@atproto/oauth-provider 0.16.5 → 0.17.0

package/dist/router/assets/csrf.js

@@ -1,16 +1,7 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.setupCsrfToken = setupCsrfToken;
-exports.validateCsrfToken = validateCsrfToken;
-exports.getCookieCsrf = getCookieCsrf;
-exports.getHeadersCsrf = getHeadersCsrf;
-const http_errors_1 = __importDefault(require("http-errors"));
-const oauth_provider_api_1 = require("@atproto/oauth-provider-api");
-const index_js_1 = require("../../lib/http/index.js");
-const crypto_js_1 = require("../../lib/util/crypto.js");
+import createHttpError from 'http-errors';
+import { CSRF_COOKIE_NAME, CSRF_HEADER_NAME } from '@atproto/oauth-provider-api';
+import { getCookie, setCookie, } from '../../lib/http/index.js';
+import { randomHexId } from '../../lib/util/crypto.js';
 const TOKEN_BYTE_LENGTH = 12;
 const TOKEN_LENGTH = TOKEN_BYTE_LENGTH * 2; // 2 hex chars per byte
 // @NOTE Cookie based CSRF protection is redundant with session cookies using
@@ -23,38 +14,38 @@ const CSRF_COOKIE_OPTIONS = {
     path: `/`,
 };
 async function generateCsrfToken() {
-    return (0, crypto_js_1.randomHexId)(TOKEN_BYTE_LENGTH);
+    return randomHexId(TOKEN_BYTE_LENGTH);
 }
-async function setupCsrfToken(req, res) {
+export async function setupCsrfToken(req, res) {
     const token = getCookieCsrf(req) || (await generateCsrfToken());
     // Refresh cookie (See Chrome's "Lax+POST" behavior)
-    (0, index_js_1.setCookie)(res, oauth_provider_api_1.CSRF_COOKIE_NAME, token, CSRF_COOKIE_OPTIONS);
+    setCookie(res, CSRF_COOKIE_NAME, token, CSRF_COOKIE_OPTIONS);
 }
-async function validateCsrfToken(req, res) {
+export async function validateCsrfToken(req, res) {
     const cookieValue = getCookieCsrf(req);
     const headerValue = getHeadersCsrf(req);
     // Refresh cookie (See Chrome's "Lax+POST" behavior), or set a new one,
     // allowing clients to retry with the new token.
-    (0, index_js_1.setCookie)(res, oauth_provider_api_1.CSRF_COOKIE_NAME, cookieValue || (await generateCsrfToken()), CSRF_COOKIE_OPTIONS);
+    setCookie(res, CSRF_COOKIE_NAME, cookieValue || (await generateCsrfToken()), CSRF_COOKIE_OPTIONS);
     if (!headerValue) {
-        throw (0, http_errors_1.default)(400, `Missing CSRF header`);
+        throw createHttpError(400, `Missing CSRF header`);
     }
     if (!cookieValue) {
-        throw (0, http_errors_1.default)(400, `Missing CSRF cookie`);
+        throw createHttpError(400, `Missing CSRF cookie`);
     }
     if (cookieValue !== headerValue) {
-        throw (0, http_errors_1.default)(400, `CSRF mismatch`);
+        throw createHttpError(400, `CSRF mismatch`);
     }
 }
-function getCookieCsrf(req) {
-    const cookieValue = (0, index_js_1.getCookie)(req, oauth_provider_api_1.CSRF_COOKIE_NAME);
+export function getCookieCsrf(req) {
+    const cookieValue = getCookie(req, CSRF_COOKIE_NAME);
     if (cookieValue?.length === TOKEN_LENGTH) {
         return cookieValue;
     }
     return undefined;
 }
-function getHeadersCsrf(req) {
-    const headerValue = req.headers[oauth_provider_api_1.CSRF_HEADER_NAME];
+export function getHeadersCsrf(req) {
+    const headerValue = req.headers[CSRF_HEADER_NAME];
     if (typeof headerValue === 'string' && headerValue.length === TOKEN_LENGTH) {
         return headerValue;
     }

