@botparty/nextjs 0.0.62 → 0.0.64
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +24 -24
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
var Yt=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});import{existsSync as We,mkdirSync as Be,writeFileSync as ie,readdirSync as hr}from"fs";import{resolve as P}from"path";import{generateKeyPairSync as Ot}from"crypto";var de=new TextEncoder,le=new TextDecoder,$r=2**32;function Le(...e){let t=e.reduce((s,{length:o})=>s+o,0),r=new Uint8Array(t),n=0;for(let s of e)r.set(s,n),n+=s.length;return r}function pe(e){let t=new Uint8Array(e.length);for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);if(n>127)throw new TypeError("non-ASCII string encountered in encode()");t[r]=n}return t}function Pe(e){if(Uint8Array.prototype.toBase64)return e.toBase64();let t=32768,r=[];for(let n=0;n<e.length;n+=t)r.push(String.fromCharCode.apply(null,e.subarray(n,n+t)));return btoa(r.join(""))}function ue(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return r}function He(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof e=="string"?e:le.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=le.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/");try{return ue(t)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}}function F(e){let t=e;return typeof t=="string"&&(t=de.encode(t)),Uint8Array.prototype.toBase64?t.toBase64({alphabet:"base64url",omitPadding:!0}):Pe(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}var _=(e,t="algorithm.name")=>new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`),q=(e,t)=>e.name===t;function Ft(e){return parseInt(e.name.slice(4),10)}function Re(e,t){if(Ft(e.hash)!==t)throw _(`SHA-${t}`,"algorithm.hash")}function qt(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function Gt(e,t){if(t&&!e.usages.includes(t))throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`)}function Me(e,t,r){switch(t){case"HS256":case"HS384":case"HS512":{if(!q(e.algorithm,"HMAC"))throw _("HMAC");Re(e.algorithm,parseInt(t.slice(2),10));break}case"RS256":case"RS384":case"RS512":{if(!q(e.algorithm,"RSASSA-PKCS1-v1_5"))throw _("RSASSA-PKCS1-v1_5");Re(e.algorithm,parseInt(t.slice(2),10));break}case"PS256":case"PS384":case"PS512":{if(!q(e.algorithm,"RSA-PSS"))throw _("RSA-PSS");Re(e.algorithm,parseInt(t.slice(2),10));break}case"Ed25519":case"EdDSA":{if(!q(e.algorithm,"Ed25519"))throw _("Ed25519");break}case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":{if(!q(e.algorithm,t))throw _(t);break}case"ES256":case"ES384":case"ES512":{if(!q(e.algorithm,"ECDSA"))throw _("ECDSA");let n=qt(t);if(e.algorithm.namedCurve!==n)throw _(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}Gt(e,r)}function ze(e,t,...r){if(r=r.filter(Boolean),r.length>2){let n=r.pop();e+=`one of type ${r.join(", ")}, or ${n}.`}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var me=(e,...t)=>ze("Key must be ",e,...t),ke=(e,t,...r)=>ze(`Key for the ${e} algorithm must be `,t,...r);var te=class extends Error{static code="ERR_JOSE_GENERIC";code="ERR_JOSE_GENERIC";constructor(t,r){super(t,r),this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor)}};var S=class extends te{static code="ERR_JOSE_NOT_SUPPORTED";code="ERR_JOSE_NOT_SUPPORTED"};var O=class extends te{static code="ERR_JWS_INVALID";code="ERR_JWS_INVALID"},fe=class extends te{static code="ERR_JWT_INVALID";code="ERR_JWT_INVALID"};var re=e=>{if(e?.[Symbol.toStringTag]==="CryptoKey")return!0;try{return e instanceof CryptoKey}catch{return!1}},ne=e=>e?.[Symbol.toStringTag]==="KeyObject",Ce=e=>re(e)||ne(e);var Yr=Symbol();function Ie(e,t){if(e)throw new TypeError(`${t} can only be called once`)}var Vt=e=>typeof e=="object"&&e!==null;function Ke(e){if(!Vt(e)||Object.prototype.toString.call(e)!=="[object Object]")return!1;if(Object.getPrototypeOf(e)===null)return!0;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t}function Ye(...e){let t=e.filter(Boolean);if(t.length===0||t.length===1)return!0;let r;for(let n of t){let s=Object.keys(n);if(!r||r.size===0){r=new Set(s);continue}for(let o of s){if(r.has(o))return!1;r.add(o)}}return!0}var se=e=>Ke(e)&&typeof e.kty=="string",Fe=e=>e.kty!=="oct"&&(e.kty==="AKP"&&typeof e.priv=="string"||typeof e.d=="string"),qe=e=>e.kty!=="oct"&&e.d===void 0&&e.priv===void 0,Ge=e=>e.kty==="oct"&&typeof e.k=="string";function Zt(e,t){if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}}function Qt(e,t){let r=`SHA-${e.slice(-3)}`;switch(e){case"HS256":case"HS384":case"HS512":return{hash:r,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:r,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case"RS256":case"RS384":case"RS512":return{hash:r,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:r,name:"ECDSA",namedCurve:t.namedCurve};case"Ed25519":case"EdDSA":return{name:"Ed25519"};case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return{name:e};default:throw new S(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}async function er(e,t,r){if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(me(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:`SHA-${e.slice(-3)}`,name:"HMAC"},!1,[r])}return Me(t,e,r),t}async function Ve(e,t,r){let n=await er(e,t,"sign");Zt(e,n);let s=await crypto.subtle.sign(Qt(e,n.algorithm),n,r);return new Uint8Array(s)}var ye='Invalid or unsupported JWK "alg" (Algorithm) Parameter value';function tr(e){let t,r;switch(e.kty){case"AKP":{switch(e.alg){case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":t={name:e.alg},r=e.priv?["sign"]:["verify"];break;default:throw new S(ye)}break}case"RSA":{switch(e.alg){case"PS256":case"PS384":case"PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.slice(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new S(ye)}break}case"EC":{switch(e.alg){case"ES256":case"ES384":case"ES512":t={name:"ECDSA",namedCurve:{ES256:"P-256",ES384:"P-384",ES512:"P-521"}[e.alg]},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new S(ye)}break}case"OKP":{switch(e.alg){case"Ed25519":case"EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new S(ye)}break}default:throw new S('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:t,keyUsages:r}}async function Xe(e){if(!e.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:t,keyUsages:r}=tr(e),n={...e};return n.kty!=="AKP"&&delete n.alg,delete n.use,crypto.subtle.importKey("jwk",n,t,e.ext??!(e.d||e.priv),e.key_ops??r)}var G="given KeyObject instance cannot be used for this algorithm",V,Ze=async(e,t,r,n=!1)=>{V||=new WeakMap;let s=V.get(e);if(s?.[r])return s[r];let o=await Xe({...t,alg:r});return n&&Object.freeze(e),s?s[r]=o:V.set(e,{[r]:o}),o},rr=(e,t)=>{V||=new WeakMap;let r=V.get(e);if(r?.[t])return r[t];let n=e.type==="public",s=!!n,o;if(e.asymmetricKeyType==="x25519"){switch(t){case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":break;default:throw new TypeError(G)}o=e.toCryptoKey(e.asymmetricKeyType,s,n?[]:["deriveBits"])}if(e.asymmetricKeyType==="ed25519"){if(t!=="EdDSA"&&t!=="Ed25519")throw new TypeError(G);o=e.toCryptoKey(e.asymmetricKeyType,s,[n?"verify":"sign"])}switch(e.asymmetricKeyType){case"ml-dsa-44":case"ml-dsa-65":case"ml-dsa-87":{if(t!==e.asymmetricKeyType.toUpperCase())throw new TypeError(G);o=e.toCryptoKey(e.asymmetricKeyType,s,[n?"verify":"sign"])}}if(e.asymmetricKeyType==="rsa"){let i;switch(t){case"RSA-OAEP":i="SHA-1";break;case"RS256":case"PS256":case"RSA-OAEP-256":i="SHA-256";break;case"RS384":case"PS384":case"RSA-OAEP-384":i="SHA-384";break;case"RS512":case"PS512":case"RSA-OAEP-512":i="SHA-512";break;default:throw new TypeError(G)}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:i},s,n?["encrypt"]:["decrypt"]);o=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:i},s,[n?"verify":"sign"])}if(e.asymmetricKeyType==="ec"){let c=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(e.asymmetricKeyDetails?.namedCurve);if(!c)throw new TypeError(G);let l={ES256:"P-256",ES384:"P-384",ES512:"P-521"};l[t]&&c===l[t]&&(o=e.toCryptoKey({name:"ECDSA",namedCurve:c},s,[n?"verify":"sign"])),t.startsWith("ECDH-ES")&&(o=e.toCryptoKey({name:"ECDH",namedCurve:c},s,n?