@atproto/oauth-scopes 0.4.0 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +21 -0
- package/dist/lib/nsid.d.ts.map +1 -1
- package/dist/lib/parser.d.ts.map +1 -1
- package/dist/lib/parser.js.map +1 -1
- package/dist/lib/syntax-lexicon.d.ts +1 -1
- package/dist/lib/syntax-lexicon.d.ts.map +1 -1
- package/dist/lib/syntax-lexicon.js.map +1 -1
- package/dist/lib/syntax-string.d.ts.map +1 -1
- package/dist/lib/syntax-string.js.map +1 -1
- package/dist/lib/util.d.ts.map +1 -1
- package/dist/scope-missing-error.d.ts.map +1 -1
- package/dist/scope-permissions-transition.d.ts.map +1 -1
- package/dist/scope-permissions.d.ts.map +1 -1
- package/dist/scopes/account-permission.d.ts +1 -1
- package/dist/scopes/account-permission.d.ts.map +1 -1
- package/dist/scopes/account-permission.js.map +1 -1
- package/dist/scopes/blob-permission.d.ts +1 -1
- package/dist/scopes/blob-permission.d.ts.map +1 -1
- package/dist/scopes/blob-permission.js.map +1 -1
- package/dist/scopes/identity-permission.d.ts.map +1 -1
- package/dist/scopes/identity-permission.js.map +1 -1
- package/dist/scopes/include-scope.d.ts +4 -5
- package/dist/scopes/include-scope.d.ts.map +1 -1
- package/dist/scopes/include-scope.js +2 -3
- package/dist/scopes/include-scope.js.map +1 -1
- package/dist/scopes/repo-permission.d.ts +4 -4
- package/dist/scopes/repo-permission.d.ts.map +1 -1
- package/dist/scopes/repo-permission.js.map +1 -1
- package/dist/scopes/rpc-permission.d.ts +7 -7
- package/dist/scopes/rpc-permission.d.ts.map +1 -1
- package/dist/scopes/rpc-permission.js +3 -3
- package/dist/scopes/rpc-permission.js.map +1 -1
- package/dist/scopes-set.d.ts.map +1 -1
- package/package.json +5 -6
- package/src/scope-permissions.test.ts +36 -0
- package/src/scopes/include-scope.ts +7 -4
- package/src/scopes/rpc-permission.ts +12 -7
- package/tsconfig.build.json +2 -2
- package/tsconfig.build.tsbuildinfo +1 -1
- package/tsconfig.json +2 -2
- package/tsconfig.tests.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,26 @@
|
|
|
1
1
|
# @atproto/oauth-scopes
|
|
2
2
|
|
|
3
|
+
## 0.5.1
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- [#4967](https://github.com/bluesky-social/atproto/pull/4967) [`9fc720c`](https://github.com/bluesky-social/atproto/commit/9fc720ce75f3ee88a5e48a9be919b07c7647f6f5) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Use TypeScript 7 to build package
|
|
8
|
+
|
|
9
|
+
- Updated dependencies [[`9fc720c`](https://github.com/bluesky-social/atproto/commit/9fc720ce75f3ee88a5e48a9be919b07c7647f6f5)]:
|
|
10
|
+
- @atproto/syntax@0.6.2
|
|
11
|
+
- @atproto/did@0.5.1
|
|
12
|
+
|
|
13
|
+
## 0.5.0
|
|
14
|
+
|
|
15
|
+
### Minor Changes
|
|
16
|
+
|
|
17
|
+
- [#4992](https://github.com/bluesky-social/atproto/pull/4992) [`622d365`](https://github.com/bluesky-social/atproto/commit/622d365aeb240133f40763a3b1c43981112837fc) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Remove the `AtprotoAudience` and `isAtprotoAudience` re-exports. They are superseded by `AtprotoDidRefAbsolute` and `isAtprotoDidRefAbsolute`, also re-exported from this package.
|
|
18
|
+
|
|
19
|
+
### Patch Changes
|
|
20
|
+
|
|
21
|
+
- Updated dependencies [[`622d365`](https://github.com/bluesky-social/atproto/commit/622d365aeb240133f40763a3b1c43981112837fc)]:
|
|
22
|
+
- @atproto/did@0.5.0
|
|
23
|
+
|
|
3
24
|
## 0.4.0
|
|
4
25
|
|
|
5
26
|
### Minor Changes
|
package/dist/lib/nsid.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nsid.d.ts","sourceRoot":"","sources":["../../src/lib/nsid.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,IAAI,GAAG,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,CAAA;AAClD,eAAO,MAAM,MAAM,
|
|
1
|
+
{"version":3,"file":"nsid.d.ts","sourceRoot":"","sources":["../../src/lib/nsid.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,IAAI,GAAG,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM,EAAE,CAAA;AAClD,eAAO,MAAM,MAAM,MAAO,OAAO,KAAG,CAAC,IAAI,IACA,CAAA"}
|
package/dist/lib/parser.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/lib/parser.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAEhE,KAAK,mBAAmB,CAAC,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,KAAK,OAAO,IAC/D,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,UAAU,KAAK,KAAK,IAAI,MAAM,CAAC,SAAS,UAAU,CAAC,GAClE,CAAC,GACD,UAAU,CAAA;AAEhB,KAAK,YAAY,GAAG,MAAM,CACxB,MAAM,EACJ;IACE,QAAQ,EAAE,KAAK,CAAA;IACf,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,CAAC,EAAE,UAAU,CAAA;IACpB,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,UAAU,CAAA;IAC7C,QAAQ,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,OAAO,CAAA;CACzC,GACD;IACE,QAAQ,EAAE,IAAI,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAA;IAC/B,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC,UAAU,CAAC,KAAK,SAAS,CAAC,UAAU,CAAC,CAAA;IACnE,QAAQ,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,OAAO,CAAA;CACzC,CACJ,CAAA;AAED,KAAK,WAAW,CAAC,CAAC,SAAS,YAAY,IAAI;KACxC,CAAC,IAAI,MAAM,CAAC,GACT,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,IAAI,GAC1B,KAAK,GACL,SAAS,SAAS,MAAM,CAAC,CAAC,CAAC,CAAC,GAC1B,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,GACf,SAAS,CAAC,GAChB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,IAAI,GAC1B,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAChD,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;CAC/C,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;AAExB,qBAAa,MAAM,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,YAAY;aAIxC,MAAM,EAAE,CAAC;aACT,MAAM,EAAE,CAAC;aACT,cAAc,CAAC,GAAE,MAAM,CAAC,GAAG,MAAM;IALnD,SAAgB,UAAU,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/lib/parser.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAEhE,KAAK,mBAAmB,CAAC,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,KAAK,OAAO,IAC/D,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,UAAU,KAAK,KAAK,IAAI,MAAM,CAAC,SAAS,UAAU,CAAC,GAClE,CAAC,GACD,UAAU,CAAA;AAEhB,KAAK,YAAY,GAAG,MAAM,CACxB,MAAM,EACJ;IACE,QAAQ,EAAE,KAAK,CAAA;IACf,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,CAAC,EAAE,UAAU,CAAA;IACpB,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,UAAU,CAAA;IAC7C,QAAQ,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,OAAO,CAAA;CACzC,GACD;IACE,QAAQ,EAAE,IAAI,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAA;IAC/B,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC,UAAU,CAAC,KAAK,SAAS,CAAC,UAAU,CAAC,CAAA;IACnE,QAAQ,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,OAAO,CAAA;CACzC,CACJ,CAAA;AAED,KAAK,WAAW,CAAC,CAAC,SAAS,YAAY,IAAI;KACxC,CAAC,IAAI,MAAM,CAAC,GACT,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,IAAI,GAC1B,KAAK,GACL,SAAS,SAAS,MAAM,CAAC,CAAC,CAAC,CAAC,GAC1B,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,GACf,SAAS,CAAC,GAChB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,IAAI,GAC1B,SAAS,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAChD,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;CAC/C,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;AAExB,qBAAa,MAAM,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,YAAY;aAIxC,MAAM,EAAE,CAAC;aACT,MAAM,EAAE,CAAC;aACT,cAAc,CAAC,GAAE,MAAM,CAAC,GAAG,MAAM;IALnD,SAAgB,UAAU,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAA;IAEzD,YACkB,MAAM,EAAE,CAAC,EACT,MAAM,EAAE,CAAC,EACT,cAAc,CAAC,GAAE,MAAM,CAAC,GAAG,MAAM,aAAA,EAGlD;IAED,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,2CA8C5B;IAKD,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,MAzE3B,CAAC,uQAoID;CACF"}
|
package/dist/lib/parser.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/lib/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAsCtD,MAAM,OAAO,MAAM;IAGjB,YACkB,MAAS,EACT,MAAS,EACT,cAAiC;
|
|
1
|
+
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/lib/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAsCtD,MAAM,OAAO,MAAM;IAGjB,YACkB,MAAS,EACT,MAAS,EACT,cAAiC;sBAFjC,MAAM;sBACN,MAAM;8BACN,cAAc;QAE9B,IAAI,CAAC,UAAU,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,CAAC,MAAsB;QAC3B,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAA;QACpC,IAAI,UAAU,GAAuB,SAAS,CAAA;QAE9C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;YACzB,0BAA0B;YAC1B,IAAI,KAAK,KAAK,SAAS;gBAAE,SAAQ;YAEjC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAE/B,8DAA8D;YAC9D,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS;gBACjC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,KAAY,CAAC;gBAChC,CAAC,CAAC,KAAK,CAAA;YAET,oDAAoD;YACpD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACrB,IAAI,MAAM,CAAC,OAAO,KAAK,UAAU;oBAAE,SAAQ;gBAC3C,IACE,MAAM,CAAC,QAAQ;oBACf,MAAM,CAAC,OAAO;oBACd,gBAAgB,CAAC,MAAM,CAAC,OAAO,EAAE,UAA+B,CAAC,EACjE,CAAC;oBACD,SAAQ;gBACV,CAAC;YACH,CAAC;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,IAAI,GAAG,KAAK,IAAI,CAAC,cAAc,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC3D,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC,CAAA;gBACrC,CAAC;qBAAM,CAAC;oBACN,oBAAoB;oBACpB,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;oBAC9C,KAAK,MAAM,CAAC,IAAI,MAAM;wBAAE,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;gBAC/C,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,GAAG,KAAK,IAAI,CAAC,cAAc,EAAE,CAAC;oBAChC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,CAAA;gBACjC,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAA;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAA;IAC1E,CAAC;IAED,yEAAyE;IACzE,2DAA2D;IAC3D,iEAAiE;IACjE,KAAK,CAAC,MAAsB;QAC1B,sEAAsE;QACtE,qBAAqB;QAErB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAChC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAA;QAC5C,CAAC;QAED,MAAM,MAAM,GAGR,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAEvB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAEnC,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ;gBAC/B,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACtB,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;YAEzB,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,IAAI,CAAA,CAAC,qBAAqB;YACnC,CAAC;iBAAM,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBAC/B,IAAI,GAAG,KAAK,IAAI,CAAC,cAAc,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;oBACnE,4DAA4D;oBAC5D,OAAO,IAAI,CAAA;gBACb,CAAC;gBAED,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;oBACxB,2BAA2B;oBAC3B,IAAI,CAAE,KAAsB,CAAC,MAAM;wBAAE,OAAO,IAAI,CAAA;oBAChD,IAAI,CAAE,KAAsB,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACxD,OAAO,IAAI,CAAA;oBACb,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAmB,CAAC,EAAE,CAAC;wBAC9C,OAAO,IAAI,CAAA;oBACb,CAAC;gBACH,CAAC;gBAED,MAAM,CAAC,GAAG,CAAC,GAAG,KAA2C,CAAA;YAC3D,CAAC;iBAAM,IACL,GAAG,KAAK,IAAI,CAAC,cAAc;gBAC3B,MAAM,CAAC,UAAU,KAAK,SAAS,EAC/B,CAAC;gBACD,iEAAiE;gBACjE,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,CAAA;gBAC7B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBACrC,OAAO,IAAI,CAAA;gBACb,CAAC;gBACD,MAAM,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAA;YAC/D,CAAC;iBAAM,IAAI,UAAU,CAAC,QAAQ,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAA;YACb,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,CAAA;YAClC,CAAC;QACH,CAAC;QAED,OAAO,MAAwB,CAAA;IACjC,CAAC;CACF;AAED;;;;;GAKG;AACH,SAAS,gBAAgB,CACvB,CAAqB,EACrB,CAAqB;IAErB,KAAK,MAAM,IAAI,IAAI,CAAC;QAAE,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAA;IACzD,KAAK,MAAM,IAAI,IAAI,CAAC;QAAE,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAA;IACzD,OAAO,IAAI,CAAA;AACb,CAAC","sourcesContent":["import { ScopeStringSyntax } from './syntax-string.js'\nimport { NeRoArray, ParamValue, ScopeSyntax } from './syntax.js'\n\ntype InferParamPredicate<T extends (value: ParamValue) => boolean> =\n T extends ((value: ParamValue) => value is infer U extends ParamValue)\n ? U\n : ParamValue\n\ntype ParamsSchema = Record<\n string,\n | {\n multiple: false\n required: boolean\n default?: ParamValue\n normalize?: (value: ParamValue) => ParamValue\n validate: (value: ParamValue) => boolean\n }\n | {\n multiple: true\n required: boolean\n default?: NeRoArray<ParamValue>\n normalize?: (value: NeRoArray<ParamValue>) => NeRoArray<ParamValue>\n validate: (value: ParamValue) => boolean\n }\n>\n\ntype InferParams<S extends ParamsSchema> = {\n [K in keyof S]:\n | (S[K]['required'] extends true\n ? never\n : 'default' extends keyof S[K]\n ? S[K]['default']\n : undefined)\n | (S[K]['multiple'] extends true\n ? NeRoArray<InferParamPredicate<S[K]['validate']>>\n : InferParamPredicate<S[K]['validate']>)\n} & NonNullable<unknown>\n\nexport class Parser<P extends string, S extends ParamsSchema> {\n public readonly schemaKeys: ReadonlySet<keyof S & string>\n\n constructor(\n public readonly prefix: P,\n public readonly schema: S,\n public readonly positionalName?: keyof S & string,\n ) {\n this.schemaKeys = new Set(Object.keys(schema))\n }\n\n format(values: InferParams<S>) {\n const params = new URLSearchParams()\n let positional: string | undefined = undefined\n\n for (const key of this.schemaKeys) {\n const value = values[key]\n // Ignore undefined values\n if (value === undefined) continue\n\n const schema = this.schema[key]\n\n // Normalize the value if a normalization function is provided\n const normalized = schema.normalize\n ? schema.normalize(value as any)\n : value\n\n // Ignore values that are equal to the default value\n if (!schema.required) {\n if (schema.default === normalized) continue\n if (\n schema.multiple &&\n schema.default &&\n arrayParamEquals(schema.default, normalized as NeRoArray<string>)\n ) {\n continue\n }\n }\n\n if (Array.isArray(normalized)) {\n if (key === this.positionalName && normalized.length === 1) {\n positional = String(normalized[0]!)