@atproto/pds 0.4.220 → 0.4.221

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/CHANGELOG.md +9 -0
  2. package/dist/auth-verifier.d.ts +1 -0
  3. package/dist/auth-verifier.d.ts.map +1 -1
  4. package/dist/auth-verifier.js +7 -13
  5. package/dist/auth-verifier.js.map +1 -1
  6. package/dist/index.d.ts +1 -1
  7. package/dist/index.d.ts.map +1 -1
  8. package/dist/index.js +3 -1
  9. package/dist/index.js.map +1 -1
  10. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts +1 -0
  11. package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map +1 -1
  12. package/dist/lexicons/app/bsky/actor/defs.defs.js +1 -0
  13. package/dist/lexicons/app/bsky/actor/defs.defs.js.map +1 -1
  14. package/dist/lexicons/chat/bsky/actor/defs.defs.d.ts +11 -3
  15. package/dist/lexicons/chat/bsky/actor/defs.defs.d.ts.map +1 -1
  16. package/dist/lexicons/chat/bsky/actor/defs.defs.js +6 -2
  17. package/dist/lexicons/chat/bsky/actor/defs.defs.js.map +1 -1
  18. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts +98 -23
  19. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts.map +1 -1
  20. package/dist/lexicons/chat/bsky/convo/defs.defs.js +34 -24
  21. package/dist/lexicons/chat/bsky/convo/defs.defs.js.map +1 -1
  22. package/dist/lexicons/chat/bsky/convo/getConvoMembers.d.ts +3 -0
  23. package/dist/lexicons/chat/bsky/convo/getConvoMembers.d.ts.map +1 -0
  24. package/dist/lexicons/chat/bsky/convo/getConvoMembers.defs.d.ts +26 -0
  25. package/dist/lexicons/chat/bsky/convo/getConvoMembers.defs.d.ts.map +1 -0
  26. package/dist/lexicons/chat/bsky/convo/getConvoMembers.defs.js +55 -0
  27. package/dist/lexicons/chat/bsky/convo/getConvoMembers.defs.js.map +1 -0
  28. package/dist/lexicons/chat/bsky/convo/getConvoMembers.js +45 -0
  29. package/dist/lexicons/chat/bsky/convo/getConvoMembers.js.map +1 -0
  30. package/dist/lexicons/chat/bsky/convo/getMessages.defs.d.ts +3 -0
  31. package/dist/lexicons/chat/bsky/convo/getMessages.defs.d.ts.map +1 -1
  32. package/dist/lexicons/chat/bsky/convo/getMessages.defs.js +2 -0
  33. package/dist/lexicons/chat/bsky/convo/getMessages.defs.js.map +1 -1
  34. package/dist/lexicons/chat/bsky/convo.d.ts +1 -0
  35. package/dist/lexicons/chat/bsky/convo.d.ts.map +1 -1
  36. package/dist/lexicons/chat/bsky/convo.js +2 -1
  37. package/dist/lexicons/chat/bsky/convo.js.map +1 -1
  38. package/dist/lexicons/chat/bsky/group/addMembers.defs.d.ts +3 -0
  39. package/dist/lexicons/chat/bsky/group/addMembers.defs.d.ts.map +1 -1
  40. package/dist/lexicons/chat/bsky/group/addMembers.defs.js +2 -0
  41. package/dist/lexicons/chat/bsky/group/addMembers.defs.js.map +1 -1
  42. package/package.json +11 -12
  43. package/src/auth-verifier.ts +3 -11
  44. package/src/index.ts +5 -1
  45. package/tests/auth.test.ts +3 -1
  46. package/tests/entryway-mock.ts +317 -0
  47. package/tests/entryway.test.ts +18 -100
  48. package/tsconfig.build.tsbuildinfo +1 -1
package/CHANGELOG.md CHANGED
@@ -1,5 +1,14 @@
1
1
  # @atproto/pds
2
2
 
3
+ ## 0.4.221
4
+
5
+ ### Patch Changes
6
+
7
+ - [#4757](https://github.com/bluesky-social/atproto/pull/4757) [`877e629`](https://github.com/bluesky-social/atproto/commit/877e6293b93b2c32342b2023ab4f0c0e1cce643a) Thanks [@devinivy](https://github.com/devinivy)! - Remove legacy JWT typ check.
8
+
9
+ - Updated dependencies [[`5d3e248`](https://github.com/bluesky-social/atproto/commit/5d3e248c262f45e3ca471d8d2381830a4cd896ae)]:
10
+ - @atproto/oauth-provider@0.16.3
11
+
3
12
  ## 0.4.220
4
13
 
5
14
  ### Patch Changes
package/dist/auth-verifier.d.ts CHANGED
@@ -89,6 +89,7 @@ export declare class AuthVerifier {
89
89
  }>;
90
90
  }
91
91
  export declare function isUserOrAdmin(auth: AccessOutput | OAuthOutput | AdminTokenOutput | UnauthenticatedOutput, did: string): boolean;
92
+ export declare const bearerTokenFromReq: (req: IncomingMessage) => string | null;
92
93
  export declare const createSecretKeyObject: (secret: string) => KeyObject;
93
94
  export declare const createPublicKeyObject: (publicKeyHex: string) => KeyObject;
94
95
  //# sourceMappingURL=auth-verifier.d.ts.map
package/dist/auth-verifier.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-verifier.d.ts","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAoC,MAAM,aAAa,CAAA;AACzE,OAAO,EAAE,eAAe,EAAkB,MAAM,WAAW,CAAA;AAC3D,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAG5B,OAAO,EAAE,UAAU,EAA0B,MAAM,mBAAmB,CAAA;AACtE,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAe,MAAM,cAAc,CAAA;AACzE,OAAO,EAEL,aAAa,EAGd,MAAM,yBAAyB,CAAA;AAChC,OAAO,EACL,gBAAgB,EAEjB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAEL,SAAS,EAGT,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,EAIP,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAA;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAA;AAChE,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,aAAa,EACb,qBAAqB,EACrB,qBAAqB,EACtB,MAAM,eAAe,CAAA;AACtB,OAAO,EAAmB,SAAS,EAAe,MAAM,cAAc,CAAA;AAGtE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAE3C,MAAM,MAAM,eAAe,GAAG;IAC5B,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,gBAAgB,CAAC,EAAE,OAAO,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,aAAa,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAAI;IAC3D,MAAM,CAAC,EAAE,SAAS,CAAC,EAAE,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAAI;IAChE,UAAU,CAAC,EAAE,SAAS,CAAC,EAAE,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,IAAI;IACzD,SAAS,EAAE,CACT,WAAW,EAAE,gBAAgB,EAC7B,GAAG,EAAE,iBAAiB,CAAC,CAAC,CAAC,KACtB,SAAS,CAAC,IAAI,CAAC,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,SAAS,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAA;QACX,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB,CAAA;CACF,CAAA;AAED,MAAM,MAAM,sBAAsB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAChE,YAAY,CACV,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GAAG;IACtC,MAAM,EAAE,SAAS,CAAC,EAAE,CAAA;CACrB,EACD,UAAU,GAAG,KAAK,CACnB,CAAA;AAEH,MAAM,MAAM,qBAAqB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAAI;IACnE,GAAG,EAAE,SAAS,CAAA;IACd,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;IACvB,KAAK,EAAE,CAAC,CAAA;CACT,CAAA;AAED,qBAAa,YAAY;IAOd,cAAc,EAAE,cAAc;IAC9B,UAAU,EAAE,UAAU;IACtB,aAAa,EAAE,aAAa;IARrC,OAAO,CAAC,UAAU,CAAQ;IAC1B,OAAO,CAAC,OAAO,CAAW;IAC1B,OAAO,CAAC,UAAU,CAAQ;IACnB,IAAI,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAA;gBAG5B,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,aAAa,EACnC,IAAI,EAAE,gBAAgB;IAUjB,eAAe,EAAE,kBAAkB,CAAC,qBAAqB,CAAC,CAchE;IAEM,UAAU,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,CAYtD;IAEM,UAAU,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,CActD;IAEM,SAAS,EAAE,kBAAkB,CAAC,gBAAgB,GAAG,gBAAgB,CAAC,CAQtE;IAEH,SAAS,CAAC,MAAM,CAAC,CAAC,SAAS,SAAS,EAClC,OAAO,EAAE,eAAe,GAAG,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,GACpD,kBAAkB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IA8B/B,OAAO,CAAC,OAAO,CAAC,EAAE;QACvB,YAAY,CAAC,EAAE,OAAO,CAAA;KACvB,GAAG,kBAAkB,CAAC,aAAa,CAAC;IAiC9B,aAAa,CAAC,CAAC,SAAS,MAAM,EAAE,EACrC,MAAwB,EACxB,UAAe,EACf,GAAG,OAAO,EACX,EAAE,eAAe,GAChB,aAAa,GACb,kBAAkB,GAClB,iBAAiB,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,YAAY,GAAG,WAAW,EAAE,CAAC,CAAC;IAiCnE,iCAAiC,CAAC,CAAC,SAAS,MAAM,EACvD,IAAI,EAAE,eAAe,GAAG,kBAAkB,GAAG,iBAAiB,CAAC,CAAC,CAAC,GAChE,kBAAkB,CACnB,WAAW,GAAG,YAAY,GAAG,gBAAgB,GAAG,qBAAqB,EACrE,CAAC,CACF;IAcM,eAAe,EAAE,kBAAkB,CAAC,qBAAqB,CAAC,CAWhE;IAEM,uBAAuB,EAAE,kBAAkB,CAChD,qBAAqB,GAAG,qBAAqB,CAC9C,CAOA;IAEM,8BAA8B,CAAC,CAAC,SAAS,MAAM,EACpD,OAAO,EAAE,eAAe,GACtB,aAAa,GACb,kBAAkB,GAClB,iBAAiB,CAAC,CAAC,CAAC,GACrB,kBAAkB,CAAC,qBAAqB,GAAG,WAAW,GAAG,YAAY,EAAE,CAAC,CAAC;IAW5E,SAAS,CAAC,KAAK,CAAC,CAAC,SAAS,MAAM,EAAE,EAChC,SAAS,EACT,GAAG,mBAAmB,EACvB,EAAE,eAAe,GAAG,iBAAiB,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAC5D,WAAW,EACX,CAAC,CACF;cA0Ee,YAAY,CAC1B,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,IAAI,CAAC;IAMhB;;;;OAIG;IACU,WAAW,CACtB,WAAW,EAAE,kBAAkB,EAC/B,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,YAAY,CAAC;IAwBxB;;;OAGG;cACa,eAAe,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,EAC7D,GAAG,EAAE,eAAe,EACpB,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,EAAE,sBAAsB,CAAC,CAAC,CAAC,GAChD,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;cA6DpB,gBAAgB,CAC9B,GAAG,EAAE,eAAe,EACpB,IAAI,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE;;;;;;;CA6C5B;AAKD,wBAAgB,aAAa,CAC3B,IAAI,EAAE,YAAY,GAAG,WAAW,GAAG,gBAAgB,GAAG,qBAAqB,EAC3E,GAAG,EAAE,MAAM,GACV,OAAO,CAQT;AA0ED,eAAO,MAAM,qBAAqB,GAAI,QAAQ,MAAM,KAAG,SAEtD,CAAA;AAGD,eAAO,MAAM,qBAAqB,GAAI,cAAc,MAAM,KAAG,SAG5D,CAAA"}
1
+ {"version":3,"file":"auth-verifier.d.ts","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAoC,MAAM,aAAa,CAAA;AACzE,OAAO,EAAE,eAAe,EAAkB,MAAM,WAAW,CAAA;AAC3D,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAG5B,OAAO,EAAE,UAAU,EAA0B,MAAM,mBAAmB,CAAA;AACtE,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAe,MAAM,cAAc,CAAA;AACzE,OAAO,EAEL,aAAa,EAGd,MAAM,yBAAyB,CAAA;AAChC,OAAO,EACL,gBAAgB,EAEjB,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EAEL,SAAS,EAGT,iBAAiB,EACjB,kBAAkB,EAClB,MAAM,EAIP,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,cAAc,EAAE,MAAM,mCAAmC,CAAA;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,mCAAmC,CAAA;AAChE,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,aAAa,EACb,qBAAqB,EACrB,qBAAqB,EACtB,MAAM,eAAe,CAAA;AACtB,OAAO,EAAmB,SAAS,EAAe,MAAM,cAAc,CAAA;AAGtE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAE3C,MAAM,MAAM,eAAe,GAAG;IAC5B,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,gBAAgB,CAAC,EAAE,OAAO,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,aAAa,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAAI;IAC3D,MAAM,CAAC,EAAE,SAAS,CAAC,EAAE,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,kBAAkB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAAI;IAChE,UAAU,CAAC,EAAE,SAAS,CAAC,EAAE,CAAA;CAC1B,CAAA;AAED,MAAM,MAAM,iBAAiB,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,IAAI;IACzD,SAAS,EAAE,CACT,WAAW,EAAE,gBAAgB,EAC7B,GAAG,EAAE,iBAAiB,CAAC,CAAC,CAAC,KACtB,SAAS,CAAC,IAAI,CAAC,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,SAAS,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAA;QACX,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB,CAAA;CACF,CAAA;AAED,MAAM,MAAM,sBAAsB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAChE,YAAY,CACV,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,GAAG;IACtC,MAAM,EAAE,SAAS,CAAC,EAAE,CAAA;CACrB,EACD,UAAU,GAAG,KAAK,CACnB,CAAA;AAEH,MAAM,MAAM,qBAAqB,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,IAAI;IACnE,GAAG,EAAE,SAAS,CAAA;IACd,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,GAAG,SAAS,CAAA;IACvB,KAAK,EAAE,CAAC,CAAA;CACT,CAAA;AAED,qBAAa,YAAY;IAOd,cAAc,EAAE,cAAc;IAC9B,UAAU,EAAE,UAAU;IACtB,aAAa,EAAE,aAAa;IARrC,OAAO,CAAC,UAAU,CAAQ;IAC1B,OAAO,CAAC,OAAO,CAAW;IAC1B,OAAO,CAAC,UAAU,CAAQ;IACnB,IAAI,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAA;gBAG5B,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,aAAa,EACnC,IAAI,EAAE,gBAAgB;IAUjB,eAAe,EAAE,kBAAkB,CAAC,qBAAqB,CAAC,CAchE;IAEM,UAAU,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,CAYtD;IAEM,UAAU,EAAE,kBAAkB,CAAC,gBAAgB,CAAC,CActD;IAEM,SAAS,EAAE,kBAAkB,CAAC,gBAAgB,GAAG,gBAAgB,CAAC,CAQtE;IAEH,SAAS,CAAC,MAAM,CAAC,CAAC,SAAS,SAAS,EAClC,OAAO,EAAE,eAAe,GAAG,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,GACpD,kBAAkB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IA8B/B,OAAO,CAAC,OAAO,CAAC,EAAE;QACvB,YAAY,CAAC,EAAE,OAAO,CAAA;KACvB,GAAG,kBAAkB,CAAC,aAAa,CAAC;IAiC9B,aAAa,CAAC,CAAC,SAAS,MAAM,EAAE,EACrC,MAAwB,EACxB,UAAe,EACf,GAAG,OAAO,EACX,EAAE,eAAe,GAChB,aAAa,GACb,kBAAkB,GAClB,iBAAiB,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAAC,YAAY,GAAG,WAAW,EAAE,CAAC,CAAC;IAiCnE,iCAAiC,CAAC,CAAC,SAAS,MAAM,EACvD,IAAI,EAAE,eAAe,GAAG,kBAAkB,GAAG,iBAAiB,CAAC,CAAC,CAAC,GAChE,kBAAkB,CACnB,WAAW,GAAG,YAAY,GAAG,gBAAgB,GAAG,qBAAqB,EACrE,CAAC,CACF;IAcM,eAAe,EAAE,kBAAkB,CAAC,qBAAqB,CAAC,CAWhE;IAEM,uBAAuB,EAAE,kBAAkB,CAChD,qBAAqB,GAAG,qBAAqB,CAC9C,CAOA;IAEM,8BAA8B,CAAC,CAAC,SAAS,MAAM,EACpD,OAAO,EAAE,eAAe,GACtB,aAAa,GACb,kBAAkB,GAClB,iBAAiB,CAAC,CAAC,CAAC,GACrB,kBAAkB,CAAC,qBAAqB,GAAG,WAAW,GAAG,YAAY,EAAE,CAAC,CAAC;IAW5E,SAAS,CAAC,KAAK,CAAC,CAAC,SAAS,MAAM,EAAE,EAChC,SAAS,EACT,GAAG,mBAAmB,EACvB,EAAE,eAAe,GAAG,iBAAiB,CAAC,CAAC,CAAC,GAAG,kBAAkB,CAC5D,WAAW,EACX,CAAC,CACF;cA0Ee,YAAY,CAC1B,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,IAAI,CAAC;IAMhB;;;;OAIG;IACU,WAAW,CACtB,WAAW,EAAE,kBAAkB,EAC/B,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,YAAY,CAAC;IAwBxB;;;OAGG;cACa,eAAe,CAAC,CAAC,SAAS,SAAS,GAAG,SAAS,EAC7D,GAAG,EAAE,eAAe,EACpB,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,EAAE,sBAAsB,CAAC,CAAC,CAAC,GAChD,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;cAqDpB,gBAAgB,CAC9B,GAAG,EAAE,eAAe,EACpB,IAAI,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE;;;;;;;CA6C5B;AAKD,wBAAgB,aAAa,CAC3B,IAAI,EAAE,YAAY,GAAG,WAAW,GAAG,gBAAgB,GAAG,qBAAqB,EAC3E,GAAG,EAAE,MAAM,GACV,OAAO,CAQT;AAmDD,eAAO,MAAM,kBAAkB,GAAI,KAAK,eAAe,kBAGtD,CAAA;AAoBD,eAAO,MAAM,qBAAqB,GAAI,QAAQ,MAAM,KAAG,SAEtD,CAAA;AAGD,eAAO,MAAM,qBAAqB,GAAI,cAAc,MAAM,KAAG,SAG5D,CAAA"}
package/dist/auth-verifier.js CHANGED
@@ -36,7 +36,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
36
36
  return (mod && mod.__esModule) ? mod : { "default": mod };
37
37
  };
38
38
  Object.defineProperty(exports, "__esModule", { value: true });
39
- exports.createPublicKeyObject = exports.createSecretKeyObject = exports.AuthVerifier = void 0;
39
+ exports.createPublicKeyObject = exports.createSecretKeyObject = exports.bearerTokenFromReq = exports.AuthVerifier = void 0;
40
40
  exports.isUserOrAdmin = isUserOrAdmin;
41
41
  const node_crypto_1 = require("node:crypto");
42
42
  const jose = __importStar(require("jose"));
@@ -374,12 +374,12 @@ class AuthVerifier {
374
374
  * payload's type and wraps errors into {@link InvalidRequestError}.
375
375
  */
376
376
  async verifyBearerJwt(req, { scopes, ...options }) {
377
- const token = bearerTokenFromReq(req);
377
+ const token = (0, exports.bearerTokenFromReq)(req);
378
378
  if (!token) {
379
379
  throw new xrpc_server_1.AuthRequiredError(undefined, 'AuthMissing');
380
380
  }
381
- const { payload, protectedHeader } = await jose
382
- .jwtVerify(token, this._jwtKey, { ...options, typ: undefined })
381
+ const { payload } = await jose
382
+ .jwtVerify(token, this._jwtKey, options)
383
383
  .catch((cause) => {
384
384
  if (cause instanceof jose.errors.JWTExpired) {
385
385
  throw new xrpc_server_1.InvalidRequestError('Token has expired', 'ExpiredToken', {
@@ -390,13 +390,6 @@ class AuthVerifier {
390
390
  throw new xrpc_server_1.InvalidRequestError('Token could not be verified', 'InvalidToken', { cause });
391
391
  }
392
392
  });
393
- // @NOTE: the "typ" is now set in production environments, so we should be
394
- // able to safely check it through jose.jwtVerify(). However, tests depend
395
- // on @atproto/pds-entryway which does not set "typ" in the access tokens.
396
- // For that reason, we still allow it to be missing.
397
- if (protectedHeader.typ && options.typ !== protectedHeader.typ) {
398
- throw new xrpc_server_1.InvalidRequestError('Invalid token type', 'InvalidToken');
399
- }
400
393
  const { sub, aud, scope, lxm, cnf, jti } = payload;
401
394
  if (typeof lxm !== 'undefined') {
402
395
  // Service auth tokens should never make it to here. But since service
@@ -426,7 +419,7 @@ class AuthVerifier {
426
419
  return { sub, aud, jti, scope: scope };
427
420
  }
428
421
  async verifyServiceJwt(req, opts) {
429
- const jwtStr = bearerTokenFromReq(req);
422
+ const jwtStr = (0, exports.bearerTokenFromReq)(req);
430
423
  if (!jwtStr) {
431
424
  throw new xrpc_server_1.AuthRequiredError('missing jwt', 'MissingJwt');
432
425
  }
@@ -499,7 +492,7 @@ const parseAuthorizationHeader = (req) => {
499
492
  * check if a token is definitely a service auth token.
