@atproto/oauth-types 0.6.3 → 0.7.0

package/dist/oauth-token-type.js

@@ -1,14 +1,11 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oauthTokenTypeSchema = void 0;
-const zod_1 = require("zod");
+import { z } from 'zod';
 // Case insensitive input, normalized output
-exports.oauthTokenTypeSchema = zod_1.z.union([
-    zod_1.z
+export const oauthTokenTypeSchema = z.union([
+    z
         .string()
         .regex(/^DPoP$/i)
         .transform(() => 'DPoP'),
-    zod_1.z
+    z
         .string()
         .regex(/^Bearer$/i)
         .transform(() => 'Bearer'),

package/dist/oauth-token-type.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-token-type.js","sourceRoot":"","sources":["../src/oauth-token-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,4CAA4C;AAC/B,QAAA,oBAAoB,GAAG,OAAC,CAAC,KAAK,CAAC;IAC1C,OAAC;SACE,MAAM,EAAE;SACR,KAAK,CAAC,SAAS,CAAC;SAChB,SAAS,CAAC,GAAG,EAAE,CAAC,MAAe,CAAC;IACnC,OAAC;SACE,MAAM,EAAE;SACR,KAAK,CAAC,WAAW,CAAC;SAClB,SAAS,CAAC,GAAG,EAAE,CAAC,QAAiB,CAAC;CACtC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n// Case insensitive input, normalized output\nexport const oauthTokenTypeSchema = z.union([\n  z\n    .string()\n    .regex(/^DPoP$/i)\n    .transform(() => 'DPoP' as const),\n  z\n    .string()\n    .regex(/^Bearer$/i)\n    .transform(() => 'Bearer' as const),\n])\n\nexport type OAuthTokenType = z.infer<typeof oauthTokenTypeSchema>\n"]}
+{"version":3,"file":"oauth-token-type.js","sourceRoot":"","sources":["../src/oauth-token-type.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,4CAA4C;AAC5C,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC;IAC1C,CAAC;SACE,MAAM,EAAE;SACR,KAAK,CAAC,SAAS,CAAC;SAChB,SAAS,CAAC,GAAG,EAAE,CAAC,MAAe,CAAC;IACnC,CAAC;SACE,MAAM,EAAE;SACR,KAAK,CAAC,WAAW,CAAC;SAClB,SAAS,CAAC,GAAG,EAAE,CAAC,QAAiB,CAAC;CACtC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n// Case insensitive input, normalized output\nexport const oauthTokenTypeSchema = z.union([\n  z\n    .string()\n    .regex(/^DPoP$/i)\n    .transform(() => 'DPoP' as const),\n  z\n    .string()\n    .regex(/^Bearer$/i)\n    .transform(() => 'Bearer' as const),\n])\n\nexport type OAuthTokenType = z.infer<typeof oauthTokenTypeSchema>\n"]}

package/dist/oidc-authorization-error-response.js

@@ -1,11 +1,8 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oidcAuthorizationResponseErrorSchema = void 0;
-const zod_1 = require("zod");
+import { z } from 'zod';
 /**
  * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthError}
  */
-exports.oidcAuthorizationResponseErrorSchema = zod_1.z.enum([
+export const oidcAuthorizationResponseErrorSchema = z.enum([
     // The Authorization Server requires End-User interaction of some form to proceed. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User interaction.
     'interaction_required',
     // The Authorization Server requires End-User authentication. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User authentication.

package/dist/oidc-authorization-error-response.js.map

@@ -1 +1 @@
-{"version":3,"file":"oidc-authorization-error-response.js","sourceRoot":"","sources":["../src/oidc-authorization-error-response.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB;;GAEG;AACU,QAAA,oCAAoC,GAAG,OAAC,CAAC,IAAI,CAAC;IACzD,qSAAqS;IACrS,sBAAsB;IACtB,mRAAmR;IACnR,gBAAgB;IAChB,kbAAkb;IAClb,4BAA4B;IAC5B,qQAAqQ;IACrQ,kBAAkB;IAClB,0FAA0F;IAC1F,qBAAqB;IACrB,4DAA4D;IAC5D,wBAAwB;IACxB,6EAA6E;IAC7E,uBAAuB;IACvB,iFAAiF;IACjF,2BAA2B;IAC3B,sFAAsF;IACtF,4BAA4B;CAC7B,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n/**\n * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthError}\n */\nexport const oidcAuthorizationResponseErrorSchema = z.enum([\n  // The Authorization Server requires End-User interaction of some form to proceed. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User interaction.\n  'interaction_required',\n  // The Authorization Server requires End-User authentication. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User authentication.\n  'login_required',\n  // The End-User is REQUIRED to select a session at the Authorization Server. The End-User MAY be authenticated at the Authorization Server with different associated accounts, but the End-User did not select a session. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface to prompt for a session to use.\n  'account_selection_required',\n  // The Authorization Server requires End-User consent. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User consent.\n  'consent_required',\n  // The request_uri in the Authorization Request returns an error or contains invalid data.\n  'invalid_request_uri',\n  // The request parameter contains an invalid Request Object.\n  'invalid_request_object',\n  // The OP does not support use of the request parameter defined in Section 6.\n  'request_not_supported',\n  // The OP does not support use of the request_uri parameter defined in Section 6.\n  'request_uri_not_supported',\n  // The OP does not support use of the registration parameter defined in Section 7.2.1.\n  'registration_not_supported',\n])\n\nexport type OidcAuthorizationResponseError = z.infer<\n  typeof oidcAuthorizationResponseErrorSchema\n>\n"]}
+{"version":3,"file":"oidc-authorization-error-response.js","sourceRoot":"","sources":["../src/oidc-authorization-error-response.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB;;GAEG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAG,CAAC,CAAC,IAAI,CAAC;IACzD,qSAAqS;IACrS,sBAAsB;IACtB,mRAAmR;IACnR,gBAAgB;IAChB,kbAAkb;IAClb,4BAA4B;IAC5B,qQAAqQ;IACrQ,kBAAkB;IAClB,0FAA0F;IAC1F,qBAAqB;IACrB,4DAA4D;IAC5D,wBAAwB;IACxB,6EAA6E;IAC7E,uBAAuB;IACvB,iFAAiF;IACjF,2BAA2B;IAC3B,sFAAsF;IACtF,4BAA4B;CAC7B,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\n/**\n * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AuthError}\n */\nexport const oidcAuthorizationResponseErrorSchema = z.enum([\n  // The Authorization Server requires End-User interaction of some form to proceed. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User interaction.\n  'interaction_required',\n  // The Authorization Server requires End-User authentication. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User authentication.\n  'login_required',\n  // The End-User is REQUIRED to select a session at the Authorization Server. The End-User MAY be authenticated at the Authorization Server with different associated accounts, but the End-User did not select a session. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface to prompt for a session to use.\n  'account_selection_required',\n  // The Authorization Server requires End-User consent. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User consent.\n  'consent_required',\n  // The request_uri in the Authorization Request returns an error or contains invalid data.\n  'invalid_request_uri',\n  // The request parameter contains an invalid Request Object.\n  'invalid_request_object',\n  // The OP does not support use of the request parameter defined in Section 6.\n  'request_not_supported',\n  // The OP does not support use of the request_uri parameter defined in Section 6.\n  'request_uri_not_supported',\n  // The OP does not support use of the registration parameter defined in Section 7.2.1.\n  'registration_not_supported',\n])\n\nexport type OidcAuthorizationResponseError = z.infer<\n  typeof oidcAuthorizationResponseErrorSchema\n>\n"]}

package/dist/oidc-claims-parameter.js

@@ -1,8 +1,5 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oidcClaimsParameterSchema = void 0;
-const zod_1 = require("zod");
-exports.oidcClaimsParameterSchema = zod_1.z.enum([
+import { z } from 'zod';
+export const oidcClaimsParameterSchema = z.enum([
     // https://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#rfc.section.5.2
     // if client metadata "require_auth_time" is true, this *must* be provided
     'auth_time',