[]:["deriveBits"]))}if(!o)throw new TypeError(G);return r?r[t]=o:V.set(e,{[t]:o}),o};async function Qe(e,t){if(e instanceof Uint8Array||re(e))return e;if(ne(e)){if(e.type==="secret")return e.export();if("toCryptoKey"in e&&typeof e.toCryptoKey=="function")try{return rr(e,t)}catch(n){if(n instanceof TypeError)throw n}let r=e.export({format:"jwk"});return Ze(e,r,t)}if(se(e))return e.k?He(e.k):Ze(e,e,t,!0);throw new Error("unreachable")}var Ne=(e,t)=>{if(e.byteLength!==t.length)return!1;for(let r=0;r<e.byteLength;r++)if(e[r]!==t[r])return!1;return!0},et=e=>({data:e,pos:0}),W=e=>{let t=e.data[e.pos++];if(t&128){let r=t&127,n=0;for(let s=0;s<r;s++)n=n<<8|e.data[e.pos++];return n}return t};var B=(e,t,r)=>{if(e.data[e.pos++]!==t)throw new Error(r)},tt=(e,t)=>{let r=e.data.subarray(e.pos,e.pos+t);return e.pos+=t,r},nr=e=>{B(e,6,"Expected algorithm OID");let t=W(e);return tt(e,t)};function sr(e){B(e,48,"Invalid PKCS#8 structure"),W(e),B(e,2,"Expected version field");let t=W(e);e.pos+=t,B(e,48,"Expected algorithm identifier");let r=W(e);return{algIdStart:e.pos,algIdLength:r}}function or(e){B(e,48,"Invalid SPKI structure"),W(e),B(e,48,"Expected algorithm identifier");let t=W(e);return{algIdStart:e.pos,algIdLength:t}}var rt=e=>{let t=nr(e);if(Ne(t,[43,101,110]))return"X25519";if(!Ne(t,[42,134,72,206,61,2,1]))throw new Error("Unsupported key algorithm");B(e,6,"Expected curve OID");let r=W(e),n=tt(e,r);for(let{name:s,oid:o}of[{name:"P-256",oid:[42,134,72,206,61,3,1,7]},{name:"P-384",oid:[43,129,4,0,34]},{name:"P-521",oid:[43,129,4,0,35]}])if(Ne(n,o))return s;throw new Error("Unsupported named curve")},nt=async(e,t,r,n)=>{let s,o,i=e==="spki",c=()=>i?["verify"]:["sign"],l=()=>i?["encrypt","wrapKey"]:["decrypt","unwrapKey"];switch(r){case"PS256":case"PS384":case"PS512":s={name:"RSA-PSS",hash:`SHA-${r.slice(-3)}`},o=c();break;case"RS256":case"RS384":case"RS512":s={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${r.slice(-3)}`},o=c();break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":s={name:"RSA-OAEP",hash:`SHA-${parseInt(r.slice(-3),10)||1}`},o=l();break;case"ES256":case"ES384":case"ES512":{s={name:"ECDSA",namedCurve:{ES256:"P-256",ES384:"P-384",ES512:"P-521"}[r]},o=c();break}case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{try{let a=n.getNamedCurve(t);s=a==="X25519"?{name:"X25519"}:{name:"ECDH",namedCurve:a}}catch{throw new S("Invalid or unsupported key format")}o=i?[]:["deriveBits"];break}case"Ed25519":case"EdDSA":s={name:"Ed25519"},o=c();break;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":s={name:r},o=c();break;default:throw new S('Invalid or unsupported "alg" (Algorithm) value')}return crypto.subtle.importKey(e,t,s,n?.extractable??!!i,o)},st=(e,t)=>ue(e.replace(t,"")),ot=(e,t,r)=>{let n=st(e,/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g),s=r;return t?.startsWith?.("ECDH-ES")&&(s||={},s.getNamedCurve=o=>{let i=et(o);return sr(i),rt(i)}),nt("pkcs8",n,t,s)},it=(e,t,r)=>{let n=st(e,/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g),s=r;return t?.startsWith?.("ECDH-ES")&&(s||={},s.getNamedCurve=o=>{let i=et(o);return or(i),rt(i)}),nt("spki",n,t,s)};async function X(e,t,r){if(typeof e!="string"||e.indexOf("-----BEGIN PUBLIC KEY-----")!==0)throw new TypeError('"spki" must be SPKI formatted string');return it(e,t,r)}async function U(e,t,r){if(typeof e!="string"||e.indexOf("-----BEGIN PRIVATE KEY-----")!==0)throw new TypeError('"pkcs8" must be PKCS#8 formatted string');return ot(e,t,r)}async function at(e){if(ne(e))if(e.type==="secret")e=e.export();else return e.export({format:"jwk"});if(e instanceof Uint8Array)return{kty:"oct",k:F(e)};if(!re(e))throw new TypeError(me(e,"CryptoKey","KeyObject","Uint8Array"));if(!e.extractable)throw new TypeError("non-extractable CryptoKey cannot be exported as a JWK");let{ext:t,key_ops:r,alg:n,use:s,...o}=await crypto.subtle.exportKey("jwk",e);return o.kty==="AKP"&&(o.alg=n),o}async function I(e){return at(e)}function ct(e,t,r,n,s){if(s.crit!==void 0&&n?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(i=>typeof i!="string"||i.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let o;r!==void 0?o=new Map([...Object.entries(r),...t.entries()]):o=t;for(let i of n.crit){if(!o.has(i))throw new S(`Extension Header Parameter "${i}" is not recognized`);if(s[i]===void 0)throw new e(`Extension Header Parameter "${i}" is missing`);if(o.get(i)&&n[i]===void 0)throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`)}return new Set(n.crit)}var Z=e=>e?.[Symbol.toStringTag],_e=(e,t,r)=>{if(t.use!==void 0){let n;switch(r){case"sign":case"verify":n="sig";break;case"encrypt":case"decrypt":n="enc";break}if(t.use!==n)throw new TypeError(`Invalid key for this operation, its "use" must be "${n}" when present`)}if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);if(Array.isArray(t.key_ops)){let n;switch(!0){case(r==="sign"||r==="verify"):case e==="dir":case e.includes("CBC-HS"):n=r;break;case e.startsWith("PBES2"):n="deriveBits";break;case/^A\d{3}(?:GCM)?(?:KW)?$/.test(e):!e.includes("GCM")&&e.endsWith("KW")?n=r==="encrypt"?"wrapKey":"unwrapKey":n=r;break;case(r==="encrypt"&&e.startsWith("RSA")):n="wrapKey";break;case r==="decrypt":n=e.startsWith("RSA")?"unwrapKey":"deriveBits";break}if(n&&t.key_ops?.includes?.(n)===!1)throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`)}return!0},ir=(e,t,r)=>{if(!(t instanceof Uint8Array)){if(se(t)){if(Ge(t)&&_e(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!Ce(t))throw new TypeError(ke(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(t.type!=="secret")throw new TypeError(`${Z(t)} instances for symmetric algorithms must be of type "secret"`)}},ar=(e,t,r)=>{if(se(t))switch(r){case"decrypt":case"sign":if(Fe(t)&&_e(e,t,r))return;throw new TypeError("JSON Web Key for this operation must be a private JWK");case"encrypt":case"verify":if(qe(t)&&_e(e,t,r))return;throw new TypeError("JSON Web Key for this operation must be a public JWK")}if(!Ce(t))throw new TypeError(ke(e,t,"CryptoKey","KeyObject","JSON Web Key"));if(t.type==="secret")throw new TypeError(`${Z(t)} instances for asymmetric algorithms must not be of type "secret"`);if(t.type==="public")switch(r){case"sign":throw new TypeError(`${Z(t)} instances for asymmetric algorithm signing must be of type "private"`);case"decrypt":throw new TypeError(`${Z(t)} instances for asymmetric algorithm decryption must be of type "private"`)}if(t.type==="private")switch(r){case"verify":throw new TypeError(`${Z(t)} instances for asymmetric algorithm verifying must be of type "public"`);case"encrypt":throw new TypeError(`${Z(t)} instances for asymmetric algorithm encryption must be of type "public"`)}};function dt(e,t,r){switch(e.substring(0,2)){case"A1":case"A2":case"di":case"HS":case"PB":ir(e,t,r);break;default:ar(e,t,r)}}var L=e=>Math.floor(e.getTime()/1e3),lt=60,pt=lt*60,De=pt*24,cr=De*7,dr=De*365.25,lr=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;function Oe(e){let t=lr.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),n=t[3].toLowerCase(),s;switch(n){case"sec":case"secs":case"second":case"seconds":case"s":s=Math.round(r);break;case"minute":case"minutes":case"min":case"mins":case"m":s=Math.round(r*lt);break;case"hour":case"hours":case"hr":case"hrs":case"h":s=Math.round(r*pt);break;case"day":case"days":case"d":s=Math.round(r*De);break;case"week":case"weeks":case"w":s=Math.round(r*cr);break;default:s=Math.round(r*dr);break}return t[1]==="-"||t[4]==="ago"?-s:s}function H(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var he=class{#e;constructor(t){if(!Ke(t))throw new TypeError("JWT Claims Set MUST be an object");this.#e=structuredClone(t)}data(){return de.encode(JSON.stringify(this.#e))}get iss(){return this.#e.iss}set iss(t){this.#e.iss=t}get sub(){return this.#e.sub}set sub(t){this.#e.sub=t}get aud(){return this.#e.aud}set aud(t){this.#e.aud=t}set jti(t){this.#e.jti=t}set nbf(t){typeof t=="number"?this.#e.nbf=H("setNotBefore",t):t instanceof Date?this.#e.nbf=H("setNotBefore",L(t)):this.#e.nbf=L(new Date)+Oe(t)}set exp(t){typeof t=="number"?this.#e.exp=H("setExpirationTime",t):t instanceof Date?this.#e.exp=H("setExpirationTime",L(t)):this.#e.exp=L(new Date)+Oe(t)}set iat(t){t===void 0?this.