@atproto/pds 0.4.226 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (113) hide show
  1. package/CHANGELOG.md +27 -0
  2. package/dist/account-manager/account-manager.d.ts +19 -5
  3. package/dist/account-manager/account-manager.d.ts.map +1 -1
  4. package/dist/account-manager/account-manager.js +94 -12
  5. package/dist/account-manager/account-manager.js.map +1 -1
  6. package/dist/account-manager/helpers/account.d.ts +2 -0
  7. package/dist/account-manager/helpers/account.d.ts.map +1 -1
  8. package/dist/account-manager/helpers/account.js +4 -0
  9. package/dist/account-manager/helpers/account.js.map +1 -1
  10. package/dist/account-manager/oauth-store.d.ts +5 -1
  11. package/dist/account-manager/oauth-store.d.ts.map +1 -1
  12. package/dist/account-manager/oauth-store.js +50 -1
  13. package/dist/account-manager/oauth-store.js.map +1 -1
  14. package/dist/api/app/bsky/actor/getPreferences.d.ts.map +1 -1
  15. package/dist/api/app/bsky/actor/getPreferences.js +7 -2
  16. package/dist/api/app/bsky/actor/getPreferences.js.map +1 -1
  17. package/dist/api/app/bsky/actor/putPreferences.d.ts.map +1 -1
  18. package/dist/api/app/bsky/actor/putPreferences.js +7 -2
  19. package/dist/api/app/bsky/actor/putPreferences.js.map +1 -1
  20. package/dist/api/com/atproto/admin/updateAccountEmail.js +1 -1
  21. package/dist/api/com/atproto/admin/updateAccountEmail.js.map +1 -1
  22. package/dist/api/com/atproto/server/confirmEmail.d.ts.map +1 -1
  23. package/dist/api/com/atproto/server/confirmEmail.js +20 -27
  24. package/dist/api/com/atproto/server/confirmEmail.js.map +1 -1
  25. package/dist/api/com/atproto/server/getServiceAuth.d.ts.map +1 -1
  26. package/dist/api/com/atproto/server/getServiceAuth.js +4 -0
  27. package/dist/api/com/atproto/server/getServiceAuth.js.map +1 -1
  28. package/dist/api/com/atproto/server/requestEmailConfirmation.d.ts +3 -1
  29. package/dist/api/com/atproto/server/requestEmailConfirmation.d.ts.map +1 -1
  30. package/dist/api/com/atproto/server/requestEmailConfirmation.js +44 -39
  31. package/dist/api/com/atproto/server/requestEmailConfirmation.js.map +1 -1
  32. package/dist/api/com/atproto/server/requestEmailUpdate.d.ts +3 -1
  33. package/dist/api/com/atproto/server/requestEmailUpdate.d.ts.map +1 -1
  34. package/dist/api/com/atproto/server/requestEmailUpdate.js +51 -47
  35. package/dist/api/com/atproto/server/requestEmailUpdate.js.map +1 -1
  36. package/dist/api/com/atproto/server/updateEmail.d.ts.map +1 -1
  37. package/dist/api/com/atproto/server/updateEmail.js +32 -46
  38. package/dist/api/com/atproto/server/updateEmail.js.map +1 -1
  39. package/dist/config/config.d.ts +5 -2
  40. package/dist/config/config.d.ts.map +1 -1
  41. package/dist/config/config.js +50 -46
  42. package/dist/config/config.js.map +1 -1
  43. package/dist/config/env.d.ts +1 -0
  44. package/dist/config/env.d.ts.map +1 -1
  45. package/dist/config/env.js +1 -0
  46. package/dist/config/env.js.map +1 -1
  47. package/dist/context.d.ts.map +1 -1
  48. package/dist/context.js +2 -2
  49. package/dist/context.js.map +1 -1
  50. package/dist/lexicons/app/bsky/embed/external.defs.d.ts +5 -0
  51. package/dist/lexicons/app/bsky/embed/external.defs.d.ts.map +1 -1
  52. package/dist/lexicons/app/bsky/embed/external.defs.js +4 -0
  53. package/dist/lexicons/app/bsky/embed/external.defs.js.map +1 -1
  54. package/dist/lexicons/chat/bsky/actor/getStatus.defs.d.ts +2 -0
  55. package/dist/lexicons/chat/bsky/actor/getStatus.defs.d.ts.map +1 -1
  56. package/dist/lexicons/chat/bsky/actor/getStatus.defs.js +1 -0
  57. package/dist/lexicons/chat/bsky/actor/getStatus.defs.js.map +1 -1
  58. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts +4 -0
  59. package/dist/lexicons/chat/bsky/convo/defs.defs.d.ts.map +1 -1
  60. package/dist/lexicons/chat/bsky/convo/defs.defs.js +1 -0
  61. package/dist/lexicons/chat/bsky/convo/defs.defs.js.map +1 -1
  62. package/dist/lexicons/com/atproto/server/getServiceAuth.defs.d.ts +2 -2
  63. package/dist/lexicons/com/atproto/server/getServiceAuth.defs.js +1 -1
  64. package/dist/lexicons/com/atproto/server/getServiceAuth.defs.js.map +1 -1
  65. package/dist/mailer/index.d.ts +5 -3
  66. package/dist/mailer/index.d.ts.map +1 -1
  67. package/dist/mailer/index.js +20 -9
  68. package/dist/mailer/index.js.map +1 -1
  69. package/dist/mailer/templates/confirm-email.js +11 -3
  70. package/dist/mailer/templates/confirm-email.js.map +2 -2
  71. package/dist/mailer/templates/delete-account.js +2 -2
  72. package/dist/mailer/templates/delete-account.js.map +2 -2
  73. package/dist/mailer/templates/plc-operation.js +2 -2
  74. package/dist/mailer/templates/plc-operation.js.map +2 -2
  75. package/dist/mailer/templates/reset-password.js +2 -2
  76. package/dist/mailer/templates/reset-password.js.map +2 -2
  77. package/dist/mailer/templates/update-email.js +2 -2
  78. package/dist/mailer/templates/update-email.js.map +2 -2
  79. package/dist/mailer/templates.d.ts +11 -0
  80. package/dist/mailer/templates.d.ts.map +1 -1
  81. package/dist/mailer/templates.js.map +1 -1
  82. package/dist/pipethrough.d.ts +3 -0
  83. package/dist/pipethrough.d.ts.map +1 -1
  84. package/dist/pipethrough.js +25 -9
  85. package/dist/pipethrough.js.map +1 -1
  86. package/package.json +12 -11
  87. package/src/account-manager/account-manager.ts +136 -15
  88. package/src/account-manager/helpers/account.ts +9 -1
  89. package/src/account-manager/oauth-store.ts +80 -1
  90. package/src/api/app/bsky/actor/getPreferences.ts +11 -2
  91. package/src/api/app/bsky/actor/putPreferences.ts +11 -2
  92. package/src/api/com/atproto/admin/updateAccountEmail.ts +1 -1
  93. package/src/api/com/atproto/server/confirmEmail.ts +24 -29
  94. package/src/api/com/atproto/server/getServiceAuth.ts +7 -0
  95. package/src/api/com/atproto/server/requestEmailConfirmation.ts +55 -48
  96. package/src/api/com/atproto/server/requestEmailUpdate.ts +64 -48
  97. package/src/api/com/atproto/server/updateEmail.ts +32 -62
  98. package/src/config/config.ts +69 -57
  99. package/src/config/env.ts +3 -0
  100. package/src/context.ts +2 -1
  101. package/src/mailer/index.ts +35 -11
  102. package/src/mailer/templates/confirm-email.hbs +18 -17
  103. package/src/mailer/templates/delete-account.hbs +6 -6
  104. package/src/mailer/templates/plc-operation.hbs +6 -6
  105. package/src/mailer/templates/reset-password.hbs +7 -7
  106. package/src/mailer/templates/update-email.hbs +6 -6
  107. package/src/mailer/templates.ts +12 -0
  108. package/src/pipethrough.ts +33 -12
  109. package/tests/account-manager.test.ts +89 -8
  110. package/tests/app-passwords.test.ts +5 -5
  111. package/tests/get-service-auth.test.ts +81 -0
  112. package/tests/proxied/proxy-header.test.ts +1 -0
  113. package/tests/proxied/proxy-oauth-aud.test.ts +175 -0
package/CHANGELOG.md CHANGED
@@ -1,5 +1,32 @@
1
1
  # @atproto/pds
2
2
 
3
+ ## 0.5.1
4
+
5
+ ### Patch Changes
6
+
7
+ - [#4992](https://github.com/bluesky-social/atproto/pull/4992) [`622d365`](https://github.com/bluesky-social/atproto/commit/622d365aeb240133f40763a3b1c43981112837fc) Thanks [@devinivy](https://github.com/devinivy)! - Fix OAuth service-proxying audience check to use combined `did#serviceId` form, matching the shape of granted `rpc:` scopes.
8
+
9
+ - [#5009](https://github.com/bluesky-social/atproto/pull/5009) [`d5ca2b8`](https://github.com/bluesky-social/atproto/commit/d5ca2b850463097710a69439f06a5fb14c2d4194) Thanks [@matthieusieben](https://github.com/matthieusieben)! - 3rd party branding, optional bsky link removal in email templates
10
+
11
+ - [#4992](https://github.com/bluesky-social/atproto/pull/4992) [`622d365`](https://github.com/bluesky-social/atproto/commit/622d365aeb240133f40763a3b1c43981112837fc) Thanks [@devinivy](https://github.com/devinivy)! - `getServiceAuth` now accepts the combined `did#serviceId` form for its `aud` parameter, in addition to the bare DID form.
12
+
13
+ - Updated dependencies [[`60721e6`](https://github.com/bluesky-social/atproto/commit/60721e69c8db193eb817c4238ac447505ac855bc), [`622d365`](https://github.com/bluesky-social/atproto/commit/622d365aeb240133f40763a3b1c43981112837fc), [`60721e6`](https://github.com/bluesky-social/atproto/commit/60721e69c8db193eb817c4238ac447505ac855bc), [`622d365`](https://github.com/bluesky-social/atproto/commit/622d365aeb240133f40763a3b1c43981112837fc)]:
14
+ - @atproto/lex@0.1.3
15
+ - @atproto/oauth-scopes@0.5.0
16
+ - @atproto/did@0.5.0
17
+ - @atproto/oauth-provider@0.18.1
18
+
19
+ ## 0.5.0
20
+
21
+ ### Minor Changes
22
+
23
+ - [#4883](https://github.com/bluesky-social/atproto/pull/4883) [`64f5148`](https://github.com/bluesky-social/atproto/commit/64f5148ad8dcd669f77a9e022bd2622b2e594e0d) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Add support for email verification and management in the account management interface
24
+
25
+ ### Patch Changes
26
+
27
+ - Updated dependencies [[`64f5148`](https://github.com/bluesky-social/atproto/commit/64f5148ad8dcd669f77a9e022bd2622b2e594e0d)]:
28
+ - @atproto/oauth-provider@0.18.0
29
+
3
30
  ## 0.4.226
4
31
 
5
32
  ### Patch Changes
package/dist/account-manager/account-manager.d.ts CHANGED
@@ -4,6 +4,7 @@ import { AtIdentifierString, DidString, HandleString } from '@atproto/lex';
4
4
  import { Cid } from '@atproto/lex-data';
5
5
  import { AuthRequiredError } from '@atproto/xrpc-server';
6
6
  import { com } from '../lexicons/index.js';
7
+ import { ServerMailer } from '../mailer/index.js';
7
8
  import { AccountDb, EmailTokenPurpose } from './db/index.js';
8
9
  import * as account from './helpers/account.js';
9
10
  import { AccountStatus, ActorAccount } from './helpers/account.js';
@@ -32,10 +33,11 @@ export type AccountManagerDbConfig = {
32
33
  export declare class AccountManager {
33
34
  readonly idResolver: IdResolver;
34
35
  readonly jwtKey: KeyObject;
36
+ readonly mailer: ServerMailer;
35
37
  readonly serviceDid: string;
36
38
  readonly serviceHandleDomains: string[];
37
39
  readonly db: AccountDb;
38
- constructor(idResolver: IdResolver, jwtKey: KeyObject, serviceDid: string, serviceHandleDomains: string[], db: AccountManagerDbConfig);
40
+ constructor(idResolver: IdResolver, jwtKey: KeyObject, mailer: ServerMailer, serviceDid: string, serviceHandleDomains: string[], db: AccountManagerDbConfig);
39
41
  migrateOrThrow(): Promise<void>;
40
42
  close(): void;
41
43
  getAccount(handleOrDid: AtIdentifierString, flags?: account.AvailabilityFlags): Promise<ActorAccount | null>;
@@ -123,11 +125,23 @@ export declare class AccountManager {
123
125
  createEmailToken(did: DidString, purpose: EmailTokenPurpose): Promise<string>;
124
126
  assertValidEmailToken(did: DidString, purpose: EmailTokenPurpose, token: string): Promise<void>;
125
127
  assertValidEmailTokenAndCleanup(did: DidString, purpose: EmailTokenPurpose, token: string): Promise<void>;
126
- confirmEmail(opts: {
127
- did: DidString;
128
- token: string;
128
+ requestEmailConfirmation(did: DidString, opts?: {
129
+ locale?: string;
129
130
  }): Promise<void>;
130
- updateEmail(opts: {
131
+ confirmEmail(did: DidString, email: string, token: string): Promise<account.ActorAccount>;
132
+ requestEmailUpdate(did: DidString, opts?: {
133
+ locale?: string;
134
+ }): Promise<{
135
+ tokenRequired: boolean;
136
+ }>;
137
+ /**
138
+ * @throws UserAlreadyExistsError if the new email is already in use by another account
139
+ */
140
+ updateEmail(did: DidString, email: string, token?: string, opts?: {
141
+ locale?: string;
142
+ sendConfirmationEmail?: boolean;
143
+ }): Promise<account.ActorAccount>;
144
+ updateAccountEmail(opts: {
131
145
  did: DidString;
132
146
  email: string;
133
147
  }): Promise<void>;
