@crowi/api 2.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (887) hide show
  1. package/LICENSE +21 -0
  2. package/dist/app.d.ts +8 -0
  3. package/dist/app.js +65 -0
  4. package/dist/app.js.map +1 -0
  5. package/dist/collab/attach.d.ts +33 -0
  6. package/dist/collab/attach.js +341 -0
  7. package/dist/collab/attach.js.map +1 -0
  8. package/dist/collab/extension-redis.d.ts +25 -0
  9. package/dist/collab/extension-redis.js +133 -0
  10. package/dist/collab/extension-redis.js.map +1 -0
  11. package/dist/common/functions/path2name.d.ts +1 -0
  12. package/dist/common/functions/path2name.js +22 -0
  13. package/dist/common/functions/path2name.js.map +1 -0
  14. package/dist/common/functions/renderIcon.d.ts +1 -0
  15. package/dist/common/functions/renderIcon.js +9 -0
  16. package/dist/common/functions/renderIcon.js.map +1 -0
  17. package/dist/controllers/admin.d.ts +3 -0
  18. package/dist/controllers/admin.js +474 -0
  19. package/dist/controllers/admin.js.map +1 -0
  20. package/dist/controllers/attachment.d.ts +4 -0
  21. package/dist/controllers/attachment.js +200 -0
  22. package/dist/controllers/attachment.js.map +1 -0
  23. package/dist/controllers/backlink.d.ts +3 -0
  24. package/dist/controllers/backlink.js +42 -0
  25. package/dist/controllers/backlink.js.map +1 -0
  26. package/dist/controllers/bookmark.d.ts +3 -0
  27. package/dist/controllers/bookmark.js +100 -0
  28. package/dist/controllers/bookmark.js.map +1 -0
  29. package/dist/controllers/comment.d.ts +3 -0
  30. package/dist/controllers/comment.js +111 -0
  31. package/dist/controllers/comment.js.map +1 -0
  32. package/dist/controllers/index.d.ts +25 -0
  33. package/dist/controllers/index.js +44 -0
  34. package/dist/controllers/index.js.map +1 -0
  35. package/dist/controllers/installer.d.ts +3 -0
  36. package/dist/controllers/installer.js +48 -0
  37. package/dist/controllers/installer.js.map +1 -0
  38. package/dist/controllers/login.d.ts +4 -0
  39. package/dist/controllers/login.js +438 -0
  40. package/dist/controllers/login.js.map +1 -0
  41. package/dist/controllers/logout.d.ts +5 -0
  42. package/dist/controllers/logout.js +11 -0
  43. package/dist/controllers/logout.js.map +1 -0
  44. package/dist/controllers/me.d.ts +4 -0
  45. package/dist/controllers/me.js +369 -0
  46. package/dist/controllers/me.js.map +1 -0
  47. package/dist/controllers/notification.d.ts +3 -0
  48. package/dist/controllers/notification.js +88 -0
  49. package/dist/controllers/notification.js.map +1 -0
  50. package/dist/controllers/page.d.ts +3 -0
  51. package/dist/controllers/page.js +881 -0
  52. package/dist/controllers/page.js.map +1 -0
  53. package/dist/controllers/revision.d.ts +3 -0
  54. package/dist/controllers/revision.js +91 -0
  55. package/dist/controllers/revision.js.map +1 -0
  56. package/dist/controllers/search.d.ts +3 -0
  57. package/dist/controllers/search.js +93 -0
  58. package/dist/controllers/search.js.map +1 -0
  59. package/dist/controllers/share.d.ts +3 -0
  60. package/dist/controllers/share.js +207 -0
  61. package/dist/controllers/share.js.map +1 -0
  62. package/dist/controllers/shareAccess.d.ts +3 -0
  63. package/dist/controllers/shareAccess.js +28 -0
  64. package/dist/controllers/shareAccess.js.map +1 -0
  65. package/dist/controllers/slack.d.ts +3 -0
  66. package/dist/controllers/slack.js +87 -0
  67. package/dist/controllers/slack.js.map +1 -0
  68. package/dist/controllers/tokenAuth.d.ts +10 -0
  69. package/dist/controllers/tokenAuth.js +292 -0
  70. package/dist/controllers/tokenAuth.js.map +1 -0
  71. package/dist/controllers/user.d.ts +3 -0
  72. package/dist/controllers/user.js +67 -0
  73. package/dist/controllers/user.js.map +1 -0
  74. package/dist/controllers/version.d.ts +4 -0
  75. package/dist/controllers/version.js +19 -0
  76. package/dist/controllers/version.js.map +1 -0
  77. package/dist/crowi/express-init.d.ts +4 -0
  78. package/dist/crowi/express-init.js +101 -0
  79. package/dist/crowi/express-init.js.map +1 -0
  80. package/dist/crowi/index.d.ts +245 -0
  81. package/dist/crowi/index.js +726 -0
  82. package/dist/crowi/index.js.map +1 -0
  83. package/dist/events/activity.d.ts +7 -0
  84. package/dist/events/activity.js +15 -0
  85. package/dist/events/activity.js.map +1 -0
  86. package/dist/events/bookmark.d.ts +8 -0
  87. package/dist/events/bookmark.js +16 -0
  88. package/dist/events/bookmark.js.map +1 -0
  89. package/dist/events/comment.d.ts +6 -0
  90. package/dist/events/comment.js +14 -0
  91. package/dist/events/comment.js.map +1 -0
  92. package/dist/events/config.d.ts +6 -0
  93. package/dist/events/config.js +12 -0
  94. package/dist/events/config.js.map +1 -0
  95. package/dist/events/index.d.ts +17 -0
  96. package/dist/events/index.js +22 -0
  97. package/dist/events/index.js.map +1 -0
  98. package/dist/events/mention-dispatch.d.ts +44 -0
  99. package/dist/events/mention-dispatch.js +151 -0
  100. package/dist/events/mention-dispatch.js.map +1 -0
  101. package/dist/events/notification.d.ts +7 -0
  102. package/dist/events/notification.js +15 -0
  103. package/dist/events/notification.js.map +1 -0
  104. package/dist/events/page.d.ts +44 -0
  105. package/dist/events/page.js +134 -0
  106. package/dist/events/page.js.map +1 -0
  107. package/dist/events/render-cache.d.ts +24 -0
  108. package/dist/events/render-cache.js +63 -0
  109. package/dist/events/render-cache.js.map +1 -0
  110. package/dist/events/user.d.ts +9 -0
  111. package/dist/events/user.js +39 -0
  112. package/dist/events/user.js.map +1 -0
  113. package/dist/form/admin/app.d.ts +2 -0
  114. package/dist/form/admin/app.js +9 -0
  115. package/dist/form/admin/app.js.map +1 -0
  116. package/dist/form/admin/auth.d.ts +2 -0
  117. package/dist/form/admin/auth.js +9 -0
  118. package/dist/form/admin/auth.js.map +1 -0
  119. package/dist/form/admin/aws.d.ts +2 -0
  120. package/dist/form/admin/aws.js +13 -0
  121. package/dist/form/admin/aws.js.map +1 -0
  122. package/dist/form/admin/github.d.ts +2 -0
  123. package/dist/form/admin/github.js +15 -0
  124. package/dist/form/admin/github.js.map +1 -0
  125. package/dist/form/admin/google.d.ts +2 -0
  126. package/dist/form/admin/google.js +13 -0
  127. package/dist/form/admin/google.js.map +1 -0
  128. package/dist/form/admin/mail.d.ts +2 -0
  129. package/dist/form/admin/mail.js +13 -0
  130. package/dist/form/admin/mail.js.map +1 -0
  131. package/dist/form/admin/sec.d.ts +2 -0
  132. package/dist/form/admin/sec.js +10 -0
  133. package/dist/form/admin/sec.js.map +1 -0
  134. package/dist/form/admin/slackSetting.d.ts +2 -0
  135. package/dist/form/admin/slackSetting.js +13 -0
  136. package/dist/form/admin/slackSetting.js.map +1 -0
  137. package/dist/form/admin/userEdit.d.ts +2 -0
  138. package/dist/form/admin/userEdit.js +9 -0
  139. package/dist/form/admin/userEdit.js.map +1 -0
  140. package/dist/form/admin/userInvite.d.ts +2 -0
  141. package/dist/form/admin/userInvite.js +9 -0
  142. package/dist/form/admin/userInvite.js.map +1 -0
  143. package/dist/form/comment.d.ts +2 -0
  144. package/dist/form/comment.js +9 -0
  145. package/dist/form/comment.js.map +1 -0
  146. package/dist/form/index.d.ts +25 -0
  147. package/dist/form/index.js +48 -0
  148. package/dist/form/index.js.map +1 -0
  149. package/dist/form/invited.d.ts +2 -0
  150. package/dist/form/invited.js +13 -0
  151. package/dist/form/invited.js.map +1 -0
  152. package/dist/form/login.d.ts +2 -0
  153. package/dist/form/login.js +11 -0
  154. package/dist/form/login.js.map +1 -0
  155. package/dist/form/me/apiToken.d.ts +2 -0
  156. package/dist/form/me/apiToken.js +9 -0
  157. package/dist/form/me/apiToken.js.map +1 -0
  158. package/dist/form/me/password.d.ts +2 -0
  159. package/dist/form/me/password.js +11 -0
  160. package/dist/form/me/password.js.map +1 -0
  161. package/dist/form/me/user.d.ts +2 -0
  162. package/dist/form/me/user.js +9 -0
  163. package/dist/form/me/user.js.map +1 -0
  164. package/dist/form/register.d.ts +2 -0
  165. package/dist/form/register.js +13 -0
  166. package/dist/form/register.js.map +1 -0
  167. package/dist/form/revision.d.ts +2 -0
  168. package/dist/form/revision.js +13 -0
  169. package/dist/form/revision.js.map +1 -0
  170. package/dist/hono/app.d.ts +19 -0
  171. package/dist/hono/app.js +21 -0
  172. package/dist/hono/app.js.map +1 -0
  173. package/dist/hono/handlers/_helpers/errors.d.ts +61 -0
  174. package/dist/hono/handlers/_helpers/errors.js +51 -0
  175. package/dist/hono/handlers/_helpers/errors.js.map +1 -0
  176. package/dist/hono/handlers/_helpers/user-shape.d.ts +46 -0
  177. package/dist/hono/handlers/_helpers/user-shape.js +23 -0
  178. package/dist/hono/handlers/_helpers/user-shape.js.map +1 -0
  179. package/dist/hono/handlers/access-token.d.ts +221 -0
  180. package/dist/hono/handlers/access-token.js +113 -0
  181. package/dist/hono/handlers/access-token.js.map +1 -0
  182. package/dist/hono/handlers/activation.d.ts +117 -0
  183. package/dist/hono/handlers/activation.js +77 -0
  184. package/dist/hono/handlers/activation.js.map +1 -0
  185. package/dist/hono/handlers/admin/app.d.ts +123 -0
  186. package/dist/hono/handlers/admin/app.js +76 -0
  187. package/dist/hono/handlers/admin/app.js.map +1 -0
  188. package/dist/hono/handlers/admin/auth.d.ts +127 -0
  189. package/dist/hono/handlers/admin/auth.js +91 -0
  190. package/dist/hono/handlers/admin/auth.js.map +1 -0
  191. package/dist/hono/handlers/admin/mail.d.ts +168 -0
  192. package/dist/hono/handlers/admin/mail.js +76 -0
  193. package/dist/hono/handlers/admin/mail.js.map +1 -0
  194. package/dist/hono/handlers/admin/plugins.d.ts +409 -0
  195. package/dist/hono/handlers/admin/plugins.js +257 -0
  196. package/dist/hono/handlers/admin/plugins.js.map +1 -0
  197. package/dist/hono/handlers/admin/search.d.ts +57 -0
  198. package/dist/hono/handlers/admin/search.js +55 -0
  199. package/dist/hono/handlers/admin/search.js.map +1 -0
  200. package/dist/hono/handlers/admin/security.d.ts +112 -0
  201. package/dist/hono/handlers/admin/security.js +71 -0
  202. package/dist/hono/handlers/admin/security.js.map +1 -0
  203. package/dist/hono/handlers/admin/share.d.ts +106 -0
  204. package/dist/hono/handlers/admin/share.js +55 -0
  205. package/dist/hono/handlers/admin/share.js.map +1 -0
  206. package/dist/hono/handlers/admin/storage.d.ts +55 -0
  207. package/dist/hono/handlers/admin/storage.js +40 -0
  208. package/dist/hono/handlers/admin/storage.js.map +1 -0
  209. package/dist/hono/handlers/admin/users.d.ts +1230 -0
  210. package/dist/hono/handlers/admin/users.js +316 -0
  211. package/dist/hono/handlers/admin/users.js.map +1 -0
  212. package/dist/hono/handlers/adminCrypto.d.ts +110 -0
  213. package/dist/hono/handlers/adminCrypto.js +151 -0
  214. package/dist/hono/handlers/adminCrypto.js.map +1 -0
  215. package/dist/hono/handlers/app.d.ts +26 -0
  216. package/dist/hono/handlers/app.js +34 -0
  217. package/dist/hono/handlers/app.js.map +1 -0
