@atproto/oauth-provider 0.16.4 → 0.17.0-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (321) hide show
  1. package/CHANGELOG.md +34 -0
  2. package/dist/access-token/access-token-mode.js +2 -5
  3. package/dist/access-token/access-token-mode.js.map +1 -1
  4. package/dist/account/account-manager.js +25 -33
  5. package/dist/account/account-manager.js.map +1 -1
  6. package/dist/account/account-store.js +11 -32
  7. package/dist/account/account-store.js.map +1 -1
  8. package/dist/account/sign-in-data.js +9 -12
  9. package/dist/account/sign-in-data.js.map +1 -1
  10. package/dist/account/sign-up-input.js +14 -17
  11. package/dist/account/sign-up-input.js.map +1 -1
  12. package/dist/client/client-auth.js +1 -2
  13. package/dist/client/client-data.js +1 -2
  14. package/dist/client/client-id.js +2 -5
  15. package/dist/client/client-id.js.map +1 -1
  16. package/dist/client/client-info.js +1 -2
  17. package/dist/client/client-manager.js +86 -97
  18. package/dist/client/client-manager.js.map +1 -1
  19. package/dist/client/client-store.js +7 -26
  20. package/dist/client/client-store.js.map +1 -1
  21. package/dist/client/client-utils.js +10 -14
  22. package/dist/client/client-utils.js.map +1 -1
  23. package/dist/client/client.js +43 -53
  24. package/dist/client/client.js.map +1 -1
  25. package/dist/constants.js +28 -31
  26. package/dist/constants.js.map +1 -1
  27. package/dist/customization/branding.js +8 -11
  28. package/dist/customization/branding.js.map +1 -1
  29. package/dist/customization/build-customization-css.js +8 -11
  30. package/dist/customization/build-customization-css.js.map +1 -1
  31. package/dist/customization/build-customization-data.js +1 -4
  32. package/dist/customization/build-customization-data.js.map +1 -1
  33. package/dist/customization/colors.js +11 -14
  34. package/dist/customization/colors.js.map +1 -1
  35. package/dist/customization/customization.js +8 -11
  36. package/dist/customization/customization.js.map +1 -1
  37. package/dist/customization/links.js +7 -10
  38. package/dist/customization/links.js.map +1 -1
  39. package/dist/device/device-data.js +7 -10
  40. package/dist/device/device-data.js.map +1 -1
  41. package/dist/device/device-id.js +11 -16
  42. package/dist/device/device-id.js.map +1 -1
  43. package/dist/device/device-manager.js +32 -38
  44. package/dist/device/device-manager.js.map +1 -1
  45. package/dist/device/device-store.js +7 -25
  46. package/dist/device/device-store.js.map +1 -1
  47. package/dist/device/session-id.js +9 -13
  48. package/dist/device/session-id.js.map +1 -1
  49. package/dist/dpop/dpop-manager.d.ts +3 -3
  50. package/dist/dpop/dpop-manager.js +38 -43
  51. package/dist/dpop/dpop-manager.js.map +1 -1
  52. package/dist/dpop/dpop-nonce.d.ts +2 -2
  53. package/dist/dpop/dpop-nonce.d.ts.map +1 -1
  54. package/dist/dpop/dpop-nonce.js +14 -18
  55. package/dist/dpop/dpop-nonce.js.map +1 -1
  56. package/dist/dpop/dpop-proof.js +1 -2
  57. package/dist/errors/access-denied-error.js +2 -6
  58. package/dist/errors/access-denied-error.js.map +1 -1
  59. package/dist/errors/account-selection-required-error.js +2 -6
  60. package/dist/errors/account-selection-required-error.js.map +1 -1
  61. package/dist/errors/authorization-error.js +7 -12
  62. package/dist/errors/authorization-error.js.map +1 -1
  63. package/dist/errors/consent-required-error.js +2 -6
  64. package/dist/errors/consent-required-error.js.map +1 -1
  65. package/dist/errors/error-parser.js +14 -18
  66. package/dist/errors/error-parser.js.map +1 -1
  67. package/dist/errors/handle-unavailable-error.js +2 -7
  68. package/dist/errors/handle-unavailable-error.js.map +1 -1
  69. package/dist/errors/invalid-authorization-details-error.js +2 -6
  70. package/dist/errors/invalid-authorization-details-error.js.map +1 -1
  71. package/dist/errors/invalid-client-error.js +2 -6
  72. package/dist/errors/invalid-client-error.js.map +1 -1
  73. package/dist/errors/invalid-client-id-error.js +2 -6
  74. package/dist/errors/invalid-client-id-error.js.map +1 -1
  75. package/dist/errors/invalid-client-metadata-error.js +7 -11
  76. package/dist/errors/invalid-client-metadata-error.js.map +1 -1
  77. package/dist/errors/invalid-credentials-error.js +2 -7
  78. package/dist/errors/invalid-credentials-error.js.map +1 -1
  79. package/dist/errors/invalid-dpop-key-binding-error.js +2 -6
  80. package/dist/errors/invalid-dpop-key-binding-error.js.map +1 -1
  81. package/dist/errors/invalid-dpop-proof-error.js +2 -6
  82. package/dist/errors/invalid-dpop-proof-error.js.map +1 -1
  83. package/dist/errors/invalid-grant-error.js +2 -6
  84. package/dist/errors/invalid-grant-error.js.map +1 -1
  85. package/dist/errors/invalid-invite-code-error.d.ts +1 -1
  86. package/dist/errors/invalid-invite-code-error.d.ts.map +1 -1
  87. package/dist/errors/invalid-invite-code-error.js +2 -6
  88. package/dist/errors/invalid-invite-code-error.js.map +1 -1
  89. package/dist/errors/invalid-redirect-uri-error.js +2 -6
  90. package/dist/errors/invalid-redirect-uri-error.js.map +1 -1
  91. package/dist/errors/invalid-request-error.js +3 -7
  92. package/dist/errors/invalid-request-error.js.map +1 -1
  93. package/dist/errors/invalid-scope-error.js +2 -6
  94. package/dist/errors/invalid-scope-error.js.map +1 -1
  95. package/dist/errors/invalid-token-error.js +10 -15
  96. package/dist/errors/invalid-token-error.js.map +1 -1
  97. package/dist/errors/login-required-error.js +2 -6
  98. package/dist/errors/login-required-error.js.map +1 -1
  99. package/dist/errors/oauth-error.js +1 -9
  100. package/dist/errors/oauth-error.js.map +1 -1
  101. package/dist/errors/second-authentication-factor-required-error.js +2 -8
  102. package/dist/errors/second-authentication-factor-required-error.js.map +1 -1
  103. package/dist/errors/unauthorized-client-error.js +2 -6
  104. package/dist/errors/unauthorized-client-error.js.map +1 -1
  105. package/dist/errors/use-dpop-nonce-error.js +4 -8
  106. package/dist/errors/use-dpop-nonce-error.js.map +1 -1
  107. package/dist/errors/www-authenticate-error.js +4 -9
  108. package/dist/errors/www-authenticate-error.js.map +1 -1
  109. package/dist/index.js +14 -30
  110. package/dist/index.js.map +1 -1
  111. package/dist/lexicon/lexicon-data.js +1 -2
  112. package/dist/lexicon/lexicon-getter.js +6 -10
  113. package/dist/lexicon/lexicon-getter.js.map +1 -1
  114. package/dist/lexicon/lexicon-manager.js +10 -30
  115. package/dist/lexicon/lexicon-manager.js.map +1 -1
  116. package/dist/lexicon/lexicon-store.js +5 -10
  117. package/dist/lexicon/lexicon-store.js.map +1 -1
  118. package/dist/lib/csp/index.js +3 -8
  119. package/dist/lib/csp/index.js.map +1 -1
  120. package/dist/lib/hcaptcha.js +33 -43
  121. package/dist/lib/hcaptcha.js.map +1 -1
  122. package/dist/lib/html/build-document.js +19 -24
  123. package/dist/lib/html/build-document.js.map +1 -1
  124. package/dist/lib/html/escapers.js +10 -16
  125. package/dist/lib/html/escapers.js.map +1 -1
  126. package/dist/lib/html/html.js +1 -5
  127. package/dist/lib/html/html.js.map +1 -1
  128. package/dist/lib/html/hydration-data.js +6 -10
  129. package/dist/lib/html/hydration-data.js.map +1 -1
  130. package/dist/lib/html/index.js +3 -19
  131. package/dist/lib/html/index.js.map +1 -1
  132. package/dist/lib/html/tags.js +14 -23
  133. package/dist/lib/html/tags.js.map +1 -1
  134. package/dist/lib/html/util.js +1 -4
  135. package/dist/lib/html/util.js.map +1 -1
  136. package/dist/lib/http/accept.d.ts.map +1 -1
  137. package/dist/lib/http/accept.js +8 -8
  138. package/dist/lib/http/accept.js.map +1 -1
  139. package/dist/lib/http/context.js +1 -4
  140. package/dist/lib/http/context.js.map +1 -1
  141. package/dist/lib/http/headers.js +1 -4
  142. package/dist/lib/http/headers.js.map +1 -1
  143. package/dist/lib/http/index.js +10 -26
  144. package/dist/lib/http/index.js.map +1 -1
  145. package/dist/lib/http/method.js +1 -4
  146. package/dist/lib/http/method.js.map +1 -1
  147. package/dist/lib/http/middleware.js +11 -17
  148. package/dist/lib/http/middleware.js.map +1 -1
  149. package/dist/lib/http/parser.js +13 -20
  150. package/dist/lib/http/parser.js.map +1 -1
  151. package/dist/lib/http/path.js +1 -4
  152. package/dist/lib/http/path.js.map +1 -1
  153. package/dist/lib/http/request.d.ts.map +1 -1
  154. package/dist/lib/http/request.js +32 -47
  155. package/dist/lib/http/request.js.map +1 -1
  156. package/dist/lib/http/response.js +14 -27
  157. package/dist/lib/http/response.js.map +1 -1
  158. package/dist/lib/http/route.js +9 -12
  159. package/dist/lib/http/route.js.map +1 -1
  160. package/dist/lib/http/router.js +8 -13
  161. package/dist/lib/http/router.js.map +1 -1
  162. package/dist/lib/http/security-headers.js +10 -15
  163. package/dist/lib/http/security-headers.js.map +1 -1
  164. package/dist/lib/http/stream.js +12 -20
  165. package/dist/lib/http/stream.js.map +1 -1
  166. package/dist/lib/http/types.js +1 -2
  167. package/dist/lib/http/url.js +1 -4
  168. package/dist/lib/http/url.js.map +1 -1
  169. package/dist/lib/nsid.js +4 -8
  170. package/dist/lib/nsid.js.map +1 -1
  171. package/dist/lib/redis.js +4 -7
  172. package/dist/lib/redis.js.map +1 -1
  173. package/dist/lib/util/authorization-header.js +11 -15
  174. package/dist/lib/util/authorization-header.js.map +1 -1
  175. package/dist/lib/util/cast.js +3 -8
  176. package/dist/lib/util/cast.js.map +1 -1
  177. package/dist/lib/util/color.js +23 -32
  178. package/dist/lib/util/color.js.map +1 -1
  179. package/dist/lib/util/crypto.js +5 -10
  180. package/dist/lib/util/crypto.js.map +1 -1
  181. package/dist/lib/util/date.js +2 -6
  182. package/dist/lib/util/date.js.map +1 -1
  183. package/dist/lib/util/error.js +5 -8
  184. package/dist/lib/util/error.js.map +1 -1
  185. package/dist/lib/util/function.js +3 -8
  186. package/dist/lib/util/function.js.map +1 -1
  187. package/dist/lib/util/locale.js +3 -6
  188. package/dist/lib/util/locale.js.map +1 -1
  189. package/dist/lib/util/object.js +1 -4
  190. package/dist/lib/util/object.js.map +1 -1
  191. package/dist/lib/util/redirect-uri.js +3 -6
  192. package/dist/lib/util/redirect-uri.js.map +1 -1
  193. package/dist/lib/util/time.js +5 -9
  194. package/dist/lib/util/time.js.map +1 -1
  195. package/dist/lib/util/type.d.ts.map +1 -1
  196. package/dist/lib/util/type.js +1 -5
  197. package/dist/lib/util/type.js.map +1 -1
  198. package/dist/lib/util/ui8.js +3 -8
  199. package/dist/lib/util/ui8.js.map +1 -1
  200. package/dist/lib/util/well-known.js +1 -4
  201. package/dist/lib/util/well-known.js.map +1 -1
  202. package/dist/lib/util/zod-error.js +4 -8
  203. package/dist/lib/util/zod-error.js.map +1 -1
  204. package/dist/lib/write-form-redirect.js +9 -12
  205. package/dist/lib/write-form-redirect.js.map +1 -1
  206. package/dist/lib/write-html.js +12 -15
  207. package/dist/lib/write-html.js.map +1 -1
  208. package/dist/metadata/build-metadata.js +9 -12
  209. package/dist/metadata/build-metadata.js.map +1 -1
  210. package/dist/oauth-client.js +2 -18
  211. package/dist/oauth-client.js.map +1 -1
  212. package/dist/oauth-dpop.js +2 -18
  213. package/dist/oauth-dpop.js.map +1 -1
  214. package/dist/oauth-errors.js +24 -42
  215. package/dist/oauth-errors.js.map +1 -1
  216. package/dist/oauth-hooks.js +8 -15
  217. package/dist/oauth-hooks.js.map +1 -1
  218. package/dist/oauth-middleware.js +13 -16
  219. package/dist/oauth-middleware.js.map +1 -1
  220. package/dist/oauth-provider.js +108 -125
  221. package/dist/oauth-provider.js.map +1 -1
  222. package/dist/oauth-store.js +7 -23
  223. package/dist/oauth-store.js.map +1 -1
  224. package/dist/oauth-verifier.js +41 -53
  225. package/dist/oauth-verifier.js.map +1 -1
  226. package/dist/oidc/sub.js +2 -5
  227. package/dist/oidc/sub.js.map +1 -1
  228. package/dist/replay/replay-manager.js +6 -11
  229. package/dist/replay/replay-manager.js.map +1 -1
  230. package/dist/replay/replay-store-memory.js +5 -7
  231. package/dist/replay/replay-store-memory.js.map +1 -1
  232. package/dist/replay/replay-store-redis.js +3 -8
  233. package/dist/replay/replay-store-redis.js.map +1 -1
  234. package/dist/replay/replay-store.js +3 -8
  235. package/dist/replay/replay-store.js.map +1 -1
  236. package/dist/request/code.js +10 -15
  237. package/dist/request/code.js.map +1 -1
  238. package/dist/request/request-data.js +1 -5
  239. package/dist/request/request-data.js.map +1 -1
  240. package/dist/request/request-id.js +9 -13
