@run402/functions 3.1.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/errors.d.ts +13 -1
- package/dist/auth/errors.d.ts.map +1 -1
- package/dist/auth/errors.js +21 -0
- package/dist/auth/errors.js.map +1 -1
- package/dist/auth/index.d.ts +47 -3
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js +263 -21
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/types.d.ts +39 -0
- package/dist/auth/types.d.ts.map +1 -1
- package/dist/index.d.ts +3 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -1
- package/dist/index.js.map +1 -1
- package/dist/lib/actor-context-verify.d.ts +17 -0
- package/dist/lib/actor-context-verify.d.ts.map +1 -1
- package/dist/lib/actor-context-verify.js +84 -5
- package/dist/lib/actor-context-verify.js.map +1 -1
- package/dist/runtime-context.d.ts.map +1 -1
- package/dist/runtime-context.js +43 -12
- package/dist/runtime-context.js.map +1 -1
- package/package.json +1 -1
package/dist/auth/errors.d.ts
CHANGED
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
* the right thing. But framework code, middleware, and test harnesses
|
|
10
10
|
* occasionally need typed catches; that's what these classes are for.
|
|
11
11
|
*/
|
|
12
|
-
export type Run402AuthCode = "R402_AUTH_REQUIRED" | "R402_AUTH_INSUFFICIENT_ROLE" | "R402_AUTH_INSUFFICIENT_MEMBERSHIP" | "R402_AUTH_FRESHNESS_REQUIRED" | "R402_AUTH_PRERENDERED" | "R402_AUTH_FETCH_ABSOLUTE_URL" | "R402_AUTH_UNKNOWN_EXPORT" | "R402_AUTH_SESSION_BRIDGE_UNVERIFIED" | "R402_AUTH_IDENTITY_LINK_CONFLICT" | "R402_AUTH_UNKNOWN_IDENTITY" | "R402_AUTH_TENANT_SUFFIX_REQUIRED" | "R402_AUTH_RETURN_TO_INVALID" | "R402_AUTH_REDUNDANT_USER_FILTER" | "R402_AUTH_INVALID_CREDENTIALS" | "R402_AUTH_TENANT_SUBJECT_INVALID" | "R402_AUTH_UNTRUSTED_CONTEXT";
|
|
12
|
+
export type Run402AuthCode = "R402_AUTH_REQUIRED" | "R402_AUTH_INSUFFICIENT_ROLE" | "R402_AUTH_INSUFFICIENT_MEMBERSHIP" | "R402_AUTH_FRESHNESS_REQUIRED" | "R402_AUTH_PRERENDERED" | "R402_AUTH_FETCH_ABSOLUTE_URL" | "R402_AUTH_UNKNOWN_EXPORT" | "R402_AUTH_SESSION_BRIDGE_UNVERIFIED" | "R402_AUTH_IDENTITY_LINK_CONFLICT" | "R402_AUTH_UNKNOWN_IDENTITY" | "R402_AUTH_TENANT_SUFFIX_REQUIRED" | "R402_AUTH_RETURN_TO_INVALID" | "R402_AUTH_REDUNDANT_USER_FILTER" | "R402_AUTH_INVALID_CREDENTIALS" | "R402_AUTH_TENANT_SUBJECT_INVALID" | "R402_AUTH_UNTRUSTED_CONTEXT" | "R402_AUTH_RENAMED_EXPORT";
|
|
13
13
|
export declare class Run402AuthError extends Error {
|
|
14
14
|
readonly code: Run402AuthCode;
|
|
15
15
|
readonly status: number;
|
|
@@ -94,6 +94,18 @@ export declare class UnknownIdentityError extends Run402AuthError {
|
|
|
94
94
|
export declare class InvalidCredentialsError extends Run402AuthError {
|
|
95
95
|
constructor();
|
|
96
96
|
}
|
|
97
|
+
/** A shipped export that has been renamed/moved. Distinct from
|
|
98
|
+
* `UnknownExportError` (never-existed names): this one teaches the specific
|
|
99
|
+
* move for a name that used to work. Used for `auth.identities.link` →
|
|
100
|
+
* `auth.account.identities.startLink`. */
|
|
101
|
+
export declare class RenamedExportError extends Run402AuthError {
|
|
102
|
+
readonly oldName: string;
|
|
103
|
+
readonly newName: string;
|
|
104
|
+
constructor(opts: {
|
|
105
|
+
oldName: string;
|
|
106
|
+
newName: string;
|
|
107
|
+
});
|
|
108
|
+
}
|
|
97
109
|
/** Rejects a tenant-assertion mint whose `user` lacks a stable `id` (e.g. a
|
|
98
110
|
* bare email). The `fix` shows the required `{ tenant, user: { id, email, ... },
|
|
99
111
|
* method }` shape. SDK-side fast-feedback twin of the gateway's
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/auth/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,MAAM,cAAc,GACtB,oBAAoB,GACpB,6BAA6B,GAC7B,mCAAmC,GACnC,8BAA8B,GAC9B,uBAAuB,GACvB,8BAA8B,GAC9B,0BAA0B,GAC1B,qCAAqC,GACrC,kCAAkC,GAClC,4BAA4B,GAC5B,kCAAkC,GAClC,6BAA6B,GAC7B,iCAAiC,GACjC,+BAA+B,GAC/B,kCAAkC,GAClC,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/auth/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,MAAM,cAAc,GACtB,oBAAoB,GACpB,6BAA6B,GAC7B,mCAAmC,GACnC,8BAA8B,GAC9B,uBAAuB,GACvB,8BAA8B,GAC9B,0BAA0B,GAC1B,qCAAqC,GACrC,kCAAkC,GAClC,4BAA4B,GAC5B,kCAAkC,GAClC,6BAA6B,GAC7B,iCAAiC,GACjC,+BAA+B,GAC/B,kCAAkC,GAClC,6BAA6B,GAC7B,0BAA0B,CAAC;AAE/B,qBAAa,eAAgB,SAAQ,KAAK;IACxC,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC1C,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;gBAEX,IAAI,EAAE;QAChB,IAAI,EAAE,cAAc,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAClC,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,IAAI,CAAC,EAAE,MAAM,CAAC;KACf;CASF;AAED;;kEAEkE;AAClE,qBAAa,iBAAkB,SAAQ,eAAe;gBACxC,IAAI,GAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAO;CAW7C;AAED,qBAAa,qBAAsB,SAAQ,eAAe;IACxD,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;gBAClB,YAAY,EAAE,MAAM;CAUjC;AAED,qBAAa,2BAA4B,SAAQ,eAAe;IAC9D,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;gBACxB,kBAAkB,EAAE,MAAM;CAUvC;AAED,qBAAa,sBAAuB,SAAQ,eAAe;IACzD,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC;gBACX,IAAI,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE;CAWvE;AAED,qBAAa,qBAAsB,SAAQ,eAAe;gBAC5C,IAAI,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE;CAWxD;AAED,qBAAa,gBAAiB,SAAQ,eAAe;gBACvC,IAAI,EAAE;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE;CAW1C;AAED,qBAAa,kBAAmB,SAAQ,eAAe;IACrD,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;gBACnB,IAAI,EAAE;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAA;KAAE;CAiBnE;AAED,qBAAa,4BAA6B,SAAQ,eAAe;gBACnD,IAAI,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE;CAWrC;AAED,qBAAa,yBAA0B,SAAQ,eAAe;gBAChD,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;CASxD;AAED,qBAAa,oBAAqB,SAAQ,eAAe;gBAC3C,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;CAUxD;AAED;;;;sDAIsD;AACtD,qBAAa,uBAAwB,SAAQ,eAAe;;CAa3D;AAED;;;2CAG2C;AAC3C,qBAAa,kBAAmB,SAAQ,eAAe;IACrD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;gBACb,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;CAavD;AAED;;;mDAGmD;AACnD,qBAAa,yBAA0B,SAAQ,eAAe;gBAChD,IAAI,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE;CAYrC"}
|
package/dist/auth/errors.js
CHANGED
|
@@ -185,6 +185,27 @@ export class InvalidCredentialsError extends Run402AuthError {
|
|
|
185
185
|
this.name = "InvalidCredentialsError";
|
|
186
186
|
}
|
|
187
187
|
}
|
|
188
|
+
/** A shipped export that has been renamed/moved. Distinct from
|
|
189
|
+
* `UnknownExportError` (never-existed names): this one teaches the specific
|
|
190
|
+
* move for a name that used to work. Used for `auth.identities.link` →
|
|
191
|
+
* `auth.account.identities.startLink`. */
|
|
192
|
+
export class RenamedExportError extends Run402AuthError {
|
|
193
|
+
oldName;
|
|
194
|
+
newName;
|
|
195
|
+
constructor(opts) {
|
|
196
|
+
super({
|
|
197
|
+
code: "R402_AUTH_RENAMED_EXPORT",
|
|
198
|
+
status: 400,
|
|
199
|
+
message: `${opts.oldName} has moved to ${opts.newName}.`,
|
|
200
|
+
details: { old_name: opts.oldName, new_name: opts.newName },
|
|
201
|
+
suggestedFix: `Use: ${opts.newName}`,
|
|
202
|
+
docs: "https://run402.com/errors/#R402_AUTH_RENAMED_EXPORT",
|
|
203
|
+
});
|
|
204
|
+
this.name = "RenamedExportError";
|
|
205
|
+
this.oldName = opts.oldName;
|
|
206
|
+
this.newName = opts.newName;
|
|
207
|
+
}
|
|
208
|
+
}
|
|
188
209
|
/** Rejects a tenant-assertion mint whose `user` lacks a stable `id` (e.g. a
|
|
189
210
|
* bare email). The `fix` shows the required `{ tenant, user: { id, email, ... },
|
|
190
211
|
* method }` shape. SDK-side fast-feedback twin of the gateway's
|
package/dist/auth/errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/auth/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/auth/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAqBH,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAC/B,IAAI,CAAiB;IACrB,MAAM,CAAS;IACf,OAAO,CAA0B;IACjC,YAAY,CAAU;IACtB,IAAI,CAAU;IAEvB,YAAY,IAOX;QACC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpB,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACtB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,YAAY;YAAE,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QAC7D,IAAI,IAAI,CAAC,IAAI;YAAE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACvC,CAAC;CACF;AAED;;kEAEkE;AAClE,MAAM,OAAO,iBAAkB,SAAQ,eAAe;IACpD,YAAY,OAA8B,EAAE;QAC1C,KAAK,CAAC;YACJ,IAAI,EAAE,oBAAoB;YAC1B,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,0BAA0B;YACnC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE;YACzD,YAAY,EAAE,4CAA4C;YAC1D,IAAI,EAAE,+CAA+C;SACtD,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED,MAAM,OAAO,qBAAsB,SAAQ,eAAe;IAC/C,YAAY,CAAS;IAC9B,YAAY,YAAoB;QAC9B,KAAK,CAAC;YACJ,IAAI,EAAE,6BAA6B;YACnC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,2CAA2C,YAAY,GAAG;YACnE,OAAO,EAAE,EAAE,aAAa,EAAE,YAAY,EAAE;SACzC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;QACpC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;CACF;AAED,MAAM,OAAO,2BAA4B,SAAQ,eAAe;IACrD,kBAAkB,CAAS;IACpC,YAAY,kBAA0B;QACpC,KAAK,CAAC;YACJ,IAAI,EAAE,mCAAmC;YACzC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,iDAAiD,kBAAkB,GAAG;YAC/E,OAAO,EAAE,EAAE,mBAAmB,EAAE,kBAAkB,EAAE;SACrD,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;QAC1C,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;IAC/C,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,eAAe;IAChD,MAAM,CAAS;IACf,GAAG,CAAW;IACvB,YAAY,IAA0D;QACpE,KAAK,CAAC;YACJ,IAAI,EAAE,8BAA8B;YACpC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,uCAAuC,IAAI,CAAC,MAAM,qBAAqB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YACtG,OAAO,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI,EAAE;SAClF,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;IACtB,CAAC;CACF;AAED,MAAM,OAAO,qBAAsB,SAAQ,eAAe;IACxD,YAAY,IAA2C;QACrD,KAAK,CAAC;YACJ,IAAI,EAAE,8BAA8B;YACpC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,2BAA2B,IAAI,CAAC,SAAS,MAAM,IAAI,CAAC,MAAM,EAAE;YACrE,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;YAC/D,YAAY,EAAE,kGAAkG;YAChH,IAAI,EAAE,yDAAyD;SAChE,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,MAAM,OAAO,gBAAiB,SAAQ,eAAe;IACnD,YAAY,IAA6B;QACvC,KAAK,CAAC;YACJ,IAAI,EAAE,uBAAuB;YAC7B,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,GAAG,IAAI,CAAC,WAAW,qCAAqC;YACjE,OAAO,EAAE,EAAE,YAAY,EAAE,IAAI,CAAC,WAAW,EAAE;YAC3C,YAAY,EAAE,8DAA8D;YAC5E,IAAI,EAAE,kDAAkD;SACzD,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED,MAAM,OAAO,kBAAmB,SAAQ,eAAe;IAC5C,aAAa,CAAS;IACtB,aAAa,CAAS;IAC/B,YAAY,IAAsD;QAChE,KAAK,CAAC;YACJ,IAAI,EAAE,0BAA0B;YAChC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,uBAAuB,IAAI,CAAC,aAAa,SAAS,IAAI,CAAC,aAAa,WAAW;YACxF,OAAO,EAAE;gBACP,cAAc,EAAE,IAAI,CAAC,aAAa;gBAClC,cAAc,EAAE,IAAI,CAAC,aAAa;gBAClC,WAAW,EAAE,0CAA0C;aACxD;YACD,YAAY,EAAE,QAAQ,IAAI,CAAC,aAAa,EAAE;YAC1C,IAAI,EAAE,qDAAqD;SAC5D,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;QACjC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;QACxC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;IAC1C,CAAC;CACF;AAED,MAAM,OAAO,4BAA6B,SAAQ,eAAe;IAC/D,YAAY,IAAwB;QAClC,KAAK,CAAC;YACJ,IAAI,EAAE,qCAAqC;YAC3C,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,4CAA4C,IAAI,CAAC,MAAM,EAAE;YAClE,OAAO,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;YAChC,YAAY,EAAE,oHAAoH;YAClI,IAAI,EAAE,gEAAgE;SACvE,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED,MAAM,OAAO,yBAA0B,SAAQ,eAAe;IAC5D,YAAY,IAA2C;QACrD,KAAK,CAAC;YACJ,IAAI,EAAE,kCAAkC;YACxC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,aAAa,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,OAAO,sCAAsC;YAC1F,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SAC5D,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAC;IAC1C,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,eAAe;IACvD,YAAY,IAA2C;QACrD,KAAK,CAAC;YACJ,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,aAAa,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,OAAO,cAAc;YAClE,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;YAC3D,YAAY,EAAE,8GAA8G;SAC7H,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED;;;;sDAIsD;AACtD,MAAM,OAAO,uBAAwB,SAAQ,eAAe;IAC1D;QACE,KAAK,CAAC;YACJ,IAAI,EAAE,+BAA+B;YACrC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,sBAAsB;YAC/B,OAAO,EAAE,EAAE;YACX,YAAY,EACV,6EAA6E;YAC/E,IAAI,EAAE,0DAA0D;SACjE,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED;;;2CAG2C;AAC3C,MAAM,OAAO,kBAAmB,SAAQ,eAAe;IAC5C,OAAO,CAAS;IAChB,OAAO,CAAS;IACzB,YAAY,IAA0C;QACpD,KAAK,CAAC;YACJ,IAAI,EAAE,0BAA0B;YAChC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,iBAAiB,IAAI,CAAC,OAAO,GAAG;YACxD,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,EAAE;YAC3D,YAAY,EAAE,QAAQ,IAAI,CAAC,OAAO,EAAE;YACpC,IAAI,EAAE,qDAAqD;SAC5D,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;QACjC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC5B,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;IAC9B,CAAC;CACF;AAED;;;mDAGmD;AACnD,MAAM,OAAO,yBAA0B,SAAQ,eAAe;IAC5D,YAAY,IAAwB;QAClC,KAAK,CAAC;YACJ,IAAI,EAAE,kCAAkC;YACxC,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,qCAAqC,IAAI,CAAC,MAAM,EAAE;YAC3D,OAAO,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE;YAChC,YAAY,EACV,uIAAuI;YACzI,IAAI,EAAE,6DAA6D;SACpE,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAC;IAC1C,CAAC;CACF"}