\n } else {\n // remove duplicates\n const unique = new Set(normalized.map(String))\n for (const v of unique) params.append(key, v)\n }\n } else {\n if (key === this.positionalName) {\n positional = String(normalized)\n } else {\n params.set(key, String(normalized))\n }\n }\n }\n\n return new ScopeStringSyntax(this.prefix, positional, params).toString()\n }\n\n // @NOTE If we needed to ever have more detailed reason as to why parsing\n // fails, this function could easily be updated to return a\n // ValidationResult<T> type that explains the reason for failure.\n parse(syntax: ScopeSyntax<P>) {\n // @NOTE no need to check prefix, since the typing (P generic) already\n // ensures it matches\n\n for (const key of syntax.keys()) {\n if (!this.schemaKeys.has(key)) return null\n }\n\n const result: Record<\n string,\n undefined | ParamValue | NeRoArray<ParamValue>\n > = Object.create(null)\n\n for (const key of this.schemaKeys) {\n const definition = this.schema[key]\n\n const param = definition.multiple\n ? syntax.getMulti(key)\n : syntax.getSingle(key)\n\n if (param === null) {\n return null // Value is not valid\n } else if (param !== undefined) {\n if (key === this.positionalName && syntax.positional !== undefined) {\n // Positional parameter cannot be used with named parameters\n return null\n }\n\n if (definition.multiple) {\n // Empty array is not valid\n if (!(param as ParamValue[]).length) return null\n if (!(param as ParamValue[]).every(definition.validate)) {\n return null\n }\n } else {\n if (!definition.validate(param as ParamValue)) {\n return null\n }\n }\n\n result[key] = param as ParamValue | NeRoArray<ParamValue>\n } else if (\n key === this.positionalName &&\n syntax.positional !== undefined\n ) {\n // No named parameters found, but there is a positional parameter\n const { positional } = syntax\n if (!definition.validate(positional)) {\n return null\n }\n result[key] = definition.multiple ? [positional] : positional\n } else if (definition.required) {\n return null\n } else {\n result[key] = definition.default\n }\n }\n\n return result as InferParams<S>\n }\n}\n\n/**\n * Two param arrays are considered equal if they contain the same values,\n * regardless of the order and duplicates.\n * @param a - The first array to compare.\n * @param b - The second array to compare.\n */\nfunction arrayParamEquals(\n a: readonly unknown[],\n b: readonly unknown[],\n): boolean {\n for (const item of a) if (!b.includes(item)) return false\n for (const item of b) if (!a.includes(item)) return false\n return true\n}\n"]}
|
|
@@ -8,7 +8,7 @@ export declare class LexPermissionSyntax<P extends string = string> implements S
|
|
|
8
8
|
constructor(lexPermission: LexiconPermission<P>);
|
|
9
9
|
get prefix(): P;
|
|
10
10
|
get positional(): undefined;
|
|
11
|
-
get(key: string): import("./syntax.js").ParamValue |
|
|
11
|
+
get(key: string): readonly import("./syntax.js").ParamValue[] | import("./syntax.js").ParamValue | undefined;
|
|
12
12
|
keys(): Generator<string, void, unknown>;
|
|
13
13
|
getSingle(key: string): import("./syntax.js").ParamValue | null | undefined;
|
|
14
14
|
getMulti(key: string): readonly import("./syntax.js").ParamValue[] | null | undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syntax-lexicon.d.ts","sourceRoot":"","sources":["../../src/lib/syntax-lexicon.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAIzC;;GAEG;AACH,qBAAa,mBAAmB,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,CACxD,YAAW,WAAW,CAAC,CAAC,CAAC;IAEb,QAAQ,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"syntax-lexicon.d.ts","sourceRoot":"","sources":["../../src/lib/syntax-lexicon.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAIzC;;GAEG;AACH,qBAAa,mBAAmB,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,CACxD,YAAW,WAAW,CAAC,CAAC,CAAC;IAEb,QAAQ,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAC,CAAC;IAAxD,YAAqB,aAAa,EAAE,iBAAiB,CAAC,CAAC,CAAC,EAAI;IAE5D,IAAI,MAAM,MAET;IAED,IAAI,UAAU,cAEb;IAED,GAAG,CAAC,GAAG,EAAE,MAAM,8FASd;IAEA,IAAI,qCAIJ;IAED,SAAS,CAAC,GAAG,EAAE,MAAM,uDAIpB;IAED,QAAQ,CAAC,GAAG,EAAE,MAAM,kEAKnB;IAED,MAAM,yBAEL;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syntax-lexicon.js","sourceRoot":"","sources":["../../src/lib/syntax-lexicon.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,GAAoD,KAAK,CAAC,OAAO,CAAA;AAE9E;;GAEG;AACH,MAAM,OAAO,mBAAmB;IAG9B,YAAqB,aAAmC;
|
|
1
|
+
{"version":3,"file":"syntax-lexicon.js","sourceRoot":"","sources":["../../src/lib/syntax-lexicon.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,GAAoD,KAAK,CAAC,OAAO,CAAA;AAE9E;;GAEG;AACH,MAAM,OAAO,mBAAmB;IAG9B,YAAqB,aAAmC;6BAAnC,aAAa;IAAyB,CAAC;IAE5D,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAA;IACpC,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,GAAG,CAAC,GAAW;QACb,2BAA2B;QAC3B,IAAI,GAAG,KAAK,MAAM;YAAE,OAAO,SAAS,CAAA;QACpC,IAAI,GAAG,KAAK,UAAU;YAAE,OAAO,SAAS,CAAA;QAExC,iDAAiD;QACjD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,CAAC;YAAE,OAAO,SAAS,CAAA;QAE7D,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;IAChC,CAAC;IAED,CAAC,IAAI;QACH,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;YAClD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS;gBAAE,MAAM,GAAG,CAAA;QAC5C,CAAC;IACH,CAAC;IAED,SAAS,CAAC,GAAW;QACnB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,OAAO,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAC/B,OAAO,KAAK,CAAA;IACd,CAAC;IAED,QAAQ,CAAC,GAAW;QAClB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,KAAK,KAAK,SAAS;YAAE,OAAO,SAAS,CAAA;QACzC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAChC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,aAAa,CAAA;IAC3B,CAAC;CACF","sourcesContent":["import { LexiconPermission } from './lexicon.js'\nimport { ScopeSyntax } from './syntax.js'\n\nconst isArray: (value: unknown) => value is readonly unknown[] = Array.isArray\n\n/**\n * Translates a {@link LexiconPermission} into a {@link ScopeSyntax}.\n */\nexport class LexPermissionSyntax<P extends string = string>\n implements ScopeSyntax<P>\n{\n constructor(readonly lexPermission: LexiconPermission<P>) {}\n\n get prefix() {\n return this.lexPermission.resource\n }\n\n get positional() {\n return undefined\n }\n\n get(key: string) {\n // Ignore reserved keywords\n if (key === 'type') return undefined\n if (key === 'resource') return undefined\n\n // Ignore inherited properties (toString(), etc.)\n if (!Object.hasOwn(this.lexPermission, key)) return undefined\n\n return this.lexPermission[key]\n }\n\n *keys() {\n for (const key of Object.keys(this.lexPermission)) {\n if (this.get(key) !== undefined) yield key\n }\n }\n\n getSingle(key: string) {\n const value = this.get(key)\n if (isArray(value)) return null\n return value\n }\n\n getMulti(key: string) {\n const value = this.get(key)\n if (value === undefined) return undefined\n if (!isArray(value)) return null\n return value\n }\n\n toJSON() {\n return this.lexPermission\n }\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syntax-string.d.ts","sourceRoot":"","sources":["../../src/lib/syntax-string.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAGzD;;GAEG;AACH,qBAAa,iBAAiB,CAAC,CAAC,SAAS,MAAM,CAAE,YAAW,WAAW,CAAC,CAAC,CAAC;IAEtE,QAAQ,CAAC,MAAM,EAAE,CAAC;IAClB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"syntax-string.d.ts","sourceRoot":"","sources":["../../src/lib/syntax-string.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAGzD;;GAEG;AACH,qBAAa,iBAAiB,CAAC,CAAC,SAAS,MAAM,CAAE,YAAW,WAAW,CAAC,CAAC,CAAC;IAEtE,QAAQ,CAAC,MAAM,EAAE,CAAC;IAClB,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,eAAe,CAAC;IAH7C,YACW,MAAM,EAAE,CAAC,EACT,UAAU,CAAC,EAAE,MAAM,YAAA,EACnB,MAAM,CAAC,EAAE,QAAQ,CAAC,eAAe,CAAC,YAAA,EACzC;IAEH,IAAI,qCAEJ;IAED,SAAS,CAAC,GAAG,EAAE,MAAM,6BAKpB;IAED,QAAQ,CAAC,GAAG,EAAE,MAAM,wBAGnB;IAED,QAAQ,IAWU,cAAc,CAAC,CAAC,CAAC,CAClC;IAED,MAAM,CAAC,UAAU,CAAC,CAAC,SAAS,MAAM,EAChC,UAAU,EAAE,cAAc,CAAC,CAAC,CAAC,GAC5B,iBAAiB,CAAC,CAAC,CAAC,CA6BtB;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syntax-string.js","sourceRoot":"","sources":["../../src/lib/syntax-string.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAA;AAElC;;GAEG;AACH,MAAM,OAAO,iBAAiB;IAC5B,YACW,MAAS,EACT,UAAmB,EACnB,MAAkC;
|
|
1
|
+
{"version":3,"file":"syntax-string.js","sourceRoot":"","sources":["../../src/lib/syntax-string.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAA;AAElC;;GAEG;AACH,MAAM,OAAO,iBAAiB;IAC5B,YACW,MAAS,EACT,UAAmB,EACnB,MAAkC;sBAFlC,MAAM;0BACN,UAAU;sBACV,MAAM;IACd,CAAC;IAEJ,CAAC,IAAI;QACH,IAAI,IAAI,CAAC,MAAM;YAAE,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAA;IAC5C,CAAC;IAED,SAAS,CAAC,GAAW;QACnB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,SAAS,CAAA;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QACrC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QACjC,OAAO,KAAK,CAAC,CAAC,CAAE,CAAA;IAClB,CAAC;IAED,QAAQ,CAAC,GAAW;QAClB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,SAAS,CAAA;QAC5C,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAChC,CAAC;IAED,QAAQ;QACN,IAAI,KAAK,GAAW,IAAI,CAAC,MAAM,CAAA;QAE/B,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YAClC,KAAK,IAAI,IAAI,qBAAqB,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAA;QAC3E,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;YACtB,KAAK,IAAI,IAAI,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAA;QAC9D,CAAC;QAED,OAAO,KAA0B,CAAA;IACnC,CAAC;IAED,MAAM,CAAC,UAAU,CACf,UAA6B;QAE7B,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QACxC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QACxC,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAE5C,yBAAyB;QACzB,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;YACrB,OAAO,IAAI,iBAAiB,CAAC,UAAe,CAAC,CAAA;QAC/C,CAAC;QAED,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAM,CAAA;QAElD,4CAA4C;QAC5C,MAAM,UAAU,GACd,QAAQ,KAAK,CAAC,CAAC;YACb,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC;gBACf,CAAC,CAAC,kBAAkB,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;gBACpD,CAAC,CAAC,QAAQ,GAAG,QAAQ;oBACnB,CAAC,CAAC,kBAAkB,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;oBAC9D,CAAC,CAAC,SAAS;YACf,CAAC,CAAC,SAAS,CAAA;QAEf,kDAAkD;QAClD,MAAM,MAAM,GACV,QAAQ,KAAK,CAAC,CAAC,IAAI,QAAQ,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC;YACjD,CAAC,CAAC,IAAI,eAAe,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,SAAS,CAAA;QAEf,OAAO,IAAI,iBAAiB,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAA;IAC1D,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,mBAAmB,GAAG,IAAI,GAAG;AACjC,yEAAyE;AACzE,wBAAwB;AACxB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAC/B,CAAA;AAED,MAAM,sBAAsB,GAAG,IAAI,GAAG,CACpC,KAAK,CAAC,IAAI,CACR,mBAAmB,EACnB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAU,CAC3C,CAAC,MAAM,CACN,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;AACf,sEAAsE;AACtE,mEAAmE;AACnE,sDAAsD;AACtD,OAAO,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CACnE,CACF,CAAA;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,KAAa;IAC1C,2EAA2E;IAC3E,oCAAoC;IACpC,IAAI,GAAG,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAA;IAE1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,wDAAwD;QACxD,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;YACzC,4DAA4D;YAC5D,6CAA6C;YAC7C,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAA;YAEzC,6DAA6D;YAC7D,MAAM,cAAc,GAAG,sBAAsB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;YAC9D,IAAI,cAAc,EAAE,CAAC;gBACnB,4DAA4D;gBAC5D,KAAK,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,cAAc,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,EAAE,CAAA;gBAErF,gDAAgD;gBAChD,CAAC,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,CAAA;gBAE9B,uEAAuE;gBACvE,GAAG,IAAI,WAAW,CAAC,MAAM,GAAG,cAAc,CAAC,MAAM,CAAA;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC","sourcesContent":["import { ScopeStringFor, ScopeSyntax } from './syntax.js'\nimport { minIdx } from './util.js'\n\n/**\n * Translates a scope string into a {@link ScopeSyntax}.\n */\nexport class ScopeStringSyntax<P extends string> implements ScopeSyntax<P> {\n constructor(\n readonly prefix: P,\n readonly positional?: string,\n readonly params?: Readonly<URLSearchParams>,\n ) {}\n\n *keys() {\n if (this.params) yield* this.params.keys()\n }\n\n getSingle(key: string) {\n if (!this.params?.has(key)) return undefined\n const value = this.params.getAll(key)\n if (value.length > 1) return null\n return value[0]!