@atproto/pds 0.4.211 → 0.4.213

package/dist/lexicon/types/app/bsky/feed/sendInteractions.d.ts

@@ -1,6 +1,7 @@
 import type * as AppBskyFeedDefs from './defs.js';
 export type QueryParams = {};
 export interface InputSchema {
+    feed?: string;
     interactions: AppBskyFeedDefs.Interaction[];
 }
 export interface OutputSchema {

package/dist/lexicon/types/app/bsky/feed/sendInteractions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sendInteractions.d.ts","sourceRoot":"","sources":["../../../../../../src/lexicon/types/app/bsky/feed/sendInteractions.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,KAAK,eAAe,MAAM,WAAW,CAAA;AAMjD,MAAM,MAAM,WAAW,GAAG,EAAE,CAAA;AAE5B,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,eAAe,CAAC,WAAW,EAAE,CAAA;CAC5C;AAED,MAAM,WAAW,YAAY;CAAG;AAEhC,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,WAAW,CAAA;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,YAAY,CAAA;IAClB,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,cAAc,CAAA"}
+{"version":3,"file":"sendInteractions.d.ts","sourceRoot":"","sources":["../../../../../../src/lexicon/types/app/bsky/feed/sendInteractions.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,KAAK,eAAe,MAAM,WAAW,CAAA;AAMjD,MAAM,MAAM,WAAW,GAAG,EAAE,CAAA;AAE5B,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,YAAY,EAAE,eAAe,CAAC,WAAW,EAAE,CAAA;CAC5C;AAED,MAAM,WAAW,YAAY;CAAG;AAEhC,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,WAAW,CAAA;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,kBAAkB,CAAA;IAC5B,IAAI,EAAE,YAAY,CAAA;IAClB,OAAO,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;KAAE,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,GAAG,cAAc,CAAA"}

package/dist/lexicon/types/app/bsky/feed/sendInteractions.js.map

@@ -1 +1 @@
-{"version":3,"file":"sendInteractions.js","sourceRoot":"","sources":["../../../../../../src/lexicon/types/app/bsky/feed/sendInteractions.ts"],"names":[],"mappings":";;AAKA,mDAA4D;AAC5D,2CAIyB;AAGzB,MAAM,QAAQ,GAAG,eAAS,EACxB,QAAQ,GAAG,mBAAS,CAAA;AACtB,MAAM,EAAE,GAAG,gCAAgC,CAAA","sourcesContent":["/**\n * GENERATED CODE - DO NOT MODIFY\n */\nimport { type ValidationResult, BlobRef } from '@atproto/lexicon'\nimport { CID } from 'multiformats/cid'\nimport { validate as _validate } from '../../../../lexicons'\nimport {\n  type $Typed,\n  is$typed as _is$typed,\n  type OmitKey,\n} from '../../../../util'\nimport type * as AppBskyFeedDefs from './defs.js'\n\nconst is$typed = _is$typed,\n  validate = _validate\nconst id = 'app.bsky.feed.sendInteractions'\n\nexport type QueryParams = {}\n\nexport interface InputSchema {\n  interactions: AppBskyFeedDefs.Interaction[]\n}\n\nexport interface OutputSchema {}\n\nexport interface HandlerInput {\n  encoding: 'application/json'\n  body: InputSchema\n}\n\nexport interface HandlerSuccess {\n  encoding: 'application/json'\n  body: OutputSchema\n  headers?: { [key: string]: string }\n}\n\nexport interface HandlerError {\n  status: number\n  message?: string\n}\n\nexport type HandlerOutput = HandlerError | HandlerSuccess\n"]}
+{"version":3,"file":"sendInteractions.js","sourceRoot":"","sources":["../../../../../../src/lexicon/types/app/bsky/feed/sendInteractions.ts"],"names":[],"mappings":";;AAKA,mDAA4D;AAC5D,2CAIyB;AAGzB,MAAM,QAAQ,GAAG,eAAS,EACxB,QAAQ,GAAG,mBAAS,CAAA;AACtB,MAAM,EAAE,GAAG,gCAAgC,CAAA","sourcesContent":["/**\n * GENERATED CODE - DO NOT MODIFY\n */\nimport { type ValidationResult, BlobRef } from '@atproto/lexicon'\nimport { CID } from 'multiformats/cid'\nimport { validate as _validate } from '../../../../lexicons'\nimport {\n  type $Typed,\n  is$typed as _is$typed,\n  type OmitKey,\n} from '../../../../util'\nimport type * as AppBskyFeedDefs from './defs.js'\n\nconst is$typed = _is$typed,\n  validate = _validate\nconst id = 'app.bsky.feed.sendInteractions'\n\nexport type QueryParams = {}\n\nexport interface InputSchema {\n  feed?: string\n  interactions: AppBskyFeedDefs.Interaction[]\n}\n\nexport interface OutputSchema {}\n\nexport interface HandlerInput {\n  encoding: 'application/json'\n  body: InputSchema\n}\n\nexport interface HandlerSuccess {\n  encoding: 'application/json'\n  body: OutputSchema\n  headers?: { [key: string]: string }\n}\n\nexport interface HandlerError {\n  status: number\n  message?: string\n}\n\nexport type HandlerOutput = HandlerError | HandlerSuccess\n"]}

package/dist/pipethrough.d.ts

@@ -1,6 +1,7 @@
+import { IncomingHttpHeaders } from 'node:http';
 import { Readable } from 'node:stream';
 import { Request } from 'express';
-import { CatchallHandler, HandlerPipeThroughBuffer, HandlerPipeThroughStream } from '@atproto/xrpc-server';
+import { CatchallHandler, HandlerPipeThroughBuffer, HandlerPipeThroughStream, XRPCError as XRPCServerError } from '@atproto/xrpc-server';
 import { AppContext } from './context';
 export declare const proxyHandler: (ctx: AppContext) => CatchallHandler;
 export type PipethroughOptions = {
@@ -51,4 +52,19 @@ export declare function normalizeLxm(lxm: string): string;
 export declare const CHAT_BSKY_METHODS: LxmSet;
 export declare const PRIVILEGED_METHODS: LxmSet;
 export declare const PROTECTED_METHODS: LxmSet;
+export declare class PipethroughUpstreamError extends XRPCServerError {
+    readonly upstream: {
+        statusCode: number;
+        headers: IncomingHttpHeaders;
+    };
+    constructor(upstream: {
+        statusCode: number;
+        headers: IncomingHttpHeaders;
+    }, payload: {
+        message?: string;
+        error?: string;
+    }, options?: ErrorOptions);
+    get headers(): Record<string, string>;
+    get error(): string | undefined;
+}
 //# sourceMappingURL=pipethrough.d.ts.map

package/dist/pipethrough.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pipethrough.d.ts","sourceRoot":"","sources":["../src/pipethrough.ts"],"names":[],"mappings":"AACA,OAAO,EAAe,QAAQ,EAAY,MAAM,aAAa,CAAA;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AAUjC,OAAO,EACL,eAAe,EACf,wBAAwB,EACxB,wBAAwB,EAMzB,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAA;AAItC,eAAO,MAAM,YAAY,GAAI,KAAK,UAAU,KAAG,eAmF9C,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAA;IAEZ;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAA;IAEZ;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAA;CACb,CAAA;AAED,wBAAsB,WAAW,CAC/B,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,OAAO,EACZ,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CACR,wBAAwB,GAAG;IACzB,MAAM,EAAE,QAAQ,CAAA;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC/B,QAAQ,EAAE,MAAM,CAAA;CACjB,CACF,CAsDA;AAKD,wBAAgB,cAAc,CAC5B,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,MAAM,GACV,MAAM,CAUR;AAED,wBAAsB,cAAc,CAClC,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,MAAM,GACV,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,CAUvC;AAED,eAAO,MAAM,gBAAgB,GAE3B,KAAK,IAAI,CAAC,UAAU,EAAE,KAAK,GAAG,YAAY,CAAC,EAC3C,SAAS,MAAM,KACd,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CA6CtC,CAAA;AAyGD,wBAAgB,iBAAiB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAG3E;AAkED,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,wBAAwB,GAC9B,OAAO,CAAC,wBAAwB,CAAC,CASnC;AA2CD;;;GAGG;AACH,qBAAa,MAAM;IACjB,OAAO,CAAC,KAAK,CAAa;IAC1B,OAAO,CAAC,QAAQ,CAAkB;gBACtB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;IAInC,GAAG,CAAC,GAAG,EAAE,MAAM;IAGd,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC;CAGvC;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,UAEvC;AAED,eAAO,MAAM,iBAAiB,QAe5B,CAAA;AAEF,eAAO,MAAM,kBAAkB,QAG7B,CAAA;AAKF,eAAO,MAAM,iBAAiB,QAiB5B,CAAA"}
+{"version":3,"file":"pipethrough.d.ts","sourceRoot":"","sources":["../src/pipethrough.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAkB,MAAM,WAAW,CAAA;AAC/D,OAAO,EAAe,QAAQ,EAAY,MAAM,aAAa,CAAA;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAA;AASjC,OAAO,EACL,eAAe,EACf,wBAAwB,EACxB,wBAAwB,EAIxB,SAAS,IAAI,eAAe,EAG7B,MAAM,sBAAsB,CAAA;AAG7B,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAA;AAItC,eAAO,MAAM,YAAY,GAAI,KAAK,UAAU,KAAG,eAmF9C,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAA;IAEZ;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAA;IAEZ;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAA;CACb,CAAA;AAED,wBAAsB,WAAW,CAC/B,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,OAAO,EACZ,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CACR,wBAAwB,GAAG;IACzB,MAAM,EAAE,QAAQ,CAAA;IAChB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC/B,QAAQ,EAAE,MAAM,CAAA;CACjB,CACF,CAsDA;AAKD,wBAAgB,cAAc,CAC5B,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,MAAM,GACV,MAAM,CAUR;AAED,wBAAsB,cAAc,CAClC,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,MAAM,GACV,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,CAUvC;AAED,eAAO,MAAM,gBAAgB,GAE3B,KAAK,IAAI,CAAC,UAAU,EAAE,KAAK,GAAG,YAAY,CAAC,EAC3C,SAAS,MAAM,KACd,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CA6CtC,CAAA;AA0FD,wBAAgB,iBAAiB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAG3E;AAkED,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,wBAAwB,GAC9B,OAAO,CAAC,wBAAwB,CAAC,CASnC;AA2CD;;;GAGG;AACH,qBAAa,MAAM;IACjB,OAAO,CAAC,KAAK,CAAa;IAC1B,OAAO,CAAC,QAAQ,CAAkB;gBACtB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;IAInC,GAAG,CAAC,GAAG,EAAE,MAAM;IAGd,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC;CAGvC;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,UAEvC;AAED,eAAO,MAAM,iBAAiB,QAe5B,CAAA;AAEF,eAAO,MAAM,kBAAkB,QAG7B,CAAA;AAKF,eAAO,MAAM,iBAAiB,QAiB5B,CAAA;AA8DF,qBAAa,wBAAyB,SAAQ,eAAe;IAEzD,QAAQ,CAAC,QAAQ,EAAE;QACjB,UAAU,EAAE,MAAM,CAAA;QAClB,OAAO,EAAE,mBAAmB,CAAA;KAC7B;gBAHQ,QAAQ,EAAE;QACjB,UAAU,EAAE,MAAM,CAAA;QAClB,OAAO,EAAE,mBAAmB,CAAA;KAC7B,EACD,OAAO,EAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,EAC7C,OAAO,CAAC,EAAE,YAAY;IAUxB,IAAI,OAAO,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAEpC;IAED,IAAI,KAAK,uBAER;CACF"}

