@superblocksteam/shared 0.9592.4 → 0.9594.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/jwt/verifier.d.ts.map +1 -1
- package/dist/jwt/verifier.js +12 -4
- package/dist/jwt/verifier.js.map +1 -1
- package/dist/jwt/verifier.test.js +18 -2
- package/dist/jwt/verifier.test.js.map +1 -1
- package/dist/types/event/index.d.ts +3 -1
- package/dist/types/event/index.d.ts.map +1 -1
- package/dist/types/event/index.js +7 -0
- package/dist/types/event/index.js.map +1 -1
- package/dist-esm/jwt/verifier.d.ts.map +1 -1
- package/dist-esm/jwt/verifier.js +12 -4
- package/dist-esm/jwt/verifier.js.map +1 -1
- package/dist-esm/jwt/verifier.test.js +18 -2
- package/dist-esm/jwt/verifier.test.js.map +1 -1
- package/dist-esm/types/event/index.d.ts +3 -1
- package/dist-esm/types/event/index.d.ts.map +1 -1
- package/dist-esm/types/event/index.js +7 -0
- package/dist-esm/types/event/index.js.map +1 -1
- package/package.json +1 -1
- package/src/jwt/verifier.test.ts +24 -2
- package/src/jwt/verifier.ts +13 -4
- package/src/types/event/index.ts +8 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAuB,MAAM,MAAM,CAAC;AAK9E;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;IAE7C,OAAO,CAAC,YAAY,CAAC,CAAwC;gBACjD,OAAO,EAAE,kBAAkB;IAIjC,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAuB,MAAM,MAAM,CAAC;AAK9E;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;IAE7C,OAAO,CAAC,YAAY,CAAC,CAAwC;gBACjD,OAAO,EAAE,kBAAkB;IAIjC,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,CAAC,CAAC;YAiC3E,aAAa;CAkC5B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IACtD,kBAAkB,CAAC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CAC1C;AAED,KAAK,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAEtC,MAAM,WAAW,MAAM;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}
|
package/dist/jwt/verifier.js
CHANGED
|
@@ -15,18 +15,26 @@ class JwtVerifier {
|
|
|
15
15
|
this.options = options;
|
|
16
16
|
}
|
|
17
17
|
async verify(token, options) {
|
|
18
|
-
let
|
|
18
|
+
let header;
|
|
19
19
|
try {
|
|
20
|
-
|
|
21
|
-
kid = header.kid;
|
|
20
|
+
header = (0, jose_1.decodeProtectedHeader)(token);
|
|
22
21
|
}
|
|
23
22
|
catch {
|
|
24
23
|
// Preserve legacy error message relied upon by tests
|
|
25
24
|
throw new Error('Invalid token specified');
|
|
26
25
|
}
|
|
27
|
-
if ((0, lodash_1.isEmpty)(kid)) {
|
|
26
|
+
if ((0, lodash_1.isEmpty)(header.kid)) {
|
|
28
27
|
throw new index_js_1.UnauthorizedError('Invalid JWT as kid header is missing.');
|
|
29
28
|
}
|
|
29
|
+
// Fail closed: require an explicit algorithm allowlist and reject a
|
|
30
|
+
// disallowed `alg` before resolving keys, so a forged `alg` header can't
|
|
31
|
+
// select an unintended verification path or trigger a JWKS fetch.
|
|
32
|
+
if (!options?.algorithms || options.algorithms.length === 0) {
|
|
33
|
+
throw new index_js_1.UnauthorizedError('JWT could not be verified as no signing algorithm allowlist was configured.');
|
|
34
|
+
}
|
|
35
|
+
if (!header.alg || !options.algorithms.includes(header.alg)) {
|
|
36
|
+
throw new index_js_1.UnauthorizedError('JWT could not be verified as its algorithm is not allowed.');
|
|
37
|
+
}
|
|
30
38
|
const jwkSet = await this.resolveJwkSet();
|
|
31
39
|
try {
|
|
32
40
|
const result = await (0, jose_1.jwtVerify)(token, jwkSet, options);
|
package/dist/jwt/verifier.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":";;;AAAA,+BAA+F;AAE/F,mCAAiC;AAEjC,iDAAuD;AAEvD;;GAEG;AACH,MAAa,WAAW;IACL,OAAO,CAAqB;IAC7C,gIAAgI;IACxH,YAAY,CAAyC;IAC7D,YAAY,OAA2B;QACrC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,MAAM,CAAuB,KAAa,EAAE,OAA0B;QAC1E,IAAI,
|
|
1
|
+
{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":";;;AAAA,+BAA+F;AAE/F,mCAAiC;AAEjC,iDAAuD;AAEvD;;GAEG;AACH,MAAa,WAAW;IACL,OAAO,CAAqB;IAC7C,gIAAgI;IACxH,YAAY,CAAyC;IAC7D,YAAY,OAA2B;QACrC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,MAAM,CAAuB,KAAa,EAAE,OAA0B;QAC1E,IAAI,MAAgD,CAAC;QACrD,IAAI,CAAC;YACH,MAAM,GAAG,IAAA,4BAAqB,EAAC,KAAK,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,qDAAqD;YACrD,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,IAAA,gBAAO,EAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,4BAAiB,CAAC,uCAAuC,CAAC,CAAC;QACvE,CAAC;QAED,oEAAoE;QACpE,yEAAyE;QACzE,kEAAkE;QAClE,IAAI,CAAC,OAAO,EAAE,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,4BAAiB,CAAC,6EAA6E,CAAC,CAAC;QAC7G,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,4BAAiB,CAAC,4DAA4D,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAE1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAA,gBAAS,EAAI,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YAC1D,OAAO,MAAM,CAAC,OAAO,CAAC;QACxB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,4BAAiB,CAAC,4BAA6B,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,wEAAwE;QACxE,IAAI,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;YACpC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;YACrD,IAAI,IAAA,gBAAO,EAAC,IAAI,CAAC,EAAE,CAAC;gBAClB,MAAM,IAAI,4BAAiB,CAAC,qEAAqE,CAAC,CAAC;YACrG,CAAC;YACD,OAAO,IAAA,wBAAiB,EAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,mDAAmD;QACnD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9D,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAA,gBAAO,EAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,MAAM,IAAI,4BAAiB,CAAC,qEAAqE,CAAC,CAAC;YACrG,CAAC;YACD,OAAO,IAAA,wBAAiB,EAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,gFAAgF;QAChF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAwB,EAAE,CAAC;QACrC,IAAI,CAAC,IAAA,gBAAO,EAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,IAAA,gBAAO,EAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;QAChD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,YAAY,GAAG,IAAA,yBAAkB,EAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;CACF;AA3ED,kCA2EC"}
|
|
@@ -42,7 +42,7 @@ const buildJwtVerifier = (jwk) => {
|
|
|
42
42
|
};
|
|
43
43
|
const key = await (0, jose_1.importPKCS8)(signingMaterial.privateKeyPem, 'RS256');
|
|
44
44
|
const token = await new jose_1.SignJWT(payload).setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid }).sign(key);
|
|
45
|
-
const result = await verifier.verify(token);
|
|
45
|
+
const result = await verifier.verify(token, { algorithms: ['RS256'] });
|
|
46
46
|
(0, vitest_1.expect)(getKeysInterceptor).toHaveBeenCalledTimes(1);
|
|
47
47
|
(0, vitest_1.expect)(result.sub).toBe(payload.sub);
|
|
48
48
|
(0, vitest_1.expect)(result.scope).toBe(payload.scope);
|
|
@@ -54,7 +54,7 @@ const buildJwtVerifier = (jwk) => {
|
|
|
54
54
|
const invalidToken = await new jose_1.SignJWT({ sub: 'user-456' })
|
|
55
55
|
.setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid })
|
|
56
56
|
.sign(invalidKey);
|
|
57
|
-
await (0, vitest_1.expect)(verifier.verify(invalidToken)).rejects.toMatchObject({
|
|
57
|
+
await (0, vitest_1.expect)(verifier.verify(invalidToken, { algorithms: ['RS256'] })).rejects.toMatchObject({
|
|
58
58
|
status: 401,
|
|
59
59
|
message: vitest_1.expect.stringContaining('signature verification failed')
|
|
60
60
|
});
|
|
@@ -103,5 +103,21 @@ const buildJwtVerifier = (jwk) => {
|
|
|
103
103
|
await (0, vitest_1.expect)(verifier.verify('definitely-not-a-jwt')).rejects.toThrow('Invalid token specified');
|
|
104
104
|
(0, vitest_1.expect)(getKeysInterceptor).not.toHaveBeenCalled();
|
|
105
105
|
});
|
|
106
|
+
(0, vitest_1.it)('rejects verification when no algorithms allowlist is provided', async () => {
|
|
107
|
+
const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
|
|
108
|
+
const key = await (0, jose_1.importPKCS8)(signingMaterial.privateKeyPem, 'RS256');
|
|
109
|
+
const token = await new jose_1.SignJWT({ sub: 'user-noalg' }).setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid }).sign(key);
|
|
110
|
+
await (0, vitest_1.expect)(verifier.verify(token)).rejects.toMatchObject({ status: 401 });
|
|
111
|
+
// The allowlist guard must trip before any signing key is resolved.
