@atproto/oauth-provider 0.6.6 → 0.7.1

package/dist/router/assets/assets-manifest.js

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseAssetsManifest = parseAssetsManifest;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const node_stream_1 = require("node:stream");
+const index_js_1 = require("../../lib/http/index.js");
+const ASSETS_URL_PREFIX = '/@atproto/oauth-provider/~assets/';
+function parseAssetsManifest(manifestPath) {
+    // Using `require` instead of `JSON.parse(readFileSync())` so that node's
+    // watch mode can pick up changes to the manifest file.
+    // eslint-disable-next-line
+    const manifest = require(manifestPath);
+    const assets = new Map(Object.entries(manifest).map(([filename, { data, ...item }]) => {
+        const buffer = data ? Buffer.from(data, 'base64') : null;
+        const filepath = (0, node_path_1.join)(manifestPath, '..', filename);
+        const stream = buffer
+            ? () => node_stream_1.Readable.from(buffer)
+            : () => (0, node_fs_1.createReadStream)(filepath);
+        return [filename, { ...item, stream }];
+    }));
+    const assetsMiddleware = (req, res, next) => {
+        if (req.method !== 'GET' && req.method !== 'HEAD')
+            return next();
+        if (!req.url?.startsWith(ASSETS_URL_PREFIX))
+            return next();
+        const filename = decodeURIComponent(req.url.slice(ASSETS_URL_PREFIX.length));
+        if (!filename)
+            return next();
+        const asset = assets.get(filename);
+        if (!asset)
+            return next();
+        try {
+            // Allow "null" (ie. no header) to allow loading assets outside of a
+            // fetch context (not from a web page).
+            (0, index_js_1.validateFetchSite)(req, [null, 'none', 'cross-site', 'same-origin']);
+            (0, index_js_1.validateFetchDest)(req, [null, 'document', 'style', 'script']);
+        }
+        catch (err) {
+            return next(err);
+        }
+        if (req.headers['if-none-match'] === asset.sha256) {
+            return void res.writeHead(304).end();
+        }
+        res.setHeader('ETag', asset.sha256);
+        res.setHeader('Cache-Control', 'public, max-age=31536000, immutable');
+        (0, index_js_1.writeStream)(res, asset.stream(), { contentType: asset.mime });
+    };
+    return {
+        getAssets,
+        assetsMiddleware,
+    };
+    function getAssets(entryName) {
+        const scripts = getScripts(entryName);
+        if (!scripts.length)
+            return null;
+        const styles = getStyles(entryName);
+        return { scripts, styles };
+    }
+    function getScripts(entryName) {
+        return Array.from(assets)
+            .filter(([, asset]) => asset.type === 'chunk' && asset.isEntry && asset.name === entryName)
+            .map(assetEntryUrl);
+    }
+    function getStyles(_entryName) {
+        return Array.from(assets)
+            .filter(([, asset]) => asset.mime === 'text/css')
+            .map(assetEntryUrl);
+    }
+}
+function assetEntryUrl([filename]) {
+    return { url: assetUrl(filename) };
+}
+function assetUrl(filename) {
+    return `${ASSETS_URL_PREFIX}${encodeURIComponent(filename)}`;
+}
+//# sourceMappingURL=assets-manifest.js.map

package/dist/router/assets/assets-manifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"assets-manifest.js","sourceRoot":"","sources":["../../../src/router/assets/assets-manifest.ts"],"names":[],"mappings":";;AAiCA,kDAyEC;AA1GD,qCAA0C;AAC1C,yCAAgC;AAChC,6CAAsC;AAGtC,sDAKgC;AAqBhC,MAAM,iBAAiB,GAAG,mCAAmC,CAAA;AAE7D,SAAgB,mBAAmB,CAAC,YAAoB;IACtD,yEAAyE;IACzE,uDAAuD;IAEvD,2BAA2B;IAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,CAAa,CAAA;IAElD,MAAM,MAAM,GAAG,IAAI,GAAG,CACpB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,EAAE;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACxD,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,YAAY,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;QACnD,MAAM,MAAM,GAAG,MAAM;YACnB,CAAC,CAAC,GAAG,EAAE,CAAC,sBAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;YAC7B,CAAC,CAAC,GAAG,EAAE,CAAC,IAAA,0BAAgB,EAAC,QAAQ,CAAC,CAAA;QACpC,OAAO,CAAC,QAAQ,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,CAAC,CAAA;IACxC,CAAC,CAAC,CACH,CAAA;IAED,MAAM,gBAAgB,GAAe,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACtD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,EAAE,CAAA;QAChE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,iBAAiB,CAAC;YAAE,OAAO,IAAI,EAAE,CAAA;QAE1D,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAA;QAC5E,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,EAAE,CAAA;QAE5B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAClC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,EAAE,CAAA;QAEzB,IAAI,CAAC;YACH,oEAAoE;YACpE,uCAAuC;YACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAA;YACnE,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC/D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,GAAG,CAAC,CAAA;QAClB,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YAClD,OAAO,KAAK,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;QACtC,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;QACnC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,qCAAqC,CAAC,CAAA;QAErE,IAAA,sBAAW,EAAC,GAAG,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAA;IAED,OAAO;QACL,SAAS;QACT,gBAAgB;KACjB,CAAA;IAED,SAAS,SAAS,CAAC,SAAiB;QAClC,MAAM,OAAO,GAAG,UAAU,CAAC,SAAS,CAAC,CAAA;QACrC,IAAI,CAAC,OAAO,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAChC,MAAM,MAAM,GAAG,SAAS,CAAC,SAAS,CAAC,CAAA;QACnC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;IAC5B,CAAC;IAED,SAAS,UAAU,CAAC,SAAiB;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;aACtB,MAAM,CACL,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CACZ,KAAK,CAAC,IAAI,KAAK,OAAO,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,CACtE;aACA,GAAG,CAAC,aAAa,CAAC,CAAA;IACvB,CAAC;IAED,SAAS,SAAS,CAAC,UAAkB;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;aACtB,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,UAAU,CAAC;aAChD,GAAG,CAAC,aAAa,CAAC,CAAA;IACvB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,CAAC,QAAQ,CAAkB;IAChD,OAAO,EAAE,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAA;AACpC,CAAC;AAED,SAAS,QAAQ,CAAC,QAAgB;IAChC,OAAO,GAAG,iBAAiB,GAAG,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAA;AAC9D,CAAC"}