package/dist/pipethrough.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PROTECTED_METHODS = exports.PRIVILEGED_METHODS = exports.CHAT_BSKY_METHODS = exports.LxmSet = exports.parseProxyHeader = exports.proxyHandler = void 0;
+exports.PipethroughUpstreamError = exports.PROTECTED_METHODS = exports.PRIVILEGED_METHODS = exports.CHAT_BSKY_METHODS = exports.LxmSet = exports.parseProxyHeader = exports.proxyHandler = void 0;
 exports.pipethrough = pipethrough;
 exports.computeProxyTo = computeProxyTo;
 exports.parseProxyInfo = parseProxyInfo;
@@ -9,7 +9,6 @@ exports.asPipeThroughBuffer = asPipeThroughBuffer;
 exports.normalizeLxm = normalizeLxm;
 const node_stream_1 = require("node:stream");
 const common_1 = require("@atproto/common");
-const xrpc_1 = require("@atproto/xrpc");
 const xrpc_server_1 = require("@atproto/xrpc-server");
 const xrpc_utils_1 = require("@atproto-labs/xrpc-utils");
 const auth_scope_1 = require("./auth-scope");
@@ -25,7 +24,7 @@ const proxyHandler = (ctx) => {
             if (req.method !== 'GET' &&
                 req.method !== 'HEAD' &&
                 req.method !== 'POST') {
-                throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.InvalidRequest, 'XRPC requests only supports GET and POST');
+                throw new xrpc_server_1.XRPCError(xrpc_server_1.ResponseType.InvalidRequest, 'XRPC requests only supports GET and POST');
             }
             const body = req.method === 'POST' ? req : undefined;
             if (body != null && !body.readable) {
@@ -193,9 +192,9 @@ async function pipethroughStream(ctx, dispatchOptions, successStreamFactory) {
             if (upstream.statusCode >= 400) {
                 const passThrough = new node_stream_1.PassThrough();
                 void tryParsingError(upstream.headers, passThrough).then((parsed) => {
-                    const xrpcError = new xrpc_1.XRPCError(upstream.statusCode === 500
-                        ? xrpc_1.ResponseType.UpstreamFailure
-                        : upstream.statusCode, parsed.error, parsed.message, Object.fromEntries(responseHeaders(upstream.headers, false)), { cause: dispatchOptions });
+                    const xrpcError = new PipethroughUpstreamError(upstream, parsed, {
+                        cause: dispatchOptions,
+                    });
                     reject(xrpcError);
                 }, reject);
                 return passThrough;
@@ -230,18 +229,15 @@ async function pipethroughRequest(ctx, dispatchOptions) {
         .catch(handleUpstreamRequestError);
     if (upstream.statusCode >= 400) {
         const parsed = await tryParsingError(upstream.headers, upstream.body);
-        // Note "XRPCClientError" is used instead of "XRPCServerError" in order to
-        // allow users of this function to capture & handle these errors (namely in
-        // "app.bsky.feed.getPostThread").
-        throw new xrpc_1.XRPCError(upstream.statusCode === 500
-            ? xrpc_1.ResponseType.UpstreamFailure
-            : upstream.statusCode, parsed.error, parsed.message, Object.fromEntries(responseHeaders(upstream.headers, false)), { cause: dispatchOptions });
+        throw new PipethroughUpstreamError(upstream, parsed, {
+            cause: dispatchOptions,
+        });
     }
     return upstream;
 }
 function handleUpstreamRequestError(err, message = 'Upstream service unreachable') {
     logger_1.httpLogger.error({ err }, message);
-    throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.UpstreamFailure, message, undefined, {
+    throw new xrpc_server_1.XRPCError(xrpc_server_1.ResponseType.UpstreamFailure, message, undefined, {
         cause: err,
     });
 }
@@ -293,7 +289,7 @@ async function bufferUpstreamResponse(readable, contentEncoding) {
     catch (err) {
         if (!readable.destroyed)
             readable.destroy();
-        throw new xrpc_server_1.XRPCError(xrpc_1.ResponseType.UpstreamFailure, err instanceof TypeError ? err.message : 'unable to decode request body', undefined, { cause: err });
+        throw new xrpc_server_1.XRPCError(xrpc_server_1.ResponseType.UpstreamFailure, err instanceof TypeError ? err.message : 'unable to decode request body', undefined, { cause: err });
     }
 }
 async function asPipeThroughBuffer(input) {
@@ -460,4 +456,25 @@ const safeString = (str) => {
 function logResponseError(err) {
     logger_1.httpLogger.warn({ err }, 'error forwarding upstream response');
 }
+class PipethroughUpstreamError extends xrpc_server_1.XRPCError {
+    constructor(upstream, payload, options) {
+        const status = upstream.statusCode === 500
+            ? xrpc_server_1.ResponseType.UpstreamFailure
+            : upstream.statusCode;
+        super(status, payload.message, payload.error, options);
+        Object.defineProperty(this, "upstream", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: upstream
+        });
+    }
+    get headers() {
+        return Object.fromEntries(responseHeaders(this.upstream.headers, false));
+    }
+    get error() {
+        return this.customErrorName ?? this.typeName;
+    }
+}
+exports.PipethroughUpstreamError = PipethroughUpstreamError;
 //# sourceMappingURL=pipethrough.js.map

