@undefineds.co/xpod 0.2.41 → 0.2.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (215) hide show
  1. package/config/xpod.base.json +22 -0
  2. package/dist/api/handlers/WebIdProfileHandler.js +9 -1
  3. package/dist/api/handlers/WebIdProfileHandler.js.map +1 -1
  4. package/dist/components/components.jsonld +1 -0
  5. package/dist/components/context.jsonld +30 -0
  6. package/dist/identity/ValidatingIdentityProviderHttpHandler.d.ts +45 -0
  7. package/dist/identity/ValidatingIdentityProviderHttpHandler.js +129 -0
  8. package/dist/identity/ValidatingIdentityProviderHttpHandler.js.map +1 -0
  9. package/dist/identity/ValidatingIdentityProviderHttpHandler.jsonld +124 -0
  10. package/dist/index.d.ts +2 -1
  11. package/dist/index.js +4 -2
  12. package/dist/index.js.map +1 -1
  13. package/node_modules/@undefineds.co/drizzle-solid/dist/core/ast-to-sparql.d.ts +2 -0
  14. package/node_modules/@undefineds.co/drizzle-solid/dist/core/ast-to-sparql.d.ts.map +1 -1
  15. package/node_modules/@undefineds.co/drizzle-solid/dist/core/ast-to-sparql.js.map +1 -1
  16. package/node_modules/@undefineds.co/drizzle-solid/dist/core/comunica-patch.d.ts.map +1 -1
  17. package/node_modules/@undefineds.co/drizzle-solid/dist/core/comunica-patch.js +20 -6
  18. package/node_modules/@undefineds.co/drizzle-solid/dist/core/comunica-patch.js.map +1 -1
  19. package/node_modules/@undefineds.co/drizzle-solid/dist/core/discovery/typeindex-discovery.d.ts +2 -0
  20. package/node_modules/@undefineds.co/drizzle-solid/dist/core/discovery/typeindex-discovery.d.ts.map +1 -1
  21. package/node_modules/@undefineds.co/drizzle-solid/dist/core/discovery/typeindex-discovery.js +13 -3
  22. package/node_modules/@undefineds.co/drizzle-solid/dist/core/discovery/typeindex-discovery.js.map +1 -1
  23. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/ldp-executor.d.ts +5 -1
  24. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/ldp-executor.d.ts.map +1 -1
  25. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/ldp-executor.js +88 -48
  26. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/ldp-executor.js.map +1 -1
  27. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/ldp-strategy.d.ts.map +1 -1
  28. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/ldp-strategy.js +5 -1
  29. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/ldp-strategy.js.map +1 -1
  30. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/pod-executor.d.ts +7 -0
  31. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/pod-executor.d.ts.map +1 -1
  32. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/pod-executor.js +44 -14
  33. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/pod-executor.js.map +1 -1
  34. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/sparql-strategy.d.ts +1 -0
  35. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/sparql-strategy.d.ts.map +1 -1
  36. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/sparql-strategy.js +3 -0
  37. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/sparql-strategy.js.map +1 -1
  38. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/strategy-factory.d.ts +1 -0
  39. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/strategy-factory.d.ts.map +1 -1
  40. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/strategy-factory.js +4 -0
  41. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/strategy-factory.js.map +1 -1
  42. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/types.d.ts +3 -0
  43. package/node_modules/@undefineds.co/drizzle-solid/dist/core/execution/types.d.ts.map +1 -1
  44. package/node_modules/@undefineds.co/drizzle-solid/dist/core/pod-database.d.ts +44 -22
  45. package/node_modules/@undefineds.co/drizzle-solid/dist/core/pod-database.d.ts.map +1 -1
  46. package/node_modules/@undefineds.co/drizzle-solid/dist/core/pod-database.js +238 -44
  47. package/node_modules/@undefineds.co/drizzle-solid/dist/core/pod-database.js.map +1 -1
  48. package/node_modules/@undefineds.co/drizzle-solid/dist/core/pod-dialect.d.ts +7 -3
  49. package/node_modules/@undefineds.co/drizzle-solid/dist/core/pod-dialect.d.ts.map +1 -1
  50. package/node_modules/@undefineds.co/drizzle-solid/dist/core/pod-dialect.js +33 -4
  51. package/node_modules/@undefineds.co/drizzle-solid/dist/core/pod-dialect.js.map +1 -1
  52. package/node_modules/@undefineds.co/drizzle-solid/dist/core/pod-session.d.ts +2 -2
  53. package/node_modules/@undefineds.co/drizzle-solid/dist/core/pod-session.d.ts.map +1 -1
  54. package/node_modules/@undefineds.co/drizzle-solid/dist/core/query-builders/helpers.d.ts +1 -1
  55. package/node_modules/@undefineds.co/drizzle-solid/dist/core/query-builders/helpers.d.ts.map +1 -1
  56. package/node_modules/@undefineds.co/drizzle-solid/dist/core/query-builders/helpers.js +6 -0
  57. package/node_modules/@undefineds.co/drizzle-solid/dist/core/query-builders/helpers.js.map +1 -1
  58. package/node_modules/@undefineds.co/drizzle-solid/dist/core/repository.d.ts +76 -0
  59. package/node_modules/@undefineds.co/drizzle-solid/dist/core/repository.d.ts.map +1 -0
  60. package/node_modules/@undefineds.co/drizzle-solid/dist/core/repository.js +132 -0
  61. package/node_modules/@undefineds.co/drizzle-solid/dist/core/repository.js.map +1 -0
  62. package/node_modules/@undefineds.co/drizzle-solid/dist/core/resource-reference.d.ts +13 -0
  63. package/node_modules/@undefineds.co/drizzle-solid/dist/core/resource-reference.d.ts.map +1 -0
  64. package/node_modules/@undefineds.co/drizzle-solid/dist/core/resource-reference.js +99 -0
  65. package/node_modules/@undefineds.co/drizzle-solid/dist/core/resource-reference.js.map +1 -0
  66. package/node_modules/@undefineds.co/drizzle-solid/dist/core/resource-resolver/base-resolver.d.ts +15 -4
  67. package/node_modules/@undefineds.co/drizzle-solid/dist/core/resource-resolver/base-resolver.d.ts.map +1 -1
  68. package/node_modules/@undefineds.co/drizzle-solid/dist/core/resource-resolver/base-resolver.js +65 -24
  69. package/node_modules/@undefineds.co/drizzle-solid/dist/core/resource-resolver/base-resolver.js.map +1 -1
  70. package/node_modules/@undefineds.co/drizzle-solid/dist/core/runtime/pod-runtime.d.ts +1 -0
  71. package/node_modules/@undefineds.co/drizzle-solid/dist/core/runtime/pod-runtime.d.ts.map +1 -1
  72. package/node_modules/@undefineds.co/drizzle-solid/dist/core/runtime/pod-runtime.js +7 -3
  73. package/node_modules/@undefineds.co/drizzle-solid/dist/core/runtime/pod-runtime.js.map +1 -1
  74. package/node_modules/@undefineds.co/drizzle-solid/dist/core/select-plan.d.ts +1 -1
  75. package/node_modules/@undefineds.co/drizzle-solid/dist/core/select-plan.d.ts.map +1 -1
  76. package/node_modules/@undefineds.co/drizzle-solid/dist/core/sparql/builder/expression-builder.d.ts +3 -0
  77. package/node_modules/@undefineds.co/drizzle-solid/dist/core/sparql/builder/expression-builder.d.ts.map +1 -1
  78. package/node_modules/@undefineds.co/drizzle-solid/dist/core/sparql/builder/expression-builder.js +57 -4
  79. package/node_modules/@undefineds.co/drizzle-solid/dist/core/sparql/builder/expression-builder.js.map +1 -1
  80. package/node_modules/@undefineds.co/drizzle-solid/dist/core/sparql/builder/update-builder.d.ts.map +1 -1
  81. package/node_modules/@undefineds.co/drizzle-solid/dist/core/sparql/builder/update-builder.js +60 -45
  82. package/node_modules/@undefineds.co/drizzle-solid/dist/core/sparql/builder/update-builder.js.map +1 -1
  83. package/node_modules/@undefineds.co/drizzle-solid/dist/core/sparql-engine.d.ts.map +1 -1
  84. package/node_modules/@undefineds.co/drizzle-solid/dist/core/sparql-engine.js +5 -1
  85. package/node_modules/@undefineds.co/drizzle-solid/dist/core/sparql-engine.js.map +1 -1
  86. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/builder.d.ts.map +1 -1
  87. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/builder.js +4 -2
  88. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/builder.js.map +1 -1
  89. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/handlers/inverse.d.ts.map +1 -1
  90. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/handlers/inverse.js +2 -0
  91. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/handlers/inverse.js.map +1 -1
  92. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/handlers/uri.d.ts.map +1 -1
  93. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/handlers/uri.js +2 -0
  94. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/handlers/uri.js.map +1 -1
  95. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/types.d.ts +4 -0
  96. package/node_modules/@undefineds.co/drizzle-solid/dist/core/triple/types.d.ts.map +1 -1
  97. package/node_modules/@undefineds.co/drizzle-solid/dist/core/uri/resolver.d.ts +8 -1
  98. package/node_modules/@undefineds.co/drizzle-solid/dist/core/uri/resolver.d.ts.map +1 -1
  99. package/node_modules/@undefineds.co/drizzle-solid/dist/core/uri/resolver.js +133 -46
  100. package/node_modules/@undefineds.co/drizzle-solid/dist/core/uri/resolver.js.map +1 -1
  101. package/node_modules/@undefineds.co/drizzle-solid/dist/core/uri/types.d.ts +4 -0
  102. package/node_modules/@undefineds.co/drizzle-solid/dist/core/uri/types.d.ts.map +1 -1
  103. package/node_modules/@undefineds.co/drizzle-solid/dist/core/zod-integration.d.ts +2 -2
  104. package/node_modules/@undefineds.co/drizzle-solid/dist/core/zod-integration.d.ts.map +1 -1
  105. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/ast-to-sparql.d.ts +2 -0
  106. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/ast-to-sparql.d.ts.map +1 -1
  107. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/ast-to-sparql.js.map +1 -1
  108. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/comunica-patch.d.ts.map +1 -1
  109. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/comunica-patch.js +20 -6
  110. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/comunica-patch.js.map +1 -1
  111. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/discovery/typeindex-discovery.d.ts +2 -0
  112. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/discovery/typeindex-discovery.d.ts.map +1 -1
  113. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/discovery/typeindex-discovery.js +13 -3
  114. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/discovery/typeindex-discovery.js.map +1 -1
  115. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/ldp-executor.d.ts +5 -1
  116. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/ldp-executor.d.ts.map +1 -1
  117. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/ldp-executor.js +88 -48
  118. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/ldp-executor.js.map +1 -1
  119. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/ldp-strategy.d.ts.map +1 -1
  120. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/ldp-strategy.js +5 -1
  121. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/ldp-strategy.js.map +1 -1
  122. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/pod-executor.d.ts +7 -0
  123. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/pod-executor.d.ts.map +1 -1
  124. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/pod-executor.js +44 -14
  125. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/pod-executor.js.map +1 -1
  126. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/sparql-strategy.d.ts +1 -0
  127. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/sparql-strategy.d.ts.map +1 -1
  128. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/sparql-strategy.js +3 -0
  129. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/sparql-strategy.js.map +1 -1
  130. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/strategy-factory.d.ts +1 -0
  131. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/strategy-factory.d.ts.map +1 -1
  132. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/strategy-factory.js +4 -0
  133. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/strategy-factory.js.map +1 -1
  134. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/types.d.ts +3 -0
  135. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/execution/types.d.ts.map +1 -1
  136. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/pod-database.d.ts +44 -22
  137. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/pod-database.d.ts.map +1 -1
  138. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/pod-database.js +238 -44
  139. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/pod-database.js.map +1 -1
  140. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/pod-dialect.d.ts +7 -3
  141. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/pod-dialect.d.ts.map +1 -1
  142. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/pod-dialect.js +33 -4
  143. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/pod-dialect.js.map +1 -1
  144. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/pod-session.d.ts +2 -2
  145. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/pod-session.d.ts.map +1 -1
  146. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/query-builders/helpers.d.ts +1 -1
  147. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/query-builders/helpers.d.ts.map +1 -1
  148. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/query-builders/helpers.js +6 -0
  149. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/query-builders/helpers.js.map +1 -1
  150. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/repository.d.ts +76 -0
  151. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/repository.d.ts.map +1 -0
  152. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/repository.js +127 -0
  153. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/repository.js.map +1 -0
  154. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/resource-reference.d.ts +13 -0
  155. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/resource-reference.d.ts.map +1 -0
  156. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/resource-reference.js +95 -0
