@stackframe/stack-shared 2.8.7 → 2.8.10

package/dist/utils/jwt.d.cts

@@ -0,0 +1,44 @@
+import * as jose from 'jose';
+
+declare function legacySignGlobalJWT(issuer: string, payload: any, expirationTime?: string): Promise<string>;
+declare function legacyVerifyGlobalJWT(issuer: string, jwt: string): Promise<jose.JWTPayload>;
+declare function signJWT(options: {
+    issuer: string;
+    audience: string;
+    payload: any;
+    expirationTime?: string;
+}): Promise<string>;
+declare function verifyJWT(options: {
+    issuer: string;
+    jwt: string;
+}): Promise<jose.JWTPayload>;
+type PrivateJwk = {
+    kty: "EC";
+    alg: "ES256";
+    crv: "P-256";
+    kid: string;
+    d: string;
+    x: string;
+    y: string;
+};
+declare function getPrivateJwk(secret: string): Promise<PrivateJwk>;
+type PublicJwk = {
+    kty: "EC";
+    alg: "ES256";
+    crv: "P-256";
+    kid: string;
+    x: string;
+    y: string;
+};
+declare function getPublicJwkSet(secretOrPrivateJwk: string | PrivateJwk): Promise<{
+    keys: PublicJwk[];
+}>;
+declare function getPerAudienceSecret(options: {
+    audience: string;
+    secret: string;
+}): string;
+declare function getKid(options: {
+    secret: string;
+}): string;
+
+export { type PrivateJwk, type PublicJwk, getKid, getPerAudienceSecret, getPrivateJwk, getPublicJwkSet, legacySignGlobalJWT, legacyVerifyGlobalJWT, signJWT, verifyJWT };

package/dist/utils/jwt.d.ts

@@ -1,17 +1,18 @@
-import * as jose from "jose";
-export declare function legacySignGlobalJWT(issuer: string, payload: any, expirationTime?: string): Promise<string>;
-export declare function legacyVerifyGlobalJWT(issuer: string, jwt: string): Promise<jose.JWTPayload>;
-export declare function signJWT(options: {
+import * as jose from 'jose';
+
+declare function legacySignGlobalJWT(issuer: string, payload: any, expirationTime?: string): Promise<string>;
+declare function legacyVerifyGlobalJWT(issuer: string, jwt: string): Promise<jose.JWTPayload>;
+declare function signJWT(options: {
     issuer: string;
     audience: string;
     payload: any;
     expirationTime?: string;
 }): Promise<string>;
-export declare function verifyJWT(options: {
+declare function verifyJWT(options: {
     issuer: string;
     jwt: string;
 }): Promise<jose.JWTPayload>;
-export type PrivateJwk = {
+type PrivateJwk = {
     kty: "EC";
     alg: "ES256";
     crv: "P-256";
@@ -20,8 +21,8 @@ export type PrivateJwk = {
     x: string;
     y: string;
 };
-export declare function getPrivateJwk(secret: string): Promise<PrivateJwk>;
-export type PublicJwk = {
+declare function getPrivateJwk(secret: string): Promise<PrivateJwk>;
+type PublicJwk = {
     kty: "EC";
     alg: "ES256";
     crv: "P-256";
@@ -29,13 +30,15 @@ export type PublicJwk = {
     x: string;
     y: string;
 };
-export declare function getPublicJwkSet(secretOrPrivateJwk: string | PrivateJwk): Promise<{
+declare function getPublicJwkSet(secretOrPrivateJwk: string | PrivateJwk): Promise<{
     keys: PublicJwk[];
 }>;
-export declare function getPerAudienceSecret(options: {
+declare function getPerAudienceSecret(options: {
     audience: string;
     secret: string;
 }): string;
-export declare function getKid(options: {
+declare function getKid(options: {
     secret: string;
 }): string;
+
+export { type PrivateJwk, type PublicJwk, getKid, getPerAudienceSecret, getPrivateJwk, getPublicJwkSet, legacySignGlobalJWT, legacyVerifyGlobalJWT, signJWT, verifyJWT };

