@de-otio/trellis 0.7.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -0
- package/dist/db.js +10 -18
- package/dist/db.js.map +1 -1
- package/dist/env.d.ts +66 -6
- package/dist/env.d.ts.map +1 -1
- package/dist/env.js +89 -70
- package/dist/env.js.map +1 -1
- package/dist/extensions.js +3 -8
- package/dist/extensions.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -9
- package/dist/index.js.map +1 -1
- package/dist/lambda/cleanup-cron.d.ts.map +1 -1
- package/dist/lambda/cleanup-cron.js +20 -24
- package/dist/lambda/cleanup-cron.js.map +1 -1
- package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/create-auth-challenge.js +17 -19
- package/dist/lambda/create-auth-challenge.js.map +1 -1
- package/dist/lambda/custom-message.js +1 -5
- package/dist/lambda/custom-message.js.map +1 -1
- package/dist/lambda/define-auth-challenge.js +1 -5
- package/dist/lambda/define-auth-challenge.js.map +1 -1
- package/dist/lambda/delete-account-worker.d.ts.map +1 -1
- package/dist/lambda/delete-account-worker.js +25 -58
- package/dist/lambda/delete-account-worker.js.map +1 -1
- package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
- package/dist/lambda/diagnostics-proxy.js +14 -49
- package/dist/lambda/diagnostics-proxy.js.map +1 -1
- package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
- package/dist/lambda/e2e-sweeper.js +30 -38
- package/dist/lambda/e2e-sweeper.js.map +1 -1
- package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
- package/dist/lambda/federation-outbox-worker.js +4 -6
- package/dist/lambda/federation-outbox-worker.js.map +1 -1
- package/dist/lambda/followers-events-worker.d.ts.map +1 -1
- package/dist/lambda/followers-events-worker.js +4 -6
- package/dist/lambda/followers-events-worker.js.map +1 -1
- package/dist/lambda/hourly-cron.d.ts.map +1 -1
- package/dist/lambda/hourly-cron.js +100 -32
- package/dist/lambda/hourly-cron.js.map +1 -1
- package/dist/lambda/link-check-worker.d.ts.map +1 -1
- package/dist/lambda/link-check-worker.js +4 -6
- package/dist/lambda/link-check-worker.js.map +1 -1
- package/dist/lambda/maintenance-cron.d.ts.map +1 -1
- package/dist/lambda/maintenance-cron.js +30 -63
- package/dist/lambda/maintenance-cron.js.map +1 -1
- package/dist/lambda/media-processing-worker.d.ts.map +1 -1
- package/dist/lambda/media-processing-worker.js +11 -46
- package/dist/lambda/media-processing-worker.js.map +1 -1
- package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
- package/dist/lambda/media-reconciliation-worker.js +4 -6
- package/dist/lambda/media-reconciliation-worker.js.map +1 -1
- package/dist/lambda/nightly-cron.d.ts.map +1 -1
- package/dist/lambda/nightly-cron.js +67 -112
- package/dist/lambda/nightly-cron.js.map +1 -1
- package/dist/lambda/post-confirmation.d.ts.map +1 -1
- package/dist/lambda/post-confirmation.js +147 -45
- package/dist/lambda/post-confirmation.js.map +1 -1
- package/dist/lambda/pre-signup.js +7 -11
- package/dist/lambda/pre-signup.js.map +1 -1
- package/dist/lambda/pre-token-generation.d.ts.map +1 -1
- package/dist/lambda/pre-token-generation.js +27 -35
- package/dist/lambda/pre-token-generation.js.map +1 -1
- package/dist/lambda/tools/check-health.js +1 -5
- package/dist/lambda/tools/check-health.js.map +1 -1
- package/dist/lambda/tools/describe-services.js +4 -8
- package/dist/lambda/tools/describe-services.js.map +1 -1
- package/dist/lambda/tools/get-cost-report.js +4 -8
- package/dist/lambda/tools/get-cost-report.js.map +1 -1
- package/dist/lambda/tools/get-errors.js +5 -9
- package/dist/lambda/tools/get-errors.js.map +1 -1
- package/dist/lambda/tools/get-feature-flags.js +4 -8
- package/dist/lambda/tools/get-feature-flags.js.map +1 -1
- package/dist/lambda/tools/get-queue-status.js +5 -9
- package/dist/lambda/tools/get-queue-status.js.map +1 -1
- package/dist/lambda/tools/search-logs.js +5 -9
- package/dist/lambda/tools/search-logs.js.map +1 -1
- package/dist/lambda/tools/send-alert.js +4 -8
- package/dist/lambda/tools/send-alert.js.map +1 -1
- package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/verify-auth-challenge.js +10 -12
- package/dist/lambda/verify-auth-challenge.js.map +1 -1
- package/dist/lib/abuse-metrics.d.ts.map +1 -1
- package/dist/lib/abuse-metrics.js +10 -13
- package/dist/lib/abuse-metrics.js.map +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
- package/dist/lib/activitypub/activity-processor.js +9 -43
- package/dist/lib/activitypub/activity-processor.js.map +1 -1
- package/dist/lib/activitypub/activity-service.js +1 -5
- package/dist/lib/activitypub/activity-service.js.map +1 -1
- package/dist/lib/activitypub/actor.d.ts +1 -1
- package/dist/lib/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/activitypub/actor.js +1 -5
- package/dist/lib/activitypub/actor.js.map +1 -1
- package/dist/lib/activitypub/audience-service.d.ts +2 -2
- package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
- package/dist/lib/activitypub/audience-service.js +8 -12
- package/dist/lib/activitypub/audience-service.js.map +1 -1
- package/dist/lib/activitypub/crypto.d.ts +1 -1
- package/dist/lib/activitypub/crypto.d.ts.map +1 -1
- package/dist/lib/activitypub/crypto.js +3 -41
- package/dist/lib/activitypub/crypto.js.map +1 -1
- package/dist/lib/activitypub/delivery-service.d.ts +5 -5
- package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
- package/dist/lib/activitypub/delivery-service.js +10 -47
- package/dist/lib/activitypub/delivery-service.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
- package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
- package/dist/lib/activitypub/dm-service.js +1 -5
- package/dist/lib/activitypub/dm-service.js.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.js +6 -10
- package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
- package/dist/lib/activitypub/fedify/config.d.ts +3 -3
- package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/config.js +5 -8
- package/dist/lib/activitypub/fedify/config.js.map +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/context.js +8 -12
- package/dist/lib/activitypub/fedify/context.js.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.js +3 -6
- package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
- package/dist/lib/activitypub/friendship-service.js +1 -5
- package/dist/lib/activitypub/friendship-service.js.map +1 -1
- package/dist/lib/activitypub/group-service.d.ts +1 -1
- package/dist/lib/activitypub/group-service.d.ts.map +1 -1
- package/dist/lib/activitypub/group-service.js +9 -46
- package/dist/lib/activitypub/group-service.js.map +1 -1
- package/dist/lib/activitypub/http-signatures.js +8 -45
- package/dist/lib/activitypub/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/jsonld.d.ts +1 -1
- package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
- package/dist/lib/activitypub/jsonld.js +1 -5
- package/dist/lib/activitypub/jsonld.js.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
- package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
- package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
- package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.js +31 -35
- package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.js +17 -20
- package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
- package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.js +6 -10
- package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
- package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
- package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.js +3 -8
- package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
- package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
- package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
- package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
- package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
- package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
- package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
- package/dist/lib/activitypub/standalone-mode.js +13 -50
- package/dist/lib/activitypub/standalone-mode.js.map +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
- package/dist/lib/activitypub/webfinger/server.js +18 -54
- package/dist/lib/activitypub/webfinger/server.js.map +1 -1
- package/dist/lib/age-gate-middleware.d.ts +4 -4
- package/dist/lib/age-gate-middleware.d.ts.map +1 -1
- package/dist/lib/age-gate-middleware.js +3 -6
- package/dist/lib/age-gate-middleware.js.map +1 -1
- package/dist/lib/age-gate.js +3 -8
- package/dist/lib/age-gate.js.map +1 -1
- package/dist/lib/age-tier-transition.d.ts +1 -1
- package/dist/lib/age-tier-transition.d.ts.map +1 -1
- package/dist/lib/age-tier-transition.js +7 -44
- package/dist/lib/age-tier-transition.js.map +1 -1
- package/dist/lib/app.d.ts +76 -0
- package/dist/lib/app.d.ts.map +1 -0
- package/dist/lib/app.js +400 -0
- package/dist/lib/app.js.map +1 -0
- package/dist/lib/audit/csv-export.js +6 -13
- package/dist/lib/audit/csv-export.js.map +1 -1
- package/dist/lib/audit/pii-filter.d.ts +9 -0
- package/dist/lib/audit/pii-filter.d.ts.map +1 -1
- package/dist/lib/audit/pii-filter.js +57 -7
- package/dist/lib/audit/pii-filter.js.map +1 -1
- package/dist/lib/audit-actions.d.ts +94 -0
- package/dist/lib/audit-actions.d.ts.map +1 -0
- package/dist/lib/audit-actions.js +107 -0
- package/dist/lib/audit-actions.js.map +1 -0
- package/dist/lib/audit-composer.d.ts +174 -0
- package/dist/lib/audit-composer.d.ts.map +1 -0
- package/dist/lib/audit-composer.js +421 -0
- package/dist/lib/audit-composer.js.map +1 -0
- package/dist/lib/auth/auth-context.d.ts +1 -1
- package/dist/lib/auth/auth-context.js +1 -2
- package/dist/lib/auth/auth-context.js.map +1 -1
- package/dist/lib/auth/auth-middleware.d.ts +16 -2
- package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
- package/dist/lib/auth/auth-middleware.js +36 -45
- package/dist/lib/auth/auth-middleware.js.map +1 -1
- package/dist/lib/auth/capabilities.js +2 -5
- package/dist/lib/auth/capabilities.js.map +1 -1
- package/dist/lib/auth/claims-cache.d.ts +2 -2
- package/dist/lib/auth/claims-cache.js +19 -24
- package/dist/lib/auth/claims-cache.js.map +1 -1
- package/dist/lib/auth/cognito-jwt.d.ts +20 -2
- package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
- package/dist/lib/auth/cognito-jwt.js +83 -23
- package/dist/lib/auth/cognito-jwt.js.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.js +4 -10
- package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
- package/dist/lib/auth/require.d.ts +4 -4
- package/dist/lib/auth/require.d.ts.map +1 -1
- package/dist/lib/auth/require.js +11 -18
- package/dist/lib/auth/require.js.map +1 -1
- package/dist/lib/auth/role-grants.d.ts +1 -1
- package/dist/lib/auth/role-grants.d.ts.map +1 -1
- package/dist/lib/auth/role-grants.js +28 -31
- package/dist/lib/auth/role-grants.js.map +1 -1
- package/dist/lib/auth-context-manager.js +1 -5
- package/dist/lib/auth-context-manager.js.map +1 -1
- package/dist/lib/auth-handler.d.ts +5 -5
- package/dist/lib/auth-handler.d.ts.map +1 -1
- package/dist/lib/auth-handler.js +5 -9
- package/dist/lib/auth-handler.js.map +1 -1
- package/dist/lib/badge-handler.d.ts +1 -1
- package/dist/lib/badge-handler.d.ts.map +1 -1
- package/dist/lib/badge-handler.js +14 -52
- package/dist/lib/badge-handler.js.map +1 -1
- package/dist/lib/circle-handler.d.ts +10 -10
- package/dist/lib/circle-handler.d.ts.map +1 -1
- package/dist/lib/circle-handler.js +10 -47
- package/dist/lib/circle-handler.js.map +1 -1
- package/dist/lib/cognito/idp-sdk.js +11 -18
- package/dist/lib/cognito/idp-sdk.js.map +1 -1
- package/dist/lib/cognito/issuer-probe.js +9 -14
- package/dist/lib/cognito/issuer-probe.js.map +1 -1
- package/dist/lib/comment-handler.d.ts +10 -10
- package/dist/lib/comment-handler.d.ts.map +1 -1
- package/dist/lib/comment-handler.js +61 -97
- package/dist/lib/comment-handler.js.map +1 -1
- package/dist/lib/compliance/baseline.d.ts +2 -2
- package/dist/lib/compliance/baseline.d.ts.map +1 -1
- package/dist/lib/compliance/baseline.js +15 -18
- package/dist/lib/compliance/baseline.js.map +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
- package/dist/lib/compliance/tenant-merge.js +1 -4
- package/dist/lib/compliance/tenant-merge.js.map +1 -1
- package/dist/lib/compliance/types.d.ts +1 -1
- package/dist/lib/compliance/types.js +2 -3
- package/dist/lib/compliance/types.js.map +1 -1
- package/dist/lib/connection-code-handler.d.ts +7 -7
- package/dist/lib/connection-code-handler.d.ts.map +1 -1
- package/dist/lib/connection-code-handler.js +13 -50
- package/dist/lib/connection-code-handler.js.map +1 -1
- package/dist/lib/content-discovery.d.ts +1 -1
- package/dist/lib/content-discovery.d.ts.map +1 -1
- package/dist/lib/content-discovery.js +15 -52
- package/dist/lib/content-discovery.js.map +1 -1
- package/dist/lib/context-aware-data-access.d.ts +1 -1
- package/dist/lib/context-aware-data-access.d.ts.map +1 -1
- package/dist/lib/context-aware-data-access.js +1 -5
- package/dist/lib/context-aware-data-access.js.map +1 -1
- package/dist/lib/cors-handler.d.ts +1 -1
- package/dist/lib/cors-handler.d.ts.map +1 -1
- package/dist/lib/cors-handler.js +13 -17
- package/dist/lib/cors-handler.js.map +1 -1
- package/dist/lib/cost-accumulator.d.ts.map +1 -1
- package/dist/lib/cost-accumulator.js +7 -11
- package/dist/lib/cost-accumulator.js.map +1 -1
- package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
- package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
- package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
- package/dist/lib/crypto/voting/hash-utils.js +6 -12
- package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
- package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
- package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/index.js +4 -14
- package/dist/lib/crypto/voting/index.js.map +1 -1
- package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
- package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
- package/dist/lib/csrf.d.ts +2 -2
- package/dist/lib/csrf.d.ts.map +1 -1
- package/dist/lib/csrf.js +1 -5
- package/dist/lib/csrf.js.map +1 -1
- package/dist/lib/data-router.d.ts +5 -4
- package/dist/lib/data-router.d.ts.map +1 -1
- package/dist/lib/data-router.js +60 -90
- package/dist/lib/data-router.js.map +1 -1
- package/dist/lib/database-circuit-breaker.d.ts +61 -34
- package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
- package/dist/lib/database-circuit-breaker.js +102 -109
- package/dist/lib/database-circuit-breaker.js.map +1 -1
- package/dist/lib/database-config.js +1 -4
- package/dist/lib/database-config.js.map +1 -1
- package/dist/lib/database-connection-manager.d.ts +42 -2
- package/dist/lib/database-connection-manager.d.ts.map +1 -1
- package/dist/lib/database-connection-manager.js +178 -74