  218. package/dist/hono/handlers/attachment-stream.d.ts +4 -0
  219. package/dist/hono/handlers/attachment-stream.js +211 -0
  220. package/dist/hono/handlers/attachment-stream.js.map +1 -0
  221. package/dist/hono/handlers/attachment.d.ts +687 -0
  222. package/dist/hono/handlers/attachment.js +566 -0
  223. package/dist/hono/handlers/attachment.js.map +1 -0
  224. package/dist/hono/handlers/autocomplete.d.ts +160 -0
  225. package/dist/hono/handlers/autocomplete.js +181 -0
  226. package/dist/hono/handlers/autocomplete.js.map +1 -0
  227. package/dist/hono/handlers/backlink.d.ts +78 -0
  228. package/dist/hono/handlers/backlink.js +93 -0
  229. package/dist/hono/handlers/backlink.js.map +1 -0
  230. package/dist/hono/handlers/bookmark.d.ts +558 -0
  231. package/dist/hono/handlers/bookmark.js +166 -0
  232. package/dist/hono/handlers/bookmark.js.map +1 -0
  233. package/dist/hono/handlers/comment.d.ts +231 -0
  234. package/dist/hono/handlers/comment.js +191 -0
  235. package/dist/hono/handlers/comment.js.map +1 -0
  236. package/dist/hono/handlers/draft.d.ts +136 -0
  237. package/dist/hono/handlers/draft.js +191 -0
  238. package/dist/hono/handlers/draft.js.map +1 -0
  239. package/dist/hono/handlers/emailChange.d.ts +124 -0
  240. package/dist/hono/handlers/emailChange.js +79 -0
  241. package/dist/hono/handlers/emailChange.js.map +1 -0
  242. package/dist/hono/handlers/installer.d.ts +94 -0
  243. package/dist/hono/handlers/installer.js +93 -0
  244. package/dist/hono/handlers/installer.js.map +1 -0
  245. package/dist/hono/handlers/inviteAccept.d.ts +180 -0
  246. package/dist/hono/handlers/inviteAccept.js +94 -0
  247. package/dist/hono/handlers/inviteAccept.js.map +1 -0
  248. package/dist/hono/handlers/me.d.ts +401 -0
  249. package/dist/hono/handlers/me.js +390 -0
  250. package/dist/hono/handlers/me.js.map +1 -0
  251. package/dist/hono/handlers/notification.d.ts +274 -0
  252. package/dist/hono/handlers/notification.js +224 -0
  253. package/dist/hono/handlers/notification.js.map +1 -0
  254. package/dist/hono/handlers/oauth.d.ts +299 -0
  255. package/dist/hono/handlers/oauth.js +443 -0
  256. package/dist/hono/handlers/oauth.js.map +1 -0
  257. package/dist/hono/handlers/page-collab.d.ts +79 -0
  258. package/dist/hono/handlers/page-collab.js +98 -0
  259. package/dist/hono/handlers/page-collab.js.map +1 -0
  260. package/dist/hono/handlers/page-preview.d.ts +48 -0
  261. package/dist/hono/handlers/page-preview.js +83 -0
  262. package/dist/hono/handlers/page-preview.js.map +1 -0
  263. package/dist/hono/handlers/page.d.ts +2059 -0
  264. package/dist/hono/handlers/page.js +793 -0
  265. package/dist/hono/handlers/page.js.map +1 -0
  266. package/dist/hono/handlers/passwordReset.d.ts +181 -0
  267. package/dist/hono/handlers/passwordReset.js +101 -0
  268. package/dist/hono/handlers/passwordReset.js.map +1 -0
  269. package/dist/hono/handlers/presence.d.ts +178 -0
  270. package/dist/hono/handlers/presence.js +163 -0
  271. package/dist/hono/handlers/presence.js.map +1 -0
  272. package/dist/hono/handlers/revision.d.ts +345 -0
  273. package/dist/hono/handlers/revision.js +202 -0
  274. package/dist/hono/handlers/revision.js.map +1 -0
  275. package/dist/hono/handlers/search.d.ts +208 -0
  276. package/dist/hono/handlers/search.js +152 -0
  277. package/dist/hono/handlers/search.js.map +1 -0
  278. package/dist/hono/handlers/tokenAuth.d.ts +369 -0
  279. package/dist/hono/handlers/tokenAuth.js +240 -0
  280. package/dist/hono/handlers/tokenAuth.js.map +1 -0
  281. package/dist/hono/handlers/user.d.ts +710 -0
  282. package/dist/hono/handlers/user.js +212 -0
  283. package/dist/hono/handlers/user.js.map +1 -0
  284. package/dist/hono/index.d.ts +289 -0
  285. package/dist/hono/index.js +240 -0
  286. package/dist/hono/index.js.map +1 -0
  287. package/dist/hono/middleware/admin.d.ts +5 -0
  288. package/dist/hono/middleware/admin.js +34 -0
  289. package/dist/hono/middleware/admin.js.map +1 -0
  290. package/dist/hono/middleware/auth.d.ts +54 -0
  291. package/dist/hono/middleware/auth.js +142 -0
  292. package/dist/hono/middleware/auth.js.map +1 -0
  293. package/dist/hono/middleware/cors.d.ts +3 -0
  294. package/dist/hono/middleware/cors.js +86 -0
  295. package/dist/hono/middleware/cors.js.map +1 -0
  296. package/dist/hono/middleware/default-hook.d.ts +8 -0
  297. package/dist/hono/middleware/default-hook.js +17 -0
  298. package/dist/hono/middleware/default-hook.js.map +1 -0
  299. package/dist/hono/middleware/error-handler.d.ts +2 -0
  300. package/dist/hono/middleware/error-handler.js +20 -0
  301. package/dist/hono/middleware/error-handler.js.map +1 -0
  302. package/dist/hono/middleware/rate-limit.d.ts +57 -0
  303. package/dist/hono/middleware/rate-limit.js +42 -0
  304. package/dist/hono/middleware/rate-limit.js.map +1 -0
  305. package/dist/hono/middleware/require-scope.d.ts +50 -0
  306. package/dist/hono/middleware/require-scope.js +64 -0
  307. package/dist/hono/middleware/require-scope.js.map +1 -0
  308. package/dist/hono/path-rewrite.d.ts +15 -0
  309. package/dist/hono/path-rewrite.js +59 -0
  310. package/dist/hono/path-rewrite.js.map +1 -0
  311. package/dist/mail/i18n/en.d.ts +2 -0
  312. package/dist/mail/i18n/en.js +66 -0
  313. package/dist/mail/i18n/en.js.map +1 -0
  314. package/dist/mail/i18n/index.d.ts +46 -0
  315. package/dist/mail/i18n/index.js +31 -0
  316. package/dist/mail/i18n/index.js.map +1 -0
  317. package/dist/mail/i18n/ja.d.ts +2 -0
  318. package/dist/mail/i18n/ja.js +66 -0
  319. package/dist/mail/i18n/ja.js.map +1 -0
  320. package/dist/mcp/attach.d.ts +25 -0
  321. package/dist/mcp/attach.js +104 -0
  322. package/dist/mcp/attach.js.map +1 -0
  323. package/dist/mcp/dispatch.d.ts +59 -0
  324. package/dist/mcp/dispatch.js +70 -0
  325. package/dist/mcp/dispatch.js.map +1 -0
  326. package/dist/mcp/result.d.ts +40 -0
  327. package/dist/mcp/result.js +78 -0
  328. package/dist/mcp/result.js.map +1 -0
  329. package/dist/mcp/server.d.ts +67 -0
  330. package/dist/mcp/server.js +113 -0
  331. package/dist/mcp/server.js.map +1 -0
  332. package/dist/mcp/tools/page.d.ts +2 -0
  333. package/dist/mcp/tools/page.js +256 -0
  334. package/dist/mcp/tools/page.js.map +1 -0
  335. package/dist/mcp/tools/search.d.ts +2 -0
  336. package/dist/mcp/tools/search.js +36 -0
  337. package/dist/mcp/tools/search.js.map +1 -0
  338. package/dist/middlewares/accessTokenParser.d.ts +4 -0
  339. package/dist/middlewares/accessTokenParser.js +29 -0
  340. package/dist/middlewares/accessTokenParser.js.map +1 -0
  341. package/dist/middlewares/adminRequired.d.ts +10 -0
  342. package/dist/middlewares/adminRequired.js +35 -0
  343. package/dist/middlewares/adminRequired.js.map +1 -0
  344. package/dist/middlewares/applicationInstalled.d.ts +3 -0
  345. package/dist/middlewares/applicationInstalled.js +20 -0
  346. package/dist/middlewares/applicationInstalled.js.map +1 -0
  347. package/dist/middlewares/applicationNotInstalled.d.ts +3 -0
  348. package/dist/middlewares/applicationNotInstalled.js +13 -0
  349. package/dist/middlewares/applicationNotInstalled.js.map +1 -0
  350. package/dist/middlewares/basicAuth.d.ts +4 -0
  351. package/dist/middlewares/basicAuth.js +23 -0
  352. package/dist/middlewares/basicAuth.js.map +1 -0
  353. package/dist/middlewares/csrfVerify.d.ts +4 -0
  354. package/dist/middlewares/csrfVerify.js +24 -0
  355. package/dist/middlewares/csrfVerify.js.map +1 -0
  356. package/dist/middlewares/encodeSpace.d.ts +3 -0
  357. package/dist/middlewares/encodeSpace.js +14 -0
  358. package/dist/middlewares/encodeSpace.js.map +1 -0
  359. package/dist/middlewares/fileAccessRightOrLoginRequired.d.ts +4 -0
  360. package/dist/middlewares/fileAccessRightOrLoginRequired.js +29 -0
  361. package/dist/middlewares/fileAccessRightOrLoginRequired.js.map +1 -0
  362. package/dist/middlewares/index.d.ts +16 -0
  363. package/dist/middlewares/index.js +30 -0
  364. package/dist/middlewares/index.js.map +1 -0
  365. package/dist/middlewares/jwtAdminRequired.d.ts +8 -0
  366. package/dist/middlewares/jwtAdminRequired.js +35 -0
  367. package/dist/middlewares/jwtAdminRequired.js.map +1 -0
  368. package/dist/middlewares/jwtAuth.d.ts +4 -0
  369. package/dist/middlewares/jwtAuth.js +104 -0
  370. package/dist/middlewares/jwtAuth.js.map +1 -0
  371. package/dist/middlewares/loginChecker.d.ts +4 -0
  372. package/dist/middlewares/loginChecker.js +32 -0
  373. package/dist/middlewares/loginChecker.js.map +1 -0
  374. package/dist/middlewares/loginRequired.d.ts +4 -0
  375. package/dist/middlewares/loginRequired.js +88 -0
  376. package/dist/middlewares/loginRequired.js.map +1 -0
  377. package/dist/migration/cli-api.d.ts +83 -0
  378. package/dist/migration/cli-api.js +128 -0
  379. package/dist/migration/cli-api.js.map +1 -0
  380. package/dist/migration/migrations/index.d.ts +12 -0
  381. package/dist/migration/migrations/index.js +24 -0
  382. package/dist/migration/migrations/index.js.map +1 -0
  383. package/dist/migration/migrations/page-status-default.d.ts +25 -0
  384. package/dist/migration/migrations/page-status-default.js +79 -0
  385. package/dist/migration/migrations/page-status-default.js.map +1 -0
  386. package/dist/migration/migrations/revisions-schema-unify.d.ts +33 -0
  387. package/dist/migration/migrations/revisions-schema-unify.js +88 -0
  388. package/dist/migration/migrations/revisions-schema-unify.js.map +1 -0
  389. package/dist/migration/migrations/user-unique-prepare.d.ts +1 -0
  390. package/dist/migration/migrations/user-unique-prepare.js +214 -0
  391. package/dist/migration/migrations/user-unique-prepare.js.map +1 -0
  392. package/dist/migration/migrations/wikilink-format.d.ts +97 -0
  393. package/dist/migration/migrations/wikilink-format.js +418 -0
  394. package/dist/migration/migrations/wikilink-format.js.map +1 -0
  395. package/dist/migration/rebuild-api.d.ts +50 -0
  396. package/dist/migration/rebuild-api.js +45 -0
  397. package/dist/migration/rebuild-api.js.map +1 -0
  398. package/dist/migration/rebuild-runner.d.ts +64 -0
  399. package/dist/migration/rebuild-runner.js +42 -0
  400. package/dist/migration/rebuild-runner.js.map +1 -0
  401. package/dist/migration/rebuilds/index.d.ts +26 -0
  402. package/dist/migration/rebuilds/index.js +69 -0
  403. package/dist/migration/rebuilds/index.js.map +1 -0
  404. package/dist/migration/registry.d.ts +15 -0
  405. package/dist/migration/registry.js +96 -0
  406. package/dist/migration/registry.js.map +1 -0
  407. package/dist/migration/run-boot-migrations.d.ts +31 -0
  408. package/dist/migration/run-boot-migrations.js +95 -0
  409. package/dist/migration/run-boot-migrations.js.map +1 -0
  410. package/dist/migration/runner.d.ts +120 -0
  411. package/dist/migration/runner.js +276 -0
  412. package/dist/migration/runner.js.map +1 -0
  413. package/dist/migration/types.d.ts +153 -0
  414. package/dist/migration/types.js +13 -0
  415. package/dist/migration/types.js.map +1 -0
  416. package/dist/models/activity.d.ts +34 -0
