@atproto/oauth-provider 0.3.1 → 0.5.0

package/dist/errors/invalid-request-error.js

@@ -4,23 +4,20 @@ exports.InvalidRequestError = void 0;
 const oauth_error_js_1 = require("./oauth-error.js");
 /**
  * @see
- * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token }
- *
- * The request is missing a required parameter, includes an unsupported
+ * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token}
+ * : The request is missing a required parameter, includes an unsupported
  * parameter value (other than grant type), repeats a parameter, includes
  * multiple credentials, utilizes more than one mechanism for authenticating the
  * client, or is otherwise malformed.
  *
  * @see
  * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 | RFC6749 - Authorization Code Grant, Authorization Request}
- *
- * The request is missing a required parameter, includes an invalid parameter
+ * : The request is missing a required parameter, includes an invalid parameter
  * value, includes a parameter more than once, or is otherwise malformed.
  *
  * @see
- * {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 | RFC6750 - The WWW-Authenticate Response Header Field }
- *
- * The request is missing a required parameter, includes an unsupported
+ * {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 | RFC6750 - The WWW-Authenticate Response Header Field}
+ * : The request is missing a required parameter, includes an unsupported
  * parameter or parameter value, repeats the same parameter, uses more than one
  * method for including an access token, or is otherwise malformed. The resource
  * server SHOULD respond with the HTTP 400 (Bad Request) status code.
@@ -29,6 +26,11 @@ class InvalidRequestError extends oauth_error_js_1.OAuthError {
     constructor(error_description, cause) {
         super('invalid_request', error_description, 400, cause);
     }
+    static from(err, message = 'Invalid request data') {
+        if (err instanceof oauth_error_js_1.OAuthError)
+            return err;
+        return new InvalidRequestError(message, err);
+    }
 }
 exports.InvalidRequestError = InvalidRequestError;
 //# sourceMappingURL=invalid-request-error.js.map

package/dist/errors/invalid-request-error.js.map

@@ -1 +1 @@
-{"version":3,"file":"invalid-request-error.js","sourceRoot":"","sources":["../../src/errors/invalid-request-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAa,mBAAoB,SAAQ,2BAAU;IACjD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;CACF;AAJD,kDAIC"}
+{"version":3,"file":"invalid-request-error.js","sourceRoot":"","sources":["../../src/errors/invalid-request-error.ts"],"names":[],"mappings":";;;AAAA,qDAA6C;AAE7C;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAa,mBAAoB,SAAQ,2BAAU;IACjD,YAAY,iBAAyB,EAAE,KAAe;QACpD,KAAK,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAY,EAAE,OAAO,GAAG,sBAAsB;QACxD,IAAI,GAAG,YAAY,2BAAU;YAAE,OAAO,GAAG,CAAA;QACzC,OAAO,IAAI,mBAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IAC9C,CAAC;CACF;AATD,kDASC"}

package/dist/lib/csp/index.d.ts

@@ -0,0 +1,18 @@
+import { Simplify } from '../util/type.js';
+export type CspValue = `data:` | `https:${string}` | `'none'` | `'self'` | `'sha256-${string}'` | `'nonce-${string}'` | `'unsafe-inline'` | `'unsafe-eval'` | `'strict-dynamic'` | `'report-sample'` | `'unsafe-hashes'`;
+declare const STRING_DIRECTIVES: readonly ["base-uri"];
+declare const BOOLEAN_DIRECTIVES: readonly ["upgrade-insecure-requests", "block-all-mixed-content"];
+declare const ARRAY_DIRECTIVES: readonly ["connect-src", "default-src", "form-action", "frame-ancestors", "frame-src", "img-src", "script-src", "style-src"];
+export type CspConfig = Simplify<{
+    [K in (typeof BOOLEAN_DIRECTIVES)[number]]?: boolean;
+} & {
+    [K in (typeof STRING_DIRECTIVES)[number]]?: CspValue;
+} & {
+    [K in (typeof ARRAY_DIRECTIVES)[number]]?: readonly CspValue[];
+}>;
+export declare function buildCsp(config: CspConfig): string;
+export declare function mergeCsp(a: CspConfig, b?: CspConfig): CspConfig;
+export declare function mergeCsp(a: CspConfig | undefined, b: CspConfig): CspConfig;
+export declare function mergeCsp(a?: CspConfig, b?: CspConfig): CspConfig | undefined;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/lib/csp/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/lib/csp/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAE1C,MAAM,MAAM,QAAQ,GAChB,OAAO,GACP,SAAS,MAAM,EAAE,GACjB,QAAQ,GACR,QAAQ,GACR,WAAW,MAAM,GAAG,GACpB,UAAU,MAAM,GAAG,GACnB,iBAAiB,GACjB,eAAe,GACf,kBAAkB,GAClB,iBAAiB,GACjB,iBAAiB,CAAA;AAErB,QAAA,MAAM,iBAAiB,uBAAwB,CAAA;AAC/C,QAAA,MAAM,kBAAkB,mEAGd,CAAA;AACV,QAAA,MAAM,gBAAgB,8HASZ,CAAA;AAEV,MAAM,MAAM,SAAS,GAAG,QAAQ,CAC9B;KACG,CAAC,IAAI,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO;CACrD,GAAG;KACD,CAAC,IAAI,CAAC,OAAO,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ;CACrD,GAAG;KACD,CAAC,IAAI,CAAC,OAAO,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,SAAS,QAAQ,EAAE;CAC/D,CACF,CAAA;AAID,wBAAgB,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,MAAM,CAgBlD;AAED,wBAAgB,QAAQ,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,SAAS,GAAG,SAAS,CAAA;AAChE,wBAAgB,QAAQ,CAAC,CAAC,EAAE,SAAS,GAAG,SAAS,EAAE,CAAC,EAAE,SAAS,GAAG,SAAS,CAAA;AAC3E,wBAAgB,QAAQ,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAA"}

