@toa.io/extensions.exposition 1.0.0-alpha.0 → 1.0.0-alpha.3

package/transpiled/directives/auth/Authorization.d.ts

@@ -0,0 +1,20 @@
+import * as http from '../../HTTP';
+import type { Output } from '../../io';
+import type { Remotes } from '../../Remotes';
+import type { Family } from '../../Directive';
+import type { Parameter } from '../../RTD';
+import type { Directive, Extension, Input } from './types';
+export declare class Authorization implements Family<Directive, Extension> {
+    readonly depends: string[];
+    readonly name: string;
+    readonly mandatory: boolean;
+    private readonly schemes;
+    private readonly discovery;
+    private tokens;
+    private bans;
+    create(name: string, value: any, remotes: Remotes): Directive;
+    preflight(directives: Directive[], input: Input, parameters: Parameter[]): Promise<Output>;
+    settle(directives: Directive[], request: Input, response: http.OutgoingMessage): Promise<void>;
+    private resolve;
+    private banned;
+}

package/transpiled/directives/auth/Authorization.js

@@ -0,0 +1,125 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Authorization = void 0;
+const node_assert_1 = __importDefault(require("node:assert"));
+const matchacho_1 = require("matchacho");
+const http = __importStar(require("../../HTTP"));
+const Anonymous_1 = require("./Anonymous");
+const Id_1 = require("./Id");
+const Role_1 = require("./Role");
+const Rule_1 = require("./Rule");
+const Incept_1 = require("./Incept");
+const Echo_1 = require("./Echo");
+const split_1 = require("./split");
+const Scheme_1 = require("./Scheme");
+const schemes_1 = require("./schemes");
+class Authorization {
+    depends = ['Vary'];
+    name = 'auth';
+    mandatory = true;
+    schemes = {};
+    discovery = {};
+    tokens = null;
+    bans = null;
+    create(name, value, remotes) {
+        node_assert_1.default.ok(name in CLASSES, `Directive '${name}' is not provided by the '${this.name}' family.`);
+        const Class = CLASSES[name];
+        for (const name of REMOTES)
+            this.discovery[name] ??= remotes.discover('identity', name);
+        return (0, matchacho_1.match)(Class, Role_1.Role, () => new Role_1.Role(value, this.discovery.roles), Rule_1.Rule, () => new Rule_1.Rule(value, this.create.bind(this)), Incept_1.Incept, () => new Incept_1.Incept(value, this.discovery), () => new Class(value));
+    }
+    async preflight(directives, input, parameters) {
+        const identity = await this.resolve(input.headers.authorization);
+        input.identity = identity;
+        for (const directive of directives) {
+            const allow = await directive.authorize(identity, input, parameters);
+            if (allow)
+                return directive.reply?.(identity) ?? null;
+        }
+        if (identity === null)
+            throw new http.Unauthorized();
+        else
+            throw new http.Forbidden();
+    }
+    async settle(directives, request, response) {
+        for (const directive of directives)
+            await directive.settle?.(request, response);
+        const identity = request.identity;
+        if (identity === null)
+            return;
+        if (identity.scheme === schemes_1.PRIMARY && !identity.refresh)
+            return;
+        // Role directive may have already set the value
+        if (identity.roles === undefined)
+            await Role_1.Role.set(identity, this.discovery.roles);
+        this.tokens ??= await this.discovery.tokens;
+        const token = await this.tokens.invoke('encrypt', { input: { identity } });
+        const authorization = `Token ${token}`;
+        if (response.headers === undefined)
+            response.headers = new Headers();
+        response.headers.set('authorization', authorization);
+    }
+    async resolve(authorization) {
+        if (authorization === undefined)
+            return null;
+        const [scheme, credentials] = (0, split_1.split)(authorization);
+        const provider = schemes_1.PROVIDERS[scheme];
+        if (!(provider in this.discovery))
+            throw new http.Unauthorized(`Unknown authentication scheme '${scheme}'.`);
+        this.schemes[scheme] ??= await this.discovery[provider];
+        const result = await this.schemes[scheme].invoke('authenticate', {
+            input: credentials
+        });
+        if (result instanceof Error)
+            return null;
+        const identity = result.identity;
+        if (scheme !== schemes_1.PRIMARY && (await this.banned(identity)))
+            throw new http.Unauthorized();
+        identity.scheme = scheme;
+        identity.refresh = result.refresh;
+        return identity;
+    }
+    async banned(identity) {
+        this.bans ??= await this.discovery.bans;
+        const ban = await this.bans.invoke('observe', { query: { id: identity.id } });
+        return ban.banned;
+    }
+}
+exports.Authorization = Authorization;
+const CLASSES = {
+    anonymous: Anonymous_1.Anonymous,
+    id: Id_1.Id,
+    role: Role_1.Role,
+    rule: Rule_1.Rule,
+    incept: Incept_1.Incept,
+    scheme: Scheme_1.Scheme,
+    echo: Echo_1.Echo
+};
+const REMOTES = ['basic', 'federation', 'tokens', 'roles', 'bans'];
+//# sourceMappingURL=Authorization.js.map