|
package/dist/auth/index.d.ts
CHANGED
|
@@ -40,7 +40,7 @@
|
|
|
40
40
|
* @see openspec/changes/auth-aware-ssr/specs/auth-sdk-namespace/spec.md
|
|
41
41
|
*/
|
|
42
42
|
import { InvalidCredentialsError } from "./errors.js";
|
|
43
|
-
import type { Actor, CreateResponseFromIdentityOptions, CreateResponseFromTenantAssertionOptions, IdentityLinkOptions } from "./types.js";
|
|
43
|
+
import type { AccountSecurity, Actor, CreateResponseFromIdentityOptions, CreateResponseFromTenantAssertionOptions, IdentityLinkOptions } from "./types.js";
|
|
44
44
|
interface RequireFreshOptions {
|
|
45
45
|
/** Human-friendly window expression. Accepted forms: `"10m"`, `"1h"`,
|
|
46
46
|
* `"5m30s"`, integer seconds (`"600"`). Anything that fails to parse
|
|
@@ -76,6 +76,50 @@ interface AuthNamespace {
|
|
|
76
76
|
/** Canonical invalid-credentials failure for the tenant-owned credential
|
|
77
77
|
* case. A function (not a constructor): `throw auth.invalidCredentials()`. */
|
|
78
78
|
invalidCredentials(): InvalidCredentialsError;
|
|
79
|
+
/** Account security (§4). `getSecurity`/`requireSecurity` are the everyday
|
|
80
|
+
* rich read; the §4.4 advanced mutation tier (callee-enforced freshness,
|
|
81
|
+
* context-actor only) backs the same flows as `<AccountSecurity>`. */
|
|
82
|
+
account: {
|
|
83
|
+
getSecurity(): Promise<AccountSecurity | null>;
|
|
84
|
+
requireSecurity(): Promise<AccountSecurity>;
|
|
85
|
+
setPassword(newPassword: string, opts?: {
|
|
86
|
+
maxAge?: string;
|
|
87
|
+
}): Promise<void>;
|
|
88
|
+
signOutEverywhere(): Promise<{
|
|
89
|
+
revoked_count: number;
|
|
90
|
+
}>;
|
|
91
|
+
passkeys: {
|
|
92
|
+
list(): Promise<unknown[]>;
|
|
93
|
+
remove(passkeyId: string): Promise<void>;
|
|
94
|
+
add(): never;
|
|
95
|
+
};
|
|
96
|
+
identities: {
|
|
97
|
+
list(): Promise<unknown[]>;
|
|
98
|
+
/** §4.5 — begin the OAuth link-to-existing-account ceremony for the
|
|
99
|
+
* context actor. Mints a short-lived actor JWT and asks the gateway
|
|
100
|
+
* (`intent:"link"`) for a provider authorization URL bound to the
|
|
101
|
+
* signed-in user; the caller redirects the browser there. After the
|
|
102
|
+
* provider round-trip the identity is written against THIS account
|
|
103
|
+
* (not a new sign-in). `redirectUrl` must be an allowed origin for the
|
|
104
|
+
* project. This is link-to-existing — distinct from sign-in-with. */
|
|
105
|
+
startLink(opts: {
|
|
106
|
+
provider: string;
|
|
107
|
+
redirectUrl: string;
|
|
108
|
+
mode?: "redirect" | "popup";
|
|
109
|
+
}): Promise<{
|
|
110
|
+
authorizationUrl: string;
|
|
111
|
+
expiresIn: number;
|
|
112
|
+
}>;
|
|
113
|
+
unlink(opts: {
|
|
114
|
+
provider: string;
|
|
115
|
+
subject: string;
|
|
116
|
+
}): Promise<void>;
|
|
117
|
+
};
|
|
118
|
+
sessions: {
|
|
119
|
+
list(): Promise<unknown[]>;
|
|
120
|
+
revoke(sessionId: string): Promise<void>;
|
|
121
|
+
};
|
|
122
|
+
};
|
|
79
123
|
identities: {
|
|
80
124
|
link(opts: IdentityLinkOptions): Promise<void>;
|
|
81
125
|
};
|
|
@@ -107,6 +151,6 @@ export declare function currentUser(): never;
|
|
|
107
151
|
export declare function getCurrentUser(): never;
|
|
108
152
|
/** @deprecated Use `auth.user()`. */
|
|
109
153
|
export declare function getServerSession(): never;
|
|
110
|
-
export type { Actor, IdentityProof, TenantUser, CreateResponseFromTenantAssertionOptions, } from "./types.js";
|
|
111
|
-
export { AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, InvalidCredentialsError, TenantSubjectInvalidError, Run402AuthError, } from "./errors.js";
|
|
154
|
+
export type { Actor, IdentityProof, TenantUser, CreateResponseFromTenantAssertionOptions, AccountSecurity, Run402Identity, TenantAssertionRef, } from "./types.js";
|
|
155
|
+
export { AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, InvalidCredentialsError, TenantSubjectInvalidError, RenamedExportError, Run402AuthError, } from "./errors.js";
|
|
112
156
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/auth/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAUH,OAAO,EAML,uBAAuB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAUH,OAAO,EAML,uBAAuB,EAKxB,MAAM,aAAa,CAAC;AACrB,OAAO,KAAK,EACV,eAAe,EACf,KAAK,EACL,iCAAiC,EACjC,wCAAwC,EACxC,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAsJpB,UAAU,mBAAmB;IAC3B;;2DAEuD;IACvD,MAAM,EAAE,MAAM,CAAC;IACf;;qBAEiB;IACjB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;CAChB;AA8JD;;;;;yCAKyC;AACzC,eAAO,MAAM,qBAAqB,4BAA4B,CAAC;AAyb/D,UAAU,aAAa;IACrB,IAAI,IAAI,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;IAC9B,WAAW,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC;IAC9B,WAAW,CAAC,KAAK,CAAC,CAAC,SAAS,MAAM,EAAE,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,KAAK,CAAC;QAAC,IAAI,EAAE,CAAC,CAAA;KAAE,CAAC,CAAC;IAChF,iBAAiB,CAAC,KAAK,CAAC,CAAC,SAAS,MAAM,EACtC,UAAU,EAAE,CAAC,GACZ,OAAO,CAAC;QAAE,IAAI,EAAE,KAAK,CAAC;QAAC,UAAU,EAAE,CAAC,CAAA;KAAE,CAAC,CAAC;IAC3C,YAAY,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,KAAK,CAAC,KAAK,EAAE,WAAW,GAAG,GAAG,EAAE,IAAI,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvE,SAAS,IAAI,MAAM,CAAC;IACpB,SAAS,IAAI,MAAM,CAAC;IACpB;mFAC+E;IAC/E,kBAAkB,IAAI,uBAAuB,CAAC;IAC9C;;2EAEuE;IACvE,OAAO,EAAE;QACP,WAAW,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;QAC/C,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;QAC5C,WAAW,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;YAAE,MAAM,CAAC,EAAE,MAAM,CAAA;SAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5E,iBAAiB,IAAI,OAAO,CAAC;YAAE,aAAa,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACxD,QAAQ,EAAE;YACR,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3B,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;YACzC,GAAG,IAAI,KAAK,CAAC;SACd,CAAC;QACF,UAAU,EAAE;YACV,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3B;;;;;;kFAMsE;YACtE,SAAS,CAAC,IAAI,EAAE;gBACd,QAAQ,EAAE,MAAM,CAAC;gBACjB,WAAW,EAAE,MAAM,CAAC;gBACpB,IAAI,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC;aAC7B,GAAG,OAAO,CAAC;gBAAE,gBAAgB,EAAE,MAAM,CAAC;gBAAC,SAAS,EAAE,MAAM,CAAA;aAAE,CAAC,CAAC;YAC7D,MAAM,CAAC,IAAI,EAAE;gBAAE,QAAQ,EAAE,MAAM,CAAC;gBAAC,OAAO,EAAE,MAAM,CAAA;aAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;SACpE,CAAC;QACF,QAAQ,EAAE;YACR,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3B,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;SAC1C,CAAC;KACH,CAAC;IACF,UAAU,EAAE;QACV,IAAI,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;KAChD,CAAC;IACF,QAAQ,EAAE;QACR,0BAA0B,CAAC,IAAI,EAAE,iCAAiC,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACvF,iCAAiC,CAC/B,IAAI,EAAE,wCAAwC,GAC7C,OAAO,CAAC,QAAQ,CAAC,CAAC;QACrB,WAAW,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;KAClC,CAAC;CACH;AAqDD;;;gEAGgE;AAChE,eAAO,MAAM,IAAI,EAAE,aAiBjB,CAAC;AAEH;;;;;;;;GAQG;AAEH,6DAA6D;AAC7D,wBAAgB,UAAU,IAAI,KAAK,CAElC;AAED,qCAAqC;AACrC,wBAAgB,WAAW,IAAI,KAAK,CAEnC;AAED,qCAAqC;AACrC,wBAAgB,cAAc,IAAI,KAAK,CAEtC;AAED,qCAAqC;AACrC,wBAAgB,gBAAgB,IAAI,KAAK,CAKxC;AA8BD,YAAY,EACV,KAAK,EACL,aAAa,EACb,UAAU,EACV,wCAAwC,EACxC,eAAe,EACf,cAAc,EACd,kBAAkB,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,4BAA4B,EAC5B,yBAAyB,EACzB,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,eAAe,GAChB,MAAM,aAAa,CAAC"}
|
package/dist/auth/index.js
CHANGED
|
@@ -42,7 +42,7 @@
|
|
|
42
42
|
import { getCurrentContext, requireActiveContext, taintCacheBypass, } from "../runtime-context.js";
|
|
43
43
|
import { config } from "../config.js";
|
|
44
44
|
import jwt from "../lib/jwt.js";
|
|
45
|
-
import { AuthRequiredError, FetchAbsoluteUrlError, FreshnessRequiredError, InsufficientMembershipError, InsufficientRoleError, InvalidCredentialsError, TenantSubjectInvalidError, UnknownExportError, } from "./errors.js";
|
|
45
|
+
import { AuthRequiredError, FetchAbsoluteUrlError, FreshnessRequiredError, InsufficientMembershipError, InsufficientRoleError, InvalidCredentialsError, RenamedExportError, TenantSubjectInvalidError, UnknownExportError, } from "./errors.js";
|
|
46
46
|
import { validateAuthFetchInput } from "./url-validation.js";
|
|
47
47
|
import crypto from "node:crypto";
|
|
48
48
|
// ---------------------------------------------------------------------------
|
|
@@ -415,31 +415,272 @@ async function endResponse() {
|
|
|
415
415
|
// ---------------------------------------------------------------------------
|
|
416
416
|
// Identity linking.
|
|
417
417
|
// ---------------------------------------------------------------------------
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
418
|
+
/** §4.5: the shipped top-level `auth.identities.link` is renamed/moved to
|
|
419
|
+
* `auth.account.identities.startLink` (the redirect+proof ceremony that links
|
|
420
|
+
* an OAuth identity to the already-signed-in account). Throws
|
|
421
|
+
* `R402_AUTH_RENAMED_EXPORT` teaching the move. (It also fetched a gateway
|
|
422
|
+
* route that never existed — see #429 — so it was non-functional regardless.) */
|
|
423
|
+
async function linkIdentity(_opts) {
|
|
424
|
+
throw new RenamedExportError({
|
|
425
|
+
oldName: "auth.identities.link",
|
|
426
|
+
newName: "auth.account.identities.startLink",
|
|
427
427
|
});
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
428
|
+
}
|
|
429
|
+
// ---------------------------------------------------------------------------
|
|
430
|
+
// Account security (§4). `getSecurity()` is the everyday rich read; the
|
|
431
|
+
// advanced mutation tier (setPassword / passkeys / sessions / identities) is
|
|
432
|
+
// demoted and lands in a follow-up increment.
|
|
433
|
+
// ---------------------------------------------------------------------------
|
|
434
|
+
/**
|
|
435
|
+
* The rich settings/security read for the current actor (§4.3). Distinct from
|
|
436
|
+
* the cheap per-request `auth.user()` — returns the ownership-qualified
|
|
437
|
+
* `AccountSecurity` projection (has_run402_password, run402_passkey_count,
|
|
438
|
+
* run402_identities, tenant_assertions, …) or `null` when anonymous.
|
|
439
|
+
*
|
|
440
|
+
* Resolves the actor exactly like `auth.user()` (cookie envelope on browser
|
|
441
|
+
* SSR; Bearer on direct/machine — §4.7/D15), mints a short-lived actor JWT
|
|
442
|
+
* (the same channel `db()` uses), and fetches the gateway projection route.
|
|
443
|
+
*/
|
|
444
|
+
async function getSecurity() {
|
|
445
|
+
const ctx = getCurrentContext();
|
|
446
|
+
if (!ctx)
|
|
447
|
+
return null;
|
|
448
|
+
const actor = await user();
|
|
449
|
+
if (!actor)
|
|
450
|
+
return null;
|
|
451
|
+
if (!config.JWT_SECRET)
|
|
452
|
+
return null;
|
|
453
|
+
const nowSec = Math.floor(Date.now() / 1000);
|
|
454
|
+
let token;
|
|
455
|
+
try {
|
|
456
|
+
token = jwt.sign({
|
|
457
|
+
sub: actor.id,
|
|
458
|
+
role: "authenticated",
|
|
459
|
+
email: actor.email,
|
|
460
|
+
project_id: actor.projectId,
|
|
461
|
+
iss: "agentdb",
|
|
462
|
+
iat: nowSec,
|
|
463
|
+
exp: nowSec + 60,
|
|
464
|
+
}, config.JWT_SECRET);
|
|
465
|
+
}
|
|
466
|
+
catch {
|
|
467
|
+
return null;
|
|
468
|
+
}
|
|
469
|
+
// Fetch the gateway (config.API_BASE = RUN402_API_BASE) directly — NOT the
|
|
470
|
+
// public tenant subdomain (ctx.host). The /auth/v1/account/* routes live on
|
|
471
|
+
// the gateway; a Lambda-to-subdomain round-trip via CloudFront does not reach
|
|
472
|
+
// them. `app_origin` still carries the tenant host for rpId validation.