\n }\n\n getMulti(key: string) {\n if (!this.params?.has(key)) return undefined\n return this.params.getAll(key)\n }\n\n toString() {\n let scope: string = this.prefix\n\n if (this.positional !== undefined) {\n scope += `:${normalizeURIComponent(encodeURIComponent(this.positional))}`\n }\n\n if (this.params?.size) {\n scope += `?${normalizeURIComponent(this.params.toString())}`\n }\n\n return scope as ScopeStringFor<P>\n }\n\n static fromString<P extends string>(\n scopeValue: ScopeStringFor<P>,\n ): ScopeStringSyntax<P> {\n const paramIdx = scopeValue.indexOf('?')\n const colonIdx = scopeValue.indexOf(':')\n const prefixEnd = minIdx(paramIdx, colonIdx)\n\n // No param or positional\n if (prefixEnd === -1) {\n return new ScopeStringSyntax(scopeValue as P)\n }\n\n const prefix = scopeValue.slice(0, prefixEnd) as P\n\n // Parse the positional parameter if present\n const positional =\n colonIdx !== -1\n ? paramIdx === -1\n ? decodeURIComponent(scopeValue.slice(colonIdx + 1))\n : colonIdx < paramIdx\n ? decodeURIComponent(scopeValue.slice(colonIdx + 1, paramIdx))\n : undefined\n : undefined\n\n // Parse the query string if present and non empty\n const params =\n paramIdx !== -1 && paramIdx < scopeValue.length - 1\n ? new URLSearchParams(scopeValue.slice(paramIdx + 1))\n : undefined\n\n return new ScopeStringSyntax(prefix, positional, params)\n }\n}\n\n/**\n * Set of characters that are allowed in scope components without encoding. This\n * is used to normalize scope components.\n */\nconst ALLOWED_SCOPE_CHARS = new Set(\n // @NOTE This list must not contain \"?\" or \"&\" as it would interfere with\n // query string parsing.\n [':', '/', '+', ',', '@', '%'],\n)\n\nconst NORMALIZABLE_CHARS_MAP = new Map(\n Array.from(\n ALLOWED_SCOPE_CHARS,\n (c) => [encodeURIComponent(c), c] as const,\n ).filter(\n ([encoded, c]) =>\n // Make sure that any char added to ALLOWED_SCOPE_CHARS that is a char\n // that indeed needs encoding. Also, the normalizeURIComponent only\n // supports three-character percent-encoded sequences.\n encoded !== c && encoded.length === 3 && encoded.startsWith('%'),\n ),\n)\n\n/**\n * Assumes a properly url-encoded string.\n */\nfunction normalizeURIComponent(value: string): string {\n // No need to read the last two characters since percent encoded characters\n // are always three characters long.\n let end = value.length - 2\n\n for (let i = 0; i < end; i++) {\n // Check if the character is a percent-encoded character\n if (value.charCodeAt(i) === 0x25 /* % */) {\n // Read the next encoded char. Current version only supports\n // three-character percent-encoded sequences.\n const encodedChar = value.slice(i, i + 3)\n\n // Check if the encoded character is in the normalization map\n const normalizedChar = NORMALIZABLE_CHARS_MAP.get(encodedChar)\n if (normalizedChar) {\n // Replace the encoded character with its normalized version\n value = `${value.slice(0, i)}${normalizedChar}${value.slice(i + encodedChar.length)}`\n\n // Adjust index to account for the length change\n i += normalizedChar.length - 1\n\n // Adjust end index since we replaced encoded char with normalized char\n end -= encodedChar.length - normalizedChar.length\n }\n }\n }\n\n return value\n}\n"]}
|
package/dist/lib/util.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/lib/util.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,SAAS,CAAC,CAAC;IAC1B,OAAO,CAAC,OAAO,EAAE,CAAC,GAAG,OAAO,CAAA;CAC7B;AAED,wBAAgB,MAAM,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAInD;AAED,wBAAgB,oBAAoB,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,
|
|
1
|
+
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../src/lib/util.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,SAAS,CAAC,CAAC;IAC1B,OAAO,CAAC,OAAO,EAAE,CAAC,GAAG,OAAO,CAAA;CAC7B;AAED,wBAAgB,MAAM,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAInD;AAED,wBAAgB,oBAAoB,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,WAE1C,OAAO,KAAG,KAAK,IAAI,CAAC,CACpC;AAED,wBAAgB,aAAa,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,KAAK,IAAI,WAAW,CAAC,CAAC,CAAC,CAElE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope-missing-error.d.ts","sourceRoot":"","sources":["../src/scope-missing-error.ts"],"names":[],"mappings":"AAAA,qBAAa,iBAAkB,SAAQ,KAAK;aAWd,KAAK,EAAE,MAAM;IAVzC,IAAI,SAAsB;IAI1B,MAAM,SAAM;IACZ,MAAM,UAAO;IACb,IAAI,UAAU,WAEb;
|
|
1
|
+
{"version":3,"file":"scope-missing-error.d.ts","sourceRoot":"","sources":["../src/scope-missing-error.ts"],"names":[],"mappings":"AAAA,qBAAa,iBAAkB,SAAQ,KAAK;aAWd,KAAK,EAAE,MAAM;IAVzC,IAAI,SAAsB;IAI1B,MAAM,SAAM;IACZ,MAAM,UAAO;IACb,IAAI,UAAU,WAEb;IAED,YAA4B,KAAK,EAAE,MAAM,EAExC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope-permissions-transition.d.ts","sourceRoot":"","sources":["../src/scope-permissions-transition.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,EACnB,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,wBAAwB,CAAA;AAE/B;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,gBAAgB;IAC9D,IAAI,oBAAoB,IAAI,OAAO,CAElC;IAED,IAAI,kBAAkB,IAAI,OAAO,CAEhC;IAED,IAAI,qBAAqB,IAAI,OAAO,CAEnC;IAEQ,aAAa,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO;
|
|
1
|
+
{"version":3,"file":"scope-permissions-transition.d.ts","sourceRoot":"","sources":["../src/scope-permissions-transition.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,EACnB,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,wBAAwB,CAAA;AAE/B;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,gBAAgB;IAC9D,IAAI,oBAAoB,IAAI,OAAO,CAElC;IAED,IAAI,kBAAkB,IAAI,OAAO,CAEhC;IAED,IAAI,qBAAqB,IAAI,OAAO,CAEnC;IAEQ,aAAa,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAU/D;IAEQ,UAAU,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAMzD;IAEQ,UAAU,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAMzD;IAEQ,SAAS,CAAC,OAAO,EAAE,kBAAkB,WAgB7C;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scope-permissions.d.ts","sourceRoot":"","sources":["../src/scope-permissions.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,sBAAsB,EACvB,MAAM,gCAAgC,CAAA;AACvC,OAAO,EAEL,mBAAmB,EACpB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAEL,uBAAuB,EACxB,MAAM,iCAAiC,CAAA;AACxC,OAAO,EAEL,mBAAmB,EACpB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAAiB,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAC9E,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAE3C,YAAY,EACV,sBAAsB,EACtB,mBAAmB,EACnB,uBAAuB,EACvB,mBAAmB,EACnB,kBAAkB,GACnB,CAAA;AAED,qBAAa,gBAAgB;IAC3B,SAAgB,MAAM,EAAE,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"scope-permissions.d.ts","sourceRoot":"","sources":["../src/scope-permissions.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,sBAAsB,EACvB,MAAM,gCAAgC,CAAA;AACvC,OAAO,EAEL,mBAAmB,EACpB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAEL,uBAAuB,EACxB,MAAM,iCAAiC,CAAA;AACxC,OAAO,EAEL,mBAAmB,EACpB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAAiB,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAC9E,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAE3C,YAAY,EACV,sBAAsB,EACtB,mBAAmB,EACnB,uBAAuB,EACvB,mBAAmB,EACnB,kBAAkB,GACnB,CAAA;AAED,qBAAa,gBAAgB;IAC3B,SAAgB,MAAM,EAAE,SAAS,CAAA;IAEjC,YAAY,KAAK,CAAC,EAAE,IAAI,GAAG,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,EAQnD;IAEM,aAAa,CAAC,OAAO,EAAE,sBAAsB,GAAG,OAAO,CAE7D;IACM,aAAa,CAAC,OAAO,EAAE,sBAAsB,GAAG,IAAI,CAK1D;IAEM,cAAc,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAE/D;IACM,cAAc,CAAC,OAAO,EAAE,uBAAuB,GAAG,IAAI,CAK5D;IAEM,UAAU,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAEvD;IACM,UAAU,CAAC,OAAO,EAAE,mBAAmB,GAAG,IAAI,CAKpD;IAEM,UAAU,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAEvD;IACM,UAAU,CAAC,OAAO,EAAE,mBAAmB,GAAG,IAAI,CAKpD;IAEM,SAAS,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAErD;IACM,SAAS,CAAC,OAAO,EAAE,kBAAkB,GAAG,IAAI,CAKlD;CACF"}
|
|
@@ -24,7 +24,7 @@ export declare class AccountPermission implements ResourcePermission<'account',
|
|
|
24
24
|
action: {
|
|
25
25
|
multiple: true;
|
|
26
26
|
required: false;
|
|
27
|
-
validate: (value: unknown) => value is "
|
|
27
|
+
validate: (value: unknown) => value is "manage" | "read";
|
|
28
28
|
default: ["read"];
|
|
29
29
|
};
|
|
30
30
|
}>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/account-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAoB,MAAM,kBAAkB,CAAA;AAG3E,eAAO,MAAM,kBAAkB,sCAIpB,CAAA;AACX,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAA;AAElE,eAAO,MAAM,eAAe,6BAA6C,CAAA;AACzE,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,CAAC,CAAA;AAE5D,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,gBAAgB,CAAA;IACtB,MAAM,EAAE,aAAa,CAAA;CACtB,CAAA;AAED,qBAAa,iBACX,YAAW,kBAAkB,CAAC,SAAS,EAAE,sBAAsB,CAAC;aAG9C,IAAI,EAAE,gBAAgB;aACtB,MAAM,EAAE,SAAS,CAAC,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"account-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/account-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAoB,MAAM,kBAAkB,CAAA;AAG3E,eAAO,MAAM,kBAAkB,sCAIpB,CAAA;AACX,MAAM,MAAM,gBAAgB,GAAG,CAAC,OAAO,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAA;AAElE,eAAO,MAAM,eAAe,6BAA6C,CAAA;AACzE,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,CAAC,CAAA;AAE5D,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,gBAAgB,CAAA;IACtB,MAAM,EAAE,aAAa,CAAA;CACtB,CAAA;AAED,qBAAa,iBACX,YAAW,kBAAkB,CAAC,SAAS,EAAE,sBAAsB,CAAC;aAG9C,IAAI,EAAE,gBAAgB;aACtB,MAAM,EAAE,SAAS,CAAC,aAAa,CAAC;IAFlD,YACkB,IAAI,EAAE,gBAAgB,EACtB,MAAM,EAAE,SAAS,CAAC,aAAa,CAAC,EAC9C;IAEJ,OAAO,CAAC,OAAO,EAAE,sBAAsB,WAKtC;IAED,QAAQ,yDAEP;IAED,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;;;;;;;;;;;;OAgB/B;IAED,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,4BAI9B;IAED,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC,4BAK/C;IAED,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,sBAAsB,wDAKpD;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account-permission.js","sourceRoot":"","sources":["../../src/scopes/account-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAA0B,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAErD,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC9C,OAAO;IACP,MAAM;IACN,QAAQ;CACA,CAAC,CAAA;AAGX,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAU,CAAC,CAAA;AAQzE,MAAM,OAAO,iBAAiB;IAG5B,YACkB,IAAsB,EACtB,MAAgC;
|
|
1
|
+
{"version":3,"file":"account-permission.js","sourceRoot":"","sources":["../../src/scopes/account-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAA0B,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAC3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAErD,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC9C,OAAO;IACP,MAAM;IACN,QAAQ;CACA,CAAC,CAAA;AAGX,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAU,CAAC,CAAA;AAQzE,MAAM,OAAO,iBAAiB;IAG5B,YACkB,IAAsB,EACtB,MAAgC;oBADhC,IAAI;sBACJ,MAAM;IACrB,CAAC;IAEJ,OAAO,CAAC,OAA+B;QACrC,OAAO,CACL,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI;YAC1B,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CACzE,CAAA;IACH,CAAC;IAED,QAAQ;QACN,OAAO,iBAAiB,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;aAEyB,WAAM,GAAG,IAAI,MAAM,CAC3C,SAAS,EACT;QACE,IAAI,EAAE;YACJ,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,oBAAoB,CAAC,kBAAkB,CAAC;SACnD;QACD,MAAM,EAAE;YACN,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,oBAAoB,CAAC,eAAe,CAAC;YAC/C,OAAO,EAAE,CAAC,MAAe,CAAC;SAC3B;KACF,EACD,MAAM,CACP,CAAA;IAED,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC;YAAE,OAAO,IAAI,CAAA;QACpD,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,iBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC7C,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA8B;QAC9C,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QACrD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,OAAO,IAAI,iBAAiB,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;IAC1D,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAA+B;QACnD,OAAO,iBAAiB,CAAC,MAAM,CAAC,MAAM,CAAC;YACrC,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;SACzB,CAAC,CAAA;IACJ,CAAC;CACF","sourcesContent":["import { Parser } from '../lib/parser.js'\nimport { ResourcePermission } from '../lib/resource-permission.js'\nimport { ScopeStringSyntax } from '../lib/syntax-string.js'\nimport { NeRoArray, ScopeSyntax, isScopeStringFor } from '../lib/syntax.js'\nimport { knownValuesValidator } from '../lib/util.js'\n\nexport const ACCOUNT_ATTRIBUTES = Object.freeze([\n 'email',\n 'repo',\n 'status',\n] as const)\nexport type AccountAttribute = (typeof ACCOUNT_ATTRIBUTES)[number]\n\nexport const ACCOUNT_ACTIONS = Object.freeze(['read', 'manage'] as const)\nexport type AccountAction = (typeof ACCOUNT_ACTIONS)[number]\n\nexport type AccountPermissionMatch = {\n attr: AccountAttribute\n action: AccountAction\n}\n\nexport class AccountPermission\n implements ResourcePermission<'account', AccountPermissionMatch>\n{\n constructor(\n public readonly attr: AccountAttribute,\n public readonly action: NeRoArray<AccountAction>,\n ) {}\n\n matches(options: AccountPermissionMatch) {\n return (\n this.attr === options.attr &&\n (this.action.includes('manage') || this.action.includes(options.action))\n )\n }\n\n toString() {\n return AccountPermission.parser.format(this)\n }\n\n protected static readonly parser = new Parser(\n 'account',\n {\n attr: {\n multiple: false,\n required: true,\n validate: knownValuesValidator(ACCOUNT_ATTRIBUTES),\n },\n action: {\n multiple: true,\n required: false,\n validate: knownValuesValidator(ACCOUNT_ACTIONS),\n default: ['read' as const],\n },\n },\n 'attr',\n )\n\n static fromString(scope: string) {\n if (!isScopeStringFor(scope, 'account')) return null\n const syntax = ScopeStringSyntax.fromString(scope)\n return AccountPermission.fromSyntax(syntax)\n }\n\n static fromSyntax(syntax: ScopeSyntax<'account'>) {\n const result = AccountPermission.parser.parse(syntax)\n if (!result) return null\n\n return new AccountPermission(result.attr, result.action)\n }\n\n static scopeNeededFor(options: AccountPermissionMatch) {\n return AccountPermission.parser.format({\n attr: options.attr,\n action: [options.action],\n })\n }\n}\n"]}
