@qlever-llc/trellis 0.10.18-rc.1 → 0.10.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/auth/browser/login.d.ts +8 -7
- package/esm/auth/browser/login.d.ts.map +1 -1
- package/esm/auth/browser/logout.d.ts +23 -0
- package/esm/auth/browser/logout.d.ts.map +1 -0
- package/esm/auth/browser/logout.js +80 -0
- package/esm/auth/browser/portal.d.ts.map +1 -1
- package/esm/auth/browser/portal.js +2 -0
- package/esm/auth/browser/session.d.ts +2 -0
- package/esm/auth/browser/session.d.ts.map +1 -1
- package/esm/auth/browser/session.js +6 -0
- package/esm/auth/browser.d.ts +5 -2
- package/esm/auth/browser.d.ts.map +1 -1
- package/esm/auth/browser.js +4 -2
- package/esm/auth/browser_recovery.d.ts +22 -0
- package/esm/auth/browser_recovery.d.ts.map +1 -0
- package/esm/auth/browser_recovery.js +238 -0
- package/esm/auth/mod.d.ts +2 -2
- package/esm/auth/mod.d.ts.map +1 -1
- package/esm/auth/mod.js +2 -2
- package/esm/auth/protocol.d.ts +1 -0
- package/esm/auth/protocol.d.ts.map +1 -1
- package/esm/auth/protocol.js +1 -0
- package/esm/auth/schemas.d.ts +26 -0
- package/esm/auth/schemas.d.ts.map +1 -1
- package/esm/auth/schemas.js +35 -0
- package/esm/browser.d.ts +2 -2
- package/esm/browser.d.ts.map +1 -1
- package/esm/browser.js +1 -1
- package/esm/client_connect.js +1 -1
- package/esm/generated-sdk/auth/api.d.ts +1 -4
- package/esm/generated-sdk/auth/api.d.ts.map +1 -1
- package/esm/generated-sdk/auth/api.js +1 -6
- package/esm/generated-sdk/auth/client.d.ts +0 -15
- package/esm/generated-sdk/auth/client.d.ts.map +1 -1
- package/esm/generated-sdk/auth/contract.d.ts +1 -1
- package/esm/generated-sdk/auth/contract.d.ts.map +1 -1
- package/esm/generated-sdk/auth/contract.js +11 -3
- package/esm/generated-sdk/auth/schemas.d.ts +2 -0
- package/esm/generated-sdk/auth/schemas.d.ts.map +1 -1
- package/esm/generated-sdk/auth/schemas.js +2 -0
- package/esm/generated-sdk/auth/types.d.ts +4 -2
- package/esm/generated-sdk/auth/types.d.ts.map +1 -1
- package/esm/generated-sdk/auth/types.js +1 -1
- package/esm/generated-sdk/trellis-core/api.d.ts +1 -4
- package/esm/generated-sdk/trellis-core/api.d.ts.map +1 -1
- package/esm/generated-sdk/trellis-core/api.js +1 -6
- package/esm/generated-sdk/trellis-core/client.d.ts +3 -28
- package/esm/generated-sdk/trellis-core/client.d.ts.map +1 -1
- package/esm/models/auth/rpc/Logout.d.ts.map +1 -1
- package/esm/models/auth/rpc/Logout.js +2 -2
- package/package.json +2 -2
- package/script/auth/browser/login.d.ts +8 -7
- package/script/auth/browser/login.d.ts.map +1 -1
- package/script/auth/browser/logout.d.ts +23 -0
- package/script/auth/browser/logout.d.ts.map +1 -0
- package/script/auth/browser/logout.js +84 -0
- package/script/auth/browser/portal.d.ts.map +1 -1
- package/script/auth/browser/portal.js +2 -0
- package/script/auth/browser/session.d.ts +2 -0
- package/script/auth/browser/session.d.ts.map +1 -1
- package/script/auth/browser/session.js +7 -0
- package/script/auth/browser.d.ts +5 -2
- package/script/auth/browser.d.ts.map +1 -1
- package/script/auth/browser.js +12 -1
- package/script/auth/browser_recovery.d.ts +22 -0
- package/script/auth/browser_recovery.d.ts.map +1 -0
- package/script/auth/browser_recovery.js +242 -0
- package/script/auth/mod.d.ts +2 -2
- package/script/auth/mod.d.ts.map +1 -1
- package/script/auth/mod.js +14 -5
- package/script/auth/protocol.d.ts +1 -0
- package/script/auth/protocol.d.ts.map +1 -1
- package/script/auth/protocol.js +1 -0
- package/script/auth/schemas.d.ts +26 -0
- package/script/auth/schemas.d.ts.map +1 -1
- package/script/auth/schemas.js +37 -1
- package/script/browser.d.ts +2 -2
- package/script/browser.d.ts.map +1 -1
- package/script/browser.js +4 -2
- package/script/client_connect.js +1 -1
- package/script/generated-sdk/auth/api.d.ts +1 -4
- package/script/generated-sdk/auth/api.d.ts.map +1 -1
- package/script/generated-sdk/auth/api.js +1 -6
- package/script/generated-sdk/auth/client.d.ts +0 -15
- package/script/generated-sdk/auth/client.d.ts.map +1 -1
- package/script/generated-sdk/auth/contract.d.ts +1 -1
- package/script/generated-sdk/auth/contract.d.ts.map +1 -1
- package/script/generated-sdk/auth/contract.js +11 -3
- package/script/generated-sdk/auth/schemas.d.ts +2 -0
- package/script/generated-sdk/auth/schemas.d.ts.map +1 -1
- package/script/generated-sdk/auth/schemas.js +2 -0
- package/script/generated-sdk/auth/types.d.ts +4 -2
- package/script/generated-sdk/auth/types.d.ts.map +1 -1
- package/script/generated-sdk/auth/types.js +1 -1
- package/script/generated-sdk/trellis-core/api.d.ts +1 -4
- package/script/generated-sdk/trellis-core/api.d.ts.map +1 -1
- package/script/generated-sdk/trellis-core/api.js +1 -6
- package/script/generated-sdk/trellis-core/client.d.ts +3 -28
- package/script/generated-sdk/trellis-core/client.d.ts.map +1 -1
- package/script/models/auth/rpc/Logout.d.ts.map +1 -1
- package/script/models/auth/rpc/Logout.js +2 -2
- package/src/auth/browser/login.ts +12 -8
- package/src/auth/browser/logout.ts +114 -0
- package/src/auth/browser/portal.ts +1 -0
- package/src/auth/browser/session.ts +15 -0
- package/src/auth/browser.ts +22 -0
- package/src/auth/browser_recovery.ts +319 -0
- package/src/auth/mod.ts +16 -0
- package/src/auth/protocol.ts +1 -0
- package/src/auth/schemas.ts +58 -0
- package/src/browser.ts +4 -0
- package/src/client_connect.ts +1 -1
- package/src/models/auth/rpc/Logout.ts +2 -0
- package/src/sdk/_generated/auth/api.ts +2 -9
- package/src/sdk/_generated/auth/client.ts +0 -37
- package/src/sdk/_generated/auth/contract.ts +11 -3
- package/src/sdk/_generated/auth/schemas.ts +2 -0
- package/src/sdk/_generated/auth/types.ts +2 -2
- package/src/sdk/_generated/core/api.ts +2 -9
- package/src/sdk/_generated/core/client.ts +2 -41
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { type AuthLogoutResponse } from "../schemas.js";
|
|
2
|
+
import { type SessionKeyHandle } from "./session.js";
|
|
3
|
+
type LogoutLocation = Pick<Location, "href"> & Partial<Pick<Location, "assign">>;
|
|
4
|
+
export type CompleteSessionLogoutArgs = {
|
|
5
|
+
authUrl: string;
|
|
6
|
+
handle: SessionKeyHandle;
|
|
7
|
+
returnTo?: string;
|
|
8
|
+
providerLogout?: boolean;
|
|
9
|
+
federatedProviderLogout?: boolean;
|
|
10
|
+
location?: LogoutLocation;
|
|
11
|
+
};
|
|
12
|
+
export declare function logoutSession(args: {
|
|
13
|
+
authUrl: string;
|
|
14
|
+
handle: SessionKeyHandle;
|
|
15
|
+
returnTo?: string;
|
|
16
|
+
providerLogout?: boolean;
|
|
17
|
+
federatedProviderLogout?: boolean;
|
|
18
|
+
responseMode?: "json";
|
|
19
|
+
fetch?: typeof fetch;
|
|
20
|
+
}): Promise<AuthLogoutResponse>;
|
|
21
|
+
export declare function completeSessionLogout(args: CompleteSessionLogoutArgs): Promise<never>;
|
|
22
|
+
export {};
|
|
23
|
+
//# sourceMappingURL=logout.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/logout.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,KAAK,kBAAkB,EAExB,MAAM,eAAe,CAAC;AACvB,OAAO,EAGL,KAAK,gBAAgB,EACtB,MAAM,cAAc,CAAC;AAEtB,KAAK,cAAc,GACf,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,GACtB,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;AAEtC,MAAM,MAAM,yBAAyB,GAAG;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B,CAAC;AAEF,wBAAsB,aAAa,CAAC,IAAI,EAAE;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAgD9B;AAED,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,yBAAyB,GAC9B,OAAO,CAAC,KAAK,CAAC,CAuBhB"}
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.logoutSession = logoutSession;
|
|
4
|
+
exports.completeSessionLogout = completeSessionLogout;
|
|
5
|
+
const value_1 = require("typebox/value");
|
|
6
|
+
const schemas_js_1 = require("../schemas.js");
|
|
7
|
+
const session_js_1 = require("./session.js");
|
|
8
|
+
async function logoutSession(args) {
|
|
9
|
+
const iat = Math.floor(Date.now() / 1000);
|
|
10
|
+
const responseMode = args.responseMode ?? "json";
|
|
11
|
+
const sig = await (0, session_js_1.logoutSessionSig)(args.handle, {
|
|
12
|
+
iat,
|
|
13
|
+
...(args.providerLogout === undefined
|
|
14
|
+
? {}
|
|
15
|
+
: { providerLogout: args.providerLogout }),
|
|
16
|
+
...(args.federatedProviderLogout === undefined
|
|
17
|
+
? {}
|
|
18
|
+
: { federatedProviderLogout: args.federatedProviderLogout }),
|
|
19
|
+
...(args.returnTo === undefined ? {} : { returnTo: args.returnTo }),
|
|
20
|
+
responseMode,
|
|
21
|
+
});
|
|
22
|
+
const body = {
|
|
23
|
+
sessionKey: args.handle.sessionKey,
|
|
24
|
+
iat,
|
|
25
|
+
sig,
|
|
26
|
+
...(args.providerLogout === undefined
|
|
27
|
+
? {}
|
|
28
|
+
: { providerLogout: args.providerLogout }),
|
|
29
|
+
...(args.federatedProviderLogout === undefined
|
|
30
|
+
? {}
|
|
31
|
+
: { federatedProviderLogout: args.federatedProviderLogout }),
|
|
32
|
+
...(args.returnTo === undefined ? {} : { returnTo: args.returnTo }),
|
|
33
|
+
responseMode,
|
|
34
|
+
};
|
|
35
|
+
const fetchImpl = args.fetch ?? globalThis.fetch;
|
|
36
|
+
const response = await fetchImpl(logoutUrl(args.authUrl), {
|
|
37
|
+
method: "POST",
|
|
38
|
+
headers: { "content-type": "application/json" },
|
|
39
|
+
body: JSON.stringify(body),
|
|
40
|
+
});
|
|
41
|
+
if (!response.ok) {
|
|
42
|
+
throw new Error(`Logout request failed with HTTP ${response.status}`);
|
|
43
|
+
}
|
|
44
|
+
let parsed;
|
|
45
|
+
try {
|
|
46
|
+
parsed = await response.json();
|
|
47
|
+
}
|
|
48
|
+
catch (cause) {
|
|
49
|
+
throw new Error("Logout response was not valid JSON", { cause });
|
|
50
|
+
}
|
|
51
|
+
if (!value_1.Value.Check(schemas_js_1.AuthLogoutResponseSchema, parsed)) {
|
|
52
|
+
throw new Error("Logout response did not match expected schema");
|
|
53
|
+
}
|
|
54
|
+
return parsed;
|
|
55
|
+
}
|
|
56
|
+
async function completeSessionLogout(args) {
|
|
57
|
+
let response;
|
|
58
|
+
try {
|
|
59
|
+
response = await logoutSession(args);
|
|
60
|
+
}
|
|
61
|
+
catch {
|
|
62
|
+
response = undefined;
|
|
63
|
+
}
|
|
64
|
+
finally {
|
|
65
|
+
try {
|
|
66
|
+
await (0, session_js_1.clearSessionKey)();
|
|
67
|
+
}
|
|
68
|
+
catch {
|
|
69
|
+
// Preserve logout completion in non-browser/test runtimes without IndexedDB.