package/dist/router/assets/assets.d.ts

@@ -0,0 +1,16 @@
+import type { HydrationData as FeHydrationData } from '@atproto/oauth-provider-frontend/hydration-data';
+import type { HydrationData as UiHydrationData } from '@atproto/oauth-provider-ui/hydration-data';
+import { CspConfig } from '../../lib/csp/index.js';
+import { Simplify } from '../../lib/util/type.js';
+export type HydrationData = Simplify<UiHydrationData & FeHydrationData>;
+export declare function getAssets(entryName: keyof HydrationData): {
+    scripts: import("../../lib/html/build-document.js").AssetRef[];
+    styles: import("../../lib/html/build-document.js").AssetRef[];
+};
+export declare const assetsMiddleware: import("../../lib/http/types.js").Middleware;
+export declare const SPA_CSP: CspConfig;
+/**
+ * @see {@link https://docs.hcaptcha.com/#content-security-policy-settings}
+ */
+export declare const HCAPTCHA_CSP: CspConfig;
+//# sourceMappingURL=assets.d.ts.map

package/dist/router/assets/assets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assets.d.ts","sourceRoot":"","sources":["../../../src/router/assets/assets.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,IAAI,eAAe,EAAE,MAAM,iDAAiD,CAAA;AACvG,OAAO,KAAK,EAAE,aAAa,IAAI,eAAe,EAAE,MAAM,2CAA2C,CAAA;AACjG,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAElD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AAiBjD,MAAM,MAAM,aAAa,GAAG,QAAQ,CAAC,eAAe,GAAG,eAAe,CAAC,CAAA;AAEvE,wBAAgB,SAAS,CAAC,SAAS,EAAE,MAAM,aAAa;;;EAMvD;AAED,eAAO,MAAM,gBAAgB,8CAG3B,CAAA;AAEF,eAAO,MAAM,OAAO,EAAE,SAOrB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,YAAY,EAAE,SAK1B,CAAA"}

package/dist/router/assets/assets.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HCAPTCHA_CSP = exports.SPA_CSP = exports.assetsMiddleware = void 0;
+exports.getAssets = getAssets;
+const middleware_js_1 = require("../../lib/http/middleware.js");
+const assets_manifest_js_1 = require("./assets-manifest.js");
+// If the "ui" and "frontend" packages are ever unified, this can be replaced
+// with a single expression:
+//
+// const { getAssets, assetsMiddleware } = parseAssetsManifest(
+//   require.resolve('@atproto/oauth-provider-ui/bundle-manifest.json'),
+// )
+const ui = (0, assets_manifest_js_1.parseAssetsManifest)(require.resolve('@atproto/oauth-provider-ui/bundle-manifest.json'));
+const fe = (0, assets_manifest_js_1.parseAssetsManifest)(require.resolve('@atproto/oauth-provider-frontend/bundle-manifest.json'));
+function getAssets(entryName) {
+    const assetRef = ui.getAssets(entryName) || fe.getAssets(entryName);
+    if (assetRef)
+        return assetRef;
+    // Fool-proof. Should never happen.
+    throw new Error(`Entry "${entryName}" not found in assets`);
+}
+exports.assetsMiddleware = (0, middleware_js_1.combineMiddlewares)([
+    ui.assetsMiddleware,
+    fe.assetsMiddleware,
+]);
+exports.SPA_CSP = {
+    // API calls are made to the same origin
+    'connect-src': ["'self'"],
+    // Allow loading of PDS logo & User avatars
+    'img-src': ['data:', 'https:'],
+    // Prevent embedding in iframes
+    'frame-ancestors': ["'none'"],
+};
+/**
+ * @see {@link https://docs.hcaptcha.com/#content-security-policy-settings}
+ */
+exports.HCAPTCHA_CSP = {
+    'script-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],
+    'frame-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],
+    'style-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],
+    'connect-src': ['https://hcaptcha.com', 'https://*.hcaptcha.com'],
+};
+//# sourceMappingURL=assets.js.map

