npm - @atproto/oauth-provider - Versions diffs - 0.3.1 → 0.5.0 - Mend

@atproto/oauth-provider 0.3.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (404) hide show

package/.linguirc +57 -0
package/CHANGELOG.md +29 -0
package/LICENSE.txt +1 -1
package/dist/account/account-manager.d.ts +17 -3
package/dist/account/account-manager.d.ts.map +1 -1
package/dist/account/account-manager.js +102 -8
package/dist/account/account-manager.js.map +1 -1
package/dist/account/account-store.d.ts +81 -15
package/dist/account/account-store.d.ts.map +1 -1
package/dist/account/account-store.js +70 -19
package/dist/account/account-store.js.map +1 -1
package/dist/account/sign-in-data.d.ts +28 -0
package/dist/account/sign-in-data.d.ts.map +1 -0
package/dist/account/sign-in-data.js +16 -0
package/dist/account/sign-in-data.js.map +1 -0
package/dist/account/sign-up-data.d.ts +26 -0
package/dist/account/sign-up-data.d.ts.map +1 -0
package/dist/account/sign-up-data.js +11 -0
package/dist/account/sign-up-data.js.map +1 -0
package/dist/assets/app/bundle-manifest.json +598 -6
package/dist/assets/app/index-ItwwtJ8r.js +36 -0
package/dist/assets/app/index-ItwwtJ8r.js.map +1 -0
package/dist/assets/app/main-B_dNxQo_.js +4 -0
package/dist/assets/app/main-B_dNxQo_.js.map +1 -0
package/dist/assets/app/main-CSatvmRR.css +3 -0
package/dist/assets/app/main-CSatvmRR.js +306 -0
package/dist/assets/app/main-CSatvmRR.js.map +1 -0
package/dist/assets/app/messages-BQeltXSF.js +4 -0
package/dist/assets/app/messages-BQeltXSF.js.map +1 -0
package/dist/assets/app/messages-BQkEhfjg.js +4 -0
package/dist/assets/app/messages-BQkEhfjg.js.map +1 -0
package/dist/assets/app/messages-BUjKj_UJ.js +4 -0
package/dist/assets/app/messages-BUjKj_UJ.js.map +1 -0
package/dist/assets/app/messages-BWIQa8fO.js +4 -0
package/dist/assets/app/messages-BWIQa8fO.js.map +1 -0
package/dist/assets/app/messages-BaNVb0bp.js +4 -0
package/dist/assets/app/messages-BaNVb0bp.js.map +1 -0
package/dist/assets/app/messages-BaizVXcF.js +4 -0
package/dist/assets/app/messages-BaizVXcF.js.map +1 -0
package/dist/assets/app/messages-BfoClA1Y.js +4 -0
package/dist/assets/app/messages-BfoClA1Y.js.map +1 -0
package/dist/assets/app/messages-BsKGDZnC.js +4 -0
package/dist/assets/app/messages-BsKGDZnC.js.map +1 -0
package/dist/assets/app/messages-Bu-TJhml.js +4 -0
package/dist/assets/app/messages-Bu-TJhml.js.map +1 -0
package/dist/assets/app/messages-BvOKnBQk.js +4 -0
package/dist/assets/app/messages-BvOKnBQk.js.map +1 -0
package/dist/assets/app/messages-BxDzCiWz.js +4 -0
package/dist/assets/app/messages-BxDzCiWz.js.map +1 -0
package/dist/assets/app/messages-CDgFOy4S.js +4 -0
package/dist/assets/app/messages-CDgFOy4S.js.map +1 -0
package/dist/assets/app/messages-CLbTz0o9.js +4 -0
package/dist/assets/app/messages-CLbTz0o9.js.map +1 -0
package/dist/assets/app/messages-CNwSh0t7.js +4 -0
package/dist/assets/app/messages-CNwSh0t7.js.map +1 -0
package/dist/assets/app/messages-CSMNJ6P8.js +4 -0
package/dist/assets/app/messages-CSMNJ6P8.js.map +1 -0
package/dist/assets/app/messages-CZQUw3mp.js +4 -0
package/dist/assets/app/messages-CZQUw3mp.js.map +1 -0
package/dist/assets/app/messages-CZT41oVp.js +4 -0
package/dist/assets/app/messages-CZT41oVp.js.map +1 -0
package/dist/assets/app/messages-C_b-d3t8.js +4 -0
package/dist/assets/app/messages-C_b-d3t8.js.map +1 -0
package/dist/assets/app/messages-C_u3MTc2.js +4 -0
package/dist/assets/app/messages-C_u3MTc2.js.map +1 -0
package/dist/assets/app/messages-Cn8nHZic.js +4 -0
package/dist/assets/app/messages-Cn8nHZic.js.map +1 -0
package/dist/assets/app/messages-CtDywJUm.js +4 -0
package/dist/assets/app/messages-CtDywJUm.js.map +1 -0
package/dist/assets/app/messages-CurtIjBF.js +4 -0
package/dist/assets/app/messages-CurtIjBF.js.map +1 -0
package/dist/assets/app/messages-Cv6zIbaP.js +4 -0
package/dist/assets/app/messages-Cv6zIbaP.js.map +1 -0
package/dist/assets/app/messages-D1eLQuPE.js +4 -0
package/dist/assets/app/messages-D1eLQuPE.js.map +1 -0
package/dist/assets/app/messages-D8vHEaYW.js +4 -0
package/dist/assets/app/messages-D8vHEaYW.js.map +1 -0
package/dist/assets/app/messages-DJ1Q4GeC.js +4 -0
package/dist/assets/app/messages-DJ1Q4GeC.js.map +1 -0
package/dist/assets/app/messages-DRL3exqd.js +4 -0
package/dist/assets/app/messages-DRL3exqd.js.map +1 -0
package/dist/assets/app/messages-DWLPQRTp.js +4 -0
package/dist/assets/app/messages-DWLPQRTp.js.map +1 -0
package/dist/assets/app/messages-DjVaE9YE.js +4 -0
package/dist/assets/app/messages-DjVaE9YE.js.map +1 -0
package/dist/assets/app/messages-DqpMfFJR.js +4 -0
package/dist/assets/app/messages-DqpMfFJR.js.map +1 -0
package/dist/assets/app/messages-ETjhJBEN.js +4 -0
package/dist/assets/app/messages-ETjhJBEN.js.map +1 -0
package/dist/assets/app/messages-EUKrgrGn.js +4 -0
package/dist/assets/app/messages-EUKrgrGn.js.map +1 -0
package/dist/assets/app/messages-QQrOUcPW.js +4 -0
package/dist/assets/app/messages-QQrOUcPW.js.map +1 -0
package/dist/assets/app/messages-e2QGqFL6.js +4 -0
package/dist/assets/app/messages-e2QGqFL6.js.map +1 -0
package/dist/assets/app/messages-p61py7gD.js +4 -0
package/dist/assets/app/messages-p61py7gD.js.map +1 -0
package/dist/assets/asset.d.ts +1 -0
package/dist/assets/asset.d.ts.map +1 -1
