,"file":"build-metadata.js","sourceRoot":"","sources":["../../src/metadata/build-metadata.ts"],"names":[],"mappings":";;AAkBA,sCAgHC;AAjID,sDAI6B;AAC7B,mDAA4C;AAC5C,qDAAoD;AAOpD;;;GAGG;AACH,SAAgB,aAAa,CAC3B,MAA6B,EAC7B,MAAc,EACd,cAA+B;IAE/B,OAAO,uDAAyC,CAAC,KAAK,CAAC;QACrD,MAAM;QAEN,gBAAgB,EAAE;YAChB,SAAS;YAET,yEAAyE;YACzE,kCAAkC;YAClC,kBAAkB;YAClB,oBAAoB;YACpB,sBAAsB;YAEtB,gEAAgE;SACjE;QACD,uBAAuB,EAAE;YACvB,EAAE;YACF,QAAQ,EAAE,6CAA6C;YACvD,+DAA+D;SAChE;QACD,wBAAwB,EAAE;YACxB,QAAQ;YACR,MAAM;YACN,WAAW;YAEX,SAAS;YACT,UAAU;YACV,yBAAyB;YACzB,mBAAmB;YACnB,gBAAgB;YAChB,oBAAoB;YACpB,cAAc;SACf;QACD,wBAAwB,EAAE;YACxB,mFAAmF;YACnF,OAAO;YACP,UAAU;YACV,0FAA0F;YAC1F,WAAW;SACZ;QACD,qBAAqB,EAAE;YACrB,EAAE;YACF,oBAAoB;YACpB,eAAe;SAChB;QACD,gCAAgC,EAAE;YAChC,sGAAsG;YACtG,MAAM;YAEN,iCAAiC;YACjC,WAAW;SACZ;QACD,oBAAoB,EAAE;YACpB,EAAE;YACF,OAAO;SACR;QACD,wBAAwB,EAAE;YACxB,EAAE;YACF,MAAM;YACN,OAAO;YACP,OAAO;YACP,aAAa;SACd;QAED,gDAAgD;QAChD,8CAA8C,EAAE,IAAI;QAEpD,0DAA0D;QAC1D,2CAA2C,EAAE,CAAC,GAAG,wBAAY,EAAE,MAAM,CAAC;QACtE,8CAA8C,EAAE,EAAE,EAAE,OAAO;QAC3D,8CAA8C,EAAE,EAAE,EAAE,OAAO;QAE3D,2BAA2B,EAAE,IAAI;QACjC,+BAA+B,EAAE,IAAI;QACrC,gCAAgC,EAAE,IAAI;QAEtC,QAAQ,EAAE,IAAI,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,IAAI;QAE7C,sBAAsB,EAAE,IAAI,GAAG,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC,IAAI;QAEhE,cAAc,EAAE,IAAI,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,IAAI;QACpD,qCAAqC,EAAE,CAAC,GAAG,kBAAM,CAAC,sBAAsB,CAAC;QACzE,gDAAgD,EAAE,CAAC,GAAG,wBAAY,CAAC;QAEnE,mBAAmB,EAAE,IAAI,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,IAAI;QAE1D,sBAAsB,EAAE,IAAI,GAAG,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,IAAI;QAEjE,+DAA+D;QAE/D,0DAA0D;QAC1D,qCAAqC,EAAE,IAAI,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,IAAI;QAEzE,qCAAqC,EAAE,IAAI;QAE3C,4DAA4D;QAC5D,iCAAiC,EAAE,CAAC,GAAG,wBAAY,CAAC;QAEpD,6DAA6D;QAC7D,qCAAqC,EACnC,cAAc,EAAE,qCAAqC;QAEvD,wFAAwF;QACxF,mBAAmB,EAAE,cAAc,EAAE,mBAAmB;QAExD,kIAAkI;QAClI,qCAAqC,EAAE,IAAI;KAC5C,CAAC,CAAA;AACJ,CAAC"}
+{"version":3,"file":"build-metadata.js","sourceRoot":"","sources":["../../src/metadata/build-metadata.ts"],"names":[],"mappings":";;AAkBA,sCAgHC;AAjID,sDAI6B;AAC7B,mDAA4C;AAC5C,qDAAoD;AAOpD;;;GAGG;AACH,SAAgB,aAAa,CAC3B,MAA6B,EAC7B,MAAc,EACd,cAA+B;IAE/B,OAAO,uDAAyC,CAAC,KAAK,CAAC;QACrD,MAAM;QAEN,gBAAgB,EAAE;YAChB,SAAS;YAET,yEAAyE;YACzE,kCAAkC;YAClC,kBAAkB;YAClB,oBAAoB;YACpB,sBAAsB;YAEtB,gEAAgE;SACjE;QACD,uBAAuB,EAAE;YACvB,EAAE;YACF,QAAQ,EAAE,6CAA6C;YACvD,+DAA+D;SAChE;QACD,wBAAwB,EAAE;YACxB,QAAQ;YACR,MAAM;YACN,WAAW;YAEX,SAAS;YACT,UAAU;YACV,yBAAyB;YACzB,mBAAmB;YACnB,gBAAgB;YAChB,oBAAoB;YACpB,cAAc;SACf;QACD,wBAAwB,EAAE;YACxB,mFAAmF;YACnF,OAAO;YACP,UAAU;YACV,0FAA0F;YAC1F,WAAW;SACZ;QACD,qBAAqB,EAAE;YACrB,EAAE;YACF,oBAAoB;YACpB,eAAe;SAChB;QACD,gCAAgC,EAAE;YAChC,sGAAsG;YACtG,MAAM;YAEN,iCAAiC;YACjC,WAAW;SACZ;QACD,oBAAoB,EAAE;YACpB,EAAE;YACF,OAAO;SACR;QACD,wBAAwB,EAAE;YACxB,EAAE;YACF,MAAM;YACN,OAAO;YACP,OAAO;YACP,aAAa;SACd;QAED,gDAAgD;QAChD,8CAA8C,EAAE,IAAI;QAEpD,0DAA0D;QAC1D,2CAA2C,EAAE,CAAC,GAAG,wBAAY,EAAE,MAAM,CAAC;QACtE,8CAA8C,EAAE,EAAE,EAAE,OAAO;QAC3D,8CAA8C,EAAE,EAAE,EAAE,OAAO;QAE3D,2BAA2B,EAAE,IAAI;QACjC,+BAA+B,EAAE,IAAI;QACrC,gCAAgC,EAAE,IAAI;QAEtC,QAAQ,EAAE,IAAI,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,IAAI;QAE7C,sBAAsB,EAAE,IAAI,GAAG,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC,IAAI;QAEhE,cAAc,EAAE,IAAI,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,IAAI;QACpD,qCAAqC,EAAE,CAAC,GAAG,kBAAM,CAAC,sBAAsB,CAAC;QACzE,gDAAgD,EAAE,CAAC,GAAG,wBAAY,CAAC;QAEnE,mBAAmB,EAAE,IAAI,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC,IAAI;QAE1D,6CAA6C;QAC7C,qEAAqE;QACrE,+DAA+D;QAE/D,0DAA0D;QAC1D,qCAAqC,EAAE,IAAI,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC,IAAI;QAEzE,qCAAqC,EAAE,IAAI;QAE3C,4DAA4D;QAC5D,iCAAiC,EAAE,CAAC,GAAG,wBAAY,CAAC;QAEpD,6DAA6D;QAC7D,qCAAqC,EACnC,cAAc,EAAE,qCAAqC;QAEvD,wDAAwD;QACxD,mBAAmB,EAAE,cAAc,EAAE,mBAAmB;QAExD,uFAAuF;QACvF,qCAAqC,EAAE,IAAI;KAC5C,CAAC,CAAA;AACJ,CAAC","sourcesContent":["import { Keyset } from '@atproto/jwk'\nimport {\n  OAuthAuthorizationServerMetadata,\n  OAuthIssuerIdentifier,\n  oauthAuthorizationServerMetadataValidator,\n} from '@atproto/oauth-types'\nimport { Client } from '../client/client.js'\nimport { VERIFY_ALGOS } from '../lib/util/crypto.js'\n\nexport type CustomMetadata = {\n  authorization_details_types_supported?: string[]\n  protected_resources?: string[]\n}\n\n/**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8414#section-2}\n * @see {@link https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata}\n */\nexport function buildMetadata(\n  issuer: OAuthIssuerIdentifier,\n  keyset: Keyset,\n  customMetadata?: CustomMetadata,\n): OAuthAuthorizationServerMetadata {\n  return oauthAuthorizationServerMetadataValidator.parse({\n    issuer,\n\n    scopes_supported: [\n      'atproto',\n\n      // These serve as hint that this server supports the transitional scopes.\n      // This is not a specced behavior.\n      'transition:email',\n      'transition:generic',\n      'transition:chat.bsky',\n\n      // Other atproto scopes can't be enumerated as they are dynamic.\n    ],\n    subject_types_supported: [\n      //\n      'public', // The same \"sub\" is returned for all clients\n      // 'pairwise', // A different \"sub\" is returned for each client\n    ],\n    response_types_supported: [\n      // OAuth\n      'code',\n      // 'token',\n\n      // OpenID\n      // 'none',\n      // 'code id_token token',\n      // 'code id_token',\n      // 'code token',\n      // 'id_token token',\n      // 'id_token',\n    ],\n    response_modes_supported: [\n      // https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes\n      'query',\n      'fragment',\n      // https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html#FormPostResponseMode\n      'form_post',\n    ],\n    grant_types_supported: [\n      //\n      'authorization_code',\n      'refresh_token',\n    ],\n    code_challenge_methods_supported: [\n      // https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#pkce-code-challenge-method\n      'S256',\n\n      // atproto does not allow \"plain\"\n      // 'plain',\n    ],\n    ui_locales_supported: [\n      //\n      'en-US',\n    ],\n    display_values_supported: [\n      //\n      'page',\n      'popup',\n      'touch',\n      // 'wap', LoL\n    ],\n\n    // https://datatracker.ietf.org/doc/html/rfc9207\n    authorization_response_iss_parameter_supported: true,\n\n    // https://datatracker.ietf.org/doc/html/rfc9101#section-4\n    request_object_signing_alg_values_supported: [...VERIFY_ALGOS, 'none'],\n    request_object_encryption_alg_values_supported: [], // None\n    request_object_encryption_enc_values_supported: [], // None\n\n    request_parameter_supported: true,\n    request_uri_parameter_supported: true,\n    require_request_uri_registration: true,\n\n    jwks_uri: new URL('/oauth/jwks', issuer).href,\n\n    authorization_endpoint: new URL('/oauth/authorize', issuer).href,\n\n    token_endpoint: new URL('/oauth/token', issuer).href,\n    token_endpoint_auth_methods_supported: [...Client.AUTH_METHODS_SUPPORTED],\n    token_endpoint_auth_signing_alg_values_supported: [...VERIFY_ALGOS],\n\n    revocation_endpoint: new URL('/oauth/revoke', issuer).href,\n\n    // @TODO Should we implement these endpoints?\n    // introspection_endpoint: new URL('/oauth/introspect', issuer).href,\n    // end_session_endpoint: new URL('/oauth/logout', issuer).href,\n\n    // https://datatracker.ietf.org/doc/html/rfc9126#section-5\n    pushed_authorization_request_endpoint: new URL('/oauth/par', issuer).href,\n\n    require_pushed_authorization_requests: true,\n\n    // https://datatracker.ietf.org/doc/html/rfc9449#section-5.1\n    dpop_signing_alg_values_supported: [...VERIFY_ALGOS],\n\n    // https://datatracker.ietf.org/doc/html/rfc9396#section-14.4\n    authorization_details_types_supported:\n      customMetadata?.authorization_details_types_supported,\n\n    // https://www.rfc-editor.org/rfc/rfc9728.html#section-4\n    protected_resources: customMetadata?.protected_resources,\n\n    // https://www.ietf.org/archive/id/draft-ietf-oauth-client-id-metadata-document-00.html\n    client_id_metadata_document_supported: true,\n  })\n}\n"]}

