@commonpub/server 2.48.0 → 2.50.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/federation/oauth.d.ts +53 -1
- package/dist/federation/oauth.d.ts.map +1 -1
- package/dist/federation/oauth.js +84 -2
- package/dist/federation/oauth.js.map +1 -1
- package/dist/identity/__tests__/health.test.d.ts +2 -0
- package/dist/identity/__tests__/health.test.d.ts.map +1 -0
- package/dist/identity/__tests__/health.test.js +113 -0
- package/dist/identity/__tests__/health.test.js.map +1 -0
- package/dist/identity/__tests__/router.test.d.ts +2 -0
- package/dist/identity/__tests__/router.test.d.ts.map +1 -0
- package/dist/identity/__tests__/router.test.js +163 -0
- package/dist/identity/__tests__/router.test.js.map +1 -0
- package/dist/identity/fediClient.d.ts +82 -0
- package/dist/identity/fediClient.d.ts.map +1 -0
- package/dist/identity/fediClient.js +40 -0
- package/dist/identity/fediClient.js.map +1 -0
- package/dist/identity/health.d.ts +42 -0
- package/dist/identity/health.d.ts.map +1 -0
- package/dist/identity/health.js +43 -0
- package/dist/identity/health.js.map +1 -0
- package/dist/identity/index.d.ts +18 -0
- package/dist/identity/index.d.ts.map +1 -0
- package/dist/identity/index.js +15 -0
- package/dist/identity/index.js.map +1 -0
- package/dist/identity/mastodonFactory.d.ts +12 -0
- package/dist/identity/mastodonFactory.d.ts.map +1 -0
- package/dist/identity/mastodonFactory.js +118 -0
- package/dist/identity/mastodonFactory.js.map +1 -0
- package/dist/identity/router.d.ts +79 -0
- package/dist/identity/router.d.ts.map +1 -0
- package/dist/identity/router.js +72 -0
- package/dist/identity/router.js.map +1 -0
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/package.json +8 -7
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { type OAuthAuthorizeRequest, type OAuthTokenRequest, type OAuthDynamicRegistrationRequest } from '@commonpub/protocol';
|
|
2
|
+
import type { Scope, SoftwareKind } from '@commonpub/auth';
|
|
2
3
|
import type { DB } from '../types.js';
|
|
3
4
|
export interface AuthorizeResult {
|
|
4
5
|
/** Authorization code to return to the client */
|
|
@@ -47,14 +48,65 @@ export interface RegisteredClient {
|
|
|
47
48
|
* In v1, this is done manually by admins. Returns client credentials for storage.
|
|
48
49
|
*/
|
|
49
50
|
export declare function registerOAuthClient(db: DB, instanceDomain: string, redirectUris: string[]): Promise<RegisteredClient>;
|
|
51
|
+
/**
|
|
52
|
+
* Optional grant attached to a `linkFederatedAccount` call. When present,
|
|
53
|
+
* the access token is encrypted at rest via `@commonpub/infra/tokenCrypto`
|
|
54
|
+
* and stored in `federated_accounts.access_token_ciphertext` + `access_token_iv`.
|
|
55
|
+
*
|
|
56
|
+
* Phase 1a clients (the v1 SSO callback) call `linkFederatedAccount`
|
|
57
|
+
* WITHOUT a grant — those rows store profile info only and remain
|
|
58
|
+
* display-only "linked profile" records. Phase 1b's flow attaches a
|
|
59
|
+
* grant with the bearer it just exchanged, enabling delegated actions
|
|
60
|
+
* via FediClient.
|
|
61
|
+
*/
|
|
62
|
+
export interface FederatedAccountGrant {
|
|
63
|
+
/** OAuth bearer access token, plain text. Encrypted before storage. */
|
|
64
|
+
accessToken: string;
|
|
65
|
+
/** Granted scopes. Filtered through `coerceScopes` to drop unknowns. */
|
|
66
|
+
scopes: ReadonlyArray<Scope | string>;
|
|
67
|
+
/** Detected remote AP server software. Validated via `isSoftwareKind`. */
|
|
68
|
+
softwareKind: SoftwareKind | string;
|
|
69
|
+
}
|
|
50
70
|
/**
|
|
51
71
|
* Link a federated account to a local user after successful OAuth callback.
|
|
72
|
+
*
|
|
73
|
+
* Backward-compatible: if `grant` is omitted, the row is created/updated
|
|
74
|
+
* with profile fields only — same as the v1 SSO behaviour. Existing
|
|
75
|
+
* callers (callback.get.ts, link.post.ts) keep working unchanged.
|
|
76
|
+
*
|
|
77
|
+
* When `grant` IS passed:
|
|
78
|
+
* - access token is encrypted (ChaCha20-Poly1305) before insert/update
|
|
79
|
+
* - scopes filtered to known values, default `[]`
|
|
80
|
+
* - softwareKind validated, falls back to `'unknown'` on bad input
|
|
81
|
+
* - `last_verified_at` set to now (we just got a fresh token)
|
|
82
|
+
* - `revoked_at` cleared to null (re-linking after a revocation lifts the soft-revoke)
|
|
83
|
+
*
|
|
84
|
+
* Identity-hijacking guard: if the actor URI is already linked to a
|
|
85
|
+
* DIFFERENT local user, this throws `Error('already linked to another
|
|
86
|
+
* account')` — same as before.
|
|
52
87
|
*/
|
|
53
88
|
export declare function linkFederatedAccount(db: DB, userId: string, actorUri: string, instanceDomain: string, profile?: {
|
|
54
89
|
preferredUsername?: string;
|
|
55
90
|
displayName?: string;
|
|
56
91
|
avatarUrl?: string;
|
|
57
|
-
}): Promise<void>;
|
|
92
|
+
}, grant?: FederatedAccountGrant): Promise<void>;
|
|
93
|
+
/**
|
|
94
|
+
* Read and decrypt the access token for a federated_accounts row. Returns
|
|
95
|
+
* null if there is no token stored, the row is revoked, or the row id
|
|
96
|
+
* does not exist. Never throws on missing rows / missing tokens — only
|
|
97
|
+
* on actual decryption failures (key change, tampered ciphertext).
|
|
98
|
+
*
|
|
99
|
+
* Used by Phase 1b's FediClient factory to construct authenticated
|
|
100
|
+
* Mastodon-API clients on demand.
|
|
101
|
+
*/
|
|
102
|
+
export declare function getDecryptedAccessToken(db: DB, federatedAccountId: string): Promise<string | null>;
|
|
103
|
+
/**
|
|
104
|
+
* Soft-revoke a federated account's grant. Marks `revoked_at = now()`;
|
|
105
|
+
* keeps the row for audit but blocks `getDecryptedAccessToken` from
|
|
106
|
+
* returning the token. Used by Phase 1b's 401-detection wrapper and by
|
|
107
|
+
* the user-facing "Unlink" action.
|
|
108
|
+
*/
|
|
109
|
+
export declare function revokeFederatedAccountGrant(db: DB, federatedAccountId: string): Promise<void>;
|
|
58
110
|
/**
|
|
59
111
|
* Find a local user linked to a federated account by actor URI.
