@atproto/pds 0.4.104 → 0.4.106

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (209) hide show
  1. package/CHANGELOG.md +34 -0
  2. package/dist/account-manager/{index.d.ts → account-manager.d.ts} +26 -35
  3. package/dist/account-manager/account-manager.d.ts.map +1 -0
  4. package/dist/account-manager/{index.js → account-manager.js} +52 -207
  5. package/dist/account-manager/account-manager.js.map +1 -0
  6. package/dist/account-manager/helpers/account.d.ts +3 -3
  7. package/dist/account-manager/helpers/device-account.d.ts +15 -15
  8. package/dist/account-manager/helpers/device-account.d.ts.map +1 -1
  9. package/dist/account-manager/helpers/device-account.js +2 -1
  10. package/dist/account-manager/helpers/device-account.js.map +1 -1
  11. package/dist/account-manager/helpers/token.d.ts +98 -98
  12. package/dist/account-manager/oauth-store.d.ts +58 -0
  13. package/dist/account-manager/oauth-store.d.ts.map +1 -0
  14. package/dist/account-manager/oauth-store.js +417 -0
  15. package/dist/account-manager/oauth-store.js.map +1 -0
  16. package/dist/actor-store/record/reader.d.ts +3 -3
  17. package/dist/actor-store/repo/reader.d.ts +2 -0
  18. package/dist/actor-store/repo/reader.d.ts.map +1 -1
  19. package/dist/actor-store/repo/reader.js +9 -0
  20. package/dist/actor-store/repo/reader.js.map +1 -1
  21. package/dist/actor-store/repo/sql-repo-reader.d.ts +1 -1
  22. package/dist/actor-store/repo/transactor.d.ts.map +1 -1
  23. package/dist/actor-store/repo/transactor.js +13 -4
  24. package/dist/actor-store/repo/transactor.js.map +1 -1
  25. package/dist/api/com/atproto/admin/deleteAccount.d.ts.map +1 -1
  26. package/dist/api/com/atproto/admin/deleteAccount.js +2 -3
  27. package/dist/api/com/atproto/admin/deleteAccount.js.map +1 -1
  28. package/dist/api/com/atproto/admin/updateAccountHandle.d.ts.map +1 -1
  29. package/dist/api/com/atproto/admin/updateAccountHandle.js +2 -6
  30. package/dist/api/com/atproto/admin/updateAccountHandle.js.map +1 -1
  31. package/dist/api/com/atproto/identity/resolveHandle.d.ts.map +1 -1
  32. package/dist/api/com/atproto/identity/resolveHandle.js +2 -36
  33. package/dist/api/com/atproto/identity/resolveHandle.js.map +1 -1
  34. package/dist/api/com/atproto/identity/updateHandle.d.ts.map +1 -1
  35. package/dist/api/com/atproto/identity/updateHandle.js +1 -7
  36. package/dist/api/com/atproto/identity/updateHandle.js.map +1 -1
  37. package/dist/api/com/atproto/server/activateAccount.d.ts.map +1 -1
  38. package/dist/api/com/atproto/server/activateAccount.js +2 -18
  39. package/dist/api/com/atproto/server/activateAccount.js.map +1 -1
  40. package/dist/api/com/atproto/server/createAccount.d.ts.map +1 -1
  41. package/dist/api/com/atproto/server/createAccount.js +7 -7
  42. package/dist/api/com/atproto/server/createAccount.js.map +1 -1
  43. package/dist/api/com/atproto/server/createSession.js +1 -1
  44. package/dist/api/com/atproto/server/createSession.js.map +1 -1
  45. package/dist/api/com/atproto/server/deleteAccount.d.ts.map +1 -1
  46. package/dist/api/com/atproto/server/deleteAccount.js +2 -3
  47. package/dist/api/com/atproto/server/deleteAccount.js.map +1 -1
  48. package/dist/api/com/atproto/server/getSession.js +1 -1
  49. package/dist/api/com/atproto/server/getSession.js.map +1 -1
  50. package/dist/api/com/atproto/server/refreshSession.js +1 -1
  51. package/dist/api/com/atproto/server/refreshSession.js.map +1 -1
  52. package/dist/api/com/atproto/sync/getRecord.d.ts.map +1 -1
  53. package/dist/api/com/atproto/sync/getRecord.js.map +1 -1
  54. package/dist/api/com/atproto/sync/getRepoStatus.js +1 -1
  55. package/dist/api/com/atproto/sync/getRepoStatus.js.map +1 -1
  56. package/dist/api/com/atproto/sync/listRepos.js +1 -1
  57. package/dist/api/com/atproto/sync/listRepos.js.map +1 -1
  58. package/dist/api/com/atproto/sync/subscribeRepos.d.ts.map +1 -1
  59. package/dist/api/com/atproto/sync/subscribeRepos.js +2 -10
  60. package/dist/api/com/atproto/sync/subscribeRepos.js.map +1 -1
  61. package/dist/app-view.d.ts +14 -0
  62. package/dist/app-view.d.ts.map +1 -0
  63. package/dist/app-view.js +36 -0
  64. package/dist/app-view.js.map +1 -0
  65. package/dist/auth-routes.d.ts +1 -1
  66. package/dist/auth-routes.d.ts.map +1 -1
  67. package/dist/auth-routes.js +9 -3
  68. package/dist/auth-routes.js.map +1 -1
  69. package/dist/auth-verifier.d.ts +1 -1
  70. package/dist/auth-verifier.d.ts.map +1 -1
  71. package/dist/config/config.d.ts +3 -2
  72. package/dist/config/config.d.ts.map +1 -1
  73. package/dist/config/config.js +17 -7
  74. package/dist/config/config.js.map +1 -1
  75. package/dist/config/env.d.ts +4 -0
  76. package/dist/config/env.d.ts.map +1 -1
  77. package/dist/config/env.js +5 -0
  78. package/dist/config/env.js.map +1 -1
  79. package/dist/context.d.ts +4 -4
  80. package/dist/context.d.ts.map +1 -1
  81. package/dist/context.js +24 -18
  82. package/dist/context.js.map +1 -1
  83. package/dist/handle/index.d.ts +0 -7
  84. package/dist/handle/index.d.ts.map +1 -1
  85. package/dist/handle/index.js +4 -58
  86. package/dist/handle/index.js.map +1 -1
  87. package/dist/image/image-url.d.ts +8 -0
  88. package/dist/image/image-url.d.ts.map +1 -0
  89. package/dist/image/image-url.js +26 -0
  90. package/dist/image/image-url.js.map +1 -0
  91. package/dist/lexicon/index.d.ts +6 -0
  92. package/dist/lexicon/index.d.ts.map +1 -1
  93. package/dist/lexicon/index.js +12 -0
  94. package/dist/lexicon/index.js.map +1 -1
  95. package/dist/lexicon/lexicons.d.ts +310 -130
  96. package/dist/lexicon/lexicons.d.ts.map +1 -1
  97. package/dist/lexicon/lexicons.js +171 -67
  98. package/dist/lexicon/lexicons.js.map +1 -1
  99. package/dist/lexicon/types/app/bsky/embed/video.d.ts +1 -0
  100. package/dist/lexicon/types/app/bsky/embed/video.d.ts.map +1 -1
  101. package/dist/lexicon/types/app/bsky/embed/video.js.map +1 -1
  102. package/dist/lexicon/types/com/atproto/identity/defs.d.ts +17 -0
  103. package/dist/lexicon/types/com/atproto/identity/defs.d.ts.map +1 -0
  104. package/dist/lexicon/types/com/atproto/identity/defs.js +16 -0
  105. package/dist/lexicon/types/com/atproto/identity/defs.js.map +1 -0
  106. package/dist/lexicon/types/com/atproto/identity/refreshIdentity.d.ts +39 -0
  107. package/dist/lexicon/types/com/atproto/identity/refreshIdentity.d.ts.map +1 -0
  108. package/dist/lexicon/types/com/atproto/identity/refreshIdentity.js +7 -0
  109. package/dist/lexicon/types/com/atproto/identity/refreshIdentity.js.map +1 -0
  110. package/dist/lexicon/types/com/atproto/identity/resolveDid.d.ts +40 -0
  111. package/dist/lexicon/types/com/atproto/identity/resolveDid.d.ts.map +1 -0
