@rocicorp/zero 1.4.0-canary.6 → 1.5.0-canary.0

package/out/zero-cache/src/services/view-syncer/connection-context-manager.d.ts

@@ -5,6 +5,24 @@ import { type Auth, type ValidateLegacyJWT } from '../../auth/auth.ts';
 import type { ZeroConfig } from '../../config/zero-config.ts';
 import type { ConnectParams } from '../../workers/connect-params.ts';
 export type ConnectionState = 'provisional' | 'validated';
+/**
+ * Normalized user identity shared by live connection state and group auth state.
+ * `id: null` means logged out.
+ */
+export type UserState = {
+    readonly id: string | null;
+};
+/**
+ * Delineates the two paths for validating a connection: either server can validate
+ * the user's identity and return a definitive userID to trust, or we fall back to
+ * trusting the one provided by the client in the incoming query params.
+ */
+export type ConnectionValidation = {
+    kind: 'client-fallback';
+} | {
+    kind: 'server-validated';
+    validatedUserID: string | null;
+};
 /**
  * Identifies one live websocket for a client slot.
  */
@@ -14,16 +32,16 @@ export type ConnectionSelector = {
 };
 type FetchConfig = ZeroConfig['query'];
 export type HeaderOptions = {
-    apiKey?: string | undefined;
-    customHeaders?: Record<string, string> | undefined;
-    allowedClientHeaders?: readonly string[] | undefined;
-    cookie?: string | undefined;
-    origin?: string | undefined;
+    readonly apiKey?: string | undefined;
+    readonly customHeaders?: Readonly<Record<string, string>> | undefined;
+    readonly allowedClientHeaders?: readonly string[] | undefined;
+    readonly cookie?: string | undefined;
+    readonly origin?: string | undefined;
 };
 export type ConnectionFetchContext = {
-    url: string | undefined;
-    allowedUrlPatterns: URLPattern[] | undefined;
-    headerOptions: HeaderOptions;
+    readonly url: string | undefined;
+    readonly allowedUrlPatterns: readonly URLPattern[] | undefined;
+    readonly headerOptions: HeaderOptions;
 };
 /**
  * A snapshot of one live connection tracked by the manager.
@@ -31,19 +49,19 @@ export type ConnectionFetchContext = {
  * `revalidateAt` is only populated while the connection is `validated`.
  */
 export type ConnectionContext = {
-    state: ConnectionState;
+    readonly state: ConnectionState;
     readonly clientID: string;
     readonly wsID: string;
-    readonly userID: string | undefined;
-    auth: Auth | undefined;
+    readonly user: UserState;
+    readonly auth: Auth | undefined;
     readonly profileID: string | null;
     readonly baseCookie: string | null;
     readonly protocolVersion: number;
-    revision: number;
-    revalidateAt: number | undefined;
+    readonly revision: number;
+    readonly revalidateAt: number | undefined;
     readonly insertionOrder: number;
     readonly queryContext: ConnectionFetchContext;
-    readonly pushContext: ConnectionFetchContext;
+    readonly mutateContext: ConnectionFetchContext;
 };
 /**
  * Group-scoped auth state shared across the live connections.
@@ -51,22 +69,18 @@ export type ConnectionContext = {
  * The background connection is the validated connection currently used for
  * shared background work. Retransform happens on a group level, and uses
  * the background connection's credential to refetch the latest queries.
- *
- * Since auth can be pinned to logged-out users, `userID` can be undefined
- * even after validation.
  */
 export type GroupAuthState = {
-    userID: string | undefined;
-    validated: boolean;
-    backgroundConnection: ConnectionSelector | undefined;
-    retransformAt: number | undefined;
-    maintenanceNotBeforeAt: number | undefined;
+    readonly pinnedUser: UserState | undefined;
+    readonly backgroundConnection: ConnectionSelector | undefined;
+    readonly retransformAt: number | undefined;
+    readonly maintenanceNotBeforeAt: number | undefined;
 };
 export type ConnectionContextManager = {
     registerConnection(selector: ConnectionSelector, connectParams: ConnectParams, auth?: Auth): Readonly<ConnectionContext>;
     initConnection(selector: ConnectionSelector, body: InitConnectionBody): Readonly<ConnectionContext>;
     updateAuth(selector: ConnectionSelector, body: UpdateAuthBody): Promise<Readonly<ConnectionContext>>;
-    validateConnection(selector: ConnectionSelector, revision: number): Readonly<{
+    validateConnection(selector: ConnectionSelector, revision: number, validation: ConnectionValidation): Readonly<{
         connection: ConnectionContext;
         group: GroupAuthState;
     }> | undefined;
@@ -90,10 +104,8 @@ export type ConnectionContextManager = {
  *
  * Connections are registered as `provisional`, optionally backfilled with
  * `initConnection` metadata, and then promoted to `validated` once their
- * stored `userID` is confirmed as valid. The manager also tracks which
+ * effective `userID` is confirmed as valid. The manager also tracks which
  * validated connection currently serves as the group's background connection.