- package/dist/lib/database-connection-manager.js.map +1 -1
- package/dist/lib/database-monitor.d.ts +1 -1
- package/dist/lib/database-monitor.d.ts.map +1 -1
- package/dist/lib/database-monitor.js +5 -9
- package/dist/lib/database-monitor.js.map +1 -1
- package/dist/lib/database-rate-limiter.d.ts +1 -1
- package/dist/lib/database-rate-limiter.d.ts.map +1 -1
- package/dist/lib/database-rate-limiter.js +3 -7
- package/dist/lib/database-rate-limiter.js.map +1 -1
- package/dist/lib/database-wrapper-helper.d.ts +2 -2
- package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
- package/dist/lib/database-wrapper-helper.js +7 -11
- package/dist/lib/database-wrapper-helper.js.map +1 -1
- package/dist/lib/database-wrapper.d.ts +1 -1
- package/dist/lib/database-wrapper.d.ts.map +1 -1
- package/dist/lib/database-wrapper.js +5 -9
- package/dist/lib/database-wrapper.js.map +1 -1
- package/dist/lib/db-query-helper.d.ts +3 -3
- package/dist/lib/db-query-helper.d.ts.map +1 -1
- package/dist/lib/db-query-helper.js +4 -9
- package/dist/lib/db-query-helper.js.map +1 -1
- package/dist/lib/discovery-exposure.d.ts +42 -0
- package/dist/lib/discovery-exposure.d.ts.map +1 -0
- package/dist/lib/discovery-exposure.js +89 -0
- package/dist/lib/discovery-exposure.js.map +1 -0
- package/dist/lib/discovery-handler.d.ts +6 -6
- package/dist/lib/discovery-handler.d.ts.map +1 -1
- package/dist/lib/discovery-handler.js +10 -43
- package/dist/lib/discovery-handler.js.map +1 -1
- package/dist/lib/domain-reputation-service.d.ts +1 -1
- package/dist/lib/domain-reputation-service.d.ts.map +1 -1
- package/dist/lib/domain-reputation-service.js +12 -15
- package/dist/lib/domain-reputation-service.js.map +1 -1
- package/dist/lib/email-privacy.js +4 -8
- package/dist/lib/email-privacy.js.map +1 -1
- package/dist/lib/email-provider.d.ts +2 -2
- package/dist/lib/email-provider.d.ts.map +1 -1
- package/dist/lib/email-provider.js +8 -16
- package/dist/lib/email-provider.js.map +1 -1
- package/dist/lib/entity-handler.d.ts +5 -6
- package/dist/lib/entity-handler.d.ts.map +1 -1
- package/dist/lib/entity-handler.js +45 -80
- package/dist/lib/entity-handler.js.map +1 -1
- package/dist/lib/entity-relationship-handler.d.ts +9 -9
- package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
- package/dist/lib/entity-relationship-handler.js +14 -51
- package/dist/lib/entity-relationship-handler.js.map +1 -1
- package/dist/lib/entity-tagging-errors.js +4 -11
- package/dist/lib/entity-tagging-errors.js.map +1 -1
- package/dist/lib/entity-tagging-validator.d.ts +3 -3
- package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
- package/dist/lib/entity-tagging-validator.js +6 -11
- package/dist/lib/entity-tagging-validator.js.map +1 -1
- package/dist/lib/exif-stripper.js +1 -4
- package/dist/lib/exif-stripper.js.map +1 -1
- package/dist/lib/extension-context.d.ts +2 -2
- package/dist/lib/extension-context.d.ts.map +1 -1
- package/dist/lib/extension-context.js +1 -4
- package/dist/lib/extension-context.js.map +1 -1
- package/dist/lib/extension-route-wrapper.d.ts +1 -1
- package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
- package/dist/lib/extension-route-wrapper.js +17 -55
- package/dist/lib/extension-route-wrapper.js.map +1 -1
- package/dist/lib/extension-validator.js +3 -6
- package/dist/lib/extension-validator.js.map +1 -1
- package/dist/lib/feature-flags.d.ts +5 -2
- package/dist/lib/feature-flags.d.ts.map +1 -1
- package/dist/lib/feature-flags.js +15 -48
- package/dist/lib/feature-flags.js.map +1 -1
- package/dist/lib/feature-toggle-global-client.d.ts +6 -0
- package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
- package/dist/lib/feature-toggle-global-client.js +73 -0
- package/dist/lib/feature-toggle-global-client.js.map +1 -0
- package/dist/lib/feature-toggle-service.d.ts +137 -27
- package/dist/lib/feature-toggle-service.d.ts.map +1 -1
- package/dist/lib/feature-toggle-service.js +302 -119
- package/dist/lib/feature-toggle-service.js.map +1 -1
- package/dist/lib/feed-handler.d.ts +8 -8
- package/dist/lib/feed-handler.d.ts.map +1 -1
- package/dist/lib/feed-handler.js +33 -62
- package/dist/lib/feed-handler.js.map +1 -1
- package/dist/lib/feed-pagination.d.ts +26 -0
- package/dist/lib/feed-pagination.d.ts.map +1 -1
- package/dist/lib/feed-pagination.js +31 -11
- package/dist/lib/feed-pagination.js.map +1 -1
- package/dist/lib/feed-personalization.d.ts +1 -1
- package/dist/lib/feed-personalization.d.ts.map +1 -1
- package/dist/lib/feed-personalization.js +6 -43
- package/dist/lib/feed-personalization.js.map +1 -1
- package/dist/lib/followers-events.js +8 -13
- package/dist/lib/followers-events.js.map +1 -1
- package/dist/lib/friends-handler.d.ts +2 -2
- package/dist/lib/friends-handler.d.ts.map +1 -1
- package/dist/lib/friends-handler.js +9 -46
- package/dist/lib/friends-handler.js.map +1 -1
- package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
- package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
- package/dist/lib/geo/entity-geo-repository.js +91 -0
- package/dist/lib/geo/entity-geo-repository.js.map +1 -0
- package/dist/lib/graph/errors.d.ts.map +1 -1
- package/dist/lib/graph/errors.js +13 -18
- package/dist/lib/graph/errors.js.map +1 -1
- package/dist/lib/graph/graph-factory.d.ts +12 -53
- package/dist/lib/graph/graph-factory.d.ts.map +1 -1
- package/dist/lib/graph/graph-factory.js +67 -162
- package/dist/lib/graph/graph-factory.js.map +1 -1
- package/dist/lib/graph/graph-service.d.ts +1 -1
- package/dist/lib/graph/graph-service.d.ts.map +1 -1
- package/dist/lib/graph/graph-service.js +1 -2
- package/dist/lib/graph/graph-service.js.map +1 -1
- package/dist/lib/graph/index.d.ts +10 -14
- package/dist/lib/graph/index.d.ts.map +1 -1
- package/dist/lib/graph/index.js +12 -46
- package/dist/lib/graph/index.js.map +1 -1
- package/dist/lib/graph/postgres/_shared.d.ts +18 -0
- package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
- package/dist/lib/graph/postgres/_shared.js +24 -0
- package/dist/lib/graph/postgres/_shared.js.map +1 -0
- package/dist/lib/graph/postgres/circles.d.ts +66 -0
- package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
- package/dist/lib/graph/postgres/circles.js +513 -0
- package/dist/lib/graph/postgres/circles.js.map +1 -0
- package/dist/lib/graph/postgres/discovery.d.ts +165 -0
- package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
- package/dist/lib/graph/postgres/discovery.js +579 -0
- package/dist/lib/graph/postgres/discovery.js.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.js +304 -0
- package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.js +162 -0
- package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
- package/dist/lib/graph/postgres/relationships.d.ts +58 -0
- package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/relationships.js +314 -0
- package/dist/lib/graph/postgres/relationships.js.map +1 -0
- package/dist/lib/graph/postgres/scoring.d.ts +74 -0
- package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
- package/dist/lib/graph/postgres/scoring.js +297 -0
- package/dist/lib/graph/postgres/scoring.js.map +1 -0
- package/dist/lib/graph/postgres/sync.d.ts +149 -0
- package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
- package/dist/lib/graph/postgres/sync.js +269 -0
- package/dist/lib/graph/postgres/sync.js.map +1 -0
- package/dist/lib/graph/scoring-engine.d.ts +7 -1
- package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
- package/dist/lib/graph/scoring-engine.js +29 -35
- package/dist/lib/graph/scoring-engine.js.map +1 -1
- package/dist/lib/graph/types.d.ts +18 -1
- package/dist/lib/graph/types.d.ts.map +1 -1
- package/dist/lib/graph/types.js +1 -2
- package/dist/lib/graph/types.js.map +1 -1
- package/dist/lib/hook-dispatcher.d.ts +1 -1
- package/dist/lib/hook-dispatcher.d.ts.map +1 -1
- package/dist/lib/hook-dispatcher.js +8 -12
- package/dist/lib/hook-dispatcher.js.map +1 -1
- package/dist/lib/input-sanitizer.js +1 -5
- package/dist/lib/input-sanitizer.js.map +1 -1
- package/dist/lib/internal-docs-handler.d.ts +2 -2
- package/dist/lib/internal-docs-handler.d.ts.map +1 -1
- package/dist/lib/internal-docs-handler.js +20 -28
- package/dist/lib/internal-docs-handler.js.map +1 -1
- package/dist/lib/internal-docs-navigation.js +2 -6
- package/dist/lib/internal-docs-navigation.js.map +1 -1
- package/dist/lib/invitation-handler.d.ts +2 -2
- package/dist/lib/invitation-handler.d.ts.map +1 -1
- package/dist/lib/invitation-handler.js +41 -82
- package/dist/lib/invitation-handler.js.map +1 -1
- package/dist/lib/ip-scrubber.js +3 -8
- package/dist/lib/ip-scrubber.js.map +1 -1
- package/dist/lib/link-security-handler.d.ts +3 -2
- package/dist/lib/link-security-handler.d.ts.map +1 -1
- package/dist/lib/link-security-handler.js +8 -44
- package/dist/lib/link-security-handler.js.map +1 -1
- package/dist/lib/logger.d.ts +31 -82
- package/dist/lib/logger.d.ts.map +1 -1
- package/dist/lib/logger.js +43 -185
- package/dist/lib/logger.js.map +1 -1
- package/dist/lib/media-cleanup-handler.d.ts +2 -2
- package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
- package/dist/lib/media-cleanup-handler.js +7 -11
- package/dist/lib/media-cleanup-handler.js.map +1 -1
- package/dist/lib/media-handler.d.ts +1 -1
- package/dist/lib/media-handler.d.ts.map +1 -1
- package/dist/lib/media-handler.js +36 -73
- package/dist/lib/media-handler.js.map +1 -1
- package/dist/lib/media-metadata-extractor.d.ts +1 -1
- package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
- package/dist/lib/media-metadata-extractor.js +3 -7
- package/dist/lib/media-metadata-extractor.js.map +1 -1
- package/dist/lib/media-metrics.d.ts +2 -2
- package/dist/lib/media-metrics.d.ts.map +1 -1
- package/dist/lib/media-metrics.js +3 -7
- package/dist/lib/media-metrics.js.map +1 -1
- package/dist/lib/metadata/index.d.ts +5 -5
- package/dist/lib/metadata/index.d.ts.map +1 -1
- package/dist/lib/metadata/index.js +5 -21
- package/dist/lib/metadata/index.js.map +1 -1
- package/dist/lib/metadata/metadata-config.js +2 -5
- package/dist/lib/metadata/metadata-config.js.map +1 -1
- package/dist/lib/metadata/metadata-errors.js +2 -7
- package/dist/lib/metadata/metadata-errors.js.map +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-extractor.js +42 -82
- package/dist/lib/metadata/metadata-extractor.js.map +1 -1
- package/dist/lib/metadata/metadata-sanitizer.js +17 -24
- package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
- package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
- package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-schemas.js +31 -34
- package/dist/lib/metadata/metadata-schemas.js.map +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
- package/dist/lib/mfa/mfa-handler.js +13 -17
- package/dist/lib/mfa/mfa-handler.js.map +1 -1
- package/dist/lib/mfa/totp-service.js +8 -18
- package/dist/lib/mfa/totp-service.js.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.js +7 -10
- package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
- package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
- package/dist/lib/middleware/idempotency-store.js +20 -26
- package/dist/lib/middleware/idempotency-store.js.map +1 -1
- package/dist/lib/middleware/idempotency.d.ts +2 -2
- package/dist/lib/middleware/idempotency.d.ts.map +1 -1
- package/dist/lib/middleware/idempotency.js +12 -50
- package/dist/lib/middleware/idempotency.js.map +1 -1
- package/dist/lib/middleware.d.ts +22 -9
- package/dist/lib/middleware.d.ts.map +1 -1
- package/dist/lib/middleware.js +72 -153
- package/dist/lib/middleware.js.map +1 -1
- package/dist/lib/moderation-handler.d.ts +1 -1
- package/dist/lib/moderation-handler.d.ts.map +1 -1
- package/dist/lib/moderation-handler.js +15 -54
- package/dist/lib/moderation-handler.js.map +1 -1
- package/dist/lib/net/trusted-client-ip.d.ts +8 -30
- package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
- package/dist/lib/net/trusted-client-ip.js +13 -94
- package/dist/lib/net/trusted-client-ip.js.map +1 -1
- package/dist/lib/notification-handler.d.ts +1 -1
- package/dist/lib/notification-handler.d.ts.map +1 -1
- package/dist/lib/notification-handler.js +10 -15
- package/dist/lib/notification-handler.js.map +1 -1
- package/dist/lib/notification-preferences-handler.d.ts +1 -1
- package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
- package/dist/lib/notification-preferences-handler.js +7 -11
- package/dist/lib/notification-preferences-handler.js.map +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
- package/dist/lib/oauth/cognito-issuer.js +5 -10
- package/dist/lib/oauth/cognito-issuer.js.map +1 -1
- package/dist/lib/oauth/device-authorization.d.ts +1 -1
- package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
- package/dist/lib/oauth/device-authorization.js +62 -77
- package/dist/lib/oauth/device-authorization.js.map +1 -1
- package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
- package/dist/lib/oauth/envelope-crypto.js +22 -34
- package/dist/lib/oauth/envelope-crypto.js.map +1 -1
- package/dist/lib/oauth/refresh-detection.js +42 -52
- package/dist/lib/oauth/refresh-detection.js.map +1 -1
- package/dist/lib/openai-budget.d.ts.map +1 -1
- package/dist/lib/openai-budget.js +7 -44
- package/dist/lib/openai-budget.js.map +1 -1
- package/dist/lib/openapi/generator.d.ts +1 -1
- package/dist/lib/openapi/generator.d.ts.map +1 -1
- package/dist/lib/openapi/generator.js +2 -6
- package/dist/lib/openapi/generator.js.map +1 -1
- package/dist/lib/orphaned-media-handler.d.ts +1 -1
- package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
- package/dist/lib/orphaned-media-handler.js +9 -46
- package/dist/lib/orphaned-media-handler.js.map +1 -1
- package/dist/lib/parental-control-handler.d.ts +2 -2
- package/dist/lib/parental-control-handler.d.ts.map +1 -1
- package/dist/lib/parental-control-handler.js +18 -55
- package/dist/lib/parental-control-handler.js.map +1 -1
- package/dist/lib/parental-link-handler.d.ts +8 -8
- package/dist/lib/parental-link-handler.d.ts.map +1 -1
- package/dist/lib/parental-link-handler.js +10 -14
- package/dist/lib/parental-link-handler.js.map +1 -1
- package/dist/lib/performance-metrics.d.ts +1 -1
- package/dist/lib/performance-metrics.d.ts.map +1 -1
- package/dist/lib/performance-metrics.js +3 -6
- package/dist/lib/performance-metrics.js.map +1 -1
- package/dist/lib/post-handler.d.ts +9 -9
- package/dist/lib/post-handler.d.ts.map +1 -1
- package/dist/lib/post-handler.js +67 -101
- package/dist/lib/post-handler.js.map +1 -1
- package/dist/lib/privacy-defaults.js +3 -8
- package/dist/lib/privacy-defaults.js.map +1 -1
- package/dist/lib/privacy-handler.d.ts +2 -2
- package/dist/lib/privacy-handler.d.ts.map +1 -1
- package/dist/lib/privacy-handler.js +6 -10
- package/dist/lib/privacy-handler.js.map +1 -1
- package/dist/lib/pseudonym.d.ts +56 -0
- package/dist/lib/pseudonym.d.ts.map +1 -0
