@stackframe/stack-shared 2.8.36 → 2.8.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (114) hide show
  1. package/CHANGELOG.md +24 -0
  2. package/dist/config/schema.d.mts +91 -15
  3. package/dist/config/schema.d.ts +91 -15
  4. package/dist/config/schema.js +24 -4
  5. package/dist/config/schema.js.map +1 -1
  6. package/dist/esm/config/schema.js +24 -4
  7. package/dist/esm/config/schema.js.map +1 -1
  8. package/dist/esm/helpers/vault/server-side.js +5 -1
  9. package/dist/esm/helpers/vault/server-side.js.map +1 -1
  10. package/dist/esm/interface/admin-interface.js +53 -2
  11. package/dist/esm/interface/admin-interface.js.map +1 -1
  12. package/dist/esm/interface/client-interface.js +29 -26
  13. package/dist/esm/interface/client-interface.js.map +1 -1
  14. package/dist/esm/interface/crud/oauth-providers.js +2 -0
  15. package/dist/esm/interface/crud/oauth-providers.js.map +1 -1
  16. package/dist/esm/interface/crud/transactions.js +21 -0
  17. package/dist/esm/interface/crud/transactions.js.map +1 -0
  18. package/dist/esm/interface/server-interface.js +5 -7
  19. package/dist/esm/interface/server-interface.js.map +1 -1
  20. package/dist/esm/known-errors.js +21 -1
  21. package/dist/esm/known-errors.js.map +1 -1
  22. package/dist/esm/schema-fields.js +23 -4
  23. package/dist/esm/schema-fields.js.map +1 -1
  24. package/dist/esm/sessions.js +19 -9
  25. package/dist/esm/sessions.js.map +1 -1
  26. package/dist/esm/utils/arrays.js +25 -0
  27. package/dist/esm/utils/arrays.js.map +1 -1
  28. package/dist/esm/utils/esbuild.js +63 -6
  29. package/dist/esm/utils/esbuild.js.map +1 -1
  30. package/dist/esm/utils/jwt.js +16 -1
  31. package/dist/esm/utils/jwt.js.map +1 -1
  32. package/dist/esm/utils/numbers.js +14 -9
  33. package/dist/esm/utils/numbers.js.map +1 -1
  34. package/dist/esm/utils/paginated-lists.js +230 -0
  35. package/dist/esm/utils/paginated-lists.js.map +1 -0
  36. package/dist/esm/utils/promises.js +2 -1
  37. package/dist/esm/utils/promises.js.map +1 -1
  38. package/dist/esm/utils/types.js.map +1 -1
  39. package/dist/helpers/password.d.mts +3 -3
  40. package/dist/helpers/password.d.ts +3 -3
  41. package/dist/helpers/vault/server-side.js +5 -1
  42. package/dist/helpers/vault/server-side.js.map +1 -1
  43. package/dist/index.d.mts +6 -5
  44. package/dist/index.d.ts +6 -5
  45. package/dist/interface/admin-interface.d.mts +37 -7
  46. package/dist/interface/admin-interface.d.ts +37 -7
  47. package/dist/interface/admin-interface.js +53 -2
  48. package/dist/interface/admin-interface.js.map +1 -1
  49. package/dist/interface/client-interface.d.mts +5 -22
  50. package/dist/interface/client-interface.d.ts +5 -22
  51. package/dist/interface/client-interface.js +29 -26
  52. package/dist/interface/client-interface.js.map +1 -1
  53. package/dist/interface/crud/current-user.d.mts +4 -4
  54. package/dist/interface/crud/current-user.d.ts +4 -4
  55. package/dist/interface/crud/oauth-providers.d.mts +12 -4
  56. package/dist/interface/crud/oauth-providers.d.ts +12 -4
  57. package/dist/interface/crud/oauth-providers.js +1 -0
  58. package/dist/interface/crud/oauth-providers.js.map +1 -1
  59. package/dist/interface/crud/project-api-keys.d.mts +2 -2
  60. package/dist/interface/crud/project-api-keys.d.ts +2 -2
  61. package/dist/interface/crud/projects.d.mts +12 -12
  62. package/dist/interface/crud/projects.d.ts +12 -12
  63. package/dist/interface/crud/team-member-profiles.d.mts +6 -6
  64. package/dist/interface/crud/team-member-profiles.d.ts +6 -6
  65. package/dist/interface/crud/transactions.d.mts +56 -0
  66. package/dist/interface/crud/transactions.d.ts +56 -0
  67. package/dist/interface/crud/transactions.js +46 -0
  68. package/dist/interface/crud/transactions.js.map +1 -0
  69. package/dist/interface/crud/users.d.mts +6 -6
  70. package/dist/interface/crud/users.d.ts +6 -6
  71. package/dist/interface/server-interface.d.mts +8 -44
  72. package/dist/interface/server-interface.d.ts +8 -44
  73. package/dist/interface/server-interface.js +5 -7
  74. package/dist/interface/server-interface.js.map +1 -1
  75. package/dist/known-errors.d.mts +9 -3
  76. package/dist/known-errors.d.ts +9 -3
  77. package/dist/known-errors.js +21 -1
  78. package/dist/known-errors.js.map +1 -1
  79. package/dist/schema-fields.d.mts +38 -8
  80. package/dist/schema-fields.d.ts +38 -8
  81. package/dist/schema-fields.js +26 -5
  82. package/dist/schema-fields.js.map +1 -1
  83. package/dist/sessions.d.mts +26 -4
  84. package/dist/sessions.d.ts +26 -4
  85. package/dist/sessions.js +19 -9
  86. package/dist/sessions.js.map +1 -1
  87. package/dist/utils/arrays.d.mts +6 -1
  88. package/dist/utils/arrays.d.ts +6 -1
  89. package/dist/utils/arrays.js +30 -0
  90. package/dist/utils/arrays.js.map +1 -1
  91. package/dist/utils/esbuild.d.mts +1 -0
  92. package/dist/utils/esbuild.d.ts +1 -0
  93. package/dist/utils/esbuild.js +63 -6
  94. package/dist/utils/esbuild.js.map +1 -1
  95. package/dist/utils/jwt.d.mts +34 -1
  96. package/dist/utils/jwt.d.ts +34 -1
  97. package/dist/utils/jwt.js +16 -0
  98. package/dist/utils/jwt.js.map +1 -1
  99. package/dist/utils/numbers.js +14 -9
  100. package/dist/utils/numbers.js.map +1 -1
  101. package/dist/utils/paginated-lists.d.mts +176 -0
  102. package/dist/utils/paginated-lists.d.ts +176 -0
  103. package/dist/utils/paginated-lists.js +256 -0
  104. package/dist/utils/paginated-lists.js.map +1 -0
  105. package/dist/utils/promises.d.mts +1 -1
  106. package/dist/utils/promises.d.ts +1 -1
  107. package/dist/utils/promises.js +2 -1
  108. package/dist/utils/promises.js.map +1 -1
  109. package/dist/utils/stores.d.mts +6 -6
  110. package/dist/utils/stores.d.ts +6 -6
  111. package/dist/utils/types.d.mts +10 -1
  112. package/dist/utils/types.d.ts +10 -1
  113. package/dist/utils/types.js.map +1 -1
  114. package/package.json +3 -2
package/dist/sessions.js CHANGED
@@ -36,6 +36,7 @@ __export(sessions_exports, {
36
36
  });
37
37
  module.exports = __toCommonJS(sessions_exports);
38
38
  var jose = __toESM(require("jose"));
39
+ var import_schema_fields = require("./schema-fields.js");
39
40
  var import_errors = require("./utils/errors.js");
40
41
  var import_stores = require("./utils/stores.js");
41
42
  var AccessToken = class {
@@ -45,11 +46,12 @@ var AccessToken = class {
45
46
  throw new import_errors.StackAssertionError("Access token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!");
46
47
  }
47
48
  }
48
- get decoded() {
49
- return jose.decodeJwt(this.token);
49
+ get payload() {
50
+ const payload = jose.decodeJwt(this.token);
51
+ return import_schema_fields.accessTokenPayloadSchema.validateSync(payload);
50
52
  }
51
53
  get expiresAt() {
52
- const { exp } = this.decoded;
54
+ const { exp } = this.payload;
53
55
  if (exp === void 0) return /* @__PURE__ */ new Date(864e13);
54
56
  return new Date(exp * 1e3);
55
57
  }
@@ -113,19 +115,27 @@ var InternalSession = class _InternalSession {
113
115
  onInvalidate(callback) {
114
116
  return this._knownToBeInvalid.onChange(() => callback());
115
117
  }
118
+ /**
119
+ * Returns the access token if it is found in the cache and not expired yet, or null otherwise. Never fetches new tokens.
120
+ */
121
+ getAccessTokenIfNotExpiredYet(minMillisUntilExpiration) {
122
+ if (minMillisUntilExpiration > 6e4) {
123
+ throw new Error(`Required access token expiry ${minMillisUntilExpiration}ms is too long; access tokens are too short to be used for more than 60s`);
124
+ }
125
+ const accessToken = this._getPotentiallyInvalidAccessTokenIfAvailable();
126
+ if (!accessToken || accessToken.expiresInMillis < minMillisUntilExpiration) return null;
127
+ return accessToken;
128
+ }
116
129
  /**
117
130
  * Returns the access token if it is found in the cache, fetching it otherwise.
118
131
  *
119
132
  * This is usually the function you want to call to get an access token. Either set `minMillisUntilExpiration` to a reasonable value, or catch errors that occur if it expires, and call `markAccessTokenExpired` to mark the token as expired if so (after which a call to this function will always refetch the token).
120
133
  *
121
- * @returns null if the session is known to be invalid, cached tokens if they exist in the cache (which may or may not be valid still), or new tokens otherwise.
134
+ * @returns null if the session is known to be invalid, cached tokens if they exist in the cache and the access token hasn't expired yet (the refresh token might still be invalid), or new tokens otherwise.
122
135
  */
123
136
  async getOrFetchLikelyValidTokens(minMillisUntilExpiration) {
124
- if (minMillisUntilExpiration >= 6e4) {
125
- throw new Error(`Required access token expiry ${minMillisUntilExpiration}ms is too long; access tokens are too short to be used for more than 60s`);
126
- }
127
- const accessToken = this._getPotentiallyInvalidAccessTokenIfAvailable();
128
- if (!accessToken || accessToken.expiresInMillis < minMillisUntilExpiration) {
137
+ const accessToken = this.getAccessTokenIfNotExpiredYet(minMillisUntilExpiration);
138
+ if (!accessToken) {
129
139
  const newTokens = await this.fetchNewTokens();
130
140
  const expiresInMillis = newTokens?.accessToken.expiresInMillis;
131
141
  if (expiresInMillis && expiresInMillis < minMillisUntilExpiration) {
package/dist/sessions.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/sessions.ts"],"sourcesContent":["import * as jose from 'jose';\nimport { StackAssertionError } from \"./utils/errors\";\nimport { Store } from \"./utils/stores\";\n\nexport class AccessToken {\n constructor(\n public readonly token: string,\n ) {\n if (token === \"undefined\") {\n throw new StackAssertionError(\"Access token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!\");\n }\n }\n\n get decoded() {\n return jose.decodeJwt(this.token);\n }\n\n get expiresAt(): Date {\n const { exp } = this.decoded;\n if (exp === undefined) return new Date(8640000000000000); // max date value\n return new Date(exp * 1000);\n }\n\n /**\n * @returns The number of milliseconds until the access token expires, or 0 if it has already expired.\n */\n get expiresInMillis(): number {\n return Math.max(0, this.expiresAt.getTime() - Date.now());\n }\n\n isExpired(): boolean {\n return this.expiresInMillis <= 0;\n }\n}\n\nexport class RefreshToken {\n constructor(\n public readonly token: string,\n ) {\n if (token === \"undefined\") {\n throw new StackAssertionError(\"Refresh token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!\");\n }\n }\n}\n\n/**\n * An InternalSession represents a user's session, which may or may not be valid. It may contain an access token, a refresh token, or both.\n *\n * A session never changes which user or session it belongs to, but the tokens in it may change over time.\n */\nexport class InternalSession {\n /**\n * Each session has a session key that depends on the tokens inside. If the session has a refresh token, the session key depends only on the refresh token. If the session does not have a refresh token, the session key depends only on the access token.\n *\n * Multiple Session objects may have the same session key, which implies that they represent the same session by the same user. Furthermore, a session's key never changes over the lifetime of a session object.\n *\n * This is useful for caching and indexing sessions.\n */\n public readonly sessionKey: string;\n\n /**\n * An access token that is not known to be invalid (ie. may be valid, but may have expired).\n */\n private _accessToken: Store<AccessToken | null>;\n private readonly _refreshToken: RefreshToken | null;\n\n /**\n * Whether the session as a whole is known to be invalid (ie. both access and refresh tokens are invalid). Used as a cache to avoid making multiple requests to the server (sessions never go back to being valid after being invalidated).\n *\n * It is possible for the access token to be invalid but the refresh token to be valid, in which case the session is\n * still valid (just needs a refresh). It is also possible for the access token to be valid but the refresh token to\n * be invalid, in which case the session is also valid (eg. if the refresh token is null because the user only passed\n * in an access token, eg. in a server-side request handler).\n */\n private _knownToBeInvalid = new Store<boolean>(false);\n\n private _refreshPromise: Promise<AccessToken | null> | null = null;\n\n constructor(private readonly _options: {\n refreshAccessTokenCallback(refreshToken: RefreshToken): Promise<AccessToken | null>,\n refreshToken: string | null,\n accessToken?: string | null,\n }) {\n this._accessToken = new Store(_options.accessToken ? new AccessToken(_options.accessToken) : null);\n this._refreshToken = _options.refreshToken ? new RefreshToken(_options.refreshToken) : null;\n if (_options.accessToken === null && _options.refreshToken === null) {\n // this session is already invalid\n this._knownToBeInvalid.set(true);\n }\n this.sessionKey = InternalSession.calculateSessionKey({ accessToken: _options.accessToken ?? null, refreshToken: _options.refreshToken });\n }\n\n static calculateSessionKey(ofTokens: { refreshToken: string | null, accessToken?: string | null }): string {\n if (ofTokens.refreshToken) {\n return `refresh-${ofTokens.refreshToken}`;\n } else if (ofTokens.accessToken) {\n return `access-${ofTokens.accessToken}`;\n } else {\n return \"not-logged-in\";\n }\n }\n\n isKnownToBeInvalid() {\n return this._knownToBeInvalid.get();\n }\n\n /**\n * Marks the session object as invalid, meaning that the refresh and access tokens can no longer be used.