npm - @atproto/oauth-provider - Versions diffs - 0.4.0 → 0.5.1 - Mend

@atproto/oauth-provider 0.4.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (402) hide show

package/.linguirc +57 -0
package/CHANGELOG.md +29 -0
package/dist/account/account-manager.d.ts +17 -3
package/dist/account/account-manager.d.ts.map +1 -1
package/dist/account/account-manager.js +102 -8
package/dist/account/account-manager.js.map +1 -1
package/dist/account/account-store.d.ts +81 -15
package/dist/account/account-store.d.ts.map +1 -1
package/dist/account/account-store.js +70 -19
package/dist/account/account-store.js.map +1 -1
package/dist/account/sign-in-data.d.ts +28 -0
package/dist/account/sign-in-data.d.ts.map +1 -0
package/dist/account/sign-in-data.js +16 -0
package/dist/account/sign-in-data.js.map +1 -0
package/dist/account/sign-up-data.d.ts +26 -0
package/dist/account/sign-up-data.d.ts.map +1 -0
package/dist/account/sign-up-data.js +11 -0
package/dist/account/sign-up-data.js.map +1 -0
package/dist/assets/app/bundle-manifest.json +598 -6
package/dist/assets/app/index-ItwwtJ8r.js +36 -0
package/dist/assets/app/index-ItwwtJ8r.js.map +1 -0
package/dist/assets/app/main-B_dNxQo_.js +4 -0
package/dist/assets/app/main-B_dNxQo_.js.map +1 -0
package/dist/assets/app/main-CSatvmRR.css +3 -0
package/dist/assets/app/main-CSatvmRR.js +306 -0
package/dist/assets/app/main-CSatvmRR.js.map +1 -0
package/dist/assets/app/messages-BQeltXSF.js +4 -0
package/dist/assets/app/messages-BQeltXSF.js.map +1 -0
package/dist/assets/app/messages-BQkEhfjg.js +4 -0
package/dist/assets/app/messages-BQkEhfjg.js.map +1 -0
package/dist/assets/app/messages-BUjKj_UJ.js +4 -0
package/dist/assets/app/messages-BUjKj_UJ.js.map +1 -0
package/dist/assets/app/messages-BWIQa8fO.js +4 -0
package/dist/assets/app/messages-BWIQa8fO.js.map +1 -0
package/dist/assets/app/messages-BaNVb0bp.js +4 -0
package/dist/assets/app/messages-BaNVb0bp.js.map +1 -0
package/dist/assets/app/messages-BaizVXcF.js +4 -0
package/dist/assets/app/messages-BaizVXcF.js.map +1 -0
package/dist/assets/app/messages-BfoClA1Y.js +4 -0
package/dist/assets/app/messages-BfoClA1Y.js.map +1 -0
package/dist/assets/app/messages-BsKGDZnC.js +4 -0
package/dist/assets/app/messages-BsKGDZnC.js.map +1 -0
package/dist/assets/app/messages-Bu-TJhml.js +4 -0
package/dist/assets/app/messages-Bu-TJhml.js.map +1 -0
package/dist/assets/app/messages-BvOKnBQk.js +4 -0
package/dist/assets/app/messages-BvOKnBQk.js.map +1 -0
package/dist/assets/app/messages-BxDzCiWz.js +4 -0
package/dist/assets/app/messages-BxDzCiWz.js.map +1 -0
package/dist/assets/app/messages-CDgFOy4S.js +4 -0
package/dist/assets/app/messages-CDgFOy4S.js.map +1 -0
package/dist/assets/app/messages-CLbTz0o9.js +4 -0
package/dist/assets/app/messages-CLbTz0o9.js.map +1 -0
package/dist/assets/app/messages-CNwSh0t7.js +4 -0
package/dist/assets/app/messages-CNwSh0t7.js.map +1 -0
package/dist/assets/app/messages-CSMNJ6P8.js +4 -0
package/dist/assets/app/messages-CSMNJ6P8.js.map +1 -0
package/dist/assets/app/messages-CZQUw3mp.js +4 -0
package/dist/assets/app/messages-CZQUw3mp.js.map +1 -0
package/dist/assets/app/messages-CZT41oVp.js +4 -0
package/dist/assets/app/messages-CZT41oVp.js.map +1 -0
package/dist/assets/app/messages-C_b-d3t8.js +4 -0
package/dist/assets/app/messages-C_b-d3t8.js.map +1 -0
package/dist/assets/app/messages-C_u3MTc2.js +4 -0
package/dist/assets/app/messages-C_u3MTc2.js.map +1 -0
package/dist/assets/app/messages-Cn8nHZic.js +4 -0
package/dist/assets/app/messages-Cn8nHZic.js.map +1 -0
package/dist/assets/app/messages-CtDywJUm.js +4 -0
package/dist/assets/app/messages-CtDywJUm.js.map +1 -0
package/dist/assets/app/messages-CurtIjBF.js +4 -0
package/dist/assets/app/messages-CurtIjBF.js.map +1 -0
package/dist/assets/app/messages-Cv6zIbaP.js +4 -0
package/dist/assets/app/messages-Cv6zIbaP.js.map +1 -0
package/dist/assets/app/messages-D1eLQuPE.js +4 -0
package/dist/assets/app/messages-D1eLQuPE.js.map +1 -0
package/dist/assets/app/messages-D8vHEaYW.js +4 -0
package/dist/assets/app/messages-D8vHEaYW.js.map +1 -0
package/dist/assets/app/messages-DJ1Q4GeC.js +4 -0
package/dist/assets/app/messages-DJ1Q4GeC.js.map +1 -0
package/dist/assets/app/messages-DRL3exqd.js +4 -0
package/dist/assets/app/messages-DRL3exqd.js.map +1 -0
package/dist/assets/app/messages-DWLPQRTp.js +4 -0
package/dist/assets/app/messages-DWLPQRTp.js.map +1 -0
package/dist/assets/app/messages-DjVaE9YE.js +4 -0
package/dist/assets/app/messages-DjVaE9YE.js.map +1 -0
package/dist/assets/app/messages-DqpMfFJR.js +4 -0
package/dist/assets/app/messages-DqpMfFJR.js.map +1 -0
package/dist/assets/app/messages-ETjhJBEN.js +4 -0
package/dist/assets/app/messages-ETjhJBEN.js.map +1 -0
package/dist/assets/app/messages-EUKrgrGn.js +4 -0
package/dist/assets/app/messages-EUKrgrGn.js.map +1 -0
package/dist/assets/app/messages-QQrOUcPW.js +4 -0
package/dist/assets/app/messages-QQrOUcPW.js.map +1 -0
package/dist/assets/app/messages-e2QGqFL6.js +4 -0
package/dist/assets/app/messages-e2QGqFL6.js.map +1 -0
package/dist/assets/app/messages-p61py7gD.js +4 -0
package/dist/assets/app/messages-p61py7gD.js.map +1 -0
package/dist/assets/asset.d.ts +1 -0
package/dist/assets/asset.d.ts.map +1 -1
