@atproto/pds 0.4.34 → 0.4.36

package/dist/api/com/atproto/server/deleteSession.js

@@ -1,20 +1,21 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-const auth_verifier_1 = require("../../../../auth-verifier");
 const proxy_1 = require("../../../proxy");
 function default_1(server, ctx) {
-    server.com.atproto.server.deleteSession(async ({ req }) => {
-        if (ctx.entrywayAgent) {
-            await ctx.entrywayAgent.com.atproto.server.deleteSession(undefined, (0, proxy_1.authPassthru)(req, true));
-            return;
-        }
-        const result = await ctx.authVerifier.validateBearerToken(req, [auth_verifier_1.AuthScope.Refresh], { clockTolerance: Infinity });
-        const id = result.payload.jti;
-        if (!id) {
-            throw new Error('Unexpected missing refresh token id');
-        }
-        await ctx.accountManager.revokeRefreshToken(id);
-    });
+    const { entrywayAgent } = ctx;
+    if (entrywayAgent) {
+        server.com.atproto.server.deleteSession(async (reqCtx) => {
+            await entrywayAgent.com.atproto.server.deleteSession(undefined, (0, proxy_1.authPassthru)(reqCtx.req, true));
+        });
+    }
+    else {
+        server.com.atproto.server.deleteSession({
+            auth: ctx.authVerifier.refreshExpired,
+            handler: async ({ auth }) => {
+                await ctx.accountManager.revokeRefreshToken(auth.credentials.tokenId);
+            },
+        });
+    }
 }
 exports.default = default_1;
 //# sourceMappingURL=deleteSession.js.map

package/dist/api/com/atproto/server/deleteSession.js.map

@@ -1 +1 @@
-{"version":3,"file":"deleteSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteSession.ts"],"names":[],"mappings":";;AAAA,6DAAqD;AAGrD,0CAA6C;AAE7C,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;QACxD,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;YACtB,MAAM,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CACtD,SAAS,EACT,IAAA,oBAAY,EAAC,GAAG,EAAE,IAAI,CAAC,CACxB,CAAA;YACD,OAAM;QACR,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,mBAAmB,CACvD,GAAG,EACH,CAAC,yBAAS,CAAC,OAAO,CAAC,EACnB,EAAE,cAAc,EAAE,QAAQ,EAAE,CAC7B,CAAA;QACD,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAA;QAC7B,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAA;QACxD,CAAC;QAED,MAAM,GAAG,CAAC,cAAc,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAA;IACjD,CAAC,CAAC,CAAA;AACJ,CAAC;AAtBD,4BAsBC"}
+{"version":3,"file":"deleteSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/deleteSession.ts"],"names":[],"mappings":";;AAEA,0CAA6C;AAE7C,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,EAAE,aAAa,EAAE,GAAG,GAAG,CAAA;IAC7B,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YACvD,MAAM,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAClD,SAAS,EACT,IAAA,oBAAY,EAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAC/B,CAAA;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC;YACtC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,cAAc;YACrC,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;gBAC1B,MAAM,GAAG,CAAC,cAAc,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;YACvE,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;AACH,CAAC;AAjBD,4BAiBC"}

package/dist/api/com/atproto/server/getSession.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"getSession.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/getSession.ts"],"names":[],"mappings":"AAEA,OAAO,UAAU,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAK5C,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAuCvD"}
+{"version":3,"file":"getSession.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/getSession.ts"],"names":[],"mappings":"AAIA,OAAO,UAAU,MAAM,qBAAqB,CAAA;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAK5C,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA0CvD"}

package/dist/api/com/atproto/server/getSession.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const xrpc_server_1 = require("@atproto/xrpc-server");
 const syntax_1 = require("@atproto/syntax");
+const account_manager_1 = require("../../../../account-manager");
 const proxy_1 = require("../../../proxy");
 const util_1 = require("./util");
 const auth_verifier_1 = require("../../../../auth-verifier");
@@ -22,6 +23,7 @@ function default_1(server, ctx) {
             if (!user) {
                 throw new xrpc_server_1.InvalidRequestError(`Could not find user info for account: ${did}`);
             }
+            const { status, active } = (0, account_manager_1.formatAccountStatus)(user);
             return {
                 encoding: 'application/json',
                 body: {
@@ -30,8 +32,8 @@ function default_1(server, ctx) {
                     email: user.email ?? undefined,
                     didDoc,
                     emailConfirmed: !!user.emailConfirmedAt,
-                    active: user.active,
-                    status: user.status,
+                    active,
+                    status,
                 },
             };
         },

package/dist/api/com/atproto/server/getSession.js.map

@@ -1 +1 @@
-{"version":3,"file":"getSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/getSession.ts"],"names":[],"mappings":";;AAAA,sDAA0D;AAC1D,4CAAgD;AAGhD,0CAA6D;AAC7D,iCAAyC;AACzC,6DAAqD;AAErD,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;QACnC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,cAAc,CAAC;YACpC,UAAU,EAAE,CAAC,yBAAS,CAAC,YAAY,CAAC;SACrC,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;YAC/B,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,OAAO,IAAA,sBAAc,EACnB,MAAM,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CACnD,SAAS,EACT,IAAA,oBAAY,EAAC,GAAG,CAAC,CAClB,CACF,CAAA;YACH,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAChC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACvC,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC;gBAChE,IAAA,uBAAgB,EAAC,GAAG,EAAE,GAAG,CAAC;aAC3B,CAAC,CAAA;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,iCAAmB,CAC3B,yCAAyC,GAAG,EAAE,CAC/C,CAAA;YACH,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,uBAAc;oBACrC,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS;oBAC9B,MAAM;oBACN,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB;oBACvC,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,MAAM,EAAE,IAAI,CAAC,MAAM;iBACpB;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAvCD,4BAuCC"}
+{"version":3,"file":"getSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/getSession.ts"],"names":[],"mappings":";;AAAA,sDAA0D;AAC1D,4CAAgD;AAEhD,iEAAiE;AAGjE,0CAA6D;AAC7D,iCAAyC;AACzC,6DAAqD;AAErD,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;QACnC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,cAAc,CAAC;YACpC,UAAU,EAAE,CAAC,yBAAS,CAAC,YAAY,CAAC;SACrC,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;YAC/B,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,OAAO,IAAA,sBAAc,EACnB,MAAM,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CACnD,SAAS,EACT,IAAA,oBAAY,EAAC,GAAG,CAAC,CAClB,CACF,CAAA;YACH,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAChC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACvC,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC;gBAChE,IAAA,uBAAgB,EAAC,GAAG,EAAE,GAAG,CAAC;aAC3B,CAAC,CAAA;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,iCAAmB,CAC3B,yCAAyC,GAAG,EAAE,CAC/C,CAAA;YACH,CAAC;YAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,qCAAmB,EAAC,IAAI,CAAC,CAAA;YAEpD,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,uBAAc;oBACrC,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS;oBAC9B,MAAM;oBACN,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB;oBACvC,MAAM;oBACN,MAAM;iBACP;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AA1CD,4BA0CC"}

