@atproto/pds 0.4.218 → 0.4.220

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (275) hide show
  1. package/CHANGELOG.md +23 -0
  2. package/dist/account-manager/account-manager.d.ts +17 -0
  3. package/dist/account-manager/account-manager.d.ts.map +1 -1
  4. package/dist/account-manager/account-manager.js +27 -3
  5. package/dist/account-manager/account-manager.js.map +1 -1
  6. package/dist/account-manager/oauth-store.d.ts.map +1 -1
  7. package/dist/account-manager/oauth-store.js +9 -1
  8. package/dist/account-manager/oauth-store.js.map +1 -1
  9. package/dist/config/config.d.ts.map +1 -1
  10. package/dist/config/config.js +7 -3
  11. package/dist/config/config.js.map +1 -1
  12. package/dist/config/env.d.ts +4 -0
  13. package/dist/config/env.d.ts.map +1 -1
  14. package/dist/config/env.js +4 -0
  15. package/dist/config/env.js.map +1 -1
  16. package/dist/lexicons/chat/bsky/actor/declaration.defs.d.ts +14 -0
  17. package/dist/lexicons/chat/bsky/actor/declaration.defs.d.ts.map +1 -1
  18. package/dist/lexicons/chat/bsky/actor/declaration.defs.js +1 -0
  19. package/dist/lexicons/chat/bsky/actor/declaration.defs.js.map +1 -1
  20. package/dist/lexicons/chat/bsky/actor/defs.defs.d.ts +35 -0
  21. package/dist/lexicons/chat/bsky/actor/defs.defs.d.ts.map +1 -1
  22. package/dist/lexicons/chat/bsky/actor/defs.defs.js +17 -1
  23. package/dist/lexicons/chat/bsky/actor/defs.defs.js.map +1 -1
  24. package/dist/lexicons/chat/bsky/authFullChatClient.defs.js +1 -1
  25. package/dist/lexicons/chat/bsky/authFullChatClient.defs.js.map +1 -1
  26. package/dist/lexicons/chat/bsky/convo/acceptConvo.defs.d.ts +2 -1
  27. package/dist/lexicons/chat/bsky/convo/acceptConvo.defs.d.ts.map +1 -1
  28. package/dist/lexicons/chat/bsky/convo/acceptConvo.defs.js +2 -1
  29. package/dist/lexicons/chat/bsky/convo/acceptConvo.defs.js.map +1 -1
  30. package/dist/lexicons/chat/bsky/convo/addReaction.defs.d.ts +1 -1
  31. package/dist/lexicons/chat/bsky/convo/addReaction.defs.d.ts.map +1 -1
  32. package/dist/lexicons/chat/bsky/convo/addReaction.defs.js +7 -1
  33. package/dist/lexicons/chat/bsky/convo/addReaction.defs.js.map +1 -1
  34. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts +430 -3
  35. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts.map +1 -1
  36. package/dist/lexicons/chat/bsky/convo/defs.defs.js +234 -2
  37. package/dist/lexicons/chat/bsky/convo/defs.defs.js.map +1 -1
  38. package/dist/lexicons/chat/bsky/convo/deleteMessageForSelf.defs.d.ts +2 -1
  39. package/dist/lexicons/chat/bsky/convo/deleteMessageForSelf.defs.d.ts.map +1 -1
  40. package/dist/lexicons/chat/bsky/convo/deleteMessageForSelf.defs.js +2 -1
  41. package/dist/lexicons/chat/bsky/convo/deleteMessageForSelf.defs.js.map +1 -1
  42. package/dist/lexicons/chat/bsky/convo/getConvo.defs.d.ts +2 -1
  43. package/dist/lexicons/chat/bsky/convo/getConvo.defs.d.ts.map +1 -1
  44. package/dist/lexicons/chat/bsky/convo/getConvo.defs.js +2 -1
  45. package/dist/lexicons/chat/bsky/convo/getConvo.defs.js.map +1 -1
  46. package/dist/lexicons/chat/bsky/convo/getConvoAvailability.defs.d.ts +1 -1
  47. package/dist/lexicons/chat/bsky/convo/getConvoAvailability.defs.d.ts.map +1 -1
  48. package/dist/lexicons/chat/bsky/convo/getConvoAvailability.defs.js +1 -1
  49. package/dist/lexicons/chat/bsky/convo/getConvoAvailability.defs.js.map +1 -1
  50. package/dist/lexicons/chat/bsky/convo/getConvoForMembers.defs.d.ts +2 -1
  51. package/dist/lexicons/chat/bsky/convo/getConvoForMembers.defs.d.ts.map +1 -1
  52. package/dist/lexicons/chat/bsky/convo/getConvoForMembers.defs.js +8 -1
  53. package/dist/lexicons/chat/bsky/convo/getConvoForMembers.defs.js.map +1 -1
  54. package/dist/lexicons/chat/bsky/convo/getLog.defs.d.ts +2 -2
  55. package/dist/lexicons/chat/bsky/convo/getLog.defs.d.ts.map +1 -1
  56. package/dist/lexicons/chat/bsky/convo/getLog.defs.js +17 -0
  57. package/dist/lexicons/chat/bsky/convo/getLog.defs.js.map +1 -1
  58. package/dist/lexicons/chat/bsky/convo/getMessages.defs.d.ts +4 -3
  59. package/dist/lexicons/chat/bsky/convo/getMessages.defs.d.ts.map +1 -1
  60. package/dist/lexicons/chat/bsky/convo/getMessages.defs.js +3 -1
  61. package/dist/lexicons/chat/bsky/convo/getMessages.defs.js.map +1 -1
  62. package/dist/lexicons/chat/bsky/convo/leaveConvo.defs.d.ts +2 -1
  63. package/dist/lexicons/chat/bsky/convo/leaveConvo.defs.d.ts.map +1 -1
  64. package/dist/lexicons/chat/bsky/convo/leaveConvo.defs.js +2 -1
  65. package/dist/lexicons/chat/bsky/convo/leaveConvo.defs.js.map +1 -1
  66. package/dist/lexicons/chat/bsky/convo/listConvoRequests.d.ts +3 -0
  67. package/dist/lexicons/chat/bsky/convo/listConvoRequests.d.ts.map +1 -0
  68. package/dist/lexicons/chat/bsky/convo/listConvoRequests.defs.d.ts +25 -0
  69. package/dist/lexicons/chat/bsky/convo/listConvoRequests.defs.d.ts.map +1 -0
  70. package/dist/lexicons/chat/bsky/convo/listConvoRequests.defs.js +58 -0
  71. package/dist/lexicons/chat/bsky/convo/listConvoRequests.defs.js.map +1 -0
  72. package/dist/lexicons/chat/bsky/convo/listConvoRequests.js +45 -0
  73. package/dist/lexicons/chat/bsky/convo/listConvoRequests.js.map +1 -0
  74. package/dist/lexicons/chat/bsky/convo/listConvos.defs.d.ts +7 -0
  75. package/dist/lexicons/chat/bsky/convo/listConvos.defs.d.ts.map +1 -1
  76. package/dist/lexicons/chat/bsky/convo/listConvos.defs.js +2 -0
  77. package/dist/lexicons/chat/bsky/convo/listConvos.defs.js.map +1 -1
  78. package/dist/lexicons/chat/bsky/convo/lockConvo.d.ts +3 -0
  79. package/dist/lexicons/chat/bsky/convo/lockConvo.d.ts.map +1 -0
  80. package/dist/lexicons/chat/bsky/convo/lockConvo.defs.d.ts +22 -0
  81. package/dist/lexicons/chat/bsky/convo/lockConvo.defs.d.ts.map +1 -0
  82. package/dist/lexicons/chat/bsky/convo/lockConvo.defs.js +50 -0
  83. package/dist/lexicons/chat/bsky/convo/lockConvo.defs.js.map +1 -0
  84. package/dist/lexicons/chat/bsky/convo/lockConvo.js +45 -0
  85. package/dist/lexicons/chat/bsky/convo/lockConvo.js.map +1 -0
  86. package/dist/lexicons/chat/bsky/convo/muteConvo.defs.d.ts +2 -1
  87. package/dist/lexicons/chat/bsky/convo/muteConvo.defs.d.ts.map +1 -1
  88. package/dist/lexicons/chat/bsky/convo/muteConvo.defs.js +2 -1
  89. package/dist/lexicons/chat/bsky/convo/muteConvo.defs.js.map +1 -1
  90. package/dist/lexicons/chat/bsky/convo/removeReaction.defs.d.ts +1 -1
  91. package/dist/lexicons/chat/bsky/convo/removeReaction.defs.d.ts.map +1 -1
  92. package/dist/lexicons/chat/bsky/convo/removeReaction.defs.js +6 -1
  93. package/dist/lexicons/chat/bsky/convo/removeReaction.defs.js.map +1 -1
  94. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.d.ts +2 -1
  95. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.d.ts.map +1 -1
  96. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.js +2 -1
  97. package/dist/lexicons/chat/bsky/convo/sendMessage.defs.js.map +1 -1
  98. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.d.ts +2 -1
  99. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.d.ts.map +1 -1
  100. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.js +2 -1
  101. package/dist/lexicons/chat/bsky/convo/sendMessageBatch.defs.js.map +1 -1
  102. package/dist/lexicons/chat/bsky/convo/unlockConvo.d.ts +3 -0
  103. package/dist/lexicons/chat/bsky/convo/unlockConvo.d.ts.map +1 -0
  104. package/dist/lexicons/chat/bsky/convo/unlockConvo.defs.d.ts +22 -0
  105. package/dist/lexicons/chat/bsky/convo/unlockConvo.defs.d.ts.map +1 -0
  106. package/dist/lexicons/chat/bsky/convo/unlockConvo.defs.js +50 -0
  107. package/dist/lexicons/chat/bsky/convo/unlockConvo.defs.js.map +1 -0
  108. package/dist/lexicons/chat/bsky/convo/unlockConvo.js +45 -0
  109. package/dist/lexicons/chat/bsky/convo/unlockConvo.js.map +1 -0
  110. package/dist/lexicons/chat/bsky/convo/unmuteConvo.defs.d.ts +2 -1
  111. package/dist/lexicons/chat/bsky/convo/unmuteConvo.defs.d.ts.map +1 -1
  112. package/dist/lexicons/chat/bsky/convo/unmuteConvo.defs.js +2 -1
  113. package/dist/lexicons/chat/bsky/convo/unmuteConvo.defs.js.map +1 -1
  114. package/dist/lexicons/chat/bsky/convo/updateAllRead.defs.d.ts +1 -0
  115. package/dist/lexicons/chat/bsky/convo/updateAllRead.defs.d.ts.map +1 -1
  116. package/dist/lexicons/chat/bsky/convo/updateAllRead.defs.js +1 -0
  117. package/dist/lexicons/chat/bsky/convo/updateAllRead.defs.js.map +1 -1
  118. package/dist/lexicons/chat/bsky/convo/updateRead.defs.d.ts +2 -1
  119. package/dist/lexicons/chat/bsky/convo/updateRead.defs.d.ts.map +1 -1
  120. package/dist/lexicons/chat/bsky/convo/updateRead.defs.js +2 -1
  121. package/dist/lexicons/chat/bsky/convo/updateRead.defs.js.map +1 -1
  122. package/dist/lexicons/chat/bsky/convo.d.ts +3 -0
  123. package/dist/lexicons/chat/bsky/convo.d.ts.map +1 -1
  124. package/dist/lexicons/chat/bsky/convo.js +4 -1
  125. package/dist/lexicons/chat/bsky/convo.js.map +1 -1
  126. package/dist/lexicons/chat/bsky/group/addMembers.d.ts +3 -0
  127. package/dist/lexicons/chat/bsky/group/addMembers.d.ts.map +1 -0
  128. package/dist/lexicons/chat/bsky/group/addMembers.defs.d.ts +28 -0
  129. package/dist/lexicons/chat/bsky/group/addMembers.defs.d.ts.map +1 -0
  130. package/dist/lexicons/chat/bsky/group/addMembers.defs.js +63 -0
  131. package/dist/lexicons/chat/bsky/group/addMembers.defs.js.map +1 -0
  132. package/dist/lexicons/chat/bsky/group/addMembers.js +45 -0
  133. package/dist/lexicons/chat/bsky/group/addMembers.js.map +1 -0
  134. package/dist/lexicons/chat/bsky/group/approveJoinRequest.d.ts +3 -0
  135. package/dist/lexicons/chat/bsky/group/approveJoinRequest.d.ts.map +1 -0
  136. package/dist/lexicons/chat/bsky/group/approveJoinRequest.defs.d.ts +28 -0
  137. package/dist/lexicons/chat/bsky/group/approveJoinRequest.defs.d.ts.map +1 -0
  138. package/dist/lexicons/chat/bsky/group/approveJoinRequest.defs.js +50 -0
  139. package/dist/lexicons/chat/bsky/group/approveJoinRequest.defs.js.map +1 -0
  140. package/dist/lexicons/chat/bsky/group/approveJoinRequest.js +45 -0
  141. package/dist/lexicons/chat/bsky/group/approveJoinRequest.js.map +1 -0
  142. package/dist/lexicons/chat/bsky/group/createGroup.d.ts +3 -0
  143. package/dist/lexicons/chat/bsky/group/createGroup.d.ts.map +1 -0
  144. package/dist/lexicons/chat/bsky/group/createGroup.defs.d.ts +36 -0
  145. package/dist/lexicons/chat/bsky/group/createGroup.defs.d.ts.map +1 -0
  146. package/dist/lexicons/chat/bsky/group/createGroup.defs.js +59 -0
  147. package/dist/lexicons/chat/bsky/group/createGroup.defs.js.map +1 -0
  148. package/dist/lexicons/chat/bsky/group/createGroup.js +45 -0
  149. package/dist/lexicons/chat/bsky/group/createGroup.js.map +1 -0
  150. package/dist/lexicons/chat/bsky/group/createJoinLink.d.ts +3 -0
  151. package/dist/lexicons/chat/bsky/group/createJoinLink.d.ts.map +1 -0
  152. package/dist/lexicons/chat/bsky/group/createJoinLink.defs.d.ts +26 -0
  153. package/dist/lexicons/chat/bsky/group/createJoinLink.defs.d.ts.map +1 -0
  154. package/dist/lexicons/chat/bsky/group/createJoinLink.defs.js +54 -0
  155. package/dist/lexicons/chat/bsky/group/createJoinLink.defs.js.map +1 -0
  156. package/dist/lexicons/chat/bsky/group/createJoinLink.js +45 -0
  157. package/dist/lexicons/chat/bsky/group/createJoinLink.js.map +1 -0
  158. package/dist/lexicons/chat/bsky/group/defs.d.ts +3 -0
  159. package/dist/lexicons/chat/bsky/group/defs.d.ts.map +1 -0
  160. package/dist/lexicons/chat/bsky/group/defs.defs.d.ts +47 -0
  161. package/dist/lexicons/chat/bsky/group/defs.defs.d.ts.map +1 -0
  162. package/dist/lexicons/chat/bsky/group/defs.defs.js +69 -0
  163. package/dist/lexicons/chat/bsky/group/defs.defs.js.map +1 -0
  164. package/dist/lexicons/chat/bsky/group/defs.js +45 -0
  165. package/dist/lexicons/chat/bsky/group/defs.js.map +1 -0
  166. package/dist/lexicons/chat/bsky/group/disableJoinLink.d.ts +3 -0
  167. package/dist/lexicons/chat/bsky/group/disableJoinLink.d.ts.map +1 -0
  168. package/dist/lexicons/chat/bsky/group/disableJoinLink.defs.d.ts +22 -0
  169. package/dist/lexicons/chat/bsky/group/disableJoinLink.defs.d.ts.map +1 -0
  170. package/dist/lexicons/chat/bsky/group/disableJoinLink.defs.js +50 -0
  171. package/dist/lexicons/chat/bsky/group/disableJoinLink.defs.js.map +1 -0
  172. package/dist/lexicons/chat/bsky/group/disableJoinLink.js +45 -0
  173. package/dist/lexicons/chat/bsky/group/disableJoinLink.js.map +1 -0
  174. package/dist/lexicons/chat/bsky/group/editGroup.d.ts +3 -0
  175. package/dist/lexicons/chat/bsky/group/editGroup.d.ts.map +1 -0
  176. package/dist/lexicons/chat/bsky/group/editGroup.defs.d.ts +32 -0
  177. package/dist/lexicons/chat/bsky/group/editGroup.defs.d.ts.map +1 -0
  178. package/dist/lexicons/chat/bsky/group/editGroup.defs.js +53 -0
  179. package/dist/lexicons/chat/bsky/group/editGroup.defs.js.map +1 -0
  180. package/dist/lexicons/chat/bsky/group/editGroup.js +45 -0
  181. package/dist/lexicons/chat/bsky/group/editGroup.js.map +1 -0
  182. package/dist/lexicons/chat/bsky/group/editJoinLink.d.ts +3 -0
  183. package/dist/lexicons/chat/bsky/group/editJoinLink.d.ts.map +1 -0
  184. package/dist/lexicons/chat/bsky/group/editJoinLink.defs.d.ts +26 -0
  185. package/dist/lexicons/chat/bsky/group/editJoinLink.defs.d.ts.map +1 -0
  186. package/dist/lexicons/chat/bsky/group/editJoinLink.defs.js +54 -0
  187. package/dist/lexicons/chat/bsky/group/editJoinLink.defs.js.map +1 -0
  188. package/dist/lexicons/chat/bsky/group/editJoinLink.js +45 -0
  189. package/dist/lexicons/chat/bsky/group/editJoinLink.js.map +1 -0
  190. package/dist/lexicons/chat/bsky/group/enableJoinLink.d.ts +3 -0
  191. package/dist/lexicons/chat/bsky/group/enableJoinLink.d.ts.map +1 -0
  192. package/dist/lexicons/chat/bsky/group/enableJoinLink.defs.d.ts +22 -0
  193. package/dist/lexicons/chat/bsky/group/enableJoinLink.defs.d.ts.map +1 -0
  194. package/dist/lexicons/chat/bsky/group/enableJoinLink.defs.js +50 -0
  195. package/dist/lexicons/chat/bsky/group/enableJoinLink.defs.js.map +1 -0
  196. package/dist/lexicons/chat/bsky/group/enableJoinLink.js +45 -0
  197. package/dist/lexicons/chat/bsky/group/enableJoinLink.js.map +1 -0
  198. package/dist/lexicons/chat/bsky/group/getGroupPublicInfo.d.ts +3 -0
  199. package/dist/lexicons/chat/bsky/group/getGroupPublicInfo.d.ts.map +1 -0
  200. package/dist/lexicons/chat/bsky/group/getGroupPublicInfo.defs.d.ts +20 -0
  201. package/dist/lexicons/chat/bsky/group/getGroupPublicInfo.defs.d.ts.map +1 -0
  202. package/dist/lexicons/chat/bsky/group/getGroupPublicInfo.defs.js +50 -0
  203. package/dist/lexicons/chat/bsky/group/getGroupPublicInfo.defs.js.map +1 -0
  204. package/dist/lexicons/chat/bsky/group/getGroupPublicInfo.js +45 -0
  205. package/dist/lexicons/chat/bsky/group/getGroupPublicInfo.js.map +1 -0
  206. package/dist/lexicons/chat/bsky/group/listJoinRequests.d.ts +3 -0
  207. package/dist/lexicons/chat/bsky/group/listJoinRequests.d.ts.map +1 -0
  208. package/dist/lexicons/chat/bsky/group/listJoinRequests.defs.d.ts +26 -0
  209. package/dist/lexicons/chat/bsky/group/listJoinRequests.defs.d.ts.map +1 -0
  210. package/dist/lexicons/chat/bsky/group/listJoinRequests.defs.js +55 -0
  211. package/dist/lexicons/chat/bsky/group/listJoinRequests.defs.js.map +1 -0
  212. package/dist/lexicons/chat/bsky/group/listJoinRequests.js +45 -0
  213. package/dist/lexicons/chat/bsky/group/listJoinRequests.js.map +1 -0
  214. package/dist/lexicons/chat/bsky/group/rejectJoinRequest.d.ts +3 -0
  215. package/dist/lexicons/chat/bsky/group/rejectJoinRequest.d.ts.map +1 -0
  216. package/dist/lexicons/chat/bsky/group/rejectJoinRequest.defs.d.ts +23 -0
  217. package/dist/lexicons/chat/bsky/group/rejectJoinRequest.defs.d.ts.map +1 -0
  218. package/dist/lexicons/chat/bsky/group/rejectJoinRequest.defs.js +14 -0
  219. package/dist/lexicons/chat/bsky/group/rejectJoinRequest.defs.js.map +1 -0
  220. package/dist/lexicons/chat/bsky/group/rejectJoinRequest.js +45 -0
  221. package/dist/lexicons/chat/bsky/group/rejectJoinRequest.js.map +1 -0
  222. package/dist/lexicons/chat/bsky/group/removeMembers.d.ts +3 -0
  223. package/dist/lexicons/chat/bsky/group/removeMembers.d.ts.map +1 -0
  224. package/dist/lexicons/chat/bsky/group/removeMembers.defs.d.ts +28 -0
  225. package/dist/lexicons/chat/bsky/group/removeMembers.defs.d.ts.map +1 -0
  226. package/dist/lexicons/chat/bsky/group/removeMembers.defs.js +53 -0
  227. package/dist/lexicons/chat/bsky/group/removeMembers.defs.js.map +1 -0
  228. package/dist/lexicons/chat/bsky/group/removeMembers.js +45 -0
  229. package/dist/lexicons/chat/bsky/group/removeMembers.js.map +1 -0
  230. package/dist/lexicons/chat/bsky/group/requestJoin.d.ts +3 -0
  231. package/dist/lexicons/chat/bsky/group/requestJoin.d.ts.map +1 -0
  232. package/dist/lexicons/chat/bsky/group/requestJoin.defs.d.ts +28 -0
  233. package/dist/lexicons/chat/bsky/group/requestJoin.defs.d.ts.map +1 -0
  234. package/dist/lexicons/chat/bsky/group/requestJoin.defs.js +58 -0
  235. package/dist/lexicons/chat/bsky/group/requestJoin.defs.js.map +1 -0
  236. package/dist/lexicons/chat/bsky/group/requestJoin.js +45 -0
  237. package/dist/lexicons/chat/bsky/group/requestJoin.js.map +1 -0
  238. package/dist/lexicons/chat/bsky/group.d.ts +15 -0
  239. package/dist/lexicons/chat/bsky/group.d.ts.map +1 -0
  240. package/dist/lexicons/chat/bsky/group.js +54 -0
  241. package/dist/lexicons/chat/bsky/group.js.map +1 -0
  242. package/dist/lexicons/chat/bsky/moderation/getMessageContext.defs.d.ts +2 -2
  243. package/dist/lexicons/chat/bsky/moderation/getMessageContext.defs.d.ts.map +1 -1
  244. package/dist/lexicons/chat/bsky/moderation/getMessageContext.defs.js +1 -0
  245. package/dist/lexicons/chat/bsky/moderation/getMessageContext.defs.js.map +1 -1
  246. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.d.ts +3 -0
  247. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.d.ts.map +1 -0
  248. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.defs.d.ts +32 -0
  249. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.defs.d.ts.map +1 -0
  250. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.defs.js +23 -0
  251. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.defs.js.map +1 -0
  252. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.js +45 -0
  253. package/dist/lexicons/chat/bsky/moderation/subscribeModEvents.js.map +1 -0
  254. package/dist/lexicons/chat/bsky/moderation.d.ts +1 -0
  255. package/dist/lexicons/chat/bsky/moderation.d.ts.map +1 -1
  256. package/dist/lexicons/chat/bsky/moderation.js +2 -1
  257. package/dist/lexicons/chat/bsky/moderation.js.map +1 -1
  258. package/dist/lexicons/chat/bsky.d.ts +1 -0
  259. package/dist/lexicons/chat/bsky.d.ts.map +1 -1
  260. package/dist/lexicons/chat/bsky.js +2 -1
  261. package/dist/lexicons/chat/bsky.js.map +1 -1
  262. package/dist/pipethrough.d.ts.map +1 -1
  263. package/dist/pipethrough.js +11 -7
  264. package/dist/pipethrough.js.map +1 -1
  265. package/package.json +15 -15
  266. package/src/account-manager/account-manager.ts +23 -2
  267. package/src/account-manager/oauth-store.ts +10 -2
  268. package/src/config/config.ts +13 -3
  269. package/src/config/env.ts +4 -0
  270. package/src/pipethrough.ts +15 -5
  271. package/tests/_oauth_client_assets_middleware.ts +23 -0
  272. package/tests/_puppeteer.ts +71 -17
  273. package/tests/auth.test.ts +89 -0
  274. package/tests/oauth.test.ts +52 -115
  275. package/tsconfig.build.tsbuildinfo +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,28 @@
1
1
  # @atproto/pds
2
2
 
3
+ ## 0.4.220
4
+
5
+ ### Patch Changes
6
+
7
+ - [#4857](https://github.com/bluesky-social/atproto/pull/4857) [`c531144`](https://github.com/bluesky-social/atproto/commit/c531144d248f3b88b417fe2bf99b3260225a8cbe) Thanks [@DavidBuchanan314](https://github.com/DavidBuchanan314)! - Support `InvalidCredentialsError` in PDS oauth store
8
+
9
+ - Updated dependencies [[`c531144`](https://github.com/bluesky-social/atproto/commit/c531144d248f3b88b417fe2bf99b3260225a8cbe)]:
10
+ - @atproto/oauth-provider@0.16.1
11
+
12
+ ## 0.4.219
13
+
14
+ ### Patch Changes
15
+
16
+ - [#4816](https://github.com/bluesky-social/atproto/pull/4816) [`61e75af`](https://github.com/bluesky-social/atproto/commit/61e75af39e63217d915850b2f8ac8db5f92eed0b) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Use request logger instead of global one when performing service proxying
17
+
18
+ - Updated dependencies [[`26d793a`](https://github.com/bluesky-social/atproto/commit/26d793af95a6fb3a50f9b2a97187d8ac4fecf676), [`26d793a`](https://github.com/bluesky-social/atproto/commit/26d793af95a6fb3a50f9b2a97187d8ac4fecf676), [`b3ce11a`](https://github.com/bluesky-social/atproto/commit/b3ce11ae2e965f239db6aec6054f069d557f4d55), [`0cfb16b`](https://github.com/bluesky-social/atproto/commit/0cfb16b2bfead81284317f2f893838384070d219), [`26d793a`](https://github.com/bluesky-social/atproto/commit/26d793af95a6fb3a50f9b2a97187d8ac4fecf676), [`b3ce11a`](https://github.com/bluesky-social/atproto/commit/b3ce11ae2e965f239db6aec6054f069d557f4d55), [`55d06de`](https://github.com/bluesky-social/atproto/commit/55d06de80a1506908a04ed5c0834986cb5783797), [`952354c`](https://github.com/bluesky-social/atproto/commit/952354c1dd458251f8b643d02f4b227d40c5df17), [`26d793a`](https://github.com/bluesky-social/atproto/commit/26d793af95a6fb3a50f9b2a97187d8ac4fecf676)]:
19
+ - @atproto/syntax@0.5.4
20
+ - @atproto/oauth-provider@0.16.0
21
+ - @atproto/lex-json@0.0.16
22
+ - @atproto/lex@0.0.25
23
+ - @atproto/xrpc-server@0.10.20
24
+ - @atproto/lex-cbor@0.0.16
25
+
3
26
  ## 0.4.218
4
27
 
5
28
  ### Patch Changes
package/dist/account-manager/account-manager.d.ts CHANGED
@@ -2,12 +2,29 @@ import { KeyObject } from 'node:crypto';
2
2
  import { IdResolver } from '@atproto/identity';
3
3
  import { AtIdentifierString, DidString, HandleString } from '@atproto/lex';
4
4
  import { Cid } from '@atproto/lex-data';
5
+ import { AuthRequiredError } from '@atproto/xrpc-server';
5
6
  import { com } from '../lexicons/index.js';
6
7
  import { AccountDb, EmailTokenPurpose } from './db';
7
8
  import * as account from './helpers/account';
8
9
  import { AccountStatus, ActorAccount } from './helpers/account';
9
10
  import * as password from './helpers/password';
10
11
  export { AccountStatus, formatAccountStatus } from './helpers/account';
12
+ /**
13
+ * Thrown by {@link AccountManager.login} when the identifier resolved to a
14
+ * known account but the supplied credentials (account password / app
15
+ * password) did not match. The matched `did` is attached so downstream
16
+ * callers can distinguish "identifier known, credentials wrong" from
17
+ * "identifier unknown" (which continues to throw a plain
18
+ * {@link AuthRequiredError}).