  241. package/dist/request/request-id.js.map +1 -1
  242. package/dist/request/request-manager.js +61 -71
  243. package/dist/request/request-manager.js.map +1 -1
  244. package/dist/request/request-store.js +9 -27
  245. package/dist/request/request-store.js.map +1 -1
  246. package/dist/request/request-uri.js +17 -23
  247. package/dist/request/request-uri.js.map +1 -1
  248. package/dist/result/authorization-redirect-parameters.js +1 -2
  249. package/dist/result/authorization-result-authorize-page.js +1 -2
  250. package/dist/result/authorization-result-redirect.js +1 -2
  251. package/dist/router/assets/assets-manifest.d.ts.map +1 -1
  252. package/dist/router/assets/assets-manifest.js +14 -15
  253. package/dist/router/assets/assets-manifest.js.map +1 -1
  254. package/dist/router/assets/assets.d.ts.map +1 -1
  255. package/dist/router/assets/assets.js +25 -27
  256. package/dist/router/assets/assets.js.map +1 -1
  257. package/dist/router/assets/csrf.js +16 -25
  258. package/dist/router/assets/csrf.js.map +1 -1
  259. package/dist/router/assets/send-account-page.js +3 -6
  260. package/dist/router/assets/send-account-page.js.map +1 -1
  261. package/dist/router/assets/send-authorization-page.js +3 -6
  262. package/dist/router/assets/send-authorization-page.js.map +1 -1
  263. package/dist/router/assets/send-cookie-error-page.js +3 -6
  264. package/dist/router/assets/send-cookie-error-page.js.map +1 -1
  265. package/dist/router/assets/send-error-page.js +6 -9
  266. package/dist/router/assets/send-error-page.js.map +1 -1
  267. package/dist/router/assets/send-redirect.js +12 -20
  268. package/dist/router/assets/send-redirect.js.map +1 -1
  269. package/dist/router/create-account-page-middleware.js +11 -14
  270. package/dist/router/create-account-page-middleware.js.map +1 -1
  271. package/dist/router/create-api-middleware.js +83 -90
  272. package/dist/router/create-api-middleware.js.map +1 -1
  273. package/dist/router/create-authorization-page-middleware.js +43 -46
  274. package/dist/router/create-authorization-page-middleware.js.map +1 -1
  275. package/dist/router/create-oauth-middleware.js +31 -34
  276. package/dist/router/create-oauth-middleware.js.map +1 -1
  277. package/dist/router/error-handler.js +1 -2
  278. package/dist/router/middleware-options.js +1 -2
  279. package/dist/signer/access-token-payload.js +12 -15
  280. package/dist/signer/access-token-payload.js.map +1 -1
  281. package/dist/signer/api-token-payload.js +8 -11
  282. package/dist/signer/api-token-payload.js.map +1 -1
  283. package/dist/signer/signer.js +11 -17
  284. package/dist/signer/signer.js.map +1 -1
  285. package/dist/token/refresh-token.js +10 -15
  286. package/dist/token/refresh-token.js.map +1 -1
  287. package/dist/token/token-claims.js +1 -2
  288. package/dist/token/token-data.js +1 -2
  289. package/dist/token/token-id.js +10 -15
  290. package/dist/token/token-id.js.map +1 -1
  291. package/dist/token/token-manager.js +40 -51
  292. package/dist/token/token-manager.js.map +1 -1
  293. package/dist/token/token-store.js +7 -25
  294. package/dist/token/token-store.js.map +1 -1
  295. package/dist/types/authorization-response-error.js +8 -12
  296. package/dist/types/authorization-response-error.js.map +1 -1
  297. package/dist/types/color-hue.js +2 -5
  298. package/dist/types/color-hue.js.map +1 -1
  299. package/dist/types/email-otp.js +2 -5
  300. package/dist/types/email-otp.js.map +1 -1
  301. package/dist/types/email.js +6 -9
  302. package/dist/types/email.js.map +1 -1
  303. package/dist/types/handle.js +6 -9
  304. package/dist/types/handle.js.map +1 -1
  305. package/dist/types/invite-code.js +2 -5
  306. package/dist/types/invite-code.js.map +1 -1
  307. package/dist/types/par-response-error.js +5 -9
  308. package/dist/types/par-response-error.js.map +1 -1
  309. package/dist/types/password.js +3 -6
  310. package/dist/types/password.js.map +1 -1
  311. package/dist/types/rgb-color.js +7 -10
  312. package/dist/types/rgb-color.js.map +1 -1
  313. package/package.json +20 -22
  314. package/src/dpop/dpop-nonce.ts +1 -1
  315. package/src/errors/invalid-invite-code-error.ts +1 -1
  316. package/src/lib/http/accept.ts +4 -1
  317. package/src/lib/http/request.ts +4 -1
  318. package/src/lib/util/type.ts +0 -1
  319. package/src/router/assets/assets-manifest.ts +3 -1
  320. package/src/router/assets/assets.ts +2 -0
  321. package/tsconfig.build.tsbuildinfo +1 -1
package/dist/client/client.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client/client.ts"],"names":[],"mappings":";;;AAiYA,8CAQC;AAzYD,+BAgBa;AAEb,sDAM6B;AAC7B,kDAAuE;AACvE,6EAAqE;AACrE,6GAAmG;AACnG,+EAAsE;AACtE,iGAAuF;AACvF,iFAAwE;AACxE,6EAAoE;AACpE,iDAA6C;AAC7C,iEAAgE;AAMhE,MAAM,EAAE,SAAS,EAAE,GAAG,aAAM,CAAA;AAE5B,MAAa,MAAM;IAWC;IACA;IACA;IACA;IAblB;;OAEG;IACH,MAAM,CAAU,sBAAsB,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAU,CAAA;IAE5D,SAAS,CAEU;IAEpC,YACkB,EAAY,EACZ,QAA6B,EAC7B,OAAyB,QAAQ,CAAC,IAAI,EACtC,IAAgB;QAHhB,OAAE,GAAF,EAAE,CAAU;QACZ,aAAQ,GAAR,QAAQ,CAAqB;QAC7B,SAAI,GAAJ,IAAI,CAAkC;QACtC,SAAI,GAAJ,IAAI,CAAY;QAEhC,2EAA2E;QAC3E,IAAI,CAAC,SAAS;YACZ,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBACxB,CAAC,CAAC,IAAA,wBAAiB,EAAC,IAAI,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;gBACzC,CAAC,CAAC,IAAA,yBAAkB,EAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAC9B,GAA4B,EAC5B,QAAgB;QAEhB,oEAAoE;QACpE,0EAA0E;QAC1E,0EAA0E;QAC1E,yEAAyE;QACzE,wEAAwE;QACxE,mCAAmC;QACnC,IAAI,CAAC;YACH,yEAAyE;YACzE,6CAA6C;YAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,0BAA0B,KAAK,MAAM,EAAE,CAAC;gBACxD,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE;oBACxC,QAAQ;oBACR,WAAW,EAAE,0BAAW,GAAG,GAAG;oBAC9B,oBAAoB,EAAE,IAAI;oBAC1B,kBAAkB,EAAE,IAAI;iBACzB,CAAC,CAAA;YACJ,CAAC;YAED,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;gBAC/B,QAAQ;gBACR,WAAW,EAAE,0BAAW,GAAG,GAAG;gBAC9B,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,0BAA0B;oBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAC;oBAC5C,CAAC,CAAC,8EAA8E;wBAC9E,EAAE;wBACF,uEAAuE;wBACvE,4BAA4B;wBAC5B,SAAS;aACd,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,SAAS;gBACtB,CAAC,CAAC,6BAA6B,GAAG,CAAC,OAAO,EAAE;gBAC5C,CAAC,CAAC,0BAA0B,CAAA;YAEhC,MAAM,IAAI,8CAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;IAES,KAAK,CAAC,kBAAkB,CAChC,KAAa,EACb,EACE,QAAQ,EACR,oBAAoB,GAAG,KAAK,EAC5B,kBAAkB,GAAG,KAAK,EAC1B,GAAG,OAAO,KAIR,EAAE;QAEN,wEAAwE;QACxE,yEAAyE;QACzE,WAAW;QAEX,MAAM,MAAM,GAAG,mBAAY,CAAC,MAAM,CAAc,KAAK,EAAE,OAAO,CAAC,CAAA;QAE/D,IAAI,CAAC,kBAAkB,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YACtD,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;gBACnC,MAAM,IAAI,SAAS,CAAC,wBAAwB,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAA;YACpE,CAAC;QACH,CAAC;QAED,IAAI,CAAC,oBAAoB,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YACxD,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,UAAU,GAAG,IAAA,iBAAO,EAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAC9C,IAAI,CAAC,IAAA,iBAAO,EAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;oBAC/D,MAAM,IAAI,SAAS,CAAC,wBAAwB,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAA;gBACpE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAES,KAAK,CAAC,SAAS,CACvB,KAAa,EACb,OAA0C;QAE1C,OAAO,IAAA,gBAAS,EAAc,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;YACnD,GAAG,OAAO;YACV,MAAM,EAAE,IAAI,CAAC,EAAE;SAChB,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,YAAY,CACvB,KAA6B,EAC7B,MAEC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAA;QAEvD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;QAC3B,CAAC;QAED,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;YACjC,IAAI,CAAC,CAAC,kBAAkB,IAAI,KAAK,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,8CAAmB,CAC3B,iCAAiC,MAAM,iCAAiC,CACzE,CAAA;YACH,CAAC;YAED,IAAI,KAAK,CAAC,qBAAqB,KAAK,8CAAgC,EAAE,CAAC;gBACrE,wDAAwD;gBAExD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAGhC,KAAK,CAAC,gBAAgB,EAAE;oBACzB,oEAAoE;oBACpE,6DAA6D;oBAC7D,EAAE;oBACF,iDAAiD;oBAEjD,oEAAoE;oBACpE,sEAAsE;oBACtE,oEAAoE;oBACpE,oDAAoD;oBACpD,OAAO,EAAE,IAAI,CAAC,EAAE;oBAEhB,mEAAmE;oBACnE,qEAAqE;oBACrE,oEAAoE;oBACpE,mEAAmE;oBACnE,gEAAgE;oBAChE,QAAQ,EAAE,MAAM,CAAC,6BAA6B;oBAE9C,cAAc,EAAE;wBACd,kEAAkE;wBAClE,gEAAgE;wBAChE,EAAE;wBACF,gEAAgE;wBAChE,mEAAmE;wBACnE,wDAAwD;wBACxD,mEAAmE;wBACnE,+CAA+C;wBAE/C,SAAS;wBAET,kEAAkE;wBAClE,iEAAiE;wBACjE,oEAAoE;wBACpE,iEAAiE;wBACjE,mEAAmE;wBACnE,gBAAgB;wBAChB,KAAK;qBACN;oBAED,4DAA4D;oBAC5D,8DAA8D;oBAC9D,gCAAgC;oBAChC,EAAE;oBACF,mCAAmC;oBAEnC,sEAAsE;oBACtE,4DAA4D;oBAC5D,sEAAsE;oBACtE,6CAA6C;oBAC7C,WAAW,EAAE,uCAAwB,GAAG,IAAI;iBAC7C,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACf,MAAM,GAAG,GACP,GAAG,YAAY,SAAS;wBACtB,CAAC,CAAC,4CAA4C,GAAG,CAAC,OAAO,EAAE;wBAC3D,CAAC,CAAC,yCAAyC,CAAA;oBAE/C,MAAM,IAAI,4CAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBACxC,CAAC,CAAC,CAAA;gBAEF,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC;oBAChC,MAAM,IAAI,4CAAkB,CAAC,oCAAoC,CAAC,CAAA;gBACpE,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,iBAAiB;oBACzB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG;oBACvB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG;oBACvB,GAAG,EAAE,MAAM,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC;oBACxC,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;oBAC/B,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;iBAChC,CAAA;YACH,CAAC;YAED,MAAM,IAAI,4CAAkB,CAC1B,sCAAsC,KAAK,CAAC,qBAAqB,GAAG,CACrE,CAAA;QACH,CAAC;QAED,wEAAwE;QACxE,4CAA4C;QAC5C,IAAI,MAAM,CAAC,sBAAsB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,+CAA+C;gBAC7C,MAAM,CAAC,sBAAsB;aAC9B,EAAE,CACJ,CAAA;QACH,CAAC;QAED,MAAM,IAAI,6DAA0B,CAClC,2CAA2C,MAAM,GAAG,CACrD,CAAA;IACH,CAAC;IAED;;OAEG;IACI,eAAe,CACpB,UAAyD;QAEzD,IAAI,UAAU,CAAC,SAAS,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,0FAA0F,CAC3F,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACnC,qEAAqE;YACrE,YAAY;YACZ,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;YAEtD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,+CAA+C,CAChD,CAAA;YACH,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,0CAAiB,CACzB,UAAU,EACV,UAAU,KAAK,0CAA0C,CAC1D,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,0BAA0B,UAAU,CAAC,aAAa,2BAA2B,CAC9E,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9D,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,uEAAuE,CACxE,CAAA;YACH,CAAC;QACH,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,GAAG,UAAU,CAAA;QACnC,IAAI,YAAY,EAAE,CAAC;YACjB,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACxC,IAAA,oCAAkB,EAAC,GAAG,EAAE,YAAY,CAAC,CACtC,EACD,CAAC;gBACD,MAAM,IAAI,2CAAkB,CAC1B,UAAU,EACV,wBAAwB,YAAY,EAAE,CACvC,CAAA;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,kBAAkB,EAAE,GAAG,IAAI,CAAA;YACnC,IAAI,kBAAkB,EAAE,CAAC;gBACvB,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAA;YAClE,CAAC;iBAAM,CAAC;gBACN,uFAAuF;gBACvF,EAAE;gBACF,wEAAwE;gBACxE,4EAA4E;gBAC5E,YAAY;gBACZ,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;YACrC,MAAM,EAAE,2BAA2B,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAA;YACrD,IAAI,CAAC,2BAA2B,EAAE,CAAC;gBACjC,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,8DAA8D,CAC/D,CAAA;YACH,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACtD,IAAI,CAAC,2BAA2B,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,MAAM,IAAI,yEAAgC,CACxC,UAAU,EACV,yEAAyE,MAAM,CAAC,IAAI,GAAG,CACxF,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,IAAI,kBAAkB;QACpB,MAAM,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAA;QACvC,OAAO,aAAa,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAClE,CAAC;;AArVH,wBAsVC;AAEM,KAAK,UAAU,iBAAiB,CACrC,GAAyB;IAEzB,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,6BAAsB,EAAC,MAAM,IAAA,gBAAS,EAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAA;IACrE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,4CAAkB,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAA;IACvE,CAAC;AACH,CAAC","sourcesContent":["import {\n JWTClaimVerificationOptions,\n type JWTHeaderParameters,\n type JWTPayload,\n type JWTVerifyOptions,\n type JWTVerifyResult,\n type KeyLike,\n type ResolvedKey,\n UnsecuredJWT,\n type UnsecuredResult,\n calculateJwkThumbprint,\n createLocalJWKSet,\n createRemoteJWKSet,\n errors,\n exportJWK,\n jwtVerify,\n} from 'jose'\nimport { Jwks, SignedJwt, UnsignedJwt } from '@atproto/jwk'\nimport {\n CLIENT_ASSERTION_TYPE_JWT_BEARER,\n OAuthAuthorizationRequestParameters,\n OAuthClientCredentials,\n OAuthClientMetadata,\n OAuthRedirectUri,\n} from '@atproto/oauth-types'\nimport { CLIENT_ASSERTION_MAX_AGE, JAR_MAX_AGE } from '../constants.js'\nimport { AuthorizationError } from '../errors/authorization-error.js'\nimport { InvalidAuthorizationDetailsError } from '../errors/invalid-authorization-details-error.js'\nimport { InvalidClientError } from '../errors/invalid-client-error.js'\nimport { InvalidClientMetadataError } from '../errors/invalid-client-metadata-error.js'\nimport { InvalidRequestError } from '../errors/invalid-request-error.js'\nimport { InvalidScopeError } from '../errors/invalid-scope-error.js'\nimport { asArray } from '../lib/util/cast.js'\nimport { compareRedirectUri } from '../lib/util/redirect-uri.js'\nimport { Awaitable } from '../lib/util/type.js'\nimport { ClientAuth } from './client-auth.js'\nimport { ClientId } from './client-id.js'\nimport { ClientInfo } from './client-info.js'\n\nconst { JOSEError } = errors\n\nexport class Client {\n /**\n * @see {@link https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method}\n */\n static readonly AUTH_METHODS_SUPPORTED = ['none', 'private_key_jwt'] as const\n\n private readonly keyGetter: (\n protectedHeader: JWTHeaderParameters,\n ) => Awaitable<KeyLike | Uint8Array>\n\n constructor(\n public readonly id: ClientId,\n public readonly metadata: OAuthClientMetadata,\n public readonly jwks: undefined | Jwks = metadata.jwks,\n public readonly info: ClientInfo,\n ) {\n // If the remote JWKS content is provided, we don't need to fetch it again.