500
493
  */
501
494
  const isDefinitelyServiceAuth = (req) => {
502
- const token = bearerTokenFromReq(req);
495
+ const token = (0, exports.bearerTokenFromReq)(req);
503
496
  if (!token)
504
497
  return false;
505
498
  const payload = jose.decodeJwt(token);
@@ -513,6 +506,7 @@ const bearerTokenFromReq = (req) => {
513
506
  const [type, token] = parseAuthorizationHeader(req);
514
507
  return type === AuthType.BEARER ? token : null;
515
508
  };
509
+ exports.bearerTokenFromReq = bearerTokenFromReq;
516
510
  const parseBasicAuth = (req) => {
517
511
  try {
518
512
  const [type, b64] = parseAuthorizationHeader(req);
package/dist/auth-verifier.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth-verifier.js","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8jBA,sCAWC;AAzkBD,6CAAyE;AAEzE,2CAA4B;AAC5B,8DAAoC;AACpC,4CAAyD;AACzD,gDAAsE;AACtE,sCAAyE;AACzE,4DAKgC;AAChC,wDAG8B;AAC9B,sDAW6B;AAY7B,6CAAsE;AACtE,6BAAkC;AAClC,sCAAwC;AAiDxC,MAAa,YAAY;IAMvB,YACS,cAA8B,EAC9B,UAAsB,EACtB,aAA4B,EACnC,IAAsB;QAHtB;;;;mBAAO,cAAc;WAAgB;QACrC;;;;mBAAO,UAAU;WAAY;QAC7B;;;;mBAAO,aAAa;WAAe;QAR7B;;;;;WAAkB;QAClB;;;;;WAAkB;QAClB;;;;;WAAkB;QACnB;;;;;WAA8B;QAcrC,0CAA0C;QAEnC;;;;mBAA6D,CAAC,GAAG,EAAE,EAAE;gBAC1E,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBAEvB,0EAA0E;gBAC1E,2EAA2E;gBAC3E,2EAA2E;gBAC3E,uBAAuB;gBACvB,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;oBACrC,MAAM,IAAI,+BAAiB,CAAC,8BAA8B,CAAC,CAAA;gBAC7D,CAAC;gBAED,OAAO;oBACL,WAAW,EAAE,IAAI;iBAClB,CAAA;YACH,CAAC;WAAA;QAEM;;;;mBAAmD,KAAK,EAAE,GAAG,EAAE,EAAE;gBACtE,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACvB,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACtC,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,+BAAiB,EAAE,CAAA;gBAC/B,CAAC;gBACD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;gBACrC,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;oBACzD,MAAM,IAAI,+BAAiB,EAAE,CAAA;gBAC/B,CAAC;gBAED,OAAO,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,CAAA;YACjD,CAAC;WAAA;QAEM;;;;mBAAmD,KAAK,EAAE,GAAG,EAAE,EAAE;gBACtE,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACvB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC1B,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;gBACjE,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE;oBACnD,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,kBAAkB,CAAC;iBACvE,CAAC,CAAA;gBACF,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,aAAa;wBACnB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAEM;;;;mBACL,KAAK,EAAE,GAAG,EAAE,EAAE;gBACZ,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACrC,IAAI,IAAI,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBAC7B,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBAC7B,CAAC;YACH,CAAC;WAAA;QAgII;;;;mBAA6D,KAAK,EACvE,GAAG,EACH,EAAE;gBACF,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACpD,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,mBAAmB;wBACzB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAEM;;;;mBAEH,KAAK,EAAE,GAAG,EAAE,EAAE;gBAChB,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACrC,IAAI,IAAI,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAC7B,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;gBACxC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;gBAClC,CAAC;YACH,CAAC;WAAA;QApNC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAA;QAC1B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;IACvB,CAAC;IA4DS,MAAM,CACd,OAAqD;QAErD,MAAM,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,GAAG,OAAO,CAAA;QAE5C,MAAM,gBAAgB,GAA8B;YAClD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG;YACvB,GAAG,EAAE,QAAQ;YACb,MAAM;YACJ,mEAAmE;YACnE,0BAA0B;YAC1B,aAAa,CAAC,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC,sBAAS,CAAC,SAAc,CAAC;gBACtE,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,sBAAS,CAAC,SAAS,CAAC;gBACjD,CAAC,CAAC,MAAM;SACb,CAAA;QAED,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAEvB,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,CACpD,GAAG,CAAC,GAAG,EACP,gBAAgB,CACjB,CAAA;YAED,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;YAE3C,OAAO;gBACL,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,KAAK,EAAE;aAC5C,CAAA;QACH,CAAC,CAAA;IACH,CAAC;IAEM,OAAO,CAAC,OAEd;QACC,MAAM,aAAa,GAA8C;YAC/D,cAAc,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;YAC5D,GAAG,EAAE,aAAa;YAClB,oDAAoD;YACpD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YACjE,MAAM,EAAE,CAAC,sBAAS,CAAC,OAAO,CAAC;SAC5B,CAAA;QAED,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAEvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;YAEjE,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAA;YAC1B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,+BAAiB,CACzB,qCAAqC,EACrC,gBAAgB,CACjB,CAAA;YACH,CAAC;YAED,OAAO;gBACL,WAAW,EAAE;oBACX,IAAI,EAAE,SAAS;oBACf,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO;iBACR;aACF,CAAA;QACH,CAAC,CAAA;IACH,CAAC;IAEM,aAAa,CAAmB,EACrC,MAAM,GAAG,4BAAe,EACxB,UAAU,GAAG,EAAE,EACf,GAAG,OAAO,EAIU;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACzB,GAAG,OAAO;YACV,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,GAAG,UAAU,CAAC;SACnC,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAEjC,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAErC,IAAI,IAAI,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC7B,OAAO,MAAM,CAAC,GAAG,CAAC,CAAA;YACpB,CAAC;YAED,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3B,OAAO,KAAK,CAAC,GAAG,CAAC,CAAA;YACnB,CAAC;YAED,uEAAuE;YACvE,+CAA+C;YAC/C,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAEvB,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBAClB,MAAM,IAAI,iCAAmB,CAC3B,+BAA+B,EAC/B,cAAc,CACf,CAAA;YACH,CAAC;YAED,MAAM,IAAI,+BAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;QACvD,CAAC,CAAA;IACH,CAAC;IAEM,iCAAiC,CACtC,IAAiE;QAKjE,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;QAC9C,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACrC,IAAI,IAAI,KAAK,QAAQ,CAAC,MAAM,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACvD,OAAO,aAAa,CAAC,GAAG,CAAC,CAAA;YAC3B,CAAC;iBAAM,IAAI,IAAI,KAAK,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACnC,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;YAC7B,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;YAClC,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IA0BM,8BAA8B,CACnC,OAGsB;QAEtB,MAAM,qBAAqB,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;QACzD,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,IAAI,uBAAuB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrC,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;YAClC,CAAC;iBAAM,CAAC;gBACN,OAAO,qBAAqB,CAAC,GAAG,CAAC,CAAA;YACnC,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IAES,KAAK,CAAmB,EAChC,SAAS,EACT,GAAG,mBAAmB,EACiB;QAIvC,MAAM,kBAAkB,GAA8B;YACpD,QAAQ,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YACzB,KAAK,EAAE,CAAC,SAAS,CAAC;SACnB,CAAA;QAED,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAEvB,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,CAAA;YAExB,4DAA4D;YAC5D,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,CAAA;YACpD,IAAI,SAAS,EAAE,CAAC;gBACd,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;gBACtC,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,YAAY,CAAC,CAAA;YACjE,CAAC;YAED,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,CAAA;YACrD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;YAEjD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;iBACjD,mBAAmB,CAClB,GAAG,CAAC,MAAM,IAAI,KAAK,EACnB,GAAG,EACH,GAAG,CAAC,OAAO,EACX,kBAAkB,CACnB;iBACA,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,mEAAmE;gBACnE,0DAA0D;gBAC1D,IAAI,GAAG,YAAY,qCAAoB,EAAE,CAAC;oBACxC,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,qBAAqB,CAAC,CAAA;oBAC5D,GAAG,CAAC,YAAY,CACd,+BAA+B,EAC/B,kBAAkB,CACnB,CAAA;gBACH,CAAC;gBAED,IAAI,GAAG,YAAY,2BAAU,EAAE,CAAC;oBAC9B,MAAM,IAAI,uBAAS,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,iBAAiB,EAAE,GAAG,CAAC,KAAK,CAAC,CAAA;gBACnE,CAAC;gBAED,MAAM,GAAG,CAAA;YACX,CAAC,CAAC,CAAA;YAEJ,IAAI,CAAC,IAAA,iBAAW,EAAC,GAAG,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;YAClE,CAAC;YAED,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,mBAAmB,CAAC,CAAA;YAEjD,MAAM,WAAW,GAAG,IAAI,yCAA0B,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;YAErE,sBAAsB;YACtB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,iCAAmB,CAC3B,2CAA2C,EAC3C,cAAc,CACf,CAAA;YACH,CAAC;YAED,MAAM,SAAS,CAAC,WAAW,EAAE,GAAG,CAAC,CAAA;YAEjC,OAAO;gBACL,WAAW,EAAE;oBACX,IAAI,EAAE,OAAO;oBACb,GAAG;oBACH,WAAW;iBACZ;aACF,CAAA;QACH,CAAC,CAAA;IACH,CAAC;IAES,KAAK,CAAC,YAAY,CAC1B,GAAc,EACd,OAAwB;QAExB,IAAI,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACtD,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QACtC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,WAAW,CACtB,WAA+B,EAC/B,OAAwB;QAExB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,WAAW,EAAE;YAChE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,yEAAyE;YACzE,MAAM,IAAI,4BAAc,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,OAAO,CAAC,aAAa,IAAI,IAAA,gBAAW,EAAC,OAAO,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,+BAAiB,CACzB,6BAA6B,EAC7B,iBAAiB,CAClB,CAAA;QACH,CAAC;QACD,IAAI,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACtD,MAAM,IAAI,+BAAiB,CACzB,wBAAwB,EACxB,oBAAoB,CACrB,CAAA;QACH,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED;;;OAGG;IACO,KAAK,CAAC,eAAe,CAC7B,GAAoB,EACpB,EAAE,MAAM,EAAE,GAAG,OAAO,EAA6B;QAEjD,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;QACrC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,+BAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;QACvD,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,IAAI;aAC5C,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,EAAE,GAAG,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;aAC9D,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACf,IAAI,KAAK,YAAY,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC5C,MAAM,IAAI,iCAAmB,CAAC,mBAAmB,EAAE,cAAc,EAAE;oBACjE,KAAK;iBACN,CAAC,CAAA;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,iCAAmB,CAC3B,6BAA6B,EAC7B,cAAc,EACd,EAAE,KAAK,EAAE,CACV,CAAA;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEJ,0EAA0E;QAC1E,0EAA0E;QAC1E,0EAA0E;QAC1E,oDAAoD;QACpD,IAAI,eAAe,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,KAAK,eAAe,CAAC,GAAG,EAAE,CAAC;YAC/D,MAAM,IAAI,iCAAmB,CAAC,oBAAoB,EAAE,cAAc,CAAC,CAAA;QACrE,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAA;QAElD,IAAI,OAAO,GAAG,KAAK,WAAW,EAAE,CAAC;YAC/B,sEAAsE;YACtE,yEAAyE;YACzE,+DAA+D;YAC/D,yEAAyE;YACzE,mBAAmB;YACnB,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,WAAW,EAAE,CAAC;YAC/B,wDAAwD;YACxD,8CAA8C;YAC9C,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,IAAA,iBAAW,EAAC,GAAG,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,OAAO,GAAG,KAAK,WAAW,EAAE,CAAC;YAC1D,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,CAAC,IAAA,wBAAW,EAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAY,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QAED,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAU,EAAE,CAAA;IAC7C,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC9B,GAAoB,EACpB,IAAyB;QAEzB,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;QACtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,+BAAiB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAA;QAC1D,CAAC;QAED,MAAM,IAAI,GAAG,IAAA,0BAAY,EAAC,GAAG,CAAC,CAAA;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,uBAAgB,EACpC,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,KAAK,EAAE,GAAG,EAAE,YAAY,EAAE,EAAE;YAC1B,IAAI,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzC,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACjE,CAAC;YACD,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACvC,MAAM,KAAK,GACT,SAAS,KAAK,iBAAiB,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAA;YAC/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YACnE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,2BAA2B,CAAC,CAAA;YAC1D,CAAC;YACD,MAAM,SAAS,GAAG,IAAA,gCAAuB,EAAC,MAAM,EAAE,KAAK,CAAC,CAAA;YACxD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,MAAM,MAAM,GAAG,IAAA,iCAAsB,EAAC,SAAS,CAAC,CAAA;YAChD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC,CACF,CAAA;QACD,IACE,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,GAAG;YAC7B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAC3D,CAAC;YACD,MAAM,IAAI,+BAAiB,CACzB,yCAAyC,EACzC,gBAAgB,CACjB,CAAA;QACH,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AA9dD,oCA8dC;AAED,UAAU;AACV,YAAY;AAEZ,SAAgB,aAAa,CAC3B,IAA2E,EAC3E,GAAW;IAEX,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACtB,OAAO,KAAK,CAAA;IACd,CAAC;SAAM,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACnD,OAAO,IAAI,CAAA;IACb,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,KAAK,GAAG,CAAA;IACrC,CAAC;AACH,CAAC;AAED,IAAK,QAIJ;AAJD,WAAK,QAAQ;IACX,2BAAe,CAAA;IACf,6BAAiB,CAAA;IACjB,yBAAa,CAAA;AACf,CAAC,EAJI,QAAQ,KAAR,QAAQ,QAIZ;AAED,MAAM,wBAAwB,GAAG,CAC/B,GAAoB,EAC4B,EAAE;IAClD,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IAClD,IAAI,CAAC,aAAa;QAAE,OAAO,CAAC,IAAI,CAAC,CAAA;IAEjC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,iCAAmB,CAC3B,gCAAgC,EAChC,cAAc,CACf,CAAA;IACH,CAAC;IAED,yCAAyC;IACzC,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;IAExC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC1E,IAAI,IAAI;QAAE,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;IAElC,MAAM,IAAI,iCAAmB,CAC3B,mCAAmC,MAAM,CAAC,CAAC,CAAC,EAAE,EAC9C,cAAc,CACf,CAAA;AACH,CAAC,CAAA;AAED;;;;GAIG;AACH,MAAM,uBAAuB,GAAG,CAAC,GAAoB,EAAW,EAAE;IAChE,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAA;IACrC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAA;IACxB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IACrC,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAA;AAC/B,CAAC,CAAA;AAED,MAAM,eAAe,GAAG,CAAC,GAAoB,EAAmB,EAAE;IAChE,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAA;IAC5C,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAED,MAAM,kBAAkB,GAAG,CAAC,GAAoB,EAAE,EAAE;IAClD,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAA;IACnD,OAAO,IAAI,KAAK,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAA;AAChD,CAAC,CAAA;AAED,MAAM,cAAc,GAAG,CACrB,GAAoB,EAC2B,EAAE;IACjD,IAAI,CAAC;QACH,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,IAAI,KAAK,QAAQ,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAC3D,qEAAqE;QACrE,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClC,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAA;QAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;QACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAA;QACzC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAA;IAC/B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC,CAAA;AAEM,MAAM,qBAAqB,GAAG,CAAC,MAAc,EAAa,EAAE;IACjE,OAAO,IAAA,6BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;AAC7C,CAAC,CAAA;AAFY,QAAA,qBAAqB,yBAEjC;AAED,MAAM,UAAU,GAAG,IAAI,qBAAU,CAAC,WAAW,CAAC,CAAA;AACvC,MAAM,qBAAqB,GAAG,CAAC,YAAoB,EAAa,EAAE;IACvE,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAC,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;IAC/D,OAAO,IAAA,6BAAe,EAAC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;AAChD,CAAC,CAAA;AAHY,QAAA,qBAAqB,yBAGjC;AAED,SAAS,cAAc,CAAC,GAAmB;IACzC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;IACzC,IAAA,iBAAU,EAAC,GAAG,EAAE,eAAe,CAAC,CAAA;AAClC,CAAC","sourcesContent":["import { KeyObject, createPublicKey, createSecretKey } from 'node:crypto'\nimport { IncomingMessage, ServerResponse } from 'node:http'\nimport * as jose from 'jose'\nimport KeyEncoder from 'key-encoder'\nimport { getVerificationMaterial } from '@atproto/common'\nimport { IdResolver, getDidKeyFromMultibase } from '@atproto/identity'\nimport { AtIdentifierString, DidString, isDidString } from '@atproto/lex'\nimport {\n OAuthError,\n OAuthVerifier,\n VerifyTokenPayloadOptions,\n WWWAuthenticateError,\n} from '@atproto/oauth-provider'\nimport {\n ScopePermissions,\n ScopePermissionsTransition,\n} from '@atproto/oauth-scopes'\nimport {\n AuthRequiredError,\n Awaitable,\n ForbiddenError,\n InvalidRequestError,\n MethodAuthContext,\n MethodAuthVerifier,\n Params,\n XRPCError,\n parseReqNsid,\n verifyJwt as verifyServiceJwt,\n} from '@atproto/xrpc-server'\nimport { AccountManager } from './account-manager/account-manager'\nimport { ActorAccount } from './account-manager/helpers/account'\nimport {\n AccessOutput,\n AdminTokenOutput,\n ModServiceOutput,\n OAuthOutput,\n RefreshOutput,\n UnauthenticatedOutput,\n UserServiceAuthOutput,\n} from './auth-output'\nimport { ACCESS_STANDARD, AuthScope, isAuthScope } from './auth-scope'\nimport { softDeleted } from './db'\nimport { appendVary } from './util/http'\nimport { WithRequired } from './util/types'\n\nexport type VerifiedOptions = {\n checkTakedown?: boolean\n checkDeactivated?: boolean\n}\n\nexport type ScopedOptions<S extends AuthScope = AuthScope> = {\n scopes?: readonly S[]\n}\n\nexport type ExtraScopedOptions<S extends AuthScope = AuthScope> = {\n additional?: readonly S[]\n}\n\nexport type AuthorizedOptions<P extends Params = Params> = {\n authorize: (\n permissions: ScopePermissions,\n ctx: MethodAuthContext<P>,\n ) => Awaitable<void>\n}\n\nexport type AuthVerifierOpts = {\n publicUrl: string\n jwtKey: KeyObject\n adminPass: string\n dids: {\n pds: string\n entryway?: string\n modService?: string\n }\n}\n\nexport type VerifyBearerJwtOptions<S extends AuthScope = AuthScope> =\n WithRequired<\n Omit<jose.JWTVerifyOptions, 'scopes'> & {\n scopes: readonly S[]\n },\n 'audience' | 'typ'\n >\n\nexport type VerifyBearerJwtResult<S extends AuthScope = AuthScope> = {\n sub: DidString\n aud: string\n jti: string | undefined\n scope: S\n}\n\nexport class AuthVerifier {\n private _publicUrl: string\n private _jwtKey: KeyObject\n private _adminPass: string\n public dids: AuthVerifierOpts['dids']\n\n constructor(\n public accountManager: AccountManager,\n public idResolver: IdResolver,\n public oauthVerifier: OAuthVerifier,\n opts: AuthVerifierOpts,\n ) {\n this._publicUrl = opts.publicUrl\n this._jwtKey = opts.jwtKey\n this._adminPass = opts.adminPass\n this.dids = opts.dids\n }\n\n // verifiers (arrow fns to preserve scope)\n\n public unauthenticated: MethodAuthVerifier<UnauthenticatedOutput> = (ctx) => {\n setAuthHeaders(ctx.res)\n\n // @NOTE this auth method is typically used as fallback when no other auth\n // method is applicable. This means that the presence of an \"authorization\"\n // header means that that header is invalid (as it did not match any of the\n // other auth methods).