19
+ *
20
+ * Callers should take care that remote clients *cannot* distinguish the above,
21
+ * to prevent enumeration attacks. (Tested for in
22
+ * packages/pds/tests/auth.test.ts)
23
+ */
24
+ export declare class InvalidPasswordError extends AuthRequiredError {
25
+ readonly did: string;
26
+ constructor(did: string, errorMessage?: string);
27
+ }
11
28
  export type AccountManagerDbConfig = {
12
29
  accountDbLoc: string;
13
30
  disableWalAutoCheckpoint: boolean;
package/dist/account-manager/account-manager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account-manager.d.ts","sourceRoot":"","sources":["../../src/account-manager/account-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,YAAY,EAEb,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,GAAG,EAAE,MAAM,mBAAmB,CAAA;AAWvC,OAAO,EAAE,GAAG,EAAE,MAAM,sBAAsB,CAAA;AAC1C,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAsB,MAAM,MAAM,CAAA;AACvE,OAAO,KAAK,OAAO,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAI/D,OAAO,KAAK,QAAQ,MAAM,oBAAoB,CAAA;AAK9C,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAEtE,MAAM,MAAM,sBAAsB,GAAG;IACnC,YAAY,EAAE,MAAM,CAAA;IACpB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,qBAAa,cAAc;IAIvB,QAAQ,CAAC,UAAU,EAAE,UAAU;IAC/B,QAAQ,CAAC,MAAM,EAAE,SAAS;IAC1B,QAAQ,CAAC,UAAU,EAAE,MAAM;IAC3B,QAAQ,CAAC,oBAAoB,EAAE,MAAM,EAAE;IANzC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAA;gBAGX,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,SAAS,EACjB,UAAU,EAAE,MAAM,EAClB,oBAAoB,EAAE,MAAM,EAAE,EACvC,EAAE,EAAE,sBAAsB;IAKtB,cAAc;IAKpB,KAAK;IAOC,UAAU,CACd,WAAW,EAAE,kBAAkB,EAC/B,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIzB,WAAW,CACf,IAAI,EAAE,SAAS,EAAE,EACjB,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAI/B,iBAAiB,CACrB,KAAK,EAAE,MAAM,EACb,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIzB,kBAAkB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAMpD,cAAc,CAClB,WAAW,EAAE,kBAAkB,EAC/B,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKnB,gBAAgB,CACpB,WAAW,EAAE,kBAAkB,GAC9B,OAAO,CAAC,aAAa,CAAC;IAUnB,0BAA0B,CAC9B,MAAM,EAAE,MAAM,EACd,EACE,GAAG,EACH,aAAa,GACd,GAAE;QACD,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,aAAa,CAAC,EAAE,OAAO,CAAA;KACnB,GACL,OAAO,CAAC,YAAY,CAAC;IAyClB,aAAa,CAAC,EAClB,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,UAAU,EACV,WAAW,EACX,UAAU,GACX,EAAE;QACD,GAAG,EAAE,SAAS,CAAA;QACd,MAAM,EAAE,YAAY,CAAA;QACpB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,OAAO,EAAE,GAAG,CAAA;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,WAAW,CAAC,EAAE,OAAO,CAAA;QACrB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB;IAmCK,uBAAuB,CAAC,IAAI,EAAE;QAClC,GAAG,EAAE,SAAS,CAAA;QACd,MAAM,EAAE,YAAY,CAAA;QACpB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,OAAO,EAAE,GAAG,CAAA;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,WAAW,CAAC,EAAE,OAAO,CAAA;KACtB;;;;IAeK,YAAY,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY;IAIjD,aAAa,CAAC,GAAG,EAAE,SAAS;IAI5B,eAAe,CACnB,GAAG,EAAE,SAAS,EACd,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU;IAWvC,qBAAqB,CAAC,GAAG,EAAE,SAAS;kBAlDE,IAAK,OAChD,CAAG,KACN,CAAI,IAAC,CACH,UAEE;qBAAe,IAAK,OAAO,CAAC,KAAK,CAAC,IACpC,CAAE,UAAS;;IAgDL,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM;IAIpD,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI;IAI5D,eAAe,CAAC,GAAG,EAAE,SAAS;IAO9B,aAAa,CACjB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,EAC5C,aAAa,UAAQ;;;;IAgBjB,kBAAkB,CAAC,EAAE,EAAE,MAAM;IAwD7B,kBAAkB,CAAC,EAAE,EAAE,MAAM;IAO7B,KAAK,CAAC,EACV,UAAU,EACV,QAAQ,GACT,EAAE;QACD,UAAU,EAAE,MAAM,CAAA;QAClB,QAAQ,EAAE,MAAM,CAAA;KACjB,GAAG,OAAO,CAAC;QACV,IAAI,EAAE,YAAY,CAAA;QAClB,WAAW,EAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAA;QAC5C,aAAa,EAAE,OAAO,CAAA;KACvB,CAAC;IAgDI,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO;IAInE,gBAAgB,CAAC,GAAG,EAAE,SAAS;;;;;IAI/B,qBAAqB,CACzB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC;IAIb,iBAAiB,CACrB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC;IAIrC,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM;IAY9C,uBAAuB,CAAC,IAAI,EAAE,MAAM;IAIpC,iBAAiB,CACrB,QAAQ,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,EAChD,QAAQ,EAAE,MAAM;IAKZ,wBAAwB,CAC5B,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,CAAC,GAAG,CAAC;IAWX,sBAAsB,CAAC,GAAG,EAAE,SAAS;IAKrC,uBAAuB,CAAC,IAAI,EAAE,SAAS,EAAE;IAIzC,uBAAuB,CAAC,IAAI,EAAE,SAAS,EAAE;IAIzC,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE;IAIlC,yBAAyB,CAAC,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO;IAI3D,kBAAkB,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE;IAOhE,gBAAgB,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB;IAI3D,qBAAqB,CACzB,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,iBAAiB,EAC1B,KAAK,EAAE,MAAM;IAKT,+BAA+B,CACnC,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,iBAAiB,EAC1B,KAAK,EAAE,MAAM;IAMT,YAAY,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAYpD,WAAW,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAUnD,aAAa,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAWvD,qBAAqB,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE;CAWvE"}
1
+ {"version":3,"file":"account-manager.d.ts","sourceRoot":"","sources":["../../src/account-manager/account-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,YAAY,EAEb,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,GAAG,EAAE,MAAM,mBAAmB,CAAA;AAEvC,OAAO,EAAE,iBAAiB,EAAuB,MAAM,sBAAsB,CAAA;AAS7E,OAAO,EAAE,GAAG,EAAE,MAAM,sBAAsB,CAAA;AAC1C,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAsB,MAAM,MAAM,CAAA;AACvE,OAAO,KAAK,OAAO,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAI/D,OAAO,KAAK,QAAQ,MAAM,oBAAoB,CAAA;AAK9C,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAEtE;;;;;;;;;;;GAWG;AACH,qBAAa,oBAAqB,SAAQ,iBAAiB;aAEvC,GAAG,EAAE,MAAM;gBAAX,GAAG,EAAE,MAAM,EAC3B,YAAY,SAAmC;CAIlD;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,YAAY,EAAE,MAAM,CAAA;IACpB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,qBAAa,cAAc;IAIvB,QAAQ,CAAC,UAAU,EAAE,UAAU;IAC/B,QAAQ,CAAC,MAAM,EAAE,SAAS;IAC1B,QAAQ,CAAC,UAAU,EAAE,MAAM;IAC3B,QAAQ,CAAC,oBAAoB,EAAE,MAAM,EAAE;IANzC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAA;gBAGX,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,SAAS,EACjB,UAAU,EAAE,MAAM,EAClB,oBAAoB,EAAE,MAAM,EAAE,EACvC,EAAE,EAAE,sBAAsB;IAKtB,cAAc;IAKpB,KAAK;IAOC,UAAU,CACd,WAAW,EAAE,kBAAkB,EAC/B,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIzB,WAAW,CACf,IAAI,EAAE,SAAS,EAAE,EACjB,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAI/B,iBAAiB,CACrB,KAAK,EAAE,MAAM,EACb,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIzB,kBAAkB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAMpD,cAAc,CAClB,WAAW,EAAE,kBAAkB,EAC/B,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKnB,gBAAgB,CACpB,WAAW,EAAE,kBAAkB,GAC9B,OAAO,CAAC,aAAa,CAAC;IAUnB,0BAA0B,CAC9B,MAAM,EAAE,MAAM,EACd,EACE,GAAG,EACH,aAAa,GACd,GAAE;QACD,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,aAAa,CAAC,EAAE,OAAO,CAAA;KACnB,GACL,OAAO,CAAC,YAAY,CAAC;IAyClB,aAAa,CAAC,EAClB,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,UAAU,EACV,WAAW,EACX,UAAU,GACX,EAAE;QACD,GAAG,EAAE,SAAS,CAAA;QACd,MAAM,EAAE,YAAY,CAAA;QACpB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,OAAO,EAAE,GAAG,CAAA;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,WAAW,CAAC,EAAE,OAAO,CAAA;QACrB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB;IAmCK,uBAAuB,CAAC,IAAI,EAAE;QAClC,GAAG,EAAE,SAAS,CAAA;QACd,MAAM,EAAE,YAAY,CAAA;QACpB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,OAAO,EAAE,GAAG,CAAA;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,WAAW,CAAC,EAAE,OAAO,CAAA;KACtB;;;;IAeK,YAAY,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY;IAIjD,aAAa,CAAC,GAAG,EAAE,SAAS;IAI5B,eAAe,CACnB,GAAG,EAAE,SAAS,EACd,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU;IAWvC,qBAAqB,CAAC,GAAG,EAAE,SAAS;kBA1EX,IAAK,OAAO,CACvC,KAAD,CAAC,IAAI,CAAC,UAET;qBAAe,IAAK,OAAO,CAAC,KAAK,CAAC,IACpC,CAAI,UAAO;;IA0EH,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM;IAIpD,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI;IAI5D,eAAe,CAAC,GAAG,EAAE,SAAS;IAO9B,aAAa,CACjB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,EAC5C,aAAa,UAAQ;;;;IAgBjB,kBAAkB,CAAC,EAAE,EAAE,MAAM;IAwD7B,kBAAkB,CAAC,EAAE,EAAE,MAAM;IAO7B,KAAK,CAAC,EACV,UAAU,EACV,QAAQ,GACT,EAAE;QACD,UAAU,EAAE,MAAM,CAAA;QAClB,QAAQ,EAAE,MAAM,CAAA;KACjB,GAAG,OAAO,CAAC;QACV,IAAI,EAAE,YAAY,CAAA;QAClB,WAAW,EAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAA;QAC5C,aAAa,EAAE,OAAO,CAAA;KACvB,CAAC;IAgDI,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO;IAInE,gBAAgB,CAAC,GAAG,EAAE,SAAS;;;;;IAI/B,qBAAqB,CACzB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC;IAIb,iBAAiB,CACrB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC;IAIrC,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM;IAY9C,uBAAuB,CAAC,IAAI,EAAE,MAAM;IAIpC,iBAAiB,CACrB,QAAQ,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,EAChD,QAAQ,EAAE,MAAM;IAKZ,wBAAwB,CAC5B,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,CAAC,GAAG,CAAC;IAWX,sBAAsB,CAAC,GAAG,EAAE,SAAS;IAKrC,uBAAuB,CAAC,IAAI,EAAE,SAAS,EAAE;IAIzC,uBAAuB,CAAC,IAAI,EAAE,SAAS,EAAE;IAIzC,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE;IAIlC,yBAAyB,CAAC,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO;IAI3D,kBAAkB,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE;IAOhE,gBAAgB,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB;IAI3D,qBAAqB,CACzB,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,iBAAiB,EAC1B,KAAK,EAAE,MAAM;IAKT,+BAA+B,CACnC,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,iBAAiB,EAC1B,KAAK,EAAE,MAAM;IAMT,YAAY,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAYpD,WAAW,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAUnD,aAAa,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAWvD,qBAAqB,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE;CAWvE"}
package/dist/account-manager/account-manager.js CHANGED
@@ -33,7 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
33
33
  };
34
34
  })();
35
35
  Object.defineProperty(exports, "__esModule", { value: true });
36
- exports.AccountManager = exports.formatAccountStatus = exports.AccountStatus = void 0;
36
+ exports.AccountManager = exports.InvalidPasswordError = exports.formatAccountStatus = exports.AccountStatus = void 0;
37
37
  const common_1 = require("@atproto/common");
38
38
  const lex_1 = require("@atproto/lex");
39
39
  const syntax_1 = require("@atproto/syntax");
@@ -55,6 +55,30 @@ const token = __importStar(require("./helpers/token"));
55
55
  var account_2 = require("./helpers/account");
56
56
  Object.defineProperty(exports, "AccountStatus", { enumerable: true, get: function () { return account_2.AccountStatus; } });
57
57
  Object.defineProperty(exports, "formatAccountStatus", { enumerable: true, get: function () { return account_2.formatAccountStatus; } });
58
+ /**
59
+ * Thrown by {@link AccountManager.login} when the identifier resolved to a
60
+ * known account but the supplied credentials (account password / app
61
+ * password) did not match. The matched `did` is attached so downstream
62
+ * callers can distinguish "identifier known, credentials wrong" from
63
+ * "identifier unknown" (which continues to throw a plain
64
+ * {@link AuthRequiredError}).