\n this.keyGetter =\n jwks || !metadata.jwks_uri\n ? createLocalJWKSet(jwks || { keys: [] })\n : createRemoteJWKSet(new URL(metadata.jwks_uri), {})\n }\n\n /**\n * @see {@link https://www.rfc-editor.org/rfc/rfc9101.html#name-request-object-2}\n */\n public async decodeRequestObject(\n jar: SignedJwt | UnsignedJwt,\n audience: string,\n ) {\n // https://www.rfc-editor.org/rfc/rfc9101.html#name-request-object-2\n // > If signed, the Authorization Request Object SHOULD contain the Claims\n // > iss (issuer) and aud (audience) as members with their semantics being\n // > the same as defined in the JWT [RFC7519] specification. The value of\n // > aud should be the value of the authorization server (AS) issuer, as\n // > defined in RFC 8414 [RFC8414].\n try {\n // We need to special case the \"none\" algorithm, as the validation method\n // is different for signed and unsigned JWTs.\n if (this.metadata.request_object_signing_alg === 'none') {\n return await this.jwtVerifyUnsecured(jar, {\n audience,\n maxTokenAge: JAR_MAX_AGE / 1e3,\n allowMissingAudience: true,\n allowMissingIssuer: true,\n })\n }\n\n return await this.jwtVerify(jar, {\n audience,\n maxTokenAge: JAR_MAX_AGE / 1e3,\n algorithms: this.metadata.request_object_signing_alg\n ? [this.metadata.request_object_signing_alg]\n : // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2\n //\n // > The default, if omitted, is that any algorithm supported by the OP\n // > and the RP MAY be used.\n undefined,\n })\n } catch (err) {\n const message =\n err instanceof JOSEError\n ? `Invalid \"request\" object: ${err.message}`\n : `Invalid \"request\" object`\n\n throw new InvalidRequestError(message, err)\n }\n }\n\n protected async jwtVerifyUnsecured<PayloadType = JWTPayload>(\n token: string,\n {\n audience,\n allowMissingAudience = false,\n allowMissingIssuer = false,\n ...options\n }: Omit<JWTClaimVerificationOptions, 'issuer'> & {\n allowMissingIssuer?: boolean\n allowMissingAudience?: boolean\n } = {},\n ): Promise<UnsecuredResult<PayloadType>> {\n // jose does not support `allowMissingAudience` and `allowMissingIssuer`\n // options, so we need to handle audience and issuer checks manually (see\n // bellow).\n\n const result = UnsecuredJWT.decode<PayloadType>(token, options)\n\n if (!allowMissingIssuer || result.payload.iss != null) {\n if (result.payload.iss !== this.id) {\n throw new JOSEError(`Invalid \"iss\" claim \"${result.payload.iss}\"`)\n }\n }\n\n if (!allowMissingAudience || result.payload.aud != null) {\n if (audience != null) {\n const payloadAud = asArray(result.payload.aud)\n if (!asArray(audience).some((aud) => payloadAud.includes(aud))) {\n throw new JOSEError(`Invalid \"aud\" claim \"${result.payload.aud}\"`)\n }\n }\n }\n\n return result\n }\n\n protected async jwtVerify<PayloadType = JWTPayload>(\n token: string,\n options?: Omit<JWTVerifyOptions, 'issuer'>,\n ): Promise<JWTVerifyResult<PayloadType> & ResolvedKey<KeyLike>> {\n return jwtVerify<PayloadType>(token, this.keyGetter, {\n ...options,\n issuer: this.id,\n })\n }\n\n /**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}\n * @see {@link https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method}\n */\n public async authenticate(\n input: OAuthClientCredentials,\n checks: {\n authorizationServerIdentifier: string\n },\n ): Promise<ClientAuth> {\n const method = this.metadata.token_endpoint_auth_method\n\n if (method === 'none') {\n return { method: 'none' }\n }\n\n if (method === 'private_key_jwt') {\n if (!('client_assertion' in input)) {\n throw new InvalidRequestError(\n `client authentication method \"${method}\" required a \"client_assertion\"`,\n )\n }\n\n if (input.client_assertion_type === CLIENT_ASSERTION_TYPE_JWT_BEARER) {\n // https://www.rfc-editor.org/rfc/rfc7523.html#section-3\n\n const result = await this.jwtVerify<{\n jti: string\n exp?: number\n }>(input.client_assertion, {\n // > 1. The JWT MUST contain an \"iss\" (issuer) claim that contains a\n // > unique identifier for the entity that issued the JWT.\n //\n // The \"issuer\" is already checked by jwtVerify()\n\n // > 2. The JWT MUST contain a \"sub\" (subject) claim identifying the\n // > principal that is the subject of the JWT. Two cases need to be\n // > differentiated: [...] For client authentication, the subject\n // > MUST be the \"client_id\" of the OAuth client.\n subject: this.id,\n\n // > 3. The JWT MUST contain an \"aud\" (audience) claim containing a\n // > value that identifies the authorization server as an intended\n // > audience. The token endpoint URL of the authorization server\n // > MAY be used as a value for an \"aud\" element to identify the\n // > authorization server as an intended audience of the JWT.\n audience: checks.authorizationServerIdentifier,\n\n requiredClaims: [\n // > 4. The JWT MUST contain an \"exp\" (expiration time) claim that\n // > limits the time window during which the JWT can be used.\n //\n // @TODO The presence of \"exp\" didn't use to be enforced by this\n // implementation (or provided by the oauth-client). This is mostly\n // fine because \"iat\" *is* required, but this makes this\n // implementation non compliant with RFC7523. We can't just make it\n // required as it might break existing clients.\n\n // 'exp',\n\n // > 7. The JWT MAY contain a \"jti\" (JWT ID) claim that provides a\n // > unique identifier for the token. The authorization server\n // > MAY ensure that JWTs are not replayed by maintaining the set\n // > of used \"jti\" values for the length of time for which the\n // > JWT would be considered valid based on the applicable \"exp\"\n // > instant.\n 'jti',\n ],\n\n // > 5. The JWT MAY contain an \"nbf\" (not before) claim that\n // > identifies the time before which the token MUST NOT be\n // > accepted for processing.\n //\n // This is already enforced by jose\n\n // > 6. The JWT MAY contain an \"iat\" (issued at) claim that identifies\n // > the time at which the JWT was issued. Note that the\n // > authorization server may reject JWTs with an \"iat\" claim value\n // > that is unreasonably far in the past.\n maxTokenAge: CLIENT_ASSERTION_MAX_AGE / 1000,\n }).catch((err) => {\n const msg =\n err instanceof JOSEError\n ? `Validation of \"client_assertion\" failed: ${err.message}`\n : `Unable to verify \"client_assertion\" JWT`\n\n throw new InvalidClientError(msg, err)\n })\n\n if (!result.protectedHeader.kid) {\n throw new InvalidClientError(`\"kid\" required in client_assertion`)\n }\n\n return {\n method: 'private_key_jwt',\n jti: result.payload.jti,\n exp: result.payload.exp,\n jkt: await authJwkThumbprint(result.key),\n alg: result.protectedHeader.alg,\n kid: result.protectedHeader.kid,\n }\n }\n\n throw new InvalidClientError(\n `Unsupported client_assertion_type \"${input.client_assertion_type}\"`,\n )\n }\n\n // @ts-expect-error Ensure to keep Client.AUTH_METHODS_SUPPORTED in sync\n // with the implementation of this function.\n if (Client.AUTH_METHODS_SUPPORTED.includes(method)) {\n throw new Error(\n `verifyCredentials() should implement all of ${[\n Client.AUTH_METHODS_SUPPORTED,\n ]}`,\n )\n }\n\n throw new InvalidClientMetadataError(\n `Unsupported token_endpoint_auth_method \"${method}\"`,\n )\n }\n\n /**\n * Validates the request parameters against the client metadata.\n */\n public validateRequest(\n parameters: Readonly<OAuthAuthorizationRequestParameters>,\n ): Readonly<OAuthAuthorizationRequestParameters> {\n if (parameters.client_id !== this.id) {\n throw new AuthorizationError(\n parameters,\n 'The \"client_id\" parameter field does not match the value used to authenticate the client',\n )\n }\n\n if (parameters.scope !== undefined) {\n // Any scope requested by the client must be registered in the client\n // metadata.\n const declaredScopes = this.metadata.scope?.split(' ')\n\n if (!declaredScopes) {\n throw new InvalidScopeError(\n parameters,\n 'Client has no declared scopes in its metadata',\n )\n }\n\n for (const scope of parameters.scope.split(' ')) {\n if (!declaredScopes.includes(scope)) {\n throw new InvalidScopeError(\n parameters,\n `Scope \"${scope}\" is not declared in the client metadata`,\n )\n }\n }\n }\n\n if (!this.metadata.response_types.includes(parameters.response_type)) {\n throw new AuthorizationError(\n parameters,\n `Invalid response_type \"${parameters.response_type}\" requested by the client`,\n )\n }\n\n if (parameters.response_type.includes('code')) {\n if (!this.metadata.grant_types.includes('authorization_code')) {\n throw new AuthorizationError(\n parameters,\n `This client is not allowed to use the \"authorization_code\" grant type`,\n )\n }\n }\n\n const { redirect_uri } = parameters\n if (redirect_uri) {\n if (\n !this.metadata.redirect_uris.some((uri) =>\n compareRedirectUri(uri, redirect_uri),\n )\n ) {\n throw new AuthorizationError(\n parameters,\n `Invalid redirect_uri ${redirect_uri}`,\n )\n }\n } else {\n const { defaultRedirectUri } = this\n if (defaultRedirectUri) {\n parameters = { ...parameters, redirect_uri: defaultRedirectUri }\n } else {\n // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#authorization-request\n //\n // > \"redirect_uri\": OPTIONAL if only one redirect URI is registered for\n // > this client. REQUIRED if multiple redirect URIs are registered for this\n // > client.\n throw new AuthorizationError(parameters, 'redirect_uri is required')\n }\n }\n\n if (parameters.authorization_details) {\n const { authorization_details_types } = this.metadata\n if (!authorization_details_types) {\n throw new InvalidAuthorizationDetailsError(\n parameters,\n 'Client Metadata does not declare any \"authorization_details\"',\n )\n }\n\n for (const detail of parameters.authorization_details) {\n if (!authorization_details_types?.includes(detail.type)) {\n throw new InvalidAuthorizationDetailsError(\n parameters,\n `Client Metadata does not declare any \"authorization_details\" of type \"${detail.type}\"`,\n )\n }\n }\n }\n\n return parameters\n }\n\n get defaultRedirectUri(): OAuthRedirectUri | undefined {\n const { redirect_uris } = this.metadata\n return redirect_uris.length === 1 ? redirect_uris[0] : undefined\n }\n}\n\nexport async function authJwkThumbprint(\n key: Uint8Array | KeyLike,\n): Promise<string> {\n try {\n return await calculateJwkThumbprint(await exportJWK(key), 'sha512')\n } catch (err) {\n throw new InvalidClientError('Unable to compute JWK thumbprint', err)\n }\n}\n"]}
1