package/dist/account-manager/account-manager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account-manager.d.ts","sourceRoot":"","sources":["../../src/account-manager/account-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAEvC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,YAAY,EAEb,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,GAAG,EAAE,MAAM,mBAAmB,CAAA;AAEvC,OAAO,EAAE,iBAAiB,EAAuB,MAAM,sBAAsB,CAAA;AAS7E,OAAO,EAAE,GAAG,EAAE,MAAM,sBAAsB,CAAA;AAC1C,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAsB,MAAM,eAAe,CAAA;AAChF,OAAO,KAAK,OAAO,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AAIlE,OAAO,KAAK,QAAQ,MAAM,uBAAuB,CAAA;AAKjD,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAEzE;;;;;;;;;;;GAWG;AACH,qBAAa,oBAAqB,SAAQ,iBAAiB;aAEvC,GAAG,EAAE,MAAM;gBAAX,GAAG,EAAE,MAAM,EAC3B,YAAY,SAAmC;CAIlD;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,YAAY,EAAE,MAAM,CAAA;IACpB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,qBAAa,cAAc;IAIvB,QAAQ,CAAC,UAAU,EAAE,UAAU;IAC/B,QAAQ,CAAC,MAAM,EAAE,SAAS;IAC1B,QAAQ,CAAC,UAAU,EAAE,MAAM;IAC3B,QAAQ,CAAC,oBAAoB,EAAE,MAAM,EAAE;IANzC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAA;gBAGX,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,SAAS,EACjB,UAAU,EAAE,MAAM,EAClB,oBAAoB,EAAE,MAAM,EAAE,EACvC,EAAE,EAAE,sBAAsB;IAKtB,cAAc;IAKpB,KAAK;IAOC,UAAU,CACd,WAAW,EAAE,kBAAkB,EAC/B,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIzB,WAAW,CACf,IAAI,EAAE,SAAS,EAAE,EACjB,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAI/B,iBAAiB,CACrB,KAAK,EAAE,MAAM,EACb,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIzB,kBAAkB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAMpD,cAAc,CAClB,WAAW,EAAE,kBAAkB,EAC/B,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKnB,gBAAgB,CACpB,WAAW,EAAE,kBAAkB,GAC9B,OAAO,CAAC,aAAa,CAAC;IAUnB,0BAA0B,CAC9B,MAAM,EAAE,MAAM,EACd,EACE,GAAG,EACH,aAAa,GACd,GAAE;QACD,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,aAAa,CAAC,EAAE,OAAO,CAAA;KACnB,GACL,OAAO,CAAC,YAAY,CAAC;IAyClB,aAAa,CAAC,EAClB,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,UAAU,EACV,WAAW,EACX,UAAU,GACX,EAAE;QACD,GAAG,EAAE,SAAS,CAAA;QACd,MAAM,EAAE,YAAY,CAAA;QACpB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,OAAO,EAAE,GAAG,CAAA;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,WAAW,CAAC,EAAE,OAAO,CAAA;QACrB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB;IAmCK,uBAAuB,CAAC,IAAI,EAAE;QAClC,GAAG,EAAE,SAAS,CAAA;QACd,MAAM,EAAE,YAAY,CAAA;QACpB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,OAAO,EAAE,GAAG,CAAA;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,WAAW,CAAC,EAAE,OAAO,CAAA;KACtB;;;;IAeK,YAAY,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY;IAIjD,aAAa,CAAC,GAAG,EAAE,SAAS;IAI5B,eAAe,CACnB,GAAG,EAAE,SAAS,EACd,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU;IAWvC,qBAAqB,CAAC,GAAG,EAAE,SAAS;;;;IAIpC,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM;IAIpD,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI;IAI5D,eAAe,CAAC,GAAG,EAAE,SAAS;IAO9B,aAAa,CACjB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,EAC5C,aAAa,UAAQ;;;;IAgBjB,kBAAkB,CAAC,EAAE,EAAE,MAAM;IAwD7B,kBAAkB,CAAC,EAAE,EAAE,MAAM;IAO7B,KAAK,CAAC,EACV,UAAU,EACV,QAAQ,GACT,EAAE;QACD,UAAU,EAAE,MAAM,CAAA;QAClB,QAAQ,EAAE,MAAM,CAAA;KACjB,GAAG,OAAO,CAAC;QACV,IAAI,EAAE,YAAY,CAAA;QAClB,WAAW,EAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAA;QAC5C,aAAa,EAAE,OAAO,CAAA;KACvB,CAAC;IAgDI,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO;IAInE,gBAAgB,CAAC,GAAG,EAAE,SAAS;;;;;IAI/B,qBAAqB,CACzB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC;IAIb,iBAAiB,CACrB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC;IAIrC,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM;IAY9C,uBAAuB,CAAC,IAAI,EAAE,MAAM;IAIpC,iBAAiB,CACrB,QAAQ,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,EAChD,QAAQ,EAAE,MAAM;IAKZ,wBAAwB,CAC5B,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,CAAC,GAAG,CAAC;IAWX,sBAAsB,CAAC,GAAG,EAAE,SAAS;IAKrC,uBAAuB,CAAC,IAAI,EAAE,SAAS,EAAE;IAIzC,uBAAuB,CAAC,IAAI,EAAE,SAAS,EAAE;IAIzC,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE;IAIlC,yBAAyB,CAAC,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO;IAI3D,kBAAkB,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE;IAOhE,gBAAgB,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB;IAI3D,qBAAqB,CACzB,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,iBAAiB,EAC1B,KAAK,EAAE,MAAM;IAKT,+BAA+B,CACnC,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,iBAAiB,EAC1B,KAAK,EAAE,MAAM;IAMT,YAAY,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAYpD,WAAW,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAUnD,aAAa,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAWvD,qBAAqB,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE;CAWvE"}
1
+ {"version":3,"file":"account-manager.d.ts","sourceRoot":"","sources":["../../src/account-manager/account-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAIvC,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,YAAY,EAEb,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,GAAG,EAAE,MAAM,mBAAmB,CAAA;AAEvC,OAAO,EAAE,iBAAiB,EAAuB,MAAM,sBAAsB,CAAA;AAS7E,OAAO,EAAE,GAAG,EAAE,MAAM,sBAAsB,CAAA;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAsB,MAAM,eAAe,CAAA;AAChF,OAAO,KAAK,OAAO,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AAIlE,OAAO,KAAK,QAAQ,MAAM,uBAAuB,CAAA;AAKjD,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAEzE;;;;;;;;;;;GAWG;AACH,qBAAa,oBAAqB,SAAQ,iBAAiB;aAEvC,GAAG,EAAE,MAAM;gBAAX,GAAG,EAAE,MAAM,EAC3B,YAAY,SAAmC;CAIlD;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,YAAY,EAAE,MAAM,CAAA;IACpB,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA;AAED,qBAAa,cAAc;IAIvB,QAAQ,CAAC,UAAU,EAAE,UAAU;IAC/B,QAAQ,CAAC,MAAM,EAAE,SAAS;IAC1B,QAAQ,CAAC,MAAM,EAAE,YAAY;IAC7B,QAAQ,CAAC,UAAU,EAAE,MAAM;IAC3B,QAAQ,CAAC,oBAAoB,EAAE,MAAM,EAAE;IAPzC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAA;gBAGX,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,SAAS,EACjB,MAAM,EAAE,YAAY,EACpB,UAAU,EAAE,MAAM,EAClB,oBAAoB,EAAE,MAAM,EAAE,EACvC,EAAE,EAAE,sBAAsB;IAKtB,cAAc;IAKpB,KAAK;IAOC,UAAU,CACd,WAAW,EAAE,kBAAkB,EAC/B,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIzB,WAAW,CACf,IAAI,EAAE,SAAS,EAAE,EACjB,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAI/B,iBAAiB,CACrB,KAAK,EAAE,MAAM,EACb,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIzB,kBAAkB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAMpD,cAAc,CAClB,WAAW,EAAE,kBAAkB,EAC/B,KAAK,CAAC,EAAE,OAAO,CAAC,iBAAiB,GAChC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKnB,gBAAgB,CACpB,WAAW,EAAE,kBAAkB,GAC9B,OAAO,CAAC,aAAa,CAAC;IAUnB,0BAA0B,CAC9B,MAAM,EAAE,MAAM,EACd,EACE,GAAG,EACH,aAAa,GACd,GAAE;QACD,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,aAAa,CAAC,EAAE,OAAO,CAAA;KACnB,GACL,OAAO,CAAC,YAAY,CAAC;IAyClB,aAAa,CAAC,EAClB,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,UAAU,EACV,WAAW,EACX,UAAU,GACX,EAAE;QACD,GAAG,EAAE,SAAS,CAAA;QACd,MAAM,EAAE,YAAY,CAAA;QACpB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,OAAO,EAAE,GAAG,CAAA;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,WAAW,CAAC,EAAE,OAAO,CAAA;QACrB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB;IAmCK,uBAAuB,CAAC,IAAI,EAAE;QAClC,GAAG,EAAE,SAAS,CAAA;QACd,MAAM,EAAE,YAAY,CAAA;QACpB,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,OAAO,EAAE,GAAG,CAAA;QACZ,OAAO,EAAE,MAAM,CAAA;QACf,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,WAAW,CAAC,EAAE,OAAO,CAAA;KACtB;;;;IAeK,YAAY,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY;IAIjD,aAAa,CAAC,GAAG,EAAE,SAAS;IAI5B,eAAe,CACnB,GAAG,EAAE,SAAS,EACd,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU;IAWvC,qBAAqB,CAAC,GAAG,EAAE,SAAS;;;;IAIpC,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM;IAIpD,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI;IAI5D,eAAe,CAAC,GAAG,EAAE,SAAS;IAO9B,aAAa,CACjB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,EAC5C,aAAa,UAAQ;;;;IAgBjB,kBAAkB,CAAC,EAAE,EAAE,MAAM;IAwD7B,kBAAkB,CAAC,EAAE,EAAE,MAAM;IAO7B,KAAK,CAAC,EACV,UAAU,EACV,QAAQ,GACT,EAAE;QACD,UAAU,EAAE,MAAM,CAAA;QAClB,QAAQ,EAAE,MAAM,CAAA;KACjB,GAAG,OAAO,CAAC;QACV,IAAI,EAAE,YAAY,CAAA;QAClB,WAAW,EAAE,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAA;QAC5C,aAAa,EAAE,OAAO,CAAA;KACvB,CAAC;IAgDI,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO;IAInE,gBAAgB,CAAC,GAAG,EAAE,SAAS;;;;;IAI/B,qBAAqB,CACzB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,OAAO,CAAC;IAIb,iBAAiB,CACrB,GAAG,EAAE,SAAS,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC;IAIrC,iBAAiB,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM;IAY9C,uBAAuB,CAAC,IAAI,EAAE,MAAM;IAIpC,iBAAiB,CACrB,QAAQ,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,EAChD,QAAQ,EAAE,MAAM;IAKZ,wBAAwB,CAC5B,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,CAAC,GAAG,CAAC;IAWX,sBAAsB,CAAC,GAAG,EAAE,SAAS;IAKrC,uBAAuB,CAAC,IAAI,EAAE,SAAS,EAAE;IAIzC,uBAAuB,CAAC,IAAI,EAAE,SAAS,EAAE;IAIzC,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE;IAIlC,yBAAyB,CAAC,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO;IAI3D,kBAAkB,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE;IAOhE,gBAAgB,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB;IAI3D,qBAAqB,CACzB,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,iBAAiB,EAC1B,KAAK,EAAE,MAAM;IAKT,+BAA+B,CACnC,GAAG,EAAE,SAAS,EACd,OAAO,EAAE,iBAAiB,EAC1B,KAAK,EAAE,MAAM;IAMT,wBAAwB,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAoBnE,YAAY,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IA0BzD,kBAAkB,CACtB,GAAG,EAAE,SAAS,EACd,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GACzB,OAAO,CAAC;QAAE,aAAa,EAAE,OAAO,CAAA;KAAE,CAAC;IA4BtC;;OAEG;IACG,WAAW,CACf,GAAG,EAAE,SAAS,EACd,KAAK,EAAE,MAAM,EACb,KAAK,CAAC,EAAE,MAAM,EACd,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,qBAAqB,CAAC,EAAE,OAAO,CAAA;KAAE;IA+CvD,kBAAkB,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAQ1D,aAAa,CAAC,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAWvD,qBAAqB,CAAC,IAAI,EAAE;QAAE,GAAG,EAAE,SAAS,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE;CAWvE"}
package/dist/account-manager/account-manager.js CHANGED
@@ -1,3 +1,5 @@
1
+ import { isEmailValid } from '@hapi/address';
2
+ import { isDisposableEmail } from 'disposable-email-domains-js';
1
3
  import { HOUR, wait } from '@atproto/common';
2
4
  import { isAtIdentifierString, } from '@atproto/lex';
3
5
  import { currentDatetimeString, isValidTld } from '@atproto/syntax';
@@ -36,9 +38,10 @@ export class InvalidPasswordError extends AuthRequiredError {
36
38
  }
37
39
  }
38
40
  export class AccountManager {
39
- constructor(idResolver, jwtKey, serviceDid, serviceHandleDomains, db) {
41
+ constructor(idResolver, jwtKey, mailer, serviceDid, serviceHandleDomains, db) {
40
42
  this.idResolver = idResolver;
41
43
  this.jwtKey = jwtKey;
44
+ this.mailer = mailer;
42
45
  this.serviceDid = serviceDid;
43
46
  this.serviceHandleDomains = serviceHandleDomains;
44
47
  this.db = getDb(db.accountDbLoc, db.disableWalAutoCheckpoint);
@@ -337,21 +340,100 @@ export class AccountManager {
337
340
  await emailToken.assertValidToken(this.db, did, purpose, token);
338
341
  await emailToken.deleteEmailToken(this.db, did, purpose);
339
342
  }
340
- async confirmEmail(opts) {
341
- const { did, token } = opts;
343
+ async requestEmailConfirmation(did, opts) {
344
+ const account = await this.getAccount(did, {
345
+ includeDeactivated: true,
346
+ includeTakenDown: true,
347
+ });
348
+ if (!account) {
349
+ throw new InvalidRequestError('account not found');
350
+ }
351
+ if (!account.email) {
352
+ throw new InvalidRequestError('account does not have an email address');
353
+ }
354
+ const locale = opts?.locale;
355
+ const token = await this.createEmailToken(did, 'confirm_email');
356
+ await this.mailer.sendConfirmEmail({ token, locale }, { to: account.email });
357
+ }
358
+ async confirmEmail(did, email, token) {
359
+ const user = await this.getAccount(did, {
360
+ includeDeactivated: true,
361
+ includeTakenDown: true,
362
+ });
363
+ if (!user) {
364
+ throw new InvalidRequestError('user not found', 'AccountNotFound');
365
+ }
366
+ if (user.email !== email.toLowerCase()) {
367
+ throw new InvalidRequestError('invalid email', 'InvalidEmail');
368
+ }
342
369
  await emailToken.assertValidToken(this.db, did, 'confirm_email', token);
343
370
  const now = currentDatetimeString();
344
- await this.db.transaction((dbTxn) => Promise.all([
345
- emailToken.deleteEmailToken(dbTxn, did, 'confirm_email'),
346
- account.setEmailConfirmedAt(dbTxn, did, now),
347
- ]));
371
+ await this.db.transaction(async (dbTxn) => {
372
+ await emailToken.deleteEmailToken(dbTxn, did, 'confirm_email');
373
+ await account.setEmailConfirmedAt(dbTxn, did, now);
374
+ });
375
+ user.emailConfirmedAt = now;
376
+ return user;
377
+ }
378
+ async requestEmailUpdate(did, opts) {
379
+ const account = await this.getAccount(did, {
380
+ includeDeactivated: true,
381
+ includeTakenDown: true,
382
+ });
383
+ if (!account) {
384
+ throw new InvalidRequestError('account not found');
385
+ }
386
+ if (!account.email) {
387
+ throw new InvalidRequestError('account does not have an email address');
388
+ }
389
+ const token = account.emailConfirmedAt
390
+ ? await this.createEmailToken(did, 'update_email')
391
+ : null;
392
+ if (token) {
393
+ await this.mailer.sendUpdateEmail({ token, locale: opts?.locale }, { to: account.email });
394
+ }
395
+ return { tokenRequired: !!token };
396
+ }
397
+ /**
398
+ * @throws UserAlreadyExistsError if the new email is already in use by another account
399
+ */
400
+ async updateEmail(did, email, token, opts) {
401
+ if (!isEmailValid(email) || isDisposableEmail(email)) {
402
+ throw new InvalidRequestError('This email address is not supported, please use a different email.');
403
+ }
404
+ const account = await this.getAccount(did, {
405
+ includeDeactivated: true,
406
+ includeTakenDown: true,
407
+ });
408
+ if (!account) {
409
+ throw new InvalidRequestError('account not found');
410
+ }
411
+ const tokenRequired = !!account.emailConfirmedAt;
412
+ // require a token if account email is confirmed
413
+ if (!token && tokenRequired) {
414
+ throw new InvalidRequestError('confirmation token required', 'TokenRequired');
415
+ }
416
+ if (token) {
417
+ await this.assertValidEmailToken(did, 'update_email', token);
418
+ }
419
+ await this.updateAccountEmail({ did, email });
420
+ account.email = email;
421
+ account.emailConfirmedAt = null;
422
+ // Proactively send a confirmation email so that the user can confirm the
423
+ // new email immediately.
