@vercel/sandbox 1.9.0 → 1.9.2

package/dist/auth/oauth.js

@@ -1,269 +1,202 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.OAuth = OAuth;
-exports.isOAuthError = isOAuthError;
-const os_1 = __importDefault(require("os"));
-const zod_1 = require("zod");
-const version_1 = require("../version");
-const USER_AGENT = `${os_1.default.hostname()} @ vercel/sandbox/${version_1.VERSION} node-${process.version} ${os_1.default.platform()} (${os_1.default.arch()})`;
+import { VERSION } from "../version.js";
+import { z } from "zod";
+import os from "os";
+
+//#region src/auth/oauth.ts
+const USER_AGENT = `${os.hostname()} @ vercel/sandbox/${VERSION} node-${process.version} ${os.platform()} (${os.arch()})`;
 const ISSUER = new URL("https://vercel.com");
 const CLIENT_ID = "cl_HYyOPBNtFMfHhaUn9L4QPfTZz6TP47bp";
-const AuthorizationServerMetadata = zod_1.z.object({
-    issuer: zod_1.z.string().url(),
-    device_authorization_endpoint: zod_1.z.string().url(),
-    token_endpoint: zod_1.z.string().url(),
-    revocation_endpoint: zod_1.z.string().url(),
-    jwks_uri: zod_1.z.string().url(),
-    introspection_endpoint: zod_1.z.string().url(),
+const AuthorizationServerMetadata = z.object({
+	issuer: z.string().url(),
+	device_authorization_endpoint: z.string().url(),
+	token_endpoint: z.string().url(),
+	revocation_endpoint: z.string().url(),
+	jwks_uri: z.string().url(),
+	introspection_endpoint: z.string().url()
 });
 let _as;
-const DeviceAuthorization = zod_1.z.object({
-    device_code: zod_1.z.string(),
-    user_code: zod_1.z.string(),
-    verification_uri: zod_1.z.string().url(),
-    verification_uri_complete: zod_1.z.string().url(),
-    expires_in: zod_1.z.number(),
-    interval: zod_1.z.number(),
+const DeviceAuthorization = z.object({
+	device_code: z.string(),
+	user_code: z.string(),
+	verification_uri: z.string().url(),
+	verification_uri_complete: z.string().url(),
+	expires_in: z.number(),
+	interval: z.number()
 });
-const IntrospectionResponse = zod_1.z
-    .object({
-    active: zod_1.z.literal(true),
-    client_id: zod_1.z.string(),
-    session_id: zod_1.z.string(),
-})
-    .or(zod_1.z.object({ active: zod_1.z.literal(false) }));
+const IntrospectionResponse = z.object({
+	active: z.literal(true),
+	client_id: z.string(),
+	session_id: z.string()
+}).or(z.object({ active: z.literal(false) }));
 /**
- * Returns the Authorization Server Metadata
- *
- * @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
- * @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse
- */
+* Returns the Authorization Server Metadata
+*
+* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
+* @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse
+*/
 async function authorizationServerMetadata() {
-    if (_as)
-        return _as;
-    const response = await fetch(new URL(".well-known/openid-configuration", ISSUER), {
-        headers: { "Content-Type": "application/json", "user-agent": USER_AGENT },
-    });
-    _as = AuthorizationServerMetadata.parse(await response.json());
-    return _as;
+	if (_as) return _as;
+	const response = await fetch(new URL(".well-known/openid-configuration", ISSUER), { headers: {
+		"Content-Type": "application/json",
+		"user-agent": USER_AGENT
+	} });
+	_as = AuthorizationServerMetadata.parse(await response.json());
+	return _as;
 }
 async function OAuth() {
-    const as = await authorizationServerMetadata();
-    return {
-        /**
-         * Perform the Device Authorization Request
-         *
-         * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.1
-         * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.2
-         */
-        async deviceAuthorizationRequest() {
-            const response = await fetch(as.device_authorization_endpoint, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/x-www-form-urlencoded",
-                    "user-agent": USER_AGENT,
-                },
-                body: new URLSearchParams({
-                    client_id: CLIENT_ID,
-                    scope: "openid offline_access",
-                }),
-            });
-            const json = await response.json();
-            const parsed = DeviceAuthorization.safeParse(json);
-            if (!parsed.success) {
-                throw new OAuthError(`Failed to parse device authorization response: ${parsed.error.message}`, json);
-            }
-            return {
-                device_code: parsed.data.device_code,
-                user_code: parsed.data.user_code,
-                verification_uri: parsed.data.verification_uri,
-                verification_uri_complete: parsed.data.verification_uri_complete,
-                expiresAt: Date.now() + parsed.data.expires_in * 1000,
-                interval: parsed.data.interval,
-            };
-        },
-        /**
-         * Perform the Device Access Token Request
-         *
-         * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.4
-         */
-        async deviceAccessTokenRequest(device_code) {
-            try {
-                return [
-                    null,
-                    await fetch(as.token_endpoint, {
-                        method: "POST",
-                        headers: {
-                            "Content-Type": "application/x-www-form-urlencoded",
-                            "user-agent": USER_AGENT,
-                        },
-                        body: new URLSearchParams({
-                            client_id: CLIENT_ID,
-                            grant_type: "urn:ietf:params:oauth:grant-type:device_code",
-                            device_code,
-                        }),
-                        signal: AbortSignal.timeout(10 * 1000),
-                    }),
-                ];
-            }
-            catch (error) {
-                if (error instanceof Error)
-                    return [error];
-                return [
-                    new Error("An unknown error occurred. See the logs for details.", {
-                        cause: error,
-                    }),
-                ];
-            }
-        },
-        /**
-         * Process the Token request Response
-         *
-         * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
-         */
-        async processTokenResponse(response) {
-            const json = await response.json();
-            const processed = TokenSet.safeParse(json);
-            if (!processed.success) {
-                return [
-                    new OAuthError(`Failed to parse token response: ${processed.error.message}`, json),
-                ];
-            }
-            return [null, processed.data];
-        },
-        /**
-         * Perform a Token Revocation Request.