package/dist/pipethrough.js.map

@@ -1 +1 @@
-{"version":3,"file":"pipethrough.js","sourceRoot":"","sources":["../src/pipethrough.ts"],"names":[],"mappings":";;;AAqIA,kCAgEC;AAKD,wCAcC;AAED,wCAcC;AA4JD,8CAGC;AAkED,kDAWC;AA8DD,oCAEC;AAnhBD,6CAA6D;AAG7D,4CAKwB;AAExB,wCAA0E;AAC1E,sDAS6B;AAC7B,yDAAsE;AACtE,6CAAiD;AAEjD,iDAAwC;AACxC,qCAAqC;AAE9B,MAAM,YAAY,GAAG,CAAC,GAAe,EAAmB,EAAE;IAC/D,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,CAAqB;QACrE,SAAS,EAAE,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC;KACtE,CAAC,CAAA;IAEF,OAAO,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC9B,eAAe;QACf,IAAI,CAAC;YACH,IACE,GAAG,CAAC,MAAM,KAAK,KAAK;gBACpB,GAAG,CAAC,MAAM,KAAK,MAAM;gBACrB,GAAG,CAAC,MAAM,KAAK,MAAM,EACrB,CAAC;gBACD,MAAM,IAAI,uBAAe,CACvB,mBAAY,CAAC,cAAc,EAC3B,0CAA0C,CAC3C,CAAA;YACH,CAAC;YAED,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;YACpD,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnC,qDAAqD;gBACrD,MAAM,IAAI,iCAAmB,CAAC,8BAA8B,CAAC,CAAA;YAC/D,CAAC;YAED,MAAM,GAAG,GAAG,IAAA,0BAAY,EAAC,GAAG,CAAC,CAAA;YAC7B,IAAI,yBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAI,iCAAmB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACnE,CAAC;YAED,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAErE,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;YAExE,MAAM,EAAE,WAAW,EAAE,GAAG,IAAA,gCAAkB,EAAC,UAAU,CAAC,CAAA;YAEtD,IACE,WAAW,CAAC,IAAI,KAAK,QAAQ;gBAC7B,CAAC,IAAA,+BAAkB,EAAC,WAAW,CAAC,KAAK,CAAC;gBACtC,0BAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAC3B,CAAC;gBACD,MAAM,IAAI,iCAAmB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACnE,CAAC;YAED,MAAM,OAAO,GAAwB;gBACnC,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,IAAI,UAAU;gBAC/D,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;gBACjD,yBAAyB,EAAE,GAAG,CAAC,OAAO,CAAC,yBAAyB,CAAC;gBACjE,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;gBAE7C,cAAc,EAAE,IAAI,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;gBACnD,kBAAkB,EAAE,IAAI,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC;gBAC3D,gBAAgB,EAAE,IAAI,IAAI,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC;gBAEvD,aAAa,EAAE,UAAU,MAAM,GAAG,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE;aAC/E,CAAA;YAED,MAAM,eAAe,GAA8B;gBACjD,MAAM;gBACN,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,IAAI,EAAE,GAAG,CAAC,WAAW;gBACrB,IAAI;gBACJ,OAAO;aACR,CAAA;YAED,MAAM,iBAAiB,CAAC,GAAG,EAAE,eAAe,EAAE,CAAC,QAAQ,EAAE,EAAE;gBACzD,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;gBAE/B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC5D,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;gBAC1B,CAAC;gBAED,uEAAuE;gBACvE,wEAAwE;gBACxE,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAA;gBAEjC,sEAAsE;gBACtE,OAAO,GAAG,CAAA;YACZ,CAAC,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAA;AACH,CAAC,CAAA;AAnFY,QAAA,YAAY,gBAmFxB;AAsBM,KAAK,UAAU,WAAW,CAC/B,GAAe,EACf,GAAY,EACZ,OAA4B;IAQ5B,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAClD,0EAA0E;QAC1E,2EAA2E;QAC3E,2EAA2E;QAC3E,sEAAsE;QACtE,iEAAiE;QACjE,eAAe;QACf,MAAM,IAAI,iCAAmB,CAC3B,eAAe,GAAG,CAAC,MAAM,4BAA4B,CACtD,CAAA;IACH,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,0BAAY,EAAC,GAAG,CAAC,CAAA;IAE7B,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;IAErE,MAAM,eAAe,GAA8B;QACjD,MAAM;QACN,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,IAAI,EAAE,GAAG,CAAC,WAAW;QACrB,OAAO,EAAE;YACP,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;YACjD,yBAAyB,EAAE,GAAG,CAAC,OAAO,CAAC,yBAAyB,CAAC;YACjE,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;YAE7C,mEAAmE;YACnE,uEAAuE;YACvE,0EAA0E;YAC1E,wEAAwE;YACxE,kEAAkE;YAClE,iBAAiB,EAAE,IAAA,wCAA2B,EAC5C,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAC9B,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAC/B;YAED,aAAa,EAAE,OAAO,EAAE,GAAG;gBACzB,CAAC,CAAC,UAAU,MAAM,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE;gBAC3F,CAAC,CAAC,SAAS;SACd;QAED,mEAAmE;QACnE,uEAAuE;QACvE,gDAAgD;QAChD,aAAa,EAAE,CAAC,GAAG,KAAK,EAAE,4BAA4B;KACvD,CAAA;IAED,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAA;IAExE,OAAO;QACL,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,IAAI,kBAAkB;QACnE,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,EAAE,IAAI;KACb,CAAA;AACH,CAAC;AAED,2BAA2B;AAC3B,sBAAsB;AAEtB,SAAgB,cAAc,CAC5B,GAAe,EACf,GAAY,EACZ,GAAW;IAEX,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;IACjD,IAAI,aAAa;QAAE,OAAO,aAAa,CAAA;IAEvC,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IACxC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,IAAI,OAAO,CAAC,SAAS,EAAE,CAAA;IAC1D,CAAC;IAED,MAAM,IAAI,iCAAmB,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAA;AACnE,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,GAAe,EACf,GAAY,EACZ,GAAW;IAEX,eAAe;IAEf,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;IACjD,IAAI,aAAa;QAAE,OAAO,IAAA,wBAAgB,EAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAE9D,MAAM,EAAE,WAAW,EAAE,GAAG,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IAChD,IAAI,WAAW;QAAE,OAAO,WAAW,CAAA;IAEnC,MAAM,IAAI,iCAAmB,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAA;AACnE,CAAC;AAEM,MAAM,gBAAgB,GAAG,KAAK;AACnC,kDAAkD;AAClD,GAA2C,EAC3C,OAAe,EACwB,EAAE;IACzC,eAAe;IAEf,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAEtC,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,iCAAmB,CAAC,kCAAkC,CAAC,CAAA;IACnE,CAAC;IAED,IAAI,SAAS,KAAK,CAAC,CAAC,IAAI,SAAS,KAAK,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,iCAAmB,CAAC,yCAAyC,CAAC,CAAA;IAC1E,CAAC;IAED,qBAAqB;IACrB,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,iCAAmB,CAAC,6BAA6B,CAAC,CAAA;IAC9D,CAAC;IAED,mBAAmB;IACnB,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,iCAAmB,CAAC,oCAAoC,CAAC,CAAA;IACrE,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAA;IAEvC,sFAAsF;IACtF,IACE,GAAG,CAAC,GAAG,CAAC,WAAW;QACnB,OAAO,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,eAAe,EACrD,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,EAAE,CAAA;IAC9C,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACpD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,iCAAmB,CAAC,6BAA6B,CAAC,CAAA;IAC9D,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IAC1C,MAAM,GAAG,GAAG,IAAA,2BAAkB,EAAC,MAAM,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;IACzD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,iCAAmB,CAAC,yCAAyC,CAAC,CAAA;IAC1E,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;AACrB,CAAC,CAAA;AAjDY,QAAA,gBAAgB,oBAiD5B;AAED;;;;;GAKG;AACH,KAAK,UAAU,iBAAiB,CAC9B,GAAe,EACf,eAA0C,EAC1C,oBAA8C;IAE9C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,KAAK,GAAG,CAAC,UAAU;aAChB,MAAM,CAAC,eAAe,EAAE,CAAC,QAAQ,EAAE,EAAE;YACpC,IAAI,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;gBAC/B,MAAM,WAAW,GAAG,IAAI,yBAAW,EAAE,CAAA;gBAErC,KAAK,eAAe,CAAC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;oBAClE,MAAM,SAAS,GAAG,IAAI,gBAAe,CACnC,QAAQ,CAAC,UAAU,KAAK,GAAG;wBACzB,CAAC,CAAC,mBAAY,CAAC,eAAe;wBAC9B,CAAC,CAAC,QAAQ,CAAC,UAAU,EACvB,MAAM,CAAC,KAAK,EACZ,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,EAC5D,EAAE,KAAK,EAAE,eAAe,EAAE,CAC3B,CAAA;oBAED,MAAM,CAAC,SAAS,CAAC,CAAA;gBACnB,CAAC,EAAE,MAAM,CAAC,CAAA;gBAEV,OAAO,WAAW,CAAA;YACpB,CAAC;YAED,MAAM,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAA;YAE/C,oEAAoE;YACpE,uEAAuE;YACvE,wEAAwE;YACxE,mEAAmE;YACnE,sEAAsE;YACtE,0CAA0C;YAC1C,OAAO,EAAE,CAAA;YAET,OAAO,QAAQ,CAAA;QACjB,CAAC,CAAC;YACF,yEAAyE;YACzE,0EAA0E;YAC1E,yEAAyE;YACzE,sEAAsE;aACrE,KAAK,CAAC,0BAA0B,CAAC;aACjC,KAAK,CAAC,MAAM,CAAC,CAAA;IAClB,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,kBAAkB,CAC/B,GAAe,EACf,eAA0C;IAE1C,4EAA4E;IAC5E,uDAAuD;IAEvD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU;SAClC,OAAO,CAAC,eAAe,CAAC;SACxB,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAEpC,IAAI,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAA;QAErE,0EAA0E;QAC1E,2EAA2E;QAC3E,kCAAkC;QAClC,MAAM,IAAI,gBAAe,CACvB,QAAQ,CAAC,UAAU,KAAK,GAAG;YACzB,CAAC,CAAC,mBAAY,CAAC,eAAe;YAC9B,CAAC,CAAC,QAAQ,CAAC,UAAU,EACvB,MAAM,CAAC,KAAK,EACZ,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,EAC5D,EAAE,KAAK,EAAE,eAAe,EAAE,CAC3B,CAAA;IACH,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAS,0BAA0B,CACjC,GAAY,EACZ,OAAO,GAAG,8BAA8B;IAExC,mBAAU,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,OAAO,CAAC,CAAA;IAClC,MAAM,IAAI,uBAAe,CAAC,mBAAY,CAAC,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE;QAC1E,KAAK,EAAE,GAAG;KACX,CAAC,CAAA;AACJ,CAAC;AAED,6BAA6B;AAC7B,sBAAsB;AAEtB,SAAgB,iBAAiB,CAAC,WAAoB;IACpD,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAA;IAClC,OAAO,8BAA8B,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;AACzD,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,OAA4B,EAC5B,QAAkB;IAElB,IAAI,iBAAiB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;QACzD,2EAA2E;QAC3E,kBAAkB;QAElB,yEAAyE;QACzE,wEAAwE;QACxE,4EAA4E;QAC5E,uEAAuE;QACvE,8DAA8D;QAE9D,qEAAqE;QACrE,4EAA4E;QAC5E,kDAAkD;QAElD,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,EAAE;YACzB,QAAQ,CAAC,OAAO,EAAE,CAAA;QACpB,CAAC,EAAE,GAAG,CAAC,CAAA;QACP,IAAA,sBAAQ,EAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE;YAC1B,YAAY,CAAC,EAAE,CAAC,CAAA;QAClB,CAAC,CAAC,CAAA;QACF,QAAQ,CAAC,MAAM,EAAE,CAAA;QAEjB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,sBAAsB,CACzC,QAAQ,EACR,OAAO,CAAC,kBAAkB,CAAC,CAC5B,CAAA;QAED,MAAM,OAAO,GAAY,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAA;QAC5D,OAAO;YACL,KAAK,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC;YACrC,OAAO,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC;SAC1C,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,wDAAwD;QACxD,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,QAAkB,EAClB,eAAmC;IAEnC,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,2BAAkB,EAAC,IAAA,qBAAY,EAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAA;IAC1E,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,QAAQ,CAAC,SAAS;YAAE,QAAQ,CAAC,OAAO,EAAE,CAAA;QAE3C,MAAM,IAAI,uBAAe,CACvB,mBAAY,CAAC,eAAe,EAC5B,GAAG,YAAY,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,+BAA+B,EACxE,SAAS,EACT,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAA;IACH,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,KAA+B;IAE/B,OAAO;QACL,MAAM,EAAE,MAAM,sBAAsB,CAClC,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,OAAO,EAAE,CAAC,kBAAkB,CAAC,CACpC;QACD,OAAO,EAAE,IAAA,aAAI,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;QACpE,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAA;AACH,CAAC;AAED,8BAA8B;AAC9B,sBAAsB;AAEtB,MAAM,sBAAsB,GAAG;IAC7B,kBAAkB;IAClB,0BAA0B;IAC1B,aAAa;CACd,CAAA;AAED,QAAQ,CAAC,CAAC,eAAe,CACvB,OAA4B,EAC5B,qBAAqB,GAAG,IAAI;IAE5B,IAAI,qBAAqB,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAA;QACxC,IAAI,MAAM;YAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAA;QAE5C,MAAM,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAA;QAC5C,IAAI,QAAQ;YAAE,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAA;QAElD,MAAM,IAAI,GAAG,OAAO,CAAC,cAAc,CAAC,CAAA;QACpC,IAAI,IAAI;YAAE,MAAM,CAAC,cAAc,EAAE,IAAI,CAAC,CAAA;QAEtC,MAAM,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAA;QAC5C,IAAI,QAAQ;YAAE,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,sBAAsB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvD,MAAM,IAAI,GAAG,sBAAsB,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;QAEzB,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;YAChB,MAAM,KAAK,GAAW,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;YAC9D,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;AACH,CAAC;AAED,QAAQ;AACR,sBAAsB;AAEtB;;;GAGG;AACH,MAAa,MAAM;IAGjB,YAAY,KAAuB;QAF3B;;;;;WAAkB;QAClB;;;;;WAA0B;QAEhC,IAAI,CAAC,KAAK,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC,CAAA;QACrD,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAA;IACvB,CAAC;IACD,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;IAC1C,CAAC;IACD,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAChB,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;CACF;AAbD,wBAaC;AAED,SAAgB,YAAY,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,WAAW,EAAE,CAAA;AAC1B,CAAC;AAEY,QAAA,iBAAiB,GAAG,IAAI,MAAM,CAAC;IAC1C,cAAG,CAAC,0BAA0B;IAC9B,cAAG,CAAC,8BAA8B;IAClC,cAAG,CAAC,iCAAiC;IACrC,cAAG,CAAC,qBAAqB;IACzB,cAAG,CAAC,+BAA+B;IACnC,cAAG,CAAC,mBAAmB;IACvB,cAAG,CAAC,wBAAwB;IAC5B,cAAG,CAAC,uBAAuB;IAC3B,cAAG,CAAC,uBAAuB;IAC3B,cAAG,CAAC,sBAAsB;IAC1B,cAAG,CAAC,wBAAwB;IAC5B,cAAG,CAAC,6BAA6B;IACjC,cAAG,CAAC,wBAAwB;IAC5B,cAAG,CAAC,uBAAuB;CAC5B,CAAC,CAAA;AAEW,QAAA,kBAAkB,GAAG,IAAI,MAAM,CAAC;IAC3C,GAAG,yBAAiB;IACpB,cAAG,CAAC,6BAA6B;CAClC,CAAC,CAAA;AAEF,+EAA+E;AAC/E,8EAA8E;AAC9E,8BAA8B;AACjB,QAAA,iBAAiB,GAAG,IAAI,MAAM,CAAC;IAC1C,cAAG,CAAC,wBAAwB;IAC5B,cAAG,CAAC,8CAA8C;IAClD,cAAG,CAAC,kCAAkC;IACtC,cAAG,CAAC,8BAA8B;IAClC,cAAG,CAAC,+BAA+B;IACnC,cAAG,CAAC,4BAA4B;IAChC,cAAG,CAAC,iCAAiC;IACrC,cAAG,CAAC,iCAAiC;IACrC,cAAG,CAAC,qCAAqC;IACzC,cAAG,CAAC,0BAA0B;IAC9B,cAAG,CAAC,gCAAgC;IACpC,cAAG,CAAC,oCAAoC;IACxC,cAAG,CAAC,wCAAwC;IAC5C,cAAG,CAAC,kCAAkC;IACtC,cAAG,CAAC,iCAAiC;IACrC,cAAG,CAAC,2BAA2B;CAChC,CAAC,CAAA;AAEF,MAAM,cAAc,GAAG,CACrB,GAAe,EACf,IAAY,EAIZ,EAAE;IACF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,cAAG,CAAC,uBAAuB,CAAC;QACjC,KAAK,cAAG,CAAC,0BAA0B,CAAC;QACpC,KAAK,cAAG,CAAC,0BAA0B,CAAC;QACpC,KAAK,cAAG,CAAC,yBAAyB,CAAC;QACnC,KAAK,cAAG,CAAC,qCAAqC,CAAC;QAC/C,KAAK,cAAG,CAAC,qCAAqC,CAAC;QAC/C,KAAK,cAAG,CAAC,qCAAqC,CAAC;QAC/C,KAAK,cAAG,CAAC,oCAAoC,CAAC;QAC9C,KAAK,cAAG,CAAC,6BAA6B,CAAC;QACvC,KAAK,cAAG,CAAC,4BAA4B,CAAC;QACtC,KAAK,cAAG,CAAC,6BAA6B,CAAC;QACvC,KAAK,cAAG,CAAC,2BAA2B,CAAC;QACrC,KAAK,cAAG,CAAC,+BAA+B,CAAC;QACzC,KAAK,cAAG,CAAC,iCAAiC,CAAC;QAC3C,KAAK,cAAG,CAAC,+BAA+B,CAAC;QACzC,KAAK,cAAG,CAAC,sCAAsC,CAAC;QAChD,KAAK,cAAG,CAAC,uCAAuC,CAAC;QACjD,KAAK,cAAG,CAAC,wCAAwC,CAAC;QAClD,KAAK,cAAG,CAAC,yCAAyC,CAAC;QACnD,KAAK,cAAG,CAAC,yBAAyB,CAAC;QACnC,KAAK,cAAG,CAAC,4BAA4B,CAAC;QACtC,KAAK,cAAG,CAAC,4BAA4B,CAAC;QACtC,KAAK,cAAG,CAAC,6BAA6B,CAAC;QACvC,KAAK,cAAG,CAAC,4BAA4B,CAAC;QACtC,KAAK,cAAG,CAAC,wCAAwC,CAAC;QAClD,KAAK,cAAG,CAAC,0CAA0C,CAAC;QACpD,KAAK,cAAG,CAAC,kCAAkC;YACzC,OAAO;gBACL,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU;aAChC,CAAA;QACH,KAAK,cAAG,CAAC,gCAAgC;YACvC,OAAO;gBACL,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,GAAG,CAAC,GAAG,CAAC,aAAa;aACnC,CAAA;QACH;YACE,OAAO;gBACL,SAAS,EAAE,cAAc;gBACzB,WAAW,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW;aACjC,CAAA;IACL,CAAC;AACH,CAAC,CAAA;AAED,MAAM,UAAU,GAAG,CAAC,GAAY,EAAsB,EAAE;IACtD,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;AAClD,CAAC,CAAA;AAED,SAAS,gBAAgB,CAAuB,GAAY;IAC1D,mBAAU,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,oCAAoC,CAAC,CAAA;AAChE,CAAC","sourcesContent":["import { IncomingHttpHeaders, ServerResponse } from 'node:http'\nimport { PassThrough, Readable, finished } from 'node:stream'\nimport { Request } from 'express'\nimport { Dispatcher } from 'undici'\nimport {\n  decodeStream,\n  getServiceEndpoint,\n  omit,\n  streamToNodeBuffer,\n} from '@atproto/common'\nimport { RpcPermissionMatch } from '@atproto/oauth-scopes'\nimport { ResponseType, XRPCError as XRPCClientError } from '@atproto/xrpc'\nimport {\n  CatchallHandler,\n  HandlerPipeThroughBuffer,\n  HandlerPipeThroughStream,\n  InternalServerError,\n  InvalidRequestError,\n  XRPCError as XRPCServerError,\n  excludeErrorResult,\n  parseReqNsid,\n} from '@atproto/xrpc-server'\nimport { buildProxiedContentEncoding } from '@atproto-labs/xrpc-utils'\nimport { isAccessPrivileged } from './auth-scope'\nimport { AppContext } from './context'\nimport { ids } from './lexicon/lexicons'\nimport { httpLogger } from './logger'\n\nexport const proxyHandler = (ctx: AppContext): CatchallHandler => {\n  const performAuth = ctx.authVerifier.authorization<RpcPermissionMatch>({\n    authorize: (permissions, { params }) => permissions.assertRpc(params),\n  })\n\n  return async (req, res, next) => {\n    // /!