|
|
112
|
+
(0, vitest_1.expect)(getKeysInterceptor).not.toHaveBeenCalled();
|
|
113
|
+
});
|
|
114
|
+
(0, vitest_1.it)('rejects a token whose algorithm is outside the pinned allowlist before any key lookup', async () => {
|
|
115
|
+
const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
|
|
116
|
+
const key = await (0, jose_1.importPKCS8)(signingMaterial.privateKeyPem, 'RS256');
|
|
117
|
+
const token = await new jose_1.SignJWT({ sub: 'user-rs256' }).setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid }).sign(key);
|
|
118
|
+
// The token is validly signed, but the caller pins ES256 only.
|
|
119
|
+
await (0, vitest_1.expect)(verifier.verify(token, { algorithms: ['ES256'] })).rejects.toMatchObject({ status: 401 });
|
|
120
|
+
(0, vitest_1.expect)(getKeysInterceptor).not.toHaveBeenCalled();
|
|
121
|
+
});
|
|
106
122
|
});
|
|
107
123
|
//# sourceMappingURL=verifier.test.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifier.test.js","sourceRoot":"","sources":["../../src/jwt/verifier.test.ts"],"names":[],"mappings":";;AAAA,6CAAkD;AAElD,+BAA4C;AAE5C,mCAA6D;AAE7D,+CAAwE;AAMxE,MAAM,MAAM,GAAG,UAAU,CAAC;AAE1B,MAAM,qBAAqB,GAAG,CAAC,GAAG,GAAG,MAAM,EAAmB,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAA,iCAAmB,EAAC,KAAK,EAAE;QAC3D,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG;QACV,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QACtC,GAAG;QACH,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;KACe,CAAC;IAE5B,OAAO;QACL,GAAG;QACH,aAAa,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC9E,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAC,GAA2B,EAAE,EAAE;IACvD,MAAM,kBAAkB,GAAG,WAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAEpD,MAAM,OAAO,GAAuB;QAClC,OAAO,EAAE,2CAA2C;QACpD,KAAK,EAAE,KAAK;QACZ,kBAAkB;KACnB,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,IAAI,yBAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,EAAE,CAAC;AACpE,CAAC,CAAC;AAEF,IAAA,iBAAQ,EAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAI,eAAgC,CAAC;IACrC,IAAA,kBAAS,EAAC,GAAG,EAAE;QACb,eAAe,GAAG,qBAAqB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IACH,IAAA,WAAE,EAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAI/E,MAAM,OAAO,GAAiB;YAC5B,GAAG,EAAE,UAAU;YACf,KAAK,EAAE,UAAU;SAClB,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,IAAA,kBAAW,EAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,cAAO,CAAC,OAAO,CAAC,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEtH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAe,KAAK,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"verifier.test.js","sourceRoot":"","sources":["../../src/jwt/verifier.test.ts"],"names":[],"mappings":";;AAAA,6CAAkD;AAElD,+BAA4C;AAE5C,mCAA6D;AAE7D,+CAAwE;AAMxE,MAAM,MAAM,GAAG,UAAU,CAAC;AAE1B,MAAM,qBAAqB,GAAG,CAAC,GAAG,GAAG,MAAM,EAAmB,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAAA,iCAAmB,EAAC,KAAK,EAAE;QAC3D,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG;QACV,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QACtC,GAAG;QACH,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;KACe,CAAC;IAE5B,OAAO;QACL,GAAG;QACH,aAAa,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC9E,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAC,GAA2B,EAAE,EAAE;IACvD,MAAM,kBAAkB,GAAG,WAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAEpD,MAAM,OAAO,GAAuB;QAClC,OAAO,EAAE,2CAA2C;QACpD,KAAK,EAAE,KAAK;QACZ,kBAAkB;KACnB,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,IAAI,yBAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,EAAE,CAAC;AACpE,CAAC,CAAC;AAEF,IAAA,iBAAQ,EAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAI,eAAgC,CAAC;IACrC,IAAA,kBAAS,EAAC,GAAG,EAAE;QACb,eAAe,GAAG,qBAAqB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IACH,IAAA,WAAE,EAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAI/E,MAAM,OAAO,GAAiB;YAC5B,GAAG,EAAE,UAAU;YACf,KAAK,EAAE,UAAU;SAClB,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,IAAA,kBAAW,EAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,cAAO,CAAC,OAAO,CAAC,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEtH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAe,KAAK,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAErF,IAAA,eAAM,EAAC,kBAAkB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QACpD,IAAA,eAAM,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAA,eAAM,EAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2EAA2E,EAAE,KAAK,IAAI,EAAE;QACzF,MAAM,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE3D,MAAM,aAAa,GAAG,qBAAqB,EAAE,CAAC;QAE9C,MAAM,UAAU,GAAG,MAAM,IAAA,kBAAW,EAAC,aAAa,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAC3E,MAAM,YAAY,GAAG,MAAM,IAAI,cAAO,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;aACxD,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;aAClE,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,MAAM,IAAA,eAAM,EAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC;YAC3F,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,eAAM,CAAC,gBAAgB,CAAC,+BAA+B,CAAC;SAClE,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAI/E,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC9B,MAAM,MAAM,GAAG,4BAA4B,CAAC;QAE5C,MAAM,GAAG,GAAG,MAAM,IAAA,kBAAW,EAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,cAAO,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;aACjD,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;aAClE,WAAW,CAAC,QAAQ,CAAC;aACrB,SAAS,CAAC,MAAM,CAAC;aACjB,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAgB,KAAK,EAAE;YACzD,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,QAAQ;YACR,MAAM;SACP,CAAC,CAAC;QAEH,IAAA,eAAM,EAAC,kBAAkB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QACpD,IAAA,eAAM,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACpC,IAAA,eAAM,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClC,IAAA,eAAM,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC9B,MAAM,MAAM,GAAG,4BAA4B,CAAC;QAE5C,MAAM,GAAG,GAAG,MAAM,IAAA,kBAAW,EAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,cAAO,