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
const target = response?.redirectTo ?? args.returnTo ?? "/";
|
|
73
|
+
const location = args.location ?? globalThis.location;
|
|
74
|
+
if (typeof location.assign === "function") {
|
|
75
|
+
location.assign(target);
|
|
76
|
+
}
|
|
77
|
+
else {
|
|
78
|
+
location.href = target;
|
|
79
|
+
}
|
|
80
|
+
throw new Error("Redirecting after logout");
|
|
81
|
+
}
|
|
82
|
+
function logoutUrl(authUrl) {
|
|
83
|
+
return `${authUrl.replace(/\/+$/, "")}/auth/sessions/logout`;
|
|
84
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/portal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,eAAe,EAAyB,MAAM,gBAAgB,CAAC;AAC7E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAG7C,YAAY,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACtD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAMtD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,GAAG,IAAI,CAE3D;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,CAAC,CAY1B;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,MAAM,CAKR;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,gBAAgB,GACzB,OAAO,CAAC,eAAe,CAAC,CAkB1B;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,eAAe,GAAG,IAAI,GAC5B,MAAM,GAAG,IAAI,
|
|
1
|
+
{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/portal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,eAAe,EAAyB,MAAM,gBAAgB,CAAC;AAC7E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAG7C,YAAY,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACtD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAMtD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,GAAG,IAAI,CAE3D;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,CAAC,CAY1B;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,MAAM,CAKR;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,gBAAgB,GACzB,OAAO,CAAC,eAAe,CAAC,CAkB1B;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,eAAe,GAAG,IAAI,GAC5B,MAAM,GAAG,IAAI,CAKf"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { type LogoutSignaturePayloadInput } from "../schemas.js";
|
|
1
2
|
export type SessionKeyHandle = {
|
|
2
3
|
privateKey: CryptoKey;
|
|
3
4
|
publicKey: CryptoKey;
|
|
@@ -23,6 +24,7 @@ export declare function getPublicSessionKey(handle: SessionKeyHandle): string;
|
|
|
23
24
|
export declare function oauthInitSig(handle: SessionKeyHandle, redirectTo: string, context?: unknown, provider?: string, contract?: Record<string, unknown> | string): Promise<string>;
|
|
24
25
|
export declare function bindFlowSig(handle: SessionKeyHandle, flowId: string): Promise<string>;
|
|
25
26
|
export declare function natsConnectSigForIat(handle: SessionKeyHandle, iat: number, contractDigest: string): Promise<string>;
|
|
27
|
+
export declare function logoutSessionSig(handle: SessionKeyHandle, input: LogoutSignaturePayloadInput): Promise<string>;
|
|
26
28
|
export declare function createRpcProof(handle: SessionKeyHandle, subject: string, payload: Uint8Array, requestId: string, iat: number): Promise<string>;
|
|
27
29
|
export declare function clearSessionKey(options?: Pick<SessionKeyOptions, "persistence">): Promise<void>;
|
|
28
30
|
export declare function hasSessionKey(options?: Pick<SessionKeyOptions, "persistence">): Promise<boolean>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/session.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../src/auth/browser/session.ts"],"names":[],"mappings":"AAQA,OAAO,EAEL,KAAK,2BAA2B,EACjC,MAAM,eAAe,CAAC;AASvB,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE,SAAS,CAAC;IACtB,SAAS,EAAE,SAAS,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,yBAAyB,CAAC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG,WAAW,GAAG,YAAY,CAAC;AAEnE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,gDAAgD;IAChD,WAAW,CAAC,EAAE,yBAAyB,CAAC;IACxC,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,0EAA0E;IAC1E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAWF,wBAAsB,kBAAkB,CACtC,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,gBAAgB,CAAC,CA8B3B;AAED,wBAAsB,cAAc,CAClC,OAAO,GAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAM,GACnD,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAalC;AAED,wBAAsB,qBAAqB,CACzC,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,gBAAgB,CAAC,CAI3B;AAED,wBAAsB,SAAS,CAC7B,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,UAAU,CAAC,CAOrB;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAEpE;AAED,wBAAsB,YAAY,CAChC,MAAM,EAAE,gBAAgB,EACxB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,OAAO,EACjB,QAAQ,CAAC,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAC1C,OAAO,CAAC,MAAM,CAAC,CAUjB;AAED,wBAAsB,WAAW,CAC/B,MAAM,EAAE,gBAAgB,EACxB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAIjB;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,MAAM,CAAC,CAQjB;AAED,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,gBAAgB,EACxB,KAAK,EAAE,2BAA2B,GACjC,OAAO,CAAC,MAAM,CAAC,CAMjB;AAED,wBAAsB,cAAc,CAClC,MAAM,EAAE,gBAAgB,EACxB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,MAAM,CAAC,CASjB;AAED,wBAAsB,eAAe,CACnC,OAAO,GAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAM,GACnD,OAAO,CAAC,IAAI,CAAC,CAQf;AAED,wBAAsB,aAAa,CACjC,OAAO,GAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAM,GACnD,OAAO,CAAC,OAAO,CAAC,CAIlB"}
|
|
@@ -8,11 +8,13 @@ exports.getPublicSessionKey = getPublicSessionKey;
|
|
|
8
8
|
exports.oauthInitSig = oauthInitSig;
|
|
9
9
|
exports.bindFlowSig = bindFlowSig;
|
|
10
10
|
exports.natsConnectSigForIat = natsConnectSigForIat;
|
|
11
|
+
exports.logoutSessionSig = logoutSessionSig;
|
|
11
12
|
exports.createRpcProof = createRpcProof;
|
|
12
13
|
exports.clearSessionKey = clearSessionKey;
|
|
13
14
|
exports.hasSessionKey = hasSessionKey;
|
|
14
15
|
const utils_js_1 = require("../utils.js");
|
|
15
16
|
const proof_js_1 = require("../proof.js");
|
|
17
|
+
const schemas_js_1 = require("../schemas.js");
|
|
16
18
|
const session_auth_js_1 = require("../session_auth.js");
|
|
17
19
|
const storage_js_1 = require("./storage.js");
|
|
18
20
|
let temporarySessionKey = null;
|
|
@@ -95,6 +97,11 @@ async function natsConnectSigForIat(handle, iat, contractDigest) {
|
|
|
95
97
|
const sig = await signBytes(handle, digest);
|
|
96
98
|
return (0, utils_js_1.base64urlEncode)(sig);
|
|
97
99
|
}
|
|
100
|
+
async function logoutSessionSig(handle, input) {
|
|
101
|
+
const digest = await (0, utils_js_1.sha256)((0, utils_js_1.utf8)(`logout-session:${(0, schemas_js_1.buildLogoutSignaturePayload)(input)}`));
|
|
102
|
+
const sig = await signBytes(handle, digest);
|
|
103
|
+
return (0, utils_js_1.base64urlEncode)(sig);
|
|
104
|
+
}
|
|
98
105
|
async function createRpcProof(handle, subject, payload, requestId, iat) {
|
|
99
106
|
const payloadHash = await (0, utils_js_1.sha256)(payload);
|
|
100
107
|
return await (0, proof_js_1.createProof)(handle.privateKey, {
|
package/script/auth/browser.d.ts
CHANGED
|
@@ -5,10 +5,13 @@
|
|
|
5
5
|
*/
|
|
6
6
|
import "../_dnt.polyfills.js";
|
|
7
7
|
export { type AuthConfig, type AuthStartFlowResponse, type AuthStartRequest, type AuthStartResponse, bindFlow, type BindResponse, type BindSuccessResponse, buildLoginUrl, isBindSuccessResponse, type SentinelCreds, startAuthRequest, } from "./browser/login.js";
|
|
8
|
+
export { completeSessionLogout, type CompleteSessionLogoutArgs, logoutSession, } from "./browser/logout.js";
|
|
8
9
|
export { type ApprovalDecision, fetchPortalFlowState, portalFlowIdFromUrl, type PortalFlowState, type PortalFlowState as BrowserPortalFlowState, portalProviderLoginUrl, portalRedirectLocation, submitPortalApproval, } from "./browser/portal.js";
|
|
9
|
-