package/dist/utils/jwt.js

@@ -1,94 +1,129 @@
-import crypto from "crypto";
-import elliptic from "elliptic";
-import * as jose from "jose";
-import { JOSEError } from "jose/errors";
-import { encodeBase64Url } from "./bytes";
-import { StackAssertionError } from "./errors";
-import { globalVar } from "./globals";
-import { pick } from "./objects";
-const STACK_SERVER_SECRET = process.env.STACK_SERVER_SECRET ?? "";
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/utils/jwt.tsx
+var jwt_exports = {};
+__export(jwt_exports, {
+  getKid: () => getKid,
+  getPerAudienceSecret: () => getPerAudienceSecret,
+  getPrivateJwk: () => getPrivateJwk,
+  getPublicJwkSet: () => getPublicJwkSet,
+  legacySignGlobalJWT: () => legacySignGlobalJWT,
+  legacyVerifyGlobalJWT: () => legacyVerifyGlobalJWT,
+  signJWT: () => signJWT,
+  verifyJWT: () => verifyJWT
+});
+module.exports = __toCommonJS(jwt_exports);
+var import_crypto = __toESM(require("crypto"), 1);
+var import_elliptic = __toESM(require("elliptic"), 1);
+var jose = __toESM(require("jose"), 1);
+var import_errors = require("jose/errors");
+var import_bytes = require("./bytes");
+var import_errors2 = require("./errors");
+var import_globals = require("./globals");
+var import_objects = require("./objects");
+var STACK_SERVER_SECRET = process.env.STACK_SERVER_SECRET ?? "";
 try {
-    jose.base64url.decode(STACK_SERVER_SECRET);
+  jose.base64url.decode(STACK_SERVER_SECRET);
+} catch (e) {
+  throw new Error("STACK_SERVER_SECRET is not valid. Please use the generateKeys script to generate a new secret.");
 }
-catch (e) {
-    throw new Error("STACK_SERVER_SECRET is not valid. Please use the generateKeys script to generate a new secret.");
+async function legacySignGlobalJWT(issuer, payload, expirationTime = "5m") {
+  const privateJwk = await jose.importJWK(await getPrivateJwk(STACK_SERVER_SECRET));
+  return await new jose.SignJWT(payload).setProtectedHeader({ alg: "ES256" }).setIssuer(issuer).setIssuedAt().setExpirationTime(expirationTime).sign(privateJwk);
 }
-// TODO: remove this after moving everyone to project specific JWTs
-export async function legacySignGlobalJWT(issuer, payload, expirationTime = "5m") {
-    const privateJwk = await jose.importJWK(await getPrivateJwk(STACK_SERVER_SECRET));
-    return await new jose.SignJWT(payload)
-        .setProtectedHeader({ alg: "ES256" })
-        .setIssuer(issuer)
-        .setIssuedAt()
-        .setExpirationTime(expirationTime)
-        .sign(privateJwk);
+async function legacyVerifyGlobalJWT(issuer, jwt) {
+  const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet(STACK_SERVER_SECRET));
+  const verified = await jose.jwtVerify(jwt, jwkSet, { issuer });
+  return verified.payload;
 }
-// TODO: remove this after moving everyone to project specific JWTs
-export async function legacyVerifyGlobalJWT(issuer, jwt) {
-    const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet(STACK_SERVER_SECRET));
-    const verified = await jose.jwtVerify(jwt, jwkSet, { issuer });
-    return verified.payload;
+async function signJWT(options) {
+  const secret = getPerAudienceSecret({ audience: options.audience, secret: STACK_SERVER_SECRET });
+  const kid = getKid({ secret });
+  const privateJwk = await jose.importJWK(await getPrivateJwk(secret));
+  return await new jose.SignJWT(options.payload).setProtectedHeader({ alg: "ES256", kid }).setIssuer(options.issuer).setIssuedAt().setAudience(options.audience).setExpirationTime(options.expirationTime || "5m").sign(privateJwk);
 }
-export async function signJWT(options) {
-    const secret = getPerAudienceSecret({ audience: options.audience, secret: STACK_SERVER_SECRET });
-    const kid = getKid({ secret });
-    const privateJwk = await jose.importJWK(await getPrivateJwk(secret));
-    return await new jose.SignJWT(options.payload)
-        .setProtectedHeader({ alg: "ES256", kid })
-        .setIssuer(options.issuer)
-        .setIssuedAt()
-        .setAudience(options.audience)
-        .setExpirationTime(options.expirationTime || "5m")
-        .sign(privateJwk);
+async function verifyJWT(options) {
+  const audience = jose.decodeJwt(options.jwt).aud;
+  if (!audience || typeof audience !== "string") {
+    throw new import_errors.JOSEError("Invalid JWT audience");
+  }
+  const secret = getPerAudienceSecret({ audience, secret: STACK_SERVER_SECRET });