package/dist/oidc-claims-parameter.js.map

@@ -1 +1 @@
-{"version":3,"file":"oidc-claims-parameter.js","sourceRoot":"","sources":["../src/oidc-claims-parameter.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,yBAAyB,GAAG,OAAC,CAAC,IAAI,CAAC;IAC9C,oGAAoG;IACpG,0EAA0E;IAC1E,WAAW;IAEX,OAAO;IACP,OAAO;IACP,KAAK;IAEL,0BAA0B;IAC1B,MAAM;IACN,aAAa;IACb,YAAY;IACZ,aAAa;IACb,UAAU;IACV,oBAAoB;IACpB,QAAQ;IACR,SAAS;IACT,SAAS;IACT,SAAS;IACT,WAAW;IACX,UAAU;IACV,QAAQ;IACR,YAAY;IAEZ,wBAAwB;IACxB,OAAO;IACP,gBAAgB;IAEhB,wBAAwB;IACxB,cAAc;IACd,uBAAuB;IAEvB,0BAA0B;IAC1B,SAAS;CACV,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oidcClaimsParameterSchema = z.enum([\n  // https://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#rfc.section.5.2\n  // if client metadata \"require_auth_time\" is true, this *must* be provided\n  'auth_time',\n\n  // OIDC\n  'nonce',\n  'acr',\n\n  // OpenID: \"profile\" scope\n  'name',\n  'family_name',\n  'given_name',\n  'middle_name',\n  'nickname',\n  'preferred_username',\n  'gender',\n  'picture',\n  'profile',\n  'website',\n  'birthdate',\n  'zoneinfo',\n  'locale',\n  'updated_at',\n\n  // OpenID: \"email\" scope\n  'email',\n  'email_verified',\n\n  // OpenID: \"phone\" scope\n  'phone_number',\n  'phone_number_verified',\n\n  // OpenID: \"address\" scope\n  'address',\n])\n\nexport type OidcClaimsParameter = z.infer<typeof oidcClaimsParameterSchema>\n"]}
+{"version":3,"file":"oidc-claims-parameter.js","sourceRoot":"","sources":["../src/oidc-claims-parameter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC9C,oGAAoG;IACpG,0EAA0E;IAC1E,WAAW;IAEX,OAAO;IACP,OAAO;IACP,KAAK;IAEL,0BAA0B;IAC1B,MAAM;IACN,aAAa;IACb,YAAY;IACZ,aAAa;IACb,UAAU;IACV,oBAAoB;IACpB,QAAQ;IACR,SAAS;IACT,SAAS;IACT,SAAS;IACT,WAAW;IACX,UAAU;IACV,QAAQ;IACR,YAAY;IAEZ,wBAAwB;IACxB,OAAO;IACP,gBAAgB;IAEhB,wBAAwB;IACxB,cAAc;IACd,uBAAuB;IAEvB,0BAA0B;IAC1B,SAAS;CACV,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oidcClaimsParameterSchema = z.enum([\n  // https://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#rfc.section.5.2\n  // if client metadata \"require_auth_time\" is true, this *must* be provided\n  'auth_time',\n\n  // OIDC\n  'nonce',\n  'acr',\n\n  // OpenID: \"profile\" scope\n  'name',\n  'family_name',\n  'given_name',\n  'middle_name',\n  'nickname',\n  'preferred_username',\n  'gender',\n  'picture',\n  'profile',\n  'website',\n  'birthdate',\n  'zoneinfo',\n  'locale',\n  'updated_at',\n\n  // OpenID: \"email\" scope\n  'email',\n  'email_verified',\n\n  // OpenID: \"phone\" scope\n  'phone_number',\n  'phone_number_verified',\n\n  // OpenID: \"address\" scope\n  'address',\n])\n\nexport type OidcClaimsParameter = z.infer<typeof oidcClaimsParameterSchema>\n"]}

package/dist/oidc-claims-properties.js

@@ -1,11 +1,8 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oidcClaimsPropertiesSchema = void 0;
-const zod_1 = require("zod");
-const oidcClaimsValueSchema = zod_1.z.union([zod_1.z.string(), zod_1.z.number(), zod_1.z.boolean()]);
-exports.oidcClaimsPropertiesSchema = zod_1.z.object({
-    essential: zod_1.z.boolean().optional(),
+import { z } from 'zod';
+const oidcClaimsValueSchema = z.union([z.string(), z.number(), z.boolean()]);
+export const oidcClaimsPropertiesSchema = z.object({
+    essential: z.boolean().optional(),
     value: oidcClaimsValueSchema.optional(),
-    values: zod_1.z.array(oidcClaimsValueSchema).optional(),
+    values: z.array(oidcClaimsValueSchema).optional(),
 });
 //# sourceMappingURL=oidc-claims-properties.js.map

package/dist/oidc-claims-properties.js.map

@@ -1 +1 @@
-{"version":3,"file":"oidc-claims-properties.js","sourceRoot":"","sources":["../src/oidc-claims-properties.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEvB,MAAM,qBAAqB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAA;AAE/D,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,SAAS,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IACvC,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,QAAQ,EAAE;CAClD,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nconst oidcClaimsValueSchema = z.union([z.string(), z.number(), z.boolean()])\n\nexport const oidcClaimsPropertiesSchema = z.object({\n  essential: z.boolean().optional(),\n  value: oidcClaimsValueSchema.optional(),\n  values: z.array(oidcClaimsValueSchema).optional(),\n})\n\nexport type OidcClaimsProperties = z.infer<typeof oidcClaimsPropertiesSchema>\n"]}
+{"version":3,"file":"oidc-claims-properties.js","sourceRoot":"","sources":["../src/oidc-claims-properties.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAA;AAE5E,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,KAAK,EAAE,qBAAqB,CAAC,QAAQ,EAAE;IACvC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,QAAQ,EAAE;CAClD,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nconst oidcClaimsValueSchema = z.union([z.string(), z.number(), z.boolean()])\n\nexport const oidcClaimsPropertiesSchema = z.object({\n  essential: z.boolean().optional(),\n  value: oidcClaimsValueSchema.optional(),\n  values: z.array(oidcClaimsValueSchema).optional(),\n})\n\nexport type OidcClaimsProperties = z.infer<typeof oidcClaimsPropertiesSchema>\n"]}

package/dist/oidc-entity-type.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oidcEntityTypeSchema = void 0;
-const zod_1 = require("zod");
-exports.oidcEntityTypeSchema = zod_1.z.enum(['userinfo', 'id_token']);
+import { z } from 'zod';
+export const oidcEntityTypeSchema = z.enum(['userinfo', 'id_token']);
 //# sourceMappingURL=oidc-entity-type.js.map

package/dist/oidc-entity-type.js.map

@@ -1 +1 @@
-{"version":3,"file":"oidc-entity-type.js","sourceRoot":"","sources":["../src/oidc-entity-type.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,oBAAoB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oidcEntityTypeSchema = z.enum(['userinfo', 'id_token'])\n\nexport type OidcEntityType = z.infer<typeof oidcEntityTypeSchema>\n"]}
+{"version":3,"file":"oidc-entity-type.js","sourceRoot":"","sources":["../src/oidc-entity-type.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oidcEntityTypeSchema = z.enum(['userinfo', 'id_token'])\n\nexport type OidcEntityType = z.infer<typeof oidcEntityTypeSchema>\n"]}

package/dist/oidc-userinfo.js

@@ -1,15 +1,12 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.oidcUserinfoSchema = void 0;
-const zod_1 = require("zod");
-exports.oidcUserinfoSchema = zod_1.z.object({
-    sub: zod_1.z.string(),
-    iss: zod_1.z.string().url().optional(),
-    aud: zod_1.z.union([zod_1.z.string(), zod_1.z.array(zod_1.z.string()).min(1)]).optional(),
-    email: zod_1.z.string().email().optional(),
-    email_verified: zod_1.z.boolean().optional(),
-    name: zod_1.z.string().optional(),
-    preferred_username: zod_1.z.string().optional(),
-    picture: zod_1.z.string().url().optional(),
+import { z } from 'zod';
+export const oidcUserinfoSchema = z.object({
+    sub: z.string(),
+    iss: z.string().url().optional(),
+    aud: z.union([z.string(), z.array(z.string()).min(1)]).optional(),
+    email: z.string().email().optional(),
+    email_verified: z.boolean().optional(),
+    name: z.string().optional(),
+    preferred_username: z.string().optional(),
+    picture: z.string().url().optional(),
 });
 //# sourceMappingURL=oidc-userinfo.js.map

package/dist/oidc-userinfo.js.map

@@ -1 +1 @@
-{"version":3,"file":"oidc-userinfo.js","sourceRoot":"","sources":["../src/oidc-userinfo.ts"],"names":[],"mappings":";;;AAAA,6BAAuB;AAEV,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEjE,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;IACpC,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oidcUserinfoSchema = z.object({\n  sub: z.string(),\n  iss: z.string().url().optional(),\n  aud: z.union([z.string(), z.array(z.string()).min(1)]).optional(),\n\n  email: z.string().email().optional(),\n  email_verified: z.boolean().optional(),\n  name: z.string().optional(),\n  preferred_username: z.string().optional(),\n  picture: z.string().url().optional(),\n})\n\nexport type OidcUserinfo = z.infer<typeof oidcUserinfoSchema>\n"]}
+{"version":3,"file":"oidc-userinfo.js","sourceRoot":"","sources":["../src/oidc-userinfo.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;IACf,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAChC,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEjE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;IACpC,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAA","sourcesContent":["import { z } from 'zod'\n\nexport const oidcUserinfoSchema = z.object({\n  sub: z.string(),\n  iss: z.string().url().optional(),\n  aud: z.union([z.string(), z.array(z.string()).min(1)]).optional(),\n\n  email: z.string().email().optional(),\n  email_verified: z.boolean().optional(),\n  name: z.string().optional(),\n  preferred_username: z.string().optional(),\n  picture: z.string().url().optional(),\n})\n\nexport type OidcUserinfo = z.infer<typeof oidcUserinfoSchema>\n"]}