+ {"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/client/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAQL,YAAY,EAEZ,sBAAsB,EACtB,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,EACN,SAAS,EACT,SAAS,GACV,MAAM,MAAM,CAAA;AAEb,OAAO,EACL,gCAAgC,GAKjC,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,wBAAwB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AACrE,OAAO,EAAE,gCAAgC,EAAE,MAAM,kDAAkD,CAAA;AACnG,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAA;AACtE,OAAO,EAAE,0BAA0B,EAAE,MAAM,4CAA4C,CAAA;AACvF,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAA;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAA;AACpE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAA;AAMhE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,CAAA;AAE5B,MAAM,OAAO,MAAM;IACjB;;OAEG;aACa,2BAAsB,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAU,CAAA;IAM7E,YACkB,EAAY,EACZ,QAA6B,EAC7B,OAAyB,QAAQ,CAAC,IAAI,EACtC,IAAgB;QAHhB,OAAE,GAAF,EAAE,CAAU;QACZ,aAAQ,GAAR,QAAQ,CAAqB;QAC7B,SAAI,GAAJ,IAAI,CAAkC;QACtC,SAAI,GAAJ,IAAI,CAAY;QAEhC,2EAA2E;QAC3E,IAAI,CAAC,SAAS;YACZ,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ;gBACxB,CAAC,CAAC,iBAAiB,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;gBACzC,CAAC,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,mBAAmB,CAC9B,GAA4B,EAC5B,QAAgB;QAEhB,oEAAoE;QACpE,0EAA0E;QAC1E,0EAA0E;QAC1E,yEAAyE;QACzE,wEAAwE;QACxE,mCAAmC;QACnC,IAAI,CAAC;YACH,yEAAyE;YACzE,6CAA6C;YAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,0BAA0B,KAAK,MAAM,EAAE,CAAC;gBACxD,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE;oBACxC,QAAQ;oBACR,WAAW,EAAE,WAAW,GAAG,GAAG;oBAC9B,oBAAoB,EAAE,IAAI;oBAC1B,kBAAkB,EAAE,IAAI;iBACzB,CAAC,CAAA;YACJ,CAAC;YAED,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE;gBAC/B,QAAQ;gBACR,WAAW,EAAE,WAAW,GAAG,GAAG;gBAC9B,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,0BAA0B;oBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAC;oBAC5C,CAAC,CAAC,8EAA8E;wBAC9E,EAAE;wBACF,uEAAuE;wBACvE,4BAA4B;wBAC5B,SAAS;aACd,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,SAAS;gBACtB,CAAC,CAAC,6BAA6B,GAAG,CAAC,OAAO,EAAE;gBAC5C,CAAC,CAAC,0BAA0B,CAAA;YAEhC,MAAM,IAAI,mBAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;IAES,KAAK,CAAC,kBAAkB,CAChC,KAAa,EACb,EACE,QAAQ,EACR,oBAAoB,GAAG,KAAK,EAC5B,kBAAkB,GAAG,KAAK,EAC1B,GAAG,OAAO,KAIR,EAAE;QAEN,wEAAwE;QACxE,yEAAyE;QACzE,WAAW;QAEX,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAc,KAAK,EAAE,OAAO,CAAC,CAAA;QAE/D,IAAI,CAAC,kBAAkB,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YACtD,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;gBACnC,MAAM,IAAI,SAAS,CAAC,wBAAwB,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAA;YACpE,CAAC;QACH,CAAC;QAED,IAAI,CAAC,oBAAoB,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;YACxD,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAC9C,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;oBAC/D,MAAM,IAAI,SAAS,CAAC,wBAAwB,MAAM,CAAC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAA;gBACpE,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAES,KAAK,CAAC,SAAS,CACvB,KAAa,EACb,OAA0C;QAE1C,OAAO,SAAS,CAAc,KAAK,EAAE,IAAI,CAAC,SAAS,EAAE;YACnD,GAAG,OAAO;YACV,MAAM,EAAE,IAAI,CAAC,EAAE;SAChB,CAAC,CAAA;IACJ,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,YAAY,CACvB,KAA6B,EAC7B,MAEC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAA;QAEvD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;QAC3B,CAAC;QAED,IAAI,MAAM,KAAK,iBAAiB,EAAE,CAAC;YACjC,IAAI,CAAC,CAAC,kBAAkB,IAAI,KAAK,CAAC,EAAE,CAAC;gBACnC,MAAM,IAAI,mBAAmB,CAC3B,iCAAiC,MAAM,iCAAiC,CACzE,CAAA;YACH,CAAC;YAED,IAAI,KAAK,CAAC,qBAAqB,KAAK,gCAAgC,EAAE,CAAC;gBACrE,wDAAwD;gBAExD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAGhC,KAAK,CAAC,gBAAgB,EAAE;oBACzB,oEAAoE;oBACpE,6DAA6D;oBAC7D,EAAE;oBACF,iDAAiD;oBAEjD,oEAAoE;oBACpE,sEAAsE;oBACtE,oEAAoE;oBACpE,oDAAoD;oBACpD,OAAO,EAAE,IAAI,CAAC,EAAE;oBAEhB,mEAAmE;oBACnE,qEAAqE;oBACrE,oEAAoE;oBACpE,mEAAmE;oBACnE,gEAAgE;oBAChE,QAAQ,EAAE,MAAM,CAAC,6BAA6B;oBAE9C,cAAc,EAAE;wBACd,kEAAkE;wBAClE,gEAAgE;wBAChE,EAAE;wBACF,gEAAgE;wBAChE,mEAAmE;wBACnE,wDAAwD;wBACxD,mEAAmE;wBACnE,+CAA+C;wBAE/C,SAAS;wBAET,kEAAkE;wBAClE,iEAAiE;wBACjE,oEAAoE;wBACpE,iEAAiE;wBACjE,mEAAmE;wBACnE,gBAAgB;wBAChB,KAAK;qBACN;oBAED,4DAA4D;oBAC5D,8DAA8D;oBAC9D,gCAAgC;oBAChC,EAAE;oBACF,mCAAmC;oBAEnC,sEAAsE;oBACtE,4DAA4D;oBAC5D,sEAAsE;oBACtE,6CAA6C;oBAC7C,WAAW,EAAE,wBAAwB,GAAG,IAAI;iBAC7C,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACf,MAAM,GAAG,GACP,GAAG,YAAY,SAAS;wBACtB,CAAC,CAAC,4CAA4C,GAAG,CAAC,OAAO,EAAE;wBAC3D,CAAC,CAAC,yCAAyC,CAAA;oBAE/C,MAAM,IAAI,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;gBACxC,CAAC,CAAC,CAAA;gBAEF,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC;oBAChC,MAAM,IAAI,kBAAkB,CAAC,oCAAoC,CAAC,CAAA;gBACpE,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,iBAAiB;oBACzB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG;oBACvB,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG;oBACvB,GAAG,EAAE,MAAM,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC;oBACxC,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;oBAC/B,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG;iBAChC,CAAA;YACH,CAAC;YAED,MAAM,IAAI,kBAAkB,CAC1B,sCAAsC,KAAK,CAAC,qBAAqB,GAAG,CACrE,CAAA;QACH,CAAC;QAED,wEAAwE;QACxE,4CAA4C;QAC5C,IAAI,MAAM,CAAC,sBAAsB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,+CAA+C;gBAC7C,MAAM,CAAC,sBAAsB;aAC9B,EAAE,CACJ,CAAA;QACH,CAAC;QAED,MAAM,IAAI,0BAA0B,CAClC,2CAA2C,MAAM,GAAG,CACrD,CAAA;IACH,CAAC;IAED;;OAEG;IACI,eAAe,CACpB,UAAyD;QAEzD,IAAI,UAAU,CAAC,SAAS,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,IAAI,kBAAkB,CAC1B,UAAU,EACV,0FAA0F,CAC3F,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YACnC,qEAAqE;YACrE,YAAY;YACZ,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAA;YAEtD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,IAAI,iBAAiB,CACzB,UAAU,EACV,+CAA+C,CAChD,CAAA;YACH,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpC,MAAM,IAAI,iBAAiB,CACzB,UAAU,EACV,UAAU,KAAK,0CAA0C,CAC1D,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,kBAAkB,CAC1B,UAAU,EACV,0BAA0B,UAAU,CAAC,aAAa,2BAA2B,CAC9E,CAAA;QACH,CAAC;QAED,IAAI,UAAU,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAC9D,MAAM,IAAI,kBAAkB,CAC1B,UAAU,EACV,uEAAuE,CACxE,CAAA;YACH,CAAC;QACH,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,GAAG,UAAU,CAAA;QACnC,IAAI,YAAY,EAAE,CAAC;YACjB,IACE,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACxC,kBAAkB,CAAC,GAAG,EAAE,YAAY,CAAC,CACtC,EACD,CAAC;gBACD,MAAM,IAAI,kBAAkB,CAC1B,UAAU,EACV,wBAAwB,YAAY,EAAE,CACvC,CAAA;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,kBAAkB,EAAE,GAAG,IAAI,CAAA;YACnC,IAAI,kBAAkB,EAAE,CAAC;gBACvB,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,YAAY,EAAE,kBAAkB,EAAE,CAAA;YAClE,CAAC;iBAAM,CAAC;gBACN,uFAAuF;gBACvF,EAAE;gBACF,wEAAwE;gBACxE,4EAA4E;gBAC5E,YAAY;gBACZ,MAAM,IAAI,kBAAkB,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAA;YACtE,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;YACrC,MAAM,EAAE,2BAA2B,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAA;YACrD,IAAI,CAAC,2BAA2B,EAAE,CAAC;gBACjC,MAAM,IAAI,gCAAgC,CACxC,UAAU,EACV,8DAA8D,CAC/D,CAAA;YACH,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;gBACtD,IAAI,CAAC,2BAA2B,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,MAAM,IAAI,gCAAgC,CACxC,UAAU,EACV,yEAAyE,MAAM,CAAC,IAAI,GAAG,CACxF,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,IAAI,kBAAkB;QACpB,MAAM,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAA;QACvC,OAAO,aAAa,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAClE,CAAC;;AAGH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAyB;IAEzB,IAAI,CAAC;QACH,OAAO,MAAM,sBAAsB,CAAC,MAAM,SAAS,CAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAA;IACrE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,kBAAkB,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAA;IACvE,CAAC;AACH,CAAC","sourcesContent":["import {\n JWTClaimVerificationOptions,\n type JWTHeaderParameters,\n type JWTPayload,\n type JWTVerifyOptions,\n type JWTVerifyResult,\n type KeyLike,\n type ResolvedKey,\n UnsecuredJWT,\n type UnsecuredResult,\n calculateJwkThumbprint,\n createLocalJWKSet,\n createRemoteJWKSet,\n errors,\n exportJWK,\n jwtVerify,\n} from 'jose'\nimport { Jwks, SignedJwt, UnsignedJwt } from '@atproto/jwk'\nimport {\n CLIENT_ASSERTION_TYPE_JWT_BEARER,\n OAuthAuthorizationRequestParameters,\n OAuthClientCredentials,\n OAuthClientMetadata,\n OAuthRedirectUri,\n} from '@atproto/oauth-types'\nimport { CLIENT_ASSERTION_MAX_AGE, JAR_MAX_AGE } from '../constants.js'\nimport { AuthorizationError } from '../errors/authorization-error.js'\nimport { InvalidAuthorizationDetailsError } from '../errors/invalid-authorization-details-error.js'\nimport { InvalidClientError } from '../errors/invalid-client-error.js'\nimport { InvalidClientMetadataError } from '../errors/invalid-client-metadata-error.js'\nimport { InvalidRequestError } from '../errors/invalid-request-error.js'\nimport { InvalidScopeError } from '../errors/invalid-scope-error.js'\nimport { asArray } from '../lib/util/cast.js'\nimport { compareRedirectUri } from '../lib/util/redirect-uri.js'\nimport { Awaitable } from '../lib/util/type.js'\nimport { ClientAuth } from './client-auth.js'\nimport { ClientId } from './client-id.js'\nimport { ClientInfo } from './client-info.js'\n\nconst { JOSEError } = errors\n\nexport class Client {\n /**\n * @see {@link https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method}\n */\n static readonly AUTH_METHODS_SUPPORTED = ['none', 'private_key_jwt'] as const\n\n private readonly keyGetter: (\n protectedHeader: JWTHeaderParameters,\n ) => Awaitable<KeyLike | Uint8Array>\n\n constructor(\n public readonly id: ClientId,\n public readonly metadata: OAuthClientMetadata,\n public readonly jwks: undefined | Jwks = metadata.jwks,\n public readonly info: ClientInfo,\n ) {\n // If the remote JWKS content is provided, we don't need to fetch it again.\n this.keyGetter =\n jwks || !metadata.jwks_uri\n ? createLocalJWKSet(jwks || { keys: [] })\n : createRemoteJWKSet(new URL(metadata.jwks_uri), {})\n }\n\n /**\n * @see {@link https://www.rfc-editor.org/rfc/rfc9101.html#name-request-object-2}\n */\n public async decodeRequestObject(\n jar: SignedJwt | UnsignedJwt,\n audience: string,\n ) {\n // https://www.rfc-editor.org/rfc/rfc9101.html#name-request-object-2\n // > If signed, the Authorization Request Object SHOULD contain the Claims\n // > iss (issuer) and aud (audience) as members with their semantics being\n // > the same as defined in the JWT [RFC7519] specification. The value of\n // > aud should be the value of the authorization server (AS) issuer, as\n // > defined in RFC 8414 [RFC8414].\n try {\n // We need to special case the \"none\" algorithm, as the validation method\n // is different for signed and unsigned JWTs.\n if (this.metadata.request_object_signing_alg === 'none') {\n return await this.jwtVerifyUnsecured(jar, {\n audience,\n maxTokenAge: JAR_MAX_AGE / 1e3,\n allowMissingAudience: true,\n allowMissingIssuer: true,\n })\n }\n\n return await this.jwtVerify(jar, {\n audience,\n maxTokenAge: JAR_MAX_AGE / 1e3,\n algorithms: this.metadata.request_object_signing_alg\n ? [this.metadata.request_object_signing_alg]\n : // https://openid.net/specs/openid-connect-registration-1_0.html#rfc.section.2\n //\n // > The default, if omitted, is that any algorithm supported by the OP\n // > and the RP MAY be used.\n undefined,\n })\n } catch (err) {\n const message =\n err instanceof JOSEError\n ? `Invalid \"request\" object: ${err.message}`\n : `Invalid \"request\" object`\n\n throw new InvalidRequestError(message, err)\n }\n }\n\n protected async jwtVerifyUnsecured<PayloadType = JWTPayload>(\n token: string,\n {\n audience,\n allowMissingAudience = false,\n allowMissingIssuer = false,\n ...options\n }: Omit<JWTClaimVerificationOptions, 'issuer'> & {\n allowMissingIssuer?: boolean\n allowMissingAudience?: boolean\n } = {},\n ): Promise<UnsecuredResult<PayloadType>> {\n // jose does not support `allowMissingAudience` and `allowMissingIssuer`\n // options, so we need to handle audience and issuer checks manually (see\n // bellow).\n\n const result = UnsecuredJWT.decode<PayloadType>(token, options)\n\n if (!allowMissingIssuer || result.payload.iss != null) {\n if (result.payload.iss !== this.id) {\n throw new JOSEError(`Invalid \"iss\" claim \"${result.payload.iss}\"`)\n }\n }\n\n if (!allowMissingAudience || result.payload.aud != null) {\n if (audience != null) {\n const payloadAud = asArray(result.payload.aud)\n if (!asArray(audience).some((aud) => payloadAud.includes(aud))) {\n throw new JOSEError(`Invalid \"aud\" claim \"${result.payload.aud}\"`)\n }\n }\n }\n\n return result\n }\n\n protected async jwtVerify<PayloadType = JWTPayload>(\n token: string,\n options?: Omit<JWTVerifyOptions, 'issuer'>,\n ): Promise<JWTVerifyResult<PayloadType> & ResolvedKey<KeyLike>> {\n return jwtVerify<PayloadType>(token, this.keyGetter, {\n ...options,\n issuer: this.id,\n })\n }\n\n /**\n * @see {@link https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7523#section-3}\n * @see {@link https://www.iana.org/assignments/oauth-parameters/oauth-parameters.xhtml#token-endpoint-auth-method}\n */\n public async authenticate(\n input: OAuthClientCredentials,\n checks: {\n authorizationServerIdentifier: string\n },\n ): Promise<ClientAuth> {\n const method = this.metadata.token_endpoint_auth_method\n\n if (method === 'none') {\n return { method: 'none' }\n }\n\n if (method === 'private_key_jwt') {\n if (!