\n if (ctx.req.headers['authorization']) {\n throw new AuthRequiredError('Invalid authorization header')\n }\n\n return {\n credentials: null,\n }\n }\n\n public adminToken: MethodAuthVerifier<AdminTokenOutput> = async (ctx) => {\n setAuthHeaders(ctx.res)\n const parsed = parseBasicAuth(ctx.req)\n if (!parsed) {\n throw new AuthRequiredError()\n }\n const { username, password } = parsed\n if (username !== 'admin' || password !== this._adminPass) {\n throw new AuthRequiredError()\n }\n\n return { credentials: { type: 'admin_token' } }\n }\n\n public modService: MethodAuthVerifier<ModServiceOutput> = async (ctx) => {\n setAuthHeaders(ctx.res)\n if (!this.dids.modService) {\n throw new AuthRequiredError('Untrusted issuer', 'UntrustedIss')\n }\n const payload = await this.verifyServiceJwt(ctx.req, {\n iss: [this.dids.modService, `${this.dids.modService}#atproto_labeler`],\n })\n return {\n credentials: {\n type: 'mod_service',\n did: payload.iss,\n },\n }\n }\n\n public moderator: MethodAuthVerifier<AdminTokenOutput | ModServiceOutput> =\n async (ctx) => {\n const type = extractAuthType(ctx.req)\n if (type === AuthType.BEARER) {\n return this.modService(ctx)\n } else {\n return this.adminToken(ctx)\n }\n }\n\n protected access<S extends AuthScope>(\n options: VerifiedOptions & Required<ScopedOptions<S>>,\n ): MethodAuthVerifier<AccessOutput<S>> {\n const { scopes, ...statusOptions } = options\n\n const verifyJwtOptions: VerifyBearerJwtOptions<S> = {\n audience: this.dids.pds,\n typ: 'at+jwt',\n scopes:\n // @NOTE We can reject taken down credentials based on the scope if\n // \"checkTakedown\" is set.\n statusOptions.checkTakedown && scopes.includes(AuthScope.Takendown as S)\n ? scopes.filter((s) => s !== AuthScope.Takendown)\n : scopes,\n }\n\n return async (ctx) => {\n setAuthHeaders(ctx.res)\n\n const { sub: did, scope } = await this.verifyBearerJwt(\n ctx.req,\n verifyJwtOptions,\n )\n\n await this.verifyStatus(did, statusOptions)\n\n return {\n credentials: { type: 'access', did, scope },\n }\n }\n }\n\n public refresh(options?: {\n allowExpired?: boolean\n }): MethodAuthVerifier<RefreshOutput> {\n const verifyOptions: VerifyBearerJwtOptions<AuthScope.Refresh> = {\n clockTolerance: options?.allowExpired ? Infinity : undefined,\n typ: 'refresh+jwt',\n // when using entryway, proxying refresh credentials\n audience: this.dids.entryway ? this.dids.entryway : this.dids.pds,\n scopes: [AuthScope.Refresh],\n }\n\n return async (ctx) => {\n setAuthHeaders(ctx.res)\n\n const result = await this.verifyBearerJwt(ctx.req, verifyOptions)\n\n const tokenId = result.jti\n if (!tokenId) {\n throw new AuthRequiredError(\n 'Unexpected missing refresh token id',\n 'MissingTokenId',\n )\n }\n\n return {\n credentials: {\n type: 'refresh',\n did: result.sub,\n scope: result.scope,\n tokenId,\n },\n }\n }\n }\n\n public authorization<P extends Params>({\n scopes = ACCESS_STANDARD,\n additional = [],\n ...options\n }: VerifiedOptions &\n ScopedOptions &\n ExtraScopedOptions &\n AuthorizedOptions<P>): MethodAuthVerifier<AccessOutput | OAuthOutput, P> {\n const access = this.access({\n ...options,\n scopes: [...scopes, ...additional],\n })\n const oauth = this.oauth(options)\n\n return async (ctx) => {\n const type = extractAuthType(ctx.req)\n\n if (type === AuthType.BEARER) {\n return access(ctx)\n }\n\n if (type === AuthType.DPOP) {\n return oauth(ctx)\n }\n\n // Auth headers are set through the access and oauth methods so we only\n // need to set them here if we reach this point\n setAuthHeaders(ctx.res)\n\n if (type !== null) {\n throw new InvalidRequestError(\n 'Unexpected authorization type',\n 'InvalidToken',\n )\n }\n\n throw new AuthRequiredError(undefined, 'AuthMissing')\n }\n }\n\n public authorizationOrAdminTokenOptional<P extends Params>(\n opts: VerifiedOptions & ExtraScopedOptions & AuthorizedOptions<P>,\n ): MethodAuthVerifier<\n OAuthOutput | AccessOutput | AdminTokenOutput | UnauthenticatedOutput,\n P\n > {\n const authorization = this.authorization(opts)\n return async (ctx) => {\n const type = extractAuthType(ctx.req)\n if (type === AuthType.BEARER || type === AuthType.DPOP) {\n return authorization(ctx)\n } else if (type === AuthType.BASIC) {\n return this.adminToken(ctx)\n } else {\n return this.unauthenticated(ctx)\n }\n }\n }\n\n public userServiceAuth: MethodAuthVerifier<UserServiceAuthOutput> = async (\n ctx,\n ) => {\n setAuthHeaders(ctx.res)\n const payload = await this.verifyServiceJwt(ctx.req)\n return {\n credentials: {\n type: 'user_service_auth',\n did: payload.iss,\n },\n }\n }\n\n public userServiceAuthOptional: MethodAuthVerifier<\n UserServiceAuthOutput | UnauthenticatedOutput\n > = async (ctx) => {\n const type = extractAuthType(ctx.req)\n if (type === AuthType.BEARER) {\n return await this.userServiceAuth(ctx)\n } else {\n return this.unauthenticated(ctx)\n }\n }\n\n public authorizationOrUserServiceAuth<P extends Params>(\n options: VerifiedOptions &\n ScopedOptions &\n ExtraScopedOptions &\n AuthorizedOptions<P>,\n ): MethodAuthVerifier<UserServiceAuthOutput | OAuthOutput | AccessOutput, P> {\n const authorizationVerifier = this.authorization(options)\n return async (ctx) => {\n if (isDefinitelyServiceAuth(ctx.req)) {\n return this.userServiceAuth(ctx)\n } else {\n return authorizationVerifier(ctx)\n }\n }\n }\n\n protected oauth<P extends Params>({\n authorize,\n ...verifyStatusOptions\n }: VerifiedOptions & AuthorizedOptions<P>): MethodAuthVerifier<\n OAuthOutput,\n P\n > {\n const verifyTokenOptions: VerifyTokenPayloadOptions = {\n audience: [this.dids.pds],\n scope: ['atproto'],\n }\n\n return async (ctx) => {\n setAuthHeaders(ctx.res)\n\n const { req, res } = ctx\n\n // https://datatracker.ietf.org/doc/html/rfc9449#section-8.2\n const dpopNonce = this.oauthVerifier.nextDpopNonce()\n if (dpopNonce) {\n res.setHeader('DPoP-Nonce', dpopNonce)\n res.appendHeader('Access-Control-Expose-Headers', 'DPoP-Nonce')\n }\n\n const originalUrl = req.originalUrl || req.url || '/'\n const url = new URL(originalUrl, this._publicUrl)\n\n const { scope, sub: did } = await this.oauthVerifier\n .authenticateRequest(\n req.method || 'GET',\n url,\n req.headers,\n verifyTokenOptions,\n )\n .catch((err) => {\n // Make sure to include any WWW-Authenticate header in the response\n // (particularly useful for DPoP's \"use_dpop_nonce\" error)\n if (err instanceof WWWAuthenticateError) {\n res.setHeader('WWW-Authenticate', err.wwwAuthenticateHeader)\n res.appendHeader(\n 'Access-Control-Expose-Headers',\n 'WWW-Authenticate',\n )\n }\n\n if (err instanceof OAuthError) {\n throw new XRPCError(err.status, err.error_description, err.error)\n }\n\n throw err\n })\n\n if (!isDidString(did)) {\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n\n await this.verifyStatus(did, verifyStatusOptions)\n\n const permissions = new ScopePermissionsTransition(scope?.split(' '))\n\n // Should never happen\n if (!permissions.scopes.has('atproto')) {\n throw new InvalidRequestError(\n 'OAuth token does not have \"atproto\" scope',\n 'InvalidToken',\n )\n }\n\n await authorize(permissions, ctx)\n\n return {\n credentials: {\n type: 'oauth',\n did,\n permissions,\n },\n }\n }\n }\n\n protected async verifyStatus(\n did: DidString,\n options: VerifiedOptions,\n ): Promise<void> {\n if (options.checkDeactivated || options.checkTakedown) {\n await this.findAccount(did, options)\n }\n }\n\n /**\n * Finds an account by its handle or DID, returning possibly deactivated or\n * taken down accounts (unless `options.checkDeactivated` or\n * `options.checkTakedown` are set to true, respectively).\n */\n public async findAccount(\n handleOrDid: AtIdentifierString,\n options: VerifiedOptions,\n ): Promise<ActorAccount> {\n const account = await this.accountManager.getAccount(handleOrDid, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n if (!account) {\n // will be turned into ExpiredToken for the client if proxied by entryway\n throw new ForbiddenError('Account not found', 'AccountNotFound')\n }\n if (options.checkTakedown && softDeleted(account)) {\n throw new AuthRequiredError(\n 'Account has been taken down',\n 'AccountTakedown',\n )\n }\n if (options.checkDeactivated && account.deactivatedAt) {\n throw new AuthRequiredError(\n 'Account is deactivated',\n 'AccountDeactivated',\n )\n }\n return account\n }\n\n /**\n * Wraps {@link jose.jwtVerify} into a function that also validates the token\n * payload's type and wraps errors into {@link InvalidRequestError}.\n */\n protected async verifyBearerJwt<S extends AuthScope = AuthScope>(\n req: IncomingMessage,\n { scopes, ...options }: VerifyBearerJwtOptions<S>,\n ): Promise<VerifyBearerJwtResult<S>> {\n const token = bearerTokenFromReq(req)\n if (!token) {\n throw new AuthRequiredError(undefined, 'AuthMissing')\n }\n\n const { payload, protectedHeader } = await jose\n .jwtVerify(token, this._jwtKey, { ...options, typ: undefined })\n .catch((cause) => {\n if (cause instanceof jose.errors.JWTExpired) {\n throw new InvalidRequestError('Token has expired', 'ExpiredToken', {\n cause,\n })\n } else {\n throw new InvalidRequestError(\n 'Token could not be verified',\n 'InvalidToken',\n { cause },\n )\n }\n })\n\n // @NOTE: the \"typ\" is now set in production environments, so we should be\n // able to safely check it through jose.jwtVerify(). However, tests depend\n // on @atproto/pds-entryway which does not set \"typ\" in the access tokens.\n // For that reason, we still allow it to be missing.\n if (protectedHeader.typ && options.typ !== protectedHeader.typ) {\n throw new InvalidRequestError('Invalid token type', 'InvalidToken')\n }\n\n const { sub, aud, scope, lxm, cnf, jti } = payload\n\n if (typeof lxm !== 'undefined') {\n // Service auth tokens should never make it to here. But since service\n // auth tokens do not have a \"typ\" header, the \"typ\" check above will not\n // catch them. This check here is mainly to protect against the\n // hypothetical case in which a PDS would issue service auth tokens using\n // its private key.\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n if (typeof cnf !== 'undefined') {\n // Proof-of-Possession (PoP) tokens are not allowed here\n // https://www.rfc-editor.org/rfc/rfc7800.html\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n if (typeof sub !== 'string' || !isDidString(sub)) {\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n if (typeof aud !== 'string' || !aud.startsWith('did:')) {\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n if (typeof jti !== 'string' && typeof jti !== 'undefined') {\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n if (!isAuthScope(scope) || !scopes.includes(scope as any)) {\n throw new InvalidRequestError('Bad token scope', 'InvalidToken')\n }\n\n return { sub, aud, jti, scope: scope as S }\n }\n\n protected async verifyServiceJwt(\n req: IncomingMessage,\n opts?: { iss?: string[] },\n ) {\n const jwtStr = bearerTokenFromReq(req)\n if (!jwtStr) {\n throw new AuthRequiredError('missing jwt', 'MissingJwt')\n }\n\n const nsid = parseReqNsid(req)\n const payload = await verifyServiceJwt(\n jwtStr,\n null,\n nsid,\n async (iss, forceRefresh) => {\n if (opts?.iss && !opts.iss.includes(iss)) {\n throw new AuthRequiredError('Untrusted issuer', 'UntrustedIss')\n }\n const [did, serviceId] = iss.split('#')\n const keyId =\n serviceId === 'atproto_labeler' ? 'atproto_label' : 'atproto'\n const didDoc = await this.idResolver.did.resolve(did, forceRefresh)\n if (!didDoc) {\n throw new AuthRequiredError('could not resolve iss did')\n }\n const parsedKey = getVerificationMaterial(didDoc, keyId)\n if (!parsedKey) {\n throw new AuthRequiredError('missing or bad key in did doc')\n }\n const didKey = getDidKeyFromMultibase(parsedKey)\n if (!didKey) {\n throw new AuthRequiredError('missing or bad key in did doc')\n }\n return didKey\n },\n )\n if (\n payload.aud !== this.dids.pds &&\n (!this.dids.entryway || payload.aud !== this.dids.entryway)\n ) {\n throw new AuthRequiredError(\n 'jwt audience does not match service did',\n 'BadJwtAudience',\n )\n }\n return payload\n }\n}\n\n// HELPERS\n// ---------\n\nexport function isUserOrAdmin(\n auth: AccessOutput | OAuthOutput | AdminTokenOutput | UnauthenticatedOutput,\n did: string,\n): boolean {\n if (!auth.credentials) {\n return false\n } else if (auth.credentials.type === 'admin_token') {\n return true\n } else {\n return auth.credentials.did === did\n }\n}\n\nenum AuthType {\n BASIC = 'Basic',\n BEARER = 'Bearer',\n DPOP = 'DPoP',\n}\n\nconst parseAuthorizationHeader = (\n req: IncomingMessage,\n): [type: null] | [type: AuthType, token: string] => {\n const authorization = req.headers['authorization']\n if (!authorization) return [null]\n\n const result = authorization.split(' ')\n if (result.length !== 2) {\n throw new InvalidRequestError(\n 'Malformed authorization header',\n 'InvalidToken',\n )\n }\n\n // authorization type is case-insensitive\n const authType = result[0].toUpperCase()\n\n const type = Object.hasOwn(AuthType, authType) ? AuthType[authType] : null\n if (type) return [type, result[1]]\n\n throw new InvalidRequestError(\n `Unsupported authorization type: ${result[0]}`,\n 'InvalidToken',\n )\n}\n\n/**\n * @note Not all service auth tokens are guaranteed to have \"lxm\" claim, so this\n * function should not be used to verify service auth tokens. It is only used to\n * check if a token is definitely a service auth token.\n */\nconst isDefinitelyServiceAuth = (req: IncomingMessage): boolean => {\n const token = bearerTokenFromReq(req)\n if (!token) return false\n const payload = jose.decodeJwt(token)\n return payload['lxm'] != null\n}\n\nconst extractAuthType = (req: IncomingMessage): AuthType | null => {\n const [type] = parseAuthorizationHeader(req)\n return type\n}\n\nconst bearerTokenFromReq = (req: IncomingMessage) => {\n const [type, token] = parseAuthorizationHeader(req)\n return type === AuthType.BEARER ? token : null\n}\n\nconst parseBasicAuth = (\n req: IncomingMessage,\n): { username: string; password: string } | null => {\n try {\n const [type, b64] = parseAuthorizationHeader(req)\n if (type !== AuthType.BASIC) return null\n const decoded = Buffer.from(b64, 'base64').toString('utf8')\n // We must not use split(':') because the password can contain colons\n const colon = decoded.indexOf(':')\n if (colon === -1) return null\n const username = decoded.slice(0, colon)\n const password = decoded.slice(colon + 1)\n return { username, password }\n } catch (err) {\n return null\n }\n}\n\nexport const createSecretKeyObject = (secret: string): KeyObject => {\n return createSecretKey(Buffer.from(secret))\n}\n\nconst keyEncoder = new KeyEncoder('secp256k1')\nexport const createPublicKeyObject = (publicKeyHex: string): KeyObject => {\n const key = keyEncoder.encodePublic(publicKeyHex, 'raw', 'pem')\n return createPublicKey({ format: 'pem', key })\n}\n\nfunction setAuthHeaders(res: ServerResponse) {\n res.setHeader('Cache-Control', 'private')\n appendVary(res, 'Authorization')\n}\n"]}
1
