@de-otio/trellis 0.10.7 → 0.10.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1 +1 @@
1
- {"version":3,"file":"post-confirmation.d.ts","sourceRoot":"","sources":["../../src/lambda/post-confirmation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,KAAK,EAEV,8BAA8B,EAC/B,MAAM,YAAY,CAAC;AA0GpB,eAAO,MAAM,OAAO,EAAE,8BA8GrB,CAAC"}
1
+ {"version":3,"file":"post-confirmation.d.ts","sourceRoot":"","sources":["../../src/lambda/post-confirmation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,OAAO,KAAK,EAEV,8BAA8B,EAC/B,MAAM,YAAY,CAAC;AA0GpB,eAAO,MAAM,OAAO,EAAE,8BAsHrB,CAAC"}
@@ -29,7 +29,7 @@
29
29
  * No PII (email body, group claim contents, raw IdP attributes) is logged.
30
30
  */
31
31
  import { Logger } from "@aws-lambda-powertools/logger";
32
- import { getLambdaPrisma as getPrisma } from "../lib/lambda-prisma.js";
32
+ import { getLambdaPrisma as getPrisma, withLambdaDbBreaker } from "../lib/lambda-prisma.js";
33
33
  import { Prisma, } from "@prisma/client";
34
34
  import { createClaimsCacheFromEnv } from "../lib/auth/claims-cache.js";
35
35
  import { deriveEmailDomain } from "../lib/tenant/derive-domain.js";
@@ -139,7 +139,11 @@ export const handler = async (event) => {
139
139
  const invitationCode = event.request.clientMetadata?.invitationCode?.trim() || undefined;
140
140
  const requestedMethod = parseSignupMethodHint(event.request.clientMetadata?.signupMethod);
141
141
  const db = await getPrisma();
142
- const result = await withHandleConflictRetry(() => db.$transaction(async (tx) => provisionUserAndTenancy(tx, {
142
+ // The provisioning transaction is the longest-held connection in a signup
143
+ // burst (multi-statement, up to the 8s timeout). Run it under the Lambda
144
+ // circuit breaker so a saturated DB trips fast-fail instead of being retried
145
+ // into an already-exhausted instance.
146
+ const result = await withLambdaDbBreaker(() => withHandleConflictRetry(() => db.$transaction(async (tx) => provisionUserAndTenancy(tx, {
143
147
  cognitoSub,
144
148
  email,
145
149
  emailVerified: attrs.email_verified,
@@ -150,7 +154,7 @@ export const handler = async (event) => {
150
154
  providedHandle: attrs["custom:handle"],
151
155
  invitationCode,
152
156
  requestedMethod,
153
- }), { timeout: 8000 }));
157
+ }), { timeout: 8000 })), "post_confirmation.provision");
154
158
  if (ageTier === "CHILD") {
155
159
  const guardianEmail = attrs["custom:guardianEmail"]?.toLowerCase();
156
160
  if (guardianEmail) {
@@ -1 +1 @@
1
- {"version":3,"file":"post-confirmation.js","sourceRoot":"","sources":["../../src/lambda/post-confirmation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAMH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AACvD,OAAO,EAAE,eAAe,IAAI,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,EAEL,MAAM,GAIP,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAe,wBAAwB,EAAqB,MAAM,6BAA6B,CAAC;AACvG,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAyB,MAAM,+BAA+B,CAAC;AACzF,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EACL,uBAAuB,EACvB,cAAc,GACf,MAAM,2BAA2B,CAAC;AAGnC,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAC,CAAC;AAChE,IAAI,KAAK,GAAuB,IAAI,CAAC;AAErC,SAAS,QAAQ;IACf,IAAI,CAAC,KAAK;QAAE,KAAK,GAAG,wBAAwB,EAAE,CAAC;IAC/C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,WAAiB;IACvC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAI,GAAG,GAAG,GAAG,CAAC,cAAc,EAAE,GAAG,WAAW,CAAC,cAAc,EAAE,CAAC;IAC9D,MAAM,SAAS,GAAG,GAAG,CAAC,WAAW,EAAE,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAChE,IAAI,SAAS,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,IAAI,GAAG,CAAC,UAAU,EAAE,GAAG,WAAW,CAAC,UAAU,EAAE,CAAC,EAAE,CAAC;QACtF,GAAG,EAAE,CAAC;IACR,CAAC;IACD,IAAI,GAAG,GAAG,EAAE;QAAE,OAAO,OAAO,CAAC;IAC7B,IAAI,GAAG,GAAG,EAAE;QAAE,OAAO,MAAM,CAAC;IAC5B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAmC;IAC3D,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACzC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;QAC1E,mEAAmE;QACnE,mEAAmE;QACnE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAC5B,GAA8B;IAE9B,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,SAAS,CAAC;QACf,KAAK,QAAQ,CAAC;QACd,KAAK,YAAY;YACf,OAAO,GAAG,CAAC;QACb;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAA8B;IACpD,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,0EAA0E;IAC1E,qEAAqE;IACrE,uEAAuE;IACvE,oBAAoB;IACpB,OAAO,GAAG;SACP,KAAK,CAAC,OAAO,CAAC;SACd,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC;AAkBD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,gCAAgC;IAChC,wCAAwC;CACzC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,OAAO,GAAmC,KAAK,EAAE,KAAK,EAAE,EAAE;IACrE,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;QAAE,OAAO,KAAK,CAAC;IAE/D,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC;IAC3C,6EAA6E;IAC7E,2EAA2E;IAC3E,6EAA6E;IAC7E,6EAA6E;IAC7E,2EAA2E;IAC3E,sEAAsE;IACtE,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC;IAC7B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC;IACzC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAE3C,IAAI,WAA6B,CAAC;IAClC,IAAI,OAAO,GAAY,OAAO,CAAC;IAC/B,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,MAAM,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACpD,WAAW,GAAG,MAAM,CAAC;YACrB,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,iEAAiE;IACjE,6EAA6E;IAC7E,8EAA8E;IAC9E,+EAA+E;IAC/E,qEAAqE;IACrE,MAAM,cAAc,GAClB,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;IACpE,MAAM,eAAe,GAAG,qBAAqB,CAC3C,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,YAAY,CAC3C,CAAC;IAEF,MAAM,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;IAE7B,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAAC,GAAG,EAAE,CAChD,EAAE,CAAC,YAAY,CACb,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,uBAAuB,CAAC,EAAE,EAAE;QACxC,UAAU;QACV,KAAK;QACL,aAAa,EAAE,KAAK,CAAC,cAAc;QACnC,SAAS;QACT,SAAS;QACT,WAAW;QACX,OAAO;QACP,cAAc,EAAE,KAAK,CAAC,eAAe,CAAC;QACtC,cAAc;QACd,eAAe;KAChB,CAAC,EACF,EAAE,OAAO,EAAE,IAAI,EAAE,CAClB,CACF,CAAC;IAEF,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,aAAa,GAAG,KAAK,CAAC,sBAAsB,CAAC,EAAE,WAAW,EAAE,CAAC;QACnE,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;YAC/E,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;oBAC3B,KAAK,EAAE,EAAE,kBAAkB,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE;oBAClF,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;oBAC9E,MAAM,EAAE,EAAE;iBACX,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,uEAAuE;IACvE,6EAA6E;IAC7E,4EAA4E;IAC5E,6DAA6D;IAC7D,MAAM,mBAAmB,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAE7C,MAAM,gBAAgB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAE3C,qEAAqE;IACrE,wEAAwE;IACxE,0EAA0E;IAC1E,mEAAmE;IACnE,0EAA0E;IAC1E,mEAAmE;IACnE,MAAM,uBAAuB,CAAC;QAC5B,EAAE;QACF,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,MAAM,EAAE,MAAM,CAAC,YAAY;QAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,QAAQ,EAAE,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,gBAAgB;QACvD,MAAM,EAAE,EAAE,2BAA2B,EAAE,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE;QAChF,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,EAAE;KACrD,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE;QAC5B,UAAU;QACV,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,SAAS;KACV,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAiBF;;;;;;GAMG;AACH,SAAS,iBAAiB,CAAC,MAAc;IACvC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACvE,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,CAAC;QACH,wEAAwE;QACxE,MAAM,YAAY,GAAG,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,GAAG,EAAE,CAAC;QACvE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;QAClC,OAAO,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,UAAU,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;IAChF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,uBAAuB,CACpC,EAAoB,EACpB,WAAW,GAAG,CAAC;IAEf,KAAK,IAAI,OAAO,GAAG,CAAC,GAAI,OAAO,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,gBAAgB,GACpB,GAAG,YAAY,MAAM,CAAC,6BAA6B;gBACnD,GAAG,CAAC,IAAI,KAAK,OAAO;gBACpB,MAAM,CACH,GAAG,CAAC,IAAyC,EAAE,MAAM,IAAI,EAAE,CAC7D,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACvB,IAAI,gBAAgB,IAAI,OAAO,GAAG,WAAW,EAAE,CAAC;gBAC9C,MAAM,CAAC,IAAI,CAAC,gDAAgD,EAAE;oBAC5D,OAAO;iBACR,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,EAA4B,EAC5B,KAAwB;IAExB,MAAM,EACJ,UAAU,EACV,KAAK,EACL,SAAS,EACT,SAAS,EACT,WAAW,EACX,OAAO,EACP,cAAc,EACd,cAAc,EACd,eAAe,GAChB,GAAG,KAAK,CAAC;IAEV,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;QACvC,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;KAC3C,CAAC,CAAC;IAEH,4EAA4E;IAC5E,0EAA0E;IAC1E,wEAAwE;IACxE,gEAAgE;IAChE,IAAI,oBAAoB,GAAkB,IAAI,CAAC;IAC/C,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;YACzC,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,CAAC,WAAW,EAAE,EAAE;YAC7C,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;SACrB,CAAC,CAAC;QACH,oBAAoB,GAAG,GAAG,EAAE,EAAE,IAAI,IAAI,CAAC;IACzC,CAAC;IACD,+EAA+E;IAC/E,MAAM,YAAY,GAChB,eAAe,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACnE,iEAAiE;IACjE,MAAM,YAAY,GAAG,cAAc,CAAC;QAClC,MAAM,EAAE,YAAY;QACpB,YAAY,EAAE,oBAAoB;KACnC,CAAC,CAAC;IAEH,IAAI,IAAI,GAAG,QAAQ,CAAC;IACpB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,aAAa,GACjB,CAAC,cAAc,IAAI,cAAc,CAAC,IAAI,EAAE,CAAC;YACzC,CAAC,MAAM,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;gBACrC,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;gBACtF,OAAO,CAAC,CAAC,KAAK,CAAC;YACjB,CAAC,CAAC,CAAC,CAAC;QACN,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YAC1B,IAAI,EAAE;gBACJ,UAAU;gBACV,KAAK;gBACL,MAAM,EAAE,aAAa;gBACrB,mEAAmE;gBACnE,qEAAqE;gBACrE,QAAQ,EAAE,iBAAiB,CAAC,aAAa,CAAC;gBAC1C,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU;gBAC5C,qEAAqE;gBACrE,uEAAuE;gBACvE,+EAA+E;gBAC/E,WAAW,EAAE,KAAK;gBAClB,+DAA+D;gBAC/D,yEAAyE;gBACzE,YAAY,EAAE,YAAY,CAAC,YAAY;gBACvC,YAAY,EAAE,YAAY,CAAC,YAAY;gBACvC,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;aAC7C;SACF,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;QACtD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;gBAC7D,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;oBACpC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAK,CAAC,EAAE,EAAE,EAAE;oBAC3C,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;iBACrB,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC,KAAK,CAAC;YACjB,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,MAAM,GAAG,gBAAgB,CAAC;YAClC,mEAAmE;YACnE,IAAI,CAAC,IAAI,CAAC,QAAQ;gBAAE,OAAO,CAAC,QAAQ,GAAG,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;IAC7C,IAAI,kBAAkB,GAAG,EAAE,CAAC;IAC5B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,YAAY,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,cAAc,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;YAC5C,IAAI,EAAE;gBACJ,IAAI,EAAE,YAAY;gBAClB,WAAW,EAAE,IAAI,CAAC,MAAM,IAAI,UAAU;gBACtC,IAAI,EAAE,UAAU;gBAChB,mBAAmB,EAAE,IAAI,CAAC,EAAE;aAC7B;SACF,CAAC,CAAC;QACH,gBAAgB,GAAG,cAAc,CAAC,EAAE,CAAC;QACrC,kBAAkB,GAAG,cAAc,CAAC,IAAI,CAAC;QACzC,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC3B,KAAK,EAAE,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,cAAc,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;YAC5E,MAAM,EAAE;gBACN,QAAQ,EAAE,cAAc,CAAC,EAAE;gBAC3B,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,QAAQ;gBAChB,QAAQ,EAAE,IAAI,IAAI,EAAE;aACrB;YACD,MAAM,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;SAC7B,CAAC,CAAC;QACH,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACnB,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE,EAAE,gBAAgB,EAAE,cAAc,CAAC,EAAE,EAAE;SAC9C,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC;YAC1C,KAAK,EAAE,EAAE,EAAE,EAAE,gBAAgB,EAAE;YAC/B,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;SACvB,CAAC,CAAC;QACH,kBAAkB,GAAG,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC;QAC1C,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC3B,KAAK,EAAE,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;YAC3E,MAAM,EAAE;gBACN,QAAQ,EAAE,gBAAgB;gBAC1B,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