@emulators/apple 0.3.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +43 -0
  2. package/dist/index.js.map +1 -1
  3. package/package.json +2 -2
package/README.md ADDED
@@ -0,0 +1,43 @@
1
+ # @emulators/apple
2
+
3
+ Sign in with Apple emulation with authorization code flow, PKCE support, RS256 ID tokens, and OIDC discovery.
4
+
5
+ Part of [emulate](https://github.com/vercel-labs/emulate) — local drop-in replacement services for CI and no-network sandboxes.
6
+
7
+ ## Install
8
+
9
+ ```bash
10
+ npm install @emulators/apple
11
+ ```
12
+
13
+ ## Endpoints
14
+
15
+ - `GET /.well-known/openid-configuration` — OIDC discovery document
16
+ - `GET /auth/keys` — JSON Web Key Set (JWKS)
17
+ - `GET /auth/authorize` — authorization endpoint (shows user picker)
18
+ - `POST /auth/token` — token exchange (authorization code and refresh token grants)
19
+ - `POST /auth/revoke` — token revocation
20
+
21
+ ## Auth
22
+
23
+ OIDC authorization code flow with RS256 ID tokens. On first auth per user/client pair, a `user` JSON blob is included.
24
+
25
+ ## Seed Configuration
26
+
27
+ ```yaml
28
+ apple:
29
+ users:
30
+ - email: testuser@icloud.com
31
+ name: Test User
32
+ oauth_clients:
33
+ - client_id: com.example.app
34
+ team_id: TEAM001
35
+ name: My Apple App
36
+ redirect_uris:
37
+ - http://localhost:3000/api/auth/callback/apple
38
+ ```
39
+
40
+ ## Links
41
+
42
+ - [Full documentation](https://emulate.dev/apple)
43
+ - [GitHub](https://github.com/vercel-labs/emulate)
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/store.ts","../src/helpers.ts","../src/routes/oauth.ts","../../core/src/store.ts","../../core/src/server.ts","../../core/src/webhooks.ts","../../core/src/middleware/error-handler.ts","../../core/src/middleware/auth.ts","../../core/src/debug.ts","../../core/src/fonts.ts","../../core/src/middleware/pagination.ts","../../core/src/ui.ts","../../core/src/oauth-helpers.ts","../src/index.ts"],"sourcesContent":["import { Store, type Collection } from \"@emulators/core\";\nimport type { AppleUser, AppleOAuthClient } from \"./entities.js\";\n\nexport interface AppleStore {\n users: Collection<AppleUser>;\n oauthClients: Collection<AppleOAuthClient>;\n}\n\nexport function getAppleStore(store: Store): AppleStore {\n return {\n users: store.collection<AppleUser>(\"apple.users\", [\"uid\", \"email\"]),\n oauthClients: store.collection<AppleOAuthClient>(\"apple.oauth_clients\", [\"client_id\"]),\n };\n}\n","import { randomBytes } from \"crypto\";\n\n/**\n * Generate a pairwise subject ID in Apple's format: \"XXXXXX.hex32.XXXX\"\n */\nexport function generateAppleUid(): string {\n const prefix = randomBytes(3).toString(\"hex\").toUpperCase();\n const middle = randomBytes(16).toString(\"hex\");\n const suffix = randomBytes(2).toString(\"hex\").toUpperCase();\n return `${prefix}.${middle}.${suffix}`;\n}\n\n/**\n * Generate a private relay email address.\n */\nexport function generatePrivateRelayEmail(): string {\n const id = randomBytes(12).toString(\"hex\");\n return `${id}@privaterelay.appleid.com`;\n}\n","import { randomBytes } from \"crypto\";\nimport { SignJWT, exportJWK, generateKeyPair } from \"jose\";\nimport type { RouteContext } from \"@emulators/core\";\nimport {\n escapeHtml,\n escapeAttr,\n renderCardPage,\n renderErrorPage,\n renderUserButton,\n matchesRedirectUri,\n bodyStr,\n debug,\n} from \"@emulators/core\";\nimport { getAppleStore } from \"../store.js\";\nimport type { AppleUser } from \"../entities.js\";\nimport type { Store } from \"@emulators/core\";\n\n// RSA key pair generated at module load for signing id_tokens\nconst keyPairPromise = generateKeyPair(\"RS256\");\nconst KID = \"emulate-apple-1\";\n\ntype PendingCode = {\n email: string;\n scope: string;\n redirectUri: string;\n clientId: string;\n nonce: string | null;\n responseMode: string;\n created_at: number;\n};\n\ntype StoredRefreshToken = {\n email: string;\n clientId: string;\n scope: string;\n nonce: string | null;\n};\n\nconst PENDING_CODE_TTL_MS = 5 * 60 * 1000;\n\nfunction getPendingCodes(store: Store): Map<string, PendingCode> {\n let map = store.getData<Map<string, PendingCode>>(\"apple.oauth.pendingCodes\");\n if (!map) {\n map = new Map();\n store.setData(\"apple.oauth.pendingCodes\", map);\n }\n return map;\n}\n\nfunction getRefreshTokens(store: Store): Map<string, StoredRefreshToken> {\n let map = store.getData<Map<string, StoredRefreshToken>>(\"apple.oauth.refreshTokens\");\n if (!map) {\n map = new Map();\n store.setData(\"apple.oauth.refreshTokens\", map);\n }\n return map;\n}\n\nfunction getFirstAuthTracker(store: Store): Set<string> {\n let set = store.getData<Set<string>>(\"apple.oauth.firstAuthTracker\");\n if (!set) {\n set = new Set();\n store.setData(\"apple.oauth.firstAuthTracker\", set);\n }\n return set;\n}\n\nfunction isPendingCodeExpired(p: PendingCode): boolean {\n return Date.now() - p.created_at > PENDING_CODE_TTL_MS;\n}\n\nconst SERVICE_LABEL = \"Apple\";\n\nasync function createIdToken(\n user: AppleUser,\n clientId: string,\n nonce: string | null,\n baseUrl: string,\n): Promise<string> {\n const { privateKey } = await keyPairPromise;\n\n const email = user.is_private_email && user.private_relay_email\n ? user.private_relay_email\n : user.email;\n\n const now = Math.floor(Date.now() / 1000);\n\n const builder = new SignJWT({\n sub: user.uid,\n email,\n email_verified: String(user.email_verified),\n is_private_email: String(user.is_private_email),\n real_user_status: user.real_user_status,\n nonce_supported: true,\n auth_time: now,\n ...(nonce ? { nonce } : {}),\n })\n .setProtectedHeader({ alg: \"RS256\", kid: KID, typ: \"JWT\" })\n .setIssuer(baseUrl)\n .setAudience(clientId)\n .setIssuedAt(now)\n .setExpirationTime(\"1h\");\n\n return builder.sign(privateKey);\n}\n\nexport function oauthRoutes({ app, store, baseUrl, tokenMap }: RouteContext): void {\n const as = getAppleStore(store);\n\n // ---------- OIDC Discovery ----------\n\n app.get(\"/.well-known/openid-configuration\", (c) => {\n return c.json({\n issuer: baseUrl,\n authorization_endpoint: `${baseUrl}/auth/authorize`,\n token_endpoint: `${baseUrl}/auth/token`,\n revocation_endpoint: `${baseUrl}/auth/revoke`,\n jwks_uri: `${baseUrl}/auth/keys`,\n response_types_supported: [\"code\"],\n response_modes_supported: [\"query\", \"fragment\", \"form_post\"],\n subject_types_supported: [\"pairwise\"],\n id_token_signing_alg_values_supported: [\"RS256\"],\n scopes_supported: [\"openid\", \"email\", \"name\"],\n token_endpoint_auth_methods_supported: [\"client_secret_post\"],\n claims_supported: [\n \"aud\", \"email\", \"email_verified\", \"exp\", \"iat\",\n \"is_private_email\", \"iss\", \"nonce\", \"nonce_supported\",\n \"real_user_status\", \"sub\", \"transfer_sub\",\n ],\n });\n });\n\n // ---------- JWKS ----------\n\n app.get(\"/auth/keys\", async (c) => {\n const { publicKey } = await keyPairPromise;\n const jwk = await exportJWK(publicKey);\n return c.json({\n keys: [{\n ...jwk,\n kid: KID,\n use: \"sig\",\n alg: \"RS256\",\n }],\n });\n });\n\n // ---------- Authorization page ----------\n\n app.get(\"/auth/authorize\", (c) => {\n const client_id = c.req.query(\"client_id\") ?? \"\";\n const redirect_uri = c.req.query(\"redirect_uri\") ?? \"\";\n const scope = c.req.query(\"scope\") ?? \"\";\n const state = c.req.query(\"state\") ?? \"\";\n const nonce = c.req.query(\"nonce\") ?? \"\";\n const response_mode = c.req.query(\"response_mode\") ?? \"query\";\n\n const clientsConfigured = as.oauthClients.all().length > 0;\n let clientName = \"\";\n if (clientsConfigured) {\n const client = as.oauthClients.findOneBy(\"client_id\", client_id);\n if (!client) {\n return c.html(\n renderErrorPage(\"Application not found\", `The client_id '${client_id}' is not registered.`, SERVICE_LABEL),\n 400,\n );\n }\n if (redirect_uri && !matchesRedirectUri(redirect_uri, client.redirect_uris)) {\n return c.html(\n renderErrorPage(\"Redirect URI mismatch\", \"The redirect_uri is not registered for this application.\", SERVICE_LABEL),\n 400,\n );\n }\n clientName = client.name;\n }\n\n const subtitleText = clientName\n ? `Sign in to <strong>${escapeHtml(clientName)}</strong> with your Apple ID.`\n : \"Choose a seeded user to continue.\";\n\n const users = as.users.all();\n const userButtons = users\n .map((user) => {\n return renderUserButton({\n letter: (user.email[0] ?? \"?\").toUpperCase(),\n login: user.email,\n name: user.name,\n email: user.email,\n formAction: \"/auth/authorize/callback\",\n hiddenFields: {\n email: user.email,\n redirect_uri,\n scope,\n state,\n nonce,\n client_id,\n response_mode,\n },\n });\n })\n .join(\"\\n\");\n\n const body = users.length === 0\n ? '<p class=\"empty\">No users in the emulator store.</p>'\n : userButtons;\n\n return c.html(renderCardPage(\"Sign in with Apple\", subtitleText, body, SERVICE_LABEL));\n });\n\n // ---------- Authorization callback ----------\n\n app.post(\"/auth/authorize/callback\", async (c) => {\n const body = await c.req.parseBody();\n const email = bodyStr(body.email);\n const redirect_uri = bodyStr(body.redirect_uri);\n const scope = bodyStr(body.scope);\n const state = bodyStr(body.state);\n const client_id = bodyStr(body.client_id);\n const nonce = bodyStr(body.nonce);\n const response_mode = bodyStr(body.response_mode) || \"query\";\n\n const code = randomBytes(20).toString(\"hex\");\n\n getPendingCodes(store).set(code, {\n email,\n scope,\n redirectUri: redirect_uri,\n clientId: client_id,\n nonce: nonce || null,\n responseMode: response_mode,\n created_at: Date.now(),\n });\n\n debug(\"apple.oauth\", `[Apple callback] code=${code.slice(0, 8)}... email=${email}`);\n\n // Track first authorization per user+client pair\n const tracker = getFirstAuthTracker(store);\n const pairKey = `${email}:${client_id}`;\n const isFirstAuth = !tracker.has(pairKey);\n if (isFirstAuth) {\n tracker.add(pairKey);\n }\n\n // Build user JSON blob (only on first auth)\n let userJson: string | undefined;\n if (isFirstAuth) {\n const user = as.users.findOneBy(\"email\", email as AppleUser[\"email\"]);\n if (user) {\n userJson = JSON.stringify({\n name: { firstName: user.given_name, lastName: user.family_name },\n email: user.email,\n });\n }\n }\n\n if (response_mode === \"form_post\") {\n // Return auto-submit form that POSTs to redirect_uri\n const html = `<!DOCTYPE html>\n<html>\n<head><title>Submit</title></head>\n<body onload=\"document.forms[0].submit()\">\n<form method=\"POST\" action=\"${escapeAttr(redirect_uri)}\">\n<input type=\"hidden\" name=\"code\" value=\"${escapeAttr(code)}\" />\n<input type=\"hidden\" name=\"state\" value=\"${escapeAttr(state)}\" />${userJson ? `\\n<input type=\"hidden\" name=\"user\" value=\"${escapeAttr(userJson)}\" />` : \"\"}\n</form>\n</body>\n</html>`;\n return c.html(html);\n }\n\n // Default: query mode redirect\n const url = new URL(redirect_uri);\n url.searchParams.set(\"code\", code);\n if (state) url.searchParams.set(\"state\", state);\n if (userJson) url.searchParams.set(\"user\", userJson);\n\n return c.redirect(url.toString(), 302);\n });\n\n // ---------- Token exchange ----------\n\n app.post(\"/auth/token\", async (c) => {\n const rawText = await c.req.text();\n const body = Object.fromEntries(new URLSearchParams(rawText));\n\n const grant_type = body.grant_type ?? \"\";\n const code = body.code ?? \"\";\n const client_id = body.client_id ?? \"\";\n const refresh_token = body.refresh_token ?? \"\";\n\n if (grant_type === \"authorization_code\") {\n const pendingMap = getPendingCodes(store);\n const pending = pendingMap.get(code);\n if (!pending) {\n return c.json({ error: \"invalid_grant\", error_description: \"The code is incorrect or expired.\" }, 400);\n }\n if (isPendingCodeExpired(pending)) {\n pendingMap.delete(code);\n return c.json({ error: \"invalid_grant\", error_description: \"The code is incorrect or expired.\" }, 400);\n }\n\n // Single-use: delete immediately\n pendingMap.delete(code);\n\n const user = as.users.findOneBy(\"email\", pending.email as AppleUser[\"email\"]);\n if (!user) {\n return c.json({ error: \"invalid_grant\", error_description: \"User not found.\" }, 400);\n }\n\n const accessToken = \"apple_\" + randomBytes(20).toString(\"base64url\");\n const refreshToken = \"r_apple_\" + randomBytes(20).toString(\"base64url\");\n const scopes = pending.scope ? pending.scope.split(/\\s+/).filter(Boolean) : [];\n\n if (tokenMap) {\n tokenMap.set(accessToken, { login: user.email, id: user.id, scopes });\n }\n\n // Store refresh token\n getRefreshTokens(store).set(refreshToken, {\n email: user.email,\n clientId: pending.clientId,\n scope: pending.scope,\n nonce: pending.nonce,\n });\n\n const idToken = await createIdToken(user, pending.clientId, pending.nonce, baseUrl);\n\n debug(\"apple.oauth\", `[Apple token] issued token for ${user.email}`);\n\n return c.json({\n access_token: accessToken,\n token_type: \"Bearer\",\n expires_in: 3600,\n refresh_token: refreshToken,\n id_token: idToken,\n });\n }\n\n if (grant_type === \"refresh_token\") {\n const refreshMap = getRefreshTokens(store);\n const stored = refreshMap.get(refresh_token);\n if (!stored) {\n return c.json({ error: \"invalid_grant\", error_description: \"The refresh_token is invalid.\" }, 400);\n }\n\n const user = as.users.findOneBy(\"email\", stored.email as AppleUser[\"email\"]);\n if (!user) {\n return c.json({ error: \"invalid_grant\", error_description: \"User not found.\" }, 400);\n }\n\n const accessToken = \"apple_\" + randomBytes(20).toString(\"base64url\");\n const scopes = stored.scope ? stored.scope.split(/\\s+/).filter(Boolean) : [];\n\n if (tokenMap) {\n tokenMap.set(accessToken, { login: user.email, id: user.id, scopes });\n }\n\n const idToken = await createIdToken(user, stored.clientId || client_id, stored.nonce, baseUrl);\n\n debug(\"apple.oauth\", `[Apple refresh] issued new token for ${user.email}`);\n\n // No new refresh_token for refresh grant\n return c.json({\n access_token: accessToken,\n token_type: \"Bearer\",\n expires_in: 3600,\n id_token: idToken,\n });\n }\n\n return c.json({ error: \"unsupported_grant_type\", error_description: \"Only authorization_code and refresh_token are supported.