+ {"version":3,"file":"auth-verifier.js","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsjBA,sCAWC;AAjkBD,6CAAyE;AAEzE,2CAA4B;AAC5B,8DAAoC;AACpC,4CAAyD;AACzD,gDAAsE;AACtE,sCAAyE;AACzE,4DAKgC;AAChC,wDAG8B;AAC9B,sDAW6B;AAY7B,6CAAsE;AACtE,6BAAkC;AAClC,sCAAwC;AAiDxC,MAAa,YAAY;IAMvB,YACS,cAA8B,EAC9B,UAAsB,EACtB,aAA4B,EACnC,IAAsB;QAHtB;;;;mBAAO,cAAc;WAAgB;QACrC;;;;mBAAO,UAAU;WAAY;QAC7B;;;;mBAAO,aAAa;WAAe;QAR7B;;;;;WAAkB;QAClB;;;;;WAAkB;QAClB;;;;;WAAkB;QACnB;;;;;WAA8B;QAcrC,0CAA0C;QAEnC;;;;mBAA6D,CAAC,GAAG,EAAE,EAAE;gBAC1E,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBAEvB,0EAA0E;gBAC1E,2EAA2E;gBAC3E,2EAA2E;gBAC3E,uBAAuB;gBACvB,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;oBACrC,MAAM,IAAI,+BAAiB,CAAC,8BAA8B,CAAC,CAAA;gBAC7D,CAAC;gBAED,OAAO;oBACL,WAAW,EAAE,IAAI;iBAClB,CAAA;YACH,CAAC;WAAA;QAEM;;;;mBAAmD,KAAK,EAAE,GAAG,EAAE,EAAE;gBACtE,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACvB,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACtC,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,+BAAiB,EAAE,CAAA;gBAC/B,CAAC;gBACD,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAA;gBACrC,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;oBACzD,MAAM,IAAI,+BAAiB,EAAE,CAAA;gBAC/B,CAAC;gBAED,OAAO,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,CAAA;YACjD,CAAC;WAAA;QAEM;;;;mBAAmD,KAAK,EAAE,GAAG,EAAE,EAAE;gBACtE,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACvB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC1B,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;gBACjE,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE;oBACnD,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,kBAAkB,CAAC;iBACvE,CAAC,CAAA;gBACF,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,aAAa;wBACnB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAEM;;;;mBACL,KAAK,EAAE,GAAG,EAAE,EAAE;gBACZ,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACrC,IAAI,IAAI,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBAC7B,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;gBAC7B,CAAC;YACH,CAAC;WAAA;QAgII;;;;mBAA6D,KAAK,EACvE,GAAG,EACH,EAAE;gBACF,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACvB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACpD,OAAO;oBACL,WAAW,EAAE;wBACX,IAAI,EAAE,mBAAmB;wBACzB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB;iBACF,CAAA;YACH,CAAC;WAAA;QAEM;;;;mBAEH,KAAK,EAAE,GAAG,EAAE,EAAE;gBAChB,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACrC,IAAI,IAAI,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;oBAC7B,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;gBACxC,CAAC;qBAAM,CAAC;oBACN,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;gBAClC,CAAC;YACH,CAAC;WAAA;QApNC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAA;QAC1B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;QAChC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAA;IACvB,CAAC;IA4DS,MAAM,CACd,OAAqD;QAErD,MAAM,EAAE,MAAM,EAAE,GAAG,aAAa,EAAE,GAAG,OAAO,CAAA;QAE5C,MAAM,gBAAgB,GAA8B;YAClD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG;YACvB,GAAG,EAAE,QAAQ;YACb,MAAM;YACJ,mEAAmE;YACnE,0BAA0B;YAC1B,aAAa,CAAC,aAAa,IAAI,MAAM,CAAC,QAAQ,CAAC,sBAAS,CAAC,SAAc,CAAC;gBACtE,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,sBAAS,CAAC,SAAS,CAAC;gBACjD,CAAC,CAAC,MAAM;SACb,CAAA;QAED,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAEvB,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,CACpD,GAAG,CAAC,GAAG,EACP,gBAAgB,CACjB,CAAA;YAED,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;YAE3C,OAAO;gBACL,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,KAAK,EAAE;aAC5C,CAAA;QACH,CAAC,CAAA;IACH,CAAC;IAEM,OAAO,CAAC,OAEd;QACC,MAAM,aAAa,GAA8C;YAC/D,cAAc,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;YAC5D,GAAG,EAAE,aAAa;YAClB,oDAAoD;YACpD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YACjE,MAAM,EAAE,CAAC,sBAAS,CAAC,OAAO,CAAC;SAC5B,CAAA;QAED,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAEvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,aAAa,CAAC,CAAA;YAEjE,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAA;YAC1B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,+BAAiB,CACzB,qCAAqC,EACrC,gBAAgB,CACjB,CAAA;YACH,CAAC;YAED,OAAO;gBACL,WAAW,EAAE;oBACX,IAAI,EAAE,SAAS;oBACf,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO;iBACR;aACF,CAAA;QACH,CAAC,CAAA;IACH,CAAC;IAEM,aAAa,CAAmB,EACrC,MAAM,GAAG,4BAAe,EACxB,UAAU,GAAG,EAAE,EACf,GAAG,OAAO,EAIU;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YACzB,GAAG,OAAO;YACV,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,GAAG,UAAU,CAAC;SACnC,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAEjC,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAErC,IAAI,IAAI,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;gBAC7B,OAAO,MAAM,CAAC,GAAG,CAAC,CAAA;YACpB,CAAC;YAED,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3B,OAAO,KAAK,CAAC,GAAG,CAAC,CAAA;YACnB,CAAC;YAED,uEAAuE;YACvE,+CAA+C;YAC/C,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAEvB,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBAClB,MAAM,IAAI,iCAAmB,CAC3B,+BAA+B,EAC/B,cAAc,CACf,CAAA;YACH,CAAC;YAED,MAAM,IAAI,+BAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;QACvD,CAAC,CAAA;IACH,CAAC;IAEM,iCAAiC,CACtC,IAAiE;QAKjE,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAA;QAC9C,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,MAAM,IAAI,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACrC,IAAI,IAAI,KAAK,QAAQ,CAAC,MAAM,IAAI,IAAI,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACvD,OAAO,aAAa,CAAC,GAAG,CAAC,CAAA;YAC3B,CAAC;iBAAM,IAAI,IAAI,KAAK,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACnC,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;YAC7B,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;YAClC,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IA0BM,8BAA8B,CACnC,OAGsB;QAEtB,MAAM,qBAAqB,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;QACzD,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,IAAI,uBAAuB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrC,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;YAClC,CAAC;iBAAM,CAAC;gBACN,OAAO,qBAAqB,CAAC,GAAG,CAAC,CAAA;YACnC,CAAC;QACH,CAAC,CAAA;IACH,CAAC;IAES,KAAK,CAAmB,EAChC,SAAS,EACT,GAAG,mBAAmB,EACiB;QAIvC,MAAM,kBAAkB,GAA8B;YACpD,QAAQ,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YACzB,KAAK,EAAE,CAAC,SAAS,CAAC;SACnB,CAAA;QAED,OAAO,KAAK,EAAE,GAAG,EAAE,EAAE;YACnB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAEvB,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,CAAA;YAExB,4DAA4D;YAC5D,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,CAAA;YACpD,IAAI,SAAS,EAAE,CAAC;gBACd,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;gBACtC,GAAG,CAAC,YAAY,CAAC,+BAA+B,EAAE,YAAY,CAAC,CAAA;YACjE,CAAC;YAED,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,CAAA;YACrD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;YAEjD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa;iBACjD,mBAAmB,CAClB,GAAG,CAAC,MAAM,IAAI,KAAK,EACnB,GAAG,EACH,GAAG,CAAC,OAAO,EACX,kBAAkB,CACnB;iBACA,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,mEAAmE;gBACnE,0DAA0D;gBAC1D,IAAI,GAAG,YAAY,qCAAoB,EAAE,CAAC;oBACxC,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,qBAAqB,CAAC,CAAA;oBAC5D,GAAG,CAAC,YAAY,CACd,+BAA+B,EAC/B,kBAAkB,CACnB,CAAA;gBACH,CAAC;gBAED,IAAI,GAAG,YAAY,2BAAU,EAAE,CAAC;oBAC9B,MAAM,IAAI,uBAAS,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,iBAAiB,EAAE,GAAG,CAAC,KAAK,CAAC,CAAA;gBACnE,CAAC;gBAED,MAAM,GAAG,CAAA;YACX,CAAC,CAAC,CAAA;YAEJ,IAAI,CAAC,IAAA,iBAAW,EAAC,GAAG,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;YAClE,CAAC;YAED,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,mBAAmB,CAAC,CAAA;YAEjD,MAAM,WAAW,GAAG,IAAI,yCAA0B,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAA;YAErE,sBAAsB;YACtB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,iCAAmB,CAC3B,2CAA2C,EAC3C,cAAc,CACf,CAAA;YACH,CAAC;YAED,MAAM,SAAS,CAAC,WAAW,EAAE,GAAG,CAAC,CAAA;YAEjC,OAAO;gBACL,WAAW,EAAE;oBACX,IAAI,EAAE,OAAO;oBACb,GAAG;oBACH,WAAW;iBACZ;aACF,CAAA;QACH,CAAC,CAAA;IACH,CAAC;IAES,KAAK,CAAC,YAAY,CAC1B,GAAc,EACd,OAAwB;QAExB,IAAI,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACtD,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;QACtC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,WAAW,CACtB,WAA+B,EAC/B,OAAwB;QAExB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,WAAW,EAAE;YAChE,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,yEAAyE;YACzE,MAAM,IAAI,4BAAc,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,OAAO,CAAC,aAAa,IAAI,IAAA,gBAAW,EAAC,OAAO,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,+BAAiB,CACzB,6BAA6B,EAC7B,iBAAiB,CAClB,CAAA;QACH,CAAC;QACD,IAAI,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YACtD,MAAM,IAAI,+BAAiB,CACzB,wBAAwB,EACxB,oBAAoB,CACrB,CAAA;QACH,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;IAED;;;OAGG;IACO,KAAK,CAAC,eAAe,CAC7B,GAAoB,EACpB,EAAE,MAAM,EAAE,GAAG,OAAO,EAA6B;QAEjD,MAAM,KAAK,GAAG,IAAA,0BAAkB,EAAC,GAAG,CAAC,CAAA;QACrC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,+BAAiB,CAAC,SAAS,EAAE,aAAa,CAAC,CAAA;QACvD,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI;aAC3B,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC;aACvC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACf,IAAI,KAAK,YAAY,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC5C,MAAM,IAAI,iCAAmB,CAAC,mBAAmB,EAAE,cAAc,EAAE;oBACjE,KAAK;iBACN,CAAC,CAAA;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,iCAAmB,CAC3B,6BAA6B,EAC7B,cAAc,EACd,EAAE,KAAK,EAAE,CACV,CAAA;YACH,CAAC;QACH,CAAC,CAAC,CAAA;QAEJ,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAA;QAElD,IAAI,OAAO,GAAG,KAAK,WAAW,EAAE,CAAC;YAC/B,sEAAsE;YACtE,yEAAyE;YACzE,+DAA+D;YAC/D,yEAAyE;YACzE,mBAAmB;YACnB,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,WAAW,EAAE,CAAC;YAC/B,wDAAwD;YACxD,8CAA8C;YAC9C,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,IAAA,iBAAW,EAAC,GAAG,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,OAAO,GAAG,KAAK,WAAW,EAAE,CAAC;YAC1D,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QACD,IAAI,CAAC,IAAA,wBAAW,EAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAY,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,iCAAmB,CAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;QAClE,CAAC;QAED,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,KAAU,EAAE,CAAA;IAC7C,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC9B,GAAoB,EACpB,IAAyB;QAEzB,MAAM,MAAM,GAAG,IAAA,0BAAkB,EAAC,GAAG,CAAC,CAAA;QACtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,+BAAiB,CAAC,aAAa,EAAE,YAAY,CAAC,CAAA;QAC1D,CAAC;QAED,MAAM,IAAI,GAAG,IAAA,0BAAY,EAAC,GAAG,CAAC,CAAA;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAA,uBAAgB,EACpC,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,KAAK,EAAE,GAAG,EAAE,YAAY,EAAE,EAAE;YAC1B,IAAI,IAAI,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzC,MAAM,IAAI,+BAAiB,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAA;YACjE,CAAC;YACD,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACvC,MAAM,KAAK,GACT,SAAS,KAAK,iBAAiB,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAA;YAC/D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YACnE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,2BAA2B,CAAC,CAAA;YAC1D,CAAC;YACD,MAAM,SAAS,GAAG,IAAA,gCAAuB,EAAC,MAAM,EAAE,KAAK,CAAC,CAAA;YACxD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,MAAM,MAAM,GAAG,IAAA,iCAAsB,EAAC,SAAS,CAAC,CAAA;YAChD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,+BAAiB,CAAC,+BAA+B,CAAC,CAAA;YAC9D,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC,CACF,CAAA;QACD,IACE,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,GAAG;YAC7B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAC3D,CAAC;YACD,MAAM,IAAI,+BAAiB,CACzB,yCAAyC,EACzC,gBAAgB,CACjB,CAAA;QACH,CAAC;QACD,OAAO,OAAO,CAAA;IAChB,CAAC;CACF;AAtdD,oCAsdC;AAED,UAAU;AACV,YAAY;AAEZ,SAAgB,aAAa,CAC3B,IAA2E,EAC3E,GAAW;IAEX,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACtB,OAAO,KAAK,CAAA;IACd,CAAC;SAAM,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACnD,OAAO,IAAI,CAAA;IACb,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,KAAK,GAAG,CAAA;IACrC,CAAC;AACH,CAAC;AAED,IAAK,QAIJ;AAJD,WAAK,QAAQ;IACX,2BAAe,CAAA;IACf,6BAAiB,CAAA;IACjB,yBAAa,CAAA;AACf,CAAC,EAJI,QAAQ,KAAR,QAAQ,QAIZ;AAED,MAAM,wBAAwB,GAAG,CAC/B,GAAoB,EAC4B,EAAE;IAClD,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IAClD,IAAI,CAAC,aAAa;QAAE,OAAO,CAAC,IAAI,CAAC,CAAA;IAEjC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,iCAAmB,CAC3B,gCAAgC,EAChC,cAAc,CACf,CAAA;IACH,CAAC;IAED,yCAAyC;IACzC,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;IAExC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC1E,IAAI,IAAI;QAAE,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;IAElC,MAAM,IAAI,iCAAmB,CAC3B,mCAAmC,MAAM,CAAC,CAAC,CAAC,EAAE,EAC9C,cAAc,CACf,CAAA;AACH,CAAC,CAAA;AAED;;;;GAIG;AACH,MAAM,uBAAuB,GAAG,CAAC,GAAoB,EAAW,EAAE;IAChE,MAAM,KAAK,GAAG,IAAA,0BAAkB,EAAC,GAAG,CAAC,CAAA;IACrC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAA;IACxB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IACrC,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAA;AAC/B,CAAC,CAAA;AAED,MAAM,eAAe,GAAG,CAAC,GAAoB,EAAmB,EAAE;IAChE,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAA;IAC5C,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAEM,MAAM,kBAAkB,GAAG,CAAC,GAAoB,EAAE,EAAE;IACzD,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAA;IACnD,OAAO,IAAI,KAAK,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAA;AAChD,CAAC,CAAA;AAHY,QAAA,kBAAkB,sBAG9B;AAED,MAAM,cAAc,GAAG,CACrB,GAAoB,EAC2B,EAAE;IACjD,IAAI,CAAC;QACH,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAA;QACjD,IAAI,IAAI,KAAK,QAAQ,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAC3D,qEAAqE;QACrE,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClC,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAA;QAC7B,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;QACxC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAA;QACzC,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAA;IAC/B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC,CAAA;AAEM,MAAM,qBAAqB,GAAG,CAAC,MAAc,EAAa,EAAE;IACjE,OAAO,IAAA,6BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAA;AAC7C,CAAC,CAAA;AAFY,QAAA,qBAAqB,yBAEjC;AAED,MAAM,UAAU,GAAG,IAAI,qBAAU,CAAC,WAAW,CAAC,CAAA;AACvC,MAAM,qBAAqB,GAAG,CAAC,YAAoB,EAAa,EAAE;IACvE,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,CAAC,YAAY,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;IAC/D,OAAO,IAAA,6BAAe,EAAC,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAA;AAChD,CAAC,CAAA;AAHY,QAAA,qBAAqB,yBAGjC;AAED,SAAS,cAAc,CAAC,GAAmB;IACzC,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,SAAS,CAAC,CAAA;IACzC,IAAA,iBAAU,EAAC,GAAG,EAAE,eAAe,CAAC,CAAA;AAClC,CAAC","sourcesContent":["import { KeyObject, createPublicKey, createSecretKey } from 'node:crypto'\nimport { IncomingMessage, ServerResponse } from 'node:http'\nimport * as jose from 'jose'\nimport KeyEncoder from 'key-encoder'\nimport { getVerificationMaterial } from '@atproto/common'\nimport { IdResolver, getDidKeyFromMultibase } from '@atproto/identity'\nimport { AtIdentifierString, DidString, isDidString } from '@atproto/lex'\nimport {\n OAuthError,\n OAuthVerifier,\n VerifyTokenPayloadOptions,\n WWWAuthenticateError,\n} from '@atproto/oauth-provider'\nimport {\n ScopePermissions,\n ScopePermissionsTransition,\n} from '@atproto/oauth-scopes'\nimport {\n AuthRequiredError,\n Awaitable,\n ForbiddenError,\n InvalidRequestError,\n MethodAuthContext,\n MethodAuthVerifier,\n Params,\n XRPCError,\n parseReqNsid,\n verifyJwt as verifyServiceJwt,\n} from '@atproto/xrpc-server'\nimport { AccountManager } from './account-manager/account-manager'\nimport { ActorAccount } from './account-manager/helpers/account'\nimport {\n AccessOutput,\n AdminTokenOutput,\n ModServiceOutput,\n OAuthOutput,\n RefreshOutput,\n UnauthenticatedOutput,\n UserServiceAuthOutput,\n} from './auth-output'\nimport { ACCESS_STANDARD, AuthScope, isAuthScope } from './auth-scope'\nimport { softDeleted } from './db'\nimport { appendVary } from './util/http'\nimport { WithRequired } from './util/types'\n\nexport type VerifiedOptions = {\n checkTakedown?: boolean\n checkDeactivated?: boolean\n}\n\nexport type ScopedOptions<S extends AuthScope = AuthScope> = {\n scopes?: readonly S[]\n}\n\nexport type ExtraScopedOptions<S extends AuthScope = AuthScope> = {\n additional?: readonly S[]\n}\n\nexport type AuthorizedOptions<P extends Params = Params> = {\n authorize: (\n permissions: ScopePermissions,\n ctx: MethodAuthContext<P>,\n ) => Awaitable<void>\n}\n\nexport type AuthVerifierOpts = {\n publicUrl: string\n jwtKey: KeyObject\n adminPass: string\n dids: {\n pds: string\n entryway?: string\n modService?: string\n }\n}\n\nexport type VerifyBearerJwtOptions<S extends AuthScope = AuthScope> =\n WithRequired<\n Omit<jose.JWTVerifyOptions, 'scopes'> & {\n scopes: readonly S[]\n },\n 'audience' | 'typ'\n >\n\nexport type VerifyBearerJwtResult<S extends AuthScope = AuthScope> = {\n sub: DidString\n aud: string\n jti: string | undefined\n scope: S\n}\n\nexport class AuthVerifier {\n private _publicUrl: string\n private _jwtKey: KeyObject\n private _adminPass: string\n public dids: AuthVerifierOpts['dids']\n\n constructor(\n public accountManager: AccountManager,\n public idResolver: IdResolver,\n public oauthVerifier: OAuthVerifier,\n opts: AuthVerifierOpts,\n ) {\n this._publicUrl = opts.publicUrl\n this._jwtKey = opts.jwtKey\n this._adminPass = opts.adminPass\n this.dids = opts.dids\n }\n\n // verifiers (arrow fns to preserve scope)\n\n public unauthenticated: MethodAuthVerifier<UnauthenticatedOutput> = (ctx) => {\n setAuthHeaders(ctx.res)\n\n // @NOTE this auth method is typically used as fallback when no other auth\n // method is applicable. This means that the presence of an \"authorization\"\n // header means that that header is invalid (as it did not match any of the\n // other auth methods).\n if (ctx.req.headers['authorization']) {\n throw new AuthRequiredError('Invalid authorization header')\n }\n\n return {\n credentials: null,\n }\n }\n\n public adminToken: MethodAuthVerifier<AdminTokenOutput> = async (ctx) => {\n setAuthHeaders(ctx.res)\n const parsed = parseBasicAuth(ctx.req)\n if (!parsed) {\n throw new AuthRequiredError()\n }\n const { username, password } = parsed\n if (username !== 'admin' || password !== this._adminPass) {\n throw new AuthRequiredError()\n }\n\n return { credentials: { type: 'admin_token' } }\n }\n\n public modService: MethodAuthVerifier<ModServiceOutput> = async (ctx) => {\n setAuthHeaders(ctx.res)\n if (!this.dids.modService) {\n throw new AuthRequiredError('Untrusted issuer', 'UntrustedIss')\n }\n const payload = await this.verifyServiceJwt(ctx.req, {\n iss: [this.dids.modService, `${this.dids.modService}#atproto_labeler`],\n })\n return {\n credentials: {\n type: 'mod_service',\n did: payload.iss,\n },\n }\n }\n\n public moderator: MethodAuthVerifier<AdminTokenOutput | ModServiceOutput> =\n async (ctx) => {\n const type = extractAuthType(ctx.req)\n if (type === AuthType.BEARER) {\n return this.modService(ctx)\n } else {\n return this.adminToken(ctx)\n }\n }\n\n protected access<S extends AuthScope>(\n options: VerifiedOptions & Required<ScopedOptions<S>>,\n ): MethodAuthVerifier<AccessOutput<S>> {\n const { scopes, ...statusOptions } = options\n\n const verifyJwtOptions: VerifyBearerJwtOptions<S> = {\n audience: this.dids.pds,\n typ: 'at+jwt',\n scopes:\n // @NOTE We can reject taken down credentials based on the scope if\n // \"checkTakedown\" is set.\n statusOptions.checkTakedown && scopes.includes(AuthScope.Takendown as S)\n ? scopes.filter((s) => s !