package/dist/oauth-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uDAAoC;AAEpC,2DAAwC"}
+{"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../src/oauth-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uDAAoC;AAEpC,2DAAwC","sourcesContent":["export * from '@atproto/oauth-types'\nexport type * from './client/client.js'\nexport * from './client/client-utils.js'\n"]}

package/dist/oauth-dpop.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-dpop.js","sourceRoot":"","sources":["../src/oauth-dpop.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uDAAoC;AACpC,yDAAsC"}
+{"version":3,"file":"oauth-dpop.js","sourceRoot":"","sources":["../src/oauth-dpop.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uDAAoC;AACpC,yDAAsC","sourcesContent":["export * from './dpop/dpop-nonce.js'\nexport * from './dpop/dpop-manager.js'\n"]}

package/dist/oauth-errors.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-errors.js","sourceRoot":"","sources":["../src/oauth-errors.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,mBAAmB;AACnB,0DAAoD;AAA3C,4GAAA,UAAU,OAAA;AAEnB,kEAA+C;AAC/C,+EAA4D;AAC5D,kEAA+C;AAC/C,qEAAkD;AAClD,uEAAoD;AACpD,kFAA+D;AAC/D,mEAAgD;AAChD,sEAAmD;AACnD,4EAAyD;AACzD,6EAA0D;AAC1D,uEAAoD;AACpD,kEAA+C;AAC/C,wEAAqD;AACrD,yEAAsD;AACtD,oEAAiD;AACjD,kEAA+C;AAC/C,kEAA+C;AAC/C,mEAAgD;AAChD,0FAAuE;AACvE,wEAAqD;AACrD,mEAAgD;AAChD,qEAAkD"}
+{"version":3,"file":"oauth-errors.js","sourceRoot":"","sources":["../src/oauth-errors.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,mBAAmB;AACnB,0DAAoD;AAA3C,4GAAA,UAAU,OAAA;AAEnB,kEAA+C;AAC/C,+EAA4D;AAC5D,kEAA+C;AAC/C,qEAAkD;AAClD,uEAAoD;AACpD,kFAA+D;AAC/D,mEAAgD;AAChD,sEAAmD;AACnD,4EAAyD;AACzD,6EAA0D;AAC1D,uEAAoD;AACpD,kEAA+C;AAC/C,wEAAqD;AACrD,yEAAsD;AACtD,oEAAiD;AACjD,kEAA+C;AAC/C,kEAA+C;AAC/C,mEAAgD;AAChD,0FAAuE;AACvE,wEAAqD;AACrD,mEAAgD;AAChD,qEAAkD","sourcesContent":["// Root Error class\nexport { OAuthError } from './errors/oauth-error.js'\n\nexport * from './errors/access-denied-error.js'\nexport * from './errors/account-selection-required-error.js'\nexport * from './errors/authorization-error.js'\nexport * from './errors/consent-required-error.js'\nexport * from './errors/handle-unavailable-error.js'\nexport * from './errors/invalid-authorization-details-error.js'\nexport * from './errors/invalid-client-error.js'\nexport * from './errors/invalid-client-id-error.js'\nexport * from './errors/invalid-client-metadata-error.js'\nexport * from './errors/invalid-dpop-key-binding-error.js'\nexport * from './errors/invalid-dpop-proof-error.js'\nexport * from './errors/invalid-grant-error.js'\nexport * from './errors/invalid-invite-code-error.js'\nexport * from './errors/invalid-redirect-uri-error.js'\nexport * from './errors/invalid-request-error.js'\nexport * from './errors/invalid-scope-error.js'\nexport * from './errors/invalid-token-error.js'\nexport * from './errors/login-required-error.js'\nexport * from './errors/second-authentication-factor-required-error.js'\nexport * from './errors/unauthorized-client-error.js'\nexport * from './errors/use-dpop-nonce-error.js'\nexport * from './errors/www-authenticate-error.js'\n"]}

package/dist/oauth-hooks.d.ts

@@ -62,6 +62,16 @@ export type OAuthHooks = {
         deviceId: DeviceId;
         deviceMetadata: RequestMetadata;
     }) => Awaitable<void>;
+    /**
+     * This hook is called when a user requests a password reset, before the
+     * reset password request is triggered on the account store.
+     */
+    onResetPasswordRequested?: (data: {
+        input: ResetPasswordRequestInput;
+        deviceId: DeviceId;