65
+ *
66
+ * Callers should take care that remote clients *cannot* distinguish the above,
67
+ * to prevent enumeration attacks. (Tested for in
68
+ * packages/pds/tests/auth.test.ts)
69
+ */
70
+ class InvalidPasswordError extends xrpc_server_1.AuthRequiredError {
71
+ constructor(did, errorMessage = 'Invalid identifier or password') {
72
+ super(errorMessage);
73
+ Object.defineProperty(this, "did", {
74
+ enumerable: true,
75
+ configurable: true,
76
+ writable: true,
77
+ value: did
78
+ });
79
+ }
80
+ }
81
+ exports.InvalidPasswordError = InvalidPasswordError;
58
82
  class AccountManager {
59
83
  constructor(idResolver, jwtKey, serviceDid, serviceHandleDomains, db) {
60
84
  Object.defineProperty(this, "idResolver", {
@@ -307,11 +331,11 @@ class AccountManager {
307
331
  if (!validAccountPass) {
308
332
  // takendown/suspended accounts cannot login with app password
309
333
  if (isSoftDeleted) {
310
- throw new xrpc_server_1.AuthRequiredError('Invalid identifier or password');
334
+ throw new InvalidPasswordError(user.did);
311
335
  }
312
336
  appPassword = await this.verifyAppPassword(user.did, password);
313
337
  if (appPassword === null) {
314
- throw new xrpc_server_1.AuthRequiredError('Invalid identifier or password');
338
+ throw new InvalidPasswordError(user.did);
315
339
  }
316
340
  }
317
341
  return { user, appPassword, isSoftDeleted };
package/dist/account-manager/account-manager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account-manager.js","sourceRoot":"","sources":["../../src/account-manager/account-manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,4CAA4C;AAE5C,sCAKqB;AAErB,4CAAmE;AACnE,sDAA6E;AAC7E,8CAAyC;AACzC,8BAAmC;AACnC,6DAA0D;AAC1D,2CAIwB;AAExB,6BAAuE;AACvE,2DAA4C;AAC5C,+CAA+D;AAC/D,qDAAsC;AACtC,kEAAmD;AACnD,yDAA0C;AAC1C,6DAA8C;AAC9C,qDAAsC;AACtC,yDAA0C;AAC1C,uDAAwC;AAExC,6CAAsE;AAA7D,wGAAA,aAAa,OAAA;AAAE,8GAAA,mBAAmB,OAAA;AAO3C,MAAa,cAAc;IAGzB,YACW,UAAsB,EACtB,MAAiB,EACjB,UAAkB,EAClB,oBAA8B,EACvC,EAA0B;QAJ1B;;;;mBAAS,UAAU;WAAY;QAC/B;;;;mBAAS,MAAM;WAAW;QAC1B;;;;mBAAS,UAAU;WAAQ;QAC3B;;;;mBAAS,oBAAoB;WAAU;QANhC;;;;;WAAa;QASpB,IAAI,CAAC,EAAE,GAAG,IAAA,UAAK,EAAC,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,wBAAwB,CAAC,CAAA;IAC/D,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAA;QACzB,MAAM,IAAA,gBAAW,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,sBAAsB,EAAE,CAAA;IACrD,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACjB,CAAC;IAED,UAAU;IACV,aAAa;IAEb,KAAK,CAAC,UAAU,CACd,WAA+B,EAC/B,KAAiC;QAEjC,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,CAAA;IACxD,CAAC;IAED,KAAK,CAAC,WAAW,CACf,IAAiB,EACjB,KAAiC;QAEjC,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,KAAa,EACb,KAAiC;QAEjC,OAAO,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,GAAc;QACrC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAA;QACxE,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAA;QAC1B,OAAO,CAAC,OAAO,CAAC,aAAa,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,WAA+B,EAC/B,KAAiC;QAEjC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;QACrD,OAAO,GAAG,EAAE,GAAG,IAAI,IAAI,CAAA;IACzB,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,WAA+B;QAE/B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE;YAC7C,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,MAAM,GAAG,GAAG,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;QAC5C,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,uBAAa,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,MAAc,EACd,EACE,GAAG,EACH,aAAa,MAIX,EAAE;QAEN,MAAM,UAAU,GAAG,IAAA,gCAAwB,EAAC,MAAM,CAAC,CAAA;QAEnD,iBAAiB;QACjB,IAAI,CAAC,IAAA,mBAAU,EAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,iCAAmB,CAC3B,qCAAqC,EACrC,eAAe,CAChB,CAAA;QACH,CAAC;QACD,aAAa;QACb,IAAI,CAAC,aAAa,IAAI,IAAA,gCAAe,EAAC,UAAU,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,iCAAmB,CAC3B,kCAAkC,EAClC,eAAe,CAChB,CAAA;QACH,CAAC;QACD,IAAI,IAAA,uBAAe,EAAC,UAAU,EAAE,IAAI,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3D,yCAAyC;YACzC,IAAA,sCAA8B,EAC5B,UAAU,EACV,IAAI,CAAC,oBAAoB,EACzB,aAAa,CACd,CAAA;QACH,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBAChB,MAAM,IAAI,iCAAmB,CAC3B,+BAA+B,EAC/B,mBAAmB,CACpB,CAAA;YACH,CAAC;YACD,4CAA4C;YAC5C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;YACpE,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;gBACxB,MAAM,IAAI,iCAAmB,CAAC,wCAAwC,CAAC,CAAA;YACzE,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAClB,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,UAAU,EACV,WAAW,EACX,UAAU,GAWX;QACC,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,uBAAuB,EAAE,CAAC;YACjE,MAAM,IAAI,iCAAmB,CAAC,mBAAmB,CAAC,CAAA;QACpD,CAAC;QAED,MAAM,cAAc,GAAG,QAAQ;YAC7B,CAAC,CAAC,MAAM,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC;YACvC,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,GAAG,GAAG,IAAA,8BAAqB,GAAE,CAAA;QACnC,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,MAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;YACzD,CAAC;YACD,MAAM,OAAO,CAAC,GAAG,CAAC;gBAChB,OAAO,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;gBAC1D,KAAK,IAAI,cAAc;oBACrB,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;oBAChE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE;gBACrB,MAAM,CAAC,eAAe,CAAC,KAAK,EAAE;oBAC5B,GAAG;oBACH,UAAU;oBACV,GAAG;iBACJ,CAAC;gBACF,UAAU;oBACR,IAAI,CAAC,iBAAiB,CACpB,KAAK,EACL,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,EACnC,IAAI,CACL;gBACH,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC;aAC9C,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAS7B;QACC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,sBAAS,CAAC,MAAM;SACxB,CAAC,CAAA;QAEF,MAAM,IAAI,CAAC,aAAa,CAAC,EAAE,GAAG,IAAI,EAAE,UAAU,EAAE,CAAC,CAAA;QAEjD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,yDAAyD;IACzD,0EAA0E;IAC1E,KAAK,CAAC,YAAY,CAAC,GAAc,EAAE,MAAoB;QACrD,OAAO,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;IACnD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAAc;QAChC,OAAO,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAC5C,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,GAAc,EACd,QAA2C;QAE3C,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,OAAO,CAAC,2BAA2B,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC;YACzD,IAAI,CAAC,wBAAwB,CAAC,KAAK,EAAE,GAAG,CAAC;YACzC,KAAK,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE;SAC1C,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAc;QACxC,OAAO,OAAO,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAc,EAAE,GAAQ,EAAE,GAAW;QACxD,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,WAA0B;QAChE,OAAO,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,GAAc;QAClC,OAAO,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAC9C,CAAC;IAED,OAAO;IACP,aAAa;IAEb,KAAK,CAAC,aAAa,CACjB,GAAc,EACd,WAA4C,EAC5C,aAAa,GAAG,KAAK;QAErB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG;YACH,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,aAAa,CAAC;SACpD,CAAC,CAAA;QACF,mFAAmF;QACnF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;YAC1D,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,cAAc,EAAE,WAAW,CAAC,CAAA;QACpE,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU;QACjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QACrD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QAEvB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QAEtB,yDAAyD;QACzD,mEAAmE;QACnE,MAAM,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAA;QAE5E,mDAAmD;QACnD,2DAA2D;QAC3D,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAC/C,MAAM,gBAAgB,GAAG,CAAC,GAAG,aAAI,CAAA;QACjC,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,gBAAgB,CAAC,CAAA;QAEjE,MAAM,SAAS,GACb,cAAc,GAAG,aAAa,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,aAAa,CAAA;QAEjE,IAAI,SAAS,IAAI,GAAG,EAAE,CAAC;YACrB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,0DAA0D;QAC1D,6DAA6D;QAC7D,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAA;QAEvD,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC;YAC1C,GAAG,EAAE,MAAM;SACZ,CAAC,CAAA;QAEF,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;QAC1D,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,EAAE,CAClC,OAAO,CAAC,GAAG,CAAC;gBACV,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE;oBAChC,EAAE;oBACF,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;oBAClC,MAAM;iBACP,CAAC;gBACF,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,CAAC,WAAW,CAAC;aACjE,CAAC,CACH,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAA;YACpC,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU;QACjC,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;IAC7C,CAAC;IAED,QAAQ;IACR,aAAa;IAEb,KAAK,CAAC,KAAK,CAAC,EACV,UAAU,EACV,QAAQ,GAIT;QAKC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACxB,IAAI,CAAC;YACH,MAAM,oBAAoB,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;YAErD,MAAM,IAAI,GAAG,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC7C,CAAC,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,oBAAoB,EAAE;oBACjD,kBAAkB,EAAE,IAAI;oBACxB,gBAAgB,EAAE,IAAI;iBACvB,CAAC;gBACJ,CAAC,CAAC,IAAA,0BAAoB,EAAC,oBAAoB,CAAC;oBAC1C,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,EAAE;wBAC1C,kBAAkB,EAAE,IAAI;wBACxB,gBAAgB,EAAE,IAAI;qBACvB,CAAC;oBACJ,CAAC,CAAC,IAAI,CAAA;YAEV,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,+BAAiB,CAAC,gCAAgC,CAAC,CAAA;YAC/D,CAAC;YACD,MAAM,aAAa,GAAG,IAAA,gBAAW,EAAC,IAAI,CAAC,CAAA;YAEvC,IAAI,WAAW,GAAoC,IAAI,CAAA;YACvD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CACvD,IAAI,CAAC,GAAG,EACR,QAAQ,CACT,CAAA;YACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,8DAA8D;gBAC9D,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,IAAI,+BAAiB,CAAC,gCAAgC,CAAC,CAAA;gBAC/D,CAAC;gBACD,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;gBAC9D,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;oBACzB,MAAM,IAAI,+BAAiB,CAAC,gCAAgC,CAAC,CAAA;gBAC/D,CAAC;YACH,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,CAAA;QAC7C,CAAC;gBAAS,CAAC;YACT,0BAA0B;YAC1B,MAAM,IAAA,aAAI,EAAC,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,CAAA;QACxC,CAAC;IACH,CAAC;IAED,YAAY;IACZ,aAAa;IAEb,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,IAAY,EAAE,UAAmB;QACvE,OAAO,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,CAAC,CAAA;IACnE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,GAAc;QACnC,OAAO,QAAQ,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,GAAc,EACd,WAAmB;QAEnB,OAAO,QAAQ,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,GAAc,EACd,WAAmB;QAEnB,OAAO,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,IAAY;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,QAAQ,CAAC,iBAAiB,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC;YAC5C,IAAI,CAAC,6BAA6B,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC;SACrD,CAAC,CACH,CAAA;IACH,CAAC;IAED,UAAU;IACV,aAAa;IAEb,KAAK,CAAC,uBAAuB,CAAC,IAAY;QACxC,OAAO,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,QAAgD,EAChD,QAAgB;QAEhB,OAAO,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,UAAkB,EAClB,KAAe,EACf,aAAqB,EACrB,QAAe;QAEf,OAAO,MAAM,CAAC,wBAAwB,CACpC,IAAI,CAAC,EAAE,EACP,UAAU,EACV,KAAK,EACL,aAAa,EACb,QAAQ,CACT,CAAA;IACH,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,GAAc;QACzC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAA;QACvE,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAiB;QAC7C,OAAO,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACrD,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAiB;QAC7C,OAAO,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAAe;QACtC,OAAO,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,GAAc,EAAE,QAAiB;QAC/D,OAAO,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAA;IACjE,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAA6C;QACpE,OAAO,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACjD,CAAC;IAED,eAAe;IACf,aAAa;IAEb,KAAK,CAAC,gBAAgB,CAAC,GAAc,EAAE,OAA0B;QAC/D,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC3D,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,GAAc,EACd,OAA0B,EAC1B,KAAa;QAEb,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,+BAA+B,CACnC,GAAc,EACd,OAA0B,EAC1B,KAAa;QAEb,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAA;QAC/D,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC1D,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAuC;QACxD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;QAC3B,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE,KAAK,CAAC,CAAA;QACvE,MAAM,GAAG,GAAG,IAAA,8BAAqB,GAAE,CAAA;QACnC,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,EAAE,CAClC,OAAO,CAAC,GAAG,CAAC;YACV,UAAU,CAAC,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,eAAe,CAAC;YACxD,OAAO,CAAC,mBAAmB,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SAC7C,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,IAAuC;QACvD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;QAC3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,EAAE,CAClC,OAAO,CAAC,GAAG,CAAC;YACV,OAAO,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,CAAC;YACtC,UAAU,CAAC,oBAAoB,CAAC,KAAK,EAAE,GAAG,CAAC;SAC5C,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAyC;QAC3D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,0BAA0B,CACrD,IAAI,CAAC,EAAE,EACP,gBAAgB,EAChB,IAAI,CAAC,KAAK,CACX,CAAA;QACD,MAAM,IAAI,CAAC,qBAAqB,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAA;QAElE,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAA0C;QACpE,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QACpB,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACjE,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,QAAQ,CAAC,kBAAkB,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,cAAc,EAAE,CAAC;YAC3D,UAAU,CAAC,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,gBAAgB,CAAC;YACzD,IAAI,CAAC,wBAAwB,CAAC,KAAK,EAAE,GAAG,CAAC;SAC1C,CAAC,CACH,CAAA;IACH,CAAC;CACF;AAthBD,wCAshBC","sourcesContent":["import { KeyObject } from 'node:crypto'\nimport { HOUR, wait } from '@atproto/common'\nimport { IdResolver } from '@atproto/identity'\nimport {\n AtIdentifierString,\n DidString,\n HandleString,\n isAtIdentifierString,\n} from '@atproto/lex'\nimport { Cid } from '@atproto/lex-data'\nimport { currentDatetimeString, isValidTld } from '@atproto/syntax'\nimport { AuthRequiredError, InvalidRequestError } from '@atproto/xrpc-server'\nimport { AuthScope } from '../auth-scope'\nimport { softDeleted } from '../db'\nimport { hasExplicitSlur } from '../handle/explicit-slurs'\nimport {\n baseNormalizeAndValidate,\n ensureHandleServiceConstraints,\n isServiceDomain,\n} from '../handle/index'\nimport { com } from '../lexicons/index.js'\nimport { AccountDb, EmailTokenPurpose, getDb, getMigrator } from './db'\nimport * as account from './helpers/account'\nimport { AccountStatus, ActorAccount } from './helpers/account'\nimport * as auth from './helpers/auth'\nimport * as emailToken from './helpers/email-token'\nimport * as invite from './helpers/invite'\nimport * as password from './helpers/password'\nimport * as repo from './helpers/repo'\nimport * as scrypt from './helpers/scrypt'\nimport * as token from './helpers/token'\n\nexport { AccountStatus, formatAccountStatus } from './helpers/account'\n\nexport type AccountManagerDbConfig = {\n accountDbLoc: string\n disableWalAutoCheckpoint: boolean\n}\n\nexport class AccountManager {\n readonly db: AccountDb\n\n constructor(\n readonly idResolver: IdResolver,\n readonly jwtKey: KeyObject,\n readonly serviceDid: string,\n readonly serviceHandleDomains: string[],\n db: AccountManagerDbConfig,\n ) {\n this.db = getDb(db.accountDbLoc, db.disableWalAutoCheckpoint)\n }\n\n async migrateOrThrow() {\n await this.db.ensureWal()\n await getMigrator(this.db).migrateToLatestOrThrow()\n }\n\n close() {\n this.db.close()\n }\n\n // Account\n // ----------\n\n async getAccount(\n handleOrDid: AtIdentifierString,\n flags?: account.AvailabilityFlags,\n ): Promise<ActorAccount | null> {\n return account.getAccount(this.db, handleOrDid, flags)\n }\n\n async getAccounts(\n dids: DidString[],\n flags?: account.AvailabilityFlags,\n ): Promise<Map<string, ActorAccount>> {\n return account.getAccounts(this.db, dids, flags)\n }\n\n async getAccountByEmail(\n email: string,\n flags?: account.AvailabilityFlags,\n ): Promise<ActorAccount | null> {\n return account.getAccountByEmail(this.db, email, flags)\n }\n\n async isAccountActivated(did: DidString): Promise<boolean> {\n const account = await this.getAccount(did, { includeDeactivated: true })\n if (!account) return false\n return !account.deactivatedAt\n }\n\n async getDidForActor(\n handleOrDid: AtIdentifierString,\n flags?: account.AvailabilityFlags,\n ): Promise<string | null> {\n const got = await this.getAccount(handleOrDid, flags)\n return got?.did ?? null\n }\n\n async getAccountStatus(\n handleOrDid: AtIdentifierString,\n ): Promise<AccountStatus> {\n const got = await this.getAccount(handleOrDid, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n const res = account.formatAccountStatus(got)\n return res.active ? AccountStatus.Active : res.status\n }\n\n async normalizeAndValidateHandle(\n handle: string,\n {\n did,\n allowAnyValid,\n }: {\n did?: string\n allowAnyValid?: boolean\n } = {},\n ): Promise<HandleString> {\n const normalized = baseNormalizeAndValidate(handle)\n\n // tld validation\n if (!isValidTld(normalized)) {\n throw new InvalidRequestError(\n 'Handle TLD is invalid or disallowed',\n 'InvalidHandle',\n )\n }\n // slur check\n if (!allowAnyValid && hasExplicitSlur(normalized)) {\n throw new InvalidRequestError(\n 'Inappropriate language in handle',\n 'InvalidHandle',\n )\n }\n if (isServiceDomain(normalized, this.serviceHandleDomains)) {\n // verify constraints on a service domain\n ensureHandleServiceConstraints(\n normalized,\n this.serviceHandleDomains,\n allowAnyValid,\n )\n } else {\n if (did == null) {\n throw new InvalidRequestError(\n 'Not a supported handle domain',\n 'UnsupportedDomain',\n )\n }\n // verify resolution of a non-service domain\n const resolvedDid = await this.idResolver.handle.resolve(normalized)\n if (resolvedDid !== did) {\n throw new InvalidRequestError('External handle did not resolve to DID')\n }\n }\n\n return normalized\n }\n\n async createAccount({\n did,\n handle,\n email,\n password,\n repoCid,\n repoRev,\n inviteCode,\n deactivated,\n refreshJwt,\n }: {\n did: DidString\n handle: HandleString\n email?: string\n password?: string\n repoCid: Cid\n repoRev: string\n inviteCode?: string\n deactivated?: boolean\n refreshJwt?: string\n }) {\n if (password && password.length > scrypt.NEW_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError('Password too long')\n }\n\n const passwordScrypt = password\n ? await scrypt.genSaltAndHash(password)\n : undefined\n\n const now = currentDatetimeString()\n await this.db.transaction(async (dbTxn) => {\n if (inviteCode) {\n await invite.ensureInviteIsAvailable(dbTxn, inviteCode)\n }\n await Promise.all([\n account.registerActor(dbTxn, { did, handle, deactivated }),\n email && passwordScrypt\n ? account.registerAccount(dbTxn, { did, email, passwordScrypt })\n : Promise.resolve(),\n invite.recordInviteUse(dbTxn, {\n did,\n inviteCode,\n now,\n }),\n refreshJwt &&\n auth.storeRefreshToken(\n dbTxn,\n auth.decodeRefreshToken(refreshJwt),\n null,\n ),\n repo.updateRoot(dbTxn, did, repoCid, repoRev),\n ])\n })\n }\n\n async createAccountAndSession(opts: {\n did: DidString\n handle: HandleString\n email?: string\n password?: string\n repoCid: Cid\n repoRev: string\n inviteCode?: string\n deactivated?: boolean\n }) {\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did: opts.did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: AuthScope.Access,\n })\n\n await this.createAccount({ ...opts, refreshJwt })\n\n return { accessJwt, refreshJwt }\n }\n\n // @NOTE should always be paired with a sequenceHandle().\n // the token output from this method should be passed to sequenceHandle().\n async updateHandle(did: DidString, handle: HandleString) {\n return account.updateHandle(this.db, did, handle)\n }\n\n async deleteAccount(did: DidString) {\n return account.deleteAccount(this.db, did)\n }\n\n async takedownAccount(\n did: DidString,\n takedown: com.atproto.admin.defs.StatusAttr,\n ) {\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n account.updateAccountTakedownStatus(dbTxn, did, takedown),\n auth.revokeRefreshTokensByDid(dbTxn, did),\n token.removeByDidQB(dbTxn, did).execute(),\n ]),\n )\n }\n\n async getAccountAdminStatus(did: DidString) {\n return account.getAccountAdminStatus(this.db, did)\n }\n\n async updateRepoRoot(did: DidString, cid: Cid, rev: string) {\n return repo.updateRoot(this.db, did, cid, rev)\n }\n\n async deactivateAccount(did: DidString, deleteAfter: string | null) {\n return account.deactivateAccount(this.db, did, deleteAfter)\n }\n\n async activateAccount(did: DidString) {\n return account.activateAccount(this.db, did)\n }\n\n // Auth\n // ----------\n\n async createSession(\n did: DidString,\n appPassword: password.AppPassDescript | null,\n isSoftDeleted = false,\n ) {\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: auth.formatScope(appPassword, isSoftDeleted),\n })\n // For soft deleted accounts don't store refresh token so that it can't be rotated.