@atproto/oauth-provider 0.16.5 → 0.17.0

package/dist/types/color-hue.js.map

@@ -1 +1 @@
-{"version":3,"file":"color-hue.js","sourceRoot":"","sources":["../../src/types/color-hue.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const colorHueSchema = z.number().min(0).max(360)\n"]}
+{"version":3,"file":"color-hue.js","sourceRoot":"","sources":["../../src/types/color-hue.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const colorHueSchema = z.number().min(0).max(360)\n"]}

package/dist/types/email-otp.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.emailOtpSchema = void 0;
-const zod_1 = require("zod");
-exports.emailOtpSchema = zod_1.z.string().min(1);
+import { z } from 'zod';
+export const emailOtpSchema = z.string().min(1);
 //# sourceMappingURL=email-otp.js.map

package/dist/types/email-otp.js.map

@@ -1 +1 @@
-{"version":3,"file":"email-otp.js","sourceRoot":"","sources":["../../src/types/email-otp.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const emailOtpSchema = z.string().min(1)\n"]}
+{"version":3,"file":"email-otp.js","sourceRoot":"","sources":["../../src/types/email-otp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const emailOtpSchema = z.string().min(1)\n"]}

package/dist/types/email.js

@@ -1,10 +1,7 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.emailSchema = void 0;
-const address_1 = require("@hapi/address");
-const disposable_email_domains_js_1 = require("disposable-email-domains-js");
-const zod_1 = require("zod");
-exports.emailSchema = zod_1.z
+import { isEmailValid } from '@hapi/address';
+import { isDisposableEmail } from 'disposable-email-domains-js';
+import { z } from 'zod';
+export const emailSchema = z
     .string()
     .email()
     // @NOTE Internally, `zod` uses a regexp for validating emails.. This
@@ -19,10 +16,10 @@ exports.emailSchema = zod_1.z
     // according to both libraries ensuring that we never encounter a case where
     // an email allowed here is in a format that would be rejected by other parts
     // of our systems.
-    .refine(address_1.isEmailValid, {
+    .refine(isEmailValid, {
     message: 'Invalid email address',
 })
-    .refine((email) => !(0, disposable_email_domains_js_1.isDisposableEmail)(email), {
+    .refine((email) => !isDisposableEmail(email), {
     message: 'Disposable email addresses are not allowed',
 })
     .transform((value) => value.toLowerCase());

package/dist/types/email.js.map

@@ -1 +1 @@
-{"version":3,"file":"email.js","sourceRoot":"","sources":["../../src/types/email.ts"],"names":[],"mappings":";;;AAAA,2CAA4C;AAC5C,6EAA+D;AAC/D,6BAAuB;AAEV,QAAA,WAAW,GAAG,OAAC;KACzB,MAAM,EAAE;KACR,KAAK,EAAE;IACR,qEAAqE;IACrE,2EAA2E;IAC3E,2EAA2E;IAC3E,+DAA+D;IAC/D,oEAAoE;IACpE,2EAA2E;IAC3E,EAAE;IACF,6EAA6E;IAC7E,8EAA8E;IAC9E,4EAA4E;IAC5E,6EAA6E;IAC7E,kBAAkB;KACjB,MAAM,CAAC,sBAAY,EAAE;IACpB,OAAO,EAAE,uBAAuB;CACjC,CAAC;KACD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAA,+CAAiB,EAAC,KAAK,CAAC,EAAE;IAC5C,OAAO,EAAE,4CAA4C;CACtD,CAAC;KACD,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAA","sourcesContent":["import { isEmailValid } from '@hapi/address'\nimport { isDisposableEmail } from 'disposable-email-domains-js'\nimport { z } from 'zod'\n\nexport const emailSchema = z\n  .string()\n  .email()\n  // @NOTE Internally, `zod` uses a regexp for validating emails.. This\n  // validation strategy *could* be less permissive in some (edge) cases than\n  // `@hapi/address` as the latter uses an algorithm based on the spec. Truth\n  // is, it is kinda hard to know if the set of emails allowed by\n  // `@hapi/address` is covered by the set of emails allowed by `zod`.\n  // Additionally, this could change with future changes in either libraries.\n  //\n  // Because of this uncertainty, and because other part of the Bluesky/ATProto\n  // codebases rely solely on `zod`, this code only allows emails that are valid\n  // according to both libraries ensuring that we never encounter a case where\n  // an email allowed here is in a format that would be rejected by other parts\n  // of our systems.\n  .refine(isEmailValid, {\n    message: 'Invalid email address',\n  })\n  .refine((email) => !isDisposableEmail(email), {\n    message: 'Disposable email addresses are not allowed',\n  })\n  .transform((value) => value.toLowerCase())\n"]}
+{"version":3,"file":"email.js","sourceRoot":"","sources":["../../src/types/email.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAC/D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC;KACzB,MAAM,EAAE;KACR,KAAK,EAAE;IACR,qEAAqE;IACrE,2EAA2E;IAC3E,2EAA2E;IAC3E,+DAA+D;IAC/D,oEAAoE;IACpE,2EAA2E;IAC3E,EAAE;IACF,6EAA6E;IAC7E,8EAA8E;IAC9E,4EAA4E;IAC5E,6EAA6E;IAC7E,kBAAkB;KACjB,MAAM,CAAC,YAAY,EAAE;IACpB,OAAO,EAAE,uBAAuB;CACjC,CAAC;KACD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE;IAC5C,OAAO,EAAE,4CAA4C;CACtD,CAAC;KACD,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAA","sourcesContent":["import { isEmailValid } from '@hapi/address'\nimport { isDisposableEmail } from 'disposable-email-domains-js'\nimport { z } from 'zod'\n\nexport const emailSchema = z\n  .string()\n  .email()\n  // @NOTE Internally, `zod` uses a regexp for validating emails.. This\n  // validation strategy *could* be less permissive in some (edge) cases than\n  // `@hapi/address` as the latter uses an algorithm based on the spec. Truth\n  // is, it is kinda hard to know if the set of emails allowed by\n  // `@hapi/address` is covered by the set of emails allowed by `zod`.\n  // Additionally, this could change with future changes in either libraries.\n  //\n  // Because of this uncertainty, and because other part of the Bluesky/ATProto\n  // codebases rely solely on `zod`, this code only allows emails that are valid\n  // according to both libraries ensuring that we never encounter a case where\n  // an email allowed here is in a format that would be rejected by other parts\n  // of our systems.\n  .refine(isEmailValid, {\n    message: 'Invalid email address',\n  })\n  .refine((email) => !isDisposableEmail(email), {\n    message: 'Disposable email addresses are not allowed',\n  })\n  .transform((value) => value.toLowerCase())\n"]}