package/dist/lib/csp/index.js

@@ -0,0 +1,72 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildCsp = buildCsp;
+exports.mergeCsp = mergeCsp;
+const STRING_DIRECTIVES = ['base-uri'];
+const BOOLEAN_DIRECTIVES = [
+    'upgrade-insecure-requests',
+    'block-all-mixed-content',
+];
+const ARRAY_DIRECTIVES = [
+    'connect-src',
+    'default-src',
+    'form-action',
+    'frame-ancestors',
+    'frame-src',
+    'img-src',
+    'script-src',
+    'style-src',
+];
+const NONE = "'none'";
+function buildCsp(config) {
+    const values = [];
+    for (const name of BOOLEAN_DIRECTIVES) {
+        if (config[name] === true)
+            values.push(name);
+    }
+    for (const name of STRING_DIRECTIVES) {
+        if (config[name])
+            values.push(`${name} ${config[name]}`);
+    }
+    for (const name of ARRAY_DIRECTIVES) {
+        if (config[name]?.length)
+            values.push(`${name} ${config[name].join(' ')}`);
+    }
+    return values.join('; ');
+}
+function mergeCsp(a, b) {
+    if (!a)
+        return b;
+    if (!b)
+        return a;
+    const result = {};
+    for (const name of BOOLEAN_DIRECTIVES) {
+        if (a[name] || b[name]) {
+            result[name] = true;
+        }
+    }
+    for (const name of STRING_DIRECTIVES) {
+        if (a[name] || b[name]) {
+            const aNotNone = a[name] === NONE ? undefined : a[name];
+            const bNotNone = b[name] === NONE ? undefined : b[name];
+            // @NOTE b takes precedence
+            result[name] = bNotNone || aNotNone || NONE;
+        }
+    }
+    for (const name of ARRAY_DIRECTIVES) {
+        if (a[name] && b[name]) {
+            const set = new Set(a[name]);
+            if (b[name])
+                for (const value of b[name])
+                    set.add(value);
+            if (set.size > 1 && set.has(NONE))
+                set.delete(NONE);
+            result[name] = [...set];
+        }
+        else if (a[name] || b[name]) {
+            result[name] = Array.from((a[name] || b[name]));
+        }
+    }
+    return result;
+}
+//# sourceMappingURL=index.js.map

package/dist/lib/csp/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/lib/csp/index.ts"],"names":[],"mappings":";;AA2CA,4BAgBC;AAKD,4BAiCC;AAlFD,MAAM,iBAAiB,GAAG,CAAC,UAAU,CAAU,CAAA;AAC/C,MAAM,kBAAkB,GAAG;IACzB,2BAA2B;IAC3B,yBAAyB;CACjB,CAAA;AACV,MAAM,gBAAgB,GAAG;IACvB,aAAa;IACb,aAAa;IACb,aAAa;IACb,iBAAiB;IACjB,WAAW;IACX,SAAS;IACT,YAAY;IACZ,WAAW;CACH,CAAA;AAYV,MAAM,IAAI,GAAG,QAAQ,CAAA;AAErB,SAAgB,QAAQ,CAAC,MAAiB;IACxC,MAAM,MAAM,GAAa,EAAE,CAAA;IAE3B,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACtC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI;YAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,IAAI,MAAM,CAAC,IAAI,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC1D,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAC5E,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC1B,CAAC;AAKD,SAAgB,QAAQ,CAAC,CAAa,EAAE,CAAa;IACnD,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IAChB,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IAEhB,MAAM,MAAM,GAAc,EAAE,CAAA;IAE5B,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,CAAC;QACtC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAA;QACrB,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;YACvD,MAAM,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;YACvD,2BAA2B;YAC3B,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,IAAI,QAAQ,IAAI,IAAI,CAAA;QAC7C,CAAC;IACH,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;YAC5B,IAAI,CAAC,CAAC,IAAI,CAAC;gBAAE,KAAK,MAAM,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC;oBAAE,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;YACxD,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACnD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAA;QACzB,CAAC;aAAM,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAE,CAAC,CAAA;QAClD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/lib/hcaptcha.d.ts