\n if (!isSoftDeleted) {\n const refreshPayload = auth.decodeRefreshToken(refreshJwt)\n await auth.storeRefreshToken(this.db, refreshPayload, appPassword)\n }\n return { accessJwt, refreshJwt }\n }\n\n async rotateRefreshToken(id: string) {\n const token = await auth.getRefreshToken(this.db, id)\n if (!token) return null\n\n const now = new Date()\n\n // take the chance to tidy all of a user's expired tokens\n // does not need to be transactional since this is just best-effort\n await auth.deleteExpiredRefreshTokens(this.db, token.did, now.toISOString())\n\n // Shorten the refresh token lifespan down from its\n // original expiration time to its revocation grace period.\n const prevExpiresAt = new Date(token.expiresAt)\n const REFRESH_GRACE_MS = 2 * HOUR\n const graceExpiresAt = new Date(now.getTime() + REFRESH_GRACE_MS)\n\n const expiresAt =\n graceExpiresAt < prevExpiresAt ? graceExpiresAt : prevExpiresAt\n\n if (expiresAt <= now) {\n return null\n }\n\n // Determine the next refresh token id: upon refresh token\n // reuse you always receive a refresh token with the same id.\n const nextId = token.nextId ?? auth.getRefreshTokenId()\n\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did: token.did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: auth.formatScope(token.appPassword),\n jti: nextId,\n })\n\n const refreshPayload = auth.decodeRefreshToken(refreshJwt)\n try {\n await this.db.transaction((dbTxn) =>\n Promise.all([\n auth.addRefreshGracePeriod(dbTxn, {\n id,\n expiresAt: expiresAt.toISOString(),\n nextId,\n }),\n auth.storeRefreshToken(dbTxn, refreshPayload, token.appPassword),\n ]),\n )\n } catch (err) {\n if (err instanceof auth.ConcurrentRefreshError) {\n return this.rotateRefreshToken(id)\n }\n throw err\n }\n return { accessJwt, refreshJwt }\n }\n\n async revokeRefreshToken(id: string) {\n return auth.revokeRefreshToken(this.db, id)\n }\n\n // Login\n // ----------\n\n async login({\n identifier,\n password,\n }: {\n identifier: string\n password: string\n }): Promise<{\n user: ActorAccount\n appPassword: password.AppPassDescript | null\n isSoftDeleted: boolean\n }> {\n const start = Date.now()\n try {\n const identifierNormalized = identifier.toLowerCase()\n\n const user = identifierNormalized.includes('@')\n ? await this.getAccountByEmail(identifierNormalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n : isAtIdentifierString(identifierNormalized)\n ? await this.getAccount(identifierNormalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n : null\n\n if (!user) {\n throw new AuthRequiredError('Invalid identifier or password')\n }\n const isSoftDeleted = softDeleted(user)\n\n let appPassword: password.AppPassDescript | null = null\n const validAccountPass = await this.verifyAccountPassword(\n user.did,\n password,\n )\n if (!validAccountPass) {\n // takendown/suspended accounts cannot login with app password\n if (isSoftDeleted) {\n throw new AuthRequiredError('Invalid identifier or password')\n }\n appPassword = await this.verifyAppPassword(user.did, password)\n if (appPassword === null) {\n throw new AuthRequiredError('Invalid identifier or password')\n }\n }\n\n return { user, appPassword, isSoftDeleted }\n } finally {\n // Mitigate timing attacks\n await wait(350 - (Date.now() - start))\n }\n }\n\n // Passwords\n // ----------\n\n async createAppPassword(did: DidString, name: string, privileged: boolean) {\n return password.createAppPassword(this.db, did, name, privileged)\n }\n\n async listAppPasswords(did: DidString) {\n return password.listAppPasswords(this.db, did)\n }\n\n async verifyAccountPassword(\n did: DidString,\n passwordStr: string,\n ): Promise<boolean> {\n return password.verifyAccountPassword(this.db, did, passwordStr)\n }\n\n async verifyAppPassword(\n did: DidString,\n passwordStr: string,\n ): Promise<password.AppPassDescript | null> {\n return password.verifyAppPassword(this.db, did, passwordStr)\n }\n\n async revokeAppPassword(did: DidString, name: string) {\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n password.deleteAppPassword(dbTxn, did, name),\n auth.revokeAppPasswordRefreshToken(dbTxn, did, name),\n ]),\n )\n }\n\n // Invites\n // ----------\n\n async ensureInviteIsAvailable(code: string) {\n return invite.ensureInviteIsAvailable(this.db, code)\n }\n\n async createInviteCodes(\n toCreate: { account: string; codes: string[] }[],\n useCount: number,\n ) {\n return invite.createInviteCodes(this.db, toCreate, useCount)\n }\n\n async createAccountInviteCodes(\n forAccount: string,\n codes: string[],\n expectedTotal: number,\n disabled: 0 | 1,\n ) {\n return invite.createAccountInviteCodes(\n this.db,\n forAccount,\n codes,\n expectedTotal,\n disabled,\n )\n }\n\n async getAccountInvitesCodes(did: DidString) {\n const inviteCodes = await invite.getAccountsInviteCodes(this.db, [did])\n return inviteCodes.get(did) ?? []\n }\n\n async getAccountsInvitesCodes(dids: DidString[]) {\n return invite.getAccountsInviteCodes(this.db, dids)\n }\n\n async getInvitedByForAccounts(dids: DidString[]) {\n return invite.getInvitedByForAccounts(this.db, dids)\n }\n\n async getInviteCodesUses(codes: string[]) {\n return invite.getInviteCodesUses(this.db, codes)\n }\n\n async setAccountInvitesDisabled(did: DidString, disabled: boolean) {\n return invite.setAccountInvitesDisabled(this.db, did, disabled)\n }\n\n async disableInviteCodes(opts: { codes: string[]; accounts: string[] }) {\n return invite.disableInviteCodes(this.db, opts)\n }\n\n // Email Tokens\n // ----------\n\n async createEmailToken(did: DidString, purpose: EmailTokenPurpose) {\n return emailToken.createEmailToken(this.db, did, purpose)\n }\n\n async assertValidEmailToken(\n did: DidString,\n purpose: EmailTokenPurpose,\n token: string,\n ) {\n return emailToken.assertValidToken(this.db, did, purpose, token)\n }\n\n async assertValidEmailTokenAndCleanup(\n did: DidString,\n purpose: EmailTokenPurpose,\n token: string,\n ) {\n await emailToken.assertValidToken(this.db, did, purpose, token)\n await emailToken.deleteEmailToken(this.db, did, purpose)\n }\n\n async confirmEmail(opts: { did: DidString; token: string }) {\n const { did, token } = opts\n await emailToken.assertValidToken(this.db, did, 'confirm_email', token)\n const now = currentDatetimeString()\n await this.db.transaction((dbTxn) =>\n Promise.all([\n emailToken.deleteEmailToken(dbTxn, did, 'confirm_email'),\n account.setEmailConfirmedAt(dbTxn, did, now),\n ]),\n )\n }\n\n async updateEmail(opts: { did: DidString; email: string }) {\n const { did, email } = opts\n await this.db.transaction((dbTxn) =>\n Promise.all([\n account.updateEmail(dbTxn, did, email),\n emailToken.deleteAllEmailTokens(dbTxn, did),\n ]),\n )\n }\n\n async resetPassword(opts: { password: string; token: string }) {\n const did = await emailToken.assertValidTokenAndFindDid(\n this.db,\n 'reset_password',\n opts.token,\n )\n await this.updateAccountPassword({ did, password: opts.password })\n\n return did\n }\n\n async updateAccountPassword(opts: { did: DidString; password: string }) {\n const { did } = opts\n const passwordScrypt = await scrypt.genSaltAndHash(opts.password)\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n password.updateUserPassword(dbTxn, { did, passwordScrypt }),\n emailToken.deleteEmailToken(dbTxn, did, 'reset_password'),\n auth.revokeRefreshTokensByDid(dbTxn, did),\n ]),\n )\n }\n}\n"]}
1
+ {"version":3,"file":"account-manager.js","sourceRoot":"","sources":["../../src/account-manager/account-manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,4CAA4C;AAE5C,sCAKqB;AAErB,4CAAmE;AACnE,sDAA6E;AAC7E,8CAAyC;AACzC,8BAAmC;AACnC,6DAA0D;AAC1D,2CAIwB;AAExB,6BAAuE;AACvE,2DAA4C;AAC5C,+CAA+D;AAC/D,qDAAsC;AACtC,kEAAmD;AACnD,yDAA0C;AAC1C,6DAA8C;AAC9C,qDAAsC;AACtC,yDAA0C;AAC1C,uDAAwC;AAExC,6CAAsE;AAA7D,wGAAA,aAAa,OAAA;AAAE,8GAAA,mBAAmB,OAAA;AAE3C;;;;;;;;;;;GAWG;AACH,MAAa,oBAAqB,SAAQ,+BAAiB;IACzD,YACkB,GAAW,EAC3B,YAAY,GAAG,gCAAgC;QAE/C,KAAK,CAAC,YAAY,CAAC,CAAA;QAHnB;;;;mBAAgB,GAAG;WAAQ;IAI7B,CAAC;CACF;AAPD,oDAOC;AAOD,MAAa,cAAc;IAGzB,YACW,UAAsB,EACtB,MAAiB,EACjB,UAAkB,EAClB,oBAA8B,EACvC,EAA0B;QAJ1B;;;;mBAAS,UAAU;WAAY;QAC/B;;;;mBAAS,MAAM;WAAW;QAC1B;;;;mBAAS,UAAU;WAAQ;QAC3B;;;;mBAAS,oBAAoB;WAAU;QANhC;;;;;WAAa;QASpB,IAAI,CAAC,EAAE,GAAG,IAAA,UAAK,EAAC,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,wBAAwB,CAAC,CAAA;IAC/D,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAA;QACzB,MAAM,IAAA,gBAAW,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,sBAAsB,EAAE,CAAA;IACrD,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACjB,CAAC;IAED,UAAU;IACV,aAAa;IAEb,KAAK,CAAC,UAAU,CACd,WAA+B,EAC/B,KAAiC;QAEjC,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,CAAA;IACxD,CAAC;IAED,KAAK,CAAC,WAAW,CACf,IAAiB,EACjB,KAAiC;QAEjC,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,KAAa,EACb,KAAiC;QAEjC,OAAO,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,GAAc;QACrC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAA;QACxE,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAA;QAC1B,OAAO,CAAC,OAAO,CAAC,aAAa,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,WAA+B,EAC/B,KAAiC;QAEjC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;QACrD,OAAO,GAAG,EAAE,GAAG,IAAI,IAAI,CAAA;IACzB,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,WAA+B;QAE/B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE;YAC7C,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,MAAM,GAAG,GAAG,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;QAC5C,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,uBAAa,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,MAAc,EACd,EACE,GAAG,EACH,aAAa,MAIX,EAAE;QAEN,MAAM,UAAU,GAAG,IAAA,gCAAwB,EAAC,MAAM,CAAC,CAAA;QAEnD,iBAAiB;QACjB,IAAI,CAAC,IAAA,mBAAU,EAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,iCAAmB,CAC3B,qCAAqC,EACrC,eAAe,CAChB,CAAA;QACH,CAAC;QACD,aAAa;QACb,IAAI,CAAC,aAAa,IAAI,IAAA,gCAAe,EAAC,UAAU,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,iCAAmB,CAC3B,kCAAkC,EAClC,eAAe,CAChB,CAAA;QACH,CAAC;QACD,IAAI,IAAA,uBAAe,EAAC,UAAU,EAAE,IAAI,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3D,yCAAyC;YACzC,IAAA,sCAA8B,EAC5B,UAAU,EACV,IAAI,CAAC,oBAAoB,EACzB,aAAa,CACd,CAAA;QACH,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBAChB,MAAM,IAAI,iCAAmB,CAC3B,+BAA+B,EAC/B,mBAAmB,CACpB,CAAA;YACH,CAAC;YACD,4CAA4C;YAC5C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;YACpE,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;gBACxB,MAAM,IAAI,iCAAmB,CAAC,wCAAwC,CAAC,CAAA;YACzE,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAClB,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,UAAU,EACV,WAAW,EACX,UAAU,GAWX;QACC,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,uBAAuB,EAAE,CAAC;YACjE,MAAM,IAAI,iCAAmB,CAAC,mBAAmB,CAAC,CAAA;QACpD,CAAC;QAED,MAAM,cAAc,GAAG,QAAQ;YAC7B,CAAC,CAAC,MAAM,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC;YACvC,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,GAAG,GAAG,IAAA,8BAAqB,GAAE,CAAA;QACnC,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,MAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;YACzD,CAAC;YACD,MAAM,OAAO,CAAC,GAAG,CAAC;gBAChB,OAAO,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;gBAC1D,KAAK,IAAI,cAAc;oBACrB,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;oBAChE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE;gBACrB,MAAM,CAAC,eAAe,CAAC,KAAK,EAAE;oBAC5B,GAAG;oBACH,UAAU;oBACV,GAAG;iBACJ,CAAC;gBACF,UAAU;oBACR,IAAI,CAAC,iBAAiB,CACpB,KAAK,EACL,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,EACnC,IAAI,CACL;gBACH,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC;aAC9C,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAS7B;QACC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,sBAAS,CAAC,MAAM;SACxB,CAAC,CAAA;QAEF,MAAM,IAAI,CAAC,aAAa,CAAC,EAAE,GAAG,IAAI,EAAE,UAAU,EAAE,CAAC,CAAA;QAEjD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,yDAAyD;IACzD,0EAA0E;IAC1E,KAAK,CAAC,YAAY,CAAC,GAAc,EAAE,MAAoB;QACrD,OAAO,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;IACnD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAAc;QAChC,OAAO,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAC5C,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,GAAc,EACd,QAA2C;QAE3C,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,OAAO,CAAC,2BAA2B,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC;YACzD,IAAI,CAAC,wBAAwB,CAAC,KAAK,EAAE,GAAG,CAAC;YACzC,KAAK,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE;SAC1C,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAc;QACxC,OAAO,OAAO,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAc,EAAE,GAAQ,EAAE,GAAW;QACxD,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,WAA0B;QAChE,OAAO,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,GAAc;QAClC,OAAO,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAC9C,CAAC;IAED,OAAO;IACP,aAAa;IAEb,KAAK,CAAC,aAAa,CACjB,GAAc,EACd,WAA4C,EAC5C,aAAa,GAAG,KAAK;QAErB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG;YACH,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,aAAa,CAAC;SACpD,CAAC,CAAA;QACF,mFAAmF;QACnF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;YAC1D,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,cAAc,EAAE,WAAW,CAAC,CAAA;QACpE,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU;QACjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QACrD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QAEvB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QAEtB,yDAAyD;QACzD,mEAAmE;QACnE,MAAM,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAA;QAE5E,mDAAmD;QACnD,2DAA2D;QAC3D,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAC/C,MAAM,gBAAgB,GAAG,CAAC,GAAG,aAAI,CAAA;QACjC,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,gBAAgB,CAAC,CAAA;QAEjE,MAAM,SAAS,GACb,cAAc,GAAG,aAAa,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,aAAa,CAAA;QAEjE,IAAI,SAAS,IAAI,GAAG,EAAE,CAAC;YACrB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,0DAA0D;QAC1D,6DAA6D;QAC7D,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAA;QAEvD,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC;YAC1C,GAAG,EAAE,MAAM;SACZ,CAAC,CAAA;QAEF,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;QAC1D,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,EAAE,CAClC,OAAO,CAAC,GAAG,CAAC;gBACV,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE;oBAChC,EAAE;oBACF,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;oBAClC,MAAM;iBACP,CAAC;gBACF,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,CAAC,WAAW,CAAC;aACjE,CAAC,CACH,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAA;YACpC,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU;QACjC,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;IAC7C,CAAC;IAED,QAAQ;IACR,aAAa;IAEb,KAAK,CAAC,KAAK,CAAC,EACV,UAAU,EACV,QAAQ,GAIT;QAKC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACxB,IAAI,CAAC;YACH,MAAM,oBAAoB,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;YAErD,MAAM,IAAI,GAAG,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC7C,CAAC,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,oBAAoB,EAAE;oBACjD,kBAAkB,EAAE,IAAI;oBACxB,gBAAgB,EAAE,IAAI;iBACvB,CAAC;gBACJ,CAAC,CAAC,IAAA,0BAAoB,EAAC,oBAAoB,CAAC;oBAC1C,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,EAAE;wBAC1C,kBAAkB,EAAE,IAAI;wBACxB,gBAAgB,EAAE,IAAI;qBACvB,CAAC;oBACJ,CAAC,CAAC,IAAI,CAAA;YAEV,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,+BAAiB,CAAC,gCAAgC,CAAC,CAAA;YAC/D,CAAC;YACD,MAAM,aAAa,GAAG,IAAA,gBAAW,EAAC,IAAI,CAAC,CAAA;YAEvC,IAAI,WAAW,GAAoC,IAAI,CAAA;YACvD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CACvD,IAAI,CAAC,GAAG,EACR,QAAQ,CACT,CAAA;YACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,8DAA8D;gBAC9D,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAC1C,CAAC;gBACD,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;gBAC9D,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;oBACzB,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAC1C,CAAC;YACH,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,CAAA;QAC7C,CAAC;gBAAS,CAAC;YACT,0BAA0B;YAC1B,MAAM,IAAA,aAAI,EAAC,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,CAAA;QACxC,CAAC;IACH,CAAC;IAED,YAAY;IACZ,aAAa;IAEb,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,IAAY,EAAE,UAAmB;QACvE,OAAO,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,CAAC,CAAA;IACnE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,GAAc;QACnC,OAAO,QAAQ,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,GAAc,EACd,WAAmB;QAEnB,OAAO,QAAQ,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,GAAc,EACd,WAAmB;QAEnB,OAAO,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,IAAY;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,QAAQ,CAAC,iBAAiB,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC;YAC5C,IAAI,CAAC,6BAA6B,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC;SACrD,CAAC,CACH,CAAA;IACH,CAAC;IAED,UAAU;IACV,aAAa;IAEb,KAAK,CAAC,uBAAuB,CAAC,IAAY;QACxC,OAAO,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,QAAgD,EAChD,QAAgB;QAEhB,OAAO,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,UAAkB,EAClB,KAAe,EACf,aAAqB,EACrB,QAAe;QAEf,OAAO,MAAM,CAAC,wBAAwB,CACpC,IAAI,CAAC,EAAE,EACP,UAAU,EACV,KAAK,EACL,aAAa,EACb,QAAQ,CACT,CAAA;IACH,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,GAAc;QACzC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAA;QACvE,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAiB;QAC7C,OAAO,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACrD,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAiB;QAC7C,OAAO,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAAe;QACtC,OAAO,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,GAAc,EAAE,QAAiB;QAC/D,OAAO,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAA;IACjE,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAA6C;QACpE,OAAO,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACjD,CAAC;IAED,eAAe;IACf,aAAa;IAEb,KAAK,CAAC,gBAAgB,CAAC,GAAc,EAAE,OAA0B;QAC/D,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC3D,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,GAAc,EACd,OAA0B,EAC1B,KAAa;QAEb,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,+BAA+B,CACnC,GAAc,EACd,OAA0B,EAC1B,KAAa;QAEb,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAA;QAC/D,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC1D,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAuC;QACxD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;QAC3B,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE,KAAK,CAAC,CAAA;QACvE,MAAM,GAAG,GAAG,IAAA,8BAAqB,GAAE,CAAA;QACnC,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,EAAE,CAClC,OAAO,CAAC,GAAG,CAAC;YACV,UAAU,CAAC,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,eAAe,CAAC;YACxD,OAAO,CAAC,mBAAmB,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SAC7C,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,IAAuC;QACvD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;QAC3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,EAAE,CAClC,OAAO,CAAC,GAAG,CAAC;YACV,OAAO,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,CAAC;YACtC,UAAU,CAAC,oBAAoB,CAAC,KAAK,EAAE,GAAG,CAAC;SAC5C,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAyC;QAC3D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,0BAA0B,CACrD,IAAI,CAAC,EAAE,EACP,gBAAgB,EAChB,IAAI,CAAC,KAAK,CACX,CAAA;QACD,MAAM,IAAI,CAAC,qBAAqB,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAA;QAElE,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAA0C;QACpE,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QACpB,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACjE,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,QAAQ,CAAC,kBAAkB,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,cAAc,EAAE,CAAC;YAC3D,UAAU,CAAC,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,gBAAgB,CAAC;YACzD,IAAI,CAAC,wBAAwB,CAAC,KAAK,EAAE,GAAG,CAAC;SAC1C,CAAC,CACH,CAAA;IACH,CAAC;CACF;AAthBD,wCAshBC","sourcesContent":["import { KeyObject } from 'node:crypto'\nimport { HOUR, wait } from '@atproto/common'\nimport { IdResolver } from '@atproto/identity'\nimport {\n AtIdentifierString,\n DidString,\n HandleString,\n isAtIdentifierString,\n} from '@atproto/lex'\nimport { Cid } from '@atproto/lex-data'\nimport { currentDatetimeString, isValidTld } from '@atproto/syntax'\nimport { AuthRequiredError, InvalidRequestError } from '@atproto/xrpc-server'\nimport { AuthScope } from '../auth-scope'\nimport { softDeleted } from '../db'\nimport { hasExplicitSlur } from '../handle/explicit-slurs'\nimport {\n baseNormalizeAndValidate,\n ensureHandleServiceConstraints,\n isServiceDomain,\n} from '../handle/index'\nimport { com } from '../lexicons/index.js'\nimport { AccountDb, EmailTokenPurpose, getDb, getMigrator } from './db'\nimport * as account from './helpers/account'\nimport { AccountStatus, ActorAccount } from './helpers/account'\nimport * as auth from './helpers/auth'\nimport * as emailToken from './helpers/email-token'\nimport * as invite from './helpers/invite'\nimport * as password from './helpers/password'\nimport * as repo from './helpers/repo'\nimport * as scrypt from './helpers/scrypt'\nimport * as token from './helpers/token'\n\nexport { AccountStatus, formatAccountStatus } from './helpers/account'\n\n/**\n * Thrown by {@link AccountManager.login} when the identifier resolved to a\n * known account but the supplied credentials (account password / app\n * password) did not match. The matched `did` is attached so downstream\n * callers can distinguish \"identifier known, credentials wrong\" from\n * \"identifier unknown\" (which continues to throw a plain\n * {@link AuthRequiredError}).