|
|
60
112
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/federation/oauth.ts"],"names":[],"mappings":"AAcA,OAAO,EAIL,KAAK,qBAAqB,EAC1B,KAAK,iBAAiB,EACtB,KAAK,+BAA+B,EACrC,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AAYtC,MAAM,WAAW,eAAe;IAC9B,iDAAiD;IACjD,IAAI,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,sCAAsC;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,QAAQ,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CACpC,EAAE,EAAE,EAAE,EACN,MAAM,EAAE,qBAAqB,EAC7B,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,gBAAgB,EAAE,MAAM,CAAA;CAAE,CAAC,CA8BxE;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,EAAE,EAAE,EAAE,EACN,MAAM,EAAE,iBAAiB,EACzB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,WAAW,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,gBAAgB,EAAE,MAAM,CAAA;CAAE,CAAC,CAsDpE;AAID,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,EAAE,EAAE,EAAE,EACN,cAAc,EAAE,MAAM,EACtB,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAAC,gBAAgB,CAAC,CAY3B;AAED
|
|
1
|
+
{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/federation/oauth.ts"],"names":[],"mappings":"AAcA,OAAO,EAIL,KAAK,qBAAqB,EAC1B,KAAK,iBAAiB,EACtB,KAAK,+BAA+B,EACrC,MAAM,qBAAqB,CAAC;AAC7B,OAAO,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAG3D,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AAYtC,MAAM,WAAW,eAAe;IAC9B,iDAAiD;IACjD,IAAI,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,sCAAsC;IACtC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,QAAQ,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CACpC,EAAE,EAAE,EAAE,EACN,MAAM,EAAE,qBAAqB,EAC7B,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,gBAAgB,EAAE,MAAM,CAAA;CAAE,CAAC,CA8BxE;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,EAAE,EAAE,EAAE,EACN,MAAM,EAAE,iBAAiB,EACzB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,WAAW,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,gBAAgB,EAAE,MAAM,CAAA;CAAE,CAAC,CAsDpE;AAID,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,EAAE,EAAE,EAAE,EACN,cAAc,EAAE,MAAM,EACtB,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAAC,gBAAgB,CAAC,CAY3B;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,qBAAqB;IACpC,uEAAuE;IACvE,WAAW,EAAE,MAAM,CAAC;IACpB,wEAAwE;IACxE,MAAM,EAAE,aAAa,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC;IACtC,0EAA0E;IAC1E,YAAY,EAAE,YAAY,GAAG,MAAM,CAAC;CACrC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,oBAAoB,CACxC,EAAE,EAAE,EAAE,EACN,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,EACtB,OAAO,CAAC,EAAE;IAAE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,EAClF,KAAK,CAAC,EAAE,qBAAqB,GAC5B,OAAO,CAAC,IAAI,CAAC,CA0Cf;AA8BD;;;;;;;;GAQG;AACH,wBAAsB,uBAAuB,CAC3C,EAAE,EAAE,EAAE,EACN,kBAAkB,EAAE,MAAM,GACzB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAexB;AAED;;;;;GAKG;AACH,wBAAsB,2BAA2B,CAC/C,EAAE,EAAE,EAAE,EACN,kBAAkB,EAAE,MAAM,GACzB,OAAO,CAAC,IAAI,CAAC,CAKf;AAED;;GAEG;AACH,wBAAsB,0BAA0B,CAC9C,EAAE,EAAE,EAAE,EACN,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAYtD;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,EAAE,EAAE,EAAE,GACL,OAAO,CAAC,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,IAAI,CAAA;CAAE,CAAC,CAAC,CAS3F;AAID;;;GAGG;AACH,wBAAsB,0BAA0B,CAC9C,EAAE,EAAE,EAAE,EACN,OAAO,EAAE,+BAA+B,GACvC,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,gBAAgB,EAAE,MAAM,CAAA;CAAE,CAAC,CAkBnG;AAMD;;;GAGG;AACH,wBAAsB,yBAAyB,CAAC,EAAE,EAAE,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAUzE;AAED,4DAA4D;AAC5D,wBAAsB,kBAAkB,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAgB9E;AAED,iEAAiE;AACjE,wBAAsB,qBAAqB,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAOjF;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,EAAE,EAAE,EAAE,EACN,MAAM,EAAE;IAAE,QAAQ,EAAE;QAAE,UAAU,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAAC,IAAI,EAAE;QAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAA;CAAE,EACrF,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,OAAO,CAAC,CASlB;AAOD,MAAM,WAAW,eAAe;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAsB,eAAe,CACnC,EAAE,EAAE,EAAE,EACN,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,GACxC,OAAO,CAAC,MAAM,CAAC,CAajB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,EAAE,EAAE,EAAE,EACN,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAiBjC;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,eAAe,EACtB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC;IACT,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;CAChH,GAAG,IAAI,CAAC,CAoCR;AAID,MAAM,WAAW,sBAAsB;IACrC,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,IAAI,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,wBAAsB,sBAAsB,CAC1C,EAAE,EAAE,EAAE,EACN,MAAM,EAAE,MAAM,EACd,SAAS,CAAC,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,sBAAsB,CAAC,CAajC;AAOD,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;GAIG;AACH,wBAAsB,gBAAgB,CACpC,EAAE,EAAE,EAAE,EACN,IAAI,EAAE,IAAI,CAAC,eAAe,EAAE,WAAW,CAAC,GACvC,OAAO,CAAC,MAAM,CAAC,CAUjB;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,EAAE,EAAE,EAAE,EACN,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAejC"}
|
package/dist/federation/oauth.js
CHANGED
|
@@ -6,6 +6,8 @@
|
|
|
6
6
|
import { eq } from 'drizzle-orm';
|
|
7
7
|
import { oauthClients, users, sessions, federatedAccounts, instanceSettings, } from '@commonpub/schema';
|
|
8
8
|
import { validateAuthorizeRequest, validateTokenRequest, validateDynamicRegistration, } from '@commonpub/protocol';
|
|
9
|
+
import { isSoftwareKind, coerceScopes } from '@commonpub/auth';
|
|
10
|
+
import { encryptToken, decryptToken } from '@commonpub/infra';
|
|
9
11
|
import { storeAuthCode, consumeAuthCode } from '../oauthCodes.js';
|
|
10
12
|
/** Generate a cryptographically secure random token (hex-encoded, 256 bits) */
|
|
11
13
|
function generateSecureToken() {
|
|
@@ -116,8 +118,27 @@ export async function registerOAuthClient(db, instanceDomain, redirectUris) {
|
|
|
116
118
|
}
|
|
117
119
|
/**
|
|
118
120
|
* Link a federated account to a local user after successful OAuth callback.
|
|
121
|
+
*
|
|
122
|
+
* Backward-compatible: if `grant` is omitted, the row is created/updated
|
|
123
|
+
* with profile fields only — same as the v1 SSO behaviour. Existing
|
|
124
|
+
* callers (callback.get.ts, link.post.ts) keep working unchanged.
|
|
125
|
+
*
|
|
126
|
+
* When `grant` IS passed:
|
|
127
|
+
* - access token is encrypted (ChaCha20-Poly1305) before insert/update
|
|
128
|
+
* - scopes filtered to known values, default `[]`
|
|
129
|
+
* - softwareKind validated, falls back to `'unknown'` on bad input
|
|
130
|
+
* - `last_verified_at` set to now (we just got a fresh token)
|
|
131
|
+
* - `revoked_at` cleared to null (re-linking after a revocation lifts the soft-revoke)
|
|
132
|
+
*
|
|
133
|
+
* Identity-hijacking guard: if the actor URI is already linked to a
|
|
134
|
+
* DIFFERENT local user, this throws `Error('already linked to another
|
|
135
|
+
* account')` — same as before.
|
|
119
136
|
*/
|
|
120
|
-
export async function linkFederatedAccount(db, userId, actorUri, instanceDomain, profile) {
|
|
137
|
+
export async function linkFederatedAccount(db, userId, actorUri, instanceDomain, profile, grant) {
|
|
138
|
+
// If a grant was provided, prepare the encrypted token + validated
|
|
139
|
+
// scopes/softwareKind once. We do this outside the existence check so
|
|
140
|
+
// an encryption failure (missing key, etc.) fails fast before any DB I/O.
|
|
141
|
+
const grantFields = grant ? buildGrantFields(grant) : null;
|
|
121
142
|
// Check if already linked
|
|
122
143
|
const existing = await db
|
|
123
144
|
.select()
|
|
@@ -129,7 +150,7 @@ export async function linkFederatedAccount(db, userId, actorUri, instanceDomain,
|
|
|
129
150
|
if (existing[0].userId !== userId) {
|
|
130
151
|
throw new Error('This federated identity is already linked to another account');
|
|
131
152
|
}
|
|
132
|
-
// Update profile info for the same user
|
|
153
|
+
// Update profile info for the same user, plus grant if provided
|
|
133
154
|
await db
|
|
134
155
|
.update(federatedAccounts)
|
|
135
156
|
.set({
|
|
@@ -137,6 +158,7 @@ export async function linkFederatedAccount(db, userId, actorUri, instanceDomain,
|
|
|
137
158
|
...(profile?.preferredUsername && { preferredUsername: profile.preferredUsername }),
|
|
138
159
|
...(profile?.displayName && { displayName: profile.displayName }),
|
|
139
160
|
...(profile?.avatarUrl && { avatarUrl: profile.avatarUrl }),
|
|
161
|
+
...(grantFields ?? {}),
|
|
140
162
|
})
|
|
141
163
|
.where(eq(federatedAccounts.actorUri, actorUri));
|
|
142
164
|
}
|
|
@@ -149,9 +171,69 @@ export async function linkFederatedAccount(db, userId, actorUri, instanceDomain,
|
|
|
149
171
|
displayName: profile?.displayName,
|
|
150
172
|
avatarUrl: profile?.avatarUrl,
|
|
151
173
|
lastSyncedAt: new Date(),
|
|
174
|
+
...(grantFields ?? {}),
|
|
152
175
|
});
|
|
153
176
|
}
|
|
154
177
|
}
|
|
178
|
+
/**
|
|
179
|
+
* Validate + encrypt the grant. Centralised so INSERT and UPDATE share
|
|
180
|
+
* exactly the same rules. Returns the columns to spread into the
|
|
181
|
+
* Drizzle .set() / .values() call.
