npm - @atproto/oauth-provider - Versions diffs - 0.2.6 → 0.2.8 - Mend

@atproto/oauth-provider 0.2.6 → 0.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/CHANGELOG.md +13 -0
package/dist/assets/app/bundle-manifest.json +2 -2
package/dist/assets/app/main.js +3 -3
package/dist/assets/app/main.js.map +1 -1
package/dist/assets/assets-middleware.js +1 -1
package/dist/assets/assets-middleware.js.map +1 -1
package/dist/client/client.d.ts +2 -2
package/dist/client/client.d.ts.map +1 -1
package/dist/client/client.js.map +1 -1
package/dist/lib/http/accept.d.ts +1 -0
package/dist/lib/http/accept.d.ts.map +1 -1
package/dist/lib/http/accept.js +1 -0
package/dist/lib/http/accept.js.map +1 -1
package/dist/lib/http/middleware.js +1 -1
package/dist/lib/http/middleware.js.map +1 -1
package/dist/lib/http/response.d.ts +9 -5
package/dist/lib/http/response.d.ts.map +1 -1
package/dist/lib/http/response.js +18 -59
package/dist/lib/http/response.js.map +1 -1
package/dist/oauth-provider.d.ts.map +1 -1
package/dist/oauth-provider.js +19 -9
package/dist/oauth-provider.js.map +1 -1
package/dist/oauth-verifier.d.ts +2 -2
package/dist/oauth-verifier.d.ts.map +1 -1
package/dist/oauth-verifier.js.map +1 -1
package/dist/output/send-web-page.d.ts +3 -3
package/dist/output/send-web-page.d.ts.map +1 -1
package/dist/output/send-web-page.js +2 -2
package/dist/output/send-web-page.js.map +1 -1
package/dist/request/request-uri.d.ts.map +1 -1
package/dist/request/request-uri.js +0 -1
package/dist/request/request-uri.js.map +1 -1
package/dist/signer/signed-token-payload.d.ts +3 -3
package/dist/signer/signer.d.ts +1 -1
package/dist/token/token-claims.d.ts +3 -3
package/package.json +2 -2
package/src/assets/assets-middleware.ts +1 -1
package/src/client/client.ts +2 -1
package/src/lib/http/accept.ts +1 -0
package/src/lib/http/middleware.ts +1 -1
package/src/lib/http/response.ts +37 -78
package/src/oauth-provider.ts +18 -10
package/src/oauth-verifier.ts +2 -1
package/src/output/send-web-page.ts +5 -3
package/src/request/request-uri.ts +0 -1