-         *
-         * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
-         * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.2
-         */
-        async revokeToken(token) {
-            const response = await fetch(as.revocation_endpoint, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/x-www-form-urlencoded",
-                    "user-agent": USER_AGENT,
-                },
-                body: new URLSearchParams({ token, client_id: CLIENT_ID }),
-            });
-            if (response.ok)
-                return;
-            const json = await response.json();
-            return new OAuthError("Revocation request failed", json);
-        },
-        /**
-         * Perform Refresh Token Request.
-         *
-         * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
-         */
-        async refreshToken(token) {
-            const response = await fetch(as.token_endpoint, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/x-www-form-urlencoded",
-                    "user-agent": USER_AGENT,
-                },
-                body: new URLSearchParams({
-                    client_id: CLIENT_ID,
-                    grant_type: "refresh_token",
-                    refresh_token: token,
-                }),
-            });
-            const [tokensError, tokenSet] = await this.processTokenResponse(response);
-            if (tokensError)
-                throw tokensError;
-            return tokenSet;
-        },
-        /**
-         * Perform Token Introspection Request.
-         *
-         * @see https://datatracker.ietf.org/doc/html/rfc7662#section-2.1
-         */
-        async introspectToken(token) {
-            const response = await fetch(as.introspection_endpoint, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/x-www-form-urlencoded",
-                    "user-agent": USER_AGENT,
-                },
-                body: new URLSearchParams({ token }),
-            });
-            const json = await response.json();
-            const processed = IntrospectionResponse.safeParse(json);
-            if (!processed.success) {
-                throw new OAuthError(`Failed to parse introspection response: ${processed.error.message}`, json);
-            }
-            return processed.data;
-        },
-    };
+	const as = await authorizationServerMetadata();
+	return {
+		async deviceAuthorizationRequest() {
+			const json = await (await fetch(as.device_authorization_endpoint, {
+				method: "POST",
+				headers: {
+					"Content-Type": "application/x-www-form-urlencoded",
+					"user-agent": USER_AGENT
+				},
+				body: new URLSearchParams({
+					client_id: CLIENT_ID,
+					scope: "openid offline_access"
+				})
+			})).json();
+			const parsed = DeviceAuthorization.safeParse(json);
+			if (!parsed.success) throw new OAuthError(`Failed to parse device authorization response: ${parsed.error.message}`, json);
+			return {
+				device_code: parsed.data.device_code,
+				user_code: parsed.data.user_code,
+				verification_uri: parsed.data.verification_uri,
+				verification_uri_complete: parsed.data.verification_uri_complete,
+				expiresAt: Date.now() + parsed.data.expires_in * 1e3,
+				interval: parsed.data.interval
+			};
+		},
+		async deviceAccessTokenRequest(device_code) {
+			try {
+				return [null, await fetch(as.token_endpoint, {
+					method: "POST",
+					headers: {
+						"Content-Type": "application/x-www-form-urlencoded",
+						"user-agent": USER_AGENT
+					},
+					body: new URLSearchParams({
+						client_id: CLIENT_ID,
+						grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+						device_code
+					}),
+					signal: AbortSignal.timeout(10 * 1e3)
+				})];
+			} catch (error) {
+				if (error instanceof Error) return [error];
+				return [new Error("An unknown error occurred. See the logs for details.", { cause: error })];
+			}
+		},
+		async processTokenResponse(response) {
+			const json = await response.json();
+			const processed = TokenSet.safeParse(json);
+			if (!processed.success) return [new OAuthError(`Failed to parse token response: ${processed.error.message}`, json)];
+			return [null, processed.data];