== AuthScope.Takendown)\n : scopes,\n }\n\n return async (ctx) => {\n setAuthHeaders(ctx.res)\n\n const { sub: did, scope } = await this.verifyBearerJwt(\n ctx.req,\n verifyJwtOptions,\n )\n\n await this.verifyStatus(did, statusOptions)\n\n return {\n credentials: { type: 'access', did, scope },\n }\n }\n }\n\n public refresh(options?: {\n allowExpired?: boolean\n }): MethodAuthVerifier<RefreshOutput> {\n const verifyOptions: VerifyBearerJwtOptions<AuthScope.Refresh> = {\n clockTolerance: options?.allowExpired ? Infinity : undefined,\n typ: 'refresh+jwt',\n // when using entryway, proxying refresh credentials\n audience: this.dids.entryway ? this.dids.entryway : this.dids.pds,\n scopes: [AuthScope.Refresh],\n }\n\n return async (ctx) => {\n setAuthHeaders(ctx.res)\n\n const result = await this.verifyBearerJwt(ctx.req, verifyOptions)\n\n const tokenId = result.jti\n if (!tokenId) {\n throw new AuthRequiredError(\n 'Unexpected missing refresh token id',\n 'MissingTokenId',\n )\n }\n\n return {\n credentials: {\n type: 'refresh',\n did: result.sub,\n scope: result.scope,\n tokenId,\n },\n }\n }\n }\n\n public authorization<P extends Params>({\n scopes = ACCESS_STANDARD,\n additional = [],\n ...options\n }: VerifiedOptions &\n ScopedOptions &\n ExtraScopedOptions &\n AuthorizedOptions<P>): MethodAuthVerifier<AccessOutput | OAuthOutput, P> {\n const access = this.access({\n ...options,\n scopes: [...scopes, ...additional],\n })\n const oauth = this.oauth(options)\n\n return async (ctx) => {\n const type = extractAuthType(ctx.req)\n\n if (type === AuthType.BEARER) {\n return access(ctx)\n }\n\n if (type === AuthType.DPOP) {\n return oauth(ctx)\n }\n\n // Auth headers are set through the access and oauth methods so we only\n // need to set them here if we reach this point\n setAuthHeaders(ctx.res)\n\n if (type !== null) {\n throw new InvalidRequestError(\n 'Unexpected authorization type',\n 'InvalidToken',\n )\n }\n\n throw new AuthRequiredError(undefined, 'AuthMissing')\n }\n }\n\n public authorizationOrAdminTokenOptional<P extends Params>(\n opts: VerifiedOptions & ExtraScopedOptions & AuthorizedOptions<P>,\n ): MethodAuthVerifier<\n OAuthOutput | AccessOutput | AdminTokenOutput | UnauthenticatedOutput,\n P\n > {\n const authorization = this.authorization(opts)\n return async (ctx) => {\n const type = extractAuthType(ctx.req)\n if (type === AuthType.BEARER || type === AuthType.DPOP) {\n return authorization(ctx)\n } else if (type === AuthType.BASIC) {\n return this.adminToken(ctx)\n } else {\n return this.unauthenticated(ctx)\n }\n }\n }\n\n public userServiceAuth: MethodAuthVerifier<UserServiceAuthOutput> = async (\n ctx,\n ) => {\n setAuthHeaders(ctx.res)\n const payload = await this.verifyServiceJwt(ctx.req)\n return {\n credentials: {\n type: 'user_service_auth',\n did: payload.iss,\n },\n }\n }\n\n public userServiceAuthOptional: MethodAuthVerifier<\n UserServiceAuthOutput | UnauthenticatedOutput\n > = async (ctx) => {\n const type = extractAuthType(ctx.req)\n if (type === AuthType.BEARER) {\n return await this.userServiceAuth(ctx)\n } else {\n return this.unauthenticated(ctx)\n }\n }\n\n public authorizationOrUserServiceAuth<P extends Params>(\n options: VerifiedOptions &\n ScopedOptions &\n ExtraScopedOptions &\n AuthorizedOptions<P>,\n ): MethodAuthVerifier<UserServiceAuthOutput | OAuthOutput | AccessOutput, P> {\n const authorizationVerifier = this.authorization(options)\n return async (ctx) => {\n if (isDefinitelyServiceAuth(ctx.req)) {\n return this.userServiceAuth(ctx)\n } else {\n return authorizationVerifier(ctx)\n }\n }\n }\n\n protected oauth<P extends Params>({\n authorize,\n ...verifyStatusOptions\n }: VerifiedOptions & AuthorizedOptions<P>): MethodAuthVerifier<\n OAuthOutput,\n P\n > {\n const verifyTokenOptions: VerifyTokenPayloadOptions = {\n audience: [this.dids.pds],\n scope: ['atproto'],\n }\n\n return async (ctx) => {\n setAuthHeaders(ctx.res)\n\n const { req, res } = ctx\n\n // https://datatracker.ietf.org/doc/html/rfc9449#section-8.2\n const dpopNonce = this.oauthVerifier.nextDpopNonce()\n if (dpopNonce) {\n res.setHeader('DPoP-Nonce', dpopNonce)\n res.appendHeader('Access-Control-Expose-Headers', 'DPoP-Nonce')\n }\n\n const originalUrl = req.originalUrl || req.url || '/'\n const url = new URL(originalUrl, this._publicUrl)\n\n const { scope, sub: did } = await this.oauthVerifier\n .authenticateRequest(\n req.method || 'GET',\n url,\n req.headers,\n verifyTokenOptions,\n )\n .catch((err) => {\n // Make sure to include any WWW-Authenticate header in the response\n // (particularly useful for DPoP's \"use_dpop_nonce\" error)\n if (err instanceof WWWAuthenticateError) {\n res.setHeader('WWW-Authenticate', err.wwwAuthenticateHeader)\n res.appendHeader(\n 'Access-Control-Expose-Headers',\n 'WWW-Authenticate',\n )\n }\n\n if (err instanceof OAuthError) {\n throw new XRPCError(err.status, err.error_description, err.error)\n }\n\n throw err\n })\n\n if (!isDidString(did)) {\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n\n await this.verifyStatus(did, verifyStatusOptions)\n\n const permissions = new ScopePermissionsTransition(scope?.split(' '))\n\n // Should never happen\n if (!permissions.scopes.has('atproto')) {\n throw new InvalidRequestError(\n 'OAuth token does not have \"atproto\" scope',\n 'InvalidToken',\n )\n }\n\n await authorize(permissions, ctx)\n\n return {\n credentials: {\n type: 'oauth',\n did,\n permissions,\n },\n }\n }\n }\n\n protected async verifyStatus(\n did: DidString,\n options: VerifiedOptions,\n ): Promise<void> {\n if (options.checkDeactivated || options.checkTakedown) {\n await this.findAccount(did, options)\n }\n }\n\n /**\n * Finds an account by its handle or DID, returning possibly deactivated or\n * taken down accounts (unless `options.checkDeactivated` or\n * `options.checkTakedown` are set to true, respectively).\n */\n public async findAccount(\n handleOrDid: AtIdentifierString,\n options: VerifiedOptions,\n ): Promise<ActorAccount> {\n const account = await this.accountManager.getAccount(handleOrDid, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n if (!account) {\n // will be turned into ExpiredToken for the client if proxied by entryway\n throw new ForbiddenError('Account not found', 'AccountNotFound')\n }\n if (options.checkTakedown && softDeleted(account)) {\n throw new AuthRequiredError(\n 'Account has been taken down',\n 'AccountTakedown',\n )\n }\n if (options.checkDeactivated && account.deactivatedAt) {\n throw new AuthRequiredError(\n 'Account is deactivated',\n 'AccountDeactivated',\n )\n }\n return account\n }\n\n /**\n * Wraps {@link jose.jwtVerify} into a function that also validates the token\n * payload's type and wraps errors into {@link InvalidRequestError}.\n */\n protected async verifyBearerJwt<S extends AuthScope = AuthScope>(\n req: IncomingMessage,\n { scopes, ...options }: VerifyBearerJwtOptions<S>,\n ): Promise<VerifyBearerJwtResult<S>> {\n const token = bearerTokenFromReq(req)\n if (!token) {\n throw new AuthRequiredError(undefined, 'AuthMissing')\n }\n\n const { payload } = await jose\n .jwtVerify(token, this._jwtKey, options)\n .catch((cause) => {\n if (cause instanceof jose.errors.JWTExpired) {\n throw new InvalidRequestError('Token has expired', 'ExpiredToken', {\n cause,\n })\n } else {\n throw new InvalidRequestError(\n 'Token could not be verified',\n 'InvalidToken',\n { cause },\n )\n }\n })\n\n const { sub, aud, scope, lxm, cnf, jti } = payload\n\n if (typeof lxm !== 'undefined') {\n // Service auth tokens should never make it to here. But since service\n // auth tokens do not have a \"typ\" header, the \"typ\" check above will not\n // catch them. This check here is mainly to protect against the\n // hypothetical case in which a PDS would issue service auth tokens using\n // its private key.\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n if (typeof cnf !== 'undefined') {\n // Proof-of-Possession (PoP) tokens are not allowed here\n // https://www.rfc-editor.org/rfc/rfc7800.html\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n if (typeof sub !== 'string' || !isDidString(sub)) {\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n if (typeof aud !== 'string' || !aud.startsWith('did:')) {\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n if (typeof jti !== 'string' && typeof jti !== 'undefined') {\n throw new InvalidRequestError('Malformed token', 'InvalidToken')\n }\n if (!isAuthScope(scope) || !scopes.includes(scope as any)) {\n throw new InvalidRequestError('Bad token scope', 'InvalidToken')\n }\n\n return { sub, aud, jti, scope: scope as S }\n }\n\n protected async verifyServiceJwt(\n req: IncomingMessage,\n opts?: { iss?: string[] },\n ) {\n const jwtStr = bearerTokenFromReq(req)\n if (!jwtStr) {\n throw new AuthRequiredError('missing jwt', 'MissingJwt')\n }\n\n const nsid = parseReqNsid(req)\n const payload = await verifyServiceJwt(\n jwtStr,\n null,\n nsid,\n async (iss, forceRefresh) => {\n if (opts?.iss && !opts.iss.includes(iss)) {\n throw new AuthRequiredError('Untrusted issuer', 'UntrustedIss')\n }\n const [did, serviceId] = iss.split('#')\n const keyId =\n serviceId === 'atproto_labeler' ? 'atproto_label' : 'atproto'\n const didDoc = await this.idResolver.did.resolve(did, forceRefresh)\n if (!didDoc) {\n throw new AuthRequiredError('could not resolve iss did')\n }\n const parsedKey = getVerificationMaterial(didDoc, keyId)\n if (!parsedKey) {\n throw new AuthRequiredError('missing or bad key in did doc')\n }\n const didKey = getDidKeyFromMultibase(parsedKey)\n if (!didKey) {\n throw new AuthRequiredError('missing or bad key in did doc')\n }\n return didKey\n },\n )\n if (\n payload.aud !== this.dids.pds &&\n (!this.dids.entryway || payload.aud !== this.dids.entryway)\n ) {\n throw new AuthRequiredError(\n 'jwt audience does not match service did',\n 'BadJwtAudience',\n )\n }\n return payload\n }\n}\n\n// HELPERS\n// ---------\n\nexport function isUserOrAdmin(\n auth: AccessOutput | OAuthOutput | AdminTokenOutput | UnauthenticatedOutput,\n did: string,\n): boolean {\n if (!auth.credentials) {\n return false\n } else if (auth.credentials.type === 'admin_token') {\n return true\n } else {\n return auth.credentials.did === did\n }\n}\n\nenum AuthType {\n BASIC = 'Basic',\n BEARER = 'Bearer',\n DPOP = 'DPoP',\n}\n\nconst parseAuthorizationHeader = (\n req: IncomingMessage,\n): [type: null] | [type: AuthType, token: string] => {\n const authorization = req.headers['authorization']\n if (!authorization) return [null]\n\n const result = authorization.split(' ')\n if (result.length !== 2) {\n throw new InvalidRequestError(\n 'Malformed authorization header',\n 'InvalidToken',\n )\n }\n\n // authorization type is case-insensitive\n const authType = result[0].toUpperCase()\n\n const type = Object.hasOwn(AuthType, authType) ? AuthType[authType] : null\n if (type) return [type, result[1]]\n\n throw new InvalidRequestError(\n `Unsupported authorization type: ${result[0]}`,\n 'InvalidToken',\n )\n}\n\n/**\n * @note Not all service auth tokens are guaranteed to have \"lxm\" claim, so this\n * function should not be used to verify service auth tokens. It is only used to\n * check if a token is definitely a service auth token.\n */\nconst isDefinitelyServiceAuth = (req: IncomingMessage): boolean => {\n const token = bearerTokenFromReq(req)\n if (!token) return false\n const payload = jose.decodeJwt(token)\n return payload['lxm'] != null\n}\n\nconst extractAuthType = (req: IncomingMessage): AuthType | null => {\n const [type] = parseAuthorizationHeader(req)\n return type\n}\n\nexport const bearerTokenFromReq = (req: IncomingMessage) => {\n const [type, token] = parseAuthorizationHeader(req)\n return type === AuthType.BEARER ? token : null\n}\n\nconst parseBasicAuth = (\n req: IncomingMessage,\n): { username: string; password: string } | null => {\n try {\n const [type, b64] = parseAuthorizationHeader(req)\n if (type !== AuthType.BASIC) return null\n const decoded = Buffer.from(b64, 'base64').toString('utf8')\n // We must not use split(':') because the password can contain colons\n const colon = decoded.indexOf(':')\n if (colon === -1) return null\n const username = decoded.slice(0, colon)\n const password = decoded.slice(colon + 1)\n return { username, password }\n } catch (err) {\n return null\n }\n}\n\nexport const createSecretKeyObject = (secret: string): KeyObject => {\n return createSecretKey(Buffer.from(secret))\n}\n\nconst keyEncoder = new KeyEncoder('secp256k1')\nexport const createPublicKeyObject = (publicKeyHex: string): KeyObject => {\n const key = keyEncoder.encodePublic(publicKeyHex, 'raw', 'pem')\n return createPublicKey({ format: 'pem', key })\n}\n\nfunction setAuthHeaders(res: ServerResponse) {\n res.setHeader('Cache-Control', 'private')\n appendVary(res, 'Authorization')\n}\n"]}
package/dist/index.d.ts CHANGED
@@ -6,7 +6,7 @@ import { ServerConfig, ServerSecrets } from './config';
6
6
  import { AppContext, AppContextOptions } from './context';
7
7
  import { app } from './lexicons.js';
8
8
  export * from './lexicons.js';
9
- export { createSecretKeyObject } from './auth-verifier';
9
+ export { bearerTokenFromReq, createPublicKeyObject, createSecretKeyObject, } from './auth-verifier';
10
10
  export * from './config';
11
11
  export { AppContext } from './context';
12
12
  export { Database } from './db';
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,sBAAsB,CAAA;AAG7B,OAAO,IAAI,MAAM,WAAW,CAAA;AAG5B,OAAO,OAAO,MAAM,SAAS,CAAA;AAG7B,OAAO,EAEL,aAAa,EAKd,MAAM,sBAAsB,CAAA;AAI7B,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACtD,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAEzD,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAA;AAMnC,cAAc,eAAe,CAAA;AAC7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAA;AACvD,cAAc,UAAU,CAAA;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAA;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAA;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,KAAK,iBAAiB,EAAE,KAAK,aAAa,EAAE,MAAM,QAAQ,CAAA;AACnE,OAAO,KAAK,WAAW,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,KAAK,SAAS,MAAM,aAAa,CAAA;AAExC;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,aAAa,CACzC,IAAI,EACJ,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,EACrC,IAAI,EACJ,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CACtC,CAAA;AAED,qBAAa,GAAG;IACP,GAAG,EAAE,UAAU,CAAA;IACf,GAAG,EAAE,OAAO,CAAC,WAAW,CAAA;IACxB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAA;IAC3B,OAAO,CAAC,UAAU,CAAC,CAAgB;IACnC,OAAO,CAAC,eAAe,CAAC,CAAgB;IACxC,OAAO,CAAC,sBAAsB,CAAC,CAAgB;gBAEnC,IAAI,EAAE;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,GAAG,EAAE,OAAO,CAAC,WAAW,CAAA;KAAE;WAKlD,MAAM,CACjB,GAAG,EAAE,YAAY,EACjB,OAAO,EAAE,aAAa,EACtB,SAAS,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,GACrC,OAAO,CAAC,GAAG,CAAC;IAsGT,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC;IAU7B,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAU/B;AAED,eAAe,GAAG,CAAA"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,sBAAsB,CAAA;AAG7B,OAAO,IAAI,MAAM,WAAW,CAAA;AAG5B,OAAO,OAAO,MAAM,SAAS,CAAA;AAG7B,OAAO,EAEL,aAAa,EAKd,MAAM,sBAAsB,CAAA;AAI7B,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACtD,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAEzD,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAA;AAMnC,cAAc,eAAe,CAAA;AAC7B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,iBAAiB,CAAA;AACxB,cAAc,UAAU,CAAA;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAA;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAA;AAC/B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAA;AACrC,OAAO,EAAE,KAAK,iBAAiB,EAAE,KAAK,aAAa,EAAE,MAAM,QAAQ,CAAA;AACnE,OAAO,KAAK,WAAW,MAAM,gBAAgB,CAAA;AAC7C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,KAAK,SAAS,MAAM,aAAa,CAAA;AAExC;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,aAAa,CACzC,IAAI,EACJ,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,EACrC,IAAI,EACJ,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CACtC,CAAA;AAED,qBAAa,GAAG;IACP,GAAG,EAAE,UAAU,CAAA;IACf,GAAG,EAAE,OAAO,CAAC,WAAW,CAAA;IACxB,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAA;IAC3B,OAAO,CAAC,UAAU,CAAC,CAAgB;IACnC,OAAO,CAAC,eAAe,CAAC,CAAgB;IACxC,OAAO,CAAC,sBAAsB,CAAC,CAAgB;gBAEnC,IAAI,EAAE;QAAE,GAAG,EAAE,UAAU,CAAC;QAAC,GAAG,EAAE,OAAO,CAAC,WAAW,CAAA;KAAE;WAKlD,MAAM,CACjB,GAAG,EAAE,YAAY,EACjB,OAAO,EAAE,aAAa,EACtB,SAAS,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,GACrC,OAAO,CAAC,GAAG,CAAC;IAsGT,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC;IAU7B,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAU/B;AAED,eAAe,GAAG,CAAA"}
package/dist/index.js CHANGED
@@ -39,7 +39,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
39
39
  return (mod && mod.__esModule) ? mod : { "default": mod };
40
40
  };
41
41
  Object.defineProperty(exports, "__esModule", { value: true });
42
- exports.PDS = exports.sequencer = exports.scripts = exports.repoPrepare = exports.httpLogger = exports.DiskBlobStore = exports.Database = exports.AppContext = exports.createSecretKeyObject = void 0;
42
+ exports.PDS = exports.sequencer = exports.scripts = exports.repoPrepare = exports.httpLogger = exports.DiskBlobStore = exports.Database = exports.AppContext = exports.createSecretKeyObject = exports.createPublicKeyObject = exports.bearerTokenFromReq = void 0;
43
43
  // catch errors that get thrown in async route handlers
44
44
  // this is a relatively non-invasive change to express
45
45
  // they get handled in the error.handler middleware
@@ -63,6 +63,8 @@ const compression_1 = __importDefault(require("./util/compression"));
63
63
  const wellKnown = __importStar(require("./well-known"));
64
64
  __exportStar(require("./lexicons.js"), exports);
65
65
  var auth_verifier_1 = require("./auth-verifier");
66
+ Object.defineProperty(exports, "bearerTokenFromReq", { enumerable: true, get: function () { return auth_verifier_1.bearerTokenFromReq; } });
67
+ Object.defineProperty(exports, "createPublicKeyObject", { enumerable: true, get: function () { return auth_verifier_1.createPublicKeyObject; } });
66
68
  Object.defineProperty(exports, "createSecretKeyObject", { enumerable: true, get: function () { return auth_verifier_1.createSecretKeyObject; } });
67
69
  __exportStar(require("./config"), exports);
68
70
  var context_2 = require("./context");