|
|
@@ -17,7 +17,7 @@ export declare class BlobPermission implements ResourcePermission<'blob', BlobPe
|
|
|
17
17
|
multiple: true;
|
|
18
18
|
required: true;
|
|
19
19
|
validate: typeof isAccept;
|
|
20
|
-
normalize: (value: NeRoArray<ParamValue>) => readonly ["*/*"]
|
|
20
|
+
normalize: (value: NeRoArray<ParamValue>) => NeArray<Accept> | readonly ["*/*"];
|
|
21
21
|
};
|
|
22
22
|
}>;
|
|
23
23
|
static fromString(scope: string): BlobPermission | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"blob-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/blob-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAoB,MAAM,gBAAgB,CAAA;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EACL,OAAO,EACP,SAAS,EACT,UAAU,EACV,WAAW,EAEZ,MAAM,kBAAkB,CAAA;AAEzB,OAAO,EAAE,KAAK,MAAM,EAAE,CAAA;AAEtB,eAAO,MAAM,cAAc,kBAAkC,CAAA;AAE7D,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,qBAAa,cACX,YAAW,kBAAkB,CAAC,MAAM,EAAE,mBAAmB,CAAC;aAE9B,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"blob-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/blob-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAoB,MAAM,gBAAgB,CAAA;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EACL,OAAO,EACP,SAAS,EACT,UAAU,EACV,WAAW,EAEZ,MAAM,kBAAkB,CAAA;AAEzB,OAAO,EAAE,KAAK,MAAM,EAAE,CAAA;AAEtB,eAAO,MAAM,cAAc,kBAAkC,CAAA;AAE7D,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,qBAAa,cACX,YAAW,kBAAkB,CAAC,MAAM,EAAE,mBAAmB,CAAC;aAE9B,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC;IAArD,YAA4B,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,EAAI;IAEzD,OAAO,CAAC,OAAO,EAAE,mBAAmB,WAEnC;IAED,QAAQ,sDAEP;IAED,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;;;;;;;OAmB/B;IAED,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,yBAI9B;IAED,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,yBAK5C;IAED,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,mBAAmB,qDAIjD;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"blob-permission.js","sourceRoot":"","sources":["../../src/scopes/blob-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,QAAQ,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAKL,gBAAgB,GACjB,MAAM,kBAAkB,CAAA;AAIzB,MAAM,CAAC,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAU,CAAC,CAAA;AAM7D,MAAM,OAAO,cAAc;IAGzB,YAA4B,MAAyB;
|
|
1
|
+
{"version":3,"file":"blob-permission.js","sourceRoot":"","sources":["../../src/scopes/blob-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,QAAQ,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAKL,gBAAgB,GACjB,MAAM,kBAAkB,CAAA;AAIzB,MAAM,CAAC,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAU,CAAC,CAAA;AAM7D,MAAM,OAAO,cAAc;IAGzB,YAA4B,MAAyB;sBAAzB,MAAM;IAAsB,CAAC;IAEzD,OAAO,CAAC,OAA4B;QAClC,OAAO,gBAAgB,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,CAAA;IACpD,CAAC;IAED,QAAQ;QACN,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC3C,CAAC;aAEyB,WAAM,GAAG,IAAI,MAAM,CAC3C,MAAM,EACN;QACE,MAAM,EAAE;YACN,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;gBACnB,8DAA8D;gBAC9D,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;oBAAE,OAAO,cAAc,CAAA;gBAEhD,OAAO,KAAK;qBACT,GAAG,CAAC,WAAW,CAAC;qBAChB,MAAM,CAAC,cAAc,CAAC;qBACtB,IAAI,EAAqB,CAAA;YAC9B,CAAC;SACF;KACF,EACD,QAAQ,CACT,CAAA;IAED,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC;YAAE,OAAO,IAAI,CAAA;QACjD,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA2B;QAC3C,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAA4B;QAChD,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC;YAClC,MAAM,EAAE,CAAC,OAAO,CAAC,IAAc,CAAC;SACjC,CAAC,CAAA;IACJ,CAAC;CACF;AAED,SAAS,WAAW,CAClB,KAAQ;IAER,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,KAAK,CACvB,CAAA;AACpC,CAAC;AAED,SAAS,cAAc,CACrB,KAAiB,EACjB,KAAa,EACb,GAA0B;IAE1B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAA;IACb,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,4EAA4E;QAC5E,8DAA8D;QAC9D,OAAO,IAAI,CAAA;IACb,CAAC;IACD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACnC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,IAAI,IAAI,CAAC,EAAE,CAAC;QAC9B,wEAAwE;QACxE,2EAA2E;QAC3E,0EAA0E;QAC1E,MAAM;QACN,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC","sourcesContent":["import { Accept, isAccept, matchesAnyAccept } from '../lib/mime.js'\nimport { Parser } from '../lib/parser.js'\nimport { ResourcePermission } from '../lib/resource-permission.js'\nimport { ScopeStringSyntax } from '../lib/syntax-string.js'\nimport {\n NeArray,\n NeRoArray,\n ParamValue,\n ScopeSyntax,\n isScopeStringFor,\n} from '../lib/syntax.js'\n\nexport { type Accept }\n\nexport const DEFAULT_ACCEPT = Object.freeze(['*/*'] as const)\n\nexport type BlobPermissionMatch = {\n mime: string\n}\n\nexport class BlobPermission\n implements ResourcePermission<'blob', BlobPermissionMatch>\n{\n constructor(public readonly accept: NeRoArray<Accept>) {}\n\n matches(options: BlobPermissionMatch) {\n return matchesAnyAccept(this.accept, options.mime)\n }\n\n toString() {\n return BlobPermission.parser.format(this)\n }\n\n protected static readonly parser = new Parser(\n 'blob',\n {\n accept: {\n multiple: true,\n required: true,\n validate: isAccept,\n normalize: (value) => {\n // Returns a more concise representation of the accept values.\n if (value.includes('*/*')) return DEFAULT_ACCEPT\n\n return value\n .map(toLowerCase)\n .filter(isNonRedundant)\n .sort() as NeArray<Accept>\n },\n },\n },\n 'accept',\n )\n\n static fromString(scope: string) {\n if (!isScopeStringFor(scope, 'blob')) return null\n const syntax = ScopeStringSyntax.fromString(scope)\n return BlobPermission.fromSyntax(syntax)\n }\n\n static fromSyntax(syntax: ScopeSyntax<'blob'>) {\n const result = BlobPermission.parser.parse(syntax)\n if (!result) return null\n\n return new BlobPermission(result.accept)\n }\n\n static scopeNeededFor(options: BlobPermissionMatch) {\n return BlobPermission.parser.format({\n accept: [options.mime as Accept],\n })\n }\n}\n\nfunction toLowerCase<T extends ParamValue>(\n value: T,\n): T extends string ? string : T {\n return (\n typeof value === 'string' ? value.toLowerCase() : value\n ) as T extends string ? string : T\n}\n\nfunction isNonRedundant(\n value: ParamValue,\n index: number,\n arr: readonly ParamValue[],\n): boolean {\n if (typeof value !== 'string') {\n return true\n }\n if (value.endsWith('/*')) {\n // assuming the array contains unique element, wildcards cannot be redundant\n // with one another ('image/*' is not redundant with 'text/*')\n return true\n }\n const base = value.split('/', 1)[0]\n if (arr.includes(`${base}/*`)) {\n // If another value in the array is a wildcard for the same base, we can\n // skip this one as it is redundant. e.g. if the array contains 'image/png'\n // and 'image/*', we can skip 'image/png' because 'image/*' already covers\n // it.\n return false\n }\n return true\n}\n"]}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"identity-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/identity-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EAAE,WAAW,EAAoB,MAAM,kBAAkB,CAAA;AAGhE,eAAO,MAAM,mBAAmB,0BAA0C,CAAA;AAC1E,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,CAAC,CAAA;AAEpE,MAAM,MAAM,uBAAuB,GAAG;IACpC,IAAI,EAAE,iBAAiB,CAAA;CACxB,CAAA;AAED,qBAAa,kBACX,YAAW,kBAAkB,CAAC,UAAU,EAAE,uBAAuB,CAAC;aAEtC,IAAI,EAAE,iBAAiB;
|
|
1
|
+
{"version":3,"file":"identity-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/identity-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EAAE,WAAW,EAAoB,MAAM,kBAAkB,CAAA;AAGhE,eAAO,MAAM,mBAAmB,0BAA0C,CAAA;AAC1E,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,CAAC,CAAA;AAEpE,MAAM,MAAM,uBAAuB,GAAG;IACpC,IAAI,EAAE,iBAAiB,CAAA;CACxB,CAAA;AAED,qBAAa,kBACX,YAAW,kBAAkB,CAAC,UAAU,EAAE,uBAAuB,CAAC;aAEtC,IAAI,EAAE,iBAAiB;IAAnD,YAA4B,IAAI,EAAE,iBAAiB,EAAI;IAEvD,OAAO,CAAC,OAAO,EAAE,uBAAuB,WAEvC;IAED,QAAQ,0DAEP;IAED,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;;;;;;OAU/B;IAED,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,6BAI9B;IAED,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,UAAU,CAAC,6BAIhD;IAED,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,uBAAuB,GAAG,MAAM,CAE9D;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"identity-permission.js","sourceRoot":"","sources":["../../src/scopes/identity-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAAe,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAErD,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAU,CAAC,CAAA;AAO1E,MAAM,OAAO,kBAAkB;IAG7B,YAA4B,IAAuB;
|
|
1
|
+
{"version":3,"file":"identity-permission.js","sourceRoot":"","sources":["../../src/scopes/identity-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAAe,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAErD,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAU,CAAC,CAAA;AAO1E,MAAM,OAAO,kBAAkB;IAG7B,YAA4B,IAAuB;oBAAvB,IAAI;IAAsB,CAAC;IAEvD,OAAO,CAAC,OAAgC;QACtC,OAAO,IAAI,CAAC,IAAI,KAAK,GAAG,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,CAAA;IACxD,CAAC;IAED,QAAQ;QACN,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC/C,CAAC;aAEyB,WAAM,GAAG,IAAI,MAAM,CAC3C,UAAU,EACV;QACE,IAAI,EAAE;YACJ,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,oBAAoB,CAAC,mBAAmB,CAAC;SACpD;KACF,EACD,MAAM,CACP,CAAA;IAED,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,UAAU,CAAC;YAAE,OAAO,IAAI,CAAA;QACrD,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,kBAAkB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC9C,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA+B;QAC/C,MAAM,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QACtD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC5C,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAAgC;QACpD,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAClD,CAAC;CACF","sourcesContent":["import { Parser } from '../lib/parser.js'\nimport { ResourcePermission } from '../lib/resource-permission.js'\nimport { ScopeStringSyntax } from '../lib/syntax-string.js'\nimport { ScopeSyntax, isScopeStringFor } from '../lib/syntax.js'\nimport { knownValuesValidator } from '../lib/util.js'\n\nexport const IDENTITY_ATTRIBUTES = Object.freeze(['handle', '*'] as const)\nexport type IdentityAttribute = (typeof IDENTITY_ATTRIBUTES)[number]\n\nexport type IdentityPermissionMatch = {\n attr: IdentityAttribute\n}\n\nexport class IdentityPermission\n implements ResourcePermission<'identity', IdentityPermissionMatch>\n{\n constructor(public readonly attr: IdentityAttribute) {}\n\n matches(options: IdentityPermissionMatch) {\n return this.attr === '*' || this.attr === options.attr\n }\n\n toString() {\n return IdentityPermission.parser.format(this)\n }\n\n protected static readonly parser = new Parser(\n 'identity',\n {\n attr: {\n multiple: false,\n required: true,\n validate: knownValuesValidator(IDENTITY_ATTRIBUTES),\n },\n },\n 'attr',\n )\n\n static fromString(scope: string) {\n if (!isScopeStringFor(scope, 'identity')) return null\n const syntax = ScopeStringSyntax.fromString(scope)\n return IdentityPermission.fromSyntax(syntax)\n }\n\n static fromSyntax(syntax: ScopeSyntax<'identity'>) {\n const result = IdentityPermission.parser.parse(syntax)\n if (!result) return null\n return new IdentityPermission(result.attr)\n }\n\n static scopeNeededFor(options: IdentityPermissionMatch): string {\n return IdentityPermission.parser.format(options)\n }\n}\n"]}
|
|
@@ -1,10 +1,9 @@
|
|
|
1
|
-
import { AtprotoAudience } from '@atproto/did';
|
|
2
1
|
import { LexiconPermission, LexiconPermissionSet } from '../lib/lexicon.js';
|
|
3
2
|
import { Nsid, isNsid } from '../lib/nsid.js';
|
|
4
3
|
import { Parser } from '../lib/parser.js';
|
|
5
4
|
import { ScopeStringFor, ScopeSyntax } from '../lib/syntax.js';
|
|
6
5
|
import { RepoPermission } from './repo-permission.js';
|
|
7
|
-
import { RpcPermission } from './rpc-permission.js';
|
|
6
|
+
import { AtprotoDidRefAbsolute, RpcPermission, isAtprotoDidRefAbsolute } from './rpc-permission.js';
