@rocicorp/zero 1.2.0 → 1.3.0-canary.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (303) hide show
  1. package/out/analyze-query/src/bin-analyze.js +25 -25
  2. package/out/analyze-query/src/bin-analyze.js.map +1 -1
  3. package/out/ast-to-zql/src/ast-to-zql.d.ts.map +1 -1
  4. package/out/ast-to-zql/src/ast-to-zql.js +2 -1
  5. package/out/ast-to-zql/src/ast-to-zql.js.map +1 -1
  6. package/out/replicache/src/btree/node.d.ts.map +1 -1
  7. package/out/replicache/src/btree/node.js +2 -2
  8. package/out/replicache/src/btree/node.js.map +1 -1
  9. package/out/replicache/src/connection-loop.js +3 -3
  10. package/out/replicache/src/connection-loop.js.map +1 -1
  11. package/out/replicache/src/deleted-clients.d.ts +0 -4
  12. package/out/replicache/src/deleted-clients.d.ts.map +1 -1
  13. package/out/replicache/src/deleted-clients.js +1 -1
  14. package/out/replicache/src/deleted-clients.js.map +1 -1
  15. package/out/replicache/src/hash.d.ts.map +1 -1
  16. package/out/replicache/src/hash.js.map +1 -1
  17. package/out/replicache/src/process-scheduler.d.ts.map +1 -1
  18. package/out/replicache/src/process-scheduler.js.map +1 -1
  19. package/out/replicache/src/request-idle.js +1 -1
  20. package/out/replicache/src/request-idle.js.map +1 -1
  21. package/out/replicache/src/sync/patch.d.ts +1 -1
  22. package/out/replicache/src/sync/patch.d.ts.map +1 -1
  23. package/out/replicache/src/sync/patch.js +1 -1
  24. package/out/replicache/src/sync/patch.js.map +1 -1
  25. package/out/shared/src/arrays.d.ts.map +1 -1
  26. package/out/shared/src/arrays.js +1 -2
  27. package/out/shared/src/arrays.js.map +1 -1
  28. package/out/shared/src/bigint-json.js +1 -1
  29. package/out/shared/src/bigint-json.js.map +1 -1
  30. package/out/shared/src/btree-set.js +1 -1
  31. package/out/shared/src/btree-set.js.map +1 -1
  32. package/out/shared/src/iterables.d.ts +7 -0
  33. package/out/shared/src/iterables.d.ts.map +1 -1
  34. package/out/shared/src/iterables.js +10 -1
  35. package/out/shared/src/iterables.js.map +1 -1
  36. package/out/shared/src/logging.d.ts.map +1 -1
  37. package/out/shared/src/logging.js +10 -9
  38. package/out/shared/src/logging.js.map +1 -1
  39. package/out/shared/src/options.js +1 -1
  40. package/out/shared/src/options.js.map +1 -1
  41. package/out/shared/src/sorted-entries.d.ts +2 -0
  42. package/out/shared/src/sorted-entries.d.ts.map +1 -0
  43. package/out/shared/src/sorted-entries.js +9 -0
  44. package/out/shared/src/sorted-entries.js.map +1 -0
  45. package/out/shared/src/tdigest-schema.d.ts.map +1 -1
  46. package/out/shared/src/tdigest-schema.js.map +1 -1
  47. package/out/shared/src/tdigest.d.ts.map +1 -1
  48. package/out/shared/src/tdigest.js +7 -7
  49. package/out/shared/src/tdigest.js.map +1 -1
  50. package/out/shared/src/valita.d.ts.map +1 -1
  51. package/out/shared/src/valita.js +1 -1
  52. package/out/shared/src/valita.js.map +1 -1
  53. package/out/z2s/src/sql.d.ts +2 -2
  54. package/out/z2s/src/sql.d.ts.map +1 -1
  55. package/out/z2s/src/sql.js +3 -3
  56. package/out/z2s/src/sql.js.map +1 -1
  57. package/out/zero/package.js +6 -7
  58. package/out/zero/package.js.map +1 -1
  59. package/out/zero/src/pg.js +1 -1
  60. package/out/zero/src/server.js +1 -1
  61. package/out/zero-cache/src/auth/auth.d.ts +8 -26
  62. package/out/zero-cache/src/auth/auth.d.ts.map +1 -1
  63. package/out/zero-cache/src/auth/auth.js +57 -82
  64. package/out/zero-cache/src/auth/auth.js.map +1 -1
  65. package/out/zero-cache/src/auth/jwt.d.ts +3 -3
  66. package/out/zero-cache/src/auth/jwt.d.ts.map +1 -1
  67. package/out/zero-cache/src/auth/jwt.js.map +1 -1
  68. package/out/zero-cache/src/auth/load-permissions.js +1 -1
  69. package/out/zero-cache/src/auth/load-permissions.js.map +1 -1
  70. package/out/zero-cache/src/config/zero-config.d.ts +38 -2
  71. package/out/zero-cache/src/config/zero-config.d.ts.map +1 -1
  72. package/out/zero-cache/src/config/zero-config.js +56 -1
  73. package/out/zero-cache/src/config/zero-config.js.map +1 -1
  74. package/out/zero-cache/src/custom/fetch.d.ts +2 -9
  75. package/out/zero-cache/src/custom/fetch.d.ts.map +1 -1
  76. package/out/zero-cache/src/custom/fetch.js +10 -4
  77. package/out/zero-cache/src/custom/fetch.js.map +1 -1
  78. package/out/zero-cache/src/custom-queries/transform-query.d.ts +20 -9
  79. package/out/zero-cache/src/custom-queries/transform-query.d.ts.map +1 -1
  80. package/out/zero-cache/src/custom-queries/transform-query.js +74 -37
  81. package/out/zero-cache/src/custom-queries/transform-query.js.map +1 -1
  82. package/out/zero-cache/src/db/migration-lite.d.ts.map +1 -1
  83. package/out/zero-cache/src/db/migration-lite.js +1 -1
  84. package/out/zero-cache/src/db/migration-lite.js.map +1 -1
  85. package/out/zero-cache/src/db/migration.d.ts.map +1 -1
  86. package/out/zero-cache/src/db/migration.js +1 -1
  87. package/out/zero-cache/src/db/migration.js.map +1 -1
  88. package/out/zero-cache/src/db/pg-copy-binary.d.ts +101 -0
  89. package/out/zero-cache/src/db/pg-copy-binary.d.ts.map +1 -0
  90. package/out/zero-cache/src/db/pg-copy-binary.js +381 -0
  91. package/out/zero-cache/src/db/pg-copy-binary.js.map +1 -0
  92. package/out/zero-cache/src/db/transaction-pool.d.ts.map +1 -1
  93. package/out/zero-cache/src/db/transaction-pool.js +3 -0
  94. package/out/zero-cache/src/db/transaction-pool.js.map +1 -1
  95. package/out/zero-cache/src/db/warmup.d.ts.map +1 -1
  96. package/out/zero-cache/src/db/warmup.js +3 -1
  97. package/out/zero-cache/src/db/warmup.js.map +1 -1
  98. package/out/zero-cache/src/server/anonymous-otel-start.d.ts.map +1 -1
  99. package/out/zero-cache/src/server/anonymous-otel-start.js +2 -1
  100. package/out/zero-cache/src/server/anonymous-otel-start.js.map +1 -1
  101. package/out/zero-cache/src/server/change-streamer.d.ts.map +1 -1
  102. package/out/zero-cache/src/server/change-streamer.js +5 -2
  103. package/out/zero-cache/src/server/change-streamer.js.map +1 -1
  104. package/out/zero-cache/src/server/inspector-delegate.d.ts +2 -2
  105. package/out/zero-cache/src/server/inspector-delegate.d.ts.map +1 -1
  106. package/out/zero-cache/src/server/inspector-delegate.js +4 -4
  107. package/out/zero-cache/src/server/inspector-delegate.js.map +1 -1
  108. package/out/zero-cache/src/server/main.js +1 -1
  109. package/out/zero-cache/src/server/main.js.map +1 -1
  110. package/out/zero-cache/src/server/reaper.d.ts.map +1 -1
  111. package/out/zero-cache/src/server/reaper.js +4 -1
  112. package/out/zero-cache/src/server/reaper.js.map +1 -1
  113. package/out/zero-cache/src/server/runner/run-worker.js +1 -1
  114. package/out/zero-cache/src/server/syncer.d.ts.map +1 -1
  115. package/out/zero-cache/src/server/syncer.js +41 -20
  116. package/out/zero-cache/src/server/syncer.js.map +1 -1
  117. package/out/zero-cache/src/server/worker-urls.d.ts.map +1 -1
  118. package/out/zero-cache/src/server/worker-urls.js +2 -1
  119. package/out/zero-cache/src/server/worker-urls.js.map +1 -1
  120. package/out/zero-cache/src/services/change-source/change-source.d.ts +4 -0
  121. package/out/zero-cache/src/services/change-source/change-source.d.ts.map +1 -1
  122. package/out/zero-cache/src/services/change-source/common/backfill-manager.d.ts.map +1 -1
  123. package/out/zero-cache/src/services/change-source/common/backfill-manager.js +3 -2
  124. package/out/zero-cache/src/services/change-source/common/backfill-manager.js.map +1 -1
  125. package/out/zero-cache/src/services/change-source/custom/change-source.d.ts.map +1 -1
  126. package/out/zero-cache/src/services/change-source/custom/change-source.js +5 -2
  127. package/out/zero-cache/src/services/change-source/custom/change-source.js.map +1 -1
  128. package/out/zero-cache/src/services/change-source/pg/change-source.d.ts.map +1 -1
  129. package/out/zero-cache/src/services/change-source/pg/change-source.js +13 -4
  130. package/out/zero-cache/src/services/change-source/pg/change-source.js.map +1 -1
  131. package/out/zero-cache/src/services/change-source/pg/initial-sync.d.ts +3 -1
  132. package/out/zero-cache/src/services/change-source/pg/initial-sync.d.ts.map +1 -1
  133. package/out/zero-cache/src/services/change-source/pg/initial-sync.js +91 -9
  134. package/out/zero-cache/src/services/change-source/pg/initial-sync.js.map +1 -1
  135. package/out/zero-cache/src/services/change-source/pg/schema/shard.js +2 -2
  136. package/out/zero-cache/src/services/change-source/pg/schema/shard.js.map +1 -1
  137. package/out/zero-cache/src/services/change-streamer/broadcast.js +1 -1
  138. package/out/zero-cache/src/services/change-streamer/broadcast.js.map +1 -1
  139. package/out/zero-cache/src/services/change-streamer/change-streamer-service.js +3 -0
  140. package/out/zero-cache/src/services/change-streamer/change-streamer-service.js.map +1 -1
  141. package/out/zero-cache/src/services/life-cycle.d.ts +5 -4
  142. package/out/zero-cache/src/services/life-cycle.d.ts.map +1 -1
  143. package/out/zero-cache/src/services/life-cycle.js +11 -11
  144. package/out/zero-cache/src/services/life-cycle.js.map +1 -1
  145. package/out/zero-cache/src/services/litestream/commands.d.ts.map +1 -1
  146. package/out/zero-cache/src/services/litestream/commands.js +5 -5
  147. package/out/zero-cache/src/services/litestream/commands.js.map +1 -1
  148. package/out/zero-cache/src/services/mutagen/pusher.d.ts +20 -20
  149. package/out/zero-cache/src/services/mutagen/pusher.d.ts.map +1 -1
  150. package/out/zero-cache/src/services/mutagen/pusher.js +91 -104
  151. package/out/zero-cache/src/services/mutagen/pusher.js.map +1 -1
  152. package/out/zero-cache/src/services/replicator/change-processor.js +1 -1
  153. package/out/zero-cache/src/services/replicator/change-processor.js.map +1 -1
  154. package/out/zero-cache/src/services/replicator/replication-status.js.map +1 -1
  155. package/out/zero-cache/src/services/view-syncer/client-schema.d.ts.map +1 -1
  156. package/out/zero-cache/src/services/view-syncer/client-schema.js +4 -3
  157. package/out/zero-cache/src/services/view-syncer/client-schema.js.map +1 -1
  158. package/out/zero-cache/src/services/view-syncer/connection-context-manager.d.ts +168 -0
  159. package/out/zero-cache/src/services/view-syncer/connection-context-manager.d.ts.map +1 -0
  160. package/out/zero-cache/src/services/view-syncer/connection-context-manager.js +385 -0
  161. package/out/zero-cache/src/services/view-syncer/connection-context-manager.js.map +1 -0
  162. package/out/zero-cache/src/services/view-syncer/cvr-store.js +2 -2
  163. package/out/zero-cache/src/services/view-syncer/cvr-store.js.map +1 -1
  164. package/out/zero-cache/src/services/view-syncer/cvr.d.ts.map +1 -1
  165. package/out/zero-cache/src/services/view-syncer/cvr.js +5 -4
  166. package/out/zero-cache/src/services/view-syncer/cvr.js.map +1 -1
  167. package/out/zero-cache/src/services/view-syncer/inspect-handler.d.ts +2 -3
  168. package/out/zero-cache/src/services/view-syncer/inspect-handler.d.ts.map +1 -1
  169. package/out/zero-cache/src/services/view-syncer/inspect-handler.js +3 -3
  170. package/out/zero-cache/src/services/view-syncer/inspect-handler.js.map +1 -1
  171. package/out/zero-cache/src/services/view-syncer/pipeline-driver.d.ts.map +1 -1
  172. package/out/zero-cache/src/services/view-syncer/pipeline-driver.js +5 -3
  173. package/out/zero-cache/src/services/view-syncer/pipeline-driver.js.map +1 -1
  174. package/out/zero-cache/src/services/view-syncer/row-record-cache.d.ts.map +1 -1
  175. package/out/zero-cache/src/services/view-syncer/row-record-cache.js +13 -7
  176. package/out/zero-cache/src/services/view-syncer/row-record-cache.js.map +1 -1
  177. package/out/zero-cache/src/services/view-syncer/snapshotter.d.ts +3 -1
  178. package/out/zero-cache/src/services/view-syncer/snapshotter.d.ts.map +1 -1
  179. package/out/zero-cache/src/services/view-syncer/snapshotter.js +6 -9
  180. package/out/zero-cache/src/services/view-syncer/snapshotter.js.map +1 -1
  181. package/out/zero-cache/src/services/view-syncer/view-syncer.d.ts +24 -26
  182. package/out/zero-cache/src/services/view-syncer/view-syncer.d.ts.map +1 -1
  183. package/out/zero-cache/src/services/view-syncer/view-syncer.js +236 -124
  184. package/out/zero-cache/src/services/view-syncer/view-syncer.js.map +1 -1