package/transpiled/directives/auth/Authorization.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Authorization.js","sourceRoot":"","sources":["../../../source/directives/auth/Authorization.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8DAAgC;AAChC,yCAAiC;AACjC,iDAAkC;AAClC,2CAAuC;AACvC,6BAAyB;AACzB,iCAA6B;AAC7B,iCAA6B;AAC7B,qCAAiC;AACjC,iCAA6B;AAC7B,mCAA+B;AAC/B,qCAAiC;AACjC,uCAA8C;AAkB9C,MAAa,aAAa;IACR,OAAO,GAAa,CAAC,MAAM,CAAC,CAAA;IAC5B,IAAI,GAAW,MAAM,CAAA;IACrB,SAAS,GAAY,IAAI,CAAA;IAExB,OAAO,GAAG,EAAwB,CAAA;IAClC,SAAS,GAAG,EAA0B,CAAA;IAC/C,MAAM,GAAqB,IAAI,CAAA;IAC/B,IAAI,GAAqB,IAAI,CAAA;IAE9B,MAAM,CAAE,IAAY,EAAE,KAAU,EAAE,OAAgB;QACvD,qBAAM,CAAC,EAAE,CAAC,IAAI,IAAI,OAAO,EACvB,cAAc,IAAI,6BAA6B,IAAI,CAAC,IAAI,WAAW,CAAC,CAAA;QAEtE,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;QAE3B,KAAK,MAAM,IAAI,IAAI,OAAO;YACxB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,OAAO,CAAC,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;QAE7D,OAAO,IAAA,iBAAK,EAAC,KAAK,EAChB,WAAI,EAAE,GAAG,EAAE,CAAC,IAAI,WAAI,CAAC,KAA0B,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EACtE,WAAI,EAAE,GAAG,EAAE,CAAC,IAAI,WAAI,CAAC,KAA+B,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAC7E,eAAM,EAAE,GAAG,EAAE,CAAC,IAAI,eAAM,CAAC,KAAe,EAAE,IAAI,CAAC,SAAS,CAAC,EACzD,GAAG,EAAE,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAA;IAC3B,CAAC;IAEM,KAAK,CAAC,SAAS,CAAE,UAAuB,EAC7C,KAAY,EACZ,UAAuB;QACvB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QAEhE,KAAK,CAAC,QAAQ,GAAG,QAAQ,CAAA;QAEzB,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,CAAA;YAEpE,IAAI,KAAK;gBACP,OAAO,SAAS,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAA;QAC9C,CAAC;QAED,IAAI,QAAQ,KAAK,IAAI;YAAE,MAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAA;;YAC/C,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAA;IACjC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAE,UAAuB,EAC1C,OAAc,EACd,QAA8B;QAC9B,KAAK,MAAM,SAAS,IAAI,UAAU;YAAE,MAAM,SAAS,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;QAE/E,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;QAEjC,IAAI,QAAQ,KAAK,IAAI;YAAE,OAAM;QAE7B,IAAI,QAAQ,CAAC,MAAM,KAAK,iBAAO,IAAI,CAAC,QAAQ,CAAC,OAAO;YAAE,OAAM;QAE5D,gDAAgD;QAChD,IAAI,QAAQ,CAAC,KAAK,KAAK,SAAS;YAAE,MAAM,WAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAEhF,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAA;QAE3C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAS,SAAS,EAAE,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAA;QAClF,MAAM,aAAa,GAAG,SAAS,KAAK,EAAE,CAAA;QAEtC,IAAI,QAAQ,CAAC,OAAO,KAAK,SAAS;YAAE,QAAQ,CAAC,OAAO,GAAG,IAAI,OAAO,EAAE,CAAA;QAEpE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,aAAa,CAAC,CAAA;IACtD,CAAC;IAEO,KAAK,CAAC,OAAO,CAAE,aAAiC;QACtD,IAAI,aAAa,KAAK,SAAS;YAAE,OAAO,IAAI,CAAA;QAE5C,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAA,aAAK,EAAC,aAAa,CAAC,CAAA;QAClD,MAAM,QAAQ,GAAG,mBAAS,CAAC,MAAM,CAAC,CAAA;QAElC,IAAI,CAAC,CAAC,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC;YAC/B,MAAM,IAAI,IAAI,CAAC,YAAY,CAAC,kCAAkC,MAAM,IAAI,CAAC,CAAA;QAE3E,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;QAEvD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAuB,cAAc,EAAE;YACrF,KAAK,EAAE,WAAW;SACnB,CAAC,CAAA;QAEF,IAAI,MAAM,YAAY,KAAK;YAAE,OAAO,IAAI,CAAA;QAExC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAA;QAEhC,IAAI,MAAM,KAAK,iBAAO,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAAE,MAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAA;QAEtF,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAA;QACxB,QAAQ,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAA;QAEjC,OAAO,QAAQ,CAAA;IACjB,CAAC;IAEO,KAAK,CAAC,MAAM,CAAE,QAAkB;QACtC,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAA;QAEvC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAM,SAAS,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;QAElF,OAAO,GAAG,CAAC,MAAM,CAAA;IACnB,CAAC;CACF;AAtGD,sCAsGC;AAED,MAAM,OAAO,GAAkE;IAC7E,SAAS,EAAE,qBAAS;IACpB,EAAE,EAAE,OAAE;IACN,IAAI,EAAE,WAAI;IACV,IAAI,EAAE,WAAI;IACV,MAAM,EAAE,eAAM;IACd,MAAM,EAAE,eAAM;IACd,IAAI,EAAE,WAAI;CACX,CAAA;AAED,MAAM,OAAO,GAAa,CAAC,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAA"}