424
+ if (opts?.sendConfirmationEmail) {
425
+ const token = await this.createEmailToken(did, 'confirm_email');
426
+ const locale = opts.locale;
427
+ await this.mailer.sendConfirmEmail({ token, locale }, { to: email });
428
+ }
429
+ return account;
348
430
  }
349
- async updateEmail(opts) {
431
+ async updateAccountEmail(opts) {
350
432
  const { did, email } = opts;
351
- await this.db.transaction((dbTxn) => Promise.all([
352
- account.updateEmail(dbTxn, did, email),
353
- emailToken.deleteAllEmailTokens(dbTxn, did),
354
- ]));
433
+ await this.db.transaction(async (dbTxn) => {
434
+ await account.updateEmail(dbTxn, did, email);
435
+ await emailToken.deleteAllEmailTokens(dbTxn, did);
436
+ });
355
437
  }
356
438
  async resetPassword(opts) {
357
439
  const did = await emailToken.assertValidTokenAndFindDid(this.db, 'reset_password', opts.token);
package/dist/account-manager/account-manager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account-manager.js","sourceRoot":"","sources":["../../src/account-manager/account-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAA;AAE5C,OAAO,EAIL,oBAAoB,GACrB,MAAM,cAAc,CAAA;AAErB,OAAO,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC7E,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAA;AAC7D,OAAO,EACL,wBAAwB,EACxB,8BAA8B,EAC9B,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAE3B,OAAO,EAAgC,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AAChF,OAAO,KAAK,OAAO,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAgB,MAAM,sBAAsB,CAAA;AAClE,OAAO,KAAK,IAAI,MAAM,mBAAmB,CAAA;AACzC,OAAO,KAAK,UAAU,MAAM,0BAA0B,CAAA;AACtD,OAAO,KAAK,MAAM,MAAM,qBAAqB,CAAA;AAC7C,OAAO,KAAK,QAAQ,MAAM,uBAAuB,CAAA;AACjD,OAAO,KAAK,IAAI,MAAM,mBAAmB,CAAA;AACzC,OAAO,KAAK,MAAM,MAAM,qBAAqB,CAAA;AAC7C,OAAO,KAAK,KAAK,MAAM,oBAAoB,CAAA;AAE3C,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAEzE;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,oBAAqB,SAAQ,iBAAiB;IACzD,YACkB,GAAW,EAC3B,YAAY,GAAG,gCAAgC;QAE/C,KAAK,CAAC,YAAY,CAAC,CAAA;QAHH,QAAG,GAAH,GAAG,CAAQ;IAI7B,CAAC;CACF;AAOD,MAAM,OAAO,cAAc;IAGzB,YACW,UAAsB,EACtB,MAAiB,EACjB,UAAkB,EAClB,oBAA8B,EACvC,EAA0B;QAJjB,eAAU,GAAV,UAAU,CAAY;QACtB,WAAM,GAAN,MAAM,CAAW;QACjB,eAAU,GAAV,UAAU,CAAQ;QAClB,yBAAoB,GAApB,oBAAoB,CAAU;QAGvC,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,wBAAwB,CAAC,CAAA;IAC/D,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAA;QACzB,MAAM,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,sBAAsB,EAAE,CAAA;IACrD,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACjB,CAAC;IAED,UAAU;IACV,aAAa;IAEb,KAAK,CAAC,UAAU,CACd,WAA+B,EAC/B,KAAiC;QAEjC,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,CAAA;IACxD,CAAC;IAED,KAAK,CAAC,WAAW,CACf,IAAiB,EACjB,KAAiC;QAEjC,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,KAAa,EACb,KAAiC;QAEjC,OAAO,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,GAAc;QACrC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAA;QACxE,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAA;QAC1B,OAAO,CAAC,OAAO,CAAC,aAAa,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,WAA+B,EAC/B,KAAiC;QAEjC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;QACrD,OAAO,GAAG,EAAE,GAAG,IAAI,IAAI,CAAA;IACzB,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,WAA+B;QAE/B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE;YAC7C,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,MAAM,GAAG,GAAG,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;QAC5C,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,MAAc,EACd,EACE,GAAG,EACH,aAAa,MAIX,EAAE;QAEN,MAAM,UAAU,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAA;QAEnD,iBAAiB;QACjB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,mBAAmB,CAC3B,qCAAqC,EACrC,eAAe,CAChB,CAAA;QACH,CAAC;QACD,aAAa;QACb,IAAI,CAAC,aAAa,IAAI,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,mBAAmB,CAC3B,kCAAkC,EAClC,eAAe,CAChB,CAAA;QACH,CAAC;QACD,IAAI,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3D,yCAAyC;YACzC,8BAA8B,CAC5B,UAAU,EACV,IAAI,CAAC,oBAAoB,EACzB,aAAa,CACd,CAAA;QACH,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBAChB,MAAM,IAAI,mBAAmB,CAC3B,+BAA+B,EAC/B,mBAAmB,CACpB,CAAA;YACH,CAAC;YACD,4CAA4C;YAC5C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;YACpE,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;gBACxB,MAAM,IAAI,mBAAmB,CAAC,wCAAwC,CAAC,CAAA;YACzE,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAClB,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,UAAU,EACV,WAAW,EACX,UAAU,GAWX;QACC,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,uBAAuB,EAAE,CAAC;YACjE,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;QACpD,CAAC;QAED,MAAM,cAAc,GAAG,QAAQ;YAC7B,CAAC,CAAC,MAAM,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC;YACvC,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,GAAG,GAAG,qBAAqB,EAAE,CAAA;QACnC,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,MAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;YACzD,CAAC;YACD,MAAM,OAAO,CAAC,GAAG,CAAC;gBAChB,OAAO,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;gBAC1D,KAAK,IAAI,cAAc;oBACrB,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;oBAChE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE;gBACrB,MAAM,CAAC,eAAe,CAAC,KAAK,EAAE;oBAC5B,GAAG;oBACH,UAAU;oBACV,GAAG;iBACJ,CAAC;gBACF,UAAU;oBACR,IAAI,CAAC,iBAAiB,CACpB,KAAK,EACL,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,EACnC,IAAI,CACL;gBACH,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC;aAC9C,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAS7B;QACC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,SAAS,CAAC,MAAM;SACxB,CAAC,CAAA;QAEF,MAAM,IAAI,CAAC,aAAa,CAAC,EAAE,GAAG,IAAI,EAAE,UAAU,EAAE,CAAC,CAAA;QAEjD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,yDAAyD;IACzD,0EAA0E;IAC1E,KAAK,CAAC,YAAY,CAAC,GAAc,EAAE,MAAoB;QACrD,OAAO,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;IACnD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAAc;QAChC,OAAO,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAC5C,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,GAAc,EACd,QAA2C;QAE3C,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,OAAO,CAAC,2BAA2B,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC;YACzD,IAAI,CAAC,wBAAwB,CAAC,KAAK,EAAE,GAAG,CAAC;YACzC,KAAK,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE;SAC1C,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAc;QACxC,OAAO,OAAO,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAc,EAAE,GAAQ,EAAE,GAAW;QACxD,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,WAA0B;QAChE,OAAO,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,GAAc;QAClC,OAAO,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAC9C,CAAC;IAED,OAAO;IACP,aAAa;IAEb,KAAK,CAAC,aAAa,CACjB,GAAc,EACd,WAA4C,EAC5C,aAAa,GAAG,KAAK;QAErB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG;YACH,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,aAAa,CAAC;SACpD,CAAC,CAAA;QACF,mFAAmF;QACnF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;YAC1D,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,cAAc,EAAE,WAAW,CAAC,CAAA;QACpE,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU;QACjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QACrD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QAEvB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QAEtB,yDAAyD;QACzD,mEAAmE;QACnE,MAAM,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAA;QAE5E,mDAAmD;QACnD,2DAA2D;QAC3D,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAC/C,MAAM,gBAAgB,GAAG,CAAC,GAAG,IAAI,CAAA;QACjC,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,gBAAgB,CAAC,CAAA;QAEjE,MAAM,SAAS,GACb,cAAc,GAAG,aAAa,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,aAAa,CAAA;QAEjE,IAAI,SAAS,IAAI,GAAG,EAAE,CAAC;YACrB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,0DAA0D;QAC1D,6DAA6D;QAC7D,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAA;QAEvD,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC;YAC1C,GAAG,EAAE,MAAM;SACZ,CAAC,CAAA;QAEF,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;QAC1D,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,EAAE,CAClC,OAAO,CAAC,GAAG,CAAC;gBACV,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE;oBAChC,EAAE;oBACF,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;oBAClC,MAAM;iBACP,CAAC;gBACF,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,CAAC,WAAW,CAAC;aACjE,CAAC,CACH,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAA;YACpC,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU;QACjC,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;IAC7C,CAAC;IAED,QAAQ;IACR,aAAa;IAEb,KAAK,CAAC,KAAK,CAAC,EACV,UAAU,EACV,QAAQ,GAIT;QAKC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACxB,IAAI,CAAC;YACH,MAAM,oBAAoB,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;YAErD,MAAM,IAAI,GAAG,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC7C,CAAC,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,oBAAoB,EAAE;oBACjD,kBAAkB,EAAE,IAAI;oBACxB,gBAAgB,EAAE,IAAI;iBACvB,CAAC;gBACJ,CAAC,CAAC,oBAAoB,CAAC,oBAAoB,CAAC;oBAC1C,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,EAAE;wBAC1C,kBAAkB,EAAE,IAAI;wBACxB,gBAAgB,EAAE,IAAI;qBACvB,CAAC;oBACJ,CAAC,CAAC,IAAI,CAAA;YAEV,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,iBAAiB,CAAC,gCAAgC,CAAC,CAAA;YAC/D,CAAC;YACD,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,CAAA;YAEvC,IAAI,WAAW,GAAoC,IAAI,CAAA;YACvD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CACvD,IAAI,CAAC,GAAG,EACR,QAAQ,CACT,CAAA;YACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,8DAA8D;gBAC9D,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAC1C,CAAC;gBACD,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;gBAC9D,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;oBACzB,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAC1C,CAAC;YACH,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,CAAA;QAC7C,CAAC;gBAAS,CAAC;YACT,0BAA0B;YAC1B,MAAM,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,CAAA;QACxC,CAAC;IACH,CAAC;IAED,YAAY;IACZ,aAAa;IAEb,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,IAAY,EAAE,UAAmB;QACvE,OAAO,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,CAAC,CAAA;IACnE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,GAAc;QACnC,OAAO,QAAQ,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,GAAc,EACd,WAAmB;QAEnB,OAAO,QAAQ,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,GAAc,EACd,WAAmB;QAEnB,OAAO,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,IAAY;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,QAAQ,CAAC,iBAAiB,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC;YAC5C,IAAI,CAAC,6BAA6B,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC;SACrD,CAAC,CACH,CAAA;IACH,CAAC;IAED,UAAU;IACV,aAAa;IAEb,KAAK,CAAC,uBAAuB,CAAC,IAAY;QACxC,OAAO,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,QAAgD,EAChD,QAAgB;QAEhB,OAAO,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,UAAkB,EAClB,KAAe,EACf,aAAqB,EACrB,QAAe;QAEf,OAAO,MAAM,CAAC,wBAAwB,CACpC,IAAI,CAAC,EAAE,EACP,UAAU,EACV,KAAK,EACL,aAAa,EACb,QAAQ,CACT,CAAA;IACH,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,GAAc;QACzC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAA;QACvE,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAiB;QAC7C,OAAO,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACrD,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAiB;QAC7C,OAAO,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAAe;QACtC,OAAO,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,GAAc,EAAE,QAAiB;QAC/D,OAAO,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAA;IACjE,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAA6C;QACpE,OAAO,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACjD,CAAC;IAED,eAAe;IACf,aAAa;IAEb,KAAK,CAAC,gBAAgB,CAAC,GAAc,EAAE,OAA0B;QAC/D,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC3D,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,GAAc,EACd,OAA0B,EAC1B,KAAa;QAEb,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,+BAA+B,CACnC,GAAc,EACd,OAA0B,EAC1B,KAAa;QAEb,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAA;QAC/D,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC1D,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,IAAuC;QACxD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;QAC3B,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE,KAAK,CAAC,CAAA;QACvE,MAAM,GAAG,GAAG,qBAAqB,EAAE,CAAA;QACnC,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,EAAE,CAClC,OAAO,CAAC,GAAG,CAAC;YACV,UAAU,CAAC,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,eAAe,CAAC;YACxD,OAAO,CAAC,mBAAmB,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SAC7C,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,IAAuC;QACvD,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;QAC3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,EAAE,CAClC,OAAO,CAAC,GAAG,CAAC;YACV,OAAO,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,CAAC;YACtC,UAAU,CAAC,oBAAoB,CAAC,KAAK,EAAE,GAAG,CAAC;SAC5C,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAyC;QAC3D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,0BAA0B,CACrD,IAAI,CAAC,EAAE,EACP,gBAAgB,EAChB,IAAI,CAAC,KAAK,CACX,CAAA;QACD,MAAM,IAAI,CAAC,qBAAqB,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAA;QAElE,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAA0C;QACpE,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QACpB,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACjE,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,QAAQ,CAAC,kBAAkB,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,cAAc,EAAE,CAAC;YAC3D,UAAU,CAAC,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,gBAAgB,CAAC;YACzD,IAAI,CAAC,wBAAwB,CAAC,KAAK,EAAE,GAAG,CAAC;SAC1C,CAAC,CACH,CAAA;IACH,CAAC;CACF","sourcesContent":["import { KeyObject } from 'node:crypto'\nimport { HOUR, wait } from '@atproto/common'\nimport { IdResolver } from '@atproto/identity'\nimport {\n AtIdentifierString,\n DidString,\n HandleString,\n isAtIdentifierString,\n} from '@atproto/lex'\nimport { Cid } from '@atproto/lex-data'\nimport { currentDatetimeString, isValidTld } from '@atproto/syntax'\nimport { AuthRequiredError, InvalidRequestError } from '@atproto/xrpc-server'\nimport { AuthScope } from '../auth-scope.js'\nimport { softDeleted } from '../db/index.js'\nimport { hasExplicitSlur } from '../handle/explicit-slurs.js'\nimport {\n baseNormalizeAndValidate,\n ensureHandleServiceConstraints,\n isServiceDomain,\n} from '../handle/index.js'\nimport { com } from '../lexicons/index.js'\nimport { AccountDb, EmailTokenPurpose, getDb, getMigrator } from './db/index.js'\nimport * as account from './helpers/account.js'\nimport { AccountStatus, ActorAccount } from './helpers/account.js'\nimport * as auth from './helpers/auth.js'\nimport * as emailToken from './helpers/email-token.js'\nimport * as invite from './helpers/invite.js'\nimport * as password from './helpers/password.js'\nimport * as repo from './helpers/repo.js'\nimport * as scrypt from './helpers/scrypt.js'\nimport * as token from './helpers/token.js'\n\nexport { AccountStatus, formatAccountStatus } from './helpers/account.js'\n\n/**\n * Thrown by {@link AccountManager.login} when the identifier resolved to a\n * known account but the supplied credentials (account password / app\n * password) did not match. The matched `did` is attached so downstream\n * callers can distinguish \"identifier known, credentials wrong\" from\n * \"identifier unknown\" (which continues to throw a plain\n * {@link AuthRequiredError}).\n *\n * Callers should take care that remote clients *cannot* distinguish the above,\n * to prevent enumeration attacks. (Tested for in\n * packages/pds/tests/auth.test.ts)\n */\nexport class InvalidPasswordError extends AuthRequiredError {\n constructor(\n public readonly did: string,\n errorMessage = 'Invalid identifier or password',\n ) {\n super(errorMessage)\n }\n}\n\nexport type AccountManagerDbConfig = {\n accountDbLoc: string\n disableWalAutoCheckpoint: boolean\n}\n\nexport class AccountManager {\n readonly db: AccountDb\n\n constructor(\n readonly idResolver: IdResolver,\n readonly jwtKey: KeyObject,\n readonly serviceDid: string,\n readonly serviceHandleDomains: string[],\n db: AccountManagerDbConfig,\n ) {\n this.db = getDb(db.accountDbLoc, db.disableWalAutoCheckpoint)\n }\n\n async migrateOrThrow() {\n await this.db.ensureWal()\n await getMigrator(this.db).migrateToLatestOrThrow()\n }\n\n close() {\n this.db.close()\n }\n\n // Account\n // ----------\n\n async getAccount(\n handleOrDid: AtIdentifierString,\n flags?: account.AvailabilityFlags,\n ): Promise<ActorAccount | null> {\n return account.getAccount(this.db, handleOrDid, flags)\n }\n\n async getAccounts(\n dids: DidString[],\n flags?: account.AvailabilityFlags,\n ): Promise<Map<string, ActorAccount>> {\n return account.getAccounts(this.db, dids, flags)\n }\n\n async getAccountByEmail(\n email: string,\n flags?: account.AvailabilityFlags,\n ): Promise<ActorAccount | null> {\n return account.getAccountByEmail(this.db, email, flags)\n }\n\n async isAccountActivated(did: DidString): Promise<boolean> {\n const account = await this.getAccount(did, { includeDeactivated: true })\n if (!account) return false\n return !account.deactivatedAt\n }\n\n async getDidForActor(\n handleOrDid: AtIdentifierString,\n flags?: account.AvailabilityFlags,\n ): Promise<string | null> {\n const got = await this.getAccount(handleOrDid, flags)\n return got?.did ?? null\n }\n\n async getAccountStatus(\n handleOrDid: AtIdentifierString,\n ): Promise<AccountStatus> {\n const got = await this.getAccount(handleOrDid, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n const res = account.formatAccountStatus(got)\n return res.active ? AccountStatus.Active : res.status\n }\n\n async normalizeAndValidateHandle(\n handle: string,\n {\n did,\n allowAnyValid,\n }: {\n did?: string\n allowAnyValid?: boolean\n } = {},\n ): Promise<HandleString> {\n const normalized = baseNormalizeAndValidate(handle)\n\n // tld validation\n if (!isValidTld(normalized)) {\n throw new InvalidRequestError(\n 'Handle TLD is invalid or disallowed',\n 'InvalidHandle',\n )\n }\n // slur check\n if (!allowAnyValid && hasExplicitSlur(normalized)) {\n throw new InvalidRequestError(\n 'Inappropriate language in handle',\n 'InvalidHandle',\n )\n }\n if (isServiceDomain(normalized, this.serviceHandleDomains)) {\n // verify constraints on a service domain\n ensureHandleServiceConstraints(\n normalized,\n this.serviceHandleDomains,\n allowAnyValid,\n )\n } else {\n if (did == null) {\n throw new InvalidRequestError(\n 'Not a supported handle domain',\n 'UnsupportedDomain',\n )\n }\n // verify resolution of a non-service domain\n const resolvedDid = await this.idResolver.handle.resolve(normalized)\n if (resolvedDid !