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;aACjD,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;aAClE,WAAW,CAAC,QAAQ,CAAC;aACrB,SAAS,CAAC,MAAM,CAAC;aACjB,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,MAAM,IAAA,eAAM,EACV,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE;YACrB,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,QAAQ,EAAE,GAAG,QAAQ,WAAW;YAChC,MAAM;SACP,CAAC,CACH,CAAC,OAAO,CAAC,aAAa,CAAC;YACtB,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,eAAM,CAAC,gBAAgB,CAAC,8BAA8B,CAAC;SACjE,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE/E,MAAM,IAAA,eAAM,EAAC,QAAQ,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;QACjG,IAAA,eAAM,EAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE/E,MAAM,GAAG,GAAG,MAAM,IAAA,kBAAW,EAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,cAAO,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpI,MAAM,IAAA,eAAM,EAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5E,oEAAoE;QACpE,IAAA,eAAM,EAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,uFAAuF,EAAE,KAAK,IAAI,EAAE;QACrG,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE/E,MAAM,GAAG,GAAG,MAAM,IAAA,kBAAW,EAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,cAAO,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpI,+DAA+D;QAC/D,MAAM,IAAA,eAAM,EAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACvG,IAAA,eAAM,EAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -43,7 +43,8 @@ export declare enum ExportViewMode {
|
|
|
43
43
|
EXPORT_LATEST = "export-latest",
|
|
44
44
|
EXPORT_LIVE = "export-live",
|
|
45
45
|
EXPORT_COMMIT = "export-commit",
|
|
46
|
-
EXPORT_DRAFT = "export-draft"
|
|
46
|
+
EXPORT_DRAFT = "export-draft",
|
|
47
|
+
EXPORT_LIVE_EDIT = "export-live-edit"
|
|
47
48
|
}
|
|
48
49
|
export declare const CombinedViewMode: {
|
|
49
50
|
EXPORT_DEPLOYED: ExportViewMode.EXPORT_DEPLOYED;
|
|
@@ -51,6 +52,7 @@ export declare const CombinedViewMode: {
|
|
|
51
52
|
EXPORT_LIVE: ExportViewMode.EXPORT_LIVE;
|
|
52
53
|
EXPORT_COMMIT: ExportViewMode.EXPORT_COMMIT;
|
|
53
54
|
EXPORT_DRAFT: ExportViewMode.EXPORT_DRAFT;
|
|
55
|
+
EXPORT_LIVE_EDIT: ExportViewMode.EXPORT_LIVE_EDIT;
|
|
54
56
|
EDITOR: ViewMode.EDITOR;
|
|
55
57
|
PREVIEW: ViewMode.PREVIEW;
|
|
56
58
|
DEPLOYED: ViewMode.DEPLOYED;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/event/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,oBAAY,eAAe;IACzB,WAAW,gBAAgB;IAC3B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,aAAa,kBAAkB;IAC/B,UAAU,eAAe;IACzB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,YAAY,iBAAiB;IAC7B,GAAG,QAAQ;IACX,IAAI,SAAS;IACb,KAAK,UAAU;IACf,UAAU,eAAe;IACzB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,aAAa,kBAAkB;IAC/B,KAAK,UAAU;IACf,oBAAoB,yBAAyB;IAC7C,OAAO,YAAY;IACnB,WAAW,gBAAgB;IAC3B,MAAM,WAAW;IACjB,gBAAgB,qBAAqB;IACrC,MAAM,WAAW;IACjB,YAAY,iBAAiB;IAC7B,UAAU,eAAe;IACzB,IAAI,SAAS;IACb,kBAAkB,uBAAuB;IACzC,SAAS,cAAc;IACvB,UAAU,eAAe;IACzB,EAAE,OAAO;CACV;AAGD,oBAAY,QAAQ;IAClB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,QAAQ,aAAa;CACtB;AAED,oBAAY,cAAc;IACxB,eAAe,oBAAoB;IACnC,aAAa,kBAAkB;IAC/B,WAAW,gBAAgB;IAC3B,aAAa,kBAAkB;IAC/B,YAAY,iBAAiB;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/event/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,oBAAY,eAAe;IACzB,WAAW,gBAAgB;IAC3B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,aAAa,kBAAkB;IAC/B,UAAU,eAAe;IACzB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,YAAY,iBAAiB;IAC7B,GAAG,QAAQ;IACX,IAAI,SAAS;IACb,KAAK,UAAU;IACf,UAAU,eAAe;IACzB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,aAAa,kBAAkB;IAC/B,KAAK,UAAU;IACf,oBAAoB,yBAAyB;IAC7C,OAAO,YAAY;IACnB,WAAW,gBAAgB;IAC3B,MAAM,WAAW;IACjB,gBAAgB,qBAAqB;IACrC,MAAM,WAAW;IACjB,YAAY,iBAAiB;IAC7B,UAAU,eAAe;IACzB,IAAI,SAAS;IACb,kBAAkB,uBAAuB;IACzC,SAAS,cAAc;IACvB,UAAU,eAAe;IACzB,EAAE,OAAO;CACV;AAGD,oBAAY,QAAQ;IAClB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,QAAQ,aAAa;CACtB;AAED,oBAAY,cAAc;IACxB,eAAe,oBAAoB;IACnC,aAAa,kBAAkB;IAC/B,WAAW,gBAAgB;IAC3B,aAAa,kBAAkB;IAC/B,YAAY,iBAAiB;IAO7B,gBAAgB,qBAAqB;CACtC;AAED,eAAO,MAAM,gBAAgB;;;;;;;;;;CAAqC,CAAC;AACnE,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,cAAc,CAAC;AAEzD,oBAAY,WAAW;IACrB,OAAO,YAAY;IACnB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,MAAM,WAAW;IACjB,kBAAkB,uBAAuB;IACzC,QAAQ,aAAa;IACrB,UAAU,eAAe;IACzB,QAAQ,aAAa;IACrB,QAAQ,aAAa;IACrB,QAAQ,aAAa;IACrB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;IACrC,UAAU,eAAe;IACzB,YAAY,iBAAiB;IAC7B,SAAS,cAAc;IACvB,QAAQ,aAAa;IACrB,gBAAgB,qBAAqB;IACrC,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,YAAY,iBAAiB;IAC7B,cAAc,mBAAmB;IACjC,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,kBAAkB,uBAAuB;IACzC,SAAS,cAAc;IACvB,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,SAAS,cAAc;IACvB,eAAe,oBAAoB;IACnC,OAAO,YAAY;IACnB,WAAW,gBAAgB;IAC3B,OAAO,YAAY;IACnB,SAAS,cAAc;CACxB;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,eAAe,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;IAGpB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACjC,SAAS,EAAE,IAAI,CAAC;IAChB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,MAAM,CAAC,EAAE,aAAa,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;CAC1B;AAED,oBAAY,WAAW;IACrB,WAAW,gBAAgB;IAC3B,IAAI,SAAS;IACb,GAAG,QAAQ;IACX,MAAM,WAAW;CAClB"}
|
|
@@ -49,6 +49,13 @@ var ExportViewMode;
|
|
|
49
49
|
ExportViewMode["EXPORT_LIVE"] = "export-live";
|
|
50
50
|
ExportViewMode["EXPORT_COMMIT"] = "export-commit";
|
|
51
51
|
ExportViewMode["EXPORT_DRAFT"] = "export-draft";
|
|
52
|
+
// The live-edit working copy: the application_live_edit row's
|
|
53
|
+
// directoryContentsHash. Unlike the commit-based views above, this points at
|
|
54
|
+
// the latest uploaded tree even when no commit was created for it (e.g.
|
|
55
|
+
// Clark's in-progress `ai:generate:interim` autosaves). A cold/recycled
|
|
56
|
+
// dev-server pod uses this to restore the actual working copy instead of an
|
|
57
|
+
// older snapshot. Only the dev-server directory-hash reload path reads it.
