@atproto/oauth-provider 0.4.0 → 0.5.1

package/dist/output/build-customization-data.js

@@ -0,0 +1,174 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.customizationSchema = exports.brandingConfigSchema = exports.linkDefinitionSchema = exports.linkRelSchema = exports.localizedStringSchema = exports.colorsDefinitionSchema = exports.colorNameSchema = exports.colorNames = exports.hcaptchaConfigSchema = void 0;
+exports.buildCustomizationData = buildCustomizationData;
+exports.buildCustomizationCss = buildCustomizationCss;
+const zod_1 = require("zod");
+const hcaptcha_js_1 = require("../lib/hcaptcha.js");
+const build_document_js_1 = require("../lib/html/build-document.js");
+const locale_js_1 = require("../lib/locale.js");
+var hcaptcha_js_2 = require("../lib/hcaptcha.js");
+Object.defineProperty(exports, "hcaptchaConfigSchema", { enumerable: true, get: function () { return hcaptcha_js_2.hcaptchaConfigSchema; } });
+// Matches colors defined in tailwind.config.js
+exports.colorNames = ['brand', 'error', 'warning', 'success'];
+exports.colorNameSchema = zod_1.z.enum(exports.colorNames);
+const parsedColorSchema = zod_1.z.string().transform((value, ctx) => {
+    try {
+        const { r, g, b, a } = parseColor(value);
+        if (a != null) {
+            ctx.addIssue({
+                code: zod_1.z.ZodIssueCode.custom,
+                message: 'Alpha values are not supported',
+            });
+        }
+        return { r, g, b };
+    }
+    catch (e) {
+        ctx.addIssue({
+            code: zod_1.z.ZodIssueCode.custom,
+            message: e instanceof Error ? e.message : 'Invalid color value',
+        });
+        // Won't actually be used (since an issue was added):
+        return { r: 0, g: 0, b: 0 };
+    }
+});
+exports.colorsDefinitionSchema = zod_1.z.record(exports.colorNameSchema, parsedColorSchema.optional());
+exports.localizedStringSchema = zod_1.z.union([
+    zod_1.z.string(),
+    locale_js_1.multiLangStringSchema,
+]);
+exports.linkRelSchema = zod_1.z.string().refine(build_document_js_1.isLinkRel, 'Invalid link rel');
+exports.linkDefinitionSchema = zod_1.z.object({
+    title: exports.localizedStringSchema,
+    href: zod_1.z.string().url(),
+    rel: exports.linkRelSchema.optional(),
+});
+/**
+ * Aesthetic customization
+ */
+exports.brandingConfigSchema = zod_1.z.object({
+    name: zod_1.z.string().optional(),
+    logo: zod_1.z.string().optional(),
+    colors: exports.colorsDefinitionSchema.optional(),
+    links: zod_1.z.array(exports.linkDefinitionSchema).readonly().optional(),
+});
+exports.customizationSchema = zod_1.z.object({
+    /**
+     * Available user domains that can be used to sign up. A non-empty array
+     * is required to enable the sign-up feature.
+     */
+    availableUserDomains: zod_1.z.array(zod_1.z.string()).optional(),
+    /**
+     * UI customizations
+     */
+    branding: exports.brandingConfigSchema.optional(),
+    /**
+     * Is an invite code required to sign up?
+     */
+    inviteCodeRequired: zod_1.z.boolean().optional(),
+    /**
+     * Enables hCaptcha during sign-up.
+     */
+    hcaptcha: hcaptcha_js_1.hcaptchaConfigSchema.optional(),
+});
+function buildCustomizationData({ branding, availableUserDomains, inviteCodeRequired, hcaptcha, }) {
+    // @NOTE the front end does not need colors here as they will be injected as
+    // CSS variables.
+    // @NOTE We only copy the values explicitly needed to avoid leaking sensitive
+    // data (in case the caller passed more than what we expect).
+    return {
+        availableUserDomains,
+        inviteCodeRequired,
+        hcaptchaSiteKey: hcaptcha?.siteKey,
+        name: branding?.name,
+        logo: branding?.logo,
+        links: branding?.links,
+    };
+}
+function buildCustomizationCss({ branding }) {
+    const vars = Array.from(buildCustomizationVars(branding));
+    if (vars.length)
+        return `:root { ${vars.join(' ')} }`;
+    return '';
+}
+function* buildCustomizationVars(branding) {
+    if (branding?.colors) {
+        for (const name of exports.colorNames) {
+            const value = branding.colors[name];
+            if (!value)
+                continue; // Skip missing colors
+            const { r, g, b } = value;
+            const contrast = computeLuma({ r, g, b }) > 128 ? '0 0 0' : '255 255 255';
+            yield `--color-${name}: ${r} ${g} ${b};`;
+            yield `--color-${name}-c: ${contrast};`;
+        }
+    }
+}
+function parseColor(color) {
+    if (color.startsWith('#')) {
+        return parseHexColor(color);
+    }
+    if (color.startsWith('rgba(')) {
+        return parseRgbaColor(color);
+    }
+    if (color.startsWith('rgb(')) {
+        return parseRgbColor(color);
+    }
+    // Should never happen (as long as the input is a validated WebColor)
+    throw new TypeError(`Invalid color value: ${color}`);
+}
+function parseHexColor(v) {
+    // parseInt('az', 16) does not return NaN so we need to check the format
+    if (!/^#[0-9a-f]+$/i.test(v)) {
+        throw new TypeError(`Invalid hex color value: ${v}`);
+    }
+    if (v.length === 4 || v.length === 5) {
+        const r = parseUi8Hex(v.slice(1, 2));
+        const g = parseUi8Hex(v.slice(2, 3));
+        const b = parseUi8Hex(v.slice(3, 4));
+        const a = v.length > 4 ? parseUi8Hex(v.slice(4, 5)) : undefined;
+        return { r, g, b, a };
+    }
+    if (v.length === 7 || v.length === 9) {
+        const r = parseUi8Hex(v.slice(1, 3));
+        const g = parseUi8Hex(v.slice(3, 5));
+        const b = parseUi8Hex(v.slice(5, 7));
+        const a = v.length > 8 ? parseUi8Hex(v.slice(7, 9)) : undefined;
+        return { r, g, b, a };
+    }
+    throw new TypeError(`Invalid hex color value: ${v}`);
+}
+function parseRgbColor(v) {
+    const matches = v.match(/^\s*rgb\(\s*(\d+)\s*,\s*(\d+)\s*,\s*(\d+)\s*\)\s*$/);
+    if (!matches)
+        throw new TypeError(`Invalid rgb color value: ${v}`);
+    const r = parseUi8Dec(matches[1]);
+    const g = parseUi8Dec(matches[2]);
+    const b = parseUi8Dec(matches[3]);
+    return { r, g, b };
+}
+function parseRgbaColor(v) {
+    const matches = v.match(/^\s*rgba\(\s*(\d+)\s*,\s*(\d+)\s*,\s*(\d+)\s*,\s*(\d+)\s*\)\s*$/);
+    if (!matches)
+        throw new TypeError(`Invalid rgba color value: ${v}`);
+    const r = parseUi8Dec(matches[1]);
+    const g = parseUi8Dec(matches[2]);
+    const b = parseUi8Dec(matches[3]);
+    const a = parseUi8Dec(matches[4]);
+    return { r, g, b, a };
+}
+function computeLuma({ r, g, b }) {
+    return 0.299 * r + 0.587 * g + 0.114 * b;
+}
+function parseUi8Hex(v) {
+    return asUi8(parseInt(v, 16));
+}
+function parseUi8Dec(v) {
+    return asUi8(parseInt(v, 10));
+}
+function asUi8(v) {
+    if (v >= 0 && v <= 255 && v === (v | 0))
+        return v;
+    throw new TypeError(`Invalid color component "${v}" (expected an integer between 0 and 255)`);
+}
+//# sourceMappingURL=build-customization-data.js.map