package/dist/uri.js

@@ -1,55 +1,52 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.privateUseUriSchema = exports.webUriSchema = exports.httpsUriSchema = exports.loopbackUriSchema = exports.dangerousUriSchema = void 0;
-const zod_1 = require("zod");
-const util_js_1 = require("./util.js");
+import { ZodIssueCode, z } from 'zod';
+import { canParseUrl, isHostnameIP, isLocalHostname, isLoopbackHost, } from './util.js';
 /**
  * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).
  *
  * Any value that matches this schema is safe to parse using `new URL()`.
  */
-exports.dangerousUriSchema = zod_1.z
+export const dangerousUriSchema = z
     .string()
-    .refine((data) => data.includes(':') && (0, util_js_1.canParseUrl)(data), {
+    .refine((data) => data.includes(':') && canParseUrl(data), {
     message: 'Invalid URL',
 });
-exports.loopbackUriSchema = exports.dangerousUriSchema.superRefine((value, ctx) => {
+export const loopbackUriSchema = dangerousUriSchema.superRefine((value, ctx) => {
     // Loopback url must use the "http:" protocol
     if (!value.startsWith('http://')) {
         ctx.addIssue({
-            code: zod_1.ZodIssueCode.custom,
+            code: ZodIssueCode.custom,
             message: 'URL must use the "http:" protocol',
         });
         return false;
     }
     const url = new URL(value);
-    if (!(0, util_js_1.isLoopbackHost)(url.hostname)) {
+    if (!isLoopbackHost(url.hostname)) {
         ctx.addIssue({
-            code: zod_1.ZodIssueCode.custom,
+            code: ZodIssueCode.custom,
             message: 'URL must use "localhost", "127.0.0.1" or "[::1]" as hostname',
         });
         return false;
     }
     return true;
 });
-exports.httpsUriSchema = exports.dangerousUriSchema.superRefine((value, ctx) => {
+export const httpsUriSchema = dangerousUriSchema.superRefine((value, ctx) => {
     if (!value.startsWith('https://')) {
         ctx.addIssue({
-            code: zod_1.ZodIssueCode.custom,
+            code: ZodIssueCode.custom,
             message: 'URL must use the "https:" protocol',
         });
         return false;
     }
     const url = new URL(value);
     // Disallow loopback URLs with the `https:` protocol
-    if ((0, util_js_1.isLoopbackHost)(url.hostname)) {
+    if (isLoopbackHost(url.hostname)) {
         ctx.addIssue({
-            code: zod_1.ZodIssueCode.custom,
+            code: ZodIssueCode.custom,
             message: 'https: URL must not use a loopback host',
         });
         return false;
     }
-    if ((0, util_js_1.isHostnameIP)(url.hostname)) {
+    if (isHostnameIP(url.hostname)) {
         // Hostname is an IP address
     }
     else {
@@ -57,14 +54,14 @@ exports.httpsUriSchema = exports.dangerousUriSchema.superRefine((value, ctx) =>
         if (!url.hostname.includes('.')) {
             // we don't depend on PSL here, so we only check for a dot
             ctx.addIssue({
-                code: zod_1.ZodIssueCode.custom,
+                code: ZodIssueCode.custom,
                 message: 'Domain name must contain at least two segments',
             });
             return false;
         }
         if (url.hostname.endsWith('.local')) {
             ctx.addIssue({
-                code: zod_1.ZodIssueCode.custom,
+                code: ZodIssueCode.custom,
                 message: 'Domain name must not end with ".local"',
             });
             return false;
@@ -72,35 +69,35 @@ exports.httpsUriSchema = exports.dangerousUriSchema.superRefine((value, ctx) =>
     }
     return true;
 });
-exports.webUriSchema = zod_1.z
+export const webUriSchema = z
     .string()
     .superRefine((value, ctx) => {
     // discriminated union of `loopbackUriSchema` and `httpsUriSchema`
     if (value.startsWith('http://')) {
-        const result = exports.loopbackUriSchema.safeParse(value);
+        const result = loopbackUriSchema.safeParse(value);
         if (!result.success)
             result.error.issues.forEach(ctx.addIssue, ctx);
         return result.success;
     }
     if (value.startsWith('https://')) {
-        const result = exports.httpsUriSchema.safeParse(value);
+        const result = httpsUriSchema.safeParse(value);
         if (!result.success)
             result.error.issues.forEach(ctx.addIssue, ctx);
         return result.success;
     }
     ctx.addIssue({
-        code: zod_1.ZodIssueCode.custom,
+        code: ZodIssueCode.custom,
         message: 'URL must use the "http:" or "https:" protocol',
     });
     return false;
 });
-exports.privateUseUriSchema = exports.dangerousUriSchema.superRefine((value, ctx) => {
+export const privateUseUriSchema = dangerousUriSchema.superRefine((value, ctx) => {
     const dotIdx = value.indexOf('.');
     const colonIdx = value.indexOf(':');
     // Optimization: avoid parsing the URL if the protocol does not contain a "."
     if (dotIdx === -1 || colonIdx === -1 || dotIdx > colonIdx) {
         ctx.addIssue({
-            code: zod_1.ZodIssueCode.custom,
+            code: ZodIssueCode.custom,
             message: 'Private-use URI scheme requires a "." as part of the protocol',
         });
         return false;
@@ -109,7 +106,7 @@ exports.privateUseUriSchema = exports.dangerousUriSchema.superRefine((value, ctx
     // Should be covered by the check before, but let's be extra sure
     if (!url.protocol.includes('.')) {
         ctx.addIssue({
-            code: zod_1.ZodIssueCode.custom,
+            code: ZodIssueCode.custom,
             message: 'Invalid private-use URI scheme',
         });
         return false;
@@ -140,9 +137,9 @@ exports.privateUseUriSchema = exports.dangerousUriSchema.superRefine((value, ctx
     // no concept of `client_id` in this context).
     const uriScheme = url.protocol.slice(0, -1); // remove trailing ":"
     const urlDomain = uriScheme.split('.').reverse().join('.');
-    if ((0, util_js_1.isLocalHostname)(urlDomain)) {
+    if (isLocalHostname(urlDomain)) {
         ctx.addIssue({
-            code: zod_1.ZodIssueCode.custom,
+            code: ZodIssueCode.custom,
             message: `Private-use URI Scheme redirect URI must not be a local hostname`,
         });
     }
@@ -157,7 +154,7 @@ exports.privateUseUriSchema = exports.dangerousUriSchema.superRefine((value, ctx
         url.hostname ||
         url.port) {
         ctx.addIssue({
-            code: zod_1.ZodIssueCode.custom,
+            code: ZodIssueCode.custom,
             message: 'Private-Use URI Scheme must be in the form <scheme>:/{path} (notice the single slash!) as per RFC 8252',
         });
         return false;

