@de-otio/trellis 0.7.1 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -0
- package/dist/db.js +10 -18
- package/dist/db.js.map +1 -1
- package/dist/env.d.ts +66 -6
- package/dist/env.d.ts.map +1 -1
- package/dist/env.js +89 -70
- package/dist/env.js.map +1 -1
- package/dist/extensions.js +3 -8
- package/dist/extensions.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -9
- package/dist/index.js.map +1 -1
- package/dist/lambda/cleanup-cron.d.ts.map +1 -1
- package/dist/lambda/cleanup-cron.js +20 -24
- package/dist/lambda/cleanup-cron.js.map +1 -1
- package/dist/lambda/create-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/create-auth-challenge.js +17 -19
- package/dist/lambda/create-auth-challenge.js.map +1 -1
- package/dist/lambda/custom-message.js +1 -5
- package/dist/lambda/custom-message.js.map +1 -1
- package/dist/lambda/define-auth-challenge.js +1 -5
- package/dist/lambda/define-auth-challenge.js.map +1 -1
- package/dist/lambda/delete-account-worker.d.ts.map +1 -1
- package/dist/lambda/delete-account-worker.js +25 -58
- package/dist/lambda/delete-account-worker.js.map +1 -1
- package/dist/lambda/diagnostics-proxy.d.ts.map +1 -1
- package/dist/lambda/diagnostics-proxy.js +14 -49
- package/dist/lambda/diagnostics-proxy.js.map +1 -1
- package/dist/lambda/e2e-sweeper.d.ts.map +1 -1
- package/dist/lambda/e2e-sweeper.js +30 -38
- package/dist/lambda/e2e-sweeper.js.map +1 -1
- package/dist/lambda/federation-outbox-worker.d.ts.map +1 -1
- package/dist/lambda/federation-outbox-worker.js +4 -6
- package/dist/lambda/federation-outbox-worker.js.map +1 -1
- package/dist/lambda/followers-events-worker.d.ts.map +1 -1
- package/dist/lambda/followers-events-worker.js +4 -6
- package/dist/lambda/followers-events-worker.js.map +1 -1
- package/dist/lambda/hourly-cron.d.ts.map +1 -1
- package/dist/lambda/hourly-cron.js +100 -32
- package/dist/lambda/hourly-cron.js.map +1 -1
- package/dist/lambda/link-check-worker.d.ts.map +1 -1
- package/dist/lambda/link-check-worker.js +4 -6
- package/dist/lambda/link-check-worker.js.map +1 -1
- package/dist/lambda/maintenance-cron.d.ts.map +1 -1
- package/dist/lambda/maintenance-cron.js +30 -63
- package/dist/lambda/maintenance-cron.js.map +1 -1
- package/dist/lambda/media-processing-worker.d.ts.map +1 -1
- package/dist/lambda/media-processing-worker.js +11 -46
- package/dist/lambda/media-processing-worker.js.map +1 -1
- package/dist/lambda/media-reconciliation-worker.d.ts.map +1 -1
- package/dist/lambda/media-reconciliation-worker.js +4 -6
- package/dist/lambda/media-reconciliation-worker.js.map +1 -1
- package/dist/lambda/nightly-cron.d.ts.map +1 -1
- package/dist/lambda/nightly-cron.js +67 -112
- package/dist/lambda/nightly-cron.js.map +1 -1
- package/dist/lambda/post-confirmation.d.ts.map +1 -1
- package/dist/lambda/post-confirmation.js +203 -47
- package/dist/lambda/post-confirmation.js.map +1 -1
- package/dist/lambda/pre-signup.js +7 -11
- package/dist/lambda/pre-signup.js.map +1 -1
- package/dist/lambda/pre-token-generation.d.ts.map +1 -1
- package/dist/lambda/pre-token-generation.js +27 -35
- package/dist/lambda/pre-token-generation.js.map +1 -1
- package/dist/lambda/tools/check-health.js +1 -5
- package/dist/lambda/tools/check-health.js.map +1 -1
- package/dist/lambda/tools/describe-services.js +4 -8
- package/dist/lambda/tools/describe-services.js.map +1 -1
- package/dist/lambda/tools/get-cost-report.js +4 -8
- package/dist/lambda/tools/get-cost-report.js.map +1 -1
- package/dist/lambda/tools/get-errors.js +5 -9
- package/dist/lambda/tools/get-errors.js.map +1 -1
- package/dist/lambda/tools/get-feature-flags.js +4 -8
- package/dist/lambda/tools/get-feature-flags.js.map +1 -1
- package/dist/lambda/tools/get-queue-status.js +5 -9
- package/dist/lambda/tools/get-queue-status.js.map +1 -1
- package/dist/lambda/tools/search-logs.js +5 -9
- package/dist/lambda/tools/search-logs.js.map +1 -1
- package/dist/lambda/tools/send-alert.js +4 -8
- package/dist/lambda/tools/send-alert.js.map +1 -1
- package/dist/lambda/verify-auth-challenge.d.ts.map +1 -1
- package/dist/lambda/verify-auth-challenge.js +10 -12
- package/dist/lambda/verify-auth-challenge.js.map +1 -1
- package/dist/lib/abuse-metrics.d.ts.map +1 -1
- package/dist/lib/abuse-metrics.js +10 -13
- package/dist/lib/abuse-metrics.js.map +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts +1 -1
- package/dist/lib/activitypub/activity-processor.d.ts.map +1 -1
- package/dist/lib/activitypub/activity-processor.js +9 -43
- package/dist/lib/activitypub/activity-processor.js.map +1 -1
- package/dist/lib/activitypub/activity-service.js +1 -5
- package/dist/lib/activitypub/activity-service.js.map +1 -1
- package/dist/lib/activitypub/actor.d.ts +1 -1
- package/dist/lib/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/activitypub/actor.js +1 -5
- package/dist/lib/activitypub/actor.js.map +1 -1
- package/dist/lib/activitypub/audience-service.d.ts +2 -2
- package/dist/lib/activitypub/audience-service.d.ts.map +1 -1
- package/dist/lib/activitypub/audience-service.js +8 -12
- package/dist/lib/activitypub/audience-service.js.map +1 -1
- package/dist/lib/activitypub/crypto.d.ts +1 -1
- package/dist/lib/activitypub/crypto.d.ts.map +1 -1
- package/dist/lib/activitypub/crypto.js +3 -41
- package/dist/lib/activitypub/crypto.js.map +1 -1
- package/dist/lib/activitypub/delivery-service.d.ts +5 -5
- package/dist/lib/activitypub/delivery-service.d.ts.map +1 -1
- package/dist/lib/activitypub/delivery-service.js +10 -47
- package/dist/lib/activitypub/delivery-service.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/entity-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/entity-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/entity-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/group-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/group-actor.js +19 -23
- package/dist/lib/activitypub/dispatchers/group-actor.js.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts +3 -2
- package/dist/lib/activitypub/dispatchers/user-actor.d.ts.map +1 -1
- package/dist/lib/activitypub/dispatchers/user-actor.js +16 -20
- package/dist/lib/activitypub/dispatchers/user-actor.js.map +1 -1
- package/dist/lib/activitypub/dm-service.js +1 -5
- package/dist/lib/activitypub/dm-service.js.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts +1 -1
- package/dist/lib/activitypub/entity-profile-service.d.ts.map +1 -1
- package/dist/lib/activitypub/entity-profile-service.js +6 -10
- package/dist/lib/activitypub/entity-profile-service.js.map +1 -1
- package/dist/lib/activitypub/fedify/config.d.ts +3 -3
- package/dist/lib/activitypub/fedify/config.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/config.js +5 -8
- package/dist/lib/activitypub/fedify/config.js.map +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts +1 -1
- package/dist/lib/activitypub/fedify/context.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/context.js +8 -12
- package/dist/lib/activitypub/fedify/context.js.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts +1 -1
- package/dist/lib/activitypub/fedify/runtime.d.ts.map +1 -1
- package/dist/lib/activitypub/fedify/runtime.js +3 -6
- package/dist/lib/activitypub/fedify/runtime.js.map +1 -1
- package/dist/lib/activitypub/friendship-service.js +1 -5
- package/dist/lib/activitypub/friendship-service.js.map +1 -1
- package/dist/lib/activitypub/group-service.d.ts +1 -1
- package/dist/lib/activitypub/group-service.d.ts.map +1 -1
- package/dist/lib/activitypub/group-service.js +9 -46
- package/dist/lib/activitypub/group-service.js.map +1 -1
- package/dist/lib/activitypub/http-signatures.js +8 -45
- package/dist/lib/activitypub/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/jsonld.d.ts +1 -1
- package/dist/lib/activitypub/jsonld.d.ts.map +1 -1
- package/dist/lib/activitypub/jsonld.js +1 -5
- package/dist/lib/activitypub/jsonld.js.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/friends-collection.js +17 -20
- package/dist/lib/activitypub/listeners/friends-collection.js.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/http-signatures.js +9 -46
- package/dist/lib/activitypub/listeners/http-signatures.js.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.d.ts +2 -2
- package/dist/lib/activitypub/listeners/inbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/inbox.js +31 -35
- package/dist/lib/activitypub/listeners/inbox.js.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts +1 -1
- package/dist/lib/activitypub/listeners/outbox.d.ts.map +1 -1
- package/dist/lib/activitypub/listeners/outbox.js +17 -20
- package/dist/lib/activitypub/listeners/outbox.js.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.d.ts +6 -6
- package/dist/lib/activitypub/remote-fetch-service.d.ts.map +1 -1
- package/dist/lib/activitypub/remote-fetch-service.js +6 -10
- package/dist/lib/activitypub/remote-fetch-service.js.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.d.ts.map +1 -1
- package/dist/lib/activitypub/services/abuse-prevention.js +11 -17
- package/dist/lib/activitypub/services/abuse-prevention.js.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts +4 -4
- package/dist/lib/activitypub/services/dm-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/dm-service-fedify.js +24 -59
- package/dist/lib/activitypub/services/dm-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-converters.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-converters.js +3 -8
- package/dist/lib/activitypub/services/fedify-converters.js.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.d.ts +2 -2
- package/dist/lib/activitypub/services/fedify-delivery.d.ts.map +1 -1
- package/dist/lib/activitypub/services/fedify-delivery.js +19 -56
- package/dist/lib/activitypub/services/fedify-delivery.js.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.d.ts +2 -2
- package/dist/lib/activitypub/services/follow-activity-service.d.ts.map +1 -1
- package/dist/lib/activitypub/services/follow-activity-service.js +8 -12
- package/dist/lib/activitypub/services/follow-activity-service.js.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.d.ts +2 -2
- package/dist/lib/activitypub/services/post-service-fedify.d.ts.map +1 -1
- package/dist/lib/activitypub/services/post-service-fedify.js +33 -65
- package/dist/lib/activitypub/services/post-service-fedify.js.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts +2 -2
- package/dist/lib/activitypub/services/remote-activity-handler.d.ts.map +1 -1
- package/dist/lib/activitypub/services/remote-activity-handler.js +25 -28
- package/dist/lib/activitypub/services/remote-activity-handler.js.map +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts +1 -1
- package/dist/lib/activitypub/standalone-mode.d.ts.map +1 -1
- package/dist/lib/activitypub/standalone-mode.js +13 -50
- package/dist/lib/activitypub/standalone-mode.js.map +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts +1 -1
- package/dist/lib/activitypub/webfinger/server.d.ts.map +1 -1
- package/dist/lib/activitypub/webfinger/server.js +18 -54
- package/dist/lib/activitypub/webfinger/server.js.map +1 -1
- package/dist/lib/age-gate-middleware.d.ts +4 -4
- package/dist/lib/age-gate-middleware.d.ts.map +1 -1
- package/dist/lib/age-gate-middleware.js +3 -6
- package/dist/lib/age-gate-middleware.js.map +1 -1
- package/dist/lib/age-gate.js +3 -8
- package/dist/lib/age-gate.js.map +1 -1
- package/dist/lib/age-tier-transition.d.ts +1 -1
- package/dist/lib/age-tier-transition.d.ts.map +1 -1
- package/dist/lib/age-tier-transition.js +7 -44
- package/dist/lib/age-tier-transition.js.map +1 -1
- package/dist/lib/app.d.ts +76 -0
- package/dist/lib/app.d.ts.map +1 -0
- package/dist/lib/app.js +400 -0
- package/dist/lib/app.js.map +1 -0
- package/dist/lib/audit/csv-export.js +6 -13
- package/dist/lib/audit/csv-export.js.map +1 -1
- package/dist/lib/audit/pii-filter.d.ts +9 -0
- package/dist/lib/audit/pii-filter.d.ts.map +1 -1
- package/dist/lib/audit/pii-filter.js +57 -7
- package/dist/lib/audit/pii-filter.js.map +1 -1
- package/dist/lib/audit-actions.d.ts +94 -0
- package/dist/lib/audit-actions.d.ts.map +1 -0
- package/dist/lib/audit-actions.js +107 -0
- package/dist/lib/audit-actions.js.map +1 -0
- package/dist/lib/audit-composer.d.ts +174 -0
- package/dist/lib/audit-composer.d.ts.map +1 -0
- package/dist/lib/audit-composer.js +421 -0
- package/dist/lib/audit-composer.js.map +1 -0
- package/dist/lib/auth/auth-context.d.ts +1 -1
- package/dist/lib/auth/auth-context.js +1 -2
- package/dist/lib/auth/auth-context.js.map +1 -1
- package/dist/lib/auth/auth-middleware.d.ts +16 -2
- package/dist/lib/auth/auth-middleware.d.ts.map +1 -1
- package/dist/lib/auth/auth-middleware.js +36 -45
- package/dist/lib/auth/auth-middleware.js.map +1 -1
- package/dist/lib/auth/capabilities.js +2 -5
- package/dist/lib/auth/capabilities.js.map +1 -1
- package/dist/lib/auth/claims-cache.d.ts +2 -2
- package/dist/lib/auth/claims-cache.js +19 -24
- package/dist/lib/auth/claims-cache.js.map +1 -1
- package/dist/lib/auth/cognito-jwt.d.ts +20 -2
- package/dist/lib/auth/cognito-jwt.d.ts.map +1 -1
- package/dist/lib/auth/cognito-jwt.js +83 -23
- package/dist/lib/auth/cognito-jwt.js.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts +1 -1
- package/dist/lib/auth/idp-redirect-builder.d.ts.map +1 -1
- package/dist/lib/auth/idp-redirect-builder.js +4 -10
- package/dist/lib/auth/idp-redirect-builder.js.map +1 -1
- package/dist/lib/auth/require.d.ts +4 -4
- package/dist/lib/auth/require.d.ts.map +1 -1
- package/dist/lib/auth/require.js +11 -18
- package/dist/lib/auth/require.js.map +1 -1
- package/dist/lib/auth/role-grants.d.ts +1 -1
- package/dist/lib/auth/role-grants.d.ts.map +1 -1
- package/dist/lib/auth/role-grants.js +28 -31
- package/dist/lib/auth/role-grants.js.map +1 -1
- package/dist/lib/auth-context-manager.js +1 -5
- package/dist/lib/auth-context-manager.js.map +1 -1
- package/dist/lib/auth-handler.d.ts +5 -5
- package/dist/lib/auth-handler.d.ts.map +1 -1
- package/dist/lib/auth-handler.js +5 -9
- package/dist/lib/auth-handler.js.map +1 -1
- package/dist/lib/badge-handler.d.ts +1 -1
- package/dist/lib/badge-handler.d.ts.map +1 -1
- package/dist/lib/badge-handler.js +14 -52
- package/dist/lib/badge-handler.js.map +1 -1
- package/dist/lib/circle-handler.d.ts +10 -10
- package/dist/lib/circle-handler.d.ts.map +1 -1
- package/dist/lib/circle-handler.js +10 -47
- package/dist/lib/circle-handler.js.map +1 -1
- package/dist/lib/cognito/idp-sdk.js +11 -18
- package/dist/lib/cognito/idp-sdk.js.map +1 -1
- package/dist/lib/cognito/issuer-probe.js +9 -14
- package/dist/lib/cognito/issuer-probe.js.map +1 -1
- package/dist/lib/comment-handler.d.ts +10 -10
- package/dist/lib/comment-handler.d.ts.map +1 -1
- package/dist/lib/comment-handler.js +61 -97
- package/dist/lib/comment-handler.js.map +1 -1
- package/dist/lib/compliance/baseline.d.ts +2 -2
- package/dist/lib/compliance/baseline.d.ts.map +1 -1
- package/dist/lib/compliance/baseline.js +15 -18
- package/dist/lib/compliance/baseline.js.map +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts +1 -1
- package/dist/lib/compliance/tenant-merge.d.ts.map +1 -1
- package/dist/lib/compliance/tenant-merge.js +1 -4
- package/dist/lib/compliance/tenant-merge.js.map +1 -1
- package/dist/lib/compliance/types.d.ts +1 -1
- package/dist/lib/compliance/types.js +2 -3
- package/dist/lib/compliance/types.js.map +1 -1
- package/dist/lib/connection-code-handler.d.ts +7 -7
- package/dist/lib/connection-code-handler.d.ts.map +1 -1
- package/dist/lib/connection-code-handler.js +13 -50
- package/dist/lib/connection-code-handler.js.map +1 -1
- package/dist/lib/content-discovery.d.ts +1 -1
- package/dist/lib/content-discovery.d.ts.map +1 -1
- package/dist/lib/content-discovery.js +15 -52
- package/dist/lib/content-discovery.js.map +1 -1
- package/dist/lib/context-aware-data-access.d.ts +1 -1
- package/dist/lib/context-aware-data-access.d.ts.map +1 -1
- package/dist/lib/context-aware-data-access.js +1 -5
- package/dist/lib/context-aware-data-access.js.map +1 -1
- package/dist/lib/cors-handler.d.ts +1 -1
- package/dist/lib/cors-handler.d.ts.map +1 -1