\" }, 400);\n });\n\n // ---------- Token revocation ----------\n\n app.post(\"/auth/revoke\", async (c) => {\n const rawText = await c.req.text();\n const params = new URLSearchParams(rawText);\n const token = params.get(\"token\") ?? \"\";\n\n if (token && tokenMap) {\n tokenMap.delete(token);\n }\n\n // Also check refresh tokens\n if (token) {\n getRefreshTokens(store).delete(token);\n }\n\n return c.body(null, 200);\n });\n}\n","export interface Entity {\n id: number;\n created_at: string;\n updated_at: string;\n}\n\nexport type InsertInput<T extends Entity> = Omit<T, \"id\" | \"created_at\" | \"updated_at\"> & { id?: number };\n\nexport type FilterFn<T> = (item: T) => boolean;\nexport type SortFn<T> = (a: T, b: T) => number;\n\nexport interface QueryOptions<T> {\n filter?: FilterFn<T>;\n sort?: SortFn<T>;\n page?: number;\n per_page?: number;\n}\n\nexport interface PaginatedResult<T> {\n items: T[];\n total_count: number;\n page: number;\n per_page: number;\n has_next: boolean;\n has_prev: boolean;\n}\n\nexport class Collection<T extends Entity> {\n private items = new Map<number, T>();\n private indexes = new Map<string, Map<string | number, Set<number>>>();\n private autoId = 1;\n readonly fieldNames: string[];\n\n constructor(private indexFields: (keyof T)[] = []) {\n this.fieldNames = indexFields.map(String).sort();\n for (const field of indexFields) {\n this.indexes.set(String(field), new Map());\n }\n }\n\n private addToIndex(item: T): void {\n for (const field of this.indexFields) {\n const value = item[field];\n if (value === undefined || value === null) continue;\n const indexMap = this.indexes.get(String(field))!;\n const key = String(value);\n if (!indexMap.has(key)) {\n indexMap.set(key, new Set());\n }\n indexMap.get(key)!.add(item.id);\n }\n }\n\n private removeFromIndex(item: T): void {\n for (const field of this.indexFields) {\n const value = item[field];\n if (value === undefined || value === null) continue;\n const indexMap = this.indexes.get(String(field))!;\n const key = String(value);\n indexMap.get(key)?.delete(item.id);\n }\n }\n\n insert(data: InsertInput<T>): T {\n const now = new Date().toISOString();\n const explicitId = data.id != null && data.id > 0 ? data.id : undefined;\n const id = explicitId ?? this.autoId++;\n if (id >= this.autoId) {\n this.autoId = id + 1;\n }\n const item = {\n ...data,\n id,\n created_at: now,\n updated_at: now,\n } as unknown as T;\n this.items.set(id, item);\n this.addToIndex(item);\n return item;\n }\n\n get(id: number): T | undefined {\n return this.items.get(id);\n }\n\n findBy(field: keyof T, value: T[keyof T] | string | number): T[] {\n if (this.indexes.has(String(field))) {\n const ids = this.indexes.get(String(field))!.get(String(value));\n if (!ids) return [];\n return Array.from(ids).map((id) => this.items.get(id)!).filter(Boolean);\n }\n return this.all().filter((item) => item[field] === value);\n }\n\n findOneBy(field: keyof T, value: T[keyof T] | string | number): T | undefined {\n return this.findBy(field, value)[0];\n }\n\n update(id: number, data: Partial<T>): T | undefined {\n const existing = this.items.get(id);\n if (!existing) return undefined;\n this.removeFromIndex(existing);\n const updated = {\n ...existing,\n ...data,\n id,\n updated_at: new Date().toISOString(),\n } as T;\n this.items.set(id, updated);\n this.addToIndex(updated);\n return updated;\n }\n\n delete(id: number): boolean {\n const existing = this.items.get(id);\n if (!existing) return false;\n this.removeFromIndex(existing);\n return this.items.delete(id);\n }\n\n all(): T[] {\n return Array.from(this.items.values());\n }\n\n query(options: QueryOptions<T> = {}): PaginatedResult<T> {\n let results = this.all();\n\n if (options.filter) {\n results = results.filter(options.filter);\n }\n\n const total_count = results.length;\n\n if (options.sort) {\n results.sort(options.sort);\n }\n\n const page = options.page ?? 1;\n const per_page = Math.min(options.per_page ?? 30, 100);\n const start = (page - 1) * per_page;\n const paged = results.slice(start, start + per_page);\n\n return {\n items: paged,\n total_count,\n page,\n per_page,\n has_next: start + per_page < total_count,\n has_prev: page > 1,\n };\n }\n\n count(filter?: FilterFn<T>): number {\n if (!filter) return this.items.size;\n return this.all().filter(filter).length;\n }\n\n clear(): void {\n this.items.clear();\n for (const indexMap of this.indexes.values()) {\n indexMap.clear();\n }\n this.autoId = 1;\n }\n}\n\nexport class Store {\n private collections = new Map<string, Collection<any>>();\n private _data = new Map<string, unknown>();\n\n collection<T extends Entity>(name: string, indexFields: (keyof T)[] = []): Collection<T> {\n const existing = this.collections.get(name);\n if (existing) {\n if (indexFields.length > 0) {\n const requested = indexFields.map(String).sort();\n if (existing.fieldNames.length !== requested.length || existing.fieldNames.some((f, i) => f !== requested[i])) {\n throw new Error(\n `Collection \"${name}\" already exists with indexes [${existing.fieldNames}] but was requested with [${requested}]`\n );\n }\n }\n return existing as Collection<T>;\n }\n const col = new Collection<T>(indexFields);\n this.collections.set(name, col);\n return col;\n }\n\n getData<V>(key: string): V | undefined {\n return this._data.get(key) as V | undefined;\n }\n\n setData<V>(key: string, value: V): void {\n this._data.set(key, value);\n }\n\n reset(): void {\n for (const collection of this.collections.values()) {\n collection.clear();\n }\n this._data.clear();\n }\n}\n","import { Hono } from \"hono\";\nimport { cors } from \"hono/cors\";\nimport { Store } from \"./store.js\";\nimport { WebhookDispatcher } from \"./webhooks.js\";\nimport { createApiErrorHandler, createErrorHandler } from \"./middleware/error-handler.js\";\nimport { authMiddleware, type AuthFallback, type TokenMap, type AppKeyResolver, type AppEnv } from \"./middleware/auth.js\";\nimport type { ServicePlugin } from \"./plugin.js\";\nimport { registerFontRoutes } from \"./fonts.js\";\n\nexport interface ServerOptions {\n port?: number;\n baseUrl?: string;\n docsUrl?: string;\n tokens?: Record<string, { login: string; id: number; scopes?: string[] }>;\n appKeyResolver?: AppKeyResolver;\n fallbackUser?: AuthFallback;\n}\n\nexport function createServer(plugin: ServicePlugin, options: ServerOptions = {}) {\n const port = options.port ?? 4000;\n const baseUrl = options.baseUrl ?? `http://localhost:${port}`;\n\n const app = new Hono<AppEnv>();\n const store = new Store();\n const webhooks = new WebhookDispatcher();\n\n const tokenMap: TokenMap = new Map();\n if (options.tokens) {\n for (const [token, user] of Object.entries(options.tokens)) {\n tokenMap.set(token, {\n login: user.login,\n id: user.id,\n scopes: user.scopes ?? [\"repo\", \"user\", \"admin:org\", \"admin:repo_hook\"],\n });\n }\n }\n\n const docsUrl = options.docsUrl ?? `https://emulate.dev/${plugin.name}`;\n\n registerFontRoutes(app);\n\n app.onError(createApiErrorHandler(docsUrl));\n app.use(\"*\", cors());\n app.use(\"*\", createErrorHandler(docsUrl));\n app.use(\"*\", authMiddleware(tokenMap, options.appKeyResolver, options.fallbackUser));\n\n const rateLimitCounters = new Map<string, { remaining: number; resetAt: number }>();\n let lastPruneAt = Math.floor(Date.now() / 1000);\n\n app.use(\"*\", async (c, next) => {\n const token = c.get(\"authToken\") ?? \"__anonymous__\";\n const now = Math.floor(Date.now() / 1000);\n\n if (now - lastPruneAt > 3600) {\n for (const [key, val] of rateLimitCounters) {\n if (val.resetAt <= now) rateLimitCounters.delete(key);\n }\n lastPruneAt = now;\n }\n\n let counter = rateLimitCounters.get(token);\n if (!counter || counter.resetAt <= now) {\n counter = { remaining: 5000, resetAt: now + 3600 };\n rateLimitCounters.set(token, counter);\n }\n\n counter.remaining = Math.max(0, counter.remaining - 1);\n\n c.header(\"X-RateLimit-Limit\", \"5000\");\n c.header(\"X-RateLimit-Remaining\", String(counter.remaining));\n c.header(\"X-RateLimit-Reset\", String(counter.resetAt));\n c.header(\"X-RateLimit-Resource\", \"core\");\n\n if (counter.remaining === 0) {\n return c.json(\n {\n message: \"API rate limit exceeded\",\n documentation_url: docsUrl,\n },\n 403\n );\n }\n\n await next();\n });\n\n plugin.register(app, store, webhooks, baseUrl, tokenMap);\n\n app.notFound((c) =>\n c.json(\n {\n message: \"Not Found\",\n documentation_url: docsUrl,\n },\n 404\n )\n );\n\n return { app, store, webhooks, port, baseUrl, tokenMap };\n}\n","import { createHmac } from \"crypto\";\n\nexport interface WebhookSubscription {\n id: number;\n url: string;\n events: string[];\n active: boolean;\n secret?: string;\n owner: string;\n repo?: string;\n}\n\nexport interface WebhookDelivery {\n id: number;\n hook_id: number;\n event: string;\n action?: string;\n payload: unknown;\n status_code: number | null;\n delivered_at: string;\n duration: number | null;\n success: boolean;\n}\n\nconst MAX_DELIVERIES = 1000;\n\nexport class WebhookDispatcher {\n private subscriptions: WebhookSubscription[] = [];\n private deliveries: WebhookDelivery[] = [];\n private subscriptionIdCounter = 1;\n private deliveryIdCounter = 1;\n\n register(sub: Omit<WebhookSubscription, \"id\"> & { id?: number }): WebhookSubscription {\n const { id: explicitId, ...rest } = sub;\n const id = explicitId !== undefined ? explicitId : this.subscriptionIdCounter++;\n if (id >= this.subscriptionIdCounter) {\n this.subscriptionIdCounter = id + 1;\n }\n const subscription: WebhookSubscription = { ...rest, id };\n this.subscriptions.push(subscription);\n return subscription;\n }\n\n unregister(id: number): boolean {\n const idx = this.subscriptions.findIndex((s) => s.id === id);\n if (idx === -1) return false;\n this.subscriptions.splice(idx, 1);\n return true;\n }\n\n getSubscription(id: number): WebhookSubscription | undefined {\n return this.subscriptions.find((s) => s.id === id);\n }\n\n getSubscriptions(owner?: string, repo?: string): WebhookSubscription[] {\n return this.subscriptions.filter((s) => {\n if (owner && s.owner !== owner) return false;\n if (repo !== undefined && s.repo !== repo) return false;\n return true;\n });\n }\n\n updateSubscription(\n id: number,\n data: Partial<Pick<WebhookSubscription, \"url\" | \"events\" | \"active\" | \"secret\">>\n ): WebhookSubscription | undefined {\n const sub = this.subscriptions.find((s) => s.id === id);\n if (!sub) return undefined;\n Object.assign(sub, data);\n return sub;\n }\n\n async dispatch(event: string, action: string | undefined, payload: unknown, owner: string, repo?: string): Promise<void> {\n const matchingSubs = this.subscriptions.filter((s) => {\n if (!s.active) return false;\n if (s.owner !== owner) return false;\n if (repo !== undefined) {\n if (s.repo !== repo) return false;\n } else if (s.repo !== undefined) {\n return false;\n }\n return (\n event === \"ping\" ||\n s.events.includes(\"*\") ||\n s.events.includes(event)\n );\n });\n\n for (const sub of matchingSubs) {\n const delivery: WebhookDelivery = {\n id: this.deliveryIdCounter++,\n hook_id: sub.id,\n event,\n action,\n payload,\n status_code: null,\n delivered_at: new Date().toISOString(),\n duration: null,\n success: false,\n };\n\n const body = JSON.stringify(payload);\n\n const signatureHeaders: Record<string, string> = {};\n if (sub.secret) {\n const hmac = createHmac(\"sha256\", sub.secret).update(body).digest(\"hex\");\n signatureHeaders[\"X-Hub-Signature-256\"] = `sha256=${hmac}`;\n }\n\n try {\n const start = Date.now();\n const response = await fetch(sub.url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n \"X-GitHub-Event\": event,\n \"X-GitHub-Delivery\": String(delivery.id),\n ...signatureHeaders,\n },\n body,\n signal: AbortSignal.timeout(10000),\n });\n delivery.duration = Date.now() - start;\n delivery.status_code = response.status;\n delivery.success = response.ok;\n } catch {\n delivery.duration = 0;\n delivery.success = false;\n }\n\n this.deliveries.push(delivery);\n if (this.deliveries.length > MAX_DELIVERIES) {\n this.deliveries.splice(0, this.deliveries.length - MAX_DELIVERIES);\n }\n }\n }\n\n getDeliveries(hookId?: number): WebhookDelivery[] {\n if (hookId !== undefined) {\n return this.deliveries.filter((d) => d.hook_id === hookId);\n }\n return [...this.deliveries];\n }\n\n clear(): void {\n this.subscriptions.length = 0;\n this.deliveries.length = 0;\n this.subscriptionIdCounter = 1;\n this.deliveryIdCounter = 1;\n }\n}\n","import type { Context, ErrorHandler, MiddlewareHandler } from \"hono\";\nimport type { ContentfulStatusCode } from \"hono/utils/http-status\";\n\nconst DEFAULT_DOCS_URL = \"https://emulate.dev\";\n\nfunction getDocsUrl(c: Context): string {\n return (c.get(\"docsUrl\") as string | undefined) ?? DEFAULT_DOCS_URL;\n}\n\nfunction errorStatus(err: unknown): number {\n if (err && typeof err === \"object\" && \"status\" in err) {\n const s = (err as { status: unknown }).status;\n if (typeof s === \"number\" && Number.isFinite(s)) return s;\n }\n return 500;\n}\n\n/**\n * Use with `app.onError(...)`. Hono routes handler throws to the app error handler, not to outer middleware try/catch.\n */\nexport function createApiErrorHandler(documentationUrl?: string): ErrorHandler {\n return (err, c) => {\n if (documentationUrl) {\n c.set(\"docsUrl\", documentationUrl);\n }\n const status = errorStatus(err);\n const message = err instanceof Error ? err.message : \"Internal Server Error\";\n return c.json(\n {\n message,\n documentation_url: getDocsUrl(c),\n },\n status as ContentfulStatusCode\n );\n };\n}\n\n/** Sets `docsUrl` on the context for successful responses; register `createApiErrorHandler` for thrown `ApiError`s. */\nexport function createErrorHandler(documentationUrl?: string): MiddlewareHandler {\n return async (c, next) => {\n if (documentationUrl) {\n c.set(\"docsUrl\", documentationUrl);\n }\n await next();\n };\n}\n\nexport const errorHandler: MiddlewareHandler = createErrorHandler();\n\nexport class ApiError extends Error {\n constructor(\n public status: number,\n message: string,\n public errors?: Array<{ resource: string; field: string; code: string }>\n ) {\n super(message);\n this.name = \"ApiError\";\n }\n}\n\nexport function notFound(resource?: string): ApiError {\n return new ApiError(404, resource ? `${resource} not found` : \"Not Found\");\n}\n\nexport function validationError(message: string, errors?: ApiError[\"errors\"]): ApiError {\n return new ApiError(422, message, errors);\n}\n\nexport function unauthorized(): ApiError {\n return new ApiError(401, \"Requires authentication\");\n}\n\nexport function forbidden(): ApiError {\n return new ApiError(403, \"Forbidden\");\n}\n\nexport async function parseJsonBody(c: Context): Promise<Record<string, unknown>> {\n try {\n const body = await c.req.json();\n if (body && typeof body === \"object\" && !Array.isArray(body)) {\n return body as Record<string, unknown>;\n }\n return {};\n } catch {\n throw new ApiError(400, \"Problems parsing JSON\");\n }\n}\n","import type { Context, Next } from \"hono\";\nimport { jwtVerify, importPKCS8 } from \"jose\";\nimport { debug } from \"../debug.js\";\n\nexport interface AuthUser {\n login: string;\n id: number;\n scopes: string[];\n}\n\nexport interface AuthApp {\n appId: number;\n slug: string;\n name: string;\n}\n\nexport interface AuthInstallation {\n installationId: number;\n appId: number;\n permissions: Record<string, string>;\n repositoryIds: number[];\n repositorySelection: \"all\" | \"selected\";\n}\n\nexport type TokenMap = Map<string, AuthUser>;\n\nexport type AppEnv = {\n Variables: {\n authUser?: AuthUser;\n authApp?: AuthApp;\n authToken?: string;\n authScopes?: string[];\n docsUrl?: string;\n };\n};\n\nexport interface AppKeyResolver {\n (appId: number): { privateKey: string; slug: string; name: string } | null;\n}\n\nexport interface AuthFallback {\n login: string;\n id: number;\n scopes: string[];\n}\n\nexport function authMiddleware(tokens: TokenMap, appKeyResolver?: AppKeyResolver, fallbackUser?: AuthFallback) {\n return async (c: Context, next: Next) => {\n const authHeader = c.req.header(\"Authorization\");\n if (authHeader) {\n const token = authHeader.replace(/^(Bearer|token)\\s+/i, \"\").trim();\n\n if (token.startsWith(\"eyJ\") && appKeyResolver) {\n try {\n const [, payloadB64] = token.split(\".