\n *\n * Callers should take care that remote clients *cannot* distinguish the above,\n * to prevent enumeration attacks. (Tested for in\n * packages/pds/tests/auth.test.ts)\n */\nexport class InvalidPasswordError extends AuthRequiredError {\n constructor(\n public readonly did: string,\n errorMessage = 'Invalid identifier or password',\n ) {\n super(errorMessage)\n }\n}\n\nexport type AccountManagerDbConfig = {\n accountDbLoc: string\n disableWalAutoCheckpoint: boolean\n}\n\nexport class AccountManager {\n readonly db: AccountDb\n\n constructor(\n readonly idResolver: IdResolver,\n readonly jwtKey: KeyObject,\n readonly serviceDid: string,\n readonly serviceHandleDomains: string[],\n db: AccountManagerDbConfig,\n ) {\n this.db = getDb(db.accountDbLoc, db.disableWalAutoCheckpoint)\n }\n\n async migrateOrThrow() {\n await this.db.ensureWal()\n await getMigrator(this.db).migrateToLatestOrThrow()\n }\n\n close() {\n this.db.close()\n }\n\n // Account\n // ----------\n\n async getAccount(\n handleOrDid: AtIdentifierString,\n flags?: account.AvailabilityFlags,\n ): Promise<ActorAccount | null> {\n return account.getAccount(this.db, handleOrDid, flags)\n }\n\n async getAccounts(\n dids: DidString[],\n flags?: account.AvailabilityFlags,\n ): Promise<Map<string, ActorAccount>> {\n return account.getAccounts(this.db, dids, flags)\n }\n\n async getAccountByEmail(\n email: string,\n flags?: account.AvailabilityFlags,\n ): Promise<ActorAccount | null> {\n return account.getAccountByEmail(this.db, email, flags)\n }\n\n async isAccountActivated(did: DidString): Promise<boolean> {\n const account = await this.getAccount(did, { includeDeactivated: true })\n if (!account) return false\n return !account.deactivatedAt\n }\n\n async getDidForActor(\n handleOrDid: AtIdentifierString,\n flags?: account.AvailabilityFlags,\n ): Promise<string | null> {\n const got = await this.getAccount(handleOrDid, flags)\n return got?.did ?? null\n }\n\n async getAccountStatus(\n handleOrDid: AtIdentifierString,\n ): Promise<AccountStatus> {\n const got = await this.getAccount(handleOrDid, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n const res = account.formatAccountStatus(got)\n return res.active ? AccountStatus.Active : res.status\n }\n\n async normalizeAndValidateHandle(\n handle: string,\n {\n did,\n allowAnyValid,\n }: {\n did?: string\n allowAnyValid?: boolean\n } = {},\n ): Promise<HandleString> {\n const normalized = baseNormalizeAndValidate(handle)\n\n // tld validation\n if (!isValidTld(normalized)) {\n throw new InvalidRequestError(\n 'Handle TLD is invalid or disallowed',\n 'InvalidHandle',\n )\n }\n // slur check\n if (!allowAnyValid && hasExplicitSlur(normalized)) {\n throw new InvalidRequestError(\n 'Inappropriate language in handle',\n 'InvalidHandle',\n )\n }\n if (isServiceDomain(normalized, this.serviceHandleDomains)) {\n // verify constraints on a service domain\n ensureHandleServiceConstraints(\n normalized,\n this.serviceHandleDomains,\n allowAnyValid,\n )\n } else {\n if (did == null) {\n throw new InvalidRequestError(\n 'Not a supported handle domain',\n 'UnsupportedDomain',\n )\n }\n // verify resolution of a non-service domain\n const resolvedDid = await this.idResolver.handle.resolve(normalized)\n if (resolvedDid !== did) {\n throw new InvalidRequestError('External handle did not resolve to DID')\n }\n }\n\n return normalized\n }\n\n async createAccount({\n did,\n handle,\n email,\n password,\n repoCid,\n repoRev,\n inviteCode,\n deactivated,\n refreshJwt,\n }: {\n did: DidString\n handle: HandleString\n email?: string\n password?: string\n repoCid: Cid\n repoRev: string\n inviteCode?: string\n deactivated?: boolean\n refreshJwt?: string\n }) {\n if (password && password.length > scrypt.NEW_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError('Password too long')\n }\n\n const passwordScrypt = password\n ? await scrypt.genSaltAndHash(password)\n : undefined\n\n const now = currentDatetimeString()\n await this.db.transaction(async (dbTxn) => {\n if (inviteCode) {\n await invite.ensureInviteIsAvailable(dbTxn, inviteCode)\n }\n await Promise.all([\n account.registerActor(dbTxn, { did, handle, deactivated }),\n email && passwordScrypt\n ? account.registerAccount(dbTxn, { did, email, passwordScrypt })\n : Promise.resolve(),\n invite.recordInviteUse(dbTxn, {\n did,\n inviteCode,\n now,\n }),\n refreshJwt &&\n auth.storeRefreshToken(\n dbTxn,\n auth.decodeRefreshToken(refreshJwt),\n null,\n ),\n repo.updateRoot(dbTxn, did, repoCid, repoRev),\n ])\n })\n }\n\n async createAccountAndSession(opts: {\n did: DidString\n handle: HandleString\n email?: string\n password?: string\n repoCid: Cid\n repoRev: string\n inviteCode?: string\n deactivated?: boolean\n }) {\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did: opts.did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: AuthScope.Access,\n })\n\n await this.createAccount({ ...opts, refreshJwt })\n\n return { accessJwt, refreshJwt }\n }\n\n // @NOTE should always be paired with a sequenceHandle().\n // the token output from this method should be passed to sequenceHandle().\n async updateHandle(did: DidString, handle: HandleString) {\n return account.updateHandle(this.db, did, handle)\n }\n\n async deleteAccount(did: DidString) {\n return account.deleteAccount(this.db, did)\n }\n\n async takedownAccount(\n did: DidString,\n takedown: com.atproto.admin.defs.StatusAttr,\n ) {\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n account.updateAccountTakedownStatus(dbTxn, did, takedown),\n auth.revokeRefreshTokensByDid(dbTxn, did),\n token.removeByDidQB(dbTxn, did).execute(),\n ]),\n )\n }\n\n async getAccountAdminStatus(did: DidString) {\n return account.getAccountAdminStatus(this.db, did)\n }\n\n async updateRepoRoot(did: DidString, cid: Cid, rev: string) {\n return repo.updateRoot(this.db, did, cid, rev)\n }\n\n async deactivateAccount(did: DidString, deleteAfter: string | null) {\n return account.deactivateAccount(this.db, did, deleteAfter)\n }\n\n async activateAccount(did: DidString) {\n return account.activateAccount(this.db, did)\n }\n\n // Auth\n // ----------\n\n async createSession(\n did: DidString,\n appPassword: password.AppPassDescript | null,\n isSoftDeleted = false,\n ) {\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: auth.formatScope(appPassword, isSoftDeleted),\n })\n // For soft deleted accounts don't store refresh token so that it can't be rotated.\n if (!isSoftDeleted) {\n const refreshPayload = auth.decodeRefreshToken(refreshJwt)\n await auth.storeRefreshToken(this.db, refreshPayload, appPassword)\n }\n return { accessJwt, refreshJwt }\n }\n\n async rotateRefreshToken(id: string) {\n const token = await auth.getRefreshToken(this.db, id)\n if (!token) return null\n\n const now = new Date()\n\n // take the chance to tidy all of a user's expired tokens\n // does not need to be transactional since this is just best-effort\n await auth.deleteExpiredRefreshTokens(this.db, token.did, now.toISOString())\n\n // Shorten the refresh token lifespan down from its\n // original expiration time to its revocation grace period.\n const prevExpiresAt = new Date(token.expiresAt)\n const REFRESH_GRACE_MS = 2 * HOUR\n const graceExpiresAt = new Date(now.getTime() + REFRESH_GRACE_MS)\n\n const expiresAt =\n graceExpiresAt < prevExpiresAt ? graceExpiresAt : prevExpiresAt\n\n if (expiresAt <= now) {\n return null\n }\n\n // Determine the next refresh token id: upon refresh token\n // reuse you always receive a refresh token with the same id.\n const nextId = token.nextId ?? auth.getRefreshTokenId()\n\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did: token.did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: auth.formatScope(token.appPassword),\n jti: nextId,\n })\n\n const refreshPayload = auth.decodeRefreshToken(refreshJwt)\n try {\n await this.db.transaction((dbTxn) =>\n Promise.all([\n auth.addRefreshGracePeriod(dbTxn, {\n id,\n expiresAt: expiresAt.toISOString(),\n nextId,\n }),\n auth.storeRefreshToken(dbTxn, refreshPayload, token.appPassword),\n ]),\n )\n } catch (err) {\n if (err instanceof auth.ConcurrentRefreshError) {\n return this.rotateRefreshToken(id)\n }\n throw err\n }\n return { accessJwt, refreshJwt }\n }\n\n async revokeRefreshToken(id: string) {\n return auth.revokeRefreshToken(this.db, id)\n }\n\n // Login\n // ----------\n\n async login({\n identifier,\n password,\n }: {\n identifier: string\n password: string\n }): Promise<{\n user: ActorAccount\n appPassword: password.AppPassDescript | null\n isSoftDeleted: boolean\n }> {\n const start = Date.now()\n try {\n const identifierNormalized = identifier.toLowerCase()\n\n const user = identifierNormalized.includes('@')\n ? await this.getAccountByEmail(identifierNormalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n : isAtIdentifierString(identifierNormalized)\n ? await this.getAccount(identifierNormalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n : null\n\n if (!user) {\n throw new AuthRequiredError('Invalid identifier or password')\n }\n const isSoftDeleted = softDeleted(user)\n\n let appPassword: password.AppPassDescript | null = null\n const validAccountPass = await this.verifyAccountPassword(\n user.did,\n password,\n )\n if (!validAccountPass) {\n // takendown/suspended accounts cannot login with app password\n if (isSoftDeleted) {\n throw new InvalidPasswordError(user.did)\n }\n appPassword = await this.verifyAppPassword(user.did, password)\n if (appPassword === null) {\n throw new InvalidPasswordError(user.did)\n }\n }\n\n return { user, appPassword, isSoftDeleted }\n } finally {\n // Mitigate timing attacks\n await wait(350 - (Date.now() - start))\n }\n }\n\n // Passwords\n // ----------\n\n async createAppPassword(did: DidString, name: string, privileged: boolean) {\n return password.createAppPassword(this.db, did, name, privileged)\n }\n\n async listAppPasswords(did: DidString) {\n return password.listAppPasswords(this.db, did)\n }\n\n async verifyAccountPassword(\n did: DidString,\n passwordStr: string,\n ): Promise<boolean> {\n return password.verifyAccountPassword(this.db, did, passwordStr)\n }\n\n async verifyAppPassword(\n did: DidString,\n passwordStr: string,\n ): Promise<password.AppPassDescript | null> {\n return password.verifyAppPassword(this.db, did, passwordStr)\n }\n\n async revokeAppPassword(did: DidString, name: string) {\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n password.deleteAppPassword(dbTxn, did, name),\n auth.revokeAppPasswordRefreshToken(dbTxn, did, name),\n ]),\n )\n }\n\n // Invites\n // ----------\n\n async ensureInviteIsAvailable(code: string) {\n return invite.ensureInviteIsAvailable(this.db, code)\n }\n\n async createInviteCodes(\n toCreate: { account: string; codes: string[] }[],\n useCount: number,\n ) {\n return invite.createInviteCodes(this.db, toCreate, useCount)\n }\n\n async createAccountInviteCodes(\n forAccount: string,\n codes: string[],\n expectedTotal: number,\n disabled: 0 | 1,\n ) {\n return invite.createAccountInviteCodes(\n this.db,\n forAccount,\n codes,\n expectedTotal,\n disabled,\n )\n }\n\n async getAccountInvitesCodes(did: DidString) {\n const inviteCodes = await invite.getAccountsInviteCodes(this.db, [did])\n return inviteCodes.get(did) ?? []\n }\n\n async getAccountsInvitesCodes(dids: DidString[]) {\n return invite.getAccountsInviteCodes(this.db, dids)\n }\n\n async getInvitedByForAccounts(dids: DidString[]) {\n return invite.getInvitedByForAccounts(this.db, dids)\n }\n\n async getInviteCodesUses(codes: string[]) {\n return invite.getInviteCodesUses(this.db, codes)\n }\n\n async setAccountInvitesDisabled(did: DidString, disabled: boolean) {\n return invite.setAccountInvitesDisabled(this.db, did, disabled)\n }\n\n async disableInviteCodes(opts: { codes: string[]; accounts: string[] }) {\n return invite.disableInviteCodes(this.db, opts)\n }\n\n // Email Tokens\n // ----------\n\n async createEmailToken(did: DidString, purpose: EmailTokenPurpose) {\n return emailToken.createEmailToken(this.db, did, purpose)\n }\n\n async assertValidEmailToken(\n did: DidString,\n purpose: EmailTokenPurpose,\n token: string,\n ) {\n return emailToken.assertValidToken(this.db, did, purpose, token)\n }\n\n async assertValidEmailTokenAndCleanup(\n did: DidString,\n purpose: EmailTokenPurpose,\n token: string,\n ) {\n await emailToken.assertValidToken(this.db, did, purpose, token)\n await emailToken.deleteEmailToken(this.db, did, purpose)\n }\n\n async confirmEmail(opts: { did: DidString; token: string }) {\n const { did, token } = opts\n await emailToken.assertValidToken(this.db, did, 'confirm_email', token)\n const now = currentDatetimeString()\n await this.db.transaction((dbTxn) =>\n Promise.all([\n emailToken.deleteEmailToken(dbTxn, did, 'confirm_email'),\n account.setEmailConfirmedAt(dbTxn, did, now),\n ]),\n )\n }\n\n async updateEmail(opts: { did: DidString; email: string }) {\n const { did, email } = opts\n await this.db.transaction((dbTxn) =>\n Promise.all([\n account.updateEmail(dbTxn, did, email),\n emailToken.deleteAllEmailTokens(dbTxn, did),\n ]),\n )\n }\n\n async resetPassword(opts: { password: string; token: string }) {\n const did = await emailToken.assertValidTokenAndFindDid(\n this.db,\n 'reset_password',\n opts.token,\n )\n await this.updateAccountPassword({ did, password: opts.password })\n\n return did\n }\n\n async updateAccountPassword(opts: { did: DidString; password: string }) {\n const { did } = opts\n const passwordScrypt = await scrypt.genSaltAndHash(opts.password)\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n password.updateUserPassword(dbTxn, { did, passwordScrypt }),\n emailToken.deleteEmailToken(dbTxn, did, 'reset_password'),\n auth.revokeRefreshTokensByDid(dbTxn, did),\n ]),\n )\n }\n}\n"]}
package/dist/account-manager/oauth-store.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EACL,YAAY,EAKb,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,OAAO,EACP,YAAY,EACZ,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,IAAI,EACJ,aAAa,EACb,UAAU,EACV,QAAQ,EACR,WAAW,EACX,kBAAkB,EAIlB,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,GAAG,EACH,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,iBAAiB,EAClB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAA;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAE/C,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAA;AAE5D,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,EAAE,SAAS,EAAyB,MAAM,cAAc,CAAA;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAYlD;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU;IAG1E,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;gBATd,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI;IAGhD,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,uBAAuB;YAavB,gBAAgB;IAYxB,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAiF1B,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC;IA4BvC,mBAAmB,CACvB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,IAAI,CAAC;IAIV,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;QAClC,OAAO,EAAE,OAAO,CAAA;QAChB,iBAAiB,EAAE,iBAAiB,CAAA;KACrC,CAAC;IAmBI,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnE,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAoB1B,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAMhE,kBAAkB,CACtB,MAAM,EAAE;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG;QAAE,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAC5C,OAAO,CAAC,aAAa,EAAE,CAAC;IA+BrB,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACN,EAAE,yBAAyB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAuBhD,oBAAoB,CACxB,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAkBpB,wBAAwB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAkC7D,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAM9D,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAiBvD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAMpE,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IASlE,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAMjE,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC;IAK1D,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC;IAMV,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAItD,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5D,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM1C,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC;IAgBV,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAKjD,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAOtD,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAK5C,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC;IA6BV,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAatB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;YAK9C,WAAW;YAWX,YAAY;CAmC3B"}
1
+ {"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EACL,YAAY,EAKb,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,OAAO,EACP,YAAY,EACZ,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,IAAI,EACJ,aAAa,EACb,UAAU,EACV,QAAQ,EACR,WAAW,EACX,kBAAkB,EAKlB,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,GAAG,EACH,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,iBAAiB,EAClB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAA;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAE/C,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAA;AAE5D,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,EAAE,SAAS,EAAyB,MAAM,cAAc,CAAA;AAC/D,OAAO,EAAE,cAAc,EAAwB,MAAM,mBAAmB,CAAA;AAYxE;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU;IAG1E,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;gBATd,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI;IAGhD,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,uBAAuB;YAavB,gBAAgB;IAYxB,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAiF1B,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC;IAmCvC,mBAAmB,CACvB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,IAAI,CAAC;IAIV,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;QAClC,OAAO,EAAE,OAAO,CAAA;QAChB,iBAAiB,EAAE,iBAAiB,CAAA;KACrC,CAAC;IAmBI,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnE,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAoB1B,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAMhE,kBAAkB,CACtB,MAAM,EAAE;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG;QAAE,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAC5C,OAAO,CAAC,aAAa,EAAE,CAAC;IA+BrB,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACN,EAAE,yBAAyB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAuBhD,oBAAoB,CACxB,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAkBpB,wBAAwB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAkC7D,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAM9D,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAiBvD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAMpE,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IASlE,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAMjE,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC;IAK1D,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC;IAMV,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAItD,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5D,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM1C,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC;IAgBV,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAKjD,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAOtD,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAK5C,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC;IA6BV,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAatB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;YAK9C,WAAW;YAWX,YAAY;CAmC3B"}
package/dist/account-manager/oauth-store.js CHANGED
@@ -46,6 +46,7 @@ const xrpc_server_1 = require("@atproto/xrpc-server");
46
46
  const db_1 = require("../db");
47
47
  const logger_1 = require("../logger");
48
48
  const sequencer_1 = require("../sequencer");
49
+ const account_manager_1 = require("./account-manager");
49
50
  const accountHelper = __importStar(require("./helpers/account"));
50
51
  const account_1 = require("./helpers/account");
51
52
  const accountDeviceHelper = __importStar(require("./helpers/account-device"));
@@ -240,8 +241,15 @@ class OAuthStore {
240
241
  return this.buildAccount(user);
241
242
  }
242
243
  catch (err) {
244
+ // `InvalidPasswordError` is a subclass of `XrpcAuthRequiredError`,
245
+ // so it must be checked first. Surfacing the matched `did` as the
246
+ // `sub` lets the oauth-provider's `onSignInFailed` hook distinguish
247
+ // "identifier known, credentials wrong" from "identifier unknown".