package/dist/types/handle.js

@@ -1,22 +1,19 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.handleSchema = void 0;
-const zod_1 = require("zod");
-const syntax_1 = require("@atproto/syntax");
-exports.handleSchema = zod_1.z
+import { z } from 'zod';
+import { ensureValidHandle, normalizeHandle } from '@atproto/syntax';
+export const handleSchema = z
     .string()
     // @NOTE: We only check against validity towards ATProto's syntax. Additional
     // rules may be imposed by the store implementation.
     .superRefine((value, ctx) => {
     try {
-        (0, syntax_1.ensureValidHandle)(value);
+        ensureValidHandle(value);
     }
     catch (err) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: err instanceof Error ? err.message : 'Invalid handle',
         });
     }
 })
-    .transform(syntax_1.normalizeHandle);
+    .transform(normalizeHandle);
 //# sourceMappingURL=handle.js.map

package/dist/types/handle.js.map

@@ -1 +1 @@
-{"version":3,"file":"handle.js","sourceRoot":"","sources":["../../src/types/handle.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,4CAAoE;AAEvD,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,EAAE;IACT,6EAA6E;IAC7E,oDAAoD;KACnD,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,IAAA,0BAAiB,EAAC,KAAK,CAAC,CAAA;IAC1B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SAC/D,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,SAAS,CAAC,wBAAe,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { ensureValidHandle, normalizeHandle } from '@atproto/syntax'\n\nexport const handleSchema = z\n  .string()\n  // @NOTE: We only check against validity towards ATProto's syntax. Additional\n  // rules may be imposed by the store implementation.\n  .superRefine((value, ctx) => {\n    try {\n      ensureValidHandle(value)\n    } catch (err) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: err instanceof Error ? err.message : 'Invalid handle',\n      })\n    }\n  })\n  .transform(normalizeHandle)\n"]}
+{"version":3,"file":"handle.js","sourceRoot":"","sources":["../../src/types/handle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAEpE,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC;KAC1B,MAAM,EAAE;IACT,6EAA6E;IAC7E,oDAAoD;KACnD,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,iBAAiB,CAAC,KAAK,CAAC,CAAA;IAC1B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,gBAAgB;SAC/D,CAAC,CAAA;IACJ,CAAC;AACH,CAAC,CAAC;KACD,SAAS,CAAC,eAAe,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { ensureValidHandle, normalizeHandle } from '@atproto/syntax'\n\nexport const handleSchema = z\n  .string()\n  // @NOTE: We only check against validity towards ATProto's syntax. Additional\n  // rules may be imposed by the store implementation.\n  .superRefine((value, ctx) => {\n    try {\n      ensureValidHandle(value)\n    } catch (err) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: err instanceof Error ? err.message : 'Invalid handle',\n      })\n    }\n  })\n  .transform(normalizeHandle)\n"]}

package/dist/types/invite-code.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.inviteCodeSchema = void 0;
-const zod_1 = require("zod");
-exports.inviteCodeSchema = zod_1.z.string().min(1);
+import { z } from 'zod';
+export const inviteCodeSchema = z.string().min(1);
 //# sourceMappingURL=invite-code.js.map