\n */\n markInvalid() {\n this._accessToken.set(null);\n this._knownToBeInvalid.set(true);\n }\n\n onInvalidate(callback: () => void): { unsubscribe: () => void } {\n return this._knownToBeInvalid.onChange(() => callback());\n }\n\n /**\n * Returns the access token if it is found in the cache, fetching it otherwise.\n *\n * This is usually the function you want to call to get an access token. Either set `minMillisUntilExpiration` to a reasonable value, or catch errors that occur if it expires, and call `markAccessTokenExpired` to mark the token as expired if so (after which a call to this function will always refetch the token).\n *\n * @returns null if the session is known to be invalid, cached tokens if they exist in the cache (which may or may not be valid still), or new tokens otherwise.\n */\n async getOrFetchLikelyValidTokens(minMillisUntilExpiration: number): Promise<{ accessToken: AccessToken, refreshToken: RefreshToken | null } | null> {\n if (minMillisUntilExpiration >= 60_000) {\n throw new Error(`Required access token expiry ${minMillisUntilExpiration}ms is too long; access tokens are too short to be used for more than 60s`);\n }\n\n const accessToken = this._getPotentiallyInvalidAccessTokenIfAvailable();\n if (!accessToken || accessToken.expiresInMillis < minMillisUntilExpiration) {\n const newTokens = await this.fetchNewTokens();\n const expiresInMillis = newTokens?.accessToken.expiresInMillis;\n if (expiresInMillis && expiresInMillis < minMillisUntilExpiration) {\n throw new StackAssertionError(`Required access token expiry ${minMillisUntilExpiration}ms is too long; access tokens are too short when they're generated (${expiresInMillis}ms)`);\n }\n return newTokens;\n }\n return { accessToken, refreshToken: this._refreshToken };\n }\n\n /**\n * Fetches new tokens that are, at the time of fetching, guaranteed to be valid.\n *\n * The newly generated tokens are short-lived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.\n *\n * In most cases, you should prefer `getOrFetchLikelyValidTokens`.\n *\n * @returns null if the session is known to be invalid, or new tokens otherwise (which, at the time of fetching, are guaranteed to be valid).\n */\n async fetchNewTokens(): Promise<{ accessToken: AccessToken, refreshToken: RefreshToken | null } | null> {\n const accessToken = await this._getNewlyFetchedAccessToken();\n return accessToken ? { accessToken, refreshToken: this._refreshToken } : null;\n }\n\n markAccessTokenExpired(accessToken: AccessToken) {\n // TODO we don't need this anymore, since we now check the expiry by ourselves\n if (this._accessToken.get() === accessToken) {\n this._accessToken.set(null);\n }\n }\n\n /**\n * Note that a callback invocation with `null` does not mean the session has been invalidated; the access token may just have expired. Use `onInvalidate` to detect invalidation.\n */\n onAccessTokenChange(callback: (newAccessToken: AccessToken | null) => void): { unsubscribe: () => void } {\n return this._accessToken.onChange(callback);\n }\n\n /**\n * @returns An access token, which may be expired or expire soon, or null if it is known to be invalid.\n */\n private _getPotentiallyInvalidAccessTokenIfAvailable(): AccessToken | null {\n if (!this._refreshToken) return null;\n if (this.isKnownToBeInvalid()) return null;\n\n const accessToken = this._accessToken.get();\n if (accessToken && !accessToken.isExpired()) return accessToken;\n\n return null;\n }\n\n /**\n * You should prefer `_getOrFetchPotentiallyInvalidAccessToken` in almost all cases.\n *\n * @returns A newly fetched access token (never read from cache), or null if the session either does not represent a user or the session is invalid.\n */\n private async _getNewlyFetchedAccessToken(): Promise<AccessToken | null> {\n if (!this._refreshToken) return null;\n if (this._knownToBeInvalid.get()) return null;\n\n if (!this._refreshPromise) {\n this._refreshAndSetRefreshPromise(this._refreshToken);\n }\n return await this._refreshPromise;\n }\n\n private _refreshAndSetRefreshPromise(refreshToken: RefreshToken) {\n let refreshPromise: Promise<AccessToken | null> = this._options.refreshAccessTokenCallback(refreshToken).then((accessToken) => {\n if (refreshPromise === this._refreshPromise) {\n this._refreshPromise = null;\n this._accessToken.set(accessToken);\n if (!accessToken) {\n this.markInvalid();\n }\n }\n return accessToken;\n });\n this._refreshPromise = refreshPromise;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,WAAsB;AACtB,oBAAoC;AACpC,oBAAsB;AAEf,IAAM,cAAN,MAAkB;AAAA,EACvB,YACkB,OAChB;AADgB;AAEhB,QAAI,UAAU,aAAa;AACzB,YAAM,IAAI,kCAAoB,sHAAsH;AAAA,IACtJ;AAAA,EACF;AAAA,EAEA,IAAI,UAAU;AACZ,WAAY,eAAU,KAAK,KAAK;AAAA,EAClC;AAAA,EAEA,IAAI,YAAkB;AACpB,UAAM,EAAE,IAAI,IAAI,KAAK;AACrB,QAAI,QAAQ,OAAW,QAAO,oBAAI,KAAK,MAAgB;AACvD,WAAO,IAAI,KAAK,MAAM,GAAI;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,kBAA0B;AAC5B,WAAO,KAAK,IAAI,GAAG,KAAK,UAAU,QAAQ,IAAI,KAAK,IAAI,CAAC;AAAA,EAC1D;AAAA,EAEA,YAAqB;AACnB,WAAO,KAAK,mBAAmB;AAAA,EACjC;AACF;AAEO,IAAM,eAAN,MAAmB;AAAA,EACxB,YACkB,OAChB;AADgB;AAEhB,QAAI,UAAU,aAAa;AACzB,YAAM,IAAI,kCAAoB,uHAAuH;AAAA,IACvJ;AAAA,EACF;AACF;AAOO,IAAM,kBAAN,MAAM,iBAAgB;AAAA,EA4B3B,YAA6B,UAI1B;AAJ0B;AAJ7B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAAQ,oBAAoB,IAAI,oBAAe,KAAK;AAEpD,SAAQ,kBAAsD;AAO5D,SAAK,eAAe,IAAI,oBAAM,SAAS,cAAc,IAAI,YAAY,SAAS,WAAW,IAAI,IAAI;AACjG,SAAK,gBAAgB,SAAS,eAAe,IAAI,aAAa,SAAS,YAAY,IAAI;AACvF,QAAI,SAAS,gBAAgB,QAAQ,SAAS,iBAAiB,MAAM;AAEnE,WAAK,kBAAkB,IAAI,IAAI;AAAA,IACjC;AACA,SAAK,aAAa,iBAAgB,oBAAoB,EAAE,aAAa,SAAS,eAAe,MAAM,cAAc,SAAS,aAAa,CAAC;AAAA,EAC1I;AAAA,EAEA,OAAO,oBAAoB,UAAgF;AACzG,QAAI,SAAS,cAAc;AACzB,aAAO,WAAW,SAAS,YAAY;AAAA,IACzC,WAAW,SAAS,aAAa;AAC/B,aAAO,UAAU,SAAS,WAAW;AAAA,IACvC,OAAO;AACL,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,qBAAqB;AACnB,WAAO,KAAK,kBAAkB,IAAI;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AACZ,SAAK,aAAa,IAAI,IAAI;AAC1B,SAAK,kBAAkB,IAAI,IAAI;AAAA,EACjC;AAAA,EAEA,aAAa,UAAmD;AAC9D,WAAO,KAAK,kBAAkB,SAAS,MAAM,SAAS,CAAC;AAAA,EACzD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,4BAA4B,0BAAmH;AACnJ,QAAI,4BAA4B,KAAQ;AACtC,YAAM,IAAI,MAAM,gCAAgC,wBAAwB,0EAA0E;AAAA,IACpJ;AAEA,UAAM,cAAc,KAAK,6CAA6C;AACtE,QAAI,CAAC,eAAe,YAAY,kBAAkB,0BAA0B;AAC1E,YAAM,YAAY,MAAM,KAAK,eAAe;AAC5C,YAAM,kBAAkB,WAAW,YAAY;AAC/C,UAAI,mBAAmB,kBAAkB,0BAA0B;AACjE,cAAM,IAAI,kCAAoB,gCAAgC,wBAAwB,uEAAuE,eAAe,KAAK;AAAA,MACnL;AACA,aAAO;AAAA,IACT;AACA,WAAO,EAAE,aAAa,cAAc,KAAK,cAAc;AAAA,EACzD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,iBAAkG;AACtG,UAAM,cAAc,MAAM,KAAK,4BAA4B;AAC3D,WAAO,cAAc,EAAE,aAAa,cAAc,KAAK,cAAc,IAAI;AAAA,EAC3E;AAAA,EAEA,uBAAuB,aAA0B;AAE/C,QAAI,KAAK,aAAa,IAAI,MAAM,aAAa;AAC3C,WAAK,aAAa,IAAI,IAAI;AAAA,IAC5B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAoB,UAAqF;AACvG,WAAO,KAAK,aAAa,SAAS,QAAQ;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKQ,+CAAmE;AACzE,QAAI,CAAC,KAAK,cAAe,QAAO;AAChC,QAAI,KAAK,mBAAmB,EAAG,QAAO;AAEtC,UAAM,cAAc,KAAK,aAAa,IAAI;AAC1C,QAAI,eAAe,CAAC,YAAY,UAAU,EAAG,QAAO;AAEpD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,8BAA2D;AACvE,QAAI,CAAC,KAAK,cAAe,QAAO;AAChC,QAAI,KAAK,kBAAkB,IAAI,EAAG,QAAO;AAEzC,QAAI,CAAC,KAAK,iBAAiB;AACzB,WAAK,6BAA6B,KAAK,aAAa;AAAA,IACtD;AACA,WAAO,MAAM,KAAK;AAAA,EACpB;AAAA,EAEQ,6BAA6B,cAA4B;AAC/D,QAAI,iBAA8C,KAAK,SAAS,2BAA2B,YAAY,EAAE,KAAK,CAAC,gBAAgB;AAC7H,UAAI,mBAAmB,KAAK,iBAAiB;AAC3C,aAAK,kBAAkB;AACvB,aAAK,aAAa,IAAI,WAAW;AACjC,YAAI,CAAC,aAAa;AAChB,eAAK,YAAY;AAAA,QACnB;AAAA,MACF;AACA,aAAO;AAAA,IACT,CAAC;AACD,SAAK,kBAAkB;AAAA,EACzB;AACF;","names":[]}
1
+ {"version":3,"sources":["../src/sessions.ts"],"sourcesContent":["import * as jose from 'jose';\nimport { InferType } from 'yup';\nimport { accessTokenPayloadSchema } from './schema-fields';\nimport { StackAssertionError } from \"./utils/errors\";\nimport { Store } from \"./utils/stores\";\n\n\nexport type AccessTokenPayload = InferType<typeof accessTokenPayloadSchema>;\n\nexport class AccessToken {\n constructor(\n public readonly token: string,\n ) {\n if (token === \"undefined\") {\n throw new StackAssertionError(\"Access token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!\");\n }\n }\n\n get payload() {\n const payload = jose.decodeJwt(this.token);\n return accessTokenPayloadSchema.validateSync(payload);\n }\n\n get expiresAt(): Date {\n const { exp } = this.payload;\n if (exp === undefined) return new Date(8640000000000000); // max date value\n return new Date(exp * 1000);\n }\n\n /**\n * @returns The number of milliseconds until the access token expires, or 0 if it has already expired.\n */\n get expiresInMillis(): number {\n return Math.max(0, this.expiresAt.getTime() - Date.now());\n }\n\n isExpired(): boolean {\n return this.expiresInMillis <= 0;\n }\n}\n\nexport class RefreshToken {\n constructor(\n public readonly token: string,\n ) {\n if (token === \"undefined\") {\n throw new StackAssertionError(\"Refresh token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!\");\n }\n }\n}\n\n/**\n * An InternalSession represents a user's session, which may or may not be valid. It may contain an access token, a refresh token, or both.\n *\n * A session never changes which user or session it belongs to, but the tokens in it may change over time.\n */\nexport class InternalSession {\n /**\n * Each session has a session key that depends on the tokens inside. If the session has a refresh token, the session key depends only on the refresh token. If the session does not have a refresh token, the session key depends only on the access token.\n *\n * Multiple Session objects may have the same session key, which implies that they represent the same session by the same user. Furthermore, a session's key never changes over the lifetime of a session object.\n *\n * This is useful for caching and indexing sessions.\n */\n public readonly sessionKey: string;\n\n /**\n * An access token that is not known to be invalid (ie. may be valid, but may have expired).\n */\n private _accessToken: Store<AccessToken | null>;\n private readonly _refreshToken: RefreshToken | null;\n\n /**\n * Whether the session as a whole is known to be invalid (ie. both access and refresh tokens are invalid). Used as a cache to avoid making multiple requests to the server (sessions never go back to being valid after being invalidated).\n *\n * It is possible for the access token to be invalid but the refresh token to be valid, in which case the session is\n * still valid (just needs a refresh). It is also possible for the access token to be valid but the refresh token to\n * be invalid, in which case the session is also valid (eg. if the refresh token is null because the user only passed\n * in an access token, eg. in a server-side request handler).\n */\n private _knownToBeInvalid = new Store<boolean>(false);\n\n private _refreshPromise: Promise<AccessToken | null> | null = null;\n\n constructor(private readonly _options: {\n refreshAccessTokenCallback(refreshToken: RefreshToken): Promise<AccessToken | null>,\n refreshToken: string | null,\n accessToken?: string | null,\n }) {\n this._accessToken = new Store(_options.accessToken ? new AccessToken(_options.accessToken) : null);\n this._refreshToken = _options.refreshToken ? new RefreshToken(_options.refreshToken) : null;\n if (_options.accessToken === null && _options.refreshToken === null) {\n // this session is already invalid\n this._knownToBeInvalid.set(true);\n }\n this.sessionKey = InternalSession.calculateSessionKey({ accessToken: _options.accessToken ?? null, refreshToken: _options.refreshToken });\n }\n\n static calculateSessionKey(ofTokens: { refreshToken: string | null, accessToken?: string | null }): string {\n if (ofTokens.refreshToken) {\n return `refresh-${ofTokens.refreshToken}`;\n } else if (ofTokens.accessToken) {\n return `access-${ofTokens.accessToken}`;\n } else {\n return \"not-logged-in\";\n }\n }\n\n isKnownToBeInvalid() {\n return this._knownToBeInvalid.get();\n }\n\n /**\n * Marks the session object as invalid, meaning that the refresh and access tokens can no longer be used.\n */\n markInvalid() {\n this._accessToken.set(null);\n this._knownToBeInvalid.set(true);\n }\n\n onInvalidate(callback: () => void): { unsubscribe: () => void } {\n return this._knownToBeInvalid.onChange(() => callback());\n }\n\n /**\n * Returns the access token if it is found in the cache and not expired yet, or null otherwise. Never fetches new tokens.