@de-otio/trellis 0.7.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -0
- package/dist/db.js +10 -18
- package/dist/db.js.map +1 -1
- package/dist/env.d.ts +66 -6
- package/dist/env.d.ts.map +1 -1
- package/dist/env.js +89 -70
- package/dist/env.js.map +1 -1
- package/dist/extensions.js +3 -8
- package/dist/extensions.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -9
- package/dist/index.js.map +1 -1
- package/dist/lambda/cleanup-cron.d.ts.map +1 -1
- package/dist/lambda/cleanup-cron.js +20 -24
- package/dist/lambda/cleanup-cron.js.map +1 -1
- package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/create-auth-challenge.js +17 -19
- package/dist/lambda/create-auth-challenge.js.map +1 -1
- package/dist/lambda/custom-message.js +1 -5
- package/dist/lambda/custom-message.js.map +1 -1
- package/dist/lambda/define-auth-challenge.js +1 -5
- package/dist/lambda/define-auth-challenge.js.map +1 -1
- package/dist/lambda/delete-account-worker.d.ts.map +1 -1
- package/dist/lambda/delete-account-worker.js +25 -58
- package/dist/lambda/delete-account-worker.js.map +1 -1
- package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
- package/dist/lambda/diagnostics-proxy.js +14 -49
- package/dist/lambda/diagnostics-proxy.js.map +1 -1
- package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
- package/dist/lambda/e2e-sweeper.js +30 -38
- package/dist/lambda/e2e-sweeper.js.map +1 -1
- package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
- package/dist/lambda/federation-outbox-worker.js +4 -6
- package/dist/lambda/federation-outbox-worker.js.map +1 -1
- package/dist/lambda/followers-events-worker.d.ts.map +1 -1
- package/dist/lambda/followers-events-worker.js +4 -6
- package/dist/lambda/followers-events-worker.js.map +1 -1
- package/dist/lambda/hourly-cron.d.ts.map +1 -1
- package/dist/lambda/hourly-cron.js +100 -32
- package/dist/lambda/hourly-cron.js.map +1 -1
- package/dist/lambda/link-check-worker.d.ts.map +1 -1
- package/dist/lambda/link-check-worker.js +4 -6
- package/dist/lambda/link-check-worker.js.map +1 -1
- package/dist/lambda/maintenance-cron.d.ts.map +1 -1
- package/dist/lambda/maintenance-cron.js +30 -63
- package/dist/lambda/maintenance-cron.js.map +1 -1
- package/dist/lambda/media-processing-worker.d.ts.map +1 -1
- package/dist/lambda/media-processing-worker.js +11 -46
- package/dist/lambda/media-processing-worker.js.map +1 -1
- package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
- package/dist/lambda/media-reconciliation-worker.js +4 -6
- package/dist/lambda/media-reconciliation-worker.js.map +1 -1
- package/dist/lambda/nightly-cron.d.ts.map +1 -1
- package/dist/lambda/nightly-cron.js +67 -112
- package/dist/lambda/nightly-cron.js.map +1 -1
- package/dist/lambda/post-confirmation.d.ts.map +1 -1
- package/dist/lambda/post-confirmation.js +147 -45
- package/dist/lambda/post-confirmation.js.map +1 -1
- package/dist/lambda/pre-signup.js +7 -11
- package/dist/lambda/pre-signup.js.map +1 -1
- package/dist/lambda/pre-token-generation.d.ts.map +1 -1
- package/dist/lambda/pre-token-generation.js +27 -35
- package/dist/lambda/pre-token-generation.js.map +1 -1
- package/dist/lambda/tools/check-health.js +1 -5
- package/dist/lambda/tools/check-health.js.map +1 -1
- package/dist/lambda/tools/describe-services.js +4 -8
- package/dist/lambda/tools/describe-services.js.map +1 -1
- package/dist/lambda/tools/get-cost-report.js +4 -8
- package/dist/lambda/tools/get-cost-report.js.map +1 -1
- package/dist/lambda/tools/get-errors.js +5 -9
- package/dist/lambda/tools/get-errors.js.map +1 -1
- package/dist/lambda/tools/get-feature-flags.js +4 -8
- package/dist/lambda/tools/get-feature-flags.js.map +1 -1
- package/dist/lambda/tools/get-queue-status.js +5 -9
- package/dist/lambda/tools/get-queue-status.js.map +1 -1
- package/dist/lambda/tools/search-logs.js +5 -9
- package/dist/lambda/tools/search-logs.js.map +1 -1
- package/dist/lambda/tools/send-alert.js +4 -8
- package/dist/lambda/tools/send-alert.js.map +1 -1
- package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/verify-auth-challenge.js +10 -12
- package/dist/lambda/verify-auth-challenge.js.map +1 -1
- package/dist/lib/abuse-metrics.d.ts.map +1 -1
- package/dist/lib/abuse-metrics.js +10 -13
- package/dist/lib/abuse-metrics.js.map +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
- package/dist/lib/activitypub/activity-processor.js +9 -43
- package/dist/lib/activitypub/activity-processor.js.map +1 -1
- package/dist/lib/activitypub/activity-service.js +1 -5
- package/dist/lib/activitypub/activity-service.js.map +1 -1
- package/dist/lib/activitypub/actor.d.ts +1 -1
- package/dist/lib/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/activitypub/actor.js +1 -5
- package/dist/lib/activitypub/actor.js.map +1 -1
- package/dist/lib/activitypub/audience-service.d.ts +2 -2
- package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
- package/dist/lib/activitypub/audience-service.js +8 -12
- package/dist/lib/activitypub/audience-service.js.map +1 -1
- package/dist/lib/activitypub/crypto.d.ts +1 -1
- package/dist/lib/activitypub/crypto.d.ts.map +1 -1
- package/dist/lib/activitypub/crypto.js +3 -41
- package/dist/lib/activitypub/crypto.js.map +1 -1
- package/dist/lib/activitypub/delivery-service.d.ts +5 -5
- package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
- package/dist/lib/activitypub/delivery-service.js +10 -47
- package/dist/lib/activitypub/delivery-service.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
- package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
- package/dist/lib/activitypub/dm-service.js +1 -5
- package/dist/lib/activitypub/dm-service.js.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.js +6 -10
- package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
- package/dist/lib/activitypub/fedify/config.d.ts +3 -3
- package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/config.js +5 -8
- package/dist/lib/activitypub/fedify/config.js.map +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/context.js +8 -12
- package/dist/lib/activitypub/fedify/context.js.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.js +3 -6
- package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
- package/dist/lib/activitypub/friendship-service.js +1 -5
- package/dist/lib/activitypub/friendship-service.js.map +1 -1
- package/dist/lib/activitypub/group-service.d.ts +1 -1
- package/dist/lib/activitypub/group-service.d.ts.map +1 -1
- package/dist/lib/activitypub/group-service.js +9 -46
- package/dist/lib/activitypub/group-service.js.map +1 -1
- package/dist/lib/activitypub/http-signatures.js +8 -45
- package/dist/lib/activitypub/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/jsonld.d.ts +1 -1
- package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
- package/dist/lib/activitypub/jsonld.js +1 -5
- package/dist/lib/activitypub/jsonld.js.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
- package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
- package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
- package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.js +31 -35
- package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.js +17 -20
- package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
- package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.js +6 -10
- package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
- package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
- package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.js +3 -8
- package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
- package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
- package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
- package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
- package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
- package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
- package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
- package/dist/lib/activitypub/standalone-mode.js +13 -50
- package/dist/lib/activitypub/standalone-mode.js.map +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
- package/dist/lib/activitypub/webfinger/server.js +18 -54
- package/dist/lib/activitypub/webfinger/server.js.map +1 -1
- package/dist/lib/age-gate-middleware.d.ts +4 -4
- package/dist/lib/age-gate-middleware.d.ts.map +1 -1
- package/dist/lib/age-gate-middleware.js +3 -6
- package/dist/lib/age-gate-middleware.js.map +1 -1
- package/dist/lib/age-gate.js +3 -8
- package/dist/lib/age-gate.js.map +1 -1
- package/dist/lib/age-tier-transition.d.ts +1 -1
- package/dist/lib/age-tier-transition.d.ts.map +1 -1
- package/dist/lib/age-tier-transition.js +7 -44
- package/dist/lib/age-tier-transition.js.map +1 -1
- package/dist/lib/app.d.ts +76 -0
- package/dist/lib/app.d.ts.map +1 -0
- package/dist/lib/app.js +400 -0
- package/dist/lib/app.js.map +1 -0
- package/dist/lib/audit/csv-export.js +6 -13
- package/dist/lib/audit/csv-export.js.map +1 -1
- package/dist/lib/audit/pii-filter.d.ts +9 -0
- package/dist/lib/audit/pii-filter.d.ts.map +1 -1
- package/dist/lib/audit/pii-filter.js +57 -7
- package/dist/lib/audit/pii-filter.js.map +1 -1
- package/dist/lib/audit-actions.d.ts +94 -0
- package/dist/lib/audit-actions.d.ts.map +1 -0
- package/dist/lib/audit-actions.js +107 -0
- package/dist/lib/audit-actions.js.map +1 -0
- package/dist/lib/audit-composer.d.ts +174 -0
- package/dist/lib/audit-composer.d.ts.map +1 -0
- package/dist/lib/audit-composer.js +421 -0
- package/dist/lib/audit-composer.js.map +1 -0
- package/dist/lib/auth/auth-context.d.ts +1 -1
- package/dist/lib/auth/auth-context.js +1 -2
- package/dist/lib/auth/auth-context.js.map +1 -1
- package/dist/lib/auth/auth-middleware.d.ts +16 -2
- package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
- package/dist/lib/auth/auth-middleware.js +36 -45
- package/dist/lib/auth/auth-middleware.js.map +1 -1
- package/dist/lib/auth/capabilities.js +2 -5
- package/dist/lib/auth/capabilities.js.map +1 -1
- package/dist/lib/auth/claims-cache.d.ts +2 -2
- package/dist/lib/auth/claims-cache.js +19 -24
- package/dist/lib/auth/claims-cache.js.map +1 -1
- package/dist/lib/auth/cognito-jwt.d.ts +20 -2
- package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
- package/dist/lib/auth/cognito-jwt.js +83 -23
- package/dist/lib/auth/cognito-jwt.js.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.js +4 -10
- package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
- package/dist/lib/auth/require.d.ts +4 -4
- package/dist/lib/auth/require.d.ts.map +1 -1
- package/dist/lib/auth/require.js +11 -18
- package/dist/lib/auth/require.js.map +1 -1
- package/dist/lib/auth/role-grants.d.ts +1 -1
- package/dist/lib/auth/role-grants.d.ts.map +1 -1
- package/dist/lib/auth/role-grants.js +28 -31
- package/dist/lib/auth/role-grants.js.map +1 -1
- package/dist/lib/auth-context-manager.js +1 -5
- package/dist/lib/auth-context-manager.js.map +1 -1
- package/dist/lib/auth-handler.d.ts +5 -5
- package/dist/lib/auth-handler.d.ts.map +1 -1
- package/dist/lib/auth-handler.js +5 -9
- package/dist/lib/auth-handler.js.map +1 -1
- package/dist/lib/badge-handler.d.ts +1 -1
- package/dist/lib/badge-handler.d.ts.map +1 -1
- package/dist/lib/badge-handler.js +14 -52
- package/dist/lib/badge-handler.js.map +1 -1
- package/dist/lib/circle-handler.d.ts +10 -10
- package/dist/lib/circle-handler.d.ts.map +1 -1
- package/dist/lib/circle-handler.js +10 -47
- package/dist/lib/circle-handler.js.map +1 -1
- package/dist/lib/cognito/idp-sdk.js +11 -18
- package/dist/lib/cognito/idp-sdk.js.map +1 -1
- package/dist/lib/cognito/issuer-probe.js +9 -14
- package/dist/lib/cognito/issuer-probe.js.map +1 -1
- package/dist/lib/comment-handler.d.ts +10 -10
- package/dist/lib/comment-handler.d.ts.map +1 -1
- package/dist/lib/comment-handler.js +61 -97
- package/dist/lib/comment-handler.js.map +1 -1
- package/dist/lib/compliance/baseline.d.ts +2 -2
- package/dist/lib/compliance/baseline.d.ts.map +1 -1
- package/dist/lib/compliance/baseline.js +15 -18
- package/dist/lib/compliance/baseline.js.map +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
- package/dist/lib/compliance/tenant-merge.js +1 -4
- package/dist/lib/compliance/tenant-merge.js.map +1 -1
