@fuzdev/fuz_app 0.55.0 → 0.57.0

package/dist/auth/permit_queries.js

@@ -1,305 +0,0 @@
-/**
- * Permit database queries.
- *
- * Permits are time-bounded, revocable grants of a role to an actor.
- * The system is safe by default — no permit, no capability.
- *
- * @module
- */
-import { assert_row } from '../db/assert_row.js';
-import { PERMIT_OFFER_SCOPE_SENTINEL_UUID } from './permit_offer_schema.js';
-/**
- * Grant a permit to an actor.
- * Idempotent — if an active permit already exists for this actor, role, and
- * scope, returns the existing permit instead of creating a duplicate.
- *
- * The `ON CONFLICT` target and the fallback `SELECT` both collapse `NULL`
- * scopes via the same sentinel used by the partial unique index
- * (`permit_actor_role_scope_active_unique`). The `IS NOT DISTINCT FROM`
- * form on the fallback is deliberate — plain `=` would miss the
- * NULL-scope case where the conflict fired.
- *
- * @param deps - query dependencies
- * @param input - the permit fields
- * @returns the created or existing active permit
- * @mutates `permit` table - inserts a row when no active permit matches `(actor_id, role, scope_id)`
- */
-export const query_grant_permit = async (deps, input) => {
-    const inserted = await deps.db.query_one(`INSERT INTO permit (actor_id, role, scope_id, expires_at, granted_by, source_offer_id)
-		 VALUES ($1, $2, $3, $4, $5, $6)
-		 ON CONFLICT (actor_id, role, COALESCE(scope_id, '${PERMIT_OFFER_SCOPE_SENTINEL_UUID}'::uuid))
-		   WHERE revoked_at IS NULL
-		 DO NOTHING
-		 RETURNING *`, [
-        input.actor_id,
-        input.role,
-        input.scope_id ?? null,
-        input.expires_at?.toISOString() ?? null,
-        input.granted_by ?? null,
-        input.source_offer_id ?? null,
-    ]);
-    if (inserted)
-        return inserted;
-    // Active permit already exists — return it (idempotent grant).
-    const existing = await deps.db.query_one(`SELECT * FROM permit
-		 WHERE actor_id = $1
-		   AND role = $2
-		   AND scope_id IS NOT DISTINCT FROM $3
-		   AND revoked_at IS NULL`, [input.actor_id, input.role, input.scope_id ?? null]);
-    return assert_row(existing, 'idempotent permit grant');
-};
-/**
- * Look up the role of an active permit (constrained to a specific
- * actor) plus the actor's `account_id`.
- *
- * Used by admin routes to inspect the permit's role before acting
- * (e.g., enforcing `web_grantable` on revoke). The actor constraint
- * mirrors `query_revoke_permit` so IDOR protection is consistent:
- * a caller can only see permits belonging to the target actor.
- *
- * The JOIN to `actor` collapses what used to be a second
- * `query_actor_by_id` round-trip in the revoke handler into one read,
- * which closes the small TOCTOU window where the actor row could be
- * deleted between the IDOR check and the actor lookup. The `account_id`
- * is needed by the audit envelope's `target_account_id` field and the
- * SSE/WS socket-close fan-out targeting.
- *
- * Returns `null` if the permit is not found, already revoked, or
- * belongs to a different actor.
- *
- * @param deps - query dependencies
- * @param permit_id - the permit id to look up
- * @param actor_id - the actor that must own the permit
- * @returns `{role, account_id}` on a match, or `null`
- */
-export const query_permit_find_active_role_for_actor = async (deps, permit_id, actor_id) => {
-    const row = await deps.db.query_one(`SELECT permit.role, actor.account_id