- package/dist/lib/cors-handler.js +13 -17
- package/dist/lib/cors-handler.js.map +1 -1
- package/dist/lib/cost-accumulator.d.ts.map +1 -1
- package/dist/lib/cost-accumulator.js +7 -11
- package/dist/lib/cost-accumulator.js.map +1 -1
- package/dist/lib/crypto/voting/elgamal-encryption.js +1 -5
- package/dist/lib/crypto/voting/elgamal-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/encryption-scheme.js +1 -2
- package/dist/lib/crypto/voting/encryption-scheme.js.map +1 -1
- package/dist/lib/crypto/voting/hash-utils.js +6 -12
- package/dist/lib/crypto/voting/hash-utils.js.map +1 -1
- package/dist/lib/crypto/voting/hybrid-encryption.js +5 -9
- package/dist/lib/crypto/voting/hybrid-encryption.js.map +1 -1
- package/dist/lib/crypto/voting/index.js +4 -14
- package/dist/lib/crypto/voting/index.js.map +1 -1
- package/dist/lib/crypto/voting/post-quantum-encryption.js +1 -5
- package/dist/lib/crypto/voting/post-quantum-encryption.js.map +1 -1
- package/dist/lib/csrf.d.ts +2 -2
- package/dist/lib/csrf.d.ts.map +1 -1
- package/dist/lib/csrf.js +1 -5
- package/dist/lib/csrf.js.map +1 -1
- package/dist/lib/data-router.d.ts +5 -4
- package/dist/lib/data-router.d.ts.map +1 -1
- package/dist/lib/data-router.js +67 -90
- package/dist/lib/data-router.js.map +1 -1
- package/dist/lib/database-circuit-breaker.d.ts +61 -34
- package/dist/lib/database-circuit-breaker.d.ts.map +1 -1
- package/dist/lib/database-circuit-breaker.js +102 -109
- package/dist/lib/database-circuit-breaker.js.map +1 -1
- package/dist/lib/database-config.js +1 -4
- package/dist/lib/database-config.js.map +1 -1
- package/dist/lib/database-connection-manager.d.ts +42 -2
- package/dist/lib/database-connection-manager.d.ts.map +1 -1
- package/dist/lib/database-connection-manager.js +178 -74
- package/dist/lib/database-connection-manager.js.map +1 -1
- package/dist/lib/database-monitor.d.ts +1 -1
- package/dist/lib/database-monitor.d.ts.map +1 -1
- package/dist/lib/database-monitor.js +5 -9
- package/dist/lib/database-monitor.js.map +1 -1
- package/dist/lib/database-rate-limiter.d.ts +1 -1
- package/dist/lib/database-rate-limiter.d.ts.map +1 -1
- package/dist/lib/database-rate-limiter.js +3 -7
- package/dist/lib/database-rate-limiter.js.map +1 -1
- package/dist/lib/database-wrapper-helper.d.ts +2 -2
- package/dist/lib/database-wrapper-helper.d.ts.map +1 -1
- package/dist/lib/database-wrapper-helper.js +7 -11
- package/dist/lib/database-wrapper-helper.js.map +1 -1
- package/dist/lib/database-wrapper.d.ts +1 -1
- package/dist/lib/database-wrapper.d.ts.map +1 -1
- package/dist/lib/database-wrapper.js +5 -9
- package/dist/lib/database-wrapper.js.map +1 -1
- package/dist/lib/db-query-helper.d.ts +3 -3
- package/dist/lib/db-query-helper.d.ts.map +1 -1
- package/dist/lib/db-query-helper.js +4 -9
- package/dist/lib/db-query-helper.js.map +1 -1
- package/dist/lib/discovery-exposure.d.ts +42 -0
- package/dist/lib/discovery-exposure.d.ts.map +1 -0
- package/dist/lib/discovery-exposure.js +89 -0
- package/dist/lib/discovery-exposure.js.map +1 -0
- package/dist/lib/discovery-handler.d.ts +6 -6
- package/dist/lib/discovery-handler.d.ts.map +1 -1
- package/dist/lib/discovery-handler.js +10 -43
- package/dist/lib/discovery-handler.js.map +1 -1
- package/dist/lib/domain-reputation-service.d.ts +1 -1
- package/dist/lib/domain-reputation-service.d.ts.map +1 -1
- package/dist/lib/domain-reputation-service.js +12 -15
- package/dist/lib/domain-reputation-service.js.map +1 -1
- package/dist/lib/email-privacy.js +4 -8
- package/dist/lib/email-privacy.js.map +1 -1
- package/dist/lib/email-provider.d.ts +2 -2
- package/dist/lib/email-provider.d.ts.map +1 -1
- package/dist/lib/email-provider.js +8 -16
- package/dist/lib/email-provider.js.map +1 -1
- package/dist/lib/entity-handler.d.ts +5 -6
- package/dist/lib/entity-handler.d.ts.map +1 -1
- package/dist/lib/entity-handler.js +52 -81
- package/dist/lib/entity-handler.js.map +1 -1
- package/dist/lib/entity-relationship-handler.d.ts +9 -9
- package/dist/lib/entity-relationship-handler.d.ts.map +1 -1
- package/dist/lib/entity-relationship-handler.js +14 -51
- package/dist/lib/entity-relationship-handler.js.map +1 -1
- package/dist/lib/entity-tagging-errors.js +4 -11
- package/dist/lib/entity-tagging-errors.js.map +1 -1
- package/dist/lib/entity-tagging-validator.d.ts +3 -3
- package/dist/lib/entity-tagging-validator.d.ts.map +1 -1
- package/dist/lib/entity-tagging-validator.js +6 -11
- package/dist/lib/entity-tagging-validator.js.map +1 -1
- package/dist/lib/exif-stripper.js +1 -4
- package/dist/lib/exif-stripper.js.map +1 -1
- package/dist/lib/extension-context.d.ts +2 -2
- package/dist/lib/extension-context.d.ts.map +1 -1
- package/dist/lib/extension-context.js +1 -4
- package/dist/lib/extension-context.js.map +1 -1
- package/dist/lib/extension-route-wrapper.d.ts +1 -1
- package/dist/lib/extension-route-wrapper.d.ts.map +1 -1
- package/dist/lib/extension-route-wrapper.js +17 -55
- package/dist/lib/extension-route-wrapper.js.map +1 -1
- package/dist/lib/extension-validator.js +3 -6
- package/dist/lib/extension-validator.js.map +1 -1
- package/dist/lib/feature-flags.d.ts +5 -2
- package/dist/lib/feature-flags.d.ts.map +1 -1
- package/dist/lib/feature-flags.js +15 -48
- package/dist/lib/feature-flags.js.map +1 -1
- package/dist/lib/feature-toggle-global-client.d.ts +6 -0
- package/dist/lib/feature-toggle-global-client.d.ts.map +1 -0
- package/dist/lib/feature-toggle-global-client.js +73 -0
- package/dist/lib/feature-toggle-global-client.js.map +1 -0
- package/dist/lib/feature-toggle-service.d.ts +137 -27
- package/dist/lib/feature-toggle-service.d.ts.map +1 -1
- package/dist/lib/feature-toggle-service.js +302 -119
- package/dist/lib/feature-toggle-service.js.map +1 -1
- package/dist/lib/feed-handler.d.ts +8 -8
- package/dist/lib/feed-handler.d.ts.map +1 -1
- package/dist/lib/feed-handler.js +33 -62
- package/dist/lib/feed-handler.js.map +1 -1
- package/dist/lib/feed-pagination.d.ts +26 -0
- package/dist/lib/feed-pagination.d.ts.map +1 -1
- package/dist/lib/feed-pagination.js +31 -11
- package/dist/lib/feed-pagination.js.map +1 -1
- package/dist/lib/feed-personalization.d.ts +1 -1
- package/dist/lib/feed-personalization.d.ts.map +1 -1
- package/dist/lib/feed-personalization.js +6 -43
- package/dist/lib/feed-personalization.js.map +1 -1
- package/dist/lib/followers-events.js +8 -13
- package/dist/lib/followers-events.js.map +1 -1
- package/dist/lib/friends-handler.d.ts +2 -2
- package/dist/lib/friends-handler.d.ts.map +1 -1
- package/dist/lib/friends-handler.js +9 -46
- package/dist/lib/friends-handler.js.map +1 -1
- package/dist/lib/geo/entity-geo-repository.d.ts +67 -0
- package/dist/lib/geo/entity-geo-repository.d.ts.map +1 -0
- package/dist/lib/geo/entity-geo-repository.js +91 -0
- package/dist/lib/geo/entity-geo-repository.js.map +1 -0
- package/dist/lib/graph/errors.d.ts.map +1 -1
- package/dist/lib/graph/errors.js +13 -18
- package/dist/lib/graph/errors.js.map +1 -1
- package/dist/lib/graph/graph-factory.d.ts +12 -53
- package/dist/lib/graph/graph-factory.d.ts.map +1 -1
- package/dist/lib/graph/graph-factory.js +67 -162
- package/dist/lib/graph/graph-factory.js.map +1 -1
- package/dist/lib/graph/graph-service.d.ts +1 -1
- package/dist/lib/graph/graph-service.d.ts.map +1 -1
- package/dist/lib/graph/graph-service.js +1 -2
- package/dist/lib/graph/graph-service.js.map +1 -1
- package/dist/lib/graph/index.d.ts +10 -14
- package/dist/lib/graph/index.d.ts.map +1 -1
- package/dist/lib/graph/index.js +12 -46
- package/dist/lib/graph/index.js.map +1 -1
- package/dist/lib/graph/postgres/_shared.d.ts +18 -0
- package/dist/lib/graph/postgres/_shared.d.ts.map +1 -0
- package/dist/lib/graph/postgres/_shared.js +24 -0
- package/dist/lib/graph/postgres/_shared.js.map +1 -0
- package/dist/lib/graph/postgres/circles.d.ts +66 -0
- package/dist/lib/graph/postgres/circles.d.ts.map +1 -0
- package/dist/lib/graph/postgres/circles.js +513 -0
- package/dist/lib/graph/postgres/circles.js.map +1 -0
- package/dist/lib/graph/postgres/discovery.d.ts +165 -0
- package/dist/lib/graph/postgres/discovery.d.ts.map +1 -0
- package/dist/lib/graph/postgres/discovery.js +579 -0
- package/dist/lib/graph/postgres/discovery.js.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts +53 -0
- package/dist/lib/graph/postgres/entity-relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/entity-relationships.js +304 -0
- package/dist/lib/graph/postgres/entity-relationships.js.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts +106 -0
- package/dist/lib/graph/postgres/interaction-events.d.ts.map +1 -0
- package/dist/lib/graph/postgres/interaction-events.js +162 -0
- package/dist/lib/graph/postgres/interaction-events.js.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts +74 -0
- package/dist/lib/graph/postgres/postgres-graph-service.d.ts.map +1 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js +167 -0
- package/dist/lib/graph/postgres/postgres-graph-service.js.map +1 -0
- package/dist/lib/graph/postgres/relationships.d.ts +58 -0
- package/dist/lib/graph/postgres/relationships.d.ts.map +1 -0
- package/dist/lib/graph/postgres/relationships.js +314 -0
- package/dist/lib/graph/postgres/relationships.js.map +1 -0
- package/dist/lib/graph/postgres/scoring.d.ts +74 -0
- package/dist/lib/graph/postgres/scoring.d.ts.map +1 -0
- package/dist/lib/graph/postgres/scoring.js +297 -0
- package/dist/lib/graph/postgres/scoring.js.map +1 -0
- package/dist/lib/graph/postgres/sync.d.ts +149 -0
- package/dist/lib/graph/postgres/sync.d.ts.map +1 -0
- package/dist/lib/graph/postgres/sync.js +269 -0
- package/dist/lib/graph/postgres/sync.js.map +1 -0
- package/dist/lib/graph/scoring-engine.d.ts +7 -1
- package/dist/lib/graph/scoring-engine.d.ts.map +1 -1
- package/dist/lib/graph/scoring-engine.js +29 -35
- package/dist/lib/graph/scoring-engine.js.map +1 -1
- package/dist/lib/graph/types.d.ts +18 -1
- package/dist/lib/graph/types.d.ts.map +1 -1
- package/dist/lib/graph/types.js +1 -2
- package/dist/lib/graph/types.js.map +1 -1
- package/dist/lib/hook-dispatcher.d.ts +1 -1
- package/dist/lib/hook-dispatcher.d.ts.map +1 -1
- package/dist/lib/hook-dispatcher.js +8 -12
- package/dist/lib/hook-dispatcher.js.map +1 -1
- package/dist/lib/input-sanitizer.js +1 -5
- package/dist/lib/input-sanitizer.js.map +1 -1
- package/dist/lib/internal-docs-handler.d.ts +2 -2
- package/dist/lib/internal-docs-handler.d.ts.map +1 -1
- package/dist/lib/internal-docs-handler.js +20 -28
- package/dist/lib/internal-docs-handler.js.map +1 -1
- package/dist/lib/internal-docs-navigation.js +2 -6
- package/dist/lib/internal-docs-navigation.js.map +1 -1
- package/dist/lib/invitation-handler.d.ts +2 -2
- package/dist/lib/invitation-handler.d.ts.map +1 -1
- package/dist/lib/invitation-handler.js +41 -82
- package/dist/lib/invitation-handler.js.map +1 -1
- package/dist/lib/ip-scrubber.js +3 -8
- package/dist/lib/ip-scrubber.js.map +1 -1
- package/dist/lib/link-security-handler.d.ts +3 -2
- package/dist/lib/link-security-handler.d.ts.map +1 -1
- package/dist/lib/link-security-handler.js +8 -44
- package/dist/lib/link-security-handler.js.map +1 -1
- package/dist/lib/logger.d.ts +31 -82
- package/dist/lib/logger.d.ts.map +1 -1
- package/dist/lib/logger.js +43 -185
- package/dist/lib/logger.js.map +1 -1
- package/dist/lib/media-cleanup-handler.d.ts +2 -2
- package/dist/lib/media-cleanup-handler.d.ts.map +1 -1
- package/dist/lib/media-cleanup-handler.js +7 -11
- package/dist/lib/media-cleanup-handler.js.map +1 -1
- package/dist/lib/media-handler.d.ts +1 -1
- package/dist/lib/media-handler.d.ts.map +1 -1
- package/dist/lib/media-handler.js +36 -73
- package/dist/lib/media-handler.js.map +1 -1
- package/dist/lib/media-metadata-extractor.d.ts +1 -1
- package/dist/lib/media-metadata-extractor.d.ts.map +1 -1
- package/dist/lib/media-metadata-extractor.js +3 -7
- package/dist/lib/media-metadata-extractor.js.map +1 -1
- package/dist/lib/media-metrics.d.ts +2 -2
- package/dist/lib/media-metrics.d.ts.map +1 -1
- package/dist/lib/media-metrics.js +3 -7
- package/dist/lib/media-metrics.js.map +1 -1
- package/dist/lib/metadata/index.d.ts +5 -5
- package/dist/lib/metadata/index.d.ts.map +1 -1
- package/dist/lib/metadata/index.js +5 -21
- package/dist/lib/metadata/index.js.map +1 -1
- package/dist/lib/metadata/metadata-config.js +2 -5
- package/dist/lib/metadata/metadata-config.js.map +1 -1
- package/dist/lib/metadata/metadata-errors.js +2 -7
- package/dist/lib/metadata/metadata-errors.js.map +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts +1 -1
- package/dist/lib/metadata/metadata-extractor.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-extractor.js +42 -82
- package/dist/lib/metadata/metadata-extractor.js.map +1 -1
- package/dist/lib/metadata/metadata-sanitizer.js +17 -24
- package/dist/lib/metadata/metadata-sanitizer.js.map +1 -1
- package/dist/lib/metadata/metadata-schemas.d.ts +16 -100
- package/dist/lib/metadata/metadata-schemas.d.ts.map +1 -1
- package/dist/lib/metadata/metadata-schemas.js +31 -34
- package/dist/lib/metadata/metadata-schemas.js.map +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts +1 -1
- package/dist/lib/mfa/mfa-handler.d.ts.map +1 -1
- package/dist/lib/mfa/mfa-handler.js +13 -17
- package/dist/lib/mfa/mfa-handler.js.map +1 -1
- package/dist/lib/mfa/totp-service.js +8 -18
- package/dist/lib/mfa/totp-service.js.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/comment-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/comment-rate-limit.js +7 -10
- package/dist/lib/middleware/comment-rate-limit.js.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.d.ts.map +1 -1
- package/dist/lib/middleware/feature-toggle-rate-limit.js +8 -13
- package/dist/lib/middleware/feature-toggle-rate-limit.js.map +1 -1
- package/dist/lib/middleware/idempotency-store.js +20 -26
- package/dist/lib/middleware/idempotency-store.js.map +1 -1
- package/dist/lib/middleware/idempotency.d.ts +2 -2
- package/dist/lib/middleware/idempotency.d.ts.map +1 -1
- package/dist/lib/middleware/idempotency.js +12 -50
- package/dist/lib/middleware/idempotency.js.map +1 -1
- package/dist/lib/middleware.d.ts +22 -9
- package/dist/lib/middleware.d.ts.map +1 -1
- package/dist/lib/middleware.js +72 -153
- package/dist/lib/middleware.js.map +1 -1
- package/dist/lib/moderation-handler.d.ts +1 -1
- package/dist/lib/moderation-handler.d.ts.map +1 -1
- package/dist/lib/moderation-handler.js +15 -54
- package/dist/lib/moderation-handler.js.map +1 -1
- package/dist/lib/net/trusted-client-ip.d.ts +8 -30
- package/dist/lib/net/trusted-client-ip.d.ts.map +1 -1
- package/dist/lib/net/trusted-client-ip.js +13 -94
- package/dist/lib/net/trusted-client-ip.js.map +1 -1
- package/dist/lib/notification-handler.d.ts +1 -1
- package/dist/lib/notification-handler.d.ts.map +1 -1
- package/dist/lib/notification-handler.js +10 -15
- package/dist/lib/notification-handler.js.map +1 -1
- package/dist/lib/notification-preferences-handler.d.ts +1 -1
- package/dist/lib/notification-preferences-handler.d.ts.map +1 -1
- package/dist/lib/notification-preferences-handler.js +7 -11
- package/dist/lib/notification-preferences-handler.js.map +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts +1 -1
- package/dist/lib/oauth/cognito-issuer.d.ts.map +1 -1
- package/dist/lib/oauth/cognito-issuer.js +5 -10
- package/dist/lib/oauth/cognito-issuer.js.map +1 -1
- package/dist/lib/oauth/device-authorization.d.ts +1 -1
- package/dist/lib/oauth/device-authorization.d.ts.map +1 -1
- package/dist/lib/oauth/device-authorization.js +62 -77
- package/dist/lib/oauth/device-authorization.js.map +1 -1
- package/dist/lib/oauth/envelope-crypto.d.ts +2 -2
- package/dist/lib/oauth/envelope-crypto.js +22 -34
- package/dist/lib/oauth/envelope-crypto.js.map +1 -1
- package/dist/lib/oauth/refresh-detection.js +42 -52
- package/dist/lib/oauth/refresh-detection.js.map +1 -1
- package/dist/lib/openai-budget.d.ts.map +1 -1
- package/dist/lib/openai-budget.js +7 -44
- package/dist/lib/openai-budget.js.map +1 -1
- package/dist/lib/openapi/generator.d.ts +1 -1
- package/dist/lib/openapi/generator.d.ts.map +1 -1