|
|
473
|
+
const appOrigin = `https://${ctx.host}`;
|
|
474
|
+
let res;
|
|
475
|
+
try {
|
|
476
|
+
res = await fetch(`${config.API_BASE}/auth/v1/account/security?app_origin=${encodeURIComponent(appOrigin)}`, {
|
|
477
|
+
headers: {
|
|
478
|
+
apikey: config.ANON_KEY ?? "",
|
|
479
|
+
authorization: `Bearer ${token}`,
|
|
480
|
+
accept: "application/json",
|
|
481
|
+
},
|
|
482
|
+
redirect: "manual",
|
|
434
483
|
});
|
|
435
484
|
}
|
|
485
|
+
catch {
|
|
486
|
+
return null;
|
|
487
|
+
}
|
|
488
|
+
if (!res.ok)
|
|
489
|
+
return null;
|
|
490
|
+
const data = (await res.json().catch(() => null));
|
|
491
|
+
if (!data)
|
|
492
|
+
return null;
|
|
493
|
+
// The route returns a `user` projection; the SDK overlays the richer Actor.
|
|
494
|
+
return { ...data, user: actor };
|
|
495
|
+
}
|
|
496
|
+
/** Throwing variant of `getSecurity()` (§4.3). */
|
|
497
|
+
async function requireSecurity() {
|
|
498
|
+
const security = await getSecurity();
|
|
499
|
+
if (!security)
|
|
500
|
+
throw new AuthRequiredError();
|
|
501
|
+
return security;
|
|
502
|
+
}
|
|
503
|
+
// ---------------------------------------------------------------------------
|
|
504
|
+
// §4.4 advanced account-security mutation tier. Server-side, context-actor
|
|
505
|
+
// only. Each method mints a short-lived actor JWT (same channel as
|
|
506
|
+
// getSecurity) — including `auth_time` so the gateway can enforce freshness
|
|
507
|
+
// callee-side — and calls the Bearer-authed /auth/v1/account/* routes. NOT in
|
|
508
|
+
// the everyday docs; the everyday path is the <AccountSecurity> component.
|
|
509
|
+
// ---------------------------------------------------------------------------
|
|
510
|
+
/** Mint a short-lived actor JWT for an advanced-tier account call. Includes
|
|
511
|
+
* `auth_time` (the actor's last-auth from the verified browser-session
|
|
512
|
+
* envelope) so the gateway's sensitive-mutation freshness gate can read it. */
|
|
513
|
+
function mintAdvancedActorToken(actor) {
|
|
514
|
+
if (!config.JWT_SECRET)
|
|
515
|
+
return null;
|
|
516
|
+
const nowSec = Math.floor(Date.now() / 1000);
|
|
517
|
+
try {
|
|
518
|
+
return jwt.sign({
|
|
519
|
+
sub: actor.id,
|
|
520
|
+
role: "authenticated",
|
|
521
|
+
email: actor.email,
|
|
522
|
+
project_id: actor.projectId,
|
|
523
|
+
iss: "agentdb",
|
|
524
|
+
iat: nowSec,
|
|
525
|
+
exp: nowSec + 60,
|
|
526
|
+
auth_time: actor.authTime,
|
|
527
|
+
}, config.JWT_SECRET);
|
|
528
|
+
}
|
|
529
|
+
catch {
|
|
530
|
+
return null;
|
|
531
|
+
}
|
|
532
|
+
}
|
|
533
|
+
/** Call a Bearer-authed /auth/v1/account/* route with the context actor's
|
|
534
|
+
* minted JWT. Throws AuthRequiredError when anonymous / outside a request,
|
|
535
|
+
* FreshnessRequiredError on a freshness 401, and a generic error otherwise. */
|
|
536
|
+
async function accountAdvancedFetch(path, init) {
|
|
537
|
+
const ctx = getCurrentContext();
|
|
538
|
+
const actor = ctx ? await user() : null;
|
|
539
|
+
if (!ctx || !actor)
|
|
540
|
+
throw new AuthRequiredError();
|
|
541
|
+
const token = mintAdvancedActorToken(actor);
|
|
542
|
+
if (!token)
|
|
543
|
+
throw new AuthRequiredError();
|
|
544
|
+
// Gateway directly (config.API_BASE), NOT the tenant subdomain (ctx.host) —
|
|
545
|
+
// the /auth/v1/account/* routes live on the gateway and a Lambda-to-subdomain
|
|
546
|
+
// round-trip via CloudFront does not reach them (see getSecurity).
|
|
547
|
+
const res = await fetch(`${config.API_BASE}${path}`, {
|
|
548
|
+
method: init.method,
|
|
549
|
+
headers: {
|
|
550
|
+
apikey: config.ANON_KEY ?? "",
|
|
551
|
+
authorization: `Bearer ${token}`,
|
|
552
|
+
accept: "application/json",
|
|
553
|
+
...(init.body !== undefined ? { "content-type": "application/json" } : {}),
|
|
554
|
+
},
|
|
555
|
+
body: init.body !== undefined ? JSON.stringify(init.body) : undefined,
|
|
556
|
+
redirect: "manual",
|
|
557
|
+
});
|
|
558
|
+
if (res.status === 401) {
|
|
559
|
+
const data = (await res.json().catch(() => null));
|
|
560
|
+
if (data?.code === "R402_AUTH_FRESHNESS_REQUIRED") {
|
|
561
|
+
throw new FreshnessRequiredError({ maxAge: "5m", amr: [] });
|
|
562
|
+
}
|
|
563
|
+
throw new AuthRequiredError();
|
|
564
|
+
}
|
|
436
565
|
if (!res.ok) {
|
|
437
|
-
|
|
438
|
-
throw new (await import("./errors.js")).SessionBridgeUnverifiedError({
|
|
439
|
-
reason: body.code ?? `link failed: ${res.status}`,
|
|
440
|
-
});
|
|
566
|
+
throw new Error(`auth.account.* request to ${path} failed: ${res.status}`);
|
|
441
567
|
}
|
|
568
|
+
return (await res.json().catch(() => ({})));
|
|
442
569
|
}
|
|
570
|
+
/** §4.4 — set or change the signed-in user's Run402 password. Callee-enforced
|
|
571
|
+
* freshness (re-auth within 5 min) — throws FreshnessRequiredError otherwise.
|
|
572
|
+
* On success the gateway rotates (revokes) the user's other sessions. */
|
|
573
|
+
async function setPassword(newPassword, _opts) {
|
|
574
|
+
await accountAdvancedFetch("/auth/v1/account/password", {
|
|
575
|
+
method: "POST",
|
|
576
|
+
body: { new_password: newPassword },
|
|
577
|
+
});
|
|
578
|
+
}
|
|
579
|
+
/** §4.4 — sign out of every browser session for the context actor. */
|
|
580
|
+
async function signOutEverywhere() {
|
|
581
|
+
const out = (await accountAdvancedFetch("/auth/v1/account/sign-out-everywhere", {
|
|
582
|
+
method: "POST",
|
|
583
|
+
body: {},
|
|
584
|
+
}));
|
|
585
|
+
return { revoked_count: typeof out.revoked_count === "number" ? out.revoked_count : 0 };
|
|
586
|
+
}
|
|
587
|
+
const accountPasskeys = {
|
|
588
|
+
list: async () => {
|
|
589
|
+
const out = (await accountAdvancedFetch("/auth/v1/account/passkeys", { method: "GET" }));
|
|
590
|
+
return out.passkeys ?? [];
|
|
591
|
+
},
|
|
592
|
+
remove: async (passkeyId) => {
|
|
593
|
+
await accountAdvancedFetch("/auth/v1/account/passkeys/remove", {
|
|
594
|
+
method: "POST",
|
|
595
|
+
body: { passkey_id: passkeyId },
|
|
596
|
+
});
|
|
597
|
+
},
|
|
598
|
+
/** Passkey registration is a browser WebAuthn ceremony — it cannot run
|
|
599
|
+
* server-side. Use `<AccountSecurity sections={["passkeys"]}/>` or the
|
|
600
|
+
* hosted `/auth/passkeys/register` flow. */
|
|
601
|
+
add: () => {
|
|
602
|
+
throw new Error("auth.account.passkeys.add() can't run server-side: passkey registration is a browser WebAuthn ceremony. Use <AccountSecurity sections={[\"passkeys\"]}/> or the hosted /auth/passkeys/register flow.");
|
|
603
|
+
},
|
|
604
|
+
};
|
|
605
|
+
const accountIdentities = {
|
|
606
|
+
list: async () => {
|
|
607
|
+
const out = (await accountAdvancedFetch("/auth/v1/account/identities", { method: "GET" }));
|
|
608
|
+
return out.identities ?? [];
|
|
609
|
+
},
|
|
610
|
+
/** §4.5 — begin the OAuth link-to-existing-account ceremony. Mints the
|
|
611
|
+
* context actor's JWT and calls the gateway `intent:"link"` start route,
|
|
612
|
+
* returning the provider authorization URL for the caller to redirect to.
|
|
613
|
+
* The resulting identity is written against the signed-in account (NOT a
|
|
614
|
+
* new sign-in). `redirectUrl` must be a project-allowed origin. */
|
|
615
|
+
startLink: async (opts) => {
|
|
616
|
+
if (!opts?.provider)
|
|
617
|
+
throw new Error("auth.account.identities.startLink: provider is required");
|
|
618
|
+
if (!opts?.redirectUrl)
|
|
619
|
+
throw new Error("auth.account.identities.startLink: redirectUrl is required");
|
|
620
|
+
const out = (await accountAdvancedFetch(`/auth/v1/oauth/${opts.provider}/start`, {
|
|
621
|
+
method: "POST",
|
|
622
|
+
body: { intent: "link", redirect_url: opts.redirectUrl, mode: opts.mode ?? "redirect" },
|
|
623
|
+
}));
|
|
624
|
+
if (!out.authorization_url) {
|
|
625
|
+
throw new Error("auth.account.identities.startLink: gateway returned no authorization_url");
|
|
626
|
+
}
|
|
627
|
+
return {
|
|
628
|
+
authorizationUrl: out.authorization_url,
|
|
629
|
+
expiresIn: typeof out.expires_in === "number" ? out.expires_in : 600,
|
|
630
|
+
};
|
|
631
|
+
},
|
|
632
|
+
unlink: async (opts) => {
|
|
633
|
+
await accountAdvancedFetch("/auth/v1/account/identities/unlink", {
|
|
634
|
+
method: "POST",
|
|
635
|
+
body: { provider: opts.provider, subject: opts.subject },
|
|
636
|
+
});
|
|
637
|
+
},
|
|
638
|
+
};
|
|
639
|
+
const accountSessions = {
|
|
640
|
+
list: async () => {
|
|
641
|
+
const out = (await accountAdvancedFetch("/auth/v1/account/sessions", { method: "GET" }));
|
|
642
|
+
return out.sessions ?? [];
|
|
643
|
+
},
|
|
644
|
+
revoke: async (sessionId) => {
|
|
645
|
+
await accountAdvancedFetch("/auth/v1/account/sessions/revoke", {
|
|
646
|
+
method: "POST",
|
|
647
|
+
body: { session_id: sessionId },
|
|
648
|
+
});
|
|
649
|
+
},
|
|
650
|
+
};
|
|
651
|
+
/** `auth.account.*` proxy — `getSecurity`/`requireSecurity` (everyday read) +
|
|
652
|
+
* the §4.4 advanced mutation members (`setPassword`, `passkeys`, `identities`,
|
|
653
|
+
* `sessions`, `signOutEverywhere`) are the real members; the shipped throwing
|
|
654
|
+
* names (`get`, `signIn`, `login`, `currentUser`) and typos throw the
|
|
655
|
+
* structured unknown-export error (§4.6). */
|
|
656
|
+
const ACCOUNT_HALLUCINATED_NAMES = {
|
|
657
|
+
get: "auth.account.getSecurity() / auth.account.requireSecurity()",
|
|
658
|
+
signIn: "auth.sessions.createResponseFromTenantAssertion({...}) / createResponseFromIdentity({...})",
|
|
659
|
+
login: "auth.sessions.createResponseFromTenantAssertion({...})",
|
|
660
|
+
currentUser: "auth.user()",
|
|
661
|
+
user: "auth.user()",
|
|
662
|
+
};
|
|
663
|
+
const baseAccount = {
|
|
664
|
+
getSecurity,
|
|
665
|
+
requireSecurity,
|
|
666
|
+
setPassword,
|
|
667
|
+
signOutEverywhere,
|
|
668
|
+
passkeys: accountPasskeys,
|
|
669
|
+
identities: accountIdentities,
|
|
670
|
+
sessions: accountSessions,
|
|
671
|
+
};
|
|
672
|
+
const account = new Proxy(baseAccount, {
|
|
673
|
+
get(target, prop, receiver) {
|
|
674
|
+
if (typeof prop === "string" && !(prop in target)) {
|
|
675
|
+
throw new UnknownExportError({
|
|
676
|
+
attemptedName: `auth.account.${prop}`,
|
|
677
|
+
canonicalName: ACCOUNT_HALLUCINATED_NAMES[prop] ??
|
|
678
|
+
"auth.account.getSecurity() / auth.account.requireSecurity()",
|
|
679
|
+
});
|
|
680
|
+
}
|
|
681
|
+
return Reflect.get(target, prop, receiver);
|
|
682
|
+
},
|
|
683
|
+
});
|
|
443
684
|
// ---------------------------------------------------------------------------
|
|
444
685
|
// SDK proxy intercepting hallucinated names.
