@hatk/hatk 0.0.1-alpha.34 → 0.0.1-alpha.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapter.d.ts.map +1 -1
- package/dist/adapter.js +15 -2
- package/dist/cli.js +7 -30
- package/dist/database/adapters/sqlite-search.d.ts.map +1 -1
- package/dist/database/adapters/sqlite-search.js +4 -1
- package/dist/database/fts.d.ts.map +1 -1
- package/dist/database/ports.d.ts.map +1 -1
- package/dist/dev-entry.d.ts.map +1 -1
- package/dist/dev-entry.js +2 -1
- package/dist/labels.d.ts.map +1 -1
- package/dist/main.js +3 -1
- package/dist/oauth/server.d.ts.map +1 -1
- package/dist/oauth/session.d.ts +6 -4
- package/dist/oauth/session.d.ts.map +1 -1
- package/dist/oauth/session.js +32 -32
- package/dist/opengraph.d.ts.map +1 -1
- package/dist/pds-proxy.d.ts +3 -0
- package/dist/pds-proxy.d.ts.map +1 -1
- package/dist/pds-proxy.js +20 -4
- package/dist/renderer.d.ts.map +1 -1
- package/dist/response.js +1 -1
- package/dist/server-init.d.ts.map +1 -1
- package/dist/server-init.js +3 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +36 -7
- package/dist/vite-plugin.d.ts.map +1 -1
- package/dist/vite-plugin.js +6 -4
- package/dist/xrpc.d.ts +2 -0
- package/dist/xrpc.d.ts.map +1 -1
- package/package.json +4 -4
package/dist/adapter.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adapter.d.ts","sourceRoot":"","sources":["../src/adapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,eAAe,EAAE,KAAK,cAAc,EAAgB,MAAM,WAAW,CAAA;AAEnF;;GAEG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CA0BrE;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAuBzF;AAED,wFAAwF;AACxF,eAAO,MAAM,WAAW,
|
|
1
|
+
{"version":3,"file":"adapter.d.ts","sourceRoot":"","sources":["../src/adapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,eAAe,EAAE,KAAK,cAAc,EAAgB,MAAM,WAAW,CAAA;AAEnF;;GAEG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CA0BrE;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,GAAG,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAuBzF;AAED,wFAAwF;AACxF,eAAO,MAAM,WAAW,UAavB,CAAA;AAED,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAErD;AAED;;;;GAIG;AACH,wBAAgB,KAAK,CACnB,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,EAChD,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,MAAM,EACb,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK,IAAI,6EA4BjF"}
|
package/dist/adapter.js
CHANGED
|
@@ -56,9 +56,22 @@ export async function sendResponse(res, response) {
|
|
|
56
56
|
}
|
|
57
57
|
}
|
|
58
58
|
/** Routes handled by hatk — everything else can fall through to a framework handler. */
|
|
59
|
-
export const HATK_ROUTES = [
|
|
59
|
+
export const HATK_ROUTES = [
|
|
60
|
+
'/xrpc/',
|
|
61
|
+
'/oauth/',
|
|
62
|
+
'/oauth-client-metadata.json',
|
|
63
|
+
'/.well-known/',
|
|
64
|
+
'/og/',
|
|
65
|
+
'/admin',
|
|
66
|
+
'/repos',
|
|
67
|
+
'/info/',
|
|
68
|
+
'/_health',
|
|
69
|
+
'/robots.txt',
|
|
70
|
+
'/auth/logout',
|
|
71
|
+
'/__dev/',
|
|
72
|
+
];
|
|
60
73
|
export function isHatkRoute(pathname) {
|
|
61
|
-
return HATK_ROUTES.some(r => pathname.startsWith(r) || pathname === r);
|
|
74
|
+
return HATK_ROUTES.some((r) => pathname.startsWith(r) || pathname === r);
|
|
62
75
|
}
|
|
63
76
|
/**
|
|
64
77
|
* Create a Node.js HTTP server from a Web Standard fetch handler.
|
package/dist/cli.js
CHANGED
|
@@ -1545,7 +1545,7 @@ else if (command === 'generate') {
|
|
|
1545
1545
|
typeExports.push('RecordRegistry', 'CreateRecord', 'DeleteRecord', 'PutRecord');
|
|
1546
1546
|
}
|
|
1547
1547
|
// Named defs (views, objects) — collect from emittedDefNames minus main types
|
|
1548
|
-
const mainTypeNames = new Set(entries.filter(e => e.defType).map(e => capitalize(varNames.get(e.nsid))));
|
|
1548
|
+
const mainTypeNames = new Set(entries.filter((e) => e.defType).map((e) => capitalize(varNames.get(e.nsid))));
|
|
1549
1549
|
for (const name of emittedDefNames) {
|
|
1550
1550
|
if (!mainTypeNames.has(name) && !typeExports.includes(name)) {
|
|
1551
1551
|
typeExports.push(name);
|
|
@@ -1558,10 +1558,10 @@ else if (command === 'generate') {
|
|
|
1558
1558
|
// SSR: uses globalThis.__hatk_callXrpc bridge (direct handler invocation)
|
|
1559
1559
|
// Client: fetches via HTTP (GET for queries, POST for procedures, raw POST for blobs)
|
|
1560
1560
|
if (procedureNsids.length > 0) {
|
|
1561
|
-
clientOut += `\nconst _procedures = new Set([${procedureNsids.map(n => `'${n}'`).join(', ')}])\n`;
|
|
1561
|
+
clientOut += `\nconst _procedures = new Set([${procedureNsids.map((n) => `'${n}'`).join(', ')}])\n`;
|
|
1562
1562
|
}
|
|
1563
1563
|
if (blobInputNsids.length > 0) {
|
|
1564
|
-
clientOut += `const _blobInputs = new Set([${blobInputNsids.map(n => `'${n}'`).join(', ')}])\n`;
|
|
1564
|
+
clientOut += `const _blobInputs = new Set([${blobInputNsids.map((n) => `'${n}'`).join(', ')}])\n`;
|
|
1565
1565
|
}
|
|
1566
1566
|
clientOut += `\ntype CallArg<K extends keyof XrpcSchema> =\n`;
|
|
1567
1567
|
clientOut += ` XrpcSchema[K] extends { input: infer I } ? I :\n`;
|
|
@@ -1600,6 +1600,7 @@ else if (command === 'generate') {
|
|
|
1600
1600
|
if (procedureNsids.length > 0) {
|
|
1601
1601
|
clientOut += ` if (_procedures.has(nsid)) {\n`;
|
|
1602
1602
|
clientOut += ` const res = await fetch(url, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(arg) })\n`;
|
|
1603
|
+
clientOut += ` if (res.status === 401) { window.location.href = '/oauth/login'; return new Promise(() => {}) as any }\n`;
|
|
1603
1604
|
clientOut += ` if (!res.ok) throw new Error(\`XRPC \${nsid} failed: \${res.status}\`)\n`;
|
|
1604
1605
|
clientOut += ` return res.json() as Promise<OutputOf<K>>\n`;
|
|
1605
1606
|
clientOut += ` }\n`;
|
|
@@ -1608,36 +1609,12 @@ else if (command === 'generate') {
|
|
|
1608
1609
|
clientOut += ` if (v != null) url.searchParams.set(k, String(v))\n`;
|
|
1609
1610
|
clientOut += ` }\n`;
|
|
1610
1611
|
clientOut += ` const res = await fetch(url)\n`;
|
|
1612
|
+
clientOut += ` if (res.status === 401) { window.location.href = '/oauth/login'; return new Promise(() => {}) as any }\n`;
|
|
1611
1613
|
clientOut += ` if (!res.ok) throw new Error(\`XRPC \${nsid} failed: \${res.status}\`)\n`;
|
|
1612
1614
|
clientOut += ` return res.json() as Promise<OutputOf<K>>\n`;
|
|
1613
1615
|
clientOut += `}\n`;
|
|
1614
|
-
// getViewer —
|
|
1615
|
-
clientOut += `\nexport
|
|
1616
|
-
clientOut += ` if (typeof window === 'undefined') {\n`;
|
|
1617
|
-
clientOut += ` try {\n`;
|
|
1618
|
-
clientOut += ` const parse = (globalThis as any).__hatk_parseSessionCookie\n`;
|
|
1619
|
-
clientOut += ` if (parse) {\n`;
|
|
1620
|
-
clientOut += ` const { getRequestEvent } = await import('$app/server')\n`;
|
|
1621
|
-
clientOut += ` const event = getRequestEvent()\n`;
|
|
1622
|
-
clientOut += ` const cookieName = (globalThis as any).__hatk_sessionCookieName ?? '__hatk_session'\n`;
|
|
1623
|
-
clientOut += ` const cookieValue = event.cookies.get(cookieName)\n`;
|
|
1624
|
-
clientOut += ` if (cookieValue) {\n`;
|
|
1625
|
-
clientOut += ` const request = new Request('http://localhost', {\n`;
|
|
1626
|
-
clientOut += ` headers: { cookie: \`\${cookieName}=\${cookieValue}\` },\n`;
|
|
1627
|
-
clientOut += ` })\n`;
|
|
1628
|
-
clientOut += ` return parse(request)\n`;
|
|
1629
|
-
clientOut += ` }\n`;
|
|
1630
|
-
clientOut += ` }\n`;
|
|
1631
|
-
clientOut += ` } catch {}\n`;
|
|
1632
|
-
clientOut += ` return (globalThis as any).__hatk_viewer ?? null\n`;
|
|
1633
|
-
clientOut += ` }\n`;
|
|
1634
|
-