package/dist/uri.js.map

@@ -1 +1 @@
-{"version":3,"file":"uri.js","sourceRoot":"","sources":["../src/uri.ts"],"names":[],"mappings":";;;AAAA,6BAA6C;AAC7C,uCAKkB;AAElB;;;;GAIG;AACU,QAAA,kBAAkB,GAAG,OAAC;KAChC,MAAM,EAAE;KACR,MAAM,CACL,CAAC,IAAI,EAAiC,EAAE,CACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAA,qBAAW,EAAC,IAAI,CAAC,EACzC;IACE,OAAO,EAAE,aAAa;CACvB,CACF,CAAA;AAOU,QAAA,iBAAiB,GAAG,0BAAkB,CAAC,WAAW,CAC7D,CACE,KAAK,EACL,GAAG,EAI6D,EAAE;IAClE,6CAA6C;IAC7C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,CAAC,IAAA,wBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAIY,QAAA,cAAc,GAAG,0BAAkB,CAAC,WAAW,CAC1D,CAAC,KAAK,EAAE,GAAG,EAAgC,EAAE;IAC3C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,oCAAoC;SAC9C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,oDAAoD;IACpD,IAAI,IAAA,wBAAc,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,yCAAyC;SACnD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,IAAA,sBAAY,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,4BAA4B;IAC9B,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,0DAA0D;YAC1D,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,kBAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,gDAAgD;aAC1D,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,kBAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,wCAAwC;aAClD,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAIY,QAAA,YAAY,GAAG,OAAC;KAC1B,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAmC,EAAE;IAC3D,kEAAkE;IAClE,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,yBAAiB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACjD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,sBAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,GAAG,CAAC,QAAQ,CAAC;QACX,IAAI,EAAE,kBAAY,CAAC,MAAM;QACzB,OAAO,EAAE,+CAA+C;KACzD,CAAC,CAAA;IACF,OAAO,KAAK,CAAA;AACd,CAAC,CAAC,CAAA;AAIS,QAAA,mBAAmB,GAAG,0BAAkB,CAAC,WAAW,CAC/D,CAAC,KAAK,EAAE,GAAG,EAA6C,EAAE;IACxD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAEnC,6EAA6E;IAC7E,IAAI,MAAM,KAAK,CAAC,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,MAAM,GAAG,QAAQ,EAAE,CAAC;QAC1D,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,+DAA+D;SAClE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,iEAAiE;IACjE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,gCAAgC;SAC1C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,4DAA4D;IAC5D,EAAE;IACF,0EAA0E;IAC1E,wEAAwE;IACxE,kBAAkB;IAClB,EAAE;IACF,4DAA4D;IAC5D,EAAE;IACF,uEAAuE;IACvE,2EAA2E;IAC3E,2EAA2E;IAC3E,2EAA2E;IAC3E,EAAE;IACF,sEAAsE;IACtE,4EAA4E;IAC5E,gDAAgD;IAChD,EAAE;IACF,kCAAkC;IAClC,EAAE;IACF,4EAA4E;IAC5E,WAAW;IACX,EAAE;IACF,0EAA0E;IAC1E,8CAA8C;IAE9C,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA,CAAC,sBAAsB;IAClE,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAE1D,IAAI,IAAA,yBAAe,EAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EAAE,kEAAkE;SAC5E,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,EAAE;IACF,2EAA2E;IAC3E,yEAAyE;IACzE,oDAAoD;IACpD,IACE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,QAAQ,IAAI,CAAC;QACxC,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,IAAI,EACR,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,kBAAY,CAAC,MAAM;YACzB,OAAO,EACL,wGAAwG;SAC3G,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA","sourcesContent":["import { TypeOf, ZodIssueCode, z } from 'zod'\nimport {\n  canParseUrl,\n  isHostnameIP,\n  isLocalHostname,\n  isLoopbackHost,\n} from './util.js'\n\n/**\n * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).\n *\n * Any value that matches this schema is safe to parse using `new URL()`.\n */\nexport const dangerousUriSchema = z\n  .string()\n  .refine(\n    (data): data is `${string}:${string}` =>\n      data.includes(':') && canParseUrl(data),\n    {\n      message: 'Invalid URL',\n    },\n  )\n\n/**\n * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).\n */\nexport type DangerousUrl = TypeOf<typeof dangerousUriSchema>\n\nexport const loopbackUriSchema = dangerousUriSchema.superRefine(\n  (\n    value,\n    ctx,\n  ): value is\n    | `http://[::1]${string}`\n    | `http://localhost${'' | `${':' | '/' | '?' | '#'}${string}`}`\n    | `http://127.0.0.1${'' | `${':' | '/' | '?' | '#'}${string}`}` => {\n    // Loopback url must use the \"http:\" protocol\n    if (!value.startsWith('http://')) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: 'URL must use the \"http:\" protocol',\n      })\n      return false\n    }\n\n    const url = new URL(value)\n\n    if (!isLoopbackHost(url.hostname)) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: 'URL must use \"localhost\", \"127.0.0.1\" or \"[::1]\" as hostname',\n      })\n      return false\n    }\n\n    return true\n  },\n)\n\nexport type LoopbackUri = TypeOf<typeof loopbackUriSchema>\n\nexport const httpsUriSchema = dangerousUriSchema.superRefine(\n  (value, ctx): value is `https://${string}` => {\n    if (!value.startsWith('https://')) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: 'URL must use the \"https:\" protocol',\n      })\n      return false\n    }\n\n    const url = new URL(value)\n\n    // Disallow loopback URLs with the `https:` protocol\n    if (isLoopbackHost(url.hostname)) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: 'https: URL must not use a loopback host',\n      })\n      return false\n    }\n\n    if (isHostnameIP(url.hostname)) {\n      // Hostname is an IP address\n    } else {\n      // Hostname is a domain name\n      if (!url.hostname.includes('.')) {\n        // we don't depend on PSL here, so we only check for a dot\n        ctx.addIssue({\n          code: ZodIssueCode.custom,\n          message: 'Domain name must contain at least two segments',\n        })\n        return false\n      }\n\n      if (url.hostname.endsWith('.local')) {\n        ctx.addIssue({\n          code: ZodIssueCode.custom,\n          message: 'Domain name must not end with \".local\"',\n        })\n        return false\n      }\n    }\n\n    return true\n  },\n)\n\nexport type HttpsUri = TypeOf<typeof httpsUriSchema>\n\nexport const webUriSchema = z\n  .string()\n  .superRefine((value, ctx): value is LoopbackUri | HttpsUri => {\n    // discriminated union of `loopbackUriSchema` and `httpsUriSchema`\n    if (value.startsWith('http://')) {\n      const result = loopbackUriSchema.safeParse(value)\n      if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n      return result.success\n    }\n\n    if (value.startsWith('https://')) {\n      const result = httpsUriSchema.safeParse(value)\n      if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n      return result.success\n    }\n\n    ctx.addIssue({\n      code: ZodIssueCode.custom,\n      message: 'URL must use the \"http:\" or \"https:\" protocol',\n    })\n    return false\n  })\n\nexport type WebUri = TypeOf<typeof webUriSchema>\n\nexport const privateUseUriSchema = dangerousUriSchema.superRefine(\n  (value, ctx): value is `${string}.${string}:/${string}` => {\n    const dotIdx = value.indexOf('.')\n    const colonIdx = value.indexOf(':')\n\n    // Optimization: avoid parsing the URL if the protocol does not contain a \".\"\n    if (dotIdx === -1 || colonIdx === -1 || dotIdx > colonIdx) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message:\n          'Private-use URI scheme requires a \".\" as part of the protocol',\n      })\n      return false\n    }\n\n    const url = new URL(value)\n\n    // Should be covered by the check before, but let's be extra sure\n    if (!url.protocol.includes('.')) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: 'Invalid private-use URI scheme',\n      })\n      return false\n    }\n\n    // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n    //\n    // > When choosing a URI scheme to associate with the app, apps MUST use a\n    // > URI scheme based on a domain name under their control, expressed in\n    // > reverse order\n    //\n    // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n    //\n    // > In addition to the collision-resistant properties, requiring a URI\n    // > scheme based on a domain name that is under the control of the app can\n    // > help to prove ownership in the event of a dispute where two apps claim\n    // > the same private-use URI scheme (where one app is acting maliciously).\n    //\n    // We can't check for ownership here (as there is no concept of proven\n    // ownership in a generic validation logic), besides excluding local domains\n    // as they can't be controlled/owned by the app.\n    //\n    // https://atproto.com/specs/oauth\n    //\n    // > Any custom scheme must match the `client_id` hostname in reverse-domain\n    // > order.\n    //\n    // This ATPROTO specific requirement cannot be enforced here, (as there is\n    // no concept of `client_id` in this context).\n\n    const uriScheme = url.protocol.slice(0, -1) // remove trailing \":\"\n    const urlDomain = uriScheme.split('.').reverse().join('.')\n\n    if (isLocalHostname(urlDomain)) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: `Private-use URI Scheme redirect URI must not be a local hostname`,\n      })\n    }\n\n    // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n    //\n    // > Following the requirements of Section 3.2 of [RFC3986], as there is no\n    // > naming authority for private-use URI scheme redirects, only a single\n    // > slash (\"/\") appears after the scheme component.\n    if (\n      url.href.startsWith(`${url.protocol}//`) ||\n      url.username ||\n      url.password ||\n      url.hostname ||\n      url.port\n    ) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message:\n          'Private-Use URI Scheme must be in the form <scheme>:/{path} (notice the single slash!) as per RFC 8252',\n      })\n      return false\n    }\n\n    return true\n  },\n)\n\nexport type PrivateUseUri = TypeOf<typeof privateUseUriSchema>\n"]}