,QAAQ;gBAChB,QAAQ,EAAE,IAAI,IAAI,EAAE;aACrB;YACD,MAAM,EAAE,EAAE;SACX,CAAC,CAAC;IACL,CAAC;IAED,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,aAAa,GAAsB,IAAI,CAAC;IAC5C,IAAI,SAAS,EAAE,CAAC;QACd,yEAAyE;QACzE,0EAA0E;QAC1E,uEAAuE;QACvE,qEAAqE;QACrE,gEAAgE;QAChE,kEAAkE;QAClE,yEAAyE;QACzE,MAAM,aAAa,GAAG,KAAK,CAAC,aAAa,KAAK,MAAM,CAAC;QACrD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;YACtE,OAAO;gBACL,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,UAAU,EAAE,IAAI,CAAC,IAAI;gBACrB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;gBACzB,gBAAgB,EAAE,gBAAiB;gBACnC,kBAAkB;gBAClB,WAAW,EAAE,IAAI;gBACjB,aAAa,EAAE,IAAI;gBACnB,aAAa,EAAE,IAAI;gBACnB,YAAY;gBACZ,YAAY,EAAE,oBAAoB;aACnC,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QACrE,CAAC;aAAM,CAAC;YACN,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;gBACpD,KAAK,EAAE,EAAE,MAAM,EAAE;gBACjB,OAAO,EAAE;oBACP,MAAM,EAAE;wBACN,OAAO,EAAE;4BACP,gBAAgB,EAAE;gCAChB,MAAM,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;6BAC5C;4BACD,YAAY,EAAE;gCACZ,MAAM,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE;6BACjE;yBACF;qBACF;iBACF;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,CAAC,IAAI,CAAC,uCAAuC,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;YACvE,CAAC;iBAAM,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC;gBACpC,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE;oBACrD,UAAU;oBACV,QAAQ,EAAE,YAAY,CAAC,QAAQ;iBAChC,CAAC,CAAC;YACL,CAAC;iBAAM,IACL,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB;gBACrC,YAAY,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,QAAQ,EACxD,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;oBAChD,UAAU;oBACV,QAAQ,EAAE,YAAY,CAAC,QAAQ;iBAChC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,GAAG,iBAAiB,CAC5B,SAAS,EACT,YAAY,CAAC,MAAM,CAAC,YAAkC,EACtD,YAAY,CAAC,MAAM,CAAC,gBAAgB,CAAC,WAAW,CACjD,CAAC;gBACF,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;wBAC3C,UAAU;wBACV,QAAQ,EAAE,YAAY,CAAC,QAAQ;qBAChC,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;wBAC3B,KAAK,EAAE;4BACL,eAAe,EAAE,EAAE,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE;yBACtE;wBACD,MAAM,EAAE;4BACN,QAAQ,EAAE,YAAY,CAAC,QAAQ;4BAC/B,MAAM,EAAE,IAAI,CAAC,EAAE;4BACf,IAAI;4BACJ,MAAM,EAAE,QAAQ;4BAChB,QAAQ,EAAE,IAAI,IAAI,EAAE;4BACpB,gBAAgB,EAAE,IAAI;yBACvB;wBACD,MAAM,EAAE;4BACN,IAAI;4BACJ,MAAM,EAAE,QAAQ;4BAChB,YAAY,EAAE,IAAI,IAAI,EAAE;yBACzB;qBACF,CAAC,CAAC;oBACH,WAAW,GAAG,YAAY,CAAC,QAAQ,CAAC;oBACpC,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC;oBACzC,aAAa,GAAG,IAAI,CAAC;gBACvB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,UAAU,EAAE,IAAI,CAAC,IAAI;QACrB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;QACzB,gBAAgB,EAAE,gBAAiB;QACnC,kBAAkB;QAClB,WAAW;QACX,aAAa;QACb,aAAa;QACb,YAAY;QACZ,YAAY,EAAE,oBAAoB;KACnC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,mBAAmB,CAAC,EAAgB,EAAE,MAAc;IACjE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;YACxC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE;SAC9B,CAAC,CAAC;QACH,IAAI,QAAQ,EAAE,WAAW;YAAE,OAAO,CAAC,4BAA4B;QAE/D,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE;YACnD,yBAAyB,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAChE,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;SACnC,CAAC,CAAC;QAEH,iEAAiE;QACjE,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACnB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,WAAW,EAAE;SACtB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC9C,MAAM;YACN,MAAM,EAAG,GAAyB,CAAC,IAAI,IAAI,SAAS;SACrD,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,UAAkB,EAAE,MAA0B;IAC5E,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,gBAAgB,CAAC;IACrE,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,kBAAkB,CAAC;IAC3E,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC;IACzD,MAAM,MAAM,GAAiB;QAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,cAAc;QACd,UAAU,EAAE,gBAAgB;QAC5B,UAAU,EAAE,gBAAgB;QAC5B,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC;IACF,IAAI,CAAC;QACH,MAAM,QAAQ,EAAE,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,gCAAgC,EAAE;YAC5C,UAAU;YACV,KAAK,EAAG,GAAyB,CAAC,IAAI,IAAI,SAAS;SACpD,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"post-confirmation.js","sourceRoot":"","sources":["../../src/lambda/post-confirmation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAMH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AACvD,OAAO,EAAE,eAAe,IAAI,SAAS,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC5F,OAAO,EAEL,MAAM,GAIP,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAe,wBAAwB,EAAqB,MAAM,6BAA6B,CAAC;AACvG,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAyB,MAAM,+BAA+B,CAAC;AACzF,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EACL,uBAAuB,EACvB,cAAc,GACf,MAAM,2BAA2B,CAAC;AAGnC,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,mBAAmB,EAAE,CAAC,CAAC;AAChE,IAAI,KAAK,GAAuB,IAAI,CAAC;AAErC,SAAS,QAAQ;IACf,IAAI,CAAC,KAAK;QAAE,KAAK,GAAG,wBAAwB,EAAE,CAAC;IAC/C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,WAAiB;IACvC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAI,GAAG,GAAG,GAAG,CAAC,cAAc,EAAE,GAAG,WAAW,CAAC,cAAc,EAAE,CAAC;IAC9D,MAAM,SAAS,GAAG,GAAG,CAAC,WAAW,EAAE,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAChE,IAAI,SAAS,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,CAAC,IAAI,GAAG,CAAC,UAAU,EAAE,GAAG,WAAW,CAAC,UAAU,EAAE,CAAC,EAAE,CAAC;QACtF,GAAG,EAAE,CAAC;IACR,CAAC;IACD,IAAI,GAAG,GAAG,EAAE;QAAE,OAAO,OAAO,CAAC;IAC7B,IAAI,GAAG,GAAG,EAAE;QAAE,OAAO,MAAM,CAAC;IAC5B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAmC;IAC3D,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACzC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;QAC1E,mEAAmE;QACnE,mEAAmE;QACnE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAC5B,GAA8B;IAE9B,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,SAAS,CAAC;QACf,KAAK,QAAQ,CAAC;QACd,KAAK,YAAY;YACf,OAAO,GAAG,CAAC;QACb;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAA8B;IACpD,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,0EAA0E;IAC1E,qEAAqE;IACrE,uEAAuE;IACvE,oBAAoB;IACpB,OAAO,GAAG;SACP,KAAK,CAAC,OAAO,CAAC;SACd,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC;AAkBD,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,gCAAgC;IAChC,wCAAwC;CACzC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,OAAO,GAAmC,KAAK,EAAE,KAAK,EAAE,EAAE;IACrE,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC;QAAE,OAAO,KAAK,CAAC;IAE/D,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC;IAC3C,6EAA6E;IAC7E,2EAA2E;IAC3E,6EAA6E;IAC7E,6EAA6E;IAC7E,2EAA2E;IAC3E,sEAAsE;IACtE,MAAM,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC;IAC7B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC;IACzC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAE3C,IAAI,WAA6B,CAAC;IAClC,IAAI,OAAO,GAAY,OAAO,CAAC;IAC/B,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,MAAM,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YACpD,WAAW,GAAG,MAAM,CAAC;YACrB,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,iEAAiE;IACjE,6EAA6E;IAC7E,8EAA8E;IAC9E,+EAA+E;IAC/E,qEAAqE;IACrE,MAAM,cAAc,GAClB,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;IACpE,MAAM,eAAe,GAAG,qBAAqB,CAC3C,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,YAAY,CAC3C,CAAC;IAEF,MAAM,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;IAE7B,0EAA0E;IAC1E,yEAAyE;IACzE,6EAA6E;IAC7E,sCAAsC;IACtC,MAAM,MAAM,GAAG,MAAM,mBAAmB,CACtC,GAAG,EAAE,CACH,uBAAuB,CAAC,GAAG,EAAE,CAC3B,EAAE,CAAC,YAAY,CACb,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,uBAAuB,CAAC,EAAE,EAAE;QACxC,UAAU;QACV,KAAK;QACL,aAAa,EAAE,KAAK,CAAC,cAAc;QACnC,SAAS;QACT,SAAS;QACT,WAAW;QACX,OAAO;QACP,cAAc,EAAE,KAAK,CAAC,eAAe,CAAC;QACtC,cAAc;QACd,eAAe;KAChB,CAAC,EACF,EAAE,OAAO,EAAE,IAAI,EAAE,CAClB,CACF,EACH,6BAA6B,CAC9B,CAAC;IAEF,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,aAAa,GAAG,KAAK,CAAC,sBAAsB,CAAC,EAAE,WAAW,EAAE,CAAC;QACnE,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;YAC/E,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;oBAC3B,KAAK,EAAE,EAAE,kBAAkB,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE;oBAClF,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;oBAC9E,MAAM,EAAE,EAAE;iBACX,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,uEAAuE;IACvE,6EAA6E;IAC7E,4EAA4E;IAC5E,6DAA6D;IAC7D,MAAM,mBAAmB,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAE7C,MAAM,gBAAgB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAE3C,qEAAqE;IACrE,wEAAwE;IACxE,0EAA0E;IAC1E,mEAAmE;IACnE,0EAA0E;IAC1E,mEAAmE;IACnE,MAAM,uBAAuB,CAAC;QAC5B,EAAE;QACF,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,MAAM,EAAE,MAAM,CAAC,YAAY;QAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,QAAQ,EAAE,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,gBAAgB;QACvD,MAAM,EAAE,EAAE,2BAA2B,EAAE,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE;QAChF,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,EAAE;KACrD,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE;QAC5B,UAAU;QACV,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,SAAS;KACV,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAiBF;;;;;;GAMG;AACH,SAAS,iBAAiB,CAAC,MAAc;IACvC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACvE,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,CAAC;QACH,wEAAwE;QACxE,MAAM,YAAY,GAAG,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,GAAG,EAAE,CAAC;QACvE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;QAClC,OAAO,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,UAAU,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;IAChF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,uBAAuB,CACpC,EAAoB,EACpB,WAAW,GAAG,CAAC;IAEf,KAAK,IAAI,OAAO,GAAG,CAAC,GAAI,OAAO,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,gBAAgB,GACpB,GAAG,YAAY,MAAM,CAAC,6BAA6B;gBACnD,GAAG,CAAC,IAAI,KAAK,OAAO;gBACpB,MAAM,CACH,GAAG,CAAC,IAAyC,EAAE,MAAM,IAAI,EAAE,CAC7D,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACvB,IAAI,gBAAgB,IAAI,OAAO,GAAG,WAAW,EAAE,CAAC;gBAC9C,MAAM,CAAC,IAAI,CAAC,gDAAgD,EAAE;oBAC5D,OAAO;iBACR,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,EAA4B,EAC5B,KAAwB;IAExB,MAAM,EACJ,UAAU,EACV,KAAK,EACL,SAAS,EACT,SAAS,EACT,WAAW,EACX,OAAO,EACP,cAAc,EACd,cAAc,EACd,eAAe,GAChB,GAAG,KAAK,CAAC;IAEV,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;QACvC,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;KAC3C,CAAC,CAAC;IAEH,4EAA4E;IAC5E,0EAA0E;IAC1E,wEAAwE;IACxE,gEAAgE;IAChE,IAAI,oBAAoB,GAAkB,IAAI,CAAC;IAC/C,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;YACzC,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,CAAC,WAAW,EAAE,EAAE;YAC7C,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;SACrB,CAAC,CAAC;QACH,oBAAoB,GAAG,GAAG,EAAE,EAAE,IAAI,IAAI,CAAC;IACzC,CAAC;IACD,+EAA+E;IAC/E,MAAM,YAAY,GAChB,eAAe,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACnE,iEAAiE;IACjE,MAAM,YAAY,GAAG,cAAc,CAAC;QAClC,MAAM,EAAE,YAAY;QACpB,YAAY,EAAE,oBAAoB;KACnC,CAAC,CAAC;IAEH,IAAI,IAAI,GAAG,QAAQ,CAAC;IACpB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,aAAa,GACjB,CAAC,cAAc,IAAI,cAAc,CAAC,IAAI,EAAE,CAAC;YACzC,CAAC,MAAM,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;gBACrC,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;gBACtF,OAAO,CAAC,CAAC,KAAK,CAAC;YACjB,CAAC,CAAC,CAAC,CAAC;QACN,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YAC1B,IAAI,EAAE;gBACJ,UAAU;gBACV,KAAK;gBACL,MAAM,EAAE,aAAa;gBACrB,mEAAmE;gBACnE,qEAAqE;gBACrE,QAAQ,EAAE,iBAAiB,CAAC,aAAa,CAAC;gBAC1C,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU;gBAC5C,qEAAqE;gBACrE,uEAAuE;gBACvE,+EAA+E;gBAC/E,WAAW,EAAE,KAAK;gBAClB,+DAA+D;gBAC/D,yEAAyE;gBACzE,YAAY,EAAE,YAAY,CAAC,YAAY;gBACvC,YAAY,EAAE,YAAY,CAAC,YAAY;gBACvC,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;aAC7C;SACF,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;QACtD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;gBAC7D,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;oBACpC,KAAK,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,IAAK,CAAC,EAAE,EAAE,EAAE;oBAC3C,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;iBACrB,