  112. package/dist/lexicon/types/com/atproto/identity/resolveDid.js +7 -0
  113. package/dist/lexicon/types/com/atproto/identity/resolveDid.js.map +1 -0
  114. package/dist/lexicon/types/com/atproto/identity/resolveHandle.d.ts +1 -0
  115. package/dist/lexicon/types/com/atproto/identity/resolveHandle.d.ts.map +1 -1
  116. package/dist/lexicon/types/com/atproto/identity/resolveIdentity.d.ts +36 -0
  117. package/dist/lexicon/types/com/atproto/identity/resolveIdentity.d.ts.map +1 -0
  118. package/dist/lexicon/types/com/atproto/identity/resolveIdentity.js +7 -0
  119. package/dist/lexicon/types/com/atproto/identity/resolveIdentity.js.map +1 -0
  120. package/dist/lexicon/types/com/atproto/sync/subscribeRepos.d.ts +1 -30
  121. package/dist/lexicon/types/com/atproto/sync/subscribeRepos.d.ts.map +1 -1
  122. package/dist/lexicon/types/com/atproto/sync/subscribeRepos.js +0 -27
  123. package/dist/lexicon/types/com/atproto/sync/subscribeRepos.js.map +1 -1
  124. package/dist/lexicon/types/tools/ozone/team/listMembers.d.ts +1 -0
  125. package/dist/lexicon/types/tools/ozone/team/listMembers.d.ts.map +1 -1
  126. package/dist/mailer/index.d.ts +5 -5
  127. package/dist/mailer/index.d.ts.map +1 -1
  128. package/dist/mailer/index.js +6 -5
  129. package/dist/mailer/index.js.map +1 -1
  130. package/dist/read-after-write/viewer.d.ts +1 -1
  131. package/dist/read-after-write/viewer.d.ts.map +1 -1
  132. package/dist/repo/types.d.ts +6 -2
  133. package/dist/repo/types.d.ts.map +1 -1
  134. package/dist/repo/types.js.map +1 -1
  135. package/dist/scripts/rebuild-repo.d.ts.map +1 -1
  136. package/dist/scripts/rebuild-repo.js +2 -1
  137. package/dist/scripts/rebuild-repo.js.map +1 -1
  138. package/dist/sequencer/db/schema.d.ts +1 -1
  139. package/dist/sequencer/db/schema.d.ts.map +1 -1
  140. package/dist/sequencer/events.d.ts +27 -38
  141. package/dist/sequencer/events.d.ts.map +1 -1
  142. package/dist/sequencer/events.js +40 -58
  143. package/dist/sequencer/events.js.map +1 -1
  144. package/dist/sequencer/sequencer.d.ts +2 -3
  145. package/dist/sequencer/sequencer.d.ts.map +1 -1
  146. package/dist/sequencer/sequencer.js +5 -17
  147. package/dist/sequencer/sequencer.js.map +1 -1
  148. package/package.json +15 -15
  149. package/src/account-manager/{index.ts → account-manager.ts} +107 -307
  150. package/src/account-manager/helpers/device-account.ts +1 -0
  151. package/src/account-manager/oauth-store.ts +494 -0
  152. package/src/actor-store/repo/reader.ts +11 -0
  153. package/src/actor-store/repo/transactor.ts +15 -4
  154. package/src/api/com/atproto/admin/deleteAccount.ts +2 -3
  155. package/src/api/com/atproto/admin/updateAccountHandle.ts +7 -8
  156. package/src/api/com/atproto/identity/resolveHandle.ts +2 -11
  157. package/src/api/com/atproto/identity/updateHandle.ts +4 -7
  158. package/src/api/com/atproto/server/activateAccount.ts +4 -18
  159. package/src/api/com/atproto/server/createAccount.ts +15 -11
  160. package/src/api/com/atproto/server/createSession.ts +1 -1
  161. package/src/api/com/atproto/server/deleteAccount.ts +2 -3
  162. package/src/api/com/atproto/server/getSession.ts +1 -1
  163. package/src/api/com/atproto/server/refreshSession.ts +1 -1
  164. package/src/api/com/atproto/sync/getRecord.ts +0 -1
  165. package/src/api/com/atproto/sync/getRepoStatus.ts +1 -1
  166. package/src/api/com/atproto/sync/listRepos.ts +1 -1
  167. package/src/api/com/atproto/sync/subscribeRepos.ts +2 -9
  168. package/src/app-view.ts +24 -0
  169. package/src/auth-routes.ts +9 -3
  170. package/src/auth-verifier.ts +1 -1
  171. package/src/config/config.ts +25 -13
  172. package/src/config/env.ts +12 -0
  173. package/src/context.ts +44 -24
  174. package/src/handle/index.ts +6 -52
  175. package/src/image/image-url.ts +16 -0
  176. package/src/lexicon/index.ts +36 -0
  177. package/src/lexicon/lexicons.ts +186 -67
  178. package/src/lexicon/types/app/bsky/embed/video.ts +1 -0
  179. package/src/lexicon/types/com/atproto/identity/defs.ts +30 -0
  180. package/src/lexicon/types/com/atproto/identity/refreshIdentity.ts +52 -0
  181. package/src/lexicon/types/com/atproto/identity/resolveDid.ts +52 -0
  182. package/src/lexicon/types/com/atproto/identity/resolveHandle.ts +1 -0
  183. package/src/lexicon/types/com/atproto/identity/resolveIdentity.ts +48 -0
  184. package/src/lexicon/types/com/atproto/sync/subscribeRepos.ts +0 -59
  185. package/src/lexicon/types/tools/ozone/team/listMembers.ts +1 -0
  186. package/src/mailer/index.ts +7 -5
  187. package/src/read-after-write/viewer.ts +1 -1
  188. package/src/repo/types.ts +7 -2
  189. package/src/scripts/rebuild-repo.ts +4 -1
  190. package/src/sequencer/db/schema.ts +1 -8
  191. package/src/sequencer/events.ts +47 -75
  192. package/src/sequencer/sequencer.ts +9 -23
  193. package/tests/account-deletion.test.ts +3 -5
  194. package/tests/oauth.test.ts +286 -71
  195. package/tests/sequencer.test.ts +20 -29
  196. package/tests/sync/subscribe-repos.test.ts +89 -45
  197. package/tsconfig.build.tsbuildinfo +1 -1
  198. package/dist/account-manager/index.d.ts.map +0 -1
  199. package/dist/account-manager/index.js.map +0 -1
  200. package/dist/actor-store/repo/util.d.ts +0 -5
  201. package/dist/actor-store/repo/util.d.ts.map +0 -1
  202. package/dist/actor-store/repo/util.js +0 -25
  203. package/dist/actor-store/repo/util.js.map +0 -1
  204. package/dist/oauth/provider.d.ts +0 -10
  205. package/dist/oauth/provider.d.ts.map +0 -1
  206. package/dist/oauth/provider.js +0 -38
  207. package/dist/oauth/provider.js.map +0 -1
  208. package/src/actor-store/repo/util.ts +0 -22
  209. package/src/oauth/provider.ts +0 -59
@@ -0,0 +1,58 @@
1
+ import { Client } from '@did-plc/lib';
2
+ import { Keypair } from '@atproto/crypto';
3
+ import { Account, AccountInfo, AccountStore, AuthenticateAccountData, Code, DeviceAccountInfo, DeviceData, DeviceId, DeviceStore, FoundRequestResult, NewTokenData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmData, ResetPasswordRequestData, SignUpData, TokenData, TokenId, TokenInfo, TokenStore, UpdateRequestData } from '@atproto/oauth-provider';
4
+ import { ActorStore } from '../actor-store/actor-store';
5
+ import { BackgroundQueue } from '../background';
6
+ import { ImageUrlBuilder } from '../image/image-url-builder';
7
+ import { ServerMailer } from '../mailer';
8
+ import { Sequencer } from '../sequencer';
9
+ import { AccountManager } from './account-manager';
10
+ /**
11
+ * This class' purpose is to implement the interface needed by the OAuthProvider
12
+ * to interact with the account database (through the {@link AccountManager}).