package/dist/output/build-customization-data.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"build-customization-data.js","sourceRoot":"","sources":["../../src/output/build-customization-data.ts"],"names":[],"mappings":";;;AAoGA,wDAkBC;AAED,sDAKC;AA7HD,6BAAuB;AACvB,oDAAyD;AACzD,qEAAyD;AACzD,gDAAwD;AACxD,kDAA8E;AAAhD,mHAAA,oBAAoB,OAAA;AAElD,+CAA+C;AAClC,QAAA,UAAU,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,CAAU,CAAA;AAC9D,QAAA,eAAe,GAAG,OAAC,CAAC,IAAI,CAAC,kBAAU,CAAC,CAAA;AAGjD,MAAM,iBAAiB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,GAAG,EAAY,EAAE;IACtE,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAA;QACxC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;YACd,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,gCAAgC;aAC1C,CAAC,CAAA;QACJ,CAAC;QACD,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;IACpB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,OAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,qBAAqB;SAChE,CAAC,CAAA;QACF,qDAAqD;QACrD,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;IAC7B,CAAC;AACH,CAAC,CAAC,CAAA;AAGW,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAC5C,uBAAe,EACf,iBAAiB,CAAC,QAAQ,EAAE,CAC7B,CAAA;AAGY,QAAA,qBAAqB,GAAG,OAAC,CAAC,KAAK,CAAC;IAC3C,OAAC,CAAC,MAAM,EAAE;IACV,iCAAqB;CACtB,CAAC,CAAA;AAGW,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,6BAAS,EAAE,kBAAkB,CAAC,CAAA;AAGhE,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,KAAK,EAAE,6BAAqB;IAC5B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACtB,GAAG,EAAE,qBAAa,CAAC,QAAQ,EAAE;CAC9B,CAAC,CAAA;AAGF;;GAEG;AACU,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,MAAM,EAAE,8BAAsB,CAAC,QAAQ,EAAE;IACzC,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,4BAAoB,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAC3D,CAAC,CAAA;AAIW,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C;;;OAGG;IACH,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACpD;;OAEG;IACH,QAAQ,EAAE,4BAAoB,CAAC,QAAQ,EAAE;IACzC;;OAEG;IACH,kBAAkB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC1C;;OAEG;IACH,QAAQ,EAAE,kCAAoB,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAA;AAgBF,SAAgB,sBAAsB,CAAC,EACrC,QAAQ,EACR,oBAAoB,EACpB,kBAAkB,EAClB,QAAQ,GACM;IACd,4EAA4E;IAC5E,iBAAiB;IACjB,6EAA6E;IAC7E,6DAA6D;IAC7D,OAAO;QACL,oBAAoB;QACpB,kBAAkB;QAClB,eAAe,EAAE,QAAQ,EAAE,OAAO;QAClC,IAAI,EAAE,QAAQ,EAAE,IAAI;QACpB,IAAI,EAAE,QAAQ,EAAE,IAAI;QACpB,KAAK,EAAE,QAAQ,EAAE,KAAK;KACvB,CAAA;AACH,CAAC;AAED,SAAgB,qBAAqB,CAAC,EAAE,QAAQ,EAAiB;IAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAA;IACzD,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,WAAW,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAA;IAErD,OAAO,EAAE,CAAA;AACX,CAAC;AAED,QAAQ,CAAC,CAAC,sBAAsB,CAAC,QAAmB;IAClD,IAAI,QAAQ,EAAE,MAAM,EAAE,CAAC;QACrB,KAAK,MAAM,IAAI,IAAI,kBAAU,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACnC,IAAI,CAAC,KAAK;gBAAE,SAAQ,CAAC,sBAAsB;YAE3C,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,KAAK,CAAA;YAEzB,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,aAAa,CAAA;YAEzE,MAAM,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAA;YACxC,MAAM,WAAW,IAAI,OAAO,QAAQ,GAAG,CAAA;QACzC,CAAC;IACH,CAAC;AACH,CAAC;AAID,SAAS,UAAU,CAAC,KAAa;IAC/B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,aAAa,CAAC,KAAK,CAAC,CAAA;IAC7B,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,OAAO,cAAc,CAAC,KAAK,CAAC,CAAA;IAC9B,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7B,OAAO,aAAa,CAAC,KAAK,CAAC,CAAA;IAC7B,CAAC;IAED,qEAAqE;IACrE,MAAM,IAAI,SAAS,CAAC,wBAAwB,KAAK,EAAE,CAAC,CAAA;AACtD,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,wEAAwE;IACxE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,EAAE,CAAC,CAAA;IACtD,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAC/D,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;IACvB,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QAC/D,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;IACvB,CAAC;IAED,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,EAAE,CAAC,CAAA;AACtD,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAA;IAC7E,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,SAAS,CAAC,4BAA4B,CAAC,EAAE,CAAC,CAAA;IAElE,MAAM,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;AACpB,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CACrB,iEAAiE,CAClE,CAAA;IACD,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,SAAS,CAAC,6BAA6B,CAAC,EAAE,CAAC,CAAA;IAEnE,MAAM,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,MAAM,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;IACjC,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;AACvB,CAAC;AAED,SAAS,WAAW,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAa;IACzC,OAAO,KAAK,GAAG,CAAC,GAAG,KAAK,GAAG,CAAC,GAAG,KAAK,GAAG,CAAC,CAAA;AAC1C,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;AAC/B,CAAC;AAED,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;AAC/B,CAAC;AAED,SAAS,KAAK,CAAC,CAAS;IACtB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IACjD,MAAM,IAAI,SAAS,CACjB,4BAA4B,CAAC,2CAA2C,CACzE,CAAA;AACH,CAAC"}