clientOut += ` try {\n`;
|
|
1635
|
-
clientOut += ` const mod = (globalThis as any).__hatk_auth\n`;
|
|
1636
|
-
clientOut += ` if (mod?.viewerDid) {\n`;
|
|
1637
|
-
clientOut += ` const did = mod.viewerDid()\n`;
|
|
1638
|
-
clientOut += ` if (did) return { did }\n`;
|
|
1639
|
-
clientOut += ` }\n`;
|
|
1640
|
-
clientOut += ` } catch {}\n`;
|
|
1616
|
+
// getViewer — returns the viewer set by layout load (server) or $effect (client)
|
|
1617
|
+
clientOut += `\nexport function getViewer(): { did: string; handle: string } | null {\n`;
|
|
1641
1618
|
clientOut += ` return (globalThis as any).__hatk_viewer ?? null\n`;
|
|
1642
1619
|
clientOut += `}\n`;
|
|
1643
1620
|
writeFileSync('./hatk.generated.client.ts', clientOut);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sqlite-search.d.ts","sourceRoot":"","sources":["../../../src/database/adapters/sqlite-search.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC7C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAE/C;;;;;;GAMG;AACH,qBAAa,gBAAiB,YAAW,UAAU;IACrC,OAAO,CAAC,IAAI;gBAAJ,IAAI,EAAE,YAAY;IAEhC,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAQlD,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"sqlite-search.d.ts","sourceRoot":"","sources":["../../../src/database/adapters/sqlite-search.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAC7C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAE/C;;;;;;GAMG;AACH,qBAAa,gBAAiB,YAAW,UAAU;IACrC,OAAO,CAAC,IAAI;gBAAJ,IAAI,EAAE,YAAY;IAEhC,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAQlD,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAuB5F,WAAW,CACf,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,EAClC,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,IAAI,CAAC;IA2BV,eAAe,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;YAKjF,cAAc;IAatB,MAAM,CACV,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,cAAc,EAAE,MAAM,EAAE,EACxB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAWlD"}
|
|
@@ -11,7 +11,10 @@ export class SQLiteSearchPort {
|
|
|
11
11
|
this.port = port;
|
|
12
12
|
}
|
|
13
13
|
async indexExists(shadowTable) {
|
|
14
|
-
const rows = await this.port.query(`SELECT 1 FROM sqlite_master WHERE type='table' AND name IN ($1, $2)`, [
|
|
14
|
+
const rows = await this.port.query(`SELECT 1 FROM sqlite_master WHERE type='table' AND name IN ($1, $2)`, [
|
|
15
|
+
shadowTable,
|
|
16
|
+
`${shadowTable}_fts`,
|
|
17
|
+
]);
|
|
15
18
|
return rows.length >= 2;
|
|
16
19
|
}
|
|
17
20
|
async buildIndex(shadowTable, sourceQuery, searchColumns) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fts.d.ts","sourceRoot":"","sources":["../../src/database/fts.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAuE5C,wBAAgB,aAAa,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI,GAAG,IAAI,CAE3D;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,wBAAgB,aAAa,IAAI,UAAU,GAAG,IAAI,CAEjD;AAWD,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,CAE7D;AAED,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAElE;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAEvD;AAgFD;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAmBrE;AAED,wBAAsB,WAAW,
|
|
1
|
+
{"version":3,"file":"fts.d.ts","sourceRoot":"","sources":["../../src/database/fts.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAuE5C,wBAAgB,aAAa,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI,GAAG,IAAI,CAE3D;AAED,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,wBAAgB,aAAa,IAAI,UAAU,GAAG,IAAI,CAEjD;AAWD,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,CAE7D;AAED,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAElE;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAEvD;AAgFD;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAmBrE;AAED,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,CAehH;AAED,wBAAsB,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAepF;AAED,wBAAsB,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAYpF;AAokBD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAIpD;AAED,wBAAsB,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA4B5E"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ports.d.ts","sourceRoot":"","sources":["../../src/database/ports.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,CAAA;AAEtD,MAAM,WAAW,YAAY;IAC3B,wDAAwD;IACxD,OAAO,EAAE,OAAO,CAAA;IAEhB,kEAAkE;IAClE,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEjC,kDAAkD;IAClD,KAAK,IAAI,IAAI,CAAA;IAEb,yDAAyD;IACzD,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAA;IAEjF,8DAA8D;IAC9D,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEvD,gEAAgE;IAChE,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE3C,0BAA0B;IAC1B,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAEjC,qCAAqC;IACrC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAEvB,uCAAuC;IACvC,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAEzB,wDAAwD;IACxD,kBAAkB,CAChB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EAAE,EACjB,OAAO,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GAClE,OAAO,CAAC,YAAY,CAAC,CAAA;CACzB;AAED,MAAM,WAAW,YAAY;IAC3B,oCAAoC;IACpC,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;IAE/B,0CAA0C;IAC1C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAEtB,+CAA+C;IAC/C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,6CAA6C;IAC7C,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE5F,4DAA4D;IAC5D,WAAW,CAAC,
|
|
1
|
+
{"version":3,"file":"ports.d.ts","sourceRoot":"","sources":["../../src/database/ports.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,CAAA;AAEtD,MAAM,WAAW,YAAY;IAC3B,wDAAwD;IACxD,OAAO,EAAE,OAAO,CAAA;IAEhB,kEAAkE;IAClE,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEjC,kDAAkD;IAClD,KAAK,IAAI,IAAI,CAAA;IAEb,yDAAyD;IACzD,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAA;IAEjF,8DAA8D;IAC9D,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEvD,gEAAgE;IAChE,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE3C,0BAA0B;IAC1B,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAEjC,qCAAqC;IACrC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAEvB,uCAAuC;IACvC,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAEzB,wDAAwD;IACxD,kBAAkB,CAChB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EAAE,EACjB,OAAO,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GAClE,OAAO,CAAC,YAAY,CAAC,CAAA;CACzB;AAED,MAAM,WAAW,YAAY;IAC3B,oCAAoC;IACpC,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;IAE/B,0CAA0C;IAC1C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAEtB,+CAA+C;IAC/C,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,6CAA6C;IAC7C,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE5F,4DAA4D;IAC5D,WAAW,CAAC,CACV,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,EAClC,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,IAAI,CAAC,CAAA;IAEhB,gDAAgD;IAChD,eAAe,CAAC,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAE1F,8EAA8E;IAC9E,WAAW,CAAC,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAEnD,iDAAiD;IACjD,MAAM,CACJ,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,EAAE,EACvB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC,CAAA;CAClD"}
|
package/dist/dev-entry.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dev-entry.d.ts","sourceRoot":"","sources":["../src/dev-entry.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"dev-entry.d.ts","sourceRoot":"","sources":["../src/dev-entry.ts"],"names":[],"mappings":"AA2GA,eAAO,MAAM,OAAO,yCAKlB,CAAA;AAEF,yEAAyE;AACzE,wBAAsB,YAAY,kBAEjC;AAED,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AACpC,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAA"}