package/dist/assets/assets-middleware.d.ts.map +1 -1
package/dist/assets/assets-middleware.js +12 -7
package/dist/assets/assets-middleware.js.map +1 -1
package/dist/assets/index.d.ts +3 -2
package/dist/assets/index.d.ts.map +1 -1
package/dist/assets/index.js +13 -1
package/dist/assets/index.js.map +1 -1
package/dist/client/client-store.d.ts +3 -3
package/dist/client/client-store.d.ts.map +1 -1
package/dist/client/client-store.js +6 -5
package/dist/client/client-store.js.map +1 -1
package/dist/device/device-manager.d.ts +9 -8
package/dist/device/device-manager.d.ts.map +1 -1
package/dist/device/device-manager.js.map +1 -1
package/dist/device/device-store.d.ts +3 -3
package/dist/device/device-store.d.ts.map +1 -1
package/dist/device/device-store.js +10 -9
package/dist/device/device-store.js.map +1 -1
package/dist/dpop/dpop-manager.d.ts +15 -7
package/dist/dpop/dpop-manager.d.ts.map +1 -1
package/dist/dpop/dpop-manager.js +17 -3
package/dist/dpop/dpop-manager.js.map +1 -1
package/dist/dpop/dpop-nonce.d.ts +11 -5
package/dist/dpop/dpop-nonce.d.ts.map +1 -1
package/dist/dpop/dpop-nonce.js +47 -38
package/dist/dpop/dpop-nonce.js.map +1 -1
package/dist/errors/handle-unavailable-error.d.ts +11 -0
package/dist/errors/handle-unavailable-error.d.ts.map +1 -0
package/dist/errors/handle-unavailable-error.js +19 -0
package/dist/errors/handle-unavailable-error.js.map +1 -0
package/dist/errors/invalid-request-error.d.ts +6 -8
package/dist/errors/invalid-request-error.d.ts.map +1 -1
package/dist/errors/invalid-request-error.js +10 -8
package/dist/errors/invalid-request-error.js.map +1 -1
package/dist/lib/csp/index.d.ts +18 -0
package/dist/lib/csp/index.d.ts.map +1 -0
package/dist/lib/csp/index.js +72 -0
package/dist/lib/csp/index.js.map +1 -0
package/dist/lib/hcaptcha.d.ts +177 -0
package/dist/lib/hcaptcha.d.ts.map +1 -0
package/dist/lib/hcaptcha.js +155 -0
package/dist/lib/hcaptcha.js.map +1 -0
package/dist/lib/html/build-document.d.ts +11 -3
package/dist/lib/html/build-document.d.ts.map +1 -1
package/dist/lib/html/build-document.js +51 -15
package/dist/lib/html/build-document.js.map +1 -1
package/dist/lib/http/middleware.d.ts.map +1 -1
package/dist/lib/http/middleware.js +4 -1
package/dist/lib/http/middleware.js.map +1 -1
package/dist/lib/http/request.d.ts +5 -2
package/dist/lib/http/request.d.ts.map +1 -1
package/dist/lib/http/request.js +16 -1
package/dist/lib/http/request.js.map +1 -1
package/dist/lib/http/response.d.ts +4 -2
package/dist/lib/http/response.d.ts.map +1 -1
package/dist/lib/http/response.js +23 -5
package/dist/lib/http/response.js.map +1 -1
package/dist/lib/locale.d.ts +15 -0
package/dist/lib/locale.d.ts.map +1 -0
package/dist/lib/locale.js +17 -0
package/dist/lib/locale.js.map +1 -0
package/dist/lib/util/function.d.ts +2 -2
package/dist/lib/util/function.d.ts.map +1 -1
package/dist/lib/util/function.js.map +1 -1
package/dist/lib/util/type.d.ts +88 -1
package/dist/lib/util/type.d.ts.map +1 -1
package/dist/lib/util/type.js +41 -0
package/dist/lib/util/type.js.map +1 -1
package/dist/metadata/build-metadata.d.ts +2 -2
package/dist/metadata/build-metadata.d.ts.map +1 -1
package/dist/metadata/build-metadata.js.map +1 -1
package/dist/oauth-errors.d.ts +1 -0
package/dist/oauth-errors.d.ts.map +1 -1
package/dist/oauth-errors.js +3 -1
package/dist/oauth-errors.js.map +1 -1
package/dist/oauth-hooks.d.ts +60 -3
package/dist/oauth-hooks.d.ts.map +1 -1
package/dist/oauth-hooks.js +3 -3
package/dist/oauth-hooks.js.map +1 -1
package/dist/oauth-provider.d.ts +23 -18
package/dist/oauth-provider.d.ts.map +1 -1
package/dist/oauth-provider.js +207 -204
package/dist/oauth-provider.js.map +1 -1
package/dist/oauth-verifier.d.ts +1 -1
package/dist/oauth-verifier.d.ts.map +1 -1
package/dist/oauth-verifier.js +2 -1
package/dist/oauth-verifier.js.map +1 -1
package/dist/output/build-authorize-data.d.ts +0 -1
package/dist/output/build-authorize-data.d.ts.map +1 -1
package/dist/output/build-authorize-data.js +0 -1
package/dist/output/build-authorize-data.js.map +1 -1
package/dist/output/build-customization-data.d.ts +241 -0
package/dist/output/build-customization-data.d.ts.map +1 -0
package/dist/output/build-customization-data.js +174 -0
package/dist/output/build-customization-data.js.map +1 -0
package/dist/output/output-manager.d.ts +16 -9
package/dist/output/output-manager.d.ts.map +1 -1
package/dist/output/output-manager.js +78 -42
package/dist/output/output-manager.js.map +1 -1
package/dist/output/send-authorize-redirect.d.ts +9 -6
package/dist/output/send-authorize-redirect.d.ts.map +1 -1
package/dist/output/send-authorize-redirect.js +20 -14
package/dist/output/send-authorize-redirect.js.map +1 -1
package/dist/output/send-web-page.d.ts +7 -2
package/dist/output/send-web-page.d.ts.map +1 -1
package/dist/output/send-web-page.js +37 -21
package/dist/output/send-web-page.js.map +1 -1
package/dist/request/request-manager.d.ts +1 -1
package/dist/request/request-manager.d.ts.map +1 -1
package/dist/request/request-manager.js +4 -4
package/dist/request/request-manager.js.map +1 -1
package/dist/request/request-store.d.ts +3 -3
package/dist/request/request-store.d.ts.map +1 -1