|
|
445
686
|
// ---------------------------------------------------------------------------
|
|
@@ -503,6 +744,7 @@ const baseAuth = {
|
|
|
503
744
|
csrfToken,
|
|
504
745
|
csrfField,
|
|
505
746
|
invalidCredentials,
|
|
747
|
+
account,
|
|
506
748
|
identities: {
|
|
507
749
|
link: linkIdentity,
|
|
508
750
|
},
|
|
@@ -581,5 +823,5 @@ function currentReturnTo() {
|
|
|
581
823
|
return undefined;
|
|
582
824
|
return ctx.request.url;
|
|
583
825
|
}
|
|
584
|
-
export { AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, InvalidCredentialsError, TenantSubjectInvalidError, Run402AuthError, } from "./errors.js";
|
|
826
|
+
export { AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, InvalidCredentialsError, TenantSubjectInvalidError, RenamedExportError, Run402AuthError, } from "./errors.js";
|
|
585
827
|
//# sourceMappingURL=index.js.map
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,GAEjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,GAAG,MAAM,eAAe,CAAC;AAChC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,EACtB,2BAA2B,EAC3B,qBAAqB,EACrB,uBAAuB,EAEvB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAOrB,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,8EAA8E;AAC9E,mCAAmC;AACnC,8EAA8E;AAE9E,KAAK,UAAU,IAAI;IACjB,oEAAoE;IACpE,8DAA8D;IAC9D,gBAAgB,EAAE,CAAC;IACnB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,mEAAmE;QACnE,gEAAgE;QAChE,mEAAmE;QACnE,gEAAgE;QAChE,+DAA+D;QAC/D,qEAAqE;QACrE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,+DAA+D;IAC/D,mDAAmD;IACnD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,OAAO,yBAAyB,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IAC7D,CAAC;IACD,uEAAuE;IACvE,uEAAuE;IACvE,uEAAuE;IACvE,8DAA8D;IAC9D,uEAAuE;IACvE,uEAAuE;IACvE,IAAI,GAAG,CAAC,cAAc,KAAK,aAAa,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,oEAAoE;IACpE,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,kEAAkE;IAClE,+DAA+D;IAC/D,2DAA2D;IAC3D,OAAO,4BAA4B,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;iBAUiB;AACjB,SAAS,4BAA4B,CACnC,GAAsD;IAEtD,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;IACpC,kEAAkE;IAClE,qEAAqE;IACrE,8BAA8B;IAC9B,IAAI,UAA8B,CAAC;IACnC,8DAA8D;IAC9D,MAAM,CAAC,GAAG,OAAc,CAAC;IACzB,IAAI,OAAO,CAAC,EAAE,GAAG,KAAK,UAAU,EAAE,CAAC;QACjC,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,SAAS,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC;QACzD,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjD,CAAC;IACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CASvB,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,OAAO,CAAC,UAAU,KAAK,GAAG,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QACtD,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,GAAG;YACf,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,SAAS,EAAE,OAAO,CAAC,UAAU,IAAI,UAAU,OAAO,CAAC,GAAG,EAAE;YACxD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,aAAa,EAAE,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAC5D,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YACvD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;IAC3B,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,MAAM,IAAI,iBAAiB,CAAC,EAAE,QAAQ,EAAE,eAAe,EAAE,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,IAAO;IAEP,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,uEAAuE;IACvE,gEAAgE;IAChE,mEAAmE;IACnE,kCAAkC;IAClC,MAAM,GAAG,GAAG,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;IACzE,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC/B,CAAC;IACD,MAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,UAAU,CACjB,OAAsD,EACtD,IAAY;IAEZ,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACtF,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAAa;IAEb,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,wEAAwE;IACxE,wEAAwE;IACxE,oEAAoE;IACpE,MAAM,GAAG,GAAG,oBAAoB,CAAC,wBAAwB,CAAC,CAAC;IAC3D,MAAM,gBAAgB,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,0BAA0B,CAAC,CAAC;IACrF,IAAI,gBAAgB,KAAK,UAAU,EAAE,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrC,CAAC;IACD,MAAM,IAAI,2BAA2B,CAAC,UAAU,CAAC,CAAC;AACpD,CAAC;AAaD,KAAK,UAAU,YAAY,CAAC,IAAyB;IACnD,gBAAgB,EAAE,CAAC;IACnB,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YAClC,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,OAAO,OAAO,EAAE,KAAK,QAAQ,IAAI,MAAM,GAAG,EAAE,IAAI,SAAS,CAAC;QAC5D,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,sBAAsB,CAAC;gBAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,QAAQ,EAAE,eAAe,EAAE;aAC5B,CAAC,CAAC;QACL,CAAC;QACD,OAAO;IACT,CAAC;IACD,IAAI,MAAM,GAAG,KAAK,CAAC,QAAQ,IAAI,SAAS;QAAE,OAAO;IACjD,MAAM,IAAI,sBAAsB,CAAC;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,EAAE,EAAE;QACP,QAAQ,EAAE,eAAe,EAAE;KAC5B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,EAAE,GAAG,oBAAoB,CAAC;IAChC,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,QAAQ,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5B,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,CAAC;gBACX,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC;gBAClB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC;gBACnB,MAAM;QACV,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E,KAAK,UAAU,SAAS,CACtB,KAAwB,EACxB,IAAkB;IAElB,MAAM,GAAG,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAC;IACxE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,qBAAqB,CAAC;YAC9B,SAAS,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;YACpG,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,mEAAmE;IACnE,mEAAmE;IACnE,kEAAkE;IAClE,6DAA6D;IAC7D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,kEAAkE;IAClE,sEAAsE;IACtE,mEAAmE;IACnE,kEAAkE;IAClE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEzB,MAAM,WAAW,GAAgB;QAC/B,GAAG,IAAI;QACP,OAAO;QACP,QAAQ,EAAE,IAAI,EAAE,QAAQ,IAAI,QAAQ;KACrC,CAAC;IACF,OAAO,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,8EAA8E;AAE9E,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACvB,kEAAkE;QAClE,kEAAkE;QAClE,8DAA8D;QAC9D,yBAAyB;QACzB,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAChC,CAAC;IACD,oEAAoE;IACpE,mEAAmE;IACnE,mEAAmE;IACnE,gEAAgE;IAChE,kEAAkE;IAClE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,KAAK,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,OAAO,CAAC;IAClE,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,4CAA4C,UAAU,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC;AACjF,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,8EAA8E;AAC9E,6DAA6D;AAC7D,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,4CAA4C;AAC5C,8EAA8E;AAE9E,KAAK,UAAU,0BAA0B,CACvC,IAAuC;IAEvC,MAAM,GAAG,GAAG,oBAAoB,CAAC,0CAA0C,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,+DAA+D;IAC/D,qEAAqE;IACrE,kEAAkE;IAClE,gEAAgE;IAChE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,iCAAiC,EAAE;QAClE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;yCAKyC;AACzC,MAAM,CAAC,MAAM,qBAAqB,GAAG,yBAAyB,CAAC;AAE/D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,KAAK,UAAU,iCAAiC,CAC9C,IAA8C;IAE9C,2EAA2E;IAC3E,oBAAoB,CAAC,iDAAiD,CAAC,CAAC;IAExE,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,IAAI,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,yBAAyB,CAAC,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,CAAC;IACxB,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,yBAAyB,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,EAAE,GAAG,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,gEAAgE;SACzE,CAAC,CAAC;IACL,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACtE,6EAA6E;IAC7E,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,KAAK,EAAE,CAAC;QACrC,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,uDAAuD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QACxD,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,sCAAsC;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,MAAM,SAAS,GAAG;QAChB,CAAC,EAAE,CAAU;QACb,MAAM;QACN,IAAI,EAAE;YACJ,EAAE;YACF,KAAK;YACL,aAAa,EAAE,IAAI,CAAC,aAAa,KAAK,IAAI;YAC1C,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjE;QACD,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxE,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CACrE,WAAW,CACZ,CAAC;IACF,6EAA6E;IAC7E,gBAAgB,EAAE,CAAC;IACnB,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;QAChD,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,CAAC,qBAAqB,CAAC,EAAE,OAAO;SACjC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;kEAIkE;AAClE,SAAS,kBAAkB;IACzB,OAAO,IAAI,uBAAuB,EAAE,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,GAAG,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,uBAAuB,EAAE;QACxD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,KAAK,UAAU,YAAY,CAAC,IAAyB;IACnD,MAAM,GAAG,GAAG,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;IACzD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,0BAA0B,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,8CAA8C;QAC9C,8DAA8D;QAC9D,MAAM,IAAI,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,yBAAyB,CAAC;YAChE,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B,CAAC;YACnE,MAAM,EAAG,IAA0B,CAAC,IAAI,IAAI,gBAAgB,GAAG,CAAC,MAAM,EAAE;SACzE,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,6CAA6C;AAC7C,8EAA8E;AAE9E,MAAM,kBAAkB,GAA2B;IACjD,OAAO,EAAE,gDAAgD;IACzD,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,aAAa;IAC1B,cAAc,EAAE,aAAa;IAC7B,WAAW,EAAE,oBAAoB;IACjC,UAAU,EAAE,6CAA6C;IACzD,MAAM,EAAE,sFAAsF;IAC9F,OAAO,EAAE,6BAA6B;IACtC,OAAO,EAAE,6BAA6B;IACtC,MAAM,EAAE,6BAA6B;IACrC,KAAK,EAAE,iDAAiD;IACxD,gBAAgB,EAAE,yCAAyC;IAC3D,OAAO,EAAE,aAAa;IACtB,QAAQ,EAAE,iEAAiE;IAC3E,OAAO,EAAE,4CAA4C;IACrD,oEAAoE;IACpE,cAAc,EACZ,4HAA4H;IAC9H,uBAAuB,EAAE,2BAA2B;IACpD,+BAA+B,EAC7B,2EAA2E;IAC7E,iCAAiC,EAC/B,2EAA2E;IAC7E,0BAA0B,EACxB,6EAA6E;CAChF,CAAC;AAiCF;;;4DAG4D;AAC5D,MAAM,2BAA2B,GAA2B;IAC1D,+BAA+B,EAC7B,2EAA2E;IAC7E,cAAc,EACZ,2EAA2E;IAC7E,YAAY,EAAE,mDAAmD;IACjE,mBAAmB,EACjB,2EAA2E;CAC9E,CAAC;AAEF,MAAM,YAAY,GAAG;IACnB,0BAA0B;IAC1B,iCAAiC;IACjC,WAAW;CACZ,CAAC;AAEF,MAAM,QAAQ,GAA8B,IAAI,KAAK,CAAC,YAAY,EAAE;IAClE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,iBAAiB,IAAI,EAAE;gBACtC,aAAa,EACX,2BAA2B,CAAC,IAAI,CAAC;oBACjC,4FAA4F;aAC/F,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH,MAAM,QAAQ,GAAkB;IAC9B,IAAI;IACJ,WAAW;IACX,WAAW;IACX,iBAAiB;IACjB,YAAY;IACZ,KAAK,EAAE,SAAS;IAChB,SAAS;IACT,SAAS;IACT,kBAAkB;IAClB,UAAU,EAAE;QACV,IAAI,EAAE,YAAY;KACnB;IACD,QAAQ;CACT,CAAC;AAEF;;;gEAGgE;AAChE,MAAM,CAAC,MAAM,IAAI,GAAkB,IAAI,KAAK,CAAC,QAAQ,EAAE;IACrD,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,kBAAkB,CAAC;oBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;oBAC7B,aAAa,EAAE,WAAW;iBAC3B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;gBAC7B,aAAa,EAAE,0EAA0E;aAC1F,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH;;;;;;;;GAQG;AAEH,6DAA6D;AAC7D,MAAM,UAAU,UAAU;IACxB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,WAAW;IACzB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC/F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,cAAc;IAC5B,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAClG,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,gBAAgB;IAC9B,MAAM,IAAI,kBAAkB,CAAC;QAC3B,aAAa,EAAE,kBAAkB;QACjC,aAAa,EAAE,aAAa;KAC7B,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,yBAAyB,CAChC,QAA6B,EAC7B,SAAiB;IAEjB,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO;QACL,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,SAAS;QACT,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,GAAG,EAAE,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC;QACtB,QAAQ,EAAE,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzB,CAAC;AASD,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,4BAA4B,EAC5B,yBAAyB,EACzB,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,EACzB,eAAe,GAChB,MAAM,aAAa,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,GAEjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,GAAG,MAAM,eAAe,CAAC;AAChC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,EACtB,2BAA2B,EAC3B,qBAAqB,EACrB,uBAAuB,EAEvB,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAQrB,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,8EAA8E;AAC9E,mCAAmC;AACnC,8EAA8E;AAE9E,KAAK,UAAU,IAAI;IACjB,oEAAoE;IACpE,8DAA8D;IAC9D,gBAAgB,EAAE,CAAC;IACnB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,mEAAmE;QACnE,gEAAgE;QAChE,mEAAmE;QACnE,gEAAgE;QAChE,+DAA+D;QAC/D,qEAAqE;QACrE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,+DAA+D;IAC/D,mDAAmD;IACnD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,OAAO,yBAAyB,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IAC7D,CAAC;IACD,uEAAuE;IACvE,uEAAuE;IACvE,uEAAuE;IACvE,8DAA8D;IAC9D,uEAAuE;IACvE,uEAAuE;IACvE,IAAI,GAAG,CAAC,cAAc,KAAK,aAAa,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,oEAAoE;IACpE,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,kEAAkE;IAClE,+DAA+D;IAC/D,2DAA2D;IAC3D,OAAO,4BAA4B,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;iBAUiB;AACjB,SAAS,4BAA4B,CACnC,GAAsD;IAEtD,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;IACpC,kEAAkE;IAClE,qEAAqE;IACrE,8BAA8B;IAC9B,IAAI,UAA8B,CAAC;IACnC,8DAA8D;IAC9D,MAAM,CAAC,GAAG,OAAc,CAAC;IACzB,IAAI,OAAO,CAAC,EAAE,GAAG,KAAK,UAAU,EAAE,CAAC;QACjC,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,SAAS,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC;QACzD,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjD,CAAC;IACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CASvB,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,OAAO,CAAC,UAAU,KAAK,GAAG,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QACtD,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,GAAG;YACf,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,SAAS,EAAE,OAAO,CAAC,UAAU,IAAI,UAAU,OAAO,CAAC,GAAG,EAAE;YACxD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,aAAa,EAAE,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAC5D,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YACvD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;IAC3B,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,MAAM,IAAI,iBAAiB,CAAC,EAAE,QAAQ,EAAE,eAAe,EAAE,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,IAAO;IAEP,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,uEAAuE;IACvE,gEAAgE;IAChE,mEAAmE;IACnE,kCAAkC;IAClC,MAAM,GAAG,GAAG,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;IACzE,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC/B,CAAC;IACD,MAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,UAAU,CACjB,OAAsD,EACtD,IAAY;IAEZ,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACtF,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAAa;IAEb,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,wEAAwE;IACxE,wEAAwE