package/dist/assets/assets-middleware.d.ts.map +1 -1
package/dist/assets/assets-middleware.js +12 -7
package/dist/assets/assets-middleware.js.map +1 -1
package/dist/assets/index.d.ts +3 -2
package/dist/assets/index.d.ts.map +1 -1
package/dist/assets/index.js +13 -1
package/dist/assets/index.js.map +1 -1
package/dist/client/client-store.d.ts +3 -3
package/dist/client/client-store.d.ts.map +1 -1
package/dist/client/client-store.js +6 -5
package/dist/client/client-store.js.map +1 -1
package/dist/device/device-manager.d.ts +12 -13
package/dist/device/device-manager.d.ts.map +1 -1
package/dist/device/device-manager.js +5 -3
package/dist/device/device-manager.js.map +1 -1
package/dist/device/device-store.d.ts +3 -3
package/dist/device/device-store.d.ts.map +1 -1
package/dist/device/device-store.js +10 -9
package/dist/device/device-store.js.map +1 -1
package/dist/dpop/dpop-manager.d.ts +15 -7
package/dist/dpop/dpop-manager.d.ts.map +1 -1
package/dist/dpop/dpop-manager.js +17 -3
package/dist/dpop/dpop-manager.js.map +1 -1
package/dist/dpop/dpop-nonce.d.ts +11 -5
package/dist/dpop/dpop-nonce.d.ts.map +1 -1
package/dist/dpop/dpop-nonce.js +47 -38
package/dist/dpop/dpop-nonce.js.map +1 -1
package/dist/errors/handle-unavailable-error.d.ts +11 -0
package/dist/errors/handle-unavailable-error.d.ts.map +1 -0
package/dist/errors/handle-unavailable-error.js +19 -0
package/dist/errors/handle-unavailable-error.js.map +1 -0
package/dist/errors/invalid-request-error.d.ts +6 -8
package/dist/errors/invalid-request-error.d.ts.map +1 -1
package/dist/errors/invalid-request-error.js +10 -8
package/dist/errors/invalid-request-error.js.map +1 -1
package/dist/lib/csp/index.d.ts +18 -0
package/dist/lib/csp/index.d.ts.map +1 -0
package/dist/lib/csp/index.js +72 -0
package/dist/lib/csp/index.js.map +1 -0
package/dist/lib/hcaptcha.d.ts +177 -0
package/dist/lib/hcaptcha.d.ts.map +1 -0
package/dist/lib/hcaptcha.js +155 -0
package/dist/lib/hcaptcha.js.map +1 -0
package/dist/lib/html/build-document.d.ts +11 -3
package/dist/lib/html/build-document.d.ts.map +1 -1
package/dist/lib/html/build-document.js +51 -15
package/dist/lib/html/build-document.js.map +1 -1
package/dist/lib/http/middleware.d.ts.map +1 -1
package/dist/lib/http/middleware.js +4 -1
package/dist/lib/http/middleware.js.map +1 -1
package/dist/lib/http/request.d.ts +18 -3
package/dist/lib/http/request.d.ts.map +1 -1
package/dist/lib/http/request.js +56 -23
package/dist/lib/http/request.js.map +1 -1
package/dist/lib/http/response.d.ts +4 -2
package/dist/lib/http/response.d.ts.map +1 -1
package/dist/lib/http/response.js +23 -5
package/dist/lib/http/response.js.map +1 -1
package/dist/lib/locale.d.ts +15 -0
package/dist/lib/locale.d.ts.map +1 -0
package/dist/lib/locale.js +17 -0
package/dist/lib/locale.js.map +1 -0
package/dist/lib/util/function.d.ts +2 -2
package/dist/lib/util/function.d.ts.map +1 -1
package/dist/lib/util/function.js.map +1 -1
package/dist/lib/util/type.d.ts +88 -1
package/dist/lib/util/type.d.ts.map +1 -1
package/dist/lib/util/type.js +41 -0
package/dist/lib/util/type.js.map +1 -1
package/dist/metadata/build-metadata.d.ts +2 -2
package/dist/metadata/build-metadata.d.ts.map +1 -1
package/dist/metadata/build-metadata.js.map +1 -1
package/dist/oauth-errors.d.ts +1 -0
package/dist/oauth-errors.d.ts.map +1 -1
package/dist/oauth-errors.js +3 -1
package/dist/oauth-errors.js.map +1 -1
package/dist/oauth-hooks.d.ts +60 -3
package/dist/oauth-hooks.d.ts.map +1 -1
package/dist/oauth-hooks.js +3 -3
package/dist/oauth-hooks.js.map +1 -1
package/dist/oauth-provider.d.ts +28 -22
package/dist/oauth-provider.d.ts.map +1 -1
package/dist/oauth-provider.js +212 -211
package/dist/oauth-provider.js.map +1 -1
package/dist/oauth-verifier.d.ts +1 -1
package/dist/oauth-verifier.d.ts.map +1 -1
package/dist/oauth-verifier.js +2 -1
package/dist/oauth-verifier.js.map +1 -1
package/dist/output/build-authorize-data.d.ts +0 -1
package/dist/output/build-authorize-data.d.ts.map +1 -1
package/dist/output/build-authorize-data.js +0 -1
package/dist/output/build-authorize-data.js.map +1 -1
package/dist/output/build-customization-data.d.ts +232 -0
package/dist/output/build-customization-data.d.ts.map +1 -0
package/dist/output/build-customization-data.js +145 -0
package/dist/output/build-customization-data.js.map +1 -0
package/dist/output/output-manager.d.ts +16 -9
package/dist/output/output-manager.d.ts.map +1 -1
package/dist/output/output-manager.js +78 -42
package/dist/output/output-manager.js.map +1 -1
package/dist/output/send-authorize-redirect.d.ts +9 -6
package/dist/output/send-authorize-redirect.d.ts.map +1 -1
package/dist/output/send-authorize-redirect.js +20 -14
package/dist/output/send-authorize-redirect.js.map +1 -1
package/dist/output/send-web-page.d.ts +7 -2
package/dist/output/send-web-page.d.ts.map +1 -1
package/dist/output/send-web-page.js +37 -21
package/dist/output/send-web-page.js.map +1 -1
package/dist/request/request-manager.d.ts +1 -1
package/dist/request/request-manager.d.ts.map +1 -1
package/dist/request/request-manager.js +4 -4
package/dist/request/request-manager.js.map +1 -1
package/dist/request/request-store.d.ts +3 -3
package/dist/request/request-store.d.ts.map +1 -1