\n */\n getAccessTokenIfNotExpiredYet(minMillisUntilExpiration: number): AccessToken | null {\n if (minMillisUntilExpiration > 60_000) {\n throw new Error(`Required access token expiry ${minMillisUntilExpiration}ms is too long; access tokens are too short to be used for more than 60s`);\n }\n\n const accessToken = this._getPotentiallyInvalidAccessTokenIfAvailable();\n if (!accessToken || accessToken.expiresInMillis < minMillisUntilExpiration) return null;\n return accessToken;\n }\n\n /**\n * Returns the access token if it is found in the cache, fetching it otherwise.\n *\n * This is usually the function you want to call to get an access token. Either set `minMillisUntilExpiration` to a reasonable value, or catch errors that occur if it expires, and call `markAccessTokenExpired` to mark the token as expired if so (after which a call to this function will always refetch the token).\n *\n * @returns null if the session is known to be invalid, cached tokens if they exist in the cache and the access token hasn't expired yet (the refresh token might still be invalid), or new tokens otherwise.\n */\n async getOrFetchLikelyValidTokens(minMillisUntilExpiration: number): Promise<{ accessToken: AccessToken, refreshToken: RefreshToken | null } | null> {\n const accessToken = this.getAccessTokenIfNotExpiredYet(minMillisUntilExpiration);\n if (!accessToken) {\n const newTokens = await this.fetchNewTokens();\n const expiresInMillis = newTokens?.accessToken.expiresInMillis;\n if (expiresInMillis && expiresInMillis < minMillisUntilExpiration) {\n throw new StackAssertionError(`Required access token expiry ${minMillisUntilExpiration}ms is too long; access tokens are too short when they're generated (${expiresInMillis}ms)`);\n }\n return newTokens;\n }\n return { accessToken, refreshToken: this._refreshToken };\n }\n\n /**\n * Fetches new tokens that are, at the time of fetching, guaranteed to be valid.\n *\n * The newly generated tokens are short-lived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.\n *\n * In most cases, you should prefer `getOrFetchLikelyValidTokens`.\n *\n * @returns null if the session is known to be invalid, or new tokens otherwise (which, at the time of fetching, are guaranteed to be valid).\n */\n async fetchNewTokens(): Promise<{ accessToken: AccessToken, refreshToken: RefreshToken | null } | null> {\n const accessToken = await this._getNewlyFetchedAccessToken();\n return accessToken ? { accessToken, refreshToken: this._refreshToken } : null;\n }\n\n markAccessTokenExpired(accessToken: AccessToken) {\n // TODO we don't need this anymore, since we now check the expiry by ourselves\n if (this._accessToken.get() === accessToken) {\n this._accessToken.set(null);\n }\n }\n\n /**\n * Note that a callback invocation with `null` does not mean the session has been invalidated; the access token may just have expired. Use `onInvalidate` to detect invalidation.\n */\n onAccessTokenChange(callback: (newAccessToken: AccessToken | null) => void): { unsubscribe: () => void } {\n return this._accessToken.onChange(callback);\n }\n\n /**\n * @returns An access token, which may be expired or expire soon, or null if it is known to be invalid.\n */\n private _getPotentiallyInvalidAccessTokenIfAvailable(): AccessToken | null {\n if (!this._refreshToken) return null;\n if (this.isKnownToBeInvalid()) return null;\n\n const accessToken = this._accessToken.get();\n if (accessToken && !accessToken.isExpired()) return accessToken;\n\n return null;\n }\n\n /**\n * You should prefer `_getOrFetchPotentiallyInvalidAccessToken` in almost all cases.\n *\n * @returns A newly fetched access token (never read from cache), or null if the session either does not represent a user or the session is invalid.\n */\n private async _getNewlyFetchedAccessToken(): Promise<AccessToken | null> {\n if (!this._refreshToken) return null;\n if (this._knownToBeInvalid.get()) return null;\n\n if (!this._refreshPromise) {\n this._refreshAndSetRefreshPromise(this._refreshToken);\n }\n return await this._refreshPromise;\n }\n\n private _refreshAndSetRefreshPromise(refreshToken: RefreshToken) {\n let refreshPromise: Promise<AccessToken | null> = this._options.refreshAccessTokenCallback(refreshToken).then((accessToken) => {\n if (refreshPromise === this._refreshPromise) {\n this._refreshPromise = null;\n this._accessToken.set(accessToken);\n if (!accessToken) {\n this.markInvalid();\n }\n }\n return accessToken;\n });\n this._refreshPromise = refreshPromise;\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,WAAsB;AAEtB,2BAAyC;AACzC,oBAAoC;AACpC,oBAAsB;AAKf,IAAM,cAAN,MAAkB;AAAA,EACvB,YACkB,OAChB;AADgB;AAEhB,QAAI,UAAU,aAAa;AACzB,YAAM,IAAI,kCAAoB,sHAAsH;AAAA,IACtJ;AAAA,EACF;AAAA,EAEA,IAAI,UAAU;AACZ,UAAM,UAAe,eAAU,KAAK,KAAK;AACzC,WAAO,8CAAyB,aAAa,OAAO;AAAA,EACtD;AAAA,EAEA,IAAI,YAAkB;AACpB,UAAM,EAAE,IAAI,IAAI,KAAK;AACrB,QAAI,QAAQ,OAAW,QAAO,oBAAI,KAAK,MAAgB;AACvD,WAAO,IAAI,KAAK,MAAM,GAAI;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,kBAA0B;AAC5B,WAAO,KAAK,IAAI,GAAG,KAAK,UAAU,QAAQ,IAAI,KAAK,IAAI,CAAC;AAAA,EAC1D;AAAA,EAEA,YAAqB;AACnB,WAAO,KAAK,mBAAmB;AAAA,EACjC;AACF;AAEO,IAAM,eAAN,MAAmB;AAAA,EACxB,YACkB,OAChB;AADgB;AAEhB,QAAI,UAAU,aAAa;AACzB,YAAM,IAAI,kCAAoB,uHAAuH;AAAA,IACvJ;AAAA,EACF;AACF;AAOO,IAAM,kBAAN,MAAM,iBAAgB;AAAA,EA4B3B,YAA6B,UAI1B;AAJ0B;AAJ7B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAAQ,oBAAoB,IAAI,oBAAe,KAAK;AAEpD,SAAQ,kBAAsD;AAO5D,SAAK,eAAe,IAAI,oBAAM,SAAS,cAAc,IAAI,YAAY,SAAS,WAAW,IAAI,IAAI;AACjG,SAAK,gBAAgB,SAAS,eAAe,IAAI,aAAa,SAAS,YAAY,IAAI;AACvF,QAAI,SAAS,gBAAgB,QAAQ,SAAS,iBAAiB,MAAM;AAEnE,WAAK,kBAAkB,IAAI,IAAI;AAAA,IACjC;AACA,SAAK,aAAa,iBAAgB,oBAAoB,EAAE,aAAa,SAAS,eAAe,MAAM,cAAc,SAAS,aAAa,CAAC;AAAA,EAC1I;AAAA,EAEA,OAAO,oBAAoB,UAAgF;AACzG,QAAI,SAAS,cAAc;AACzB,aAAO,WAAW,SAAS,YAAY;AAAA,IACzC,WAAW,SAAS,aAAa;AAC/B,aAAO,UAAU,SAAS,WAAW;AAAA,IACvC,OAAO;AACL,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,qBAAqB;AACnB,WAAO,KAAK,kBAAkB,IAAI;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AACZ,SAAK,aAAa,IAAI,IAAI;AAC1B,SAAK,kBAAkB,IAAI,IAAI;AAAA,EACjC;AAAA,EAEA,aAAa,UAAmD;AAC9D,WAAO,KAAK,kBAAkB,SAAS,MAAM,SAAS,CAAC;AAAA,EACzD;AAAA;AAAA;AAAA;AAAA,EAKA,8BAA8B,0BAAsD;AAClF,QAAI,2BAA2B,KAAQ;AACrC,YAAM,IAAI,MAAM,gCAAgC,wBAAwB,0EAA0E;AAAA,IACpJ;AAEA,UAAM,cAAc,KAAK,6CAA6C;AACtE,QAAI,CAAC,eAAe,YAAY,kBAAkB,yBAA0B,QAAO;AACnF,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,4BAA4B,0BAAmH;AACnJ,UAAM,cAAc,KAAK,8BAA8B,wBAAwB;AAC/E,QAAI,CAAC,aAAa;AAChB,YAAM,YAAY,MAAM,KAAK,eAAe;AAC5C,YAAM,kBAAkB,WAAW,YAAY;AAC/C,UAAI,mBAAmB,kBAAkB,0BAA0B;AACjE,cAAM,IAAI,kCAAoB,gCAAgC,wBAAwB,uEAAuE,eAAe,KAAK;AAAA,MACnL;AACA,aAAO;AAAA,IACT;AACA,WAAO,EAAE,aAAa,cAAc,KAAK,cAAc;AAAA,EACzD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,iBAAkG;AACtG,UAAM,cAAc,MAAM,KAAK,4BAA4B;AAC3D,WAAO,cAAc,EAAE,aAAa,cAAc,KAAK,cAAc,IAAI;AAAA,EAC3E;AAAA,EAEA,uBAAuB,aAA0B;AAE/C,QAAI,KAAK,aAAa,IAAI,MAAM,aAAa;AAC3C,WAAK,aAAa,IAAI,IAAI;AAAA,IAC5B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAoB,UAAqF;AACvG,WAAO,KAAK,aAAa,SAAS,QAAQ;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKQ,+CAAmE;AACzE,QAAI,CAAC,KAAK,cAAe,QAAO;AAChC,QAAI,KAAK,mBAAmB,EAAG,QAAO;AAEtC,UAAM,cAAc,KAAK,aAAa,IAAI;AAC1C,QAAI,eAAe,CAAC,YAAY,UAAU,EAAG,QAAO;AAEpD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,8BAA2D;AACvE,QAAI,CAAC,KAAK,cAAe,QAAO;AAChC,QAAI,KAAK,kBAAkB,IAAI,EAAG,QAAO;AAEzC,QAAI,CAAC,KAAK,iBAAiB;AACzB,WAAK,6BAA6B,KAAK,aAAa;AAAA,IACtD;AACA,WAAO,MAAM,KAAK;AAAA,EACpB;AAAA,EAEQ,6BAA6B,cAA4B;AAC/D,QAAI,iBAA8C,KAAK,SAAS,2BAA2B,YAAY,EAAE,KAAK,CAAC,gBAAgB;AAC7H,UAAI,mBAAmB,KAAK,iBAAiB;AAC3C,aAAK,kBAAkB;AACvB,aAAK,aAAa,IAAI,WAAW;AACjC,YAAI,CAAC,aAAa;AAChB,eAAK,YAAY;AAAA,QACnB;AAAA,MACF;AACA,aAAO;AAAA,IACT,CAAC;AACD,SAAK,kBAAkB;AAAA,EACzB;AACF;","names":[]}
package/dist/utils/arrays.d.mts CHANGED
@@ -14,5 +14,10 @@ declare function rotateRight(arr: readonly any[], n: number): any[];
14
14
  declare function shuffle<T>(arr: readonly T[]): T[];
15
15
  declare function outerProduct<T, U>(arr1: readonly T[], arr2: readonly U[]): [T, U][];
16
16
  declare function unique<T>(arr: readonly T[]): T[];
17
+ declare function getChunks<T>(arr: readonly T[], size: number): T[][];
18
+ declare function isStringArray(arr: unknown): arr is string[];
19
+ declare function isNumberArray(arr: unknown): arr is number[];
20
+ declare function isBooleanArray(arr: unknown): arr is boolean[];
21
+ declare function isObjectArray(arr: unknown): arr is object[];
17
22
 
18
- export { enumerate, findLastIndex, groupBy, isShallowEqual, outerProduct, range, rotateLeft, rotateRight, shuffle, typedIncludes, unique };
23
+ export { enumerate, findLastIndex, getChunks, groupBy, isBooleanArray, isNumberArray, isObjectArray, isShallowEqual, isStringArray, outerProduct, range, rotateLeft, rotateRight, shuffle, typedIncludes, unique };
package/dist/utils/arrays.d.ts CHANGED
@@ -14,5 +14,10 @@ declare function rotateRight(arr: readonly any[], n: number): any[];
14
14
  declare function shuffle<T>(arr: readonly T[]): T[];
15
15
  declare function outerProduct<T, U>(arr1: readonly T[], arr2: readonly U[]): [T, U][];
16
16
  declare function unique<T>(arr: readonly T[]): T[];
17
+ declare function getChunks<T>(arr: readonly T[], size: number): T[][];
18
+ declare function isStringArray(arr: unknown): arr is string[];
19
+ declare function isNumberArray(arr: unknown): arr is number[];
20
+ declare function isBooleanArray(arr: unknown): arr is boolean[];
21
+ declare function isObjectArray(arr: unknown): arr is object[];
17
22
 
18
- export { enumerate, findLastIndex, groupBy, isShallowEqual, outerProduct, range, rotateLeft, rotateRight, shuffle, typedIncludes, unique };
23
+ export { enumerate, findLastIndex, getChunks, groupBy, isBooleanArray, isNumberArray, isObjectArray, isShallowEqual, isStringArray, outerProduct, range, rotateLeft, rotateRight, shuffle, typedIncludes, unique };
package/dist/utils/arrays.js CHANGED
@@ -22,8 +22,13 @@ var arrays_exports = {};
22
22
  __export(arrays_exports, {
23
23
  enumerate: () => enumerate,
24
24
  findLastIndex: () => findLastIndex,
25
+ getChunks: () => getChunks,
25
26
  groupBy: () => groupBy,
27
+ isBooleanArray: () => isBooleanArray,
28
+ isNumberArray: () => isNumberArray,
29
+ isObjectArray: () => isObjectArray,
26
30
  isShallowEqual: () => isShallowEqual,
31
+ isStringArray: () => isStringArray,
27
32
  outerProduct: () => outerProduct,
28
33
  range: () => range,
29
34
  rotateLeft: () => rotateLeft,
@@ -96,12 +101,37 @@ function outerProduct(arr1, arr2) {
96
101
  function unique(arr) {
97
102
  return [...new Set(arr)];
98
103
  }
104
+ function getChunks(arr, size) {
105
+ const result = [];
106
+ if (size <= 0) return result;
107
+ for (let i = 0; i < arr.length; i += size) {
108
+ result.push(arr.slice(i, i + size));
109
+ }
110
+ return result;
111
+ }
112
+ function isStringArray(arr) {
113
+ return Array.isArray(arr) && arr.every((item) => typeof item === "string");
114
+ }
115
+ function isNumberArray(arr) {
116
+ return Array.isArray(arr) && arr.every((item) => typeof item === "number");
117
+ }
118
+ function isBooleanArray(arr) {
119
+ return Array.isArray(arr) && arr.every((item) => typeof item === "boolean");
120
+ }
121
+ function isObjectArray(arr) {
122
+ return Array.isArray(arr) && arr.every((item) => typeof item === "object" && item !== null);
123
+ }
99
124
  // Annotate the CommonJS export names for ESM import in node:
100
125
  0 && (module.exports = {
101
126
  enumerate,
102
127
  findLastIndex,
128
+ getChunks,
103
129
  groupBy,
130
+ isBooleanArray,
131
+ isNumberArray,
132
+ isObjectArray,
104
133
  isShallowEqual,
134
+ isStringArray,
105
135
  outerProduct,
106
136
  range,
107
137
  rotateLeft,