\");\n const payload = JSON.parse(\n Buffer.from(payloadB64, \"base64url\").toString()\n );\n const appId = typeof payload.iss === \"string\" ? parseInt(payload.iss, 10) : payload.iss;\n\n if (typeof appId === \"number\" && !isNaN(appId)) {\n const appInfo = appKeyResolver(appId);\n if (appInfo) {\n const key = await importPKCS8(appInfo.privateKey, \"RS256\");\n await jwtVerify(token, key, { algorithms: [\"RS256\"] });\n c.set(\"authApp\", {\n appId,\n slug: appInfo.slug,\n name: appInfo.name,\n } satisfies AuthApp);\n }\n }\n } catch {\n // JWT verification failed\n }\n } else {\n let user = tokens.get(token);\n if (!user && fallbackUser && token.length > 0) {\n debug(\"auth\", \"fallback user for unknown token\", { login: fallbackUser.login, id: fallbackUser.id });\n user = { login: fallbackUser.login, id: fallbackUser.id, scopes: fallbackUser.scopes };\n }\n if (user) {\n c.set(\"authUser\", user);\n c.set(\"authToken\", token);\n c.set(\"authScopes\", user.scopes);\n }\n }\n }\n await next();\n };\n}\n\nexport function requireAuth() {\n return async (c: Context, next: Next) => {\n if (!c.get(\"authUser\")) {\n const docsUrl = (c.get(\"docsUrl\") as string | undefined) ?? \"https://emulate.dev\";\n return c.json(\n {\n message: \"Requires authentication\",\n documentation_url: docsUrl,\n },\n 401\n );\n }\n await next();\n };\n}\n\nexport function requireAppAuth() {\n return async (c: Context, next: Next) => {\n if (!c.get(\"authApp\")) {\n const docsUrl = (c.get(\"docsUrl\") as string | undefined) ?? \"https://emulate.dev\";\n return c.json(\n {\n message: \"A JSON web token could not be decoded\",\n documentation_url: docsUrl,\n },\n 401\n );\n }\n await next();\n };\n}\n","const isDebug = typeof process !== \"undefined\" && (process.env.DEBUG === \"1\" || process.env.DEBUG === \"true\" || process.env.EMULATE_DEBUG === \"1\");\n\nexport function debug(label: string, ...args: unknown[]): void {\n if (isDebug) {\n console.log(`[${label}]`, ...args);\n }\n}\n","import { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, join } from \"node:path\";\nimport type { Hono } from \"hono\";\nimport type { AppEnv } from \"./middleware/auth.js\";\n\nconst __dirname = dirname(fileURLToPath(import.meta.url));\n\nconst FONTS: Record<string, Buffer> = {\n \"geist-sans.woff2\": readFileSync(join(__dirname, \"fonts\", \"geist-sans.woff2\")),\n \"GeistPixel-Square.woff2\": readFileSync(join(__dirname, \"fonts\", \"GeistPixel-Square.woff2\")),\n};\n\nexport function registerFontRoutes(app: Hono<AppEnv>): void {\n app.get(\"/_emulate/fonts/:name\", (c) => {\n const name = c.req.param(\"name\");\n const buf = FONTS[name];\n if (!buf) return c.notFound();\n return new Response(buf, {\n headers: {\n \"Content-Type\": \"font/woff2\",\n \"Cache-Control\": \"public, max-age=31536000, immutable\",\n \"Access-Control-Allow-Origin\": \"*\",\n },\n });\n });\n}\n","import type { Context } from \"hono\";\n\nexport interface PaginationParams {\n page: number;\n per_page: number;\n}\n\nexport function parsePagination(c: Context): PaginationParams {\n const page = Math.max(1, parseInt(c.req.query(\"page\") ?? \"1\", 10) || 1);\n const per_page = Math.min(100, Math.max(1, parseInt(c.req.query(\"per_page\") ?? \"30\", 10) || 30));\n return { page, per_page };\n}\n\nexport function setLinkHeader(\n c: Context,\n totalCount: number,\n page: number,\n perPage: number\n): void {\n const lastPage = Math.max(1, Math.ceil(totalCount / perPage));\n const baseUrl = new URL(c.req.url);\n const links: string[] = [];\n\n const makeLink = (p: number, rel: string) => {\n baseUrl.searchParams.set(\"page\", String(p));\n baseUrl.searchParams.set(\"per_page\", String(perPage));\n return `<${baseUrl.toString()}>; rel=\"${rel}\"`;\n };\n\n if (page < lastPage) {\n links.push(makeLink(page + 1, \"next\"));\n links.push(makeLink(lastPage, \"last\"));\n }\n if (page > 1) {\n links.push(makeLink(1, \"first\"));\n links.push(makeLink(page - 1, \"prev\"));\n }\n\n if (links.length > 0) {\n c.header(\"Link\", links.join(\", \"));\n }\n}\n","export function escapeHtml(s: string): string {\n return s\n .replace(/&/g, \"&amp;\")\n .replace(/</g, \"&lt;\")\n .replace(/>/g, \"&gt;\")\n .replace(/\"/g, \"&quot;\");\n}\n\nexport function escapeAttr(s: string): string {\n return escapeHtml(s).replace(/'/g, \"&#39;\");\n}\n\nconst CSS = `\n@font-face{\n font-family:'Geist';font-style:normal;font-weight:100 900;font-display:swap;\n src:url('/_emulate/fonts/geist-sans.woff2') format('woff2');\n}\n@font-face{\n font-family:'Geist Pixel';font-style:normal;font-weight:400;font-display:swap;\n src:url('/_emulate/fonts/GeistPixel-Square.woff2') format('woff2');\n}\n*{box-sizing:border-box;margin:0;padding:0}\nbody{\n font-family:'Geist',-apple-system,BlinkMacSystemFont,sans-serif;\n background:#000;color:#33ff00;min-height:100vh;\n -webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;\n}\n.emu-bar{\n border-bottom:1px solid #0a3300;padding:10px 20px;\n display:flex;align-items:center;gap:10px;font-size:.8125rem;color:#1a8c00;\n}\n.emu-bar-title{font-weight:600;color:#33ff00;font-family:'Geist Pixel',monospace;}\n.emu-bar-links{margin-left:auto;display:flex;gap:16px;}\n.emu-bar-links a{\n color:#1a8c00;font-size:.75rem;text-decoration:none;transition:color .15s;\n}\n.emu-bar-links a:hover{color:#33ff00;}\n.emu-bar-links a .full{display:inline;}\n.emu-bar-links a .short{display:none;}\n@media(max-width:600px){\n .emu-bar-links a .full{display:none;}\n .emu-bar-links a .short{display:inline;}\n}\n\n.content{\n display:flex;align-items:center;justify-content:center;\n min-height:calc(100vh - 42px);padding:24px 16px;\n}\n.content-inner{width:100%;max-width:420px;}\n.card-title{\n font-family:'Geist Pixel',monospace;\n font-size:1.125rem;font-weight:600;margin-bottom:4px;color:#33ff00;\n}\n.card-subtitle{color:#1a8c00;font-size:.8125rem;margin-bottom:18px;line-height:1.45;}\n.powered-by{\n position:fixed;bottom:0;left:0;right:0;\n text-align:center;padding:12px;font-size:.6875rem;color:#0a3300;\n font-family:'Geist Pixel',monospace;\n}\n.powered-by a{color:#1a8c00;text-decoration:none;transition:color .15s;}\n.powered-by a:hover{color:#33ff00;}\n\n.error-title{\n font-family:'Geist Pixel',monospace;\n color:#ff4444;font-size:1.125rem;font-weight:600;margin-bottom:8px;\n}\n.error-msg{color:#1a8c00;font-size:.875rem;line-height:1.5;}\n.error-card{text-align:center;}\n\n.user-form{margin-bottom:8px;}\n.user-form:last-of-type{margin-bottom:0;}\n.user-btn{\n width:100%;display:flex;align-items:center;gap:12px;\n padding:10px 12px;border:1px solid #0a3300;border-radius:8px;\n background:#000;color:inherit;cursor:pointer;text-align:left;\n font:inherit;transition:border-color .15s;\n}\n.user-btn:hover{border-color:#33ff00;}\n.avatar{\n width:36px;height:36px;border-radius:50%;\n background:#0a3300;color:#33ff00;font-weight:600;font-size:.875rem;\n display:flex;align-items:center;justify-content:center;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.user-text{min-width:0;}\n.user-login{font-weight:600;font-size:.875rem;display:block;color:#33ff00;}\n.user-meta{color:#1a8c00;font-size:.75rem;margin-top:1px;}\n.user-email{font-size:.6875rem;color:#116600;word-break:break-all;margin-top:1px;}\n\n.settings-layout{\n max-width:920px;margin:0 auto;padding:28px 20px;\n display:flex;gap:28px;\n}\n.settings-sidebar{width:200px;flex-shrink:0;}\n.settings-sidebar a{\n display:block;padding:6px 10px;border-radius:6px;color:#1a8c00;\n text-decoration:none;font-size:.8125rem;transition:color .15s;\n}\n.settings-sidebar a:hover{color:#33ff00;}\n.settings-sidebar a.active{color:#33ff00;font-weight:600;}\n.settings-main{flex:1;min-width:0;}\n\n.s-card{\n padding:18px 0;margin-bottom:14px;border-bottom:1px solid #0a3300;\n}\n.s-card:last-child{border-bottom:none;}\n.s-card-header{display:flex;align-items:center;gap:14px;margin-bottom:14px;}\n.s-icon{\n width:42px;height:42px;border-radius:8px;\n background:#0a3300;display:flex;align-items:center;justify-content:center;\n font-size:1.125rem;font-weight:700;color:#116600;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.s-title{\n font-family:'Geist Pixel',monospace;\n font-size:1.25rem;font-weight:600;color:#33ff00;\n}\n.s-subtitle{font-size:.75rem;color:#1a8c00;margin-top:2px;}\n.section-heading{\n font-size:.9375rem;font-weight:600;margin-bottom:10px;color:#33ff00;\n display:flex;align-items:center;justify-content:space-between;\n}\n.perm-list{list-style:none;}\n.perm-list li{padding:5px 0;font-size:.8125rem;display:flex;align-items:center;gap:6px;color:#1a8c00;}\n.check{color:#33ff00;}\n.org-row{\n display:flex;align-items:center;gap:8px;padding:7px 0;\n border-bottom:1px solid #0a3300;font-size:.8125rem;\n}\n.org-row:last-child{border-bottom:none;}\n.org-icon{\n width:22px;height:22px;border-radius:4px;background:#0a3300;\n display:flex;align-items:center;justify-content:center;\n font-size:.625rem;font-weight:700;color:#116600;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.org-name{font-weight:600;color:#33ff00;}\n.badge{font-size:.6875rem;padding:1px 7px;border-radius:999px;font-weight:500;}\n.badge-granted{background:#0a3300;color:#33ff00;}\n.badge-denied{background:#1a0a0a;color:#ff4444;}\n.badge-requested{background:#0a3300;color:#1a8c00;}\n.btn-revoke{\n display:inline-block;padding:5px 14px;border-radius:6px;\n border:1px solid #0a3300;background:transparent;color:#ff4444;\n font-size:.75rem;font-weight:600;cursor:pointer;transition:border-color .15s;\n}\n.btn-revoke:hover{border-color:#ff4444;}\n.info-text{color:#1a8c00;font-size:.75rem;line-height:1.5;margin-top:10px;}\n.app-link{\n display:flex;align-items:center;gap:12px;padding:12px;\n border:1px solid #0a3300;border-radius:8px;background:#000;\n text-decoration:none;color:inherit;margin-bottom:8px;transition:border-color .15s;\n}\n.app-link:hover{border-color:#33ff00;}\n.app-link-name{font-weight:600;font-size:.875rem;color:#33ff00;}\n.app-link-scopes{font-size:.6875rem;color:#1a8c00;margin-top:1px;}\n.empty{color:#1a8c00;text-align:center;padding:28px 0;font-size:.875rem;}\n`;\n\nconst POWERED_BY = `<div class=\"powered-by\">Powered by <a href=\"https://emulate.dev\" target=\"_blank\" rel=\"noopener\">emulate</a></div>`;\n\nfunction emuBar(service?: string): string {\n const title = service ? `${escapeHtml(service)} Emulator` : \"Emulator\";\n return `<div class=\"emu-bar\">\n <span class=\"emu-bar-title\">${title}</span>\n <nav class=\"emu-bar-links\">\n <a href=\"https://github.com/vercel-labs/emulate/issues\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Report Issue</span><span class=\"short\">Report</span></a>\n <a href=\"https://github.com/vercel-labs/emulate\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Source Code</span><span class=\"short\">Source</span></a>\n <a href=\"https://emulate.dev\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Learn More</span><span class=\"short\">Learn</span></a>\n </nav>\n</div>`;\n}\n\nfunction head(title: string): string {\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\"/>\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"/>\n<title>${escapeHtml(title)} | emulate</title>\n<style>${CSS}</style>\n</head>`;\n}\n\nexport function renderCardPage(\n title: string,\n subtitle: string,\n body: string,\n service?: string\n): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"content\">\n <div class=\"content-inner\">\n <div class=\"card-title\">${escapeHtml(title)}</div>\n <div class=\"card-subtitle\">${subtitle}</div>\n ${body}\n </div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport function renderErrorPage(title: string, message: string, service?: string): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"content\">\n <div class=\"content-inner error-card\">\n <div class=\"error-title\">${escapeHtml(title)}</div>\n <div class=\"error-msg\">${escapeHtml(message)}</div>\n </div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport function renderSettingsPage(\n title: string,\n sidebarHtml: string,\n bodyHtml: string,\n service?: string\n): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"settings-layout\">\n <nav class=\"settings-sidebar\">${sidebarHtml}</nav>\n <div class=\"settings-main\">${bodyHtml}</div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport interface UserButtonOptions {\n letter: string;\n login: string;\n name?: string;\n email?: string;\n formAction: string;\n hiddenFields: Record<string, string>;\n}\n\nexport function renderUserButton(opts: UserButtonOptions): string {\n const hiddens = Object.entries(opts.hiddenFields)\n .map(([k, v]) => `<input type=\"hidden\" name=\"${escapeAttr(k)}\" value=\"${escapeAttr(v)}\"/>`)\n .join(\"\");\n\n const nameLine = opts.name\n ? `<div class=\"user-meta\">${escapeHtml(opts.name)}</div>`\n : \"\";\n const emailLine = opts.email\n ? `<div class=\"user-email\">${escapeHtml(opts.email)}</div>`\n : \"\";\n\n return `<form class=\"user-form\" method=\"post\" action=\"${escapeAttr(opts.formAction)}\">\n${hiddens}\n<button type=\"submit\" class=\"user-btn\">\n <span class=\"avatar\">${escapeHtml(opts.letter)}</span>\n <span class=\"user-text\">\n <span class=\"user-login\">${escapeHtml(opts.login)}</span>\n ${nameLine}${emailLine}\n </span>\n</button>\n</form>`;\n}\n","import { timingSafeEqual } from \"crypto\";\n\nexport function normalizeUri(uri: string): string {\n try {\n const u = new URL(uri);\n return `${u.origin}${u.pathname.replace(/\\/+$/, \"\")}`;\n } catch {\n return uri.replace(/\\/+$/, \"\").split(\"?\")[0];\n }\n}\n\nexport function matchesRedirectUri(incoming: string, registered: string[]): boolean {\n const normalized = normalizeUri(incoming);\n return registered.some((r) => normalizeUri(r) === normalized);\n}\n\nexport function constantTimeSecretEqual(a: string, b: string): boolean {\n const bufA = Buffer.from(a, \"utf-8\");\n const bufB = Buffer.from(b, \"utf-8\");\n if (bufA.length !