package/dist/request/request-store.js +11 -10
package/dist/request/request-store.js.map +1 -1
package/dist/token/token-store.d.ts +4 -4
package/dist/token/token-store.d.ts.map +1 -1
package/dist/token/token-store.js +13 -12
package/dist/token/token-store.js.map +1 -1
package/package.json +46 -21
package/rollup.config.js +61 -17
package/src/account/account-manager.ts +159 -8
package/src/account/account-store.ts +127 -32
package/src/account/sign-in-data.ts +15 -0
package/src/account/sign-up-data.ts +11 -0
package/src/assets/app/app.tsx +31 -16
package/src/assets/app/backend-data.ts +15 -60
package/src/assets/app/backend-types.ts +66 -0
package/src/assets/app/components/forms/button-toggle-visibility.tsx +43 -0
package/src/assets/app/components/forms/button.tsx +60 -0
package/src/assets/app/components/forms/fieldset.tsx +55 -0
package/src/assets/app/components/forms/form-card-async.tsx +103 -0
package/src/assets/app/components/forms/form-card.tsx +49 -0
package/src/assets/app/components/forms/input-checkbox.tsx +73 -0
package/src/assets/app/components/forms/input-container.tsx +107 -0
package/src/assets/app/components/forms/input-email-address.tsx +66 -0
package/src/assets/app/components/forms/input-new-password.tsx +62 -0
package/src/assets/app/components/forms/input-password.tsx +88 -0
package/src/assets/app/components/forms/input-text.tsx +76 -0
package/src/assets/app/components/forms/input-token.tsx +94 -0
package/src/assets/app/components/forms/wizard-card.tsx +116 -0
package/src/assets/app/components/layouts/layout-title-page.tsx +77 -0
package/src/assets/app/components/layouts/layout-welcome.tsx +73 -0
package/src/assets/app/components/utils/account-identifier.tsx +23 -0
package/src/assets/app/components/utils/account-image.tsx +33 -0
package/src/assets/app/components/utils/admonition.tsx +52 -0
package/src/assets/app/components/utils/client-name.tsx +45 -0
package/src/assets/app/components/utils/error-card.tsx +93 -0
package/src/assets/app/components/utils/error-message.tsx +62 -0
package/src/assets/app/components/utils/help-card.tsx +46 -0
package/src/assets/app/components/utils/icons.tsx +88 -0
package/src/assets/app/components/utils/link-anchor.tsx +28 -0
package/src/assets/app/components/utils/link-title.tsx +26 -0
package/src/assets/app/components/utils/multi-lang-string.tsx +56 -0
package/src/assets/app/components/utils/password-strength-label.tsx +37 -0
package/src/assets/app/components/utils/password-strength-meter.tsx +58 -0
package/src/assets/app/components/{url-viewer.tsx → utils/url-viewer.tsx} +9 -6
package/src/assets/app/hooks/use-api.ts +128 -55
package/src/assets/app/hooks/use-async-action.ts +120 -0
package/src/assets/app/hooks/use-browser-color-scheme.ts +31 -0
package/src/assets/app/hooks/use-csrf-token.ts +1 -1
package/src/assets/app/hooks/use-random-string.ts +37 -0
package/src/assets/app/hooks/use-stepper.ts +87 -0
package/src/assets/app/index.html +182 -0
package/src/assets/app/lib/api.ts +248 -79
package/src/assets/app/lib/clsx.ts +5 -8
package/src/assets/app/lib/json-client.ts +94 -0
package/src/assets/app/lib/password.ts +98 -0
package/src/assets/app/lib/ref.ts +17 -0
package/src/assets/app/locales/an/messages.po +492 -0
package/src/assets/app/locales/ast/messages.po +492 -0
package/src/assets/app/locales/ca/messages.po +492 -0
package/src/assets/app/locales/da/messages.po +492 -0
package/src/assets/app/locales/de/messages.po +492 -0
package/src/assets/app/locales/el/messages.po +492 -0
package/src/assets/app/locales/en/messages.po +492 -0
package/src/assets/app/locales/en-GB/messages.po +492 -0
package/src/assets/app/locales/es/messages.po +492 -0
package/src/assets/app/locales/eu/messages.po +492 -0
package/src/assets/app/locales/fi/messages.po +492 -0
package/src/assets/app/locales/fr/messages.po +492 -0
package/src/assets/app/locales/ga/messages.po +492 -0
package/src/assets/app/locales/gl/messages.po +492 -0
package/src/assets/app/locales/hi/messages.po +492 -0
package/src/assets/app/locales/hu/messages.po +492 -0
package/src/assets/app/locales/ia/messages.po +492 -0
package/src/assets/app/locales/id/messages.po +492 -0
package/src/assets/app/locales/it/messages.po +492 -0
package/src/assets/app/locales/ja/messages.po +492 -0
package/src/assets/app/locales/km/messages.po +492 -0
package/src/assets/app/locales/ko/messages.po +492 -0
package/src/assets/app/locales/load.ts +8 -0
package/src/assets/app/locales/locale-context.ts +19 -0
package/src/assets/app/locales/locale-provider.tsx +112 -0
package/src/assets/app/locales/locale-selector.tsx +58 -0
package/src/assets/app/locales/locales.ts +168 -0
package/src/assets/app/locales/ne/messages.po +492 -0
package/src/assets/app/locales/nl/messages.po +492 -0
package/src/assets/app/locales/pl/messages.po +492 -0
package/src/assets/app/locales/pt-BR/messages.po +492 -0
package/src/assets/app/locales/ro/messages.po +492 -0
package/src/assets/app/locales/ru/messages.po +492 -0
package/src/assets/app/locales/sv/messages.po +492 -0
package/src/assets/app/locales/th/messages.po +492 -0
package/src/assets/app/locales/tr/messages.po +492 -0
package/src/assets/app/locales/uk/messages.po +492 -0