package/dist/router/assets/assets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"assets.js","sourceRoot":"","sources":["../../../src/router/assets/assets.ts"],"names":[],"mappings":";;;AAuBA,8BAMC;AA1BD,gEAAiE;AAEjE,6DAA0D;AAE1D,6EAA6E;AAC7E,4BAA4B;AAC5B,EAAE;AACF,+DAA+D;AAC/D,wEAAwE;AACxE,IAAI;AAEJ,MAAM,EAAE,GAAG,IAAA,wCAAmB,EAC5B,OAAO,CAAC,OAAO,CAAC,iDAAiD,CAAC,CACnE,CAAA;AACD,MAAM,EAAE,GAAG,IAAA,wCAAmB,EAC5B,OAAO,CAAC,OAAO,CAAC,uDAAuD,CAAC,CACzE,CAAA;AAID,SAAgB,SAAS,CAAC,SAA8B;IACtD,MAAM,QAAQ,GAAG,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC,CAAA;IACnE,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAE7B,mCAAmC;IACnC,MAAM,IAAI,KAAK,CAAC,UAAU,SAAS,uBAAuB,CAAC,CAAA;AAC7D,CAAC;AAEY,QAAA,gBAAgB,GAAG,IAAA,kCAAkB,EAAC;IACjD,EAAE,CAAC,gBAAgB;IACnB,EAAE,CAAC,gBAAgB;CACpB,CAAC,CAAA;AAEW,QAAA,OAAO,GAAc;IAChC,wCAAwC;IACxC,aAAa,EAAE,CAAC,QAAQ,CAAC;IACzB,2CAA2C;IAC3C,SAAS,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC;IAC9B,+BAA+B;IAC/B,iBAAiB,EAAE,CAAC,QAAQ,CAAC;CAC9B,CAAA;AAED;;GAEG;AACU,QAAA,YAAY,GAAc;IACrC,YAAY,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAChE,WAAW,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAC/D,WAAW,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;IAC/D,aAAa,EAAE,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;CAClE,CAAA"}

package/dist/router/assets/csrf.d.ts

@@ -0,0 +1,4 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+export declare function setupCsrfToken(req: IncomingMessage, res: ServerResponse): Promise<string>;
+export declare function validateCsrfToken(req: IncomingMessage, res: ServerResponse): Promise<void>;
+//# sourceMappingURL=csrf.d.ts.map

package/dist/router/assets/csrf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.d.ts","sourceRoot":"","sources":["../../../src/router/assets/csrf.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAuBhE,wBAAsB,cAAc,CAClC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,MAAM,CAAC,CAOjB;AAED,wBAAsB,iBAAiB,CACrC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,iBAQpB"}

package/dist/router/assets/csrf.js

@@ -0,0 +1,51 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setupCsrfToken = setupCsrfToken;
+exports.validateCsrfToken = validateCsrfToken;
+const http_errors_1 = __importDefault(require("http-errors"));
+const oauth_provider_api_1 = require("@atproto/oauth-provider-api");
+const index_js_1 = require("../../lib/http/index.js");
+const crypto_js_1 = require("../../lib/util/crypto.js");
+const TOKEN_BYTE_LENGTH = 12;
+const TOKEN_LENGTH = TOKEN_BYTE_LENGTH * 2; // 2 hex chars per byte
+// @NOTE Cookie based CSRF protection is redundant with session cookies using
+// `SameSite` and could probably be removed in the future.
+const CSRF_COOKIE_OPTIONS = {
+    expires: undefined, // "session" cookie
+    secure: true,
+    httpOnly: false, // Need to be accessible from JavaScript
+    sameSite: 'lax',
+    path: `/`,
+};
+async function setupCsrfToken(req, res) {
+    const token = getCookieCsrf(req) || (await (0, crypto_js_1.randomHexId)(TOKEN_BYTE_LENGTH));
+    // Refresh cookie (See Chrome's "Lax+POST" behavior)
+    (0, index_js_1.setCookie)(res, oauth_provider_api_1.CSRF_COOKIE_NAME, token, CSRF_COOKIE_OPTIONS);
+    return token;
+}
+async function validateCsrfToken(req, res) {
+    const cookieValue = await setupCsrfToken(req, res);
+    const headerValue = getHeadersCsrf(req);
+    if (cookieValue !== headerValue) {
+        throw (0, http_errors_1.default)(400, `CSRF mismatch`);
+    }
+}
+function getCookieCsrf(req) {
+    const cookies = (0, index_js_1.parseHttpCookies)(req);
+    const cookieValue = cookies[oauth_provider_api_1.CSRF_COOKIE_NAME];
+    if (cookieValue?.length === TOKEN_LENGTH) {
+        return cookieValue;
+    }
+    return undefined;
+}
+function getHeadersCsrf(req) {
+    const headerValue = req.headers[oauth_provider_api_1.CSRF_HEADER_NAME];
+    if (typeof headerValue === 'string' && headerValue.length === TOKEN_LENGTH) {
+        return headerValue;
+    }
+    return undefined;
+}
+//# sourceMappingURL=csrf.js.map