== bufB.length) return false;\n return timingSafeEqual(bufA, bufB);\n}\n\nexport function bodyStr(v: unknown): string {\n if (typeof v === \"string\") return v;\n if (Array.isArray(v) && typeof v[0] === \"string\") return v[0];\n return \"\";\n}\n\nexport function parseCookies(header: string): Record<string, string> {\n const cookies: Record<string, string> = {};\n for (const part of header.split(\";\")) {\n const [k, ...v] = part.split(\"=\");\n if (k) cookies[k.trim()] = v.join(\"=\").trim();\n }\n return cookies;\n}\n","import type { Hono } from \"hono\";\nimport type { ServicePlugin, Store, WebhookDispatcher, TokenMap, AppEnv, RouteContext } from \"@emulators/core\";\nimport { getAppleStore } from \"./store.js\";\nimport { generateAppleUid, generatePrivateRelayEmail } from \"./helpers.js\";\nimport { oauthRoutes } from \"./routes/oauth.js\";\n\nexport { getAppleStore, type AppleStore } from \"./store.js\";\nexport * from \"./entities.js\";\n\nexport interface AppleSeedConfig {\n users?: Array<{\n email: string;\n name?: string;\n given_name?: string;\n family_name?: string;\n is_private_email?: boolean;\n }>;\n oauth_clients?: Array<{\n client_id: string;\n team_id: string;\n key_id?: string;\n name: string;\n redirect_uris: string[];\n }>;\n}\n\nfunction seedDefaults(store: Store, _baseUrl: string): void {\n const as = getAppleStore(store);\n\n as.users.insert({\n uid: generateAppleUid(),\n email: \"testuser@icloud.com\",\n name: \"Test User\",\n given_name: \"Test\",\n family_name: \"User\",\n email_verified: true,\n is_private_email: false,\n private_relay_email: null,\n real_user_status: 2,\n });\n}\n\nexport function seedFromConfig(store: Store, _baseUrl: string, config: AppleSeedConfig): void {\n const as = getAppleStore(store);\n\n if (config.users) {\n for (const u of config.users) {\n const existing = as.users.findOneBy(\"email\", u.email);\n if (existing) continue;\n\n const nameParts = (u.name ?? \"\").split(/\\s+/);\n const isPrivate = u.is_private_email ?? false;\n\n as.users.insert({\n uid: generateAppleUid(),\n email: u.email,\n name: u.name ?? u.email.split(\"@\")[0],\n given_name: u.given_name ?? nameParts[0] ?? \"\",\n family_name: u.family_name ?? nameParts.slice(1).join(\" \") ?? \"\",\n email_verified: true,\n is_private_email: isPrivate,\n private_relay_email: isPrivate ? generatePrivateRelayEmail() : null,\n real_user_status: 2,\n });\n }\n }\n\n if (config.oauth_clients) {\n for (const client of config.oauth_clients) {\n const existing = as.oauthClients.findOneBy(\"client_id\", client.client_id);\n if (existing) continue;\n as.oauthClients.insert({\n client_id: client.client_id,\n team_id: client.team_id,\n key_id: client.key_id ?? \"TESTKEY001\",\n name: client.name,\n redirect_uris: client.redirect_uris,\n });\n }\n }\n}\n\nexport const applePlugin: ServicePlugin = {\n name: \"apple\",\n register(app: Hono<AppEnv>, store: Store, webhooks: WebhookDispatcher, baseUrl: string, tokenMap?: TokenMap): void {\n const ctx: RouteContext = { app, store, webhooks, baseUrl, tokenMap };\n oauthRoutes(ctx);\n },\n seed(store: Store, baseUrl: string): void {\n seedDefaults(store, baseUrl);\n },\n};\n\nexport default applePlugin;\n"],"mappings":";AAQO,SAAS,cAAc,OAA0B;AACtD,SAAO;AAAA,IACL,OAAO,MAAM,WAAsB,eAAe,CAAC,OAAO,OAAO,CAAC;AAAA,IAClE,cAAc,MAAM,WAA6B,uBAAuB,CAAC,WAAW,CAAC;AAAA,EACvF;AACF;;;ACbA,SAAS,mBAAmB;AAKrB,SAAS,mBAA2B;AACzC,QAAM,SAAS,YAAY,CAAC,EAAE,SAAS,KAAK,EAAE,YAAY;AAC1D,QAAM,SAAS,YAAY,EAAE,EAAE,SAAS,KAAK;AAC7C,QAAM,SAAS,YAAY,CAAC,EAAE,SAAS,KAAK,EAAE,YAAY;AAC1D,SAAO,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM;AACtC;AAKO,SAAS,4BAAoC;AAClD,QAAM,KAAK,YAAY,EAAE,EAAE,SAAS,KAAK;AACzC,SAAO,GAAG,EAAE;AACd;;;AClBA,SAAS,eAAAA,oBAAmB;AAC5B,SAAS,SAAS,WAAW,uBAAuB;;;AEDpD,SAAS,YAAY;AACrB,SAAS,YAAY;AGArB,SAAS,WAAW,mBAAmB;AEDvC,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,SAAS,YAAY;AHoCvB,SAAS,mBAAmB,kBAA8C;AAC/E,SAAO,OAAO,GAAG,SAAS;AACxB,QAAI,kBAAkB;AACpB,QAAE,IAAI,WAAW,gBAAgB;IACnC;AACA,UAAM,KAAK;EACb;AACF;AAEO,IAAM,eAAkC,mBAAmB;AE/ClE,IAAM,UAAU,OAAO,YAAY,gBAAgB,QAAQ,IAAI,UAAU,OAAO,QAAQ,IAAI,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AAEvI,SAAS,MAAM,UAAkB,MAAuB;AAC7D,MAAI,SAAS;AACX,YAAQ,IAAI,IAAI,KAAK,KAAK,GAAG,IAAI;EACnC;AACF;ACAA,IAAM,YAAY,QAAQ,cAAc,YAAY,GAAG,CAAC;AAExD,IAAM,QAAgC;EACpC,oBAAoB,aAAa,KAAK,WAAW,SAAS,kBAAkB,CAAC;EAC7E,2BAA2B,aAAa,KAAK,WAAW,SAAS,yBAAyB,CAAC;AAC7F;AEXO,SAAS,WAAW,GAAmB;AAC5C,SAAO,EACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ;AAC3B;AAEO,SAAS,WAAW,GAAmB;AAC5C,SAAO,WAAW,CAAC,EAAE,QAAQ,MAAM,OAAO;AAC5C;AAEA,IAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmJZ,IAAM,aAAa;AAEnB,SAAS,OAAO,SAA0B;AACxC,QAAM,QAAQ,UAAU,GAAG,WAAW,OAAO,CAAC,cAAc;AAC5D,SAAO;gCACuB,KAAK;;;;;;;AAOrC;AAEA,SAAS,KAAK,OAAuB;AACnC,SAAO;;;;;SAKA,WAAW,KAAK,CAAC;SACjB,GAAG;;AAEZ;AAEO,SAAS,eACd,OACA,UACA,MACA,SACQ;AACR,SAAO,GAAG,KAAK,KAAK,CAAC;;EAErB,OAAO,OAAO,CAAC;;;8BAGa,WAAW,KAAK,CAAC;iCACd,QAAQ;MACnC,IAAI;;;EAGR,UAAU;;AAEZ;AAEO,SAAS,gBAAgB,OAAe,SAAiB,SAA0B;AACxF,SAAO,GAAG,KAAK,KAAK,CAAC;;EAErB,OAAO,OAAO,CAAC;;;+BAGc,WAAW,KAAK,CAAC;6BACnB,WAAW,OAAO,CAAC;;;EAG9C,UAAU;;AAEZ;AA4BO,SAAS,iBAAiB,MAAiC;AAChE,QAAM,UAAU,OAAO,QAAQ,KAAK,YAAY,EAC7C,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,8BAA8B,WAAW,CAAC,CAAC,YAAY,WAAW,CAAC,CAAC,KAAK,EACzF,KAAK,EAAE;AAEV,QAAM,WAAW,KAAK,OAClB,0BAA0B,WAAW,KAAK,IAAI,CAAC,WAC/C;AACJ,QAAM,YAAY,KAAK,QACnB,2BAA2B,WAAW,KAAK,KAAK,CAAC,WACjD;AAEJ,SAAO,iDAAiD,WAAW,KAAK,UAAU,CAAC;EACnF,OAAO;;yBAEgB,WAAW,KAAK,MAAM,CAAC;;+BAEjB,WAAW,KAAK,KAAK,CAAC;MAC/C,QAAQ,GAAG,SAAS;;;;AAI1B;ACxQO,SAAS,aAAa,KAAqB;AAChD,MAAI;AACF,UAAM,IAAI,IAAI,IAAI,GAAG;AACrB,WAAO,GAAG,EAAE,MAAM,GAAG,EAAE,SAAS,QAAQ,QAAQ,EAAE,CAAC;EACrD,QAAQ;AACN,WAAO,IAAI,QAAQ,QAAQ,EAAE,EAAE,MAAM,GAAG,EAAE,CAAC;EAC7C;AACF;AAEO,SAAS,mBAAmB,UAAkB,YAA+B;AAClF,QAAM,aAAa,aAAa,QAAQ;AACxC,SAAO,WAAW,KAAK,CAAC,MAAM,aAAa,CAAC,MAAM,UAAU;AAC9D;AASO,SAAS,QAAQ,GAAoB;AAC1C,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,MAAI,MAAM,QAAQ,CAAC,KAAK,OAAO,EAAE,CAAC,MAAM,SAAU,QAAO,EAAE,CAAC;AAC5D,SAAO;AACT;;;AVTA,IAAM,iBAAiB,gBAAgB,OAAO;AAC9C,IAAM,MAAM;AAmBZ,IAAM,sBAAsB,IAAI,KAAK;AAErC,SAAS,gBAAgB,OAAwC;AAC/D,MAAI,MAAM,MAAM,QAAkC,0BAA0B;AAC5E,MAAI,CAAC,KAAK;AACR,UAAM,oBAAI,IAAI;AACd,UAAM,QAAQ,4BAA4B,GAAG;AAAA,EAC/C;AACA,SAAO;AACT;AAEA,SAAS,iBAAiB,OAA+C;AACvE,MAAI,MAAM,MAAM,QAAyC,2BAA2B;AACpF,MAAI,CAAC,KAAK;AACR,UAAM,oBAAI,IAAI;AACd,UAAM,QAAQ,6BAA6B,GAAG;AAAA,EAChD;AACA,SAAO;AACT;AAEA,SAAS,oBAAoB,OAA2B;AACtD,MAAI,MAAM,MAAM,QAAqB,8BAA8B;AACnE,MAAI,CAAC,KAAK;AACR,UAAM,oBAAI,IAAI;AACd,UAAM,QAAQ,gCAAgC,GAAG;AAAA,EACnD;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,GAAyB;AACrD,SAAO,KAAK,IAAI,IAAI,EAAE,aAAa;AACrC;AAEA,IAAM,gBAAgB;AAEtB,eAAe,cACb,MACA,UACA,OACA,SACiB;AACjB,QAAM,EAAE,WAAW,IAAI,MAAM;AAE7B,QAAM,QAAQ,KAAK,oBAAoB,KAAK,sBACxC,KAAK,sBACL,KAAK;AAET,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAExC,QAAM,UAAU,IAAI,QAAQ;AAAA,IAC1B,KAAK,KAAK;AAAA,IACV;AAAA,IACA,gBAAgB,OAAO,KAAK,cAAc;AAAA,IAC1C,kBAAkB,OAAO,KAAK,gBAAgB;AAAA,IAC9C,kBAAkB,KAAK;AAAA,IACvB,iBAAiB;AAAA,IACjB,WAAW;AAAA,IACX,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC;AAAA,EAC3B,CAAC,EACE,mBAAmB,EAAE,KAAK,SAAS,KAAK,KAAK,KAAK,MAAM,CAAC,EACzD,UAAU,OAAO,EACjB,YAAY,QAAQ,EACpB,YAAY,GAAG,EACf,kBAAkB,IAAI;AAEzB,SAAO,QAAQ,KAAK,UAAU;AAChC;AAEO,SAAS,YAAY,EAAE,KAAK,OAAO,SAAS,SAAS,GAAuB;AACjF,QAAM,KAAK,cAAc,KAAK;AAI9B,MAAI,IAAI,qCAAqC,CAAC,MAAM;AAClD,WAAO,EAAE,KAAK;AAAA,MACZ,QAAQ;AAAA,MACR,wBAAwB,GAAG,OAAO;AAAA,MAClC,gBAAgB,GAAG,OAAO;AAAA,MAC1B,qBAAqB,GAAG,OAAO;AAAA,MAC/B,UAAU,GAAG,OAAO;AAAA,MACpB,0BAA0B,CAAC,MAAM;AAAA,MACjC,0BAA0B,CAAC,SAAS,YAAY,WAAW;AAAA,MAC3D,yBAAyB,CAAC,UAAU;AAAA,MACpC,uCAAuC,CAAC,OAAO;AAAA,MAC/C,kBAAkB,CAAC,UAAU,SAAS,MAAM;AAAA,MAC5C,uCAAuC,CAAC,oBAAoB;AAAA,MAC5D,kBAAkB;AAAA,QAChB;AAAA,QAAO;AAAA,QAAS;AAAA,QAAkB;AAAA,QAAO;AAAA,QACzC;AAAA,QAAoB;AAAA,QAAO;AAAA,QAAS;AAAA,QACpC;AAAA,QAAoB;AAAA,QAAO;AAAA,MAC7B;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AAID,MAAI,IAAI,cAAc,OAAO,MAAM;AACjC,UAAM,EAAE,UAAU,IAAI,MAAM;AAC5B,UAAM,MAAM,MAAM,UAAU,SAAS;AACrC,WAAO,EAAE,KAAK;AAAA,MACZ,MAAM,CAAC;AAAA,QACL,GAAG;AAAA,QACH,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,MACP,CAAC;AAAA,IACH,CAAC;AAAA,EACH,CAAC;AAID,MAAI,IAAI,mBAAmB,CAAC,MAAM;AAChC,UAAM,YAAY,EAAE,IAAI,MAAM,WAAW,KAAK;AAC9C,UAAM,eAAe,EAAE,IAAI,MAAM,cAAc,KAAK;AACpD,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,gBAAgB,EAAE,IAAI,MAAM,eAAe,KAAK;AAEtD,UAAM,oBAAoB,GAAG,aAAa,IAAI,EAAE,SAAS;AACzD,QAAI,aAAa;AACjB,QAAI,mBAAmB;AACrB,YAAM,SAAS,GAAG,aAAa,UAAU,aAAa,SAAS;AAC/D,UAAI,CAAC,QAAQ;AACX,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,kBAAkB,SAAS,wBAAwB,aAAa;AAAA,UACzG;AAAA,QACF;AAAA,MACF;AACA,UAAI,gBAAgB,CAAC,mBAAmB,cAAc,OAAO,aAAa,GAAG;AAC3E,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,4DAA4D,aAAa;AAAA,UAClH;AAAA,QACF;AAAA,MACF;AACA,mBAAa,OAAO;AAAA,IACtB;AAEA,UAAM,eAAe,aACjB,sBAAsB,WAAW,UAAU,CAAC,kCAC5C;AAEJ,UAAM,QAAQ,GAAG,MAAM,IAAI;AAC3B,UAAM,cAAc,MACjB,IAAI,CAAC,SAAS;AACb,aAAO,iBAAiB;AAAA,QACtB,SAAS,KAAK,MAAM,CAAC,KAAK,KAAK,YAAY;AAAA,QAC3C,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK;AAAA,QACX,OAAO,KAAK;AAAA,QACZ,YAAY;AAAA,QACZ,cAAc;AAAA,UACZ,OAAO,KAAK;AAAA,UACZ;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH,CAAC,EACA,KAAK,IAAI;AAEZ,UAAM,OAAO,MAAM,WAAW,IAC1B,yDACA;AAEJ,WAAO,EAAE,KAAK,eAAe,sBAAsB,cAAc,MAAM,aAAa,CAAC;AAAA,EACvF,CAAC;AAID,MAAI,KAAK,4BAA4B,OAAO,MAAM;AAChD,UAAM,OAAO,MAAM,EAAE,IAAI,UAAU;AACnC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,eAAe,QAAQ,KAAK,YAAY;AAC9C,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,YAAY,QAAQ,KAAK,SAAS;AACxC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,gBAAgB,QAAQ,KAAK,aAAa,KAAK;AAErD,UAAM,OAAOC,aAAY,EAAE,EAAE,SAAS,KAAK;AAE3C,oBAAgB,KAAK,EAAE,IAAI,MAAM;AAAA,MAC/B;AAAA,MACA;AAAA,MACA,aAAa;AAAA,MACb,UAAU;AAAA,MACV,OAAO,SAAS;AAAA,MAChB,cAAc;AAAA,MACd,YAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AAED,UAAM,eAAe,yBAAyB,KAAK,MAAM,GAAG,CAAC,CAAC,aAAa,KAAK,EAAE;AAGlF,UAAM,UAAU,oBAAoB,KAAK;AACzC,UAAM,UAAU,GAAG,KAAK,IAAI,SAAS;AACrC,UAAM,cAAc,CAAC,QAAQ,IAAI,OAAO;AACxC,QAAI,aAAa;AACf,cAAQ,IAAI,OAAO;AAAA,IACrB;AAGA,QAAI;AACJ,QAAI,aAAa;AACf,YAAM,OAAO,GAAG,MAAM,UAAU,SAAS,KAA2B;AACpE,UAAI,MAAM;AACR,mBAAW,KAAK,UAAU;AAAA,UACxB,MAAM,EAAE,WAAW,KAAK,YAAY,UAAU,KAAK,YAAY;AAAA,UAC/D,OAAO,KAAK;AAAA,QACd,CAAC;AAAA,MACH;AAAA,IACF;AAEA,QAAI,kBAAkB,aAAa;AAEjC,YAAM,OAAO;AAAA;AAAA;AAAA;AAAA,8BAIW,WAAW,YAAY,CAAC;AAAA,0CACZ,WAAW,IAAI,CAAC;AAAA,2CACf,WAAW,KAAK,CAAC,OAAO,WAAW;AAAA,0CAA6C,WAAW,QAAQ,CAAC,SAAS,EAAE;AAAA;AAAA;AAAA;AAIpJ,aAAO,EAAE,KAAK,IAAI;AAAA,IACpB;AAGA,UAAM,MAAM,IAAI,IAAI,YAAY;AAChC,QAAI,aAAa,IAAI,QAAQ,IAAI;AACjC,QAAI,MAAO,KAAI,aAAa,IAAI,SAAS,KAAK;AAC9C,QAAI,SAAU,KAAI,aAAa,IAAI,QAAQ,QAAQ;AAEnD,WAAO,EAAE,SAAS,IAAI,SAAS,GAAG,GAAG;AAAA,EACvC,CAAC;AAID,MAAI,KAAK,eAAe,OAAO,MAAM;AACnC,UAAM,UAAU,MAAM,EAAE,IAAI,KAAK;AACjC,UAAM,OAAO,OAAO,YAAY,IAAI,gBAAgB,OAAO,CAAC;AAE5D,UAAM,aAAa,KAAK,cAAc;AACtC,UAAM,OAAO,KAAK,QAAQ;AAC1B,UAAM,YAAY,KAAK,aAAa;AACpC,UAAM,gBAAgB,KAAK,iBAAiB;AAE5C,QAAI,eAAe,sBAAsB;AACvC,YAAM,aAAa,gBAAgB,KAAK;AACxC,YAAM,UAAU,WAAW,IAAI,IAAI;AACnC,UAAI,CAAC,SAAS;AACZ,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,oCAAoC,GAAG,GAAG;AAAA,MACvG;AACA,UAAI,qBAAqB,OAAO,GAAG;AACjC,mBAAW,OAAO,IAAI;AACtB,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,oCAAoC,GAAG,GAAG;AAAA,MACvG;AAGA,iBAAW,OAAO,IAAI;AAEtB,YAAM,OAAO,GAAG,MAAM,UAAU,SAAS,QAAQ,KAA2B;AAC5E,UAAI,CAAC,MAAM;AACT,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,kBAAkB,GAAG,GAAG;AAAA,MACrF;AAEA,YAAM,cAAc,WAAWA,aAAY,EAAE,EAAE,SAAS,WAAW;AACnE,YAAM,eAAe,aAAaA,aAAY,EAAE,EAAE,SAAS,WAAW;AACtE,YAAM,SAAS,QAAQ,QAAQ,QAAQ,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC;AAE7E,UAAI,UAAU;AACZ,iBAAS,IAAI,aAAa,EAAE,OAAO,KAAK,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC;AAAA,MACtE;AAGA,uBAAiB,KAAK,EAAE,IAAI,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,MACjB,CAAC;AAED,YAAM,UAAU,MAAM,cAAc,MAAM,QAAQ,UAAU,QAAQ,OAAO,OAAO;AAElF,YAAM,eAAe,kCAAkC,KAAK,KAAK,EAAE;AAEnE,aAAO,EAAE,KAAK;AAAA,QACZ,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,eAAe;AAAA,QACf,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,QAAI,eAAe,iBAAiB;AAClC,YAAM,aAAa,iBAAiB,KAAK;AACzC,YAAM,SAAS,WAAW,IAAI,aAAa;AAC3C,UAAI,CAAC,QAAQ;AACX,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,gCAAgC,GAAG,GAAG;AAAA,MACnG;AAEA,YAAM,OAAO,GAAG,MAAM,UAAU,SAAS,OAAO,KAA2B;AAC3E,UAAI,CAAC,MAAM;AACT,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,kBAAkB,GAAG,GAAG;AAAA,MACrF;AAEA,YAAM,cAAc,WAAWA,aAAY,EAAE,EAAE,SAAS,WAAW;AACnE,YAAM,SAAS,OAAO,QAAQ,OAAO,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC;AAE3E,UAAI,UAAU;AACZ,iBAAS,IAAI,aAAa,EAAE,OAAO,KAAK,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC;AAAA,MACtE;AAEA,YAAM,UAAU,MAAM,cAAc,MAAM,OAAO,YAAY,WAAW,OAAO,OAAO,OAAO;AAE7F,YAAM,eAAe,wCAAwC,KAAK,KAAK,EAAE;AAGzE,aAAO,EAAE,KAAK;AAAA,QACZ,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,WAAO,EAAE,KAAK,EAAE,OAAO,0BAA0B,mBAAmB,2DAA2D,GAAG,GAAG;AAAA,EACvI,CAAC;AAID,MAAI,KAAK,gBAAgB,OAAO,MAAM;AACpC,UAAM,UAAU,MAAM,EAAE,IAAI,KAAK;AACjC,UAAM,SAAS,IAAI,gBAAgB,OAAO;AAC1C,UAAM,QAAQ,OAAO,IAAI,OAAO,KAAK;AAErC,QAAI,SAAS,UAAU;AACrB,eAAS,OAAO,KAAK;AAAA,IACvB;AAGA,QAAI,OAAO;AACT,uBAAiB,KAAK,EAAE,OAAO,KAAK;AAAA,IACtC;AAEA,WAAO,EAAE,KAAK,MAAM,GAAG;AAAA,EACzB,CAAC;AACH;;;AW7WA,SAAS,aAAa,OAAc,UAAwB;AAC1D,QAAM,KAAK,cAAc,KAAK;AAE9B,KAAG,MAAM,OAAO;AAAA,IACd,KAAK,iBAAiB;AAAA,IACtB,OAAO;AAAA,IACP,MAAM;AAAA,IACN,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,kBAAkB;AAAA,IAClB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,EACpB,CAAC;AACH;AAEO,SAAS,eAAe,OAAc,UAAkB,QAA+B;AAC5F,QAAM,KAAK,cAAc,KAAK;AAE9B,MAAI,OAAO,OAAO;AAChB,eAAW,KAAK,OAAO,OAAO;AAC5B,YAAM,WAAW,GAAG,MAAM,UAAU,SAAS,EAAE,KAAK;AACpD,UAAI,SAAU;AAEd,YAAM,aAAa,EAAE,QAAQ,IAAI,MAAM,KAAK;AAC5C,YAAM,YAAY,EAAE,oBAAoB;AAExC,SAAG,MAAM,OAAO;AAAA,QACd,KAAK,iBAAiB;AAAA,QACtB,OAAO,EAAE;AAAA,QACT,MAAM,EAAE,QAAQ,EAAE,MAAM,MAAM,GAAG,EAAE,CAAC;AAAA,QACpC,YAAY,EAAE,cAAc,UAAU,CAAC,KAAK;AAAA,QAC5C,aAAa,EAAE,eAAe,UAAU,MAAM,CAAC,EAAE,KAAK,GAAG,KAAK;AAAA,QAC9D,gBAAgB;AAAA,QAChB,kBAAkB;AAAA,QAClB,qBAAqB,YAAY,0BAA0B,IAAI;AAAA,QAC/D,kBAAkB;AAAA,MACpB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,OAAO,eAAe;AACxB,eAAW,UAAU,OAAO,eAAe;AACzC,YAAM,WAAW,GAAG,aAAa,UAAU,aAAa,OAAO,SAAS;AACxE,UAAI,SAAU;AACd,SAAG,aAAa,OAAO;AAAA,QACrB,WAAW,OAAO;AAAA,QAClB,SAAS,OAAO;AAAA,QAChB,QAAQ,OAAO,UAAU;AAAA,QACzB,MAAM,OAAO;AAAA,QACb,eAAe,OAAO;AAAA,MACxB,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAEO,IAAM,cAA6B;AAAA,EACxC,MAAM;AAAA,EACN,SAAS,KAAmB,OAAc,UAA6B,SAAiB,UAA2B;AACjH,UAAM,MAAoB,EAAE,KAAK,OAAO,UAAU,SAAS,SAAS;AACpE,gBAAY,GAAG;AAAA,EACjB;AAAA,EACA,KAAK,OAAc,SAAuB;AACxC,iBAAa,OAAO,OAAO;AAAA,EAC7B;AACF;AAEA,IAAO,gBAAQ;","names":["randomBytes","randomBytes"]}
1