|
|
8
7
|
export { type LexiconPermission, type LexiconPermissionSet, type Nsid, isNsid };
|
|
9
8
|
/**
|
|
10
9
|
* This is used to handle "include:" oauth scope values, used to include
|
|
@@ -13,8 +12,8 @@ export { type LexiconPermission, type LexiconPermissionSet, type Nsid, isNsid };
|
|
|
13
12
|
*/
|
|
14
13
|
export declare class IncludeScope {
|
|
15
14
|
readonly nsid: Nsid;
|
|
16
|
-
readonly aud: undefined |
|
|
17
|
-
constructor(nsid: Nsid, aud?: undefined |
|
|
15
|
+
readonly aud: undefined | AtprotoDidRefAbsolute;
|
|
16
|
+
constructor(nsid: Nsid, aud?: undefined | AtprotoDidRefAbsolute);
|
|
18
17
|
toString(): ScopeStringFor<"include">;
|
|
19
18
|
toPermissions(permissionSet: LexiconPermissionSet): Array<RepoPermission | RpcPermission>;
|
|
20
19
|
toScopes(permissionSet: LexiconPermissionSet): Array<ScopeStringFor<'repo' | 'rpc'>>;
|
|
@@ -46,7 +45,7 @@ export declare class IncludeScope {
|
|
|
46
45
|
aud: {
|
|
47
46
|
multiple: false;
|
|
48
47
|
required: false;
|
|
49
|
-
validate:
|
|
48
|
+
validate: typeof isAtprotoDidRefAbsolute;
|
|
50
49
|
};
|
|
51
50
|
}>;
|
|
52
51
|
static fromString(scope: string): IncludeScope | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"include-scope.d.ts","sourceRoot":"","sources":["../../src/scopes/include-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"include-scope.d.ts","sourceRoot":"","sources":["../../src/scopes/include-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AAC3E,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAGzC,OAAO,EACL,cAAc,EACd,WAAW,EAGZ,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EACL,qBAAqB,EACrB,aAAa,EACb,uBAAuB,EACxB,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EAAE,KAAK,iBAAiB,EAAE,KAAK,oBAAoB,EAAE,KAAK,IAAI,EAAE,MAAM,EAAE,CAAA;AAE/E;;;;GAIG;AACH,qBAAa,YAAY;aAEL,IAAI,EAAE,IAAI;aACV,GAAG,EAAE,SAAS,GAAG,qBAAqB;IAFxD,YACkB,IAAI,EAAE,IAAI,EACV,GAAG,GAAE,SAAS,GAAG,qBAAiC,EAChE;IAEJ,QAAQ,8BAEP;IAED,aAAa,CACX,aAAa,EAAE,oBAAoB,GAClC,KAAK,CAAC,cAAc,GAAG,aAAa,CAAC,CAEvC;IAED,QAAQ,CACN,aAAa,EAAE,oBAAoB,GAClC,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,KAAK,CAAC,CAAC,CAEvC;IAED;;;OAGG;IACF,gBAAgB,CACf,aAAa,EAAE,oBAAoB,GAClC,SAAS,CAAC,cAAc,GAAG,aAAa,EAAE,IAAI,EAAE,OAAO,CAAC,CAY1D;IAED,SAAS,CAAC,kBAAkB,CAC1B,UAAU,EAAE,iBAAiB,GAC5B,WAAW,CAAC,MAAM,GAAG,KAAK,CAAC,GAAG,IAAI,CAgCpC;IAED;;;;;OAKG;IACH,SAAS,CAAC,mBAAmB,CAC3B,UAAU,EAAE,aAAa,GAAG,cAAc,GACzC,OAAO,CAUT;IAED;;;;OAIG;IACI,mBAAmB,CAAC,SAAS,EAAE,GAAG,GAAG,IAAI,WA8B/C;IAED,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;;;;;;;;;;;OAe/B;IAED,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,uBAI9B;IAED,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,SAAS,CAAC,uBAI/C;CACF"}
|
|
@@ -1,11 +1,10 @@
|
|
|
1
|
-
import { isAtprotoAudience } from '@atproto/did';
|
|
2
1
|
import { isNsid } from '../lib/nsid.js';
|
|
3
2
|
import { Parser } from '../lib/parser.js';
|
|
4
3
|
import { LexPermissionSyntax } from '../lib/syntax-lexicon.js';
|
|
5
4
|
import { ScopeStringSyntax } from '../lib/syntax-string.js';
|
|
6
5
|
import { isScopeStringFor, isScopeSyntaxFor, } from '../lib/syntax.js';
|
|
7
6
|
import { RepoPermission } from './repo-permission.js';
|
|
8
|
-
import { RpcPermission } from './rpc-permission.js';
|
|
7
|
+
import { RpcPermission, isAtprotoDidRefAbsolute, } from './rpc-permission.js';
|
|
9
8
|
export { isNsid };
|
|
10
9
|
/**
|
|
11
10
|
* This is used to handle "include:" oauth scope values, used to include
|
|
@@ -123,7 +122,7 @@ export class IncludeScope {
|
|
|
123
122
|
aud: {
|
|
124
123
|
multiple: false,
|
|
125
124
|
required: false,
|
|
126
|
-
validate:
|
|
125
|
+
validate: isAtprotoDidRefAbsolute,
|
|
127
126
|
},
|
|
128
127
|
}, 'nsid'); }
|
|
129
128
|
static fromString(scope) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"include-scope.js","sourceRoot":"","sources":["../../src/scopes/include-scope.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAEjE,OAAO,EAAQ,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAGL,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAEnD,OAAO,EAAgE,MAAM,EAAE,CAAA;AAE/E;;;;GAIG;AACH,MAAM,OAAO,YAAY;IACvB,YACkB,IAAU,EACV,MAAmC,SAAS;QAD5C,SAAI,GAAJ,IAAI,CAAM;QACV,QAAG,GAAH,GAAG,CAAyC;IAC3D,CAAC;IAEJ,QAAQ;QACN,OAAO,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IACzC,CAAC;IAED,aAAa,CACX,aAAmC;QAEnC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAA;IACzD,CAAC;IAED,QAAQ,CACN,aAAmC;QAEnC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC9E,CAAC;IAED;;;OAGG;IACH,CAAC,gBAAgB,CACf,aAAmC;QAEnC,KAAK,MAAM,aAAa,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;YACtD,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAA;YACrD,IAAI,CAAC,MAAM;gBAAE,SAAQ;YAErB,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAA;YACvD,IAAI,CAAC,kBAAkB;gBAAE,SAAQ;YAEjC,IAAI,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACjD,MAAM,kBAAkB,CAAA;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAES,kBAAkB,CAC1B,UAA6B;QAE7B,uEAAuE;QACvE,0EAA0E;QAC1E,UAAU;QAEV,IAAI,0BAA0B,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;YACnD,OAAO,IAAI,mBAAmB,CAAC,UAAU,CAAC,CAAA;QAC5C,CAAC;QAED,IAAI,0BAA0B,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC;YAClD,0EAA0E;YAC1E,OAAO;YACP,IAAI,UAAU,CAAC,GAAG,KAAK,SAAS,IAAI,UAAU,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;gBAC3D,OAAO,IAAI,CAAA;YACb,CAAC;YAED,0EAA0E;YAC1E,sEAAsE;YACtE,eAAe;YACf,IACE,UAAU,CAAC,UAAU,KAAK,IAAI;gBAC9B,UAAU,CAAC,GAAG,KAAK,SAAS;gBAC5B,IAAI,CAAC,GAAG,KAAK,SAAS,EACtB,CAAC;gBACD,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,EAAE,GAAG,UAAU,CAAA;gBAC1C,OAAO,IAAI,mBAAmB,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,CAAA;YAC5D,CAAC;YAED,OAAO,IAAI,mBAAmB,CAAC,UAAU,CAAC,CAAA;QAC5C,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;;;;OAKG;IACO,mBAAmB,CAC3B,UAA0C;QAE1C,IAAI,UAAU,YAAY,aAAa,EAAE,CAAC;YACxC,OAAO,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAA;QAC7D,CAAC;QAED,IAAI,UAAU,YAAY,cAAc,EAAE,CAAC;YACzC,OAAO,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAA;QACpE,CAAC;QAED,MAAM,IAAI,SAAS,CAAC,yBAAyB,UAAU,EAAE,CAAC,CAAA;IAC5D,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CAAC,SAAqB;QAC9C,IAAI,SAAS,KAAK,GAAG,EAAE,CAAC;YACtB,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAA;QAE7B,MAAM,cAAc,GAAG,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QAEnD,4EAA4E;QAC5E,sBAAsB;QACtB,IAAI,cAAc,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAA;QACtE,CAAC;QAED,qEAAqE;QACrE,IAAI,cAAc,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAA;QACd,CAAC;QAED,2EAA2E;QAC3E,wEAAwE;QACxE,wBAAwB;QACxB,KAAK,IAAI,CAAC,GAAG,cAAc,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,IAAI,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1D,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;aAEyB,WAAM,GAAG,IAAI,MAAM,CAC3C,SAAS,EACT;QACE,IAAI,EAAE;YACJ,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,MAAM;SACjB;QACD,GAAG,EAAE;YACH,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,iBAAiB;SAC5B;KACF,EACD,MAAM,CACP,CAAA;IAED,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC;YAAE,OAAO,IAAI,CAAA;QACpD,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACxC,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA8B;QAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAChD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,OAAO,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;IAClD,CAAC;;AAGH,SAAS,oBAAoB,CAC3B,MAAmC;IAEnC,IAAI,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;QACrC,OAAO,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC1C,CAAC;IACD,IAAI,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACzC,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,0BAA0B,CAGjC,UAAa,EAAE,IAAO;IACtB,OAAO,UAAU,CAAC,QAAQ,KAAK,IAAI,CAAA;AACrC,CAAC","sourcesContent":["import { AtprotoAudience, isAtprotoAudience } from '@atproto/did'\nimport { LexiconPermission, LexiconPermissionSet } from '../lib/lexicon.js'\nimport { Nsid, isNsid } from '../lib/nsid.js'\nimport { Parser } from '../lib/parser.js'\nimport { LexPermissionSyntax } from '../lib/syntax-lexicon.js'\nimport { ScopeStringSyntax } from '../lib/syntax-string.js'\nimport {\n ScopeStringFor,\n ScopeSyntax,\n isScopeStringFor,\n isScopeSyntaxFor,\n} from '../lib/syntax.js'\nimport { RepoPermission } from './repo-permission.js'\nimport { RpcPermission } from './rpc-permission.js'\n\nexport { type LexiconPermission, type LexiconPermissionSet, type Nsid, isNsid }\n\n/**\n * This is used to handle \"include:\" oauth scope values, used to include\n * permissions from a lexicon defined permission set. Not being a resource\n * permission, it does not implement `Matchable`.\n */\nexport class IncludeScope {\n constructor(\n public readonly nsid: Nsid,\n public readonly aud: undefined | AtprotoAudience = undefined,\n ) {}\n\n toString() {\n return IncludeScope.parser.format(this)\n }\n\n toPermissions(\n permissionSet: LexiconPermissionSet,\n ): Array<RepoPermission | RpcPermission> {\n return Array.from(this.buildPermissions(permissionSet))\n }\n\n toScopes(\n permissionSet: LexiconPermissionSet,\n ): Array<ScopeStringFor<'repo' | 'rpc'>> {\n return Array.from(this.buildPermissions(permissionSet), (p) => p.toString())\n }\n\n /**\n * Converts an \"include:\" to the list of permissions it includes, based on the\n * lexicon defined permission set.\n */\n *buildPermissions(\n permissionSet: LexiconPermissionSet,\n ): Generator<RepoPermission | RpcPermission, void, unknown> {\n for (const lexPermission of permissionSet.permissions) {\n const syntax = this.parseLexPermission(lexPermission)\n if (!syntax) continue\n\n const resourcePermission = toResourcePermission(syntax)\n if (!resourcePermission) continue\n\n if (this.isAllowedPermission(resourcePermission)) {\n yield resourcePermission\n }\n }\n }\n\n protected parseLexPermission(\n permission: LexiconPermission,\n ): ScopeSyntax<'repo' | 'rpc'> | null {\n // This function converts permissions listed in the permission set into\n // their respective ScopeSyntax representations, handling special cases as\n // needed.\n\n if (isLexPermissionForResource(permission, 'repo')) {\n return new LexPermissionSyntax(permission)\n }\n\n if (isLexPermissionForResource(permission, 'rpc')) {\n // \"rpc\" permissions with a defined audience are not allowed in permission\n // sets\n if (permission.aud !== undefined && permission.aud !== '*') {\n return null\n }\n\n // \"rpc\" permissions can \"inherit\" their audience from \"aud\" param defined\n // in the \"include:<nsid>?aud=<audience>\" scope the permission set was\n // loaded from.\n if (\n permission.inheritAud === true &&\n permission.aud === undefined &&\n this.aud !== undefined\n ) {\n const { inheritAud, ...rest } = permission\n return new LexPermissionSyntax({ aud: this.aud, ...rest })\n }\n\n return new LexPermissionSyntax(permission)\n }\n\n return null\n }\n\n /**\n * Verifies that a permission included through a lexicon permission set is\n * allowed in the context of the `include:` scope. This basically checks that\n * the permission is \"under\" the namespace authority of the `include:` scope,\n * and that it only contains \"repo:\", \"rpc:\", or \"blob:\" permissions.\n */\n protected isAllowedPermission(\n permission: RpcPermission | RepoPermission,\n ): boolean {\n if (permission instanceof RpcPermission) {\n return permission.lxm.every(this.isParentAuthorityOf, this)\n }\n\n if (permission instanceof RepoPermission) {\n return permission.collection.every(this.isParentAuthorityOf, this)\n }\n\n throw new TypeError(`Unexpected permission ${permission}`)\n }\n\n /**\n * Verifies that a permission item's nsid is under the same authority as the\n * nsid of the lexicon itself (which is the same as the nsid of the `include:`\n * scope).\n */\n public isParentAuthorityOf(otherNsid: '*' | Nsid) {\n if (otherNsid === '*') {\n return false\n }\n\n const lexiconNsid = this.nsid\n\n const groupPrefixEnd = lexiconNsid.lastIndexOf('.')\n\n // There should always be a dot, but since this is a security feature, let's\n // be strict about it.\n if (groupPrefixEnd === -1) {\n throw new TypeError('Dot character (\".\") missing from lexicon NSID')\n }\n\n // Make sure that otherNsid is at least as long as the \"group prefix\"\n if (groupPrefixEnd >= otherNsid.length - 1) {\n return false\n }\n\n // Make sure that the \"otherNsid\" starts with the group of the lexiconNsid,\n // up to the dot itself. We check in reverse order as nsids tend to have\n // long common prefixes.\n for (let i = groupPrefixEnd; i >= 0; i--) {\n if (lexiconNsid.charCodeAt(i) !== otherNsid.charCodeAt(i)) {\n return false\n }\n }\n\n return true\n }\n\n protected static readonly parser = new Parser(\n 'include',\n {\n nsid: {\n multiple: false,\n required: true,\n validate: isNsid,\n },\n aud: {\n multiple: false,\n required: false,\n validate: isAtprotoAudience,\n },\n },\n 'nsid',\n )\n\n static fromString(scope: string) {\n if (!isScopeStringFor(scope, 'include')) return null\n const syntax = ScopeStringSyntax.fromString(scope)\n return IncludeScope.fromSyntax(syntax)\n }\n\n static fromSyntax(syntax: ScopeSyntax<'include'>) {\n const result = IncludeScope.parser.parse(syntax)\n if (!result) return null\n return new IncludeScope(result.nsid, result.aud)\n }\n}\n\nfunction toResourcePermission(\n syntax: ScopeSyntax<'repo' | 'rpc'>,\n): RepoPermission | RpcPermission | null {\n if (isScopeSyntaxFor(syntax, 'repo')) {\n return RepoPermission.fromSyntax(syntax)\n }\n if (isScopeSyntaxFor(syntax, 'rpc')) {\n return RpcPermission.fromSyntax(syntax)\n }\n return null\n}\n\nfunction isLexPermissionForResource<\n P extends { resource: unknown },\n T extends string,\n>(permission: P, type: T): permission is P & { resource: T } {\n return permission.resource === type\n}\n"]}