13
+ *
14
+ * @note The use of this class assumes that there is no entryway.
15
+ */
16
+ export declare class OAuthStore implements AccountStore, RequestStore, DeviceStore, TokenStore {
17
+ private readonly accountManager;
18
+ private readonly actorStore;
19
+ private readonly imageUrlBuilder;
20
+ private readonly backgroundQueue;
21
+ private readonly mailer;
22
+ private readonly sequencer;
23
+ private readonly plcClient;
24
+ private readonly plcRotationKey;
25
+ private readonly publicUrl;
26
+ private readonly recoveryDidKey;
27
+ constructor(accountManager: AccountManager, actorStore: ActorStore, imageUrlBuilder: ImageUrlBuilder, backgroundQueue: BackgroundQueue, mailer: ServerMailer, sequencer: Sequencer, plcClient: Client, plcRotationKey: Keypair, publicUrl: string, recoveryDidKey: string | null);
28
+ private get db();
29
+ private get serviceDid();
30
+ private buildAccount;
31
+ private verifyEmailAvailability;
32
+ createAccount({ locale: _locale, inviteCode, handle, email, password, }: SignUpData): Promise<Account>;
33
+ authenticateAccount({ locale: _locale, username: identifier, password, emailOtp, }: AuthenticateAccountData): Promise<Account>;
34
+ addDeviceAccount(deviceId: DeviceId, sub: string, remember: boolean): Promise<DeviceAccountInfo>;
35
+ addAuthorizedClient(deviceId: DeviceId, sub: string, clientId: string): Promise<void>;
36
+ getDeviceAccount(deviceId: DeviceId, sub: string): Promise<AccountInfo | null>;
37
+ listDeviceAccounts(deviceId: DeviceId): Promise<AccountInfo[]>;
38
+ removeDeviceAccount(deviceId: DeviceId, sub: string): Promise<void>;
39
+ resetPasswordRequest({ locale: _locale, email, }: ResetPasswordRequestData): Promise<void>;
40
+ resetPasswordConfirm(data: ResetPasswordConfirmData): Promise<void>;
41
+ verifyHandleAvailability(handle: string): Promise<void>;
42
+ createRequest(id: RequestId, data: RequestData): Promise<void>;
43
+ readRequest(id: RequestId): Promise<RequestData | null>;
44
+ updateRequest(id: RequestId, data: UpdateRequestData): Promise<void>;
45
+ deleteRequest(id: RequestId): Promise<void>;
46
+ findRequestByCode(code: Code): Promise<FoundRequestResult | null>;
47
+ createDevice(deviceId: DeviceId, data: DeviceData): Promise<void>;
48
+ readDevice(deviceId: DeviceId): Promise<null | DeviceData>;
49
+ updateDevice(deviceId: DeviceId, data: Partial<DeviceData>): Promise<void>;
50
+ deleteDevice(deviceId: DeviceId): Promise<void>;
51
+ createToken(id: TokenId, data: TokenData, refreshToken?: RefreshToken): Promise<void>;
52
+ readToken(tokenId: TokenId): Promise<TokenInfo | null>;
53
+ deleteToken(tokenId: TokenId): Promise<void>;
54
+ rotateToken(tokenId: TokenId, newTokenId: TokenId, newRefreshToken: RefreshToken, newData: NewTokenData): Promise<void>;
55
+ findTokenByRefreshToken(refreshToken: RefreshToken): Promise<TokenInfo | null>;
56
+ findTokenByCode(code: Code): Promise<TokenInfo | null>;
57
+ }
58
+ //# sourceMappingURL=oauth-store.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EACL,OAAO,EACP,WAAW,EACX,YAAY,EACZ,uBAAuB,EACvB,IAAI,EACJ,iBAAiB,EACjB,UAAU,EACV,QAAQ,EACR,WAAW,EACX,kBAAkB,EAGlB,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,wBAAwB,EACxB,wBAAwB,EACxB,UAAU,EACV,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,iBAAiB,EAClB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAA;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAA;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAQlD;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,UAAU;IAG5D,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;gBATd,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI;IAGhD,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,YAAY;YAuBZ,uBAAuB;IAe/B,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAkE1B,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC;IA4BvC,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,OAAO,GAChB,OAAO,CAAC,iBAAiB,CAAC;IAQvB,mBAAmB,CACvB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC;IAiBV,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAaxB,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAa9D,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnE,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACN,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IAqBrC,oBAAoB,CAAC,IAAI,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IAInE,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkCvD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9D,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAevD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,iBAAiB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAOjE,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjE,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC;IAK1D,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC;IAIV,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC;IAgBV,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAKtD,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAK5C,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC;IA6BV,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAatB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;CAI7D"}
@@ -0,0 +1,417 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || function (mod) {
19
+ if (mod && mod.__esModule) return mod;
20
+ var result = {};
21
+ if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
22
+ __setModuleDefault(result, mod);
23
+ return result;
24
+ };
25
+ Object.defineProperty(exports, "__esModule", { value: true });
26
+ exports.OAuthStore = void 0;
27
+ const lib_1 = require("@did-plc/lib");
28
+ const crypto_1 = require("@atproto/crypto");
29
+ const oauth_provider_1 = require("@atproto/oauth-provider");
30
+ const xrpc_server_1 = require("@atproto/xrpc-server");
31
+ const account_1 = require("./helpers/account");
32
+ const authRequest = __importStar(require("./helpers/authorization-request"));
33
+ const device = __importStar(require("./helpers/device"));
34
+ const deviceAccount = __importStar(require("./helpers/device-account"));
35
+ const token = __importStar(require("./helpers/token"));
36
+ const usedRefreshToken = __importStar(require("./helpers/used-refresh-token"));
37
+ /**
38
+ * This class' purpose is to implement the interface needed by the OAuthProvider
39
+ * to interact with the account database (through the {@link AccountManager}).
40
+ *
41
+ * @note The use of this class assumes that there is no entryway.