@@ -0,0 +1,177 @@
+import { z } from 'zod';
+import { Fetch, FetchBound } from '@atproto-labs/fetch';
+export declare const hcaptchaTokenSchema: z.ZodString;
+export type HcaptchaToken = z.infer<typeof hcaptchaTokenSchema>;
+export declare const hcaptchaConfigSchema: z.ZodObject<{
+    /**
+     * The hCaptcha site key to use for the sign-up form.
+     */
+    siteKey: z.ZodString;
+    /**
+     * The hCaptcha secret key to use for the sign-up form.
+     */
+    secretKey: z.ZodString;
+    /**
+     * A salt to use when hashing client tokens.
+     */
+    tokenSalt: z.ZodString;
+    /**
+     * The risk score over which the user is considered a threat and will be
+     * denied access. This will be ignored if the enterprise features are not
+     * available.
+     */
+    scoreThreshold: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    siteKey: string;
+    secretKey: string;
+    tokenSalt: string;
+    scoreThreshold?: number | undefined;
+}, {
+    siteKey: string;
+    secretKey: string;
+    tokenSalt: string;
+    scoreThreshold?: number | undefined;
+}>;
+export type HcaptchaConfig = z.infer<typeof hcaptchaConfigSchema>;
+/**
+ * @see {@link https://docs.hcaptcha.com/#verify-the-user-response-server-side hCaptcha API}
+ */
+export declare const hcaptchaVerifyResultSchema: z.ZodObject<{
+    /**
+     * is the passcode valid, and does it meet security criteria you specified, e.g. sitekey?
+     */
+    success: z.ZodBoolean;
+    /**
+     * timestamp of the challenge (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)
+     */
+    challenge_ts: z.ZodString;
+    /**
+     * the hostname of the site where the challenge was passed
+     */
+    hostname: z.ZodString;
+    /**
+     * optional: any error codes
+     */
+    'error-codes': z.ZodArray<z.ZodString, "many">;
+    /**
+     * ENTERPRISE feature: a score denoting malicious activity. Value ranges from
+     * 0.0 (no risk) to 1.0 (confirmed threat).
+     */
+    score: z.ZodOptional<z.ZodNumber>;
+    /**
+     * ENTERPRISE feature: reason(s) for score.
+     */
+    score_reason: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * sitekey of the request
+     */
+    sitekey: z.ZodOptional<z.ZodString>;
+    /**
+     * obj of form: {'ip_device': 1, .. etc}
+     */
+    behavior_counts: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    /**
+     * how similar is this? (0.0 - 1.0, -1 on err)
+     */
+    similarity: z.ZodOptional<z.ZodNumber>;
+    /**
+     * count of similar_tokens not processed
+     */
+    similarity_failures: z.ZodOptional<z.ZodNumber>;
+    /**
+     * array of strings for any similarity errors
+     */
+    similarity_error_details: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * encoded clientID
+     */
+    scoped_uid_0: z.ZodOptional<z.ZodString>;
+    /**
+     * encoded IP
+     */
+    scoped_uid_1: z.ZodOptional<z.ZodString>;
+    /**
+     * encoded IP (APT)
+     */
+    scoped_uid_2: z.ZodOptional<z.ZodString>;
+    /**
+     * Risk Insights (APT + RI)
+     */
+    risk_insights: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    /**
+     * Advanced Threat Signatures (APT)
+     */
+    sigs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    /**
+     * tags added via Rules
+     */
+    tags: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "strip", z.ZodTypeAny, {
+    hostname: string;
+    success: boolean;
+    challenge_ts: string;
+    'error-codes': string[];
+    score?: number | undefined;
+    score_reason?: string[] | undefined;
+    sitekey?: string | undefined;
+    behavior_counts?: Record<string, unknown> | undefined;
+    similarity?: number | undefined;
+    similarity_failures?: number | undefined;
+    similarity_error_details?: string[] | undefined;
+    scoped_uid_0?: string | undefined;
+    scoped_uid_1?: string | undefined;
+    scoped_uid_2?: string | undefined;
+    risk_insights?: Record<string, unknown> | undefined;
+    sigs?: Record<string, unknown> | undefined;
+    tags?: string[] | undefined;
+}, {
+    hostname: string;
+    success: boolean;
+    challenge_ts: string;
+    'error-codes': string[];
+    score?: number | undefined;
+    score_reason?: string[] | undefined;
+    sitekey?: string | undefined;
+    behavior_counts?: Record<string, unknown> | undefined;
+    similarity?: number | undefined;
+    similarity_failures?: number | undefined;
+    similarity_error_details?: string[] | undefined;
+    scoped_uid_0?: string | undefined;
+    scoped_uid_1?: string | undefined;
+    scoped_uid_2?: string | undefined;
+    risk_insights?: Record<string, unknown> | undefined;
+    sigs?: Record<string, unknown> | undefined;
+    tags?: string[] | undefined;
+}>;
+export type HcaptchaVerifyResult = z.infer<typeof hcaptchaVerifyResultSchema>;
+export declare class HCaptchaClient {
+    private readonly hostname;
+    private readonly config;
+    protected readonly fetch: FetchBound;
+    constructor(hostname: string, config: HcaptchaConfig, fetch?: Fetch);
+    verify(behaviorType: 'login' | 'signup', response: string, remoteip: string, handle: string, userAgent?: string): Promise<{
+        allowed: boolean;
+        result: {
+            hostname: string;
+            success: boolean;
+            challenge_ts: string;
+            'error-codes': string[];
+            score?: number | undefined;
+            score_reason?: string[] | undefined;
+            sitekey?: string | undefined;
+            behavior_counts?: Record<string, unknown> | undefined;
+            similarity?: number | undefined;
+            similarity_failures?: number | undefined;
+            similarity_error_details?: string[] | undefined;
+            scoped_uid_0?: string | undefined;
+            scoped_uid_1?: string | undefined;
+            scoped_uid_2?: string | undefined;
+            risk_insights?: Record<string, unknown> | undefined;
+            sigs?: Record<string, unknown> | undefined;
+            tags?: string[] | undefined;
+        };
+    }>;
+    isAllowed({ success, hostname, score }: HcaptchaVerifyResult): boolean;
+    hashToken(value: string): string;
+}
+//# sourceMappingURL=hcaptcha.d.ts.map

package/dist/lib/hcaptcha.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hcaptcha.d.ts","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EACL,KAAK,EACL,UAAU,EAKX,MAAM,qBAAqB,CAAA;AAG5B,eAAO,MAAM,mBAAmB,aAAoB,CAAA;AACpD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAE/D,eAAO,MAAM,oBAAoB;IAC/B;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;;OAIG;;;;;;;;;;;;EAEH,CAAA;AACF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AAEjE;;GAEG;AACH,eAAO,MAAM,0BAA0B;IACrC;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;;OAGG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;IAEH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEH,CAAA;AAEF,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAA;AAQ7E,qBAAa,cAAc;IAGvB,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAHzB,SAAS,CAAC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAA;gBAEjB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,cAAc,EACvC,KAAK,GAAE,KAAwB;IAK3B,MAAM,CACV,YAAY,EAAE,OAAO,GAAG,QAAQ,EAChC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,SAAS,CAAC,EAAE,MAAM;;;;;;;;;;;;;;;;;;;;;;IA2BpB,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,oBAAoB;IAa5D,SAAS,CAAC,KAAK,EAAE,MAAM;CAMxB"}