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC,KAAK,CAAC;YACjB,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,MAAM,GAAG,gBAAgB,CAAC;YAClC,mEAAmE;YACnE,IAAI,CAAC,IAAI,CAAC,QAAQ;gBAAE,OAAO,CAAC,QAAQ,GAAG,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,CAAC;IAC7C,IAAI,kBAAkB,GAAG,EAAE,CAAC;IAC5B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,YAAY,IAAI,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,cAAc,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC;YAC5C,IAAI,EAAE;gBACJ,IAAI,EAAE,YAAY;gBAClB,WAAW,EAAE,IAAI,CAAC,MAAM,IAAI,UAAU;gBACtC,IAAI,EAAE,UAAU;gBAChB,mBAAmB,EAAE,IAAI,CAAC,EAAE;aAC7B;SACF,CAAC,CAAC;QACH,gBAAgB,GAAG,cAAc,CAAC,EAAE,CAAC;QACrC,kBAAkB,GAAG,cAAc,CAAC,IAAI,CAAC;QACzC,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC3B,KAAK,EAAE,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,cAAc,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;YAC5E,MAAM,EAAE;gBACN,QAAQ,EAAE,cAAc,CAAC,EAAE;gBAC3B,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,QAAQ;gBAChB,QAAQ,EAAE,IAAI,IAAI,EAAE;aACrB;YACD,MAAM,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;SAC7B,CAAC,CAAC;QACH,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACnB,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE,EAAE,gBAAgB,EAAE,cAAc,CAAC,EAAE,EAAE;SAC9C,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC;YAC1C,KAAK,EAAE,EAAE,EAAE,EAAE,gBAAgB,EAAE;YAC/B,MAAM,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;SACvB,CAAC,CAAC;QACH,kBAAkB,GAAG,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC;QAC1C,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;YAC3B,KAAK,EAAE,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE;YAC3E,MAAM,EAAE;gBACN,QAAQ,EAAE,gBAAgB;gBAC1B,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,QAAQ;gBAChB,QAAQ,EAAE,IAAI,IAAI,EAAE;aACrB;YACD,MAAM,EAAE,EAAE;SACX,CAAC,CAAC;IACL,CAAC;IAED,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,aAAa,GAAsB,IAAI,CAAC;IAC5C,IAAI,SAAS,EAAE,CAAC;QACd,yEAAyE;QACzE,0EAA0E;QAC1E,uEAAuE;QACvE,qEAAqE;QACrE,gEAAgE;QAChE,kEAAkE;QAClE,yEAAyE;QACzE,MAAM,aAAa,GAAG,KAAK,CAAC,aAAa,KAAK,MAAM,CAAC;QACrD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;YACtE,OAAO;gBACL,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,UAAU,EAAE,IAAI,CAAC,IAAI;gBACrB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;gBACzB,gBAAgB,EAAE,gBAAiB;gBACnC,kBAAkB;gBAClB,WAAW,EAAE,IAAI;gBACjB,aAAa,EAAE,IAAI;gBACnB,aAAa,EAAE,IAAI;gBACnB,YAAY;gBACZ,YAAY,EAAE,oBAAoB;aACnC,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,qCAAqC,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QACrE,CAAC;aAAM,CAAC;YACN,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC;gBACpD,KAAK,EAAE,EAAE,MAAM,EAAE;gBACjB,OAAO,EAAE;oBACP,MAAM,EAAE;wBACN,OAAO,EAAE;4BACP,gBAAgB,EAAE;gCAChB,MAAM,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;6BAC5C;4BACD,YAAY,EAAE;gCACZ,MAAM,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE;6BACjE;yBACF;qBACF;iBACF;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,CAAC,IAAI,CAAC,uCAAuC,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;YACvE,CAAC;iBAAM,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC;gBACpC,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE;oBACrD,UAAU;oBACV,QAAQ,EAAE,YAAY,CAAC,QAAQ;iBAChC,CAAC,CAAC;YACL,CAAC;iBAAM,IACL,CAAC,YAAY,CAAC,MAAM,CAAC,gBAAgB;gBACrC,YAAY,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,KAAK,QAAQ,EACxD,CAAC;gBACD,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE;oBAChD,UAAU;oBACV,QAAQ,EAAE,YAAY,CAAC,QAAQ;iBAChC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,GAAG,iBAAiB,CAC5B,SAAS,EACT,YAAY,CAAC,MAAM,CAAC,YAAkC,EACtD,YAAY,CAAC,MAAM,CAAC,gBAAgB,CAAC,WAAW,CACjD,CAAC;gBACF,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;wBAC3C,UAAU;wBACV,QAAQ,EAAE,YAAY,CAAC,QAAQ;qBAChC,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;wBAC3B,KAAK,EAAE;4BACL,eAAe,EAAE,EAAE,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE;yBACtE;wBACD,MAAM,EAAE;4BACN,QAAQ,EAAE,YAAY,CAAC,QAAQ;4BAC/B,MAAM,EAAE,IAAI,CAAC,EAAE;4BACf,IAAI;4BACJ,MAAM,EAAE,QAAQ;4BAChB,QAAQ,EAAE,IAAI,IAAI,EAAE;4BACpB,gBAAgB,EAAE,IAAI;yBACvB;wBACD,MAAM,EAAE;4BACN,IAAI;4BACJ,MAAM,EAAE,QAAQ;4BAChB,YAAY,EAAE,IAAI,IAAI,EAAE;yBACzB;qBACF,CAAC,CAAC;oBACH,WAAW,GAAG,YAAY,CAAC,QAAQ,CAAC;oBACpC,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC;oBACzC,aAAa,GAAG,IAAI,CAAC;gBACvB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,IAAI,CAAC,EAAE;QACf,UAAU,EAAE,IAAI,CAAC,IAAI;QACrB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE;QACzB,gBAAgB,EAAE,gBAAiB;QACnC,kBAAkB;QAClB,WAAW;QACX,aAAa;QACb,aAAa;QACb,YAAY;QACZ,YAAY,EAAE,oBAAoB;KACnC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,mBAAmB,CAAC,EAAgB,EAAE,MAAc;IACjE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;YACxC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE;SAC9B,CAAC,CAAC;QACH,IAAI,QAAQ,EAAE,WAAW;YAAE,OAAO,CAAC,4BAA4B;QAE/D,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE;YACnD,yBAAyB,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAChE,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU;SACnC,CAAC,CAAC;QAEH,iEAAiE;QACjE,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACnB,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,WAAW,EAAE;SACtB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE;YAC9C,MAAM;YACN,MAAM,EAAG,GAAyB,CAAC,IAAI,IAAI,SAAS;SACrD,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,UAAkB,EAAE,MAA0B;IAC5E,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,gBAAgB,CAAC;IACrE,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,kBAAkB,CAAC;IAC3E,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC;IACzD,MAAM,MAAM,GAAiB;QAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,cAAc;QACd,UAAU,EAAE,gBAAgB;QAC5B,UAAU,EAAE,gBAAgB;QAC5B,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC;IACF,IAAI,CAAC;QACH,MAAM,QAAQ,EAAE,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,gCAAgC,EAAE;YAC5C,UAAU;YACV,KAAK,EAAG,GAAyB,CAAC,IAAI,IAAI,SAAS;SACpD,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"pre-signup.d.ts","sourceRoot":"","sources":["../../src/lambda/pre-signup.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAyB,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAOjF,eAAO,MAAM,OAAO,EAAE,uBA+BrB,CAAC"}
1
+ {"version":3,"file":"pre-signup.d.ts","sourceRoot":"","sources":["../../src/lambda/pre-signup.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAyB,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAOjF,eAAO,MAAM,OAAO,EAAE,uBAuCrB,CAAC"}
@@ -23,9 +23,17 @@ export const handler = async (event) => {
23
23
  if (invitation.ttl && invitation.ttl < Math.floor(Date.now() / 1000)) {
24
24
  throw new Error("This invitation code has expired.");
25
25
  }
26
- // Auto-confirm and auto-verify for invited users
27
- event.response.autoConfirmUser = false;
28
- event.response.autoVerifyEmail = false;
26
+ // Auto-confirm and auto-verify invited users.
27
+ //
28
+ // Registration is passwordless (magic-link CUSTOM_AUTH). An UNCONFIRMED user
29
+ // cannot initiate that flow, so without auto-confirm an invited sign-up would
30
+ // create an account that can never sign in. This is safe because:
31
+ // - entry is already gated by a single-use invitation code (checked above);
32
+ // - access still requires answering the magic-link challenge, i.e. receiving
33
+ // and clicking a link sent to this exact address — the link, not this
34
+ // flag, is the real proof of email ownership and the access gate.
35
+ event.response.autoConfirmUser = true;
36
+ event.response.autoVerifyEmail = true;
29
37
  return event;
30
38
  };
31
39
  //# sourceMappingURL=pre-signup.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"pre-signup.js","sourceRoot":"","sources":["../../src/lambda/pre-signup.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1E,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAE9D,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;AACtE,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,cAAe,CAAC;AAE1C,MAAM,CAAC,MAAM,OAAO,GAA4B,KAAK,EAAE,KAAK,EAAE,EAAE;IAC9D,MAAM,cAAc,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,uBAAuB,CAAC;QACrD,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,cAAc,CAAuB,CAAC;IAE5F,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,oCAAoC;IACpC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC;QAClD,SAAS,EAAE,KAAK;QAChB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,eAAe,cAAc,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC;KAChE,CAAC,CAAC,CAAC;IAEJ,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3C,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,UAAU,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,QAAQ,CAAC,eAAe,GAAG,KAAK,CAAC;IACvC,KAAK,CAAC,QAAQ,CAAC,eAAe,GAAG,KAAK,CAAC;IAEvC,OAAO,KAAK,CAAC;AACf,CAAC,CAAC"}
1
+ {"version":3,"file":"pre-signup.js","sourceRoot":"","sources":["../../src/lambda/pre-signup.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1E,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAE9D,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;AACtE,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,cAAe,CAAC;AAE1C,MAAM,CAAC,MAAM,OAAO,GAA4B,KAAK,EAAE,KAAK,EAAE,EAAE;IAC9D,MAAM,cAAc,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,uBAAuB,CAAC;QACrD,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,cAAc,CAAuB,CAAC;IAE5F,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,oCAAoC;IACpC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,cAAc,CAAC;QAClD,SAAS,EAAE,KAAK;QAChB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,eAAe,cAAc,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC;KAChE,CAAC,CAAC,CAAC;IAEJ,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC3C,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,UAAU,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IAED,8CAA8C;IAC9C,EAAE;IACF,6EAA6E;IAC7E,8EAA8E;IAC9E,kEAAkE;IAClE,8EAA8E;IAC9E,+EAA+E;IAC/E,0EAA0E;IAC1E,sEAAsE;IACtE,KAAK,CAAC,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC;IACtC,KAAK,CAAC,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC;IAEtC,OAAO,KAAK,CAAC;AACf,CAAC,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"pre-token-generation.d.ts","sourceRoot":"","sources":["../../src/lambda/pre-token-generation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAEV,kCAAkC,EACnC,MAAM,YAAY,CAAC;AAwJpB,eAAO,MAAM,OAAO,EAAE,kCAiHrB,CAAC"}
1
+ {"version":3,"file":"pre-token-generation.d.ts","sourceRoot":"","sources":["../../src/lambda/pre-token-generation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAEV,kCAAkC,EACnC,MAAM,YAAY,CAAC;AAwJpB,eAAO,MAAM,OAAO,EAAE,kCAyHrB,CAAC"}
@@ -19,7 +19,7 @@
19
19
  * "role_refreshed") and the opaque cognitoSub.
20
20
  */
21
21
  import { Logger } from "@aws-lambda-powertools/logger";
22
- import { getLambdaPrisma as getPrisma } from "../lib/lambda-prisma.js";
22
+ import { getLambdaPrisma as getPrisma, withLambdaDbBreaker } from "../lib/lambda-prisma.js";
23
23
  import { createClaimsCacheFromEnv, DEFAULT_CACHE_TTL_SECONDS, } from "../lib/auth/claims-cache.js";
24
24
  import { resolveTenantRole } from "../lib/tenant/resolve-role.js";
25
25
  const logger = new Logger({ serviceName: "pre-token-generation" });
@@ -140,6 +140,11 @@ export const handler = async (event) => {
140
140
  let claims = await claimsCache.get(cognitoSub);
141
141
  let cacheHit = !!claims;
142
142
  if (!claims) {
143
+ // RDS is consulted only on a genuine cache miss. Emit a filterable event so
144
+ // a miss-rate metric can be derived (a miss storm — post-deploy, correlated
145
+ // TTL expiry, or the first-login wave after a signup burst — is the path
146
+ // that can exhaust DB connections; the warm cache is the primary defence).
147
+ logger.info("pretoken.cache_miss", { cognitoSub, federated });
143
148
  const db = await getPrisma();
144
149
  // Read the user's last explicit tenant preference, even from an expired
145
150
  // cache row, so an admin-side switch-tenant call survives cache TTL.