- package/dist/lib/openapi/generator.js +2 -6
- package/dist/lib/openapi/generator.js.map +1 -1
- package/dist/lib/orphaned-media-handler.d.ts +1 -1
- package/dist/lib/orphaned-media-handler.d.ts.map +1 -1
- package/dist/lib/orphaned-media-handler.js +9 -46
- package/dist/lib/orphaned-media-handler.js.map +1 -1
- package/dist/lib/parental-control-handler.d.ts +2 -2
- package/dist/lib/parental-control-handler.d.ts.map +1 -1
- package/dist/lib/parental-control-handler.js +18 -55
- package/dist/lib/parental-control-handler.js.map +1 -1
- package/dist/lib/parental-link-handler.d.ts +8 -8
- package/dist/lib/parental-link-handler.d.ts.map +1 -1
- package/dist/lib/parental-link-handler.js +10 -14
- package/dist/lib/parental-link-handler.js.map +1 -1
- package/dist/lib/performance-metrics.d.ts +1 -1
- package/dist/lib/performance-metrics.d.ts.map +1 -1
- package/dist/lib/performance-metrics.js +3 -6
- package/dist/lib/performance-metrics.js.map +1 -1
- package/dist/lib/post-handler.d.ts +9 -9
- package/dist/lib/post-handler.d.ts.map +1 -1
- package/dist/lib/post-handler.js +67 -101
- package/dist/lib/post-handler.js.map +1 -1
- package/dist/lib/privacy-defaults.js +3 -8
- package/dist/lib/privacy-defaults.js.map +1 -1
- package/dist/lib/privacy-handler.d.ts +2 -2
- package/dist/lib/privacy-handler.d.ts.map +1 -1
- package/dist/lib/privacy-handler.js +6 -10
- package/dist/lib/privacy-handler.js.map +1 -1
- package/dist/lib/pseudonym.d.ts +56 -0
- package/dist/lib/pseudonym.d.ts.map +1 -0
- package/dist/lib/pseudonym.js +85 -0
- package/dist/lib/pseudonym.js.map +1 -0
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts +2 -2
- package/dist/lib/queue-consumers/media-reconciliation-consumer.d.ts.map +1 -1
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js +5 -8
- package/dist/lib/queue-consumers/media-reconciliation-consumer.js.map +1 -1
- package/dist/lib/quiet-hours.js +2 -6
- package/dist/lib/quiet-hours.js.map +1 -1
- package/dist/lib/rate-limit.d.ts +58 -47
- package/dist/lib/rate-limit.d.ts.map +1 -1
- package/dist/lib/rate-limit.js +168 -157
- package/dist/lib/rate-limit.js.map +1 -1
- package/dist/lib/reaction-handler.d.ts +10 -10
- package/dist/lib/reaction-handler.d.ts.map +1 -1
- package/dist/lib/reaction-handler.js +44 -80
- package/dist/lib/reaction-handler.js.map +1 -1
- package/dist/lib/recaptcha.js +6 -9
- package/dist/lib/recaptcha.js.map +1 -1
- package/dist/lib/redirect-resolver.d.ts +2 -2
- package/dist/lib/redirect-resolver.d.ts.map +1 -1
- package/dist/lib/redirect-resolver.js +5 -9
- package/dist/lib/redirect-resolver.js.map +1 -1
- package/dist/lib/region-config.d.ts +3 -3
- package/dist/lib/region-config.d.ts.map +1 -1
- package/dist/lib/region-config.js +15 -58
- package/dist/lib/region-config.js.map +1 -1
- package/dist/lib/region-detection.d.ts +55 -24
- package/dist/lib/region-detection.d.ts.map +1 -1
- package/dist/lib/region-detection.js +140 -199
- package/dist/lib/region-detection.js.map +1 -1
- package/dist/lib/region-registry.d.ts +49 -0
- package/dist/lib/region-registry.d.ts.map +1 -0
- package/dist/lib/region-registry.js +112 -0
- package/dist/lib/region-registry.js.map +1 -0
- package/dist/lib/relationship-handler.d.ts +9 -9
- package/dist/lib/relationship-handler.d.ts.map +1 -1
- package/dist/lib/relationship-handler.js +12 -49
- package/dist/lib/relationship-handler.js.map +1 -1
- package/dist/lib/request-context.d.ts +16 -16
- package/dist/lib/request-context.d.ts.map +1 -1
- package/dist/lib/request-context.js +14 -22
- package/dist/lib/request-context.js.map +1 -1
- package/dist/lib/route-helpers.d.ts +3 -4
- package/dist/lib/route-helpers.d.ts.map +1 -1
- package/dist/lib/route-helpers.js +20 -75
- package/dist/lib/route-helpers.js.map +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts +1 -1
- package/dist/lib/routes/activitypub/actor.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/actor.js +20 -23
- package/dist/lib/routes/activitypub/actor.js.map +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts +1 -1
- package/dist/lib/routes/activitypub/audiences.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/audiences.js +76 -80
- package/dist/lib/routes/activitypub/audiences.js.map +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts +1 -1
- package/dist/lib/routes/activitypub/collections.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/collections.js +24 -26
- package/dist/lib/routes/activitypub/collections.js.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts +1 -1
- package/dist/lib/routes/activitypub/entity-profile.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/entity-profile.js +36 -39
- package/dist/lib/routes/activitypub/entity-profile.js.map +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts +1 -1
- package/dist/lib/routes/activitypub/friends.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/friends.js +9 -12
- package/dist/lib/routes/activitypub/friends.js.map +1 -1
- package/dist/lib/routes/activitypub/group.d.ts +1 -1
- package/dist/lib/routes/activitypub/group.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/group.js +91 -94
- package/dist/lib/routes/activitypub/group.js.map +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/inbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/inbox.js +30 -33
- package/dist/lib/routes/activitypub/inbox.js.map +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts +1 -1
- package/dist/lib/routes/activitypub/messages.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/messages.js +79 -83
- package/dist/lib/routes/activitypub/messages.js.map +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts +1 -1
- package/dist/lib/routes/activitypub/outbox.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/outbox.js +9 -12
- package/dist/lib/routes/activitypub/outbox.js.map +1 -1
- package/dist/lib/routes/activitypub/post.d.ts +1 -1
- package/dist/lib/routes/activitypub/post.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/post.js +32 -35
- package/dist/lib/routes/activitypub/post.js.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts +1 -1
- package/dist/lib/routes/activitypub/webfinger.d.ts.map +1 -1
- package/dist/lib/routes/activitypub/webfinger.js +5 -8
- package/dist/lib/routes/activitypub/webfinger.js.map +1 -1
- package/dist/lib/routes/admin-costs.d.ts +1 -1
- package/dist/lib/routes/admin-costs.d.ts.map +1 -1
- package/dist/lib/routes/admin-costs.js +22 -26
- package/dist/lib/routes/admin-costs.js.map +1 -1
- package/dist/lib/routes/admin.d.ts +1 -1
- package/dist/lib/routes/admin.d.ts.map +1 -1
- package/dist/lib/routes/admin.js +290 -269
- package/dist/lib/routes/admin.js.map +1 -1
- package/dist/lib/routes/agent-authorize.d.ts +5 -5
- package/dist/lib/routes/agent-authorize.d.ts.map +1 -1
- package/dist/lib/routes/agent-authorize.js +68 -74
- package/dist/lib/routes/agent-authorize.js.map +1 -1
- package/dist/lib/routes/agent-sessions.d.ts +4 -4
- package/dist/lib/routes/agent-sessions.d.ts.map +1 -1
- package/dist/lib/routes/agent-sessions.js +30 -35
- package/dist/lib/routes/agent-sessions.js.map +1 -1
- package/dist/lib/routes/agent-surface.d.ts +2 -2
- package/dist/lib/routes/agent-surface.d.ts.map +1 -1
- package/dist/lib/routes/agent-surface.js +20 -24
- package/dist/lib/routes/agent-surface.js.map +1 -1
- package/dist/lib/routes/auth-discover.d.ts +1 -1
- package/dist/lib/routes/auth-discover.d.ts.map +1 -1
- package/dist/lib/routes/auth-discover.js +20 -56
- package/dist/lib/routes/auth-discover.js.map +1 -1
- package/dist/lib/routes/auth.d.ts +1 -1
- package/dist/lib/routes/auth.d.ts.map +1 -1
- package/dist/lib/routes/auth.js +13 -16
- package/dist/lib/routes/auth.js.map +1 -1
- package/dist/lib/routes/badges.d.ts +1 -1
- package/dist/lib/routes/badges.d.ts.map +1 -1
- package/dist/lib/routes/badges.js +20 -23
- package/dist/lib/routes/badges.js.map +1 -1
- package/dist/lib/routes/circles.d.ts +1 -1
- package/dist/lib/routes/circles.d.ts.map +1 -1
- package/dist/lib/routes/circles.js +40 -44
- package/dist/lib/routes/circles.js.map +1 -1
- package/dist/lib/routes/comments.d.ts +1 -1
- package/dist/lib/routes/comments.d.ts.map +1 -1
- package/dist/lib/routes/comments.js +67 -71
- package/dist/lib/routes/comments.js.map +1 -1
- package/dist/lib/routes/connection-codes.d.ts +1 -1
- package/dist/lib/routes/connection-codes.d.ts.map +1 -1
- package/dist/lib/routes/connection-codes.js +30 -34
- package/dist/lib/routes/connection-codes.js.map +1 -1
- package/dist/lib/routes/content-discovery.d.ts +1 -1
- package/dist/lib/routes/content-discovery.d.ts.map +1 -1
- package/dist/lib/routes/content-discovery.js +31 -34
- package/dist/lib/routes/content-discovery.js.map +1 -1
- package/dist/lib/routes/dashboard.d.ts +1 -1
- package/dist/lib/routes/dashboard.d.ts.map +1 -1
- package/dist/lib/routes/dashboard.js +251 -288
- package/dist/lib/routes/dashboard.js.map +1 -1
- package/dist/lib/routes/deletion.d.ts +1 -1
- package/dist/lib/routes/deletion.d.ts.map +1 -1
- package/dist/lib/routes/deletion.js +37 -74
- package/dist/lib/routes/deletion.js.map +1 -1
- package/dist/lib/routes/discovery.d.ts +1 -1
- package/dist/lib/routes/discovery.d.ts.map +1 -1
- package/dist/lib/routes/discovery.js +20 -24
- package/dist/lib/routes/discovery.js.map +1 -1
- package/dist/lib/routes/employees.d.ts +1 -1
- package/dist/lib/routes/employees.d.ts.map +1 -1
- package/dist/lib/routes/employees.js +15 -52
- package/dist/lib/routes/employees.js.map +1 -1
- package/dist/lib/routes/entities.d.ts +1 -1
- package/dist/lib/routes/entities.d.ts.map +1 -1
- package/dist/lib/routes/entities.js +133 -137
- package/dist/lib/routes/entities.js.map +1 -1
- package/dist/lib/routes/entity-relationships.d.ts +1 -1
- package/dist/lib/routes/entity-relationships.d.ts.map +1 -1
- package/dist/lib/routes/entity-relationships.js +35 -39
- package/dist/lib/routes/entity-relationships.js.map +1 -1
- package/dist/lib/routes/errors.d.ts +1 -1
- package/dist/lib/routes/errors.d.ts.map +1 -1
- package/dist/lib/routes/errors.js +4 -10
- package/dist/lib/routes/errors.js.map +1 -1
- package/dist/lib/routes/export.d.ts +1 -1
- package/dist/lib/routes/export.d.ts.map +1 -1
- package/dist/lib/routes/export.js +31 -35
- package/dist/lib/routes/export.js.map +1 -1
- package/dist/lib/routes/feature-flags.d.ts +1 -1
- package/dist/lib/routes/feature-flags.d.ts.map +1 -1
- package/dist/lib/routes/feature-flags.js +20 -23
- package/dist/lib/routes/feature-flags.js.map +1 -1
- package/dist/lib/routes/feeds.d.ts +1 -1
- package/dist/lib/routes/feeds.d.ts.map +1 -1
- package/dist/lib/routes/feeds.js +42 -46
- package/dist/lib/routes/feeds.js.map +1 -1
- package/dist/lib/routes/friends.d.ts +1 -1
- package/dist/lib/routes/friends.d.ts.map +1 -1
- package/dist/lib/routes/friends.js +35 -39
- package/dist/lib/routes/friends.js.map +1 -1
- package/dist/lib/routes/health.d.ts +1 -1
- package/dist/lib/routes/health.d.ts.map +1 -1
- package/dist/lib/routes/health.js +23 -27
- package/dist/lib/routes/health.js.map +1 -1
- package/dist/lib/routes/index.d.ts +2 -7
- package/dist/lib/routes/index.d.ts.map +1 -1
- package/dist/lib/routes/index.js +137 -158
- package/dist/lib/routes/index.js.map +1 -1
- package/dist/lib/routes/internal-docs.d.ts +1 -1
- package/dist/lib/routes/internal-docs.d.ts.map +1 -1
- package/dist/lib/routes/internal-docs.js +13 -16
- package/dist/lib/routes/internal-docs.js.map +1 -1
- package/dist/lib/routes/invitations.d.ts +1 -1
- package/dist/lib/routes/invitations.d.ts.map +1 -1
- package/dist/lib/routes/invitations.js +19 -22
- package/dist/lib/routes/invitations.js.map +1 -1
- package/dist/lib/routes/link-reports.d.ts +2 -2
- package/dist/lib/routes/link-reports.d.ts.map +1 -1
- package/dist/lib/routes/link-reports.js +86 -48
- package/dist/lib/routes/link-reports.js.map +1 -1
- package/dist/lib/routes/map.d.ts +1 -1
- package/dist/lib/routes/map.d.ts.map +1 -1
- package/dist/lib/routes/map.js +5 -8
- package/dist/lib/routes/map.js.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts +1 -1
- package/dist/lib/routes/media-metadata-visibility.d.ts.map +1 -1
- package/dist/lib/routes/media-metadata-visibility.js +30 -67
- package/dist/lib/routes/media-metadata-visibility.js.map +1 -1
- package/dist/lib/routes/media.d.ts +1 -1
- package/dist/lib/routes/media.d.ts.map +1 -1
- package/dist/lib/routes/media.js +156 -193
- package/dist/lib/routes/media.js.map +1 -1
- package/dist/lib/routes/mfa.d.ts +1 -1
- package/dist/lib/routes/mfa.d.ts.map +1 -1
- package/dist/lib/routes/mfa.js +60 -64
- package/dist/lib/routes/mfa.js.map +1 -1
- package/dist/lib/routes/notifications.d.ts +1 -1
- package/dist/lib/routes/notifications.d.ts.map +1 -1
- package/dist/lib/routes/notifications.js +68 -72
- package/dist/lib/routes/notifications.js.map +1 -1
- package/dist/lib/routes/oauth.d.ts +1 -1
- package/dist/lib/routes/oauth.d.ts.map +1 -1
- package/dist/lib/routes/oauth.js +20 -23
- package/dist/lib/routes/oauth.js.map +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts +1 -1
- package/dist/lib/routes/orphaned-media-health.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media-health.js +10 -13
- package/dist/lib/routes/orphaned-media-health.js.map +1 -1
- package/dist/lib/routes/orphaned-media.d.ts +1 -1
- package/dist/lib/routes/orphaned-media.d.ts.map +1 -1
- package/dist/lib/routes/orphaned-media.js +20 -57
- package/dist/lib/routes/orphaned-media.js.map +1 -1
- package/dist/lib/routes/out.d.ts +1 -1
- package/dist/lib/routes/out.d.ts.map +1 -1
- package/dist/lib/routes/out.js +21 -24
- package/dist/lib/routes/out.js.map +1 -1
- package/dist/lib/routes/parental-controls.d.ts +1 -1
- package/dist/lib/routes/parental-controls.d.ts.map +1 -1
- package/dist/lib/routes/parental-controls.js +91 -95
- package/dist/lib/routes/parental-controls.js.map +1 -1
- package/dist/lib/routes/posts.d.ts +1 -1
- package/dist/lib/routes/posts.d.ts.map +1 -1
- package/dist/lib/routes/posts.js +101 -105
- package/dist/lib/routes/posts.js.map +1 -1
- package/dist/lib/routes/privacy.d.ts +1 -1
- package/dist/lib/routes/privacy.d.ts.map +1 -1
- package/dist/lib/routes/privacy.js +21 -25
- package/dist/lib/routes/privacy.js.map +1 -1
- package/dist/lib/routes/products.d.ts +1 -1
- package/dist/lib/routes/products.d.ts.map +1 -1
- package/dist/lib/routes/products.js +44 -48
- package/dist/lib/routes/products.js.map +1 -1
- package/dist/lib/routes/relationships.d.ts +1 -1
- package/dist/lib/routes/relationships.d.ts.map +1 -1
- package/dist/lib/routes/relationships.js +35 -39
- package/dist/lib/routes/relationships.js.map +1 -1
- package/dist/lib/routes/sentiments.d.ts +1 -1
- package/dist/lib/routes/sentiments.d.ts.map +1 -1
- package/dist/lib/routes/sentiments.js +71 -75
- package/dist/lib/routes/sentiments.js.map +1 -1
- package/dist/lib/routes/setup-status.d.ts +1 -1
- package/dist/lib/routes/setup-status.d.ts.map +1 -1
- package/dist/lib/routes/setup-status.js +17 -20
- package/dist/lib/routes/setup-status.js.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts +1 -1
- package/dist/lib/routes/taxonomy-analytics.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy-analytics.js +29 -33
- package/dist/lib/routes/taxonomy-analytics.js.map +1 -1
- package/dist/lib/routes/taxonomy.d.ts +1 -1
- package/dist/lib/routes/taxonomy.d.ts.map +1 -1
- package/dist/lib/routes/taxonomy.js +48 -51
- package/dist/lib/routes/taxonomy.js.map +1 -1
- package/dist/lib/routes/tenant-audit.d.ts +1 -1
- package/dist/lib/routes/tenant-audit.d.ts.map +1 -1
- package/dist/lib/routes/tenant-audit.js +35 -92
- package/dist/lib/routes/tenant-audit.js.map +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts +1 -1
- package/dist/lib/routes/tenant-compliance.d.ts.map +1 -1
- package/dist/lib/routes/tenant-compliance.js +16 -52
- package/dist/lib/routes/tenant-compliance.js.map +1 -1
- package/dist/lib/routes/tenant-domains.d.ts +1 -1
- package/dist/lib/routes/tenant-domains.d.ts.map +1 -1
- package/dist/lib/routes/tenant-domains.js +27 -30
- package/dist/lib/routes/tenant-domains.js.map +1 -1
- package/dist/lib/routes/tenant-idp.d.ts +1 -1
- package/dist/lib/routes/tenant-idp.d.ts.map +1 -1