package/transpiled/directives/auth/Echo.d.ts

@@ -0,0 +1,6 @@
+import { type OutgoingMessage } from '../../HTTP';
+import { type Directive, type Identity } from './types';
+export declare class Echo implements Directive {
+    authorize(identity: Identity | null): boolean;
+    reply(identity: Identity | null): OutgoingMessage;
+}

package/transpiled/directives/auth/Echo.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Echo = void 0;
+class Echo {
+    authorize(identity) {
+        return identity !== null;
+    }
+    reply(identity) {
+        return { body: identity };
+    }
+}
+exports.Echo = Echo;
+//# sourceMappingURL=Echo.js.map

package/transpiled/directives/auth/Echo.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Echo.js","sourceRoot":"","sources":["../../../source/directives/auth/Echo.ts"],"names":[],"mappings":";;;AAGA,MAAa,IAAI;IACR,SAAS,CAAE,QAAyB;QACzC,OAAO,QAAQ,KAAK,IAAI,CAAA;IAC1B,CAAC;IAEM,KAAK,CAAE,QAAyB;QACrC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC3B,CAAC;CACF;AARD,oBAQC"}

package/transpiled/directives/auth/Id.d.ts

@@ -0,0 +1,7 @@
+import { type Parameter } from '../../RTD';
+import { type Directive, type Identity } from './types';
+export declare class Id implements Directive {
+    private readonly parameter;
+    constructor(parameter: string);
+    authorize(identity: Identity | null, _: any, parameters: Parameter[]): boolean;
+}