package/dist/request/request-store.js +11 -10
package/dist/request/request-store.js.map +1 -1
package/dist/token/token-store.d.ts +4 -4
package/dist/token/token-store.d.ts.map +1 -1
package/dist/token/token-store.js +13 -12
package/dist/token/token-store.js.map +1 -1
package/package.json +43 -20
package/rollup.config.js +61 -17
package/src/account/account-manager.ts +159 -8
package/src/account/account-store.ts +127 -32
package/src/account/sign-in-data.ts +15 -0
package/src/account/sign-up-data.ts +11 -0
package/src/assets/app/app.tsx +31 -16
package/src/assets/app/backend-data.ts +15 -60
package/src/assets/app/backend-types.ts +66 -0
package/src/assets/app/components/forms/button-toggle-visibility.tsx +43 -0
package/src/assets/app/components/forms/button.tsx +60 -0
package/src/assets/app/components/forms/fieldset.tsx +55 -0
package/src/assets/app/components/forms/form-card-async.tsx +103 -0
package/src/assets/app/components/forms/form-card.tsx +49 -0
package/src/assets/app/components/forms/input-checkbox.tsx +73 -0
package/src/assets/app/components/forms/input-container.tsx +107 -0
package/src/assets/app/components/forms/input-email-address.tsx +66 -0
package/src/assets/app/components/forms/input-new-password.tsx +62 -0
package/src/assets/app/components/forms/input-password.tsx +88 -0
package/src/assets/app/components/forms/input-text.tsx +76 -0
package/src/assets/app/components/forms/input-token.tsx +94 -0
package/src/assets/app/components/forms/wizard-card.tsx +116 -0
package/src/assets/app/components/layouts/layout-title-page.tsx +77 -0
package/src/assets/app/components/layouts/layout-welcome.tsx +73 -0
package/src/assets/app/components/utils/account-identifier.tsx +23 -0
package/src/assets/app/components/utils/account-image.tsx +33 -0
package/src/assets/app/components/utils/admonition.tsx +52 -0
package/src/assets/app/components/utils/client-name.tsx +45 -0
package/src/assets/app/components/utils/error-card.tsx +93 -0
package/src/assets/app/components/utils/error-message.tsx +62 -0
package/src/assets/app/components/utils/help-card.tsx +46 -0
package/src/assets/app/components/utils/icons.tsx +88 -0
package/src/assets/app/components/utils/link-anchor.tsx +28 -0
package/src/assets/app/components/utils/link-title.tsx +26 -0
package/src/assets/app/components/utils/multi-lang-string.tsx +56 -0
package/src/assets/app/components/utils/password-strength-label.tsx +37 -0
package/src/assets/app/components/utils/password-strength-meter.tsx +58 -0
package/src/assets/app/components/{url-viewer.tsx → utils/url-viewer.tsx} +9 -6
package/src/assets/app/hooks/use-api.ts +128 -55
package/src/assets/app/hooks/use-async-action.ts +120 -0
package/src/assets/app/hooks/use-browser-color-scheme.ts +31 -0
package/src/assets/app/hooks/use-csrf-token.ts +1 -1
package/src/assets/app/hooks/use-random-string.ts +37 -0
package/src/assets/app/hooks/use-stepper.ts +87 -0
package/src/assets/app/index.html +182 -0
package/src/assets/app/lib/api.ts +248 -79
package/src/assets/app/lib/clsx.ts +5 -8
package/src/assets/app/lib/json-client.ts +94 -0
package/src/assets/app/lib/password.ts +98 -0
package/src/assets/app/lib/ref.ts +17 -0
package/src/assets/app/locales/an/messages.po +492 -0
package/src/assets/app/locales/ast/messages.po +492 -0
package/src/assets/app/locales/ca/messages.po +492 -0
package/src/assets/app/locales/da/messages.po +492 -0
package/src/assets/app/locales/de/messages.po +492 -0
package/src/assets/app/locales/el/messages.po +492 -0
package/src/assets/app/locales/en/messages.po +492 -0
package/src/assets/app/locales/en-GB/messages.po +492 -0
package/src/assets/app/locales/es/messages.po +492 -0
package/src/assets/app/locales/eu/messages.po +492 -0
package/src/assets/app/locales/fi/messages.po +492 -0
package/src/assets/app/locales/fr/messages.po +492 -0
package/src/assets/app/locales/ga/messages.po +492 -0
package/src/assets/app/locales/gl/messages.po +492 -0
package/src/assets/app/locales/hi/messages.po +492 -0
package/src/assets/app/locales/hu/messages.po +492 -0
package/src/assets/app/locales/ia/messages.po +492 -0
package/src/assets/app/locales/id/messages.po +492 -0
package/src/assets/app/locales/it/messages.po +492 -0
package/src/assets/app/locales/ja/messages.po +492 -0
package/src/assets/app/locales/km/messages.po +492 -0
package/src/assets/app/locales/ko/messages.po +492 -0
package/src/assets/app/locales/load.ts +8 -0
package/src/assets/app/locales/locale-context.ts +19 -0
package/src/assets/app/locales/locale-provider.tsx +112 -0
package/src/assets/app/locales/locale-selector.tsx +58 -0
package/src/assets/app/locales/locales.ts +168 -0
package/src/assets/app/locales/ne/messages.po +492 -0
package/src/assets/app/locales/nl/messages.po +492 -0
package/src/assets/app/locales/pl/messages.po +492 -0
package/src/assets/app/locales/pt-BR/messages.po +492 -0
package/src/assets/app/locales/ro/messages.po +492 -0
package/src/assets/app/locales/ru/messages.po +492 -0
package/src/assets/app/locales/sv/messages.po +492 -0
package/src/assets/app/locales/th/messages.po +492 -0
package/src/assets/app/locales/tr/messages.po +492 -0
package/src/assets/app/locales/uk/messages.po +492 -0