  185. package/out/zero-cache/src/types/lite.d.ts.map +1 -1
  186. package/out/zero-cache/src/types/lite.js +3 -2
  187. package/out/zero-cache/src/types/lite.js.map +1 -1
  188. package/out/zero-cache/src/types/pg-types.js +4 -1
  189. package/out/zero-cache/src/types/pg-types.js.map +1 -1
  190. package/out/zero-cache/src/types/pg-versions.d.ts +3 -0
  191. package/out/zero-cache/src/types/pg-versions.d.ts.map +1 -0
  192. package/out/zero-cache/src/types/pg-versions.js +7 -0
  193. package/out/zero-cache/src/types/pg-versions.js.map +1 -0
  194. package/out/zero-cache/src/types/pg.d.ts.map +1 -1
  195. package/out/zero-cache/src/types/pg.js +6 -1
  196. package/out/zero-cache/src/types/pg.js.map +1 -1
  197. package/out/zero-cache/src/types/subscription.d.ts.map +1 -1
  198. package/out/zero-cache/src/types/subscription.js +2 -2
  199. package/out/zero-cache/src/types/subscription.js.map +1 -1
  200. package/out/zero-cache/src/workers/connect-params.d.ts +1 -1
  201. package/out/zero-cache/src/workers/connect-params.d.ts.map +1 -1
  202. package/out/zero-cache/src/workers/connect-params.js +1 -1
  203. package/out/zero-cache/src/workers/connect-params.js.map +1 -1
  204. package/out/zero-cache/src/workers/connection.js +2 -2
  205. package/out/zero-cache/src/workers/syncer-ws-message-handler.d.ts +2 -1
  206. package/out/zero-cache/src/workers/syncer-ws-message-handler.d.ts.map +1 -1
  207. package/out/zero-cache/src/workers/syncer-ws-message-handler.js +64 -38
  208. package/out/zero-cache/src/workers/syncer-ws-message-handler.js.map +1 -1
  209. package/out/zero-cache/src/workers/syncer.d.ts +2 -1
  210. package/out/zero-cache/src/workers/syncer.d.ts.map +1 -1
  211. package/out/zero-cache/src/workers/syncer.js +70 -31
  212. package/out/zero-cache/src/workers/syncer.js.map +1 -1
  213. package/out/zero-client/src/client/connection.d.ts +4 -4
  214. package/out/zero-client/src/client/connection.d.ts.map +1 -1
  215. package/out/zero-client/src/client/connection.js.map +1 -1
  216. package/out/zero-client/src/client/http-string.d.ts.map +1 -1
  217. package/out/zero-client/src/client/http-string.js.map +1 -1
  218. package/out/zero-client/src/client/metrics.d.ts.map +1 -1
  219. package/out/zero-client/src/client/metrics.js +2 -1
  220. package/out/zero-client/src/client/metrics.js.map +1 -1
  221. package/out/zero-client/src/client/options.d.ts +30 -5
  222. package/out/zero-client/src/client/options.d.ts.map +1 -1
  223. package/out/zero-client/src/client/options.js.map +1 -1
  224. package/out/zero-client/src/client/server-option.js +1 -1
  225. package/out/zero-client/src/client/server-option.js.map +1 -1
  226. package/out/zero-client/src/client/version.js +1 -1
  227. package/out/zero-client/src/client/zero-poke-handler.d.ts.map +1 -1
  228. package/out/zero-client/src/client/zero-poke-handler.js +1 -1
  229. package/out/zero-client/src/client/zero-poke-handler.js.map +1 -1
  230. package/out/zero-client/src/client/zero.d.ts +4 -3
  231. package/out/zero-client/src/client/zero.d.ts.map +1 -1
  232. package/out/zero-client/src/client/zero.js +33 -11
  233. package/out/zero-client/src/client/zero.js.map +1 -1
  234. package/out/zero-pg/src/mod.js +1 -1
  235. package/out/zero-protocol/src/ast.d.ts.map +1 -1
  236. package/out/zero-protocol/src/ast.js.map +1 -1
  237. package/out/zero-protocol/src/change-desired-queries.d.ts +4 -0
  238. package/out/zero-protocol/src/change-desired-queries.d.ts.map +1 -1
  239. package/out/zero-protocol/src/change-desired-queries.js +4 -1
  240. package/out/zero-protocol/src/change-desired-queries.js.map +1 -1
  241. package/out/zero-protocol/src/connect.d.ts +4 -0
  242. package/out/zero-protocol/src/connect.d.ts.map +1 -1
  243. package/out/zero-protocol/src/connect.js +2 -1
  244. package/out/zero-protocol/src/connect.js.map +1 -1
  245. package/out/zero-protocol/src/primary-key.d.ts.map +1 -1
  246. package/out/zero-protocol/src/primary-key.js.map +1 -1
  247. package/out/zero-protocol/src/protocol-version.d.ts +1 -1
  248. package/out/zero-protocol/src/protocol-version.d.ts.map +1 -1
  249. package/out/zero-protocol/src/protocol-version.js.map +1 -1
  250. package/out/zero-protocol/src/push.d.ts +4 -0
  251. package/out/zero-protocol/src/push.d.ts.map +1 -1
  252. package/out/zero-protocol/src/push.js +2 -1
  253. package/out/zero-protocol/src/push.js.map +1 -1
  254. package/out/zero-protocol/src/up.d.ts +3 -0
  255. package/out/zero-protocol/src/up.d.ts.map +1 -1
  256. package/out/zero-react/src/zero-provider.d.ts.map +1 -1
  257. package/out/zero-react/src/zero-provider.js +11 -5
  258. package/out/zero-react/src/zero-provider.js.map +1 -1
  259. package/out/zero-schema/src/name-mapper.js +1 -1
  260. package/out/zero-schema/src/name-mapper.js.map +1 -1
  261. package/out/zero-server/src/mod.js +1 -1
  262. package/out/zero-server/src/process-mutations.d.ts.map +1 -1
  263. package/out/zero-server/src/process-mutations.js +2 -1
  264. package/out/zero-server/src/process-mutations.js.map +1 -1
  265. package/out/zero-server/src/push-processor.d.ts +1 -0
  266. package/out/zero-server/src/push-processor.d.ts.map +1 -1
  267. package/out/zero-server/src/push-processor.js +3 -2
  268. package/out/zero-server/src/push-processor.js.map +1 -1
  269. package/out/zero-solid/src/use-zero.d.ts.map +1 -1
  270. package/out/zero-solid/src/use-zero.js +8 -9
  271. package/out/zero-solid/src/use-zero.js.map +1 -1
  272. package/out/zql/src/builder/like.js +2 -1
  273. package/out/zql/src/builder/like.js.map +1 -1
  274. package/out/zql/src/ivm/data.d.ts.map +1 -1
  275. package/out/zql/src/ivm/data.js +6 -15
  276. package/out/zql/src/ivm/data.js.map +1 -1
  277. package/out/zql/src/ivm/memory-source.d.ts.map +1 -1
  278. package/out/zql/src/ivm/memory-source.js +14 -8
  279. package/out/zql/src/ivm/memory-source.js.map +1 -1
  280. package/out/zql/src/query/complete-ordering.js +1 -1
  281. package/out/zql/src/query/complete-ordering.js.map +1 -1
  282. package/out/zql/src/query/query-impl.d.ts.map +1 -1
  283. package/out/zql/src/query/query-impl.js +2 -2
  284. package/out/zql/src/query/query-impl.js.map +1 -1
  285. package/out/zql/src/query/query-registry.d.ts.map +1 -1
  286. package/out/zql/src/query/query-registry.js +2 -1
  287. package/out/zql/src/query/query-registry.js.map +1 -1
  288. package/out/zql/src/query/ttl.js +1 -1
  289. package/out/zql/src/query/ttl.js.map +1 -1
  290. package/out/zqlite/src/internal/sql.d.ts +2 -2
  291. package/out/zqlite/src/internal/sql.d.ts.map +1 -1
  292. package/out/zqlite/src/internal/sql.js +1 -2
  293. package/out/zqlite/src/internal/sql.js.map +1 -1
  294. package/out/zqlite/src/sqlite-cost-model.d.ts +1 -1
  295. package/out/zqlite/src/sqlite-cost-model.d.ts.map +1 -1
  296. package/out/zqlite/src/sqlite-cost-model.js +1 -1
  297. package/out/zqlite/src/sqlite-cost-model.js.map +1 -1
  298. package/out/zqlite/src/sqlite-stat-fanout.js +1 -1
  299. package/out/zqlite/src/sqlite-stat-fanout.js.map +1 -1
  300. package/out/zqlite/src/table-source.d.ts.map +1 -1
  301. package/out/zqlite/src/table-source.js +8 -12
  302. package/out/zqlite/src/table-source.js.map +1 -1
  303. package/package.json +6 -7
package/out/zero/package.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"package.js","names":[],"sources":["../../package.json"],"sourcesContent":["{\n \"name\": \"@rocicorp/zero\",\n \"version\": \"1.2.0\",\n \"description\": \"Zero is a web framework for serverless web development.\",\n \"author\": \"Rocicorp, Inc.\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/rocicorp/mono.git\",\n \"directory\": \"packages/zero\"\n },\n \"license\": \"Apache-2.0\",\n \"homepage\": \"https://zero.rocicorp.dev\",\n \"bugs\": {\n \"url\": \"https://bugs.rocicorp.dev\"\n },\n \"scripts\": {\n \"build\": \"node --experimental-strip-types --no-warnings tool/build.ts\",\n \"build:watch\": \"node --experimental-strip-types --no-warnings tool/build.ts --watch\",\n \"check-types\": \"tsc -p tsconfig.client.json && tsc -p tsconfig.server.json\",\n \"check-types:client:watch\": \"tsc -p tsconfig.client.json --watch\",\n \"check-types:server:watch\": \"tsc -p tsconfig.server.json --watch\",\n \"format\": \"oxfmt .\",\n \"check-format\": \"oxfmt --check .\",\n \"lint\": \"oxlint --type-aware src/\",\n \"docs\": \"node --experimental-strip-types --no-warnings tool/generate-docs.ts\",\n \"docs:server\": \"node --watch --experimental-strip-types --no-warnings tool/generate-docs.ts --server\"\n },\n \"dependencies\": {\n \"@badrap/valita\": \"0.3.11\",\n \"@databases/escape-identifier\": \"^1.0.3\",\n \"@databases/sql\": \"^3.3.0\",\n \"@dotenvx/dotenvx\": \"^1.39.0\",\n \"@drdgvhbh/postgres-error-codes\": \"^0.0.6\",\n \"@fastify/cors\": \"^10.0.0\",\n \"@fastify/websocket\": \"^11.0.0\",\n \"@google-cloud/precise-date\": \"^4.0.0\",\n \"@opentelemetry/api\": \"^1.9.0\",\n \"@opentelemetry/api-logs\": \"^0.203.0\",\n \"@opentelemetry/auto-instrumentations-node\": \"^0.62.0\",\n \"@opentelemetry/exporter-metrics-otlp-http\": \"^0.203.0\",\n \"@opentelemetry/resources\": \"^2.0.1\",\n \"@opentelemetry/sdk-metrics\": \"^2.0.1\",\n \"@opentelemetry/sdk-node\": \"^0.203.0\",\n \"@opentelemetry/sdk-trace-node\": \"^2.0.1\",\n \"@postgresql-typed/oids\": \"^0.2.0\",\n \"@rocicorp/lock\": \"^1.0.4\",\n \"@rocicorp/logger\": \"^5.4.0\",\n \"@rocicorp/resolver\": \"^1.0.2\",\n \"@rocicorp/zero-sqlite3\": \"^1.0.15\",\n \"@standard-schema/spec\": \"^1.0.0\",\n \"@types/basic-auth\": \"^1.1.8\",\n \"@types/ws\": \"^8.5.12\",\n \"basic-auth\": \"^2.0.1\",\n \"chalk\": \"^5.3.0\",\n \"chalk-template\": \"^1.1.0\",\n \"chokidar\": \"^4.0.1\",\n \"cloudevents\": \"^10.0.0\",\n \"command-line-args\": \"^6.0.1\",\n \"command-line-usage\": \"^7.0.3\",\n \"compare-utf8\": \"^0.2.0\",\n \"defu\": \"^6.1.4\",\n \"eventemitter3\": \"^5.0.1\",\n \"fastify\": \"^5.0.0\",\n \"is-in-subnet\": \"^4.0.1\",\n \"jose\": \"^5.9.3\",\n \"js-xxhash\": \"^4.0.0\",\n \"json-custom-numbers\": \"^3.1.1\",\n \"kasi\": \"^1.1.0\",\n \"nanoid\": \"^5.1.2\",\n \"oxfmt\": \"^0.43.0\",\n \"parse-prometheus-text-format\": \"^1.1.1\",\n \"pg-format\": \"npm:pg-format-fix@^1.0.5\",\n \"postgres\": \"3.4.7\",\n \"semver\": \"^7.5.4\",\n \"tsx\": \"^4.21.0\",\n \"url-pattern\": \"^1.0.3\",\n \"urlpattern-polyfill\": \"^10.1.0\",\n \"ws\": \"^8.18.1\"\n },\n \"devDependencies\": {\n \"@op-engineering/op-sqlite\": \">=15\",\n \"@vitest/runner\": \"4.1.2\",\n \"analyze-query\": \"0.0.0\",\n \"ast-to-zql\": \"0.0.0\",\n \"expo-sqlite\": \">=15\",\n \"replicache\": \"15.2.1\",\n \"shared\": \"0.0.0\",\n \"syncpack\": \"^14.2.1\",\n \"typedoc\": \"^0.28.17\",\n \"typedoc-plugin-markdown\": \"^4.10.0\",\n \"typescript\": \"~5.9.3\",\n \"vite\": \"8.0.3\",\n \"vitest\": \"4.1.2\",\n \"zero-cache\": \"0.0.0\",\n \"zero-client\": \"0.0.0\",\n \"zero-pg\": \"0.0.0\",\n \"zero-protocol\": \"0.0.0\",\n \"zero-react\": \"0.0.0\",\n \"zero-server\": \"0.0.0\",\n \"zero-solid\": \"0.0.0\",\n \"zqlite\": \"0.0.0\"\n },\n \"peerDependencies\": {\n \"@op-engineering/op-sqlite\": \">=15\",\n \"expo-sqlite\": \">=15\"\n },\n \"peerDependenciesMeta\": {\n \"expo-sqlite\": {\n \"optional\": true\n },\n \"@op-engineering/op-sqlite\": {\n \"optional\": true\n }\n },\n \"type\": \"module\",\n \"main\": \"out/zero/src/zero.js\",\n \"module\": \"out/zero/src/zero.js\",\n \"types\": \"out/zero/src/zero.d.ts\",\n \"exports\": {\n \".\": {\n \"types\": \"./out/zero/src/zero.d.ts\",\n \"default\": \"./out/zero/src/zero.js\"\n },\n \"./bindings\": {\n \"types\": \"./out/zero/src/bindings.d.ts\",\n \"default\": \"./out/zero/src/bindings.js\"\n },\n \"./change-protocol/v0\": {\n \"types\": \"./out/zero/src/change-protocol/v0.d.ts\",\n \"default\": \"./out/zero/src/change-protocol/v0.js\"\n },\n \"./expo-sqlite\": {\n \"types\": \"./out/zero/src/expo-sqlite.d.ts\",\n \"default\": \"./out/zero/src/expo-sqlite.js\"\n },\n \"./op-sqlite\": {\n \"types\": \"./out/zero/src/op-sqlite.d.ts\",\n \"default\": \"./out/zero/src/op-sqlite.js\"\n },\n \"./pg\": {\n \"types\": \"./out/zero/src/pg.d.ts\",\n \"default\": \"./out/zero/src/pg.js\"\n },\n \"./react\": {\n \"types\": \"./out/zero/src/react.d.ts\",\n \"default\": \"./out/zero/src/react.js\"\n },\n \"./react-native\": {\n \"types\": \"./out/zero/src/react-native.d.ts\",\n \"default\": \"./out/zero/src/react-native.js\"\n },\n \"./server\": {\n \"types\": \"./out/zero/src/server.d.ts\",\n \"default\": \"./out/zero/src/server.js\"\n },\n \"./server/adapters/drizzle\": {\n \"types\": \"./out/zero/src/adapters/drizzle.d.ts\",\n \"default\": \"./out/zero/src/adapters/drizzle.js\"\n },\n \"./server/adapters/prisma\": {\n \"types\": \"./out/zero/src/adapters/prisma.d.ts\",\n \"default\": \"./out/zero/src/adapters/prisma.js\"\n },\n \"./server/adapters/pg\": {\n \"types\": \"./out/zero/src/adapters/pg.d.ts\",\n \"default\": \"./out/zero/src/adapters/pg.js\"\n },\n \"./server/adapters/postgresjs\": {\n \"types\": \"./out/zero/src/adapters/postgresjs.d.ts\",\n \"default\": \"./out/zero/src/adapters/postgresjs.js\"\n },\n \"./solid\": {\n \"types\": \"./out/zero/src/solid.d.ts\",\n \"default\": \"./out/zero/src/solid.js\"\n },\n \"./sqlite\": {\n \"types\": \"./out/zero/src/sqlite.d.ts\",\n \"default\": \"./out/zero/src/sqlite.js\"\n },\n \"./zqlite\": {\n \"types\": \"./out/zero/src/zqlite.d.ts\",\n \"default\": \"./out/zero/src/zqlite.js\"\n }\n },\n \"bin\": {\n \"zero-build-schema\": \"./out/zero/src/build-schema.js\",\n \"zero-cache\": \"./out/zero/src/cli.js\",\n \"zero-cache-dev\": \"./out/zero/src/zero-cache-dev.js\",\n \"zero-deploy-permissions\": \"./out/zero/src/deploy-permissions.js\",\n \"zero-out\": \"./out/zero/src/zero-out.js\",\n \"ast-to-zql\": \"./out/zero/src/ast-to-zql.js\",\n \"analyze-query\": \"./out/zero/src/analyze-query.js\",\n \"transform-query\": \"./out/zero/src/transform-query.js\"\n },\n \"engines\": {\n \"node\": \">=22\"\n },\n \"files\": [\n \"out\",\n \"!*.tsbuildinfo\"\n ]\n}"],"mappings":""}