package/dist/utils/arrays.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/utils/arrays.tsx"],"sourcesContent":["import { remainder } from \"./math\";\n\nexport function typedIncludes<T extends readonly any[]>(arr: T, item: unknown): item is T[number] {\n return arr.includes(item);\n}\nundefined?.test(\"typedIncludes\", ({ expect }) => {\n const arr = [1, 2, 3] as const;\n expect(typedIncludes(arr, 1)).toBe(true);\n expect(typedIncludes(arr, 4)).toBe(false);\n expect(typedIncludes(arr, \"1\")).toBe(false);\n\n const strArr = [\"a\", \"b\", \"c\"] as const;\n expect(typedIncludes(strArr, \"a\")).toBe(true);\n expect(typedIncludes(strArr, \"d\")).toBe(false);\n});\n\nexport function enumerate<T extends readonly any[]>(arr: T): [number, T[number]][] {\n return arr.map((item, index) => [index, item]);\n}\nundefined?.test(\"enumerate\", ({ expect }) => {\n expect(enumerate([])).toEqual([]);\n expect(enumerate([1, 2, 3])).toEqual([[0, 1], [1, 2], [2, 3]]);\n expect(enumerate([\"a\", \"b\", \"c\"])).toEqual([[0, \"a\"], [1, \"b\"], [2, \"c\"]]);\n});\n\nexport function isShallowEqual(a: readonly any[], b: readonly any[]): boolean {\n if (a.length !== b.length) return false;\n for (let i = 0; i < a.length; i++) {\n if (a[i] !== b[i]) return false;\n }\n return true;\n}\nundefined?.test(\"isShallowEqual\", ({ expect }) => {\n expect(isShallowEqual([], [])).toBe(true);\n expect(isShallowEqual([1, 2, 3], [1, 2, 3])).toBe(true);\n expect(isShallowEqual([1, 2, 3], [1, 2, 4])).toBe(false);\n expect(isShallowEqual([1, 2, 3], [1, 2])).toBe(false);\n expect(isShallowEqual([1, 2], [1, 2, 3])).toBe(false);\n // Test with objects (reference equality)\n const obj1 = { a: 1 };\n const obj2 = { a: 1 };\n expect(isShallowEqual([obj1], [obj1])).toBe(true);\n expect(isShallowEqual([obj1], [obj2])).toBe(false);\n});\n\n/**\n * Ponyfill for ES2023's findLastIndex.\n */\nexport function findLastIndex<T>(arr: readonly T[], predicate: (item: T) => boolean): number {\n for (let i = arr.length - 1; i >= 0; i--) {\n if (predicate(arr[i])) return i;\n }\n return -1;\n}\nundefined?.test(\"findLastIndex\", ({ expect }) => {\n expect(findLastIndex([], () => true)).toBe(-1);\n expect(findLastIndex([1, 2, 3, 4, 5], x => x % 2 === 0)).toBe(3); // 4 is at index 3\n expect(findLastIndex([1, 2, 3, 4, 5], x => x > 10)).toBe(-1);\n expect(findLastIndex([1, 2, 3, 2, 1], x => x === 2)).toBe(3);\n expect(findLastIndex([1, 2, 3], x => x === 1)).toBe(0);\n});\n\nexport function groupBy<T extends any, K>(\n arr: Iterable<T>,\n key: (item: T) => K,\n): Map<K, T[]> {\n const result = new Map<K, T[]>;\n for (const item of arr) {\n const k = key(item);\n if (result.get(k) === undefined) result.set(k, []);\n result.get(k)!.push(item);\n }\n return result;\n}\nundefined?.test(\"groupBy\", ({ expect }) => {\n expect(groupBy([], (x) => x)).toEqual(new Map());\n\n const numbers = [1, 2, 3, 4, 5, 6];\n const grouped = groupBy(numbers, (n) => n % 2 === 0 ? \"even\" : \"odd\");\n expect(grouped.get(\"even\")).toEqual([2, 4, 6]);\n expect(grouped.get(\"odd\")).toEqual([1, 3, 5]);\n\n // Check the actual lengths of the words to ensure our test is correct\n const words = [\"apple\", \"banana\", \"cherry\", \"date\", \"elderberry\"];\n\n const byLength = groupBy(words, (w) => w.length);\n // Adjust expectations based on actual word lengths\n expect(byLength.get(5)).toEqual([\"apple\"]);\n expect(byLength.get(6)).toEqual([\"banana\", \"cherry\"]);\n expect(byLength.get(4)).toEqual([\"date\"]);\n expect(byLength.get(10)).toEqual([\"elderberry\"]);\n});\n\nexport function range(endExclusive: number): number[];\nexport function range(startInclusive: number, endExclusive: number): number[];\nexport function range(startInclusive: number, endExclusive: number, step: number): number[];\nexport function range(startInclusive: number, endExclusive?: number, step?: number): number[] {\n if (endExclusive === undefined) {\n endExclusive = startInclusive;\n startInclusive = 0;\n }\n if (step === undefined) step = 1;\n\n const result = [];\n for (let i = startInclusive; step > 0 ? (i < endExclusive) : (i > endExclusive); i += step) {\n result.push(i);\n }\n return result;\n}\nundefined?.test(\"range\", ({ expect }) => {\n expect(range(5)).toEqual([0, 1, 2, 3, 4]);\n expect(range(2, 5)).toEqual([2, 3, 4]);\n expect(range(1, 10, 2)).toEqual([1, 3, 5, 7, 9]);\n expect(range(5, 0, -1)).toEqual([5, 4, 3, 2, 1]);\n expect(range(0, 0)).toEqual([]);\n expect(range(0, 10, 3)).toEqual([0, 3, 6, 9]);\n});\n\n\nexport function rotateLeft(arr: readonly any[], n: number): any[] {\n if (arr.length === 0) return [];\n const index = remainder(n, arr.length);\n return [...arr.slice(index), ...arr.slice(0, index)];\n}\nundefined?.test(\"rotateLeft\", ({ expect }) => {\n expect(rotateLeft([], 1)).toEqual([]);\n expect(rotateLeft([1, 2, 3, 4, 5], 0)).toEqual([1, 2, 3, 4, 5]);\n expect(rotateLeft([1, 2, 3, 4, 5], 1)).toEqual([2, 3, 4, 5, 1]);\n expect(rotateLeft([1, 2, 3, 4, 5], 3)).toEqual([4, 5, 1, 2, 3]);\n expect(rotateLeft([1, 2, 3, 4, 5], 5)).toEqual([1, 2, 3, 4, 5]);\n expect(rotateLeft([1, 2, 3, 4, 5], 6)).toEqual([2, 3, 4, 5, 1]);\n});\n\nexport function rotateRight(arr: readonly any[], n: number): any[] {\n return rotateLeft(arr, -n);\n}\nundefined?.test(\"rotateRight\", ({ expect }) => {\n expect(rotateRight([], 1)).toEqual([]);\n expect(rotateRight([1, 2, 3, 4, 5], 0)).toEqual([1, 2, 3, 4, 5]);\n expect(rotateRight([1, 2, 3, 4, 5], 1)).toEqual([5, 1, 2, 3, 4]);\n expect(rotateRight([1, 2, 3, 4, 5], 3)).toEqual([3, 4, 5, 1, 2]);\n expect(rotateRight([1, 2, 3, 4, 5], 5)).toEqual([1, 2, 3, 4, 5]);\n expect(rotateRight([1, 2, 3, 4, 5], 6)).toEqual([5, 1, 2, 3, 4]);\n});\n\n\nexport function shuffle<T>(arr: readonly T[]): T[] {\n const result = [...arr];\n for (let i = result.length - 1; i > 0; i--) {\n const j = Math.floor(Math.random() * (i + 1));\n [result[i], result[j]] = [result[j], result[i]];\n }\n return result;\n}\nundefined?.test(\"shuffle\", ({ expect }) => {\n // Test empty array\n expect(shuffle([])).toEqual([]);\n\n // Test single element array\n expect(shuffle([1])).toEqual([1]);\n\n // Test that shuffle returns a new array\n const original = [1, 2, 3, 4, 5];\n const shuffled = shuffle(original);\n expect(shuffled).not.toBe(original);\n\n // Test that all elements are preserved\n expect(shuffled.sort((a, b) => a - b)).toEqual(original);\n\n // Test with a larger array to ensure randomness\n // This is a probabilistic test, but it's very unlikely to fail\n const large = Array.from({ length: 100 }, (_, i) => i);\n const shuffledLarge = shuffle(large);\n expect(shuffledLarge).not.toEqual(large);\n expect(shuffledLarge.sort((a, b) => a - b)).toEqual(large);\n});\n\n\nexport function outerProduct<T, U>(arr1: readonly T[], arr2: readonly U[]): [T, U][] {\n return arr1.flatMap((item1) => arr2.map((item2) => [item1, item2] as [T, U]));\n}\nundefined?.test(\"outerProduct\", ({ expect }) => {\n expect(outerProduct([], [])).toEqual([]);\n expect(outerProduct([1], [])).toEqual([]);\n expect(outerProduct([], [1])).toEqual([]);\n expect(outerProduct([1], [2])).toEqual([[1, 2]]);\n expect(outerProduct([1, 2], [3, 4])).toEqual([[1, 3], [1, 4], [2, 3], [2, 4]]);\n expect(outerProduct([\"a\", \"b\"], [1, 2])).toEqual([[\"a\", 1], [\"a\", 2], [\"b\", 1], [\"b\", 2]]);\n});\n\nexport function unique<T>(arr: readonly T[]): T[] {\n return [...new Set(arr)];\n}\nundefined?.test(\"unique\", ({ expect }) => {\n expect(unique([])).toEqual([]);\n expect(unique([1, 2, 3])).toEqual([1, 2, 3]);\n expect(unique([1, 2, 2, 3, 1, 3])).toEqual([1, 2, 3]);\n // Test with objects (reference equality)\n const obj = { a: 1 };\n expect(unique([obj, obj])).toEqual([obj]);\n // Test with different types\n expect(unique([1, \"1\", true, 1, \"1\", true])).toEqual([1, \"1\", true]);\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA0B;AAEnB,SAAS,cAAwC,KAAQ,MAAkC;AAChG,SAAO,IAAI,SAAS,IAAI;AAC1B;AAYO,SAAS,UAAoC,KAA+B;AACjF,SAAO,IAAI,IAAI,CAAC,MAAM,UAAU,CAAC,OAAO,IAAI,CAAC;AAC/C;AAOO,SAAS,eAAe,GAAmB,GAA4B;AAC5E,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AACjC,QAAI,EAAE,CAAC,MAAM,EAAE,CAAC,EAAG,QAAO;AAAA,EAC5B;AACA,SAAO;AACT;AAiBO,SAAS,cAAiB,KAAmB,WAAyC;AAC3F,WAAS,IAAI,IAAI,SAAS,GAAG,KAAK,GAAG,KAAK;AACxC,QAAI,UAAU,IAAI,CAAC,CAAC,EAAG,QAAO;AAAA,EAChC;AACA,SAAO;AACT;AASO,SAAS,QACd,KACA,KACa;AACb,QAAM,SAAS,oBAAI;AACnB,aAAW,QAAQ,KAAK;AACtB,UAAM,IAAI,IAAI,IAAI;AAClB,QAAI,OAAO,IAAI,CAAC,MAAM,OAAW,QAAO,IAAI,GAAG,CAAC,CAAC;AACjD,WAAO,IAAI,CAAC,EAAG,KAAK,IAAI;AAAA,EAC1B;AACA,SAAO;AACT;AAuBO,SAAS,MAAM,gBAAwB,cAAuB,MAAyB;AAC5F,MAAI,iBAAiB,QAAW;AAC9B,mBAAe;AACf,qBAAiB;AAAA,EACnB;AACA,MAAI,SAAS,OAAW,QAAO;AAE/B,QAAM,SAAS,CAAC;AAChB,WAAS,IAAI,gBAAgB,OAAO,IAAK,IAAI,eAAiB,IAAI,cAAe,KAAK,MAAM;AAC1F,WAAO,KAAK,CAAC;AAAA,EACf;AACA,SAAO;AACT;AAWO,SAAS,WAAW,KAAqB,GAAkB;AAChE,MAAI,IAAI,WAAW,EAAG,QAAO,CAAC;AAC9B,QAAM,YAAQ,uBAAU,GAAG,IAAI,MAAM;AACrC,SAAO,CAAC,GAAG,IAAI,MAAM,KAAK,GAAG,GAAG,IAAI,MAAM,GAAG,KAAK,CAAC;AACrD;AAUO,SAAS,YAAY,KAAqB,GAAkB;AACjE,SAAO,WAAW,KAAK,CAAC,CAAC;AAC3B;AAWO,SAAS,QAAW,KAAwB;AACjD,QAAM,SAAS,CAAC,GAAG,GAAG;AACtB,WAAS,IAAI,OAAO,SAAS,GAAG,IAAI,GAAG,KAAK;AAC1C,UAAM,IAAI,KAAK,MAAM,KAAK,OAAO,KAAK,IAAI,EAAE;AAC5C,KAAC,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC;AAAA,EAChD;AACA,SAAO;AACT;AAyBO,SAAS,aAAmB,MAAoB,MAA8B;AACnF,SAAO,KAAK,QAAQ,CAAC,UAAU,KAAK,IAAI,CAAC,UAAU,CAAC,OAAO,KAAK,CAAW,CAAC;AAC9E;AAUO,SAAS,OAAU,KAAwB;AAChD,SAAO,CAAC,GAAG,IAAI,IAAI,GAAG,CAAC;AACzB;","names":[]}
1
+ {"version":3,"sources":["../../src/utils/arrays.tsx"],"sourcesContent":["import { remainder } from \"./math\";\n\nexport function typedIncludes<T extends readonly any[]>(arr: T, item: unknown): item is T[number] {\n return arr.includes(item);\n}\nundefined?.test(\"typedIncludes\", ({ expect }) => {\n const arr = [1, 2, 3] as const;\n expect(typedIncludes(arr, 1)).toBe(true);\n expect(typedIncludes(arr, 4)).toBe(false);\n expect(typedIncludes(arr, \"1\")).toBe(false);\n\n const strArr = [\"a\", \"b\", \"c\"] as const;\n expect(typedIncludes(strArr, \"a\")).toBe(true);\n expect(typedIncludes(strArr, \"d\")).toBe(false);\n});\n\nexport function enumerate<T extends readonly any[]>(arr: T): [number, T[number]][] {\n return arr.map((item, index) => [index, item]);\n}\nundefined?.test(\"enumerate\", ({ expect }) => {\n expect(enumerate([])).toEqual([]);\n expect(enumerate([1, 2, 3])).toEqual([[0, 1], [1, 2], [2, 3]]);\n expect(enumerate([\"a\", \"b\", \"c\"])).toEqual([[0, \"a\"], [1, \"b\"], [2, \"c\"]]);\n});\n\nexport function isShallowEqual(a: readonly any[], b: readonly any[]): boolean {\n if (a.length !== b.length) return false;\n for (let i = 0; i < a.length; i++) {\n if (a[i] !== b[i]) return false;\n }\n return true;\n}\nundefined?.test(\"isShallowEqual\", ({ expect }) => {\n expect(isShallowEqual([], [])).toBe(true);\n expect(isShallowEqual([1, 2, 3], [1, 2, 3])).toBe(true);\n expect(isShallowEqual([1, 2, 3], [1, 2, 4])).toBe(false);\n expect(isShallowEqual([1, 2, 3], [1, 2])).toBe(false);\n expect(isShallowEqual([1, 2], [1, 2, 3])).toBe(false);\n // Test with objects (reference equality)\n const obj1 = { a: 1 };\n const obj2 = { a: 1 };\n expect(isShallowEqual([obj1], [obj1])).toBe(true);\n expect(isShallowEqual([obj1], [obj2])).toBe(false);\n});\n\n/**\n * Ponyfill for ES2023's findLastIndex.\n */\nexport function findLastIndex<T>(arr: readonly T[], predicate: (item: T) => boolean): number {\n for (let i = arr.length - 1; i >= 0; i--) {\n if (predicate(arr[i])) return i;\n }\n return -1;\n}\nundefined?.test(\"findLastIndex\", ({ expect }) => {\n expect(findLastIndex([], () => true)).toBe(-1);\n expect(findLastIndex([1, 2, 3, 4, 5], x => x % 2 === 0)).toBe(3); // 4 is at index 3\n expect(findLastIndex([1, 2, 3, 4, 5], x => x > 10)).toBe(-1);\n expect(findLastIndex([1, 2, 3, 2, 1], x => x === 2)).toBe(3);\n expect(findLastIndex([1, 2, 3], x => x === 1)).toBe(0);\n});\n\nexport function groupBy<T extends any, K>(\n arr: Iterable<T>,\n key: (item: T) => K,\n): Map<K, T[]> {\n const result = new Map<K, T[]>;\n for (const item of arr) {\n const k = key(item);\n if (result.get(k) === undefined) result.set(k, []);\n result.get(k)!.push(item);\n }\n return result;\n}\nundefined?.test(\"groupBy\", ({ expect }) => {\n expect(groupBy([], (x) => x)).toEqual(new Map());\n\n const numbers = [1, 2, 3, 4, 5, 6];\n const grouped = groupBy(numbers, (n) => n % 2 === 0 ? \"even\" : \"odd\");\n expect(grouped.get(\"even\")).toEqual([2, 4, 6]);\n expect(grouped.get(\"odd\")).toEqual([1, 3, 5]);\n\n // Check the actual lengths of the words to ensure our test is correct\n const words = [\"apple\", \"banana\", \"cherry\", \"date\", \"elderberry\"];\n\n const byLength = groupBy(words, (w) => w.length);\n // Adjust expectations based on actual word lengths\n expect(byLength.get(5)).toEqual([\"apple\"]);\n expect(byLength.get(6)).toEqual([\"banana\", \"cherry\"]);\n expect(byLength.get(4)).toEqual([\"date\"]);\n expect(byLength.get(10)).toEqual([\"elderberry\"]);\n});\n\nexport function range(endExclusive: number): number[];\nexport function range(startInclusive: number, endExclusive: number): number[];\nexport function range(startInclusive: number, endExclusive: number, step: number): number[];\nexport function range(startInclusive: number, endExclusive?: number, step?: number): number[] {\n if (endExclusive === undefined) {\n endExclusive = startInclusive;\n startInclusive = 0;\n }\n if (step === undefined) step = 1;\n\n const result = [];\n for (let i = startInclusive; step > 0 ? (i < endExclusive) : (i > endExclusive); i += step) {\n result.push(i);\n }\n return result;\n}\nundefined?.test(\"range\", ({ expect }) => {\n expect(range(5)).toEqual([0, 1, 2, 3, 4]);\n expect(range(2, 5)).toEqual([2, 3, 4]);\n expect(range(1, 10, 2)).toEqual([1, 3, 5, 7, 9]);\n expect(range(5, 0, -1)).toEqual([5, 4, 3, 2, 1]);\n expect(range(0, 0)).toEqual([]);\n expect(range(0, 10, 3)).toEqual([0, 3, 6, 9]);\n});\n\n\nexport function rotateLeft(arr: readonly any[], n: number): any[] {\n if (arr.length === 0) return [];\n const index = remainder(n, arr.length);\n return [...arr.slice(index), ...arr.slice(0, index)];\n}\nundefined?.test(\"rotateLeft\", ({ expect }) => {\n expect(rotateLeft([], 1)).toEqual([]);\n expect(rotateLeft([1, 2, 3, 4, 5], 0)).toEqual([1, 2, 3, 4, 5]);\n expect(rotateLeft([1, 2, 3, 4, 5], 1)).toEqual([2, 3, 4, 5, 1]);\n expect(rotateLeft([1, 2, 3, 4, 5], 3)).toEqual([4, 5, 1, 2, 3]);\n