@@ -153,7 +158,7 @@ export const handler = async (event) => {
153
158
  error: err?.code ?? "unknown",
154
159
  });
155
160
  }
156
- const loaded = await loadFromRds(db, cognitoSub, federated, preferredTenantId);
161
+ const loaded = await withLambdaDbBreaker(() => loadFromRds(db, cognitoSub, federated, preferredTenantId), "pretoken.load_from_rds");
157
162
  if (!loaded.user) {
158
163
  logger.warn("pretoken.drift", { cognitoSub });
159
164
  claims = { ...DRIFT_CLAIMS };
@@ -1 +1 @@
1
- {"version":3,"file":"pre-token-generation.js","sourceRoot":"","sources":["../../src/lambda/pre-token-generation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAMH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AAEvD,OAAO,EAAE,eAAe,IAAI,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACvE,OAAO,EAEL,wBAAwB,EACxB,yBAAyB,GAE1B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,iBAAiB,EAAyB,MAAM,+BAA+B,CAAC;AAEzF,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,sBAAsB,EAAE,CAAC,CAAC;AACnE,IAAI,KAAK,GAAuB,IAAI,CAAC;AAErC,SAAS,QAAQ;IACf,IAAI,CAAC,KAAK;QAAE,KAAK,GAAG,wBAAwB,EAAE,CAAC;IAC/C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,YAAY,GAAiB;IACjC,MAAM,EAAE,EAAE;IACV,UAAU,EAAE,EAAE;IACd,cAAc,EAAE,EAAE;IAClB,UAAU,EAAE,EAAE;IACd,UAAU,EAAE,EAAE;IACd,MAAM,EAAE,EAAE;CACX,CAAC;AAEF,SAAS,cAAc,CAAC,GAA8B;IACpD,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,OAAO,GAAG;SACP,KAAK,CAAC,OAAO,CAAC;SACd,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAuC;IAC/D,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACzC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAiBD,KAAK,UAAU,WAAW,CACxB,EAAgB,EAChB,UAAkB,EAClB,eAAwB,EACxB,iBAAgC;IAEhC,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;QACpC,KAAK,EAAE,EAAE,UAAU,EAAE;QACrB,MAAM,EAAE;YACN,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,IAAI;YACV,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,IAAI;YACjB,gBAAgB,EAAE,IAAI;SACvB;KACF,CAAC,CAAC;IACH,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAEzD,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;QACjD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;QAC5C,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE;KACpF,CAAC,CAAC;IAEH,wEAAwE;IACxE,0DAA0D;IAC1D,IAAI,MAAM,GAAG,iBAAiB;QAC5B,CAAC,CAAC,WAAW,CAAC,IAAI,CACd,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,iBAAiB,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ,CACzE;QACH,CAAC,CAAC,SAAS,CAAC;IACd,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,WAAW,CAAC,IAAI,CACvB,CAAC,CAAC,EAAE,EAAE,CACJ,eAAe,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ,CACtF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,WAAW,CAAC,IAAI,CACvB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,IAAI,CAAC,gBAAgB,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ,CAC7E,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC;IACjE,CAAC;IAED,OAAO;QACL,IAAI,EAAE;YACJ,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B;QACD,gBAAgB,EAAE,MAAM;YACtB,CAAC,CAAC;gBACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;aACnE;YACH,CAAC,CAAC,IAAI;KACT,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,EAAgB,EAChB,QAAgB,EAChB,SAAmB,EACnB,WAAmB;IAEnB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,iBAAiB,CAAC,QAAQ,CAAC;QACnD,KAAK,EAAE,EAAE,QAAQ,EAAE;QACnB,MAAM,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE;KACjE,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,sBAAsB,CAAC,UAAU,CAAC;QACrD,KAAK,EAAE,EAAE,QAAQ,EAAE;QACnB,MAAM,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;KAC5C,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,QAAQ,GAAG,iBAAiB,CAChC,SAAS,EACT,QAA8B,EAC9B,GAAG,CAAC,WAAW,CAChB,CAAC;IACF,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IACvD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,MAAM,OAAO,GAAuC,KAAK,EAAE,KAAK,EAAE,EAAE;IACzE,4EAA4E;IAC5E,8EAA8E;IAC9E,uEAAuE;IACvE,8EAA8E;IAC9E,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,GAAG,CAAC;IACpD,MAAM,WAAW,GAAG,QAAQ,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAEnF,qEAAqE;IACrE,4EAA4E;IAC5E,4EAA4E;IAC5E,8EAA8E;IAC9E,wEAAwE;IACxE,2EAA2E;IAC3E,IAAI,MAAM,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,IAAI,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC;IAExB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QAC7B,wEAAwE;QACxE,qEAAqE;QACrE,IAAI,iBAAiB,GAAkB,IAAI,CAAC;QAC5C,IAAI,CAAC;YACH,iBAAiB,GAAG,MAAM,WAAW,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAC;QAC9E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE;gBAC/C,UAAU;gBACV,KAAK,EAAG,GAAyB,EAAE,IAAI,IAAI,SAAS;aACrD,CAAC,CAAC;QACL,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,iBAAiB,CAAC,CAAC;QAE/E,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;YAC9C,MAAM,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC;YAC7B,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAChC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2EAA2E;QAC3E,yEAAyE;QACzE,4EAA4E;QAC5E,wEAAwE;QACxE,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YAC9D,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;YAClD,MAAM,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC;YAC7B,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAChC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,GAAG;YACP,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;YACtB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;YAC5B,cAAc,EAAE,MAAM,CAAC,gBAAgB,EAAE,QAAQ,IAAI,EAAE;YACvD,UAAU,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,IAAI,EAAE;YACtD,UAAU,EAAE,MAAM,CAAC,gBAAgB,EAAE,IAAI,IAAI,EAAE;YAC/C,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE;SACjC,CAAC;IACJ,CAAC;IAED,IAAI,SAAS,IAAI,MAAM,CAAC,cAAc,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/D,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,EAAE,EACF,MAAM,CAAC,cAAc,EACrB,SAAS,EACT,MAAM,CAAC,UAAU,CAClB,CAAC;YACF,IAAI,SAAS,EAAE,CAAC;gBACd,qEAAqE;gBACrE,sEAAsE;gBACtE,wEAAwE;gBACxE,IAAI,SAAS,GAAG,KAAK,CAAC;gBACtB,IAAI,CAAC;oBACH,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;wBAC3B,KAAK,EAAE;4BACL,eAAe,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE;yBAC5E;wBACD,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;qBAC1B,CAAC,CAAC;oBACH,SAAS,GAAG,IAAI,CAAC;gBACnB,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE;wBAClD,UAAU;wBACV,KAAK,EAAG,GAAyB,EAAE,IAAI,IAAI,SAAS;qBACrD,CAAC,CAAC;gBACL,CAAC;gBACD,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;oBAC9C,QAAQ,GAAG,KAAK,CAAC;oBACjB,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;wBACrC,UAAU;wBACV,QAAQ,EAAE,MAAM,CAAC,cAAc;qBAChC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;gBAC1C,UAAU;gBACV,KAAK,EAAG,GAAyB,CAAC,IAAI,IAAI,SAAS;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,yBAAyB,CAAC,CAAC;IACvE,CAAC;IAED,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAChC,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,SAAS,gBAAgB,CACvB,KAAuC,EACvC,MAAoB;IAEpB,wEAAwE;IACxE,2EAA2E;IAC3E,8EAA8E;IAC9E,4EAA4E;IAC5E,4EAA4E;IAC5E,uEAAuE;IACvE,MAAM,qBAAqB,GAAG;QAC5B,eAAe,EAAE,MAAM,CAAC,MAAM;QAC9B,mBAAmB,EAAE,MAAM,CAAC,UAAU;QACtC,uBAAuB,EAAE,MAAM,CAAC,cAAc;QAC9C,mBAAmB,EAAE,MAAM,CAAC,UAAU;QACtC,mBAAmB,EAAE,MAAM,CAAC,UAAU;QACtC,eAAe,EAAE,MAAM,CAAC,MAAM;KAC/B,CAAC;IACF,KAAK,CAAC,QAAQ,GAAG;QACf,6BAA6B,EAAE;YAC7B,iBAAiB,EAAE,EAAE,qBAAqB,EAAE;YAC5C,qBAAqB,EAAE,EAAE,qBAAqB,EAAE;SACjD;KACF,CAAC;AACJ,CAAC"}
1
+ {"version":3,"file":"pre-token-generation.js","sourceRoot":"","sources":["../../src/lambda/pre-token-generation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAMH,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AAEvD,OAAO,EAAE,eAAe,IAAI,SAAS,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC5F,OAAO,EAEL,wBAAwB,EACxB,yBAAyB,GAE1B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,iBAAiB,EAAyB,MAAM,+BAA+B,CAAC;AAEzF,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,sBAAsB,EAAE,CAAC,CAAC;AACnE,IAAI,KAAK,GAAuB,IAAI,CAAC;AAErC,SAAS,QAAQ;IACf,IAAI,CAAC,KAAK;QAAE,KAAK,GAAG,wBAAwB,EAAE,CAAC;IAC/C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,YAAY,GAAiB;IACjC,MAAM,EAAE,EAAE;IACV,UAAU,EAAE,EAAE;IACd,cAAc,EAAE,EAAE;IAClB,UAAU,EAAE,EAAE;IACd,UAAU,EAAE,EAAE;IACd,MAAM,EAAE,EAAE;CACX,CAAC;AAEF,SAAS,cAAc,CAAC,GAA8B;IACpD,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,OAAO,GAAG;SACP,KAAK,CAAC,OAAO,CAAC;SACd,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAuC;IAC/D,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjE,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACzC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAiBD,KAAK,UAAU,WAAW,CACxB,EAAgB,EAChB,UAAkB,EAClB,eAAwB,EACxB,iBAAgC;IAEhC,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;QACpC,KAAK,EAAE,EAAE,UAAU,EAAE;QACrB,MAAM,EAAE;YACN,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,IAAI;YACV,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,IAAI;YACjB,gBAAgB,EAAE,IAAI;SACvB;KACF,CAAC,CAAC;IACH,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,CAAC;IAEzD,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC;QACjD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;QAC5C,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE;KACpF,CAAC,CAAC;IAEH,wEAAwE;IACxE,0DAA0D;IAC1D,IAAI,MAAM,GAAG,iBAAiB;QAC5B,CAAC,CAAC,WAAW,CAAC,IAAI,CACd,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,iBAAiB,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ,CACzE;QACH,CAAC,CAAC,SAAS,CAAC;IACd,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,WAAW,CAAC,IAAI,CACvB,CAAC,CAAC,EAAE,EAAE,CACJ,eAAe,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,cAAc,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ,CACtF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,WAAW,CAAC,IAAI,CACvB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,IAAI,CAAC,gBAAgB,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ,CAC7E,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC;IACjE,CAAC;IAED,OAAO;QACL,IAAI,EAAE;YACJ,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B;QACD,gBAAgB,EAAE,MAAM;YACtB,CAAC,CAAC;gBACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;aACnE;YACH,CAAC,CAAC,IAAI;KACT,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,EAAgB,EAChB,QAAgB,EAChB,SAAmB,EACnB,WAAmB;IAEnB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,iBAAiB,CAAC,QAAQ,CAAC;QACnD,KAAK,EAAE,EAAE,QAAQ,EAAE;QACnB,MAAM,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE;KACjE,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,sBAAsB,CAAC,UAAU,CAAC;QACrD,KAAK,EAAE,EAAE,QAAQ,EAAE;QACnB,MAAM,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;KAC5C,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,QAAQ,GAAG,iBAAiB,CAChC,SAAS,EACT,QAA8B,EAC9B,GAAG,CAAC,WAAW,CAChB,CAAC;IACF,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IACvD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,MAAM,OAAO,GAAuC,KAAK,EAAE,KAAK,EAAE,EAAE;IACzE,4EAA4E;IAC5E,8EAA8E;IAC9E,uEAAuE;IACvE,8EAA8E;IAC9E,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,GAAG,CAAC;IACpD,MAAM,WAAW,GAAG,QAAQ,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAEnF,qEAAqE;IACrE,4EAA4E;IAC5E,4EAA4E;IAC5E,8EAA8E;IAC9E,wEAAwE;IACxE,2EAA2E;IAC3E,IAAI,MAAM,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,IAAI,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC;IAExB,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,4EAA4E;QAC5E,4EAA4E;QAC5E,yEAAyE;QACzE,2EAA2E;QAC3E,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9D,MAAM,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;QAC7B,wEAAwE;QACxE,qEAAqE;QACrE,IAAI,iBAAiB,GAAkB,IAAI,CAAC;QAC5C,IAAI,CAAC;YACH,iBAAiB,GAAG,MAAM,WAAW,CAAC,yBAAyB,CAAC,UAAU,CAAC,CAAC;QAC9E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE;gBAC/C,UAAU;gBACV,KAAK,EAAG,GAAyB,EAAE,IAAI,IAAI,SAAS;aACrD,CAAC,CAAC;QACL,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,mBAAmB,CACtC,GAAG,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,iBAAiB,CAAC,EAC/D,wBAAwB,CACzB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;YAC9C,MAAM,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC;YAC7B,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAChC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2EAA2E;QAC3E,yEAAyE;QACzE,4EAA4E;QAC5E,wEAAwE;QACxE,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YAC9D,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;YAClD,MAAM,GAAG,EAAE,GAAG,YAAY,EAAE,CAAC;YAC7B,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAChC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,GAAG;YACP,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;YACtB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;YAC5B,cAAc,EAAE,MAAM,CAAC,gBAAgB,EAAE,QAAQ,IAAI,EAAE;YACvD,UAAU,EAAE,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,IAAI,EAAE;YACtD,UAAU,EAAE,MAAM,CAAC,gBAAgB,EAAE,IAAI,IAAI,EAAE;YAC/C,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE;SACjC,CAAC;IACJ,CAAC;IAED,IAAI,SAAS,IAAI,MAAM,CAAC,cAAc,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/D,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,EAAE,EACF,MAAM,CAAC,cAAc,EACrB,SAAS,EACT,MAAM,CAAC,UAAU,CAClB,CAAC;YACF,IAAI,SAAS,EAAE,CAAC;gBACd,qEAAqE;gBACrE,sEAAsE;gBACtE,wEAAwE;gBACxE,IAAI,SAAS,GAAG,KAAK,CAAC;gBACtB,IAAI,CAAC;oBACH,MAAM,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC;wBAC3B,KAAK,EAAE;4BACL,eAAe,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE;yBAC5E;wBACD,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;qBAC1B,CAAC,CAAC;oBACH,SAAS,GAAG,IAAI,CAAC;gBACnB,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,CAAC,IAAI,CAAC,sCAAsC,EAAE;wBAClD,UAAU;wBACV,KAAK,EAAG,GAAyB,EAAE,IAAI,IAAI,SAAS;qBACrD,CAAC,CAAC;gBACL,CAAC;gBACD,IAAI,SAAS,EAAE,CAAC;oBACd,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;oBAC9C,QAAQ,GAAG,KAAK,CAAC;oBACjB,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;wBACrC,UAAU;wBACV,QAAQ,EAAE,MAAM,CAAC,cAAc;qBAChC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;gBAC1C,UAAU;gBACV,KAAK,EAAG,GAAyB,CAAC,IAAI,IAAI,SAAS;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,yBAAyB,CAAC,CAAC;IACvE,CAAC;IAED,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAChC,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,SAAS,gBAAgB,CACvB,KAAuC,EACvC,MAAoB;IAEpB,wEAAwE;IACxE,2EAA2E;IAC3E,8EAA8E;IAC9E,4EAA4E;IAC5E,4EAA4E;IAC5E,uEAAuE;IACvE,MAAM,qBAAqB,GAAG;QAC5B,eAAe,EAAE,MAAM,CAAC,MAAM;QAC9B,mBAAmB,EAAE,MAAM,CAAC,UAAU;QACtC,uBAAuB,EAAE,MAAM,CAAC,cAAc;QAC9C,mBAAmB,EAAE,MAAM,CAAC,UAAU;QACtC,mBAAmB,EAAE,MAAM,CAAC,UAAU;QACtC,eAAe,EAAE,MAAM,CAAC,MAAM;KAC/B,CAAC;IACF,KAAK,CAAC,QAAQ,GAAG;QACf,6BAA6B,EAAE;YAC7B,iBAAiB,EAAE,EAAE,qBAAqB,EAAE;YAC5C,qBAAqB,EAAE,EAAE,qBAAqB,EAAE;SACjD;KACF,CAAC;AACJ,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"remote-fetch-service.d.ts","sourceRoot":"","sources":["../../../src/lib/activitypub/remote-fetch-service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAYtC;;GAEG;AACH,qBAAa,kBAAkB;IAC7B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAW;IAEpD;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAqC;IAEzD;;;;;;;OAOG;WACU,UAAU,CACrB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,GAAG,EACR,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA2FzB;;;;;;;OAOG;WACU,WAAW,CACtB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,GAAG,EACR,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA0FzB;;;;;;;OAOG;WACU,aAAa,CACxB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,GAAG,EACR,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAkBzB;;;;;;;OAOG;WACU,iBAAiB,CAC5B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,GAAG,EACR,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA0BzB;;;;;;OAMG;IACH,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO;IAKlD;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAShD;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;IASzB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,YAAY;IA4B3B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,aAAa;IAiB5B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;IAexB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;IAiBxB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,YAAY;IAS3B;;OAEG;IACH,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAIzC;;OAEG;IACH,MAAM,CAAC,UAAU,IAAI,IAAI;CAG1B"}
1
+ {"version":3,"file":"remote-fetch-service.d.ts","sourceRoot":"","sources":["../../../src/lib/activitypub/remote-fetch-service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAYtC;;GAEG;AACH,qBAAa,kBAAkB;IAC7B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAW;IAEpD;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAAqC;IAEzD;;;;;;;OAOG;WACU,UAAU,CACrB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,GAAG,EACR,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA2FzB;;;;;;;OAOG;WACU,WAAW,CACtB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,GAAG,EACR,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA0FzB;;;;;;;OAOG;WACU,aAAa,CACxB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,GAAG,EACR,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAkBzB;;;;;;;OAOG;WACU,iBAAiB,CAC5B,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,GAAG,EACR,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA0BzB;;;;;;OAMG;IACH,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO;IAYlD;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAShD;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;IASzB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,YAAY;IA4B3B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,aAAa;IAiB5B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;IAexB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,SAAS;IAiBxB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,YAAY;IAS3B;;OAEG;IACH,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAIzC;;OAEG;IACH,MAAM,CAAC,UAAU,IAAI,IAAI;CAG1B"}
@@ -233,7 +233,15 @@ export class RemoteFetchService {
233
233
  */
234
234
  static isRemoteUri(uri, env) {
235
235
  const baseUrl = env.ACTIVITYPUB_BASE_URL || "https://example.com";
236
- return !uri.startsWith(baseUrl);
236
+ // Compare parsed origins rather than a string prefix, so a host like
237
+ // "example.com.attacker.com" cannot masquerade as local.