- package/dist/lib/pseudonym.js +85 -0
- package/dist/lib/pseudonym.js.map +1 -0
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
- package/dist/lib/quiet-hours.js +2 -6
- package/dist/lib/quiet-hours.js.map +1 -1
- package/dist/lib/rate-limit.d.ts +58 -47
- package/dist/lib/rate-limit.d.ts.map +1 -1
- package/dist/lib/rate-limit.js +168 -157
- package/dist/lib/rate-limit.js.map +1 -1
- package/dist/lib/reaction-handler.d.ts +10 -10
- package/dist/lib/reaction-handler.d.ts.map +1 -1
- package/dist/lib/reaction-handler.js +44 -80
- package/dist/lib/reaction-handler.js.map +1 -1
- package/dist/lib/recaptcha.js +6 -9
- package/dist/lib/recaptcha.js.map +1 -1
- package/dist/lib/redirect-resolver.d.ts +2 -2
- package/dist/lib/redirect-resolver.d.ts.map +1 -1
- package/dist/lib/redirect-resolver.js +5 -9
- package/dist/lib/redirect-resolver.js.map +1 -1
- package/dist/lib/region-config.d.ts +3 -3
- package/dist/lib/region-config.d.ts.map +1 -1
- package/dist/lib/region-config.js +15 -58
- package/dist/lib/region-config.js.map +1 -1
- package/dist/lib/region-detection.d.ts +55 -24
- package/dist/lib/region-detection.d.ts.map +1 -1
- package/dist/lib/region-detection.js +140 -199
- package/dist/lib/region-detection.js.map +1 -1
- package/dist/lib/region-registry.d.ts +49 -0
- package/dist/lib/region-registry.d.ts.map +1 -0
- package/dist/lib/region-registry.js +112 -0
- package/dist/lib/region-registry.js.map +1 -0
- package/dist/lib/relationship-handler.d.ts +9 -9
- package/dist/lib/relationship-handler.d.ts.map +1 -1
- package/dist/lib/relationship-handler.js +12 -49
- package/dist/lib/relationship-handler.js.map +1 -1
- package/dist/lib/request-context.d.ts +16 -16
- package/dist/lib/request-context.d.ts.map +1 -1
- package/dist/lib/request-context.js +14 -22
- package/dist/lib/request-context.js.map +1 -1
- package/dist/lib/route-helpers.d.ts +3 -4
- package/dist/lib/route-helpers.d.ts.map +1 -1
- package/dist/lib/route-helpers.js +20 -75
- package/dist/lib/route-helpers.js.map +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/actor.js +20 -23
- package/dist/lib/routes/activitypub/actor.js.map +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/audiences.js +76 -80
- package/dist/lib/routes/activitypub/audiences.js.map +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/collections.js +24 -26
- package/dist/lib/routes/activitypub/collections.js.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.js +36 -39
- package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/friends.js +9 -12
- package/dist/lib/routes/activitypub/friends.js.map +1 -1
- package/dist/lib/routes/activitypub/group.d.ts +1 -1
- package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/group.js +91 -94
- package/dist/lib/routes/activitypub/group.js.map +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/inbox.js +30 -33
- package/dist/lib/routes/activitypub/inbox.js.map +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/messages.js +79 -83
- package/dist/lib/routes/activitypub/messages.js.map +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/outbox.js +9 -12
- package/dist/lib/routes/activitypub/outbox.js.map +1 -1
- package/dist/lib/routes/activitypub/post.d.ts +1 -1
- package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/post.js +32 -35
- package/dist/lib/routes/activitypub/post.js.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.js +5 -8
- package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
- package/dist/lib/routes/admin-costs.d.ts +1 -1
- package/dist/lib/routes/admin-costs.d.ts.map +1 -1
- package/dist/lib/routes/admin-costs.js +22 -26
- package/dist/lib/routes/admin-costs.js.map +1 -1
- package/dist/lib/routes/admin.d.ts +1 -1
- package/dist/lib/routes/admin.d.ts.map +1 -1
- package/dist/lib/routes/admin.js +290 -269
- package/dist/lib/routes/admin.js.map +1 -1
- package/dist/lib/routes/agent-authorize.d.ts +5 -5
- package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
- package/dist/lib/routes/agent-authorize.js +68 -74
- package/dist/lib/routes/agent-authorize.js.map +1 -1
- package/dist/lib/routes/agent-sessions.d.ts +4 -4
- package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
- package/dist/lib/routes/agent-sessions.js +30 -35
- package/dist/lib/routes/agent-sessions.js.map +1 -1
- package/dist/lib/routes/agent-surface.d.ts +2 -2
- package/dist/lib/routes/agent-surface.d.ts.map +1 -1
- package/dist/lib/routes/agent-surface.js +20 -24
- package/dist/lib/routes/agent-surface.js.map +1 -1
- package/dist/lib/routes/auth-discover.d.ts +1 -1
- package/dist/lib/routes/auth-discover.d.ts.map +1 -1
- package/dist/lib/routes/auth-discover.js +20 -56
- package/dist/lib/routes/auth-discover.js.map +1 -1
- package/dist/lib/routes/auth.d.ts +1 -1
- package/dist/lib/routes/auth.d.ts.map +1 -1
- package/dist/lib/routes/auth.js +13 -16
- package/dist/lib/routes/auth.js.map +1 -1
- package/dist/lib/routes/badges.d.ts +1 -1
- package/dist/lib/routes/badges.d.ts.map +1 -1
- package/dist/lib/routes/badges.js +20 -23
- package/dist/lib/routes/badges.js.map +1 -1
- package/dist/lib/routes/circles.d.ts +1 -1
- package/dist/lib/routes/circles.d.ts.map +1 -1
- package/dist/lib/routes/circles.js +40 -44
- package/dist/lib/routes/circles.js.map +1 -1
- package/dist/lib/routes/comments.d.ts +1 -1
- package/dist/lib/routes/comments.d.ts.map +1 -1
- package/dist/lib/routes/comments.js +67 -71
- package/dist/lib/routes/comments.js.map +1 -1
- package/dist/lib/routes/connection-codes.d.ts +1 -1
- package/dist/lib/routes/connection-codes.d.ts.map +1 -1
- package/dist/lib/routes/connection-codes.js +30 -34
- package/dist/lib/routes/connection-codes.js.map +1 -1
- package/dist/lib/routes/content-discovery.d.ts +1 -1
- package/dist/lib/routes/content-discovery.d.ts.map +1 -1
- package/dist/lib/routes/content-discovery.js +31 -34
- package/dist/lib/routes/content-discovery.js.map +1 -1
- package/dist/lib/routes/dashboard.d.ts +1 -1
- package/dist/lib/routes/dashboard.d.ts.map +1 -1
- package/dist/lib/routes/dashboard.js +251 -288
- package/dist/lib/routes/dashboard.js.map +1 -1
- package/dist/lib/routes/deletion.d.ts +1 -1
- package/dist/lib/routes/deletion.d.ts.map +1 -1
- package/dist/lib/routes/deletion.js +37 -74
- package/dist/lib/routes/deletion.js.map +1 -1
- package/dist/lib/routes/discovery.d.ts +1 -1
- package/dist/lib/routes/discovery.d.ts.map +1 -1
- package/dist/lib/routes/discovery.js +20 -24
- package/dist/lib/routes/discovery.js.map +1 -1
- package/dist/lib/routes/employees.d.ts +1 -1
- package/dist/lib/routes/employees.d.ts.map +1 -1
- package/dist/lib/routes/employees.js +15 -52
- package/dist/lib/routes/employees.js.map +1 -1
- package/dist/lib/routes/entities.d.ts +1 -1
- package/dist/lib/routes/entities.d.ts.map +1 -1
- package/dist/lib/routes/entities.js +133 -137
- package/dist/lib/routes/entities.js.map +1 -1
- package/dist/lib/routes/entity-relationships.d.ts +1 -1
- package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
- package/dist/lib/routes/entity-relationships.js +35 -39
- package/dist/lib/routes/entity-relationships.js.map +1 -1
- package/dist/lib/routes/errors.d.ts +1 -1
- package/dist/lib/routes/errors.d.ts.map +1 -1
- package/dist/lib/routes/errors.js +4 -10
- package/dist/lib/routes/errors.js.map +1 -1
- package/dist/lib/routes/export.d.ts +1 -1
- package/dist/lib/routes/export.d.ts.map +1 -1
- package/dist/lib/routes/export.js +31 -35
- package/dist/lib/routes/export.js.map +1 -1
- package/dist/lib/routes/feature-flags.d.ts +1 -1
- package/dist/lib/routes/feature-flags.d.ts.map +1 -1
- package/dist/lib/routes/feature-flags.js +20 -23
- package/dist/lib/routes/feature-flags.js.map +1 -1
- package/dist/lib/routes/feeds.d.ts +1 -1
- package/dist/lib/routes/feeds.d.ts.map +1 -1
- package/dist/lib/routes/feeds.js +42 -46
- package/dist/lib/routes/feeds.js.map +1 -1
- package/dist/lib/routes/friends.d.ts +1 -1
- package/dist/lib/routes/friends.d.ts.map +1 -1
- package/dist/lib/routes/friends.js +35 -39
- package/dist/lib/routes/friends.js.map +1 -1
- package/dist/lib/routes/health.d.ts +1 -1
- package/dist/lib/routes/health.d.ts.map +1 -1
- package/dist/lib/routes/health.js +23 -27
- package/dist/lib/routes/health.js.map +1 -1
- package/dist/lib/routes/index.d.ts +2 -7
- package/dist/lib/routes/index.d.ts.map +1 -1
- package/dist/lib/routes/index.js +137 -158
- package/dist/lib/routes/index.js.map +1 -1
- package/dist/lib/routes/internal-docs.d.ts +1 -1
- package/dist/lib/routes/internal-docs.d.ts.map +1 -1
- package/dist/lib/routes/internal-docs.js +13 -16
- package/dist/lib/routes/internal-docs.js.map +1 -1
- package/dist/lib/routes/invitations.d.ts +1 -1
- package/dist/lib/routes/invitations.d.ts.map +1 -1
- package/dist/lib/routes/invitations.js +19 -22
- package/dist/lib/routes/invitations.js.map +1 -1
- package/dist/lib/routes/link-reports.d.ts +2 -2
- package/dist/lib/routes/link-reports.d.ts.map +1 -1
- package/dist/lib/routes/link-reports.js +86 -48
- package/dist/lib/routes/link-reports.js.map +1 -1
- package/dist/lib/routes/map.d.ts +1 -1
- package/dist/lib/routes/map.d.ts.map +1 -1
- package/dist/lib/routes/map.js +5 -8
- package/dist/lib/routes/map.js.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.js +30 -67
- package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
- package/dist/lib/routes/media.d.ts +1 -1
- package/dist/lib/routes/media.d.ts.map +1 -1
- package/dist/lib/routes/media.js +156 -193
- package/dist/lib/routes/media.js.map +1 -1
- package/dist/lib/routes/mfa.d.ts +1 -1
- package/dist/lib/routes/mfa.d.ts.map +1 -1
- package/dist/lib/routes/mfa.js +60 -64
- package/dist/lib/routes/mfa.js.map +1 -1
- package/dist/lib/routes/notifications.d.ts +1 -1
- package/dist/lib/routes/notifications.d.ts.map +1 -1
- package/dist/lib/routes/notifications.js +68 -72
- package/dist/lib/routes/notifications.js.map +1 -1
- package/dist/lib/routes/oauth.d.ts +1 -1
- package/dist/lib/routes/oauth.d.ts.map +1 -1
- package/dist/lib/routes/oauth.js +20 -23
- package/dist/lib/routes/oauth.js.map +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media-health.js +10 -13
- package/dist/lib/routes/orphaned-media-health.js.map +1 -1
- package/dist/lib/routes/orphaned-media.d.ts +1 -1
- package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media.js +20 -57
- package/dist/lib/routes/orphaned-media.js.map +1 -1
- package/dist/lib/routes/out.d.ts +1 -1
- package/dist/lib/routes/out.d.ts.map +1 -1
- package/dist/lib/routes/out.js +21 -24
- package/dist/lib/routes/out.js.map +1 -1
- package/dist/lib/routes/parental-controls.d.ts +1 -1
- package/dist/lib/routes/parental-controls.d.ts.map +1 -1
- package/dist/lib/routes/parental-controls.js +91 -95
- package/dist/lib/routes/parental-controls.js.map +1 -1
- package/dist/lib/routes/posts.d.ts +1 -1
- package/dist/lib/routes/posts.d.ts.map +1 -1
- package/dist/lib/routes/posts.js +101 -105
- package/dist/lib/routes/posts.js.map +1 -1
- package/dist/lib/routes/privacy.d.ts +1 -1
- package/dist/lib/routes/privacy.d.ts.map +1 -1
- package/dist/lib/routes/privacy.js +21 -25
- package/dist/lib/routes/privacy.js.map +1 -1
- package/dist/lib/routes/products.d.ts +1 -1
- package/dist/lib/routes/products.d.ts.map +1 -1
- package/dist/lib/routes/products.js +44 -48
- package/dist/lib/routes/products.js.map +1 -1
- package/dist/lib/routes/relationships.d.ts +1 -1
- package/dist/lib/routes/relationships.d.ts.map +1 -1
- package/dist/lib/routes/relationships.js +35 -39
- package/dist/lib/routes/relationships.js.map +1 -1
- package/dist/lib/routes/sentiments.d.ts +1 -1
- package/dist/lib/routes/sentiments.d.ts.map +1 -1
- package/dist/lib/routes/sentiments.js +71 -75
- package/dist/lib/routes/sentiments.js.map +1 -1
- package/dist/lib/routes/setup-status.d.ts +1 -1
- package/dist/lib/routes/setup-status.d.ts.map +1 -1
- package/dist/lib/routes/setup-status.js +17 -20
- package/dist/lib/routes/setup-status.js.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.js +29 -33
- package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
- package/dist/lib/routes/taxonomy.d.ts +1 -1
- package/dist/lib/routes/taxonomy.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy.js +48 -51
- package/dist/lib/routes/taxonomy.js.map +1 -1
- package/dist/lib/routes/tenant-audit.d.ts +1 -1
- package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
- package/dist/lib/routes/tenant-audit.js +35 -92
- package/dist/lib/routes/tenant-audit.js.map +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
- package/dist/lib/routes/tenant-compliance.js +16 -52
- package/dist/lib/routes/tenant-compliance.js.map +1 -1
- package/dist/lib/routes/tenant-domains.d.ts +1 -1
- package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
- package/dist/lib/routes/tenant-domains.js +27 -30
- package/dist/lib/routes/tenant-domains.js.map +1 -1
- package/dist/lib/routes/tenant-idp.d.ts +1 -1
- package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
- package/dist/lib/routes/tenant-idp.js +27 -30
- package/dist/lib/routes/tenant-idp.js.map +1 -1
- package/dist/lib/routes/tenant-members.d.ts +1 -1
- package/dist/lib/routes/tenant-members.d.ts.map +1 -1
- package/dist/lib/routes/tenant-members.js +21 -24
- package/dist/lib/routes/tenant-members.js.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.js +27 -30
- package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
- package/dist/lib/routes/tenants.d.ts +1 -1
- package/dist/lib/routes/tenants.d.ts.map +1 -1
- package/dist/lib/routes/tenants.js +37 -40
- package/dist/lib/routes/tenants.js.map +1 -1
- package/dist/lib/routes/types.d.ts +10 -5
- package/dist/lib/routes/types.d.ts.map +1 -1
- package/dist/lib/routes/types.js +1 -2
- package/dist/lib/routes/types.js.map +1 -1
- package/dist/lib/routes/upload-sessions.d.ts +1 -1
- package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
- package/dist/lib/routes/upload-sessions.js +57 -94
- package/dist/lib/routes/upload-sessions.js.map +1 -1
- package/dist/lib/routes/user.d.ts +1 -1
- package/dist/lib/routes/user.d.ts.map +1 -1
- package/dist/lib/routes/user.js +137 -85
- package/dist/lib/routes/user.js.map +1 -1
- package/dist/lib/routes.d.ts +2 -2
- package/dist/lib/routes.d.ts.map +1 -1
- package/dist/lib/routes.js +2 -7
- package/dist/lib/routes.js.map +1 -1
- package/dist/lib/scaling-health.d.ts.map +1 -1
- package/dist/lib/scaling-health.js +6 -9
- package/dist/lib/scaling-health.js.map +1 -1
- package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
- package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
- package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
- package/dist/lib/schemas.d.ts +85 -204
- package/dist/lib/schemas.d.ts.map +1 -1
- package/dist/lib/schemas.js +71 -74
- package/dist/lib/schemas.js.map +1 -1
- package/dist/lib/secrets/idp-secrets.d.ts +1 -1