- *
- * This is intentionally side-effect free.
  */
 export declare class ConnectionContextManagerImpl implements ConnectionContextManager {
     #private;
@@ -126,7 +138,7 @@ export declare class ConnectionContextManagerImpl implements ConnectionContextMa
      * background connection if none is currently available. If the websocket is
      * gone by the time async validation finishes, this becomes a no-op.
      */
-    validateConnection(selector: ConnectionSelector, revision: number): Readonly<{
+    validateConnection(selector: ConnectionSelector, revision: number, validation: ConnectionValidation): Readonly<{
         connection: ConnectionContext;
         group: GroupAuthState;
     }> | undefined;

package/out/zero-cache/src/services/view-syncer/connection-context-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"connection-context-manager.d.ts","sourceRoot":"","sources":["../../../../../../zero-cache/src/services/view-syncer/connection-context-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EAAC,kBAAkB,EAAC,MAAM,0CAA0C,CAAC;AAGjF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,8CAA8C,CAAC;AACjF,OAAO,EAGL,KAAK,IAAI,EACT,KAAK,iBAAiB,EACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,6BAA6B,CAAC;AAG5D,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,iCAAiC,CAAC;AAEnE,MAAM,MAAM,eAAe,GAAG,aAAa,GAAG,WAAW,CAAC;AAE1D;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;AAEvC,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,CAAC;IACnD,oBAAoB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAC;IACrD,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7B,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,GAAG,EAAE,MAAM,GAAG,SAAS,CAAC;IACxB,kBAAkB,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC;IAC7C,aAAa,EAAE,aAAa,CAAC;CAC9B,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,KAAK,EAAE,eAAe,CAAC;IAEvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAEpC,IAAI,EAAE,IAAI,GAAG,SAAS,CAAC;IAEvB,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IAEjC,QAAQ,EAAE,MAAM,CAAC;IAEjB,YAAY,EAAE,MAAM,GAAG,SAAS,CAAC;IAEjC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC,QAAQ,CAAC,YAAY,EAAE,sBAAsB,CAAC;IAC9C,QAAQ,CAAC,WAAW,EAAE,sBAAsB,CAAC;CAC9C,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,SAAS,EAAE,OAAO,CAAC;IAEnB,oBAAoB,EAAE,kBAAkB,GAAG,SAAS,CAAC;IACrD,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;IAElC,sBAAsB,EAAE,MAAM,GAAG,SAAS,CAAC;CAC5C,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,kBAAkB,CAChB,QAAQ,EAAE,kBAAkB,EAC5B,aAAa,EAAE,aAAa,EAC5B,IAAI,CAAC,EAAE,IAAI,GACV,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAE/B,cAAc,CACZ,QAAQ,EAAE,kBAAkB,EAC5B,IAAI,EAAE,kBAAkB,GACvB,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAE/B,UAAU,CACR,QAAQ,EAAE,kBAAkB,EAC5B,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAExC,kBAAkB,CAChB,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,GAEd,QAAQ,CAAC;QACP,UAAU,EAAE,iBAAiB,CAAC;QAC9B,KAAK,EAAE,cAAc,CAAC;KACvB,CAAC,GACF,SAAS,CAAC;IAEd,cAAc,CACZ,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,GACf,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;IAC3C,eAAe,CACb,QAAQ,EAAE,kBAAkB,GAC3B,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;IAE3C,gCAAgC,CAC9B,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,GACf,IAAI,CAAC;IAER,gBAAgB,CAAC,IAAI,EAAE,YAAY,GAAG,aAAa,GAAG,IAAI,CAAC;IAE3D,oBAAoB,CAClB,QAAQ,EAAE,kBAAkB,GAC3B,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;IAC3C,wBAAwB,CACtB,QAAQ,EAAE,kBAAkB,GAC3B,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAE/B,8BAA8B,IAAI,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;IAC1E,kCAAkC,IAAI,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAElE,aAAa,IAAI,QAAQ,CAAC,cAAc,CAAC,CAAC;IAE1C,eAAe,IAAI;QACjB,gBAAgB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAChD,cAAc,EAAE,OAAO,CAAC;QACxB,kBAAkB,EAAE,MAAM,GAAG,SAAS,CAAC;KACxC,CAAC;CACH,CAAC;AAEF;;;;;;;;;GASG;AACH,qBAAa,4BAA6B,YAAW,wBAAwB;;gBAuBzE,EAAE,EAAE,UAAU,EACd,yBAAyB,CAAC,EAAE,MAAM,EAClC,0BAA0B,CAAC,EAAE,MAAM,EACnC,WAAW,CAAC,EAAE,WAAW,EACzB,UAAU,CAAC,EAAE,WAAW,EACxB,iBAAiB,CAAC,EAAE,iBAAiB,EACrC,GAAG,CAAC,EAAE,MAAM,MAAM;IAiBpB;;;;;OAKG;IACH,kBAAkB,CAChB,QAAQ,EAAE,kBAAkB,EAC5B,aAAa,EAAE,aAAa,EAC5B,IAAI,CAAC,EAAE,IAAI,GACV,QAAQ,CAAC,iBAAiB,CAAC;IA0D9B;;;;;OAKG;IACH,cAAc,CACZ,QAAQ,EAAE,kBAAkB,EAC5B,IAAI,EAAE,kBAAkB,GACvB,QAAQ,CAAC,iBAAiB,CAAC;IAuB9B;;;OAGG;IACG,UAAU,CACd,QAAQ,EAAE,kBAAkB,EAC5B,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAqBvC;;;;;;;;OAQG;IACH,kBAAkB,CAChB,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,GAEd,QAAQ,CAAC;QACP,UAAU,EAAE,iBAAiB,CAAC;QAC9B,KAAK,EAAE,cAAc,CAAC;KACvB,CAAC,GACF,SAAS;IA2Cb,mGAAmG;IACnG,cAAc,CACZ,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,GACf,iBAAiB,GAAG,SAAS;IAIhC,6FAA6F;IAC7F,eAAe,CAAC,QAAQ,EAAE,kBAAkB,GAAG,iBAAiB,GAAG,SAAS;IAI5E;;;;OAIG;IACH,gCAAgC,CAC9B,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,GACf,IAAI;IAgBP,gBAAgB,CAAC,IAAI,EAAE,YAAY,GAAG,aAAa,GAAG,IAAI;IAc1D,iEAAiE;IACjE,oBAAoB,CAClB,QAAQ,EAAE,kBAAkB,GAC3B,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS;IAI1C,gFAAgF;IAChF,wBAAwB,CACtB,QAAQ,EAAE,kBAAkB,GAC3B,QAAQ,CAAC,iBAAiB,CAAC;IAI9B,gEAAgE;IAChE,8BAA8B,IAAI,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS;IAIzE,kCAAkC,IAAI,QAAQ,CAAC,iBAAiB,CAAC;IAgBjE,2CAA2C;IAC3C,aAAa,IAAI,QAAQ,CAAC,cAAc,CAAC;IAIzC;;;;;;;OAOG;IACH,eAAe,IAAI;QACjB,gBAAgB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAChD,cAAc,EAAE,OAAO,CAAC;QACxB,kBAAkB,EAAE,MAAM,GAAG,SAAS,CAAC;KACxC;CAiNF"}
+{"version":3,"file":"connection-context-manager.d.ts","sourceRoot":"","sources":["../../../../../../zero-cache/src/services/view-syncer/connection-context-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EAAC,kBAAkB,EAAC,MAAM,0CAA0C,CAAC;AAGjF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,8CAA8C,CAAC;AACjF,OAAO,EAGL,KAAK,IAAI,EACT,KAAK,iBAAiB,EACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,6BAA6B,CAAC;AAG5D,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,iCAAiC,CAAC;AAEnE,MAAM,MAAM,eAAe,GAAG,aAAa,GAAG,WAAW,CAAC;AAE1D;;;GAGG;AACH,MAAM,MAAM,SAAS,GAAG;IAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,CAAC;AAErD;;;;GAIG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IAAC,IAAI,EAAE,iBAAiB,CAAA;CAAC,GACzB;IAAC,IAAI,EAAE,kBAAkB,CAAC;IAAC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;CAAC,CAAC;AAE/D;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,KAAK,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;AAEvC,MAAM,MAAM,aAAa,GAAG;IAC1B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,aAAa,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,GAAG,SAAS,CAAC;IACtE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,CAAC;IAC9D,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACrC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CACtC,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAAC;IACjC,QAAQ,CAAC,kBAAkB,EAAE,SAAS,UAAU,EAAE,GAAG,SAAS,CAAC;IAC/D,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;CACvC,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,QAAQ,CAAC,KAAK,EAAE,eAAe,CAAC;IAEhC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;IAEzB,QAAQ,CAAC,IAAI,EAAE,IAAI,GAAG,SAAS,CAAC;IAEhC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IAEjC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAE1B,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,SAAS,CAAC;IAE1C,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAEhC,QAAQ,CAAC,YAAY,EAAE,sBAAsB,CAAC;IAC9C,QAAQ,CAAC,aAAa,EAAE,sBAAsB,CAAC;CAChD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,QAAQ,CAAC,UAAU,EAAE,SAAS,GAAG,SAAS,CAAC;IAE3C,QAAQ,CAAC,oBAAoB,EAAE,kBAAkB,GAAG,SAAS,CAAC;IAC9D,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;IAE3C,QAAQ,CAAC,sBAAsB,EAAE,MAAM,GAAG,SAAS,CAAC;CACrD,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,kBAAkB,CAChB,QAAQ,EAAE,kBAAkB,EAC5B,aAAa,EAAE,aAAa,EAC5B,IAAI,CAAC,EAAE,IAAI,GACV,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAE/B,cAAc,CACZ,QAAQ,EAAE,kBAAkB,EAC5B,IAAI,EAAE,kBAAkB,GACvB,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAE/B,UAAU,CACR,QAAQ,EAAE,kBAAkB,EAC5B,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAExC,kBAAkB,CAChB,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,oBAAoB,GAE9B,QAAQ,CAAC;QACP,UAAU,EAAE,iBAAiB,CAAC;QAC9B,KAAK,EAAE,cAAc,CAAC;KACvB,CAAC,GACF,SAAS,CAAC;IAEd,cAAc,CACZ,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,GACf,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;IAC3C,eAAe,CACb,QAAQ,EAAE,kBAAkB,GAC3B,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;IAE3C,gCAAgC,CAC9B,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,GACf,IAAI,CAAC;IAER,gBAAgB,CAAC,IAAI,EAAE,YAAY,GAAG,aAAa,GAAG,IAAI,CAAC;IAE3D,oBAAoB,CAClB,QAAQ,EAAE,kBAAkB,GAC3B,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;IAC3C,wBAAwB,CACtB,QAAQ,EAAE,kBAAkB,GAC3B,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAE/B,8BAA8B,IAAI,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;IAC1E,kCAAkC,IAAI,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IAElE,aAAa,IAAI,QAAQ,CAAC,cAAc,CAAC,CAAC;IAE1C,eAAe,IAAI;QACjB,gBAAgB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAChD,cAAc,EAAE,OAAO,CAAC;QACxB,kBAAkB,EAAE,MAAM,GAAG,SAAS,CAAC;KACxC,CAAC;CACH,CAAC;AAEF;;;;;;;GAOG;AACH,qBAAa,4BAA6B,YAAW,wBAAwB;;gBAsBzE,EAAE,EAAE,UAAU,EACd,yBAAyB,CAAC,EAAE,MAAM,EAClC,0BAA0B,CAAC,EAAE,MAAM,EACnC,WAAW,CAAC,EAAE,WAAW,EACzB,UAAU,CAAC,EAAE,WAAW,EACxB,iBAAiB,CAAC,EAAE,iBAAiB,EACrC,GAAG,CAAC,EAAE,MAAM,MAAM;IAiBpB;;;;;OAKG;IACH,kBAAkB,CAChB,QAAQ,EAAE,kBAAkB,EAC5B,aAAa,EAAE,aAAa,EAC5B,IAAI,CAAC,EAAE,IAAI,GACV,QAAQ,CAAC,iBAAiB,CAAC;IA+C9B;;;;;OAKG;IACH,cAAc,CACZ,QAAQ,EAAE,kBAAkB,EAC5B,IAAI,EAAE,kBAAkB,GACvB,QAAQ,CAAC,iBAAiB,CAAC;IA6C9B;;;OAGG;IACG,UAAU,CACd,QAAQ,EAAE,kBAAkB,EAC5B,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IA8BvC;;;;;;;;OAQG;IACH,kBAAkB,CAChB,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,oBAAoB,GAE9B,QAAQ,CAAC;QACP,UAAU,EAAE,iBAAiB,CAAC;QAC9B,KAAK,EAAE,cAAc,CAAC;KACvB,CAAC,GACF,SAAS;IA+Eb,mGAAmG;IACnG,cAAc,CACZ,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,GACf,iBAAiB,GAAG,SAAS;IAIhC,6FAA6F;IAC7F,eAAe,CAAC,QAAQ,EAAE,kBAAkB,GAAG,iBAAiB,GAAG,SAAS;IAI5E;;;;OAIG;IACH,gCAAgC,CAC9B,QAAQ,EAAE,kBAAkB,EAC5B,QAAQ,EAAE,MAAM,GACf,IAAI;IAeP,gBAAgB,CAAC,IAAI,EAAE,YAAY,GAAG,aAAa,GAAG,IAAI;IAiB1D,iEAAiE;IACjE,oBAAoB,CAClB,QAAQ,EAAE,kBAAkB,GAC3B,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS;IAI1C,gFAAgF;IAChF,wBAAwB,CACtB,QAAQ,EAAE,kBAAkB,GAC3B,QAAQ,CAAC,iBAAiB,CAAC;IAI9B,gEAAgE;IAChE,8BAA8B,IAAI,QAAQ,CAAC,iBAAiB,CAAC,GAAG,SAAS;IAIzE,kCAAkC,IAAI,QAAQ,CAAC,iBAAiB,CAAC;IAgBjE,2CAA2C;IAC3C,aAAa,IAAI,QAAQ,CAAC,cAAc,CAAC;IAIzC;;;;;;;OAOG;IACH,eAAe,IAAI;QACjB,gBAAgB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAChD,cAAc,EAAE,OAAO,CAAC;QACxB,kBAAkB,EAAE,MAAM,GAAG,SAAS,CAAC;KACxC;CA0PF"}

package/out/zero-cache/src/services/view-syncer/connection-context-manager.js

@@ -9,20 +9,17 @@ import { authEquals, resolveAuth } from "../../auth/auth.js";
 *
 * Connections are registered as `provisional`, optionally backfilled with
 * `initConnection` metadata, and then promoted to `validated` once their
-* stored `userID` is confirmed as valid. The manager also tracks which
+* effective `userID` is confirmed as valid. The manager also tracks which