248
+ if (err instanceof account_manager_1.InvalidPasswordError) {
249
+ throw new oauth_provider_1.InvalidCredentialsError(err.message, err.did, err);
250
+ }
243
251
  if (err instanceof xrpc_server_1.AuthRequiredError) {
244
- throw new oauth_provider_1.InvalidRequestError(err.message, err);
252
+ throw new oauth_provider_1.InvalidCredentialsError(err.message, undefined, err);
245
253
  }
246
254
  throw err;
247
255
  }
package/dist/account-manager/oauth-store.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-store.js","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8DAAgC;AAChC,sCAA8D;AAE9D,4CAA2D;AAC3D,sCAMqB;AACrB,4DAgCgC;AAChC,sDAG6B;AAG7B,8BAAmC;AAEnC,sCAAoC;AAEpC,4CAA+D;AAG/D,iEAAkD;AAClD,+CAAiD;AACjD,8EAA+D;AAC/D,mFAAoE;AACpE,oFAAqE;AACrE,+DAAgD;AAChD,iEAAkD;AAClD,6DAA8C;AAC9C,qFAAsE;AAEtE;;;;;GAKG;AACH,MAAa,UAAU;IAGrB,YACmB,cAA8B,EAC9B,UAAsB,EACtB,eAAgC,EAChC,eAAgC,EAChC,MAAoB,EACpB,SAAoB,EACpB,SAAiB,EACjB,cAAuB,EACvB,SAAiB,EACjB,cAA6B;QAT9C;;;;mBAAiB,cAAc;WAAgB;QAC/C;;;;mBAAiB,UAAU;WAAY;QACvC;;;;mBAAiB,eAAe;WAAiB;QACjD;;;;mBAAiB,eAAe;WAAiB;QACjD;;;;mBAAiB,MAAM;WAAc;QACrC;;;;mBAAiB,SAAS;WAAW;QACrC;;;;mBAAiB,SAAS;WAAQ;QAClC;;;;mBAAiB,cAAc;WAAS;QACxC;;;;mBAAiB,SAAS;WAAQ;QAClC;;;;mBAAiB,cAAc;WAAe;IAC7C,CAAC;IAEJ,IAAY,EAAE;QACZ,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,cAAc,CAAA;QAClC,IAAI,EAAE,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAY,UAAU;QACpB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAA;IACvC,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,KAAa;QACjD,4EAA4E;QAE5E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,oCAAmB,CAAC,qBAAqB,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,IAAY;QACzC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QACzD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,iCAAuB,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;YAClE,MAAM,IAAI,uCAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAChD,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACG;QACX,uGAAuG;QACvG,yEAAyE;QAEzE,IAAA,qBAAM,EAAC,IAAA,oBAAc,EAAC,MAAM,CAAC,EAAE,qCAAqC,CAAC,CAAA;QAErE,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC;YACnC,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC;YACrC,CAAC,UAAU,IAAI,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC;SACjD,CAAC,CAAA;QAEF,4EAA4E;QAC5E,gEAAgE;QAEhE,MAAM,UAAU,GAAG,MAAM,yBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;QACtE,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAA;QAEtC,MAAM,SAAS,GAAG,MAAM,IAAA,cAAW,EAAC;YAClC,UAAU,EAAE,aAAa;YACzB,YAAY,EAAE,IAAI,CAAC,cAAc;gBAC/B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;gBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;YAC/B,MAAM;YACN,GAAG,EAAE,IAAI,CAAC,SAAS;YACnB,MAAM,EAAE,IAAI,CAAC,cAAc;SAC5B,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,SAAS,CAAA;QAC7B,IAAA,qBAAM,EAAC,IAAA,iBAAW,EAAC,GAAG,CAAC,EAAE,wCAAwC,CAAC,CAAA;QAElE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;YAC7C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,CAC9D,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAC7B,CAAA;gBAED,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;gBAE3C,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;oBACtC,GAAG;oBACH,MAAM;oBACN,KAAK;oBACL,QAAQ;oBACR,UAAU;oBACV,OAAO,EAAE,MAAM,CAAC,GAAG;oBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;iBACpB,CAAC,CAAA;gBACF,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;oBACrD,MAAM,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE,uBAAa,CAAC,MAAM,CAAC,CAAA;oBAClE,MAAM,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;oBAChD,MAAM,IAAI,CAAC,SAAS,CAAC,eAAe,CAClC,GAAG,EACH,IAAA,iCAAqB,EAAC,MAAM,CAAC,CAC9B,CAAA;oBACD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;oBACrE,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAA;oBAE9D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;oBACzD,IAAI,CAAC,OAAO;wBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAA;oBAElD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;gBACzC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;oBACtC,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAClC,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,0BAA0B;YAC1B,IAAI,GAAG,YAAY,iCAAuB,EAAE,CAAC;gBAC3C,MAAM,IAAI,oCAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACjD,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ;IACR,kCAAkC;IAClC,QAAQ,GAAG,SAAS,GACI;QACxB,0EAA0E;QAC1E,IAAI,CAAC;YACH,sBAAsB;YACtB,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,GACxC,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAA;YAE3D,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,IAAI,oCAAmB,CAAC,wBAAwB,CAAC,CAAA;YACzD,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,oCAAmB,CAAC,+BAA+B,CAAC,CAAA;YAChE,CAAC;YAED,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,+BAAqB,EAAE,CAAC;gBACzC,MAAM,IAAI,oCAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACjD,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,GAAQ,EACR,QAAkB,EAClB,IAA0B;QAE1B,MAAM,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;IACnE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAQ;QAIvB,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,UAAU,CAC/C,IAAI,CAAC,EAAE;QACP,0EAA0E;QAC1E,IAAA,0BAAoB,EAAC,GAAG,CAAC,EACzB,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAC7B,CAAA;QAED,IAAA,qBAAM,EAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAA;QACnD,MAAM,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,oBAAoB,CACzE,IAAI,CAAC,EAAE,EACP,GAAG,CACJ,CAAA;QAED,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAA;IACvC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAW;QACvD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CACrD,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,GAAW;QAEX,MAAM,GAAG,GAAG,MAAM,mBAAmB;aAClC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,OAAO;YACL,QAAQ;YACR,UAAU,EAAE,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC;YAC7C,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,iBAAiB,EAAE,MAAM,sBAAsB,CAAC,oBAAoB,CAClE,IAAI,CAAC,EAAE,EACP,GAAG,CACJ;YACD,SAAS,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,WAAW,CAAC;YACvC,SAAS,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,WAAW,CAAC;SACxC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAQ;QACpD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CACrD,CAAA;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,MAA6C;QAE7C,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,OAAO,EAAE,CAAA;QAE1E,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;QAE3D,sDAAsD;QACtD,MAAM,QAAQ,GAAG,IAAI,GAAG,CACtB,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,EAA2B,EAAE;YAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAE,CAAA;YAC5C,OAAO,CAAC,GAAG,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QAC5C,CAAC,CAAC,CACH,CACF,CAAA;QAED,MAAM,oBAAoB,GACxB,MAAM,sBAAsB,CAAC,yBAAyB,CACpD,IAAI,CAAC,EAAE,EACP,UAAU,CACX,CAAA;QAEH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACxB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,UAAU,EAAE,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC;YAC7C,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE;YAC/B,iBAAiB,EAAE,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE;YACrD,SAAS,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,WAAW,CAAC;YACvC,SAAS,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,WAAW,CAAC;SACxC,CAAC,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACqB;QAC1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,OAAO,IAAI,CAAA;QAEpD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CACtD,OAAO,CAAC,GAAG,EACX,gBAAgB,CACjB,CAAA;QAED,+DAA+D;QAC/D,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CACjC,EAAE,MAAM,EAAE,KAAK,EAAE,EACjB,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,CACtB,CAAA;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,IAA+B;QAE/B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;YACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACxD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YAEF,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iCAAuB,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAA;YACb,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,MAAoB;QACjD,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,UAAU,GACd,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAA;YAE9D,uEAAuE;YACvE,sEAAsE;YACtE,WAAW;YACX,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,MAAM,IAAI,uCAAsB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAC9D,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,UAAU,EAAE;gBAC/D,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,uCAAsB,CAAC,OAAO,CAAC,CAAA;YAC3C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iCAAuB,EAAE,CAAC;gBAC3C,MAAM,GAAG,CAAC,eAAe,KAAK,oBAAoB;oBAChD,CAAC,CAAC,IAAI,uCAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC;oBAClD,CAAC,CAAC,IAAI,uCAAsB,CAAC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAiB;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAC9C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAa;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;YAC1E,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAA;YACrB,OAAO,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QAChD,CAAC;gBAAS,CAAC;YACT,0EAA0E;YAC1E,0EAA0E;YAC1E,2BAA2B;YAC3B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAC9C,CAAA;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAuB;QACxD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAC9C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa;QAC/B,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAU;QACjC,MAAM,GAAG,GAAG,MAAM,iBAAiB;aAChC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC;aAC9B,gBAAgB,EAAE,CAAA;QACrB,OAAO,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACpE,CAAC;IAED,cAAc;IAEd,KAAK,CAAC,YAAY,CAAC,QAAkB,EAAE,IAAgB;QACrD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAkB;QACjC,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC3E,OAAO,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAAkB,EAClB,IAAyB;QAEzB,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAkB;QACnC,+DAA+D;QAC/D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,WAAW,CAAC,IAAY;QAC5B,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IAC1C,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,IAAiB;QAChD,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAY;QAC9B,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IAC5C,CAAC;IAED,aAAa;IAEb,KAAK,CAAC,WAAW,CACf,EAAW,EACX,IAAe,EACf,YAA2B;QAE3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,sBAAsB;qBAC3C,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC;qBAC5B,uBAAuB,EAAE,CAAA;gBAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;gBACjD,CAAC;YACH,CAAC;YAED,OAAO,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,OAAO,EAAE,CAAA;QACtE,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAQ;QAC9B,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,CAAA;QACxE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAgB;QAC9B,MAAM,GAAG,GAAG,MAAM,WAAW;aAC1B,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;aAC9B,gBAAgB,EAAE,CAAA;QACrB,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAgB;QAChC,6DAA6D;QAC7D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAA;IACxE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAgB,EAChB,UAAmB,EACnB,eAA6B,EAC7B,OAAqB;QAErB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACpD,MAAM,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,MAAM,WAAW;iBAClD,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC;iBAC3B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,sBAAsB;qBACzB,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,mBAAmB,CAAC;qBACxC,OAAO,EAAE,CAAA;YACd,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,sBAAsB;iBAC3C,OAAO,CAAC,KAAK,EAAE,eAAe,CAAC;iBAC/B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,iEAAiE;gBACjE,OAAO,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;YACtD,CAAC;YAED,MAAM,WAAW;iBACd,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,OAAO,CAAC;iBACzD,OAAO,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,IAAI,GAAG;YAAE,MAAM,GAAG,CAAA;IACpB,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,YAA0B;QAE1B,MAAM,IAAI,GAAG,MAAM,sBAAsB;aACtC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,MAAM,MAAM,GAAG,IAAI;YACjB,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,OAAO,EAAE;YACtB,CAAC,CAAC,EAAE,mBAAmB,EAAE,YAAY,EAAE,CAAA;QAEzC,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC1E,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAU;QAC9B,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC5E,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,GAA2D;QAE3D,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,OAAO;YACf,IAAI,EAAE,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC;YAClC,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,mBAAmB,EAAE,GAAG,CAAC,mBAAmB;SAC7C,CAAA;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CACxB,GAA+B;QAE/B,MAAM,OAAO,GAAY;YACvB,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,EAAE,IAAI,CAAC,UAAU;YACpB,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,SAAS;YAC7B,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS;YACpE,kBAAkB,EAAE,GAAG,CAAC,MAAM,IAAI,SAAS;SAC5C,CAAA;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAA;YAEvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU;iBAClC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;gBACzB,OAAO,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAA;YACxC,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,iBAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,8BAA8B,CAAC,CAAA;gBACvD,OAAO,IAAI,CAAA,CAAC,uBAAuB;YACrC,CAAC,CAAC,CAAA;YAEJ,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;gBAEvC,OAAO,CAAC,IAAI,KAAZ,OAAO,CAAC,IAAI,GAAK,WAAW,EAAA;gBAC5B,OAAO,CAAC,OAAO,KAAf,OAAO,CAAC,OAAO,GAAK,MAAM;oBACxB,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAA,sBAAgB,EAAC,MAAM,CAAC,CAAC;oBACrE,CAAC,CAAC,SAAS,EAAA;YACf,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AA1jBD,gCA0jBC","sourcesContent":["import assert from 'node:assert'\nimport { Client, createOp as createPlcOp } from '@did-plc/lib'\nimport { Selectable } from 'kysely'\nimport { Keypair, Secp256k1Keypair } from '@atproto/crypto'\nimport {\n HandleString,\n asAtIdentifierString,\n getBlobCidString,\n isDidString,\n isHandleString,\n} from '@atproto/lex'\nimport {\n Account,\n AccountStore,\n AuthenticateAccountData,\n AuthorizedClientData,\n AuthorizedClients,\n ClientId,\n Code,\n DeviceAccount,\n DeviceData,\n DeviceId,\n DeviceStore,\n FoundRequestResult,\n HandleUnavailableError,\n InvalidInviteCodeError,\n InvalidRequestError,\n LexiconData,\n LexiconStore,\n NewTokenData,\n RefreshToken,\n RequestData,\n RequestId,\n RequestStore,\n ResetPasswordConfirmInput,\n ResetPasswordRequestInput,\n SignUpData,\n Sub,\n TokenData,\n TokenId,\n TokenInfo,\n TokenStore,\n UpdateRequestData,\n} from '@atproto/oauth-provider'\nimport {\n AuthRequiredError as XrpcAuthRequiredError,\n InvalidRequestError as XrpcInvalidRequestError,\n} from '@atproto/xrpc-server'\nimport { ActorStore } from '../actor-store/actor-store'\nimport { BackgroundQueue } from '../background'\nimport { fromDateISO } from '../db'\nimport { ImageUrlBuilder } from '../image/image-url-builder'\nimport { dbLogger } from '../logger'\nimport { ServerMailer } from '../mailer'\nimport { Sequencer, syncEvtDataFromCommit } from '../sequencer'\nimport { AccountManager } from './account-manager'\nimport * as schemas from './db/schema'\nimport * as accountHelper from './helpers/account'\nimport { AccountStatus } from './helpers/account'\nimport * as accountDeviceHelper from './helpers/account-device'\nimport * as authRequestHelper from './helpers/authorization-request'\nimport * as authorizedClientHelper from './helpers/authorized-client'\nimport * as deviceHelper from './helpers/device'\nimport * as lexiconHelper from './helpers/lexicon'\nimport * as tokenHelper from './helpers/token'\nimport * as usedRefreshTokenHelper from './helpers/used-refresh-token'\n\n/**\n * This class' purpose is to implement the interface needed by the OAuthProvider\n * to interact with the account database (through the {@link AccountManager}).\n *\n * @note The use of this class assumes that there is no entryway.\n */\nexport class OAuthStore\n implements AccountStore, RequestStore, DeviceStore, LexiconStore, TokenStore\n{\n constructor(\n private readonly accountManager: AccountManager,\n private readonly actorStore: ActorStore,\n private readonly imageUrlBuilder: ImageUrlBuilder,\n private readonly backgroundQueue: BackgroundQueue,\n private readonly mailer: ServerMailer,\n private readonly sequencer: Sequencer,\n private readonly plcClient: Client,\n private readonly plcRotationKey: Keypair,\n private readonly publicUrl: string,\n private readonly recoveryDidKey: string | null,\n ) {}\n\n private get db() {\n const { db } = this.accountManager\n if (db.destroyed) throw new Error('Database connection is closed')\n return db\n }\n\n private get serviceDid() {\n return this.accountManager.serviceDid\n }\n\n private async verifyEmailAvailability(email: string): Promise<void> {\n // @NOTE Email validity & disposability check performed by the OAuthProvider\n\n const account = await this.accountManager.getAccountByEmail(email, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (account) {\n throw new InvalidRequestError(`Email already taken`)\n }\n }\n\n private async verifyInviteCode(code: string) {\n try {\n await this.accountManager.ensureInviteIsAvailable(code)\n } catch (err) {\n const message =\n err instanceof XrpcInvalidRequestError ? err.message : undefined\n throw new InvalidInviteCodeError(message, err)\n }\n }\n\n // AccountStore\n\n async createAccount({\n locale: _locale,\n inviteCode,\n handle,\n email,\n password,\n }: SignUpData): Promise<Account> {\n // @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)\n // @NOTE Password strength & length already enforced by the OAuthProvider\n\n assert(isHandleString(handle), 'Handle must be a valid HandleString')\n\n await Promise.all([\n this.verifyEmailAvailability(email),\n this.verifyHandleAvailability(handle),\n !inviteCode || this.verifyInviteCode(inviteCode),\n ])\n\n // @TODO The code bellow should probably be refactored to be common with the\n // code of the `com.atproto.server.createAccount` XRPC endpoint.\n\n const signingKey = await Secp256k1Keypair.create({ exportable: true })\n const signingKeyDid = signingKey.did()\n\n const plcCreate = await createPlcOp({\n signingKey: signingKeyDid,\n rotationKeys: this.recoveryDidKey\n ? [this.recoveryDidKey, this.plcRotationKey.did()]\n : [this.plcRotationKey.did()],\n handle,\n pds: this.publicUrl,\n signer: this.plcRotationKey,\n })\n\n const { did, op } = plcCreate\n assert(isDidString(did), 'Generated DID is not a valid DidString')\n\n try {\n await this.actorStore.create(did, signingKey)\n try {\n const commit = await this.actorStore.transact(did, (actorTxn) =>\n actorTxn.repo.createRepo([]),\n )\n\n await this.plcClient.sendOperation(did, op)\n\n await this.accountManager.createAccount({\n did,\n handle,\n email,\n password,\n inviteCode,\n repoCid: commit.cid,\n repoRev: commit.rev,\n })\n try {\n await this.sequencer.sequenceIdentityEvt(did, handle)\n await this.sequencer.sequenceAccountEvt(did, AccountStatus.Active)\n await this.sequencer.sequenceCommit(did, commit)\n await this.sequencer.sequenceSyncEvt(\n did,\n syncEvtDataFromCommit(commit),\n )\n await this.accountManager.updateRepoRoot(did, commit.cid, commit.rev)\n await this.actorStore.clearReservedKeypair(signingKeyDid, did)\n\n const account = await this.accountManager.getAccount(did)\n if (!account) throw new Error('Account not found')\n\n return await this.buildAccount(account)\n } catch (err) {\n this.accountManager.deleteAccount(did)\n throw err\n }\n } catch (err) {\n await this.actorStore.destroy(did)\n throw err\n }\n } catch (err) {\n // XrpcError => OAuthError\n if (err instanceof XrpcInvalidRequestError) {\n throw new InvalidRequestError(err.message, err)\n }\n throw err\n }\n }\n\n async authenticateAccount({\n locale: _locale,\n username: identifier,\n password,\n // Not supported by the PDS (yet?)\n emailOtp = undefined,\n }: AuthenticateAccountData): Promise<Account> {\n // @TODO (?) Send an email to the user to notify them of the login attempt\n try {\n // Should never happen\n if (emailOtp != null) {\n throw new Error('Email OTP is not supported')\n }\n\n const { user, appPassword, isSoftDeleted } =\n await this.accountManager.login({ identifier, password })\n\n if (isSoftDeleted) {\n throw new InvalidRequestError('Account was taken down')\n }\n\n if (appPassword) {\n throw new InvalidRequestError('App passwords are not allowed')\n }\n\n return this.buildAccount(user)\n } catch (err) {\n if (err instanceof XrpcAuthRequiredError) {\n throw new InvalidRequestError(err.message, err)\n }\n throw err\n }\n }\n\n async setAuthorizedClient(\n sub: Sub,\n clientId: ClientId,\n data: AuthorizedClientData,\n ): Promise<void> {\n await authorizedClientHelper.upsert(this.db, sub, clientId, data)\n }\n\n async getAccount(sub: Sub): Promise<{\n account: Account\n authorizedClients: AuthorizedClients\n }> {\n const accountRow = await accountHelper.getAccount(\n this.db,\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n asAtIdentifierString(sub),\n { includeDeactivated: true },\n )\n\n assert(accountRow, 'Account not found')\n\n const account = await this.buildAccount(accountRow)\n const authorizedClients = await authorizedClientHelper.getAuthorizedClients(\n this.db,\n sub,\n )\n\n return { account, authorizedClients }\n }\n\n async upsertDeviceAccount(deviceId: DeviceId, sub: string): Promise<void> {\n await this.db.executeWithRetry(\n accountDeviceHelper.upsertQB(this.db, deviceId, sub),\n )\n }\n\n async getDeviceAccount(\n deviceId: DeviceId,\n sub: string,\n ): Promise<DeviceAccount | null> {\n const row = await accountDeviceHelper\n .selectQB(this.db, { deviceId, sub })\n .executeTakeFirst()\n\n if (!row) return null\n\n return {\n deviceId,\n deviceData: deviceHelper.rowToDeviceData(row),\n account: await this.buildAccount(row),\n authorizedClients: await authorizedClientHelper.getAuthorizedClients(\n this.db,\n sub,\n ),\n createdAt: fromDateISO(row.adCreatedAt),\n updatedAt: fromDateISO(row.adUpdatedAt),\n }\n }\n\n async removeDeviceAccount(deviceId: DeviceId, sub: Sub): Promise<void> {\n await this.db.executeWithRetry(\n accountDeviceHelper.removeQB(this.db, deviceId, sub),\n )\n }\n\n async listDeviceAccounts(\n filter: { sub: Sub } | { deviceId: DeviceId },\n ): Promise<DeviceAccount[]> {\n const rows = await accountDeviceHelper.selectQB(this.db, filter).execute()\n\n const uniqueDids = [...new Set(rows.map((row) => row.did))]\n\n // Enrich all distinct account with their profile data\n const accounts = new Map(\n await Promise.all(\n Array.from(uniqueDids, async (did): Promise<[Sub, Account]> => {\n const row = rows.find((r) => r.did === did)!\n return [did, await this.buildAccount(row)]\n }),\n ),\n )\n\n const authorizedClientsMap =\n await authorizedClientHelper.getAuthorizedClientsMulti(\n this.db,\n uniqueDids,\n )\n\n return rows.map((row) => ({\n deviceId: row.deviceId,\n deviceData: deviceHelper.rowToDeviceData(row),\n account: accounts.get(row.did)!,\n authorizedClients: authorizedClientsMap.get(row.did)!,\n createdAt: fromDateISO(row.adCreatedAt),\n updatedAt: fromDateISO(row.adUpdatedAt),\n }))\n }\n\n async resetPasswordRequest({\n locale: _locale,\n email,\n }: ResetPasswordRequestInput): Promise<Account | null> {\n const account = await this.accountManager.getAccountByEmail(email, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (!account?.email || !account?.handle) return null\n\n const { handle } = account\n const token = await this.accountManager.createEmailToken(\n account.did,\n 'reset_password',\n )\n\n // @TODO Use the locale to send the email in the right language\n await this.mailer.sendResetPassword(\n { handle, token },\n { to: account.email },\n )\n\n return this.buildAccount(account)\n }\n\n async resetPasswordConfirm(\n data: ResetPasswordConfirmInput,\n ): Promise<Account | null> {\n try {\n const did = await this.accountManager.resetPassword(data)\n const account = await this.accountManager.