;IACxE,oEAAoE;IACpE,MAAM,GAAG,GAAG,oBAAoB,CAAC,wBAAwB,CAAC,CAAC;IAC3D,MAAM,gBAAgB,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,0BAA0B,CAAC,CAAC;IACrF,IAAI,gBAAgB,KAAK,UAAU,EAAE,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrC,CAAC;IACD,MAAM,IAAI,2BAA2B,CAAC,UAAU,CAAC,CAAC;AACpD,CAAC;AAaD,KAAK,UAAU,YAAY,CAAC,IAAyB;IACnD,gBAAgB,EAAE,CAAC;IACnB,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YAClC,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,OAAO,OAAO,EAAE,KAAK,QAAQ,IAAI,MAAM,GAAG,EAAE,IAAI,SAAS,CAAC;QAC5D,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,sBAAsB,CAAC;gBAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,QAAQ,EAAE,eAAe,EAAE;aAC5B,CAAC,CAAC;QACL,CAAC;QACD,OAAO;IACT,CAAC;IACD,IAAI,MAAM,GAAG,KAAK,CAAC,QAAQ,IAAI,SAAS;QAAE,OAAO;IACjD,MAAM,IAAI,sBAAsB,CAAC;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,EAAE,EAAE;QACP,QAAQ,EAAE,eAAe,EAAE;KAC5B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,EAAE,GAAG,oBAAoB,CAAC;IAChC,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,QAAQ,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5B,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,CAAC;gBACX,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC;gBAClB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC;gBACnB,MAAM;QACV,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E,KAAK,UAAU,SAAS,CACtB,KAAwB,EACxB,IAAkB;IAElB,MAAM,GAAG,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAC;IACxE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,qBAAqB,CAAC;YAC9B,SAAS,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;YACpG,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,mEAAmE;IACnE,mEAAmE;IACnE,kEAAkE;IAClE,6DAA6D;IAC7D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,kEAAkE;IAClE,sEAAsE;IACtE,mEAAmE;IACnE,kEAAkE;IAClE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEzB,MAAM,WAAW,GAAgB;QAC/B,GAAG,IAAI;QACP,OAAO;QACP,QAAQ,EAAE,IAAI,EAAE,QAAQ,IAAI,QAAQ;KACrC,CAAC;IACF,OAAO,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,8EAA8E;AAE9E,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACvB,kEAAkE;QAClE,kEAAkE;QAClE,8DAA8D;QAC9D,yBAAyB;QACzB,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAChC,CAAC;IACD,oEAAoE;IACpE,mEAAmE;IACnE,mEAAmE;IACnE,gEAAgE;IAChE,kEAAkE;IAClE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,KAAK,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,OAAO,CAAC;IAClE,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,4CAA4C,UAAU,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC;AACjF,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,8EAA8E;AAC9E,6DAA6D;AAC7D,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,4CAA4C;AAC5C,8EAA8E;AAE9E,KAAK,UAAU,0BAA0B,CACvC,IAAuC;IAEvC,MAAM,GAAG,GAAG,oBAAoB,CAAC,0CAA0C,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,+DAA+D;IAC/D,qEAAqE;IACrE,kEAAkE;IAClE,gEAAgE;IAChE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,iCAAiC,EAAE;QAClE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;yCAKyC;AACzC,MAAM,CAAC,MAAM,qBAAqB,GAAG,yBAAyB,CAAC;AAE/D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,KAAK,UAAU,iCAAiC,CAC9C,IAA8C;IAE9C,2EAA2E;IAC3E,oBAAoB,CAAC,iDAAiD,CAAC,CAAC;IAExE,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,IAAI,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,yBAAyB,CAAC,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,CAAC;IACxB,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,yBAAyB,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,EAAE,GAAG,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,gEAAgE;SACzE,CAAC,CAAC;IACL,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACtE,6EAA6E;IAC7E,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,KAAK,EAAE,CAAC;QACrC,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,uDAAuD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QACxD,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,sCAAsC;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,MAAM,SAAS,GAAG;QAChB,CAAC,EAAE,CAAU;QACb,MAAM;QACN,IAAI,EAAE;YACJ,EAAE;YACF,KAAK;YACL,aAAa,EAAE,IAAI,CAAC,aAAa,KAAK,IAAI;YAC1C,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjE;QACD,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxE,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CACrE,WAAW,CACZ,CAAC;IACF,6EAA6E;IAC7E,gBAAgB,EAAE,CAAC;IACnB,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;QAChD,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,CAAC,qBAAqB,CAAC,EAAE,OAAO;SACjC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;kEAIkE;AAClE,SAAS,kBAAkB;IACzB,OAAO,IAAI,uBAAuB,EAAE,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,GAAG,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,uBAAuB,EAAE;QACxD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;;kFAIkF;AAClF,KAAK,UAAU,YAAY,CAAC,KAA0B;IACpD,MAAM,IAAI,kBAAkB,CAAC;QAC3B,OAAO,EAAE,sBAAsB;QAC/B,OAAO,EAAE,mCAAmC;KAC7C,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,6EAA6E;AAC7E,8CAA8C;AAC9C,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,KAAK,UAAU,WAAW;IACxB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;IAC3B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,KAAa,CAAC;IAClB,IAAI,CAAC;QACH,KAAK,GAAG,GAAG,CAAC,IAAI,CACd;YACE,GAAG,EAAE,KAAK,CAAC,EAAE;YACb,IAAI,EAAE,eAAwB;YAC9B,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,SAAS;YAC3B,GAAG,EAAE,SAAkB;YACvB,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,MAAM,GAAG,EAAE;SACjB,EACD,MAAM,CAAC,UAAU,CAClB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,2EAA2E;IAC3E,4EAA4E;IAC5E,8EAA8E;IAC9E,wEAAwE;IACxE,MAAM,SAAS,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACxC,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CACf,GAAG,MAAM,CAAC,QAAQ,wCAAwC,kBAAkB,CAAC,SAAS,CAAC,EAAE,EACzF;YACE,OAAO,EAAE;gBACP,MAAM,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;gBAC7B,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,MAAM,EAAE,kBAAkB;aAC3B;YACD,QAAQ,EAAE,QAAQ;SACnB,CACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAExC,CAAC;IACT,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,4EAA4E;IAC5E,OAAO,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAClC,CAAC;AAED,kDAAkD;AAClD,KAAK,UAAU,eAAe;IAC5B,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;IACrC,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAC7C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAC9E,2EAA2E;AAC3E,mEAAmE;AACnE,4EAA4E;AAC5E,8EAA8E;AAC9E,2EAA2E;AAC3E,8EAA8E;AAE9E;;gFAEgF;AAChF,SAAS,sBAAsB,CAAC,KAAY;IAC1C,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,IAAI,CACb;YACE,GAAG,EAAE,KAAK,CAAC,EAAE;YACb,IAAI,EAAE,eAAwB;YAC9B,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,SAAS;YAC3B,GAAG,EAAE,SAAkB;YACvB,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,MAAM,GAAG,EAAE;YAChB,SAAS,EAAE,KAAK,CAAC,QAAQ;SAC1B,EACD,MAAM,CAAC,UAAU,CAClB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;gFAEgF;AAChF,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,IAAgE;IAEhE,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACxC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAClD,MAAM,KAAK,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAC1C,4EAA4E;IAC5E,8EAA8E;IAC9E,mEAAmE;IACnE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,QAAQ,GAAG,IAAI,EAAE,EAAE;QACnD,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,OAAO,EAAE;YACP,MAAM,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC7B,aAAa,EAAE,UAAU,KAAK,EAAE;YAChC,MAAM,EAAE,kBAAkB;YAC1B,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3E;QACD,IAAI,EAAE,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACrE,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAA6B,CAAC;QAC9E,IAAI,IAAI,EAAE,IAAI,KAAK,8BAA8B,EAAE,CAAC;YAClD,MAAM,IAAI,sBAAsB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAChC,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,YAAY,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAY,CAAC;AACzD,CAAC;AAED;;0EAE0E;AAC1E,KAAK,UAAU,WAAW,CAAC,WAAmB,EAAE,KAA2B;IACzE,MAAM,oBAAoB,CAAC,2BAA2B,EAAE;QACtD,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAED,sEAAsE;AACtE,KAAK,UAAU,iBAAiB;IAC9B,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,sCAAsC,EAAE;QAC9E,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,EAAE;KACT,CAAC,CAA+B,CAAC;IAClC,OAAO,EAAE,aAAa,EAAE,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAC1F,CAAC;AAED,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,KAAK,IAAwB,EAAE;QACnC,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,2BAA2B,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAEtF,CAAC;QACF,OAAO,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,SAAiB,EAAiB,EAAE;QACjD,MAAM,oBAAoB,CAAC,kCAAkC,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IACD;;iDAE6C;IAC7C,GAAG,EAAE,GAAU,EAAE;QACf,MAAM,IAAI,KAAK,CACb,sMAAsM,CACvM,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACxB,IAAI,EAAE,KAAK,IAAwB,EAAE;QACnC,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,6BAA6B,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAExF,CAAC;QACF,OAAO,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;IAC9B,CAAC;IACD;;;;wEAIoE;IACpE,SAAS,EAAE,KAAK,EAAE,IAIjB,EAA4D,EAAE;QAC7D,IAAI,CAAC,IAAI,EAAE,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAChG,IAAI,CAAC,IAAI,EAAE,WAAW;YACpB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,kBAAkB,IAAI,CAAC,QAAQ,QAAQ,EAAE;YAC/E,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,UAAU,EAAE;SACxF,CAAC,CAAwD,CAAC;QAC3D,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;QAC9F,CAAC;QACD,OAAO;YACL,gBAAgB,EAAE,GAAG,CAAC,iBAAiB;YACvC,SAAS,EAAE,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG;SACrE,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,IAA2C,EAAiB,EAAE;QAC3E,MAAM,oBAAoB,CAAC,oCAAoC,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACzD,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,KAAK,IAAwB,EAAE;QACnC,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,2BAA2B,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAEtF,CAAC;QACF,OAAO,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,SAAiB,EAAiB,EAAE;QACjD,MAAM,oBAAoB,CAAC,kCAAkC,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;;;8CAI8C;AAC9C,MAAM,0BAA0B,GAA2B;IACzD,GAAG,EAAE,6DAA6D;IAClE,MAAM,EACJ,4FAA4F;IAC9F,KAAK,EAAE,wDAAwD;IAC/D,WAAW,EAAE,aAAa;IAC1B,IAAI,EAAE,aAAa;CACpB,CAAC;AAEF,MAAM,WAAW,GAAG;IAClB,WAAW;IACX,eAAe;IACf,WAAW;IACX,iBAAiB;IACjB,QAAQ,EAAE,eAAe;IACzB,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,eAAe;CAC1B,CAAC;AAEF,MAAM,OAAO,GAA6B,IAAI,KAAK,CAAC,WAAW,EAAE;IAC/D,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,gBAAgB,IAAI,EAAE;gBACrC,aAAa,EACX,0BAA0B,CAAC,IAAI,CAAC;oBAChC,6DAA6D;aAChE,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH,8EAA8E;AAC9E,6CAA6C;AAC7C,8EAA8E;AAE9E,MAAM,kBAAkB,GAA2B;IACjD,OAAO,EAAE,gDAAgD;IACzD,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,aAAa;IAC1B,cAAc,EAAE,aAAa;IAC7B,WAAW,EAAE,oBAAoB;IACjC,UAAU,EAAE,6CAA6C;IACzD,MAAM,EAAE,sFAAsF;IAC9F,OAAO,EAAE,6BAA6B;IACtC,OAAO,EAAE,6BAA6B;IACtC,MAAM,EAAE,6BAA6B;IACrC,KAAK,EAAE,iDAAiD;IACxD,gBAAgB,EAAE,yCAAyC;IAC3D,OAAO,EAAE,aAAa;IACtB,QAAQ,EAAE,iEAAiE;IAC3E,OAAO,EAAE,4CAA4C;IACrD,oEAAoE;IACpE,cAAc,EACZ,4HAA4H;IAC9H,uBAAuB,EAAE,2BAA2B;IACpD,+BAA+B,EAC7B,2EAA2E;IAC7E,iCAAiC,EAC/B,2EAA2E;IAC7E,0BAA0B,EACxB,6EAA6E;CAChF,CAAC;AAmEF;;;4DAG4D;AAC5D,MAAM,2BAA2B,GAA2B;IAC1D,+BAA+B,EAC7B,2EAA2E;IAC7E,cAAc,EACZ,2EAA2E;IAC7E,YAAY,EAAE,mDAAmD;IACjE,mBAAmB,EACjB,2EAA2E;CAC9E,CAAC;AAEF,MAAM,YAAY,GAAG;IACnB,0BAA0B;IAC1B,iCAAiC;IACjC,WAAW;CACZ,CAAC;AAEF,MAAM,QAAQ,GAA8B,IAAI,KAAK,CAAC,YAAY,EAAE;IAClE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,iBAAiB,IAAI,EAAE;gBACtC,aAAa,EACX,2BAA2B,CAAC,IAAI,CAAC;oBACjC,4FAA4F;aAC/F,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH,MAAM,QAAQ,GAAkB;IAC9B,IAAI;IACJ,WAAW;IACX,WAAW;IACX,iBAAiB;IACjB,YAAY;IACZ,KAAK,EAAE,SAAS;IAChB,SAAS;IACT,SAAS;IACT,kBAAkB;IAClB,OAAO;IACP,UAAU,EAAE;QACV,IAAI,EAAE,YAAY;KACnB;IACD,QAAQ;CACT,CAAC;AAEF;;;gEAGgE;AAChE,MAAM,CAAC,MAAM,IAAI,GAAkB,IAAI,KAAK,CAAC,QAAQ,EAAE;IACrD,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,kBAAkB,CAAC;oBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;oBAC7B,aAAa,EAAE,WAAW;iBAC3B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;gBAC7B,aAAa,EAAE,0EAA0E;aAC1F,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH;;;;;;;;GAQG;AAEH,6DAA6D;AAC7D,MAAM,UAAU,UAAU;IACxB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,WAAW;IACzB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC/F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,cAAc;IAC5B,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAClG,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,gBAAgB;IAC9B,MAAM,IAAI,kBAAkB,CAAC;QAC3B,aAAa,EAAE,kBAAkB;QACjC,aAAa,EAAE,aAAa;KAC7B,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,yBAAyB,CAChC,QAA6B,EAC7B,SAAiB;IAEjB,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO;QACL,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,SAAS;QACT,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,GAAG,EAAE,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC;QACtB,QAAQ,EAAE,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzB,CAAC;AAYD,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,4BAA4B,EAC5B,yBAAyB,EACzB,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,eAAe,GAChB,MAAM,aAAa,CAAC"}
|
package/dist/auth/types.d.ts
CHANGED
|
@@ -66,6 +66,45 @@ export interface TenantUser {
|
|
|
66
66
|
displayName?: string;
|
|
67
67
|
avatarUrl?: string;
|
|
68
68
|
}
|
|
69
|
+
/** A Run402-verified federated identity link (OAuth / cryptographic proof). */
|
|
70
|
+
export interface Run402Identity {
|
|
71
|
+
provider: string;
|
|
72
|
+
provider_sub: string;
|
|
73
|
+
provider_email: string | null;
|
|
74
|
+
created_at: string;
|
|
75
|
+
}
|
|
76
|
+
/** A tenant-vouched assertion link (from `createResponseFromTenantAssertion`).
|
|
77
|
+
* `last_amr` reflects the tenant provenance (e.g. `["tenant_password"]`),
|
|
78
|
+
* intentionally distinct from Run402-verified amr values. */
|
|
79
|
+
export interface TenantAssertionRef {
|
|
80
|
+
issuer: string;
|
|
81
|
+
last_amr: string[];
|
|
82
|
+
}
|
|
83
|
+
/** The rich account/security read returned by `auth.account.getSecurity()` —
|
|
84
|
+
* distinct from the cheap per-request `auth.user()` Actor. Credentials are
|
|
85
|
+
* qualified to Run402 ownership (`has_run402_password`, `run402_passkey_count`,
|
|
86
|
+
* `run402_identities`) so a tenant-vouched user (no Run402 password) reads
|
|
87
|
+
* `has_run402_password: false`.