- package/dist/lib/secrets/idp-secrets.js +13 -19
- package/dist/lib/secrets/idp-secrets.js.map +1 -1
- package/dist/lib/security-event-cleaner.js +1 -5
- package/dist/lib/security-event-cleaner.js.map +1 -1
- package/dist/lib/security-headers.js +1 -5
- package/dist/lib/security-headers.js.map +1 -1
- package/dist/lib/security-monitor.d.ts +4 -2
- package/dist/lib/security-monitor.d.ts.map +1 -1
- package/dist/lib/security-monitor.js +16 -18
- package/dist/lib/security-monitor.js.map +1 -1
- package/dist/lib/sentiment-digest.d.ts +1 -1
- package/dist/lib/sentiment-digest.d.ts.map +1 -1
- package/dist/lib/sentiment-digest.js +5 -8
- package/dist/lib/sentiment-digest.js.map +1 -1
- package/dist/lib/sentiment-display.js +3 -7
- package/dist/lib/sentiment-display.js.map +1 -1
- package/dist/lib/services/image-normalizer.js +1 -5
- package/dist/lib/services/image-normalizer.js.map +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
- package/dist/lib/services/media-reconciliation-service.js +7 -11
- package/dist/lib/services/media-reconciliation-service.js.map +1 -1
- package/dist/lib/services/media-upload-service.d.ts +1 -1
- package/dist/lib/services/media-upload-service.d.ts.map +1 -1
- package/dist/lib/services/media-upload-service.js +4 -8
- package/dist/lib/services/media-upload-service.js.map +1 -1
- package/dist/lib/services/user-data-deletion.d.ts +45 -2
- package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
- package/dist/lib/services/user-data-deletion.js +87 -9
- package/dist/lib/services/user-data-deletion.js.map +1 -1
- package/dist/lib/session-awareness.js +2 -6
- package/dist/lib/session-awareness.js.map +1 -1
- package/dist/lib/session-config.js +8 -17
- package/dist/lib/session-config.js.map +1 -1
- package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
- package/dist/lib/session-cookie.d.ts.map +1 -0
- package/dist/lib/session-cookie.js +0 -0
- package/dist/lib/session-cookie.js.map +1 -0
- package/dist/lib/signup-metadata.d.ts +129 -0
- package/dist/lib/signup-metadata.d.ts.map +1 -0
- package/dist/lib/signup-metadata.js +127 -0
- package/dist/lib/signup-metadata.js.map +1 -0
- package/dist/lib/sso-auth-handler.js +1 -5
- package/dist/lib/sso-auth-handler.js.map +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
- package/dist/lib/tag-suggestions-handler.js +1 -5
- package/dist/lib/tag-suggestions-handler.js.map +1 -1
- package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
- package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler-factory.js +7 -10
- package/dist/lib/taxonomy-handler-factory.js.map +1 -1
- package/dist/lib/taxonomy-handler.d.ts +2 -2
- package/dist/lib/taxonomy-handler.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler.js +8 -8
- package/dist/lib/taxonomy-handler.js.map +1 -1
- package/dist/lib/taxonomy-metrics.js +5 -9
- package/dist/lib/taxonomy-metrics.js.map +1 -1
- package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
- package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
- package/dist/lib/taxonomy-search-metrics.js +3 -7
- package/dist/lib/taxonomy-search-metrics.js.map +1 -1
- package/dist/lib/tenant/audit-emit.d.ts +18 -8
- package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
- package/dist/lib/tenant/audit-emit.js +50 -11
- package/dist/lib/tenant/audit-emit.js.map +1 -1
- package/dist/lib/tenant/derive-domain.js +1 -4
- package/dist/lib/tenant/derive-domain.js.map +1 -1
- package/dist/lib/tenant/domain-handler.d.ts +2 -2
- package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
- package/dist/lib/tenant/domain-handler.js +50 -62
- package/dist/lib/tenant/domain-handler.js.map +1 -1
- package/dist/lib/tenant/domain-validator.d.ts +1 -1
- package/dist/lib/tenant/domain-validator.js +10 -13
- package/dist/lib/tenant/domain-validator.js.map +1 -1
- package/dist/lib/tenant/domain-verifier.d.ts +3 -3
- package/dist/lib/tenant/domain-verifier.js +8 -11
- package/dist/lib/tenant/domain-verifier.js.map +1 -1
- package/dist/lib/tenant/idp-handler.d.ts +4 -4
- package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
- package/dist/lib/tenant/idp-handler.js +45 -82
- package/dist/lib/tenant/idp-handler.js.map +1 -1
- package/dist/lib/tenant/idp-name.js +1 -4
- package/dist/lib/tenant/idp-name.js.map +1 -1
- package/dist/lib/tenant/member-handler.d.ts +2 -2
- package/dist/lib/tenant/member-handler.d.ts.map +1 -1
- package/dist/lib/tenant/member-handler.js +30 -67
- package/dist/lib/tenant/member-handler.js.map +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
- package/dist/lib/tenant/reserved-slugs.js +8 -14
- package/dist/lib/tenant/reserved-slugs.js.map +1 -1
- package/dist/lib/tenant/resolve-role.js +1 -4
- package/dist/lib/tenant/resolve-role.js.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
- package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.js +24 -61
- package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
- package/dist/lib/tenant/setup-status.d.ts +1 -1
- package/dist/lib/tenant/setup-status.d.ts.map +1 -1
- package/dist/lib/tenant/setup-status.js +3 -40
- package/dist/lib/tenant/setup-status.js.map +1 -1
- package/dist/lib/tenant/slug-validator.js +3 -6
- package/dist/lib/tenant/slug-validator.js.map +1 -1
- package/dist/lib/tenant/tenant-handler.d.ts +2 -2
- package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
- package/dist/lib/tenant/tenant-handler.js +31 -68
- package/dist/lib/tenant/tenant-handler.js.map +1 -1
- package/dist/lib/tenant/transfer-ownership.js +2 -6
- package/dist/lib/tenant/transfer-ownership.js.map +1 -1
- package/dist/lib/tenant-scope.d.ts +97 -0
- package/dist/lib/tenant-scope.d.ts.map +1 -0
- package/dist/lib/tenant-scope.js +270 -0
- package/dist/lib/tenant-scope.js.map +1 -0
- package/dist/lib/terminology.d.ts.map +1 -1
- package/dist/lib/terminology.js +7 -9
- package/dist/lib/terminology.js.map +1 -1
- package/dist/lib/theme.js +2 -6
- package/dist/lib/theme.js.map +1 -1
- package/dist/lib/threat-intel-service.d.ts +2 -2
- package/dist/lib/threat-intel-service.d.ts.map +1 -1
- package/dist/lib/threat-intel-service.js +3 -7
- package/dist/lib/threat-intel-service.js.map +1 -1
- package/dist/lib/types/media-reconciliation.js +1 -2
- package/dist/lib/types/media-reconciliation.js.map +1 -1
- package/dist/lib/upload-session-handler.d.ts +1 -1
- package/dist/lib/upload-session-handler.d.ts.map +1 -1
- package/dist/lib/upload-session-handler.js +13 -50
- package/dist/lib/upload-session-handler.js.map +1 -1
- package/dist/lib/user/derive-handle.js +2 -6
- package/dist/lib/user/derive-handle.js.map +1 -1
- package/dist/lib/user-badge.js +6 -14
- package/dist/lib/user-badge.js.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
- package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.js +16 -53
- package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
- package/dist/lib/user-deprovisioning.d.ts +1 -1
- package/dist/lib/user-deprovisioning.d.ts.map +1 -1
- package/dist/lib/user-deprovisioning.js +16 -20
- package/dist/lib/user-deprovisioning.js.map +1 -1
- package/dist/lib/user-export-handler.d.ts +4 -4
- package/dist/lib/user-export-handler.d.ts.map +1 -1
- package/dist/lib/user-export-handler.js +11 -15
- package/dist/lib/user-export-handler.js.map +1 -1
- package/dist/lib/validate-request.js +8 -13
- package/dist/lib/validate-request.js.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
- package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.js +50 -59
- package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
- package/dist/lib/validation/validate-request.d.ts.map +1 -1
- package/dist/lib/validation/validate-request.js +12 -23
- package/dist/lib/validation/validate-request.js.map +1 -1
- package/dist/lib/validation.js +1 -5
- package/dist/lib/validation.js.map +1 -1
- package/dist/lib/version.js +3 -8
- package/dist/lib/version.js.map +1 -1
- package/dist/server.d.ts +1 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +29 -69
- package/dist/server.js.map +1 -1
- package/dist/types/cloudflare-compat.d.ts +3 -93
- package/dist/types/cloudflare-compat.d.ts.map +1 -1
- package/dist/types/cloudflare-compat.js +1 -2
- package/dist/types/cloudflare-compat.js.map +1 -1
- package/dist/worker.d.ts +6 -6
- package/dist/worker.d.ts.map +1 -1
- package/dist/worker.js +6 -13
- package/dist/worker.js.map +1 -1
- package/package.json +30 -17
- package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
- package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
- package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
- package/prisma/schema.prisma +419 -68
- package/src/lambda/cleanup-cron.ts +10 -7
- package/src/lambda/create-auth-challenge.ts +6 -3
- package/src/lambda/delete-account-worker.ts +17 -12
- package/src/lambda/diagnostics-proxy.ts +9 -6
- package/src/lambda/e2e-sweeper.ts +17 -23
- package/src/lambda/federation-outbox-worker.ts +4 -1
- package/src/lambda/followers-events-worker.ts +4 -1
- package/src/lambda/hourly-cron.ts +112 -20
- package/src/lambda/link-check-worker.ts +4 -1
- package/src/lambda/maintenance-cron.ts +24 -13
- package/src/lambda/media-processing-worker.ts +5 -2
- package/src/lambda/media-reconciliation-worker.ts +4 -1
- package/src/lambda/nightly-cron.ts +53 -54
- package/src/lambda/post-confirmation.ts +188 -62
- package/src/lambda/pre-token-generation.ts +39 -44
- package/src/lambda/verify-auth-challenge.ts +4 -1
- package/dist/lib/audit/emit.d.ts +0 -56
- package/dist/lib/audit/emit.d.ts.map +0 -1
- package/dist/lib/audit/emit.js +0 -124
- package/dist/lib/audit/emit.js.map +0 -1
- package/dist/lib/audit/event-types.d.ts +0 -36
- package/dist/lib/audit/event-types.d.ts.map +0 -1
- package/dist/lib/audit/event-types.js +0 -69
- package/dist/lib/audit/event-types.js.map +0 -1
- package/dist/lib/audit-logger.d.ts +0 -142
- package/dist/lib/audit-logger.d.ts.map +0 -1
- package/dist/lib/audit-logger.js +0 -326
- package/dist/lib/audit-logger.js.map +0 -1
- package/dist/lib/circuit-breaker.d.ts +0 -27
- package/dist/lib/circuit-breaker.d.ts.map +0 -1
- package/dist/lib/circuit-breaker.js +0 -63
- package/dist/lib/circuit-breaker.js.map +0 -1
- package/dist/lib/graph/dual-write-service.d.ts +0 -116
- package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
- package/dist/lib/graph/dual-write-service.js +0 -332
- package/dist/lib/graph/dual-write-service.js.map +0 -1
- package/dist/lib/graph/dual-write.d.ts +0 -396
- package/dist/lib/graph/dual-write.d.ts.map +0 -1
- package/dist/lib/graph/dual-write.js +0 -53
- package/dist/lib/graph/dual-write.js.map +0 -1
- package/dist/lib/graph/graph-schema-init.d.ts +0 -31
- package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
- package/dist/lib/graph/graph-schema-init.js +0 -105
- package/dist/lib/graph/graph-schema-init.js.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
- package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.js +0 -1625
- package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
- package/dist/lib/graph/reconciliation-service.d.ts +0 -113
- package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
- package/dist/lib/graph/reconciliation-service.js +0 -533
- package/dist/lib/graph/reconciliation-service.js.map +0 -1
- package/dist/lib/id-generator.d.ts +0 -29
- package/dist/lib/id-generator.d.ts.map +0 -1
- package/dist/lib/id-generator.js +0 -51
- package/dist/lib/id-generator.js.map +0 -1
- package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
- package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
- package/dist/lib/kv/dynamodb-kv.js +0 -239
- package/dist/lib/kv/dynamodb-kv.js.map +0 -1
- package/dist/lib/queue/sqs-queue.d.ts +0 -16
- package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
- package/dist/lib/queue/sqs-queue.js +0 -39
- package/dist/lib/queue/sqs-queue.js.map +0 -1
- package/dist/lib/route-matcher.d.ts +0 -24
- package/dist/lib/route-matcher.d.ts.map +0 -1
- package/dist/lib/route-matcher.js +0 -96
- package/dist/lib/route-matcher.js.map +0 -1
- package/dist/lib/router.d.ts +0 -26
- package/dist/lib/router.d.ts.map +0 -1
- package/dist/lib/router.js +0 -90
- package/dist/lib/router.js.map +0 -1
- package/dist/lib/routes-all.d.ts +0 -9
- package/dist/lib/routes-all.d.ts.map +0 -1
- package/dist/lib/routes-all.js +0 -170
- package/dist/lib/routes-all.js.map +0 -1
- package/dist/lib/secret-resolver.d.ts +0 -88
- package/dist/lib/secret-resolver.d.ts.map +0 -1
- package/dist/lib/secret-resolver.js +0 -183
- package/dist/lib/secret-resolver.js.map +0 -1
- package/dist/lib/session-manager.d.ts.map +0 -1
- package/dist/lib/session-manager.js +0 -492
- package/dist/lib/session-manager.js.map +0 -1
- package/dist/lib/storage/s3-storage.d.ts +0 -29
- package/dist/lib/storage/s3-storage.d.ts.map +0 -1
- package/dist/lib/storage/s3-storage.js +0 -135
- package/dist/lib/storage/s3-storage.js.map +0 -1
- package/dist/lib/tenant-context.d.ts +0 -35
- package/dist/lib/tenant-context.d.ts.map +0 -1
- package/dist/lib/tenant-context.js +0 -54
- package/dist/lib/tenant-context.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-awareness.js","sourceRoot":"","sources":["../../src/lib/session-awareness.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"session-awareness.js","sourceRoot":"","sources":["../../src/lib/session-awareness.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAgBH;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,OAAO;YACV,OAAO;gBACL,iBAAiB,EAAE,EAAE;gBACrB,kBAAkB,EAAE,EAAE;gBACtB,gBAAgB,EAAE,EAAE;aACrB,CAAC;QACJ,KAAK,MAAM;YACT,OAAO;gBACL,iBAAiB,EAAE,EAAE;gBACrB,kBAAkB,EAAE,EAAE;gBACtB,gBAAgB,EAAE,IAAI;aACvB,CAAC;QACJ,KAAK,OAAO;YACV,OAAO;gBACL,iBAAiB,EAAE,EAAE;gBACrB,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,IAAI;aACvB,CAAC;IACN,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAC7B,sBAA8B,EAC9B,OAAgB;IAEhB,MAAM,UAAU,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEjD,4CAA4C;IAC5C,IACE,UAAU,CAAC,gBAAgB,KAAK,IAAI;QACpC,sBAAsB,IAAI,UAAU,CAAC,gBAAgB,EACrD,CAAC;QACD,OAAO;YACL,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,wCAAwC,UAAU,CAAC,gBAAgB,4BAA4B;YACxG,cAAc,EAAE,sBAAsB;SACvC,CAAC;IACJ,CAAC;IAED,qBAAqB;IACrB,IACE,UAAU,CAAC,kBAAkB,KAAK,IAAI;QACtC,sBAAsB,IAAI,UAAU,CAAC,kBAAkB,EACvD,CAAC;QACD,OAAO;YACL,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,4BAA4B,sBAAsB,6BAA6B;YACxF,cAAc,EAAE,sBAAsB;SACvC,CAAC;IACJ,CAAC;IAED,oBAAoB;IACpB,IACE,UAAU,CAAC,iBAAiB,KAAK,IAAI;QACrC,sBAAsB,IAAI,UAAU,CAAC,iBAAiB,EACtD,CAAC;QACD,OAAO;YACL,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,4BAA4B,sBAAsB,oCAAoC;YAC/F,cAAc,EAAE,sBAAsB;SACvC,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -1,18 +1,10 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* Session Configuration
|
|
4
3
|
*
|
|
5
4
|
* Provides configurable session timeout settings following security best practices.