package/src/assets/app/locales/vi/messages.po +492 -0
package/src/assets/app/locales/zh-CN/messages.po +492 -0
package/src/assets/app/locales/zh-HK/messages.po +492 -0
package/src/assets/app/locales/zh-TW/messages.po +492 -0
package/src/assets/app/main.css +23 -2
package/src/assets/app/main.tsx +24 -8
package/src/assets/app/views/authorize/accept/accept-form.tsx +150 -0
package/src/assets/app/views/authorize/accept/accept-view.tsx +70 -0
package/src/assets/app/views/authorize/authorize-view.tsx +180 -0
package/src/assets/app/views/authorize/reset-password/reset-password-confirm-form.tsx +88 -0
package/src/assets/app/views/authorize/reset-password/reset-password-request-form.tsx +80 -0
package/src/assets/app/views/authorize/reset-password/reset-password-view.tsx +127 -0
package/src/assets/app/views/authorize/sign-in/sign-in-form.tsx +244 -0
package/src/assets/app/views/authorize/sign-in/sign-in-picker.tsx +116 -0
package/src/assets/app/views/authorize/sign-in/sign-in-view.tsx +145 -0
package/src/assets/app/views/authorize/sign-up/sign-up-account-form.tsx +140 -0
package/src/assets/app/views/authorize/sign-up/sign-up-disclaimer.tsx +51 -0
package/src/assets/app/views/authorize/sign-up/sign-up-handle-form.tsx +289 -0
package/src/assets/app/views/authorize/sign-up/sign-up-hcaptcha-form.tsx +108 -0
package/src/assets/app/views/authorize/sign-up/sign-up-view.tsx +158 -0
package/src/assets/app/views/authorize/welcome/welcome-view.tsx +56 -0
package/src/assets/app/views/error/error-view.tsx +31 -0
package/src/assets/asset.ts +1 -0
package/src/assets/assets-middleware.ts +13 -8
package/src/assets/index.ts +15 -2
package/src/client/client-store.ts +10 -12
package/src/device/device-manager.ts +8 -12
package/src/device/device-store.ts +9 -15
package/src/dpop/dpop-manager.ts +20 -8
package/src/dpop/dpop-nonce.ts +58 -40
package/src/errors/handle-unavailable-error.ts +18 -0
package/src/errors/invalid-request-error.ts +10 -8
package/src/lib/csp/index.ts +98 -0
package/src/lib/hcaptcha.ts +182 -0
package/src/lib/html/build-document.ts +60 -16
package/src/lib/http/middleware.ts +4 -3
package/src/lib/http/request.ts +31 -1
package/src/lib/http/response.ts +22 -9
package/src/lib/locale.ts +21 -0
package/src/lib/util/function.ts +0 -3
package/src/lib/util/type.ts +130 -1
package/src/metadata/build-metadata.ts +2 -1
package/src/oauth-errors.ts +1 -0
package/src/oauth-hooks.ts +69 -3
package/src/oauth-provider.ts +403 -307
package/src/oauth-verifier.ts +3 -1
package/src/output/build-authorize-data.ts +1 -3
package/src/output/build-customization-data.ts +228 -0
package/src/output/output-manager.ts +111 -48
package/src/output/send-authorize-redirect.ts +43 -36
package/src/output/send-web-page.ts +40 -26
package/src/request/request-manager.ts +4 -4
package/src/request/request-store.ts +12 -16
package/src/token/token-store.ts +14 -18
package/tailwind.config.js +5 -0
package/tsconfig.backend.tsbuildinfo +1 -1
package/tsconfig.frontend.tsbuildinfo +1 -1
package/tsconfig.tools.tsbuildinfo +1 -1
package/vite.config.mjs +16 -0
package/.postcssrc.yml +0 -3
package/dist/assets/app/main.css +0 -3
package/dist/assets/app/main.js +0 -20
package/dist/assets/app/main.js.map +0 -1
package/dist/output/customization.d.ts +0 -27
package/dist/output/customization.d.ts.map +0 -1
package/dist/output/customization.js +0 -88
package/dist/output/customization.js.map +0 -1
package/src/assets/app/components/accept-form.tsx +0 -137
package/src/assets/app/components/account-identifier.tsx +0 -18
package/src/assets/app/components/account-picker.tsx +0 -127
package/src/assets/app/components/button.tsx +0 -34
package/src/assets/app/components/client-name.tsx +0 -37
package/src/assets/app/components/fieldset.tsx +0 -26
package/src/assets/app/components/form-card.tsx +0 -47
package/src/assets/app/components/help-card.tsx +0 -42
package/src/assets/app/components/icons/alert-icon.tsx +0 -5
package/src/assets/app/components/icons/at-symbol-icon.tsx +0 -5
package/src/assets/app/components/icons/caret-right-icon.tsx +0 -5
package/src/assets/app/components/icons/lock-icon.tsx +0 -5
package/src/assets/app/components/icons/token-icon.tsx +0 -5
package/src/assets/app/components/icons/util.tsx +0 -17
package/src/assets/app/components/info-card.tsx +0 -45
package/src/assets/app/components/input-checkbox.tsx +0 -47
package/src/assets/app/components/input-container.tsx +0 -37
package/src/assets/app/components/input-layout.tsx +0 -47
package/src/assets/app/components/input-text.tsx +0 -69
package/src/assets/app/components/layout-title-page.tsx +0 -60
package/src/assets/app/components/layout-welcome.tsx +0 -74
package/src/assets/app/components/sign-in-form.tsx +0 -337
package/src/assets/app/components/sign-up-account-form.tsx +0 -194
package/src/assets/app/components/sign-up-disclaimer.tsx +0 -44
package/src/assets/app/views/accept-view.tsx +0 -55
package/src/assets/app/views/authorize-view.tsx +0 -106
package/src/assets/app/views/error-view.tsx +0 -36
package/src/assets/app/views/sign-in-view.tsx +0 -111
package/src/assets/app/views/sign-up-view.tsx +0 -86
package/src/assets/app/views/welcome-view.tsx +0 -54
package/src/output/customization.ts +0 -118

