@qlever-llc/trellis 0.6.1 → 0.7.0-rc.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -2
- package/esm/auth/device_activation.d.ts +194 -0
- package/esm/auth/device_activation.d.ts.map +1 -0
- package/esm/auth/{workload_activation.js → device_activation.js} +85 -60
- package/esm/auth/mod.d.ts +2 -2
- package/esm/auth/mod.d.ts.map +1 -1
- package/esm/auth/mod.js +2 -2
- package/esm/auth/protocol.d.ts +175 -72
- package/esm/auth/protocol.d.ts.map +1 -1
- package/esm/auth/protocol.js +126 -78
- package/esm/contracts/mod.d.ts +19 -3
- package/esm/contracts/mod.d.ts.map +1 -1
- package/esm/contracts/mod.js +28 -4
- package/esm/contracts/protocol.d.ts +34 -0
- package/esm/contracts/protocol.d.ts.map +1 -1
- package/esm/contracts/protocol.js +15 -0
- package/esm/server/deno.d.ts +1 -6
- package/esm/server/deno.d.ts.map +1 -1
- package/esm/server/deno.js +1 -16
- package/esm/server/mod.d.ts +3 -2
- package/esm/server/mod.d.ts.map +1 -1
- package/esm/server/mod.js +2 -2
- package/esm/server/node.d.ts +1 -6
- package/esm/server/node.d.ts.map +1 -1
- package/esm/server/node.js +1 -16
- package/esm/server/service.d.ts +32 -10
- package/esm/server/service.d.ts.map +1 -1
- package/esm/server/service.js +188 -41
- package/esm/server/transfer.d.ts +41 -0
- package/esm/server/transfer.d.ts.map +1 -0
- package/esm/server/transfer.js +418 -0
- package/esm/telemetry/init.d.ts +4 -0
- package/esm/telemetry/init.d.ts.map +1 -0
- package/esm/telemetry/init.js +7 -0
- package/esm/telemetry/mod.d.ts +1 -2
- package/esm/telemetry/mod.d.ts.map +1 -1
- package/esm/telemetry/mod.js +1 -2
- package/esm/telemetry/runtime.d.ts.map +1 -1
- package/esm/telemetry/runtime.js +9 -5
- package/esm/telemetry/trellis.d.ts +0 -1
- package/esm/telemetry/trellis.d.ts.map +1 -1
- package/esm/telemetry/trellis.js +0 -6
- package/esm/trellis/_sdk/auth/api.d.ts.map +1 -1
- package/esm/trellis/_sdk/auth/api.js +132 -110
- package/esm/trellis/_sdk/auth/contract.d.ts +1 -1
- package/esm/trellis/_sdk/auth/contract.d.ts.map +1 -1
- package/esm/trellis/_sdk/auth/contract.js +2 -2
- package/esm/trellis/_sdk/auth/schemas.d.ts +4212 -3069
- package/esm/trellis/_sdk/auth/schemas.d.ts.map +1 -1
- package/esm/trellis/_sdk/auth/schemas.js +144 -125
- package/esm/trellis/_sdk/auth/types.d.ts +417 -267
- package/esm/trellis/_sdk/auth/types.d.ts.map +1 -1
- package/esm/trellis/_sdk/auth/types.js +1 -1
- package/esm/trellis/_sdk/core/contract.d.ts +1 -1
- package/esm/trellis/_sdk/core/contract.d.ts.map +1 -1
- package/esm/trellis/_sdk/core/contract.js +2 -2
- package/esm/trellis/_sdk/core/schemas.d.ts +122 -0
- package/esm/trellis/_sdk/core/schemas.d.ts.map +1 -1
- package/esm/trellis/_sdk/core/schemas.js +4 -4
- package/esm/trellis/_sdk/core/types.d.ts +18 -1
- package/esm/trellis/_sdk/core/types.d.ts.map +1 -1
- package/esm/trellis/_sdk/core/types.js +1 -1
- package/esm/trellis/_sdk/state/_dnt.polyfills.d.ts +12 -0
- package/esm/trellis/_sdk/state/_dnt.polyfills.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/_dnt.polyfills.js +15 -0
- package/esm/trellis/_sdk/state/api.d.ts +10 -0
- package/esm/trellis/_sdk/state/api.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/api.js +71 -0
- package/esm/trellis/_sdk/state/contract.d.ts +8 -0
- package/esm/trellis/_sdk/state/contract.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/contract.js +59 -0
- package/esm/trellis/_sdk/state/mod.d.ts +7 -0
- package/esm/trellis/_sdk/state/mod.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/mod.js +5 -0
- package/esm/trellis/_sdk/state/package.json +3 -0
- package/esm/trellis/_sdk/state/schemas.d.ts +1437 -0
- package/esm/trellis/_sdk/state/schemas.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/schemas.js +62 -0
- package/esm/trellis/_sdk/state/types.d.ts +206 -0
- package/esm/trellis/_sdk/state/types.d.ts.map +1 -0
- package/esm/trellis/_sdk/state/types.js +3 -0
- package/esm/trellis/client_connect.d.ts +53 -0
- package/esm/trellis/client_connect.d.ts.map +1 -0
- package/esm/trellis/client_connect.js +300 -0
- package/esm/trellis/contract.d.ts +1 -7
- package/esm/trellis/contract.d.ts.map +1 -1
- package/esm/trellis/contract.js +1 -12
- package/esm/trellis/device.d.ts +41 -0
- package/esm/trellis/device.d.ts.map +1 -0
- package/esm/trellis/device.js +209 -0
- package/esm/trellis/errors/AuthError.d.ts +1 -1
- package/esm/trellis/errors/AuthError.js +9 -9
- package/esm/trellis/errors/StoreError.d.ts +22 -0
- package/esm/trellis/errors/StoreError.d.ts.map +1 -0
- package/esm/trellis/errors/StoreError.js +41 -0
- package/esm/trellis/errors/TransferError.d.ts +22 -0
- package/esm/trellis/errors/TransferError.d.ts.map +1 -0
- package/esm/trellis/errors/TransferError.js +41 -0
- package/esm/trellis/errors/index.d.ts +8 -0
- package/esm/trellis/errors/index.d.ts.map +1 -1
- package/esm/trellis/errors/index.js +8 -0
- package/esm/trellis/index.d.ts +10 -4
- package/esm/trellis/index.d.ts.map +1 -1
- package/esm/trellis/index.js +6 -4
- package/esm/trellis/kv.d.ts +2 -0
- package/esm/trellis/kv.d.ts.map +1 -1
- package/esm/trellis/kv.js +6 -0
- package/esm/trellis/models/trellis/TrellisError.d.ts +15 -1
- package/esm/trellis/models/trellis/TrellisError.d.ts.map +1 -1
- package/esm/trellis/models/trellis/TrellisError.js +4 -0
- package/esm/trellis/runtime_transport.d.ts +12 -0
- package/esm/trellis/runtime_transport.d.ts.map +1 -0
- package/esm/trellis/runtime_transport.js +35 -0
- package/esm/trellis/sdk/state.d.ts +4 -0
- package/esm/trellis/sdk/state.d.ts.map +1 -0
- package/esm/trellis/sdk/state.js +3 -0
- package/esm/trellis/store.d.ts +51 -0
- package/esm/trellis/store.d.ts.map +1 -0
- package/esm/trellis/store.js +310 -0
- package/esm/trellis/tracing.js +1 -1
- package/esm/trellis/transfer.d.ts +118 -0
- package/esm/trellis/transfer.d.ts.map +1 -0
- package/esm/trellis/transfer.js +357 -0
- package/esm/trellis/trellis.d.ts +3 -0
- package/esm/trellis/trellis.d.ts.map +1 -1
- package/esm/trellis/trellis.js +48 -17
- package/package.json +7 -2
- package/script/auth/device_activation.d.ts +194 -0
- package/script/auth/device_activation.d.ts.map +1 -0
- package/script/auth/{workload_activation.js → device_activation.js} +99 -74
- package/script/auth/mod.d.ts +2 -2
- package/script/auth/mod.d.ts.map +1 -1
- package/script/auth/mod.js +84 -76
- package/script/auth/protocol.d.ts +175 -72
- package/script/auth/protocol.d.ts.map +1 -1