package/dist/router/assets/csrf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../../../src/router/assets/csrf.ts"],"names":[],"mappings":";;;;;AAuBA,wCAUC;AAED,8CAUC;AA5CD,8DAAyC;AACzC,oEAAgF;AAChF,sDAIgC;AAChC,wDAAsD;AAEtD,MAAM,iBAAiB,GAAG,EAAE,CAAA;AAC5B,MAAM,YAAY,GAAG,iBAAiB,GAAG,CAAC,CAAA,CAAC,uBAAuB;AAElE,6EAA6E;AAC7E,0DAA0D;AAC1D,MAAM,mBAAmB,GAAqC;IAC5D,OAAO,EAAE,SAAS,EAAE,mBAAmB;IACvC,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,KAAK,EAAE,wCAAwC;IACzD,QAAQ,EAAE,KAAK;IACf,IAAI,EAAE,GAAG;CACV,CAAA;AAEM,KAAK,UAAU,cAAc,CAClC,GAAoB,EACpB,GAAmB;IAEnB,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,IAAA,uBAAW,EAAC,iBAAiB,CAAC,CAAC,CAAA;IAE1E,oDAAoD;IACpD,IAAA,oBAAS,EAAC,GAAG,EAAE,qCAAgB,EAAE,KAAK,EAAE,mBAAmB,CAAC,CAAA;IAE5D,OAAO,KAAK,CAAA;AACd,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB;IAEnB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IAClD,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;IAEvC,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,IAAA,qBAAe,EAAC,GAAG,EAAE,eAAe,CAAC,CAAA;IAC7C,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,GAAoB;IACzC,MAAM,OAAO,GAAG,IAAA,2BAAgB,EAAC,GAAG,CAAC,CAAA;IACrC,MAAM,WAAW,GAAG,OAAO,CAAC,qCAAgB,CAAC,CAAA;IAC7C,IAAI,WAAW,EAAE,MAAM,KAAK,YAAY,EAAE,CAAC;QACzC,OAAO,WAAW,CAAA;IACpB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,GAAoB;IAC1C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,qCAAgB,CAAC,CAAA;IACjD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QAC3E,OAAO,WAAW,CAAA;IACpB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC"}

package/dist/router/assets/send-account-page.d.ts

@@ -0,0 +1,7 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import type { ActiveDeviceSession } from '@atproto/oauth-provider-api';
+import { Customization } from '../../customization/customization.js';
+export declare function sendAccountPageFactory(customization: Customization): (req: IncomingMessage, res: ServerResponse, data: {
+    deviceSessions: readonly ActiveDeviceSession[];
+}) => Promise<void>;
+//# sourceMappingURL=send-account-page.d.ts.map

package/dist/router/assets/send-account-page.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"send-account-page.d.ts","sourceRoot":"","sources":["../../../src/router/assets/send-account-page.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAChE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAA;AAGtE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAA;AASpE,wBAAgB,sBAAsB,CAAC,aAAa,EAAE,aAAa,IAO/D,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,MAAM;IACJ,cAAc,EAAE,SAAS,mBAAmB,EAAE,CAAA;CAC/C,KACA,OAAO,CAAC,IAAI,CAAC,CAiBjB"}