+  const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet(secret));
+  const verified = await jose.jwtVerify(options.jwt, jwkSet, { issuer: options.issuer });
+  return verified.payload;
 }
-export async function verifyJWT(options) {
-    const audience = jose.decodeJwt(options.jwt).aud;
-    if (!audience || typeof audience !== "string") {
-        throw new JOSEError("Invalid JWT audience");
-    }
-    const secret = getPerAudienceSecret({ audience, secret: STACK_SERVER_SECRET });
-    const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet(secret));
-    const verified = await jose.jwtVerify(options.jwt, jwkSet, { issuer: options.issuer });
-    return verified.payload;
+async function getPrivateJwk(secret) {
+  const secretHash = await import_globals.globalVar.crypto.subtle.digest("SHA-256", jose.base64url.decode(secret));
+  const priv = new Uint8Array(secretHash);
+  const ec = new import_elliptic.default.ec("p256");
+  const key = ec.keyFromPrivate(priv);
+  const publicKey = key.getPublic();
+  return {
+    kty: "EC",
+    crv: "P-256",
+    alg: "ES256",
+    kid: getKid({ secret }),
+    d: (0, import_bytes.encodeBase64Url)(priv),
+    x: (0, import_bytes.encodeBase64Url)(publicKey.getX().toBuffer()),
+    y: (0, import_bytes.encodeBase64Url)(publicKey.getY().toBuffer())
+  };
 }
-export async function getPrivateJwk(secret) {
-    const secretHash = await globalVar.crypto.subtle.digest("SHA-256", jose.base64url.decode(secret));
-    const priv = new Uint8Array(secretHash);
-    const ec = new elliptic.ec('p256');
-    const key = ec.keyFromPrivate(priv);
-    const publicKey = key.getPublic();
-    return {
-        kty: 'EC',
-        crv: 'P-256',
-        alg: 'ES256',
-        kid: getKid({ secret }),
-        d: encodeBase64Url(priv),
-        x: encodeBase64Url(publicKey.getX().toBuffer()),
-        y: encodeBase64Url(publicKey.getY().toBuffer()),
-    };
+async function getPublicJwkSet(secretOrPrivateJwk) {
+  const privateJwk = typeof secretOrPrivateJwk === "string" ? await getPrivateJwk(secretOrPrivateJwk) : secretOrPrivateJwk;
+  const jwk = (0, import_objects.pick)(privateJwk, ["kty", "alg", "crv", "x", "y", "kid"]);
+  return {
+    keys: [jwk]
+  };
 }
-export async function getPublicJwkSet(secretOrPrivateJwk) {
-    const privateJwk = typeof secretOrPrivateJwk === "string" ? await getPrivateJwk(secretOrPrivateJwk) : secretOrPrivateJwk;
-    const jwk = pick(privateJwk, ["kty", "alg", "crv", "x", "y", "kid"]);
-    return {
-        keys: [jwk],
-    };
+function getPerAudienceSecret(options) {
+  if (options.audience === "kid") {
+    throw new import_errors2.StackAssertionError("You cannot use the 'kid' audience for a per-audience secret, see comment below in jwt.tsx");
+  }
+  return jose.base64url.encode(
+    import_crypto.default.createHash("sha256").update(JSON.stringify([options.secret, options.audience])).digest()
+  );
 }
-export function getPerAudienceSecret(options) {
-    if (options.audience === "kid") {
-        throw new StackAssertionError("You cannot use the 'kid' audience for a per-audience secret, see comment below in jwt.tsx");
-    }
-    return jose.base64url.encode(crypto
-        .createHash('sha256')
-        // TODO we should prefix a string like "stack-audience-secret" before we hash so you can't use `getKid(...)` to get the secret for eg. the "kid" audience if the same secret value is used
-        // Sadly doing this modification is a bit annoying as we need to leave the old keys to be valid for a little longer
-        .update(JSON.stringify([options.secret, options.audience]))
-        .digest());
-}
-;
-export function getKid(options) {
-    return jose.base64url.encode(crypto
-        .createHash('sha256')
-        .update(JSON.stringify([options.secret, "kid"])) // TODO see above in getPerAudienceSecret
-        .digest()).slice(0, 12);
+function getKid(options) {
+  return jose.base64url.encode(
+    import_crypto.default.createHash("sha256").update(JSON.stringify([options.secret, "kid"])).digest()
+  ).slice(0, 12);
 }
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getKid,
+  getPerAudienceSecret,
+  getPrivateJwk,
+  getPublicJwkSet,
+  legacySignGlobalJWT,
+  legacyVerifyGlobalJWT,
+  signJWT,
+  verifyJWT
+});
+//# sourceMappingURL=jwt.js.map