  417. package/dist/models/activity.js +263 -0
  418. package/dist/models/activity.js.map +1 -0
  419. package/dist/models/attachment.d.ts +25 -0
  420. package/dist/models/attachment.js +82 -0
  421. package/dist/models/attachment.js.map +1 -0
  422. package/dist/models/backlink.d.ts +19 -0
  423. package/dist/models/backlink.js +138 -0
  424. package/dist/models/backlink.js.map +1 -0
  425. package/dist/models/bookmark.d.ts +28 -0
  426. package/dist/models/bookmark.js +136 -0
  427. package/dist/models/bookmark.js.map +1 -0
  428. package/dist/models/comment.d.ts +21 -0
  429. package/dist/models/comment.js +87 -0
  430. package/dist/models/comment.js.map +1 -0
  431. package/dist/models/config-sensitive.d.ts +21 -0
  432. package/dist/models/config-sensitive.js +71 -0
  433. package/dist/models/config-sensitive.js.map +1 -0
  434. package/dist/models/config.d.ts +34 -0
  435. package/dist/models/config.js +161 -0
  436. package/dist/models/config.js.map +1 -0
  437. package/dist/models/index.d.ts +30 -0
  438. package/dist/models/index.js +55 -0
  439. package/dist/models/index.js.map +1 -0
  440. package/dist/models/migration-application.d.ts +54 -0
  441. package/dist/models/migration-application.js +36 -0
  442. package/dist/models/migration-application.js.map +1 -0
  443. package/dist/models/notification.d.ts +28 -0
  444. package/dist/models/notification.js +285 -0
  445. package/dist/models/notification.js.map +1 -0
  446. package/dist/models/oauth-authorization-code.d.ts +34 -0
  447. package/dist/models/oauth-authorization-code.js +100 -0
  448. package/dist/models/oauth-authorization-code.js.map +1 -0
  449. package/dist/models/oauth-client.d.ts +36 -0
  450. package/dist/models/oauth-client.js +56 -0
  451. package/dist/models/oauth-client.js.map +1 -0
  452. package/dist/models/oauth-device-code.d.ts +55 -0
  453. package/dist/models/oauth-device-code.js +158 -0
  454. package/dist/models/oauth-device-code.js.map +1 -0
  455. package/dist/models/oauth-refresh-token.d.ts +31 -0
  456. package/dist/models/oauth-refresh-token.js +118 -0
  457. package/dist/models/oauth-refresh-token.js.map +1 -0
  458. package/dist/models/page-yjs-update.d.ts +35 -0
  459. package/dist/models/page-yjs-update.js +33 -0
  460. package/dist/models/page-yjs-update.js.map +1 -0
  461. package/dist/models/page.d.ts +200 -0
  462. package/dist/models/page.js +1117 -0
  463. package/dist/models/page.js.map +1 -0
  464. package/dist/models/personal-access-token.d.ts +30 -0
  465. package/dist/models/personal-access-token.js +107 -0
  466. package/dist/models/personal-access-token.js.map +1 -0
  467. package/dist/models/plugin-render-cache.d.ts +40 -0
  468. package/dist/models/plugin-render-cache.js +39 -0
  469. package/dist/models/plugin-render-cache.js.map +1 -0
  470. package/dist/models/revision.d.ts +145 -0
  471. package/dist/models/revision.js +241 -0
  472. package/dist/models/revision.js.map +1 -0
  473. package/dist/models/share.d.ts +38 -0
  474. package/dist/models/share.js +137 -0
  475. package/dist/models/share.js.map +1 -0
  476. package/dist/models/shareAccess.d.ts +20 -0
  477. package/dist/models/shareAccess.js +45 -0
  478. package/dist/models/shareAccess.js.map +1 -0
  479. package/dist/models/tracking.d.ts +14 -0
  480. package/dist/models/tracking.js +14 -0
  481. package/dist/models/tracking.js.map +1 -0
  482. package/dist/models/updatePost.d.ts +25 -0
  483. package/dist/models/updatePost.js +87 -0
  484. package/dist/models/updatePost.js.map +1 -0
  485. package/dist/models/user.d.ts +144 -0
  486. package/dist/models/user.js +681 -0
  487. package/dist/models/user.js.map +1 -0
  488. package/dist/models/watcher.d.ts +23 -0
  489. package/dist/models/watcher.js +75 -0
  490. package/dist/models/watcher.js.map +1 -0
  491. package/dist/notifications/attach.d.ts +63 -0
  492. package/dist/notifications/attach.js +426 -0
  493. package/dist/notifications/attach.js.map +1 -0
  494. package/dist/notifications/channel.d.ts +13 -0
  495. package/dist/notifications/channel.js +18 -0
  496. package/dist/notifications/channel.js.map +1 -0
  497. package/dist/plugin/index.d.ts +2 -0
  498. package/dist/plugin/index.js +6 -0
  499. package/dist/plugin/index.js.map +1 -0
  500. package/dist/plugin/plugin-context.d.ts +22 -0
  501. package/dist/plugin/plugin-context.js +126 -0
  502. package/dist/plugin/plugin-context.js.map +1 -0
  503. package/dist/plugin/plugin-manager.d.ts +164 -0
  504. package/dist/plugin/plugin-manager.js +328 -0
  505. package/dist/plugin/plugin-manager.js.map +1 -0
  506. package/dist/plugin/plugin-namespace.d.ts +28 -0
  507. package/dist/plugin/plugin-namespace.js +53 -0
  508. package/dist/plugin/plugin-namespace.js.map +1 -0
  509. package/dist/plugin/registries.d.ts +38 -0
  510. package/dist/plugin/registries.js +71 -0
  511. package/dist/plugin/registries.js.map +1 -0
  512. package/dist/plugin/schema-serializer.d.ts +34 -0
  513. package/dist/plugin/schema-serializer.js +122 -0
  514. package/dist/plugin/schema-serializer.js.map +1 -0
  515. package/dist/plugin/topo-sort.d.ts +15 -0
  516. package/dist/plugin/topo-sort.js +59 -0
  517. package/dist/plugin/topo-sort.js.map +1 -0
  518. package/dist/presence/attach.d.ts +36 -0
  519. package/dist/presence/attach.js +399 -0
  520. package/dist/presence/attach.js.map +1 -0
  521. package/dist/renderer/__fixtures__/echo-embed.d.ts +27 -0
  522. package/dist/renderer/__fixtures__/echo-embed.js +24 -0
  523. package/dist/renderer/__fixtures__/echo-embed.js.map +1 -0
  524. package/dist/renderer/cache/index.d.ts +60 -0
  525. package/dist/renderer/cache/index.js +219 -0
  526. package/dist/renderer/cache/index.js.map +1 -0
  527. package/dist/renderer/cache/mongodb-cache.d.ts +82 -0
  528. package/dist/renderer/cache/mongodb-cache.js +180 -0
  529. package/dist/renderer/cache/mongodb-cache.js.map +1 -0
  530. package/dist/renderer/cache/reservation.d.ts +20 -0
  531. package/dist/renderer/cache/reservation.js +115 -0
  532. package/dist/renderer/cache/reservation.js.map +1 -0
  533. package/dist/renderer/core/_mdast-walk.d.ts +35 -0
  534. package/dist/renderer/core/_mdast-walk.js +45 -0
  535. package/dist/renderer/core/_mdast-walk.js.map +1 -0
  536. package/dist/renderer/core/code-block-dispatch.d.ts +31 -0
  537. package/dist/renderer/core/code-block-dispatch.js +166 -0
  538. package/dist/renderer/core/code-block-dispatch.js.map +1 -0
  539. package/dist/renderer/core/code-blocks.d.ts +12 -0
  540. package/dist/renderer/core/code-blocks.js +32 -0
  541. package/dist/renderer/core/code-blocks.js.map +1 -0
  542. package/dist/renderer/core/embed-tags.d.ts +14 -0
  543. package/dist/renderer/core/embed-tags.js +154 -0
  544. package/dist/renderer/core/embed-tags.js.map +1 -0
  545. package/dist/renderer/core/headings.d.ts +16 -0
  546. package/dist/renderer/core/headings.js +31 -0
  547. package/dist/renderer/core/headings.js.map +1 -0
  548. package/dist/renderer/core/index.d.ts +65 -0
  549. package/dist/renderer/core/index.js +83 -0
  550. package/dist/renderer/core/index.js.map +1 -0
  551. package/dist/renderer/core/mention-resolve.d.ts +39 -0
  552. package/dist/renderer/core/mention-resolve.js +75 -0
  553. package/dist/renderer/core/mention-resolve.js.map +1 -0
  554. package/dist/renderer/core/mentions.d.ts +2 -0
  555. package/dist/renderer/core/mentions.js +83 -0
  556. package/dist/renderer/core/mentions.js.map +1 -0
  557. package/dist/renderer/core/syntax-highlight.d.ts +21 -0
  558. package/dist/renderer/core/syntax-highlight.js +64 -0
  559. package/dist/renderer/core/syntax-highlight.js.map +1 -0
  560. package/dist/renderer/core/url-inline-expand.d.ts +9 -0
  561. package/dist/renderer/core/url-inline-expand.js +157 -0
  562. package/dist/renderer/core/url-inline-expand.js.map +1 -0
  563. package/dist/renderer/core/wikilinks.d.ts +2 -0
  564. package/dist/renderer/core/wikilinks.js +118 -0
  565. package/dist/renderer/core/wikilinks.js.map +1 -0
  566. package/dist/renderer/index.d.ts +67 -0
  567. package/dist/renderer/index.js +99 -0
  568. package/dist/renderer/index.js.map +1 -0
  569. package/dist/renderer/pipeline.d.ts +134 -0
  570. package/dist/renderer/pipeline.js +203 -0
  571. package/dist/renderer/pipeline.js.map +1 -0
  572. package/dist/renderer/registry.d.ts +83 -0
  573. package/dist/renderer/registry.js +130 -0
  574. package/dist/renderer/registry.js.map +1 -0
  575. package/dist/renderer/serialize.d.ts +27 -0
  576. package/dist/renderer/serialize.js +46 -0
  577. package/dist/renderer/serialize.js.map +1 -0
  578. package/dist/renderer/version.d.ts +30 -0
  579. package/dist/renderer/version.js +34 -0
  580. package/dist/renderer/version.js.map +1 -0
  581. package/dist/routes/admin.d.ts +4 -0
  582. package/dist/routes/admin.js +17 -0
  583. package/dist/routes/admin.js.map +1 -0
  584. package/dist/routes/api/admin.d.ts +4 -0
  585. package/dist/routes/api/admin.js +37 -0
  586. package/dist/routes/api/admin.js.map +1 -0
  587. package/dist/routes/api/attachment.d.ts +4 -0
  588. package/dist/routes/api/attachment.js +19 -0
  589. package/dist/routes/api/attachment.js.map +1 -0
  590. package/dist/routes/api/bookmark.d.ts +4 -0
  591. package/dist/routes/api/bookmark.js +15 -0
  592. package/dist/routes/api/bookmark.js.map +1 -0
  593. package/dist/routes/api/comment.d.ts +4 -0
  594. package/dist/routes/api/comment.js +14 -0
  595. package/dist/routes/api/comment.js.map +1 -0
  596. package/dist/routes/api/index.d.ts +4 -0
  597. package/dist/routes/api/index.js +36 -0
  598. package/dist/routes/api/index.js.map +1 -0
  599. package/dist/routes/api/like.d.ts +4 -0
  600. package/dist/routes/api/like.js +13 -0
  601. package/dist/routes/api/like.js.map +1 -0
  602. package/dist/routes/api/notification.d.ts +4 -0
  603. package/dist/routes/api/notification.js +15 -0
  604. package/dist/routes/api/notification.js.map +1 -0
  605. package/dist/routes/api/page.d.ts +4 -0
  606. package/dist/routes/api/page.js +24 -0
  607. package/dist/routes/api/page.js.map +1 -0
  608. package/dist/routes/api/revision.d.ts +4 -0
  609. package/dist/routes/api/revision.js +14 -0
  610. package/dist/routes/api/revision.js.map +1 -0
  611. package/dist/routes/api/share.d.ts +4 -0
  612. package/dist/routes/api/share.js +16 -0
  613. package/dist/routes/api/share.js.map +1 -0
  614. package/dist/routes/api/version.d.ts +4 -0
  615. package/dist/routes/api/version.js +10 -0
  616. package/dist/routes/api/version.js.map +1 -0
  617. package/dist/routes/index.d.ts +4 -0
  618. package/dist/routes/index.js +71 -0
  619. package/dist/routes/index.js.map +1 -0
  620. package/dist/routes/login.d.ts +4 -0
  621. package/dist/routes/login.js +18 -0
  622. package/dist/routes/login.js.map +1 -0
  623. package/dist/routes/me.d.ts +4 -0
  624. package/dist/routes/me.js +24 -0
  625. package/dist/routes/me.js.map +1 -0
  626. package/dist/routes/ts-rest/admin/app.d.ts +4 -0
  627. package/dist/routes/ts-rest/admin/app.js +67 -0