package/transpiled/directives/auth/Id.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Id = void 0;
+class Id {
+    parameter;
+    constructor(parameter) {
+        this.parameter = parameter;
+    }
+    authorize(identity, _, parameters) {
+        if (identity === null)
+            return false;
+        const parameter = parameters.find((parameter) => parameter.name === this.parameter);
+        return parameter?.value === identity.id;
+    }
+}
+exports.Id = Id;
+//# sourceMappingURL=Id.js.map

package/transpiled/directives/auth/Id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Id.js","sourceRoot":"","sources":["../../../source/directives/auth/Id.ts"],"names":[],"mappings":";;;AAGA,MAAa,EAAE;IACI,SAAS,CAAQ;IAElC,YAAoB,SAAiB;QACnC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;IAC5B,CAAC;IAEM,SAAS,CAAE,QAAyB,EAAE,CAAM,EAAE,UAAuB;QAC1E,IAAI,QAAQ,KAAK,IAAI;YACnB,OAAO,KAAK,CAAA;QAEd,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,KAAK,IAAI,CAAC,SAAS,CAAC,CAAA;QAEnF,OAAO,SAAS,EAAE,KAAK,KAAK,QAAQ,CAAC,EAAE,CAAA;IACzC,CAAC;CACF;AAfD,gBAeC"}

package/transpiled/directives/auth/Incept.d.ts

@@ -0,0 +1,10 @@
+import * as http from '../../HTTP';
+import { type Directive, type Discovery, type Identity, type Input } from './types';
+export declare class Incept implements Directive {
+    private readonly property;
+    private readonly discovery;
+    private readonly schemes;
+    constructor(property: string, discovery: Discovery);
+    authorize(identity: Identity | null, input: Input): boolean;
+    settle(request: Input, response: http.OutgoingMessage): Promise<void>;
+}

package/transpiled/directives/auth/Incept.js

@@ -0,0 +1,58 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Incept = void 0;
+const http = __importStar(require("../../HTTP"));
+const split_1 = require("./split");
+const schemes_1 = require("./schemes");
+class Incept {
+    property;
+    discovery;
+    schemes = {};
+    constructor(property, discovery) {
+        this.property = property;
+        this.discovery = discovery;
+    }
+    authorize(identity, input) {
+        return identity === null && 'authorization' in input.headers;
+    }
+    async settle(request, response) {
+        const id = response.body?.[this.property];
+        if (id === undefined)
+            throw new http.Conflict('Identity inception has failed as the response body ' +
+                ` does not contain the '${this.property}' property.`);
+        const [scheme, credentials] = (0, split_1.split)(request.headers.authorization);
+        const provider = schemes_1.PROVIDERS[scheme];
+        this.schemes[scheme] ??= await this.discovery[provider];
+        const identity = await this.schemes[scheme]
+            .invoke('create', { input: { id, credentials } });
+        if (identity instanceof Error)
+            throw new http.Conflict(identity);
+        request.identity = identity;
+        request.identity.scheme = scheme;
+    }
+}
+exports.Incept = Incept;
+//# sourceMappingURL=Incept.js.map

package/transpiled/directives/auth/Incept.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Incept.js","sourceRoot":"","sources":["../../../source/directives/auth/Incept.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AACA,iDAAkC;AAElC,mCAA+B;AAC/B,uCAAqC;AAErC,MAAa,MAAM;IACA,QAAQ,CAAQ;IAChB,SAAS,CAAW;IACpB,OAAO,GAAY,EAAwB,CAAA;IAE5D,YAAoB,QAAgB,EAAE,SAAoB;QACxD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;QACxB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;IAC5B,CAAC;IAEM,SAAS,CAAE,QAAyB,EAAE,KAAY;QACvD,OAAO,QAAQ,KAAK,IAAI,IAAI,eAAe,IAAI,KAAK,CAAC,OAAO,CAAA;IAC9D,CAAC;IAEM,KAAK,CAAC,MAAM,CAAE,OAAc,EAAE,QAA8B;QACjE,MAAM,EAAE,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAEzC,IAAI,EAAE,KAAK,SAAS;YAClB,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,qDAAqD;gBAC3E,0BAA0B,IAAI,CAAC,QAAQ,aAAa,CAAC,CAAA;QAEzD,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,IAAA,aAAK,EAAC,OAAO,CAAC,OAAO,CAAC,aAAc,CAAC,CAAA;QACnE,MAAM,QAAQ,GAAG,mBAAS,CAAC,MAAM,CAAC,CAAA;QAElC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,MAAM,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAA;QAEvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;aACxC,MAAM,CAAkB,QAAQ,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,CAAC,CAAA;QAEpE,IAAI,QAAQ,YAAY,KAAK;YAC3B,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAEnC,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAA;QAC3B,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAA;IAClC,CAAC;CACF;AAnCD,wBAmCC"}