== did) {\n throw new InvalidRequestError('External handle did not resolve to DID')\n }\n }\n\n return normalized\n }\n\n async createAccount({\n did,\n handle,\n email,\n password,\n repoCid,\n repoRev,\n inviteCode,\n deactivated,\n refreshJwt,\n }: {\n did: DidString\n handle: HandleString\n email?: string\n password?: string\n repoCid: Cid\n repoRev: string\n inviteCode?: string\n deactivated?: boolean\n refreshJwt?: string\n }) {\n if (password && password.length > scrypt.NEW_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError('Password too long')\n }\n\n const passwordScrypt = password\n ? await scrypt.genSaltAndHash(password)\n : undefined\n\n const now = currentDatetimeString()\n await this.db.transaction(async (dbTxn) => {\n if (inviteCode) {\n await invite.ensureInviteIsAvailable(dbTxn, inviteCode)\n }\n await Promise.all([\n account.registerActor(dbTxn, { did, handle, deactivated }),\n email && passwordScrypt\n ? account.registerAccount(dbTxn, { did, email, passwordScrypt })\n : Promise.resolve(),\n invite.recordInviteUse(dbTxn, {\n did,\n inviteCode,\n now,\n }),\n refreshJwt &&\n auth.storeRefreshToken(\n dbTxn,\n auth.decodeRefreshToken(refreshJwt),\n null,\n ),\n repo.updateRoot(dbTxn, did, repoCid, repoRev),\n ])\n })\n }\n\n async createAccountAndSession(opts: {\n did: DidString\n handle: HandleString\n email?: string\n password?: string\n repoCid: Cid\n repoRev: string\n inviteCode?: string\n deactivated?: boolean\n }) {\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did: opts.did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: AuthScope.Access,\n })\n\n await this.createAccount({ ...opts, refreshJwt })\n\n return { accessJwt, refreshJwt }\n }\n\n // @NOTE should always be paired with a sequenceHandle().\n // the token output from this method should be passed to sequenceHandle().\n async updateHandle(did: DidString, handle: HandleString) {\n return account.updateHandle(this.db, did, handle)\n }\n\n async deleteAccount(did: DidString) {\n return account.deleteAccount(this.db, did)\n }\n\n async takedownAccount(\n did: DidString,\n takedown: com.atproto.admin.defs.StatusAttr,\n ) {\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n account.updateAccountTakedownStatus(dbTxn, did, takedown),\n auth.revokeRefreshTokensByDid(dbTxn, did),\n token.removeByDidQB(dbTxn, did).execute(),\n ]),\n )\n }\n\n async getAccountAdminStatus(did: DidString) {\n return account.getAccountAdminStatus(this.db, did)\n }\n\n async updateRepoRoot(did: DidString, cid: Cid, rev: string) {\n return repo.updateRoot(this.db, did, cid, rev)\n }\n\n async deactivateAccount(did: DidString, deleteAfter: string | null) {\n return account.deactivateAccount(this.db, did, deleteAfter)\n }\n\n async activateAccount(did: DidString) {\n return account.activateAccount(this.db, did)\n }\n\n // Auth\n // ----------\n\n async createSession(\n did: DidString,\n appPassword: password.AppPassDescript | null,\n isSoftDeleted = false,\n ) {\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: auth.formatScope(appPassword, isSoftDeleted),\n })\n // For soft deleted accounts don't store refresh token so that it can't be rotated.\n if (!isSoftDeleted) {\n const refreshPayload = auth.decodeRefreshToken(refreshJwt)\n await auth.storeRefreshToken(this.db, refreshPayload, appPassword)\n }\n return { accessJwt, refreshJwt }\n }\n\n async rotateRefreshToken(id: string) {\n const token = await auth.getRefreshToken(this.db, id)\n if (!token) return null\n\n const now = new Date()\n\n // take the chance to tidy all of a user's expired tokens\n // does not need to be transactional since this is just best-effort\n await auth.deleteExpiredRefreshTokens(this.db, token.did, now.toISOString())\n\n // Shorten the refresh token lifespan down from its\n // original expiration time to its revocation grace period.\n const prevExpiresAt = new Date(token.expiresAt)\n const REFRESH_GRACE_MS = 2 * HOUR\n const graceExpiresAt = new Date(now.getTime() + REFRESH_GRACE_MS)\n\n const expiresAt =\n graceExpiresAt < prevExpiresAt ? graceExpiresAt : prevExpiresAt\n\n if (expiresAt <= now) {\n return null\n }\n\n // Determine the next refresh token id: upon refresh token\n // reuse you always receive a refresh token with the same id.\n const nextId = token.nextId ?? auth.getRefreshTokenId()\n\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did: token.did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: auth.formatScope(token.appPassword),\n jti: nextId,\n })\n\n const refreshPayload = auth.decodeRefreshToken(refreshJwt)\n try {\n await this.db.transaction((dbTxn) =>\n Promise.all([\n auth.addRefreshGracePeriod(dbTxn, {\n id,\n expiresAt: expiresAt.toISOString(),\n nextId,\n }),\n auth.storeRefreshToken(dbTxn, refreshPayload, token.appPassword),\n ]),\n )\n } catch (err) {\n if (err instanceof auth.ConcurrentRefreshError) {\n return this.rotateRefreshToken(id)\n }\n throw err\n }\n return { accessJwt, refreshJwt }\n }\n\n async revokeRefreshToken(id: string) {\n return auth.revokeRefreshToken(this.db, id)\n }\n\n // Login\n // ----------\n\n async login({\n identifier,\n password,\n }: {\n identifier: string\n password: string\n }): Promise<{\n user: ActorAccount\n appPassword: password.AppPassDescript | null\n isSoftDeleted: boolean\n }> {\n const start = Date.now()\n try {\n const identifierNormalized = identifier.toLowerCase()\n\n const user = identifierNormalized.includes('@')\n ? await this.getAccountByEmail(identifierNormalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n : isAtIdentifierString(identifierNormalized)\n ? await this.getAccount(identifierNormalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n : null\n\n if (!user) {\n throw new AuthRequiredError('Invalid identifier or password')\n }\n const isSoftDeleted = softDeleted(user)\n\n let appPassword: password.AppPassDescript | null = null\n const validAccountPass = await this.verifyAccountPassword(\n user.did,\n password,\n )\n if (!validAccountPass) {\n // takendown/suspended accounts cannot login with app password\n if (isSoftDeleted) {\n throw new InvalidPasswordError(user.did)\n }\n appPassword = await this.verifyAppPassword(user.did, password)\n if (appPassword === null) {\n throw new InvalidPasswordError(user.did)\n }\n }\n\n return { user, appPassword, isSoftDeleted }\n } finally {\n // Mitigate timing attacks\n await wait(350 - (Date.now() - start))\n }\n }\n\n // Passwords\n // ----------\n\n async createAppPassword(did: DidString, name: string, privileged: boolean) {\n return password.createAppPassword(this.db, did, name, privileged)\n }\n\n async listAppPasswords(did: DidString) {\n return password.listAppPasswords(this.db, did)\n }\n\n async verifyAccountPassword(\n did: DidString,\n passwordStr: string,\n ): Promise<boolean> {\n return password.verifyAccountPassword(this.db, did, passwordStr)\n }\n\n async verifyAppPassword(\n did: DidString,\n passwordStr: string,\n ): Promise<password.AppPassDescript | null> {\n return password.verifyAppPassword(this.db, did, passwordStr)\n }\n\n async revokeAppPassword(did: DidString, name: string) {\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n password.deleteAppPassword(dbTxn, did, name),\n auth.revokeAppPasswordRefreshToken(dbTxn, did, name),\n ]),\n )\n }\n\n // Invites\n // ----------\n\n async ensureInviteIsAvailable(code: string) {\n return invite.ensureInviteIsAvailable(this.db, code)\n }\n\n async createInviteCodes(\n toCreate: { account: string; codes: string[] }[],\n useCount: number,\n ) {\n return invite.createInviteCodes(this.db, toCreate, useCount)\n }\n\n async createAccountInviteCodes(\n forAccount: string,\n codes: string[],\n expectedTotal: number,\n disabled: 0 | 1,\n ) {\n return invite.createAccountInviteCodes(\n this.db,\n forAccount,\n codes,\n expectedTotal,\n disabled,\n )\n }\n\n async getAccountInvitesCodes(did: DidString) {\n const inviteCodes = await invite.getAccountsInviteCodes(this.db, [did])\n return inviteCodes.get(did) ?? []\n }\n\n async getAccountsInvitesCodes(dids: DidString[]) {\n return invite.getAccountsInviteCodes(this.db, dids)\n }\n\n async getInvitedByForAccounts(dids: DidString[]) {\n return invite.getInvitedByForAccounts(this.db, dids)\n }\n\n async getInviteCodesUses(codes: string[]) {\n return invite.getInviteCodesUses(this.db, codes)\n }\n\n async setAccountInvitesDisabled(did: DidString, disabled: boolean) {\n return invite.setAccountInvitesDisabled(this.db, did, disabled)\n }\n\n async disableInviteCodes(opts: { codes: string[]; accounts: string[] }) {\n return invite.disableInviteCodes(this.db, opts)\n }\n\n // Email Tokens\n // ----------\n\n async createEmailToken(did: DidString, purpose: EmailTokenPurpose) {\n return emailToken.createEmailToken(this.db, did, purpose)\n }\n\n async assertValidEmailToken(\n did: DidString,\n purpose: EmailTokenPurpose,\n token: string,\n ) {\n return emailToken.assertValidToken(this.db, did, purpose, token)\n }\n\n async assertValidEmailTokenAndCleanup(\n did: DidString,\n purpose: EmailTokenPurpose,\n token: string,\n ) {\n await emailToken.assertValidToken(this.db, did, purpose, token)\n await emailToken.deleteEmailToken(this.db, did, purpose)\n }\n\n async confirmEmail(opts: { did: DidString; token: string }) {\n const { did, token } = opts\n await emailToken.assertValidToken(this.db, did, 'confirm_email', token)\n const now = currentDatetimeString()\n await this.db.transaction((dbTxn) =>\n Promise.all([\n emailToken.deleteEmailToken(dbTxn, did, 'confirm_email'),\n account.setEmailConfirmedAt(dbTxn, did, now),\n ]),\n )\n }\n\n async updateEmail(opts: { did: DidString; email: string }) {\n const { did, email } = opts\n await this.db.transaction((dbTxn) =>\n Promise.all([\n account.updateEmail(dbTxn, did, email),\n emailToken.deleteAllEmailTokens(dbTxn, did),\n ]),\n )\n }\n\n async resetPassword(opts: { password: string; token: string }) {\n const did = await emailToken.assertValidTokenAndFindDid(\n this.db,\n 'reset_password',\n opts.token,\n )\n await this.updateAccountPassword({ did, password: opts.password })\n\n return did\n }\n\n async updateAccountPassword(opts: { did: DidString; password: string }) {\n const { did } = opts\n const passwordScrypt = await scrypt.genSaltAndHash(opts.password)\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n password.updateUserPassword(dbTxn, { did, passwordScrypt }),\n emailToken.deleteEmailToken(dbTxn, did, 'reset_password'),\n auth.revokeRefreshTokensByDid(dbTxn, did),\n ]),\n )\n }\n}\n"]}
1
+ {"version":3,"file":"account-manager.js","sourceRoot":"","sources":["../../src/account-manager/account-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAA;AAC/D,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAA;AAE5C,OAAO,EAIL,oBAAoB,GACrB,MAAM,cAAc,CAAA;AAErB,OAAO,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAC7E,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAA;AAC7D,OAAO,EACL,wBAAwB,EACxB,8BAA8B,EAC9B,eAAe,GAChB,MAAM,oBAAoB,CAAA;AAG3B,OAAO,EAAgC,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AAChF,OAAO,KAAK,OAAO,MAAM,sBAAsB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAgB,MAAM,sBAAsB,CAAA;AAClE,OAAO,KAAK,IAAI,MAAM,mBAAmB,CAAA;AACzC,OAAO,KAAK,UAAU,MAAM,0BAA0B,CAAA;AACtD,OAAO,KAAK,MAAM,MAAM,qBAAqB,CAAA;AAC7C,OAAO,KAAK,QAAQ,MAAM,uBAAuB,CAAA;AACjD,OAAO,KAAK,IAAI,MAAM,mBAAmB,CAAA;AACzC,OAAO,KAAK,MAAM,MAAM,qBAAqB,CAAA;AAC7C,OAAO,KAAK,KAAK,MAAM,oBAAoB,CAAA;AAE3C,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAEzE;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,oBAAqB,SAAQ,iBAAiB;IACzD,YACkB,GAAW,EAC3B,YAAY,GAAG,gCAAgC;QAE/C,KAAK,CAAC,YAAY,CAAC,CAAA;QAHH,QAAG,GAAH,GAAG,CAAQ;IAI7B,CAAC;CACF;AAOD,MAAM,OAAO,cAAc;IAGzB,YACW,UAAsB,EACtB,MAAiB,EACjB,MAAoB,EACpB,UAAkB,EAClB,oBAA8B,EACvC,EAA0B;QALjB,eAAU,GAAV,UAAU,CAAY;QACtB,WAAM,GAAN,MAAM,CAAW;QACjB,WAAM,GAAN,MAAM,CAAc;QACpB,eAAU,GAAV,UAAU,CAAQ;QAClB,yBAAoB,GAApB,oBAAoB,CAAU;QAGvC,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,wBAAwB,CAAC,CAAA;IAC/D,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,MAAM,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAA;QACzB,MAAM,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,sBAAsB,EAAE,CAAA;IACrD,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACjB,CAAC;IAED,UAAU;IACV,aAAa;IAEb,KAAK,CAAC,UAAU,CACd,WAA+B,EAC/B,KAAiC;QAEjC,OAAO,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,CAAA;IACxD,CAAC;IAED,KAAK,CAAC,WAAW,CACf,IAAiB,EACjB,KAAiC;QAEjC,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,KAAa,EACb,KAAiC;QAEjC,OAAO,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;IACzD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,GAAc;QACrC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAA;QACxE,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAA;QAC1B,OAAO,CAAC,OAAO,CAAC,aAAa,CAAA;IAC/B,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,WAA+B,EAC/B,KAAiC;QAEjC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;QACrD,OAAO,GAAG,EAAE,GAAG,IAAI,IAAI,CAAA;IACzB,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,WAA+B;QAE/B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE;YAC7C,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,MAAM,GAAG,GAAG,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAA;QAC5C,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAA;IACvD,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,MAAc,EACd,EACE,GAAG,EACH,aAAa,MAIX,EAAE;QAEN,MAAM,UAAU,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAA;QAEnD,iBAAiB;QACjB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,mBAAmB,CAC3B,qCAAqC,EACrC,eAAe,CAChB,CAAA;QACH,CAAC;QACD,aAAa;QACb,IAAI,CAAC,aAAa,IAAI,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,mBAAmB,CAC3B,kCAAkC,EAClC,eAAe,CAChB,CAAA;QACH,CAAC;QACD,IAAI,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3D,yCAAyC;YACzC,8BAA8B,CAC5B,UAAU,EACV,IAAI,CAAC,oBAAoB,EACzB,aAAa,CACd,CAAA;QACH,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBAChB,MAAM,IAAI,mBAAmB,CAC3B,+BAA+B,EAC/B,mBAAmB,CACpB,CAAA;YACH,CAAC;YACD,4CAA4C;YAC5C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;YACpE,IAAI,WAAW,KAAK,GAAG,EAAE,CAAC;gBACxB,MAAM,IAAI,mBAAmB,CAAC,wCAAwC,CAAC,CAAA;YACzE,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,EAClB,GAAG,EACH,MAAM,EACN,KAAK,EACL,QAAQ,EACR,OAAO,EACP,OAAO,EACP,UAAU,EACV,WAAW,EACX,UAAU,GAWX;QACC,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,uBAAuB,EAAE,CAAC;YACjE,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;QACpD,CAAC;QAED,MAAM,cAAc,GAAG,QAAQ;YAC7B,CAAC,CAAC,MAAM,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC;YACvC,CAAC,CAAC,SAAS,CAAA;QAEb,MAAM,GAAG,GAAG,qBAAqB,EAAE,CAAA;QACnC,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,MAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;YACzD,CAAC;YACD,MAAM,OAAO,CAAC,GAAG,CAAC;gBAChB,OAAO,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;gBAC1D,KAAK,IAAI,cAAc;oBACrB,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;oBAChE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE;gBACrB,MAAM,CAAC,eAAe,CAAC,KAAK,EAAE;oBAC5B,GAAG;oBACH,UAAU;oBACV,GAAG;iBACJ,CAAC;gBACF,UAAU;oBACR,IAAI,CAAC,iBAAiB,CACpB,KAAK,EACL,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,EACnC,IAAI,CACL;gBACH,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,CAAC;aAC9C,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAS7B;QACC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,SAAS,CAAC,MAAM;SACxB,CAAC,CAAA;QAEF,MAAM,IAAI,CAAC,aAAa,CAAC,EAAE,GAAG,IAAI,EAAE,UAAU,EAAE,CAAC,CAAA;QAEjD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,yDAAyD;IACzD,0EAA0E;IAC1E,KAAK,CAAC,YAAY,CAAC,GAAc,EAAE,MAAoB;QACrD,OAAO,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,CAAA;IACnD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAAc;QAChC,OAAO,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAC5C,CAAC;IAED,KAAK,CAAC,eAAe,CACnB,GAAc,EACd,QAA2C;QAE3C,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,OAAO,CAAC,2BAA2B,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC;YACzD,IAAI,CAAC,wBAAwB,CAAC,KAAK,EAAE,GAAG,CAAC;YACzC,KAAK,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE;SAC1C,CAAC,CACH,CAAA;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,GAAc;QACxC,OAAO,OAAO,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAc,EAAE,GAAQ,EAAE,GAAW;QACxD,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,WAA0B;QAChE,OAAO,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAC7D,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,GAAc;QAClC,OAAO,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAC9C,CAAC;IAED,OAAO;IACP,aAAa;IAEb,KAAK,CAAC,aAAa,CACjB,GAAc,EACd,WAA4C,EAC5C,aAAa,GAAG,KAAK;QAErB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG;YACH,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,aAAa,CAAC;SACpD,CAAC,CAAA;QACF,mFAAmF;QACnF,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;YAC1D,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,cAAc,EAAE,WAAW,CAAC,CAAA;QACpE,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU;QACjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QACrD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QAEvB