package/dist/api/com/atproto/server/refreshSession.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"refreshSession.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/refreshSession.ts"],"names":[],"mappings":"AAEA,OAAO,UAAU,MAAM,qBAAqB,CAAA;AAE5C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAI5C,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAoDvD"}
+{"version":3,"file":"refreshSession.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/refreshSession.ts"],"names":[],"mappings":"AAIA,OAAO,UAAU,MAAM,qBAAqB,CAAA;AAE5C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAI5C,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QAsDvD"}

package/dist/api/com/atproto/server/refreshSession.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const syntax_1 = require("@atproto/syntax");
 const xrpc_server_1 = require("@atproto/xrpc-server");
+const account_manager_1 = require("../../../../account-manager");
 const util_1 = require("../../../../db/util");
 const util_2 = require("./util");
 const proxy_1 = require("../../../proxy");
@@ -30,6 +31,7 @@ function default_1(server, ctx) {
             if (rotated === null) {
                 throw new xrpc_server_1.InvalidRequestError('Token has been revoked', 'ExpiredToken');
             }
+            const { status, active } = (0, account_manager_1.formatAccountStatus)(user);
             return {
                 encoding: 'application/json',
                 body: {
@@ -38,8 +40,8 @@ function default_1(server, ctx) {
                     handle: user.handle ?? syntax_1.INVALID_HANDLE,
                     accessJwt: rotated.accessJwt,
                     refreshJwt: rotated.refreshJwt,
-                    active: user.active,
-                    status: user.status,
+                    active,
+                    status,
                 },
             };
         },

package/dist/api/com/atproto/server/refreshSession.js.map

@@ -1 +1 @@
-{"version":3,"file":"refreshSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/refreshSession.ts"],"names":[],"mappings":";;AAAA,4CAAgD;AAChD,sDAA6E;AAE7E,8CAAiD;AAEjD,iCAAyC;AACzC,0CAA6D;AAE7D,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC;QACvC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,OAAO;QAC9B,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAChC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACpD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,iCAAmB,CAC3B,yCAAyC,GAAG,EAAE,CAC/C,CAAA;YACH,CAAC;YACD,IAAI,IAAA,kBAAW,EAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,+BAAiB,CACzB,6BAA6B,EAC7B,iBAAiB,CAClB,CAAA;YACH,CAAC;YAED,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,OAAO,IAAA,sBAAc,EACnB,MAAM,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CACvD,SAAS,EACT,IAAA,oBAAY,EAAC,GAAG,CAAC,CAClB,CACF,CAAA;YACH,CAAC;YAED,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBAC1C,IAAA,uBAAgB,EAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC;gBAC/B,GAAG,CAAC,cAAc,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;aAChE,CAAC,CAAA;YACF,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,iCAAmB,CAAC,wBAAwB,EAAE,cAAc,CAAC,CAAA;YACzE,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,MAAM;oBACN,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,uBAAc;oBACrC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,MAAM,EAAE,IAAI,CAAC,MAAM;iBACpB;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AApDD,4BAoDC"}
+{"version":3,"file":"refreshSession.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/server/refreshSession.ts"],"names":[],"mappings":";;AAAA,4CAAgD;AAChD,sDAA6E;AAE7E,iEAAiE;AAEjE,8CAAiD;AAEjD,iCAAyC;AACzC,0CAA6D;AAE7D,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC;QACvC,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,OAAO;QAC9B,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAA;YAChC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE;gBACpD,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC,CAAA;YACF,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,iCAAmB,CAC3B,yCAAyC,GAAG,EAAE,CAC/C,CAAA;YACH,CAAC;YACD,IAAI,IAAA,kBAAW,EAAC,IAAI,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,+BAAiB,CACzB,6BAA6B,EAC7B,iBAAiB,CAClB,CAAA;YACH,CAAC;YAED,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;gBACtB,OAAO,IAAA,sBAAc,EACnB,MAAM,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CACvD,SAAS,EACT,IAAA,oBAAY,EAAC,GAAG,CAAC,CAClB,CACF,CAAA;YACH,CAAC;YAED,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBAC1C,IAAA,uBAAgB,EAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC;gBAC/B,GAAG,CAAC,cAAc,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;aAChE,CAAC,CAAA;YACF,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACrB,MAAM,IAAI,iCAAmB,CAAC,wBAAwB,EAAE,cAAc,CAAC,CAAA;YACzE,CAAC;YAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,qCAAmB,EAAC,IAAI,CAAC,CAAA;YAEpD,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,MAAM;oBACN,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,uBAAc;oBACrC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,MAAM;oBACN,MAAM;iBACP;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AAtDD,4BAsDC"}