package/dist/lib/hcaptcha.js

@@ -0,0 +1,155 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HCaptchaClient = exports.hcaptchaVerifyResultSchema = exports.hcaptchaConfigSchema = exports.hcaptchaTokenSchema = void 0;
+const node_crypto_1 = require("node:crypto");
+const zod_1 = require("zod");
+const fetch_1 = require("@atproto-labs/fetch");
+const pipe_1 = require("@atproto-labs/pipe");
+exports.hcaptchaTokenSchema = zod_1.z.string().min(1);
+exports.hcaptchaConfigSchema = zod_1.z.object({
+    /**
+     * The hCaptcha site key to use for the sign-up form.
+     */
+    siteKey: zod_1.z.string().min(1),
+    /**
+     * The hCaptcha secret key to use for the sign-up form.
+     */
+    secretKey: zod_1.z.string().min(1),
+    /**
+     * A salt to use when hashing client tokens.
+     */
+    tokenSalt: zod_1.z.string().min(1),
+    /**
+     * The risk score over which the user is considered a threat and will be
+     * denied access. This will be ignored if the enterprise features are not
+     * available.
+     */
+    scoreThreshold: zod_1.z.number().optional(),
+});
+/**
+ * @see {@link https://docs.hcaptcha.com/#verify-the-user-response-server-side hCaptcha API}
+ */
+exports.hcaptchaVerifyResultSchema = zod_1.z.object({
+    /**
+     * is the passcode valid, and does it meet security criteria you specified, e.g. sitekey?
+     */
+    success: zod_1.z.boolean(),
+    /**
+     * timestamp of the challenge (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)
+     */
+    challenge_ts: zod_1.z.string(),
+    /**
+     * the hostname of the site where the challenge was passed
+     */
+    hostname: zod_1.z.string(),
+    /**
+     * optional: any error codes
+     */
+    'error-codes': zod_1.z.array(zod_1.z.string()),
+    /**
+     * ENTERPRISE feature: a score denoting malicious activity. Value ranges from
+     * 0.0 (no risk) to 1.0 (confirmed threat).
+     */
+    score: zod_1.z.number().optional(),
+    /**
+     * ENTERPRISE feature: reason(s) for score.
+     */
+    score_reason: zod_1.z.array(zod_1.z.string()).optional(),
+    /**
+     * sitekey of the request
+     */
+    sitekey: zod_1.z.string().optional(),
+    /**
+     * obj of form: {'ip_device': 1, .. etc}
+     */
+    behavior_counts: zod_1.z.record(zod_1.z.unknown()).optional(),
+    /**
+     * how similar is this? (0.0 - 1.0, -1 on err)
+     */
+    similarity: zod_1.z.number().optional(),
+    /**
+     * count of similar_tokens not processed
+     */
+    similarity_failures: zod_1.z.number().optional(),
+    /**
+     * array of strings for any similarity errors
+     */
+    similarity_error_details: zod_1.z.array(zod_1.z.string()).optional(),
+    /**
+     * encoded clientID
+     */
+    scoped_uid_0: zod_1.z.string().optional(),
+    /**
+     * encoded IP
+     */
+    scoped_uid_1: zod_1.z.string().optional(),
+    /**
+     * encoded IP (APT)
+     */
+    scoped_uid_2: zod_1.z.string().optional(),
+    /**
+     * Risk Insights (APT + RI)
+     */
+    risk_insights: zod_1.z.record(zod_1.z.unknown()).optional(),
+    /**
+     * Advanced Threat Signatures (APT)
+     */
+    sigs: zod_1.z.record(zod_1.z.unknown()).optional(),
+    /**
+     * tags added via Rules
+     */
+    tags: zod_1.z.array(zod_1.z.string()).optional(),
+});
+const fetchSuccessHandler = (0, pipe_1.pipe)((0, fetch_1.fetchOkProcessor)(), (0, fetch_1.fetchJsonProcessor)(), (0, fetch_1.fetchJsonZodProcessor)(exports.hcaptchaVerifyResultSchema));
+class HCaptchaClient {
+    hostname;
+    config;
+    fetch;
+    constructor(hostname, config, fetch = globalThis.fetch) {
+        this.hostname = hostname;
+        this.config = config;
+        this.fetch = (0, fetch_1.bindFetch)(fetch);
+    }
+    async verify(behaviorType, response, remoteip, handle, userAgent) {
+        const result = await this.fetch('https://api.hcaptcha.com/siteverify', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+            body: new URLSearchParams({
+                secret: this.config.secretKey,
+                sitekey: this.config.siteKey,
+                behavior_type: behaviorType,
+                response,
+                remoteip,
+                client_tokens: JSON.stringify({
+                    hashedIp: this.hashToken(remoteip),
+                    hashedHandle: this.hashToken(handle),
+                    hashedUserAgent: userAgent ? this.hashToken(userAgent) : undefined,
+                }),
+            }).toString(),
+        }).then(fetchSuccessHandler);
+        return {
+            allowed: this.isAllowed(result),
+            result,
+        };
+    }
+    isAllowed({ success, hostname, score }) {
+        return (success &&
+            // Fool-proofing: If this is false, the user is trying to use a token
+            // generated for the same siteKey, but on another domain.
+            hostname === this.hostname &&
+            // Ignore if enterprise feature is not enabled
+            score != null &&
+            this.config.scoreThreshold != null &&
+            score < this.config.scoreThreshold);
+    }
+    hashToken(value) {
+        const hash = (0, node_crypto_1.createHash)('sha256');
+        hash.update(this.config.tokenSalt);
+        hash.update(value);
+        return hash.digest().toString('base64');
+    }
+}
+exports.HCaptchaClient = HCaptchaClient;
+//# sourceMappingURL=hcaptcha.js.map