export { bindFlowSig, clearSessionKey, createRpcProof, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, loadSessionKey, natsConnectSigForIat, type SessionKeyHandle, type SessionKeyOptions, type SessionKeyPersistenceMode, signBytes, } from "./browser/session.js";
|
|
10
|
+
export { bindFlowSig, clearSessionKey, createRpcProof, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, loadSessionKey, logoutSessionSig, natsConnectSigForIat, type SessionKeyHandle, type SessionKeyOptions, type SessionKeyPersistenceMode, signBytes, } from "./browser/session.js";
|
|
10
11
|
export { deleteKeyPair, hasKeyPair } from "./browser/storage.js";
|
|
11
|
-
export {
|
|
12
|
+
export { classifyBrowserAuthError, isRecoverableBrowserAuthError, } from "./browser_recovery.js";
|
|
13
|
+
export type { BrowserAuthRecoveryClassification, BrowserAuthRecoveryKind, } from "./browser_recovery.js";
|
|
14
|
+
export { approvalCapabilityKeys, type ApprovalDecision as ApprovalDecisionData, ApprovalDecisionSchema, type AuthLogoutRequest as AuthLogoutRequestData, AuthLogoutRequestSchema, type AuthLogoutResponse as AuthLogoutResponseData, type AuthLogoutResponseMode as AuthLogoutResponseModeData, AuthLogoutResponseModeSchema, AuthLogoutResponseSchema, type AuthStartFlowResponse as AuthStartFlowResponseData, AuthStartFlowResponseSchema, type AuthStartRequest as AuthStartRequestData, AuthStartRequestSchema, type AuthStartResponse as AuthStartResponseData, AuthStartResponseSchema, type BindResponse as BindResponseData, BindResponseSchema, type BindSuccessResponse as BindSuccessResponseData, BindSuccessResponseSchema, buildLogoutSignaturePayload, type ClientTransportEndpoints as ClientTransportEndpointsData, ClientTransportEndpointsSchema, type ClientTransports as ClientTransportsData, ClientTransportsSchema, type ContractApproval as ContractApprovalData, type ContractApprovalCapability as ContractApprovalCapabilityData, ContractApprovalSchema, type LogoutSignaturePayloadInput as LogoutSignaturePayloadInputData, type NatsAuthTokenV1 as NatsAuthTokenV1Data, NatsAuthTokenV1Schema, type SentinelCreds as SentinelCredsData, SentinelCredsSchema, } from "./schemas.js";
|
|
12
15
|
export type { NatsAuthTokenV1 } from "./types.js";
|
|
13
16
|
export { base64urlDecode, base64urlEncode, sha256, toArrayBuffer, utf8, } from "./utils.js";
|
|
14
17
|
//# sourceMappingURL=browser.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../src/auth/browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,sBAAsB,CAAC;AAG9B,OAAO,EACL,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,QAAQ,EACR,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,aAAa,EACb,qBAAqB,EACrB,KAAK,aAAa,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,KAAK,gBAAgB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,eAAe,IAAI,sBAAsB,EAC9C,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,WAAW,EACX,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC9B,SAAS,GACV,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,qBAAqB,IAAI,yBAAyB,EACvD,2BAA2B,EAC3B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,iBAAiB,IAAI,qBAAqB,EAC/C,uBAAuB,EACvB,KAAK,YAAY,IAAI,gBAAgB,EACrC,kBAAkB,EAClB,KAAK,mBAAmB,IAAI,uBAAuB,EACnD,yBAAyB,EACzB,KAAK,wBAAwB,IAAI,4BAA4B,EAC7D,8BAA8B,EAC9B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,0BAA0B,IAAI,8BAA8B,EACjE,sBAAsB,EACtB,KAAK,eAAe,IAAI,mBAAmB,EAC3C,qBAAqB,EACrB,KAAK,aAAa,IAAI,iBAAiB,EACvC,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EACL,eAAe,EACf,eAAe,EACf,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
|
|
1
|
+
{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../src/auth/browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,sBAAsB,CAAC;AAG9B,OAAO,EACL,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,QAAQ,EACR,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,aAAa,EACb,qBAAqB,EACrB,KAAK,aAAa,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,aAAa,GACd,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,KAAK,gBAAgB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,eAAe,IAAI,sBAAsB,EAC9C,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,WAAW,EACX,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC9B,SAAS,GACV,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EACL,wBAAwB,EACxB,6BAA6B,GAC9B,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EACV,iCAAiC,EACjC,uBAAuB,GACxB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,iBAAiB,IAAI,qBAAqB,EAC/C,uBAAuB,EACvB,KAAK,kBAAkB,IAAI,sBAAsB,EACjD,KAAK,sBAAsB,IAAI,0BAA0B,EACzD,4BAA4B,EAC5B,wBAAwB,EACxB,KAAK,qBAAqB,IAAI,yBAAyB,EACvD,2BAA2B,EAC3B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,iBAAiB,IAAI,qBAAqB,EAC/C,uBAAuB,EACvB,KAAK,YAAY,IAAI,gBAAgB,EACrC,kBAAkB,EAClB,KAAK,mBAAmB,IAAI,uBAAuB,EACnD,yBAAyB,EACzB,2BAA2B,EAC3B,KAAK,wBAAwB,IAAI,4BAA4B,EAC7D,8BAA8B,EAC9B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,0BAA0B,IAAI,8BAA8B,EACjE,sBAAsB,EACtB,KAAK,2BAA2B,IAAI,+BAA+B,EACnE,KAAK,eAAe,IAAI,mBAAmB,EAC3C,qBAAqB,EACrB,KAAK,aAAa,IAAI,iBAAiB,EACvC,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EACL,eAAe,EACf,eAAe,EACf,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
|
package/script/auth/browser.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.utf8 = exports.toArrayBuffer = exports.sha256 = exports.base64urlEncode = exports.base64urlDecode = exports.SentinelCredsSchema = exports.NatsAuthTokenV1Schema = exports.ContractApprovalSchema = exports.ClientTransportsSchema = exports.ClientTransportEndpointsSchema = exports.BindSuccessResponseSchema = exports.BindResponseSchema = exports.AuthStartResponseSchema = exports.AuthStartRequestSchema = exports.AuthStartFlowResponseSchema = exports.ApprovalDecisionSchema = exports.approvalCapabilityKeys = exports.hasKeyPair = exports.deleteKeyPair = exports.signBytes = exports.natsConnectSigForIat = exports.loadSessionKey = exports.hasSessionKey = exports.getPublicSessionKey = exports.getOrCreateSessionKey = exports.generateSessionKey = exports.createRpcProof = exports.clearSessionKey = exports.bindFlowSig = exports.submitPortalApproval = exports.portalRedirectLocation = exports.portalProviderLoginUrl = exports.portalFlowIdFromUrl = exports.fetchPortalFlowState = exports.startAuthRequest = exports.isBindSuccessResponse = exports.buildLoginUrl = exports.bindFlow = void 0;
|
|
3
|
+
exports.utf8 = exports.toArrayBuffer = exports.sha256 = exports.base64urlEncode = exports.base64urlDecode = exports.SentinelCredsSchema = exports.NatsAuthTokenV1Schema = exports.ContractApprovalSchema = exports.ClientTransportsSchema = exports.ClientTransportEndpointsSchema = exports.buildLogoutSignaturePayload = exports.BindSuccessResponseSchema = exports.BindResponseSchema = exports.AuthStartResponseSchema = exports.AuthStartRequestSchema = exports.AuthStartFlowResponseSchema = exports.AuthLogoutResponseSchema = exports.AuthLogoutResponseModeSchema = exports.AuthLogoutRequestSchema = exports.ApprovalDecisionSchema = exports.approvalCapabilityKeys = exports.isRecoverableBrowserAuthError = exports.classifyBrowserAuthError = exports.hasKeyPair = exports.deleteKeyPair = exports.signBytes = exports.natsConnectSigForIat = exports.logoutSessionSig = exports.loadSessionKey = exports.hasSessionKey = exports.getPublicSessionKey = exports.getOrCreateSessionKey = exports.generateSessionKey = exports.createRpcProof = exports.clearSessionKey = exports.bindFlowSig = exports.submitPortalApproval = exports.portalRedirectLocation = exports.portalProviderLoginUrl = exports.portalFlowIdFromUrl = exports.fetchPortalFlowState = exports.logoutSession = exports.completeSessionLogout = exports.startAuthRequest = exports.isBindSuccessResponse = exports.buildLoginUrl = exports.bindFlow = void 0;
|
|
4
4
|
/**
|
|
5
5
|
* @module
|
|
6
6
|
* Browser-based authentication utilities for session-key based authentication.