package/dist/router/assets/csrf.js.map

@@ -1 +1 @@
-{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../../../src/router/assets/csrf.ts"],"names":[],"mappings":";;;;;AA2BA,wCAQC;AAED,8CAyBC;AAED,sCAMC;AAED,wCAMC;AA7ED,8DAAyC;AACzC,oEAAgF;AAChF,sDAIgC;AAChC,wDAAsD;AAEtD,MAAM,iBAAiB,GAAG,EAAE,CAAA;AAC5B,MAAM,YAAY,GAAG,iBAAiB,GAAG,CAAC,CAAA,CAAC,uBAAuB;AAElE,6EAA6E;AAC7E,0DAA0D;AAC1D,MAAM,mBAAmB,GAAqC;IAC5D,OAAO,EAAE,SAAS,EAAE,mBAAmB;IACvC,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,KAAK,EAAE,wCAAwC;IACzD,QAAQ,EAAE,KAAK;IACf,IAAI,EAAE,GAAG;CACV,CAAA;AAED,KAAK,UAAU,iBAAiB;IAC9B,OAAO,IAAA,uBAAW,EAAC,iBAAiB,CAAC,CAAA;AACvC,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,GAAoB,EACpB,GAAmB;IAEnB,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,iBAAiB,EAAE,CAAC,CAAA;IAE/D,oDAAoD;IACpD,IAAA,oBAAS,EAAC,GAAG,EAAE,qCAAgB,EAAE,KAAK,EAAE,mBAAmB,CAAC,CAAA;AAC9D,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB;IAEnB,MAAM,WAAW,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA;IACtC,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;IAEvC,uEAAuE;IACvE,gDAAgD;IAChD,IAAA,oBAAS,EACP,GAAG,EACH,qCAAgB,EAChB,WAAW,IAAI,CAAC,MAAM,iBAAiB,EAAE,CAAC,EAC1C,mBAAmB,CACpB,CAAA;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAA,qBAAe,EAAC,GAAG,EAAE,qBAAqB,CAAC,CAAA;IACnD,CAAC;IACD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAA,qBAAe,EAAC,GAAG,EAAE,qBAAqB,CAAC,CAAA;IACnD,CAAC;IACD,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,IAAA,qBAAe,EAAC,GAAG,EAAE,eAAe,CAAC,CAAA;IAC7C,CAAC;AACH,CAAC;AAED,SAAgB,aAAa,CAAC,GAAoB;IAChD,MAAM,WAAW,GAAG,IAAA,oBAAS,EAAC,GAAG,EAAE,qCAAgB,CAAC,CAAA;IACpD,IAAI,WAAW,EAAE,MAAM,KAAK,YAAY,EAAE,CAAC;QACzC,OAAO,WAAW,CAAA;IACpB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAgB,cAAc,CAAC,GAAoB;IACjD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,qCAAgB,CAAC,CAAA;IACjD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QAC3E,OAAO,WAAW,CAAA;IACpB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport createHttpError from 'http-errors'\nimport { CSRF_COOKIE_NAME, CSRF_HEADER_NAME } from '@atproto/oauth-provider-api'\nimport {\n  CookieSerializeOptions,\n  getCookie,\n  setCookie,\n} from '../../lib/http/index.js'\nimport { randomHexId } from '../../lib/util/crypto.js'\n\nconst TOKEN_BYTE_LENGTH = 12\nconst TOKEN_LENGTH = TOKEN_BYTE_LENGTH * 2 // 2 hex chars per byte\n\n// @NOTE Cookie based CSRF protection is redundant with session cookies using\n// `SameSite` and could probably be removed in the future.\nconst CSRF_COOKIE_OPTIONS: Readonly<CookieSerializeOptions> = {\n  expires: undefined, // \"session\" cookie\n  secure: true,\n  httpOnly: false, // Need to be accessible from JavaScript\n  sameSite: 'lax',\n  path: `/`,\n}\n\nasync function generateCsrfToken() {\n  return randomHexId(TOKEN_BYTE_LENGTH)\n}\n\nexport async function setupCsrfToken(\n  req: IncomingMessage,\n  res: ServerResponse,\n): Promise<void> {\n  const token = getCookieCsrf(req) || (await generateCsrfToken())\n\n  // Refresh cookie (See Chrome's \"Lax+POST\" behavior)\n  setCookie(res, CSRF_COOKIE_NAME, token, CSRF_COOKIE_OPTIONS)\n}\n\nexport async function validateCsrfToken(\n  req: IncomingMessage,\n  res: ServerResponse,\n) {\n  const cookieValue = getCookieCsrf(req)\n  const headerValue = getHeadersCsrf(req)\n\n  // Refresh cookie (See Chrome's \"Lax+POST\" behavior), or set a new one,\n  // allowing clients to retry with the new token.\n  setCookie(\n    res,\n    CSRF_COOKIE_NAME,\n    cookieValue || (await generateCsrfToken()),\n    CSRF_COOKIE_OPTIONS,\n  )\n\n  if (!headerValue) {\n    throw createHttpError(400, `Missing CSRF header`)\n  }\n  if (!cookieValue) {\n    throw createHttpError(400, `Missing CSRF cookie`)\n  }\n  if (cookieValue !== headerValue) {\n    throw createHttpError(400, `CSRF mismatch`)\n  }\n}\n\nexport function getCookieCsrf(req: IncomingMessage) {\n  const cookieValue = getCookie(req, CSRF_COOKIE_NAME)\n  if (cookieValue?.length === TOKEN_LENGTH) {\n    return cookieValue\n  }\n  return undefined\n}\n\nexport function getHeadersCsrf(req: IncomingMessage) {\n  const headerValue = req.headers[CSRF_HEADER_NAME]\n  if (typeof headerValue === 'string' && headerValue.length === TOKEN_LENGTH) {\n    return headerValue\n  }\n  return undefined\n}\n"]}
+{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../../../src/router/assets/csrf.ts"],"names":[],"mappings":"AACA,OAAO,eAAe,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAChF,OAAO,EAEL,SAAS,EACT,SAAS,GACV,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAA;AAEtD,MAAM,iBAAiB,GAAG,EAAE,CAAA;AAC5B,MAAM,YAAY,GAAG,iBAAiB,GAAG,CAAC,CAAA,CAAC,uBAAuB;AAElE,6EAA6E;AAC7E,0DAA0D;AAC1D,MAAM,mBAAmB,GAAqC;IAC5D,OAAO,EAAE,SAAS,EAAE,mBAAmB;IACvC,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,KAAK,EAAE,wCAAwC;IACzD,QAAQ,EAAE,KAAK;IACf,IAAI,EAAE,GAAG;CACV,CAAA;AAED,KAAK,UAAU,iBAAiB;IAC9B,OAAO,WAAW,CAAC,iBAAiB,CAAC,CAAA;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAoB,EACpB,GAAmB;IAEnB,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,iBAAiB,EAAE,CAAC,CAAA;IAE/D,oDAAoD;IACpD,SAAS,CAAC,GAAG,EAAE,gBAAgB,EAAE,KAAK,EAAE,mBAAmB,CAAC,CAAA;AAC9D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB;IAEnB,MAAM,WAAW,GAAG,aAAa,CAAC,GAAG,CAAC,CAAA;IACtC,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;IAEvC,uEAAuE;IACvE,gDAAgD;IAChD,SAAS,CACP,GAAG,EACH,gBAAgB,EAChB,WAAW,IAAI,CAAC,MAAM,iBAAiB,EAAE,CAAC,EAC1C,mBAAmB,CACpB,CAAA;IAED,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,eAAe,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAA;IACnD,CAAC;IACD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,eAAe,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAA;IACnD,CAAC;IACD,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,eAAe,CAAC,GAAG,EAAE,eAAe,CAAC,CAAA;IAC7C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAoB;IAChD,MAAM,WAAW,GAAG,SAAS,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAA;IACpD,IAAI,WAAW,EAAE,MAAM,KAAK,YAAY,EAAE,CAAC;QACzC,OAAO,WAAW,CAAA;IACpB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAoB;IACjD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACjD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QAC3E,OAAO,WAAW,CAAA;IACpB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport createHttpError from 'http-errors'\nimport { CSRF_COOKIE_NAME, CSRF_HEADER_NAME } from '@atproto/oauth-provider-api'\nimport {\n  CookieSerializeOptions,\n  getCookie,\n  setCookie,\n} from '../../lib/http/index.js'\nimport { randomHexId } from '../../lib/util/crypto.js'\n\nconst TOKEN_BYTE_LENGTH = 12\nconst TOKEN_LENGTH = TOKEN_BYTE_LENGTH * 2 // 2 hex chars per byte\n\n// @NOTE Cookie based CSRF protection is redundant with session cookies using\n// `SameSite` and could probably be removed in the future.\nconst CSRF_COOKIE_OPTIONS: Readonly<CookieSerializeOptions> = {\n  expires: undefined, // \"session\" cookie\n  secure: true,\n  httpOnly: false, // Need to be accessible from JavaScript\n  sameSite: 'lax',\n  path: `/`,\n}\n\nasync function generateCsrfToken() {\n  return randomHexId(TOKEN_BYTE_LENGTH)\n}\n\nexport async function setupCsrfToken(\n  req: IncomingMessage,\n  res: ServerResponse,\n): Promise<void> {\n  const token = getCookieCsrf(req) || (await generateCsrfToken())\n\n  // Refresh cookie (See Chrome's \"Lax+POST\" behavior)\n  setCookie(res, CSRF_COOKIE_NAME, token, CSRF_COOKIE_OPTIONS)\n}\n\nexport async function validateCsrfToken(\n  req: IncomingMessage,\n  res: ServerResponse,\n) {\n  const cookieValue = getCookieCsrf(req)\n  const headerValue = getHeadersCsrf(req)\n\n  // Refresh cookie (See Chrome's \"Lax+POST\" behavior), or set a new one,\n  // allowing clients to retry with the new token.\n  setCookie(\n    res,\n    CSRF_COOKIE_NAME,\n    cookieValue || (await generateCsrfToken()),\n    CSRF_COOKIE_OPTIONS,\n  )\n\n  if (!headerValue) {\n    throw createHttpError(400, `Missing CSRF header`)\n  }\n  if (!cookieValue) {\n    throw createHttpError(400, `Missing CSRF cookie`)\n  }\n  if (cookieValue !== headerValue) {\n    throw createHttpError(400, `CSRF mismatch`)\n  }\n}\n\nexport function getCookieCsrf(req: IncomingMessage) {\n  const cookieValue = getCookie(req, CSRF_COOKIE_NAME)\n  if (cookieValue?.length === TOKEN_LENGTH) {\n    return cookieValue\n  }\n  return undefined\n}\n\nexport function getHeadersCsrf(req: IncomingMessage) {\n  const headerValue = req.headers[CSRF_HEADER_NAME]\n  if (typeof headerValue === 'string' && headerValue.length === TOKEN_LENGTH) {\n    return headerValue\n  }\n  return undefined\n}\n"]}