package/dist/api/com/atproto/sync/getRepoStatus.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"getRepoStatus.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepoStatus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,UAAU,MAAM,qBAAqB,CAAA;AAG5C,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA0BvD"}
+{"version":3,"file":"getRepoStatus.d.ts","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepoStatus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,UAAU,MAAM,qBAAqB,CAAA;AAI5C,MAAM,CAAC,OAAO,WAAW,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,QA2BvD"}

package/dist/api/com/atproto/sync/getRepoStatus.js

@@ -1,12 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const util_1 = require("./util");
+const account_manager_1 = require("../../../../account-manager");
 function default_1(server, ctx) {
     server.com.atproto.sync.getRepoStatus({
         handler: async ({ params }) => {
             const { did } = params;
             const account = await (0, util_1.assertRepoAvailability)(ctx, did, true);
-            const { active, status } = account;
+            const { active, status } = (0, account_manager_1.formatAccountStatus)(account);
             let rev = undefined;
             if (active) {
                 const root = await ctx.actorStore.read(did, (store) => store.repo.storage.getRootDetailed());

package/dist/api/com/atproto/sync/getRepoStatus.js.map

@@ -1 +1 @@
-{"version":3,"file":"getRepoStatus.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepoStatus.ts"],"names":[],"mappings":";;AAEA,iCAA+C;AAE/C,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;QACpC,OAAO,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;YAC5B,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,CAAA;YACtB,MAAM,OAAO,GAAG,MAAM,IAAA,6BAAsB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;YAC5D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;YAElC,IAAI,GAAG,GAAuB,SAAS,CAAA;YACvC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CACpD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CACrC,CAAA;gBACD,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;YAChB,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,GAAG;oBACH,MAAM;oBACN,MAAM;oBACN,GAAG;iBACJ;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AA1BD,4BA0BC"}
+{"version":3,"file":"getRepoStatus.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/getRepoStatus.ts"],"names":[],"mappings":";;AAEA,iCAA+C;AAC/C,iEAAiE;AAEjE,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;QACpC,OAAO,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;YAC5B,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,CAAA;YACtB,MAAM,OAAO,GAAG,MAAM,IAAA,6BAAsB,EAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;YAE5D,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,qCAAmB,EAAC,OAAO,CAAC,CAAA;YAEvD,IAAI,GAAG,GAAuB,SAAS,CAAA;YACvC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CACpD,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CACrC,CAAA;gBACD,GAAG,GAAG,IAAI,CAAC,GAAG,CAAA;YAChB,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,kBAAkB;gBAC5B,IAAI,EAAE;oBACJ,GAAG;oBACH,MAAM;oBACN,MAAM;oBACN,GAAG;iBACJ;aACF,CAAA;QACH,CAAC;KACF,CAAC,CAAA;AACJ,CAAC;AA3BD,4BA2BC"}

package/dist/api/com/atproto/sync/listRepos.js

@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.TimeDidKeyset = void 0;
 const xrpc_server_1 = require("@atproto/xrpc-server");
 const pagination_1 = require("../../../../db/pagination");
-const account_1 = require("../../../../account-manager/helpers/account");
+const account_manager_1 = require("../../../../account-manager");
 function default_1(server, ctx) {
     server.com.atproto.sync.listRepos(async ({ params }) => {
         const { limit, cursor } = params;
@@ -30,7 +30,7 @@ function default_1(server, ctx) {
         });
         const res = await builder.execute();
         const repos = res.map((row) => {
-            const { active, status } = (0, account_1.formatAccountStatus)(row);
+            const { active, status } = (0, account_manager_1.formatAccountStatus)(row);
             return {
                 did: row.did,
                 head: row.head,