- package/script/auth/protocol.js +129 -81
- package/script/contracts/mod.d.ts +19 -3
- package/script/contracts/mod.d.ts.map +1 -1
- package/script/contracts/mod.js +30 -4
- package/script/contracts/protocol.d.ts +34 -0
- package/script/contracts/protocol.d.ts.map +1 -1
- package/script/contracts/protocol.js +16 -1
- package/script/telemetry/init.d.ts +4 -0
- package/script/telemetry/init.d.ts.map +1 -0
- package/script/telemetry/init.js +11 -0
- package/script/telemetry/mod.d.ts +1 -2
- package/script/telemetry/mod.d.ts.map +1 -1
- package/script/telemetry/mod.js +1 -4
- package/script/telemetry/runtime.d.ts.map +1 -1
- package/script/telemetry/runtime.js +9 -28
- package/script/telemetry/trellis.d.ts +0 -1
- package/script/telemetry/trellis.d.ts.map +1 -1
- package/script/telemetry/trellis.js +0 -7
- package/script/trellis/_sdk/auth/api.d.ts.map +1 -1
- package/script/trellis/_sdk/auth/api.js +132 -110
- package/script/trellis/_sdk/auth/contract.d.ts +1 -1
- package/script/trellis/_sdk/auth/contract.d.ts.map +1 -1
- package/script/trellis/_sdk/auth/contract.js +2 -2
- package/script/trellis/_sdk/auth/schemas.d.ts +4212 -3069
- package/script/trellis/_sdk/auth/schemas.d.ts.map +1 -1
- package/script/trellis/_sdk/auth/schemas.js +144 -125
- package/script/trellis/_sdk/auth/types.d.ts +417 -267
- package/script/trellis/_sdk/auth/types.d.ts.map +1 -1
- package/script/trellis/_sdk/auth/types.js +1 -1
- package/script/trellis/_sdk/core/contract.d.ts +1 -1
- package/script/trellis/_sdk/core/contract.d.ts.map +1 -1
- package/script/trellis/_sdk/core/contract.js +2 -2
- package/script/trellis/_sdk/core/schemas.d.ts +122 -0
- package/script/trellis/_sdk/core/schemas.d.ts.map +1 -1
- package/script/trellis/_sdk/core/schemas.js +4 -4
- package/script/trellis/_sdk/core/types.d.ts +18 -1
- package/script/trellis/_sdk/core/types.d.ts.map +1 -1
- package/script/trellis/_sdk/core/types.js +1 -1
- package/script/trellis/_sdk/state/_dnt.polyfills.d.ts +12 -0
- package/script/trellis/_sdk/state/_dnt.polyfills.d.ts.map +1 -0
- package/script/trellis/_sdk/state/_dnt.polyfills.js +16 -0
- package/script/trellis/_sdk/state/api.d.ts +10 -0
- package/script/trellis/_sdk/state/api.d.ts.map +1 -0
- package/script/trellis/_sdk/state/api.js +74 -0
- package/script/trellis/_sdk/state/contract.d.ts +8 -0
- package/script/trellis/_sdk/state/contract.d.ts.map +1 -0
- package/script/trellis/_sdk/state/contract.js +62 -0
- package/script/trellis/_sdk/state/mod.d.ts +7 -0
- package/script/trellis/_sdk/state/mod.d.ts.map +1 -0
- package/script/trellis/_sdk/state/mod.js +30 -0
- package/script/trellis/_sdk/state/package.json +3 -0
- package/script/trellis/_sdk/state/schemas.d.ts +1437 -0
- package/script/trellis/_sdk/state/schemas.d.ts.map +1 -0
- package/script/trellis/_sdk/state/schemas.js +65 -0
- package/script/trellis/_sdk/state/types.d.ts +206 -0
- package/script/trellis/_sdk/state/types.d.ts.map +1 -0
- package/script/trellis/_sdk/state/types.js +6 -0
- package/script/trellis/client_connect.d.ts +53 -0
- package/script/trellis/client_connect.d.ts.map +1 -0
- package/script/trellis/client_connect.js +304 -0
- package/script/trellis/contract.d.ts +1 -7
- package/script/trellis/contract.d.ts.map +1 -1
- package/script/trellis/contract.js +1 -12
- package/script/trellis/device.d.ts +41 -0
- package/script/trellis/device.d.ts.map +1 -0
- package/script/trellis/device.js +213 -0
- package/script/trellis/errors/AuthError.d.ts +1 -1
- package/script/trellis/errors/AuthError.js +9 -9
- package/script/trellis/errors/StoreError.d.ts +22 -0
- package/script/trellis/errors/StoreError.d.ts.map +1 -0
- package/script/trellis/errors/StoreError.js +48 -0
- package/script/trellis/errors/TransferError.d.ts +22 -0
- package/script/trellis/errors/TransferError.d.ts.map +1 -0
- package/script/trellis/errors/TransferError.js +48 -0
- package/script/trellis/errors/index.d.ts +8 -0
- package/script/trellis/errors/index.d.ts.map +1 -1
- package/script/trellis/errors/index.js +13 -1
- package/script/trellis/index.d.ts +10 -4
- package/script/trellis/index.d.ts.map +1 -1
- package/script/trellis/index.js +17 -6
- package/script/trellis/kv.d.ts +2 -0
- package/script/trellis/kv.d.ts.map +1 -1
- package/script/trellis/kv.js +6 -0
- package/script/trellis/models/trellis/TrellisError.d.ts +15 -1
- package/script/trellis/models/trellis/TrellisError.d.ts.map +1 -1
- package/script/trellis/models/trellis/TrellisError.js +4 -0
- package/script/trellis/runtime_transport.d.ts +12 -0
- package/script/trellis/runtime_transport.d.ts.map +1 -0
- package/script/trellis/runtime_transport.js +37 -0
- package/script/trellis/store.d.ts +51 -0
- package/script/trellis/store.d.ts.map +1 -0
- package/script/trellis/store.js +316 -0
- package/script/trellis/tracing.js +1 -1
- package/script/trellis/transfer.d.ts +118 -0
- package/script/trellis/transfer.d.ts.map +1 -0
- package/script/trellis/transfer.js +367 -0
- package/script/trellis/trellis.d.ts +3 -0
- package/script/trellis/trellis.d.ts.map +1 -1
- package/script/trellis/trellis.js +48 -17
- package/esm/auth/workload_activation.d.ts +0 -192
- package/esm/auth/workload_activation.d.ts.map +0 -1
- package/esm/trellis/workload.d.ts +0 -45
- package/esm/trellis/workload.d.ts.map +0 -1
- package/esm/trellis/workload.js +0 -144
- package/script/auth/workload_activation.d.ts +0 -192
- package/script/auth/workload_activation.d.ts.map +0 -1
- package/script/trellis/workload.d.ts +0 -45
- package/script/trellis/workload.d.ts.map +0 -1
- package/script/trellis/workload.js +0 -172
|
@@ -0,0 +1,194 @@
|
|
|
1
|
+
import type { StaticDecode } from "typebox";
|
|
2
|
+
import { Type } from "typebox";
|
|
3
|
+
import type { NatsAuthTokenV1 } from "./schemas.ts";
|
|
4
|
+
import { AuthActivateDeviceResponseSchema, AuthActivateDeviceSchema, AuthGetDeviceActivationStatusResponseSchema, AuthGetDeviceActivationStatusSchema, AuthGetDeviceConnectInfoResponseSchema, AuthGetDeviceConnectInfoSchema, AuthListDeviceActivationsResponseSchema, AuthListDeviceActivationsSchema, AuthRevokeDeviceActivationResponseSchema, AuthRevokeDeviceActivationSchema, WaitForDeviceActivationResponseSchema } from "./protocol.ts";
|
|
5
|
+
export declare const DeviceActivationPayloadSchema: Type.TObject<{
|
|
6
|
+
v: Type.TLiteral<1>;
|
|
7
|
+
publicIdentityKey: Type.TString;
|
|
8
|
+
nonce: Type.TString;
|
|
9
|
+
qrMac: Type.TString;
|
|
10
|
+
}>;
|
|
11
|
+