238
+ try {
239
+ return new URL(uri).origin !== new URL(baseUrl).origin;
240
+ }
241
+ catch {
242
+ // Unparseable URI — treat as remote (untrusted).
243
+ return true;
244
+ }
237
245
  }
238
246
  /**
239
247
  * Extract domain from URI
@@ -1 +1 @@
1
- {"version":3,"file":"remote-fetch-service.js","sourceRoot":"","sources":["../../../src/lib/activitypub/remote-fetch-service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,EAAE,uBAAuB,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAU5E;;GAEG;AACH,MAAM,OAAO,kBAAkB;IAC7B;;OAEG;IACK,MAAM,CAAU,iBAAiB,GAAG,OAAO,CAAC,CAAC,yBAAyB;IAE9E;;;OAGG;IACK,MAAM,CAAC,KAAK,GAAG,IAAI,GAAG,EAA0B,CAAC;IAEzD;;;;;;;OAOG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU,CACrB,QAAgB,EAChB,GAAQ,EACR,MAAe;QAEf,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,2CAA2C,QAAQ,EAAE,CAAC,CAAC;YACrE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,CAAC;YAChC,6DAA6D;YAC7D,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CACV,kDAAkD,QAAQ,EAAE,CAC7D,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,4DAA4D;QAC5D,MAAM,cAAc,GAAG,MAAM,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC1D,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CACT,+EAA+E,QAAQ,EAAE,CAC1F,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,cAAc;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CAAC,4CAA4C,QAAQ,EAAE,CAAC,CAAC;YACvE,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,IAAI,CAAC;YACH,uBAAuB;YACvB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBACrC,OAAO,EAAE;oBACP,MAAM,EACJ,iGAAiG;oBACnG,YAAY,EAAE,gCAAgC;iBAC/C;gBACD,yDAAyD;aAC1D,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,IAAI,CACT,8CAA8C,QAAQ,KAAK,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CACpG,CAAC;gBACJ,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAQ,CAAC;YAE7C,0BAA0B;YAC1B,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,IAAI,CACT,gDAAgD,QAAQ,EAAE,CAC3D,CAAC;gBACJ,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,cAAc;YACd,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAe,CAAC,CAAC;YAE1C,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;YACxE,CAAC;YAED,OAAO,KAAe,CAAC;QACzB,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CACV,6CAA6C,QAAQ,GAAG,EACxD,KAAK,CACN,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,KAAK,CAAC,WAAW,CACtB,SAAiB,EACjB,GAAQ,EACR,MAAe;QAEf,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,4CAA4C,SAAS,EAAE,CAAC,CAAC;YACvE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mCAAmC;QACnC,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE,CAAC;YACjC,8DAA8D;YAC9D,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CACV,mDAAmD,SAAS,EAAE,CAC/D,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,4DAA4D;QAC5D,MAAM,cAAc,GAAG,MAAM,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC1D,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CACT,gFAAgF,SAAS,EAAE,CAC5F,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,cAAc;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CAAC,6CAA6C,SAAS,EAAE,CAAC,CAAC;YACzE,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,IAAI,CAAC;YACH,wBAAwB;YACxB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;gBACtC,OAAO,EAAE;oBACP,MAAM,EACJ,iGAAiG;oBACnG,YAAY,EAAE,gCAAgC;iBAC/C;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,IAAI,CACT,+CAA+C,SAAS,KAAK,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CACtG,CAAC;gBACJ,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAQ,CAAC;YAE3C,2BAA2B;YAC3B,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,IAAI,CACT,iDAAiD,SAAS,EAAE,CAC7D,CAAC;gBACJ,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,eAAe;YACf,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,GAAa,CAAC,CAAC;YAEzC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,+CAA+C,SAAS,EAAE,CAAC,CAAC;YAC1E,CAAC;YAED,OAAO,GAAa,CAAC;QACvB,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CACV,8CAA8C,SAAS,GAAG,EAC1D,KAAK,CACN,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,KAAK,CAAC,aAAa,CACxB,QAAgB,EAChB,GAAQ,EACR,MAAe;QAEf,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAAI,KAAa,CAAC,KAAK,CAAC;QACnC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAK,KAAa,CAAC,EAAE,EAAE,CAAC;YACrE,OAAQ,KAAa,CAAC,EAAE,CAAC;QAC3B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAC5B,QAAgB,EAChB,GAAQ,EACR,MAAe;QAEf,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAI,KAAa,CAAC,SAAS,CAAC;QAC3C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sCAAsC;QACtC,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACxD,kDAAkD;YAClD,IAAK,SAAiB,CAAC,YAAY,EAAE,CAAC;gBACpC,OAAQ,SAAiB,CAAC,YAAY,CAAC;YACzC,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,WAAW,CAAC,GAAW,EAAE,GAAQ;QACtC,MAAM,OAAO,GAAG,GAAG,CAAC,oBAAoB,IAAI,qBAAqB,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,GAAW;QAC9B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACzB,OAAO,GAAG,CAAC,QAAQ,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,UAAU,CAAC,GAAW;QACnC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACzB,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,YAAY,CAAC,KAAU;QACpC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,gCAAgC;QAChC,MAAM,UAAU,GAAG;YACjB,QAAQ;YACR,OAAO;YACP,cAAc;YACd,SAAS;YACT,aAAa;SACd,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,aAAa,CAAC,GAAQ;QACnC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,wBAAwB;QACxB,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,SAAS,CAAC,GAAW;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAChC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,SAAS,CACtB,GAAW,EACX,QAAgB,EAChB,MAAc,IAAI,CAAC,iBAAiB;QAEpC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;YAClB,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG;SAC1B,CAAC,CAAC;QAEH,0DAA0D;QAC1D,kEAAkE;QAClE,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,EAAE,CAAC;YAC3B,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,YAAY;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAChD,IAAI,KAAK,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;gBACxB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,eAAe,CAAC,GAAW;QAChC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,UAAU;QACf,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC"}
1
+ {"version":3,"file":"remote-fetch-service.js","sourceRoot":"","sources":["../../../src/lib/activitypub/remote-fetch-service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,EAAE,uBAAuB,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAU5E;;GAEG;AACH,MAAM,OAAO,kBAAkB;IAC7B;;OAEG;IACK,MAAM,CAAU,iBAAiB,GAAG,OAAO,CAAC,CAAC,yBAAyB;IAE9E;;;OAGG;IACK,MAAM,CAAC,KAAK,GAAG,IAAI,GAAG,EAA0B,CAAC;IAEzD;;;;;;;OAOG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU,CACrB,QAAgB,EAChB,GAAQ,EACR,MAAe;QAEf,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,2CAA2C,QAAQ,EAAE,CAAC,CAAC;YACrE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,CAAC;YAChC,6DAA6D;YAC7D,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CACV,kDAAkD,QAAQ,EAAE,CAC7D,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,4DAA4D;QAC5D,MAAM,cAAc,GAAG,MAAM,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC1D,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CACT,+EAA+E,QAAQ,EAAE,CAC1F,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,cAAc;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CAAC,4CAA4C,QAAQ,EAAE,CAAC,CAAC;YACvE,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,IAAI,CAAC;YACH,uBAAuB;YACvB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBACrC,OAAO,EAAE;oBACP,MAAM,EACJ,iGAAiG;oBACnG,YAAY,EAAE,gCAAgC;iBAC/C;gBACD,yDAAyD;aAC1D,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,IAAI,CACT,8CAA8C,QAAQ,KAAK,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CACpG,CAAC;gBACJ,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAQ,CAAC;YAE7C,0BAA0B;YAC1B,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,IAAI,CACT,gDAAgD,QAAQ,EAAE,CAC3D,CAAC;gBACJ,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,cAAc;YACd,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAe,CAAC,CAAC;YAE1C,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;YACxE,CAAC;YAED,OAAO,KAAe,CAAC;QACzB,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CACV,6CAA6C,QAAQ,GAAG,EACxD,KAAK,CACN,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,KAAK,CAAC,WAAW,CACtB,SAAiB,EACjB,GAAQ,EACR,MAAe;QAEf,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,4CAA4C,SAAS,EAAE,CAAC,CAAC;YACvE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mCAAmC;QACnC,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE,CAAC;YACjC,8DAA8D;YAC9D,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CACV,mDAAmD,SAAS,EAAE,CAC/D,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,4DAA4D;QAC5D,MAAM,cAAc,GAAG,MAAM,uBAAuB,CAAC,GAAG,CAAC,CAAC;QAC1D,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CACT,gFAAgF,SAAS,EAAE,CAC5F,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,cAAc;QACd,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACzC,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CAAC,6CAA6C,SAAS,EAAE,CAAC,CAAC;YACzE,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,IAAI,CAAC;YACH,wBAAwB;YACxB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;gBACtC,OAAO,EAAE;oBACP,MAAM,EACJ,iGAAiG;oBACnG,YAAY,EAAE,gCAAgC;iBAC/C;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,IAAI,CACT,+CAA+C,SAAS,KAAK,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CACtG,CAAC;gBACJ,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAQ,CAAC;YAE3C,2BAA2B;YAC3B,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,IAAI,CACT,iDAAiD,SAAS,EAAE,CAC7D,CAAC;gBACJ,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,eAAe;YACf,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,GAAa,CAAC,CAAC;YAEzC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,+CAA+C,SAAS,EAAE,CAAC,CAAC;YAC1E,CAAC;YAED,OAAO,GAAa,CAAC;QACvB,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,CACV,8CAA8C,SAAS,GAAG,EAC1D,KAAK,CACN,CAAC;YACJ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,KAAK,CAAC,aAAa,CACxB,QAAgB,EAChB,GAAQ,EACR,MAAe;QAEf,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAAI,KAAa,CAAC,KAAK,CAAC;QACnC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAK,KAAa,CAAC,EAAE,EAAE,CAAC;YACrE,OAAQ,KAAa,CAAC,EAAE,CAAC;QAC3B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAC5B,QAAgB,EAChB,GAAQ,EACR,MAAe;QAEf,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAI,KAAa,CAAC,SAAS,CAAC;QAC3C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sCAAsC;QACtC,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACxD,kDAAkD;YAClD,IAAK,SAAiB,CAAC,YAAY,EAAE,CAAC;gBACpC,OAAQ,SAAiB,CAAC,YAAY,CAAC;YACzC,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,WAAW,CAAC,GAAW,EAAE,GAAQ;QACtC,MAAM,OAAO,GAAG,GAAG,CAAC,oBAAoB,IAAI,qBAAqB,CAAC;QAClE,qEAAqE;QACrE,yDAAyD;QACzD,IAAI,CAAC;YACH,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QACzD,CAAC;QAAC,MAAM,CAAC;YACP,iDAAiD;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,GAAW;QAC9B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACzB,OAAO,GAAG,CAAC,QAAQ,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,UAAU,CAAC,GAAW;QACnC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACzB,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,YAAY,CAAC,KAAU;QACpC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,gCAAgC;QAChC,MAAM,UAAU,GAAG;YACjB,QAAQ;YACR,OAAO;YACP,cAAc;YACd,SAAS;YACT,aAAa;SACd,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,aAAa,CAAC,GAAQ;QACnC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,wBAAwB;QACxB,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,SAAS,CAAC,GAAW;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAChC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,SAAS,CACtB,GAAW,EACX,QAAgB,EAChB,MAAc,IAAI,CAAC,iBAAiB;QAEpC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;YAClB,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG;SAC1B,CAAC,CAAC;QAEH,0DAA0D;QAC1D,kEAAkE;QAClE,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,EAAE,CAAC;YAC3B,IAAI,CAAC,YAAY,EAAE,CAAC;QACtB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,YAAY;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YAChD,IAAI,KAAK,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;gBACxB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,eAAe,CAAC,GAAW;QAChC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,UAAU;QACf,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"standalone-mode.d.ts","sourceRoot":"","sources":["../../../src/lib/activitypub/standalone-mode.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAWnD;;;;;;;;;;;;GAYG;AACH,wBAAsB,uBAAuB,CAC3C,GAAG,EAAE,GAAG,EACR,EAAE,CAAC,EAAE,YAAY,EACjB,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,OAAO,CAAC,CA8ClB;AAED;;;;;;;;GAQG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CAoB1D"}
1
+ {"version":3,"file":"standalone-mode.d.ts","sourceRoot":"","sources":["../../../src/lib/activitypub/standalone-mode.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAWnD;;;;;;;;;;;;GAYG;AACH,wBAAsB,uBAAuB,CAC3C,GAAG,EAAE,GAAG,EACR,EAAE,CAAC,EAAE,YAAY,EACjB,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,OAAO,CAAC,CA8ClB;AAED;;;;;;;;GAQG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,GAAG,OAAO,CA2B1D"}
@@ -85,6 +85,14 @@ export function isRemoteUri(uri, env) {
85
85
  // Invalid URL, use default
86
86
  }
87
87
  }
88
- return !uri.startsWith(baseUrl);
88
+ // Compare parsed origins rather than a string prefix, so a host like
89
+ // "example.com.attacker.com" cannot masquerade as local.