|
|
@@ -11,6 +11,9 @@ Object.defineProperty(exports, "bindFlow", { enumerable: true, get: function ()
|
|
|
11
11
|
Object.defineProperty(exports, "buildLoginUrl", { enumerable: true, get: function () { return login_js_1.buildLoginUrl; } });
|
|
12
12
|
Object.defineProperty(exports, "isBindSuccessResponse", { enumerable: true, get: function () { return login_js_1.isBindSuccessResponse; } });
|
|
13
13
|
Object.defineProperty(exports, "startAuthRequest", { enumerable: true, get: function () { return login_js_1.startAuthRequest; } });
|
|
14
|
+
var logout_js_1 = require("./browser/logout.js");
|
|
15
|
+
Object.defineProperty(exports, "completeSessionLogout", { enumerable: true, get: function () { return logout_js_1.completeSessionLogout; } });
|
|
16
|
+
Object.defineProperty(exports, "logoutSession", { enumerable: true, get: function () { return logout_js_1.logoutSession; } });
|
|
14
17
|
var portal_js_1 = require("./browser/portal.js");
|
|
15
18
|
Object.defineProperty(exports, "fetchPortalFlowState", { enumerable: true, get: function () { return portal_js_1.fetchPortalFlowState; } });
|
|
16
19
|
Object.defineProperty(exports, "portalFlowIdFromUrl", { enumerable: true, get: function () { return portal_js_1.portalFlowIdFromUrl; } });
|
|
@@ -26,19 +29,27 @@ Object.defineProperty(exports, "getOrCreateSessionKey", { enumerable: true, get:
|
|
|
26
29
|
Object.defineProperty(exports, "getPublicSessionKey", { enumerable: true, get: function () { return session_js_1.getPublicSessionKey; } });
|
|
27
30
|
Object.defineProperty(exports, "hasSessionKey", { enumerable: true, get: function () { return session_js_1.hasSessionKey; } });
|
|
28
31
|
Object.defineProperty(exports, "loadSessionKey", { enumerable: true, get: function () { return session_js_1.loadSessionKey; } });
|
|
32
|
+
Object.defineProperty(exports, "logoutSessionSig", { enumerable: true, get: function () { return session_js_1.logoutSessionSig; } });
|
|
29
33
|
Object.defineProperty(exports, "natsConnectSigForIat", { enumerable: true, get: function () { return session_js_1.natsConnectSigForIat; } });
|
|
30
34
|
Object.defineProperty(exports, "signBytes", { enumerable: true, get: function () { return session_js_1.signBytes; } });
|
|
31
35
|
var storage_js_1 = require("./browser/storage.js");
|
|
32
36
|
Object.defineProperty(exports, "deleteKeyPair", { enumerable: true, get: function () { return storage_js_1.deleteKeyPair; } });
|
|
33
37
|
Object.defineProperty(exports, "hasKeyPair", { enumerable: true, get: function () { return storage_js_1.hasKeyPair; } });
|
|
38
|
+
var browser_recovery_js_1 = require("./browser_recovery.js");
|
|
39
|
+
Object.defineProperty(exports, "classifyBrowserAuthError", { enumerable: true, get: function () { return browser_recovery_js_1.classifyBrowserAuthError; } });
|
|
40
|
+
Object.defineProperty(exports, "isRecoverableBrowserAuthError", { enumerable: true, get: function () { return browser_recovery_js_1.isRecoverableBrowserAuthError; } });
|
|
34
41
|
var schemas_js_1 = require("./schemas.js");
|
|
35
42
|
Object.defineProperty(exports, "approvalCapabilityKeys", { enumerable: true, get: function () { return schemas_js_1.approvalCapabilityKeys; } });
|
|
36
43
|
Object.defineProperty(exports, "ApprovalDecisionSchema", { enumerable: true, get: function () { return schemas_js_1.ApprovalDecisionSchema; } });
|
|
44
|
+
Object.defineProperty(exports, "AuthLogoutRequestSchema", { enumerable: true, get: function () { return schemas_js_1.AuthLogoutRequestSchema; } });
|
|
45
|
+
Object.defineProperty(exports, "AuthLogoutResponseModeSchema", { enumerable: true, get: function () { return schemas_js_1.AuthLogoutResponseModeSchema; } });
|
|
46
|
+
Object.defineProperty(exports, "AuthLogoutResponseSchema", { enumerable: true, get: function () { return schemas_js_1.AuthLogoutResponseSchema; } });
|
|
37
47
|
Object.defineProperty(exports, "AuthStartFlowResponseSchema", { enumerable: true, get: function () { return schemas_js_1.AuthStartFlowResponseSchema; } });
|
|
38
48
|
Object.defineProperty(exports, "AuthStartRequestSchema", { enumerable: true, get: function () { return schemas_js_1.AuthStartRequestSchema; } });
|
|
39
49
|
Object.defineProperty(exports, "AuthStartResponseSchema", { enumerable: true, get: function () { return schemas_js_1.AuthStartResponseSchema; } });
|
|
40
50
|
Object.defineProperty(exports, "BindResponseSchema", { enumerable: true, get: function () { return schemas_js_1.BindResponseSchema; } });
|
|
41
51
|
Object.defineProperty(exports, "BindSuccessResponseSchema", { enumerable: true, get: function () { return schemas_js_1.BindSuccessResponseSchema; } });
|
|
52
|
+
Object.defineProperty(exports, "buildLogoutSignaturePayload", { enumerable: true, get: function () { return schemas_js_1.buildLogoutSignaturePayload; } });
|
|
42
53
|
Object.defineProperty(exports, "ClientTransportEndpointsSchema", { enumerable: true, get: function () { return schemas_js_1.ClientTransportEndpointsSchema; } });
|
|
43
54
|
Object.defineProperty(exports, "ClientTransportsSchema", { enumerable: true, get: function () { return schemas_js_1.ClientTransportsSchema; } });
|
|
44
55
|
Object.defineProperty(exports, "ContractApprovalSchema", { enumerable: true, get: function () { return schemas_js_1.ContractApprovalSchema; } });
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/** Browser auth recovery classification helpers. */
|
|
2
|
+
/** Stable browser-auth recovery categories for app-owned recovery flows. */
|
|
3
|
+
export type BrowserAuthRecoveryKind = "recoverable_stale_session" | "recoverable_expired_flow" | "recoverable_auth_required" | "policy_denied" | "insufficient_capabilities" | "runtime_unavailable" | "unknown";
|
|
4
|
+
/** Classification result for a browser-auth related failure. */
|
|
5
|
+
export type BrowserAuthRecoveryClassification = {
|
|
6
|
+
kind: BrowserAuthRecoveryKind;
|
|
7
|
+
recoverable: boolean;
|
|
8
|
+
reason?: string;
|
|
9
|
+
code?: string;
|
|
10
|
+
};
|
|
11
|
+
/**
|
|
12
|
+
* Classifies browser auth, bootstrap, callback, and transport-like failures.
|
|
13
|
+
*
|
|
14
|
+
* The classifier accepts raw errors, serialized Trellis errors, nested causes,
|
|
15
|
+
* and nested remote errors. Recoverable classifications are intended for
|
|
16
|
+
* app-owned flows that can clear stale auth and restart sign-in without showing a
|
|
17
|
+
* user-facing terminal error.
|
|
18
|
+
*/
|
|
19
|
+
export declare function classifyBrowserAuthError(error: unknown): BrowserAuthRecoveryClassification;
|
|
20
|
+
/** Returns whether a browser auth error can silently restart sign-in. */
|
|
21
|
+
export declare function isRecoverableBrowserAuthError(error: unknown): boolean;
|
|
22
|
+
//# sourceMappingURL=browser_recovery.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"browser_recovery.d.ts","sourceRoot":"","sources":["../../src/auth/browser_recovery.ts"],"names":[],"mappings":"AAAA,oDAAoD;AAEpD,4EAA4E;AAC5E,MAAM,MAAM,uBAAuB,GAC/B,2BAA2B,GAC3B,0BAA0B,GAC1B,2BAA2B,GAC3B,eAAe,GACf,2BAA2B,GAC3B,qBAAqB,GACrB,SAAS,CAAC;AAEd,gEAAgE;AAChE,MAAM,MAAM,iCAAiC,GAAG;IAC9C,IAAI,EAAE,uBAAuB,CAAC;IAC9B,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAsNF;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,KAAK,EAAE,OAAO,GACb,iCAAiC,CAuEnC;AAED,yEAAyE;AACzE,wBAAgB,6BAA6B,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAErE"}
|
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/** Browser auth recovery classification helpers. */
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.classifyBrowserAuthError = classifyBrowserAuthError;
|
|
5
|
+
exports.isRecoverableBrowserAuthError = isRecoverableBrowserAuthError;
|
|
6
|
+
const MAX_ERROR_DEPTH = 8;
|
|
7
|
+
function isRecord(value) {
|
|
8
|
+
return value !== null && typeof value === "object";
|
|
9
|
+
}
|
|
10
|
+
function stringProperty(record, property) {
|
|
11
|
+
const value = record[property];
|
|
12
|
+
return typeof value === "string" ? value : undefined;
|
|
13
|
+
}
|
|
14
|
+
function normalize(value) {
|
|
15
|
+
return value.trim().toLowerCase().replaceAll("-", "_").replaceAll(" ", "_");
|
|
16
|
+
}
|
|
17
|
+
function signalValue(signal) {
|
|
18
|
+
return signal.code ?? signal.reason ?? signal.message;
|
|
19
|
+
}
|
|
20
|
+
function classification(kind, recoverable, signal) {
|
|
21
|
+
const reason = signal?.reason ?? signalValue(signal ?? {});
|
|
22
|
+
return {
|
|
23
|
+
kind,
|
|
24
|
+
recoverable,
|
|
25
|
+
...(reason ? { reason } : {}),
|
|
26
|
+
...(signal?.code ? { code: signal.code } : {}),
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
function maybeSerializable(value) {
|
|
30
|
+
if (!isRecord(value))
|
|
31
|
+
return undefined;
|
|
32
|
+
const toSerializable = value.toSerializable;
|
|
33
|
+
if (typeof toSerializable !== "function")
|
|
34
|
+
return undefined;
|
|
35
|
+
try {
|
|
36
|
+
return toSerializable.call(value);
|
|
37
|
+
}
|
|
38
|
+
catch {
|
|
39
|
+
return undefined;
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
function pushRecordSignals(record, signals, queue) {
|
|
43
|
+
const message = stringProperty(record, "message");
|
|
44
|
+
const code = stringProperty(record, "code") ??
|
|
45
|
+
stringProperty(record, "error");
|
|
46
|
+
const reason = stringProperty(record, "reason") ??