|
|
182
|
+
*/
|
|
183
|
+
function buildGrantFields(grant) {
|
|
184
|
+
const enc = encryptToken(grant.accessToken);
|
|
185
|
+
const safeScopes = coerceScopes(grant.scopes);
|
|
186
|
+
const safeKind = isSoftwareKind(grant.softwareKind) ? grant.softwareKind : 'unknown';
|
|
187
|
+
return {
|
|
188
|
+
accessTokenCiphertext: enc.ciphertext,
|
|
189
|
+
accessTokenIv: enc.iv,
|
|
190
|
+
scopes: [...safeScopes],
|
|
191
|
+
softwareKind: safeKind,
|
|
192
|
+
lastVerifiedAt: new Date(),
|
|
193
|
+
// Re-linking lifts a soft-revocation: any prior revoked_at is cleared
|
|
194
|
+
// because we just successfully re-authenticated.
|
|
195
|
+
revokedAt: null,
|
|
196
|
+
};
|
|
197
|
+
}
|
|
198
|
+
/**
|
|
199
|
+
* Read and decrypt the access token for a federated_accounts row. Returns
|
|
200
|
+
* null if there is no token stored, the row is revoked, or the row id
|
|
201
|
+
* does not exist. Never throws on missing rows / missing tokens — only
|
|
202
|
+
* on actual decryption failures (key change, tampered ciphertext).
|
|
203
|
+
*
|
|
204
|
+
* Used by Phase 1b's FediClient factory to construct authenticated
|
|
205
|
+
* Mastodon-API clients on demand.
|
|
206
|
+
*/
|
|
207
|
+
export async function getDecryptedAccessToken(db, federatedAccountId) {
|
|
208
|
+
const [row] = await db
|
|
209
|
+
.select({
|
|
210
|
+
ct: federatedAccounts.accessTokenCiphertext,
|
|
211
|
+
iv: federatedAccounts.accessTokenIv,
|
|
212
|
+
revokedAt: federatedAccounts.revokedAt,
|
|
213
|
+
})
|
|
214
|
+
.from(federatedAccounts)
|
|
215
|
+
.where(eq(federatedAccounts.id, federatedAccountId))
|
|
216
|
+
.limit(1);
|
|
217
|
+
if (!row)
|
|
218
|
+
return null;
|
|
219
|
+
if (row.revokedAt)
|
|
220
|
+
return null;
|
|
221
|
+
if (!row.ct || !row.iv)
|
|
222
|
+
return null;
|
|
223
|
+
return decryptToken({ ciphertext: row.ct, iv: row.iv });
|
|
224
|
+
}
|
|
225
|
+
/**
|
|
226
|
+
* Soft-revoke a federated account's grant. Marks `revoked_at = now()`;
|
|
227
|
+
* keeps the row for audit but blocks `getDecryptedAccessToken` from
|
|
228
|
+
* returning the token. Used by Phase 1b's 401-detection wrapper and by
|
|
229
|
+
* the user-facing "Unlink" action.
|
|
230
|
+
*/
|
|
231
|
+
export async function revokeFederatedAccountGrant(db, federatedAccountId) {
|
|
232
|
+
await db
|
|
233
|
+
.update(federatedAccounts)
|
|
234
|
+
.set({ revokedAt: new Date() })
|
|
235
|
+
.where(eq(federatedAccounts.id, federatedAccountId));
|
|
236
|
+
}
|
|
155
237
|
/**
|
|
156
238
|
* Find a local user linked to a federated account by actor URI.
|
|
157
239
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/federation/oauth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,EAAE,EAAW,MAAM,aAAa,CAAC;AAC1C,OAAO,EACL,YAAY,EAEZ,KAAK,EACL,QAAQ,EACR,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,2BAA2B,GAI5B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAElE,+EAA+E;AAC/E,SAAS,mBAAmB;IAC1B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC5E,CAAC;AA2BD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAM,EACN,MAA6B,EAC7B,MAAc,EACd,MAAc;IAEd,qBAAqB;IACrB,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,EAAE;SACtB,MAAM,EAAE;SACR,IAAI,CAAC,YAAY,CAAC;SAClB,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;SACjD,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,MAAM,WAAW,GAAG,MAAM;QACxB,CAAC,CAAC;YACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,YAAY,EAAE,MAAM,CAAC,YAAwB;YAC7C,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC;QACH,CAAC,CAAC,IAAI,CAAC;IAET,uBAAuB;IACvB,MAAM,eAAe,GAAG,wBAAwB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACtE,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAE5C,8EAA8E;IAC9E,MAAM,IAAI,GAAG,mBAAmB,EAAE,CAAC;IACnC,MAAM,aAAa,CAAC,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAE3E,OAAO;QACL,IAAI;QACJ,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,EAAM,EACN,MAAyB,EACzB,MAAc;IAEd,qBAAqB;IACrB,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,EAAE;SACtB,MAAM,EAAE;SACR,IAAI,CAAC,YAAY,CAAC;SAClB,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;SACjD,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,MAAM,WAAW,GAAG,MAAM;QACxB,CAAC,CAAC;YACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,YAAY,EAAE,MAAM,CAAC,YAAwB;YAC7C,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC;QACH,CAAC,CAAC,IAAI,CAAC;IAET,uBAAuB;IACvB,MAAM,eAAe,GAAG,oBAAoB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAClE,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAE5C,qCAAqC;IACrC,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAC/F,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,uCAAuC,EAAE,CAAC;IAC/F,CAAC;IAED,mBAAmB;IACnB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,EAAE;SACpB,MAAM,EAAE;SACR,IAAI,CAAC,KAAK,CAAC;SACX,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;SACtC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;IACvE,CAAC;IAED,mDAAmD;IACnD,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAC;IAC1C,MAAM,QAAQ,GAAG,WAAW,MAAM,UAAU,IAAI,CAAC,QAAQ,EAAE,CAAC;IAE5D,OAAO;QACL,WAAW;QACX,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,IAAI;QACf,IAAI,EAAE;YACJ,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;YACjC,QAAQ;SACT;KACF,CAAC;AACJ,CAAC;AASD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,EAAM,EACN,cAAsB,EACtB,YAAsB;IAEtB,MAAM,QAAQ,GAAG,QAAQ,mBAAmB,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAC9D,MAAM,YAAY,GAAG,SAAS,mBAAmB,EAAE,EAAE,CAAC;IAEtD,MAAM,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;QACnC,QAAQ;QACR,YAAY;QACZ,YAAY;QACZ,cAAc;KACf,CAAC,CAAC;IAEH,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,EAAM,EACN,MAAc,EACd,QAAgB,EAChB,cAAsB,EACtB,OAAkF;IAElF,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,MAAM,EAAE;SACtB,MAAM,EAAE;SACR,IAAI,CAAC,iBAAiB,CAAC;SACvB,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;SAC/C,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,qEAAqE;QACrE,IAAI,QAAQ,CAAC,CAAC,CAAE,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAClF,CAAC;QAED,wCAAwC;QACxC,MAAM,EAAE;aACL,MAAM,CAAC,iBAAiB,CAAC;aACzB,GAAG,CAAC;YACH,YAAY,EAAE,IAAI,IAAI,EAAE;YACxB,GAAG,CAAC,OAAO,EAAE,iBAAiB,IAAI,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,EAAE,CAAC;YACnF,GAAG,CAAC,OAAO,EAAE,WAAW,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC;YACjE,GAAG,CAAC,OAAO,EAAE,SAAS,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;SAC5D,CAAC;aACD,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,MAAM,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC;YACxC,MAAM;YACN,QAAQ;YACR,cAAc;YACd,iBAAiB,EAAE,OAAO,EAAE,iBAAiB;YAC7C,WAAW,EAAE,OAAO,EAAE,WAAW;YACjC,SAAS,EAAE,OAAO,EAAE,SAAS;YAC7B,YAAY,EAAE,IAAI,IAAI,EAAE;SACzB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,EAAM,EACN,QAAgB;IAEhB,MAAM,IAAI,GAAG,MAAM,EAAE;SAClB,MAAM,CAAC;QACN,MAAM,EAAE,iBAAiB,CAAC,MAAM;QAChC,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAC;SACD,IAAI,CAAC,iBAAiB,CAAC;SACvB,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC;SACxD,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;SAC/C,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAM;IAEN,OAAO,EAAE;SACN,MAAM,CAAC;QACN,EAAE,EAAE,YAAY,CAAC,EAAE;QACnB,QAAQ,EAAE,YAAY,CAAC,QAAQ;QAC/B,cAAc,EAAE,YAAY,CAAC,cAAc;QAC3C,SAAS,EAAE,YAAY,CAAC,SAAS;KAClC,CAAC;SACD,IAAI,CAAC,YAAY,CAAC,CAAC;AACxB,CAAC;AAED,sCAAsC;AAEtC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,EAAM,EACN,OAAwC;IAExC,MAAM,eAAe,GAAG,2BAA2B,CAAC,OAAO,CAAC,CAAC;IAC7D,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAE5C,0DAA0D;IAC1D,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE;SACxB,MAAM,EAAE;SACR,IAAI,CAAC,YAAY,CAAC;SAClB,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;SAC9D,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC;IAC9E,CAAC;IAED,sBAAsB;IACtB,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC,cAAc,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAC3F,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uDAAuD;AAEvD,MAAM,qBAAqB,GAAG,mBAAmB,CAAC;AAElD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,EAAM;IACpD,MAAM,IAAI,GAAG,MAAM,EAAE;SAClB,MAAM,EAAE;SACR,IAAI,CAAC,gBAAgB,CAAC;SACtB,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;SACtD,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC;IAC7B,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAiB,CAAC,CAAC,CAAC,EAAE,CAAC;AACvD,CAAC;AAED,4DAA4D;AAC5D,