package/dist/router/assets/send-account-page.js

@@ -1,9 +1,6 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.sendAccountPageFactory = sendAccountPageFactory;
-const assets_js_1 = require("./assets.js");
-function sendAccountPageFactory(customization, options) {
-    const sendApp = (0, assets_js_1.sendWebAppFactory)('account-page', customization, options);
+import { sendWebAppFactory } from './assets.js';
+export function sendAccountPageFactory(customization, options) {
+    const sendApp = sendWebAppFactory('account-page', customization, options);
     return async function sendAccountPage(req, res, data) {
         return sendApp(req, res, {
             data: { __deviceSessions: data.deviceSessions },

package/dist/router/assets/send-account-page.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-account-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-account-page.ts"],"names":[],"mappings":";;AAKA,wDAiBC;AAnBD,2CAAkE;AAElE,SAAgB,sBAAsB,CACpC,aAA4B,EAC5B,OAA2B;IAE3B,MAAM,OAAO,GAAG,IAAA,6BAAiB,EAAC,cAAc,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAEzE,OAAO,KAAK,UAAU,eAAe,CACnC,GAAoB,EACpB,GAAmB,EACnB,IAEC;QAED,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE;YACvB,IAAI,EAAE,EAAE,gBAAgB,EAAE,IAAI,CAAC,cAAc,EAAE;SAChD,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport type { ActiveDeviceSession } from '@atproto/oauth-provider-api'\nimport { Customization } from '../../customization/customization.js'\nimport { SendWebAppOptions, sendWebAppFactory } from './assets.js'\n\nexport function sendAccountPageFactory(\n  customization: Customization,\n  options?: SendWebAppOptions,\n) {\n  const sendApp = sendWebAppFactory('account-page', customization, options)\n\n  return async function sendAccountPage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    data: {\n      deviceSessions: readonly ActiveDeviceSession[]\n    },\n  ): Promise<void> {\n    return sendApp(req, res, {\n      data: { __deviceSessions: data.deviceSessions },\n    })\n  }\n}\n"]}
+{"version":3,"file":"send-account-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-account-page.ts"],"names":[],"mappings":"AAGA,OAAO,EAAqB,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAElE,MAAM,UAAU,sBAAsB,CACpC,aAA4B,EAC5B,OAA2B;IAE3B,MAAM,OAAO,GAAG,iBAAiB,CAAC,cAAc,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAEzE,OAAO,KAAK,UAAU,eAAe,CACnC,GAAoB,EACpB,GAAmB,EACnB,IAEC;QAED,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE;YACvB,IAAI,EAAE,EAAE,gBAAgB,EAAE,IAAI,CAAC,cAAc,EAAE;SAChD,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport type { ActiveDeviceSession } from '@atproto/oauth-provider-api'\nimport { Customization } from '../../customization/customization.js'\nimport { SendWebAppOptions, sendWebAppFactory } from './assets.js'\n\nexport function sendAccountPageFactory(\n  customization: Customization,\n  options?: SendWebAppOptions,\n) {\n  const sendApp = sendWebAppFactory('account-page', customization, options)\n\n  return async function sendAccountPage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    data: {\n      deviceSessions: readonly ActiveDeviceSession[]\n    },\n  ): Promise<void> {\n    return sendApp(req, res, {\n      data: { __deviceSessions: data.deviceSessions },\n    })\n  }\n}\n"]}

package/dist/router/assets/send-authorization-page.js

@@ -1,9 +1,6 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.sendAuthorizePageFactory = sendAuthorizePageFactory;
-const assets_js_1 = require("./assets.js");
-function sendAuthorizePageFactory(customization, options) {
-    const sendApp = (0, assets_js_1.sendWebAppFactory)('authorization-page', customization, options);
+import { sendWebAppFactory } from './assets.js';
+export function sendAuthorizePageFactory(customization, options) {
+    const sendApp = sendWebAppFactory('authorization-page', customization, options);
     return async function sendAuthorizePage(req, res, data) {
         return sendApp(req, res, {
             data: {

package/dist/router/assets/send-authorization-page.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-authorization-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":";;AAKA,4DAoCC;AAtCD,2CAAkE;AAElE,SAAgB,wBAAwB,CACtC,aAA4B,EAC5B,OAA2B;IAE3B,MAAM,OAAO,GAAG,IAAA,6BAAiB,EAC/B,oBAAoB,EACpB,aAAa,EACb,OAAO,CACR,CAAA;IAED,OAAO,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB,EACnB,IAAsC;QAEtC,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE;YACvB,IAAI,EAAE;gBACJ,eAAe,EAAE;oBACf,UAAU,EAAE,IAAI,CAAC,UAAU;oBAE3B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;oBACxB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;oBACpC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;oBACzC,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;oBAE/C,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK;oBAC5B,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;oBACrC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;oBACrC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;oBAClC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,cAAc,CAAC;oBACvD,WAAW,EAAE,IAAI,CAAC,WAAW;iBAC9B;gBACD,UAAU,EAAE,IAAI,CAAC,QAAQ;aAC1B;SACF,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { Customization } from '../../customization/customization.js'\nimport { AuthorizationResultAuthorizePage } from '../../result/authorization-result-authorize-page.js'\nimport { SendWebAppOptions, sendWebAppFactory } from './assets.js'\n\nexport function sendAuthorizePageFactory(\n  customization: Customization,\n  options?: SendWebAppOptions,\n) {\n  const sendApp = sendWebAppFactory(\n    'authorization-page',\n    customization,\n    options,\n  )\n\n  return async function sendAuthorizePage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    data: AuthorizationResultAuthorizePage,\n  ): Promise<void> {\n    return sendApp(req, res, {\n      data: {\n        __authorizeData: {\n          requestUri: data.requestUri,\n\n          clientId: data.client.id,\n          clientMetadata: data.client.metadata,\n          clientTrusted: data.client.info.isTrusted,\n          clientFirstParty: data.client.info.isFirstParty,\n\n          scope: data.parameters.scope,\n          uiLocales: data.parameters.ui_locales,\n          loginHint: data.parameters.login_hint,\n          promptMode: data.parameters.prompt,\n          permissionSets: Object.fromEntries(data.permissionSets),\n          selectedSub: data.selectedSub,\n        },\n        __sessions: data.sessions,\n      },\n    })\n  }\n}\n"]}
+{"version":3,"file":"send-authorization-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":"AAGA,OAAO,EAAqB,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAElE,MAAM,UAAU,wBAAwB,CACtC,aAA4B,EAC5B,OAA2B;IAE3B,MAAM,OAAO,GAAG,iBAAiB,CAC/B,oBAAoB,EACpB,aAAa,EACb,OAAO,CACR,CAAA;IAED,OAAO,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB,EACnB,IAAsC;QAEtC,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE;YACvB,IAAI,EAAE;gBACJ,eAAe,EAAE;oBACf,UAAU,EAAE,IAAI,CAAC,UAAU;oBAE3B,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;oBACxB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;oBACpC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;oBACzC,gBAAgB,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY;oBAE/C,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK;oBAC5B,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;oBACrC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;oBACrC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;oBAClC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,cAAc,CAAC;oBACvD,WAAW,EAAE,IAAI,CAAC,WAAW;iBAC9B;gBACD,UAAU,EAAE,IAAI,CAAC,QAAQ;aAC1B;SACF,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { Customization } from '../../customization/customization.js'\nimport { AuthorizationResultAuthorizePage } from '../../result/authorization-result-authorize-page.js'\nimport { SendWebAppOptions, sendWebAppFactory } from './assets.js'\n\nexport function sendAuthorizePageFactory(\n  customization: Customization,\n  options?: SendWebAppOptions,\n) {\n  const sendApp = sendWebAppFactory(\n    'authorization-page',\n    customization,\n    options,\n  )\n\n  return async function sendAuthorizePage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    data: AuthorizationResultAuthorizePage,\n  ): Promise<void> {\n    return sendApp(req, res, {\n      data: {\n        __authorizeData: {\n          requestUri: data.requestUri,\n\n          clientId: data.client.id,\n          clientMetadata: data.client.metadata,\n          clientTrusted: data.client.info.isTrusted,\n          clientFirstParty: data.client.info.isFirstParty,\n\n          scope: data.parameters.scope,\n          uiLocales: data.parameters.ui_locales,\n          loginHint: data.parameters.login_hint,\n          promptMode: data.parameters.prompt,\n          permissionSets: Object.fromEntries(data.permissionSets),\n          selectedSub: data.selectedSub,\n        },\n        __sessions: data.sessions,\n      },\n    })\n  }\n}\n"]}