  628. package/dist/routes/ts-rest/admin/app.js.map +1 -0
  629. package/dist/routes/ts-rest/admin/auth.d.ts +4 -0
  630. package/dist/routes/ts-rest/admin/auth.js +95 -0
  631. package/dist/routes/ts-rest/admin/auth.js.map +1 -0
  632. package/dist/routes/ts-rest/admin/index.d.ts +10 -0
  633. package/dist/routes/ts-rest/admin/index.js +35 -0
  634. package/dist/routes/ts-rest/admin/index.js.map +1 -0
  635. package/dist/routes/ts-rest/admin/mail.d.ts +4 -0
  636. package/dist/routes/ts-rest/admin/mail.js +156 -0
  637. package/dist/routes/ts-rest/admin/mail.js.map +1 -0
  638. package/dist/routes/ts-rest/admin/plugins.d.ts +4 -0
  639. package/dist/routes/ts-rest/admin/plugins.js +317 -0
  640. package/dist/routes/ts-rest/admin/plugins.js.map +1 -0
  641. package/dist/routes/ts-rest/admin/search.d.ts +4 -0
  642. package/dist/routes/ts-rest/admin/search.js +67 -0
  643. package/dist/routes/ts-rest/admin/search.js.map +1 -0
  644. package/dist/routes/ts-rest/admin/security.d.ts +4 -0
  645. package/dist/routes/ts-rest/admin/security.js +114 -0
  646. package/dist/routes/ts-rest/admin/security.js.map +1 -0
  647. package/dist/routes/ts-rest/admin/share.d.ts +4 -0
  648. package/dist/routes/ts-rest/admin/share.js +69 -0
  649. package/dist/routes/ts-rest/admin/share.js.map +1 -0
  650. package/dist/routes/ts-rest/admin/storage.d.ts +4 -0
  651. package/dist/routes/ts-rest/admin/storage.js +59 -0
  652. package/dist/routes/ts-rest/admin/storage.js.map +1 -0
  653. package/dist/routes/ts-rest/admin/users.d.ts +4 -0
  654. package/dist/routes/ts-rest/admin/users.js +215 -0
  655. package/dist/routes/ts-rest/admin/users.js.map +1 -0
  656. package/dist/routes/ts-rest/adminCrypto.d.ts +4 -0
  657. package/dist/routes/ts-rest/adminCrypto.js +111 -0
  658. package/dist/routes/ts-rest/adminCrypto.js.map +1 -0
  659. package/dist/routes/ts-rest/app.d.ts +4 -0
  660. package/dist/routes/ts-rest/app.js +23 -0
  661. package/dist/routes/ts-rest/app.js.map +1 -0
  662. package/dist/routes/ts-rest/attachment.d.ts +4 -0
  663. package/dist/routes/ts-rest/attachment.js +830 -0
  664. package/dist/routes/ts-rest/attachment.js.map +1 -0
  665. package/dist/routes/ts-rest/auth.d.ts +4 -0
  666. package/dist/routes/ts-rest/auth.js +70 -0
  667. package/dist/routes/ts-rest/auth.js.map +1 -0
  668. package/dist/routes/ts-rest/autocomplete.d.ts +30 -0
  669. package/dist/routes/ts-rest/autocomplete.js +189 -0
  670. package/dist/routes/ts-rest/autocomplete.js.map +1 -0
  671. package/dist/routes/ts-rest/backlink.d.ts +4 -0
  672. package/dist/routes/ts-rest/backlink.js +106 -0
  673. package/dist/routes/ts-rest/backlink.js.map +1 -0
  674. package/dist/routes/ts-rest/bookmark.d.ts +4 -0
  675. package/dist/routes/ts-rest/bookmark.js +189 -0
  676. package/dist/routes/ts-rest/bookmark.js.map +1 -0
  677. package/dist/routes/ts-rest/comment.d.ts +4 -0
  678. package/dist/routes/ts-rest/comment.js +217 -0
  679. package/dist/routes/ts-rest/comment.js.map +1 -0
  680. package/dist/routes/ts-rest/draft.d.ts +22 -0
  681. package/dist/routes/ts-rest/draft.js +200 -0
  682. package/dist/routes/ts-rest/draft.js.map +1 -0
  683. package/dist/routes/ts-rest/index.d.ts +4 -0
  684. package/dist/routes/ts-rest/index.js +103 -0
  685. package/dist/routes/ts-rest/index.js.map +1 -0
  686. package/dist/routes/ts-rest/installer.d.ts +4 -0
  687. package/dist/routes/ts-rest/installer.js +77 -0
  688. package/dist/routes/ts-rest/installer.js.map +1 -0
  689. package/dist/routes/ts-rest/me.d.ts +4 -0
  690. package/dist/routes/ts-rest/me.js +410 -0
  691. package/dist/routes/ts-rest/me.js.map +1 -0
  692. package/dist/routes/ts-rest/notification.d.ts +4 -0
  693. package/dist/routes/ts-rest/notification.js +241 -0
  694. package/dist/routes/ts-rest/notification.js.map +1 -0
  695. package/dist/routes/ts-rest/page-collab.d.ts +29 -0
  696. package/dist/routes/ts-rest/page-collab.js +90 -0
  697. package/dist/routes/ts-rest/page-collab.js.map +1 -0
  698. package/dist/routes/ts-rest/page-preview.d.ts +26 -0
  699. package/dist/routes/ts-rest/page-preview.js +80 -0
  700. package/dist/routes/ts-rest/page-preview.js.map +1 -0
  701. package/dist/routes/ts-rest/page.d.ts +4 -0
  702. package/dist/routes/ts-rest/page.js +676 -0
  703. package/dist/routes/ts-rest/page.js.map +1 -0
  704. package/dist/routes/ts-rest/presence.d.ts +30 -0
  705. package/dist/routes/ts-rest/presence.js +155 -0
  706. package/dist/routes/ts-rest/presence.js.map +1 -0
  707. package/dist/routes/ts-rest/revision.d.ts +4 -0
  708. package/dist/routes/ts-rest/revision.js +240 -0
  709. package/dist/routes/ts-rest/revision.js.map +1 -0
  710. package/dist/routes/ts-rest/search.d.ts +4 -0
  711. package/dist/routes/ts-rest/search.js +121 -0
  712. package/dist/routes/ts-rest/search.js.map +1 -0
  713. package/dist/routes/ts-rest/tokenAuth.d.ts +4 -0
  714. package/dist/routes/ts-rest/tokenAuth.js +94 -0
  715. package/dist/routes/ts-rest/tokenAuth.js.map +1 -0
  716. package/dist/routes/ts-rest/user.d.ts +4 -0
  717. package/dist/routes/ts-rest/user.js +307 -0
  718. package/dist/routes/ts-rest/user.js.map +1 -0
  719. package/dist/service/config.d.ts +50 -0
  720. package/dist/service/config.js +202 -0
  721. package/dist/service/config.js.map +1 -0
  722. package/dist/service/lru.d.ts +11 -0
  723. package/dist/service/lru.js +47 -0
  724. package/dist/service/lru.js.map +1 -0
  725. package/dist/service/mail.d.ts +107 -0
  726. package/dist/service/mail.js +220 -0
  727. package/dist/service/mail.js.map +1 -0
  728. package/dist/service/notification.d.ts +9 -0
  729. package/dist/service/notification.js +19 -0
  730. package/dist/service/notification.js.map +1 -0
  731. package/dist/service/presence.d.ts +219 -0
  732. package/dist/service/presence.js +602 -0
  733. package/dist/service/presence.js.map +1 -0
  734. package/dist/types/error.d.ts +13 -0
  735. package/dist/types/error.js +13 -0
  736. package/dist/types/error.js.map +1 -0
  737. package/dist/types/express.d.ts +34 -0
  738. package/dist/types/express.js +50 -0
  739. package/dist/types/express.js.map +1 -0
  740. package/dist/types/mongoose-extensions.d.ts +8 -0
  741. package/dist/types/mongoose-extensions.js +24 -0
  742. package/dist/types/mongoose-extensions.js.map +1 -0
  743. package/dist/util/accessTokenParser.d.ts +1 -0
  744. package/dist/util/accessTokenParser.js +34 -0
  745. package/dist/util/accessTokenParser.js.map +1 -0
  746. package/dist/util/activityDefine.d.ts +15 -0
  747. package/dist/util/activityDefine.js +52 -0
  748. package/dist/util/activityDefine.js.map +1 -0
  749. package/dist/util/admin-config.d.ts +57 -0
  750. package/dist/util/admin-config.js +99 -0
  751. package/dist/util/admin-config.js.map +1 -0
  752. package/dist/util/admin-pager.d.ts +24 -0
  753. package/dist/util/admin-pager.js +73 -0
  754. package/dist/util/admin-pager.js.map +1 -0
  755. package/dist/util/apiPaginate.d.ts +11 -0
  756. package/dist/util/apiPaginate.js +33 -0
  757. package/dist/util/apiPaginate.js.map +1 -0
  758. package/dist/util/apiResponse.d.ts +9 -0
  759. package/dist/util/apiResponse.js +23 -0
  760. package/dist/util/apiResponse.js.map +1 -0
  761. package/dist/util/auth.d.ts +11 -0
  762. package/dist/util/auth.js +48 -0
  763. package/dist/util/auth.js.map +1 -0
  764. package/dist/util/auto-watch.d.ts +35 -0
  765. package/dist/util/auto-watch.js +24 -0
  766. package/dist/util/auto-watch.js.map +1 -0
  767. package/dist/util/autocomplete-match.d.ts +44 -0
  768. package/dist/util/autocomplete-match.js +80 -0
  769. package/dist/util/autocomplete-match.js.map +1 -0
  770. package/dist/util/aws-config-migration.d.ts +11 -0
  771. package/dist/util/aws-config-migration.js +68 -0
  772. package/dist/util/aws-config-migration.js.map +1 -0
  773. package/dist/util/boot-reporter.d.ts +130 -0
  774. package/dist/util/boot-reporter.js +242 -0
  775. package/dist/util/boot-reporter.js.map +1 -0
  776. package/dist/util/collab-cap.d.ts +39 -0
  777. package/dist/util/collab-cap.js +90 -0
  778. package/dist/util/collab-cap.js.map +1 -0
  779. package/dist/util/crypto.d.ts +39 -0
  780. package/dist/util/crypto.js +105 -0
  781. package/dist/util/crypto.js.map +1 -0
  782. package/dist/util/dedup-users.d.ts +96 -0
  783. package/dist/util/dedup-users.js +149 -0
  784. package/dist/util/dedup-users.js.map +1 -0
  785. package/dist/util/editor-cap-counter.d.ts +90 -0
  786. package/dist/util/editor-cap-counter.js +175 -0
  787. package/dist/util/editor-cap-counter.js.map +1 -0
  788. package/dist/util/fileUploader.d.ts +55 -0
  789. package/dist/util/fileUploader.js +70 -0
  790. package/dist/util/fileUploader.js.map +1 -0
  791. package/dist/util/formUtil.d.ts +2 -0
  792. package/dist/util/formUtil.js +15 -0
  793. package/dist/util/formUtil.js.map +1 -0
  794. package/dist/util/githubAuth.d.ts +2 -0
  795. package/dist/util/githubAuth.js +82 -0
  796. package/dist/util/githubAuth.js.map +1 -0
  797. package/dist/util/googleAuth.d.ts +2 -0
  798. package/dist/util/googleAuth.js +85 -0
  799. package/dist/util/googleAuth.js.map +1 -0
  800. package/dist/util/jwt.d.ts +50 -0
  801. package/dist/util/jwt.js +127 -0
  802. package/dist/util/jwt.js.map +1 -0
  803. package/dist/util/linkDetector.d.ts +3 -0
  804. package/dist/util/linkDetector.js +91 -0
  805. package/dist/util/linkDetector.js.map +1 -0
  806. package/dist/util/mail-token.d.ts +24 -0
  807. package/dist/util/mail-token.js +117 -0
  808. package/dist/util/mail-token.js.map +1 -0
  809. package/dist/util/mailer.d.ts +7 -0
  810. package/dist/util/mailer.js +98 -0
  811. package/dist/util/mailer.js.map +1 -0
  812. package/dist/util/map-duplicate-key-error.d.ts +26 -0
  813. package/dist/util/map-duplicate-key-error.js +41 -0
  814. package/dist/util/map-duplicate-key-error.js.map +1 -0
  815. package/dist/util/mongoose-paginate.d.ts +10 -0
  816. package/dist/util/mongoose-paginate.js +23 -0
  817. package/dist/util/mongoose-paginate.js.map +1 -0
  818. package/dist/util/notifications-token.d.ts +35 -0
  819. package/dist/util/notifications-token.js +140 -0
  820. package/dist/util/notifications-token.js.map +1 -0
  821. package/dist/util/oauth-client-seed.d.ts +2 -0
  822. package/dist/util/oauth-client-seed.js +48 -0
  823. package/dist/util/oauth-client-seed.js.map +1 -0
  824. package/dist/util/oauth-redirect-uri.d.ts +2 -0
  825. package/dist/util/oauth-redirect-uri.js +55 -0
  826. package/dist/util/oauth-redirect-uri.js.map +1 -0
  827. package/dist/util/page-response.d.ts +113 -0
  828. package/dist/util/page-response.js +154 -0
  829. package/dist/util/page-response.js.map +1 -0
  830. package/dist/util/page-search-index.d.ts +19 -0
  831. package/dist/util/page-search-index.js +91 -0
  832. package/dist/util/page-search-index.js.map +1 -0
  833. package/dist/util/page-status-migration.d.ts +23 -0
  834. package/dist/util/page-status-migration.js +48 -0
  835. package/dist/util/page-status-migration.js.map +1 -0
  836. package/dist/util/path.d.ts +2 -0
