@atproto/oauth-provider 0.6.6 → 0.7.1

package/src/token/token-store.ts

@@ -1,6 +1,6 @@
-import { DeviceAccountInfo } from '../account/account-store.js'
-import { Account } from '../account/account.js'
+import type { Account } from '@atproto/oauth-provider-api'
 import { Awaitable, buildInterfaceChecker } from '../lib/util/type.js'
+import { Sub } from '../oidc/sub.js'
 import { Code } from '../request/code.js'
 import { RefreshToken } from './refresh-token.js'
 import { TokenData } from './token-data.js'
@@ -10,13 +10,12 @@ import { TokenId } from './token-id.js'
 export * from './refresh-token.js'
 export * from './token-data.js'
 export * from './token-id.js'
-export type { Awaitable }
+export type { Account, Awaitable, Sub }
 
 export type TokenInfo = {
   id: TokenId
   data: TokenData
   account: Account
-  info?: DeviceAccountInfo
   currentRefreshToken: null | RefreshToken
 }
 
@@ -53,6 +52,8 @@ export interface TokenStore {
   ): Awaitable<null | TokenInfo>
 
   findTokenByCode(code: Code): Awaitable<null | TokenInfo>
+
+  listAccountTokens(sub: Sub): Awaitable<TokenInfo[]>
 }
 
 export const isTokenStore = buildInterfaceChecker<TokenStore>([
@@ -62,6 +63,7 @@ export const isTokenStore = buildInterfaceChecker<TokenStore>([
   'rotateToken',
   'findTokenByRefreshToken',
   'findTokenByCode',
+  'listAccountTokens',
 ])
 
 export function asTokenStore<V extends Partial<TokenStore>>(

package/src/token/verify-token-claims.ts

@@ -3,7 +3,7 @@ import { InvalidDpopKeyBindingError } from '../errors/invalid-dpop-key-binding-e
 import { InvalidDpopProofError } from '../errors/invalid-dpop-proof-error.js'
 import { asArray } from '../lib/util/cast.js'
 import { InvalidTokenError } from '../oauth-errors.js'
-import { TokenClaims } from './token-claims.js'
+import { SignedTokenPayload } from '../signer/signed-token-payload.js'
 import { TokenId } from './token-id.js'
 
 export type VerifyTokenClaimsOptions = {
@@ -17,7 +17,7 @@ export type VerifyTokenClaimsResult = {
   token: OAuthAccessToken
   tokenId: TokenId
   tokenType: OAuthTokenType
-  claims: TokenClaims
+  claims: SignedTokenPayload
 }
 
 export function verifyTokenClaims(
@@ -25,7 +25,7 @@ export function verifyTokenClaims(
   tokenId: TokenId,
   tokenType: OAuthTokenType,
   dpopJkt: string | null,
-  claims: TokenClaims,
+  claims: SignedTokenPayload,
   options?: VerifyTokenClaimsOptions,
 ): VerifyTokenClaimsResult {
   const dateReference = Date.now()
@@ -56,7 +56,7 @@ export function verifyTokenClaims(
     }
   }
 
-  if (claims.exp && claims.exp * 1000 <= dateReference) {
+  if (claims.exp != null && claims.exp * 1000 <= dateReference) {
     throw new InvalidTokenError(tokenType, `Token expired`)
   }
 

package/src/types/email-otp.ts

@@ -0,0 +1,3 @@
+import { z } from 'zod'
+
+export const emailOtpSchema = z.string().min(1)

package/src/types/email.ts

@@ -0,0 +1,26 @@
+import { isEmailValid } from '@hapi/address'
+import { isDisposableEmail } from 'disposable-email-domains-js'
+import { z } from 'zod'
+
+export const emailSchema = z
+  .string()
+  .email()
+  // @NOTE Internally, `zod` uses a regexp for validating emails.. This
+  // validation strategy *could* be less permissive in some (edge) cases than
+  // `@hapi/address` as the latter uses an algorithm based on the spec. Truth
+  // is, it is kinda hard to know if the set of emails allowed by
+  // `@hapi/address` is covered by the set of emails allowed by `zod`.
+  // Additionally, this could change with future changes in either libraries.
+  //
+  // Because of this uncertainty, and because other part of the Bluesky/ATProto
+  // codebases rely solely on `zod`, this code only allows emails that are valid
+  // according to both libraries ensuring that we never encounter a case where
+  // an email allowed here is in a format that would be rejected by other parts
+  // of our systems.
+  .refine(isEmailValid, {
+    message: 'Invalid email address',
+  })
+  .refine((email) => !isDisposableEmail(email), {
+    message: 'Disposable email addresses are not allowed',
+  })
+  .transform((value) => value.toLowerCase())

package/src/types/handle.ts

@@ -0,0 +1,18 @@
+import { z } from 'zod'
+import { ensureValidHandle, normalizeHandle } from '@atproto/syntax'
+
+export const handleSchema = z
+  .string()
+  // @NOTE: We only check against validity towards ATProto's syntax. Additional
+  // rules may be imposed by the store implementation.
+  .superRefine((value, ctx) => {
+    try {
+      ensureValidHandle(value)
+    } catch (err) {
+      ctx.addIssue({
+        code: z.ZodIssueCode.custom,
+        message: err instanceof Error ? err.message : 'Invalid handle',
+      })
+    }
+  })
+  .transform(normalizeHandle)