|
package/dist/dev-entry.js
CHANGED
|
@@ -86,7 +86,8 @@ runBackfill({
|
|
|
86
86
|
plcUrl: config.plc,
|
|
87
87
|
collections: collectionSet,
|
|
88
88
|
config: config.backfill,
|
|
89
|
-
})
|
|
89
|
+
})
|
|
90
|
+
.then(() => rebuildAllIndexes(Array.from(collectionSet)))
|
|
90
91
|
.catch((err) => console.error('[backfill]', err.message));
|
|
91
92
|
// Export the handler for Vite middleware
|
|
92
93
|
export const handler = createHandler({
|
package/dist/labels.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"labels.d.ts","sourceRoot":"","sources":["../src/labels.ts"],"names":[],"mappings":"AA8BA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAIlD,wDAAwD;AACxD,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE;QACF,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QACtD,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;KACtD,CAAA;IACD,MAAM,EAAE;QACN,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,UAAU,EAAE,MAAM,CAAA;QAClB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;KAC3B,CAAA;CACF;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,eAAe,CAAA;IAC5B,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;CACxD;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW;iBAJjC,eAAe;eACjB,CAAC,GAAG,EAAE,gBAAgB,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;;EAKxD;AAYD;;;;;;;;GAQG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAmCjE;AAED,oEAAoE;AACpE,wBAAgB,mBAAmB,
|
|
1
|
+
{"version":3,"file":"labels.d.ts","sourceRoot":"","sources":["../src/labels.ts"],"names":[],"mappings":"AA8BA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAIlD,wDAAwD;AACxD,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE;QACF,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QACtD,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;KACtD,CAAA;IACD,MAAM,EAAE;QACN,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,UAAU,EAAE,MAAM,CAAA;QAClB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;KAC3B,CAAA;CACF;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,eAAe,CAAA;IAC5B,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;CACxD;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW;iBAJjC,eAAe;eACjB,CAAC,GAAG,EAAE,gBAAgB,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;;EAKxD;AAYD;;;;;;;;GAQG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAmCjE;AAED,oEAAoE;AACpE,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE;IAAE,UAAU,CAAC,EAAE,eAAe,CAAC;IAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAA;CAAE,GAClG,IAAI,CAON;AAED;;;GAGG;AACH,wBAAsB,aAAa,CAAC,MAAM,EAAE;IAC1C,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,UAAU,EAAE,MAAM,CAAA;IAClB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;CAC3B,GAAG,OAAO,CAAC,IAAI,CAAC,CAyBhB;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAuCvG;AAED,yEAAyE;AACzE,wBAAgB,mBAAmB,IAAI,eAAe,EAAE,CAEvD"}
|
package/dist/main.js
CHANGED
|
@@ -100,7 +100,9 @@ else {
|
|
|
100
100
|
await initSetup(resolve(configDir, 'setup'));
|
|
101
101
|
await loadOnLoginHook(resolve(configDir, 'hooks'));
|
|
102
102
|
await initFeeds(resolve(configDir, 'feeds'));
|
|
103
|
-
log(`[main] Feeds initialized: ${listFeeds()
|
|
103
|
+
log(`[main] Feeds initialized: ${listFeeds()
|
|
104
|
+
.map((f) => f.name)
|
|
105
|
+
.join(', ') || 'none'}`);
|
|
104
106
|
await initXrpc(resolve(configDir, 'xrpc'));
|
|
105
107
|
log(`[main] XRPC handlers initialized: ${listXrpc().join(', ') || 'none'}`);
|
|
106
108
|
await initOpengraph(resolve(configDir, 'og'));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/oauth/server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AA2E/C,wBAAsB,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBrG;AAID,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;;;;;;;;;;;;;;;EAqBxE;AAED,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;EAO/E;AAED,wBAAgB,OAAO;;;;;;;;;;;;;;;;;;;;;;EAWtB;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;;;;;EAcpE;AAID,wBAAsB,SAAS,CAC7B,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,CA2ItD;AAID,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,CAShF;AAID,wBAAsB,WAAW,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/oauth/server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AA2E/C,wBAAsB,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBrG;AAID,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;;;;;;;;;;;;;;;EAqBxE;AAED,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;EAO/E;AAED,wBAAgB,OAAO;;;;;;;;;;;;;;;;;;;;;;EAWtB;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;;;;;;;;;EAcpE;AAID,wBAAsB,SAAS,CAC7B,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,CA2ItD;AAID,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,GAAG,MAAM,CAShF;AAID,wBAAsB,WAAW,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAoGtF;AAID,wBAAsB,cAAc,CAClC,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GAAG,IAAI,EACpB,GAAG,EAAE,MAAM,GAAG,IAAI,GACjB,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,CAyHrG;AAID,wBAAsB,WAAW,CAC/B,MAAM,EAAE,WAAW,EACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,GAAG,CAAC,CAUd;AA0JD,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,WAAW,EACnB,OAAO,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACtF,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAmEpF;AAID,wBAAsB,YAAY,CAChC,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,GACV,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CA0BjC"}
|
package/dist/oauth/session.d.ts
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
|
+
export type SessionData = {
|
|
2
|
+
did: string;
|
|
3
|
+
handle: string;
|
|
4
|
+
};
|
|
1
5
|
export declare function getSessionCookieName(): string;
|
|
2
6
|
export declare function initSession(privateJwk: JsonWebKey, cookieName?: string): void;
|
|
3
|
-
export declare function createSessionCookie(
|
|
7
|
+
export declare function createSessionCookie(data: SessionData): Promise<string>;
|
|
4
8
|
export declare function sessionCookieHeader(value: string, secure: boolean): string;
|
|
5
9
|
export declare function clearSessionCookieHeader(): string;
|
|
6
|
-
export declare function parseSessionCookie(request: Request): Promise<
|
|
7
|
-
did: string;
|
|
8
|
-
} | null>;
|
|
10
|
+
export declare function parseSessionCookie(request: Request): Promise<SessionData | null>;
|
|
9
11
|
//# sourceMappingURL=session.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/oauth/session.ts"],"names":[],"mappings":"AASA,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C;AAED,wBAAgB,WAAW,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAG7E;
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/oauth/session.ts"],"names":[],"mappings":"AASA,MAAM,MAAM,WAAW,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAA;AAEzD,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C;AAED,wBAAgB,WAAW,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAG7E;AAcD,wBAAsB,mBAAmB,CAAC,IAAI,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAM5E;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,MAAM,CAI1E;AAED,wBAAgB,wBAAwB,IAAI,MAAM,CAEjD;AAED,wBAAsB,kBAAkB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAuBtF"}
|
package/dist/oauth/session.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
// SSR session cookie —
|
|
2
|
-
// Separate from OAuth protocol flows but uses the same server keypair.