package/dist/types/invite-code.js.map

@@ -1 +1 @@
-{"version":3,"file":"invite-code.js","sourceRoot":"","sources":["../../src/types/invite-code.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const inviteCodeSchema = z.string().min(1)\nexport type InviteCode = z.infer<typeof inviteCodeSchema>\n"]}
+{"version":3,"file":"invite-code.js","sourceRoot":"","sources":["../../src/types/invite-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const inviteCodeSchema = z.string().min(1)\nexport type InviteCode = z.infer<typeof inviteCodeSchema>\n"]}

package/dist/types/par-response-error.js

@@ -1,14 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.parResponseErrorSchema = void 0;
-exports.isPARResponseError = isPARResponseError;
-const zod_1 = require("zod");
-const authorization_response_error_js_1 = require("./authorization-response-error.js");
+import { z } from 'zod';
+import { authorizationResponseErrorSchema } from './authorization-response-error.js';
 // https://datatracker.ietf.org/doc/html/rfc9126#section-2.3-1
 // > Since initial processing of the pushed authorization request does not
 // > involve resource owner interaction, error codes related to user
 // > interaction, such as "access_denied", are never returned.
-exports.parResponseErrorSchema = zod_1.z.intersection(authorization_response_error_js_1.authorizationResponseErrorSchema, zod_1.z.enum([
+export const parResponseErrorSchema = z.intersection(authorizationResponseErrorSchema, z.enum([
     'invalid_request',
     'unauthorized_client',
     'unsupported_response_type',
@@ -16,7 +12,7 @@ exports.parResponseErrorSchema = zod_1.z.intersection(authorization_response_err
     'server_error',
     'temporarily_unavailable',
 ]));
-function isPARResponseError(value) {
-    return exports.parResponseErrorSchema.safeParse(value).success;
+export function isPARResponseError(value) {
+    return parResponseErrorSchema.safeParse(value).success;
 }
 //# sourceMappingURL=par-response-error.js.map

package/dist/types/par-response-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"par-response-error.js","sourceRoot":"","sources":["../../src/types/par-response-error.ts"],"names":[],"mappings":";;;AAsBA,gDAEC;AAxBD,6BAAuB;AACvB,uFAAoF;AAEpF,8DAA8D;AAC9D,0EAA0E;AAC1E,oEAAoE;AACpE,8DAA8D;AAEjD,QAAA,sBAAsB,GAAG,OAAC,CAAC,YAAY,CAClD,kEAAgC,EAChC,OAAC,CAAC,IAAI,CAAC;IACL,iBAAiB;IACjB,qBAAqB;IACrB,2BAA2B;IAC3B,eAAe;IACf,cAAc;IACd,yBAAyB;CAC1B,CAAC,CACH,CAAA;AAID,SAAgB,kBAAkB,CAAI,KAAQ;IAC5C,OAAO,8BAAsB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AACxD,CAAC","sourcesContent":["import { z } from 'zod'\nimport { authorizationResponseErrorSchema } from './authorization-response-error.js'\n\n// https://datatracker.ietf.org/doc/html/rfc9126#section-2.3-1\n// > Since initial processing of the pushed authorization request does not\n// > involve resource owner interaction, error codes related to user\n// > interaction, such as \"access_denied\", are never returned.\n\nexport const parResponseErrorSchema = z.intersection(\n  authorizationResponseErrorSchema,\n  z.enum([\n    'invalid_request',\n    'unauthorized_client',\n    'unsupported_response_type',\n    'invalid_scope',\n    'server_error',\n    'temporarily_unavailable',\n  ]),\n)\n\nexport type PARResponseError = z.infer<typeof parResponseErrorSchema>\n\nexport function isPARResponseError<T>(value: T): value is T & PARResponseError {\n  return parResponseErrorSchema.safeParse(value).success\n}\n"]}
+{"version":3,"file":"par-response-error.js","sourceRoot":"","sources":["../../src/types/par-response-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,gCAAgC,EAAE,MAAM,mCAAmC,CAAA;AAEpF,8DAA8D;AAC9D,0EAA0E;AAC1E,oEAAoE;AACpE,8DAA8D;AAE9D,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,YAAY,CAClD,gCAAgC,EAChC,CAAC,CAAC,IAAI,CAAC;IACL,iBAAiB;IACjB,qBAAqB;IACrB,2BAA2B;IAC3B,eAAe;IACf,cAAc;IACd,yBAAyB;CAC1B,CAAC,CACH,CAAA;AAID,MAAM,UAAU,kBAAkB,CAAI,KAAQ;IAC5C,OAAO,sBAAsB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAA;AACxD,CAAC","sourcesContent":["import { z } from 'zod'\nimport { authorizationResponseErrorSchema } from './authorization-response-error.js'\n\n// https://datatracker.ietf.org/doc/html/rfc9126#section-2.3-1\n// > Since initial processing of the pushed authorization request does not\n// > involve resource owner interaction, error codes related to user\n// > interaction, such as \"access_denied\", are never returned.\n\nexport const parResponseErrorSchema = z.intersection(\n  authorizationResponseErrorSchema,\n  z.enum([\n    'invalid_request',\n    'unauthorized_client',\n    'unsupported_response_type',\n    'invalid_scope',\n    'server_error',\n    'temporarily_unavailable',\n  ]),\n)\n\nexport type PARResponseError = z.infer<typeof parResponseErrorSchema>\n\nexport function isPARResponseError<T>(value: T): value is T & PARResponseError {\n  return parResponseErrorSchema.safeParse(value).success\n}\n"]}