package/dist/output/output-manager.d.ts

@@ -1,15 +1,22 @@
 import type { ServerResponse } from 'node:http';
 import { Asset } from '../assets/asset.js';
-import { Html } from '../lib/html/index.js';
+import { CspConfig } from '../lib/csp/index.js';
+import { Html, LinkAttrs, MetaAttrs } from '../lib/html/index.js';
+import { Locale } from '../lib/locale.js';
 import { AuthorizationResultAuthorize } from './build-authorize-data.js';
-import { Customization } from './customization.js';
+import { Customization, LinkDefinition } from './build-customization-data.js';
+export type SendPageOptions = {
+    preferredLocales?: readonly string[];
+};
 export declare class OutputManager {
-    readonly customizationScript: Html;
-    readonly customizationStyle: Html;
-    readonly customizationLinks?: Customization['links'];
-    readonly assetsPromise: Promise<[js: Asset, css: Asset]>;
-    constructor(customization?: Customization);
-    sendAuthorizePage(res: ServerResponse, data: AuthorizationResultAuthorize): Promise<void>;
-    sendErrorPage(res: ServerResponse, err: unknown): Promise<void>;
+    readonly links?: readonly LinkDefinition[];
+    readonly meta: readonly MetaAttrs[];
+    readonly scripts: readonly (Asset | Html)[];
+    readonly styles: readonly (Asset | Html)[];
+    readonly csp: CspConfig;
+    constructor(customization: Customization);
+    sendAuthorizePage(res: ServerResponse, data: AuthorizationResultAuthorize, options?: SendPageOptions): Promise<void>;
+    sendErrorPage(res: ServerResponse, err: unknown, options?: SendPageOptions): Promise<void>;
+    buildLinks(locale: Locale): LinkAttrs[] | undefined;
 }
 //# sourceMappingURL=output-manager.d.ts.map

package/dist/output/output-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"output-manager.d.ts","sourceRoot":"","sources":["../../src/output/output-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAC/C,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAA;AAE1C,OAAO,EAAE,IAAI,EAAiB,MAAM,sBAAsB,CAAA;AAC1D,OAAO,EACL,4BAA4B,EAE7B,MAAM,2BAA2B,CAAA;AAElC,OAAO,EACL,aAAa,EAGd,MAAM,oBAAoB,CAAA;AAG3B,qBAAa,aAAa;IACxB,QAAQ,CAAC,mBAAmB,EAAE,IAAI,CAAA;IAClC,QAAQ,CAAC,kBAAkB,EAAE,IAAI,CAAA;IACjC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,aAAa,CAAC,OAAO,CAAC,CAAA;IAMpD,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAG7C;gBAEC,aAAa,CAAC,EAAE,aAAa;IAYnC,iBAAiB,CACrB,GAAG,EAAE,cAAc,EACnB,IAAI,EAAE,4BAA4B,GACjC,OAAO,CAAC,IAAI,CAAC;IAoBV,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;CAoBtE"}
+{"version":3,"file":"output-manager.d.ts","sourceRoot":"","sources":["../../src/output/output-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAC/C,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAA;AAE1C,OAAO,EAAE,SAAS,EAAY,MAAM,qBAAqB,CAAA;AACzD,OAAO,EACL,IAAI,EACJ,SAAS,EACT,SAAS,EAIV,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAqB,MAAM,EAAqB,MAAM,kBAAkB,CAAA;AAC/E,OAAO,EACL,4BAA4B,EAE7B,MAAM,2BAA2B,CAAA;AAClC,OAAO,EACL,aAAa,EACb,cAAc,EAGf,MAAM,+BAA+B,CAAA;AAWtC,MAAM,MAAM,eAAe,GAAG;IAC5B,gBAAgB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CACrC,CAAA;AAED,qBAAa,aAAa;IACxB,QAAQ,CAAC,KAAK,CAAC,EAAE,SAAS,cAAc,EAAE,CAAA;IAC1C,QAAQ,CAAC,IAAI,EAAE,SAAS,SAAS,EAAE,CAGlC;IACD,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,KAAK,GAAG,IAAI,CAAC,EAAE,CAAA;IAC3C,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,KAAK,GAAG,IAAI,CAAC,EAAE,CAAA;IAC1C,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAA;gBAEX,aAAa,EAAE,aAAa;IAmClC,iBAAiB,CACrB,GAAG,EAAE,cAAc,EACnB,IAAI,EAAE,4BAA4B,EAClC,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,IAAI,CAAC;IAmBV,aAAa,CACjB,GAAG,EAAE,cAAc,EACnB,GAAG,EAAE,OAAO,EACZ,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,IAAI,CAAC;IAkBhB,UAAU,CAAC,MAAM,EAAE,MAAM;CAW1B"}