package/dist/utils/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/jwt.tsx"],"sourcesContent":["import crypto from \"crypto\";\nimport elliptic from \"elliptic\";\nimport * as jose from \"jose\";\nimport { JOSEError } from \"jose/errors\";\nimport { encodeBase64Url } from \"./bytes\";\nimport { StackAssertionError } from \"./errors\";\nimport { globalVar } from \"./globals\";\nimport { pick } from \"./objects\";\n\nconst STACK_SERVER_SECRET = process.env.STACK_SERVER_SECRET ?? \"\";\ntry {\n  jose.base64url.decode(STACK_SERVER_SECRET);\n} catch (e) {\n  throw new Error(\"STACK_SERVER_SECRET is not valid. Please use the generateKeys script to generate a new secret.\");\n}\n\n// TODO: remove this after moving everyone to project specific JWTs\nexport async function legacySignGlobalJWT(issuer: string, payload: any, expirationTime = \"5m\") {\n  const privateJwk = await jose.importJWK(await getPrivateJwk(STACK_SERVER_SECRET));\n  return await new jose.SignJWT(payload)\n    .setProtectedHeader({ alg: \"ES256\" })\n    .setIssuer(issuer)\n    .setIssuedAt()\n    .setExpirationTime(expirationTime)\n    .sign(privateJwk);\n}\n\n// TODO: remove this after moving everyone to project specific JWTs\nexport async function legacyVerifyGlobalJWT(issuer: string, jwt: string) {\n  const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet(STACK_SERVER_SECRET));\n  const verified = await jose.jwtVerify(jwt, jwkSet, { issuer });\n  return verified.payload;\n}\n\nexport async function signJWT(options: {\n  issuer: string,\n  audience: string,\n  payload: any,\n  expirationTime?: string,\n}) {\n  const secret = getPerAudienceSecret({ audience: options.audience, secret: STACK_SERVER_SECRET });\n  const kid = getKid({ secret });\n  const privateJwk = await jose.importJWK(await getPrivateJwk(secret));\n  return await new jose.SignJWT(options.payload)\n    .setProtectedHeader({ alg: \"ES256\", kid })\n    .setIssuer(options.issuer)\n    .setIssuedAt()\n    .setAudience(options.audience)\n    .setExpirationTime(options.expirationTime || \"5m\")\n    .sign(privateJwk);\n}\n\nexport async function verifyJWT(options: {\n  issuer: string,\n  jwt: string,\n}) {\n  const audience = jose.decodeJwt(options.jwt).aud;\n  if (!audience || typeof audience !== \"string\") {\n    throw new JOSEError(\"Invalid JWT audience\");\n  }\n  const secret = getPerAudienceSecret({ audience, secret: STACK_SERVER_SECRET });\n  const jwkSet = jose.createLocalJWKSet(await getPublicJwkSet(secret));\n  const verified = await jose.jwtVerify(options.jwt, jwkSet, { issuer: options.issuer });\n  return verified.payload;\n}\n\nexport type PrivateJwk = {\n  kty: \"EC\",\n  alg: \"ES256\",\n  crv: \"P-256\",\n  kid: string,\n  d: string,\n  x: string,\n  y: string,\n};\nexport async function getPrivateJwk(secret: string): Promise<PrivateJwk> {\n  const secretHash = await globalVar.crypto.subtle.digest(\"SHA-256\", jose.base64url.decode(secret));\n  const priv = new Uint8Array(secretHash);\n\n  const ec = new elliptic.ec('p256');\n  const key = ec.keyFromPrivate(priv);\n  const publicKey = key.getPublic();\n\n  return {\n    kty: 'EC',\n    crv: 'P-256',\n    alg: 'ES256',\n    kid: getKid({ secret }),\n    d: encodeBase64Url(priv),\n    x: encodeBase64Url(publicKey.getX().toBuffer()),\n    y: encodeBase64Url(publicKey.getY().toBuffer()),\n  };\n}\n\nexport type PublicJwk = {\n  kty: \"EC\",\n  alg: \"ES256\",\n  crv: \"P-256\",\n  kid: string,\n  x: string,\n  y: string,\n};\nexport async function getPublicJwkSet(secretOrPrivateJwk: string | PrivateJwk): Promise<{ keys: PublicJwk[] }> {\n  const privateJwk = typeof