package/src/account/account-manager.ts CHANGED Viewed

@@ -1,31 +1,164 @@
-import { isOAuthClientIdLoopback } from '@atproto/oauth-types'
+import {
+  OAuthIssuerIdentifier,
+  isOAuthClientIdLoopback,
+} from '@atproto/oauth-types'
 import { Client } from '../client/client.js'
 import { DeviceId } from '../device/device-id.js'
+import { InvalidRequestError } from '../errors/invalid-request-error.js'
+import { HCaptchaClient, HcaptchaVerifyResult } from '../lib/hcaptcha.js'
+import { callAsync } from '../lib/util/function.js'
 import { constantTime } from '../lib/util/time.js'
-import { InvalidRequestError } from '../oauth-errors.js'
+import { OAuthHooks, RequestMetadata } from '../oauth-hooks.js'
+import { Customization } from '../oauth-provider.js'
 import { Sub } from '../oidc/sub.js'
 import { ClientAuth } from '../token/token-store.js'
 import {
   Account,
   AccountInfo,
   AccountStore,
-  SignInCredentials,
+  ResetPasswordConfirmData,
+  ResetPasswordRequestData,
 } from './account-store.js'
+import { SignInData } from './sign-in-data.js'
+import { SignUpData } from './sign-up-data.js'
 const TIMING_ATTACK_MITIGATION_DELAY = 400
+const BRUTE_FORCE_MITIGATION_DELAY = 300
 export class AccountManager {
-  constructor(protected readonly store: AccountStore) {}
+  protected readonly inviteCodeRequired: boolean
+  protected readonly hcaptchaClient?: HCaptchaClient
+  constructor(
+    issuer: OAuthIssuerIdentifier,
+    protected readonly store: AccountStore,
+    protected readonly hooks: OAuthHooks,
+    customization: Customization,
+  ) {
+    this.inviteCodeRequired = customization.inviteCodeRequired !== false
+    this.hcaptchaClient = customization.hcaptcha
+      ? new HCaptchaClient(new URL(issuer).hostname, customization.hcaptcha)
+      : undefined
+  }
+  protected async verifySignupData(
+    data: SignUpData,
+    deviceId: DeviceId,
+    deviceMetadata: RequestMetadata,
+  ): Promise<void> {
+    let hcaptchaResult: undefined | HcaptchaVerifyResult
+    if (this.inviteCodeRequired && !data.inviteCode) {
+      throw new InvalidRequestError('Invite code is required')
+    }
+    if (this.hcaptchaClient) {
+      if (!data.hcaptchaToken) {
+        throw new InvalidRequestError('hCaptcha token is required')
+      }
+      const { allowed, result } = await this.hcaptchaClient.verify(
+        'signup',
+        data.hcaptchaToken,
+        deviceMetadata.ipAddress,
+        data.handle,
+        deviceMetadata.userAgent,
+      )
+      await callAsync(this.hooks.onSignupHcaptchaResult, {
+        data,
+        allowed,
+        result,
+        deviceId,
+        deviceMetadata,
+      })
+      if (!allowed) {
+        throw new InvalidRequestError('hCaptcha verification failed')
+      }
+      hcaptchaResult = result
+    }
+    await callAsync(this.hooks.onSignupAttempt, {
+      data,
+      deviceId,
+      deviceMetadata,
+      hcaptchaResult,
+    })
+  }
+  public async signUp(
+    data: SignUpData,
+    deviceId: DeviceId,
+    deviceMetadata: RequestMetadata,
+  ): Promise<AccountInfo> {
+    await this.verifySignupData(data, deviceId, deviceMetadata)
+    // Mitigation against brute forcing email of users.
+    // @TODO Add rate limit to all the OAuth routes.
+    return constantTime(BRUTE_FORCE_MITIGATION_DELAY, async () => {
+      let account: Account
+      try {
+        account = await this.store.createAccount(data)
+      } catch (err) {
+        throw InvalidRequestError.from(err, 'Account creation failed')
+      }
+      try {
+        const info = await this.store.addDeviceAccount(
+          deviceId,
+          account.sub,
+          false,
+        )
+        await callAsync(this.hooks.onSignedUp, {
+          data,
+          info,
+          account,
+          deviceId,
+          deviceMetadata,
+        })
+        return { account, info }
+      } catch (err) {
+        throw InvalidRequestError.from(
+          err,
+          'Something went wrong, try singing-in',
+        )
+      }
+    })
+  }
   public async signIn(
-    credentials: SignInCredentials,
+    data: SignInData,
     deviceId: DeviceId,
+    deviceMetadata: RequestMetadata,
   ): Promise<AccountInfo> {
     return constantTime(TIMING_ATTACK_MITIGATION_DELAY, async () => {
-      const result = await this.store.authenticateAccount(credentials, deviceId)
-      if (result) return result
+      try {
+        const account = await this.store.authenticateAccount(data)
+        const info = await this.store.addDeviceAccount(
+          deviceId,
+          account.sub,
+          data.remember,
+        )
-      throw new InvalidRequestError('Invalid credentials')
+        await callAsync(this.hooks.onSignedIn, {
+          data,
+          info,
+          account,
+          deviceId,
+          deviceMetadata,
+        })
+        return { account, info }
+      } catch (err) {
+        throw InvalidRequestError.from(
+          err,
+          'Unable to sign-in due to an unexpected server error',
+        )
+      }
     })
   }
@@ -52,4 +185,22 @@ export class AccountManager {
     const results = await this.store.listDeviceAccounts(deviceId)
     return results.filter((result) => result.info.remembered)
   }
+  public async resetPasswordRequest(data: ResetPasswordRequestData) {
+    return constantTime(TIMING_ATTACK_MITIGATION_DELAY, async () => {
+      await this.store.resetPasswordRequest(data)
+    })
+  }
+  public async resetPasswordConfirm(data: ResetPasswordConfirmData) {
+    return constantTime(TIMING_ATTACK_MITIGATION_DELAY, async () => {
+      await this.store.resetPasswordConfirm(data)
+    })
+  }
+  public async verifyHandleAvailability(handle: string): Promise<void> {
+    return constantTime(TIMING_ATTACK_MITIGATION_DELAY, async () => {
+      return this.store.verifyHandleAvailability(handle)
+    })
+  }
 }