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n return account ? this.buildAccount(account) : null\n } catch (err) {\n if (err instanceof XrpcInvalidRequestError) {\n return null\n }\n\n throw err\n }\n }\n\n async verifyHandleAvailability(handle: HandleString): Promise<void> {\n // @NOTE Handle validity & normalization already enforced by the OAuthProvider\n try {\n const normalized =\n await this.accountManager.normalizeAndValidateHandle(handle)\n\n // Should never happen (OAuthProvider should have already validated the\n // handle) This check is just a safeguard against future normalization\n // changes.\n if (normalized !== handle) {\n throw new HandleUnavailableError('syntax', 'Invalid handle')\n }\n\n const account = await this.accountManager.getAccount(normalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (account) {\n throw new HandleUnavailableError('taken')\n }\n } catch (err) {\n if (err instanceof XrpcInvalidRequestError) {\n throw err.customErrorName === 'HandleNotAvailable'\n ? new HandleUnavailableError('taken', err.message)\n : new HandleUnavailableError('syntax', err.message)\n }\n\n throw err\n }\n }\n\n // RequestStore\n\n async createRequest(id: RequestId, data: RequestData): Promise<void> {\n await this.db.executeWithRetry(\n authRequestHelper.createQB(this.db, id, data),\n )\n }\n\n async readRequest(id: RequestId): Promise<RequestData | null> {\n try {\n const row = await authRequestHelper.readQB(this.db, id).executeTakeFirst()\n if (!row) return null\n return authRequestHelper.rowToRequestData(row)\n } finally {\n // Take the opportunity to clean up expired requests. Do this after we got\n // the current (potentially expired) request data to allow the provider to\n // handle expired requests.\n this.backgroundQueue.add(async () => {\n await this.db.executeWithRetry(\n authRequestHelper.removeOldExpiredQB(this.db),\n )\n })\n }\n }\n\n async updateRequest(id: RequestId, data: UpdateRequestData): Promise<void> {\n await this.db.executeWithRetry(\n authRequestHelper.updateQB(this.db, id, data),\n )\n }\n\n async deleteRequest(id: RequestId): Promise<void> {\n await this.db.executeWithRetry(authRequestHelper.removeByIdQB(this.db, id))\n }\n\n async consumeRequestCode(code: Code): Promise<FoundRequestResult | null> {\n const row = await authRequestHelper\n .consumeByCodeQB(this.db, code)\n .executeTakeFirst()\n return row ? authRequestHelper.rowToFoundRequestResult(row) : null\n }\n\n // DeviceStore\n\n async createDevice(deviceId: DeviceId, data: DeviceData): Promise<void> {\n await this.db.executeWithRetry(\n deviceHelper.createQB(this.db, deviceId, data),\n )\n }\n\n async readDevice(deviceId: DeviceId): Promise<null | DeviceData> {\n const row = await deviceHelper.readQB(this.db, deviceId).executeTakeFirst()\n return row ? deviceHelper.rowToDeviceData(row) : null\n }\n\n async updateDevice(\n deviceId: DeviceId,\n data: Partial<DeviceData>,\n ): Promise<void> {\n await this.db.executeWithRetry(\n deviceHelper.updateQB(this.db, deviceId, data),\n )\n }\n\n async deleteDevice(deviceId: DeviceId): Promise<void> {\n // Will cascade to device_account (device_account_device_id_fk)\n await this.db.executeWithRetry(deviceHelper.removeQB(this.db, deviceId))\n }\n\n // LexiconStore\n\n async findLexicon(nsid: string): Promise<LexiconData | null> {\n return lexiconHelper.find(this.db, nsid)\n }\n\n async storeLexicon(nsid: string, data: LexiconData): Promise<void> {\n return lexiconHelper.upsert(this.db, nsid, data)\n }\n\n async deleteLexicon(nsid: string): Promise<void> {\n return lexiconHelper.remove(this.db, nsid)\n }\n\n // TokenStore\n\n async createToken(\n id: TokenId,\n data: TokenData,\n refreshToken?: RefreshToken,\n ): Promise<void> {\n await this.db.transaction(async (dbTxn) => {\n if (refreshToken) {\n const { count } = await usedRefreshTokenHelper\n .countQB(dbTxn, refreshToken)\n .executeTakeFirstOrThrow()\n\n if (count > 0) {\n throw new Error('Refresh token already in use')\n }\n }\n\n return tokenHelper.createQB(dbTxn, id, data, refreshToken).execute()\n })\n }\n\n async listAccountTokens(sub: Sub): Promise<TokenInfo[]> {\n const rows = await tokenHelper.findByQB(this.db, { did: sub }).execute()\n return Promise.all(rows.map((row) => this.toTokenInfo(row)))\n }\n\n async readToken(tokenId: TokenId): Promise<TokenInfo | null> {\n const row = await tokenHelper\n .findByQB(this.db, { tokenId })\n .executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n async deleteToken(tokenId: TokenId): Promise<void> {\n // Will cascade to used_refresh_token (used_refresh_token_fk)\n await this.db.executeWithRetry(tokenHelper.removeQB(this.db, tokenId))\n }\n\n async rotateToken(\n tokenId: TokenId,\n newTokenId: TokenId,\n newRefreshToken: RefreshToken,\n newData: NewTokenData,\n ): Promise<void> {\n const err = await this.db.transaction(async (dbTxn) => {\n const { id, currentRefreshToken } = await tokenHelper\n .forRotateQB(dbTxn, tokenId)\n .executeTakeFirstOrThrow()\n\n if (currentRefreshToken) {\n await usedRefreshTokenHelper\n .insertQB(dbTxn, id, currentRefreshToken)\n .execute()\n }\n\n const { count } = await usedRefreshTokenHelper\n .countQB(dbTxn, newRefreshToken)\n .executeTakeFirstOrThrow()\n\n if (count > 0) {\n // Do NOT throw (we don't want the transaction to be rolled back)\n return new Error('New refresh token already in use')\n }\n\n await tokenHelper\n .rotateQB(dbTxn, id, newTokenId, newRefreshToken, newData)\n .execute()\n })\n\n if (err) throw err\n }\n\n async findTokenByRefreshToken(\n refreshToken: RefreshToken,\n ): Promise<TokenInfo | null> {\n const used = await usedRefreshTokenHelper\n .findByTokenQB(this.db, refreshToken)\n .executeTakeFirst()\n\n const search = used\n ? { id: used.tokenId }\n : { currentRefreshToken: refreshToken }\n\n const row = await tokenHelper.findByQB(this.db, search).executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n async findTokenByCode(code: Code): Promise<TokenInfo | null> {\n const row = await tokenHelper.findByQB(this.db, { code }).executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n private async toTokenInfo(\n row: accountHelper.ActorAccount & Selectable<schemas.Token>,\n ): Promise<TokenInfo> {\n return {\n id: row.tokenId,\n data: tokenHelper.toTokenData(row),\n account: await this.buildAccount(row),\n currentRefreshToken: row.currentRefreshToken,\n }\n }\n\n private async buildAccount(\n row: accountHelper.ActorAccount,\n ): Promise<Account> {\n const account: Account = {\n sub: row.did,\n aud: this.serviceDid,\n email: row.email || undefined,\n email_verified: row.email ? row.emailConfirmedAt != null : undefined,\n preferred_username: row.handle || undefined,\n }\n\n if (!account.name || !account.picture) {\n const did = account.sub\n\n const profile = await this.actorStore\n .read(did, async (store) => {\n return store.record.getProfileRecord()\n })\n .catch((err) => {\n dbLogger.error({ err }, 'Failed to get profile record')\n return null // No need to propagate\n })\n\n if (profile) {\n const { avatar, displayName } = profile\n\n account.name ||= displayName\n account.picture ||= avatar\n ? this.imageUrlBuilder.build('avatar', did, getBlobCidString(avatar))\n : undefined\n }\n }\n\n return account\n }\n}\n"]}
1
+ {"version":3,"file":"oauth-store.js","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8DAAgC;AAChC,sCAA8D;AAE9D,4CAA2D;AAC3D,sCAMqB;AACrB,4DAiCgC;AAChC,sDAG6B;AAG7B,8BAAmC;AAEnC,sCAAoC;AAEpC,4CAA+D;AAC/D,uDAAwE;AAExE,iEAAkD;AAClD,+CAAiD;AACjD,8EAA+D;AAC/D,mFAAoE;AACpE,oFAAqE;AACrE,+DAAgD;AAChD,iEAAkD;AAClD,6DAA8C;AAC9C,qFAAsE;AAEtE;;;;;GAKG;AACH,MAAa,UAAU;IAGrB,YACmB,cAA8B,EAC9B,UAAsB,EACtB,eAAgC,EAChC,eAAgC,EAChC,MAAoB,EACpB,SAAoB,EACpB,SAAiB,EACjB,cAAuB,EACvB,SAAiB,EACjB,cAA6B;QAT9C;;;;mBAAiB,cAAc;WAAgB;QAC/C;;;;mBAAiB,UAAU;WAAY;QACvC;;;;mBAAiB,eAAe;WAAiB;QACjD;;;;mBAAiB,eAAe;WAAiB;QACjD;;;;mBAAiB,MAAM;WAAc;QACrC;;;;mBAAiB,SAAS;WAAW;QACrC;;;;mBAAiB,SAAS;WAAQ;QAClC;;;;mBAAiB,cAAc;WAAS;QACxC;;;;mBAAiB,SAAS;WAAQ;QAClC;;;;mBAAiB,cAAc;WAAe;IAC7C,CAAC;IAEJ,IAAY,EAAE;QACZ,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,cAAc,CAAA;QAClC,IAAI,EAAE,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAA;QAClE,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAY,UAAU;QACpB,OAAO,IAAI,CAAC,cAAc,CAAC,UAAU,CAAA;IACvC,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,KAAa;QACjD,4EAA4E;QAE5E,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,IAAI,oCAAmB,CAAC,qBAAqB,CAAC,CAAA;QACtD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,IAAY;QACzC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;QACzD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GACX,GAAG,YAAY,iCAAuB,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;YAClE,MAAM,IAAI,uCAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAChD,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACG;QACX,uGAAuG;QACvG,yEAAyE;QAEzE,IAAA,qBAAM,EAAC,IAAA,oBAAc,EAAC,MAAM,CAAC,EAAE,qCAAqC,CAAC,CAAA;QAErE,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC;YACnC,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC;YACrC,CAAC,UAAU,IAAI,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC;SACjD,CAAC,CAAA;QAEF,4EAA4E;QAC5E,gEAAgE;QAEhE,MAAM,UAAU,GAAG,MAAM,yBAAgB,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;QACtE,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE,CAAA;QAEtC,MAAM,SAAS,GAAG,MAAM,IAAA,cAAW,EAAC;YAClC,UAAU,EAAE,aAAa;YACzB,YAAY,EAAE,IAAI,CAAC,cAAc;gBAC/B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;gBAClD,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;YAC/B,MAAM;YACN,GAAG,EAAE,IAAI,CAAC,SAAS;YACnB,MAAM,EAAE,IAAI,CAAC,cAAc;SAC5B,CAAC,CAAA;QAEF,MAAM,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,SAAS,CAAA;QAC7B,IAAA,qBAAM,EAAC,IAAA,iBAAW,EAAC,GAAG,CAAC,EAAE,wCAAwC,CAAC,CAAA;QAElE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAA;YAC7C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE,CAC9D,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAC7B,CAAA;gBAED,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;gBAE3C,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;oBACtC,GAAG;oBACH,MAAM;oBACN,KAAK;oBACL,QAAQ;oBACR,UAAU;oBACV,OAAO,EAAE,MAAM,CAAC,GAAG;oBACnB,OAAO,EAAE,MAAM,CAAC,GAAG;iBACpB,CAAC,CAAA;gBACF,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,SAAS,CAAC,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;oBACrD,MAAM,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,EAAE,uBAAa,CAAC,MAAM,CAAC,CAAA;oBAClE,MAAM,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;oBAChD,MAAM,IAAI,CAAC,SAAS,CAAC,eAAe,CAClC,GAAG,EACH,IAAA,iCAAqB,EAAC,MAAM,CAAC,CAC9B,CAAA;oBACD,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;oBACrE,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,aAAa,EAAE,GAAG,CAAC,CAAA;oBAE9D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;oBACzD,IAAI,CAAC,OAAO;wBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAA;oBAElD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;gBACzC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;oBACtC,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAClC,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,0BAA0B;YAC1B,IAAI,GAAG,YAAY,iCAAuB,EAAE,CAAC;gBAC3C,MAAM,IAAI,oCAAmB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YACjD,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ;IACR,kCAAkC;IAClC,QAAQ,GAAG,SAAS,GACI;QACxB,0EAA0E;QAC1E,IAAI,CAAC;YACH,sBAAsB;YACtB,IAAI,QAAQ,IAAI,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;YAC/C,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,GACxC,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAA;YAE3D,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,IAAI,oCAAmB,CAAC,wBAAwB,CAAC,CAAA;YACzD,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,oCAAmB,CAAC,+BAA+B,CAAC,CAAA;YAChE,CAAC;YAED,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,mEAAmE;YACnE,kEAAkE;YAClE,oEAAoE;YACpE,mEAAmE;YACnE,IAAI,GAAG,YAAY,sCAAoB,EAAE,CAAC;gBACxC,MAAM,IAAI,wCAAuB,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;YAC9D,CAAC;YACD,IAAI,GAAG,YAAY,+BAAqB,EAAE,CAAC;gBACzC,MAAM,IAAI,wCAAuB,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,CAAA;YAChE,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,GAAQ,EACR,QAAkB,EAClB,IAA0B;QAE1B,MAAM,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;IACnE,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAQ;QAIvB,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,UAAU,CAC/C,IAAI,CAAC,EAAE;QACP,0EAA0E;QAC1E,IAAA,0BAAoB,EAAC,GAAG,CAAC,EACzB,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAC7B,CAAA;QAED,IAAA,qBAAM,EAAC,UAAU,EAAE,mBAAmB,CAAC,CAAA;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAA;QACnD,MAAM,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,oBAAoB,CACzE,IAAI,CAAC,EAAE,EACP,GAAG,CACJ,CAAA;QAED,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAA;IACvC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAW;QACvD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CACrD,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,GAAW;QAEX,MAAM,GAAG,GAAG,MAAM,mBAAmB;aAClC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA;QAErB,OAAO;YACL,QAAQ;YACR,UAAU,EAAE,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC;YAC7C,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,iBAAiB,EAAE,MAAM,sBAAsB,CAAC,oBAAoB,CAClE,IAAI,CAAC,EAAE,EACP,GAAG,CACJ;YACD,SAAS,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,WAAW,CAAC;YACvC,SAAS,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,WAAW,CAAC;SACxC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,QAAkB,EAAE,GAAQ;QACpD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,CACrD,CAAA;IACH,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,MAA6C;QAE7C,MAAM,IAAI,GAAG,MAAM,mBAAmB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,OAAO,EAAE,CAAA;QAE1E,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;QAE3D,sDAAsD;QACtD,MAAM,QAAQ,GAAG,IAAI,GAAG,CACtB,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,EAA2B,EAAE;YAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAE,CAAA;YAC5C,OAAO,CAAC,GAAG,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QAC5C,CAAC,CAAC,CACH,CACF,CAAA;QAED,MAAM,oBAAoB,GACxB,MAAM,sBAAsB,CAAC,yBAAyB,CACpD,IAAI,CAAC,EAAE,EACP,UAAU,CACX,CAAA;QAEH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACxB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,UAAU,EAAE,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC;YAC7C,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE;YAC/B,iBAAiB,EAAE,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAE;YACrD,SAAS,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,WAAW,CAAC;YACvC,SAAS,EAAE,IAAA,gBAAW,EAAC,GAAG,CAAC,WAAW,CAAC;SACxC,CAAC,CAAC,CAAA;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACqB;QAC1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,EAAE;YACjE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,KAAK,IAAI,CAAC,OAAO,EAAE,MAAM;YAAE,OAAO,IAAI,CAAA;QAEpD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,gBAAgB,CACtD,OAAO,CAAC,GAAG,EACX,gBAAgB,CACjB,CAAA;QAED,+DAA+D;QAC/D,MAAM,IAAI,CAAC,MAAM,CAAC,iBAAiB,CACjC,EAAE,MAAM,EAAE,KAAK,EAAE,EACjB,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,CACtB,CAAA;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,IAA+B;QAE/B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;YACzD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACxD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YAEF,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;QACpD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iCAAuB,EAAE,CAAC;gBAC3C,OAAO,IAAI,CAAA;YACb,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,MAAoB;QACjD,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,UAAU,GACd,MAAM,IAAI,CAAC,cAAc,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAA;YAE9D,uEAAuE;YACvE,sEAAsE;YACtE,WAAW;YACX,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,MAAM,IAAI,uCAAsB,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAA;YAC9D,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,UAAU,EAAE;gBAC/D,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YAEF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,uCAAsB,CAAC,OAAO,CAAC,CAAA;YAC3C,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iCAAuB,EAAE,CAAC;gBAC3C,MAAM,GAAG,CAAC,eAAe,KAAK,oBAAoB;oBAChD,CAAC,CAAC,IAAI,uCAAsB,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC;oBAClD,CAAC,CAAC,IAAI,uCAAsB,CAAC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAA;YACvD,CAAC;YAED,MAAM,GAAG,CAAA;QACX,CAAC;IACH,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAiB;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAC9C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,EAAa;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;YAC1E,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAA;YACrB,OAAO,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;QAChD,CAAC;gBAAS,CAAC;YACT,0EAA0E;YAC1E,0EAA0E;YAC1E,2BAA2B;YAC3B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE;gBAClC,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAC9C,CAAA;YACH,CAAC,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa,EAAE,IAAuB;QACxD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,CAC9C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAAa;QAC/B,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;IAC7E,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAU;QACjC,MAAM,GAAG,GAAG,MAAM,iBAAiB;aAChC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC;aAC9B,gBAAgB,EAAE,CAAA;QACrB,OAAO,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACpE,CAAC;IAED,cAAc;IAEd,KAAK,CAAC,YAAY,CAAC,QAAkB,EAAE,IAAgB;QACrD,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,QAAkB;QACjC,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC3E,OAAO,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAAkB,EAClB,IAAyB;QAEzB,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAC5B,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,CAC/C,CAAA;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,QAAkB;QACnC,+DAA+D;QAC/D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC1E,CAAC;IAED,eAAe;IAEf,KAAK,CAAC,WAAW,CAAC,IAAY;QAC5B,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IAC1C,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,IAAiB;QAChD,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAY;QAC9B,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IAC5C,CAAC;IAED,aAAa;IAEb,KAAK,CAAC,WAAW,CACf,EAAW,EACX,IAAe,EACf,YAA2B;QAE3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,sBAAsB;qBAC3C,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC;qBAC5B,uBAAuB,EAAE,CAAA;gBAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;oBACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAA;gBACjD,CAAC;YACH,CAAC;YAED,OAAO,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC,OAAO,EAAE,CAAA;QACtE,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAQ;QAC9B,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,OAAO,EAAE,CAAA;QACxE,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAgB;QAC9B,MAAM,GAAG,GAAG,MAAM,WAAW;aAC1B,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;aAC9B,gBAAgB,EAAE,CAAA;QACrB,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAgB;QAChC,6DAA6D;QAC7D,MAAM,IAAI,CAAC,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAA;IACxE,CAAC;IAED,KAAK,CAAC,WAAW,CACf,OAAgB,EAChB,UAAmB,EACnB,eAA6B,EAC7B,OAAqB;QAErB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACpD,MAAM,EAAE,EAAE,EAAE,mBAAmB,EAAE,GAAG,MAAM,WAAW;iBAClD,WAAW,CAAC,KAAK,EAAE,OAAO,CAAC;iBAC3B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,mBAAmB,EAAE,CAAC;gBACxB,MAAM,sBAAsB;qBACzB,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,mBAAmB,CAAC;qBACxC,OAAO,EAAE,CAAA;YACd,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,sBAAsB;iBAC3C,OAAO,CAAC,KAAK,EAAE,eAAe,CAAC;iBAC/B,uBAAuB,EAAE,CAAA;YAE5B,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,iEAAiE;gBACjE,OAAO,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;YACtD,CAAC;YAED,MAAM,WAAW;iBACd,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,OAAO,CAAC;iBACzD,OAAO,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;QAEF,IAAI,GAAG;YAAE,MAAM,GAAG,CAAA;IACpB,CAAC;IAED,KAAK,CAAC,uBAAuB,CAC3B,YAA0B;QAE1B,MAAM,IAAI,GAAG,MAAM,sBAAsB;aACtC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,CAAC;aACpC,gBAAgB,EAAE,CAAA;QAErB,MAAM,MAAM,GAAG,IAAI;YACjB,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,OAAO,EAAE;YACtB,CAAC,CAAC,EAAE,mBAAmB,EAAE,YAAY,EAAE,CAAA;QAEzC,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC1E,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,IAAU;QAC9B,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC5E,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC3C,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,GAA2D;QAE3D,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,OAAO;YACf,IAAI,EAAE,WAAW,CAAC,WAAW,CAAC,GAAG,CAAC;YAClC,OAAO,EAAE,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC;YACrC,mBAAmB,EAAE,GAAG,CAAC,mBAAmB;SAC7C,CAAA;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CACxB,GAA+B;QAE/B,MAAM,OAAO,GAAY;YACvB,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,EAAE,IAAI,CAAC,UAAU;YACpB,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,SAAS;YAC7B,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS;YACpE,kBAAkB,EAAE,GAAG,CAAC,MAAM,IAAI,SAAS;SAC5C,CAAA;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAA;YAEvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU;iBAClC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;gBACzB,OAAO,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAA;YACxC,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,iBAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,8BAA8B,CAAC,CAAA;gBACvD,OAAO,IAAI,CAAA,CAAC,uBAAuB;YACrC,CAAC,CAAC,CAAA;YAEJ,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;gBAEvC,OAAO,CAAC,IAAI,KAAZ,OAAO,CAAC,IAAI,GAAK,WAAW,EAAA;gBAC5B,OAAO,CAAC,OAAO,KAAf,OAAO,CAAC,OAAO,GAAK,MAAM;oBACxB,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAA,sBAAgB,EAAC,MAAM,CAAC,CAAC;oBACrE,CAAC,CAAC,SAAS,EAAA;YACf,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AAjkBD,gCAikBC","sourcesContent":["import assert from 'node:assert'\nimport { Client, createOp as createPlcOp } from '@did-plc/lib'\nimport { Selectable } from 'kysely'\nimport { Keypair, Secp256k1Keypair } from '@atproto/crypto'\nimport {\n HandleString,\n asAtIdentifierString,\n getBlobCidString,\n isDidString,\n isHandleString,\n} from '@atproto/lex'\nimport {\n Account,\n AccountStore,\n AuthenticateAccountData,\n AuthorizedClientData,\n AuthorizedClients,\n ClientId,\n Code,\n DeviceAccount,\n DeviceData,\n DeviceId,\n DeviceStore,\n FoundRequestResult,\n HandleUnavailableError,\n InvalidCredentialsError,\n InvalidInviteCodeError,\n InvalidRequestError,\n LexiconData,\n LexiconStore,\n NewTokenData,\n RefreshToken,\n RequestData,\n RequestId,\n RequestStore,\n ResetPasswordConfirmInput,\n ResetPasswordRequestInput,\n SignUpData,\n Sub,\n TokenData,\n TokenId,\n TokenInfo,\n TokenStore,\n UpdateRequestData,\n} from '@atproto/oauth-provider'\nimport {\n AuthRequiredError as XrpcAuthRequiredError,\n InvalidRequestError as XrpcInvalidRequestError,\n} from '@atproto/xrpc-server'\nimport { ActorStore } from '../actor-store/actor-store'\nimport { BackgroundQueue } from '../background'\nimport { fromDateISO } from '../db'\nimport { ImageUrlBuilder } from '../image/image-url-builder'\nimport { dbLogger } from '../logger'\nimport { ServerMailer } from '../mailer'\nimport { Sequencer, syncEvtDataFromCommit } from '../sequencer'\nimport { AccountManager, InvalidPasswordError } from './account-manager'\nimport * as schemas from './db/schema'\nimport * as accountHelper from './helpers/account'\nimport { AccountStatus } from './helpers/account'\nimport * as accountDeviceHelper from './helpers/account-device'\nimport * as authRequestHelper from './helpers/authorization-request'\nimport * as authorizedClientHelper from './helpers/authorized-client'\nimport * as deviceHelper from './helpers/device'\nimport * as lexiconHelper from './helpers/lexicon'\nimport * as tokenHelper from './helpers/token'\nimport * as usedRefreshTokenHelper from './helpers/used-refresh-token'\n\n/**\n * This class' purpose is to implement the interface needed by the OAuthProvider\n * to interact with the account database (through the {@link AccountManager}).