1
+ {"version":3,"file":"package.js","names":[],"sources":["../../package.json"],"sourcesContent":["{\n \"name\": \"@rocicorp/zero\",\n \"version\": \"1.3.0-canary.1\",\n \"description\": \"Zero is a web framework for serverless web development.\",\n \"author\": \"Rocicorp, Inc.\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/rocicorp/mono.git\",\n \"directory\": \"packages/zero\"\n },\n \"license\": \"Apache-2.0\",\n \"homepage\": \"https://zero.rocicorp.dev\",\n \"bugs\": {\n \"url\": \"https://bugs.rocicorp.dev\"\n },\n \"scripts\": {\n \"build\": \"node --experimental-strip-types --no-warnings tool/build.ts\",\n \"build:watch\": \"node --experimental-strip-types --no-warnings tool/build.ts --watch\",\n \"check-types\": \"tsc -p tsconfig.client.json && tsc -p tsconfig.server.json\",\n \"check-types:client:watch\": \"tsc -p tsconfig.client.json --watch\",\n \"check-types:server:watch\": \"tsc -p tsconfig.server.json --watch\",\n \"format\": \"oxfmt .\",\n \"check-format\": \"oxfmt --check .\",\n \"lint\": \"oxlint --type-aware src/\",\n \"docs\": \"node --experimental-strip-types --no-warnings tool/generate-docs.ts\",\n \"docs:server\": \"node --watch --experimental-strip-types --no-warnings tool/generate-docs.ts --server\"\n },\n \"dependencies\": {\n \"@badrap/valita\": \"0.3.11\",\n \"@databases/escape-identifier\": \"^1.0.3\",\n \"@databases/sql\": \"^3.3.0\",\n \"@dotenvx/dotenvx\": \"^1.39.0\",\n \"@drdgvhbh/postgres-error-codes\": \"^0.0.6\",\n \"@fastify/cors\": \"^10.0.0\",\n \"@fastify/websocket\": \"^11.0.0\",\n \"@google-cloud/precise-date\": \"^4.0.0\",\n \"@opentelemetry/api\": \"^1.9.0\",\n \"@opentelemetry/api-logs\": \"^0.203.0\",\n \"@opentelemetry/auto-instrumentations-node\": \"^0.62.0\",\n \"@opentelemetry/exporter-metrics-otlp-http\": \"^0.203.0\",\n \"@opentelemetry/resources\": \"^2.0.1\",\n \"@opentelemetry/sdk-metrics\": \"^2.0.1\",\n \"@opentelemetry/sdk-node\": \"^0.203.0\",\n \"@opentelemetry/sdk-trace-node\": \"^2.0.1\",\n \"@postgresql-typed/oids\": \"^0.2.0\",\n \"@rocicorp/lock\": \"^1.0.4\",\n \"@rocicorp/logger\": \"^5.4.0\",\n \"@rocicorp/resolver\": \"^1.0.2\",\n \"@rocicorp/zero-sqlite3\": \"^1.0.15\",\n \"@standard-schema/spec\": \"^1.0.0\",\n \"@types/basic-auth\": \"^1.1.8\",\n \"@types/ws\": \"^8.5.12\",\n \"basic-auth\": \"^2.0.1\",\n \"chalk-template\": \"^1.1.0\",\n \"chokidar\": \"^4.0.1\",\n \"cloudevents\": \"^10.0.0\",\n \"command-line-args\": \"^6.0.1\",\n \"command-line-usage\": \"^7.0.3\",\n \"compare-utf8\": \"^0.2.0\",\n \"defu\": \"^6.1.4\",\n \"eventemitter3\": \"^5.0.1\",\n \"fastify\": \"^5.0.0\",\n \"is-in-subnet\": \"^4.0.1\",\n \"jose\": \"^5.9.3\",\n \"js-xxhash\": \"^4.0.0\",\n \"json-custom-numbers\": \"^3.1.1\",\n \"kasi\": \"^1.1.0\",\n \"nanoid\": \"^5.1.2\",\n \"oxfmt\": \"^0.44.0\",\n \"parse-prometheus-text-format\": \"^1.1.1\",\n \"pg-format\": \"npm:pg-format-fix@^1.0.5\",\n \"postgres\": \"3.4.7\",\n \"semver\": \"^7.5.4\",\n \"tsx\": \"^4.21.0\",\n \"url-pattern\": \"^1.0.3\",\n \"urlpattern-polyfill\": \"^10.1.0\",\n \"ws\": \"^8.18.1\"\n },\n \"devDependencies\": {\n \"@op-engineering/op-sqlite\": \">=15\",\n \"@vitest/runner\": \"4.1.3\",\n \"analyze-query\": \"0.0.0\",\n \"ast-to-zql\": \"0.0.0\",\n \"expo-sqlite\": \">=15\",\n \"replicache\": \"15.2.1\",\n \"shared\": \"0.0.0\",\n \"syncpack\": \"^14.3.0\",\n \"typedoc\": \"^0.28.17\",\n \"typedoc-plugin-markdown\": \"^4.10.0\",\n \"typescript\": \"~6.0.2\",\n \"vite\": \"8.0.3\",\n \"vitest\": \"4.1.3\",\n \"zero-cache\": \"0.0.0\",\n \"zero-client\": \"0.0.0\",\n \"zero-pg\": \"0.0.0\",\n \"zero-protocol\": \"0.0.0\",\n \"zero-react\": \"0.0.0\",\n \"zero-server\": \"0.0.0\",\n \"zero-solid\": \"0.0.0\",\n \"zqlite\": \"0.0.0\"\n },\n \"peerDependencies\": {\n \"@op-engineering/op-sqlite\": \">=15\",\n \"expo-sqlite\": \">=15\"\n },\n \"peerDependenciesMeta\": {\n \"expo-sqlite\": {\n \"optional\": true\n },\n \"@op-engineering/op-sqlite\": {\n \"optional\": true\n }\n },\n \"type\": \"module\",\n \"main\": \"out/zero/src/zero.js\",\n \"module\": \"out/zero/src/zero.js\",\n \"types\": \"out/zero/src/zero.d.ts\",\n \"exports\": {\n \".\": {\n \"types\": \"./out/zero/src/zero.d.ts\",\n \"default\": \"./out/zero/src/zero.js\"\n },\n \"./bindings\": {\n \"types\": \"./out/zero/src/bindings.d.ts\",\n \"default\": \"./out/zero/src/bindings.js\"\n },\n \"./change-protocol/v0\": {\n \"types\": \"./out/zero/src/change-protocol/v0.d.ts\",\n \"default\": \"./out/zero/src/change-protocol/v0.js\"\n },\n \"./expo-sqlite\": {\n \"types\": \"./out/zero/src/expo-sqlite.d.ts\",\n \"default\": \"./out/zero/src/expo-sqlite.js\"\n },\n \"./op-sqlite\": {\n \"types\": \"./out/zero/src/op-sqlite.d.ts\",\n \"default\": \"./out/zero/src/op-sqlite.js\"\n },\n \"./pg\": {\n \"types\": \"./out/zero/src/pg.d.ts\",\n \"default\": \"./out/zero/src/pg.js\"\n },\n \"./react\": {\n \"types\": \"./out/zero/src/react.d.ts\",\n \"default\": \"./out/zero/src/react.js\"\n },\n \"./react-native\": {\n \"types\": \"./out/zero/src/react-native.d.ts\",\n \"default\": \"./out/zero/src/react-native.js\"\n },\n \"./server\": {\n \"types\": \"./out/zero/src/server.d.ts\",\n \"default\": \"./out/zero/src/server.js\"\n },\n \"./server/adapters/drizzle\": {\n \"types\": \"./out/zero/src/adapters/drizzle.d.ts\",\n \"default\": \"./out/zero/src/adapters/drizzle.js\"\n },\n \"./server/adapters/prisma\": {\n \"types\": \"./out/zero/src/adapters/prisma.d.ts\",\n \"default\": \"./out/zero/src/adapters/prisma.js\"\n },\n \"./server/adapters/pg\": {\n \"types\": \"./out/zero/src/adapters/pg.d.ts\",\n \"default\": \"./out/zero/src/adapters/pg.js\"\n },\n \"./server/adapters/postgresjs\": {\n \"types\": \"./out/zero/src/adapters/postgresjs.d.ts\",\n \"default\": \"./out/zero/src/adapters/postgresjs.js\"\n },\n \"./solid\": {\n \"types\": \"./out/zero/src/solid.d.ts\",\n \"default\": \"./out/zero/src/solid.js\"\n },\n \"./sqlite\": {\n \"types\": \"./out/zero/src/sqlite.d.ts\",\n \"default\": \"./out/zero/src/sqlite.js\"\n },\n \"./zqlite\": {\n \"types\": \"./out/zero/src/zqlite.d.ts\",\n \"default\": \"./out/zero/src/zqlite.js\"\n }\n },\n \"bin\": {\n \"zero-build-schema\": \"./out/zero/src/build-schema.js\",\n \"zero-cache\": \"./out/zero/src/cli.js\",\n \"zero-cache-dev\": \"./out/zero/src/zero-cache-dev.js\",\n \"zero-deploy-permissions\": \"./out/zero/src/deploy-permissions.js\",\n \"zero-out\": \"./out/zero/src/zero-out.js\",\n \"ast-to-zql\": \"./out/zero/src/ast-to-zql.js\",\n \"analyze-query\": \"./out/zero/src/analyze-query.js\",\n \"transform-query\": \"./out/zero/src/transform-query.js\"\n },\n \"engines\": {\n \"node\": \">=22\"\n },\n \"files\": [\n \"out\",\n \"!*.tsbuildinfo\"\n ]\n}"],"mappings":""}
package/out/zero/src/pg.js CHANGED
@@ -1,8 +1,8 @@
1
1
  import { ApplicationError, isApplicationError } from "../../zero-protocol/src/application-error.js";
2
2
  import { CRUDMutatorFactory, makeSchemaCRUD } from "../../zero-server/src/custom.js";
3
3
  import { executePostgresQuery } from "../../zero-server/src/pg-query-executor.js";
4
- import { OutOfOrderMutation, getMutation, handleMutateRequest, handleMutationRequest } from "../../zero-server/src/process-mutations.js";
5
4
  import { PushProcessor } from "../../zero-server/src/push-processor.js";
5
+ import { OutOfOrderMutation, getMutation, handleMutateRequest, handleMutationRequest } from "../../zero-server/src/process-mutations.js";
6
6
  import { handleGetQueriesRequest, handleQueryRequest, handleTransformRequest } from "../../zero-server/src/queries/process-queries.js";
7
7
  import { ZQLDatabase } from "../../zero-server/src/zql-database.js";
8
8
  import { PostgresJSConnection, PostgresJsTransactionInternal, zeroPostgresJS } from "../../zero-server/src/adapters/postgresjs.js";
package/out/zero/src/server.js CHANGED
@@ -1,8 +1,8 @@
1
1
  import { ApplicationError, isApplicationError } from "../../zero-protocol/src/application-error.js";
2
2
  import { CRUDMutatorFactory, makeSchemaCRUD } from "../../zero-server/src/custom.js";
3
3
  import { executePostgresQuery } from "../../zero-server/src/pg-query-executor.js";
4
- import { OutOfOrderMutation, getMutation, handleMutateRequest, handleMutationRequest } from "../../zero-server/src/process-mutations.js";
5
4
  import { PushProcessor } from "../../zero-server/src/push-processor.js";
5
+ import { OutOfOrderMutation, getMutation, handleMutateRequest, handleMutationRequest } from "../../zero-server/src/process-mutations.js";
6
6
  import { handleGetQueriesRequest, handleQueryRequest, handleTransformRequest } from "../../zero-server/src/queries/process-queries.js";
7
7
  import { ZQLDatabase } from "../../zero-server/src/zql-database.js";
8
8
  import "../../zero-server/src/mod.js";
package/out/zero-cache/src/auth/auth.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import type { LogContext } from '@rocicorp/logger';
2
2
  import type { JWTPayload } from 'jose';
3
3
  import { type ErrorBody } from '../../../zero-protocol/src/error.ts';
4
+ import type { PushError } from '../../../zero-protocol/src/push.ts';
4
5
  /** @deprecated JWT auth is deprecated */
5
6
  export type JWTAuth = {
6
7
  readonly type: 'jwt';
@@ -12,34 +13,15 @@ export type OpaqueAuth = {
12
13
  readonly raw: string;
13
14
  };
14
15
  export type Auth = OpaqueAuth | JWTAuth;
15
- export interface AuthSession {
16
- /** Update the auth session with a new userID and token from the client */
17
- update(userID: string, wireAuth: string | undefined): Promise<AuthUpdateResult>;
18
- /** The revision of the auth state */
19
- get revision(): number;
20
- /** The auth state for the session */
21
- get auth(): Auth | undefined;
22
- /** Clear the auth session, removing any stored auth and allowing a new userID to be bound on the next update. */
23
- clear(): void;
24
- }
25
- export type AuthUpdateResult = {
26
- readonly ok: true;
27
- } | {
28
- readonly ok: false;
29
- readonly error: ErrorBody;
30
- };
31
16
  export type ValidateLegacyJWT = (token: string, ctx: {
32
- readonly userID: string;
17
+ readonly userID: string | undefined;
33
18
  }) => Promise<JWTAuth>;
34
- export declare class AuthSessionImpl implements AuthSession {
35
- #private;
36
- readonly id: string;
37
- constructor(lc: LogContext, clientGroupID: string, validateLegacyJWT: ValidateLegacyJWT | undefined);
38
- get auth(): Auth | undefined;
39
- get revision(): number;
40
- clear(): void;
41
- update(userID: string, wireAuth: string | undefined): Promise<AuthUpdateResult>;
42
- }
19
+ export declare function authEquals(a: Auth | undefined, b: Auth | undefined): boolean;
20
+ /**
21
+ * Resolves one auth snapshot transition without binding it to a client group.