package/src/types/invite-code.ts

@@ -0,0 +1,4 @@
+import { z } from 'zod'
+
+export const inviteCodeSchema = z.string().min(1)
+export type InviteCode = z.infer<typeof inviteCodeSchema>

package/src/types/password.ts

@@ -0,0 +1,4 @@
+import { z } from 'zod'
+
+export const oldPasswordSchema = z.string().min(1)
+export const newPasswordSchema = z.string().min(8)

package/tsconfig.build.tsbuildinfo

@@ -0,0 +1 @@
+{"root":["./src/constants.ts","./src/index.ts","./src/oauth-client.ts","./src/oauth-dpop.ts","./src/oauth-errors.ts","./src/oauth-hooks.ts","./src/oauth-middleware.ts","./src/oauth-provider.ts","./src/oauth-store.ts","./src/oauth-verifier.ts","./src/access-token/access-token-mode.ts","./src/account/account-manager.ts","./src/account/account-store.ts","./src/account/sign-in-data.ts","./src/account/sign-up-input.ts","./src/client/client-auth.ts","./src/client/client-data.ts","./src/client/client-id.ts","./src/client/client-info.ts","./src/client/client-manager.ts","./src/client/client-store.ts","./src/client/client-utils.ts","./src/client/client.ts","./src/customization/branding.ts","./src/customization/build-customization-css.ts","./src/customization/build-customization-data.ts","./src/customization/colors.ts","./src/customization/customization.ts","./src/customization/links.ts","./src/device/device-data.ts","./src/device/device-id.ts","./src/device/device-manager.ts","./src/device/device-store.ts","./src/device/session-id.ts","./src/dpop/dpop-manager.ts","./src/dpop/dpop-nonce.ts","./src/errors/access-denied-error.ts","./src/errors/account-selection-required-error.ts","./src/errors/consent-required-error.ts","./src/errors/error-parser.ts","./src/errors/handle-unavailable-error.ts","./src/errors/invalid-authorization-details-error.ts","./src/errors/invalid-client-error.ts","./src/errors/invalid-client-id-error.ts","./src/errors/invalid-client-metadata-error.ts","./src/errors/invalid-dpop-key-binding-error.ts","./src/errors/invalid-dpop-proof-error.ts","./src/errors/invalid-grant-error.ts","./src/errors/invalid-invite-code-error.ts","./src/errors/invalid-parameters-error.ts","./src/errors/invalid-redirect-uri-error.ts","./src/errors/invalid-request-error.ts","./src/errors/invalid-scope-error.ts","./src/errors/invalid-token-error.ts","./src/errors/login-required-error.ts","./src/errors/oauth-error.ts","./src/errors/second-authentication-factor-required-error.ts","./src/errors/unauthorized-client-error.ts","./src/errors/use-dpop-nonce-error.ts","./src/errors/www-authenticate-error.ts","./src/lib/hcaptcha.ts","./src/lib/redis.ts","./src/lib/send-web-page.ts","./src/lib/csp/index.ts","./src/lib/html/build-document.ts","./src/lib/html/escapers.ts","./src/lib/html/html.ts","./src/lib/html/hydration-data.ts","./src/lib/html/index.ts","./src/lib/html/tags.ts","./src/lib/html/util.ts","./src/lib/http/accept.ts","./src/lib/http/context.ts","./src/lib/http/headers.ts","./src/lib/http/index.ts","./src/lib/http/method.ts","./src/lib/http/middleware.ts","./src/lib/http/parser.ts","./src/lib/http/path.ts","./src/lib/http/request.ts","./src/lib/http/response.ts","./src/lib/http/route.ts","./src/lib/http/router.ts","./src/lib/http/security-headers.ts","./src/lib/http/stream.ts","./src/lib/http/types.ts","./src/lib/http/url.ts","./src/lib/util/authorization-header.ts","./src/lib/util/cast.ts","./src/lib/util/color.ts","./src/lib/util/crypto.ts","./src/lib/util/date.ts","./src/lib/util/function.ts","./src/lib/util/hostname.ts","./src/lib/util/locale.ts","./src/lib/util/redirect-uri.ts","./src/lib/util/time.ts","./src/lib/util/type.ts","./src/lib/util/ui8.ts","./src/lib/util/well-known.ts","./src/lib/util/zod-error.ts","./src/metadata/build-metadata.ts","./src/oidc/sub.ts","./src/replay/replay-manager.ts","./src/replay/replay-store-memory.ts","./src/replay/replay-store-redis.ts","./src/replay/replay-store.ts","./src/request/code.ts","./src/request/request-data.ts","./src/request/request-id.ts","./src/request/request-info.ts","./src/request/request-manager.ts","./src/request/request-store-memory.ts","./src/request/request-store-redis.ts","./src/request/request-store.ts","./src/request/request-uri.ts","./src/result/authorization-redirect-parameters.ts","./src/result/authorization-result-authorize-page.ts","./src/result/authorization-result-redirect.ts","./src/router/create-account-page-middleware.ts","./src/router/create-api-middleware.ts","./src/router/create-authorization-page-middleware.ts","./src/router/create-oauth-middleware.ts","./src/router/error-handler.ts","./src/router/middleware-options.ts","./src/router/send-redirect.ts","./src/router/assets/assets-manifest.ts","./src/router/assets/assets.ts","./src/router/assets/csrf.ts","./src/router/assets/send-account-page.ts","./src/router/assets/send-authorization-page.ts","./src/router/assets/send-error-page.ts","./src/signer/api-token-payload.ts","./src/signer/signed-token-payload.ts","./src/signer/signer.ts","./src/token/refresh-token.ts","./src/token/token-data.ts","./src/token/token-id.ts","./src/token/token-manager.ts","./src/token/token-store.ts","./src/token/verify-token-claims.ts","./src/types/email-otp.ts","./src/types/email.ts","./src/types/handle.ts","./src/types/invite-code.ts","./src/types/password.ts"],"version":"5.8.2"}