package/src/account/account-store.ts CHANGED Viewed

@@ -1,25 +1,86 @@
+import { isEmailValid } from '@hapi/address'
+import { isDisposableEmail } from 'disposable-email-domains-js'
 import { z } from 'zod'
 import { ClientId } from '../client/client-id.js'
 import { DeviceId } from '../device/device-id.js'
-import { Awaitable } from '../lib/util/type.js'
+import { localeSchema } from '../lib/locale.js'
+import { Awaitable, buildInterfaceChecker } from '../lib/util/type.js'
+import {
+  HandleUnavailableError,
+  InvalidRequestError,
+  SecondAuthenticationFactorRequiredError,
+} from '../oauth-errors.js'
 import { Sub } from '../oidc/sub.js'
 import { Account } from './account.js'
-export const signInCredentialsSchema = z.object({
-  username: z.string(),
-  password: z.string(),
+// @NOTE Change the length here to force stronger passwords (through a reset)
+export const oldPasswordSchema = z.string().min(1)
+export const newPasswordSchema = z.string().min(8)
+export const tokenSchema = z.string().regex(/^[A-Z2-7]{5}-[A-Z2-7]{5}$/)
+export const handleSchema = z
+  .string()
+  .min(3)
+  .max(30)
+  .regex(/^[a-z0-9][a-z0-9-]+[a-z0-9](?:\.[a-z0-9][a-z0-9-]+[a-z0-9])+$/)
+export const emailSchema = z
+  .string()
+  .email()
+  // @NOTE using @hapi/address here, in addition to the email() check to ensure
+  // compatibility with the current email validation in the PDS's account
+  // manager
+  .refine(isEmailValid, {
+    message: 'Invalid email address',
+  })
+  .refine((email) => !isDisposableEmail(email), {
+    message: 'Disposable email addresses are not allowed',
+  })
-  /**
-   * If false, the account must not be returned from
-   * {@link AccountStore.listDeviceAccounts}. Note that this only makes sense when
-   * used with a device ID.
-   */
-  remember: z.boolean().optional().default(false),
+export const authenticateAccountDataSchema = z
+  .object({
+    locale: localeSchema,
+    username: z.string(),
+    password: oldPasswordSchema,
+    emailOtp: z.string().optional(),
+  })
+  .strict()
+export type AuthenticateAccountData = z.TypeOf<
+  typeof authenticateAccountDataSchema
+>
+export const createAccountDataSchema = z
+  .object({
+    locale: localeSchema,
+    handle: handleSchema,
+    email: emailSchema,
+    password: z.intersection(oldPasswordSchema, newPasswordSchema),
+    inviteCode: tokenSchema.optional(),
+  })
+  .strict()
+export type CreateAccountData = z.TypeOf<typeof createAccountDataSchema>
+export const resetPasswordRequestDataSchema = z
+  .object({
+    locale: localeSchema,
+    email: emailSchema,
+  })
+  .strict()
+export type ResetPasswordRequestData = z.TypeOf<
+  typeof resetPasswordRequestDataSchema
+>
-  emailOtp: z.string().optional(),
-})
+export const resetPasswordConfirmDataSchema = z
+  .object({
+    token: tokenSchema,
+    password: z.intersection(oldPasswordSchema, newPasswordSchema),
+  })
+  .strict()
-export type SignInCredentials = z.TypeOf<typeof signInCredentialsSchema>
+export type ResetPasswordConfirmData = z.TypeOf<
+  typeof resetPasswordConfirmDataSchema
+>
 export type DeviceAccountInfo = {
   remembered: boolean
@@ -28,7 +89,14 @@ export type DeviceAccountInfo = {
 }
 // Export all types needed to implement the AccountStore interface
-export type { Account, DeviceId, Sub }
+export {
+  type Account,
+  type DeviceId,
+  HandleUnavailableError,
+  InvalidRequestError,
+  SecondAuthenticationFactorRequiredError,
+  type Sub,
+}
 export type AccountInfo = {
   account: Account
@@ -36,10 +104,17 @@ export type AccountInfo = {
 }
 export interface AccountStore {
-  authenticateAccount(
-    credentials: SignInCredentials,
-    deviceId: DeviceId,
-  ): Awaitable<AccountInfo | null>
+  /**
+   * @throws {HandleUnavailableError} - To indicate that the handle is already taken
+   * @throws {InvalidRequestError} - To indicate that some data is invalid
+   */
+  createAccount(data: CreateAccountData): Awaitable<Account>
+  /**
+   * @throws {InvalidRequestError} - When the credentials are not valid
+   * @throws {SecondAuthenticationFactorRequiredError} - To indicate that an {@link SecondAuthenticationFactorRequiredError.type} is required in the credentials
+   */
+  authenticateAccount(data: AuthenticateAccountData): Awaitable<Account>
   addAuthorizedClient(
     deviceId: DeviceId,
@@ -47,6 +122,19 @@ export interface AccountStore {
     clientId: ClientId,
   ): Awaitable<void>
+  /**
+   * @param remember If false, the account must not be returned from
+   * {@link AccountStore.listDeviceAccounts}.
+   */
+  addDeviceAccount(
+    deviceId: DeviceId,
+    sub: Sub,
+    remember: boolean,
+  ): Awaitable<DeviceAccountInfo>