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,EAAM,EAAE,MAAc;IAC7D,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC,EAAE,CAAC,CAAC;IACpD,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO;IACrC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAErB,MAAM,QAAQ,GAAG,MAAM,EAAE;SACtB,MAAM,EAAE;SACR,IAAI,CAAC,gBAAgB,CAAC;SACtB,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;SACtD,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC,CAAC;IACnH,CAAC;SAAM,CAAC;QACN,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3F,CAAC;AACH,CAAC;AAED,iEAAiE;AACjE,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,EAAM,EAAE,MAAc;IAChE,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC,EAAE,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;IAEnD,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM;QAAE,OAAO,CAAC,YAAY;IAE5D,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC,CAAC;AACpH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,EAAM,EACN,MAAqF,EACrF,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAE9C,yBAAyB;IACzB,IAAI,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhE,uBAAuB;IACvB,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED,4DAA4D;AAE5D,MAAM,kBAAkB,GAAG,cAAc,CAAC;AAC1C,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;AAWxD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,EAAM,EACN,KAAyC;IAEzC,MAAM,UAAU,GAAG,mBAAmB,EAAE,CAAC;IACzC,MAAM,GAAG,GAAG,GAAG,kBAAkB,GAAG,UAAU,EAAE,CAAC;IAEjD,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC;QACvC,GAAG;QACH,KAAK,EAAE;YACL,GAAG,KAAK;YACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,kBAAkB;SAC3C;KACF,CAAC,CAAC;IAEH,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,EAAM,EACN,UAAkB;IAElB,MAAM,GAAG,GAAG,GAAG,kBAAkB,GAAG,UAAU,EAAE,CAAC;IAEjD,gDAAgD;IAChD,MAAM,OAAO,GAAG,MAAM,EAAE;SACrB,MAAM,CAAC,gBAAgB,CAAC;SACxB,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SACpC,SAAS,EAAE,CAAC;IAEf,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC,KAAwB,CAAC;IAEnD,eAAe;IACf,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE9C,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAAsB,EACtB,IAAY;IAKZ,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,aAAa,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,SAAS,EAAE,KAAK,CAAC,QAAQ;gBACzB,aAAa,EAAE,KAAK,CAAC,YAAY;gBACjC,YAAY,EAAE,KAAK,CAAC,WAAW;aAChC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAE9B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAG/B,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAElD,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,IAAI,EAAE;gBACJ,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;gBAChB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;gBAC5B,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI;gBAC1C,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI;gBACtC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,WAAW,KAAK,CAAC,cAAc,UAAU,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;aAC9F;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAUD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,EAAM,EACN,MAAc,EACd,SAAkB,EAClB,SAAkB;IAElB,MAAM,YAAY,GAAG,mBAAmB,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,qCAAqC;IAEvG,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;QAC/B,MAAM;QACN,KAAK,EAAE,YAAY;QACnB,SAAS;QACT,SAAS,EAAE,SAAS,IAAI,IAAI;QAC5B,SAAS,EAAE,SAAS,IAAI,IAAI;KAC7B,CAAC,CAAC;IAEH,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;AAC7C,CAAC;AAED,8BAA8B;AAE9B,MAAM,mBAAmB,GAAG,eAAe,CAAC;AAC5C,MAAM,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;AAWzD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAM,EACN,IAAwC;IAExC,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,GAAG,mBAAmB,GAAG,KAAK,EAAE,CAAC;IAE7C,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC;QACvC,GAAG;QACH,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,mBAAmB,EAAE;KAChE,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,EAAM,EACN,KAAa;IAEb,MAAM,GAAG,GAAG,GAAG,mBAAmB,GAAG,KAAK,EAAE,CAAC;IAE7C,2CAA2C;IAC3C,MAAM,OAAO,GAAG,MAAM,EAAE;SACrB,MAAM,CAAC,gBAAgB,CAAC;SACxB,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SACpC,SAAS,EAAE,CAAC;IAEf,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC,KAAwB,CAAC;IAClD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE7C,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
1
|
+
{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/federation/oauth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,EAAE,EAAW,MAAM,aAAa,CAAC;AAC1C,OAAO,EACL,YAAY,EAEZ,KAAK,EACL,QAAQ,EACR,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,2BAA2B,GAI5B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAE9D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAElE,+EAA+E;AAC/E,SAAS,mBAAmB;IAC1B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC5E,CAAC;AA2BD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAM,EACN,MAA6B,EAC7B,MAAc,EACd,MAAc;IAEd,qBAAqB;IACrB,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,EAAE;SACtB,MAAM,EAAE;SACR,IAAI,CAAC,YAAY,CAAC;SAClB,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;SACjD,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,MAAM,WAAW,GAAG,MAAM;QACxB,CAAC,CAAC;YACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,YAAY,EAAE,MAAM,CAAC,YAAwB;YAC7C,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC;QACH,CAAC,CAAC,IAAI,CAAC;IAET,uBAAuB;IACvB,MAAM,eAAe,GAAG,wBAAwB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACtE,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAE5C,8EAA8E;IAC9E,MAAM,IAAI,GAAG,mBAAmB,EAAE,CAAC;IACnC,MAAM,aAAa,CAAC,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAE3E,OAAO;QACL,IAAI;QACJ,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,EAAM,EACN,MAAyB,EACzB,MAAc;IAEd,qBAAqB;IACrB,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,EAAE;SACtB,MAAM,EAAE;SACR,IAAI,CAAC,YAAY,CAAC;SAClB,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;SACjD,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,MAAM,WAAW,GAAG,MAAM;QACxB,CAAC,CAAC;YACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,YAAY,EAAE,MAAM,CAAC,YAAwB;YAC7C,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC;QACH,CAAC,CAAC,IAAI,CAAC;IAET,uBAAuB;IACvB,MAAM,eAAe,GAAG,oBAAoB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAClE,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAE5C,qCAAqC;IACrC,MAAM,UAAU,GAAG,MAAM,eAAe,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IAC/F,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,gBAAgB,EAAE,uCAAuC,EAAE,CAAC;IAC/F,CAAC;IAED,mBAAmB;IACnB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,EAAE;SACpB,MAAM,EAAE;SACR,IAAI,CAAC,KAAK,CAAC;SACX,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;SACtC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;IACvE,CAAC;IAED,mDAAmD;IACnD,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAC;IAC1C,MAAM,QAAQ,GAAG,WAAW,MAAM,UAAU,IAAI,CAAC,QAAQ,EAAE,CAAC;IAE5D,OAAO;QACL,WAAW;QACX,SAAS,EAAE,QAAQ;QACnB,SAAS,EAAE,IAAI;QACf,IAAI,EAAE;YACJ,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;YACjC,QAAQ;SACT;KACF,CAAC;AACJ,CAAC;AASD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,EAAM,EACN,cAAsB,EACtB,YAAsB;IAEtB,MAAM,QAAQ,GAAG,QAAQ,mBAAmB,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAC9D,MAAM,YAAY,GAAG,SAAS,mBAAmB,EAAE,EAAE,CAAC;IAEtD,MAAM,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC;QACnC,QAAQ;QACR,YAAY;QACZ,YAAY;QACZ,cAAc;KACf,CAAC,CAAC;IAEH,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AACpC,CAAC;AAsBD;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,EAAM,EACN,MAAc,EACd,QAAgB,EAChB,cAAsB,EACtB,OAAkF,EAClF,KAA6B;IAE7B,mEAAmE;IACnE,sEAAsE;IACtE,0EAA0E;IAC1E,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE3D,0BAA0B;IAC1B,MAAM,QAAQ,GAAG,MAAM,EAAE;SACtB,MAAM,EAAE;SACR,IAAI,CAAC,iBAAiB,CAAC;SACvB,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;SAC/C,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,qEAAqE;QACrE,IAAI,QAAQ,CAAC,CAAC,CAAE,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAClF,CAAC;QAED,gEAAgE;QAChE,MAAM,EAAE;aACL,MAAM,CAAC,iBAAiB,CAAC;aACzB,GAAG,CAAC;YACH,YAAY,EAAE,IAAI,IAAI,EAAE;YACxB,GAAG,CAAC,OAAO,EAAE,iBAAiB,IAAI,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,EAAE,CAAC;YACnF,GAAG,CAAC,OAAO,EAAE,WAAW,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC;YACjE,GAAG,CAAC,OAAO,EAAE,SAAS,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;YAC3D,