+{"version":3,"file":"uri.js","sourceRoot":"","sources":["../src/uri.ts"],"names":[],"mappings":"AAAA,OAAO,EAAU,YAAY,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAC7C,OAAO,EACL,WAAW,EACX,YAAY,EACZ,eAAe,EACf,cAAc,GACf,MAAM,WAAW,CAAA;AAElB;;;;GAIG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC;KAChC,MAAM,EAAE;KACR,MAAM,CACL,CAAC,IAAI,EAAiC,EAAE,CACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,EACzC;IACE,OAAO,EAAE,aAAa;CACvB,CACF,CAAA;AAOH,MAAM,CAAC,MAAM,iBAAiB,GAAG,kBAAkB,CAAC,WAAW,CAC7D,CACE,KAAK,EACL,GAAG,EAI6D,EAAE;IAClE,6CAA6C;IAC7C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAID,MAAM,CAAC,MAAM,cAAc,GAAG,kBAAkB,CAAC,WAAW,CAC1D,CAAC,KAAK,EAAE,GAAG,EAAgC,EAAE;IAC3C,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,OAAO,EAAE,oCAAoC;SAC9C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,oDAAoD;IACpD,IAAI,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,OAAO,EAAE,yCAAyC;SACnD,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,4BAA4B;IAC9B,CAAC;SAAM,CAAC;QACN,4BAA4B;QAC5B,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,0DAA0D;YAC1D,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,YAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,gDAAgD;aAC1D,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;QAED,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,YAAY,CAAC,MAAM;gBACzB,OAAO,EAAE,wCAAwC;aAClD,CAAC,CAAA;YACF,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA;AAID,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC;KAC1B,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAmC,EAAE;IAC3D,kEAAkE;IAClE,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QACjD,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;QACnE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,GAAG,CAAC,QAAQ,CAAC;QACX,IAAI,EAAE,YAAY,CAAC,MAAM;QACzB,OAAO,EAAE,+CAA+C;KACzD,CAAC,CAAA;IACF,OAAO,KAAK,CAAA;AACd,CAAC,CAAC,CAAA;AAIJ,MAAM,CAAC,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,WAAW,CAC/D,CAAC,KAAK,EAAE,GAAG,EAA6C,EAAE;IACxD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAEnC,6EAA6E;IAC7E,IAAI,MAAM,KAAK,CAAC,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,MAAM,GAAG,QAAQ,EAAE,CAAC;QAC1D,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,OAAO,EACL,+DAA+D;SAClE,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IAE1B,iEAAiE;IACjE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,OAAO,EAAE,gCAAgC;SAC1C,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,4DAA4D;IAC5D,EAAE;IACF,0EAA0E;IAC1E,wEAAwE;IACxE,kBAAkB;IAClB,EAAE;IACF,4DAA4D;IAC5D,EAAE;IACF,uEAAuE;IACvE,2EAA2E;IAC3E,2EAA2E;IAC3E,2EAA2E;IAC3E,EAAE;IACF,sEAAsE;IACtE,4EAA4E;IAC5E,gDAAgD;IAChD,EAAE;IACF,kCAAkC;IAClC,EAAE;IACF,4EAA4E;IAC5E,WAAW;IACX,EAAE;IACF,0EAA0E;IAC1E,8CAA8C;IAE9C,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA,CAAC,sBAAsB;IAClE,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAE1D,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,OAAO,EAAE,kEAAkE;SAC5E,CAAC,CAAA;IACJ,CAAC;IAED,4DAA4D;IAC5D,EAAE;IACF,2EAA2E;IAC3E,yEAAyE;IACzE,oDAAoD;IACpD,IACE,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,QAAQ,IAAI,CAAC;QACxC,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,QAAQ;QACZ,GAAG,CAAC,IAAI,EACR,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,YAAY,CAAC,MAAM;YACzB,OAAO,EACL,wGAAwG;SAC3G,CAAC,CAAA;QACF,OAAO,KAAK,CAAA;IACd,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC,CACF,CAAA","sourcesContent":["import { TypeOf, ZodIssueCode, z } from 'zod'\nimport {\n  canParseUrl,\n  isHostnameIP,\n  isLocalHostname,\n  isLoopbackHost,\n} from './util.js'\n\n/**\n * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).\n *\n * Any value that matches this schema is safe to parse using `new URL()`.\n */\nexport const dangerousUriSchema = z\n  .string()\n  .refine(\n    (data): data is `${string}:${string}` =>\n      data.includes(':') && canParseUrl(data),\n    {\n      message: 'Invalid URL',\n    },\n  )\n\n/**\n * Valid, but potentially dangerous URL (`data:`, `file:`, `javascript:`, etc.).\n */\nexport type DangerousUrl = TypeOf<typeof dangerousUriSchema>\n\nexport const loopbackUriSchema = dangerousUriSchema.superRefine(\n  (\n    value,\n    ctx,\n  ): value is\n    | `http://[::1]${string}`\n    | `http://localhost${'' | `${':' | '/' | '?' | '#'}${string}`}`\n    | `http://127.0.0.1${'' | `${':' | '/' | '?' | '#'}${string}`}` => {\n    // Loopback url must use the \"http:\" protocol\n    if (!value.startsWith('http://')) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: 'URL must use the \"http:\" protocol',\n      })\n      return false\n    }\n\n    const url = new URL(value)\n\n    if (!isLoopbackHost(url.hostname)) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: 'URL must use \"localhost\", \"127.0.0.1\" or \"[::1]\" as hostname',\n      })\n      return false\n    }\n\n    return true\n  },\n)\n\nexport type LoopbackUri = TypeOf<typeof loopbackUriSchema>\n\nexport const httpsUriSchema = dangerousUriSchema.superRefine(\n  (value, ctx): value is `https://${string}` => {\n    if (!value.startsWith('https://')) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: 'URL must use the \"https:\" protocol',\n      })\n      return false\n    }\n\n    const url = new URL(value)\n\n    // Disallow loopback URLs with the `https:` protocol\n    if (isLoopbackHost(url.hostname)) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: 'https: URL must not use a loopback host',\n      })\n      return false\n    }\n\n    if (isHostnameIP(url.hostname)) {\n      // Hostname is an IP address\n    } else {\n      // Hostname is a domain name\n      if (!url.hostname.includes('.')) {\n        // we don't depend on PSL here, so we only check for a dot\n        ctx.addIssue({\n          code: ZodIssueCode.custom,\n          message: 'Domain name must contain at least two segments',\n        })\n        return false\n      }\n\n      if (url.hostname.endsWith('.local')) {\n        ctx.addIssue({\n          code: ZodIssueCode.custom,\n          message: 'Domain name must not end with \".local\"',\n        })\n        return false\n      }\n    }\n\n    return true\n  },\n)\n\nexport type HttpsUri = TypeOf<typeof httpsUriSchema>\n\nexport const webUriSchema = z\n  .string()\n  .superRefine((value, ctx): value is LoopbackUri | HttpsUri => {\n    // discriminated union of `loopbackUriSchema` and `httpsUriSchema`\n    if (value.startsWith('http://')) {\n      const result = loopbackUriSchema.safeParse(value)\n      if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n      return result.success\n    }\n\n    if (value.startsWith('https://')) {\n      const result = httpsUriSchema.safeParse(value)\n      if (!result.success) result.error.issues.forEach(ctx.addIssue, ctx)\n      return result.success\n    }\n\n    ctx.addIssue({\n      code: ZodIssueCode.custom,\n      message: 'URL must use the \"http:\" or \"https:\" protocol',\n    })\n    return false\n  })\n\nexport type WebUri = TypeOf<typeof webUriSchema>\n\nexport const privateUseUriSchema = dangerousUriSchema.superRefine(\n  (value, ctx): value is `${string}.${string}:/${string}` => {\n    const dotIdx = value.indexOf('.')\n    const colonIdx = value.indexOf(':')\n\n    // Optimization: avoid parsing the URL if the protocol does not contain a \".\"\n    if (dotIdx === -1 || colonIdx === -1 || dotIdx > colonIdx) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message:\n          'Private-use URI scheme requires a \".\" as part of the protocol',\n      })\n      return false\n    }\n\n    const url = new URL(value)\n\n    // Should be covered by the check before, but let's be extra sure\n    if (!url.protocol.includes('.')) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: 'Invalid private-use URI scheme',\n      })\n      return false\n    }\n\n    // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n    //\n    // > When choosing a URI scheme to associate with the app, apps MUST use a\n    // > URI scheme based on a domain name under their control, expressed in\n    // > reverse order\n    //\n    // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4\n    //\n    // > In addition to the collision-resistant properties, requiring a URI\n    // > scheme based on a domain name that is under the control of the app can\n    // > help to prove ownership in the event of a dispute where two apps claim\n    // > the same private-use URI scheme (where one app is acting maliciously).\n    //\n    // We can't check for ownership here (as there is no concept of proven\n    // ownership in a generic validation logic), besides excluding local domains\n    // as they can't be controlled/owned by the app.\n    //\n    // https://atproto.com/specs/oauth\n    //\n    // > Any custom scheme must match the `client_id` hostname in reverse-domain\n    // > order.\n    //\n    // This ATPROTO specific requirement cannot be enforced here, (as there is\n    // no concept of `client_id` in this context).\n\n    const uriScheme = url.protocol.slice(0, -1) // remove trailing \":\"\n    const urlDomain = uriScheme.split('.').reverse().join('.')\n\n    if (isLocalHostname(urlDomain)) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message: `Private-use URI Scheme redirect URI must not be a local hostname`,\n      })\n    }\n\n    // https://datatracker.ietf.org/doc/html/rfc8252#section-7.1\n    //\n    // > Following the requirements of Section 3.2 of [RFC3986], as there is no\n    // > naming authority for private-use URI scheme redirects, only a single\n    // > slash (\"/\") appears after the scheme component.\n    if (\n      url.href.startsWith(`${url.protocol}//`) ||\n      url.username ||\n      url.password ||\n      url.hostname ||\n      url.port\n    ) {\n      ctx.addIssue({\n        code: ZodIssueCode.custom,\n        message:\n          'Private-Use URI Scheme must be in the form <scheme>:/{path} (notice the single slash!) as per RFC 8252',\n      })\n      return false\n    }\n\n    return true\n  },\n)\n\nexport type PrivateUseUri = TypeOf<typeof privateUseUriSchema>\n"]}