+  /**
+   * @returns The account info, whether the account, even if remember was false.
+   */
   getDeviceAccount(deviceId: DeviceId, sub: Sub): Awaitable<AccountInfo | null>
   removeDeviceAccount(deviceId: DeviceId, sub: Sub): Awaitable<void>
@@ -55,23 +143,30 @@ export interface AccountStore {
    * be returned. The others will be ignored.
    */
   listDeviceAccounts(deviceId: DeviceId): Awaitable<AccountInfo[]>
-}
-export function isAccountStore(
-  implementation: Record<string, unknown> & Partial<AccountStore>,
-): implementation is Record<string, unknown> & AccountStore {
-  return (
-    typeof implementation.authenticateAccount === 'function' &&
-    typeof implementation.getDeviceAccount === 'function' &&
-    typeof implementation.addAuthorizedClient === 'function' &&
-    typeof implementation.listDeviceAccounts === 'function' &&
-    typeof implementation.removeDeviceAccount === 'function'
-  )
+  resetPasswordRequest(data: ResetPasswordRequestData): Awaitable<void>
+  resetPasswordConfirm(data: ResetPasswordConfirmData): Awaitable<void>
+  /**
+   * @throws {HandleUnavailableError} - To indicate that the handle is already taken
+   */
+  verifyHandleAvailability(handle: string): Awaitable<void>
 }
-export function asAccountStore(
-  implementation?: Record<string, unknown> & Partial<AccountStore>,
-): AccountStore {
+export const isAccountStore = buildInterfaceChecker<AccountStore>([
+  'createAccount',
+  'authenticateAccount',
+  'addAuthorizedClient',
+  'addDeviceAccount',
+  'getDeviceAccount',
+  'removeDeviceAccount',
+  'listDeviceAccounts',
+  'resetPasswordRequest',
+  'resetPasswordConfirm',
+  'verifyHandleAvailability',
+])
+export function asAccountStore<V>(implementation: V): V & AccountStore {
   if (!implementation || !isAccountStore(implementation)) {
     throw new Error('Invalid AccountStore implementation')
   }

package/src/account/sign-in-data.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import { z } from 'zod'
+import { authenticateAccountDataSchema } from './account-store.js'
+export const signInDataSchema = authenticateAccountDataSchema
+  .extend({
+    /**
+     * If false, the account must not be returned from
+     * {@link AccountStore.listDeviceAccounts}. Note that this only makes sense when
+     * used with a device ID.
+     */
+    remember: z.boolean().optional().default(false),
+  })
+  .strict()
+export type SignInData = z.TypeOf<typeof signInDataSchema>

package/src/account/sign-up-data.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { z } from 'zod'
+import { hcaptchaTokenSchema } from '../lib/hcaptcha.js'
+import { createAccountDataSchema } from './account-store.js'
+export const signUpDataSchema = createAccountDataSchema
+  .extend({
+    hcaptchaToken: hcaptchaTokenSchema.optional(),
+  })
+  .strict()
+export type SignUpData = z.TypeOf<typeof signUpDataSchema>

package/src/assets/app/app.tsx CHANGED Viewed

@@ -1,28 +1,43 @@
+import { ErrorBoundary } from 'react-error-boundary'
 import type {
   AuthorizeData,
+  AvailableLocales,
   CustomizationData,
   ErrorData,
-} from './backend-data'
-import { AuthorizeView } from './views/authorize-view'
-import { ErrorView } from './views/error-view'
+} from './backend-types.ts'
+import { LocaleProvider } from './locales/locale-provider.tsx'
+import { AuthorizeView } from './views/authorize/authorize-view.tsx'
+import { ErrorView } from './views/error/error-view.tsx'
 export type AppProps = {
+  availableLocales?: AvailableLocales
   authorizeData?: AuthorizeData
   customizationData?: CustomizationData
   errorData?: ErrorData
 }
-export function App({ authorizeData, customizationData, errorData }: AppProps) {
-  if (authorizeData && !errorData) {
-    return (
-      <AuthorizeView
-        customizationData={customizationData}
-        authorizeData={authorizeData}
-      />
-    )
-  } else {
-    return (
-      <ErrorView customizationData={customizationData} errorData={errorData} />
-    )
-  }
+export function App({
+  availableLocales,
+  authorizeData,
+  customizationData,
+  errorData,
+}: AppProps) {
+  return (
+    <LocaleProvider availableLocales={availableLocales}>
+      <ErrorBoundary
+        fallbackRender={({ error }) => (
+          <ErrorView error={error} customizationData={customizationData} />
+        )}
+      >
+        {errorData || !authorizeData ? (
+          <ErrorView error={errorData} customizationData={customizationData} />
+        ) : (
+          <AuthorizeView
+            customizationData={customizationData}
+            authorizeData={authorizeData}
+          />
+        )}
+      </ErrorBoundary>
+    </LocaleProvider>
+  )
 }