package/dist/oauth-verifier.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"oauth-verifier.js","sourceRoot":"","sources":["../src/oauth-verifier.ts"],"names":[],"mappings":";;;AAAA,sCAAuD;~~AAyErD~~,~~uFAzEY~~,YAAM,~~OAyEZ~~;~~AAxER~~,~~sDAI6B~~;AAG7B,8EAAqE;AA+DnE,gGA/DO,sCAAe,OA+DP;AA9DjB,4DAAwE;AACxE,wDAAgD;AA8D9C,0FA9DO,yBAAS,OA8DP;AA7DX,sFAA4E;AAC5E,4EAAmE;AACnE,8EAAoE;AACpE,kFAAyE;AACzE,gFAA6E;AAE7E,kEAA0D;AAC1D,4EAAmE;AACnE,0EAAiE;AAEjE,kDAA2C;AAC3C,2EAIuC;AAoDvC,MAAa,aAAa;IACR,MAAM,~~CAAQ~~;~~IACd~~,MAAM,CAAQ;IAEX,eAAe,CAAiB;IAChC,WAAW,CAAa;IACxB,aAAa,CAAe;IAC5B,MAAM,CAAQ;IAEjC,YAAY,EACV,KAAK,EACL,MAAM,EACN,MAAM,EACN,WAAW,GAAG,KAAK,IAAI,IAAI;QACzB,CAAC,CAAC,IAAI,wCAAgB,CAAC,EAAE,KAAK,EAAE,CAAC;QACjC,CAAC,CAAC,IAAI,0CAAiB,EAAE,EAC3B,eAAe,GAAG,sCAAe,CAAC,GAAG,EAErC,GAAG,cAAc,EACI;QACrB,MAAM,YAAY,GAAG,yCAA2B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAC9D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAA;QAEvC,oCAAoC;QACpC,IAAI,SAAS,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;YAC/B,MAAM,IAAI,SAAS,CACjB,yDAAyD,SAAS,GAAG,CACtE,CAAA;QACH,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,YAAY,CAAA;QAC1B,IAAI,CAAC,MAAM,GAAG,MAAM,YAAY,YAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,YAAM,CAAC,MAAM,CAAC,CAAA;QAEpE,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,IAAI,CAAC,WAAW,GAAG,IAAI,6BAAW,CAAC,cAAc,CAAC,CAAA;QAClD,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CAAC,WAAW,CAAC,CAAA;QACnD,IAAI,CAAC,MAAM,GAAG,IAAI,kBAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;IACpD,CAAC;IAEM,aAAa;QAClB,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,KAAc,EACd,GAAW,EACX,GAAiB,EACjB,WAAoB;QAEpB,IAAI,KAAK,KAAK,SAAS;YAAE,OAAO,IAAI,CAAA;QAEpC,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CACxD,KAAK,EACL,GAAG,EACH,GAAG,EACH,WAAW,CACZ,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC/D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,mDAAqB,CAAC,8BAA8B,CAAC,CAAA;QAE5E,OAAO,GAAG,CAAA;IACZ,CAAC;IAES,sBAAsB,CAC9B,SAAyB,EACzB,eAAgC;QAEhC,IACE,IAAI,CAAC,eAAe,KAAK,sCAAe,CAAC,IAAI;YAC7C,IAAI,CAAC,eAAe,KAAK,eAAe,EACxC,CAAC;YACD,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAA;QAC9D,CAAC;IACH,CAAC;IAES,KAAK,CAAC,iBAAiB,CAC/B,SAAyB,EACzB,KAAuB,EACvB,OAAsB,EACtB,aAAwC;QAExC,IAAI,CAAC,IAAA,iBAAW,EAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAA;QAC3D,CAAC;QAED,IAAI,CAAC,sBAAsB,CAAC,SAAS,EAAE,sCAAe,CAAC,GAAG,CAAC,CAAA;QAE3D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM;aAClC,iBAAiB,CAAC,KAAK,CAAC;aACxB,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,MAAM,0CAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;QAC9C,CAAC,CAAC,CAAA;QAEJ,OAAO,IAAA,0CAAiB,EACtB,KAAK,EACL,OAAO,CAAC,GAAG,EACX,SAAS,EACT,OAAO,EACP,OAAO,EACP,aAAa,CACd,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAC9B,MAAc,EACd,GAAQ,EACR,OAGC,EACD,aAAwC;QAExC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,IAAA,kDAAwB,EAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QAC1E,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CACvC,OAAO,CAAC,IAAI,EACZ,MAAM,EACN,GAAG,EACH,KAAK,CACN,CAAA;YAED,IAAI,SAAS,KAAK,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;gBACrC,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;YACxD,CAAC;YAED,OAAO,MAAM,IAAI,CAAC,iBAAiB,CACjC,SAAS,EACT,KAAK,EACL,OAAO,EACP,aAAa,CACd,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,2CAAiB;gBAAE,MAAM,GAAG,CAAC,sBAAsB,EAAE,CAAA;YACxE,IAAI,GAAG,YAAY,gDAAoB;gBAAE,MAAM,GAAG,CAAA;YAElD,MAAM,0CAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;CACF;AA3ID,sCA2IC"}
1	+ {"version":3,"file":"oauth-verifier.js","sourceRoot":"","sources":["../src/oauth-verifier.ts"],"names":[],"mappings":";;;AAAA,sCAAuD;AA0ErD,uFA1EY,YAAM,OA0EZ;AAzER,sDAK6B;AAG7B,8EAAqE;AA+DnE,gGA/DO,sCAAe,OA+DP;AA9DjB,4DAAwE;AACxE,wDAAgD;AA8D9C,0FA9DO,yBAAS,OA8DP;AA7DX,sFAA4E;AAC5E,4EAAmE;AACnE,8EAAoE;AACpE,kFAAyE;AACzE,gFAA6E;AAE7E,kEAA0D;AAC1D,4EAAmE;AACnE,0EAAiE;AAEjE,kDAA2C;AAC3C,2EAIuC;AAoDvC,MAAa,aAAa;IACR,MAAM,CAAuB;IAC7B,MAAM,CAAQ;IAEX,eAAe,CAAiB;IAChC,WAAW,CAAa;IACxB,aAAa,CAAe;IAC5B,MAAM,CAAQ;IAEjC,YAAY,EACV,KAAK,EACL,MAAM,EACN,MAAM,EACN,WAAW,GAAG,KAAK,IAAI,IAAI;QACzB,CAAC,CAAC,IAAI,wCAAgB,CAAC,EAAE,KAAK,EAAE,CAAC;QACjC,CAAC,CAAC,IAAI,0CAAiB,EAAE,EAC3B,eAAe,GAAG,sCAAe,CAAC,GAAG,EAErC,GAAG,cAAc,EACI;QACrB,MAAM,YAAY,GAAG,yCAA2B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAC9D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAA;QAEvC,oCAAoC;QACpC,IAAI,SAAS,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;YAC/B,MAAM,IAAI,SAAS,CACjB,yDAAyD,SAAS,GAAG,CACtE,CAAA;QACH,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,YAAY,CAAA;QAC1B,IAAI,CAAC,MAAM,GAAG,MAAM,YAAY,YAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,YAAM,CAAC,MAAM,CAAC,CAAA;QAEpE,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,IAAI,CAAC,WAAW,GAAG,IAAI,6BAAW,CAAC,cAAc,CAAC,CAAA;QAClD,IAAI,CAAC,aAAa,GAAG,IAAI,iCAAa,CAAC,WAAW,CAAC,CAAA;QACnD,IAAI,CAAC,MAAM,GAAG,IAAI,kBAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;IACpD,CAAC;IAEM,aAAa;QAClB,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,cAAc,CACzB,KAAc,EACd,GAAW,EACX,GAAiB,EACjB,WAAoB;QAEpB,IAAI,KAAK,KAAK,SAAS;YAAE,OAAO,IAAI,CAAA;QAEpC,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CACxD,KAAK,EACL,GAAG,EACH,GAAG,EACH,WAAW,CACZ,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC/D,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,mDAAqB,CAAC,8BAA8B,CAAC,CAAA;QAE5E,OAAO,GAAG,CAAA;IACZ,CAAC;IAES,sBAAsB,CAC9B,SAAyB,EACzB,eAAgC;QAEhC,IACE,IAAI,CAAC,eAAe,KAAK,sCAAe,CAAC,IAAI;YAC7C,IAAI,CAAC,eAAe,KAAK,eAAe,EACxC,CAAC;YACD,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAA;QAC9D,CAAC;IACH,CAAC;IAES,KAAK,CAAC,iBAAiB,CAC/B,SAAyB,EACzB,KAAuB,EACvB,OAAsB,EACtB,aAAwC;QAExC,IAAI,CAAC,IAAA,iBAAW,EAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,0CAAiB,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAA;QAC3D,CAAC;QAED,IAAI,CAAC,sBAAsB,CAAC,SAAS,EAAE,sCAAe,CAAC,GAAG,CAAC,CAAA;QAE3D,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM;aAClC,iBAAiB,CAAC,KAAK,CAAC;aACxB,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACb,MAAM,0CAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;QAC9C,CAAC,CAAC,CAAA;QAEJ,OAAO,IAAA,0CAAiB,EACtB,KAAK,EACL,OAAO,CAAC,GAAG,EACX,SAAS,EACT,OAAO,EACP,OAAO,EACP,aAAa,CACd,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAC9B,MAAc,EACd,GAAQ,EACR,OAGC,EACD,aAAwC;QAExC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,GAAG,IAAA,kDAAwB,EAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QAC1E,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CACvC,OAAO,CAAC,IAAI,EACZ,MAAM,EACN,GAAG,EACH,KAAK,CACN,CAAA;YAED,IAAI,SAAS,KAAK,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;gBACrC,MAAM,IAAI,mDAAqB,CAAC,qBAAqB,CAAC,CAAA;YACxD,CAAC;YAED,OAAO,MAAM,IAAI,CAAC,iBAAiB,CACjC,SAAS,EACT,KAAK,EACL,OAAO,EACP,aAAa,CACd,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,2CAAiB;gBAAE,MAAM,GAAG,CAAC,sBAAsB,EAAE,CAAA;YACxE,IAAI,GAAG,YAAY,gDAAoB;gBAAE,MAAM,GAAG,CAAA;YAElD,MAAM,0CAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;QAC9C,CAAC;IACH,CAAC;CACF;AA3ID,sCA2IC"}