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QAEtB,yDAAyD;QACzD,mEAAmE;QACnE,MAAM,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAA;QAE5E,mDAAmD;QACnD,2DAA2D;QAC3D,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAC/C,MAAM,gBAAgB,GAAG,CAAC,GAAG,IAAI,CAAA;QACjC,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,gBAAgB,CAAC,CAAA;QAEjE,MAAM,SAAS,GACb,cAAc,GAAG,aAAa,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,aAAa,CAAA;QAEjE,IAAI,SAAS,IAAI,GAAG,EAAE,CAAC;YACrB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,0DAA0D;QAC1D,6DAA6D;QAC7D,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAA;QAEvD,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;YACxD,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,CAAC;YAC1C,GAAG,EAAE,MAAM;SACZ,CAAC,CAAA;QAEF,MAAM,cAAc,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAA;QAC1D,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,EAAE,CAClC,OAAO,CAAC,GAAG,CAAC;gBACV,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE;oBAChC,EAAE;oBACF,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;oBAClC,MAAM;iBACP,CAAC;gBACF,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,cAAc,EAAE,KAAK,CAAC,WAAW,CAAC;aACjE,CAAC,CACH,CAAA;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAA;YACpC,CAAC;YACD,MAAM,GAAG,CAAA;QACX,CAAC;QACD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAClC,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,EAAU;QACjC,OAAO,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;IAC7C,CAAC;IAED,QAAQ;IACR,aAAa;IAEb,KAAK,CAAC,KAAK,CAAC,EACV,UAAU,EACV,QAAQ,GAIT;QAKC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACxB,IAAI,CAAC;YACH,MAAM,oBAAoB,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;YAErD,MAAM,IAAI,GAAG,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC7C,CAAC,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,oBAAoB,EAAE;oBACjD,kBAAkB,EAAE,IAAI;oBACxB,gBAAgB,EAAE,IAAI;iBACvB,CAAC;gBACJ,CAAC,CAAC,oBAAoB,CAAC,oBAAoB,CAAC;oBAC1C,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,EAAE;wBAC1C,kBAAkB,EAAE,IAAI;wBACxB,gBAAgB,EAAE,IAAI;qBACvB,CAAC;oBACJ,CAAC,CAAC,IAAI,CAAA;YAEV,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,iBAAiB,CAAC,gCAAgC,CAAC,CAAA;YAC/D,CAAC;YACD,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,CAAA;YAEvC,IAAI,WAAW,GAAoC,IAAI,CAAA;YACvD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CACvD,IAAI,CAAC,GAAG,EACR,QAAQ,CACT,CAAA;YACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,8DAA8D;gBAC9D,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAC1C,CAAC;gBACD,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;gBAC9D,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;oBACzB,MAAM,IAAI,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAC1C,CAAC;YACH,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,aAAa,EAAE,CAAA;QAC7C,CAAC;gBAAS,CAAC;YACT,0BAA0B;YAC1B,MAAM,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,CAAA;QACxC,CAAC;IACH,CAAC;IAED,YAAY;IACZ,aAAa;IAEb,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,IAAY,EAAE,UAAmB;QACvE,OAAO,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,CAAC,CAAA;IACnE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,GAAc;QACnC,OAAO,QAAQ,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAA;IAChD,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,GAAc,EACd,WAAmB;QAEnB,OAAO,QAAQ,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,GAAc,EACd,WAAmB;QAEnB,OAAO,QAAQ,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAc,EAAE,IAAY;QAClD,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,QAAQ,CAAC,iBAAiB,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC;YAC5C,IAAI,CAAC,6BAA6B,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC;SACrD,CAAC,CACH,CAAA;IACH,CAAC;IAED,UAAU;IACV,aAAa;IAEb,KAAK,CAAC,uBAAuB,CAAC,IAAY;QACxC,OAAO,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,QAAgD,EAChD,QAAgB;QAEhB,OAAO,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,wBAAwB,CAC5B,UAAkB,EAClB,KAAe,EACf,aAAqB,EACrB,QAAe;QAEf,OAAO,MAAM,CAAC,wBAAwB,CACpC,IAAI,CAAC,EAAE,EACP,UAAU,EACV,KAAK,EACL,aAAa,EACb,QAAQ,CACT,CAAA;IACH,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,GAAc;QACzC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAA;QACvE,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;IACnC,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAiB;QAC7C,OAAO,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACrD,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAiB;QAC7C,OAAO,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,KAAe;QACtC,OAAO,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,GAAc,EAAE,QAAiB;QAC/D,OAAO,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAA;IACjE,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAA6C;QACpE,OAAO,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;IACjD,CAAC;IAED,eAAe;IACf,aAAa;IAEb,KAAK,CAAC,gBAAgB,CAAC,GAAc,EAAE,OAA0B;QAC/D,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC3D,CAAC;IAED,KAAK,CAAC,qBAAqB,CACzB,GAAc,EACd,OAA0B,EAC1B,KAAa;QAEb,OAAO,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAA;IAClE,CAAC;IAED,KAAK,CAAC,+BAA+B,CACnC,GAAc,EACd,OAA0B,EAC1B,KAAa;QAEb,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAA;QAC/D,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,CAAA;IAC1D,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,GAAc,EAAE,IAA0B;QACvE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACzC,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;QACpD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,IAAI,mBAAmB,CAAC,wCAAwC,CAAC,CAAA;QACzE,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,EAAE,MAAM,CAAA;QAC3B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAA;QAE/D,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAA;IAC9E,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAc,EAAE,KAAa,EAAE,KAAa;QAC7D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACtC,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,mBAAmB,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,CAAA;QACpE,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,KAAK,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,mBAAmB,CAAC,eAAe,EAAE,cAAc,CAAC,CAAA;QAChE,CAAC;QAED,MAAM,UAAU,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE,KAAK,CAAC,CAAA;QACvE,MAAM,GAAG,GAAG,qBAAqB,EAAE,CAAA;QACnC,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,MAAM,UAAU,CAAC,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,eAAe,CAAC,CAAA;YAC9D,MAAM,OAAO,CAAC,mBAAmB,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;QACpD,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,gBAAgB,GAAG,GAAG,CAAA;QAE3B,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,GAAc,EACd,IAA0B;QAE1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACzC,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;QACpD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,IAAI,mBAAmB,CAAC,wCAAwC,CAAC,CAAA;QACzE,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB;YACpC,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,cAAc,CAAC;YAClD,CAAC,CAAC,IAAI,CAAA;QAER,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAC/B,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAC/B,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,CACtB,CAAA;QACH,CAAC;QAED,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC,KAAK,EAAE,CAAA;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,GAAc,EACd,KAAa,EACb,KAAc,EACd,IAA2D;QAE3D,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,mBAAmB,CAC3B,oEAAoE,CACrE,CAAA;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACzC,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,mBAAmB,CAAC,mBAAmB,CAAC,CAAA;QACpD,CAAC;QAED,MAAM,aAAa,GAAG,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAA;QAEhD,gDAAgD;QAChD,IAAI,CAAC,KAAK,IAAI,aAAa,EAAE,CAAC;YAC5B,MAAM,IAAI,mBAAmB,CAC3B,6BAA6B,EAC7B,eAAe,CAChB,CAAA;QACH,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,IAAI,CAAC,qBAAqB,CAAC,GAAG,EAAE,cAAc,EAAE,KAAK,CAAC,CAAA;QAC9D,CAAC;QAED,MAAM,IAAI,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAA;QAE7C,OAAO,CAAC,KAAK,GAAG,KAAK,CAAA;QACrB,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAA;QAE/B,yEAAyE;QACzE,yBAAyB;QACzB,IAAI,IAAI,EAAE,qBAAqB,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAA;YAC/D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAA;YAC1B,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QACtE,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAuC;QAC9D,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;QAC3B,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACxC,MAAM,OAAO,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;YAC5C,MAAM,UAAU,CAAC,oBAAoB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;QACnD,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAyC;QAC3D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,0BAA0B,CACrD,IAAI,CAAC,EAAE,EACP,gBAAgB,EAChB,IAAI,CAAC,KAAK,CACX,CAAA;QACD,MAAM,IAAI,CAAC,qBAAqB,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAA;QAElE,OAAO,GAAG,CAAA;IACZ,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAA0C;QACpE,MAAM,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;QACpB,MAAM,cAAc,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACjE,MAAM,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CACxC,OAAO,CAAC,GAAG,CAAC;YACV,QAAQ,CAAC,kBAAkB,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,cAAc,EAAE,CAAC;YAC3D,UAAU,CAAC,gBAAgB,CAAC,KAAK,EAAE,GAAG,EAAE,gBAAgB,CAAC;YACzD,IAAI,CAAC,wBAAwB,CAAC,KAAK,EAAE,GAAG,CAAC;SAC1C,CAAC,CACH,CAAA;IACH,CAAC;CACF","sourcesContent":["import { KeyObject } from 'node:crypto'\nimport { isEmailValid } from '@hapi/address'\nimport { isDisposableEmail } from 'disposable-email-domains-js'\nimport { HOUR, wait } from '@atproto/common'\nimport { IdResolver } from '@atproto/identity'\nimport {\n AtIdentifierString,\n DidString,\n HandleString,\n isAtIdentifierString,\n} from '@atproto/lex'\nimport { Cid } from '@atproto/lex-data'\nimport { currentDatetimeString, isValidTld } from '@atproto/syntax'\nimport { AuthRequiredError, InvalidRequestError } from '@atproto/xrpc-server'\nimport { AuthScope } from '../auth-scope.js'\nimport { softDeleted } from '../db/index.js'\nimport { hasExplicitSlur } from '../handle/explicit-slurs.js'\nimport {\n baseNormalizeAndValidate,\n ensureHandleServiceConstraints,\n isServiceDomain,\n} from '../handle/index.js'\nimport { com } from '../lexicons/index.js'\nimport { ServerMailer } from '../mailer/index.js'\nimport { AccountDb, EmailTokenPurpose, getDb, getMigrator } from './db/index.js'\nimport * as account from './helpers/account.js'\nimport { AccountStatus, ActorAccount } from './helpers/account.js'\nimport * as auth from './helpers/auth.js'\nimport * as emailToken from './helpers/email-token.js'\nimport * as invite from './helpers/invite.js'\nimport * as password from './helpers/password.js'\nimport * as repo from './helpers/repo.js'\nimport * as scrypt from './helpers/scrypt.js'\nimport * as token from './helpers/token.js'\n\nexport { AccountStatus, formatAccountStatus } from './helpers/account.js'\n\n/**\n * Thrown by {@link AccountManager.login} when the identifier resolved to a\n * known account but the supplied credentials (account password / app\n * password) did not match. The matched `did` is attached so downstream\n * callers can distinguish \"identifier known, credentials wrong\" from\n * \"identifier unknown\" (which continues to throw a plain\n * {@link AuthRequiredError}).\n *\n * Callers should take care that remote clients *cannot* distinguish the above,\n * to prevent enumeration attacks. (Tested for in\n * packages/pds/tests/auth.test.ts)\n */\nexport class InvalidPasswordError extends AuthRequiredError {\n constructor(\n public readonly did: string,\n errorMessage = 'Invalid identifier or password',\n ) {\n super(errorMessage)\n }\n}\n\nexport type AccountManagerDbConfig = {\n accountDbLoc: string\n disableWalAutoCheckpoint: boolean\n}\n\nexport class AccountManager {\n readonly db: AccountDb\n\n constructor(\n readonly idResolver: IdResolver,\n readonly jwtKey: KeyObject,\n readonly mailer: ServerMailer,\n readonly serviceDid: string,\n readonly serviceHandleDomains: string[],\n db: AccountManagerDbConfig,\n ) {\n this.db = getDb(db.accountDbLoc, db.disableWalAutoCheckpoint)\n }\n\n async migrateOrThrow() {\n await this.db.ensureWal()\n await getMigrator(this.db).migrateToLatestOrThrow()\n }\n\n close() {\n this.db.close()\n }\n\n // Account\n // ----------\n\n async getAccount(\n handleOrDid: AtIdentifierString,\n flags?: account.AvailabilityFlags,\n ): Promise<ActorAccount | null> {\n return account.getAccount(this.db, handleOrDid, flags)\n }\n\n async getAccounts(\n dids: DidString[],\n flags?: account.AvailabilityFlags,\n ): Promise<Map<string, ActorAccount>> {\n return account.getAccounts(this.db, dids, flags)\n }\n\n async getAccountByEmail(\n email: string,\n flags?: account.AvailabilityFlags,\n ): Promise<ActorAccount | null> {\n return account.getAccountByEmail(this.db, email, flags)\n }\n\n async isAccountActivated(did: DidString): Promise<boolean> {\n const account = await this.getAccount(did, { includeDeactivated: true })\n if (!account) return false\n return !account.deactivatedAt\n }\n\n async getDidForActor(\n handleOrDid: AtIdentifierString,\n flags?: account.AvailabilityFlags,\n ): Promise<string | null> {\n const got = await this.getAccount(handleOrDid, flags)\n return got?.did ?? null\n }\n\n async getAccountStatus(\n handleOrDid: AtIdentifierString,\n ): Promise<AccountStatus> {\n const got = await this.getAccount(handleOrDid, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n const res = account.formatAccountStatus(got)\n return res.active ? AccountStatus.Active : res.status\n }\n\n async normalizeAndValidateHandle(\n handle: string,\n {\n did,\n allowAnyValid,\n }: {\n did?: string\n allowAnyValid?: boolean\n } = {},\n ): Promise<HandleString> {\n const normalized = baseNormalizeAndValidate(handle)\n\n // tld validation\n if (!isValidTld(normalized)) {\n throw new InvalidRequestError(\n 'Handle TLD is invalid or disallowed',\n 'InvalidHandle',\n )\n }\n // slur check\n if (!allowAnyValid && hasExplicitSlur(normalized)) {\n throw new InvalidRequestError(\n 'Inappropriate language in handle',\n 'InvalidHandle',\n )\n }\n if (isServiceDomain(normalized, this.serviceHandleDomains)) {\n // verify constraints on a service domain\n ensureHandleServiceConstraints(\n normalized,\n this.serviceHandleDomains,\n allowAnyValid,\n )\n } else {\n if (did == null) {\n throw new InvalidRequestError(\n 'Not a supported handle domain',\n 'UnsupportedDomain',\n )\n }\n // verify resolution of a non-service domain\n const resolvedDid = await this.idResolver.handle.resolve(normalized)\n if (resolvedDid !== did) {\n throw new InvalidRequestError('External handle did not resolve to DID')\n }\n }\n\n return normalized\n }\n\n async createAccount({\n did,\n handle,\n email,\n password,\n repoCid,\n repoRev,\n inviteCode,\n deactivated,\n refreshJwt,\n }: {\n did: DidString\n handle: HandleString\n email?: string\n password?: string\n repoCid: Cid\n repoRev: string\n inviteCode?: string\n deactivated?: boolean\n refreshJwt?: string\n }) {\n if (password && password.length > scrypt.NEW_PASSWORD_MAX_LENGTH) {\n throw new InvalidRequestError('Password too long')\n }\n\n const passwordScrypt = password\n ? await scrypt.genSaltAndHash(password)\n : undefined\n\n const now = currentDatetimeString()\n await this.db.transaction(async (dbTxn) => {\n if (inviteCode) {\n await invite.ensureInviteIsAvailable(dbTxn, inviteCode)\n }\n await Promise.all([\n account.registerActor(dbTxn, { did, handle, deactivated }),\n email && passwordScrypt\n ? account.registerAccount(dbTxn, { did, email, passwordScrypt })\n : Promise.resolve(),\n invite.recordInviteUse(dbTxn, {\n did,\n inviteCode,\n now,\n }),\n refreshJwt &&\n auth.storeRefreshToken(\n dbTxn,\n auth.decodeRefreshToken(refreshJwt),\n null,\n ),\n repo.updateRoot(dbTxn, did, repoCid, repoRev),\n ])\n })\n }\n\n async createAccountAndSession(opts: {\n did: DidString\n handle: HandleString\n email?: string\n password?: string\n repoCid: Cid\n repoRev: string\n inviteCode?: string\n deactivated?: boolean\n }) {\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did: opts.did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: AuthScope.Access,\n })\n\n await this.createAccount({ ...opts, refreshJwt })\n\n return { accessJwt, refreshJwt }\n }\n\n // @NOTE should always be paired with a sequenceHandle().\n // the token output from this method should be passed to sequenceHandle().\n async updateHandle(did: DidString, handle: HandleString) {\n return account.updateHandle(this.db, did, handle)\n }\n\n async deleteAccount(did: DidString) {\n return account.deleteAccount(this.db, did)\n }\n\n async takedownAccount(\n did: DidString,\n takedown: com.atproto.admin.defs.StatusAttr,\n ) {\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n account.updateAccountTakedownStatus(dbTxn, did, takedown),\n auth.revokeRefreshTokensByDid(dbTxn, did),\n token.removeByDidQB(dbTxn, did).execute(),\n ]),\n )\n }\n\n async getAccountAdminStatus(did: DidString) {\n return account.getAccountAdminStatus(this.db, did)\n }\n\n async updateRepoRoot(did: DidString, cid: Cid, rev: string) {\n return repo.updateRoot(this.db, did, cid, rev)\n }\n\n async deactivateAccount(did: DidString, deleteAfter: string | null) {\n return account.deactivateAccount(this.db, did, deleteAfter)\n }\n\n async activateAccount(did: DidString) {\n return account.activateAccount(this.db, did)\n }\n\n // Auth\n // ----------\n\n async createSession(\n did: DidString,\n appPassword: password.AppPassDescript | null,\n isSoftDeleted = false,\n ) {\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: auth.formatScope(appPassword, isSoftDeleted),\n })\n // For soft deleted accounts don't store refresh token so that it can't be rotated.