42
+ */
43
+ class OAuthStore {
44
+ constructor(accountManager, actorStore, imageUrlBuilder, backgroundQueue, mailer, sequencer, plcClient, plcRotationKey, publicUrl, recoveryDidKey) {
45
+ Object.defineProperty(this, "accountManager", {
46
+ enumerable: true,
47
+ configurable: true,
48
+ writable: true,
49
+ value: accountManager
50
+ });
51
+ Object.defineProperty(this, "actorStore", {
52
+ enumerable: true,
53
+ configurable: true,
54
+ writable: true,
55
+ value: actorStore
56
+ });
57
+ Object.defineProperty(this, "imageUrlBuilder", {
58
+ enumerable: true,
59
+ configurable: true,
60
+ writable: true,
61
+ value: imageUrlBuilder
62
+ });
63
+ Object.defineProperty(this, "backgroundQueue", {
64
+ enumerable: true,
65
+ configurable: true,
66
+ writable: true,
67
+ value: backgroundQueue
68
+ });
69
+ Object.defineProperty(this, "mailer", {
70
+ enumerable: true,
71
+ configurable: true,
72
+ writable: true,
73
+ value: mailer
74
+ });
75
+ Object.defineProperty(this, "sequencer", {
76
+ enumerable: true,
77
+ configurable: true,
78
+ writable: true,
79
+ value: sequencer
80
+ });
81
+ Object.defineProperty(this, "plcClient", {
82
+ enumerable: true,
83
+ configurable: true,
84
+ writable: true,
85
+ value: plcClient
86
+ });
87
+ Object.defineProperty(this, "plcRotationKey", {
88
+ enumerable: true,
89
+ configurable: true,
90
+ writable: true,
91
+ value: plcRotationKey
92
+ });
93
+ Object.defineProperty(this, "publicUrl", {
94
+ enumerable: true,
95
+ configurable: true,
96
+ writable: true,
97
+ value: publicUrl
98
+ });
99
+ Object.defineProperty(this, "recoveryDidKey", {
100
+ enumerable: true,
101
+ configurable: true,
102
+ writable: true,
103
+ value: recoveryDidKey
104
+ });
105
+ }
106
+ get db() {
107
+ const { db } = this.accountManager;
108
+ if (db.destroyed)
109
+ throw new Error('Database connection is closed');
110
+ return db;
111
+ }
112
+ get serviceDid() {
113
+ return this.accountManager.serviceDid;
114
+ }
115
+ async buildAccount(row) {
116
+ const account = deviceAccount.toAccount(row, this.serviceDid);
117
+ if (!account.name || !account.picture) {
118
+ const did = account.sub;
119
+ const profile = await this.actorStore.read(did, async (store) => {
120
+ return store.record.getProfileRecord();
121
+ });
122
+ if (profile) {
123
+ const { avatar, displayName } = profile;
124
+ account.name || (account.name = displayName);
125
+ account.picture || (account.picture = avatar
126
+ ? this.imageUrlBuilder.build('avatar', did, avatar.ref.toString())
127
+ : undefined);
128
+ }
129
+ }
130
+ return account;
131
+ }
132
+ async verifyEmailAvailability(email) {
133
+ // @NOTE Email validity & disposability check performed by the OAuthProvider
134
+ const account = await this.accountManager.getAccountByEmail(email, {
135
+ includeDeactivated: true,
136
+ includeTakenDown: true,
137
+ });
138
+ if (account) {
139
+ throw new oauth_provider_1.InvalidRequestError(`Email already taken`);
140
+ }
141
+ }
142
+ // AccountStore
143
+ async createAccount({ locale: _locale, inviteCode, handle, email, password, }) {
144
+ // @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)
145
+ // @NOTE Password strength already enforced by the OAuthProvider
146
+ await Promise.all([
147
+ this.verifyEmailAvailability(email),
148
+ this.verifyHandleAvailability(handle),
149
+ !inviteCode || this.accountManager.ensureInviteIsAvailable(inviteCode),
150
+ ]);
151
+ // @TODO The code bellow should probably be refactored to be common with the
152
+ // code of the `com.atproto.server.createAccount` XRPC endpoint.
153
+ const signingKey = await crypto_1.Secp256k1Keypair.create({ exportable: true });
154
+ const signingKeyDid = signingKey.did();
155
+ const plcCreate = await (0, lib_1.createOp)({
156
+ signingKey: signingKeyDid,
157
+ rotationKeys: this.recoveryDidKey
158
+ ? [this.recoveryDidKey, this.plcRotationKey.did()]
159
+ : [this.plcRotationKey.did()],
160
+ handle,
161
+ pds: this.publicUrl,
162
+ signer: this.plcRotationKey,
163
+ });
164
+ const { did, op } = plcCreate;
165
+ await this.actorStore.create(did, signingKey);
166
+ try {
167
+ const commit = await this.actorStore.transact(did, (actorTxn) => actorTxn.repo.createRepo([]));
168
+ await this.plcClient.sendOperation(did, op);
169
+ await this.accountManager.createAccount({
170
+ did,
171
+ handle,
172
+ email,
173
+ password,
174
+ inviteCode,
175
+ repoCid: commit.cid,
176
+ repoRev: commit.rev,
177
+ });
178
+ try {
179
+ await this.sequencer.sequenceIdentityEvt(did, handle);
180
+ await this.sequencer.sequenceAccountEvt(did, account_1.AccountStatus.Active);
181
+ await this.sequencer.sequenceCommit(did, commit);
182
+ await this.accountManager.updateRepoRoot(did, commit.cid, commit.rev);
183
+ await this.actorStore.clearReservedKeypair(signingKeyDid, did);
184
+ const account = await this.accountManager.getAccount(did);
185
+ if (!account)
186
+ throw new Error('Account not found');
187
+ return await this.buildAccount(account);
188
+ }
189
+ catch (err) {
190
+ this.accountManager.deleteAccount(did);
191
+ throw err;
192
+ }
193
+ }
194
+ catch (err) {
195
+ await this.actorStore.destroy(did);
196
+ throw err;
197
+ }
198
+ }
199
+ async authenticateAccount({ locale: _locale, username: identifier, password,
200
+ // Not supported by the PDS (yet?)