+		},
+		async revokeToken(token) {
+			const response = await fetch(as.revocation_endpoint, {
+				method: "POST",
+				headers: {
+					"Content-Type": "application/x-www-form-urlencoded",
+					"user-agent": USER_AGENT
+				},
+				body: new URLSearchParams({
+					token,
+					client_id: CLIENT_ID
+				})
+			});
+			if (response.ok) return;
+			return new OAuthError("Revocation request failed", await response.json());
+		},
+		async refreshToken(token) {
+			const response = await fetch(as.token_endpoint, {
+				method: "POST",
+				headers: {
+					"Content-Type": "application/x-www-form-urlencoded",
+					"user-agent": USER_AGENT
+				},
+				body: new URLSearchParams({
+					client_id: CLIENT_ID,
+					grant_type: "refresh_token",
+					refresh_token: token
+				})
+			});
+			const [tokensError, tokenSet] = await this.processTokenResponse(response);
+			if (tokensError) throw tokensError;
+			return tokenSet;
+		},
+		async introspectToken(token) {
+			const json = await (await fetch(as.introspection_endpoint, {
+				method: "POST",
+				headers: {
+					"Content-Type": "application/x-www-form-urlencoded",
+					"user-agent": USER_AGENT
+				},
+				body: new URLSearchParams({ token })
+			})).json();
+			const processed = IntrospectionResponse.safeParse(json);
+			if (!processed.success) throw new OAuthError(`Failed to parse introspection response: ${processed.error.message}`, json);
+			return processed.data;
+		}
+	};
 }
-const TokenSet = zod_1.z.object({
-    /** The access token issued by the authorization server. */
-    access_token: zod_1.z.string(),
-    /** The type of the token issued */
-    token_type: zod_1.z.literal("Bearer"),
-    /** The lifetime in seconds of the access token. */
-    expires_in: zod_1.z.number(),
-    /** The refresh token, which can be used to obtain new access tokens. */
-    refresh_token: zod_1.z.string().optional(),
-    /** The scope of the access token. */
-    scope: zod_1.z.string().optional(),
+const TokenSet = z.object({
+	access_token: z.string(),
+	token_type: z.literal("Bearer"),
+	expires_in: z.number(),
+	refresh_token: z.string().optional(),
+	scope: z.string().optional()
 });
-const OAuthErrorResponse = zod_1.z.object({
-    error: zod_1.z.enum([
-        "invalid_request",
-        "invalid_client",
-        "invalid_grant",
-        "unauthorized_client",
-        "unsupported_grant_type",
-        "invalid_scope",
-        "server_error",
-        // Device Authorization Response Errors
-        "authorization_pending",
-        "slow_down",
-        "access_denied",
-        "expired_token",
-        // Revocation Response Errors
-        "unsupported_token_type",
-    ]),
-    error_description: zod_1.z.string().optional(),
-    error_uri: zod_1.z.string().optional(),
+const OAuthErrorResponse = z.object({
+	error: z.enum([
+		"invalid_request",
+		"invalid_client",
+		"invalid_grant",
+		"unauthorized_client",
+		"unsupported_grant_type",
+		"invalid_scope",
+		"server_error",
+		"authorization_pending",
+		"slow_down",
+		"access_denied",
+		"expired_token",
+		"unsupported_token_type"
+	]),
+	error_description: z.string().optional(),
+	error_uri: z.string().optional()
 });
 function processOAuthErrorResponse(json) {
-    try {
-        return OAuthErrorResponse.parse(json);
-    }
-    catch (error) {
-        if (error instanceof zod_1.z.ZodError) {
-            return new TypeError(`Invalid OAuth error response: ${error.message}`);
-        }
-        return new TypeError("Failed to parse OAuth error response");
-    }
-}
-class OAuthError extends Error {
-    constructor(message, response) {
-        super(message);
-        this.name = "OAuthError";
-        const error = processOAuthErrorResponse(response);
-        if (error instanceof TypeError) {
-            const message = `Unexpected server response: ${JSON.stringify(response)}`;
-            this.cause = new Error(message, { cause: error });
-            this.code = "server_error";
-            return;
-        }
-        let cause = error.error;
-        if (error.error_description)
-            cause += `: ${error.error_description}`;
-        if (error.error_uri)