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAAuD;AACvD,sDAAsD;AACtD,mDAAmD;AACnD,+CAA+C;AAC/C,gCAA6B;AAE7B,8DAAgC;AAEhC,sCAA6C;AAC7C,gDAAuB;AACvB,sDAA6B;AAC7B,qDAAsE;AACtE,4CAA2D;AAC3D,sDAO6B;AAC7B,gDAA6B;AAC7B,0DAA2C;AAC3C,4DAA6C;AAE7C,uCAAyD;AACzD,+CAAgC;AAEhC,qCAA2C;AAC3C,+CAA4C;AAC5C,qEAA4C;AAC5C,wDAAyC;AAEzC,gDAA6B;AAC7B,iDAAuD;AAA9C,sHAAA,qBAAqB,OAAA;AAC9B,2CAAwB;AACxB,qCAAsC;AAA7B,qGAAA,UAAU,OAAA;AACnB,2BAA+B;AAAtB,8FAAA,QAAQ,OAAA;AACjB,mDAAgD;AAAvC,+GAAA,aAAa,OAAA;AACtB,mCAAqC;AAA5B,oGAAA,UAAU,OAAA;AAEnB,8DAA6C;AAC7C,qCAAmC;AAA1B,kGAAA,OAAO,OAAA;AAChB,yDAAwC;AAYxC,MAAa,GAAG;IAQd,YAAY,IAAmD;QAPxD;;;;;WAAe;QACf;;;;;WAAwB;QACxB;;;;;WAAoB;QACnB;;;;;WAA2B;QAC3B;;;;;WAAgC;QAChC;;;;;WAAuC;QAG7C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;QACnB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;IACrB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CACjB,GAAiB,EACjB,OAAsB,EACtB,SAAsC;QAEtC,MAAM,GAAG,GAAG,MAAM,oBAAU,CAAC,UAAU,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,GAAG,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,0BAAY,EAAC,EAAE,EAAE;YAC9B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YACrC,OAAO,EAAE;gBACP,SAAS,EAAE,GAAG,GAAG,IAAI,EAAE,QAAQ;gBAC/B,SAAS,EAAE,GAAG,GAAG,IAAI,EAAE,QAAQ;gBAC/B,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe;aACvC;YACD,QAAQ,EAAE,IAAA,0BAAY,EAAC,GAAG,CAAC;YAC3B,WAAW,EAAE,CAAC,GAAG,EAAE,EAAE;gBACnB,IAAI,GAAG,YAAY,oBAAc,EAAE,CAAC;oBAClC,MAAM,cAAc,GAClB,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;wBAC5B,GAAG,CAAC,IAAI,IAAI,IAAI;wBAChB,SAAS,IAAI,GAAG,CAAC,IAAI;wBACrB,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,QAAQ;wBACpC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAA;oBAElB,MAAM,IAAI,GACR,GAAG,CAAC,MAAM,IAAI,GAAG;wBACf,CAAC,CAAC,0BAAY,CAAC,eAAe;wBAC9B,CAAC,CAAC,0BAAY,CAAC,cAAc,CAAA;oBAEjC,OAAO,IAAI,uBAAS,CAClB,IAAI,EACJ,cAAc,IAAI,iCAAiC,CACpD,CAAA;gBACH,CAAC;gBAED,OAAO,uBAAS,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;YACjC,CAAC;YACD,UAAU,EAAE,UAAU,CAAC,OAAO;gBAC5B,CAAC,CAAC;oBACE,OAAO,EAAE,GAAG,CAAC,YAAY;wBACvB,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,8BAAgB,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC;wBACxD,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,+BAAiB,CAAC,IAAI,CAAC;oBACzC,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE;wBAClB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,UAAU,CAAA;wBAC3C,IACE,SAAS;4BACT,SAAS,KAAK,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAC/C,CAAC;4BACD,OAAO,IAAI,CAAA;wBACb,CAAC;wBACD,IAAI,SAAS,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;4BAC5C,OAAO,IAAI,CAAA;wBACb,CAAC;wBACD,OAAO,KAAK,CAAA;oBACd,CAAC;oBACD,MAAM,EAAE;wBACN;4BACE,IAAI,EAAE,WAAW;4BACjB,UAAU,EAAE,CAAC,GAAG,eAAM;4BACtB,MAAM,EAAE,IAAI;yBACb;qBACF;oBACD,MAAM,EAAE;wBACN;4BACE,IAAI,EAAE,iBAAiB;4BACvB,UAAU,EAAE,aAAI;4BAChB,MAAM,EAAE,IAAI,EAAE,+BAA+B;yBAC9C;wBACD;4BACE,IAAI,EAAE,gBAAgB;4BACtB,UAAU,EAAE,YAAG;4BACf,MAAM,EAAE,KAAK,EAAE,+BAA+B;yBAC/C;qBACF;iBACF;gBACH,CAAC,CAAC,SAAS;SACd,CAAC,CAAA;QAEF,IAAA,aAAS,EAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QAEtB,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAA;QACrB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE;YACrB,qBAAqB;YACrB,UAAU;YACV,WAAW;YACX,aAAa;YACb,6CAA6C;YAC7C,GAAG,aAAa,CAAC,GAAG,CAAC;SACtB,CAAC,CAAA;QACF,GAAG,CAAC,GAAG,CAAC,yBAAgB,CAAC,CAAA;QACzB,GAAG,CAAC,GAAG,CAAC,IAAA,qBAAW,GAAE,CAAC,CAAA;QACtB,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA,CAAC,cAAc;QACpD,GAAG,CAAC,GAAG,CAAC,IAAA,cAAI,EAAC,EAAE,MAAM,EAAE,YAAG,GAAG,eAAM,EAAE,CAAC,CAAC,CAAA;QACvC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QACtC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QACpC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACtB,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAEtB,OAAO,IAAI,GAAG,CAAC;YACb,GAAG;YACH,GAAG;SACJ,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,MAAM,CAAC,gBAAgB,GAAG,KAAK,CAAA;QACpC,IAAI,CAAC,UAAU,GAAG,IAAA,sCAAoB,EAAC,EAAE,MAAM,EAAE,CAAC,CAAA;QAClD,MAAM,qBAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAA;QACtC,OAAO,MAAM,CAAA;IACf,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,CAAA;QAClC,MAAM,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,CAAA;QAClC,MAAM,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,EAAE,CAAA;QACxC,MAAM,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,EAAE,CAAA;QACrC,MAAM,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,CAAA;QACnC,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;QACnC,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QACnC,aAAa,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;IAC5C,CAAC;CACF;AA3ID,kBA2IC;AAED,kBAAe,GAAG,CAAA;AAElB,MAAM,aAAa,GAAG,CAAC,GAAiB,EAAE,EAAE;IAC1C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO;QAAE,OAAO,EAAE,CAAA;IACtC,OAAO,GAAG,CAAC,UAAU,CAAC,SAAS,IAAI,EAAE,CAAA;AACvC,CAAC,CAAA","sourcesContent":["// catch errors that get thrown in async route handlers\n// this is a relatively non-invasive change to express\n// they get handled in the error.handler middleware\n// leave at top of file before importing Routes\nimport 'express-async-errors'\n\nimport events from 'node:events'\nimport http from 'node:http'\nimport { PlcClientError } from '@did-plc/lib'\nimport cors from 'cors'\nimport express from 'express'\nimport { HttpTerminator, createHttpTerminator } from 'http-terminator'\nimport { DAY, HOUR, MINUTE, SECOND } from '@atproto/common'\nimport {\n MemoryRateLimiter,\n MethodHandler,\n RedisRateLimiter,\n ResponseType,\n XRPCError,\n createServer,\n} from '@atproto/xrpc-server'\nimport apiRoutes from './api'\nimport * as authRoutes from './auth-routes'\nimport * as basicRoutes from './basic-routes'\nimport { ServerConfig, ServerSecrets } from './config'\nimport { AppContext, AppContextOptions } from './context'\nimport * as error from './error'\nimport { app } from './lexicons.js'\nimport { loggerMiddleware } from './logger'\nimport { proxyHandler } from './pipethrough'\nimport compression from './util/compression'\nimport * as wellKnown from './well-known'\n\nexport * from './lexicons.js'\nexport { createSecretKeyObject } from './auth-verifier'\nexport * from './config'\nexport { AppContext } from './context'\nexport { Database } from './db'\nexport { DiskBlobStore } from './disk-blobstore'\nexport { httpLogger } from './logger'\nexport { type CommitDataWithOps, type PreparedWrite } from './repo'\nexport * as repoPrepare from './repo/prepare'\nexport { scripts } from './scripts'\nexport * as sequencer from './sequencer'\n\n/**\n * @deprecated Legacy export for backwards compatibility\n */\nexport type SkeletonHandler = MethodHandler<\n void,\n app.bsky.feed.getFeedSkeleton.$Params,\n void,\n app.bsky.feed.getFeedSkeleton.$Output\n>\n\nexport class PDS {\n public ctx: AppContext\n public app: express.Application\n public server?: http.Server\n private terminator?: HttpTerminator\n private dbStatsInterval?: NodeJS.Timeout\n private sequencerStatsInterval?: NodeJS.Timeout\n\n constructor(opts: { ctx: AppContext; app: express.Application }) {\n this.ctx = opts.ctx\n this.app = opts.app\n }\n\n static async create(\n cfg: ServerConfig,\n secrets: ServerSecrets,\n overrides?: Partial<AppContextOptions>,\n ): Promise<PDS> {\n const ctx = await AppContext.fromConfig(cfg, secrets, overrides)\n\n const { rateLimits } = ctx.cfg\n\n const server = createServer([], {\n validateResponse: cfg.service.devMode,\n payload: {\n jsonLimit: 150 * 1024, // 150kb\n textLimit: 100 * 1024, // 100kb\n blobLimit: cfg.service.blobUploadLimit,\n },\n catchall: proxyHandler(ctx),\n errorParser: (err) => {\n if (err instanceof PlcClientError) {\n const payloadMessage =\n typeof err.data === 'object' &&\n err.data != null &&\n 'message' in err.data &&\n typeof err.data.message === 'string' &&\n err.data.message\n\n const type =\n err.status >= 500\n ? ResponseType.UpstreamFailure\n : ResponseType.InvalidRequest\n\n return new XRPCError(\n type,\n payloadMessage || 'Unable to perform PLC operation',\n )\n }\n\n return XRPCError.fromError(err)\n },\n rateLimits: rateLimits.enabled\n ? {\n creator: ctx.redisScratch\n ? (opts) => new RedisRateLimiter(ctx.redisScratch, opts)\n : (opts) => new MemoryRateLimiter(opts),\n bypass: ({ req }) => {\n const { bypassKey, bypassIps } = rateLimits\n if (\n bypassKey &&\n bypassKey === req.headers['x-ratelimit-bypass']\n ) {\n return true\n }\n if (bypassIps && bypassIps.includes(req.ip)) {\n return true\n }\n return false\n },\n global: [\n {\n name: 'global-ip',\n durationMs: 5 * MINUTE,\n points: 3000,\n },\n ],\n shared: [\n {\n name: 'repo-write-hour',\n durationMs: HOUR,\n points: 5000, // creates=3, puts=2, deletes=1\n },\n {\n name: 'repo-write-day',\n durationMs: DAY,\n points: 35000, // creates=3, puts=2, deletes=1\n },\n ],\n }\n : undefined,\n })\n\n apiRoutes(server, ctx)\n\n const app = express()\n app.set('trust proxy', [\n // e.g. load balancer\n 'loopback',\n 'linklocal',\n 'uniquelocal',\n // e.g. trust x-forwarded-for via entryway ip\n ...getTrustedIps(cfg),\n ])\n app.use(loggerMiddleware)\n app.use(compression())\n app.use(authRoutes.createRouter(ctx)) // Before CORS\n app.use(cors({ maxAge: DAY / SECOND }))\n app.use(basicRoutes.createRouter(ctx))\n app.use(wellKnown.createRouter(ctx))\n app.use(server.router)\n app.use(error.handler)\n\n return new PDS({\n ctx,\n app,\n })\n }\n\n async start(): Promise<http.Server> {\n await this.ctx.sequencer.start()\n const server = this.app.listen(this.ctx.cfg.service.port)\n this.server = server\n this.server.keepAliveTimeout = 90000\n this.terminator = createHttpTerminator({ server })\n await events.once(server, 'listening')\n return server\n }\n\n async destroy(): Promise<void> {\n await this.ctx.sequencer.destroy()\n await this.terminator?.terminate()\n await this.ctx.backgroundQueue.destroy()\n await this.ctx.accountManager.close()\n await this.ctx.redisScratch?.quit()\n await this.ctx.proxyAgent.destroy()\n clearInterval(this.dbStatsInterval)\n clearInterval(this.sequencerStatsInterval)\n }\n}\n\nexport default PDS\n\nconst getTrustedIps = (cfg: ServerConfig) => {\n if (!cfg.rateLimits.enabled) return []\n return cfg.rateLimits.bypassIps ?? []\n}\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uDAAuD;AACvD,sDAAsD;AACtD,mDAAmD;AACnD,+CAA+C;AAC/C,gCAA6B;AAE7B,8DAAgC;AAEhC,sCAA6C;AAC7C,gDAAuB;AACvB,sDAA6B;AAC7B,qDAAsE;AACtE,4CAA2D;AAC3D,sDAO6B;AAC7B,gDAA6B;AAC7B,0DAA2C;AAC3C,4DAA6C;AAE7C,uCAAyD;AACzD,+CAAgC;AAEhC,qCAA2C;AAC3C,+CAA4C;AAC5C,qEAA4C;AAC5C,wDAAyC;AAEzC,gDAA6B;AAC7B,iDAIwB;AAHtB,mHAAA,kBAAkB,OAAA;AAClB,sHAAA,qBAAqB,OAAA;AACrB,sHAAA,qBAAqB,OAAA;AAEvB,2CAAwB;AACxB,qCAAsC;AAA7B,qGAAA,UAAU,OAAA;AACnB,2BAA+B;AAAtB,8FAAA,QAAQ,OAAA;AACjB,mDAAgD;AAAvC,+GAAA,aAAa,OAAA;AACtB,mCAAqC;AAA5B,oGAAA,UAAU,OAAA;AAEnB,8DAA6C;AAC7C,qCAAmC;AAA1B,kGAAA,OAAO,OAAA;AAChB,yDAAwC;AAYxC,MAAa,GAAG;IAQd,YAAY,IAAmD;QAPxD;;;;;WAAe;QACf;;;;;WAAwB;QACxB;;;;;WAAoB;QACnB;;;;;WAA2B;QAC3B;;;;;WAAgC;QAChC;;;;;WAAuC;QAG7C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;QACnB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;IACrB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CACjB,GAAiB,EACjB,OAAsB,EACtB,SAAsC;QAEtC,MAAM,GAAG,GAAG,MAAM,oBAAU,CAAC,UAAU,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,CAAC,CAAA;QAEhE,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,GAAG,CAAA;QAE9B,MAAM,MAAM,GAAG,IAAA,0BAAY,EAAC,EAAE,EAAE;YAC9B,gBAAgB,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YACrC,OAAO,EAAE;gBACP,SAAS,EAAE,GAAG,GAAG,IAAI,EAAE,QAAQ;gBAC/B,SAAS,EAAE,GAAG,GAAG,IAAI,EAAE,QAAQ;gBAC/B,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe;aACvC;YACD,QAAQ,EAAE,IAAA,0BAAY,EAAC,GAAG,CAAC;YAC3B,WAAW,EAAE,CAAC,GAAG,EAAE,EAAE;gBACnB,IAAI,GAAG,YAAY,oBAAc,EAAE,CAAC;oBAClC,MAAM,cAAc,GAClB,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;wBAC5B,GAAG,CAAC,IAAI,IAAI,IAAI;wBAChB,SAAS,IAAI,GAAG,CAAC,IAAI;wBACrB,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,QAAQ;wBACpC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAA;oBAElB,MAAM,IAAI,GACR,GAAG,CAAC,MAAM,IAAI,GAAG;wBACf,CAAC,CAAC,0BAAY,CAAC,eAAe;wBAC9B,CAAC,CAAC,0BAAY,CAAC,cAAc,CAAA;oBAEjC,OAAO,IAAI,uBAAS,CAClB,IAAI,EACJ,cAAc,IAAI,iCAAiC,CACpD,CAAA;gBACH,CAAC;gBAED,OAAO,uBAAS,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;YACjC,CAAC;YACD,UAAU,EAAE,UAAU,CAAC,OAAO;gBAC5B,CAAC,CAAC;oBACE,OAAO,EAAE,GAAG,CAAC,YAAY;wBACvB,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,8BAAgB,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC;wBACxD,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,+BAAiB,CAAC,IAAI,CAAC;oBACzC,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE;wBAClB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,UAAU,CAAA;wBAC3C,IACE,SAAS;4BACT,SAAS,KAAK,GAAG,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAC/C,CAAC;4BACD,OAAO,IAAI,CAAA;wBACb,CAAC;wBACD,IAAI,SAAS,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;4BAC5C,OAAO,IAAI,CAAA;wBACb,CAAC;wBACD,OAAO,KAAK,CAAA;oBACd,CAAC;oBACD,MAAM,EAAE;wBACN;4BACE,IAAI,EAAE,WAAW;4BACjB,UAAU,EAAE,CAAC,GAAG,eAAM;4BACtB,MAAM,EAAE,IAAI;yBACb;qBACF;oBACD,MAAM,EAAE;wBACN;4BACE,IAAI,EAAE,iBAAiB;4BACvB,UAAU,EAAE,aAAI;4BAChB,MAAM,EAAE,IAAI,EAAE,+BAA+B;yBAC9C;wBACD;4BACE,IAAI,EAAE,gBAAgB;4BACtB,UAAU,EAAE,YAAG;4BACf,MAAM,EAAE,KAAK,EAAE,+BAA+B;yBAC/C;qBACF;iBACF;gBACH,CAAC,CAAC,SAAS;SACd,CAAC,CAAA;QAEF,IAAA,aAAS,EAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QAEtB,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAA;QACrB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE;YACrB,qBAAqB;YACrB,UAAU;YACV,WAAW;YACX,aAAa;YACb,6CAA6C;YAC7C,GAAG,aAAa,CAAC,GAAG,CAAC;SACtB,CAAC,CAAA;QACF,GAAG,CAAC,GAAG,CAAC,yBAAgB,CAAC,CAAA;QACzB,GAAG,CAAC,GAAG,CAAC,IAAA,qBAAW,GAAE,CAAC,CAAA;QACtB,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA,CAAC,cAAc;QACpD,GAAG,CAAC,GAAG,CAAC,IAAA,cAAI,EAAC,EAAE,MAAM,EAAE,YAAG,GAAG,eAAM,EAAE,CAAC,CAAC,CAAA;QACvC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QACtC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAA;QACpC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACtB,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAEtB,OAAO,IAAI,GAAG,CAAC;YACb,GAAG;YACH,GAAG;SACJ,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QACzD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;QACpB,IAAI,CAAC,MAAM,CAAC,gBAAgB,GAAG,KAAK,CAAA;QACpC,IAAI,CAAC,UAAU,GAAG,IAAA,sCAAoB,EAAC,EAAE,MAAM,EAAE,CAAC,CAAA;QAClD,MAAM,qBAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAA;QACtC,OAAO,MAAM,CAAA;IACf,CAAC;IAED,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,CAAA;QAClC,MAAM,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,CAAA;QAClC,MAAM,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,OAAO,EAAE,CAAA;QACxC,MAAM,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,EAAE,CAAA;QACrC,MAAM,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,EAAE,CAAA;QACnC,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;QACnC,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QACnC,aAAa,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;IAC5C,CAAC;CACF;AA3ID,kBA2IC;AAED,kBAAe,GAAG,CAAA;AAElB,MAAM,aAAa,GAAG,CAAC,GAAiB,EAAE,EAAE;IAC1C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO;QAAE,OAAO,EAAE,CAAA;IACtC,OAAO,GAAG,CAAC,UAAU,CAAC,SAAS,IAAI,EAAE,CAAA;AACvC,CAAC,CAAA","sourcesContent":["// catch errors that get thrown in async route handlers\n// this is a relatively non-invasive change to express\n// they get handled in the error.handler middleware\n// leave at top of file before importing Routes\nimport 'express-async-errors'\n\nimport events from 'node:events'\nimport http from 'node:http'\nimport { PlcClientError } from '@did-plc/lib'\nimport cors from 'cors'\nimport express from 'express'\nimport { HttpTerminator, createHttpTerminator } from 'http-terminator'\nimport { DAY, HOUR, MINUTE, SECOND } from '@atproto/common'\nimport {\n MemoryRateLimiter,\n MethodHandler,\n RedisRateLimiter,\n ResponseType,\n XRPCError,\n createServer,\n} from '@atproto/xrpc-server'\nimport apiRoutes from './api'\nimport * as authRoutes from './auth-routes'\nimport * as basicRoutes from './basic-routes'\nimport { ServerConfig, ServerSecrets } from './config'\nimport { AppContext, AppContextOptions } from './context'\nimport * as error from './error'\nimport { app } from './lexicons.js'\nimport { loggerMiddleware } from './logger'\nimport { proxyHandler } from './pipethrough'\nimport compression from './util/compression'\nimport * as wellKnown from './well-known'\n\nexport * from './lexicons.js'\nexport {\n bearerTokenFromReq,\n createPublicKeyObject,\n createSecretKeyObject,\n} from './auth-verifier'\nexport * from './config'\nexport { AppContext } from './context'\nexport { Database } from './db'\nexport { DiskBlobStore } from './disk-blobstore'\nexport { httpLogger } from './logger'\nexport { type CommitDataWithOps, type PreparedWrite } from './repo'\nexport * as repoPrepare from './repo/prepare'\nexport { scripts } from './scripts'\nexport * as sequencer from './sequencer'\n\n/**\n * @deprecated Legacy export for backwards compatibility\n */\nexport type SkeletonHandler = MethodHandler<\n void,\n app.bsky.feed.getFeedSkeleton.$Params,\n void,\n app.bsky.feed.getFeedSkeleton.$Output\n>\n\nexport class PDS {\n public ctx: AppContext\n public app: express.Application\n public server?: http.Server\n private terminator?: HttpTerminator\n private dbStatsInterval?: NodeJS.Timeout\n private sequencerStatsInterval?: NodeJS.Timeout\n\n constructor(opts: { ctx: AppContext; app: express.Application }) {\n this.ctx = opts.ctx\n this.app = opts.app\n }\n\n static async create(\n cfg: ServerConfig,\n secrets: ServerSecrets,\n overrides?: Partial<AppContextOptions>,\n ): Promise<PDS> {\n const ctx = await AppContext.fromConfig(cfg, secrets, overrides)\n\n const { rateLimits } = ctx.cfg\n\n const server = createServer([], {\n validateResponse: cfg.service.devMode,\n payload: {\n jsonLimit: 150 * 1024, // 150kb\n textLimit: 100 * 1024, // 100kb\n blobLimit: cfg.service.blobUploadLimit,\n },\n catchall: proxyHandler(ctx),\n errorParser: (err) => {\n if (err instanceof PlcClientError) {\n const payloadMessage =\n typeof err.data === 'object' &&\n err.data != null &&\n 'message' in err.data &&\n typeof err.data.message === 'string' &&\n err.data.message\n\n const type =\n err.status >= 500\n ? ResponseType.UpstreamFailure\n : ResponseType.InvalidRequest\n\n return new XRPCError(\n type,\n payloadMessage || 'Unable to perform PLC operation',\n )\n }\n\n return XRPCError.fromError(err)\n },\n rateLimits: rateLimits.enabled\n ? {\n creator: ctx.redisScratch\n ? (opts) => new RedisRateLimiter(ctx.redisScratch, opts)\n : (opts) => new MemoryRateLimiter(opts),\n bypass: ({ req }) => {\n const { bypassKey, bypassIps } = rateLimits\n if (\n bypassKey &&\n bypassKey === req.headers['x-ratelimit-bypass']\n ) {\n return true\n }\n if (bypassIps && bypassIps.includes(req.ip)) {\n return true\n }\n return false\n },\n global: [\n {\n name: 'global-ip',\n durationMs: 5 * MINUTE,\n points: 3000,\n },\n ],\n shared: [\n {\n name: 'repo-write-hour',\n durationMs: HOUR,\n points: 5000, // creates=3, puts=2, deletes=1\n },\n {\n name: 'repo-write-day',\n durationMs: DAY,\n points: 35000, // creates=3, puts=2, deletes=1\n },\n ],\n }\n : undefined,\n })\n\n apiRoutes(server, ctx)\n\n const app = express()\n app.set('trust proxy', [\n // e.g. load balancer\n 'loopback',\n 'linklocal',\n 'uniquelocal',\n // e.g. trust x-forwarded-for via entryway ip\n ...getTrustedIps(cfg),\n ])\n app.use(loggerMiddleware)\n app.use(compression())\n app.use(authRoutes.createRouter(ctx)) // Before CORS\n app.use(cors({ maxAge: DAY / SECOND }))\n app.use(basicRoutes.createRouter(ctx))\n app.use(wellKnown.createRouter(ctx))\n app.use(server.router)\n app.use(error.handler)\n\n return new PDS({\n ctx,\n app,\n })\n }\n\n async start(): Promise<http.Server> {\n await this.ctx.sequencer.start()\n const server = this.app.listen(this.ctx.cfg.service.port)\n this.server = server\n this.server.keepAliveTimeout = 90000\n this.terminator = createHttpTerminator({ server })\n await events.once(server, 'listening')\n return server\n }\n\n async destroy(): Promise<void> {\n await this.ctx.sequencer.destroy()\n await this.terminator?.terminate()\n await this.ctx.backgroundQueue.destroy()\n await this.ctx.accountManager.close()\n await this.ctx.redisScratch?.quit()\n await this.ctx.proxyAgent.destroy()\n clearInterval(this.dbStatsInterval)\n clearInterval(this.sequencerStatsInterval)\n }\n}\n\nexport default PDS\n\nconst getTrustedIps = (cfg: ServerConfig) => {\n if (!cfg.rateLimits.enabled) return []\n return cfg.rateLimits.bypassIps ?? []\n}\n"]}