201
+ emailOtp = undefined, }) {
202
+ // @TODO (?) Send an email to the user to notify them of the login attempt
203
+ try {
204
+ // Should never happen
205
+ if (emailOtp != null) {
206
+ throw new Error('Email OTP is not supported');
207
+ }
208
+ const { user, appPassword, isSoftDeleted } = await this.accountManager.login({ identifier, password });
209
+ if (isSoftDeleted) {
210
+ throw new oauth_provider_1.InvalidRequestError('Account was taken down');
211
+ }
212
+ if (appPassword) {
213
+ throw new oauth_provider_1.InvalidRequestError('App passwords are not allowed');
214
+ }
215
+ return this.buildAccount(user);
216
+ }
217
+ catch (err) {
218
+ if (err instanceof xrpc_server_1.AuthRequiredError) {
219
+ throw new oauth_provider_1.InvalidRequestError(err.message, err);
220
+ }
221
+ throw err;
222
+ }
223
+ }
224
+ async addDeviceAccount(deviceId, sub, remember) {
225
+ const [row] = await this.db.executeWithRetry(deviceAccount.createOrUpdateQB(this.db, deviceId, sub, remember));
226
+ if (!row)
227
+ throw new Error('Failed to create device account');
228
+ return deviceAccount.toDeviceAccountInfo(row);
229
+ }
230
+ async addAuthorizedClient(deviceId, sub, clientId) {
231
+ await this.db.transaction(async (dbTxn) => {
232
+ const row = await deviceAccount
233
+ .readQB(dbTxn, deviceId, sub)
234
+ .executeTakeFirstOrThrow();
235
+ const { authorizedClients } = deviceAccount.toDeviceAccountInfo(row);
236
+ if (!authorizedClients.includes(clientId)) {
237
+ await deviceAccount
238
+ .updateQB(dbTxn, deviceId, sub, {
239
+ authorizedClients: [...authorizedClients, clientId],
240
+ })
241
+ .execute();
242
+ }
243
+ });
244
+ }
245
+ async getDeviceAccount(deviceId, sub) {
246
+ const row = await deviceAccount
247
+ .getAccountInfoQB(this.db, deviceId, sub)
248
+ .executeTakeFirst();
249
+ if (!row)
250
+ return null;
251
+ return {
252
+ account: await this.buildAccount(row),
253
+ info: deviceAccount.toDeviceAccountInfo(row),
254
+ };
255
+ }
256
+ async listDeviceAccounts(deviceId) {
257
+ const rows = await deviceAccount
258
+ .listRememberedQB(this.db, deviceId)
259
+ .execute();
260
+ return Promise.all(rows.map(async (row) => ({
261
+ account: await this.buildAccount(row),
262
+ info: deviceAccount.toDeviceAccountInfo(row),
263
+ })));
264
+ }
265
+ async removeDeviceAccount(deviceId, sub) {
266
+ await this.db.executeWithRetry(deviceAccount.removeQB(this.db, deviceId, sub));
267
+ }
268
+ async resetPasswordRequest({ locale: _locale, email, }) {
269
+ const account = await this.accountManager.getAccountByEmail(email, {
270
+ includeDeactivated: true,
271
+ includeTakenDown: true,
272
+ });
273
+ if (!account?.email || !account?.handle)
274
+ return;
275
+ const { handle } = account;
276
+ const token = await this.accountManager.createEmailToken(account.did, 'reset_password');
277
+ // @TODO Use the locale to send the email in the right language
278
+ await this.mailer.sendResetPassword({ handle, token }, { to: account.email });
279
+ }
280
+ async resetPasswordConfirm(data) {
281
+ await this.accountManager.resetPassword(data);
282
+ }
283
+ async verifyHandleAvailability(handle) {
284
+ // @NOTE Handle validity & normalization already enforced by the OAuthProvider
285
+ try {
286
+ const normalized = await this.accountManager.normalizeAndValidateHandle(handle);
287
+ // Should never happen (OAuthProvider should have already validated the
288
+ // handle) This check is just a safeguard against future normalization
289
+ // changes.
290
+ if (normalized !== handle) {
291
+ throw new oauth_provider_1.HandleUnavailableError('syntax', 'Invalid handle');
292
+ }
293
+ const account = await this.accountManager.getAccount(normalized, {
294
+ includeDeactivated: true,
295
+ includeTakenDown: true,
296
+ });
297
+ if (account) {
298
+ throw new oauth_provider_1.HandleUnavailableError('taken');
299
+ }
300
+ }
301
+ catch (err) {
302
+ if (err instanceof xrpc_server_1.InvalidRequestError) {
303
+ throw err.customErrorName === 'HandleNotAvailable'
304
+ ? new oauth_provider_1.HandleUnavailableError('taken', err.message)
305
+ : new oauth_provider_1.HandleUnavailableError('syntax', err.message);
306
+ }
307
+ throw err;
308
+ }
309
+ }
310
+ // RequestStore
311
+ async createRequest(id, data) {
312
+ await this.db.executeWithRetry(authRequest.createQB(this.db, id, data));
313
+ }
314
+ async readRequest(id) {
315
+ try {
316
+ const row = await authRequest.readQB(this.db, id).executeTakeFirst();
317
+ if (!row)
318
+ return null;
319
+ return authRequest.rowToRequestData(row);
320
+ }
321
+ finally {
322
+ // Take the opportunity to clean up expired requests. Do this after we got
323
+ // the current (potentially expired) request data to allow the provider to
324
+ // handle expired requests.
325
+ this.backgroundQueue.add(async () => {
326
+ await this.db.executeWithRetry(authRequest.removeOldExpiredQB(this.db));
327
+ });
328
+ }
329
+ }
330
+ async updateRequest(id, data) {
331
+ await this.db.executeWithRetry(authRequest.updateQB(this.db, id, data));
332
+ }
333
+ async deleteRequest(id) {
334
+ await this.db.executeWithRetry(authRequest.removeByIdQB(this.db, id));
335
+ }
336
+ async findRequestByCode(code) {
337
+ const row = await authRequest.findByCodeQB(this.db, code).executeTakeFirst();
338
+ return row ? authRequest.rowToFoundRequestResult(row) : null;
339
+ }
340
+ // DeviceStore
341
+ async createDevice(deviceId, data) {
342
+ await this.db.executeWithRetry(device.createQB(this.db, deviceId, data));
343
+ }
344
+ async readDevice(deviceId) {
345
+ const row = await device.readQB(this.db, deviceId).executeTakeFirst();
346
+ return row ? device.rowToDeviceData(row) : null;
347
+ }
348
+ async updateDevice(deviceId, data) {
349
+ await this.db.executeWithRetry(device.updateQB(this.db, deviceId, data));
350
+ }
351
+ async deleteDevice(deviceId) {
352
+ // Will cascade to device_account (device_account_device_id_fk)
353
+ await this.db.executeWithRetry(device.removeQB(this.db, deviceId));
354
+ }
355
+ // TokenStore
356
+ async createToken(id, data, refreshToken) {
357
+ await this.db.transaction(async (dbTxn) => {
358
+ if (refreshToken) {
359
+ const { count } = await usedRefreshToken
360
+ .countQB(dbTxn, refreshToken)
361
+ .executeTakeFirstOrThrow();
362
+ if (count > 0) {
363
+ throw new Error('Refresh token already in use');
364
+ }
365
+ }
366
+ return token.createQB(dbTxn, id, data, refreshToken).execute();
367
+ });
368
+ }
369
+ async readToken(tokenId) {
370
+ const row = await token.findByQB(this.db, { tokenId }).executeTakeFirst();
371
+ return row ? token.toTokenInfo(row, this.serviceDid) : null;
372
+ }
373
+ async deleteToken(tokenId) {
374
+ // Will cascade to used_refresh_token (used_refresh_token_fk)
375
+ await this.db.executeWithRetry(token.removeQB(this.db, tokenId));
376
+ }
377
+ async rotateToken(tokenId, newTokenId, newRefreshToken, newData) {