package/tsconfig.json

@@ -1,4 +1,4 @@
 {
   "include": [],
-  "references": [{ "path": "./tsconfig.backend.json" }]
+  "references": [{ "path": "./tsconfig.build.json" }]
 }

package/dist/access-token/access-token-type.d.ts

@@ -1,6 +0,0 @@
-export declare enum AccessTokenType {
-    auto = "auto",
-    jwt = "jwt",
-    id = "id"
-}
-//# sourceMappingURL=access-token-type.d.ts.map

package/dist/access-token/access-token-type.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"access-token-type.d.ts","sourceRoot":"","sources":["../../src/access-token/access-token-type.ts"],"names":[],"mappings":"AAAA,oBAAY,eAAe;IACzB,IAAI,SAAS;IACb,GAAG,QAAQ;IACX,EAAE,OAAO;CACV"}

package/dist/access-token/access-token-type.js

@@ -1,10 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AccessTokenType = void 0;
-var AccessTokenType;
-(function (AccessTokenType) {
-    AccessTokenType["auto"] = "auto";
-    AccessTokenType["jwt"] = "jwt";
-    AccessTokenType["id"] = "id";
-})(AccessTokenType || (exports.AccessTokenType = AccessTokenType = {}));
-//# sourceMappingURL=access-token-type.js.map

package/dist/access-token/access-token-type.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"access-token-type.js","sourceRoot":"","sources":["../../src/access-token/access-token-type.ts"],"names":[],"mappings":";;;AAAA,IAAY,eAIX;AAJD,WAAY,eAAe;IACzB,gCAAa,CAAA;IACb,8BAAW,CAAA;IACX,4BAAS,CAAA;AACX,CAAC,EAJW,eAAe,+BAAf,eAAe,QAI1B"}

package/dist/account/account.d.ts

@@ -1,2 +0,0 @@
-export type { Account } from '@atproto/oauth-provider-api';
-//# sourceMappingURL=account.d.ts.map

package/dist/account/account.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"account.d.ts","sourceRoot":"","sources":["../../src/account/account.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA"}

package/dist/account/account.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"account.js","sourceRoot":"","sources":["../../src/account/account.ts"],"names":[],"mappings":""}

package/dist/assets/assets-middleware.d.ts

@@ -1,5 +0,0 @@
-import { Middleware } from '../lib/http/index.js';
-export declare const ASSETS_URL_PREFIX = "/@atproto/oauth-provider/~assets/";
-export declare function buildAssetUrl(filename: string): string;
-export declare function authorizeAssetsMiddleware(): Middleware;
-//# sourceMappingURL=assets-middleware.d.ts.map

package/dist/assets/assets-middleware.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"assets-middleware.d.ts","sourceRoot":"","sources":["../../src/assets/assets-middleware.ts"],"names":[],"mappings":"AACA,OAAO,EACL,UAAU,EAIX,MAAM,sBAAsB,CAAA;AAE7B,eAAO,MAAM,iBAAiB,sCAAsC,CAAA;AAEpE,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,wBAAgB,yBAAyB,IAAI,UAAU,CA6BtD"}

package/dist/assets/assets-middleware.js

@@ -1,41 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ASSETS_URL_PREFIX = void 0;
-exports.buildAssetUrl = buildAssetUrl;
-exports.authorizeAssetsMiddleware = authorizeAssetsMiddleware;
-const oauth_provider_ui_1 = require("@atproto/oauth-provider-ui");
-const index_js_1 = require("../lib/http/index.js");
-exports.ASSETS_URL_PREFIX = '/@atproto/oauth-provider/~assets/';
-function buildAssetUrl(filename) {
-    return `${exports.ASSETS_URL_PREFIX}${encodeURIComponent(filename)}`;
-}
-function authorizeAssetsMiddleware() {
-    return async function assetsMiddleware(req, res, next) {
-        if (req.method !== 'GET' && req.method !== 'HEAD')
-            return next();
-        if (!req.url?.startsWith(exports.ASSETS_URL_PREFIX))
-            return next();
-        const filename = req.url.slice(exports.ASSETS_URL_PREFIX.length);
-        if (!filename)
-            return next();
-        const asset = oauth_provider_ui_1.assets.get(filename);
-        if (!asset)
-            return next();
-        try {
-            // Allow "null" (ie. no header) to allow loading assets outside of a
-            // fetch context (not from a web page).
-            (0, index_js_1.validateFetchSite)(req, res, [null, 'none', 'cross-site', 'same-origin']);
-            (0, index_js_1.validateFetchDest)(req, res, [null, 'document', 'style', 'script']);
-        }
-        catch (err) {
-            return next(err);
-        }
-        if (req.headers['if-none-match'] === asset.sha256) {
-            return void res.writeHead(304).end();
-        }
-        res.setHeader('ETag', asset.sha256);
-        res.setHeader('Cache-Control', 'public, max-age=31536000, immutable');
-        (0, index_js_1.writeStream)(res, asset.stream(), { contentType: asset.mime });
-    };
-}
-//# sourceMappingURL=assets-middleware.js.map