package/dist/router/assets/send-cookie-error-page.js

@@ -1,9 +1,6 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.sendCookieErrorPageFactory = sendCookieErrorPageFactory;
-const assets_js_1 = require("./assets.js");
-function sendCookieErrorPageFactory(customization, options) {
-    const sendApp = (0, assets_js_1.sendWebAppFactory)('cookie-error-page', customization, options);
+import { sendWebAppFactory } from './assets.js';
+export function sendCookieErrorPageFactory(customization, options) {
+    const sendApp = sendWebAppFactory('cookie-error-page', customization, options);
     return async function sendCookieErrorPage(req, res, data) {
         return sendApp(req, res, {
             status: 400,

package/dist/router/assets/send-cookie-error-page.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-cookie-error-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-cookie-error-page.ts"],"names":[],"mappings":";;AAIA,gEAgBC;AAlBD,2CAAkE;AAElE,SAAgB,0BAA0B,CACxC,aAA4B,EAC5B,OAA2B;IAE3B,MAAM,OAAO,GAAG,IAAA,6BAAiB,EAAC,mBAAmB,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAE9E,OAAO,KAAK,UAAU,mBAAmB,CACvC,GAAoB,EACpB,GAAmB,EACnB,IAA0B;QAE1B,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE;YACvB,MAAM,EAAE,GAAG;YACX,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE;SACrD,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { Customization } from '../../customization/customization.js'\nimport { SendWebAppOptions, sendWebAppFactory } from './assets.js'\n\nexport function sendCookieErrorPageFactory(\n  customization: Customization,\n  options?: SendWebAppOptions,\n) {\n  const sendApp = sendWebAppFactory('cookie-error-page', customization, options)\n\n  return async function sendCookieErrorPage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    data: { continueUrl: URL },\n  ) {\n    return sendApp(req, res, {\n      status: 400,\n      data: { __continueUrl: data.continueUrl.toString() },\n    })\n  }\n}\n"]}
+{"version":3,"file":"send-cookie-error-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-cookie-error-page.ts"],"names":[],"mappings":"AAEA,OAAO,EAAqB,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAElE,MAAM,UAAU,0BAA0B,CACxC,aAA4B,EAC5B,OAA2B;IAE3B,MAAM,OAAO,GAAG,iBAAiB,CAAC,mBAAmB,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAE9E,OAAO,KAAK,UAAU,mBAAmB,CACvC,GAAoB,EACpB,GAAmB,EACnB,IAA0B;QAE1B,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE;YACvB,MAAM,EAAE,GAAG;YACX,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE;SACrD,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { Customization } from '../../customization/customization.js'\nimport { SendWebAppOptions, sendWebAppFactory } from './assets.js'\n\nexport function sendCookieErrorPageFactory(\n  customization: Customization,\n  options?: SendWebAppOptions,\n) {\n  const sendApp = sendWebAppFactory('cookie-error-page', customization, options)\n\n  return async function sendCookieErrorPage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    data: { continueUrl: URL },\n  ) {\n    return sendApp(req, res, {\n      status: 400,\n      data: { __continueUrl: data.continueUrl.toString() },\n    })\n  }\n}\n"]}

package/dist/router/assets/send-error-page.js

@@ -1,14 +1,11 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.sendErrorPageFactory = sendErrorPageFactory;
-const error_parser_js_1 = require("../../errors/error-parser.js");
-const assets_js_1 = require("./assets.js");
-function sendErrorPageFactory(customization, options) {
-    const sendApp = (0, assets_js_1.sendWebAppFactory)('error-page', customization, options);
+import { buildErrorPayload, buildErrorStatus, } from '../../errors/error-parser.js';
+import { sendWebAppFactory } from './assets.js';
+export function sendErrorPageFactory(customization, options) {
+    const sendApp = sendWebAppFactory('error-page', customization, options);
     return async function sendErrorPage(req, res, err) {
         return sendApp(req, res, {
-            status: (0, error_parser_js_1.buildErrorStatus)(err),
-            data: { __errorData: (0, error_parser_js_1.buildErrorPayload)(err) },
+            status: buildErrorStatus(err),
+            data: { __errorData: buildErrorPayload(err) },
         });
     };
 }

package/dist/router/assets/send-error-page.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-error-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-error-page.ts"],"names":[],"mappings":";;AAQA,oDAgBC;AAtBD,kEAGqC;AACrC,2CAAkE;AAElE,SAAgB,oBAAoB,CAClC,aAA4B,EAC5B,OAA2B;IAE3B,MAAM,OAAO,GAAG,IAAA,6BAAiB,EAAC,YAAY,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAEvE,OAAO,KAAK,UAAU,aAAa,CACjC,GAAoB,EACpB,GAAmB,EACnB,GAAY;QAEZ,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE;YACvB,MAAM,EAAE,IAAA,kCAAgB,EAAC,GAAG,CAAC;YAC7B,IAAI,EAAE,EAAE,WAAW,EAAE,IAAA,mCAAiB,EAAC,GAAG,CAAC,EAAE;SAC9C,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { Customization } from '../../customization/customization.js'\nimport {\n  buildErrorPayload,\n  buildErrorStatus,\n} from '../../errors/error-parser.js'\nimport { SendWebAppOptions, sendWebAppFactory } from './assets.js'\n\nexport function sendErrorPageFactory(\n  customization: Customization,\n  options?: SendWebAppOptions,\n) {\n  const sendApp = sendWebAppFactory('error-page', customization, options)\n\n  return async function sendErrorPage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    err: unknown,\n  ): Promise<void> {\n    return sendApp(req, res, {\n      status: buildErrorStatus(err),\n      data: { __errorData: buildErrorPayload(err) },\n    })\n  }\n}\n"]}
+{"version":3,"file":"send-error-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-error-page.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,8BAA8B,CAAA;AACrC,OAAO,EAAqB,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAElE,MAAM,UAAU,oBAAoB,CAClC,aAA4B,EAC5B,OAA2B;IAE3B,MAAM,OAAO,GAAG,iBAAiB,CAAC,YAAY,EAAE,aAAa,EAAE,OAAO,CAAC,CAAA;IAEvE,OAAO,KAAK,UAAU,aAAa,CACjC,GAAoB,EACpB,GAAmB,EACnB,GAAY;QAEZ,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE;YACvB,MAAM,EAAE,gBAAgB,CAAC,GAAG,CAAC;YAC7B,IAAI,EAAE,EAAE,WAAW,EAAE,iBAAiB,CAAC,GAAG,CAAC,EAAE;SAC9C,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport { Customization } from '../../customization/customization.js'\nimport {\n  buildErrorPayload,\n  buildErrorStatus,\n} from '../../errors/error-parser.js'\nimport { SendWebAppOptions, sendWebAppFactory } from './assets.js'\n\nexport function sendErrorPageFactory(\n  customization: Customization,\n  options?: SendWebAppOptions,\n) {\n  const sendApp = sendWebAppFactory('error-page', customization, options)\n\n  return async function sendErrorPage(\n    req: IncomingMessage,\n    res: ServerResponse,\n    err: unknown,\n  ): Promise<void> {\n    return sendApp(req, res, {\n      status: buildErrorStatus(err),\n      data: { __errorData: buildErrorPayload(err) },\n    })\n  }\n}\n"]}