|
|
6
5
|
* Reads from environment variables with sensible defaults.
|
|
7
6
|
*/
|
|
8
|
-
|
|
9
|
-
exports.SessionConfigManager = void 0;
|
|
10
|
-
exports.getSessionConfig = getSessionConfig;
|
|
11
|
-
exports.calculateSessionExpiration = calculateSessionExpiration;
|
|
12
|
-
exports.calculateCookieMaxAge = calculateCookieMaxAge;
|
|
13
|
-
exports.shouldRefreshSession = shouldRefreshSession;
|
|
14
|
-
exports.isSessionExpired = isSessionExpired;
|
|
15
|
-
const logger_1 = require("./logger");
|
|
7
|
+
import { getLogger } from "./logger.js";
|
|
16
8
|
/**
|
|
17
9
|
* Session Configuration Manager class
|
|
18
10
|
*
|
|
@@ -23,11 +15,11 @@ const logger_1 = require("./logger");
|
|
|
23
15
|
* - SESSION_REFRESH_THRESHOLD_HOURS (default: 1)
|
|
24
16
|
* - SESSION_INACTIVITY_TIMEOUT_MINUTES (default: 60)
|
|
25
17
|
*/
|
|
26
|
-
class SessionConfigManager {
|
|
18
|
+
export class SessionConfigManager {
|
|
27
19
|
config;
|
|
28
20
|
logger;
|
|
29
21
|
constructor(env) {
|
|
30
|
-
this.logger =
|
|
22
|
+
this.logger = getLogger();
|
|
31
23
|
this.config = this.loadConfig(env);
|
|
32
24
|
}
|
|
33
25
|
/**
|
|
@@ -120,19 +112,18 @@ class SessionConfigManager {
|
|
|
120
112
|
return sessionExpiresAt < Date.now();
|
|
121
113
|
}
|
|
122
114
|
}
|
|
123
|
-
exports.SessionConfigManager = SessionConfigManager;
|
|
124
115
|
/**
|
|
125
116
|
* Legacy function for backward compatibility
|
|
126
117
|
* @deprecated Use new SessionConfigManager class instead
|
|
127
118
|
*/
|
|
128
|
-
function getSessionConfig(env) {
|
|
119
|
+
export function getSessionConfig(env) {
|
|
129
120
|
return new SessionConfigManager(env).getConfig();
|
|
130
121
|
}
|
|
131
122
|
/**
|
|
132
123
|
* Legacy function for backward compatibility
|
|
133
124
|
* @deprecated Use new SessionConfigManager class instead
|
|
134
125
|
*/
|
|
135
|
-
function calculateSessionExpiration(config, sessionType) {
|
|
126
|
+
export function calculateSessionExpiration(config, sessionType) {
|
|
136
127
|
const manager = new SessionConfigManager({});
|
|
137
128
|
manager["config"] = config; // Set config directly for compatibility
|
|
138
129
|
return manager.calculateSessionExpiration(sessionType);
|
|
@@ -141,7 +132,7 @@ function calculateSessionExpiration(config, sessionType) {
|
|
|
141
132
|
* Legacy function for backward compatibility
|
|
142
133
|
* @deprecated Use new SessionConfigManager class instead
|
|
143
134
|
*/
|
|
144
|
-
function calculateCookieMaxAge(config, sessionType) {
|
|
135
|
+
export function calculateCookieMaxAge(config, sessionType) {
|
|
145
136
|
const manager = new SessionConfigManager({});
|
|
146
137
|
manager["config"] = config; // Set config directly for compatibility
|
|
147
138
|
return manager.calculateCookieMaxAge(sessionType);
|
|
@@ -150,7 +141,7 @@ function calculateCookieMaxAge(config, sessionType) {
|
|
|
150
141
|
* Legacy function for backward compatibility
|
|
151
142
|
* @deprecated Use new SessionConfigManager class instead
|
|
152
143
|
*/
|
|
153
|
-
function shouldRefreshSession(sessionExpiresAt, config) {
|
|
144
|
+
export function shouldRefreshSession(sessionExpiresAt, config) {
|
|
154
145
|
const manager = new SessionConfigManager({});
|
|
155
146
|
manager["config"] = config; // Set config directly for compatibility
|
|
156
147
|
return manager.shouldRefreshSession(sessionExpiresAt);
|
|
@@ -159,7 +150,7 @@ function shouldRefreshSession(sessionExpiresAt, config) {
|
|
|
159
150
|
* Legacy function for backward compatibility
|
|
160
151
|
* @deprecated Use new SessionConfigManager class instead
|
|
161
152
|
*/
|
|
162
|
-
function isSessionExpired(sessionExpiresAt) {
|
|
153
|
+
export function isSessionExpired(sessionExpiresAt) {
|
|
163
154
|
return sessionExpiresAt < Date.now();
|
|
164
155
|
}
|
|
165
156
|
//# sourceMappingURL=session-config.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-config.js","sourceRoot":"","sources":["../../src/lib/session-config.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"session-config.js","sourceRoot":"","sources":["../../src/lib/session-config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAU,MAAM,aAAa,CAAC;AAmBhD;;;;;;;;;GASG;AACH,MAAM,OAAO,oBAAoB;IACvB,MAAM,CAAgB;IACtB,MAAM,CAAS;IAEvB,YAAY,GAA2B;QACrC,IAAI,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,GAA2B;QAC5C,2DAA2D;QAC3D,IAAI,MAAM,GAA2B,EAAE,CAAC;QAExC,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;YACvB,IAAI,CAAC;gBACH,MAAM,MAAM,GACV,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ;oBACpC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC;oBAChC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC;gBAEzB,MAAM,GAAG;oBACP,sBAAsB,EAAE,MAAM,CAAC,yBAAyB;oBACxD,qBAAqB,EAAE,MAAM,CAAC,wBAAwB;oBACtD,4BAA4B,EAAE,MAAM,CAAC,+BAA+B;oBACpE,qBAAqB,EAAE,MAAM,CAAC,uBAAuB;oBACrD,wBAAwB,EAAE,MAAM,CAAC,0BAA0B;iBAC5D,CAAC;YACJ,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,gEAAgE,CACjE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,OAAO;YACL,sBAAsB,EACpB,MAAM,CAAC,sBAAsB;gBAC7B,QAAQ,CAAC,GAAG,CAAC,yBAAyB,IAAI,IAAI,EAAE,EAAE,CAAC;YAErD,qBAAqB,EACnB,MAAM,CAAC,qBAAqB;gBAC5B,QAAQ,CAAC,GAAG,CAAC,wBAAwB,IAAI,GAAG,EAAE,EAAE,CAAC;YAEnD,4BAA4B,EAC1B,MAAM,CAAC,4BAA4B;gBACnC,QAAQ,CAAC,GAAG,CAAC,+BAA+B,IAAI,IAAI,EAAE,EAAE,CAAC;YAE3D,qBAAqB,EACnB,MAAM,CAAC,qBAAqB;gBAC5B,QAAQ,CAAC,GAAG,CAAC,+BAA+B,IAAI,GAAG,EAAE,EAAE,CAAC;YAE1D,wBAAwB,EACtB,MAAM,CAAC,wBAAwB;gBAC/B,QAAQ,CAAC,GAAG,CAAC,kCAAkC,IAAI,IAAI,EAAE,EAAE,CAAC;SAC/D,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,0BAA0B,CACxB,WAAyC;QAEzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,MAAM;gBACT,OAAO,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;YACxE,KAAK,KAAK;gBACR,OAAO,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;YACvE,KAAK,WAAW;gBACd,OAAO,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,4BAA4B,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;YACzE;gBACE,OAAO,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC1E,CAAC;IACH,CAAC;IAED;;OAEG;IACH,qBAAqB,CAAC,WAAyC;QAC7D,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,MAAM;gBACT,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;YAC3D,KAAK,KAAK;gBACR,OAAO,IAAI,CAAC,MAAM,CAAC,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;YAC1D,KAAK,WAAW;gBACd,OAAO,IAAI,CAAC,MAAM,CAAC,4BAA4B,GAAG,EAAE,GAAG,EAAE,CAAC;YAC5D;gBACE,OAAO,IAAI,CAAC,MAAM,CAAC,sBAAsB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;QAC7D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,oBAAoB,CAAC,gBAAwB;QAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,mBAAmB,GAAG,gBAAgB,GAAG,GAAG,CAAC;QACnD,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAE5E,OAAO,mBAAmB,GAAG,CAAC,IAAI,mBAAmB,GAAG,gBAAgB,CAAC;IAC3E,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,gBAAwB;QACvC,OAAO,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAA2B;IAC1D,OAAO,IAAI,oBAAoB,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,0BAA0B,CACxC,MAAqB,EACrB,WAAyC;IAEzC,MAAM,OAAO,GAAG,IAAI,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,CAAC,wCAAwC;IACpE,OAAO,OAAO,CAAC,0BAA0B,CAAC,WAAW,CAAC,CAAC;AACzD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,MAAqB,EACrB,WAAyC;IAEzC,MAAM,OAAO,GAAG,IAAI,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,CAAC,wCAAwC;IACpE,OAAO,OAAO,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;AACpD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,gBAAwB,EACxB,MAAqB;IAErB,MAAM,OAAO,GAAG,IAAI,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,CAAC,wCAAwC;IACpE,OAAO,OAAO,CAAC,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;AACxD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,gBAAwB;IACvD,OAAO,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AACvC,CAAC"}
|
|
@@ -2,9 +2,21 @@
|
|
|
2
2
|
* Session Management
|
|
3
3
|
*
|
|
4
4
|
* Handles encrypted cookie-based session storage for authentication.
|
|
5
|
-
*
|
|
5
|
+
*
|
|
6
|
+
* Crypto is delegated to `@de-otio/saas-foundation/session`'s
|
|
7
|
+
* `SessionCookie` (AES-256-GCM, 96-bit random IV, PBKDF2-SHA256 with
|
|
8
|
+
* the OWASP-2023 600k-iteration minimum). The envelope format is
|
|
9
|
+
* base64([IV || ciphertext+tag]) — identical in shape to the previous
|
|
10
|
+
* hand-rolled implementation, only the derived key is stronger.
|
|
11
|
+
*
|
|
12
|
+
* This module is a thin trellis-flavoured wrapper: it preserves the
|
|
13
|
+
* `SessionManager` public surface (so the ~60 call sites only change
|
|
14
|
+
* their import path), owns the trellis `Session` shape + custom-claim
|
|
15
|
+
* validation (foundation is payload-agnostic), and keeps the AUTH-5
|
|
16
|
+
* token-revocation blocklist (which has no foundation equivalent).
|
|
6
17
|
*/
|
|
7
18
|
import type { AgeTier } from "@prisma/client";
|
|
19
|
+
import { MIN_SALT_LENGTH, MIN_SECRET_LENGTH } from "@de-otio/saas-foundation/session";
|
|
8
20
|
export type UserRole = "END_USER" | "B2B_PARTNER" | "PARTNER_ADMIN" | "INTERNAL" | "CONTENT_CREATOR" | "SUPER_ADMIN";
|
|
9
21
|
export interface Session {
|
|
10
22
|
userId: string;
|
|
@@ -24,37 +36,50 @@ export interface Session {
|
|
|
24
36
|
ageTier?: AgeTier;
|
|
25
37
|
}
|
|
26
38
|
/**
|
|
27
|
-
* Session Manager class for handling encrypted sessions
|
|
39
|
+
* Session Manager class for handling encrypted sessions.
|
|
28
40
|
*/
|
|
29
41
|
export declare class SessionManager {
|
|
30
42
|
private static readonly COOKIE_NAME;
|
|
31
43
|
hadLegacySessionCookie: boolean;
|
|
32
44
|
hadInvalidSessionCookie: boolean;
|
|
33
45
|
/**
|
|
34
|
-
*
|
|
46
|
+
* Cache of foundation `SessionCookie` instances, keyed by the
|
|
47
|
+
* secret/fallback/salt triple. `SessionCookie` caches its derived
|
|
48
|
+
* key on the instance, so reusing the instance avoids re-paying the
|
|
49
|
+
* 600k-iteration PBKDF2 cost on warm invocations.
|
|
35
50
|
*/
|
|
36
|
-
private
|
|
51
|
+
private readonly cookieCache;
|
|
37
52
|
/**
|
|
38
|
-
*
|
|
39
|
-
*
|
|
53
|
+
* Get (or lazily construct + cache) the foundation `SessionCookie`
|
|
54
|
+
* for a given secret/fallback/salt triple.
|
|
40
55
|
*
|
|
41
|
-
*
|
|
42
|
-
*
|
|
56
|
+
* `salt` is REQUIRED (trellis fails closed without it, mirroring
|
|
57
|
+
* foundation's MIN_SALT_LENGTH constraint).
|
|
58
|
+
*/
|
|
59
|
+
private getCookie;
|
|
60
|
+
/**
|
|
61
|
+
* Get session configuration from environment
|
|
43
62
|
*/
|
|
44
|
-
private
|
|
63
|
+
private getSessionConfig;
|
|
45
64
|
/**
|
|
46
|
-
* Encrypt session data using
|
|
65
|
+
* Encrypt session data using foundation's AES-256-GCM SessionCookie.
|
|
66
|
+
*
|
|
67
|
+
* `salt` is required (mirrors foundation MIN_SALT_LENGTH); omitting
|
|
68
|
+
* it fails closed with a SESSION_SALT error.
|
|
47
69
|
*/
|
|
48
70
|
encryptSession(data: string, secret: string, salt?: string): Promise<string>;
|
|
49
71
|
/**
|
|
50
|
-
* Decrypt session data
|
|
72
|
+
* Decrypt session data. Returns null on any decryption failure
|
|
73
|
+
* (bad MAC, wrong key, malformed input).
|
|
51
74
|
*/
|
|
52
75
|
decryptSession(encryptedData: string, secret: string, salt?: string): Promise<string | null>;
|
|
53
76
|
/**
|
|
54
|
-
*
|
|
55
|
-
*
|
|
77
|
+
* Validate and narrow a decrypted/parsed payload into a trellis
|
|
78
|
+
* `Session`. Returns null (and sets `hadInvalidSessionCookie`) when
|
|
79
|
+
* the payload is not a valid Supabase session, or is a legacy
|
|
80
|
+
* BlueSky/AT-Protocol session.