expect(rotateLeft([1, 2, 3, 4, 5], 5)).toEqual([1, 2, 3, 4, 5]);\n expect(rotateLeft([1, 2, 3, 4, 5], 6)).toEqual([2, 3, 4, 5, 1]);\n});\n\nexport function rotateRight(arr: readonly any[], n: number): any[] {\n return rotateLeft(arr, -n);\n}\nundefined?.test(\"rotateRight\", ({ expect }) => {\n expect(rotateRight([], 1)).toEqual([]);\n expect(rotateRight([1, 2, 3, 4, 5], 0)).toEqual([1, 2, 3, 4, 5]);\n expect(rotateRight([1, 2, 3, 4, 5], 1)).toEqual([5, 1, 2, 3, 4]);\n expect(rotateRight([1, 2, 3, 4, 5], 3)).toEqual([3, 4, 5, 1, 2]);\n expect(rotateRight([1, 2, 3, 4, 5], 5)).toEqual([1, 2, 3, 4, 5]);\n expect(rotateRight([1, 2, 3, 4, 5], 6)).toEqual([5, 1, 2, 3, 4]);\n});\n\n\nexport function shuffle<T>(arr: readonly T[]): T[] {\n const result = [...arr];\n for (let i = result.length - 1; i > 0; i--) {\n const j = Math.floor(Math.random() * (i + 1));\n [result[i], result[j]] = [result[j], result[i]];\n }\n return result;\n}\nundefined?.test(\"shuffle\", ({ expect }) => {\n // Test empty array\n expect(shuffle([])).toEqual([]);\n\n // Test single element array\n expect(shuffle([1])).toEqual([1]);\n\n // Test that shuffle returns a new array\n const original = [1, 2, 3, 4, 5];\n const shuffled = shuffle(original);\n expect(shuffled).not.toBe(original);\n\n // Test that all elements are preserved\n expect(shuffled.sort((a, b) => a - b)).toEqual(original);\n\n // Test with a larger array to ensure randomness\n // This is a probabilistic test, but it's very unlikely to fail\n const large = Array.from({ length: 100 }, (_, i) => i);\n const shuffledLarge = shuffle(large);\n expect(shuffledLarge).not.toEqual(large);\n expect(shuffledLarge.sort((a, b) => a - b)).toEqual(large);\n});\n\n\nexport function outerProduct<T, U>(arr1: readonly T[], arr2: readonly U[]): [T, U][] {\n return arr1.flatMap((item1) => arr2.map((item2) => [item1, item2] as [T, U]));\n}\nundefined?.test(\"outerProduct\", ({ expect }) => {\n expect(outerProduct([], [])).toEqual([]);\n expect(outerProduct([1], [])).toEqual([]);\n expect(outerProduct([], [1])).toEqual([]);\n expect(outerProduct([1], [2])).toEqual([[1, 2]]);\n expect(outerProduct([1, 2], [3, 4])).toEqual([[1, 3], [1, 4], [2, 3], [2, 4]]);\n expect(outerProduct([\"a\", \"b\"], [1, 2])).toEqual([[\"a\", 1], [\"a\", 2], [\"b\", 1], [\"b\", 2]]);\n});\n\nexport function unique<T>(arr: readonly T[]): T[] {\n return [...new Set(arr)];\n}\nundefined?.test(\"unique\", ({ expect }) => {\n expect(unique([])).toEqual([]);\n expect(unique([1, 2, 3])).toEqual([1, 2, 3]);\n expect(unique([1, 2, 2, 3, 1, 3])).toEqual([1, 2, 3]);\n // Test with objects (reference equality)\n const obj = { a: 1 };\n expect(unique([obj, obj])).toEqual([obj]);\n // Test with different types\n expect(unique([1, \"1\", true, 1, \"1\", true])).toEqual([1, \"1\", true]);\n});\n\n\nexport function getChunks<T>(arr: readonly T[], size: number): T[][] {\n const result: T[][] = [];\n if (size <= 0) return result;\n for (let i = 0; i < arr.length; i += size) {\n result.push(arr.slice(i, i + size));\n }\n return result;\n}\nundefined?.test(\"getChunks\", ({ expect }) => {\n expect(getChunks([], 2)).toEqual([]);\n expect(getChunks([1], 2)).toEqual([[1]]);\n expect(getChunks([1, 2], 2)).toEqual([[1, 2]]);\n expect(getChunks([1, 2, 3], 2)).toEqual([[1, 2], [3]]);\n expect(getChunks([1, 2, 3, 4, 5], 2)).toEqual([[1, 2], [3, 4], [5]]);\n expect(getChunks([1, 2, 3, 4], 3)).toEqual([[1, 2, 3], [4]]);\n expect(getChunks([1, 2, 3], 0)).toEqual([]);\n expect(getChunks([1, 2, 3], -1)).toEqual([]);\n});\n\nexport function isStringArray(arr: unknown): arr is string[] {\n return Array.isArray(arr) && arr.every((item) => typeof item === \"string\");\n}\nexport function isNumberArray(arr: unknown): arr is number[] {\n return Array.isArray(arr) && arr.every((item) => typeof item === \"number\");\n}\nexport function isBooleanArray(arr: unknown): arr is boolean[] {\n return Array.isArray(arr) && arr.every((item) => typeof item === \"boolean\");\n}\nexport function isObjectArray(arr: unknown): arr is object[] {\n return Array.isArray(arr) && arr.every((item) => typeof item === \"object\" && item !== null);\n}\nundefined?.test(\"is<Type>Array\", ({ expect }) => {\n expect(isStringArray([])).toBe(true);\n expect(isNumberArray([1, 2, 3])).toBe(true);\n expect(isBooleanArray([true, false, true])).toBe(true);\n expect(isObjectArray([{ a: 1 }, { b: 2 }, { c: 3 }])).toBe(true);\n expect(isStringArray([1, 2, 3])).toBe(false);\n expect(isNumberArray([\"a\", \"b\", \"c\"])).toBe(false);\n expect(isBooleanArray([1, 2, 3])).toBe(false);\n expect(isObjectArray([1, 2, 3])).toBe(false);\n expect(isObjectArray([{ a: 1 }, null, { b: 2 }])).toBe(false);\n expect(isObjectArray([{ a: 1 }, undefined, { b: 2 }])).toBe(false);\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA0B;AAEnB,SAAS,cAAwC,KAAQ,MAAkC;AAChG,SAAO,IAAI,SAAS,IAAI;AAC1B;AAYO,SAAS,UAAoC,KAA+B;AACjF,SAAO,IAAI,IAAI,CAAC,MAAM,UAAU,CAAC,OAAO,IAAI,CAAC;AAC/C;AAOO,SAAS,eAAe,GAAmB,GAA4B;AAC5E,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AACjC,QAAI,EAAE,CAAC,MAAM,EAAE,CAAC,EAAG,QAAO;AAAA,EAC5B;AACA,SAAO;AACT;AAiBO,SAAS,cAAiB,KAAmB,WAAyC;AAC3F,WAAS,IAAI,IAAI,SAAS,GAAG,KAAK,GAAG,KAAK;AACxC,QAAI,UAAU,IAAI,CAAC,CAAC,EAAG,QAAO;AAAA,EAChC;AACA,SAAO;AACT;AASO,SAAS,QACd,KACA,KACa;AACb,QAAM,SAAS,oBAAI;AACnB,aAAW,QAAQ,KAAK;AACtB,UAAM,IAAI,IAAI,IAAI;AAClB,QAAI,OAAO,IAAI,CAAC,MAAM,OAAW,QAAO,IAAI,GAAG,CAAC,CAAC;AACjD,WAAO,IAAI,CAAC,EAAG,KAAK,IAAI;AAAA,EAC1B;AACA,SAAO;AACT;AAuBO,SAAS,MAAM,gBAAwB,cAAuB,MAAyB;AAC5F,MAAI,iBAAiB,QAAW;AAC9B,mBAAe;AACf,qBAAiB;AAAA,EACnB;AACA,MAAI,SAAS,OAAW,QAAO;AAE/B,QAAM,SAAS,CAAC;AAChB,WAAS,IAAI,gBAAgB,OAAO,IAAK,IAAI,eAAiB,IAAI,cAAe,KAAK,MAAM;AAC1F,WAAO,KAAK,CAAC;AAAA,EACf;AACA,SAAO;AACT;AAWO,SAAS,WAAW,KAAqB,GAAkB;AAChE,MAAI,IAAI,WAAW,EAAG,QAAO,CAAC;AAC9B,QAAM,YAAQ,uBAAU,GAAG,IAAI,MAAM;AACrC,SAAO,CAAC,GAAG,IAAI,MAAM,KAAK,GAAG,GAAG,IAAI,MAAM,GAAG,KAAK,CAAC;AACrD;AAUO,SAAS,YAAY,KAAqB,GAAkB;AACjE,SAAO,WAAW,KAAK,CAAC,CAAC;AAC3B;AAWO,SAAS,QAAW,KAAwB;AACjD,QAAM,SAAS,CAAC,GAAG,GAAG;AACtB,WAAS,IAAI,OAAO,SAAS,GAAG,IAAI,GAAG,KAAK;AAC1C,UAAM,IAAI,KAAK,MAAM,KAAK,OAAO,KAAK,IAAI,EAAE;AAC5C,KAAC,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC;AAAA,EAChD;AACA,SAAO;AACT;AAyBO,SAAS,aAAmB,MAAoB,MAA8B;AACnF,SAAO,KAAK,QAAQ,CAAC,UAAU,KAAK,IAAI,CAAC,UAAU,CAAC,OAAO,KAAK,CAAW,CAAC;AAC9E;AAUO,SAAS,OAAU,KAAwB;AAChD,SAAO,CAAC,GAAG,IAAI,IAAI,GAAG,CAAC;AACzB;AAaO,SAAS,UAAa,KAAmB,MAAqB;AACnE,QAAM,SAAgB,CAAC;AACvB,MAAI,QAAQ,EAAG,QAAO;AACtB,WAAS,IAAI,GAAG,IAAI,IAAI,QAAQ,KAAK,MAAM;AACzC,WAAO,KAAK,IAAI,MAAM,GAAG,IAAI,IAAI,CAAC;AAAA,EACpC;AACA,SAAO;AACT;AAYO,SAAS,cAAc,KAA+B;AAC3D,SAAO,MAAM,QAAQ,GAAG,KAAK,IAAI,MAAM,CAAC,SAAS,OAAO,SAAS,QAAQ;AAC3E;AACO,SAAS,cAAc,KAA+B;AAC3D,SAAO,MAAM,QAAQ,GAAG,KAAK,IAAI,MAAM,CAAC,SAAS,OAAO,SAAS,QAAQ;AAC3E;AACO,SAAS,eAAe,KAAgC;AAC7D,SAAO,MAAM,QAAQ,GAAG,KAAK,IAAI,MAAM,CAAC,SAAS,OAAO,SAAS,SAAS;AAC5E;AACO,SAAS,cAAc,KAA+B;AAC3D,SAAO,MAAM,QAAQ,GAAG,KAAK,IAAI,MAAM,CAAC,SAAS,OAAO,SAAS,YAAY,SAAS,IAAI;AAC5F;","names":[]}
package/dist/utils/esbuild.d.mts CHANGED
@@ -8,6 +8,7 @@ declare function bundleJavaScript(sourceFiles: Record<string, string> & {
8
8
  externalPackages?: Record<string, string>;
9
9
  keepAsImports?: string[];
10
10
  sourcemap?: false | 'inline';
11
+ allowHttpImports?: boolean;
11
12
  }): Promise<Result<string, string>>;
12
13
 
13
14
  export { bundleJavaScript, initializeEsbuild };
package/dist/utils/esbuild.d.ts CHANGED
@@ -8,6 +8,7 @@ declare function bundleJavaScript(sourceFiles: Record<string, string> & {
8
8
  externalPackages?: Record<string, string>;
9
9
  keepAsImports?: string[];
10
10
  sourcemap?: false | 'inline';
11
+ allowHttpImports?: boolean;
11
12
  }): Promise<Result<string, string>>;
12
13
 
13
14
  export { bundleJavaScript, initializeEsbuild };
package/dist/utils/esbuild.js CHANGED
@@ -46,12 +46,26 @@ globalThis.self ??= globalThis;
46
46
  function initializeEsbuild() {
47
47
  if (!esbuildInitializePromise) {
48
48
  esbuildInitializePromise = (0, import_telemetry.withTraceSpan)("initializeEsbuild", async () => {
49
- await esbuild.initialize((0, import_env.isBrowserLike)() ? {
50
- wasmURL: esbuildWasmUrl
51
- } : {
52
- wasmModule: await fetch(esbuildWasmUrl).then((wasm) => wasm.arrayBuffer()).then((wasm) => new WebAssembly.Module(wasm)),
53
- worker: false
54
- });
49
+ if ((0, import_env.isBrowserLike)()) {
50
+ await esbuild.initialize({
51
+ wasmURL: esbuildWasmUrl
52
+ });
53
+ } else {
54
+ const esbuildWasmResponse = await fetch(esbuildWasmUrl);
55
+ if (!esbuildWasmResponse.ok) {
56
+ throw new import_errors.StackAssertionError(`Failed to fetch esbuild.wasm: ${esbuildWasmResponse.status} ${esbuildWasmResponse.statusText}: ${await esbuildWasmResponse.text()}`);
57
+ }
58
+ const esbuildWasm = await esbuildWasmResponse.arrayBuffer();
59
+ const esbuildWasmArray = new Uint8Array(esbuildWasm);
60
+ if (esbuildWasmArray[0] !== 0 || esbuildWasmArray[1] !== 97 || esbuildWasmArray[2] !== 115 || esbuildWasmArray[3] !== 109) {
61
+ throw new import_errors.StackAssertionError(`Invalid esbuild.wasm file: ${new TextDecoder().decode(esbuildWasmArray)}`);
62
+ }
63
+ const esbuildWasmModule = new WebAssembly.Module(esbuildWasm);
64
+ await esbuild.initialize({
65
+ wasmModule: esbuildWasmModule,
66
+ worker: false
67
+ });
68
+ }
55
69
  })();
56
70
  }
57
71
  return esbuildInitializePromise;
@@ -61,6 +75,7 @@ async function bundleJavaScript(sourceFiles, options = {}) {
61
75
  const sourceFilesMap = new Map(Object.entries(sourceFiles));
62
76
  const externalPackagesMap = new Map(Object.entries(options.externalPackages ?? {}));
63
77
  const keepAsImports = options.keepAsImports ?? [];
78
+ const httpImportCache = /* @__PURE__ */ new Map();
64
79
  const extToLoader = /* @__PURE__ */ new Map([
65
80
  ["tsx", "tsx"],
66
81
  ["ts", "ts"],
@@ -82,6 +97,48 @@ async function bundleJavaScript(sourceFiles, options = {}) {
82
97
  sourcemap: options.sourcemap ?? "inline",
83
98
  external: keepAsImports,
84
99
  plugins: [
100
+ ...options.allowHttpImports ? [{
101
+ name: "esm-sh-only",
102
+ setup(build2) {
103
+ build2.onResolve({ filter: /.*/ }, (args) => {
104
+ const isHttp = args.path.startsWith("http://") || args.path.startsWith("https://");
105
+ const fromEsmNs = args.namespace === "esm-sh";
106
+ if (!isHttp && !fromEsmNs) return null;
107
+ const url = new URL(args.path, fromEsmNs ? args.importer : void 0);
108
+ if (url.protocol !== "https:" || url.host !== "esm.sh") {
109
+ throw new Error(`Blocked non-esm.sh URL import: ${url.href}`);
110
+ }
111
+ return { path: url.href, namespace: "esm-sh" };
112
+ });
113
+ build2.onLoad({ filter: /.*/, namespace: "esm-sh" }, async (args) => {
114
+ if (httpImportCache.has(args.path)) return httpImportCache.get(args.path);
115
+ const res = await fetch(args.path, { redirect: "follow" });
116
+ if (!res.ok) throw new Error(`Fetch ${res.status} ${res.statusText} for ${args.path}`);
117
+ const finalUrl = new URL(res.url);
118
+ if (finalUrl.host !== "esm.sh") {
119
+ throw new Error(`Redirect escaped esm.sh: ${finalUrl.href}`);
120
+ }
121
+ const ct = (res.headers.get("content-type") || "").toLowerCase();
122
+ let loader = ct.includes("css") ? "css" : ct.includes("json") ? "json" : ct.includes("typescript") ? "ts" : ct.includes("jsx") ? "jsx" : ct.includes("tsx") ? "tsx" : "js";
123
+ const p = finalUrl.pathname;
124
+ if (p.endsWith(".css")) loader = "css";
125
+ else if (p.endsWith(".json")) loader = "json";
126
+ else if (p.endsWith(".ts")) loader = "ts";
127
+ else if (p.endsWith(".tsx")) loader = "tsx";
128
+ else if (p.endsWith(".jsx")) loader = "jsx";
129
+ const contents = await res.text();
130
+ const result2 = {
131
+ contents,
132
+ loader,
133
+ // Ensures relative imports inside that module resolve against the file’s URL
134
+ resolveDir: new URL(".", finalUrl.href).toString(),
135
+ watchFiles: [finalUrl.href]
136
+ };
137
+ httpImportCache.set(args.path, result2);
138
+ return result2;
139
+ });
140
+ }
141
+ }] : [],
85
142
  {
86
143
  name: "replace-packages-with-globals",
87
144
  setup(build2) {