|
|
47
|
+
stringProperty(record, "status");
|
|
48
|
+
if (message || code || reason) {
|
|
49
|
+
signals.push({
|
|
50
|
+
...(code ? { code } : {}),
|
|
51
|
+
...(reason ? { reason } : {}),
|
|
52
|
+
...(message ? { message } : {}),
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
const context = record.context;
|
|
56
|
+
if (isRecord(context)) {
|
|
57
|
+
const contextReason = stringProperty(context, "reason");
|
|
58
|
+
const causeMessage = stringProperty(context, "causeMessage");
|
|
59
|
+
const contextCode = stringProperty(context, "code");
|
|
60
|
+
const contextMessage = stringProperty(context, "message");
|
|
61
|
+
if (contextReason || causeMessage || contextCode || contextMessage) {
|
|
62
|
+
signals.push({
|
|
63
|
+
...(contextCode ? { code: contextCode } : {}),
|
|
64
|
+
...(contextReason ? { reason: contextReason } : {}),
|
|
65
|
+
...(causeMessage ?? contextMessage
|
|
66
|
+
? { message: causeMessage ?? contextMessage }
|
|
67
|
+
: {}),
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
for (const nested of [context.cause, context.error, context.remoteError]) {
|
|
71
|
+
if (nested !== undefined)
|
|
72
|
+
queue.push(nested);
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
for (const nested of [record.cause, record.error, record.remoteError]) {
|
|
76
|
+
if (nested !== undefined)
|
|
77
|
+
queue.push(nested);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
function collectErrorSignals(error) {
|
|
81
|
+
const signals = [];
|
|
82
|
+
const queue = [error];
|
|
83
|
+
const seen = new WeakSet();
|
|
84
|
+
let depth = 0;
|
|
85
|
+
while (queue.length > 0 && depth < MAX_ERROR_DEPTH) {
|
|
86
|
+
depth += 1;
|
|
87
|
+
const value = queue.shift();
|
|
88
|
+
if (typeof value === "string") {
|
|
89
|
+
signals.push({ message: value });
|
|
90
|
+
continue;
|
|
91
|
+
}
|
|
92
|
+
if (!isRecord(value))
|
|
93
|
+
continue;
|
|
94
|
+
if (seen.has(value))
|
|
95
|
+
continue;
|
|
96
|
+
seen.add(value);
|
|
97
|
+
if (value instanceof Error) {
|
|
98
|
+
signals.push({ message: value.message });
|
|
99
|
+
}
|
|
100
|
+
pushRecordSignals(value, signals, queue);
|
|
101
|
+
const serialized = maybeSerializable(value);
|
|
102
|
+
if (serialized && serialized !== value)
|
|
103
|
+
queue.push(serialized);
|
|
104
|
+
}
|
|
105
|
+
return signals;
|
|
106
|
+
}
|
|
107
|
+
function hasNormalizedValue(signals, values) {
|
|
108
|
+
for (const signal of signals) {
|
|
109
|
+
for (const value of [signal.code, signal.reason]) {
|
|
110
|
+
if (value && values.has(normalize(value)))
|
|
111
|
+
return signal;
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
return undefined;
|
|
115
|
+
}
|
|
116
|
+
function hasMessagePattern(signals, patterns) {
|
|
117
|
+
for (const signal of signals) {
|
|
118
|
+
const message = signal.message;
|
|
119
|
+
if (!message)
|
|
120
|
+
continue;
|
|
121
|
+
const normalized = message.toLowerCase();
|
|
122
|
+
if (patterns.some((pattern) => pattern.test(normalized)))
|
|
123
|
+
return signal;
|
|
124
|
+
}
|
|
125
|
+
return undefined;
|
|
126
|
+
}
|
|
127
|
+
function insufficientPermissionsAuthSignal(signals) {
|
|
128
|
+
for (const signal of signals) {
|
|
129
|
+
const reason = signal.reason ? normalize(signal.reason) : undefined;
|
|
130
|
+
const code = signal.code ? normalize(signal.code) : undefined;
|
|
131
|
+
if (reason !== "insufficient_permissions")
|
|
132
|
+
continue;
|
|
133
|
+
if (code === "trellis.bootstrap.auth_required")
|
|
134
|
+
return signal;
|
|
135
|
+
const message = signal.message?.toLowerCase() ?? "";
|
|
136
|
+
if (message.includes("auth required") ||
|
|
137
|
+
message.includes("requires sign-in") ||
|
|
138
|
+
message.includes("requires signin") ||
|
|
139
|
+
message.includes("stale") ||
|
|
140
|
+
message.includes("session")) {
|
|
141
|
+
return signal;
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
return undefined;
|
|
145
|
+
}
|
|
146
|
+
const APPROVAL_DENIED_VALUES = new Set([
|
|
147
|
+
"approval_denied",
|
|
148
|
+
"trellis.auth.approval_denied",
|
|
149
|
+
]);
|
|
150
|
+
const INSUFFICIENT_CAPABILITIES_VALUES = new Set([
|
|
151
|
+
"insufficient_capabilities",
|
|
152
|
+
"trellis.auth.insufficient_capabilities",
|
|
153
|
+
]);
|
|
154
|
+
const RUNTIME_UNAVAILABLE_VALUES = new Set([
|
|
155
|
+
"trellis.bootstrap.not_ready",
|
|
156
|
+
"trellis.runtime.unavailable",
|
|
157
|
+
"runtime_unavailable",
|
|
158
|
+
]);
|
|
159
|
+
const EXPIRED_FLOW_VALUES = new Set([
|
|
160
|
+
"flow_expired",
|
|
161
|
+
"expired",
|
|
162
|
+
"trellis.auth.bind_expired",
|
|
163
|
+
"trellis.auth.flow_expired",
|
|
164
|
+
]);
|
|
165
|
+
const STALE_SESSION_VALUES = new Set([
|
|
166
|
+
"session_not_found",
|
|
167
|
+
"session_expired",
|
|
168
|
+
"user_not_found",
|
|
169
|
+
"contract_not_active",
|
|
170
|
+
"trellis.auth.session_not_found",
|
|
171
|
+
"trellis.auth.session_expired",
|
|
172
|
+
"trellis.auth.user_not_found",
|
|
173
|
+
"trellis.auth.contract_not_active",
|
|
174
|
+
]);
|
|
175
|
+
const AUTH_REQUIRED_VALUES = new Set([
|
|
176
|
+
"auth_required",
|
|
177
|
+
"trellis.bootstrap.auth_required",
|
|
178
|
+
"trellis.auth.login_failed",
|
|
179
|
+
]);
|
|
180
|
+
/**
|
|
181
|
+
* Classifies browser auth, bootstrap, callback, and transport-like failures.
|
|
182
|
+
*
|
|
183
|
+
* The classifier accepts raw errors, serialized Trellis errors, nested causes,
|
|
184
|
+
* and nested remote errors. Recoverable classifications are intended for
|
|
185
|
+
* app-owned flows that can clear stale auth and restart sign-in without showing a
|
|
186
|
+
* user-facing terminal error.
|
|
187
|
+
*/
|
|
188
|
+
function classifyBrowserAuthError(error) {
|
|
189
|
+
const signals = collectErrorSignals(error);
|
|
190
|
+
const approvalDenied = hasNormalizedValue(signals, APPROVAL_DENIED_VALUES) ??
|
|
191
|
+
hasMessagePattern(signals, [/approval .*denied/, /access .*denied/]);
|
|
192
|
+
if (approvalDenied) {
|
|
193
|
+
return classification("policy_denied", false, approvalDenied);
|
|
194
|
+
}
|
|
195
|
+
const inactiveOrInvalid = hasNormalizedValue(signals, new Set(["invalid_credentials", "user_inactive", "inactive_account"])) ?? hasMessagePattern(signals, [
|
|
196
|
+
/invalid credential/,
|
|
197
|
+
/inactive account/,
|
|
198
|
+
/user inactive/,
|
|
199
|
+
]);
|
|
200
|
+
if (inactiveOrInvalid) {
|
|
201
|
+
return classification("policy_denied", false, inactiveOrInvalid);
|
|
202
|
+
}
|
|
203
|
+
const insufficientCapabilities = hasNormalizedValue(signals, INSUFFICIENT_CAPABILITIES_VALUES) ?? hasMessagePattern(signals, [/insufficient capabilit/]);
|
|
204
|
+
if (insufficientCapabilities) {
|
|
205
|
+
return classification("insufficient_capabilities", false, insufficientCapabilities);
|
|
206
|
+
}
|
|
207
|
+
const runtimeUnavailable = hasNormalizedValue(signals, RUNTIME_UNAVAILABLE_VALUES) ?? hasMessagePattern(signals, [/runtime unavailable/]);
|
|
208
|
+
if (runtimeUnavailable) {
|
|
209
|
+
return classification("runtime_unavailable", false, runtimeUnavailable);
|
|
210
|
+
}
|
|
211
|
+
const expiredFlow = hasNormalizedValue(signals, EXPIRED_FLOW_VALUES) ??
|
|
212
|
+
hasMessagePattern(signals, [/flow .*expired/, /sign\-in .*expired/]);
|
|
213
|
+
if (expiredFlow) {
|
|
214
|
+
return classification("recoverable_expired_flow", true, expiredFlow);
|
|
215
|
+
}
|
|
216
|
+
const staleSession = hasNormalizedValue(signals, STALE_SESSION_VALUES) ??
|
|
217
|
+
hasMessagePattern(signals, [
|
|
218
|
+
/session .*expired/,
|
|
219
|
+
/session .*not found/,
|
|
220
|
+
/user .*not found/,
|
|
221
|
+
/contract .*not active/,
|
|
222
|
+
]);
|
|
223
|
+
if (staleSession) {
|
|
224
|
+
return classification("recoverable_stale_session", true, staleSession);
|
|
225
|
+
}
|
|
226
|
+
const authRequired = hasNormalizedValue(signals, AUTH_REQUIRED_VALUES) ??
|
|
227
|
+
insufficientPermissionsAuthSignal(signals) ??
|
|
228
|
+
hasMessagePattern(signals, [
|
|
229
|
+
/auth required/,
|
|
230
|
+
/requires sign\-in/,
|
|
231
|
+
/requires signin/,
|
|
232
|
+
/requires authentication/,
|
|
233
|
+
]);
|
|
234
|
+
if (authRequired) {
|
|
235
|
+
return classification("recoverable_auth_required", true, authRequired);
|
|
236
|
+
}
|
|
237
|
+
return classification("unknown", false);
|
|
238
|
+
}
|
|
239
|
+
/** Returns whether a browser auth error can silently restart sign-in. */
|
|
240
|
+
function isRecoverableBrowserAuthError(error) {
|
|
241
|
+
return classifyBrowserAuthError(error).recoverable;
|
|
242
|
+
}
|
package/script/auth/mod.d.ts
CHANGED
|
@@ -8,10 +8,10 @@
|
|
|
8
8
|
* - Services load their session key seed from `TRELLIS_SESSION_KEY_SEED`.