package/src/assets/app/locales/vi/messages.po +492 -0
package/src/assets/app/locales/zh-CN/messages.po +492 -0
package/src/assets/app/locales/zh-HK/messages.po +492 -0
package/src/assets/app/locales/zh-TW/messages.po +492 -0
package/src/assets/app/main.css +23 -2
package/src/assets/app/main.tsx +24 -8
package/src/assets/app/views/authorize/accept/accept-form.tsx +150 -0
package/src/assets/app/views/authorize/accept/accept-view.tsx +70 -0
package/src/assets/app/views/authorize/authorize-view.tsx +180 -0
package/src/assets/app/views/authorize/reset-password/reset-password-confirm-form.tsx +88 -0
package/src/assets/app/views/authorize/reset-password/reset-password-request-form.tsx +80 -0
package/src/assets/app/views/authorize/reset-password/reset-password-view.tsx +127 -0
package/src/assets/app/views/authorize/sign-in/sign-in-form.tsx +244 -0
package/src/assets/app/views/authorize/sign-in/sign-in-picker.tsx +116 -0
package/src/assets/app/views/authorize/sign-in/sign-in-view.tsx +145 -0
package/src/assets/app/views/authorize/sign-up/sign-up-account-form.tsx +140 -0
package/src/assets/app/views/authorize/sign-up/sign-up-disclaimer.tsx +51 -0
package/src/assets/app/views/authorize/sign-up/sign-up-handle-form.tsx +289 -0
package/src/assets/app/views/authorize/sign-up/sign-up-hcaptcha-form.tsx +108 -0
package/src/assets/app/views/authorize/sign-up/sign-up-view.tsx +158 -0
package/src/assets/app/views/authorize/welcome/welcome-view.tsx +56 -0
package/src/assets/app/views/error/error-view.tsx +31 -0
package/src/assets/asset.ts +1 -0
package/src/assets/assets-middleware.ts +13 -8
package/src/assets/index.ts +15 -2
package/src/client/client-store.ts +10 -12
package/src/device/device-manager.ts +14 -15
package/src/device/device-store.ts +9 -15
package/src/dpop/dpop-manager.ts +20 -8
package/src/dpop/dpop-nonce.ts +58 -40
package/src/errors/handle-unavailable-error.ts +18 -0
package/src/errors/invalid-request-error.ts +10 -8
package/src/lib/csp/index.ts +98 -0
package/src/lib/hcaptcha.ts +182 -0
package/src/lib/html/build-document.ts +60 -16
package/src/lib/http/middleware.ts +4 -3
package/src/lib/http/request.ts +81 -28
package/src/lib/http/response.ts +22 -9
package/src/lib/locale.ts +21 -0
package/src/lib/util/function.ts +0 -3
package/src/lib/util/type.ts +130 -1
package/src/metadata/build-metadata.ts +2 -1
package/src/oauth-errors.ts +1 -0
package/src/oauth-hooks.ts +69 -3
package/src/oauth-provider.ts +410 -315
package/src/oauth-verifier.ts +3 -1
package/src/output/build-authorize-data.ts +1 -3
package/src/output/build-customization-data.ts +189 -0
package/src/output/output-manager.ts +111 -48
package/src/output/send-authorize-redirect.ts +43 -36
package/src/output/send-web-page.ts +40 -26
package/src/request/request-manager.ts +4 -4
package/src/request/request-store.ts +12 -16
package/src/token/token-store.ts +14 -18
package/tailwind.config.js +5 -0
package/tsconfig.backend.tsbuildinfo +1 -1
package/tsconfig.frontend.tsbuildinfo +1 -1
package/tsconfig.tools.tsbuildinfo +1 -1
package/vite.config.mjs +16 -0
package/.postcssrc.yml +0 -3
package/dist/assets/app/main.css +0 -3
package/dist/assets/app/main.js +0 -20
package/dist/assets/app/main.js.map +0 -1
package/dist/output/customization.d.ts +0 -27
package/dist/output/customization.d.ts.map +0 -1
package/dist/output/customization.js +0 -88
package/dist/output/customization.js.map +0 -1
package/src/assets/app/components/accept-form.tsx +0 -137
package/src/assets/app/components/account-identifier.tsx +0 -18
package/src/assets/app/components/account-picker.tsx +0 -127
package/src/assets/app/components/button.tsx +0 -34
package/src/assets/app/components/client-name.tsx +0 -37
package/src/assets/app/components/fieldset.tsx +0 -26
package/src/assets/app/components/form-card.tsx +0 -47
package/src/assets/app/components/help-card.tsx +0 -42
package/src/assets/app/components/icons/alert-icon.tsx +0 -5
package/src/assets/app/components/icons/at-symbol-icon.tsx +0 -5
package/src/assets/app/components/icons/caret-right-icon.tsx +0 -5
package/src/assets/app/components/icons/lock-icon.tsx +0 -5
package/src/assets/app/components/icons/token-icon.tsx +0 -5
package/src/assets/app/components/icons/util.tsx +0 -17
package/src/assets/app/components/info-card.tsx +0 -45
package/src/assets/app/components/input-checkbox.tsx +0 -47
package/src/assets/app/components/input-container.tsx +0 -37
package/src/assets/app/components/input-layout.tsx +0 -47
package/src/assets/app/components/input-text.tsx +0 -69
package/src/assets/app/components/layout-title-page.tsx +0 -60
package/src/assets/app/components/layout-welcome.tsx +0 -74
package/src/assets/app/components/sign-in-form.tsx +0 -337
package/src/assets/app/components/sign-up-account-form.tsx +0 -194
package/src/assets/app/components/sign-up-disclaimer.tsx +0 -44
package/src/assets/app/views/accept-view.tsx +0 -55
package/src/assets/app/views/authorize-view.tsx +0 -106
package/src/assets/app/views/error-view.tsx +0 -36
package/src/assets/app/views/sign-in-view.tsx +0 -111
package/src/assets/app/views/sign-up-view.tsx +0 -86
package/src/assets/app/views/welcome-view.tsx +0 -54
package/src/output/customization.ts +0 -118