|
|
58
|
+
ExportViewMode["EXPORT_LIVE_EDIT"] = "export-live-edit";
|
|
52
59
|
})(ExportViewMode || (exports.ExportViewMode = ExportViewMode = {}));
|
|
53
60
|
exports.CombinedViewMode = { ...ViewMode, ...ExportViewMode };
|
|
54
61
|
var EventAction;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/event/index.ts"],"names":[],"mappings":";;;AAGA,IAAY,eAgCX;AAhCD,WAAY,eAAe;IACzB,8CAA2B,CAAA;IAC3B,gCAAa,CAAA;IACb,wCAAqB,CAAA;IACrB,kDAA+B,CAAA;IAC/B,4CAAyB,CAAA;IACzB,oCAAiB,CAAA;IACjB,gCAAa,CAAA;IACb,gDAA6B,CAAA;IAC7B,8BAAW,CAAA;IACX,gCAAa,CAAA;IACb,kCAAe,CAAA;IACf,4CAAyB,CAAA;IACzB,oCAAiB,CAAA;IACjB,oCAAiB,CAAA;IACjB,sCAAmB,CAAA;IACnB,sCAAmB,CAAA;IACnB,kDAA+B,CAAA;IAC/B,kCAAe,CAAA;IACf,gEAA6C,CAAA;IAC7C,sCAAmB,CAAA;IACnB,8CAA2B,CAAA;IAC3B,oCAAiB,CAAA;IACjB,wDAAqC,CAAA;IACrC,oCAAiB,CAAA;IACjB,gDAA6B,CAAA;IAC7B,4CAAyB,CAAA;IACzB,gCAAa,CAAA;IACb,4DAAyC,CAAA;IACzC,0CAAuB,CAAA;IACvB,4CAAyB,CAAA;IACzB,4BAAS,CAAA;AACX,CAAC,EAhCW,eAAe,+BAAf,eAAe,QAgC1B;AAED,kDAAkD;AAClD,IAAY,QAIX;AAJD,WAAY,QAAQ;IAClB,6BAAiB,CAAA;IACjB,+BAAmB,CAAA;IACnB,iCAAqB,CAAA;AACvB,CAAC,EAJW,QAAQ,wBAAR,QAAQ,QAInB;AAED,IAAY,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/event/index.ts"],"names":[],"mappings":";;;AAGA,IAAY,eAgCX;AAhCD,WAAY,eAAe;IACzB,8CAA2B,CAAA;IAC3B,gCAAa,CAAA;IACb,wCAAqB,CAAA;IACrB,kDAA+B,CAAA;IAC/B,4CAAyB,CAAA;IACzB,oCAAiB,CAAA;IACjB,gCAAa,CAAA;IACb,gDAA6B,CAAA;IAC7B,8BAAW,CAAA;IACX,gCAAa,CAAA;IACb,kCAAe,CAAA;IACf,4CAAyB,CAAA;IACzB,oCAAiB,CAAA;IACjB,oCAAiB,CAAA;IACjB,sCAAmB,CAAA;IACnB,sCAAmB,CAAA;IACnB,kDAA+B,CAAA;IAC/B,kCAAe,CAAA;IACf,gEAA6C,CAAA;IAC7C,sCAAmB,CAAA;IACnB,8CAA2B,CAAA;IAC3B,oCAAiB,CAAA;IACjB,wDAAqC,CAAA;IACrC,oCAAiB,CAAA;IACjB,gDAA6B,CAAA;IAC7B,4CAAyB,CAAA;IACzB,gCAAa,CAAA;IACb,4DAAyC,CAAA;IACzC,0CAAuB,CAAA;IACvB,4CAAyB,CAAA;IACzB,4BAAS,CAAA;AACX,CAAC,EAhCW,eAAe,+BAAf,eAAe,QAgC1B;AAED,kDAAkD;AAClD,IAAY,QAIX;AAJD,WAAY,QAAQ;IAClB,6BAAiB,CAAA;IACjB,+BAAmB,CAAA;IACnB,iCAAqB,CAAA;AACvB,CAAC,EAJW,QAAQ,wBAAR,QAAQ,QAInB;AAED,IAAY,cAaX;AAbD,WAAY,cAAc;IACxB,qDAAmC,CAAA;IACnC,iDAA+B,CAAA;IAC/B,6CAA2B,CAAA;IAC3B,iDAA+B,CAAA;IAC/B,+CAA6B,CAAA;IAC7B,8DAA8D;IAC9D,6EAA6E;IAC7E,wEAAwE;IACxE,wEAAwE;IACxE,4EAA4E;IAC5E,2EAA2E;IAC3E,uDAAqC,CAAA;AACvC,CAAC,EAbW,cAAc,8BAAd,cAAc,QAazB;AAEY,QAAA,gBAAgB,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,cAAc,EAAE,CAAC;AAGnE,IAAY,WA8CX;AA9CD,WAAY,WAAW;IACrB,kCAAmB,CAAA;IACnB,gCAAiB,CAAA;IACjB,kCAAmB,CAAA;IACnB,gCAAiB,CAAA;IACjB,wDAAyC,CAAA;IACzC,oCAAqB,CAAA;IACrB,wCAAyB,CAAA;IACzB,oCAAqB,CAAA;IACrB,oCAAqB,CAAA;IACrB,oCAAqB,CAAA;IACrB,gCAAiB,CAAA;IACjB,kCAAmB,CAAA;IACnB,oCAAqB,CAAA;IACrB,8BAAe,CAAA;IACf,gCAAiB,CAAA;IACjB,kCAAmB,CAAA;IACnB,kCAAmB,CAAA;IACnB,kCAAmB,CAAA;IACnB,oDAAqC,CAAA;IACrC,oDAAqC,CAAA;IACrC,wCAAyB,CAAA;IACzB,4CAA6B,CAAA;IAC7B,sCAAuB,CAAA;IACvB,oCAAqB,CAAA;IACrB,oDAAqC,CAAA;IACrC,kDAAmC,CAAA;IACnC,gDAAiC,CAAA;IACjC,8CAA+B,CAAA;IAC/B,kDAAmC,CAAA;IACnC,4CAA6B,CAAA;IAC7B,gDAAiC,CAAA;IACjC,4BAAa,CAAA;IACb,oCAAqB,CAAA;IACrB,wDAAyC,CAAA;IACzC,sCAAuB,CAAA;IACvB,gDAAiC,CAAA;IACjC,8BAAe,CAAA;IACf,gCAAiB,CAAA;IACjB,gCAAiB,CAAA;IACjB,sCAAuB,CAAA;IACvB,kDAAmC,CAAA;IACnC,kCAAmB,CAAA;IACnB,0CAA2B,CAAA;IAC3B,kCAAmB,CAAA;IACnB,sCAAuB,CAAA;AACzB,CAAC,EA9CW,WAAW,2BAAX,WAAW,QA8CtB;AAwBD,IAAY,WAKX;AALD,WAAY,WAAW;IACrB,0CAA2B,CAAA;IAC3B,4BAAa,CAAA;IACb,0BAAW,CAAA;IACX,gCAAiB,CAAA;AACnB,CAAC,EALW,WAAW,2BAAX,WAAW,QAKtB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAuB,MAAM,MAAM,CAAC;AAK9E;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;IAE7C,OAAO,CAAC,YAAY,CAAC,CAAwC;gBACjD,OAAO,EAAE,kBAAkB;IAIjC,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,gBAAgB,EAAuB,MAAM,MAAM,CAAC;AAK9E;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;IAE7C,OAAO,CAAC,YAAY,CAAC,CAAwC;gBACjD,OAAO,EAAE,kBAAkB;IAIjC,MAAM,CAAC,CAAC,SAAS,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,CAAC,CAAC;YAiC3E,aAAa;CAkC5B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IACtD,kBAAkB,CAAC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CAC1C;AAED,KAAK,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAEtC,MAAM,WAAW,MAAM;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB"}
|
package/dist-esm/jwt/verifier.js
CHANGED
|
@@ -12,18 +12,26 @@ export class JwtVerifier {
|
|
|
12
12
|
this.options = options;
|
|
13
13
|
}
|
|
14
14
|
async verify(token, options) {
|
|
15
|
-
let
|
|
15
|
+
let header;
|
|
16
16
|
try {
|
|
17
|
-
|
|
18
|
-
kid = header.kid;
|
|
17
|
+
header = decodeProtectedHeader(token);
|
|
19
18
|
}
|
|
20
19
|
catch {
|
|
21
20
|
// Preserve legacy error message relied upon by tests
|
|
22
21
|
throw new Error('Invalid token specified');
|
|
23
22
|
}
|
|
24
|
-
if (isEmpty(kid)) {
|
|
23
|
+
if (isEmpty(header.kid)) {
|
|
25
24
|
throw new UnauthorizedError('Invalid JWT as kid header is missing.');
|
|
26
25
|
}
|
|
26
|
+
// Fail closed: require an explicit algorithm allowlist and reject a
|
|
27
|
+
// disallowed `alg` before resolving keys, so a forged `alg` header can't
|
|
28
|
+
// select an unintended verification path or trigger a JWKS fetch.