\n *\n * @note The use of this class assumes that there is no entryway.\n */\nexport class OAuthStore\n implements AccountStore, RequestStore, DeviceStore, LexiconStore, TokenStore\n{\n constructor(\n private readonly accountManager: AccountManager,\n private readonly actorStore: ActorStore,\n private readonly imageUrlBuilder: ImageUrlBuilder,\n private readonly backgroundQueue: BackgroundQueue,\n private readonly mailer: ServerMailer,\n private readonly sequencer: Sequencer,\n private readonly plcClient: Client,\n private readonly plcRotationKey: Keypair,\n private readonly publicUrl: string,\n private readonly recoveryDidKey: string | null,\n ) {}\n\n private get db() {\n const { db } = this.accountManager\n if (db.destroyed) throw new Error('Database connection is closed')\n return db\n }\n\n private get serviceDid() {\n return this.accountManager.serviceDid\n }\n\n private async verifyEmailAvailability(email: string): Promise<void> {\n // @NOTE Email validity & disposability check performed by the OAuthProvider\n\n const account = await this.accountManager.getAccountByEmail(email, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (account) {\n throw new InvalidRequestError(`Email already taken`)\n }\n }\n\n private async verifyInviteCode(code: string) {\n try {\n await this.accountManager.ensureInviteIsAvailable(code)\n } catch (err) {\n const message =\n err instanceof XrpcInvalidRequestError ? err.message : undefined\n throw new InvalidInviteCodeError(message, err)\n }\n }\n\n // AccountStore\n\n async createAccount({\n locale: _locale,\n inviteCode,\n handle,\n email,\n password,\n }: SignUpData): Promise<Account> {\n // @TODO Send an account creation confirmation email (+verification link) to the user (in their locale)\n // @NOTE Password strength & length already enforced by the OAuthProvider\n\n assert(isHandleString(handle), 'Handle must be a valid HandleString')\n\n await Promise.all([\n this.verifyEmailAvailability(email),\n this.verifyHandleAvailability(handle),\n !inviteCode || this.verifyInviteCode(inviteCode),\n ])\n\n // @TODO The code bellow should probably be refactored to be common with the\n // code of the `com.atproto.server.createAccount` XRPC endpoint.\n\n const signingKey = await Secp256k1Keypair.create({ exportable: true })\n const signingKeyDid = signingKey.did()\n\n const plcCreate = await createPlcOp({\n signingKey: signingKeyDid,\n rotationKeys: this.recoveryDidKey\n ? [this.recoveryDidKey, this.plcRotationKey.did()]\n : [this.plcRotationKey.did()],\n handle,\n pds: this.publicUrl,\n signer: this.plcRotationKey,\n })\n\n const { did, op } = plcCreate\n assert(isDidString(did), 'Generated DID is not a valid DidString')\n\n try {\n await this.actorStore.create(did, signingKey)\n try {\n const commit = await this.actorStore.transact(did, (actorTxn) =>\n actorTxn.repo.createRepo([]),\n )\n\n await this.plcClient.sendOperation(did, op)\n\n await this.accountManager.createAccount({\n did,\n handle,\n email,\n password,\n inviteCode,\n repoCid: commit.cid,\n repoRev: commit.rev,\n })\n try {\n await this.sequencer.sequenceIdentityEvt(did, handle)\n await this.sequencer.sequenceAccountEvt(did, AccountStatus.Active)\n await this.sequencer.sequenceCommit(did, commit)\n await this.sequencer.sequenceSyncEvt(\n did,\n syncEvtDataFromCommit(commit),\n )\n await this.accountManager.updateRepoRoot(did, commit.cid, commit.rev)\n await this.actorStore.clearReservedKeypair(signingKeyDid, did)\n\n const account = await this.accountManager.getAccount(did)\n if (!account) throw new Error('Account not found')\n\n return await this.buildAccount(account)\n } catch (err) {\n this.accountManager.deleteAccount(did)\n throw err\n }\n } catch (err) {\n await this.actorStore.destroy(did)\n throw err\n }\n } catch (err) {\n // XrpcError => OAuthError\n if (err instanceof XrpcInvalidRequestError) {\n throw new InvalidRequestError(err.message, err)\n }\n throw err\n }\n }\n\n async authenticateAccount({\n locale: _locale,\n username: identifier,\n password,\n // Not supported by the PDS (yet?)\n emailOtp = undefined,\n }: AuthenticateAccountData): Promise<Account> {\n // @TODO (?) Send an email to the user to notify them of the login attempt\n try {\n // Should never happen\n if (emailOtp != null) {\n throw new Error('Email OTP is not supported')\n }\n\n const { user, appPassword, isSoftDeleted } =\n await this.accountManager.login({ identifier, password })\n\n if (isSoftDeleted) {\n throw new InvalidRequestError('Account was taken down')\n }\n\n if (appPassword) {\n throw new InvalidRequestError('App passwords are not allowed')\n }\n\n return this.buildAccount(user)\n } catch (err) {\n // `InvalidPasswordError` is a subclass of `XrpcAuthRequiredError`,\n // so it must be checked first. Surfacing the matched `did` as the\n // `sub` lets the oauth-provider's `onSignInFailed` hook distinguish\n // \"identifier known, credentials wrong\" from \"identifier unknown\".\n if (err instanceof InvalidPasswordError) {\n throw new InvalidCredentialsError(err.message, err.did, err)\n }\n if (err instanceof XrpcAuthRequiredError) {\n throw new InvalidCredentialsError(err.message, undefined, err)\n }\n throw err\n }\n }\n\n async setAuthorizedClient(\n sub: Sub,\n clientId: ClientId,\n data: AuthorizedClientData,\n ): Promise<void> {\n await authorizedClientHelper.upsert(this.db, sub, clientId, data)\n }\n\n async getAccount(sub: Sub): Promise<{\n account: Account\n authorizedClients: AuthorizedClients\n }> {\n const accountRow = await accountHelper.getAccount(\n this.db,\n // @TODO @atproto/oauth-provider should strongly type `Sub` as `DidString`\n asAtIdentifierString(sub),\n { includeDeactivated: true },\n )\n\n assert(accountRow, 'Account not found')\n\n const account = await this.buildAccount(accountRow)\n const authorizedClients = await authorizedClientHelper.getAuthorizedClients(\n this.db,\n sub,\n )\n\n return { account, authorizedClients }\n }\n\n async upsertDeviceAccount(deviceId: DeviceId, sub: string): Promise<void> {\n await this.db.executeWithRetry(\n accountDeviceHelper.upsertQB(this.db, deviceId, sub),\n )\n }\n\n async getDeviceAccount(\n deviceId: DeviceId,\n sub: string,\n ): Promise<DeviceAccount | null> {\n const row = await accountDeviceHelper\n .selectQB(this.db, { deviceId, sub })\n .executeTakeFirst()\n\n if (!row) return null\n\n return {\n deviceId,\n deviceData: deviceHelper.rowToDeviceData(row),\n account: await this.buildAccount(row),\n authorizedClients: await authorizedClientHelper.getAuthorizedClients(\n this.db,\n sub,\n ),\n createdAt: fromDateISO(row.adCreatedAt),\n updatedAt: fromDateISO(row.adUpdatedAt),\n }\n }\n\n async removeDeviceAccount(deviceId: DeviceId, sub: Sub): Promise<void> {\n await this.db.executeWithRetry(\n accountDeviceHelper.removeQB(this.db, deviceId, sub),\n )\n }\n\n async listDeviceAccounts(\n filter: { sub: Sub } | { deviceId: DeviceId },\n ): Promise<DeviceAccount[]> {\n const rows = await accountDeviceHelper.selectQB(this.db, filter).execute()\n\n const uniqueDids = [...new Set(rows.map((row) => row.did))]\n\n // Enrich all distinct account with their profile data\n const accounts = new Map(\n await Promise.all(\n Array.from(uniqueDids, async (did): Promise<[Sub, Account]> => {\n const row = rows.find((r) => r.did === did)!\n return [did, await this.buildAccount(row)]\n }),\n ),\n )\n\n const authorizedClientsMap =\n await authorizedClientHelper.getAuthorizedClientsMulti(\n this.db,\n uniqueDids,\n )\n\n return rows.map((row) => ({\n deviceId: row.deviceId,\n deviceData: deviceHelper.rowToDeviceData(row),\n account: accounts.get(row.did)!,\n authorizedClients: authorizedClientsMap.get(row.did)!,\n createdAt: fromDateISO(row.adCreatedAt),\n updatedAt: fromDateISO(row.adUpdatedAt),\n }))\n }\n\n async resetPasswordRequest({\n locale: _locale,\n email,\n }: ResetPasswordRequestInput): Promise<Account | null> {\n const account = await this.accountManager.getAccountByEmail(email, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (!account?.email || !account?.handle) return null\n\n const { handle } = account\n const token = await this.accountManager.createEmailToken(\n account.did,\n 'reset_password',\n )\n\n // @TODO Use the locale to send the email in the right language\n await this.mailer.sendResetPassword(\n { handle, token },\n { to: account.email },\n )\n\n return this.buildAccount(account)\n }\n\n async resetPasswordConfirm(\n data: ResetPasswordConfirmInput,\n ): Promise<Account | null> {\n try {\n const did = await this.accountManager.resetPassword(data)\n const account = await this.accountManager.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n return account ? this.buildAccount(account) : null\n } catch (err) {\n if (err instanceof XrpcInvalidRequestError) {\n return null\n }\n\n throw err\n }\n }\n\n async verifyHandleAvailability(handle: HandleString): Promise<void> {\n // @NOTE Handle validity & normalization already enforced by the OAuthProvider\n try {\n const normalized =\n await this.accountManager.normalizeAndValidateHandle(handle)\n\n // Should never happen (OAuthProvider should have already validated the\n // handle) This check is just a safeguard against future normalization\n // changes.\n if (normalized !== handle) {\n throw new HandleUnavailableError('syntax', 'Invalid handle')\n }\n\n const account = await this.accountManager.getAccount(normalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (account) {\n throw new HandleUnavailableError('taken')\n }\n } catch (err) {\n if (err instanceof XrpcInvalidRequestError) {\n throw err.customErrorName === 'HandleNotAvailable'\n ? new HandleUnavailableError('taken', err.message)\n : new HandleUnavailableError('syntax', err.message)\n }\n\n throw err\n }\n }\n\n // RequestStore\n\n async createRequest(id: RequestId, data: RequestData): Promise<void> {\n await this.db.executeWithRetry(\n authRequestHelper.createQB(this.db, id, data),\n )\n }\n\n async readRequest(id: RequestId): Promise<RequestData | null> {\n try {\n const row = await authRequestHelper.readQB(this.db, id).executeTakeFirst()\n if (!row) return null\n return authRequestHelper.rowToRequestData(row)\n } finally {\n // Take the opportunity to clean up expired requests. Do this after we got\n // the current (potentially expired) request data to allow the provider to\n // handle expired requests.\n this.backgroundQueue.add(async () => {\n await this.db.executeWithRetry(\n authRequestHelper.removeOldExpiredQB(this.db),\n )\n })\n }\n }\n\n async updateRequest(id: RequestId, data: UpdateRequestData): Promise<void> {\n await this.db.executeWithRetry(\n authRequestHelper.updateQB(this.db, id, data),\n )\n }\n\n async deleteRequest(id: RequestId): Promise<void> {\n await this.db.executeWithRetry(authRequestHelper.removeByIdQB(this.db, id))\n }\n\n async consumeRequestCode(code: Code): Promise<FoundRequestResult | null> {\n const row = await authRequestHelper\n .consumeByCodeQB(this.db, code)\n .executeTakeFirst()\n return row ? authRequestHelper.rowToFoundRequestResult(row) : null\n }\n\n // DeviceStore\n\n async createDevice(deviceId: DeviceId, data: DeviceData): Promise<void> {\n await this.db.executeWithRetry(\n deviceHelper.createQB(this.db, deviceId, data),\n )\n }\n\n async readDevice(deviceId: DeviceId): Promise<null | DeviceData> {\n const row = await deviceHelper.readQB(this.db, deviceId).executeTakeFirst()\n return row ? deviceHelper.rowToDeviceData(row) : null\n }\n\n async updateDevice(\n deviceId: DeviceId,\n data: Partial<DeviceData>,\n ): Promise<void> {\n await this.db.executeWithRetry(\n deviceHelper.updateQB(this.db, deviceId, data),\n )\n }\n\n async deleteDevice(deviceId: DeviceId): Promise<void> {\n // Will cascade to device_account (device_account_device_id_fk)\n await this.db.executeWithRetry(deviceHelper.removeQB(this.db, deviceId))\n }\n\n // LexiconStore\n\n async findLexicon(nsid: string): Promise<LexiconData | null> {\n return lexiconHelper.find(this.db, nsid)\n }\n\n async storeLexicon(nsid: string, data: LexiconData): Promise<void> {\n return lexiconHelper.upsert(this.db, nsid, data)\n }\n\n async deleteLexicon(nsid: string): Promise<void> {\n return lexiconHelper.remove(this.db, nsid)\n }\n\n // TokenStore\n\n async createToken(\n id: TokenId,\n data: TokenData,\n refreshToken?: RefreshToken,\n ): Promise<void> {\n await this.db.transaction(async (dbTxn) => {\n if (refreshToken) {\n const { count } = await usedRefreshTokenHelper\n .countQB(dbTxn, refreshToken)\n .executeTakeFirstOrThrow()\n\n if (count > 0) {\n throw new Error('Refresh token already in use')\n }\n }\n\n return tokenHelper.createQB(dbTxn, id, data, refreshToken).execute()\n })\n }\n\n async listAccountTokens(sub: Sub): Promise<TokenInfo[]> {\n const rows = await tokenHelper.findByQB(this.db, { did: sub }).execute()\n return Promise.all(rows.map((row) => this.toTokenInfo(row)))\n }\n\n async readToken(tokenId: TokenId): Promise<TokenInfo | null> {\n const row = await tokenHelper\n .findByQB(this.db, { tokenId })\n .executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n async deleteToken(tokenId: TokenId): Promise<void> {\n // Will cascade to used_refresh_token (used_refresh_token_fk)\n await this.db.executeWithRetry(tokenHelper.removeQB(this.db, tokenId))\n }\n\n async rotateToken(\n tokenId: TokenId,\n newTokenId: TokenId,\n newRefreshToken: RefreshToken,\n newData: NewTokenData,\n ): Promise<void> {\n const err = await this.db.transaction(async (dbTxn) => {\n const { id, currentRefreshToken } = await tokenHelper\n .forRotateQB(dbTxn, tokenId)\n .executeTakeFirstOrThrow()\n\n if (currentRefreshToken) {\n await usedRefreshTokenHelper\n .insertQB(dbTxn, id, currentRefreshToken)\n .execute()\n }\n\n const { count } = await usedRefreshTokenHelper\n .countQB(dbTxn, newRefreshToken)\n .executeTakeFirstOrThrow()\n\n if (count > 0) {\n // Do NOT throw (we don't want the transaction to be rolled back)\n return new Error('New refresh token already in use')\n }\n\n await tokenHelper\n .rotateQB(dbTxn, id, newTokenId, newRefreshToken, newData)\n .execute()\n })\n\n if (err) throw err\n }\n\n async findTokenByRefreshToken(\n refreshToken: RefreshToken,\n ): Promise<TokenInfo | null> {\n const used = await usedRefreshTokenHelper\n .findByTokenQB(this.db, refreshToken)\n .executeTakeFirst()\n\n const search = used\n ? { id: used.tokenId }\n : { currentRefreshToken: refreshToken }\n\n const row = await tokenHelper.findByQB(this.db, search).executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n async findTokenByCode(code: Code): Promise<TokenInfo | null> {\n const row = await tokenHelper.findByQB(this.db, { code }).executeTakeFirst()\n return row ? this.toTokenInfo(row) : null\n }\n\n private async toTokenInfo(\n row: accountHelper.ActorAccount & Selectable<schemas.Token>,\n ): Promise<TokenInfo> {\n return {\n id: row.tokenId,\n data: tokenHelper.toTokenData(row),\n account: await this.buildAccount(row),\n currentRefreshToken: row.currentRefreshToken,\n }\n }\n\n private async buildAccount(\n row: accountHelper.ActorAccount,\n ): Promise<Account> {\n const account: Account = {\n sub: row.did,\n aud: this.serviceDid,\n email: row.email || undefined,\n email_verified: row.email ? row.emailConfirmedAt != null : undefined,\n preferred_username: row.handle || undefined,\n }\n\n if (!account.name || !account.picture) {\n const did = account.sub\n\n const profile = await this.actorStore\n .read(did, async (store) => {\n return store.record.getProfileRecord()\n })\n .catch((err) => {\n dbLogger.error({ err }, 'Failed to get profile record')\n return null // No need to propagate\n })\n\n if (profile) {\n const { avatar, displayName } = profile\n\n account.name ||= displayName\n account.picture ||= avatar\n ? this.imageUrlBuilder.build('avatar', did, getBlobCidString(avatar))\n : undefined\n }\n }\n\n return account\n }\n}\n"]}
package/dist/config/config.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config/config.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAEvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAA;AAKzC,eAAO,MAAM,QAAQ,GAAI,KAAK,iBAAiB,KAAG,YAsVjD,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,aAAa,CAAA;IACtB,EAAE,EAAE,cAAc,CAAA;IAClB,UAAU,EAAE,gBAAgB,CAAA;IAC5B,SAAS,EAAE,iBAAiB,GAAG,mBAAmB,CAAA;IAClD,QAAQ,EAAE,cAAc,CAAA;IACxB,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAA;IAC/B,OAAO,EAAE,aAAa,CAAA;IACtB,KAAK,EAAE,WAAW,GAAG,IAAI,CAAA;IACzB,eAAe,EAAE,WAAW,GAAG,IAAI,CAAA;IACnC,YAAY,EAAE,kBAAkB,CAAA;IAChC,WAAW,EAAE,iBAAiB,GAAG,IAAI,CAAA;IACrC,UAAU,EAAE,gBAAgB,GAAG,IAAI,CAAA;IACnC,aAAa,EAAE,mBAAmB,GAAG,IAAI,CAAA;IACzC,KAAK,EAAE,kBAAkB,GAAG,IAAI,CAAA;IAChC,UAAU,EAAE,gBAAgB,CAAA;IAC5B,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;IAClB,OAAO,EAAE,qBAAqB,CAAA;CAC/B,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,gBAAgB,EAAE,OAAO,CAAA;IACzB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,MAAM,CAAA;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,EAAE,MAAM,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,IAAI,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,WAAW,CAAC,EAAE;QACZ,WAAW,EAAE,MAAM,CAAA;QACnB,eAAe,EAAE,MAAM,CAAA;KACxB,CAAA;CACF,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,eAAe,EAAE,MAAM,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,oBAAoB,EAAE,MAAM,EAAE,CAAA;IAC9B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAA;IAClC,uBAAuB,EAAE,OAAO,CAAA;CACjC,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,eAAe,EAAE,MAAM,CAAA;IACvB,cAAc,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,qBAAqB,EAAE,OAAO,CAAA;IAC9B,eAAe,EAAE,MAAM,CAAA;CACxB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,qBAAqB,EAAE,OAAO,CAAA;IAC9B,UAAU,EAAE,OAAO,CAAA;IACnB,cAAc,EAAE,MAAM,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,eAAe,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAElB;;;;;;OAMG;IACH,gBAAgB,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE,cAAc,CAAA;QACzB,QAAQ,EAAE,aAAa,CAAA;QACvB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;KAC1B,CAAA;CACF,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,CAAC,EAAE,OAAO,MAAM,IAAI,MAAM,EAAE,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,aAAa,GACrB;IACE,QAAQ,EAAE,IAAI,CAAA;IACd,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,EAAE,MAAM,CAAA;CACd,GACD;IACE,QAAQ,EAAE,KAAK,CAAA;CAChB,CAAA;AAEL,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,mBAAmB,EAAE,MAAM,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,gBAAgB,GACxB;IACE,OAAO,EAAE,IAAI,CAAA;IACb,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;CACrB,GACD;IAAE,OAAO,EAAE,KAAK,CAAA;CAAE,CAAA;AAEtB,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA"}
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config/config.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAEvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,OAAO,CAAA;AAKzC,eAAO,MAAM,QAAQ,GAAI,KAAK,iBAAiB,KAAG,YAgWjD,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,aAAa,CAAA;IACtB,EAAE,EAAE,cAAc,CAAA;IAClB,UAAU,EAAE,gBAAgB,CAAA;IAC5B,SAAS,EAAE,iBAAiB,GAAG,mBAAmB,CAAA;IAClD,QAAQ,EAAE,cAAc,CAAA;IACxB,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAA;IAC/B,OAAO,EAAE,aAAa,CAAA;IACtB,KAAK,EAAE,WAAW,GAAG,IAAI,CAAA;IACzB,eAAe,EAAE,WAAW,GAAG,IAAI,CAAA;IACnC,YAAY,EAAE,kBAAkB,CAAA;IAChC,WAAW,EAAE,iBAAiB,GAAG,IAAI,CAAA;IACrC,UAAU,EAAE,gBAAgB,GAAG,IAAI,CAAA;IACnC,aAAa,EAAE,mBAAmB,GAAG,IAAI,CAAA;IACzC,KAAK,EAAE,kBAAkB,GAAG,IAAI,CAAA;IAChC,UAAU,EAAE,gBAAgB,CAAA;IAC5B,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;IAClB,OAAO,EAAE,qBAAqB,CAAA;CAC/B,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,gBAAgB,EAAE,OAAO,CAAA;IACzB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,eAAe,EAAE,MAAM,CAAA;IACvB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,EAAE,MAAM,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,EAAE,IAAI,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,WAAW,CAAC,EAAE;QACZ,WAAW,EAAE,MAAM,CAAA;QACnB,eAAe,EAAE,MAAM,CAAA;KACxB,CAAA;CACF,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,eAAe,EAAE,MAAM,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,oBAAoB,EAAE,MAAM,EAAE,CAAA;IAC9B,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAA;IAClC,uBAAuB,EAAE,OAAO,CAAA;CACjC,CAAA;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,eAAe,EAAE,MAAM,CAAA;IACvB,cAAc,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,qBAAqB,EAAE,OAAO,CAAA;IAC9B,eAAe,EAAE,MAAM,CAAA;CACxB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,qBAAqB,EAAE,OAAO,CAAA;IAC9B,UAAU,EAAE,OAAO,CAAA;IACnB,cAAc,EAAE,MAAM,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,eAAe,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAElB;;;;;;OAMG;IACH,gBAAgB,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE,cAAc,CAAA;QACzB,QAAQ,EAAE,aAAa,CAAA;QACvB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;KAC1B,CAAA;CACF,CAAA;AAED,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,CAAC,EAAE,OAAO,MAAM,IAAI,MAAM,EAAE,CAAA;CACzC,CAAA;AAED,MAAM,MAAM,aAAa,GACrB;IACE,QAAQ,EAAE,IAAI,CAAA;IACd,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,EAAE,MAAM,CAAA;CACd,GACD;IACE,QAAQ,EAAE,KAAK,CAAA;CAChB,CAAA;AAEL,MAAM,MAAM,WAAW,GAAG;IACxB,OAAO,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;CACpB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,MAAM,CAAA;IACjB,mBAAmB,EAAE,MAAM,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,MAAM,MAAM,gBAAgB,GACxB;IACE,OAAO,EAAE,IAAI,CAAA;IACb,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;CACrB,GACD;IAAE,OAAO,EAAE,KAAK,CAAA;CAAE,CAAA;AAEtB,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA"}
package/dist/config/config.js CHANGED
@@ -238,18 +238,22 @@ const envToCfg = (env) => {
238
238
  colors: {
239
239
  light: env.lightColor,
240
240
  dark: env.darkColor,
241
+ contrastSaturation: env.contrastSaturation,
241
242
  primary: env.primaryColor,
242
243
  primaryContrast: env.primaryColorContrast,
243
244
  primaryHue: env.primaryColorHue,
244
245
  error: env.errorColor,
245
246
  errorContrast: env.errorColorContrast,
246
247
  errorHue: env.errorColorHue,
247
- success: env.successColor,
248
- successContrast: env.successColorContrast,
249
- successHue: env.successColorHue,
250
248
  warning: env.warningColor,
251
249
  warningContrast: env.warningColorContrast,
252
250
  warningHue: env.warningColorHue,
251
+ info: env.infoColor,
252
+ infoContrast: env.infoColorContrast,
253
+ infoHue: env.infoColorHue,
254
+ success: env.successColor,
255
+ successContrast: env.successColorContrast,
256
+ successHue: env.successColorHue,
253
257
  },
254
258
  links: [
255
259
  {