package/dist/router/assets/send-redirect.js

@@ -1,45 +1,37 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ERROR_REDIRECT_KEYS = exports.SUCCESS_REDIRECT_KEYS = void 0;
-exports.buildRedirectUri = buildRedirectUri;
-exports.buildRedirectMode = buildRedirectMode;
-exports.buildRedirectParams = buildRedirectParams;
-exports.sendAuthorizationResultRedirect = sendAuthorizationResultRedirect;
-exports.sendRedirect = sendRedirect;
-const authorization_error_js_1 = require("../../errors/authorization-error.js");
-const write_form_redirect_js_1 = require("../../lib/write-form-redirect.js");
+import { AuthorizationError } from '../../errors/authorization-error.js';
+import { writeFormRedirect, } from '../../lib/write-form-redirect.js';
 // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-7.5.4
 const REDIRECT_STATUS_CODE = 303;
-exports.SUCCESS_REDIRECT_KEYS = [
+export const SUCCESS_REDIRECT_KEYS = [
     'code',
     'id_token',
     'access_token',
     'expires_in',
     'token_type',
 ];
-exports.ERROR_REDIRECT_KEYS = [
+export const ERROR_REDIRECT_KEYS = [
     'error',
     'error_description',
     'error_uri',
 ];
-function buildRedirectUri(parameters) {
+export function buildRedirectUri(parameters) {
     const uri = parameters.redirect_uri;
     if (uri)
         return uri;
-    throw new authorization_error_js_1.AuthorizationError(parameters, 'No redirect_uri', 'invalid_request');
+    throw new AuthorizationError(parameters, 'No redirect_uri', 'invalid_request');
 }
-function buildRedirectMode(parameters) {
+export function buildRedirectMode(parameters) {
     const mode = parameters.response_mode || 'query'; // @TODO default should depend on response_type
     return mode;
 }
-function buildRedirectParams(issuer, parameters, redirect) {
+export function buildRedirectParams(issuer, parameters, redirect) {
     const params = [
         ['iss', issuer], // rfc9207
     ];
     if (parameters.state != null) {
         params.push(['state', parameters.state]);
     }
-    const keys = 'code' in redirect ? exports.SUCCESS_REDIRECT_KEYS : exports.ERROR_REDIRECT_KEYS;
+    const keys = 'code' in redirect ? SUCCESS_REDIRECT_KEYS : ERROR_REDIRECT_KEYS;
     for (const key of keys) {
         const value = redirect[key];
         if (value != null)
@@ -47,7 +39,7 @@ function buildRedirectParams(issuer, parameters, redirect) {
     }
     return params;
 }
-function sendAuthorizationResultRedirect(res, result, options) {
+export function sendAuthorizationResultRedirect(res, result, options) {
     const { issuer, parameters, redirect } = result;
     return sendRedirect(res, {
         redirectUri: buildRedirectUri(parameters),
@@ -55,7 +47,7 @@ function sendAuthorizationResultRedirect(res, result, options) {
         params: buildRedirectParams(issuer, parameters, redirect),
     }, options);
 }
-function sendRedirect(res, redirect, options) {
+export function sendRedirect(res, redirect, options) {
     res.setHeader('Cache-Control', 'no-store');
     const { mode, redirectUri: uri, params } = redirect;
     switch (mode) {
@@ -64,7 +56,7 @@ function sendRedirect(res, redirect, options) {
         case 'fragment':
             return writeFragment(res, uri, params);
         case 'form_post':
-            return (0, write_form_redirect_js_1.writeFormRedirect)(res, 'post', uri, params, options);
+            return writeFormRedirect(res, 'post', uri, params, options);
     }
     // @ts-expect-error fool proof
     throw new Error(`Unsupported mode: ${mode}`);