- package/dist/lib/routes/tenant-idp.js +27 -30
- package/dist/lib/routes/tenant-idp.js.map +1 -1
- package/dist/lib/routes/tenant-members.d.ts +1 -1
- package/dist/lib/routes/tenant-members.d.ts.map +1 -1
- package/dist/lib/routes/tenant-members.js +21 -24
- package/dist/lib/routes/tenant-members.js.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts +1 -1
- package/dist/lib/routes/tenant-role-mappings.d.ts.map +1 -1
- package/dist/lib/routes/tenant-role-mappings.js +27 -30
- package/dist/lib/routes/tenant-role-mappings.js.map +1 -1
- package/dist/lib/routes/tenants.d.ts +1 -1
- package/dist/lib/routes/tenants.d.ts.map +1 -1
- package/dist/lib/routes/tenants.js +37 -40
- package/dist/lib/routes/tenants.js.map +1 -1
- package/dist/lib/routes/types.d.ts +10 -5
- package/dist/lib/routes/types.d.ts.map +1 -1
- package/dist/lib/routes/types.js +1 -2
- package/dist/lib/routes/types.js.map +1 -1
- package/dist/lib/routes/upload-sessions.d.ts +1 -1
- package/dist/lib/routes/upload-sessions.d.ts.map +1 -1
- package/dist/lib/routes/upload-sessions.js +57 -94
- package/dist/lib/routes/upload-sessions.js.map +1 -1
- package/dist/lib/routes/user.d.ts +1 -1
- package/dist/lib/routes/user.d.ts.map +1 -1
- package/dist/lib/routes/user.js +137 -85
- package/dist/lib/routes/user.js.map +1 -1
- package/dist/lib/routes.d.ts +2 -2
- package/dist/lib/routes.d.ts.map +1 -1
- package/dist/lib/routes.js +2 -7
- package/dist/lib/routes.js.map +1 -1
- package/dist/lib/scaling-health.d.ts.map +1 -1
- package/dist/lib/scaling-health.js +6 -9
- package/dist/lib/scaling-health.js.map +1 -1
- package/dist/lib/scheduled/media-stale-cleanup.js +5 -8
- package/dist/lib/scheduled/media-stale-cleanup.js.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.d.ts.map +1 -1
- package/dist/lib/scheduled/orphaned-media-monitor.js +5 -42
- package/dist/lib/scheduled/orphaned-media-monitor.js.map +1 -1
- package/dist/lib/schemas.d.ts +85 -204
- package/dist/lib/schemas.d.ts.map +1 -1
- package/dist/lib/schemas.js +71 -74
- package/dist/lib/schemas.js.map +1 -1
- package/dist/lib/secrets/idp-secrets.d.ts +1 -1
- package/dist/lib/secrets/idp-secrets.js +13 -19
- package/dist/lib/secrets/idp-secrets.js.map +1 -1
- package/dist/lib/security-event-cleaner.js +1 -5
- package/dist/lib/security-event-cleaner.js.map +1 -1
- package/dist/lib/security-headers.js +1 -5
- package/dist/lib/security-headers.js.map +1 -1
- package/dist/lib/security-monitor.d.ts +4 -2
- package/dist/lib/security-monitor.d.ts.map +1 -1
- package/dist/lib/security-monitor.js +16 -18
- package/dist/lib/security-monitor.js.map +1 -1
- package/dist/lib/sentiment-digest.d.ts +1 -1
- package/dist/lib/sentiment-digest.d.ts.map +1 -1
- package/dist/lib/sentiment-digest.js +5 -8
- package/dist/lib/sentiment-digest.js.map +1 -1
- package/dist/lib/sentiment-display.js +3 -7
- package/dist/lib/sentiment-display.js.map +1 -1
- package/dist/lib/services/image-normalizer.js +1 -5
- package/dist/lib/services/image-normalizer.js.map +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts +1 -1
- package/dist/lib/services/media-reconciliation-service.d.ts.map +1 -1
- package/dist/lib/services/media-reconciliation-service.js +7 -11
- package/dist/lib/services/media-reconciliation-service.js.map +1 -1
- package/dist/lib/services/media-upload-service.d.ts +1 -1
- package/dist/lib/services/media-upload-service.d.ts.map +1 -1
- package/dist/lib/services/media-upload-service.js +4 -8
- package/dist/lib/services/media-upload-service.js.map +1 -1
- package/dist/lib/services/user-data-deletion.d.ts +45 -2
- package/dist/lib/services/user-data-deletion.d.ts.map +1 -1
- package/dist/lib/services/user-data-deletion.js +87 -9
- package/dist/lib/services/user-data-deletion.js.map +1 -1
- package/dist/lib/session-awareness.js +2 -6
- package/dist/lib/session-awareness.js.map +1 -1
- package/dist/lib/session-config.js +8 -17
- package/dist/lib/session-config.js.map +1 -1
- package/dist/lib/{session-manager.d.ts → session-cookie.d.ts} +58 -15
- package/dist/lib/session-cookie.d.ts.map +1 -0
- package/dist/lib/session-cookie.js +0 -0
- package/dist/lib/session-cookie.js.map +1 -0
- package/dist/lib/signup-metadata.d.ts +129 -0
- package/dist/lib/signup-metadata.d.ts.map +1 -0
- package/dist/lib/signup-metadata.js +127 -0
- package/dist/lib/signup-metadata.js.map +1 -0
- package/dist/lib/sso-auth-handler.js +1 -5
- package/dist/lib/sso-auth-handler.js.map +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts +1 -1
- package/dist/lib/tag-suggestions-handler.d.ts.map +1 -1
- package/dist/lib/tag-suggestions-handler.js +1 -5
- package/dist/lib/tag-suggestions-handler.js.map +1 -1
- package/dist/lib/taxonomy-handler-factory.d.ts +2 -2
- package/dist/lib/taxonomy-handler-factory.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler-factory.js +7 -10
- package/dist/lib/taxonomy-handler-factory.js.map +1 -1
- package/dist/lib/taxonomy-handler.d.ts +2 -2
- package/dist/lib/taxonomy-handler.d.ts.map +1 -1
- package/dist/lib/taxonomy-handler.js +8 -8
- package/dist/lib/taxonomy-handler.js.map +1 -1
- package/dist/lib/taxonomy-metrics.js +5 -9
- package/dist/lib/taxonomy-metrics.js.map +1 -1
- package/dist/lib/taxonomy-search-metrics.d.ts +2 -2
- package/dist/lib/taxonomy-search-metrics.d.ts.map +1 -1
- package/dist/lib/taxonomy-search-metrics.js +3 -7
- package/dist/lib/taxonomy-search-metrics.js.map +1 -1
- package/dist/lib/tenant/audit-emit.d.ts +18 -8
- package/dist/lib/tenant/audit-emit.d.ts.map +1 -1
- package/dist/lib/tenant/audit-emit.js +50 -11
- package/dist/lib/tenant/audit-emit.js.map +1 -1
- package/dist/lib/tenant/derive-domain.js +1 -4
- package/dist/lib/tenant/derive-domain.js.map +1 -1
- package/dist/lib/tenant/domain-handler.d.ts +2 -2
- package/dist/lib/tenant/domain-handler.d.ts.map +1 -1
- package/dist/lib/tenant/domain-handler.js +50 -62
- package/dist/lib/tenant/domain-handler.js.map +1 -1
- package/dist/lib/tenant/domain-validator.d.ts +1 -1
- package/dist/lib/tenant/domain-validator.js +10 -13
- package/dist/lib/tenant/domain-validator.js.map +1 -1
- package/dist/lib/tenant/domain-verifier.d.ts +3 -3
- package/dist/lib/tenant/domain-verifier.js +8 -11
- package/dist/lib/tenant/domain-verifier.js.map +1 -1
- package/dist/lib/tenant/idp-handler.d.ts +4 -4
- package/dist/lib/tenant/idp-handler.d.ts.map +1 -1
- package/dist/lib/tenant/idp-handler.js +45 -82
- package/dist/lib/tenant/idp-handler.js.map +1 -1
- package/dist/lib/tenant/idp-name.js +1 -4
- package/dist/lib/tenant/idp-name.js.map +1 -1
- package/dist/lib/tenant/member-handler.d.ts +2 -2
- package/dist/lib/tenant/member-handler.d.ts.map +1 -1
- package/dist/lib/tenant/member-handler.js +30 -67
- package/dist/lib/tenant/member-handler.js.map +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts +1 -1
- package/dist/lib/tenant/reserved-slugs.d.ts.map +1 -1
- package/dist/lib/tenant/reserved-slugs.js +8 -14
- package/dist/lib/tenant/reserved-slugs.js.map +1 -1
- package/dist/lib/tenant/resolve-role.js +1 -4
- package/dist/lib/tenant/resolve-role.js.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.d.ts +2 -2
- package/dist/lib/tenant/role-mapping-handler.d.ts.map +1 -1
- package/dist/lib/tenant/role-mapping-handler.js +24 -61
- package/dist/lib/tenant/role-mapping-handler.js.map +1 -1
- package/dist/lib/tenant/setup-status.d.ts +1 -1
- package/dist/lib/tenant/setup-status.d.ts.map +1 -1
- package/dist/lib/tenant/setup-status.js +3 -40
- package/dist/lib/tenant/setup-status.js.map +1 -1
- package/dist/lib/tenant/slug-validator.js +3 -6
- package/dist/lib/tenant/slug-validator.js.map +1 -1
- package/dist/lib/tenant/tenant-handler.d.ts +2 -2
- package/dist/lib/tenant/tenant-handler.d.ts.map +1 -1
- package/dist/lib/tenant/tenant-handler.js +31 -68
- package/dist/lib/tenant/tenant-handler.js.map +1 -1
- package/dist/lib/tenant/transfer-ownership.js +2 -6
- package/dist/lib/tenant/transfer-ownership.js.map +1 -1
- package/dist/lib/tenant-scope.d.ts +97 -0
- package/dist/lib/tenant-scope.d.ts.map +1 -0
- package/dist/lib/tenant-scope.js +270 -0
- package/dist/lib/tenant-scope.js.map +1 -0
- package/dist/lib/terminology.d.ts.map +1 -1
- package/dist/lib/terminology.js +7 -9
- package/dist/lib/terminology.js.map +1 -1
- package/dist/lib/theme.js +2 -6
- package/dist/lib/theme.js.map +1 -1
- package/dist/lib/threat-intel-service.d.ts +2 -2
- package/dist/lib/threat-intel-service.d.ts.map +1 -1
- package/dist/lib/threat-intel-service.js +3 -7
- package/dist/lib/threat-intel-service.js.map +1 -1
- package/dist/lib/types/media-reconciliation.js +1 -2
- package/dist/lib/types/media-reconciliation.js.map +1 -1
- package/dist/lib/upload-session-handler.d.ts +1 -1
- package/dist/lib/upload-session-handler.d.ts.map +1 -1
- package/dist/lib/upload-session-handler.js +13 -50
- package/dist/lib/upload-session-handler.js.map +1 -1
- package/dist/lib/user/derive-handle.d.ts +22 -0
- package/dist/lib/user/derive-handle.d.ts.map +1 -1
- package/dist/lib/user/derive-handle.js +18 -6
- package/dist/lib/user/derive-handle.js.map +1 -1
- package/dist/lib/user-badge.js +6 -14
- package/dist/lib/user-badge.js.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.d.ts +2 -2
- package/dist/lib/user-deletion-handler-enhanced.d.ts.map +1 -1
- package/dist/lib/user-deletion-handler-enhanced.js +16 -53
- package/dist/lib/user-deletion-handler-enhanced.js.map +1 -1
- package/dist/lib/user-deprovisioning.d.ts +1 -1
- package/dist/lib/user-deprovisioning.d.ts.map +1 -1
- package/dist/lib/user-deprovisioning.js +16 -20
- package/dist/lib/user-deprovisioning.js.map +1 -1
- package/dist/lib/user-export-handler.d.ts +4 -4
- package/dist/lib/user-export-handler.d.ts.map +1 -1
- package/dist/lib/user-export-handler.js +11 -15
- package/dist/lib/user-export-handler.js.map +1 -1
- package/dist/lib/validate-request.js +8 -13
- package/dist/lib/validate-request.js.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.d.ts +130 -249
- package/dist/lib/validation/feature-toggle-schemas.d.ts.map +1 -1
- package/dist/lib/validation/feature-toggle-schemas.js +50 -59
- package/dist/lib/validation/feature-toggle-schemas.js.map +1 -1
- package/dist/lib/validation/validate-request.d.ts.map +1 -1
- package/dist/lib/validation/validate-request.js +12 -23
- package/dist/lib/validation/validate-request.js.map +1 -1
- package/dist/lib/validation.js +1 -5
- package/dist/lib/validation.js.map +1 -1
- package/dist/lib/version.js +3 -8
- package/dist/lib/version.js.map +1 -1
- package/dist/server.d.ts +1 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +29 -69
- package/dist/server.js.map +1 -1
- package/dist/types/cloudflare-compat.d.ts +3 -93
- package/dist/types/cloudflare-compat.d.ts.map +1 -1
- package/dist/types/cloudflare-compat.js +1 -2
- package/dist/types/cloudflare-compat.js.map +1 -1
- package/dist/worker.d.ts +6 -6
- package/dist/worker.d.ts.map +1 -1
- package/dist/worker.js +6 -13
- package/dist/worker.js.map +1 -1
- package/package.json +28 -15
- package/prisma/migrations/20260602054730_add_entity_geo_and_pending_schema/migration.sql +113 -0
- package/prisma/migrations/20260602162901_research_foundations/migration.sql +65 -0
- package/prisma/migrations/20260604130000_surveillance_phase0_enablers/migration.sql +107 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/migration.sql +23 -0
- package/prisma/migrations/20260604140000_fold_link_reports_into_reports/rollback.reference.sql +31 -0
- package/prisma/migrations/20260606000000_handle_canonical_identity/migration.sql +18 -0
- package/prisma/schema.prisma +426 -68
- package/src/lambda/cleanup-cron.ts +10 -7
- package/src/lambda/create-auth-challenge.ts +6 -3
- package/src/lambda/delete-account-worker.ts +17 -12
- package/src/lambda/diagnostics-proxy.ts +9 -6
- package/src/lambda/e2e-sweeper.ts +17 -23
- package/src/lambda/federation-outbox-worker.ts +4 -1
- package/src/lambda/followers-events-worker.ts +4 -1
- package/src/lambda/hourly-cron.ts +112 -20
- package/src/lambda/link-check-worker.ts +4 -1
- package/src/lambda/maintenance-cron.ts +24 -13
- package/src/lambda/media-processing-worker.ts +5 -2
- package/src/lambda/media-reconciliation-worker.ts +4 -1
- package/src/lambda/nightly-cron.ts +53 -54
- package/src/lambda/post-confirmation.ts +262 -76
- package/src/lambda/pre-token-generation.ts +39 -44
- package/src/lambda/verify-auth-challenge.ts +4 -1
- package/dist/lib/audit/emit.d.ts +0 -56
- package/dist/lib/audit/emit.d.ts.map +0 -1
- package/dist/lib/audit/emit.js +0 -124
- package/dist/lib/audit/emit.js.map +0 -1
- package/dist/lib/audit/event-types.d.ts +0 -36
- package/dist/lib/audit/event-types.d.ts.map +0 -1
- package/dist/lib/audit/event-types.js +0 -69
- package/dist/lib/audit/event-types.js.map +0 -1
- package/dist/lib/audit-logger.d.ts +0 -142
- package/dist/lib/audit-logger.d.ts.map +0 -1
- package/dist/lib/audit-logger.js +0 -326
- package/dist/lib/audit-logger.js.map +0 -1
- package/dist/lib/circuit-breaker.d.ts +0 -27
- package/dist/lib/circuit-breaker.d.ts.map +0 -1
- package/dist/lib/circuit-breaker.js +0 -63
- package/dist/lib/circuit-breaker.js.map +0 -1
- package/dist/lib/graph/dual-write-service.d.ts +0 -116
- package/dist/lib/graph/dual-write-service.d.ts.map +0 -1
- package/dist/lib/graph/dual-write-service.js +0 -332
- package/dist/lib/graph/dual-write-service.js.map +0 -1
- package/dist/lib/graph/dual-write.d.ts +0 -396
- package/dist/lib/graph/dual-write.d.ts.map +0 -1
- package/dist/lib/graph/dual-write.js +0 -53
- package/dist/lib/graph/dual-write.js.map +0 -1
- package/dist/lib/graph/graph-schema-init.d.ts +0 -31
- package/dist/lib/graph/graph-schema-init.d.ts.map +0 -1
- package/dist/lib/graph/graph-schema-init.js +0 -105
- package/dist/lib/graph/graph-schema-init.js.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.d.ts +0 -186
- package/dist/lib/graph/neo4j-graph-service.d.ts.map +0 -1
- package/dist/lib/graph/neo4j-graph-service.js +0 -1625
- package/dist/lib/graph/neo4j-graph-service.js.map +0 -1
- package/dist/lib/graph/reconciliation-service.d.ts +0 -113
- package/dist/lib/graph/reconciliation-service.d.ts.map +0 -1
- package/dist/lib/graph/reconciliation-service.js +0 -533
- package/dist/lib/graph/reconciliation-service.js.map +0 -1
- package/dist/lib/id-generator.d.ts +0 -29
- package/dist/lib/id-generator.d.ts.map +0 -1
- package/dist/lib/id-generator.js +0 -51
- package/dist/lib/id-generator.js.map +0 -1
- package/dist/lib/kv/dynamodb-kv.d.ts +0 -39
- package/dist/lib/kv/dynamodb-kv.d.ts.map +0 -1
- package/dist/lib/kv/dynamodb-kv.js +0 -239
- package/dist/lib/kv/dynamodb-kv.js.map +0 -1
- package/dist/lib/queue/sqs-queue.d.ts +0 -16
- package/dist/lib/queue/sqs-queue.d.ts.map +0 -1
- package/dist/lib/queue/sqs-queue.js +0 -39
- package/dist/lib/queue/sqs-queue.js.map +0 -1
- package/dist/lib/route-matcher.d.ts +0 -24
- package/dist/lib/route-matcher.d.ts.map +0 -1
- package/dist/lib/route-matcher.js +0 -96
- package/dist/lib/route-matcher.js.map +0 -1
- package/dist/lib/router.d.ts +0 -26
- package/dist/lib/router.d.ts.map +0 -1
- package/dist/lib/router.js +0 -90
- package/dist/lib/router.js.map +0 -1
- package/dist/lib/routes-all.d.ts +0 -9
- package/dist/lib/routes-all.d.ts.map +0 -1
- package/dist/lib/routes-all.js +0 -170
- package/dist/lib/routes-all.js.map +0 -1
- package/dist/lib/secret-resolver.d.ts +0 -88
- package/dist/lib/secret-resolver.d.ts.map +0 -1
- package/dist/lib/secret-resolver.js +0 -183
- package/dist/lib/secret-resolver.js.map +0 -1
- package/dist/lib/session-manager.d.ts.map +0 -1
- package/dist/lib/session-manager.js +0 -492
- package/dist/lib/session-manager.js.map +0 -1
- package/dist/lib/storage/s3-storage.d.ts +0 -29
- package/dist/lib/storage/s3-storage.d.ts.map +0 -1
- package/dist/lib/storage/s3-storage.js +0 -135
- package/dist/lib/storage/s3-storage.js.map +0 -1
- package/dist/lib/tenant-context.d.ts +0 -35
- package/dist/lib/tenant-context.d.ts.map +0 -1
- package/dist/lib/tenant-context.js +0 -54
- package/dist/lib/tenant-context.js.map +0 -1
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* Interactive agent-authorization page (T9b-d).