22
+ */
23
+ export declare function resolveAuth(lc: LogContext, previousAuth: Auth | undefined, userID: string | undefined, wireAuth: string | undefined, validateLegacyJWT: ValidateLegacyJWT | undefined): Promise<Auth | undefined>;
43
24
  /** @deprecated used only in old JWT validation/rotation auth */
44
25
  export declare function pickToken(lc: LogContext, previousToken: Auth | undefined, newToken: Auth | undefined | null): Auth | undefined;
26
+ export declare function isAuthErrorBody(ex: unknown): ex is ErrorBody | PushError;
45
27
  //# sourceMappingURL=auth.d.ts.map
package/out/zero-cache/src/auth/auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,MAAM,CAAC;AAGrC,OAAO,EAGL,KAAK,SAAS,EACf,MAAM,qCAAqC,CAAC;AAE7C,yCAAyC;AACzC,MAAM,MAAM,OAAO,GAAG;IACpB,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,IAAI,GAAG,UAAU,GAAG,OAAO,CAAC;AAExC,MAAM,WAAW,WAAW;IAC1B,0EAA0E;IAC1E,MAAM,CACJ,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GAAG,SAAS,GAC3B,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAE7B,qCAAqC;IACrC,IAAI,QAAQ,IAAI,MAAM,CAAC;IAEvB,qCAAqC;IACrC,IAAI,IAAI,IAAI,IAAI,GAAG,SAAS,CAAC;IAE7B,iHAAiH;IACjH,KAAK,IAAI,IAAI,CAAC;CACf;AAED,MAAM,MAAM,gBAAgB,GACxB;IACE,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;CACnB,GACD;IACE,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC;IACnB,QAAQ,CAAC,KAAK,EAAE,SAAS,CAAC;CAC3B,CAAC;AAEN,MAAM,MAAM,iBAAiB,GAAG,CAC9B,KAAK,EAAE,MAAM,EACb,GAAG,EAAE;IAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CAAC,KAC3B,OAAO,CAAC,OAAO,CAAC,CAAC;AAgBtB,qBAAa,eAAgB,YAAW,WAAW;;IACjD,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBAQlB,EAAE,EAAE,UAAU,EACd,aAAa,EAAE,MAAM,EACrB,iBAAiB,EAAE,iBAAiB,GAAG,SAAS;IAOlD,IAAI,IAAI,IAAI,IAAI,GAAG,SAAS,CAE3B;IAED,IAAI,QAAQ,IAAI,MAAM,CAErB;IAED,KAAK,IAAI,IAAI;IAWP,MAAM,CACV,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GAAG,SAAS,GAC3B,OAAO,CAAC,gBAAgB,CAAC;CAoF7B;AAED,gEAAgE;AAChE,wBAAgB,SAAS,CACvB,EAAE,EAAE,UAAU,EACd,aAAa,EAAE,IAAI,GAAG,SAAS,EAC/B,QAAQ,EAAE,IAAI,GAAG,SAAS,GAAG,IAAI,oBAgFlC"}
1
+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,MAAM,CAAC;AAGrC,OAAO,EAGL,KAAK,SAAS,EACf,MAAM,qCAAqC,CAAC;AAE7C,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,oCAAoC,CAAC;AAElE,yCAAyC;AACzC,MAAM,MAAM,OAAO,GAAG;IACpB,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC;IACrB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,IAAI,GAAG,UAAU,GAAG,OAAO,CAAC;AAExC,MAAM,MAAM,iBAAiB,GAAG,CAC9B,KAAK,EAAE,MAAM,EACb,GAAG,EAAE;IAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAA;CAAC,KACvC,OAAO,CAAC,OAAO,CAAC,CAAC;AAMtB,wBAAgB,UAAU,CAAC,CAAC,EAAE,IAAI,GAAG,SAAS,EAAE,CAAC,EAAE,IAAI,GAAG,SAAS,WAQlE;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,EAAE,EAAE,UAAU,EACd,YAAY,EAAE,IAAI,GAAG,SAAS,EAC9B,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,iBAAiB,EAAE,iBAAiB,GAAG,SAAS,GAC/C,OAAO,CAAC,IAAI,GAAG,SAAS,CAAC,CAoE3B;AAED,gEAAgE;AAChE,wBAAgB,SAAS,CACvB,EAAE,EAAE,UAAU,EACd,aAAa,EAAE,IAAI,GAAG,SAAS,EAC/B,QAAQ,EAAE,IAAI,GAAG,SAAS,GAAG,IAAI,oBAgFlC;AAED,wBAAgB,eAAe,CAAC,EAAE,EAAE,OAAO,GAAG,EAAE,IAAI,SAAS,GAAG,SAAS,CAgCxE"}
package/out/zero-cache/src/auth/auth.js CHANGED
@@ -1,5 +1,6 @@
1
1
  import { AuthInvalidated, Unauthorized } from "../../../zero-protocol/src/error-kind-enum.js";
2
2
  import { ZeroCache } from "../../../zero-protocol/src/error-origin-enum.js";
3
+ import "../../../zero-protocol/src/error-reason-enum.js";
3
4
  import { ProtocolError, isProtocolError } from "../../../zero-protocol/src/error.js";
4
5
  //#region ../zero-cache/src/auth/auth.ts
5
6
  function isProvidedAuth(wireAuth) {
@@ -10,89 +11,56 @@ function authEquals(a, b) {
10
11
  if (!a || !b) return false;
11
12
  return a.type === b.type && a.raw === b.raw;
12
13
  }
13
- var AuthSessionImpl = class {
14
- id;
15
- #lc;
16
- #validateLegacyJWT;
17
- #auth = void 0;
18
- #boundUserID;
19
- #revision = 0;
20
- constructor(lc, clientGroupID, validateLegacyJWT) {
21
- this.id = clientGroupID;
22
- this.#lc = lc;
23
- this.#validateLegacyJWT = validateLegacyJWT;
24
- }
25
- get auth() {
26
- return this.#auth;
27
- }
28
- get revision() {
29
- return this.#revision;
30
- }
31
- clear() {
32
- this.#lc.withContext("boundUserID", this.#boundUserID ?? "unknown").debug?.(`Clearing auth session`);
33
- this.#auth = void 0;
34
- this.#boundUserID = void 0;
35
- this.#revision = 0;
36
- }
37
- async update(userID, wireAuth) {
38
- try {
39
- const lc = this.#lc.withContext("newUserID", userID);
40
- if (this.#boundUserID && this.#boundUserID !== userID) return {
41
- ok: false,
42
- error: {
43
- kind: Unauthorized,
44
- message: "Client groups are pinned to a single user. Connection userID does not match existing client group userID.",
45
- origin: ZeroCache
46
- }
47
- };
48
- const previousAuth = this.#auth;
49
- const hasProvidedAuth = isProvidedAuth(wireAuth);
50
- let nextAuth = previousAuth;
51
- if (previousAuth) lc.debug?.(`Attempting to update auth from previous value`);
52
- else lc.debug?.(`Attempting to initialize auth`);
53
- if (!hasProvidedAuth && previousAuth) return {
54
- ok: false,
55
- error: {
56
- kind: Unauthorized,
57
- message: "No token provided. An unauthenticated client cannot connect to an authenticated client group.",
58
- origin: ZeroCache
59
- }
60
- };
61
- if (!hasProvidedAuth) {
62
- nextAuth = void 0;
63
- lc.debug?.(`Cleared auth`);
64
- } else if (this.#validateLegacyJWT !== void 0) {
65
- const verifiedToken = await this.#validateLegacyJWT(wireAuth, { userID });
66
- nextAuth = pickToken(this.#lc, this.#auth, verifiedToken);
67
- lc.debug?.(`Updated auth with JWT`);
68
- } else {
69
- if (this.#auth?.type === "jwt") throw new Error("Cannot change auth type from legacy to opaque token");
70
- nextAuth = {
71
- type: "opaque",
72
- raw: wireAuth
73
- };
74
- lc.debug?.(`Updated auth with opaque token`);
75
- }
76
- this.#auth = nextAuth;
77
- this.#boundUserID ??= userID;
78
- if (!authEquals(previousAuth, nextAuth)) this.#revision++;
79
- } catch (e) {
80
- if (isProtocolError(e)) return {
81
- ok: false,
82
- error: e.errorBody
83
- };
84
- return {
85
- ok: false,
86
- error: {
87
- kind: AuthInvalidated,
88
- message: `Failed to decode auth token: ${String(e)}`,
89
- origin: ZeroCache
90
- }
91
- };
14
+ /**
15
+ * Resolves one auth snapshot transition without binding it to a client group.
16
+ */
17
+ async function resolveAuth(lc, previousAuth, userID, wireAuth, validateLegacyJWT) {
18
+ try {
19
+ const hasProvidedAuth = isProvidedAuth(wireAuth);
20
+ if (previousAuth) lc.debug?.(`Attempting to update auth from previous value`);
21
+ else lc.debug?.(`Attempting to initialize auth`);
22
+ if (!hasProvidedAuth && previousAuth) throw new ProtocolError({
23
+ kind: Unauthorized,
24
+ message: "No token provided. An unauthenticated client cannot connect to an authenticated client group.",
25
+ origin: ZeroCache
26
+ });
27
+ if (!hasProvidedAuth) {
28
+ lc.debug?.(`Cleared auth`);
29
+ return;
92
30
  }
93
- return { ok: true };
31
+ if (userID === void 0) throw new ProtocolError({
32
+ kind: Unauthorized,
33
+ message: "Authenticated connections require a userID.",
34
+ origin: ZeroCache
35
+ });
36
+ if (validateLegacyJWT !== void 0) {
37
+ const nextAuth = pickToken(lc, previousAuth, await validateLegacyJWT(wireAuth, { userID }));
38
+ lc.debug?.(`Updated auth with JWT`);
39
+ return nextAuth;
40
+ }
41
+ if (previousAuth?.type === "jwt") throw new ProtocolError({
42
+ kind: Unauthorized,
43
+ message: "Token type cannot change from JWT to opaque. Connections are pinned to a single token type.",
44
+ origin: ZeroCache
45
+ });
46
+ if (previousAuth?.type === "opaque" && previousAuth.raw === wireAuth) {
47
+ lc.debug?.(`Opaque auth unchanged, reusing previous snapshot`);
48
+ return previousAuth;
49
+ }
50
+ lc.debug?.(`Updated auth with opaque token`);
51
+ return {
52
+ type: "opaque",
53
+ raw: wireAuth
54
+ };
55
+ } catch (e) {
56
+ if (isProtocolError(e)) throw e;
57
+ throw new ProtocolError({
58
+ kind: AuthInvalidated,
59
+ message: `Failed to decode auth token: ${String(e)}`,
60
+ origin: ZeroCache
61
+ });
94
62
  }
95
- };
63
+ }
96
64
  /** @deprecated used only in old JWT validation/rotation auth */
97
65
  function pickToken(lc, previousToken, newToken) {
98
66
  if (newToken === null) return;
@@ -139,7 +107,14 @@ function pickToken(lc, previousToken, newToken) {
139
107
  origin: ZeroCache
140
108
  });
141
109
  }
110
+ function isAuthErrorBody(ex) {
111
+ if (typeof ex !== "object" || ex === null) return false;
112
+ if ("error" in ex) return ex.error === "http" && "status" in ex && (ex.status === 401 || ex.status === 403);
113
+ if (!("kind" in ex)) return false;
114
+ if (ex.kind === "AuthInvalidated" || ex.kind === "Unauthorized") return true;
115
+ return (ex.kind === "PushFailed" || ex.kind === "TransformFailed") && "reason" in ex && ex.reason === "http" && "status" in ex && (ex.status === 401 || ex.status === 403);
116
+ }
142
117
  //#endregion
143
- export { AuthSessionImpl };
118
+ export { authEquals, isAuthErrorBody, resolveAuth };
144
119
 
145
120
  //# sourceMappingURL=auth.js.map
package/out/zero-cache/src/auth/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","names":["#lc","#validateLegacyJWT","#auth","#revision","#boundUserID"],"sources":["../../../../../zero-cache/src/auth/auth.ts"],"sourcesContent":["import type {LogContext} from '@rocicorp/logger';\nimport type {JWTPayload} from 'jose';\nimport {ErrorKind} from '../../../zero-protocol/src/error-kind.ts';\nimport {ErrorOrigin} from '../../../zero-protocol/src/error-origin.ts';\nimport {\n isProtocolError,\n ProtocolError,\n type ErrorBody,\n} from '../../../zero-protocol/src/error.ts';\n\n/** @deprecated JWT auth is deprecated */\nexport type JWTAuth = {\n readonly type: 'jwt';\n readonly raw: string;\n readonly decoded: JWTPayload;\n};\n\nexport type OpaqueAuth = {\n readonly type: 'opaque';\n readonly raw: string;\n};\n\nexport type Auth = OpaqueAuth | JWTAuth;\n\nexport interface AuthSession {\n /** Update the auth session with a new userID and token from the client */\n update(\n userID: string,\n wireAuth: string | undefined,\n ): Promise<AuthUpdateResult>;\n\n /** The revision of the auth state */\n get revision(): number;\n\n /** The auth state for the session */\n get auth(): Auth | undefined;\n\n /** Clear the auth session, removing any stored auth and allowing a new userID to be bound on the next update. */\n clear(): void;\n}\n\nexport type AuthUpdateResult =\n | {\n readonly ok: true;\n }\n | {\n readonly ok: false;\n readonly error: ErrorBody;\n };\n\nexport type ValidateLegacyJWT = (\n token: string,\n ctx: {readonly userID: string},\n) => Promise<JWTAuth>;\n\nfunction isProvidedAuth(wireAuth: string | undefined): wireAuth is string {\n return wireAuth !== undefined && wireAuth !