\n if (!isSoftDeleted) {\n const refreshPayload = auth.decodeRefreshToken(refreshJwt)\n await auth.storeRefreshToken(this.db, refreshPayload, appPassword)\n }\n return { accessJwt, refreshJwt }\n }\n\n async rotateRefreshToken(id: string) {\n const token = await auth.getRefreshToken(this.db, id)\n if (!token) return null\n\n const now = new Date()\n\n // take the chance to tidy all of a user's expired tokens\n // does not need to be transactional since this is just best-effort\n await auth.deleteExpiredRefreshTokens(this.db, token.did, now.toISOString())\n\n // Shorten the refresh token lifespan down from its\n // original expiration time to its revocation grace period.\n const prevExpiresAt = new Date(token.expiresAt)\n const REFRESH_GRACE_MS = 2 * HOUR\n const graceExpiresAt = new Date(now.getTime() + REFRESH_GRACE_MS)\n\n const expiresAt =\n graceExpiresAt < prevExpiresAt ? graceExpiresAt : prevExpiresAt\n\n if (expiresAt <= now) {\n return null\n }\n\n // Determine the next refresh token id: upon refresh token\n // reuse you always receive a refresh token with the same id.\n const nextId = token.nextId ?? auth.getRefreshTokenId()\n\n const { accessJwt, refreshJwt } = await auth.createTokens({\n did: token.did,\n jwtKey: this.jwtKey,\n serviceDid: this.serviceDid,\n scope: auth.formatScope(token.appPassword),\n jti: nextId,\n })\n\n const refreshPayload = auth.decodeRefreshToken(refreshJwt)\n try {\n await this.db.transaction((dbTxn) =>\n Promise.all([\n auth.addRefreshGracePeriod(dbTxn, {\n id,\n expiresAt: expiresAt.toISOString(),\n nextId,\n }),\n auth.storeRefreshToken(dbTxn, refreshPayload, token.appPassword),\n ]),\n )\n } catch (err) {\n if (err instanceof auth.ConcurrentRefreshError) {\n return this.rotateRefreshToken(id)\n }\n throw err\n }\n return { accessJwt, refreshJwt }\n }\n\n async revokeRefreshToken(id: string) {\n return auth.revokeRefreshToken(this.db, id)\n }\n\n // Login\n // ----------\n\n async login({\n identifier,\n password,\n }: {\n identifier: string\n password: string\n }): Promise<{\n user: ActorAccount\n appPassword: password.AppPassDescript | null\n isSoftDeleted: boolean\n }> {\n const start = Date.now()\n try {\n const identifierNormalized = identifier.toLowerCase()\n\n const user = identifierNormalized.includes('@')\n ? await this.getAccountByEmail(identifierNormalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n : isAtIdentifierString(identifierNormalized)\n ? await this.getAccount(identifierNormalized, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n : null\n\n if (!user) {\n throw new AuthRequiredError('Invalid identifier or password')\n }\n const isSoftDeleted = softDeleted(user)\n\n let appPassword: password.AppPassDescript | null = null\n const validAccountPass = await this.verifyAccountPassword(\n user.did,\n password,\n )\n if (!validAccountPass) {\n // takendown/suspended accounts cannot login with app password\n if (isSoftDeleted) {\n throw new InvalidPasswordError(user.did)\n }\n appPassword = await this.verifyAppPassword(user.did, password)\n if (appPassword === null) {\n throw new InvalidPasswordError(user.did)\n }\n }\n\n return { user, appPassword, isSoftDeleted }\n } finally {\n // Mitigate timing attacks\n await wait(350 - (Date.now() - start))\n }\n }\n\n // Passwords\n // ----------\n\n async createAppPassword(did: DidString, name: string, privileged: boolean) {\n return password.createAppPassword(this.db, did, name, privileged)\n }\n\n async listAppPasswords(did: DidString) {\n return password.listAppPasswords(this.db, did)\n }\n\n async verifyAccountPassword(\n did: DidString,\n passwordStr: string,\n ): Promise<boolean> {\n return password.verifyAccountPassword(this.db, did, passwordStr)\n }\n\n async verifyAppPassword(\n did: DidString,\n passwordStr: string,\n ): Promise<password.AppPassDescript | null> {\n return password.verifyAppPassword(this.db, did, passwordStr)\n }\n\n async revokeAppPassword(did: DidString, name: string) {\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n password.deleteAppPassword(dbTxn, did, name),\n auth.revokeAppPasswordRefreshToken(dbTxn, did, name),\n ]),\n )\n }\n\n // Invites\n // ----------\n\n async ensureInviteIsAvailable(code: string) {\n return invite.ensureInviteIsAvailable(this.db, code)\n }\n\n async createInviteCodes(\n toCreate: { account: string; codes: string[] }[],\n useCount: number,\n ) {\n return invite.createInviteCodes(this.db, toCreate, useCount)\n }\n\n async createAccountInviteCodes(\n forAccount: string,\n codes: string[],\n expectedTotal: number,\n disabled: 0 | 1,\n ) {\n return invite.createAccountInviteCodes(\n this.db,\n forAccount,\n codes,\n expectedTotal,\n disabled,\n )\n }\n\n async getAccountInvitesCodes(did: DidString) {\n const inviteCodes = await invite.getAccountsInviteCodes(this.db, [did])\n return inviteCodes.get(did) ?? []\n }\n\n async getAccountsInvitesCodes(dids: DidString[]) {\n return invite.getAccountsInviteCodes(this.db, dids)\n }\n\n async getInvitedByForAccounts(dids: DidString[]) {\n return invite.getInvitedByForAccounts(this.db, dids)\n }\n\n async getInviteCodesUses(codes: string[]) {\n return invite.getInviteCodesUses(this.db, codes)\n }\n\n async setAccountInvitesDisabled(did: DidString, disabled: boolean) {\n return invite.setAccountInvitesDisabled(this.db, did, disabled)\n }\n\n async disableInviteCodes(opts: { codes: string[]; accounts: string[] }) {\n return invite.disableInviteCodes(this.db, opts)\n }\n\n // Email Tokens\n // ----------\n\n async createEmailToken(did: DidString, purpose: EmailTokenPurpose) {\n return emailToken.createEmailToken(this.db, did, purpose)\n }\n\n async assertValidEmailToken(\n did: DidString,\n purpose: EmailTokenPurpose,\n token: string,\n ) {\n return emailToken.assertValidToken(this.db, did, purpose, token)\n }\n\n async assertValidEmailTokenAndCleanup(\n did: DidString,\n purpose: EmailTokenPurpose,\n token: string,\n ) {\n await emailToken.assertValidToken(this.db, did, purpose, token)\n await emailToken.deleteEmailToken(this.db, did, purpose)\n }\n\n async requestEmailConfirmation(did: DidString, opts?: { locale?: string }) {\n const account = await this.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (!account) {\n throw new InvalidRequestError('account not found')\n }\n\n if (!account.email) {\n throw new InvalidRequestError('account does not have an email address')\n }\n\n const locale = opts?.locale\n const token = await this.createEmailToken(did, 'confirm_email')\n\n await this.mailer.sendConfirmEmail({ token, locale }, { to: account.email })\n }\n\n async confirmEmail(did: DidString, email: string, token: string) {\n const user = await this.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (!user) {\n throw new InvalidRequestError('user not found', 'AccountNotFound')\n }\n\n if (user.email !== email.toLowerCase()) {\n throw new InvalidRequestError('invalid email', 'InvalidEmail')\n }\n\n await emailToken.assertValidToken(this.db, did, 'confirm_email', token)\n const now = currentDatetimeString()\n await this.db.transaction(async (dbTxn) => {\n await emailToken.deleteEmailToken(dbTxn, did, 'confirm_email')\n await account.setEmailConfirmedAt(dbTxn, did, now)\n })\n\n user.emailConfirmedAt = now\n\n return user\n }\n\n async requestEmailUpdate(\n did: DidString,\n opts?: { locale?: string },\n ): Promise<{ tokenRequired: boolean }> {\n const account = await this.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (!account) {\n throw new InvalidRequestError('account not found')\n }\n\n if (!account.email) {\n throw new InvalidRequestError('account does not have an email address')\n }\n\n const token = account.emailConfirmedAt\n ? await this.createEmailToken(did, 'update_email')\n : null\n\n if (token) {\n await this.mailer.sendUpdateEmail(\n { token, locale: opts?.locale },\n { to: account.email },\n )\n }\n\n return { tokenRequired: !!token }\n }\n\n /**\n * @throws UserAlreadyExistsError if the new email is already in use by another account\n */\n async updateEmail(\n did: DidString,\n email: string,\n token?: string,\n opts?: { locale?: string; sendConfirmationEmail?: boolean },\n ) {\n if (!isEmailValid(email) || isDisposableEmail(email)) {\n throw new InvalidRequestError(\n 'This email address is not supported, please use a different email.',\n )\n }\n\n const account = await this.getAccount(did, {\n includeDeactivated: true,\n includeTakenDown: true,\n })\n\n if (!account) {\n throw new InvalidRequestError('account not found')\n }\n\n const tokenRequired = !!account.emailConfirmedAt\n\n // require a token if account email is confirmed\n if (!token && tokenRequired) {\n throw new InvalidRequestError(\n 'confirmation token required',\n 'TokenRequired',\n )\n }\n\n if (token) {\n await this.assertValidEmailToken(did, 'update_email', token)\n }\n\n await this.updateAccountEmail({ did, email })\n\n account.email = email\n account.emailConfirmedAt = null\n\n // Proactively send a confirmation email so that the user can confirm the\n // new email immediately.\n if (opts?.sendConfirmationEmail) {\n const token = await this.createEmailToken(did, 'confirm_email')\n const locale = opts.locale\n await this.mailer.sendConfirmEmail({ token, locale }, { to: email })\n }\n\n return account\n }\n\n async updateAccountEmail(opts: { did: DidString; email: string }) {\n const { did, email } = opts\n await this.db.transaction(async (dbTxn) => {\n await account.updateEmail(dbTxn, did, email)\n await emailToken.deleteAllEmailTokens(dbTxn, did)\n })\n }\n\n async resetPassword(opts: { password: string; token: string }) {\n const did = await emailToken.assertValidTokenAndFindDid(\n this.db,\n 'reset_password',\n opts.token,\n )\n await this.updateAccountPassword({ did, password: opts.password })\n\n return did\n }\n\n async updateAccountPassword(opts: { did: DidString; password: string }) {\n const { did } = opts\n const passwordScrypt = await scrypt.genSaltAndHash(opts.password)\n await this.db.transaction(async (dbTxn) =>\n Promise.all([\n password.updateUserPassword(dbTxn, { did, passwordScrypt }),\n emailToken.deleteEmailToken(dbTxn, did, 'reset_password'),\n auth.revokeRefreshTokensByDid(dbTxn, did),\n ]),\n )\n }\n}\n"]}
package/dist/account-manager/helpers/account.d.ts CHANGED
@@ -2,6 +2,8 @@ import { AtIdentifierString, DatetimeString, DidString, HandleString } from '@at
2
2
  import { com } from '../../lexicons/index.js';
3
3
  import { AccountDb, ActorEntry } from '../db/index.js';
4
4
  export declare class UserAlreadyExistsError extends Error {
5
+ name: string;
6
+ constructor(options?: ErrorOptions);
5
7
  }
6
8
  export type ActorAccount = ActorEntry & {
7
9
  email: string | null;
package/dist/account-manager/helpers/account.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/account.ts"],"names":[],"mappings":"AACA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,SAAS,EACT,YAAY,EAGb,MAAM,cAAc,CAAA;AAErB,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAA;AAC7C,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAEtD,qBAAa,sBAAuB,SAAQ,KAAK;CAAG;AAEpD,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG;IACtC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAA;IAC/B,eAAe,EAAE,CAAC,GAAG,CAAC,GAAG,IAAI,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,kBAAkB,CAAC,EAAE,OAAO,CAAA;CAC7B,CAAA;AAED,oBAAY,aAAa;IACvB,MAAM,WAAW;IACjB,SAAS,cAAc;IACvB,SAAS,cAAc;IACvB,OAAO,YAAY;IACnB,WAAW,gBAAgB;CAC5B;AAED,eAAO,MAAM,eAAe,GAAI,IAAI,SAAS,EAAE,QAAQ,iBAAiB;;;;;;;;;;;;;;;;uUAqBvE,CAAA;AAED,eAAO,MAAM,UAAU,GACrB,IAAI,SAAS,EACb,aAAa,kBAAkB,EAC/B,QAAQ,iBAAiB,KACxB,OAAO,CAAC,YAAY,GAAG,IAAI,CAW7B,CAAA;AAED,eAAO,MAAM,WAAW,GACtB,IAAI,SAAS,EACb,MAAM,SAAS,EAAE,EACjB,QAAQ,iBAAiB,KACxB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAgBnC,CAAA;AAED,eAAO,MAAM,iBAAiB,GAC5B,IAAI,SAAS,EACb,OAAO,MAAM,EACb,QAAQ,iBAAiB,KACxB,OAAO,CAAC,YAAY,GAAG,IAAI,CAK7B,CAAA;AAED,eAAO,MAAM,aAAa,GACxB,IAAI,SAAS,EACb,MAAM;IACJ,GAAG,EAAE,SAAS,CAAA;IACd,MAAM,EAAE,YAAY,CAAA;IACpB,WAAW,CAAC,EAAE,OAAO,CAAA;CACtB,kBAqBF,CAAA;AAED,eAAO,MAAM,eAAe,GAC1B,IAAI,SAAS,EACb,MAAM;IACJ,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,cAAc,EAAE,MAAM,CAAA;CACvB,kBAiBF,CAAA;AAED,eAAO,MAAM,aAAa,GACxB,IAAI,SAAS,EACb,KAAK,SAAS,KACb,OAAO,CAAC,IAAI,CAkBd,CAAA;AAED,eAAO,MAAM,YAAY,GACvB,IAAI,SAAS,EACb,KAAK,SAAS,EACd,QAAQ,YAAY,kBAcrB,CAAA;AAED,eAAO,MAAM,WAAW,GACtB,IAAI,SAAS,EACb,KAAK,SAAS,EACd,OAAO,MAAM,kBAkBd,CAAA;AAED,eAAO,MAAM,mBAAmB,GAC9B,IAAI,SAAS,EACb,KAAK,SAAS,EACd,kBAAkB,cAAc,kBAQjC,CAAA;AAED,eAAO,MAAM,qBAAqB,GAChC,IAAI,SAAS,EACb,KAAK,SAAS,KACb,OAAO,CAAC;IACT,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAA;IAC3C,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAA;CAC/C,GAAG,IAAI,CAYP,CAAA;AAED,eAAO,MAAM,2BAA2B,GACtC,IAAI,SAAS,EACb,KAAK,SAAS,EACd,UAAU,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,kBAQ5C,CAAA;AAED,eAAO,MAAM,iBAAiB,GAC5B,IAAI,SAAS,EACb,KAAK,SAAS,EACd,aAAa,MAAM,GAAG,IAAI,kBAW3B,CAAA;AAED,eAAO,MAAM,eAAe,GAAU,IAAI,SAAS,EAAE,KAAK,SAAS,kBAUlE,CAAA;AAED,eAAO,MAAM,mBAAmB,GAC9B,SAAS,IAAI,GAAG;IACd,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;;;;;;;;;;;;CAWF,CAAA"}
1
+ {"version":3,"file":"account.d.ts","sourceRoot":"","sources":["../../../src/account-manager/helpers/account.ts"],"names":[],"mappings":"AACA,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,SAAS,EACT,YAAY,EAGb,MAAM,cAAc,CAAA;AAErB,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAA;AAC7C,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAEtD,qBAAa,sBAAuB,SAAQ,KAAK;IAC/C,IAAI,SAA2B;gBACnB,OAAO,CAAC,EAAE,YAAY;CAMnC;AAED,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG;IACtC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAA;IAC/B,eAAe,EAAE,CAAC,GAAG,CAAC,GAAG,IAAI,CAAA;CAC9B,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,kBAAkB,CAAC,EAAE,OAAO,CAAA;CAC7B,CAAA;AAED,oBAAY,aAAa;IACvB,MAAM,WAAW;IACjB,SAAS,cAAc;IACvB,SAAS,cAAc;IACvB,OAAO,YAAY;IACnB,WAAW,gBAAgB;CAC5B;AAED,eAAO,MAAM,eAAe,GAAI,IAAI,SAAS,EAAE,QAAQ,iBAAiB;;;;;;;;;;;;;;;;uUAqBvE,CAAA;AAED,eAAO,MAAM,UAAU,GACrB,IAAI,SAAS,EACb,aAAa,kBAAkB,EAC/B,QAAQ,iBAAiB,KACxB,OAAO,CAAC,YAAY,GAAG,IAAI,CAW7B,CAAA;AAED,eAAO,MAAM,WAAW,GACtB,IAAI,SAAS,EACb,MAAM,SAAS,EAAE,EACjB,QAAQ,iBAAiB,KACxB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAgBnC,CAAA;AAED,eAAO,MAAM,iBAAiB,GAC5B,IAAI,SAAS,EACb,OAAO,MAAM,EACb,QAAQ,iBAAiB,KACxB,OAAO,CAAC,YAAY,GAAG,IAAI,CAK7B,CAAA;AAED,eAAO,MAAM,aAAa,GACxB,IAAI,SAAS,EACb,MAAM;IACJ,GAAG,EAAE,SAAS,CAAA;IACd,MAAM,EAAE,YAAY,CAAA;IACpB,WAAW,CAAC,EAAE,OAAO,CAAA;CACtB,kBAqBF,CAAA;AAED,eAAO,MAAM,eAAe,GAC1B,IAAI,SAAS,EACb,MAAM;IACJ,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,cAAc,EAAE,MAAM,CAAA;CACvB,kBAiBF,CAAA;AAED,eAAO,MAAM,aAAa,GACxB,IAAI,SAAS,EACb,KAAK,SAAS,KACb,OAAO,CAAC,IAAI,CAkBd,CAAA;AAED,eAAO,MAAM,YAAY,GACvB,IAAI,SAAS,EACb,KAAK,SAAS,EACd,QAAQ,YAAY,kBAcrB,CAAA;AAED,eAAO,MAAM,WAAW,GACtB,IAAI,SAAS,EACb,KAAK,SAAS,EACd,OAAO,MAAM,kBAkBd,CAAA;AAED,eAAO,MAAM,mBAAmB,GAC9B,IAAI,SAAS,EACb,KAAK,SAAS,EACd,kBAAkB,cAAc,kBAQjC,CAAA;AAED,eAAO,MAAM,qBAAqB,GAChC,IAAI,SAAS,EACb,KAAK,SAAS,KACb,OAAO,CAAC;IACT,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAA;IAC3C,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAA;CAC/C,GAAG,IAAI,CAYP,CAAA;AAED,eAAO,MAAM,2BAA2B,GACtC,IAAI,SAAS,EACb,KAAK,SAAS,EACd,UAAU,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,kBAQ5C,CAAA;AAED,eAAO,MAAM,iBAAiB,GAC5B,IAAI,SAAS,EACb,KAAK,SAAS,EACd,aAAa,MAAM,GAAG,IAAI,kBAW3B,CAAA;AAED,eAAO,MAAM,eAAe,GAAU,IAAI,SAAS,EAAE,KAAK,SAAS,kBAUlE,CAAA;AAED,eAAO,MAAM,mBAAmB,GAC9B,SAAS,IAAI,GAAG;IACd,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;;;;;;;;;;;;CAWF,CAAA"}
package/dist/account-manager/helpers/account.js CHANGED
@@ -2,6 +2,10 @@ import { DAY } from '@atproto/common';
2
2
  import { currentDatetimeString, isDidIdentifier, } from '@atproto/lex';
3
3
  import { isErrUniqueViolation, notSoftDeletedClause } from '../../db/index.js';
4
4
  export class UserAlreadyExistsError extends Error {
5
+ constructor(options) {
6
+ super('This email address is already in use, please use a different email.', options);
7
+ this.name = 'UserAlreadyExistsError';
8
+ }
5
9
  }
6
10
  export var AccountStatus;
7
11
  (function (AccountStatus) {