|
|
1
|
+
// SSR session cookie — AES-GCM encrypted HttpOnly cookie for server-side viewer resolution.
|
|
2
|
+
// Separate from OAuth protocol flows but uses the same server keypair for key derivation.
|
|
3
3
|
import { base64UrlEncode, base64UrlDecode } from "./crypto.js";
|
|
4
4
|
let _privateJwk;
|
|
5
5
|
let _cookieName = '__hatk_session';
|
|
@@ -12,24 +12,20 @@ export function initSession(privateJwk, cookieName) {
|
|
|
12
12
|
if (cookieName)
|
|
13
13
|
_cookieName = cookieName;
|
|
14
14
|
}
|
|
15
|
-
async function
|
|
16
|
-
|
|
15
|
+
async function aesKey() {
|
|
16
|
+
const raw = new TextEncoder().encode(JSON.stringify(_privateJwk, Object.keys(_privateJwk).sort()));
|
|
17
|
+
const keyMaterial = await crypto.subtle.importKey('raw', raw, 'HKDF', false, ['deriveKey']);
|
|
18
|
+
return crypto.subtle.deriveKey({ name: 'HKDF', hash: 'SHA-256', salt: new Uint8Array(0), info: new TextEncoder().encode('hatk-session-cookie') }, keyMaterial, { name: 'AES-GCM', length: 256 }, false, ['encrypt', 'decrypt']);
|
|
17
19
|
}
|
|
18
|
-
export async function createSessionCookie(
|
|
19
|
-
const
|
|
20
|
-
const
|
|
21
|
-
const key = await
|
|
22
|
-
const
|
|
23
|
-
return `${
|
|
20
|
+
export async function createSessionCookie(data) {
|
|
21
|
+
const payload = JSON.stringify({ ...data, ts: Math.floor(Date.now() / 1000) });
|
|
22
|
+
const iv = crypto.getRandomValues(new Uint8Array(12));
|
|
23
|
+
const key = await aesKey();
|
|
24
|
+
const ciphertext = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, new TextEncoder().encode(payload));
|
|
25
|
+
return `${base64UrlEncode(iv)}.${base64UrlEncode(new Uint8Array(ciphertext))}`;
|
|
24
26
|
}
|
|
25
27
|
export function sessionCookieHeader(value, secure) {
|
|
26
|
-
const parts = [
|
|
27
|
-
`${_cookieName}=${value}`,
|
|
28
|
-
'HttpOnly',
|
|
29
|
-
'SameSite=Lax',
|
|
30
|
-
'Path=/',
|
|
31
|
-
`Max-Age=${MAX_AGE}`,
|
|
32
|
-
];
|
|
28
|
+
const parts = [`${_cookieName}=${value}`, 'HttpOnly', 'SameSite=Lax', 'Path=/', `Max-Age=${MAX_AGE}`];
|
|
33
29
|
if (secure)
|
|
34
30
|
parts.push('Secure');
|
|
35
31
|
return parts.join('; ');
|
|
@@ -41,25 +37,29 @@ export async function parseSessionCookie(request) {
|
|
|
41
37
|
const cookieHeader = request.headers.get('cookie');
|
|
42
38
|
if (!cookieHeader)
|
|
43
39
|
return null;
|
|
44
|
-
const match = cookieHeader
|
|
40
|
+
const match = cookieHeader
|
|
41
|
+
.split(';')
|
|
42
|
+
.map((c) => c.trim())
|
|
43
|
+
.find((c) => c.startsWith(`${_cookieName}=`));
|
|
45
44
|
if (!match)
|
|
46
45
|
return null;
|
|
47
46
|
const value = match.slice(_cookieName.length + 1);
|
|
48
47
|
const parts = value.split('.');
|
|
49
|
-
|
|
50
|
-
if (parts.length < 3)
|
|
48
|
+
if (parts.length !== 2)
|
|
51
49
|
return null;
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
50
|
+
try {
|
|
51
|
+
const iv = base64UrlDecode(parts[0]);
|
|
52
|
+
const ciphertext = base64UrlDecode(parts[1]);
|
|
53
|
+
const key = await aesKey();
|
|
54
|
+
const plaintext = await crypto.subtle.decrypt({ name: 'AES-GCM', iv }, key, ciphertext);
|
|
55
|
+
const data = JSON.parse(new TextDecoder().decode(plaintext));
|
|
56
|
+
if (!data.did || !data.handle || !data.ts)
|
|
57
|
+
return null;
|
|
58
|
+
if (Date.now() / 1000 - data.ts > MAX_AGE)
|
|
59
|
+
return null;
|
|
60
|
+
return { did: data.did, handle: data.handle };
|
|
61
|
+
}
|
|
62
|
+
catch {
|
|
57
63
|
return null;
|
|
58
|
-
|
|
59
|
-
const key = await hmacKey('verify');
|
|
60
|
-
const sigBytes = base64UrlDecode(signature);
|
|
61
|
-
const valid = await crypto.subtle.verify('HMAC', key, sigBytes, new TextEncoder().encode(payload));
|
|
62
|
-
if (!valid)
|
|
63
|
-
return null;
|
|
64
|
-
return { did };
|
|
64
|
+
}
|
|
65
65
|
}
|
package/dist/opengraph.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"opengraph.d.ts","sourceRoot":"","sources":["../src/opengraph.ts"],"names":[],"mappings":"AA+BA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AAE5C,4CAA4C;AAC5C,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE;QACL,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QAC3B,QAAQ,CAAC,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,GAAG,MAAM,CAAA;QAC3C,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KACnB,CAAA;CACF;AAED,uDAAuD;AACvD,MAAM,WAAW,gBAAiB,SAAQ,WAAW;IACnD,UAAU,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;CACpD;AAED,qDAAqD;AACrD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,UAAU,CAAA;IACnB,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,GAAG,EAAE,CAAA;KAAE,CAAA;IAC5D,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CAChD;AAED,wBAAgB,QAAQ,
|
|
1
|
+
{"version":3,"file":"opengraph.d.ts","sourceRoot":"","sources":["../src/opengraph.ts"],"names":[],"mappings":"AA+BA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AAE5C,4CAA4C;AAC5C,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE;QACL,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;QAC3B,QAAQ,CAAC,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,GAAG,MAAM,CAAA;QAC3C,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KACnB,CAAA;CACF;AAED,uDAAuD;AACvD,MAAM,WAAW,gBAAiB,SAAQ,WAAW;IACnD,UAAU,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;CACpD;AAED,qDAAqD;AACrD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,UAAU,CAAA;IACnB,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,GAAG,EAAE,CAAA;KAAE,CAAA;IAC5D,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CAChD;AAED,wBAAgB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,OAAO,CAAC,eAAe,CAAC;;;oBAA7C,gBAAgB,KAAK,OAAO,CAAC,eAAe,CAAC;EAEnG;AAkCD,wBAAsB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAoGhE;AAED,kEAAkE;AAClE,wBAAgB,iBAAiB,CAAC,KAAK,EAAE;IACvC,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,OAAO,CAAC,eAAe,CAAC,CAAA;CAC9D,GAAG,IAAI,CAgFP;AAED,wBAAsB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA+BrF;AAED,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAyC3E"}