package/transpiled/directives/auth/Role.d.ts

@@ -0,0 +1,11 @@
+import { type Component } from '@toa.io/core';
+import { type Directive, type Identity } from './types';
+export declare class Role implements Directive {
+    static remote: Component | null;
+    private readonly roles;
+    private readonly discovery;
+    constructor(roles: string | string[], discovery: Promise<Component>);
+    static set(identity: Identity, discovery: Promise<Component>): Promise<void>;
+    authorize(identity: Identity | null): Promise<boolean>;
+    private match;
+}

package/transpiled/directives/auth/Role.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Role = void 0;
+class Role {
+    static remote = null;
+    roles;
+    discovery;
+    constructor(roles, discovery) {
+        this.roles = typeof roles === 'string' ? [roles] : roles;
+        this.discovery = discovery;
+    }
+    static async set(identity, discovery) {
+        this.remote ??= await discovery;
+        const query = { criteria: `identity==${identity.id}`, limit: 1024 };
+        const roles = await this.remote.invoke('list', { query });
+        identity.roles = roles;
+    }
+    async authorize(identity) {
+        if (identity === null)
+            return false;
+        await Role.set(identity, this.discovery);
+        if (identity.roles === undefined)
+            return false;
+        return this.match(identity.roles);
+    }
+    match(roles) {
+        for (const role of roles) {
+            const index = this.roles.findIndex((expected) => compare(expected, role));
+            if (index !== -1)
+                return true;
+        }
+        return false;
+    }
+}
+exports.Role = Role;
+function compare(expected, actual) {
+    const exp = expected.split(':');
+    const act = actual.split(':');
+    for (let i = 0; i < act.length; i++)
+        if (exp[i] !== act[i])
+            return false;
+    return true;
+}
+//# sourceMappingURL=Role.js.map

package/transpiled/directives/auth/Role.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Role.js","sourceRoot":"","sources":["../../../source/directives/auth/Role.ts"],"names":[],"mappings":";;;AAGA,MAAa,IAAI;IACR,MAAM,CAAC,MAAM,GAAqB,IAAI,CAAA;IAC5B,KAAK,CAAU;IACf,SAAS,CAAoB;IAE9C,YAAoB,KAAwB,EAAE,SAA6B;QACzE,IAAI,CAAC,KAAK,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;QACxD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAA;IAC5B,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,GAAG,CAAE,QAAkB,EAAE,SAA6B;QACxE,IAAI,CAAC,MAAM,KAAK,MAAM,SAAS,CAAA;QAE/B,MAAM,KAAK,GAAU,EAAE,QAAQ,EAAE,aAAa,QAAQ,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;QAC1E,MAAM,KAAK,GAAa,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAEnE,QAAQ,CAAC,KAAK,GAAG,KAAK,CAAA;IACxB,CAAC;IAEM,KAAK,CAAC,SAAS,CAAE,QAAyB;QAC/C,IAAI,QAAQ,KAAK,IAAI;YACnB,OAAO,KAAK,CAAA;QAEd,MAAM,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;QAExC,IAAI,QAAQ,CAAC,KAAK,KAAK,SAAS;YAC9B,OAAO,KAAK,CAAA;QAEd,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IACnC,CAAC;IAEO,KAAK,CAAE,KAAe;QAC5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAA;YAEzE,IAAI,KAAK,KAAK,CAAC,CAAC;gBACd,OAAO,IAAI,CAAA;QACf,CAAC;QAED,OAAO,KAAK,CAAA;IACd,CAAC;;AAxCH,oBAyCC;AAED,SAAS,OAAO,CAAE,QAAgB,EAAE,MAAc;IAChD,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC/B,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QACjC,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YACnB,OAAO,KAAK,CAAA;IAEhB,OAAO,IAAI,CAAA;AACb,CAAC"}