|
|
1
|
+
{"version":3,"file":"include-scope.js","sourceRoot":"","sources":["../../src/scopes/include-scope.ts"],"names":[],"mappings":"AACA,OAAO,EAAQ,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAGL,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAEL,aAAa,EACb,uBAAuB,GACxB,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EAAgE,MAAM,EAAE,CAAA;AAE/E;;;;GAIG;AACH,MAAM,OAAO,YAAY;IACvB,YACkB,IAAU,EACV,GAAG,GAAsC,SAAS;oBADlD,IAAI;mBACJ,GAAG;IAClB,CAAC;IAEJ,QAAQ;QACN,OAAO,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IACzC,CAAC;IAED,aAAa,CACX,aAAmC;QAEnC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAA;IACzD,CAAC;IAED,QAAQ,CACN,aAAmC;QAEnC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC9E,CAAC;IAED;;;OAGG;IACH,CAAC,gBAAgB,CACf,aAAmC;QAEnC,KAAK,MAAM,aAAa,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;YACtD,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAA;YACrD,IAAI,CAAC,MAAM;gBAAE,SAAQ;YAErB,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAA;YACvD,IAAI,CAAC,kBAAkB;gBAAE,SAAQ;YAEjC,IAAI,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACjD,MAAM,kBAAkB,CAAA;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAES,kBAAkB,CAC1B,UAA6B;QAE7B,uEAAuE;QACvE,0EAA0E;QAC1E,UAAU;QAEV,IAAI,0BAA0B,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;YACnD,OAAO,IAAI,mBAAmB,CAAC,UAAU,CAAC,CAAA;QAC5C,CAAC;QAED,IAAI,0BAA0B,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC;YAClD,0EAA0E;YAC1E,OAAO;YACP,IAAI,UAAU,CAAC,GAAG,KAAK,SAAS,IAAI,UAAU,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;gBAC3D,OAAO,IAAI,CAAA;YACb,CAAC;YAED,0EAA0E;YAC1E,sEAAsE;YACtE,eAAe;YACf,IACE,UAAU,CAAC,UAAU,KAAK,IAAI;gBAC9B,UAAU,CAAC,GAAG,KAAK,SAAS;gBAC5B,IAAI,CAAC,GAAG,KAAK,SAAS,EACtB,CAAC;gBACD,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,EAAE,GAAG,UAAU,CAAA;gBAC1C,OAAO,IAAI,mBAAmB,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,CAAA;YAC5D,CAAC;YAED,OAAO,IAAI,mBAAmB,CAAC,UAAU,CAAC,CAAA;QAC5C,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;;;;OAKG;IACO,mBAAmB,CAC3B,UAA0C;QAE1C,IAAI,UAAU,YAAY,aAAa,EAAE,CAAC;YACxC,OAAO,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAA;QAC7D,CAAC;QAED,IAAI,UAAU,YAAY,cAAc,EAAE,CAAC;YACzC,OAAO,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAA;QACpE,CAAC;QAED,MAAM,IAAI,SAAS,CAAC,yBAAyB,UAAU,EAAE,CAAC,CAAA;IAC5D,CAAC;IAED;;;;OAIG;IACI,mBAAmB,CAAC,SAAqB;QAC9C,IAAI,SAAS,KAAK,GAAG,EAAE,CAAC;YACtB,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAA;QAE7B,MAAM,cAAc,GAAG,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;QAEnD,4EAA4E;QAC5E,sBAAsB;QACtB,IAAI,cAAc,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAA;QACtE,CAAC;QAED,qEAAqE;QACrE,IAAI,cAAc,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAA;QACd,CAAC;QAED,2EAA2E;QAC3E,wEAAwE;QACxE,wBAAwB;QACxB,KAAK,IAAI,CAAC,GAAG,cAAc,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,IAAI,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1D,OAAO,KAAK,CAAA;YACd,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;aAEyB,WAAM,GAAG,IAAI,MAAM,CAC3C,SAAS,EACT;QACE,IAAI,EAAE;YACJ,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,MAAM;SACjB;QACD,GAAG,EAAE;YACH,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,uBAAuB;SAClC;KACF,EACD,MAAM,CACP,CAAA;IAED,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC;YAAE,OAAO,IAAI,CAAA;QACpD,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,YAAY,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACxC,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA8B;QAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAChD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,OAAO,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;IAClD,CAAC;CACF;AAED,SAAS,oBAAoB,CAC3B,MAAmC;IAEnC,IAAI,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;QACrC,OAAO,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC1C,CAAC;IACD,IAAI,gBAAgB,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACzC,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,0BAA0B,CAGjC,UAAa,EAAE,IAAO;IACtB,OAAO,UAAU,CAAC,QAAQ,KAAK,IAAI,CAAA;AACrC,CAAC","sourcesContent":["import { LexiconPermission, LexiconPermissionSet } from '../lib/lexicon.js'\nimport { Nsid, isNsid } from '../lib/nsid.js'\nimport { Parser } from '../lib/parser.js'\nimport { LexPermissionSyntax } from '../lib/syntax-lexicon.js'\nimport { ScopeStringSyntax } from '../lib/syntax-string.js'\nimport {\n ScopeStringFor,\n ScopeSyntax,\n isScopeStringFor,\n isScopeSyntaxFor,\n} from '../lib/syntax.js'\nimport { RepoPermission } from './repo-permission.js'\nimport {\n AtprotoDidRefAbsolute,\n RpcPermission,\n isAtprotoDidRefAbsolute,\n} from './rpc-permission.js'\n\nexport { type LexiconPermission, type LexiconPermissionSet, type Nsid, isNsid }\n\n/**\n * This is used to handle \"include:\" oauth scope values, used to include\n * permissions from a lexicon defined permission set. Not being a resource\n * permission, it does not implement `Matchable`.\n */\nexport class IncludeScope {\n constructor(\n public readonly nsid: Nsid,\n public readonly aud: undefined | AtprotoDidRefAbsolute = undefined,\n ) {}\n\n toString() {\n return IncludeScope.parser.format(this)\n }\n\n toPermissions(\n permissionSet: LexiconPermissionSet,\n ): Array<RepoPermission | RpcPermission> {\n return Array.from(this.buildPermissions(permissionSet))\n }\n\n toScopes(\n permissionSet: LexiconPermissionSet,\n ): Array<ScopeStringFor<'repo' | 'rpc'>> {\n return Array.from(this.buildPermissions(permissionSet), (p) => p.toString())\n }\n\n /**\n * Converts an \"include:\" to the list of permissions it includes, based on the\n * lexicon defined permission set.\n */\n *buildPermissions(\n permissionSet: LexiconPermissionSet,\n ): Generator<RepoPermission | RpcPermission, void, unknown> {\n for (const lexPermission of permissionSet.permissions) {\n const syntax = this.parseLexPermission(lexPermission)\n if (!syntax) continue\n\n const resourcePermission = toResourcePermission(syntax)\n if (!resourcePermission) continue\n\n if (this.isAllowedPermission(resourcePermission)) {\n yield resourcePermission\n }\n }\n }\n\n protected parseLexPermission(\n permission: LexiconPermission,\n ): ScopeSyntax<'repo' | 'rpc'> | null {\n // This function converts permissions listed in the permission set into\n // their respective ScopeSyntax representations, handling special cases as\n // needed.\n\n if (isLexPermissionForResource(permission, 'repo')) {\n return new LexPermissionSyntax(permission)\n }\n\n if (isLexPermissionForResource(permission, 'rpc')) {\n // \"rpc\" permissions with a defined audience are not allowed in permission\n // sets\n if (permission.aud !== undefined && permission.aud !== '*') {\n return null\n }\n\n // \"rpc\" permissions can \"inherit\" their audience from \"aud\" param defined\n // in the \"include:<nsid>?aud=<audience>\" scope the permission set was\n // loaded from.\n if (\n permission.inheritAud === true &&\n permission.aud === undefined &&\n this.aud !== undefined\n ) {\n const { inheritAud, ...rest } = permission\n return new LexPermissionSyntax({ aud: this.aud, ...rest })\n }\n\n return new LexPermissionSyntax(permission)\n }\n\n return null\n }\n\n /**\n * Verifies that a permission included through a lexicon permission set is\n * allowed in the context of the `include:` scope. This basically checks that\n * the permission is \"under\" the namespace authority of the `include:` scope,\n * and that it only contains \"repo:\", \"rpc:\", or \"blob:\" permissions.\n */\n protected isAllowedPermission(\n permission: RpcPermission | RepoPermission,\n ): boolean {\n if (permission instanceof RpcPermission) {\n return permission.lxm.every(this.isParentAuthorityOf, this)\n }\n\n if (permission instanceof RepoPermission) {\n return permission.collection.every(this.isParentAuthorityOf, this)\n }\n\n throw new TypeError(`Unexpected permission ${permission}`)\n }\n\n /**\n * Verifies that a permission item's nsid is under the same authority as the\n * nsid of the lexicon itself (which is the same as the nsid of the `include:`\n * scope).\n */\n public isParentAuthorityOf(otherNsid: '*' | Nsid) {\n if (otherNsid === '*') {\n return false\n }\n\n const lexiconNsid = this.nsid\n\n const groupPrefixEnd = lexiconNsid.lastIndexOf('.')\n\n // There should always be a dot, but since this is a security feature, let's\n // be strict about it.\n if (groupPrefixEnd === -1) {\n throw new TypeError('Dot character (\".\") missing from lexicon NSID')\n }\n\n // Make sure that otherNsid is at least as long as the \"group prefix\"\n if (groupPrefixEnd >= otherNsid.length - 1) {\n return false\n }\n\n // Make sure that the \"otherNsid\" starts with the group of the lexiconNsid,\n // up to the dot itself. We check in reverse order as nsids tend to have\n // long common prefixes.\n for (let i = groupPrefixEnd; i >= 0; i--) {\n if (lexiconNsid.charCodeAt(i) !== otherNsid.charCodeAt(i)) {\n return false\n }\n }\n\n return true\n }\n\n protected static readonly parser = new Parser(\n 'include',\n {\n nsid: {\n multiple: false,\n required: true,\n validate: isNsid,\n },\n aud: {\n multiple: false,\n required: false,\n validate: isAtprotoDidRefAbsolute,\n },\n },\n 'nsid',\n )\n\n static fromString(scope: string) {\n if (!isScopeStringFor(scope, 'include')) return null\n const syntax = ScopeStringSyntax.fromString(scope)\n return IncludeScope.fromSyntax(syntax)\n }\n\n static fromSyntax(syntax: ScopeSyntax<'include'>) {\n const result = IncludeScope.parser.parse(syntax)\n if (!result) return null\n return new IncludeScope(result.nsid, result.aud)\n }\n}\n\nfunction toResourcePermission(\n syntax: ScopeSyntax<'repo' | 'rpc'>,\n): RepoPermission | RpcPermission | null {\n if (isScopeSyntaxFor(syntax, 'repo')) {\n return RepoPermission.fromSyntax(syntax)\n }\n if (isScopeSyntaxFor(syntax, 'rpc')) {\n return RpcPermission.fromSyntax(syntax)\n }\n return null\n}\n\nfunction isLexPermissionForResource<\n P extends { resource: unknown },\n T extends string,\n>(permission: P, type: T): permission is P & { resource: T } {\n return permission.resource === type\n}\n"]}
|
|
@@ -5,7 +5,7 @@ import { NeArray, NeRoArray, ScopeSyntax } from '../lib/syntax.js';
|
|
|
5
5
|
export { type Nsid, isNsid };
|
|
6
6
|
export declare const REPO_ACTIONS: readonly ["create", "update", "delete"];
|
|
7
7
|
export type RepoAction = (typeof REPO_ACTIONS)[number];
|
|
8
|
-
export declare const isRepoAction: (value: unknown) => value is "
|
|
8
|
+
export declare const isRepoAction: (value: unknown) => value is "create" | "delete" | "update";
|
|
9
9
|
export type CollectionParam = '*' | Nsid;
|
|
10
10
|
export declare const isCollectionParam: (value: unknown) => value is CollectionParam;
|
|
11
11
|
export type RepoPermissionMatch = {
|
|
@@ -23,14 +23,14 @@ export declare class RepoPermission implements ResourcePermission<'repo', RepoPe
|
|
|
23
23
|
multiple: true;
|
|
24
24
|
required: true;
|
|
25
25
|
validate: (value: unknown) => value is CollectionParam;
|
|
26
|
-
normalize: (value: NeRoArray<import("../lib/syntax.js").ParamValue>) =>
|
|
26
|
+
normalize: (value: NeRoArray<import("../lib/syntax.js").ParamValue>) => NeArray<`${string}.${string}.${string}`> | ["*" | `${string}.${string}.${string}`] | readonly ["*"];
|
|
27
27
|
};
|
|
28
28
|
action: {
|
|
29
29
|
multiple: true;
|
|
30
30
|
required: false;
|
|
31
|
-
validate: (value: unknown) => value is "
|
|
31
|
+
validate: (value: unknown) => value is "create" | "delete" | "update";
|
|
32
32
|
default: readonly ["create", "update", "delete"];
|
|
33
|
-
normalize: (value: NeRoArray<import("../lib/syntax.js").ParamValue>) =>
|
|
33
|
+
normalize: (value: NeRoArray<import("../lib/syntax.js").ParamValue>) => NeArray<"create" | "delete" | "update"> | readonly ["create", "update", "delete"];
|
|
34
34
|
};
|
|
35
35
|
}>;
|
|
36
36
|