|
|
29
|
+
if (!options?.algorithms || options.algorithms.length === 0) {
|
|
30
|
+
throw new UnauthorizedError('JWT could not be verified as no signing algorithm allowlist was configured.');
|
|
31
|
+
}
|
|
32
|
+
if (!header.alg || !options.algorithms.includes(header.alg)) {
|
|
33
|
+
throw new UnauthorizedError('JWT could not be verified as its algorithm is not allowed.');
|
|
34
|
+
}
|
|
27
35
|
const jwkSet = await this.resolveJwkSet();
|
|
28
36
|
try {
|
|
29
37
|
const result = await jwtVerify(token, jwkSet, options);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAE/F,OAAO,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAEjC,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAEvD;;GAEG;AACH,MAAM,OAAO,WAAW;IACL,OAAO,CAAqB;IAC7C,gIAAgI;IACxH,YAAY,CAAyC;IAC7D,YAAY,OAA2B;QACrC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,MAAM,CAAuB,KAAa,EAAE,OAA0B;QAC1E,IAAI,
|
|
1
|
+
{"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../src/jwt/verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAE/F,OAAO,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AAEjC,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAEvD;;GAEG;AACH,MAAM,OAAO,WAAW;IACL,OAAO,CAAqB;IAC7C,gIAAgI;IACxH,YAAY,CAAyC;IAC7D,YAAY,OAA2B;QACrC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,MAAM,CAAuB,KAAa,EAAE,OAA0B;QAC1E,IAAI,MAAgD,CAAC;QACrD,IAAI,CAAC;YACH,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,qDAAqD;YACrD,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,iBAAiB,CAAC,uCAAuC,CAAC,CAAC;QACvE,CAAC;QAED,oEAAoE;QACpE,yEAAyE;QACzE,kEAAkE;QAClE,IAAI,CAAC,OAAO,EAAE,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,iBAAiB,CAAC,6EAA6E,CAAC,CAAC;QAC7G,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5D,MAAM,IAAI,iBAAiB,CAAC,4DAA4D,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAE1C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,SAAS,CAAI,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YAC1D,OAAO,MAAM,CAAC,OAAO,CAAC;QACxB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,iBAAiB,CAAC,4BAA6B,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,wEAAwE;QACxE,IAAI,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;YACpC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;YACrD,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClB,MAAM,IAAI,iBAAiB,CAAC,qEAAqE,CAAC,CAAC;YACrG,CAAC;YACD,OAAO,iBAAiB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,mDAAmD;QACnD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9D,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,MAAM,IAAI,iBAAiB,CAAC,qEAAqE,CAAC,CAAC;YACrG,CAAC;YACD,OAAO,iBAAiB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,CAAC;QAED,gFAAgF;QAChF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAwB,EAAE,CAAC;QACrC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;QAChD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,YAAY,GAAG,kBAAkB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;CACF"}
|
|
@@ -40,7 +40,7 @@ describe('JwtVerifier', () => {
|
|
|
40
40
|
};
|
|
41
41
|
const key = await importPKCS8(signingMaterial.privateKeyPem, 'RS256');
|
|
42
42
|
const token = await new SignJWT(payload).setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid }).sign(key);
|
|
43
|
-
const result = await verifier.verify(token);
|
|
43
|
+
const result = await verifier.verify(token, { algorithms: ['RS256'] });
|
|
44
44
|
expect(getKeysInterceptor).toHaveBeenCalledTimes(1);
|
|
45
45
|
expect(result.sub).toBe(payload.sub);
|
|
46
46
|
expect(result.scope).toBe(payload.scope);
|
|
@@ -52,7 +52,7 @@ describe('JwtVerifier', () => {
|
|
|
52
52
|
const invalidToken = await new SignJWT({ sub: 'user-456' })
|
|
53
53
|
.setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid })
|
|
54
54
|
.sign(invalidKey);
|
|
55
|
-
await expect(verifier.verify(invalidToken)).rejects.toMatchObject({
|
|
55
|
+
await expect(verifier.verify(invalidToken, { algorithms: ['RS256'] })).rejects.toMatchObject({
|
|
56
56
|
status: 401,
|
|
57
57
|
message: expect.stringContaining('signature verification failed')
|
|
58
58
|
});
|
|
@@ -101,5 +101,21 @@ describe('JwtVerifier', () => {
|
|
|
101
101
|
await expect(verifier.verify('definitely-not-a-jwt')).rejects.toThrow('Invalid token specified');
|
|
102
102
|
expect(getKeysInterceptor).not.toHaveBeenCalled();
|
|
103
103
|
});
|
|
104
|
+
it('rejects verification when no algorithms allowlist is provided', async () => {
|
|
105
|
+
const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
|
|
106
|
+
const key = await importPKCS8(signingMaterial.privateKeyPem, 'RS256');
|
|
107
|
+
const token = await new SignJWT({ sub: 'user-noalg' }).setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid }).sign(key);
|
|
108
|
+
await expect(verifier.verify(token)).rejects.toMatchObject({ status: 401 });
|
|
109
|
+
// The allowlist guard must trip before any signing key is resolved.
|
|
110
|
+
expect(getKeysInterceptor).not.toHaveBeenCalled();
|
|
111
|
+
});
|
|
112
|
+
it('rejects a token whose algorithm is outside the pinned allowlist before any key lookup', async () => {
|
|
113
|
+
const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
|
|
114
|
+
const key = await importPKCS8(signingMaterial.privateKeyPem, 'RS256');
|
|
115
|
+
const token = await new SignJWT({ sub: 'user-rs256' }).setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid }).sign(key);
|
|
116
|
+
// The token is validly signed, but the caller pins ES256 only.