secretOrPrivateJwk === \"string\" ? await getPrivateJwk(secretOrPrivateJwk) : secretOrPrivateJwk;\n  const jwk = pick(privateJwk, [\"kty\", \"alg\", \"crv\", \"x\", \"y\", \"kid\"]);\n  return {\n    keys: [jwk],\n  };\n}\n\nexport function getPerAudienceSecret(options: {\n  audience: string,\n  secret: string,\n}) {\n  if (options.audience === \"kid\") {\n    throw new StackAssertionError(\"You cannot use the 'kid' audience for a per-audience secret, see comment below in jwt.tsx\");\n  }\n  return jose.base64url.encode(\n    crypto\n      .createHash('sha256')\n      // TODO we should prefix a string like \"stack-audience-secret\" before we hash so you can't use `getKid(...)` to get the secret for eg. the \"kid\" audience if the same secret value is used\n      // Sadly doing this modification is a bit annoying as we need to leave the old keys to be valid for a little longer\n      .update(JSON.stringify([options.secret, options.audience]))\n      .digest()\n  );\n};\n\nexport function getKid(options: {\n  secret: string,\n}) {\n  return jose.base64url.encode(\n    crypto\n      .createHash('sha256')\n      .update(JSON.stringify([options.secret, \"kid\"]))  // TODO see above in getPerAudienceSecret\n      .digest()\n  ).slice(0, 12);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAAmB;AACnB,sBAAqB;AACrB,WAAsB;AACtB,oBAA0B;AAC1B,mBAAgC;AAChC,IAAAA,iBAAoC;AACpC,qBAA0B;AAC1B,qBAAqB;AAErB,IAAM,sBAAsB,QAAQ,IAAI,uBAAuB;AAC/D,IAAI;AACF,EAAK,eAAU,OAAO,mBAAmB;AAC3C,SAAS,GAAG;AACV,QAAM,IAAI,MAAM,gGAAgG;AAClH;AAGA,eAAsB,oBAAoB,QAAgB,SAAc,iBAAiB,MAAM;AAC7F,QAAM,aAAa,MAAW,eAAU,MAAM,cAAc,mBAAmB,CAAC;AAChF,SAAO,MAAM,IAAS,aAAQ,OAAO,EAClC,mBAAmB,EAAE,KAAK,QAAQ,CAAC,EACnC,UAAU,MAAM,EAChB,YAAY,EACZ,kBAAkB,cAAc,EAChC,KAAK,UAAU;AACpB;AAGA,eAAsB,sBAAsB,QAAgB,KAAa;AACvE,QAAM,SAAc,uBAAkB,MAAM,gBAAgB,mBAAmB,CAAC;AAChF,QAAM,WAAW,MAAW,eAAU,KAAK,QAAQ,EAAE,OAAO,CAAC;AAC7D,SAAO,SAAS;AAClB;AAEA,eAAsB,QAAQ,SAK3B;AACD,QAAM,SAAS,qBAAqB,EAAE,UAAU,QAAQ,UAAU,QAAQ,oBAAoB,CAAC;AAC/F,QAAM,MAAM,OAAO,EAAE,OAAO,CAAC;AAC7B,QAAM,aAAa,MAAW,eAAU,MAAM,cAAc,MAAM,CAAC;AACnE,SAAO,MAAM,IAAS,aAAQ,QAAQ,OAAO,EAC1C,mBAAmB,EAAE,KAAK,SAAS,IAAI,CAAC,EACxC,UAAU,QAAQ,MAAM,EACxB,YAAY,EACZ,YAAY,QAAQ,QAAQ,EAC5B,kBAAkB,QAAQ,kBAAkB,IAAI,EAChD,KAAK,UAAU;AACpB;AAEA,eAAsB,UAAU,SAG7B;AACD,QAAM,WAAgB,eAAU,QAAQ,GAAG,EAAE;AAC7C,MAAI,CAAC,YAAY,OAAO,aAAa,UAAU;AAC7C,UAAM,IAAI,wBAAU,sBAAsB;AAAA,EAC5C;AACA,QAAM,SAAS,qBAAqB,EAAE,UAAU,QAAQ,oBAAoB,CAAC;AAC7E,QAAM,SAAc,uBAAkB,MAAM,gBAAgB,MAAM,CAAC;AACnE,QAAM,WAAW,MAAW,eAAU,QAAQ,KAAK,QAAQ,EAAE,QAAQ,QAAQ,OAAO,CAAC;AACrF,SAAO,SAAS;AAClB;AAWA,eAAsB,cAAc,QAAqC;AACvE,QAAM,aAAa,MAAM,yBAAU,OAAO,OAAO,OAAO,WAAgB,eAAU,OAAO,MAAM,CAAC;AAChG,QAAM,OAAO,IAAI,WAAW,UAAU;AAEtC,QAAM,KAAK,IAAI,gBAAAC,QAAS,GAAG,MAAM;AACjC,QAAM,MAAM,GAAG,eAAe,IAAI;AAClC,QAAM,YAAY,IAAI,UAAU;AAEhC,SAAO;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK,OAAO,EAAE,OAAO,CAAC;AAAA,IACtB,OAAG,8BAAgB,IAAI;AAAA,IACvB,OAAG,8BAAgB,UAAU,KAAK,EAAE,SAAS,CAAC;AAAA,IAC9C,OAAG,8BAAgB,UAAU,KAAK,EAAE,SAAS,CAAC;AAAA,EAChD;AACF;AAUA,eAAsB,gBAAgB,oBAAyE;AAC7G,QAAM,aAAa,OAAO,uBAAuB,WAAW,MAAM,cAAc,kBAAkB,IAAI;AACtG,QAAM,UAAM,qBAAK,YAAY,CAAC,OAAO,OAAO,OAAO,KAAK,KAAK,KAAK,CAAC;AACnE,SAAO;AAAA,IACL,MAAM,CAAC,GAAG;AAAA,EACZ;AACF;AAEO,SAAS,qBAAqB,SAGlC;AACD,MAAI,QAAQ,aAAa,OAAO;AAC9B,UAAM,IAAI,mCAAoB,2FAA2F;AAAA,EAC3H;AACA,SAAY,eAAU;AAAA,IACpB,cAAAC,QACG,WAAW,QAAQ,EAGnB,OAAO,KAAK,UAAU,CAAC,QAAQ,QAAQ,QAAQ,QAAQ,CAAC,CAAC,EACzD,OAAO;AAAA,EACZ;AACF;AAEO,SAAS,OAAO,SAEpB;AACD,SAAY,eAAU;AAAA,IACpB,cAAAC,QACG,WAAW,QAAQ,EACnB,OAAO,KAAK,UAAU,CAAC,QAAQ,QAAQ,KAAK,CAAC,CAAC,EAC9C,OAAO;AAAA,EACZ,EAAE,MAAM,GAAG,EAAE;AACf;","names":["import_errors","elliptic","crypto","crypto"]}