package/dist/assets/assets-middleware.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"assets-middleware.js","sourceRoot":"","sources":["../../src/assets/assets-middleware.ts"],"names":[],"mappings":";;;AAUA,sCAEC;AAED,8DA6BC;AA3CD,kEAAmD;AACnD,mDAK6B;AAEhB,QAAA,iBAAiB,GAAG,mCAAmC,CAAA;AAEpE,SAAgB,aAAa,CAAC,QAAgB;IAC5C,OAAO,GAAG,yBAAiB,GAAG,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAA;AAC9D,CAAC;AAED,SAAgB,yBAAyB;IACvC,OAAO,KAAK,UAAU,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QACnD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;YAAE,OAAO,IAAI,EAAE,CAAA;QAChE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,yBAAiB,CAAC;YAAE,OAAO,IAAI,EAAE,CAAA;QAE1D,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,yBAAiB,CAAC,MAAM,CAAC,CAAA;QACxD,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,EAAE,CAAA;QAE5B,MAAM,KAAK,GAAG,0BAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAClC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,EAAE,CAAA;QAEzB,IAAI,CAAC;YACH,oEAAoE;YACpE,uCAAuC;YACvC,IAAA,4BAAiB,EAAC,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC,CAAA;YACxE,IAAA,4BAAiB,EAAC,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAA;QACpE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,GAAG,CAAC,CAAA;QAClB,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;YAClD,OAAO,KAAK,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAA;QACtC,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;QACnC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,qCAAqC,CAAC,CAAA;QAErE,IAAA,sBAAW,EAAC,GAAG,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAA;IAC/D,CAAC,CAAA;AACH,CAAC"}

package/dist/lib/locale.d.ts

@@ -1,15 +0,0 @@
-import { z } from 'zod';
-export declare const localeSchema: z.ZodString;
-export type Locale = z.infer<typeof localeSchema>;
-export declare const multiLangStringSchema: z.ZodIntersection<z.ZodObject<{
-    en: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    en: string;
-}, {
-    en: string;
-}>, z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodUndefined]>>>;
-export type MultiLangString = z.infer<typeof multiLangStringSchema>;
-export declare const AVAILABLE_LOCALES: readonly ["en", "fr"];
-export type AvailableLocale = (typeof AVAILABLE_LOCALES)[number];
-export declare const isAvailableLocale: (v: unknown) => v is AvailableLocale;
-//# sourceMappingURL=locale.d.ts.map

package/dist/lib/locale.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"locale.d.ts","sourceRoot":"","sources":["../../src/lib/locale.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,eAAO,MAAM,YAAY,aAE6B,CAAA;AACtD,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAA;AAEjD,eAAO,MAAM,qBAAqB;;;;;;wEAGjC,CAAA;AACD,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAA;AAEnE,eAAO,MAAM,iBAAiB,uBAIQ,CAAA;AACtC,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAA;AAChE,eAAO,MAAM,iBAAiB,MAAO,OAAO,KAAG,CAAC,IAAI,eACG,CAAA"}

package/dist/lib/locale.js

@@ -1,17 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isAvailableLocale = exports.AVAILABLE_LOCALES = exports.multiLangStringSchema = exports.localeSchema = void 0;
-const zod_1 = require("zod");
-exports.localeSchema = zod_1.z
-    .string()
-    .regex(/^[a-z]{2,3}(-[A-Z]{2})?$/, 'Invalid locale');
-exports.multiLangStringSchema = zod_1.z.intersection(zod_1.z.object({ en: zod_1.z.string() }), // en is required
-zod_1.z.record(exports.localeSchema, zod_1.z.union([zod_1.z.string(), zod_1.z.undefined()])));
-exports.AVAILABLE_LOCALES = [
-    // TODO: Add more in this list as translations are added in the PO files
-    'en',
-    'fr',
-];
-const isAvailableLocale = (v) => exports.AVAILABLE_LOCALES.includes(v);
-exports.isAvailableLocale = isAvailableLocale;
-//# sourceMappingURL=locale.js.map