package/dist/output/send-web-page.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { ServerResponse } from 'node:http';
 import { BuildDocumentOptions, Html } from '../lib/html/index.js';
+import { WriteResponseOptions } from '../lib/http/response.js';
 export declare function declareBackendData(name: string, data: unknown): Html;
-export declare function sendWebPage(res: ServerResponse, { status, ...options }: BuildDocumentOptions & {
-    status?: number;
-}): Promise<void>;
+export type SendWebPageOptions = BuildDocumentOptions & WriteResponseOptions;
+export declare function sendWebPage(res: ServerResponse, options: SendWebPageOptions): Promise<void>;
 //# sourceMappingURL=send-web-page.d.ts.map

package/dist/output/send-web-page.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"send-web-page.d.ts","sourceRoot":"","sources":["../../src/output/send-web-page.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAE1C,OAAO,EAGL,oBAAoB,EACpB,IAAI,EAEL,MAAM,sBAAsB,CAAA;~~AAG7B~~,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,QAM7D;AAED,wBAAsB,WAAW,CAC/B,GAAG,EAAE,cAAc,EACnB,~~EAAE,MAAY,EAAE,GAAG,~~OAAO,EAAE,~~EAAE~~,~~oBAAoB~~,~~GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GACvE,~~OAAO,CAAC,IAAI,CAAC,CAiCf"}
1	+ {"version":3,"file":"send-web-page.d.ts","sourceRoot":"","sources":["../../src/output/send-web-page.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAE1C,OAAO,EAGL,oBAAoB,EACpB,IAAI,EAEL,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAa,oBAAoB,EAAE,MAAM,yBAAyB,CAAA;AAEzE,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,QAM7D;AAED,MAAM,MAAM,kBAAkB,GAAG,oBAAoB,GAAG,oBAAoB,CAAA;AAE5E,wBAAsB,WAAW,CAC/B,GAAG,EAAE,cAAc,EACnB,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAiCf"}

package/dist/output/send-web-page.js CHANGED Viewed

@@ -12,7 +12,7 @@ function declareBackendData(name, data) {
     // "readBackendData" in "src/assets/app/backend-data.ts".
     return (0, index_js_1.js) `window[${name}]=${data};document.currentScript.remove();`;
 }
-async function sendWebPage(res, { status = 200, ...options }) {
+async function sendWebPage(res, options) {
     // @TODO: make these headers configurable (?)
     res.setHeader('Permissions-Policy', 'otp-credentials=*, document-domain=()');
     res.setHeader('Cross-Origin-Embedder-Policy', 'credentialless');
@@ -35,7 +35,7 @@ async function sendWebPage(res, { status = 200, ...options }) {
         `upgrade-insecure-requests`,
     ].join('; '));
     const html = (0, index_js_1.buildDocument)(options);
-    return (0, response_js_1.writeHtml)(res, html.toString(), status);
+    return (0, response_js_1.writeHtml)(res, html.toString(), options);
 }
 function assetToHash(asset) {
     return asset instanceof index_js_1.Html