package/dist/util.js

@@ -1,15 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.isSpaceSeparatedValue = exports.numberPreprocess = exports.jsonObjectPreprocess = exports.canParseUrl = void 0;
-exports.isHostnameIP = isHostnameIP;
-exports.isLoopbackHost = isLoopbackHost;
-exports.isLocalHostname = isLocalHostname;
-exports.safeUrl = safeUrl;
-exports.extractUrlPath = extractUrlPath;
-exports.arrayEquivalent = arrayEquivalent;
-exports.includedIn = includedIn;
-exports.asArray = asArray;
-exports.canParseUrl = 
+export const canParseUrl = 
 // eslint-disable-next-line n/no-unsupported-features/node-builtins
 URL.canParse?.bind(URL) ??
     // URL.canParse is not available in Node.js < 18.7.0
@@ -22,7 +11,7 @@ URL.canParse?.bind(URL) ??
             return false;
         }
     });
-function isHostnameIP(hostname) {
+export function isHostnameIP(hostname) {
     // IPv4
     if (hostname.match(/^\d+\.\d+\.\d+\.\d+$/))
         return true;
@@ -31,10 +20,10 @@ function isHostnameIP(hostname) {
         return true;
     return false;
 }
-function isLoopbackHost(host) {
+export function isLoopbackHost(host) {
     return host === 'localhost' || host === '127.0.0.1' || host === '[::1]';
 }
-function isLocalHostname(hostname) {
+export function isLocalHostname(hostname) {
     const parts = hostname.split('.');
     if (parts.length < 2)
         return true;
@@ -45,7 +34,7 @@ function isLocalHostname(hostname) {
         tld === 'invalid' ||
         tld === 'example');
 }
-function safeUrl(input) {
+export function safeUrl(input) {
     try {
         return new URL(input);
     }
@@ -53,7 +42,7 @@ function safeUrl(input) {
         return null;
     }
 }
-function extractUrlPath(url) {
+export function extractUrlPath(url) {
     // Extracts the path from a URL, without relying on the URL constructor
     // (because it normalizes the URL)
     const endOfProtocol = url.startsWith('https://')
@@ -83,7 +72,7 @@ function extractUrlPath(url) {
     }
     return url.substring(pathStart, pathEnd);
 }
-const jsonObjectPreprocess = (val) => {
+export const jsonObjectPreprocess = (val) => {
     if (typeof val === 'string' && val.startsWith('{') && val.endsWith('}')) {
         try {
             return JSON.parse(val);
@@ -94,8 +83,7 @@ const jsonObjectPreprocess = (val) => {
     }
     return val;
 };
-exports.jsonObjectPreprocess = jsonObjectPreprocess;
-const numberPreprocess = (val) => {
+export const numberPreprocess = (val) => {
     if (typeof val === 'string') {
         const number = Number(val);
         if (!Number.isNaN(number))
@@ -103,27 +91,26 @@ const numberPreprocess = (val) => {
     }
     return val;
 };
-exports.numberPreprocess = numberPreprocess;
 /**
  * Returns true if the two arrays contain the same elements, regardless of order
  * or duplicates.
  */
-function arrayEquivalent(a, b) {
+export function arrayEquivalent(a, b) {
     if (a === b)
         return true;
     return a.every(includedIn, b) && b.every(includedIn, a);
 }
-function includedIn(item) {
+export function includedIn(item) {
     return this.includes(item);
 }
-function asArray(value) {
+export function asArray(value) {
     if (value == null)
         return undefined;
     if (Array.isArray(value))
         return value; // already a (possibly readonly) array
     return Array.from(value);
 }
-const isSpaceSeparatedValue = (value, input) => {
+export const isSpaceSeparatedValue = (value, input) => {
     if (value.length === 0)
         throw new TypeError('Value cannot be empty');
     if (value.includes(' '))
@@ -149,5 +136,4 @@ const isSpaceSeparatedValue = (value, input) => {
     }
     return false;
 };
-exports.isSpaceSeparatedValue = isSpaceSeparatedValue;
 //# sourceMappingURL=util.js.map