package/dist/types/password.js

@@ -1,7 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.newPasswordSchema = exports.oldPasswordSchema = void 0;
-const zod_1 = require("zod");
-exports.oldPasswordSchema = zod_1.z.string().min(1).max(512);
-exports.newPasswordSchema = zod_1.z.string().min(8).max(256);
+import { z } from 'zod';
+export const oldPasswordSchema = z.string().min(1).max(512);
+export const newPasswordSchema = z.string().min(8).max(256);
 //# sourceMappingURL=password.js.map

package/dist/types/password.js.map

@@ -1 +1 @@
-{"version":3,"file":"password.js","sourceRoot":"","sources":["../../src/types/password.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;AAC9C,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oldPasswordSchema = z.string().min(1).max(512)\nexport const newPasswordSchema = z.string().min(8).max(256)\n"]}
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../../src/types/password.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;AAC3D,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oldPasswordSchema = z.string().min(1).max(512)\nexport const newPasswordSchema = z.string().min(8).max(256)\n"]}

package/dist/types/rgb-color.js

@@ -1,14 +1,11 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.rgbColorSchema = void 0;
-const zod_1 = require("zod");
-const color_js_1 = require("../lib/util/color.js");
-exports.rgbColorSchema = zod_1.z.string().transform((value, ctx) => {
+import { z } from 'zod';
+import { parseColor } from '../lib/util/color.js';
+export const rgbColorSchema = z.string().transform((value, ctx) => {
     try {
-        const parsed = (0, color_js_1.parseColor)(value);
+        const parsed = parseColor(value);
         if ('a' in parsed && parsed.a !== undefined) {
             ctx.addIssue({
-                code: zod_1.z.ZodIssueCode.custom,
+                code: z.ZodIssueCode.custom,
                 message: 'Alpha values are not supported',
             });
         }
@@ -16,10 +13,10 @@ exports.rgbColorSchema = zod_1.z.string().transform((value, ctx) => {
     }
     catch (e) {
         ctx.addIssue({
-            code: zod_1.z.ZodIssueCode.custom,
+            code: z.ZodIssueCode.custom,
             message: e instanceof Error ? e.message : 'Invalid color value',
         });
-        return zod_1.z.NEVER;
+        return z.NEVER;
     }
 });
 //# sourceMappingURL=rgb-color.js.map