package/dist/output/send-web-page.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"send-web-page.js","sourceRoot":"","sources":["../../src/output/send-web-page.ts"],"names":[],"mappings":";;AAYA,gDAMC;~~AAED~~,kCAoCC;~~AAxDD~~,6CAAwC;AAGxC,mDAM6B;AAC7B,~~yDAAmD~~;~~AAEnD~~,SAAgB,kBAAkB,CAAC,IAAY,EAAE,IAAa;IAC5D,8EAA8E;IAC9E,8EAA8E;IAC9E,8DAA8D;IAC9D,yDAAyD;IACzD,OAAO,IAAA,aAAE,EAAA,UAAU,IAAI,KAAK,IAAI,mCAAmC,CAAA;AACrE,CAAC;~~AAEM~~,KAAK,UAAU,WAAW,CAC/B,GAAmB,EACnB,~~EAAE,MAAM,GAAG,GAAG,EAAE,GAAG,OAAO,EAA8C~~;~~IAExE~~,6CAA6C;IAC7C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAC5E,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,gBAAgB,CAAC,CAAA;IAC/D,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,aAAa,CAAC,CAAA;IAC5D,GAAG,CAAC,SAAS,CAAC,4BAA4B,EAAE,aAAa,CAAC,CAAA;IAC1D,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;IAC/C,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAA;IACxC,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAA;IAClD,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAA;IACtC,GAAG,CAAC,SAAS,CAAC,2BAA2B,EAAE,kBAAkB,CAAC,CAAA;IAC9D,GAAG,CAAC,SAAS,CACX,yBAAyB,EACzB;QACE,oBAAoB;QACpB,wBAAwB;QACxB,oBAAoB;QACpB,YAAY,OAAO,CAAC,IAAI,EAAE,MAAM,IAAI,QAAQ,EAAE;QAC9C,qBACE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EACpE,EAAE;QACF,oBACE,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EACnE,EAAE;QACF,6BAA6B;QAC7B,oBAAoB;QACpB,2BAA2B;KAC5B,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAA;IAED,MAAM,IAAI,GAAG,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAA;IAEnC,OAAO,IAAA,uBAAS,EAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,~~MAAM~~,CAAC,CAAA;~~AAChD~~,CAAC;AAED,SAAS,WAAW,CAAC,KAAsB;IACzC,OAAO,KAAK,YAAY,eAAI;QAC1B,CAAC,CAAC,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAChE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAA;AAClB,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,WAAW,IAAI,GAAG,CAAA;AAC3B,CAAC"}
1	+ {"version":3,"file":"send-web-page.js","sourceRoot":"","sources":["../../src/output/send-web-page.ts"],"names":[],"mappings":";;AAYA,gDAMC;AAID,kCAoCC;AA1DD,6CAAwC;AAGxC,mDAM6B;AAC7B,yDAAyE;AAEzE,SAAgB,kBAAkB,CAAC,IAAY,EAAE,IAAa;IAC5D,8EAA8E;IAC9E,8EAA8E;IAC9E,8DAA8D;IAC9D,yDAAyD;IACzD,OAAO,IAAA,aAAE,EAAA,UAAU,IAAI,KAAK,IAAI,mCAAmC,CAAA;AACrE,CAAC;AAIM,KAAK,UAAU,WAAW,CAC/B,GAAmB,EACnB,OAA2B;IAE3B,6CAA6C;IAC7C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAC5E,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,gBAAgB,CAAC,CAAA;IAC/D,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,aAAa,CAAC,CAAA;IAC5D,GAAG,CAAC,SAAS,CAAC,4BAA4B,EAAE,aAAa,CAAC,CAAA;IAC1D,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;IAC/C,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAA;IACxC,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAA;IAClD,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAA;IACtC,GAAG,CAAC,SAAS,CAAC,2BAA2B,EAAE,kBAAkB,CAAC,CAAA;IAC9D,GAAG,CAAC,SAAS,CACX,yBAAyB,EACzB;QACE,oBAAoB;QACpB,wBAAwB;QACxB,oBAAoB;QACpB,YAAY,OAAO,CAAC,IAAI,EAAE,MAAM,IAAI,QAAQ,EAAE;QAC9C,qBACE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EACpE,EAAE;QACF,oBACE,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EACnE,EAAE;QACF,6BAA6B;QAC7B,oBAAoB;QACpB,2BAA2B;KAC5B,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAA;IAED,MAAM,IAAI,GAAG,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAA;IAEnC,OAAO,IAAA,uBAAS,EAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAA;AACjD,CAAC;AAED,SAAS,WAAW,CAAC,KAAsB;IACzC,OAAO,KAAK,YAAY,eAAI;QAC1B,CAAC,CAAC,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAChE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAA;AAClB,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,WAAW,IAAI,GAAG,CAAA;AAC3B,CAAC"}