90
+ try {
91
+ return new URL(uri).origin !== new URL(baseUrl).origin;
92
+ }
93
+ catch {
94
+ // Unparseable URI — treat as remote (untrusted).
95
+ return true;
96
+ }
89
97
  }
90
98
  //# sourceMappingURL=standalone-mode.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"standalone-mode.js","sourceRoot":"","sources":["../../../src/lib/activitypub/standalone-mode.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,SAAS,EAAU,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,+BAA+B,EAAE,MAAM,mCAAmC,CAAC;AACpF,OAAO,EACL,wBAAwB,EACxB,mBAAmB,GACpB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE1D,MAAM,0BAA0B,GAAG,qCAAqC,CAAC;AAEzE;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAQ,EACR,EAAiB,EACjB,OAAiB;IAEjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,IAAI,CAAC;QACH,yDAAyD;QACzD,IAAI,EAAE,EAAE,CAAC;YACP,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAC3C,8BAA8B,CAC/B,CAAC;YACF,MAAM,aAAa,GAAG,IAAI,oBAAoB,CAAC,EAAE,CAAC,CAAC;YACnD,OAAO,MAAM,aAAa,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACnE,CAAC;QAED,iEAAiE;QACjE,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/D,MAAM,SAAS,GAAG,+BAA+B,CAAC;QAElD,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,SAAS,EACT,MAAM,EACN,GAAG,EACH,KAAK,EAAE,MAAM,EAAE,EAAE;YACf,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAC3C,8BAA8B,CAC/B,CAAC;YACF,MAAM,aAAa,GAAG,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;YACvD,OAAO,MAAM,aAAa,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACnE,CAAC,EACD;YACE,GAAG,mBAAmB,CAAC,QAAQ,EAAE,sBAAsB;YACvD,YAAY,EAAE,KAAK,EAAE,uDAAuD;YAC5E,OAAO,EAAE;gBACP,SAAS,EAAE,qBAAqB;aACjC;SACF,CACF,CAAC;QAEF,OAAO,MAAM,IAAI,KAAK,CAAC;IACzB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CACV,yDAAyD,EACzD,KAAK,CACN,CAAC;QACF,4DAA4D;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,GAAQ;IAC/C,gEAAgE;IAChE,gEAAgE;IAChE,IAAI,OAAO,GAAG,qBAAqB,CAAC;IACpC,IAAI,GAAG,CAAC,oBAAoB,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;YAC9C,OAAO,GAAG,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACpC,OAAO,GAAG,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;AAClC,CAAC"}
1
+ {"version":3,"file":"standalone-mode.js","sourceRoot":"","sources":["../../../src/lib/activitypub/standalone-mode.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,SAAS,EAAU,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,+BAA+B,EAAE,MAAM,mCAAmC,CAAC;AACpF,OAAO,EACL,wBAAwB,EACxB,mBAAmB,GACpB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAE1D,MAAM,0BAA0B,GAAG,qCAAqC,CAAC;AAEzE;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAQ,EACR,EAAiB,EACjB,OAAiB;IAEjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,IAAI,CAAC;QACH,yDAAyD;QACzD,IAAI,EAAE,EAAE,CAAC;YACP,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAC3C,8BAA8B,CAC/B,CAAC;YACF,MAAM,aAAa,GAAG,IAAI,oBAAoB,CAAC,EAAE,CAAC,CAAC;YACnD,OAAO,MAAM,aAAa,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACnE,CAAC;QAED,iEAAiE;QACjE,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/D,MAAM,SAAS,GAAG,+BAA+B,CAAC;QAElD,MAAM,MAAM,GAAG,MAAM,wBAAwB,CAC3C,SAAS,EACT,MAAM,EACN,GAAG,EACH,KAAK,EAAE,MAAM,EAAE,EAAE;YACf,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAC3C,8BAA8B,CAC/B,CAAC;YACF,MAAM,aAAa,GAAG,IAAI,oBAAoB,CAAC,MAAM,CAAC,CAAC;YACvD,OAAO,MAAM,aAAa,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACnE,CAAC,EACD;YACE,GAAG,mBAAmB,CAAC,QAAQ,EAAE,sBAAsB;YACvD,YAAY,EAAE,KAAK,EAAE,uDAAuD;YAC5E,OAAO,EAAE;gBACP,SAAS,EAAE,qBAAqB;aACjC;SACF,CACF,CAAC;QAEF,OAAO,MAAM,IAAI,KAAK,CAAC;IACzB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CACV,yDAAyD,EACzD,KAAK,CACN,CAAC;QACF,4DAA4D;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,GAAQ;IAC/C,gEAAgE;IAChE,gEAAgE;IAChE,IAAI,OAAO,GAAG,qBAAqB,CAAC;IACpC,IAAI,GAAG,CAAC,oBAAoB,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;YAC9C,OAAO,GAAG,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YACpC,OAAO,GAAG,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,2BAA2B;QAC7B,CAAC;IACH,CAAC;IACD,qEAAqE;IACrE,yDAAyD;IACzD,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;QACjD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"input-sanitizer.d.ts","sourceRoot":"","sources":["../../src/lib/input-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,qBAAa,cAAc;IACzB;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAyC1C;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAsC1C;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,GAAG,GAAG;IAiCnC;;;;;;;;OAQG;IACH,MAAM,CAAC,aAAa,CAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,KAAK,EAAE,MAAM,EACb,SAAS,GAAE,OAAe,GACzB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IAiBtB;;;;;;;OAOG;IACH,MAAM,CAAC,cAAc,CACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,MAAM,EAAE,EAChB,SAAS,GAAE,OAAe,GACzB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;CAgBvB"}
1
+ {"version":3,"file":"input-sanitizer.d.ts","sourceRoot":"","sources":["../../src/lib/input-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,qBAAa,cAAc;IACzB;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAuD1C;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAsC1C;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,GAAG,GAAG;IAiCnC;;;;;;;;OAQG;IACH,MAAM,CAAC,aAAa,CAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,KAAK,EAAE,MAAM,EACb,SAAS,GAAE,OAAe,GACzB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IAiBtB;;;;;;;OAOG;IACH,MAAM,CAAC,cAAc,CACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,MAAM,EAAE,EAChB,SAAS,GAAE,OAAe,GACzB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;CAgBvB"}
@@ -31,14 +31,27 @@ export class InputSanitizer {
31
31
  return "";
32
32
  }
33
33
  }
34
- // First, remove script tags and their content (most dangerous)
35
- // This regex matches <script>...</script> including all content between tags
36
- let sanitized = input.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, "");
37
- // Remove style tags and their content
38
- sanitized = sanitized.replace(/<style\b[^<]*(?:(?!<\/style>)<[^<]*)*<\/style>/gi, "");
39
- // Remove all other HTML tags using regex (safe for Cloudflare Workers)
40
- // This regex matches any HTML tag including attributes
41
- sanitized = sanitized.replace(/<[^>]*>/g, "");
34
+ // Strip a pattern repeatedly until the string stops changing. A single
35
+ // pass can be defeated by nesting (e.g. "<scr<script>ipt>" collapses to
36
+ // "<script>"), so we apply the replacement to a fixed point.
37
+ const stripUntilStable = (value, pattern) => {
38
+ let current = value;
39
+ let previous;
40
+ do {
41
+ previous = current;
42
+ current = current.replace(pattern, "");
43
+ } while (current !== previous);
44
+ return current;
45
+ };
46
+ // First, remove script tags and their content (most dangerous).
47
+ // The end tag uses [^>]* (not just \s*) because browsers close on any
48
+ // junk before the ">", e.g. "</script\n foo>" — so the filter must too.
49
+ let sanitized = stripUntilStable(input, /<script\b[^<]*(?:(?!<\/script[^>]*>)<[^<]*)*<\/script[^>]*>/gi);
50
+ // Remove style tags and their content (same end-tag tolerance)
51
+ sanitized = stripUntilStable(sanitized, /<style\b[^<]*(?:(?!<\/style[^>]*>)<[^<]*)*<\/style[^>]*>/gi);
52
+ // Remove all other HTML tags using regex (safe for Cloudflare Workers).
53
+ // Looped to a fixed point so nested/partial tags cannot survive a pass.