|
package/dist/pds-proxy.d.ts
CHANGED
|
@@ -3,6 +3,9 @@ export declare class ProxyError extends Error {
|
|
|
3
3
|
status: number;
|
|
4
4
|
constructor(status: number, message: string);
|
|
5
5
|
}
|
|
6
|
+
export declare class ScopeMissingProxyError extends ProxyError {
|
|
7
|
+
constructor();
|
|
8
|
+
}
|
|
6
9
|
export declare function pdsCreateRecord(oauthConfig: OAuthConfig, viewer: {
|
|
7
10
|
did: string;
|
|
8
11
|
}, input: {
|
package/dist/pds-proxy.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pds-proxy.d.ts","sourceRoot":"","sources":["../src/pds-proxy.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAS9C,qBAAa,UAAW,SAAQ,KAAK;
|
|
1
|
+
{"version":3,"file":"pds-proxy.d.ts","sourceRoot":"","sources":["../src/pds-proxy.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAS9C,qBAAa,UAAW,SAAQ,KAAK;IAE1B,MAAM,EAAE,MAAM;gBAAd,MAAM,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM;CAIlB;AAED,qBAAa,sBAAuB,SAAQ,UAAU;;CAIrD;AAoHD,wBAAsB,eAAe,CACnC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,KAAK,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,GAC3F,OAAO,CAAC;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAiCzC;AAED,wBAAsB,eAAe,CACnC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,KAAK,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAC1C,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAyBlC;AAED,wBAAsB,YAAY,CAChC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,KAAK,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GAC1F,OAAO,CAAC;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA8BzC;AAED,wBAAsB,aAAa,CACjC,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,EACvB,IAAI,EAAE,UAAU,EAChB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;IAAE,IAAI,EAAE,OAAO,CAAA;CAAE,CAAC,CAS5B"}
|
package/dist/pds-proxy.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
// Shared PDS proxy functions — used by both HTTP route handlers and XRPC handlers.
|
|
2
|
-
import { getSession, getServerKey } from "./oauth/db.js";
|
|
2
|
+
import { getSession, getServerKey, deleteSession } from "./oauth/db.js";
|
|
3
3
|
import { createDpopProof } from "./oauth/dpop.js";
|
|
4
4
|
import { refreshPdsSession } from "./oauth/server.js";
|
|
5
5
|
import { validateRecord } from '@bigmoves/lexicon';
|
|
@@ -13,6 +13,11 @@ export class ProxyError extends Error {
|
|
|
13
13
|
this.status = status;
|
|
14
14
|
}
|
|
15
15
|
}
|
|
16
|
+
export class ScopeMissingProxyError extends ProxyError {
|
|
17
|
+
constructor() {
|
|
18
|
+
super(401, 'ScopeMissingError');
|
|
19
|
+
}
|
|
20
|
+
}
|
|
16
21
|
/** Shared retry logic: DPoP nonce handling + token refresh. */
|
|
17
22
|
async function withDpopRetry(oauthConfig, session, doFetch) {
|
|
18
23
|
let accessToken = session.access_token;
|
|
@@ -29,7 +34,12 @@ async function withDpopRetry(oauthConfig, session, doFetch) {
|
|
|
29
34
|
return result;
|
|
30
35
|
}
|
|
31
36
|
}
|
|
32
|
-
// Step 2: handle
|
|
37
|
+
// Step 2: handle insufficient scope — clear session so user re-authenticates with updated scopes
|
|
38
|
+
if (result.body.error === 'ScopeMissingError') {
|
|
39
|
+
await deleteSession(session.did);
|
|
40
|
+
throw new ScopeMissingProxyError();
|
|
41
|
+
}
|
|
42
|
+
// Step 3: handle expired PDS token — refresh and retry
|
|
33
43
|
if (result.body.error === 'invalid_token') {
|
|
34
44
|
const refreshed = await refreshPdsSession(oauthConfig, session);
|
|
35
45
|
if (refreshed) {
|
|
@@ -109,7 +119,10 @@ export async function pdsCreateRecord(oauthConfig, viewer, input) {
|
|
|
109
119
|
await insertRecord(input.collection, String(pdsRes.body.uri), String(pdsRes.body.cid), viewer.did, input.record);
|
|
110
120
|
}
|
|
111
121
|
catch (err) {
|
|
112
|
-
emit('pds-proxy', 'local_index_error', {
|
|
122
|
+
emit('pds-proxy', 'local_index_error', {
|
|
123
|
+
op: 'createRecord',
|
|
124
|
+
error: err instanceof Error ? err.message : String(err),
|
|
125
|
+
});
|
|
113
126
|
}
|
|
114
127
|
return pdsRes.body;
|
|
115
128
|
}
|
|
@@ -131,7 +144,10 @@ export async function pdsDeleteRecord(oauthConfig, viewer, input) {
|
|
|
131
144
|
await dbDeleteRecord(input.collection, uri);
|
|
132
145
|
}
|
|
133
146
|
catch (err) {
|
|
134
|
-
emit('pds-proxy', 'local_index_error', {
|
|
147
|
+
emit('pds-proxy', 'local_index_error', {
|
|
148
|
+
op: 'deleteRecord',
|
|
149
|
+
error: err instanceof Error ? err.message : String(err),
|
|
150
|
+
});
|
|
135
151
|
}
|
|
136
152
|
return pdsRes.body;
|
|
137
153
|
}
|