  157. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/resource-reference.js.map +1 -0
  158. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/resource-resolver/base-resolver.d.ts +15 -4
  159. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/resource-resolver/base-resolver.d.ts.map +1 -1
  160. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/resource-resolver/base-resolver.js +65 -24
  161. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/resource-resolver/base-resolver.js.map +1 -1
  162. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/runtime/pod-runtime.d.ts +1 -0
  163. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/runtime/pod-runtime.d.ts.map +1 -1
  164. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/runtime/pod-runtime.js +7 -3
  165. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/runtime/pod-runtime.js.map +1 -1
  166. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/select-plan.d.ts +1 -1
  167. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/select-plan.d.ts.map +1 -1
  168. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/sparql/builder/expression-builder.d.ts +3 -0
  169. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/sparql/builder/expression-builder.d.ts.map +1 -1
  170. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/sparql/builder/expression-builder.js +57 -4
  171. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/sparql/builder/expression-builder.js.map +1 -1
  172. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/sparql/builder/update-builder.d.ts.map +1 -1
  173. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/sparql/builder/update-builder.js +60 -45
  174. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/sparql/builder/update-builder.js.map +1 -1
  175. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/sparql-engine.d.ts.map +1 -1
  176. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/sparql-engine.js +5 -1
  177. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/sparql-engine.js.map +1 -1
  178. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/builder.d.ts.map +1 -1
  179. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/builder.js +4 -2
  180. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/builder.js.map +1 -1
  181. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/handlers/inverse.d.ts.map +1 -1
  182. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/handlers/inverse.js +2 -0
  183. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/handlers/inverse.js.map +1 -1
  184. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/handlers/uri.d.ts.map +1 -1
  185. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/handlers/uri.js +2 -0
  186. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/handlers/uri.js.map +1 -1
  187. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/types.d.ts +4 -0
  188. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/triple/types.d.ts.map +1 -1
  189. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/uri/resolver.d.ts +8 -1
  190. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/uri/resolver.d.ts.map +1 -1
  191. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/uri/resolver.js +133 -46
  192. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/uri/resolver.js.map +1 -1
  193. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/uri/types.d.ts +4 -0
  194. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/uri/types.d.ts.map +1 -1
  195. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/zod-integration.d.ts +2 -2
  196. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/core/zod-integration.d.ts.map +1 -1
  197. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/index.d.ts +3 -0
  198. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/index.d.ts.map +1 -1
  199. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/index.js +3 -0
  200. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/index.js.map +1 -1
  201. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/pod.d.ts +13 -5
  202. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/pod.d.ts.map +1 -1
  203. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/utils/find-by-iri.d.ts +2 -2
  204. package/node_modules/@undefineds.co/drizzle-solid/dist/esm/utils/find-by-iri.d.ts.map +1 -1
  205. package/node_modules/@undefineds.co/drizzle-solid/dist/index.d.ts +3 -0
  206. package/node_modules/@undefineds.co/drizzle-solid/dist/index.d.ts.map +1 -1
  207. package/node_modules/@undefineds.co/drizzle-solid/dist/index.js +12 -3
  208. package/node_modules/@undefineds.co/drizzle-solid/dist/index.js.map +1 -1
  209. package/node_modules/@undefineds.co/drizzle-solid/dist/pod.d.ts +13 -5
  210. package/node_modules/@undefineds.co/drizzle-solid/dist/pod.d.ts.map +1 -1
  211. package/node_modules/@undefineds.co/drizzle-solid/dist/utils/find-by-iri.d.ts +2 -2
  212. package/node_modules/@undefineds.co/drizzle-solid/dist/utils/find-by-iri.d.ts.map +1 -1
  213. package/node_modules/@undefineds.co/drizzle-solid/package.json +1 -1
  214. package/package.json +2 -2
  215. package/static/app/assets/main.js +22 -22
package/config/xpod.base.json CHANGED
@@ -114,6 +114,28 @@
114
114
  "htmlFile": "./static/app/auth.html"
115
115
  }
116
116
  },
117
+ {
118
+ "comment": "Validate CSS account cookies against account storage to avoid stale browser sessions after data resets.",
119
+ "@type": "Override",
120
+ "overrideInstance": {
121
+ "@id": "urn:solid-server:default:IdentityProviderHttpHandler"
122
+ },
123
+ "overrideParameters": {
124
+ "@type": "ValidatingIdentityProviderHttpHandler",
125
+ "providerFactory": {
126
+ "@id": "urn:solid-server:default:IdentityProviderFactory"
127
+ },
128
+ "cookieStore": {
129
+ "@id": "urn:solid-server:default:CookieStore"
130
+ },
131
+ "handler": {
132
+ "@id": "urn:solid-server:default:InteractionHandler"
133
+ },
134
+ "accountStorage": {
135
+ "@id": "urn:solid-server:default:AccountStorage"
136
+ }
137
+ }
138
+ },
117
139
  {
118
140
  "comment": "Override main HTML template to remove CSS default header/footer wrapper.",
119
141
  "@type": "Override",
package/dist/api/handlers/WebIdProfileHandler.js CHANGED
@@ -357,7 +357,7 @@ async function probeHostedStorageRoot(storageUrl, username) {
357
357
  method: 'HEAD',
358
358
  signal: controller.signal,
359
359
  });
360
- if ((response.status >= 200 && response.status < 400) || response.status === 401 || response.status === 403) {
360
+ if (isHostedStorageRootResponse(response)) {
361
361
  logger.info(`Resolved hosted WebID profile for ${username} from existing storage root: ${storageUrl}`);
362
362
  return true;
363
363
  }
@@ -371,6 +371,14 @@ async function probeHostedStorageRoot(storageUrl, username) {
371
371
  clearTimeout(timer);
372
372
  }
373
373
  }
374
+ function isHostedStorageRootResponse(response) {
375
+ if (response.status < 200 || response.status >= 400) {
376
+ return false;
377
+ }
378
+ const link = response.headers.get('link') ?? '';
379
+ return /<http:\/\/www\.w3\.org\/ns\/pim\/space#Storage>;\s*rel="?type"?/iu.test(link) ||
380
+ /<http:\/\/www\.w3\.org\/ns\/ldp#(?:Basic)?Container>;\s*rel="?type"?/iu.test(link);
381
+ }
374
382
  function ensureTrailingSlash(url) {
375
383
  return url.replace(/\/+$/, '') + '/';
376
384
  }
package/dist/api/handlers/WebIdProfileHandler.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"WebIdProfileHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/WebIdProfileHandler.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAyBH,gEAgMC;AAtND,iEAAqD;AAKrD,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,qBAAqB,CAAC,CAAC;AAiBnD,SAAgB,0BAA0B,CACxC,MAAiB,EACjB,OAAmC;IAEnC,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAEhC;;;;;OAKG;IACH,MAAM,CAAC,GAAG,CAAC,yBAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACxE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAExE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YAED,eAAe;YACf,MAAM,MAAM,GAAG,WAAW,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAE1D,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;YAC1B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;YAClD,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,OAAO,CAAC,QAAQ,sBAAsB,CAAC,CAAC;YACvE,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YAChE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB;;;;;;;;;;OAUG;IACH,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACpF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,IAAiE,CAAC;YAElF,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;gBACzB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,YAAY;YACZ,IAAI,CAAC;gBACH,IAAI,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,2BAA2B,CAAC,CAAC;gBACtD,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,QAAQ,EAAE;gBACxD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAuD;aAC7E,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,uBAAuB,QAAQ,KAAK,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YAEtE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,QAAQ;gBACR,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;aAC3C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YACnE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,4BAA4B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QAC3E,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAExE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAA4B;gBACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;YACF,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;YACnD,CAAC;YACD,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;YACnD,CAAC;YACD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YAChE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;QACnE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,IAKH,CAAC;YAEd,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;gBACvB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,sBAAsB,CAAC,CAAC;gBACjD,OAAO;YACT,CAAC;YAED,UAAU;YACV,IAAI,CAAC,mCAAmC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,yBAAyB,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YAED,UAAU;YACV,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACzD,IAAI,QAAQ,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;gBACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,WAAW,EAAE,OAAO,CAAC,WAAuD;gBAC5E,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,uBAAuB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEvD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;aAC3C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;YACnD,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;AACjD,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,QAAgB,EAChB,OAAmC,EACnC,OAAyB;IAEzB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,iCAAiC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC3E,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,kCAAkC,QAAQ,gCAAgC,KAAK,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,sBAAsB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC5D,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,QAAgB,EAChB,OAAmC,EACnC,OAAyB;IAEzB,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IAClC,MAAM,eAAe,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAE1D,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC,aAAa,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC9E,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,uBAAuB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QACrE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,cAAc,CAAC,QAAQ,EAAE,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,GAAG,kBAAkB,CAAC,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjG,IAAI,MAAM,sBAAsB,CAAC,gBAAgB,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC7D,OAAO;YACL,QAAQ;YACR,QAAQ,EAAE,mBAAmB,CAAC,QAAQ,EAAE,eAAe,CAAC;YACxD,UAAU,EAAE,gBAAgB;YAC5B,WAAW,EAAE,OAAO;YACpB,UAAU,EAAE,YAAY,CAAC,eAAe,CAAC;SAC1C,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,iCAAiC,CAC9C,QAAgB,EAChB,OAAmC;IAEnC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IAC/C,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,aAAa,EAAE,CAAC;QAC/D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,IAAuB,CAAC;IAC5B,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,aAAa,CAAC,eAAe,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,gCAAgC,QAAQ,uCAAuC,OAAO,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC,CAAC;QAC1H,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,MAAM,UAAU,GAAG,8BAA8B,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAClE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,gCAAgC,QAAQ,0CAA0C,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QACnH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,QAAQ,EAAE;YACxD,UAAU;YACV,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;QACH,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,0BAA0B,QAAQ,KAAK,UAAU,EAAE,CAAC,CAAC;YACjE,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,kCAAkC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,8BAA8B,CACrC,QAAgB,EAChB,IAAuB;IAEvB,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;IACnF,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,mBAAmB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,OAAe;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1D,OAAO,IAAI,IAAI,IAAI,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,aAAkC,EAClC,QAAgB,EAChB,QAAgB;IAEhB,IAAI,CAAC;QACH,IAAI,OAAO,aAAa,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YACpD,OAAO,MAAM,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,sCAAsC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,aAAkC,EAClC,QAAgB;IAEhB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;IACrE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,oCAAoC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;QACtE,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CACrB,QAAgB,EAChB,QAAgB,EAChB,GAAoB;IAEpB,MAAM,UAAU,GAAG,mBAAmB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACpD,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,UAAU;QACV,WAAW,EAAE,OAAO;QACpB,UAAU,EAAE,YAAY,CAAC,QAAQ,CAAC;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB,EAAE,eAAe,GAAG,wBAAwB,EAAE;IACzF,OAAO,IAAI,GAAG,CAAC,GAAG,kBAAkB,CAAC,QAAQ,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC,QAAQ,EAAE,CAAC;AAChG,CAAC;AAED,SAAS,oBAAoB,CAAC,UAAkB;IAC9C,OAAO,IAAI,GAAG,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAyB;IACzD,OAAO,mBAAmB,CACxB,aAAa,CAAC,OAAO,CAAC;QACtB,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QACzC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QACrC,wBAAwB,CACzB,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAyB;IAChD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5F,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,OAAoC;IACzD,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,IAAI,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACnG,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,IAAI,OAAO,CAAC;IAC3E,OAAO,eAAe,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,WAAW,CAAC,KAAoC;IACvD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,UAAkB,EAAE,QAAgB;IACxE,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5G,MAAM,CAAC,IAAI,CAAC,qCAAqC,QAAQ,gCAAgC,UAAU,EAAE,CAAC,CAAC;YACvG,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,6CAA6C,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;QAC/E,OAAO,KAAK,CAAC;IACf,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC;AACvC,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,IAAI,CAAC;QACH,OAAO,mBAAmB,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,SAAS,CAAC,QAAwB,EAAE,MAAc,EAAE,OAAe;IAC1E,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;AACjD,CAAC","sourcesContent":["/**\n * WebID Profile API Handler\n *\n * 提供 WebID Profile 托管服务的 HTTP API\n *\n * GET /{username}/profile/card - 获取 WebID Profile (Turtle 格式)\n * POST /api/v1/identity/{username}/storage - 更新 storage 指针 (需认证)\n */\n\nimport type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\nimport type { WebIdProfileRepository } from '../../identity/drizzle/WebIdProfileRepository';\nimport type { PodLookupRepository, PodLookupResult } from '../../identity/drizzle/PodLookupRepository';\n\nconst logger = getLoggerFor('WebIdProfileHandler');\n\nexport interface WebIdProfileHandlerOptions {\n profileRepo: WebIdProfileRepository;\n podLookupRepo?: PodLookupRepository;\n}\n\ninterface IdentityProfileResponse {\n username: string;\n webidUrl: string;\n storageUrl?: string;\n storageMode: 'cloud' | 'local' | 'custom';\n oidcIssuer?: string;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport function registerWebIdProfileRoutes(\n server: ApiServer,\n options: WebIdProfileHandlerOptions,\n): void {\n const { profileRepo } = options;\n\n /**\n * GET /{username}/profile/card\n *\n * 获取 WebID Profile (Turtle 格式)\n * 这是 Solid 标准的 WebID 端点\n */\n server.get('/:username/profile/card', async (request, response, params) => {\n const username = decodeURIComponent(params.username);\n\n try {\n const profile = await resolveIdentityLookup(username, options, request);\n\n if (!profile) {\n sendError(response, 404, 'Profile not found');\n return;\n }\n\n // 返回 Turtle 格式\n const turtle = profileRepo.generateProfileTurtle(profile);\n\n response.statusCode = 200;\n response.setHeader('Content-Type', 'text/turtle');\n response.setHeader('Link', `<${profile.webidUrl}>; rel=\"describedby\"`);\n response.end(turtle);\n } catch (error) {\n logger.error(`Failed to get profile for ${username}: ${error}`);\n sendError(response, 500, 'Internal server error');\n }\n }, { public: true });\n\n /**\n * POST /api/v1/identity/{username}/storage\n *\n * 更新 storage 指针\n * 用于 Local 节点更新其 storage URL\n *\n * Request body:\n * {\n * \"storageUrl\": \"https://alice.undefineds.xyz/\"\n * }\n */\n server.post('/api/v1/identity/:username/storage', async (request, response, params) => {\n const username = decodeURIComponent(params.username);\n\n try {\n const body = await readJsonBody(request);\n const payload = body as { storageUrl?: string; storageMode?: string } | undefined;\n\n if (!payload?.storageUrl) {\n sendError(response, 400, 'storageUrl is required');\n return;\n }\n\n // 验证 URL 格式\n try {\n new URL(payload.storageUrl);\n } catch {\n sendError(response, 400, 'Invalid storageUrl format');\n return;\n }\n\n const profile = await profileRepo.updateStorage(username, {\n storageUrl: payload.storageUrl,\n storageMode: payload.storageMode as 'cloud' | 'local' | 'custom' | undefined,\n });\n\n if (!profile) {\n sendError(response, 404, 'Profile not found');\n return;\n }\n\n logger.info(`Updated storage for ${username}: ${payload.storageUrl}`);\n\n sendJson(response, 200, {\n success: true,\n username,\n storageUrl: profile.storageUrl,\n storageMode: profile.storageMode,\n updatedAt: profile.updatedAt.toISOString(),\n });\n } catch (error) {\n logger.error(`Failed to update storage for ${username}: ${error}`);\n sendError(response, 500, 'Internal server error');\n }\n });\n\n /**\n * GET /api/v1/identity/{username}\n *\n * 获取 WebID Profile 信息 (JSON 格式)\n */\n server.get('/api/v1/identity/:username', async (request, response, params) => {\n const username = decodeURIComponent(params.username);\n\n try {\n const profile = await resolveIdentityLookup(username, options, request);\n\n if (!profile) {\n sendError(response, 404, 'Profile not found');\n return;\n }\n\n const body: Record<string, unknown> = {\n username: profile.username,\n webidUrl: profile.webidUrl,\n storageUrl: profile.storageUrl,\n storageMode: profile.storageMode,\n oidcIssuer: profile.oidcIssuer,\n };\n if (profile.createdAt) {\n body.createdAt = profile.createdAt.toISOString();\n }\n if (profile.updatedAt) {\n body.updatedAt = profile.updatedAt.toISOString();\n }\n sendJson(response, 200, body);\n } catch (error) {\n logger.error(`Failed to get profile for ${username}: ${error}`);\n sendError(response, 500, 'Internal server error');\n }\n }, { public: true });\n\n /**\n * POST /api/v1/identity\n *\n * 创建 WebID Profile\n *\n * Request body:\n * {\n * \"username\": \"alice\",\n * \"storageMode\": \"local\", // optional, default: \"cloud\"\n * \"storageUrl\": \"https://alice.undefineds.xyz/\" // optional\n * }\n */\n server.post('/api/v1/identity', async (request, response, _params) => {\n try {\n const body = await readJsonBody(request);\n const payload = body as {\n username?: string;\n storageMode?: string;\n storageUrl?: string;\n accountId?: string;\n } | undefined;\n\n if (!payload?.username) {\n sendError(response, 400, 'username is required');\n return;\n }\n\n // 验证用户名格式\n if (!/^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$/.test(payload.username)) {\n sendError(response, 400, 'Invalid username format');\n return;\n }\n\n // 检查是否已存在\n const existing = await profileRepo.get(payload.username);\n if (existing) {\n sendError(response, 409, 'Username already taken');\n return;\n }\n\n const profile = await profileRepo.create({\n username: payload.username,\n storageMode: payload.storageMode as 'cloud' | 'local' | 'custom' | undefined,\n storageUrl: payload.storageUrl,\n accountId: payload.accountId,\n });\n\n logger.info(`Created profile for ${payload.username}`);\n\n sendJson(response, 201, {\n success: true,\n username: profile.username,\n webidUrl: profile.webidUrl,\n storageUrl: profile.storageUrl,\n storageMode: profile.storageMode,\n createdAt: profile.createdAt.toISOString(),\n });\n } catch (error) {\n logger.error(`Failed to create profile: ${error}`);\n sendError(response, 500, 'Internal server error');\n }\n });\n\n logger.info('WebID Profile routes registered');\n}\n\nasync function resolveIdentityLookup(\n username: string,\n options: WebIdProfileHandlerOptions,\n request?: IncomingMessage,\n): Promise<IdentityProfileResponse | null> {\n try {\n const profile = await resolveProfileWithStorageBackfill(username, options);\n if (profile) {\n return profile;\n }\n } catch (error) {\n logger.warn(`Profile lookup unavailable for ${username}, falling back to Pod index: ${error}`);\n }\n\n return resolveProfileFromPods(username, options, request);\n}\n\nasync function resolveProfileFromPods(\n username: string,\n options: WebIdProfileHandlerOptions,\n request?: IncomingMessage,\n): Promise<IdentityProfileResponse | null> {\n const { podLookupRepo } = options;\n const identityBaseUrl = getHostedIdentityBaseUrl(request);\n\n if (podLookupRepo) {\n const webidUrl = buildHostedWebIdUrl(username, identityBaseUrl);\n const webIdMatch = await tryFindPodByWebId(podLookupRepo, webidUrl, username);\n if (webIdMatch) {\n return profileFromPod(username, webidUrl, webIdMatch);\n }\n\n const match = await tryFindPodByStorageSlug(podLookupRepo, username);\n if (match) {\n return profileFromPod(username, buildStorageWebIdUrl(match.baseUrl), match);\n }\n }\n\n const hostedStorageUrl = new URL(`${encodeURIComponent(username)}/`, identityBaseUrl).toString();\n if (await probeHostedStorageRoot(hostedStorageUrl, username)) {\n return {\n username,\n webidUrl: buildHostedWebIdUrl(username, identityBaseUrl),\n storageUrl: hostedStorageUrl,\n storageMode: 'cloud',\n oidcIssuer: deriveOrigin(identityBaseUrl),\n };\n }\n\n return null;\n}\n\nasync function resolveProfileWithStorageBackfill(\n username: string,\n options: WebIdProfileHandlerOptions,\n) {\n const { profileRepo, podLookupRepo } = options;\n const profile = await profileRepo.get(username);\n if (!profile) {\n return null;\n }\n\n if (profile.storageUrl || !profile.accountId || !podLookupRepo) {\n return profile;\n }\n\n let pods: PodLookupResult[];\n try {\n pods = await podLookupRepo.listByAccountId(profile.accountId);\n } catch (error) {\n logger.warn(`Skipped storage backfill for ${username}: pod index unavailable for account ${profile.accountId}: ${error}`);\n return profile;\n }\n const storageUrl = selectStorageBackfillCandidate(username, pods);\n if (!storageUrl) {\n logger.warn(`Skipped storage backfill for ${username}: no unambiguous pod found for account ${profile.accountId}`);\n return profile;\n }\n\n try {\n const updated = await profileRepo.updateStorage(username, {\n storageUrl,\n storageMode: profile.storageMode,\n });\n if (updated) {\n logger.info(`Backfilled storage for ${username}: ${storageUrl}`);\n return updated;\n }\n } catch (error) {\n logger.warn(`Failed to backfill storage for ${username}: ${error}`);\n }\n\n return profile;\n}\n\nfunction selectStorageBackfillCandidate(\n username: string,\n pods: PodLookupResult[],\n): string | null {\n if (pods.length === 0) {\n return null;\n }\n\n const exactMatches = pods.filter((pod) => derivePodSlug(pod.baseUrl) === username);\n if (exactMatches.length === 1) {\n return ensureTrailingSlash(exactMatches[0].baseUrl);\n }\n\n if (exactMatches.length > 1) {\n return null;\n }\n\n if (pods.length === 1) {\n return ensureTrailingSlash(pods[0].baseUrl);\n }\n\n return null;\n}\n\nfunction derivePodSlug(baseUrl: string): string | null {\n try {\n const parsed = new URL(baseUrl);\n const [slug] = parsed.pathname.split('/').filter(Boolean);\n return slug || null;\n } catch {\n return null;\n }\n}\n\nasync function tryFindPodByWebId(\n podLookupRepo: PodLookupRepository,\n webidUrl: string,\n username: string,\n): Promise<PodLookupResult | undefined> {\n try {\n if (typeof podLookupRepo.findByWebId === 'function') {\n return await podLookupRepo.findByWebId(webidUrl);\n }\n } catch (error) {\n logger.warn(`WebID index lookup unavailable for ${username}: ${error}`);\n }\n return undefined;\n}\n\nasync function tryFindPodByStorageSlug(\n podLookupRepo: PodLookupRepository,\n username: string,\n): Promise<PodLookupResult | undefined> {\n try {\n const pods = await podLookupRepo.listAllPods();\n return pods.find((pod) => derivePodSlug(pod.baseUrl) === username);\n } catch (error) {\n logger.warn(`Pod index lookup unavailable for ${username}: ${error}`);\n return undefined;\n }\n}\n\nfunction profileFromPod(\n username: string,\n webidUrl: string,\n pod: PodLookupResult,\n): IdentityProfileResponse {\n const storageUrl = ensureTrailingSlash(pod.baseUrl);\n return {\n username,\n webidUrl,\n storageUrl,\n storageMode: 'cloud',\n oidcIssuer: deriveOrigin(webidUrl),\n };\n}\n\nfunction buildHostedWebIdUrl(username: string, identityBaseUrl = getHostedIdentityBaseUrl()): string {\n return new URL(`${encodeURIComponent(username)}/profile/card#me`, identityBaseUrl).toString();\n}\n\nfunction buildStorageWebIdUrl(storageUrl: string): string {\n return new URL('profile/card#me', ensureTrailingSlash(storageUrl)).toString();\n}\n\nfunction getHostedIdentityBaseUrl(request?: IncomingMessage): string {\n return ensureTrailingSlash(\n requestOrigin(request) ??\n absoluteHttpUrl(process.env.CSS_BASE_URL) ??\n absoluteHttpUrl(process.env.BASE_URL) ??\n 'http://localhost:3000/',\n );\n}\n\nfunction absoluteHttpUrl(value: string | undefined): string | undefined {\n if (!value) {\n return undefined;\n }\n try {\n const url = new URL(value);\n return url.protocol === 'http:' || url.protocol === 'https:' ? url.toString() : undefined;\n } catch {\n return undefined;\n }\n}\n\nfunction requestOrigin(request: IncomingMessage | undefined): string | undefined {\n if (!request?.headers) {\n return undefined;\n }\n const host = firstHeader(request.headers['x-forwarded-host']) ?? firstHeader(request.headers.host);\n if (!host) {\n return undefined;\n }\n const proto = firstHeader(request.headers['x-forwarded-proto']) ?? 'https';\n return absoluteHttpUrl(`${proto}://${host}`);\n}\n\nfunction firstHeader(value: string | string[] | undefined): string | undefined {\n if (Array.isArray(value)) {\n return value[0];\n }\n return value;\n}\n\nasync function probeHostedStorageRoot(storageUrl: string, username: string): Promise<boolean> {\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), 2_000);\n try {\n const response = await fetch(storageUrl, {\n method: 'HEAD',\n signal: controller.signal,\n });\n if ((response.status >= 200 && response.status < 400) || response.status === 401 || response.status === 403) {\n logger.info(`Resolved hosted WebID profile for ${username} from existing storage root: ${storageUrl}`);\n return true;\n }\n return false;\n } catch (error) {\n logger.warn(`Hosted storage root probe unavailable for ${username}: ${error}`);\n return false;\n } finally {\n clearTimeout(timer);\n }\n}\n\nfunction ensureTrailingSlash(url: string): string {\n return url.replace(/\\/+$/, '') + '/';\n}\n\nfunction deriveOrigin(url: string): string | undefined {\n try {\n return ensureTrailingSlash(new URL(url).origin);\n } catch {\n return undefined;\n }\n}\n\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n return new Promise((resolve, reject) => {\n let data = '';\n request.setEncoding('utf8');\n request.on('data', (chunk: string) => {\n data += chunk;\n });\n request.on('end', () => {\n if (!data) {\n resolve(undefined);\n return;\n }\n try {\n resolve(JSON.parse(data));\n } catch {\n resolve(undefined);\n }\n });\n request.on('error', reject);\n });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n response.statusCode = status;\n response.setHeader('Content-Type', 'application/json');\n response.end(JSON.stringify(data));\n}\n\nfunction sendError(response: ServerResponse, status: number, message: string): void {\n sendJson(response, status, { error: message });\n}\n"]}