package/dist/utils/locks.d.cts

@@ -0,0 +1,15 @@
+type LockCallback<T> = () => Promise<T>;
+declare class ReadWriteLock {
+    private semaphore;
+    private readers;
+    private readersMutex;
+    constructor();
+    withReadLock<T>(callback: LockCallback<T>): Promise<T>;
+    withWriteLock<T>(callback: LockCallback<T>): Promise<T>;
+    private _acquireReadLock;
+    private _releaseReadLock;
+    private _acquireWriteLock;
+    private _releaseWriteLock;
+}
+
+export { ReadWriteLock };

package/dist/utils/locks.d.ts

@@ -1,5 +1,5 @@
 type LockCallback<T> = () => Promise<T>;
-export declare class ReadWriteLock {
+declare class ReadWriteLock {
     private semaphore;
     private readers;
     private readersMutex;
@@ -11,4 +11,5 @@ export declare class ReadWriteLock {
     private _acquireWriteLock;
     private _releaseWriteLock;
 }
-export {};
+
+export { ReadWriteLock };

package/dist/utils/locks.js

@@ -1,62 +1,82 @@
-import { Semaphore } from 'async-mutex';
-export class ReadWriteLock {
-    constructor() {
-        this.semaphore = new Semaphore(1); // Semaphore with 1 permit
-        this.readers = 0; // Track the number of readers
-        this.readersMutex = new Semaphore(1); // Protect access to `readers` count
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/utils/locks.tsx
+var locks_exports = {};
+__export(locks_exports, {
+  ReadWriteLock: () => ReadWriteLock
+});
+module.exports = __toCommonJS(locks_exports);
+var import_async_mutex = require("async-mutex");
+var ReadWriteLock = class {
+  constructor() {
+    this.semaphore = new import_async_mutex.Semaphore(1);
+    this.readers = 0;
+    this.readersMutex = new import_async_mutex.Semaphore(1);
+  }
+  async withReadLock(callback) {
+    await this._acquireReadLock();
+    try {
+      return await callback();
+    } finally {
+      await this._releaseReadLock();
     }
-    async withReadLock(callback) {
-        await this._acquireReadLock();
-        try {
-            return await callback();
-        }
-        finally {
-            await this._releaseReadLock();
-        }
+  }
+  async withWriteLock(callback) {
+    await this._acquireWriteLock();
+    try {
+      return await callback();
+    } finally {
+      await this._releaseWriteLock();
     }
-    async withWriteLock(callback) {
-        await this._acquireWriteLock();
-        try {
-            return await callback();
-        }
-        finally {
-            await this._releaseWriteLock();
-        }
-    }
-    async _acquireReadLock() {
-        // Increment the readers count
-        await this.readersMutex.acquire();
-        try {
-            this.readers += 1;
-            // If this is the first reader, block writers
-            if (this.readers === 1) {
-                await this.semaphore.acquire();
-            }
-        }
-        finally {
-            this.readersMutex.release();
-        }
-    }
-    async _releaseReadLock() {
-        // Decrement the readers count
-        await this.readersMutex.acquire();
-        try {
-            this.readers -= 1;
-            // If this was the last reader, release the writer block
-            if (this.readers === 0) {
-                this.semaphore.release();
-            }
-        }
-        finally {
-            this.readersMutex.release();
-        }
-    }
-    async _acquireWriteLock() {
-        // Writers acquire the main semaphore exclusively
+  }
+  async _acquireReadLock() {
+    await this.readersMutex.acquire();
+    try {
+      this.readers += 1;
+      if (this.readers === 1) {
         await this.semaphore.acquire();
+      }
+    } finally {
+      this.readersMutex.release();
     }
-    async _releaseWriteLock() {
-        // Writers release the main semaphore
+  }
+  async _releaseReadLock() {
+    await this.readersMutex.acquire();
+    try {
+      this.readers -= 1;
+      if (this.readers === 0) {
         this.semaphore.release();
+      }
+    } finally {
+      this.readersMutex.release();
     }
-}
+  }
+  async _acquireWriteLock() {
+    await this.semaphore.acquire();
+  }
+  async _releaseWriteLock() {
+    this.semaphore.release();
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ReadWriteLock
+});
+//# sourceMappingURL=locks.js.map