package/dist/account-manager/helpers/account.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"account.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/account.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAA;AACrC,OAAO,EAKL,qBAAqB,EACrB,eAAe,GAChB,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AAI9E,MAAM,OAAO,sBAAuB,SAAQ,KAAK;CAAG;AAapD,MAAM,CAAN,IAAY,aAMX;AAND,WAAY,aAAa;IACvB,kCAAiB,CAAA;IACjB,wCAAuB,CAAA;IACvB,wCAAuB,CAAA;IACvB,oCAAmB,CAAA;IACnB,4CAA2B,CAAA;AAC7B,CAAC,EANW,aAAa,KAAb,aAAa,QAMxB;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAa,EAAE,KAAyB,EAAE,EAAE;IAC1E,MAAM,EAAE,gBAAgB,GAAG,KAAK,EAAE,kBAAkB,GAAG,KAAK,EAAE,GAAG,KAAK,IAAI,EAAE,CAAA;IAC5E,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,OAAO,CAAA;IAC7B,OAAO,EAAE,CAAC,EAAE;SACT,UAAU,CAAC,OAAO,CAAC;SACnB,QAAQ,CAAC,SAAS,EAAE,WAAW,EAAE,aAAa,CAAC;SAC/C,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;SAC3E,EAAE,CAAC,CAAC,kBAAkB,EAAE,CAAC,EAAE,EAAE,EAAE,CAC9B,EAAE,CAAC,KAAK,CAAC,qBAAqB,EAAE,IAAI,EAAE,IAAI,CAAC,CAC5C;SACA,MAAM,CAAC;QACN,WAAW;QACX,cAAc;QACd,iBAAiB;QACjB,mBAAmB;QACnB,qBAAqB;QACrB,mBAAmB;QACnB,eAAe;QACf,0BAA0B;QAC1B,yBAAyB;KAC1B,CAAC,CAAA;AACN,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAC7B,EAAa,EACb,WAA+B,EAC/B,KAAyB,EACK,EAAE;IAChC,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC3C,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;QACZ,IAAI,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;QAChD,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;QACnD,CAAC;IACH,CAAC,CAAC;SACD,gBAAgB,EAAE,CAAA;IACrB,OAAO,KAAK,IAAI,IAAI,CAAA;AACtB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,EAAa,EACb,IAAiB,EACjB,KAAyB,EACW,EAAE;IACtC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAA;IAE/C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC9C,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC;SAC9B,OAAO,EAAE,CAAA;IAEZ,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,OAAO,OAAO,CAAA;AAChB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,KAAa,EACb,KAAyB,EACK,EAAE;IAChC,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC3C,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;SACxC,gBAAgB,EAAE,CAAA;IACrB,OAAO,KAAK,IAAI,IAAI,CAAA;AACtB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,EAAa,EACb,IAIC,EACD,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,CAAA;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACtB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAA;IAC7C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC5C,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,OAAO,CAAC;SACnB,MAAM,CAAC;QACN,GAAG;QACH,MAAM;QACN,SAAS;QACT,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;QAC7C,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;KACxE,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;SAClC,SAAS,CAAC,KAAK,CAAC,CACpB,CAAA;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAClC,EAAa,EACb,IAIC,EACD,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,IAAI,CAAA;IAC3C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC5C,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,SAAS,CAAC;SACrB,MAAM,CAAC;QACN,GAAG;QACH,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;QAC1B,cAAc;KACf,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;SAClC,SAAS,CAAC,KAAK,CAAC,CACpB,CAAA;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,EAAa,EACb,GAAc,EACC,EAAE;IACjB,6EAA6E;IAC7E,2DAA2D;IAC3D,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACrD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACvD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACzD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,EAAE,GAAG,CAAC,CAC3D,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC,CACvD,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,EAAa,EACb,GAAc,EACd,MAAoB,EACpB,EAAE;IACF,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACrC,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;SACf,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,cAAc,CACb,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC,SAAS,EAAE,CACnE,CACJ,CAAA;IACD,IAAI,GAAG,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,EAAa,EACb,GAAc,EACd,KAAa,EACb,EAAE;IACF,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;aACF,WAAW,CAAC,SAAS,CAAC;aACtB,GAAG,CAAC;YACH,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;YAC1B,gBAAgB,EAAE,IAAI;SACvB,CAAC;aACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,sBAAsB,EAAE,CAAA;QACpC,CAAC;QACD,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EACtC,EAAa,EACb,GAAc,EACd,gBAAgC,EAChC,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,SAAS,CAAC;SACtB,GAAG,CAAC,EAAE,gBAAgB,EAAE,CAAC;SACzB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,EAAa,EACb,GAAc,EAIN,EAAE;IACV,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,EAAE;SACpB,UAAU,CAAC,OAAO,CAAC;SACnB,MAAM,CAAC,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SACxC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,gBAAgB,EAAE,CAAA;IACrB,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW;QAC9B,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACzC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IACtB,MAAM,WAAW,GAAG,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC9E,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAA;AAClC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,2BAA2B,GAAG,KAAK,EAC9C,EAAa,EACb,GAAc,EACd,QAA2C,EAC3C,EAAE;IACF,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO;QAClC,CAAC,CAAC,QAAQ,CAAC,GAAG,IAAI,qBAAqB,EAAE;QACzC,CAAC,CAAC,IAAI,CAAA;IACR,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACvE,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,GAAc,EACd,WAA0B,EAC1B,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC;QACH,aAAa,EAAE,qBAAqB,EAAE;QACtC,WAAW;KACZ,CAAC;SACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAAE,EAAa,EAAE,GAAc,EAAE,EAAE;IACrE,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC;QACH,aAAa,EAAE,IAAI;QACnB,WAAW,EAAE,IAAI;KAClB,CAAC;SACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,OAGC,EACD,EAAE;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,OAAO,EAAW,CAAA;IAClE,CAAC;SAAM,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,SAAS,EAAW,CAAA;IACpE,CAAC;SAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;QACjC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,WAAW,EAAW,CAAA;IACtE,CAAC;SAAM,CAAC;QACN,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAW,CAAA;IACrD,CAAC;AACH,CAAC,CAAA","sourcesContent":["import { DAY } from '@atproto/common'\nimport {\n AtIdentifierString,\n DatetimeString,\n DidString,\n HandleString,\n currentDatetimeString,\n isDidIdentifier,\n} from '@atproto/lex'\nimport { isErrUniqueViolation, notSoftDeletedClause } from '../../db/index.js'\nimport { com } from '../../lexicons/index.js'\nimport { AccountDb, ActorEntry } from '../db/index.js'\n\nexport class UserAlreadyExistsError extends Error {}\n\nexport type ActorAccount = ActorEntry & {\n email: string | null\n emailConfirmedAt: string | null\n invitesDisabled: 0 | 1 | null\n}\n\nexport type AvailabilityFlags = {\n includeTakenDown?: boolean\n includeDeactivated?: boolean\n}\n\nexport enum AccountStatus {\n Active = 'active',\n Takendown = 'takendown',\n Suspended = 'suspended',\n Deleted = 'deleted',\n Deactivated = 'deactivated',\n}\n\nexport const selectAccountQB = (db: AccountDb, flags?: AvailabilityFlags) => {\n const { includeTakenDown = false, includeDeactivated = false } = flags ?? {}\n const { ref } = db.db.dynamic\n return db.db\n .selectFrom('actor')\n .leftJoin('account', 'actor.did', 'account.did')\n .if(!includeTakenDown, (qb) => qb.where(notSoftDeletedClause(ref('actor'))))\n .if(!includeDeactivated, (qb) =>\n qb.where('actor.deactivatedAt', 'is', null),\n )\n .select([\n 'actor.did',\n 'actor.handle',\n 'actor.createdAt',\n 'actor.takedownRef',\n 'actor.deactivatedAt',\n 'actor.deleteAfter',\n 'account.email',\n 'account.emailConfirmedAt',\n 'account.invitesDisabled',\n ])\n}\n\nexport const getAccount = async (\n db: AccountDb,\n handleOrDid: AtIdentifierString,\n flags?: AvailabilityFlags,\n): Promise<ActorAccount | null> => {\n const found = await selectAccountQB(db, flags)\n .where((qb) => {\n if (isDidIdentifier(handleOrDid)) {\n return qb.where('actor.did', '=', handleOrDid)\n } else {\n return qb.where('actor.handle', '=', handleOrDid)\n }\n })\n .executeTakeFirst()\n return found || null\n}\n\nexport const getAccounts = async (\n db: AccountDb,\n dids: DidString[],\n flags?: AvailabilityFlags,\n): Promise<Map<string, ActorAccount>> => {\n const results = new Map<string, ActorAccount>()\n\n if (!dids.length) {\n return results\n }\n\n const accounts = await selectAccountQB(db, flags)\n .where('actor.did', 'in', dids)\n .execute()\n\n accounts.forEach((account) => {\n results.set(account.did, account)\n })\n\n return results\n}\n\nexport const getAccountByEmail = async (\n db: AccountDb,\n email: string,\n flags?: AvailabilityFlags,\n): Promise<ActorAccount | null> => {\n const found = await selectAccountQB(db, flags)\n .where('email', '=', email.toLowerCase())\n .executeTakeFirst()\n return found || null\n}\n\nexport const registerActor = async (\n db: AccountDb,\n opts: {\n did: DidString\n handle: HandleString\n deactivated?: boolean\n },\n) => {\n const { did, handle, deactivated } = opts\n const now = Date.now()\n const createdAt = new Date(now).toISOString()\n const [registered] = await db.executeWithRetry(\n db.db\n .insertInto('actor')\n .values({\n did,\n handle,\n createdAt,\n deactivatedAt: deactivated ? createdAt : null,\n deleteAfter: deactivated ? new Date(now + 3 * DAY).toISOString() : null,\n })\n .onConflict((oc) => oc.doNothing())\n .returning('did'),\n )\n if (!registered) {\n throw new UserAlreadyExistsError()\n }\n}\n\nexport const registerAccount = async (\n db: AccountDb,\n opts: {\n did: string\n email: string\n passwordScrypt: string\n },\n) => {\n const { did, email, passwordScrypt } = opts\n const [registered] = await db.executeWithRetry(\n db.db\n .insertInto('account')\n .values({\n did,\n email: email.toLowerCase(),\n passwordScrypt,\n })\n .onConflict((oc) => oc.doNothing())\n .returning('did'),\n )\n if (!registered) {\n throw new UserAlreadyExistsError()\n }\n}\n\nexport const deleteAccount = async (\n db: AccountDb,\n did: DidString,\n): Promise<void> => {\n // Not done in transaction because it would be too long, prone to contention.\n // Also, this can safely be run multiple times if it fails.\n await db.executeWithRetry(\n db.db.deleteFrom('repo_root').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('email_token').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('refresh_token').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('account').where('account.did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('actor').where('actor.did', '=', did),\n )\n}\n\nexport const updateHandle = async (\n db: AccountDb,\n did: DidString,\n handle: HandleString,\n) => {\n const [res] = await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({ handle })\n .where('did', '=', did)\n .whereNotExists(\n db.db.selectFrom('actor').where('handle', '=', handle).selectAll(),\n ),\n )\n if (res.numUpdatedRows < 1) {\n throw new UserAlreadyExistsError()\n }\n}\n\nexport const updateEmail = async (\n db: AccountDb,\n did: DidString,\n email: string,\n) => {\n try {\n await db.executeWithRetry(\n db.db\n .updateTable('account')\n .set({\n email: email.toLowerCase(),\n emailConfirmedAt: null,\n })\n .where('did', '=', did),\n )\n } catch (err) {\n if (isErrUniqueViolation(err)) {\n throw new UserAlreadyExistsError()\n }\n throw err\n }\n}\n\nexport const setEmailConfirmedAt = async (\n db: AccountDb,\n did: DidString,\n emailConfirmedAt: DatetimeString,\n) => {\n await db.executeWithRetry(\n db.db\n .updateTable('account')\n .set({ emailConfirmedAt })\n .where('did', '=', did),\n )\n}\n\nexport const getAccountAdminStatus = async (\n db: AccountDb,\n did: DidString,\n): Promise<{\n takedown: com.atproto.admin.defs.StatusAttr\n deactivated: com.atproto.admin.defs.StatusAttr\n} | null> => {\n const res = await db.db\n .selectFrom('actor')\n .select(['takedownRef', 'deactivatedAt'])\n .where('did', '=', did)\n .executeTakeFirst()\n if (!res) return null\n const takedown = res.takedownRef\n ? { applied: true, ref: res.takedownRef }\n : { applied: false }\n const deactivated = res.deactivatedAt ? { applied: true } : { applied: false }\n return { takedown, deactivated }\n}\n\nexport const updateAccountTakedownStatus = async (\n db: AccountDb,\n did: DidString,\n takedown: com.atproto.admin.defs.StatusAttr,\n) => {\n const takedownRef = takedown.applied\n ? takedown.ref ?? currentDatetimeString()\n : null\n await db.executeWithRetry(\n db.db.updateTable('actor').set({ takedownRef }).where('did', '=', did),\n )\n}\n\nexport const deactivateAccount = async (\n db: AccountDb,\n did: DidString,\n deleteAfter: string | null,\n) => {\n await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({\n deactivatedAt: currentDatetimeString(),\n deleteAfter,\n })\n .where('did', '=', did),\n )\n}\n\nexport const activateAccount = async (db: AccountDb, did: DidString) => {\n await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({\n deactivatedAt: null,\n deleteAfter: null,\n })\n .where('did', '=', did),\n )\n}\n\nexport const formatAccountStatus = (\n account: null | {\n takedownRef: string | null\n deactivatedAt: string | null\n },\n) => {\n if (!account) {\n return { active: false, status: AccountStatus.Deleted } as const\n } else if (account.takedownRef) {\n return { active: false, status: AccountStatus.Takendown } as const\n } else if (account.deactivatedAt) {\n return { active: false, status: AccountStatus.Deactivated } as const\n } else {\n return { active: true, status: undefined } as const\n }\n}\n"]}
1
+ {"version":3,"file":"account.js","sourceRoot":"","sources":["../../../src/account-manager/helpers/account.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAA;AACrC,OAAO,EAKL,qBAAqB,EACrB,eAAe,GAChB,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AAI9E,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAE/C,YAAY,OAAsB;QAChC,KAAK,CACH,qEAAqE,EACrE,OAAO,CACR,CAAA;QALH,SAAI,GAAG,wBAAwB,CAAA;IAM/B,CAAC;CACF;AAaD,MAAM,CAAN,IAAY,aAMX;AAND,WAAY,aAAa;IACvB,kCAAiB,CAAA;IACjB,wCAAuB,CAAA;IACvB,wCAAuB,CAAA;IACvB,oCAAmB,CAAA;IACnB,4CAA2B,CAAA;AAC7B,CAAC,EANW,aAAa,KAAb,aAAa,QAMxB;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAa,EAAE,KAAyB,EAAE,EAAE;IAC1E,MAAM,EAAE,gBAAgB,GAAG,KAAK,EAAE,kBAAkB,GAAG,KAAK,EAAE,GAAG,KAAK,IAAI,EAAE,CAAA;IAC5E,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,OAAO,CAAA;IAC7B,OAAO,EAAE,CAAC,EAAE;SACT,UAAU,CAAC,OAAO,CAAC;SACnB,QAAQ,CAAC,SAAS,EAAE,WAAW,EAAE,aAAa,CAAC;SAC/C,EAAE,CAAC,CAAC,gBAAgB,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;SAC3E,EAAE,CAAC,CAAC,kBAAkB,EAAE,CAAC,EAAE,EAAE,EAAE,CAC9B,EAAE,CAAC,KAAK,CAAC,qBAAqB,EAAE,IAAI,EAAE,IAAI,CAAC,CAC5C;SACA,MAAM,CAAC;QACN,WAAW;QACX,cAAc;QACd,iBAAiB;QACjB,mBAAmB;QACnB,qBAAqB;QACrB,mBAAmB;QACnB,eAAe;QACf,0BAA0B;QAC1B,yBAAyB;KAC1B,CAAC,CAAA;AACN,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,KAAK,EAC7B,EAAa,EACb,WAA+B,EAC/B,KAAyB,EACK,EAAE;IAChC,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC3C,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;QACZ,IAAI,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;QAChD,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,EAAE,WAAW,CAAC,CAAA;QACnD,CAAC;IACH,CAAC,CAAC;SACD,gBAAgB,EAAE,CAAA;IACrB,OAAO,KAAK,IAAI,IAAI,CAAA;AACtB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,EAAa,EACb,IAAiB,EACjB,KAAyB,EACW,EAAE;IACtC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAA;IAE/C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC9C,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC;SAC9B,OAAO,EAAE,CAAA;IAEZ,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,OAAO,OAAO,CAAA;AAChB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,KAAa,EACb,KAAyB,EACK,EAAE;IAChC,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,KAAK,CAAC;SAC3C,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;SACxC,gBAAgB,EAAE,CAAA;IACrB,OAAO,KAAK,IAAI,IAAI,CAAA;AACtB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,EAAa,EACb,IAIC,EACD,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,CAAA;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACtB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAA;IAC7C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC5C,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,OAAO,CAAC;SACnB,MAAM,CAAC;QACN,GAAG;QACH,MAAM;QACN,SAAS;QACT,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;QAC7C,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;KACxE,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;SAClC,SAAS,CAAC,KAAK,CAAC,CACpB,CAAA;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAClC,EAAa,EACb,IAIC,EACD,EAAE;IACF,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,IAAI,CAAA;IAC3C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC5C,EAAE,CAAC,EAAE;SACF,UAAU,CAAC,SAAS,CAAC;SACrB,MAAM,CAAC;QACN,GAAG;QACH,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;QAC1B,cAAc;KACf,CAAC;SACD,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;SAClC,SAAS,CAAC,KAAK,CAAC,CACpB,CAAA;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,EAAa,EACb,GAAc,EACC,EAAE;IACjB,6EAA6E;IAC7E,2DAA2D;IAC3D,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACrD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACvD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACzD,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,EAAE,GAAG,CAAC,CAC3D,CAAA;IACD,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC,CACvD,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAC/B,EAAa,EACb,GAAc,EACd,MAAoB,EACpB,EAAE;IACF,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACrC,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;SACf,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,cAAc,CACb,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC,SAAS,EAAE,CACnE,CACJ,CAAA;IACD,IAAI,GAAG,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,sBAAsB,EAAE,CAAA;IACpC,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,WAAW,GAAG,KAAK,EAC9B,EAAa,EACb,GAAc,EACd,KAAa,EACb,EAAE;IACF,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;aACF,WAAW,CAAC,SAAS,CAAC;aACtB,GAAG,CAAC;YACH,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;YAC1B,gBAAgB,EAAE,IAAI;SACvB,CAAC;aACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,sBAAsB,EAAE,CAAA;QACpC,CAAC;QACD,MAAM,GAAG,CAAA;IACX,CAAC;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,KAAK,EACtC,EAAa,EACb,GAAc,EACd,gBAAgC,EAChC,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,SAAS,CAAC;SACtB,GAAG,CAAC,EAAE,gBAAgB,EAAE,CAAC;SACzB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,KAAK,EACxC,EAAa,EACb,GAAc,EAIN,EAAE;IACV,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,EAAE;SACpB,UAAU,CAAC,OAAO,CAAC;SACnB,MAAM,CAAC,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SACxC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC;SACtB,gBAAgB,EAAE,CAAA;IACrB,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW;QAC9B,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACzC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IACtB,MAAM,WAAW,GAAG,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC9E,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAA;AAClC,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,2BAA2B,GAAG,KAAK,EAC9C,EAAa,EACb,GAAc,EACd,QAA2C,EAC3C,EAAE;IACF,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO;QAClC,CAAC,CAAC,QAAQ,CAAC,GAAG,IAAI,qBAAqB,EAAE;QACzC,CAAC,CAAC,IAAI,CAAA;IACR,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CACvE,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,KAAK,EACpC,EAAa,EACb,GAAc,EACd,WAA0B,EAC1B,EAAE;IACF,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC;QACH,aAAa,EAAE,qBAAqB,EAAE;QACtC,WAAW;KACZ,CAAC;SACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAAE,EAAa,EAAE,GAAc,EAAE,EAAE;IACrE,MAAM,EAAE,CAAC,gBAAgB,CACvB,EAAE,CAAC,EAAE;SACF,WAAW,CAAC,OAAO,CAAC;SACpB,GAAG,CAAC;QACH,aAAa,EAAE,IAAI;QACnB,WAAW,EAAE,IAAI;KAClB,CAAC;SACD,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAC1B,CAAA;AACH,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,OAGC,EACD,EAAE;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,OAAO,EAAW,CAAA;IAClE,CAAC;SAAM,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,SAAS,EAAW,CAAA;IACpE,CAAC;SAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;QACjC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,WAAW,EAAW,CAAA;IACtE,CAAC;SAAM,CAAC;QACN,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAW,CAAA;IACrD,CAAC;AACH,CAAC,CAAA","sourcesContent":["import { DAY } from '@atproto/common'\nimport {\n AtIdentifierString,\n DatetimeString,\n DidString,\n HandleString,\n currentDatetimeString,\n isDidIdentifier,\n} from '@atproto/lex'\nimport { isErrUniqueViolation, notSoftDeletedClause } from '../../db/index.js'\nimport { com } from '../../lexicons/index.js'\nimport { AccountDb, ActorEntry } from '../db/index.js'\n\nexport class UserAlreadyExistsError extends Error {\n name = 'UserAlreadyExistsError'\n constructor(options?: ErrorOptions) {\n super(\n 'This email address is already in use, please use a different email.',\n options,\n )\n }\n}\n\nexport type ActorAccount = ActorEntry & {\n email: string | null\n emailConfirmedAt: string | null\n invitesDisabled: 0 | 1 | null\n}\n\nexport type AvailabilityFlags = {\n includeTakenDown?: boolean\n includeDeactivated?: boolean\n}\n\nexport enum AccountStatus {\n Active = 'active',\n Takendown = 'takendown',\n Suspended = 'suspended',\n Deleted = 'deleted',\n Deactivated = 'deactivated',\n}\n\nexport const selectAccountQB = (db: AccountDb, flags?: AvailabilityFlags) => {\n const { includeTakenDown = false, includeDeactivated = false } = flags ?? {}\n const { ref } = db.db.dynamic\n return db.db\n .selectFrom('actor')\n .leftJoin('account', 'actor.did', 'account.did')\n .if(!includeTakenDown, (qb) => qb.where(notSoftDeletedClause(ref('actor'))))\n .if(!includeDeactivated, (qb) =>\n qb.where('actor.deactivatedAt', 'is', null),\n )\n .select([\n 'actor.did',\n 'actor.handle',\n 'actor.createdAt',\n 'actor.takedownRef',\n 'actor.deactivatedAt',\n 'actor.deleteAfter',\n 'account.email',\n 'account.emailConfirmedAt',\n 'account.invitesDisabled',\n ])\n}\n\nexport const getAccount = async (\n db: AccountDb,\n handleOrDid: AtIdentifierString,\n flags?: AvailabilityFlags,\n): Promise<ActorAccount | null> => {\n const found = await selectAccountQB(db, flags)\n .where((qb) => {\n if (isDidIdentifier(handleOrDid)) {\n return qb.where('actor.did', '=', handleOrDid)\n } else {\n return qb.where('actor.handle', '=', handleOrDid)\n }\n })\n .executeTakeFirst()\n return found || null\n}\n\nexport const getAccounts = async (\n db: AccountDb,\n dids: DidString[],\n flags?: AvailabilityFlags,\n): Promise<Map<string, ActorAccount>> => {\n const results = new Map<string, ActorAccount>()\n\n if (!dids.length) {\n return results\n }\n\n const accounts = await selectAccountQB(db, flags)\n .where('actor.did', 'in', dids)\n .execute()\n\n accounts.forEach((account) => {\n results.set(account.did, account)\n })\n\n return results\n}\n\nexport const getAccountByEmail = async (\n db: AccountDb,\n email: string,\n flags?: AvailabilityFlags,\n): Promise<ActorAccount | null> => {\n const found = await selectAccountQB(db, flags)\n .where('email', '=', email.toLowerCase())\n .executeTakeFirst()\n return found || null\n}\n\nexport const registerActor = async (\n db: AccountDb,\n opts: {\n did: DidString\n handle: HandleString\n deactivated?: boolean\n },\n) => {\n const { did, handle, deactivated } = opts\n const now = Date.now()\n const createdAt = new Date(now).toISOString()\n const [registered] = await db.executeWithRetry(\n db.db\n .insertInto('actor')\n .values({\n did,\n handle,\n createdAt,\n deactivatedAt: deactivated ? createdAt : null,\n deleteAfter: deactivated ? new Date(now + 3 * DAY).toISOString() : null,\n })\n .onConflict((oc) => oc.doNothing())\n .returning('did'),\n )\n if (!registered) {\n throw new UserAlreadyExistsError()\n }\n}\n\nexport const registerAccount = async (\n db: AccountDb,\n opts: {\n did: string\n email: string\n passwordScrypt: string\n },\n) => {\n const { did, email, passwordScrypt } = opts\n const [registered] = await db.executeWithRetry(\n db.db\n .insertInto('account')\n .values({\n did,\n email: email.toLowerCase(),\n passwordScrypt,\n })\n .onConflict((oc) => oc.doNothing())\n .returning('did'),\n )\n if (!registered) {\n throw new UserAlreadyExistsError()\n }\n}\n\nexport const deleteAccount = async (\n db: AccountDb,\n did: DidString,\n): Promise<void> => {\n // Not done in transaction because it would be too long, prone to contention.\n // Also, this can safely be run multiple times if it fails.\n await db.executeWithRetry(\n db.db.deleteFrom('repo_root').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('email_token').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('refresh_token').where('did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('account').where('account.did', '=', did),\n )\n await db.executeWithRetry(\n db.db.deleteFrom('actor').where('actor.did', '=', did),\n )\n}\n\nexport const updateHandle = async (\n db: AccountDb,\n did: DidString,\n handle: HandleString,\n) => {\n const [res] = await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({ handle })\n .where('did', '=', did)\n .whereNotExists(\n db.db.selectFrom('actor').where('handle', '=', handle).selectAll(),\n ),\n )\n if (res.numUpdatedRows < 1) {\n throw new UserAlreadyExistsError()\n }\n}\n\nexport const updateEmail = async (\n db: AccountDb,\n did: DidString,\n email: string,\n) => {\n try {\n await db.executeWithRetry(\n db.db\n .updateTable('account')\n .set({\n email: email.toLowerCase(),\n emailConfirmedAt: null,\n })\n .where('did', '=', did),\n )\n } catch (err) {\n if (isErrUniqueViolation(err)) {\n throw new UserAlreadyExistsError()\n }\n throw err\n }\n}\n\nexport const setEmailConfirmedAt = async (\n db: AccountDb,\n did: DidString,\n emailConfirmedAt: DatetimeString,\n) => {\n await db.executeWithRetry(\n db.db\n .updateTable('account')\n .set({ emailConfirmedAt })\n .where('did', '=', did),\n )\n}\n\nexport const getAccountAdminStatus = async (\n db: AccountDb,\n did: DidString,\n): Promise<{\n takedown: com.atproto.admin.defs.StatusAttr\n deactivated: com.atproto.admin.defs.StatusAttr\n} | null> => {\n const res = await db.db\n .selectFrom('actor')\n .select(['takedownRef', 'deactivatedAt'])\n .where('did', '=', did)\n .executeTakeFirst()\n if (!res) return null\n const takedown = res.takedownRef\n ? { applied: true, ref: res.takedownRef }\n : { applied: false }\n const deactivated = res.deactivatedAt ? { applied: true } : { applied: false }\n return { takedown, deactivated }\n}\n\nexport const updateAccountTakedownStatus = async (\n db: AccountDb,\n did: DidString,\n takedown: com.atproto.admin.defs.StatusAttr,\n) => {\n const takedownRef = takedown.applied\n ? takedown.ref ?? currentDatetimeString()\n : null\n await db.executeWithRetry(\n db.db.updateTable('actor').set({ takedownRef }).where('did', '=', did),\n )\n}\n\nexport const deactivateAccount = async (\n db: AccountDb,\n did: DidString,\n deleteAfter: string | null,\n) => {\n await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({\n deactivatedAt: currentDatetimeString(),\n deleteAfter,\n })\n .where('did', '=', did),\n )\n}\n\nexport const activateAccount = async (db: AccountDb, did: DidString) => {\n await db.executeWithRetry(\n db.db\n .updateTable('actor')\n .set({\n deactivatedAt: null,\n deleteAfter: null,\n })\n .where('did', '=', did),\n )\n}\n\nexport const formatAccountStatus = (\n account: null | {\n takedownRef: string | null\n deactivatedAt: string | null\n },\n) => {\n if (!account) {\n return { active: false, status: AccountStatus.Deleted } as const\n } else if (account.takedownRef) {\n return { active: false, status: AccountStatus.Takendown } as const\n } else if (account.deactivatedAt) {\n return { active: false, status: AccountStatus.Deactivated } as const\n } else {\n return { active: true, status: undefined } as const\n }\n}\n"]}
package/dist/account-manager/oauth-store.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import { Client } from '@did-plc/lib';
2
2
  import { Keypair } from '@atproto/crypto';
3
3
  import { HandleString } from '@atproto/lex';
4
- import { Account, AccountStore, AuthenticateAccountData, AuthorizedClientData, AuthorizedClients, ClientId, Code, DeviceAccount, DeviceData, DeviceId, DeviceStore, FoundRequestResult, LexiconData, LexiconStore, NewTokenData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmInput, ResetPasswordRequestInput, SignUpData, Sub, TokenData, TokenId, TokenInfo, TokenStore, UpdateRequestData } from '@atproto/oauth-provider';
4
+ import { Account, AccountStore, AuthenticateAccountData, AuthorizedClientData, AuthorizedClients, ClientId, Code, DeviceAccount, DeviceData, DeviceId, DeviceStore, FoundRequestResult, LexiconData, LexiconStore, NewTokenData, RefreshToken, RequestData, RequestId, RequestStore, ResetPasswordConfirmInput, ResetPasswordRequestInput, SignUpData, Sub, TokenData, TokenId, TokenInfo, TokenStore, UpdateEmailConfirmInput, UpdateEmailRequestInput, UpdateEmailRequestOutput, UpdateRequestData, VerifyEmailConfirmInput, VerifyEmailRequestInput } from '@atproto/oauth-provider';
5
5
  import { ActorStore } from '../actor-store/actor-store.js';
6
6
  import { BackgroundQueue } from '../background.js';
7
7
  import { ImageUrlBuilder } from '../image/image-url-builder.js';
@@ -67,6 +67,10 @@ export declare class OAuthStore implements AccountStore, RequestStore, DeviceSto
67
67
  rotateToken(tokenId: TokenId, newTokenId: TokenId, newRefreshToken: RefreshToken, newData: NewTokenData): Promise<void>;
68
68
  findTokenByRefreshToken(refreshToken: RefreshToken): Promise<TokenInfo | null>;
69
69
  findTokenByCode(code: Code): Promise<TokenInfo | null>;
70
+ verifyEmailRequest({ sub: did, locale, }: VerifyEmailRequestInput): Promise<void>;
71
+ verifyEmailConfirm({ sub: did, email, token, }: VerifyEmailConfirmInput): Promise<Account | null>;
72
+ updateEmailRequest({ sub: did, locale, }: UpdateEmailRequestInput): Promise<UpdateEmailRequestOutput>;
73
+ updateEmailConfirm({ sub: did, token, email, locale, }: UpdateEmailConfirmInput): Promise<Account | null>;
70
74
  private toTokenInfo;
71
75
  private buildAccount;
72
76
  }
package/dist/account-manager/oauth-store.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EACL,YAAY,EAKb,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,OAAO,EACP,YAAY,EACZ,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,IAAI,EACJ,aAAa,EACb,UAAU,EACV,QAAQ,EACR,WAAW,EACX,kBAAkB,EAKlB,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,GAAG,EACH,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,iBAAiB,EAClB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAyB,MAAM,uBAAuB,CAAA;AACxE,OAAO,EAAE,cAAc,EAAwB,MAAM,sBAAsB,CAAA;AAY3E;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU;IAG1E,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;gBATd,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI;IAGhD,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,uBAAuB;YAavB,gBAAgB;IAYxB,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAiF1B,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC;IAmCvC,mBAAmB,CACvB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,IAAI,CAAC;IAIV,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;QAClC,OAAO,EAAE,OAAO,CAAA;QAChB,iBAAiB,EAAE,iBAAiB,CAAA;KACrC,CAAC;IAmBI,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnE,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAoB1B,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAMhE,kBAAkB,CACtB,MAAM,EAAE;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG;QAAE,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAC5C,OAAO,CAAC,aAAa,EAAE,CAAC;IA+BrB,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACN,EAAE,yBAAyB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAuBhD,oBAAoB,CACxB,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAkBpB,wBAAwB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAkC7D,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAM9D,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAiBvD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAMpE,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IASlE,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAMjE,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC;IAK1D,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC;IAMV,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAItD,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5D,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM1C,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC;IAgBV,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAKjD,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAOtD,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAK5C,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC;IA6BV,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAatB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;YAK9C,WAAW;YAWX,YAAY;CAmC3B"}
1
+ {"version":3,"file":"oauth-store.d.ts","sourceRoot":"","sources":["../../src/account-manager/oauth-store.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAA2B,MAAM,cAAc,CAAA;AAE9D,OAAO,EAAE,OAAO,EAAoB,MAAM,iBAAiB,CAAA;AAC3D,OAAO,EACL,YAAY,EAKb,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,OAAO,EACP,YAAY,EACZ,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,QAAQ,EACR,IAAI,EACJ,aAAa,EACb,UAAU,EACV,QAAQ,EACR,WAAW,EACX,kBAAkB,EAKlB,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,SAAS,EACT,YAAY,EACZ,yBAAyB,EACzB,yBAAyB,EACzB,UAAU,EACV,GAAG,EACH,SAAS,EACT,OAAO,EACP,SAAS,EACT,UAAU,EACV,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACxB,iBAAiB,EACjB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,yBAAyB,CAAA;AAKhC,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAA;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAyB,MAAM,uBAAuB,CAAA;AACxE,OAAO,EAAE,cAAc,EAAwB,MAAM,sBAAsB,CAAA;AAY3E;;;;;GAKG;AACH,qBAAa,UACX,YAAW,YAAY,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU;IAG1E,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,cAAc;gBATd,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,eAAe,EAAE,eAAe,EAChC,eAAe,EAAE,eAAe,EAChC,MAAM,EAAE,YAAY,EACpB,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,OAAO,EACvB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GAAG,IAAI;IAGhD,OAAO,KAAK,EAAE,GAIb;IAED,OAAO,KAAK,UAAU,GAErB;YAEa,uBAAuB;YAavB,gBAAgB;IAYxB,aAAa,CAAC,EAClB,MAAM,EAAE,OAAO,EACf,UAAU,EACV,MAAM,EACN,KAAK,EACL,QAAQ,GACT,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IAiF1B,mBAAmB,CAAC,EACxB,MAAM,EAAE,OAAO,EACf,QAAQ,EAAE,UAAU,EACpB,QAAQ,EAER,QAAoB,GACrB,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC;IAmCvC,mBAAmB,CACvB,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,oBAAoB,GACzB,OAAO,CAAC,IAAI,CAAC;IAIV,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC;QAClC,OAAO,EAAE,OAAO,CAAA;QAChB,iBAAiB,EAAE,iBAAiB,CAAA;KACrC,CAAC;IAmBI,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnE,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAoB1B,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAMhE,kBAAkB,CACtB,MAAM,EAAE;QAAE,GAAG,EAAE,GAAG,CAAA;KAAE,GAAG;QAAE,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAC5C,OAAO,CAAC,aAAa,EAAE,CAAC;IA+BrB,oBAAoB,CAAC,EACzB,MAAM,EAAE,OAAO,EACf,KAAK,GACN,EAAE,yBAAyB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAuBhD,oBAAoB,CACxB,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAkBpB,wBAAwB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAkC7D,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAM9D,WAAW,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAiBvD,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;IAMpE,aAAa,CAAC,EAAE,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IASlE,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAMjE,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC;IAK1D,YAAY,CAChB,QAAQ,EAAE,QAAQ,EAClB,IAAI,EAAE,OAAO,CAAC,UAAU,CAAC,GACxB,OAAO,CAAC,IAAI,CAAC;IAMV,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/C,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAItD,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5D,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM1C,WAAW,CACf,EAAE,EAAE,OAAO,EACX,IAAI,EAAE,SAAS,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC;IAgBV,iBAAiB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAKjD,SAAS,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAOtD,WAAW,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAK5C,WAAW,CACf,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,OAAO,EACnB,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,IAAI,CAAC;IA6BV,uBAAuB,CAC3B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAatB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAKtD,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC;IAepC,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,KAAK,EACL,KAAK,GACN,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAiB9C,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAOxD,kBAAkB,CAAC,EACvB,GAAG,EAAE,GAAG,EACR,KAAK,EACL,KAAK,EACL,MAAM,GACP,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;YAoBtC,WAAW;YAWX,YAAY;CAmC3B"}