package/dist/lib/hcaptcha.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hcaptcha.js","sourceRoot":"","sources":["../../src/lib/hcaptcha.ts"],"names":[],"mappings":";;;AAAA,6CAAwC;AACxC,6BAAuB;AACvB,+CAO4B;AAC5B,6CAAyC;AAE5B,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;AAGvC,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;OAEG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5B;;;;OAIG;IACH,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAA;AAGF;;GAEG;AACU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAClC;;;OAGG;IACH,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B;;OAEG;IACH,eAAe,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjD;;OAEG;IACH,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC;;OAEG;IACH,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACxD;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC/C;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA;AAIF,MAAM,mBAAmB,GAAG,IAAA,WAAI,EAC9B,IAAA,wBAAgB,GAAE,EAClB,IAAA,0BAAkB,GAAE,EACpB,IAAA,6BAAqB,EAAC,kCAA0B,CAAC,CAClD,CAAA;AAED,MAAa,cAAc;IAGN;IACA;IAHA,KAAK,CAAY;IACpC,YACmB,QAAgB,EAChB,MAAsB,EACvC,QAAe,UAAU,CAAC,KAAK;QAFd,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAgB;QAGvC,IAAI,CAAC,KAAK,GAAG,IAAA,iBAAS,EAAC,KAAK,CAAC,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,MAAM,CACV,YAAgC,EAChC,QAAgB,EAChB,QAAgB,EAChB,MAAc,EACd,SAAkB;QAElB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,qCAAqC,EAAE;YACrE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAC7B,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;gBAC5B,aAAa,EAAE,YAAY;gBAC3B,QAAQ;gBACR,QAAQ;gBACR,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC;oBAC5B,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;oBAClC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;oBACpC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;iBACnE,CAAC;aACH,CAAC,CAAC,QAAQ,EAAE;SACd,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAA;QAE5B,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;YAC/B,MAAM;SACP,CAAA;IACH,CAAC;IAED,SAAS,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAwB;QAC1D,OAAO,CACL,OAAO;YACP,qEAAqE;YACrE,yDAAyD;YACzD,QAAQ,KAAK,IAAI,CAAC,QAAQ;YAC1B,8CAA8C;YAC9C,KAAK,IAAI,IAAI;YACb,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI;YAClC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CACnC,CAAA;IACH,CAAC;IAED,SAAS,CAAC,KAAa;QACrB,MAAM,IAAI,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAA;QACjC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAClB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACzC,CAAC;CACF;AA7DD,wCA6DC"}

package/dist/lib/html/build-document.d.ts

@@ -5,9 +5,16 @@ export type AssetRef = {
     sha256: string;
 };
 export type Attrs = Record<string, boolean | string | undefined>;
-export type LinkAttrs = {
+/**
+ * @see {@link https://developer.mozilla.org/fr/docs/Web/HTML/Attributes/rel}
+ */
+declare const ALLOWED_LINK_REL_VALUES: readonly ["alternate", "author", "canonical", "dns-prefetch", "external", "expect", "help", "icon", "license", "manifest", "me", "modulepreload", "next", "pingback", "preconnect", "prefetch", "preload", "prerender", "prev", "privacy-policy", "search", "stylesheet", "terms-of-service"];
+export type LinkRel = (typeof ALLOWED_LINK_REL_VALUES)[number];
+export declare const isLinkRel: (rel: unknown) => rel is LinkRel;
+export type LinkAttrs = Attrs & {
     href: string;
-} & Attrs;
+    rel: LinkRel;
+};
 export type MetaAttrs = {
     name: string;
     content: string;
@@ -24,8 +31,9 @@ export type BuildDocumentOptions = {
     title?: HtmlValue;
     scripts?: readonly (Html | AssetRef)[];
     styles?: readonly (Html | AssetRef)[];
-    body: HtmlValue;
+    body?: HtmlValue;
     bodyAttrs?: Attrs;
 };
 export declare const buildDocument: ({ htmlAttrs, head, title, body, bodyAttrs, base, meta, links, scripts, styles, }: BuildDocumentOptions) => Html;
+export {};
 //# sourceMappingURL=build-document.d.ts.map