package/dist/lib/locale.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"locale.js","sourceRoot":"","sources":["../../src/lib/locale.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,EAAE;KACR,KAAK,CAAC,0BAA0B,EAAE,gBAAgB,CAAC,CAAA;AAGzC,QAAA,qBAAqB,GAAG,OAAC,CAAC,YAAY,CACjD,OAAC,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,iBAAiB;AAC/C,OAAC,CAAC,MAAM,CAAC,oBAAY,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAC7D,CAAA;AAGY,QAAA,iBAAiB,GAAG;IAC/B,wEAAwE;IACxE,IAAI;IACJ,IAAI;CACgC,CAAA;AAE/B,MAAM,iBAAiB,GAAG,CAAC,CAAU,EAAwB,EAAE,CACnE,yBAAwC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAA;AAD1C,QAAA,iBAAiB,qBACyB"}

package/dist/output/backend-data.d.ts

@@ -1,4 +0,0 @@
-import { Html } from '../lib/html/index.js';
-export declare function declareBackendData(values: Record<string, unknown>): Html;
-export declare function backendDataGenerator(values: Record<string, unknown>): Generator<Html>;
-//# sourceMappingURL=backend-data.d.ts.map

package/dist/output/backend-data.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"backend-data.d.ts","sourceRoot":"","sources":["../../src/output/backend-data.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAM,MAAM,sBAAsB,CAAA;AAE/C,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAExE;AAED,wBAAiB,oBAAoB,CACnC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,SAAS,CAAC,IAAI,CAAC,CASjB"}

package/dist/output/backend-data.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"backend-data.js","sourceRoot":"","sources":["../../src/output/backend-data.ts"],"names":[],"mappings":";;AAEA,gDAEC;AAED,oDAWC;AAjBD,mDAA+C;AAE/C,SAAgB,kBAAkB,CAAC,MAA+B;IAChE,OAAO,eAAI,CAAC,iBAAiB,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAA;AAC7D,CAAC;AAED,QAAe,CAAC,CAAC,oBAAoB,CACnC,MAA+B;IAE/B,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,MAAM,IAAA,aAAE,EAAA,UAAU,GAAG,KAAK,GAAG,GAAG,CAAA;IAClC,CAAC;IACD,qEAAqE;IACrE,wEAAwE;IACxE,8DAA8D;IAC9D,2DAA2D;IAC3D,MAAM,IAAA,aAAE,EAAA,kCAAkC,CAAA;AAC5C,CAAC"}

package/dist/output/build-authorize-data.d.ts

@@ -1,29 +0,0 @@
-import type { AuthorizeData, Session } from '@atproto/oauth-provider-api';
-import { OAuthAuthorizationRequestParameters } from '@atproto/oauth-types';
-import { DeviceAccountInfo } from '../account/account-store.js';
-import { Account } from '../account/account.js';
-import { Client } from '../client/client.js';
-import { RequestUri } from '../request/request-uri.js';
-export type ScopeDetail = {
-    scope: string;
-    description?: string;
-};
-export type AuthorizationResultAuthorize = {
-    issuer: string;
-    client: Client;
-    parameters: OAuthAuthorizationRequestParameters;
-    authorize: {
-        uri: RequestUri;
-        scopeDetails?: ScopeDetail[];
-        sessions: readonly {
-            account: Account;
-            info: DeviceAccountInfo;
-            selected: boolean;
-            loginRequired: boolean;
-            consentRequired: boolean;
-        }[];
-    };
-};
-export type { AuthorizeData, Session };
-export declare function buildAuthorizeData(data: AuthorizationResultAuthorize): AuthorizeData;
-//# sourceMappingURL=build-authorize-data.d.ts.map

package/dist/output/build-authorize-data.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"build-authorize-data.d.ts","sourceRoot":"","sources":["../../src/output/build-authorize-data.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAA;AACzE,OAAO,EAAE,mCAAmC,EAAE,MAAM,sBAAsB,CAAA;AAC1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAA;AAEtD,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,4BAA4B,GAAG;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,mCAAmC,CAAA;IAC/C,SAAS,EAAE;QACT,GAAG,EAAE,UAAU,CAAA;QACf,YAAY,CAAC,EAAE,WAAW,EAAE,CAAA;QAC5B,QAAQ,EAAE,SAAS;YACjB,OAAO,EAAE,OAAO,CAAA;YAChB,IAAI,EAAE,iBAAiB,CAAA;YAEvB,QAAQ,EAAE,OAAO,CAAA;YACjB,aAAa,EAAE,OAAO,CAAA;YACtB,eAAe,EAAE,OAAO,CAAA;SACzB,EAAE,CAAA;KACJ,CAAA;CACF,CAAA;AAED,YAAY,EAAE,aAAa,EAAE,OAAO,EAAE,CAAA;AAEtC,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,4BAA4B,GACjC,aAAa,CAkBf"}

package/dist/output/build-authorize-data.js

@@ -1,21 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.buildAuthorizeData = buildAuthorizeData;
-function buildAuthorizeData(data) {
-    return {
-        clientId: data.client.id,
-        clientMetadata: data.client.metadata,
-        clientTrusted: data.client.info.isTrusted,
-        requestUri: data.authorize.uri,
-        loginHint: data.parameters.login_hint,
-        newSessionsRequireConsent: data.parameters.prompt === 'consent',
-        scopeDetails: data.authorize.scopeDetails,
-        sessions: data.authorize.sessions.map((session) => ({
-            account: session.account,
-            selected: session.selected,
-            loginRequired: session.loginRequired,
-            consentRequired: session.consentRequired,
-        })),
-    };
-}
-//# sourceMappingURL=build-authorize-data.js.map