|
|
9
9
|
*/
|
|
10
10
|
export { type AuthDeviceUserAuthoritiesListInput, type AuthDeviceUserAuthoritiesListOutput, type AuthDeviceUserAuthoritiesRevokeInput, type AuthDeviceUserAuthoritiesRevokeResponse, type AuthResolveDeviceUserAuthoritiesInput, type AuthResolveDeviceUserAuthoritiesOperation, type AuthResolveDeviceUserAuthoritiesOutput, type AuthResolveDeviceUserAuthoritiesProgress, buildDeviceActivationPayload, buildDeviceWaitProofInput, createDeviceActivationClient, createDeviceNatsAuthToken, deriveDeviceConfirmationCode, deriveDeviceIdentity, deriveDeviceQrMac, type DeviceActivationPayload, type DeviceActivationTransport, type DeviceActivationWaitRequest, type DeviceIdentity, encodeDeviceActivationPayload, getDeviceConnectInfo, type GetDeviceConnectInfoInput, type GetDeviceConnectInfoOutput, parseDeviceActivationPayload, signDeviceWaitRequest, startDeviceActivationRequest, verifyDeviceConfirmationCode, verifyDeviceWaitSignature, waitForDeviceActivation, type WaitForDeviceActivationResponse, } from "./device_activation.js";
|
|
11
|
-
export { type AuthConfig, bindFlow, buildLoginUrl, clearSessionKey, createRpcProof, fetchPortalFlowState, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, isBindSuccessResponse, loadSessionKey, natsConnectSigForIat, portalFlowIdFromUrl, portalProviderLoginUrl, portalRedirectLocation, type SessionKeyHandle, type SessionKeyOptions, type SessionKeyPersistenceMode, signBytes, startAuthRequest, submitPortalApproval, } from "./browser.js";
|
|
11
|
+
export { type AuthConfig, bindFlow, type BrowserAuthRecoveryClassification, type BrowserAuthRecoveryKind, buildLoginUrl, classifyBrowserAuthError, clearSessionKey, completeSessionLogout, type CompleteSessionLogoutArgs, createRpcProof, fetchPortalFlowState, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, isBindSuccessResponse, isRecoverableBrowserAuthError, loadSessionKey, logoutSession, logoutSessionSig, natsConnectSigForIat, portalFlowIdFromUrl, portalProviderLoginUrl, portalRedirectLocation, type SessionKeyHandle, type SessionKeyOptions, type SessionKeyPersistenceMode, signBytes, startAuthRequest, submitPortalApproval, } from "./browser.js";
|
|
12
12
|
export { buildProofInput, createProof, type ProofParams, verifyProof, } from "./proof.js";
|
|
13
13
|
export { ApprovalRecordViewSchema, AuthCapabilitiesListResponseSchema, AuthCapabilitiesListSchema, AuthCapabilityGroupsDeleteResponseSchema, AuthCapabilityGroupsDeleteSchema, AuthCapabilityGroupsGetResponseSchema, AuthCapabilityGroupsGetSchema, AuthCapabilityGroupsListResponseSchema, AuthCapabilityGroupsListSchema, AuthCapabilityGroupsPutResponseSchema, AuthCapabilityGroupsPutSchema, type AuthDeployment, type AuthDeploymentAuthorityAcceptMigrationInput, AuthDeploymentAuthorityAcceptMigrationSchema, type AuthDeploymentAuthorityAcceptResponse, AuthDeploymentAuthorityAcceptResponseSchema, type AuthDeploymentAuthorityAcceptUpdateInput, AuthDeploymentAuthorityAcceptUpdateSchema, type AuthDeploymentAuthorityGetInput, type AuthDeploymentAuthorityGetResponse, AuthDeploymentAuthorityGetResponseSchema, AuthDeploymentAuthorityGetSchema, type AuthDeploymentAuthorityGrantOverridesListInput, type AuthDeploymentAuthorityGrantOverridesListResponse, AuthDeploymentAuthorityGrantOverridesListResponseSchema, AuthDeploymentAuthorityGrantOverridesListSchema, type AuthDeploymentAuthorityGrantOverridesPutInput, AuthDeploymentAuthorityGrantOverridesPutSchema, type AuthDeploymentAuthorityGrantOverridesRemoveInput, AuthDeploymentAuthorityGrantOverridesRemoveSchema, type AuthDeploymentAuthorityGrantOverridesResponse, AuthDeploymentAuthorityGrantOverridesResponseSchema, type AuthDeploymentAuthorityListInput, type AuthDeploymentAuthorityListResponse, AuthDeploymentAuthorityListResponseSchema, AuthDeploymentAuthorityListSchema, type AuthDeploymentAuthorityPlanInput, type AuthDeploymentAuthorityPlanResponse, AuthDeploymentAuthorityPlanResponseSchema, AuthDeploymentAuthorityPlanSchema, type AuthDeploymentAuthorityPlansGetInput, type AuthDeploymentAuthorityPlansGetResponse, AuthDeploymentAuthorityPlansGetResponseSchema, AuthDeploymentAuthorityPlansGetSchema, type AuthDeploymentAuthorityPlansListInput, type AuthDeploymentAuthorityPlansListResponse, AuthDeploymentAuthorityPlansListResponseSchema, AuthDeploymentAuthorityPlansListSchema, type AuthDeploymentAuthorityReconcileInput, type AuthDeploymentAuthorityReconcileResponse, AuthDeploymentAuthorityReconcileResponseSchema, AuthDeploymentAuthorityReconcileSchema, type AuthDeploymentAuthorityRejectInput, type AuthDeploymentAuthorityRejectResponse, AuthDeploymentAuthorityRejectResponseSchema, AuthDeploymentAuthorityRejectSchema, type AuthDeploymentKind, AuthDeploymentKindSchema, AuthDeploymentSchema, AuthDeploymentsCreateResponseSchema, AuthDeploymentsCreateSchema, AuthDeploymentsDisableResponseSchema, AuthDeploymentsDisableSchema, AuthDeploymentsEnableResponseSchema, AuthDeploymentsEnableSchema, AuthDeploymentsListResponseSchema, AuthDeploymentsListSchema, AuthDeploymentsRemoveResponseSchema, AuthDeploymentsRemoveSchema, AuthDevicesConnectInfoGetResponseSchema, AuthDevicesConnectInfoGetSchema, AuthDevicesDisableResponseSchema, AuthDevicesDisableSchema, AuthDevicesEnableResponseSchema, AuthDevicesEnableSchema, AuthDevicesListResponseSchema, AuthDevicesListSchema, AuthDevicesProvisionResponseSchema, AuthDevicesProvisionSchema, AuthDevicesRemoveResponseSchema, AuthDevicesRemoveSchema, AuthDeviceUserAuthoritiesApprovedEventSchema, AuthDeviceUserAuthoritiesListResponseSchema, AuthDeviceUserAuthoritiesListSchema, AuthDeviceUserAuthoritiesRequestedEventSchema, AuthDeviceUserAuthoritiesResolvedEventSchema, AuthDeviceUserAuthoritiesReviewRequestedEventSchema, AuthDeviceUserAuthoritiesReviewsDecideResponseSchema, AuthDeviceUserAuthoritiesReviewsDecideSchema, AuthDeviceUserAuthoritiesReviewsListResponseSchema, AuthDeviceUserAuthoritiesReviewsListSchema, AuthDeviceUserAuthoritiesRevokeResponseSchema, AuthDeviceUserAuthoritiesRevokeSchema, type AuthenticatedDevice, AuthenticatedDeviceSchema, type AuthenticatedService, type AuthenticatedUser, AuthIdentitiesListResponseSchema, AuthIdentitiesListSchema, AuthIdentityGrantsListResponseSchema, AuthIdentityGrantsListSchema, AuthIdentityGrantsRevokeResponseSchema, AuthIdentityGrantsRevokeSchema, AuthPortalsGetResponseSchema, AuthPortalsGetSchema, AuthPortalsListResponseSchema, AuthPortalsListSchema, AuthPortalsLoginSettingsGetSchema, AuthPortalsLoginSettingsResponseSchema, AuthPortalsLoginSettingsUpdateSchema, AuthPortalsRoutesPutResponseSchema, AuthPortalsRoutesPutSchema, AuthPortalsRoutesRemoveResponseSchema, AuthPortalsRoutesRemoveSchema, AuthRequestsValidateResponseSchema, AuthRequestsValidateSchema, AuthResolveDeviceUserAuthoritiesProgressSchema, AuthResolveDeviceUserAuthoritiesResponseSchema, AuthResolveDeviceUserAuthoritiesSchema, AuthServiceInstancesDisableResponseSchema, AuthServiceInstancesDisableSchema, AuthServiceInstancesEnableResponseSchema, AuthServiceInstancesEnableSchema, AuthServiceInstancesListResponseSchema, AuthServiceInstancesListSchema, AuthServiceInstancesProvisionResponseSchema, AuthServiceInstancesProvisionSchema, AuthServiceInstancesRemoveResponseSchema, AuthServiceInstancesRemoveSchema, type AuthSessionsMeResponse, AuthSessionsMeResponseSchema, AuthSessionsMeSchema, AuthUserIdentitiesListResponseSchema, AuthUserIdentitiesListSchema, AuthUserIdentitiesUnlinkResponseSchema, AuthUserIdentitiesUnlinkSchema, AuthUsersAccountFlowCreateResponseSchema, AuthUsersCreateResponseSchema, AuthUsersCreateSchema, AuthUsersGetResponseSchema, AuthUsersGetSchema, AuthUsersIdentityLinkCreateSchema, AuthUsersListResponseSchema, AuthUsersListSchema, AuthUsersPasswordChangeResponseSchema, AuthUsersPasswordChangeSchema, AuthUsersPasswordResetCreateSchema, AuthUsersUpdateResponseSchema, AuthUsersUpdateSchema, CallerViewSchema, ContractAnalysisSchema, ContractAnalysisSummarySchema, type