package/dist/types/rgb-color.js.map

@@ -1 +1 @@
-{"version":3,"file":"rgb-color.js","sourceRoot":"","sources":["../../src/types/rgb-color.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AACvB,mDAA2D;AAE9C,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,GAAG,EAAY,EAAE;IAC1E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,qBAAU,EAAC,KAAK,CAAC,CAAA;QAChC,IAAI,GAAG,IAAI,MAAM,IAAI,MAAM,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YAC5C,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,gCAAgC;aAC1C,CAAC,CAAA;QACJ,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB;SAChE,CAAC,CAAA;QACF,OAAO,OAAC,CAAC,KAAK,CAAA;IAChB,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { RgbColor, parseColor } from '../lib/util/color.js'\n\nexport const rgbColorSchema = z.string().transform((value, ctx): RgbColor => {\n  try {\n    const parsed = parseColor(value)\n    if ('a' in parsed && parsed.a !== undefined) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'Alpha values are not supported',\n      })\n    }\n    return parsed\n  } catch (e) {\n    ctx.addIssue({\n      code: z.ZodIssueCode.custom,\n      message: e instanceof Error ? e.message : 'Invalid color value',\n    })\n    return z.NEVER\n  }\n})\n"]}
+{"version":3,"file":"rgb-color.js","sourceRoot":"","sources":["../../src/types/rgb-color.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAY,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAE3D,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,GAAG,EAAY,EAAE;IAC1E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;QAChC,IAAI,GAAG,IAAI,MAAM,IAAI,MAAM,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YAC5C,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,gCAAgC;aAC1C,CAAC,CAAA;QACJ,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB;SAChE,CAAC,CAAA;QACF,OAAO,CAAC,CAAC,KAAK,CAAA;IAChB,CAAC;AACH,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\nimport { RgbColor, parseColor } from '../lib/util/color.js'\n\nexport const rgbColorSchema = z.string().transform((value, ctx): RgbColor => {\n  try {\n    const parsed = parseColor(value)\n    if ('a' in parsed && parsed.a !== undefined) {\n      ctx.addIssue({\n        code: z.ZodIssueCode.custom,\n        message: 'Alpha values are not supported',\n      })\n    }\n    return parsed\n  } catch (e) {\n    ctx.addIssue({\n      code: z.ZodIssueCode.custom,\n      message: e instanceof Error ? e.message : 'Invalid color value',\n    })\n    return z.NEVER\n  }\n})\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/oauth-provider",
-  "version": "0.16.5",
+  "version": "0.17.0",
   "license": "MIT",
   "description": "Generic OAuth2 and OpenID Connect provider for Node.js. Currently only supports features needed for Atproto.",
   "keywords": [
@@ -18,9 +18,7 @@
     "url": "https://github.com/bluesky-social/atproto",
     "directory": "packages/oauth/oauth-provider"
   },
-  "type": "commonjs",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "type": "module",
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
@@ -28,7 +26,7 @@
     }
   },
   "engines": {
-    "node": ">=18.7.0"
+    "node": ">=22"
   },
   "dependencies": {
     "@hapi/accept": "^6.0.3",
@@ -42,29 +40,29 @@
     "ioredis": "^5.3.2",
     "jose": "^5.2.0",
     "zod": "^3.23.8",
-    "@atproto-labs/fetch-node": "^0.2.0",
-    "@atproto-labs/pipe": "^0.1.1",
-    "@atproto-labs/simple-store": "^0.3.0",
-    "@atproto-labs/fetch": "^0.2.3",
-    "@atproto-labs/simple-store-memory": "^0.1.4",
-    "@atproto/jwk": "^0.6.0",
-    "@atproto/did": "^0.3.0",
-    "@atproto/jwk-jose": "^0.1.11",
-    "@atproto/common": "^0.5.16",
-    "@atproto/lex-document": "^0.0.21",
-    "@atproto/lex-resolver": "^0.0.24",
-    "@atproto/oauth-types": "^0.6.3",
-    "@atproto/oauth-scopes": "^0.3.2",
-    "@atproto/oauth-provider-ui": "0.5.2",
-    "@atproto/syntax": "^0.5.4",
-    "@atproto/oauth-provider-api": "0.4.0"
+    "@atproto-labs/fetch": "^0.3.0",
+    "@atproto-labs/fetch-node": "^0.3.0",
+    "@atproto-labs/pipe": "^0.2.0",
+    "@atproto-labs/simple-store": "^0.4.0",
+    "@atproto-labs/simple-store-memory": "^0.2.0",
+    "@atproto/common": "^0.6.0",
+    "@atproto/did": "^0.4.0",
+    "@atproto/jwk": "^0.7.0",
+    "@atproto/jwk-jose": "^0.2.0",
+    "@atproto/lex-document": "^0.1.0",
+    "@atproto/lex-resolver": "^0.1.0",
+    "@atproto/oauth-types": "^0.7.0",
+    "@atproto/oauth-provider-api": "0.5.0",
+    "@atproto/oauth-provider-ui": "0.6.0",
+    "@atproto/oauth-scopes": "^0.4.0",
+    "@atproto/syntax": "^0.6.0"
   },
   "devDependencies": {
     "@types/cookie": "^0.6.0",
     "@types/forwarded": "0.1.3",
     "@types/http-errors": "^2.0.4",
     "@types/send": "^0.17.4",
-    "@atproto-labs/rollup-plugin-bundle-manifest": "^0.2.0"
+    "@atproto-labs/rollup-plugin-bundle-manifest": "^0.3.0"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

package/src/dpop/dpop-nonce.ts

@@ -14,7 +14,7 @@ export const rotationIntervalSchema = z
 const SECRET_BYTE_LENGTH = 32
 
 export const secretBytesSchema = z
-  .instanceof(Uint8Array)
+  .instanceof(Uint8Array<ArrayBufferLike>)
   .refine((secret) => secret.length === SECRET_BYTE_LENGTH, {
     message: `Secret must be exactly ${SECRET_BYTE_LENGTH} bytes long`,
   })

package/src/errors/invalid-invite-code-error.ts

@@ -1,4 +1,4 @@
-import { InvalidRequestError } from './invalid-request-error'
+import { InvalidRequestError } from './invalid-request-error.js'
 
 export class InvalidInviteCodeError extends InvalidRequestError {
   constructor(details?: string, cause?: unknown) {