package/dist/renderer.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"renderer.d.ts","sourceRoot":"","sources":["../src/renderer.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,WAAW;IAC1B,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAED,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAAA;AAKhG,wBAAgB,cAAc,CAAC,OAAO,EAAE,eAAe;;;EAEtD;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI,CAG/D;AAED,wBAAgB,cAAc,CAAC,QAAQ,EAAE,WAAW,GAAG,IAAI,CAE1D;AAED,wBAAgB,WAAW,IAAI,eAAe,GAAG,IAAI,CAEpD;AAED,wBAAgB,cAAc,IAAI,WAAW,GAAG,IAAI,CAEnD;AAED;;;;;;;;GAQG;AACH,wBAAsB,UAAU,
|
|
1
|
+
{"version":3,"file":"renderer.d.ts","sourceRoot":"","sources":["../src/renderer.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,WAAW;IAC1B,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAED,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAAA;AAKhG,wBAAgB,cAAc,CAAC,OAAO,EAAE,eAAe;;;EAEtD;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI,CAG/D;AAED,wBAAgB,cAAc,CAAC,QAAQ,EAAE,WAAW,GAAG,IAAI,CAE1D;AAED,wBAAgB,WAAW,IAAI,eAAe,GAAG,IAAI,CAEpD;AAED,wBAAgB,cAAc,IAAI,WAAW,GAAG,IAAI,CAEnD;AAED;;;;;;;;GAQG;AACH,wBAAsB,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAsBnH"}
|
package/dist/response.js
CHANGED
|
@@ -13,7 +13,7 @@ export function json(data, status = 200, acceptEncoding) {
|
|
|
13
13
|
headers: {
|
|
14
14
|
'Content-Type': 'application/json',
|
|
15
15
|
'Content-Encoding': 'gzip',
|
|
16
|
-
|
|
16
|
+
Vary: 'Accept-Encoding',
|
|
17
17
|
...(status === 200 ? { 'Cache-Control': 'no-store' } : {}),
|
|
18
18
|
},
|
|
19
19
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server-init.d.ts","sourceRoot":"","sources":["../src/server-init.ts"],"names":[],"mappings":"AAWA;;;GAGG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;IAAE,SAAS,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"server-init.d.ts","sourceRoot":"","sources":["../src/server-init.ts"],"names":[],"mappings":"AAWA;;;GAGG;AACH,wBAAsB,UAAU,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;IAAE,SAAS,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA2DjG"}
|
package/dist/server-init.js
CHANGED
|
@@ -53,7 +53,9 @@ export async function initServer(serverDir, opts) {
|
|
|
53
53
|
registerRenderer(scanned.renderer.mod.handler);
|
|
54
54
|
}
|
|
55
55
|
log(`[server] Initialized from server/ directory:`);
|
|
56
|
-
log(` Feeds: ${listFeeds()
|
|
56
|
+
log(` Feeds: ${listFeeds()
|
|
57
|
+
.map((f) => f.name)
|
|
58
|
+
.join(', ') || 'none'}`);
|
|
57
59
|
log(` XRPC: ${listXrpc().join(', ') || 'none'}`);
|
|
58
60
|
log(` Labels: ${getLabelDefinitions().length} definitions`);
|
|
59
61
|
}
|
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAgDA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AA0B9C;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI,GAAG,IAAI,CAwH3F;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,EAAE,CAAA;IACrB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,KAAK,EAAE,WAAW,GAAG,IAAI,CAAA;IACzB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACxF,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAA;IAC5D,QAAQ,CAAC,EAAE,MAAM,IAAI,CAAA;CACtB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAwyB5F;AAGD,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EAAE,EACrB,SAAS,EAAE,MAAM,GAAG,IAAI,EACxB,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,MAAM,GAAE,MAAM,EAAO,EACrB,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,EAC5D,QAAQ,CAAC,EAAE,MAAM,IAAI,GACpB,OAAO,WAAW,EAAE,MAAM,CAG5B"}
|
package/dist/server.js
CHANGED
|
@@ -10,12 +10,17 @@ import { getLabelDefinitions, rescanLabels } from "./labels.js";
|
|
|
10
10
|
import { triggerAutoBackfill } from "./indexer.js";
|
|
11
11
|
import { emit, timer } from "./logger.js";
|
|
12
12
|
import { getAuthServerMetadata, getProtectedResourceMetadata, getJwks, getClientMetadata, handlePar, buildAuthorizeRedirect, handleCallback, serverLogin, handleToken, authenticate, } from "./oauth/server.js";
|
|
13
|
-
import { createSessionCookie, sessionCookieHeader, clearSessionCookieHeader, parseSessionCookie } from "./oauth/session.js";
|
|
13
|
+
import { createSessionCookie, sessionCookieHeader, clearSessionCookieHeader, parseSessionCookie, } from "./oauth/session.js";
|
|
14
14
|
import { getOAuthRequest } from "./oauth/db.js";
|
|
15
|
-
import { pdsCreateRecord, pdsDeleteRecord, pdsPutRecord, pdsUploadBlob, ProxyError } from "./pds-proxy.js";
|
|
15
|
+
import { pdsCreateRecord, pdsDeleteRecord, pdsPutRecord, pdsUploadBlob, ProxyError, ScopeMissingProxyError, } from "./pds-proxy.js";
|
|
16
16
|
import { json, jsonError, cors, withCors, file, notFound } from "./response.js";
|
|
17
17
|
import { serve } from "./adapter.js";
|
|
18
18
|
import { renderPage } from "./renderer.js";
|
|
19
|
+
function scopeMissingResponse(acceptEncoding) {
|
|
20
|
+
const res = withCors(jsonError(401, 'ScopeMissingError', acceptEncoding));
|
|
21
|
+
res.headers.append('Set-Cookie', clearSessionCookieHeader());
|
|
22
|
+
return res;
|
|
23
|
+
}
|
|
19
24
|
const MIME = {
|
|
20
25
|
'.html': 'text/html',
|
|
21
26
|
'.js': 'application/javascript',
|
|
@@ -637,7 +642,9 @@ export function createHandler(config) {
|
|
|
637
642
|
const did = url.searchParams.get('did');
|
|
638
643
|
if (!did)
|
|
639
644
|
return withCors(jsonError(400, 'did required', acceptEncoding));
|
|
640
|
-
const
|
|
645
|
+
const handleRows = await querySQL('SELECT handle FROM _repos WHERE did = $1', [did]);
|
|
646
|
+
const handle = handleRows[0]?.handle ?? did;
|
|
647