|
|
4
3
|
*
|
|
@@ -14,28 +13,23 @@
|
|
|
14
13
|
* and on success calls Cognito AdminInitiateAuth to mint tokens, seals
|
|
15
14
|
* them under the device_code, and writes the agent-session row.
|
|
16
15
|
*/
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
const rate_limit_1 = require("../rate-limit");
|
|
35
|
-
const secret_resolver_1 = require("../secret-resolver");
|
|
36
|
-
const security_headers_1 = require("../security-headers");
|
|
37
|
-
const session_manager_1 = require("../session-manager");
|
|
38
|
-
const errors_1 = require("./errors");
|
|
16
|
+
import { z } from "zod";
|
|
17
|
+
import { randomBytes, randomUUID } from "node:crypto";
|
|
18
|
+
import { createPrisma } from "../../db.js";
|
|
19
|
+
import { Capability } from "../auth/capabilities.js";
|
|
20
|
+
import { requireCapability } from "../auth/require.js";
|
|
21
|
+
import { approveDeviceAuth, hashUserCode, incrementFailedLookup, loadByDeviceCode, lookupDeviceCodeByUserCode, normaliseUserCode, USER_CODE_FAILURE_LIMIT, } from "../oauth/device-authorization.js";
|
|
22
|
+
import { TenantAuditEmitter } from "../audit-composer.js";
|
|
23
|
+
import { AuditEventType } from "../audit-actions.js";
|
|
24
|
+
import { CognitoIdentityProviderClient } from "@aws-sdk/client-cognito-identity-provider";
|
|
25
|
+
import { AwsCognitoIssuer, } from "../oauth/cognito-issuer.js";
|
|
26
|
+
import { recordAgentSession, } from "../oauth/refresh-detection.js";
|
|
27
|
+
import { corsMiddleware, csrfMiddleware } from "../middleware.js";
|
|
28
|
+
import { trustedClientIp } from "../net/trusted-client-ip.js";
|
|
29
|
+
import { RateLimiter } from "../rate-limit.js";
|
|
30
|
+
import { SecurityHeaders } from "../security-headers.js";
|
|
31
|
+
import { SessionManager } from "../session-cookie.js";
|
|
32
|
+
import { structuredError } from "./errors.js";
|
|
39
33
|
/** Per-IP ceiling on approvals (G4 CRITICAL-3). */
|
|
40
34
|
const APPROVE_RATE_LIMIT = 5;
|
|
41
35
|
const APPROVE_RATE_WINDOW_SECONDS = 60;
|
|
@@ -51,31 +45,31 @@ const APPROVE_GLOBAL_WINDOW_SECONDS = 60;
|
|
|
51
45
|
const VERIFY_MISS_LIMIT = 30;
|
|
52
46
|
const VERIFY_MISS_WINDOW_SECONDS = 60;
|
|
53
47
|
const MFA_FRESHNESS_MS = 60 * 60 * 1000; // 1 hour
|
|
54
|
-
const ApproveSchema =
|
|
48
|
+
const ApproveSchema = z
|
|
55
49
|
.object({
|
|
56
|
-
user_code:
|
|
50
|
+
user_code: z.string().min(4).max(32),
|
|
57
51
|
})
|
|
58
52
|
.strict();
|
|
59
53
|
/** Module-level deps; tests can override. */
|
|
60
54
|
let deps = {};
|
|
61
|
-
function _setAgentAuthorizeDepsForTest(d) {
|
|
55
|
+
export function _setAgentAuthorizeDepsForTest(d) {
|
|
62
56
|
deps = d;
|
|
63
57
|
}
|
|
64
|
-
function _resetAgentAuthorizeDepsForTest() {
|
|
58
|
+
export function _resetAgentAuthorizeDepsForTest() {
|
|
65
59
|
deps = {};
|
|
66
60
|
}
|
|
67
61
|
function getIssuer() {
|
|
68
62
|
if (deps.issuer)
|
|
69
63
|
return deps.issuer;
|
|
70
|
-
return new
|
|
64
|
+
return new AwsCognitoIssuer(new CognitoIdentityProviderClient({
|
|
71
65
|
region: process.env.COGNITO_REGION || process.env.AWS_REGION || "us-east-1",
|
|
72
66
|
}));
|
|
73
67
|
}
|
|
74
68
|
function getAudit() {
|
|
75
|
-
return deps.auditEmitter ?? new
|
|
69
|
+
return deps.auditEmitter ?? new TenantAuditEmitter();
|
|
76
70
|
}
|
|
77
71
|
function getRateLimiter() {
|
|
78
|
-
return deps.rateLimiter ?? new
|
|
72
|
+
return deps.rateLimiter ?? new RateLimiter();
|
|
79
73
|
}
|
|
80
74
|
function htmlResponse(body, status = 200) {
|
|
81
75
|
return new Response(body, {
|
|
@@ -88,7 +82,7 @@ function htmlResponse(body, status = 200) {
|
|
|
88
82
|
});
|
|
89
83
|
}
|
|
90
84
|
function jsonError(env, body, status) {
|
|
91
|
-
const sec = new
|
|
85
|
+
const sec = new SecurityHeaders(env);
|
|
92
86
|
return sec.createSecureResponse(JSON.stringify(body), {
|
|
93
87
|
status,
|
|
94
88
|
headers: { "content-type": "application/json", "cache-control": "no-store" },
|
|
@@ -139,7 +133,7 @@ function renderApprovalPage(input) {
|
|
|
139
133
|
<p>Source IP: <span class="code">${escape(input.sourceIp)}</span></p>
|
|
140
134
|
<div class="caveat">
|
|
141
135
|
The agent name above is supplied by the agent and is not verified by
|
|
142
|
-
|
|
136
|
+
Trellis. Verify with the person who initiated this flow before
|
|
143
137
|
approving.
|
|
144
138
|
</div>
|
|
145
139
|
<p>Code:
|
|
@@ -161,7 +155,7 @@ async function buildAuthContext(session, env) {
|
|
|
161
155
|
if (!session.userId)
|
|
162
156
|
return null;
|
|
163
157
|
// We need tenantRole. Look up via Prisma.
|
|
164
|
-
const prisma =
|
|
158
|
+
const prisma = createPrisma(env);
|
|
165
159
|
const memberWithTenant = await prisma.tenantMember.findFirst({
|
|
166
160
|
where: { userId: session.userId, status: "ACTIVE" },
|
|
167
161
|
orderBy: { joinedAt: "asc" },
|
|
@@ -194,7 +188,7 @@ async function buildAuthContext(session, env) {
|
|
|
194
188
|
membershipsLoader: async () => [memberWithTenant],
|
|
195
189
|
};
|
|
196
190
|
}
|
|
197
|
-
|
|
191
|
+
export const agentAuthorizeRoutes = [
|
|
198
192
|
{
|
|
199
193
|
path: "/agents/authorize",
|
|
200
194
|
method: "GET",
|
|
@@ -204,8 +198,8 @@ exports.agentAuthorizeRoutes = [
|
|
|
204
198
|
if (!rawUserCode) {
|
|
205
199
|
return htmlResponse("<p>Missing user_code parameter</p>", 400);
|
|
206
200
|
}
|
|
207
|
-
const sessionManager = new
|
|
208
|
-
const session = await sessionManager.getSession(request,
|
|
201
|
+
const sessionManager = new SessionManager();
|
|
202
|
+
const session = await sessionManager.getSession(request, env.SESSION_SECRET, env);
|
|
209
203
|
if (!session) {
|
|
210
204
|
const returnTo = encodeURIComponent(`/agents/authorize?user_code=${rawUserCode}`);
|
|
211
205
|
return new Response(null, {
|
|
@@ -218,7 +212,7 @@ exports.agentAuthorizeRoutes = [
|
|
|
218
212
|
if (!auth) {
|
|
219
213
|
return htmlResponse("<p>Active tenant membership required.</p>", 403);
|
|
220
214
|
}
|
|
221
|
-
const denied =
|
|
215
|
+
const denied = requireCapability(auth, Capability.ManageAgentSessions);
|
|
222
216
|
if (denied) {
|
|
223
217
|
return htmlResponse("<p>You are not permitted to approve agents for this tenant.</p>", 403);
|
|
224
218
|
}
|
|
@@ -234,9 +228,9 @@ exports.agentAuthorizeRoutes = [
|
|
|
234
228
|
// Resolve the user_code → device_code lookup. Don't reveal whether
|
|
235
229
|
// the code is valid in the page body to avoid easy brute-force —
|
|
236
230
|
// but we can still tell the user the page renders.
|
|
237
|
-
const userCode =
|
|
238
|
-
const deviceCode = await
|
|
239
|
-
const record = deviceCode ? await
|
|
231
|
+
const userCode = normaliseUserCode(rawUserCode);
|
|
232
|
+
const deviceCode = await lookupDeviceCodeByUserCode(userCode);
|
|
233
|
+
const record = deviceCode ? await loadByDeviceCode(deviceCode) : null;
|
|
240
234
|
// MEDIUM-2: charge a miss against the per-IP miss bucket whenever
|
|
241
235
|
// the user_code did not resolve. Combined with the global ceiling
|
|
242
236
|
// above, a single source cannot enumerate user_codes by spamming
|
|
@@ -255,12 +249,12 @@ exports.agentAuthorizeRoutes = [
|
|
|
255
249
|
return htmlResponse(renderApprovalPage({
|
|
256
250
|
userCode: rawUserCode,
|
|
257
251
|
agentLabel: record?.agentLabel,
|
|
258
|
-
sourceIp:
|
|
252
|
+
sourceIp: trustedClientIp(request, env),
|
|
259
253
|
mfaRequired: !mfaFresh,
|
|
260
254
|
csrfToken: session.csrfToken,
|
|
261
255
|
}));
|
|
262
256
|
},
|
|
263
|
-
middleware: [
|
|
257
|
+
middleware: [corsMiddleware()],
|
|
264
258
|
description: "Render the agent-approval page",
|
|
265
259
|
},
|
|
266
260
|
{
|
|
@@ -278,10 +272,10 @@ exports.agentAuthorizeRoutes = [
|
|
|
278
272
|
const limited = await rl.applyRateLimitKV(env, request, "/agents/authorize/approve", APPROVE_RATE_LIMIT, APPROVE_RATE_WINDOW_SECONDS);
|
|
279
273
|
if (limited)
|
|
280
274
|
return limited;
|
|
281
|
-
const sessionManager = new
|
|
282
|
-
const session = await sessionManager.getSession(request,
|
|
275
|
+
const sessionManager = new SessionManager();
|
|
276
|
+
const session = await sessionManager.getSession(request, env.SESSION_SECRET, env);
|
|
283
277
|
if (!session) {
|
|
284
|
-
return
|
|
278
|
+
return structuredError(401, {
|
|
285
279
|
error: "UNAUTHORIZED",
|
|
286
280
|
message: "Authentication required.",
|
|
287
281
|
remediation: "Sign in at /auth/login and retry.",
|
|
@@ -294,7 +288,7 @@ exports.agentAuthorizeRoutes = [
|
|
|
294
288
|
typeof session.mfaVerifiedAt === "number" &&
|
|
295
289
|
Math.abs(Date.now() - session.mfaVerifiedAt) < MFA_FRESHNESS_MS;
|
|
296
290
|
if (!mfaFresh) {
|
|
297
|
-
return
|
|
291
|
+
return structuredError(401, {
|
|
298
292
|
error: "MFA_REQUIRED",
|
|
299
293
|
message: "Step up with a fresh MFA verification before approving an agent.",
|
|
300
294
|
remediation: "POST /api/mfa/verify with a TOTP code, then retry this approval.",
|
|
@@ -302,13 +296,13 @@ exports.agentAuthorizeRoutes = [
|
|
|
302
296
|
}
|
|
303
297
|
const auth = await buildAuthContext(session, env);
|
|
304
298
|
if (!auth) {
|
|
305
|
-
return
|
|
299
|
+
return structuredError(401, {
|
|
306
300
|
error: "UNAUTHORIZED",
|
|
307
301
|
message: "Authentication required.",
|
|
308
302
|
remediation: "Sign in at /auth/login with an active tenant membership and retry.",
|
|
309
303
|
});
|
|
310
304
|
}
|
|
311
|
-
const denied =
|
|
305
|
+
const denied = requireCapability(auth, Capability.ManageAgentSessions);
|
|
312
306
|
if (denied)
|
|
313
307
|
return denied;
|
|
314
308
|
// Read form / json body.
|
|
@@ -322,7 +316,7 @@ exports.agentAuthorizeRoutes = [
|
|
|
322
316
|
body = (await request.json());
|
|
323
317
|
}
|
|
324
318
|
else {
|
|
325
|
-
return
|
|
319
|
+
return structuredError(400, {
|
|
326
320
|
error: "INVALID_REQUEST",
|
|
327
321
|
message: "Request body must be form-encoded or JSON.",
|
|
328
322
|
remediation: "Set Content-Type to application/x-www-form-urlencoded or application/json.",
|
|
@@ -330,15 +324,15 @@ exports.agentAuthorizeRoutes = [
|
|
|
330
324
|
}
|
|
331
325
|
const parsed = ApproveSchema.safeParse(body);
|
|
332
326
|
if (!parsed.success) {
|
|
333
|
-
return
|
|
327
|
+
return structuredError(400, {
|
|
334
328
|
error: "INVALID_REQUEST",
|
|
335
329
|
message: "user_code is required.",
|
|
336
330
|
remediation: "Include the user_code displayed on the agent device.",
|
|
337
331
|
field: "user_code",
|
|
338
332
|
});
|
|
339
333
|
}
|
|
340
|
-
const userCode =
|
|
341
|
-
const deviceCode = await
|
|
334
|
+
const userCode = normaliseUserCode(parsed.data.user_code);
|
|
335
|
+
const deviceCode = await lookupDeviceCodeByUserCode(userCode);
|
|
342
336
|
if (!deviceCode) {
|
|
343
337
|
// MEDIUM-2: charge the per-IP miss bucket on every unresolved
|
|
344
338
|
// user_code so enumeration is bounded even when the device-code
|
|
@@ -346,19 +340,19 @@ exports.agentAuthorizeRoutes = [
|
|
|
346
340
|
await rl
|
|
347
341
|
.applyRateLimitKV(env, request, "/agents/authorize:miss", VERIFY_MISS_LIMIT, VERIFY_MISS_WINDOW_SECONDS)
|
|
348
342
|
.catch(() => null);
|
|
349
|
-
return
|
|
343
|
+
return structuredError(404, {
|
|
350
344
|
error: "INVALID_USER_CODE",
|
|
351
345
|
message: "User code not found or expired.",
|
|
352
346
|
remediation: "Verify the code displayed on the agent device and try again.",
|
|
353
347
|
field: "user_code",
|
|
354
348
|
});
|
|
355
349
|
}
|
|
356
|
-
const record = await
|
|
350
|
+
const record = await loadByDeviceCode(deviceCode);
|
|
357
351
|
if (!record) {
|
|
358
352
|
await rl
|
|
359
353
|
.applyRateLimitKV(env, request, "/agents/authorize:miss", VERIFY_MISS_LIMIT, VERIFY_MISS_WINDOW_SECONDS)
|
|
360
354
|
.catch(() => null);
|
|
361
|
-
return
|
|
355
|
+
return structuredError(404, {
|
|
362
356
|
error: "INVALID_USER_CODE",
|
|
363
357
|
message: "User code not found or expired.",
|
|
364
358
|
remediation: "Verify the code displayed on the agent device and try again.",
|
|
@@ -366,25 +360,25 @@ exports.agentAuthorizeRoutes = [
|
|
|
366
360
|
});
|
|
367
361
|
}
|
|
368
362
|
// Verify the supplied user_code actually matches the record's hash.