- package/dist/lib/compliance/types.d.ts +1 -1
- package/dist/lib/compliance/types.js +2 -3
- package/dist/lib/compliance/types.js.map +1 -1
- package/dist/lib/connection-code-handler.d.ts +7 -7
- package/dist/lib/connection-code-handler.d.ts.map +1 -1
- package/dist/lib/connection-code-handler.js +13 -50
- package/dist/lib/connection-code-handler.js.map +1 -1
- package/dist/lib/content-discovery.d.ts +1 -1
- package/dist/lib/content-discovery.d.ts.map +1 -1
- package/dist/lib/content-discovery.js +15 -52
- package/dist/lib/content-discovery.js.map +1 -1
- package/dist/lib/context-aware-data-access.d.ts +1 -1
- package/dist/lib/context-aware-data-access.d.ts.map +1 -1
- package/dist/lib/context-aware-data-access.js +1 -5
- package/dist/lib/context-aware-data-access.js.map +1 -1
- package/dist/lib/cors-handler.d.ts +1 -1
- package/dist/lib/cors-handler.d.ts.map +1 -1
- package/dist/lib/cors-handler.js +13 -17
- package/dist/lib/cors-handler.js.map +1 -1
- package/dist/lib/cost-accumulator.d.ts.map +1 -1
- package/dist/lib/cost-accumulator.js +7 -11
- package/dist/lib/cost-accumulator.js.map +1 -1
- package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
- package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
- package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
- package/dist/lib/crypto/voting/hash-utils.js +6 -12
- package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
- package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
- package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/index.js +4 -14
- package/dist/lib/crypto/voting/index.js.map +1 -1
- package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
- package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
- package/dist/lib/csrf.d.ts +2 -2
- package/dist/lib/csrf.d.ts.map +1 -1
- package/dist/lib/csrf.js +1 -5
- package/dist/lib/csrf.js.map +1 -1
- package/dist/lib/data-router.d.ts +5 -4
- package/dist/lib/data-router.d.ts.map +1 -1
- package/dist/lib/data-router.js +60 -90
- package/dist/lib/data-router.js.map +1 -1
- package/dist/lib/database-circuit-breaker.d.ts +61 -34
- package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
- package/dist/lib/database-circuit-breaker.js +102 -109
- package/dist/lib/database-circuit-breaker.js.map +1 -1
- package/dist/lib/database-config.js +1 -4
- package/dist/lib/database-config.js.map +1 -1
- package/dist/lib/database-connection-manager.d.ts +42 -2
- package/dist/lib/database-connection-manager.d.ts.map +1 -1
- package/dist/lib/database-connection-manager.js +178 -74
- package/dist/lib/database-connection-manager.js.map +1 -1
- package/dist/lib/database-monitor.d.ts +1 -1
- package/dist/lib/database-monitor.d.ts.map +1 -1
- package/dist/lib/database-monitor.js +5 -9
- package/dist/lib/database-monitor.js.map +1 -1
- package/dist/lib/database-rate-limiter.d.ts +1 -1
- package/dist/lib/database-rate-limiter.d.ts.map +1 -1
- package/dist/lib/database-rate-limiter.js +3 -7
- package/dist/lib/database-rate-limiter.js.map +1 -1
- package/dist/lib/database-wrapper-helper.d.ts +2 -2
- package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
- package/dist/lib/database-wrapper-helper.js +7 -11
- package/dist/lib/database-wrapper-helper.js.map +1 -1
- package/dist/lib/database-wrapper.d.ts +1 -1
- package/dist/lib/database-wrapper.d.ts.map +1 -1
- package/dist/lib/database-wrapper.js +5 -9
- package/dist/lib/database-wrapper.js.map +1 -1
- package/dist/lib/db-query-helper.d.ts +3 -3
- package/dist/lib/db-query-helper.d.ts.map +1 -1
- package/dist/lib/db-query-helper.js +4 -9
- package/dist/lib/db-query-helper.js.map +1 -1
- package/dist/lib/discovery-exposure.d.ts +42 -0
- package/dist/lib/discovery-exposure.d.ts.map +1 -0
- package/dist/lib/discovery-exposure.js +89 -0
- package/dist/lib/discovery-exposure.js.map +1 -0
- package/dist/lib/discovery-handler.d.ts +6 -6
- package/dist/lib/discovery-handler.d.ts.map +1 -1
- package/dist/lib/discovery-handler.js +10 -43
- package/dist/lib/discovery-handler.js.map +1 -1
- package/dist/lib/domain-reputation-service.d.ts +1 -1
- package/dist/lib/domain-reputation-service.d.ts.map +1 -1
- package/dist/lib/domain-reputation-service.js +12 -15
- package/dist/lib/domain-reputation-service.js.map +1 -1
- package/dist/lib/email-privacy.js +4 -8
- package/dist/lib/email-privacy.js.map +1 -1
- package/dist/lib/email-provider.d.ts +2 -2
- package/dist/lib/email-provider.d.ts.map +1 -1
- package/dist/lib/email-provider.js +8 -16
- package/dist/lib/email-provider.js.map +1 -1
- package/dist/lib/entity-handler.d.ts +5 -6
- package/dist/lib/entity-handler.d.ts.map +1 -1
- package/dist/lib/entity-handler.js +45 -80
- package/dist/lib/entity-handler.js.map +1 -1
- package/dist/lib/entity-relationship-handler.d.ts +9 -9
- package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
- package/dist/lib/entity-relationship-handler.js +14 -51
- package/dist/lib/entity-relationship-handler.js.map +1 -1
- package/dist/lib/entity-tagging-errors.js +4 -11
- package/dist/lib/entity-tagging-errors.js.map +1 -1
- package/dist/lib/entity-tagging-validator.d.ts +3 -3
- package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
- package/dist/lib/entity-tagging-validator.js +6 -11
- package/dist/lib/entity-tagging-validator.js.map +1 -1
- package/dist/lib/exif-stripper.js +1 -4
- package/dist/lib/exif-stripper.js.map +1 -1
- package/dist/lib/extension-context.d.ts +2 -2
- package/dist/lib/extension-context.d.ts.map +1 -1
- package/dist/lib/extension-context.js +1 -4
- package/dist/lib/extension-context.js.map +1 -1
- package/dist/lib/extension-route-wrapper.d.ts +1 -1
- package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
- package/dist/lib/extension-route-wrapper.js +17 -55
- package/dist/lib/extension-route-wrapper.js.map +1 -1
- package/dist/lib/extension-validator.js +3 -6
- package/dist/lib/extension-validator.js.map +1 -1
- package/dist/lib/feature-flags.d.ts +5 -2
- package/dist/lib/feature-flags.d.ts.map +1 -1
- package/dist/lib/feature-flags.js +15 -48
- package/dist/lib/feature-flags.js.map +1 -1
- package/dist/lib/feature-toggle-global-client.d.ts +6 -0
- package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
- package/dist/lib/feature-toggle-global-client.js +73 -0
- package/dist/lib/feature-toggle-global-client.js.map +1 -0
- package/dist/lib/feature-toggle-service.d.ts +137 -27
- package/dist/lib/feature-toggle-service.d.ts.map +1 -1
- package/dist/lib/feature-toggle-service.js +302 -119
- package/dist/lib/feature-toggle-service.js.map +1 -1
- package/dist/lib/feed-handler.d.ts +8 -8
- package/dist/lib/feed-handler.d.ts.map +1 -1
- package/dist/lib/feed-handler.js +33 -62
- package/dist/lib/feed-handler.js.map +1 -1
- package/dist/lib/feed-pagination.d.ts +26 -0
- package/dist/lib/feed-pagination.d.ts.map +1 -1
- package/dist/lib/feed-pagination.js +31 -11
- package/dist/lib/feed-pagination.js.map +1 -1
- package/dist/lib/feed-personalization.d.ts +1 -1
- package/dist/lib/feed-personalization.d.ts.map +1 -1
- package/dist/lib/feed-personalization.js +6 -43
- package/dist/lib/feed-personalization.js.map +1 -1
- package/dist/lib/followers-events.js +8 -13
- package/dist/lib/followers-events.js.map +1 -1
- package/dist/lib/friends-handler.d.ts +2 -2
- package/dist/lib/friends-handler.d.ts.map +1 -1
- package/dist/lib/friends-handler.js +9 -46
- package/dist/lib/friends-handler.js.map +1 -1
- package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
- package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
- package/dist/lib/geo/entity-geo-repository.js +91 -0
- package/dist/lib/geo/entity-geo-repository.js.map +1 -0
- package/dist/lib/graph/errors.d.ts.map +1 -1
- package/dist/lib/graph/errors.js +13 -18
- package/dist/lib/graph/errors.js.map +1 -1
- package/dist/lib/graph/graph-factory.d.ts +12 -53
- package/dist/lib/graph/graph-factory.d.ts.map +1 -1
- package/dist/lib/graph/graph-factory.js +67 -162
- package/dist/lib/graph/graph-factory.js.map +1 -1
- package/dist/lib/graph/graph-service.d.ts +1 -1
- package/dist/lib/graph/graph-service.d.ts.map +1 -1
- package/dist/lib/graph/graph-service.js +1 -2
- package/dist/lib/graph/graph-service.js.map +1 -1
- package/dist/lib/graph/index.d.ts +10 -14
- package/dist/lib/graph/index.d.ts.map +1 -1
- package/dist/lib/graph/index.js +12 -46
- package/dist/lib/graph/index.js.map +1 -1
- package/dist/lib/graph/postgres/_shared.d.ts +18 -0
- package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
- package/dist/lib/graph/postgres/_shared.js +24 -0
- package/dist/lib/graph/postgres/_shared.js.map +1 -0
- package/dist/lib/graph/postgres/circles.d.ts +66 -0
- package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
- package/dist/lib/graph/postgres/circles.js +513 -0
- package/dist/lib/graph/postgres/circles.js.map +1 -0
- package/dist/lib/graph/postgres/discovery.d.ts +165 -0
- package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
- package/dist/lib/graph/postgres/discovery.js +579 -0
- package/dist/lib/graph/postgres/discovery.js.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.js +304 -0
- package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.js +162 -0
- package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
- package/dist/lib/graph/postgres/relationships.d.ts +58 -0
- package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/relationships.js +314 -0
- package/dist/lib/graph/postgres/relationships.js.map +1 -0
- package/dist/lib/graph/postgres/scoring.d.ts +74 -0
- package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
- package/dist/lib/graph/postgres/scoring.js +297 -0
- package/dist/lib/graph/postgres/scoring.js.map +1 -0
- package/dist/lib/graph/postgres/sync.d.ts +149 -0
- package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
- package/dist/lib/graph/postgres/sync.js +269 -0
- package/dist/lib/graph/postgres/sync.js.map +1 -0
- package/dist/lib/graph/scoring-engine.d.ts +7 -1
- package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
- package/dist/lib/graph/scoring-engine.js +29 -35
- package/dist/lib/graph/scoring-engine.js.map +1 -1
- package/dist/lib/graph/types.d.ts +18 -1
- package/dist/lib/graph/types.d.ts.map +1 -1
- package/dist/lib/graph/types.js +1 -2
- package/dist/lib/graph/types.js.map +1 -1
- package/dist/lib/hook-dispatcher.d.ts +1 -1
- package/dist/lib/hook-dispatcher.d.ts.map +1 -1
- package/dist/lib/hook-dispatcher.js +8 -12
- package/dist/lib/hook-dispatcher.js.map +1 -1
- package/dist/lib/input-sanitizer.js +1 -5
- package/dist/lib/input-sanitizer.js.map +1 -1
- package/dist/lib/internal-docs-handler.d.ts +2 -2
- package/dist/lib/internal-docs-handler.d.ts.map +1 -1
- package/dist/lib/internal-docs-handler.js +20 -28
- package/dist/lib/internal-docs-handler.js.map +1 -1
- package/dist/lib/internal-docs-navigation.js +2 -6
- package/dist/lib/internal-docs-navigation.js.map +1 -1
- package/dist/lib/invitation-handler.d.ts +2 -2
- package/dist/lib/invitation-handler.d.ts.map +1 -1
- package/dist/lib/invitation-handler.js +41 -82
- package/dist/lib/invitation-handler.js.map +1 -1
- package/dist/lib/ip-scrubber.js +3 -8
- package/dist/lib/ip-scrubber.js.map +1 -1
- package/dist/lib/link-security-handler.d.ts +3 -2
- package/dist/lib/link-security-handler.d.ts.map +1 -1
- package/dist/lib/link-security-handler.js +8 -44
- package/dist/lib/link-security-handler.js.map +1 -1
- package/dist/lib/logger.d.ts +31 -82
- package/dist/lib/logger.d.ts.map +1 -1
- package/dist/lib/logger.js +43 -185
- package/dist/lib/logger.js.map +1 -1
- package/dist/lib/media-cleanup-handler.d.ts +2 -2
- package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
- package/dist/lib/media-cleanup-handler.js +7 -11
- package/dist/lib/media-cleanup-handler.js.map +1 -1
- package/dist/lib/media-handler.d.ts +1 -1
- package/dist/lib/media-handler.d.ts.map +1 -1
- package/dist/lib/media-handler.js +36 -73
- package/dist/lib/media-handler.js.map +1 -1
- package/dist/lib/media-metadata-extractor.d.ts +1 -1
- package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
- package/dist/lib/media-metadata-extractor.js +3 -7
- package/dist/lib/media-metadata-extractor.js.map +1 -1
- package/dist/lib/media-metrics.d.ts +2 -2
- package/dist/lib/media-metrics.d.ts.map +1 -1
- package/dist/lib/media-metrics.js +3 -7