DeploymentAuthority, type DeploymentAuthorityCapability, type DeploymentAuthorityCapabilityNeed, DeploymentAuthorityCapabilityNeedSchema, DeploymentAuthorityCapabilitySchema, type DeploymentAuthorityContractNeed, DeploymentAuthorityContractNeedSchema, type DeploymentAuthorityGrantOverride, DeploymentAuthorityGrantOverrideSchema, type DeploymentAuthorityKind, DeploymentAuthorityKindSchema, type DeploymentAuthorityMaterialization, DeploymentAuthorityMaterializationSchema, type DeploymentAuthorityMigration, DeploymentAuthorityMigrationSchema, type DeploymentAuthorityNeeds, DeploymentAuthorityNeedsSchema, type DeploymentAuthorityPlan, DeploymentAuthorityPlanSchema, type DeploymentAuthorityProposal, DeploymentAuthorityProposalSchema, type DeploymentAuthorityReconciliationStatus, DeploymentAuthorityReconciliationStatusSchema, type DeploymentAuthorityResource, DeploymentAuthorityResourceKindSchema, type DeploymentAuthorityResourceNeed, DeploymentAuthorityResourceNeedSchema, DeploymentAuthorityResourceSchema, DeploymentAuthoritySchema, type DeploymentAuthoritySurface, DeploymentAuthoritySurfaceActionSchema, DeploymentAuthoritySurfaceKindSchema, type DeploymentAuthoritySurfaceNeed, DeploymentAuthoritySurfaceNeedSchema, DeploymentAuthoritySurfaceSchema, type DeploymentAuthorityUpdate, DeploymentAuthorityUpdateSchema, DeploymentPortalRouteSchema, DeploymentResourceBindingSchema, type DeviceActivationRecord, DeviceActivationRecordSchema, DeviceActivationReviewSchema, DeviceConnectInfoSchema, DeviceDeploymentSchema, DeviceSchema, DigestSchema, type FlowRegistrationAvailability, FlowRegistrationAvailabilitySchema, IdentityGrantViewSchema, ImplementationOfferSchema, type LoginPortalRecord, LoginPortalRecordSchema, type LoginPortalRoute, LoginPortalRouteSchema, type LoginPortalSettings, LoginPortalSettingsSchema, type LoginPortalSummary, LoginPortalSummarySchema, type MaterializedAuthorityCapabilityGrant, MaterializedAuthorityCapabilityGrantSchema, type MaterializedAuthorityGrant, type MaterializedAuthorityGrants, MaterializedAuthorityGrantsSchema, type MaterializedAuthorityNatsGrant, MaterializedAuthorityNatsGrantSchema, type MaterializedAuthorityNatsGrantSource, MaterializedAuthorityNatsGrantSourceSchema, type MaterializedAuthoritySurfaceGrant, MaterializedAuthoritySurfaceGrantSchema, OpenObjectSchema, type ParticipantKind, ParticipantKindSchema, type PortalFlowApp, type PortalFlowApproval, type PortalFlowApprovalDeniedState, type PortalFlowApprovalRequiredState, type PortalFlowChooseProviderState, type PortalFlowExpiredState, type PortalFlowInsufficientCapabilitiesState, type PortalFlowProvider, type PortalFlowRedirectState, type PortalFlowState, PortalFlowStateSchema, type PortalFlowUser, ServiceDeploymentSchema, ServiceInstanceSchema, UserViewSchema, WaitForDeviceActivationRequestSchema, WaitForDeviceActivationResponseSchema, } from "./protocol.js";
|
|
14
|
-
export { approvalCapabilityKeys, type ApprovalDecision, ApprovalDecisionSchema, type AuthStartFlowResponse, AuthStartFlowResponseSchema, type AuthStartRequest, AuthStartRequestSchema, type AuthStartResponse, AuthStartResponseSchema, type BindResponse, BindResponseSchema, type BindSuccessResponse, BindSuccessResponseSchema, type ClientTransportEndpoints, ClientTransportEndpointsSchema, type ClientTransports, ClientTransportsSchema, type ContractApproval, type ContractApprovalCapability, ContractApprovalSchema, type NatsAuthTokenV1, NatsAuthTokenV1Schema, type SentinelCreds, SentinelCredsSchema, type UserParticipantKind, UserParticipantKindSchema, } from "./schemas.js";
|
|
14
|
+
export { approvalCapabilityKeys, type ApprovalDecision, ApprovalDecisionSchema, type AuthLogoutRequest, AuthLogoutRequestSchema, type AuthLogoutResponse, type AuthLogoutResponseMode, AuthLogoutResponseModeSchema, AuthLogoutResponseSchema, type AuthStartFlowResponse, AuthStartFlowResponseSchema, type AuthStartRequest, AuthStartRequestSchema, type AuthStartResponse, AuthStartResponseSchema, type BindResponse, BindResponseSchema, type BindSuccessResponse, BindSuccessResponseSchema, buildLogoutSignaturePayload, type ClientTransportEndpoints, ClientTransportEndpointsSchema, type ClientTransports, ClientTransportsSchema, type ContractApproval, type ContractApprovalCapability, ContractApprovalSchema, type LogoutSignaturePayloadInput, type NatsAuthTokenV1, NatsAuthTokenV1Schema, type SentinelCreds, SentinelCredsSchema, type UserParticipantKind, UserParticipantKindSchema, } from "./schemas.js";
|
|
15
15
|
export { buildNatsConnectSignaturePayload, createAuth, type NatsConnectOptions, type TrellisAuth, } from "./session_auth.js";
|
|
16
16
|
export { correctedIatSeconds, estimateMidpointClockOffsetMs } from "./time.js";
|
|
17
17
|
export { trellisIdFromOriginId } from "./trellis_id.js";
|
package/script/auth/mod.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../src/auth/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,kCAAkC,EACvC,KAAK,mCAAmC,EACxC,KAAK,oCAAoC,EACzC,KAAK,uCAAuC,EAC5C,KAAK,qCAAqC,EAC1C,KAAK,yCAAyC,EAC9C,KAAK,sCAAsC,EAC3C,KAAK,wCAAwC,EAC7C,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,oBAAoB,EACpB,iBAAiB,EACjB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,2BAA2B,EAChC,KAAK,cAAc,EACnB,6BAA6B,EAC7B,oBAAoB,EACpB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,4BAA4B,EAC5B,qBAAqB,EACrB,4BAA4B,EAC5B,4BAA4B,EAC5B,yBAAyB,EACzB,uBAAuB,EACvB,KAAK,+BAA+B,GACrC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,KAAK,UAAU,EACf,QAAQ,EACR,aAAa,EACb,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,cAAc,EACd,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC9B,SAAS,EACT,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,eAAe,EACf,WAAW,EACX,KAAK,WAAW,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,kCAAkC,EAClC,0BAA0B,EAC1B,wCAAwC,EACxC,gCAAgC,EAChC,qCAAqC,EACrC,6BAA6B,EAC7B,sCAAsC,EACtC,8BAA8B,EAC9B,qCAAqC,EACrC,6BAA6B,EAC7B,KAAK,cAAc,EACnB,KAAK,2CAA2C,EAChD,4CAA4C,EAC5C,KAAK,qCAAqC,EAC1C,2CAA2C,EAC3C,KAAK,wCAAwC,EAC7C,yCAAyC,EACzC,KAAK,+BAA+B,EACpC,KAAK,kCAAkC,EACvC,wCAAwC,EACxC,gCAAgC,EAChC,KAAK,8CAA8C,EACnD,KAAK,iDAAiD,EACtD,uDAAuD,EACvD,+CAA+C,EAC/C,KAAK,6CAA6C,EAClD,8CAA8C,EAC9C,KAAK,gDAAgD,EACrD,iDAAiD,EACjD,KAAK,6CAA6C,EAClD,mDAAmD,EACnD,KAAK,gCAAgC,EACrC,KAAK,mCAAmC,EACxC,yCAAyC,EACzC,iCAAiC,EACjC,KAAK,gCAAgC,EACrC,KAAK,mCAAmC,EACxC,yCAAyC,EACzC,iCAAiC,EACjC,KAAK,oCAAoC,EACzC,KAAK,uCAAuC,EAC5C,6CAA6C,EAC7C,qCAAqC,EACrC,KAAK,qCAAqC,EAC1C,KAAK,wCAAwC,EAC7C,8CAA8C,EAC9C,sCAAsC,EACtC,KAAK,qCAAqC,EAC1C,KAAK,wCAAwC,EAC7C,8CAA8C,EAC9C,sCAAsC,EACtC,KAAK,kCAAkC,EACvC,KAAK,qCAAqC,EAC1C,2CAA2C,EAC3C,mCAAmC,EACnC,KAAK,kBAAkB,EACvB,wBAAwB,EACxB,oBAAoB,EACpB,mCAAmC,EACnC,2BAA2B,EAC3B,oCAAoC,EACpC,4BAA4B,EAC5B,mCAAmC,EACnC,2BAA2B,EAC3B,iCAAiC,EACjC,yBAAyB,EACzB,mCAAmC,EACnC,2BAA2B,EAC3B,uCAAuC,EACvC,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,EACxB,+BAA+B,EAC/B,uBAAuB,EACvB,6BAA6B,EAC7B,qBAAqB,EACrB,kCAAkC,EAClC,0BAA0B,EAC1B,+BAA+B,EAC/B,uBAAuB,EACvB,4CAA4C,EAC5C,2CAA2C,EAC3C,mCAAmC,EACnC,6CAA6C,EAC7C,4CAA4C,EAC5C,mDAAmD,EACnD,oDAAoD,EACpD,4CAA4C,EAC5C,kDAAkD,EAClD,0CAA0C,EAC1C,6CAA6C,EAC7C,qCAAqC,EACrC,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,gCAAgC,EAChC,wBAAwB,EACxB,oCAAoC,EACpC,4BAA4B,EAC5B,sCAAsC,EACtC,8BAA8B,EAC9B,4BAA4B,EAC5B,oBAAoB,EACpB,6BAA6B,EAC7B,qBAAqB,EACrB,iCAAiC,EACjC,sCAAsC,EACtC,oCAAoC,EACpC,kCAAkC,EAClC,0BAA0B,EAC1B,qCAAqC,EACrC,6BAA6B,EAC7B,kCAAkC,EAClC,0BAA0B,EAC1B,8CAA8C,EAC9C,8CAA8C,EAC9C,sCAAsC,EACtC,yCAAyC,EACzC,iCAAiC,EACjC,wCAAwC,EACxC,gCAAgC,EAChC,sCAAsC,EACtC,8BAA8B,EAC9B,2CAA2C,EAC