package/dist/lib/html/build-document.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"build-document.d.ts","sourceRoot":"","sources":["../../../src/lib/html/build-document.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAGhC,MAAM,MAAM,QAAQ,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC,CAAA;AAChE,MAAM,MAAM,SAAS,GAAG;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,KAAK,CAAA;AAChD,MAAM,MAAM,SAAS,GACjB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACjC;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAA;AAO7C,MAAM,MAAM,oBAAoB,GAAG;IACjC,SAAS,CAAC,EAAE,KAAK,CAAA;IACjB,IAAI,CAAC,EAAE,GAAG,CAAA;IACV,IAAI,CAAC,EAAE,SAAS,SAAS,EAAE,CAAA;IAC3B,KAAK,CAAC,EAAE,SAAS,SAAS,EAAE,CAAA;IAC5B,IAAI,CAAC,EAAE,SAAS,CAAA;IAChB,KAAK,CAAC,EAAE,SAAS,CAAA;IACjB,OAAO,CAAC,EAAE,SAAS,CAAC,IAAI,GAAG,QAAQ,CAAC,EAAE,CAAA;IACtC,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,GAAG,QAAQ,CAAC,EAAE,CAAA;IACrC,IAAI,EAAE,SAAS,CAAA;IACf,SAAS,CAAC,EAAE,KAAK,CAAA;CAClB,CAAA;AAED,eAAO,MAAM,aAAa,qFAWvB,oBAAoB,SAcf,CAAA"}
+{"version":3,"file":"build-document.d.ts","sourceRoot":"","sources":["../../../src/lib/html/build-document.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAGhC,MAAM,MAAM,QAAQ,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAED,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC,CAAA;AAEhE;;GAEG;AACH,QAAA,MAAM,uBAAuB,+RAwBlB,CAAA;AACX,MAAM,MAAM,OAAO,GAAG,CAAC,OAAO,uBAAuB,CAAC,CAAC,MAAM,CAAC,CAAA;AAC9D,eAAO,MAAM,SAAS,QAAS,OAAO,KAAG,GAAG,IAAI,OACe,CAAA;AAE/D,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG;IAC9B,IAAI,EAAE,MAAM,CAAA;IACZ,GAAG,EAAE,OAAO,CAAA;CACb,CAAA;AACD,MAAM,MAAM,SAAS,GACjB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GACjC;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAA;AAO7C,MAAM,MAAM,oBAAoB,GAAG;IACjC,SAAS,CAAC,EAAE,KAAK,CAAA;IACjB,IAAI,CAAC,EAAE,GAAG,CAAA;IACV,IAAI,CAAC,EAAE,SAAS,SAAS,EAAE,CAAA;IAC3B,KAAK,CAAC,EAAE,SAAS,SAAS,EAAE,CAAA;IAC5B,IAAI,CAAC,EAAE,SAAS,CAAA;IAChB,KAAK,CAAC,EAAE,SAAS,CAAA;IACjB,OAAO,CAAC,EAAE,SAAS,CAAC,IAAI,GAAG,QAAQ,CAAC,EAAE,CAAA;IACtC,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,GAAG,QAAQ,CAAC,EAAE,CAAA;IACrC,IAAI,CAAC,EAAE,SAAS,CAAA;IAChB,SAAS,CAAC,EAAE,KAAK,CAAA;CAClB,CAAA;AAED,eAAO,MAAM,aAAa,qFAWvB,oBAAoB,SAef,CAAA"}

package/dist/lib/html/build-document.js

@@ -1,8 +1,38 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.buildDocument = void 0;
+exports.buildDocument = exports.isLinkRel = void 0;
 const html_js_1 = require("./html.js");
 const tags_js_1 = require("./tags.js");
+/**
+ * @see {@link https://developer.mozilla.org/fr/docs/Web/HTML/Attributes/rel}
+ */
+const ALLOWED_LINK_REL_VALUES = Object.freeze([
+    'alternate',
+    'author',
+    'canonical',
+    'dns-prefetch',
+    'external',
+    'expect',
+    'help',
+    'icon',
+    'license',
+    'manifest',
+    'me',
+    'modulepreload',
+    'next',
+    'pingback',
+    'preconnect',
+    'prefetch',
+    'preload',
+    'prerender',
+    'prev',
+    'privacy-policy',
+    'search',
+    'stylesheet',
+    'terms-of-service',
+]);
+const isLinkRel = (rel) => ALLOWED_LINK_REL_VALUES.includes(rel);
+exports.isLinkRel = isLinkRel;
 const defaultViewport = (0, tags_js_1.html) `<meta
   name="viewport"
   content="width=device-width, initial-scale=1.0"
@@ -15,22 +45,23 @@ const buildDocument = ({ htmlAttrs, head, title, body, bodyAttrs, base, meta, li
     ${base && (0, tags_js_1.html) `<base href="${base.href}" />`}
     ${meta?.some(isViewportMeta) ? null : defaultViewport}
     ${meta?.map(metaToHtml)}
+    ${styles?.map(linkPreload('style'))}
+    ${scripts?.map(linkPreload('script'))}
     ${links?.map(linkToHtml)}
-    ${head} ${styles?.map(styleToHtml)}
+    ${head}
+    ${styles?.map(styleToHtml)}
   </head>
-  <body${attrsToHtml(bodyAttrs)}>
-    ${body} ${scripts?.map(scriptToHtml)}
-  </body>
+  <body${attrsToHtml(bodyAttrs)}>${body}${scripts?.map(scriptToHtml)}</body>
 </html>`;
 exports.buildDocument = buildDocument;
 function isViewportMeta(attrs) {
     return 'name' in attrs && attrs.name === 'viewport';
 }
-function* linkToHtml(attrs) {
-    yield (0, tags_js_1.html) `<link${attrsToHtml(attrs)} />`;
+function linkToHtml(attrs) {
+    return (0, tags_js_1.html) `<link${attrsToHtml(attrs)} />`;
 }
-function* metaToHtml(attrs) {
-    yield (0, tags_js_1.html) `<meta${attrsToHtml(attrs)} />`;
+function metaToHtml(attrs) {
+    return (0, tags_js_1.html) `<meta${attrsToHtml(attrs)} />`;
 }
 function* attrsToHtml(attrs) {
     if (attrs) {
@@ -46,16 +77,21 @@ function* attrsToHtml(attrs) {
         }
     }
 }
-function* scriptToHtml(script) {
-    yield script instanceof html_js_1.Html
+function linkPreload(as) {
+    return (style) => style instanceof html_js_1.Html
+        ? undefined
+        : (0, tags_js_1.html) `<link rel="preload" href="${style.url}" as="${as}" />`;
+}
+function scriptToHtml(script) {
+    return script instanceof html_js_1.Html
         ? // prettier-ignore
             (0, tags_js_1.html) `<script>${script}</script>` // hash validity requires no space around the content
-        : (0, tags_js_1.html) `<script type="module" src="${script.url}?${script.sha256}"></script>`;
+        : (0, tags_js_1.html) `<script type="module" src="${script.url}"></script>`;
 }
-function* styleToHtml(style) {
-    yield style instanceof html_js_1.Html
+function styleToHtml(style) {
+    return style instanceof html_js_1.Html
         ? // prettier-ignore
             (0, tags_js_1.html) `<style>${style}</style>` // hash validity requires no space around the content
-        : (0, tags_js_1.html) `<link rel="stylesheet" href="${style.url}?${style.sha256}" />`;
+        : (0, tags_js_1.html) `<link rel="stylesheet" href="${style.url}" />`;
 }
 //# sourceMappingURL=build-document.js.map