+ {"version":3,"sources":["../src/store.ts","../src/helpers.ts","../src/routes/oauth.ts","../../core/src/store.ts","../../core/src/server.ts","../../core/src/webhooks.ts","../../core/src/middleware/error-handler.ts","../../core/src/middleware/auth.ts","../../core/src/debug.ts","../../core/src/fonts.ts","../../core/src/middleware/pagination.ts","../../core/src/ui.ts","../../core/src/oauth-helpers.ts","../../core/src/persistence.ts","../src/index.ts"],"sourcesContent":["import { Store, type Collection } from \"@emulators/core\";\nimport type { AppleUser, AppleOAuthClient } from \"./entities.js\";\n\nexport interface AppleStore {\n users: Collection<AppleUser>;\n oauthClients: Collection<AppleOAuthClient>;\n}\n\nexport function getAppleStore(store: Store): AppleStore {\n return {\n users: store.collection<AppleUser>(\"apple.users\", [\"uid\", \"email\"]),\n oauthClients: store.collection<AppleOAuthClient>(\"apple.oauth_clients\", [\"client_id\"]),\n };\n}\n","import { randomBytes } from \"crypto\";\n\n/**\n * Generate a pairwise subject ID in Apple's format: \"XXXXXX.hex32.XXXX\"\n */\nexport function generateAppleUid(): string {\n const prefix = randomBytes(3).toString(\"hex\").toUpperCase();\n const middle = randomBytes(16).toString(\"hex\");\n const suffix = randomBytes(2).toString(\"hex\").toUpperCase();\n return `${prefix}.${middle}.${suffix}`;\n}\n\n/**\n * Generate a private relay email address.\n */\nexport function generatePrivateRelayEmail(): string {\n const id = randomBytes(12).toString(\"hex\");\n return `${id}@privaterelay.appleid.com`;\n}\n","import { randomBytes } from \"crypto\";\nimport { SignJWT, exportJWK, generateKeyPair } from \"jose\";\nimport type { RouteContext } from \"@emulators/core\";\nimport {\n escapeHtml,\n escapeAttr,\n renderCardPage,\n renderErrorPage,\n renderUserButton,\n matchesRedirectUri,\n bodyStr,\n debug,\n} from \"@emulators/core\";\nimport { getAppleStore } from \"../store.js\";\nimport type { AppleUser } from \"../entities.js\";\nimport type { Store } from \"@emulators/core\";\n\n// RSA key pair generated at module load for signing id_tokens\nconst keyPairPromise = generateKeyPair(\"RS256\");\nconst KID = \"emulate-apple-1\";\n\ntype PendingCode = {\n email: string;\n scope: string;\n redirectUri: string;\n clientId: string;\n nonce: string | null;\n responseMode: string;\n created_at: number;\n};\n\ntype StoredRefreshToken = {\n email: string;\n clientId: string;\n scope: string;\n nonce: string | null;\n};\n\nconst PENDING_CODE_TTL_MS = 5 * 60 * 1000;\n\nfunction getPendingCodes(store: Store): Map<string, PendingCode> {\n let map = store.getData<Map<string, PendingCode>>(\"apple.oauth.pendingCodes\");\n if (!map) {\n map = new Map();\n store.setData(\"apple.oauth.pendingCodes\", map);\n }\n return map;\n}\n\nfunction getRefreshTokens(store: Store): Map<string, StoredRefreshToken> {\n let map = store.getData<Map<string, StoredRefreshToken>>(\"apple.oauth.refreshTokens\");\n if (!map) {\n map = new Map();\n store.setData(\"apple.oauth.refreshTokens\", map);\n }\n return map;\n}\n\nfunction getFirstAuthTracker(store: Store): Set<string> {\n let set = store.getData<Set<string>>(\"apple.oauth.firstAuthTracker\");\n if (!set) {\n set = new Set();\n store.setData(\"apple.oauth.firstAuthTracker\", set);\n }\n return set;\n}\n\nfunction isPendingCodeExpired(p: PendingCode): boolean {\n return Date.now() - p.created_at > PENDING_CODE_TTL_MS;\n}\n\nconst SERVICE_LABEL = \"Apple\";\n\nasync function createIdToken(\n user: AppleUser,\n clientId: string,\n nonce: string | null,\n baseUrl: string,\n): Promise<string> {\n const { privateKey } = await keyPairPromise;\n\n const email = user.is_private_email && user.private_relay_email\n ? user.private_relay_email\n : user.email;\n\n const now = Math.floor(Date.now() / 1000);\n\n const builder = new SignJWT({\n sub: user.uid,\n email,\n email_verified: String(user.email_verified),\n is_private_email: String(user.is_private_email),\n real_user_status: user.real_user_status,\n nonce_supported: true,\n auth_time: now,\n ...(nonce ? { nonce } : {}),\n })\n .setProtectedHeader({ alg: \"RS256\", kid: KID, typ: \"JWT\" })\n .setIssuer(baseUrl)\n .setAudience(clientId)\n .setIssuedAt(now)\n .setExpirationTime(\"1h\");\n\n return builder.sign(privateKey);\n}\n\nexport function oauthRoutes({ app, store, baseUrl, tokenMap }: RouteContext): void {\n const as = getAppleStore(store);\n\n // ---------- OIDC Discovery ----------\n\n app.get(\"/.well-known/openid-configuration\", (c) => {\n return c.json({\n issuer: baseUrl,\n authorization_endpoint: `${baseUrl}/auth/authorize`,\n token_endpoint: `${baseUrl}/auth/token`,\n revocation_endpoint: `${baseUrl}/auth/revoke`,\n jwks_uri: `${baseUrl}/auth/keys`,\n response_types_supported: [\"code\"],\n response_modes_supported: [\"query\", \"fragment\", \"form_post\"],\n subject_types_supported: [\"pairwise\"],\n id_token_signing_alg_values_supported: [\"RS256\"],\n scopes_supported: [\"openid\", \"email\", \"name\"],\n token_endpoint_auth_methods_supported: [\"client_secret_post\"],\n claims_supported: [\n \"aud\", \"email\", \"email_verified\", \"exp\", \"iat\",\n \"is_private_email\", \"iss\", \"nonce\", \"nonce_supported\",\n \"real_user_status\", \"sub\", \"transfer_sub\",\n ],\n });\n });\n\n // ---------- JWKS ----------\n\n app.get(\"/auth/keys\", async (c) => {\n const { publicKey } = await keyPairPromise;\n const jwk = await exportJWK(publicKey);\n return c.json({\n keys: [{\n ...jwk,\n kid: KID,\n use: \"sig\",\n alg: \"RS256\",\n }],\n });\n });\n\n // ---------- Authorization page ----------\n\n app.get(\"/auth/authorize\", (c) => {\n const client_id = c.req.query(\"client_id\") ?? \"\";\n const redirect_uri = c.req.query(\"redirect_uri\") ?? \"\";\n const scope = c.req.query(\"scope\") ?? \"\";\n const state = c.req.query(\"state\") ?? \"\";\n const nonce = c.req.query(\"nonce\") ?? \"\";\n const response_mode = c.req.query(\"response_mode\") ?? \"query\";\n\n const clientsConfigured = as.oauthClients.all().length > 0;\n let clientName = \"\";\n if (clientsConfigured) {\n const client = as.oauthClients.findOneBy(\"client_id\", client_id);\n if (!client) {\n return c.html(\n renderErrorPage(\"Application not found\", `The client_id '${client_id}' is not registered.`, SERVICE_LABEL),\n 400,\n );\n }\n if (redirect_uri && !matchesRedirectUri(redirect_uri, client.redirect_uris)) {\n return c.html(\n renderErrorPage(\"Redirect URI mismatch\", \"The redirect_uri is not registered for this application.\", SERVICE_LABEL),\n 400,\n );\n }\n clientName = client.name;\n }\n\n const subtitleText = clientName\n ? `Sign in to <strong>${escapeHtml(clientName)}</strong> with your Apple ID.`\n : \"Choose a seeded user to continue.\";\n\n const users = as.users.all();\n const userButtons = users\n .map((user) => {\n return renderUserButton({\n letter: (user.email[0] ?? \"?\").toUpperCase(),\n login: user.email,\n name: user.name,\n email: user.email,\n formAction: \"/auth/authorize/callback\",\n hiddenFields: {\n email: user.email,\n redirect_uri,\n scope,\n state,\n nonce,\n client_id,\n response_mode,\n },\n });\n })\n .join(\"\\n\");\n\n const body = users.length === 0\n ? '<p class=\"empty\">No users in the emulator store.</p>'\n : userButtons;\n\n return c.html(renderCardPage(\"Sign in with Apple\", subtitleText, body, SERVICE_LABEL));\n });\n\n // ---------- Authorization callback ----------\n\n app.post(\"/auth/authorize/callback\", async (c) => {\n const body = await c.req.parseBody();\n const email = bodyStr(body.email);\n const redirect_uri = bodyStr(body.redirect_uri);\n const scope = bodyStr(body.scope);\n const state = bodyStr(body.state);\n const client_id = bodyStr(body.client_id);\n const nonce = bodyStr(body.nonce);\n const response_mode = bodyStr(body.response_mode) || \"query\";\n\n const code = randomBytes(20).toString(\"hex\");\n\n getPendingCodes(store).set(code, {\n email,\n scope,\n redirectUri: redirect_uri,\n clientId: client_id,\n nonce: nonce || null,\n responseMode: response_mode,\n created_at: Date.now(),\n });\n\n debug(\"apple.oauth\", `[Apple callback] code=${code.slice(0, 8)}... email=${email}`);\n\n // Track first authorization per user+client pair\n const tracker = getFirstAuthTracker(store);\n const pairKey = `${email}:${client_id}`;\n const isFirstAuth = !tracker.has(pairKey);\n if (isFirstAuth) {\n tracker.add(pairKey);\n }\n\n // Build user JSON blob (only on first auth)\n let userJson: string | undefined;\n if (isFirstAuth) {\n const user = as.users.findOneBy(\"email\", email as AppleUser[\"email\"]);\n if (user) {\n userJson = JSON.stringify({\n name: { firstName: user.given_name, lastName: user.family_name },\n email: user.email,\n });\n }\n }\n\n if (response_mode === \"form_post\") {\n // Return auto-submit form that POSTs to redirect_uri\n const html = `<!DOCTYPE html>\n<html>\n<head><title>Submit</title></head>\n<body onload=\"document.forms[0].submit()\">\n<form method=\"POST\" action=\"${escapeAttr(redirect_uri)}\">\n<input type=\"hidden\" name=\"code\" value=\"${escapeAttr(code)}\" />\n<input type=\"hidden\" name=\"state\" value=\"${escapeAttr(state)}\" />${userJson ? `\\n<input type=\"hidden\" name=\"user\" value=\"${escapeAttr(userJson)}\" />` : \"\"}\n</form>\n</body>\n</html>`;\n return c.html(html);\n }\n\n // Default: query mode redirect\n const url = new URL(redirect_uri);\n url.searchParams.set(\"code\", code);\n if (state) url.searchParams.set(\"state\", state);\n if (userJson) url.searchParams.set(\"user\", userJson);\n\n return c.redirect(url.toString(), 302);\n });\n\n // ---------- Token exchange ----------\n\n app.post(\"/auth/token\", async (c) => {\n const rawText = await c.req.text();\n const body = Object.fromEntries(new URLSearchParams(rawText));\n\n const grant_type = body.grant_type ?? \"\";\n const code = body.code ?? \"\";\n const client_id = body.client_id ?? \"\";\n const refresh_token = body.refresh_token ?? \"\";\n\n if (grant_type === \"authorization_code\") {\n const pendingMap = getPendingCodes(store);\n const pending = pendingMap.get(code);\n if (!pending) {\n return c.json({ error: \"invalid_grant\", error_description: \"The code is incorrect or expired.\" }, 400);\n }\n if (isPendingCodeExpired(pending)) {\n pendingMap.delete(code);\n return c.json({ error: \"invalid_grant\", error_description: \"The code is incorrect or expired.\" }, 400);\n }\n\n // Single-use: delete immediately\n pendingMap.delete(code);\n\n const user = as.users.findOneBy(\"email\", pending.email as AppleUser[\"email\"]);\n if (!user) {\n return c.json({ error: \"invalid_grant\", error_description: \"User not found.\" }, 400);\n }\n\n const accessToken = \"apple_\" + randomBytes(20).toString(\"base64url\");\n const refreshToken = \"r_apple_\" + randomBytes(20).toString(\"base64url\");\n const scopes = pending.scope ? pending.scope.split(/\\s+/).filter(Boolean) : [];\n\n if (tokenMap) {\n tokenMap.set(accessToken, { login: user.email, id: user.id, scopes });\n }\n\n // Store refresh token\n getRefreshTokens(store).set(refreshToken, {\n email: user.email,\n clientId: pending.clientId,\n scope: pending.scope,\n nonce: pending.nonce,\n });\n\n const idToken = await createIdToken(user, pending.clientId, pending.nonce, baseUrl);\n\n debug(\"apple.oauth\", `[Apple token] issued token for ${user.email}`);\n\n return c.json({\n access_token: accessToken,\n token_type: \"Bearer\",\n expires_in: 3600,\n refresh_token: refreshToken,\n id_token: idToken,\n });\n }\n\n if (grant_type === \"refresh_token\") {\n const refreshMap = getRefreshTokens(store);\n const stored = refreshMap.get(refresh_token);\n if (!stored) {\n return c.json({ error: \"invalid_grant\", error_description: \"The refresh_token is invalid.\" }, 400);\n }\n\n const user = as.users.findOneBy(\"email\", stored.email as AppleUser[\"email\"]);\n if (!user) {\n return c.json({ error: \"invalid_grant\", error_description: \"User not found.\" }, 400);\n }\n\n const accessToken = \"apple_\" + randomBytes(20).toString(\"base64url\");\n const scopes = stored.scope ? stored.scope.split(/\\s+/).filter(Boolean) : [];\n\n if (tokenMap) {\n tokenMap.set(accessToken, { login: user.email, id: user.id, scopes });\n }\n\n const idToken = await createIdToken(user, stored.clientId || client_id, stored.nonce, baseUrl);\n\n debug(\"apple.oauth\", `[Apple refresh] issued new token for ${user.email}`);\n\n // No new refresh_token for refresh grant\n return c.json({\n access_token: accessToken,\n token_type: \"Bearer\",\n expires_in: 3600,\n id_token: idToken,\n });\n }\n\n return c.json({ error: \"unsupported_grant_type\", error_description: \"Only authorization_code and refresh_token are supported.\" }, 400);\n });\n\n // ---------- Token revocation ----------\n\n app.post(\"/auth/revoke\", async (c) => {\n const rawText = await c.req.text();\n const params = new URLSearchParams(rawText);\n const token = params.get(\"token\") ?? \"\";\n\n if (token && tokenMap) {\n tokenMap.delete(token);\n }\n\n // Also check refresh tokens\n if (token) {\n getRefreshTokens(store).delete(token);\n }\n\n return c.body(null, 200);\n });\n}\n","export interface Entity {\n id: number;\n created_at: string;\n updated_at: string;\n}\n\nexport type InsertInput<T extends Entity> = Omit<T, \"id\" | \"created_at\" | \"updated_at\"> & { id?: number };\n\nexport type FilterFn<T> = (item: T) => boolean;\nexport type SortFn<T> = (a: T, b: T) => number;\n\nexport interface QueryOptions<T> {\n filter?: FilterFn<T>;\n sort?: SortFn<T>;\n page?: number;\n per_page?: number;\n}\n\nexport interface PaginatedResult<T> {\n items: T[];\n total_count: number;\n page: number;\n per_page: number;\n has_next: boolean;\n has_prev: boolean;\n}\n\nexport interface CollectionSnapshot<T extends Entity = Entity> {\n items: T[];\n autoId: number;\n indexFields: string[];\n}\n\nexport interface StoreSnapshot {\n collections: Record<string, CollectionSnapshot>;\n data: Record<string, unknown>;\n}\n\nexport function serializeValue(value: unknown): unknown {\n if (value instanceof Map) {\n return { __type: \"Map\" as const, entries: [...value.entries()].map(([k, v]) => [k, serializeValue(v)]) };\n }\n if (value instanceof Set) {\n return { __type: \"Set\" as const, values: [...value.values()] };\n }\n return value;\n}\n\nexport function deserializeValue(value: unknown): unknown {\n if (value !== null && typeof value === \"object\" && \"__type\" in value) {\n const tagged = value as Record<string, unknown>;\n if (tagged.__type === \"Map\") {\n const entries = tagged.entries as [unknown, unknown][];\n return new Map(entries.map(([k, v]) => [k, deserializeValue(v)]));\n }\n if (tagged.__type === \"Set\") {\n return new Set(tagged.values as unknown[]);\n }\n }\n return value;\n}\n\nexport class Collection<T extends Entity> {\n private items = new Map<number, T>();\n private indexes = new Map<string, Map<string | number, Set<number>>>();\n private autoId = 1;\n readonly fieldNames: string[];\n\n constructor(private indexFields: (keyof T)[] = []) {\n this.fieldNames = indexFields.map(String).sort();\n for (const field of indexFields) {\n this.indexes.set(String(field), new Map());\n }\n }\n\n private addToIndex(item: T): void {\n for (const field of this.indexFields) {\n const value = item[field];\n if (value === undefined || value === null) continue;\n const indexMap = this.indexes.get(String(field))!;\n const key = String(value);\n if (!indexMap.has(key)) {\n indexMap.set(key, new Set());\n }\n indexMap.get(key)!.add(item.id);\n }\n }\n\n private removeFromIndex(item: T): void {\n for (const field of this.indexFields) {\n const value = item[field];\n if (value === undefined || value === null) continue;\n const indexMap = this.indexes.get(String(field))!;\n const key = String(value);\n indexMap.get(key)?.delete(item.id);\n }\n }\n\n insert(data: InsertInput<T>): T {\n const now = new Date().toISOString();\n const explicitId = data.id != null && data.id > 0 ? data.id : undefined;\n const id = explicitId ?? this.autoId++;\n if (id >= this.autoId) {\n this.autoId = id + 1;\n }\n const item = {\n ...data,\n id,\n created_at: now,\n updated_at: now,\n } as unknown as T;\n this.items.set(id, item);\n this.addToIndex(item);\n return item;\n }\n\n get(id: number): T | undefined {\n return this.items.get(id);\n }\n\n findBy(field: keyof T, value: T[keyof T] | string | number): T[] {\n if (this.indexes.has(String(field))) {\n const ids = this.indexes.get(String(field))!.get(String(value));\n if (!ids) return [];\n return Array.from(ids).map((id) => this.items.get(id)!).filter(Boolean);\n }\n return this.all().filter((item) => item[field] === value);\n }\n\n findOneBy(field: keyof T, value: T[keyof T] | string | number): T | undefined {\n return this.findBy(field, value)[0];\n }\n\n update(id: number, data: Partial<T>): T | undefined {\n const existing = this.items.get(id);\n if (!existing) return undefined;\n this.removeFromIndex(existing);\n const updated = {\n ...existing,\n ...data,\n id,\n updated_at: new Date().toISOString(),\n } as T;\n this.items.set(id, updated);\n this.addToIndex(updated);\n return updated;\n }\n\n delete(id: number): boolean {\n const existing = this.items.get(id);\n if (!existing) return false;\n this.removeFromIndex(existing);\n return this.items.delete(id);\n }\n\n all(): T[] {\n return Array.from(this.items.values());\n }\n\n query(options: QueryOptions<T> = {}): PaginatedResult<T> {\n let results = this.all();\n\n if (options.filter) {\n results = results.filter(options.filter);\n }\n\n const total_count = results.length;\n\n if (options.sort) {\n results.sort(options.sort);\n }\n\n const page = options.page ?? 