\\ Hot path\n    try {\n      if (\n        req.method !== 'GET' &&\n        req.method !== 'HEAD' &&\n        req.method !== 'POST'\n      ) {\n        throw new XRPCServerError(\n          ResponseType.InvalidRequest,\n          'XRPC requests only supports GET and POST',\n        )\n      }\n\n      const body = req.method === 'POST' ? req : undefined\n      if (body != null && !body.readable) {\n        // Body was already consumed by a previous middleware\n        throw new InternalServerError('Request body is not readable')\n      }\n\n      const lxm = parseReqNsid(req)\n      if (PROTECTED_METHODS.has(lxm)) {\n        throw new InvalidRequestError('Bad token method', 'InvalidToken')\n      }\n\n      const { url: origin, did: aud } = await parseProxyInfo(ctx, req, lxm)\n\n      const authResult = await performAuth({ req, res, params: { lxm, aud } })\n\n      const { credentials } = excludeErrorResult(authResult)\n\n      if (\n        credentials.type === 'access' &&\n        !isAccessPrivileged(credentials.scope) &&\n        PRIVILEGED_METHODS.has(lxm)\n      ) {\n        throw new InvalidRequestError('Bad token method', 'InvalidToken')\n      }\n\n      const headers: IncomingHttpHeaders = {\n        'accept-encoding': req.headers['accept-encoding'] || 'identity',\n        'accept-language': req.headers['accept-language'],\n        'atproto-accept-labelers': req.headers['atproto-accept-labelers'],\n        'x-bsky-topics': req.headers['x-bsky-topics'],\n\n        'content-type': body && req.headers['content-type'],\n        'content-encoding': body && req.headers['content-encoding'],\n        'content-length': body && req.headers['content-length'],\n\n        authorization: `Bearer ${await ctx.serviceAuthJwt(credentials.did, aud, lxm)}`,\n      }\n\n      const dispatchOptions: Dispatcher.RequestOptions = {\n        origin,\n        method: req.method,\n        path: req.originalUrl,\n        body,\n        headers,\n      }\n\n      await pipethroughStream(ctx, dispatchOptions, (upstream) => {\n        res.status(upstream.statusCode)\n\n        for (const [name, val] of responseHeaders(upstream.headers)) {\n          res.setHeader(name, val)\n        }\n\n        // Note that we should not need to manually handle errors here (e.g. by\n        // destroying the response), as the http server will handle them for us.\n        res.on('error', logResponseError)\n\n        // Tell undici to write the upstream response directly to the response\n        return res\n      })\n    } catch (err) {\n      next(err)\n    }\n  }\n}\n\nexport type PipethroughOptions = {\n  /**\n   * Specify the issuer (requester) for service auth. If not provided, no\n   * authorization headers will be added to the request.\n   */\n  iss?: string\n\n  /**\n   * Override the audience for service auth. If not provided, the audience will\n   * be determined based on the proxy service.\n   */\n  aud?: string\n\n  /**\n   * Override the lexicon method for service auth. If not provided, the lexicon\n   * method will be determined based on the request path.\n   */\n  lxm?: string\n}\n\nexport async function pipethrough(\n  ctx: AppContext,\n  req: Request,\n  options?: PipethroughOptions,\n): Promise<\n  HandlerPipeThroughStream & {\n    stream: Readable\n    headers: Record<string, string>\n    encoding: string\n  }\n> {\n  if (req.method !== 'GET' && req.method !== 'HEAD') {\n    // pipethrough() is used from within xrpcServer handlers, which means that\n    // the request body either has been parsed or is a readable stream that has\n    // been piped for decoding & size limiting. Because of this, forwarding the\n    // request body requires re-encoding it. Since we currently do not use\n    // pipethrough() with procedures, proxying of request body is not\n    // implemented.\n    throw new InternalServerError(\n      `Proxying of ${req.method} requests is not supported`,\n    )\n  }\n\n  const lxm = parseReqNsid(req)\n\n  const { url: origin, did: aud } = await parseProxyInfo(ctx, req, lxm)\n\n  const dispatchOptions: Dispatcher.RequestOptions = {\n    origin,\n    method: req.method,\n    path: req.originalUrl,\n    headers: {\n      'accept-language': req.headers['accept-language'],\n      'atproto-accept-labelers': req.headers['atproto-accept-labelers'],\n      'x-bsky-topics': req.headers['x-bsky-topics'],\n\n      // Because we sometimes need to interpret the response (e.g. during\n      // read-after-write, through asPipeThroughBuffer()), we need to ask the\n      // upstream server for an encoding that both the requester and the PDS can\n      // understand. Since we might have to do the decoding ourselves, we will\n      // use our own preferences (and weight) to negotiate the encoding.\n      'accept-encoding': buildProxiedContentEncoding(\n        req.headers['accept-encoding'],\n        ctx.cfg.proxy.preferCompressed,\n      ),\n\n      authorization: options?.iss\n        ? `Bearer ${await ctx.serviceAuthJwt(options.iss, options.aud ?? aud, options.lxm ?? lxm)}`\n        : undefined,\n    },\n\n    // Use a high water mark to buffer more data while performing async\n    // operations before this stream is consumed. This is especially useful\n    // while processing read-after-write operations.\n    highWaterMark: 2 * 65536, // twice the default (64KiB)\n  }\n\n  const { headers, body } = await pipethroughRequest(ctx, dispatchOptions)\n\n  return {\n    encoding: safeString(headers['content-type']) ?? 'application/json',\n    headers: Object.fromEntries(responseHeaders(headers)),\n    stream: body,\n  }\n}\n\n// Request setup/formatting\n// -------------------\n\nexport function computeProxyTo(\n  ctx: AppContext,\n  req: Request,\n  lxm: string,\n): string {\n  const proxyToHeader = req.header('atproto-proxy')\n  if (proxyToHeader) return proxyToHeader\n\n  const service = defaultService(ctx, lxm)\n  if (service.serviceInfo) {\n    return `${service.serviceInfo.did}#${service.serviceId}`\n  }\n\n  throw new InvalidRequestError(`No service configured for ${lxm}`)\n}\n\nexport async function parseProxyInfo(\n  ctx: AppContext,\n  req: Request,\n  lxm: string,\n): Promise<{ url: string; did: string }> {\n  // /!\\ Hot path\n\n  const proxyToHeader = req.header('atproto-proxy')\n  if (proxyToHeader) return parseProxyHeader(ctx, proxyToHeader)\n\n  const { serviceInfo } = defaultService(ctx, lxm)\n  if (serviceInfo) return serviceInfo\n\n  throw new InvalidRequestError(`No service configured for ${lxm}`)\n}\n\nexport const parseProxyHeader = async (\n  // Using subset of AppContext for testing purposes\n  ctx: Pick<AppContext, 'cfg' | 'idResolver'>,\n  proxyTo: string,\n): Promise<{ did: string; url: string }> => {\n  // /!\\ Hot path\n\n  const hashIndex = proxyTo.indexOf('#')\n\n  if (hashIndex === 0) {\n    throw new InvalidRequestError('no did specified in proxy header')\n  }\n\n  if (hashIndex === -1 || hashIndex === proxyTo.length - 1) {\n    throw new InvalidRequestError('no service id specified in proxy header')\n  }\n\n  // More than one hash\n  if (proxyTo.indexOf('#', hashIndex + 1) !== -1) {\n    throw new InvalidRequestError('invalid proxy header format')\n  }\n\n  // Basic validation\n  if (proxyTo.includes(' ')) {\n    throw new InvalidRequestError('proxy header cannot contain spaces')\n  }\n\n  const did = proxyTo.slice(0, hashIndex)\n\n  // Special case a configured appview, while still proxying correctly any other appview\n  if (\n    ctx.cfg.bskyAppView &&\n    proxyTo === `${ctx.cfg.bskyAppView.did}#bsky_appview`\n  ) {\n    return { did, url: ctx.cfg.bskyAppView.url }\n  }\n\n  const didDoc = await ctx.idResolver.did.resolve(did)\n  if (!didDoc) {\n    throw new InvalidRequestError('could not resolve proxy did')\n  }\n\n  const serviceId = proxyTo.slice(hashIndex)\n  const url = getServiceEndpoint(didDoc, { id: serviceId })\n  if (!url) {\n    throw new InvalidRequestError('could not resolve proxy did service url')\n  }\n\n  return { did, url }\n}\n\n/**\n * Utility function that wraps the undici stream() function and handles request\n * and response errors by wrapping them in XRPCError instances. This function is\n * more efficient than \"pipethroughRequest\" when a writable stream to pipe the\n * upstream response to is available.\n */\nasync function pipethroughStream(\n  ctx: AppContext,\n  dispatchOptions: Dispatcher.RequestOptions,\n  successStreamFactory: Dispatcher.StreamFactory,\n): Promise<void> {\n  return new Promise<void>((resolve, reject) => {\n    void ctx.proxyAgent\n      .stream(dispatchOptions, (upstream) => {\n        if (upstream.statusCode >= 400) {\n          const passThrough = new PassThrough()\n\n          void tryParsingError(upstream.headers, passThrough).then((parsed) => {\n            const xrpcError = new XRPCClientError(\n              upstream.statusCode === 500\n                ? ResponseType.UpstreamFailure\n                : upstream.statusCode,\n              parsed.error,\n              parsed.message,\n              Object.fromEntries(responseHeaders(upstream.headers, false)),\n              { cause: dispatchOptions },\n            )\n\n            reject(xrpcError)\n          }, reject)\n\n          return passThrough\n        }\n\n        const writable = successStreamFactory(upstream)\n\n        // As soon as the control was passed to the writable stream (i.e. by\n        // returning the writable hereafter), pipethroughStream() is considered\n        // to have succeeded. Any error occurring while writing upstream data to\n        // the writable stream should be handled through the stream's error\n        // state (i.e. successStreamFactory() must ensure that error events on\n        // the returned writable will be handled).\n        resolve()\n\n        return writable\n      })\n      // The following catch block will be triggered with either network errors\n      // or writable stream errors. In the latter case, the promise will already\n      // be resolved, and reject()ing it there after will have no effect. Those\n      // error would still be logged by the successStreamFactory() function.\n      .catch(handleUpstreamRequestError)\n      .catch(reject)\n  })\n}\n\n/**\n * Utility function that wraps the undici request() function and handles request\n * and response errors by wrapping them in XRPCError instances.\n */\nasync function pipethroughRequest(\n  ctx: AppContext,\n  dispatchOptions: Dispatcher.RequestOptions,\n) {\n  // HandlerPipeThroughStream requires a readable stream to be returned, so we\n  // use the (less efficient) request() function instead.\n\n  const upstream = await ctx.proxyAgent\n    .request(dispatchOptions)\n    .catch(handleUpstreamRequestError)\n\n  if (upstream.statusCode >= 400) {\n    const parsed = await tryParsingError(upstream.headers, upstream.body)\n\n    // Note \"XRPCClientError\" is used instead of \"XRPCServerError\" in order to\n    // allow users of this function to capture & handle these errors (namely in\n    // \"app.bsky.feed.getPostThread\").\n    throw new XRPCClientError(\n      upstream.statusCode === 500\n        ? ResponseType.UpstreamFailure\n        : upstream.statusCode,\n      parsed.error,\n      parsed.message,\n      Object.fromEntries(responseHeaders(upstream.headers, false)),\n      { cause: dispatchOptions },\n    )\n  }\n\n  return upstream\n}\n\nfunction handleUpstreamRequestError(\n  err: unknown,\n  message = 'Upstream service unreachable',\n): never {\n  httpLogger.error({ err }, message)\n  throw new XRPCServerError(ResponseType.UpstreamFailure, message, undefined, {\n    cause: err,\n  })\n}\n\n// Request parsing/forwarding\n// -------------------\n\nexport function isJsonContentType(contentType?: string): boolean | undefined {\n  if (!contentType) return undefined\n  return /application\\/(?:\\w+\\+)?json/i.test(contentType)\n}\n\nasync function tryParsingError(\n  headers: IncomingHttpHeaders,\n  readable: Readable,\n): Promise<{ error?: string; message?: string }> {\n  if (isJsonContentType(headers['content-type']) === false) {\n    // We don't known how to parse non JSON content types so we can discard the\n    // whole response.\n\n    // Since we don't care about the response, we would normally just destroy\n    // the stream. However, if the underlying HTTP connection is an HTTP/1.1\n    // connection, this also destroys the underlying (keep-alive) TCP socket. In\n    // order to avoid destroying the TCP socket, while avoiding the cost of\n    // consuming too much IO, we give it a chance to finish first.\n\n    // @NOTE we need to listen (and ignore) \"error\" events, otherwise the\n    // process could crash (since we drain the stream asynchronously here). This\n    // is performed through the \"finished\" call below.\n\n    const to = setTimeout(() => {\n      readable.destroy()\n    }, 100)\n    finished(readable, (_err) => {\n      clearTimeout(to)\n    })\n    readable.resume()\n\n    return {}\n  }\n\n  try {\n    const buffer = await bufferUpstreamResponse(\n      readable,\n      headers['content-encoding'],\n    )\n\n    const errInfo: unknown = JSON.parse(buffer.toString('utf8'))\n    return {\n      error: safeString(errInfo?.['error']),\n      message: safeString(errInfo?.