package/dist/lib/html/build-document.js.map

@@ -1 +1 @@
-{"version":3,"file":"build-document.js","sourceRoot":"","sources":["../../../src/lib/html/build-document.ts"],"names":[],"mappings":";;;AACA,uCAAgC;AAChC,uCAAgC;AAahC,MAAM,eAAe,GAAG,IAAA,cAAI,EAAA;;;GAGzB,CAAA;AAeI,MAAM,aAAa,GAAG,CAAC,EAC5B,SAAS,EACT,IAAI,EACJ,KAAK,EACL,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,IAAI,EACJ,KAAK,EACL,OAAO,EACP,MAAM,GACe,EAAE,EAAE,CAAC,IAAA,cAAI,EAAA;OACzB,WAAW,CAAC,SAAS,CAAC;;;MAGvB,KAAK,IAAI,IAAA,cAAI,EAAA,UAAU,KAAK,UAAU;MACtC,IAAI,IAAI,IAAA,cAAI,EAAA,eAAe,IAAI,CAAC,IAAI,MAAM;MAC1C,IAAI,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe;MACnD,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC;MACrB,KAAK,EAAE,GAAG,CAAC,UAAU,CAAC;MACtB,IAAI,IAAI,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC;;SAE7B,WAAW,CAAC,SAAS,CAAC;MACzB,IAAI,IAAI,OAAO,EAAE,GAAG,CAAC,YAAY,CAAC;;QAEhC,CAAA;AAzBK,QAAA,aAAa,iBAyBlB;AAER,SAAS,cAAc,CACrB,KAAQ;IAER,OAAO,MAAM,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,CAAA;AACrD,CAAC;AAED,QAAQ,CAAC,CAAC,UAAU,CAAC,KAAgB;IACnC,MAAM,IAAA,cAAI,EAAA,QAAQ,WAAW,CAAC,KAAK,CAAC,KAAK,CAAA;AAC3C,CAAC;AAED,QAAQ,CAAC,CAAC,UAAU,CAAC,KAAgB;IACnC,MAAM,IAAA,cAAI,EAAA,QAAQ,WAAW,CAAC,KAAK,CAAC,KAAK,CAAA;AAC3C,CAAC;AAED,QAAQ,CAAC,CAAC,WAAW,CAAC,KAAa;IACjC,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAClD,IAAI,KAAK,IAAI,IAAI;gBAAE,SAAQ;iBACtB,IAAI,KAAK,KAAK,KAAK;gBAAE,SAAQ;iBAC7B,IAAI,KAAK,KAAK,IAAI;gBAAE,MAAM,IAAA,cAAI,EAAA,IAAI,IAAI,EAAE,CAAA;;gBACxC,MAAM,IAAA,cAAI,EAAA,IAAI,IAAI,KAAK,KAAK,GAAG,CAAA;QACtC,CAAC;IACH,CAAC;AACH,CAAC;AAED,QAAQ,CAAC,CAAC,YAAY,CAAC,MAAuB;IAC5C,MAAM,MAAM,YAAY,cAAI;QAC1B,CAAC,CAAC,kBAAkB;YAClB,IAAA,cAAI,EAAA,WAAW,MAAM,WAAW,CAAC,qDAAqD;QACxF,CAAC,CAAC,IAAA,cAAI,EAAA,8BAA8B,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,MAAM,aAAa,CAAA;AAChF,CAAC;AAED,QAAQ,CAAC,CAAC,WAAW,CAAC,KAAsB;IAC1C,MAAM,KAAK,YAAY,cAAI;QACzB,CAAC,CAAC,kBAAkB;YAClB,IAAA,cAAI,EAAA,UAAU,KAAK,UAAU,CAAC,qDAAqD;QACrF,CAAC,CAAC,IAAA,cAAI,EAAA,gCAAgC,KAAK,CAAC,GAAG,IAAI,KAAK,CAAC,MAAM,MAAM,CAAA;AACzE,CAAC"}
+{"version":3,"file":"build-document.js","sourceRoot":"","sources":["../../../src/lib/html/build-document.ts"],"names":[],"mappings":";;;AACA,uCAAgC;AAChC,uCAAgC;AAShC;;GAEG;AACH,MAAM,uBAAuB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC5C,WAAW;IACX,QAAQ;IACR,WAAW;IACX,cAAc;IACd,UAAU;IACV,QAAQ;IACR,MAAM;IACN,MAAM;IACN,SAAS;IACT,UAAU;IACV,IAAI;IACJ,eAAe;IACf,MAAM;IACN,UAAU;IACV,YAAY;IACZ,UAAU;IACV,SAAS;IACT,WAAW;IACX,MAAM;IACN,gBAAgB;IAChB,QAAQ;IACR,YAAY;IACZ,kBAAkB;CACV,CAAC,CAAA;AAEJ,MAAM,SAAS,GAAG,CAAC,GAAY,EAAkB,EAAE,CACvD,uBAA8C,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;AADlD,QAAA,SAAS,aACyC;AAU/D,MAAM,eAAe,GAAG,IAAA,cAAI,EAAA;;;GAGzB,CAAA;AAeI,MAAM,aAAa,GAAG,CAAC,EAC5B,SAAS,EACT,IAAI,EACJ,KAAK,EACL,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,IAAI,EACJ,KAAK,EACL,OAAO,EACP,MAAM,GACe,EAAE,EAAE,CAAC,IAAA,cAAI,EAAA;OACzB,WAAW,CAAC,SAAS,CAAC;;;MAGvB,KAAK,IAAI,IAAA,cAAI,EAAA,UAAU,KAAK,UAAU;MACtC,IAAI,IAAI,IAAA,cAAI,EAAA,eAAe,IAAI,CAAC,IAAI,MAAM;MAC1C,IAAI,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe;MACnD,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC;MACrB,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;MACjC,OAAO,EAAE,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;MACnC,KAAK,EAAE,GAAG,CAAC,UAAU,CAAC;MACtB,IAAI;MACJ,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC;;SAErB,WAAW,CAAC,SAAS,CAAC,IAAI,IAAI,GAAG,OAAO,EAAE,GAAG,CAAC,YAAY,CAAC;QAC5D,CAAA;AA1BK,QAAA,aAAa,iBA0BlB;AAER,SAAS,cAAc,CACrB,KAAQ;IAER,OAAO,MAAM,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,CAAA;AACrD,CAAC;AAED,SAAS,UAAU,CAAC,KAAgB;IAClC,OAAO,IAAA,cAAI,EAAA,QAAQ,WAAW,CAAC,KAAK,CAAC,KAAK,CAAA;AAC5C,CAAC;AAED,SAAS,UAAU,CAAC,KAAgB;IAClC,OAAO,IAAA,cAAI,EAAA,QAAQ,WAAW,CAAC,KAAK,CAAC,KAAK,CAAA;AAC5C,CAAC;AAED,QAAQ,CAAC,CAAC,WAAW,CAAC,KAAa;IACjC,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAClD,IAAI,KAAK,IAAI,IAAI;gBAAE,SAAQ;iBACtB,IAAI,KAAK,KAAK,KAAK;gBAAE,SAAQ;iBAC7B,IAAI,KAAK,KAAK,IAAI;gBAAE,MAAM,IAAA,cAAI,EAAA,IAAI,IAAI,EAAE,CAAA;;gBACxC,MAAM,IAAA,cAAI,EAAA,IAAI,IAAI,KAAK,KAAK,GAAG,CAAA;QACtC,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,EAAsB;IACzC,OAAO,CAAC,KAAsB,EAAE,EAAE,CAChC,KAAK,YAAY,cAAI;QACnB,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,IAAA,cAAI,EAAA,6BAA6B,KAAK,CAAC,GAAG,SAAS,EAAE,MAAM,CAAA;AACnE,CAAC;AAED,SAAS,YAAY,CAAC,MAAuB;IAC3C,OAAO,MAAM,YAAY,cAAI;QAC3B,CAAC,CAAC,kBAAkB;YAClB,IAAA,cAAI,EAAA,WAAW,MAAM,WAAW,CAAC,qDAAqD;QACxF,CAAC,CAAC,IAAA,cAAI,EAAA,8BAA8B,MAAM,CAAC,GAAG,aAAa,CAAA;AAC/D,CAAC;AAED,SAAS,WAAW,CAAC,KAAsB;IACzC,OAAO,KAAK,YAAY,cAAI;QAC1B,CAAC,CAAC,kBAAkB;YAClB,IAAA,cAAI,EAAA,UAAU,KAAK,UAAU,CAAC,qDAAqD;QACrF,CAAC,CAAC,IAAA,cAAI,EAAA,gCAAgC,KAAK,CAAC,GAAG,MAAM,CAAA;AACzD,CAAC"}