package/dist/request/request-uri.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"request-uri.d.ts","sourceRoot":"","sources":["../../src/request/request-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,EAAE,SAAS,EAAmB,MAAM,iBAAiB,CAAA;AAE5D,eAAO,MAAM,kBAAkB,uCAAuC,CAAA;AAEtE,eAAO,MAAM,gBAAgB,~~sFAW1B~~,CAAA;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AAEzD,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,SAAS,GAAG,UAAU,CAEjE;AAED,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,UAAU,GAAG,SAAS,CAGlE"}
1	+ {"version":3,"file":"request-uri.d.ts","sourceRoot":"","sources":["../../src/request/request-uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,EAAE,SAAS,EAAmB,MAAM,iBAAiB,CAAA;AAE5D,eAAO,MAAM,kBAAkB,uCAAuC,CAAA;AAEtE,eAAO,MAAM,gBAAgB,sFAU1B,CAAA;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AAEzD,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,SAAS,GAAG,UAAU,CAEjE;AAED,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,UAAU,GAAG,SAAS,CAGlE"}

package/dist/request/request-uri.js CHANGED Viewed

@@ -8,7 +8,6 @@ const request_id_js_1 = require("./request-id.js");
 exports.REQUEST_URI_PREFIX = 'urn:ietf:params:oauth:request_uri:';
 exports.requestUriSchema = zod_1.z
     .string()
-    .url()
     .refinement((data) => data.startsWith(exports.REQUEST_URI_PREFIX) &&
     request_id_js_1.requestIdSchema.safeParse(decodeRequestUri(data)).success, {
     code: zod_1.z.ZodIssueCode.custom,

package/dist/request/request-uri.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"request-uri.js","sourceRoot":"","sources":["../../src/request/request-uri.ts"],"names":[],"mappings":";;;~~AAqBA~~,4CAEC;AAED,4CAGC;~~AA5BD~~,6BAAuB;AAEvB,mDAA4D;AAE/C,QAAA,kBAAkB,GAAG,oCAAoC,CAAA;AAEzD,QAAA,gBAAgB,GAAG,OAAC;KAC9B,MAAM,EAAE;KACR,~~GAAG,EAAE;KACL,~~UAAU,CACT,CAAC,IAAI,EAAsD,EAAE,CAC3D,IAAI,CAAC,UAAU,CAAC,0BAAkB,CAAC;IACnC,+BAAe,CAAC,SAAS,CAAC,gBAAgB,CAAC,IAAW,CAAC,CAAC,CAAC,OAAO,EAClE;IACE,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;IAC3B,OAAO,EAAE,4BAA4B;CACtC,CACF,CAAA;AAIH,SAAgB,gBAAgB,CAAC,SAAoB;IACnD,OAAO,GAAG,0BAAkB,GAAG,kBAAkB,CAAC,SAAS,CAAc,EAAE,CAAA;AAC7E,CAAC;AAED,SAAgB,gBAAgB,CAAC,UAAsB;IACrD,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,0BAAkB,CAAC,MAAM,CAAC,CAAA;IAChE,OAAO,kBAAkB,CAAC,YAAY,CAAc,CAAA;AACtD,CAAC"}
1	+ {"version":3,"file":"request-uri.js","sourceRoot":"","sources":["../../src/request/request-uri.ts"],"names":[],"mappings":";;;AAoBA,4CAEC;AAED,4CAGC;AA3BD,6BAAuB;AAEvB,mDAA4D;AAE/C,QAAA,kBAAkB,GAAG,oCAAoC,CAAA;AAEzD,QAAA,gBAAgB,GAAG,OAAC;KAC9B,MAAM,EAAE;KACR,UAAU,CACT,CAAC,IAAI,EAAsD,EAAE,CAC3D,IAAI,CAAC,UAAU,CAAC,0BAAkB,CAAC;IACnC,+BAAe,CAAC,SAAS,CAAC,gBAAgB,CAAC,IAAW,CAAC,CAAC,CAAC,OAAO,EAClE;IACE,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;IAC3B,OAAO,EAAE,4BAA4B;CACtC,CACF,CAAA;AAIH,SAAgB,gBAAgB,CAAC,SAAoB;IACnD,OAAO,GAAG,0BAAkB,GAAG,kBAAkB,CAAC,SAAS,CAAc,EAAE,CAAA;AAC7E,CAAC;AAED,SAAgB,gBAAgB,CAAC,UAAsB;IACrD,MAAM,YAAY,GAAG,UAAU,CAAC,KAAK,CAAC,0BAAkB,CAAC,MAAM,CAAC,CAAA;IAChE,OAAO,kBAAkB,CAAC,YAAY,CAAc,CAAA;AACtD,CAAC"}