 * validated connection currently serves as the group's background connection.
-*
-* This is intentionally side-effect free.
 */
 var ConnectionContextManagerImpl = class {
 	#lc;
 	#connections = /* @__PURE__ */ new Map();
 	#group = {
-		userID: void 0,
+		pinnedUser: void 0,
 		backgroundConnection: void 0,
 		retransformAt: void 0,
-		maintenanceNotBeforeAt: void 0,
-		validated: false
+		maintenanceNotBeforeAt: void 0
 	};
 	#validateLegacyJWT;
 	#now;
@@ -48,49 +45,39 @@ var ConnectionContextManagerImpl = class {
 	*/
 	registerConnection(selector, connectParams, auth) {
 		this.#removeConnection(selector);
-		const sharedHeaders = {
-			customHeaders: void 0,
-			token: auth?.raw,
-			origin: connectParams.origin,
-			userID: connectParams.userID
+		const getContext = (type) => {
+			const config = type === "query" ? this.#queryConfig : this.#pushConfig;
+			return {
+				url: config?.url?.[0],
+				allowedUrlPatterns: config?.url?.map(compileUrlPattern),
+				headerOptions: {
+					customHeaders: void 0,
+					origin: connectParams.origin,
+					apiKey: config?.apiKey,
+					allowedClientHeaders: cloneAllowedClientHeaders(config?.allowedClientHeaders),
+					cookie: config?.forwardCookies ? connectParams.httpCookie : void 0
+				}
+			};
 		};
 		const connection = {
 			state: "provisional",
 			clientID: connectParams.clientID,
 			wsID: connectParams.wsID,
 			revision: 0,
-			userID: connectParams.userID,
+			user: { id: connectParams.userID ?? null },
 			auth,
 			profileID: connectParams.profileID,
 			baseCookie: connectParams.baseCookie,
 			protocolVersion: connectParams.protocolVersion,
 			revalidateAt: void 0,
-			queryContext: {
-				url: this.#queryConfig?.url?.[0],
-				allowedUrlPatterns: this.#queryConfig?.url?.map(compileUrlPattern),
-				headerOptions: {
-					...sharedHeaders,
-					apiKey: this.#queryConfig?.apiKey,
-					allowedClientHeaders: this.#queryConfig?.allowedClientHeaders,
-					cookie: this.#queryConfig?.forwardCookies ? connectParams.httpCookie : void 0
-				}
-			},
-			pushContext: {
-				url: this.#pushConfig?.url?.[0],
-				allowedUrlPatterns: this.#pushConfig?.url?.map(compileUrlPattern),
-				headerOptions: {
-					...sharedHeaders,
-					apiKey: this.#pushConfig?.apiKey,
-					allowedClientHeaders: this.#pushConfig?.allowedClientHeaders,
-					cookie: this.#pushConfig?.forwardCookies ? connectParams.httpCookie : void 0
-				}
-			},
+			queryContext: getContext("query"),
+			mutateContext: getContext("mutate"),
 			insertionOrder: ++this.#nextInsertionOrder
 		};
-		this.#connections.set(connection.clientID, connection);
+		this.#storeConnection(connection);
 		this.#refreshBackgroundConnectionContext();
 		this.#updateBackgroundRetransformDeadline(false);
-		return snapshotConnection(connection);
+		return connection;
 	}
 	/**
 	* Backfills `initConnection` data for sockets that were registered before the
@@ -100,13 +87,36 @@ var ConnectionContextManagerImpl = class {
 	*/
 	initConnection(selector, body) {
 		const connection = this.#mustGetConnectionContext(selector);
-		if (body.userQueryURL) connection.queryContext.url = body.userQueryURL;
-		if (body.userQueryHeaders) connection.queryContext.headerOptions.customHeaders = body.userQueryHeaders;
-		if (body.userPushURL) connection.pushContext.url = body.userPushURL;
-		if (body.userPushHeaders) connection.pushContext.headerOptions.customHeaders = body.userPushHeaders;
-		connection.revision++;
-		this.#demoteConnection(connection);
-		return snapshotConnection(connection);
+		let queryContext = connection.queryContext;
+		let mutateContext = connection.mutateContext;
+		if (body.userQueryURL) queryContext = {
+			...queryContext,
+			url: body.userQueryURL