['message']),\n    }\n  } catch (err) {\n    // Failed to read, decode, buffer or parse. No big deal.\n    return {}\n  }\n}\n\nasync function bufferUpstreamResponse(\n  readable: Readable,\n  contentEncoding?: string | string[],\n): Promise<Buffer> {\n  try {\n    return await streamToNodeBuffer(decodeStream(readable, contentEncoding))\n  } catch (err) {\n    if (!readable.destroyed) readable.destroy()\n\n    throw new XRPCServerError(\n      ResponseType.UpstreamFailure,\n      err instanceof TypeError ? err.message : 'unable to decode request body',\n      undefined,\n      { cause: err },\n    )\n  }\n}\n\nexport async function asPipeThroughBuffer(\n  input: HandlerPipeThroughStream,\n): Promise<HandlerPipeThroughBuffer> {\n  return {\n    buffer: await bufferUpstreamResponse(\n      input.stream,\n      input.headers?.['content-encoding'],\n    ),\n    headers: omit(input.headers, ['content-encoding', 'content-length']),\n    encoding: input.encoding,\n  }\n}\n\n// Response parsing/forwarding\n// -------------------\n\nconst RES_HEADERS_TO_FORWARD = [\n  'atproto-repo-rev',\n  'atproto-content-labelers',\n  'retry-after',\n]\n\nfunction* responseHeaders(\n  headers: IncomingHttpHeaders,\n  includeContentHeaders = true,\n): Generator<[string, string]> {\n  if (includeContentHeaders) {\n    const length = headers['content-length']\n    if (length) yield ['content-length', length]\n\n    const encoding = headers['content-encoding']\n    if (encoding) yield ['content-encoding', encoding]\n\n    const type = headers['content-type']\n    if (type) yield ['content-type', type]\n\n    const language = headers['content-language']\n    if (language) yield ['content-language', language]\n  }\n\n  for (let i = 0; i < RES_HEADERS_TO_FORWARD.length; i++) {\n    const name = RES_HEADERS_TO_FORWARD[i]\n    const val = headers[name]\n\n    if (val != null) {\n      const value: string = Array.isArray(val) ? val.join(',') : val\n      yield [name, value]\n    }\n  }\n}\n\n// Utils\n// -------------------\n\n/**\n * Performs lexicon method matching on a set of methods,\n * taking into account that they are treated case-insensitively.\n */\nexport class LxmSet {\n  private inner: Set<string>\n  private original: Iterable<string>\n  constructor(items: Iterable<string>) {\n    this.inner = new Set(Array.from(items, normalizeLxm))\n    this.original = items\n  }\n  has(lxm: string) {\n    return this.inner.has(normalizeLxm(lxm))\n  }\n  *[Symbol.iterator](): Iterator<string> {\n    yield* this.original\n  }\n}\n\nexport function normalizeLxm(lxm: string) {\n  return lxm.toLowerCase()\n}\n\nexport const CHAT_BSKY_METHODS = new LxmSet([\n  ids.ChatBskyActorDeleteAccount,\n  ids.ChatBskyActorExportAccountData,\n  ids.ChatBskyConvoDeleteMessageForSelf,\n  ids.ChatBskyConvoGetConvo,\n  ids.ChatBskyConvoGetConvoForMembers,\n  ids.ChatBskyConvoGetLog,\n  ids.ChatBskyConvoGetMessages,\n  ids.ChatBskyConvoLeaveConvo,\n  ids.ChatBskyConvoListConvos,\n  ids.ChatBskyConvoMuteConvo,\n  ids.ChatBskyConvoSendMessage,\n  ids.ChatBskyConvoSendMessageBatch,\n  ids.ChatBskyConvoUnmuteConvo,\n  ids.ChatBskyConvoUpdateRead,\n])\n\nexport const PRIVILEGED_METHODS = new LxmSet([\n  ...CHAT_BSKY_METHODS,\n  ids.ComAtprotoServerCreateAccount,\n])\n\n// These endpoints are related to account management and must be used directly,\n// not proxied or service-authed. Service auth may be utilized between PDS and\n// entryway for these methods.\nexport const PROTECTED_METHODS = new LxmSet([\n  ids.ComAtprotoAdminSendEmail,\n  ids.ComAtprotoIdentityRequestPlcOperationSignature,\n  ids.ComAtprotoIdentitySignPlcOperation,\n  ids.ComAtprotoIdentityUpdateHandle,\n  ids.ComAtprotoServerActivateAccount,\n  ids.ComAtprotoServerConfirmEmail,\n  ids.ComAtprotoServerCreateAppPassword,\n  ids.ComAtprotoServerDeactivateAccount,\n  ids.ComAtprotoServerGetAccountInviteCodes,\n  ids.ComAtprotoServerGetSession,\n  ids.ComAtprotoServerListAppPasswords,\n  ids.ComAtprotoServerRequestAccountDelete,\n  ids.ComAtprotoServerRequestEmailConfirmation,\n  ids.ComAtprotoServerRequestEmailUpdate,\n  ids.ComAtprotoServerRevokeAppPassword,\n  ids.ComAtprotoServerUpdateEmail,\n])\n\nconst defaultService = (\n  ctx: AppContext,\n  nsid: string,\n): {\n  serviceId: string\n  serviceInfo: { url: string; did: string } | null\n} => {\n  switch (nsid) {\n    case ids.ToolsOzoneTeamAddMember:\n    case ids.ToolsOzoneTeamDeleteMember:\n    case ids.ToolsOzoneTeamUpdateMember:\n    case ids.ToolsOzoneTeamListMembers:\n    case ids.ToolsOzoneCommunicationCreateTemplate:\n    case ids.ToolsOzoneCommunicationDeleteTemplate:\n    case ids.ToolsOzoneCommunicationUpdateTemplate:\n    case ids.ToolsOzoneCommunicationListTemplates:\n    case ids.ToolsOzoneModerationEmitEvent:\n    case ids.ToolsOzoneModerationGetEvent:\n    case ids.ToolsOzoneModerationGetRecord:\n    case ids.ToolsOzoneModerationGetRepo:\n    case ids.ToolsOzoneModerationQueryEvents:\n    case ids.ToolsOzoneModerationQueryStatuses:\n    case ids.ToolsOzoneModerationSearchRepos:\n    case ids.ToolsOzoneModerationGetAccountTimeline:\n    case ids.ToolsOzoneVerificationListVerifications:\n    case ids.ToolsOzoneVerificationGrantVerifications:\n    case ids.ToolsOzoneVerificationRevokeVerifications:\n    case ids.ToolsOzoneSafelinkAddRule:\n    case ids.ToolsOzoneSafelinkUpdateRule:\n    case ids.ToolsOzoneSafelinkRemoveRule:\n    case ids.ToolsOzoneSafelinkQueryEvents:\n    case ids.ToolsOzoneSafelinkQueryRules:\n    case ids.ToolsOzoneModerationListScheduledActions:\n    case ids.ToolsOzoneModerationCancelScheduledActions:\n    case ids.ToolsOzoneModerationScheduleAction:\n      return {\n        serviceId: 'atproto_labeler',\n        serviceInfo: ctx.cfg.modService,\n      }\n    case ids.ComAtprotoModerationCreateReport:\n      return {\n        serviceId: 'atproto_labeler',\n        serviceInfo: ctx.cfg.reportService,\n      }\n    default:\n      return {\n        serviceId: 'bsky_appview',\n        serviceInfo: ctx.cfg.bskyAppView,\n      }\n  }\n}\n\nconst safeString = (str: unknown): string | undefined => {\n  return typeof str === 'string' ? str : undefined\n}\n\nfunction logResponseError(this: ServerResponse, err: unknown): void {\n  httpLogger.warn({ err }, 'error forwarding upstream response')\n}\n"]}
+{"version":3,"file":"pipethrough.js","sourceRoot":"","sources":["../src/pipethrough.ts"],"names":[],"mappings":";;;AAqIA,kCAgEC;AAKD,wCAcC;AAED,wCAcC;AA6ID,8CAGC;AAkED,kDAWC;AA8DD,oCAEC;AApgBD,6CAA6D;AAG7D,4CAKwB;AAExB,sDAU6B;AAC7B,yDAAsE;AACtE,6CAAiD;AAEjD,iDAAwC;AACxC,qCAAqC;AAE9B,MAAM,YAAY,GAAG,CAAC,GAAe,EAAmB,EAAE;IAC/D,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,aAAa,CAAqB;QACrE,SAAS,EAAE,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC;KACtE,CAAC,CAAA;IAEF,OAAO,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC9B,eAAe;QACf,IAAI,CAAC;YACH,IACE,GAAG,CAAC,MAAM,KAAK,KAAK;gBACpB,GAAG,CAAC,MAAM,KAAK,MAAM;gBACrB,GAAG,CAAC,MAAM,KAAK,MAAM,EACrB,CAAC;gBACD,MAAM,IAAI,uBAAe,CACvB,0BAAY,CAAC,cAAc,EAC3B,0CAA0C,CAC3C,CAAA;YACH,CAAC;YAED,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;YACpD,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnC,qDAAqD;gBACrD,MAAM,IAAI,iCAAmB,CAAC,8BAA8B,CAAC,CAAA;YAC/D,CAAC;YAED,MAAM,GAAG,GAAG,IAAA,0BAAY,EAAC,GAAG,CAAC,CAAA;YAC7B,IAAI,yBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAI,iCAAmB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACnE,CAAC;YAED,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;YAErE,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;YAExE,MAAM,EAAE,WAAW,EAAE,GAAG,IAAA,gCAAkB,EAAC,UAAU,CAAC,CAAA;YAEtD,IACE,WAAW,CAAC,IAAI,KAAK,QAAQ;gBAC7B,CAAC,IAAA,+BAAkB,EAAC,WAAW,CAAC,KAAK,CAAC;gBACtC,0BAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAC3B,CAAC;gBACD,MAAM,IAAI,iCAAmB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACnE,CAAC;YAED,MAAM,OAAO,GAAwB;gBACnC,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,IAAI,UAAU;gBAC/D,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;gBACjD,yBAAyB,EAAE,GAAG,CAAC,OAAO,CAAC,yBAAyB,CAAC;gBACjE,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;gBAE7C,cAAc,EAAE,IAAI,IAAI,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC;gBACnD,kBAAkB,EAAE,IAAI,IAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC;gBAC3D,gBAAgB,EAAE,IAAI,IAAI,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC;gBAEvD,aAAa,EAAE,UAAU,MAAM,GAAG,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE;aAC/E,CAAA;YAED,MAAM,eAAe,GAA8B;gBACjD,MAAM;gBACN,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,IAAI,EAAE,GAAG,CAAC,WAAW;gBACrB,IAAI;gBACJ,OAAO;aACR,CAAA;YAED,MAAM,iBAAiB,CAAC,GAAG,EAAE,eAAe,EAAE,CAAC,QAAQ,EAAE,EAAE;gBACzD,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;gBAE/B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC5D,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;gBAC1B,CAAC;gBAED,uEAAuE;gBACvE,wEAAwE;gBACxE,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAA;gBAEjC,sEAAsE;gBACtE,OAAO,GAAG,CAAA;YACZ,CAAC,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAA;AACH,CAAC,CAAA;AAnFY,QAAA,YAAY,gBAmFxB;AAsBM,KAAK,UAAU,WAAW,CAC/B,GAAe,EACf,GAAY,EACZ,OAA4B;IAQ5B,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAClD,0EAA0E;QAC1E,2EAA2E;QAC3E,2EAA2E;QAC3E,sEAAsE;QACtE,iEAAiE;QACjE,eAAe;QACf,MAAM,IAAI,iCAAmB,CAC3B,eAAe,GAAG,CAAC,MAAM,4BAA4B,CACtD,CAAA;IACH,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,0BAAY,EAAC,GAAG,CAAC,CAAA;IAE7B,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;IAErE,MAAM,eAAe,GAA8B;QACjD,MAAM;QACN,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,IAAI,EAAE,GAAG,CAAC,WAAW;QACrB,OAAO,EAAE;YACP,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC;YACjD,yBAAyB,EAAE,GAAG,CAAC,OAAO,CAAC,yBAAyB,CAAC;YACjE,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;YAE7C,mEAAmE;YACnE,uEAAuE;YACvE,0EAA0E;YAC1E,wEAAwE;YACxE,kEAAkE;YAClE,iBAAiB,EAAE,IAAA,wCAA2B,EAC5C,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAC9B,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAC/B;YAED,aAAa,EAAE,OAAO,EAAE,GAAG;gBACzB,CAAC,CAAC,UAAU,MAAM,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,EAAE;gBAC3F,CAAC,CAAC,SAAS;SACd;QAED,mEAAmE;QACnE,uEAAuE;QACvE,gDAAgD;QAChD,aAAa,EAAE,CAAC,GAAG,KAAK,EAAE,4BAA4B;KACvD,CAAA;IAED,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,kBAAkB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAA;IAExE,OAAO;QACL,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,IAAI,kBAAkB;QACnE,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,EAAE,IAAI;KACb,CAAA;AACH,CAAC;AAED,2BAA2B;AAC3B,sBAAsB;AAEtB,SAAgB,cAAc,CAC5B,GAAe,EACf,GAAY,EACZ,GAAW;IAEX,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;IACjD,IAAI,aAAa;QAAE,OAAO,aAAa,CAAA;IAEvC,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IACxC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,IAAI,OAAO,CAAC,SAAS,EAAE,CAAA;IAC1D,CAAC;IAED,MAAM,IAAI,iCAAmB,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAA;AACnE,CAAC;AAEM,KAAK,UAAU,cAAc,CAClC,GAAe,EACf,GAAY,EACZ,GAAW;IAEX,eAAe;IAEf,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;IACjD,IAAI,aAAa;QAAE,OAAO,IAAA,wBAAgB,EAAC,GAAG,EAAE,aAAa,CAAC,CAAA;IAE9D,MAAM,EAAE,WAAW,EAAE,GAAG,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;IAChD,IAAI,WAAW;QAAE,OAAO,WAAW,CAAA;IAEnC,MAAM,IAAI,iCAAmB,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAA;AACnE,CAAC;AAEM,MAAM,gBAAgB,GAAG,KAAK;AACnC,kDAAkD;AAClD,GAA2C,EAC3C,OAAe,EACwB,EAAE;IACzC,eAAe;IAEf,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAEtC,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,iCAAmB,CAAC,kCAAkC,CAAC,CAAA;IACnE,CAAC;IAED,IAAI,SAAS,KAAK,CAAC,CAAC,IAAI,SAAS,KAAK,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,iCAAmB,CAAC,yCAAyC,CAAC,CAAA;IAC1E,CAAC;IAED,qBAAqB;IACrB,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,iCAAmB,CAAC,6BAA6B,CAAC,CAAA;IAC9D,CAAC;IAED,mBAAmB;IACnB,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,iCAAmB,CAAC,oCAAoC,CAAC,CAAA;IACrE,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAA;IAEvC,sFAAsF;IACtF,IACE,GAAG,CAAC,GAAG,CAAC,WAAW;QACnB,OAAO,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,eAAe,EACrD,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,EAAE,CAAA;IAC9C,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACpD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,iCAAmB,CAAC,6BAA6B,CAAC,CAAA;IAC9D,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IAC1C,MAAM,GAAG,GAAG,IAAA,2BAAkB,EAAC,MAAM,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;IACzD,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,iCAAmB,CAAC,yCAAyC,CAAC,CAAA;IAC1E,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;AACrB,CAAC,CAAA;AAjDY,QAAA,gBAAgB,oBAiD5B;AAED;;;;;GAKG;AACH,KAAK,UAAU,iBAAiB,CAC9B,GAAe,EACf,eAA0C,EAC1C,oBAA8C;IAE9C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,KAAK,GAAG,CAAC,UAAU;aAChB,MAAM,CAAC,eAAe,EAAE,CAAC,QAAQ,EAAE,EAAE;YACpC,IAAI,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;gBAC/B,MAAM,WAAW,GAAG,IAAI,yBAAW,EAAE,CAAA;gBAErC,KAAK,eAAe,CAAC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;oBAClE,MAAM,SAAS,GAAG,IAAI,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE;wBAC/D,KAAK,EAAE,eAAe;qBACvB,CAAC,CAAA;oBAEF,MAAM,CAAC,SAAS,CAAC,CAAA;gBACnB,CAAC,EAAE,MAAM,CAAC,CAAA;gBAEV,OAAO,WAAW,CAAA;YACpB,CAAC;YAED,MAAM,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAA;YAE/C,oEAAoE;YACpE,uEAAuE;YACvE,wEAAwE;YACxE,mEAAmE;YACnE,sEAAsE;YACtE,0CAA0C;YAC1C,OAAO,EAAE,CAAA;YAET,OAAO,QAAQ,CAAA;QACjB,CAAC,CAAC;YACF,yEAAyE;YACzE,0EAA0E;YAC1E,yEAAyE;YACzE,sEAAsE;aACrE,KAAK,CAAC,0BAA0B,CAAC;aACjC,KAAK,CAAC,MAAM,CAAC,CAAA;IAClB,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,kBAAkB,CAC/B,GAAe,EACf,eAA0C;IAE1C,4EAA4E;IAC5E,uDAAuD;IAEvD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,UAAU;SAClC,OAAO,CAAC,eAAe,CAAC;SACxB,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAEpC,IAAI,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAA;QAErE,MAAM,IAAI,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE;YACnD,KAAK,EAAE,eAAe;SACvB,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED,SAAS,0BAA0B,CACjC,GAAY,EACZ,OAAO,GAAG,8BAA8B;IAExC,mBAAU,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,OAAO,CAAC,CAAA;IAClC,MAAM,IAAI,uBAAe,CAAC,0BAAY,CAAC,eAAe,EAAE,OAAO,EAAE,SAAS,EAAE;QAC1E,KAAK,EAAE,GAAG;KACX,CAAC,CAAA;AACJ,CAAC;AAED,6BAA6B;AAC7B,sBAAsB;AAEtB,SAAgB,iBAAiB,CAAC,WAAoB;IACpD,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAA;IAClC,OAAO,8BAA8B,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