export declare const DeviceActivationWaitRequestSchema: Type.TObject<{
|
|
12
|
+
publicIdentityKey: Type.TString;
|
|
13
|
+
nonce: Type.TString;
|
|
14
|
+
contractDigest: Type.TOptional<Type.TString>;
|
|
15
|
+
iat: Type.TNumber;
|
|
16
|
+
sig: Type.TString;
|
|
17
|
+
}>;
|
|
18
|
+
export type DeviceActivationPayload = StaticDecode<typeof DeviceActivationPayloadSchema>;
|
|
19
|
+
export type DeviceActivationWaitRequest = StaticDecode<typeof DeviceActivationWaitRequestSchema>;
|
|
20
|
+
export type WaitForDeviceActivationResponse = StaticDecode<typeof WaitForDeviceActivationResponseSchema>;
|
|
21
|
+
export type AuthActivateDeviceInput = StaticDecode<typeof AuthActivateDeviceSchema>;
|
|
22
|
+
export type AuthActivateDeviceOutput = StaticDecode<typeof AuthActivateDeviceResponseSchema>;
|
|
23
|
+
export type AuthGetDeviceActivationStatusInput = StaticDecode<typeof AuthGetDeviceActivationStatusSchema>;
|
|
24
|
+
export type AuthGetDeviceActivationStatusOutput = StaticDecode<typeof AuthGetDeviceActivationStatusResponseSchema>;
|
|
25
|
+
export type AuthListDeviceActivationsInput = StaticDecode<typeof AuthListDeviceActivationsSchema>;
|
|
26
|
+
export type AuthListDeviceActivationsOutput = StaticDecode<typeof AuthListDeviceActivationsResponseSchema>;
|
|
27
|
+
export type AuthRevokeDeviceActivationInput = StaticDecode<typeof AuthRevokeDeviceActivationSchema>;
|
|
28
|
+
export type AuthRevokeDeviceActivationResponse = StaticDecode<typeof AuthRevokeDeviceActivationResponseSchema>;
|
|
29
|
+
export type GetDeviceConnectInfoInput = StaticDecode<typeof AuthGetDeviceConnectInfoSchema>;
|
|
30
|
+
export type GetDeviceConnectInfoOutput = StaticDecode<typeof AuthGetDeviceConnectInfoResponseSchema>;
|
|
31
|
+
export type DeviceIdentity = {
|
|
32
|
+
identitySeed: Uint8Array;
|
|
33
|
+
identitySeedBase64url: string;
|
|
34
|
+
publicIdentityKey: string;
|
|
35
|
+
activationKey: Uint8Array;
|
|
36
|
+
activationKeyBase64url: string;
|
|
37
|
+
};
|
|
38
|
+
type DeviceActivationRpcMethod = "Auth.ActivateDevice" | "Auth.GetDeviceActivationStatus" | "Auth.ListDeviceActivations" | "Auth.RevokeDeviceActivation" | "Auth.GetDeviceConnectInfo";
|
|
39
|
+
type DeviceActivationRpcInputMap = {
|
|
40
|
+
"Auth.ActivateDevice": AuthActivateDeviceInput;
|
|
41
|
+
"Auth.GetDeviceActivationStatus": AuthGetDeviceActivationStatusInput;
|
|
42
|
+
"Auth.ListDeviceActivations": AuthListDeviceActivationsInput;
|
|
43
|
+
"Auth.RevokeDeviceActivation": AuthRevokeDeviceActivationInput;
|
|
44
|
+
"Auth.GetDeviceConnectInfo": GetDeviceConnectInfoInput;
|
|
45
|
+
};
|
|
46
|
+
type DeviceActivationRpcOutputMap = {
|
|
47
|
+
"Auth.ActivateDevice": AuthActivateDeviceOutput;
|
|
48
|
+
"Auth.GetDeviceActivationStatus": AuthGetDeviceActivationStatusOutput;
|
|
49
|
+
"Auth.ListDeviceActivations": AuthListDeviceActivationsOutput;
|
|
50
|
+
"Auth.RevokeDeviceActivation": AuthRevokeDeviceActivationResponse;
|
|
51
|
+
"Auth.GetDeviceConnectInfo": GetDeviceConnectInfoOutput;
|
|
52
|
+
};
|
|
53
|
+
type RequestClient = {
|
|
54
|
+
requestOrThrow<M extends DeviceActivationRpcMethod>(method: M, input: DeviceActivationRpcInputMap[M], opts?: unknown): Promise<DeviceActivationRpcOutputMap[M]>;
|
|
55
|
+
};
|
|
56
|
+
export type DeviceActivationTransport = RequestClient;
|
|
57
|
+
export declare function deriveDeviceIdentity(deviceRootSecret: Uint8Array): Promise<DeviceIdentity>;
|
|
58
|
+
export declare function deriveDeviceQrMac(input: {
|
|
59
|
+
activationKey: Uint8Array | string;
|
|
60
|
+
publicIdentityKey: string;
|
|
61
|
+
nonce: string;
|
|
62
|
+
}): Promise<string>;
|
|
63
|
+
export declare function buildDeviceActivationPayload(input: {
|
|
64
|
+
activationKey: Uint8Array | string;
|
|
65
|
+
publicIdentityKey: string;
|
|
66
|
+
nonce: string;
|
|
67
|
+
}): Promise<DeviceActivationPayload>;
|
|
68
|
+
export declare function encodeDeviceActivationPayload(payload: DeviceActivationPayload): string;
|
|
69
|
+
export declare function parseDeviceActivationPayload(value: string): DeviceActivationPayload;
|
|
70
|
+
export declare function buildDeviceActivationUrl(args: {
|
|
71
|
+
trellisUrl: string;
|
|
72
|
+
payload: DeviceActivationPayload | string;
|
|
73
|
+
}): string;
|
|
74
|
+
export declare function deriveDeviceConfirmationCode(input: {
|
|
75
|
+
activationKey: Uint8Array | string;
|
|
76
|
+
publicIdentityKey: string;
|
|
77
|
+
nonce: string;
|
|
78
|
+
}): Promise<string>;
|
|
79
|
+
export declare function verifyDeviceConfirmationCode(input: {
|
|
80
|
+
activationKey: Uint8Array | string;
|
|
81
|
+
publicIdentityKey: string;
|
|
82
|
+
nonce: string;
|
|
83
|
+
confirmationCode: string;
|
|
84
|
+
}): Promise<boolean>;
|
|
85
|
+
export declare function buildDeviceWaitProofInput(publicIdentityKey: string, nonce: string, iat: number): Uint8Array;
|
|
86
|
+
export declare function signDeviceWaitRequest(args: {
|
|
87
|
+
publicIdentityKey: string;
|
|
88
|
+
nonce: string;
|
|
89
|
+
identitySeed: Uint8Array | string;
|
|
90
|
+
contractDigest?: string;
|
|
91
|
+
iat?: number;
|
|
92
|
+
}): Promise<DeviceActivationWaitRequest>;
|
|
93
|
+
export declare function createDeviceNatsAuthToken(args: {
|
|
94
|
+
publicIdentityKey: string;
|
|
95
|
+
identitySeed: Uint8Array | string;
|
|
96
|
+
contractDigest: string;
|
|
97
|
+
iat?: number;
|
|
98
|
+
}): Promise<NatsAuthTokenV1 & {
|
|
99
|
+
contractDigest: string;
|
|
100
|
+
}>;
|
|
101
|
+
export declare function waitForDeviceActivation(args: {
|
|
102
|
+
trellisUrl: string;
|
|
103
|
+
publicIdentityKey: string;
|
|
104
|
+
nonce: string;
|
|
105
|
+
identitySeed: Uint8Array | string;
|
|
106
|
+
contractDigest: string;
|
|
107
|
+
signal?: AbortSignal;
|
|
108
|
+
pollIntervalMs?: number;
|
|
109
|
+
}): Promise<Extract<WaitForDeviceActivationResponse, {
|
|
110
|
+
status: "activated";
|
|
111
|
+
}>>;
|
|
112
|
+
export declare function getDeviceConnectInfo(args: {
|
|
113
|
+
trellisUrl: string;
|
|
114
|
+
publicIdentityKey: string;
|
|
115
|
+
identitySeed: Uint8Array | string;
|
|
116
|
+
contractDigest: string;
|
|
117
|
+
iat?: number;
|
|
118
|
+
}): Promise<GetDeviceConnectInfoOutput>;
|
|
119
|
+
export declare function createDeviceActivationClient(client: DeviceActivationTransport): {
|
|
120
|
+
activateDevice(input: AuthActivateDeviceInput): Promise<{
|
|
121
|
+
confirmationCode?: string | undefined;
|
|
122
|
+
status: "activated";