#e.iat=L(new Date):t instanceof Date?this.#e.iat=H("setIssuedAt",L(t)):typeof t=="string"?this.#e.iat=H("setIssuedAt",L(new Date)+Oe(t)):this.#e.iat=H("setIssuedAt",t)}};var ge=class{#e;#t;#r;constructor(t){if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this.#e=t}setProtectedHeader(t){return Ie(this.#t,"setProtectedHeader"),this.#t=t,this}setUnprotectedHeader(t){return Ie(this.#r,"setUnprotectedHeader"),this.#r=t,this}async sign(t,r){if(!this.#t&&!this.#r)throw new O("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Ye(this.#t,this.#r))throw new O("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let n={...this.#t,...this.#r},s=ct(O,new Map([["b64",!0]]),r?.crit,this.#t,n),o=!0;if(s.has("b64")&&(o=this.#t.b64,typeof o!="boolean"))throw new O('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:i}=n;if(typeof i!="string"||!i)throw new O('JWS "alg" (Algorithm) Header Parameter missing or invalid');dt(i,t,"sign");let c,l;o?(c=F(this.#e),l=pe(c)):(l=this.#e,c="");let a,b;this.#t?(a=F(JSON.stringify(this.#t)),b=pe(a)):(a="",b=new Uint8Array);let x=Le(b,pe("."),l),K=await Qe(t,i),j=await Ve(i,K,x),g={signature:F(j),payload:c};return this.#r&&(g.header=this.#r),this.#t&&(g.protected=a),g}};var we=class{#e;constructor(t){this.#e=new ge(t)}setProtectedHeader(t){return this.#e.setProtectedHeader(t),this}async sign(t,r){let n=await this.#e.sign(t,r);if(n.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${n.protected}.${n.payload}.${n.signature}`}};var Q=class{#e;#t;constructor(t={}){this.#t=new he(t)}setIssuer(t){return this.#t.iss=t,this}setSubject(t){return this.#t.sub=t,this}setAudience(t){return this.#t.aud=t,this}setJti(t){return this.#t.jti=t,this}setNotBefore(t){return this.#t.nbf=t,this}setExpirationTime(t){return this.#t.exp=t,this}setIssuedAt(t){return this.#t.iat=t,this}setProtectedHeader(t){return this.#e=t,this}async sign(t,r){let n=new we(this.#t.data());if(n.setProtectedHeader(this.#e),Array.isArray(this.#e?.crit)&&this.#e.crit.includes("b64")&&this.#e.b64===!1)throw new fe("JWTs MUST NOT use unencoded payload");return n.sign(t,r)}};import{existsSync as E,mkdirSync as Zn,readFileSync as ut,writeFileSync as pr}from"fs";import{resolve as A}from"path";import{execSync as ur}from"child_process";var mr="https://id.botparty.club";function d(e){console.log(` ${e}`)}function p(e){console.log(` \u2713 ${e}`)}function u(e){console.log(` \u26A0 ${e}`)}function h(e){console.error(` \u2717 ${e}`)}function y(e){console.log(`
|
|
2
|
+
var Yt=(e=>typeof require<"u"?require:typeof Proxy<"u"?new Proxy(e,{get:(t,r)=>(typeof require<"u"?require:t)[r]}):e)(function(e){if(typeof require<"u")return require.apply(this,arguments);throw Error('Dynamic require of "'+e+'" is not supported')});import{existsSync as We,mkdirSync as Be,writeFileSync as ae,readdirSync as hr}from"fs";import{resolve as P}from"path";import{generateKeyPairSync as Ot}from"crypto";var de=new TextEncoder,le=new TextDecoder,$r=2**32;function Le(...e){let t=e.reduce((s,{length:o})=>s+o,0),r=new Uint8Array(t),n=0;for(let s of e)r.set(s,n),n+=s.length;return r}function pe(e){let t=new Uint8Array(e.length);for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);if(n>127)throw new TypeError("non-ASCII string encountered in encode()");t[r]=n}return t}function Pe(e){if(Uint8Array.prototype.toBase64)return e.toBase64();let t=32768,r=[];for(let n=0;n<e.length;n+=t)r.push(String.fromCharCode.apply(null,e.subarray(n,n+t)));return btoa(r.join(""))}function ue(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return r}function He(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof e=="string"?e:le.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=le.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/");try{return ue(t)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}}function q(e){let t=e;return typeof t=="string"&&(t=de.encode(t)),Uint8Array.prototype.toBase64?t.toBase64({alphabet:"base64url",omitPadding:!0}):Pe(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}var O=(e,t="algorithm.name")=>new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`),G=(e,t)=>e.name===t;function Ft(e){return parseInt(e.name.slice(4),10)}function Re(e,t){if(Ft(e.hash)!==t)throw O(`SHA-${t}`,"algorithm.hash")}function qt(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function Gt(e,t){if(t&&!e.usages.includes(t))throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`)}function Me(e,t,r){switch(t){case"HS256":case"HS384":case"HS512":{if(!G(e.algorithm,"HMAC"))throw O("HMAC");Re(e.algorithm,parseInt(t.slice(2),10));break}case"RS256":case"RS384":case"RS512":{if(!G(e.algorithm,"RSASSA-PKCS1-v1_5"))throw O("RSASSA-PKCS1-v1_5");Re(e.algorithm,parseInt(t.slice(2),10));break}case"PS256":case"PS384":case"PS512":{if(!G(e.algorithm,"RSA-PSS"))throw O("RSA-PSS");Re(e.algorithm,parseInt(t.slice(2),10));break}case"Ed25519":case"EdDSA":{if(!G(e.algorithm,"Ed25519"))throw O("Ed25519");break}case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":{if(!G(e.algorithm,t))throw O(t);break}case"ES256":case"ES384":case"ES512":{if(!G(e.algorithm,"ECDSA"))throw O("ECDSA");let n=qt(t);if(e.algorithm.namedCurve!==n)throw O(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}Gt(e,r)}function ze(e,t,...r){if(r=r.filter(Boolean),r.length>2){let n=r.pop();e+=`one of type ${r.join(", ")}, or ${n}.`}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var me=(e,...t)=>ze("Key must be ",e,...t),ke=(e,t,...r)=>ze(`Key for the ${e} algorithm must be `,t,...r);var re=class extends Error{static code="ERR_JOSE_GENERIC";code="ERR_JOSE_GENERIC";constructor(t,r){super(t,r),this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor)}};var S=class extends re{static code="ERR_JOSE_NOT_SUPPORTED";code="ERR_JOSE_NOT_SUPPORTED"};var D=class extends re{static code="ERR_JWS_INVALID";code="ERR_JWS_INVALID"},fe=class extends re{static code="ERR_JWT_INVALID";code="ERR_JWT_INVALID"};var ne=e=>{if(e?.[Symbol.toStringTag]==="CryptoKey")return!0;try{return e instanceof CryptoKey}catch{return!1}},se=e=>e?.[Symbol.toStringTag]==="KeyObject",Ce=e=>ne(e)||se(e);var Yr=Symbol();function Ie(e,t){if(e)throw new TypeError(`${t} can only be called once`)}var Vt=e=>typeof e=="object"&&e!==null;function Ke(e){if(!Vt(e)||Object.prototype.toString.call(e)!=="[object Object]")return!1;if(Object.getPrototypeOf(e)===null)return!0;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t}function Ye(...e){let t=e.filter(Boolean);if(t.length===0||t.length===1)return!0;let r;for(let n of t){let s=Object.keys(n);if(!r||r.size===0){r=new Set(s);continue}for(let o of s){if(r.has(o))return!1;r.add(o)}}return!0}var oe=e=>Ke(e)&&typeof e.kty=="string",Fe=e=>e.kty!=="oct"&&(e.kty==="AKP"&&typeof e.priv=="string"||typeof e.d=="string"),qe=e=>e.kty!=="oct"&&e.d===void 0&&e.priv===void 0,Ge=e=>e.kty==="oct"&&typeof e.k=="string";function Zt(e,t){if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}}function Qt(e,t){let r=`SHA-${e.slice(-3)}`;switch(e){case"HS256":case"HS384":case"HS512":return{hash:r,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:r,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case"RS256":case"RS384":case"RS512":return{hash:r,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:r,name:"ECDSA",namedCurve:t.namedCurve};case"Ed25519":case"EdDSA":return{name:"Ed25519"};case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return{name:e};default:throw new S(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}async function er(e,t,r){if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(me(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:`SHA-${e.slice(-3)}`,name:"HMAC"},!1,[r])}return Me(t,e,r),t}async function Ve(e,t,r){let n=await er(e,t,"sign");Zt(e,n);let s=await crypto.subtle.sign(Qt(e,n.algorithm),n,r);return new Uint8Array(s)}var ye='Invalid or unsupported JWK "alg" (Algorithm) Parameter value';function tr(e){let t,r;switch(e.kty){case"AKP":{switch(e.alg){case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":t={name:e.alg},r=e.priv?