package/dist/lexicons/app/bsky/actor/defs.defs.d.ts CHANGED
@@ -98,6 +98,7 @@ export { profileAssociated };
98
98
  type ProfileAssociatedChat = {
99
99
  $type?: 'app.bsky.actor.defs#profileAssociatedChat';
100
100
  allowIncoming: 'all' | 'none' | 'following' | l.UnknownString;
101
+ allowGroupInvites?: 'all' | 'none' | 'following' | l.UnknownString;
101
102
  };
102
103
  export type { ProfileAssociatedChat };
103
104
  declare const profileAssociatedChat: l.TypedObjectSchema<"app.bsky.actor.defs#profileAssociatedChat", l.Validator<ProfileAssociatedChat, ProfileAssociatedChat>>;
package/dist/lexicons/app/bsky/actor/defs.defs.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"defs.defs.d.ts","sourceRoot":"","sources":["../../../../../src/lexicons/app/bsky/actor/defs.defs.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,CAAC,EAAE,MAAM,cAAc,CAAA;AAChC,OAAO,KAAK,SAAS,MAAM,yCAAyC,CAAA;AACpE,OAAO,KAAK,SAAS,MAAM,uBAAuB,CAAA;AAClD,OAAO,KAAK,aAAa,MAAM,6CAA6C,CAAA;AAC5E,OAAO,KAAK,gBAAgB,MAAM,8BAA8B,CAAA;AAChE,OAAO,KAAK,cAAc,MAAM,4BAA4B,CAAA;AAC5D,OAAO,KAAK,YAAY,MAAM,0BAA0B,CAAA;AACxD,OAAO,KAAK,aAAa,MAAM,2BAA2B,CAAA;AAE1D,QAAA,MAAM,KAAK,wBAAwB,CAAA;AAEnC,OAAO,EAAE,KAAK,EAAE,CAAA;AAEhB,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAC9C,GAAG,EAAE,CAAC,CAAC,SAAS,CAAA;IAChB,MAAM,EAAE,CAAC,CAAC,YAAY,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACpB,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B,MAAM,CAAC,EAAE,WAAW,CAAA;IACpB,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,EAAE,CAAA;IAC1B,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAC5B,YAAY,CAAC,EAAE,iBAAiB,CAAA;IAChC,MAAM,CAAC,EAAE,UAAU,CAAA;IAEnB;;OAEG;IACH,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAA;CACjB,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,QAAA,MAAM,gBAAgB,8GAuBrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,KAAK,WAAW,GAAG;IACjB,KAAK,CAAC,EAAE,iCAAiC,CAAA;IACzC,GAAG,EAAE,CAAC,CAAC,SAAS,CAAA;IAChB,MAAM,EAAE,CAAC,CAAC,YAAY,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACpB,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAC5B,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAC5B,MAAM,CAAC,EAAE,WAAW,CAAA;IACpB,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,EAAE,CAAA;IAC1B,YAAY,CAAC,EAAE,iBAAiB,CAAA;IAChC,MAAM,CAAC,EAAE,UAAU,CAAA;IAEnB;;OAEG;IACH,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAA;CACjB,CAAA;AAED,YAAY,EAAE,WAAW,EAAE,CAAA;AAE3B,QAAA,MAAM,WAAW,+FAyBhB,CAAA;AAED,OAAO,EAAE,WAAW,EAAE,CAAA;AAEtB,KAAK,mBAAmB,GAAG;IACzB,KAAK,CAAC,EAAE,yCAAyC,CAAA;IACjD,GAAG,EAAE,CAAC,CAAC,SAAS,CAAA;IAChB,MAAM,EAAE,CAAC,CAAC,YAAY,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,OAAO,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACrB,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACpB,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACpB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B,oBAAoB,CAAC,EAAE,SAAS,CAAC,oBAAoB,CAAA;IACrD,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAC5B,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAC5B,MAAM,CAAC,EAAE,WAAW,CAAA;IACpB,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,EAAE,CAAA;IAC1B,UAAU,CAAC,EAAE,aAAa,CAAC,IAAI,CAAA;IAC/B,YAAY,CAAC,EAAE,iBAAiB,CAAA;IAChC,MAAM,CAAC,EAAE,UAAU,CAAA;IAEnB;;OAEG;IACH,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAA;CACjB,CAAA;AAED,YAAY,EAAE,mBAAmB,EAAE,CAAA;AAEnC,QAAA,MAAM,mBAAmB,uHAsCxB,CAAA;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAA;AAE9B,KAAK,iBAAiB,GAAG;IACvB,KAAK,CAAC,EAAE,uCAAuC,CAAA;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,IAAI,CAAC,EAAE,qBAAqB,CAAA;IAC5B,oBAAoB,CAAC,EAAE,qCAAqC,CAAA;IAC5D,IAAI,CAAC,EAAE,qBAAqB,CAAA;CAC7B,CAAA;AAED,YAAY,EAAE,iBAAiB,EAAE,CAAA;AAEjC,QAAA,MAAM,iBAAiB,iHAoBtB,CAAA;AAED,OAAO,EAAE,iBAAiB,EAAE,CAAA;AAE5B,KAAK,qBAAqB,GAAG;IAC3B,KAAK,CAAC,EAAE,2CAA2C,CAAA;IACnD,aAAa,EAAE,KAAK,GAAG,MAAM,GAAG,WAAW,GAAG,CAAC,CAAC,aAAa,CAAA;CAC9D,CAAA;AAED,YAAY,EAAE,qBAAqB,EAAE,CAAA;AAErC,QAAA,MAAM,qBAAqB,6HAM1B,CAAA;AAED,OAAO,EAAE,qBAAqB,EAAE,CAAA;AAEhC,KAAK,qBAAqB,GAAG;IAC3B,KAAK,CAAC,EAAE,2CAA2C,CAAA;IACnD,YAAY,EAAE,CAAC,CAAC,SAAS,CAAA;IACzB,YAAY,EAAE,cAAc,GAAG,UAAU,GAAG,CAAC,CAAC,aAAa,CAAA;CAC5D,CAAA;AAED,YAAY,EAAE,qBAAqB,EAAE,CAAA;AAErC,QAAA,MAAM,qBAAqB,6HAO1B,CAAA;AAED,OAAO,EAAE,qBAAqB,EAAE,CAAA;AAEhC,KAAK,qCAAqC,GAAG;IAC3C,KAAK,CAAC,EAAE,2DAA2D,CAAA;IACnE,kBAAkB,EAAE,WAAW,GAAG,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa,CAAA;CACvE,CAAA;AAED,YAAY,EAAE,qCAAqC,EAAE,CAAA;AAErD,QAAA,MAAM,qCAAqC,6KASxC,CAAA;AAEH,OAAO,EAAE,qCAAqC,EAAE,CAAA;AAEhD,sIAAsI;AACtI,KAAK,WAAW,GAAG;IACjB,KAAK,CAAC,EAAE,iCAAiC,CAAA;IACzC,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,WAAW,CAAC,EAAE,SAAS,CAAC,aAAa,CAAA;IACrC,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,CAAA;IACxB,cAAc,CAAC,EAAE,SAAS,CAAC,aAAa,CAAA;IACxC,SAAS,CAAC,EAAE,CAAC,CAAC,WAAW,CAAA;IACzB,UAAU,CAAC,EAAE,CAAC,CAAC,WAAW,CAAA;IAE1B;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAA;IAE/B;;OAEG;IACH,oBAAoB,CAAC,EAAE,gBAAgB,CAAC,oBAAoB,CAAA;CAC7D,CAAA;AAED,YAAY,EAAE,WAAW,EAAE,CAAA;AAE3B,sIAAsI;AACtI,QAAA,MAAM,WAAW,+FAwBhB,CAAA;AAED,OAAO,EAAE,WAAW,EAAE,CAAA;AAEtB,mDAAmD;AACnD,KAAK,cAAc,GAAG;IACpB,KAAK,CAAC,EAAE,oCAAoC,CAAA;IAC5C,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,gBAAgB,EAAE,CAAA;CAC9B,CAAA;AAED,YAAY,EAAE,cAAc,EAAE,CAAA;AAE9B,mDAAmD;AACnD,QAAA,MAAM,cAAc,wGAUnB,CAAA;AAED,OAAO,EAAE,cAAc,EAAE,CAAA;AAEzB,yFAAyF;AACzF,KAAK,iBAAiB,GAAG;IACvB,KAAK,CAAC,EAAE,uCAAuC,CAAA;IAE/C;;OAEG;IACH,aAAa,EAAE,gBAAgB,EAAE,CAAA;IAEjC;;OAEG;IACH,cAAc,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa,CAAA;IAE9D;;OAEG;IACH,qBAAqB,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa,CAAA;CACtE,CAAA;AAED,YAAY,EAAE,iBAAiB,EAAE,CAAA;AAEjC,yFAAyF;AACzF,QAAA,MAAM,iBAAiB,iHAYtB,CAAA;AAED,OAAO,EAAE,iBAAiB,EAAE,CAAA;AAE5B,4DAA4D;AAC5D,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAE9C;;OAEG;IACH,MAAM,EAAE,CAAC,CAAC,SAAS,CAAA;IAEnB;;OAEG;IACH,GAAG,EAAE,CAAC,CAAC,WAAW,CAAA;IAElB;;OAEG;IACH,OAAO,EAAE,OAAO,CAAA;IAEhB;;OAEG;IACH,SAAS,EAAE,CAAC,CAAC,cAAc,CAAA;CAC5B,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,4DAA4D;AAC5D,QAAA,MAAM,gBAAgB,8GASrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,KAAK,WAAW,GAAG,CACf,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAC1B,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAC1B,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,GACxB,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAC1B,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC,GAC7B,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,GACzB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,GACtB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,GACxB,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,GACvB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,GACxB,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,GACzB,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAC1B,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,GACtB,CAAC,CAAC,MAAM,CAAC,2BAA2B,CAAC,GACrC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,GAC3B,CAAC,CAAC,MAAM,CAAC,oBAAoB,CAAC,GAC9B,CAAC,CAAC,mBAAmB,CACxB,EAAE,CAAA;AAEH,YAAY,EAAE,WAAW,EAAE,CAAA;AAE3B,QAAA,MAAM,WAAW;WA6BP,sCAAsC;aACrC,OAAO;;WAcR,sCAAsC;iBAKjC,CAAC,CAAC,SAAS;WACjB,MAAM;gBACD,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa;;WAwDzD,oCAAoC;YACpC,CAAC,CAAC,WAAW,EAAE;WAChB,CAAC,CAAC,WAAW,EAAE;oBACN,MAAM;;WAlBd,sCAAsC;WACvC,SAAS,EAAE;;WAmCV,yCAAyC;gBAKrC,CAAC,CAAC,cAAc;;WAepB,qCAAqC;kBAK/B,OAAO;IAErB;;OAEG;;kBACW,OAAO;IAErB;;OAEG;;kBACW,OAAO;;WAmBb,kCAAkC;UAKpC,MAAM;kBAKE,OAAO;IAErB;;OAEG;;8BACuB,OAAO;IAEjC;;OAEG;;6BACsB,MAAM;IAE/B;;OAEG;;kBACW,OAAO;IAErB;;OAEG;;qBACc,OAAO;;WAqBhB,oCAAoC;YAMxC,QAAQ,GACR,QAAQ,GACR,YAAY,GACZ,QAAQ,GACR,SAAS,GACT,CAAC,CAAC,aAAa;;WAoBX,mCAAmC;UAKrC,MAAM,EAAE;;WA8EN,oCAAoC;WAKrC,SAAS,EAAE;;WAcV,qCAAqC;WAKtC,CAAC,CAAC,WAAW,EAAE;;WA+Cd,sCAAsC;0BACxB,oBAAoB;IAE1C;;OAEG;;mBACY,MAAM,EAAE;IAEvB;;OAEG;;WACI,GAAG,EAAE;;WA5CJ,kCAAkC;cAChC,eAAe,EAAE;;WAyKnB,iDAAiD;2BAKlC,CACnB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,WAAW,CAAC,GACpC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,GACrC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,GACtC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,GACjC,CAAC,CAAC,mBAAmB,CACxB,EAAE;IAEH;;OAEG;;6BACsB,CACrB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,GAClC,CAAC,CAAC,mBAAmB,CACxB,EAAE;;WArEK,uCAAuC;iBAKlC,OAAO;;WAgBZ,0CAA0C;oBAKlC,MAAM,EAAE;IAExB;;OAEG;;mBACY,OAAO;;WA3fd,sCAAsC;aACrC,OAAO;;WAcR,sCAAsC;iBAKjC,CAAC,CAAC,SAAS;WACjB,MAAM;gBACD,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa;;WAwDzD,oCAAoC;YACpC,CAAC,CAAC,WAAW,EAAE;WAChB,CAAC,CAAC,WAAW,EAAE;oBACN,MAAM;;WAlBd,sCAAsC;WACvC,SAAS,EAAE;;WAmCV,yCAAyC;gBAKrC,CAAC,CAAC,cAAc;;WAepB,qCAAqC;kBAK/B,OAAO;IAErB;;OAEG;;kBACW,OAAO;IAErB;;OAEG;;kBACW,OAAO;;WAmBb,kCAAkC;UAKpC,MAAM;kBAKE,OAAO;IAErB;;OAEG;;8BACuB,OAAO;IAEjC;;OAEG;;6BACsB,MAAM;IAE/B;;OAEG;;kBACW,OAAO;IAErB;;OAEG;;qBACc,OAAO;;WAqBhB,oCAAoC;YAMxC,QAAQ,GACR,QAAQ,GACR,YAAY,GACZ,QAAQ,GACR,SAAS,GACT,CAAC,CAAC,aAAa;;WAoBX,mCAAmC;UAKrC,MAAM,EAAE;;WA8EN,oCAAoC;WAKrC,SAAS,EAAE;;WAcV,qCAAqC;WAKtC,CAAC,CAAC,WAAW,EAAE;;WA+Cd,sCAAsC;0BACxB,oBAAoB;IAE1C;;OAEG;;mBACY,MAAM,EAAE;IAEvB;;OAEG;;WACI,GAAG,EAAE;;WA5CJ,kCAAkC;cAChC,eAAe,EAAE;;WAyKnB,iDAAiD;2BAKlC,CACnB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,WAAW,CAAC,GACpC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,GACrC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,GACtC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,GACjC,CAAC,CAAC,mBAAmB,CACxB,EAAE;IAEH;;OAEG;;6BACsB,CACrB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,GAClC,CAAC,CAAC,mBAAmB,CACxB,EAAE;;WArEK,uCAAuC;iBAKlC,OAAO;;WAgBZ,0CAA0C;oBAKlC,MAAM,EAAE;IAExB;;OAEG;;mBACY,OAAO;GAhgBvB,CAAA;AAED,OAAO,EAAE,WAAW,EAAE,CAAA;AAEtB,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAC9C,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,QAAA,MAAM,gBAAgB,8GAIrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAE9C;;OAEG;IACH,UAAU,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa,CAAA;CAClE,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,QAAA,MAAM,gBAAgB,8GAQrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,KAAK,SAAS,GAAG;IACf,KAAK,CAAC,EAAE,+BAA+B,CAAA;IACvC,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,aAAa,CAAA;IACpD,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,OAAO,CAAA;CAChB,CAAA;AAED,YAAY,EAAE,SAAS,EAAE,CAAA;AAEzB,QAAA,MAAM,SAAS,yFASd,CAAA;AAED,OAAO,EAAE,SAAS,EAAE,CAAA;AAEpB,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAC9C,KAAK,EAAE,SAAS,EAAE,CAAA;CACnB,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,QAAA,MAAM,gBAAgB,8GAIrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,KAAK,cAAc,GAAG;IACpB,KAAK,CAAC,EAAE,oCAAoC,CAAA;IAC5C,MAAM,EAAE,CAAC,CAAC,WAAW,EAAE,CAAA;IACvB,KAAK,EAAE,CAAC,CAAC,WAAW,EAAE,CAAA;IACtB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,YAAY,EAAE,cAAc,EAAE,CAAA;AAE9B,QAAA,MAAM,cAAc,wGAQnB,CAAA;AAED,OAAO,EAAE,cAAc,EAAE,CAAA;AAEzB,KAAK,mBAAmB,GAAG;IACzB,KAAK,CAAC,EAAE,yCAAyC,CAAA;IAEjD;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;CAC7B,CAAA;AAED,YAAY,EAAE,mBAAmB,EAAE,CAAA;AAEnC,QAAA,MAAM,mBAAmB,uHAIxB,CAAA;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAA;AAE9B,kMAAkM;AAClM,KAAK,eAAe,GAAG;IACrB,KAAK,CAAC,EAAE,qCAAqC,CAAA;IAE7C;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;CACtB,CAAA;AAED,YAAY,EAAE,eAAe,EAAE,CAAA;AAE/B,kMAAkM;AAClM,QAAA,MAAM,eAAe,2GAQpB,CAAA;AAED,OAAO,EAAE,eAAe,EAAE,CAAA;AAE1B,KAAK,YAAY,GAAG;IAClB,KAAK,CAAC,EAAE,kCAAkC,CAAA;IAE1C;;OAEG;IACH,IAAI,EAAE,MAAM,CAAA;IAEZ;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;OAEG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAA;IAEjC;;OAEG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAA;IAE/B;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;OAEG;IACH,cAAc,CAAC,EAAE,OAAO,CAAA;CACzB,CAAA;AAED,YAAY,EAAE,YAAY,EAAE,CAAA;AAE5B,QAAA,MAAM,YAAY,kGAWjB,CAAA;AAED,OAAO,EAAE,YAAY,EAAE,CAAA;AAEvB,KAAK,cAAc,GAAG;IACpB,KAAK,CAAC,EAAE,oCAAoC,CAAA;IAE5C;;OAEG;IACH,IAAI,CAAC,EACD,QAAQ,GACR,QAAQ,GACR,YAAY,GACZ,QAAQ,GACR,SAAS,GACT,CAAC,CAAC,aAAa,CAAA;CACpB,CAAA;AAED,YAAY,EAAE,cAAc,EAAE,CAAA;AAE9B,QAAA,MAAM,cAAc,wGAUnB,CAAA;AAED,OAAO,EAAE,cAAc,EAAE,CAAA;AAEzB,KAAK,aAAa,GAAG;IACnB,KAAK,CAAC,EAAE,mCAAmC,CAAA;IAE3C;;OAEG;IACH,IAAI,EAAE,MAAM,EAAE,CAAA;CACf,CAAA;AAED,YAAY,EAAE,aAAa,EAAE,CAAA;AAE7B,QAAA,MAAM,aAAa,qGAQlB,CAAA;AAED,OAAO,EAAE,aAAa,EAAE,CAAA;AAExB,KAAK,eAAe,GAAG,SAAS,GAAG,KAAK,GAAG,CAAC,CAAC,aAAa,CAAA;AAE1D,YAAY,EAAE,eAAe,EAAE,CAAA;AAE/B,QAAA,MAAM,eAAe;iBACN,CAAC,SAAS,EAAE,KAAK,CAAC;eACpB,GAAG;kBACA,EAAE;EACsB,CAAA;AAExC,OAAO,EAAE,eAAe,EAAE,CAAA;AAE1B,+CAA+C;AAC/C,KAAK,SAAS,GAAG;IACf,KAAK,CAAC,EAAE,+BAA+B,CAAA;IACvC,EAAE,CAAC,EAAE,MAAM,CAAA;IAEX;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IAEb;;OAEG;IACH,OAAO,EAAE,eAAe,EAAE,CAAA;IAE1B;;OAEG;IACH,WAAW,CAAC,EAAE,KAAK,GAAG,mBAAmB,GAAG,CAAC,CAAC,aAAa,CAAA;IAE3D;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;CAC7B,CAAA;AAED,YAAY,EAAE,SAAS,EAAE,CAAA;AAEzB,+CAA+C;AAC/C,QAAA,MAAM,SAAS,yFAed,CAAA;AAED,OAAO,EAAE,SAAS,EAAE,CAAA;AAEpB,KAAK,cAAc,GAAG;IACpB,KAAK,CAAC,EAAE,oCAAoC,CAAA;IAE5C;;OAEG;IACH,KAAK,EAAE,SAAS,EAAE,CAAA;CACnB,CAAA;AAED,YAAY,EAAE,cAAc,EAAE,CAAA;AAE9B,QAAA,MAAM,cAAc,wGAInB,CAAA;AAED,OAAO,EAAE,cAAc,EAAE,CAAA;AAEzB,KAAK,eAAe,GAAG;IACrB,KAAK,CAAC,EAAE,qCAAqC,CAAA;IAE7C;;OAEG;IACH,KAAK,EAAE,CAAC,CAAC,WAAW,EAAE,CAAA;CACvB,CAAA;AAED,YAAY,EAAE,eAAe,EAAE,CAAA;AAE/B,QAAA,MAAM,eAAe,2GAIpB,CAAA;AAED,OAAO,EAAE,eAAe,EAAE,CAAA;AAE1B,KAAK,YAAY,GAAG;IAClB,KAAK,CAAC,EAAE,kCAAkC,CAAA;IAC1C,QAAQ,EAAE,eAAe,EAAE,CAAA;CAC5B,CAAA;AAED,YAAY,EAAE,YAAY,EAAE,CAAA;AAE5B,QAAA,MAAM,YAAY,kGAMjB,CAAA;AAED,OAAO,EAAE,YAAY,EAAE,CAAA;AAEvB,KAAK,eAAe,GAAG;IACrB,KAAK,CAAC,EAAE,qCAAqC,CAAA;IAC7C,GAAG,EAAE,CAAC,CAAC,SAAS,CAAA;CACjB,CAAA;AAED,YAAY,EAAE,eAAe,EAAE,CAAA;AAE/B,QAAA,MAAM,eAAe,2GAIpB,CAAA;AAED,OAAO,EAAE,eAAe,EAAE,CAAA;AAE1B,wGAAwG;AACxG,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAC9C,mBAAmB,CAAC,EAAE,oBAAoB,CAAA;IAE1C;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IAEvB;;OAEG;IACH,IAAI,CAAC,EAAE,GAAG,EAAE,CAAA;CACb,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,wGAAwG;AACxG,QAAA,MAAM,gBAAgB,8GAcrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,iIAAiI;AACjI,KAAK,oBAAoB,GAAG;IAC1B,KAAK,CAAC,EAAE,0CAA0C,CAAA;IAClD,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,YAAY,EAAE,oBAAoB,EAAE,CAAA;AAEpC,iIAAiI;AACjI,QAAA,MAAM,oBAAoB,0HAIzB,CAAA;AAED,OAAO,EAAE,oBAAoB,EAAE,CAAA;AAE/B,kDAAkD;AAClD,KAAK,GAAG,GAAG;IACT,KAAK,CAAC,EAAE,yBAAyB,CAAA;IACjC,EAAE,EAAE,MAAM,CAAA;IACV,SAAS,EAAE,OAAO,CAAA;IAElB;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,CAAA;IAEb;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;CAC7B,CAAA;AAED,YAAY,EAAE,GAAG,EAAE,CAAA;AAEnB,kDAAkD;AAClD,QAAA,MAAM,GAAG,uEASR,CAAA;AAED,OAAO,EAAE,GAAG,EAAE,CAAA;AAEd,+DAA+D;AAC/D,KAAK,iBAAiB,GAAG;IACvB,KAAK,CAAC,EAAE,uCAAuC,CAAA;IAE/C;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAA;CACrB,CAAA;AAED,YAAY,EAAE,iBAAiB,EAAE,CAAA;AAEjC,+DAA+D;AAC/D,QAAA,MAAM,iBAAiB,iHAItB,CAAA;AAED,OAAO,EAAE,iBAAiB,EAAE,CAAA;AAE5B,mCAAmC;AACnC,KAAK,oBAAoB,GAAG;IAC1B,KAAK,CAAC,EAAE,0CAA0C,CAAA;IAElD;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IAExB;;OAEG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,YAAY,EAAE,oBAAoB,EAAE,CAAA;AAEpC,mCAAmC;AACnC,QAAA,MAAM,oBAAoB,0HAOzB,CAAA;AAED,OAAO,EAAE,oBAAoB,EAAE,CAAA;AAE/B,yMAAyM;AACzM,KAAK,2BAA2B,GAAG;IACjC,KAAK,CAAC,EAAE,iDAAiD,CAAA;IAEzD;;OAEG;IACH,oBAAoB,CAAC,EAAE,CACnB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,WAAW,CAAC,GACpC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,GACrC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,GACtC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,GACjC,CAAC,CAAC,mBAAmB,CACxB,EAAE,CAAA;IAEH;;OAEG;IACH,sBAAsB,CAAC,EAAE,CACrB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,GAClC,CAAC,CAAC,mBAAmB,CACxB,EAAE,CAAA;CACJ,CAAA;AAED,YAAY,EAAE,2BAA2B,EAAE,CAAA;AAE3C,yMAAyM;AACzM,QAAA,MAAM,2BAA2B,+IAwChC,CAAA;AAED,OAAO,EAAE,2BAA2B,EAAE,CAAA;AAEtC,KAAK,UAAU,GAAG;IAChB,KAAK,CAAC,EAAE,gCAAgC,CAAA;IACxC,GAAG,CAAC,EAAE,CAAC,CAAC,WAAW,CAAA;IACnB,GAAG,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IAEjB;;OAEG;IACH,MAAM,EAAE,4BAA4B,GAAG,CAAC,CAAC,aAAa,CAAA;IACtD,MAAM,EAAE,CAAC,CAAC,MAAM,CAAA;IAEhB;;OAEG;IACH,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,mBAAmB,CAAA;IAC5D,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,EAAE,CAAA;IAE1B;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAE5B;;OAEG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAA;IAElB;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAA;CACrB,CAAA;AAED,YAAY,EAAE,UAAU,EAAE,CAAA;AAE1B,QAAA,MAAM,UAAU,4FAqBf,CAAA;AAED,OAAO,EAAE,UAAU,EAAE,CAAA"}