package/transpiled/directives/auth/Rule.d.ts

@@ -0,0 +1,9 @@
+import { type Parameter } from '../../RTD';
+import type { Input, Directive, Identity } from './types';
+export declare class Rule implements Directive {
+    private readonly directives;
+    constructor(directives: Record<string, any>, create: Create);
+    authorize(identity: Identity | null, input: Input, parameters: Parameter[]): Promise<boolean>;
+}
+type Create = (name: string, value: any, ...args: any[]) => Directive;
+export {};

package/transpiled/directives/auth/Rule.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Rule = void 0;
+class Rule {
+    directives = [];
+    constructor(directives, create) {
+        for (const [name, value] of Object.entries(directives)) {
+            const directive = create(name, value);
+            this.directives.push(directive);
+        }
+    }
+    async authorize(identity, input, parameters) {
+        for (const directive of this.directives) {
+            const authorized = await directive.authorize(identity, input, parameters);
+            if (!authorized)
+                return false;
+        }
+        return true;
+    }
+}
+exports.Rule = Rule;
+//# sourceMappingURL=Rule.js.map

package/transpiled/directives/auth/Rule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Rule.js","sourceRoot":"","sources":["../../../source/directives/auth/Rule.ts"],"names":[],"mappings":";;;AAGA,MAAa,IAAI;IACE,UAAU,GAAgB,EAAE,CAAA;IAE7C,YAAoB,UAA+B,EAAE,MAAc;QACjE,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YACvD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YAErC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACjC,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,SAAS,CACrB,QAAyB,EAAE,KAAY,EAAE,UAAuB;QAC/D,KAAK,MAAM,SAAS,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACxC,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,CAAA;YAEzE,IAAI,CAAC,UAAU;gBACb,OAAO,KAAK,CAAA;QAChB,CAAC;QAED,OAAO,IAAI,CAAA;IACb,CAAC;CACF;AAtBD,oBAsBC"}

package/transpiled/directives/auth/Scheme.d.ts

@@ -0,0 +1,7 @@
+import { type Directive, type Identity, type Input } from './types';
+export declare class Scheme implements Directive {
+    private readonly scheme;
+    private readonly Scheme;
+    constructor(scheme: string);
+    authorize(_: Identity | null, input: Input): boolean;
+}

package/transpiled/directives/auth/Scheme.js

@@ -0,0 +1,47 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Scheme = void 0;
+const http = __importStar(require("../../HTTP"));
+const split_1 = require("./split");
+class Scheme {
+    scheme;
+    Scheme;
+    constructor(scheme) {
+        this.scheme = scheme.toLowerCase();
+        this.Scheme = scheme[0].toUpperCase() + scheme.substring(1);
+    }
+    authorize(_, input) {
+        if (input.headers.authorization === undefined)
+            return false;
+        const [scheme] = (0, split_1.split)(input.headers.authorization);
+        if (scheme !== this.scheme)
+            throw new http.Forbidden(this.Scheme +
+                ' authentication scheme is required to access this resource.');
+        return false;
+    }
+}
+exports.Scheme = Scheme;
+//# sourceMappingURL=Scheme.js.map