package/src/lib/http/accept.ts

@@ -1,5 +1,8 @@
 import type { IncomingMessage, ServerResponse } from 'node:http'
-import { mediaType } from '@hapi/accept'
+// eslint-disable-next-line import/default, import/no-named-as-default-member
+import accept from '@hapi/accept'
+// eslint-disable-next-line import/no-named-as-default-member
+const { mediaType } = accept
 import { SubCtx, subCtx } from './context.js'
 import { Middleware, NextFunction } from './types.js'
 

package/src/lib/http/request.ts

@@ -1,5 +1,8 @@
 import type { IncomingMessage, ServerResponse } from 'node:http'
-import { languages, mediaType } from '@hapi/accept'
+// eslint-disable-next-line import/default, import/no-named-as-default-member
+import accept from '@hapi/accept'
+// eslint-disable-next-line import/no-named-as-default-member
+const { languages, mediaType } = accept
 import {
   CookieSerializeOptions,
   parse as parseCookie,

package/src/lib/util/type.ts

@@ -1,4 +1,3 @@
-// eslint-disable-next-line @typescript-eslint/ban-types
 export type Simplify<T> = { [K in keyof T]: T[K] } & {}
 export type Override<T, V> = Simplify<{
   [K in keyof (V & T)]: K extends keyof V

package/src/router/assets/assets-manifest.ts

@@ -1,4 +1,5 @@
 import { createReadStream } from 'node:fs'
+import { createRequire } from 'node:module'
 import { join } from 'node:path'
 import { Readable } from 'node:stream'
 import type { Manifest } from '@atproto-labs/rollup-plugin-bundle-manifest'
@@ -34,8 +35,9 @@ const ASSETS_URL_PREFIX = '/@atproto/oauth-provider/~assets/'
 export function parseAssetsManifest(manifestPath: string) {
   // Using `require` instead of `JSON.parse(readFileSync())` so that node's
   // watch mode can pick up changes to the manifest file.
+  const require = createRequire(import.meta.url)
 
-  // eslint-disable-next-line
+  // eslint-disable-next-line import/no-dynamic-require
   const manifest = require(manifestPath) as Manifest
 
   const assets = new Map<string, Asset>(

package/src/router/assets/assets.ts

@@ -1,4 +1,5 @@
 import type { IncomingMessage, ServerResponse } from 'node:http'
+import { createRequire } from 'node:module'
 import type { HydrationData as UiHydrationData } from '@atproto/oauth-provider-ui/hydration-data'
 import { buildCustomizationCss } from '../../customization/build-customization-css.js'
 import { buildCustomizationData } from '../../customization/build-customization-data.js'
@@ -24,6 +25,7 @@ import { setupCsrfToken } from './csrf.js'
 //   require.resolve('@atproto/oauth-provider-ui/bundle-manifest.json'),
 // )
 
+const require = createRequire(import.meta.url)
 const ui = parseAssetsManifest(
   require.resolve('@atproto/oauth-provider-ui/bundle-manifest.json'),
 )