('client_assertion' in input)) {\n throw new InvalidRequestError(\n `client authentication method \"${method}\" required a \"client_assertion\"`,\n )\n }\n\n if (input.client_assertion_type === CLIENT_ASSERTION_TYPE_JWT_BEARER) {\n // https://www.rfc-editor.org/rfc/rfc7523.html#section-3\n\n const result = await this.jwtVerify<{\n jti: string\n exp?: number\n }>(input.client_assertion, {\n // > 1. The JWT MUST contain an \"iss\" (issuer) claim that contains a\n // > unique identifier for the entity that issued the JWT.\n //\n // The \"issuer\" is already checked by jwtVerify()\n\n // > 2. The JWT MUST contain a \"sub\" (subject) claim identifying the\n // > principal that is the subject of the JWT. Two cases need to be\n // > differentiated: [...] For client authentication, the subject\n // > MUST be the \"client_id\" of the OAuth client.\n subject: this.id,\n\n // > 3. The JWT MUST contain an \"aud\" (audience) claim containing a\n // > value that identifies the authorization server as an intended\n // > audience. The token endpoint URL of the authorization server\n // > MAY be used as a value for an \"aud\" element to identify the\n // > authorization server as an intended audience of the JWT.\n audience: checks.authorizationServerIdentifier,\n\n requiredClaims: [\n // > 4. The JWT MUST contain an \"exp\" (expiration time) claim that\n // > limits the time window during which the JWT can be used.\n //\n // @TODO The presence of \"exp\" didn't use to be enforced by this\n // implementation (or provided by the oauth-client). This is mostly\n // fine because \"iat\" *is* required, but this makes this\n // implementation non compliant with RFC7523. We can't just make it\n // required as it might break existing clients.\n\n // 'exp',\n\n // > 7. The JWT MAY contain a \"jti\" (JWT ID) claim that provides a\n // > unique identifier for the token. The authorization server\n // > MAY ensure that JWTs are not replayed by maintaining the set\n // > of used \"jti\" values for the length of time for which the\n // > JWT would be considered valid based on the applicable \"exp\"\n // > instant.\n 'jti',\n ],\n\n // > 5. The JWT MAY contain an \"nbf\" (not before) claim that\n // > identifies the time before which the token MUST NOT be\n // > accepted for processing.\n //\n // This is already enforced by jose\n\n // > 6. The JWT MAY contain an \"iat\" (issued at) claim that identifies\n // > the time at which the JWT was issued. Note that the\n // > authorization server may reject JWTs with an \"iat\" claim value\n // > that is unreasonably far in the past.\n maxTokenAge: CLIENT_ASSERTION_MAX_AGE / 1000,\n }).catch((err) => {\n const msg =\n err instanceof JOSEError\n ? `Validation of \"client_assertion\" failed: ${err.message}`\n : `Unable to verify \"client_assertion\" JWT`\n\n throw new InvalidClientError(msg, err)\n })\n\n if (!result.protectedHeader.kid) {\n throw new InvalidClientError(`\"kid\" required in client_assertion`)\n }\n\n return {\n method: 'private_key_jwt',\n jti: result.payload.jti,\n exp: result.payload.exp,\n jkt: await authJwkThumbprint(result.key),\n alg: result.protectedHeader.alg,\n kid: result.protectedHeader.kid,\n }\n }\n\n throw new InvalidClientError(\n `Unsupported client_assertion_type \"${input.client_assertion_type}\"`,\n )\n }\n\n // @ts-expect-error Ensure to keep Client.AUTH_METHODS_SUPPORTED in sync\n // with the implementation of this function.\n if (Client.AUTH_METHODS_SUPPORTED.includes(method)) {\n throw new Error(\n `verifyCredentials() should implement all of ${[\n Client.AUTH_METHODS_SUPPORTED,\n ]}`,\n )\n }\n\n throw new InvalidClientMetadataError(\n `Unsupported token_endpoint_auth_method \"${method}\"`,\n )\n }\n\n /**\n * Validates the request parameters against the client metadata.\n */\n public validateRequest(\n parameters: Readonly<OAuthAuthorizationRequestParameters>,\n ): Readonly<OAuthAuthorizationRequestParameters> {\n if (parameters.client_id !== this.id) {\n throw new AuthorizationError(\n parameters,\n 'The \"client_id\" parameter field does not match the value used to authenticate the client',\n )\n }\n\n if (parameters.scope !== undefined) {\n // Any scope requested by the client must be registered in the client\n // metadata.\n const declaredScopes = this.metadata.scope?.split(' ')\n\n if (!declaredScopes) {\n throw new InvalidScopeError(\n parameters,\n 'Client has no declared scopes in its metadata',\n )\n }\n\n for (const scope of parameters.scope.split(' ')) {\n if (!declaredScopes.includes(scope)) {\n throw new InvalidScopeError(\n parameters,\n `Scope \"${scope}\" is not declared in the client metadata`,\n )\n }\n }\n }\n\n if (!this.metadata.response_types.includes(parameters.response_type)) {\n throw new AuthorizationError(\n parameters,\n `Invalid response_type \"${parameters.response_type}\" requested by the client`,\n )\n }\n\n if (parameters.response_type.includes('code')) {\n if (!this.metadata.grant_types.includes('authorization_code')) {\n throw new AuthorizationError(\n parameters,\n `This client is not allowed to use the \"authorization_code\" grant type`,\n )\n }\n }\n\n const { redirect_uri } = parameters\n if (redirect_uri) {\n if (\n !this.metadata.redirect_uris.some((uri) =>\n compareRedirectUri(uri, redirect_uri),\n )\n ) {\n throw new AuthorizationError(\n parameters,\n `Invalid redirect_uri ${redirect_uri}`,\n )\n }\n } else {\n const { defaultRedirectUri } = this\n if (defaultRedirectUri) {\n parameters = { ...parameters, redirect_uri: defaultRedirectUri }\n } else {\n // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-10#authorization-request\n //\n // > \"redirect_uri\": OPTIONAL if only one redirect URI is registered for\n // > this client. REQUIRED if multiple redirect URIs are registered for this\n // > client.\n throw new AuthorizationError(parameters, 'redirect_uri is required')\n }\n }\n\n if (parameters.authorization_details) {\n const { authorization_details_types } = this.metadata\n if (!authorization_details_types) {\n throw new InvalidAuthorizationDetailsError(\n parameters,\n 'Client Metadata does not declare any \"authorization_details\"',\n )\n }\n\n for (const detail of parameters.authorization_details) {\n if (!authorization_details_types?.includes(detail.type)) {\n throw new InvalidAuthorizationDetailsError(\n parameters,\n `Client Metadata does not declare any \"authorization_details\" of type \"${detail.type}\"`,\n )\n }\n }\n }\n\n return parameters\n }\n\n get defaultRedirectUri(): OAuthRedirectUri | undefined {\n const { redirect_uris } = this.metadata\n return redirect_uris.length === 1 ? redirect_uris[0] : undefined\n }\n}\n\nexport async function authJwkThumbprint(\n key: Uint8Array | KeyLike,\n): Promise<string> {\n try {\n return await calculateJwkThumbprint(await exportJWK(key), 'sha512')\n } catch (err) {\n throw new InvalidClientError('Unable to compute JWK thumbprint', err)\n }\n}\n"]}
package/dist/constants.js CHANGED
@@ -1,19 +1,16 @@
1
- "use strict";
2
1
  // The purpose of the prefix is to provide type safety
3
- Object.defineProperty(exports, "__esModule", { value: true });
4
- exports.NODE_ENV = exports.LEXICON_REFRESH_FREQUENCY = exports.CODE_CHALLENGE_REPLAY_TIMEFRAME = exports.SESSION_FIXATION_MAX_AGE = exports.DPOP_NONCE_MAX_AGE = exports.CLIENT_ASSERTION_MAX_AGE = exports.JAR_MAX_AGE = exports.PAR_EXPIRES_IN = exports.CONFIDENTIAL_CLIENT_REFRESH_LIFETIME = exports.CONFIDENTIAL_CLIENT_SESSION_LIFETIME = exports.PUBLIC_CLIENT_REFRESH_LIFETIME = exports.PUBLIC_CLIENT_SESSION_LIFETIME = exports.AUTHORIZATION_INACTIVITY_TIMEOUT = exports.TOKEN_MAX_AGE = exports.EPHEMERAL_SESSION_MAX_AGE = exports.AUTHENTICATION_MAX_AGE = exports.CODE_BYTES_LENGTH = exports.CODE_PREFIX = exports.REQUEST_ID_BYTES_LENGTH = exports.REQUEST_ID_PREFIX = exports.TOKEN_ID_BYTES_LENGTH = exports.TOKEN_ID_PREFIX = exports.REFRESH_TOKEN_BYTES_LENGTH = exports.REFRESH_TOKEN_PREFIX = exports.SESSION_ID_BYTES_LENGTH = exports.SESSION_ID_PREFIX = exports.DEVICE_ID_BYTES_LENGTH = exports.DEVICE_ID_PREFIX = void 0;
5
- exports.DEVICE_ID_PREFIX = 'dev-';
6
- exports.DEVICE_ID_BYTES_LENGTH = 16; // 128 bits
7
- exports.SESSION_ID_PREFIX = 'ses-';
8
- exports.SESSION_ID_BYTES_LENGTH = 16; // 128 bits - only valid if device id is valid
9
- exports.REFRESH_TOKEN_PREFIX = 'ref-';
10
- exports.REFRESH_TOKEN_BYTES_LENGTH = 32; // 256 bits
11
- exports.TOKEN_ID_PREFIX = 'tok-';
12
- exports.TOKEN_ID_BYTES_LENGTH = 16; // 128 bits - used as `jti` in JWTs (cannot be forged)
13
- exports.REQUEST_ID_PREFIX = 'req-';
14
- exports.REQUEST_ID_BYTES_LENGTH = 16; // 128 bits
15
- exports.CODE_PREFIX = 'cod-';
16
- exports.CODE_BYTES_LENGTH = 32;
2
+ export const DEVICE_ID_PREFIX = 'dev-';
3
+ export const DEVICE_ID_BYTES_LENGTH = 16; // 128 bits
4
+ export const SESSION_ID_PREFIX = 'ses-';
5
+ export const SESSION_ID_BYTES_LENGTH = 16; // 128 bits - only valid if device id is valid
6
+ export const REFRESH_TOKEN_PREFIX = 'ref-';
7
+ export const REFRESH_TOKEN_BYTES_LENGTH = 32; // 256 bits
8
+ export const TOKEN_ID_PREFIX = 'tok-';
9
+ export const TOKEN_ID_BYTES_LENGTH = 16; // 128 bits - used as `jti` in JWTs (cannot be forged)
10
+ export const REQUEST_ID_PREFIX = 'req-';
11
+ export const REQUEST_ID_BYTES_LENGTH = 16; // 128 bits
12
+ export const CODE_PREFIX = 'cod-';
13
+ export const CODE_BYTES_LENGTH = 32;
17
14
  const SECOND = 1e3;
18
15
  const MINUTE = 60 * SECOND;
19
16
  const HOUR = 60 * MINUTE;
@@ -22,23 +19,23 @@ const WEEK = 7 * DAY;
22
19
  const YEAR = 365.25 * DAY;
23
20
  const MONTH = YEAR / 12;
24
21
  /** 7 days */
25
- exports.AUTHENTICATION_MAX_AGE = 7 * DAY;
22
+ export const AUTHENTICATION_MAX_AGE = 7 * DAY;
26
23
  /** 15 minutes */
27
- exports.EPHEMERAL_SESSION_MAX_AGE = 15 * MINUTE;
24
+ export const EPHEMERAL_SESSION_MAX_AGE = 15 * MINUTE;
28
25
  /** 60 minutes */
29
- exports.TOKEN_MAX_AGE = 60 * MINUTE;
26
+ export const TOKEN_MAX_AGE = 60 * MINUTE;
30
27
  /** 5 minutes */
31
- exports.AUTHORIZATION_INACTIVITY_TIMEOUT = 5 * MINUTE;
28
+ export const AUTHORIZATION_INACTIVITY_TIMEOUT = 5 * MINUTE;
32
29
  /** 2 week */
33
- exports.PUBLIC_CLIENT_SESSION_LIFETIME = 2 * WEEK;
30
+ export const PUBLIC_CLIENT_SESSION_LIFETIME = 2 * WEEK;
34
31
  /** @see {@link PUBLIC_CLIENT_SESSION_LIFETIME} */
35
- exports.PUBLIC_CLIENT_REFRESH_LIFETIME = exports.PUBLIC_CLIENT_SESSION_LIFETIME;
32
+ export const PUBLIC_CLIENT_REFRESH_LIFETIME = PUBLIC_CLIENT_SESSION_LIFETIME;
36
33
  /** 2 years */
37
- exports.CONFIDENTIAL_CLIENT_SESSION_LIFETIME = 2 * YEAR;
34
+ export const CONFIDENTIAL_CLIENT_SESSION_LIFETIME = 2 * YEAR;
38
35
  /** 3 months */
39
- exports.CONFIDENTIAL_CLIENT_REFRESH_LIFETIME = 3 * MONTH;
36
+ export const CONFIDENTIAL_CLIENT_REFRESH_LIFETIME = 3 * MONTH;
40
37
  /** 5 minutes */
41
- exports.PAR_EXPIRES_IN = 5 * MINUTE;
38
+ export const PAR_EXPIRES_IN = 5 * MINUTE;
42
39
  /**
43
40
  * 59 seconds (should be less than a minute)
44
41
  *
@@ -46,16 +43,16 @@ exports.PAR_EXPIRES_IN = 5 * MINUTE;
46
43
  *
47
44
  * @see {@link https://datatracker.ietf.org/doc/html/rfc9101#section-10.2 | JWT-Secured Authorization Request (JAR) - Section 10.2 (d)}
48
45
  */
49
- exports.JAR_MAX_AGE = 59 * SECOND;
46
+ export const JAR_MAX_AGE = 59 * SECOND;
50
47
  /** 1 minute */
51
- exports.CLIENT_ASSERTION_MAX_AGE = 1 * MINUTE;
48
+ export const CLIENT_ASSERTION_MAX_AGE = 1 * MINUTE;
52
49
  /** 3 minutes */
53
- exports.DPOP_NONCE_MAX_AGE = 3 * MINUTE;
50
+ export const DPOP_NONCE_MAX_AGE = 3 * MINUTE;
54
51
  /** 5 seconds */
55
- exports.SESSION_FIXATION_MAX_AGE = 5 * SECOND;
52
+ export const SESSION_FIXATION_MAX_AGE = 5 * SECOND;
56
53
  /** 1 day */
57
- exports.CODE_CHALLENGE_REPLAY_TIMEFRAME = 1 * DAY;
54
+ export const CODE_CHALLENGE_REPLAY_TIMEFRAME = 1 * DAY;
58
55
  /** 5 minutes */
59
- exports.LEXICON_REFRESH_FREQUENCY = 5 * MINUTE;
60
- exports.NODE_ENV = process.env.NODE_ENV || 'production';
56
+ export const LEXICON_REFRESH_FREQUENCY = 5 * MINUTE;
57
+ export const NODE_ENV = process.env.NODE_ENV || 'production';
61
58
  //# sourceMappingURL=constants.js.map