-		   FROM permit
-		   JOIN actor ON actor.id = permit.actor_id
-		  WHERE permit.id = $1 AND permit.actor_id = $2 AND permit.revoked_at IS NULL`, [permit_id, actor_id]);
-    return row ?? null;
-};
-/**
- * Revoke a permit by id, constrained to a specific actor.
- *
- * Requires `actor_id` to prevent cross-account revocation (IDOR guard).
- * Returns `null` if the permit is not found, already revoked, or belongs
- * to a different actor.
- *
- * Supersedes any pending offers for the revoked permit's
- * `(to_account, role, scope)` in the same transaction. Prevents the
- * "accept a pre-revoke offer to bypass the revoke" path — any stale
- * offer becomes terminal at revoke time. A fresh post-revoke grant
- * requires the grantor to call `query_permit_offer_create` again.
- *
- * @param deps - query dependencies
- * @param permit_id - the permit to revoke
- * @param actor_id - the actor that must own the permit
- * @param revoked_by - the actor who revoked it (for audit trail)
- * @param reason - optional free-form reason, stamped on `permit.revoked_reason` and surfaced to the revokee notification.
- * @mutates `permit` row - sets `revoked_at`, `revoked_by`, and `revoked_reason`
- * @mutates `permit_offer` rows - stamps `superseded_at` on every pending sibling for the same `(account, role, scope)`
- */
-export const query_revoke_permit = async (deps, permit_id, actor_id, revoked_by, reason) => {
-    const rows = await deps.db.query(`UPDATE permit SET revoked_at = NOW(), revoked_by = $3, revoked_reason = $4
-		 WHERE id = $1 AND actor_id = $2 AND revoked_at IS NULL
-		 RETURNING id, role, scope_id`, [permit_id, actor_id, revoked_by ?? null, reason ?? null]);
-    const revoked = rows[0];
-    if (!revoked)
-        return null;
-    // CTE joins `actor` after the UPDATE so each superseded row carries the
-    // grantor's `account_id` — callers fan out `permit_offer_supersede`
-    // notifications to that account without a second round-trip.
-    const superseded_offers = await deps.db.query(`WITH updated AS (
-			UPDATE permit_offer o
-			SET superseded_at = NOW()
-			FROM actor a
-			WHERE a.id = $1
-			  AND o.to_account_id = a.account_id
-			  AND o.role = $2
-			  AND o.scope_id IS NOT DISTINCT FROM $3
-			  AND o.accepted_at IS NULL
-			  AND o.declined_at IS NULL
-			  AND o.retracted_at IS NULL
-			  AND o.superseded_at IS NULL
-			RETURNING o.*
-		)
-		SELECT u.*, grantor.account_id AS from_account_id
-		FROM updated u
-		JOIN actor grantor ON grantor.id = u.from_actor_id`, [actor_id, revoked.role, revoked.scope_id]);
-    return {
-        id: revoked.id,
-        role: revoked.role,
-        scope_id: revoked.scope_id,
-        superseded_offers,
-    };
-};
-/**
- * Find all active (non-revoked, non-expired) permits for an actor.
- */
-export const query_permit_find_active_for_actor = async (deps, actor_id) => {
-    return deps.db.query(`SELECT * FROM permit
-		 WHERE actor_id = $1
-		   AND revoked_at IS NULL
-		   AND (expires_at IS NULL OR expires_at > NOW())
-		 ORDER BY created_at`, [actor_id]);
-};
-/**
- * Check if an actor has an active permit for a given role.
- *
- * The `scope_id` parameter selects between global and scoped checks:
- * - Omitted or `null` — matches a global permit (`scope_id IS NULL`).
- *   Pre-scope callers keep their existing semantics.
- * - A scope uuid — matches a permit bound to that exact scope.
- *