package/dist/output/build-authorize-data.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"build-authorize-data.js","sourceRoot":"","sources":["../../src/output/build-authorize-data.ts"],"names":[],"mappings":";;AAgCA,gDAoBC;AApBD,SAAgB,kBAAkB,CAChC,IAAkC;IAElC,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE;QACxB,cAAc,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;QACpC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS;QACzC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG;QAC9B,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,UAAU;QACrC,yBAAyB,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,SAAS;QAC/D,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY;QACzC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CACnC,CAAC,OAAO,EAAW,EAAE,CAAC,CAAC;YACrB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,eAAe,EAAE,OAAO,CAAC,eAAe;SACzC,CAAC,CACH;KACF,CAAA;AACH,CAAC"}

package/dist/output/build-customization-data.d.ts

@@ -1,234 +0,0 @@
-import { z } from 'zod';
-import { CustomizationData } from '@atproto/oauth-provider-api';
-export { type HcaptchaConfig, hcaptchaConfigSchema } from '../lib/hcaptcha.js';
-export declare const colorNames: readonly ["brand", "error", "warning", "success"];
-export declare const colorNameSchema: z.ZodEnum<["brand", "error", "warning", "success"]>;
-export type ColorName = z.infer<typeof colorNameSchema>;
-declare const parsedColorSchema: z.ZodEffects<z.ZodString, RgbColor, string>;
-export type ParsedColor = z.infer<typeof parsedColorSchema>;
-export declare const colorsDefinitionSchema: z.ZodRecord<z.ZodEnum<["brand", "error", "warning", "success"]>, z.ZodOptional<z.ZodEffects<z.ZodString, RgbColor, string>>>;
-export type ColorsDefinition = z.infer<typeof colorsDefinitionSchema>;
-export declare const localizedStringSchema: z.ZodUnion<[z.ZodString, z.ZodIntersection<z.ZodObject<{
-    en: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    en: string;
-}, {
-    en: string;
-}>, z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodUndefined]>>>]>;
-export type LocalizedString = z.infer<typeof localizedStringSchema>;
-export declare const linkRelSchema: z.ZodEffects<z.ZodString, "search" | "expect" | "manifest" | "alternate" | "author" | "canonical" | "dns-prefetch" | "external" | "help" | "icon" | "license" | "me" | "modulepreload" | "next" | "pingback" | "preconnect" | "prefetch" | "preload" | "prerender" | "prev" | "privacy-policy" | "stylesheet" | "terms-of-service", string>;
-export type LinkRel = z.infer<typeof linkRelSchema>;
-export declare const linkDefinitionSchema: z.ZodObject<{
-    title: z.ZodUnion<[z.ZodString, z.ZodIntersection<z.ZodObject<{
-        en: z.ZodString;
-    }, "strip", z.ZodTypeAny, {
-        en: string;
-    }, {
-        en: string;
-    }>, z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodUndefined]>>>]>;
-    href: z.ZodString;
-    rel: z.ZodOptional<z.ZodEffects<z.ZodString, "search" | "expect" | "manifest" | "alternate" | "author" | "canonical" | "dns-prefetch" | "external" | "help" | "icon" | "license" | "me" | "modulepreload" | "next" | "pingback" | "preconnect" | "prefetch" | "preload" | "prerender" | "prev" | "privacy-policy" | "stylesheet" | "terms-of-service", string>>;
-}, "strip", z.ZodTypeAny, {
-    title: string | ({
-        en: string;
-    } & Record<string, string | undefined>);
-    href: string;
-    rel?: "search" | "expect" | "manifest" | "alternate" | "author" | "canonical" | "dns-prefetch" | "external" | "help" | "icon" | "license" | "me" | "modulepreload" | "next" | "pingback" | "preconnect" | "prefetch" | "preload" | "prerender" | "prev" | "privacy-policy" | "stylesheet" | "terms-of-service" | undefined;
-}, {
-    title: string | ({
-        en: string;
-    } & Record<string, string | undefined>);
-    href: string;
-    rel?: string | undefined;
-}>;
-export type LinkDefinition = z.infer<typeof linkDefinitionSchema>;
-/**
- * Aesthetic customization
- */
-export declare const brandingConfigSchema: z.ZodObject<{
-    name: z.ZodOptional<z.ZodString>;
-    logo: z.ZodOptional<z.ZodString>;
-    colors: z.ZodOptional<z.ZodRecord<z.ZodEnum<["brand", "error", "warning", "success"]>, z.ZodOptional<z.ZodEffects<z.ZodString, RgbColor, string>>>>;
-    links: z.ZodOptional<z.ZodArray<z.ZodObject<{
-        title: z.ZodUnion<[z.ZodString, z.ZodIntersection<z.ZodObject<{
-            en: z.ZodString;
-        }, "strip", z.ZodTypeAny, {
-            en: string;
-        }, {
-            en: string;
-        }>, z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodUndefined]>>>]>;
-        href: z.ZodString;
-        rel: z.ZodOptional<z.ZodEffects<z.ZodString, "search" | "expect" | "manifest" | "alternate" | "author" | "canonical" | "dns-prefetch" | "external" | "help" | "icon" | "license" | "me" | "modulepreload" | "next" | "pingback" | "preconnect" | "prefetch" | "preload" | "prerender" | "prev" | "privacy-policy" | "stylesheet" | "terms-of-service", string>>;
-    }, "strip", z.ZodTypeAny, {
-        title: string | ({
-            en: string;
-        } & Record<string, string | undefined>);
-        href: string;
-        rel?: "search" | "expect" | "manifest" | "alternate" | "author" | "canonical" | "dns-prefetch" | "external" | "help" | "icon" | "license" | "me" | "modulepreload" | "next" | "pingback" | "preconnect" | "prefetch" | "preload" | "prerender" | "prev" | "privacy-policy" | "stylesheet" | "terms-of-service" | undefined;
-    }, {
-        title: string | ({
-            en: string;
-        } & Record<string, string | undefined>);
-        href: string;
-        rel?: string | undefined;
-    }>, "many">>;
-}, "strip", z.ZodTypeAny, {
-    name?: string | undefined;
-    logo?: string | undefined;
-    colors?: Partial<Record<"error" | "success" | "warning" | "brand", RgbColor | undefined>> | undefined;
-    links?: {
-        title: string | ({
-            en: string;
-        } & Record<string, string | undefined>);
-        href: string;
-        rel?: "search" | "expect" | "manifest" | "alternate" | "author" | "canonical" | "dns-prefetch" | "external" | "help" | "icon" | "license" | "me" | "modulepreload" | "next" | "pingback" | "preconnect" | "prefetch" | "preload" | "prerender" | "prev" | "privacy-policy" | "stylesheet" | "terms-of-service" | undefined;
-    }[] | undefined;
-}, {
-    name?: string | undefined;
-    logo?: string | undefined;
-    colors?: Partial<Record<"error" | "success" | "warning" | "brand", string | undefined>> | undefined;