  837. package/dist/util/path.js +12 -0
  838. package/dist/util/path.js.map +1 -0
  839. package/dist/util/pkce.d.ts +13 -0
  840. package/dist/util/pkce.js +30 -0
  841. package/dist/util/pkce.js.map +1 -0
  842. package/dist/util/presence-token.d.ts +21 -0
  843. package/dist/util/presence-token.js +120 -0
  844. package/dist/util/presence-token.js.map +1 -0
  845. package/dist/util/rate-limit.d.ts +67 -0
  846. package/dist/util/rate-limit.js +87 -0
  847. package/dist/util/rate-limit.js.map +1 -0
  848. package/dist/util/rebuild-backlink.d.ts +25 -0
  849. package/dist/util/rebuild-backlink.js +7 -0
  850. package/dist/util/rebuild-backlink.js.map +1 -0
  851. package/dist/util/rebuild-renderer.d.ts +31 -0
  852. package/dist/util/rebuild-renderer.js +7 -0
  853. package/dist/util/rebuild-renderer.js.map +1 -0
  854. package/dist/util/redis-opts.d.ts +17 -0
  855. package/dist/util/redis-opts.js +40 -0
  856. package/dist/util/redis-opts.js.map +1 -0
  857. package/dist/util/regex.d.ts +2 -0
  858. package/dist/util/regex.js +8 -0
  859. package/dist/util/regex.js.map +1 -0
  860. package/dist/util/search-rebuild.d.ts +18 -0
  861. package/dist/util/search-rebuild.js +28 -0
  862. package/dist/util/search-rebuild.js.map +1 -0
  863. package/dist/util/ssr.d.ts +3 -0
  864. package/dist/util/ssr.js +9 -0
  865. package/dist/util/ssr.js.map +1 -0
  866. package/dist/util/storage-copy.d.ts +40 -0
  867. package/dist/util/storage-copy.js +123 -0
  868. package/dist/util/storage-copy.js.map +1 -0
  869. package/dist/util/ts-rest-helpers.d.ts +110 -0
  870. package/dist/util/ts-rest-helpers.js +110 -0
  871. package/dist/util/ts-rest-helpers.js.map +1 -0
  872. package/dist/util/url.d.ts +1 -0
  873. package/dist/util/url.js +11 -0
  874. package/dist/util/url.js.map +1 -0
  875. package/dist/util/user-code.d.ts +10 -0
  876. package/dist/util/user-code.js +55 -0
  877. package/dist/util/user-code.js.map +1 -0
  878. package/dist/util/view.d.ts +10 -0
  879. package/dist/util/view.js +99 -0
  880. package/dist/util/view.js.map +1 -0
  881. package/dist/util/watcher-backfill.d.ts +30 -0
  882. package/dist/util/watcher-backfill.js +43 -0
  883. package/dist/util/watcher-backfill.js.map +1 -0
  884. package/dist/util/ws-token.d.ts +24 -0
  885. package/dist/util/ws-token.js +134 -0
  886. package/dist/util/ws-token.js.map +1 -0
  887. package/package.json +106 -0
package/dist/hono/handlers/oauth.js ADDED
@@ -0,0 +1,443 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.registerOAuthRoutes = void 0;
7
+ const api_contract_1 = require("@crowi/api-contract");
8
+ const api_contract_2 = require("@crowi/api-contract");
9
+ const debug_1 = __importDefault(require("debug"));
10
+ const jwt_1 = require("../../util/jwt");
11
+ const oauth_redirect_uri_1 = require("../../util/oauth-redirect-uri");
12
+ const pkce_1 = require("../../util/pkce");
13
+ const user_code_1 = require("../../util/user-code");
14
+ const auth_1 = require("../middleware/auth");
15
+ const errors_1 = require("./_helpers/errors");
16
+ const debug = (0, debug_1.default)('crowi:hono:handlers:oauth');
17
+ /** Authorization codes live ~60s (RFC 6749 §4.1.2 recommends ≤10min). */
18
+ const AUTH_CODE_TTL_MS = 60 * 1000;
19
+ /** Refresh tokens live 30 days, matching the web-session refresh TTL. */
20
+ const REFRESH_TOKEN_TTL_MS = 30 * 24 * 60 * 60 * 1000;
21
+ /** Access token TTL (seconds), echoed in `expires_in` + the JWT lifetime. */
22
+ const ACCESS_TOKEN_TTL_SEC = Number(process.env.JWT_ACCESS_TOKEN_TTL_SECONDS) || 60 * 60;
23
+ /** Device codes live ~10min (RFC 8628 general value). */
24
+ const DEVICE_CODE_TTL_MS = 10 * 60 * 1000;
25
+ /** Default minimum poll spacing for the device grant (seconds, RFC 8628 §3.2). */
26
+ const DEVICE_POLL_INTERVAL_SEC = 5;
27
+ /** Dev fallback web origin when `CLIENT_URL` is unset (matches `.env.example`). */
28
+ const DEV_CLIENT_BASE_URL = 'http://localhost:4302';
29
+ const FORBIDDEN_BODY = {
30
+ error: {
31
+ code: 'FORBIDDEN',
32
+ message: 'Authorization codes can only be issued from a web session.',
33
+ },
34
+ };
35
+ const DEVICE_FORBIDDEN_BODY = {
36
+ error: {
37
+ code: 'FORBIDDEN',
38
+ message: 'Device authorizations can only be approved from a web session.',
39
+ },
40
+ };
41
+ const DEVICE_NOT_FOUND_BODY = {
42
+ error: {
43
+ code: 'NOT_FOUND',
44
+ message: 'No pending device authorization for this code.',
45
+ },
46
+ };
47
+ const oauthError = (error, description) => ({
48
+ error,
49
+ ...(description ? { error_description: description } : {}),
50
+ });
51
+ /**
52
+ * Read a request body as a plain record from either JSON or
53
+ * `application/x-www-form-urlencoded` (RFC 6749 / 7009). Returns `{}` on a
54
+ * malformed / empty body so the schema validation downstream produces the
55
+ * domain error rather than a thrown 400.
56
+ */
57
+ async function readBody(c) {
58
+ const contentType = c.req.header('content-type') ?? '';
59
+ try {
60
+ if (contentType.includes('application/json')) {
61
+ return (await c.req.json());
62
+ }
63
+ // form-urlencoded (or anything else with a parseable body).
64
+ const form = await c.req.parseBody();
65
+ return form;
66
+ }
67
+ catch {
68
+ return {};
69
+ }
70
+ }
71
+ const registerOAuthRoutes = (app, crowi) => {
72
+ const OAuthClient = crowi.model('OAuthClient');
73
+ const OAuthAuthorizationCode = crowi.model('OAuthAuthorizationCode');
74
+ const OAuthRefreshToken = crowi.model('OAuthRefreshToken');
75
+ const OAuthDeviceCode = crowi.model('OAuthDeviceCode');
76
+ const PersonalAccessToken = crowi.model('PersonalAccessToken');
77
+ const User = crowi.model('User');
78
+ const jwtUtil = (0, jwt_1.createJwtUtil)(crowi);
79
+ // `/oauth/authorize` and `/oauth/device/verify` both require an
80
+ // authenticated web session. The other routes are public, so we install
81
+ // jwtAuth on each literal path only (same per-path install as `tokenAuth`'s
82
+ // `/auth/logout`). `/oauth/device/authorize`, `/oauth/device` (lookup) and
83
+ // `/oauth/token` (incl. the device grant) stay public.
84
+ app.use('/oauth/authorize', (0, auth_1.createJwtAuth)(crowi));
85
+ app.use('/oauth/device/verify', (0, auth_1.createJwtAuth)(crowi));
86
+ /**
87
+ * Validate a client + space-delimited scope string (shared by the
88
+ * authorize-code and device-code authorization endpoints). Returns the
89
+ * granted scope list, or an `oauthError` envelope describing the failure.
90
+ * `redirect_uri` validation is authorize-specific and intentionally not
91
+ * handled here (the device flow has no redirect_uri).
92
+ */
93
+ const validateClientAndScopes = async (clientId, scopeStr) => {
94
+ const client = await OAuthClient.findByClientId(clientId);
95
+ if (!client) {
96
+ return { error: oauthError('invalid_client', 'Unknown client') };
97
+ }
98
+ const requested = scopeStr.split(/\s+/).filter((s) => s.length > 0);
99
+ const allowed = new Set(client.allowedScopes);
100
+ const granted = requested.filter((s) => (0, api_contract_1.isScope)(s) && allowed.has(s));
101
+ if (granted.length === 0 || granted.length !== requested.length) {
102
+ return { error: oauthError('invalid_scope', 'One or more requested scopes are not permitted for this client') };
103
+ }
104
+ return { granted };
105
+ };
106
+ /**
107
+ * Public base URL of the trusted web client — the single origin every
108
+ * browser-facing OAuth URL (discovery `issuer`, authorize / device consent
109
+ * pages) and every advertised API endpoint is built from.
110
+ *
111
+ * Sourced from `crowi.getBaseUrl()` (i.e. the `CLIENT_URL` env, the same
112
+ * trusted origin used for CORS and absolute email links — RFC-0010). It is
113
+ * deliberately **not** derived from the request `Host` / `X-Forwarded-Host`
114
+ * header: those are attacker-controllable, and a forged Host would poison
115
+ * the discovery document and the device `verification_uri`, steering a
116
+ * victim to an attacker origin. Falls back to the dev web origin when
117
+ * `CLIENT_URL` is unset (a fixed localhost, never the request Host).
118
+ */
119
+ const clientBaseUrl = () => (crowi.getBaseUrl() || DEV_CLIENT_BASE_URL).replace(/\/$/, '');
120
+ return app
121
+ .openapi(api_contract_2.authorizeRoute, async (c) => {
122
+ // Web-session only — a token must never mint a fresh token.
123
+ if (c.get('authContext').kind !== 'web') {
124
+ return c.json(FORBIDDEN_BODY, 403);
125
+ }
126
+ const user = c.get('user');
127
+ const { client_id, redirect_uri, scope, code_challenge, code_challenge_method, state } = c.req.valid('json');
128
+ try {
129
+ const client = await OAuthClient.findByClientId(client_id);
130
+ if (!client) {
131
+ return c.json(oauthError('invalid_client', 'Unknown client'), 400);
132
+ }
133
+ // redirect_uri must be registered (loopback host match, any port);
134
+ // validate before anything else so we never bounce a code to an
135
+ // attacker-controlled URI.
136
+ if (!(0, oauth_redirect_uri_1.isRedirectUriAllowed)(client, redirect_uri)) {
137
+ return c.json(oauthError('invalid_request', 'redirect_uri is not registered for this client'), 400);
138
+ }
139
+ // PKCE is mandatory and S256-only (the schema already pins the
140
+ // method; this guard documents the requirement defensively).
141
+ if (code_challenge_method !== 'S256' || !code_challenge) {
142
+ return c.json(oauthError('invalid_request', 'PKCE S256 challenge is required'), 400);
143
+ }
144
+ // Requested scopes must be catalog scopes AND within the client's
145
+ // allowed set (shared with the device-authorize endpoint).
146
+ const scopeCheck = await validateClientAndScopes(client_id, scope);
147
+ if ('error' in scopeCheck) {
148
+ return c.json(scopeCheck.error, 400);
149
+ }
150
+ const { granted } = scopeCheck;
151
+ const { code, codeHash } = OAuthAuthorizationCode.generateCode();
152
+ await OAuthAuthorizationCode.create({
153
+ codeHash,
154
+ clientId: client_id,
155
+ userId: user._id,
156
+ scopes: granted,
157
+ codeChallenge: code_challenge,
158
+ codeChallengeMethod: 'S256',
159
+ redirectUri: redirect_uri,
160
+ expiresAt: new Date(Date.now() + AUTH_CODE_TTL_MS),
161
+ });
162
+ const url = new URL(redirect_uri);
163
+ url.searchParams.set('code', code);
164
+ if (state != null)
165
+ url.searchParams.set('state', state);
166
+ return c.json({ redirectUri: url.toString() }, 200);
167
+ }
168
+ catch (err) {
169
+ debug('authorize failed:', err);
170
+ return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
171
+ }
172
+ })
173
+ .openapi(api_contract_2.tokenRoute, async (c) => {
174
+ const raw = await readBody(c);
175
+ const parsed = api_contract_1.TokenRequestSchema.safeParse(raw);
176
+ if (!parsed.success) {
177
+ return c.json(oauthError('invalid_request', 'Malformed token request'), 400);
178
+ }
179
+ const body = parsed.data;
180
+ try {
181
+ if (body.grant_type === 'authorization_code') {
182
+ // Atomic single-use consume: a second exchange of the same code
183
+ // returns null (consumedAt already set) → invalid_grant.