|
|
369
|
-
const expected =
|
|
363
|
+
const expected = hashUserCode(userCode);
|
|
370
364
|
if (expected !== record.userCodeHash) {
|
|
371
|
-
const after = await
|
|
372
|
-
if (after >=
|
|
373
|
-
return
|
|
365
|
+
const after = await incrementFailedLookup(deviceCode);
|
|
366
|
+
if (after >= USER_CODE_FAILURE_LIMIT) {
|
|
367
|
+
return structuredError(410, {
|
|
374
368
|
error: "DEVICE_CODE_LOCKED",
|
|
375
369
|
message: "Too many failed attempts. This device code has been locked.",
|
|
376
370
|
remediation: "Restart the agent authorization flow to get a new code.",
|
|
377
371
|
});
|
|
378
372
|
}
|
|
379
|
-
return
|
|
373
|
+
return structuredError(404, {
|
|
380
374
|
error: "INVALID_USER_CODE",
|
|
381
375
|
message: "User code not found or expired.",
|
|
382
376
|
remediation: "Verify the code displayed on the agent device and try again.",
|
|
383
377
|
field: "user_code",
|
|
384
378
|
});
|
|
385
379
|
}
|
|
386
|
-
if (record.failedLookups >=
|
|
387
|
-
return
|
|
380
|
+
if (record.failedLookups >= USER_CODE_FAILURE_LIMIT) {
|
|
381
|
+
return structuredError(410, {
|
|
388
382
|
error: "DEVICE_CODE_LOCKED",
|
|
389
383
|
message: "Too many failed attempts. This device code has been locked.",
|
|
390
384
|
remediation: "Restart the agent authorization flow to get a new code.",
|
|
@@ -399,7 +393,7 @@ exports.agentAuthorizeRoutes = [
|
|
|
399
393
|
// input to AdminInitiateAuth(REFRESH_TOKEN_AUTH).
|
|
400
394
|
const refreshToken = session.refreshToken;
|
|
401
395
|
if (!refreshToken) {
|
|
402
|
-
return
|
|
396
|
+
return structuredError(400, {
|
|
403
397
|
error: "SESSION_MISSING_REFRESH_TOKEN",
|
|
404
398
|
message: "This session has no Cognito refresh token.",
|
|
405
399
|
remediation: "Sign in via the agent client and retry.",
|
|
@@ -412,12 +406,12 @@ exports.agentAuthorizeRoutes = [
|
|
|
412
406
|
username: auth.cognitoSub,
|
|
413
407
|
refreshToken,
|
|
414
408
|
});
|
|
415
|
-
const sessionId = `s_${
|
|
409
|
+
const sessionId = `s_${randomBytes(16).toString("base64url")}`;
|
|
416
410
|
// Naive jti extraction from the new refresh token — Cognito refresh
|
|
417
411
|
// tokens are opaque, so we derive a jti from the token bytes via
|
|
418
412
|
// a stable hash.
|
|
419
|
-
const initialJti = `j_${
|
|
420
|
-
await
|
|
413
|
+
const initialJti = `j_${randomBytes(16).toString("base64url")}`;
|
|
414
|
+
await approveDeviceAuth({
|
|
421
415
|
deviceCode,
|
|
422
416
|
approvedByUserId: auth.userId,
|
|
423
417
|
cognitoSub: auth.cognitoSub,
|
|
@@ -425,7 +419,7 @@ exports.agentAuthorizeRoutes = [
|
|
|
425
419
|
tokens,
|
|
426
420
|
sessionId,
|
|
427
421
|
});
|
|
428
|
-
const requestIp =
|
|
422
|
+
const requestIp = trustedClientIp(request, env);
|
|
429
423
|
const sessionRow = {
|
|
430
424
|
sessionId,
|
|
431
425
|
userId: auth.userId,
|
|
@@ -438,17 +432,17 @@ exports.agentAuthorizeRoutes = [
|
|
|
438
432
|
createdAt: Math.floor(Date.now() / 1000),
|
|
439
433
|
lastUsedAt: Math.floor(Date.now() / 1000),
|
|
440
434
|
};
|
|
441
|
-
await
|
|
435
|
+
await recordAgentSession({ session: sessionRow, initialJti });
|
|
442
436
|
// Audit: agent session approved.
|
|
443
437
|
try {
|
|
444
438
|
const audit = getAudit();
|
|
445
|
-
const prisma =
|
|
439
|
+
const prisma = createPrisma(env);
|
|
446
440
|
// MEDIUM-6: do not include a hash of the device_code in the audit
|
|
447
441
|
// payload — it can be replayed against a stolen device_code as a
|
|
448
442
|
// confirmation oracle. Use agentSessionId as the correlator and
|
|
449
443
|
// generate a fresh UUID for any further cross-event linking.
|
|
450
444
|
await audit.emit({
|
|
451
|
-
type:
|
|
445
|
+
type: AuditEventType.AUTH_AGENT_SESSION_APPROVED,
|
|
452
446
|
tenantId: auth.activeTenantId,
|
|
453
447
|
actorUserId: auth.userId,
|
|
454
448
|
payload: {
|
|
@@ -456,23 +450,23 @@ exports.agentAuthorizeRoutes = [
|
|
|
456
450
|
// G4 N1: cap raw User-Agent in the audit payload to match
|
|
457
451
|
// the 256-byte agent-label cap applied at oauth.ts:36.
|
|
458
452
|
userAgent: (request.headers.get("user-agent") ?? "(unknown)").slice(0, 256),
|
|
459
|
-
correlationId:
|
|
453
|
+
correlationId: randomUUID(),
|
|
460
454
|
},
|
|
461
455
|
sourceIp: requestIp,
|
|
462
456
|
agentSessionId: sessionId,
|
|
463
457
|
}, prisma);
|
|
464
458
|
}
|
|
465
459
|
catch {
|
|
466
|
-
// Audit failures don't block approval — the
|
|
460
|
+
// Audit failures don't block approval — the TenantAuditEmitter
|
|
467
461
|
// logs an audit-fallback line itself.
|
|
468
462
|
}
|
|
469
|
-
const sec = new
|
|
463
|
+
const sec = new SecurityHeaders(env);
|
|
470
464
|
return sec.createSecureResponse(JSON.stringify({ status: "approved" }), {
|
|
471
465
|
status: 200,
|
|
472
466
|
headers: { "content-type": "application/json", "cache-control": "no-store" },
|
|
473
467
|
});
|
|
474
468
|
},
|
|
475
|
-
middleware: [
|
|
469
|
+
middleware: [corsMiddleware(), csrfMiddleware()],
|
|
476
470
|
description: "Approve a pending agent session",
|
|
477
471
|
},
|
|
478
472
|
];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-authorize.js","sourceRoot":"","sources":["../../../src/lib/routes/agent-authorize.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;GAcG;;;AAuEH,sEAEC;AAED,0EAEC;AA3ED,6BAAwB;AACxB,6CAAsD;AACtD,iCAAwC;AACxC,uDAAkD;AAClD,6CAAoD;AAEpD,wEAQuC;AACvC,wCAAkD;AAClD,sDAAsD;AACtD,gGAA0F;AAC1F,4DAGiC;AACjC,kEAGoC;AACpC,8CAA+D;AAC/D,gEAA2D;AAC3D,8CAA4C;AAC5C,wDAA6C;AAC7C,0DAAsD;AACtD,wDAAkE;AAClE,qCAA2C;AAG3C,mDAAmD;AACnD,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAC7B,MAAM,2BAA2B,GAAG,EAAE,CAAC;AACvC;;;;;GAKG;AACH,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACjC,MAAM,6BAA6B,GAAG,EAAE,CAAC;AACzC,8EAA8E;AAC9E,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAC7B,MAAM,0BAA0B,GAAG,EAAE,CAAC;AACtC,MAAM,gBAAgB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;AAElD,MAAM,aAAa,GAAG,OAAC;KACpB,MAAM,CAAC;IACN,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;CACrC,CAAC;KACD,MAAM,EAAE,CAAC;AAWZ,6CAA6C;AAC7C,IAAI,IAAI,GAAuB,EAAE,CAAC;AAElC,SAAgB,6BAA6B,CAAC,CAAqB;IACjE,IAAI,GAAG,CAAC,CAAC;AACX,CAAC;AAED,SAAgB,+BAA+B;IAC7C,IAAI,GAAG,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,SAAS;IAChB,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC,MAAM,CAAC;IACpC,OAAO,IAAI,iCAAgB,CACzB,IAAI,gEAA6B,CAAC;QAChC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;KAC5E,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ;IACf,OAAO,IAAI,CAAC,YAAY,IAAI,IAAI,wBAAiB,EAAE,CAAC;AACtD,CAAC;AAED,SAAS,cAAc;IACrB,OAAO,IAAI,CAAC,WAAW,IAAI,IAAI,wBAAW,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,MAAM,GAAG,GAAG;IAC9C,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;QACxB,MAAM;QACN,OAAO,EAAE;YACP,cAAc,EAAE,0BAA0B;YAC1C,eAAe,EAAE,UAAU;YAC3B,wBAAwB,EAAE,SAAS;SACpC;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,SAAS,CAAC,GAAY,EAAE,IAAa,EAAE,MAAc;IAC5D,MAAM,GAAG,GAAG,IAAI,kCAAe,CAAC,GAAY,CAAC,CAAC;IAC9C,OAAO,GAAG,CAAC,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACpD,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,UAAU,EAAE;KAC7E,CAAC,CAAC;AACL,CAAC;AAED,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,KAAK;SACT,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,kBAAkB,CAAC,KAM3B;IACC,MAAM,OAAO,GAAG,KAAK,CAAC,WAAW;QAC/B,CAAC,CAAC,uCAAuC;QACzC,CAAC,CAAC,uBAAuB,CAAC;IAE5B,MAAM,SAAS,GAAG,KAAK,CAAC,WAAW;QACjC,CAAC,CAAC;;kCAE4B;QAC9B,CAAC,CAAC,EAAE,CAAC;IAEP,mEAAmE;IACnE,sEAAsE;IACtE,yEAAyE;IACzE,OAAO;;;;;;;;;;;;;;;;;;QAkBD,MAAM,CAAC,OAAO,CAAC;;8BAEO,MAAM,CAAC,KAAK,CAAC,UAAU,IAAI,kBAAkB,CAAC;;qCAEvC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;;;;;;;0BAOjC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;IAC5C,SAAS;;mDAEsC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;MACnE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,iDAAiD,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;2BAChF,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE;;;QAGvD,CAAC;AACT,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,OAAgB,EAChB,GAAY;IAEZ,wEAAwE;IACxE,sEAAsE;IACtE,wEAAwE;IACxE,2CAA2C;IAC3C,IAAI,CAAC,OAAO,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACjC,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,iBAAY,EAAC,GAAY,CAAC,CAAC;IAC1C,MAAM,gBAAgB,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC;QAC3D,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;QACnD,OAAO,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;QAC5B,OAAO,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;KAC1B,CAAC,CAAC;IACH,IAAI,CAAC,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAEnC,wEAAwE;IACxE,wEAAwE;IACxE,sEAAsE;IACtE,kEAAkE;IAClE,mEAAmE;IACnE,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QAC3C,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE;QAC7B,MAAM,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;KAC7B,CAAC,CAAC;IACH,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qEAAqE;IACrE,MAAM,UAAU,GAAI,OAAO,CAAC,IAAkC,IAAI,UAAU,CAAC;IAE7E,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,UAAU;QACV,cAAc,EAAE,gBAAgB,CAAC,QAAQ;QACzC,UAAU,EAAE,gBAAgB,CAAC,MAAM,CAAC,IAAI;QACxC,UAAU,EAAE,gBAAgB,CAAC,IAAI;QACjC,MAAM,EAAE,OAAO,CAAC,KAAK;QACrB,iBAAiB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,gBAAyB,CAAC;KAC3D,CAAC;AACJ,CAAC;AAEY,QAAA,oBAAoB,GAAY;IAC3C;QACE,IAAI,EAAE,mBAAmB;QACzB,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;YAC9B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,YAAY,CAAC,oCAAoC,EAAE,GAAG,CAAC,CAAC;YACjE,CAAC;YAED,MAAM,cAAc,GAAG,IAAI,gCAAc,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,UAAU,CAC7C,OAAO,EACP,yBAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAC7B,GAAG,CACJ,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,QAAQ,GAAG,kBAAkB,CAAC,+BAA+B,WAAW,EAAE,CAAC,CAAC;gBAClF,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;oBACxB,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,QAAQ,EAAE,sBAAsB,QAAQ,EAAE,EAAE;iBACxD,CAAC,CAAC;YACL,CAAC;YAED,kCAAkC;YAClC,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAClD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,YAAY,CAAC,2CAA2C,EAAE,GAAG,CAAC,CAAC;YACxE,CAAC;YACD,MAAM,MAAM,GAAG,IAAA,2BAAiB,EAAC,IAAI,EAAE,yBAAU,CAAC,mBAAmB,CAAC,CAAC;YACvE,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,YAAY,CAAC,iEAAiE,EAAE,GAAG,CAAC,CAAC;YAC9F,CAAC;YAED,iEAAiE;YACjE,iEAAiE;YACjE,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;YAC5B,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC7C,GAAG,EACH,OAAO,EACP,0BAA0B,EAC1B,oBAAoB,EACpB,6BAA6B;YAC7B,iEAAiE;YACjE,+CAA+C;YAC/C,SAAS,EACT,SAAS,EACT,QAAQ,CACT,CAAC;YACF,IAAI,aAAa;gBAAE,OAAO,aAAa,CAAC;YAExC,mEAAmE;YACnE,iEAAiE;YACjE,mDAAmD;YACnD,MAAM,QAAQ,GAAG,IAAA,wCAAiB,EAAC,WAAW,CAAC,CAAC;YAChD,MAAM,UAAU,GAAG,MAAM,IAAA,iDAA0B,EAAC,QAAQ,CAAC,CAAC;YAC9D,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,MAAM,IAAA,uCAAgB,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAEtE,kEAAkE;YAClE,kEAAkE;YAClE,iEAAiE;YACjE,4CAA4C;YAC5C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,EAAE;qBACL,gBAAgB,CACf,GAAG,EACH,OAAO,EACP,wBAAwB,EACxB,iBAAiB,EACjB,0BAA0B,CAC3B;qBACA,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;YAED,mEAAmE;YACnE,oEAAoE;YACpE,sDAAsD;YACtD,MAAM,QAAQ,GACZ,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;gBAC5B,OAAO,OAAO,CAAC,aAAa,KAAK,QAAQ;gBACzC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,GAAG,gBAAgB,CAAC;YAElE,OAAO,YAAY,CACjB,kBAAkB,CAAC;gBACjB,QAAQ,EAAE,WAAW;gBACrB,UAAU,EAAE,MAAM,EAAE,UAAU;gBAC9B,QAAQ,EAAE,IAAA,mCAAe,EAAC,OAAO,EAAE,GAAG,CAAC;gBACvC,WAAW,EAAE,CAAC,QAAQ;gBACtB,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B,CAAC,CACH,CAAC;QACJ,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,CAAC;QAC9B,WAAW,EAAE,gCAAgC;KAC9C;IAED;QACE,IAAI,EAAE,2BAA2B;QACjC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;YAC9B,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;YAE5B,gEAAgE;YAChE,gEAAgE;YAChE,4CAA4C;YAC5C,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC7C,GAAG,EACH,OAAO,EACP,kCAAkC,EAClC,oBAAoB,EACpB,6BAA6B,EAC7B,SAAS,EACT,SAAS,EACT,QAAQ,CACT,CAAC;YACF,IAAI,aAAa;gBAAE,OAAO,aAAa,CAAC;YAExC,6CAA6C;YAC7C,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACvC,GAAG,EACH,OAAO,EACP,2BAA2B,EAC3B,kBAAkB,EAClB,2BAA2B,CAC5B,CAAC;YACF,IAAI,OAAO;gBAAE,OAAO,OAAO,CAAC;YAE5B,MAAM,cAAc,GAAG,IAAI,gCAAc,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,UAAU,CAC7C,OAAO,EACP,yBAAO,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAC7B,GAAG,CACJ,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,cAAc;oBACrB,OAAO,EAAE,0BAA0B;oBACnC,WAAW,EAAE,mCAAmC;iBACjD,CAAC,CAAC;YACL,CAAC;YAED,+DAA+D;YAC/D,8DAA8D;YAC9D,sCAAsC;YACtC,MAAM,QAAQ,GACZ,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;gBAC5B,OAAO,OAAO,CAAC,aAAa,KAAK,QAAQ;gBACzC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,GAAG,gBAAgB,CAAC;YAClE,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,cAAc;oBACrB,OAAO,EAAE,kEAAkE;oBAC3E,WAAW,EAAE,kEAAkE;iBAChF,CAAC,CAAC;YACL,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAClD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,cAAc;oBACrB,OAAO,EAAE,0BAA0B;oBACnC,WAAW,EAAE,oEAAoE;iBAClF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,MAAM,GAAG,IAAA,2BAAiB,EAAC,IAAI,EAAE,yBAAU,CAAC,mBAAmB,CAAC,CAAC;YACvE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAC;YAE1B,yBAAyB;YACzB,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YACrD,IAAI,IAA4B,CAAC;YACjC,IAAI,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC,EAAE,CAAC;gBACrD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;gBAClC,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACjE,CAAC;iBAAM,IAAI,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC3C,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAA2B,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,4CAA4C;oBACrD,WAAW,EAAE,4EAA4E;iBAC1F,CAAC,CAAC;YACL,CAAC;YAED,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,wBAAwB;oBACjC,WAAW,EAAE,sDAAsD;oBACnE,KAAK,EAAE,WAAW;iBACnB,CAAC,CAAC;YACL,CAAC;YAED,MAAM,QAAQ,GAAG,IAAA,wCAAiB,EAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC1D,MAAM,UAAU,GAAG,MAAM,IAAA,iDAA0B,EAAC,QAAQ,CAAC,CAAC;YAC9D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,8DAA8D;gBAC9D,gEAAgE;gBAChE,6DAA6D;gBAC7D,MAAM,EAAE;qBACL,gBAAgB,CACf,GAAG,EACH,OAAO,EACP,wBAAwB,EACxB,iBAAiB,EACjB,0BAA0B,CAC3B;qBACA,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;gBACrB,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,mBAAmB;oBAC1B,OAAO,EAAE,iCAAiC;oBAC1C,WAAW,EAAE,8DAA8D;oBAC3E,KAAK,EAAE,WAAW;iBACnB,CAAC,CAAC;YACL,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAgB,EAAC,UAAU,CAAC,CAAC;YAClD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,EAAE;qBACL,gBAAgB,CACf,GAAG,EACH,OAAO,EACP,wBAAwB,EACxB,iBAAiB,EACjB,0BAA0B,CAC3B;qBACA,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;gBACrB,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,mBAAmB;oBAC1B,OAAO,EAAE,iCAAiC;oBAC1C,WAAW,EAAE,8DAA8D;oBAC3E,KAAK,EAAE,WAAW;iBACnB,CAAC,CAAC;YACL,CAAC;YAED,oEAAoE;YACpE,MAAM,QAAQ,GAAG,IAAA,mCAAY,EAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,QAAQ,KAAK,MAAM,CAAC,YAAY,EAAE,CAAC;gBACrC,MAAM,KAAK,GAAG,MAAM,IAAA,4CAAqB,EAAC,UAAU,CAAC,CAAC;gBACtD,IAAI,KAAK,IAAI,8CAAuB,EAAE,CAAC;oBACrC,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;wBAC1B,KAAK,EAAE,oBAAoB;wBAC3B,OAAO,EAAE,6DAA6D;wBACtE,WAAW,EAAE,yDAAyD;qBACvE,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,mBAAmB;oBAC1B,OAAO,EAAE,iCAAiC;oBAC1C,WAAW,EAAE,8DAA8D;oBAC3E,KAAK,EAAE,WAAW;iBACnB,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAM,CAAC,aAAa,IAAI,8CAAuB,EAAE,CAAC;gBACpD,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,oBAAoB;oBAC3B,OAAO,EAAE,6DAA6D;oBACtE,WAAW,EAAE,yDAAyD;iBACvE,CAAC,CAAC;YACL,CAAC;YAED,MAAM,UAAU,GAAG,GAAG,CAAC,oBAAoB,CAAC;YAC5C,MAAM,aAAa,GAAG,GAAG,CAAC,uBAAuB