package/dist/constants.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA,sDAAsD;;;AAEzC,QAAA,gBAAgB,GAAG,MAAM,CAAA;AACzB,QAAA,sBAAsB,GAAG,EAAE,CAAA,CAAC,WAAW;AAEvC,QAAA,iBAAiB,GAAG,MAAM,CAAA;AAC1B,QAAA,uBAAuB,GAAG,EAAE,CAAA,CAAC,8CAA8C;AAE3E,QAAA,oBAAoB,GAAG,MAAM,CAAA;AAC7B,QAAA,0BAA0B,GAAG,EAAE,CAAA,CAAC,WAAW;AAE3C,QAAA,eAAe,GAAG,MAAM,CAAA;AACxB,QAAA,qBAAqB,GAAG,EAAE,CAAA,CAAC,sDAAsD;AAEjF,QAAA,iBAAiB,GAAG,MAAM,CAAA;AAC1B,QAAA,uBAAuB,GAAG,EAAE,CAAA,CAAC,WAAW;AAExC,QAAA,WAAW,GAAG,MAAM,CAAA;AACpB,QAAA,iBAAiB,GAAG,EAAE,CAAA;AAEnC,MAAM,MAAM,GAAG,GAAG,CAAA;AAClB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,CAAA;AAC1B,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,CAAA;AACxB,MAAM,GAAG,GAAG,EAAE,GAAG,IAAI,CAAA;AACrB,MAAM,IAAI,GAAG,CAAC,GAAG,GAAG,CAAA;AACpB,MAAM,IAAI,GAAG,MAAM,GAAG,GAAG,CAAA;AACzB,MAAM,KAAK,GAAG,IAAI,GAAG,EAAE,CAAA;AAEvB,aAAa;AACA,QAAA,sBAAsB,GAAG,CAAC,GAAG,GAAG,CAAA;AAE7C,iBAAiB;AACJ,QAAA,yBAAyB,GAAG,EAAE,GAAG,MAAM,CAAA;AAEpD,iBAAiB;AACJ,QAAA,aAAa,GAAG,EAAE,GAAG,MAAM,CAAA;AAExC,gBAAgB;AACH,QAAA,gCAAgC,GAAG,CAAC,GAAG,MAAM,CAAA;AAE1D,aAAa;AACA,QAAA,8BAA8B,GAAG,CAAC,GAAG,IAAI,CAAA;AAEtD,kDAAkD;AACrC,QAAA,8BAA8B,GAAG,sCAA8B,CAAA;AAE5E,cAAc;AACD,QAAA,oCAAoC,GAAG,CAAC,GAAG,IAAI,CAAA;AAE5D,eAAe;AACF,QAAA,oCAAoC,GAAG,CAAC,GAAG,KAAK,CAAA;AAE7D,gBAAgB;AACH,QAAA,cAAc,GAAG,CAAC,GAAG,MAAM,CAAA;AAExC;;;;;;GAMG;AACU,QAAA,WAAW,GAAG,EAAE,GAAG,MAAM,CAAA;AAEtC,eAAe;AACF,QAAA,wBAAwB,GAAG,CAAC,GAAG,MAAM,CAAA;AAElD,gBAAgB;AACH,QAAA,kBAAkB,GAAG,CAAC,GAAG,MAAM,CAAA;AAE5C,gBAAgB;AACH,QAAA,wBAAwB,GAAG,CAAC,GAAG,MAAM,CAAA;AAElD,YAAY;AACC,QAAA,+BAA+B,GAAG,CAAC,GAAG,GAAG,CAAA;AAEtD,gBAAgB;AACH,QAAA,yBAAyB,GAAG,CAAC,GAAG,MAAM,CAAA;AAEtC,QAAA,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,YAAY,CAAA","sourcesContent":["// The purpose of the prefix is to provide type safety\n\nexport const DEVICE_ID_PREFIX = 'dev-'\nexport const DEVICE_ID_BYTES_LENGTH = 16 // 128 bits\n\nexport const SESSION_ID_PREFIX = 'ses-'\nexport const SESSION_ID_BYTES_LENGTH = 16 // 128 bits - only valid if device id is valid\n\nexport const REFRESH_TOKEN_PREFIX = 'ref-'\nexport const REFRESH_TOKEN_BYTES_LENGTH = 32 // 256 bits\n\nexport const TOKEN_ID_PREFIX = 'tok-'\nexport const TOKEN_ID_BYTES_LENGTH = 16 // 128 bits - used as `jti` in JWTs (cannot be forged)\n\nexport const REQUEST_ID_PREFIX = 'req-'\nexport const REQUEST_ID_BYTES_LENGTH = 16 // 128 bits\n\nexport const CODE_PREFIX = 'cod-'\nexport const CODE_BYTES_LENGTH = 32\n\nconst SECOND = 1e3\nconst MINUTE = 60 * SECOND\nconst HOUR = 60 * MINUTE\nconst DAY = 24 * HOUR\nconst WEEK = 7 * DAY\nconst YEAR = 365.25 * DAY\nconst MONTH = YEAR / 12\n\n/** 7 days */\nexport const AUTHENTICATION_MAX_AGE = 7 * DAY\n\n/** 15 minutes */\nexport const EPHEMERAL_SESSION_MAX_AGE = 15 * MINUTE\n\n/** 60 minutes */\nexport const TOKEN_MAX_AGE = 60 * MINUTE\n\n/** 5 minutes */\nexport const AUTHORIZATION_INACTIVITY_TIMEOUT = 5 * MINUTE\n\n/** 2 week */\nexport const PUBLIC_CLIENT_SESSION_LIFETIME = 2 * WEEK\n\n/** @see {@link PUBLIC_CLIENT_SESSION_LIFETIME} */\nexport const PUBLIC_CLIENT_REFRESH_LIFETIME = PUBLIC_CLIENT_SESSION_LIFETIME\n\n/** 2 years */\nexport const CONFIDENTIAL_CLIENT_SESSION_LIFETIME = 2 * YEAR\n\n/** 3 months */\nexport const CONFIDENTIAL_CLIENT_REFRESH_LIFETIME = 3 * MONTH\n\n/** 5 minutes */\nexport const PAR_EXPIRES_IN = 5 * MINUTE\n\n/**\n * 59 seconds (should be less than a minute)\n *\n * > \"A general guidance for the validity time would be less than a minute.\"\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc9101#section-10.2 | JWT-Secured Authorization Request (JAR) - Section 10.2 (d)}\n */\nexport const JAR_MAX_AGE = 59 * SECOND\n\n/** 1 minute */\nexport const CLIENT_ASSERTION_MAX_AGE = 1 * MINUTE\n\n/** 3 minutes */\nexport const DPOP_NONCE_MAX_AGE = 3 * MINUTE\n\n/** 5 seconds */\nexport const SESSION_FIXATION_MAX_AGE = 5 * SECOND\n\n/** 1 day */\nexport const CODE_CHALLENGE_REPLAY_TIMEFRAME = 1 * DAY\n\n/** 5 minutes */\nexport const LEXICON_REFRESH_FREQUENCY = 5 * MINUTE\n\nexport const NODE_ENV = process.env.NODE_ENV || 'production'\n"]}
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,sDAAsD;AAEtD,MAAM,CAAC,MAAM,gBAAgB,GAAG,MAAM,CAAA;AACtC,MAAM,CAAC,MAAM,sBAAsB,GAAG,EAAE,CAAA,CAAC,WAAW;AAEpD,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAM,CAAA;AACvC,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,CAAA,CAAC,8CAA8C;AAExF,MAAM,CAAC,MAAM,oBAAoB,GAAG,MAAM,CAAA;AAC1C,MAAM,CAAC,MAAM,0BAA0B,GAAG,EAAE,CAAA,CAAC,WAAW;AAExD,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAA;AACrC,MAAM,CAAC,MAAM,qBAAqB,GAAG,EAAE,CAAA,CAAC,sDAAsD;AAE9F,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAM,CAAA;AACvC,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,CAAA,CAAC,WAAW;AAErD,MAAM,CAAC,MAAM,WAAW,GAAG,MAAM,CAAA;AACjC,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAA;AAEnC,MAAM,MAAM,GAAG,GAAG,CAAA;AAClB,MAAM,MAAM,GAAG,EAAE,GAAG,MAAM,CAAA;AAC1B,MAAM,IAAI,GAAG,EAAE,GAAG,MAAM,CAAA;AACxB,MAAM,GAAG,GAAG,EAAE,GAAG,IAAI,CAAA;AACrB,MAAM,IAAI,GAAG,CAAC,GAAG,GAAG,CAAA;AACpB,MAAM,IAAI,GAAG,MAAM,GAAG,GAAG,CAAA;AACzB,MAAM,KAAK,GAAG,IAAI,GAAG,EAAE,CAAA;AAEvB,aAAa;AACb,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,GAAG,GAAG,CAAA;AAE7C,iBAAiB;AACjB,MAAM,CAAC,MAAM,yBAAyB,GAAG,EAAE,GAAG,MAAM,CAAA;AAEpD,iBAAiB;AACjB,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,GAAG,MAAM,CAAA;AAExC,gBAAgB;AAChB,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,GAAG,MAAM,CAAA;AAE1D,aAAa;AACb,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAC,GAAG,IAAI,CAAA;AAEtD,kDAAkD;AAClD,MAAM,CAAC,MAAM,8BAA8B,GAAG,8BAA8B,CAAA;AAE5E,cAAc;AACd,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,GAAG,IAAI,CAAA;AAE5D,eAAe;AACf,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,GAAG,KAAK,CAAA;AAE7D,gBAAgB;AAChB,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,GAAG,MAAM,CAAA;AAExC;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,GAAG,MAAM,CAAA;AAEtC,eAAe;AACf,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,GAAG,MAAM,CAAA;AAElD,gBAAgB;AAChB,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,GAAG,MAAM,CAAA;AAE5C,gBAAgB;AAChB,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,GAAG,MAAM,CAAA;AAElD,YAAY;AACZ,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,GAAG,GAAG,CAAA;AAEtD,gBAAgB;AAChB,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,GAAG,MAAM,CAAA;AAEnD,MAAM,CAAC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,YAAY,CAAA","sourcesContent":["// The purpose of the prefix is to provide type safety\n\nexport const DEVICE_ID_PREFIX = 'dev-'\nexport const DEVICE_ID_BYTES_LENGTH = 16 // 128 bits\n\nexport const SESSION_ID_PREFIX = 'ses-'\nexport const SESSION_ID_BYTES_LENGTH = 16 // 128 bits - only valid if device id is valid\n\nexport const REFRESH_TOKEN_PREFIX = 'ref-'\nexport const REFRESH_TOKEN_BYTES_LENGTH = 32 // 256 bits\n\nexport const TOKEN_ID_PREFIX = 'tok-'\nexport const TOKEN_ID_BYTES_LENGTH = 16 // 128 bits - used as `jti` in JWTs (cannot be forged)\n\nexport const REQUEST_ID_PREFIX = 'req-'\nexport const REQUEST_ID_BYTES_LENGTH = 16 // 128 bits\n\nexport const CODE_PREFIX = 'cod-'\nexport const CODE_BYTES_LENGTH = 32\n\nconst SECOND = 1e3\nconst MINUTE = 60 * SECOND\nconst HOUR = 60 * MINUTE\nconst DAY = 24 * HOUR\nconst WEEK = 7 * DAY\nconst YEAR = 365.25 * DAY\nconst MONTH = YEAR / 12\n\n/** 7 days */\nexport const AUTHENTICATION_MAX_AGE = 7 * DAY\n\n/** 15 minutes */\nexport const EPHEMERAL_SESSION_MAX_AGE = 15 * MINUTE\n\n/** 60 minutes */\nexport const TOKEN_MAX_AGE = 60 * MINUTE\n\n/** 5 minutes */\nexport const AUTHORIZATION_INACTIVITY_TIMEOUT = 5 * MINUTE\n\n/** 2 week */\nexport const PUBLIC_CLIENT_SESSION_LIFETIME = 2 * WEEK\n\n/** @see {@link PUBLIC_CLIENT_SESSION_LIFETIME} */\nexport const PUBLIC_CLIENT_REFRESH_LIFETIME = PUBLIC_CLIENT_SESSION_LIFETIME\n\n/** 2 years */\nexport const CONFIDENTIAL_CLIENT_SESSION_LIFETIME = 2 * YEAR\n\n/** 3 months */\nexport const CONFIDENTIAL_CLIENT_REFRESH_LIFETIME = 3 * MONTH\n\n/** 5 minutes */\nexport const PAR_EXPIRES_IN = 5 * MINUTE\n\n/**\n * 59 seconds (should be less than a minute)\n *\n * > \"A general guidance for the validity time would be less than a minute.\"\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc9101#section-10.2 | JWT-Secured Authorization Request (JAR) - Section 10.2 (d)}\n */\nexport const JAR_MAX_AGE = 59 * SECOND\n\n/** 1 minute */\nexport const CLIENT_ASSERTION_MAX_AGE = 1 * MINUTE\n\n/** 3 minutes */\nexport const DPOP_NONCE_MAX_AGE = 3 * MINUTE\n\n/** 5 seconds */\nexport const SESSION_FIXATION_MAX_AGE = 5 * SECOND\n\n/** 1 day */\nexport const CODE_CHALLENGE_REPLAY_TIMEFRAME = 1 * DAY\n\n/** 5 minutes */\nexport const LEXICON_REFRESH_FREQUENCY = 5 * MINUTE\n\nexport const NODE_ENV = process.env.NODE_ENV || 'production'\n"]}
package/dist/customization/branding.js CHANGED
@@ -1,13 +1,10 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.brandingSchema = void 0;
4
- const zod_1 = require("zod");
5
- const colors_js_1 = require("./colors.js");
6
- const links_js_1 = require("./links.js");
7
- exports.brandingSchema = zod_1.z.object({
8
- name: zod_1.z.string().optional(),
9
- logo: zod_1.z.string().url().optional(),
10
- colors: colors_js_1.colorsSchema.optional(),
11
- links: zod_1.z.array(links_js_1.linksSchema).optional(),
1
+ import { z } from 'zod';
2
+ import { colorsSchema } from './colors.js';
3
+ import { linksSchema } from './links.js';
4
+ export const brandingSchema = z.object({
5
+ name: z.string().optional(),
6
+ logo: z.string().url().optional(),
7
+ colors: colorsSchema.optional(),
8
+ links: z.array(linksSchema).optional(),
12
9
  });
13
10
  //# sourceMappingURL=branding.js.map
package/dist/customization/branding.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"branding.js","sourceRoot":"","sources":["../../src/customization/branding.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,2CAA0C;AAC1C,yCAAwC;AAE3B,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,wBAAY,CAAC,QAAQ,EAAE;IAC/B,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,sBAAW,CAAC,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { colorsSchema } from './colors.js'\nimport { linksSchema } from './links.js'\n\nexport const brandingSchema = z.object({\n name: z.string().optional(),\n logo: z.string().url().optional(),\n colors: colorsSchema.optional(),\n links: z.array(linksSchema).optional(),\n})\nexport type BrandingInput = z.input<typeof brandingSchema>\nexport type Branding = z.infer<typeof brandingSchema>\n"]}
1
+ {"version":3,"file":"branding.js","sourceRoot":"","sources":["../../src/customization/branding.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAExC,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACjC,MAAM,EAAE,YAAY,CAAC,QAAQ,EAAE;IAC/B,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { colorsSchema } from './colors.js'\nimport { linksSchema } from './links.js'\n\nexport const brandingSchema = z.object({\n name: z.string().optional(),\n logo: z.string().url().optional(),\n colors: colorsSchema.optional(),\n links: z.array(linksSchema).optional(),\n})\nexport type BrandingInput = z.input<typeof brandingSchema>\nexport type Branding = z.infer<typeof brandingSchema>\n"]}
package/dist/customization/build-customization-css.js CHANGED
@@ -1,9 +1,6 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.buildCustomizationCss = buildCustomizationCss;
4
- const color_js_1 = require("../lib/util/color.js");
5
- const colors_js_1 = require("./colors.js");
6
- function buildCustomizationCss({ branding, }) {
1
+ import { extractHue, hslToRgb, pickContrastColor, } from '../lib/util/color.js';
2
+ import { COLOR_NAMES } from './colors.js';
3
+ export function buildCustomizationCss({ branding, }) {
7
4
  const vars = Array.from(buildCustomizationVars(branding));
8
5
  if (vars.length)
9
6
  return `:root { ${vars.join(' ')} }`;
@@ -14,25 +11,25 @@ function* buildCustomizationVars(branding) {
14
11
  yield `--contrast-sat: ${contrastSaturation.toFixed(2)}%;`;
15
12
  const contrastLight = branding.colors.light ??
16
13
  // Corresponds to color-contrast-975
17
- (0, color_js_1.hslToRgb)({
14
+ hslToRgb({
18
15
  h: branding.colors.primaryHue ?? 0,
19
16
  s: contrastSaturation / 100,
20
17
  l: 0.07,
21
18
  });
22
19
  const contrastDark = branding.colors.dark ??
23
20
  // Corresponds to color-contrast-25
24
- (0, color_js_1.hslToRgb)({
21
+ hslToRgb({
25
22
  h: branding.colors.primaryHue ?? 0,
26
23
  s: contrastSaturation / 100,
27
24
  l: 0.953,
28
25
  });
29
- for (const name of colors_js_1.COLOR_NAMES) {
26
+ for (const name of COLOR_NAMES) {
30
27
  const value = branding.colors[name];
31
28
  if (!value)
32
29
  continue; // Skip missing colors
33
30
  const contrast = branding.colors[`${name}Contrast`] ??