["sign"]:["verify"];break;default:throw new S(ye)}break}case"RSA":{switch(e.alg){case"PS256":case"PS384":case"PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.slice(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new S(ye)}break}case"EC":{switch(e.alg){case"ES256":case"ES384":case"ES512":t={name:"ECDSA",namedCurve:{ES256:"P-256",ES384:"P-384",ES512:"P-521"}[e.alg]},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new S(ye)}break}case"OKP":{switch(e.alg){case"Ed25519":case"EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new S(ye)}break}default:throw new S('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:t,keyUsages:r}}async function Xe(e){if(!e.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:t,keyUsages:r}=tr(e),n={...e};return n.kty!=="AKP"&&delete n.alg,delete n.use,crypto.subtle.importKey("jwk",n,t,e.ext??!(e.d||e.priv),e.key_ops??r)}var V="given KeyObject instance cannot be used for this algorithm",X,Ze=async(e,t,r,n=!1)=>{X||=new WeakMap;let s=X.get(e);if(s?.[r])return s[r];let o=await Xe({...t,alg:r});return n&&Object.freeze(e),s?s[r]=o:X.set(e,{[r]:o}),o},rr=(e,t)=>{X||=new WeakMap;let r=X.get(e);if(r?.[t])return r[t];let n=e.type==="public",s=!!n,o;if(e.asymmetricKeyType==="x25519"){switch(t){case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":break;default:throw new TypeError(V)}o=e.toCryptoKey(e.asymmetricKeyType,s,n?[]:["deriveBits"])}if(e.asymmetricKeyType==="ed25519"){if(t!=="EdDSA"&&t!=="Ed25519")throw new TypeError(V);o=e.toCryptoKey(e.asymmetricKeyType,s,[n?"verify":"sign"])}switch(e.asymmetricKeyType){case"ml-dsa-44":case"ml-dsa-65":case"ml-dsa-87":{if(t!==e.asymmetricKeyType.toUpperCase())throw new TypeError(V);o=e.toCryptoKey(e.asymmetricKeyType,s,[n?"verify":"sign"])}}if(e.asymmetricKeyType==="rsa"){let i;switch(t){case"RSA-OAEP":i="SHA-1";break;case"RS256":case"PS256":case"RSA-OAEP-256":i="SHA-256";break;case"RS384":case"PS384":case"RSA-OAEP-384":i="SHA-384";break;case"RS512":case"PS512":case"RSA-OAEP-512":i="SHA-512";break;default:throw new TypeError(V)}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:i},s,n?["encrypt"]:["decrypt"]);o=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:i},s,[n?"verify":"sign"])}if(e.asymmetricKeyType==="ec"){let c=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(e.asymmetricKeyDetails?.namedCurve);if(!c)throw new TypeError(V);let l={ES256:"P-256",ES384:"P-384",ES512:"P-521"};l[t]&&c===l[t]&&(o=e.toCryptoKey({name:"ECDSA",namedCurve:c},s,[n?"verify":"sign"])),t.startsWith("ECDH-ES")&&(o=e.toCryptoKey({name:"ECDH",namedCurve:c},s,n?[]:["deriveBits"]))}if(!o)throw new TypeError(V);return r?r[t]=o:X.set(e,{[t]:o}),o};async function Qe(e,t){if(e instanceof Uint8Array||ne(e))return e;if(se(e)){if(e.type==="secret")return e.export();if("toCryptoKey"in e&&typeof e.toCryptoKey=="function")try{return rr(e,t)}catch(n){if(n instanceof TypeError)throw n}let r=e.export({format:"jwk"});return Ze(e,r,t)}if(oe(e))return e.k?He(e.k):Ze(e,e,t,!0);throw new Error("unreachable")}var Ne=(e,t)=>{if(e.byteLength!==t.length)return!1;for(let r=0;r<e.byteLength;r++)if(e[r]!==t[r])return!1;return!0},et=e=>({data:e,pos:0}),B=e=>{let t=e.data[e.pos++];if(t&128){let r=t&127,n=0;for(let s=0;s<r;s++)n=n<<8|e.data[e.pos++];return n}return t};var U=(e,t,r)=>{if(e.data[e.pos++]!==t)throw new Error(r)},tt=(e,t)=>{let r=e.data.subarray(e.pos,e.pos+t);return e.pos+=t,r},nr=e=>{U(e,6,"Expected algorithm OID");let t=B(e);return tt(e,t)};function sr(e){U(e,48,"Invalid PKCS#8 structure"),B(e),U(e,2,"Expected version field");let t=B(e);e.pos+=t,U(e,48,"Expected algorithm identifier");let r=B(e);return{algIdStart:e.pos,algIdLength:r}}function or(e){U(e,48,"Invalid SPKI structure"),B(e),U(e,48,"Expected algorithm identifier");let t=B(e);return{algIdStart:e.pos,algIdLength:t}}var rt=e=>{let t=nr(e);if(Ne(t,[43,101,110]))return"X25519";if(!Ne(t,[42,134,72,206,61,2,1]))throw new Error("Unsupported key algorithm");U(e,6,"Expected curve OID");let r=B(e),n=tt(e,r);for(let{name:s,oid:o}of[{name:"P-256",oid:[42,134,72,206,61,3,1,7]},{name:"P-384",oid:[43,129,4,0,34]},{name:"P-521",oid:[43,129,4,0,35]}])if(Ne(n,o))return s;throw new Error("Unsupported named curve")},nt=async(e,t,r,n)=>{let s,o,i=e==="spki",c=()=>i?["verify"]:["sign"],l=()=>i?["encrypt","wrapKey"]:["decrypt","unwrapKey"];switch(r){case"PS256":case"PS384":case"PS512":s={name:"RSA-PSS",hash:`SHA-${r.slice(-3)}`},o=c();break;case"RS256":case"RS384":case"RS512":s={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${r.slice(-3)}`},o=c();break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":s={name:"RSA-OAEP",hash:`SHA-${parseInt(r.slice(-3),10)||1}`},o=l();break;case"ES256":case"ES384":case"ES512":{s={name:"ECDSA",namedCurve:{ES256:"P-256",ES384:"P-384",ES512:"P-521"}[r]},o=c();break}case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{try{let a=n.getNamedCurve(t);s=a==="X25519"?{name:"X25519"}:{name:"ECDH",namedCurve:a}}catch{throw new S("Invalid or unsupported key format")}o=i?[]:["deriveBits"];break}case"Ed25519":case"EdDSA":s={name:"Ed25519"},o=c();break;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":s={name:r},o=c();break;default:throw new S('Invalid or unsupported "alg" (Algorithm) value')}return crypto.subtle.importKey(e,t,s,n?.extractable??!!i,o)},st=(e,t)=>ue(e.replace(t,"")),ot=(e,t,r)=>{let n=st(e,/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g),s=r;return t?.startsWith?.("ECDH-ES")&&(s||={},s.getNamedCurve=o=>{let i=et(o);return sr(i),rt(i)}),nt("pkcs8",n,t,s)},it=(e,t,r)=>{let n=st(e,/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g),s=r;return t?.startsWith?.("ECDH-ES")&&(s||={},s.getNamedCurve=o=>{let i=et(o);return or(i),rt(i)}),nt("spki",n,t,s)};async function Z(e,t,r){if(typeof e!="string"||e.indexOf("-----BEGIN PUBLIC KEY-----")!==0)throw new TypeError('"spki" must be SPKI formatted string');return it(e,t,r)}async function L(e,t,r){if(typeof e!="string"||e.indexOf("-----BEGIN PRIVATE KEY-----")!==0)throw new TypeError('"pkcs8" must be PKCS#8 formatted string');return ot(e,t,r)}async function at(e){if(se(e))if(e.type==="secret")e=e.export();else return e.export({format:"jwk"});if(e instanceof Uint8Array)return{kty:"oct",k:q(e)};if(!ne(e))throw new TypeError(me(e,"CryptoKey","KeyObject","Uint8Array"));if(!e.extractable)throw new TypeError("non-extractable CryptoKey cannot be exported as a JWK");let{ext:t,key_ops:r,alg:n,use:s,...o}=await crypto.subtle.exportKey("jwk",e);return o.kty==="AKP"&&(o.alg=n),o}async function I(e){return at(e)}function ct(e,t,r,n,s){if(s.crit!==void 0&&n?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(i=>typeof i!="string"||i.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let o;r!==void 0?o=new Map([...Object.entries(r),...t.entries()]):o=t;for(let i of n.crit){if(!o.has(i))throw new S(`Extension Header Parameter "${i}" is not recognized`);if(s[i]===void 0)throw new e(`Extension Header Parameter "${i}" is missing`);if(o.get(i)&&n[i]===void 0)throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`)}return new Set(n.crit)}var Q=e=>e?.[Symbol.toStringTag],_e=(e,t,r)=>{if(t.use!==void 0){let n;switch(r){case"sign":case"verify":n="sig";break;case"encrypt":case"decrypt":n="enc";break}if(t.use!==n)throw new TypeError(`Invalid key for this operation, its "use" must be "${n}" when present`)}if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);if(Array.isArray(t.key_ops)){let n;switch(!0){case(r==="sign"||r==="verify"):case e==="dir":case e.includes("CBC-HS"):n=r;break;case e.startsWith("PBES2"):n="deriveBits";break;case/^A\d{3}(?:GCM)?(?:KW)?$/.test(e):!e.includes("GCM")&&e.endsWith("KW")?n=r==="encrypt"?"wrapKey":"unwrapKey":n=r;break;case(r==="encrypt"&&e.startsWith("RSA")):n="wrapKey";break;case r==="decrypt":n=e.startsWith("RSA")?"unwrapKey":"deriveBits";break}if(n&&t.key_ops?.includes?.(n)===!1)throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`)}return!0},ir=(e,t,r)=>{if(!(t instanceof Uint8Array)){if(oe(t)){if(Ge(t)&&_e(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!Ce(t))throw new TypeError(ke(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(t.type!