1
+ {"version":3,"file":"WebIdProfileHandler.js","sourceRoot":"","sources":["../../../src/api/handlers/WebIdProfileHandler.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAyBH,gEAgMC;AAtND,iEAAqD;AAKrD,MAAM,MAAM,GAAG,IAAA,oCAAY,EAAC,qBAAqB,CAAC,CAAC;AAiBnD,SAAgB,0BAA0B,CACxC,MAAiB,EACjB,OAAmC;IAEnC,MAAM,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAEhC;;;;;OAKG;IACH,MAAM,CAAC,GAAG,CAAC,yBAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACxE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAExE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YAED,eAAe;YACf,MAAM,MAAM,GAAG,WAAW,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAE1D,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;YAC1B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;YAClD,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,OAAO,CAAC,QAAQ,sBAAsB,CAAC,CAAC;YACvE,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YAChE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB;;;;;;;;;;OAUG;IACH,MAAM,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QACpF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,IAAiE,CAAC;YAElF,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;gBACzB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,YAAY;YACZ,IAAI,CAAC;gBACH,IAAI,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC9B,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,2BAA2B,CAAC,CAAC;gBACtD,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,QAAQ,EAAE;gBACxD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAuD;aAC7E,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,uBAAuB,QAAQ,KAAK,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;YAEtE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,QAAQ;gBACR,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;aAC3C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YACnE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,4BAA4B,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE;QAC3E,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAExE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAA4B;gBACpC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;YACF,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;YACnD,CAAC;YACD,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;YACnD,CAAC;YACD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YAChE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB;;;;;;;;;;;OAWG;IACH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE;QACnE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;YACzC,MAAM,OAAO,GAAG,IAKH,CAAC;YAEd,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;gBACvB,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,sBAAsB,CAAC,CAAC;gBACjD,OAAO;YACT,CAAC;YAED,UAAU;YACV,IAAI,CAAC,mCAAmC,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChE,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,yBAAyB,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YAED,UAAU;YACV,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACzD,IAAI,QAAQ,EAAE,CAAC;gBACb,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,wBAAwB,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;gBACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,WAAW,EAAE,OAAO,CAAC,WAAuD;gBAC5E,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,SAAS,EAAE,OAAO,CAAC,SAAS;aAC7B,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,uBAAuB,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEvD,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACtB,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;aAC3C,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,6BAA6B,KAAK,EAAE,CAAC,CAAC;YACnD,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,uBAAuB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;AACjD,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,QAAgB,EAChB,OAAmC,EACnC,OAAyB;IAEzB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,iCAAiC,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC3E,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,kCAAkC,QAAQ,gCAAgC,KAAK,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,sBAAsB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC5D,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,QAAgB,EAChB,OAAmC,EACnC,OAAyB;IAEzB,MAAM,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IAClC,MAAM,eAAe,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAE1D,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC,aAAa,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC9E,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,uBAAuB,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QACrE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,cAAc,CAAC,QAAQ,EAAE,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,GAAG,kBAAkB,CAAC,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjG,IAAI,MAAM,sBAAsB,CAAC,gBAAgB,EAAE,QAAQ,CAAC,EAAE,CAAC;QAC7D,OAAO;YACL,QAAQ;YACR,QAAQ,EAAE,mBAAmB,CAAC,QAAQ,EAAE,eAAe,CAAC;YACxD,UAAU,EAAE,gBAAgB;YAC5B,WAAW,EAAE,OAAO;YACpB,UAAU,EAAE,YAAY,CAAC,eAAe,CAAC;SAC1C,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,iCAAiC,CAC9C,QAAgB,EAChB,OAAmC;IAEnC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC;IAC/C,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,aAAa,EAAE,CAAC;QAC/D,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,IAAuB,CAAC;IAC5B,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,aAAa,CAAC,eAAe,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,gCAAgC,QAAQ,uCAAuC,OAAO,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC,CAAC;QAC1H,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,MAAM,UAAU,GAAG,8BAA8B,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAClE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,CAAC,IAAI,CAAC,gCAAgC,QAAQ,0CAA0C,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QACnH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,QAAQ,EAAE;YACxD,UAAU;YACV,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;QACH,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,0BAA0B,QAAQ,KAAK,UAAU,EAAE,CAAC,CAAC;YACjE,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,kCAAkC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,8BAA8B,CACrC,QAAgB,EAChB,IAAuB;IAEvB,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;IACnF,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,mBAAmB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,OAAe;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1D,OAAO,IAAI,IAAI,IAAI,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,aAAkC,EAClC,QAAgB,EAChB,QAAgB;IAEhB,IAAI,CAAC;QACH,IAAI,OAAO,aAAa,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YACpD,OAAO,MAAM,aAAa,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,sCAAsC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,aAAkC,EAClC,QAAgB;IAEhB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;IACrE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,oCAAoC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;QACtE,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CACrB,QAAgB,EAChB,QAAgB,EAChB,GAAoB;IAEpB,MAAM,UAAU,GAAG,mBAAmB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACpD,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,UAAU;QACV,WAAW,EAAE,OAAO;QACpB,UAAU,EAAE,YAAY,CAAC,QAAQ,CAAC;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB,EAAE,eAAe,GAAG,wBAAwB,EAAE;IACzF,OAAO,IAAI,GAAG,CAAC,GAAG,kBAAkB,CAAC,QAAQ,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC,QAAQ,EAAE,CAAC;AAChG,CAAC;AAED,SAAS,oBAAoB,CAAC,UAAkB;IAC9C,OAAO,IAAI,GAAG,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAyB;IACzD,OAAO,mBAAmB,CACxB,aAAa,CAAC,OAAO,CAAC;QACtB,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QACzC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QACrC,wBAAwB,CACzB,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAyB;IAChD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5F,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,OAAoC;IACzD,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,IAAI,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACnG,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,IAAI,OAAO,CAAC;IAC3E,OAAO,eAAe,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,WAAW,CAAC,KAAoC;IACvD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,UAAkB,EAAE,QAAgB;IACxE,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC;IAC1D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QACH,IAAI,2BAA2B,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,qCAAqC,QAAQ,gCAAgC,UAAU,EAAE,CAAC,CAAC;YACvG,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,6CAA6C,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;QAC/E,OAAO,KAAK,CAAC;IACf,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,SAAS,2BAA2B,CAAC,QAAkB;IACrD,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAChD,OAAO,mEAAmE,CAAC,IAAI,CAAC,IAAI,CAAC;QACnF,wEAAwE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACxF,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,OAAO,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC;AACvC,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,IAAI,CAAC;QACH,OAAO,mBAAmB,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,OAAwB;IAClD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACnC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACrB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,CAAC,SAAS,CAAC,CAAC;gBACnB,OAAO;YACT,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,SAAS,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,QAAQ,CAAC,QAAwB,EAAE,MAAc,EAAE,IAAa;IACvE,QAAQ,CAAC,UAAU,GAAG,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,SAAS,CAAC,QAAwB,EAAE,MAAc,EAAE,OAAe;IAC1E,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;AACjD,CAAC","sourcesContent":["/**\n * WebID Profile API Handler\n *\n * 提供 WebID Profile 托管服务的 HTTP API\n *\n * GET /{username}/profile/card - 获取 WebID Profile (Turtle 格式)\n * POST /api/v1/identity/{username}/storage - 更新 storage 指针 (需认证)\n */\n\nimport type { ServerResponse, IncomingMessage } from 'node:http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport type { ApiServer } from '../ApiServer';\nimport type { WebIdProfileRepository } from '../../identity/drizzle/WebIdProfileRepository';\nimport type { PodLookupRepository, PodLookupResult } from '../../identity/drizzle/PodLookupRepository';\n\nconst logger = getLoggerFor('WebIdProfileHandler');\n\nexport interface WebIdProfileHandlerOptions {\n profileRepo: WebIdProfileRepository;\n podLookupRepo?: PodLookupRepository;\n}\n\ninterface IdentityProfileResponse {\n username: string;\n webidUrl: string;\n storageUrl?: string;\n storageMode: 'cloud' | 'local' | 'custom';\n oidcIssuer?: string;\n createdAt?: Date;\n updatedAt?: Date;\n}\n\nexport function registerWebIdProfileRoutes(\n server: ApiServer,\n options: WebIdProfileHandlerOptions,\n): void {\n const { profileRepo } = options;\n\n /**\n * GET /{username}/profile/card\n *\n * 获取 WebID Profile (Turtle 格式)\n * 这是 Solid 标准的 WebID 端点\n */\n server.get('/:username/profile/card', async (request, response, params) => {\n const username = decodeURIComponent(params.username);\n\n try {\n const profile = await resolveIdentityLookup(username, options, request);\n\n if (!profile) {\n sendError(response, 404, 'Profile not found');\n return;\n }\n\n // 返回 Turtle 格式\n const turtle = profileRepo.generateProfileTurtle(profile);\n\n response.statusCode = 200;\n response.setHeader('Content-Type', 'text/turtle');\n response.setHeader('Link', `<${profile.webidUrl}>; rel=\"describedby\"`);\n response.end(turtle);\n } catch (error) {\n logger.error(`Failed to get profile for ${username}: ${error}`);\n sendError(response, 500, 'Internal server error');\n }\n }, { public: true });\n\n /**\n * POST /api/v1/identity/{username}/storage\n *\n * 更新 storage 指针\n * 用于 Local 节点更新其 storage URL\n *\n * Request body:\n * {\n * \"storageUrl\": \"https://alice.undefineds.xyz/\"\n * }\n */\n server.post('/api/v1/identity/:username/storage', async (request, response, params) => {\n const username = decodeURIComponent(params.username);\n\n try {\n const body = await readJsonBody(request);\n const payload = body as { storageUrl?: string; storageMode?: string } | undefined;\n\n if (!payload?.storageUrl) {\n sendError(response, 400, 'storageUrl is required');\n return;\n }\n\n // 验证 URL 格式\n try {\n new URL(payload.storageUrl);\n } catch {\n sendError(response, 400, 'Invalid storageUrl format');\n return;\n }\n\n const profile = await profileRepo.updateStorage(username, {\n storageUrl: payload.storageUrl,\n storageMode: payload.storageMode as 'cloud' | 'local' | 'custom' | undefined,\n });\n\n if (!profile) {\n sendError(response, 404, 'Profile not found');\n return;\n }\n\n logger.info(`Updated storage for ${username}: ${payload.storageUrl}`);\n\n sendJson(response, 200, {\n success: true,\n username,\n storageUrl: profile.storageUrl,\n storageMode: profile.storageMode,\n updatedAt: profile.updatedAt.toISOString(),\n });\n } catch (error) {\n logger.error(`Failed to update storage for ${username}: ${error}`);\n sendError(response, 500, 'Internal server error');\n }\n });\n\n /**\n * GET /api/v1/identity/{username}\n *\n * 获取 WebID Profile 信息 (JSON 格式)\n */\n server.get('/api/v1/identity/:username', async (request, response, params) => {\n const username = decodeURIComponent(params.username);\n\n try {\n const profile = await resolveIdentityLookup(username, options, request);\n\n if (!profile) {\n sendError(response, 404, 'Profile not found');\n return;\n }\n\n const body: Record<string, unknown> = {\n username: profile.username,\n webidUrl: profile.webidUrl,\n storageUrl: profile.storageUrl,\n storageMode: profile.storageMode,\n oidcIssuer: profile.oidcIssuer,\n };\n if (profile.createdAt) {\n body.createdAt = profile.createdAt.toISOString();\n }\n if (profile.updatedAt) {\n body.updatedAt = profile.updatedAt.toISOString();\n }\n sendJson(response, 200, body);\n } catch (error) {\n logger.error(`Failed to get profile for ${username}: ${error}`);\n sendError(response, 500, 'Internal server error');\n }\n }, { public: true });\n\n /**\n * POST /api/v1/identity\n *\n * 创建 WebID Profile\n *\n * Request body:\n * {\n * \"username\": \"alice\",\n * \"storageMode\": \"local\", // optional, default: \"cloud\"\n * \"storageUrl\": \"https://alice.undefineds.xyz/\" // optional\n * }\n */\n server.post('/api/v1/identity', async (request, response, _params) => {\n try {\n const body = await readJsonBody(request);\n const payload = body as {\n username?: string;\n storageMode?: string;\n storageUrl?: string;\n accountId?: string;\n } | undefined;\n\n if (!payload?.username) {\n sendError(response, 400, 'username is required');\n return;\n }\n\n // 验证用户名格式\n if (!/^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$/.test(payload.username)) {\n sendError(response, 400, 'Invalid username format');\n return;\n }\n\n // 检查是否已存在\n const existing = await profileRepo.get(payload.username);\n if (existing) {\n sendError(response, 409, 'Username already taken');\n return;\n }\n\n const profile = await profileRepo.create({\n username: payload.username,\n storageMode: payload.storageMode as 'cloud' | 'local' | 'custom' | undefined,\n storageUrl: payload.storageUrl,\n accountId: payload.accountId,\n });\n\n logger.info(`Created profile for ${payload.username}`);\n\n sendJson(response, 201, {\n success: true,\n username: profile.username,\n webidUrl: profile.webidUrl,\n storageUrl: profile.storageUrl,\n storageMode: profile.storageMode,\n createdAt: profile.createdAt.toISOString(),\n });\n } catch (error) {\n logger.error(`Failed to create profile: ${error}`);\n sendError(response, 500, 'Internal server error');\n }\n });\n\n logger.info('WebID Profile routes registered');\n}\n\nasync function resolveIdentityLookup(\n username: string,\n options: WebIdProfileHandlerOptions,\n request?: IncomingMessage,\n): Promise<IdentityProfileResponse | null> {\n try {\n const profile = await resolveProfileWithStorageBackfill(username, options);\n if (profile) {\n return profile;\n }\n } catch (error) {\n logger.warn(`Profile lookup unavailable for ${username}, falling back to Pod index: ${error}`);\n }\n\n return resolveProfileFromPods(username, options, request);\n}\n\nasync function resolveProfileFromPods(\n username: string,\n options: WebIdProfileHandlerOptions,\n request?: IncomingMessage,\n): Promise<IdentityProfileResponse | null> {\n const { podLookupRepo } = options;\n const identityBaseUrl = getHostedIdentityBaseUrl(request);\n\n if (podLookupRepo) {\n const webidUrl = buildHostedWebIdUrl(username, identityBaseUrl);\n const webIdMatch = await tryFindPodByWebId(podLookupRepo, webidUrl, username);\n if (webIdMatch) {\n return profileFromPod(username, webidUrl, webIdMatch);\n }\n\n const match = await tryFindPodByStorageSlug(podLookupRepo, username);\n if (match) {\n return profileFromPod(username, buildStorageWebIdUrl(match.baseUrl), match);\n }\n }\n\n const hostedStorageUrl = new URL(`${encodeURIComponent(username)}/`, identityBaseUrl).toString();\n if (await probeHostedStorageRoot(hostedStorageUrl, username)) {\n return {\n username,\n webidUrl: buildHostedWebIdUrl(username, identityBaseUrl),\n storageUrl: hostedStorageUrl,\n storageMode: 'cloud',\n oidcIssuer: deriveOrigin(identityBaseUrl),\n };\n }\n\n return null;\n}\n\nasync function resolveProfileWithStorageBackfill(\n username: string,\n options: WebIdProfileHandlerOptions,\n) {\n const { profileRepo, podLookupRepo } = options;\n const profile = await profileRepo.get(username);\n if (!profile) {\n return null;\n }\n\n if (profile.storageUrl || !profile.accountId || !podLookupRepo) {\n return profile;\n }\n\n let pods: PodLookupResult[];\n try {\n pods = await podLookupRepo.listByAccountId(profile.accountId);\n } catch (error) {\n logger.warn(`Skipped storage backfill for ${username}: pod index unavailable for account ${profile.accountId}: ${error}`);\n return profile;\n }\n const storageUrl = selectStorageBackfillCandidate(username, pods);\n if (!storageUrl) {\n logger.warn(`Skipped storage backfill for ${username}: no unambiguous pod found for account ${profile.accountId}`);\n return profile;\n }\n\n try {\n const updated = await profileRepo.updateStorage(username, {\n storageUrl,\n storageMode: profile.storageMode,\n });\n if (updated) {\n logger.info(`Backfilled storage for ${username}: ${storageUrl}`);\n return updated;\n }\n } catch (error) {\n logger.warn(`Failed to backfill storage for ${username}: ${error}`);\n }\n\n return profile;\n}\n\nfunction selectStorageBackfillCandidate(\n username: string,\n pods: PodLookupResult[],\n): string | null {\n if (pods.length === 0) {\n return null;\n }\n\n const exactMatches = pods.filter((pod) => derivePodSlug(pod.baseUrl) === username);\n if (exactMatches.length === 1) {\n return ensureTrailingSlash(exactMatches[0].baseUrl);\n }\n\n if (exactMatches.length > 1) {\n return null;\n }\n\n if (pods.length === 1) {\n return ensureTrailingSlash(pods[0].baseUrl);\n }\n\n return null;\n}\n\nfunction derivePodSlug(baseUrl: string): string | null {\n try {\n const parsed = new URL(baseUrl);\n const [slug] = parsed.pathname.split('/').filter(Boolean);\n return slug || null;\n } catch {\n return null;\n }\n}\n\nasync function tryFindPodByWebId(\n podLookupRepo: PodLookupRepository,\n webidUrl: string,\n username: string,\n): Promise<PodLookupResult | undefined> {\n try {\n if (typeof podLookupRepo.findByWebId === 'function') {\n return await podLookupRepo.findByWebId(webidUrl);\n }\n } catch (error) {\n logger.warn(`WebID index lookup unavailable for ${username}: ${error}`);\n }\n return undefined;\n}\n\nasync function tryFindPodByStorageSlug(\n podLookupRepo: PodLookupRepository,\n username: string,\n): Promise<PodLookupResult | undefined> {\n try {\n const pods = await podLookupRepo.listAllPods();\n return pods.find((pod) => derivePodSlug(pod.baseUrl) === username);\n } catch (error) {\n logger.warn(`Pod index lookup unavailable for ${username}: ${error}`);\n return undefined;\n }\n}\n\nfunction profileFromPod(\n username: string,\n webidUrl: string,\n pod: PodLookupResult,\n): IdentityProfileResponse {\n const storageUrl = ensureTrailingSlash(pod.baseUrl);\n return {\n username,\n webidUrl,\n storageUrl,\n storageMode: 'cloud',\n oidcIssuer: deriveOrigin(webidUrl),\n };\n}\n\nfunction buildHostedWebIdUrl(username: string, identityBaseUrl = getHostedIdentityBaseUrl()): string {\n return new URL(`${encodeURIComponent(username)}/profile/card#me`, identityBaseUrl).toString();\n}\n\nfunction buildStorageWebIdUrl(storageUrl: string): string {\n return new URL('profile/card#me', ensureTrailingSlash(storageUrl)).toString();\n}\n\nfunction getHostedIdentityBaseUrl(request?: IncomingMessage): string {\n return ensureTrailingSlash(\n requestOrigin(request) ??\n absoluteHttpUrl(process.env.CSS_BASE_URL) ??\n absoluteHttpUrl(process.env.BASE_URL) ??\n 'http://localhost:3000/',\n );\n}\n\nfunction absoluteHttpUrl(value: string | undefined): string | undefined {\n if (!value) {\n return undefined;\n }\n try {\n const url = new URL(value);\n return url.protocol === 'http:' || url.protocol === 'https:' ? url.toString() : undefined;\n } catch {\n return undefined;\n }\n}\n\nfunction requestOrigin(request: IncomingMessage | undefined): string | undefined {\n if (!request?.headers) {\n return undefined;\n }\n const host = firstHeader(request.headers['x-forwarded-host']) ?? firstHeader(request.headers.host);\n if (!host) {\n return undefined;\n }\n const proto = firstHeader(request.headers['x-forwarded-proto']) ?? 'https';\n return absoluteHttpUrl(`${proto}://${host}`);\n}\n\nfunction firstHeader(value: string | string[] | undefined): string | undefined {\n if (Array.isArray(value)) {\n return value[0];\n }\n return value;\n}\n\nasync function probeHostedStorageRoot(storageUrl: string, username: string): Promise<boolean> {\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), 2_000);\n try {\n const response = await fetch(storageUrl, {\n method: 'HEAD',\n signal: controller.signal,\n });\n if (isHostedStorageRootResponse(response)) {\n logger.info(`Resolved hosted WebID profile for ${username} from existing storage root: ${storageUrl}`);\n return true;\n }\n return false;\n } catch (error) {\n logger.warn(`Hosted storage root probe unavailable for ${username}: ${error}`);\n return false;\n } finally {\n clearTimeout(timer);\n }\n}\n\nfunction isHostedStorageRootResponse(response: Response): boolean {\n if (response.status < 200 || response.status >= 400) {\n return false;\n }\n\n const link = response.headers.get('link') ?? '';\n return /<http:\\/\\/www\\.w3\\.org\\/ns\\/pim\\/space#Storage>;\\s*rel=\"?type\"?/iu.test(link) ||\n /<http:\\/\\/www\\.w3\\.org\\/ns\\/ldp#(?:Basic)?Container>;\\s*rel=\"?type\"?/iu.test(link);\n}\n\nfunction ensureTrailingSlash(url: string): string {\n return url.replace(/\\/+$/, '') + '/';\n}\n\nfunction deriveOrigin(url: string): string | undefined {\n try {\n return ensureTrailingSlash(new URL(url).origin);\n } catch {\n return undefined;\n }\n}\n\nasync function readJsonBody(request: IncomingMessage): Promise<unknown> {\n return new Promise((resolve, reject) => {\n let data = '';\n request.setEncoding('utf8');\n request.on('data', (chunk: string) => {\n data += chunk;\n });\n request.on('end', () => {\n if (!data) {\n resolve(undefined);\n return;\n }\n try {\n resolve(JSON.parse(data));\n } catch {\n resolve(undefined);\n }\n });\n request.on('error', reject);\n });\n}\n\nfunction sendJson(response: ServerResponse, status: number, data: unknown): void {\n response.statusCode = status;\n response.setHeader('Content-Type', 'application/json');\n response.end(JSON.stringify(data));\n}\n\nfunction sendError(response: ServerResponse, status: number, message: string): void {\n sendJson(response, status, { error: message });\n}\n"]}
package/dist/components/components.jsonld CHANGED
@@ -36,6 +36,7 @@
36
36
  "undefineds:dist/pods/ReservedSuffixIdentifierGenerator.jsonld",
37
37
  "undefineds:dist/identity/drizzle/DrizzleIndexedStorage.jsonld",
38
38
  "undefineds:dist/identity/drizzle/WebIdProfileRepository.jsonld",
39
+ "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld",
39
40
  "undefineds:dist/storage/keyvalue/PostgresKeyValueStorage.jsonld",
40
41
  "undefineds:dist/storage/keyvalue/RedisKeyValueStorage.jsonld",
41
42
  "undefineds:dist/storage/keyvalue/SqliteKeyValueStorage.jsonld",
package/dist/components/context.jsonld CHANGED
@@ -799,6 +799,36 @@
799
799
  }
800
800
  }
801
801
  },
802
+ "ValidatingIdentityProviderHttpHandler": {
803
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler",
804
+ "@prefix": true,
805
+ "@context": {
806
+ "args_providerFactory": {
807
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_providerFactory"
808
+ },
809
+ "args_cookieStore": {
810
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_cookieStore"
811
+ },
812
+ "args_handler": {
813
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_handler"
814
+ },
815
+ "args_accountStorage": {
816
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_accountStorage"
817
+ },
818
+ "providerFactory": {
819
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_providerFactory"
820
+ },
821
+ "cookieStore": {
822
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_cookieStore"
823
+ },
824
+ "handler": {
825
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_handler"
826
+ },
827
+ "accountStorage": {
828
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_accountStorage"
829
+ }
830
+ }
831
+ },
802
832
  "PostgresKeyValueStorage": {
803
833
  "@id": "undefineds:dist/storage/keyvalue/PostgresKeyValueStorage.jsonld#PostgresKeyValueStorage",
804
834
  "@prefix": true,
package/dist/identity/ValidatingIdentityProviderHttpHandler.d.ts ADDED
@@ -0,0 +1,45 @@
1
+ import { OperationHttpHandler, type InteractionHandler, type OperationHttpHandlerInput, type ProviderFactory, type ResponseDescription } from '@solid/community-server';
2
+ import type { CookieStore } from '@solid/community-server';
3
+ interface AccountExistenceStorage {
4
+ has: (type: string, id: string) => Promise<boolean>;
5
+ }
6
+ export interface ValidatingIdentityProviderHttpHandlerArgs {
7
+ /**
8
+ * Used to generate the OIDC provider.