|
|
123
|
+
profileId: string;
|
|
124
|
+
instanceId: string;
|
|
125
|
+
activatedAt: string;
|
|
126
|
+
} | {
|
|
127
|
+
status: "pending_review";
|
|
128
|
+
profileId: string;
|
|
129
|
+
instanceId: string;
|
|
130
|
+
reviewId: string;
|
|
131
|
+
linkRequestId: string;
|
|
132
|
+
requestedAt: string;
|
|
133
|
+
} | {
|
|
134
|
+
reason?: string | undefined;
|
|
135
|
+
status: "rejected";
|
|
136
|
+
}>;
|
|
137
|
+
getDeviceActivationStatus(input: AuthGetDeviceActivationStatusInput): Promise<{
|
|
138
|
+
confirmationCode?: string | undefined;
|
|
139
|
+
status: "activated";
|
|
140
|
+
profileId: string;
|
|
141
|
+
instanceId: string;
|
|
142
|
+
activatedAt: string;
|
|
143
|
+
} | {
|
|
144
|
+
status: "pending_review";
|
|
145
|
+
profileId: string;
|
|
146
|
+
instanceId: string;
|
|
147
|
+
reviewId: string;
|
|
148
|
+
linkRequestId: string;
|
|
149
|
+
requestedAt: string;
|
|
150
|
+
} | {
|
|
151
|
+
reason?: string | undefined;
|
|
152
|
+
status: "rejected";
|
|
153
|
+
}>;
|
|
154
|
+
listDeviceActivations(input?: AuthListDeviceActivationsInput): Promise<{
|
|
155
|
+
activations: {
|
|
156
|
+
activatedBy?: {
|
|
157
|
+
origin: string;
|
|
158
|
+
id: string;
|
|
159
|
+
} | undefined;
|
|
160
|
+
profileId: string;
|
|
161
|
+
instanceId: string;
|
|
162
|
+
publicIdentityKey: string;
|
|
163
|
+
state: "activated" | "revoked";
|
|
164
|
+
activatedAt: string;
|
|
165
|
+
revokedAt: string | null;
|
|
166
|
+
}[];
|
|
167
|
+
}>;
|
|
168
|
+
revokeDeviceActivation(input: AuthRevokeDeviceActivationInput): Promise<{
|
|
169
|
+
success: boolean;
|
|
170
|
+
}>;
|
|
171
|
+
getDeviceConnectInfo(input: GetDeviceConnectInfoInput): Promise<{
|
|
172
|
+
status: "ready";
|
|
173
|
+
connectInfo: {
|
|
174
|
+
contractDigest: string;
|
|
175
|
+
contractId: string;
|
|
176
|
+
profileId: string;
|
|
177
|
+
instanceId: string;
|
|
178
|
+
transport: {
|
|
179
|
+
sentinel: {
|
|
180
|
+
jwt: string;
|
|
181
|
+
seed: string;
|
|
182
|
+
};
|
|
183
|
+
natsServers: string[];
|
|
184
|
+
};
|
|
185
|
+
auth: {
|
|
186
|
+
mode: "device_identity";
|
|
187
|
+
iatSkewSeconds: number;
|
|
188
|
+
};
|
|
189
|
+
};
|
|
190
|
+
}>;
|
|
191
|
+
};
|
|
192
|
+
export declare function verifyDeviceWaitSignature(input: DeviceActivationWaitRequest): Promise<boolean>;
|
|
193
|
+
export {};
|
|
194
|
+
//# sourceMappingURL=device_activation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"device_activation.d.ts","sourceRoot":"","sources":["../../../../auth/device_activation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAQ/B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EACL,gCAAgC,EAChC,wBAAwB,EACxB,2CAA2C,EAC3C,mCAAmC,EACnC,sCAAsC,EACtC,8BAA8B,EAC9B,uCAAuC,EACvC,+BAA+B,EAC/B,wCAAwC,EACxC,gCAAgC,EAChC,qCAAqC,EACtC,MAAM,eAAe,CAAC;AAgBvB,eAAO,MAAM,6BAA6B;;;;;EAKP,CAAC;AAEpC,eAAO,MAAM,iCAAiC;;;;;;EAMX,CAAC;AAEpC,MAAM,MAAM,uBAAuB,GAAG,YAAY,CAChD,OAAO,6BAA6B,CACrC,CAAC;AACF,MAAM,MAAM,2BAA2B,GAAG,YAAY,CACpD,OAAO,iCAAiC,CACzC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,YAAY,CACxD,OAAO,qCAAqC,CAC7C,CAAC;AACF,MAAM,MAAM,uBAAuB,GAAG,YAAY,CAChD,OAAO,wBAAwB,CAChC,CAAC;AACF,MAAM,MAAM,wBAAwB,GAAG,YAAY,CACjD,OAAO,gCAAgC,CACxC,CAAC;AACF,MAAM,MAAM,kCAAkC,GAAG,YAAY,CAC3D,OAAO,mCAAmC,CAC3C,CAAC;AACF,MAAM,MAAM,mCAAmC,GAAG,YAAY,CAC5D,OAAO,2CAA2C,CACnD,CAAC;AACF,MAAM,MAAM,8BAA8B,GAAG,YAAY,CACvD,OAAO,+BAA+B,CACvC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,YAAY,CACxD,OAAO,uCAAuC,CAC/C,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,YAAY,CACxD,OAAO,gCAAgC,CACxC,CAAC;AACF,MAAM,MAAM,kCAAkC,GAAG,YAAY,CAC3D,OAAO,wCAAwC,CAChD,CAAC;AACF,MAAM,MAAM,yBAAyB,GAAG,YAAY,CAClD,OAAO,8BAA8B,CACtC,CAAC;AACF,MAAM,MAAM,0BAA0B,GAAG,YAAY,CACnD,OAAO,sCAAsC,CAC9C,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,UAAU,CAAC;IACzB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,UAAU,CAAC;IAC1B,sBAAsB,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,KAAK,yBAAyB,GAC1B,qBAAqB,GACrB,gCAAgC,GAChC,4BAA4B,GAC5B,6BAA6B,GAC7B,2BAA2B,CAAC;AAEhC,KAAK,2BAA2B,GAAG;IACjC,qBAAqB,EAAE,uBAAuB,CAAC;IAC/C,gCAAgC,EAAE,kCAAkC,CAAC;IACrE,4BAA4B,EAAE,8BAA8B,CAAC;IAC7D,6BAA6B,EAAE,+BAA+B,CAAC;IAC/D,2BAA2B,EAAE,yBAAyB,CAAC;CACxD,CAAC;AAEF,KAAK,4BAA4B,GAAG;IAClC,qBAAqB,EAAE,wBAAwB,CAAC;IAChD,gCAAgC,EAAE,mCAAmC,CAAC;IACtE,4BAA4B,EAAE,+BAA+B,CAAC;IAC9D,6BAA6B,EAAE,kCAAkC,CAAC;IAClE,2BAA2B,EAAE,0BAA0B,CAAC;CACzD,CAAC;AAEF,KAAK,aAAa,GAAG;IACnB,cAAc,CAAC,CAAC,SAAS,yBAAyB,EAChD,MAAM,EAAE,CAAC,EACT,KAAK,EAAE,2BAA2B,CAAC,CAAC,CAAC,EACrC,IAAI,CAAC,EAAE,OAAO,GACb,OAAO,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAC,CAAC;CAC7C,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG,aAAa,CAAC;AA6HtD,wBAAsB,oBAAoB,CACxC,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,cAAc,CAAC,CA8BzB;AAED,wBAAsB,iBAAiB,CAAC,KAAK,EAAE;IAC7C,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,MAAM,CAAC,CAclB;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAQnC;AAED,wBAAgB,6BAA6B,CAC3C,OAAO,EAAE,uBAAuB,GAC/B,MAAM,CAER;AAED,wBAAgB,4BAA4B,CAC1C,KAAK,EAAE,MAAM,GACZ,uBAAuB,CAOzB;AAED,wBAAgB,wBAAwB,CAAC,IAAI,EAAE;IAC7C,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,uBAAuB,GAAG,MAAM,CAAC;CAC3C,GAAG,MAAM,CAUT;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,MAAM,CAAC,CAclB;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,CAAC;CAC1B,GAAG,OAAO,CAAC,OAAO,CAAC,CAInB;AAED,wBAAgB,yBAAyB,CACvC,iBAAiB,EAAE,MAAM,EACzB,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,GACV,UAAU,CAwBZ;AAED,wBAAsB,qBAAqB,CAAC,IAAI,EAAE;IAChD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,2BAA2B,CAAC,CA0BvC;AAED,wBAAsB,yBAAyB,CAAC,IAAI,EAAE;IACpD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,eAAe,GAAG;IAAE,cAAc,EAAE,MAAM,CAAA;CAAE,CAAC,CAoBxD;AAED,wBAAsB,uBAAuB,CAAC,IAAI,EAAE;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CACT,OAAO,CAAC,+BAA+B,EAAE;IAAE,MAAM,EAAE,WAAW,CAAA;CAAE,CAAC,CAClE,CAoCA;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE;IAC/C,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,0BAA0B,CAAC,CA8BtC;AAED,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,yBAAyB;0BAGT,uBAAuB;;;;;;;;;;;;;;;;;qCAGZ,kCAAkC;;;;;;;;;;;;;;;;;kCAGtC,8BAA8B;;;;;;;;;;;;;;kCAG7B,+BAA+B;;;gCAGjC,yBAAyB;;;;;;;;;;;;;;;;;;;;EAIxD;AAED,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,2BAA2B,GACjC,OAAO,CAAC,OAAO,CAAC,CAiBlB"}
|
|
@@ -1,39 +1,39 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
4
|
-
exports.