package/src/assets/index.ts CHANGED Viewed

@@ -19,7 +19,7 @@ import type { ManifestItem } from '@atproto-labs/rollup-plugin-bundle-manifest'
 // @ts-expect-error: This file is generated at build time
 // eslint-disable-next-line import/no-unresolved
 import appBundleManifestJson from './app/bundle-manifest.json'
-import { Asset } from './asset'
+import { Asset } from './asset.js'
 const appBundleManifest: Map<string, ManifestItem> = new Map(
   Object.entries(appBundleManifestJson),
@@ -27,7 +27,15 @@ const appBundleManifest: Map<string, ManifestItem> = new Map(
 export const ASSETS_URL_PREFIX = '/@atproto/oauth-provider/~assets/'
-export async function getAsset(inputFilename: string): Promise<Asset> {
+export function* enumerateAssets(mime: string): IteratorObject<Asset, void> {
+  for (const [filename, manifest] of appBundleManifest) {
+    if (manifest.mime === mime) {
+      yield manifestItemToAsset(filename, manifest)
+    }
+  }
+}
+export function getAsset(inputFilename: string): Asset {
   const filename = posix.normalize(inputFilename)
   if (
@@ -41,6 +49,10 @@ export async function getAsset(inputFilename: string): Promise<Asset> {
   const manifest = appBundleManifest.get(filename)
   if (!manifest) throw new AssetNotFoundError(filename)
+  return manifestItemToAsset(filename, manifest)
+}
+function manifestItemToAsset(filename: string, manifest: ManifestItem): Asset {
   // When this package is used as a regular "node_modules" dependency, and gets
   // bundled by the consumer, the assets should be copied to the bundle's output
   // directory. In case the bundler does not support copying assets from the
@@ -53,6 +65,7 @@ export async function getAsset(inputFilename: string): Promise<Asset> {
   return {
     url: posix.join(ASSETS_URL_PREFIX, filename),
     type: manifest.mime,
+    isEntry: manifest.type === 'chunk' && manifest.isEntry,
     sha256: manifest.sha256,
     createStream: data
       ? () => Readable.from(Buffer.from(data, 'base64'))

package/src/client/client-store.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { OAuthClientMetadata } from '@atproto/oauth-types'
-import { Awaitable } from '../lib/util/type.js'
+import { Awaitable, buildInterfaceChecker } from '../lib/util/type.js'
 import { ClientId } from './client-id.js'
 // Export all types needed to implement the ClientStore interface
@@ -11,15 +11,13 @@ export interface ClientStore {
   findClient(clientId: ClientId): Awaitable<OAuthClientMetadata>
 }
-export function isClientStore(
-  implementation: Record<string, unknown> & Partial<ClientStore>,
-): implementation is Record<string, unknown> & ClientStore {
-  return typeof implementation.findClient === 'function'
-}
+export const isClientStore = buildInterfaceChecker<ClientStore>([
+  'findClient', //
+])
-export function ifClientStore(
-  implementation?: Record<string, unknown> & Partial<ClientStore>,
-): ClientStore | undefined {
+export function ifClientStore<V extends Partial<ClientStore>>(
+  implementation?: V,
+): (V & ClientStore) | undefined {
   if (implementation && isClientStore(implementation)) {
     return implementation
   }
@@ -27,9 +25,9 @@ export function ifClientStore(
   return undefined
 }
-export function asClientStore(
-  implementation?: Record<string, unknown> & Partial<ClientStore>,
-): ClientStore {
+export function asClientStore<V extends Partial<ClientStore>>(
+  implementation?: V,
+): V & ClientStore {
   const store = ifClientStore(implementation)
   if (store) return store