,CAAC;YAClD,IAAI,CAAC,UAAU,IAAI,CAAC,aAAa,EAAE,CAAC;gBAClC,OAAO,SAAS,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE,GAAG,CAAC,CAAC;YAC1D,CAAC;YAED,mEAAmE;YACnE,kDAAkD;YAClD,MAAM,YAAY,GAAI,OAA+C,CAAC,YAAY,CAAC;YACnF,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,OAAO,IAAA,wBAAe,EAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,+BAA+B;oBACtC,OAAO,EAAE,4CAA4C;oBACrD,WAAW,EAAE,yCAAyC;iBACvD,CAAC,CAAC;YACL,CAAC;YAED,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC;gBACxC,UAAU;gBACV,QAAQ,EAAE,aAAa;gBACvB,QAAQ,EAAE,IAAI,CAAC,UAAU;gBACzB,YAAY;aACb,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,KAAK,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/D,oEAAoE;YACpE,iEAAiE;YACjE,iBAAiB;YACjB,MAAM,UAAU,GAAG,KAAK,IAAA,yBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAEhE,MAAM,IAAA,wCAAiB,EAAC;gBACtB,UAAU;gBACV,gBAAgB,EAAE,IAAI,CAAC,MAAM;gBAC7B,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,QAAQ,EAAE,IAAI,CAAC,cAAc;gBAC7B,MAAM;gBACN,SAAS;aACV,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,IAAA,mCAAe,EAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,MAAM,UAAU,GAAuB;gBACrC,SAAS;gBACT,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,QAAQ,EAAE,IAAI,CAAC,cAAc;gBAC7B,UAAU,EAAE,UAAU;gBACtB,MAAM,EAAE,QAAQ;gBAChB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,QAAQ,EAAE,SAAS;gBACnB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;gBACxC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aAC1C,CAAC;YACF,MAAM,IAAA,sCAAkB,EAAC,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;YAE9D,iCAAiC;YACjC,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,IAAA,iBAAY,EAAC,GAAY,CAAC,CAAC;gBAC1C,kEAAkE;gBAClE,iEAAiE;gBACjE,gEAAgE;gBAChE,6DAA6D;gBAC7D,MAAM,KAAK,CAAC,IAAI,CACd;oBACE,IAAI,EAAE,4BAAc,CAAC,2BAA2B;oBAChD,QAAQ,EAAE,IAAI,CAAC,cAAc;oBAC7B,WAAW,EAAE,IAAI,CAAC,MAAM;oBACxB,OAAO,EAAE;wBACP,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,WAAW;wBAC5C,0DAA0D;wBAC1D,uDAAuD;wBACvD,SAAS,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAC3E,aAAa,EAAE,IAAA,wBAAU,GAAE;qBAC5B;oBACD,QAAQ,EAAE,SAAS;oBACnB,cAAc,EAAE,SAAS;iBAC1B,EACD,MAAe,CAChB,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,8DAA8D;gBAC9D,sCAAsC;YACxC,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,kCAAe,CAAC,GAAY,CAAC,CAAC;YAC9C,OAAO,GAAG,CAAC,oBAAoB,CAC7B,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,EACtC;gBACE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,UAAU,EAAE;aAC7E,CACF,CAAC;QACJ,CAAC;QACD,UAAU,EAAE,CAAC,IAAA,2BAAc,GAAE,EAAE,IAAA,2BAAc,GAAE,CAAC;QAChD,WAAW,EAAE,iCAAiC;KAC/C;CACF,CAAC"}
|
|
1
|
+
{"version":3,"file":"agent-authorize.js","sourceRoot":"","sources":["../../../src/lib/routes/agent-authorize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAEvD,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,qBAAqB,EACrB,gBAAgB,EAChB,0BAA0B,EAC1B,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,6BAA6B,EAAE,MAAM,2CAA2C,CAAC;AAC1F,OAAO,EACL,gBAAgB,GAEjB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,kBAAkB,GAEnB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAgB,MAAM,sBAAsB,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG9C,mDAAmD;AACnD,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAC7B,MAAM,2BAA2B,GAAG,EAAE,CAAC;AACvC;;;;;GAKG;AACH,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACjC,MAAM,6BAA6B,GAAG,EAAE,CAAC;AACzC,8EAA8E;AAC9E,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAC7B,MAAM,0BAA0B,GAAG,EAAE,CAAC;AACtC,MAAM,gBAAgB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;AAElD,MAAM,aAAa,GAAG,CAAC;KACpB,MAAM,CAAC;IACN,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;CACrC,CAAC;KACD,MAAM,EAAE,CAAC;AAWZ,6CAA6C;AAC7C,IAAI,IAAI,GAAuB,EAAE,CAAC;AAElC,MAAM,UAAU,6BAA6B,CAAC,CAAqB;IACjE,IAAI,GAAG,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,+BAA+B;IAC7C,IAAI,GAAG,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,SAAS;IAChB,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC,MAAM,CAAC;IACpC,OAAO,IAAI,gBAAgB,CACzB,IAAI,6BAA6B,CAAC;QAChC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW;KAC5E,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ;IACf,OAAO,IAAI,CAAC,YAAY,IAAI,IAAI,kBAAkB,EAAE,CAAC;AACvD,CAAC;AAED,SAAS,cAAc;IACrB,OAAO,IAAI,CAAC,WAAW,IAAI,IAAI,WAAW,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,MAAM,GAAG,GAAG;IAC9C,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;QACxB,MAAM;QACN,OAAO,EAAE;YACP,cAAc,EAAE,0BAA0B;YAC1C,eAAe,EAAE,UAAU;YAC3B,wBAAwB,EAAE,SAAS;SACpC;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,SAAS,CAAC,GAAY,EAAE,IAAa,EAAE,MAAc;IAC5D,MAAM,GAAG,GAAG,IAAI,eAAe,CAAC,GAAY,CAAC,CAAC;IAC9C,OAAO,GAAG,CAAC,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACpD,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,UAAU,EAAE;KAC7E,CAAC,CAAC;AACL,CAAC;AAED,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,KAAK;SACT,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,kBAAkB,CAAC,KAM3B;IACC,MAAM,OAAO,GAAG,KAAK,CAAC,WAAW;QAC/B,CAAC,CAAC,uCAAuC;QACzC,CAAC,CAAC,uBAAuB,CAAC;IAE5B,MAAM,SAAS,GAAG,KAAK,CAAC,WAAW;QACjC,CAAC,CAAC;;kCAE4B;QAC9B,CAAC,CAAC,EAAE,CAAC;IAEP,mEAAmE;IACnE,sEAAsE;IACtE,yEAAyE;IACzE,OAAO;;;;;;;;;;;;;;;;;;QAkBD,MAAM,CAAC,OAAO,CAAC;;8BAEO,MAAM,CAAC,KAAK,CAAC,UAAU,IAAI,kBAAkB,CAAC;;qCAEvC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;;;;;;;0BAOjC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;IAC5C,SAAS;;mDAEsC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;MACnE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,iDAAiD,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;2BAChF,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE;;;QAGvD,CAAC;AACT,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,OAAgB,EAChB,GAAY;IAEZ,wEAAwE;IACxE,sEAAsE;IACtE,wEAAwE;IACxE,2CAA2C;IAC3C,IAAI,CAAC,OAAO,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACjC,0CAA0C;IAC1C,MAAM,MAAM,GAAG,YAAY,CAAC,GAAY,CAAC,CAAC;IAC1C,MAAM,gBAAgB,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC;QAC3D,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;QACnD,OAAO,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;QAC5B,OAAO,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;KAC1B,CAAC,CAAC;IACH,IAAI,CAAC,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAEnC,wEAAwE;IACxE,wEAAwE;IACxE,sEAAsE;IACtE,kEAAkE;IAClE,mEAAmE;IACnE,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QAC3C,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,MAAM,EAAE;QAC7B,MAAM,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;KAC7B,CAAC,CAAC;IACH,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qEAAqE;IACrE,MAAM,UAAU,GAAI,OAAO,CAAC,IAAkC,IAAI,UAAU,CAAC;IAE7E,OAAO;QACL,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,UAAU;QACV,cAAc,EAAE,gBAAgB,CAAC,QAAQ;QACzC,UAAU,EAAE,gBAAgB,CAAC,MAAM,CAAC,IAAI;QACxC,UAAU,EAAE,gBAAgB,CAAC,IAAI;QACjC,MAAM,EAAE,OAAO,CAAC,KAAK;QACrB,iBAAiB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,gBAAyB,CAAC;KAC3D,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAY;IAC3C;QACE,IAAI,EAAE,mBAAmB;QACzB,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;YAC9B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,YAAY,CAAC,oCAAoC,EAAE,GAAG,CAAC,CAAC;YACjE,CAAC;YAED,MAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,UAAU,CAC7C,OAAO,EACP,GAAG,CAAC,cAAc,EAClB,GAAG,CACJ,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,QAAQ,GAAG,kBAAkB,CAAC,+BAA+B,WAAW,EAAE,CAAC,CAAC;gBAClF,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;oBACxB,MAAM,EAAE,GAAG;oBACX,OAAO,EAAE,EAAE,QAAQ,EAAE,sBAAsB,QAAQ,EAAE,EAAE;iBACxD,CAAC,CAAC;YACL,CAAC;YAED,kCAAkC;YAClC,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAClD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,YAAY,CAAC,2CAA2C,EAAE,GAAG,CAAC,CAAC;YACxE,CAAC;YACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,EAAE,UAAU,CAAC,mBAAmB,CAAC,CAAC;YACvE,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,YAAY,CAAC,iEAAiE,EAAE,GAAG,CAAC,CAAC;YAC9F,CAAC;YAED,iEAAiE;YACjE,iEAAiE;YACjE,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;YAC5B,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC7C,GAAG,EACH,OAAO,EACP,0BAA0B,EAC1B,oBAAoB,EACpB,6BAA6B;YAC7B,iEAAiE;YACjE,+CAA+C;YAC/C,SAAS,EACT,SAAS,EACT,QAAQ,CACT,CAAC;YACF,IAAI,aAAa;gBAAE,OAAO,aAAa,CAAC;YAExC,mEAAmE;YACnE,iEAAiE;YACjE,mDAAmD;YACnD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,WAAW,CAAC,CAAC;YAChD,MAAM,UAAU,GAAG,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC;YAC9D,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,MAAM,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAEtE,kEAAkE;YAClE,kEAAkE;YAClE,iEAAiE;YACjE,4CAA4C;YAC5C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,EAAE;qBACL,gBAAgB,CACf,GAAG,EACH,OAAO,EACP,wBAAwB,EACxB,iBAAiB,EACjB,0BAA0B,CAC3B;qBACA,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;YACvB,CAAC;YAED,mEAAmE;YACnE,oEAAoE;YACpE,sDAAsD;YACtD,MAAM,QAAQ,GACZ,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;gBAC5B,OAAO,OAAO,CAAC,aAAa,KAAK,QAAQ;gBACzC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,GAAG,gBAAgB,CAAC;YAElE,OAAO,YAAY,CACjB,kBAAkB,CAAC;gBACjB,QAAQ,EAAE,WAAW;gBACrB,UAAU,EAAE,MAAM,EAAE,UAAU;gBAC9B,QAAQ,EAAE,eAAe,CAAC,OAAO,EAAE,GAAG,CAAC;gBACvC,WAAW,EAAE,CAAC,QAAQ;gBACtB,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B,CAAC,CACH,CAAC;QACJ,CAAC;QACD,UAAU,EAAE,CAAC,cAAc,EAAE,CAAC;QAC9B,WAAW,EAAE,gCAAgC;KAC9C;IAED;QACE,IAAI,EAAE,2BAA2B;QACjC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;YAC9B,MAAM,EAAE,GAAG,cAAc,EAAE,CAAC;YAE5B,gEAAgE;YAChE,gEAAgE;YAChE,4CAA4C;YAC5C,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,gBAAgB,CAC7C,GAAG,EACH,OAAO,EACP,kCAAkC,EAClC,oBAAoB,EACpB,6BAA6B,EAC7B,SAAS,EACT,SAAS,EACT,QAAQ,CACT,CAAC;YACF,IAAI,aAAa;gBAAE,OAAO,aAAa,CAAC;YAExC,6CAA6C;YAC7C,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,gBAAgB,CACvC,GAAG,EACH,OAAO,EACP,2BAA2B,EAC3B,kBAAkB,EAClB,2BAA2B,CAC5B,CAAC;YACF,IAAI,OAAO;gBAAE,OAAO,OAAO,CAAC;YAE5B,MAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,UAAU,CAC7C,OAAO,EACP,GAAG,CAAC,cAAc,EAClB,GAAG,CACJ,CAAC;YACF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,cAAc;oBACrB,OAAO,EAAE,0BAA0B;oBACnC,WAAW,EAAE,mCAAmC;iBACjD,CAAC,CAAC;YACL,CAAC;YAED,+DAA+D;YAC/D,8DAA8D;YAC9D,sCAAsC;YACtC,MAAM,QAAQ,GACZ,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;gBAC5B,OAAO,OAAO,CAAC,aAAa,KAAK,QAAQ;gBACzC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,GAAG,gBAAgB,CAAC;YAClE,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,cAAc;oBACrB,OAAO,EAAE,kEAAkE;oBAC3E,WAAW,EAAE,kEAAkE;iBAChF,CAAC,CAAC;YACL,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAClD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,cAAc;oBACrB,OAAO,EAAE,0BAA0B;oBACnC,WAAW,EAAE,oEAAoE;iBAClF,CAAC,CAAC;YACL,CAAC;YACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,EAAE,UAAU,CAAC,mBAAmB,CAAC,CAAC;YACvE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAC;YAE1B,yBAAyB;YACzB,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YACrD,IAAI,IAA4B,CAAC;YACjC,IAAI,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC,EAAE,CAAC;gBACrD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;gBAClC,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACjE,CAAC;iBAAM,IAAI,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC3C,IAAI,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAA2B,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,4CAA4C;oBACrD,WAAW,EAAE,4EAA4E;iBAC1F,CAAC,CAAC;YACL,CAAC;YAED,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,wBAAwB;oBACjC,WAAW,EAAE,sDAAsD;oBACnE,KAAK,EAAE,WAAW;iBACnB,CAAC,CAAC;YACL,CAAC;YAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC1D,MAAM,UAAU,GAAG,MAAM,0BAA0B,CAAC,QAAQ,CAAC,CAAC;YAC9D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,8DAA8D;gBAC9D,gEAAgE;gBAChE,6DAA6D;gBAC7D,MAAM,EAAE;qBACL,gBAAgB,CACf,GAAG,EACH,OAAO,EACP,wBAAwB,EACxB,iBAAiB,EACjB,0BAA0B,CAC3B;qBACA,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;gBACrB,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,mBAAmB;oBAC1B,OAAO,EAAE,iCAAiC;oBAC1C,WAAW,EAAE,8DAA8D;oBAC3E,KAAK,EAAE,WAAW;iBACnB,CAAC,CAAC;YACL,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,UAAU,CAAC,CAAC;YAClD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,EAAE;qBACL,gBAAgB,CACf,GAAG,EACH,OAAO,EACP,wBAAwB,EACxB,iBAAiB,EACjB,0BAA0B,CAC3B;qBACA,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;gBACrB,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,mBAAmB;oBAC1B,OAAO,EAAE,iCAAiC;oBAC1C,WAAW,EAAE,8DAA8D;oBAC3E,KAAK,EAAE,WAAW;iBACnB,CAAC,CAAC;YACL,CAAC;YAED,oEAAoE;YACpE,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAI,QAAQ,KAAK,MAAM,CAAC,YAAY,EAAE,CAAC;gBACrC,MAAM,KAAK,GAAG,MAAM,qBAAqB,CAAC,UAAU,CAAC,CAAC;gBACtD,IAAI,KAAK,IAAI,uBAAuB,EAAE,CAAC;oBACrC,OAAO,eAAe,CAAC,GAAG,EAAE;wBAC1B,KAAK,EAAE,oBAAoB;wBAC3B,OAAO,EAAE,6DAA6D;wBACtE,WAAW,EAAE,yDAAyD;qBACvE,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,mBAAmB;oBAC1B,OAAO,EAAE,iCAAiC;oBAC1C,WAAW,EAAE,8DAA8D;oBAC3E,KAAK,EAAE,WAAW;iBACnB,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAM,CAAC,aAAa,IAAI,uBAAuB,EAAE,CAAC;gBACpD,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,oBAAoB;oBAC3B,OAAO,EAAE,6DAA6D;oBACtE,WAAW,EAAE,yDAAyD;iBACvE,CAAC,CAAC;YACL,CAAC;YAED,MAAM,UAAU,GAAG,GAAG,CAAC,oBAAoB,CAAC;YAC5C,MAAM,aAAa,GAAG,GAAG,CAAC,uBAAuB,CAAC;YAClD,IAAI,CAAC,UAAU,IAAI,CAAC,aAAa,EAAE,CAAC;gBAClC,OAAO,SAAS,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE,GAAG,CAAC,CAAC;YAC1D,CAAC;YAED,mEAAmE;YACnE,kDAAkD;YAClD,MAAM,YAAY,GAAI,OAA+C,CAAC,YAAY,CAAC;YACnF,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,+BAA+B;oBACtC,OAAO,EAAE,4CAA4C;oBACrD,WAAW,EAAE,yCAAyC;iBACvD,CAAC,CAAC;YACL,CAAC;YAED,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC;gBACxC,UAAU;gBACV,QAAQ,EAAE,aAAa;gBACvB,QAAQ,EAAE,IAAI,CAAC,UAAU;gBACzB,YAAY;aACb,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,KAAK,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/D,oEAAoE;YACpE,iEAAiE;YACjE,iBAAiB;YACjB,MAAM,UAAU,GAAG,KAAK,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAEhE,MAAM,iBAAiB,CAAC;gBACtB,UAAU;gBACV,gBAAgB,EAAE,IAAI,CAAC,MAAM;gBAC7B,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,QAAQ,EAAE,IAAI,CAAC,cAAc;gBAC7B,MAAM;gBACN,SAAS;aACV,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,MAAM,UAAU,GAAuB;gBACrC,SAAS;gBACT,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,QAAQ,EAAE,IAAI,CAAC,cAAc;gBAC7B,UAAU,EAAE,UAAU;gBACtB,MAAM,EAAE,QAAQ;gBAChB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,QAAQ,EAAE,SAAS;gBACnB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;gBACxC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aAC1C,CAAC;YACF,MAAM,kBAAkB,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;YAE9D,iCAAiC;YACjC,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,YAAY,CAAC,GAAY,CAAC,CAAC;gBAC1C,kEAAkE;gBAClE,iEAAiE;gBACjE,gEAAgE;gBAChE,6DAA6D;gBAC7D,MAAM,KAAK,CAAC,IAAI,CACd;oBACE,IAAI,EAAE,cAAc,CAAC,2BAA2B;oBAChD,QAAQ,EAAE,IAAI,CAAC,cAAc;oBAC7B,WAAW,EAAE,IAAI,CAAC,MAAM;oBACxB,OAAO,EAAE;wBACP,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,WAAW;wBAC5C,0DAA0D;wBAC1D,uDAAuD;wBACvD,SAAS,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,WAAW,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAC3E,aAAa,EAAE,UAAU,EAAE;qBAC5B;oBACD,QAAQ,EAAE,SAAS;oBACnB,cAAc,EAAE,SAAS;iBAC1B,EACD,MAAe,CAChB,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,+DAA+D;gBAC/D,sCAAsC;YACxC,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,eAAe,CAAC,GAAY,CAAC,CAAC;YAC9C,OAAO,GAAG,CAAC,oBAAoB,CAC7B,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,EACtC;gBACE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,UAAU,EAAE;aAC7E,CACF,CAAC;QACJ,CAAC;QACD,UAAU,EAAE,CAAC,cAAc,EAAE,EAAE,cAAc,EAAE,CAAC;QAChD,WAAW,EAAE,iCAAiC;KAC/C;CACF,CAAC"}
|
|
@@ -6,12 +6,12 @@
|
|
|
6
6
|
*
|
|
7
7
|
* Backed by the AGENT_REFRESH_TABLE rows written by the device-auth flow.