|
|
56
81
|
*/
|
|
57
|
-
private
|
|
82
|
+
private narrowSession;
|
|
58
83
|
/**
|
|
59
84
|
* Get session from request
|
|
60
85
|
* Checks Authorization header first (for localStorage token), then falls back to cookie
|
|
@@ -66,6 +91,20 @@ export declare class SessionManager {
|
|
|
66
91
|
getSession(request: Request, secret: string, env?: {
|
|
67
92
|
[key: string]: any;
|
|
68
93
|
}): Promise<Session | null>;
|
|
94
|
+
/**
|
|
95
|
+
* Narrow a payload parsed from the Authorization-header path. This
|
|
96
|
+
* path historically accepted any object with userId + email and did
|
|
97
|
+
* NOT set hadInvalidSessionCookie, so we keep that behaviour distinct
|
|
98
|
+
* from the cookie path's narrowSession.
|
|
99
|
+
*/
|
|
100
|
+
private narrowSessionForAuthHeader;
|
|
101
|
+
/**
|
|
102
|
+
* Decrypt a token trying the primary secret first, then the fallback
|
|
103
|
+
* secret (zero-downtime rotation). Foundation's `SessionCookie`
|
|
104
|
+
* already tries primary→fallback internally when both are configured
|
|
105
|
+
* on one instance, so we construct a single cookie with both.
|
|
106
|
+
*/
|
|
107
|
+
private unsealWithRotation;
|
|
69
108
|
/**
|
|
70
109
|
* Set session cookie in response (alias for setSession)
|
|
71
110
|
*/
|
|
@@ -96,9 +135,13 @@ export declare class SessionManager {
|
|
|
96
135
|
/**
|
|
97
136
|
* AUTH-5: Revoke a session token by adding it to the blocklist.
|
|
98
137
|
* Call this on logout to prevent token reuse.
|
|
138
|
+
*
|
|
139
|
+
* No foundation equivalent exists — this composes over the trellis
|
|
140
|
+
* blocklist KV store and is kept verbatim.
|
|
99
141
|
*/
|
|
100
142
|
revokeSession(request: Request, env: {
|
|
101
143
|
[key: string]: any;
|
|
102
144
|
}): Promise<void>;
|
|
103
145
|
}
|
|
104
|
-
|
|
146
|
+
export { MIN_SECRET_LENGTH, MIN_SALT_LENGTH };
|
|
147
|
+
//# sourceMappingURL=session-cookie.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session-cookie.d.ts","sourceRoot":"","sources":["../../src/lib/session-cookie.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EACL,eAAe,EACf,iBAAiB,EAIlB,MAAM,kCAAkC,CAAC;AAG1C,MAAM,MAAM,QAAQ,GAChB,UAAU,GACV,aAAa,GACb,eAAe,GACf,UAAU,GACV,iBAAiB,GACjB,aAAa,CAAC;AAElB,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,WAAW,CAAC;IAC3C,UAAU,EAAE,MAAM,CAAC;IAOnB,cAAc,EAAE,SAAS,GAAG,OAAO,CAAC;IAKpC,SAAS,CAAC,EAAE,MAAM,CAAC;IAInB,WAAW,CAAC,EAAE,OAAO,CAAC;IAItB,aAAa,CAAC,EAAE,MAAM,CAAC;IAGvB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAkBD;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,sBAAsB,UAAS;IAC/B,uBAAuB,UAAS;IAEvC;;;;;OAKG;IACH,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAoC;IAEhE;;;;;;OAMG;IACH,OAAO,CAAC,SAAS;IAyBjB;;OAEG;YACW,gBAAgB;IAM9B;;;;;OAKG;IACG,cAAc,CAClB,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,CAAC;IAIlB;;;OAGG;IACG,cAAc,CAClB,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IASzB;;;;;OAKG;IACH,OAAO,CAAC,aAAa;IAgCrB;;;;;;;OAOG;IACG,UAAU,CACd,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,EACd,GAAG,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,GAC3B,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAuL1B;;;;;OAKG;IACH,OAAO,CAAC,0BAA0B;IAclC;;;;;OAKG;YACW,kBAAkB;IAchC;;OAEG;IACG,gBAAgB,CACpB,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,EACd,YAAY,CAAC,EAAE,MAAM,EACrB,GAAG,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,GAC3B,OAAO,CAAC,QAAQ,CAAC;IAIpB;;;OAGG;IACG,UAAU,CACd,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,EACd,YAAY,CAAC,EAAE,MAAM,EACrB,GAAG,CAAC,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,GAC3B,OAAO,CAAC,QAAQ,CAAC;IAmDpB;;OAEG;IACH,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,GAAG,QAAQ;IAIhD;;;;OAIG;IACH,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,QAAQ;IA0CjE;;OAEG;YACW,SAAS;IAQvB;;;;;;OAMG;IACG,aAAa,CACjB,OAAO,EAAE,OAAO,EAChB,GAAG,EAAE;QAAE,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAE,GAC1B,OAAO,CAAC,IAAI,CAAC;CA0BjB;AAID,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,CAAC"}
|
|
Binary file
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session-cookie.js","sourceRoot":"","sources":["../../src/lib/session-cookie.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,aAAa,EACb,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AA8CxC,6EAA6E;AAC7E,MAAM,yBAAyB,GAAG,iBAAiB,CAAC;AAEpD;;;;GAIG;AACH,SAAS,QAAQ,CACf,OAAe,EACf,QAA4B,EAC5B,IAAY;IAEZ,OAAO,GAAG,OAAO,IAAI,QAAQ,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,cAAc;IACjB,MAAM,CAAU,WAAW,GAAG,iBAAiB,CAAC;IACjD,sBAAsB,GAAG,KAAK,CAAC;IAC/B,uBAAuB,GAAG,KAAK,CAAC;IAEvC;;;;;OAKG;IACc,WAAW,GAAG,IAAI,GAAG,EAAyB,CAAC;IAEhE;;;;;;OAMG;IACK,SAAS,CACf,aAAqB,EACrB,IAAwB,EACxB,cAAuB;QAEvB,0DAA0D;QAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CACb,iDAAiD;gBAC/C,oEAAoE,CACvE,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,QAAQ,CAAC,aAAa,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;QAC1D,IAAI,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,IAAI,aAAa,CAAC;gBACzB,aAAa;gBACb,GAAG,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3D,IAAI;aACL,CAAC,CAAC;YACH,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAAC,GAA2B;QACxD,oDAAoD;QACpD,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QACjE,OAAO,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,cAAc,CAClB,IAAY,EACZ,MAAc,EACd,IAAa;QAEb,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,cAAc,CAClB,aAAqB,EACrB,MAAc,EACd,IAAa;QAEb,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,sEAAsE;YACtE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,aAAa,CAAC,MAAe;QACnC,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YAClD,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,OAAO,GAAG,MAAiC,CAAC;QAElD,8EAA8E;QAC9E,IACE,OAAO,CAAC,GAAG;YACX,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,SAAS;YACjB,OAAO,CAAC,UAAU,EAClB,CAAC;YACD,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;YACpC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,sCAAsC;QACtC,IACE,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ;YAClC,OAAO,CAAC,MAAM;YACd,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ;YACjC,OAAO,CAAC,KAAK,EACb,CAAC;YACD,OAAO,OAA6B,CAAC;QACvC,CAAC;QAED,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,UAAU,CACd,OAAgB,EAChB,MAAc,EACd,GAA4B;QAE5B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,GAAG,EAAE,YAAkC,CAAC;QACrD,MAAM,cAAc,GAAG,GAAG,EAAE,uBAA6C,CAAC;QAE1E,8CAA8C;QAC9C,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjE,MAAM,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;YACzD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,oEAAoE;QACpE,kEAAkE;QAClE,sEAAsE;QACtE,IAAI,MAAM,CAAC,MAAM,GAAG,yBAAyB,EAAE,CAAC;YAC9C,MAAM,CAAC,KAAK,CACV,sEAAsE,CACvE,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,sBAAsB,GAAG,KAAK,CAAC;QACpC,IAAI,CAAC,uBAAuB,GAAG,KAAK,CAAC;QAErC,+CAA+C;QAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACxD,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,0BAA0B;YAEjE,+FAA+F;YAC/F,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAClC,IAAI,CAAC;oBACH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;oBACnE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,CAAC;oBAC7C,MAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE;wBACpD,GAAG,EAAE,MAAM,CAAC,GAAG;wBACf,QAAQ,EAAE,MAAM,CAAC,QAAQ;qBAC1B,CAAC,CAAC;oBACH,oEAAoE;oBACpE,IAAI,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;oBACtC,IAAI,CAAC;wBACH,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAC3B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CACrC,CAAC;wBACtB,IAAI,UAAU,CAAC,GAAG,EAAE,CAAC;4BACnB,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,GAAG,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC;wBACrE,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,8DAA8D;oBAChE,CAAC;oBAED,MAAM,YAAY,GAAG,MAA4C,CAAC;oBAClE,OAAO;wBACL,MAAM,EAAE,MAAM,CAAC,GAAG;wBAClB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,QAAQ;wBACtC,IAAI,EAAG,YAAY,CAAC,aAAa,CAAc,IAAI,UAAU;wBAC7D,SAAS;wBACT,UAAU,EACP,YAAY,CAAC,mBAAmB,CAAY,IAAI,IAAI;wBACvD,cAAc,EAAE,SAAS;wBACzB,OAAO,EACJ,YAAY,CAAC,gBAAgB,CAAa,IAAI,OAAO;qBACvC,CAAC;gBACtB,CAAC;gBAAC,OAAO,MAAM,EAAE,CAAC;oBAChB,MAAM,CAAC,KAAK,CACV,4EAA4E,EAC5E,MAAM,CACP,CAAC;oBACF,6CAA6C;gBAC/C,CAAC;YACH,CAAC;YAED,iFAAiF;YACjF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC7C,KAAK,EACL,MAAM,EACN,IAAI,EACJ,cAAc,CACf,CAAC;YAEF,IAAI,SAAS,EAAE,CAAC;gBACd,IAAI,CAAC;oBACH,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;oBAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,0BAA0B,CAAC,MAAM,CAAC,CAAC;oBACxD,IAAI,OAAO,EAAE,CAAC;wBACZ,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;wBACvB,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;4BACjD,MAAM,CAAC,KAAK,CACV,4DAA4D,CAC7D,CAAC;4BACF,OAAO,IAAI,CAAC;wBACd,CAAC;wBACD,OAAO,OAAO,CAAC;oBACjB,CAAC;gBACH,CAAC;gBAAC,OAAO,UAAU,EAAE,CAAC;oBACpB,MAAM,CAAC,KAAK,CACV,4EAA4E,EAC5E,UAAU,CACX,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,KAAK,CACV,oEAAoE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,+DAA+D;QAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,gFAAgF;QAChF,MAAM,OAAO,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;QAEhD,MAAM,YAAY,GAAG,OAAO,CAAC,cAAc,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;QACjE,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC;gBACnC,MAAM,CAAC,KAAK,CACV,+EAA+E,CAChF,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAC7C,YAAY,EACZ,MAAM,EACN,IAAI,EACJ,cAAc,CACf,CAAC;QAEF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CACV,mFAAmF,CACpF,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAC;gBACrE,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAEvB,mBAAmB;YACnB,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;gBACjD,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;gBACjD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,yCAAyC;YACzC,IAAI,GAAG,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBAClC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;gBAChD,IAAI,MAAM,CAAC,wBAAwB,GAAG,CAAC,EAAE,CAAC;oBACxC,MAAM,iBAAiB,GAAG,MAAM,CAAC,wBAAwB,GAAG,EAAE,GAAG,IAAI,CAAC;oBACtE,MAAM,qBAAqB,GAAG,GAAG,GAAG,OAAO,CAAC,cAAc,CAAC;oBAC3D,IAAI,qBAAqB,GAAG,iBAAiB,EAAE,CAAC;wBAC9C,MAAM,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;wBACnE,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YAED,iCAAiC;YACjC,OAAO,CAAC,cAAc,GAAG,GAAG,CAAC;YAE7B,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;YACjE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,0BAA0B,CAAC,MAAe;QAChD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAC/D,MAAM,OAAO,GAAG,MAAiC,CAAC;QAClD,IACE,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ;YAClC,OAAO,CAAC,MAAM;YACd,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ;YACjC,OAAO,CAAC,KAAK,EACb,CAAC;YACD,OAAO,OAA6B,CAAC;QACvC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,kBAAkB,CAC9B,KAAa,EACb,MAAc,EACd,IAAwB,EACxB,cAAkC;QAElC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC1E,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;YACzC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CACpB,QAAkB,EAClB,OAAgB,EAChB,MAAc,EACd,YAAqB,EACrB,GAA4B;QAE5B,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,CAAC,CAAC;IACvE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CACd,QAAkB,EAClB,OAAgB,EAChB,MAAc,EACd,YAAqB,EACrB,GAA4B;QAE5B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,GAAG,EAAE,YAAkC,CAAC;QACrD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,cAAc,CACzC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EACvB,MAAM,EACN,IAAI,CACL,CAAC;QAEF,wEAAwE;QACxE,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,MAAM,CAAC;QAElD,mEAAmE;QACnE,IAAI,YAAoB,CAAC;QACzB,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;YAChD,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;YACtE,YAAY,GAAG,qBAAqB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,uDAAuD;YACvD,YAAY,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;QAC9C,CAAC;QAED,mBAAmB;QACnB,8DAA8D;QAC9D,wEAAwE;QACxE,wDAAwD;QACxD,MAAM,WAAW,GAAG,CAAC,YAAY,IAAI,YAAY,KAAK,EAAE,CAAC;QACzD,MAAM,WAAW,GAAG,kBAAkB,CAAC,cAAc,CAAC,WAAW,EAAE,SAAS,EAAE;YAC5E,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM;YACtC,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,YAAY;YACpB,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,CAAC,CAAC;QAEH,MAAM,CAAC,KAAK,CACV,mDAAmD;YACjD,SAAS,CAAC,MAAM;YAChB,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,GAAG,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,GAAG,CACN,CAAC;QAEF,sCAAsC;QACtC,MAAM,WAAW,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC1D,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QAEtD,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,QAAkB;QACnC,OAAO,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAED;;;;OAIG;IACH,YAAY,CAAC,QAAkB,EAAE,YAAqB;QACpD,MAAM,WAAW,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAE1D,+EAA+E;QAC/E,yEAAyE;QACzE,wFAAwF;QACxF,gEAAgE;QAChE,MAAM,UAAU,GAAG,cAAc,CAAC,WAAW,CAAC;QAC9C,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;QAE5B,MAAM,UAAU,GAAG;YACjB,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,MAAe;YACzB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,CAAC;YACT,OAAO,EAAE,OAAO;SACjB,CAAC;QAEF,yCAAyC;QACzC,WAAW,CAAC,OAAO,CAAC,MAAM,CACxB,YAAY,EACZ,kBAAkB,CAAC,UAAU,EAAE,EAAE,EAAE,UAAU,CAAC,CAC/C,CAAC;QAEF,+CAA+C;QAC/C,IAAI,YAAY,EAAE,CAAC;YACjB,WAAW,CAAC,OAAO,CAAC,MAAM,CACxB,YAAY,EACZ,kBAAkB,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAC5E,CAAC;QACJ,CAAC;QAED,2EAA2E;QAC3E,WAAW,CAAC,OAAO,CAAC,MAAM,CACxB,YAAY,EACZ,kBAAkB,CAAC,SAAS,EAAE,EAAE,EAAE,UAAU,CAAC,CAC9C,CAAC;QAEF,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS,CAAC,KAAa;QACnC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC5D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;aACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,aAAa,CACjB,OAAgB,EAChB,GAA2B;QAE3B,MAAM,OAAO,GAAI,GAA6H,CAAC,oBAAoB,CAAC;QACpK,IAAI,CAAC,OAAO;YAAE,OAAO,CAAC,6BAA6B;QAEnD,yCAAyC;QACzC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACxD,IAAI,KAAK,GAAkB,IAAI,CAAC;QAEhC,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACnD,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,OAAO,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;gBAChD,KAAK,GAAG,OAAO,CAAC,cAAc,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC;YACtD,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC9C,yDAAyD;QACzD,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,SAAS,EAAE,EAAE,GAAG,EAAE;YAC7C,aAAa,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;SACjC,CAAC,CAAC;IACL,CAAC;;AAGH,iEAAiE;AACjE,4EAA4E;AAC5E,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,CAAC"}
|
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Signup-metadata capture (Surveillance-hardening Phase 0, E2 / P3).