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;SACvB,CAAC;aACD,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,MAAM,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC;YACxC,MAAM;YACN,QAAQ;YACR,cAAc;YACd,iBAAiB,EAAE,OAAO,EAAE,iBAAiB;YAC7C,WAAW,EAAE,OAAO,EAAE,WAAW;YACjC,SAAS,EAAE,OAAO,EAAE,SAAS;YAC7B,YAAY,EAAE,IAAI,IAAI,EAAE;YACxB,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;SACvB,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,gBAAgB,CAAC,KAA4B;IAQpD,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC5C,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,MAA+B,CAAC,CAAC;IACvE,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;IACrF,OAAO;QACL,qBAAqB,EAAE,GAAG,CAAC,UAAU;QACrC,aAAa,EAAE,GAAG,CAAC,EAAE;QACrB,MAAM,EAAE,CAAC,GAAG,UAAU,CAAC;QACvB,YAAY,EAAE,QAAQ;QACtB,cAAc,EAAE,IAAI,IAAI,EAAE;QAC1B,sEAAsE;QACtE,iDAAiD;QACjD,SAAS,EAAE,IAAI;KAChB,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,EAAM,EACN,kBAA0B;IAE1B,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE;SACnB,MAAM,CAAC;QACN,EAAE,EAAE,iBAAiB,CAAC,qBAAqB;QAC3C,EAAE,EAAE,iBAAiB,CAAC,aAAa;QACnC,SAAS,EAAE,iBAAiB,CAAC,SAAS;KACvC,CAAC;SACD,IAAI,CAAC,iBAAiB,CAAC;SACvB,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAAC,EAAE,EAAE,kBAAkB,CAAC,CAAC;SACnD,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,GAAG,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC/B,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,YAAY,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,EAAM,EACN,kBAA0B;IAE1B,MAAM,EAAE;SACL,MAAM,CAAC,iBAAiB,CAAC;SACzB,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC;SAC9B,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAAC,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,EAAM,EACN,QAAgB;IAEhB,MAAM,IAAI,GAAG,MAAM,EAAE;SAClB,MAAM,CAAC;QACN,MAAM,EAAE,iBAAiB,CAAC,MAAM;QAChC,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAC;SACD,IAAI,CAAC,iBAAiB,CAAC;SACvB,SAAS,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC;SACxD,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;SAC/C,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAM;IAEN,OAAO,EAAE;SACN,MAAM,CAAC;QACN,EAAE,EAAE,YAAY,CAAC,EAAE;QACnB,QAAQ,EAAE,YAAY,CAAC,QAAQ;QAC/B,cAAc,EAAE,YAAY,CAAC,cAAc;QAC3C,SAAS,EAAE,YAAY,CAAC,SAAS;KAClC,CAAC;SACD,IAAI,CAAC,YAAY,CAAC,CAAC;AACxB,CAAC;AAED,sCAAsC;AAEtC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,EAAM,EACN,OAAwC;IAExC,MAAM,eAAe,GAAG,2BAA2B,CAAC,OAAO,CAAC,CAAC;IAC7D,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAE5C,0DAA0D;IAC1D,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE;SACxB,MAAM,EAAE;SACR,IAAI,CAAC,YAAY,CAAC;SAClB,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;SAC9D,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC;IAC9E,CAAC;IAED,sBAAsB;IACtB,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC,cAAc,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;IAC3F,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uDAAuD;AAEvD,MAAM,qBAAqB,GAAG,mBAAmB,CAAC;AAElD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,EAAM;IACpD,MAAM,IAAI,GAAG,MAAM,EAAE;SAClB,MAAM,EAAE;SACR,IAAI,CAAC,gBAAgB,CAAC;SACtB,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;SACtD,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC;IAC7B,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAiB,CAAC,CAAC,CAAC,EAAE,CAAC;AACvD,CAAC;AAED,4DAA4D;AAC5D,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,EAAM,EAAE,MAAc;IAC7D,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC,EAAE,CAAC,CAAC;IACpD,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO;IACrC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAErB,MAAM,QAAQ,GAAG,MAAM,EAAE;SACtB,MAAM,EAAE;SACR,IAAI,CAAC,gBAAgB,CAAC;SACtB,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;SACtD,KAAK,CAAC,CAAC,CAAC,CAAC;IAEZ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC,CAAC;IACnH,CAAC;SAAM,CAAC;QACN,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3F,CAAC;AACH,CAAC;AAED,iEAAiE;AACjE,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,EAAM,EAAE,MAAc;IAChE,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC,EAAE,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC;IAEnD,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM;QAAE,OAAO,CAAC,YAAY;IAE5D,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC,CAAC;AACpH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,EAAM,EACN,MAAqF,EACrF,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAE9C,yBAAyB;IACzB,IAAI,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhE,uBAAuB;IACvB,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED,4DAA4D;AAE5D,MAAM,kBAAkB,GAAG,cAAc,CAAC;AAC1C,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;AAWxD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,EAAM,EACN,KAAyC;IAEzC,MAAM,UAAU,GAAG,mBAAmB,EAAE,CAAC;IACzC,MAAM,GAAG,GAAG,GAAG,kBAAkB,GAAG,UAAU,EAAE,CAAC;IAEjD,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC;QACvC,GAAG;QACH,KAAK,EAAE;YACL,GAAG,KAAK;YACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,kBAAkB;SAC3C;KACF,CAAC,CAAC;IAEH,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,EAAM,EACN,UAAkB;IAElB,MAAM,GAAG,GAAG,GAAG,kBAAkB,GAAG,UAAU,EAAE,CAAC;IAEjD,gDAAgD;IAChD,MAAM,OAAO,GAAG,MAAM,EAAE;SACrB,MAAM,CAAC,gBAAgB,CAAC;SACxB,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SACpC,SAAS,EAAE,CAAC;IAEf,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC,KAAwB,CAAC;IAEnD,eAAe;IACf,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE9C,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAAsB,EACtB,IAAY;IAKZ,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,aAAa,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,SAAS,EAAE,KAAK,CAAC,QAAQ;gBACzB,aAAa,EAAE,KAAK,CAAC,YAAY;gBACjC,YAAY,EAAE,KAAK,CAAC,WAAW;aAChC,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAE9B,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAG/B,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAElD,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,IAAI,EAAE;gBACJ,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE;gBAChB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;gBAC5B,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI;gBAC1C,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI;gBACtC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,WAAW,KAAK,CAAC,cAAc,UAAU,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;aAC9F;SACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAUD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,EAAM,EACN,MAAc,EACd,SAAkB,EAClB,SAAkB;IAElB,MAAM,YAAY,GAAG,mBAAmB,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,qCAAqC;IAEvG,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;QAC/B,MAAM;QACN,KAAK,EAAE,YAAY;QACnB,SAAS;QACT,SAAS,EAAE,SAAS,IAAI,IAAI;QAC5B,SAAS,EAAE,SAAS,IAAI,IAAI;KAC7B,CAAC,CAAC;IAEH,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;AAC7C,CAAC;AAED,8BAA8B;AAE9B,MAAM,mBAAmB,GAAG,eAAe,CAAC;AAC5C,MAAM,mBAAmB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,aAAa;AAWzD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAM,EACN,IAAwC;IAExC,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,GAAG,mBAAmB,GAAG,KAAK,EAAE,CAAC;IAE7C,MAAM,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC;QACvC,GAAG;QACH,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,mBAAmB,EAAE;KAChE,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,EAAM,EACN,KAAa;IAEb,MAAM,GAAG,GAAG,GAAG,mBAAmB,GAAG,KAAK,EAAE,CAAC;IAE7C,2CAA2C;IAC3C,MAAM,OAAO,GAAG,MAAM,EAAE;SACrB,MAAM,CAAC,gBAAgB,CAAC;SACxB,KAAK,CAAC,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;SACpC,SAAS,EAAE,CAAC;IAEf,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEtC,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC,KAAwB,CAAC;IAClD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE7C,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"health.test.d.ts","sourceRoot":"","sources":["../../../src/identity/__tests__/health.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
import { describe, it, expect, beforeEach, afterEach } from 'vitest';
|
|
2
|
+
import { checkIdentityConfig, assertIdentityConfig } from '../health.js';
|
|
3
|
+
const VALID_KEY = '0'.repeat(64);
|
|
4
|
+
// Minimal CommonPubConfig builder — kept inline (rather than importing
|
|
5
|
+
// @commonpub/test-utils) so this test file doesn't add a workspace dep
|
|
6
|
+
// that @commonpub/server otherwise doesn't need.