== '';\n}\n\nfunction authEquals(a: Auth | null | undefined, b: Auth | null | undefined) {\n if (a === b) {\n return true;\n }\n if (!a || !b) {\n return false;\n }\n return a.type === b.type && a.raw === b.raw;\n}\n\nexport class AuthSessionImpl implements AuthSession {\n readonly id: string;\n readonly #lc: LogContext;\n readonly #validateLegacyJWT: ValidateLegacyJWT | undefined;\n #auth: Auth | undefined = undefined;\n #boundUserID: string | undefined;\n #revision = 0;\n\n constructor(\n lc: LogContext,\n clientGroupID: string,\n validateLegacyJWT: ValidateLegacyJWT | undefined,\n ) {\n this.id = clientGroupID;\n this.#lc = lc;\n this.#validateLegacyJWT = validateLegacyJWT;\n }\n\n get auth(): Auth | undefined {\n return this.#auth;\n }\n\n get revision(): number {\n return this.#revision;\n }\n\n clear(): void {\n const lc = this.#lc.withContext(\n 'boundUserID',\n this.#boundUserID ?? 'unknown',\n );\n lc.debug?.(`Clearing auth session`);\n this.#auth = undefined;\n this.#boundUserID = undefined;\n this.#revision = 0;\n }\n\n async update(\n userID: string,\n wireAuth: string | undefined,\n ): Promise<AuthUpdateResult> {\n try {\n const lc = this.#lc.withContext('newUserID', userID);\n\n // check if the auth update is trying to change the bound userID for this client group\n if (this.#boundUserID && this.#boundUserID !== userID) {\n return {\n ok: false,\n error: {\n kind: ErrorKind.Unauthorized,\n message:\n 'Client groups are pinned to a single user. Connection userID does not match existing client group userID.',\n origin: ErrorOrigin.ZeroCache,\n },\n };\n }\n\n const previousAuth = this.#auth;\n const hasProvidedAuth = isProvidedAuth(wireAuth);\n let nextAuth = previousAuth;\n\n if (previousAuth) {\n lc.debug?.(`Attempting to update auth from previous value`);\n } else {\n lc.debug?.(`Attempting to initialize auth`);\n }\n\n if (!hasProvidedAuth && previousAuth) {\n return {\n ok: false,\n error: {\n kind: ErrorKind.Unauthorized,\n message:\n 'No token provided. An unauthenticated client cannot connect to an authenticated client group.',\n origin: ErrorOrigin.ZeroCache,\n },\n };\n }\n\n if (!hasProvidedAuth) {\n nextAuth = undefined;\n lc.debug?.(`Cleared auth`);\n } else if (this.#validateLegacyJWT !== undefined) {\n const verifiedToken = await this.#validateLegacyJWT(wireAuth, {userID});\n nextAuth = pickToken(this.#lc, this.#auth, verifiedToken);\n lc.debug?.(`Updated auth with JWT`);\n } else {\n if (this.#auth?.type === 'jwt') {\n throw new Error(\n 'Cannot change auth type from legacy to opaque token',\n );\n }\n nextAuth = {\n type: 'opaque',\n raw: wireAuth,\n };\n lc.debug?.(`Updated auth with opaque token`);\n }\n\n this.#auth = nextAuth;\n this.#boundUserID ??= userID;\n\n if (!authEquals(previousAuth, nextAuth)) {\n this.#revision++;\n }\n } catch (e) {\n if (isProtocolError(e)) {\n return {\n ok: false,\n error: e.errorBody,\n };\n }\n return {\n ok: false,\n error: {\n kind: ErrorKind.AuthInvalidated,\n message: `Failed to decode auth token: ${String(e)}`,\n origin: ErrorOrigin.ZeroCache,\n },\n };\n }\n\n return {ok: true};\n }\n}\n\n/** @deprecated used only in old JWT validation/rotation auth */\nexport function pickToken(\n lc: LogContext,\n previousToken: Auth | undefined,\n newToken: Auth | undefined | null,\n) {\n if (newToken === null) {\n return undefined;\n }\n\n if (\n previousToken?.type &&\n newToken?.type &&\n previousToken?.type !== newToken?.type\n ) {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'Token type cannot change. Client groups are pinned to a single token type.',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n if (previousToken === undefined) {\n lc.debug?.(`No previous token, using new token`);\n return newToken;\n }\n\n if (newToken?.type === 'opaque') {\n return newToken;\n }\n\n if (previousToken.type === 'opaque') {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'Token type cannot change from opaque to JWT. Client groups are pinned to a single token type.',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n if (newToken) {\n if (previousToken.decoded.sub !== newToken.decoded.sub) {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'The user id in the new token does not match the previous token. Client groups are pinned to a single user.',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n if (previousToken.decoded.iat === undefined) {\n lc.debug?.(`No issued at time for the existing token, using new token`);\n // No issued at time for the existing token? We take the most recently received token.\n return newToken;\n }\n\n if (newToken.decoded.iat === undefined) {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'The new token does not have an issued at time but the prior token does. Tokens for a client group must either all have issued at times or all not have issued at times',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n // The new token is newer, so we take it.\n if (previousToken.decoded.iat < newToken.decoded.iat) {\n lc.debug?.(`New token is newer, using it`);\n return newToken;\n }\n\n // if the new token is older or the same, we keep the existing token.\n lc.debug?.(`New token is older or the same, using existing token`);\n return previousToken;\n }\n\n // previousToken !== undefined but newToken is undefined\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'No token provided. An unauthenticated client cannot connect to an authenticated client group.',\n origin: ErrorOrigin.ZeroCache,\n });\n}\n"],"mappings":";;;;AAuDA,SAAS,eAAe,UAAkD;AACxE,QAAO,aAAa,KAAA,KAAa,aAAa;;AAGhD,SAAS,WAAW,GAA4B,GAA4B;AAC1E,KAAI,MAAM,EACR,QAAO;AAET,KAAI,CAAC,KAAK,CAAC,EACT,QAAO;AAET,QAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE;;AAG1C,IAAa,kBAAb,MAAoD;CAClD;CACA;CACA;CACA,QAA0B,KAAA;CAC1B;CACA,YAAY;CAEZ,YACE,IACA,eACA,mBACA;AACA,OAAK,KAAK;AACV,QAAA,KAAW;AACX,QAAA,oBAA0B;;CAG5B,IAAI,OAAyB;AAC3B,SAAO,MAAA;;CAGT,IAAI,WAAmB;AACrB,SAAO,MAAA;;CAGT,QAAc;AACD,QAAA,GAAS,YAClB,eACA,MAAA,eAAqB,UACtB,CACE,QAAQ,wBAAwB;AACnC,QAAA,OAAa,KAAA;AACb,QAAA,cAAoB,KAAA;AACpB,QAAA,WAAiB;;CAGnB,MAAM,OACJ,QACA,UAC2B;AAC3B,MAAI;GACF,MAAM,KAAK,MAAA,GAAS,YAAY,aAAa,OAAO;AAGpD,OAAI,MAAA,eAAqB,MAAA,gBAAsB,OAC7C,QAAO;IACL,IAAI;IACJ,OAAO;KACL,MAAM;KACN,SACE;KACF,QAAQ;KACT;IACF;GAGH,MAAM,eAAe,MAAA;GACrB,MAAM,kBAAkB,eAAe,SAAS;GAChD,IAAI,WAAW;AAEf,OAAI,aACF,IAAG,QAAQ,gDAAgD;OAE3D,IAAG,QAAQ,gCAAgC;AAG7C,OAAI,CAAC,mBAAmB,aACtB,QAAO;IACL,IAAI;IACJ,OAAO;KACL,MAAM;KACN,SACE;KACF,QAAQ;KACT;IACF;AAGH,OAAI,CAAC,iBAAiB;AACpB,eAAW,KAAA;AACX,OAAG,QAAQ,eAAe;cACjB,MAAA,sBAA4B,KAAA,GAAW;IAChD,MAAM,gBAAgB,MAAM,MAAA,kBAAwB,UAAU,EAAC,QAAO,CAAC;AACvE,eAAW,UAAU,MAAA,IAAU,MAAA,MAAY,cAAc;AACzD,OAAG,QAAQ,wBAAwB;UAC9B;AACL,QAAI,MAAA,MAAY,SAAS,MACvB,OAAM,IAAI,MACR,sDACD;AAEH,eAAW;KACT,MAAM;KACN,KAAK;KACN;AACD,OAAG,QAAQ,iCAAiC;;AAG9C,SAAA,OAAa;AACb,SAAA,gBAAsB;AAEtB,OAAI,CAAC,WAAW,cAAc,SAAS,CACrC,OAAA;WAEK,GAAG;AACV,OAAI,gBAAgB,EAAE,CACpB,QAAO;IACL,IAAI;IACJ,OAAO,EAAE;IACV;AAEH,UAAO;IACL,IAAI;IACJ,OAAO;KACL,MAAM;KACN,SAAS,gCAAgC,OAAO,EAAE;KAClD,QAAQ;KACT;IACF;;AAGH,SAAO,EAAC,IAAI,MAAK;;;;AAKrB,SAAgB,UACd,IACA,eACA,UACA;AACA,KAAI,aAAa,KACf;AAGF,KACE,eAAe,QACf,UAAU,QACV,eAAe,SAAS,UAAU,KAElC,OAAM,IAAI,cAAc;EACtB,MAAM;EACN,SACE;EACF,QAAQ;EACT,CAAC;AAGJ,KAAI,kBAAkB,KAAA,GAAW;AAC/B,KAAG,QAAQ,qCAAqC;AAChD,SAAO;;AAGT,KAAI,UAAU,SAAS,SACrB,QAAO;AAGT,KAAI,cAAc,SAAS,SACzB,OAAM,IAAI,cAAc;EACtB,MAAM;EACN,SACE;EACF,QAAQ;EACT,CAAC;AAGJ,KAAI,UAAU;AACZ,MAAI,cAAc,QAAQ,QAAQ,SAAS,QAAQ,IACjD,OAAM,IAAI,cAAc;GACtB,MAAM;GACN,SACE;GACF,QAAQ;GACT,CAAC;AAGJ,MAAI,cAAc,QAAQ,QAAQ,KAAA,GAAW;AAC3C,MAAG,QAAQ,4DAA4D;AAEvE,UAAO;;AAGT,MAAI,SAAS,QAAQ,QAAQ,KAAA,EAC3B,OAAM,IAAI,cAAc;GACtB,MAAM;GACN,SACE;GACF,QAAQ;GACT,CAAC;AAIJ,MAAI,cAAc,QAAQ,MAAM,SAAS,QAAQ,KAAK;AACpD,MAAG,QAAQ,+BAA+B;AAC1C,UAAO;;AAIT,KAAG,QAAQ,uDAAuD;AAClE,SAAO;;AAIT,OAAM,IAAI,cAAc;EACtB,MAAM;EACN,SACE;EACF,QAAQ;EACT,CAAC"}
1
+ {"version":3,"file":"auth.js","names":[],"sources":["../../../../../zero-cache/src/auth/auth.ts"],"sourcesContent":["import type {LogContext} from '@rocicorp/logger';\nimport type {JWTPayload} from 'jose';\nimport {ErrorKind} from '../../../zero-protocol/src/error-kind.ts';\nimport {ErrorOrigin} from '../../../zero-protocol/src/error-origin.ts';\nimport {\n isProtocolError,\n ProtocolError,\n type ErrorBody,\n} from '../../../zero-protocol/src/error.ts';\nimport {ErrorReason} from '../../../zero-protocol/src/error-reason.ts';\nimport type {PushError} from '../../../zero-protocol/src/push.ts';\n\n/** @deprecated JWT auth is deprecated */\nexport type JWTAuth = {\n readonly type: 'jwt';\n readonly raw: string;\n readonly decoded: JWTPayload;\n};\n\nexport type OpaqueAuth = {\n readonly type: 'opaque';\n readonly raw: string;\n};\n\nexport type Auth = OpaqueAuth | JWTAuth;\n\nexport type ValidateLegacyJWT = (\n token: string,\n ctx: {readonly userID: string | undefined},\n) => Promise<JWTAuth>;\n\nfunction isProvidedAuth(wireAuth: string | undefined): wireAuth is string {\n return wireAuth !== undefined && wireAuth !== '';\n}\n\nexport function authEquals(a: Auth | undefined, b: Auth | undefined) {\n if (a === b) {\n return true;\n }\n if (!a || !b) {\n return false;\n }\n return a.type === b.type && a.raw === b.raw;\n}\n\n/**\n * Resolves one auth snapshot transition without binding it to a client group.\n */\nexport async function resolveAuth(\n lc: LogContext,\n previousAuth: Auth | undefined,\n userID: string | undefined,\n wireAuth: string | undefined,\n validateLegacyJWT: ValidateLegacyJWT | undefined,\n): Promise<Auth | undefined> {\n try {\n const hasProvidedAuth = isProvidedAuth(wireAuth);\n\n if (previousAuth) {\n lc.debug?.(`Attempting to update auth from previous value`);\n } else {\n lc.debug?.(`Attempting to initialize auth`);\n }\n\n if (!hasProvidedAuth && previousAuth) {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'No token provided. An unauthenticated client cannot connect to an authenticated client group.',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n if (!hasProvidedAuth) {\n lc.debug?.(`Cleared auth`);\n return undefined;\n }\n\n if (userID === undefined) {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message: 'Authenticated connections require a userID.',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n if (validateLegacyJWT !== undefined) {\n const verifiedToken = await validateLegacyJWT(wireAuth, {userID});\n const nextAuth = pickToken(lc, previousAuth, verifiedToken);\n lc.debug?.(`Updated auth with JWT`);\n return nextAuth;\n }\n\n if (previousAuth?.type === 'jwt') {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'Token type cannot change from JWT to opaque. Connections are pinned to a single token type.',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n if (previousAuth?.type === 'opaque' && previousAuth.raw === wireAuth) {\n lc.debug?.(`Opaque auth unchanged, reusing previous snapshot`);\n return previousAuth;\n }\n\n lc.debug?.(`Updated auth with opaque token`);\n return {\n type: 'opaque',\n raw: wireAuth,\n };\n } catch (e) {\n if (isProtocolError(e)) {\n throw e;\n }\n throw new ProtocolError({\n kind: ErrorKind.AuthInvalidated,\n message: `Failed to decode auth token: ${String(e)}`,\n origin: ErrorOrigin.ZeroCache,\n });\n }\n}\n\n/** @deprecated used only in old JWT validation/rotation auth */\nexport function pickToken(\n lc: LogContext,\n previousToken: Auth | undefined,\n newToken: Auth | undefined | null,\n) {\n if (newToken === null) {\n return undefined;\n }\n\n if (\n previousToken?.type &&\n newToken?.type &&\n previousToken?.type !