package/dist/api/com/atproto/sync/listRepos.js.map

@@ -1 +1 @@
-{"version":3,"file":"listRepos.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/listRepos.ts"],"names":[],"mappings":";;;AAAA,sDAA0D;AAG1D,0DAA2E;AAC3E,yEAAiF;AAEjF,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACrD,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CAAA;QAChC,MAAM,EAAE,GAAG,GAAG,CAAC,cAAc,CAAC,EAAE,CAAA;QAChC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,OAAO,CAAA;QAC7B,IAAI,OAAO,GAAG,EAAE,CAAC,EAAE;aAChB,UAAU,CAAC,OAAO,CAAC;aACnB,SAAS,CAAC,WAAW,EAAE,eAAe,EAAE,WAAW,CAAC;aACpD,MAAM,CAAC;YACN,kBAAkB;YAClB,uBAAuB;YACvB,sBAAsB;YACtB,8BAA8B;YAC9B,sCAAsC;YACtC,kCAAkC;SACnC,CAAC,CAAA;QACJ,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAA;QAC1E,OAAO,GAAG,IAAA,qBAAQ,EAAC,OAAO,EAAE;YAC1B,KAAK;YACL,MAAM;YACN,MAAM;YACN,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAA;QACF,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAA;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC5B,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAmB,EAAC,GAAG,CAAC,CAAA;YACnD,OAAO;gBACL,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,EAAE;gBAClB,MAAM;gBACN,MAAM;aACP,CAAA;QACH,CAAC,CAAC,CAAA;QACF,OAAO;YACL,QAAQ,EAAE,kBAAkB;YAC5B,IAAI,EAAE;gBACJ,MAAM,EAAE,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC;gBAClC,KAAK;aACN;SACF,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AA3CD,4BA2CC;AAID,MAAa,aAAc,SAAQ,0BAAoC;IACrE,WAAW,CAAC,MAAqB;QAC/B,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,GAAG,EAAE,CAAA;IAC7D,CAAC;IACD,qBAAqB,CAAC,OAAe;QACnC,OAAO;YACL,OAAO,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;YACvD,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,CAAA;IACH,CAAC;IACD,qBAAqB,CAAC,MAAc;QAClC,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA;QAC1D,IAAI,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,iCAAmB,CAAC,kBAAkB,CAAC,CAAA;QACnD,CAAC;QACD,OAAO;YACL,OAAO,EAAE,WAAW,CAAC,WAAW,EAAE;YAClC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAA;IACH,CAAC;CACF;AApBD,sCAoBC"}
+{"version":3,"file":"listRepos.js","sourceRoot":"","sources":["../../../../../src/api/com/atproto/sync/listRepos.ts"],"names":[],"mappings":";;;AAAA,sDAA0D;AAG1D,0DAA2E;AAC3E,iEAAiE;AAEjE,mBAAyB,MAAc,EAAE,GAAe;IACtD,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACrD,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CAAA;QAChC,MAAM,EAAE,GAAG,GAAG,CAAC,cAAc,CAAC,EAAE,CAAA;QAChC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,OAAO,CAAA;QAC7B,IAAI,OAAO,GAAG,EAAE,CAAC,EAAE;aAChB,UAAU,CAAC,OAAO,CAAC;aACnB,SAAS,CAAC,WAAW,EAAE,eAAe,EAAE,WAAW,CAAC;aACpD,MAAM,CAAC;YACN,kBAAkB;YAClB,uBAAuB;YACvB,sBAAsB;YACtB,8BAA8B;YAC9B,sCAAsC;YACtC,kCAAkC;SACnC,CAAC,CAAA;QACJ,MAAM,MAAM,GAAG,IAAI,aAAa,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC,CAAA;QAC1E,OAAO,GAAG,IAAA,qBAAQ,EAAC,OAAO,EAAE;YAC1B,KAAK;YACL,MAAM;YACN,MAAM;YACN,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAA;QACF,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,CAAA;QACnC,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC5B,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,qCAAmB,EAAC,GAAG,CAAC,CAAA;YACnD,OAAO;gBACL,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,EAAE;gBAClB,MAAM;gBACN,MAAM;aACP,CAAA;QACH,CAAC,CAAC,CAAA;QACF,OAAO;YACL,QAAQ,EAAE,kBAAkB;YAC5B,IAAI,EAAE;gBACJ,MAAM,EAAE,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC;gBAClC,KAAK;aACN;SACF,CAAA;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AA3CD,4BA2CC;AAID,MAAa,aAAc,SAAQ,0BAAoC;IACrE,WAAW,CAAC,MAAqB;QAC/B,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,GAAG,EAAE,CAAA;IAC7D,CAAC;IACD,qBAAqB,CAAC,OAAe;QACnC,OAAO;YACL,OAAO,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;YACvD,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,CAAA;IACH,CAAC;IACD,qBAAqB,CAAC,MAAc;QAClC,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA;QAC1D,IAAI,KAAK,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,iCAAmB,CAAC,kBAAkB,CAAC,CAAA;QACnD,CAAC;QACD,OAAO;YACL,OAAO,EAAE,WAAW,CAAC,WAAW,EAAE;YAClC,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B,CAAA;IACH,CAAC;CACF;AApBD,sCAoBC"}

package/dist/api/proxy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../../src/api/proxy.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAE3C,eAAO,MAAM,cAAc,cAAe;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,CAAC,CAAA;CAAE;;;CAMtE,CAAA;AAID,wBAAgB,YAAY,CAC1B,GAAG,EAAE,eAAe,EACpB,YAAY,CAAC,EAAE,KAAK,GACnB;IAAE,OAAO,EAAE;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,QAAQ,EAAE,SAAS,CAAA;CAAE,GAAG,SAAS,CAAA;AAE1E,wBAAgB,YAAY,CAC1B,GAAG,EAAE,eAAe,EACpB,YAAY,EAAE,IAAI,GAEhB;IAAE,OAAO,EAAE;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,QAAQ,EAAE,kBAAkB,CAAA;CAAE,GACpE,SAAS,CAAA"}
+{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../../src/api/proxy.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAEvC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAE3C,eAAO,MAAM,cAAc,cAAe;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,CAAC,CAAA;CAAE;;;CAMtE,CAAA;AAID,wBAAgB,YAAY,CAC1B,GAAG,EAAE,eAAe,EACpB,YAAY,CAAC,EAAE,KAAK,GACnB;IAAE,OAAO,EAAE;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,QAAQ,EAAE,SAAS,CAAA;CAAE,GAAG,SAAS,CAAA;AAE1E,wBAAgB,YAAY,CAC1B,GAAG,EAAE,eAAe,EACpB,YAAY,EAAE,IAAI,GAEhB;IAAE,OAAO,EAAE;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,QAAQ,EAAE,kBAAkB,CAAA;CAAE,GACpE,SAAS,CAAA"}

package/dist/api/proxy.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.authPassthru = exports.resultPassthru = void 0;
+const xrpc_server_1 = require("@atproto/xrpc-server");
 const resultPassthru = (result) => {
     // @TODO pass through any headers that we always want to forward along
     return {
@@ -10,9 +11,21 @@ const resultPassthru = (result) => {
 };
 exports.resultPassthru = resultPassthru;
 function authPassthru(req, withEncoding) {
-    if (req.headers.authorization) {
+    const { authorization } = req.headers;
+    if (authorization) {
+        // DPoP requests are bound to the endpoint being called. Allowing them to be
+        // proxied would require that the receiving end allows DPoP proof not
+        // created for him. Since proxying is mainly there to support legacy
+        // clients, and DPoP is a new feature, we don't support DPoP requests
+        // through the proxy.
+        // This is fine since app views are usually called using the requester's
+        // credentials when "auth.credentials.type === 'access'", which is the only
+        // case were DPoP is used.
+        if (authorization.startsWith('DPoP ') || req.headers['dpop']) {
+            throw new xrpc_server_1.InvalidRequestError('DPoP requests cannot be proxied');
+        }
         return {
-            headers: { authorization: req.headers.authorization },
+            headers: { authorization },
             encoding: withEncoding ? 'application/json' : undefined,
         };
     }