package/dist/output/output-manager.js

@@ -2,68 +2,104 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OutputManager = void 0;
 const index_js_1 = require("../assets/index.js");
-const index_js_2 = require("../lib/html/index.js");
+const index_js_2 = require("../lib/csp/index.js");
+const index_js_3 = require("../lib/html/index.js");
+const locale_js_1 = require("../lib/locale.js");
 const build_authorize_data_js_1 = require("./build-authorize-data.js");
+const build_customization_data_js_1 = require("./build-customization-data.js");
 const build_error_payload_js_1 = require("./build-error-payload.js");
-const customization_js_1 = require("./customization.js");
 const send_web_page_js_1 = require("./send-web-page.js");
+const HCAPTCHA_CSP = {
+    'script-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],
+    'frame-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],
+    'style-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],
+    'connect-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],
+};
 class OutputManager {
-    customizationScript;
-    customizationStyle;
-    customizationLinks;
-    // Could technically cause an "UnhandledPromiseRejection", which might cause
-    // the process to exit. This is intentional, as it's a critical error. It
-    // should never happen in practice, as the built assets are bundled with the
-    // package.
-    assetsPromise = Promise.all([
-        (0, index_js_1.getAsset)('main.js'),
-        (0, index_js_1.getAsset)('main.css'),
-    ]);
+    links;
+    meta = [
+        { name: 'robots', content: 'noindex' },
+        { name: 'description', content: 'ATProto OAuth authorization page' },
+    ];
+    scripts;
+    styles;
+    csp;
     constructor(customization) {
-        // Note: building this here for two reasons:
+        this.links = customization.branding?.links;
+        const scripts = Array.from((0, index_js_1.enumerateAssets)('application/javascript'));
+        const styles = Array.from((0, index_js_1.enumerateAssets)('text/css'));
+        // Note: building scripts/styles/csp here for two reasons:
         // 1. To avoid re-building it on every request
-        // 2. To throw during init if the customization is invalid
-        this.customizationScript = (0, send_web_page_js_1.declareBackendData)('__customizationData', (0, customization_js_1.buildCustomizationData)(customization));
-        this.customizationStyle = (0, index_js_2.cssCode)((0, customization_js_1.buildCustomizationCss)(customization));
-        this.customizationLinks = customization?.links;
+        // 2. To throw during init if the customization/config is invalid
+        this.scripts = [
+            (0, send_web_page_js_1.declareBackendData)('__availableLocales', locale_js_1.AVAILABLE_LOCALES),
+            (0, send_web_page_js_1.declareBackendData)('__customizationData', (0, build_customization_data_js_1.buildCustomizationData)(customization)),
+            // Last (to be able to read the "backend data" variables)
+            ...scripts.filter((asset) => asset.isEntry),
+        ];
+        this.styles = [
+            // First (to be overridden by customization)
+            ...styles,
+            (0, index_js_3.cssCode)((0, build_customization_data_js_1.buildCustomizationCss)(customization)),
+        ];
+        const customizationCsp = customization?.hcaptcha ? HCAPTCHA_CSP : undefined;
+        const assetsCsp = {
+            'script-src': scripts.map(send_web_page_js_1.assetToCsp),
+            'style-src': styles.map(send_web_page_js_1.assetToCsp),
+        };
+        this.csp = (0, index_js_2.mergeCsp)(customizationCsp, assetsCsp);
     }
-    async sendAuthorizePage(res, data) {
-        const [jsAsset, cssAsset] = await this.assetsPromise;
+    async sendAuthorizePage(res, data, options) {
+        const locale = negotiateLocale(data.parameters.ui_locales?.split(' ') ?? options?.preferredLocales);
         return (0, send_web_page_js_1.sendWebPage)(res, {
             scripts: [
                 (0, send_web_page_js_1.declareBackendData)('__authorizeData', (0, build_authorize_data_js_1.buildAuthorizeData)(data)),
-                this.customizationScript,
-                jsAsset, // Last (to be able to read the "backend data" variables)
+                ...this.scripts,
             ],
-            styles: [
-                cssAsset, // First (to be overridden by customization)
-                this.customizationStyle,
-            ],
-            links: this.customizationLinks,
-            htmlAttrs: { lang: 'en' },
-            title: 'Authorize',
-            body: (0, index_js_2.html) `<div id="root"></div>`,
+            styles: this.styles,
+            meta: this.meta,
+            links: this.buildLinks(locale),
+            htmlAttrs: { lang: locale },
+            body: (0, index_js_3.html) `<div id="root"></div>`,
+            csp: this.csp,
         });
     }
-    async sendErrorPage(res, err) {
-        const [jsAsset, cssAsset] = await this.assetsPromise;
+    async sendErrorPage(res, err, options) {
+        const locale = negotiateLocale(options?.preferredLocales);
         return (0, send_web_page_js_1.sendWebPage)(res, {
             status: (0, build_error_payload_js_1.buildErrorStatus)(err),
             scripts: [
                 (0, send_web_page_js_1.declareBackendData)('__errorData', (0, build_error_payload_js_1.buildErrorPayload)(err)),
-                this.customizationScript,
-                jsAsset, // Last (to be able to read the "backend data" variables)
-            ],
-            styles: [
-                cssAsset, // First (to be overridden by customization)
-                this.customizationStyle,
+                ...this.scripts,
             ],
-            links: this.customizationLinks,
-            htmlAttrs: { lang: 'en' },
-            title: 'Error',
-            body: (0, index_js_2.html) `<div id="root"></div>`,
+            styles: this.styles,
+            meta: this.meta,
+            links: this.buildLinks(locale),
+            htmlAttrs: { lang: locale },
+            body: (0, index_js_3.html) `<div id="root"></div>`,
+            csp: this.csp,
         });
     }
+    buildLinks(locale) {
+        return this.links
+            ?.map(({ rel, href, title }) => (0, index_js_3.isLinkRel)(rel)
+            ? typeof title === 'string'
+                ? { href, rel, title }
+                : { href, rel, title: title[locale] || title.en }
+            : undefined)
+            .filter((v) => v != null);
+    }
 }
 exports.OutputManager = OutputManager;
+function negotiateLocale(desiredLocales) {
+    if (desiredLocales) {
+        for (const locale of desiredLocales) {
+            if (locale === '*')
+                break; // use default
+            if ((0, locale_js_1.isAvailableLocale)(locale))
+                return locale;
+        }
+    }
+    return 'en';
+}
 //# sourceMappingURL=output-manager.js.map