=="secret")throw new TypeError(`${Q(t)} instances for symmetric algorithms must be of type "secret"`)}},ar=(e,t,r)=>{if(oe(t))switch(r){case"decrypt":case"sign":if(Fe(t)&&_e(e,t,r))return;throw new TypeError("JSON Web Key for this operation must be a private JWK");case"encrypt":case"verify":if(qe(t)&&_e(e,t,r))return;throw new TypeError("JSON Web Key for this operation must be a public JWK")}if(!Ce(t))throw new TypeError(ke(e,t,"CryptoKey","KeyObject","JSON Web Key"));if(t.type==="secret")throw new TypeError(`${Q(t)} instances for asymmetric algorithms must not be of type "secret"`);if(t.type==="public")switch(r){case"sign":throw new TypeError(`${Q(t)} instances for asymmetric algorithm signing must be of type "private"`);case"decrypt":throw new TypeError(`${Q(t)} instances for asymmetric algorithm decryption must be of type "private"`)}if(t.type==="private")switch(r){case"verify":throw new TypeError(`${Q(t)} instances for asymmetric algorithm verifying must be of type "public"`);case"encrypt":throw new TypeError(`${Q(t)} instances for asymmetric algorithm encryption must be of type "public"`)}};function dt(e,t,r){switch(e.substring(0,2)){case"A1":case"A2":case"di":case"HS":case"PB":ir(e,t,r);break;default:ar(e,t,r)}}var H=e=>Math.floor(e.getTime()/1e3),lt=60,pt=lt*60,De=pt*24,cr=De*7,dr=De*365.25,lr=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;function Oe(e){let t=lr.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),n=t[3].toLowerCase(),s;switch(n){case"sec":case"secs":case"second":case"seconds":case"s":s=Math.round(r);break;case"minute":case"minutes":case"min":case"mins":case"m":s=Math.round(r*lt);break;case"hour":case"hours":case"hr":case"hrs":case"h":s=Math.round(r*pt);break;case"day":case"days":case"d":s=Math.round(r*De);break;case"week":case"weeks":case"w":s=Math.round(r*cr);break;default:s=Math.round(r*dr);break}return t[1]==="-"||t[4]==="ago"?-s:s}function M(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var he=class{#e;constructor(t){if(!Ke(t))throw new TypeError("JWT Claims Set MUST be an object");this.#e=structuredClone(t)}data(){return de.encode(JSON.stringify(this.#e))}get iss(){return this.#e.iss}set iss(t){this.#e.iss=t}get sub(){return this.#e.sub}set sub(t){this.#e.sub=t}get aud(){return this.#e.aud}set aud(t){this.#e.aud=t}set jti(t){this.#e.jti=t}set nbf(t){typeof t=="number"?this.#e.nbf=M("setNotBefore",t):t instanceof Date?this.#e.nbf=M("setNotBefore",H(t)):this.#e.nbf=H(new Date)+Oe(t)}set exp(t){typeof t=="number"?this.#e.exp=M("setExpirationTime",t):t instanceof Date?this.#e.exp=M("setExpirationTime",H(t)):this.#e.exp=H(new Date)+Oe(t)}set iat(t){t===void 0?this.#e.iat=H(new Date):t instanceof Date?this.#e.iat=M("setIssuedAt",H(t)):typeof t=="string"?this.#e.iat=M("setIssuedAt",H(new Date)+Oe(t)):this.#e.iat=M("setIssuedAt",t)}};var ge=class{#e;#t;#r;constructor(t){if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this.#e=t}setProtectedHeader(t){return Ie(this.#t,"setProtectedHeader"),this.#t=t,this}setUnprotectedHeader(t){return Ie(this.#r,"setUnprotectedHeader"),this.#r=t,this}async sign(t,r){if(!this.#t&&!this.#r)throw new D("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Ye(this.#t,this.#r))throw new D("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let n={...this.#t,...this.#r},s=ct(D,new Map([["b64",!0]]),r?.crit,this.#t,n),o=!0;if(s.has("b64")&&(o=this.#t.b64,typeof o!="boolean"))throw new D('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:i}=n;if(typeof i!="string"||!i)throw new D('JWS "alg" (Algorithm) Header Parameter missing or invalid');dt(i,t,"sign");let c,l;o?(c=q(this.#e),l=pe(c)):(l=this.#e,c="");let a,b;this.#t?(a=q(JSON.stringify(this.#t)),b=pe(a)):(a="",b=new Uint8Array);let x=Le(b,pe("."),l),K=await Qe(t,i),J=await Ve(i,K,x),g={signature:q(J),payload:c};return this.#r&&(g.header=this.#r),this.#t&&(g.protected=a),g}};var we=class{#e;constructor(t){this.#e=new ge(t)}setProtectedHeader(t){return this.#e.setProtectedHeader(t),this}async sign(t,r){let n=await this.#e.sign(t,r);if(n.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${n.protected}.${n.payload}.${n.signature}`}};var ee=class{#e;#t;constructor(t={}){this.#t=new he(t)}setIssuer(t){return this.#t.iss=t,this}setSubject(t){return this.#t.sub=t,this}setAudience(t){return this.#t.aud=t,this}setJti(t){return this.#t.jti=t,this}setNotBefore(t){return this.#t.nbf=t,this}setExpirationTime(t){return this.#t.exp=t,this}setIssuedAt(t){return this.#t.iat=t,this}setProtectedHeader(t){return this.#e=t,this}async sign(t,r){let n=new we(this.#t.data());if(n.setProtectedHeader(this.#e),Array.isArray(this.#e?.crit)&&this.#e.crit.includes("b64")&&this.#e.b64===!1)throw new fe("JWTs MUST NOT use unencoded payload");return n.sign(t,r)}};import{existsSync as E,mkdirSync as Zn,readFileSync as ut,writeFileSync as pr}from"fs";import{resolve as A}from"path";import{execSync as ur}from"child_process";var mr="https://id.botparty.club";function d(e){console.log(` ${e}`)}function p(e){console.log(` \u2713 ${e}`)}function u(e){console.log(` \u26A0 ${e}`)}function h(e){console.error(` \u2717 ${e}`)}function y(e){console.log(`
|
|
3
3
|
${e}
|
|
4
4
|
${"\u2500".repeat(e.length)}`)}function T(e){let t=A(e,".env");if(!E(t))return{};let r=ut(t,"utf-8"),n={};for(let s of r.split(`
|
|
5
|
-
`)){let o=s.trim();if(!o||o.startsWith("#"))continue;let i=o.indexOf("=");if(i<=0)continue;let c=o.slice(0,i).trim(),l=o.slice(i+1).trim();(l.startsWith('"')&&l.endsWith('"')||l.startsWith("'")&&l.endsWith("'"))&&(l=l.slice(1,-1)),n[c]=l}return n}function
|
|
5
|
+
`)){let o=s.trim();if(!o||o.startsWith("#"))continue;let i=o.indexOf("=");if(i<=0)continue;let c=o.slice(0,i).trim(),l=o.slice(i+1).trim();(l.startsWith('"')&&l.endsWith('"')||l.startsWith("'")&&l.endsWith("'"))&&(l=l.slice(1,-1)),n[c]=l}return n}function $(e,t){let r=A(e,".env"),n="";E(r)&&(n=ut(r,"utf-8"));for(let[s,o]of Object.entries(t)){let i=new RegExp(`^${s}=.*$`,"m");i.test(n)?n=n.replace(i,`${s}=${o}`):(n&&!n.endsWith(`
|
|
6
6
|
`)&&(n+=`
|
|
7
7
|
`),n+=`${s}=${o}
|
|
8
|
-
`)}pr(r,n)}function
|
|
9
|
-
`),"ES256");return new
|
|
10
|
-
`),"ES256"),r=await I(t),{d:n,...s}=r;return{...s,use:"sig",alg:"ES256"}}async function xe(e){let t=
|
|
11
|
-
`),"ES256");return new
|
|
8
|
+
`)}pr(r,n)}function z(){return process.env.BOTPARTY_AUTH_URL||mr}async function je(e,t){let r=z(),n=await L(t.replace(/\\n/g,`
|
|
9
|
+
`),"ES256");return new ee({}).setProtectedHeader({alg:"ES256"}).setIssuer(e).setSubject(e).setAudience(`${r}/oauth/token`).setIssuedAt().setExpirationTime("60s").setJti(crypto.randomUUID()).sign(n)}async function be(e,t){try{let r=await je(e,t),n=z();return(await fetch(`${n}/api/v1/clients/${e}`,{headers:{Authorization:`ClientAssertion ${r}`,"X-Client-Id":e}})).ok}catch{return!1}}async function mt(e,t){let r=await fetch(`${z()}/api/v1/clients/register`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({domain:e,force:t})});if(!r.ok){let s=await r.json().catch(()=>({}));throw new Error(s.error||`Registration failed (${r.status})`)}return{txtRecord:(await r.json()).txtRecord}}async function ft(e,t){let r=await fetch(`${z()}/api/v1/clients/register/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({domain:e,...t})});if(!r.ok){let s=await r.json().catch(()=>({}));throw new Error(s.error||`Verification failed (${r.status})`)}let n=await r.json();return{clientId:n.clientId,domain:n.domain}}async function j(e,t){try{let r=await je(e,t),n=z(),s=await fetch(`${n}/api/v1/clients/${e}`,{headers:{Authorization:`ClientAssertion ${r}`,"X-Client-Id":e}});return s.ok?await s.json():null}catch{return null}}async function te(e,t,r){try{let n=await je(e,t),s=z();return(await fetch(`${s}/api/v1/clients/${e}`,{method:"PATCH",headers:{Authorization:`ClientAssertion ${n}`,"X-Client-Id":e,"Content-Type":"application/json"},body:JSON.stringify({publicKey:r})})).ok}catch{return!1}}async function ie(e){let t=await L(e.replace(/\\n/g,`
|
|
10
|
+