+        deviceMetadata: RequestMetadata;
+        account: Account;
+    }) => Awaitable<void>;
     /**
      * This hook is called when a user confirms a password reset, before the
      * password is actually reset on the account store.
@@ -71,6 +81,16 @@ export type OAuthHooks = {
         deviceId: DeviceId;
         deviceMetadata: RequestMetadata;
     }) => Awaitable<void>;
+    /**
+     * This hook is called after a user confirms a password reset, and the
+     * password was successfully reset on the account store.
+     */
+    onResetPasswordConfirmed?: (data: {
+        input: ResetPasswordConfirmInput;
+        deviceId: DeviceId;
+        deviceMetadata: RequestMetadata;
+        account: Account;
+    }) => Awaitable<void>;
     /**
      * This hook is called when a user successfully signs up.
      *

package/dist/oauth-hooks.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-hooks.d.ts","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AAC1D,OAAO,EACL,gBAAgB,EAChB,yBAAyB,EACzB,mCAAmC,EACnC,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,EACf,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACX,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAA;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACrB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AACnD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAGrD,OAAO,EACL,iBAAiB,EACjB,KAAK,kBAAkB,EACvB,KAAK,OAAO,EACZ,kBAAkB,EAClB,KAAK,SAAS,EACd,MAAM,EACN,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,mBAAmB,EACnB,KAAK,IAAI,EACT,KAAK,gBAAgB,EACrB,KAAK,yBAAyB,EAC9B,KAAK,mCAAmC,EACxC,KAAK,mBAAmB,EACxB,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,yBAAyB,EAC9B,KAAK,yBAAyB,EAC9B,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,WAAW,GACjB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG;IACvB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,CACd,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE;QAAE,QAAQ,EAAE,mBAAmB,CAAC;QAAC,IAAI,CAAC,EAAE,IAAI,CAAA;KAAE,KACjD,SAAS,CAAC,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAA;IAE/C;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,oBAAoB,CAAA;KAC7B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,IAAI,EAAE,UAAU,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,IAAI,GAAG,UAAU,CAAA;QAC7B,UAAU,EAAE,QAAQ,CAAC,mCAAmC,CAAC,CAAA;KAC1D,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;;;;OAUG;IACH,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,SAAS,EAAE,SAAS,CAAA;KACrB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE;QACrB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,MAAM,EAAE,WAAW,CAAA;KACpB,KAAK,SAAS,CAAC,IAAI,GAAG,OAAO,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC,CAAA;IAE1D;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE;QACrB,SAAS,EAAE,cAAc,CAAA;QACzB,KAAK,EAAE,gBAAgB,CAAA;QACvB,OAAO,EAAE,kBAAkB,CAAA;QAC3B,SAAS,EAAE,IAAI,GAAG,SAAS,CAAA;KAC5B,KAAK,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAA;IAExC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;KAChD,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;KAChD,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;CACtB,CAAA"}
+{"version":3,"file":"oauth-hooks.d.ts","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACnC,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AAC1D,OAAO,EACL,gBAAgB,EAChB,yBAAyB,EACzB,mCAAmC,EACnC,mBAAmB,EACnB,kBAAkB,EAClB,cAAc,EACf,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACX,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAA;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAA;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAA;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,EACL,oBAAoB,EACpB,cAAc,EACd,oBAAoB,EACrB,MAAM,mBAAmB,CAAA;AAC1B,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AACnD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAGrD,OAAO,EACL,iBAAiB,EACjB,KAAK,kBAAkB,EACvB,KAAK,OAAO,EACZ,kBAAkB,EAClB,KAAK,SAAS,EACd,MAAM,EACN,