|
|
5
|
-
exports.
|
|
6
|
-
exports.
|
|
7
|
-
exports.
|
|
8
|
-
exports.
|
|
9
|
-
exports.
|
|
10
|
-
exports.
|
|
11
|
-
exports.
|
|
12
|
-
exports.
|
|
13
|
-
exports.
|
|
14
|
-
exports.
|
|
15
|
-
exports.
|
|
16
|
-
exports.
|
|
17
|
-
exports.
|
|
18
|
-
exports.
|
|
3
|
+
exports.DeviceActivationWaitRequestSchema = exports.DeviceActivationPayloadSchema = void 0;
|
|
4
|
+
exports.deriveDeviceIdentity = deriveDeviceIdentity;
|
|
5
|
+
exports.deriveDeviceQrMac = deriveDeviceQrMac;
|
|
6
|
+
exports.buildDeviceActivationPayload = buildDeviceActivationPayload;
|
|
7
|
+
exports.encodeDeviceActivationPayload = encodeDeviceActivationPayload;
|
|
8
|
+
exports.parseDeviceActivationPayload = parseDeviceActivationPayload;
|
|
9
|
+
exports.buildDeviceActivationUrl = buildDeviceActivationUrl;
|
|
10
|
+
exports.deriveDeviceConfirmationCode = deriveDeviceConfirmationCode;
|
|
11
|
+
exports.verifyDeviceConfirmationCode = verifyDeviceConfirmationCode;
|
|
12
|
+
exports.buildDeviceWaitProofInput = buildDeviceWaitProofInput;
|
|
13
|
+
exports.signDeviceWaitRequest = signDeviceWaitRequest;
|
|
14
|
+
exports.createDeviceNatsAuthToken = createDeviceNatsAuthToken;
|
|
15
|
+
exports.waitForDeviceActivation = waitForDeviceActivation;
|
|
16
|
+
exports.getDeviceConnectInfo = getDeviceConnectInfo;
|
|
17
|
+
exports.createDeviceActivationClient = createDeviceActivationClient;
|
|
18
|
+
exports.verifyDeviceWaitSignature = verifyDeviceWaitSignature;
|
|
19
19
|
const typebox_1 = require("typebox");
|
|
20
20
|
const value_1 = require("typebox/value");
|
|
21
21
|
const keys_ts_1 = require("./keys.ts");
|
|
22
22
|
const protocol_ts_1 = require("./protocol.ts");
|
|
23
23
|
const utils_ts_1 = require("./utils.ts");
|
|
24
|
-
const
|
|
25
|
-
const
|
|
26
|
-
const
|
|
27
|
-
const
|
|
24
|
+
const DEVICE_IDENTITY_HKDF_INFO = "trellis/device-identity/v1";
|
|
25
|
+
const DEVICE_ACTIVATION_HKDF_INFO = "trellis/device-activate/v1";
|
|
26
|
+
const DEVICE_QR_MAC_DOMAIN = "trellis-device-qr/v1";
|
|
27
|
+
const DEVICE_CONFIRMATION_DOMAIN = "trellis-device-confirm/v1";
|
|
28
28
|
const CROCKFORD_ALPHABET = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
|
|
29
29
|
const DEFAULT_WAIT_POLL_INTERVAL_MS = 1_000;
|
|
30
|
-
exports.
|
|
30
|
+
exports.DeviceActivationPayloadSchema = typebox_1.Type.Object({
|
|
31
31
|
v: typebox_1.Type.Literal(1),
|
|
32
32
|
publicIdentityKey: typebox_1.Type.String({ minLength: 1 }),
|
|
33
33
|
nonce: typebox_1.Type.String({ minLength: 1 }),
|
|
34
34
|
qrMac: typebox_1.Type.String({ minLength: 1 }),
|
|
35
35
|
}, { additionalProperties: false });
|
|
36
|
-
exports.
|
|
36
|
+
exports.DeviceActivationWaitRequestSchema = typebox_1.Type.Object({
|
|
37
37
|
publicIdentityKey: typebox_1.Type.String({ minLength: 1 }),
|
|
38
38
|
nonce: typebox_1.Type.String({ minLength: 1 }),
|
|
39
39
|
contractDigest: typebox_1.Type.Optional(typebox_1.Type.String({ minLength: 1 })),
|
|
@@ -96,8 +96,9 @@ function normalizeCrockford(value) {
|
|
|
96
96
|
return value.trim().toUpperCase().replace(/O/g, "0").replace(/[IL]/g, "1");
|
|
97
97
|
}
|
|
98
98
|
async function sleep(ms, signal) {
|
|
99
|
-
if (signal?.aborted)
|
|
99
|
+
if (signal?.aborted) {
|
|
100
100
|
throw signal.reason ?? new DOMException("Aborted", "AbortError");
|
|
101
|
+
}
|
|
101
102
|
await new Promise((resolve, reject) => {
|
|
102
103
|
const timer = setTimeout(() => {
|
|
103
104
|
signal?.removeEventListener("abort", onAbort);
|
|
@@ -110,12 +111,30 @@ async function sleep(ms, signal) {
|
|
|
110
111
|
signal?.addEventListener("abort", onAbort, { once: true });
|
|
111
112
|
});
|
|
112
113
|
}
|
|
113
|
-
async function
|
|
114
|
-
|
|
115
|
-
|
|
114
|
+
async function responseErrorDetail(response) {
|
|
115
|
+
const text = await response.text();
|
|
116
|
+
if (!text)
|
|
117
|
+
return null;
|
|
118
|
+
try {
|
|
119
|
+
const parsed = JSON.parse(text);
|
|
120
|
+
if (typeof parsed.reason === "string" && parsed.reason.length > 0) {
|
|
121
|
+
return parsed.reason;
|
|
122
|
+
}
|
|
123
|
+
if (typeof parsed.message === "string" && parsed.message.length > 0) {
|
|
124
|
+
return parsed.message;
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
catch {
|
|
128
|
+
// Fall through to raw text below.
|
|
129
|
+
}
|
|
130
|
+
return text;
|
|
131
|
+
}
|
|
132
|
+
async function deriveDeviceIdentity(deviceRootSecret) {
|
|
133
|
+
if (deviceRootSecret.length !== 32) {
|
|
134
|
+
throw new Error(`Invalid device root secret length: ${deviceRootSecret.length} (expected 32)`);
|
|
116
135
|
}
|
|
117
|
-
const identitySeed = await hkdfSha256(
|
|
118
|
-
const activationKey = await hkdfSha256(
|
|
136
|
+
const identitySeed = await hkdfSha256(deviceRootSecret, DEVICE_IDENTITY_HKDF_INFO, 32);
|
|
137
|
+
const activationKey = await hkdfSha256(deviceRootSecret, DEVICE_ACTIVATION_HKDF_INFO, 32);
|
|
119
138
|
const identitySeedBase64url = (0, utils_ts_1.base64urlEncode)(identitySeed);
|
|
120
139
|
const identityPrivateKey = await (0, keys_ts_1.importEd25519PrivateKeyFromSeedBase64url)(identitySeedBase64url);
|
|
121
140
|
const publicIdentityKey = await (0, keys_ts_1.publicKeyBase64urlFromPrivateKey)(identityPrivateKey);
|
|
@@ -127,17 +146,17 @@ async function deriveWorkloadIdentity(workloadRootSecret) {
|
|
|
127
146
|
activationKeyBase64url: (0, utils_ts_1.base64urlEncode)(activationKey),
|
|
128
147
|
};
|
|
129
148
|
}
|
|
130
|
-
async function
|
|
149
|
+
async function deriveDeviceQrMac(input) {
|
|
131
150
|
const activationKey = normalizeSecretBytes(input.activationKey, "activationKey");
|
|
132
151
|
const mac = await hmacSha256(activationKey, concatBytes([
|
|
133
|
-
(0, utils_ts_1.utf8)(
|
|
152
|
+
(0, utils_ts_1.utf8)(DEVICE_QR_MAC_DOMAIN),
|
|
134
153
|
(0, utils_ts_1.utf8)(input.publicIdentityKey),
|
|
135
154
|
(0, utils_ts_1.utf8)(input.nonce),
|
|
136
155
|
]));
|
|
137
156
|
return (0, utils_ts_1.base64urlEncode)(mac.slice(0, 8));
|
|
138
157
|
}
|
|
139
|
-
async function
|
|
140
|
-
const qrMac = await
|
|
158
|
+
async function buildDeviceActivationPayload(input) {
|
|
159
|
+
const qrMac = await deriveDeviceQrMac(input);
|
|
141
160
|
return {
|
|
142
161
|
v: 1,
|
|
143
162
|
publicIdentityKey: input.publicIdentityKey,
|
|
@@ -145,37 +164,40 @@ async function buildWorkloadActivationPayload(input) {
|
|
|
145
164
|
qrMac,
|
|
146
165
|
};
|
|
147
166
|
}
|
|
148
|
-
function
|
|
167
|
+
function encodeDeviceActivationPayload(payload) {
|
|
149
168
|
return (0, utils_ts_1.base64urlEncode)((0, utils_ts_1.utf8)(JSON.stringify(payload)));
|
|
150
169
|
}
|
|
151
|
-
function
|
|
170
|
+
function parseDeviceActivationPayload(value) {
|
|
152
171
|
const decoded = new TextDecoder().decode((0, utils_ts_1.base64urlDecode)(value));
|
|
153
172
|
const parsed = JSON.parse(decoded);
|
|
154
|
-
if (!value_1.Value.Check(exports.