-            cause += ` (${error.error_uri})`;
-        this.cause = new Error(cause);
-        this.code = error.error;
-    }
+	try {
+		return OAuthErrorResponse.parse(json);
+	} catch (error) {
+		if (error instanceof z.ZodError) return /* @__PURE__ */ new TypeError(`Invalid OAuth error response: ${error.message}`);
+		return /* @__PURE__ */ new TypeError("Failed to parse OAuth error response");
+	}
 }
+var OAuthError = class extends Error {
+	constructor(message, response) {
+		super(message);
+		this.name = "OAuthError";
+		const error = processOAuthErrorResponse(response);
+		if (error instanceof TypeError) {
+			const message$1 = `Unexpected server response: ${JSON.stringify(response)}`;
+			this.cause = new Error(message$1, { cause: error });
+			this.code = "server_error";
+			return;
+		}
+		let cause = error.error;
+		if (error.error_description) cause += `: ${error.error_description}`;
+		if (error.error_uri) cause += ` (${error.error_uri})`;
+		this.cause = new Error(cause);
+		this.code = error.error;
+	}
+};
 function isOAuthError(error) {
-    return error instanceof OAuthError;
+	return error instanceof OAuthError;
 }
+
+//#endregion
+export { OAuth, isOAuthError };
 //# sourceMappingURL=oauth.js.map

package/dist/auth/oauth.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":";;;;;AA2DA,sBA0KC;AA6ED,oCAEC;AApTD,4CAAoB;AACpB,6BAAwB;AACxB,wCAAqC;AAErC,MAAM,UAAU,GAAG,GAAG,YAAE,CAAC,QAAQ,EAAE,qBAAqB,iBAAO,SAC7D,OAAO,CAAC,OACV,IAAI,YAAE,CAAC,QAAQ,EAAE,KAAK,YAAE,CAAC,IAAI,EAAE,GAAG,CAAC;AAEnC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAC7C,MAAM,SAAS,GAAG,qCAAqC,CAAC;AAExD,MAAM,2BAA2B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACxB,6BAA6B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAC/C,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAChC,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAC1B,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;CACzC,CAAC,CAAC;AAEH,IAAI,GAAgC,CAAC;AAErC,MAAM,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAClC,yBAAyB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAC3C,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;IACtB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;CACrB,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,OAAC;KAC5B,MAAM,CAAC;IACN,MAAM,EAAE,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IACvB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;CACvB,CAAC;KACD,EAAE,CAAC,OAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;AAE9C;;;;;GAKG;AACH,KAAK,UAAU,2BAA2B;IACxC,IAAI,GAAG;QAAE,OAAO,GAAG,CAAC;IAEpB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,IAAI,GAAG,CAAC,kCAAkC,EAAE,MAAM,CAAC,EACnD;QACE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,YAAY,EAAE,UAAU,EAAE;KAC1E,CACF,CAAC;IAEF,GAAG,GAAG,2BAA2B,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,OAAO,GAAG,CAAC;AACb,CAAC;AAEM,KAAK,UAAU,KAAK;IACzB,MAAM,EAAE,GAAG,MAAM,2BAA2B,EAAE,CAAC;IAC/C,OAAO;QACL;;;;;WAKG;QACH,KAAK,CAAC,0BAA0B;YAC9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC,6BAA6B,EAAE;gBAC7D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,YAAY,EAAE,UAAU;iBACzB;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,SAAS,EAAE,SAAS;oBACpB,KAAK,EAAE,uBAAuB;iBAC/B,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAEnD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,UAAU,CAClB,kDAAkD,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,EACxE,IAAI,CACL,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW;gBACpC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS;gBAChC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB;gBAC9C,yBAAyB,EAAE,MAAM,CAAC,IAAI,CAAC,yBAAyB;gBAChE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI;gBACrD,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ;aAC/B,CAAC;QACJ,CAAC;QACD;;;;WAIG;QACH,KAAK,CAAC,wBAAwB,CAC5B,WAAmB;YAEnB,IAAI,CAAC;gBACH,OAAO;oBACL,IAAI;oBACJ,MAAM,KAAK,CAAC,EAAE,CAAC,cAAc,EAAE;wBAC7B,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE;4BACP,cAAc,EAAE,mCAAmC;4BACnD,YAAY,EAAE,UAAU;yBACzB;wBACD,IAAI,EAAE,IAAI,eAAe,CAAC;4BACxB,SAAS,EAAE,SAAS;4BACpB,UAAU,EAAE,8CAA8C;4BAC1D,WAAW;yBACZ,CAAC;wBACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