34
- (0, color_js_1.pickContrastColor)(value, contrastLight, contrastDark);
35
- const hue = branding.colors[`${name}Hue`] ?? (0, color_js_1.extractHue)(value);
31
+ pickContrastColor(value, contrastLight, contrastDark);
32
+ const hue = branding.colors[`${name}Hue`] ?? extractHue(value);
36
33
  yield `--branding-color-${name}: ${value.r} ${value.g} ${value.b};`;
37
34
  yield `--branding-color-${name}-contrast: ${contrast.r} ${contrast.g} ${contrast.b};`;
38
35
  yield `--branding-color-${name}-hue: ${hue};`;
package/dist/customization/build-customization-css.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"build-customization-css.js","sourceRoot":"","sources":["../../src/customization/build-customization-css.ts"],"names":[],"mappings":";;AAUA,sDAKC;AAfD,mDAK6B;AAE7B,2CAAyC;AAGzC,SAAgB,qBAAqB,CAAC,EACpC,QAAQ,GACM;IACd,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAA;IACzD,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,WAAW,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAA;AACvD,CAAC;AAED,QAAQ,CAAC,CAAC,sBAAsB,CAAC,QAAmB;IAClD,IAAI,QAAQ,EAAE,MAAM,EAAE,CAAC;QACrB,MAAM,kBAAkB,GAAG,QAAQ,CAAC,MAAM,CAAC,kBAAkB,IAAI,EAAE,CAAA;QACnE,MAAM,mBAAmB,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;QAE1D,MAAM,aAAa,GACjB,QAAQ,CAAC,MAAM,CAAC,KAAK;YACrB,oCAAoC;YACpC,IAAA,mBAAQ,EAAC;gBACP,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC;gBAClC,CAAC,EAAE,kBAAkB,GAAG,GAAG;gBAC3B,CAAC,EAAE,IAAI;aACR,CAAC,CAAA;QACJ,MAAM,YAAY,GAChB,QAAQ,CAAC,MAAM,CAAC,IAAI;YACpB,mCAAmC;YACnC,IAAA,mBAAQ,EAAC;gBACP,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC;gBAClC,CAAC,EAAE,kBAAkB,GAAG,GAAG;gBAC3B,CAAC,EAAE,KAAK;aACT,CAAC,CAAA;QAEJ,KAAK,MAAM,IAAI,IAAI,uBAAW,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACnC,IAAI,CAAC,KAAK;gBAAE,SAAQ,CAAC,sBAAsB;YAE3C,MAAM,QAAQ,GACZ,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC;gBAClC,IAAA,4BAAiB,EAAC,KAAK,EAAE,aAAa,EAAE,YAAY,CAAC,CAAA;YAEvD,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,IAAI,IAAA,qBAAU,EAAC,KAAK,CAAC,CAAA;YAE9D,MAAM,oBAAoB,IAAI,KAAK,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,GAAG,CAAA;YACnE,MAAM,oBAAoB,IAAI,cAAc,QAAQ,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAA;YACrF,MAAM,oBAAoB,IAAI,SAAS,GAAG,GAAG,CAAA;QAC/C,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["import {\n RgbColor,\n extractHue,\n hslToRgb,\n pickContrastColor,\n} from '../lib/util/color.js'\nimport { Branding } from './branding.js'\nimport { COLOR_NAMES } from './colors.js'\nimport { Customization } from './customization.js'\n\nexport function buildCustomizationCss({\n branding,\n}: Customization): undefined | string {\n const vars = Array.from(buildCustomizationVars(branding))\n if (vars.length) return `:root { ${vars.join(' ')} }`\n}\n\nfunction* buildCustomizationVars(branding?: Branding): Generator<string> {\n if (branding?.colors) {\n const contrastSaturation = branding.colors.contrastSaturation ?? 30\n yield `--contrast-sat: ${contrastSaturation.toFixed(2)}%;`\n\n const contrastLight: RgbColor =\n branding.colors.light ??\n // Corresponds to color-contrast-975\n hslToRgb({\n h: branding.colors.primaryHue ?? 0,\n s: contrastSaturation / 100,\n l: 0.07,\n })\n const contrastDark: RgbColor =\n branding.colors.dark ??\n // Corresponds to color-contrast-25\n hslToRgb({\n h: branding.colors.primaryHue ?? 0,\n s: contrastSaturation / 100,\n l: 0.953,\n })\n\n for (const name of COLOR_NAMES) {\n const value = branding.colors[name]\n if (!value) continue // Skip missing colors\n\n const contrast =\n branding.colors[`${name}Contrast`] ??\n pickContrastColor(value, contrastLight, contrastDark)\n\n const hue = branding.colors[`${name}Hue`] ?? extractHue(value)\n\n yield `--branding-color-${name}: ${value.r} ${value.g} ${value.b};`\n yield `--branding-color-${name}-contrast: ${contrast.r} ${contrast.g} ${contrast.b};`\n yield `--branding-color-${name}-hue: ${hue};`\n }\n }\n}\n"]}
1
+ {"version":3,"file":"build-customization-css.js","sourceRoot":"","sources":["../../src/customization/build-customization-css.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,UAAU,EACV,QAAQ,EACR,iBAAiB,GAClB,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,UAAU,qBAAqB,CAAC,EACpC,QAAQ,GACM;IACd,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAA;IACzD,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,WAAW,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAA;AACvD,CAAC;AAED,QAAQ,CAAC,CAAC,sBAAsB,CAAC,QAAmB;IAClD,IAAI,QAAQ,EAAE,MAAM,EAAE,CAAC;QACrB,MAAM,kBAAkB,GAAG,QAAQ,CAAC,MAAM,CAAC,kBAAkB,IAAI,EAAE,CAAA;QACnE,MAAM,mBAAmB,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAA;QAE1D,MAAM,aAAa,GACjB,QAAQ,CAAC,MAAM,CAAC,KAAK;YACrB,oCAAoC;YACpC,QAAQ,CAAC;gBACP,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC;gBAClC,CAAC,EAAE,kBAAkB,GAAG,GAAG;gBAC3B,CAAC,EAAE,IAAI;aACR,CAAC,CAAA;QACJ,MAAM,YAAY,GAChB,QAAQ,CAAC,MAAM,CAAC,IAAI;YACpB,mCAAmC;YACnC,QAAQ,CAAC;gBACP,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC;gBAClC,CAAC,EAAE,kBAAkB,GAAG,GAAG;gBAC3B,CAAC,EAAE,KAAK;aACT,CAAC,CAAA;QAEJ,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACnC,IAAI,CAAC,KAAK;gBAAE,SAAQ,CAAC,sBAAsB;YAE3C,MAAM,QAAQ,GACZ,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC;gBAClC,iBAAiB,CAAC,KAAK,EAAE,aAAa,EAAE,YAAY,CAAC,CAAA;YAEvD,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAA;YAE9D,MAAM,oBAAoB,IAAI,KAAK,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,GAAG,CAAA;YACnE,MAAM,oBAAoB,IAAI,cAAc,QAAQ,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAA;YACrF,MAAM,oBAAoB,IAAI,SAAS,GAAG,GAAG,CAAA;QAC/C,CAAC;IACH,CAAC;AACH,CAAC","sourcesContent":["import {\n RgbColor,\n extractHue,\n hslToRgb,\n pickContrastColor,\n} from '../lib/util/color.js'\nimport { Branding } from './branding.js'\nimport { COLOR_NAMES } from './colors.js'\nimport { Customization } from './customization.js'\n\nexport function buildCustomizationCss({\n branding,\n}: Customization): undefined | string {\n const vars = Array.from(buildCustomizationVars(branding))\n if (vars.length) return `:root { ${vars.join(' ')} }`\n}\n\nfunction* buildCustomizationVars(branding?: Branding): Generator<string> {\n if (branding?.colors) {\n const contrastSaturation = branding.colors.contrastSaturation ?? 30\n yield `--contrast-sat: ${contrastSaturation.toFixed(2)}%;`\n\n const contrastLight: RgbColor =\n branding.colors.light ??\n // Corresponds to color-contrast-975\n hslToRgb({\n h: branding.colors.primaryHue ?? 0,\n s: contrastSaturation / 100,\n l: 0.07,\n })\n const contrastDark: RgbColor =\n branding.colors.dark ??\n // Corresponds to color-contrast-25\n hslToRgb({\n h: branding.colors.primaryHue ?? 0,\n s: contrastSaturation / 100,\n l: 0.953,\n })\n\n for (const name of COLOR_NAMES) {\n const value = branding.colors[name]\n if (!value) continue // Skip missing colors\n\n const contrast =\n branding.colors[`${name}Contrast`] ??\n pickContrastColor(value, contrastLight, contrastDark)\n\n const hue = branding.colors[`${name}Hue`] ?? extractHue(value)\n\n yield `--branding-color-${name}: ${value.r} ${value.g} ${value.b};`\n yield `--branding-color-${name}-contrast: ${contrast.r} ${contrast.g} ${contrast.b};`\n yield `--branding-color-${name}-hue: ${hue};`\n }\n }\n}\n"]}
package/dist/customization/build-customization-data.js CHANGED
@@ -1,7 +1,4 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.buildCustomizationData = buildCustomizationData;
4
- function buildCustomizationData({ branding, availableUserDomains, inviteCodeRequired, hcaptcha, }) {
1
+ export function buildCustomizationData({ branding, availableUserDomains, inviteCodeRequired, hcaptcha, }) {
5
2
  // @NOTE the front end does not need colors here as they will be injected as
6
3
  // CSS variables.
7
4
  // @NOTE We only copy the values explicitly needed to avoid leaking sensitive
package/dist/customization/build-customization-data.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"build-customization-data.js","sourceRoot":"","sources":["../../src/customization/build-customization-data.ts"],"names":[],"mappings":";;AAGA,wDAkBC;AAlBD,SAAgB,sBAAsB,CAAC,EACrC,QAAQ,EACR,oBAAoB,EACpB,kBAAkB,EAClB,QAAQ,GACM;IACd,4EAA4E;IAC5E,iBAAiB;IACjB,6EAA6E;IAC7E,6DAA6D;IAC7D,OAAO;QACL,oBAAoB;QACpB,kBAAkB;QAClB,eAAe,EAAE,QAAQ,EAAE,OAAO;QAClC,IAAI,EAAE,QAAQ,EAAE,IAAI;QACpB,IAAI,EAAE,QAAQ,EAAE,IAAI;QACpB,KAAK,EAAE,QAAQ,EAAE,KAAK;KACvB,CAAA;AACH,CAAC","sourcesContent":["import type { CustomizationData } from '@atproto/oauth-provider-api'\nimport type { Customization } from './customization.js'\n\nexport function buildCustomizationData({\n branding,\n availableUserDomains,\n inviteCodeRequired,\n hcaptcha,\n}: Customization): CustomizationData {\n // @NOTE the front end does not need colors here as they will be injected as\n // CSS variables.\n // @NOTE We only copy the values explicitly needed to avoid leaking sensitive\n // data (in case the caller passed more than what we expect).\n return {\n availableUserDomains,\n inviteCodeRequired,\n hcaptchaSiteKey: hcaptcha?.siteKey,\n name: branding?.name,\n logo: branding?.logo,\n links: branding?.links,\n }\n}\n"]}
1
+ {"version":3,"file":"build-customization-data.js","sourceRoot":"","sources":["../../src/customization/build-customization-data.ts"],"names":[],"mappings":"AAGA,MAAM,UAAU,sBAAsB,CAAC,EACrC,QAAQ,EACR,oBAAoB,EACpB,kBAAkB,EAClB,QAAQ,GACM;IACd,4EAA4E;IAC5E,iBAAiB;IACjB,6EAA6E;IAC7E,6DAA6D;IAC7D,OAAO;QACL,oBAAoB;QACpB,kBAAkB;QAClB,eAAe,EAAE,QAAQ,EAAE,OAAO;QAClC,IAAI,EAAE,QAAQ,EAAE,IAAI;QACpB,IAAI,EAAE,QAAQ,EAAE,IAAI;QACpB,KAAK,EAAE,QAAQ,EAAE,KAAK;KACvB,CAAA;AACH,CAAC","sourcesContent":["import type { CustomizationData } from '@atproto/oauth-provider-api'\nimport type { Customization } from './customization.js'\n\nexport function buildCustomizationData({\n branding,\n availableUserDomains,\n inviteCodeRequired,\n hcaptcha,\n}: Customization): CustomizationData {\n // @NOTE the front end does not need colors here as they will be injected as\n // CSS variables.\n // @NOTE We only copy the values explicitly needed to avoid leaking sensitive\n // data (in case the caller passed more than what we expect).\n return {\n availableUserDomains,\n inviteCodeRequired,\n hcaptchaSiteKey: hcaptcha?.siteKey,\n name: branding?.name,\n logo: branding?.logo,\n links: branding?.links,\n }\n}\n"]}
package/dist/customization/colors.js CHANGED
@@ -1,17 +1,14 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.colorsSchema = exports.COLOR_NAMES = void 0;
4
- const zod_1 = require("zod");
5
- const color_hue_js_1 = require("../types/color-hue.js");
6
- const rgb_color_js_1 = require("../types/rgb-color.js");
7
- exports.COLOR_NAMES = [
1
+ import { z } from 'zod';
2
+ import { colorHueSchema } from '../types/color-hue.js';
3
+ import { rgbColorSchema } from '../types/rgb-color.js';
4
+ export const COLOR_NAMES = [
8
5
  'primary',
9
6
  'error',
10
7
  'warning',
11
8
  'info',
12
9
  'success',
13
10
  ];
14
- exports.colorsSchema = zod_1.z
11
+ export const colorsSchema = z
15
12
  .object({
16
13
  // The "light" and "dark" colors are used as default for unspecified
17
14
  // contrast colors. The color that has the highest contrast ratio with the
@@ -19,16 +16,16 @@ exports.colorsSchema = zod_1.z
19
16
  // "primaryContrast" is not, then the contrast color will be either "light"
20
17
  // or "dark" depending on which one has the highest contrast ratio with
21
18
  // "primary".
22
- light: rgb_color_js_1.rgbColorSchema.optional(),
23
- dark: rgb_color_js_1.rgbColorSchema.optional(),
19
+ light: rgbColorSchema.optional(),
20
+ dark: rgbColorSchema.optional(),
24
21
  // The "contrastSaturation" is used to compute the saturation of the
25
22
  // "contrast" color. The "contrast" color is a (dynamic) color derived from
26
23
  // the "primaryHue" color with the specified saturation and a variable
27
24
  // lightness. "color-contrast-900" is used for default text, while
28
25
  // "color-contrast-0" is used for the page background.
29
- contrastSaturation: zod_1.z.number().min(0).max(100).optional(),
26
+ contrastSaturation: z.number().min(0).max(100).optional(),
30
27
  })
31
- .extend(Object.fromEntries(exports.COLOR_NAMES.map((name) => [name, rgb_color_js_1.rgbColorSchema.optional()])))
32
- .extend(Object.fromEntries(exports.COLOR_NAMES.map((name) => [`${name}Contrast`, rgb_color_js_1.rgbColorSchema.optional()])))
33
- .extend(Object.fromEntries(exports.COLOR_NAMES.map((name) => [`${name}Hue`, color_hue_js_1.colorHueSchema.optional()])));
28
+ .extend(Object.fromEntries(COLOR_NAMES.map((name) => [name, rgbColorSchema.optional()])))
29
+ .extend(Object.fromEntries(COLOR_NAMES.map((name) => [`${name}Contrast`, rgbColorSchema.optional()])))
30
+ .extend(Object.fromEntries(COLOR_NAMES.map((name) => [`${name}Hue`, colorHueSchema.optional()])));
34
31
  //# sourceMappingURL=colors.js.map
package/dist/customization/colors.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"colors.js","sourceRoot":"","sources":["../../src/customization/colors.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,wDAAsD;AACtD,wDAAsD;AAEzC,QAAA,WAAW,GAAG;IACzB,SAAS;IACT,OAAO;IACP,SAAS;IACT,MAAM;IACN,SAAS;CACD,CAAA;AAGG,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,CAAC;IACN,oEAAoE;IACpE,0EAA0E;IAC1E,8DAA8D;IAC9D,2EAA2E;IAC3E,uEAAuE;IACvE,aAAa;IACb,KAAK,EAAE,6BAAc,CAAC,QAAQ,EAAE;IAChC,IAAI,EAAE,6BAAc,CAAC,QAAQ,EAAE;IAE/B,oEAAoE;IACpE,2EAA2E;IAC3E,sEAAsE;IACtE,kEAAkE;IAClE,sDAAsD;IACtD,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;CAC1D,CAAC;KACD,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,mBAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,6BAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CAC7D;KACA,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,mBAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,UAAU,EAAE,6BAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CAC1E;KACA,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,mBAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,KAAK,EAAE,6BAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CACrE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { colorHueSchema } from '../types/color-hue.js'\nimport { rgbColorSchema } from '../types/rgb-color.js'\n\nexport const COLOR_NAMES = [\n 'primary',\n 'error',\n 'warning',\n 'info',\n 'success',\n] as const\nexport type ColorName = (typeof COLOR_NAMES)[number]\n\nexport const colorsSchema = z\n .object({\n // The \"light\" and \"dark\" colors are used as default for unspecified\n // contrast colors. The color that has the highest contrast ratio with the\n // color base will be used. e.G. If \"primary\" is specified but\n // \"primaryContrast\" is not, then the contrast color will be either \"light\"\n // or \"dark\" depending on which one has the highest contrast ratio with\n // \"primary\".\n light: rgbColorSchema.optional(),\n dark: rgbColorSchema.optional(),\n\n // The \"contrastSaturation\" is used to compute the saturation of the\n // \"contrast\" color. The \"contrast\" color is a (dynamic) color derived from\n // the \"primaryHue\" color with the specified saturation and a variable\n // lightness. \"color-contrast-900\" is used for default text, while\n // \"color-contrast-0\" is used for the page background.\n contrastSaturation: z.number().min(0).max(100).optional(),\n })\n .extend(\n Object.fromEntries(\n COLOR_NAMES.map((name) => [name, rgbColorSchema.optional()]),\n ) as Record<ColorName, z.ZodOptional<typeof rgbColorSchema>>,\n )\n .extend(\n Object.fromEntries(\n COLOR_NAMES.map((name) => [`${name}Contrast`, rgbColorSchema.optional()]),\n ) as Record<`${ColorName}Contrast`, z.ZodOptional<typeof rgbColorSchema>>,\n )\n .extend(\n Object.fromEntries(\n COLOR_NAMES.map((name) => [`${name}Hue`, colorHueSchema.optional()]),\n ) as Record<`${ColorName}Hue`, z.ZodOptional<typeof colorHueSchema>>,\n )\n\nexport type Colors = z.infer<typeof colorsSchema>\n"]}
1
+ {"version":3,"file":"colors.js","sourceRoot":"","sources":["../../src/customization/colors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAEtD,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,SAAS;IACT,OAAO;IACP,SAAS;IACT,MAAM;IACN,SAAS;CACD,CAAA;AAGV,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,oEAAoE;IACpE,0EAA0E;IAC1E,8DAA8D;IAC9D,2EAA2E;IAC3E,uEAAuE;IACvE,aAAa;IACb,KAAK,EAAE,cAAc,CAAC,QAAQ,EAAE;IAChC,IAAI,EAAE,cAAc,CAAC,QAAQ,EAAE;IAE/B,oEAAoE;IACpE,2EAA2E;IAC3E,sEAAsE;IACtE,kEAAkE;IAClE,sDAAsD;IACtD,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;CAC1D,CAAC;KACD,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CAC7D;KACA,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,UAAU,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CAC1E;KACA,MAAM,CACL,MAAM,CAAC,WAAW,CAChB,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,KAAK,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC,CACF,CACrE,CAAA","sourcesContent":["import { z } from 'zod'\nimport { colorHueSchema } from '../types/color-hue.js'\nimport { rgbColorSchema } from '../types/rgb-color.js'\n\nexport const COLOR_NAMES = [\n 'primary',\n 'error',\n 'warning',\n 'info',\n 'success',\n] as const\nexport type ColorName = (typeof COLOR_NAMES)[number]\n\nexport const colorsSchema = z\n .object({\n // The \"light\" and \"dark\" colors are used as default for unspecified\n // contrast colors. The color that has the highest contrast ratio with the\n // color base will be used. e.G. If \"primary\" is specified but\n // \"primaryContrast\" is not, then the contrast color will be either \"light\"\n // or \"dark\" depending on which one has the highest contrast ratio with\n // \"primary\".\n light: rgbColorSchema.optional(),\n dark: rgbColorSchema.optional(),\n\n // The \"contrastSaturation\" is used to compute the saturation of the\n // \"contrast\" color. The \"contrast\" color is a (dynamic) color derived from\n // the \"primaryHue\" color with the specified saturation and a variable\n // lightness. \"color-contrast-900\" is used for default text, while\n // \"color-contrast-0\" is used for the page background.\n contrastSaturation: z.number().min(0).max(100).optional(),\n })\n .extend(\n Object.fromEntries(\n COLOR_NAMES.map((name) => [name, rgbColorSchema.optional()]),\n ) as Record<ColorName, z.ZodOptional<typeof rgbColorSchema>>,\n )\n .extend(\n Object.fromEntries(\n COLOR_NAMES.map((name) => [`${name}Contrast`, rgbColorSchema.optional()]),\n ) as Record<`${ColorName}Contrast`, z.ZodOptional<typeof rgbColorSchema>>,\n )\n .extend(\n Object.fromEntries(\n COLOR_NAMES.map((name) => [`${name}Hue`, colorHueSchema.optional()]),\n ) as Record<`${ColorName}Hue`, z.ZodOptional<typeof colorHueSchema>>,\n )\n\nexport type Colors = z.infer<typeof colorsSchema>\n"]}
package/dist/customization/customization.js CHANGED
@@ -1,26 +1,23 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.customizationSchema = void 0;
4
- const zod_1 = require("zod");
5
- const hcaptcha_js_1 = require("../lib/hcaptcha.js");
6
- const branding_js_1 = require("./branding.js");
7
- exports.customizationSchema = zod_1.z.object({
1
+ import { z } from 'zod';
2
+ import { hcaptchaConfigSchema } from '../lib/hcaptcha.js';
3
+ import { brandingSchema } from './branding.js';
4
+ export const customizationSchema = z.object({
8
5
  /**
9
6
  * Available user domains that can be used to sign up. A non-empty array
10
7
  * is required to enable the sign-up feature.