;AACzD,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,OAA4B,EAC5B,QAAkB;IAElB,IAAI,iBAAiB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,KAAK,KAAK,EAAE,CAAC;QACzD,2EAA2E;QAC3E,kBAAkB;QAElB,yEAAyE;QACzE,wEAAwE;QACxE,4EAA4E;QAC5E,uEAAuE;QACvE,8DAA8D;QAE9D,qEAAqE;QACrE,4EAA4E;QAC5E,kDAAkD;QAElD,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,EAAE;YACzB,QAAQ,CAAC,OAAO,EAAE,CAAA;QACpB,CAAC,EAAE,GAAG,CAAC,CAAA;QACP,IAAA,sBAAQ,EAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE;YAC1B,YAAY,CAAC,EAAE,CAAC,CAAA;QAClB,CAAC,CAAC,CAAA;QACF,QAAQ,CAAC,MAAM,EAAE,CAAA;QAEjB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,sBAAsB,CACzC,QAAQ,EACR,OAAO,CAAC,kBAAkB,CAAC,CAC5B,CAAA;QAED,MAAM,OAAO,GAAY,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAA;QAC5D,OAAO;YACL,KAAK,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,CAAC;YACrC,OAAO,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC;SAC1C,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,wDAAwD;QACxD,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,QAAkB,EAClB,eAAmC;IAEnC,IAAI,CAAC;QACH,OAAO,MAAM,IAAA,2BAAkB,EAAC,IAAA,qBAAY,EAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAA;IAC1E,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,QAAQ,CAAC,SAAS;YAAE,QAAQ,CAAC,OAAO,EAAE,CAAA;QAE3C,MAAM,IAAI,uBAAe,CACvB,0BAAY,CAAC,eAAe,EAC5B,GAAG,YAAY,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,+BAA+B,EACxE,SAAS,EACT,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAA;IACH,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,KAA+B;IAE/B,OAAO;QACL,MAAM,EAAE,MAAM,sBAAsB,CAClC,KAAK,CAAC,MAAM,EACZ,KAAK,CAAC,OAAO,EAAE,CAAC,kBAAkB,CAAC,CACpC;QACD,OAAO,EAAE,IAAA,aAAI,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;QACpE,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAA;AACH,CAAC;AAED,8BAA8B;AAC9B,sBAAsB;AAEtB,MAAM,sBAAsB,GAAG;IAC7B,kBAAkB;IAClB,0BAA0B;IAC1B,aAAa;CACd,CAAA;AAED,QAAQ,CAAC,CAAC,eAAe,CACvB,OAA4B,EAC5B,qBAAqB,GAAG,IAAI;IAE5B,IAAI,qBAAqB,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAA;QACxC,IAAI,MAAM;YAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAA;QAE5C,MAAM,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAA;QAC5C,IAAI,QAAQ;YAAE,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAA;QAElD,MAAM,IAAI,GAAG,OAAO,CAAC,cAAc,CAAC,CAAA;QACpC,IAAI,IAAI;YAAE,MAAM,CAAC,cAAc,EAAE,IAAI,CAAC,CAAA;QAEtC,MAAM,QAAQ,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAA;QAC5C,IAAI,QAAQ;YAAE,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,sBAAsB,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvD,MAAM,IAAI,GAAG,sBAAsB,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;QAEzB,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;YAChB,MAAM,KAAK,GAAW,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;YAC9D,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QACrB,CAAC;IACH,CAAC;AACH,CAAC;AAED,QAAQ;AACR,sBAAsB;AAEtB;;;GAGG;AACH,MAAa,MAAM;IAGjB,YAAY,KAAuB;QAF3B;;;;;WAAkB;QAClB;;;;;WAA0B;QAEhC,IAAI,CAAC,KAAK,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC,CAAA;QACrD,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAA;IACvB,CAAC;IACD,GAAG,CAAC,GAAW;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;IAC1C,CAAC;IACD,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC;QAChB,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;CACF;AAbD,wBAaC;AAED,SAAgB,YAAY,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,WAAW,EAAE,CAAA;AAC1B,CAAC;AAEY,QAAA,iBAAiB,GAAG,IAAI,MAAM,CAAC;IAC1C,cAAG,CAAC,0BAA0B;IAC9B,cAAG,CAAC,8BAA8B;IAClC,cAAG,CAAC,iCAAiC;IACrC,cAAG,CAAC,qBAAqB;IACzB,cAAG,CAAC,+BAA+B;IACnC,cAAG,CAAC,mBAAmB;IACvB,cAAG,CAAC,wBAAwB;IAC5B,cAAG,CAAC,uBAAuB;IAC3B,cAAG,CAAC,uBAAuB;IAC3B,cAAG,CAAC,sBAAsB;IAC1B,cAAG,CAAC,wBAAwB;IAC5B,cAAG,CAAC,6BAA6B;IACjC,cAAG,CAAC,wBAAwB;IAC5B,cAAG,CAAC,uBAAuB;CAC5B,CAAC,CAAA;AAEW,QAAA,kBAAkB,GAAG,IAAI,MAAM,CAAC;IAC3C,GAAG,yBAAiB;IACpB,cAAG,CAAC,6BAA6B;CAClC,CAAC,CAAA;AAEF,+EAA+E;AAC/E,8EAA8E;AAC9E,8BAA8B;AACjB,QAAA,iBAAiB,GAAG,IAAI,MAAM,CAAC;IAC1C,cAAG,CAAC,wBAAwB;IAC5B,cAAG,CAAC,8CAA8C;IAClD,cAAG,CAAC,kCAAkC;IACtC,cAAG,CAAC,8BAA8B;IAClC,cAAG,CAAC,+BAA+B;IACnC,cAAG,CAAC,4BAA4B;IAChC,cAAG,CAAC,iCAAiC;IACrC,cAAG,CAAC,iCAAiC;IACrC,cAAG,CAAC,qCAAqC;IACzC,cAAG,CAAC,0BAA0B;IAC9B,cAAG,CAAC,gCAAgC;IACpC,cAAG,CAAC,oCAAoC;IACxC,cAAG,CAAC,wCAAwC;IAC5C,cAAG,CAAC,kCAAkC;IACtC,cAAG,CAAC,iCAAiC;IACrC,cAAG,CAAC,2BAA2B;CAChC,CAAC,CAAA;AAEF,MAAM,cAAc,GAAG,CACrB,GAAe,EACf,IAAY,EAIZ,EAAE;IACF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,cAAG,CAAC,uBAAuB,CAAC;QACjC,KAAK,cAAG,CAAC,0BAA0B,CAAC;QACpC,KAAK,cAAG,CAAC,0BAA0B,CAAC;QACpC,KAAK,cAAG,CAAC,yBAAyB,CAAC;QACnC,KAAK,cAAG,CAAC,qCAAqC,CAAC;QAC/C,KAAK,cAAG,CAAC,qCAAqC,CAAC;QAC/C,KAAK,cAAG,CAAC,qCAAqC,CAAC;QAC/C,KAAK,cAAG,CAAC,oCAAoC,CAAC;QAC9C,KAAK,cAAG,CAAC,6BAA6B,CAAC;QACvC,KAAK,cAAG,CAAC,4BAA4B,CAAC;QACtC,KAAK,cAAG,CAAC,6BAA6B,CAAC;QACvC,KAAK,cAAG,CAAC,2BAA2B,CAAC;QACrC,KAAK,cAAG,CAAC,+BAA+B,CAAC;QACzC,KAAK,cAAG,CAAC,iCAAiC,CAAC;QAC3C,KAAK,cAAG,CAAC,+BAA+B,CAAC;QACzC,KAAK,cAAG,CAAC,sCAAsC,CAAC;QAChD,KAAK,cAAG,CAAC,uCAAuC,CAAC;QACjD,KAAK,cAAG,CAAC,wCAAwC,CAAC;QAClD,KAAK,cAAG,CAAC,yCAAyC,CAAC;QACnD,KAAK,cAAG,CAAC,yBAAyB,CAAC;QACnC,KAAK,cAAG,CAAC,4BAA4B,CAAC;QACtC,KAAK,cAAG,CAAC,4BAA4B,CAAC;QACtC,KAAK,cAAG,CAAC,6BAA6B,CAAC;QACvC,KAAK,cAAG,CAAC,4BAA4B,CAAC;QACtC,KAAK,cAAG,CAAC,wCAAwC,CAAC;QAClD,KAAK,cAAG,CAAC,0CAA0C,CAAC;QACpD,KAAK,cAAG,CAAC,kCAAkC;YACzC,OAAO;gBACL,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,GAAG,CAAC,GAAG,CAAC,UAAU;aAChC,CAAA;QACH,KAAK,cAAG,CAAC,gCAAgC;YACvC,OAAO;gBACL,SAAS,EAAE,iBAAiB;gBAC5B,WAAW,EAAE,GAAG,CAAC,GAAG,CAAC,aAAa;aACnC,CAAA;QACH;YACE,OAAO;gBACL,SAAS,EAAE,cAAc;gBACzB,WAAW,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW;aACjC,CAAA;IACL,CAAC;AACH,CAAC,CAAA;AAED,MAAM,UAAU,GAAG,CAAC,GAAY,EAAsB,EAAE;IACtD,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;AAClD,CAAC,CAAA;AAED,SAAS,gBAAgB,CAAuB,GAAY;IAC1D,mBAAU,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,oCAAoC,CAAC,CAAA;AAChE,CAAC;AAED,MAAa,wBAAyB,SAAQ,uBAAe;IAC3D,YACW,QAGR,EACD,OAA6C,EAC7C,OAAsB;QAEtB,MAAM,MAAM,GACV,QAAQ,CAAC,UAAU,KAAK,GAAG;YACzB,CAAC,CAAC,0BAAY,CAAC,eAAe;YAC9B,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAA;QAEzB,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QAZtD;;;;mBAAS,QAAQ;WAGhB;IAUH,CAAC;IAED,IAAI,OAAO;QACT,OAAO,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,QAAQ,CAAA;IAC9C,CAAC;CACF;AAxBD,4DAwBC","sourcesContent":["import { IncomingHttpHeaders, ServerResponse } from 'node:http'\nimport { PassThrough, Readable, finished } from 'node:stream'\nimport { Request } from 'express'\nimport { Dispatcher } from 'undici'\nimport {\n  decodeStream,\n  getServiceEndpoint,\n  omit,\n  streamToNodeBuffer,\n} from '@atproto/common'\nimport { RpcPermissionMatch } from '@atproto/oauth-scopes'\nimport {\n  CatchallHandler,\n  HandlerPipeThroughBuffer,\n  HandlerPipeThroughStream,\n  InternalServerError,\n  InvalidRequestError,\n  ResponseType,\n  XRPCError as XRPCServerError,\n  excludeErrorResult,\n  parseReqNsid,\n} from '@atproto/xrpc-server'\nimport { buildProxiedContentEncoding } from '@atproto-labs/xrpc-utils'\nimport { isAccessPrivileged } from './auth-scope'\nimport { AppContext } from './context'\nimport { ids } from './lexicon/lexicons'\nimport { httpLogger } from './logger'\n\nexport const proxyHandler = (ctx: AppContext): CatchallHandler => {\n  const performAuth = ctx.authVerifier.authorization<RpcPermissionMatch>({\n    authorize: (permissions, { params }) => permissions.assertRpc(params),\n  })\n\n  return async (req, res, next) => {\n    // /!\\ Hot path\n    try {\n      if (\n        req.method !== 'GET' &&\n        req.method !== 'HEAD' &&\n        req.method !== 'POST'\n      ) {\n        throw new XRPCServerError(\n          ResponseType.InvalidRequest,\n          'XRPC requests only supports GET and POST',\n        )\n      }\n\n      const body = req.method === 'POST' ? req : undefined\n      if (body != null && !body.readable) {\n        // Body was already consumed by a previous middleware\n        throw new InternalServerError('Request body is not readable')\n      }\n\n      const lxm = parseReqNsid(req)\n      if (PROTECTED_METHODS.has(lxm)) {\n        throw new InvalidRequestError('Bad token method', 'InvalidToken')\n      }\n\n      const { url: origin, did: aud } = await parseProxyInfo(ctx, req, lxm)\n\n      const authResult = await performAuth({ req, res, params: { lxm, aud } })\n\n      const { credentials } = excludeErrorResult(authResult)\n\n      if (\n        credentials.type === 'access' &&\n        !isAccessPrivileged(credentials.scope) &&\n        PRIVILEGED_METHODS.has(lxm)\n      ) {\n        throw new InvalidRequestError('Bad token method', 'InvalidToken')\n      }\n\n      const headers: IncomingHttpHeaders = {\n        'accept-encoding': req.headers['accept-encoding'] || 'identity',\n        'accept-language': req.headers['accept-language'],\n        'atproto-accept-labelers': req.headers['atproto-accept-labelers'],\n        'x-bsky-topics': req.headers['x-bsky-topics'],\n\n        'content-type': body && req.headers['content-type'],\n        'content-encoding': body && req.headers['content-encoding'],\n        'content-length': body && req.headers['content-length'],\n\n        authorization: `Bearer ${await ctx.serviceAuthJwt(credentials.did, aud, lxm)}`,\n      }\n\n      const dispatchOptions: Dispatcher.RequestOptions = {\n        origin,\n        method: req.method,\n        path: req.originalUrl,\n        body,\n        headers,\n      }\n\n      await pipethroughStream(ctx, dispatchOptions, (upstream) => {\n        res.status(upstream.statusCode)\n\n        for (const [name, val] of responseHeaders(upstream.headers)) {\n          res.setHeader(name, val)\n        }\n\n        // Note that we should not need to manually handle errors here (e.g. by\n        // destroying the response), as the http server will handle them for us.\n        res.on('error', logResponseError)\n\n        // Tell undici to write the upstream response directly to the response\n        return res\n      })\n    } catch (err) {\n      next(err)\n    }\n  }\n}\n\nexport type PipethroughOptions = {\n  /**\n   * Specify the issuer (requester) for service auth. If not provided, no\n   * authorization headers will be added to the request.\n   */\n  iss?: string\n\n  /**\n   * Override the audience for service auth. If not provided, the audience will\n   * be determined based on the proxy service.\n   */\n  aud?: string\n\n  /**\n   * Override the lexicon method for service auth. If not provided, the lexicon\n   * method will be determined based on the request path.\n   */\n  lxm?: string\n}\n\nexport async function pipethrough(\n  ctx: AppContext,\n  req: Request,\n  options?: PipethroughOptions,\n): Promise<\n  HandlerPipeThroughStream & {\n    stream: Readable\n    headers: Record<string, string>\n    encoding: string\n  }\n> {\n  if (req.method !== 'GET' && req.method !== 'HEAD') {\n    // pipethrough() is used from within xrpcServer handlers, which means that\n    // the request body either has been parsed or is a readable stream that has\n    // been piped for decoding & size limiting. Because of this, forwarding the\n    // request body requires re-encoding it. Since we currently do not use\n    // pipethrough() with procedures, proxying of request body is not\n    // implemented.\n    throw new InternalServerError(\n      `Proxying of ${req.method} requests is not supported`,\n    )\n  }\n\n  const lxm = parseReqNsid(req)\n\n  const { url: origin, did: aud } = await parseProxyInfo(ctx, req, lxm)\n\n  const dispatchOptions: Dispatcher.RequestOptions = {\n    origin,\n    method: req.method,\n    path: req.originalUrl,\n    headers: {\n      'accept-language': req.headers['accept-language'],\n      'atproto-accept-labelers': req.headers['atproto-accept-labelers'],\n      'x-bsky-topics': req.headers['x-bsky-topics'],\n\n      // Because we sometimes need to interpret the response (e.g. during\n      // read-after-write, through asPipeThroughBuffer()), we need to ask the\n      // upstream server for an encoding that both the requester and the PDS can\n      // understand. Since we might have to do the decoding ourselves, we will\n      // use our own preferences (and weight) to negotiate the encoding.\n      'accept-encoding': buildProxiedContentEncoding(\n        req.headers['accept-encoding'],\n        ctx.cfg.proxy.preferCompressed,\n      ),\n\n      authorization: options?.iss\n        ? `Bearer ${await ctx.serviceAuthJwt(options.iss, options.aud ?? aud, options.lxm ?? lxm)}`\n        : undefined,\n    },\n\n    // Use a high water mark to buffer more data while performing async\n    // operations before this stream is consumed. This is especially useful\n    // while processing read-after-write operations.\n    highWaterMark: 2 * 65536, // twice the default (64KiB)\n  }\n\n  const { headers, body } = await pipethroughRequest(ctx, dispatchOptions)\n\n  return {\n    encoding: safeString(headers['content-type']) ?? 'application/json',\n    headers: Object.fromEntries(responseHeaders(headers)),\n    stream: body,\n  }\n}\n\n// Request setup/formatting\n// -------------------\n\nexport function computeProxyTo(\n  ctx: AppContext,\n  req: Request,\n  lxm: string,\n): string {\n  const proxyToHeader = req.header('atproto-proxy')\n  if (proxyToHeader) return proxyToHeader\n\n  const service = defaultService(ctx, lxm)\n  if (service.serviceInfo) {\n    return `${service.serviceInfo.did}#${service.serviceId}`\n  }\n\n  throw new InvalidRequestError(`No service configured for ${lxm}`)\n}\n\nexport async function parseProxyInfo(\n  ctx: AppContext,\n  req: Request,\n  lxm: string,\n): Promise<{ url: string; did: string }> {\n  // /!\\ Hot path\n\n  const proxyToHeader = req.header('atproto-proxy')\n  if (proxyToHeader) return parseProxyHeader(ctx, proxyToHeader)\n\n  const { serviceInfo } = defaultService(ctx, lxm)\n  if (serviceInfo) return serviceInfo\n\n  throw new InvalidRequestError(`No service configured for ${lxm}`)\n}\n\nexport const parseProxyHeader = async (\n  // Using subset of AppContext for testing purposes\n  ctx: Pick<AppContext, 'cfg' | 'idResolver'>,\n  proxyTo: string,\n): Promise<{ did: string; url: string }> => {\n  // /!\\ Hot path\n\n  const hashIndex = proxyTo.indexOf('#')\n\n  if (hashIndex === 0) {\n    throw new InvalidRequestError('no did specified in proxy header')\n  }\n\n  if (hashIndex === -1 || hashIndex === proxyTo.length - 1) {\n    throw new InvalidRequestError('no service id specified in proxy header')\n  }\n\n  // More than one hash\n  if (proxyTo.indexOf('#', hashIndex + 1) !