184
+ const record = await OAuthAuthorizationCode.consume(OAuthAuthorizationCode.hashCode(body.code));
185
+ if (!record) {
186
+ return c.json(oauthError('invalid_grant', 'Authorization code is invalid, expired, or already used'), 400);
187
+ }
188
+ if (record.clientId !== body.client_id || record.redirectUri !== body.redirect_uri) {
189
+ return c.json(oauthError('invalid_grant', 'client_id / redirect_uri mismatch'), 400);
190
+ }
191
+ if (!(0, pkce_1.verifyPkceS256)(body.code_verifier, record.codeChallenge)) {
192
+ return c.json(oauthError('invalid_grant', 'PKCE verification failed'), 400);
193
+ }
194
+ const user = await User.findById(record.userId);
195
+ if (!user || user.status !== User.STATUS_ACTIVE) {
196
+ return c.json(oauthError('invalid_grant', 'User is no longer active'), 400);
197
+ }
198
+ return c.json(await issueTokens(user, record.clientId, record.scopes), 200);
199
+ }
200
+ if (body.grant_type === 'refresh_token') {
201
+ const presentedHash = OAuthRefreshToken.hashToken(body.refresh_token);
202
+ const active = await OAuthRefreshToken.findActiveByHash(presentedHash);
203
+ if (!active) {
204
+ // Reuse detection: a known-but-revoked token presented again is
205
+ // the signature of a stolen-token replay — revoke the whole
206
+ // rotation chain so neither the attacker nor the legitimate
207
+ // holder can continue (RFC-0010 §Security, PHASE3-Q5).
208
+ const known = await OAuthRefreshToken.findOne({ tokenHash: presentedHash });
209
+ if (known) {
210
+ await OAuthRefreshToken.revokeChain(presentedHash);
211
+ }
212
+ return c.json(oauthError('invalid_grant', 'Refresh token is invalid, expired, or revoked'), 400);
213
+ }
214
+ if (active.clientId !== body.client_id) {
215
+ return c.json(oauthError('invalid_grant', 'client_id mismatch'), 400);
216
+ }
217
+ // Optional down-scoping: requested scopes must be a subset of the
218
+ // token's existing scopes (no scope escalation on refresh).
219
+ let nextScopes = active.scopes;
220
+ if (body.scope) {
221
+ const requested = body.scope.split(/\s+/).filter((s) => s.length > 0);
222
+ const existing = new Set(active.scopes);
223
+ const ok = requested.every((s) => (0, api_contract_1.scopeSatisfies)(s, existing));
224
+ if (!ok || requested.length === 0) {
225
+ return c.json(oauthError('invalid_scope', 'Requested scope exceeds the granted scope'), 400);
226
+ }
227
+ nextScopes = requested;
228
+ }
229
+ const user = await User.findById(active.userId);
230
+ if (!user || user.status !== User.STATUS_ACTIVE) {
231
+ return c.json(oauthError('invalid_grant', 'User is no longer active'), 400);
232
+ }
233
+ // Rotate: issue the successor, then revoke the presented token and
234
+ // link it to the successor (`rotatedTo`) so a later replay of the
235
+ // old token can revoke the whole chain.
236
+ const issued = await issueTokens(user, active.clientId, nextScopes);
237
+ const successorHash = OAuthRefreshToken.hashToken(issued.refresh_token);
238
+ active.revokedAt = new Date();
239
+ active.rotatedTo = successorHash;
240
+ await active.save();
241
+ return c.json(issued, 200);
242
+ }
243
+ if (body.grant_type === 'urn:ietf:params:oauth:grant-type:device_code') {
244
+ const hash = OAuthDeviceCode.hashDeviceCode(body.device_code);
245
+ const record = await OAuthDeviceCode.findByDeviceCodeHash(hash);
246
+ // findByDeviceCodeHash filters consumed + expired, so a null here
247
+ // means the code is unknown, already consumed, or past its TTL —
248
+ // RFC 8628 §3.5 wants `expired_token` for the timeout case, which is
249
+ // the common one for a long-lived poll loop.
250
+ if (!record) {
251
+ return c.json(oauthError('expired_token', 'Device code is invalid, expired, or already used'), 400);
252
+ }
253
+ if (record.clientId !== body.client_id) {
254
+ return c.json(oauthError('invalid_grant', 'client_id mismatch'), 400);
255
+ }
256
+ // slow_down (RFC 8628 §3.5): the client polled again sooner than the
257
+ // advertised interval. We bump lastPolledAt on every poll so the
258
+ // window slides forward; the first poll (lastPolledAt == null) is
259
+ // always allowed.
260
+ const now = Date.now();
261
+ if (record.lastPolledAt && now - record.lastPolledAt.getTime() < record.interval * 1000) {
262
+ await OAuthDeviceCode.touchPolled(hash);
263
+ return c.json(oauthError('slow_down', 'Polling too frequently; slow down'), 400);
264
+ }
265
+ await OAuthDeviceCode.touchPolled(hash);
266
+ if (record.status === 'denied') {
267
+ return c.json(oauthError('access_denied', 'The user denied the device authorization'), 400);
268
+ }
269
+ if (record.status === 'pending') {
270
+ return c.json(oauthError('authorization_pending', 'The user has not yet completed the authorization'), 400);
271
+ }
272
+ // status === 'approved' — atomically consume (single use) so two
273
+ // concurrent polls cannot both mint tokens.
274
+ const consumed = await OAuthDeviceCode.consume(hash);
275
+ if (!consumed) {
276
+ return c.json(oauthError('expired_token', 'Device code is invalid, expired, or already used'), 400);
277
+ }
278
+ const user = await User.findById(consumed.userId);
279
+ if (!user || user.status !== User.STATUS_ACTIVE) {
280
+ return c.json(oauthError('invalid_grant', 'User is no longer active'), 400);
281
+ }
282
+ return c.json(await issueTokens(user, consumed.clientId, consumed.grantedScopes), 200);
283
+ }
284
+ // discriminatedUnion already constrains grant_type; this is
285
+ // unreachable but keeps the contract explicit for SDKs.
286
+ return c.json(oauthError('unsupported_grant_type', 'Unsupported grant_type'), 400);
287
+ }
288
+ catch (err) {
289
+ debug('token failed:', err);
290
+ return c.json(oauthError('invalid_request', 'Internal error processing token request'), 400);
291
+ }
292
+ })
293
+ .openapi(api_contract_2.revokeRoute, async (c) => {
294
+ const raw = await readBody(c);
295
+ const token = typeof raw.token === 'string' ? raw.token : null;
296
+ // RFC 7009: always 200, even for a missing / unknown token, so the
297
+ // endpoint never reveals which tokens exist.
298
+ if (!token) {
299
+ return c.json({}, 200);
300
+ }
301
+ try {
302
+ if (token.startsWith(OAuthRefreshToken.TOKEN_PREFIX)) {
303
+ // Revoke the whole rotation chain for a refresh token.
304
+ const hash = OAuthRefreshToken.hashToken(token);
305
+ await OAuthRefreshToken.revokeChain(hash);
306
+ }
307
+ else if (token.startsWith(PersonalAccessToken.TOKEN_PREFIX)) {
308
+ const hash = PersonalAccessToken.hashToken(token);
309
+ await PersonalAccessToken.updateOne({ tokenHash: hash, revokedAt: null }, { revokedAt: new Date() });
310
+ }
311
+ // An access-token (JWT) or unknown shape is a no-op — access tokens
312
+ // are stateless and short-lived (RFC-0010 OQ-A); still 200.
313
+ return c.json({}, 200);
314
+ }
315
+ catch (err) {
316
+ debug('revoke failed (still 200 per RFC 7009):', err);
317
+ return c.json({}, 200);
318
+ }
319
+ })
320
+ .openapi(api_contract_2.discoveryRoute, async (c) => {
321
+ // Every URL derives from the trusted CLIENT_URL origin, never the
322
+ // request Host. authorization_endpoint / device consent are *web*
323
+ // pages on CLIENT_URL; token / revocation / device-authorize are the
324
+ // /api/v2 API (reverse-proxied to the same origin in the default
325
+ // deployment — RFC-0010, PHASE3-Q6).
326
+ const issuer = clientBaseUrl();
327
+ const apiBase = `${issuer}/api/v2`;
328
+ return c.json({
329
+ issuer,
330
+ authorization_endpoint: `${issuer}/oauth/authorize`,
331
+ token_endpoint: `${apiBase}/oauth/token`,
332
+ revocation_endpoint: `${apiBase}/oauth/revoke`,
333
+ device_authorization_endpoint: `${apiBase}/oauth/device/authorize`,
334
+ scopes_supported: [...api_contract_1.DISCOVERY_SCOPES_SUPPORTED],
335
+ response_types_supported: ['code'],
336
+ grant_types_supported: [...api_contract_1.GRANT_TYPES_SUPPORTED],
337
+ code_challenge_methods_supported: ['S256'],
338
+ token_endpoint_auth_methods_supported: ['none'],
339
+ }, 200);
340
+ })
341
+ .openapi(api_contract_2.deviceAuthorizeRoute, async (c) => {
342
+ // Public (RFC 8628 §3.1) — a headless client starts the device flow.
343
+ const { client_id, scope } = c.req.valid('json');
344
+ try {
345
+ const scopeCheck = await validateClientAndScopes(client_id, scope);
346
+ if ('error' in scopeCheck) {
347
+ return c.json(scopeCheck.error, 400);
348
+ }
349
+ const { doc, deviceCode } = await OAuthDeviceCode.createPending({
350
+ clientId: client_id,
351
+ requestedScopes: scopeCheck.granted,
352
+ expiresAt: new Date(Date.now() + DEVICE_CODE_TTL_MS),
353
+ interval: DEVICE_POLL_INTERVAL_SEC,
354
+ });
355
+ // verification_uri is the *web* device-consent page on the trusted
356
+ // CLIENT_URL origin (never the request Host — a forged Host would
357
+ // otherwise send the user to an attacker's site).
358
+ const verificationUri = `${clientBaseUrl()}/oauth/device`;
359
+ const verificationUriComplete = `${verificationUri}?user_code=${encodeURIComponent(doc.userCode)}`;
360
+ return c.json({
361
+ device_code: deviceCode,
362
+ user_code: doc.userCode,
363
+ verification_uri: verificationUri,
364
+ verification_uri_complete: verificationUriComplete,
365
+ expires_in: Math.floor(DEVICE_CODE_TTL_MS / 1000),
366
+ interval: DEVICE_POLL_INTERVAL_SEC,
367
+ }, 200);
368
+ }
369
+ catch (err) {
370
+ debug('device/authorize failed:', err);
371
+ return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
372
+ }
373
+ })
374
+ .openapi(api_contract_2.deviceInfoRoute, async (c) => {
375
+ // Public, lightweight lookup (PHASE4-Q9 option A): the consent screen
376
+ // reads the requesting client + requested scopes before approving. Only
377
+ // a *pending* row is surfaced — already-handled / expired / unknown
378
+ // codes return 404 (no secret is ever returned).
379
+ const { user_code } = c.req.valid('query');
380
+ const record = await OAuthDeviceCode.findByUserCode((0, user_code_1.normalizeUserCode)(user_code));
381
+ if (!record || record.status !== 'pending') {
382
+ return c.json(DEVICE_NOT_FOUND_BODY, 404);
383
+ }
384
+ return c.json({ client_id: record.clientId, scopes: record.requestedScopes }, 200);
385
+ })
386
+ .openapi(api_contract_2.deviceVerifyRoute, async (c) => {
387
+ // Web-session only — a token must never approve its own (or a broader)
388
+ // device authorization (privilege escalation), mirroring /oauth/authorize.
389
+ if (c.get('authContext').kind !== 'web') {
390
+ return c.json(DEVICE_FORBIDDEN_BODY, 403);
391
+ }
392
+ const user = c.get('user');
393
+ const { user_code, action } = c.req.valid('json');
394
+ try {
395
+ const record = await OAuthDeviceCode.findByUserCode((0, user_code_1.normalizeUserCode)(user_code));
396
+ if (!record || record.status !== 'pending') {
397
+ return c.json(DEVICE_NOT_FOUND_BODY, 404);
398
+ }
399
+ if (action === 'approve') {
400
+ // v1 consent is all-or-nothing (PHASE4-Q3): the requested scopes
401
+ // become the granted set, matching the authorize-code consent.