- package/dist/lib/media-metrics.js.map +1 -1
- package/dist/lib/metadata/index.d.ts +5 -5
- package/dist/lib/metadata/index.d.ts.map +1 -1
- package/dist/lib/metadata/index.js +5 -21
- package/dist/lib/metadata/index.js.map +1 -1
- package/dist/lib/metadata/metadata-config.js +2 -5
- package/dist/lib/metadata/metadata-config.js.map +1 -1
- package/dist/lib/metadata/metadata-errors.js +2 -7
- package/dist/lib/metadata/metadata-errors.js.map +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-extractor.js +42 -82
- package/dist/lib/metadata/metadata-extractor.js.map +1 -1
- package/dist/lib/metadata/metadata-sanitizer.js +17 -24
- package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
- package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
- package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-schemas.js +31 -34
- package/dist/lib/metadata/metadata-schemas.js.map +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
- package/dist/lib/mfa/mfa-handler.js +13 -17
- package/dist/lib/mfa/mfa-handler.js.map +1 -1
- package/dist/lib/mfa/totp-service.js +8 -18
- package/dist/lib/mfa/totp-service.js.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.js +7 -10
- package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
- package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
- package/dist/lib/middleware/idempotency-store.js +20 -26
- package/dist/lib/middleware/idempotency-store.js.map +1 -1
- package/dist/lib/middleware/idempotency.d.ts +2 -2
- package/dist/lib/middleware/idempotency.d.ts.map +1 -1
- package/dist/lib/middleware/idempotency.js +12 -50
- package/dist/lib/middleware/idempotency.js.map +1 -1
- package/dist/lib/middleware.d.ts +22 -9
- package/dist/lib/middleware.d.ts.map +1 -1
- package/dist/lib/middleware.js +72 -153
- package/dist/lib/middleware.js.map +1 -1
- package/dist/lib/moderation-handler.d.ts +1 -1
- package/dist/lib/moderation-handler.d.ts.map +1 -1
- package/dist/lib/moderation-handler.js +15 -54
- package/dist/lib/moderation-handler.js.map +1 -1
- package/dist/lib/net/trusted-client-ip.d.ts +8 -30
- package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
- package/dist/lib/net/trusted-client-ip.js +13 -94
- package/dist/lib/net/trusted-client-ip.js.map +1 -1
- package/dist/lib/notification-handler.d.ts +1 -1
- package/dist/lib/notification-handler.d.ts.map +1 -1
- package/dist/lib/notification-handler.js +10 -15
- package/dist/lib/notification-handler.js.map +1 -1
- package/dist/lib/notification-preferences-handler.d.ts +1 -1
- package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
- package/dist/lib/notification-preferences-handler.js +7 -11
- package/dist/lib/notification-preferences-handler.js.map +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
- package/dist/lib/oauth/cognito-issuer.js +5 -10
- package/dist/lib/oauth/cognito-issuer.js.map +1 -1
- package/dist/lib/oauth/device-authorization.d.ts +1 -1
- package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
- package/dist/lib/oauth/device-authorization.js +62 -77
- package/dist/lib/oauth/device-authorization.js.map +1 -1
- package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
- package/dist/lib/oauth/envelope-crypto.js +22 -34
- package/dist/lib/oauth/envelope-crypto.js.map +1 -1
- package/dist/lib/oauth/refresh-detection.js +42 -52
- package/dist/lib/oauth/refresh-detection.js.map +1 -1
- package/dist/lib/openai-budget.d.ts.map +1 -1
- package/dist/lib/openai-budget.js +7 -44
- package/dist/lib/openai-budget.js.map +1 -1
- package/dist/lib/openapi/generator.d.ts +1 -1
- package/dist/lib/openapi/generator.d.ts.map +1 -1
- package/dist/lib/openapi/generator.js +2 -6
- package/dist/lib/openapi/generator.js.map +1 -1
- package/dist/lib/orphaned-media-handler.d.ts +1 -1
- package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
- package/dist/lib/orphaned-media-handler.js +9 -46
- package/dist/lib/orphaned-media-handler.js.map +1 -1
- package/dist/lib/parental-control-handler.d.ts +2 -2
- package/dist/lib/parental-control-handler.d.ts.map +1 -1
- package/dist/lib/parental-control-handler.js +18 -55
- package/dist/lib/parental-control-handler.js.map +1 -1
- package/dist/lib/parental-link-handler.d.ts +8 -8
- package/dist/lib/parental-link-handler.d.ts.map +1 -1
- package/dist/lib/parental-link-handler.js +10 -14
- package/dist/lib/parental-link-handler.js.map +1 -1
- package/dist/lib/performance-metrics.d.ts +1 -1
- package/dist/lib/performance-metrics.d.ts.map +1 -1
- package/dist/lib/performance-metrics.js +3 -6
- package/dist/lib/performance-metrics.js.map +1 -1
- package/dist/lib/post-handler.d.ts +9 -9
- package/dist/lib/post-handler.d.ts.map +1 -1
- package/dist/lib/post-handler.js +67 -101
- package/dist/lib/post-handler.js.map +1 -1
- package/dist/lib/privacy-defaults.js +3 -8
- package/dist/lib/privacy-defaults.js.map +1 -1
- package/dist/lib/privacy-handler.d.ts +2 -2
- package/dist/lib/privacy-handler.d.ts.map +1 -1
- package/dist/lib/privacy-handler.js +6 -10
- package/dist/lib/privacy-handler.js.map +1 -1
- package/dist/lib/pseudonym.d.ts +56 -0
- package/dist/lib/pseudonym.d.ts.map +1 -0
- package/dist/lib/pseudonym.js +85 -0
- package/dist/lib/pseudonym.js.map +1 -0
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
- package/dist/lib/quiet-hours.js +2 -6
- package/dist/lib/quiet-hours.js.map +1 -1
- package/dist/lib/rate-limit.d.ts +58 -47
- package/dist/lib/rate-limit.d.ts.map +1 -1
- package/dist/lib/rate-limit.js +168 -157
- package/dist/lib/rate-limit.js.map +1 -1
- package/dist/lib/reaction-handler.d.ts +10 -10
- package/dist/lib/reaction-handler.d.ts.map +1 -1
- package/dist/lib/reaction-handler.js +44 -80
- package/dist/lib/reaction-handler.js.map +1 -1
- package/dist/lib/recaptcha.js +6 -9
- package/dist/lib/recaptcha.js.map +1 -1
- package/dist/lib/redirect-resolver.d.ts +2 -2
- package/dist/lib/redirect-resolver.d.ts.map +1 -1
- package/dist/lib/redirect-resolver.js +5 -9
- package/dist/lib/redirect-resolver.js.map +1 -1
- package/dist/lib/region-config.d.ts +3 -3
- package/dist/lib/region-config.d.ts.map +1 -1
- package/dist/lib/region-config.js +15 -58
- package/dist/lib/region-config.js.map +1 -1
- package/dist/lib/region-detection.d.ts +55 -24
- package/dist/lib/region-detection.d.ts.map +1 -1
- package/dist/lib/region-detection.js +140 -199
- package/dist/lib/region-detection.js.map +1 -1
- package/dist/lib/region-registry.d.ts +49 -0
- package/dist/lib/region-registry.d.ts.map +1 -0
- package/dist/lib/region-registry.js +112 -0
- package/dist/lib/region-registry.js.map +1 -0
- package/dist/lib/relationship-handler.d.ts +9 -9
- package/dist/lib/relationship-handler.d.ts.map +1 -1
- package/dist/lib/relationship-handler.js +12 -49
- package/dist/lib/relationship-handler.js.map +1 -1
- package/dist/lib/request-context.d.ts +16 -16
- package/dist/lib/request-context.d.ts.map +1 -1
- package/dist/lib/request-context.js +14 -22
- package/dist/lib/request-context.js.map +1 -1
- package/dist/lib/route-helpers.d.ts +3 -4
- package/dist/lib/route-helpers.d.ts.map +1 -1
- package/dist/lib/route-helpers.js +20 -75
- package/dist/lib/route-helpers.js.map +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/actor.js +20 -23
- package/dist/lib/routes/activitypub/actor.js.map +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/audiences.js +76 -80
- package/dist/lib/routes/activitypub/audiences.js.map +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/collections.js +24 -26
- package/dist/lib/routes/activitypub/collections.js.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.js +36 -39
- package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/friends.js +9 -12
- package/dist/lib/routes/activitypub/friends.js.map +1 -1
- package/dist/lib/routes/activitypub/group.d.ts +1 -1
- package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/group.js +91 -94
- package/dist/lib/routes/activitypub/group.js.map +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/inbox.js +30 -33
- package/dist/lib/routes/activitypub/inbox.js.map +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/messages.js +79 -83
- package/dist/lib/routes/activitypub/messages.js.map +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/outbox.js +9 -12
- package/dist/lib/routes/activitypub/outbox.js.map +1 -1
- package/dist/lib/routes/activitypub/post.d.ts +1 -1
- package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/post.js +32 -35
- package/dist/lib/routes/activitypub/post.js.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.js +5 -8
- package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
- package/dist/lib/routes/admin-costs.d.ts +1 -1
- package/dist/lib/routes/admin-costs.d.ts.map +1 -1
- package/dist/lib/routes/admin-costs.js +22 -26
- package/dist/lib/routes/admin-costs.js.map +1 -1
- package/dist/lib/routes/admin.d.ts +1 -1
- package/dist/lib/routes/admin.d.ts.map +1 -1
- package/dist/lib/routes/admin.js +290 -269
- package/dist/lib/routes/admin.js.map +1 -1
- package/dist/lib/routes/agent-authorize.d.ts +5 -5
- package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
- package/dist/lib/routes/agent-authorize.js +68 -74
- package/dist/lib/routes/agent-authorize.js.map +1 -1
- package/dist/lib/routes/agent-sessions.d.ts +4 -4
- package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
- package/dist/lib/routes/agent-sessions.js +30 -35
- package/dist/lib/routes/agent-sessions.js.map +1 -1
- package/dist/lib/routes/agent-surface.d.ts +2 -2
- package/dist/lib/routes/agent-surface.d.ts.map +1 -1
- package/dist/lib/routes/agent-surface.js +20 -24
- package/dist/lib/routes/agent-surface.js.map +1 -1
- package/dist/lib/routes/auth-discover.d.ts +1 -1
- package/dist/lib/routes/auth-discover.d.ts.map +1 -1
- package/dist/lib/routes/auth-discover.js +20 -56
- package/dist/lib/routes/auth-discover.js.map +1 -1
- package/dist/lib/routes/auth.d.ts +1 -1
- package/dist/lib/routes/auth.d.ts.map +1 -1
- package/dist/lib/routes/auth.js +13 -16
- package/dist/lib/routes/auth.js.map +1 -1
- package/dist/lib/routes/badges.d.ts +1 -1
- package/dist/lib/routes/badges.d.ts.map +1 -1
- package/dist/lib/routes/badges.js +20 -23
- package/dist/lib/routes/badges.js.map +1 -1
- package/dist/lib/routes/circles.d.ts +1 -1
- package/dist/lib/routes/circles.d.ts.map +1 -1
- package/dist/lib/routes/circles.js +40 -44
- package/dist/lib/routes/circles.js.map +1 -1
- package/dist/lib/routes/comments.d.ts +1 -1
- package/dist/lib/routes/comments.d.ts.map +1 -1
- package/dist/lib/routes/comments.js +67 -71
- package/dist/lib/routes/comments.js.map +1 -1
- package/dist/lib/routes/connection-codes.d.ts +1 -1
- package/dist/lib/routes/connection-codes.d.ts.map +1 -1
- package/dist/lib/routes/connection-codes.js +30 -34
- package/dist/lib/routes/connection-codes.js.map +1 -1
- package/dist/lib/routes/content-discovery.d.ts +1 -1
- package/dist/lib/routes/content-discovery.d.ts.map +1 -1
- package/dist/lib/routes/content-discovery.js +31 -34
- package/dist/lib/routes/content-discovery.js.map +1 -1
- package/dist/lib/routes/dashboard.d.ts +1 -1
- package/dist/lib/routes/dashboard.d.ts.map +1 -1
- package/dist/lib/routes/dashboard.js +251 -288
- package/dist/lib/routes/dashboard.js.map +1 -1
- package/dist/lib/routes/deletion.d.ts +1 -1
- package/dist/lib/routes/deletion.d.ts.map +1 -1
- package/dist/lib/routes/deletion.js +37 -74
- package/dist/lib/routes/deletion.js.map +1 -1
- package/dist/lib/routes/discovery.d.ts +1 -1
- package/dist/lib/routes/discovery.d.ts.map +1 -1
- package/dist/lib/routes/discovery.js +20 -24
- package/dist/lib/routes/discovery.js.map +1 -1
- package/dist/lib/routes/employees.d.ts +1 -1
- package/dist/lib/routes/employees.d.ts.map +1 -1
- package/dist/lib/routes/employees.js +15 -52
- package/dist/lib/routes/employees.js.map +1 -1
- package/dist/lib/routes/entities.d.ts +1 -1
- package/dist/lib/routes/entities.d.ts.map +1 -1
- package/dist/lib/routes/entities.js +133 -137
- package/dist/lib/routes/entities.js.map +1 -1
- package/dist/lib/routes/entity-relationships.d.ts +1 -1
- package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
- package/dist/lib/routes/entity-relationships.js +35 -39
- package/dist/lib/routes/entity-relationships.js.map +1 -1
- package/dist/lib/routes/errors.d.ts +1 -1