package/dist/signer/signed-token-payload.d.ts CHANGED Viewed

@@ -42,6 +42,7 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
         identifier: z.ZodOptional<z.ZodString>;
         privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     }, z.ZodTypeAny, "passthrough">>, "many">>>;
+    email: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     auth_time: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
     acr: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
@@ -58,7 +59,6 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
     zoneinfo: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     locale: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     updated_at: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
-    email: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     email_verified: z.ZodOptional<z.ZodOptional<z.ZodBoolean>>;
     phone_number: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     phone_number_verified: z.ZodOptional<z.ZodOptional<z.ZodBoolean>>;
@@ -1393,6 +1393,7 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
         identifier: z.ZodOptional<z.ZodString>;
         privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     }, z.ZodTypeAny, "passthrough">[] | undefined;
+    email?: string | undefined;
     auth_time?: number | undefined;
     acr?: string | undefined;
     name?: string | undefined;
@@ -1409,7 +1410,6 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
     zoneinfo?: string | undefined;
     locale?: string | undefined;
     updated_at?: number | undefined;
-    email?: string | undefined;
     email_verified?: boolean | undefined;
     phone_number?: string | undefined;
     phone_number_verified?: boolean | undefined;
@@ -1548,6 +1548,7 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
         identifier: z.ZodOptional<z.ZodString>;
         privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     }, z.ZodTypeAny, "passthrough">[] | undefined;
+    email?: string | undefined;
     auth_time?: number | undefined;
     acr?: string | undefined;
     name?: string | undefined;
@@ -1564,7 +1565,6 @@ export declare const signedTokenPayloadSchema: z.ZodIntersection<z.ZodObject<{
     zoneinfo?: string | undefined;
     locale?: string | undefined;
     updated_at?: number | undefined;
-    email?: string | undefined;
     email_verified?: boolean | undefined;
     phone_number?: string | undefined;
     phone_number_verified?: boolean | undefined;

package/dist/signer/signer.d.ts CHANGED Viewed

@@ -39,6 +39,7 @@ export declare class Signer {
             identifier: import("zod").ZodOptional<import("zod").ZodString>;
             privileges: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString, "many">>;
         }, import("zod").ZodTypeAny, "passthrough">[] | undefined;
+        email?: string | undefined;
         auth_time?: number | undefined;
         acr?: string | undefined;
         name?: string | undefined;
@@ -55,7 +56,6 @@ export declare class Signer {
         zoneinfo?: string | undefined;
         locale?: string | undefined;
         updated_at?: number | undefined;
-        email?: string | undefined;
         email_verified?: boolean | undefined;
         phone_number?: string | undefined;
         phone_number_verified?: boolean | undefined;

package/dist/token/token-claims.d.ts CHANGED Viewed

@@ -38,6 +38,7 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
         identifier: z.ZodOptional<z.ZodString>;
         privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     }, z.ZodTypeAny, "passthrough">>, "many">>>;
+    email: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     auth_time: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
     acr: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     name: z.ZodOptional<z.ZodOptional<z.ZodString>>;
@@ -54,7 +55,6 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
     zoneinfo: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     locale: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     updated_at: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
-    email: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     email_verified: z.ZodOptional<z.ZodOptional<z.ZodBoolean>>;
     phone_number: z.ZodOptional<z.ZodOptional<z.ZodString>>;
     phone_number_verified: z.ZodOptional<z.ZodOptional<z.ZodBoolean>>;
@@ -1387,6 +1387,7 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
         identifier: z.ZodOptional<z.ZodString>;
         privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     }, z.ZodTypeAny, "passthrough">[] | undefined;
+    email?: string | undefined;
     auth_time?: number | undefined;
     acr?: string | undefined;
     name?: string | undefined;
@@ -1403,7 +1404,6 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
     zoneinfo?: string | undefined;
     locale?: string | undefined;
     updated_at?: number | undefined;
-    email?: string | undefined;
     email_verified?: boolean | undefined;
     phone_number?: string | undefined;
     phone_number_verified?: boolean | undefined;
@@ -1541,6 +1541,7 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
         identifier: z.ZodOptional<z.ZodString>;
         privileges: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     }, z.ZodTypeAny, "passthrough">[] | undefined;
+    email?: string | undefined;
     auth_time?: number | undefined;
     acr?: string | undefined;
     name?: string | undefined;
@@ -1557,7 +1558,6 @@ export declare const tokenClaimsSchema: z.ZodIntersection<z.ZodObject<{
     zoneinfo?: string | undefined;
     locale?: string | undefined;
     updated_at?: number | undefined;
-    email?: string | undefined;
     email_verified?: boolean | undefined;
     phone_number?: string | undefined;
     phone_number_verified?: boolean | undefined;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/oauth-provider",
-  "version": "0.2.6",
+  "version": "0.2.8",
   "license": "MIT",
   "description": "Generic OAuth2 and OpenID Connect provider for Node.js. Currently only supports features needed for Atproto.",
   "keywords": [
@@ -46,7 +46,7 @@
     "@atproto/common": "^0.4.4",
     "@atproto/jwk": "0.1.1",
     "@atproto/jwk-jose": "0.1.2",
-    "@atproto/oauth-types": "0.2.0"
+    "@atproto/oauth-types": "0.2.1"
   },
   "devDependencies": {
     "@rollup/plugin-commonjs": "^25.0.7",

package/src/assets/assets-middleware.ts CHANGED Viewed

@@ -41,6 +41,6 @@ export function authorizeAssetsMiddleware(): Middleware {
       res.setHeader('Cache-Control', 'public, max-age=31536000, immutable')
     }
-    await writeStream(res, asset.createStream(), asset.type)
+    writeStream(res, asset.createStream(), { contentType: asset.type })
   }
 }