package/dist/api/proxy.js.map

@@ -1 +1 @@
-{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../../src/api/proxy.ts"],"names":[],"mappings":";;;AAGO,MAAM,cAAc,GAAG,CAAI,MAAqC,EAAE,EAAE;IACzE,sEAAsE;IACtE,OAAO;QACL,QAAQ,EAAE,kBAA2B;QACrC,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAA;AACH,CAAC,CAAA;AANY,QAAA,cAAc,kBAM1B;AAgBD,SAAgB,YAAY,CAAC,GAAoB,EAAE,YAAsB;IACvE,IAAI,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QAC9B,OAAO;YACL,OAAO,EAAE,EAAE,aAAa,EAAE,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE;YACrD,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS;SACxD,CAAA;IACH,CAAC;AACH,CAAC;AAPD,oCAOC"}
+{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../../src/api/proxy.ts"],"names":[],"mappings":";;;AACA,sDAA0D;AAGnD,MAAM,cAAc,GAAG,CAAI,MAAqC,EAAE,EAAE;IACzE,sEAAsE;IACtE,OAAO;QACL,QAAQ,EAAE,kBAA2B;QACrC,IAAI,EAAE,MAAM,CAAC,IAAI;KAClB,CAAA;AACH,CAAC,CAAA;AANY,QAAA,cAAc,kBAM1B;AAgBD,SAAgB,YAAY,CAAC,GAAoB,EAAE,YAAsB;IACvE,MAAM,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,OAAO,CAAA;IAErC,IAAI,aAAa,EAAE,CAAC;QAClB,4EAA4E;QAC5E,qEAAqE;QACrE,oEAAoE;QACpE,qEAAqE;QACrE,qBAAqB;QAErB,wEAAwE;QACxE,2EAA2E;QAC3E,0BAA0B;QAC1B,IAAI,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,iCAAmB,CAAC,iCAAiC,CAAC,CAAA;QAClE,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,aAAa,EAAE;YAC1B,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS;SACxD,CAAA;IACH,CAAC;AACH,CAAC;AAtBD,oCAsBC"}

package/dist/auth-routes.d.ts

@@ -0,0 +1,4 @@
+import { Router } from 'express';
+import AppContext from './context';
+export declare const createRouter: ({ authProvider, cfg }: AppContext) => Router;
+//# sourceMappingURL=auth-routes.d.ts.map

package/dist/auth-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-routes.d.ts","sourceRoot":"","sources":["../src/auth-routes.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AAEhC,OAAO,UAAU,MAAM,WAAW,CAAA;AAElC,eAAO,MAAM,YAAY,0BAA2B,UAAU,KAAG,MAqBhE,CAAA"}

package/dist/auth-routes.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRouter = void 0;
+const oauth_provider_1 = require("@atproto/oauth-provider");
+const express_1 = require("express");
+const createRouter = ({ authProvider, cfg }) => {
+    const router = (0, express_1.Router)();
+    const oauthProtectedResourceMetadata = oauth_provider_1.oauthProtectedResourceMetadataSchema.parse({
+        resource: cfg.service.publicUrl,
+        authorization_servers: [cfg.entryway?.url ?? cfg.service.publicUrl],
+        bearer_methods_supported: ['header'],
+        scopes_supported: ['profile', 'email', 'phone'],
+        resource_documentation: 'https://atproto.com',
+    });
+    router.get('/.well-known/oauth-protected-resource', (req, res) => {
+        res.status(200).json(oauthProtectedResourceMetadata);
+    });
+    if (authProvider) {
+        router.use(authProvider.createRouter());
+    }
+    return router;
+};
+exports.createRouter = createRouter;
+//# sourceMappingURL=auth-routes.js.map

package/dist/auth-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-routes.js","sourceRoot":"","sources":["../src/auth-routes.ts"],"names":[],"mappings":";;;AAAA,4DAA8E;AAC9E,qCAAgC;AAIzB,MAAM,YAAY,GAAG,CAAC,EAAE,YAAY,EAAE,GAAG,EAAc,EAAU,EAAE;IACxE,MAAM,MAAM,GAAG,IAAA,gBAAM,GAAE,CAAA;IAEvB,MAAM,8BAA8B,GAClC,qDAAoC,CAAC,KAAK,CAAC;QACzC,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,SAAS;QAC/B,qBAAqB,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC;QACnE,wBAAwB,EAAE,CAAC,QAAQ,CAAC;QACpC,gBAAgB,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC;QAC/C,sBAAsB,EAAE,qBAAqB;KAC9C,CAAC,CAAA;IAEJ,MAAM,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAA;IACtD,CAAC,CAAC,CAAA;IAEF,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC,CAAA;IACzC,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC,CAAA;AArBY,QAAA,YAAY,gBAqBxB"}