- * The `IS NOT DISTINCT FROM` comparison handles the NULL case uniformly.
- */
-export const query_permit_has_role = async (deps, actor_id, role, scope_id) => {
-    const row = await deps.db.query_one(`SELECT EXISTS(
-			SELECT 1 FROM permit
-			WHERE actor_id = $1
-			  AND role = $2
-			  AND scope_id IS NOT DISTINCT FROM $3
-			  AND revoked_at IS NULL
-			  AND (expires_at IS NULL OR expires_at > NOW())
-		 ) AS exists`, [actor_id, role, scope_id ?? null]);
-    return row?.exists ?? false;
-};
-/**
- * List all permits for an actor (including revoked/expired).
- */
-export const query_permit_list_for_actor = async (deps, actor_id) => {
-    return deps.db.query(`SELECT * FROM permit WHERE actor_id = $1 ORDER BY created_at DESC`, [actor_id]);
-};
-/**
- * Find the account ID of an account that holds an active permit for a given role.
- *
- * Joins permit → actor → account. Returns the first match, or `null` if none.
- *
- * @param deps - query dependencies
- * @param role - the role to search for
- * @returns the account ID, or `null`
- */
-export const query_permit_find_account_id_for_role = async (deps, role) => {
-    const row = await deps.db.query_one(`SELECT a.id AS account_id
-		 FROM permit p
-		 JOIN actor act ON act.id = p.actor_id
-		 JOIN account a ON a.id = act.account_id
-		 WHERE p.role = $1
-		   AND p.revoked_at IS NULL
-		   AND (p.expires_at IS NULL OR p.expires_at > NOW())
-		 LIMIT 1`, [role]);
-    return row?.account_id ?? null;
-};
-/**
- * Revoke every active permit bound to a scope and supersede every pending
- * offer at the scope, in one cascade.
- *
- * Use this from a consumer's parent-scope delete handler (e.g., classroom
- * deletion) — `permit.scope_id` and `permit_offer.scope_id` are polymorphic
- * with no FK constraint by design, so a parent row deletion would otherwise
- * orphan permits and offers. The cascade is **role-agnostic**: anything
- * attached to the destroyed scope is cleaned up.
- *
- * Both updates run as separate statements inside the caller's transaction
- * (mirrors `query_permit_revoke_role`'s shape). The two halves are
- * independent — orphan pending offers can exist at a scope with no active
- * permits, so the supersede half always runs even when no permit was
- * revoked.
- *
- * @param deps - query dependencies
- * @param scope_id - the scope whose permits and offers to terminate
- * @param revoked_by - the actor performing the cascade (audit trail)
- * @param reason - optional free-form reason, stamped on `permit.revoked_reason`.
- * @returns the revoked permits (with `account_id` for fan-out) and superseded offers (with `from_account_id` for fan-out)
- * @mutates `permit` table - sets `revoked_at`/`revoked_by`/`revoked_reason` on every active row at `scope_id`
- * @mutates `permit_offer` table - stamps `superseded_at` on every pending row at `scope_id`
- */
-export const query_permit_revoke_for_scope = async (deps, scope_id, revoked_by, reason) => {
-    // Revoke every active permit at the scope. CTE returns `actor_id` directly
-    // from the permit row (drives `target_actor_id` audit envelopes); a join
-    // against `actor` resolves `account_id` for `target_account_id`
-    // + WS/SSE socket-close fan-out, all in one round-trip.
-    const revoked = await deps.db.query(`WITH updated AS (
-			UPDATE permit
-			SET revoked_at = NOW(), revoked_by = $2, revoked_reason = $3
-			WHERE scope_id = $1 AND revoked_at IS NULL
-			RETURNING id, role, scope_id, actor_id