static fromString(scope: string): RepoPermission | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"repo-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/repo-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EACL,OAAO,EACP,SAAS,EACT,WAAW,EAEZ,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EAAE,KAAK,IAAI,EAAE,MAAM,EAAE,CAAA;AAE5B,eAAO,MAAM,YAAY,yCAId,CAAA;AACX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,CAAC,CAAA;AACtD,eAAO,MAAM,YAAY,6DAAqC,CAAA;AAE9D,MAAM,MAAM,eAAe,GAAG,GAAG,GAAG,IAAI,CAAA;AACxC,eAAO,MAAM,iBAAiB,
|
|
1
|
+
{"version":3,"file":"repo-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/repo-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EACL,OAAO,EACP,SAAS,EACT,WAAW,EAEZ,MAAM,kBAAkB,CAAA;AAGzB,OAAO,EAAE,KAAK,IAAI,EAAE,MAAM,EAAE,CAAA;AAE5B,eAAO,MAAM,YAAY,yCAId,CAAA;AACX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,CAAC,CAAA;AACtD,eAAO,MAAM,YAAY,6DAAqC,CAAA;AAE9D,MAAM,MAAM,eAAe,GAAG,GAAG,GAAG,IAAI,CAAA;AACxC,eAAO,MAAM,iBAAiB,UAAW,OAAO,KAAG,KAAK,IAAI,eAC5B,CAAA;AAEhC,MAAM,MAAM,mBAAmB,GAAG;IAChC,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,UAAU,CAAA;CACnB,CAAA;AAED,qBAAa,cACX,YAAW,kBAAkB,CAAC,MAAM,EAAE,mBAAmB,CAAC;aAGxC,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC;aACjC,MAAM,EAAE,SAAS,CAAC,UAAU,CAAC;IAF/C,YACkB,UAAU,EAAE,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,EACjC,MAAM,EAAE,SAAS,CAAC,UAAU,CAAC,EAC3C;IAEJ,OAAO,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,mBAAmB,WAMlD;IAED,QAAQ,sDAEP;IAED,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;;;;8BA5BO,OAAO,KAAG,KAAK,IAAI,eAAe;;;;;;;;;;OAwDxE;IAED,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAItD;IAED,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,cAAc,GAAG,IAAI,CAKpE;IAED,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,mBAAmB,GAAG,MAAM,CAK1D;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"repo-permission.js","sourceRoot":"","sources":["../../src/scopes/repo-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAIL,gBAAgB,GACjB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAErD,OAAO,EAAa,MAAM,EAAE,CAAA;AAE5B,MAAM,CAAC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;IACxC,QAAQ;IACR,QAAQ;IACR,QAAQ;CACA,CAAC,CAAA;AAEX,MAAM,CAAC,MAAM,YAAY,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAA;AAG9D,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,KAAc,EAA4B,EAAE,CAC5E,KAAK,KAAK,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAA;AAOhC,MAAM,OAAO,cAAc;IAGzB,YACkB,UAAiC,EACjC,MAA6B;
|
|
1
|
+
{"version":3,"file":"repo-permission.js","sourceRoot":"","sources":["../../src/scopes/repo-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAIL,gBAAgB,GACjB,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAErD,OAAO,EAAa,MAAM,EAAE,CAAA;AAE5B,MAAM,CAAC,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;IACxC,QAAQ;IACR,QAAQ;IACR,QAAQ;CACA,CAAC,CAAA;AAEX,MAAM,CAAC,MAAM,YAAY,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAA;AAG9D,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,KAAc,EAA4B,EAAE,CAC5E,KAAK,KAAK,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAA;AAOhC,MAAM,OAAO,cAAc;IAGzB,YACkB,UAAiC,EACjC,MAA6B;0BAD7B,UAAU;sBACV,MAAM;IACrB,CAAC;IAEJ,OAAO,CAAC,EAAE,MAAM,EAAE,UAAU,EAAuB;QACjD,OAAO,CACL,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC5B,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC3B,IAAI,CAAC,UAAgC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAC/D,CAAA;IACH,CAAC;IAED,QAAQ;QACN,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC3C,CAAC;aAEyB,WAAM,GAAG,IAAI,MAAM,CAC3C,MAAM,EACN;QACE,UAAU,EAAE;YACV,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,iBAAiB;YAC3B,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;gBACnB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;wBAAE,OAAO,CAAC,GAAG,CAAU,CAAA;oBAC9C,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAmB,CAAA;gBACpD,CAAC;gBACD,OAAO,KAAqB,CAAA;YAC9B,CAAC;SACF;QACD,MAAM,EAAE;YACN,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,YAAY;YACtB,OAAO,EAAE,YAAY;YACrB,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;gBACnB,OAAO,KAAK,KAAK,YAAY;oBAC3B,CAAC,CAAC,YAAY,CAAC,4CAA4C;oBAC3D,CAAC,CAAE,YAAY,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAyB,CAAA;YACrE,CAAC;SACF;KACF,EACD,YAAY,CACb,CAAA;IAED,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC;YAAE,OAAO,IAAI,CAAA;QACjD,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IAC1C,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA2B;QAC3C,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;IAC7D,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAA4B;QAChD,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC;YAClC,UAAU,EAAE,CAAC,OAAO,CAAC,UAAwB,CAAC;YAC9C,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;SACzB,CAAC,CAAA;IACJ,CAAC;CACF;AAED;;;;;GAKG;AACH,SAAS,UAAU,CAAwB,KAAQ;IACjD,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AAC7B,CAAC","sourcesContent":["import { Nsid, isNsid } from '../lib/nsid.js'\nimport { Parser } from '../lib/parser.js'\nimport { ResourcePermission } from '../lib/resource-permission.js'\nimport { ScopeStringSyntax } from '../lib/syntax-string.js'\nimport {\n NeArray,\n NeRoArray,\n ScopeSyntax,\n isScopeStringFor,\n} from '../lib/syntax.js'\nimport { knownValuesValidator } from '../lib/util.js'\n\nexport { type Nsid, isNsid }\n\nexport const REPO_ACTIONS = Object.freeze([\n 'create',\n 'update',\n 'delete',\n] as const)\nexport type RepoAction = (typeof REPO_ACTIONS)[number]\nexport const isRepoAction = knownValuesValidator(REPO_ACTIONS)\n\nexport type CollectionParam = '*' | Nsid\nexport const isCollectionParam = (value: unknown): value is CollectionParam =>\n value === '*' || isNsid(value)\n\nexport type RepoPermissionMatch = {\n collection: string\n action: RepoAction\n}\n\nexport class RepoPermission\n implements ResourcePermission<'repo', RepoPermissionMatch>\n{\n constructor(\n public readonly collection: NeRoArray<'*' | Nsid>,\n public readonly action: NeRoArray<RepoAction>,\n ) {}\n\n matches({ action, collection }: RepoPermissionMatch) {\n return (\n this.action.includes(action) &&\n (this.collection.includes('*') ||\n (this.collection as readonly string[]).includes(collection))\n )\n }\n\n toString() {\n return RepoPermission.parser.format(this)\n }\n\n protected static readonly parser = new Parser(\n 'repo',\n {\n collection: {\n multiple: true,\n required: true,\n validate: isCollectionParam,\n normalize: (value) => {\n if (value.length > 1) {\n if (value.includes('*')) return ['*'] as const\n return [...new Set(value)].sort() as NeArray<Nsid>\n }\n return value as ['*' | Nsid]\n },\n },\n action: {\n multiple: true,\n required: false,\n validate: isRepoAction,\n default: REPO_ACTIONS,\n normalize: (value) => {\n return value === REPO_ACTIONS\n ? REPO_ACTIONS // No need to filter if the default was used\n : (REPO_ACTIONS.filter(includedIn, value) as NeArray<RepoAction>)\n },\n },\n },\n 'collection',\n )\n\n static fromString(scope: string): RepoPermission | null {\n if (!isScopeStringFor(scope, 'repo')) return null\n const syntax = ScopeStringSyntax.fromString(scope)\n return RepoPermission.fromSyntax(syntax)\n }\n\n static fromSyntax(syntax: ScopeSyntax<'repo'>): RepoPermission | null {\n const result = RepoPermission.parser.parse(syntax)\n if (!result) return null\n\n return new RepoPermission(result.collection, result.action)\n }\n\n static scopeNeededFor(options: RepoPermissionMatch): string {\n return RepoPermission.parser.format({\n collection: [options.collection as '*' | Nsid],\n action: [options.action],\n })\n }\n}\n\n/**\n * Special utility function to be used as predicate for array methods like\n * `Array.prototype.includes`, etc. When used as predicate, it expects that\n * the array method is called with a `thisArg` that is a readonly array of\n * the same type as the `value` parameter.\n */\nfunction includedIn<T>(this: readonly T[], value: T): boolean {\n return this.includes(value)\n}\n"]}
|
|
@@ -1,21 +1,21 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AtprotoDidRefAbsolute, isAtprotoDidRefAbsolute } from '@atproto/did';
|
|
2
2
|
import { Nsid, isNsid } from '../lib/nsid.js';
|
|
3
3
|
import { Parser } from '../lib/parser.js';
|
|
4
4
|
import { ResourcePermission } from '../lib/resource-permission.js';
|
|
5
5
|
import { NeRoArray, ScopeSyntax } from '../lib/syntax.js';
|
|
6
|
-
export { type
|
|
6
|
+
export { type AtprotoDidRefAbsolute, type Nsid, isAtprotoDidRefAbsolute, isNsid, };
|
|
7
7
|
export type LxmParam = '*' | Nsid;
|
|
8
8
|
export declare const isLxmParam: (value: unknown) => value is LxmParam;
|
|
9
|
-
export type AudParam = '*' |
|
|
9
|
+
export type AudParam = '*' | AtprotoDidRefAbsolute;
|
|
10
10
|
export declare const isAudParam: (value: unknown) => value is AudParam;
|
|
11
11
|
export type RpcPermissionMatch = {
|
|
12
12
|
lxm: string;
|
|
13
13
|
aud: string;
|
|
14
14
|
};
|
|
15
15
|
export declare class RpcPermission implements ResourcePermission<'rpc', RpcPermissionMatch> {
|
|
16
|
-
readonly aud:
|
|
17
|
-
readonly lxm: NeRoArray<
|
|
18
|
-
constructor(aud:
|
|
16
|
+
readonly aud: AudParam;
|
|
17
|
+
readonly lxm: NeRoArray<LxmParam>;
|
|
18
|
+
constructor(aud: AudParam, lxm: NeRoArray<LxmParam>);
|
|
19
19
|
matches(options: RpcPermissionMatch): boolean;
|
|
20
20
|
toString(): import("../lib/syntax.js").ScopeStringFor<"rpc">;
|
|
21
21
|
protected static readonly parser: Parser<"rpc", {
|
|
@@ -23,7 +23,7 @@ export declare class RpcPermission implements ResourcePermission<'rpc', RpcPermi
|
|
|
23
23
|
multiple: true;
|
|
24
24
|
required: true;
|
|
25
25
|
validate: (value: unknown) => value is LxmParam;
|
|
26
|
-
normalize: (value: NeRoArray<import("../lib/syntax.js").ParamValue>) =>
|
|
26
|
+
normalize: (value: NeRoArray<import("../lib/syntax.js").ParamValue>) => [`${string}.${string}.${string}`, ...`${string}.${string}.${string}`[]] | readonly ["*"];
|
|
27
27
|
};
|
|
28
28
|
aud: {
|
|
29
29
|
multiple: false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rpc-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/rpc-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"rpc-permission.d.ts","sourceRoot":"","sources":["../../src/scopes/rpc-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAA;AAC7E,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAA;AAElE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAoB,MAAM,kBAAkB,CAAA;AAE3E,OAAO,EACL,KAAK,qBAAqB,EAC1B,KAAK,IAAI,EACT,uBAAuB,EACvB,MAAM,GACP,CAAA;AAED,MAAM,MAAM,QAAQ,GAAG,GAAG,GAAG,IAAI,CAAA;AACjC,eAAO,MAAM,UAAU,UAAW,OAAO,KAAG,KAAK,IAAI,QACrB,CAAA;AAChC,MAAM,MAAM,QAAQ,GAAG,GAAG,GAAG,qBAAqB,CAAA;AAClD,eAAO,MAAM,UAAU,UAAW,OAAO,KAAG,KAAK,IAAI,QACJ,CAAA;AAEjD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,qBAAa,aACX,YAAW,kBAAkB,CAAC,KAAK,EAAE,kBAAkB,CAAC;aAGtC,GAAG,EAAE,QAAQ;aACb,GAAG,EAAE,SAAS,CAAC,QAAQ,CAAC;IAF1C,YACkB,GAAG,EAAE,QAAQ,EACb,GAAG,EAAE,SAAS,CAAC,QAAQ,CAAC,EACtC;IAEJ,OAAO,CAAC,OAAO,EAAE,kBAAkB,WAMlC;IAED,QAAQ,qDAEP;IAED,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;;;;8BA/BA,OAAO,KAAG,KAAK,IAAI,QAAQ;;;;;;8BAG3B,OAAO,KAAG,KAAK,IAAI,QAAQ;;OA+C1D;IAED,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAIrD;IAED,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC,GAAG,aAAa,GAAG,IAAI,CAQlE;IAED,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,MAAM,CAKzD;CACF"}
|
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { isAtprotoDidRefAbsolute } from '@atproto/did';
|
|
2
2
|
import { isNsid } from '../lib/nsid.js';
|
|
3
3
|
import { Parser } from '../lib/parser.js';
|
|
4
4
|
import { ScopeStringSyntax } from '../lib/syntax-string.js';
|
|
5
5
|
import { isScopeStringFor } from '../lib/syntax.js';
|
|
6
|
-
export {
|
|
6
|
+
export { isAtprotoDidRefAbsolute, isNsid, };
|
|
7
7
|
export const isLxmParam = (value) => value === '*' || isNsid(value);
|
|
8
|
-
export const isAudParam = (value) => value === '*' ||
|
|
8
|
+
export const isAudParam = (value) => value === '*' || isAtprotoDidRefAbsolute(value);
|
|
9
9
|
export class RpcPermission {
|
|
10
10
|
constructor(aud, lxm) {
|
|
11
11
|