|
|
88
|
+
*
|
|
89
|
+
* §4.8 — branch parity with the shipped `GET /auth/v1/user`. Every UI branch
|
|
90
|
+
* the old fields drove is preserved by the ownership-qualified mapping:
|
|
91
|
+
* - `has_password` → `has_run402_password` (set-vs-change password)
|
|
92
|
+
* - `has_passkeys`/`passkey_count` → `run402_passkey_count` (offer "Add passkey")
|
|
93
|
+
* - `has_passkey_for_current_rp` → `has_run402_passkey_for_current_rp`
|
|
94
|
+
* - `identities` → `run402_identities` (connected accounts)
|
|
95
|
+
* - `current_rp_id` → `current_rp_id` (unchanged)
|
|
96
|
+
* Plus the new `passkey_rp_scope` and `tenant_assertions` (tenant provenance,
|
|
97
|
+
* which the old endpoint conflated into `has_password`/`identities`). */
|
|
98
|
+
export interface AccountSecurity {
|
|
99
|
+
user: Actor;
|
|
100
|
+
has_run402_password: boolean;
|
|
101
|
+
run402_passkey_count: number;
|
|
102
|
+
has_run402_passkey_for_current_rp: boolean | null;
|
|
103
|
+
run402_identities: Run402Identity[];
|
|
104
|
+
current_rp_id: string | null;
|
|
105
|
+
passkey_rp_scope: "host" | "realm";
|
|
106
|
+
tenant_assertions: TenantAssertionRef[];
|
|
107
|
+
}
|
|
69
108
|
/** Options for `auth.sessions.createResponseFromTenantAssertion`. Agent-proof
|
|
70
109
|
* by design: the platform derives `issuer: "tenant:<tenant>"` from `tenant`
|
|
71
110
|
* and `amr` from `method` (`"password"` → `tenant_password`, `"sso"` →
|
package/dist/auth/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,KAAK;IACpB,kEAAkE;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;;uCAGuC;AACvC,MAAM,MAAM,aAAa,GACrB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACpE;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACnD;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;IACrB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd;;uEAEmE;IACnE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;CACtB;AAED;;;0EAG0E;AAC1E,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;sDAIsD;AACtD,MAAM,WAAW,wCAAwC;IACvD,oEAAoE;IACpE,MAAM,EAAE,MAAM,CAAC;IACf,6DAA6D;IAC7D,IAAI,EAAE,UAAU,CAAC;IACjB,gDAAgD;IAChD,MAAM,EAAE,UAAU,GAAG,KAAK,CAAC;IAC3B,2EAA2E;IAC3E,QAAQ,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAC9B"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,KAAK;IACpB,kEAAkE;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;;uCAGuC;AACvC,MAAM,MAAM,aAAa,GACrB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACpE;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACnD;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;IACrB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd;;uEAEmE;IACnE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;CACtB;AAED;;;0EAG0E;AAC1E,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,+EAA+E;AAC/E,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;8DAE8D;AAC9D,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;;;;;;;;;;;;0EAc0E;AAC1E,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,KAAK,CAAC;IACZ,mBAAmB,EAAE,OAAO,CAAC;IAC7B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,iCAAiC,EAAE,OAAO,GAAG,IAAI,CAAC;IAClD,iBAAiB,EAAE,cAAc,EAAE,CAAC;IACpC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC;IACnC,iBAAiB,EAAE,kBAAkB,EAAE,CAAC;CACzC;AAED;;;;sDAIsD;AACtD,MAAM,WAAW,wCAAwC;IACvD,oEAAoE;IACpE,MAAM,EAAE,MAAM,CAAC;IACf,6DAA6D;IAC7D,IAAI,EAAE,UAAU,CAAC;IACjB,gDAAgD;IAChD,MAAM,EAAE,UAAU,GAAG,KAAK,CAAC;IAC3B,2EAA2E;IAC3E,QAAQ,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAC9B"}
|
package/dist/index.d.ts
CHANGED
|
@@ -2,8 +2,8 @@ export { db, adminDb, QueryBuilder } from "./db.js";
|
|
|
2
2
|
export { getUser, getUserId, getRole } from "./auth.js";
|
|
3
3
|
export type { User } from "./auth.js";
|
|
4
4
|
export { auth } from "./auth/index.js";
|
|
5
|
-
export type { Actor, IdentityProof, TenantUser, CreateResponseFromTenantAssertionOptions, } from "./auth/index.js";
|
|
6
|
-
export { Run402AuthError, AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, InvalidCredentialsError, TenantSubjectInvalidError, } from "./auth/index.js";
|
|
5
|
+
export type { Actor, IdentityProof, TenantUser, CreateResponseFromTenantAssertionOptions, AccountSecurity, Run402Identity, TenantAssertionRef, } from "./auth/index.js";
|
|
6
|
+
export { Run402AuthError, AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, InvalidCredentialsError, TenantSubjectInvalidError, RenamedExportError, } from "./auth/index.js";
|
|
7
7
|
export { getSession, currentUser, getCurrentUser, getServerSession } from "./auth/index.js";
|
|
8
8
|
export { email } from "./email.js";
|
|
9
9
|
export type { EmailSendOptions, EmailRawOptions, EmailTemplateOptions, EmailSendResult } from "./email.js";
|
|
@@ -22,4 +22,5 @@ export type { Cache, CacheInvalidateResult, InvalidatePrefixOptions, InvalidateA
|
|
|
22
22
|
export { CacheInvalidationHostRequiredError, CacheInvalidationHostForbiddenError, } from "./cache.js";
|
|
23
23
|
export { als, getCurrentContext, runWithContext, requireActiveContext, taintCacheBypass, withPaymentTaint, PAYMENT_PRIMITIVES, Run402OutsideRequestContextError, } from "./runtime-context.js";
|
|
24
24
|
export type { RunRequestContext } from "./runtime-context.js";
|
|
25
|
+
export { ensureActorContextKeysLoaded } from "./lib/actor-context-verify.js";
|
|
25
26
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACxD,YAAY,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAQtC,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AACvC,YAAY,EACV,KAAK,EACL,aAAa,EACb,UAAU,EACV,wCAAwC,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACxD,YAAY,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAQtC,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AACvC,YAAY,EACV,KAAK,EACL,aAAa,EACb,UAAU,EACV,wCAAwC,EACxC,eAAe,EACf,cAAc,EACd,kBAAkB,GACnB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,4BAA4B,EAC5B,yBAAyB,EACzB,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,iBAAiB,CAAC;AAMzB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAC5F,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC3G,OAAO,EAAE,EAAE,EAAE,MAAM,SAAS,CAAC;AAC7B,YAAY,EACV,oBAAoB,EACpB,mBAAmB,EACnB,WAAW,EACX,gBAAgB,EAChB,eAAe,EACf,cAAc,GACf,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,YAAY,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAMlG,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,YAAY,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AACjE,YAAY,EACV,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,QAAQ,EACR,eAAe,EACf,YAAY,EAEZ,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,gBAAgB,EAChB,cAAc,EACd,SAAS,GACV,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAC5E,YAAY,EACV,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAI1B,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,YAAY,EACV,KAAK,EACL,qBAAqB,EACrB,uBAAuB,EACvB,oBAAoB,GACrB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,kCAAkC,EAClC,mCAAmC,GACpC,MAAM,YAAY,CAAC;AAKpB,OAAO,EACL,GAAG,EACH,iBAAiB,EACjB,cAAc,EACd,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,gCAAgC,GACjC,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAK9D,OAAO,EAAE,4BAA4B,EAAE,MAAM,+BAA+B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -7,7 +7,7 @@ export { getUser, getUserId, getRole } from "./auth.js";
|
|
|
7
7
|
// `auth.identities.link(...)` are the only documented identity surfaces.
|
|
8
8
|
// See openspec/changes/auth-aware-ssr/specs/auth-sdk-namespace/spec.md.
|
|
9
9
|
export { auth } from "./auth/index.js";
|
|
10
|
-
export { Run402AuthError, AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, InvalidCredentialsError, TenantSubjectInvalidError, } from "./auth/index.js";
|
|
10
|
+
export { Run402AuthError, AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, InvalidCredentialsError, TenantSubjectInvalidError, RenamedExportError, } from "./auth/index.js";
|
|
11
11
|
// Throwing-sentinel exports for the top legacy bare-name imports. These
|
|
12
12
|
// fire `R402_AUTH_UNKNOWN_EXPORT` at runtime with a structured fix-it,
|
|
13
13
|
// catching the case where `run402 doctor` and the ESLint rule didn't run
|
|
@@ -38,4 +38,9 @@ export { CacheInvalidationHostRequiredError, CacheInvalidationHostForbiddenError
|
|
|
38
38
|
// (in @run402/astro) uses `runWithContext` to establish the store; user
|
|
39
39
|
// code typically does not import these directly.
|
|
40
40
|
export { als, getCurrentContext, runWithContext, requireActiveContext, taintCacheBypass, withPaymentTaint, PAYMENT_PRIMITIVES, Run402OutsideRequestContextError, } from "./runtime-context.js";
|
|
41
|
+
// auth-hosted-surface-parity: the generated Lambda entry wrapper awaits this
|
|
42
|
+
// before resolving a cookie-derived actor. It fetches the gateway-only
|
|
43
|
+
// actor-context verify key once at cold start (the key is never in the
|
|
44
|
+
// tenant Lambda env). No-op in local dev / in-process gateway (key in env).
|
|
45
|
+
export { ensureActorContextKeysLoaded } from "./lib/actor-context-verify.js";
|
|
41
46
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGxD,qEAAqE;AACrE,4EAA4E;AAC5E,iEAAiE;AACjE,+DAA+D;AAC/D,yEAAyE;AACzE,wEAAwE;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGxD,qEAAqE;AACrE,4EAA4E;AAC5E,iEAAiE;AACjE,+DAA+D;AAC/D,yEAAyE;AACzE,wEAAwE;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAUvC,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,4BAA4B,EAC5B,yBAAyB,EACzB,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,iBAAiB,CAAC;AACzB,wEAAwE;AACxE,uEAAuE;AACvE,yEAAyE;AACzE,yEAAyE;AACzE,8DAA8D;AAC9D,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAC5F,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAEnC,OAAO,EAAE,EAAE,EAAE,MAAM,SAAS,CAAC;AAS7B,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,qEAAqE;AACrE,yEAAyE;AACzE,8BAA8B;AAC9B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD,qEAAqE;AACrE,gEAAgE;AAChE,qEAAqE;AACrE,2EAA2E;AAC3E,2DAA2D;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAiBxD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAO5E,0CAA0C;AAC1C,mEAAmE;AACnE,2DAA2D;AAC3D,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAOnC,OAAO,EACL,kCAAkC,EAClC,mCAAmC,GACpC,MAAM,YAAY,CAAC;AACpB,wEAAwE;AACxE,yEAAyE;AACzE,wEAAwE;AACxE,iDAAiD;AACjD,OAAO,EACL,GAAG,EACH,iBAAiB,EACjB,cAAc,EACd,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,gCAAgC,GACjC,MAAM,sBAAsB,CAAC;AAE9B,6EAA6E;AAC7E,uEAAuE;AACvE,uEAAuE;AACvE,4EAA4E;AAC5E,OAAO,EAAE,4BAA4B,EAAE,MAAM,+BAA+B,CAAC"}
|
|
@@ -89,6 +89,23 @@ export type VerifyOutcome = {
|
|
|
89
89
|
ok: false;
|
|
90
90
|
reason: VerifyFailureReason;
|
|
91
91
|
};
|
|
92
|
+
/**
|
|
93
|
+
* Ensure the actor-context verify keys are available before a synchronous
|
|
94
|
+
* `verifyActorContextEnvelope` call. In production the key is NEVER injected
|
|
95
|
+
* into the tenant Lambda's environment (gateway-only secret — see the
|
|
96
|
+
* `functions.ts` INVARIANT comment); instead the runtime fetches it once,
|
|
97
|
+
* lazily, from the gateway's service-key-authed
|
|
98
|
+
* `GET /internal/v1/actor-context-keys` endpoint using the Lambda's
|
|
99
|
+
* `RUN402_SERVICE_KEY`. The key stays out of the static bundle (can't be
|
|
100
|
+
* grepped) and is cached only in this module's memory. Local dev and the
|
|
101
|
+
* in-process gateway have the key in env, so the fetch path is skipped.
|
|
102
|
+
*
|
|
103
|
+
* Failures are non-fatal: the request stays anonymous and a later request
|
|
104
|
+
* retries the fetch. Callers MUST await this before relying on a cookie-
|
|
105
|
+
* derived actor (the generated Lambda entry wrapper does so when the
|
|
106
|
+
* inbound request carries the actor-context header).
|
|
107
|
+
*/
|
|
108
|
+
export declare function ensureActorContextKeysLoaded(): Promise<void>;
|
|
92
109
|
/** Test injection. NEVER call from production code. */
|
|
93
110
|
export declare function _setActorContextKeyMapForTest(map: Record<string, Buffer | string> | null): void;
|
|
94
111
|
export declare function verifyActorContextEnvelope(encoded: string, ctx: VerifyRequestContext): VerifyOutcome;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actor-context-verify.d.ts","sourceRoot":"","sources":["../../src/lib/actor-context-verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAIH,eAAO,MAAM,8BAA8B,EAAG,CAAU,CAAC;AACzD,eAAO,MAAM,0BAA0B,mBAAmB,CAAC;AAC3D,eAAO,MAAM,0BAA0B,6BAA6B,CAAC;AACrE,eAAO,MAAM,8BAA8B,KAAK,CAAC;AAEjD;kEACkE;AAClE,eAAO,MAAM,oBAAoB,2BAA2B,CAAC;AAE7D,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,CAAC,EAAE,CAAC,CAAC;IACL,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,OAAO,0BAA0B,CAAC;IACvC,GAAG,EAAE,OAAO,0BAA0B,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,oBAAoB,CAAC;CAC7B;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,GAAG,CAAC,EAAE,IAAI,CAAC;CACZ;AAED,MAAM,MAAM,mBAAmB,GAC3B,WAAW,GACX,aAAa,GACb,eAAe,GACf,cAAc,GACd,cAAc,GACd,SAAS,GACT,mBAAmB,GACnB,qBAAqB,GACrB,qBAAqB,GACrB,iBAAiB,GACjB,eAAe,GACf,eAAe,GACf,kBAAkB,CAAC;AAEvB,MAAM,MAAM,aAAa,GACrB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,gBAAgB,CAAA;CAAE,GACxC;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,mBAAmB,CAAA;CAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"actor-context-verify.d.ts","sourceRoot":"","sources":["../../src/lib/actor-context-verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAIH,eAAO,MAAM,8BAA8B,EAAG,CAAU,CAAC;AACzD,eAAO,MAAM,0BAA0B,mBAAmB,CAAC;AAC3D,eAAO,MAAM,0BAA0B,6BAA6B,CAAC;AACrE,eAAO,MAAM,8BAA8B,KAAK,CAAC;AAEjD;kEACkE;AAClE,eAAO,MAAM,oBAAoB,2BAA2B,CAAC;AAE7D,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,gBAAgB;IAC/B,CAAC,EAAE,CAAC,CAAC;IACL,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,OAAO,0BAA0B,CAAC;IACvC,GAAG,EAAE,OAAO,0BAA0B,CAAC;IACvC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,oBAAoB,CAAC;CAC7B;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,wDAAwD;IACxD,GAAG,CAAC,EAAE,IAAI,CAAC;CACZ;AAED,MAAM,MAAM,mBAAmB,GAC3B,WAAW,GACX,aAAa,GACb,eAAe,GACf,cAAc,GACd,cAAc,GACd,SAAS,GACT,mBAAmB,GACnB,qBAAqB,GACrB,qBAAqB,GACrB,iBAAiB,GACjB,eAAe,GACf,eAAe,GACf,kBAAkB,CAAC;AAEvB,MAAM,MAAM,aAAa,GACrB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,gBAAgB,CAAA;CAAE,GACxC;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,mBAAmB,CAAA;CAAE,CAAC;AAsE/C;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,4BAA4B,IAAI,OAAO,CAAC,IAAI,CAAC,CAoBlE;AAwBD,uDAAuD;AACvD,wBAAgB,6BAA6B,CAC3C,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC,GAAG,IAAI,GAC1C,IAAI,CAeN;AAMD,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,oBAAoB,GACxB,aAAa,CA0Ef"}
|
|
@@ -54,10 +54,18 @@ export const ACTOR_CONTEXT_HEADER = "x-run402-actor-context";
|
|
|
54
54
|
// Key store (env-loaded, test-injectable)
|
|
55
55
|
// ---------------------------------------------------------------------------
|
|
56
56
|
const KEY_MIN_BYTES = 32;
|
|
57
|
+
/** The resolved verify-key map (env ∪ gateway-fetched ∪ test-injected).