-		)
-		SELECT u.id AS permit_id, u.role, u.scope_id, u.actor_id, a.account_id
-		FROM updated u
-		JOIN actor a ON a.id = u.actor_id`, [scope_id, revoked_by ?? null, reason ?? null]);
-    // Supersede every pending offer at the scope — tuple-matched or orphan,
-    // no distinction. The cause of every supersede in this cascade is the
-    // scope deletion; offers tuple-matched to a revoked permit are not
-    // tagged separately because the revoke is itself a consequence of the
-    // scope going away.
-    const superseded_offers = await deps.db.query(`WITH updated AS (
-			UPDATE permit_offer o
-			SET superseded_at = NOW()
-			WHERE o.scope_id = $1
-			  AND o.accepted_at IS NULL
-			  AND o.declined_at IS NULL
-			  AND o.retracted_at IS NULL
-			  AND o.superseded_at IS NULL
-			RETURNING o.*
-		)
-		SELECT u.*, grantor.account_id AS from_account_id
-		FROM updated u
-		JOIN actor grantor ON grantor.id = u.from_actor_id`, [scope_id]);
-    return { revoked, superseded_offers };
-};
-/**
- * Revoke every active permit an actor holds for a given role.
- *
- * With scoped permits a single actor+role tuple can hold several active
- * permits (one per scope), so this revokes all of them. Pass
- * `query_revoke_permit(permit_id, ...)` when a single scoped permit
- * is the target.
- *
- * Also supersedes pending offers for the actor's account across every
- * scope of this role (the actor can no longer hold the role, so any
- * pending offer of the same role is a bypass vector).
- *
- * @param deps - query dependencies
- * @param actor_id - the actor whose permits to revoke
- * @param role - the role to revoke
- * @param revoked_by - the actor who revoked it (for audit trail)
- * @param reason - optional free-form reason, stamped on `permit.revoked_reason`.
- * @returns the list of revoked permits (empty if none were active) and superseded pending offers
- * @mutates `permit` table - sets `revoked_at`/`revoked_by`/`revoked_reason` on every active row for `(actor, role)`
- * @mutates `permit_offer` table - stamps `superseded_at` on every matching pending offer
- */
-export const query_permit_revoke_role = async (deps, actor_id, role, revoked_by, reason) => {
-    // CTE pulls the revokee's `account_id` via a join on `actor` so callers
-    // can address the revokee without an extra round-trip.
-    const revoked = await deps.db.query(`WITH updated AS (
-			UPDATE permit
-			SET revoked_at = NOW(), revoked_by = $3, revoked_reason = $4
-			WHERE actor_id = $1 AND role = $2 AND revoked_at IS NULL
-			RETURNING id, role, scope_id, actor_id
-		)
-		SELECT u.id AS permit_id, u.role, u.scope_id, a.account_id
-		FROM updated u
-		JOIN actor a ON a.id = u.actor_id`, [actor_id, role, revoked_by ?? null, reason ?? null]);
-    if (revoked.length === 0) {
-        return { revoked: [], superseded_offers: [] };
-    }
-    const superseded_offers = await deps.db.query(`WITH updated AS (
-			UPDATE permit_offer o
-			SET superseded_at = NOW()
-			FROM actor a
-			WHERE a.id = $1
-			  AND o.to_account_id = a.account_id
-			  AND o.role = $2
-			  AND o.accepted_at IS NULL
-			  AND o.declined_at IS NULL
-			  AND o.retracted_at IS NULL
-			  AND o.superseded_at IS NULL
-			RETURNING o.*
-		)
-		SELECT u.*, grantor.account_id AS from_account_id
-		FROM updated u
-		JOIN actor grantor ON grantor.id = u.from_actor_id`, [actor_id, role]);
-    return { revoked, superseded_offers };
-};