package/dist/utils/esbuild.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/utils/esbuild.tsx"],"sourcesContent":["import * as esbuild from 'esbuild-wasm/lib/browser.js';\nimport { join } from 'path';\nimport { isBrowserLike } from './env';\nimport { StackAssertionError, throwErr } from \"./errors\";\nimport { Result } from \"./results\";\nimport { traceSpan, withTraceSpan } from './telemetry';\n\nconst esbuildWasmUrl = `https://unpkg.com/esbuild-wasm@${esbuild.version}/esbuild.wasm`;\n\nlet esbuildInitializePromise: Promise<void> | null = null;\n// esbuild requires self property to be set, and it is not set by default in nodejs\n(globalThis.self as any) ??= globalThis as any;\n\nexport function initializeEsbuild(): Promise<void> {\n if (!esbuildInitializePromise) {\n esbuildInitializePromise = withTraceSpan('initializeEsbuild', async () => {\n await esbuild.initialize(isBrowserLike() ? {\n wasmURL: esbuildWasmUrl,\n } : {\n wasmModule: (\n await fetch(esbuildWasmUrl)\n .then(wasm => wasm.arrayBuffer())\n .then(wasm => new WebAssembly.Module(wasm))\n ),\n worker: false,\n });\n })();\n }\n\n return esbuildInitializePromise;\n}\n\nexport async function bundleJavaScript(sourceFiles: Record<string, string> & { '/entry.js': string }, options: {\n format?: 'iife' | 'esm' | 'cjs',\n externalPackages?: Record<string, string>,\n keepAsImports?: string[],\n sourcemap?: false | 'inline',\n} = {}): Promise<Result<string, string>> {\n await initializeEsbuild();\n\n const sourceFilesMap = new Map(Object.entries(sourceFiles));\n const externalPackagesMap = new Map(Object.entries(options.externalPackages ?? {}));\n const keepAsImports = options.keepAsImports ?? [];\n\n const extToLoader: Map<string, esbuild.Loader> = new Map([\n ['tsx', 'tsx'],\n ['ts', 'ts'],\n ['js', 'js'],\n ['jsx', 'jsx'],\n ['json', 'json'],\n ['css', 'css'],\n ]);\n let result;\n try {\n result = await traceSpan('bundleJavaScript', async () => await esbuild.build({\n entryPoints: ['/entry.js'],\n bundle: true,\n write: false,\n format: options.format ?? 'iife',\n platform: 'browser',\n target: 'es2015',\n jsx: 'automatic',\n sourcemap: options.sourcemap ?? 'inline',\n external: keepAsImports,\n plugins: [\n {\n name: 'replace-packages-with-globals',\n setup(build) {\n build.onResolve({ filter: /.*/ }, args => {\n // Skip packages that should remain external (not be shimmed)\n if (keepAsImports.includes(args.path)) {\n return undefined;\n }\n if (externalPackagesMap.has(args.path)) {\n return { path: args.path, namespace: 'package-shim' };\n }\n return undefined;\n });\n\n build.onLoad({ filter: /.*/, namespace: 'package-shim' }, (args) => {\n const contents = externalPackagesMap.get(args.path);\n if (contents == null) throw new StackAssertionError(`esbuild requested file ${args.path} that is not in the virtual file system`);\n\n return { contents, loader: 'ts' };\n });\n },\n },\n {\n name: 'virtual-fs',\n setup(build) {\n build.onResolve({ filter: /.*/ }, args => {\n const absolutePath = join(\"/\", args.path);\n if (sourceFilesMap.has(absolutePath)) {\n return { path: absolutePath, namespace: 'virtual' };\n }\n return undefined;\n });\n\n /* 2️⃣ Load the module from the map */\n build.onLoad({ filter: /.*/, namespace: 'virtual' }, args => {\n const contents = sourceFilesMap.get(args.path);\n if (contents == null) throw new StackAssertionError(`esbuild requested file ${args.path} that is not in the virtual file system`);\n\n const ext = args.path.split('.').pop() ?? '';\n const loader = extToLoader.get(ext) ?? throwErr(`esbuild requested file ${args.path} with unknown extension ${ext}`);\n\n return { contents, loader };\n });\n },\n },\n ],\n }));\n } catch (e) {\n if (e instanceof Error && e.message.startsWith(\"Build failed with \")) {\n return Result.error(e.message);\n }\n throw e;\n }\n\n if (result.errors.length > 0) {\n return Result.error(result.errors.map(e => e.text).join('\\n'));\n }\n\n if (result.outputFiles.length > 0) {\n return Result.ok(result.outputFiles[0].text);\n }\n return throwErr(\"No output generated??\");\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,cAAyB;AACzB,kBAAqB;AACrB,iBAA8B;AAC9B,oBAA8C;AAC9C,qBAAuB;AACvB,uBAAyC;AAEzC,IAAM,iBAAiB,kCAA0C,eAAO;AAExE,IAAI,2BAAiD;AAEpD,WAAW,SAAiB;AAEtB,SAAS,oBAAmC;AACjD,MAAI,CAAC,0BAA0B;AAC7B,mCAA2B,gCAAc,qBAAqB,YAAY;AACxE,YAAc,uBAAW,0BAAc,IAAI;AAAA,QACzC,SAAS;AAAA,MACX,IAAI;AAAA,QACF,YACE,MAAM,MAAM,cAAc,EACvB,KAAK,UAAQ,KAAK,YAAY,CAAC,EAC/B,KAAK,UAAQ,IAAI,YAAY,OAAO,IAAI,CAAC;AAAA,QAE9C,QAAQ;AAAA,MACV,CAAC;AAAA,IACH,CAAC,EAAE;AAAA,EACL;AAEA,SAAO;AACT;AAEA,eAAsB,iBAAiB,aAA+D,UAKlG,CAAC,GAAoC;AACvC,QAAM,kBAAkB;AAExB,QAAM,iBAAiB,IAAI,IAAI,OAAO,QAAQ,WAAW,CAAC;AAC1D,QAAM,sBAAsB,IAAI,IAAI,OAAO,QAAQ,QAAQ,oBAAoB,CAAC,CAAC,CAAC;AAClF,QAAM,gBAAgB,QAAQ,iBAAiB,CAAC;AAEhD,QAAM,cAA2C,oBAAI,IAAI;AAAA,IACvD,CAAC,OAAO,KAAK;AAAA,IACb,CAAC,MAAM,IAAI;AAAA,IACX,CAAC,MAAM,IAAI;AAAA,IACX,CAAC,OAAO,KAAK;AAAA,IACb,CAAC,QAAQ,MAAM;AAAA,IACf,CAAC,OAAO,KAAK;AAAA,EACf,CAAC;AACD,MAAI;AACJ,MAAI;AACF,aAAS,UAAM,4BAAU,oBAAoB,YAAY,MAAc,cAAM;AAAA,MAC3E,aAAa,CAAC,WAAW;AAAA,MACzB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,QAAQ,UAAU;AAAA,MAC1B,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,KAAK;AAAA,MACL,WAAW,QAAQ,aAAa;AAAA,MAChC,UAAU;AAAA,MACV,SAAS;AAAA,QACP;AAAA,UACE,MAAM;AAAA,UACN,MAAMA,QAAO;AACX,YAAAA,OAAM,UAAU,EAAE,QAAQ,KAAK,GAAG,UAAQ;AAExC,kBAAI,cAAc,SAAS,KAAK,IAAI,GAAG;AACrC,uBAAO;AAAA,cACT;AACA,kBAAI,oBAAoB,IAAI,KAAK,IAAI,GAAG;AACtC,uBAAO,EAAE,MAAM,KAAK,MAAM,WAAW,eAAe;AAAA,cACtD;AACA,qBAAO;AAAA,YACT,CAAC;AAED,YAAAA,OAAM,OAAO,EAAE,QAAQ,MAAM,WAAW,eAAe,GAAG,CAAC,SAAS;AAClE,oBAAM,WAAW,oBAAoB,IAAI,KAAK,IAAI;AAClD,kBAAI,YAAY,KAAM,OAAM,IAAI,kCAAoB,0BAA0B,KAAK,IAAI,yCAAyC;AAEhI,qBAAO,EAAE,UAAU,QAAQ,KAAK;AAAA,YAClC,CAAC;AAAA,UACH;AAAA,QACF;AAAA,QACA;AAAA,UACE,MAAM;AAAA,UACN,MAAMA,QAAO;AACX,YAAAA,OAAM,UAAU,EAAE,QAAQ,KAAK,GAAG,UAAQ;AACxC,oBAAM,mBAAe,kBAAK,KAAK,KAAK,IAAI;AACxC,kBAAI,eAAe,IAAI,YAAY,GAAG;AACpC,uBAAO,EAAE,MAAM,cAAc,WAAW,UAAU;AAAA,cACpD;AACA,qBAAO;AAAA,YACT,CAAC;AAGD,YAAAA,OAAM,OAAO,EAAE,QAAQ,MAAM,WAAW,UAAU,GAAG,UAAQ;AAC3D,oBAAM,WAAW,eAAe,IAAI,KAAK,IAAI;AAC7C,kBAAI,YAAY,KAAM,OAAM,IAAI,kCAAoB,0BAA0B,KAAK,IAAI,yCAAyC;AAEhI,oBAAM,MAAM,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,KAAK;AAC1C,oBAAM,SAAS,YAAY,IAAI,GAAG,SAAK,wBAAS,0BAA0B,KAAK,IAAI,2BAA2B,GAAG,EAAE;AAEnH,qBAAO,EAAE,UAAU,OAAO;AAAA,YAC5B,CAAC;AAAA,UACH;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC,CAAC;AAAA,EACJ,SAAS,GAAG;AACV,QAAI,aAAa,SAAS,EAAE,QAAQ,WAAW,oBAAoB,GAAG;AACpE,aAAO,sBAAO,MAAM,EAAE,OAAO;AAAA,IAC/B;AACA,UAAM;AAAA,EACR;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,WAAO,sBAAO,MAAM,OAAO,OAAO,IAAI,OAAK,EAAE,IAAI,EAAE,KAAK,IAAI,CAAC;AAAA,EAC/D;AAEA,MAAI,OAAO,YAAY,SAAS,GAAG;AACjC,WAAO,sBAAO,GAAG,OAAO,YAAY,CAAC,EAAE,IAAI;AAAA,EAC7C;AACA,aAAO,wBAAS,uBAAuB;AACzC;","names":["build"]}
1
+ {"version":3,"sources":["../../src/utils/esbuild.tsx"],"sourcesContent":["import * as esbuild from 'esbuild-wasm/lib/browser.js';\nimport { join } from 'path';\nimport { isBrowserLike } from './env';\nimport { StackAssertionError, throwErr } from \"./errors\";\nimport { Result } from \"./results\";\nimport { traceSpan, withTraceSpan } from './telemetry';\n\nconst esbuildWasmUrl = `https://unpkg.com/esbuild-wasm@${esbuild.version}/esbuild.wasm`;\n\nlet esbuildInitializePromise: Promise<void> | null = null;\n// esbuild requires self property to be set, and it is not set by default in nodejs\n(globalThis.self as any) ??= globalThis as any;\n\nexport function initializeEsbuild(): Promise<void> {\n if (!esbuildInitializePromise) {\n esbuildInitializePromise = withTraceSpan('initializeEsbuild', async () => {\n if (isBrowserLike()) {\n await esbuild.initialize({\n wasmURL: esbuildWasmUrl,\n });\n } else {\n const esbuildWasmResponse = await fetch(esbuildWasmUrl);\n if (!esbuildWasmResponse.ok) {\n throw new StackAssertionError(`Failed to fetch esbuild.wasm: ${esbuildWasmResponse.status} ${esbuildWasmResponse.statusText}: ${await esbuildWasmResponse.text()}`);\n }\n const esbuildWasm = await esbuildWasmResponse.arrayBuffer();\n const esbuildWasmArray = new Uint8Array(esbuildWasm);\n if (esbuildWasmArray[0] !== 0x00 || esbuildWasmArray[1] !== 0x61 || esbuildWasmArray[2] !== 0x73 || esbuildWasmArray[3] !== 0x6d) {\n throw new StackAssertionError(`Invalid esbuild.wasm file: ${new TextDecoder().decode(esbuildWasmArray)}`);\n }\n const esbuildWasmModule = new WebAssembly.Module(esbuildWasm);\n await esbuild.initialize({\n wasmModule: esbuildWasmModule,\n worker: false,\n });\n }\n })();\n }\n\n return esbuildInitializePromise;\n}\n\nexport async function bundleJavaScript(sourceFiles: Record<string, string> & { '/entry.js': string }, options: {\n format?: 'iife' | 'esm' | 'cjs',\n externalPackages?: Record<string, string>,\n keepAsImports?: string[],\n sourcemap?: false | 'inline',\n allowHttpImports?: boolean,\n} = {}): Promise<Result<string, string>> {\n await initializeEsbuild();\n\n const sourceFilesMap = new Map(Object.entries(sourceFiles));\n const externalPackagesMap = new Map(Object.entries(options.externalPackages ?? {}));\n const keepAsImports = options.keepAsImports ?? [];\n\n const httpImportCache = new Map<string, { contents: string, loader: esbuild.Loader, resolveDir: string }>();\n\n const extToLoader: Map<string, esbuild.Loader> = new Map([\n ['tsx', 'tsx'],\n ['ts', 'ts'],\n ['js', 'js'],\n ['jsx', 'jsx'],\n ['json', 'json'],\n ['css', 'css'],\n ]);\n let result;\n try {\n result = await traceSpan('bundleJavaScript', async () => await esbuild.build({\n entryPoints: ['/entry.js'],\n bundle: true,\n write: false,\n format: options.format ?? 'iife',\n platform: 'browser',\n target: 'es2015',\n jsx: 'automatic',\n sourcemap: options.sourcemap ?? 'inline',\n external: keepAsImports,\n plugins: [\n ...options.allowHttpImports ? [{\n name: \"esm-sh-only\",\n setup(build: esbuild.PluginBuild) {\n // Handle absolute URLs and relative imports from esm.sh modules.\n build.onResolve({ filter: /.*/ }, (args) => {\n // Only touch absolute http(s) specifiers or children of our own namespace\n const isHttp = args.path.startsWith(\"http://\") || args.path.startsWith(\"https://\");\n const fromEsmNs = args.namespace === \"esm-sh\";\n\n if (!isHttp && !fromEsmNs) return null; // Let other plugins handle bare/relative/local\n\n // Resolve relative URLs inside esm.sh-fetched modules\n const url = new URL(args.path, fromEsmNs ? args.importer : undefined);\n\n if (url.protocol !== \"https:\" || url.host !== \"esm.sh\") {\n throw new Error(`Blocked non-esm.sh URL import: ${url.href}`);\n }\n\n return { path: url.href, namespace: \"esm-sh\" };\n });\n\n build.onLoad({ filter: /.*/, namespace: \"esm-sh\" }, async (args) => {\n if (httpImportCache.has(args.path)) return httpImportCache.get(args.path)!;\n\n const res = await fetch(args.path, { redirect: \"follow\" });\n if (!res.ok) throw new Error(`Fetch ${res.status} ${res.statusText} for ${args.path}`);\n const finalUrl = new URL(res.url);\n // Defensive: follow shouldn’t leave esm.sh, but re-check.\n if (finalUrl.host !== \"esm.sh\") {\n throw new Error(`Redirect escaped esm.sh: ${finalUrl.href}`);\n }\n\n const ct = (res.headers.get(\"content-type\") || \"\").toLowerCase();\n let loader: esbuild.Loader =\n ct.includes(\"css\") ? \"css\" :\n ct.includes(\"json\") ? \"json\" :\n ct.includes(\"typescript\") ? \"ts\" :\n ct.includes(\"jsx\") ? \"jsx\" :\n ct.includes(\"tsx\") ? \"tsx\" :\n \"js\";\n\n // Fallback by extension (esm.sh sometimes omits CT)\n const p = finalUrl.pathname;\n if (p.endsWith(\".css\")) loader = \"css\";\n else if (p.endsWith(\".json\")) loader = \"json\";\n else if (p.endsWith(\".ts\")) loader = \"ts\";\n else if (p.endsWith(\".tsx\")) loader = \"tsx\";\n else if (p.endsWith(\".jsx\")) loader = \"jsx\";\n\n const contents = await res.text();\n const result = {\n contents,\n loader,\n // Ensures relative imports inside that module resolve against the file’s URL\n resolveDir: new URL(\".\", finalUrl.href).toString(),\n watchFiles: [finalUrl.href],\n };\n httpImportCache.set(args.path, result);\n return result;\n });\n },\n } as esbuild.Plugin] : [],\n {\n name: 'replace-packages-with-globals',\n setup(build) {\n build.onResolve({ filter: /.*/ }, args => {\n // Skip packages that should remain external (not be shimmed)\n if (keepAsImports.includes(args.path)) {\n return undefined;\n }\n if (externalPackagesMap.has(args.path)) {\n return { path: args.path, namespace: 'package-shim' };\n }\n return undefined;\n });\n\n build.onLoad({ filter: /.*/, namespace: 'package-shim' }, (args) => {\n const contents = externalPackagesMap.get(args.path);\n if (contents == null) throw new StackAssertionError(`esbuild requested file ${args.path} that is not in the virtual file system`);\n\n return { contents, loader: 'ts' };\n });\n },\n },\n {\n name: 'virtual-fs',\n setup(build) {\n build.onResolve({ filter: /.*/ }, args => {\n const absolutePath = join(\"/\", args.path);\n if (sourceFilesMap.has(absolutePath)) {\n return { path: absolutePath, namespace: 'virtual' };\n }\n return undefined;\n });\n\n /* 2️⃣ Load the module from the map */\n build.onLoad({ filter: /.*/, namespace: 'virtual' }, args => {\n const contents = sourceFilesMap.get(args.path);\n if (contents == null) throw new StackAssertionError(`esbuild requested file ${args.path} that is not in the virtual file system`);\n\n const ext = args.path.split('.').pop() ?? '';\n const loader = extToLoader.get(ext) ?? throwErr(`esbuild requested file ${args.path} with unknown extension ${ext}`);\n\n return { contents, loader };\n });\n },\n },\n ],\n }));\n } catch (e) {\n if (e instanceof Error && e.message.startsWith(\"Build failed with \")) {\n return Result.error(e.message);\n }\n throw e;\n }\n\n if (result.errors.length > 0) {\n return Result.error(result.errors.map(e => e.text).join('\\n'));\n }\n\n if (result.outputFiles.length > 0) {\n return Result.ok(result.outputFiles[0].text);\n }\n return throwErr(\"No output generated??