- package/dist/lib/routes/errors.d.ts.map +1 -1
- package/dist/lib/routes/errors.js +4 -10
- package/dist/lib/routes/errors.js.map +1 -1
- package/dist/lib/routes/export.d.ts +1 -1
- package/dist/lib/routes/export.d.ts.map +1 -1
- package/dist/lib/routes/export.js +31 -35
- package/dist/lib/routes/export.js.map +1 -1
- package/dist/lib/routes/feature-flags.d.ts +1 -1
- package/dist/lib/routes/feature-flags.d.ts.map +1 -1
- package/dist/lib/routes/feature-flags.js +20 -23
- package/dist/lib/routes/feature-flags.js.map +1 -1
- package/dist/lib/routes/feeds.d.ts +1 -1
- package/dist/lib/routes/feeds.d.ts.map +1 -1
- package/dist/lib/routes/feeds.js +42 -46
- package/dist/lib/routes/feeds.js.map +1 -1
- package/dist/lib/routes/friends.d.ts +1 -1
- package/dist/lib/routes/friends.d.ts.map +1 -1
- package/dist/lib/routes/friends.js +35 -39
- package/dist/lib/routes/friends.js.map +1 -1
- package/dist/lib/routes/health.d.ts +1 -1
- package/dist/lib/routes/health.d.ts.map +1 -1
- package/dist/lib/routes/health.js +23 -27
- package/dist/lib/routes/health.js.map +1 -1
- package/dist/lib/routes/index.d.ts +2 -7
- package/dist/lib/routes/index.d.ts.map +1 -1
- package/dist/lib/routes/index.js +137 -158
- package/dist/lib/routes/index.js.map +1 -1
- package/dist/lib/routes/internal-docs.d.ts +1 -1
- package/dist/lib/routes/internal-docs.d.ts.map +1 -1
- package/dist/lib/routes/internal-docs.js +13 -16
- package/dist/lib/routes/internal-docs.js.map +1 -1
- package/dist/lib/routes/invitations.d.ts +1 -1
- package/dist/lib/routes/invitations.d.ts.map +1 -1
- package/dist/lib/routes/invitations.js +19 -22
- package/dist/lib/routes/invitations.js.map +1 -1
- package/dist/lib/routes/link-reports.d.ts +2 -2
- package/dist/lib/routes/link-reports.d.ts.map +1 -1
- package/dist/lib/routes/link-reports.js +86 -48
- package/dist/lib/routes/link-reports.js.map +1 -1
- package/dist/lib/routes/map.d.ts +1 -1
- package/dist/lib/routes/map.d.ts.map +1 -1
- package/dist/lib/routes/map.js +5 -8
- package/dist/lib/routes/map.js.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.js +30 -67
- package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
- package/dist/lib/routes/media.d.ts +1 -1
- package/dist/lib/routes/media.d.ts.map +1 -1
- package/dist/lib/routes/media.js +156 -193
- package/dist/lib/routes/media.js.map +1 -1
- package/dist/lib/routes/mfa.d.ts +1 -1
- package/dist/lib/routes/mfa.d.ts.map +1 -1
- package/dist/lib/routes/mfa.js +60 -64
- package/dist/lib/routes/mfa.js.map +1 -1
- package/dist/lib/routes/notifications.d.ts +1 -1
- package/dist/lib/routes/notifications.d.ts.map +1 -1
- package/dist/lib/routes/notifications.js +68 -72
- package/dist/lib/routes/notifications.js.map +1 -1
- package/dist/lib/routes/oauth.d.ts +1 -1
- package/dist/lib/routes/oauth.d.ts.map +1 -1
- package/dist/lib/routes/oauth.js +20 -23
- package/dist/lib/routes/oauth.js.map +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media-health.js +10 -13
- package/dist/lib/routes/orphaned-media-health.js.map +1 -1
- package/dist/lib/routes/orphaned-media.d.ts +1 -1
- package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media.js +20 -57
- package/dist/lib/routes/orphaned-media.js.map +1 -1
- package/dist/lib/routes/out.d.ts +1 -1
- package/dist/lib/routes/out.d.ts.map +1 -1
- package/dist/lib/routes/out.js +21 -24
- package/dist/lib/routes/out.js.map +1 -1
- package/dist/lib/routes/parental-controls.d.ts +1 -1
- package/dist/lib/routes/parental-controls.d.ts.map +1 -1
- package/dist/lib/routes/parental-controls.js +91 -95
- package/dist/lib/routes/parental-controls.js.map +1 -1
- package/dist/lib/routes/posts.d.ts +1 -1
- package/dist/lib/routes/posts.d.ts.map +1 -1
- package/dist/lib/routes/posts.js +101 -105
- package/dist/lib/routes/posts.js.map +1 -1
- package/dist/lib/routes/privacy.d.ts +1 -1
- package/dist/lib/routes/privacy.d.ts.map +1 -1
- package/dist/lib/routes/privacy.js +21 -25
- package/dist/lib/routes/privacy.js.map +1 -1
- package/dist/lib/routes/products.d.ts +1 -1
- package/dist/lib/routes/products.d.ts.map +1 -1
- package/dist/lib/routes/products.js +44 -48
- package/dist/lib/routes/products.js.map +1 -1
- package/dist/lib/routes/relationships.d.ts +1 -1
- package/dist/lib/routes/relationships.d.ts.map +1 -1
- package/dist/lib/routes/relationships.js +35 -39
- package/dist/lib/routes/relationships.js.map +1 -1
- package/dist/lib/routes/sentiments.d.ts +1 -1
- package/dist/lib/routes/sentiments.d.ts.map +1 -1
- package/dist/lib/routes/sentiments.js +71 -75
- package/dist/lib/routes/sentiments.js.map +1 -1
- package/dist/lib/routes/setup-status.d.ts +1 -1
- package/dist/lib/routes/setup-status.d.ts.map +1 -1
- package/dist/lib/routes/setup-status.js +17 -20
- package/dist/lib/routes/setup-status.js.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.js +29 -33
- package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
- package/dist/lib/routes/taxonomy.d.ts +1 -1
- package/dist/lib/routes/taxonomy.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy.js +48 -51
- package/dist/lib/routes/taxonomy.js.map +1 -1
- package/dist/lib/routes/tenant-audit.d.ts +1 -1
- package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
- package/dist/lib/routes/tenant-audit.js +35 -92
- package/dist/lib/routes/tenant-audit.js.map +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
- package/dist/lib/routes/tenant-compliance.js +16 -52
- package/dist/lib/routes/tenant-compliance.js.map +1 -1
- package/dist/lib/routes/tenant-domains.d.ts +1 -1
- package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
- package/dist/lib/routes/tenant-domains.js +27 -30
- package/dist/lib/routes/tenant-domains.js.map +1 -1
- package/dist/lib/routes/tenant-idp.d.ts +1 -1
- package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
- package/dist/lib/routes/tenant-idp.js +27 -30
- package/dist/lib/routes/tenant-idp.js.map +1 -1
- package/dist/lib/routes/tenant-members.d.ts +1 -1
- package/dist/lib/routes/tenant-members.d.ts.map +1 -1
- package/dist/lib/routes/tenant-members.js +21 -24
- package/dist/lib/routes/tenant-members.js.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.js +27 -30
- package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
- package/dist/lib/routes/tenants.d.ts +1 -1
- package/dist/lib/routes/tenants.d.ts.map +1 -1
- package/dist/lib/routes/tenants.js +37 -40
- package/dist/lib/routes/tenants.js.map +1 -1
- package/dist/lib/routes/types.d.ts +10 -5
- package/dist/lib/routes/types.d.ts.map +1 -1
- package/dist/lib/routes/types.js +1 -2
- package/dist/lib/routes/types.js.map +1 -1
- package/dist/lib/routes/upload-sessions.d.ts +1 -1
- package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
- package/dist/lib/routes/upload-sessions.js +57 -94
- package/dist/lib/routes/upload-sessions.js.map +1 -1
- package/dist/lib/routes/user.d.ts +1 -1
- package/dist/lib/routes/user.d.ts.map +1 -1
- package/dist/lib/routes/user.js +137 -85
- package/dist/lib/routes/user.js.map +1 -1
- package/dist/lib/routes.d.ts +2 -2
- package/dist/lib/routes.d.ts.map +1 -1
- package/dist/lib/routes.js +2 -7
- package/dist/lib/routes.js.map +1 -1
- package/dist/lib/scaling-health.d.ts.map +1 -1
- package/dist/lib/scaling-health.js +6 -9
- package/dist/lib/scaling-health.js.map +1 -1
- package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
- package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
- package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
- package/dist/lib/schemas.d.ts +85 -204
- package/dist/lib/schemas.d.ts.map +1 -1
- package/dist/lib/schemas.js +71 -74
- package/dist/lib/schemas.js.map +1 -1
- package/dist/lib/secrets/idp-secrets.d.ts +1 -1
- package/dist/lib/secrets/idp-secrets.js +13 -19
- package/dist/lib/secrets/idp-secrets.js.map +1 -1
- package/dist/lib/security-event-cleaner.js +1 -5
- package/dist/lib/security-event-cleaner.js.map +1 -1
- package/dist/lib/security-headers.js +1 -5
- package/dist/lib/security-headers.js.map +1 -1
- package/dist/lib/security-monitor.d.ts +4 -2
- package/dist/lib/security-monitor.d.ts.map +1 -1
- package/dist/lib/security-monitor.js +16 -18
- package/dist/lib/security-monitor.js.map +1 -1
- package/dist/lib/sentiment-digest.d.ts +1 -1
- package/dist/lib/sentiment-digest.d.ts.map +1 -1
- package/dist/lib/sentiment-digest.js +5 -8
- package/dist/lib/sentiment-digest.js.map +1 -1
- package/dist/lib/sentiment-display.js +3 -7
- package/dist/lib/sentiment-display.js.map +1 -1
- package/dist/lib/services/image-normalizer.js +1 -5
- package/dist/lib/services/image-normalizer.js.map +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
- package/dist/lib/services/media-reconciliation-service.js +7 -11
- package/dist/lib/services/media-reconciliation-service.js.map +1 -1
- package/dist/lib/services/media-upload-service.d.ts +1 -1
- package/dist/lib/services/media-upload-service.d.ts.map +1 -1
- package/dist/lib/services/media-upload-service.js +4 -8
- package/dist/lib/services/media-upload-service.js.map +1 -1
- package/dist/lib/services/user-data-deletion.d.ts +45 -2
- package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
- package/dist/lib/services/user-data-deletion.js +87 -9
- package/dist/lib/services/user-data-deletion.js.map +1 -1
- package/dist/lib/session-awareness.js +2 -6
- package/dist/lib/session-awareness.js.map +1 -1
- package/dist/lib/session-config.js +8 -17
- package/dist/lib/session-config.js.map +1 -1
- package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
- package/dist/lib/session-cookie.d.ts.map +1 -0
- package/dist/lib/session-cookie.js +0 -0
- package/dist/lib/session-cookie.js.map +1 -0
- package/dist/lib/signup-metadata.d.ts +129 -0
- package/dist/lib/signup-metadata.d.ts.map +1 -0
- package/dist/lib/signup-metadata.js +127 -0
- package/dist/lib/signup-metadata.js.map +1 -0
- package/dist/lib/sso-auth-handler.js +1 -5
- package/dist/lib/sso-auth-handler.js.map +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
- package/dist/lib/tag-suggestions-handler.js +1 -5
- package/dist/lib/tag-suggestions-handler.js.map +1 -1
- package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
- package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler-factory.js +7 -10
- package/dist/lib/taxonomy-handler-factory.js.map +1 -1
- package/dist/lib/taxonomy-handler.d.ts +2 -2
- package/dist/lib/taxonomy-handler.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler.js +8 -8
- package/dist/lib/taxonomy-handler.js.map +1 -1
- package/dist/lib/taxonomy-metrics.js +5 -9
- package/dist/lib/taxonomy-metrics.js.map +1 -1
- package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
- package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
- package/dist/lib/taxonomy-search-metrics.js +3 -7
- package/dist/lib/taxonomy-search-metrics.js.map +1 -1
- package/dist/lib/tenant/audit-emit.d.ts +18 -8
- package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
- package/dist/lib/tenant/audit-emit.js +50 -11
- package/dist/lib/tenant/audit-emit.js.map +1 -1
- package/dist/lib/tenant/derive-domain.js +1 -4
- package/dist/lib/tenant/derive-domain.js.map +1 -1
- package/dist/lib/tenant/domain-handler.d.ts +2 -2
- package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
- package/dist/lib/tenant/domain-handler.js +50 -62
- package/dist/lib/tenant/domain-handler.js.map +1 -1
- package/dist/lib/tenant/domain-validator.d.ts +1 -1
- package/dist/lib/tenant/domain-validator.js +10 -13
- package/dist/lib/tenant/domain-validator.js.map +1 -1
- package/dist/lib/tenant/domain-verifier.d.ts +3 -3
- package/dist/lib/tenant/domain-verifier.js +8 -11
- package/dist/lib/tenant/domain-verifier.js.map +1 -1
- package/dist/lib/tenant/idp-handler.d.ts +4 -4
- package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
- package/dist/lib/tenant/idp-handler.js +45 -82
- package/dist/lib/tenant/idp-handler.js.map +1 -1
- package/dist/lib/tenant/idp-name.js +1 -4
- package/dist/lib/tenant/idp-name.js.map +1 -1
- package/dist/lib/tenant/member-handler.d.ts +2 -2
- package/dist/lib/tenant/member-handler.d.ts.map +1 -1
- package/dist/lib/tenant/member-handler.js +30 -67
- package/dist/lib/tenant/member-handler.js.map +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
- package/dist/lib/tenant/reserved-slugs.js +8 -14