package/src/device/device-manager.ts CHANGED Viewed

@@ -22,10 +22,13 @@ export const deviceManagerOptionsSchema = z.object({
   /**
    * Controls whether the IP address is read from the `X-Forwarded-For` header
    * (if `true`), or from the `req.socket.remoteAddress` property (if `false`).
-   *
-   * @default true // (nowadays, most requests are proxied)
    */
-  trustProxy: z.boolean().default(true),
+  trustProxy: z
+    .function()
+    .args<[addr: z.ZodString, i: z.ZodNumber]>(z.string(), z.number())
+    .returns(z.boolean())
+    .optional(),
   /**
    * Amount of time (in ms) after which session IDs will be rotated
    *
@@ -88,6 +91,11 @@ export type DeviceManagerOptions = z.input<typeof deviceManagerOptionsSchema>
 const cookieValueSchema = z.tuple([deviceIdSchema, sessionIdSchema])
 type CookieValue = z.infer<typeof cookieValueSchema>
+export type DeviceInfo = {
+  deviceId: DeviceId
+  deviceMetadata: RequestMetadata
+}
 /**
  * This class provides an abstraction for keeping track of DEVICE sessions. It
  * relies on a {@link DeviceStore} to persist session data and a cookie to
@@ -107,10 +115,7 @@ export class DeviceManager {
     req: IncomingMessage,
     res: ServerResponse,
     forceRotate = false,
-  ): Promise<{
-    deviceId: DeviceId
-    deviceMetadata: RequestMetadata
-  }> {
+  ): Promise<DeviceInfo> {
     const cookie = await this.getCookie(req)
     if (cookie) {
       return this.refresh(
@@ -127,10 +132,7 @@ export class DeviceManager {
   private async create(
     req: IncomingMessage,
     res: ServerResponse,
-  ): Promise<{
-    deviceId: DeviceId
-    deviceMetadata: RequestMetadata
-  }> {
+  ): Promise<DeviceInfo> {
     const deviceMetadata = this.getRequestMetadata(req)
     const [deviceId, sessionId] = await Promise.all([
@@ -155,10 +157,7 @@ export class DeviceManager {
     res: ServerResponse,
     [deviceId, sessionId]: CookieValue,
     forceRotate = false,
-  ): Promise<{
-    deviceId: DeviceId
-    deviceMetadata: RequestMetadata
-  }> {
+  ): Promise<DeviceInfo> {
     const data = await this.store.readDevice(deviceId)
     if (!data) return this.create(req, res)

package/src/device/device-store.ts CHANGED Viewed

@@ -1,10 +1,10 @@
-import { Awaitable } from '../lib/util/type.js'
+import { Awaitable, buildInterfaceChecker } from '../lib/util/type.js'
 import { DeviceData } from './device-data.js'
 import { DeviceId } from './device-id.js'
 // Export all types needed to implement the DeviceStore interface
-export * from './device-id.js'
 export * from './device-data.js'
+export * from './device-id.js'
 export * from './session-id.js'
 export interface DeviceStore {
@@ -14,20 +14,14 @@ export interface DeviceStore {
   deleteDevice(deviceId: DeviceId): Awaitable<void>
 }
-export function isDeviceStore(
-  implementation: Record<string, unknown> & Partial<DeviceStore>,
-): implementation is Record<string, unknown> & DeviceStore {
-  return (
-    typeof implementation.createDevice === 'function' &&
-    typeof implementation.readDevice === 'function' &&
-    typeof implementation.updateDevice === 'function' &&
-    typeof implementation.deleteDevice === 'function'
-  )
-}
+export const isDeviceStore = buildInterfaceChecker<DeviceStore>([
+  'createDevice',
+  'readDevice',
+  'updateDevice',
+  'deleteDevice',
+])
-export function asDeviceStore(
-  implementation?: Record<string, unknown> & Partial<DeviceStore>,
-): DeviceStore {
+export function asDeviceStore<V>(implementation: V): V & DeviceStore {
   if (!implementation || !isDeviceStore(implementation)) {
     throw new Error('Invalid DeviceStore implementation')
   }

package/src/dpop/dpop-manager.ts CHANGED Viewed

@@ -1,30 +1,42 @@
 import { createHash } from 'node:crypto'
 import { EmbeddedJWK, calculateJwkThumbprint, errors, jwtVerify } from 'jose'
+import { z } from 'zod'
 import { DPOP_NONCE_MAX_AGE } from '../constants.js'
 import { InvalidDpopProofError } from '../errors/invalid-dpop-proof-error.js'
 import { UseDpopNonceError } from '../errors/use-dpop-nonce-error.js'
-import { DpopNonce, DpopNonceInput } from './dpop-nonce.js'
+import {
+  DpopNonce,
+  DpopSecret,
+  dpopSecretSchema,
+  rotationIntervalSchema,
+} from './dpop-nonce.js'
 const { JOSEError } = errors
-export { DpopNonce, type DpopNonceInput }
-export type DpopManagerOptions = {
+export { DpopNonce, type DpopSecret }
+export const dpopManagerOptionsSchema = z.object({
   /**
    * Set this to `false` to disable the use of nonces in DPoP proofs. Set this
    * to a secret Uint8Array or hex encoded string to use a predictable seed for
    * all nonces (typically useful when multiple instances are running). Leave
    * undefined to generate a random seed at startup.
    */
-  dpopSecret?: false | DpopNonceInput
-  dpopStep?: number
-}
+  dpopSecret: z.union([z.literal(false), dpopSecretSchema]).optional(),
+  dpopRotationInterval: rotationIntervalSchema.optional(),
+})
+export type DpopManagerOptions = z.input<typeof dpopManagerOptionsSchema>
 export class DpopManager {
   protected readonly dpopNonce?: DpopNonce
-  constructor({ dpopSecret, dpopStep }: DpopManagerOptions = {}) {
+  constructor(options: DpopManagerOptions = {}) {
+    const { dpopSecret, dpopRotationInterval } =
+      dpopManagerOptionsSchema.parse(options)
     this.dpopNonce =
-      dpopSecret === false ? undefined : DpopNonce.from(dpopSecret, dpopStep)
+      dpopSecret === false
+        ? undefined
+        : new DpopNonce(dpopSecret, dpopRotationInterval)
   }
   nextNonce(): string | undefined {