1;\n const per_page = Math.min(options.per_page ?? 30, 100);\n const start = (page - 1) * per_page;\n const paged = results.slice(start, start + per_page);\n\n return {\n items: paged,\n total_count,\n page,\n per_page,\n has_next: start + per_page < total_count,\n has_prev: page > 1,\n };\n }\n\n count(filter?: FilterFn<T>): number {\n if (!filter) return this.items.size;\n return this.all().filter(filter).length;\n }\n\n clear(): void {\n this.items.clear();\n for (const indexMap of this.indexes.values()) {\n indexMap.clear();\n }\n this.autoId = 1;\n }\n\n snapshot(): CollectionSnapshot<T> {\n return {\n items: this.all(),\n autoId: this.autoId,\n indexFields: this.fieldNames,\n };\n }\n\n restore(snap: CollectionSnapshot<T>): void {\n this.clear();\n this.autoId = snap.autoId;\n for (const item of snap.items) {\n this.items.set(item.id, item);\n this.addToIndex(item);\n }\n }\n}\n\nexport class Store {\n private collections = new Map<string, Collection<any>>();\n private _data = new Map<string, unknown>();\n\n collection<T extends Entity>(name: string, indexFields: (keyof T)[] = []): Collection<T> {\n const existing = this.collections.get(name);\n if (existing) {\n if (indexFields.length > 0) {\n const requested = indexFields.map(String).sort();\n if (existing.fieldNames.length !== requested.length || existing.fieldNames.some((f, i) => f !== requested[i])) {\n throw new Error(\n `Collection \"${name}\" already exists with indexes [${existing.fieldNames}] but was requested with [${requested}]`\n );\n }\n }\n return existing as Collection<T>;\n }\n const col = new Collection<T>(indexFields);\n this.collections.set(name, col);\n return col;\n }\n\n getData<V>(key: string): V | undefined {\n return this._data.get(key) as V | undefined;\n }\n\n setData<V>(key: string, value: V): void {\n this._data.set(key, value);\n }\n\n reset(): void {\n for (const collection of this.collections.values()) {\n collection.clear();\n }\n this._data.clear();\n }\n\n snapshot(): StoreSnapshot {\n const collections: Record<string, CollectionSnapshot> = {};\n for (const [name, col] of this.collections) {\n collections[name] = col.snapshot();\n }\n const data: Record<string, unknown> = {};\n for (const [key, value] of this._data) {\n data[key] = serializeValue(value);\n }\n return { collections, data };\n }\n\n restore(snap: StoreSnapshot): void {\n const snapshotNames = new Set(Object.keys(snap.collections));\n for (const name of this.collections.keys()) {\n if (!snapshotNames.has(name)) {\n this.collections.delete(name);\n }\n }\n for (const [name, colSnap] of Object.entries(snap.collections)) {\n const indexFields = colSnap.indexFields as (keyof Entity)[];\n const col = this.collection(name, indexFields);\n col.restore(colSnap as CollectionSnapshot<any>);\n }\n this._data.clear();\n for (const [key, value] of Object.entries(snap.data)) {\n this._data.set(key, deserializeValue(value));\n }\n }\n}\n","import { Hono } from \"hono\";\nimport { cors } from \"hono/cors\";\nimport { Store } from \"./store.js\";\nimport { WebhookDispatcher } from \"./webhooks.js\";\nimport { createApiErrorHandler, createErrorHandler } from \"./middleware/error-handler.js\";\nimport { authMiddleware, type AuthFallback, type TokenMap, type AppKeyResolver, type AppEnv } from \"./middleware/auth.js\";\nimport type { ServicePlugin } from \"./plugin.js\";\nimport { registerFontRoutes } from \"./fonts.js\";\n\nexport interface ServerOptions {\n port?: number;\n baseUrl?: string;\n docsUrl?: string;\n tokens?: Record<string, { login: string; id: number; scopes?: string[] }>;\n appKeyResolver?: AppKeyResolver;\n fallbackUser?: AuthFallback;\n}\n\nexport function createServer(plugin: ServicePlugin, options: ServerOptions = {}) {\n const port = options.port ?? 4000;\n const baseUrl = options.baseUrl ?? `http://localhost:${port}`;\n\n const app = new Hono<AppEnv>();\n const store = new Store();\n const webhooks = new WebhookDispatcher();\n\n const tokenMap: TokenMap = new Map();\n if (options.tokens) {\n for (const [token, user] of Object.entries(options.tokens)) {\n tokenMap.set(token, {\n login: user.login,\n id: user.id,\n scopes: user.scopes ?? [\"repo\", \"user\", \"admin:org\", \"admin:repo_hook\"],\n });\n }\n }\n\n const docsUrl = options.docsUrl ?? `https://emulate.dev/${plugin.name}`;\n\n registerFontRoutes(app);\n\n app.onError(createApiErrorHandler(docsUrl));\n app.use(\"*\", cors());\n app.use(\"*\", createErrorHandler(docsUrl));\n app.use(\"*\", authMiddleware(tokenMap, options.appKeyResolver, options.fallbackUser));\n\n const rateLimitCounters = new Map<string, { remaining: number; resetAt: number }>();\n let lastPruneAt = Math.floor(Date.now() / 1000);\n\n app.use(\"*\", async (c, next) => {\n const token = c.get(\"authToken\") ?? \"__anonymous__\";\n const now = Math.floor(Date.now() / 1000);\n\n if (now - lastPruneAt > 3600) {\n for (const [key, val] of rateLimitCounters) {\n if (val.resetAt <= now) rateLimitCounters.delete(key);\n }\n lastPruneAt = now;\n }\n\n let counter = rateLimitCounters.get(token);\n if (!counter || counter.resetAt <= now) {\n counter = { remaining: 5000, resetAt: now + 3600 };\n rateLimitCounters.set(token, counter);\n }\n\n counter.remaining = Math.max(0, counter.remaining - 1);\n\n c.header(\"X-RateLimit-Limit\", \"5000\");\n c.header(\"X-RateLimit-Remaining\", String(counter.remaining));\n c.header(\"X-RateLimit-Reset\", String(counter.resetAt));\n c.header(\"X-RateLimit-Resource\", \"core\");\n\n if (counter.remaining === 0) {\n return c.json(\n {\n message: \"API rate limit exceeded\",\n documentation_url: docsUrl,\n },\n 403\n );\n }\n\n await next();\n });\n\n plugin.register(app, store, webhooks, baseUrl, tokenMap);\n\n app.notFound((c) =>\n c.json(\n {\n message: \"Not Found\",\n documentation_url: docsUrl,\n },\n 404\n )\n );\n\n return { app, store, webhooks, port, baseUrl, tokenMap };\n}\n","import { createHmac } from \"crypto\";\n\nexport interface WebhookSubscription {\n id: number;\n url: string;\n events: string[];\n active: boolean;\n secret?: string;\n owner: string;\n repo?: string;\n}\n\nexport interface WebhookDelivery {\n id: number;\n hook_id: number;\n event: string;\n action?: string;\n payload: unknown;\n status_code: number | null;\n delivered_at: string;\n duration: number | null;\n success: boolean;\n}\n\nconst MAX_DELIVERIES = 1000;\n\nexport class WebhookDispatcher {\n private subscriptions: WebhookSubscription[] = [];\n private deliveries: WebhookDelivery[] = [];\n private subscriptionIdCounter = 1;\n private deliveryIdCounter = 1;\n\n register(sub: Omit<WebhookSubscription, \"id\"> & { id?: number }): WebhookSubscription {\n const { id: explicitId, ...rest } = sub;\n const id = explicitId !== undefined ? explicitId : this.subscriptionIdCounter++;\n if (id >= this.subscriptionIdCounter) {\n this.subscriptionIdCounter = id + 1;\n }\n const subscription: WebhookSubscription = { ...rest, id };\n this.subscriptions.push(subscription);\n return subscription;\n }\n\n unregister(id: number): boolean {\n const idx = this.subscriptions.findIndex((s) => s.id === id);\n if (idx === -1) return false;\n this.subscriptions.splice(idx, 1);\n return true;\n }\n\n getSubscription(id: number): WebhookSubscription | undefined {\n return this.subscriptions.find((s) => s.id === id);\n }\n\n getSubscriptions(owner?: string, repo?: string): WebhookSubscription[] {\n return this.subscriptions.filter((s) => {\n if (owner && s.owner !== owner) return false;\n if (repo !== undefined && s.repo !== repo) return false;\n return true;\n });\n }\n\n updateSubscription(\n id: number,\n data: Partial<Pick<WebhookSubscription, \"url\" | \"events\" | \"active\" | \"secret\">>\n ): WebhookSubscription | undefined {\n const sub = this.subscriptions.find((s) => s.id === id);\n if (!sub) return undefined;\n Object.assign(sub, data);\n return sub;\n }\n\n async dispatch(event: string, action: string | undefined, payload: unknown, owner: string, repo?: string): Promise<void> {\n const matchingSubs = this.subscriptions.filter((s) => {\n if (!s.active) return false;\n if (s.owner !== owner) return false;\n if (repo !== undefined) {\n if (s.repo !== repo) return false;\n } else if (s.repo !== undefined) {\n return false;\n }\n return (\n event === \"ping\" ||\n s.events.includes(\"*\") ||\n s.events.includes(event)\n );\n });\n\n for (const sub of matchingSubs) {\n const delivery: WebhookDelivery = {\n id: this.deliveryIdCounter++,\n hook_id: sub.id,\n event,\n action,\n payload,\n status_code: null,\n delivered_at: new Date().toISOString(),\n duration: null,\n success: false,\n };\n\n const body = JSON.stringify(payload);\n\n const signatureHeaders: Record<string, string> = {};\n if (sub.secret) {\n const hmac = createHmac(\"sha256\", sub.secret).update(body).digest(\"hex\");\n signatureHeaders[\"X-Hub-Signature-256\"] = `sha256=${hmac}`;\n }\n\n try {\n const start = Date.now();\n const response = await fetch(sub.url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n \"X-GitHub-Event\": event,\n \"X-GitHub-Delivery\": String(delivery.id),\n ...signatureHeaders,\n },\n body,\n signal: AbortSignal.timeout(10000),\n });\n delivery.duration = Date.now() - start;\n delivery.status_code = response.status;\n delivery.success = response.ok;\n } catch {\n delivery.duration = 0;\n delivery.success = false;\n }\n\n this.deliveries.push(delivery);\n if (this.deliveries.length > MAX_DELIVERIES) {\n this.deliveries.splice(0, this.deliveries.length - MAX_DELIVERIES);\n }\n }\n }\n\n getDeliveries(hookId?: number): WebhookDelivery[] {\n if (hookId !== undefined) {\n return this.deliveries.filter((d) => d.hook_id === hookId);\n }\n return [...this.deliveries];\n }\n\n clear(): void {\n this.subscriptions.length = 0;\n this.deliveries.length = 0;\n this.subscriptionIdCounter = 1;\n this.deliveryIdCounter = 1;\n }\n}\n","import type { Context, ErrorHandler, MiddlewareHandler } from \"hono\";\nimport type { ContentfulStatusCode } from \"hono/utils/http-status\";\n\nconst DEFAULT_DOCS_URL = \"https://emulate.dev\";\n\nfunction getDocsUrl(c: Context): string {\n return (c.get(\"docsUrl\") as string | undefined) ?? DEFAULT_DOCS_URL;\n}\n\nfunction errorStatus(err: unknown): number {\n if (err && typeof err === \"object\" && \"status\" in err) {\n const s = (err as { status: unknown }).status;\n if (typeof s === \"number\" && Number.isFinite(s)) return s;\n }\n return 500;\n}\n\n/**\n * Use with `app.onError(...)`. Hono routes handler throws to the app error handler, not to outer middleware try/catch.\n */\nexport function createApiErrorHandler(documentationUrl?: string): ErrorHandler {\n return (err, c) => {\n if (documentationUrl) {\n c.set(\"docsUrl\", documentationUrl);\n }\n const status = errorStatus(err);\n const message = err instanceof Error ? err.message : \"Internal Server Error\";\n return c.json(\n {\n message,\n documentation_url: getDocsUrl(c),\n },\n status as ContentfulStatusCode\n );\n };\n}\n\n/** Sets `docsUrl` on the context for successful responses; register `createApiErrorHandler` for thrown `ApiError`s. */\nexport function createErrorHandler(documentationUrl?: string): MiddlewareHandler {\n return async (c, next) => {\n if (documentationUrl) {\n c.set(\"docsUrl\", documentationUrl);\n }\n await next();\n };\n}\n\nexport const errorHandler: MiddlewareHandler = createErrorHandler();\n\nexport class ApiError extends Error {\n constructor(\n public status: number,\n message: string,\n public errors?: Array<{ resource: string; field: string; code: string }>\n ) {\n super(message);\n this.name = \"ApiError\";\n }\n}\n\nexport function notFound(resource?: string): ApiError {\n return new ApiError(404, resource ? `${resource} not found` : \"Not Found\");\n}\n\nexport function validationError(message: string, errors?: ApiError[\"errors\"]): ApiError {\n return new ApiError(422, message, errors);\n}\n\nexport function unauthorized(): ApiError {\n return new ApiError(401, \"Requires authentication\");\n}\n\nexport function forbidden(): ApiError {\n return new ApiError(403, \"Forbidden\");\n}\n\nexport async function parseJsonBody(c: Context): Promise<Record<string, unknown>> {\n try {\n const body = await c.req.json();\n if (body && typeof body === \"object\" && !Array.isArray(body)) {\n return body as Record<string, unknown>;\n }\n return {};\n } catch {\n throw new ApiError(400, \"Problems parsing JSON\");\n }\n}\n","import type { Context, Next } from \"hono\";\nimport { jwtVerify, importPKCS8 } from \"jose\";\nimport { debug } from \"../debug.js\";\n\nexport interface AuthUser {\n login: string;\n id: number;\n scopes: string[];\n}\n\nexport interface AuthApp {\n appId: number;\n slug: string;\n name: string;\n}\n\nexport interface AuthInstallation {\n installationId: number;\n appId: number;\n permissions: Record<string, string>;\n repositoryIds: number[];\n repositorySelection: \"all\" | \"selected\";\n}\n\nexport type TokenMap = Map<string, AuthUser>;\n\nexport interface TokenEntry {\n token: string;\n login: string;\n id: number;\n scopes: string[];\n}\n\nexport function serializeTokenMap(tokenMap: TokenMap): TokenEntry[] {\n return [...tokenMap.entries()].map(([token, user]) => ({\n token,\n login: user.login,\n id: user.id,\n scopes: user.scopes,\n }));\n}\n\nexport function restoreTokenMap(tokenMap: TokenMap, tokens: TokenEntry[]): void {\n tokenMap.clear();\n for (const t of tokens) {\n tokenMap.set(t.token, { login: t.login, id: t.id, scopes: t.scopes });\n }\n}\n\nexport type AppEnv = {\n Variables: {\n authUser?: AuthUser;\n authApp?: AuthApp;\n authToken?: string;\n authScopes?: string[];\n docsUrl?: string;\n };\n};\n\nexport interface AppKeyResolver {\n (appId: number): { privateKey: string; slug: string; name: string } | null;\n}\n\nexport interface AuthFallback {\n login: string;\n id: number;\n scopes: string[];\n}\n\nexport function authMiddleware(tokens: TokenMap, appKeyResolver?: AppKeyResolver, fallbackUser?: AuthFallback) {\n return async (c: Context, next: Next) => {\n const authHeader = c.req.header(\"Authorization\");\n if (authHeader) {\n const token = authHeader.replace(/^(Bearer|token)\\s+/i, \"\").trim();\n\n if (token.startsWith(\"eyJ\") && appKeyResolver) {\n try {\n const [, payloadB64] = token.split(\".