|
|
117
|
+
await expect(verifier.verify(token, { algorithms: ['ES256'] })).rejects.toMatchObject({ status: 401 });
|
|
118
|
+
expect(getKeysInterceptor).not.toHaveBeenCalled();
|
|
119
|
+
});
|
|
104
120
|
});
|
|
105
121
|
//# sourceMappingURL=verifier.test.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifier.test.js","sourceRoot":"","sources":["../../src/jwt/verifier.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAE5C,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAE7D,OAAO,EAAE,WAAW,EAA8B,MAAM,eAAe,CAAC;AAMxE,MAAM,MAAM,GAAG,UAAU,CAAC;AAE1B,MAAM,qBAAqB,GAAG,CAAC,GAAG,GAAG,MAAM,EAAmB,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE;QAC3D,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG;QACV,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QACtC,GAAG;QACH,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;KACe,CAAC;IAE5B,OAAO;QACL,GAAG;QACH,aAAa,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC9E,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAC,GAA2B,EAAE,EAAE;IACvD,MAAM,kBAAkB,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAEpD,MAAM,OAAO,GAAuB;QAClC,OAAO,EAAE,2CAA2C;QACpD,KAAK,EAAE,KAAK;QACZ,kBAAkB;KACnB,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,EAAE,CAAC;AACpE,CAAC,CAAC;AAEF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAI,eAAgC,CAAC;IACrC,SAAS,CAAC,GAAG,EAAE;QACb,eAAe,GAAG,qBAAqB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAI/E,MAAM,OAAO,GAAiB;YAC5B,GAAG,EAAE,UAAU;YACf,KAAK,EAAE,UAAU;SAClB,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEtH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAe,KAAK,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"verifier.test.js","sourceRoot":"","sources":["../../src/jwt/verifier.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAE5C,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAE7D,OAAO,EAAE,WAAW,EAA8B,MAAM,eAAe,CAAC;AAMxE,MAAM,MAAM,GAAG,UAAU,CAAC;AAE1B,MAAM,qBAAqB,GAAG,CAAC,GAAG,GAAG,MAAM,EAAmB,EAAE;IAC9D,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,KAAK,EAAE;QAC3D,aAAa,EAAE,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG;QACV,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QACtC,GAAG;QACH,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;KACe,CAAC;IAE5B,OAAO;QACL,GAAG;QACH,aAAa,EAAE,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC9E,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,gBAAgB,GAAG,CAAC,GAA2B,EAAE,EAAE;IACvD,MAAM,kBAAkB,GAAG,EAAE,CAAC,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAEpD,MAAM,OAAO,GAAuB;QAClC,OAAO,EAAE,2CAA2C;QACpD,KAAK,EAAE,KAAK;QACZ,kBAAkB;KACnB,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,kBAAkB,EAAE,CAAC;AACpE,CAAC,CAAC;AAEF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAI,eAAgC,CAAC;IACrC,SAAS,CAAC,GAAG,EAAE;QACb,eAAe,GAAG,qBAAqB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAI/E,MAAM,OAAO,GAAiB;YAC5B,GAAG,EAAE,UAAU;YACf,KAAK,EAAE,UAAU;SAClB,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEtH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAe,KAAK,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAErF,MAAM,CAAC,kBAAkB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2EAA2E,EAAE,KAAK,IAAI,EAAE;QACzF,MAAM,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE3D,MAAM,aAAa,GAAG,qBAAqB,EAAE,CAAC;QAE9C,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QAC3E,MAAM,YAAY,GAAG,MAAM,IAAI,OAAO,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;aACxD,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;aAClE,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC;YAC3F,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,+BAA+B,CAAC;SAClE,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAI/E,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC9B,MAAM,MAAM,GAAG,4BAA4B,CAAC;QAE5C,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;aACjD,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;aAClE,WAAW,CAAC,QAAQ,CAAC;aACrB,SAAS,CAAC,MAAM,CAAC;aACjB,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAgB,KAAK,EAAE;YACzD,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,QAAQ;YACR,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,CAAC,kBAAkB,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE3D,MAAM,QAAQ,GAAG,YAAY,CAAC;QAC9B,MAAM,MAAM,GAAG,4BAA4B,CAAC;QAE5C,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;aACjD,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;aAClE,WAAW,CAAC,QAAQ,CAAC;aACrB,SAAS,CAAC,MAAM,CAAC;aACjB,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,MAAM,MAAM,CACV,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE;YACrB,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,QAAQ,EAAE,GAAG,QAAQ,WAAW;YAChC,MAAM;SACP,CAAC,CACH,CAAC,OAAO,CAAC,aAAa,CAAC;YACtB,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,8BAA8B,CAAC;SACjE,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE/E,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;QACjG,MAAM,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE/E,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpI,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5E,oEAAoE;QACpE,MAAM,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uFAAuF,EAAE,KAAK,IAAI,EAAE;QACrG,MAAM,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,gBAAgB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QAE/E,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,eAAe,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEpI,+DAA+D;QAC/D,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,UAAU,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACvG,MAAM,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -43,7 +43,8 @@ export declare enum ExportViewMode {
|
|
|
43
43
|
EXPORT_LATEST = "export-latest",
|
|
44
44
|
EXPORT_LIVE = "export-live",
|
|
45
45
|
EXPORT_COMMIT = "export-commit",
|
|
46
|
-
EXPORT_DRAFT = "export-draft"
|
|
46
|
+
EXPORT_DRAFT = "export-draft",
|
|
47
|
+
EXPORT_LIVE_EDIT = "export-live-edit"
|
|
47
48
|
}
|
|
48
49
|
export declare const CombinedViewMode: {
|
|
49
50
|
EXPORT_DEPLOYED: ExportViewMode.EXPORT_DEPLOYED;
|
|
@@ -51,6 +52,7 @@ export declare const CombinedViewMode: {
|
|
|
51
52
|
EXPORT_LIVE: ExportViewMode.EXPORT_LIVE;
|
|
52
53
|
EXPORT_COMMIT: ExportViewMode.EXPORT_COMMIT;
|
|
53
54
|
EXPORT_DRAFT: ExportViewMode.EXPORT_DRAFT;
|
|
55
|
+
EXPORT_LIVE_EDIT: ExportViewMode.EXPORT_LIVE_EDIT;
|
|
54
56
|
EDITOR: ViewMode.EDITOR;
|
|
55
57
|
PREVIEW: ViewMode.PREVIEW;
|
|
56
58
|
DEPLOYED: ViewMode.DEPLOYED;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/event/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,oBAAY,eAAe;IACzB,WAAW,gBAAgB;IAC3B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,aAAa,kBAAkB;IAC/B,UAAU,eAAe;IACzB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,YAAY,iBAAiB;IAC7B,GAAG,QAAQ;IACX,IAAI,SAAS;IACb,KAAK,UAAU;IACf,UAAU,eAAe;IACzB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,aAAa,kBAAkB;IAC/B,KAAK,UAAU;IACf,oBAAoB,yBAAyB;IAC7C,OAAO,YAAY;IACnB,WAAW,gBAAgB;IAC3B,MAAM,WAAW;IACjB,gBAAgB,qBAAqB;IACrC,MAAM,WAAW;IACjB,YAAY,iBAAiB;IAC7B,UAAU,eAAe;IACzB,IAAI,SAAS;IACb,kBAAkB,uBAAuB;IACzC,SAAS,cAAc;IACvB,UAAU,eAAe;IACzB,EAAE,OAAO;CACV;AAGD,oBAAY,QAAQ;IAClB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,QAAQ,aAAa;CACtB;AAED,oBAAY,cAAc;IACxB,eAAe,oBAAoB;IACnC,aAAa,kBAAkB;IAC/B,WAAW,gBAAgB;IAC3B,aAAa,kBAAkB;IAC/B,YAAY,iBAAiB;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/event/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,oBAAY,eAAe;IACzB,WAAW,gBAAgB;IAC3B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,aAAa,kBAAkB;IAC/B,UAAU,eAAe;IACzB,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,YAAY,iBAAiB;IAC7B,GAAG,QAAQ;IACX,IAAI,SAAS;IACb,KAAK,UAAU;IACf,UAAU,eAAe;IACzB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,aAAa,kBAAkB;IAC/B,KAAK,UAAU;IACf,oBAAoB,yBAAyB;IAC7C,OAAO,YAAY;IACnB,WAAW,gBAAgB;IAC3B,MAAM,WAAW;IACjB,gBAAgB,qBAAqB;IACrC,MAAM,WAAW;IACjB,YAAY,iBAAiB;IAC7B,UAAU,eAAe;IACzB,IAAI,SAAS;IACb,kBAAkB,uBAAuB;IACzC,SAAS,cAAc;IACvB,UAAU,eAAe;IACzB,EAAE,OAAO;CACV;AAGD,oBAAY,QAAQ;IAClB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,QAAQ,aAAa;CACtB;AAED,oBAAY,cAAc;IACxB,eAAe,oBAAoB;IACnC,aAAa,kBAAkB;IAC/B,WAAW,gBAAgB;IAC3B,aAAa,kBAAkB;IAC/B,YAAY,iBAAiB;IAO7B,gBAAgB,qBAAqB;CACtC;AAED,eAAO,MAAM,gBAAgB;;;;;;;;;;CAAqC,CAAC;AACnE,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,cAAc,CAAC;AAEzD,oBAAY,WAAW;IACrB,OAAO,YAAY;IACnB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,MAAM,WAAW;IACjB,kBAAkB,uBAAuB;IACzC,QAAQ,aAAa;IACrB,UAAU,eAAe;IACzB,QAAQ,aAAa;IACrB,QAAQ,aAAa;IACrB,QAAQ,aAAa;IACrB,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,gBAAgB,qBAAqB;IACrC,gBAAgB,qBAAqB;IACrC,UAAU,eAAe;IACzB,YAAY,iBAAiB;IAC7B,SAAS,cAAc;IACvB,QAAQ,aAAa;IACrB,gBAAgB,qBAAqB;IACrC,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,YAAY,iBAAiB;IAC7B,cAAc,mBAAmB;IACjC,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,kBAAkB,uBAAuB;IACzC,SAAS,cAAc;IACvB,cAAc,mBAAmB;IACjC,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,SAAS,cAAc;IACvB,eAAe,oBAAoB;IACnC,OAAO,YAAY;IACnB,WAAW,gBAAgB;IAC3B,OAAO,YAAY;IACnB,SAAS,cAAc;CACxB;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,eAAe,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;IAGpB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACjC,SAAS,EAAE,IAAI,CAAC;IAChB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,MAAM,CAAC,EAAE,aAAa,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;CAC1B;AAED,oBAAY,WAAW;IACrB,WAAW,gBAAgB;IAC3B,IAAI,SAAS;IACb,GAAG,QAAQ;IACX,MAAM,WAAW;CAClB"}
|
|
@@ -46,6 +46,13 @@ export var ExportViewMode;
|
|
|
46
46
|
ExportViewMode["EXPORT_LIVE"] = "export-live";
|
|
47
47
|
ExportViewMode["EXPORT_COMMIT"] = "export-commit";
|
|
48
48
|
ExportViewMode["EXPORT_DRAFT"] = "export-draft";
|
|
49
|
+
// The live-edit working copy: the application_live_edit row's
|
|
50
|
+
// directoryContentsHash. Unlike the commit-based views above, this points at
|
|
51
|
+
// the latest uploaded tree even when no commit was created for it (e.g.