|
+
const cookieValue = await createSessionCookie({ did, handle });
|
|
641
648
|
const secure = url.protocol === 'https:';
|
|
642
649
|
return new Response(JSON.stringify({ ok: true }), {
|
|
643
650
|
status: 200,
|
|
@@ -654,7 +661,10 @@ export function createHandler(config) {
|
|
|
654
661
|
return withCors(jsonError(400, 'handle required', acceptEncoding));
|
|
655
662
|
try {
|
|
656
663
|
const redirectUrl = await serverLogin(oauth, handle);
|
|
657
|
-
return new Response(null, {
|
|
664
|
+
return new Response(null, {
|
|
665
|
+
status: 302,
|
|
666
|
+
headers: { Location: redirectUrl, 'Set-Cookie': clearSessionCookieHeader() },
|
|
667
|
+
});
|
|
658
668
|
}
|
|
659
669
|
catch (err) {
|
|
660
670
|
const message = err instanceof Error ? err.message : 'Login failed';
|
|
@@ -705,7 +715,9 @@ export function createHandler(config) {
|
|
|
705
715
|
return withCors(jsonError(400, 'Missing code', acceptEncoding));
|
|
706
716
|
const result = await handleCallback(oauth, code, state, iss);
|
|
707
717
|
const isSecure = requestOrigin.startsWith('https');
|
|
708
|
-
const
|
|
718
|
+
const handleRows = await querySQL('SELECT handle FROM _repos WHERE did = $1', [result.did]);
|
|
719
|
+
const handle = handleRows[0]?.handle ?? result.did;
|
|
720
|
+
const cookie = await createSessionCookie({ did: result.did, handle });
|
|
709
721
|
// Server-initiated login stores redirectUri as '/' — redirect cleanly without code/iss params
|
|
710
722
|
const redirectTo = result.clientRedirectUri.startsWith('/?code=') ? '/' : result.clientRedirectUri;
|
|
711
723
|
return new Response(null, {
|
|
@@ -751,6 +763,8 @@ export function createHandler(config) {
|
|
|
751
763
|
return withCors(json(result, 200, acceptEncoding));
|
|
752
764
|
}
|
|
753
765
|
catch (err) {
|
|
766
|
+
if (err instanceof ScopeMissingProxyError)
|
|
767
|
+
return scopeMissingResponse(acceptEncoding);
|
|
754
768
|
if (err instanceof ProxyError)
|
|
755
769
|
return withCors(jsonError(err.status, err.message, acceptEncoding));
|
|
756
770
|
throw err;
|
|
@@ -766,6 +780,8 @@ export function createHandler(config) {
|
|
|
766
780
|
return withCors(json(result, 200, acceptEncoding));
|
|
767
781
|
}
|
|
768
782
|
catch (err) {
|
|
783
|
+
if (err instanceof ScopeMissingProxyError)
|
|
784
|
+
return scopeMissingResponse(acceptEncoding);
|
|
769
785
|
if (err instanceof ProxyError)
|
|
770
786
|
return withCors(jsonError(err.status, err.message, acceptEncoding));
|
|
771
787
|
throw err;
|
|
@@ -781,6 +797,8 @@ export function createHandler(config) {
|
|
|
781
797
|
return withCors(json(result, 200, acceptEncoding));
|
|
782
798
|
}
|
|
783
799
|
catch (err) {
|
|
800
|
+
if (err instanceof ScopeMissingProxyError)
|
|
801
|
+
return scopeMissingResponse(acceptEncoding);
|
|
784
802
|
if (err instanceof ProxyError)
|
|
785
803
|
return withCors(jsonError(err.status, err.message, acceptEncoding));
|
|
786
804
|
throw err;
|
|
@@ -797,6 +815,8 @@ export function createHandler(config) {
|
|
|
797
815
|
return withCors(json(result, 200, acceptEncoding));
|
|
798
816
|
}
|
|
799
817
|
catch (err) {
|
|
818
|
+
if (err instanceof ScopeMissingProxyError)
|
|
819
|
+
return scopeMissingResponse(acceptEncoding);
|
|
800
820
|
if (err instanceof ProxyError)
|
|
801
821
|
return withCors(jsonError(err.status, err.message, acceptEncoding));
|
|
802
822
|
throw err;
|
|
@@ -859,6 +879,8 @@ export function createHandler(config) {
|
|
|
859
879
|
return withCors(json(result, 200, acceptEncoding));
|
|
860
880
|
}
|
|
861
881
|
catch (err) {
|
|
882
|
+
if (err instanceof ScopeMissingProxyError)
|
|
883
|
+
return scopeMissingResponse(acceptEncoding);
|
|
862
884
|
if (err instanceof InvalidRequestError) {
|
|
863
885
|
return withCors(jsonError(err.status, err.errorName || err.message, acceptEncoding));
|
|
864
886
|
}
|
|
@@ -890,8 +912,15 @@ export function createHandler(config) {
|
|
|
890
912
|
try {
|
|
891
913
|
const template = await readFile(join(publicDir, 'index.html'), 'utf-8');
|
|
892
914
|
const ogMeta = buildOgMeta(url.pathname, requestOrigin);
|
|
893
|
-
|
|
894
|
-
|
|
915
|
+
globalThis.__hatk_viewer = viewer;
|
|
916
|
+
let renderedHtml;
|
|
917
|
+
try {
|
|
918
|
+
renderedHtml = await renderPage(template, request, ogMeta);
|
|
919
|
+
}
|
|
920
|
+
finally {
|
|
921
|
+
;
|
|
922
|
+
globalThis.__hatk_viewer = null;
|
|
923
|
+
}
|
|
895
924
|
if (renderedHtml) {
|
|
896
925
|
return withCors(file(Buffer.from(renderedHtml), 'text/html'));
|
|
897
926
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vite-plugin.d.ts","sourceRoot":"","sources":["../src/vite-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgC,KAAK,MAAM,EAA6C,MAAM,MAAM,CAAA;AA8D3G,wBAAgB,IAAI,CAAC,IAAI,CAAC,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"vite-plugin.d.ts","sourceRoot":"","sources":["../src/vite-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgC,KAAK,MAAM,EAA6C,MAAM,MAAM,CAAA;AA8D3G,wBAAgB,IAAI,CAAC,IAAI,CAAC,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAoOrD"}
|
package/dist/vite-plugin.js
CHANGED
|
@@ -73,7 +73,7 @@ export function hatk(opts) {
|
|
|
73
73
|
name: 'vite-plugin-hatk',
|
|
74
74
|
// Rewrite $hatk imports in source code so SSR module runners can resolve them.
|
|
75
75
|
// vite-plus's fetchModule bypasses resolve.alias for bare imports.