,GAAG,IAAI,CAAC;qBACvC,CAAC;iBACH,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,KAAK;oBAAE,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC3C,OAAO;oBACL,IAAI,KAAK,CAAC,sDAAsD,EAAE;wBAChE,KAAK,EAAE,KAAK;qBACb,CAAC;iBACH,CAAC;YACJ,CAAC;QACH,CAAC;QACD;;;;WAIG;QACH,KAAK,CAAC,oBAAoB,CACxB,QAAkB;YAElB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAE3C,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,OAAO;oBACL,IAAI,UAAU,CACZ,mCAAmC,SAAS,CAAC,KAAK,CAAC,OAAO,EAAE,EAC5D,IAAI,CACL;iBACF,CAAC;YACJ,CAAC;YAED,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QACD;;;;;WAKG;QACH,KAAK,CAAC,WAAW,CAAC,KAAa;YAC7B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC,mBAAmB,EAAE;gBACnD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,YAAY,EAAE,UAAU;iBACzB;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;aAC3D,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE;gBAAE,OAAO;YACxB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,OAAO,IAAI,UAAU,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;QAC3D,CAAC;QACD;;;;WAIG;QACH,KAAK,CAAC,YAAY,CAAC,KAAa;YAC9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC,cAAc,EAAE;gBAC9C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,YAAY,EAAE,UAAU;iBACzB;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,SAAS,EAAE,SAAS;oBACpB,UAAU,EAAE,eAAe;oBAC3B,aAAa,EAAE,KAAK;iBACrB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;YAC1E,IAAI,WAAW;gBAAE,MAAM,WAAW,CAAC;YACnC,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD;;;;WAIG;QACH,KAAK,CAAC,eAAe,CACnB,KAAa;YAEb,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC,sBAAsB,EAAE;gBACtD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,YAAY,EAAE,UAAU;iBACzB;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC,EAAE,KAAK,EAAE,CAAC;aACrC,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,qBAAqB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACxD,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,UAAU,CAClB,2CAA2C,SAAS,CAAC,KAAK,CAAC,OAAO,EAAE,EACpE,IAAI,CACL,CAAC;YACJ,CAAC;YAED,OAAO,SAAS,CAAC,IAAI,CAAC;QACxB,CAAC;KACF,CAAC;AACJ,CAAC;AAID,MAAM,QAAQ,GAAG,OAAC,CAAC,MAAM,CAAC;IACxB,2DAA2D;IAC3D,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,mCAAmC;IACnC,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAC/B,mDAAmD;IACnD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;IACtB,wEAAwE;IACxE,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,qCAAqC;IACrC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC,CAAC;AAIH,MAAM,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,KAAK,EAAE,OAAC,CAAC,IAAI,CAAC;QACZ,iBAAiB;QACjB,gBAAgB;QAChB,eAAe;QACf,qBAAqB;QACrB,wBAAwB;QACxB,eAAe;QACf,cAAc;QACd,uCAAuC;QACvC,uBAAuB;QACvB,WAAW;QACX,eAAe;QACf,eAAe;QACf,6BAA6B;QAC7B,wBAAwB;KACzB,CAAC;IACF,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAIH,SAAS,yBAAyB,CAChC,IAAa;IAEb,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,OAAC,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,IAAI,SAAS,CAAC,iCAAiC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED,MAAM,UAAW,SAAQ,KAAK;IAI5B,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,OAAO,CAAC,CAAC;QAJjB,SAAI,GAAG,YAAY,CAAC;QAKlB,MAAM,KAAK,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QAClD,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,+BAA+B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;YAClD,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,IAAI,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QACxB,IAAI,KAAK,CAAC,iBAAiB;YAAE,KAAK,IAAI,KAAK,KAAK,CAAC,iBAAiB,EAAE,CAAC;QACrE,IAAI,KAAK,CAAC,SAAS;YAAE,KAAK,IAAI,KAAK,KAAK,CAAC,SAAS,GAAG,CAAC;QAEtD,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;CACF;AAED,SAAgB,YAAY,CAAC,KAAc;IACzC,OAAO,KAAK,YAAY,UAAU,CAAC;AACrC,CAAC"}