package/dist/auth-verifier.d.ts

@@ -1,11 +1,13 @@
 /// <reference types="node" />
 import { KeyObject } from 'node:crypto';
+import { OAuthVerifier } from '@atproto/oauth-provider';
 import { IdResolver } from '@atproto/identity';
 import express from 'express';
 import * as jose from 'jose';
 import { AccountManager } from './account-manager';
 type ReqCtx = {
     req: express.Request;
+    res?: express.Response;
 };
 export declare enum AuthScope {
     Access = "com.atproto.access",
@@ -72,7 +74,11 @@ type ValidatedBearer = {
     payload: jose.JWTPayload;
     audience: string | undefined;
 };
+type ValidatedRefreshBearer = ValidatedBearer & {
+    tokenId: string;
+};
 export type AuthVerifierOpts = {
+    publicUrl: string;
     jwtKey: KeyObject;
     adminPass: string;
     dids: {
@@ -84,36 +90,51 @@ export type AuthVerifierOpts = {
 export declare class AuthVerifier {
     accountManager: AccountManager;
     idResolver: IdResolver;
+    oauthVerifier: OAuthVerifier;
+    private _publicUrl;
     private _jwtKey;
     private _adminPass;
     dids: AuthVerifierOpts['dids'];
-    constructor(accountManager: AccountManager, idResolver: IdResolver, opts: AuthVerifierOpts);
+    constructor(accountManager: AccountManager, idResolver: IdResolver, oauthVerifier: OAuthVerifier, opts: AuthVerifierOpts);
     accessStandard: (opts?: Partial<AccessOpts>) => (ctx: ReqCtx) => Promise<AccessOutput>;
     accessFull: (opts?: Partial<AccessOpts>) => (ctx: ReqCtx) => Promise<AccessOutput>;
     accessPrivileged: (opts?: Partial<AccessOpts>) => (ctx: ReqCtx) => Promise<AccessOutput>;
     refresh: (ctx: ReqCtx) => Promise<RefreshOutput>;
-    adminToken: (ctx: ReqCtx) => AdminTokenOutput;
+    refreshExpired: (ctx: ReqCtx) => Promise<RefreshOutput>;
+    adminToken: (ctx: ReqCtx) => Promise<AdminTokenOutput>;
     optionalAccessOrAdminToken: (ctx: ReqCtx) => Promise<AccessOutput | AdminTokenOutput | NullOutput>;
-    userDidAuth: (reqCtx: ReqCtx) => Promise<UserDidOutput>;
-    userDidAuthOptional: (reqCtx: ReqCtx) => Promise<UserDidOutput | NullOutput>;
-    modService: (reqCtx: ReqCtx) => Promise<ModServiceOutput>;
-    moderator: (reqCtx: ReqCtx) => Promise<AdminTokenOutput | ModServiceOutput>;
-    validateBearerToken(req: express.Request, scopes: AuthScope[], verifyOptions?: jose.JWTVerifyOptions): Promise<ValidatedBearer>;
-    validateAccessToken(req: express.Request, scopes: AuthScope[], opts?: {
+    userDidAuth: (ctx: ReqCtx) => Promise<UserDidOutput>;
+    userDidAuthOptional: (ctx: ReqCtx) => Promise<UserDidOutput | NullOutput>;
+    modService: (ctx: ReqCtx) => Promise<ModServiceOutput>;
+    moderator: (ctx: ReqCtx) => Promise<AdminTokenOutput | ModServiceOutput>;
+    protected validateAdminToken({ req, }: ReqCtx): Promise<AdminTokenOutput>;
+    protected validateRefreshToken(ctx: ReqCtx, verifyOptions?: Omit<jose.JWTVerifyOptions, 'audience'>): Promise<ValidatedRefreshBearer>;
+    protected validateBearerToken(ctx: ReqCtx, scopes: AuthScope[], verifyOptions?: jose.JWTVerifyOptions): Promise<ValidatedBearer>;
+    protected validateAccessToken(ctx: ReqCtx, scopes: AuthScope[], { checkTakedown, checkDeactivated, }?: {
         checkTakedown?: boolean;
         checkDeactivated?: boolean;
     }): Promise<AccessOutput>;
-    verifyServiceJwt(reqCtx: ReqCtx, opts: {
+    protected validateDpopAccessToken(ctx: ReqCtx, scopes: AuthScope[]): Promise<AccessOutput>;
+    protected validateBearerAccessToken(ctx: ReqCtx, scopes: AuthScope[]): Promise<AccessOutput>;
+    protected verifyServiceJwt(ctx: ReqCtx, opts: {
         aud: string | null;
         iss: string[] | null;
     }): Promise<{
         iss: string;
         aud: string;
     }>;
-    null(): NullOutput;
+    protected null(ctx: ReqCtx): NullOutput;
     isUserOrAdmin(auth: AccessOutput | AdminTokenOutput | NullOutput, did: string): boolean;
+    protected jwtVerify(token: string, verifyOptions?: jose.JWTVerifyOptions): Promise<jose.JWTVerifyResult<jose.JWTPayload>>;
+    protected setAuthHeaders({ res }: ReqCtx): void;
+}
+declare enum AuthType {
+    BASIC = "Basic",
+    BEARER = "Bearer",
+    DPOP = "DPoP"
 }
-export declare const parseBasicAuth: (token: string) => {
+export declare const parseAuthorizationHeader: (authorization?: string) => [type: null] | [type: AuthType, token: string];
+export declare const parseBasicAuth: (authorizationHeader?: string) => {
     username: string;
     password: string;
 } | null;