|
|
3
|
+
*
|
|
4
|
+
* This module is the ONE choke point through which signup metadata is written.
|
|
5
|
+
* Every path that creates a `User` row (the Cognito PostConfirmation Lambda, the
|
|
6
|
+
* dev/test user-creation seam, and any future passwordless/invite path) MUST go
|
|
7
|
+
* through `signupUserData()` to populate `User.signupMethod` / `User.invitationId`
|
|
8
|
+
* and through `emitSignupSecurityEvent()` to record the client signals. Spreading
|
|
9
|
+
* this logic across call sites is a review-surface and data-minimization hazard
|
|
10
|
+
* (07-data-minimization.md): keep it here so there is exactly one place to audit.
|
|
11
|
+
*
|
|
12
|
+
* Data-minimization rules enforced here:
|
|
13
|
+
*
|
|
14
|
+
* 1. Client signals (IP / User-Agent) are NEVER written as columns on `User`.
|
|
15
|
+
* They live only on a retention-bound `SecurityEvent` row (raw, deliberate —
|
|
16
|
+
* security forensics), pruned by the hourly cron's `retentionUntil`
|
|
17
|
+
* deleteMany. `retentionUntil` is NON-NULLABLE (P1): a missing bound would
|
|
18
|
+
* escape pruning forever, exactly the unbounded client-metadata log the
|
|
19
|
+
* threat model forbids. We always compute it from config.
|
|
20
|
+
*
|
|
21
|
+
* 2. A signup with no request context (e.g. a seed script) gets `signupMethod`
|
|
22
|
+
* but NO fabricated IP/UA — we record only what actually exists.
|
|
23
|
+
*
|
|
24
|
+
* 3. Fail-open: the SecurityEvent write must never block account creation. A
|
|
25
|
+
* telemetry failure is logged and swallowed; the user is still created.
|
|
26
|
+
*
|
|
27
|
+
* ── INVITATION-CHAIN INVARIANT (Phase 0, E2 — do not weaken) ──────────────────
|
|
28
|
+
* `User.invitationId` → `Invitation.createdBy` makes the who-invited-whom tree
|
|
29
|
+
* cheaply traversable. That is useful for Phase 2 cluster detection, but under
|
|
30
|
+
* legal compulsion it maps a community's entire introduction network
|
|
31
|
+
* (01-threat-landscape.md §4). The chain was already reconstructable via
|
|
32
|
+
* `Invitation.usedBy`; this FK only lowers the cost.
|
|
33
|
+
*
|
|
34
|
+
* INVARIANT: NO API endpoint — user-facing OR admin — exposes transitive
|
|
35
|
+
* invitation chains. Traversal of the invitation graph is reserved for the
|
|
36
|
+
* Phase 2 detection path and nothing else. Whether to null out `invitationId`
|
|
37
|
+
* after the detection window is an open Phase 2 decision (recorded there, not
|
|
38
|
+
* silently resolved here).
|
|
39
|
+
* ──────────────────────────────────────────────────────────────────────────────
|
|
40
|
+
*/
|
|
41
|
+
import type { SignupMethod } from "@prisma/client";
|
|
42
|
+
/**
|
|
43
|
+
* Default retention for `signup` SecurityEvents: 180 days. Longer than
|
|
44
|
+
* InteractionEvent (signup cohorts are the slowest-moving abuse signal) but
|
|
45
|
+
* still bounded. The exact number is config-driven per the threshold-secrecy
|
|
46
|
+
* invariant — see `env.SIGNUP_EVENT_RETENTION_DAYS`.
|
|
47
|
+
*/
|
|
48
|
+
export declare const DEFAULT_SIGNUP_EVENT_RETENTION_DAYS = 180;
|
|
49
|
+
/** Minimal config surface this module needs (a slice of `Env`). */
|
|
50
|
+
export interface SignupRetentionConfig {
|
|
51
|
+
/** Retention window in days for `signup` SecurityEvents. */
|
|
52
|
+
SIGNUP_EVENT_RETENTION_DAYS?: string | number;
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Resolve the configured retention window for `signup` events, in days.
|
|
56
|
+
* Falls back to {@link DEFAULT_SIGNUP_EVENT_RETENTION_DAYS} when unset or
|
|
57
|
+
* non-positive / non-numeric (never returns an unbounded / zero retention).
|
|
58
|
+
*/
|
|
59
|
+
export declare function resolveSignupRetentionDays(config: SignupRetentionConfig | undefined): number;
|
|
60
|
+
/** Compute the absolute `retentionUntil` date from config (now + N days). */
|
|
61
|
+
export declare function computeSignupRetentionUntil(config: SignupRetentionConfig | undefined, now?: Date): Date;
|
|
62
|
+
/** The signup-metadata fields written onto a new `User` row. */
|
|
63
|
+
export interface SignupUserData {
|
|
64
|
+
signupMethod: SignupMethod;
|
|
65
|
+
/** Prisma `Invitation.id` redeemed at signup, or null when not invite-based. */
|
|
66
|
+
invitationId: string | null;
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Build the `User`-row signup-metadata fragment. This is the ONLY place these
|
|
70
|
+
* two columns are populated. `invitationId` is set only for INVITE signups and
|
|
71
|
+
* must be a real `Invitation.id` (the FK is enforced at the DB; see schema).
|
|
72
|
+
*/
|
|
73
|
+
export declare function signupUserData(input: {
|
|
74
|
+
method: SignupMethod;
|
|
75
|
+
invitationId?: string | null;
|
|
76
|
+
}): SignupUserData;
|
|
77
|
+
/** Client signals captured for a signup, where a request context exists. */
|
|
78
|
+
export interface SignupClientSignals {
|
|
79
|
+
/** Source IP, if a request context provided one (Lambda triggers may not). */
|
|
80
|
+
ipAddress?: string | null;
|
|
81
|
+
/** User-Agent, if present. */
|
|
82
|
+
userAgent?: string | null;
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Minimal Prisma surface needed to write a SecurityEvent (test-friendly).
|
|
86
|
+
*
|
|
87
|
+
* `create` is intentionally loosely typed (`data: any`) so the real, far more
|
|
88
|
+
* strictly typed Prisma `securityEvent.create` (and a plain `vi.fn()` mock)
|
|
89
|
+
* both satisfy it. The concrete `data` shape is constrained where we build it
|
|
90
|
+
* in {@link emitSignupSecurityEvent}.
|
|
91
|
+
*/
|
|
92
|
+
export interface SecurityEventWriter {
|
|
93
|
+
securityEvent: {
|
|
94
|
+
create: (args: {
|
|
95
|
+
data: any;
|
|
96
|
+
}) => Promise<unknown>;
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
/** Minimal logger surface (console-style). */
|
|
100
|
+
export interface SignupLogger {
|
|
101
|
+
warn: (...args: unknown[]) => void;
|
|
102
|
+
}
|
|
103
|
+
export interface EmitSignupEventInput {
|
|
104
|
+
db: SecurityEventWriter;
|
|
105
|
+
userId: string;
|
|
106
|
+
method: SignupMethod;
|
|
107
|
+
/** Prisma `Invitation.id` if INVITE, else null/undefined. */
|
|
108
|
+
invitationId?: string | null;
|
|
109
|
+
/** Tenant scope, if known at signup (personal/org tenant). */
|
|
110
|
+
tenantId?: string | null;
|
|
111
|
+
/** Client signals — omitted entirely when there is no request context. */
|
|
112
|
+
signals?: SignupClientSignals;
|
|
113
|
+
config: SignupRetentionConfig | undefined;
|
|
114
|
+
logger?: SignupLogger;
|
|
115
|
+
/** Injectable clock for deterministic tests. */
|
|
116
|
+
now?: Date;
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Emit exactly one `signup`-type SecurityEvent for a freshly created user.
|
|
120
|
+
*
|
|
121
|
+
* FAIL-OPEN: any failure writing the event is logged and swallowed — account
|
|
122
|
+
* creation must never be blocked by telemetry. Callers MUST invoke this AFTER
|
|
123
|
+
* the user row is committed (so a telemetry hiccup can't roll back the signup).
|
|
124
|
+
*
|
|
125
|
+
* Returns `true` if the event was written, `false` if it failed (and was
|
|
126
|
+
* swallowed) — useful for tests / metrics, never to gate the signup.
|
|
127
|
+
*/
|
|
128
|
+
export declare function emitSignupSecurityEvent(input: EmitSignupEventInput): Promise<boolean>;
|
|
129
|
+
//# sourceMappingURL=signup-metadata.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"signup-metadata.d.ts","sourceRoot":"","sources":["../../src/lib/signup-metadata.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnD;;;;;GAKG;AACH,eAAO,MAAM,mCAAmC,MAAM,CAAC;AAEvD,mEAAmE;AACnE,MAAM,WAAW,qBAAqB;IACpC,4DAA4D;IAC5D,2BAA2B,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;CAC/C;AAED;;;;GAIG;AACH,wBAAgB,0BAA0B,CACxC,MAAM,EAAE,qBAAqB,GAAG,SAAS,GACxC,MAAM,CAOR;AAED,6EAA6E;AAC7E,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,qBAAqB,GAAG,SAAS,EACzC,GAAG,GAAE,IAAiB,GACrB,IAAI,CAKN;AAED,gEAAgE;AAChE,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,YAAY,CAAC;IAC3B,gFAAgF;IAChF,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE;IACpC,MAAM,EAAE,YAAY,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B,GAAG,cAAc,CAMjB;AAED,4EAA4E;AAC5E,MAAM,WAAW,mBAAmB;IAClC,8EAA8E;IAC9E,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,8BAA8B;IAC9B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,mBAAmB;IAClC,aAAa,EAAE;QAEb,MAAM,EAAE,CAAC,IAAI,EAAE;YAAE,IAAI,EAAE,GAAG,CAAA;SAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;KACnD,CAAC;CACH;AAED,8CAA8C;AAC9C,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAC;CACpC;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,mBAAmB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,YAAY,CAAC;IACrB,6DAA6D;IAC7D,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,0EAA0E;IAC1E,OAAO,CAAC,EAAE,mBAAmB,CAAC;IAC9B,MAAM,EAAE,qBAAqB,GAAG,SAAS,CAAC;IAC1C,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,gDAAgD;IAChD,GAAG,CAAC,EAAE,IAAI,CAAC;CACZ;AAED;;;;;;;;;GASG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,oBAAoB,GAC1B,OAAO,CAAC,OAAO,CAAC,CAgDlB"}
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Signup-metadata capture (Surveillance-hardening Phase 0, E2 / P3).
|
|
3
|
+
*
|
|
4
|
+
* This module is the ONE choke point through which signup metadata is written.
|
|
5
|
+
* Every path that creates a `User` row (the Cognito PostConfirmation Lambda, the
|
|
6
|
+
* dev/test user-creation seam, and any future passwordless/invite path) MUST go
|
|
7
|
+
* through `signupUserData()` to populate `User.signupMethod` / `User.invitationId`
|
|
8
|
+
* and through `emitSignupSecurityEvent()` to record the client signals. Spreading
|
|
9
|
+
* this logic across call sites is a review-surface and data-minimization hazard
|
|
10
|
+
* (07-data-minimization.md): keep it here so there is exactly one place to audit.
|
|
11
|
+
*
|
|
12
|
+
* Data-minimization rules enforced here:
|
|
13
|
+
*
|
|
14
|
+
* 1. Client signals (IP / User-Agent) are NEVER written as columns on `User`.
|
|
15
|
+
* They live only on a retention-bound `SecurityEvent` row (raw, deliberate —
|
|
16
|
+
* security forensics), pruned by the hourly cron's `retentionUntil`
|
|
17
|
+
* deleteMany. `retentionUntil` is NON-NULLABLE (P1): a missing bound would
|
|
18
|
+
* escape pruning forever, exactly the unbounded client-metadata log the
|
|
19
|
+
* threat model forbids. We always compute it from config.
|
|
20
|
+
*
|
|
21
|
+
* 2. A signup with no request context (e.g. a seed script) gets `signupMethod`
|
|
22
|
+
* but NO fabricated IP/UA — we record only what actually exists.
|
|
23
|
+
*
|
|
24
|
+
* 3. Fail-open: the SecurityEvent write must never block account creation. A
|
|
25
|
+
* telemetry failure is logged and swallowed; the user is still created.
|
|
26
|
+
*
|
|
27
|
+
* ── INVITATION-CHAIN INVARIANT (Phase 0, E2 — do not weaken) ──────────────────
|
|
28
|
+
* `User.invitationId` → `Invitation.createdBy` makes the who-invited-whom tree
|
|
29
|
+
* cheaply traversable. That is useful for Phase 2 cluster detection, but under
|
|
30
|
+
* legal compulsion it maps a community's entire introduction network
|
|
31
|
+
* (01-threat-landscape.md §4). The chain was already reconstructable via
|
|
32
|
+
* `Invitation.usedBy`; this FK only lowers the cost.
|
|
33
|
+
*
|
|
34
|
+
* INVARIANT: NO API endpoint — user-facing OR admin — exposes transitive
|
|
35
|
+
* invitation chains. Traversal of the invitation graph is reserved for the
|
|
36
|
+
* Phase 2 detection path and nothing else. Whether to null out `invitationId`
|
|
37
|
+
* after the detection window is an open Phase 2 decision (recorded there, not
|
|
38
|
+
* silently resolved here).
|
|
39
|
+
* ──────────────────────────────────────────────────────────────────────────────
|
|
40
|
+
*/
|
|
41
|
+
/**
|
|
42
|
+
* Default retention for `signup` SecurityEvents: 180 days. Longer than
|
|
43
|
+
* InteractionEvent (signup cohorts are the slowest-moving abuse signal) but
|
|
44
|
+
* still bounded. The exact number is config-driven per the threshold-secrecy
|
|
45
|
+
* invariant — see `env.SIGNUP_EVENT_RETENTION_DAYS`.
|
|
46
|
+
*/
|
|
47
|
+
export const DEFAULT_SIGNUP_EVENT_RETENTION_DAYS = 180;
|
|
48
|
+
/**
|
|
49
|
+
* Resolve the configured retention window for `signup` events, in days.
|
|
50
|
+
* Falls back to {@link DEFAULT_SIGNUP_EVENT_RETENTION_DAYS} when unset or
|
|
51
|
+
* non-positive / non-numeric (never returns an unbounded / zero retention).