== -1) {\n    throw new InvalidRequestError('invalid proxy header format')\n  }\n\n  // Basic validation\n  if (proxyTo.includes(' ')) {\n    throw new InvalidRequestError('proxy header cannot contain spaces')\n  }\n\n  const did = proxyTo.slice(0, hashIndex)\n\n  // Special case a configured appview, while still proxying correctly any other appview\n  if (\n    ctx.cfg.bskyAppView &&\n    proxyTo === `${ctx.cfg.bskyAppView.did}#bsky_appview`\n  ) {\n    return { did, url: ctx.cfg.bskyAppView.url }\n  }\n\n  const didDoc = await ctx.idResolver.did.resolve(did)\n  if (!didDoc) {\n    throw new InvalidRequestError('could not resolve proxy did')\n  }\n\n  const serviceId = proxyTo.slice(hashIndex)\n  const url = getServiceEndpoint(didDoc, { id: serviceId })\n  if (!url) {\n    throw new InvalidRequestError('could not resolve proxy did service url')\n  }\n\n  return { did, url }\n}\n\n/**\n * Utility function that wraps the undici stream() function and handles request\n * and response errors by wrapping them in XRPCError instances. This function is\n * more efficient than \"pipethroughRequest\" when a writable stream to pipe the\n * upstream response to is available.\n */\nasync function pipethroughStream(\n  ctx: AppContext,\n  dispatchOptions: Dispatcher.RequestOptions,\n  successStreamFactory: Dispatcher.StreamFactory,\n): Promise<void> {\n  return new Promise<void>((resolve, reject) => {\n    void ctx.proxyAgent\n      .stream(dispatchOptions, (upstream) => {\n        if (upstream.statusCode >= 400) {\n          const passThrough = new PassThrough()\n\n          void tryParsingError(upstream.headers, passThrough).then((parsed) => {\n            const xrpcError = new PipethroughUpstreamError(upstream, parsed, {\n              cause: dispatchOptions,\n            })\n\n            reject(xrpcError)\n          }, reject)\n\n          return passThrough\n        }\n\n        const writable = successStreamFactory(upstream)\n\n        // As soon as the control was passed to the writable stream (i.e. by\n        // returning the writable hereafter), pipethroughStream() is considered\n        // to have succeeded. Any error occurring while writing upstream data to\n        // the writable stream should be handled through the stream's error\n        // state (i.e. successStreamFactory() must ensure that error events on\n        // the returned writable will be handled).\n        resolve()\n\n        return writable\n      })\n      // The following catch block will be triggered with either network errors\n      // or writable stream errors. In the latter case, the promise will already\n      // be resolved, and reject()ing it there after will have no effect. Those\n      // error would still be logged by the successStreamFactory() function.\n      .catch(handleUpstreamRequestError)\n      .catch(reject)\n  })\n}\n\n/**\n * Utility function that wraps the undici request() function and handles request\n * and response errors by wrapping them in XRPCError instances.\n */\nasync function pipethroughRequest(\n  ctx: AppContext,\n  dispatchOptions: Dispatcher.RequestOptions,\n) {\n  // HandlerPipeThroughStream requires a readable stream to be returned, so we\n  // use the (less efficient) request() function instead.\n\n  const upstream = await ctx.proxyAgent\n    .request(dispatchOptions)\n    .catch(handleUpstreamRequestError)\n\n  if (upstream.statusCode >= 400) {\n    const parsed = await tryParsingError(upstream.headers, upstream.body)\n\n    throw new PipethroughUpstreamError(upstream, parsed, {\n      cause: dispatchOptions,\n    })\n  }\n\n  return upstream\n}\n\nfunction handleUpstreamRequestError(\n  err: unknown,\n  message = 'Upstream service unreachable',\n): never {\n  httpLogger.error({ err }, message)\n  throw new XRPCServerError(ResponseType.UpstreamFailure, message, undefined, {\n    cause: err,\n  })\n}\n\n// Request parsing/forwarding\n// -------------------\n\nexport function isJsonContentType(contentType?: string): boolean | undefined {\n  if (!contentType) return undefined\n  return /application\\/(?:\\w+\\+)?json/i.test(contentType)\n}\n\nasync function tryParsingError(\n  headers: IncomingHttpHeaders,\n  readable: Readable,\n): Promise<{ error?: string; message?: string }> {\n  if (isJsonContentType(headers['content-type']) === false) {\n    // We don't known how to parse non JSON content types so we can discard the\n    // whole response.\n\n    // Since we don't care about the response, we would normally just destroy\n    // the stream. However, if the underlying HTTP connection is an HTTP/1.1\n    // connection, this also destroys the underlying (keep-alive) TCP socket. In\n    // order to avoid destroying the TCP socket, while avoiding the cost of\n    // consuming too much IO, we give it a chance to finish first.\n\n    // @NOTE we need to listen (and ignore) \"error\" events, otherwise the\n    // process could crash (since we drain the stream asynchronously here). This\n    // is performed through the \"finished\" call below.\n\n    const to = setTimeout(() => {\n      readable.destroy()\n    }, 100)\n    finished(readable, (_err) => {\n      clearTimeout(to)\n    })\n    readable.resume()\n\n    return {}\n  }\n\n  try {\n    const buffer = await bufferUpstreamResponse(\n      readable,\n      headers['content-encoding'],\n    )\n\n    const errInfo: unknown = JSON.parse(buffer.toString('utf8'))\n    return {\n      error: safeString(errInfo?.['error']),\n      message: safeString(errInfo?.['message']),\n    }\n  } catch (err) {\n    // Failed to read, decode, buffer or parse. No big deal.\n    return {}\n  }\n}\n\nasync function bufferUpstreamResponse(\n  readable: Readable,\n  contentEncoding?: string | string[],\n): Promise<Buffer> {\n  try {\n    return await streamToNodeBuffer(decodeStream(readable, contentEncoding))\n  } catch (err) {\n    if (!readable.destroyed) readable.destroy()\n\n    throw new XRPCServerError(\n      ResponseType.UpstreamFailure,\n      err instanceof TypeError ? err.message : 'unable to decode request body',\n      undefined,\n      { cause: err },\n    )\n  }\n}\n\nexport async function asPipeThroughBuffer(\n  input: HandlerPipeThroughStream,\n): Promise<HandlerPipeThroughBuffer> {\n  return {\n    buffer: await bufferUpstreamResponse(\n      input.stream,\n      input.headers?.['content-encoding'],\n    ),\n    headers: omit(input.headers, ['content-encoding', 'content-length']),\n    encoding: input.encoding,\n  }\n}\n\n// Response parsing/forwarding\n// -------------------\n\nconst RES_HEADERS_TO_FORWARD = [\n  'atproto-repo-rev',\n  'atproto-content-labelers',\n  'retry-after',\n]\n\nfunction* responseHeaders(\n  headers: IncomingHttpHeaders,\n  includeContentHeaders = true,\n): Generator<[string, string]> {\n  if (includeContentHeaders) {\n    const length = headers['content-length']\n    if (length) yield ['content-length', length]\n\n    const encoding = headers['content-encoding']\n    if (encoding) yield ['content-encoding', encoding]\n\n    const type = headers['content-type']\n    if (type) yield ['content-type', type]\n\n    const language = headers['content-language']\n    if (language) yield ['content-language', language]\n  }\n\n  for (let i = 0; i < RES_HEADERS_TO_FORWARD.length; i++) {\n    const name = RES_HEADERS_TO_FORWARD[i]\n    const val = headers[name]\n\n    if (val != null) {\n      const value: string = Array.isArray(val) ? val.join(',') : val\n      yield [name, value]\n    }\n  }\n}\n\n// Utils\n// -------------------\n\n/**\n * Performs lexicon method matching on a set of methods,\n * taking into account that they are treated case-insensitively.\n */\nexport class LxmSet {\n  private inner: Set<string>\n  private original: Iterable<string>\n  constructor(items: Iterable<string>) {\n    this.inner = new Set(Array.from(items, normalizeLxm))\n    this.original = items\n  }\n  has(lxm: string) {\n    return this.inner.has(normalizeLxm(lxm))\n  }\n  *[Symbol.iterator](): Iterator<string> {\n    yield* this.original\n  }\n}\n\nexport function normalizeLxm(lxm: string) {\n  return lxm.toLowerCase()\n}\n\nexport const CHAT_BSKY_METHODS = new LxmSet([\n  ids.ChatBskyActorDeleteAccount,\n  ids.ChatBskyActorExportAccountData,\n  ids.ChatBskyConvoDeleteMessageForSelf,\n  ids.ChatBskyConvoGetConvo,\n  ids.ChatBskyConvoGetConvoForMembers,\n  ids.ChatBskyConvoGetLog,\n  ids.ChatBskyConvoGetMessages,\n  ids.ChatBskyConvoLeaveConvo,\n  ids.ChatBskyConvoListConvos,\n  ids.ChatBskyConvoMuteConvo,\n  ids.ChatBskyConvoSendMessage,\n  ids.ChatBskyConvoSendMessageBatch,\n  ids.ChatBskyConvoUnmuteConvo,\n  ids.ChatBskyConvoUpdateRead,\n])\n\nexport const PRIVILEGED_METHODS = new LxmSet([\n  ...CHAT_BSKY_METHODS,\n  ids.ComAtprotoServerCreateAccount,\n])\n\n// These endpoints are related to account management and must be used directly,\n// not proxied or service-authed. Service auth may be utilized between PDS and\n// entryway for these methods.\nexport const PROTECTED_METHODS = new LxmSet([\n  ids.ComAtprotoAdminSendEmail,\n  ids.ComAtprotoIdentityRequestPlcOperationSignature,\n  ids.ComAtprotoIdentitySignPlcOperation,\n  ids.ComAtprotoIdentityUpdateHandle,\n  ids.ComAtprotoServerActivateAccount,\n  ids.ComAtprotoServerConfirmEmail,\n  ids.ComAtprotoServerCreateAppPassword,\n  ids.ComAtprotoServerDeactivateAccount,\n  ids.ComAtprotoServerGetAccountInviteCodes,\n  ids.ComAtprotoServerGetSession,\n  ids.ComAtprotoServerListAppPasswords,\n  ids.ComAtprotoServerRequestAccountDelete,\n  ids.ComAtprotoServerRequestEmailConfirmation,\n  ids.ComAtprotoServerRequestEmailUpdate,\n  ids.ComAtprotoServerRevokeAppPassword,\n  ids.ComAtprotoServerUpdateEmail,\n])\n\nconst defaultService = (\n  ctx: AppContext,\n  nsid: string,\n): {\n  serviceId: string\n  serviceInfo: { url: string; did: string } | null\n} => {\n  switch (nsid) {\n    case ids.ToolsOzoneTeamAddMember:\n    case ids.ToolsOzoneTeamDeleteMember:\n    case ids.ToolsOzoneTeamUpdateMember:\n    case ids.ToolsOzoneTeamListMembers:\n    case ids.ToolsOzoneCommunicationCreateTemplate:\n    case ids.ToolsOzoneCommunicationDeleteTemplate:\n    case ids.ToolsOzoneCommunicationUpdateTemplate:\n    case ids.ToolsOzoneCommunicationListTemplates:\n    case ids.ToolsOzoneModerationEmitEvent:\n    case ids.ToolsOzoneModerationGetEvent:\n    case ids.ToolsOzoneModerationGetRecord:\n    case ids.ToolsOzoneModerationGetRepo:\n    case ids.ToolsOzoneModerationQueryEvents:\n    case ids.ToolsOzoneModerationQueryStatuses:\n    case ids.ToolsOzoneModerationSearchRepos:\n    case ids.ToolsOzoneModerationGetAccountTimeline:\n    case ids.ToolsOzoneVerificationListVerifications:\n    case ids.ToolsOzoneVerificationGrantVerifications:\n    case ids.ToolsOzoneVerificationRevokeVerifications:\n    case ids.ToolsOzoneSafelinkAddRule:\n    case ids.ToolsOzoneSafelinkUpdateRule:\n    case ids.ToolsOzoneSafelinkRemoveRule:\n    case ids.ToolsOzoneSafelinkQueryEvents:\n    case ids.ToolsOzoneSafelinkQueryRules:\n    case ids.ToolsOzoneModerationListScheduledActions:\n    case ids.ToolsOzoneModerationCancelScheduledActions:\n    case ids.ToolsOzoneModerationScheduleAction:\n      return {\n        serviceId: 'atproto_labeler',\n        serviceInfo: ctx.cfg.modService,\n      }\n    case ids.ComAtprotoModerationCreateReport:\n      return {\n        serviceId: 'atproto_labeler',\n        serviceInfo: ctx.cfg.reportService,\n      }\n    default:\n      return {\n        serviceId: 'bsky_appview',\n        serviceInfo: ctx.cfg.bskyAppView,\n      }\n  }\n}\n\nconst safeString = (str: unknown): string | undefined => {\n  return typeof str === 'string' ? str : undefined\n}\n\nfunction logResponseError(this: ServerResponse, err: unknown): void {\n  httpLogger.warn({ err }, 'error forwarding upstream response')\n}\n\nexport class PipethroughUpstreamError extends XRPCServerError {\n  constructor(\n    readonly upstream: {\n      statusCode: number\n      headers: IncomingHttpHeaders\n    },\n    payload: { message?: string; error?: string },\n    options?: ErrorOptions,\n  ) {\n    const status =\n      upstream.statusCode === 500\n        ? ResponseType.UpstreamFailure\n        : upstream.statusCode\n\n    super(status, payload.message, payload.error, options)\n  }\n\n  get headers(): Record<string, string> {\n    return Object.fromEntries(responseHeaders(this.upstream.headers, false))\n  }\n\n  get error() {\n    return this.customErrorName ?? this.typeName\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/pds",
-  "version": "0.4.211",
+  "version": "0.4.213",
   "license": "MIT",
   "description": "Reference implementation of atproto Personal Data Server (PDS)",
   "keywords": [
@@ -48,23 +48,23 @@
     "zod": "^3.23.8",
     "@atproto-labs/fetch-node": "^0.2.0",
     "@atproto-labs/simple-store": "^0.3.0",
-    "@atproto-labs/simple-store-redis": "^0.0.1",
     "@atproto-labs/simple-store-memory": "^0.1.4",
+    "@atproto-labs/simple-store-redis": "^0.0.1",
     "@atproto-labs/xrpc-utils": "^0.0.24",
-    "@atproto/api": "^0.18.21",
+    "@atproto/api": "^0.19.1",
     "@atproto/aws": "^0.2.31",
+    "@atproto/common": "^0.5.14",
     "@atproto/crypto": "^0.4.5",
-    "@atproto/common": "^0.5.13",
     "@atproto/identity": "^0.4.12",
-    "@atproto/lex-cbor": "^0.0.13",
-    "@atproto/lex-data": "^0.0.12",
-    "@atproto/lexicon": "^0.6.1",
-    "@atproto/oauth-provider": "^0.15.10",
-    "@atproto/oauth-scopes": "^0.3.1",
+    "@atproto/lex-cbor": "^0.0.14",
+    "@atproto/lex-data": "^0.0.13",
+    "@atproto/lexicon": "^0.6.2",
+    "@atproto/oauth-provider": "^0.15.12",
+    "@atproto/oauth-scopes": "^0.3.2",
     "@atproto/repo": "^0.8.12",
-    "@atproto/syntax": "^0.4.3",
+    "@atproto/syntax": "^0.5.0",
     "@atproto/xrpc": "^0.7.7",
-    "@atproto/xrpc-server": "^0.10.14"
+    "@atproto/xrpc-server": "^0.10.15"
   },
   "devDependencies": {
     "@atproto/pds-entryway": "npm:@atproto/pds@0.3.0-entryway.3",
@@ -82,9 +82,9 @@
     "ts-node": "^10.8.2",
     "typescript": "^5.6.3",
     "ws": "^8.12.0",
-    "@atproto/api": "^0.18.21",
-    "@atproto/bsky": "^0.0.216",
-    "@atproto/lex-cli": "^0.9.8",
+    "@atproto/api": "^0.19.1",
+    "@atproto/bsky": "^0.0.218",
+    "@atproto/lex-cli": "^0.9.9",
     "@atproto/oauth-client-browser-example": "^0.0.10"
   },
   "scripts": {