package/tsconfig.build.tsbuildinfo

@@ -1 +1 @@
-{"root":["./src/constants.ts","./src/index.ts","./src/oauth-client.ts","./src/oauth-dpop.ts","./src/oauth-errors.ts","./src/oauth-hooks.ts","./src/oauth-middleware.ts","./src/oauth-provider.ts","./src/oauth-store.ts","./src/oauth-verifier.ts","./src/access-token/access-token-mode.ts","./src/account/account-manager.ts","./src/account/account-store.ts","./src/account/sign-in-data.ts","./src/account/sign-up-input.ts","./src/client/client-auth.ts","./src/client/client-data.ts","./src/client/client-id.ts","./src/client/client-info.ts","./src/client/client-manager.ts","./src/client/client-store.ts","./src/client/client-utils.ts","./src/client/client.ts","./src/customization/branding.ts","./src/customization/build-customization-css.ts","./src/customization/build-customization-data.ts","./src/customization/colors.ts","./src/customization/customization.ts","./src/customization/links.ts","./src/device/device-data.ts","./src/device/device-id.ts","./src/device/device-manager.ts","./src/device/device-store.ts","./src/device/session-id.ts","./src/dpop/dpop-manager.ts","./src/dpop/dpop-nonce.ts","./src/dpop/dpop-proof.ts","./src/errors/access-denied-error.ts","./src/errors/account-selection-required-error.ts","./src/errors/authorization-error.ts","./src/errors/consent-required-error.ts","./src/errors/error-parser.ts","./src/errors/handle-unavailable-error.ts","./src/errors/invalid-authorization-details-error.ts","./src/errors/invalid-client-error.ts","./src/errors/invalid-client-id-error.ts","./src/errors/invalid-client-metadata-error.ts","./src/errors/invalid-credentials-error.ts","./src/errors/invalid-dpop-key-binding-error.ts","./src/errors/invalid-dpop-proof-error.ts","./src/errors/invalid-grant-error.ts","./src/errors/invalid-invite-code-error.ts","./src/errors/invalid-redirect-uri-error.ts","./src/errors/invalid-request-error.ts","./src/errors/invalid-scope-error.ts","./src/errors/invalid-token-error.ts","./src/errors/login-required-error.ts","./src/errors/oauth-error.ts","./src/errors/second-authentication-factor-required-error.ts","./src/errors/unauthorized-client-error.ts","./src/errors/use-dpop-nonce-error.ts","./src/errors/www-authenticate-error.ts","./src/lexicon/lexicon-data.ts","./src/lexicon/lexicon-getter.ts","./src/lexicon/lexicon-manager.ts","./src/lexicon/lexicon-store.ts","./src/lib/hcaptcha.ts","./src/lib/nsid.ts","./src/lib/redis.ts","./src/lib/write-form-redirect.ts","./src/lib/write-html.ts","./src/lib/csp/index.ts","./src/lib/html/build-document.ts","./src/lib/html/escapers.ts","./src/lib/html/html.ts","./src/lib/html/hydration-data.ts","./src/lib/html/index.ts","./src/lib/html/tags.ts","./src/lib/html/util.ts","./src/lib/http/accept.ts","./src/lib/http/context.ts","./src/lib/http/headers.ts","./src/lib/http/index.ts","./src/lib/http/method.ts","./src/lib/http/middleware.ts","./src/lib/http/parser.ts","./src/lib/http/path.ts","./src/lib/http/request.ts","./src/lib/http/response.ts","./src/lib/http/route.ts","./src/lib/http/router.ts","./src/lib/http/security-headers.ts","./src/lib/http/stream.ts","./src/lib/http/types.ts","./src/lib/http/url.ts","./src/lib/util/authorization-header.ts","./src/lib/util/cast.ts","./src/lib/util/color.ts","./src/lib/util/crypto.ts","./src/lib/util/date.ts","./src/lib/util/error.ts","./src/lib/util/function.ts","./src/lib/util/locale.ts","./src/lib/util/object.ts","./src/lib/util/redirect-uri.ts","./src/lib/util/time.ts","./src/lib/util/type.ts","./src/lib/util/ui8.ts","./src/lib/util/well-known.ts","./src/lib/util/zod-error.ts","./src/metadata/build-metadata.ts","./src/oidc/sub.ts","./src/replay/replay-manager.ts","./src/replay/replay-store-memory.ts","./src/replay/replay-store-redis.ts","./src/replay/replay-store.ts","./src/request/code.ts","./src/request/request-data.ts","./src/request/request-id.ts","./src/request/request-manager.ts","./src/request/request-store.ts","./src/request/request-uri.ts","./src/result/authorization-redirect-parameters.ts","./src/result/authorization-result-authorize-page.ts","./src/result/authorization-result-redirect.ts","./src/router/create-account-page-middleware.ts","./src/router/create-api-middleware.ts","./src/router/create-authorization-page-middleware.ts","./src/router/create-oauth-middleware.ts","./src/router/error-handler.ts","./src/router/middleware-options.ts","./src/router/assets/assets-manifest.ts","./src/router/assets/assets.ts","./src/router/assets/csrf.ts","./src/router/assets/send-account-page.ts","./src/router/assets/send-authorization-page.ts","./src/router/assets/send-cookie-error-page.ts","./src/router/assets/send-error-page.ts","./src/router/assets/send-redirect.ts","./src/signer/access-token-payload.ts","./src/signer/api-token-payload.ts","./src/signer/signer.ts","./src/token/refresh-token.ts","./src/token/token-claims.ts","./src/token/token-data.ts","./src/token/token-id.ts","./src/token/token-manager.ts","./src/token/token-store.ts","./src/types/authorization-response-error.ts","./src/types/color-hue.ts","./src/types/email-otp.ts","./src/types/email.ts","./src/types/handle.ts","./src/types/invite-code.ts","./src/types/par-response-error.ts","./src/types/password.ts","./src/types/rgb-color.ts"],"version":"5.8.3"}