|
|
58
|
+
* `null` until first resolve. Once populated with ≥1 key it is treated as
|
|
59
|
+
* authoritative and never re-fetched. */
|
|
57
60
|
let keyMap = null;
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
+
/** De-dupes concurrent cold-start fetches; cleared on completion so a
|
|
62
|
+
* failed fetch can be retried by the next request (rather than pinning the
|
|
63
|
+
* Lambda anonymous for its whole lifetime). */
|
|
64
|
+
let keyFetchInFlight = null;
|
|
65
|
+
/** Pure env read. Does NOT cache — `keyMap` is only set once we have keys,
|
|
66
|
+
* so an empty prod-Lambda env doesn't pin an empty map and block the
|
|
67
|
+
* gateway fetch fallback. */
|
|
68
|
+
function loadKeyMapFromEnv() {
|
|
61
69
|
const map = new Map();
|
|
62
70
|
const mapJson = process.env.ACTOR_CONTEXT_SIGNING_KEY_MAP_JSON;
|
|
63
71
|
if (mapJson) {
|
|
@@ -96,13 +104,84 @@ function loadKeyMap() {
|
|
|
96
104
|
if (buf.length >= KEY_MIN_BYTES)
|
|
97
105
|
map.set(kid, buf);
|
|
98
106
|
}
|
|
99
|
-
|
|
107
|
+
return map;
|
|
108
|
+
}
|
|
109
|
+
/** Sync accessor used by `verifyActorContextEnvelope`. Prefers the resolved
|
|
110
|
+
* `keyMap`; falls back to an env read so callers that have env keys (local
|
|
111
|
+
* dev, the in-process gateway) or that injected via the test helper work
|
|
112
|
+
* without an explicit `ensureActorContextKeysLoaded()`. */
|
|
113
|
+
function currentKeyMap() {
|
|
114
|
+
return keyMap ?? loadKeyMapFromEnv();
|
|
115
|
+
}
|
|
116
|
+
/**
|
|
117
|
+
* Ensure the actor-context verify keys are available before a synchronous
|
|
118
|
+
* `verifyActorContextEnvelope` call. In production the key is NEVER injected
|
|
119
|
+
* into the tenant Lambda's environment (gateway-only secret — see the
|
|
120
|
+
* `functions.ts` INVARIANT comment); instead the runtime fetches it once,
|
|
121
|
+
* lazily, from the gateway's service-key-authed
|
|
122
|
+
* `GET /internal/v1/actor-context-keys` endpoint using the Lambda's
|
|
123
|
+
* `RUN402_SERVICE_KEY`. The key stays out of the static bundle (can't be
|
|
124
|
+
* grepped) and is cached only in this module's memory. Local dev and the
|
|
125
|
+
* in-process gateway have the key in env, so the fetch path is skipped.
|
|
126
|
+
*
|
|
127
|
+
* Failures are non-fatal: the request stays anonymous and a later request
|
|
128
|
+
* retries the fetch. Callers MUST await this before relying on a cookie-
|
|
129
|
+
* derived actor (the generated Lambda entry wrapper does so when the
|
|
130
|
+
* inbound request carries the actor-context header).
|
|
131
|
+
*/
|
|
132
|
+
export async function ensureActorContextKeysLoaded() {
|
|
133
|
+
if (keyMap && keyMap.size > 0)
|
|
134
|
+
return;
|
|
135
|
+
const envMap = loadKeyMapFromEnv();
|
|
136
|
+
if (envMap.size > 0) {
|
|
137
|
+
keyMap = envMap;
|
|
138
|
+
return;
|
|
139
|
+
}
|
|
140
|
+
if (!keyFetchInFlight) {
|
|
141
|
+
keyFetchInFlight = fetchActorContextKeysFromGateway()
|
|
142
|
+
.then((fetched) => {
|
|
143
|
+
if (fetched.size > 0)
|
|
144
|
+
keyMap = fetched;
|
|
145
|
+
})
|
|
146
|
+
.catch(() => {
|
|
147
|
+
/* stay anonymous; next request retries */
|
|
148
|
+
})
|
|
149
|
+
.finally(() => {
|
|
150
|
+
keyFetchInFlight = null;
|
|
151
|
+
});
|
|
152
|
+
}
|
|
153
|
+
await keyFetchInFlight;
|
|
154
|
+
}
|
|
155
|
+
/** Fetch the verify-key map from the gateway. Returns an empty map (never
|
|
156
|
+
* throws to the caller's await) when the env is missing or the call fails. */
|
|
157
|
+
async function fetchActorContextKeysFromGateway() {
|
|
158
|
+
const map = new Map();
|
|
159
|
+
const base = process.env.RUN402_API_BASE;
|
|
160
|
+
const serviceKey = process.env.RUN402_SERVICE_KEY;
|
|
161
|
+
if (!base || !serviceKey)
|
|
162
|
+
return map;
|
|
163
|
+
const url = `${base.replace(/\/+$/, "")}/internal/v1/actor-context-keys`;
|
|
164
|
+
const res = await fetch(url, {
|
|
165
|
+
method: "GET",
|
|
166
|
+
headers: { Authorization: `Bearer ${serviceKey}` },
|
|
167
|
+
});
|
|
168
|
+
if (!res.ok)
|
|
169
|
+
return map;
|
|
170
|
+
const body = (await res.json());
|
|
171
|
+
for (const [kid, b64] of Object.entries(body.keys ?? {})) {
|
|
172
|
+
if (typeof b64 !== "string")
|
|
173
|
+
continue;
|
|
174
|
+
const buf = Buffer.from(b64, "base64");
|
|
175
|
+
if (buf.length >= KEY_MIN_BYTES)
|
|
176
|
+
map.set(kid, buf);
|
|
177
|
+
}
|
|
100
178
|
return map;
|
|
101
179
|
}
|
|
102
180
|
/** Test injection. NEVER call from production code. */
|
|
103
181
|
export function _setActorContextKeyMapForTest(map) {
|
|
104
182
|
if (map === null) {
|
|
105
183
|
keyMap = null;
|
|
184
|
+
keyFetchInFlight = null;
|
|
106
185
|
return;
|
|
107
186
|
}
|
|
108
187
|
const m = new Map();
|
|
@@ -148,7 +227,7 @@ export function verifyActorContextEnvelope(encoded, ctx) {
|
|
|
148
227
|
}
|
|
149
228
|
if (typeof envelope.kid !== "string")
|
|
150
229
|
return { ok: false, reason: "malformed" };
|
|
151
|
-
const key =
|
|
230
|
+
const key = currentKeyMap().get(envelope.kid);
|
|
152
231
|
if (!key)
|
|
153
232
|
return { ok: false, reason: "unknown_kid" };
|
|
154
233
|
const sigBuf = Buffer.from(sigB64, "base64url");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actor-context-verify.js","sourceRoot":"","sources":["../../src/lib/actor-context-verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAU,CAAC;AACzD,MAAM,CAAC,MAAM,0BAA0B,GAAG,gBAAgB,CAAC;AAC3D,MAAM,CAAC,MAAM,0BAA0B,GAAG,0BAA0B,CAAC;AACrE,MAAM,CAAC,MAAM,8BAA8B,GAAG,EAAE,CAAC;AAEjD;kEACkE;AAClE,MAAM,CAAC,MAAM,oBAAoB,GAAG,wBAAwB,CAAC;AAwD7D,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E,MAAM,aAAa,GAAG,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"actor-context-verify.js","sourceRoot":"","sources":["../../src/lib/actor-context-verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAU,CAAC;AACzD,MAAM,CAAC,MAAM,0BAA0B,GAAG,gBAAgB,CAAC;AAC3D,MAAM,CAAC,MAAM,0BAA0B,GAAG,0BAA0B,CAAC;AACrE,MAAM,CAAC,MAAM,8BAA8B,GAAG,EAAE,CAAC;AAEjD;kEACkE;AAClE,MAAM,CAAC,MAAM,oBAAoB,GAAG,wBAAwB,CAAC;AAwD7D,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E,MAAM,aAAa,GAAG,EAAE,CAAC;AAEzB;;0CAE0C;AAC1C,IAAI,MAAM,GAA+B,IAAI,CAAC;AAC9C;;gDAEgD;AAChD,IAAI,gBAAgB,GAAyB,IAAI,CAAC;AAElD;;8BAE8B;AAC9B,SAAS,iBAAiB;IACxB,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEtC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC;IAC/D,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,yDAA0D,GAAa,CAAC,OAAO,EAAE,CAClF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;QACxF,CAAC;QACD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAiC,CAAC,EAAE,CAAC;YAC3E,IAAI,OAAO,GAAG,KAAK,QAAQ;gBAAE,SAAS;YACtC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACvC,IAAI,GAAG,CAAC,MAAM,IAAI,aAAa;gBAAE,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;QACzE,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,IACE,OAAO,KAAK,uCAAuC;YACnD,OAAO,KAAK,oCAAoC,EAChD,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACpE,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACvD,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC5C,IAAI,GAAG,CAAC,MAAM,IAAI,aAAa;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACrD,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;4DAG4D;AAC5D,SAAS,aAAa;IACpB,OAAO,MAAM,IAAI,iBAAiB,EAAE,CAAC;AACvC,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B;IAChD,IAAI,MAAM,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;QAAE,OAAO;IACtC,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;IACnC,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACpB,MAAM,GAAG,MAAM,CAAC;QAChB,OAAO;IACT,CAAC;IACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,gBAAgB,GAAG,gCAAgC,EAAE;aAClD,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;YAChB,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC;gBAAE,MAAM,GAAG,OAAO,CAAC;QACzC,CAAC,CAAC;aACD,KAAK,CAAC,GAAG,EAAE;YACV,0CAA0C;QAC5C,CAAC,CAAC;aACD,OAAO,CAAC,GAAG,EAAE;YACZ,gBAAgB,GAAG,IAAI,CAAC;QAC1B,CAAC,CAAC,CAAC;IACP,CAAC;IACD,MAAM,gBAAgB,CAAC;AACzB,CAAC;AAED;+EAC+E;AAC/E,KAAK,UAAU,gCAAgC;IAC7C,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IACtC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IACzC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IAClD,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,GAAG,CAAC;IACrC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,iCAAiC,CAAC;IACzE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;KACnD,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,GAAG,CAAC;IACxB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsC,CAAC;IACrE,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;QACzD,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,SAAS;QACtC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACvC,IAAI,GAAG,CAAC,MAAM,IAAI,aAAa;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACrD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,6BAA6B,CAC3C,GAA2C;IAE3C,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,MAAM,GAAG,IAAI,CAAC;QACd,gBAAgB,GAAG,IAAI,CAAC;QACxB,OAAO;IACT,CAAC;IACD,MAAM,CAAC,GAAG,IAAI,GAAG,EAAkB,CAAC;IACpC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAC1E,IAAI,GAAG,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,gBAAgB,CAAC,CAAC;QACrE,CAAC;QACD,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,GAAG,CAAC,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,WAAW;AACX,8EAA8E;AAE9E,MAAM,UAAU,0BAA0B,CACxC,OAAe,EACf,GAAyB;IAEzB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IACD,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,KAAK,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IACD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IACtC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1E,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,OAAe,CAAC;IACpB,IAAI,QAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAC5C,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAqB,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IACD,IAAI,QAAQ,CAAC,CAAC,KAAK,8BAA8B,EAAE,CAAC;QAClD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IACnD,CAAC;IACD,IAAI,OAAO,QAAQ,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAEhF,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC9C,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IAEtD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,MAAM,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;IAC9E,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;QACzC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAChD,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAChD,CAAC;IAED,IAAI,QAAQ,CAAC,GAAG,KAAK,0BAA0B,EAAE,CAAC;QAChD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;IAC/C,CAAC;IACD,IAAI,QAAQ,CAAC,GAAG,KAAK,0BAA0B,EAAE,CAAC;QAChD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC;IAC/C,CAAC;IACD,IAAI,OAAO,QAAQ,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,QAAQ,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACzE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IACD,IAAI,QAAQ,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAG,GAAG,8BAA8B,EAAE,CAAC;QACjE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IACpD,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;IACpE,IAAI,QAAQ,CAAC,GAAG,IAAI,MAAM;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAEpE,IAAI,QAAQ,CAAC,UAAU,KAAK,GAAG,CAAC,SAAS,EAAE,CAAC;QAC1C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,QAAQ,CAAC,UAAU,KAAK,GAAG,CAAC,SAAS,EAAE,CAAC;QAC1C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAClD,CAAC;IACD,IAAI,QAAQ,CAAC,IAAI,KAAK,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAChD,CAAC;IACD,IAAI,QAAQ,CAAC,SAAS,KAAK,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAChD,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAChC,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,SAAS,CAAC,CAAS;IAC1B,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime-context.d.ts","sourceRoot":"","sources":["../src/runtime-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAGL,KAAK,oBAAoB,EAE1B,MAAM,+BAA+B,CAAC;AAEvC;;;;2DAI2D;AAC3D,MAAM,MAAM,YAAY,GAAG,oBAAoB,GAAG;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC;AAExE;oCACoC;AACpC,MAAM,WAAW,iBAAiB;IAChC,4DAA4D;IAC5D,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB;yBACqB;IACrB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB;qDACiD;IACjD,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B;yDACqD;IACrD,IAAI,EAAE,MAAM,CAAC;IACb;;;uBAGmB;IACnB,OAAO,EAAE;QACP,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;KACxD,CAAC;IACF;;+DAE2D;IAC3D,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;IAC3B;;;;;;;0DAOsD;IACtD,cAAc,EAAE,aAAa,GAAG,QAAQ,CAAC;IACzC;;;oBAGgB;IAChB,kBAAkB,EAAE;QAAE,KAAK,EAAE,OAAO,CAAA;KAAE,CAAC;IACvC;;;8CAG0C;IAC1C,MAAM,EAAE;QAAE,KAAK,EAAE,OAAO,CAAA;KAAE,CAAC;CAC5B;AAED;oEACoE;AACpE,eAAO,MAAM,GAAG,sCAA6C,CAAC;AAE9D;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,iBAAiB,GAAG,SAAS,CAEjE;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAC9B,OAAO,EAAE,IAAI,CACX,iBAAiB,EACjB,oBAAoB,GAAG,QAAQ,GAAG,OAAO,GAAG,gBAAgB,CAC7D,GACC,OAAO,CACL,IAAI,CACF,iBAAiB,EACjB,oBAAoB,GAAG,QAAQ,GAAG,OAAO,GAAG,gBAAgB,CAC7D,CACF,EACH,QAAQ,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,GAC7B,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAoBhB;
|
|
1
|
+
{"version":3,"file":"runtime-context.d.ts","sourceRoot":"","sources":["../src/runtime-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAGL,KAAK,oBAAoB,EAE1B,MAAM,+BAA+B,CAAC;AAEvC;;;;2DAI2D;AAC3D,MAAM,MAAM,YAAY,GAAG,oBAAoB,GAAG;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC;AAExE;oCACoC;AACpC,MAAM,WAAW,iBAAiB;IAChC,4DAA4D;IAC5D,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB;yBACqB;IACrB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB;qDACiD;IACjD,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B;yDACqD;IACrD,IAAI,EAAE,MAAM,CAAC;IACb;;;uBAGmB;IACnB,OAAO,EAAE;QACP,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;KACxD,CAAC;IACF;;+DAE2D;IAC3D,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;IAC3B;;;;;;;0DAOsD;IACtD,cAAc,EAAE,aAAa,GAAG,QAAQ,CAAC;IACzC;;;oBAGgB;IAChB,kBAAkB,EAAE;QAAE,KAAK,EAAE,OAAO,CAAA;KAAE,CAAC;IACvC;;;8CAG0C;IAC1C,MAAM,EAAE;QAAE,KAAK,EAAE,OAAO,CAAA;KAAE,CAAC;CAC5B;AAED;oEACoE;AACpE,eAAO,MAAM,GAAG,sCAA6C,CAAC;AAE9D;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,iBAAiB,GAAG,SAAS,CAEjE;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAC9B,OAAO,EAAE,IAAI,CACX,iBAAiB,EACjB,oBAAoB,GAAG,QAAQ,GAAG,OAAO,GAAG,gBAAgB,CAC7D,GACC,OAAO,CACL,IAAI,CACF,iBAAiB,EACjB,oBAAoB,GAAG,QAAQ,GAAG,OAAO,GAAG,gBAAgB,CAC7D,CACF,EACH,QAAQ,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,GAC7B,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAoBhB;AAiGD;;;;;;;;;;;GAWG;AACH,qBAAa,gCAAiC,SAAQ,KAAK;IACzD,QAAQ,CAAC,IAAI,sCAAsC;IACnD,QAAQ,CAAC,IAAI,iEAAiE;IAC9E,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,KAAK,EAAE,YAAY,GAAG,kBAAkB,CAAC;gBAEtC,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,GAAG,kBAAkB;CAc1E;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,iBAAiB,CAS3E;AAED;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAKvC;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kBAAkB,EAAE,WAAW,CAAC,MAAM,CAUjD,CAAC;AAEH;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,SAAS,OAAO,EAAE,EAAE,OAAO,EAC/D,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,KAAK,OAAO,GAChC,CAAC,GAAG,IAAI,EAAE,KAAK,KAAK,OAAO,CAe7B"}
|
package/dist/runtime-context.js
CHANGED
|
@@ -70,26 +70,44 @@ export function runWithContext(context, callback) {
|
|
|
70
70
|
return als.run(full, callback);
|
|
71
71
|
}
|
|
72
72
|
function verifyEnvelopeFromRequest(ctx) {
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
73
|
+
// `ctx.request.headers` is TYPED as a plain record, but the Lambda runtime
|
|
74
|
+
// and @run402/astro both pass a Web `Request` whose `.headers` is a Web
|
|
75
|
+
// `Headers` instance — read via `.get()` when present, falling back to
|
|
76
|
+
// record access for plain-object callers (tests / custom adapters). Bracket
|
|
77
|
+
// access on a Web `Headers` silently returns undefined, which is why the
|
|
78
|
+
// cookie-derived actor never surfaced in production.