|
|
155
|
-
throw new Error("Invalid
|
|
173
|
+
if (!value_1.Value.Check(exports.DeviceActivationPayloadSchema, parsed)) {
|
|
174
|
+
throw new Error("Invalid device activation payload");
|
|
156
175
|
}
|
|
157
176
|
return parsed;
|
|
158
177
|
}
|
|
159
|
-
function
|
|
178
|
+
function buildDeviceActivationUrl(args) {
|
|
160
179
|
const baseUrl = new URL(args.trellisUrl);
|
|
161
|
-
baseUrl.pathname = "/auth/
|
|
162
|
-
baseUrl.searchParams.set("payload", typeof args.payload === "string"
|
|
180
|
+
baseUrl.pathname = "/auth/devices/activate";
|
|
181
|
+
baseUrl.searchParams.set("payload", typeof args.payload === "string"
|
|
182
|
+
? args.payload
|
|
183
|
+
: encodeDeviceActivationPayload(args.payload));
|
|
163
184
|
return baseUrl.toString();
|
|
164
185
|
}
|
|
165
|
-
async function
|
|
186
|
+
async function deriveDeviceConfirmationCode(input) {
|
|
166
187
|
const activationKey = normalizeSecretBytes(input.activationKey, "activationKey");
|
|
167
188
|
const mac = await hmacSha256(activationKey, concatBytes([
|
|
168
|
-
(0, utils_ts_1.utf8)(
|
|
189
|
+
(0, utils_ts_1.utf8)(DEVICE_CONFIRMATION_DOMAIN),
|
|
169
190
|
(0, utils_ts_1.utf8)(input.publicIdentityKey),
|
|
170
191
|
(0, utils_ts_1.utf8)(input.nonce),
|
|
171
192
|
]));
|
|
172
193
|
return crockfordEncode(mac.slice(0, 5)).slice(0, 8);
|
|
173
194
|
}
|
|
174
|
-
async function
|
|
175
|
-
const expected = await
|
|
176
|
-
return normalizeCrockford(expected) ===
|
|
195
|
+
async function verifyDeviceConfirmationCode(input) {
|
|
196
|
+
const expected = await deriveDeviceConfirmationCode(input);
|
|
197
|
+
return normalizeCrockford(expected) ===
|
|
198
|
+
normalizeCrockford(input.confirmationCode);
|
|
177
199
|
}
|
|
178
|
-
function
|
|
200
|
+
function buildDeviceWaitProofInput(publicIdentityKey, nonce, iat) {
|
|
179
201
|
const enc = new TextEncoder();
|
|
180
202
|
const publicIdentityKeyBytes = enc.encode(publicIdentityKey);
|
|
181
203
|
const nonceBytes = enc.encode(nonce);
|
|
@@ -198,11 +220,11 @@ function buildWorkloadWaitProofInput(publicIdentityKey, nonce, iat) {
|
|
|
198
220
|
buf.set(iatBytes, offset);
|
|
199
221
|
return buf;
|
|
200
222
|
}
|
|
201
|
-
async function
|
|
223
|
+
async function signDeviceWaitRequest(args) {
|
|
202
224
|
const identitySeed = normalizeSecretBytes(args.identitySeed, "identitySeed");
|
|
203
225
|
const identityPrivateKey = await (0, keys_ts_1.importEd25519PrivateKeyFromSeedBase64url)((0, utils_ts_1.base64urlEncode)(identitySeed));
|
|
204
226
|
const iat = args.iat ?? Math.floor(Date.now() / 1_000);
|
|
205
|
-
const proofInput =
|
|
227
|
+
const proofInput = buildDeviceWaitProofInput(args.publicIdentityKey, args.nonce, iat);
|
|
206
228
|
const proofHash = await (0, utils_ts_1.sha256)(proofInput);
|
|
207
229
|
const signature = new Uint8Array(await crypto.subtle.sign("Ed25519", identityPrivateKey, (0, utils_ts_1.toArrayBuffer)(proofHash)));
|
|
208
230
|
return {
|
|
@@ -213,7 +235,7 @@ async function signWorkloadWaitRequest(args) {
|
|
|
213
235
|
sig: (0, utils_ts_1.base64urlEncode)(signature),
|
|
214
236
|
};
|
|
215
237
|
}
|
|
216
|
-
async function
|
|
238
|
+
async function createDeviceNatsAuthToken(args) {
|
|
217
239
|
const identitySeed = normalizeSecretBytes(args.identitySeed, "identitySeed");
|
|
218
240
|
const identityPrivateKey = await (0, keys_ts_1.importEd25519PrivateKeyFromSeedBase64url)((0, utils_ts_1.base64urlEncode)(identitySeed));
|
|
219
241
|
const iat = args.iat ?? Math.floor(Date.now() / 1_000);
|
|
@@ -227,35 +249,38 @@ async function createWorkloadNatsAuthToken(args) {
|
|
|
227
249
|
contractDigest: args.contractDigest,
|
|
228
250
|
};
|
|
229
251
|
}
|
|
230
|
-
async function
|
|
252
|
+
async function waitForDeviceActivation(args) {
|
|
231
253
|
const pollIntervalMs = args.pollIntervalMs ?? DEFAULT_WAIT_POLL_INTERVAL_MS;
|
|
232
254
|
while (true) {
|
|
233
|
-
const request = await
|
|
234
|
-
const response = await fetch(new URL("/auth/
|
|
255
|
+
const request = await signDeviceWaitRequest(args);
|
|
256
|
+
const response = await fetch(new URL("/auth/devices/activate/wait", args.trellisUrl), {
|
|
235
257
|
method: "POST",
|
|
236
258
|
headers: { "Content-Type": "application/json" },
|
|
237
259
|
body: JSON.stringify(request),
|
|
238
260
|
signal: args.signal,
|
|
239
261
|
});
|
|
240
262
|
if (!response.ok) {
|
|
241
|
-
|
|
263
|
+
const detail = await responseErrorDetail(response);
|
|
264
|
+
throw new Error(detail
|
|
265
|
+
? `device activation wait failed: ${response.status} ${detail}`
|
|
266
|
+
: `device activation wait failed: ${response.status}`);
|
|
242
267
|
}
|
|
243
268
|
const body = await response.json();
|
|
244
|
-
if (!value_1.Value.Check(protocol_ts_1.