|
|
52
|
+
// Clark's in-progress `ai:generate:interim` autosaves). A cold/recycled
|
|
53
|
+
// dev-server pod uses this to restore the actual working copy instead of an
|
|
54
|
+
// older snapshot. Only the dev-server directory-hash reload path reads it.
|
|
55
|
+
ExportViewMode["EXPORT_LIVE_EDIT"] = "export-live-edit";
|
|
49
56
|
})(ExportViewMode || (ExportViewMode = {}));
|
|
50
57
|
export const CombinedViewMode = { ...ViewMode, ...ExportViewMode };
|
|
51
58
|
export var EventAction;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/event/index.ts"],"names":[],"mappings":"AAGA,MAAM,CAAN,IAAY,eAgCX;AAhCD,WAAY,eAAe;IACzB,8CAA2B,CAAA;IAC3B,gCAAa,CAAA;IACb,wCAAqB,CAAA;IACrB,kDAA+B,CAAA;IAC/B,4CAAyB,CAAA;IACzB,oCAAiB,CAAA;IACjB,gCAAa,CAAA;IACb,gDAA6B,CAAA;IAC7B,8BAAW,CAAA;IACX,gCAAa,CAAA;IACb,kCAAe,CAAA;IACf,4CAAyB,CAAA;IACzB,oCAAiB,CAAA;IACjB,oCAAiB,CAAA;IACjB,sCAAmB,CAAA;IACnB,sCAAmB,CAAA;IACnB,kDAA+B,CAAA;IAC/B,kCAAe,CAAA;IACf,gEAA6C,CAAA;IAC7C,sCAAmB,CAAA;IACnB,8CAA2B,CAAA;IAC3B,oCAAiB,CAAA;IACjB,wDAAqC,CAAA;IACrC,oCAAiB,CAAA;IACjB,gDAA6B,CAAA;IAC7B,4CAAyB,CAAA;IACzB,gCAAa,CAAA;IACb,4DAAyC,CAAA;IACzC,0CAAuB,CAAA;IACvB,4CAAyB,CAAA;IACzB,4BAAS,CAAA;AACX,CAAC,EAhCW,eAAe,KAAf,eAAe,QAgC1B;AAED,kDAAkD;AAClD,MAAM,CAAN,IAAY,QAIX;AAJD,WAAY,QAAQ;IAClB,6BAAiB,CAAA;IACjB,+BAAmB,CAAA;IACnB,iCAAqB,CAAA;AACvB,CAAC,EAJW,QAAQ,KAAR,QAAQ,QAInB;AAED,MAAM,CAAN,IAAY,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/event/index.ts"],"names":[],"mappings":"AAGA,MAAM,CAAN,IAAY,eAgCX;AAhCD,WAAY,eAAe;IACzB,8CAA2B,CAAA;IAC3B,gCAAa,CAAA;IACb,wCAAqB,CAAA;IACrB,kDAA+B,CAAA;IAC/B,4CAAyB,CAAA;IACzB,oCAAiB,CAAA;IACjB,gCAAa,CAAA;IACb,gDAA6B,CAAA;IAC7B,8BAAW,CAAA;IACX,gCAAa,CAAA;IACb,kCAAe,CAAA;IACf,4CAAyB,CAAA;IACzB,oCAAiB,CAAA;IACjB,oCAAiB,CAAA;IACjB,sCAAmB,CAAA;IACnB,sCAAmB,CAAA;IACnB,kDAA+B,CAAA;IAC/B,kCAAe,CAAA;IACf,gEAA6C,CAAA;IAC7C,sCAAmB,CAAA;IACnB,8CAA2B,CAAA;IAC3B,oCAAiB,CAAA;IACjB,wDAAqC,CAAA;IACrC,oCAAiB,CAAA;IACjB,gDAA6B,CAAA;IAC7B,4CAAyB,CAAA;IACzB,gCAAa,CAAA;IACb,4DAAyC,CAAA;IACzC,0CAAuB,CAAA;IACvB,4CAAyB,CAAA;IACzB,4BAAS,CAAA;AACX,CAAC,EAhCW,eAAe,KAAf,eAAe,QAgC1B;AAED,kDAAkD;AAClD,MAAM,CAAN,IAAY,QAIX;AAJD,WAAY,QAAQ;IAClB,6BAAiB,CAAA;IACjB,+BAAmB,CAAA;IACnB,iCAAqB,CAAA;AACvB,CAAC,EAJW,QAAQ,KAAR,QAAQ,QAInB;AAED,MAAM,CAAN,IAAY,cAaX;AAbD,WAAY,cAAc;IACxB,qDAAmC,CAAA;IACnC,iDAA+B,CAAA;IAC/B,6CAA2B,CAAA;IAC3B,iDAA+B,CAAA;IAC/B,+CAA6B,CAAA;IAC7B,8DAA8D;IAC9D,6EAA6E;IAC7E,wEAAwE;IACxE,wEAAwE;IACxE,4EAA4E;IAC5E,2EAA2E;IAC3E,uDAAqC,CAAA;AACvC,CAAC,EAbW,cAAc,KAAd,cAAc,QAazB;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,cAAc,EAAE,CAAC;AAGnE,MAAM,CAAN,IAAY,WA8CX;AA9CD,WAAY,WAAW;IACrB,kCAAmB,CAAA;IACnB,gCAAiB,CAAA;IACjB,kCAAmB,CAAA;IACnB,gCAAiB,CAAA;IACjB,wDAAyC,CAAA;IACzC,oCAAqB,CAAA;IACrB,wCAAyB,CAAA;IACzB,oCAAqB,CAAA;IACrB,oCAAqB,CAAA;IACrB,oCAAqB,CAAA;IACrB,gCAAiB,CAAA;IACjB,kCAAmB,CAAA;IACnB,oCAAqB,CAAA;IACrB,8BAAe,CAAA;IACf,gCAAiB,CAAA;IACjB,kCAAmB,CAAA;IACnB,kCAAmB,CAAA;IACnB,kCAAmB,CAAA;IACnB,oDAAqC,CAAA;IACrC,oDAAqC,CAAA;IACrC,wCAAyB,CAAA;IACzB,4CAA6B,CAAA;IAC7B,sCAAuB,CAAA;IACvB,oCAAqB,CAAA;IACrB,oDAAqC,CAAA;IACrC,kDAAmC,CAAA;IACnC,gDAAiC,CAAA;IACjC,8CAA+B,CAAA;IAC/B,kDAAmC,CAAA;IACnC,4CAA6B,CAAA;IAC7B,gDAAiC,CAAA;IACjC,4BAAa,CAAA;IACb,oCAAqB,CAAA;IACrB,wDAAyC,CAAA;IACzC,sCAAuB,CAAA;IACvB,gDAAiC,CAAA;IACjC,8BAAe,CAAA;IACf,gCAAiB,CAAA;IACjB,gCAAiB,CAAA;IACjB,sCAAuB,CAAA;IACvB,kDAAmC,CAAA;IACnC,kCAAmB,CAAA;IACnB,0CAA2B,CAAA;IAC3B,kCAAmB,CAAA;IACnB,sCAAuB,CAAA;AACzB,CAAC,EA9CW,WAAW,KAAX,WAAW,QA8CtB;AAwBD,MAAM,CAAN,IAAY,WAKX;AALD,WAAY,WAAW;IACrB,0CAA2B,CAAA;IAC3B,4BAAa,CAAA;IACb,0BAAW,CAAA;IACX,gCAAiB,CAAA;AACnB,CAAC,EALW,WAAW,KAAX,WAAW,QAKtB"}
|
package/package.json
CHANGED
package/src/jwt/verifier.test.ts
CHANGED
|
@@ -60,7 +60,7 @@ describe('JwtVerifier', () => {
|
|
|
60
60
|
const key = await importPKCS8(signingMaterial.privateKeyPem, 'RS256');
|
|
61
61
|
const token = await new SignJWT(payload).setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid }).sign(key);
|
|
62
62
|
|
|
63
|
-
const result = await verifier.verify<TokenPayload>(token);
|
|
63
|
+
const result = await verifier.verify<TokenPayload>(token, { algorithms: ['RS256'] });
|
|
64
64
|
|
|
65
65
|
expect(getKeysInterceptor).toHaveBeenCalledTimes(1);
|
|
66
66
|
expect(result.sub).toBe(payload.sub);
|
|
@@ -77,7 +77,7 @@ describe('JwtVerifier', () => {
|
|
|
77
77
|
.setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid })
|
|
78
78
|
.sign(invalidKey);
|
|
79
79
|
|
|
80
|
-