package/dist/auth/require_keeper.d.ts

@@ -1,20 +0,0 @@
-/**
- * Keeper credential type guard.
- *
- * Two-part check:
- * 1. Credential type must be `daemon_token` (not session cookie, not API token).
- * 2. Account must hold active keeper permit.
- *
- * Both must pass. A session cookie from the bootstrap account still fails check #1.
- *
- * @module
- */
-import type { MiddlewareHandler } from 'hono';
-/**
- * Middleware that requires keeper credentials.
- *
- * Returns 401 if unauthenticated, 403 if credential type is not
- * `daemon_token` or if the keeper role is missing.
- */
-export declare const require_keeper: MiddlewareHandler;
-//# sourceMappingURL=require_keeper.d.ts.map

package/dist/auth/require_keeper.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"require_keeper.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/require_keeper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAW5C;;;;;GAKG;AACH,eAAO,MAAM,cAAc,EAAE,iBAmB5B,CAAC"}

package/dist/auth/require_keeper.js

@@ -1,35 +0,0 @@
-/**
- * Keeper credential type guard.
- *
- * Two-part check:
- * 1. Credential type must be `daemon_token` (not session cookie, not API token).
- * 2. Account must hold active keeper permit.
- *
- * Both must pass. A session cookie from the bootstrap account still fails check #1.
- *
- * @module
- */
-import { get_request_context, has_role } from './request_context.js';
-import { CREDENTIAL_TYPE_KEY } from '../hono_context.js';
-import { ROLE_KEEPER } from './role_schema.js';
-import { ERROR_AUTHENTICATION_REQUIRED, ERROR_INSUFFICIENT_PERMISSIONS, ERROR_KEEPER_REQUIRES_DAEMON_TOKEN, } from '../http/error_schemas.js';
-/**
- * Middleware that requires keeper credentials.
- *
- * Returns 401 if unauthenticated, 403 if credential type is not
- * `daemon_token` or if the keeper role is missing.
- */
-export const require_keeper = async (c, next) => {
-    const ctx = get_request_context(c);
-    if (!ctx) {
-        return c.json({ error: ERROR_AUTHENTICATION_REQUIRED }, 401);
-    }
-    const credential_type = c.get(CREDENTIAL_TYPE_KEY);
-    if (credential_type !== 'daemon_token') {
-        return c.json({ error: ERROR_KEEPER_REQUIRES_DAEMON_TOKEN, credential_type: credential_type ?? 'none' }, 403);
-    }
-    if (!has_role(ctx, ROLE_KEEPER)) {
-        return c.json({ error: ERROR_INSUFFICIENT_PERMISSIONS, required_role: ROLE_KEEPER }, 403);
-    }
-    await next();
-};

package/dist/auth/route_guards.d.ts

@@ -1,27 +0,0 @@
-/**
- * Auth guard resolver for the route spec system.
- *
- * Maps `RouteAuth` discriminants to two-phase auth middleware sets.
- * `pre_validation` carries the 401 check (`require_auth`) so
- * unauthenticated callers never see route-shape information from input
- * parse failures. `post_authorization` carries the 403 role / keeper
- * checks because they read the `RequestContext` populated by the
- * dispatcher's authorization phase.
- *
- * Injected into `apply_route_specs` to decouple the generic HTTP
- * framework (`http/route_spec.ts`) from auth-specific middleware.
- *
- * @module
- */
-import type { AuthGuardResolver } from '../http/route_spec.js';
-/**
- * Standard auth guard resolver for fuz_app.
- *
- * Maps `RouteAuth` to middleware:
- * - `none` → no guards
- * - `authenticated` → pre-validation `require_auth`
- * - `role` → pre-validation `require_auth` + post-authorization `require_role(role)`
- * - `keeper` → pre-validation `require_auth` + post-authorization `require_keeper`
- */
-export declare const fuz_auth_guard_resolver: AuthGuardResolver;
-//# sourceMappingURL=route_guards.d.ts.map

package/dist/auth/route_guards.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"route_guards.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/route_guards.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,uBAAuB,CAAC;AAE7D;;;;;;;;GAQG;AACH,eAAO,MAAM,uBAAuB,EAAE,iBAWrC,CAAC"}

package/dist/auth/route_guards.js

@@ -1,38 +0,0 @@
-/**
- * Auth guard resolver for the route spec system.
- *
- * Maps `RouteAuth` discriminants to two-phase auth middleware sets.
- * `pre_validation` carries the 401 check (`require_auth`) so
- * unauthenticated callers never see route-shape information from input
- * parse failures. `post_authorization` carries the 403 role / keeper
- * checks because they read the `RequestContext` populated by the
- * dispatcher's authorization phase.
- *
- * Injected into `apply_route_specs` to decouple the generic HTTP
- * framework (`http/route_spec.ts`) from auth-specific middleware.
- *
- * @module
- */
-import { require_auth, require_role } from './request_context.js';
-import { require_keeper } from './require_keeper.js';
-/**
- * Standard auth guard resolver for fuz_app.
- *
- * Maps `RouteAuth` to middleware:
- * - `none` → no guards
- * - `authenticated` → pre-validation `require_auth`
- * - `role` → pre-validation `require_auth` + post-authorization `require_role(role)`
- * - `keeper` → pre-validation `require_auth` + post-authorization `require_keeper`
- */
-export const fuz_auth_guard_resolver = (auth) => {
-    switch (auth.type) {
-        case 'none':
-            return { pre_validation: [], post_authorization: [] };
-        case 'authenticated':
-            return { pre_validation: [require_auth], post_authorization: [] };
-        case 'role':
-            return { pre_validation: [require_auth], post_authorization: [require_role(auth.role)] };
-        case 'keeper':
-            return { pre_validation: [require_auth], post_authorization: [require_keeper] };
-    }
-};