+		};
+		if (body.userQueryHeaders) queryContext = {
+			...queryContext,
+			headerOptions: {
+				...queryContext.headerOptions,
+				customHeaders: cloneCustomHeaders(body.userQueryHeaders)
+			}
+		};
+		if (body.userPushURL) mutateContext = {
+			...mutateContext,
+			url: body.userPushURL
+		};
+		if (body.userPushHeaders) mutateContext = {
+			...mutateContext,
+			headerOptions: {
+				...mutateContext.headerOptions,
+				customHeaders: cloneCustomHeaders(body.userPushHeaders)
+			}
+		};
+		return this.#demoteConnection({
+			...connection,
+			revision: connection.revision + 1,
+			queryContext,
+			mutateContext
+		});
 	}
 	/**
 	* A material auth change demotes the connection back to provisional until it
@@ -114,14 +124,17 @@ var ConnectionContextManagerImpl = class {
 	*/
 	async updateAuth(selector, body) {
 		const connection = this.#mustGetConnectionContext(selector);
-		const nextAuth = await resolveAuth(this.#lc, connection.auth, connection.userID, body.auth, this.#validateLegacyJWT);
-		const authChanged = !authEquals(connection.auth, nextAuth);
-		connection.auth = nextAuth;
-		if (authChanged) {
-			connection.revision++;
-			this.#demoteConnection(connection);
-		}
-		return snapshotConnection(connection);
+		const nextAuth = await resolveAuth(this.#lc, connection.auth, connection.user.id, body.auth, this.#validateLegacyJWT);
+		if (!authEquals(connection.auth, nextAuth)) return this.#demoteConnection({
+			...connection,
+			auth: nextAuth,
+			revision: connection.revision + 1
+		});
+		if (nextAuth === connection.auth) return connection;
+		return this.#storeConnection({
+			...connection,
+			auth: nextAuth
+		});
 	}
 	/**
 	* Validates one connection against the group's pinned `userID`.
@@ -132,7 +145,7 @@ var ConnectionContextManagerImpl = class {
 	* background connection if none is currently available. If the websocket is
 	* gone by the time async validation finishes, this becomes a no-op.
 	*/
-	validateConnection(selector, revision) {
+	validateConnection(selector, revision, validation) {
 		const connection = this.#getConnectionContext(selector);
 		if (!connection) return;
 		if (connection.revision !== revision) {
@@ -143,21 +156,34 @@ var ConnectionContextManagerImpl = class {
 			});
 			return;
 		}
-		if (this.#group.validated && this.#group.userID !== connection.userID) throw new ProtocolErrorWithLevel({
+		let validatedUserState;
+		if (validation.kind === "server-validated") {
+			validatedUserState = { id: validation.validatedUserID };
+			if (connection.user.id !== validatedUserState.id) throw new ProtocolErrorWithLevel({
+				kind: Unauthorized,
+				message: "Connection userID does not match validated server userID.",
+				origin: ZeroCache
+			}, "warn");
+		}
+		const incomingUserState = validatedUserState ?? connection.user;
+		if (this.#group.pinnedUser !== void 0 && this.#group.pinnedUser.id !== incomingUserState.id) throw new ProtocolErrorWithLevel({
 			kind: Unauthorized,
 			message: "Client groups are pinned to a single userID. Connection userID does not match existing client group userID.",
 			origin: ZeroCache
 		}, "warn");
-		if (!this.#group.validated) {
-			this.#group.validated = true;
-			this.#group.userID = connection.userID;
-		}
-		connection.state = "validated";
-		connection.revalidateAt = this.#nextRevalidateAt();
-		this.#refreshBackgroundConnectionContext(connection);
+		if (this.#group.pinnedUser === void 0) this.#setGroup({
+			...this.#group,
+			pinnedUser: incomingUserState
+		});
+		const validatedConnection = this.#storeConnection({
+			...connection,
+			state: "validated",
+			revalidateAt: this.#nextRevalidateAt()
+		});
+		this.#refreshBackgroundConnectionContext(validatedConnection);