- package/dist/lib/tenant/reserved-slugs.js.map +1 -1
- package/dist/lib/tenant/resolve-role.js +1 -4
- package/dist/lib/tenant/resolve-role.js.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
- package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.js +24 -61
- package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
- package/dist/lib/tenant/setup-status.d.ts +1 -1
- package/dist/lib/tenant/setup-status.d.ts.map +1 -1
- package/dist/lib/tenant/setup-status.js +3 -40
- package/dist/lib/tenant/setup-status.js.map +1 -1
- package/dist/lib/tenant/slug-validator.js +3 -6
- package/dist/lib/tenant/slug-validator.js.map +1 -1
- package/dist/lib/tenant/tenant-handler.d.ts +2 -2
- package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
- package/dist/lib/tenant/tenant-handler.js +31 -68
- package/dist/lib/tenant/tenant-handler.js.map +1 -1
- package/dist/lib/tenant/transfer-ownership.js +2 -6
- package/dist/lib/tenant/transfer-ownership.js.map +1 -1
- package/dist/lib/tenant-scope.d.ts +97 -0
- package/dist/lib/tenant-scope.d.ts.map +1 -0
- package/dist/lib/tenant-scope.js +270 -0
- package/dist/lib/tenant-scope.js.map +1 -0
- package/dist/lib/terminology.d.ts.map +1 -1
- package/dist/lib/terminology.js +7 -9
- package/dist/lib/terminology.js.map +1 -1
- package/dist/lib/theme.js +2 -6
- package/dist/lib/theme.js.map +1 -1
- package/dist/lib/threat-intel-service.d.ts +2 -2
- package/dist/lib/threat-intel-service.d.ts.map +1 -1
- package/dist/lib/threat-intel-service.js +3 -7
- package/dist/lib/threat-intel-service.js.map +1 -1
- package/dist/lib/types/media-reconciliation.js +1 -2
- package/dist/lib/types/media-reconciliation.js.map +1 -1
- package/dist/lib/upload-session-handler.d.ts +1 -1
- package/dist/lib/upload-session-handler.d.ts.map +1 -1
- package/dist/lib/upload-session-handler.js +13 -50
- package/dist/lib/upload-session-handler.js.map +1 -1
- package/dist/lib/user/derive-handle.js +2 -6
- package/dist/lib/user/derive-handle.js.map +1 -1
- package/dist/lib/user-badge.js +6 -14
- package/dist/lib/user-badge.js.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
- package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.js +16 -53
- package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
- package/dist/lib/user-deprovisioning.d.ts +1 -1
- package/dist/lib/user-deprovisioning.d.ts.map +1 -1
- package/dist/lib/user-deprovisioning.js +16 -20
- package/dist/lib/user-deprovisioning.js.map +1 -1
- package/dist/lib/user-export-handler.d.ts +4 -4
- package/dist/lib/user-export-handler.d.ts.map +1 -1
- package/dist/lib/user-export-handler.js +11 -15
- package/dist/lib/user-export-handler.js.map +1 -1
- package/dist/lib/validate-request.js +8 -13
- package/dist/lib/validate-request.js.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
- package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.js +50 -59
- package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
- package/dist/lib/validation/validate-request.d.ts.map +1 -1
- package/dist/lib/validation/validate-request.js +12 -23
- package/dist/lib/validation/validate-request.js.map +1 -1
- package/dist/lib/validation.js +1 -5
- package/dist/lib/validation.js.map +1 -1
- package/dist/lib/version.js +3 -8
- package/dist/lib/version.js.map +1 -1
- package/dist/server.d.ts +1 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +29 -69
- package/dist/server.js.map +1 -1
- package/dist/types/cloudflare-compat.d.ts +3 -93
- package/dist/types/cloudflare-compat.d.ts.map +1 -1
- package/dist/types/cloudflare-compat.js +1 -2
- package/dist/types/cloudflare-compat.js.map +1 -1
- package/dist/worker.d.ts +6 -6
- package/dist/worker.d.ts.map +1 -1
- package/dist/worker.js +6 -13
- package/dist/worker.js.map +1 -1
- package/package.json +30 -17
- package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
- package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
- package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
- package/prisma/schema.prisma +419 -68
- package/src/lambda/cleanup-cron.ts +10 -7
- package/src/lambda/create-auth-challenge.ts +6 -3
- package/src/lambda/delete-account-worker.ts +17 -12
- package/src/lambda/diagnostics-proxy.ts +9 -6
- package/src/lambda/e2e-sweeper.ts +17 -23
- package/src/lambda/federation-outbox-worker.ts +4 -1
- package/src/lambda/followers-events-worker.ts +4 -1
- package/src/lambda/hourly-cron.ts +112 -20
- package/src/lambda/link-check-worker.ts +4 -1
- package/src/lambda/maintenance-cron.ts +24 -13
- package/src/lambda/media-processing-worker.ts +5 -2
- package/src/lambda/media-reconciliation-worker.ts +4 -1
- package/src/lambda/nightly-cron.ts +53 -54
- package/src/lambda/post-confirmation.ts +188 -62
- package/src/lambda/pre-token-generation.ts +39 -44
- package/src/lambda/verify-auth-challenge.ts +4 -1
- package/dist/lib/audit/emit.d.ts +0 -56
- package/dist/lib/audit/emit.d.ts.map +0 -1
- package/dist/lib/audit/emit.js +0 -124
- package/dist/lib/audit/emit.js.map +0 -1
- package/dist/lib/audit/event-types.d.ts +0 -36
- package/dist/lib/audit/event-types.d.ts.map +0 -1
- package/dist/lib/audit/event-types.js +0 -69
- package/dist/lib/audit/event-types.js.map +0 -1
- package/dist/lib/audit-logger.d.ts +0 -142
- package/dist/lib/audit-logger.d.ts.map +0 -1
- package/dist/lib/audit-logger.js +0 -326
- package/dist/lib/audit-logger.js.map +0 -1
- package/dist/lib/circuit-breaker.d.ts +0 -27
- package/dist/lib/circuit-breaker.d.ts.map +0 -1
- package/dist/lib/circuit-breaker.js +0 -63
- package/dist/lib/circuit-breaker.js.map +0 -1
- package/dist/lib/graph/dual-write-service.d.ts +0 -116
- package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
- package/dist/lib/graph/dual-write-service.js +0 -332
- package/dist/lib/graph/dual-write-service.js.map +0 -1
- package/dist/lib/graph/dual-write.d.ts +0 -396
- package/dist/lib/graph/dual-write.d.ts.map +0 -1
- package/dist/lib/graph/dual-write.js +0 -53
- package/dist/lib/graph/dual-write.js.map +0 -1
- package/dist/lib/graph/graph-schema-init.d.ts +0 -31
- package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
- package/dist/lib/graph/graph-schema-init.js +0 -105
- package/dist/lib/graph/graph-schema-init.js.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
- package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.js +0 -1625
- package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
- package/dist/lib/graph/reconciliation-service.d.ts +0 -113
- package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
- package/dist/lib/graph/reconciliation-service.js +0 -533
- package/dist/lib/graph/reconciliation-service.js.map +0 -1
- package/dist/lib/id-generator.d.ts +0 -29
- package/dist/lib/id-generator.d.ts.map +0 -1
- package/dist/lib/id-generator.js +0 -51
- package/dist/lib/id-generator.js.map +0 -1
- package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
- package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
- package/dist/lib/kv/dynamodb-kv.js +0 -239
- package/dist/lib/kv/dynamodb-kv.js.map +0 -1
- package/dist/lib/queue/sqs-queue.d.ts +0 -16
- package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
- package/dist/lib/queue/sqs-queue.js +0 -39
- package/dist/lib/queue/sqs-queue.js.map +0 -1
- package/dist/lib/route-matcher.d.ts +0 -24
- package/dist/lib/route-matcher.d.ts.map +0 -1
- package/dist/lib/route-matcher.js +0 -96
- package/dist/lib/route-matcher.js.map +0 -1
- package/dist/lib/router.d.ts +0 -26
- package/dist/lib/router.d.ts.map +0 -1
- package/dist/lib/router.js +0 -90
- package/dist/lib/router.js.map +0 -1
- package/dist/lib/routes-all.d.ts +0 -9
- package/dist/lib/routes-all.d.ts.map +0 -1
- package/dist/lib/routes-all.js +0 -170
- package/dist/lib/routes-all.js.map +0 -1
- package/dist/lib/secret-resolver.d.ts +0 -88
- package/dist/lib/secret-resolver.d.ts.map +0 -1
- package/dist/lib/secret-resolver.js +0 -183
- package/dist/lib/secret-resolver.js.map +0 -1
- package/dist/lib/session-manager.d.ts.map +0 -1
- package/dist/lib/session-manager.js +0 -492
- package/dist/lib/session-manager.js.map +0 -1
- package/dist/lib/storage/s3-storage.d.ts +0 -29
- package/dist/lib/storage/s3-storage.d.ts.map +0 -1
- package/dist/lib/storage/s3-storage.js +0 -135
- package/dist/lib/storage/s3-storage.js.map +0 -1
- package/dist/lib/tenant-context.d.ts +0 -35
- package/dist/lib/tenant-context.d.ts.map +0 -1
- package/dist/lib/tenant-context.js +0 -54
- package/dist/lib/tenant-context.js.map +0 -1
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* RFC 8628 device authorization grant adapter (T9b-d).
|
|
4
3
|
*
|
|
@@ -22,37 +21,23 @@
|
|
|
22
21
|
* within 60s the row evaporates (read-once short-window).
|
|
23
22
|
* - successful poll deletes the row before returning (read-once strict).
|
|
24
23
|
*/
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
exports.hashUserCode = hashUserCode;
|
|
30
|
-
exports.generateUserCode = generateUserCode;
|
|
31
|
-
exports.generateDeviceCode = generateDeviceCode;
|
|
32
|
-
exports.startDeviceAuthorization = startDeviceAuthorization;
|
|
33
|
-
exports.loadByDeviceCode = loadByDeviceCode;
|
|
34
|
-
exports.lookupDeviceCodeByUserCode = lookupDeviceCodeByUserCode;
|
|
35
|
-
exports.incrementFailedLookup = incrementFailedLookup;
|
|
36
|
-
exports.invalidateDeviceCode = invalidateDeviceCode;
|
|
37
|
-
exports.approveDeviceAuth = approveDeviceAuth;
|
|
38
|
-
exports.pollDeviceAuth = pollDeviceAuth;
|
|
39
|
-
const client_dynamodb_1 = require("@aws-sdk/client-dynamodb");
|
|
40
|
-
const util_dynamodb_1 = require("@aws-sdk/util-dynamodb");
|
|
41
|
-
const node_crypto_1 = require("node:crypto");
|
|
42
|
-
const envelope_crypto_1 = require("./envelope-crypto");
|
|
24
|
+
import { DynamoDBClient, GetItemCommand, PutItemCommand, DeleteItemCommand, UpdateItemCommand, ConditionalCheckFailedException, } from "@aws-sdk/client-dynamodb";
|
|
25
|
+
import { marshall, unmarshall } from "@aws-sdk/util-dynamodb";
|
|
26
|
+
import { randomBytes, createHash } from "node:crypto";
|
|
27
|
+
import { open, resolveKek, seal } from "./envelope-crypto.js";
|
|
43
28
|
/** Unambiguous user-code alphabet — no 0/O, 1/I/L, 2/Z, U/V, A/H, S/5, etc. */
|
|
44
|
-
|
|
29
|
+
export const USER_CODE_ALPHABET = "BCDFGHJKLMNPQRSTVWXZ";
|
|
45
30
|
/** 8-character user codes, displayed as `XXXX-XXXX` to humans. */
|
|
46
|
-
|
|
31
|
+
export const USER_CODE_LEN = 8;
|
|
47
32
|
/** Default RFC 8628 expires_in. */
|
|
48
|
-
|
|
33
|
+
export const DEFAULT_EXPIRES_IN = 600;
|
|
49
34
|
/** Default RFC 8628 polling interval. */
|
|
50
|
-
|
|
35
|
+
export const DEFAULT_INTERVAL = 5;
|
|
51
36
|
/** TTL for the post-approval window — agents must poll within this. */
|
|
52
|
-
|
|
37
|
+
export const POST_APPROVAL_TTL_SECONDS = 60;
|
|
53
38
|
/** Failure lockout threshold for user_code lookups against a single device_code. */
|
|
54
|
-
|
|
55
|
-
const ddb = new
|
|
39
|
+
export const USER_CODE_FAILURE_LIMIT = 10;
|
|
40
|
+
const ddb = new DynamoDBClient({
|
|
56
41
|
region: process.env.AWS_REGION || "us-east-1",
|
|
57
42
|
...(process.env.DYNAMODB_ENDPOINT ? { endpoint: process.env.DYNAMODB_ENDPOINT } : {}),
|
|
58
43
|
});
|
|
@@ -61,50 +46,50 @@ function tableName() {
|
|
|
61
46
|
`${process.env.STAGE || "dev"}-trellis-device-auth`);
|
|
62
47
|
}
|
|
63
48
|
/** Format a 4-char-grouped human display: `BCDF-GHJK`. */
|
|
64
|
-
function formatUserCode(raw) {
|
|
65
|
-
if (raw.length !==
|
|
49
|
+
export function formatUserCode(raw) {
|
|
50
|
+
if (raw.length !== USER_CODE_LEN)
|
|
66
51
|
return raw;
|
|
67
52
|
return `${raw.slice(0, 4)}-${raw.slice(4)}`;
|
|
68
53
|
}
|
|
69
54
|
/** Strip the dash so callers can match the canonical alphabet. */
|
|
70
|
-
function normaliseUserCode(input) {
|
|
55
|
+
export function normaliseUserCode(input) {
|
|
71
56
|
return input.replace(/[\s-]/g, "").toUpperCase();
|
|
72
57
|
}
|
|
73
58
|
/** SHA-256 hex; used as the secondary lookup key for user_code. */
|
|
74
|
-
function hashUserCode(userCode) {
|
|
75
|
-
return
|
|
59
|
+
export function hashUserCode(userCode) {
|
|
60
|
+
return createHash("sha256").update(userCode).digest("hex");
|
|
76
61
|
}
|
|
77
62
|
/**
|
|
78
63
|
* Generate a cryptographically random user_code from the unambiguous alphabet.