\");\n const payload = JSON.parse(\n Buffer.from(payloadB64, \"base64url\").toString()\n );\n const appId = typeof payload.iss === \"string\" ? parseInt(payload.iss, 10) : payload.iss;\n\n if (typeof appId === \"number\" && !isNaN(appId)) {\n const appInfo = appKeyResolver(appId);\n if (appInfo) {\n const key = await importPKCS8(appInfo.privateKey, \"RS256\");\n await jwtVerify(token, key, { algorithms: [\"RS256\"] });\n c.set(\"authApp\", {\n appId,\n slug: appInfo.slug,\n name: appInfo.name,\n } satisfies AuthApp);\n }\n }\n } catch {\n // JWT verification failed\n }\n } else {\n let user = tokens.get(token);\n if (!user && fallbackUser && token.length > 0) {\n debug(\"auth\", \"fallback user for unknown token\", { login: fallbackUser.login, id: fallbackUser.id });\n user = { login: fallbackUser.login, id: fallbackUser.id, scopes: fallbackUser.scopes };\n }\n if (user) {\n c.set(\"authUser\", user);\n c.set(\"authToken\", token);\n c.set(\"authScopes\", user.scopes);\n }\n }\n }\n await next();\n };\n}\n\nexport function requireAuth() {\n return async (c: Context, next: Next) => {\n if (!c.get(\"authUser\")) {\n const docsUrl = (c.get(\"docsUrl\") as string | undefined) ?? \"https://emulate.dev\";\n return c.json(\n {\n message: \"Requires authentication\",\n documentation_url: docsUrl,\n },\n 401\n );\n }\n await next();\n };\n}\n\nexport function requireAppAuth() {\n return async (c: Context, next: Next) => {\n if (!c.get(\"authApp\")) {\n const docsUrl = (c.get(\"docsUrl\") as string | undefined) ?? \"https://emulate.dev\";\n return c.json(\n {\n message: \"A JSON web token could not be decoded\",\n documentation_url: docsUrl,\n },\n 401\n );\n }\n await next();\n };\n}\n","const isDebug = typeof process !== \"undefined\" && (process.env.DEBUG === \"1\" || process.env.DEBUG === \"true\" || process.env.EMULATE_DEBUG === \"1\");\n\nexport function debug(label: string, ...args: unknown[]): void {\n if (isDebug) {\n console.log(`[${label}]`, ...args);\n }\n}\n","import { readFileSync } from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport { dirname, join } from \"node:path\";\nimport type { Hono } from \"hono\";\nimport type { AppEnv } from \"./middleware/auth.js\";\n\nconst __dirname = dirname(fileURLToPath(import.meta.url));\n\nconst FONTS: Record<string, Buffer> = {\n \"geist-sans.woff2\": readFileSync(join(__dirname, \"fonts\", \"geist-sans.woff2\")),\n \"GeistPixel-Square.woff2\": readFileSync(join(__dirname, \"fonts\", \"GeistPixel-Square.woff2\")),\n};\n\nexport function registerFontRoutes(app: Hono<AppEnv>): void {\n app.get(\"/_emulate/fonts/:name\", (c) => {\n const name = c.req.param(\"name\");\n const buf = FONTS[name];\n if (!buf) return c.notFound();\n return new Response(buf, {\n headers: {\n \"Content-Type\": \"font/woff2\",\n \"Cache-Control\": \"public, max-age=31536000, immutable\",\n \"Access-Control-Allow-Origin\": \"*\",\n },\n });\n });\n}\n","import type { Context } from \"hono\";\n\nexport interface PaginationParams {\n page: number;\n per_page: number;\n}\n\nexport function parsePagination(c: Context): PaginationParams {\n const page = Math.max(1, parseInt(c.req.query(\"page\") ?? \"1\", 10) || 1);\n const per_page = Math.min(100, Math.max(1, parseInt(c.req.query(\"per_page\") ?? \"30\", 10) || 30));\n return { page, per_page };\n}\n\nexport function setLinkHeader(\n c: Context,\n totalCount: number,\n page: number,\n perPage: number\n): void {\n const lastPage = Math.max(1, Math.ceil(totalCount / perPage));\n const baseUrl = new URL(c.req.url);\n const links: string[] = [];\n\n const makeLink = (p: number, rel: string) => {\n baseUrl.searchParams.set(\"page\", String(p));\n baseUrl.searchParams.set(\"per_page\", String(perPage));\n return `<${baseUrl.toString()}>; rel=\"${rel}\"`;\n };\n\n if (page < lastPage) {\n links.push(makeLink(page + 1, \"next\"));\n links.push(makeLink(lastPage, \"last\"));\n }\n if (page > 1) {\n links.push(makeLink(1, \"first\"));\n links.push(makeLink(page - 1, \"prev\"));\n }\n\n if (links.length > 0) {\n c.header(\"Link\", links.join(\", \"));\n }\n}\n","export function escapeHtml(s: string): string {\n return s\n .replace(/&/g, \"&amp;\")\n .replace(/</g, \"&lt;\")\n .replace(/>/g, \"&gt;\")\n .replace(/\"/g, \"&quot;\");\n}\n\nexport function escapeAttr(s: string): string {\n return escapeHtml(s).replace(/'/g, \"&#39;\");\n}\n\nconst CSS = `\n@font-face{\n font-family:'Geist';font-style:normal;font-weight:100 900;font-display:swap;\n src:url('/_emulate/fonts/geist-sans.woff2') format('woff2');\n}\n@font-face{\n font-family:'Geist Pixel';font-style:normal;font-weight:400;font-display:swap;\n src:url('/_emulate/fonts/GeistPixel-Square.woff2') format('woff2');\n}\n*{box-sizing:border-box;margin:0;padding:0}\nbody{\n font-family:'Geist',-apple-system,BlinkMacSystemFont,sans-serif;\n background:#000;color:#33ff00;min-height:100vh;\n -webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;\n}\n.emu-bar{\n border-bottom:1px solid #0a3300;padding:10px 20px;\n display:flex;align-items:center;gap:10px;font-size:.8125rem;color:#1a8c00;\n}\n.emu-bar-title{font-weight:600;color:#33ff00;font-family:'Geist Pixel',monospace;}\n.emu-bar-links{margin-left:auto;display:flex;gap:16px;}\n.emu-bar-links a{\n color:#1a8c00;font-size:.75rem;text-decoration:none;transition:color .15s;\n}\n.emu-bar-links a:hover{color:#33ff00;}\n.emu-bar-links a .full{display:inline;}\n.emu-bar-links a .short{display:none;}\n@media(max-width:600px){\n .emu-bar-links a .full{display:none;}\n .emu-bar-links a .short{display:inline;}\n}\n\n.content{\n display:flex;align-items:center;justify-content:center;\n min-height:calc(100vh - 42px);padding:24px 16px;\n}\n.content-inner{width:100%;max-width:420px;}\n.card-title{\n font-family:'Geist Pixel',monospace;\n font-size:1.125rem;font-weight:600;margin-bottom:4px;color:#33ff00;\n}\n.card-subtitle{color:#1a8c00;font-size:.8125rem;margin-bottom:18px;line-height:1.45;}\n.powered-by{\n position:fixed;bottom:0;left:0;right:0;\n text-align:center;padding:12px;font-size:.6875rem;color:#0a3300;\n font-family:'Geist Pixel',monospace;\n}\n.powered-by a{color:#1a8c00;text-decoration:none;transition:color .15s;}\n.powered-by a:hover{color:#33ff00;}\n\n.error-title{\n font-family:'Geist Pixel',monospace;\n color:#ff4444;font-size:1.125rem;font-weight:600;margin-bottom:8px;\n}\n.error-msg{color:#1a8c00;font-size:.875rem;line-height:1.5;}\n.error-card{text-align:center;}\n\n.user-form{margin-bottom:8px;}\n.user-form:last-of-type{margin-bottom:0;}\n.user-btn{\n width:100%;display:flex;align-items:center;gap:12px;\n padding:10px 12px;border:1px solid #0a3300;border-radius:8px;\n background:#000;color:inherit;cursor:pointer;text-align:left;\n font:inherit;transition:border-color .15s;\n}\n.user-btn:hover{border-color:#33ff00;}\n.avatar{\n width:36px;height:36px;border-radius:50%;\n background:#0a3300;color:#33ff00;font-weight:600;font-size:.875rem;\n display:flex;align-items:center;justify-content:center;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.user-text{min-width:0;}\n.user-login{font-weight:600;font-size:.875rem;display:block;color:#33ff00;}\n.user-meta{color:#1a8c00;font-size:.75rem;margin-top:1px;}\n.user-email{font-size:.6875rem;color:#116600;word-break:break-all;margin-top:1px;}\n\n.settings-layout{\n max-width:920px;margin:0 auto;padding:28px 20px;\n display:flex;gap:28px;\n}\n.settings-sidebar{width:200px;flex-shrink:0;}\n.settings-sidebar a{\n display:block;padding:6px 10px;border-radius:6px;color:#1a8c00;\n text-decoration:none;font-size:.8125rem;transition:color .15s;\n}\n.settings-sidebar a:hover{color:#33ff00;}\n.settings-sidebar a.active{color:#33ff00;font-weight:600;}\n.settings-main{flex:1;min-width:0;}\n\n.s-card{\n padding:18px 0;margin-bottom:14px;border-bottom:1px solid #0a3300;\n}\n.s-card:last-child{border-bottom:none;}\n.s-card-header{display:flex;align-items:center;gap:14px;margin-bottom:14px;}\n.s-icon{\n width:42px;height:42px;border-radius:8px;\n background:#0a3300;display:flex;align-items:center;justify-content:center;\n font-size:1.125rem;font-weight:700;color:#116600;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.s-title{\n font-family:'Geist Pixel',monospace;\n font-size:1.25rem;font-weight:600;color:#33ff00;\n}\n.s-subtitle{font-size:.75rem;color:#1a8c00;margin-top:2px;}\n.section-heading{\n font-size:.9375rem;font-weight:600;margin-bottom:10px;color:#33ff00;\n display:flex;align-items:center;justify-content:space-between;\n}\n.perm-list{list-style:none;}\n.perm-list li{padding:5px 0;font-size:.8125rem;display:flex;align-items:center;gap:6px;color:#1a8c00;}\n.check{color:#33ff00;}\n.org-row{\n display:flex;align-items:center;gap:8px;padding:7px 0;\n border-bottom:1px solid #0a3300;font-size:.8125rem;\n}\n.org-row:last-child{border-bottom:none;}\n.org-icon{\n width:22px;height:22px;border-radius:4px;background:#0a3300;\n display:flex;align-items:center;justify-content:center;\n font-size:.625rem;font-weight:700;color:#116600;flex-shrink:0;\n font-family:'Geist Pixel',monospace;\n}\n.org-name{font-weight:600;color:#33ff00;}\n.badge{font-size:.6875rem;padding:1px 7px;border-radius:999px;font-weight:500;}\n.badge-granted{background:#0a3300;color:#33ff00;}\n.badge-denied{background:#1a0a0a;color:#ff4444;}\n.badge-requested{background:#0a3300;color:#1a8c00;}\n.btn-revoke{\n display:inline-block;padding:5px 14px;border-radius:6px;\n border:1px solid #0a3300;background:transparent;color:#ff4444;\n font-size:.75rem;font-weight:600;cursor:pointer;transition:border-color .15s;\n}\n.btn-revoke:hover{border-color:#ff4444;}\n.info-text{color:#1a8c00;font-size:.75rem;line-height:1.5;margin-top:10px;}\n.app-link{\n display:flex;align-items:center;gap:12px;padding:12px;\n border:1px solid #0a3300;border-radius:8px;background:#000;\n text-decoration:none;color:inherit;margin-bottom:8px;transition:border-color .15s;\n}\n.app-link:hover{border-color:#33ff00;}\n.app-link-name{font-weight:600;font-size:.875rem;color:#33ff00;}\n.app-link-scopes{font-size:.6875rem;color:#1a8c00;margin-top:1px;}\n.empty{color:#1a8c00;text-align:center;padding:28px 0;font-size:.875rem;}\n`;\n\nconst POWERED_BY = `<div class=\"powered-by\">Powered by <a href=\"https://emulate.dev\" target=\"_blank\" rel=\"noopener\">emulate</a></div>`;\n\nfunction emuBar(service?: string): string {\n const title = service ? `${escapeHtml(service)} Emulator` : \"Emulator\";\n return `<div class=\"emu-bar\">\n <span class=\"emu-bar-title\">${title}</span>\n <nav class=\"emu-bar-links\">\n <a href=\"https://github.com/vercel-labs/emulate/issues\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Report Issue</span><span class=\"short\">Report</span></a>\n <a href=\"https://github.com/vercel-labs/emulate\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Source Code</span><span class=\"short\">Source</span></a>\n <a href=\"https://emulate.dev\" target=\"_blank\" rel=\"noopener\"><span class=\"full\">Learn More</span><span class=\"short\">Learn</span></a>\n </nav>\n</div>`;\n}\n\nfunction head(title: string): string {\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\"/>\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1\"/>\n<title>${escapeHtml(title)} | emulate</title>\n<style>${CSS}</style>\n</head>`;\n}\n\nexport function renderCardPage(\n title: string,\n subtitle: string,\n body: string,\n service?: string\n): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"content\">\n <div class=\"content-inner\">\n <div class=\"card-title\">${escapeHtml(title)}</div>\n <div class=\"card-subtitle\">${subtitle}</div>\n ${body}\n </div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport function renderErrorPage(title: string, message: string, service?: string): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"content\">\n <div class=\"content-inner error-card\">\n <div class=\"error-title\">${escapeHtml(title)}</div>\n <div class=\"error-msg\">${escapeHtml(message)}</div>\n </div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport function renderSettingsPage(\n title: string,\n sidebarHtml: string,\n bodyHtml: string,\n service?: string\n): string {\n return `${head(title)}\n<body>\n${emuBar(service)}\n<div class=\"settings-layout\">\n <nav class=\"settings-sidebar\">${sidebarHtml}</nav>\n <div class=\"settings-main\">${bodyHtml}</div>\n</div>\n${POWERED_BY}\n</body></html>`;\n}\n\nexport interface UserButtonOptions {\n letter: string;\n login: string;\n name?: string;\n email?: string;\n formAction: string;\n hiddenFields: Record<string, string>;\n}\n\nexport function renderUserButton(opts: UserButtonOptions): string {\n const hiddens = Object.entries(opts.hiddenFields)\n .map(([k, v]) => `<input type=\"hidden\" name=\"${escapeAttr(k)}\" value=\"${escapeAttr(v)}\"/>`)\n .join(\"\");\n\n const nameLine = opts.name\n ? `<div class=\"user-meta\">${escapeHtml(opts.name)}</div>`\n : \"\";\n const emailLine = opts.email\n ? `<div class=\"user-email\">${escapeHtml(opts.email)}</div>`\n : \"\";\n\n return `<form class=\"user-form\" method=\"post\" action=\"${escapeAttr(opts.formAction)}\">\n${hiddens}\n<button type=\"submit\" class=\"user-btn\">\n <span class=\"avatar\">${escapeHtml(opts.letter)}</span>\n <span class=\"user-text\">\n <span class=\"user-login\">${escapeHtml(opts.login)}</span>\n ${nameLine}${emailLine}\n </span>\n</button>\n</form>`;\n}\n","import { timingSafeEqual } from \"crypto\";\n\nexport function normalizeUri(uri: string): string {\n try {\n const u = new URL(uri);\n return `${u.origin}${u.pathname.replace(/\\/+$/, \"\")}`;\n } catch {\n return uri.replace(/\\/+$/, \"\").split(\"?\")[0];\n }\n}\n\nexport function matchesRedirectUri(incoming: string, registered: string[]): boolean {\n const normalized = normalizeUri(incoming);\n return registered.some((r) => normalizeUri(r) === normalized);\n}\n\nexport function constantTimeSecretEqual(a: string, b: string): boolean {\n const bufA = Buffer.from(a, \"utf-8\");\n const bufB = Buffer.from(b, \"utf-8\");\n if (bufA.length !