package/dist/output/output-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"output-manager.js","sourceRoot":"","sources":["../../src/output/output-manager.ts"],"names":[],"mappings":";;;AAEA,iDAA6C;AAC7C,mDAA0D;AAC1D,uEAGkC;AAClC,qEAA8E;AAC9E,yDAI2B;AAC3B,yDAAoE;AAEpE,MAAa,aAAa;IACf,mBAAmB,CAAM;IACzB,kBAAkB,CAAM;IACxB,kBAAkB,CAAyB;IAEpD,4EAA4E;IAC5E,yEAAyE;IACzE,4EAA4E;IAC5E,WAAW;IACF,aAAa,GAAqC,OAAO,CAAC,GAAG,CAAC;QACrE,IAAA,mBAAQ,EAAC,SAAS,CAAC;QACnB,IAAA,mBAAQ,EAAC,UAAU,CAAC;KACZ,CAAC,CAAA;IAEX,YAAY,aAA6B;QACvC,4CAA4C;QAC5C,8CAA8C;QAC9C,0DAA0D;QAC1D,IAAI,CAAC,mBAAmB,GAAG,IAAA,qCAAkB,EAC3C,qBAAqB,EACrB,IAAA,yCAAsB,EAAC,aAAa,CAAC,CACtC,CAAA;QACD,IAAI,CAAC,kBAAkB,GAAG,IAAA,kBAAO,EAAC,IAAA,wCAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;QACvE,IAAI,CAAC,kBAAkB,GAAG,aAAa,EAAE,KAAK,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,GAAmB,EACnB,IAAkC;QAElC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAA;QAEpD,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,OAAO,EAAE;gBACP,IAAA,qCAAkB,EAAC,iBAAiB,EAAE,IAAA,4CAAkB,EAAC,IAAI,CAAC,CAAC;gBAC/D,IAAI,CAAC,mBAAmB;gBACxB,OAAO,EAAE,yDAAyD;aACnE;YACD,MAAM,EAAE;gBACN,QAAQ,EAAE,4CAA4C;gBACtD,IAAI,CAAC,kBAAkB;aACxB;YACD,KAAK,EAAE,IAAI,CAAC,kBAAkB;YAC9B,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACzB,KAAK,EAAE,WAAW;YAClB,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;SAClC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAAmB,EAAE,GAAY;QACnD,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAA;QAEpD,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,MAAM,EAAE,IAAA,yCAAgB,EAAC,GAAG,CAAC;YAC7B,OAAO,EAAE;gBACP,IAAA,qCAAkB,EAAC,aAAa,EAAE,IAAA,0CAAiB,EAAC,GAAG,CAAC,CAAC;gBACzD,IAAI,CAAC,mBAAmB;gBACxB,OAAO,EAAE,yDAAyD;aACnE;YACD,MAAM,EAAE;gBACN,QAAQ,EAAE,4CAA4C;gBACtD,IAAI,CAAC,kBAAkB;aACxB;YACD,KAAK,EAAE,IAAI,CAAC,kBAAkB;YAC9B,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACzB,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;SAClC,CAAC,CAAA;IACJ,CAAC;CACF;AArED,sCAqEC"}
+{"version":3,"file":"output-manager.js","sourceRoot":"","sources":["../../src/output/output-manager.ts"],"names":[],"mappings":";;;AAEA,iDAAoD;AACpD,kDAAyD;AACzD,mDAO6B;AAC7B,gDAA+E;AAC/E,uEAGkC;AAClC,+EAKsC;AACtC,qEAA8E;AAC9E,yDAAgF;AAEhF,MAAM,YAAY,GAAG;IACnB,YAAY,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAChE,WAAW,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAC/D,WAAW,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAC/D,aAAa,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;CACrC,CAAA;AAM9B,MAAa,aAAa;IACf,KAAK,CAA4B;IACjC,IAAI,GAAyB;QACpC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE;QACtC,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,kCAAkC,EAAE;KACrE,CAAA;IACQ,OAAO,CAA2B;IAClC,MAAM,CAA2B;IACjC,GAAG,CAAW;IAEvB,YAAY,aAA4B;QACtC,IAAI,CAAC,KAAK,GAAG,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAA;QAE1C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAA,0BAAe,EAAC,wBAAwB,CAAC,CAAC,CAAA;QACrE,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAA,0BAAe,EAAC,UAAU,CAAC,CAAC,CAAA;QAEtD,0DAA0D;QAC1D,8CAA8C;QAC9C,iEAAiE;QAEjE,IAAI,CAAC,OAAO,GAAG;YACb,IAAA,qCAAkB,EAAC,oBAAoB,EAAE,6BAAiB,CAAC;YAC3D,IAAA,qCAAkB,EAChB,qBAAqB,EACrB,IAAA,oDAAsB,EAAC,aAAa,CAAC,CACtC;YACD,yDAAyD;YACzD,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC;SAC5C,CAAA;QAED,IAAI,CAAC,MAAM,GAAG;YACZ,4CAA4C;YAC5C,GAAG,MAAM;YACT,IAAA,kBAAO,EAAC,IAAA,mDAAqB,EAAC,aAAa,CAAC,CAAC;SAC9C,CAAA;QAED,MAAM,gBAAgB,GAAG,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAA;QAC3E,MAAM,SAAS,GAAc;YAC3B,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,6BAAU,CAAC;YACrC,WAAW,EAAE,MAAM,CAAC,GAAG,CAAC,6BAAU,CAAC;SACpC,CAAA;QAED,IAAI,CAAC,GAAG,GAAG,IAAA,mBAAQ,EAAC,gBAAgB,EAAE,SAAS,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,GAAmB,EACnB,IAAkC,EAClC,OAAyB;QAEzB,MAAM,MAAM,GAAG,eAAe,CAC5B,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,OAAO,EAAE,gBAAgB,CACpE,CAAA;QAED,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,OAAO,EAAE;gBACP,IAAA,qCAAkB,EAAC,iBAAiB,EAAE,IAAA,4CAAkB,EAAC,IAAI,CAAC,CAAC;gBAC/D,GAAG,IAAI,CAAC,OAAO;aAChB;YACD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;YAC9B,SAAS,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;YAC3B,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;YACjC,GAAG,EAAE,IAAI,CAAC,GAAG;SACd,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,GAAmB,EACnB,GAAY,EACZ,OAAyB;QAEzB,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAA;QAEzD,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,MAAM,EAAE,IAAA,yCAAgB,EAAC,GAAG,CAAC;YAC7B,OAAO,EAAE;gBACP,IAAA,qCAAkB,EAAC,aAAa,EAAE,IAAA,0CAAiB,EAAC,GAAG,CAAC,CAAC;gBACzD,GAAG,IAAI,CAAC,OAAO;aAChB;YACD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;YAC9B,SAAS,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;YAC3B,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;YACjC,GAAG,EAAE,IAAI,CAAC,GAAG;SACd,CAAC,CAAA;IACJ,CAAC;IAED,UAAU,CAAC,MAAc;QACvB,OAAO,IAAI,CAAC,KAAK;YACf,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAkB,EAAyB,EAAE,CACpE,IAAA,oBAAS,EAAC,GAAG,CAAC;YACZ,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ;gBACzB,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE;gBACtB,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,EAAE,EAAE;YACnD,CAAC,CAAC,SAAS,CACd;aACA,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,CAAA;IAC7B,CAAC;CACF;AArGD,sCAqGC;AAED,SAAS,eAAe,CAAC,cAAkC;IACzD,IAAI,cAAc,EAAE,CAAC;QACnB,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;YACpC,IAAI,MAAM,KAAK,GAAG;gBAAE,MAAK,CAAC,cAAc;YACxC,IAAI,IAAA,6BAAiB,EAAC,MAAM,CAAC;gBAAE,OAAO,MAAM,CAAA;QAC9C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC"}

package/dist/output/send-authorize-redirect.d.ts

@@ -1,22 +1,25 @@
 import type { ServerResponse } from 'node:http';
 import { OAuthAuthorizationRequestParameters, OAuthTokenType } from '@atproto/oauth-types';
 import { Code } from '../request/code.js';
-export type AuthorizationResponseParameters = {
-    code?: Code;
+/**
+ * @note `iss` and `state` will be added from the
+ * {@link AuthorizationResultRedirect} object.
+ */
+export type AuthorizationRedirectParameters = {
+    code: Code;
     id_token?: string;
     access_token?: string;
     token_type?: OAuthTokenType;
     expires_in?: string;
-    response?: string;
-    session_state?: string;
-    error?: string;
+} | {
+    error: string;
     error_description?: string;
     error_uri?: string;
 };
 export type AuthorizationResultRedirect = {
     issuer: string;
     parameters: OAuthAuthorizationRequestParameters;
-    redirect: AuthorizationResponseParameters;
+    redirect: AuthorizationRedirectParameters;
 };
 export declare function sendAuthorizeRedirect(res: ServerResponse, result: AuthorizationResultRedirect): Promise<void>;
 //# sourceMappingURL=send-authorize-redirect.d.ts.map