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,mBAAmB,EACnB,KAAK,IAAI,EACT,KAAK,gBAAgB,EACrB,KAAK,yBAAyB,EAC9B,KAAK,mCAAmC,EACxC,KAAK,mBAAmB,EACxB,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,yBAAyB,EAC9B,KAAK,yBAAyB,EAC9B,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,WAAW,GACjB,CAAA;AAED,MAAM,MAAM,UAAU,GAAG;IACvB;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,CACd,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE;QAAE,QAAQ,EAAE,mBAAmB,CAAC;QAAC,IAAI,CAAC,EAAE,IAAI,CAAA;KAAE,KACjD,SAAS,CAAC,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAA;IAE/C;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,KAAK,EAAE,WAAW,CAAA;QAClB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,MAAM,EAAE,oBAAoB,CAAA;QAC5B,MAAM,EAAE,oBAAoB,CAAA;KAC7B,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE;QAChC,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;OAGG;IACH,wBAAwB,CAAC,EAAE,CAAC,IAAI,EAAE;QAChC,KAAK,EAAE,yBAAyB,CAAA;QAChC,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;KACjB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB,eAAe,CAAC,EAAE,CAAC,IAAI,EAAE;QACvB,IAAI,EAAE,UAAU,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE;QAClB,IAAI,EAAE,UAAU,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;KAChC,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,CAAC,IAAI,EAAE;QAC9B,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,IAAI,GAAG,UAAU,CAAA;QAC7B,UAAU,EAAE,QAAQ,CAAC,mCAAmC,CAAC,CAAA;KAC1D,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;;;;;;OAUG;IACH,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE;QACpB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,QAAQ,EAAE,QAAQ,CAAA;QAClB,cAAc,EAAE,eAAe,CAAA;QAC/B,SAAS,EAAE,SAAS,CAAA;KACrB,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE;QACrB,MAAM,EAAE,MAAM,CAAA;QACd,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;QAC/C,MAAM,EAAE,WAAW,CAAA;KACpB,KAAK,SAAS,CAAC,IAAI,GAAG,OAAO,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC,CAAA;IAE1D;;;;;;;;;;;OAWG;IACH,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE;QACrB,SAAS,EAAE,cAAc,CAAA;QACzB,KAAK,EAAE,gBAAgB,CAAA;QACvB,OAAO,EAAE,kBAAkB,CAAA;QAC3B,SAAS,EAAE,IAAI,GAAG,SAAS,CAAA;KAC5B,KAAK,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAA;IAExC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE;QACtB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;KAChD,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;IAErB;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE;QACxB,MAAM,EAAE,MAAM,CAAA;QACd,UAAU,EAAE,UAAU,CAAA;QACtB,cAAc,EAAE,eAAe,CAAA;QAC/B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,mCAAmC,CAAA;KAChD,KAAK,SAAS,CAAC,IAAI,CAAC,CAAA;CACtB,CAAA"}

package/dist/oauth-hooks.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-hooks.js","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":";;;AAoBA,kDAA2C;AAyBzC,uFAzBO,kBAAM,OAyBP;AAtBR,4EAAmE;AAiBjE,kGAjBO,0CAAiB,OAiBP;AAhBnB,4EAAoE;AAmBlE,mGAnBO,2CAAkB,OAmBP;AAlBpB,gFAAuE;AA6BrE,oGA7BO,8CAAmB,OA6BP;AA5BrB,4DAAoD;AAkClD,2FAlCO,2BAAU,OAkCP"}
+{"version":3,"file":"oauth-hooks.js","sourceRoot":"","sources":["../src/oauth-hooks.ts"],"names":[],"mappings":";;;AAoBA,kDAA2C;AAyBzC,uFAzBO,kBAAM,OAyBP;AAtBR,4EAAmE;AAiBjE,kGAjBO,0CAAiB,OAiBP;AAhBnB,4EAAoE;AAmBlE,mGAnBO,2CAAkB,OAmBP;AAlBpB,gFAAuE;AA6BrE,oGA7BO,8CAAmB,OA6BP;AA5BrB,4DAAoD;AAkClD,2FAlCO,2BAAU,OAkCP","sourcesContent":["import { Jwks } from '@atproto/jwk'\nimport type { Account } from '@atproto/oauth-provider-api'\nimport {\n  OAuthAccessToken,\n  OAuthAuthorizationDetails,\n  OAuthAuthorizationRequestParameters,\n  OAuthClientMetadata,\n  OAuthTokenResponse,\n  OAuthTokenType,\n} from '@atproto/oauth-types'\nimport {\n  ResetPasswordConfirmInput,\n  ResetPasswordRequestInput,\n  SignUpData,\n} from './account/account-store.js'\nimport { SignInData } from './account/sign-in-data.js'\nimport { SignUpInput } from './account/sign-up-input.js'\nimport { ClientAuth } from './client/client-auth.js'\nimport { ClientId } from './client/client-id.js'\nimport { ClientInfo } from './client/client-info.js'\nimport { Client } from './client/client.js'\nimport { DeviceId } from './device/device-id.js'\nimport { DpopProof } from './dpop/dpop-proof.js'\nimport { AccessDeniedError } from './errors/access-denied-error.js'\nimport { AuthorizationError } from './errors/authorization-error.js'\nimport { InvalidRequestError } from './errors/invalid-request-error.js'\nimport { OAuthError } from './errors/oauth-error.js'\nimport {\n  HcaptchaClientTokens,\n  HcaptchaConfig,\n  HcaptchaVerifyResult,\n} from './lib/hcaptcha.js'\nimport { RequestMetadata } from './lib/http/request.js'\nimport { Awaitable, OmitKey } from './lib/util/type.js'\nimport { RequestId } from './request/request-id.js'\nimport { AccessTokenPayload } from './signer/access-token-payload.js'\nimport { TokenClaims } from './token/token-claims.js'\n\n// Make sure all types needed to implement the OAuthHooks are exported\nexport {\n  AccessDeniedError,\n  type AccessTokenPayload,\n  type Account,\n  AuthorizationError,\n  type Awaitable,\n  Client,\n  type ClientAuth,\n  type ClientId,\n  type ClientInfo,\n  type DeviceId,\n  type DpopProof,\n  type HcaptchaClientTokens,\n  type HcaptchaConfig,\n  type HcaptchaVerifyResult,\n  InvalidRequestError,\n  type Jwks,\n  type OAuthAccessToken,\n  type OAuthAuthorizationDetails,\n  type OAuthAuthorizationRequestParameters,\n  type OAuthClientMetadata,\n  OAuthError,\n  type OAuthTokenResponse,\n  type OAuthTokenType,\n  type RequestMetadata,\n  type ResetPasswordConfirmInput,\n  type ResetPasswordRequestInput,\n  type SignInData,\n  type SignUpData,\n  type SignUpInput,\n  type TokenClaims,\n}\n\nexport type OAuthHooks = {\n  /**\n   * Use this to alter, override or validate the client metadata & jwks returned\n   * by the client store.\n   *\n   * @throws {InvalidClientMetadataError} if the metadata is invalid\n   * @see {@link InvalidClientMetadataError}\n   */\n  getClientInfo?: (\n    clientId: ClientId,\n    data: { metadata: OAuthClientMetadata; jwks?: Jwks },\n  ) => Awaitable<undefined | Partial<ClientInfo>>\n\n  /**\n   * This hook is called when a user attempts to sign up, after every validation\n   * has passed (including hcaptcha).\n   */\n  onSignUpAttempt?: (data: {\n    input: SignUpInput\n    deviceId: DeviceId\n    deviceMetadata: RequestMetadata\n  }) => Awaitable<void>\n\n  /**\n   * This hook is called when a user attempts to sign up, after the hcaptcha\n   * `/siteverify` request has been made (and before the result is validated).\n   */\n  onHcaptchaResult?: (data: {\n    input: SignUpInput\n    deviceId: DeviceId\n    deviceMetadata: RequestMetadata\n    tokens: HcaptchaClientTokens\n    result: HcaptchaVerifyResult\n  }) => Awaitable<void>\n\n  /**\n   * This hook is called when a user requests a password reset, before the\n   * reset password request is triggered on the account store.\n   */\n  onResetPasswordRequest?: (data: {\n    input: ResetPasswordRequestInput\n    deviceId: DeviceId\n    deviceMetadata: RequestMetadata\n  }) => Awaitable<void>\n\n  /**\n   * This hook is called when a user requests a password reset, before the\n   * reset password request is triggered on the account store.\n   */\n  onResetPasswordRequested?: (data: {\n    input: ResetPasswordRequestInput\n    deviceId: DeviceId\n    deviceMetadata: RequestMetadata\n    account: Account\n  }) => Awaitable<void>\n\n  /**\n   * This hook is called when a user confirms a password reset, before the\n   * password is actually reset on the account store.\n   */\n  onResetPasswordConfirm?: (data: {\n    input: ResetPasswordConfirmInput\n    deviceId: DeviceId\n    deviceMetadata: RequestMetadata\n  }) => Awaitable<void>\n\n  /**\n   * This hook is called after a user confirms a password reset, and the\n   * password was successfully reset on the account store.