`),"ES256"),r=await I(t),{d:n,...s}=r;return{...s,use:"sig",alg:"ES256"}}async function xe(e){let t=z();try{let r=await fetch(`${t}/api/v1/namespaces/${encodeURIComponent(e)}/jwks.json?bypass-cache=true`);return r.ok?await r.json():null}catch{return null}}function fr(e){let t=e.split("."),r=t.length>2?t.slice(-2).join("."):e,n=t.length>2?e.slice(0,e.length-r.length-1):"",s=[e,`_botparty.${e}`,...r!==e?[r,`${n}._botparty.${r}`]:[]];return[...new Set(s)]}async function yt(e,t){let r=await import("dns"),{resolveTxt:n}=r.promises,s=fr(e);for(let o of s)try{if((await n(o)).flat().some(l=>l===t||l.includes(t)))return!0}catch{}return!1}async function ht(e,t){let r=await L(t.replace(/\\n/g,`
|
|
11
|
+
`),"ES256");return new ee({role:"admin"}).setProtectedHeader({alg:"ES256"}).setIssuer(e).setSubject(e).setIssuedAt().setExpirationTime("5m").sign(r)}async function yr(e){let t=`https://${e}/.well-known/botparty/services.json`,r=await fetch(t);if(!r.ok)throw new Error(`Failed to fetch services from ${e} (${r.status})`);return r.json()}async function v(e,t,r,n,s,o){let c=(await yr(e)).baseUrl.replace("{namespace}",n),l=`https://${e}${c}${r}`,a={method:t,headers:{Authorization:`Bearer ${s}`,"Content-Type":"application/json"}};o&&["POST","PUT","PATCH"].includes(t)&&(a.body=JSON.stringify(o));let b=await fetch(l,a),x=await b.json().catch(()=>({}));return{ok:b.ok,status:b.status,data:x}}function Se(e){return e.replace(/\./g,"-")}var ve="domains.botparty.club";async function gt(e,t,r){let n=await v(ve,"POST","/domains/generate",e,t,r?{prefix:r}:{});if(!n.ok)throw new Error(`Failed to generate bpty.cloud slug: ${JSON.stringify(n.data)}`);return{slug:n.data.slug,domain:n.data.domain}}async function wt(e,t,r){let n=await v(ve,"POST","/domains/purchase",e,t,{domain:r});if(!n.ok)throw new Error(`Failed to purchase bpty.cloud domain: ${JSON.stringify(n.data)}`);return n.data}async function bt(e,t,r){try{return(await v(ve,"GET",`/domains/${encodeURIComponent(e)}`,t,r)).ok}catch{return!1}}async function xt(e,t,r,n){let s=await v(ve,"POST",`/domains/${encodeURIComponent(e)}/dns`,t,r,n);if(!s.ok)throw new Error(`Failed to create DNS record: ${JSON.stringify(s.data)}`);return s.data}function St(e){let t=T(e),r=t.BOTPARTY_DOMAIN||"",n=t.BOTPARTY_CLIENT_ASSERTION_KEY?.replace(/\\n/g,`
|
|
12
12
|
`)||"",s=t.BOTPARTY_CLIENT_ID||"";return(!r||!n||!s)&&(h("BotParty credentials not found in .env"),d("Run init first:"),console.log(`
|
|
13
13
|
npx @botparty/nextjs init --domain <your-domain>
|
|
14
|
-
`),process.exit(1)),{domain:r,privateKeyPem:n,clientId:s}}function Je(e){return E(A(e,"pnpm-lock.yaml"))?"pnpm":E(A(e,"yarn.lock"))?"yarn":"npm"}function Ee(e,t){ur(e,{cwd:t,stdio:"inherit"})}function vt(e){return E(A(e,"src"))}function Et(e){return E(A(e,"middleware.ts"))||E(A(e,"middleware.js"))||E(A(e,"src/middleware.ts"))||E(A(e,"src/middleware.js"))}function
|
|
14
|
+
`),process.exit(1)),{domain:r,privateKeyPem:n,clientId:s}}function Je(e){return E(A(e,"pnpm-lock.yaml"))?"pnpm":E(A(e,"yarn.lock"))?"yarn":"npm"}function Ee(e,t){ur(e,{cwd:t,stdio:"inherit"})}function vt(e){return E(A(e,"src"))}function Et(e){return E(A(e,"middleware.ts"))||E(A(e,"middleware.js"))||E(A(e,"src/middleware.ts"))||E(A(e,"src/middleware.js"))}function Y(e){return E(A(e,"src/app"))?"src/app":E(A(e,"app"))?"app":"src/app"}function At(){return`import type { Metadata } from 'next';
|
|
15
15
|
import { Inter } from 'next/font/google';
|
|
16
16
|
import { BotPartyProvider } from '@botparty/nextjs';
|
|
17
17
|
import '@botparty/react/styles.css';
|
|
@@ -518,19 +518,19 @@ export async function POST(req: Request) {
|
|
|
518
518
|
`,[`${e}/api/bots/open/route.ts`]:Ct(),[`${e}/api/bots/user-required/route.ts`]:It(),[`${e}/api/bots/pay-per-call/route.ts`]:Kt(),[`${e}/api/bots/dynamic-payment/route.ts`]:Nt()}}async function Dt(e){let t=process.cwd();console.log(`
|
|
519
519
|
@botparty/nextjs init
|
|
520
520
|
`);let r=We(P(t,"package.json")),n=!1;if(r)try{let m=JSON.parse(Yt("fs").readFileSync(P(t,"package.json"),"utf-8"));if(!{...m.dependencies,...m.devDependencies}["@botparty/nextjs"]){let w=Je(t);d("Installing @botparty/nextjs..."),Ee(`${w==="pnpm"?"pnpm add":w==="yarn"?"yarn add":"npm install"} @botparty/nextjs @botparty/react`,t),p("Dependencies installed")}}catch{}else if(hr(t).filter(f=>!f.startsWith(".")).length===0){y("Scaffolding Next.js project");let f=Je(t);Ee('npx -y create-next-app@latest . --ts --tailwind --eslint --app --src-dir --import-alias "@/*" --yes',t),p("Next.js project created"),n=!0,d("Installing @botparty/nextjs..."),Ee(`${f==="pnpm"?"pnpm add":f==="yarn"?"yarn add":"npm install"} @botparty/nextjs @botparty/react`,t),p("Dependencies installed")}else h("No Next.js project found in this directory."),d("Run in an empty directory to scaffold a new project, or in an existing Next.js project."),process.exit(1);y("Generating ES256 keypair");let s=T(t),o=s.BOTPARTY_CLIENT_ASSERTION_KEY?.replace(/\\n/g,`
|
|
521
|
-
`)||"",i=null;if(!o||e.force){d("Generating new ES256 keypair...");let{publicKey:m,privateKey:f}=Ot("ec",{namedCurve:"P-256",publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs8",format:"pem"}});o=f;let w=await
|
|
521
|
+
`)||"",i=null;if(!o||e.force){d("Generating new ES256 keypair...");let{publicKey:m,privateKey:f}=Ot("ec",{namedCurve:"P-256",publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs8",format:"pem"}});o=f;let w=await Z(m,"ES256");i={...await I(w),use:"sig",alg:"ES256"},p("ES256 keypair generated"),d(`Public JWK: ${JSON.stringify(i)}`)}else{d("Using existing private key from .env");try{let m=await L(o,"ES256");i={...await I(m),use:"sig",alg:"ES256"},delete i.d}catch{u("Could not parse existing private key, generating new one...");let{publicKey:m,privateKey:f}=Ot("ec",{namedCurve:"P-256",publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs8",format:"pem"}});o=f;let w=await Z(m,"ES256");i={...await I(w),use:"sig",alg:"ES256"}}}y("Configuring BotParty credentials");let c=s.BOTPARTY_CLIENT_ID||"",l=!0;c&&o&&!e.force&&(d("Found existing credentials. Validating..."),await be(c,o)?(p("Credentials are valid"),l=!1):u("Existing credentials are invalid. Re-registering..."));let a=s.BOTPARTY_DOMAIN||"",b=!1;if(l)if(e.domain&&(a=e.domain),e.clientId)c=e.clientId,l=!1,d(`Using provided Client ID: ${c}`);else{if(!a){y("Auto-generating bpty.cloud domain"),d("No --domain specified, generating a free bpty.cloud subdomain...");let w=await import("@botparty/sdk"),N=new w.BotPartyClient;await N.ensureRegistered();let F=N.whoami(),W=F.actAs||F.namespace,R=await N.generateToken({role:"admin"}),{slug:_,domain:C}=await gt(W,R);d(`Generated: ${C}`),await wt(W,R,C),p(`Claimed ${C} (free)`),a=C,b=!0}d(`Registering ${a} with id.botparty.club...`);let m;try{m=(await mt(a,e.force)).txtRecord}catch(f){let w=f instanceof Error?f.message:String(f);if(w.includes("already verified")||w.includes("already registered")){if(e.force)throw new Error("Server does not support force re-registration yet. Please delete the domain record manually or redeploy the server.");u("Domain is already registered."),console.log(`
|
|
522
522
|
To use your existing Client ID:
|
|
523
523
|
npx @botparty/nextjs init --domain ${a} --client-id <your-client-id>
|
|
524
524
|
|
|
525
525
|
To overwrite the previous registration:
|
|
526
526
|
npx @botparty/nextjs init --domain ${a} --force
|
|
527
|
-
`),process.exit(1)}else throw f}if(l&&m){let f=!1;try{let
|
|
527
|
+
`),process.exit(1)}else throw f}if(l&&m){let f=!1;try{let W=await import("@botparty/sdk"),R=new W.BotPartyClient;await R.ensureRegistered();let _=R.whoami(),C=_.actAs||_.namespace,ce=await R.generateToken({role:"admin"});f=await bt(a,C,ce),f&&(d("Domain is managed by BotParty. Auto-creating TXT verification record..."),await xt(a,C,ce,{type:"TXT",host:"_botparty",answer:m,ttl:60}),p("TXT record created automatically"),d("Waiting for DNS propagation..."),await new Promise(zt=>setTimeout(zt,3e3)))}catch(F){u(`Could not check domain ownership: ${F.message}`)}if(!f){if(d("Checking DNS for TXT record..."),!await yt(a,m)){let W=a.split("."),R=W.slice(-2).join("."),_=W.slice(0,-2).join("."),C=_?`_botparty.${_}`:"_botparty",ce=_?`
|
|
528
528
|
Alternatively, set the record at your apex domain \u2014 any of these work:
|
|
529
529
|
|
|
530
530
|
Host: ${a} Value: ${m}
|
|
531
531
|
Host: _botparty.${a} Value: ${m}
|
|
532
532
|