package/src/client/client.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import {
   OAuthAuthorizationRequestParameters,
   OAuthClientCredentials,
   OAuthClientMetadata,
+  OAuthRedirectUri,
 } from '@atproto/oauth-types'
 import {
   UnsecuredJWT,
@@ -323,7 +324,7 @@ export class Client {
     return parameters
   }
-  get defaultRedirectUri(): string | undefined {
+  get defaultRedirectUri(): OAuthRedirectUri | undefined {
     const { redirect_uris } = this.metadata
     return redirect_uris.length === 1 ? redirect_uris[0] : undefined
   }

package/src/lib/http/accept.ts CHANGED Viewed

@@ -39,6 +39,7 @@ type View<
  *      }
  *    )
  *  )
+ * ```
  */
 export function acceptMiddleware<
   D,

package/src/lib/http/middleware.ts CHANGED Viewed

@@ -95,7 +95,7 @@ export function createFinalHandler(
     res.setHeader('Content-Security-Policy', "default-src 'none'")
     res.setHeader('X-Content-Type-Options', 'nosniff')
-    writeJson(res, payload, status)
+    writeJson(res, payload, { status })
   }
 }

package/src/lib/http/response.ts CHANGED Viewed

@@ -1,6 +1,4 @@
-import { PassThrough, Readable, Transform } from 'node:stream'
-import { pipeline } from 'node:stream/promises'
-import { constants, createBrotliCompress, createGzip } from 'node:zlib'
+import { Readable, pipeline } from 'node:stream'
 import { Handler, ServerResponse } from './types.js'
@@ -26,108 +24,69 @@ export function writeRedirect(
   res.writeHead(status, { Location: url }).end()
 }
-function negotiateEncoding(accept?: string | string[]) {
-  if (accept?.includes('br')) return 'br'
-  if (accept?.includes('gzip')) return 'gzip'
-  return 'identity'
+export type WriteResponseOptions = {
+  status?: number
+  contentType?: string
 }
-function getEncoder(encoding: string): Transform {
-  switch (encoding) {
-    case 'br':
-      return createBrotliCompress({
-        // Default quality is too slow
-        params: { [constants.BROTLI_PARAM_QUALITY]: 5 },
-      })
-    case 'gzip':
-      return createGzip()
-    case 'identity':
-      return new PassThrough()
-    default:
-      throw new Error(`Unsupported encoding: ${encoding}`)
-  }
-}
-const ifString = (value: unknown): string | undefined =>
-  typeof value === 'string' ? value : undefined
-export async function writeStream(
+export function writeStream(
   res: ServerResponse,
   stream: Readable,
-  contentType = ifString((stream as any).headers?.['content-type']) ||
-    'application/octet-stream',
-  status = 200,
-): Promise<void> {
+  {
+    status = 200,
+    contentType = 'application/octet-stream',
+  }: WriteResponseOptions = {},
+): void {
   res.statusCode = status
   res.setHeader('content-type', contentType)
-  appendHeader(res, 'vary', 'accept-encoding')
-  const encoding = negotiateEncoding(res.req.headers['accept-encoding'])
-  res.setHeader('content-encoding', encoding)
-  res.setHeader('transfer-encoding', 'chunked')
   if (res.req.method === 'HEAD') {
     res.end()
     stream.destroy()
-    return
-  }
-  try {
-    await pipeline(stream, getEncoder(encoding), res)
-  } catch (err) {
-    // Prevent the socket from being left open in a bad state
-    res.socket?.destroy()
-    if (err != null && typeof err === 'object') {
-      // If an abort signal is used, we can consider this function's job successful
-      if ('name' in err && err.name === 'AbortError') return
-      // If the client closes the connection, we don't care about the error
-      if ('code' in err && err.code === 'ERR_STREAM_PREMATURE_CLOSE') return
-    }
-    throw err
+  } else {
+    pipeline([stream, res], (_err: Error | null) => {
+      // The error will be propagated through the streams
+    })
   }
 }
-export async function writeBuffer(
+export function writeBuffer(
   res: ServerResponse,
-  buffer: Buffer,
-  contentType?: string,
-  status = 200,
-): Promise<void> {
-  const stream = Readable.from([buffer])
-  return writeStream(res, stream, contentType, status)
+  chunk: string | Buffer,
+  {
+    status = 200,
+    contentType = 'application/octet-stream',
+  }: WriteResponseOptions = {},
+): void {
+  res.statusCode = status
+  res.setHeader('content-type', contentType)
+  res.end(chunk)
 }
-export async function writeJson(
+export function writeJson(
   res: ServerResponse,
   payload: unknown,
-  status = 200,
-  contentType = 'application/json',
-): Promise<void> {
+  { contentType = 'application/json', ...options }: WriteResponseOptions = {},
+): void {
   const buffer = Buffer.from(JSON.stringify(payload))
-  return writeBuffer(res, buffer, contentType, status)
+  writeBuffer(res, buffer, { ...options, contentType })
 }
-export function staticJsonHandler(
+export function staticJsonMiddleware(
   value: unknown,
-  contentType = 'application/json',
-  status = 200,
+  { contentType = 'application/json', ...options }: WriteResponseOptions = {},
 ): Handler<unknown> {
   const buffer = Buffer.from(JSON.stringify(value))
-  return function (req, res, next) {
-    void writeBuffer(res, buffer, contentType, status).catch(next)
+  const staticOptions: WriteResponseOptions = { ...options, contentType }
+  return function (req, res) {
+    writeBuffer(res, buffer, staticOptions)
   }
 }
-export async function writeHtml(
+export function writeHtml(
   res: ServerResponse,
   html: Buffer | string,
-  status = 200,
-  contentType = 'text/html',
-): Promise<void> {
-  const buffer = Buffer.isBuffer(html) ? html : Buffer.from(html)
-  return writeBuffer(res, buffer, contentType, status)
+  { contentType = 'text/html', ...options }: WriteResponseOptions = {},
+): void {
+  writeBuffer(res, html, { ...options, contentType })
 }