|
|
7
|
+
function makeConfig(idOverrides = {}) {
|
|
8
|
+
return {
|
|
9
|
+
instance: {
|
|
10
|
+
domain: 'test.example.com',
|
|
11
|
+
name: 'Test',
|
|
12
|
+
description: 'Test instance',
|
|
13
|
+
},
|
|
14
|
+
features: {
|
|
15
|
+
content: true, social: true, hubs: true, docs: true, video: true,
|
|
16
|
+
contests: false, events: false, learning: true, explainers: true,
|
|
17
|
+
editorial: true, federation: false, seamlessFederation: false,
|
|
18
|
+
federateHubs: false, admin: false, emailNotifications: false,
|
|
19
|
+
publicApi: false,
|
|
20
|
+
identity: {
|
|
21
|
+
linkRemoteAccounts: false,
|
|
22
|
+
signInWithRemote: false,
|
|
23
|
+
actingAs: false,
|
|
24
|
+
remoteInteract: false,
|
|
25
|
+
remotePublish: false,
|
|
26
|
+
...idOverrides,
|
|
27
|
+
},
|
|
28
|
+
},
|
|
29
|
+
auth: {
|
|
30
|
+
emailPassword: true,
|
|
31
|
+
magicLink: false,
|
|
32
|
+
passkeys: false,
|
|
33
|
+
},
|
|
34
|
+
docs: {
|
|
35
|
+
searchLanguage: 'english',
|
|
36
|
+
},
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
describe('checkIdentityConfig', () => {
|
|
40
|
+
let originalKey;
|
|
41
|
+
beforeEach(() => {
|
|
42
|
+
originalKey = process.env.CPUB_FED_TOKEN_KEY;
|
|
43
|
+
});
|
|
44
|
+
afterEach(() => {
|
|
45
|
+
if (originalKey === undefined)
|
|
46
|
+
delete process.env.CPUB_FED_TOKEN_KEY;
|
|
47
|
+
else
|
|
48
|
+
process.env.CPUB_FED_TOKEN_KEY = originalKey;
|
|
49
|
+
});
|
|
50
|
+
it('ok when no identity flags are enabled', () => {
|
|
51
|
+
delete process.env.CPUB_FED_TOKEN_KEY;
|
|
52
|
+
const result = checkIdentityConfig(makeConfig());
|
|
53
|
+
expect(result).toEqual({ ok: true, errors: [] });
|
|
54
|
+
});
|
|
55
|
+
it('ok when only `actingAs` is enabled (no token I/O)', () => {
|
|
56
|
+
delete process.env.CPUB_FED_TOKEN_KEY;
|
|
57
|
+
const result = checkIdentityConfig(makeConfig({ actingAs: true }));
|
|
58
|
+
expect(result.ok).toBe(true);
|
|
59
|
+
});
|
|
60
|
+
it('errors when linkRemoteAccounts is on without key', () => {
|
|
61
|
+
delete process.env.CPUB_FED_TOKEN_KEY;
|
|
62
|
+
const result = checkIdentityConfig(makeConfig({ linkRemoteAccounts: true }));
|
|
63
|
+
expect(result.ok).toBe(false);
|
|
64
|
+
expect(result.errors[0]).toMatch(/CPUB_FED_TOKEN_KEY/);
|
|
65
|
+
});
|
|
66
|
+
it('errors when signInWithRemote is on without key', () => {
|
|
67
|
+
delete process.env.CPUB_FED_TOKEN_KEY;
|
|
68
|
+
const result = checkIdentityConfig(makeConfig({ signInWithRemote: true }));
|
|
69
|
+
expect(result.ok).toBe(false);
|
|
70
|
+
});
|
|
71
|
+
it('errors when remoteInteract is on without key', () => {
|
|
72
|
+
delete process.env.CPUB_FED_TOKEN_KEY;
|
|
73
|
+
const result = checkIdentityConfig(makeConfig({ remoteInteract: true }));
|
|
74
|
+
expect(result.ok).toBe(false);
|
|
75
|
+
});
|
|
76
|
+
it('errors when remotePublish is on without key', () => {
|
|
77
|
+
delete process.env.CPUB_FED_TOKEN_KEY;
|
|
78
|
+
const result = checkIdentityConfig(makeConfig({ remotePublish: true }));
|
|
79
|
+
expect(result.ok).toBe(false);
|
|
80
|
+
});
|
|
81
|
+
it('ok when token-using flag is on AND key is configured', () => {
|
|
82
|
+
process.env.CPUB_FED_TOKEN_KEY = VALID_KEY;
|
|
83
|
+
const result = checkIdentityConfig(makeConfig({ linkRemoteAccounts: true, remotePublish: true }));
|
|
84
|
+
expect(result.ok).toBe(true);
|
|
85
|
+
});
|
|
86
|
+
it('errors when key is malformed (wrong length)', () => {
|
|
87
|
+
process.env.CPUB_FED_TOKEN_KEY = '0'.repeat(63);
|
|
88
|
+
const result = checkIdentityConfig(makeConfig({ linkRemoteAccounts: true }));
|
|
89
|
+
expect(result.ok).toBe(false);
|
|
90
|
+
expect(result.errors[0]).toMatch(/CPUB_FED_TOKEN_KEY/);
|
|
91
|
+
});
|
|
92
|
+
});
|
|
93
|
+
describe('assertIdentityConfig', () => {
|
|
94
|
+
let originalKey;
|
|
95
|
+
beforeEach(() => {
|
|
96
|
+
originalKey = process.env.CPUB_FED_TOKEN_KEY;
|
|
97
|
+
});
|
|
98
|
+
afterEach(() => {
|
|
99
|
+
if (originalKey === undefined)
|
|
100
|
+
delete process.env.CPUB_FED_TOKEN_KEY;
|
|
101
|
+
else
|
|
102
|
+
process.env.CPUB_FED_TOKEN_KEY = originalKey;
|
|
103
|
+
});
|
|
104
|
+
it('does not throw when ok', () => {
|
|
105
|
+
process.env.CPUB_FED_TOKEN_KEY = VALID_KEY;
|
|
106
|
+
expect(() => assertIdentityConfig(makeConfig({ linkRemoteAccounts: true }))).not.toThrow();
|
|
107
|
+
});
|
|
108
|
+
it('throws with all errors joined when not ok', () => {
|
|
109
|
+
delete process.env.CPUB_FED_TOKEN_KEY;
|
|
110
|
+
expect(() => assertIdentityConfig(makeConfig({ linkRemoteAccounts: true }))).toThrow(/misconfigured.*CPUB_FED_TOKEN_KEY/s);
|
|
111
|
+
});
|
|
112
|
+
});
|
|
113
|
+
//# sourceMappingURL=health.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"health.test.js","sourceRoot":"","sources":["../../../src/identity/__tests__/health.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAErE,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAEzE,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAEjC,uEAAuE;AACvE,uEAAuE;AACvE,iDAAiD;AACjD,SAAS,UAAU,CAAC,cAAgE,EAAE;IACpF,OAAO;QACL,QAAQ,EAAE;YACR,MAAM,EAAE,kBAAkB;YAC1B,IAAI,EAAE,MAAM;YACZ,WAAW,EAAE,eAAe;SAC7B;QACD,QAAQ,EAAE;YACR,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI;YAChE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI;YAChE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK;YAC7D,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK;YAC5D,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE;gBACR,kBAAkB,EAAE,KAAK;gBACzB,gBAAgB,EAAE,KAAK;gBACvB,QAAQ,EAAE,KAAK;gBACf,cAAc,EAAE,KAAK;gBACrB,aAAa,EAAE,KAAK;gBACpB,GAAG,WAAW;aACf;SACF;QACD,IAAI,EAAE;YACJ,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE,KAAK;SAChB;QACD,IAAI,EAAE;YACJ,cAAc,EAAE,SAAS;SAC1B;KACF,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,IAAI,WAA+B,CAAC;IAEpC,UAAU,CAAC,GAAG,EAAE;QACd,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,WAAW,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;;YAChE