package/dist/router/assets/send-redirect.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-redirect.js","sourceRoot":"","sources":["../../../src/router/assets/send-redirect.ts"],"names":[],"mappings":";;;AAoCA,4CAOC;AAED,8CAKC;AAED,kDAoBC;AAED,0EAgBC;AAQD,oCAmBC;AAhHD,gFAAwE;AACxE,6EAGyC;AAIzC,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,GAAG,CAAA;AAEnB,QAAA,qBAAqB,GAAG;IACnC,MAAM;IACN,UAAU;IACV,cAAc;IACd,YAAY;IACZ,YAAY;CACJ,CAAA;AAEG,QAAA,mBAAmB,GAAG;IACjC,OAAO;IACP,mBAAmB;IACnB,WAAW;CACH,CAAA;AAQV,SAAgB,gBAAgB,CAC9B,UAA+C;IAE/C,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAA;IACnC,IAAI,GAAG;QAAE,OAAO,GAAG,CAAA;IAEnB,MAAM,IAAI,2CAAkB,CAAC,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,CAAA;AAChF,CAAC;AAED,SAAgB,iBAAiB,CAC/B,UAA+C;IAE/C,MAAM,IAAI,GAAG,UAAU,CAAC,aAAa,IAAI,OAAO,CAAA,CAAC,+CAA+C;IAChG,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAgB,mBAAmB,CACjC,MAAc,EACd,UAA+C,EAC/C,QAAyC;IAEzC,MAAM,MAAM,GAA4C;QACtD,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,UAAU;KAC5B,CAAA;IAED,IAAI,UAAU,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAI,QAAQ,CAAC,CAAC,CAAC,6BAAqB,CAAC,CAAC,CAAC,2BAAmB,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,KAAK,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;IAC9C,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAgB,+BAA+B,CAC7C,GAAmB,EACnB,MAAmC,EACnC,OAAkC;IAElC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;IAE/C,OAAO,YAAY,CACjB,GAAG,EACH;QACE,WAAW,EAAE,gBAAgB,CAAC,UAAU,CAAC;QACzC,IAAI,EAAE,iBAAiB,CAAC,UAAU,CAAC;QACnC,MAAM,EAAE,mBAAmB,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC;KAC1D,EACD,OAAO,CACR,CAAA;AACH,CAAC;AAQD,SAAgB,YAAY,CAC1B,GAAmB,EACnB,QAA8B,EAC9B,OAAkC;IAElC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAE1C,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAA;IACnD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACrC,KAAK,UAAU;YACb,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACxC,KAAK,WAAW;YACd,OAAO,IAAA,0CAAiB,EAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/D,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,UAAU,CACjB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IACnE,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAC/D,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAA;IAClC,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC","sourcesContent":["import type { ServerResponse } from 'node:http'\nimport {\n  OAuthAuthorizationRequestParameters,\n  OAuthResponseMode,\n} from '@atproto/oauth-types'\nimport { AuthorizationError } from '../../errors/authorization-error.js'\nimport {\n  WriteFormRedirectOptions,\n  writeFormRedirect,\n} from '../../lib/write-form-redirect.js'\nimport { AuthorizationRedirectParameters } from '../../result/authorization-redirect-parameters.js'\nimport { AuthorizationResultRedirect } from '../../result/authorization-result-redirect.js'\n\n// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-7.5.4\nconst REDIRECT_STATUS_CODE = 303\n\nexport const SUCCESS_REDIRECT_KEYS = [\n  'code',\n  'id_token',\n  'access_token',\n  'expires_in',\n  'token_type',\n] as const\n\nexport const ERROR_REDIRECT_KEYS = [\n  'error',\n  'error_description',\n  'error_uri',\n] as const\n\nexport type OAuthRedirectQueryParameter =\n  | 'iss'\n  | 'state'\n  | (typeof SUCCESS_REDIRECT_KEYS)[number]\n  | (typeof ERROR_REDIRECT_KEYS)[number]\n\nexport function buildRedirectUri(\n  parameters: OAuthAuthorizationRequestParameters,\n): string {\n  const uri = parameters.redirect_uri\n  if (uri) return uri\n\n  throw new AuthorizationError(parameters, 'No redirect_uri', 'invalid_request')\n}\n\nexport function buildRedirectMode(\n  parameters: OAuthAuthorizationRequestParameters,\n): OAuthResponseMode {\n  const mode = parameters.response_mode || 'query' // @TODO default should depend on response_type\n  return mode\n}\n\nexport function buildRedirectParams(\n  issuer: string,\n  parameters: OAuthAuthorizationRequestParameters,\n  redirect: AuthorizationRedirectParameters,\n): [OAuthRedirectQueryParameter, string][] {\n  const params: [OAuthRedirectQueryParameter, string][] = [\n    ['iss', issuer], // rfc9207\n  ]\n\n  if (parameters.state != null) {\n    params.push(['state', parameters.state])\n  }\n\n  const keys = 'code' in redirect ? SUCCESS_REDIRECT_KEYS : ERROR_REDIRECT_KEYS\n  for (const key of keys) {\n    const value = redirect[key]\n    if (value != null) params.push([key, value])\n  }\n\n  return params\n}\n\nexport function sendAuthorizationResultRedirect(\n  res: ServerResponse,\n  result: AuthorizationResultRedirect,\n  options?: WriteFormRedirectOptions,\n) {\n  const { issuer, parameters, redirect } = result\n\n  return sendRedirect(\n    res,\n    {\n      redirectUri: buildRedirectUri(parameters),\n      mode: buildRedirectMode(parameters),\n      params: buildRedirectParams(issuer, parameters, redirect),\n    },\n    options,\n  )\n}\n\nexport type OAuthRedirectOptions = {\n  mode: OAuthResponseMode\n  redirectUri: string\n  params: Iterable<[string, string]>\n}\n\nexport function sendRedirect(\n  res: ServerResponse,\n  redirect: OAuthRedirectOptions,\n  options?: WriteFormRedirectOptions,\n): void {\n  res.setHeader('Cache-Control', 'no-store')\n\n  const { mode, redirectUri: uri, params } = redirect\n  switch (mode) {\n    case 'query':\n      return writeQuery(res, uri, params)\n    case 'fragment':\n      return writeFragment(res, uri, params)\n    case 'form_post':\n      return writeFormRedirect(res, 'post', uri, params, options)\n  }\n\n  // @ts-expect-error fool proof\n  throw new Error(`Unsupported mode: ${mode}`)\n}\n\nfunction writeQuery(\n  res: ServerResponse,\n  uri: string,\n  params: Iterable<[string, string]>,\n): void {\n  const url = new URL(uri)\n  for (const [key, value] of params) url.searchParams.set(key, value)\n  res.writeHead(REDIRECT_STATUS_CODE, { Location: url.href }).end()\n}\n\nfunction writeFragment(\n  res: ServerResponse,\n  uri: string,\n  params: Iterable<[string, string]>,\n): void {\n  const url = new URL(uri)\n  const searchParams = new URLSearchParams()\n  for (const [key, value] of params) searchParams.set(key, value)\n  url.hash = searchParams.toString()\n  res.writeHead(REDIRECT_STATUS_CODE, { Location: url.href }).end()\n}\n"]}
+{"version":3,"file":"send-redirect.js","sourceRoot":"","sources":["../../../src/router/assets/send-redirect.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,kBAAkB,EAAE,MAAM,qCAAqC,CAAA;AACxE,OAAO,EAEL,iBAAiB,GAClB,MAAM,kCAAkC,CAAA;AAIzC,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,GAAG,CAAA;AAEhC,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,MAAM;IACN,UAAU;IACV,cAAc;IACd,YAAY;IACZ,YAAY;CACJ,CAAA;AAEV,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,OAAO;IACP,mBAAmB;IACnB,WAAW;CACH,CAAA;AAQV,MAAM,UAAU,gBAAgB,CAC9B,UAA+C;IAE/C,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAA;IACnC,IAAI,GAAG;QAAE,OAAO,GAAG,CAAA;IAEnB,MAAM,IAAI,kBAAkB,CAAC,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,CAAC,CAAA;AAChF,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,UAA+C;IAE/C,MAAM,IAAI,GAAG,UAAU,CAAC,aAAa,IAAI,OAAO,CAAA,CAAC,+CAA+C;IAChG,OAAO,IAAI,CAAA;AACb,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,MAAc,EACd,UAA+C,EAC/C,QAAyC;IAEzC,MAAM,MAAM,GAA4C;QACtD,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,UAAU;KAC5B,CAAA;IAED,IAAI,UAAU,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAI,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,mBAAmB,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,KAAK,IAAI,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;IAC9C,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,UAAU,+BAA+B,CAC7C,GAAmB,EACnB,MAAmC,EACnC,OAAkC;IAElC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;IAE/C,OAAO,YAAY,CACjB,GAAG,EACH;QACE,WAAW,EAAE,gBAAgB,CAAC,UAAU,CAAC;QACzC,IAAI,EAAE,iBAAiB,CAAC,UAAU,CAAC;QACnC,MAAM,EAAE,mBAAmB,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC;KAC1D,EACD,OAAO,CACR,CAAA;AACH,CAAC;AAQD,MAAM,UAAU,YAAY,CAC1B,GAAmB,EACnB,QAA8B,EAC9B,OAAkC;IAElC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAE1C,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,QAAQ,CAAA;IACnD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACrC,KAAK,UAAU;YACb,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;QACxC,KAAK,WAAW;YACd,OAAO,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/D,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,UAAU,CACjB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IACnE,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,MAAkC;IAElC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAC/D,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAA;IAClC,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC","sourcesContent":["import type { ServerResponse } from 'node:http'\nimport {\n  OAuthAuthorizationRequestParameters,\n  OAuthResponseMode,\n} from '@atproto/oauth-types'\nimport { AuthorizationError } from '../../errors/authorization-error.js'\nimport {\n  WriteFormRedirectOptions,\n  writeFormRedirect,\n} from '../../lib/write-form-redirect.js'\nimport { AuthorizationRedirectParameters } from '../../result/authorization-redirect-parameters.js'\nimport { AuthorizationResultRedirect } from '../../result/authorization-result-redirect.js'\n\n// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-7.5.4\nconst REDIRECT_STATUS_CODE = 303\n\nexport const SUCCESS_REDIRECT_KEYS = [\n  'code',\n  'id_token',\n  'access_token',\n  'expires_in',\n  'token_type',\n] as const\n\nexport const ERROR_REDIRECT_KEYS = [\n  'error',\n  'error_description',\n  'error_uri',\n] as const\n\nexport type OAuthRedirectQueryParameter =\n  | 'iss'\n  | 'state'\n  | (typeof SUCCESS_REDIRECT_KEYS)[number]\n  | (typeof ERROR_REDIRECT_KEYS)[number]\n\nexport function buildRedirectUri(\n  parameters: OAuthAuthorizationRequestParameters,\n): string {\n  const uri = parameters.redirect_uri\n  if (uri) return uri\n\n  throw new AuthorizationError(parameters, 'No redirect_uri', 'invalid_request')\n}\n\nexport function buildRedirectMode(\n  parameters: OAuthAuthorizationRequestParameters,\n): OAuthResponseMode {\n  const mode = parameters.response_mode || 'query' // @TODO default should depend on response_type\n  return mode\n}\n\nexport function buildRedirectParams(\n  issuer: string,\n  parameters: OAuthAuthorizationRequestParameters,\n  redirect: AuthorizationRedirectParameters,\n): [OAuthRedirectQueryParameter, string][] {\n  const params: [OAuthRedirectQueryParameter, string][] = [\n    ['iss', issuer], // rfc9207\n  ]\n\n  if (parameters.state != null) {\n    params.push(['state', parameters.state])\n  }\n\n  const keys = 'code' in redirect ? SUCCESS_REDIRECT_KEYS : ERROR_REDIRECT_KEYS\n  for (const key of keys) {\n    const value = redirect[key]\n    if (value != null) params.push([key, value])\n  }\n\n  return params\n}\n\nexport function sendAuthorizationResultRedirect(\n  res: ServerResponse,\n  result: AuthorizationResultRedirect,\n  options?: WriteFormRedirectOptions,\n) {\n  const { issuer, parameters, redirect } = result\n\n  return sendRedirect(\n    res,\n    {\n      redirectUri: buildRedirectUri(parameters),\n      mode: buildRedirectMode(parameters),\n      params: buildRedirectParams(issuer, parameters, redirect),\n    },\n    options,\n  )\n}\n\nexport type OAuthRedirectOptions = {\n  mode: OAuthResponseMode\n  redirectUri: string\n  params: Iterable<[string, string]>\n}\n\nexport function sendRedirect(\n  res: ServerResponse,\n  redirect: OAuthRedirectOptions,\n  options?: WriteFormRedirectOptions,\n): void {\n  res.setHeader('Cache-Control', 'no-store')\n\n  const { mode, redirectUri: uri, params } = redirect\n  switch (mode) {\n    case 'query':\n      return writeQuery(res, uri, params)\n    case 'fragment':\n      return writeFragment(res, uri, params)\n    case 'form_post':\n      return writeFormRedirect(res, 'post', uri, params, options)\n  }\n\n  // @ts-expect-error fool proof\n  throw new Error(`Unsupported mode: ${mode}`)\n}\n\nfunction writeQuery(\n  res: ServerResponse,\n  uri: string,\n  params: Iterable<[string, string]>,\n): void {\n  const url = new URL(uri)\n  for (const [key, value] of params) url.searchParams.set(key, value)\n  res.writeHead(REDIRECT_STATUS_CODE, { Location: url.href }).end()\n}\n\nfunction writeFragment(\n  res: ServerResponse,\n  uri: string,\n  params: Iterable<[string, string]>,\n): void {\n  const url = new URL(uri)\n  const searchParams = new URLSearchParams()\n  for (const [key, value] of params) searchParams.set(key, value)\n  url.hash = searchParams.toString()\n  res.writeHead(REDIRECT_STATUS_CODE, { Location: url.href }).end()\n}\n"]}