\n   */\n  onResetPasswordConfirmed?: (data: {\n    input: ResetPasswordConfirmInput\n    deviceId: DeviceId\n    deviceMetadata: RequestMetadata\n    account: Account\n  }) => Awaitable<void>\n\n  /**\n   * This hook is called when a user successfully signs up.\n   *\n   * @throws {AccessDeniedError} to deny the sign-up\n   */\n  onSignedUp?: (data: {\n    data: SignUpData\n    account: Account\n    deviceId: DeviceId\n    deviceMetadata: RequestMetadata\n  }) => Awaitable<void>\n\n  onSignInAttempt?: (data: {\n    data: SignInData\n    deviceId: DeviceId\n    deviceMetadata: RequestMetadata\n  }) => Awaitable<void>\n\n  /**\n   * This hook is called when a user successfully signs in.\n   *\n   * @throws {InvalidRequestError} when the sing-in should be denied\n   */\n  onSignedIn?: (data: {\n    data: SignInData\n    account: Account\n    deviceId: DeviceId\n    deviceMetadata: RequestMetadata\n  }) => Awaitable<void>\n\n  /**\n   * Allows validating an authorization request (typically the requested scopes)\n   * before it is created. Note that the validity against the client metadata is\n   * already enforced by the OAuth provider.\n   *\n   * @throws {AuthorizationError}\n   */\n  onAuthorizationRequest?: (data: {\n    client: Client\n    clientAuth: null | ClientAuth\n    parameters: Readonly<OAuthAuthorizationRequestParameters>\n  }) => Awaitable<void>\n\n  /**\n   * This hook is called when a client is authorized.\n   *\n   * @throws {AuthorizationError} to deny the authorization request and redirect\n   * the user to the client with an OAuth error (other errors will result in an\n   * internal server error being displayed to the user)\n   *\n   * @note We use `deviceMetadata` instead of `clientMetadata` to make it clear\n   * that this metadata is from the user device, which might be different from\n   * the client metadata (because the OAuth client could live in a backend).\n   */\n  onAuthorized?: (data: {\n    client: Client\n    account: Account\n    parameters: OAuthAuthorizationRequestParameters\n    deviceId: DeviceId\n    deviceMetadata: RequestMetadata\n    requestId: RequestId\n  }) => Awaitable<void>\n\n  /**\n   * This hook is called whenever a token is about to be created. You can use\n   * it to modify the token claims or perform additional validation.\n   *\n   * This hook should never throw an error.\n   */\n  onCreateToken?: (data: {\n    client: Client\n    account: Account\n    parameters: OAuthAuthorizationRequestParameters\n    claims: TokenClaims\n  }) => Awaitable<void | OmitKey<AccessTokenPayload, 'iss'>>\n\n  /**\n   * This hook is called whenever a token was just decoded, and basic validation\n   * was performed (signature, expiration, not-before).\n   *\n   * It can be used to modify the payload (e.g., to add custom claims), or to\n   * perform additional validation.\n   *\n   * This hook is called when authenticating requests through the\n   * `authenticateRequest()` method in `OAuthVerifier` and `OAuthProvider`.\n   *\n   * Any error thrown here will be propagated.\n   */\n  onDecodeToken?: (data: {\n    tokenType: OAuthTokenType\n    token: OAuthAccessToken\n    payload: AccessTokenPayload\n    dpopProof: null | DpopProof\n  }) => Promise<AccessTokenPayload | void>\n\n  /**\n   * This hook is called when an authorized client exchanges an authorization\n   * code for an access token.\n   *\n   * @throws {OAuthError} to cancel the token creation and revoke the session\n   */\n  onTokenCreated?: (data: {\n    client: Client\n    clientAuth: ClientAuth\n    clientMetadata: RequestMetadata\n    account: Account\n    parameters: OAuthAuthorizationRequestParameters\n  }) => Awaitable<void>\n\n  /**\n   * This hook is called when an authorized client refreshes an access token.\n   *\n   * @throws {OAuthError} to cancel the token refresh and revoke the session\n   */\n  onTokenRefreshed?: (data: {\n    client: Client\n    clientAuth: ClientAuth\n    clientMetadata: RequestMetadata\n    account: Account\n    parameters: OAuthAuthorizationRequestParameters\n  }) => Awaitable<void>\n}\n"]}