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,WAAW,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,EAAE,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACnE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC7E,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3E,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACzE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,SAAS,CAAC;QAC3C,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAClG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC7E,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,IAAI,WAA+B,CAAC;IAEpC,UAAU,CAAC,GAAG,EAAE;QACd,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,WAAW,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;;YAChE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,WAAW,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,SAAS,CAAC;QAC3C,MAAM,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC,UAAU,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAC7F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,MAAM,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC,UAAU,CAAC,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,oCAAoC,CAAC,CAAC;IAC7H,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"router.test.d.ts","sourceRoot":"","sources":["../../../src/identity/__tests__/router.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,163 @@
|
|
|
1
|
+
import { describe, it, expect, vi, afterEach } from 'vitest';
|
|
2
|
+
import { run, ActionUnavailable, InsufficientScopes, LinkedIdentityRevoked, } from '../router.js';
|
|
3
|
+
import { setFediClientFactory, } from '../fediClient.js';
|
|
4
|
+
// Reset the factory between tests so leakage between cases is impossible.
|
|
5
|
+
afterEach(() => setFediClientFactory(null));
|
|
6
|
+
const fakeEvent = {};
|
|
7
|
+
const NATIVE = {
|
|
8
|
+
kind: 'native',
|
|
9
|
+
id: 'u1',
|
|
10
|
+
userId: 'u1',
|
|
11
|
+
username: 'moheeb',
|
|
12
|
+
instance: 'deveco.io',
|
|
13
|
+
actorUri: 'https://deveco.io/users/moheeb',
|
|
14
|
+
handle: '@moheeb@deveco.io',
|
|
15
|
+
};
|
|
16
|
+
function makeLinked(overrides = {}) {
|
|
17
|
+
return {
|
|
18
|
+
kind: 'linked',
|
|
19
|
+
id: 'fa1',
|
|
20
|
+
userId: 'u1',
|
|
21
|
+
username: 'moheeb',
|
|
22
|
+
instance: 'commonpub.io',
|
|
23
|
+
actorUri: 'https://commonpub.io/users/moheeb',
|
|
24
|
+
handle: '@moheeb@commonpub.io',
|
|
25
|
+
scopes: ['read', 'write'],
|
|
26
|
+
softwareKind: 'cpub',
|
|
27
|
+
revokedAt: null,
|
|
28
|
+
...overrides,
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
function makeAction(opts = {}) {
|
|
32
|
+
return {
|
|
33
|
+
name: opts.name ?? 'test-action',
|
|
34
|
+
scopes: opts.scopes ?? [],
|
|
35
|
+
local: opts.local ?? vi.fn(async () => 'local-result'),
|
|
36
|
+
remote: opts.remote,
|
|
37
|
+
};
|
|
38
|
+
}
|
|
39
|
+
describe('run() — native identity', () => {
|
|
40
|
+
it('dispatches to action.local', async () => {
|
|
41
|
+
const local = vi.fn(async () => 'OK');
|
|
42
|
+
const action = makeAction({ local });
|
|
43
|
+
const result = await run(fakeEvent, NATIVE, action, undefined);
|
|
44
|
+
expect(result).toBe('OK');
|
|
45
|
+
expect(local).toHaveBeenCalledOnce();
|
|
46
|
+
expect(local).toHaveBeenCalledWith(fakeEvent, NATIVE, undefined);
|
|
47
|
+
});
|
|
48
|
+
it('passes input through unchanged', async () => {
|
|
49
|
+
const local = vi.fn(async (_e, _id, x) => x.hello);
|
|
50
|
+
const action = {
|
|
51
|
+
name: 'test',
|
|
52
|
+
scopes: [],
|
|
53
|
+
local,
|
|
54
|
+
};
|
|
55
|
+
const result = await run(fakeEvent, NATIVE, action, { hello: 'world' });
|
|
56
|
+
expect(result).toBe('world');
|
|
57
|
+
});
|
|
58
|
+
it('does NOT check scopes for native (scopes are linked-only)', async () => {
|
|
59
|
+
const action = makeAction({ scopes: ['publish'] });
|
|
60
|
+
// Native passes through even though "scopes: ['publish']" is declared.
|
|
61
|
+
const result = await run(fakeEvent, NATIVE, action, undefined);
|
|
62
|
+
expect(result).toBe('local-result');
|
|
63
|
+
});
|
|
64
|
+
});
|
|
65
|
+
describe('run() — linked identity', () => {
|
|
66
|
+
it('throws ActionUnavailable when the action has no remote half', async () => {
|
|
67
|
+
const action = makeAction(); // no remote
|
|
68
|
+
await expect(run(fakeEvent, makeLinked(), action, undefined))
|
|
69
|
+
.rejects.toBeInstanceOf(ActionUnavailable);
|
|
70
|
+
await expect(run(fakeEvent, makeLinked(), action, undefined))
|
|
71
|
+
.rejects.toMatchObject({ action: 'test-action', reason: 'not-proxiable' });
|
|
72
|
+
});
|
|
73
|
+
it('throws LinkedIdentityRevoked when the grant is revoked', async () => {
|
|
74
|
+
const remote = vi.fn(async () => 'remote-result');
|
|
75
|
+
const action = makeAction({ remote });
|
|
76
|
+
const revoked = makeLinked({ revokedAt: new Date() });
|
|
77
|
+
await expect(run(fakeEvent, revoked, action, undefined))
|
|
78
|
+
.rejects.toBeInstanceOf(LinkedIdentityRevoked);
|
|
79
|
+
expect(remote).not.toHaveBeenCalled();
|
|
80
|
+
});
|
|
81
|
+
it('throws InsufficientScopes when granted scopes do not cover required', async () => {
|
|
82
|
+
const remote = vi.fn(async () => 'remote-result');
|
|
83
|
+
const action = makeAction({ scopes: ['publish'], remote });
|
|
84
|
+
const linked = makeLinked({ scopes: ['read', 'write'] });
|
|
85
|
+
try {
|
|
86
|
+
await run(fakeEvent, linked, action, undefined);
|
|
87
|
+
throw new Error('expected throw');
|
|
88
|
+
}
|
|
89
|
+
catch (err) {
|
|
90
|
+
expect(err).toBeInstanceOf(InsufficientScopes);
|
|
91
|
+
expect(err.required).toEqual(['publish']);
|
|
92
|
+
expect(err.granted).toEqual(['read', 'write']);
|
|
93
|
+
}
|
|
94
|
+
expect(remote).not.toHaveBeenCalled();
|
|
95
|
+
});
|
|
96
|
+
it('throws when no FediClient factory is registered', async () => {
|
|
97
|
+
// Phase 1a default state: no factory. Reaching getFediClient must
|
|
98
|
+
// surface a clear, actionable error rather than silently no-op'ing.