package/src/assets/app/backend-data.ts CHANGED Viewed

@@ -1,72 +1,27 @@
-import { OAuthClientMetadata } from '@atproto/oauth-types'
-// TODO: Find a way to share these types with the backend code
-export type Account = {
-  sub: string
-  aud: string
-  email?: string
-  name?: string
-  preferred_username?: string
-  picture?: string
-}
-export type Session = {
-  account: Account
-  info?: never // Prevent relying on this in the frontend
-  selected: boolean
-  loginRequired: boolean
-  consentRequired: boolean
-}
-export type LinkDefinition = {
-  title: string
-  href: string
-  rel?: string
-}
-export type CustomizationData = {
-  name?: string
-  logo?: string
-  links?: LinkDefinition[]
-}
-export type ErrorData = {
-  error: string
-  error_description: string
-}
-export type ScopeDetail = {
-  scope: string
-  description?: string
-}
-export type AuthorizeData = {
-  clientId: string
-  clientMetadata: OAuthClientMetadata
-  clientTrusted: boolean
-  requestUri: string
-  csrfCookie: string
-  loginHint?: string
-  scopeDetails?: ScopeDetail[]
-  newSessionsRequireConsent: boolean
-  sessions: Session[]
-}
-// see "declareBackendData()" in the backend
-const readBackendData = <T>(key: string): T | undefined => {
+import {
+  AuthorizeData,
+  AvailableLocales,
+  CustomizationData,
+  ErrorData,
+} from './backend-types.ts'
+function readBackendData<T>(key: string): T | undefined {
   const value = window[key] as T | undefined
   delete window[key] // Prevent accidental usage / potential leaks to dependencies
   return value
 }
 // These values are injected by the backend when it builds the
-// page HTML.
+// page HTML. See "declareBackendData()" in the backend.
+/** @deprecated Do not import directly. Only import this from main.tsx */
+export const availableLocales =
+  readBackendData<AvailableLocales>('__availableLocales')
+/** @deprecated Do not import directly. Only import this from main.tsx */
 export const customizationData = readBackendData<CustomizationData>(
   '__customizationData',
 )
+/** @deprecated Do not import directly. Only import this from main.tsx */
 export const errorData = readBackendData<ErrorData>('__errorData')
+/** @deprecated Do not import directly. Only import this from main.tsx */
 export const authorizeData = readBackendData<AuthorizeData>('__authorizeData')

package/src/assets/app/backend-types.ts ADDED Viewed

@@ -0,0 +1,66 @@
+import type { OAuthClientMetadata } from '@atproto/oauth-types'
+// @TODO: Find a way to share these types with the backend code
+export type Account = {
+  sub: string
+  aud: string | [string, ...string[]]
+  email?: string
+  email_verified?: boolean
+  name?: string
+  preferred_username?: string
+  picture?: string
+}
+export type Session = {
+  account: Account
+  info?: never // Prevent relying on this in the frontend
+  selected: boolean
+  loginRequired: boolean
+  consentRequired: boolean
+}
+export type LocalizedString = string | ({ en: string } & Record<string, string>)
+export type AvailableLocales = readonly string[]
+export type LinkDefinition = {
+  title: LocalizedString
+  href: string
+  rel?: string
+}
+export type CustomizationData = {
+  // Functional customization
+  hcaptchaSiteKey?: string
+  inviteCodeRequired?: boolean
+  availableUserDomains?: string[]
+  // Aesthetic customization
+  name?: string
+  logo?: string
+  links?: LinkDefinition[]
+}
+export type ErrorData = {
+  error: string
+  error_description: string
+}
+export type ScopeDetail = {
+  scope: string
+  description?: string
+}
+export type AuthorizeData = {
+  clientId: string
+  clientMetadata: OAuthClientMetadata
+  clientTrusted: boolean
+  requestUri: string
+  loginHint?: string
+  scopeDetails?: ScopeDetail[]
+  newSessionsRequireConsent: boolean
+  sessions: Session[]
+}

package/src/assets/app/components/forms/button-toggle-visibility.tsx ADDED Viewed

@@ -0,0 +1,43 @@
+import { useLingui } from '@lingui/react/macro'
+import { Override } from '../../lib/util.ts'
+import { EyeIcon, EyeSlashIcon } from '../utils/icons.tsx'
+import { Button, ButtonProps } from './button.tsx'
+export type ButtonToggleVisibilityProps = Override<
+  Omit<ButtonProps, 'aria-label' | 'square'>,
+  {
+    visible: boolean
+    toggleVisible: () => void
+  }
+>
+/**
+ * Generic button to toggle visibility of an item (e.g. password).
+ */
+export function ButtonToggleVisibility({
+  visible,
+  toggleVisible,
+  // button
+  onClick,
+  ...props
+}: ButtonToggleVisibilityProps) {
+  const { t } = useLingui()
+  return (
+    <Button
+      {...props}
+      square
+      onClick={(event) => {
+        onClick?.(event)
+        if (!event.defaultPrevented) toggleVisible()
+      }}
+      aria-label={visible ? t`Hide` : t`Make visible`}
+    >
+      {visible ? (
+        <EyeIcon className="w-5" aria-hidden />
+      ) : (
+        <EyeSlashIcon className="w-5" aria-hidden />
+      )}
+    </Button>
+  )
+}