9
+ */
10
+ providerFactory: ProviderFactory;
11
+ /**
12
+ * Used to determine the account of the requesting agent.
13
+ */
14
+ cookieStore: CookieStore;
15
+ /**
16
+ * Handles the requests.
17
+ */
18
+ handler: InteractionHandler;
19
+ /**
20
+ * Storage backing CSS account state.
21
+ */
22
+ accountStorage: AccountExistenceStorage;
23
+ }
24
+ /**
25
+ * CSS-compatible IdP operation handler that drops stale account cookies.
26
+ *
27
+ * CSS trusts the account id stored in the cookie. In a clustered deployment where
28
+ * account storage can be reset independently from browser cookies, that can leave
29
+ * users stuck in a phantom logged-in state during registration or login.
30
+ */
31
+ export declare class ValidatingIdentityProviderHttpHandler extends OperationHttpHandler {
32
+ protected readonly logger: import("global-logger-factory").Logger<unknown>;
33
+ private readonly providerFactory;
34
+ private readonly cookieStore;
35
+ private readonly handler;
36
+ private readonly accountStorage;
37
+ constructor(args: ValidatingIdentityProviderHttpHandlerArgs);
38
+ handle({ operation, request, response }: OperationHttpHandlerInput): Promise<ResponseDescription>;
39
+ private findAccountCookies;
40
+ private findAuthorizationAccountCookie;
41
+ private findBrowserAccountCookie;
42
+ private normalizeAccountCookie;
43
+ private findValidAccount;
44
+ }
45
+ export {};
package/dist/identity/ValidatingIdentityProviderHttpHandler.js ADDED
@@ -0,0 +1,129 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.ValidatingIdentityProviderHttpHandler = void 0;
4
+ const global_logger_factory_1 = require("global-logger-factory");
5
+ const community_server_1 = require("@solid/community-server");
6
+ const ACCOUNT_TYPE = 'account';
7
+ const ACCOUNT_COOKIE_NAME = 'css-account';
8
+ const ACCOUNT_TOKEN_AUTHORIZATION_SCHEME = 'CSS-Account-Token ';
9
+ /**
10
+ * CSS-compatible IdP operation handler that drops stale account cookies.
11
+ *
12
+ * CSS trusts the account id stored in the cookie. In a clustered deployment where
13
+ * account storage can be reset independently from browser cookies, that can leave
14
+ * users stuck in a phantom logged-in state during registration or login.
15
+ */
16
+ class ValidatingIdentityProviderHttpHandler extends community_server_1.OperationHttpHandler {
17
+ constructor(args) {
18
+ super();
19
+ this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
20
+ this.providerFactory = args.providerFactory;
21
+ this.cookieStore = args.cookieStore;
22
+ this.handler = args.handler;
23
+ this.accountStorage = args.accountStorage;
24
+ }
25
+ async handle({ operation, request, response }) {
26
+ let oidcInteraction;
27
+ try {
28
+ const provider = await this.providerFactory.getProvider();
29
+ oidcInteraction = await provider.interactionDetails(request, response);
30
+ this.logger.debug('Found an active OIDC interaction.');
31
+ }
32
+ catch (error) {
33
+ this.logger.debug(`No active OIDC interaction found: ${(0, community_server_1.createErrorMessage)(error)}`);
34
+ }
35
+ const browserCookie = this.findBrowserAccountCookie(request);
36
+ const authorizationCookie = this.findAuthorizationAccountCookie(request);
37
+ const cookies = this.findAccountCookies(operation, authorizationCookie, browserCookie);
38
+ const { accountId, selectedCookie, expiredCookie } = await this.findValidAccount(cookies, browserCookie);
39
+ const normalizedOperation = this.normalizeAccountCookie(operation, selectedCookie);
40
+ const representation = await this.handler.handleSafe({ operation: normalizedOperation, oidcInteraction, accountId });
41
+ if (expiredCookie && !representation.metadata?.has(community_server_1.SOLID_HTTP.terms.accountCookie)) {
42
+ const metadata = new community_server_1.RepresentationMetadata(representation.metadata);
43
+ metadata.set(community_server_1.SOLID_HTTP.terms.accountCookie, expiredCookie);
44
+ metadata.set(community_server_1.SOLID_HTTP.terms.accountCookieExpiration, new Date(0).toISOString());
45
+ representation.metadata = metadata;
46
+ }
47
+ return new community_server_1.OkResponseDescription(representation.metadata, representation.data);
48
+ }
49
+ findAccountCookies(operation, authorizationCookie, browserCookie) {
50
+ const metadataCookies = operation.body.metadata
51
+ .getAll(community_server_1.SOLID_HTTP.terms.accountCookie)
52
+ .map((term) => term.value)
53
+ .filter((value) => Boolean(value));
54
+ return Array.from(new Set([
55
+ authorizationCookie,
56
+ ...metadataCookies,
57
+ browserCookie,
58
+ ].filter((value) => Boolean(value))));
59
+ }
60
+ findAuthorizationAccountCookie(request) {
61
+ const authorization = request.headers.authorization;
62
+ if (!authorization?.toLowerCase().startsWith(ACCOUNT_TOKEN_AUTHORIZATION_SCHEME.toLowerCase())) {
63
+ return;
64
+ }
65
+ const value = authorization.slice(ACCOUNT_TOKEN_AUTHORIZATION_SCHEME.length).trim();
66
+ return value || undefined;
67
+ }
68
+ findBrowserAccountCookie(request) {
69
+ const cookieHeader = request.headers.cookie;
70
+ if (!cookieHeader) {
71
+ return;
72
+ }
73
+ for (const cookie of cookieHeader.split(';')) {
74
+ const separator = cookie.indexOf('=');
75
+ if (separator === -1) {
76
+ continue;
77
+ }
78
+ const name = cookie.slice(0, separator).trim();
79
+ if (name !== ACCOUNT_COOKIE_NAME) {
80
+ continue;
81
+ }
82
+ const value = cookie.slice(separator + 1).trim();
83
+ return value || undefined;
84
+ }
85
+ }
86
+ normalizeAccountCookie(operation, selectedCookie) {
87
+ const metadata = new community_server_1.RepresentationMetadata(operation.body.metadata);
88
+ metadata.removeAll(community_server_1.SOLID_HTTP.terms.accountCookie);
89
+ if (selectedCookie) {
90
+ metadata.add(community_server_1.SOLID_HTTP.terms.accountCookie, selectedCookie);
91
+ }
92
+ const body = Object.assign(Object.create(Object.getPrototypeOf(operation.body)), operation.body, { metadata });
93
+ return {
94
+ ...operation,
95
+ body,
96
+ };
97
+ }
98
+ async findValidAccount(cookies, browserCookie) {
99
+ if (cookies.length === 0) {
100
+ return {};
101
+ }
102
+ let expiredCookie;
103
+ let selectedCookie;
104
+ let selectedAccountId;
105
+ for (const cookie of cookies) {
106
+ const accountId = await this.cookieStore.get(cookie);
107
+ if (!accountId) {
108
+ if (cookie === browserCookie) {
109
+ expiredCookie ??= cookie;
110
+ }
111
+ continue;
112
+ }
113
+ const accountExists = await this.accountStorage.has(ACCOUNT_TYPE, accountId);
114
+ if (accountExists) {
115
+ selectedCookie ??= cookie;
116
+ selectedAccountId ??= accountId;
117
+ continue;
118
+ }
119
+ await this.cookieStore.delete(cookie);
120
+ if (cookie === browserCookie) {
121
+ expiredCookie ??= cookie;
122
+ }
123
+ this.logger.warn(`Deleted stale account cookie for missing account ${accountId}.`);
124
+ }
125
+ return { accountId: selectedAccountId, selectedCookie, expiredCookie };
126
+ }
127
+ }
128
+ exports.ValidatingIdentityProviderHttpHandler = ValidatingIdentityProviderHttpHandler;
129
+ //# sourceMappingURL=ValidatingIdentityProviderHttpHandler.js.map
package/dist/identity/ValidatingIdentityProviderHttpHandler.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"ValidatingIdentityProviderHttpHandler.js","sourceRoot":"","sources":["../../src/identity/ValidatingIdentityProviderHttpHandler.ts"],"names":[],"mappings":";;;AAAA,iEAAqD;AACrD,8DAUiC;AAGjC,MAAM,YAAY,GAAG,SAAS,CAAC;AAC/B,MAAM,mBAAmB,GAAG,aAAa,CAAC;AAC1C,MAAM,kCAAkC,GAAG,oBAAoB,CAAC;AAyBhE;;;;;;GAMG;AACH,MAAa,qCAAsC,SAAQ,uCAAoB;IAO7E,YAAmB,IAA+C;QAChE,KAAK,EAAE,CAAC;QAPS,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAQ7C,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC;QAC5C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;QACpC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAC5B,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC;IAC5C,CAAC;IAEe,KAAK,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAA6B;QACtF,IAAI,eAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,CAAC;YAC1D,eAAe,GAAG,MAAM,QAAQ,CAAC,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACvE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,IAAA,qCAAkB,EAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;QAC7D,MAAM,mBAAmB,GAAG,IAAI,CAAC,8BAA8B,CAAC,OAAO,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,mBAAmB,EAAE,aAAa,CAAC,CAAC;QACvF,MAAM,EAAE,SAAS,EAAE,cAAc,EAAE,aAAa,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACzG,MAAM,mBAAmB,GAAG,IAAI,CAAC,sBAAsB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QACnF,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,SAAS,EAAE,mBAAmB,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,CAAC;QAErH,IAAI,aAAa,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,GAAG,CAAC,6BAAU,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;YACnF,MAAM,QAAQ,GAAG,IAAI,yCAAsB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YACrE,QAAQ,CAAC,GAAG,CAAC,6BAAU,CAAC,KAAK,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;YAC5D,QAAQ,CAAC,GAAG,CAAC,6BAAU,CAAC,KAAK,CAAC,uBAAuB,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YAClF,cAAc,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACrC,CAAC;QAED,OAAO,IAAI,wCAAqB,CAAC,cAAc,CAAC,QAAQ,EAAE,cAAc,CAAC,IAAI,CAAC,CAAC;IACjF,CAAC;IAEO,kBAAkB,CACxB,SAAiD,EACjD,mBAAuC,EACvC,aAAiC;QAEjC,MAAM,eAAe,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ;aAC5C,MAAM,CAAC,6BAAU,CAAC,KAAK,CAAC,aAAa,CAAC;aACtC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC;aACzB,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAEtD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CACvB;YACE,mBAAmB;YACnB,GAAG,eAAe;YAClB,aAAa;SACd,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CACrD,CAAC,CAAC;IACL,CAAC;IAEO,8BAA8B,CAAC,OAA6C;QAClF,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACpD,IAAI,CAAC,aAAa,EAAE,WAAW,EAAE,CAAC,UAAU,CAAC,kCAAkC,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC/F,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,kCAAkC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACpF,OAAO,KAAK,IAAI,SAAS,CAAC;IAC5B,CAAC;IAEO,wBAAwB,CAAC,OAA6C;QAC5E,