|
|
99
|
+
const remote = vi.fn(async () => 'remote-result');
|
|
100
|
+
const action = makeAction({ scopes: ['read'], remote });
|
|
101
|
+
const linked = makeLinked({ scopes: ['read', 'write'] });
|
|
102
|
+
await expect(run(fakeEvent, linked, action, undefined))
|
|
103
|
+
.rejects.toThrow(/factory not registered/);
|
|
104
|
+
expect(remote).not.toHaveBeenCalled();
|
|
105
|
+
});
|
|
106
|
+
it('dispatches to action.remote with the factory-built client', async () => {
|
|
107
|
+
// The crucial chain-completeness test: Phase 1b plugs in a factory,
|
|
108
|
+
// and run() must thread the constructed client through to the
|
|
109
|
+
// action's remote handler with the linked identity unchanged.
|
|
110
|
+
const fakeClient = {
|
|
111
|
+
account: { verifyCredentials: vi.fn(async () => ({ id: '1', username: 'm', acct: 'm@host' })) },
|
|
112
|
+
};
|
|
113
|
+
const factory = vi.fn(async () => fakeClient);
|
|
114
|
+
setFediClientFactory(factory);
|
|
115
|
+
const remote = vi.fn(async (client, _id, _input) => {
|
|
116
|
+
// Verify it's actually the registered factory's client
|
|
117
|
+
expect(client).toBe(fakeClient);
|
|
118
|
+
return 'remote-result';
|
|
119
|
+
});
|
|
120
|
+
const action = makeAction({ scopes: ['read'], remote });
|
|
121
|
+
const linked = makeLinked({ scopes: ['read', 'write'] });
|
|
122
|
+
const result = await run(fakeEvent, linked, action, undefined);
|
|
123
|
+
expect(result).toBe('remote-result');
|
|
124
|
+
expect(factory).toHaveBeenCalledOnce();
|
|
125
|
+
expect(factory).toHaveBeenCalledWith(linked);
|
|
126
|
+
expect(remote).toHaveBeenCalledOnce();
|
|
127
|
+
});
|
|
128
|
+
it('propagates factory errors as-is (no silent swallow)', async () => {
|
|
129
|
+
setFediClientFactory(async () => { throw new Error('database unreachable'); });
|
|
130
|
+
const action = makeAction({ scopes: ['read'], remote: vi.fn() });
|
|
131
|
+
const linked = makeLinked({ scopes: ['read'] });
|
|
132
|
+
await expect(run(fakeEvent, linked, action, undefined))
|
|
133
|
+
.rejects.toThrow(/database unreachable/);
|
|
134
|
+
});
|
|
135
|
+
});
|
|
136
|
+
describe('error classes', () => {
|
|
137
|
+
it('ActionUnavailable carries action + reason', () => {
|
|
138
|
+
const e = new ActionUnavailable('publish', 'no-token');
|
|
139
|
+
expect(e.name).toBe('ActionUnavailable');
|
|
140
|
+
expect(e.action).toBe('publish');
|
|
141
|
+
expect(e.reason).toBe('no-token');
|
|
142
|
+
expect(e.message).toContain('publish');
|
|
143
|
+
expect(e.message).toContain('no-token');
|
|
144
|
+
});
|
|
145
|
+
it('InsufficientScopes carries required + granted', () => {
|
|
146
|
+
const e = new InsufficientScopes('publish', ['publish'], ['read']);
|
|
147
|
+
expect(e.required).toEqual(['publish']);
|
|
148
|
+
expect(e.granted).toEqual(['read']);
|
|
149
|
+
expect(e.message).toContain('publish');
|
|
150
|
+
});
|
|
151
|
+
it('LinkedIdentityRevoked carries identity reference', () => {
|
|
152
|
+
const id = makeLinked({ revokedAt: new Date() });
|
|
153
|
+
const e = new LinkedIdentityRevoked(id);
|
|
154
|
+
expect(e.identity).toBe(id);
|
|
155
|
+
expect(e.message).toContain(id.handle);
|
|
156
|
+
});
|
|
157
|
+
// Sanity: typeof Identity narrowing works at runtime
|
|
158
|
+
it('Identity union still includes both kinds', () => {
|
|
159
|
+
const ids = [NATIVE, makeLinked()];
|
|
160
|
+
expect(ids.map(i => i.kind).sort()).toEqual(['linked', 'native']);
|
|
161
|
+
});
|
|
162
|
+
});
|
|
163
|
+
//# sourceMappingURL=router.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"router.test.js","sourceRoot":"","sources":["../../../src/identity/__tests__/router.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAO7D,OAAO,EACL,GAAG,EACH,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,GAEtB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,oBAAoB,GAGrB,MAAM,kBAAkB,CAAC;AAE1B,0EAA0E;AAC1E,SAAS,CAAC,GAAG,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC;AAK5C,MAAM,SAAS,GAAc,EAAE,CAAC;AAEhC,MAAM,MAAM,GAAmB;IAC7B,IAAI,EAAE,QAAQ;IACd,EAAE,EAAE,IAAI;IACR,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,WAAW;IACrB,QAAQ,EAAE,gCAAgC;IAC1C,MAAM,EAAE,mBAAmB;CAC5B,CAAC;AAEF,SAAS,UAAU,CAAC,YAAqC,EAAE;IACzD,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,EAAE,EAAE,KAAK;QACT,MAAM,EAAE,IAAI;QACZ,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,cAAc;QACxB,QAAQ,EAAE,mCAAmC;QAC7C,MAAM,EAAE,sBAAsB;QAC9B,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAY;QACpC,YAAY,EAAE,MAAM;QACpB,SAAS,EAAE,IAAI;QACf,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAA4B,OAK3C,EAAE;IACJ,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,aAAa;QAChC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;QACzB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAK,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,cAAsB,CAA2D;QACzH,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,KAAK,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,EAAE,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,KAAK,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,EAAa,EAAE,GAAG,EAAE,CAAoB,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACjF,MAAM,MAAM,GAAsD;YAChE,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,EAAE;YACV,KAAK;SACN,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACxE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACnD,uEAAuE;QACvE,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,EAAE,CAAC,6DAA6D,EAAE,KAAK,IAAI,EAAE;QAC3E,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC,CAAC,YAAY;QACzC,MAAM,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;aAC1D,OAAO,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC;QAC7C,MAAM,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;aAC1D,OAAO,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,UAAU,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QACtD,MAAM,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;aACrD,OAAO,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QACzD,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;YAC/C,MAAM,CAAE,GAA0B,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;YAClE,MAAM,CAAE,GAA0B,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,kEAAkE;QAClE,oEAAoE;QACpE,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,eAAe,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QACzD,MAAM,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;aACpD,OAAO,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,oEAAoE;QACpE,8DAA8D;QAC9D,8DAA8D;QAC9D,MAAM,UAAU,GAAe;YAC7B,OAAO,EAAE,EAAE,iBAAiB,EAAE,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE;SAChG,CAAC;QACF,MAAM,OAAO,GAAsB,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC;QACjE,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,MAAkB,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE;YAC7D,uDAAuD;YACvD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAChC,OAAO,eAAe,CAAC;QACzB,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAEzD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACrC,MAAM,CAAC,OAAO,CAAC,CAAC,oBAAoB,EAAE,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,oBAAoB,CAAC,KAAK,IAAI,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAChD,MAAM,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;aACpD,OAAO,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,GAAG,IAAI,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACvD,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACzC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACjC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACvC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,CAAC,GAAG,IAAI,kBAAkB,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QACnE,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACpC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,EAAE,GAAG,UAAU,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QACjD,MAAM,CAAC,GAAG,IAAI,qBAAqB,CAAC,EAAE,CAAC,CAAC;QACxC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5B,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,qDAAqD;IACrD,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,GAAG,GAAe,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;QAC/C,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|