== newToken?.type\n ) {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'Token type cannot change. Client groups are pinned to a single token type.',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n if (previousToken === undefined) {\n lc.debug?.(`No previous token, using new token`);\n return newToken;\n }\n\n if (newToken?.type === 'opaque') {\n return newToken;\n }\n\n if (previousToken.type === 'opaque') {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'Token type cannot change from opaque to JWT. Client groups are pinned to a single token type.',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n if (newToken) {\n if (previousToken.decoded.sub !== newToken.decoded.sub) {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'The user id in the new token does not match the previous token. Client groups are pinned to a single user.',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n if (previousToken.decoded.iat === undefined) {\n lc.debug?.(`No issued at time for the existing token, using new token`);\n // No issued at time for the existing token? We take the most recently received token.\n return newToken;\n }\n\n if (newToken.decoded.iat === undefined) {\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'The new token does not have an issued at time but the prior token does. Tokens for a client group must either all have issued at times or all not have issued at times',\n origin: ErrorOrigin.ZeroCache,\n });\n }\n\n // The new token is newer, so we take it.\n if (previousToken.decoded.iat < newToken.decoded.iat) {\n lc.debug?.(`New token is newer, using it`);\n return newToken;\n }\n\n // if the new token is older or the same, we keep the existing token.\n lc.debug?.(`New token is older or the same, using existing token`);\n return previousToken;\n }\n\n // previousToken !== undefined but newToken is undefined\n throw new ProtocolError({\n kind: ErrorKind.Unauthorized,\n message:\n 'No token provided. An unauthenticated client cannot connect to an authenticated client group.',\n origin: ErrorOrigin.ZeroCache,\n });\n}\n\nexport function isAuthErrorBody(ex: unknown): ex is ErrorBody | PushError {\n if (typeof ex !== 'object' || ex === null) {\n return false;\n }\n\n if ('error' in ex) {\n return (\n ex.error === 'http' &&\n 'status' in ex &&\n (ex.status === 401 || ex.status === 403)\n );\n }\n\n if (!('kind' in ex)) {\n return false;\n }\n\n if (\n ex.kind === ErrorKind.AuthInvalidated ||\n ex.kind === ErrorKind.Unauthorized\n ) {\n return true;\n }\n\n return (\n (ex.kind === ErrorKind.PushFailed ||\n ex.kind === ErrorKind.TransformFailed) &&\n 'reason' in ex &&\n ex.reason === ErrorReason.HTTP &&\n 'status' in ex &&\n (ex.status === 401 || ex.status === 403)\n );\n}\n"],"mappings":";;;;;AA+BA,SAAS,eAAe,UAAkD;AACxE,QAAO,aAAa,KAAA,KAAa,aAAa;;AAGhD,SAAgB,WAAW,GAAqB,GAAqB;AACnE,KAAI,MAAM,EACR,QAAO;AAET,KAAI,CAAC,KAAK,CAAC,EACT,QAAO;AAET,QAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE;;;;;AAM1C,eAAsB,YACpB,IACA,cACA,QACA,UACA,mBAC2B;AAC3B,KAAI;EACF,MAAM,kBAAkB,eAAe,SAAS;AAEhD,MAAI,aACF,IAAG,QAAQ,gDAAgD;MAE3D,IAAG,QAAQ,gCAAgC;AAG7C,MAAI,CAAC,mBAAmB,aACtB,OAAM,IAAI,cAAc;GACtB,MAAM;GACN,SACE;GACF,QAAQ;GACT,CAAC;AAGJ,MAAI,CAAC,iBAAiB;AACpB,MAAG,QAAQ,eAAe;AAC1B;;AAGF,MAAI,WAAW,KAAA,EACb,OAAM,IAAI,cAAc;GACtB,MAAM;GACN,SAAS;GACT,QAAQ;GACT,CAAC;AAGJ,MAAI,sBAAsB,KAAA,GAAW;GAEnC,MAAM,WAAW,UAAU,IAAI,cADT,MAAM,kBAAkB,UAAU,EAAC,QAAO,CAAC,CACN;AAC3D,MAAG,QAAQ,wBAAwB;AACnC,UAAO;;AAGT,MAAI,cAAc,SAAS,MACzB,OAAM,IAAI,cAAc;GACtB,MAAM;GACN,SACE;GACF,QAAQ;GACT,CAAC;AAGJ,MAAI,cAAc,SAAS,YAAY,aAAa,QAAQ,UAAU;AACpE,MAAG,QAAQ,mDAAmD;AAC9D,UAAO;;AAGT,KAAG,QAAQ,iCAAiC;AAC5C,SAAO;GACL,MAAM;GACN,KAAK;GACN;UACM,GAAG;AACV,MAAI,gBAAgB,EAAE,CACpB,OAAM;AAER,QAAM,IAAI,cAAc;GACtB,MAAM;GACN,SAAS,gCAAgC,OAAO,EAAE;GAClD,QAAQ;GACT,CAAC;;;;AAKN,SAAgB,UACd,IACA,eACA,UACA;AACA,KAAI,aAAa,KACf;AAGF,KACE,eAAe,QACf,UAAU,QACV,eAAe,SAAS,UAAU,KAElC,OAAM,IAAI,cAAc;EACtB,MAAM;EACN,SACE;EACF,QAAQ;EACT,CAAC;AAGJ,KAAI,kBAAkB,KAAA,GAAW;AAC/B,KAAG,QAAQ,qCAAqC;AAChD,SAAO;;AAGT,KAAI,UAAU,SAAS,SACrB,QAAO;AAGT,KAAI,cAAc,SAAS,SACzB,OAAM,IAAI,cAAc;EACtB,MAAM;EACN,SACE;EACF,QAAQ;EACT,CAAC;AAGJ,KAAI,UAAU;AACZ,MAAI,cAAc,QAAQ,QAAQ,SAAS,QAAQ,IACjD,OAAM,IAAI,cAAc;GACtB,MAAM;GACN,SACE;GACF,QAAQ;GACT,CAAC;AAGJ,MAAI,cAAc,QAAQ,QAAQ,KAAA,GAAW;AAC3C,MAAG,QAAQ,4DAA4D;AAEvE,UAAO;;AAGT,MAAI,SAAS,QAAQ,QAAQ,KAAA,EAC3B,OAAM,IAAI,cAAc;GACtB,MAAM;GACN,SACE;GACF,QAAQ;GACT,CAAC;AAIJ,MAAI,cAAc,QAAQ,MAAM,SAAS,QAAQ,KAAK;AACpD,MAAG,QAAQ,+BAA+B;AAC1C,UAAO;;AAIT,KAAG,QAAQ,uDAAuD;AAClE,SAAO;;AAIT,OAAM,IAAI,cAAc;EACtB,MAAM;EACN,SACE;EACF,QAAQ;EACT,CAAC;;AAGJ,SAAgB,gBAAgB,IAA0C;AACxE,KAAI,OAAO,OAAO,YAAY,OAAO,KACnC,QAAO;AAGT,KAAI,WAAW,GACb,QACE,GAAG,UAAU,UACb,YAAY,OACX,GAAG,WAAW,OAAO,GAAG,WAAW;AAIxC,KAAI,EAAE,UAAU,IACd,QAAO;AAGT,KACE,GAAG,SAAS,qBACZ,GAAG,SAAS,eAEZ,QAAO;AAGT,SACG,GAAG,SAAS,gBACX,GAAG,SAAS,sBACd,YAAY,MACZ,GAAG,WAAW,UACd,YAAY,OACX,GAAG,WAAW,OAAO,GAAG,WAAW"}
package/out/zero-cache/src/auth/jwt.d.ts CHANGED
@@ -1,12 +1,12 @@
1
1
  import { type JWK, type JWTClaimVerificationOptions, type JWTPayload } from 'jose';
2
- import type { AuthConfig } from '../config/zero-config.ts';
2
+ import type { LegacyJWTAuthConfig } from '../config/zero-config.ts';
3
3
  /** @deprecated */
4
4
  export declare function createJwkPair(): Promise<{
5
5
  privateJwk: JWK;
6
6
  publicJwk: JWK;
7
7
  }>;
8
8
  /** @deprecated */
9
- export declare const tokenConfigOptions: (config: AuthConfig) => ("jwk" | "jwksUrl" | "secret")[];
9
+ export declare const tokenConfigOptions: (config: LegacyJWTAuthConfig) => ("jwk" | "jwksUrl" | "secret")[];
10
10
  /** @deprecated */
11
- export declare function verifyToken(config: AuthConfig, token: string, verifyOptions: JWTClaimVerificationOptions): Promise<JWTPayload>;
11
+ export declare function verifyToken(config: LegacyJWTAuthConfig, token: string, verifyOptions: JWTClaimVerificationOptions): Promise<JWTPayload>;
12
12
  //# sourceMappingURL=jwt.d.ts.map
package/out/zero-cache/src/auth/jwt.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,KAAK,GAAG,EACR,KAAK,2BAA2B,EAChC,KAAK,UAAU,EAEhB,MAAM,MAAM,CAAC;AACd,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,0BAA0B,CAAC;AAEzD,kBAAkB;AAClB,wBAAsB,aAAa;;;GAelC;AAWD,kBAAkB;AAClB,eAAO,MAAM,kBAAkB,GAAI,QAAQ,UAAU,qCAMpD,CAAC;AAEF,kBAAkB;AAClB,wBAAsB,WAAW,CAC/B,MAAM,EAAE,UAAU,EAClB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,2BAA2B,GACzC,OAAO,CAAC,UAAU,CAAC,CAiBrB"}
1
+ {"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/auth/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,KAAK,GAAG,EACR,KAAK,2BAA2B,EAChC,KAAK,UAAU,EAEhB,MAAM,MAAM,CAAC;AACd,OAAO,KAAK,EAAC,mBAAmB,EAAC,MAAM,0BAA0B,CAAC;AAElE,kBAAkB;AAClB,wBAAsB,aAAa;;;GAelC;AAWD,kBAAkB;AAClB,eAAO,MAAM,kBAAkB,GAAI,QAAQ,mBAAmB,qCAM7D,CAAC;AAEF,kBAAkB;AAClB,wBAAsB,WAAW,CAC/B,MAAM,EAAE,mBAAmB,EAC3B,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,2BAA2B,GACzC,OAAO,CAAC,UAAU,CAAC,CAiBrB"}
package/out/zero-cache/src/auth/jwt.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"jwt.js","names":[],"sources":["../../../../../zero-cache/src/auth/jwt.ts"],"sourcesContent":["import {\n createRemoteJWKSet,\n exportJWK,\n generateKeyPair,\n jwtVerify,\n type JWK,\n type JWTClaimVerificationOptions,\n type JWTPayload,\n type KeyLike,\n} from 'jose';\nimport type {AuthConfig} from '../config/zero-config.ts';\n\n/** @deprecated */\nexport async function createJwkPair() {\n const {publicKey, privateKey} = await generateKeyPair('PS256');\n\n const privateJwk = await exportJWK(privateKey);\n const publicJwk = await exportJWK(publicKey);\n\n privateJwk.kid = 'key-2024-001';\n privateJwk.use = 'sig';\n privateJwk.alg = 'PS256';\n\n publicJwk.kid = privateJwk.kid;\n publicJwk.use = privateJwk.use;\n publicJwk.alg = privateJwk.alg;\n\n return {privateJwk, publicJwk};\n}\n\nlet remoteKeyset: ReturnType<typeof createRemoteJWKSet> | undefined;\nfunction getRemoteKeyset(jwksUrl: string) {\n if (remoteKeyset === undefined) {\n remoteKeyset = createRemoteJWKSet(new URL(jwksUrl));\n }\n\n return remoteKeyset;\n}\n\n/** @deprecated */\nexport const tokenConfigOptions = (config: AuthConfig) => {\n const tokenOptions = (['jwk', 'secret', 'jwksUrl'] as const).filter(\n key => config[key] !== undefined,\n );\n\n return tokenOptions;\n};\n\n/** @deprecated */\nexport async function verifyToken(\n config: AuthConfig,\n token: string,\n verifyOptions: JWTClaimVerificationOptions,\n): Promise<JWTPayload> {\n if (config.jwk !== undefined) {\n return verifyTokenImpl(token, loadJwk(config.jwk), verifyOptions);\n }\n\n if (config.secret !== undefined) {\n return verifyTokenImpl(token, loadSecret(config.secret), verifyOptions);\n }\n\n if (config.jwksUrl !== undefined) {\n const remoteKeyset = getRemoteKeyset(config.jwksUrl);\n return (await jwtVerify(token, remoteKeyset, verifyOptions)).payload;\n }\n\n throw new Error(\n 'verifyToken was called but no auth options (one of: jwk, secret, jwksUrl) were configured.',\n );\n}\n\nfunction loadJwk(jwkString: string) {\n return JSON.parse(jwkString) as JWK;\n}\n\nfunction loadSecret(secret: string) {\n return new TextEncoder().encode(secret);\n}\n\nasync function verifyTokenImpl(\n token: string,\n verifyKey: Uint8Array | KeyLike | JWK,\n verifyOptions: JWTClaimVerificationOptions,\n): Promise<JWTPayload> {\n const {payload} = await jwtVerify(token, verifyKey, verifyOptions);\n\n return payload;\n}\n"],"mappings":";;AA8BA,IAAI;AACJ,SAAS,gBAAgB,SAAiB;AACxC,KAAI,iBAAiB,KAAA,EACnB,gBAAe,mBAAmB,IAAI,IAAI,QAAQ,CAAC;AAGrD,QAAO;;;AAIT,IAAa,sBAAsB,WAAuB;AAKxD,QAJsB;EAAC;EAAO;EAAU;EAAU,CAAW,QAC3D,QAAO,OAAO,SAAS,KAAA,EACxB;;;AAMH,eAAsB,YACpB,QACA,OACA,eACqB;AACrB,KAAI,OAAO,QAAQ,KAAA,EACjB,QAAO,gBAAgB,OAAO,QAAQ,OAAO,IAAI,EAAE,cAAc;AAGnE,KAAI,OAAO,WAAW,KAAA,EACpB,QAAO,gBAAgB,OAAO,WAAW,OAAO,OAAO,EAAE,cAAc;AAGzE,KAAI,OAAO,YAAY,KAAA,EAErB,SAAQ,MAAM,UAAU,OADH,gBAAgB,OAAO,QAAQ,EACP,cAAc,EAAE;AAG/D,OAAM,IAAI,MACR,6FACD;;AAGH,SAAS,QAAQ,WAAmB;AAClC,QAAO,KAAK,MAAM,UAAU;;AAG9B,SAAS,WAAW,QAAgB;AAClC,QAAO,IAAI,aAAa,CAAC,OAAO,OAAO;;AAGzC,eAAe,gBACb,OACA,WACA,eACqB;CACrB,MAAM,EAAC,YAAW,MAAM,UAAU,OAAO,WAAW,cAAc;AAElE,QAAO"}
1