package/dist/utils/locks.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/locks.tsx"],"sourcesContent":["import { Semaphore } from 'async-mutex';\n\ntype LockCallback<T> = () => Promise<T>;\n\nexport class ReadWriteLock {\n  private semaphore: Semaphore;\n  private readers: number;\n  private readersMutex: Semaphore;\n\n  constructor() {\n    this.semaphore = new Semaphore(1); // Semaphore with 1 permit\n    this.readers = 0; // Track the number of readers\n    this.readersMutex = new Semaphore(1); // Protect access to `readers` count\n  }\n\n  async withReadLock<T>(callback: LockCallback<T>): Promise<T> {\n    await this._acquireReadLock();\n    try {\n      return await callback();\n    } finally {\n      await this._releaseReadLock();\n    }\n  }\n\n  async withWriteLock<T>(callback: LockCallback<T>): Promise<T> {\n    await this._acquireWriteLock();\n    try {\n      return await callback();\n    } finally {\n      await this._releaseWriteLock();\n    }\n  }\n\n  private async _acquireReadLock(): Promise<void> {\n    // Increment the readers count\n    await this.readersMutex.acquire();\n    try {\n      this.readers += 1;\n      // If this is the first reader, block writers\n      if (this.readers === 1) {\n        await this.semaphore.acquire();\n      }\n    } finally {\n      this.readersMutex.release();\n    }\n  }\n\n  private async _releaseReadLock(): Promise<void> {\n    // Decrement the readers count\n    await this.readersMutex.acquire();\n    try {\n      this.readers -= 1;\n      // If this was the last reader, release the writer block\n      if (this.readers === 0) {\n        this.semaphore.release();\n      }\n    } finally {\n      this.readersMutex.release();\n    }\n  }\n\n  private async _acquireWriteLock(): Promise<void> {\n    // Writers acquire the main semaphore exclusively\n    await this.semaphore.acquire();\n  }\n\n  private async _releaseWriteLock(): Promise<void> {\n    // Writers release the main semaphore\n    this.semaphore.release();\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA0B;AAInB,IAAM,gBAAN,MAAoB;AAAA,EAKzB,cAAc;AACZ,SAAK,YAAY,IAAI,6BAAU,CAAC;AAChC,SAAK,UAAU;AACf,SAAK,eAAe,IAAI,6BAAU,CAAC;AAAA,EACrC;AAAA,EAEA,MAAM,aAAgB,UAAuC;AAC3D,UAAM,KAAK,iBAAiB;AAC5B,QAAI;AACF,aAAO,MAAM,SAAS;AAAA,IACxB,UAAE;AACA,YAAM,KAAK,iBAAiB;AAAA,IAC9B;AAAA,EACF;AAAA,EAEA,MAAM,cAAiB,UAAuC;AAC5D,UAAM,KAAK,kBAAkB;AAC7B,QAAI;AACF,aAAO,MAAM,SAAS;AAAA,IACxB,UAAE;AACA,YAAM,KAAK,kBAAkB;AAAA,IAC/B;AAAA,EACF;AAAA,EAEA,MAAc,mBAAkC;AAE9C,UAAM,KAAK,aAAa,QAAQ;AAChC,QAAI;AACF,WAAK,WAAW;AAEhB,UAAI,KAAK,YAAY,GAAG;AACtB,cAAM,KAAK,UAAU,QAAQ;AAAA,MAC/B;AAAA,IACF,UAAE;AACA,WAAK,aAAa,QAAQ;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,MAAc,mBAAkC;AAE9C,UAAM,KAAK,aAAa,QAAQ;AAChC,QAAI;AACF,WAAK,WAAW;AAEhB,UAAI,KAAK,YAAY,GAAG;AACtB,aAAK,UAAU,QAAQ;AAAA,MACzB;AAAA,IACF,UAAE;AACA,WAAK,aAAa,QAAQ;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,MAAc,oBAAmC;AAE/C,UAAM,KAAK,UAAU,QAAQ;AAAA,EAC/B;AAAA,EAEA,MAAc,oBAAmC;AAE/C,SAAK,UAAU,QAAQ;AAAA,EACzB;AACF;","names":[]}