package/src/oauth-provider.ts CHANGED Viewed

@@ -29,6 +29,8 @@ import {
   oauthTokenIdentificationSchema,
   oauthTokenRequestSchema,
 } from '@atproto/oauth-types'
+import { mediaType } from '@hapi/accept'
+import createHttpError from 'http-errors'
 import type { Redis, RedisOptions } from 'ioredis'
 import z, { ZodError } from 'zod'
@@ -75,7 +77,7 @@ import {
   combineMiddlewares,
   parseHttpRequest,
   setupCsrfToken,
-  staticJsonHandler,
+  staticJsonMiddleware,
   validateCsrfToken,
   validateFetchDest,
   validateFetchMode,
@@ -1028,7 +1030,7 @@ export class OAuthProvider extends OAuthVerifier {
           res.setHeader('Cache-Control', 'max-age=300')
           next()
         },
-        staticJsonHandler(json),
+        staticJsonMiddleware(json),
       ])
     /**
@@ -1056,9 +1058,18 @@ export class OAuthProvider extends OAuthVerifier {
         }
         try {
+          // Ensure we can agree on a content encoding & type before starting to
+          // build the JSON response.
+          if (!mediaType(req.headers['accept'], ['application/json'])) {
+            throw createHttpError(406, 'Unsupported media type')
+          }
           const result = await buildJson.call(this, req, res)
-          if (result !== undefined) writeJson(res, result, status)
-          else if (!res.headersSent) res.writeHead(status ?? 204).end()
+          if (result !== undefined) {
+            writeJson(res, result, { status })
+          } else if (!res.headersSent) {
+            res.writeHead(status ?? 204).end()
+          }
         } catch (err) {
           if (!res.headersSent) {
             if (err instanceof WWWAuthenticateError) {
@@ -1067,7 +1078,9 @@ export class OAuthProvider extends OAuthVerifier {
               res.appendHeader('Access-Control-Expose-Headers', name)
             }
-            writeJson(res, buildErrorPayload(err), buildErrorStatus(err))
+            const payload = buildErrorPayload(err)
+            const status = buildErrorStatus(err)
+            writeJson(res, payload, { status })
           } else {
             res.destroy()
           }
@@ -1096,11 +1109,6 @@ export class OAuthProvider extends OAuthVerifier {
           validateSameOrigin(req, res, issuerOrigin)
           await handler.call(this, req, res)
-          // Should never happen (fool proofing)
-          if (!res.headersSent) {
-            throw new Error('Navigation handler did not send a response')
-          }
         } catch (err) {
           onError?.(
             req,

package/src/oauth-verifier.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { Key, Keyset, isSignedJwt } from '@atproto/jwk'
 import {
   OAuthAccessToken,
+  OAuthIssuerIdentifier,
   OAuthTokenType,
   oauthIssuerIdentifierSchema,
 } from '@atproto/oauth-types'
@@ -77,7 +78,7 @@ export {
 }
 export class OAuthVerifier {
-  public readonly issuer: string
+  public readonly issuer: OAuthIssuerIdentifier
   public readonly keyset: Keyset
   protected readonly accessTokenType: AccessTokenType

package/src/output/send-web-page.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import {
   Html,
   js,
 } from '../lib/html/index.js'
-import { writeHtml } from '../lib/http/response.js'
+import { writeHtml, WriteResponseOptions } from '../lib/http/response.js'
 export function declareBackendData(name: string, data: unknown) {
   // The script tag is removed after the data is assigned to the global variable
@@ -18,9 +18,11 @@ export function declareBackendData(name: string, data: unknown) {
   return js`window[${name}]=${data};document.currentScript.remove();`
 }
+export type SendWebPageOptions = BuildDocumentOptions & WriteResponseOptions
 export async function sendWebPage(
   res: ServerResponse,
-  { status = 200, ...options }: BuildDocumentOptions & { status?: number },
+  options: SendWebPageOptions,
 ): Promise<void> {
   // @TODO: make these headers configurable (?)
   res.setHeader('Permissions-Policy', 'otp-credentials=*, document-domain=()')
@@ -53,7 +55,7 @@ export async function sendWebPage(
   const html = buildDocument(options)
-  return writeHtml(res, html.toString(), status)
+  return writeHtml(res, html.toString(), options)
 }
 function assetToHash(asset: Html | AssetRef): string {

package/src/request/request-uri.ts CHANGED Viewed

@@ -6,7 +6,6 @@ export const REQUEST_URI_PREFIX = 'urn:ietf:params:oauth:request_uri:'
 export const requestUriSchema = z
   .string()
-  .url()
   .refinement(
     (data): data is `${typeof REQUEST_URI_PREFIX}${RequestId}` =>
       data.startsWith(REQUEST_URI_PREFIX) &&