package/dist/output/send-authorize-redirect.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"send-authorize-redirect.d.ts","sourceRoot":"","sources":["../../src/output/send-authorize-redirect.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAC/C,OAAO,EACL,mCAAmC,EACnC,cAAc,EACf,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAA;AAMzC,MAAM,MAAM,+BAA+B,GAAG;IAO5C,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,aAAa,CAAC,EAAE,MAAM,CAAA;IAEtB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,2BAA2B,GAAG;IACxC,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,mCAAmC,CAAA;IAC/C,QAAQ,EAAE,+BAA+B,CAAA;CAC1C,CAAA;AAED,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,IAAI,CAAC,CAuCf"}
+{"version":3,"file":"send-authorize-redirect.d.ts","sourceRoot":"","sources":["../../src/output/send-authorize-redirect.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAC/C,OAAO,EACL,mCAAmC,EACnC,cAAc,EACf,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAA;AAMzC;;;GAGG;AACH,MAAM,MAAM,+BAA+B,GACvC;IAGE,IAAI,EAAE,IAAI,CAAA;IACV,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB,GACD;IAGE,KAAK,EAAE,MAAM,CAAA;IACb,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAYL,MAAM,MAAM,2BAA2B,GAAG;IACxC,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,mCAAmC,CAAA;IAC/C,QAAQ,EAAE,+BAA+B,CAAA;CAC1C,CAAA;AAED,wBAAsB,qBAAqB,CACzC,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,2BAA2B,GAClC,OAAO,CAAC,IAAI,CAAC,CAmCf"}

package/dist/output/send-authorize-redirect.js

@@ -6,26 +6,32 @@ const index_js_1 = require("../lib/html/index.js");
 const send_web_page_js_1 = require("./send-web-page.js");
 // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-7.5.4
 const REDIRECT_STATUS_CODE = 303;
+const SUCCESS_REDIRECT_KEYS = [
+    'code',
+    'id_token',
+    'access_token',
+    'expires_in',
+    'token_type',
+];
+const ERROR_REDIRECT_KEYS = ['error', 'error_description', 'error_uri'];
 async function sendAuthorizeRedirect(res, result) {
     const { issuer, parameters, redirect } = result;
     const uri = parameters.redirect_uri;
     if (!uri)
         throw new invalid_request_error_js_1.InvalidRequestError('No redirect_uri');
     const mode = parameters.response_mode || 'query'; // @TODO: default should depend on response_type
-    const entries = Object.entries({
-        iss: issuer, // rfc9207
-        state: parameters.state,
-        response: redirect.response, // FAPI JARM
-        session_state: redirect.session_state, // OIDC Session Management
-        code: redirect.code,
-        id_token: redirect.id_token,
-        access_token: redirect.access_token,
-        expires_in: redirect.expires_in,
-        token_type: redirect.token_type,
-        error: redirect.error,
-        error_description: redirect.error_description,
-        error_uri: redirect.error_uri,
-    }).filter((entry) => entry[1] != null);
+    const entries = [
+        ['iss', issuer], // rfc9207
+    ];
+    if (parameters.state != null) {
+        entries.push(['state', parameters.state]);
+    }
+    const keys = 'code' in redirect ? SUCCESS_REDIRECT_KEYS : ERROR_REDIRECT_KEYS;
+    for (const key of keys) {
+        const value = redirect[key];
+        if (value != null)
+            entries.push([key, value]);
+    }
     res.setHeader('Cache-Control', 'no-store');
     switch (mode) {
         case 'query':

package/dist/output/send-authorize-redirect.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-authorize-redirect.js","sourceRoot":"","sources":["../../src/output/send-authorize-redirect.ts"],"names":[],"mappings":";;AAwCA,sDA0CC;AA7ED,iFAAwE;AACxE,mDAA+C;AAE/C,yDAAgD;AAEhD,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,GAAG,CAAA;AA6BzB,KAAK,UAAU,qBAAqB,CACzC,GAAmB,EACnB,MAAmC;IAEnC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;IAE/C,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAA;IACnC,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,8CAAmB,CAAC,iBAAiB,CAAC,CAAA;IAE1D,MAAM,IAAI,GAAG,UAAU,CAAC,aAAa,IAAI,OAAO,CAAA,CAAC,gDAAgD;IAEjG,MAAM,OAAO,GAAuB,MAAM,CAAC,OAAO,CAAC;QACjD,GAAG,EAAE,MAAM,EAAE,UAAU;QACvB,KAAK,EAAE,UAAU,CAAC,KAAK;QAEvB,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,YAAY;QACzC,aAAa,EAAE,QAAQ,CAAC,aAAa,EAAE,0BAA0B;QAEjE,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,YAAY,EAAE,QAAQ,CAAC,YAAY;QACnC,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,UAAU,EAAE,QAAQ,CAAC,UAAU;QAE/B,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;QAC7C,SAAS,EAAE,QAAQ,CAAC,SAAS;KAC9B,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAA6B,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAA;IAEjE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAE1C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;QACtC,KAAK,UAAU;YACb,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;QACzC,KAAK,WAAW;YACd,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC3C,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,UAAU,CACjB,GAAmB,EACnB,GAAW,EACX,OAAoC;IAEpC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IACpE,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,OAAoC;IAEpC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO;QAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAChE,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAA;IAClC,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,GAAmB,EACnB,GAAW,EACX,OAAoC;IAEpC,4CAA4C;IAC5C,uGAAuG;IACvG,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,4CAA4C,CAAC,CAAA;IACzE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAE5E,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;QACtB,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;QACzB,IAAI,EAAE,IAAA,eAAI,EAAA;oCACsB,GAAG;UAC7B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC;YAC9B,IAAA,eAAI,EAAA,8BAA8B,GAAG,YAAY,KAAK,MAAM;SAC7D,CAAC;;;KAGL;QACD,OAAO,EAAE,CAAC,IAAA,aAAE,EAAA,6BAA6B,CAAC;KAC3C,CAAC,CAAA;AACJ,CAAC"}
+{"version":3,"file":"send-authorize-redirect.js","sourceRoot":"","sources":["../../src/output/send-authorize-redirect.ts"],"names":[],"mappings":";;AAmDA,sDAsCC;AApFD,iFAAwE;AACxE,mDAA+C;AAE/C,yDAAgD;AAEhD,+EAA+E;AAC/E,MAAM,oBAAoB,GAAG,GAAG,CAAA;AAwBhC,MAAM,qBAAqB,GAAG;IAC5B,MAAM;IACN,UAAU;IACV,cAAc;IACd,YAAY;IACZ,YAAY;CACJ,CAAA;AAEV,MAAM,mBAAmB,GAAG,CAAC,OAAO,EAAE,mBAAmB,EAAE,WAAW,CAAU,CAAA;AAQzE,KAAK,UAAU,qBAAqB,CACzC,GAAmB,EACnB,MAAmC;IAEnC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;IAE/C,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAA;IACnC,IAAI,CAAC,GAAG;QAAE,MAAM,IAAI,8CAAmB,CAAC,iBAAiB,CAAC,CAAA;IAE1D,MAAM,IAAI,GAAG,UAAU,CAAC,aAAa,IAAI,OAAO,CAAA,CAAC,gDAAgD;IAEjG,MAAM,OAAO,GAAuB;QAClC,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,UAAU;KAC5B,CAAA;IAED,IAAI,UAAU,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAA;IAC3C,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAI,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,mBAAmB,CAAA;IAC7E,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,KAAK,IAAI,IAAI;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAE1C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,OAAO;YACV,OAAO,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;QACtC,KAAK,UAAU;YACb,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;QACzC,KAAK,WAAW;YACd,OAAO,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC3C,CAAC;IAED,8BAA8B;IAC9B,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,UAAU,CACjB,GAAmB,EACnB,GAAW,EACX,OAAoC;IAEpC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IACpE,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,SAAS,aAAa,CACpB,GAAmB,EACnB,GAAW,EACX,OAAoC;IAEpC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;IACxB,MAAM,YAAY,GAAG,IAAI,eAAe,EAAE,CAAA;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO;QAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAChE,GAAG,CAAC,IAAI,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAA;IAClC,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,EAAE,CAAA;AACnE,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,GAAmB,EACnB,GAAW,EACX,OAAoC;IAEpC,4CAA4C;IAC5C,uGAAuG;IACvG,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,4CAA4C,CAAC,CAAA;IACzE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IAC1C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAE5E,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;QACtB,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;QACzB,IAAI,EAAE,IAAA,eAAI,EAAA;oCACsB,GAAG;UAC7B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC;YAC9B,IAAA,eAAI,EAAA,8BAA8B,GAAG,YAAY,KAAK,MAAM;SAC7D,CAAC;;;KAGL;QACD,OAAO,EAAE,CAAC,IAAA,aAAE,EAAA,6BAA6B,CAAC;KAC3C,CAAC,CAAA;AACJ,CAAC"}