package/dist/auth-verifier.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-verifier.d.ts","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,SAAS,EAAoC,MAAM,aAAa,CAAA;AAOzE,OAAO,EAAE,UAAU,EAA0B,MAAM,mBAAmB,CAAA;AAEtE,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAE5B,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAIlD,KAAK,MAAM,GAAG;IACZ,GAAG,EAAE,OAAO,CAAC,OAAO,CAAA;CACrB,CAAA;AAGD,oBAAY,SAAS;IACnB,MAAM,uBAAuB;IAC7B,OAAO,wBAAwB;IAC/B,OAAO,wBAAwB;IAC/B,iBAAiB,kCAAkC;IACnD,YAAY,6BAA6B;CAC1C;AAED,MAAM,MAAM,UAAU,GAAG;IACvB,UAAU,EAAE,SAAS,EAAE,CAAA;IACvB,aAAa,EAAE,OAAO,CAAA;IACtB,gBAAgB,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,oBAAY,UAAU;IACpB,KAAK,IAAA;IACL,OAAO,IAAA;IACP,OAAO,IAAA;CACR;AAED,KAAK,UAAU,GAAG;IAChB,WAAW,EAAE,IAAI,CAAA;CAClB,CAAA;AAED,KAAK,gBAAgB,GAAG;IACtB,WAAW,EAAE;QACX,IAAI,EAAE,aAAa,CAAA;KACpB,CAAA;CACF,CAAA;AAED,KAAK,gBAAgB,GAAG;IACtB,WAAW,EAAE;QACX,IAAI,EAAE,aAAa,CAAA;QACnB,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;KACZ,CAAA;CACF,CAAA;AAED,KAAK,YAAY,GAAG;IAClB,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ,CAAA;QACd,GAAG,EAAE,MAAM,CAAA;QACX,KAAK,EAAE,SAAS,CAAA;QAChB,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;KAC7B,CAAA;IACD,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,KAAK,aAAa,GAAG;IACnB,WAAW,EAAE;QACX,IAAI,EAAE,SAAS,CAAA;QACf,GAAG,EAAE,MAAM,CAAA;QACX,KAAK,EAAE,SAAS,CAAA;QAChB,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,KAAK,aAAa,GAAG;IACnB,WAAW,EAAE;QACX,IAAI,EAAE,UAAU,CAAA;QAChB,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;KACZ,CAAA;CACF,CAAA;AAED,KAAK,eAAe,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,SAAS,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,IAAI,CAAC,UAAU,CAAA;IACxB,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;CAC7B,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,MAAM,EAAE,SAAS,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAA;QACX,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB,CAAA;CACF,CAAA;AAED,qBAAa,YAAY;IAMd,cAAc,EAAE,cAAc;IAC9B,UAAU,EAAE,UAAU;IAN/B,OAAO,CAAC,OAAO,CAAW;IAC1B,OAAO,CAAC,UAAU,CAAQ;IACnB,IAAI,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAA;gBAG5B,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EAC7B,IAAI,EAAE,gBAAgB;IASxB,cAAc,UACL,QAAQ,UAAU,CAAC,WACpB,MAAM,KAAG,QAAQ,YAAY,CAAC,CAWnC;IAEH,UAAU,UACD,QAAQ,UAAU,CAAC,WACpB,MAAM,KAAG,QAAQ,YAAY,CAAC,CAMnC;IAEH,gBAAgB,UACP,QAAQ,UAAU,CAAC,WACpB,MAAM,KAAG,QAAQ,YAAY,CAAC,CAMnC;IAEH,OAAO,QAAe,MAAM,KAAG,QAAQ,aAAa,CAAC,CAsBpD;IAED,UAAU,QAAS,MAAM,KAAG,gBAAgB,CAU3C;IAED,0BAA0B,QACnB,MAAM,KACV,QAAQ,YAAY,GAAG,gBAAgB,GAAG,UAAU,CAAC,CAQvD;IAED,WAAW,WAAkB,MAAM,KAAG,QAAQ,aAAa,CAAC,CAY3D;IAED,mBAAmB,WACT,MAAM,KACb,QAAQ,aAAa,GAAG,UAAU,CAAC,CAMrC;IAED,UAAU,WAAkB,MAAM,KAAG,QAAQ,gBAAgB,CAAC,CAwB7D;IAED,SAAS,WACC,MAAM,KACb,QAAQ,gBAAgB,GAAG,gBAAgB,CAAC,CAM9C;IAEK,mBAAmB,CACvB,GAAG,EAAE,OAAO,CAAC,OAAO,EACpB,MAAM,EAAE,SAAS,EAAE,EACnB,aAAa,CAAC,EAAE,IAAI,CAAC,gBAAgB,GACpC,OAAO,CAAC,eAAe,CAAC;IA4BrB,mBAAmB,CACvB,GAAG,EAAE,OAAO,CAAC,OAAO,EACpB,MAAM,EAAE,SAAS,EAAE,EACnB,IAAI,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,OAAO,CAAC;QAAC,gBAAgB,CAAC,EAAE,OAAO,CAAA;KAAE,GAC7D,OAAO,CAAC,YAAY,CAAC;IAwClB,gBAAgB,CACpB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE;QAAE,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;KAAE;;;;IAmCpD,IAAI,IAAI,UAAU;IAMlB,aAAa,CACX,IAAI,EAAE,YAAY,GAAG,gBAAgB,GAAG,UAAU,EAClD,GAAG,EAAE,MAAM,GACV,OAAO;CASX;AAuCD,eAAO,MAAM,cAAc,UAClB,MAAM,KACZ;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,IAY3C,CAAA;AAOD,eAAO,MAAM,qBAAqB,WAAY,MAAM,KAAG,SAEtD,CAAA;AAED,eAAO,MAAM,qBAAqB,iBAAkB,MAAM,KAAG,SAG5D,CAAA"}