package/dist/oauth-middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-middleware.js","sourceRoot":"","sources":["../src/oauth-middleware.ts"],"names":[],"mappings":";;AAyBA,0CA2BC;AAnDD,4DAAwE;AAGxE,yDAA4D;AAC5D,kGAAwF;AACxF,gFAAuE;AACvE,8GAAoG;AACpG,oFAA2E;AAa3E;;;GAGG;AACH,SAAgB,eAAe,CAI7B,MAAqB,EACrB,EAAE,GAAG,OAAO,KAAkC,EAAE;IAEhD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,sDAAsD;IACtD,OAAO,CAAC,OAAO;QACb,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa;YACvC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACrB,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,IAAI,EAAE,GAAG,CAAC,CAAA;gBACnD,OAAO,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACtC,CAAC;YACH,CAAC,CAAC,OAAO,CAAA;IAEb,OAAO,IAAA,yBAAS,EACd,IAAA,kCAAkB,EAAC;QACjB,4BAAgB;QAChB,IAAA,kDAAqB,EAAC,MAAM,EAAE,OAAO,CAAC;QACtC,IAAA,8CAAmB,EAAC,MAAM,EAAE,OAAO,CAAC;QACpC,IAAA,2EAAiC,EAAC,MAAM,EAAE,OAAO,CAAC;QAClD,IAAA,+DAA2B,EAAC,MAAM,EAAE,OAAO,CAAC;KAC7C,CAAC,CACH,CAAA;AACH,CAAC"}
+{"version":3,"file":"oauth-middleware.js","sourceRoot":"","sources":["../src/oauth-middleware.ts"],"names":[],"mappings":";;AAyBA,0CA2BC;AAnDD,4DAAwE;AAGxE,yDAA4D;AAC5D,kGAAwF;AACxF,gFAAuE;AACvE,8GAAoG;AACpG,oFAA2E;AAa3E;;;GAGG;AACH,SAAgB,eAAe,CAI7B,MAAqB,EACrB,EAAE,GAAG,OAAO,KAAkC,EAAE;IAEhD,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAE3B,sDAAsD;IACtD,OAAO,CAAC,OAAO;QACb,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa;YACvC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACrB,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,IAAI,EAAE,GAAG,CAAC,CAAA;gBACnD,OAAO,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACtC,CAAC;YACH,CAAC,CAAC,OAAO,CAAA;IAEb,OAAO,IAAA,yBAAS,EACd,IAAA,kCAAkB,EAAC;QACjB,4BAAgB;QAChB,IAAA,kDAAqB,EAAC,MAAM,EAAE,OAAO,CAAC;QACtC,IAAA,8CAAmB,EAAC,MAAM,EAAE,OAAO,CAAC;QACpC,IAAA,2EAAiC,EAAC,MAAM,EAAE,OAAO,CAAC;QAClD,IAAA,+DAA2B,EAAC,MAAM,EAAE,OAAO,CAAC;KAC7C,CAAC,CACH,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { asHandler, combineMiddlewares } from './lib/http/middleware.js'\nimport { Handler } from './lib/http/types.js'\nimport { OAuthProvider } from './oauth-provider.js'\nimport { assetsMiddleware } from './router/assets/assets.js'\nimport { createAccountPageMiddleware } from './router/create-account-page-middleware.js'\nimport { createApiMiddleware } from './router/create-api-middleware.js'\nimport { createAuthorizationPageMiddleware } from './router/create-authorization-page-middleware.js'\nimport { createOAuthMiddleware } from './router/create-oauth-middleware.js'\nimport { ErrorHandler } from './router/error-handler.js'\nimport { MiddlewareOptions } from './router/middleware-options.js'\n\n// Export all the types exposed\nexport type {\n  ErrorHandler,\n  Handler,\n  IncomingMessage,\n  MiddlewareOptions,\n  ServerResponse,\n}\n\n/**\n * @returns An http request handler that can be used with node's http server\n * or as a middleware with express / connect.\n */\nexport function oauthMiddleware<\n  Req extends IncomingMessage = IncomingMessage,\n  Res extends ServerResponse = ServerResponse,\n>(\n  server: OAuthProvider,\n  { ...options }: MiddlewareOptions<Req, Res> = {},\n): Handler<void, Req, Res> {\n  const { onError } = options\n\n  // options is shallow cloned so it's fine to mutate it\n  options.onError =\n    process.env['NODE_ENV'] === 'development'\n      ? (req, res, err, msg) => {\n          console.error(`OAuthProvider error (${msg}):`, err)\n          return onError?.(req, res, err, msg)\n        }\n      : onError\n\n  return asHandler(\n    combineMiddlewares([\n      assetsMiddleware,\n      createOAuthMiddleware(server, options),\n      createApiMiddleware(server, options),\n      createAuthorizationPageMiddleware(server, options),\n      createAccountPageMiddleware(server, options),\n    ]),\n  )\n}\n"]}