|
|
8
8
|
*/
|
|
9
|
-
import { type CognitoRevoker } from "../oauth/refresh-detection";
|
|
10
|
-
import {
|
|
11
|
-
import type { Route } from "./types";
|
|
9
|
+
import { type CognitoRevoker } from "../oauth/refresh-detection.js";
|
|
10
|
+
import { TenantAuditEmitter } from "../audit-composer.js";
|
|
11
|
+
import type { Route } from "./types.js";
|
|
12
12
|
interface AgentSessionDeps {
|
|
13
13
|
cognito?: CognitoRevoker;
|
|
14
|
-
auditEmitter?:
|
|
14
|
+
auditEmitter?: TenantAuditEmitter;
|
|
15
15
|
}
|
|
16
16
|
export declare function _setAgentSessionDepsForTest(d: AgentSessionDeps): void;
|
|
17
17
|
export declare function _resetAgentSessionDepsForTest(): void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-sessions.d.ts","sourceRoot":"","sources":["../../../src/lib/routes/agent-sessions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAKL,KAAK,cAAc,EACpB,MAAM,
|
|
1
|
+
{"version":3,"file":"agent-sessions.d.ts","sourceRoot":"","sources":["../../../src/lib/routes/agent-sessions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAKL,KAAK,cAAc,EACpB,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAU1D,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAExC,UAAU,gBAAgB;IACxB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,YAAY,CAAC,EAAE,kBAAkB,CAAC;CACnC;AAID,wBAAgB,2BAA2B,CAAC,CAAC,EAAE,gBAAgB,GAAG,IAAI,CAErE;AAED,wBAAgB,6BAA6B,IAAI,IAAI,CAEpD;AAmCD,eAAO,MAAM,mBAAmB,EAAE,KAAK,EAgFtC,CAAC"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* User-facing agent session management (T9b-d).
|
|
4
3
|
*
|
|
@@ -7,34 +6,30 @@
|
|
|
7
6
|
*
|
|
8
7
|
* Backed by the AGENT_REFRESH_TABLE rows written by the device-auth flow.
|
|
9
8
|
*/
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
const middleware_1 = require("../middleware");
|
|
20
|
-
const trusted_client_ip_1 = require("../net/trusted-client-ip");
|
|
21
|
-
const security_headers_1 = require("../security-headers");
|
|
22
|
-
const errors_1 = require("./errors");
|
|
9
|
+
import { getAgentSession, listAgentSessions, revokeAgentSession, } from "../oauth/refresh-detection.js";
|
|
10
|
+
import { authMiddleware } from "../auth/auth-middleware.js";
|
|
11
|
+
import { TenantAuditEmitter } from "../audit-composer.js";
|
|
12
|
+
import { AdminUserGlobalSignOutCommand, CognitoIdentityProviderClient, } from "@aws-sdk/client-cognito-identity-provider";
|
|
13
|
+
import { createPrisma } from "../../db.js";
|
|
14
|
+
import { corsMiddleware, csrfMiddleware } from "../middleware.js";
|
|
15
|
+
import { trustedClientIp } from "../net/trusted-client-ip.js";
|
|
16
|
+
import { SecurityHeaders } from "../security-headers.js";
|
|
17
|
+
import { structuredError, unauthorizedError } from "./errors.js";
|
|
23
18
|
let deps = {};
|
|
24
|
-
function _setAgentSessionDepsForTest(d) {
|
|
19
|
+
export function _setAgentSessionDepsForTest(d) {
|
|
25
20
|
deps = d;
|
|
26
21
|
}
|
|
27
|
-
function _resetAgentSessionDepsForTest() {
|
|
22
|
+
export function _resetAgentSessionDepsForTest() {
|
|
28
23
|
deps = {};
|
|
29
24
|
}
|
|
30
25
|
function getCognito() {
|
|
31
26
|
if (deps.cognito)
|
|
32
27
|
return deps.cognito;
|
|
33
28
|
const region = process.env.COGNITO_REGION || process.env.AWS_REGION || "us-east-1";
|
|
34
|
-
const client = new
|
|
29
|
+
const client = new CognitoIdentityProviderClient({ region });
|
|
35
30
|
return {
|
|
36
31
|
async globalSignOut(input) {
|
|
37
|
-
await client.send(new
|
|
32
|
+
await client.send(new AdminUserGlobalSignOutCommand({
|
|
38
33
|
UserPoolId: input.userPoolId,
|
|
39
34
|
Username: input.cognitoUsername,
|
|
40
35
|
}));
|
|
@@ -42,7 +37,7 @@ function getCognito() {
|
|
|
42
37
|
};
|
|
43
38
|
}
|
|
44
39
|
function getAudit() {
|
|
45
|
-
return deps.auditEmitter ?? new
|
|
40
|
+
return deps.auditEmitter ?? new TenantAuditEmitter();
|
|
46
41
|
}
|
|
47
42
|
function publicShape(rec) {
|
|
48
43
|
return {
|
|
@@ -55,41 +50,41 @@ function publicShape(rec) {
|
|
|
55
50
|
};
|
|
56
51
|
}
|
|
57
52
|
const REVOKE_RE = /^\/api\/users\/me\/agent-sessions\/([^/]+)\/revoke$/;
|
|
58
|
-
|
|
53
|
+
export const agentSessionsRoutes = [
|
|
59
54
|
{
|
|
60
55
|
path: "/api/users/me/agent-sessions",
|
|
61
56
|
method: "GET",
|
|
62
57
|
handler: async (request, env) => {
|
|
63
|
-
const sec = new
|
|
64
|
-
const auth = await
|
|
58
|
+
const sec = new SecurityHeaders(env);
|
|
59
|
+
const auth = await authMiddleware(request, env);
|
|
65
60
|
if (!auth)
|
|
66
|
-
return
|
|
67
|
-
const sessions = await
|
|
61
|
+
return unauthorizedError(sec);
|
|
62
|
+
const sessions = await listAgentSessions(auth.userId);
|
|
68
63
|
return sec.createSecureResponse(JSON.stringify({ sessions: sessions.map(publicShape) }), { status: 200, headers: { "content-type": "application/json" } });
|
|
69
64
|
},
|
|
70
|
-
middleware: [
|
|
65
|
+
middleware: [corsMiddleware()],
|
|
71
66
|
description: "List active agent sessions for the current user",
|
|
72
67
|
},
|
|
73
68
|
{
|
|
74
69
|
path: REVOKE_RE,
|
|
75
70
|
method: "POST",
|
|
76
71
|
handler: async (request, env, { pathname }) => {
|
|
77
|
-
const sec = new
|
|
78
|
-
const auth = await
|
|
72
|
+
const sec = new SecurityHeaders(env);
|
|
73
|
+
const auth = await authMiddleware(request, env);
|
|
79
74
|
if (!auth)
|
|
80
|
-
return
|
|
75
|
+
return unauthorizedError(sec);
|
|
81
76
|
const sessionId = pathname.match(REVOKE_RE)?.[1];
|
|
82
77
|
if (!sessionId) {
|
|
83
|
-
return
|
|
78
|
+
return structuredError(400, {
|
|
84
79
|
error: "INVALID_REQUEST",
|
|
85
80
|
message: "Session ID is required.",
|
|
86
81
|
remediation: "Ensure the session ID is included in the URL path.",
|
|
87
82
|
}, sec);
|
|
88
83
|
}
|
|
89
|
-
const session = await
|
|
84
|
+
const session = await getAgentSession(sessionId);
|
|
90
85
|
if (!session || session.userId !== auth.userId) {
|
|
91
86
|
// 404 — don't reveal cross-user existence.
|
|
92
|
-
return
|
|
87
|
+
return structuredError(404, {
|
|
93
88
|
error: "NOT_FOUND",
|
|
94
89
|
message: "Agent session not found.",
|
|
95
90
|
remediation: "Verify the session ID and ensure it belongs to your account.",
|
|
@@ -102,8 +97,8 @@ exports.agentSessionsRoutes = [
|
|
|
102
97
|
const cognito = getCognito();
|
|
103
98
|
const audit = getAudit();
|
|
104
99
|
// Audit emitter wants a Prisma client — supply the standard shape.
|
|
105
|
-
const prisma =
|
|
106
|
-
await
|
|
100
|
+
const prisma = createPrisma(env);
|
|
101
|
+
await revokeAgentSession({
|
|
107
102
|
sessionId,
|
|
108
103
|
userPoolId,
|
|
109
104
|
cognitoUsername: session.cognitoSub,
|
|
@@ -113,11 +108,11 @@ exports.agentSessionsRoutes = [
|
|
|
113
108
|
},
|
|
114
109
|
tenantId: session.tenantId,
|
|
115
110
|
actorUserId: auth.userId,
|
|
116
|
-
sourceIp:
|
|
111
|
+
sourceIp: trustedClientIp(request, env),
|
|
117
112
|
});
|
|
118
113
|
return sec.createSecureResponse(JSON.stringify({ status: "revoked" }), { status: 200, headers: { "content-type": "application/json" } });
|
|
119
114
|
},
|
|
120
|
-
middleware: [
|
|
115
|
+
middleware: [corsMiddleware(), csrfMiddleware()],
|
|
121
116
|
description: "Revoke an agent session",
|
|
122
117
|
},
|
|
123
118
|
];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-sessions.js","sourceRoot":"","sources":["../../../src/lib/routes/agent-sessions.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"agent-sessions.js","sourceRoot":"","sources":["../../../src/lib/routes/agent-sessions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,kBAAkB,GAGnB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EACL,6BAA6B,EAC7B,6BAA6B,GAC9B,MAAM,2CAA2C,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAQjE,IAAI,IAAI,GAAqB,EAAE,CAAC;AAEhC,MAAM,UAAU,2BAA2B,CAAC,CAAmB;IAC7D,IAAI,GAAG,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,6BAA6B;IAC3C,IAAI,GAAG,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,UAAU;IACjB,IAAI,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC,OAAO,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,WAAW,CAAC;IACnF,MAAM,MAAM,GAAG,IAAI,6BAA6B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,OAAO;QACL,KAAK,CAAC,aAAa,CAAC,KAAK;YACvB,MAAM,MAAM,CAAC,IAAI,CACf,IAAI,6BAA6B,CAAC;gBAChC,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,QAAQ,EAAE,KAAK,CAAC,eAAe;aAChC,CAAC,CACH,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ;IACf,OAAO,IAAI,CAAC,YAAY,IAAI,IAAI,kBAAkB,EAAE,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,GAAuB;IAC1C,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,SAAS;QACjB,UAAU,EAAE,GAAG,CAAC,UAAU,IAAI,IAAI;QAClC,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;QAC9B,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;QACvD,UAAU,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;QACzD,MAAM,EAAE,GAAG,CAAC,MAAM;KACnB,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAAG,qDAAqD,CAAC;AAExE,MAAM,CAAC,MAAM,mBAAmB,GAAY;IAC1C;QACE,IAAI,EAAE,8BAA8B;QACpC,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;YAC9B,MAAM,GAAG,GAAG,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;YACrC,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;YAEzC,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtD,OAAO,GAAG,CAAC,oBAAoB,CAC7B,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,EACvD,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;QACJ,CAAC;QACD,UAAU,EAAE,CAAC,cAAc,EAAE,CAAC;QAC9B,WAAW,EAAE,iDAAiD;KAC/D;IAED;QACE,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC5C,MAAM,GAAG,GAAG,IAAI,eAAe,CAAC,GAAG,CAAC,CAAC;YACrC,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC;YAEzC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACjD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,yBAAyB;oBAClC,WAAW,EAAE,oDAAoD;iBAClE,EAAE,GAAG,CAAC,CAAC;YACV,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC/C,2CAA2C;gBAC3C,OAAO,eAAe,CAAC,GAAG,EAAE;oBAC1B,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,0BAA0B;oBACnC,WAAW,EAAE,8DAA8D;iBAC5E,EAAE,GAAG,CAAC,CAAC;YACV,CAAC;YAED,MAAM,UAAU,GAAG,GAAG,CAAC,oBAAoB,CAAC;YAC5C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,GAAG,CAAC,oBAAoB,CAC7B,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,EAC3C,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;YACzB,mEAAmE;YACnE,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;YAEjC,MAAM,kBAAkB,CAAC;gBACvB,SAAS;gBACT,UAAU;gBACV,eAAe,EAAE,OAAO,CAAC,UAAU;gBACnC,OAAO;gBACP,KAAK,EAAE;oBACL,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAc,EAAE,MAAe,CAAC;iBACnE;gBACD,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,WAAW,EAAE,IAAI,CAAC,MAAM;gBACxB,QAAQ,EAAE,eAAe,CAAC,OAAO,EAAE,GAAG,CAAC;aACxC,CAAC,CAAC;YAEH,OAAO,GAAG,CAAC,oBAAoB,CAC7B,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,EACrC,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;QACJ,CAAC;QACD,UAAU,EAAE,CAAC,cAAc,EAAE,EAAE,cAAc,EAAE,CAAC;QAChD,WAAW,EAAE,yBAAyB;KACvC;CACF,CAAC"}
|