|
|
79
64
|
* Uniformly samples by rejecting bytes that would bias the modulo (alphabet
|
|
80
65
|
* length 20 doesn't divide 256 evenly).
|
|
81
66
|
*/
|
|
82
|
-
function generateUserCode(rng =
|
|
83
|
-
const alphaLen =
|
|
67
|
+
export function generateUserCode(rng = randomBytes) {
|
|
68
|
+
const alphaLen = USER_CODE_ALPHABET.length; // 20
|
|
84
69
|
const cutoff = Math.floor(256 / alphaLen) * alphaLen; // 240; reject 240..255
|
|
85
70
|
const out = [];
|
|
86
|
-
while (out.length <
|
|
87
|
-
const buf = rng(
|
|
88
|
-
for (let i = 0; i < buf.length && out.length <
|
|
71
|
+
while (out.length < USER_CODE_LEN) {
|
|
72
|
+
const buf = rng(USER_CODE_LEN * 2); // oversample
|
|
73
|
+
for (let i = 0; i < buf.length && out.length < USER_CODE_LEN; i++) {
|
|
89
74
|
const b = buf[i];
|
|
90
75
|
if (b >= cutoff)
|
|
91
76
|
continue;
|
|
92
|
-
out.push(
|
|
77
|
+
out.push(USER_CODE_ALPHABET[b % alphaLen]);
|
|
93
78
|
}
|
|
94
79
|
}
|
|
95
80
|
return out.join("");
|
|
96
81
|
}
|
|
97
82
|
/** 256-bit URL-safe random device_code. */
|
|
98
|
-
function generateDeviceCode(rng =
|
|
83
|
+
export function generateDeviceCode(rng = randomBytes) {
|
|
99
84
|
return rng(32).toString("base64url");
|
|
100
85
|
}
|
|
101
86
|
/**
|
|
102
87
|
* Issue a new device-authorization request. Stores a `pending` record with
|
|
103
88
|
* TTL = expires_in seconds, plus a secondary index row keyed by user_code hash.
|
|
104
89
|
*/
|
|
105
|
-
async function startDeviceAuthorization(input) {
|
|
106
|
-
const expiresIn = input.expiresIn ??
|
|
107
|
-
const interval = input.interval ??
|
|
90
|
+
export async function startDeviceAuthorization(input) {
|
|
91
|
+
const expiresIn = input.expiresIn ?? DEFAULT_EXPIRES_IN;
|
|
92
|
+
const interval = input.interval ?? DEFAULT_INTERVAL;
|
|
108
93
|
const now = Math.floor(Date.now() / 1000);
|
|
109
94
|
const expiresAt = now + expiresIn;
|
|
110
95
|
const deviceCode = generateDeviceCode();
|
|
@@ -122,9 +107,9 @@ async function startDeviceAuthorization(input) {
|
|
|
122
107
|
agentLabel: input.agentLabel,
|
|
123
108
|
sourceIp: input.sourceIp,
|
|
124
109
|
};
|
|
125
|
-
await ddb.send(new
|
|
110
|
+
await ddb.send(new PutItemCommand({
|
|
126
111
|
TableName: tableName(),
|
|
127
|
-
Item:
|
|
112
|
+
Item: marshall({
|
|
128
113
|
pk: `dc#${deviceCode}`,
|
|
129
114
|
sk: "rec",
|
|
130
115
|
...record,
|
|
@@ -133,9 +118,9 @@ async function startDeviceAuthorization(input) {
|
|
|
133
118
|
}, { removeUndefinedValues: true }),
|
|
134
119
|
ConditionExpression: "attribute_not_exists(pk)",
|
|
135
120
|
}));
|
|
136
|
-
await ddb.send(new
|
|
121
|
+
await ddb.send(new PutItemCommand({
|
|
137
122
|
TableName: tableName(),
|
|
138
|
-
Item:
|
|
123
|
+
Item: marshall({
|
|
139
124
|
pk: `uc#${userCodeHash}`,
|
|
140
125
|
sk: "idx",
|
|
141
126
|
deviceCode,
|
|
@@ -153,28 +138,28 @@ async function startDeviceAuthorization(input) {
|
|
|
153
138
|
};
|
|
154
139
|
}
|
|
155
140
|
/** Internal helper — load a record by device_code or return null. */
|
|
156
|
-
async function loadByDeviceCode(deviceCode) {
|
|
157
|
-
const out = await ddb.send(new
|
|
141
|
+
export async function loadByDeviceCode(deviceCode) {
|
|
142
|
+
const out = await ddb.send(new GetItemCommand({
|
|
158
143
|
TableName: tableName(),
|
|
159
|
-
Key:
|
|
144
|
+
Key: marshall({ pk: `dc#${deviceCode}`, sk: "rec" }),
|
|
160
145
|
}));
|
|
161
146
|
if (!out.Item)
|
|
162
147
|
return null;
|
|
163
|
-
const raw =
|
|
148
|
+
const raw = unmarshall(out.Item);
|
|
164
149
|
if (raw.ttl && raw.ttl < Math.floor(Date.now() / 1000))
|
|
165
150
|
return null;
|
|
166
151
|
return rawToRecord(raw);
|
|
167
152
|
}
|
|
168
153
|
/** Internal helper — resolve user_code to a device_code via the secondary key. */
|
|
169
|
-
async function lookupDeviceCodeByUserCode(userCode) {
|
|
154
|
+
export async function lookupDeviceCodeByUserCode(userCode) {
|
|
170
155
|
const userCodeHash = hashUserCode(normaliseUserCode(userCode));
|
|
171
|
-
const out = await ddb.send(new
|
|
156
|
+
const out = await ddb.send(new GetItemCommand({
|
|
172
157
|
TableName: tableName(),
|
|
173
|
-
Key:
|
|
158
|
+
Key: marshall({ pk: `uc#${userCodeHash}`, sk: "idx" }),
|
|
174
159
|
}));
|
|
175
160
|
if (!out.Item)
|
|
176
161
|
return null;
|
|
177
|
-
const raw =
|
|
162
|
+
const raw = unmarshall(out.Item);
|
|
178
163
|
if (raw.ttl && raw.ttl < Math.floor(Date.now() / 1000))
|
|
179
164
|
return null;
|
|
180
165
|
return raw.deviceCode || null;
|
|
@@ -183,56 +168,56 @@ async function lookupDeviceCodeByUserCode(userCode) {
|
|
|
183
168
|
* Increment the failed-lookup counter on a device_code. Returns the new count.
|
|
184
169
|
* Once the count exceeds USER_CODE_FAILURE_LIMIT the record is deleted (lockout).
|
|
185
170
|
*/
|
|
186
|
-
async function incrementFailedLookup(deviceCode) {
|
|
171
|
+
export async function incrementFailedLookup(deviceCode) {
|
|
187
172
|
try {
|
|
188
|
-
const out = await ddb.send(new
|
|
173
|
+
const out = await ddb.send(new UpdateItemCommand({
|
|
189
174
|
TableName: tableName(),
|
|
190
|
-
Key:
|
|
175
|
+
Key: marshall({ pk: `dc#${deviceCode}`, sk: "rec" }),
|
|
191
176
|
UpdateExpression: "ADD failedLookups :one",
|
|
192
|
-
ExpressionAttributeValues:
|
|
177
|
+
ExpressionAttributeValues: marshall({ ":one": 1 }),
|
|
193
178
|
ConditionExpression: "attribute_exists(pk)",
|
|
194
179
|
ReturnValues: "ALL_NEW",
|
|
195
180
|
}));
|
|
196
181
|
if (!out.Attributes)
|
|
197
182
|
return 0;
|
|
198
|
-
const updated =
|
|
183
|
+
const updated = unmarshall(out.Attributes);
|
|
199
184
|
const newCount = updated.failedLookups ?? 0;
|
|
200
|
-
if (newCount >=
|
|
185
|
+
if (newCount >= USER_CODE_FAILURE_LIMIT) {
|
|
201
186
|
await invalidateDeviceCode(deviceCode);
|
|
202
187
|
}
|
|
203
188
|
return newCount;
|
|
204
189
|
}
|
|
205
190
|
catch (err) {
|
|
206
|
-
if (err instanceof
|
|
191
|
+
if (err instanceof ConditionalCheckFailedException)
|
|
207
192
|
return 0;
|
|
208
193
|
throw err;
|
|
209
194
|
}
|
|
210
195
|
}
|
|
211
196
|
/** Delete a device-auth record (e.g. on lockout or successful poll). */
|
|
212
|
-
async function invalidateDeviceCode(deviceCode) {
|
|
213
|
-
await ddb.send(new
|
|
197
|
+
export async function invalidateDeviceCode(deviceCode) {
|
|
198
|
+
await ddb.send(new DeleteItemCommand({
|
|
214
199
|
TableName: tableName(),
|
|
215
|
-
Key:
|
|
200
|
+
Key: marshall({ pk: `dc#${deviceCode}`, sk: "rec" }),
|
|
216
201
|
}));
|
|
217
202
|
}
|
|
218
203
|
/**
|
|
219
204
|
* Mark a device-auth record approved and stash the encrypted token blob.
|
|
220
205
|
* Re-keys the record's TTL to NOW + POST_APPROVAL_TTL_SECONDS.
|
|
221
206
|
*/
|
|
222
|
-
async function approveDeviceAuth(ctx) {
|
|
223
|
-
const kek = await
|
|
224
|
-
const envelope =
|
|
225
|
-
const newTtl = Math.floor(Date.now() / 1000) +
|
|
226
|
-
await ddb.send(new
|
|
207
|
+
export async function approveDeviceAuth(ctx) {
|
|
208
|
+
const kek = await resolveKek();
|
|
209
|
+
const envelope = seal(JSON.stringify(ctx.tokens), ctx.deviceCode, kek);
|
|
210
|
+
const newTtl = Math.floor(Date.now() / 1000) + POST_APPROVAL_TTL_SECONDS;
|
|
211
|
+
await ddb.send(new UpdateItemCommand({
|
|
227
212
|
TableName: tableName(),
|
|
228
|
-
Key:
|
|
213
|
+
Key: marshall({ pk: `dc#${ctx.deviceCode}`, sk: "rec" }),
|
|
229
214
|
UpdateExpression: "SET #status = :approved, envelope = :env, approvedByUserId = :u, cognitoSub = :s, tenantId = :t, sessionId = :sid, expiresAt = :ttl, #ttlAttr = :ttl REMOVE userCode",
|
|
230
215
|
ConditionExpression: "attribute_exists(pk) AND #status = :pending",
|
|
231
216
|
ExpressionAttributeNames: {
|
|
232
217
|
"#status": "status",
|
|
233
218
|
"#ttlAttr": "ttl",
|
|
234
219
|
},
|
|
235
|
-
ExpressionAttributeValues:
|
|
220
|
+
ExpressionAttributeValues: marshall({
|
|
236
221
|
":approved": "approved",
|
|
237
222
|
":pending": "pending",
|
|
238
223
|
":env": JSON.stringify(envelope),
|
|
@@ -249,7 +234,7 @@ async function approveDeviceAuth(ctx) {
|
|
|
249
234
|
* outcomes: pending, slow_down, ok, expired, denied. On success the
|
|
250
235
|
* record is deleted before tokens return (read-once).