package/dist/util.js.map

@@ -1 +1 @@
-{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":";;;AAaA,oCAQC;AAID,wCAEC;AAED,0CAYC;AAED,0BAMC;AAED,wCAsCC;AA0BD,0CAGC;AAED,gCAEC;AAED,0BAMC;AAlIY,QAAA,WAAW;AACtB,mEAAmE;AACnE,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC;IACvB,oDAAoD;IACpD,CAAC,CAAC,MAAc,EAAW,EAAE;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,CAAC,CAAA;YACf,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC,CAAC,CAAA;AAEJ,SAAgB,YAAY,CAAC,QAAgB;IAC3C,OAAO;IACP,IAAI,QAAQ,CAAC,KAAK,CAAC,sBAAsB,CAAC;QAAE,OAAO,IAAI,CAAA;IAEvD,OAAO;IACP,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAEnE,OAAO,KAAK,CAAA;AACd,CAAC;AAID,SAAgB,cAAc,CAAC,IAAa;IAC1C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,OAAO,CAAA;AACzE,CAAC;AAED,SAAgB,eAAe,CAAC,QAAgB;IAC9C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAEjC,MAAM,GAAG,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAA;IACvC,OAAO,CACL,GAAG,KAAK,MAAM;QACd,GAAG,KAAK,OAAO;QACf,GAAG,KAAK,WAAW;QACnB,GAAG,KAAK,SAAS;QACjB,GAAG,KAAK,SAAS,CAClB,CAAA;AACH,CAAC;AAED,SAAgB,OAAO,CAAC,KAAmB;IACzC,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,SAAgB,cAAc,CAAC,GAAG;IAChC,uEAAuE;IACvE,kCAAkC;IAClC,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;QAC9C,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC;YACzB,CAAC,CAAC,CAAC;YACH,CAAC,CAAC,CAAC,CAAC,CAAA;IACR,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAA;IACtE,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAC/C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAEnD,MAAM,WAAW,GACf,WAAW,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,WAAW,GAAG,OAAO,CAAC;QAC7D,CAAC,CAAC,WAAW;QACb,CAAC,CAAC,CAAC,CAAC,CAAA;IAER,MAAM,OAAO,GACX,OAAO,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,GAAG,CAAC,MAAM;YACZ,CAAC,CAAC,WAAW;QACf,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;IAEtC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAEhD,MAAM,SAAS,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAA;IAE5E,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAA;IAChD,CAAC;IAED,OAAO,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;AAC1C,CAAC;AAEM,MAAM,oBAAoB,GAAG,CAAC,GAAY,EAAE,EAAE;IACnD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxE,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,CAAA;QACZ,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA;AAVY,QAAA,oBAAoB,wBAUhC;AAEM,MAAM,gBAAgB,GAAG,CAAC,GAAY,EAAW,EAAE;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAA;IAC1C,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA;AANY,QAAA,gBAAgB,oBAM5B;AAED;;;GAGG;AACH,SAAgB,eAAe,CAAI,CAAe,EAAE,CAAe;IACjE,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACxB,OAAO,CAAC,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAA;AACzD,CAAC;AAED,SAAgB,UAAU,CAAwB,IAAO;IACvD,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AAC5B,CAAC;AAED,SAAgB,OAAO,CACrB,KAA8B;IAE9B,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,SAAS,CAAA;IACnC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA,CAAC,sCAAsC;IAC7E,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAKM,MAAM,qBAAqB,GAAG,CACnC,KAAY,EACZ,KAAa,EACwB,EAAE;IACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;IACpE,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,MAAM,IAAI,SAAS,CAAC,6BAA6B,CAAC,CAAA;IAE3E,wBAAwB;IACxB,0CAA0C;IAE1C,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAChC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAEhC,IAAI,WAAW,GAAG,WAAW;QAAE,OAAO,KAAK,CAAA;IAE3C,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;IAC9B,IAAI,MAAc,CAAA;IAElB,OAAO,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,GAAG,WAAW,CAAA;QAE1B;QACE,oCAAoC;QACpC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;YAC/C,8BAA8B;YAC9B,CAAC,MAAM,KAAK,WAAW,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,EAC3D,CAAC;YACD,OAAO,IAAI,CAAA;QACb,CAAC;QAED,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,CAAC,CAAC,CAAA;IACxC,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC,CAAA;AAlCY,QAAA,qBAAqB,yBAkCjC","sourcesContent":["export const canParseUrl =\n  // eslint-disable-next-line n/no-unsupported-features/node-builtins\n  URL.canParse?.bind(URL) ??\n  // URL.canParse is not available in Node.js < 18.7.0\n  ((urlStr: string): boolean => {\n    try {\n      new URL(urlStr)\n      return true\n    } catch {\n      return false\n    }\n  })\n\nexport function isHostnameIP(hostname: string) {\n  // IPv4\n  if (hostname.match(/^\\d+\\.\\d+\\.\\d+\\.\\d+$/)) return true\n\n  // IPv6\n  if (hostname.startsWith('[') && hostname.endsWith(']')) return true\n\n  return false\n}\n\nexport type LoopbackHost = 'localhost' | '127.0.0.1' | '[::1]'\n\nexport function isLoopbackHost(host: unknown): host is LoopbackHost {\n  return host === 'localhost' || host === '127.0.0.1' || host === '[::1]'\n}\n\nexport function isLocalHostname(hostname: string): boolean {\n  const parts = hostname.split('.')\n  if (parts.length < 2) return true\n\n  const tld = parts.at(-1)!.toLowerCase()\n  return (\n    tld === 'test' ||\n    tld === 'local' ||\n    tld === 'localhost' ||\n    tld === 'invalid' ||\n    tld === 'example'\n  )\n}\n\nexport function safeUrl(input: URL | string): URL | null {\n  try {\n    return new URL(input)\n  } catch {\n    return null\n  }\n}\n\nexport function extractUrlPath(url) {\n  // Extracts the path from a URL, without relying on the URL constructor\n  // (because it normalizes the URL)\n  const endOfProtocol = url.startsWith('https://')\n    ? 8\n    : url.startsWith('http://')\n      ? 7\n      : -1\n  if (endOfProtocol === -1) {\n    throw new TypeError('URL must use the \"https:\" or \"http:\" protocol')\n  }\n\n  const hashIdx = url.indexOf('#', endOfProtocol)\n  const questionIdx = url.indexOf('?', endOfProtocol)\n\n  const queryStrIdx =\n    questionIdx !== -1 && (hashIdx === -1 || questionIdx < hashIdx)\n      ? questionIdx\n      : -1\n\n  const pathEnd =\n    hashIdx === -1\n      ? queryStrIdx === -1\n        ? url.length\n        : queryStrIdx\n      : queryStrIdx === -1\n        ? hashIdx\n        : Math.min(hashIdx, queryStrIdx)\n\n  const slashIdx = url.indexOf('/', endOfProtocol)\n\n  const pathStart = slashIdx === -1 || slashIdx > pathEnd ? pathEnd : slashIdx\n\n  if (endOfProtocol === pathStart) {\n    throw new TypeError('URL must contain a host')\n  }\n\n  return url.substring(pathStart, pathEnd)\n}\n\nexport const jsonObjectPreprocess = (val: unknown) => {\n  if (typeof val === 'string' && val.startsWith('{') && val.endsWith('}')) {\n    try {\n      return JSON.parse(val)\n    } catch {\n      return val\n    }\n  }\n\n  return val\n}\n\nexport const numberPreprocess = (val: unknown): unknown => {\n  if (typeof val === 'string') {\n    const number = Number(val)\n    if (!Number.isNaN(number)) return number\n  }\n  return val\n}\n\n/**\n * Returns true if the two arrays contain the same elements, regardless of order\n * or duplicates.\n */\nexport function arrayEquivalent<T>(a: readonly T[], b: readonly T[]) {\n  if (a === b) return true\n  return a.every(includedIn, b) && b.every(includedIn, a)\n}\n\nexport function includedIn<T>(this: readonly T[], item: T) {\n  return this.includes(item)\n}\n\nexport function asArray<T>(\n  value: Iterable<T> | undefined,\n): undefined | readonly T[] {\n  if (value == null) return undefined\n  if (Array.isArray(value)) return value // already a (possibly readonly) array\n  return Array.from(value)\n}\n\nexport type SpaceSeparatedValue<Value extends string> =\n  `${'' | `${string} `}${Value}${'' | ` ${string}`}`\n\nexport const isSpaceSeparatedValue = <Value extends string>(\n  value: Value,\n  input: string,\n): input is SpaceSeparatedValue<Value> => {\n  if (value.length === 0) throw new TypeError('Value cannot be empty')\n  if (value.includes(' ')) throw new TypeError('Value cannot contain spaces')\n\n  // Optimized version of:\n  // return input.split(' ').includes(value)\n\n  const inputLength = input.length\n  const valueLength = value.length\n\n  if (inputLength < valueLength) return false\n\n  let idx = input.indexOf(value)\n  let idxEnd: number\n\n  while (idx !== -1) {\n    idxEnd = idx + valueLength\n\n    if (\n      // at beginning or preceded by space\n      (idx === 0 || input.charCodeAt(idx - 1) === 32) &&\n      // at end or followed by space\n      (idxEnd === inputLength || input.charCodeAt(idxEnd) === 32)\n    ) {\n      return true\n    }\n\n    idx = input.indexOf(value, idxEnd + 1)\n  }\n\n  return false\n}\n"]}
+{"version":3,"file":"util.js","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,WAAW;AACtB,mEAAmE;AACnE,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC;IACvB,oDAAoD;IACpD,CAAC,CAAC,MAAc,EAAW,EAAE;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,CAAC,CAAA;YACf,OAAO,IAAI,CAAA;QACb,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC,CAAC,CAAA;AAEJ,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO;IACP,IAAI,QAAQ,CAAC,KAAK,CAAC,sBAAsB,CAAC;QAAE,OAAO,IAAI,CAAA;IAEvD,OAAO;IACP,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAEnE,OAAO,KAAK,CAAA;AACd,CAAC;AAID,MAAM,UAAU,cAAc,CAAC,IAAa;IAC1C,OAAO,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,KAAK,OAAO,CAAA;AACzE,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACjC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAEjC,MAAM,GAAG,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAA;IACvC,OAAO,CACL,GAAG,KAAK,MAAM;QACd,GAAG,KAAK,OAAO;QACf,GAAG,KAAK,WAAW;QACnB,GAAG,KAAK,SAAS;QACjB,GAAG,KAAK,SAAS,CAClB,CAAA;AACH,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,KAAmB;IACzC,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,CAAA;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAG;IAChC,uEAAuE;IACvE,kCAAkC;IAClC,MAAM,aAAa,GAAG,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;QAC9C,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC;YACzB,CAAC,CAAC,CAAC;YACH,CAAC,CAAC,CAAC,CAAC,CAAA;IACR,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,SAAS,CAAC,+CAA+C,CAAC,CAAA;IACtE,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAC/C,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAEnD,MAAM,WAAW,GACf,WAAW,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,KAAK,CAAC,CAAC,IAAI,WAAW,GAAG,OAAO,CAAC;QAC7D,CAAC,CAAC,WAAW;QACb,CAAC,CAAC,CAAC,CAAC,CAAA;IAER,MAAM,OAAO,GACX,OAAO,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,GAAG,CAAC,MAAM;YACZ,CAAC,CAAC,WAAW;QACf,CAAC,CAAC,WAAW,KAAK,CAAC,CAAC;YAClB,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAA;IAEtC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAEhD,MAAM,SAAS,GAAG,QAAQ,KAAK,CAAC,CAAC,IAAI,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAA;IAE5E,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,SAAS,CAAC,yBAAyB,CAAC,CAAA;IAChD,CAAC;IAED,OAAO,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;AAC1C,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,GAAY,EAAE,EAAE;IACnD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACxE,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,CAAA;QACZ,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,GAAY,EAAW,EAAE;IACxD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAA;QAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAA;IAC1C,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAA;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAI,CAAe,EAAE,CAAe;IACjE,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IACxB,OAAO,CAAC,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAA;AACzD,CAAC;AAED,MAAM,UAAU,UAAU,CAAwB,IAAO;IACvD,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AAC5B,CAAC;AAED,MAAM,UAAU,OAAO,CACrB,KAA8B;IAE9B,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,SAAS,CAAA;IACnC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA,CAAC,sCAAsC;IAC7E,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAKD,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,KAAY,EACZ,KAAa,EACwB,EAAE;IACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,SAAS,CAAC,uBAAuB,CAAC,CAAA;IACpE,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,MAAM,IAAI,SAAS,CAAC,6BAA6B,CAAC,CAAA;IAE3E,wBAAwB;IACxB,0CAA0C;IAE1C,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAChC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAA;IAEhC,IAAI,WAAW,GAAG,WAAW;QAAE,OAAO,KAAK,CAAA;IAE3C,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;IAC9B,IAAI,MAAc,CAAA;IAElB,OAAO,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,GAAG,WAAW,CAAA;QAE1B;QACE,oCAAoC;QACpC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;YAC/C,8BAA8B;YAC9B,CAAC,MAAM,KAAK,WAAW,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,EAC3D,CAAC;YACD,OAAO,IAAI,CAAA;QACb,CAAC;QAED,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,CAAC,CAAC,CAAA;IACxC,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC,CAAA","sourcesContent":["export const canParseUrl =\n  // eslint-disable-next-line n/no-unsupported-features/node-builtins\n  URL.canParse?.bind(URL) ??\n  // URL.canParse is not available in Node.js < 18.7.0\n  ((urlStr: string): boolean => {\n    try {\n      new URL(urlStr)\n      return true\n    } catch {\n      return false\n    }\n  })\n\nexport function isHostnameIP(hostname: string) {\n  // IPv4\n  if (hostname.match(/^\\d+\\.\\d+\\.\\d+\\.\\d+$/)) return true\n\n  // IPv6\n  if (hostname.startsWith('[') && hostname.endsWith(']')) return true\n\n  return false\n}\n\nexport type LoopbackHost = 'localhost' | '127.0.0.1' | '[::1]'\n\nexport function isLoopbackHost(host: unknown): host is LoopbackHost {\n  return host === 'localhost' || host === '127.0.0.1' || host === '[::1]'\n}\n\nexport function isLocalHostname(hostname: string): boolean {\n  const parts = hostname.split('.')\n  if (parts.length < 2) return true\n\n  const tld = parts.at(-1)!.toLowerCase()\n  return (\n    tld === 'test' ||\n    tld === 'local' ||\n    tld === 'localhost' ||\n    tld === 'invalid' ||\n    tld === 'example'\n  )\n}\n\nexport function safeUrl(input: URL | string): URL | null {\n  try {\n    return new URL(input)\n  } catch {\n    return null\n  }\n}\n\nexport function extractUrlPath(url) {\n  // Extracts the path from a URL, without relying on the URL constructor\n  // (because it normalizes the URL)\n  const endOfProtocol = url.startsWith('https://')\n    ? 8\n    : url.startsWith('http://')\n      ? 7\n      : -1\n  if (endOfProtocol === -1) {\n    throw new TypeError('URL must use the \"https:\" or \"http:\" protocol')\n  }\n\n  const hashIdx = url.indexOf('#', endOfProtocol)\n  const questionIdx = url.indexOf('?', endOfProtocol)\n\n  const queryStrIdx =\n    questionIdx !== -1 && (hashIdx === -1 || questionIdx < hashIdx)\n      ? questionIdx\n      : -1\n\n  const pathEnd =\n    hashIdx === -1\n      ? queryStrIdx === -1\n        ? url.length\n        : queryStrIdx\n      : queryStrIdx === -1\n        ? hashIdx\n        : Math.min(hashIdx, queryStrIdx)\n\n  const slashIdx = url.indexOf('/', endOfProtocol)\n\n  const pathStart = slashIdx === -1 || slashIdx > pathEnd ? pathEnd : slashIdx\n\n  if (endOfProtocol === pathStart) {\n    throw new TypeError('URL must contain a host')\n  }\n\n  return url.substring(pathStart, pathEnd)\n}\n\nexport const jsonObjectPreprocess = (val: unknown) => {\n  if (typeof val === 'string' && val.startsWith('{') && val.endsWith('}')) {\n    try {\n      return JSON.parse(val)\n    } catch {\n      return val\n    }\n  }\n\n  return val\n}\n\nexport const numberPreprocess = (val: unknown): unknown => {\n  if (typeof val === 'string') {\n    const number = Number(val)\n    if (!Number.isNaN(number)) return number\n  }\n  return val\n}\n\n/**\n * Returns true if the two arrays contain the same elements, regardless of order\n * or duplicates.\n */\nexport function arrayEquivalent<T>(a: readonly T[], b: readonly T[]) {\n  if (a === b) return true\n  return a.every(includedIn, b) && b.every(includedIn, a)\n}\n\nexport function includedIn<T>(this: readonly T[], item: T) {\n  return this.includes(item)\n}\n\nexport function asArray<T>(\n  value: Iterable<T> | undefined,\n): undefined | readonly T[] {\n  if (value == null) return undefined\n  if (Array.isArray(value)) return value // already a (possibly readonly) array\n  return Array.from(value)\n}\n\nexport type SpaceSeparatedValue<Value extends string> =\n  `${'' | `${string} `}${Value}${'' | ` ${string}`}`\n\nexport const isSpaceSeparatedValue = <Value extends string>(\n  value: Value,\n  input: string,\n): input is SpaceSeparatedValue<Value> => {\n  if (value.length === 0) throw new TypeError('Value cannot be empty')\n  if (value.includes(' ')) throw new TypeError('Value cannot contain spaces')\n\n  // Optimized version of:\n  // return input.split(' ').includes(value)\n\n  const inputLength = input.length\n  const valueLength = value.length\n\n  if (inputLength < valueLength) return false\n\n  let idx = input.indexOf(value)\n  let idxEnd: number\n\n  while (idx !== -1) {\n    idxEnd = idx + valueLength\n\n    if (\n      // at beginning or preceded by space\n      (idx === 0 || input.charCodeAt(idx - 1) === 32) &&\n      // at end or followed by space\n      (idxEnd === inputLength || input.charCodeAt(idxEnd) === 32)\n    ) {\n      return true\n    }\n\n    idx = input.indexOf(value, idxEnd + 1)\n  }\n\n  return false\n}\n"]}