+{"version":3,"file":"oauth.js","names":["_as: AuthorizationServerMetadata","message"],"sources":["../../src/auth/oauth.ts"],"sourcesContent":["import os from \"os\";\nimport { z } from \"zod\";\nimport { VERSION } from \"../version.js\";\n\nconst USER_AGENT = `${os.hostname()} @ vercel/sandbox/${VERSION} node-${\n  process.version\n} ${os.platform()} (${os.arch()})`;\n\nconst ISSUER = new URL(\"https://vercel.com\");\nconst CLIENT_ID = \"cl_HYyOPBNtFMfHhaUn9L4QPfTZz6TP47bp\";\n\nconst AuthorizationServerMetadata = z.object({\n  issuer: z.string().url(),\n  device_authorization_endpoint: z.string().url(),\n  token_endpoint: z.string().url(),\n  revocation_endpoint: z.string().url(),\n  jwks_uri: z.string().url(),\n  introspection_endpoint: z.string().url(),\n});\ntype AuthorizationServerMetadata = z.infer<typeof AuthorizationServerMetadata>;\nlet _as: AuthorizationServerMetadata;\n\nconst DeviceAuthorization = z.object({\n  device_code: z.string(),\n  user_code: z.string(),\n  verification_uri: z.string().url(),\n  verification_uri_complete: z.string().url(),\n  expires_in: z.number(),\n  interval: z.number(),\n});\n\nconst IntrospectionResponse = z\n  .object({\n    active: z.literal(true),\n    client_id: z.string(),\n    session_id: z.string(),\n  })\n  .or(z.object({ active: z.literal(false) }));\n\n/**\n * Returns the Authorization Server Metadata\n *\n * @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest\n * @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse\n */\nasync function authorizationServerMetadata(): Promise<AuthorizationServerMetadata> {\n  if (_as) return _as;\n\n  const response = await fetch(\n    new URL(\".well-known/openid-configuration\", ISSUER),\n    {\n      headers: { \"Content-Type\": \"application/json\", \"user-agent\": USER_AGENT },\n    },\n  );\n\n  _as = AuthorizationServerMetadata.parse(await response.json());\n  return _as;\n}\n\nexport async function OAuth() {\n  const as = await authorizationServerMetadata();\n  return {\n    /**\n     * Perform the Device Authorization Request\n     *\n     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.1\n     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.2\n     */\n    async deviceAuthorizationRequest(): Promise<DeviceAuthorizationRequest> {\n      const response = await fetch(as.device_authorization_endpoint, {\n        method: \"POST\",\n        headers: {\n          \"Content-Type\": \"application/x-www-form-urlencoded\",\n          \"user-agent\": USER_AGENT,\n        },\n        body: new URLSearchParams({\n          client_id: CLIENT_ID,\n          scope: \"openid offline_access\",\n        }),\n      });\n\n      const json = await response.json();\n      const parsed = DeviceAuthorization.safeParse(json);\n\n      if (!parsed.success) {\n        throw new OAuthError(\n          `Failed to parse device authorization response: ${parsed.error.message}`,\n          json,\n        );\n      }\n\n      return {\n        device_code: parsed.data.device_code,\n        user_code: parsed.data.user_code,\n        verification_uri: parsed.data.verification_uri,\n        verification_uri_complete: parsed.data.verification_uri_complete,\n        expiresAt: Date.now() + parsed.data.expires_in * 1000,\n        interval: parsed.data.interval,\n      };\n    },\n    /**\n     * Perform the Device Access Token Request\n     *\n     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.4\n     */\n    async deviceAccessTokenRequest(\n      device_code: string,\n    ): Promise<[Error] | [null, Response]> {\n      try {\n        return [\n          null,\n          await fetch(as.token_endpoint, {\n            method: \"POST\",\n            headers: {\n              \"Content-Type\": \"application/x-www-form-urlencoded\",\n              \"user-agent\": USER_AGENT,\n            },\n            body: new URLSearchParams({\n              client_id: CLIENT_ID,\n              grant_type: \"urn:ietf:params:oauth:grant-type:device_code\",\n              device_code,\n            }),\n            signal: AbortSignal.timeout(10 * 1000),\n          }),\n        ];\n      } catch (error) {\n        if (error instanceof Error) return [error];\n        return [\n          new Error(\"An unknown error occurred. See the logs for details.