|
|
251
236
|
*/
|
|
252
|
-
async function pollDeviceAuth(deviceCode) {
|
|
237
|
+
export async function pollDeviceAuth(deviceCode) {
|
|
253
238
|
const record = await loadByDeviceCode(deviceCode);
|
|
254
239
|
if (!record)
|
|
255
240
|
return { outcome: "gone" };
|
|
@@ -265,17 +250,17 @@ async function pollDeviceAuth(deviceCode) {
|
|
|
265
250
|
if (record.status === "pending") {
|
|
266
251
|
// Best-effort lastPolledAt update so subsequent fast polls hit slow_down.
|
|
267
252
|
try {
|
|
268
|
-
await ddb.send(new
|
|
253
|
+
await ddb.send(new UpdateItemCommand({
|
|
269
254
|
TableName: tableName(),
|
|
270
|
-
Key:
|
|
255
|
+
Key: marshall({ pk: `dc#${deviceCode}`, sk: "rec" }),
|
|
271
256
|
UpdateExpression: "SET lastPolledAt = :n",
|
|
272
257
|
ConditionExpression: "attribute_exists(pk) AND #status = :pending",
|
|
273
258
|
ExpressionAttributeNames: { "#status": "status" },
|
|
274
|
-
ExpressionAttributeValues:
|
|
259
|
+
ExpressionAttributeValues: marshall({ ":n": nowSec, ":pending": "pending" }),
|
|
275
260
|
}));
|
|
276
261
|
}
|
|
277
262
|
catch (err) {
|
|
278
|
-
if (!(err instanceof
|
|
263
|
+
if (!(err instanceof ConditionalCheckFailedException))
|
|
279
264
|
throw err;
|
|
280
265
|
}
|
|
281
266
|
return { outcome: "pending" };
|
|
@@ -283,8 +268,8 @@ async function pollDeviceAuth(deviceCode) {
|
|
|
283
268
|
// status === approved. Decrypt, then delete the row before returning.
|
|
284
269
|
if (!record.envelope)
|
|
285
270
|
return { outcome: "expired" };
|
|
286
|
-
const kek = await
|
|
287
|
-
const plaintext =
|
|
271
|
+
const kek = await resolveKek();
|
|
272
|
+
const plaintext = open(record.envelope, deviceCode, kek);
|
|
288
273
|
const tokens = JSON.parse(plaintext);
|
|
289
274
|
await invalidateDeviceCode(deviceCode);
|
|
290
275
|
return { outcome: "ok", tokens };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"device-authorization.js","sourceRoot":"","sources":["../../../src/lib/oauth/device-authorization.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"device-authorization.js","sourceRoot":"","sources":["../../../src/lib/oauth/device-authorization.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EACL,cAAc,EACd,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,+BAA+B,GAChC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAuB,MAAM,sBAAsB,CAAC;AAEnF,+EAA+E;AAC/E,MAAM,CAAC,MAAM,kBAAkB,GAAG,sBAAsB,CAAC;AACzD,kEAAkE;AAClE,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC;AAC/B,mCAAmC;AACnC,MAAM,CAAC,MAAM,kBAAkB,GAAG,GAAG,CAAC;AACtC,yCAAyC;AACzC,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAClC,uEAAuE;AACvE,MAAM,CAAC,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAC5C,oFAAoF;AACpF,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,CAAC;AA0D1C,MAAM,GAAG,GAAG,IAAI,cAAc,CAAC;IAC7B,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;IAC7C,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;CACtF,CAAC,CAAC;AAEH,SAAS,SAAS;IAChB,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,iBAAiB;QAC7B,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,KAAK,sBAAsB,CACpD,CAAC;AACJ,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,GAAG,CAAC,MAAM,KAAK,aAAa;QAAE,OAAO,GAAG,CAAC;IAC7C,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;AACnD,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAA6B,WAAW;IACvE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,KAAK;IACjD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,uBAAuB;IAC7E,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,OAAO,GAAG,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,GAAG,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa;QACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;YAClE,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAE,CAAC;YAClB,IAAI,CAAC,IAAI,MAAM;gBAAE,SAAS;YAC1B,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,GAAG,QAAQ,CAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACtB,CAAC;AAED,2CAA2C;AAC3C,MAAM,UAAU,kBAAkB,CAAC,MAA6B,WAAW;IACzE,OAAO,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAAC,KAM9C;IACC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACxD,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,gBAAgB,CAAC;IACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,GAAG,GAAG,SAAS,CAAC;IAElC,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IACxC,MAAM,QAAQ,GAAG,gBAAgB,EAAE,CAAC;IACpC,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE5C,MAAM,MAAM,GAAqB;QAC/B,UAAU;QACV,YAAY;QACZ,QAAQ;QACR,MAAM,EAAE,SAAS;QACjB,SAAS;QACT,SAAS,EAAE,GAAG;QACd,QAAQ;QACR,aAAa,EAAE,CAAC;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,QAAQ,EAAE,KAAK,CAAC,QAAQ;KACzB,CAAC;IAEF,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,cAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,IAAI,EAAE,QAAQ,CACZ;YACE,EAAE,EAAE,MAAM,UAAU,EAAE;YACtB,EAAE,EAAE,KAAK;YACT,GAAG,MAAM;YACT,gDAAgD;YAChD,GAAG,EAAE,SAAS;SACf,EACD,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAChC;QACD,mBAAmB,EAAE,0BAA0B;KAChD,CAAC,CACH,CAAC;IAEF,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,cAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,IAAI,EAAE,QAAQ,CACZ;YACE,EAAE,EAAE,MAAM,YAAY,EAAE;YACxB,EAAE,EAAE,KAAK;YACT,UAAU;YACV,SAAS,EAAE,GAAG;YACd,GAAG,EAAE,SAAS;SACf,EACD,EAAE,qBAAqB,EAAE,IAAI,EAAE,CAChC;KACF,CAAC,CACH,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,UAAU;QACvB,SAAS,EAAE,cAAc,CAAC,QAAQ,CAAC;QACnC,gBAAgB,EAAE,KAAK,CAAC,mBAAmB;QAC3C,yBAAyB,EAAE,GAAG,KAAK,CAAC,mBAAmB,cAAc,cAAc,CAAC,QAAQ,CAAC,EAAE;QAC/F,UAAU,EAAE,SAAS;QACrB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,qEAAqE;AACrE,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,UAAkB;IACvD,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CACxB,IAAI,cAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;KACrD,CAAC,CACH,CAAC;IACF,IAAI,CAAC,GAAG,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAA+C,CAAC;IAC/E,IAAI,GAAG,CAAC,GAAG,IAAK,GAAG,CAAC,GAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,OAAO,WAAW,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED,kFAAkF;AAClF,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,QAAgB;IAC/D,MAAM,YAAY,GAAG,YAAY,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/D,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CACxB,IAAI,cAAc,CAAC;QACjB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,YAAY,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;KACvD,CAAC,CACH,CAAC;IACF,IAAI,CAAC,GAAG,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAA+C,CAAC;IAC/E,IAAI,GAAG,CAAC,GAAG,IAAK,GAAG,CAAC,GAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAChF,OAAQ,GAAG,CAAC,UAAqB,IAAI,IAAI,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,UAAkB;IAC5D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,CACxB,IAAI,iBAAiB,CAAC;YACpB,SAAS,EAAE,SAAS,EAAE;YACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;YACpD,gBAAgB,EAAE,wBAAwB;YAC1C,yBAAyB,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;YAClD,mBAAmB,EAAE,sBAAsB;YAC3C,YAAY,EAAE,SAAS;SACxB,CAAC,CACH,CAAC;QACF,IAAI,CAAC,GAAG,CAAC,UAAU;YAAE,OAAO,CAAC,CAAC;QAC9B,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,UAAU,CAA+B,CAAC;QACzE,MAAM,QAAQ,GAAG,OAAO,CAAC,aAAa,IAAI,CAAC,CAAC;QAC5C,IAAI,QAAQ,IAAI,uBAAuB,EAAE,CAAC;YACxC,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,+BAA+B;YAAE,OAAO,CAAC,CAAC;QAC7D,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED,wEAAwE;AACxE,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,UAAkB;IAC3D,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,iBAAiB,CAAC;QACpB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;KACrD,CAAC,CACH,CAAC;AACJ,CAAC;AAYD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,GAAoB;IAC1D,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACvE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,yBAAyB,CAAC;IAEzE,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,iBAAiB,CAAC;QACpB,SAAS,EAAE,SAAS,EAAE;QACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;QACxD,gBAAgB,EACd,sKAAsK;QACxK,mBAAmB,EAAE,6CAA6C;QAClE,wBAAwB,EAAE;YACxB,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,KAAK;SAClB;QACD,yBAAyB,EAAE,QAAQ,CAAC;YAClC,WAAW,EAAE,UAAU;YACvB,UAAU,EAAE,SAAS;YACrB,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;YAChC,IAAI,EAAE,GAAG,CAAC,gBAAgB;YAC1B,IAAI,EAAE,GAAG,CAAC,UAAU;YACpB,IAAI,EAAE,GAAG,CAAC,QAAQ;YAClB,MAAM,EAAE,GAAG,CAAC,SAAS;YACrB,MAAM,EAAE,MAAM;SACf,CAAC;KACH,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,UAAkB;IACrD,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IAExC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,MAAM,CAAC,SAAS,GAAG,MAAM;QAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IAE7D,uDAAuD;IACvD,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,GAAG,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC1E,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;IAClC,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IAC7D,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,0EAA0E;QAC1E,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,iBAAiB,CAAC;gBACpB,SAAS,EAAE,SAAS,EAAE;gBACtB,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,MAAM,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;gBACpD,gBAAgB,EAAE,uBAAuB;gBACzC,mBAAmB,EAAE,6CAA6C;gBAClE,wBAAwB,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE;gBACjD,yBAAyB,EAAE,QAAQ,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;aAC7E,CAAC,CACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,CAAC,GAAG,YAAY,+BAA+B,CAAC;gBAAE,MAAM,GAAG,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IAChC,CAAC;IAED,sEAAsE;IACtE,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IACpD,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC;IAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAa,CAAC;IAEjD,MAAM,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAEvC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AACnC,CAAC;AAED,SAAS,WAAW,CAAC,GAA4B;IAC/C,OAAO;QACL,UAAU,EAAE,GAAG,CAAC,UAAoB;QACpC,YAAY,EAAE,GAAG,CAAC,YAAsB;QACxC,QAAQ,EAAE,GAAG,CAAC,QAA8B;QAC5C,MAAM,EAAE,GAAG,CAAC,MAA2C;QACvD,SAAS,EAAE,GAAG,CAAC,SAAmB;QAClC,SAAS,EAAE,GAAG,CAAC,SAAmB;QAClC,QAAQ,EAAE,GAAG,CAAC,QAAkB;QAChC,aAAa,EAAG,GAAG,CAAC,aAAwB,IAAI,CAAC;QACjD,YAAY,EAAE,GAAG,CAAC,YAAkC;QACpD,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAkB,CAAoB,CAAC,CAAC,CAAC,SAAS;QAC3F,gBAAgB,EAAE,GAAG,CAAC,gBAAsC;QAC5D,UAAU,EAAE,GAAG,CAAC,UAAgC;QAChD,QAAQ,EAAE,GAAG,CAAC,QAA8B;QAC5C,UAAU,EAAE,GAAG,CAAC,UAAgC;QAChD,QAAQ,EAAE,GAAG,CAAC,QAA8B;QAC5C,SAAS,EAAE,GAAG,CAAC,SAA+B;KAC/C,CAAC;AACJ,CAAC"}
|
|
@@ -87,11 +87,11 @@ export declare function safeEqual(a: string, b: string): boolean;
|
|
|
87
87
|
/**
|
|
88
88
|
* Hook for tests + production wiring. Defaults to a stub that throws,
|
|
89
89
|
* directing callers to install `@aws-sdk/client-kms` and override via
|
|
90
|
-
* `setKmsKekFetcher`. The
|
|
90
|
+
* `setKmsKekFetcher`. The trellis CDK wires the AWS-SDK-backed fetcher
|
|
91
91
|
* during process bootstrap.
|
|
92
92
|
*/
|
|
93
93
|
export type KmsKekFetcher = (kmsKeyId: string, region: string) => Promise<Buffer>;
|
|
94
|
-
/** Wire the production KMS path.
|
|
94
|
+
/** Wire the production KMS path. Trellis CDK calls this during bootstrap. */
|
|
95
95
|
export declare function setKmsKekFetcher(fn: KmsKekFetcher): void;
|
|
96
96
|
export declare function resolveKek(): Promise<Buffer>;
|
|
97
97
|
/** Reset the cached KEK. Test-only. */
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* Envelope encryption helpers for OAuth device-authorization records.
|
|
4
3
|
*
|
|
@@ -21,20 +20,9 @@
|
|
|
21
20
|
* decrypt time fails with an authentication error rather than returning
|
|
22
21
|
* silently truncated plaintext.