package/package.json

@@ -1,6 +1,9 @@
 {
   "name": "@atproto/oauth-types",
-  "version": "0.6.3",
+  "version": "0.7.0",
+  "engines": {
+    "node": ">=22"
+  },
   "license": "MIT",
   "description": "OAuth typing & validation library",
   "keywords": [
@@ -15,9 +18,7 @@
     "url": "https://github.com/bluesky-social/atproto",
     "directory": "packages/oauth/oauth-types"
   },
-  "type": "commonjs",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
+  "type": "module",
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
@@ -26,11 +27,11 @@
   },
   "dependencies": {
     "zod": "^3.23.8",
-    "@atproto/did": "^0.3.0",
-    "@atproto/jwk": "^0.6.0"
+    "@atproto/did": "^0.4.0",
+    "@atproto/jwk": "^0.7.0"
   },
   "devDependencies": {
-    "typescript": "^5.6.3"
+    "typescript": "^6.0.3"
   },
   "scripts": {
     "build": "tsc --build tsconfig.build.json"

package/src/atproto-oauth-token-response.ts

@@ -1,6 +1,6 @@
 import { TypeOf, z } from 'zod'
 import { atprotoDidSchema } from '@atproto/did'
-import { atprotoOAuthScopeSchema } from './atproto-oauth-scope'
+import { atprotoOAuthScopeSchema } from './atproto-oauth-scope.js'
 import { oauthTokenResponseSchema } from './oauth-token-response.js'
 
 export const atprotoOAuthTokenResponseSchema = oauthTokenResponseSchema.extend({

package/tsconfig.build.tsbuildinfo

@@ -1 +1 @@
-{"root":["./src/atproto-loopback-client-id.ts","./src/atproto-loopback-client-metadata.ts","./src/atproto-loopback-client-redirect-uris.ts","./src/atproto-oauth-scope.ts","./src/atproto-oauth-token-response.ts","./src/constants.ts","./src/index.ts","./src/oauth-access-token.ts","./src/oauth-authorization-code-grant-token-request.ts","./src/oauth-authorization-details.ts","./src/oauth-authorization-request-jar.ts","./src/oauth-authorization-request-par.ts","./src/oauth-authorization-request-parameters.ts","./src/oauth-authorization-request-query.ts","./src/oauth-authorization-request-uri.ts","./src/oauth-authorization-response-error.ts","./src/oauth-authorization-server-metadata.ts","./src/oauth-client-credentials-grant-token-request.ts","./src/oauth-client-credentials.ts","./src/oauth-client-id-discoverable.ts","./src/oauth-client-id-loopback.ts","./src/oauth-client-id.ts","./src/oauth-client-metadata.ts","./src/oauth-code-challenge-method.ts","./src/oauth-endpoint-auth-method.ts","./src/oauth-endpoint-name.ts","./src/oauth-grant-type.ts","./src/oauth-introspection-response.ts","./src/oauth-issuer-identifier.ts","./src/oauth-par-response.ts","./src/oauth-password-grant-token-request.ts","./src/oauth-prompt-mode.ts","./src/oauth-protected-resource-metadata.ts","./src/oauth-redirect-uri.ts","./src/oauth-refresh-token-grant-token-request.ts","./src/oauth-refresh-token.ts","./src/oauth-request-uri.ts","./src/oauth-response-mode.ts","./src/oauth-response-type.ts","./src/oauth-scope.ts","./src/oauth-token-identification.ts","./src/oauth-token-request.ts","./src/oauth-token-response.ts","./src/oauth-token-type.ts","./src/oidc-authorization-error-response.ts","./src/oidc-claims-parameter.ts","./src/oidc-claims-properties.ts","./src/oidc-entity-type.ts","./src/oidc-userinfo.ts","./src/uri.ts","./src/util.ts"],"version":"5.8.2"}
+{"root":["./src/atproto-loopback-client-id.ts","./src/atproto-loopback-client-metadata.ts","./src/atproto-loopback-client-redirect-uris.ts","./src/atproto-oauth-scope.ts","./src/atproto-oauth-token-response.ts","./src/constants.ts","./src/index.ts","./src/oauth-access-token.ts","./src/oauth-authorization-code-grant-token-request.ts","./src/oauth-authorization-details.ts","./src/oauth-authorization-request-jar.ts","./src/oauth-authorization-request-par.ts","./src/oauth-authorization-request-parameters.ts","./src/oauth-authorization-request-query.ts","./src/oauth-authorization-request-uri.ts","./src/oauth-authorization-response-error.ts","./src/oauth-authorization-server-metadata.ts","./src/oauth-client-credentials-grant-token-request.ts","./src/oauth-client-credentials.ts","./src/oauth-client-id-discoverable.ts","./src/oauth-client-id-loopback.ts","./src/oauth-client-id.ts","./src/oauth-client-metadata.ts","./src/oauth-code-challenge-method.ts","./src/oauth-endpoint-auth-method.ts","./src/oauth-endpoint-name.ts","./src/oauth-grant-type.ts","./src/oauth-introspection-response.ts","./src/oauth-issuer-identifier.ts","./src/oauth-par-response.ts","./src/oauth-password-grant-token-request.ts","./src/oauth-prompt-mode.ts","./src/oauth-protected-resource-metadata.ts","./src/oauth-redirect-uri.ts","./src/oauth-refresh-token-grant-token-request.ts","./src/oauth-refresh-token.ts","./src/oauth-request-uri.ts","./src/oauth-response-mode.ts","./src/oauth-response-type.ts","./src/oauth-scope.ts","./src/oauth-token-identification.ts","./src/oauth-token-request.ts","./src/oauth-token-response.ts","./src/oauth-token-type.ts","./src/oidc-authorization-error-response.ts","./src/oidc-claims-parameter.ts","./src/oidc-claims-properties.ts","./src/oidc-entity-type.ts","./src/oidc-userinfo.ts","./src/uri.ts","./src/util.ts"],"version":"6.0.3"}