package/dist/auth/session_lifecycle.d.ts

@@ -1,37 +0,0 @@
-/**
- * Session lifecycle — creation and cookie management shared across login and bootstrap flows.
- *
- * @module
- */
-import type { Context } from 'hono';
-import type { Keyring } from './keyring.js';
-import { type SessionOptions } from './session_cookie.js';
-import type { QueryDeps } from '../db/query_deps.js';
-/**
- * Options for `create_session_and_set_cookie`.
- */
-export interface CreateSessionAndSetCookieOptions {
-    /** Keyring for cookie signing. */
-    keyring: Keyring;
-    /** Query deps (needs db for session creation). */
-    deps: QueryDeps;
-    /** Hono context for setting the cookie. */
-    c: Context;
-    /** The account to create a session for. */
-    account_id: string;
-    /** Session cookie configuration. */
-    session_options: SessionOptions<string>;
-    /** Per-account session cap (`null` to skip enforcement). */
-    max_sessions?: number | null;
-}
-/**
- * Create an auth session and set the session cookie on the response.
- *
- * Shared by login and bootstrap — generates a token, hashes it, persists
- * the session row, optionally enforces a per-account session limit, and
- * sets the signed cookie.
- *
- * @mutates `auth_session` table - inserts the new session row (and evicts older rows when `max_sessions` is set)
- */
-export declare const create_session_and_set_cookie: (options: CreateSessionAndSetCookieOptions) => Promise<void>;
-//# sourceMappingURL=session_lifecycle.d.ts.map

package/dist/auth/session_lifecycle.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"session_lifecycle.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_lifecycle.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAElC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,qBAAqB,CAAC;AASrF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAChD,kCAAkC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,kDAAkD;IAClD,IAAI,EAAE,SAAS,CAAC;IAChB,2CAA2C;IAC3C,CAAC,EAAE,OAAO,CAAC;IACX,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4DAA4D;IAC5D,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,6BAA6B,GACzC,SAAS,gCAAgC,KACvC,OAAO,CAAC,IAAI,CAad,CAAC"}

package/dist/auth/session_lifecycle.js

@@ -1,29 +0,0 @@
-/**
- * Session lifecycle — creation and cookie management shared across login and bootstrap flows.
- *
- * @module
- */
-import { create_session_cookie_value } from './session_cookie.js';
-import { set_session_cookie } from './session_middleware.js';
-import { generate_session_token, hash_session_token, AUTH_SESSION_LIFETIME_MS, query_create_session, query_session_enforce_limit, } from './session_queries.js';
-/**
- * Create an auth session and set the session cookie on the response.
- *
- * Shared by login and bootstrap — generates a token, hashes it, persists
- * the session row, optionally enforces a per-account session limit, and
- * sets the signed cookie.
- *
- * @mutates `auth_session` table - inserts the new session row (and evicts older rows when `max_sessions` is set)
- */
-export const create_session_and_set_cookie = async (options) => {
-    const { keyring, deps, c, account_id, session_options, max_sessions } = options;
-    const session_token = generate_session_token();
-    const token_hash = hash_session_token(session_token);
-    const expires_at = new Date(Date.now() + AUTH_SESSION_LIFETIME_MS);
-    await query_create_session(deps, token_hash, account_id, expires_at);
-    if (max_sessions != null) {
-        await query_session_enforce_limit(deps, account_id, max_sessions);
-    }
-    const cookie_value = await create_session_cookie_value(keyring, session_token, session_options);
-    set_session_cookie(c, cookie_value, session_options);
-};

package/dist/ui/AdminPermitHistory.svelte.d.ts

@@ -1,4 +0,0 @@
-declare const AdminPermitHistory: import("svelte").Component<Record<string, never>, {}, "">;
-type AdminPermitHistory = ReturnType<typeof AdminPermitHistory>;
-export default AdminPermitHistory;
-//# sourceMappingURL=AdminPermitHistory.svelte.d.ts.map

package/dist/ui/AdminPermitHistory.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AdminPermitHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminPermitHistory.svelte"],"names":[],"mappings":"AAiGA,QAAA,MAAM,kBAAkB,2DAAwC,CAAC;AACjE,KAAK,kBAAkB,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAChE,eAAe,kBAAkB,CAAC"}