package/dist/router/assets/send-account-page.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sendAccountPageFactory = sendAccountPageFactory;
+const build_customization_css_js_1 = require("../../customization/build-customization-css.js");
+const build_customization_data_js_1 = require("../../customization/build-customization-data.js");
+const hydration_data_js_1 = require("../../lib/html/hydration-data.js");
+const index_js_1 = require("../../lib/html/index.js");
+const tags_js_1 = require("../../lib/html/tags.js");
+const security_headers_js_1 = require("../../lib/http/security-headers.js");
+const send_web_page_js_1 = require("../../lib/send-web-page.js");
+const assets_js_1 = require("./assets.js");
+const csrf_js_1 = require("./csrf.js");
+function sendAccountPageFactory(customization) {
+    // Pre-computed options:
+    const customizationData = (0, build_customization_data_js_1.buildCustomizationData)(customization);
+    const customizationCss = (0, index_js_1.cssCode)((0, build_customization_css_js_1.buildCustomizationCss)(customization));
+    const { scripts, styles } = (0, assets_js_1.getAssets)('account-page');
+    return async function sendAccountPage(req, res, data) {
+        await (0, csrf_js_1.setupCsrfToken)(req, res);
+        const script = (0, hydration_data_js_1.declareHydrationData)({
+            __customizationData: customizationData,
+            __deviceSessions: data.deviceSessions,
+        });
+        return (0, send_web_page_js_1.sendWebPage)(res, {
+            meta: [{ name: 'robots', content: 'noindex' }],
+            body: (0, tags_js_1.html) `<div id="root"></div>`,
+            csp: assets_js_1.SPA_CSP,
+            coep: security_headers_js_1.CrossOriginEmbedderPolicy.credentialless,
+            scripts: [script, ...scripts],
+            styles: [...styles, customizationCss],
+        });
+    };
+}
+//# sourceMappingURL=send-account-page.js.map

package/dist/router/assets/send-account-page.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"send-account-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-account-page.ts"],"names":[],"mappings":";;AAaA,wDA6BC;AAxCD,+FAAsF;AACtF,iGAAwF;AAExF,wEAAuE;AACvE,sDAAiD;AACjD,oDAA6C;AAC7C,4EAA8E;AAC9E,iEAAwD;AACxD,2CAA+D;AAC/D,uCAA0C;AAE1C,SAAgB,sBAAsB,CAAC,aAA4B;IACjE,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,cAAc,CAAC,CAAA;IAErD,OAAO,KAAK,UAAU,eAAe,CACnC,GAAoB,EACpB,GAAmB,EACnB,IAEC;QAED,MAAM,IAAA,wBAAc,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAAgC;YACjE,mBAAmB,EAAE,iBAAiB;YACtC,gBAAgB,EAAE,IAAI,CAAC,cAAc;SACtC,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,cAAI,EAAA,uBAAuB;YACjC,GAAG,EAAE,mBAAO;YACZ,IAAI,EAAE,+CAAyB,CAAC,cAAc;YAC9C,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}

package/dist/router/assets/send-authorization-page.d.ts

@@ -0,0 +1,5 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import { Customization } from '../../customization/customization.js';
+import { AuthorizationResultAuthorizePage } from '../../result/authorization-result-authorize-page.js';
+export declare function sendAuthorizePageFactory(customization: Customization): (req: IncomingMessage, res: ServerResponse, data: AuthorizationResultAuthorizePage) => Promise<void>;
+//# sourceMappingURL=send-authorization-page.d.ts.map

package/dist/router/assets/send-authorization-page.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"send-authorization-page.d.ts","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAGhE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAA;AAMpE,OAAO,EAAE,gCAAgC,EAAE,MAAM,qDAAqD,CAAA;AAItG,wBAAgB,wBAAwB,CAAC,aAAa,EAAE,aAAa,IAgBjE,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,MAAM,gCAAgC,KACrC,OAAO,CAAC,IAAI,CAAC,CA6BjB"}

package/dist/router/assets/send-authorization-page.js

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sendAuthorizePageFactory = sendAuthorizePageFactory;
+const build_customization_css_js_1 = require("../../customization/build-customization-css.js");
+const build_customization_data_js_1 = require("../../customization/build-customization-data.js");
+const index_js_1 = require("../../lib/csp/index.js");
+const hydration_data_js_1 = require("../../lib/html/hydration-data.js");
+const index_js_2 = require("../../lib/html/index.js");
+const security_headers_js_1 = require("../../lib/http/security-headers.js");
+const send_web_page_js_1 = require("../../lib/send-web-page.js");
+const assets_js_1 = require("./assets.js");
+const csrf_js_1 = require("./csrf.js");
+function sendAuthorizePageFactory(customization) {
+    // Pre-computed options:
+    const customizationData = (0, build_customization_data_js_1.buildCustomizationData)(customization);
+    const customizationCss = (0, index_js_2.cssCode)((0, build_customization_css_js_1.buildCustomizationCss)(customization));
+    const { scripts, styles } = (0, assets_js_1.getAssets)('authorization-page');
+    const csp = (0, index_js_1.mergeCsp)(assets_js_1.SPA_CSP, customization?.hcaptcha ? assets_js_1.HCAPTCHA_CSP : undefined);
+    const coep = customization?.hcaptcha
+        ? // https://github.com/hCaptcha/react-hcaptcha/issues/259
+            // @TODO Remove the use of `unsafeNone` once the issue above is resolved
+            security_headers_js_1.CrossOriginEmbedderPolicy.unsafeNone
+        : security_headers_js_1.CrossOriginEmbedderPolicy.credentialless;
+    return async function sendAuthorizePage(req, res, data) {
+        await (0, csrf_js_1.setupCsrfToken)(req, res);
+        const script = (0, hydration_data_js_1.declareHydrationData)({
+            __customizationData: customizationData,
+            __authorizeData: {
+                requestUri: data.uri,
+                clientId: data.client.id,
+                clientMetadata: data.client.metadata,
+                clientTrusted: data.client.info.isTrusted,
+                scopeDetails: data.scopeDetails,
+                uiLocales: data.parameters.ui_locales,
+                loginHint: data.parameters.login_hint,
+            },
+            __sessions: data.sessions,
+        });
+        return (0, send_web_page_js_1.sendWebPage)(res, {
+            meta: [{ name: 'robots', content: 'noindex' }],
+            body: (0, index_js_2.html) `<div id="root"></div>`,
+            csp,
+            coep,
+            scripts: [script, ...scripts],
+            styles: [...styles, customizationCss],
+        });
+    };
+}
+//# sourceMappingURL=send-authorization-page.js.map