|
|
52
|
+
*/
|
|
53
|
+
export function resolveSignupRetentionDays(config) {
|
|
54
|
+
const raw = config?.SIGNUP_EVENT_RETENTION_DAYS;
|
|
55
|
+
const parsed = typeof raw === "number" ? raw : Number.parseInt(String(raw ?? ""), 10);
|
|
56
|
+
if (!Number.isFinite(parsed) || parsed <= 0) {
|
|
57
|
+
return DEFAULT_SIGNUP_EVENT_RETENTION_DAYS;
|
|
58
|
+
}
|
|
59
|
+
return parsed;
|
|
60
|
+
}
|
|
61
|
+
/** Compute the absolute `retentionUntil` date from config (now + N days). */
|
|
62
|
+
export function computeSignupRetentionUntil(config, now = new Date()) {
|
|
63
|
+
const days = resolveSignupRetentionDays(config);
|
|
64
|
+
const date = new Date(now.getTime());
|
|
65
|
+
date.setDate(date.getDate() + days);
|
|
66
|
+
return date;
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Build the `User`-row signup-metadata fragment. This is the ONLY place these
|
|
70
|
+
* two columns are populated. `invitationId` is set only for INVITE signups and
|
|
71
|
+
* must be a real `Invitation.id` (the FK is enforced at the DB; see schema).
|
|
72
|
+
*/
|
|
73
|
+
export function signupUserData(input) {
|
|
74
|
+
return {
|
|
75
|
+
signupMethod: input.method,
|
|
76
|
+
// Only INVITE signups carry an invitation FK; never fabricate one.
|
|
77
|
+
invitationId: input.method === "INVITE" ? input.invitationId ?? null : null,
|
|
78
|
+
};
|
|
79
|
+
}
|
|
80
|
+
/**
|
|
81
|
+
* Emit exactly one `signup`-type SecurityEvent for a freshly created user.
|
|
82
|
+
*
|
|
83
|
+
* FAIL-OPEN: any failure writing the event is logged and swallowed — account
|
|
84
|
+
* creation must never be blocked by telemetry. Callers MUST invoke this AFTER
|
|
85
|
+
* the user row is committed (so a telemetry hiccup can't roll back the signup).
|
|
86
|
+
*
|
|
87
|
+
* Returns `true` if the event was written, `false` if it failed (and was
|
|
88
|
+
* swallowed) — useful for tests / metrics, never to gate the signup.
|
|
89
|
+
*/
|
|
90
|
+
export async function emitSignupSecurityEvent(input) {
|
|
91
|
+
const { db, userId, method, invitationId, tenantId, signals, config, logger, now, } = input;
|
|
92
|
+
try {
|
|
93
|
+
const retentionUntil = computeSignupRetentionUntil(config, now);
|
|
94
|
+
await db.securityEvent.create({
|
|
95
|
+
data: {
|
|
96
|
+
type: "signup",
|
|
97
|
+
// `signup` is a low-severity informational forensic record, not an alert.
|
|
98
|
+
severity: "low",
|
|
99
|
+
userId,
|
|
100
|
+
tenantId: tenantId ?? null,
|
|
101
|
+
// No fabricated client signals: only what the request context actually
|
|
102
|
+
// carried. Lambda triggers (Cognito PostConfirmation) expose no source
|
|
103
|
+
// IP/UA, so these stay null there.
|
|
104
|
+
ipAddress: signals?.ipAddress ?? null,
|
|
105
|
+
userAgent: signals?.userAgent ?? null,
|
|
106
|
+
details: JSON.stringify({
|
|
107
|
+
signupMethod: method,
|
|
108
|
+
invitationId: invitationId ?? null,
|
|
109
|
+
}),
|
|
110
|
+
// NON-NULLABLE (P1): always set, config-driven.
|
|
111
|
+
retentionUntil,
|
|
112
|
+
},
|
|
113
|
+
});
|
|
114
|
+
return true;
|
|
115
|
+
}
|
|
116
|
+
catch (error) {
|
|
117
|
+
// FAIL-OPEN — log and continue. The user is already created.
|
|
118
|
+
(logger ?? console).warn(JSON.stringify({
|
|
119
|
+
event: "signup.security_event_failed",
|
|
120
|
+
userId,
|
|
121
|
+
signupMethod: method,
|
|
122
|
+
reason: error.name ?? "unknown",
|
|
123
|
+
}));
|
|
124
|
+
return false;
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
//# sourceMappingURL=signup-metadata.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"signup-metadata.js","sourceRoot":"","sources":["../../src/lib/signup-metadata.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAIH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mCAAmC,GAAG,GAAG,CAAC;AAQvD;;;;GAIG;AACH,MAAM,UAAU,0BAA0B,CACxC,MAAyC;IAEzC,MAAM,GAAG,GAAG,MAAM,EAAE,2BAA2B,CAAC;IAChD,MAAM,MAAM,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IACtF,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;QAC5C,OAAO,mCAAmC,CAAC;IAC7C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,2BAA2B,CACzC,MAAyC,EACzC,MAAY,IAAI,IAAI,EAAE;IAEtB,MAAM,IAAI,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IACrC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACpC,OAAO,IAAI,CAAC;AACd,CAAC;AASD;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,KAG9B;IACC,OAAO;QACL,YAAY,EAAE,KAAK,CAAC,MAAM;QAC1B,mEAAmE;QACnE,YAAY,EAAE,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI;KAC5E,CAAC;AACJ,CAAC;AA8CD;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,KAA2B;IAE3B,MAAM,EACJ,EAAE,EACF,MAAM,EACN,MAAM,EACN,YAAY,EACZ,QAAQ,EACR,OAAO,EACP,MAAM,EACN,MAAM,EACN,GAAG,GACJ,GAAG,KAAK,CAAC;IAEV,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,2BAA2B,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAChE,MAAM,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC;YAC5B,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,0EAA0E;gBAC1E,QAAQ,EAAE,KAAK;gBACf,MAAM;gBACN,QAAQ,EAAE,QAAQ,IAAI,IAAI;gBAC1B,uEAAuE;gBACvE,uEAAuE;gBACvE,mCAAmC;gBACnC,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,IAAI;gBACrC,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,IAAI;gBACrC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC;oBACtB,YAAY,EAAE,MAAM;oBACpB,YAAY,EAAE,YAAY,IAAI,IAAI;iBACnC,CAAC;gBACF,gDAAgD;gBAChD,cAAc;aACf;SACF,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,6DAA6D;QAC7D,CAAC,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,CACtB,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,8BAA8B;YACrC,MAAM;YACN,YAAY,EAAE,MAAM;YACpB,MAAM,EAAG,KAA2B,CAAC,IAAI,IAAI,SAAS;SACvD,CAAC,CACH,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}
|
|
@@ -1,12 +1,9 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SSOAuthHandler = void 0;
|
|
4
1
|
/**
|
|
5
2
|
* SSO Auth Handler stub — legacy Supabase/SAML SSO is no longer supported.
|
|
6
3
|
* Authentication is handled by AWS Cognito + Amplify SDK.
|
|
7
4
|
* This stub exists to satisfy test mocks that reference this module.
|
|
8
5
|
*/
|
|
9
|
-
class SSOAuthHandler {
|
|
6
|
+
export class SSOAuthHandler {
|
|
10
7
|
async initiateSSO(..._args) {
|
|
11
8
|
return new Response(JSON.stringify({ error: "Deprecated" }), { status: 410 });
|
|
12
9
|
}
|
|
@@ -20,5 +17,4 @@ class SSOAuthHandler {
|
|
|
20
17
|
return new Response(JSON.stringify({ error: "Deprecated" }), { status: 410 });
|
|
21
18
|
}
|
|
22
19
|
}
|
|
23
|
-
exports.SSOAuthHandler = SSOAuthHandler;
|
|
24
20
|
//# sourceMappingURL=sso-auth-handler.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sso-auth-handler.js","sourceRoot":"","sources":["../../src/lib/sso-auth-handler.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"sso-auth-handler.js","sourceRoot":"","sources":["../../src/lib/sso-auth-handler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,OAAO,cAAc;IACzB,KAAK,CAAC,WAAW,CAAC,GAAG,KAAgB;QACnC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,KAAK,CAAC,iBAAiB,CAAC,GAAG,KAAgB;QACzC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,KAAK,CAAC,iBAAiB,CAAC,GAAG,KAAgB;QACzC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,KAAK,CAAC,mBAAmB,CAAC,GAAG,KAAgB;QAC3C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAChF,CAAC;CACF"}
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Provides tag suggestions for posts based on content analysis.
|
|
5
5
|
* Currently implements keyword-based suggestions; ML-based suggestions can be added later.
|
|
6
6
|
*/
|
|
7
|
-
import { TaxonomyHandler } from "./taxonomy-handler";
|
|
7
|
+
import { TaxonomyHandler } from "./taxonomy-handler.js";
|
|
8
8
|
export interface TagSuggestion {
|
|
9
9
|
taxonId: string;
|
|
10
10
|
displayName: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tag-suggestions-handler.d.ts","sourceRoot":"","sources":["../../src/lib/tag-suggestions-handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"tag-suggestions-handler.d.ts","sourceRoot":"","sources":["../../src/lib/tag-suggestions-handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAGxD,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,qBAAqB;IAChC,OAAO,CAAC,eAAe,CAAkB;gBAE7B,eAAe,EAAE,eAAe;IAI5C;;;;;;OAMG;IACG,mBAAmB,CACvB,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE;QACP,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,aAAa,CAAC,EAAE,MAAM,CAAC;KACnB,GACL,OAAO,CAAC,aAAa,EAAE,CAAC;IAsF3B;;;;;OAKG;IACH,OAAO,CAAC,eAAe;IA0EvB;;;;;OAKG;IACG,cAAc,CAAC,KAAK,GAAE,MAAW,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAMlE;;;;;;OAMG;IACG,mBAAmB,CACvB,MAAM,EAAE,MAAM,EACd,KAAK,GAAE,MAAW,GACjB,OAAO,CAAC,aAAa,EAAE,CAAC;CAK5B"}
|
|
@@ -1,13 +1,10 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* Tag Suggestions Handler
|
|
4
3
|
*
|
|
5
4
|
* Provides tag suggestions for posts based on content analysis.
|
|
6
5
|
* Currently implements keyword-based suggestions; ML-based suggestions can be added later.
|
|
7
6
|
*/
|
|
8
|
-
|
|
9
|
-
exports.TagSuggestionsHandler = void 0;
|
|
10
|
-
class TagSuggestionsHandler {
|
|
7
|
+
export class TagSuggestionsHandler {
|
|
11
8
|
taxonomyHandler;
|
|
12
9
|
constructor(taxonomyHandler) {
|
|
13
10
|
this.taxonomyHandler = taxonomyHandler;
|
|
@@ -191,5 +188,4 @@ class TagSuggestionsHandler {
|
|
|
191
188
|
return [];
|
|
192
189
|
}
|
|
193
190
|
}
|
|
194
|
-
exports.TagSuggestionsHandler = TagSuggestionsHandler;
|
|
195
191
|
//# sourceMappingURL=tag-suggestions-handler.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tag-suggestions-handler.js","sourceRoot":"","sources":["../../src/lib/tag-suggestions-handler.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tag-suggestions-handler.js","sourceRoot":"","sources":["../../src/lib/tag-suggestions-handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAaH,MAAM,OAAO,qBAAqB;IACxB,eAAe,CAAkB;IAEzC,YAAY,eAAgC;QAC1C,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,mBAAmB,CACvB,QAAgB,EAChB,UAGI,EAAE;QAEN,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;QAClC,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,GAAG,CAAC;QAEnD,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAEhD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,sCAAsC;QACtC,MAAM,WAAW,GAAoB,EAAE,CAAC;QAExC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,0CAA0C;YAC1C,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,OAAO,EAAE;gBACtE,KAAK,EAAE,CAAC;aACT,CAAC,CAAC;YAEH,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;gBACnC,2CAA2C;gBAC3C,IAAI,UAAU,GAAG,GAAG,CAAC,CAAC,kBAAkB;gBACxC,IAAI,MAAM,GAAG,oBAAoB,OAAO,GAAG,CAAC;gBAE5C,mDAAmD;gBACnD,IAAI,KAAK,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBACpE,UAAU,GAAG,GAAG,CAAC;oBACjB,MAAM,GAAG,0BAA0B,OAAO,GAAG,CAAC;gBAChD,CAAC;gBAED,wCAAwC;gBACxC,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAoB,CAAC;oBAC5C,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;wBACpE,UAAU,GAAG,GAAG,CAAC;wBACjB,MAAM,GAAG,mBAAmB,OAAO,GAAG,CAAC;oBACzC,CAAC;gBACH,CAAC;gBAED,0CAA0C;gBAC1C,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtD,MAAM,SAAS,GAAG,KAAK,CAAC,SAAqB,CAAC;oBAC9C,IACE,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC,EAChE,CAAC;wBACD,UAAU,GAAG,IAAI,CAAC;wBAClB,MAAM,GAAG,qBAAqB,OAAO,GAAG,CAAC;oBAC3C,CAAC;gBACH,CAAC;gBAED,gDAAgD;gBAChD,MAAM,aAAa,GAAG,WAAW,CAAC,SAAS,CACzC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,OAAO,CACnC,CAAC;gBAEF,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;oBACvB,8BAA8B;oBAC9B,IAAI,UAAU,GAAG,WAAW,CAAC,aAAa,CAAC,CAAC,UAAU,EAAE,CAAC;wBACvD,WAAW,CAAC,aAAa,CAAC,GAAG;4BAC3B,OAAO,EAAE,KAAK,CAAC,OAAO;4BACtB,WAAW,EAAE,KAAK,CAAC,WAAW;4BAC9B,WAAW,EAAE,KAAK,CAAC,WAAW;4BAC9B,UAAU;4BACV,MAAM;yBACP,CAAC;oBACJ,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,WAAW,CAAC,IAAI,CAAC;wBACf,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,WAAW,EAAE,KAAK,CAAC,WAAW;wBAC9B,WAAW,EAAE,KAAK,CAAC,WAAW;wBAC9B,UAAU;wBACV,MAAM;qBACP,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,OAAO,WAAW;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,IAAI,aAAa,CAAC;aAC5C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;aAC3C,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACK,eAAe,CAAC,IAAY;QAClC,kCAAkC;QAClC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;YACxB,KAAK;YACL,GAAG;YACH,IAAI;YACJ,KAAK;YACL,IAAI;YACJ,KAAK;YACL,IAAI;YACJ,IAAI;YACJ,IAAI;YACJ,IAAI;YACJ,KAAK;YACL,IAAI;YACJ,MAAM;YACN,IAAI;YACJ,MAAM;YACN,IAAI;YACJ,IAAI;YACJ,KAAK;YACL,KAAK;YACL,MAAM;YACN,MAAM;YACN,IAAI;YACJ,MAAM;YACN,KAAK;YACL,KAAK;YACL,IAAI;YACJ,MAAM;YACN,KAAK;YACL,MAAM;YACN,OAAO;YACP,OAAO;YACP,QAAQ;YACR,KAAK;YACL,OAAO;YACP,MAAM;YACN,KAAK;YACL,MAAM;YACN,MAAM;YACN,OAAO;YACP,OAAO;YACP,GAAG;YACH,KAAK;YACL,IAAI;YACJ,KAAK;YACL,IAAI;YACJ,IAAI;YACJ,MAAM;YACN,IAAI;YACJ,MAAM;YACN,KAAK;YACL,KAAK;YACL,KAAK;YACL,KAAK;YACL,OAAO;YACP,IAAI;YACJ,KAAK;YACL,IAAI;YACJ,MAAM;SACP,CAAC,CAAC;QAEH,sDAAsD;QACtD,MAAM,KAAK,GAAG,IAAI;aACf,WAAW,EAAE;aACb,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,kCAAkC;aAC5D,KAAK,CAAC,KAAK,CAAC;aACZ,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;QAE9D,+BAA+B;QAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IACpC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE;QACrC,2CAA2C;QAC3C,kEAAkE;QAClE,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,mBAAmB,CACvB,MAAc,EACd,QAAgB,EAAE;QAElB,8CAA8C;QAC9C,uEAAuE;QACvE,OAAO,EAAE,CAAC;IACZ,CAAC;CACF"}
|