+ {"version":3,"file":"jwt.js","names":[],"sources":["../../../../../zero-cache/src/auth/jwt.ts"],"sourcesContent":["import {\n createRemoteJWKSet,\n exportJWK,\n generateKeyPair,\n jwtVerify,\n type JWK,\n type JWTClaimVerificationOptions,\n type JWTPayload,\n type KeyLike,\n} from 'jose';\nimport type {LegacyJWTAuthConfig} from '../config/zero-config.ts';\n\n/** @deprecated */\nexport async function createJwkPair() {\n const {publicKey, privateKey} = await generateKeyPair('PS256');\n\n const privateJwk = await exportJWK(privateKey);\n const publicJwk = await exportJWK(publicKey);\n\n privateJwk.kid = 'key-2024-001';\n privateJwk.use = 'sig';\n privateJwk.alg = 'PS256';\n\n publicJwk.kid = privateJwk.kid;\n publicJwk.use = privateJwk.use;\n publicJwk.alg = privateJwk.alg;\n\n return {privateJwk, publicJwk};\n}\n\nlet remoteKeyset: ReturnType<typeof createRemoteJWKSet> | undefined;\nfunction getRemoteKeyset(jwksUrl: string) {\n if (remoteKeyset === undefined) {\n remoteKeyset = createRemoteJWKSet(new URL(jwksUrl));\n }\n\n return remoteKeyset;\n}\n\n/** @deprecated */\nexport const tokenConfigOptions = (config: LegacyJWTAuthConfig) => {\n const tokenOptions = (['jwk', 'secret', 'jwksUrl'] as const).filter(\n key => config[key] !== undefined,\n );\n\n return tokenOptions;\n};\n\n/** @deprecated */\nexport async function verifyToken(\n config: LegacyJWTAuthConfig,\n token: string,\n verifyOptions: JWTClaimVerificationOptions,\n): Promise<JWTPayload> {\n if (config.jwk !== undefined) {\n return verifyTokenImpl(token, loadJwk(config.jwk), verifyOptions);\n }\n\n if (config.secret !== undefined) {\n return verifyTokenImpl(token, loadSecret(config.secret), verifyOptions);\n }\n\n if (config.jwksUrl !== undefined) {\n const remoteKeyset = getRemoteKeyset(config.jwksUrl);\n return (await jwtVerify(token, remoteKeyset, verifyOptions)).payload;\n }\n\n throw new Error(\n 'verifyToken was called but no auth options (one of: jwk, secret, jwksUrl) were configured.',\n );\n}\n\nfunction loadJwk(jwkString: string) {\n return JSON.parse(jwkString) as JWK;\n}\n\nfunction loadSecret(secret: string) {\n return new TextEncoder().encode(secret);\n}\n\nasync function verifyTokenImpl(\n token: string,\n verifyKey: Uint8Array | KeyLike | JWK,\n verifyOptions: JWTClaimVerificationOptions,\n): Promise<JWTPayload> {\n const {payload} = await jwtVerify(token, verifyKey, verifyOptions);\n\n return payload;\n}\n"],"mappings":";;AA8BA,IAAI;AACJ,SAAS,gBAAgB,SAAiB;AACxC,KAAI,iBAAiB,KAAA,EACnB,gBAAe,mBAAmB,IAAI,IAAI,QAAQ,CAAC;AAGrD,QAAO;;;AAIT,IAAa,sBAAsB,WAAgC;AAKjE,QAJsB;EAAC;EAAO;EAAU;EAAU,CAAW,QAC3D,QAAO,OAAO,SAAS,KAAA,EACxB;;;AAMH,eAAsB,YACpB,QACA,OACA,eACqB;AACrB,KAAI,OAAO,QAAQ,KAAA,EACjB,QAAO,gBAAgB,OAAO,QAAQ,OAAO,IAAI,EAAE,cAAc;AAGnE,KAAI,OAAO,WAAW,KAAA,EACpB,QAAO,gBAAgB,OAAO,WAAW,OAAO,OAAO,EAAE,cAAc;AAGzE,KAAI,OAAO,YAAY,KAAA,EAErB,SAAQ,MAAM,UAAU,OADH,gBAAgB,OAAO,QAAQ,EACP,cAAc,EAAE;AAG/D,OAAM,IAAI,MACR,6FACD;;AAGH,SAAS,QAAQ,WAAmB;AAClC,QAAO,KAAK,MAAM,UAAU;;AAG9B,SAAS,WAAW,QAAgB;AAClC,QAAO,IAAI,aAAa,CAAC,OAAO,OAAO;;AAGzC,eAAe,gBACb,OACA,WACA,eACqB;CACrB,MAAM,EAAC,YAAW,MAAM,UAAU,OAAO,WAAW,cAAc;AAElE,QAAO"}
package/out/zero-cache/src/auth/load-permissions.js CHANGED
@@ -49,7 +49,7 @@ function reloadPermissionsIfChanged(lc, replica, appID, current, config) {
49
49
  function getSchema(lc, replica) {
50
50
  const specs = computeZqlSpecs(lc, replica, { includeBackfillingColumns: false });
51
51
  return {
52
- tables: Object.fromEntries([...specs.values()].map((table) => {
52
+ tables: Object.fromEntries(Array.from(specs.values(), (table) => {
53
53
  const { tableSpec: { name, primaryKey }, zqlSpec: columns } = table;
54
54
  return [name, {
55
55
  name,
package/out/zero-cache/src/auth/load-permissions.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"load-permissions.js","names":[],"sources":["../../../../../zero-cache/src/auth/load-permissions.ts"],"sourcesContent":["import type {LogContext} from '@rocicorp/logger';\nimport * as v from '../../../shared/src/valita.ts';\nimport {\n permissionsConfigSchema,\n type PermissionsConfig,\n} from '../../../zero-schema/src/compiled-permissions.ts';\nimport type {TableSchema} from '../../../zero-schema/src/table-schema.ts';\nimport type {Schema} from '../../../zero-types/src/schema.ts';\nimport type {Database} from '../../../zqlite/src/db.ts';\nimport type {ZeroConfig} from '../config/zero-config.ts';\nimport {computeZqlSpecs} from '../db/lite-tables.ts';\nimport type {StatementRunner} from '../db/statements.ts';\nimport {elide} from '../types/strings.ts';\n\nexport type LoadedPermissions = {\n permissions: PermissionsConfig | null;\n hash: string | null;\n};\n\nexport function loadPermissions(\n lc: LogContext,\n replica: StatementRunner,\n appID: string,\n config?: ZeroConfig,\n): LoadedPermissions {\n const {permissions, hash} = replica.get(\n `SELECT permissions, hash FROM \"${appID}.permissions\"`,\n );\n if (permissions === null) {\n const hasCustomEndpoints =\n config !== undefined &&\n (config.push?.url !== undefined || config.mutate?.url !== undefined) &&\n (config.query?.url !== undefined || config.getQueries?.url !== undefined);\n\n if (!hasCustomEndpoints) {\n const appIDFlag = appID === 'zero' ? '' : ` --app-id=${appID}`;\n lc.warn?.(\n `\\n\\n\\n` +\n `No upstream permissions deployed.\\n` +\n `Run 'npx zero-deploy-permissions${appIDFlag}' to enforce permissions.` +\n `\\n\\n\\n`,\n );\n }\n return {permissions, hash: null};\n }\n let obj;\n let parsed;\n try {\n obj = JSON.parse(permissions);\n parsed = v.parse(obj, permissionsConfigSchema);\n } catch (e) {\n // TODO: Plumb the --server-version and include in error message.\n throw new Error(\n `Could not parse upstream permissions: ` +\n `'${elide(String(permissions), 100)}'.\\n` +\n `This may happen if Permissions with a new internal format are ` +\n `deployed before the supporting server has been fully rolled out.`,\n {cause: e},\n );\n }\n return {permissions: parsed, hash};\n}\n\nexport function reloadPermissionsIfChanged(\n lc: LogContext,\n replica: StatementRunner,\n appID: string,\n current: LoadedPermissions | null,\n config?: ZeroConfig,\n): {permissions: LoadedPermissions; changed: boolean} {\n if (current === null) {\n return {\n permissions: loadPermissions(lc, replica, appID, config),\n changed: true,\n };\n }\n const {hash} = replica.get(`SELECT hash FROM \"${appID}.permissions\"`);\n return hash === current.hash\n ? {permissions: current, changed: false}\n : {permissions: loadPermissions(lc, replica, appID, config), changed: true};\n}\n\nexport function getSchema(lc: LogContext, replica: Database): Schema {\n const specs = computeZqlSpecs(lc, replica, {\n includeBackfillingColumns: false,\n });\n const tables = Object.fromEntries(\n [...specs.values()].map(table => {\n const {\n tableSpec: {name, primaryKey},\n zqlSpec: columns,\n } = table;\n return [name, {name, columns, primaryKey} satisfies TableSchema];\n }),\n );\n return {\n tables,\n relationships: {}, // relationships are already denormalized in ASTs\n };\n}\n"],"mappings":";;;;;AAmBA,SAAgB,gBACd,IACA,SACA,OACA,QACmB;CACnB,MAAM,EAAC,aAAa,SAAQ,QAAQ,IAClC,kCAAkC,MAAM,eACzC;AACD,KAAI,gBAAgB,MAAM;AAMxB,MAAI,EAJF,WAAW,KAAA,MACV,OAAO,MAAM,QAAQ,KAAA,KAAa,OAAO,QAAQ,QAAQ,KAAA,OACzD,OAAO,OAAO,QAAQ,KAAA,KAAa,OAAO,YAAY,QAAQ,KAAA,KAExC;GACvB,MAAM,YAAY,UAAU,SAAS,KAAK,aAAa;AACvD,MAAG,OACD;;;;kCAEqC,UAAU,iCAEhD;;AAEH,SAAO;GAAC;GAAa,MAAM;GAAK;;CAElC,IAAI;CACJ,IAAI;AACJ,KAAI;AACF,QAAM,KAAK,MAAM,YAAY;AAC7B,WAAS,MAAQ,KAAK,wBAAwB;UACvC,GAAG;AAEV,QAAM,IAAI,MACR,0CACM,MAAM,OAAO,YAAY,EAAE,IAAI,CAAC,qIAGtC,EAAC,OAAO,GAAE,CACX;;AAEH,QAAO;EAAC,aAAa;EAAQ;EAAK;;AAGpC,SAAgB,2BACd,IACA,SACA,OACA,SACA,QACoD;AACpD,KAAI,YAAY,KACd,QAAO;EACL,aAAa,gBAAgB,IAAI,SAAS,OAAO,OAAO;EACxD,SAAS;EACV;CAEH,MAAM,EAAC,SAAQ,QAAQ,IAAI,qBAAqB,MAAM,eAAe;AACrE,QAAO,SAAS,QAAQ,OACpB;EAAC,aAAa;EAAS,SAAS;EAAM,GACtC;EAAC,aAAa,gBAAgB,IAAI,SAAS,OAAO,OAAO;EAAE,SAAS;EAAK;;AAG/E,SAAgB,UAAU,IAAgB,SAA2B;CACnE,MAAM,QAAQ,gBAAgB,IAAI,SAAS,EACzC,2BAA2B,OAC5B,CAAC;AAUF,QAAO;EACL,QAVa,OAAO,YACpB,CAAC,GAAG,MAAM,QAAQ,CAAC,CAAC,KAAI,UAAS;GAC/B,MAAM,EACJ,WAAW,EAAC,MAAM,cAClB,SAAS,YACP;AACJ,UAAO,CAAC,MAAM;IAAC;IAAM;IAAS;IAAW,CAAuB;IAChE,CACH;EAGC,eAAe,EAAE;EAClB"}
1
+ {"version":3,"file":"load-permissions.js","names":[],"sources":["../../../../../zero-cache/src/auth/load-permissions.ts"],"sourcesContent":["import type {LogContext} from '@rocicorp/logger';\nimport * as v from '../../../shared/src/valita.ts';\nimport {\n permissionsConfigSchema,\n type PermissionsConfig,\n} from '../../../zero-schema/src/compiled-permissions.ts';\nimport type {TableSchema} from '../../../zero-schema/src/table-schema.ts';\nimport type {Schema} from '../../../zero-types/src/schema.ts';\nimport type {Database} from '../../../zqlite/src/db.ts';\nimport type {ZeroConfig} from '../config/zero-config.ts';\nimport {computeZqlSpecs} from '../db/lite-tables.ts';\nimport type {StatementRunner} from '../db/statements.ts';\nimport {elide} from '../types/strings.ts';\n\nexport type LoadedPermissions = {\n permissions: PermissionsConfig | null;\n hash: string | null;\n};\n\nexport function loadPermissions(\n lc: LogContext,\n replica: StatementRunner,\n appID: string,\n config?: ZeroConfig,\n): LoadedPermissions {\n const {permissions, hash} = replica.get(\n `SELECT permissions, hash FROM \"${appID}.permissions\"`,\n );\n if (permissions === null) {\n const hasCustomEndpoints =\n config !== undefined &&\n (config.push?.url !== undefined || config.mutate?.url !== undefined) &&\n (config.query?.url !== undefined || config.getQueries?.url !== undefined);\n\n if (!hasCustomEndpoints) {\n const appIDFlag = appID === 'zero' ? '' : ` --app-id=${appID}`;\n lc.warn?.(\n `\\n\\n\\n` +\n `No upstream permissions deployed.\\n` +\n `Run 'npx zero-deploy-permissions${appIDFlag}' to enforce permissions.` +\n `\\n\\n\\n`,\n );\n }\n return {permissions, hash: null};\n }\n let obj;\n let parsed;\n try {\n obj = JSON.parse(permissions);\n parsed = v.parse(obj, permissionsConfigSchema);\n } catch (e) {\n // TODO: Plumb the --server-version and include in error message.\n throw new Error(\n `Could not parse upstream permissions: ` +\n `'${elide(String(permissions), 100)}'.\\n` +\n `This may happen if Permissions with a new internal format are ` +\n `deployed before the supporting server has been fully rolled out.`,\n {cause: e},\n );\n }\n return {permissions: parsed, hash};\n}\n\nexport function reloadPermissionsIfChanged(\n lc: LogContext,\n replica: StatementRunner,\n appID: string,\n current: LoadedPermissions | null,\n config?: ZeroConfig,\n): {permissions: LoadedPermissions; changed: boolean} {\n if (current === null) {\n return {\n permissions: loadPermissions(lc, replica, appID, config),\n changed: true,\n };\n }\n const {hash} = replica.get(`SELECT hash FROM \"${appID}.permissions\"`);\n return hash === current.hash\n ? {permissions: current, changed: false}\n : {permissions: loadPermissions(lc, replica, appID, config), changed: true};\n}\n\nexport function getSchema(lc: LogContext, replica: Database): Schema {\n const specs = computeZqlSpecs(lc, replica, {\n includeBackfillingColumns: false,\n });\n const tables = Object.fromEntries(\n Array.from(specs.values(), table => {\n const {\n tableSpec: {name, primaryKey},\n zqlSpec: columns,\n } = table;\n return [name, {name, columns, primaryKey} satisfies TableSchema];\n }),\n );\n return {\n tables,\n relationships: {}, // relationships are already denormalized in ASTs\n };\n}\n"],"mappings":";;;;;AAmBA,SAAgB,gBACd,IACA,SACA,OACA,QACmB;CACnB,MAAM,EAAC,aAAa,SAAQ,QAAQ,IAClC,kCAAkC,MAAM,eACzC;AACD,KAAI,gBAAgB,MAAM;AAMxB,MAAI,EAJF,WAAW,KAAA,MACV,OAAO,MAAM,QAAQ,KAAA,KAAa,OAAO,QAAQ,QAAQ,KAAA,OACzD,OAAO,OAAO,QAAQ,KAAA,KAAa,OAAO,YAAY,QAAQ,KAAA,KAExC;GACvB,MAAM,YAAY,UAAU,SAAS,KAAK,aAAa;AACvD,MAAG,OACD;;;;kCAEqC,UAAU,iCAEhD;;AAEH,SAAO;GAAC;GAAa,MAAM;GAAK;;CAElC,IAAI;CACJ,IAAI;AACJ,KAAI;AACF,QAAM,KAAK,MAAM,YAAY;AAC7B,WAAS,MAAQ,KAAK,wBAAwB;UACvC,GAAG;AAEV,QAAM,IAAI,MACR,0CACM,MAAM,OAAO,YAAY,EAAE,IAAI,CAAC,qIAGtC,EAAC,OAAO,GAAE,CACX;;AAEH,QAAO;EAAC,aAAa;EAAQ;EAAK;;AAGpC,SAAgB,2BACd,IACA,SACA,OACA,SACA,QACoD;AACpD,KAAI,YAAY,KACd,QAAO;EACL,aAAa,gBAAgB,IAAI,SAAS,OAAO,OAAO;EACxD,SAAS;EACV;CAEH,MAAM,EAAC,SAAQ,QAAQ,IAAI,qBAAqB,MAAM,eAAe;AACrE,QAAO,SAAS,QAAQ,OACpB;EAAC,aAAa;EAAS,SAAS;EAAM,GACtC;EAAC,aAAa,gBAAgB,IAAI,SAAS,OAAO,OAAO;EAAE,SAAS;EAAK;;AAG/E,SAAgB,UAAU,IAAgB,SAA2B;CACnE,MAAM,QAAQ,gBAAgB,IAAI,SAAS,EACzC,2BAA2B,OAC5B,CAAC;AAUF,QAAO;EACL,QAVa,OAAO,YACpB,MAAM,KAAK,MAAM,QAAQ,GAAE,UAAS;GAClC,MAAM,EACJ,WAAW,EAAC,MAAM,cAClB,SAAS,YACP;AACJ,UAAO,CAAC,MAAM;IAAC;IAAM;IAAS;IAAW,CAAuB;IAChE,CACH;EAGC,eAAe,EAAE;EAClB"}