package/dist/router/assets/send-authorization-page.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"send-authorization-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-authorization-page.ts"],"names":[],"mappings":";;AAaA,4DAgDC;AA5DD,+FAAsF;AACtF,iGAAwF;AAExF,qDAAiD;AACjD,wEAAuE;AACvE,sDAAuD;AACvD,4EAA8E;AAC9E,iEAAwD;AAExD,2CAA6E;AAC7E,uCAA0C;AAE1C,SAAgB,wBAAwB,CAAC,aAA4B;IACnE,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,oBAAoB,CAAC,CAAA;IAC3D,MAAM,GAAG,GAAG,IAAA,mBAAQ,EAClB,mBAAO,EACP,aAAa,EAAE,QAAQ,CAAC,CAAC,CAAC,wBAAY,CAAC,CAAC,CAAC,SAAS,CACnD,CAAA;IACD,MAAM,IAAI,GAAG,aAAa,EAAE,QAAQ;QAClC,CAAC,CAAC,wDAAwD;YACxD,wEAAwE;YACxE,+CAAyB,CAAC,UAAU;QACtC,CAAC,CAAC,+CAAyB,CAAC,cAAc,CAAA;IAE5C,OAAO,KAAK,UAAU,iBAAiB,CACrC,GAAoB,EACpB,GAAmB,EACnB,IAAsC;QAEtC,MAAM,IAAA,wBAAc,EAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAAsC;YACvE,mBAAmB,EAAE,iBAAiB;YACtC,eAAe,EAAE;gBACf,UAAU,EAAE,IAAI,CAAC,GAAG;gBAEpB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;gBACxB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBACpC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;gBAEzC,YAAY,EAAE,IAAI,CAAC,YAAY;gBAE/B,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;gBACrC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;aACtC;YACD,UAAU,EAAE,IAAI,CAAC,QAAQ;SAC1B,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,eAAI,EAAA,uBAAuB;YACjC,GAAG;YACH,IAAI;YACJ,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}

package/dist/router/assets/send-error-page.d.ts

@@ -0,0 +1,4 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import { Customization } from '../../customization/customization.js';
+export declare function sendErrorPageFactory(customization: Customization): (req: IncomingMessage, res: ServerResponse, err: unknown) => void;
+//# sourceMappingURL=send-error-page.d.ts.map

package/dist/router/assets/send-error-page.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"send-error-page.d.ts","sourceRoot":"","sources":["../../../src/router/assets/send-error-page.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAGhE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAA;AAYpE,wBAAgB,oBAAoB,CAAC,aAAa,EAAE,aAAa,IAO7D,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,OAAO,KACX,IAAI,CAgBR"}

package/dist/router/assets/send-error-page.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sendErrorPageFactory = sendErrorPageFactory;
+const build_customization_css_js_1 = require("../../customization/build-customization-css.js");
+const build_customization_data_js_1 = require("../../customization/build-customization-data.js");
+const error_parser_js_1 = require("../../errors/error-parser.js");
+const hydration_data_js_1 = require("../../lib/html/hydration-data.js");
+const index_js_1 = require("../../lib/html/index.js");
+const tags_js_1 = require("../../lib/html/tags.js");
+const security_headers_js_1 = require("../../lib/http/security-headers.js");
+const send_web_page_js_1 = require("../../lib/send-web-page.js");
+const assets_js_1 = require("./assets.js");
+function sendErrorPageFactory(customization) {
+    // Pre-computed options:
+    const customizationData = (0, build_customization_data_js_1.buildCustomizationData)(customization);
+    const customizationCss = (0, index_js_1.cssCode)((0, build_customization_css_js_1.buildCustomizationCss)(customization));
+    const { scripts, styles } = (0, assets_js_1.getAssets)('error-page');
+    return function sendErrorPage(req, res, err) {
+        const script = (0, hydration_data_js_1.declareHydrationData)({
+            __customizationData: customizationData,
+            __errorData: (0, error_parser_js_1.buildErrorPayload)(err),
+        });
+        return (0, send_web_page_js_1.sendWebPage)(res, {
+            status: (0, error_parser_js_1.buildErrorStatus)(err),
+            meta: [{ name: 'robots', content: 'noindex' }],
+            body: (0, tags_js_1.html) `<div id="root"></div>`,
+            csp: assets_js_1.SPA_CSP,
+            coep: security_headers_js_1.CrossOriginEmbedderPolicy.credentialless,
+            scripts: [script, ...scripts],
+            styles: [...styles, customizationCss],
+        });
+    };
+}
+//# sourceMappingURL=send-error-page.js.map