378
+ const err = await this.db.transaction(async (dbTxn) => {
379
+ const { id, currentRefreshToken } = await token
380
+ .forRotateQB(dbTxn, tokenId)
381
+ .executeTakeFirstOrThrow();
382
+ if (currentRefreshToken) {
383
+ await usedRefreshToken
384
+ .insertQB(dbTxn, id, currentRefreshToken)
385
+ .execute();
386
+ }
387
+ const { count } = await usedRefreshToken
388
+ .countQB(dbTxn, newRefreshToken)
389
+ .executeTakeFirstOrThrow();
390
+ if (count > 0) {
391
+ // Do NOT throw (we don't want the transaction to be rolled back)
392
+ return new Error('New refresh token already in use');
393
+ }
394
+ await token
395
+ .rotateQB(dbTxn, id, newTokenId, newRefreshToken, newData)
396
+ .execute();
397
+ });
398
+ if (err)
399
+ throw err;
400
+ }
401
+ async findTokenByRefreshToken(refreshToken) {
402
+ const used = await usedRefreshToken
403
+ .findByTokenQB(this.db, refreshToken)
404
+ .executeTakeFirst();
405
+ const search = used
406
+ ? { id: used.tokenId }
407
+ : { currentRefreshToken: refreshToken };
408
+ const row = await token.findByQB(this.db, search).executeTakeFirst();
409
+ return row ? token.toTokenInfo(row, this.serviceDid) : null;
410
+ }
411
+ async findTokenByCode(code) {
412
+ const row = await token.findByQB(this.db, { code }).executeTakeFirst();
413
+ return row ? token.toTokenInfo(row, this.serviceDid) : null;
414
+ }
415
+ }
416
+ exports.OAuthStore = OAuthStore;
417
+ //# sourceMappingURL=oauth-store.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-store.js","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,sCAA8D;AAE9D,4CAA2D;AAC3D,4DA0BgC;AAChC,sDAG6B;AAO7B,+CAA+D;AAC/D,6EAA8D;AAC9D,yDAA0C;AAC1C,wEAAyD;AACzD,uDAAwC;AACxC,+EAAgE;AAEhE;;;;;GAKG;AACH,MAAa,UAAU;IAGrB,YACmB,cAA8B,EAC9B,UAAsB,EACtB,eAAgC,EAChC,eAAgC,EAChC,MAAoB,EACpB,SAAoB,EACpB,SAAiB,EACjB,cAAuB,EACvB,SAAiB,EACjB,cAA6B;QAT9C;;;;mBAAiB,cAAc;WAAgB;QAC/C;;;;mBAAiB,UAAU;WAAY;QACvC;;;;mBAAiB,eAAe;WAAiB;QACjD;;;;mBAAiB,eAAe;WAAiB;QACjD;;;;mBAAiB,MAAM;WAAc;QACrC;;;;mBAAiB,SAAS;WAAW;QACrC;;;;mBAAiB,SAAS;WAAQ;QAClC;;;;mBAAiB,cAAc;WAAS;QACxC;;;;mBAAiB,SAAS;WAAQ;QAClC;;;;mBAAiB,cAAc;WAAe;IAC7C,CAAC;IAEJ,IAAY,EAAE;QACZ,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,cAAc,CAAA;QAClC,IAAI,EAAE,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAY,UAAU;QACpB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAA;IACvC,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,GAA6B;QACtD,MAAM,OAAO,GAAG,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;QAE7D,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAA;YAEvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;gBAC9D,OAAO,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAA;YACxC,CAAC,CAAC,CAAA;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;gBAEvC,OAAO,CAAC,IAAI,KAAZ,OAAO,CAAC,IAAI,GAAK,WAAW,EAAA;gBAC5B,OAAO,CAAC,OAAO,KAAf,OAAO,CAAC,OAAO,GAAK,MAAM;oBACxB,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;oBAClE,CAAC,CAAC,SAAS,EAAA;YACf,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,KAAa;QACjD,4EAA4E;QAE5E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,oCAAmB,CAAC,qBAAqB,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACG;QACX,uGAAuG;QACvG,gEAAgE;QAEhE,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC;YACnC,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC;YACrC,CAAC,UAAU,IAAI,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,UAAU,CAAC;SACvE,CAAC,CAAA;QAEF,4EAA4E;QAC5E,gEAAgE;QAEhE,MAAM,UAAU,GAAG,MAAM,yBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;QACtE,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAA;QAEtC,MAAM,SAAS,GAAG,MAAM,IAAA,cAAW,EAAC;YAClC,UAAU,EAAE,aAAa;YACzB,YAAY,EAAE,IAAI,CAAC,cAAc;gBAC/B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;gBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;YAC/B,MAAM;YACN,GAAG,EAAE,IAAI,CAAC,SAAS;YACnB,MAAM,EAAE,IAAI,CAAC,cAAc;SAC5B,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,SAAS,CAAA;QAE7B,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;QAC7C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,CAC9D,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAC7B,CAAA;YAED,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;YAE3C,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;gBACtC,GAAG;gBACH,MAAM;gBACN,KAAK;gBACL,QAAQ;gBACR,UAAU;gBACV,OAAO,EAAE,MAAM,CAAC,GAAG;gBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;aACpB,CAAC,CAAA;YACF,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBACrD,MAAM,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE,uBAAa,CAAC,MAAM,CAAC,CAAA;gBAClE,MAAM,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;gBAChD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;gBACrE,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAA;gBAE9D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBACzD,IAAI,CAAC,OAAO;oBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBAElD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;YACzC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;gBACtC,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YAClC,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ;IACR,kCAAkC;IAClC,QAAQ,GAAG,SAAS,GACI;QACxB,0EAA0E;QAC1E,IAAI,CAAC;YACH,sBAAsB;YACtB,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,GACxC,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAA;YAE3D,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,IAAI,oCAAmB,CAAC,wBAAwB,CAAC,CAAA;YACzD,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,oCAAmB,CAAC,+BAA+B,CAAC,CAAA;YAChE,CAAC;YAED,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,+BAAqB,EAAE,CAAC;gBACzC,MAAM,IAAI,oCAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACjD,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,GAAW,EACX,QAAiB;QAEjB,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC1C,aAAa,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,CAAC,CACjE,CAAA;QACD,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;QAC5D,OAAO,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,QAAkB,EAClB,GAAW,EACX,QAAgB;QAEhB,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,MAAM,GAAG,GAAG,MAAM,aAAa;iBAC5B,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC;iBAC5B,uBAAuB,EAAE,CAAA;YAE5B,MAAM,EAAE,iBAAiB,EAAE,GAAG,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;YACpE,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1C,MAAM,aAAa;qBAChB,QAAQ,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE;oBAC9B,iBAAiB,EAAE,CAAC,GAAG,iBAAiB,EAAE,QAAQ,CAAC;iBACpD,CAAC;qBACD,OAAO,EAAE,CAAA;YACd,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,GAAW;QAEX,MAAM,GAAG,GAAG,MAAM,aAAa;aAC5B,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC;aACxC,gBAAgB,EAAE,CAAA;QAErB,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,OAAO;YACL,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,IAAI,EAAE,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC;SAC7C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,QAAkB;QACzC,MAAM,IAAI,GAAG,MAAM,aAAa;aAC7B,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC;aACnC,OAAO,EAAE,CAAA;QAEZ,OAAO,OAAO,CAAC,GAAG,CAChB,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACvB,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,IAAI,EAAE,aAAa,CAAC,mBAAmB,CAAC,GAAG,CAAC;SAC7C,CAAC,CAAC,CACJ,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAW;QACvD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACoB;QACzB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,OAAM;QAE/C,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CACtD,OAAO,CAAC,GAAG,EACX,gBAAgB,CACjB,CAAA;QAED,+DAA+D;QAC/D,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CACjC,EAAE,MAAM,EAAE,KAAK,EAAE,EACjB,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,CACtB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,IAA8B;QACvD,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,MAAc;QAC3C,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,UAAU,GACd,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAA;YAE9D,uEAAuE;YACvE,sEAAsE;YACtE,WAAW;YACX,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,MAAM,IAAI,uCAAsB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAC9D,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,UAAU,EAAE;gBAC/D,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,uCAAsB,CAAC,OAAO,CAAC,CAAA;YAC3C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iCAAuB,EAAE,CAAC;gBAC3C,MAAM,GAAG,CAAC,eAAe,KAAK,oBAAoB;oBAChD,CAAC,CAAC,IAAI,uCAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC;oBAClD,CAAC,CAAC,IAAI,uCAAsB,CAAC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAiB;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAa;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;YACpE,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAA;YACrB,OAAO,WAAW,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QAC1C,CAAC;gBAAS,CAAC;YACT,0EAA0E;YAC1E,0EAA0E;YAC1E,2BAA2B;YAC3B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAA;YACzE,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAuB;QACxD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC,CAAA;IACzE,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa;QAC/B,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;IACvE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,IAAU;QAChC,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC5E,OAAO,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC9D,CAAC;IAED,cAAc;IAEd,KAAK,CAAC,YAAY,CAAC,QAAkB,EAAE,IAAgB;QACrD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAkB;QACjC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACrE,OAAO,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACjD,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAAkB,EAClB,IAAyB;QAEzB,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAkB;QACnC,+DAA+D;QAC/D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;IACpE,CAAC;IAED,aAAa;IAEb,KAAK,CAAC,WAAW,CACf,EAAW,EACX,IAAe,EACf,YAA2B;QAE3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,gBAAgB;qBACrC,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC;qBAC5B,uBAAuB,EAAE,CAAA;gBAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;gBACjD,CAAC;YACH,CAAC;YAED,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,OAAO,EAAE,CAAA;QAChE,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAgB;QAC9B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACzE,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAgB;QAChC,6DAA6D;QAC7D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAgB,EAChB,UAAmB,EACnB,eAA6B,EAC7B,OAAqB;QAErB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACpD,MAAM,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,MAAM,KAAK;iBAC5C,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC;iBAC3B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,gBAAgB;qBACnB,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,mBAAmB,CAAC;qBACxC,OAAO,EAAE,CAAA;YACd,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,gBAAgB;iBACrC,OAAO,CAAC,KAAK,EAAE,eAAe,CAAC;iBAC/B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,iEAAiE;gBACjE,OAAO,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;YACtD,CAAC;YAED,MAAM,KAAK;iBACR,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,OAAO,CAAC;iBACzD,OAAO,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,IAAI,GAAG;YAAE,MAAM,GAAG,CAAA;IACpB,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,YAA0B;QAE1B,MAAM,IAAI,GAAG,MAAM,gBAAgB;aAChC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,MAAM,MAAM,GAAG,IAAI;YACjB,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,OAAO,EAAE;YACtB,CAAC,CAAC,EAAE,mBAAmB,EAAE,YAAY,EAAE,CAAA;QAEzC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACpE,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAU;QAC9B,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACtE,OAAO,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC7D,CAAC;CACF;AAxbD,gCAwbC"}
@@ -45,13 +45,13 @@ export declare class RecordReader {
45
45
  path: string;
46
46
  linkTo: string;
47
47
  }): Promise<{
48
- cid: string;
48
+ takedownRef: string | null;
49
49
  indexedAt: string;
50
- repoRev: string;
50
+ cid: string;
51
51
  uri: string;
52
52
  collection: string;
53
53
  rkey: string;
54
- takedownRef: string | null;
54
+ repoRev: string;
55
55
  }[]>;
56
56
  getBacklinkConflicts(uri: AtUri, record: RepoRecord): Promise<AtUri[]>;
57
57
  listExistingBlocks(): Promise<CidSet>;
@@ -1,4 +1,5 @@
1
1
  import { BlobStore } from '@atproto/repo';
2
+ import { SyncEvtData } from '../../repo';
2
3
  import { BlobReader } from '../blob/reader';
3
4
  import { ActorDb } from '../db';
4
5
  import { RecordReader } from '../record/reader';
@@ -10,5 +11,6 @@ export declare class RepoReader {
10
11
  record: RecordReader;
11
12
  storage: SqlRepoReader;
12
13
  constructor(db: ActorDb, blobstore: BlobStore);
14
+ getSyncEventData(): Promise<SyncEvtData>;
13
15
  }
14
16
  //# sourceMappingURL=reader.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"reader.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAEjD,qBAAa,UAAU;IAMZ,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IAN7B,IAAI,EAAE,UAAU,CAAA;IAChB,MAAM,EAAE,YAAY,CAAA;IACpB,OAAO,EAAE,aAAa,CAAA;gBAGb,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS;CAM9B"}
1
+ {"version":3,"file":"reader.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAEjD,qBAAa,UAAU;IAMZ,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IAN7B,IAAI,EAAE,UAAU,CAAA;IAChB,MAAM,EAAE,YAAY,CAAA;IACpB,OAAO,EAAE,aAAa,CAAA;gBAGb,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS;IAOvB,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC;CAS/C"}
@@ -40,6 +40,15 @@ class RepoReader {
40
40
  this.record = new reader_2.RecordReader(db);
41
41
  this.storage = new sql_repo_reader_1.SqlRepoReader(db);
42
42
  }
43