package/dist/router/create-account-page-middleware.js

@@ -1,22 +1,19 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createAccountPageMiddleware = createAccountPageMiddleware;
-const index_js_1 = require("../lib/http/index.js");
-const send_account_page_js_1 = require("./assets/send-account-page.js");
-const send_error_page_js_1 = require("./assets/send-error-page.js");
-function createAccountPageMiddleware(server, { onError }) {
+import { Router, validateFetchDest, validateFetchMode, validateOrigin, writeRedirect, } from '../lib/http/index.js';
+import { sendAccountPageFactory } from './assets/send-account-page.js';
+import { sendErrorPageFactory } from './assets/send-error-page.js';
+export function createAccountPageMiddleware(server, { onError }) {
     const issuerUrl = new URL(server.issuer);
     const issuerOrigin = issuerUrl.origin;
     const securityOptions = {
         hsts: issuerUrl.protocol === 'http:' ? false : undefined,
     };
-    const sendAccountPage = (0, send_account_page_js_1.sendAccountPageFactory)(server.customization, securityOptions);
-    const sendErrorPage = (0, send_error_page_js_1.sendErrorPageFactory)(server.customization, securityOptions);
-    const router = new index_js_1.Router(issuerUrl);
+    const sendAccountPage = sendAccountPageFactory(server.customization, securityOptions);
+    const sendErrorPage = sendErrorPageFactory(server.customization, securityOptions);
+    const router = new Router(issuerUrl);
     // Create password reset discovery endpoint
     // https://www.w3.org/TR/change-password-url/
     router.get('/.well-known/change-password', (_req, res) => {
-        (0, index_js_1.writeRedirect)(res, new URL('/account/reset-password', issuerUrl).toString());
+        writeRedirect(res, new URL('/account/reset-password', issuerUrl).toString());
     });
     // Create frontend account pages
     router.get(/^\/account(?:\/.*)?$/, async function (req, res) {
@@ -24,9 +21,9 @@ function createAccountPageMiddleware(server, { onError }) {
             res.setHeader('Referrer-Policy', 'same-origin');
             res.setHeader('Cache-Control', 'no-store');
             res.setHeader('Pragma', 'no-cache');
-            (0, index_js_1.validateFetchMode)(req, ['navigate']);
-            (0, index_js_1.validateFetchDest)(req, ['document']);
-            (0, index_js_1.validateOrigin)(req, issuerOrigin);
+            validateFetchMode(req, ['navigate']);
+            validateFetchDest(req, ['document']);
+            validateOrigin(req, issuerOrigin);
             const { deviceId } = await server.deviceManager.load(req, res);
             const deviceAccounts = await server.accountManager.listDeviceAccounts(deviceId);
             sendAccountPage(req, res, {