package/dist/router/assets/send-error-page.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"send-error-page.js","sourceRoot":"","sources":["../../../src/router/assets/send-error-page.ts"],"names":[],"mappings":";;AAeA,oDA0BC;AAxCD,+FAAsF;AACtF,iGAAwF;AAExF,kEAGqC;AACrC,wEAAuE;AACvE,sDAAiD;AACjD,oDAA6C;AAC7C,4EAA8E;AAC9E,iEAAwD;AACxD,2CAA+D;AAE/D,SAAgB,oBAAoB,CAAC,aAA4B;IAC/D,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,IAAA,oDAAsB,EAAC,aAAa,CAAC,CAAA;IAC/D,MAAM,gBAAgB,GAAG,IAAA,kBAAO,EAAC,IAAA,kDAAqB,EAAC,aAAa,CAAC,CAAC,CAAA;IACtE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAA,qBAAS,EAAC,YAAY,CAAC,CAAA;IAEnD,OAAO,SAAS,aAAa,CAC3B,GAAoB,EACpB,GAAmB,EACnB,GAAY;QAEZ,MAAM,MAAM,GAAG,IAAA,wCAAoB,EAA8B;YAC/D,mBAAmB,EAAE,iBAAiB;YACtC,WAAW,EAAE,IAAA,mCAAiB,EAAC,GAAG,CAAC;SACpC,CAAC,CAAA;QAEF,OAAO,IAAA,8BAAW,EAAC,GAAG,EAAE;YACtB,MAAM,EAAE,IAAA,kCAAgB,EAAC,GAAG,CAAC;YAC7B,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;YAC9C,IAAI,EAAE,IAAA,cAAI,EAAA,uBAAuB;YACjC,GAAG,EAAE,mBAAO;YACZ,IAAI,EAAE,+CAAyB,CAAC,cAAc;YAC9C,OAAO,EAAE,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC;YAC7B,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,gBAAgB,CAAC;SACtC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC"}

package/dist/router/create-account-page-middleware.d.ts

@@ -0,0 +1,6 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import { Middleware } from '../lib/http/index.js';
+import type { OAuthProvider } from '../oauth-provider.js';
+import type { MiddlewareOptions } from './middleware-options.js';
+export declare function createAccountPageMiddleware<Ctx extends object | void = void, Req extends IncomingMessage = IncomingMessage, Res extends ServerResponse = ServerResponse>(server: OAuthProvider, { onError }: MiddlewareOptions<Req, Res>): Middleware<Ctx, Req, Res>;
+//# sourceMappingURL=create-account-page-middleware.d.ts.map

package/dist/router/create-account-page-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-account-page-middleware.d.ts","sourceRoot":"","sources":["../../src/router/create-account-page-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAEhE,OAAO,EACL,UAAU,EAKX,MAAM,sBAAsB,CAAA;AAC7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAGzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAEhE,wBAAgB,2BAA2B,CACzC,GAAG,SAAS,MAAM,GAAG,IAAI,GAAG,IAAI,EAChC,GAAG,SAAS,eAAe,GAAG,eAAe,EAC7C,GAAG,SAAS,cAAc,GAAG,cAAc,EAE3C,MAAM,EAAE,aAAa,EACrB,EAAE,OAAO,EAAE,EAAE,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,GACvC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CA+C3B"}