\", {\n            cause: error,\n          }),\n        ];\n      }\n    },\n    /**\n     * Process the Token request Response\n     *\n     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.5\n     */\n    async processTokenResponse(\n      response: Response,\n    ): Promise<[OAuthError] | [null, TokenSet]> {\n      const json = await response.json();\n      const processed = TokenSet.safeParse(json);\n\n      if (!processed.success) {\n        return [\n          new OAuthError(\n            `Failed to parse token response: ${processed.error.message}`,\n            json,\n          ),\n        ];\n      }\n\n      return [null, processed.data];\n    },\n    /**\n     * Perform a Token Revocation Request.\n     *\n     * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1\n     * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.2\n     */\n    async revokeToken(token: string): Promise<OAuthError | void> {\n      const response = await fetch(as.revocation_endpoint, {\n        method: \"POST\",\n        headers: {\n          \"Content-Type\": \"application/x-www-form-urlencoded\",\n          \"user-agent\": USER_AGENT,\n        },\n        body: new URLSearchParams({ token, client_id: CLIENT_ID }),\n      });\n\n      if (response.ok) return;\n      const json = await response.json();\n\n      return new OAuthError(\"Revocation request failed\", json);\n    },\n    /**\n     * Perform Refresh Token Request.\n     *\n     * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6\n     */\n    async refreshToken(token: string): Promise<TokenSet> {\n      const response = await fetch(as.token_endpoint, {\n        method: \"POST\",\n        headers: {\n          \"Content-Type\": \"application/x-www-form-urlencoded\",\n          \"user-agent\": USER_AGENT,\n        },\n        body: new URLSearchParams({\n          client_id: CLIENT_ID,\n          grant_type: \"refresh_token\",\n          refresh_token: token,\n        }),\n      });\n\n      const [tokensError, tokenSet] = await this.processTokenResponse(response);\n      if (tokensError) throw tokensError;\n      return tokenSet;\n    },\n    /**\n     * Perform Token Introspection Request.\n     *\n     * @see https://datatracker.ietf.org/doc/html/rfc7662#section-2.1\n     */\n    async introspectToken(\n      token: string,\n    ): Promise<z.infer<typeof IntrospectionResponse>> {\n      const response = await fetch(as.introspection_endpoint, {\n        method: \"POST\",\n        headers: {\n          \"Content-Type\": \"application/x-www-form-urlencoded\",\n          \"user-agent\": USER_AGENT,\n        },\n        body: new URLSearchParams({ token }),\n      });\n\n      const json = await response.json();\n      const processed = IntrospectionResponse.safeParse(json);\n      if (!processed.success) {\n        throw new OAuthError(\n          `Failed to parse introspection response: ${processed.error.message}`,\n          json,\n        );\n      }\n\n      return processed.data;\n    },\n  };\n}\n\nexport type OAuth = Awaited<ReturnType<typeof OAuth>>;\n\nconst TokenSet = z.object({\n  /** The access token issued by the authorization server. */\n  access_token: z.string(),\n  /** The type of the token issued */\n  token_type: z.literal(\"Bearer\"),\n  /** The lifetime in seconds of the access token. */\n  expires_in: z.number(),\n  /** The refresh token, which can be used to obtain new access tokens. */\n  refresh_token: z.string().optional(),\n  /** The scope of the access token. */\n  scope: z.string().optional(),\n});\n\ntype TokenSet = z.infer<typeof TokenSet>;\n\nconst OAuthErrorResponse = z.object({\n  error: z.enum([\n    \"invalid_request\",\n    \"invalid_client\",\n    \"invalid_grant\",\n    \"unauthorized_client\",\n    \"unsupported_grant_type\",\n    \"invalid_scope\",\n    \"server_error\",\n    // Device Authorization Response Errors\n    \"authorization_pending\",\n    \"slow_down\",\n    \"access_denied\",\n    \"expired_token\",\n    // Revocation Response Errors\n    \"unsupported_token_type\",\n  ]),\n  error_description: z.string().optional(),\n  error_uri: z.string().optional(),\n});\n\ntype OAuthErrorResponse = z.infer<typeof OAuthErrorResponse>;\n\nfunction processOAuthErrorResponse(\n  json: unknown,\n): OAuthErrorResponse | TypeError {\n  try {\n    return OAuthErrorResponse.parse(json);\n  } catch (error) {\n    if (error instanceof z.ZodError) {\n      return new TypeError(`Invalid OAuth error response: ${error.message}`);\n    }\n    return new