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO;QACT,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7C,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACtC,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;gBACrB,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/C,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;gBACjC,SAAS;YACX,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACjD,OAAO,KAAK,IAAI,SAAS,CAAC;QAC5B,CAAC;IACH,CAAC;IAEO,sBAAsB,CAC5B,SAAiD,EACjD,cAAkC;QAElC,MAAM,QAAQ,GAAG,IAAI,yCAAsB,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrE,QAAQ,CAAC,SAAS,CAAC,6BAAU,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACnD,IAAI,cAAc,EAAE,CAAC;YACnB,QAAQ,CAAC,GAAG,CAAC,6BAAU,CAAC,KAAK,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CACxB,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EACpD,SAAS,CAAC,IAAI,EACd,EAAE,QAAQ,EAAE,CACb,CAAC;QAEF,OAAO;YACL,GAAG,SAAS;YACZ,IAAI;SACL,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAiB,EAAE,aAAiC;QAKjF,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,aAAiC,CAAC;QACtC,IAAI,cAAkC,CAAC;QACvC,IAAI,iBAAqC,CAAC;QAC1C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;oBAC7B,aAAa,KAAK,MAAM,CAAC;gBAC3B,CAAC;gBACD,SAAS;YACX,CAAC;YAED,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;YAC7E,IAAI,aAAa,EAAE,CAAC;gBAClB,cAAc,KAAK,MAAM,CAAC;gBAC1B,iBAAiB,KAAK,SAAS,CAAC;gBAChC,SAAS;YACX,CAAC;YAED,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YACtC,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;gBAC7B,aAAa,KAAK,MAAM,CAAC;YAC3B,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oDAAoD,SAAS,GAAG,CAAC,CAAC;QACrF,CAAC;QAED,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC;IACzE,CAAC;CACF;AAxJD,sFAwJC","sourcesContent":["import { getLoggerFor } from 'global-logger-factory';\nimport {\n OkResponseDescription,\n OperationHttpHandler,\n RepresentationMetadata,\n SOLID_HTTP,\n createErrorMessage,\n type InteractionHandler,\n type OperationHttpHandlerInput,\n type ProviderFactory,\n type ResponseDescription,\n} from '@solid/community-server';\nimport type { CookieStore } from '@solid/community-server';\n\nconst ACCOUNT_TYPE = 'account';\nconst ACCOUNT_COOKIE_NAME = 'css-account';\nconst ACCOUNT_TOKEN_AUTHORIZATION_SCHEME = 'CSS-Account-Token ';\n\ninterface AccountExistenceStorage {\n has: (type: string, id: string) => Promise<boolean>;\n}\n\nexport interface ValidatingIdentityProviderHttpHandlerArgs {\n /**\n * Used to generate the OIDC provider.\n */\n providerFactory: ProviderFactory;\n /**\n * Used to determine the account of the requesting agent.\n */\n cookieStore: CookieStore;\n /**\n * Handles the requests.\n */\n handler: InteractionHandler;\n /**\n * Storage backing CSS account state.\n */\n accountStorage: AccountExistenceStorage;\n}\n\n/**\n * CSS-compatible IdP operation handler that drops stale account cookies.\n *\n * CSS trusts the account id stored in the cookie. In a clustered deployment where\n * account storage can be reset independently from browser cookies, that can leave\n * users stuck in a phantom logged-in state during registration or login.\n */\nexport class ValidatingIdentityProviderHttpHandler extends OperationHttpHandler {\n protected readonly logger = getLoggerFor(this);\n private readonly providerFactory: ProviderFactory;\n private readonly cookieStore: CookieStore;\n private readonly handler: InteractionHandler;\n private readonly accountStorage: AccountExistenceStorage;\n\n public constructor(args: ValidatingIdentityProviderHttpHandlerArgs) {\n super();\n this.providerFactory = args.providerFactory;\n this.cookieStore = args.cookieStore;\n this.handler = args.handler;\n this.accountStorage = args.accountStorage;\n }\n\n public override async handle({ operation, request, response }: OperationHttpHandlerInput): Promise<ResponseDescription> {\n let oidcInteraction;\n try {\n const provider = await this.providerFactory.getProvider();\n oidcInteraction = await provider.interactionDetails(request, response);\n this.logger.debug('Found an active OIDC interaction.');\n } catch (error: unknown) {\n this.logger.debug(`No active OIDC interaction found: ${createErrorMessage(error)}`);\n }\n\n const browserCookie = this.findBrowserAccountCookie(request);\n const authorizationCookie = this.findAuthorizationAccountCookie(request);\n const cookies = this.findAccountCookies(operation, authorizationCookie, browserCookie);\n const { accountId, selectedCookie, expiredCookie } = await this.findValidAccount(cookies, browserCookie);\n const normalizedOperation = this.normalizeAccountCookie(operation, selectedCookie);\n const representation = await this.handler.handleSafe({ operation: normalizedOperation, oidcInteraction, accountId });\n\n if (expiredCookie && !representation.metadata?.has(SOLID_HTTP.terms.accountCookie)) {\n const metadata = new RepresentationMetadata(representation.metadata);\n metadata.set(SOLID_HTTP.terms.accountCookie, expiredCookie);\n metadata.set(SOLID_HTTP.terms.accountCookieExpiration, new Date(0).toISOString());\n representation.metadata = metadata;\n }\n\n return new OkResponseDescription(representation.metadata, representation.data);\n }\n\n private findAccountCookies(\n operation: OperationHttpHandlerInput['operation'],\n authorizationCookie: string | undefined,\n browserCookie: string | undefined,\n ): string[] {\n const metadataCookies = operation.body.metadata\n .getAll(SOLID_HTTP.terms.accountCookie)\n .map((term) => term.value)\n .filter((value): value is string => Boolean(value));\n\n return Array.from(new Set(\n [\n authorizationCookie,\n ...metadataCookies,\n browserCookie,\n ].filter((value): value is string => Boolean(value)),\n ));\n }\n\n private findAuthorizationAccountCookie(request: OperationHttpHandlerInput['request']): string | undefined {\n const authorization = request.headers.authorization;\n if (!authorization?.toLowerCase().startsWith(ACCOUNT_TOKEN_AUTHORIZATION_SCHEME.toLowerCase())) {\n return;\n }\n\n const value = authorization.slice(ACCOUNT_TOKEN_AUTHORIZATION_SCHEME.length).trim();\n return value || undefined;\n }\n\n private findBrowserAccountCookie(request: OperationHttpHandlerInput['request']): string | undefined {\n const cookieHeader = request.headers.cookie;\n if (!cookieHeader) {\n return;\n }\n\n for (const cookie of cookieHeader.split(';')) {\n const separator = cookie.indexOf('=');\n if (separator === -1) {\n continue;\n }\n\n const name = cookie.slice(0, separator).trim();\n if (name !== ACCOUNT_COOKIE_NAME) {\n continue;\n }\n\n const value = cookie.slice(separator + 1).trim();\n return value || undefined;\n }\n }\n\n private normalizeAccountCookie(\n operation: OperationHttpHandlerInput['operation'],\n selectedCookie: string | undefined,\n ): OperationHttpHandlerInput['operation'] {\n const metadata = new RepresentationMetadata(operation.body.metadata);\n metadata.removeAll(SOLID_HTTP.terms.accountCookie);\n if (selectedCookie) {\n metadata.add(SOLID_HTTP.terms.accountCookie, selectedCookie);\n }\n\n const body = Object.assign(\n Object.create(Object.getPrototypeOf(operation.body)),\n operation.body,\n { metadata },\n );\n\n return {\n ...operation,\n body,\n };\n }\n\n private async findValidAccount(cookies: string[], browserCookie: string | undefined): Promise<{\n accountId?: string;\n selectedCookie?: string;\n expiredCookie?: string;\n }> {\n if (cookies.length === 0) {\n return {};\n }\n\n let expiredCookie: string | undefined;\n let selectedCookie: string | undefined;\n let selectedAccountId: string | undefined;\n for (const cookie of cookies) {\n const accountId = await this.cookieStore.get(cookie);\n if (!accountId) {\n if (cookie === browserCookie) {\n expiredCookie ??= cookie;\n }\n continue;\n }\n\n const accountExists = await this.accountStorage.has(ACCOUNT_TYPE, accountId);\n if (accountExists) {\n selectedCookie ??= cookie;\n selectedAccountId ??= accountId;\n continue;\n }\n\n await this.cookieStore.delete(cookie);\n if (cookie === browserCookie) {\n expiredCookie ??= cookie;\n }\n this.logger.warn(`Deleted stale account cookie for missing account ${accountId}.`);\n }\n\n return { accountId: selectedAccountId, selectedCookie, expiredCookie };\n }\n}\n"]}
package/dist/identity/ValidatingIdentityProviderHttpHandler.jsonld ADDED
@@ -0,0 +1,124 @@
1
+ {
2
+ "@context": [
3
+ "https://linkedsoftwaredependencies.org/bundles/npm/@undefineds.co/xpod/^0.0.0/components/context.jsonld",
4
+ "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^8.0.0/components/context.jsonld"
5
+ ],
6
+ "@id": "npmd:@undefineds.co/xpod",
7
+ "components": [
8
+ {
9
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler",
10
+ "@type": "Class",
11
+ "requireElement": "ValidatingIdentityProviderHttpHandler",
12
+ "extends": [
13
+ "css:dist/server/OperationHttpHandler.jsonld#OperationHttpHandler"
14
+ ],
15
+ "comment": "CSS-compatible IdP operation handler that drops stale account cookies. CSS trusts the account id stored in the cookie. In a clustered deployment where account storage can be reset independently from browser cookies, that can leave users stuck in a phantom logged-in state during registration or login.",
16
+ "parameters": [
17
+ {
18
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_providerFactory",
19
+ "range": "css:dist/identity/configuration/ProviderFactory.jsonld#ProviderFactory",
20
+ "comment": "Used to generate the OIDC provider."
21
+ },
22
+ {
23
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_cookieStore",
24
+ "range": "css:dist/identity/interaction/account/util/CookieStore.jsonld#CookieStore",
25
+ "comment": "Used to determine the account of the requesting agent."
26
+ },
27
+ {
28
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_handler",
29
+ "range": "css:dist/identity/interaction/InteractionHandler.jsonld#InteractionHandler",
30
+ "comment": "Handles the requests."
31
+ },
32
+ {
33
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_accountStorage",
34
+ "range": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#AccountExistenceStorage",
35
+ "comment": "Storage backing CSS account state."