\");\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,cAAyB;AACzB,kBAAqB;AACrB,iBAA8B;AAC9B,oBAA8C;AAC9C,qBAAuB;AACvB,uBAAyC;AAEzC,IAAM,iBAAiB,kCAA0C,eAAO;AAExE,IAAI,2BAAiD;AAEpD,WAAW,SAAiB;AAEtB,SAAS,oBAAmC;AACjD,MAAI,CAAC,0BAA0B;AAC7B,mCAA2B,gCAAc,qBAAqB,YAAY;AACxE,cAAI,0BAAc,GAAG;AACnB,cAAc,mBAAW;AAAA,UACvB,SAAS;AAAA,QACX,CAAC;AAAA,MACH,OAAO;AACL,cAAM,sBAAsB,MAAM,MAAM,cAAc;AACtD,YAAI,CAAC,oBAAoB,IAAI;AAC3B,gBAAM,IAAI,kCAAoB,iCAAiC,oBAAoB,MAAM,IAAI,oBAAoB,UAAU,KAAK,MAAM,oBAAoB,KAAK,CAAC,EAAE;AAAA,QACpK;AACA,cAAM,cAAc,MAAM,oBAAoB,YAAY;AAC1D,cAAM,mBAAmB,IAAI,WAAW,WAAW;AACnD,YAAI,iBAAiB,CAAC,MAAM,KAAQ,iBAAiB,CAAC,MAAM,MAAQ,iBAAiB,CAAC,MAAM,OAAQ,iBAAiB,CAAC,MAAM,KAAM;AAChI,gBAAM,IAAI,kCAAoB,8BAA8B,IAAI,YAAY,EAAE,OAAO,gBAAgB,CAAC,EAAE;AAAA,QAC1G;AACA,cAAM,oBAAoB,IAAI,YAAY,OAAO,WAAW;AAC5D,cAAc,mBAAW;AAAA,UACvB,YAAY;AAAA,UACZ,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAAA,IACF,CAAC,EAAE;AAAA,EACL;AAEA,SAAO;AACT;AAEA,eAAsB,iBAAiB,aAA+D,UAMlG,CAAC,GAAoC;AACvC,QAAM,kBAAkB;AAExB,QAAM,iBAAiB,IAAI,IAAI,OAAO,QAAQ,WAAW,CAAC;AAC1D,QAAM,sBAAsB,IAAI,IAAI,OAAO,QAAQ,QAAQ,oBAAoB,CAAC,CAAC,CAAC;AAClF,QAAM,gBAAgB,QAAQ,iBAAiB,CAAC;AAEhD,QAAM,kBAAkB,oBAAI,IAA8E;AAE1G,QAAM,cAA2C,oBAAI,IAAI;AAAA,IACvD,CAAC,OAAO,KAAK;AAAA,IACb,CAAC,MAAM,IAAI;AAAA,IACX,CAAC,MAAM,IAAI;AAAA,IACX,CAAC,OAAO,KAAK;AAAA,IACb,CAAC,QAAQ,MAAM;AAAA,IACf,CAAC,OAAO,KAAK;AAAA,EACf,CAAC;AACD,MAAI;AACJ,MAAI;AACF,aAAS,UAAM,4BAAU,oBAAoB,YAAY,MAAc,cAAM;AAAA,MAC3E,aAAa,CAAC,WAAW;AAAA,MACzB,QAAQ;AAAA,MACR,OAAO;AAAA,MACP,QAAQ,QAAQ,UAAU;AAAA,MAC1B,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,KAAK;AAAA,MACL,WAAW,QAAQ,aAAa;AAAA,MAChC,UAAU;AAAA,MACV,SAAS;AAAA,QACP,GAAG,QAAQ,mBAAmB,CAAC;AAAA,UAC7B,MAAM;AAAA,UACN,MAAMA,QAA4B;AAEhC,YAAAA,OAAM,UAAU,EAAE,QAAQ,KAAK,GAAG,CAAC,SAAS;AAE1C,oBAAM,SAAS,KAAK,KAAK,WAAW,SAAS,KAAK,KAAK,KAAK,WAAW,UAAU;AACjF,oBAAM,YAAY,KAAK,cAAc;AAErC,kBAAI,CAAC,UAAU,CAAC,UAAW,QAAO;AAGlC,oBAAM,MAAM,IAAI,IAAI,KAAK,MAAM,YAAY,KAAK,WAAW,MAAS;AAEpE,kBAAI,IAAI,aAAa,YAAY,IAAI,SAAS,UAAU;AACtD,sBAAM,IAAI,MAAM,kCAAkC,IAAI,IAAI,EAAE;AAAA,cAC9D;AAEA,qBAAO,EAAE,MAAM,IAAI,MAAM,WAAW,SAAS;AAAA,YAC/C,CAAC;AAED,YAAAA,OAAM,OAAO,EAAE,QAAQ,MAAM,WAAW,SAAS,GAAG,OAAO,SAAS;AAClE,kBAAI,gBAAgB,IAAI,KAAK,IAAI,EAAG,QAAO,gBAAgB,IAAI,KAAK,IAAI;AAExE,oBAAM,MAAM,MAAM,MAAM,KAAK,MAAM,EAAE,UAAU,SAAS,CAAC;AACzD,kBAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,SAAS,IAAI,MAAM,IAAI,IAAI,UAAU,QAAQ,KAAK,IAAI,EAAE;AACrF,oBAAM,WAAW,IAAI,IAAI,IAAI,GAAG;AAEhC,kBAAI,SAAS,SAAS,UAAU;AAC9B,sBAAM,IAAI,MAAM,4BAA4B,SAAS,IAAI,EAAE;AAAA,cAC7D;AAEA,oBAAM,MAAM,IAAI,QAAQ,IAAI,cAAc,KAAK,IAAI,YAAY;AAC/D,kBAAI,SACF,GAAG,SAAS,KAAK,IAAI,QACrB,GAAG,SAAS,MAAM,IAAI,SACtB,GAAG,SAAS,YAAY,IAAI,OAC5B,GAAG,SAAS,KAAK,IAAI,QACrB,GAAG,SAAS,KAAK,IAAI,QACnB;AAGJ,oBAAM,IAAI,SAAS;AACnB,kBAAI,EAAE,SAAS,MAAM,EAAG,UAAS;AAAA,uBACxB,EAAE,SAAS,OAAO,EAAG,UAAS;AAAA,uBAC9B,EAAE,SAAS,KAAK,EAAG,UAAS;AAAA,uBAC5B,EAAE,SAAS,MAAM,EAAG,UAAS;AAAA,uBAC7B,EAAE,SAAS,MAAM,EAAG,UAAS;AAEtC,oBAAM,WAAW,MAAM,IAAI,KAAK;AAChC,oBAAMC,UAAS;AAAA,gBACb;AAAA,gBACA;AAAA;AAAA,gBAEA,YAAY,IAAI,IAAI,KAAK,SAAS,IAAI,EAAE,SAAS;AAAA,gBACjD,YAAY,CAAC,SAAS,IAAI;AAAA,cAC5B;AACA,8BAAgB,IAAI,KAAK,MAAMA,OAAM;AACrC,qBAAOA;AAAA,YACT,CAAC;AAAA,UACH;AAAA,QACF,CAAmB,IAAI,CAAC;AAAA,QACxB;AAAA,UACE,MAAM;AAAA,UACN,MAAMD,QAAO;AACX,YAAAA,OAAM,UAAU,EAAE,QAAQ,KAAK,GAAG,UAAQ;AAExC,kBAAI,cAAc,SAAS,KAAK,IAAI,GAAG;AACrC,uBAAO;AAAA,cACT;AACA,kBAAI,oBAAoB,IAAI,KAAK,IAAI,GAAG;AACtC,uBAAO,EAAE,MAAM,KAAK,MAAM,WAAW,eAAe;AAAA,cACtD;AACA,qBAAO;AAAA,YACT,CAAC;AAED,YAAAA,OAAM,OAAO,EAAE,QAAQ,MAAM,WAAW,eAAe,GAAG,CAAC,SAAS;AAClE,oBAAM,WAAW,oBAAoB,IAAI,KAAK,IAAI;AAClD,kBAAI,YAAY,KAAM,OAAM,IAAI,kCAAoB,0BAA0B,KAAK,IAAI,yCAAyC;AAEhI,qBAAO,EAAE,UAAU,QAAQ,KAAK;AAAA,YAClC,CAAC;AAAA,UACH;AAAA,QACF;AAAA,QACA;AAAA,UACE,MAAM;AAAA,UACN,MAAMA,QAAO;AACX,YAAAA,OAAM,UAAU,EAAE,QAAQ,KAAK,GAAG,UAAQ;AACxC,oBAAM,mBAAe,kBAAK,KAAK,KAAK,IAAI;AACxC,kBAAI,eAAe,IAAI,YAAY,GAAG;AACpC,uBAAO,EAAE,MAAM,cAAc,WAAW,UAAU;AAAA,cACpD;AACA,qBAAO;AAAA,YACT,CAAC;AAGD,YAAAA,OAAM,OAAO,EAAE,QAAQ,MAAM,WAAW,UAAU,GAAG,UAAQ;AAC3D,oBAAM,WAAW,eAAe,IAAI,KAAK,IAAI;AAC7C,kBAAI,YAAY,KAAM,OAAM,IAAI,kCAAoB,0BAA0B,KAAK,IAAI,yCAAyC;AAEhI,oBAAM,MAAM,KAAK,KAAK,MAAM,GAAG,EAAE,IAAI,KAAK;AAC1C,oBAAM,SAAS,YAAY,IAAI,GAAG,SAAK,wBAAS,0BAA0B,KAAK,IAAI,2BAA2B,GAAG,EAAE;AAEnH,qBAAO,EAAE,UAAU,OAAO;AAAA,YAC5B,CAAC;AAAA,UACH;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC,CAAC;AAAA,EACJ,SAAS,GAAG;AACV,QAAI,aAAa,SAAS,EAAE,QAAQ,WAAW,oBAAoB,GAAG;AACpE,aAAO,sBAAO,MAAM,EAAE,OAAO;AAAA,IAC/B;AACA,UAAM;AAAA,EACR;AAEA,MAAI,OAAO,OAAO,SAAS,GAAG;AAC5B,WAAO,sBAAO,MAAM,OAAO,OAAO,IAAI,OAAK,EAAE,IAAI,EAAE,KAAK,IAAI,CAAC;AAAA,EAC/D;AAEA,MAAI,OAAO,YAAY,SAAS,GAAG;AACjC,WAAO,sBAAO,GAAG,OAAO,YAAY,CAAC,EAAE,IAAI;AAAA,EAC7C;AACA,aAAO,wBAAS,uBAAuB;AACzC;","names":["build","result"]}
package/dist/utils/jwt.d.mts CHANGED
@@ -1,5 +1,38 @@
1
1
  import * as jose from 'jose';
2
2
 
3
+ declare function getJwtInfo(options: {
4
+ jwt: string;
5
+ }): Promise<({
6
+ status: "error";
7
+ error: {
8
+ error: string;
9
+ stringifiedInput: string;
10
+ };
11
+ } & {
12
+ status: "error";
13
+ }) | ({
14
+ status: "error";
15
+ error: {
16
+ error: string;
17
+ input: string;
18
+ };
19
+ } & {
20
+ status: "error";
21
+ }) | ({
22
+ status: "ok";
23
+ data: {
24
+ payload: jose.JWTPayload;
25
+ };
26
+ } & {
27
+ status: "ok";
28
+ }) | ({
29
+ status: "error";
30
+ error: {
31
+ exception: string;
32
+ };
33
+ } & {
34
+ status: "error";
35
+ })>;
3
36
  declare function signJWT(options: {
4
37
  issuer: string;
5
38
  audience: string;
@@ -41,4 +74,4 @@ declare function oldGetKid(options: {
41
74
  secret: string;
42
75
  }): string;
43
76
 
44
- export { type PrivateJwk, type PublicJwk, getPrivateJwks, getPublicJwkSet, oldGetKid, signJWT, verifyJWT };
77
+ export { type PrivateJwk, type PublicJwk, getJwtInfo, getPrivateJwks, getPublicJwkSet, oldGetKid, signJWT, verifyJWT };
package/dist/utils/jwt.d.ts CHANGED
@@ -1,5 +1,38 @@
1
1
  import * as jose from 'jose';
2
2
 
3
+ declare function getJwtInfo(options: {
4
+ jwt: string;
5
+ }): Promise<({
6
+ status: "error";
7
+ error: {
8
+ error: string;
9
+ stringifiedInput: string;
10
+ };
11
+ } & {
12
+ status: "error";
13
+ }) | ({
14
+ status: "error";
15
+ error: {
16
+ error: string;
17
+ input: string;
18
+ };
19
+ } & {
20
+ status: "error";
21
+ }) | ({
22
+ status: "ok";
23
+ data: {
24
+ payload: jose.JWTPayload;
25
+ };
26
+ } & {
27
+ status: "ok";
28
+ }) | ({
29
+ status: "error";
30
+ error: {
31
+ exception: string;
32
+ };
33
+ } & {
34
+ status: "error";
35
+ })>;
3
36
  declare function signJWT(options: {
4
37
  issuer: string;
5
38
  audience: string;
@@ -41,4 +74,4 @@ declare function oldGetKid(options: {
41
74
  secret: string;
42
75
  }): string;
43
76
 
44
- export { type PrivateJwk, type PublicJwk, getPrivateJwks, getPublicJwkSet, oldGetKid, signJWT, verifyJWT };
77
+ export { type PrivateJwk, type PublicJwk, getJwtInfo, getPrivateJwks, getPublicJwkSet, oldGetKid, signJWT, verifyJWT };
package/dist/utils/jwt.js CHANGED
@@ -30,6 +30,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
30
30
  // src/utils/jwt.tsx
31
31
  var jwt_exports = {};
32
32
  __export(jwt_exports, {
33
+ getJwtInfo: () => getJwtInfo,
33
34
  getPrivateJwks: () => getPrivateJwks,
34
35
  getPublicJwkSet: () => getPublicJwkSet,
35
36
  oldGetKid: () => oldGetKid,
@@ -46,6 +47,8 @@ var import_env = require("./env.js");
46
47
  var import_errors2 = require("./errors.js");
47
48
  var import_globals = require("./globals.js");
48
49
  var import_objects = require("./objects.js");
50
+ var import_results = require("./results.js");
51
+ var import_strings = require("./strings.js");
49
52
  function getStackServerSecret() {
50
53
  const STACK_SERVER_SECRET = (0, import_env.getEnvVariable)("STACK_SERVER_SECRET");
51
54
  try {
@@ -55,6 +58,18 @@ function getStackServerSecret() {
55
58
  }
56
59
  return STACK_SERVER_SECRET;
57
60
  }
61
+ async function getJwtInfo(options) {
62
+ try {
63
+ if (typeof options.jwt !== "string") return import_results.Result.error({ error: "JWT input is not a string!", stringifiedInput: (0, import_strings.nicify)(options.jwt) });
64
+ if (!options.jwt.startsWith("ey")) return import_results.Result.error({ error: "Input is a string, but not a JWT!", input: options.jwt });
65
+ const decodedJwt = jose.decodeJwt(options.jwt);
66
+ return import_results.Result.ok({ payload: decodedJwt });
67
+ } catch (e) {
68
+ return import_results.Result.error({
69
+ exception: (0, import_errors2.errorToNiceString)(e)
70
+ });
71
+ }
72
+ }
58
73
  async function signJWT(options) {
59
74
  const privateJwks = await getPrivateJwks({ audience: options.audience });
60
75
  const privateKey = await jose.importJWK(privateJwks[0]);
@@ -122,6 +137,7 @@ function oldGetKid(options) {
122
137
  }
123
138
  // Annotate the CommonJS export names for ESM import in node:
124
139
  0 && (module.exports = {
140
+ getJwtInfo,
125
141
  getPrivateJwks,
126
142
  getPublicJwkSet,
127
143
  oldGetKid,
package/dist/utils/jwt.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/utils/jwt.tsx"],"sourcesContent":["import crypto from \"crypto\";\nimport elliptic from \"elliptic\";\nimport * as jose from \"jose\";\nimport { JOSEError } from \"jose/errors\";\nimport { encodeBase64Url } from \"./bytes\";\nimport { getEnvVariable } from \"./env\";\nimport { StackAssertionError } from \"./errors\";\nimport { globalVar } from \"./globals\";\nimport { pick } from \"./objects\";\n\nfunction getStackServerSecret() {\n const STACK_SERVER_SECRET = getEnvVariable(\"STACK_SERVER_SECRET\");\n try {\n jose.base64url.decode(STACK_SERVER_SECRET);\n } catch (e) {\n throw new StackAssertionError(\"STACK_SERVER_SECRET is not valid. Please use the generateKeys script to generate a new secret.\", { cause: e });\n }\n return STACK_SERVER_SECRET;\n}\n\nexport async function signJWT(options: {\n issuer: string,\n audience: string,\n payload: any,\n expirationTime?: string,\n}) {\n const privateJwks = await getPrivateJwks({ audience: options.audience });\n const privateKey = await jose.importJWK(privateJwks[0]);\n\n return await new jose.SignJWT(options.payload)\n .setProtectedHeader({ alg: \"ES256\", kid: privateJwks[0].kid })\n .setIssuer(options.issuer)\n .setIssuedAt()\n .setAudience(options.audience)\n .setExpirationTime(options.expirationTime || \"5m\")\n .sign(privateKey);\n}\n\nexport async function verifyJWT(options: {\n allowedIssuers: string[],\n jwt: string,\n}) {\n const decodedJwt = jose.decodeJwt(options.jwt);\n const audience = decodedJwt.aud;\n if (!audience || typeof audience !== \"string\") {\n throw new JOSEError(\"Invalid JWT audience\");\n }\n\n const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet(await getPrivateJwks({ audience })));\n const verified = await jose.jwtVerify(options.jwt, jwkSet, { issuer: options.allowedIssuers });\n return verified.payload;\n}\n\nexport type PrivateJwk = {\n kty: \"EC\",\n alg: \"ES256\",\n crv: \"P-256\",\n kid: string,\n d: string,\n x: string,\n y: string,\n};\nasync function getPrivateJwkFromDerivedSecret(derivedSecret: string, kid: string): Promise<PrivateJwk> {\n const secretHash = await globalVar.crypto.subtle.digest(\"SHA-256\", jose.base64url.decode(derivedSecret));\n const priv = new Uint8Array(secretHash);\n\n const ec = new elliptic.ec('p256');\n const key = ec.keyFromPrivate(priv);\n const publicKey = key.getPublic();\n\n return {\n kty: 'EC',\n crv: 'P-256',\n alg: 'ES256',\n kid: kid,\n d: encodeBase64Url(priv),\n x: encodeBase64Url(publicKey.getX().toBuffer()),\n y: encodeBase64Url(publicKey.getY().toBuffer()),\n };\n}\n\n/**\n * Returns a list of valid private JWKs for the given audience, with the first one taking precedence when signing new\n * JWTs.\n */\nexport async function getPrivateJwks(options: {\n audience: string,\n}): Promise<PrivateJwk[]> {\n const getHashOfJwkInfo = (type: string) => jose.base64url.encode(\n crypto\n .createHash('sha256')\n .update(JSON.stringify([type, getStackServerSecret(), {\n audience: options.audience,\n }]))\n .digest()\n );\n const perAudienceSecret = getHashOfJwkInfo(\"stack-jwk-audience-secret\");\n const perAudienceKid = getHashOfJwkInfo(\"stack-jwk-kid\").slice(0, 12);\n\n const oldPerAudienceSecret = oldGetPerAudienceSecret({ audience: options.audience });\n const oldPerAudienceKid = oldGetKid({ secret: oldPerAudienceSecret });\n\n return [\n // TODO next-release: make this not take precedence; then, in the release after that, remove it entirely\n await getPrivateJwkFromDerivedSecret(oldPerAudienceSecret, oldPerAudienceKid),\n\n await getPrivateJwkFromDerivedSecret(perAudienceSecret, perAudienceKid),\n ];\n}\n\nexport type PublicJwk = {\n kty: \"EC\",\n alg: \"ES256\",\n crv: \"P-256\",\n kid: string,\n x: string,\n y: string,\n};\nexport async function getPublicJwkSet(privateJwks: PrivateJwk[]): Promise<{ keys: PublicJwk[] }> {\n return {\n keys: privateJwks.map(jwk => pick(jwk, [\"kty\", \"alg\", \"crv\", \"x\", \"y\", \"kid\"])),\n };\n}\n\nfunction oldGetPerAudienceSecret(options: {\n audience: string,\n}) {\n if (options.audience === \"kid\") {\n throw new StackAssertionError(\"You cannot use the 'kid' audience for a per-audience secret, see comment below in jwt.tsx\");\n }\n return jose.base64url.encode(\n crypto\n .createHash('sha256')\n // TODO we should prefix a string like \"stack-audience-secret\" before we hash so you can't use `getKid(...)