1
+ {"version":3,"file":"defs.defs.d.ts","sourceRoot":"","sources":["../../../../../src/lexicons/app/bsky/actor/defs.defs.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,CAAC,EAAE,MAAM,cAAc,CAAA;AAChC,OAAO,KAAK,SAAS,MAAM,yCAAyC,CAAA;AACpE,OAAO,KAAK,SAAS,MAAM,uBAAuB,CAAA;AAClD,OAAO,KAAK,aAAa,MAAM,6CAA6C,CAAA;AAC5E,OAAO,KAAK,gBAAgB,MAAM,8BAA8B,CAAA;AAChE,OAAO,KAAK,cAAc,MAAM,4BAA4B,CAAA;AAC5D,OAAO,KAAK,YAAY,MAAM,0BAA0B,CAAA;AACxD,OAAO,KAAK,aAAa,MAAM,2BAA2B,CAAA;AAE1D,QAAA,MAAM,KAAK,wBAAwB,CAAA;AAEnC,OAAO,EAAE,KAAK,EAAE,CAAA;AAEhB,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAC9C,GAAG,EAAE,CAAC,CAAC,SAAS,CAAA;IAChB,MAAM,EAAE,CAAC,CAAC,YAAY,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACpB,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B,MAAM,CAAC,EAAE,WAAW,CAAA;IACpB,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,EAAE,CAAA;IAC1B,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAC5B,YAAY,CAAC,EAAE,iBAAiB,CAAA;IAChC,MAAM,CAAC,EAAE,UAAU,CAAA;IAEnB;;OAEG;IACH,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAA;CACjB,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,QAAA,MAAM,gBAAgB,8GAuBrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,KAAK,WAAW,GAAG;IACjB,KAAK,CAAC,EAAE,iCAAiC,CAAA;IACzC,GAAG,EAAE,CAAC,CAAC,SAAS,CAAA;IAChB,MAAM,EAAE,CAAC,CAAC,YAAY,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACpB,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAC5B,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAC5B,MAAM,CAAC,EAAE,WAAW,CAAA;IACpB,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,EAAE,CAAA;IAC1B,YAAY,CAAC,EAAE,iBAAiB,CAAA;IAChC,MAAM,CAAC,EAAE,UAAU,CAAA;IAEnB;;OAEG;IACH,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAA;CACjB,CAAA;AAED,YAAY,EAAE,WAAW,EAAE,CAAA;AAE3B,QAAA,MAAM,WAAW,+FAyBhB,CAAA;AAED,OAAO,EAAE,WAAW,EAAE,CAAA;AAEtB,KAAK,mBAAmB,GAAG;IACzB,KAAK,CAAC,EAAE,yCAAyC,CAAA;IACjD,GAAG,EAAE,CAAC,CAAC,SAAS,CAAA;IAChB,MAAM,EAAE,CAAC,CAAC,YAAY,CAAA;IACtB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,OAAO,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACrB,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACpB,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACpB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,CAAC,EAAE,iBAAiB,CAAA;IAC9B,oBAAoB,CAAC,EAAE,SAAS,CAAC,oBAAoB,CAAA;IACrD,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAC5B,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAC5B,MAAM,CAAC,EAAE,WAAW,CAAA;IACpB,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,EAAE,CAAA;IAC1B,UAAU,CAAC,EAAE,aAAa,CAAC,IAAI,CAAA;IAC/B,YAAY,CAAC,EAAE,iBAAiB,CAAA;IAChC,MAAM,CAAC,EAAE,UAAU,CAAA;IAEnB;;OAEG;IACH,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAA;CACjB,CAAA;AAED,YAAY,EAAE,mBAAmB,EAAE,CAAA;AAEnC,QAAA,MAAM,mBAAmB,uHAsCxB,CAAA;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAA;AAE9B,KAAK,iBAAiB,GAAG;IACvB,KAAK,CAAC,EAAE,uCAAuC,CAAA;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,IAAI,CAAC,EAAE,qBAAqB,CAAA;IAC5B,oBAAoB,CAAC,EAAE,qCAAqC,CAAA;IAC5D,IAAI,CAAC,EAAE,qBAAqB,CAAA;CAC7B,CAAA;AAED,YAAY,EAAE,iBAAiB,EAAE,CAAA;AAEjC,QAAA,MAAM,iBAAiB,iHAoBtB,CAAA;AAED,OAAO,EAAE,iBAAiB,EAAE,CAAA;AAE5B,KAAK,qBAAqB,GAAG;IAC3B,KAAK,CAAC,EAAE,2CAA2C,CAAA;IACnD,aAAa,EAAE,KAAK,GAAG,MAAM,GAAG,WAAW,GAAG,CAAC,CAAC,aAAa,CAAA;IAC7D,iBAAiB,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,WAAW,GAAG,CAAC,CAAC,aAAa,CAAA;CACnE,CAAA;AAED,YAAY,EAAE,qBAAqB,EAAE,CAAA;AAErC,QAAA,MAAM,qBAAqB,6HAS1B,CAAA;AAED,OAAO,EAAE,qBAAqB,EAAE,CAAA;AAEhC,KAAK,qBAAqB,GAAG;IAC3B,KAAK,CAAC,EAAE,2CAA2C,CAAA;IACnD,YAAY,EAAE,CAAC,CAAC,SAAS,CAAA;IACzB,YAAY,EAAE,cAAc,GAAG,UAAU,GAAG,CAAC,CAAC,aAAa,CAAA;CAC5D,CAAA;AAED,YAAY,EAAE,qBAAqB,EAAE,CAAA;AAErC,QAAA,MAAM,qBAAqB,6HAO1B,CAAA;AAED,OAAO,EAAE,qBAAqB,EAAE,CAAA;AAEhC,KAAK,qCAAqC,GAAG;IAC3C,KAAK,CAAC,EAAE,2DAA2D,CAAA;IACnE,kBAAkB,EAAE,WAAW,GAAG,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa,CAAA;CACvE,CAAA;AAED,YAAY,EAAE,qCAAqC,EAAE,CAAA;AAErD,QAAA,MAAM,qCAAqC,6KASxC,CAAA;AAEH,OAAO,EAAE,qCAAqC,EAAE,CAAA;AAEhD,sIAAsI;AACtI,KAAK,WAAW,GAAG;IACjB,KAAK,CAAC,EAAE,iCAAiC,CAAA;IACzC,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,WAAW,CAAC,EAAE,SAAS,CAAC,aAAa,CAAA;IACrC,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,CAAA;IACxB,cAAc,CAAC,EAAE,SAAS,CAAC,aAAa,CAAA;IACxC,SAAS,CAAC,EAAE,CAAC,CAAC,WAAW,CAAA;IACzB,UAAU,CAAC,EAAE,CAAC,CAAC,WAAW,CAAA;IAE1B;;OAEG;IACH,cAAc,CAAC,EAAE,cAAc,CAAA;IAE/B;;OAEG;IACH,oBAAoB,CAAC,EAAE,gBAAgB,CAAC,oBAAoB,CAAA;CAC7D,CAAA;AAED,YAAY,EAAE,WAAW,EAAE,CAAA;AAE3B,sIAAsI;AACtI,QAAA,MAAM,WAAW,+FAwBhB,CAAA;AAED,OAAO,EAAE,WAAW,EAAE,CAAA;AAEtB,mDAAmD;AACnD,KAAK,cAAc,GAAG;IACpB,KAAK,CAAC,EAAE,oCAAoC,CAAA;IAC5C,KAAK,EAAE,MAAM,CAAA;IACb,SAAS,EAAE,gBAAgB,EAAE,CAAA;CAC9B,CAAA;AAED,YAAY,EAAE,cAAc,EAAE,CAAA;AAE9B,mDAAmD;AACnD,QAAA,MAAM,cAAc,wGAUnB,CAAA;AAED,OAAO,EAAE,cAAc,EAAE,CAAA;AAEzB,yFAAyF;AACzF,KAAK,iBAAiB,GAAG;IACvB,KAAK,CAAC,EAAE,uCAAuC,CAAA;IAE/C;;OAEG;IACH,aAAa,EAAE,gBAAgB,EAAE,CAAA;IAEjC;;OAEG;IACH,cAAc,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa,CAAA;IAE9D;;OAEG;IACH,qBAAqB,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa,CAAA;CACtE,CAAA;AAED,YAAY,EAAE,iBAAiB,EAAE,CAAA;AAEjC,yFAAyF;AACzF,QAAA,MAAM,iBAAiB,iHAYtB,CAAA;AAED,OAAO,EAAE,iBAAiB,EAAE,CAAA;AAE5B,4DAA4D;AAC5D,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAE9C;;OAEG;IACH,MAAM,EAAE,CAAC,CAAC,SAAS,CAAA;IAEnB;;OAEG;IACH,GAAG,EAAE,CAAC,CAAC,WAAW,CAAA;IAElB;;OAEG;IACH,OAAO,EAAE,OAAO,CAAA;IAEhB;;OAEG;IACH,SAAS,EAAE,CAAC,CAAC,cAAc,CAAA;CAC5B,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,4DAA4D;AAC5D,QAAA,MAAM,gBAAgB,8GASrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,KAAK,WAAW,GAAG,CACf,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAC1B,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAC1B,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,GACxB,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAC1B,CAAC,CAAC,MAAM,CAAC,mBAAmB,CAAC,GAC7B,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,GACzB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,GACtB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,GACxB,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,GACvB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,GACxB,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,GACzB,CAAC,CAAC,MAAM,CAAC,gBAAgB,CAAC,GAC1B,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,GACtB,CAAC,CAAC,MAAM,CAAC,2BAA2B,CAAC,GACrC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,GAC3B,CAAC,CAAC,MAAM,CAAC,oBAAoB,CAAC,GAC9B,CAAC,CAAC,mBAAmB,CACxB,EAAE,CAAA;AAEH,YAAY,EAAE,WAAW,EAAE,CAAA;AAE3B,QAAA,MAAM,WAAW;WA6BP,sCAAsC;aACrC,OAAO;;WAcR,sCAAsC;iBAKjC,CAAC,CAAC,SAAS;WACjB,MAAM;gBACD,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa;;WAwDzD,oCAAoC;YACpC,CAAC,CAAC,WAAW,EAAE;WAChB,CAAC,CAAC,WAAW,EAAE;oBACN,MAAM;;WAlBd,sCAAsC;WACvC,SAAS,EAAE;;WAmCV,yCAAyC;gBAKrC,CAAC,CAAC,cAAc;;WAepB,qCAAqC;kBAK/B,OAAO;IAErB;;OAEG;;kBACW,OAAO;IAErB;;OAEG;;kBACW,OAAO;;WAmBb,kCAAkC;UAKpC,MAAM;kBAKE,OAAO;IAErB;;OAEG;;8BACuB,OAAO;IAEjC;;OAEG;;6BACsB,MAAM;IAE/B;;OAEG;;kBACW,OAAO;IAErB;;OAEG;;qBACc,OAAO;;WAqBhB,oCAAoC;YAMxC,QAAQ,GACR,QAAQ,GACR,YAAY,GACZ,QAAQ,GACR,SAAS,GACT,CAAC,CAAC,aAAa;;WAoBX,mCAAmC;UAKrC,MAAM,EAAE;;WA8EN,oCAAoC;WAKrC,SAAS,EAAE;;WAcV,qCAAqC;WAKtC,CAAC,CAAC,WAAW,EAAE;;WA+Cd,sCAAsC;0BACxB,oBAAoB;IAE1C;;OAEG;;mBACY,MAAM,EAAE;IAEvB;;OAEG;;WACI,GAAG,EAAE;;WA5CJ,kCAAkC;cAChC,eAAe,EAAE;;WAyKnB,iDAAiD;2BAKlC,CACnB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,WAAW,CAAC,GACpC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,GACrC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,GACtC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,GACjC,CAAC,CAAC,mBAAmB,CACxB,EAAE;IAEH;;OAEG;;6BACsB,CACrB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,GAClC,CAAC,CAAC,mBAAmB,CACxB,EAAE;;WArEK,uCAAuC;iBAKlC,OAAO;;WAgBZ,0CAA0C;oBAKlC,MAAM,EAAE;IAExB;;OAEG;;mBACY,OAAO;;WA3fd,sCAAsC;aACrC,OAAO;;WAcR,sCAAsC;iBAKjC,CAAC,CAAC,SAAS;WACjB,MAAM;gBACD,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa;;WAwDzD,oCAAoC;YACpC,CAAC,CAAC,WAAW,EAAE;WAChB,CAAC,CAAC,WAAW,EAAE;oBACN,MAAM;;WAlBd,sCAAsC;WACvC,SAAS,EAAE;;WAmCV,yCAAyC;gBAKrC,CAAC,CAAC,cAAc;;WAepB,qCAAqC;kBAK/B,OAAO;IAErB;;OAEG;;kBACW,OAAO;IAErB;;OAEG;;kBACW,OAAO;;WAmBb,kCAAkC;UAKpC,MAAM;kBAKE,OAAO;IAErB;;OAEG;;8BACuB,OAAO;IAEjC;;OAEG;;6BACsB,MAAM;IAE/B;;OAEG;;kBACW,OAAO;IAErB;;OAEG;;qBACc,OAAO;;WAqBhB,oCAAoC;YAMxC,QAAQ,GACR,QAAQ,GACR,YAAY,GACZ,QAAQ,GACR,SAAS,GACT,CAAC,CAAC,aAAa;;WAoBX,mCAAmC;UAKrC,MAAM,EAAE;;WA8EN,oCAAoC;WAKrC,SAAS,EAAE;;WAcV,qCAAqC;WAKtC,CAAC,CAAC,WAAW,EAAE;;WA+Cd,sCAAsC;0BACxB,oBAAoB;IAE1C;;OAEG;;mBACY,MAAM,EAAE;IAEvB;;OAEG;;WACI,GAAG,EAAE;;WA5CJ,kCAAkC;cAChC,eAAe,EAAE;;WAyKnB,iDAAiD;2BAKlC,CACnB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,WAAW,CAAC,GACpC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,GACrC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,GACtC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,GACjC,CAAC,CAAC,mBAAmB,CACxB,EAAE;IAEH;;OAEG;;6BACsB,CACrB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,GAClC,CAAC,CAAC,mBAAmB,CACxB,EAAE;;WArEK,uCAAuC;iBAKlC,OAAO;;WAgBZ,0CAA0C;oBAKlC,MAAM,EAAE;IAExB;;OAEG;;mBACY,OAAO;GAhgBvB,CAAA;AAED,OAAO,EAAE,WAAW,EAAE,CAAA;AAEtB,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAC9C,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,QAAA,MAAM,gBAAgB,8GAIrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAE9C;;OAEG;IACH,UAAU,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,UAAU,EAAE,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,CAAC,CAAC,aAAa,CAAA;CAClE,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,QAAA,MAAM,gBAAgB,8GAQrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,KAAK,SAAS,GAAG;IACf,KAAK,CAAC,EAAE,+BAA+B,CAAA;IACvC,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,aAAa,CAAA;IACpD,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,OAAO,CAAA;CAChB,CAAA;AAED,YAAY,EAAE,SAAS,EAAE,CAAA;AAEzB,QAAA,MAAM,SAAS,yFASd,CAAA;AAED,OAAO,EAAE,SAAS,EAAE,CAAA;AAEpB,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAC9C,KAAK,EAAE,SAAS,EAAE,CAAA;CACnB,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,QAAA,MAAM,gBAAgB,8GAIrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,KAAK,cAAc,GAAG;IACpB,KAAK,CAAC,EAAE,oCAAoC,CAAA;IAC5C,MAAM,EAAE,CAAC,CAAC,WAAW,EAAE,CAAA;IACvB,KAAK,EAAE,CAAC,CAAC,WAAW,EAAE,CAAA;IACtB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB,CAAA;AAED,YAAY,EAAE,cAAc,EAAE,CAAA;AAE9B,QAAA,MAAM,cAAc,wGAQnB,CAAA;AAED,OAAO,EAAE,cAAc,EAAE,CAAA;AAEzB,KAAK,mBAAmB,GAAG;IACzB,KAAK,CAAC,EAAE,yCAAyC,CAAA;IAEjD;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;CAC7B,CAAA;AAED,YAAY,EAAE,mBAAmB,EAAE,CAAA;AAEnC,QAAA,MAAM,mBAAmB,uHAIxB,CAAA;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAA;AAE9B,kMAAkM;AAClM,KAAK,eAAe,GAAG;IACrB,KAAK,CAAC,EAAE,qCAAqC,CAAA;IAE7C;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;CACtB,CAAA;AAED,YAAY,EAAE,eAAe,EAAE,CAAA;AAE/B,kMAAkM;AAClM,QAAA,MAAM,eAAe,2GAQpB,CAAA;AAED,OAAO,EAAE,eAAe,EAAE,CAAA;AAE1B,KAAK,YAAY,GAAG;IAClB,KAAK,CAAC,EAAE,kCAAkC,CAAA;IAE1C;;OAEG;IACH,IAAI,EAAE,MAAM,CAAA;IAEZ;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;OAEG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAA;IAEjC;;OAEG;IACH,sBAAsB,CAAC,EAAE,MAAM,CAAA;IAE/B;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;OAEG;IACH,cAAc,CAAC,EAAE,OAAO,CAAA;CACzB,CAAA;AAED,YAAY,EAAE,YAAY,EAAE,CAAA;AAE5B,QAAA,MAAM,YAAY,kGAWjB,CAAA;AAED,OAAO,EAAE,YAAY,EAAE,CAAA;AAEvB,KAAK,cAAc,GAAG;IACpB,KAAK,CAAC,EAAE,oCAAoC,CAAA;IAE5C;;OAEG;IACH,IAAI,CAAC,EACD,QAAQ,GACR,QAAQ,GACR,YAAY,GACZ,QAAQ,GACR,SAAS,GACT,CAAC,CAAC,aAAa,CAAA;CACpB,CAAA;AAED,YAAY,EAAE,cAAc,EAAE,CAAA;AAE9B,QAAA,MAAM,cAAc,wGAUnB,CAAA;AAED,OAAO,EAAE,cAAc,EAAE,CAAA;AAEzB,KAAK,aAAa,GAAG;IACnB,KAAK,CAAC,EAAE,mCAAmC,CAAA;IAE3C;;OAEG;IACH,IAAI,EAAE,MAAM,EAAE,CAAA;CACf,CAAA;AAED,YAAY,EAAE,aAAa,EAAE,CAAA;AAE7B,QAAA,MAAM,aAAa,qGAQlB,CAAA;AAED,OAAO,EAAE,aAAa,EAAE,CAAA;AAExB,KAAK,eAAe,GAAG,SAAS,GAAG,KAAK,GAAG,CAAC,CAAC,aAAa,CAAA;AAE1D,YAAY,EAAE,eAAe,EAAE,CAAA;AAE/B,QAAA,MAAM,eAAe;iBACN,CAAC,SAAS,EAAE,KAAK,CAAC;eACpB,GAAG;kBACA,EAAE;EACsB,CAAA;AAExC,OAAO,EAAE,eAAe,EAAE,CAAA;AAE1B,+CAA+C;AAC/C,KAAK,SAAS,GAAG;IACf,KAAK,CAAC,EAAE,+BAA+B,CAAA;IACvC,EAAE,CAAC,EAAE,MAAM,CAAA;IAEX;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;IAEb;;OAEG;IACH,OAAO,EAAE,eAAe,EAAE,CAAA;IAE1B;;OAEG;IACH,WAAW,CAAC,EAAE,KAAK,GAAG,mBAAmB,GAAG,CAAC,CAAC,aAAa,CAAA;IAE3D;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;CAC7B,CAAA;AAED,YAAY,EAAE,SAAS,EAAE,CAAA;AAEzB,+CAA+C;AAC/C,QAAA,MAAM,SAAS,yFAed,CAAA;AAED,OAAO,EAAE,SAAS,EAAE,CAAA;AAEpB,KAAK,cAAc,GAAG;IACpB,KAAK,CAAC,EAAE,oCAAoC,CAAA;IAE5C;;OAEG;IACH,KAAK,EAAE,SAAS,EAAE,CAAA;CACnB,CAAA;AAED,YAAY,EAAE,cAAc,EAAE,CAAA;AAE9B,QAAA,MAAM,cAAc,wGAInB,CAAA;AAED,OAAO,EAAE,cAAc,EAAE,CAAA;AAEzB,KAAK,eAAe,GAAG;IACrB,KAAK,CAAC,EAAE,qCAAqC,CAAA;IAE7C;;OAEG;IACH,KAAK,EAAE,CAAC,CAAC,WAAW,EAAE,CAAA;CACvB,CAAA;AAED,YAAY,EAAE,eAAe,EAAE,CAAA;AAE/B,QAAA,MAAM,eAAe,2GAIpB,CAAA;AAED,OAAO,EAAE,eAAe,EAAE,CAAA;AAE1B,KAAK,YAAY,GAAG;IAClB,KAAK,CAAC,EAAE,kCAAkC,CAAA;IAC1C,QAAQ,EAAE,eAAe,EAAE,CAAA;CAC5B,CAAA;AAED,YAAY,EAAE,YAAY,EAAE,CAAA;AAE5B,QAAA,MAAM,YAAY,kGAMjB,CAAA;AAED,OAAO,EAAE,YAAY,EAAE,CAAA;AAEvB,KAAK,eAAe,GAAG;IACrB,KAAK,CAAC,EAAE,qCAAqC,CAAA;IAC7C,GAAG,EAAE,CAAC,CAAC,SAAS,CAAA;CACjB,CAAA;AAED,YAAY,EAAE,eAAe,EAAE,CAAA;AAE/B,QAAA,MAAM,eAAe,2GAIpB,CAAA;AAED,OAAO,EAAE,eAAe,EAAE,CAAA;AAE1B,wGAAwG;AACxG,KAAK,gBAAgB,GAAG;IACtB,KAAK,CAAC,EAAE,sCAAsC,CAAA;IAC9C,mBAAmB,CAAC,EAAE,oBAAoB,CAAA;IAE1C;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IAEvB;;OAEG;IACH,IAAI,CAAC,EAAE,GAAG,EAAE,CAAA;CACb,CAAA;AAED,YAAY,EAAE,gBAAgB,EAAE,CAAA;AAEhC,wGAAwG;AACxG,QAAA,MAAM,gBAAgB,8GAcrB,CAAA;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAA;AAE3B,iIAAiI;AACjI,KAAK,oBAAoB,GAAG;IAC1B,KAAK,CAAC,EAAE,0CAA0C,CAAA;IAClD,KAAK,EAAE,MAAM,CAAA;CACd,CAAA;AAED,YAAY,EAAE,oBAAoB,EAAE,CAAA;AAEpC,iIAAiI;AACjI,QAAA,MAAM,oBAAoB,0HAIzB,CAAA;AAED,OAAO,EAAE,oBAAoB,EAAE,CAAA;AAE/B,kDAAkD;AAClD,KAAK,GAAG,GAAG;IACT,KAAK,CAAC,EAAE,yBAAyB,CAAA;IACjC,EAAE,EAAE,MAAM,CAAA;IACV,SAAS,EAAE,OAAO,CAAA;IAElB;;OAEG;IACH,IAAI,CAAC,EAAE,MAAM,CAAA;IAEb;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;CAC7B,CAAA;AAED,YAAY,EAAE,GAAG,EAAE,CAAA;AAEnB,kDAAkD;AAClD,QAAA,MAAM,GAAG,uEASR,CAAA;AAED,OAAO,EAAE,GAAG,EAAE,CAAA;AAEd,+DAA+D;AAC/D,KAAK,iBAAiB,GAAG;IACvB,KAAK,CAAC,EAAE,uCAAuC,CAAA;IAE/C;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAA;CACrB,CAAA;AAED,YAAY,EAAE,iBAAiB,EAAE,CAAA;AAEjC,+DAA+D;AAC/D,QAAA,MAAM,iBAAiB,iHAItB,CAAA;AAED,OAAO,EAAE,iBAAiB,EAAE,CAAA;AAE5B,mCAAmC;AACnC,KAAK,oBAAoB,GAAG;IAC1B,KAAK,CAAC,EAAE,0CAA0C,CAAA;IAElD;;OAEG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IAExB;;OAEG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB,CAAA;AAED,YAAY,EAAE,oBAAoB,EAAE,CAAA;AAEpC,mCAAmC;AACnC,QAAA,MAAM,oBAAoB,0HAOzB,CAAA;AAED,OAAO,EAAE,oBAAoB,EAAE,CAAA;AAE/B,yMAAyM;AACzM,KAAK,2BAA2B,GAAG;IACjC,KAAK,CAAC,EAAE,iDAAiD,CAAA;IAEzD;;OAEG;IACH,oBAAoB,CAAC,EAAE,CACnB,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,WAAW,CAAC,GACpC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,GACrC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,GACtC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,GACjC,CAAC,CAAC,mBAAmB,CACxB,EAAE,CAAA;IAEH;;OAEG;IACH,sBAAsB,CAAC,EAAE,CACrB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,GAClC,CAAC,CAAC,mBAAmB,CACxB,EAAE,CAAA;CACJ,CAAA;AAED,YAAY,EAAE,2BAA2B,EAAE,CAAA;AAE3C,yMAAyM;AACzM,QAAA,MAAM,2BAA2B,+IAwChC,CAAA;AAED,OAAO,EAAE,2BAA2B,EAAE,CAAA;AAEtC,KAAK,UAAU,GAAG;IAChB,KAAK,CAAC,EAAE,gCAAgC,CAAA;IACxC,GAAG,CAAC,EAAE,CAAC,CAAC,WAAW,CAAA;IACnB,GAAG,CAAC,EAAE,CAAC,CAAC,SAAS,CAAA;IAEjB;;OAEG;IACH,MAAM,EAAE,4BAA4B,GAAG,CAAC,CAAC,aAAa,CAAA;IACtD,MAAM,EAAE,CAAC,CAAC,MAAM,CAAA;IAEhB;;OAEG;IACH,KAAK,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,mBAAmB,CAAA;IAC5D,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,EAAE,CAAA;IAE1B;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,CAAC,cAAc,CAAA;IAE5B;;OAEG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAA;IAElB;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAA;CACrB,CAAA;AAED,YAAY,EAAE,UAAU,EAAE,CAAA;AAE1B,QAAA,MAAM,UAAU,4FAqBf,CAAA;AAED,OAAO,EAAE,UAAU,EAAE,CAAA"}
package/dist/lexicons/app/bsky/actor/defs.defs.js CHANGED
@@ -115,6 +115,7 @@ const profileAssociated = lex_1.l.typedObject($nsid, 'profileAssociated', lex_1.
115
115
  exports.profileAssociated = profileAssociated;
116
116
  const profileAssociatedChat = lex_1.l.typedObject($nsid, 'profileAssociatedChat', lex_1.l.object({
117
117
  allowIncoming: lex_1.l.string(),
118
+ allowGroupInvites: lex_1.l.optional(lex_1.l.string()),
118
119
  }));
119
120
  exports.profileAssociatedChat = profileAssociatedChat;
120
121
  const profileAssociatedGerm = lex_1.l.typedObject($nsid, 'profileAssociatedGerm', lex_1.l.object({