package/dist/output/send-web-page.d.ts

@@ -1,7 +1,12 @@
 import type { ServerResponse } from 'node:http';
-import { BuildDocumentOptions, Html } from '../lib/html/index.js';
+import { CspConfig, CspValue } from '../lib/csp/index.js';
+import { AssetRef, BuildDocumentOptions, Html } from '../lib/html/index.js';
 import { WriteResponseOptions } from '../lib/http/response.js';
 export declare function declareBackendData(name: string, data: unknown): Html;
-export type SendWebPageOptions = BuildDocumentOptions & WriteResponseOptions;
+export type SendWebPageOptions = BuildDocumentOptions & WriteResponseOptions & {
+    csp?: CspConfig;
+};
 export declare function sendWebPage(res: ServerResponse, options: SendWebPageOptions): Promise<void>;
+export declare function assetsToCsp(assets?: Iterable<Html | AssetRef>): Generator<CspValue>;
+export declare function assetToCsp(asset: Html | AssetRef): CspValue;
 //# sourceMappingURL=send-web-page.d.ts.map

package/dist/output/send-web-page.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"send-web-page.d.ts","sourceRoot":"","sources":["../../src/output/send-web-page.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAC/C,OAAO,EAEL,oBAAoB,EACpB,IAAI,EAGL,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,oBAAoB,EAAa,MAAM,yBAAyB,CAAA;AAEzE,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,QAM7D;AAED,MAAM,MAAM,kBAAkB,GAAG,oBAAoB,GAAG,oBAAoB,CAAA;AAE5E,wBAAsB,WAAW,CAC/B,GAAG,EAAE,cAAc,EACnB,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAiCf"}
+{"version":3,"file":"send-web-page.d.ts","sourceRoot":"","sources":["../../src/output/send-web-page.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAC/C,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAsB,MAAM,qBAAqB,CAAA;AAC7E,OAAO,EACL,QAAQ,EACR,oBAAoB,EACpB,IAAI,EAGL,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,oBAAoB,EAAa,MAAM,yBAAyB,CAAA;AAEzE,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,QAM7D;AAED,MAAM,MAAM,kBAAkB,GAAG,oBAAoB,GACnD,oBAAoB,GAAG;IACrB,GAAG,CAAC,EAAE,SAAS,CAAA;CAChB,CAAA;AAEH,wBAAsB,WAAW,CAC/B,GAAG,EAAE,cAAc,EACnB,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAkCf;AAED,wBAAiB,WAAW,CAC1B,MAAM,CAAC,EAAE,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC,GACjC,SAAS,CAAC,QAAQ,CAAC,CAMrB;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,IAAI,GAAG,QAAQ,GAAG,QAAQ,CAO3D"}

package/dist/output/send-web-page.js

@@ -2,17 +2,36 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.declareBackendData = declareBackendData;
 exports.sendWebPage = sendWebPage;
+exports.assetsToCsp = assetsToCsp;
+exports.assetToCsp = assetToCsp;
 const node_crypto_1 = require("node:crypto");
-const index_js_1 = require("../lib/html/index.js");
+const index_js_1 = require("../lib/csp/index.js");
+const index_js_2 = require("../lib/html/index.js");
 const response_js_1 = require("../lib/http/response.js");
 function declareBackendData(name, data) {
     // The script tag is removed after the data is assigned to the global variable
     // to prevent other scripts from deducing the value of the variable. The "app"
     // script will read the global variable and then unset it. See
-    // "readBackendData" in "src/assets/app/backend-data.ts".
-    return (0, index_js_1.js) `window[${name}]=${data};document.currentScript.remove();`;
+    // "readBackendData" in "src/assets/app/backend-types.ts".
+    return (0, index_js_2.js) `window[${name}]=${data};document.currentScript.remove();`;
 }
 async function sendWebPage(res, options) {
+    const csp = (0, index_js_1.mergeCsp)(options.csp, {
+        'default-src': ["'none'"],
+        'base-uri': options.base?.origin,
+        'script-src': ["'self'", ...assetsToCsp(options.scripts)],
+        'style-src': ["'self'", ...assetsToCsp(options.styles)],
+        'img-src': ["'self'", 'data:', 'https:'],
+        'connect-src': ["'self'"],
+        'upgrade-insecure-requests': true,
+        // Prevents the CSP to be embedded in a page <meta>:
+        'frame-ancestors': ["'none'"],
+    });
+    // @NOTE the csp string might become too long. However, since we need to
+    // specify the "frame-ancestors" directive, we can't use a meta tag. For that
+    // reason, we won't try to avoid too long headers and let the proxy throw
+    // in case of a too long header.
+    res.setHeader('Content-Security-Policy', (0, index_js_1.buildCsp)(csp));
     // @TODO: make these headers configurable (?)
     res.setHeader('Permissions-Policy', 'otp-credentials=*, document-domain=()');
     res.setHeader('Cross-Origin-Embedder-Policy', 'credentialless');
@@ -23,26 +42,23 @@ async function sendWebPage(res, options) {
     res.setHeader('X-Content-Type-Options', 'nosniff');
     res.setHeader('X-XSS-Protection', '0');
     res.setHeader('Strict-Transport-Security', 'max-age=63072000');
-    res.setHeader('Content-Security-Policy', [
-        `default-src 'none'`,
-        `frame-ancestors 'none'`,
-        `form-action 'none'`,
-        `base-uri ${options.base?.origin || `'none'`}`,
-        `script-src 'self' ${options.scripts?.map(assetToHash).map(hashToCspRule).join(' ') ?? ''}`,
-        `style-src 'self' ${options.styles?.map(assetToHash).map(hashToCspRule).join(' ') ?? ''}`,
-        `img-src 'self' data: https:`,
-        `connect-src 'self'`,
-        `upgrade-insecure-requests`,
-    ].join('; '));
-    const html = (0, index_js_1.buildDocument)(options);
+    const html = (0, index_js_2.buildDocument)(options);
     return (0, response_js_1.writeHtml)(res, html.toString(), options);
 }
-function assetToHash(asset) {
-    return asset instanceof index_js_1.Html
-        ? (0, node_crypto_1.createHash)('sha256').update(asset.toString()).digest('base64')
-        : asset.sha256;
+function* assetsToCsp(assets) {
+    if (assets) {
+        for (const asset of assets) {
+            yield assetToCsp(asset);
+        }
+    }
 }
-function hashToCspRule(hash) {
-    return `'sha256-${hash}'`;
+function assetToCsp(asset) {
+    if (asset instanceof index_js_2.Html) {
+        const hash = (0, node_crypto_1.createHash)('sha256').update(asset.toString()).digest('base64');
+        return `'sha256-${hash}'`;
+    }
+    else {
+        return `'sha256-${asset.sha256}'`;
+    }
 }
 //# sourceMappingURL=send-web-page.js.map