+{"root":["./src/constants.ts","./src/index.ts","./src/oauth-client.ts","./src/oauth-dpop.ts","./src/oauth-errors.ts","./src/oauth-hooks.ts","./src/oauth-middleware.ts","./src/oauth-provider.ts","./src/oauth-store.ts","./src/oauth-verifier.ts","./src/access-token/access-token-mode.ts","./src/account/account-manager.ts","./src/account/account-store.ts","./src/account/sign-in-data.ts","./src/account/sign-up-input.ts","./src/client/client-auth.ts","./src/client/client-data.ts","./src/client/client-id.ts","./src/client/client-info.ts","./src/client/client-manager.ts","./src/client/client-store.ts","./src/client/client-utils.ts","./src/client/client.ts","./src/customization/branding.ts","./src/customization/build-customization-css.ts","./src/customization/build-customization-data.ts","./src/customization/colors.ts","./src/customization/customization.ts","./src/customization/links.ts","./src/device/device-data.ts","./src/device/device-id.ts","./src/device/device-manager.ts","./src/device/device-store.ts","./src/device/session-id.ts","./src/dpop/dpop-manager.ts","./src/dpop/dpop-nonce.ts","./src/dpop/dpop-proof.ts","./src/errors/access-denied-error.ts","./src/errors/account-selection-required-error.ts","./src/errors/authorization-error.ts","./src/errors/consent-required-error.ts","./src/errors/error-parser.ts","./src/errors/handle-unavailable-error.ts","./src/errors/invalid-authorization-details-error.ts","./src/errors/invalid-client-error.ts","./src/errors/invalid-client-id-error.ts","./src/errors/invalid-client-metadata-error.ts","./src/errors/invalid-credentials-error.ts","./src/errors/invalid-dpop-key-binding-error.ts","./src/errors/invalid-dpop-proof-error.ts","./src/errors/invalid-grant-error.ts","./src/errors/invalid-invite-code-error.ts","./src/errors/invalid-redirect-uri-error.ts","./src/errors/invalid-request-error.ts","./src/errors/invalid-scope-error.ts","./src/errors/invalid-token-error.ts","./src/errors/login-required-error.ts","./src/errors/oauth-error.ts","./src/errors/second-authentication-factor-required-error.ts","./src/errors/unauthorized-client-error.ts","./src/errors/use-dpop-nonce-error.ts","./src/errors/www-authenticate-error.ts","./src/lexicon/lexicon-data.ts","./src/lexicon/lexicon-getter.ts","./src/lexicon/lexicon-manager.ts","./src/lexicon/lexicon-store.ts","./src/lib/hcaptcha.ts","./src/lib/nsid.ts","./src/lib/redis.ts","./src/lib/write-form-redirect.ts","./src/lib/write-html.ts","./src/lib/csp/index.ts","./src/lib/html/build-document.ts","./src/lib/html/escapers.ts","./src/lib/html/html.ts","./src/lib/html/hydration-data.ts","./src/lib/html/index.ts","./src/lib/html/tags.ts","./src/lib/html/util.ts","./src/lib/http/accept.ts","./src/lib/http/context.ts","./src/lib/http/headers.ts","./src/lib/http/index.ts","./src/lib/http/method.ts","./src/lib/http/middleware.ts","./src/lib/http/parser.ts","./src/lib/http/path.ts","./src/lib/http/request.ts","./src/lib/http/response.ts","./src/lib/http/route.ts","./src/lib/http/router.ts","./src/lib/http/security-headers.ts","./src/lib/http/stream.ts","./src/lib/http/types.ts","./src/lib/http/url.ts","./src/lib/util/authorization-header.ts","./src/lib/util/cast.ts","./src/lib/util/color.ts","./src/lib/util/crypto.ts","./src/lib/util/date.ts","./src/lib/util/error.ts","./src/lib/util/function.ts","./src/lib/util/locale.ts","./src/lib/util/object.ts","./src/lib/util/redirect-uri.ts","./src/lib/util/time.ts","./src/lib/util/type.ts","./src/lib/util/ui8.ts","./src/lib/util/well-known.ts","./src/lib/util/zod-error.ts","./src/metadata/build-metadata.ts","./src/oidc/sub.ts","./src/replay/replay-manager.ts","./src/replay/replay-store-memory.ts","./src/replay/replay-store-redis.ts","./src/replay/replay-store.ts","./src/request/code.ts","./src/request/request-data.ts","./src/request/request-id.ts","./src/request/request-manager.ts","./src/request/request-store.ts","./src/request/request-uri.ts","./src/result/authorization-redirect-parameters.ts","./src/result/authorization-result-authorize-page.ts","./src/result/authorization-result-redirect.ts","./src/router/create-account-page-middleware.ts","./src/router/create-api-middleware.ts","./src/router/create-authorization-page-middleware.ts","./src/router/create-oauth-middleware.ts","./src/router/error-handler.ts","./src/router/middleware-options.ts","./src/router/assets/assets-manifest.ts","./src/router/assets/assets.ts","./src/router/assets/csrf.ts","./src/router/assets/send-account-page.ts","./src/router/assets/send-authorization-page.ts","./src/router/assets/send-cookie-error-page.ts","./src/router/assets/send-error-page.ts","./src/router/assets/send-redirect.ts","./src/signer/access-token-payload.ts","./src/signer/api-token-payload.ts","./src/signer/signer.ts","./src/token/refresh-token.ts","./src/token/token-claims.ts","./src/token/token-data.ts","./src/token/token-id.ts","./src/token/token-manager.ts","./src/token/token-store.ts","./src/types/authorization-response-error.ts","./src/types/color-hue.ts","./src/types/email-otp.ts","./src/types/email.ts","./src/types/handle.ts","./src/types/invite-code.ts","./src/types/par-response-error.ts","./src/types/password.ts","./src/types/rgb-color.ts"],"version":"6.0.3"}