|
|
79
|
+
const encoded = readRequestHeader(ctx.request.headers, ACTOR_CONTEXT_HEADER);
|
|
76
80
|
if (!encoded || typeof encoded !== "string")
|
|
77
81
|
return null;
|
|
78
|
-
// The
|
|
79
|
-
//
|
|
80
|
-
//
|
|
81
|
-
//
|
|
82
|
-
//
|
|
83
|
-
|
|
82
|
+
// The gateway binds the envelope to host + path (pathname, query stripped)
|
|
83
|
+
// + request id + method. In the Lambda runtime `ctx.request.url` is the
|
|
84
|
+
// ABSOLUTE URL (`new Request(event.url)`), and `ctx.host` / `ctx.requestId`
|
|
85
|
+
// are NOT populated on the routed-HTTP context — so recover host + pathname
|
|
86
|
+
// from the URL and the request id from the `x-run402-request-id` header the
|
|
87
|
+
// gateway sent alongside the envelope. Plain-object / path-only callers
|
|
88
|
+
// (tests) fall back to the raw url + the ctx fields.
|
|
89
|
+
let host = ctx.host;
|
|
90
|
+
let path = ctx.request.url;
|
|
91
|
+
try {
|
|
92
|
+
const parsed = new URL(ctx.request.url);
|
|
93
|
+
host = parsed.host;
|
|
94
|
+
path = parsed.pathname;
|
|
95
|
+
}
|
|
96
|
+
catch {
|
|
97
|
+
const q = path.indexOf("?");
|
|
98
|
+
if (q >= 0)
|
|
99
|
+
path = path.slice(0, q);
|
|
100
|
+
}
|
|
101
|
+
const requestId = readRequestHeader(ctx.request.headers, "x-run402-request-id") ?? ctx.requestId;
|
|
84
102
|
const outcome = verifyActorContextEnvelope(encoded, {
|
|
85
103
|
projectId: ctx.projectId,
|
|
86
|
-
requestId
|
|
104
|
+
requestId,
|
|
87
105
|
method: ctx.request.method,
|
|
88
|
-
host
|
|
106
|
+
host,
|
|
89
107
|
path,
|
|
90
108
|
});
|
|
91
109
|
if (!outcome.ok) {
|
|
92
|
-
logActorContextSpoof(outcome.reason,
|
|
110
|
+
logActorContextSpoof(outcome.reason, requestId);
|
|
93
111
|
return null;
|
|
94
112
|
}
|
|
95
113
|
return {
|
|
@@ -108,6 +126,19 @@ function verifyEnvelopeFromRequest(ctx) {
|
|
|
108
126
|
sessionId: outcome.envelope.request_id,
|
|
109
127
|
};
|
|
110
128
|
}
|
|
129
|
+
/** Read one header value from either a Web `Headers` instance (the Lambda
|
|
130
|
+
* runtime + @run402/astro pass a real `Request`) or a plain Node-style
|
|
131
|
+
* record (tests / custom adapters). `RunRequestContext.request.headers` is
|
|
132
|
+
* typed as a record, but the production callers pass `Headers` — so bracket
|
|
133
|
+
* access alone silently misses every header. Returns undefined when absent. */
|
|
134
|
+
function readRequestHeader(headers, name) {
|
|
135
|
+
const maybeHeaders = headers;
|
|
136
|
+
if (maybeHeaders && typeof maybeHeaders.get === "function") {
|
|
137
|
+
return maybeHeaders.get(name) ?? undefined;
|
|
138
|
+
}
|
|
139
|
+
const v = headers?.[name];
|
|
140
|
+
return Array.isArray(v) ? v[0] : v;
|
|
141
|
+
}
|
|
111
142
|
function logActorContextSpoof(reason, requestId) {
|
|
112
143
|
// Structured one-line log so observability can alert on rate. The
|
|
113
144
|
// SDK runs in Lambda; CloudWatch picks this up.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime-context.js","sourceRoot":"","sources":["../src/runtime-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,GAGrB,MAAM,+BAA+B,CAAC;AA2DvC;oEACoE;AACpE,MAAM,CAAC,MAAM,GAAG,GAAG,IAAI,iBAAiB,EAAqB,CAAC;AAE9D;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAC5B,OASG,EACH,QAA8B;IAE9B,yEAAyE;IACzE,yEAAyE;IACzE,0EAA0E;IAC1E,iEAAiE;IACjE,uEAAuE;IACvE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,KAAK,SAAS;QACvC,CAAC,CAAC,OAAO,CAAC,KAAK;QACf,CAAC,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;IACvC,MAAM,IAAI,GAAsB;QAC9B,GAAG,OAAO;QACV,KAAK;QACL,mEAAmE;QACnE,mEAAmE;QACnE,iCAAiC;QACjC,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,QAAQ;QAClD,kBAAkB,EAAE,OAAO,CAAC,kBAAkB,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE;QAClE,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;KAC1C,CAAC;IACF,OAAO,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,yBAAyB,CAChC,GAA4E;IAE5E,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"runtime-context.js","sourceRoot":"","sources":["../src/runtime-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,GAGrB,MAAM,+BAA+B,CAAC;AA2DvC;oEACoE;AACpE,MAAM,CAAC,MAAM,GAAG,GAAG,IAAI,iBAAiB,EAAqB,CAAC;AAE9D;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAC5B,OASG,EACH,QAA8B;IAE9B,yEAAyE;IACzE,yEAAyE;IACzE,0EAA0E;IAC1E,iEAAiE;IACjE,uEAAuE;IACvE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,KAAK,SAAS;QACvC,CAAC,CAAC,OAAO,CAAC,KAAK;QACf,CAAC,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC;IACvC,MAAM,IAAI,GAAsB;QAC9B,GAAG,OAAO;QACV,KAAK;QACL,mEAAmE;QACnE,mEAAmE;QACnE,iCAAiC;QACjC,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,QAAQ;QAClD,kBAAkB,EAAE,OAAO,CAAC,kBAAkB,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE;QAClE,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE;KAC1C,CAAC;IACF,OAAO,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,yBAAyB,CAChC,GAA4E;IAE5E,2EAA2E;IAC3E,wEAAwE;IACxE,uEAAuE;IACvE,4EAA4E;IAC5E,yEAAyE;IACzE,qDAAqD;IACrD,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;IAC7E,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAEzD,2EAA2E;IAC3E,wEAAwE;IACxE,4EAA4E;IAC5E,4EAA4E;IAC5E,4EAA4E;IAC5E,wEAAwE;IACxE,qDAAqD;IACrD,IAAI,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACpB,IAAI,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACnB,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,CAAC,IAAI,CAAC;YAAE,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,MAAM,SAAS,GACb,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,GAAG,CAAC,SAAS,CAAC;IAEjF,MAAM,OAAO,GAAG,0BAA0B,CAAC,OAAO,EAAE;QAClD,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS;QACT,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;QAC1B,IAAI;QACJ,IAAI;KACL,CAAC,CAAC;IAEH,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAChB,oBAAoB,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE;QAC7B,KAAK,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK;QACnC,aAAa,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,aAAa;QACnD,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ;QACzC,GAAG,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG;QAC/B,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ;QACzC,YAAY,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,YAAY;QACjD,mEAAmE;QACnE,mEAAmE;QACnE,mEAAmE;QACnE,iEAAiE;QACjE,0DAA0D;QAC1D,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC,UAAU;KACvC,CAAC;AACJ,CAAC;AAED;;;;gFAIgF;AAChF,SAAS,iBAAiB,CACxB,OAAgD,EAChD,IAAY;IAEZ,MAAM,YAAY,GAAG,OAEpB,CAAC;IACF,IAAI,YAAY,IAAI,OAAO,YAAY,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;QAC3D,OAAO,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC;IAC7C,CAAC;IACD,MAAM,CAAC,GAAI,OAAyD,EAAE,CAAC,IAAI,CAAC,CAAC;IAC7E,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,oBAAoB,CAAC,MAA2B,EAAE,SAAiB;IAC1E,kEAAkE;IAClE,gDAAgD;IAChD,sCAAsC;IACtC,OAAO,CAAC,IAAI,CACV,IAAI,CAAC,SAAS,CAAC;QACb,KAAK,EAAE,MAAM;QACb,KAAK,EAAE,8BAA8B;QACrC,MAAM;QACN,UAAU,EAAE,SAAS;KACtB,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,gCAAiC,SAAQ,KAAK;IAChD,IAAI,GAAG,kCAAkC,CAAC;IAC1C,IAAI,GAAG,6DAA6D,CAAC;IACrE,YAAY,CAAS;IACrB,WAAW,CAAS;IACpB,KAAK,CAAoC;IAElD,YAAY,WAAmB,EAAE,KAAwC;QACvE,MAAM,QAAQ,GACZ,KAAK,KAAK,YAAY;YACpB,CAAC,CAAC,2EAA2E;YAC7E,CAAC,CAAC,sGAAsG,CAAC;QAC7G,KAAK,CAAC,GAAG,WAAW,KAAK,QAAQ,EAAE,CAAC,CAAC;QACrC,IAAI,CAAC,IAAI,GAAG,kCAAkC,CAAC;QAC/C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,YAAY;YACf,KAAK,KAAK,YAAY;gBACpB,CAAC,CAAC,YAAY,WAAW,oIAAoI;gBAC7J,CAAC,CAAC,2BAA2B,WAAW,4HAA4H,CAAC;IAC3K,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAAC,WAAmB;IACtD,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC3B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,MAAM,IAAI,gCAAgC,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACtB,MAAM,IAAI,gCAAgC,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;IAC9E,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC3B,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,GAAG,CAAC,kBAAkB,CAAC,KAAK,GAAG,IAAI,CAAC;IACtC,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAwB,IAAI,GAAG,CAAC;AAC7D,gEAAgE;AAChE,mEAAmE;AACnE,qEAAqE;AACrE,gBAAgB;AAChB,mEAAmE;AACnE,2BAA2B;AAC3B,wBAAwB;AACxB,qBAAqB;AACrB,wBAAwB;CACzB,CAAC,CAAC;AAEH;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,IAAY,EACZ,IAAiC;IAEjC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAClC,kEAAkE;QAClE,qEAAqE;QACrE,qEAAqE;QACrE,sCAAsC;QACtC,OAAO,CAAC,IAAI,CACV,8BAA8B,IAAI,kBAAkB,IAAI,kCAAkC;YACxF,kGAAkG,CACrG,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,GAAG,IAAW,EAAW,EAAE;QACjC,gBAAgB,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;IACvB,CAAC,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@run402/functions",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.2.0",
|
|
4
4
|
"description": "In-function helper library for Run402 serverless functions — db, adminDb, getUser, email, ai, assets, verifyWebhook. Auto-bundled into deployed functions; also installable for local TypeScript autocomplete.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|