-    links?: {
-        title: string | ({
-            en: string;
-        } & Record<string, string | undefined>);
-        href: string;
-        rel?: string | undefined;
-    }[] | undefined;
-}>;
-export type BrandingInput = z.input<typeof brandingConfigSchema>;
-export type Branding = z.infer<typeof brandingConfigSchema>;
-export declare const customizationSchema: z.ZodObject<{
-    /**
-     * Available user domains that can be used to sign up. A non-empty array
-     * is required to enable the sign-up feature.
-     */
-    availableUserDomains: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    /**
-     * UI customizations
-     */
-    branding: z.ZodOptional<z.ZodObject<{
-        name: z.ZodOptional<z.ZodString>;
-        logo: z.ZodOptional<z.ZodString>;
-        colors: z.ZodOptional<z.ZodRecord<z.ZodEnum<["brand", "error", "warning", "success"]>, z.ZodOptional<z.ZodEffects<z.ZodString, RgbColor, string>>>>;
-        links: z.ZodOptional<z.ZodArray<z.ZodObject<{
-            title: z.ZodUnion<[z.ZodString, z.ZodIntersection<z.ZodObject<{
-                en: z.ZodString;
-            }, "strip", z.ZodTypeAny, {
-                en: string;
-            }, {
-                en: string;
-            }>, z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodUndefined]>>>]>;
-            href: z.ZodString;
-            rel: z.ZodOptional<z.ZodEffects<z.ZodString, "search" | "expect" | "manifest" | "alternate" | "author" | "canonical" | "dns-prefetch" | "external" | "help" | "icon" | "license" | "me" | "modulepreload" | "next" | "pingback" | "preconnect" | "prefetch" | "preload" | "prerender" | "prev" | "privacy-policy" | "stylesheet" | "terms-of-service", string>>;
-        }, "strip", z.ZodTypeAny, {
-            title: string | ({
-                en: string;
-            } & Record<string, string | undefined>);
-            href: string;
-            rel?: "search" | "expect" | "manifest" | "alternate" | "author" | "canonical" | "dns-prefetch" | "external" | "help" | "icon" | "license" | "me" | "modulepreload" | "next" | "pingback" | "preconnect" | "prefetch" | "preload" | "prerender" | "prev" | "privacy-policy" | "stylesheet" | "terms-of-service" | undefined;
-        }, {
-            title: string | ({
-                en: string;
-            } & Record<string, string | undefined>);
-            href: string;
-            rel?: string | undefined;
-        }>, "many">>;
-    }, "strip", z.ZodTypeAny, {
-        name?: string | undefined;
-        logo?: string | undefined;
-        colors?: Partial<Record<"error" | "success" | "warning" | "brand", RgbColor | undefined>> | undefined;
-        links?: {
-            title: string | ({
-                en: string;
-            } & Record<string, string | undefined>);
-            href: string;
-            rel?: "search" | "expect" | "manifest" | "alternate" | "author" | "canonical" | "dns-prefetch" | "external" | "help" | "icon" | "license" | "me" | "modulepreload" | "next" | "pingback" | "preconnect" | "prefetch" | "preload" | "prerender" | "prev" | "privacy-policy" | "stylesheet" | "terms-of-service" | undefined;
-        }[] | undefined;
-    }, {
-        name?: string | undefined;
-        logo?: string | undefined;
-        colors?: Partial<Record<"error" | "success" | "warning" | "brand", string | undefined>> | undefined;
-        links?: {
-            title: string | ({
-                en: string;
-            } & Record<string, string | undefined>);
-            href: string;
-            rel?: string | undefined;
-        }[] | undefined;
-    }>>;
-    /**
-     * Is an invite code required to sign up?
-     */
-    inviteCodeRequired: z.ZodOptional<z.ZodBoolean>;
-    /**
-     * Enables hCaptcha during sign-up.
-     */
-    hcaptcha: z.ZodOptional<z.ZodObject<{
-        siteKey: z.ZodString;
-        secretKey: z.ZodString;
-        tokenSalt: z.ZodString;
-        scoreThreshold: z.ZodOptional<z.ZodNumber>;
-    }, "strip", z.ZodTypeAny, {
-        siteKey: string;
-        secretKey: string;
-        tokenSalt: string;
-        scoreThreshold?: number | undefined;
-    }, {
-        siteKey: string;
-        secretKey: string;
-        tokenSalt: string;
-        scoreThreshold?: number | undefined;
-    }>>;
-}, "strip", z.ZodTypeAny, {
-    availableUserDomains?: string[] | undefined;
-    branding?: {
-        name?: string | undefined;
-        logo?: string | undefined;
-        colors?: Partial<Record<"error" | "success" | "warning" | "brand", RgbColor | undefined>> | undefined;
-        links?: {
-            title: string | ({
-                en: string;
-            } & Record<string, string | undefined>);
-            href: string;
-            rel?: "search" | "expect" | "manifest" | "alternate" | "author" | "canonical" | "dns-prefetch" | "external" | "help" | "icon" | "license" | "me" | "modulepreload" | "next" | "pingback" | "preconnect" | "prefetch" | "preload" | "prerender" | "prev" | "privacy-policy" | "stylesheet" | "terms-of-service" | undefined;
-        }[] | undefined;
-    } | undefined;
-    inviteCodeRequired?: boolean | undefined;
-    hcaptcha?: {
-        siteKey: string;
-        secretKey: string;
-        tokenSalt: string;
-        scoreThreshold?: number | undefined;
-    } | undefined;
-}, {
-    availableUserDomains?: string[] | undefined;
-    branding?: {
-        name?: string | undefined;
-        logo?: string | undefined;
-        colors?: Partial<Record<"error" | "success" | "warning" | "brand", string | undefined>> | undefined;
-        links?: {
-            title: string | ({
-                en: string;
-            } & Record<string, string | undefined>);
-            href: string;
-            rel?: string | undefined;
-        }[] | undefined;
-    } | undefined;
-    inviteCodeRequired?: boolean | undefined;
-    hcaptcha?: {
-        siteKey: string;
-        secretKey: string;
-        tokenSalt: string;
-        scoreThreshold?: number | undefined;
-    } | undefined;
-}>;
-export type CustomizationInput = z.input<typeof customizationSchema>;
-export type Customization = z.infer<typeof customizationSchema>;
-export declare function buildCustomizationData({ branding, availableUserDomains, inviteCodeRequired, hcaptcha, }: Customization): CustomizationData;
-export declare function buildCustomizationCss({ branding }: Customization): string;
-type RgbColor = {
-    r: number;
-    g: number;
-    b: number;
-};
-//# sourceMappingURL=build-customization-data.d.ts.map