Host: ${R} Value: ${m}
|
|
533
|
-
Host: ${
|
|
533
|
+
Host: ${_}._botparty.${R} Value: ${m}
|
|
534
534
|
`:`
|
|
535
535
|
Valid record locations (any one works):
|
|
536
536
|
|
|
@@ -547,14 +547,14 @@ ${ce}
|
|
|
547
547
|
|
|
548
548
|
Then retry:
|
|
549
549
|
npx @botparty/nextjs init --domain ${a}${e.jwks?" --jwks":""}
|
|
550
|
-
`),process.exit(1)}p("DNS TXT record found")}d("Verifying domain with id.botparty.club...");let w={};e.jwks?w.jwksUri=`https://${a}/.well-known/jwks.json`:w.publicKey=i,c=(await ft(a,w)).clientId,p(`Domain verified! Client ID: ${c}`)}}y("Writing environment variables");let x={};if((!s.BOTPARTY_AUTH_URL||e.force)&&(x.BOTPARTY_AUTH_URL="https://id.botparty.club"),c&&(x.BOTPARTY_CLIENT_ID=c),x.BOTPARTY_CLIENT_ASSERTION_KEY=o.replace(/\n/g,"\\n"),a&&(x.BOTPARTY_DOMAIN=a)
|
|
551
|
-
`),p(`.botparty-deploy.json created (projectName="${f}", domain="${a}")`)}y("Setting up auth routes");let K=
|
|
552
|
-
`),p("Created catch-all route handler")),e.jwks){let m=P(t,K,".well-known/jwks.json"),f=P(m,"route.ts");We(f)?d("JWKS route already exists, skipping"):(Be(m,{recursive:!0}),
|
|
550
|
+
`),process.exit(1)}p("DNS TXT record found")}d("Verifying domain with id.botparty.club...");let w={};e.jwks?w.jwksUri=`https://${a}/.well-known/jwks.json`:w.publicKey=i,c=(await ft(a,w)).clientId,p(`Domain verified! Client ID: ${c}`)}}y("Writing environment variables");let x={};if((!s.BOTPARTY_AUTH_URL||e.force)&&(x.BOTPARTY_AUTH_URL="https://id.botparty.club"),c&&(x.BOTPARTY_CLIENT_ID=c),x.BOTPARTY_CLIENT_ASSERTION_KEY=o.replace(/\n/g,"\\n"),a&&(x.BOTPARTY_DOMAIN=a),$(t,x),p(".env updated"),a){let m=P(t,".botparty-deploy.json"),f=a.endsWith(".bpty.cloud")?a.replace(".bpty.cloud",""):Se(a);ae(m,JSON.stringify({projectName:f,domain:a},null,2)+`
|
|
551
|
+
`),p(`.botparty-deploy.json created (projectName="${f}", domain="${a}")`)}y("Setting up auth routes");let K=Y(t),J=vt(t),g=P(t,K,"api/botparty/[...botparty]"),k=P(g,"route.ts");if(We(k)?d("Route handler already exists, skipping"):(Be(g,{recursive:!0}),ae(k,`export { GET, POST } from '@botparty/nextjs/handlers';
|
|
552
|
+
`),p("Created catch-all route handler")),e.jwks){let m=P(t,K,".well-known/jwks.json"),f=P(m,"route.ts");We(f)?d("JWKS route already exists, skipping"):(Be(m,{recursive:!0}),ae(f,`import { createJwksResponse } from '@botparty/nextjs/server';
|
|
553
553
|
|
|
554
554
|
export async function GET() {
|
|
555
555
|
return createJwksResponse();
|
|
556
556
|
}
|
|
557
|
-
`),p("Created .well-known/jwks.json route (--jwks mode)"))}if(Et(t))d("Middleware already exists, skipping");else{let m=
|
|
557
|
+
`),p("Created .well-known/jwks.json route (--jwks mode)"))}if(Et(t))d("Middleware already exists, skipping");else{let m=J?P(t,"src/middleware.ts"):P(t,"middleware.ts"),f=e.jwks?"['/', '/api/public(.*)', '/.well-known(.*)']":"['/', '/api/public(.*)']";ae(m,`import { botpartyMiddleware, createRouteMatcher } from '@botparty/nextjs/server';
|
|
558
558
|
|
|
559
559
|
const isPublic = createRouteMatcher(${f});
|
|
560
560
|
|
|
@@ -563,7 +563,7 @@ export default botpartyMiddleware((auth, req) => {
|
|
|
563
563
|
});
|
|
564
564
|
|
|
565
565
|
export const config = { matcher: ['/((?!_next|.*\\\\..*).*)'] };
|
|
566
|
-
`),p("Created middleware.ts")}if(n){y("Scaffolding demo project");let m=_t(K);for(let[f,w]of Object.entries(m)){let N=P(t,f);Be(P(N,".."),{recursive:!0}),
|
|
566
|
+
`),p("Created middleware.ts")}if(n){y("Scaffolding demo project");let m=_t(K);for(let[f,w]of Object.entries(m)){let N=P(t,f);Be(P(N,".."),{recursive:!0}),ae(N,w),p(`Created ${f}`)}}console.log(`
|
|
567
567
|
\u2713 BotParty auth is ready!
|
|
568
568
|
|
|
569
569
|
Next steps:
|
|
@@ -575,25 +575,25 @@ export const config = { matcher: ['/((?!_next|.*\\\\..*).*)'] };
|
|
|
575
575
|
`)}import{existsSync as $t,readFileSync as jt}from"fs";import{resolve as Jt}from"path";async function Ae(){let e=process.cwd(),t=[];console.log(`
|
|
576
576
|
@botparty/nextjs doctor
|
|
577
577
|
`),y("Environment variables");let r=T(e),s=["BOTPARTY_AUTH_URL","BOTPARTY_CLIENT_ID","BOTPARTY_CLIENT_ASSERTION_KEY","BOTPARTY_DOMAIN"].filter(g=>!r[g]);s.length===0?(p("All required env vars present"),t.push({id:"env-vars",pass:!0,message:"All required env vars present",fixable:!1})):(h(`Missing env vars: ${s.join(", ")}`),t.push({id:"env-vars",pass:!1,message:`Missing: ${s.join(", ")}`,fixable:!1}));let o=r.BOTPARTY_CLIENT_ASSERTION_KEY?.replace(/\\n/g,`
|
|
578
|
-
`)||"",i=r.BOTPARTY_CLIENT_ID||"",c=r.BOTPARTY_DOMAIN||"";y("Private key");let l=null;if(o)try{l=await
|
|
579
|
-
Summary: ${K} passed, ${
|
|
580
|
-
`),
|
|
578
|
+
`)||"",i=r.BOTPARTY_CLIENT_ID||"",c=r.BOTPARTY_DOMAIN||"";y("Private key");let l=null;if(o)try{l=await ie(o),p("Private key is valid ES256 PKCS8"),t.push({id:"key-valid",pass:!0,message:"Valid ES256 key",fixable:!1})}catch{h("Private key is not a valid ES256 PKCS8 key"),t.push({id:"key-valid",pass:!1,message:"Invalid ES256 key",fixable:!1})}else u("No private key to validate (BOTPARTY_CLIENT_ASSERTION_KEY missing)"),t.push({id:"key-valid",pass:!1,message:"No key present",fixable:!1});y("Server authentication");let a=null;if(i&&o)if(await be(i,o)){p("Credentials validated against id.botparty.club"),t.push({id:"server-auth",pass:!0,message:"Credentials valid",fixable:!0});let k=await j(i,o);k&&(a=k.keyMode,d(`Key mode: ${a??"none"}`),d(`JWKS URI: ${k.jwksUri}`))}else h("Credentials are invalid \u2014 key on server does not match local key"),t.push({id:"server-auth",pass:!1,message:"Key mismatch with server",fixable:!0});else u("Cannot validate \u2014 missing CLIENT_ID or ASSERTION_KEY"),t.push({id:"server-auth",pass:!1,message:"Missing credentials",fixable:!1});y("Route handler");let b=Y(e),x=Jt(e,b,"api/botparty/[...botparty]/route.ts");if($t(x)?jt(x,"utf-8").includes("@botparty/nextjs/handlers")?(p("Route handler exists with correct import"),t.push({id:"route-handler",pass:!0,message:"Route handler OK",fixable:!0})):(u("Route handler exists but may have incorrect content"),t.push({id:"route-handler",pass:!1,message:"Route handler has unexpected content",fixable:!0})):(h("Route handler missing: api/botparty/[...botparty]/route.ts"),t.push({id:"route-handler",pass:!1,message:"Route handler missing",fixable:!0})),y("JWKS route"),a==="domain-hosted"){let g=Jt(e,b,".well-known/jwks.json/route.ts");$t(g)?jt(g,"utf-8").includes("createJwksResponse")?(p("JWKS route handler exists (domain-hosted mode)"),t.push({id:"jwks-route",pass:!0,message:"JWKS route OK",fixable:!0})):(u("JWKS route exists but may have incorrect content"),t.push({id:"jwks-route",pass:!1,message:"JWKS route has unexpected content",fixable:!0})):(h("JWKS route handler missing (required for domain-hosted mode)"),t.push({id:"jwks-route",pass:!1,message:"JWKS route missing",fixable:!0}))}else d("Skipped \u2014 not in domain-hosted mode"),t.push({id:"jwks-route",pass:!0,message:"N/A (botparty-hosted)",fixable:!1});if(y("Remote JWKS"),c&&l){let g=await xe(c);if(g&&g.keys?.length>0){let k=l.x,m=l.y;g.keys.some(w=>w.x===k&&w.y===m)?(p("Remote JWKS contains the correct public key"),t.push({id:"jwks-remote",pass:!0,message:"Remote JWKS matches local key",fixable:!0})):(h("Remote JWKS does not contain the local public key"),t.push({id:"jwks-remote",pass:!1,message:"Key mismatch in remote JWKS",fixable:!0}))}else u("Could not fetch remote JWKS for domain"),t.push({id:"jwks-remote",pass:!1,message:"Remote JWKS not available",fixable:!0})}else u("Cannot check remote JWKS \u2014 missing domain or key"),t.push({id:"jwks-remote",pass:!1,message:"Missing domain or key",fixable:!1});let K=t.filter(g=>g.pass).length,J=t.filter(g=>!g.pass).length;return console.log(`
|
|
579
|
+
Summary: ${K} passed, ${J} failed
|
|
580
|
+
`),J>0&&d("Run `npx @botparty/nextjs fix` to auto-fix what can be fixed.\n"),t}import{mkdirSync as Wt,writeFileSync as Bt}from"fs";import{resolve as Te}from"path";async function Ut(){let t=(await Ae()).filter(c=>!c.pass);if(t.length===0){console.log(` Nothing to fix \u2014 all checks passed.
|
|
581
581
|
`);return}console.log(`
|
|
582
582
|
Attempting to fix issues...