package/dist/ui/PermitOfferForm.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"PermitOfferForm.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferForm.svelte"],"names":[],"mappings":"AAiBA,OAAO,EAEL,KAAK,eAAe,EACpB,MAAM,gCAAgC,CAAC;AASxC,KAAK,gBAAgB,GAAI;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,+EAA+E;IAC/E,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,4EAA4E;IAC5E,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAC;IAC9C,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AA4GH,QAAA,MAAM,eAAe,sDAAwC,CAAC;AAC9D,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,eAAe,CAAC,CAAC;AAC1D,eAAe,eAAe,CAAC"}

package/dist/ui/PermitOfferHistory.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"PermitOfferHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferHistory.svelte"],"names":[],"mappings":"AAmBA,OAAO,EAA4C,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAE7F,KAAK,gBAAgB,GAAI;IACxB,oFAAoF;IACpF,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AAkGH,QAAA,MAAM,kBAAkB,sDAAwC,CAAC;AACjE,KAAK,kBAAkB,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAChE,eAAe,kBAAkB,CAAC"}

package/dist/ui/PermitOfferInbox.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"PermitOfferInbox.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferInbox.svelte"],"names":[],"mappings":"AAmBA,OAAO,EAA4C,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAE7F,KAAK,gBAAgB,GAAI;IACxB,uEAAuE;IACvE,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,+DAA+D;IAC/D,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AA2FH,QAAA,MAAM,gBAAgB,sDAAwC,CAAC;AAC/D,KAAK,gBAAgB,GAAG,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC5D,eAAe,gBAAgB,CAAC"}

package/dist/ui/permit_offers_state.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"permit_offers_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/permit_offers_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,gCAAgC,CAAC;AAUpE;;;;GAIG;AACH,eAAO,MAAM,2BAA2B;;;;CAAsC,CAAC;AAE/E;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC/B,IAAI,EAAE,MAAM,OAAO,CAAC;QAAC,MAAM,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;KAAC,CAAC,CAAC;IACtD,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KAChB,KAAK,OAAO,CAAC;QAAC,MAAM,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;KAAC,CAAC,CAAC;IAChD,MAAM,EAAE,CAAC,MAAM,EAAE;QAChB,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,KAAK,OAAO,CAAC;QAAC,KAAK,EAAE,eAAe,CAAA;KAAC,CAAC,CAAC;IACxC,MAAM,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;QACrC,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,EAAE,eAAe,CAAC;QACvB,oBAAoB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;KACpC,CAAC,CAAC;IACH,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;IAC3E,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;CACnD;AAED,yFAAyF;AACzF,MAAM,WAAW,uBAAuB;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,OAAO,CAAC;CAChB;AAED,qFAAqF;AACrF,MAAM,MAAM,oBAAoB,GAAG,CAClC,OAAO,EAAE,CAAC,YAAY,EAAE,uBAAuB,KAAK,IAAI,KACpD,MAAM,IAAI,CAAC;AAEhB,MAAM,WAAW,wBAAwB;IACxC,GAAG,EAAE,eAAe,CAAC;IACrB,oFAAoF;IACpF,UAAU,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAChC;;;OAGG;IACH,QAAQ,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;CAC9B;AAQD,qBAAa,iBAAkB,SAAQ,QAAQ;;IAO9C,sEAAsE;IACtE,QAAQ,CAAC,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAatC;IAEH,mEAAmE;IACnE,QAAQ,CAAC,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAatC;IAEH,qFAAqF;IACrF,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,eAAe,CAAC,CAIrC;IAEH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAkC;gBAErD,OAAO,EAAE,wBAAwB;IAO7C,4DAA4D;IACtD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAO5B,6DAA6D;IACvD,aAAa,CAAC,OAAO,CAAC,EAAE;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/E;;;;;;OAMG;IACG,MAAM,CAAC,MAAM,EAAE;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAQxC,qGAAqG;IAC/F,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAavC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAOhE,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO9C;;;OAGG;IACH,SAAS,CAAC,YAAY,EAAE,oBAAoB,GAAG,MAAM,IAAI;IAMzD;;;;;;OAMG;IACH,kBAAkB,CAAC,YAAY,EAAE,uBAAuB,GAAG,IAAI;IAwB/D,qDAAqD;IAC5C,KAAK,IAAI,IAAI;CAmBtB"}