11
8
  */
12
- availableUserDomains: zod_1.z.array(zod_1.z.string()).optional(),
9
+ availableUserDomains: z.array(z.string()).optional(),
13
10
  /**
14
11
  * UI customizations
15
12
  */
16
- branding: branding_js_1.brandingSchema.optional(),
13
+ branding: brandingSchema.optional(),
17
14
  /**
18
15
  * Is an invite code required to sign up?
19
16
  */
20
- inviteCodeRequired: zod_1.z.boolean().optional(),
17
+ inviteCodeRequired: z.boolean().optional(),
21
18
  /**
22
19
  * Enables hCaptcha during sign-up.
23
20
  */
24
- hcaptcha: hcaptcha_js_1.hcaptchaConfigSchema.optional(),
21
+ hcaptcha: hcaptchaConfigSchema.optional(),
25
22
  });
26
23
  //# sourceMappingURL=customization.js.map
package/dist/customization/customization.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"customization.js","sourceRoot":"","sources":["../../src/customization/customization.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,oDAAyD;AACzD,+CAA8C;AAEjC,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C;;;OAGG;IACH,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD;;OAEG;IACH,QAAQ,EAAE,4BAAc,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,kBAAkB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,QAAQ,EAAE,kCAAoB,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { hcaptchaConfigSchema } from '../lib/hcaptcha.js'\nimport { brandingSchema } from './branding.js'\n\nexport const customizationSchema = z.object({\n /**\n * Available user domains that can be used to sign up. A non-empty array\n * is required to enable the sign-up feature.\n */\n availableUserDomains: z.array(z.string()).optional(),\n /**\n * UI customizations\n */\n branding: brandingSchema.optional(),\n /**\n * Is an invite code required to sign up?\n */\n inviteCodeRequired: z.boolean().optional(),\n /**\n * Enables hCaptcha during sign-up.\n */\n hcaptcha: hcaptchaConfigSchema.optional(),\n})\nexport type CustomizationInput = z.input<typeof customizationSchema>\nexport type Customization = z.infer<typeof customizationSchema>\n"]}
1
+ {"version":3,"file":"customization.js","sourceRoot":"","sources":["../../src/customization/customization.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAA;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAE9C,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C;;;OAGG;IACH,oBAAoB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD;;OAEG;IACH,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,QAAQ,EAAE,oBAAoB,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { hcaptchaConfigSchema } from '../lib/hcaptcha.js'\nimport { brandingSchema } from './branding.js'\n\nexport const customizationSchema = z.object({\n /**\n * Available user domains that can be used to sign up. A non-empty array\n * is required to enable the sign-up feature.\n */\n availableUserDomains: z.array(z.string()).optional(),\n /**\n * UI customizations\n */\n branding: brandingSchema.optional(),\n /**\n * Is an invite code required to sign up?\n */\n inviteCodeRequired: z.boolean().optional(),\n /**\n * Enables hCaptcha during sign-up.\n */\n hcaptcha: hcaptchaConfigSchema.optional(),\n})\nexport type CustomizationInput = z.input<typeof customizationSchema>\nexport type Customization = z.infer<typeof customizationSchema>\n"]}
package/dist/customization/links.js CHANGED
@@ -1,12 +1,9 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.linksSchema = void 0;
4
- const zod_1 = require("zod");
5
- const build_document_js_1 = require("../lib/html/build-document.js");
6
- const locale_js_1 = require("../lib/util/locale.js");
7
- exports.linksSchema = zod_1.z.object({
8
- title: zod_1.z.union([zod_1.z.string(), locale_js_1.multiLangStringSchema]),
9
- href: zod_1.z.string().url(),
10
- rel: zod_1.z.string().refine(build_document_js_1.isLinkRel, 'Invalid link rel').optional(),
1
+ import { z } from 'zod';
2
+ import { isLinkRel } from '../lib/html/build-document.js';
3
+ import { multiLangStringSchema } from '../lib/util/locale.js';
4
+ export const linksSchema = z.object({
5
+ title: z.union([z.string(), multiLangStringSchema]),
6
+ href: z.string().url(),
7
+ rel: z.string().refine(isLinkRel, 'Invalid link rel').optional(),
11
8
  });
12
9
  //# sourceMappingURL=links.js.map
package/dist/customization/links.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"links.js","sourceRoot":"","sources":["../../src/customization/links.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,qEAAyD;AACzD,qDAA6D;AAEhD,QAAA,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,iCAAqB,CAAC,CAAC;IACnD,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACtB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,6BAAS,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE;CACjE,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { isLinkRel } from '../lib/html/build-document.js'\nimport { multiLangStringSchema } from '../lib/util/locale.js'\n\nexport const linksSchema = z.object({\n title: z.union([z.string(), multiLangStringSchema]),\n href: z.string().url(),\n rel: z.string().refine(isLinkRel, 'Invalid link rel').optional(),\n})\nexport type Links = z.infer<typeof linksSchema>\n"]}
1
+ {"version":3,"file":"links.js","sourceRoot":"","sources":["../../src/customization/links.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,SAAS,EAAE,MAAM,+BAA+B,CAAA;AACzD,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAE7D,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,qBAAqB,CAAC,CAAC;IACnD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACtB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE;CACjE,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { isLinkRel } from '../lib/html/build-document.js'\nimport { multiLangStringSchema } from '../lib/util/locale.js'\n\nexport const linksSchema = z.object({\n title: z.union([z.string(), multiLangStringSchema]),\n href: z.string().url(),\n rel: z.string().refine(isLinkRel, 'Invalid link rel').optional(),\n})\nexport type Links = z.infer<typeof linksSchema>\n"]}
package/dist/device/device-data.js CHANGED
@@ -1,12 +1,9 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.deviceDataSchema = void 0;
4
- const zod_1 = require("zod");
5
- const session_id_js_1 = require("./session-id.js");
6
- exports.deviceDataSchema = zod_1.z.object({
7
- sessionId: session_id_js_1.sessionIdSchema,
8
- lastSeenAt: zod_1.z.date(),
9
- userAgent: zod_1.z.string().nullable(),
10
- ipAddress: zod_1.z.string(),
1
+ import { z } from 'zod';
2
+ import { sessionIdSchema } from './session-id.js';
3
+ export const deviceDataSchema = z.object({
4
+ sessionId: sessionIdSchema,
5
+ lastSeenAt: z.date(),
6
+ userAgent: z.string().nullable(),
7
+ ipAddress: z.string(),
11
8
  });
12
9
  //# sourceMappingURL=device-data.js.map
package/dist/device/device-data.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"device-data.js","sourceRoot":"","sources":["../../src/device/device-data.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,mDAAiD;AAEpC,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,+BAAe;IAC1B,UAAU,EAAE,OAAC,CAAC,IAAI,EAAE;IACpB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { sessionIdSchema } from './session-id.js'\n\nexport const deviceDataSchema = z.object({\n sessionId: sessionIdSchema,\n lastSeenAt: z.date(),\n userAgent: z.string().nullable(),\n ipAddress: z.string(),\n})\n\nexport type DeviceData = z.infer<typeof deviceDataSchema>\n"]}
1
+ {"version":3,"file":"device-data.js","sourceRoot":"","sources":["../../src/device/device-data.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAEjD,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,SAAS,EAAE,eAAe;IAC1B,UAAU,EAAE,CAAC,CAAC,IAAI,EAAE;IACpB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { sessionIdSchema } from './session-id.js'\n\nexport const deviceDataSchema = z.object({\n sessionId: sessionIdSchema,\n lastSeenAt: z.date(),\n userAgent: z.string().nullable(),\n ipAddress: z.string(),\n})\n\nexport type DeviceData = z.infer<typeof deviceDataSchema>\n"]}
package/dist/device/device-id.js CHANGED
@@ -1,22 +1,17 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.generateDeviceId = exports.deviceIdSchema = exports.DEVICE_ID_LENGTH = void 0;
4
- exports.isDeviceId = isDeviceId;
5
- const zod_1 = require("zod");
6
- const constants_js_1 = require("../constants.js");
7
- const crypto_js_1 = require("../lib/util/crypto.js");
8
- exports.DEVICE_ID_LENGTH = constants_js_1.DEVICE_ID_PREFIX.length + constants_js_1.DEVICE_ID_BYTES_LENGTH * 2; // hex encoding
9
- exports.deviceIdSchema = zod_1.z
1
+ import { z } from 'zod';
2
+ import { DEVICE_ID_BYTES_LENGTH, DEVICE_ID_PREFIX } from '../constants.js';
3
+ import { randomHexId } from '../lib/util/crypto.js';
4
+ export const DEVICE_ID_LENGTH = DEVICE_ID_PREFIX.length + DEVICE_ID_BYTES_LENGTH * 2; // hex encoding
5
+ export const deviceIdSchema = z
10
6
  .string()
11
- .length(exports.DEVICE_ID_LENGTH)
12
- .refine((v) => v.startsWith(constants_js_1.DEVICE_ID_PREFIX), {
7
+ .length(DEVICE_ID_LENGTH)
8
+ .refine((v) => v.startsWith(DEVICE_ID_PREFIX), {
13
9
  message: `Invalid device ID format`,
14
10
  });
15
- function isDeviceId(value) {
16
- return exports.deviceIdSchema.safeParse(value).success;
11
+ export function isDeviceId(value) {
12
+ return deviceIdSchema.safeParse(value).success;
17
13
  }
18
- const generateDeviceId = async () => {
19
- return `${constants_js_1.DEVICE_ID_PREFIX}${await (0, crypto_js_1.randomHexId)(constants_js_1.DEVICE_ID_BYTES_LENGTH)}`;
14
+ export const generateDeviceId = async () => {
15
+ return `${DEVICE_ID_PREFIX}${await randomHexId(DEVICE_ID_BYTES_LENGTH)}`;
20
16
  };
21
- exports.generateDeviceId = generateDeviceId;
22
17
  //# sourceMappingURL=device-id.js.map
package/dist/device/device-id.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"device-id.js","sourceRoot":"","sources":["../../src/device/device-id.ts"],"names":[],"mappings":";;;AAoBA,gCAEC;AAtBD,6BAAuB;AACvB,kDAA0E;AAC1E,qDAAmD;AAEtC,QAAA,gBAAgB,GAC3B,+BAAgB,CAAC,MAAM,GAAG,qCAAsB,GAAG,CAAC,CAAA,CAAC,eAAe;AAEzD,QAAA,cAAc,GAAG,OAAC;KAC5B,MAAM,EAAE;KACR,MAAM,CAAC,wBAAgB,CAAC;KACxB,MAAM,CACL,CAAC,CAAC,EAA8C,EAAE,CAChD,CAAC,CAAC,UAAU,CAAC,+BAAgB,CAAC,EAChC;IACE,OAAO,EAAE,0BAA0B;CACpC,CACF,CAAA;AAIH,SAAgB,UAAU,CAAC,KAAc;IACvC,OAAO,sBAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AAChD,CAAC;AAEM,MAAM,gBAAgB,GAAG,KAAK,IAAuB,EAAE;IAC5D,OAAO,GAAG,+BAAgB,GAAG,MAAM,IAAA,uBAAW,EAAC,qCAAsB,CAAC,EAAE,CAAA;AAC1E,CAAC,CAAA;AAFY,QAAA,gBAAgB,oBAE5B","sourcesContent":["import { z } from 'zod'\nimport { DEVICE_ID_BYTES_LENGTH, DEVICE_ID_PREFIX } from '../constants.js'\nimport { randomHexId } from '../lib/util/crypto.js'\n\nexport const DEVICE_ID_LENGTH =\n DEVICE_ID_PREFIX.length + DEVICE_ID_BYTES_LENGTH * 2 // hex encoding\n\nexport const deviceIdSchema = z\n .string()\n .length(DEVICE_ID_LENGTH)\n .refine(\n (v): v is `${typeof DEVICE_ID_PREFIX}${string}` =>\n v.startsWith(DEVICE_ID_PREFIX),\n {\n message: `Invalid device ID format`,\n },\n )\n\nexport type DeviceId = z.infer<typeof deviceIdSchema>\n\nexport function isDeviceId(value: unknown): value is DeviceId {\n return deviceIdSchema.safeParse(value).success\n}\n\nexport const generateDeviceId = async (): Promise<DeviceId> => {\n return `${DEVICE_ID_PREFIX}${await randomHexId(DEVICE_ID_BYTES_LENGTH)}`\n}\n"]}
1
+ {"version":3,"file":"device-id.js","sourceRoot":"","sources":["../../src/device/device-id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAC1E,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAEnD,MAAM,CAAC,MAAM,gBAAgB,GAC3B,gBAAgB,CAAC,MAAM,GAAG,sBAAsB,GAAG,CAAC,CAAA,CAAC,eAAe;AAEtE,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC;KAC5B,MAAM,EAAE;KACR,MAAM,CAAC,gBAAgB,CAAC;KACxB,MAAM,CACL,CAAC,CAAC,EAA8C,EAAE,CAChD,CAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAChC;IACE,OAAO,EAAE,0BAA0B;CACpC,CACF,CAAA;AAIH,MAAM,UAAU,UAAU,CAAC,KAAc;IACvC,OAAO,cAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AAChD,CAAC;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,KAAK,IAAuB,EAAE;IAC5D,OAAO,GAAG,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAAC,EAAE,CAAA;AAC1E,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { DEVICE_ID_BYTES_LENGTH, DEVICE_ID_PREFIX } from '../constants.js'\nimport { randomHexId } from '../lib/util/crypto.js'\n\nexport const DEVICE_ID_LENGTH =\n DEVICE_ID_PREFIX.length + DEVICE_ID_BYTES_LENGTH * 2 // hex encoding\n\nexport const deviceIdSchema = z\n .string()\n .length(DEVICE_ID_LENGTH)\n .refine(\n (v): v is `${typeof DEVICE_ID_PREFIX}${string}` =>\n v.startsWith(DEVICE_ID_PREFIX),\n {\n message: `Invalid device ID format`,\n },\n )\n\nexport type DeviceId = z.infer<typeof deviceIdSchema>\n\nexport function isDeviceId(value: unknown): value is DeviceId {\n return deviceIdSchema.safeParse(value).success\n}\n\nexport const generateDeviceId = async (): Promise<DeviceId> => {\n return `${DEVICE_ID_PREFIX}${await randomHexId(DEVICE_ID_BYTES_LENGTH)}`\n}\n"]}