package/transpiled/directives/auth/Scheme.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Scheme.js","sourceRoot":"","sources":["../../../source/directives/auth/Scheme.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAkC;AAElC,mCAA+B;AAE/B,MAAa,MAAM;IACA,MAAM,CAAQ;IACd,MAAM,CAAQ;IAE/B,YAAoB,MAAc;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,WAAW,EAAE,CAAA;QAClC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;IAC7D,CAAC;IAEM,SAAS,CAAE,CAAkB,EAAE,KAAY;QAChD,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,KAAK,SAAS;YAC3C,OAAO,KAAK,CAAA;QAEd,MAAM,CAAC,MAAM,CAAC,GAAG,IAAA,aAAK,EAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAA;QAEnD,IAAI,MAAM,KAAK,IAAI,CAAC,MAAM;YACxB,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM;gBAClC,6DAA6D,CAAC,CAAA;QAElE,OAAO,KAAK,CAAA;IACd,CAAC;CACF;AArBD,wBAqBC"}

package/transpiled/directives/auth/index.d.ts

@@ -0,0 +1,2 @@
+import { Authorization } from './Authorization';
+export declare const authorization: Authorization;

package/transpiled/directives/auth/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorization = void 0;
+const Authorization_1 = require("./Authorization");
+exports.authorization = new Authorization_1.Authorization();
+//# sourceMappingURL=index.js.map

package/transpiled/directives/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../source/directives/auth/index.ts"],"names":[],"mappings":";;;AAAA,mDAA+C;AAElC,QAAA,aAAa,GAAG,IAAI,6BAAa,EAAE,CAAA"}

package/transpiled/directives/auth/schemes.d.ts

@@ -0,0 +1,3 @@
+import { type Remote, type Scheme } from './types';
+export declare const PROVIDERS: Record<Scheme, Remote>;
+export declare const PRIMARY: Scheme;

package/transpiled/directives/auth/schemes.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PRIMARY = exports.PROVIDERS = void 0;
+exports.PROVIDERS = {
+    basic: 'basic',
+    token: 'tokens',
+    bearer: 'federation'
+};
+exports.PRIMARY = 'token';
+//# sourceMappingURL=schemes.js.map

package/transpiled/directives/auth/schemes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemes.js","sourceRoot":"","sources":["../../../source/directives/auth/schemes.ts"],"names":[],"mappings":";;;AAEa,QAAA,SAAS,GAA2B;IAC/C,KAAK,EAAE,OAAO;IACd,KAAK,EAAE,QAAQ;IACf,MAAM,EAAE,YAAY;CACrB,CAAA;AAEY,QAAA,OAAO,GAAW,OAAO,CAAA"}

package/transpiled/directives/auth/split.d.ts

@@ -0,0 +1,2 @@
+import { type Scheme } from './types';
+export declare function split(authorization: string): [Scheme, string];

package/transpiled/directives/auth/split.js

@@ -0,0 +1,38 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.split = void 0;
+const http = __importStar(require("../../HTTP"));
+function split(authorization) {
+    const space = authorization.indexOf(' ');
+    if (space === -1)
+        throw new http.Unauthorized('Malformed authorization header.');
+    const Scheme = authorization.slice(0, space);
+    const scheme = Scheme.toLowerCase();
+    const value = authorization.slice(space + 1);
+    return [scheme, value];
+}
+exports.split = split;
+//# sourceMappingURL=split.js.map

package/transpiled/directives/auth/split.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"split.js","sourceRoot":"","sources":["../../../source/directives/auth/split.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAkC;AAGlC,SAAgB,KAAK,CAAE,aAAqB;IAC1C,MAAM,KAAK,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAExC,IAAI,KAAK,KAAK,CAAC,CAAC;QACd,MAAM,IAAI,IAAI,CAAC,YAAY,CAAC,iCAAiC,CAAC,CAAA;IAEhE,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,EAAY,CAAA;IAC7C,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAA;IAE5C,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;AACxB,CAAC;AAXD,sBAWC"}