54
+ sanitized = stripUntilStable(sanitized, /<[^>]*>/g);
42
55
  // Remove all HTML entities (numeric and named) for security
43
56
  // This prevents XSS attacks via encoded entities
44
57
  sanitized = sanitized.replace(/&#\d+;/g, "");
@@ -1 +1 @@
1
- {"version":3,"file":"input-sanitizer.js","sourceRoot":"","sources":["../../src/lib/input-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,OAAO,cAAc;IACzB;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,KAAa;QAC/B,iCAAiC;QACjC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,kEAAkE;YAClE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,yCAAyC;YACzC,IAAI,CAAC;gBACH,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;YAAC,MAAM,CAAC;gBACP,2CAA2C;gBAC3C,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,6EAA6E;QAC7E,IAAI,SAAS,GAAG,KAAK,CAAC,OAAO,CAC3B,qDAAqD,EACrD,EAAE,CACH,CAAC;QAEF,sCAAsC;QACtC,SAAS,GAAG,SAAS,CAAC,OAAO,CAC3B,kDAAkD,EAClD,EAAE,CACH,CAAC;QAEF,uEAAuE;QACvE,uDAAuD;QACvD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAE9C,4DAA4D;QAC5D,iDAAiD;QACjD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC7C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QAElD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,KAAa;QAC/B,iCAAiC;QACjC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,kEAAkE;YAClE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,yCAAyC;YACzC,IAAI,CAAC;gBACH,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;YAAC,MAAM,CAAC;gBACP,2CAA2C;gBAC3C,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,kEAAkE;QAClE,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC/D,MAAM,kBAAkB,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEjD,6CAA6C;QAC7C,IAAI,SAAS,GAAG,KAAK,CAAC,OAAO,CAC3B,IAAI,MAAM,CAAC,aAAa,kBAAkB,mBAAmB,EAAE,IAAI,CAAC,EACpE,EAAE,CACH,CAAC;QAEF,gEAAgE;QAChE,WAAW,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC1B,SAAS,GAAG,SAAS,CAAC,OAAO,CAC3B,IAAI,MAAM,CAAC,IAAI,GAAG,YAAY,EAAE,IAAI,CAAC,EACrC,IAAI,GAAG,GAAG,CACX,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,IAAS;QAC3B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QAED,+CAA+C;QAC/C,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,SAAS,GAAQ,EAAE,CAAC;YAC1B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,sEAAsE;gBACtE,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,SAAS;gBACX,CAAC;gBACD,gCAAgC;gBAChC,MAAM,YAAY,GAChB,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;gBACzD,SAAS,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;YACrD,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,yEAAyE;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,aAAa,CAClB,IAAyB,EACzB,KAAa,EACb,YAAqB,KAAK;QAE1B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,KAAK,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrD,OAAO;gBACL,GAAG,IAAI;gBACP,CAAC,KAAK,CAAC,EAAE,SAAS;oBAChB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBAChC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;aACnC,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,cAAc,CACnB,IAAyB,EACzB,MAAgB,EAChB,YAAqB,KAAK;QAE1B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QAC9B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,KAAK,IAAI,SAAS,IAAI,OAAO,SAAS,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC/D,SAAS,CAAC,KAAK,CAAC,GAAG,SAAS;oBAC1B,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;oBACrC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}
1
+ {"version":3,"file":"input-sanitizer.js","sourceRoot":"","sources":["../../src/lib/input-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,OAAO,cAAc;IACzB;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,KAAa;QAC/B,iCAAiC;QACjC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,kEAAkE;YAClE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,yCAAyC;YACzC,IAAI,CAAC;gBACH,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;YAAC,MAAM,CAAC;gBACP,2CAA2C;gBAC3C,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,wEAAwE;QACxE,6DAA6D;QAC7D,MAAM,gBAAgB,GAAG,CAAC,KAAa,EAAE,OAAe,EAAU,EAAE;YAClE,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,IAAI,QAAgB,CAAC;YACrB,GAAG,CAAC;gBACF,QAAQ,GAAG,OAAO,CAAC;gBACnB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YACzC,CAAC,QAAQ,OAAO,KAAK,QAAQ,EAAE;YAC/B,OAAO,OAAO,CAAC;QACjB,CAAC,CAAC;QAEF,gEAAgE;QAChE,sEAAsE;QACtE,wEAAwE;QACxE,IAAI,SAAS,GAAG,gBAAgB,CAC9B,KAAK,EACL,+DAA+D,CAChE,CAAC;QAEF,+DAA+D;QAC/D,SAAS,GAAG,gBAAgB,CAC1B,SAAS,EACT,4DAA4D,CAC7D,CAAC;QAEF,wEAAwE;QACxE,wEAAwE;QACxE,SAAS,GAAG,gBAAgB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAEpD,4DAA4D;QAC5D,iDAAiD;QACjD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC7C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QAElD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,KAAa;QAC/B,iCAAiC;QACjC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,kEAAkE;YAClE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,yCAAyC;YACzC,IAAI,CAAC;gBACH,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;YAAC,MAAM,CAAC;gBACP,2CAA2C;gBAC3C,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,kEAAkE;QAClE,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC/D,MAAM,kBAAkB,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEjD,6CAA6C;QAC7C,IAAI,SAAS,GAAG,KAAK,CAAC,OAAO,CAC3B,IAAI,MAAM,CAAC,aAAa,kBAAkB,mBAAmB,EAAE,IAAI,CAAC,EACpE,EAAE,CACH,CAAC;QAEF,gEAAgE;QAChE,WAAW,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC1B,SAAS,GAAG,SAAS,CAAC,OAAO,CAC3B,IAAI,MAAM,CAAC,IAAI,GAAG,YAAY,EAAE,IAAI,CAAC,EACrC,IAAI,GAAG,GAAG,CACX,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,YAAY,CAAC,IAAS;QAC3B,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QAED,+CAA+C;QAC/C,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAC9C,MAAM,SAAS,GAAQ,EAAE,CAAC;YAC1B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,sEAAsE;gBACtE,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,SAAS;gBACX,CAAC;gBACD,gCAAgC;gBAChC,MAAM,YAAY,GAChB,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;gBACzD,SAAS,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;YACrD,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,yEAAyE;QACzE,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,aAAa,CAClB,IAAyB,EACzB,KAAa,EACb,YAAqB,KAAK;QAE1B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,KAAK,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrD,OAAO;gBACL,GAAG,IAAI;gBACP,CAAC,KAAK,CAAC,EAAE,SAAS;oBAChB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBAChC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;aACnC,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;OAOG;IACH,MAAM,CAAC,cAAc,CACnB,IAAyB,EACzB,MAAgB,EAChB,YAAqB,KAAK;QAE1B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QAC9B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,KAAK,IAAI,SAAS,IAAI,OAAO,SAAS,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC/D,SAAS,CAAC,KAAK,CAAC,GAAG,SAAS;oBAC1B,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;oBACrC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}
@@ -1,4 +1,23 @@
1
1
  import { PrismaClient } from "@prisma/client";
2
+ import { DatabaseCircuitBreaker } from "./database-circuit-breaker.js";
3
+ /**
4
+ * Per-execution-environment circuit breaker for the Lambda DB path.
5
+ *
6
+ * The request path (`DatabaseConnectionManager`) has a breaker; Lambda handlers
7
+ * did not — so under DB saturation they would keep retrying into a saturated
8
+ * instance and amplify the incident. Opening the breaker makes a saturated
9
+ * environment fail fast (no connect-timeout wait, no slot held) until a cooldown
10
+ * probe succeeds. Module scope = one warm Lambda environment, the right blast
11
+ * radius. Wrap every RDS access in a handler with `withLambdaDbBreaker`.
12
+ */
13
+ export declare const lambdaDbBreaker: DatabaseCircuitBreaker;
14
+ /**
15
+ * Run a unit of DB work under the Lambda circuit breaker. Use around every RDS
16
+ * access in a Lambda handler so connection-exhaustion failures trip the breaker
17
+ * instead of being retried into a saturated instance. When the breaker is OPEN
18
+ * the call throws immediately (message begins "Circuit breaker is OPEN").
19
+ */
20
+ export declare function withLambdaDbBreaker<T>(fn: () => Promise<T>, operation?: string): Promise<T>;
2
21
  /**
3
22
  * Build (and cache) a PrismaClient for standalone Lambda handlers.
4
23
  *
@@ -8,9 +27,14 @@ import { PrismaClient } from "@prisma/client";
8
27
  * `DatabaseConnectionManager` (`ssl: { rejectUnauthorized: false }`); Lambda
9
28
  * handlers must do the same. Prisma 7 supplies the connection through a pg
10
29
  * driver adapter (the old `datasources` constructor option is gone), so the
11
- * `ssl` option goes on the adapter's pool config.
30
+ * `ssl` option and the size cap go on the pool config.
31
+ *
32
+ * The pool is passed to `PrismaPg` as an explicit `pg.Pool` (NOT a
33
+ * connection-string config) because the pool is the only place `max` takes
34
+ * effect — see the knobs comment above.
12
35
  *
13
- * Cached at module scope so warm invocations reuse the client.
36
+ * Cached at module scope so warm invocations reuse the client (and its single
37
+ * connection).
14
38
  */
15
39
  export declare function getLambdaPrisma(): Promise<PrismaClient>;
16
40
  //# sourceMappingURL=lambda-prisma.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"lambda-prisma.d.ts","sourceRoot":"","sources":["../../src/lib/lambda-prisma.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAY9C;;;;;;;;;;;;GAYG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,YAAY,CAAC,CAY7D"}
1
+ {"version":3,"file":"lambda-prisma.d.ts","sourceRoot":"","sources":["../../src/lib/lambda-prisma.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAoCvE;;;;;;;;;GASG;AACH,eAAO,MAAM,eAAe,wBAO1B,CAAC;AAEH;;;;;GAKG;AACH,wBAAsB,mBAAmB,CAAC,CAAC,EACzC,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,CAAC,CAAC,CAYZ;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,YAAY,CAAC,CA0B7D"}
@@ -1,7 +1,64 @@
1
+ import { Logger } from "@aws-lambda-powertools/logger";
1
2
  import { getSecret } from "@aws-lambda-powertools/parameters/secrets";
2
3
  import { PrismaPg } from "@prisma/adapter-pg";
3
4
  import { PrismaClient } from "@prisma/client";
5
+ import { Pool } from "pg";
6
+ import { DatabaseCircuitBreaker } from "./database-circuit-breaker.js";
7
+ const logger = new Logger({ serviceName: "lambda-prisma" });
8
+ /**
9
+ * Operational knobs — env-configurable with safe defaults (threshold-secrecy
10
+ * rule: never compile operational limits into the public tarball).
11
+ *
12
+ * Why the pool MUST be capped here: each warm Lambda execution environment holds
13
+ * its OWN pg pool, and every concurrent environment shares the RDS
14
+ * `max_connections` budget (~107 usable on a t4g.micro). Under a signup burst —
15
+ * or a `pre-token` cache-miss storm — an unbounded pool lets a single function
16
+ * exhaust the instance, and Postgres then rejects connections from EVERY client
17
+ * (a global outage, not just failed signups). `?connection_limit=1` in the
18
+ * connection URL is a **no-op** under `@prisma/adapter-pg` (it is a Prisma-engine
19
+ * parameter the `pg` driver ignores), so the cap is set on the pool object — the
20
+ * only place it takes effect. See
21
+ * trellis-internal `analysis/db-connection-management/signup-burst-connection-exhaustion.md`.
22
+ */
23
+ const DEFAULT_POOL_MAX = 1;
24
+ const DEFAULT_CONNECT_TIMEOUT_MS = 2000;
25
+ const DEFAULT_IDLE_TIMEOUT_MS = 10_000;
26
+ const DEFAULT_BREAKER_THRESHOLD = 5;
27
+ const DEFAULT_BREAKER_COOLDOWN_MS = 30_000;
4
28
  let prisma = null;
29
+ let pool = null;
30
+ /**
31
+ * Per-execution-environment circuit breaker for the Lambda DB path.
32
+ *
33
+ * The request path (`DatabaseConnectionManager`) has a breaker; Lambda handlers
34
+ * did not — so under DB saturation they would keep retrying into a saturated
35
+ * instance and amplify the incident. Opening the breaker makes a saturated
36
+ * environment fail fast (no connect-timeout wait, no slot held) until a cooldown
37
+ * probe succeeds. Module scope = one warm Lambda environment, the right blast
38
+ * radius. Wrap every RDS access in a handler with `withLambdaDbBreaker`.
39
+ */
40
+ export const lambdaDbBreaker = new DatabaseCircuitBreaker({
41
+ failureThreshold: Number(process.env.LAMBDA_DATABASE_BREAKER_THRESHOLD ?? DEFAULT_BREAKER_THRESHOLD),
42
+ cooldownMs: Number(process.env.LAMBDA_DATABASE_BREAKER_COOLDOWN_MS ?? DEFAULT_BREAKER_COOLDOWN_MS),
43
+ });
44
+ /**
45
+ * Run a unit of DB work under the Lambda circuit breaker. Use around every RDS
46
+ * access in a Lambda handler so connection-exhaustion failures trip the breaker
47
+ * instead of being retried into a saturated instance. When the breaker is OPEN
48
+ * the call throws immediately (message begins "Circuit breaker is OPEN").
49
+ */
50
+ export async function withLambdaDbBreaker(fn, operation) {
51
+ try {
52
+ return await lambdaDbBreaker.execute(fn, { operation });
53
+ }
54
+ catch (err) {
55
+ if (err instanceof Error &&
56
+ err.message.startsWith("Circuit breaker is OPEN")) {
57
+ logger.warn("lambda_db.breaker_open", { operation });
58
+ }
59
+ throw err;
60
+ }
61
+ }
5
62
  /**
6
63
  * Build (and cache) a PrismaClient for standalone Lambda handlers.
7
64
  *
@@ -11,18 +68,33 @@ let prisma = null;
11
68
  * `DatabaseConnectionManager` (`ssl: { rejectUnauthorized: false }`); Lambda
12
69
  * handlers must do the same. Prisma 7 supplies the connection through a pg
13
70
  * driver adapter (the old `datasources` constructor option is gone), so the
14
- * `ssl` option goes on the adapter's pool config.
71
+ * `ssl` option and the size cap go on the pool config.
72
+ *
73
+ * The pool is passed to `PrismaPg` as an explicit `pg.Pool` (NOT a
74
+ * connection-string config) because the pool is the only place `max` takes
75
+ * effect — see the knobs comment above.
15
76
  *
16
- * Cached at module scope so warm invocations reuse the client.
77
+ * Cached at module scope so warm invocations reuse the client (and its single
78
+ * connection).
17
79
  */
18
80
  export async function getLambdaPrisma() {
19
81
  if (prisma)
20
82
  return prisma;
21
83
  const { username, password, host, port, dbname } = (await getSecret(process.env.DB_SECRET_ARN, { transform: "json" }));
22
- const adapter = new PrismaPg({
23
- connectionString: `postgresql://${username}:${encodeURIComponent(password)}@${host}:${port}/${dbname}?connection_limit=1`,
84
+ // When an RDS Proxy is provisioned, the infra injects its endpoint here so the
85
+ // Lambda connects through the proxy (which multiplexes and caps the
86
+ // connections the DB ever sees); fall back to the direct instance endpoint
87
+ // when unset, so the default deployment is unchanged.