package/out/zero-cache/src/config/zero-config.d.ts CHANGED
@@ -76,9 +76,18 @@ declare const authOptions: {
76
76
  desc: string[];
77
77
  deprecated: string[];
78
78
  };
79
+ revalidateIntervalSeconds: {
80
+ type: v.Optional<number>;
81
+ desc: string[];
82
+ };
83
+ retransformIntervalSeconds: {
84
+ type: v.Optional<number>;
85
+ desc: string[];
86
+ };
79
87
  };
80
- /** @deprecated */
81
88
  export type AuthConfig = Config<typeof authOptions>;
89
+ /** @deprecated used only by legacy JWT verification helpers */
90
+ export type LegacyJWTAuthConfig = Pick<AuthConfig, 'jwk' | 'jwksUrl' | 'secret' | 'issuer' | 'audience'>;
82
91
  export declare const zeroOptions: {
83
92
  upstream: {
84
93
  db: {
@@ -98,6 +107,10 @@ export declare const zeroOptions: {
98
107
  type: v.Optional<number>;
99
108
  hidden: boolean;
100
109
  };
110
+ pgReplicationSlotFailover: {
111
+ type: v.Optional<boolean>;
112
+ desc: string[];
113
+ };
101
114
  };
102
115
  /** @deprecated */
103
116
  push: {
@@ -189,6 +202,10 @@ export declare const zeroOptions: {
189
202
  desc: string[];
190
203
  };
191
204
  };
205
+ enableCrudMutations: {
206
+ type: v.Type<boolean>;
207
+ desc: string[];
208
+ };
192
209
  cvr: {
193
210
  db: {
194
211
  type: v.Optional<string>;
@@ -287,7 +304,6 @@ export declare const zeroOptions: {
287
304
  hidden: boolean;
288
305
  };
289
306
  };
290
- /** @deprecated */
291
307
  auth: {
292
308
  jwk: {
293
309
  type: v.Optional<string>;
@@ -314,6 +330,14 @@ export declare const zeroOptions: {
314
330
  desc: string[];
315
331
  deprecated: string[];
316
332
  };
333
+ revalidateIntervalSeconds: {
334
+ type: v.Optional<number>;
335
+ desc: string[];
336
+ };
337
+ retransformIntervalSeconds: {
338
+ type: v.Optional<number>;
339
+ desc: string[];
340
+ };
317
341
  };
318
342
  port: {
319
343
  type: v.Type<number>;
@@ -411,6 +435,14 @@ export declare const zeroOptions: {
411
435
  type: v.Optional<string>;
412
436
  desc: string[];
413
437
  };
438
+ executableV5: {
439
+ type: v.Optional<string>;
440
+ desc: string[];
441
+ };
442
+ restoreUsingV5: {
443
+ type: v.Type<boolean>;
444
+ desc: string[];
445
+ };
414
446
  configPath: {
415
447
  type: v.Type<string>;
416
448
  desc: string[];
@@ -477,6 +509,10 @@ export declare const zeroOptions: {
477
509
  hidden: boolean;
478
510
  desc: string[];
479
511
  };
512
+ textCopy: {
513
+ type: v.Type<boolean>;
514
+ desc: string[];
515
+ };
480
516
  };
481
517
  /** @deprecated */
482
518
  targetClientRowCount: {
package/out/zero-cache/src/config/zero-config.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"zero-config.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/config/zero-config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,EAGL,KAAK,MAAM,EACX,KAAK,YAAY,EAClB,MAAM,gCAAgC,CAAC;AACxC,OAAO,KAAK,CAAC,MAAM,+BAA+B,CAAC;AAUnD,OAAO,EAGL,KAAK,oBAAoB,EAC1B,MAAM,gBAAgB,CAAC;AACxB,YAAY,EAAC,SAAS,EAAC,MAAM,kCAAkC,CAAC;AAEhE,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAE3C,eAAO,MAAM,UAAU;;;;;;;;;CA+CtB,CAAC;AAEF,eAAO,MAAM,YAAY;;;;;;;;;;CAwBxB,CAAC;AAEF,QAAA,MAAM,cAAc;;;;;;;;;CAmBnB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,cAAc,CAAC,CAAC;AAE3D,QAAA,MAAM,oBAAoB;;;;;;;;;CAczB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAE5D,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;CAgDhB,CAAC;AAuGF,kBAAkB;AAClB,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,WAAW,CAAC,CAAC;AAKpD,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;IAwCtB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAGlB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAuHlB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QA6ChB,kBAAkB;;;;;;QASlB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA4UpB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgEnB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,WAAW,CAAC,CAAC;AAIpD,wBAAgB,aAAa,CAC3B,IAAI,GAAE,IAAI,CAAC,YAAY,EAAE,eAAe,CAAM,GAC7C,UAAU,CAaZ;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,GAAE,IAAI,CAAC,YAAY,EAAE,eAAe,CAAM,GAC7C,oBAAoB,CAItB;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,GAAG,SAAS,GACpD,MAAM,CAER;AAED,wBAAgB,oBAAoB,CAClC,EAAE,EAAE,UAAU,EACd,MAAM,EAAE,IAAI,CAAC,oBAAoB,EAAE,eAAe,CAAC,EACnD,QAAQ,EAAE,MAAM,GAAG,SAAS,WAwC7B;AAYD,wBAAgB,kBAAkB,SAEjC"}
1
+ {"version":3,"file":"zero-config.d.ts","sourceRoot":"","sources":["../../../../../zero-cache/src/config/zero-config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAGjD,OAAO,EAGL,KAAK,MAAM,EACX,KAAK,YAAY,EAClB,MAAM,gCAAgC,CAAC;AACxC,OAAO,KAAK,CAAC,MAAM,+BAA+B,CAAC;AAUnD,OAAO,EAGL,KAAK,oBAAoB,EAC1B,MAAM,gBAAgB,CAAC;AACxB,YAAY,EAAC,SAAS,EAAC,MAAM,kCAAkC,CAAC;AAEhE,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAE3C,eAAO,MAAM,UAAU;;;;;;;;;CA+CtB,CAAC;AAEF,eAAO,MAAM,YAAY;;;;;;;;;;CAwBxB,CAAC;AAEF,QAAA,MAAM,cAAc;;;;;;;;;CAmBnB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,cAAc,CAAC,CAAC;AAE3D,QAAA,MAAM,oBAAoB;;;;;;;;;CAczB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAE5D,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8DhB,CAAC;AAuGF,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,WAAW,CAAC,CAAC;AAEpD,+DAA+D;AAC/D,MAAM,MAAM,mBAAmB,GAAG,IAAI,CACpC,UAAU,EACV,KAAK,GAAG,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,CACrD,CAAC;AAKF,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;IAsDtB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAGlB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QA4KhB,kBAAkB;;;;;;QASlB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA2WpB,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgEnB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,WAAW,CAAC,CAAC;AAIpD,wBAAgB,aAAa,CAC3B,IAAI,GAAE,IAAI,CAAC,YAAY,EAAE,eAAe,CAAM,GAC7C,UAAU,CAaZ;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,GAAE,IAAI,CAAC,YAAY,EAAE,eAAe,CAAM,GAC7C,oBAAoB,CAItB;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,GAAG,SAAS,GACpD,MAAM,CAER;AAED,wBAAgB,oBAAoB,CAClC,EAAE,EAAE,UAAU,EACd,MAAM,EAAE,IAAI,CAAC,oBAAoB,EAAE,eAAe,CAAC,EACnD,QAAQ,EAAE,MAAM,GAAG,SAAS,WAwC7B;AAYD,wBAAgB,kBAAkB,SAEjC"}
package/out/zero-cache/src/config/zero-config.js CHANGED
@@ -126,6 +126,14 @@ var authOptions = {
126
126
  type: valita_exports.string().optional(),
127
127
  desc: [`Expected audience ({bold aud} claim) for JWT validation.`, `If set, tokens with a different or missing audience will be rejected.`],
128
128
  deprecated: [`Use cookie-based authentication or an auth token instead - see https://zero.rocicorp.dev/docs/auth.`]
129
+ },
130
+ revalidateIntervalSeconds: {
131
+ type: valita_exports.number().optional(),
132
+ desc: [`The interval in seconds between periodic /query auth revalidation for validated connections.`, `If unset, periodic auth revalidation is disabled.`]
133
+ },
134
+ retransformIntervalSeconds: {
135
+ type: valita_exports.number().optional(),
136
+ desc: [`The interval in seconds between periodic shared /query retransform work for a client group.`, `If unset, periodic shared retransform is disabled.`]
129
137
  }
130
138
  };
131
139
  var makeDeprecationMessage = (flag) => `Use {bold ${flagToEnv(ZERO_ENV_VAR_PREFIX, flag)}} (or {bold --${flag}}) instead.`;
@@ -236,12 +244,33 @@ var zeroOptions = {
236
244
  maxConnsPerWorker: {
237
245
  type: valita_exports.number().optional(),
238
246
  hidden: true
247
+ },
248
+ pgReplicationSlotFailover: {
249
+ type: valita_exports.boolean().optional(),
250
+ desc: [
251
+ `For upstream Postgres versions 17+, creates replication slots with the`,
252
+ `{bold failover} parameter set to {bold true} to enable slot synchronization`,
253
+ `and failover. Note that additional Postgres-level configuration is necessary`,
254
+ `when enabling this option. For details, see:`,
255
+ ``,
256
+ `https://www.postgresql.org/docs/current/logicaldecoding-explanation.html#LOGICALDECODING-REPLICATION-SLOTS-SYNCHRONIZATION`,
257
+ ``,
258
+ `(Note that this option has no effect for Postgres versions before 17.)`
259
+ ]
239
260
  }
240
261
  },
241
262
  push: pushOptions,
242
263
  mutate: mutateOptions,
243
264
  getQueries: getQueriesOptions,
244
265
  query: queryOptions,
266
+ enableCrudMutations: {
267
+ type: valita_exports.boolean().default(true),
268
+ desc: [
269
+ `Enables support for legacy CRUD mutations. When this is {bold false}, no connections`,
270
+ `are made from view-syncers to the upstream db, and push messages with CRUD mutations`,
271
+ `result in an InvalidPush response.`
272
+ ]
273
+ },
245
274
  cvr: {
246
275
  db: {
247
276
  type: valita_exports.string().optional(),
@@ -544,7 +573,25 @@ var zeroOptions = {
544
573
  litestream: {
545
574
  executable: {
546
575
  type: valita_exports.string().optional(),
547
- desc: [`Path to the {bold litestream} executable.`]
576
+ desc: [
577
+ `Path to the {bold litestream} executable. This must be built from the`,
578
+ `{bold rocicorp/litestream} fork. Support for the official binary at v0.5.x`,
579
+ `is planned.`
580
+ ]
581
+ },
582
+ executableV5: {
583
+ type: valita_exports.string().optional(),
584
+ desc: [
585
+ `The v0.5.x litestream executable which is used for restoring the backup`,
586
+ `backup when {bold ZERO_LITESTREAM_RESTORE_USING_V5} is specified.`,
587
+ `litestream v0.5.8+ can restore from both v0.3.x and v0.5.x backup formats,`,
588
+ `affording forwards compatibility with a future zero-cache`,
589
+ `version that will use litestream v0.5.x to backup the replica.`
590
+ ]
591
+ },
592
+ restoreUsingV5: {
593
+ type: valita_exports.boolean().default(false),
594
+ desc: [`Restores the backup using the {bold ZERO_LITESTREAM_EXECUTABLE_V5} if specified.`]
548
595
  },
549
596
  configPath: {
550
597
  type: valita_exports.string().default("./src/services/litestream/config.yml"),
@@ -661,6 +708,14 @@ var zeroOptions = {
661
708
  type: valita_exports.boolean().optional(),
662
709
  hidden: true,
663
710
  desc: [`Takes a cpu profile during the copy phase initial-sync, storing it as a JSON file`, `initial-copy.cpuprofile in the tmp directory.`]
711
+ },
712
+ textCopy: {
713
+ type: valita_exports.boolean().default(false),
714
+ desc: [
715
+ `Use text-format COPY instead of binary COPY for the initial sync.`,
716
+ `This is slower but can work around issues with binary encoding of`,
717
+ `certain data types.`
718
+ ]
664
719
  }
665
720
  },
666
721
  targetClientRowCount: {