== bufB.length) return false;\n return timingSafeEqual(bufA, bufB);\n}\n\nexport function bodyStr(v: unknown): string {\n if (typeof v === \"string\") return v;\n if (Array.isArray(v) && typeof v[0] === \"string\") return v[0];\n return \"\";\n}\n\nexport function parseCookies(header: string): Record<string, string> {\n const cookies: Record<string, string> = {};\n for (const part of header.split(\";\")) {\n const [k, ...v] = part.split(\"=\");\n if (k) cookies[k.trim()] = v.join(\"=\").trim();\n }\n return cookies;\n}\n","import { readFile, writeFile, mkdir } from \"node:fs/promises\";\nimport { dirname } from \"node:path\";\n\nexport interface PersistenceAdapter {\n load(): Promise<string | null>;\n save(data: string): Promise<void>;\n}\n\nexport function filePersistence(path: string): PersistenceAdapter {\n return {\n async load() {\n try {\n return await readFile(path, \"utf-8\");\n } catch {\n return null;\n }\n },\n async save(data: string) {\n await mkdir(dirname(path), { recursive: true });\n await writeFile(path, data, \"utf-8\");\n },\n };\n}\n","import type { Hono } from \"hono\";\nimport type { ServicePlugin, Store, WebhookDispatcher, TokenMap, AppEnv, RouteContext } from \"@emulators/core\";\nimport { getAppleStore } from \"./store.js\";\nimport { generateAppleUid, generatePrivateRelayEmail } from \"./helpers.js\";\nimport { oauthRoutes } from \"./routes/oauth.js\";\n\nexport { getAppleStore, type AppleStore } from \"./store.js\";\nexport * from \"./entities.js\";\n\nexport interface AppleSeedConfig {\n users?: Array<{\n email: string;\n name?: string;\n given_name?: string;\n family_name?: string;\n is_private_email?: boolean;\n }>;\n oauth_clients?: Array<{\n client_id: string;\n team_id: string;\n key_id?: string;\n name: string;\n redirect_uris: string[];\n }>;\n}\n\nfunction seedDefaults(store: Store, _baseUrl: string): void {\n const as = getAppleStore(store);\n\n as.users.insert({\n uid: generateAppleUid(),\n email: \"testuser@icloud.com\",\n name: \"Test User\",\n given_name: \"Test\",\n family_name: \"User\",\n email_verified: true,\n is_private_email: false,\n private_relay_email: null,\n real_user_status: 2,\n });\n}\n\nexport function seedFromConfig(store: Store, _baseUrl: string, config: AppleSeedConfig): void {\n const as = getAppleStore(store);\n\n if (config.users) {\n for (const u of config.users) {\n const existing = as.users.findOneBy(\"email\", u.email);\n if (existing) continue;\n\n const nameParts = (u.name ?? \"\").split(/\\s+/);\n const isPrivate = u.is_private_email ?? false;\n\n as.users.insert({\n uid: generateAppleUid(),\n email: u.email,\n name: u.name ?? u.email.split(\"@\")[0],\n given_name: u.given_name ?? nameParts[0] ?? \"\",\n family_name: u.family_name ?? nameParts.slice(1).join(\" \") ?? \"\",\n email_verified: true,\n is_private_email: isPrivate,\n private_relay_email: isPrivate ? generatePrivateRelayEmail() : null,\n real_user_status: 2,\n });\n }\n }\n\n if (config.oauth_clients) {\n for (const client of config.oauth_clients) {\n const existing = as.oauthClients.findOneBy(\"client_id\", client.client_id);\n if (existing) continue;\n as.oauthClients.insert({\n client_id: client.client_id,\n team_id: client.team_id,\n key_id: client.key_id ?? \"TESTKEY001\",\n name: client.name,\n redirect_uris: client.redirect_uris,\n });\n }\n }\n}\n\nexport const applePlugin: ServicePlugin = {\n name: \"apple\",\n register(app: Hono<AppEnv>, store: Store, webhooks: WebhookDispatcher, baseUrl: string, tokenMap?: TokenMap): void {\n const ctx: RouteContext = { app, store, webhooks, baseUrl, tokenMap };\n oauthRoutes(ctx);\n },\n seed(store: Store, baseUrl: string): void {\n seedDefaults(store, baseUrl);\n },\n};\n\nexport default applePlugin;\n"],"mappings":";AAQO,SAAS,cAAc,OAA0B;AACtD,SAAO;AAAA,IACL,OAAO,MAAM,WAAsB,eAAe,CAAC,OAAO,OAAO,CAAC;AAAA,IAClE,cAAc,MAAM,WAA6B,uBAAuB,CAAC,WAAW,CAAC;AAAA,EACvF;AACF;;;ACbA,SAAS,mBAAmB;AAKrB,SAAS,mBAA2B;AACzC,QAAM,SAAS,YAAY,CAAC,EAAE,SAAS,KAAK,EAAE,YAAY;AAC1D,QAAM,SAAS,YAAY,EAAE,EAAE,SAAS,KAAK;AAC7C,QAAM,SAAS,YAAY,CAAC,EAAE,SAAS,KAAK,EAAE,YAAY;AAC1D,SAAO,GAAG,MAAM,IAAI,MAAM,IAAI,MAAM;AACtC;AAKO,SAAS,4BAAoC;AAClD,QAAM,KAAK,YAAY,EAAE,EAAE,SAAS,KAAK;AACzC,SAAO,GAAG,EAAE;AACd;;;AClBA,SAAS,eAAAA,oBAAmB;AAC5B,SAAS,SAAS,WAAW,uBAAuB;;;AEDpD,SAAS,YAAY;AACrB,SAAS,YAAY;AGArB,SAAS,WAAW,mBAAmB;AEDvC,SAAS,oBAAoB;AAC7B,SAAS,qBAAqB;AAC9B,SAAS,SAAS,YAAY;AHoCvB,SAAS,mBAAmB,kBAA8C;AAC/E,SAAO,OAAO,GAAG,SAAS;AACxB,QAAI,kBAAkB;AACpB,QAAE,IAAI,WAAW,gBAAgB;IACnC;AACA,UAAM,KAAK;EACb;AACF;AAEO,IAAM,eAAkC,mBAAmB;AE/ClE,IAAM,UAAU,OAAO,YAAY,gBAAgB,QAAQ,IAAI,UAAU,OAAO,QAAQ,IAAI,UAAU,UAAU,QAAQ,IAAI,kBAAkB;AAEvI,SAAS,MAAM,UAAkB,MAAuB;AAC7D,MAAI,SAAS;AACX,YAAQ,IAAI,IAAI,KAAK,KAAK,GAAG,IAAI;EACnC;AACF;ACAA,IAAM,YAAY,QAAQ,cAAc,YAAY,GAAG,CAAC;AAExD,IAAM,QAAgC;EACpC,oBAAoB,aAAa,KAAK,WAAW,SAAS,kBAAkB,CAAC;EAC7E,2BAA2B,aAAa,KAAK,WAAW,SAAS,yBAAyB,CAAC;AAC7F;AEXO,SAAS,WAAW,GAAmB;AAC5C,SAAO,EACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ;AAC3B;AAEO,SAAS,WAAW,GAAmB;AAC5C,SAAO,WAAW,CAAC,EAAE,QAAQ,MAAM,OAAO;AAC5C;AAEA,IAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmJZ,IAAM,aAAa;AAEnB,SAAS,OAAO,SAA0B;AACxC,QAAM,QAAQ,UAAU,GAAG,WAAW,OAAO,CAAC,cAAc;AAC5D,SAAO;gCACuB,KAAK;;;;;;;AAOrC;AAEA,SAAS,KAAK,OAAuB;AACnC,SAAO;;;;;SAKA,WAAW,KAAK,CAAC;SACjB,GAAG;;AAEZ;AAEO,SAAS,eACd,OACA,UACA,MACA,SACQ;AACR,SAAO,GAAG,KAAK,KAAK,CAAC;;EAErB,OAAO,OAAO,CAAC;;;8BAGa,WAAW,KAAK,CAAC;iCACd,QAAQ;MACnC,IAAI;;;EAGR,UAAU;;AAEZ;AAEO,SAAS,gBAAgB,OAAe,SAAiB,SAA0B;AACxF,SAAO,GAAG,KAAK,KAAK,CAAC;;EAErB,OAAO,OAAO,CAAC;;;+BAGc,WAAW,KAAK,CAAC;6BACnB,WAAW,OAAO,CAAC;;;EAG9C,UAAU;;AAEZ;AA4BO,SAAS,iBAAiB,MAAiC;AAChE,QAAM,UAAU,OAAO,QAAQ,KAAK,YAAY,EAC7C,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,8BAA8B,WAAW,CAAC,CAAC,YAAY,WAAW,CAAC,CAAC,KAAK,EACzF,KAAK,EAAE;AAEV,QAAM,WAAW,KAAK,OAClB,0BAA0B,WAAW,KAAK,IAAI,CAAC,WAC/C;AACJ,QAAM,YAAY,KAAK,QACnB,2BAA2B,WAAW,KAAK,KAAK,CAAC,WACjD;AAEJ,SAAO,iDAAiD,WAAW,KAAK,UAAU,CAAC;EACnF,OAAO;;yBAEgB,WAAW,KAAK,MAAM,CAAC;;+BAEjB,WAAW,KAAK,KAAK,CAAC;MAC/C,QAAQ,GAAG,SAAS;;;;AAI1B;ACxQO,SAAS,aAAa,KAAqB;AAChD,MAAI;AACF,UAAM,IAAI,IAAI,IAAI,GAAG;AACrB,WAAO,GAAG,EAAE,MAAM,GAAG,EAAE,SAAS,QAAQ,QAAQ,EAAE,CAAC;EACrD,QAAQ;AACN,WAAO,IAAI,QAAQ,QAAQ,EAAE,EAAE,MAAM,GAAG,EAAE,CAAC;EAC7C;AACF;AAEO,SAAS,mBAAmB,UAAkB,YAA+B;AAClF,QAAM,aAAa,aAAa,QAAQ;AACxC,SAAO,WAAW,KAAK,CAAC,MAAM,aAAa,CAAC,MAAM,UAAU;AAC9D;AASO,SAAS,QAAQ,GAAoB;AAC1C,MAAI,OAAO,MAAM,SAAU,QAAO;AAClC,MAAI,MAAM,QAAQ,CAAC,KAAK,OAAO,EAAE,CAAC,MAAM,SAAU,QAAO,EAAE,CAAC;AAC5D,SAAO;AACT;;;AVTA,IAAM,iBAAiB,gBAAgB,OAAO;AAC9C,IAAM,MAAM;AAmBZ,IAAM,sBAAsB,IAAI,KAAK;AAErC,SAAS,gBAAgB,OAAwC;AAC/D,MAAI,MAAM,MAAM,QAAkC,0BAA0B;AAC5E,MAAI,CAAC,KAAK;AACR,UAAM,oBAAI,IAAI;AACd,UAAM,QAAQ,4BAA4B,GAAG;AAAA,EAC/C;AACA,SAAO;AACT;AAEA,SAAS,iBAAiB,OAA+C;AACvE,MAAI,MAAM,MAAM,QAAyC,2BAA2B;AACpF,MAAI,CAAC,KAAK;AACR,UAAM,oBAAI,IAAI;AACd,UAAM,QAAQ,6BAA6B,GAAG;AAAA,EAChD;AACA,SAAO;AACT;AAEA,SAAS,oBAAoB,OAA2B;AACtD,MAAI,MAAM,MAAM,QAAqB,8BAA8B;AACnE,MAAI,CAAC,KAAK;AACR,UAAM,oBAAI,IAAI;AACd,UAAM,QAAQ,gCAAgC,GAAG;AAAA,EACnD;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,GAAyB;AACrD,SAAO,KAAK,IAAI,IAAI,EAAE,aAAa;AACrC;AAEA,IAAM,gBAAgB;AAEtB,eAAe,cACb,MACA,UACA,OACA,SACiB;AACjB,QAAM,EAAE,WAAW,IAAI,MAAM;AAE7B,QAAM,QAAQ,KAAK,oBAAoB,KAAK,sBACxC,KAAK,sBACL,KAAK;AAET,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAExC,QAAM,UAAU,IAAI,QAAQ;AAAA,IAC1B,KAAK,KAAK;AAAA,IACV;AAAA,IACA,gBAAgB,OAAO,KAAK,cAAc;AAAA,IAC1C,kBAAkB,OAAO,KAAK,gBAAgB;AAAA,IAC9C,kBAAkB,KAAK;AAAA,IACvB,iBAAiB;AAAA,IACjB,WAAW;AAAA,IACX,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC;AAAA,EAC3B,CAAC,EACE,mBAAmB,EAAE,KAAK,SAAS,KAAK,KAAK,KAAK,MAAM,CAAC,EACzD,UAAU,OAAO,EACjB,YAAY,QAAQ,EACpB,YAAY,GAAG,EACf,kBAAkB,IAAI;AAEzB,SAAO,QAAQ,KAAK,UAAU;AAChC;AAEO,SAAS,YAAY,EAAE,KAAK,OAAO,SAAS,SAAS,GAAuB;AACjF,QAAM,KAAK,cAAc,KAAK;AAI9B,MAAI,IAAI,qCAAqC,CAAC,MAAM;AAClD,WAAO,EAAE,KAAK;AAAA,MACZ,QAAQ;AAAA,MACR,wBAAwB,GAAG,OAAO;AAAA,MAClC,gBAAgB,GAAG,OAAO;AAAA,MAC1B,qBAAqB,GAAG,OAAO;AAAA,MAC/B,UAAU,GAAG,OAAO;AAAA,MACpB,0BAA0B,CAAC,MAAM;AAAA,MACjC,0BAA0B,CAAC,SAAS,YAAY,WAAW;AAAA,MAC3D,yBAAyB,CAAC,UAAU;AAAA,MACpC,uCAAuC,CAAC,OAAO;AAAA,MAC/C,kBAAkB,CAAC,UAAU,SAAS,MAAM;AAAA,MAC5C,uCAAuC,CAAC,oBAAoB;AAAA,MAC5D,kBAAkB;AAAA,QAChB;AAAA,QAAO;AAAA,QAAS;AAAA,QAAkB;AAAA,QAAO;AAAA,QACzC;AAAA,QAAoB;AAAA,QAAO;AAAA,QAAS;AAAA,QACpC;AAAA,QAAoB;AAAA,QAAO;AAAA,MAC7B;AAAA,IACF,CAAC;AAAA,EACH,CAAC;AAID,MAAI,IAAI,cAAc,OAAO,MAAM;AACjC,UAAM,EAAE,UAAU,IAAI,MAAM;AAC5B,UAAM,MAAM,MAAM,UAAU,SAAS;AACrC,WAAO,EAAE,KAAK;AAAA,MACZ,MAAM,CAAC;AAAA,QACL,GAAG;AAAA,QACH,KAAK;AAAA,QACL,KAAK;AAAA,QACL,KAAK;AAAA,MACP,CAAC;AAAA,IACH,CAAC;AAAA,EACH,CAAC;AAID,MAAI,IAAI,mBAAmB,CAAC,MAAM;AAChC,UAAM,YAAY,EAAE,IAAI,MAAM,WAAW,KAAK;AAC9C,UAAM,eAAe,EAAE,IAAI,MAAM,cAAc,KAAK;AACpD,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,QAAQ,EAAE,IAAI,MAAM,OAAO,KAAK;AACtC,UAAM,gBAAgB,EAAE,IAAI,MAAM,eAAe,KAAK;AAEtD,UAAM,oBAAoB,GAAG,aAAa,IAAI,EAAE,SAAS;AACzD,QAAI,aAAa;AACjB,QAAI,mBAAmB;AACrB,YAAM,SAAS,GAAG,aAAa,UAAU,aAAa,SAAS;AAC/D,UAAI,CAAC,QAAQ;AACX,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,kBAAkB,SAAS,wBAAwB,aAAa;AAAA,UACzG;AAAA,QACF;AAAA,MACF;AACA,UAAI,gBAAgB,CAAC,mBAAmB,cAAc,OAAO,aAAa,GAAG;AAC3E,eAAO,EAAE;AAAA,UACP,gBAAgB,yBAAyB,4DAA4D,aAAa;AAAA,UAClH;AAAA,QACF;AAAA,MACF;AACA,mBAAa,OAAO;AAAA,IACtB;AAEA,UAAM,eAAe,aACjB,sBAAsB,WAAW,UAAU,CAAC,kCAC5C;AAEJ,UAAM,QAAQ,GAAG,MAAM,IAAI;AAC3B,UAAM,cAAc,MACjB,IAAI,CAAC,SAAS;AACb,aAAO,iBAAiB;AAAA,QACtB,SAAS,KAAK,MAAM,CAAC,KAAK,KAAK,YAAY;AAAA,QAC3C,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK;AAAA,QACX,OAAO,KAAK;AAAA,QACZ,YAAY;AAAA,QACZ,cAAc;AAAA,UACZ,OAAO,KAAK;AAAA,UACZ;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH,CAAC,EACA,KAAK,IAAI;AAEZ,UAAM,OAAO,MAAM,WAAW,IAC1B,yDACA;AAEJ,WAAO,EAAE,KAAK,eAAe,sBAAsB,cAAc,MAAM,aAAa,CAAC;AAAA,EACvF,CAAC;AAID,MAAI,KAAK,4BAA4B,OAAO,MAAM;AAChD,UAAM,OAAO,MAAM,EAAE,IAAI,UAAU;AACnC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,eAAe,QAAQ,KAAK,YAAY;AAC9C,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,YAAY,QAAQ,KAAK,SAAS;AACxC,UAAM,QAAQ,QAAQ,KAAK,KAAK;AAChC,UAAM,gBAAgB,QAAQ,KAAK,aAAa,KAAK;AAErD,UAAM,OAAOC,aAAY,EAAE,EAAE,SAAS,KAAK;AAE3C,oBAAgB,KAAK,EAAE,IAAI,MAAM;AAAA,MAC/B;AAAA,MACA;AAAA,MACA,aAAa;AAAA,MACb,UAAU;AAAA,MACV,OAAO,SAAS;AAAA,MAChB,cAAc;AAAA,MACd,YAAY,KAAK,IAAI;AAAA,IACvB,CAAC;AAED,UAAM,eAAe,yBAAyB,KAAK,MAAM,GAAG,CAAC,CAAC,aAAa,KAAK,EAAE;AAGlF,UAAM,UAAU,oBAAoB,KAAK;AACzC,UAAM,UAAU,GAAG,KAAK,IAAI,SAAS;AACrC,UAAM,cAAc,CAAC,QAAQ,IAAI,OAAO;AACxC,QAAI,aAAa;AACf,cAAQ,IAAI,OAAO;AAAA,IACrB;AAGA,QAAI;AACJ,QAAI,aAAa;AACf,YAAM,OAAO,GAAG,MAAM,UAAU,SAAS,KAA2B;AACpE,UAAI,MAAM;AACR,mBAAW,KAAK,UAAU;AAAA,UACxB,MAAM,EAAE,WAAW,KAAK,YAAY,UAAU,KAAK,YAAY;AAAA,UAC/D,OAAO,KAAK;AAAA,QACd,CAAC;AAAA,MACH;AAAA,IACF;AAEA,QAAI,kBAAkB,aAAa;AAEjC,YAAM,OAAO;AAAA;AAAA;AAAA;AAAA,8BAIW,WAAW,YAAY,CAAC;AAAA,0CACZ,WAAW,IAAI,CAAC;AAAA,2CACf,WAAW,KAAK,CAAC,OAAO,WAAW;AAAA,0CAA6C,WAAW,QAAQ,CAAC,SAAS,EAAE;AAAA;AAAA;AAAA;AAIpJ,aAAO,EAAE,KAAK,IAAI;AAAA,IACpB;AAGA,UAAM,MAAM,IAAI,IAAI,YAAY;AAChC,QAAI,aAAa,IAAI,QAAQ,IAAI;AACjC,QAAI,MAAO,KAAI,aAAa,IAAI,SAAS,KAAK;AAC9C,QAAI,SAAU,KAAI,aAAa,IAAI,QAAQ,QAAQ;AAEnD,WAAO,EAAE,SAAS,IAAI,SAAS,GAAG,GAAG;AAAA,EACvC,CAAC;AAID,MAAI,KAAK,eAAe,OAAO,MAAM;AACnC,UAAM,UAAU,MAAM,EAAE,IAAI,KAAK;AACjC,UAAM,OAAO,OAAO,YAAY,IAAI,gBAAgB,OAAO,CAAC;AAE5D,UAAM,aAAa,KAAK,cAAc;AACtC,UAAM,OAAO,KAAK,QAAQ;AAC1B,UAAM,YAAY,KAAK,aAAa;AACpC,UAAM,gBAAgB,KAAK,iBAAiB;AAE5C,QAAI,eAAe,sBAAsB;AACvC,YAAM,aAAa,gBAAgB,KAAK;AACxC,YAAM,UAAU,WAAW,IAAI,IAAI;AACnC,UAAI,CAAC,SAAS;AACZ,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,oCAAoC,GAAG,GAAG;AAAA,MACvG;AACA,UAAI,qBAAqB,OAAO,GAAG;AACjC,mBAAW,OAAO,IAAI;AACtB,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,oCAAoC,GAAG,GAAG;AAAA,MACvG;AAGA,iBAAW,OAAO,IAAI;AAEtB,YAAM,OAAO,GAAG,MAAM,UAAU,SAAS,QAAQ,KAA2B;AAC5E,UAAI,CAAC,MAAM;AACT,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,kBAAkB,GAAG,GAAG;AAAA,MACrF;AAEA,YAAM,cAAc,WAAWA,aAAY,EAAE,EAAE,SAAS,WAAW;AACnE,YAAM,eAAe,aAAaA,aAAY,EAAE,EAAE,SAAS,WAAW;AACtE,YAAM,SAAS,QAAQ,QAAQ,QAAQ,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC;AAE7E,UAAI,UAAU;AACZ,iBAAS,IAAI,aAAa,EAAE,OAAO,KAAK,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC;AAAA,MACtE;AAGA,uBAAiB,KAAK,EAAE,IAAI,cAAc;AAAA,QACxC,OAAO,KAAK;AAAA,QACZ,UAAU,QAAQ;AAAA,QAClB,OAAO,QAAQ;AAAA,QACf,OAAO,QAAQ;AAAA,MACjB,CAAC;AAED,YAAM,UAAU,MAAM,cAAc,MAAM,QAAQ,UAAU,QAAQ,OAAO,OAAO;AAElF,YAAM,eAAe,kCAAkC,KAAK,KAAK,EAAE;AAEnE,aAAO,EAAE,KAAK;AAAA,QACZ,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,eAAe;AAAA,QACf,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,QAAI,eAAe,iBAAiB;AAClC,YAAM,aAAa,iBAAiB,KAAK;AACzC,YAAM,SAAS,WAAW,IAAI,aAAa;AAC3C,UAAI,CAAC,QAAQ;AACX,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,gCAAgC,GAAG,GAAG;AAAA,MACnG;AAEA,YAAM,OAAO,GAAG,MAAM,UAAU,SAAS,OAAO,KAA2B;AAC3E,UAAI,CAAC,MAAM;AACT,eAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,mBAAmB,kBAAkB,GAAG,GAAG;AAAA,MACrF;AAEA,YAAM,cAAc,WAAWA,aAAY,EAAE,EAAE,SAAS,WAAW;AACnE,YAAM,SAAS,OAAO,QAAQ,OAAO,MAAM,MAAM,KAAK,EAAE,OAAO,OAAO,IAAI,CAAC;AAE3E,UAAI,UAAU;AACZ,iBAAS,IAAI,aAAa,EAAE,OAAO,KAAK,OAAO,IAAI,KAAK,IAAI,OAAO,CAAC;AAAA,MACtE;AAEA,YAAM,UAAU,MAAM,cAAc,MAAM,OAAO,YAAY,WAAW,OAAO,OAAO,OAAO;AAE7F,YAAM,eAAe,wCAAwC,KAAK,KAAK,EAAE;AAGzE,aAAO,EAAE,KAAK;AAAA,QACZ,cAAc;AAAA,QACd,YAAY;AAAA,QACZ,YAAY;AAAA,QACZ,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AAEA,WAAO,EAAE,KAAK,EAAE,OAAO,0BAA0B,mBAAmB,2DAA2D,GAAG,GAAG;AAAA,EACvI,CAAC;AAID,MAAI,KAAK,gBAAgB,OAAO,MAAM;AACpC,UAAM,UAAU,MAAM,EAAE,IAAI,KAAK;AACjC,UAAM,SAAS,IAAI,gBAAgB,OAAO;AAC1C,UAAM,QAAQ,OAAO,IAAI,OAAO,KAAK;AAErC,QAAI,SAAS,UAAU;AACrB,eAAS,OAAO,KAAK;AAAA,IACvB;AAGA,QAAI,OAAO;AACT,uBAAiB,KAAK,EAAE,OAAO,KAAK;AAAA,IACtC;AAEA,WAAO,EAAE,KAAK,MAAM,GAAG;AAAA,EACzB,CAAC;AACH;;;AY7WA,SAAS,aAAa,OAAc,UAAwB;AAC1D,QAAM,KAAK,cAAc,KAAK;AAE9B,KAAG,MAAM,OAAO;AAAA,IACd,KAAK,iBAAiB;AAAA,IACtB,OAAO;AAAA,IACP,MAAM;AAAA,IACN,YAAY;AAAA,IACZ,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,kBAAkB;AAAA,IAClB,qBAAqB;AAAA,IACrB,kBAAkB;AAAA,EACpB,CAAC;AACH;AAEO,SAAS,eAAe,OAAc,UAAkB,QAA+B;AAC5F,QAAM,KAAK,cAAc,KAAK;AAE9B,MAAI,OAAO,OAAO;AAChB,eAAW,KAAK,OAAO,OAAO;AAC5B,YAAM,WAAW,GAAG,MAAM,UAAU,SAAS,EAAE,KAAK;AACpD,UAAI,SAAU;AAEd,YAAM,aAAa,EAAE,QAAQ,IAAI,MAAM,KAAK;AAC5C,YAAM,YAAY,EAAE,oBAAoB;AAExC,SAAG,MAAM,OAAO;AAAA,QACd,KAAK,iBAAiB;AAAA,QACtB,OAAO,EAAE;AAAA,QACT,MAAM,EAAE,QAAQ,EAAE,MAAM,MAAM,GAAG,EAAE,CAAC;AAAA,QACpC,YAAY,EAAE,cAAc,UAAU,CAAC,KAAK;AAAA,QAC5C,aAAa,EAAE,eAAe,UAAU,MAAM,CAAC,EAAE,KAAK,GAAG,KAAK;AAAA,QAC9D,gBAAgB;AAAA,QAChB,kBAAkB;AAAA,QAClB,qBAAqB,YAAY,0BAA0B,IAAI;AAAA,QAC/D,kBAAkB;AAAA,MACpB,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,OAAO,eAAe;AACxB,eAAW,UAAU,OAAO,eAAe;AACzC,YAAM,WAAW,GAAG,aAAa,UAAU,aAAa,OAAO,SAAS;AACxE,UAAI,SAAU;AACd,SAAG,aAAa,OAAO;AAAA,QACrB,WAAW,OAAO;AAAA,QAClB,SAAS,OAAO;AAAA,QAChB,QAAQ,OAAO,UAAU;AAAA,QACzB,MAAM,OAAO;AAAA,QACb,eAAe,OAAO;AAAA,MACxB,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAEO,IAAM,cAA6B;AAAA,EACxC,MAAM;AAAA,EACN,SAAS,KAAmB,OAAc,UAA6B,SAAiB,UAA2B;AACjH,UAAM,MAAoB,EAAE,KAAK,OAAO,UAAU,SAAS,SAAS;AACpE,gBAAY,GAAG;AAAA,EACjB;AAAA,EACA,KAAK,OAAc,SAAuB;AACxC,iBAAa,OAAO,OAAO;AAAA,EAC7B;AACF;AAEA,IAAO,gBAAQ;","names":["randomBytes","randomBytes"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@emulators/apple",
3
- "version": "0.3.0",
3
+ "version": "0.4.1",
4
4
  "license": "Apache-2.0",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -29,7 +29,7 @@
29
29
  "dependencies": {
30
30
  "hono": "^4",
31
31
  "jose": "^6",
32
- "@emulators/core": "0.3.0"
32
+ "@emulators/core": "0.4.1"
33
33
  },
34
34
  "devDependencies": {
35
35
  "tsup": "^8",