88
+ const dbHost = process.env.LAMBDA_DATABASE_PROXY_HOST || host;
89
+ pool = new Pool({
90
+ connectionString: `postgresql://${username}:${encodeURIComponent(password)}@${dbHost}:${port}/${dbname}`,
24
91
  ssl: { rejectUnauthorized: false },
92
+ max: Number(process.env.LAMBDA_DATABASE_POOL_MAX ?? DEFAULT_POOL_MAX),
93
+ connectionTimeoutMillis: Number(process.env.LAMBDA_DATABASE_CONNECT_TIMEOUT_MS ?? DEFAULT_CONNECT_TIMEOUT_MS),
94
+ idleTimeoutMillis: DEFAULT_IDLE_TIMEOUT_MS,
95
+ allowExitOnIdle: false,
25
96
  });
97
+ const adapter = new PrismaPg(pool);
26
98
  prisma = new PrismaClient({ adapter });
27
99
  return prisma;
28
100
  }
@@ -1 +1 @@
1
- {"version":3,"file":"lambda-prisma.js","sourceRoot":"","sources":["../../src/lib/lambda-prisma.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,2CAA2C,CAAC;AACtE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAU9C,IAAI,MAAM,GAAwB,IAAI,CAAC;AAEvC;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,SAAS,CACjE,OAAO,CAAC,GAAG,CAAC,aAAc,EAC1B,EAAE,SAAS,EAAE,MAAM,EAAE,CACtB,CAAwB,CAAC;IAC1B,MAAM,OAAO,GAAG,IAAI,QAAQ,CAAC;QAC3B,gBAAgB,EAAE,gBAAgB,QAAQ,IAAI,kBAAkB,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,IAAI,IAAI,MAAM,qBAAqB;QACzH,GAAG,EAAE,EAAE,kBAAkB,EAAE,KAAK,EAAE;KACnC,CAAC,CAAC;IACH,MAAM,GAAG,IAAI,YAAY,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACvC,OAAO,MAAM,CAAC;AAChB,CAAC"}
1
+ {"version":3,"file":"lambda-prisma.js","sourceRoot":"","sources":["../../src/lib/lambda-prisma.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,2CAA2C,CAAC;AACtE,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAC1B,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAUvE,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC,CAAC;AAE5D;;;;;;;;;;;;;;GAcG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAC3B,MAAM,0BAA0B,GAAG,IAAI,CAAC;AACxC,MAAM,uBAAuB,GAAG,MAAM,CAAC;AACvC,MAAM,yBAAyB,GAAG,CAAC,CAAC;AACpC,MAAM,2BAA2B,GAAG,MAAM,CAAC;AAE3C,IAAI,MAAM,GAAwB,IAAI,CAAC;AACvC,IAAI,IAAI,GAAgB,IAAI,CAAC;AAE7B;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,sBAAsB,CAAC;IACxD,gBAAgB,EAAE,MAAM,CACtB,OAAO,CAAC,GAAG,CAAC,iCAAiC,IAAI,yBAAyB,CAC3E;IACD,UAAU,EAAE,MAAM,CAChB,OAAO,CAAC,GAAG,CAAC,mCAAmC,IAAI,2BAA2B,CAC/E;CACF,CAAC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,EAAoB,EACpB,SAAkB;IAElB,IAAI,CAAC;QACH,OAAO,MAAM,eAAe,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IACE,GAAG,YAAY,KAAK;YACpB,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,yBAAyB,CAAC,EACjD,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,SAAS,CACjE,OAAO,CAAC,GAAG,CAAC,aAAc,EAC1B,EAAE,SAAS,EAAE,MAAM,EAAE,CACtB,CAAwB,CAAC;IAE1B,+EAA+E;IAC/E,oEAAoE;IACpE,2EAA2E;IAC3E,sDAAsD;IACtD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,IAAI,CAAC;IAE9D,IAAI,GAAG,IAAI,IAAI,CAAC;QACd,gBAAgB,EAAE,gBAAgB,QAAQ,IAAI,kBAAkB,CAAC,QAAQ,CAAC,IAAI,MAAM,IAAI,IAAI,IAAI,MAAM,EAAE;QACxG,GAAG,EAAE,EAAE,kBAAkB,EAAE,KAAK,EAAE;QAClC,GAAG,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,gBAAgB,CAAC;QACrE,uBAAuB,EAAE,MAAM,CAC7B,OAAO,CAAC,GAAG,CAAC,kCAAkC,IAAI,0BAA0B,CAC7E;QACD,iBAAiB,EAAE,uBAAuB;QAC1C,eAAe,EAAE,KAAK;KACvB,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,GAAG,IAAI,YAAY,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IACvC,OAAO,MAAM,CAAC;AAChB,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@de-otio/trellis",
3
- "version": "0.10.7",
3
+ "version": "0.10.9",
4
4
  "license": "AGPL-3.0-or-later",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -49,53 +49,53 @@
49
49
  "@aws-lambda-powertools/logger": "^2.32.0",
50
50
  "@aws-lambda-powertools/metrics": "^2.32.0",
51
51
  "@aws-lambda-powertools/parameters": "^2.32.0",
52
- "@aws-sdk/client-cloudwatch": "^3.1014.0",
53
- "@aws-sdk/client-cloudwatch-logs": "^3.0.0",
54
- "@aws-sdk/client-cognito-identity-provider": "^3.1009.0",
55
- "@aws-sdk/client-dynamodb": "^3.0.0",
56
- "@aws-sdk/client-kms": "^3.0.0",
57
- "@aws-sdk/client-s3": "^3.0.0",
58
- "@aws-sdk/client-secrets-manager": "^3.0.0",
59
- "@aws-sdk/client-ses": "^3.0.0",
60
- "@aws-sdk/client-sns": "^3.1012.0",
61
- "@aws-sdk/client-sqs": "^3.0.0",
62
- "@aws-sdk/client-ssm": "^3.0.0",
63
- "@aws-sdk/s3-request-presigner": "^3.0.0",
64
- "@aws-sdk/util-dynamodb": "^3.0.0",
52
+ "@aws-sdk/client-cloudwatch": "^3.1066.0",
53
+ "@aws-sdk/client-cloudwatch-logs": "^3.1066.0",
54
+ "@aws-sdk/client-cognito-identity-provider": "^3.1066.0",
55
+ "@aws-sdk/client-dynamodb": "^3.1066.0",
56
+ "@aws-sdk/client-kms": "^3.1066.0",
57
+ "@aws-sdk/client-s3": "^3.1066.0",
58
+ "@aws-sdk/client-secrets-manager": "^3.1066.0",
59
+ "@aws-sdk/client-ses": "^3.1066.0",
60
+ "@aws-sdk/client-sns": "^3.1066.0",
61
+ "@aws-sdk/client-sqs": "^3.1066.0",
62
+ "@aws-sdk/client-ssm": "^3.1066.0",
63
+ "@aws-sdk/s3-request-presigner": "^3.1066.0",
64
+ "@aws-sdk/util-dynamodb": "^3.996.4",
65
65
  "@de-otio/saas-foundation": "^0.3.0",
66
66
  "@de-otio/trellis-extension-api": "^0.3.0",
67
67
  "@de-otio/vestibulum": "^0.3.0",
68
- "@fedify/fedify": "2.2.4",
68
+ "@fedify/fedify": "2.2.5",
69
69
  "@prisma/adapter-pg": "^7.8.0",
70
70
  "@prisma/client": "^7.8.0",
71
71
  "cockatiel": "^4.0.0",
72
72
  "exifr": "^7.1.3",
73
- "hono": "^4.12.23",
74
- "isomorphic-dompurify": "^2.18.0",
73
+ "hono": "^4.12.25",
74
+ "isomorphic-dompurify": "^3.16.0",
75
75
  "js-yaml": "^4.1.1",
76
76
  "pg": "^8.13.0",
77
- "sharp": "^0.33.0",
77
+ "sharp": "^0.35.0",
78
78
  "zod": "^4.4.3"
79
79
  },
80
80
  "devDependencies": {
81
- "@aws-sdk/client-bedrock-agent-runtime": "^3.0.0",
82
- "@aws-sdk/client-cost-explorer": "^3.0.0",
83
- "@aws-sdk/client-ecs": "^3.0.0",
84
- "@aws-sdk/client-lambda": "^3.0.0",
85
- "@types/aws-lambda": "^8.10.0",
81
+ "@aws-sdk/client-bedrock-agent-runtime": "^3.1066.0",
82
+ "@aws-sdk/client-cost-explorer": "^3.1066.0",
83
+ "@aws-sdk/client-ecs": "^3.1066.0",
84
+ "@aws-sdk/client-lambda": "^3.1066.0",
85
+ "@types/aws-lambda": "^8.10.162",
86
86
  "@types/js-yaml": "^4.0.9",
87
- "@types/node": "^22.0.0",
87
+ "@types/node": "^25.9.3",
88
88
  "@types/pg": "^8.18.0",
89
89
  "@types/sharp": "^0.31.0",
90
- "@vitest/coverage-v8": "^4.0.0",
91
- "@vitest/ui": "^4.0.0",
90
+ "@vitest/coverage-v8": "^4.1.8",
91
+ "@vitest/ui": "^4.1.8",
92
92
  "aws-sdk-client-mock": "^4.1.0",
93
- "esbuild": "^0.27.0",
93
+ "esbuild": "^0.28.1",
94
94
  "form-data": "^4.0.1",
95
- "mailparser": "^3.9.4",
96
- "prettier": "^3.3.3",
95
+ "mailparser": "^3.9.9",
96
+ "prettier": "^3.8.4",
97
97
  "prisma": "^7.8.0",
98
- "tsx": "^4.19.0",
98
+ "tsx": "^4.22.4",
99
99
  "typescript": "^6.0.3",
100
100
  "vitest": "^4.0.0"
101
101
  },
@@ -34,7 +34,7 @@ import type {
34
34
  PostConfirmationTriggerHandler,
35
35
  } from "aws-lambda";
36
36
  import { Logger } from "@aws-lambda-powertools/logger";
37
- import { getLambdaPrisma as getPrisma } from "../lib/lambda-prisma.js";
37
+ import { getLambdaPrisma as getPrisma, withLambdaDbBreaker } from "../lib/lambda-prisma.js";
38
38
  import {
39
39
  PrismaClient,
40
40
  Prisma,
@@ -182,22 +182,30 @@ export const handler: PostConfirmationTriggerHandler = async (event) => {
182
182
 
183
183
  const db = await getPrisma();
184
184
 
185
- const result = await withHandleConflictRetry(() =>
186
- db.$transaction(
187
- async (tx) => provisionUserAndTenancy(tx, {
188
- cognitoSub,
189
- email,
190
- emailVerified: attrs.email_verified,
191
- federated,
192
- idpGroups,
193
- dateOfBirth,
194
- ageTier,
195
- providedHandle: attrs["custom:handle"],
196
- invitationCode,
197
- requestedMethod,
198
- }),
199
- { timeout: 8000 },
200
- ),
185
+ // The provisioning transaction is the longest-held connection in a signup
186
+ // burst (multi-statement, up to the 8s timeout). Run it under the Lambda
187
+ // circuit breaker so a saturated DB trips fast-fail instead of being retried
188
+ // into an already-exhausted instance.
189
+ const result = await withLambdaDbBreaker(
190
+ () =>
191
+ withHandleConflictRetry(() =>
192
+ db.$transaction(
193
+ async (tx) => provisionUserAndTenancy(tx, {
194
+ cognitoSub,
195
+ email,
196
+ emailVerified: attrs.email_verified,
197
+ federated,
198
+ idpGroups,
199
+ dateOfBirth,
200
+ ageTier,
201
+ providedHandle: attrs["custom:handle"],
202
+ invitationCode,
203
+ requestedMethod,
204
+ }),
205
+ { timeout: 8000 },
206
+ ),
207
+ ),
208
+ "post_confirmation.provision",
201
209
  );
202
210
 
203
211
  if (ageTier === "CHILD") {
@@ -31,9 +31,17 @@ export const handler: PreSignUpTriggerHandler = async (event) => {
31
31
  throw new Error("This invitation code has expired.");
32
32
  }
33
33
 
34
- // Auto-confirm and auto-verify for invited users
35
- event.response.autoConfirmUser = false;
36
- event.response.autoVerifyEmail = false;
34
+ // Auto-confirm and auto-verify invited users.
35
+ //
36
+ // Registration is passwordless (magic-link CUSTOM_AUTH). An UNCONFIRMED user
37
+ // cannot initiate that flow, so without auto-confirm an invited sign-up would
38
+ // create an account that can never sign in. This is safe because:
39
+ // - entry is already gated by a single-use invitation code (checked above);
40
+ // - access still requires answering the magic-link challenge, i.e. receiving
41
+ // and clicking a link sent to this exact address — the link, not this
42
+ // flag, is the real proof of email ownership and the access gate.
43
+ event.response.autoConfirmUser = true;
44
+ event.response.autoVerifyEmail = true;
37
45
 
38
46
  return event;
39
47
  };
@@ -25,7 +25,7 @@ import type {
25
25
  } from "aws-lambda";
26
26
  import { Logger } from "@aws-lambda-powertools/logger";
27
27
  import { PrismaClient, type TenantRole } from "@prisma/client";
28
- import { getLambdaPrisma as getPrisma } from "../lib/lambda-prisma.js";
28
+ import { getLambdaPrisma as getPrisma, withLambdaDbBreaker } from "../lib/lambda-prisma.js";
29
29
  import {
30
30
  ClaimsCache,
31
31
  createClaimsCacheFromEnv,
@@ -194,6 +194,11 @@ export const handler: PreTokenGenerationV2TriggerHandler = async (event) => {
194
194
  let cacheHit = !!claims;
195
195
 
196
196
  if (!claims) {
197
+ // RDS is consulted only on a genuine cache miss. Emit a filterable event so
198
+ // a miss-rate metric can be derived (a miss storm — post-deploy, correlated
199
+ // TTL expiry, or the first-login wave after a signup burst — is the path
200
+ // that can exhaust DB connections; the warm cache is the primary defence).
201
+ logger.info("pretoken.cache_miss", { cognitoSub, federated });
197
202
  const db = await getPrisma();
198
203
  // Read the user's last explicit tenant preference, even from an expired
199
204
  // cache row, so an admin-side switch-tenant call survives cache TTL.
@@ -206,7 +211,10 @@ export const handler: PreTokenGenerationV2TriggerHandler = async (event) => {
206
211
  error: (err as { code?: string })?.code ?? "unknown",
207
212
  });
208
213
  }
209
- const loaded = await loadFromRds(db, cognitoSub, federated, preferredTenantId);
214
+ const loaded = await withLambdaDbBreaker(
215
+ () => loadFromRds(db, cognitoSub, federated, preferredTenantId),
216
+ "pretoken.load_from_rds",
217
+ );
210
218
 
211
219
  if (!loaded.user) {
212
220
  logger.warn("pretoken.drift", { cognitoSub });