package/dist/router/create-account-page-middleware.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAccountPageMiddleware = createAccountPageMiddleware;
+const index_js_1 = require("../lib/http/index.js");
+const send_account_page_js_1 = require("./assets/send-account-page.js");
+const send_error_page_js_1 = require("./assets/send-error-page.js");
+function createAccountPageMiddleware(server, { onError }) {
+    const sendAccountPage = (0, send_account_page_js_1.sendAccountPageFactory)(server.customization);
+    const sendErrorPage = (0, send_error_page_js_1.sendErrorPageFactory)(server.customization);
+    const issuerUrl = new URL(server.issuer);
+    const issuerOrigin = issuerUrl.origin;
+    const router = new index_js_1.Router(issuerUrl);
+    router.get(/^\/account(?:\/.*)?$/, async function (req, res) {
+        try {
+            res.setHeader('Referrer-Policy', 'same-origin');
+            res.setHeader('Cache-Control', 'no-store');
+            res.setHeader('Pragma', 'no-cache');
+            (0, index_js_1.validateFetchMode)(req, ['navigate']);
+            (0, index_js_1.validateFetchDest)(req, ['document']);
+            (0, index_js_1.validateOrigin)(req, issuerOrigin);
+            const { deviceId } = await server.deviceManager.load(req, res);
+            const deviceAccounts = await server.accountManager.listDeviceAccounts(deviceId);
+            sendAccountPage(req, res, {
+                deviceSessions: deviceAccounts.map((deviceAccount) => ({
+                    account: deviceAccount.account,
+                    loginRequired: server.checkLoginRequired(deviceAccount),
+                })),
+            });
+        }
+        catch (err) {
+            onError?.(req, res, err, `Failed to handle navigation request to "${req.url}"`);
+            if (!res.headersSent) {
+                sendErrorPage(req, res, err);
+            }
+        }
+    });
+    return router.buildMiddleware();
+}
+//# sourceMappingURL=create-account-page-middleware.js.map

package/dist/router/create-account-page-middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-account-page-middleware.js","sourceRoot":"","sources":["../../src/router/create-account-page-middleware.ts"],"names":[],"mappings":";;AAcA,kEAsDC;AAlED,mDAM6B;AAE7B,wEAAsE;AACtE,oEAAkE;AAGlE,SAAgB,2BAA2B,CAKzC,MAAqB,EACrB,EAAE,OAAO,EAA+B;IAExC,MAAM,eAAe,GAAG,IAAA,6CAAsB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IACpE,MAAM,aAAa,GAAG,IAAA,yCAAoB,EAAC,MAAM,CAAC,aAAa,CAAC,CAAA;IAEhE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAA;IAErC,MAAM,MAAM,GAAG,IAAI,iBAAM,CAAgB,SAAS,CAAC,CAAA;IAEnD,MAAM,CAAC,GAAG,CAAQ,sBAAsB,EAAE,KAAK,WAAW,GAAG,EAAE,GAAG;QAChE,IAAI,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAA;YAE/C,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;YAC1C,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;YAEnC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,4BAAiB,EAAC,GAAG,EAAE,CAAC,UAAU,CAAC,CAAC,CAAA;YACpC,IAAA,yBAAc,EAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YAEjC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9D,MAAM,cAAc,GAClB,MAAM,MAAM,CAAC,cAAc,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAA;YAE1D,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE;gBACxB,cAAc,EAAE,cAAc,CAAC,GAAG,CAChC,CAAC,aAAa,EAAuB,EAAE,CAAC,CAAC;oBACvC,OAAO,EAAE,aAAa,CAAC,OAAO;oBAC9B,aAAa,EAAE,MAAM,CAAC,kBAAkB,CAAC,aAAa,CAAC;iBACxD,CAAC,CACH;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,CACP,GAAG,EACH,GAAG,EACH,GAAG,EACH,2CAA2C,GAAG,CAAC,GAAG,GAAG,CACtD,CAAA;YAED,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAC,eAAe,EAAE,CAAA;AACjC,CAAC"}

package/dist/router/create-api-middleware.d.ts

@@ -0,0 +1,8 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import { Middleware } from '../lib/http/index.js';
+import type { OAuthProvider } from '../oauth-provider.js';
+import type { MiddlewareOptions } from './middleware-options.js';
+import { OAuthRedirectOptions } from './send-redirect.js';
+export declare function createApiMiddleware<Ctx extends object | void = void, Req extends IncomingMessage = IncomingMessage, Res extends ServerResponse = ServerResponse>(server: OAuthProvider, { onError }: MiddlewareOptions<Req, Res>): Middleware<Ctx, Req, Res>;
+export declare function parseRedirectUrl(url: URL): OAuthRedirectOptions;
+//# sourceMappingURL=create-api-middleware.d.ts.map

package/dist/router/create-api-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-api-middleware.d.ts","sourceRoot":"","sources":["../../src/router/create-api-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AA0BhE,OAAO,EACL,UAAU,EAYX,MAAM,sBAAsB,CAAA;AAK7B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAUzD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAChE,OAAO,EAEL,oBAAoB,EAMrB,MAAM,oBAAoB,CAAA;AAI3B,wBAAgB,mBAAmB,CACjC,GAAG,SAAS,MAAM,GAAG,IAAI,GAAG,IAAI,EAChC,GAAG,SAAS,eAAe,GAAG,eAAe,EAC7C,GAAG,SAAS,cAAc,GAAG,cAAc,EAE3C,MAAM,EAAE,aAAa,EACrB,EAAE,OAAO,EAAE,EAAE,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,GACvC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAoqB3B;AAmBD,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,GAAG,GAAG,oBAAoB,CA4C/D"}