 		this.#updateBackgroundRetransformDeadline(false);
 		return {
-			connection: snapshotConnection(connection),
+			connection: validatedConnection,
 			group: this.getGroupState()
 		};
 	}
@@ -177,25 +203,28 @@ var ConnectionContextManagerImpl = class {
 	markBackgroundRetransformSuccess(selector, revision) {
 		const backgroundConnection = this.#getBackgroundConnectionContext();
 		if (!backgroundConnection) return;
-		if (selector !== void 0 && (backgroundConnection.clientID !== selector.clientID || backgroundConnection.wsID !== selector.wsID || backgroundConnection.revision !== revision)) return;
+		if (backgroundConnection.clientID !== selector.clientID || backgroundConnection.wsID !== selector.wsID || backgroundConnection.revision !== revision) return;
 		this.#updateBackgroundRetransformDeadline(true);
 	}
 	deferMaintenance(kind) {
 		const intervalMs = kind === "revalidate" ? this.#revalidateIntervalMs : this.#retransformIntervalMs;
 		if (intervalMs === void 0) return;
-		this.#group.maintenanceNotBeforeAt = Math.max(this.#group.maintenanceNotBeforeAt ?? 0, this.#now() + intervalMs);
+		this.#setGroup({
+			...this.#group,
+			maintenanceNotBeforeAt: Math.max(this.#group.maintenanceNotBeforeAt ?? 0, this.#now() + intervalMs)
+		});
 	}
 	/** Returns the current live record for a client slot, if any. */
 	getConnectionContext(selector) {
-		return snapshotConnection(this.#getConnectionContext(selector));
+		return this.#getConnectionContext(selector);
 	}
 	/** Returns the live record for one websocket or throws if it is unavailable. */
 	mustGetConnectionContext(selector) {
-		return snapshotConnection(this.#mustGetConnectionContext(selector));
+		return this.#mustGetConnectionContext(selector);
 	}
 	/** Returns the current background connection, if one exists. */
 	getBackgroundConnectionContext() {
-		return snapshotConnection(this.#getBackgroundConnectionContext());
+		return this.#getBackgroundConnectionContext();
 	}
 	mustGetBackgroundConnectionContext() {
 		const backgroundConnection = this.#getBackgroundConnectionContext();
@@ -208,7 +237,7 @@ var ConnectionContextManagerImpl = class {
 	}
 	/** Returns the shared group auth state. */
 	getGroupState() {
-		return snapshotGroup(this.#group);
+		return this.#group;
 	}
 	/**
 	* Reports which maintenance work is currently due.
@@ -224,7 +253,7 @@ var ConnectionContextManagerImpl = class {
 		let earliestDeadlineAt = this.#group.retransformAt;
 		for (const connection of this.#connections.values()) {
 			if (connection.state !== "validated" || connection.revalidateAt === void 0) continue;
-			if (connection.revalidateAt <= now) dueRevalidations.push(snapshotConnection(connection));
+			if (connection.revalidateAt <= now) dueRevalidations.push(connection);
 			earliestDeadlineAt = minDefined(earliestDeadlineAt, connection.revalidateAt);
 		}
 		const dueRetransform = this.#group.retransformAt !== void 0 && this.#group.retransformAt <= now;
@@ -252,17 +281,20 @@ var ConnectionContextManagerImpl = class {
 			});
 			return;
 		}
-		const snapshot = snapshotConnection(connection);
 		this.#connections.delete(connection.clientID);
 		this.#refreshBackgroundConnectionContext();
 		this.#updateBackgroundRetransformDeadline(false);
-		return snapshot;
+		return connection;
 	}
 	#demoteConnection(connection) {
-		connection.state = "provisional";
-		connection.revalidateAt = void 0;
+		const demotedConnection = this.#storeConnection({
+			...connection,
+			state: "provisional",
+			revalidateAt: void 0
+		});
 		this.#refreshBackgroundConnectionContext();
 		this.#updateBackgroundRetransformDeadline(false);
+		return demotedConnection;
 	}
 	/**
 	* Keeps the background connection sticky while it remains validated.