package/transpiled/directives/auth/types.d.ts

@@ -0,0 +1,31 @@
+import { type Component } from '@toa.io/core';
+import { type Maybe } from '@toa.io/types';
+import { type Parameter } from '../../RTD';
+import type * as http from '../../HTTP';
+import type * as io from '../../io';
+export interface Directive {
+    authorize: (identity: Identity | null, input: Input, parameters: Parameter[]) => boolean | Promise<boolean>;
+    reply?: (identity: Identity | null) => http.OutgoingMessage;
+    settle?: (request: Input, response: http.OutgoingMessage) => Promise<void>;
+}
+export interface Identity {
+    readonly id: string;
+    scheme: string;
+    roles?: string[];
+    refresh: boolean;
+}
+export interface Extension {
+    identity: Identity | null;
+}
+export interface Ban {
+    banned: boolean;
+}
+export type Input = io.Input & Extension;
+export type AuthenticationResult = Maybe<{
+    identity: Identity;
+    refresh: boolean;
+}>;
+export type Scheme = 'basic' | 'token' | 'bearer';
+export type Remote = 'basic' | 'federation' | 'tokens' | 'roles' | 'bans';
+export type Discovery = Record<Remote, Promise<Component>>;
+export type Schemes = Record<Scheme, Component>;

package/transpiled/directives/auth/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/transpiled/directives/auth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../source/directives/auth/types.ts"],"names":[],"mappings":""}

package/transpiled/directives/cache/Cache.d.ts

@@ -0,0 +1,11 @@
+import type { Input, Output } from '../../io';
+import type { Directive } from './types';
+import type { Family } from '../../Directive';
+import type * as http from '../../HTTP';
+export declare class Cache implements Family<Directive> {
+    readonly name: string;
+    readonly mandatory: boolean;
+    create(name: string, value: any): Directive;
+    preflight(): Output;
+    settle(directives: Directive[], request: Input, response: http.OutgoingMessage): Promise<void>;
+}

package/transpiled/directives/cache/Cache.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Cache = void 0;
+const Control_1 = require("./Control");
+const Exact_1 = require("./Exact");
+class Cache {
+    name = 'cache';
+    mandatory = false;
+    create(name, value) {
+        const Class = constructors[name];
+        if (Class === undefined)
+            throw new Error(`Directive '${name}' is not provided by the '${this.name}' family.`);
+        return new Class(value);
+    }
+    preflight() {
+        return null;
+    }
+    async settle(directives, request, response) {
+        response.headers ??= new Headers();
+        directives[0]?.set(request, response.headers);
+    }
+}
+exports.Cache = Cache;
+const constructors = {
+    control: Control_1.Control,
+    exact: Exact_1.Exact
+};
+//# sourceMappingURL=Cache.js.map

package/transpiled/directives/cache/Cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Cache.js","sourceRoot":"","sources":["../../../source/directives/cache/Cache.ts"],"names":[],"mappings":";;;AAAA,uCAAmC;AACnC,mCAA+B;AAM/B,MAAa,KAAK;IACA,IAAI,GAAW,OAAO,CAAA;IACtB,SAAS,GAAY,KAAK,CAAA;IAEnC,MAAM,CAAE,IAAY,EAAE,KAAU;QACrC,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,CAAA;QAEhC,IAAI,KAAK,KAAK,SAAS;YACrB,MAAM,IAAI,KAAK,CAAC,cAAc,IAAI,6BAA6B,IAAI,CAAC,IAAI,WAAW,CAAC,CAAA;QAEtF,OAAO,IAAI,KAAK,CAAC,KAAK,CAAC,CAAA;IACzB,CAAC;IAEM,SAAS;QACd,OAAO,IAAI,CAAA;IACb,CAAC;IAEM,KAAK,CAAC,MAAM,CAClB,UAAuB,EAAE,OAAc,EAAE,QAA8B;QACtE,QAAQ,CAAC,OAAO,KAAK,IAAI,OAAO,EAAE,CAAA;QAClC,UAAU,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAA;IAC/C,CAAC;CACF;AAtBD,sBAsBC;AAED,MAAM,YAAY,GAAkD;IAClE,OAAO,EAAE,iBAAO;IAChB,KAAK,EAAE,aAAK;CACb,CAAA"}

package/transpiled/directives/cache/Control.d.ts

@@ -0,0 +1,9 @@
+import type { AuthenticatedRequest, Directive } from './types';
+export declare class Control implements Directive {
+    protected readonly value: string;
+    private cache;
+    constructor(value: string);
+    set(request: AuthenticatedRequest, headers: Headers): void;
+    protected resolve(request: AuthenticatedRequest): string;
+    private mask;
+}