+{"version":3,"file":"auth-verifier.d.ts","sourceRoot":"","sources":["../src/auth-verifier.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,SAAS,EAAoC,MAAM,aAAa,CAAA;AAEzE,OAAO,EAEL,aAAa,EAEd,MAAM,yBAAyB,CAAA;AAQhC,OAAO,EAAE,UAAU,EAA0B,MAAM,mBAAmB,CAAA;AACtE,OAAO,OAAO,MAAM,SAAS,CAAA;AAC7B,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAE5B,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAIlD,KAAK,MAAM,GAAG;IACZ,GAAG,EAAE,OAAO,CAAC,OAAO,CAAA;IAEpB,GAAG,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAA;CACvB,CAAA;AAGD,oBAAY,SAAS;IACnB,MAAM,uBAAuB;IAC7B,OAAO,wBAAwB;IAC/B,OAAO,wBAAwB;IAC/B,iBAAiB,kCAAkC;IACnD,YAAY,6BAA6B;CAC1C;AAED,MAAM,MAAM,UAAU,GAAG;IACvB,UAAU,EAAE,SAAS,EAAE,CAAA;IACvB,aAAa,EAAE,OAAO,CAAA;IACtB,gBAAgB,EAAE,OAAO,CAAA;CAC1B,CAAA;AAED,oBAAY,UAAU;IACpB,KAAK,IAAA;IACL,OAAO,IAAA;IACP,OAAO,IAAA;CACR;AAED,KAAK,UAAU,GAAG;IAChB,WAAW,EAAE,IAAI,CAAA;CAClB,CAAA;AAED,KAAK,gBAAgB,GAAG;IACtB,WAAW,EAAE;QACX,IAAI,EAAE,aAAa,CAAA;KACpB,CAAA;CACF,CAAA;AAED,KAAK,gBAAgB,GAAG;IACtB,WAAW,EAAE;QACX,IAAI,EAAE,aAAa,CAAA;QACnB,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;KACZ,CAAA;CACF,CAAA;AAED,KAAK,YAAY,GAAG;IAClB,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ,CAAA;QACd,GAAG,EAAE,MAAM,CAAA;QACX,KAAK,EAAE,SAAS,CAAA;QAChB,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;KAC7B,CAAA;IACD,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,KAAK,aAAa,GAAG;IACnB,WAAW,EAAE;QACX,IAAI,EAAE,SAAS,CAAA;QACf,GAAG,EAAE,MAAM,CAAA;QACX,KAAK,EAAE,SAAS,CAAA;QAChB,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,KAAK,aAAa,GAAG;IACnB,WAAW,EAAE;QACX,IAAI,EAAE,UAAU,CAAA;QAChB,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;KACZ,CAAA;CACF,CAAA;AAED,KAAK,eAAe,GAAG;IACrB,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,SAAS,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,IAAI,CAAC,UAAU,CAAA;IACxB,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAA;CAC7B,CAAA;AAED,KAAK,sBAAsB,GAAG,eAAe,GAAG;IAC9C,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,SAAS,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,IAAI,EAAE;QACJ,GAAG,EAAE,MAAM,CAAA;QACX,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,UAAU,CAAC,EAAE,MAAM,CAAA;KACpB,CAAA;CACF,CAAA;AAED,qBAAa,YAAY;IAOd,cAAc,EAAE,cAAc;IAC9B,UAAU,EAAE,UAAU;IACtB,aAAa,EAAE,aAAa;IARrC,OAAO,CAAC,UAAU,CAAQ;IAC1B,OAAO,CAAC,OAAO,CAAW;IAC1B,OAAO,CAAC,UAAU,CAAQ;IACnB,IAAI,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAA;gBAG5B,cAAc,EAAE,cAAc,EAC9B,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,aAAa,EACnC,IAAI,EAAE,gBAAgB;IAUxB,cAAc,UACL,QAAQ,UAAU,CAAC,WACpB,MAAM,KAAG,QAAQ,YAAY,CAAC,CAWnC;IAEH,UAAU,UACD,QAAQ,UAAU,CAAC,WACpB,MAAM,KAAG,QAAQ,YAAY,CAAC,CAMnC;IAEH,gBAAgB,UACP,QAAQ,UAAU,CAAC,WACpB,MAAM,KAAG,QAAQ,YAAY,CAAC,CAMnC;IAEH,OAAO,QAAe,MAAM,KAAG,QAAQ,aAAa,CAAC,CAcpD;IAED,cAAc,QAAe,MAAM,KAAG,QAAQ,aAAa,CAAC,CAc3D;IAED,UAAU,QAAe,MAAM,KAAG,QAAQ,gBAAgB,CAAC,CAG1D;IAED,0BAA0B,QACnB,MAAM,KACV,QAAQ,YAAY,GAAG,gBAAgB,GAAG,UAAU,CAAC,CAQvD;IAED,WAAW,QAAe,MAAM,KAAG,QAAQ,aAAa,CAAC,CAYxD;IAED,mBAAmB,QACZ,MAAM,KACV,QAAQ,aAAa,GAAG,UAAU,CAAC,CAMrC;IAED,UAAU,QAAe,MAAM,KAAG,QAAQ,gBAAgB,CAAC,CAwB1D;IAED,SAAS,QACF,MAAM,KACV,QAAQ,gBAAgB,GAAG,gBAAgB,CAAC,CAM9C;cAEe,kBAAkB,CAAC,EACjC,GAAG,GACJ,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;cAarB,oBAAoB,CAClC,GAAG,EAAE,MAAM,EACX,aAAa,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC,GACtD,OAAO,CAAC,sBAAsB,CAAC;cAgBlB,mBAAmB,CACjC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,EACnB,aAAa,CAAC,EAAE,IAAI,CAAC,gBAAgB,GACpC,OAAO,CAAC,eAAe,CAAC;cA+CX,mBAAmB,CACjC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,EACnB,EACE,aAAqB,EACrB,gBAAwB,GACzB,GAAE;QAAE,aAAa,CAAC,EAAE,OAAO,CAAC;QAAC,gBAAgB,CAAC,EAAE,OAAO,CAAA;KAAO,GAC9D,OAAO,CAAC,YAAY,CAAC;cAqDR,uBAAuB,CACrC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,GAClB,OAAO,CAAC,YAAY,CAAC;cA4DR,yBAAyB,CACvC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,SAAS,EAAE,GAClB,OAAO,CAAC,YAAY,CAAC;cAiBR,gBAAgB,CAC9B,GAAG,EAAE,MAAM,EACX,IAAI,EAAE;QAAE,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,GAAG,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;KAAE;;;;IAqCpD,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU;IAOvC,aAAa,CACX,IAAI,EAAE,YAAY,GAAG,gBAAgB,GAAG,UAAU,EAClD,GAAG,EAAE,MAAM,GACV,OAAO;cAUM,SAAS,CACvB,KAAK,EAAE,MAAM,EACb,aAAa,CAAC,EAAE,IAAI,CAAC,gBAAgB;IAevC,SAAS,CAAC,cAAc,CAAC,EAAE,GAAG,EAAE,EAAE,MAAM;CAMzC;AAKD,aAAK,QAAQ;IACX,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,IAAI,SAAS;CACd;AAED,eAAO,MAAM,wBAAwB,mBACnB,MAAM,KACrB,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAY/C,CAAA;AAsBD,eAAO,MAAM,cAAc,yBACH,MAAM,KAC3B;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,IAc3C,CAAA;AAOD,eAAO,MAAM,qBAAqB,WAAY,MAAM,KAAG,SAEtD,CAAA;AAED,eAAO,MAAM,qBAAqB,iBAAkB,MAAM,KAAG,SAG5D,CAAA"}