|
|
245
|
-
throw new Error("Invalid
|
|
269
|
+
if (!value_1.Value.Check(protocol_ts_1.WaitForDeviceActivationResponseSchema, body)) {
|
|
270
|
+
throw new Error("Invalid device activation wait response");
|
|
246
271
|
}
|
|
247
272
|
if (body.status === "pending") {
|
|
248
273
|
await sleep(pollIntervalMs, args.signal);
|
|
249
274
|
continue;
|
|
250
275
|
}
|
|
251
276
|
if (body.status === "rejected") {
|
|
252
|
-
throw new Error(`
|
|
277
|
+
throw new Error(`device activation rejected: ${body.reason ?? "unknown_reason"}`);
|
|
253
278
|
}
|
|
254
279
|
return body;
|
|
255
280
|
}
|
|
256
281
|
}
|
|
257
|
-
async function
|
|
258
|
-
const request = await
|
|
282
|
+
async function getDeviceConnectInfo(args) {
|
|
283
|
+
const request = await signDeviceWaitRequest({
|
|
259
284
|
publicIdentityKey: args.publicIdentityKey,
|
|
260
285
|
identitySeed: args.identitySeed,
|
|
261
286
|
contractDigest: args.contractDigest,
|
|
@@ -268,41 +293,41 @@ async function getWorkloadConnectInfo(args) {
|
|
|
268
293
|
iat: request.iat,
|
|
269
294
|
sig: request.sig,
|
|
270
295
|
};
|
|
271
|
-
const response = await fetch(new URL("/auth/
|
|
296
|
+
const response = await fetch(new URL("/auth/devices/connect-info", args.trellisUrl), {
|
|
272
297
|
method: "POST",
|
|
273
298
|
headers: { "Content-Type": "application/json" },
|
|
274
299
|
body: JSON.stringify(payload),
|
|
275
300
|
});
|
|
276
301
|
if (!response.ok) {
|
|
277
|
-
throw new Error(`
|
|
302
|
+
throw new Error(`device connect info failed: ${response.status}`);
|
|
278
303
|
}
|
|
279
304
|
const body = await response.json();
|
|
280
|
-
if (!value_1.Value.Check(protocol_ts_1.
|
|
281
|
-
throw new Error("Invalid
|
|
305
|
+
if (!value_1.Value.Check(protocol_ts_1.AuthGetDeviceConnectInfoResponseSchema, body)) {
|
|
306
|
+
throw new Error("Invalid device connect info response");
|
|
282
307
|
}
|
|
283
308
|
return body;
|
|
284
309
|
}
|
|
285
|
-
function
|
|
310
|
+
function createDeviceActivationClient(client) {
|
|
286
311
|
return {
|
|
287
|
-
|
|
288
|
-
return client.requestOrThrow("Auth.
|
|
312
|
+
activateDevice(input) {
|
|
313
|
+
return client.requestOrThrow("Auth.ActivateDevice", input);
|
|
289
314
|
},
|
|
290
|
-
|
|
291
|
-
return client.requestOrThrow("Auth.
|
|
315
|
+
getDeviceActivationStatus(input) {
|
|
316
|
+
return client.requestOrThrow("Auth.GetDeviceActivationStatus", input);
|
|
292
317
|
},
|
|
293
|
-
|
|
294
|
-
return client.requestOrThrow("Auth.
|
|
318
|
+
listDeviceActivations(input = {}) {
|
|
319
|
+
return client.requestOrThrow("Auth.ListDeviceActivations", input);
|
|
295
320
|
},
|
|
296
|
-
|
|
297
|
-
return client.requestOrThrow("Auth.
|
|
321
|
+
revokeDeviceActivation(input) {
|
|
322
|
+
return client.requestOrThrow("Auth.RevokeDeviceActivation", input);
|
|
298
323
|
},
|
|
299
|
-
|
|
300
|
-
return client.requestOrThrow("Auth.
|
|
324
|
+
getDeviceConnectInfo(input) {
|
|
325
|
+
return client.requestOrThrow("Auth.GetDeviceConnectInfo", input);
|
|
301
326
|
},
|
|
302
327
|
};
|
|
303
328
|
}
|
|
304
|
-
async function
|
|
329
|
+
async function verifyDeviceWaitSignature(input) {
|
|
305
330
|
const publicKey = await (0, keys_ts_1.importEd25519PublicKeyFromBase64url)(input.publicIdentityKey);
|
|
306
|
-
const proofHash = await (0, utils_ts_1.sha256)(
|
|
331
|
+
const proofHash = await (0, utils_ts_1.sha256)(buildDeviceWaitProofInput(input.publicIdentityKey, input.nonce, input.iat));
|
|
307
332
|
return await crypto.subtle.verify("Ed25519", publicKey, (0, utils_ts_1.toArrayBuffer)((0, utils_ts_1.base64urlDecode)(input.sig)), (0, utils_ts_1.toArrayBuffer)(proofHash));
|
|
308
333
|
}
|
package/script/auth/mod.d.ts
CHANGED
|
@@ -7,10 +7,10 @@
|
|
|
7
7
|
* - Proofs are Ed25519 signatures over SHA-256(buildProofInput(...)).
|
|
8
8
|
* - Services load their session key seed from `TRELLIS_SESSION_KEY_SEED`.
|
|
9
9
|
*/
|
|
10
|
-
export {
|
|
10
|
+
export { type AuthActivateDeviceInput, type AuthActivateDeviceOutput, type AuthGetDeviceActivationStatusInput, type AuthGetDeviceActivationStatusOutput, type AuthListDeviceActivationsInput, type AuthListDeviceActivationsOutput, type AuthRevokeDeviceActivationInput, type AuthRevokeDeviceActivationResponse, buildDeviceActivationPayload, buildDeviceActivationUrl, buildDeviceWaitProofInput, createDeviceActivationClient, createDeviceNatsAuthToken, deriveDeviceConfirmationCode, deriveDeviceIdentity, deriveDeviceQrMac, encodeDeviceActivationPayload, getDeviceConnectInfo, type GetDeviceConnectInfoInput, type GetDeviceConnectInfoOutput, parseDeviceActivationPayload, signDeviceWaitRequest, verifyDeviceConfirmationCode, verifyDeviceWaitSignature, waitForDeviceActivation, type DeviceActivationPayload, type DeviceActivationWaitRequest, type WaitForDeviceActivationResponse, type DeviceActivationTransport, type DeviceIdentity, } from "./device_activation.ts";
|
|
11
11
|
export { type AuthConfig, bindFlow, bindSession, buildLoginUrl, clearSessionKey, createRpcProof, fetchPortalFlowState, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, isBindSuccessResponse, loadSessionKey, natsConnectSigForBindingToken, portalFlowIdFromUrl, portalProviderLoginUrl, portalRedirectLocation, type SessionKeyHandle, signBytes, submitPortalApproval, } from "./browser.ts";
|
|
12
12
|
export { buildProofInput, createProof, type ProofParams, verifyProof, } from "./proof.ts";
|
|
13
|
-
export { ApprovalRecordViewSchema,
|
|
13
|
+
export { ApprovalRecordViewSchema, AuthActivateDeviceResponseSchema, AuthActivateDeviceSchema, AuthClearDevicePortalSelectionResponseSchema, AuthClearDevicePortalSelectionSchema, AuthClearLoginPortalSelectionResponseSchema, AuthClearLoginPortalSelectionSchema, AuthCreateDeviceProfileResponseSchema, AuthCreateDeviceProfileSchema, AuthCreatePortalResponseSchema, AuthCreatePortalSchema, AuthDecideDeviceActivationReviewResponseSchema, AuthDecideDeviceActivationReviewSchema, AuthDeviceActivationReviewRequestedEventSchema, AuthDisableDeviceInstanceResponseSchema, AuthDisableDeviceInstanceSchema, AuthDisableInstanceGrantPolicyResponseSchema, AuthDisableInstanceGrantPolicySchema, AuthDisableDeviceProfileResponseSchema, AuthDisableDeviceProfileSchema, AuthDisablePortalResponseSchema, AuthDisablePortalSchema, type AuthenticatedDevice, AuthenticatedDeviceSchema, type AuthenticatedService, type