|
|
583
583
|
`);let r=process.cwd(),n=T(r),s=n.BOTPARTY_CLIENT_ASSERTION_KEY?.replace(/\\n/g,`
|
|
584
|
-
`)||"",o=n.BOTPARTY_CLIENT_ID||"",i=n.BOTPARTY_DOMAIN||"";for(let c of t)await gr(c,{cwd:r,privateKeyPem:s,clientId:o,domain:i});console.log("")}async function gr(e,t){switch(y(`Fixing: ${e.id}`),e.id){case"env-vars":u("Cannot auto-fix missing env vars. Run `npx @botparty/nextjs init` to set them up.");break;case"key-valid":u("Cannot auto-fix an invalid key. Run `npx @botparty/nextjs init --force` to regenerate.");break;case"server-auth":await wr(t);break;case"route-handler":br(t);break;case"jwks-route":xr(t);break;case"jwks-remote":await Sr(t);break}}async function wr(e){if(!e.clientId||!e.privateKeyPem){u("Cannot fix \u2014 missing CLIENT_ID or ASSERTION_KEY. Run `npx @botparty/nextjs init --force`.");return}if(await
|
|
585
|
-
`),p("Created route handler")}function xr(e){let t=
|
|
584
|
+
`)||"",o=n.BOTPARTY_CLIENT_ID||"",i=n.BOTPARTY_DOMAIN||"";for(let c of t)await gr(c,{cwd:r,privateKeyPem:s,clientId:o,domain:i});console.log("")}async function gr(e,t){switch(y(`Fixing: ${e.id}`),e.id){case"env-vars":u("Cannot auto-fix missing env vars. Run `npx @botparty/nextjs init` to set them up.");break;case"key-valid":u("Cannot auto-fix an invalid key. Run `npx @botparty/nextjs init --force` to regenerate.");break;case"server-auth":await wr(t);break;case"route-handler":br(t);break;case"jwks-route":xr(t);break;case"jwks-remote":await Sr(t);break}}async function wr(e){if(!e.clientId||!e.privateKeyPem){u("Cannot fix \u2014 missing CLIENT_ID or ASSERTION_KEY. Run `npx @botparty/nextjs init --force`.");return}if(await j(e.clientId,e.privateKeyPem)){d("Credentials are actually valid now (may have been a transient failure).");return}d("Attempting to re-upload public key to id.botparty.club...");try{let r=await ie(e.privateKeyPem);await te(e.clientId,e.privateKeyPem,r)?p("Public key updated on server"):(h("Failed to update key. The local key may not match what the server expects."),u("Run `npx @botparty/nextjs init --force` to re-register with a new key."))}catch{h("Could not derive public key or update server. Run `npx @botparty/nextjs init --force`.")}}function br(e){let t=Y(e.cwd),r=Te(e.cwd,t,"api/botparty/[...botparty]"),n=Te(r,"route.ts");Wt(r,{recursive:!0}),Bt(n,`export { GET, POST } from '@botparty/nextjs/handlers';
|
|
585
|
+
`),p("Created route handler")}function xr(e){let t=Y(e.cwd),r=Te(e.cwd,t,".well-known/jwks.json"),n=Te(r,"route.ts");Wt(r,{recursive:!0}),Bt(n,`import { createJwksResponse } from '@botparty/nextjs/server';
|
|
586
586
|
|
|
587
587
|
export async function GET() {
|
|
588
588
|
return createJwksResponse();
|
|
589
589
|
}
|
|
590
|
-
`),p("Created JWKS route handler")}async function Sr(e){if(!e.clientId||!e.privateKeyPem||!e.domain){u("Cannot fix remote JWKS \u2014 missing credentials or domain.");return}let t=await
|
|
590
|
+
`),p("Created JWKS route handler")}async function Sr(e){if(!e.clientId||!e.privateKeyPem||!e.domain){u("Cannot fix remote JWKS \u2014 missing credentials or domain.");return}let t=await j(e.clientId,e.privateKeyPem);if(!t){u("Cannot determine key mode \u2014 server auth failed.");return}if(t.keyMode==="botparty-hosted"){d("Re-uploading public key to id.botparty.club...");try{let n=await ie(e.privateKeyPem);if(!await te(e.clientId,e.privateKeyPem,n)){h("Failed to update key on server.");return}p("Public key updated")}catch{h("Could not update key on server.");return}d("Verifying remote JWKS with cache bypass...");let r=await xe(e.domain);r&&r.keys?.length>0?p("Remote JWKS now available"):u("Remote JWKS still not available. It may take a moment for the cache to update.")}else t.keyMode==="domain-hosted"?(u("In domain-hosted mode, the remote JWKS is served by your app."),u("Make sure the JWKS route handler is deployed and redeploy if you recently changed keys.")):u("No key mode detected. Run `npx @botparty/nextjs init` to set up keys.")}import{generateKeyPairSync as vr}from"crypto";async function Lt(e={}){let t=process.cwd();console.log(`
|
|
591
591
|
@botparty/nextjs rotate
|
|
592
592
|
`),y("Reading current credentials");let r=T(t),n=r.BOTPARTY_CLIENT_ID,s=r.BOTPARTY_CLIENT_ASSERTION_KEY?.replace(/\\n/g,`
|
|
593
|
-
`),o=r.BOTPARTY_DOMAIN;n||(h("BOTPARTY_CLIENT_ID is not set in .env"),process.exit(1)),s||(h("BOTPARTY_CLIENT_ASSERTION_KEY is not set in .env"),process.exit(1)),o||(h("BOTPARTY_DOMAIN is not set in .env"),process.exit(1)),p("Credentials loaded"),y("Detecting key mode");let i=await
|
|
593
|
+
`),o=r.BOTPARTY_DOMAIN;n||(h("BOTPARTY_CLIENT_ID is not set in .env"),process.exit(1)),s||(h("BOTPARTY_CLIENT_ASSERTION_KEY is not set in .env"),process.exit(1)),o||(h("BOTPARTY_DOMAIN is not set in .env"),process.exit(1)),p("Credentials loaded"),y("Detecting key mode");let i=await j(n,s);i||(h("Could not authenticate with id.botparty.club. Is the current key valid?"),process.exit(1));let c=i.keyMode;d(`Key mode: ${c??"none"}`),d(`Domain: ${i.domain}`),y("Generating new ES256 keypair");let{publicKey:l,privateKey:a}=vr("ec",{namedCurve:"P-256",publicKeyEncoding:{type:"spki",format:"pem"},privateKeyEncoding:{type:"pkcs8",format:"pem"}}),b=await Z(l,"ES256"),x={...await I(b),use:"sig",alg:"ES256"};p("New keypair generated"),e.yes||(u("This will invalidate the current key."),console.log(`
|
|
594
594
|
To proceed, confirm with --yes:
|
|
595
595
|
npx @botparty/nextjs rotate --yes
|
|
596
|
-
`),process.exit(1)),c==="botparty-hosted"?(y("Uploading new public key to id.botparty.club"),await
|
|
596
|
+
`),process.exit(1)),c==="botparty-hosted"?(y("Uploading new public key to id.botparty.club"),await te(n,s,x)||(h("Failed to update public key on id.botparty.club"),process.exit(1)),p("Public key updated on server"),y("Updating local .env"),$(t,{BOTPARTY_CLIENT_ASSERTION_KEY:a.replace(/\n/g,"\\n")}),p(".env updated with new private key")):c==="domain-hosted"?(y("Updating local .env"),$(t,{BOTPARTY_CLIENT_ASSERTION_KEY:a.replace(/\n/g,"\\n")}),p(".env updated with new private key"),u("In domain-hosted mode, your JWKS route handler derives the key from the env var at runtime."),u("You must redeploy your app for the new key to take effect.")):(y("Uploading new public key to id.botparty.club"),await te(n,s,x)||(h("Failed to update public key on id.botparty.club"),process.exit(1)),p("Public key updated on server"),y("Updating local .env"),$(t,{BOTPARTY_CLIENT_ASSERTION_KEY:a.replace(/\n/g,"\\n")}),p(".env updated with new private key")),y("Verifying new credentials"),await j(n,a)?p("New credentials validated successfully"):(u("Could not validate new credentials immediately \u2014 this may be a caching delay."),u("Run `npx @botparty/nextjs doctor` in a minute to verify.")),console.log(`
|
|
597
597
|
Key rotation complete!
|
|
598
598
|
|
|
599
599
|
Next steps:
|
|
@@ -609,7 +609,7 @@ export async function GET() {
|
|
|
609
609
|
|
|
610
610
|
Usage:
|
|
611
611
|
npx @botparty/nextjs add-service <service> [--slug <name>]
|
|
612
|
-
`),process.exit(1));let{domain:s,privateKeyPem:o}=St(t),i=e.slug||Se(s);y(`Provisioning ${n.label}`),d(`Service: ${n.domain}`),d(`Slug: ${i}`),d(`Namespace: ${s}`);let c=await ht(s,o),l=await n.provision({domain:s,token:c,slug:i,serviceDomain:n.domain});y("Writing environment variables");for(let[a,b]of Object.entries(l))d(`${a}=${b.length>60?b.slice(0,57)+"...":b}`)
|
|
612
|
+
`),process.exit(1));let{domain:s,privateKeyPem:o}=St(t),i=e.slug||Se(s);y(`Provisioning ${n.label}`),d(`Service: ${n.domain}`),d(`Slug: ${i}`),d(`Namespace: ${s}`);let c=await ht(s,o),l=await n.provision({domain:s,token:c,slug:i,serviceDomain:n.domain});y("Writing environment variables");for(let[a,b]of Object.entries(l))d(`${a}=${b.length>60?b.slice(0,57)+"...":b}`);$(t,l),p(".env updated"),console.log(`
|
|
613
613
|
${n.label} is ready!
|
|
614
614
|
|
|
615
615
|
Environment variables written to .env:
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@botparty/nextjs",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.64",
|
|
4
4
|
"description": "Next.js SDK for BotParty auth — middleware, server auth(), route handlers, SSR provider",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.cjs",
|
|
@@ -63,7 +63,7 @@
|
|
|
63
63
|
"dev": "tsc --watch"
|
|
64
64
|
},
|
|
65
65
|
"dependencies": {
|
|
66
|
-
"@botparty/react": "0.0.
|
|
66
|
+
"@botparty/react": "0.0.64",
|
|
67
67
|
"@botparty/sdk": "0.0.47",
|
|
68
68
|
"jose": "^6.1.2"
|
|
69
69
|
},
|