await expect(verifier.verify(invalidToken)).rejects.toMatchObject({
|
|
80
|
+
await expect(verifier.verify(invalidToken, { algorithms: ['RS256'] })).rejects.toMatchObject({
|
|
81
81
|
status: 401,
|
|
82
82
|
message: expect.stringContaining('signature verification failed')
|
|
83
83
|
});
|
|
@@ -141,4 +141,26 @@ describe('JwtVerifier', () => {
|
|
|
141
141
|
await expect(verifier.verify('definitely-not-a-jwt')).rejects.toThrow('Invalid token specified');
|
|
142
142
|
expect(getKeysInterceptor).not.toHaveBeenCalled();
|
|
143
143
|
});
|
|
144
|
+
|
|
145
|
+
it('rejects verification when no algorithms allowlist is provided', async () => {
|
|
146
|
+
const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
|
|
147
|
+
|
|
148
|
+
const key = await importPKCS8(signingMaterial.privateKeyPem, 'RS256');
|
|
149
|
+
const token = await new SignJWT({ sub: 'user-noalg' }).setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid }).sign(key);
|
|
150
|
+
|
|
151
|
+
await expect(verifier.verify(token)).rejects.toMatchObject({ status: 401 });
|
|
152
|
+
// The allowlist guard must trip before any signing key is resolved.
|
|
153
|
+
expect(getKeysInterceptor).not.toHaveBeenCalled();
|
|
154
|
+
});
|
|
155
|
+
|
|
156
|
+
it('rejects a token whose algorithm is outside the pinned allowlist before any key lookup', async () => {
|
|
157
|
+
const { verifier, getKeysInterceptor } = buildJwtVerifier(signingMaterial.jwk);
|
|
158
|
+
|
|
159
|
+
const key = await importPKCS8(signingMaterial.privateKeyPem, 'RS256');
|
|
160
|
+
const token = await new SignJWT({ sub: 'user-rs256' }).setProtectedHeader({ alg: 'RS256', kid: signingMaterial.jwk.kid }).sign(key);
|
|
161
|
+
|
|
162
|
+
// The token is validly signed, but the caller pins ES256 only.
|
|
163
|
+
await expect(verifier.verify(token, { algorithms: ['ES256'] })).rejects.toMatchObject({ status: 401 });
|
|
164
|
+
expect(getKeysInterceptor).not.toHaveBeenCalled();
|
|
165
|
+
});
|
|
144
166
|
});
|
package/src/jwt/verifier.ts
CHANGED
|
@@ -16,19 +16,28 @@ export class JwtVerifier {
|
|
|
16
16
|
}
|
|
17
17
|
|
|
18
18
|
async verify<T extends JWTPayload>(token: string, options?: JWTVerifyOptions): Promise<T> {
|
|
19
|
-
let
|
|
19
|
+
let header: ReturnType<typeof decodeProtectedHeader>;
|
|
20
20
|
try {
|
|
21
|
-
|
|
22
|
-
kid = header.kid;
|
|
21
|
+
header = decodeProtectedHeader(token);
|
|
23
22
|
} catch {
|
|
24
23
|
// Preserve legacy error message relied upon by tests
|
|
25
24
|
throw new Error('Invalid token specified');
|
|
26
25
|
}
|
|
27
26
|
|
|
28
|
-
if (isEmpty(kid)) {
|
|
27
|
+
if (isEmpty(header.kid)) {
|
|
29
28
|
throw new UnauthorizedError('Invalid JWT as kid header is missing.');
|
|
30
29
|
}
|
|
31
30
|
|
|
31
|
+
// Fail closed: require an explicit algorithm allowlist and reject a
|
|
32
|
+
// disallowed `alg` before resolving keys, so a forged `alg` header can't
|
|
33
|
+
// select an unintended verification path or trigger a JWKS fetch.
|
|
34
|
+
if (!options?.algorithms || options.algorithms.length === 0) {
|
|
35
|
+
throw new UnauthorizedError('JWT could not be verified as no signing algorithm allowlist was configured.');
|
|
36
|
+
}
|
|
37
|
+
if (!header.alg || !options.algorithms.includes(header.alg)) {
|
|
38
|
+
throw new UnauthorizedError('JWT could not be verified as its algorithm is not allowed.');
|
|
39
|
+
}
|
|
40
|
+
|
|
32
41
|
const jwkSet = await this.resolveJwkSet();
|
|
33
42
|
|
|
34
43
|
try {
|
package/src/types/event/index.ts
CHANGED
|
@@ -47,7 +47,14 @@ export enum ExportViewMode {
|
|
|
47
47
|
EXPORT_LATEST = 'export-latest',
|
|
48
48
|
EXPORT_LIVE = 'export-live',
|
|
49
49
|
EXPORT_COMMIT = 'export-commit',
|
|
50
|
-
EXPORT_DRAFT = 'export-draft'
|
|
50
|
+
EXPORT_DRAFT = 'export-draft',
|
|
51
|
+
// The live-edit working copy: the application_live_edit row's
|
|
52
|
+
// directoryContentsHash. Unlike the commit-based views above, this points at
|
|
53
|
+
// the latest uploaded tree even when no commit was created for it (e.g.
|
|
54
|
+
// Clark's in-progress `ai:generate:interim` autosaves). A cold/recycled
|
|
55
|
+
// dev-server pod uses this to restore the actual working copy instead of an
|
|
56
|
+
// older snapshot. Only the dev-server directory-hash reload path reads it.
|
|
57
|
+
EXPORT_LIVE_EDIT = 'export-live-edit'
|
|
51
58
|
}
|
|
52
59
|
|
|
53
60
|
export const CombinedViewMode = { ...ViewMode, ...ExportViewMode };
|