AuthenticatedUser, AuthGetDeviceActivationStatusResponseSchema, AuthGetDeviceActivationStatusSchema, AuthGetDeviceConnectInfoResponseSchema, AuthGetDeviceConnectInfoSchema, AuthGetDevicePortalDefaultResponseSchema, AuthGetDevicePortalDefaultSchema, AuthGetInstalledContractResponseSchema, AuthGetInstalledContractSchema, AuthGetLoginPortalDefaultResponseSchema, AuthGetLoginPortalDefaultSchema, AuthInstallServiceResponseSchema, AuthInstallServiceSchema, AuthListApprovalsResponseSchema, AuthListApprovalsSchema, AuthListDeviceActivationReviewsResponseSchema, AuthListDeviceActivationReviewsSchema, AuthListDeviceActivationsResponseSchema, AuthListDeviceActivationsSchema, AuthListDeviceInstancesResponseSchema, AuthListDeviceInstancesSchema, AuthListInstanceGrantPoliciesResponseSchema, AuthListInstanceGrantPoliciesSchema, AuthListDevicePortalSelectionsResponseSchema, AuthListDevicePortalSelectionsSchema, AuthListDeviceProfilesResponseSchema, AuthListDeviceProfilesSchema, AuthListInstalledContractsResponseSchema, AuthListInstalledContractsSchema, AuthListLoginPortalSelectionsResponseSchema, AuthListLoginPortalSelectionsSchema, AuthListPortalsResponseSchema, AuthListPortalsSchema, AuthListServicesResponseSchema, AuthListServicesSchema, AuthListUsersResponseSchema, AuthListUsersSchema, type AuthMeResponse, AuthMeResponseSchema, AuthMeSchema, AuthProvisionDeviceInstanceResponseSchema, AuthProvisionDeviceInstanceSchema, AuthRevokeApprovalResponseSchema, AuthRevokeApprovalSchema, AuthRevokeDeviceActivationResponseSchema, AuthRevokeDeviceActivationSchema, AuthSetDevicePortalDefaultResponseSchema, AuthSetDevicePortalDefaultSchema, AuthSetDevicePortalSelectionResponseSchema, AuthSetDevicePortalSelectionSchema, AuthUpsertInstanceGrantPolicyResponseSchema, AuthUpsertInstanceGrantPolicySchema, AuthSetLoginPortalDefaultResponseSchema, AuthSetLoginPortalDefaultSchema, AuthSetLoginPortalSelectionResponseSchema, AuthSetLoginPortalSelectionSchema, AuthUpdateUserResponseSchema, AuthUpdateUserSchema, AuthUpgradeServiceContractResponseSchema, AuthUpgradeServiceContractSchema, AuthValidateRequestResponseSchema, AuthValidateRequestSchema, CallerViewSchema, ContractAnalysisSchema, ContractAnalysisSummarySchema, type DeviceActivationRecord, DeviceActivationRecordSchema, DeviceActivationReviewSchema, DeviceConnectInfoSchema, type DevicePortalDefault, DevicePortalDefaultSchema, type DevicePortalSelection, DevicePortalSelectionSchema, DeviceProfileSchema, DeviceSchema, DigestSchema, InstalledContractDetailSchema, InstalledContractSchema, type InstanceGrantPolicy, InstanceGrantPolicySchema, LoginPortalDefaultSchema, LoginPortalSelectionSchema, OpenObjectSchema, type PortalFlowApp, type PortalFlowApproval, type PortalFlowApprovalDeniedState, type PortalFlowApprovalRequiredState, type PortalFlowChooseProviderState, type PortalFlowExpiredState, type PortalFlowInsufficientCapabilitiesState, type PortalFlowProvider, type PortalFlowRedirectState, type PortalFlowState, PortalFlowStateSchema, type PortalFlowUser, PortalSchema, ServiceViewSchema, UserViewSchema, WaitForDeviceActivationResponseSchema, } from "./protocol.ts";
|
|
14
14
|
export { type ApprovalDecision, ApprovalDecisionSchema, type BindRequest, BindRequestSchema, type BindResponse, BindResponseSchema, type BindSuccessResponse, BindSuccessResponseSchema, type ContractApproval, ContractApprovalSchema, type LoginQuery, LoginQuerySchema, type NatsAuthTokenV1, NatsAuthTokenV1Schema, type SentinelCreds, SentinelCredsSchema, } from "./schemas.ts";
|
|
15
15
|
export { createAuth, type NatsConnectOptions, type TrellisAuth, } from "./session_auth.ts";
|
|
16
16
|
export { trellisIdFromOriginId } from "./trellis_id.ts";
|
package/script/auth/mod.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../../../auth/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,
|
|
1
|
+
{"version":3,"file":"mod.d.ts","sourceRoot":"","sources":["../../../../auth/mod.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,kCAAkC,EACvC,KAAK,mCAAmC,EACxC,KAAK,8BAA8B,EACnC,KAAK,+BAA+B,EACpC,KAAK,+BAA+B,EACpC,KAAK,kCAAkC,EACvC,4BAA4B,EAC5B,wBAAwB,EACxB,yBAAyB,EACzB,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,oBAAoB,EACpB,iBAAiB,EACjB,6BAA6B,EAC7B,oBAAoB,EACpB,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,4BAA4B,EAC5B,qBAAqB,EACrB,4BAA4B,EAC5B,yBAAyB,EACzB,uBAAuB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,EACpC,KAAK,yBAAyB,EAC9B,KAAK,cAAc,GACpB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,KAAK,UAAU,EACf,QAAQ,EACR,WAAW,EACX,aAAa,EACb,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,qBAAqB,EACrB,cAAc,EACd,6BAA6B,EAC7B,mBAAmB,EACnB,sBAAsB,EACtB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,SAAS,EACT,oBAAoB,GACrB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,eAAe,EACf,WAAW,EACX,KAAK,WAAW,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,wBAAwB,EACxB,gCAAgC,EAChC,wBAAwB,EACxB,4CAA4C,EAC5C,oCAAoC,EACpC,2CAA2C,EAC3C,mCAAmC,EACnC,qCAAqC,EACrC,6BAA6B,EAC7B,8BAA8B,EAC9B,sBAAsB,EACtB,8CAA8C,EAC9C,sCAAsC,EACtC,8CAA8C,EAC9C,uCAAuC,EACvC,+BAA+B,EAC/B,4CAA4C,EAC5C,oCAAoC,EACpC,sCAAsC,EACtC,8BAA8B,EAC9B,+BAA+B,EAC/B,uBAAuB,EACvB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACtB,2CAA2C,EAC3C,mCAAmC,EACnC,sCAAsC,EACtC,8BAA8B,EAC9B,wCAAwC,EACxC,gCAAgC,EAChC,sCAAsC,EACtC,8BAA8B,EAC9B,uCAAuC,EACvC,+BAA+B,EAC/B,gCAAgC,EAChC,wBAAwB,EACxB,+BAA+B,EAC/B,uBAAuB,EACvB,6CAA6C,EAC7C,qCAAqC,EACrC,uCAAuC,EACvC,+BAA+B,EAC/B,qCAAqC,EACrC,6BAA6B,EAC7B,2CAA2C,EAC3C,mCAAmC,EACnC,4CAA4C,EAC5C,oCAAoC,EACpC,oCAAoC,EACpC,4BAA4B,EAC5B,wCAAwC,EACxC,gCAAgC,EAChC,2CAA2C,EAC3C,mCAAmC,EACnC,6BAA6B,EAC7B,qBAAqB,EACrB,8BAA8B,EAC9B,sBAAsB,EACtB,2BAA2B,EAC3B,mBAAmB,EACnB,KAAK,cAAc,EACnB,oBAAoB,EACpB,YAAY,EACZ,yCAAyC,EACzC,iCAAiC,EACjC,gCAAgC,EAChC,wBAAwB,EACxB,wCAAwC,EACxC,gCAAgC,EAChC,wCAAwC,EACxC,gCAAgC,EAChC,0CAA0C,EAC1C,kCAAkC,EAClC,2CAA2C,EAC3C,mCAAmC,EACnC,uCAAuC,EACvC,+BAA+B,EAC/B,yCAAyC,EACzC,iCAAiC,EACjC,4BAA4B,EAC5B,oBAAoB,EACpB,wCAAwC,EACxC,gCAAgC,EAChC,iCAAiC,EACjC,yBAAyB,EACzB,gBAAgB,EAChB,sBAAsB,EACtB,6BAA6B,EAC7B,KAAK,sBAAsB,EAC3B,4BAA4B,EAC5B,4BAA4B,EAC5B,uBAAuB,EACvB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,qBAAqB,EAC1B,2BAA2B,EAC3B,mBAAmB,EACnB,YAAY,EACZ,YAAY,EACZ,6BAA6B,EAC7B,uBAAuB,EACvB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,0BAA0B,EAC1B,gBAAgB,EAChB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,6BAA6B,EAClC,KAAK,+BAA+B,EACpC,KAAK,6BAA6B,EAClC,KAAK,sBAAsB,EAC3B,KAAK,uCAAuC,EAC5C,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,cAAc,EACnB,YAAY,EACZ,iBAAiB,EACjB,cAAc,EACd,qCAAqC,GACtC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,WAAW,EAChB,iBAAiB,EACjB,KAAK,YAAY,EACjB,kBAAkB,EAClB,KAAK,mBAAmB,EACxB,yBAAyB,EACzB,KAAK,gBAAgB,EACrB,sBAAsB,EACtB,KAAK,UAAU,EACf,gBAAgB,EAChB,KAAK,eAAe,EACpB,qBAAqB,EACrB,KAAK,aAAa,EAClB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,UAAU,EACV,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
|