|
|
23
22
|
*/
|
|
24
|
-
|
|
25
|
-
exports.CURRENT_KEK_VERSION = exports.DEK_INFO = void 0;
|
|
26
|
-
exports.deriveDek = deriveDek;
|
|
27
|
-
exports.seal = seal;
|
|
28
|
-
exports.open = open;
|
|
29
|
-
exports.resolveKekForVersion = resolveKekForVersion;
|
|
30
|
-
exports.safeEqual = safeEqual;
|
|
31
|
-
exports.setKmsKekFetcher = setKmsKekFetcher;
|
|
32
|
-
exports.resolveKek = resolveKek;
|
|
33
|
-
exports._resetKekCacheForTest = _resetKekCacheForTest;
|
|
34
|
-
exports._resetKmsKekFetcherForTest = _resetKmsKekFetcherForTest;
|
|
35
|
-
const node_crypto_1 = require("node:crypto");
|
|
23
|
+
import { createCipheriv, createDecipheriv, hkdfSync, randomBytes, timingSafeEqual, } from "node:crypto";
|
|
36
24
|
/** HKDF info string. Versioned so future schema changes are detectable. */
|
|
37
|
-
|
|
25
|
+
export const DEK_INFO = "trellis-device-auth-dek-v1";
|
|
38
26
|
/** Length of the AES-256 DEK in bytes. */
|
|
39
27
|
const DEK_LEN = 32;
|
|
40
28
|
/** Length of the HKDF salt stored alongside the ciphertext. */
|
|
@@ -44,7 +32,7 @@ const IV_LEN = 12;
|
|
|
44
32
|
/** AES-GCM authentication tag length (16 bytes / 128 bits). */
|
|
45
33
|
const TAG_LEN = 16;
|
|
46
34
|
/** Current KEK version written by `seal`. */
|
|
47
|
-
|
|
35
|
+
export const CURRENT_KEK_VERSION = 1;
|
|
48
36
|
function b64url(b) {
|
|
49
37
|
return b.toString("base64url");
|
|
50
38
|
}
|
|
@@ -56,7 +44,7 @@ function fromB64url(s) {
|
|
|
56
44
|
* The device_code is the IKM; the KEK is mixed in as part of the salt so a
|
|
57
45
|
* stolen DynamoDB row alone cannot derive the DEK.
|
|
58
46
|
*/
|
|
59
|
-
function deriveDek(deviceCode, kek, salt) {
|
|
47
|
+
export function deriveDek(deviceCode, kek, salt) {
|
|
60
48
|
if (!deviceCode || deviceCode.length < 16) {
|
|
61
49
|
throw new Error("device_code too short");
|
|
62
50
|
}
|
|
@@ -69,7 +57,7 @@ function deriveDek(deviceCode, kek, salt) {
|
|
|
69
57
|
// HKDF: ikm = device_code; salt = (kek || salt); info = DEK_INFO.
|
|
70
58
|
// Mixing KEK into the salt means the DEK depends on both pieces.
|
|
71
59
|
const combinedSalt = Buffer.concat([kek, salt]);
|
|
72
|
-
const dek =
|
|
60
|
+
const dek = hkdfSync("sha256", deviceCode, combinedSalt, DEK_INFO, DEK_LEN);
|
|
73
61
|
return Buffer.from(dek);
|
|
74
62
|
}
|
|
75
63
|
/**
|
|
@@ -77,11 +65,11 @@ function deriveDek(deviceCode, kek, salt) {
|
|
|
77
65
|
* Returns the storable envelope; ciphertext + iv + tag are sufficient for
|
|
78
66
|
* decryption only when device_code is supplied at open time.
|
|
79
67
|
*/
|
|
80
|
-
function seal(plaintext, deviceCode, kek) {
|
|
81
|
-
const salt =
|
|
82
|
-
const iv =
|
|
68
|
+
export function seal(plaintext, deviceCode, kek) {
|
|
69
|
+
const salt = randomBytes(SALT_LEN);
|
|
70
|
+
const iv = randomBytes(IV_LEN);
|
|
83
71
|
const dek = deriveDek(deviceCode, kek, salt);
|
|
84
|
-
const cipher =
|
|
72
|
+
const cipher = createCipheriv("aes-256-gcm", dek, iv, { authTagLength: TAG_LEN });
|
|
85
73
|
const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
|
|
86
74
|
const tag = cipher.getAuthTag();
|
|
87
75
|
// Wipe the DEK from our reference. (V8 doesn't guarantee wipe, but at
|
|
@@ -93,8 +81,8 @@ function seal(plaintext, deviceCode, kek) {
|
|
|
93
81
|
tag: b64url(tag),
|
|
94
82
|
ciphertext: b64url(ct),
|
|
95
83
|
alg: "AES-256-GCM+HKDF-SHA256",
|
|
96
|
-
info:
|
|
97
|
-
keyVersion:
|
|
84
|
+
info: DEK_INFO,
|
|
85
|
+
keyVersion: CURRENT_KEK_VERSION,
|
|
98
86
|
};
|
|
99
87
|
}
|
|
100
88
|
/**
|
|
@@ -107,11 +95,11 @@ function seal(plaintext, deviceCode, kek) {
|
|
|
107
95
|
* The MVP runs version 1 only; this signature stays compatible for
|
|
108
96
|
* forward-rotation scenarios (G4 MEDIUM-1).
|
|
109
97
|
*/
|
|
110
|
-
function open(envelope, deviceCode, kek) {
|
|
98
|
+
export function open(envelope, deviceCode, kek) {
|
|
111
99
|
if (envelope.alg !== "AES-256-GCM+HKDF-SHA256") {
|
|
112
100
|
throw new Error(`unsupported envelope alg: ${envelope.alg}`);
|
|
113
101
|
}
|
|
114
|
-
if (envelope.info !==
|
|
102
|
+
if (envelope.info !== DEK_INFO) {
|
|
115
103
|
throw new Error(`unsupported envelope info: ${envelope.info}`);
|
|
116
104
|
}
|
|
117
105
|
// Reject envelopes from versions we don't yet know how to dispatch.
|
|
@@ -133,7 +121,7 @@ function open(envelope, deviceCode, kek) {
|
|
|
133
121
|
if (tag.length !== TAG_LEN)
|
|
134
122
|
throw new Error("envelope tag length");
|
|
135
123
|
const dek = deriveDek(deviceCode, kek, salt);
|
|
136
|
-
const decipher =
|
|
124
|
+
const decipher = createDecipheriv("aes-256-gcm", dek, iv, { authTagLength: TAG_LEN });
|
|
137
125
|
decipher.setAuthTag(tag);
|
|
138
126
|
let pt;
|
|
139
127
|
try {
|
|
@@ -151,7 +139,7 @@ function open(envelope, deviceCode, kek) {
|
|
|
151
139
|
* sealed envelope should call this rather than `resolveKek()` directly
|
|
152
140
|
* (G4 MEDIUM-1).
|
|
153
141
|
*/
|
|
154
|
-
async function resolveKekForVersion(version) {
|
|
142
|
+
export async function resolveKekForVersion(version) {
|
|
155
143
|
if (version !== 1) {
|
|
156
144
|
throw new Error(`unsupported envelope keyVersion: ${version}`);
|
|
157
145
|
}
|
|
@@ -163,12 +151,12 @@ async function resolveKekForVersion(version) {
|
|
|
163
151
|
* stored hash (we don't store the device_code itself, so this is reserved
|
|
164
152
|
* for refresh-jti comparisons).
|
|
165
153
|
*/
|
|
166
|
-
function safeEqual(a, b) {
|
|
154
|
+
export function safeEqual(a, b) {
|
|
167
155
|
const ab = Buffer.from(a, "utf8");
|
|
168
156
|
const bb = Buffer.from(b, "utf8");
|
|
169
157
|
if (ab.length !== bb.length)
|
|
170
158
|
return false;
|
|
171
|
-
return
|
|
159
|
+
return timingSafeEqual(ab, bb);
|
|
172
160
|
}
|
|
173
161
|
/**
|
|
174
162
|
* Resolve the KEK at runtime. Two paths:
|
|
@@ -182,11 +170,11 @@ let cachedKek;
|
|
|
182
170
|
let kmsKekFetcher = async () => {
|
|
183
171
|
throw new Error("KMS KEK fetcher not configured; call setKmsKekFetcher() at startup or set DEVICE_AUTH_KEK_BASE64");
|
|
184
172
|
};
|
|
185
|
-
/** Wire the production KMS path.
|
|
186
|
-
function setKmsKekFetcher(fn) {
|
|
173
|
+
/** Wire the production KMS path. Trellis CDK calls this during bootstrap. */
|
|
174
|
+
export function setKmsKekFetcher(fn) {
|
|
187
175
|
kmsKekFetcher = fn;
|
|
188
176
|
}
|
|
189
|
-
async function resolveKek() {
|
|
177
|
+
export async function resolveKek() {
|
|
190
178
|
if (cachedKek)
|
|
191
179
|
return cachedKek;
|
|
192
180
|
const inline = process.env.DEVICE_AUTH_KEK_BASE64;
|
|
@@ -211,11 +199,11 @@ async function resolveKek() {
|
|
|
211
199
|
return cachedKek;
|
|
212
200
|
}
|
|
213
201
|
/** Reset the cached KEK. Test-only. */
|
|
214
|
-
function _resetKekCacheForTest() {
|
|
202
|
+
export function _resetKekCacheForTest() {
|
|
215
203
|
cachedKek = undefined;
|
|
216
204
|
}
|
|
217
205
|
/** Reset the KMS fetcher to its default (test-only). */
|
|
218
|
-
function _resetKmsKekFetcherForTest() {
|
|
206
|
+
export function _resetKmsKekFetcherForTest() {
|
|
219
207
|
kmsKekFetcher = async () => {
|
|
220
208
|
throw new Error("KMS KEK fetcher not configured; call setKmsKekFetcher() at startup or set DEVICE_AUTH_KEK_BASE64");
|
|
221
209
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"envelope-crypto.js","sourceRoot":"","sources":["../../../src/lib/oauth/envelope-crypto.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"envelope-crypto.js","sourceRoot":"","sources":["../../../src/lib/oauth/envelope-crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,QAAQ,EACR,WAAW,EACX,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,2EAA2E;AAC3E,MAAM,CAAC,MAAM,QAAQ,GAAG,4BAA4B,CAAC;AAErD,0CAA0C;AAC1C,MAAM,OAAO,GAAG,EAAE,CAAC;AACnB,+DAA+D;AAC/D,MAAM,QAAQ,GAAG,EAAE,CAAC;AACpB,gEAAgE;AAChE,MAAM,MAAM,GAAG,EAAE,CAAC;AAClB,+DAA+D;AAC/D,MAAM,OAAO,GAAG,EAAE,CAAC;AAyBnB,6CAA6C;AAC7C,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAErC,SAAS,MAAM,CAAC,CAAS;IACvB,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;AACrC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CACvB,UAAkB,EAClB,GAAW,EACX,IAAY;IAEZ,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,gBAAgB,QAAQ,QAAQ,CAAC,CAAC;IACpD,CAAC;IACD,kEAAkE;IAClE,iEAAiE;IACjE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC5E,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,IAAI,CAClB,SAAiB,EACjB,UAAkB,EAClB,GAAW;IAEX,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,EAAE,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAC/B,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAE7C,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;IAClF,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhC,sEAAsE;IACtE,4DAA4D;IAC5D,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEZ,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC;QAClB,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC;QACd,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;QACtB,GAAG,EAAE,yBAAyB;QAC9B,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE,mBAAmB;KAChC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,IAAI,CAClB,QAAwB,EACxB,UAAkB,EAClB,GAAW;IAEX,IAAI,QAAQ,CAAC,GAAG,KAAK,yBAAyB,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,8BAA8B,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,oEAAoE;IACpE,8DAA8D;IAC9D,iEAAiE;IACjE,sDAAsD;IACtD,MAAM,eAAe,GAAG,QAAQ,CAAC,UAAU,IAAI,CAAC,CAAC;IACjD,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,oCAAoC,eAAe,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAE3C,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACtE,IAAI,EAAE,CAAC,MAAM,KAAK,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAChE,IAAI,GAAG,CAAC,MAAM,KAAK,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAEnE,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC,CAAC;IACtF,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACzB,IAAI,EAAU,CAAC;IACf,IAAI,CAAC;QACH,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;IACD,OAAO,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAe;IACxD,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,oCAAoC,OAAO,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,UAAU,EAAE,CAAC;AACtB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,SAAS,CAAC,CAAS,EAAE,CAAS;IAC5C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAClC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAClC,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1C,OAAO,eAAe,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;;GAOG;AACH,IAAI,SAA6B,CAAC;AAUlC,IAAI,aAAa,GAAkB,KAAK,IAAI,EAAE;IAC5C,MAAM,IAAI,KAAK,CACb,kGAAkG,CACnG,CAAC;AACJ,CAAC,CAAC;AAEF,6EAA6E;AAC7E,MAAM,UAAU,gBAAgB,CAAC,EAAiB;IAChD,aAAa,GAAG,EAAE,CAAC;AACrB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAEhC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAClD,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QACxC,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QACD,SAAS,GAAG,CAAC,CAAC;QACd,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC;IACrD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACpD,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IACD,SAAS,GAAG,KAAK,CAAC;IAClB,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,qBAAqB;IACnC,SAAS,GAAG,SAAS,CAAC;AACxB,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,0BAA0B;IACxC,aAAa,GAAG,KAAK,IAAI,EAAE;QACzB,MAAM,IAAI,KAAK,CACb,kGAAkG,CACnG,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}
|