package/dist/output/build-customization-data.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"build-customization-data.d.ts","sourceRoot":"","sources":["../../src/output/build-customization-data.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAI/D,OAAO,EAAE,KAAK,cAAc,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAA;AAG9E,eAAO,MAAM,UAAU,mDAAoD,CAAA;AAC3E,eAAO,MAAM,eAAe,qDAAqB,CAAA;AACjD,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAA;AAEvD,QAAA,MAAM,iBAAiB,6CAkBrB,CAAA;AACF,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAA;AAE3D,eAAO,MAAM,sBAAsB,8HAGlC,CAAA;AACD,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAA;AAErE,eAAO,MAAM,qBAAqB;;;;;;0EAGhC,CAAA;AACF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAA;AAEnE,eAAO,MAAM,aAAa,6UAAmD,CAAA;AAC7E,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAA;AAEnD,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;EAI/B,CAAA;AACF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AAEjE;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAK/B,CAAA;AACF,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AAChE,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAA;AAE3D,eAAO,MAAM,mBAAmB;IAC9B;;;OAGG;;IAEH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAEH;;OAEG;;IAEH;;OAEG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEH,CAAA;AACF,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AACpE,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAA;AAE/D,wBAAgB,sBAAsB,CAAC,EACrC,QAAQ,EACR,oBAAoB,EACpB,kBAAkB,EAClB,QAAQ,GACT,EAAE,aAAa,GAAG,iBAAiB,CAanC;AAED,wBAAgB,qBAAqB,CAAC,EAAE,QAAQ,EAAE,EAAE,aAAa,UAKhE;AAkBD,KAAK,QAAQ,GAAG;IAAE,CAAC,EAAE,MAAM,CAAC;IAAC,CAAC,EAAE,MAAM,CAAC;IAAC,CAAC,EAAE,MAAM,CAAA;CAAE,CAAA"}