@@ -277,10 +309,10 @@ var ConnectionContextManagerImpl = class {
 			const currentBackgroundConnection = this.#getBackgroundConnectionContext();
 			if (currentBackgroundConnection?.clientID === preferred.clientID && currentBackgroundConnection.wsID === preferred.wsID) return;
 			if (currentBackgroundConnection !== void 0) return;
-			this.#group.backgroundConnection = {
+			this.#setBackgroundConnection({
 				clientID: preferred.clientID,
 				wsID: preferred.wsID
-			};
+			});
 			this.#lc.debug?.("Selected background connection for shared auth work", {
 				clientID: preferred.clientID,
 				wsID: preferred.wsID,
@@ -291,10 +323,10 @@ var ConnectionContextManagerImpl = class {
 		}
 		if (this.#getBackgroundConnectionContext()?.state === "validated") return;
 		const nextBackgroundConnection = [...this.#connections.values()].filter((connection) => connection.state === "validated").sort(comparePreferredValidatedConnection).at(0);
-		this.#group.backgroundConnection = nextBackgroundConnection ? {
+		this.#setBackgroundConnection(nextBackgroundConnection ? {
 			clientID: nextBackgroundConnection.clientID,
 			wsID: nextBackgroundConnection.wsID
-		} : void 0;
+		} : void 0);
 		if (nextBackgroundConnection) this.#lc.debug?.("Selected background connection for shared auth work", {
 			clientID: nextBackgroundConnection.clientID,
 			wsID: nextBackgroundConnection.wsID,
@@ -322,6 +354,21 @@ var ConnectionContextManagerImpl = class {
 		}, "warn");
 		return connection;
 	}
+	#storeConnection(connection) {
+		this.#connections.set(connection.clientID, connection);
+		return connection;
+	}
+	#setGroup(group) {
+		this.#group = group;
+		return group;
+	}
+	#setBackgroundConnection(backgroundConnection) {
+		if (sameConnectionSelector(this.#group.backgroundConnection, backgroundConnection)) return;
+		this.#setGroup({
+			...this.#group,
+			backgroundConnection: backgroundConnection ? { ...backgroundConnection } : void 0
+		});
+	}
 	/**
 	* Keeps the group background retransform deadline coherent with current
 	* schedulability.
@@ -333,41 +380,21 @@ var ConnectionContextManagerImpl = class {
 	*/
 	#updateBackgroundRetransformDeadline(reset) {
 		if (!this.#getBackgroundConnectionContext() || this.#retransformIntervalMs === void 0) {
-			this.#group.retransformAt = void 0;
+			if (this.#group.retransformAt !== void 0) this.#setGroup({
+				...this.#group,
+				retransformAt: void 0
+			});
 			return;
 		}
-		if (reset || this.#group.retransformAt === void 0) this.#group.retransformAt = this.#now() + this.#retransformIntervalMs;
+		if (reset || this.#group.retransformAt === void 0) this.#setGroup({
+			...this.#group,
+			retransformAt: this.#now() + this.#retransformIntervalMs
+		});
 	}
 	#nextRevalidateAt() {
 		return this.#revalidateIntervalMs === void 0 ? void 0 : this.#now() + this.#revalidateIntervalMs;
 	}
 };
-function snapshotConnection(connection) {
-	if (!connection) return;
-	return {
-		...connection,
-		queryContext: {
-			...connection.queryContext,
-			headerOptions: {
-				...connection.queryContext.headerOptions,
-				customHeaders: connection.queryContext.headerOptions.customHeaders ? { ...connection.queryContext.headerOptions.customHeaders } : void 0
-			}
-		},
-		pushContext: {
-			...connection.pushContext,
-			headerOptions: {
-				...connection.pushContext.headerOptions,
-				customHeaders: connection.pushContext.headerOptions.customHeaders ? { ...connection.pushContext.headerOptions.customHeaders } : void 0
-			}
-		}
-	};
-}
-function snapshotGroup(group) {
-	return {
-		...group,
-		backgroundConnection: group.backgroundConnection ? { ...group.backgroundConnection } : void 0
-	};
-}
 function compareByInsertionOrder(a, b) {
 	return a.insertionOrder - b.insertionOrder || a.wsID.localeCompare(b.wsID);
 }
@@ -379,6 +406,15 @@ function minDefined(a, b) {
 	if (b === void 0) return a;
 	return Math.min(a, b);
 }
+function sameConnectionSelector(a, b) {
+	return a?.clientID === b?.clientID && a?.wsID === b?.wsID;
+}
+function cloneCustomHeaders(headers) {
+	return headers ? { ...headers } : void 0;
+}
+function cloneAllowedClientHeaders(headers) {
+	return headers ? [...headers] : void 0;
+}
 //#endregion
 export { ConnectionContextManagerImpl };