+ async getSyncEventData() {
44
+ const root = await this.storage.getRootDetailed();
45
+ const { blocks } = await this.storage.getBlocks([root.cid]);
46
+ return {
47
+ cid: root.cid,
48
+ rev: root.rev,
49
+ blocks,
50
+ };
51
+ }
43
52
  }
44
53
  exports.RepoReader = RepoReader;
45
54
  //# sourceMappingURL=reader.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"reader.js","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":";;;AACA,2CAA2C;AAE3C,6CAA+C;AAC/C,uDAAiD;AAEjD,MAAa,UAAU;IAKrB,YACS,EAAW,EACX,SAAoB;QAD3B;;;;mBAAO,EAAE;WAAS;QAClB;;;;mBAAO,SAAS;WAAW;QAN7B;;;;;WAAgB;QAChB;;;;;WAAoB;QACpB;;;;;WAAsB;QAMpB,IAAI,CAAC,IAAI,GAAG,IAAI,mBAAU,CAAC,EAAE,EAAE,SAAS,CAAC,CAAA;QACzC,IAAI,CAAC,MAAM,GAAG,IAAI,qBAAY,CAAC,EAAE,CAAC,CAAA;QAClC,IAAI,CAAC,OAAO,GAAG,IAAI,+BAAa,CAAC,EAAE,CAAC,CAAA;IACtC,CAAC;CACF;AAbD,gCAaC"}
1
+ {"version":3,"file":"reader.js","sourceRoot":"","sources":["../../../src/actor-store/repo/reader.ts"],"names":[],"mappings":";;;AAEA,2CAA2C;AAE3C,6CAA+C;AAC/C,uDAAiD;AAEjD,MAAa,UAAU;IAKrB,YACS,EAAW,EACX,SAAoB;QAD3B;;;;mBAAO,EAAE;WAAS;QAClB;;;;mBAAO,SAAS;WAAW;QAN7B;;;;;WAAgB;QAChB;;;;;WAAoB;QACpB;;;;;WAAsB;QAMpB,IAAI,CAAC,IAAI,GAAG,IAAI,mBAAU,CAAC,EAAE,EAAE,SAAS,CAAC,CAAA;QACzC,IAAI,CAAC,MAAM,GAAG,IAAI,qBAAY,CAAC,EAAE,CAAC,CAAA;QAClC,IAAI,CAAC,OAAO,GAAG,IAAI,+BAAa,CAAC,EAAE,CAAC,CAAA;IACtC,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAA;QACjD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QAC3D,OAAO;YACL,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM;SACP,CAAA;IACH,CAAC;CACF;AAvBD,gCAuBC"}
@@ -17,7 +17,7 @@ export declare class SqlRepoReader extends ReadableBlockstore {
17
17
  missing: CID[];
18
18
  }>;
19
19
  getCarStream(since?: string): Promise<import("stream").Readable>;
20
- getBlockRange(since?: string, cursor?: RevCursor): Promise<import("kysely").Selection<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "repo_block">, "repo_block", "cid" | "repoRev" | "content">[]>;
20
+ getBlockRange(since?: string, cursor?: RevCursor): Promise<import("kysely").Selection<import("kysely/dist/cjs/parser/table-parser").From<import("../db").DatabaseSchema, "repo_block">, "repo_block", "content" | "cid" | "repoRev">[]>;
21
21
  countBlocks(): Promise<number>;
22
22
  destroy(): Promise<void>;
23
23
  }
@@ -1 +1 @@
1
- {"version":3,"file":"transactor.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/transactor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAA;AACtC,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAgC,MAAM,eAAe,CAAA;AAC7E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAGL,iBAAiB,EAEjB,cAAc,EACd,aAAa,EACd,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AAGzD,qBAAa,cAAe,SAAQ,UAAU;IAMnC,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IACpB,GAAG,EAAE,MAAM;IACX,UAAU,EAAE,MAAM,CAAC,OAAO;IAC1B,eAAe,EAAE,eAAe;IAChC,GAAG,EAAE,MAAM;IAVpB,IAAI,EAAE,cAAc,CAAA;IACpB,MAAM,EAAE,gBAAgB,CAAA;IACxB,OAAO,EAAE,iBAAiB,CAAA;gBAGjB,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS,EACpB,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,CAAC,OAAO,EAC1B,eAAe,EAAE,eAAe,EAChC,GAAG,GAAE,MAAiC;IAQzC,aAAa,IAAI,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IASrC,UAAU,CAAC,MAAM,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAqBhE,aAAa,CACjB,MAAM,EAAE,aAAa,EAAE,EACvB,aAAa,CAAC,EAAE,GAAG,GAClB,OAAO,CAAC,iBAAiB,CAAC;IAcvB,YAAY,CAChB,MAAM,EAAE,aAAa,EAAE,EACvB,UAAU,CAAC,EAAE,GAAG,GACf,OAAO,CAAC,iBAAiB,CAAC;IAkFvB,WAAW,CAAC,MAAM,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,MAAM;IAuBhD,sBAAsB,CAC1B,IAAI,EAAE,GAAG,EAAE,EACX,WAAW,EAAE,KAAK,EAAE,GACnB,OAAO,CAAC,GAAG,EAAE,CAAC;CAclB"}
1
+ {"version":3,"file":"transactor.d.ts","sourceRoot":"","sources":["../../../src/actor-store/repo/transactor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAA;AACtC,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAgC,MAAM,eAAe,CAAA;AAC7E,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAA;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAGL,iBAAiB,EAEjB,cAAc,EACd,aAAa,EACd,MAAM,kBAAkB,CAAA;AACzB,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,OAAO,CAAA;AAC/B,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AAEzD,qBAAa,cAAe,SAAQ,UAAU;IAMnC,EAAE,EAAE,OAAO;IACX,SAAS,EAAE,SAAS;IACpB,GAAG,EAAE,MAAM;IACX,UAAU,EAAE,MAAM,CAAC,OAAO;IAC1B,eAAe,EAAE,eAAe;IAChC,GAAG,EAAE,MAAM;IAVpB,IAAI,EAAE,cAAc,CAAA;IACpB,MAAM,EAAE,gBAAgB,CAAA;IACxB,OAAO,EAAE,iBAAiB,CAAA;gBAGjB,EAAE,EAAE,OAAO,EACX,SAAS,EAAE,SAAS,EACpB,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,CAAC,OAAO,EAC1B,eAAe,EAAE,eAAe,EAChC,GAAG,GAAE,MAAiC;IAQzC,aAAa,IAAI,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IASrC,UAAU,CAAC,MAAM,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAyBhE,aAAa,CACjB,MAAM,EAAE,aAAa,EAAE,EACvB,aAAa,CAAC,EAAE,GAAG,GAClB,OAAO,CAAC,iBAAiB,CAAC;IAuBvB,YAAY,CAChB,MAAM,EAAE,aAAa,EAAE,EACvB,UAAU,CAAC,EAAE,GAAG,GACf,OAAO,CAAC,iBAAiB,CAAC;IAiFvB,WAAW,CAAC,MAAM,EAAE,aAAa,EAAE,EAAE,GAAG,EAAE,MAAM;IAuBhD,sBAAsB,CAC1B,IAAI,EAAE,GAAG,EAAE,EACX,WAAW,EAAE,KAAK,EAAE,GACnB,OAAO,CAAC,GAAG,EAAE,CAAC;CAclB"}
@@ -10,7 +10,6 @@ const transactor_1 = require("../blob/transactor");
10
10
  const transactor_2 = require("../record/transactor");
11
11
  const reader_1 = require("./reader");
12
12
  const sql_repo_transactor_1 = require("./sql-repo-transactor");
13
- const util_1 = require("./util");
14
13
  class RepoTransactor extends reader_1.RepoReader {
15
14
  constructor(db, blobstore, did, signingKey, backgroundQueue, now = new Date().toISOString()) {
16
15
  super(db, blobstore);
@@ -88,16 +87,27 @@ class RepoTransactor extends reader_1.RepoReader {
88
87
  this.indexWrites(writes, commit.rev),
89
88
  this.blob.processWriteBlobs(commit.rev, writes),
90
89
  ]);
90
+ const ops = writes.map((w) => ({
91
+ action: 'create',
92
+ path: (0, repo_1.formatDataKey)(w.uri.collection, w.uri.rkey),
93
+ cid: w.cid,
94
+ }));
91
95
  return {
92
96
  ...commit,
93
- ops: (0, util_1.commitOpsFromCreates)(writes),
94
- blobs: (0, util_1.blobCidsFromWrites)(writes),
97
+ ops,
95
98
  prevData: null,
96
99
  };
97
100
  }
98
101
  async processWrites(writes, swapCommitCid) {
99
102
  this.db.assertTransaction();
103
+ if (writes.length > 200) {
104
+ throw new xrpc_server_1.InvalidRequestError('Too many writes. Max: 200');
105
+ }
100
106
  const commit = await this.formatCommit(writes, swapCommitCid);
107
+ // Do not allow commits > 2MB
108
+ if (commit.relevantBlocks.byteSize > 2000000) {
109
+ throw new xrpc_server_1.InvalidRequestError('Too many writes. Max event size: 2MB');
110
+ }
101
111
  await Promise.all([
102
112
  // persist the commit to repo storage
103
113
  this.storage.applyCommit(commit),
@@ -176,7 +186,6 @@ class RepoTransactor extends reader_1.RepoReader {
176
186
  return {
177
187
  ...commit,
178
188
  ops: commitOps,
179
- blobs: (0, util_1.blobCidsFromWrites)(writes),
180
189
  prevData,
181
190
  };
182
191
  }