package/src/api/app/bsky/feed/getPostThread.ts

@@ -1,6 +1,5 @@
 import assert from 'node:assert'
 import { AtUri } from '@atproto/syntax'
-import { XRPCError } from '@atproto/xrpc'
 import { AppContext } from '../../../../context'
 import { Server } from '../../../../lexicon'
 import { ids } from '../../../../lexicon/lexicons'
@@ -14,7 +13,10 @@ import {
 } from '../../../../lexicon/types/app/bsky/feed/getPostThread'
 import { Record as PostRecord } from '../../../../lexicon/types/app/bsky/feed/post'
 import { $Typed } from '../../../../lexicon/util'
-import { computeProxyTo } from '../../../../pipethrough'
+import {
+  PipethroughUpstreamError,
+  computeProxyTo,
+} from '../../../../pipethrough'
 import {
   LocalRecords,
   LocalViewer,
@@ -40,11 +42,14 @@ export default function (server: Server, ctx: AppContext) {
       try {
         return await pipethroughReadAfterWrite(ctx, reqCtx, getPostThreadMunge)
       } catch (err) {
-        if (err instanceof XRPCError && err.error === 'NotFound') {
+        if (
+          err instanceof PipethroughUpstreamError &&
+          err.error === 'NotFound'
+        ) {
           const { auth, params } = reqCtx
           const requester = auth.credentials.did
 
-          const rev = err.headers && getRepoRev(err.headers)
+          const rev = getRepoRev(err.headers)
           if (!rev) throw err
 
           const uri = new AtUri(params.uri)

package/src/lexicon/lexicons.ts

@@ -4947,6 +4947,10 @@ export const schemaDict = {
             type: 'object',
             required: ['interactions'],
             properties: {
+              feed: {
+                type: 'string',
+                format: 'at-uri',
+              },
               interactions: {
                 type: 'array',
                 items: {

package/src/lexicon/types/app/bsky/feed/sendInteractions.ts

@@ -18,6 +18,7 @@ const id = 'app.bsky.feed.sendInteractions'
 export type QueryParams = {}
 
 export interface InputSchema {
+  feed?: string
   interactions: AppBskyFeedDefs.Interaction[]
 }
 

package/src/pipethrough.ts

@@ -9,13 +9,13 @@ import {
   streamToNodeBuffer,
 } from '@atproto/common'
 import { RpcPermissionMatch } from '@atproto/oauth-scopes'
-import { ResponseType, XRPCError as XRPCClientError } from '@atproto/xrpc'
 import {
   CatchallHandler,
   HandlerPipeThroughBuffer,
   HandlerPipeThroughStream,
   InternalServerError,
   InvalidRequestError,
+  ResponseType,
   XRPCError as XRPCServerError,
   excludeErrorResult,
   parseReqNsid,
@@ -301,15 +301,9 @@ async function pipethroughStream(
           const passThrough = new PassThrough()
 
           void tryParsingError(upstream.headers, passThrough).then((parsed) => {
-            const xrpcError = new XRPCClientError(
-              upstream.statusCode === 500
-                ? ResponseType.UpstreamFailure
-                : upstream.statusCode,
-              parsed.error,
-              parsed.message,
-              Object.fromEntries(responseHeaders(upstream.headers, false)),
-              { cause: dispatchOptions },
-            )
+            const xrpcError = new PipethroughUpstreamError(upstream, parsed, {
+              cause: dispatchOptions,
+            })
 
             reject(xrpcError)
           }, reject)
@@ -356,18 +350,9 @@ async function pipethroughRequest(
   if (upstream.statusCode >= 400) {
     const parsed = await tryParsingError(upstream.headers, upstream.body)
 
-    // Note "XRPCClientError" is used instead of "XRPCServerError" in order to
-    // allow users of this function to capture & handle these errors (namely in
-    // "app.bsky.feed.getPostThread").
-    throw new XRPCClientError(
-      upstream.statusCode === 500
-        ? ResponseType.UpstreamFailure
-        : upstream.statusCode,
-      parsed.error,
-      parsed.message,
-      Object.fromEntries(responseHeaders(upstream.headers, false)),
-      { cause: dispatchOptions },
-    )
+    throw new PipethroughUpstreamError(upstream, parsed, {
+      cause: dispatchOptions,
+    })
   }
 
   return upstream
@@ -635,3 +620,29 @@ const safeString = (str: unknown): string | undefined => {
 function logResponseError(this: ServerResponse, err: unknown): void {
   httpLogger.warn({ err }, 'error forwarding upstream response')
 }
+
+export class PipethroughUpstreamError extends XRPCServerError {
+  constructor(
+    readonly upstream: {
+      statusCode: number
+      headers: IncomingHttpHeaders
+    },
+    payload: { message?: string; error?: string },
+    options?: ErrorOptions,
+  ) {
+    const status =
+      upstream.statusCode === 500
+        ? ResponseType.UpstreamFailure
+        : upstream.statusCode
+
+    super(status, payload.message, payload.error, options)
+  }
+
+  get headers(): Record<string, string> {
+    return Object.fromEntries(responseHeaders(this.upstream.headers, false))
+  }
+
+  get error() {
+    return this.customErrorName ?? this.typeName
+  }
+}