package/dist/router/create-account-page-middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"create-account-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-account-page-middleware.ts"],"names":[],"mappings":";;AAgBA,kEAuEC;AArFD,mDAO6B;AAG7B,wEAAsE;AACtE,oEAAkE;AAGlE,SAAgB,2BAA2B,CAKzC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,eAAe,GAA2B;QAC9C,IAAI,EAAE,SAAS,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACzD,CAAA;IAED,MAAM,eAAe,GAAG,IAAA,6CAAsB,EAC5C,MAAM,CAAC,aAAa,EACpB,eAAe,CAChB,CAAA;IACD,MAAM,aAAa,GAAG,IAAA,yCAAoB,EACxC,MAAM,CAAC,aAAa,EACpB,eAAe,CAChB,CAAA;IAED,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,2CAA2C;IAC3C,6CAA6C;IAC7C,MAAM,CAAC,GAAG,CAAC,8BAA8B,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACvD,IAAA,wBAAa,EAAC,GAAG,EAAE,IAAI,GAAG,CAAC,yBAAyB,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,gCAAgC;IAChC,MAAM,CAAC,GAAG,CAAQ,sBAAsB,EAAE,KAAK,WAAW,GAAG,EAAE,GAAG;QAChE,IAAI,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;YAE/C,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;YAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;YAEnC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YAEjC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9D,MAAM,cAAc,GAClB,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;YAE1D,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE;gBACxB,cAAc,EAAE,cAAc,CAAC,GAAG,CAChC,CAAC,aAAa,EAAuB,EAAE,CAAC,CAAC;oBACvC,OAAO,EAAE,aAAa,CAAC,OAAO;oBAC9B,aAAa,EAAE,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC;iBACxD,CAAC,CACH;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;YAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACrC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;AACjC,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport type { ActiveDeviceSession } from '@atproto/oauth-provider-api'\nimport {\n  Middleware,\n  Router,\n  validateFetchDest,\n  validateFetchMode,\n  validateOrigin,\n  writeRedirect,\n} from '../lib/http/index.js'\nimport { SecurityHeadersOptions } from '../lib/http/security-headers.js'\nimport type { OAuthProvider } from '../oauth-provider.js'\nimport { sendAccountPageFactory } from './assets/send-account-page.js'\nimport { sendErrorPageFactory } from './assets/send-error-page.js'\nimport type { MiddlewareOptions } from './middleware-options.js'\n\nexport function createAccountPageMiddleware<\n  Ctx extends object | void = void,\n  Req extends IncomingMessage = IncomingMessage,\n  Res extends ServerResponse = ServerResponse,\n>(\n  server: OAuthProvider,\n  { onError }: MiddlewareOptions<Req, Res>,\n): Middleware<Ctx, Req, Res> {\n  const issuerUrl = new URL(server.issuer)\n  const issuerOrigin = issuerUrl.origin\n\n  const securityOptions: SecurityHeadersOptions = {\n    hsts: issuerUrl.protocol === 'http:' ? false : undefined,\n  }\n\n  const sendAccountPage = sendAccountPageFactory(\n    server.customization,\n    securityOptions,\n  )\n  const sendErrorPage = sendErrorPageFactory(\n    server.customization,\n    securityOptions,\n  )\n\n  const router = new Router<Ctx, Req, Res>(issuerUrl)\n\n  // Create password reset discovery endpoint\n  // https://www.w3.org/TR/change-password-url/\n  router.get('/.well-known/change-password', (_req, res) => {\n    writeRedirect(res, new URL('/account/reset-password', issuerUrl).toString())\n  })\n\n  // Create frontend account pages\n  router.get<never>(/^\\/account(?:\\/.*)?$/, async function (req, res) {\n    try {\n      res.setHeader('Referrer-Policy', 'same-origin')\n\n      res.setHeader('Cache-Control', 'no-store')\n      res.setHeader('Pragma', 'no-cache')\n\n      validateFetchMode(req, ['navigate'])\n      validateFetchDest(req, ['document'])\n      validateOrigin(req, issuerOrigin)\n\n      const { deviceId } = await server.deviceManager.load(req, res)\n      const deviceAccounts =\n        await server.accountManager.listDeviceAccounts(deviceId)\n\n      sendAccountPage(req, res, {\n        deviceSessions: deviceAccounts.map(\n          (deviceAccount): ActiveDeviceSession => ({\n            account: deviceAccount.account,\n            loginRequired: server.checkLoginRequired(deviceAccount),\n          }),\n        ),\n      })\n    } catch (err) {\n      onError?.(\n        req,\n        res,\n        err,\n        `Failed to handle navigation request to \"${req.url}\"`,\n      )\n\n      if (!res.headersSent) {\n        return sendErrorPage(req, res, err)\n      }\n    }\n  })\n\n  return router.buildMiddleware()\n}\n"]}
+{"version":3,"file":"create-account-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-account-page-middleware.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,MAAM,EACN,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,aAAa,GACd,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAA;AACtE,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAA;AAGlE,MAAM,UAAU,2BAA2B,CAKzC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,eAAe,GAA2B;QAC9C,IAAI,EAAE,SAAS,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACzD,CAAA;IAED,MAAM,eAAe,GAAG,sBAAsB,CAC5C,MAAM,CAAC,aAAa,EACpB,eAAe,CAChB,CAAA;IACD,MAAM,aAAa,GAAG,oBAAoB,CACxC,MAAM,CAAC,aAAa,EACpB,eAAe,CAChB,CAAA;IAED,MAAM,MAAM,GAAG,IAAI,MAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,2CAA2C;IAC3C,6CAA6C;IAC7C,MAAM,CAAC,GAAG,CAAC,8BAA8B,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACvD,aAAa,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,yBAAyB,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,gCAAgC;IAChC,MAAM,CAAC,GAAG,CAAQ,sBAAsB,EAAE,KAAK,WAAW,GAAG,EAAE,GAAG;QAChE,IAAI,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;YAE/C,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;YAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;YAEnC,iBAAiB,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,iBAAiB,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,cAAc,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YAEjC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9D,MAAM,cAAc,GAClB,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;YAE1D,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE;gBACxB,cAAc,EAAE,cAAc,CAAC,GAAG,CAChC,CAAC,aAAa,EAAuB,EAAE,CAAC,CAAC;oBACvC,OAAO,EAAE,aAAa,CAAC,OAAO;oBAC9B,aAAa,EAAE,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC;iBACxD,CAAC,CACH;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;YAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YACrC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;AACjC,CAAC","sourcesContent":["import type { IncomingMessage, ServerResponse } from 'node:http'\nimport type { ActiveDeviceSession } from '@atproto/oauth-provider-api'\nimport {\n  Middleware,\n  Router,\n  validateFetchDest,\n  validateFetchMode,\n  validateOrigin,\n  writeRedirect,\n} from '../lib/http/index.js'\nimport { SecurityHeadersOptions } from '../lib/http/security-headers.js'\nimport type { OAuthProvider } from '../oauth-provider.js'\nimport { sendAccountPageFactory } from './assets/send-account-page.js'\nimport { sendErrorPageFactory } from './assets/send-error-page.js'\nimport type { MiddlewareOptions } from './middleware-options.js'\n\nexport function createAccountPageMiddleware<\n  Ctx extends object | void = void,\n  Req extends IncomingMessage = IncomingMessage,\n  Res extends ServerResponse = ServerResponse,\n>(\n  server: OAuthProvider,\n  { onError }: MiddlewareOptions<Req, Res>,\n): Middleware<Ctx, Req, Res> {\n  const issuerUrl = new URL(server.issuer)\n  const issuerOrigin = issuerUrl.origin\n\n  const securityOptions: SecurityHeadersOptions = {\n    hsts: issuerUrl.protocol === 'http:' ? false : undefined,\n  }\n\n  const sendAccountPage = sendAccountPageFactory(\n    server.customization,\n    securityOptions,\n  )\n  const sendErrorPage = sendErrorPageFactory(\n    server.customization,\n    securityOptions,\n  )\n\n  const router = new Router<Ctx, Req, Res>(issuerUrl)\n\n  // Create password reset discovery endpoint\n  // https://www.w3.org/TR/change-password-url/\n  router.get('/.well-known/change-password', (_req, res) => {\n    writeRedirect(res, new URL('/account/reset-password', issuerUrl).toString())\n  })\n\n  // Create frontend account pages\n  router.get<never>(/^\\/account(?:\\/.*)?$/, async function (req, res) {\n    try {\n      res.setHeader('Referrer-Policy', 'same-origin')\n\n      res.setHeader('Cache-Control', 'no-store')\n      res.setHeader('Pragma', 'no-cache')\n\n      validateFetchMode(req, ['navigate'])\n      validateFetchDest(req, ['document'])\n      validateOrigin(req, issuerOrigin)\n\n      const { deviceId } = await server.deviceManager.load(req, res)\n      const deviceAccounts =\n        await server.accountManager.listDeviceAccounts(deviceId)\n\n      sendAccountPage(req, res, {\n        deviceSessions: deviceAccounts.map(\n          (deviceAccount): ActiveDeviceSession => ({\n            account: deviceAccount.account,\n            loginRequired: server.checkLoginRequired(deviceAccount),\n          }),\n        ),\n      })\n    } catch (err) {\n      onError?.(\n        req,\n        res,\n        err,\n        `Failed to handle navigation request to \"${req.url}\"`,\n      )\n\n      if (!res.headersSent) {\n        return sendErrorPage(req, res, err)\n      }\n    }\n  })\n\n  return router.buildMiddleware()\n}\n"]}