` to get the secret for eg. the \"kid\" audience if the same secret value is used\n // Sadly doing this modification is a bit annoying as we need to leave the old keys to be valid for a little longer\n .update(JSON.stringify([getStackServerSecret(), options.audience]))\n .digest()\n );\n};\n\nexport function oldGetKid(options: {\n secret: string,\n}) {\n return jose.base64url.encode(\n crypto\n .createHash('sha256')\n .update(JSON.stringify([options.secret, \"kid\"])) // TODO see above in getPerAudienceSecret\n .digest()\n ).slice(0, 12);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAAmB;AACnB,sBAAqB;AACrB,WAAsB;AACtB,oBAA0B;AAC1B,mBAAgC;AAChC,iBAA+B;AAC/B,IAAAA,iBAAoC;AACpC,qBAA0B;AAC1B,qBAAqB;AAErB,SAAS,uBAAuB;AAC9B,QAAM,0BAAsB,2BAAe,qBAAqB;AAChE,MAAI;AACF,IAAK,eAAU,OAAO,mBAAmB;AAAA,EAC3C,SAAS,GAAG;AACV,UAAM,IAAI,mCAAoB,kGAAkG,EAAE,OAAO,EAAE,CAAC;AAAA,EAC9I;AACA,SAAO;AACT;AAEA,eAAsB,QAAQ,SAK3B;AACD,QAAM,cAAc,MAAM,eAAe,EAAE,UAAU,QAAQ,SAAS,CAAC;AACvE,QAAM,aAAa,MAAW,eAAU,YAAY,CAAC,CAAC;AAEtD,SAAO,MAAM,IAAS,aAAQ,QAAQ,OAAO,EAC1C,mBAAmB,EAAE,KAAK,SAAS,KAAK,YAAY,CAAC,EAAE,IAAI,CAAC,EAC5D,UAAU,QAAQ,MAAM,EACxB,YAAY,EACZ,YAAY,QAAQ,QAAQ,EAC5B,kBAAkB,QAAQ,kBAAkB,IAAI,EAChD,KAAK,UAAU;AACpB;AAEA,eAAsB,UAAU,SAG7B;AACD,QAAM,aAAkB,eAAU,QAAQ,GAAG;AAC7C,QAAM,WAAW,WAAW;AAC5B,MAAI,CAAC,YAAY,OAAO,aAAa,UAAU;AAC7C,UAAM,IAAI,wBAAU,sBAAsB;AAAA,EAC5C;AAEA,QAAM,SAAc,uBAAkB,MAAM,gBAAgB,MAAM,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;AAC/F,QAAM,WAAW,MAAW,eAAU,QAAQ,KAAK,QAAQ,EAAE,QAAQ,QAAQ,eAAe,CAAC;AAC7F,SAAO,SAAS;AAClB;AAWA,eAAe,+BAA+B,eAAuB,KAAkC;AACrG,QAAM,aAAa,MAAM,yBAAU,OAAO,OAAO,OAAO,WAAgB,eAAU,OAAO,aAAa,CAAC;AACvG,QAAM,OAAO,IAAI,WAAW,UAAU;AAEtC,QAAM,KAAK,IAAI,gBAAAC,QAAS,GAAG,MAAM;AACjC,QAAM,MAAM,GAAG,eAAe,IAAI;AAClC,QAAM,YAAY,IAAI,UAAU;AAEhC,SAAO;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL;AAAA,IACA,OAAG,8BAAgB,IAAI;AAAA,IACvB,OAAG,8BAAgB,UAAU,KAAK,EAAE,SAAS,CAAC;AAAA,IAC9C,OAAG,8BAAgB,UAAU,KAAK,EAAE,SAAS,CAAC;AAAA,EAChD;AACF;AAMA,eAAsB,eAAe,SAEX;AACxB,QAAM,mBAAmB,CAAC,SAAsB,eAAU;AAAA,IACxD,cAAAC,QACG,WAAW,QAAQ,EACnB,OAAO,KAAK,UAAU,CAAC,MAAM,qBAAqB,GAAG;AAAA,MACpD,UAAU,QAAQ;AAAA,IACpB,CAAC,CAAC,CAAC,EACF,OAAO;AAAA,EACZ;AACA,QAAM,oBAAoB,iBAAiB,2BAA2B;AACtE,QAAM,iBAAiB,iBAAiB,eAAe,EAAE,MAAM,GAAG,EAAE;AAEpE,QAAM,uBAAuB,wBAAwB,EAAE,UAAU,QAAQ,SAAS,CAAC;AACnF,QAAM,oBAAoB,UAAU,EAAE,QAAQ,qBAAqB,CAAC;AAEpE,SAAO;AAAA;AAAA,IAEL,MAAM,+BAA+B,sBAAsB,iBAAiB;AAAA,IAE5E,MAAM,+BAA+B,mBAAmB,cAAc;AAAA,EACxE;AACF;AAUA,eAAsB,gBAAgB,aAA2D;AAC/F,SAAO;AAAA,IACL,MAAM,YAAY,IAAI,aAAO,qBAAK,KAAK,CAAC,OAAO,OAAO,OAAO,KAAK,KAAK,KAAK,CAAC,CAAC;AAAA,EAChF;AACF;AAEA,SAAS,wBAAwB,SAE9B;AACD,MAAI,QAAQ,aAAa,OAAO;AAC9B,UAAM,IAAI,mCAAoB,2FAA2F;AAAA,EAC3H;AACA,SAAY,eAAU;AAAA,IACpB,cAAAA,QACG,WAAW,QAAQ,EAGnB,OAAO,KAAK,UAAU,CAAC,qBAAqB,GAAG,QAAQ,QAAQ,CAAC,CAAC,EACjE,OAAO;AAAA,EACZ;AACF;AAEO,SAAS,UAAU,SAEvB;AACD,SAAY,eAAU;AAAA,IACpB,cAAAC,QACG,WAAW,QAAQ,EACnB,OAAO,KAAK,UAAU,CAAC,QAAQ,QAAQ,KAAK,CAAC,CAAC,EAC9C,OAAO;AAAA,EACZ,EAAE,MAAM,GAAG,EAAE;AACf;","names":["import_errors","elliptic","crypto","crypto"]}
1
+ {"version":3,"sources":["../../src/utils/jwt.tsx"],"sourcesContent":["import crypto from \"crypto\";\nimport elliptic from \"elliptic\";\nimport * as jose from \"jose\";\nimport { JOSEError } from \"jose/errors\";\nimport { encodeBase64Url } from \"./bytes\";\nimport { getEnvVariable } from \"./env\";\nimport { StackAssertionError, errorToNiceString } from \"./errors\";\nimport { globalVar } from \"./globals\";\nimport { pick } from \"./objects\";\nimport { Result } from \"./results\";\nimport { nicify } from \"./strings\";\n\nfunction getStackServerSecret() {\n const STACK_SERVER_SECRET = getEnvVariable(\"STACK_SERVER_SECRET\");\n try {\n jose.base64url.decode(STACK_SERVER_SECRET);\n } catch (e) {\n throw new StackAssertionError(\"STACK_SERVER_SECRET is not valid. Please use the generateKeys script to generate a new secret.\", { cause: e });\n }\n return STACK_SERVER_SECRET;\n}\n\nexport async function getJwtInfo(options: {\n jwt: string,\n}) {\n try {\n if (typeof options.jwt !== \"string\") return Result.error({ error: \"JWT input is not a string!\", stringifiedInput: nicify(options.jwt) });\n if (!options.jwt.startsWith(\"ey\")) return Result.error({ error: \"Input is a string, but not a JWT!\", input: options.jwt });\n const decodedJwt = jose.decodeJwt(options.jwt);\n return Result.ok({ payload: decodedJwt });\n } catch (e) {\n return Result.error({\n exception: errorToNiceString(e),\n });\n }\n}\n\nexport async function signJWT(options: {\n issuer: string,\n audience: string,\n payload: any,\n expirationTime?: string,\n}) {\n const privateJwks = await getPrivateJwks({ audience: options.audience });\n const privateKey = await jose.importJWK(privateJwks[0]);\n\n return await new jose.SignJWT(options.payload)\n .setProtectedHeader({ alg: \"ES256\", kid: privateJwks[0].kid })\n .setIssuer(options.issuer)\n .setIssuedAt()\n .setAudience(options.audience)\n .setExpirationTime(options.expirationTime || \"5m\")\n .sign(privateKey);\n}\n\nexport async function verifyJWT(options: {\n allowedIssuers: string[],\n jwt: string,\n}) {\n const decodedJwt = jose.decodeJwt(options.jwt);\n const audience = decodedJwt.aud;\n if (!audience || typeof audience !== \"string\") {\n throw new JOSEError(\"Invalid JWT audience\");\n }\n\n const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet(await getPrivateJwks({ audience })));\n const verified = await jose.jwtVerify(options.jwt, jwkSet, { issuer: options.allowedIssuers });\n return verified.payload;\n}\n\nexport type PrivateJwk = {\n kty: \"EC\",\n alg: \"ES256\",\n crv: \"P-256\",\n kid: string,\n d: string,\n x: string,\n y: string,\n};\nasync function getPrivateJwkFromDerivedSecret(derivedSecret: string, kid: string): Promise<PrivateJwk> {\n const secretHash = await globalVar.crypto.subtle.digest(\"SHA-256\", jose.base64url.decode(derivedSecret));\n const priv = new Uint8Array(secretHash);\n\n const ec = new elliptic.ec('p256');\n const key = ec.keyFromPrivate(priv);\n const publicKey = key.getPublic();\n\n return {\n kty: 'EC',\n crv: 'P-256',\n alg: 'ES256',\n kid: kid,\n d: encodeBase64Url(priv),\n x: encodeBase64Url(publicKey.getX().toBuffer()),\n y: encodeBase64Url(publicKey.getY().toBuffer()),\n };\n}\n\n/**\n * Returns a list of valid private JWKs for the given audience, with the first one taking precedence when signing new\n * JWTs.\n */\nexport async function getPrivateJwks(options: {\n audience: string,\n}): Promise<PrivateJwk[]> {\n const getHashOfJwkInfo = (type: string) => jose.base64url.encode(\n crypto\n .createHash('sha256')\n .update(JSON.stringify([type, getStackServerSecret(), {\n audience: options.audience,\n }]))\n .digest()\n );\n const perAudienceSecret = getHashOfJwkInfo(\"stack-jwk-audience-secret\");\n const perAudienceKid = getHashOfJwkInfo(\"stack-jwk-kid\").slice(0, 12);\n\n const oldPerAudienceSecret = oldGetPerAudienceSecret({ audience: options.audience });\n const oldPerAudienceKid = oldGetKid({ secret: oldPerAudienceSecret });\n\n return [\n // TODO next-release: make this not take precedence; then, in the release after that, remove it entirely\n await getPrivateJwkFromDerivedSecret(oldPerAudienceSecret, oldPerAudienceKid),\n\n await getPrivateJwkFromDerivedSecret(perAudienceSecret, perAudienceKid),\n ];\n}\n\nexport type PublicJwk = {\n kty: \"EC\",\n alg: \"ES256\",\n crv: \"P-256\",\n kid: string,\n x: string,\n y: string,\n};\nexport async function getPublicJwkSet(privateJwks: PrivateJwk[]): Promise<{ keys: PublicJwk[] }> {\n return {\n keys: privateJwks.map(jwk => pick(jwk, [\"kty\", \"alg\", \"crv\", \"x\", \"y\", \"kid\"])),\n };\n}\n\nfunction oldGetPerAudienceSecret(options: {\n audience: string,\n}) {\n if (options.audience === \"kid\") {\n throw new StackAssertionError(\"You cannot use the 'kid' audience for a per-audience secret, see comment below in jwt.tsx\");\n }\n return jose.base64url.encode(\n crypto\n .createHash('sha256')\n // TODO we should prefix a string like \"stack-audience-secret\" before we hash so you can't use `getKid(...)` to get the secret for eg. the \"kid\" audience if the same secret value is used\n // Sadly doing this modification is a bit annoying as we need to leave the old keys to be valid for a little longer\n .update(JSON.stringify([getStackServerSecret(), options.audience]))\n .digest()\n );\n};\n\nexport function oldGetKid(options: {\n secret: string,\n}) {\n return jose.base64url.encode(\n crypto\n .createHash('sha256')\n .update(JSON.stringify([options.secret, \"kid\"])) // TODO see above in getPerAudienceSecret\n .digest()\n ).slice(0, 12);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAAmB;AACnB,sBAAqB;AACrB,WAAsB;AACtB,oBAA0B;AAC1B,mBAAgC;AAChC,iBAA+B;AAC/B,IAAAA,iBAAuD;AACvD,qBAA0B;AAC1B,qBAAqB;AACrB,qBAAuB;AACvB,qBAAuB;AAEvB,SAAS,uBAAuB;AAC9B,QAAM,0BAAsB,2BAAe,qBAAqB;AAChE,MAAI;AACF,IAAK,eAAU,OAAO,mBAAmB;AAAA,EAC3C,SAAS,GAAG;AACV,UAAM,IAAI,mCAAoB,kGAAkG,EAAE,OAAO,EAAE,CAAC;AAAA,EAC9I;AACA,SAAO;AACT;AAEA,eAAsB,WAAW,SAE9B;AACD,MAAI;AACF,QAAI,OAAO,QAAQ,QAAQ,SAAU,QAAO,sBAAO,MAAM,EAAE,OAAO,8BAA8B,sBAAkB,uBAAO,QAAQ,GAAG,EAAE,CAAC;AACvI,QAAI,CAAC,QAAQ,IAAI,WAAW,IAAI,EAAG,QAAO,sBAAO,MAAM,EAAE,OAAO,qCAAqC,OAAO,QAAQ,IAAI,CAAC;AACzH,UAAM,aAAkB,eAAU,QAAQ,GAAG;AAC7C,WAAO,sBAAO,GAAG,EAAE,SAAS,WAAW,CAAC;AAAA,EAC1C,SAAS,GAAG;AACV,WAAO,sBAAO,MAAM;AAAA,MAClB,eAAW,kCAAkB,CAAC;AAAA,IAChC,CAAC;AAAA,EACH;AACF;AAEA,eAAsB,QAAQ,SAK3B;AACD,QAAM,cAAc,MAAM,eAAe,EAAE,UAAU,QAAQ,SAAS,CAAC;AACvE,QAAM,aAAa,MAAW,eAAU,YAAY,CAAC,CAAC;AAEtD,SAAO,MAAM,IAAS,aAAQ,QAAQ,OAAO,EAC1C,mBAAmB,EAAE,KAAK,SAAS,KAAK,YAAY,CAAC,EAAE,IAAI,CAAC,EAC5D,UAAU,QAAQ,MAAM,EACxB,YAAY,EACZ,YAAY,QAAQ,QAAQ,EAC5B,kBAAkB,QAAQ,kBAAkB,IAAI,EAChD,KAAK,UAAU;AACpB;AAEA,eAAsB,UAAU,SAG7B;AACD,QAAM,aAAkB,eAAU,QAAQ,GAAG;AAC7C,QAAM,WAAW,WAAW;AAC5B,MAAI,CAAC,YAAY,OAAO,aAAa,UAAU;AAC7C,UAAM,IAAI,wBAAU,sBAAsB;AAAA,EAC5C;AAEA,QAAM,SAAc,uBAAkB,MAAM,gBAAgB,MAAM,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;AAC/F,QAAM,WAAW,MAAW,eAAU,QAAQ,KAAK,QAAQ,EAAE,QAAQ,QAAQ,eAAe,CAAC;AAC7F,SAAO,SAAS;AAClB;AAWA,eAAe,+BAA+B,eAAuB,KAAkC;AACrG,QAAM,aAAa,MAAM,yBAAU,OAAO,OAAO,OAAO,WAAgB,eAAU,OAAO,aAAa,CAAC;AACvG,QAAM,OAAO,IAAI,WAAW,UAAU;AAEtC,QAAM,KAAK,IAAI,gBAAAC,QAAS,GAAG,MAAM;AACjC,QAAM,MAAM,GAAG,eAAe,IAAI;AAClC,QAAM,YAAY,IAAI,UAAU;AAEhC,SAAO;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL;AAAA,IACA,OAAG,8BAAgB,IAAI;AAAA,IACvB,OAAG,8BAAgB,UAAU,KAAK,EAAE,SAAS,CAAC;AAAA,IAC9C,OAAG,8BAAgB,UAAU,KAAK,EAAE,SAAS,CAAC;AAAA,EAChD;AACF;AAMA,eAAsB,eAAe,SAEX;AACxB,QAAM,mBAAmB,CAAC,SAAsB,eAAU;AAAA,IACxD,cAAAC,QACG,WAAW,QAAQ,EACnB,OAAO,KAAK,UAAU,CAAC,MAAM,qBAAqB,GAAG;AAAA,MACpD,UAAU,QAAQ;AAAA,IACpB,CAAC,CAAC,CAAC,EACF,OAAO;AAAA,EACZ;AACA,QAAM,oBAAoB,iBAAiB,2BAA2B;AACtE,QAAM,iBAAiB,iBAAiB,eAAe,EAAE,MAAM,GAAG,EAAE;AAEpE,QAAM,uBAAuB,wBAAwB,EAAE,UAAU,QAAQ,SAAS,CAAC;AACnF,QAAM,oBAAoB,UAAU,EAAE,QAAQ,qBAAqB,CAAC;AAEpE,SAAO;AAAA;AAAA,IAEL,MAAM,+BAA+B,sBAAsB,iBAAiB;AAAA,IAE5E,MAAM,+BAA+B,mBAAmB,cAAc;AAAA,EACxE;AACF;AAUA,eAAsB,gBAAgB,aAA2D;AAC/F,SAAO;AAAA,IACL,MAAM,YAAY,IAAI,aAAO,qBAAK,KAAK,CAAC,OAAO,OAAO,OAAO,KAAK,KAAK,KAAK,CAAC,CAAC;AAAA,EAChF;AACF;AAEA,SAAS,wBAAwB,SAE9B;AACD,MAAI,QAAQ,aAAa,OAAO;AAC9B,UAAM,IAAI,mCAAoB,2FAA2F;AAAA,EAC3H;AACA,SAAY,eAAU;AAAA,IACpB,cAAAA,QACG,WAAW,QAAQ,EAGnB,OAAO,KAAK,UAAU,CAAC,qBAAqB,GAAG,QAAQ,QAAQ,CAAC,CAAC,EACjE,OAAO;AAAA,EACZ;AACF;AAEO,SAAS,UAAU,SAEvB;AACD,SAAY,eAAU;AAAA,IACpB,cAAAC,QACG,WAAW,QAAQ,EACnB,OAAO,KAAK,UAAU,CAAC,QAAQ,QAAQ,KAAK,CAAC,CAAC,EAC9C,OAAO;AAAA,EACZ,EAAE,MAAM,GAAG,EAAE;AACf;","names":["import_errors","elliptic","crypto","crypto"]}
package/dist/utils/numbers.js CHANGED
@@ -26,23 +26,28 @@ __export(numbers_exports, {
26
26
  });
27
27
  module.exports = __toCommonJS(numbers_exports);
28
28
  var magnitudes = [
29
- [1e15, "trln"],
30
- [1e12, "bln"],
31
- [1e9, "bn"],
32
- [1e6, "M"],
33
- [1e3, "k"]
29
+ [1e3, "k"],
30
+ [1e3, "M"],
31
+ [1e3, "bn"],
32
+ [1e3, "bln"],
33
+ [1e3, "trln"]
34
34
  ];
35
35
  function prettyPrintWithMagnitudes(num) {
36
36
  if (typeof num !== "number") throw new Error("Expected a number");
37
37
  if (Number.isNaN(num)) return "NaN";
38
38
  if (num < 0) return "-" + prettyPrintWithMagnitudes(-num);
39
39
  if (!Number.isFinite(num)) return "\u221E";
40
- for (const [magnitude, suffix] of magnitudes) {
41
- if (num >= magnitude) {
42
- return toFixedMax(num / magnitude, 1) + suffix;
40
+ let current = toFixedMax(num, 1);
41
+ let lastSuffix = "";
42
+ for (const [difference, suffix] of magnitudes) {
43
+ if (+current >= difference) {
44
+ current = toFixedMax(+current / difference, 1);
45
+ lastSuffix = suffix;
46
+ } else {
47
+ break;
43
48
  }
44
49
  }
45
- return toFixedMax(num, 1);
50
+ return current + lastSuffix;
46
51
  }
47
52
  function toFixedMax(num, maxDecimals) {
48
53
  return num.toFixed(maxDecimals).replace(/\.?0+$/, "");