package/dist/lib/http/middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/lib/http/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAEhE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAE9D,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACpE,WAAW,EAAE,QAAQ,CAAC,IAAI,GAAG,SAAS,GAAG,CAAC,CAAC,EAC3C,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,GACjC,CAAC,CAAA;AAwCJ,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IACvD,CAAC,SAAS,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,EAAE,MAAM,GAAG,CAAC,GAC/C,OAAO,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GACpB,KAAK,CAAA;AAEX;;;GAGG;AACH,wBAAgB,SAAS,CAAC,CAAC,SAAS,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAC3D,UAAU,EAAE,CAAC,EACb,OAAO,CAAC,EAAE,mBAAmB,GASxB,SAAS,CAAC,CAAC,CAAC,CAClB;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB,CAAA;AAED,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,OAAO,CAAC,EAAE,mBAAmB,GAC5B,YAAY,CAqBd;AA4CD,wBAAgB,IAAI,CAAC,CAAC,SAAS,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,CAQvD"}
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../../src/lib/http/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAEhE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAI9D,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACpE,WAAW,EAAE,QAAQ,CAAC,IAAI,GAAG,SAAS,GAAG,CAAC,CAAC,EAC3C,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,GACjC,CAAC,CAAA;AAuCJ,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IACvD,CAAC,SAAS,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,EAAE,MAAM,GAAG,CAAC,GAC/C,OAAO,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GACpB,KAAK,CAAA;AAEX;;;GAGG;AACH,wBAAgB,SAAS,CAAC,CAAC,SAAS,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAC3D,UAAU,EAAE,CAAC,EACb,OAAO,CAAC,EAAE,mBAAmB,GASxB,SAAS,CAAC,CAAC,CAAC,CAClB;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB,CAAA;AAED,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,OAAO,CAAC,EAAE,mBAAmB,GAC5B,YAAY,CAqBd;AA4CD,wBAAgB,IAAI,CAAC,CAAC,SAAS,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,CAQvD"}