package/dist/utils/maps.d.cts

@@ -0,0 +1,59 @@
+declare class WeakRefIfAvailable<T extends object> {
+    private readonly _ref;
+    constructor(value: T);
+    deref(): T | undefined;
+}
+/**
+ * A WeakMap-like object that can be iterated over.
+ *
+ * Note that it relies on WeakRef, and always falls back to the regular Map behavior (ie. no GC) in browsers that don't support it.
+ */
+declare class IterableWeakMap<K extends object, V> {
+    private readonly _weakMap;
+    private readonly _keyRefs;
+    constructor(entries?: readonly (readonly [K, V])[] | null);
+    get(key: K): V | undefined;
+    set(key: K, value: V): this;
+    delete(key: K): boolean;
+    has(key: K): boolean;
+    [Symbol.iterator](): IterableIterator<[K, V]>;
+    [Symbol.toStringTag]: string;
+}
+/**
+ * A map that is a IterableWeakMap for object keys and a regular Map for primitive keys. Also provides iteration over both
+ * object and primitive keys.
+ *
+ * Note that, just like IterableWeakMap, older browsers without support for WeakRef will use a regular Map for object keys.
+ */
+declare class MaybeWeakMap<K, V> {
+    private readonly _primitiveMap;
+    private readonly _weakMap;
+    constructor(entries?: readonly (readonly [K, V])[] | null);
+    private _isAllowedInWeakMap;
+    get(key: K): V | undefined;
+    set(key: K, value: V): this;
+    delete(key: K): boolean;
+    has(key: K): boolean;
+    [Symbol.iterator](): IterableIterator<[K, V]>;
+    [Symbol.toStringTag]: string;
+}
+/**
+ * A map that stores values indexed by an array of keys. If the keys are objects and the environment supports WeakRefs,
+ * they are stored in a WeakMap.
+ */
+declare class DependenciesMap<K extends any[], V> {
+    private _inner;
+    private _valueToResult;
+    private _unwrapFromInner;
+    private _setInInner;
+    private _iterateInner;
+    get(dependencies: K): V | undefined;
+    set(dependencies: K, value: V): this;
+    delete(dependencies: K): boolean;
+    has(dependencies: K): boolean;
+    clear(): void;
+    [Symbol.iterator](): IterableIterator<[K, V]>;
+    [Symbol.toStringTag]: string;
+}
+
+export { DependenciesMap, IterableWeakMap, MaybeWeakMap, WeakRefIfAvailable };

package/dist/utils/maps.d.ts

@@ -1,4 +1,4 @@
-export declare class WeakRefIfAvailable<T extends object> {
+declare class WeakRefIfAvailable<T extends object> {
     private readonly _ref;
     constructor(value: T);
     deref(): T | undefined;
@@ -8,7 +8,7 @@ export declare class WeakRefIfAvailable<T extends object> {
  *
  * Note that it relies on WeakRef, and always falls back to the regular Map behavior (ie. no GC) in browsers that don't support it.
  */
-export declare class IterableWeakMap<K extends object, V> {
+declare class IterableWeakMap<K extends object, V> {
     private readonly _weakMap;
     private readonly _keyRefs;
     constructor(entries?: readonly (readonly [K, V])[] | null);
@@ -25,7 +25,7 @@ export declare class IterableWeakMap<K extends object, V> {
  *
  * Note that, just like IterableWeakMap, older browsers without support for WeakRef will use a regular Map for object keys.
  */
-export declare class MaybeWeakMap<K, V> {
+declare class MaybeWeakMap<K, V> {
     private readonly _primitiveMap;
     private readonly _weakMap;
     constructor(entries?: readonly (readonly [K, V])[] | null);
@@ -41,7 +41,7 @@ export declare class MaybeWeakMap<K, V> {
  * A map that stores values indexed by an array of keys. If the keys are objects and the environment supports WeakRefs,
  * they are stored in a WeakMap.
  */
-export declare class DependenciesMap<K extends any[], V> {
+declare class DependenciesMap<K extends any[], V> {
     private _inner;
     private _valueToResult;
     private _unwrapFromInner;
@@ -55,3 +55,5 @@ export declare class DependenciesMap<K extends any[], V> {
     [Symbol.iterator](): IterableIterator<[K, V]>;
     [Symbol.toStringTag]: string;
 }
+
+export { DependenciesMap, IterableWeakMap, MaybeWeakMap, WeakRefIfAvailable };