36
+ }
37
+ ],
38
+ "memberFields": [
39
+ {
40
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_logger",
41
+ "memberFieldName": "logger",
42
+ "range": {
43
+ "@type": "ParameterRangeWildcard"
44
+ }
45
+ },
46
+ {
47
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_providerFactory",
48
+ "memberFieldName": "providerFactory"
49
+ },
50
+ {
51
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_cookieStore",
52
+ "memberFieldName": "cookieStore"
53
+ },
54
+ {
55
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_handler",
56
+ "memberFieldName": "handler"
57
+ },
58
+ {
59
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_accountStorage",
60
+ "memberFieldName": "accountStorage"
61
+ },
62
+ {
63
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_constructor",
64
+ "memberFieldName": "constructor"
65
+ },
66
+ {
67
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_handle",
68
+ "memberFieldName": "handle"
69
+ },
70
+ {
71
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_findAccountCookies",
72
+ "memberFieldName": "findAccountCookies"
73
+ },
74
+ {
75
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_findAuthorizationAccountCookie",
76
+ "memberFieldName": "findAuthorizationAccountCookie"
77
+ },
78
+ {
79
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_findBrowserAccountCookie",
80
+ "memberFieldName": "findBrowserAccountCookie"
81
+ },
82
+ {
83
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_normalizeAccountCookie",
84
+ "memberFieldName": "normalizeAccountCookie"
85
+ },
86
+ {
87
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler__member_findValidAccount",
88
+ "memberFieldName": "findValidAccount"
89
+ }
90
+ ],
91
+ "constructorArguments": [
92
+ {
93
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args__constructorArgument",
94
+ "fields": [
95
+ {
96
+ "keyRaw": "providerFactory",
97
+ "value": {
98
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_providerFactory"
99
+ }
100
+ },
101
+ {
102
+ "keyRaw": "cookieStore",
103
+ "value": {
104
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_cookieStore"
105
+ }
106
+ },
107
+ {
108
+ "keyRaw": "handler",
109
+ "value": {
110
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_handler"
111
+ }
112
+ },
113
+ {
114
+ "keyRaw": "accountStorage",
115
+ "value": {
116
+ "@id": "undefineds:dist/identity/ValidatingIdentityProviderHttpHandler.jsonld#ValidatingIdentityProviderHttpHandler_args_accountStorage"
117
+ }
118
+ }
119
+ ]
120
+ }
121
+ ]
122
+ }
123
+ ]
124
+ }
package/dist/index.d.ts CHANGED
@@ -22,6 +22,7 @@ import { EdgeNodeCertificateHttpHandler } from './http/admin/EdgeNodeCertificate
22
22
  import { ReservedSuffixIdentifierGenerator } from './pods/ReservedSuffixIdentifierGenerator';
23
23
  import { DrizzleIndexedStorage } from './identity/drizzle/DrizzleIndexedStorage';
24
24
  import { WebIdProfileRepository } from './identity/drizzle/WebIdProfileRepository';
25
+ import { ValidatingIdentityProviderHttpHandler } from './identity/ValidatingIdentityProviderHttpHandler';
25
26
  import { PostgresKeyValueStorage } from './storage/keyvalue/PostgresKeyValueStorage';
26
27
  import { RedisKeyValueStorage } from './storage/keyvalue/RedisKeyValueStorage';
27
28
  import { SqliteKeyValueStorage } from './storage/keyvalue/SqliteKeyValueStorage';
@@ -80,4 +81,4 @@ export type { EntitlementProvider, AccountEntitlement } from './quota/Entitlemen
80
81
  export type { TunnelProvider, TunnelConfig, TunnelSetupOptions, TunnelStatus, } from './tunnel/TunnelProvider';
81
82
  export type { SubdomainRegistration, ConnectivityResult, SubdomainServiceOptions, } from './subdomain/SubdomainService';
82
83
  export { AppStaticAssetHandler } from './http/AppStaticAssetHandler';
83
- export { RepresentationPartialConvertingStore, MinioDataAccessor, QuadstoreSparqlDataAccessor, QuintStoreSparqlDataAccessor, MixDataAccessor, ConfigurableLoggerFactory, SparqlUpdateResourceStore, SubgraphQueryEngine, QuadstoreSparqlEngine, QuintstoreSparqlEngine, SubgraphSparqlHttpHandler, QuotaAdminHttpHandler, ClusterIngressRouter, ClusterWebSocketConfigurator, EdgeNodeDirectDebugHttpHandler, EdgeNodeProxyHttpHandler, RouterHttpHandler, RouterHttpRoute, TracingHandler, EdgeNodeCertificateHttpHandler, TerminalHttpHandler, ReservedSuffixIdentifierGenerator, DrizzleIndexedStorage, WebIdProfileRepository, PostgresKeyValueStorage, RedisKeyValueStorage, SqliteKeyValueStorage, DrizzleQuotaService, NoopQuotaService, HttpEntitlementProvider, NoopEntitlementProvider, PerAccountQuotaStrategy, TencentDnsProvider, EdgeNodeDnsCoordinator, Dns01CertificateProvisioner, SimpleEdgeNodeTunnelManager, NoopEdgeNodeTunnelManager, FrpTunnelManager, EdgeNodeHealthProbeService, EdgeNodeAgent, EdgeNodeCertificateService, AcmeCertificateManager, EdgeNodeModeDetector, ClusterIdentifierStrategy, UsageTrackingStore, CenterNodeRegistrationService, PodRoutingHttpHandler, ReactAppViewHandler, QuintStore, SqliteQuintStore, PgQuintStore, BaseQuintStore, VectorStore, SqliteVectorStore, PostgresVectorStore, VectorHttpHandler, ProviderRegistry, ProviderRegistryImpl, EmbeddingService, EmbeddingServiceImpl, CredentialReader, CredentialReaderImpl, CloudflareTunnelProvider, LocalTunnelProvider, SubdomainService, MultiDomainIdentifierStrategy, SubdomainPodIdentifierStrategy, DisabledOidcHandler, DisabledIdentityProviderHandler, AutoDetectOidcHandler, AutoDetectIdentityProviderHandler, LoopbackClientIdAdapterFactory, UrlAwareRedisLocker, ProvisionPodCreator, ProvisionCodeCodec, LocalPodProvisioningService, AuthModeSelector, };
84
+ export { RepresentationPartialConvertingStore, MinioDataAccessor, QuadstoreSparqlDataAccessor, QuintStoreSparqlDataAccessor, MixDataAccessor, ConfigurableLoggerFactory, SparqlUpdateResourceStore, SubgraphQueryEngine, QuadstoreSparqlEngine, QuintstoreSparqlEngine, SubgraphSparqlHttpHandler, QuotaAdminHttpHandler, ClusterIngressRouter, ClusterWebSocketConfigurator, EdgeNodeDirectDebugHttpHandler, EdgeNodeProxyHttpHandler, RouterHttpHandler, RouterHttpRoute, TracingHandler, EdgeNodeCertificateHttpHandler, TerminalHttpHandler, ReservedSuffixIdentifierGenerator, DrizzleIndexedStorage, WebIdProfileRepository, ValidatingIdentityProviderHttpHandler, PostgresKeyValueStorage, RedisKeyValueStorage, SqliteKeyValueStorage, DrizzleQuotaService, NoopQuotaService, HttpEntitlementProvider, NoopEntitlementProvider, PerAccountQuotaStrategy, TencentDnsProvider, EdgeNodeDnsCoordinator, Dns01CertificateProvisioner, SimpleEdgeNodeTunnelManager, NoopEdgeNodeTunnelManager, FrpTunnelManager, EdgeNodeHealthProbeService, EdgeNodeAgent, EdgeNodeCertificateService, AcmeCertificateManager, EdgeNodeModeDetector, ClusterIdentifierStrategy, UsageTrackingStore, CenterNodeRegistrationService, PodRoutingHttpHandler, ReactAppViewHandler, QuintStore, SqliteQuintStore, PgQuintStore, BaseQuintStore, VectorStore, SqliteVectorStore, PostgresVectorStore, VectorHttpHandler, ProviderRegistry, ProviderRegistryImpl, EmbeddingService, EmbeddingServiceImpl, CredentialReader, CredentialReaderImpl, CloudflareTunnelProvider, LocalTunnelProvider, SubdomainService, MultiDomainIdentifierStrategy, SubdomainPodIdentifierStrategy, DisabledOidcHandler, DisabledIdentityProviderHandler, AutoDetectOidcHandler, AutoDetectIdentityProviderHandler, LoopbackClientIdAdapterFactory, UrlAwareRedisLocker, ProvisionPodCreator, ProvisionCodeCodec, LocalPodProvisioningService, AuthModeSelector, };
package/dist/index.js CHANGED
@@ -1,7 +1,7 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.QuintStore = exports.ReactAppViewHandler = exports.PodRoutingHttpHandler = exports.CenterNodeRegistrationService = exports.UsageTrackingStore = exports.ClusterIdentifierStrategy = exports.EdgeNodeModeDetector = exports.AcmeCertificateManager = exports.EdgeNodeCertificateService = exports.EdgeNodeAgent = exports.EdgeNodeHealthProbeService = exports.FrpTunnelManager = exports.NoopEdgeNodeTunnelManager = exports.SimpleEdgeNodeTunnelManager = exports.Dns01CertificateProvisioner = exports.EdgeNodeDnsCoordinator = exports.TencentDnsProvider = exports.PerAccountQuotaStrategy = exports.NoopEntitlementProvider = exports.HttpEntitlementProvider = exports.NoopQuotaService = exports.DrizzleQuotaService = exports.SqliteKeyValueStorage = exports.RedisKeyValueStorage = exports.PostgresKeyValueStorage = exports.WebIdProfileRepository = exports.DrizzleIndexedStorage = exports.ReservedSuffixIdentifierGenerator = exports.TerminalHttpHandler = exports.EdgeNodeCertificateHttpHandler = exports.TracingHandler = exports.RouterHttpRoute = exports.RouterHttpHandler = exports.EdgeNodeProxyHttpHandler = exports.EdgeNodeDirectDebugHttpHandler = exports.ClusterWebSocketConfigurator = exports.ClusterIngressRouter = exports.QuotaAdminHttpHandler = exports.SubgraphSparqlHttpHandler = exports.QuintstoreSparqlEngine = exports.QuadstoreSparqlEngine = exports.SubgraphQueryEngine = exports.SparqlUpdateResourceStore = exports.ConfigurableLoggerFactory = exports.MixDataAccessor = exports.QuintStoreSparqlDataAccessor = exports.QuadstoreSparqlDataAccessor = exports.MinioDataAccessor = exports.RepresentationPartialConvertingStore = exports.AppStaticAssetHandler = void 0;
4
- exports.AuthModeSelector = exports.LocalPodProvisioningService = exports.ProvisionCodeCodec = exports.ProvisionPodCreator = exports.UrlAwareRedisLocker = exports.LoopbackClientIdAdapterFactory = exports.AutoDetectIdentityProviderHandler = exports.AutoDetectOidcHandler = exports.DisabledIdentityProviderHandler = exports.DisabledOidcHandler = exports.SubdomainPodIdentifierStrategy = exports.MultiDomainIdentifierStrategy = exports.SubdomainService = exports.LocalTunnelProvider = exports.CloudflareTunnelProvider = exports.CredentialReaderImpl = exports.CredentialReader = exports.EmbeddingServiceImpl = exports.EmbeddingService = exports.ProviderRegistryImpl = exports.ProviderRegistry = exports.VectorHttpHandler = exports.PostgresVectorStore = exports.SqliteVectorStore = exports.VectorStore = exports.BaseQuintStore = exports.PgQuintStore = exports.SqliteQuintStore = void 0;
3
+ exports.ReactAppViewHandler = exports.PodRoutingHttpHandler = exports.CenterNodeRegistrationService = exports.UsageTrackingStore = exports.ClusterIdentifierStrategy = exports.EdgeNodeModeDetector = exports.AcmeCertificateManager = exports.EdgeNodeCertificateService = exports.EdgeNodeAgent = exports.EdgeNodeHealthProbeService = exports.FrpTunnelManager = exports.NoopEdgeNodeTunnelManager = exports.SimpleEdgeNodeTunnelManager = exports.Dns01CertificateProvisioner = exports.EdgeNodeDnsCoordinator = exports.TencentDnsProvider = exports.PerAccountQuotaStrategy = exports.NoopEntitlementProvider = exports.HttpEntitlementProvider = exports.NoopQuotaService = exports.DrizzleQuotaService = exports.SqliteKeyValueStorage = exports.RedisKeyValueStorage = exports.PostgresKeyValueStorage = exports.ValidatingIdentityProviderHttpHandler = exports.WebIdProfileRepository = exports.DrizzleIndexedStorage = exports.ReservedSuffixIdentifierGenerator = exports.TerminalHttpHandler = exports.EdgeNodeCertificateHttpHandler = exports.TracingHandler = exports.RouterHttpRoute = exports.RouterHttpHandler = exports.EdgeNodeProxyHttpHandler = exports.EdgeNodeDirectDebugHttpHandler = exports.ClusterWebSocketConfigurator = exports.ClusterIngressRouter = exports.QuotaAdminHttpHandler = exports.SubgraphSparqlHttpHandler = exports.QuintstoreSparqlEngine = exports.QuadstoreSparqlEngine = exports.SubgraphQueryEngine = exports.SparqlUpdateResourceStore = exports.ConfigurableLoggerFactory = exports.MixDataAccessor = exports.QuintStoreSparqlDataAccessor = exports.QuadstoreSparqlDataAccessor = exports.MinioDataAccessor = exports.RepresentationPartialConvertingStore = exports.AppStaticAssetHandler = void 0;
4
+ exports.AuthModeSelector = exports.LocalPodProvisioningService = exports.ProvisionCodeCodec = exports.ProvisionPodCreator = exports.UrlAwareRedisLocker = exports.LoopbackClientIdAdapterFactory = exports.AutoDetectIdentityProviderHandler = exports.AutoDetectOidcHandler = exports.DisabledIdentityProviderHandler = exports.DisabledOidcHandler = exports.SubdomainPodIdentifierStrategy = exports.MultiDomainIdentifierStrategy = exports.SubdomainService = exports.LocalTunnelProvider = exports.CloudflareTunnelProvider = exports.CredentialReaderImpl = exports.CredentialReader = exports.EmbeddingServiceImpl = exports.EmbeddingService = exports.ProviderRegistryImpl = exports.ProviderRegistry = exports.VectorHttpHandler = exports.PostgresVectorStore = exports.SqliteVectorStore = exports.VectorStore = exports.BaseQuintStore = exports.PgQuintStore = exports.SqliteQuintStore = exports.QuintStore = void 0;
5
5
  require("./runtime/configure-drizzle-solid");
6
6
  const RepresentationPartialConvertingStore_1 = require("./storage/RepresentationPartialConvertingStore");
7
7
  Object.defineProperty(exports, "RepresentationPartialConvertingStore", { enumerable: true, get: function () { return RepresentationPartialConvertingStore_1.RepresentationPartialConvertingStore; } });
@@ -49,6 +49,8 @@ const DrizzleIndexedStorage_1 = require("./identity/drizzle/DrizzleIndexedStorag
49
49
  Object.defineProperty(exports, "DrizzleIndexedStorage", { enumerable: true, get: function () { return DrizzleIndexedStorage_1.DrizzleIndexedStorage; } });
50
50
  const WebIdProfileRepository_1 = require("./identity/drizzle/WebIdProfileRepository");
51
51
  Object.defineProperty(exports, "WebIdProfileRepository", { enumerable: true, get: function () { return WebIdProfileRepository_1.WebIdProfileRepository; } });
52
+ const ValidatingIdentityProviderHttpHandler_1 = require("./identity/ValidatingIdentityProviderHttpHandler");
53
+ Object.defineProperty(exports, "ValidatingIdentityProviderHttpHandler", { enumerable: true, get: function () { return ValidatingIdentityProviderHttpHandler_1.ValidatingIdentityProviderHttpHandler; } });
52
54
  const PostgresKeyValueStorage_1 = require("./storage/keyvalue/PostgresKeyValueStorage");
53
55
  Object.defineProperty(exports, "PostgresKeyValueStorage", { enumerable: true, get: function () { return PostgresKeyValueStorage_1.PostgresKeyValueStorage; } });
54
56
  const RedisKeyValueStorage_1 = require("./storage/keyvalue/RedisKeyValueStorage");