402
+ record.status = 'approved';
403
+ record.userId = user._id;
404
+ record.grantedScopes = record.requestedScopes;
405
+ }
406
+ else {
407
+ record.status = 'denied';
408
+ }
409
+ await record.save();
410
+ return c.json({ status: record.status === 'approved' ? 'approved' : 'denied' }, 200);
411
+ }
412
+ catch (err) {
413
+ debug('device/verify failed:', err);
414
+ return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
415
+ }
416
+ });
417
+ /** Mint a fresh access (JWT) + refresh (DB-backed) pair for a grant. */
418
+ async function issueTokens(user, clientId, scopes) {
419
+ const accessToken = jwtUtil.signOauthAccessToken({
420
+ user,
421
+ scopes,
422
+ clientId,
423
+ expiresInSec: ACCESS_TOKEN_TTL_SEC,
424
+ });
425
+ const { token: refreshToken, tokenHash } = OAuthRefreshToken.generateToken();
426
+ await OAuthRefreshToken.create({
427
+ tokenHash,
428
+ clientId,
429
+ userId: user._id,
430
+ scopes,
431
+ expiresAt: new Date(Date.now() + REFRESH_TOKEN_TTL_MS),
432
+ });
433
+ return {
434
+ access_token: accessToken,
435
+ token_type: 'Bearer',
436
+ expires_in: ACCESS_TOKEN_TTL_SEC,
437
+ refresh_token: refreshToken,
438
+ scope: scopes.join(' '),
439
+ };
440
+ }
441
+ };
442
+ exports.registerOAuthRoutes = registerOAuthRoutes;
443
+ //# sourceMappingURL=oauth.js.map
package/dist/hono/handlers/oauth.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../../src/hono/handlers/oauth.ts"],"names":[],"mappings":";;;;;;AAiCA,sDAAqI;AACrI,sDAAwJ;AAGxJ,kDAA0B;AAG1B,sCAA6C;AAC7C,oEAAmE;AACnE,wCAA+C;AAC/C,kDAAuD;AAGvD,6CAAmD;AACnD,8CAAwD;AAExD,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,2BAA2B,CAAC,CAAC;AAEjD,yEAAyE;AACzE,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,CAAC;AACnC,yEAAyE;AACzE,MAAM,oBAAoB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACtD,6EAA6E;AAC7E,MAAM,oBAAoB,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC;AACzF,yDAAyD;AACzD,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC1C,kFAAkF;AAClF,MAAM,wBAAwB,GAAG,CAAC,CAAC;AAEnC,mFAAmF;AACnF,MAAM,mBAAmB,GAAG,uBAAuB,CAAC;AAEpD,MAAM,cAAc,GAAmB;IACrC,KAAK,EAAE;QACL,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,4DAA4D;KACtE;CACF,CAAC;AAEF,MAAM,qBAAqB,GAAmB;IAC5C,KAAK,EAAE;QACL,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,gEAAgE;KAC1E;CACF,CAAC;AAEF,MAAM,qBAAqB,GAAkB;IAC3C,KAAK,EAAE;QACL,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,gDAAgD;KAC1D;CACF,CAAC;AAEF,MAAM,UAAU,GAAG,CAAC,KAA0B,EAAE,WAAoB,EAAc,EAAE,CAAC,CAAC;IACpF,KAAK;IACL,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;CAC3D,CAAC,CAAC;AAEH;;;;;GAKG;AACH,KAAK,UAAU,QAAQ,CAAC,CAAU;IAChC,MAAM,WAAW,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACvD,IAAI,CAAC;QACH,IAAI,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC7C,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAC;QACzD,CAAC;QACD,4DAA4D;QAC5D,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,IAA+B,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAEM,MAAM,mBAAmB,GAAG,CAA2C,GAAM,EAAE,KAAY,EAAE,EAAE;IACpG,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IAC/C,MAAM,sBAAsB,GAAG,KAAK,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACrE,MAAM,iBAAiB,GAAG,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAC3D,MAAM,eAAe,GAAG,KAAK,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACvD,MAAM,mBAAmB,GAAG,KAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,IAAA,mBAAa,EAAC,KAAK,CAAC,CAAC;IAErC,gEAAgE;IAChE,wEAAwE;IACxE,4EAA4E;IAC5E,2EAA2E;IAC3E,uDAAuD;IACvD,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAA,oBAAa,EAAC,KAAK,CAAC,CAAC,CAAC;IAClD,GAAG,CAAC,GAAG,CAAC,sBAAsB,EAAE,IAAA,oBAAa,EAAC,KAAK,CAAC,CAAC,CAAC;IAEtD;;;;;;OAMG;IACH,MAAM,uBAAuB,GAAG,KAAK,EAAE,QAAgB,EAAE,QAAgB,EAA0D,EAAE;QACnI,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC1D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,EAAE,CAAC;QACnE,CAAC;QACD,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACpE,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,sBAAO,EAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACtE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM,EAAE,CAAC;YAChE,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,eAAe,EAAE,gEAAgE,CAAC,EAAE,CAAC;QAClH,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,CAAC;IACrB,CAAC,CAAC;IAEF;;;;;;;;;;;;OAYG;IACH,MAAM,aAAa,GAAG,GAAW,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,EAAE,IAAI,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAEnG,OAAO,GAAG;SACP,OAAO,CAAC,6BAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnC,4DAA4D;QAC5D,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACxC,OAAO,CAAC,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;QACrC,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE7G,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC;YACrE,CAAC;YAED,mEAAmE;YACnE,gEAAgE;YAChE,2BAA2B;YAC3B,IAAI,CAAC,IAAA,yCAAoB,EAAC,MAAM,EAAE,YAAY,CAAC,EAAE,CAAC;gBAChD,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,gDAAgD,CAAC,EAAE,GAAG,CAAC,CAAC;YACtG,CAAC;YAED,+DAA+D;YAC/D,6DAA6D;YAC7D,IAAI,qBAAqB,KAAK,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxD,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,iCAAiC,CAAC,EAAE,GAAG,CAAC,CAAC;YACvF,CAAC;YAED,kEAAkE;YAClE,2DAA2D;YAC3D,MAAM,UAAU,GAAG,MAAM,uBAAuB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YACnE,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;gBAC1B,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YACvC,CAAC;YACD,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC;YAE/B,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,sBAAsB,CAAC,YAAY,EAAE,CAAC;YACjE,MAAM,sBAAsB,CAAC,MAAM,CAAC;gBAClC,QAAQ;gBACR,QAAQ,EAAE,SAAS;gBACnB,MAAM,EAAE,IAAI,CAAC,GAAG;gBAChB,MAAM,EAAE,OAAO;gBACf,aAAa,EAAE,cAAc;gBAC7B,mBAAmB,EAAE,MAAM;gBAC3B,WAAW,EAAE,YAAY;gBACzB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC;aACnD,CAAC,CAAC;YAEH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;YAClC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACnC,IAAI,KAAK,IAAI,IAAI;gBAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAExD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;YAChC,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,yBAAU,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC/B,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,MAAM,GAAG,iCAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,yBAAyB,CAAC,EAAE,GAAG,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QAEzB,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,UAAU,KAAK,oBAAoB,EAAE,CAAC;gBAC7C,gEAAgE;gBAChE,yDAAyD;gBACzD,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,OAAO,CAAC,sBAAsB,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;gBAChG,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,yDAAyD,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC7G,CAAC;gBACD,IAAI,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,CAAC,YAAY,EAAE,CAAC;oBACnF,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,mCAAmC,CAAC,EAAE,GAAG,CAAC,CAAC;gBACvF,CAAC;gBACD,IAAI,CAAC,IAAA,qBAAc,EAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC;oBAC9D,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,0BAA0B,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC9E,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;oBAChD,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,0BAA0B,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC9E,CAAC;gBAED,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,CAAC;YAC9E,CAAC;YAED,IAAI,IAAI,CAAC,UAAU,KAAK,eAAe,EAAE,CAAC;gBACxC,MAAM,aAAa,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBACtE,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;gBAEvE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,gEAAgE;oBAChE,4DAA4D;oBAC5D,4DAA4D;oBAC5D,uDAAuD;oBACvD,MAAM,KAAK,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;oBAC5E,IAAI,KAAK,EAAE,CAAC;wBACV,MAAM,iBAAiB,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;oBACrD,CAAC;oBACD,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,+CAA+C,CAAC,EAAE,GAAG,CAAC,CAAC;gBACnG,CAAC;gBAED,IAAI,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;oBACvC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,oBAAoB,CAAC,EAAE,GAAG,CAAC,CAAC;gBACxE,CAAC;gBAED,kEAAkE;gBAClE,4DAA4D;gBAC5D,IAAI,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC;gBAC/B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oBACtE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;oBACxC,MAAM,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,6BAAc,EAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;oBAC/D,IAAI,CAAC,EAAE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAClC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,2CAA2C,CAAC,EAAE,GAAG,CAAC,CAAC;oBAC/F,CAAC;oBACD,UAAU,GAAG,SAAS,CAAC;gBACzB,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAChD,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;oBAChD,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,0BAA0B,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC9E,CAAC;gBAED,mEAAmE;gBACnE,kEAAkE;gBAClE,wCAAwC;gBACxC,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;gBACpE,MAAM,aAAa,GAAG,iBAAiB,CAAC,SAAS,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;gBACxE,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;gBAC9B,MAAM,CAAC,SAAS,GAAG,aAAa,CAAC;gBACjC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;gBAEpB,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAC7B,CAAC;YAED,IAAI,IAAI,CAAC,UAAU,KAAK,8CAA8C,EAAE,CAAC;gBACvE,MAAM,IAAI,GAAG,eAAe,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBAC9D,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;gBAChE,kEAAkE;gBAClE,iEAAiE;gBACjE,qEAAqE;gBACrE,6CAA6C;gBAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,kDAAkD,CAAC,EAAE,GAAG,CAAC,CAAC;gBACtG,CAAC;gBACD,IAAI,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;oBACvC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,oBAAoB,CAAC,EAAE,GAAG,CAAC,CAAC;gBACxE,CAAC;gBAED,qEAAqE;gBACrE,iEAAiE;gBACjE,kEAAkE;gBAClE,kBAAkB;gBAClB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACvB,IAAI,MAAM,CAAC,YAAY,IAAI,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,QAAQ,GAAG,IAAI,EAAE,CAAC;oBACxF,MAAM,eAAe,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;oBACxC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,mCAAmC,CAAC,EAAE,GAAG,CAAC,CAAC;gBACnF,CAAC;gBACD,MAAM,eAAe,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;gBAExC,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;oBAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,0CAA0C,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC9F,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oBAChC,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,uBAAuB,EAAE,kDAAkD,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC9G,CAAC;gBAED,iEAAiE;gBACjE,4CAA4C;gBAC5C,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBACrD,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,kDAAkD,CAAC,EAAE,GAAG,CAAC,CAAC;gBACtG,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAClD,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;oBAChD,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,EAAE,0BAA0B,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC9E,CAAC;gBAED,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,GAAG,CAAC,CAAC;YACzF,CAAC;YAED,4DAA4D;YAC5D,wDAAwD;YACxD,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,wBAAwB,EAAE,wBAAwB,CAAC,EAAE,GAAG,CAAC,CAAC;QACrF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;YAC5B,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,yCAAyC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,0BAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAChC,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/D,mEAAmE;QACnE,6CAA6C;QAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACzB,CAAC;QAED,IAAI,CAAC;YACH,IAAI,KAAK,CAAC,UAAU,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,CAAC;gBACrD,uDAAuD;gBACvD,MAAM,IAAI,GAAG,iBAAiB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAChD,MAAM,iBAAiB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YAC5C,CAAC;iBAAM,IAAI,KAAK,CAAC,UAAU,CAAC,mBAAmB,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC9D,MAAM,IAAI,GAAG,mBAAmB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAClD,MAAM,mBAAmB,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;YACvG,CAAC;YACD,oEAAoE;YACpE,4DAA4D;YAC5D,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACzB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,CAAC;YACtD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,6BAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnC,kEAAkE;QAClE,kEAAkE;QAClE,qEAAqE;QACrE,iEAAiE;QACjE,qCAAqC;QACrC,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,GAAG,MAAM,SAAS,CAAC;QACnC,OAAO,CAAC,CAAC,IAAI,CACX;YACE,MAAM;YACN,sBAAsB,EAAE,GAAG,MAAM,kBAAkB;YACnD,cAAc,EAAE,GAAG,OAAO,cAAc;YACxC,mBAAmB,EAAE,GAAG,OAAO,eAAe;YAC9C,6BAA6B,EAAE,GAAG,OAAO,yBAAyB;YAClE,gBAAgB,EAAE,CAAC,GAAG,yCAA0B,CAAC;YACjD,wBAAwB,EAAE,CAAC,MAAM,CAAC;YAClC,qBAAqB,EAAE,CAAC,GAAG,oCAAqB,CAAC;YACjD,gCAAgC,EAAE,CAAC,MAAM,CAAC;YAC1C,qCAAqC,EAAE,CAAC,MAAM,CAAC;SAChD,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CAAC;SACD,OAAO,CAAC,mCAAoB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACzC,qEAAqE;QACrE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,uBAAuB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YACnE,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;gBAC1B,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YACvC,CAAC;YAED,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,MAAM,eAAe,CAAC,aAAa,CAAC;gBAC9D,QAAQ,EAAE,SAAS;gBACnB,eAAe,EAAE,UAAU,CAAC,OAAO;gBACnC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,kBAAkB,CAAC;gBACpD,QAAQ,EAAE,wBAAwB;aACnC,CAAC,CAAC;YAEH,mEAAmE;YACnE,kEAAkE;YAClE,kDAAkD;YAClD,MAAM,eAAe,GAAG,GAAG,aAAa,EAAE,eAAe,CAAC;YAC1D,MAAM,uBAAuB,GAAG,GAAG,eAAe,cAAc,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAEnG,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,WAAW,EAAE,UAAU;gBACvB,SAAS,EAAE,GAAG,CAAC,QAAQ;gBACvB,gBAAgB,EAAE,eAAe;gBACjC,yBAAyB,EAAE,uBAAuB;gBAClD,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,kBAAkB,GAAG,IAAI,CAAC;gBACjD,QAAQ,EAAE,wBAAwB;aACnC,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;YACvC,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC;SACD,OAAO,CAAC,8BAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACpC,sEAAsE;QACtE,wEAAwE;QACxE,oEAAoE;QACpE,iDAAiD;QACjD,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC,IAAA,6BAAiB,EAAC,SAAS,CAAC,CAAC,CAAC;QAClF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC3C,OAAO,CAAC,CAAC,IAAI,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC;IACrF,CAAC,CAAC;SACD,OAAO,CAAC,gCAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACtC,uEAAuE;QACvE,2EAA2E;QAC3E,IAAI,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACxC,OAAO,CAAC,CAAC,IAAI,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;QAC5C,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,cAAc,CAAC,IAAA,6BAAiB,EAAC,SAAS,CAAC,CAAC,CAAC;YAClF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC3C,OAAO,CAAC,CAAC,IAAI,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;YAC5C,CAAC;YAED,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,iEAAiE;gBACjE,+DAA+D;gBAC/D,MAAM,CAAC,MAAM,GAAG,UAAU,CAAC;gBAC3B,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC;gBACzB,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,eAAe,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;YAC3B,CAAC;YACD,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;YAEpB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAE,UAAoB,CAAC,CAAC,CAAE,QAAkB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC7G,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;YACpC,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,wEAAwE;IACxE,KAAK,UAAU,WAAW,CAAC,IAAoD,EAAE,QAAgB,EAAE,MAAgB;QACjH,MAAM,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC;YAC/C,IAAI;YACJ,MAAM;YACN,QAAQ;YACR,YAAY,EAAE,oBAAoB;SACnC,CAAC,CAAC;QACH,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,iBAAiB,CAAC,aAAa,EAAE,CAAC;QAC7E,MAAM,iBAAiB,CAAC,MAAM,CAAC;YAC7B,SAAS;YACT,QAAQ;YACR,MAAM,EAAE,IAAI,CAAC,GAAG;YAChB,MAAM;YACN,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,oBAAoB,CAAC;SACvD,CAAC,CAAC;QACH,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,QAAiB;YAC7B,UAAU,EAAE,oBAAoB;YAChC,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SACxB,CAAC;IACJ,CAAC;AACH,CAAC,CAAC;AApZW,QAAA,mBAAmB,uBAoZ9B"}
package/dist/hono/handlers/page-collab.d.ts ADDED
@@ -0,0 +1,79 @@
1
+ import type { OpenAPIHono } from '@hono/zod-openapi';
2
+ import type Crowi from '../../crowi';
3
+ import type { CrowiHonoBindings } from '../app';
4
+ export declare const registerPageCollabRoutes: <E extends OpenAPIHono<CrowiHonoBindings>>(app: E, crowi: Crowi) => OpenAPIHono<CrowiHonoBindings, {
5
+ "/pages/:id/yjs-token": {
6
+ $get: {
7
+ input: {
8
+ param: {
9
+ id: string;
10
+ };
11
+ };
12
+ output: {
13
+ wsToken: string;
14
+ pageId: string;
15
+ expiresAt: string;
16
+ readonly: boolean;
17
+ };
18
+ outputFormat: "json";
19
+ status: 200;
20
+ } | {
21
+ input: {
22
+ param: {
23
+ id: string;
24
+ };
25
+ };
26
+ output: {
27
+ error: {
28
+ code: "INVALID_PAGE_ID";
29
+ message: string;
30
+ };
31
+ };
32
+ outputFormat: "json";
33
+ status: 400;
34
+ } | {
35
+ input: {
36
+ param: {
37
+ id: string;
38
+ };
39
+ };
40
+ output: {
41
+ error: {
42
+ code: "AUTHENTICATION_REQUIRED";
43
+ message: "Authentication is required";
44
+ redirectTo?: string | undefined;
45
+ };
46
+ };
47
+ outputFormat: "json";
48
+ status: 401;
49
+ } | {
50
+ input: {
51
+ param: {
52
+ id: string;
53
+ };
54
+ };
55
+ output: {
56
+ error: {
57
+ code: "PAGE_NOT_FOUND";
58
+ message: "Page not found";
59
+ };
60
+ };
61
+ outputFormat: "json";
62
+ status: 404;
63
+ } | {
64
+ input: {
65
+ param: {
66
+ id: string;
67
+ };
68
+ };
69
+ output: {
70
+ error: {
71
+ code: "INTERNAL_ERROR";
72
+ message: "Internal server error";
73
+ };
74
+ };
75
+ outputFormat: "json";
76
+ status: 500;
77
+ };
78
+ };
79
+ }, "/">;
package/dist/hono/handlers/page-collab.js ADDED
@@ -0,0 +1,98 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.registerPageCollabRoutes = void 0;
7
+ /**
8
+ * RFC-0006 Phase 4 Batch 5 — `pageCollab` resource Hono port.
9
+ *
10
+ * Replaces `packages/api/src/routes/ts-rest/page-collab.ts`. Single
11
+ * endpoint:
12
+ *
13
+ * GET /pages/:id/yjs-token — Hocuspocus connection wsToken (RFC-0003)
14
+ *
15
+ * Auth is shared with the `page` / `page-preview` / `presence` resources:
16
+ * the `revision` handler already applies `createJwtAuth(crowi)` broadly
17
+ * to `/pages/*` (see `packages/api/src/hono/handlers/revision.ts`), so
18
+ * this handler relies on the established register order (`revision ->
19
+ * page -> page-preview -> pageCollab -> presence -> notification` in
20
+ * `buildHonoApp`) and does NOT install jwtAuth itself. Hono does not
21
+ * dedupe middleware by reference; re-installing it would cost a second
22
+ * JWT verify + `User.findById` per request. See the page handler file
23
+ * header for the longer rationale.
24
+ *
25
+ * Behaviour parity (wire-format / authorisation):
26
+ *
27
+ * - 401 if no Authorization header (handled by `createJwtAuth`).
28
+ * - 400 INVALID_PAGE_ID if `:id` is not a 24-char hex ObjectId
29
+ * (`isValidObjectId` short-circuit before `loadGrantedPage`).
30
+ * - 404 PAGE_NOT_FOUND for missing pages or grant-denied callers
31
+ * (`loadGrantedPage` collapses both — page existence is never leaked).
32
+ * - 404 PAGE_NOT_FOUND for non-author callers on draft pages (RFC-0004
33
+ * first gate; the second is Hocuspocus `onAuthenticate`).
34
+ * - 500 INTERNAL_ERROR on signing exception.
35
+ *
36
+ * The cap stub is shared with the ts-rest era: `checkEditorCap` returns
37
+ * `{ readonly: false }` until Phase 6 wires the Redis-backed counter.
38
+ * Tests inject a fake counter via `_setEditorCapCounterForTesting` to
39
+ * exercise the readonly=true branch.
40
+ */
41
+ const api_contract_1 = require("@crowi/api-contract");
42
+ const debug_1 = __importDefault(require("debug"));
43
+ const page_1 = require("../../models/page");
44
+ const collab_cap_1 = require("../../util/collab-cap");
45
+ const ts_rest_helpers_1 = require("../../util/ts-rest-helpers");
46
+ const ws_token_1 = require("../../util/ws-token");
47
+ const errors_1 = require("./_helpers/errors");
48
+ const debug = (0, debug_1.default)('crowi:hono:handlers:page-collab');
49
+ const registerPageCollabRoutes = (app, crowi) => {
50
+ const Page = crowi.model('Page');
51
+ // Resolve / sign helper once per server (closure-captures the secret).
52
+ // The handler captures this at construction time, so any test that
53
+ // mutates `WS_TOKEN_SECRET` after server boot must set the env var
54
+ // BEFORE `src/test/setup` imports the app (see the test file header).
55
+ const wsTokenUtil = (0, ws_token_1.createWsTokenUtil)();
56
+ return app.openapi(api_contract_1.getYjsTokenRoute, async (c) => {
57
+ const user = c.get('user');
58
+ const { id: pageId } = c.req.valid('param');
59
+ debug('getYjsToken called', { pageId, userId: user._id.toString() });
60
+ if (!(0, ts_rest_helpers_1.isValidObjectId)(pageId)) {
61
+ return c.json(errors_1.INVALID_PAGE_ID_BODY, 400);
62
+ }
63
+ const loaded = await (0, ts_rest_helpers_1.loadGrantedPage)(Page, pageId, user);
64
+ if ('error' in loaded) {
65
+ return c.json(errors_1.PAGE_NOT_FOUND_BODY, 404);
66
+ }
67
+ // RFC-0004: a draft page is editable only by its author. The collab
68
+ // WebSocket carries the wsToken minted here, so refusing to sign a
69
+ // token for a non-author is the first of the two draft gates (the
70
+ // second is the Hocuspocus `onAuthenticate` hook). Collapse "draft
71
+ // owned by someone else" into the same 404 the grant check uses so
72
+ // draft existence is never leaked.
73
+ if (loaded.page.status === page_1.STATUS_DRAFT && !loaded.page.isCreator(user)) {
74
+ debug('getYjsToken rejected: draft page %s not owned by %s', pageId, user._id.toString());
75
+ return c.json(errors_1.PAGE_NOT_FOUND_BODY, 404);
76
+ }
77
+ try {
78
+ const { readonly } = await (0, collab_cap_1.checkEditorCap)(crowi, pageId);
79
+ const { token, expiresAt } = wsTokenUtil.signWsToken({
80
+ userId: user._id.toString(),
81
+ pageId,
82
+ readonly,
83
+ });
84
+ return c.json({
85
+ wsToken: token,
86
+ pageId,
87
+ expiresAt: expiresAt.toISOString(),
88
+ readonly,
89
+ }, 200);
90
+ }
91
+ catch (err) {
92
+ debug('wsToken signing failed:', err.message);
93
+ return c.json(errors_1.INTERNAL_ERROR_BODY, 500);
94
+ }
95
+ });
96
+ };
97
+ exports.registerPageCollabRoutes = registerPageCollabRoutes;
98
+ //# sourceMappingURL=page-collab.js.map
package/dist/hono/handlers/page-collab.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"page-collab.js","sourceRoot":"","sources":["../../../src/hono/handlers/page-collab.ts"],"names":[],"mappings":";;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,sDAAuD;AAEvD,kDAA0B;AAG1B,0CAA+C;AAC/C,oDAAqD;AACrD,8DAA4E;AAC5E,gDAAsD;AAItD,8CAAmG;AAEnG,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,iCAAiC,CAAC,CAAC;AAEhD,MAAM,wBAAwB,GAAG,CAA2C,GAAM,EAAE,KAAY,EAAE,EAAE;IACzG,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEjC,uEAAuE;IACvE,mEAAmE;IACnE,mEAAmE;IACnE,sEAAsE;IACtE,MAAM,WAAW,GAAG,IAAA,4BAAiB,GAAE,CAAC;IAExC,OAAO,GAAG,CAAC,OAAO,CAAC,+BAAgB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC/C,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5C,KAAK,CAAC,oBAAoB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAErE,IAAI,CAAC,IAAA,iCAAe,EAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,CAAC,IAAI,CAAC,6BAAoB,EAAE,GAAG,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAe,EAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QACzD,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;QAED,oEAAoE;QACpE,mEAAmE;QACnE,kEAAkE;QAClE,mEAAmE;QACnE,mEAAmE;QACnE,mCAAmC;QACnC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,mBAAY,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YACxE,KAAK,CAAC,qDAAqD,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC1F,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAA,2BAAc,EAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YACzD,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,WAAW,CAAC,WAAW,CAAC;gBACnD,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE;gBAC3B,MAAM;gBACN,QAAQ;aACT,CAAC,CAAC;YAEH,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,OAAO,EAAE,KAAK;gBACd,MAAM;gBACN,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;gBAClC,QAAQ;aACT,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,KAAK,CAAC,yBAAyB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACzD,OAAO,CAAC,CAAC,IAAI,CAAC,4BAAmB,EAAE,GAAG,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAzDW,QAAA,wBAAwB,4BAyDnC"}