this.aud = aud;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rpc-permission.js","sourceRoot":"","sources":["../../src/scopes/rpc-permission.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"rpc-permission.js","sourceRoot":"","sources":["../../src/scopes/rpc-permission.ts"],"names":[],"mappings":"AAAA,OAAO,EAAyB,uBAAuB,EAAE,MAAM,cAAc,CAAA;AAC7E,OAAO,EAAQ,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAC3D,OAAO,EAA0B,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAE3E,OAAO,EAGL,uBAAuB,EACvB,MAAM,GACP,CAAA;AAGD,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,KAAc,EAAqB,EAAE,CAC9D,KAAK,KAAK,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAA;AAEhC,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,KAAc,EAAqB,EAAE,CAC9D,KAAK,KAAK,GAAG,IAAI,uBAAuB,CAAC,KAAK,CAAC,CAAA;AAOjD,MAAM,OAAO,aAAa;IAGxB,YACkB,GAAa,EACb,GAAwB;mBADxB,GAAG;mBACH,GAAG;IAClB,CAAC;IAEJ,OAAO,CAAC,OAA2B;QACjC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QACzB,OAAO,CACL,CAAC,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC;YACpC,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAK,GAAyB,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CACxE,CAAA;IACH,CAAC;IAED,QAAQ;QACN,OAAO,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAC1C,CAAC;aAEyB,WAAM,GAAG,IAAI,MAAM,CAC3C,KAAK,EACL;QACE,GAAG,EAAE;YACH,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,UAAU;YACpB,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE,CACnB,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACrC,CAAC,CAAE,CAAC,GAAG,CAAW;gBAClB,CAAC,CAAE,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAwB;SACxD;QACD,GAAG,EAAE;YACH,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,UAAU;SACrB;KACF,EACD,KAAK,CACN,CAAA;IAED,MAAM,CAAC,UAAU,CAAC,KAAa;QAC7B,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAChD,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;QAClD,OAAO,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACzC,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,MAA0B;QAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QACjD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QAExB,2BAA2B;QAC3B,IAAI,MAAM,CAAC,GAAG,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;QAE/D,OAAO,IAAI,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;IAClD,CAAC;IAED,MAAM,CAAC,cAAc,CAAC,OAA2B;QAC/C,OAAO,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC;YACjC,GAAG,EAAE,OAAO,CAAC,GAA4B;YACzC,GAAG,EAAE,CAAC,OAAO,CAAC,GAAW,CAAC;SAC3B,CAAC,CAAA;IACJ,CAAC;CACF","sourcesContent":["import { AtprotoDidRefAbsolute, isAtprotoDidRefAbsolute } from '@atproto/did'\nimport { Nsid, isNsid } from '../lib/nsid.js'\nimport { Parser } from '../lib/parser.js'\nimport { ResourcePermission } from '../lib/resource-permission.js'\nimport { ScopeStringSyntax } from '../lib/syntax-string.js'\nimport { NeRoArray, ScopeSyntax, isScopeStringFor } from '../lib/syntax.js'\n\nexport {\n type AtprotoDidRefAbsolute,\n type Nsid,\n isAtprotoDidRefAbsolute,\n isNsid,\n}\n\nexport type LxmParam = '*' | Nsid\nexport const isLxmParam = (value: unknown): value is LxmParam =>\n value === '*' || isNsid(value)\nexport type AudParam = '*' | AtprotoDidRefAbsolute\nexport const isAudParam = (value: unknown): value is AudParam =>\n value === '*' || isAtprotoDidRefAbsolute(value)\n\nexport type RpcPermissionMatch = {\n lxm: string\n aud: string\n}\n\nexport class RpcPermission\n implements ResourcePermission<'rpc', RpcPermissionMatch>\n{\n constructor(\n public readonly aud: AudParam,\n public readonly lxm: NeRoArray<LxmParam>,\n ) {}\n\n matches(options: RpcPermissionMatch) {\n const { aud, lxm } = this\n return (\n (aud === '*' || aud === options.aud) &&\n (lxm.includes('*') || (lxm as readonly string[]).includes(options.lxm))\n )\n }\n\n toString() {\n return RpcPermission.parser.format(this)\n }\n\n protected static readonly parser = new Parser(\n 'rpc',\n {\n lxm: {\n multiple: true,\n required: true,\n validate: isLxmParam,\n normalize: (value) =>\n value.length > 1 && value.includes('*')\n ? (['*'] as const)\n : ([...new Set(value)].sort() as [Nsid, ...Nsid[]]),\n },\n aud: {\n multiple: false,\n required: true,\n validate: isAudParam,\n },\n },\n 'lxm',\n )\n\n static fromString(scope: string): RpcPermission | null {\n if (!isScopeStringFor(scope, 'rpc')) return null\n const syntax = ScopeStringSyntax.fromString(scope)\n return RpcPermission.fromSyntax(syntax)\n }\n\n static fromSyntax(syntax: ScopeSyntax<'rpc'>): RpcPermission | null {\n const result = RpcPermission.parser.parse(syntax)\n if (!result) return null\n\n // rpc:*?aud=* is forbidden\n if (result.aud === '*' && result.lxm.includes('*')) return null\n\n return new RpcPermission(result.aud, result.lxm)\n }\n\n static scopeNeededFor(options: RpcPermissionMatch): string {\n return RpcPermission.parser.format({\n aud: options.aud as AtprotoDidRefAbsolute,\n lxm: [options.lxm as Nsid],\n })\n }\n}\n"]}
|
package/dist/scopes-set.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scopes-set.d.ts","sourceRoot":"","sources":["../src/scopes-set.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AAC5D,OAAO,EAEL,sBAAsB,EACvB,MAAM,gCAAgC,CAAA;AACvC,OAAO,EAEL,mBAAmB,EACpB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAEL,uBAAuB,EACxB,MAAM,iCAAiC,CAAA;AACxC,OAAO,EAEL,mBAAmB,EACpB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAAiB,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAE9E,OAAO,EAAE,iBAAiB,EAAE,CAAA;AAE5B,MAAM,MAAM,8BAA8B,GAAG;IAC3C,OAAO,EAAE,sBAAsB,CAAA;IAC/B,QAAQ,EAAE,uBAAuB,CAAA;IACjC,IAAI,EAAE,mBAAmB,CAAA;IACzB,GAAG,EAAE,kBAAkB,CAAA;IACvB,IAAI,EAAE,mBAAmB,CAAA;CAC1B,CAAA;AAED;;;GAGG;AACH,qBAAa,SAAU,SAAQ,GAAG,CAAC,MAAM,CAAC;IACxC;;;OAGG;IACI,OAAO,CAAC,CAAC,SAAS,MAAM,8BAA8B,EAC3D,QAAQ,EAAE,CAAC,EACX,OAAO,EAAE,8BAA8B,CAAC,CAAC,CAAC,GACzC,OAAO;
|
|
1
|
+
{"version":3,"file":"scopes-set.d.ts","sourceRoot":"","sources":["../src/scopes-set.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AAC5D,OAAO,EAEL,sBAAsB,EACvB,MAAM,gCAAgC,CAAA;AACvC,OAAO,EAEL,mBAAmB,EACpB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAEL,uBAAuB,EACxB,MAAM,iCAAiC,CAAA;AACxC,OAAO,EAEL,mBAAmB,EACpB,MAAM,6BAA6B,CAAA;AACpC,OAAO,EAAiB,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAE9E,OAAO,EAAE,iBAAiB,EAAE,CAAA;AAE5B,MAAM,MAAM,8BAA8B,GAAG;IAC3C,OAAO,EAAE,sBAAsB,CAAA;IAC/B,QAAQ,EAAE,uBAAuB,CAAA;IACjC,IAAI,EAAE,mBAAmB,CAAA;IACzB,GAAG,EAAE,kBAAkB,CAAA;IACvB,IAAI,EAAE,mBAAmB,CAAA;CAC1B,CAAA;AAED;;;GAGG;AACH,qBAAa,SAAU,SAAQ,GAAG,CAAC,MAAM,CAAC;IACxC;;;OAGG;IACI,OAAO,CAAC,CAAC,SAAS,MAAM,8BAA8B,EAC3D,QAAQ,EAAE,CAAC,EACX,OAAO,EAAE,8BAA8B,CAAC,CAAC,CAAC,GACzC,OAAO,CAKT;IAEM,MAAM,CAAC,CAAC,SAAS,MAAM,8BAA8B,EAC1D,QAAQ,EAAE,CAAC,EACX,OAAO,EAAE,8BAA8B,CAAC,CAAC,CAAC,QAM3C;IAEM,IAAI,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAGnD;IAEM,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,GAAG,OAAO,CAGpD;IAEO,MAAM,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,oCAE5C;IAEO,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,CAAC,+BAEtC;IAED,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAE5C;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@atproto/oauth-scopes",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.1",
|
|
4
4
|
"engines": {
|
|
5
5
|
"node": ">=22"
|
|
6
6
|
},
|
|
@@ -26,15 +26,14 @@
|
|
|
26
26
|
}
|
|
27
27
|
},
|
|
28
28
|
"dependencies": {
|
|
29
|
-
"@atproto/did": "^0.
|
|
30
|
-
"@atproto/syntax": "^0.6.
|
|
29
|
+
"@atproto/did": "^0.5.1",
|
|
30
|
+
"@atproto/syntax": "^0.6.2"
|
|
31
31
|
},
|
|
32
32
|
"devDependencies": {
|
|
33
|
-
"jest": "^30.0.0"
|
|
34
|
-
"typescript": "^6.0.3"
|
|
33
|
+
"jest": "^30.0.0"
|
|
35
34
|
},
|
|
36
35
|
"scripts": {
|
|
37
|
-
"build": "
|
|
36
|
+
"build": "tsgo --build tsconfig.build.json",
|
|
38
37
|
"test": "NODE_OPTIONS=--experimental-vm-modules jest"
|
|
39
38
|
}
|
|
40
39
|
}
|
|
@@ -264,4 +264,40 @@ describe('ScopePermissions', () => {
|
|
|
264
264
|
).toBe(false)
|
|
265
265
|
})
|
|
266
266
|
})
|
|
267
|
+
|
|
268
|
+
describe('assertRpc combined-aud', () => {
|
|
269
|
+
it('allows did#serviceId aud when scope grants the same combined form', () => {
|
|
270
|
+
const set = new ScopePermissions(
|
|
271
|
+
'rpc:app.bsky.feed.getFeed?aud=did:web:example.com%23bsky_appview',
|
|
272
|
+
)
|
|
273
|
+
expect(() =>
|
|
274
|
+
set.assertRpc({
|
|
275
|
+
aud: 'did:web:example.com#bsky_appview',
|
|
276
|
+
lxm: 'app.bsky.feed.getFeed',
|
|
277
|
+
}),
|
|
278
|
+
).not.toThrow()
|
|
279
|
+
})
|
|
280
|
+
|
|
281
|
+
it('rejects bare-DID aud when scope grants a combined form', () => {
|
|
282
|
+
const set = new ScopePermissions(
|
|
283
|
+
'rpc:app.bsky.feed.getFeed?aud=did:web:example.com%23bsky_appview',
|
|
284
|
+
)
|
|
285
|
+
expect(() =>
|
|
286
|
+
set.assertRpc({
|
|
287
|
+
aud: 'did:web:example.com',
|
|
288
|
+
lxm: 'app.bsky.feed.getFeed',
|
|
289
|
+
}),
|
|
290
|
+
).toThrow()
|
|
291
|
+
})
|
|
292
|
+
|
|
293
|
+
it('allows wildcard aud against a combined-form match', () => {
|
|
294
|
+
const set = new ScopePermissions('rpc:app.bsky.feed.getFeed?aud=*')
|
|
295
|
+
expect(() =>
|
|
296
|
+
set.assertRpc({
|
|
297
|
+
aud: 'did:web:example.com#bsky_appview',
|
|
298
|
+
lxm: 'app.bsky.feed.getFeed',
|
|
299
|
+
}),
|
|
300
|
+
).not.toThrow()
|
|
301
|
+
})
|
|
302
|
+
})
|
|
267
303
|
})
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { AtprotoAudience, isAtprotoAudience } from '@atproto/did'
|
|
2
1
|
import { LexiconPermission, LexiconPermissionSet } from '../lib/lexicon.js'
|
|
3
2
|
import { Nsid, isNsid } from '../lib/nsid.js'
|
|
4
3
|
import { Parser } from '../lib/parser.js'
|
|
@@ -11,7 +10,11 @@ import {
|
|
|
11
10
|
isScopeSyntaxFor,
|
|
12
11
|
} from '../lib/syntax.js'
|
|
13
12
|
import { RepoPermission } from './repo-permission.js'
|
|
14
|
-
import {
|
|
13
|
+
import {
|
|
14
|
+
AtprotoDidRefAbsolute,
|
|
15
|
+
RpcPermission,
|
|
16
|
+
isAtprotoDidRefAbsolute,
|
|
17
|
+
} from './rpc-permission.js'
|
|
15
18
|
|
|
16
19
|
export { type LexiconPermission, type LexiconPermissionSet, type Nsid, isNsid }
|
|
17
20
|
|
|
@@ -23,7 +26,7 @@ export { type LexiconPermission, type LexiconPermissionSet, type Nsid, isNsid }
|
|
|
23
26
|
export class IncludeScope {
|
|
24
27
|
constructor(
|
|
25
28
|
public readonly nsid: Nsid,
|
|
26
|
-
public readonly aud: undefined |
|
|
29
|
+
public readonly aud: undefined | AtprotoDidRefAbsolute = undefined,
|
|
27
30
|
) {}
|
|
28
31
|
|
|
29
32
|
toString() {
|
|
@@ -166,7 +169,7 @@ export class IncludeScope {
|
|
|
166
169
|
aud: {
|
|
167
170
|
multiple: false,
|
|
168
171
|
required: false,
|
|
169
|
-
validate:
|
|
172
|
+
validate: isAtprotoDidRefAbsolute,
|
|
170
173
|
},
|
|
171
174
|
},
|
|
172
175
|
'nsid',
|
|
@@ -1,18 +1,23 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AtprotoDidRefAbsolute, isAtprotoDidRefAbsolute } from '@atproto/did'
|
|
2
2
|
import { Nsid, isNsid } from '../lib/nsid.js'
|
|
3
3
|
import { Parser } from '../lib/parser.js'
|
|
4
4
|
import { ResourcePermission } from '../lib/resource-permission.js'
|
|
5
5
|
import { ScopeStringSyntax } from '../lib/syntax-string.js'
|
|
6
6
|
import { NeRoArray, ScopeSyntax, isScopeStringFor } from '../lib/syntax.js'
|
|
7
7
|
|
|
8
|
-
export {
|
|
8
|
+
export {
|
|
9
|
+
type AtprotoDidRefAbsolute,
|
|
10
|
+
type Nsid,
|
|
11
|
+
isAtprotoDidRefAbsolute,
|
|
12
|
+
isNsid,
|
|
13
|
+
}
|
|
9
14
|
|
|
10
15
|
export type LxmParam = '*' | Nsid
|
|
11
16
|
export const isLxmParam = (value: unknown): value is LxmParam =>
|
|
12
17
|
value === '*' || isNsid(value)
|
|
13
|
-
export type AudParam = '*' |
|
|
18
|
+
export type AudParam = '*' | AtprotoDidRefAbsolute
|
|
14
19
|
export const isAudParam = (value: unknown): value is AudParam =>
|
|
15
|
-
value === '*' ||
|
|
20
|
+
value === '*' || isAtprotoDidRefAbsolute(value)
|
|
16
21
|
|
|
17
22
|
export type RpcPermissionMatch = {
|
|
18
23
|
lxm: string
|
|
@@ -23,8 +28,8 @@ export class RpcPermission
|
|
|
23
28
|
implements ResourcePermission<'rpc', RpcPermissionMatch>
|
|
24
29
|
{
|
|
25
30
|
constructor(
|
|
26
|
-
public readonly aud:
|
|
27
|
-
public readonly lxm: NeRoArray<
|
|
31
|
+
public readonly aud: AudParam,
|
|
32
|
+
public readonly lxm: NeRoArray<LxmParam>,
|
|
28
33
|
) {}
|
|
29
34
|
|
|
30
35
|
matches(options: RpcPermissionMatch) {
|
|
@@ -78,7 +83,7 @@ export class RpcPermission
|
|
|
78
83
|
|
|
79
84
|
static scopeNeededFor(options: RpcPermissionMatch): string {
|
|
80
85
|
return RpcPermission.parser.format({
|
|
81
|
-
aud: options.aud as
|
|
86
|
+
aud: options.aud as AtprotoDidRefAbsolute,
|
|
82
87
|
lxm: [options.lxm as Nsid],
|
|
83
88
|
})
|
|
84
89
|
}
|
package/tsconfig.build.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"root":["./src/atproto-oauth-scope.ts","./src/index.ts","./src/scope-missing-error.ts","./src/scope-permissions-transition.ts","./src/scope-permissions.ts","./src/scopes-set.ts","./src/lib/lexicon.ts","./src/lib/mime.ts","./src/lib/nsid.ts","./src/lib/parser.ts","./src/lib/resource-permission.ts","./src/lib/syntax-lexicon.ts","./src/lib/syntax-string.ts","./src/lib/syntax.ts","./src/lib/util.ts","./src/scopes/account-permission.ts","./src/scopes/blob-permission.ts","./src/scopes/identity-permission.ts","./src/scopes/include-scope.ts","./src/scopes/repo-permission.ts","./src/scopes/rpc-permission.ts"]
|
|
1
|
+
{"version":"7.0.0-dev.20260614.1","root":["./src/atproto-oauth-scope.ts","./src/index.ts","./src/scope-missing-error.ts","./src/scope-permissions-transition.ts","./src/scope-permissions.ts","./src/scopes-set.ts","./src/lib/lexicon.ts","./src/lib/mime.ts","./src/lib/nsid.ts","./src/lib/parser.ts","./src/lib/resource-permission.ts","./src/lib/syntax-lexicon.ts","./src/lib/syntax-string.ts","./src/lib/syntax.ts","./src/lib/util.ts","./src/scopes/account-permission.ts","./src/scopes/blob-permission.ts","./src/scopes/identity-permission.ts","./src/scopes/include-scope.ts","./src/scopes/repo-permission.ts","./src/scopes/rpc-permission.ts"]}
|
package/tsconfig.json
CHANGED