package/dist/output/send-web-page.js.map

@@ -1 +1 @@
-{"version":3,"file":"send-web-page.js","sourceRoot":"","sources":["../../src/output/send-web-page.ts"],"names":[],"mappings":";;AAWA,gDAMC;AAID,kCAoCC;AAzDD,6CAAwC;AAExC,mDAM6B;AAC7B,yDAAyE;AAEzE,SAAgB,kBAAkB,CAAC,IAAY,EAAE,IAAa;IAC5D,8EAA8E;IAC9E,8EAA8E;IAC9E,8DAA8D;IAC9D,yDAAyD;IACzD,OAAO,IAAA,aAAE,EAAA,UAAU,IAAI,KAAK,IAAI,mCAAmC,CAAA;AACrE,CAAC;AAIM,KAAK,UAAU,WAAW,CAC/B,GAAmB,EACnB,OAA2B;IAE3B,6CAA6C;IAC7C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAC5E,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,gBAAgB,CAAC,CAAA;IAC/D,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,aAAa,CAAC,CAAA;IAC5D,GAAG,CAAC,SAAS,CAAC,4BAA4B,EAAE,aAAa,CAAC,CAAA;IAC1D,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;IAC/C,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAA;IACxC,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAA;IAClD,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAA;IACtC,GAAG,CAAC,SAAS,CAAC,2BAA2B,EAAE,kBAAkB,CAAC,CAAA;IAC9D,GAAG,CAAC,SAAS,CACX,yBAAyB,EACzB;QACE,oBAAoB;QACpB,wBAAwB;QACxB,oBAAoB;QACpB,YAAY,OAAO,CAAC,IAAI,EAAE,MAAM,IAAI,QAAQ,EAAE;QAC9C,qBACE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EACpE,EAAE;QACF,oBACE,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EACnE,EAAE;QACF,6BAA6B;QAC7B,oBAAoB;QACpB,2BAA2B;KAC5B,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAA;IAED,MAAM,IAAI,GAAG,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAA;IAEnC,OAAO,IAAA,uBAAS,EAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAA;AACjD,CAAC;AAED,SAAS,WAAW,CAAC,KAAsB;IACzC,OAAO,KAAK,YAAY,eAAI;QAC1B,CAAC,CAAC,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAChE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAA;AAClB,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,WAAW,IAAI,GAAG,CAAA;AAC3B,CAAC"}
+{"version":3,"file":"send-web-page.js","sourceRoot":"","sources":["../../src/output/send-web-page.ts"],"names":[],"mappings":";;AAYA,gDAMC;AAOD,kCAqCC;AAED,kCAQC;AAED,gCAOC;AAjFD,6CAAwC;AAExC,kDAA6E;AAC7E,mDAM6B;AAC7B,yDAAyE;AAEzE,SAAgB,kBAAkB,CAAC,IAAY,EAAE,IAAa;IAC5D,8EAA8E;IAC9E,8EAA8E;IAC9E,8DAA8D;IAC9D,0DAA0D;IAC1D,OAAO,IAAA,aAAE,EAAA,UAAU,IAAI,KAAK,IAAI,mCAAmC,CAAA;AACrE,CAAC;AAOM,KAAK,UAAU,WAAW,CAC/B,GAAmB,EACnB,OAA2B;IAE3B,MAAM,GAAG,GAAG,IAAA,mBAAQ,EAAC,OAAO,CAAC,GAAG,EAAE;QAChC,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,UAAU,EAAE,OAAO,CAAC,IAAI,EAAE,MAAyC;QACnE,YAAY,EAAE,CAAC,QAAQ,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACzD,WAAW,EAAE,CAAC,QAAQ,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACvD,SAAS,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC;QACxC,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,2BAA2B,EAAE,IAAI;QAEjC,oDAAoD;QACpD,iBAAiB,EAAE,CAAC,QAAQ,CAAC;KAC9B,CAAC,CAAA;IAEF,wEAAwE;IACxE,6EAA6E;IAC7E,yEAAyE;IACzE,gCAAgC;IAChC,GAAG,CAAC,SAAS,CAAC,yBAAyB,EAAE,IAAA,mBAAQ,EAAC,GAAG,CAAC,CAAC,CAAA;IAEvD,6CAA6C;IAC7C,GAAG,CAAC,SAAS,CAAC,oBAAoB,EAAE,uCAAuC,CAAC,CAAA;IAC5E,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,gBAAgB,CAAC,CAAA;IAC/D,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,aAAa,CAAC,CAAA;IAC5D,GAAG,CAAC,SAAS,CAAC,4BAA4B,EAAE,aAAa,CAAC,CAAA;IAC1D,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;IAC/C,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAA;IACxC,GAAG,CAAC,SAAS,CAAC,wBAAwB,EAAE,SAAS,CAAC,CAAA;IAClD,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAA;IACtC,GAAG,CAAC,SAAS,CAAC,2BAA2B,EAAE,kBAAkB,CAAC,CAAA;IAE9D,MAAM,IAAI,GAAG,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAA;IAEnC,OAAO,IAAA,uBAAS,EAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAA;AACjD,CAAC;AAED,QAAe,CAAC,CAAC,WAAW,CAC1B,MAAkC;IAElC,IAAI,MAAM,EAAE,CAAC;QACX,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,UAAU,CAAC,KAAK,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAgB,UAAU,CAAC,KAAsB;IAC/C,IAAI,KAAK,YAAY,eAAI,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;QAC3E,OAAO,WAAW,IAAI,GAAG,CAAA;IAC3B,CAAC;SAAM,CAAC;QACN,OAAO,WAAW,KAAK,CAAC,MAAM,GAAG,CAAA;IACnC,CAAC;AACH,CAAC"}