|
|
76
|
-
transform(code,
|
|
76
|
+
transform(code, _id) {
|
|
77
77
|
if (!code.includes('$hatk'))
|
|
78
78
|
return;
|
|
79
79
|
const hatk = resolve('hatk.generated.ts');
|
|
@@ -87,7 +87,7 @@ export function hatk(opts) {
|
|
|
87
87
|
resolve: {
|
|
88
88
|
alias: {
|
|
89
89
|
'$hatk/client': resolve('hatk.generated.client.ts'),
|
|
90
|
-
|
|
90
|
+
$hatk: resolve('hatk.generated.ts'),
|
|
91
91
|
},
|
|
92
92
|
},
|
|
93
93
|
environments: {
|
|
@@ -249,9 +249,11 @@ export function hatk(opts) {
|
|
|
249
249
|
if (!reloadTimer) {
|
|
250
250
|
reloadTimer = setTimeout(() => {
|
|
251
251
|
reloadTimer = null;
|
|
252
|
-
reloadServer()
|
|
252
|
+
reloadServer()
|
|
253
|
+
.then(() => {
|
|
253
254
|
console.log('[hatk] Server handlers reloaded');
|
|
254
|
-
})
|
|
255
|
+
})
|
|
256
|
+
.catch((err) => {
|
|
255
257
|
console.error('[hatk] Failed to reload server handlers:', err.message);
|
|
256
258
|
});
|
|
257
259
|
}, 50);
|
package/dist/xrpc.d.ts
CHANGED
|
@@ -31,6 +31,7 @@ export interface XrpcContext<P = Record<string, string>, Records extends Record<
|
|
|
31
31
|
limit: number;
|
|
32
32
|
viewer: {
|
|
33
33
|
did: string;
|
|
34
|
+
handle?: string;
|
|
34
35
|
} | null;
|
|
35
36
|
packCursor: (primary: string | number, cid: string) => string;
|
|
36
37
|
unpackCursor: (cursor: string) => {
|
|
@@ -83,6 +84,7 @@ export declare function callXrpc(nsid: string, params?: Record<string, any>, inp
|
|
|
83
84
|
*/
|
|
84
85
|
export declare function registerCoreXrpcHandler(nsid: string, fn: (params: Record<string, string>, cursor: string | undefined, limit: number, viewer: {
|
|
85
86
|
did: string;
|
|
87
|
+
handle?: string;
|
|
86
88
|
} | null, input?: unknown) => Promise<any>): void;
|
|
87
89
|
/** Return all registered XRPC method names. */
|
|
88
90
|
export declare function listXrpc(): string[];
|
package/dist/xrpc.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"xrpc.d.ts","sourceRoot":"","sources":["../src/xrpc.ts"],"names":[],"mappings":"AAsCA,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAA;AAElD,YAAY,EAAE,GAAG,EAAE,OAAO,EAAE,CAAA;AAE5B,gFAAgF;AAChF,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,MAAM,SAAM;IACZ,SAAS,CAAC,EAAE,MAAM,CAAA;gBACN,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;CAIhD;AACD,0DAA0D;AAC1D,qBAAa,aAAc,SAAQ,mBAAmB;IACpD,MAAM,SAAM;gBACA,OAAO,SAAc;CAGlC;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW,CAC1B,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC1B,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzD,CAAC,GAAG,OAAO;IAEX,EAAE,EAAE;QACF,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QACtD,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;KACtD,CAAA;IACD,MAAM,EAAE,CAAC,CAAA;IACT,KAAK,EAAE,CAAC,CAAA;IACR,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAA;
|
|
1
|
+
{"version":3,"file":"xrpc.d.ts","sourceRoot":"","sources":["../src/xrpc.ts"],"names":[],"mappings":"AAsCA,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAA;AAElD,YAAY,EAAE,GAAG,EAAE,OAAO,EAAE,CAAA;AAE5B,gFAAgF;AAChF,qBAAa,mBAAoB,SAAQ,KAAK;IAC5C,MAAM,SAAM;IACZ,SAAS,CAAC,EAAE,MAAM,CAAA;gBACN,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;CAIhD;AACD,0DAA0D;AAC1D,qBAAa,aAAc,SAAQ,mBAAmB;IACpD,MAAM,SAAM;gBACA,OAAO,SAAc;CAGlC;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,WAAW,CAC1B,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC1B,OAAO,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzD,CAAC,GAAG,OAAO;IAEX,EAAE,EAAE;QACF,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;QACtD,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;KACtD,CAAA;IACD,MAAM,EAAE,CAAC,CAAA;IACT,KAAK,EAAE,CAAC,CAAA;IACR,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAA;IAC/C,UAAU,EAAE,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,MAAM,CAAA;IAC7D,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAA;IACzE,WAAW,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;IAC9C,mBAAmB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAC7D,MAAM,EAAE,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,OAAO,EACvC,UAAU,EAAE,CAAC,EACb,CAAC,EAAE,MAAM,EACT,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,KACxD,OAAO,CAAC;QAAE,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC7D,OAAO,EAAE,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;IAC3D,MAAM,EAAE,CAAC,CAAC,GAAG,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtG,KAAK,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;IAC5F,MAAM,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;IACjF,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;IACvD,OAAO,EAAE,CACP,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,OAAO,EACZ,MAAM,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,gBAAgB,GAAG,eAAe,KAC9D,MAAM,GAAG,SAAS,CAAA;CACxB;AAgBD,+EAA+E;AAC/E,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,QAE3C;AAED;;;GAGG;AACH,wBAAgB,OAAO,CACrB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,OAAO,EACZ,MAAM,GAAE,QAAQ,GAAG,QAAQ,GAAG,gBAAgB,GAAG,eAA0B,GAC1E,MAAM,GAAG,SAAS,CAQpB;AAoBD;;;;GAIG;AACH,wBAAsB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsE7D;AAED,oEAAoE;AACpE,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE;IAAE,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;CAAE,GAAG,IAAI,CAyD9G;AAED,qFAAqF;AACrF,wBAAsB,WAAW,CAC/B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC9B,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,KAAK,EAAE,MAAM,EACb,MAAM,CAAC,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,EAC/B,KAAK,CAAC,EAAE,OAAO,GACd,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAYrB;AAED,mFAAmF;AACnF,wBAAsB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAM,EAAE,KAAK,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAgB5G;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,MAAM,EACZ,EAAE,EAAE,CACF,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC9B,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,EAC/C,KAAK,CAAC,EAAE,OAAO,KACZ,OAAO,CAAC,GAAG,CAAC,GAChB,IAAI,CAEN;AAED,+CAA+C;AAC/C,wBAAgB,QAAQ,IAAI,MAAM,EAAE,CAEnC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@hatk/hatk",
|
|
3
|
-
"version": "0.0.1-alpha.
|
|
3
|
+
"version": "0.0.1-alpha.35",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"bin": {
|
|
6
6
|
"hatk": "dist/cli.js"
|
|
@@ -41,12 +41,12 @@
|
|
|
41
41
|
"vitest": "^4",
|
|
42
42
|
"yaml": "^2.7.0"
|
|
43
43
|
},
|
|
44
|
-
"peerDependencies": {
|
|
45
|
-
"vite": "^8.0.0"
|
|
46
|
-
},
|
|
47
44
|
"devDependencies": {
|
|
48
45
|
"@types/better-sqlite3": "^7.6.13",
|
|
49
46
|
"@types/react": "^19.2.14",
|
|
50
47
|
"vite": "^8.0.0"
|
|
48
|
+
},
|
|
49
|
+
"peerDependencies": {
|
|
50
|
+
"vite": "^8.0.0"
|
|
51
51
|
}
|
|
52
52
|
}
|