package/src/dpop/dpop-nonce.ts CHANGED Viewed

@@ -1,48 +1,68 @@
 import { createHmac, randomBytes } from 'node:crypto'
+import { z } from 'zod'
 import { DPOP_NONCE_MAX_AGE } from '../constants.js'
-function numTo64bits(num: number) {
-  const arr = new Uint8Array(8)
-  arr[7] = (num = num | 0) & 0xff
-  arr[6] = (num >>= 8) & 0xff
-  arr[5] = (num >>= 8) & 0xff
-  arr[4] = (num >>= 8) & 0xff
-  arr[3] = (num >>= 8) & 0xff
-  arr[2] = (num >>= 8) & 0xff
-  arr[1] = (num >>= 8) & 0xff
-  arr[0] = (num >>= 8) & 0xff
-  return arr
-}
+const MAX_ROTATION_INTERVAL = DPOP_NONCE_MAX_AGE / 3
+const MIN_ROTATION_INTERVAL = Math.min(1000, MAX_ROTATION_INTERVAL)
+export const rotationIntervalSchema = z
+  .number()
+  .int()
+  .min(MIN_ROTATION_INTERVAL)
+  .max(MAX_ROTATION_INTERVAL)
+const SECRET_BYTE_LENGTH = 32
-export type DpopNonceInput = string | Uint8Array | DpopNonce
+export const secretBytesSchema = z
+  .instanceof(Uint8Array)
+  .refine((secret) => secret.length === SECRET_BYTE_LENGTH, {
+    message: `Secret must be exactly ${SECRET_BYTE_LENGTH} bytes long`,
+  })
+export const secretHexSchema = z
+  .string()
+  .regex(
+    /^[0-9a-f]+$/i,
+    `Secret must be a ${SECRET_BYTE_LENGTH * 2} chars hex string`,
+  )
+  .length(SECRET_BYTE_LENGTH * 2)
+  .transform((hex): Uint8Array => Buffer.from(hex, 'hex'))
+export const dpopSecretSchema = z.union([secretBytesSchema, secretHexSchema])
+export type DpopSecret = z.input<typeof dpopSecretSchema>
 export class DpopNonce {
-  #secret: Uint8Array
-  #counter: number
+  readonly #rotationInterval: number
+  readonly #secret: Uint8Array
+  // Nonce state
+  #counter: number
   #prev: string
   #now: string
   #next: string
   constructor(
-    protected readonly secret: Uint8Array,
-    protected readonly step: number,
+    secret: DpopSecret = randomBytes(SECRET_BYTE_LENGTH),
+    rotationInterval = MAX_ROTATION_INTERVAL,
   ) {
-    if (secret.length !== 32) throw new TypeError('Expected 32 bytes')
-    if (this.step < 0 || this.step > DPOP_NONCE_MAX_AGE / 3) {
-      throw new TypeError('Invalid step')
-    }
-    this.#secret = Uint8Array.from(secret)
-    this.#counter = (Date.now() / step) | 0
+    this.#rotationInterval = rotationIntervalSchema.parse(rotationInterval)
+    this.#secret = Uint8Array.from(dpopSecretSchema.parse(secret))
+    this.#counter = this.currentCounter
     this.#prev = this.compute(this.#counter - 1)
     this.#now = this.compute(this.#counter)
     this.#next = this.compute(this.#counter + 1)
   }
+  /**
+   * Returns the number of full rotations since the epoch
+   */
+  protected get currentCounter() {
+    return (Date.now() / this.#rotationInterval) | 0
+  }
   protected rotate() {
-    const counter = (Date.now() / this.step) | 0
+    const counter = this.currentCounter
     switch (counter - this.#counter) {
       case 0:
         // counter === this.#counter => nothing to do
@@ -84,20 +104,18 @@ export class DpopNonce {
   public check(nonce: string) {
     return this.#next === nonce || this.#now === nonce || this.#prev === nonce
   }
+}
-  static from(
-    input: DpopNonceInput = randomBytes(32),
-    step = DPOP_NONCE_MAX_AGE / 3,
-  ): DpopNonce {
-    if (input instanceof DpopNonce) {
-      return input
-    }
-    if (input instanceof Uint8Array) {
-      return new DpopNonce(input, step)
-    }
-    if (typeof input === 'string') {
-      return new DpopNonce(Buffer.from(input, 'hex'), step)
-    }
-    return new DpopNonce(input, step)
-  }
+function numTo64bits(num: number) {
+  const arr = new Uint8Array(8)
+  // @NOTE Assigning to an uint8 will only keep the last 8 int bits
+  arr[7] = num |= 0
+  arr[6] = num >>= 8
+  arr[5] = num >>= 8
+  arr[4] = num >>= 8
+  arr[3] = num >>= 8
+  arr[2] = num >>= 8
+  arr[1] = num >>= 8
+  arr[0] = num >>= 8
+  return arr
 }