3C,mCAAmC,EACnC,wCAAwC,EACxC,gCAAgC,EAChC,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,oBAAoB,EACpB,oCAAoC,EACpC,4BAA4B,EAC5B,sCAAsC,EACtC,8BAA8B,EAC9B,wCAAwC,EACxC,6BAA6B,EAC7B,qBAAqB,EACrB,0BAA0B,EAC1B,kBAAkB,EAClB,iCAAiC,EACjC,2BAA2B,EAC3B,mBAAmB,EACnB,qCAAqC,EACrC,6BAA6B,EAC7B,kCAAkC,EAClC,6BAA6B,EAC7B,qBAAqB,EACrB,gBAAgB,EAChB,sBAAsB,EACtB,6BAA6B,EAC7B,KAAK,mBAAmB,EACxB,KAAK,6BAA6B,EAClC,KAAK,iCAAiC,EACtC,uCAAuC,EACvC,mCAAmC,EACnC,KAAK,+BAA+B,EACpC,qCAAqC,EACrC,KAAK,gCAAgC,EACrC,sCAAsC,EACtC,KAAK,uBAAuB,EAC5B,6BAA6B,EAC7B,KAAK,kCAAkC,EACvC,wCAAwC,EACxC,KAAK,4BAA4B,EACjC,kCAAkC,EAClC,KAAK,wBAAwB,EAC7B,8BAA8B,EAC9B,KAAK,uBAAuB,EAC5B,6BAA6B,EAC7B,KAAK,2BAA2B,EAChC,iCAAiC,EACjC,KAAK,uCAAuC,EAC5C,6CAA6C,EAC7C,KAAK,2BAA2B,EAChC,qCAAqC,EACrC,KAAK,+BAA+B,EACpC,qCAAqC,EACrC,iCAAiC,EACjC,yBAAyB,EACzB,KAAK,0BAA0B,EAC/B,sCAAsC,EACtC,oCAAoC,EACpC,KAAK,8BAA8B,EACnC,oCAAoC,EACpC,gCAAgC,EAChC,KAAK,yBAAyB,EAC9B,+BAA+B,EAC/B,2BAA2B,EAC3B,+BAA+B,EAC/B,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,4BAA4B,EAC5B,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACZ,YAAY,EACZ,KAAK,4BAA4B,EACjC,kCAAkC,EAClC,uBAAuB,EACvB,yBAAyB,EACzB,KAAK,iBAAiB,EACtB,uBAAuB,EACvB,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,kBAAkB,EACvB,wBAAwB,EACxB,KAAK,oCAAoC,EACzC,0CAA0C,EAC1C,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,EAChC,iCAAiC,EACjC,KAAK,8BAA8B,EACnC,oCAAoC,EACpC,KAAK,oCAAoC,EACzC,0CAA0C,EAC1C,KAAK,iCAAiC,EACtC,uCAAuC,EACvC,gBAAgB,EAChB,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,EAClC,KAAK,+BAA+B,EACpC,KAAK,6BAA6B,EAClC,KAAK,sBAAsB,EAC3B,KAAK,uCAAuC,EAC5C,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,cAAc,EACnB,uBAAuB,EACvB,qBAAqB,EACrB,cAAc,EACd,oCAAoC,EACpC,qCAAqC,GACtC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,qBAAqB,EAC1B,2BAA2B,EAC3B,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,iBAAiB,EACtB,uBAAuB,EACvB,KAAK,YAAY,EACjB,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,wBAAwB,EAC7B,8BAA8B,EAC9B,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,0BAA0B,EAC/B,sBAAsB,EACtB,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,aAAa,EAClB,mBAAmB,EACnB,KAAK,mBAAmB,EACxB,yBAAyB,GAC1B,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,gCAAgC,EAChC,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,mBAAmB,EAAE,6BAA6B,EAAE,MAAM,WAAW,CAAC;AAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
|
|
1
|
+
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../src/auth/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,kCAAkC,EACvC,KAAK,mCAAmC,EACxC,KAAK,oCAAoC,EACzC,KAAK,uCAAuC,EAC5C,KAAK,qCAAqC,EAC1C,KAAK,yCAAyC,EAC9C,KAAK,sCAAsC,EAC3C,KAAK,wCAAwC,EAC7C,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,oBAAoB,EACpB,iBAAiB,EACjB,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,2BAA2B,EAChC,KAAK,cAAc,EACnB,6BAA6B,EAC7B,oBAAoB,EACpB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,4BAA4B,EAC5B,qBAAqB,EACrB,4BAA4B,EAC5B,4BAA4B,EAC5B,yBAAyB,EACzB,uBAAuB,EACvB,KAAK,+BAA+B,GACrC,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,KAAK,UAAU,EACf,QAAQ,EACR,KAAK,iCAAiC,EACtC,KAAK,uBAAuB,EAC5B,aAAa,EACb,wBAAwB,EACxB,eAAe,EACf,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,6BAA6B,EAC7B,cAAc,EACd,aAAa,EACb,gBAAgB,EAChB,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC9B,SAAS,EACT,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,eAAe,EACf,WAAW,EACX,KAAK,WAAW,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,kCAAkC,EAClC,0BAA0B,EAC1B,wCAAwC,EACxC,gCAAgC,EAChC,qCAAqC,EACrC,6BAA6B,EAC7B,sCAAsC,EACtC,8BAA8B,EAC9B,qCAAqC,EACrC,6BAA6B,EAC7B,KAAK,cAAc,EACnB,KAAK,2CAA2C,EAChD,4CAA4C,EAC5C,KAAK,qCAAqC,EAC1C,2CAA2C,EAC3C,KAAK,wCAAwC,EAC7C,yCAAyC,EACzC,KAAK,+BAA+B,EACpC,KAAK,kCAAkC,EACvC,wCAAwC,EACxC,gCAAgC,EAChC,KAAK,8CAA8C,EACnD,KAAK,iDAAiD,EACtD,uDAAuD,EACvD,+CAA+C,EAC/C,KAAK,6CAA6C,EAClD,8CAA8C,EAC9C,KAAK,gDAAgD,EACrD,iDAAiD,EACjD,KAAK,6CAA6C,EAClD,mDAAmD,EACnD,KAAK,gCAAgC,EACrC,KAAK,mCAAmC,EACxC,yCAAyC,EACzC,iCAAiC,EACjC,KAAK,gCAAgC,EACrC,KAAK,mCAAmC,EACxC,yCAAyC,EACzC,iCAAiC,EACjC,KAAK,oCAAoC,EACzC,KAAK,uCAAuC,EAC5C,6CAA6C,EAC7C,qCAAqC,EACrC,KAAK,qCAAqC,EAC1C,KAAK,wCAAwC,EAC7C,8CAA8C,EAC9C,sCAAsC,EACtC,KAAK,qCAAqC,EAC1C,KAAK,wCAAwC,EAC7C,8CAA8C,EAC9C,sCAAsC,EACtC,KAAK,kCAAkC,EACvC,KAAK,qCAAqC,EAC1C,2CAA2C,EAC3C,mCAAmC,EACnC,KAAK,kBAAkB,EACvB,wBAAwB,EACxB,oBAAoB,EACpB,mCAAmC,EACnC,2BAA2B,EAC3B,oCAAoC,EACpC,4BAA4B,EAC5B,mCAAmC,EACnC,2BAA2B,EAC3B,iCAAiC,EACjC,yBAAyB,EACzB,mCAAmC,EACnC,2BAA2B,EAC3B,uCAAuC,EACvC,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,EACxB,+BAA+B,EAC/B,uBAAuB,EACvB,6BAA6B,EAC7B,qBAAqB,EACrB,kCAAkC,EAClC,0BAA0B,EAC1B,+BAA+B,EAC/B,uBAAuB,EACvB,4CAA4C,EAC5C,2CAA2C,EAC3C,mCAAmC,EACnC,6CAA6C,EAC7C,4CAA4C,EAC5C,mDAAmD,EACnD,oDAAoD,EACpD,4CAA4C,EAC5C,kDAAkD,EAClD,0CAA0C,EAC1C,6CAA6C,EAC7C,qCAAqC,EACrC,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,gCAAgC,EAChC,wBAAwB,EACxB,oCAAoC,EACpC,4BAA4B,EAC5B,sCAAsC,EACtC,8BAA8B,EAC9B,4BAA4B,EAC5B,oBAAoB,EACpB,6BAA6B,EAC7B,qBAAqB,EACrB,iCAAiC,EACjC,sCAAsC,EACtC,oCAAoC,EACpC,kCAAkC,EAClC,0BAA0B,EAC1B,qCAAqC,EACrC,6BAA6B,EAC7B,kCAAkC,EAClC,0BAA0B,EAC1B,8CAA8C,EAC9C,8CAA8C,EAC9C,sCAAsC,EACtC,yCAAyC,EACzC,iCAAiC,EACjC,wCAAwC,EACxC,gCAAgC,EAChC,sCAAsC,EACtC,8BAA8B,EAC9B,2CAA2C,EAC3C,mCAAmC,EACnC,wCAAwC,EACxC,gCAAgC,EAChC,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,oBAAoB,EACpB,oCAAoC,EACpC,4BAA4B,EAC5B,sCAAsC,EACtC,8BAA8B,EAC9B,wCAAwC,EACxC,6BAA6B,EAC7B,qBAAqB,EACrB,0BAA0B,EAC1B,kBAAkB,EAClB,iCAAiC,EACjC,2BAA2B,EAC3B,mBAAmB,EACnB,qCAAqC,EACrC,6BAA6B,EAC7B,kCAAkC,EAClC,6BAA6B,EAC7B,qBAAqB,EACrB,gBAAgB,EAChB,sBAAsB,EACtB,6BAA6B,EAC7B,KAAK,mBAAmB,EACxB,KAAK,6BAA6B,EAClC,KAAK,iCAAiC,EACtC,uCAAuC,EACvC,mCAAmC,EACnC,KAAK,+BAA+B,EACpC,qCAAqC,EACrC,KAAK,gCAAgC,EACrC,sCAAsC,EACtC,KAAK,uBAAuB,EAC5B,6BAA6B,EAC7B,KAAK,kCAAkC,EACvC,wCAAwC,EACxC,KAAK,4BAA4B,EACjC,kCAAkC,EAClC,KAAK,wBAAwB,EAC7B,8BAA8B,EAC9B,KAAK,uBAAuB,EAC5B,6BAA6B,EAC7B,KAAK,2BAA2B,EAChC,iCAAiC,EACjC,KAAK,uCAAuC,EAC5C,6CAA6C,EAC7C,KAAK,2BAA2B,EAChC,qCAAqC,EACrC,KAAK,+BAA+B,EACpC,qCAAqC,EACrC,iCAAiC,EACjC,yBAAyB,EACzB,KAAK,0BAA0B,EAC/B,sCAAsC,EACtC,oCAAoC,EACpC,KAAK,8BAA8B,EACnC,oCAAoC,EACpC,gCAAgC,EAChC,KAAK,yBAAyB,EAC9B,+BAA+B,EAC/B,2BAA2B,EAC3B,+BAA+B,EAC/B,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,4BAA4B,EAC5B,uBAAuB,EACvB,sBAAsB,EACtB,YAAY,EACZ,YAAY,EACZ,KAAK,4BAA4B,EACjC,kCAAkC,EAClC,uBAAuB,EACvB,yBAAyB,EACzB,KAAK,iBAAiB,EACtB,uBAAuB,EACvB,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,kBAAkB,EACvB,wBAAwB,EACxB,KAAK,oCAAoC,EACzC,0CAA0C,EAC1C,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,EAChC,iCAAiC,EACjC,KAAK,8BAA8B,EACnC,oCAAoC,EACpC,KAAK,oCAAoC,EACzC,0CAA0C,EAC1C,KAAK,iCAAiC,EACtC,uCAAuC,EACvC,gBAAgB,EAChB,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,EAClC,KAAK,+BAA+B,EACpC,KAAK,6BAA6B,EAClC,KAAK,sBAAsB,EAC3B,KAAK,uCAAuC,EAC5C,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,cAAc,EACnB,uBAAuB,EACvB,qBAAqB,EACrB,cAAc,EACd,oCAAoC,EACpC,qCAAqC,GACtC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,iBAAiB,EACtB,uBAAuB,EACvB,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,wBAAwB,EACxB,KAAK,qBAAqB,EAC1B,2BAA2B,EAC3B,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,iBAAiB,EACtB,uBAAuB,EACvB,KAAK,YAAY,EACjB,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,2BAA2B,EAC3B,KAAK,wBAAwB,EAC7B,8BAA8B,EAC9B,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,0BAA0B,EAC/B,sBAAsB,EACtB,KAAK,2BAA2B,EAChC,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,aAAa,EAClB,mBAAmB,EACnB,KAAK,mBAAmB,EACxB,yBAAyB,GAC1B,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,gCAAgC,EAChC,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,mBAAmB,EAAE,6BAA6B,EAAE,MAAM,WAAW,CAAC;AAC/E,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
|