package/src/errors/handle-unavailable-error.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { OAuthError } from './oauth-error.js'
+export class HandleUnavailableError extends OAuthError {
+  constructor(
+    readonly reason: 'syntax' | 'domain' | 'slur' | 'taken',
+    details: string = 'That handle is not available',
+    cause?: unknown,
+  ) {
+    super('handle_unavailable', details, 400, cause)
+  }
+  toJSON() {
+    return {
+      ...super.toJSON(),
+      reason: this.reason,
+    } as const
+  }
+}

package/src/errors/invalid-request-error.ts CHANGED Viewed

@@ -2,23 +2,20 @@ import { OAuthError } from './oauth-error.js'
 /**
  * @see
- * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token }
- *
- * The request is missing a required parameter, includes an unsupported
+ * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 | RFC6749 - Issuing an Access Token}
+ * : The request is missing a required parameter, includes an unsupported
  * parameter value (other than grant type), repeats a parameter, includes
  * multiple credentials, utilizes more than one mechanism for authenticating the
  * client, or is otherwise malformed.
  *
  * @see
  * {@link https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 | RFC6749 - Authorization Code Grant, Authorization Request}
- *
- * The request is missing a required parameter, includes an invalid parameter
+ * : The request is missing a required parameter, includes an invalid parameter
  * value, includes a parameter more than once, or is otherwise malformed.
  *
  * @see
- * {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 | RFC6750 - The WWW-Authenticate Response Header Field }
- *
- * The request is missing a required parameter, includes an unsupported
+ * {@link https://datatracker.ietf.org/doc/html/rfc6750#section-3.1 | RFC6750 - The WWW-Authenticate Response Header Field}
+ * : The request is missing a required parameter, includes an unsupported
  * parameter or parameter value, repeats the same parameter, uses more than one
  * method for including an access token, or is otherwise malformed. The resource
  * server SHOULD respond with the HTTP 400 (Bad Request) status code.
@@ -27,4 +24,9 @@ export class InvalidRequestError extends OAuthError {
   constructor(error_description: string, cause?: unknown) {
     super('invalid_request', error_description, 400, cause)
   }
+  static from(err: unknown, message = 'Invalid request data'): OAuthError {
+    if (err instanceof OAuthError) return err
+    return new InvalidRequestError(message, err)
+  }
 }

package/src/lib/csp/index.ts ADDED Viewed

@@ -0,0 +1,98 @@
+import { Simplify } from '../util/type.js'
+export type CspValue =
+  | `data:`
+  | `https:${string}`
+  | `'none'`
+  | `'self'`
+  | `'sha256-${string}'`
+  | `'nonce-${string}'`
+  | `'unsafe-inline'`
+  | `'unsafe-eval'`
+  | `'strict-dynamic'`
+  | `'report-sample'`
+  | `'unsafe-hashes'`
+const STRING_DIRECTIVES = ['base-uri'] as const
+const BOOLEAN_DIRECTIVES = [
+  'upgrade-insecure-requests',
+  'block-all-mixed-content',
+] as const
+const ARRAY_DIRECTIVES = [
+  'connect-src',
+  'default-src',
+  'form-action',
+  'frame-ancestors',
+  'frame-src',
+  'img-src',
+  'script-src',
+  'style-src',
+] as const
+export type CspConfig = Simplify<
+  {
+    [K in (typeof BOOLEAN_DIRECTIVES)[number]]?: boolean
+  } & {
+    [K in (typeof STRING_DIRECTIVES)[number]]?: CspValue
+  } & {
+    [K in (typeof ARRAY_DIRECTIVES)[number]]?: readonly CspValue[]
+  }
+>
+const NONE = "'none'"
+export function buildCsp(config: CspConfig): string {
+  const values: string[] = []
+  for (const name of BOOLEAN_DIRECTIVES) {
+    if (config[name] === true) values.push(name)
+  }
+  for (const name of STRING_DIRECTIVES) {
+    if (config[name]) values.push(`${name} ${config[name]}`)
+  }
+  for (const name of ARRAY_DIRECTIVES) {
+    if (config[name]?.length) values.push(`${name} ${config[name].join(' ')}`)
+  }
+  return values.join('; ')
+}
+export function mergeCsp(a: CspConfig, b?: CspConfig): CspConfig
+export function mergeCsp(a: CspConfig | undefined, b: CspConfig): CspConfig
+export function mergeCsp(a?: CspConfig, b?: CspConfig): CspConfig | undefined
+export function mergeCsp(a?: CspConfig, b?: CspConfig): CspConfig | undefined {
+  if (!a) return b
+  if (!b) return a
+  const result: CspConfig = {}
+  for (const name of BOOLEAN_DIRECTIVES) {
+    if (a[name] || b[name]) {
+      result[name] = true
+    }
+  }
+  for (const name of STRING_DIRECTIVES) {
+    if (a[name] || b[name]) {
+      const aNotNone = a[name] === NONE ? undefined : a[name]
+      const bNotNone = b[name] === NONE ? undefined : b[name]
+      // @NOTE b takes precedence
+      result[name] = bNotNone || aNotNone || NONE
+    }
+  }
+  for (const name of ARRAY_DIRECTIVES) {
+    if (a[name] && b[name]) {
+      const set = new Set(a[name])
+      if (b[name]) for (const value of b[name]) set.add(value)
+      if (set.size > 1 && set.has(NONE)) set.delete(NONE)
+      result[name] = [...set]
+    } else if (a[name] || b[name]) {
+      result[name] = Array.from((a[name] || b[name])!)
+    }
+  }
+  return result
+}