TypeError(\"Failed to parse OAuth error response\");\n  }\n}\n\nclass OAuthError extends Error {\n  name = \"OAuthError\";\n  code: OAuthErrorResponse[\"error\"];\n  cause: Error;\n  constructor(message: string, response: unknown) {\n    super(message);\n    const error = processOAuthErrorResponse(response);\n    if (error instanceof TypeError) {\n      const message = `Unexpected server response: ${JSON.stringify(response)}`;\n      this.cause = new Error(message, { cause: error });\n      this.code = \"server_error\";\n      return;\n    }\n    let cause = error.error;\n    if (error.error_description) cause += `: ${error.error_description}`;\n    if (error.error_uri) cause += ` (${error.error_uri})`;\n\n    this.cause = new Error(cause);\n    this.code = error.error;\n  }\n}\n\nexport function isOAuthError(error: unknown): error is OAuthError {\n  return error instanceof OAuthError;\n}\n\nexport interface DeviceAuthorizationRequest {\n  /** The device verification code. */\n  device_code: string;\n  /** The end-user verification code. */\n  user_code: string;\n  /**\n   * The minimum amount of time in seconds that the client\n   * SHOULD wait between polling requests to the token endpoint.\n   */\n  interval: number;\n  /** The end-user verification URI on the authorization server. */\n  verification_uri: string;\n  /**\n   * The end-user verification URI on the authorization server,\n   * including the `user_code`, without redirection.\n   */\n  verification_uri_complete: string;\n  /**\n   * The absolute lifetime of the `device_code` and `user_code`.\n   * Calculated from `expires_in`.\n   */\n  expiresAt: number;\n}\n"],"mappings":";;;;;AAIA,MAAM,aAAa,GAAG,GAAG,UAAU,CAAC,oBAAoB,QAAQ,QAC9D,QAAQ,QACT,GAAG,GAAG,UAAU,CAAC,IAAI,GAAG,MAAM,CAAC;AAEhC,MAAM,SAAS,IAAI,IAAI,qBAAqB;AAC5C,MAAM,YAAY;AAElB,MAAM,8BAA8B,EAAE,OAAO;CAC3C,QAAQ,EAAE,QAAQ,CAAC,KAAK;CACxB,+BAA+B,EAAE,QAAQ,CAAC,KAAK;CAC/C,gBAAgB,EAAE,QAAQ,CAAC,KAAK;CAChC,qBAAqB,EAAE,QAAQ,CAAC,KAAK;CACrC,UAAU,EAAE,QAAQ,CAAC,KAAK;CAC1B,wBAAwB,EAAE,QAAQ,CAAC,KAAK;CACzC,CAAC;AAEF,IAAIA;AAEJ,MAAM,sBAAsB,EAAE,OAAO;CACnC,aAAa,EAAE,QAAQ;CACvB,WAAW,EAAE,QAAQ;CACrB,kBAAkB,EAAE,QAAQ,CAAC,KAAK;CAClC,2BAA2B,EAAE,QAAQ,CAAC,KAAK;CAC3C,YAAY,EAAE,QAAQ;CACtB,UAAU,EAAE,QAAQ;CACrB,CAAC;AAEF,MAAM,wBAAwB,EAC3B,OAAO;CACN,QAAQ,EAAE,QAAQ,KAAK;CACvB,WAAW,EAAE,QAAQ;CACrB,YAAY,EAAE,QAAQ;CACvB,CAAC,CACD,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,MAAM,EAAE,CAAC,CAAC;;;;;;;AAQ7C,eAAe,8BAAoE;AACjF,KAAI,IAAK,QAAO;CAEhB,MAAM,WAAW,MAAM,MACrB,IAAI,IAAI,oCAAoC,OAAO,EACnD,EACE,SAAS;EAAE,gBAAgB;EAAoB,cAAc;EAAY,EAC1E,CACF;AAED,OAAM,4BAA4B,MAAM,MAAM,SAAS,MAAM,CAAC;AAC9D,QAAO;;AAGT,eAAsB,QAAQ;CAC5B,MAAM,KAAK,MAAM,6BAA6B;AAC9C,QAAO;EAOL,MAAM,6BAAkE;GAatE,MAAM,OAAO,OAZI,MAAM,MAAM,GAAG,+BAA+B;IAC7D,QAAQ;IACR,SAAS;KACP,gBAAgB;KAChB,cAAc;KACf;IACD,MAAM,IAAI,gBAAgB;KACxB,WAAW;KACX,OAAO;KACR,CAAC;IACH,CAAC,EAE0B,MAAM;GAClC,MAAM,SAAS,oBAAoB,UAAU,KAAK;AAElD,OAAI,CAAC,OAAO,QACV,OAAM,IAAI,WACR,kDAAkD,OAAO,MAAM,WAC/D,KACD;AAGH,UAAO;IACL,aAAa,OAAO,KAAK;IACzB,WAAW,OAAO,KAAK;IACvB,kBAAkB,OAAO,KAAK;IAC9B,2BAA2B,OAAO,KAAK;IACvC,WAAW,KAAK,KAAK,GAAG,OAAO,KAAK,aAAa;IACjD,UAAU,OAAO,KAAK;IACvB;;EAOH,MAAM,yBACJ,aACqC;AACrC,OAAI;AACF,WAAO,CACL,MACA,MAAM,MAAM,GAAG,gBAAgB;KAC7B,QAAQ;KACR,SAAS;MACP,gBAAgB;MAChB,cAAc;MACf;KACD,MAAM,IAAI,gBAAgB;MACxB,WAAW;MACX,YAAY;MACZ;MACD,CAAC;KACF,QAAQ,YAAY,QAAQ,KAAK,IAAK;KACvC,CAAC,CACH;YACM,OAAO;AACd,QAAI,iBAAiB,MAAO,QAAO,CAAC,MAAM;AAC1C,WAAO,CACL,IAAI,MAAM,wDAAwD,EAChE,OAAO,OACR,CAAC,CACH;;;EAQL,MAAM,qBACJ,UAC0C;GAC1C,MAAM,OAAO,MAAM,SAAS,MAAM;GAClC,MAAM,YAAY,SAAS,UAAU,KAAK;AAE1C,OAAI,CAAC,UAAU,QACb,QAAO,CACL,IAAI,WACF,mCAAmC,UAAU,MAAM,WACnD,KACD,CACF;AAGH,UAAO,CAAC,MAAM,UAAU,KAAK;;EAQ/B,MAAM,YAAY,OAA2C;GAC3D,MAAM,WAAW,MAAM,MAAM,GAAG,qBAAqB;IACnD,QAAQ;IACR,SAAS;KACP,gBAAgB;KAChB,cAAc;KACf;IACD,MAAM,IAAI,gBAAgB;KAAE;KAAO,WAAW;KAAW,CAAC;IAC3D,CAAC;AAEF,OAAI,SAAS,GAAI;AAGjB,UAAO,IAAI,WAAW,6BAFT,MAAM,SAAS,MAAM,CAEsB;;EAO1D,MAAM,aAAa,OAAkC;GACnD,MAAM,WAAW,MAAM,MAAM,GAAG,gBAAgB;IAC9C,QAAQ;IACR,SAAS;KACP,gBAAgB;KAChB,cAAc;KACf;IACD,MAAM,IAAI,gBAAgB;KACxB,WAAW;KACX,YAAY;KACZ,eAAe;KAChB,CAAC;IACH,CAAC;GAEF,MAAM,CAAC,aAAa,YAAY,MAAM,KAAK,qBAAqB,SAAS;AACzE,OAAI,YAAa,OAAM;AACvB,UAAO;;EAOT,MAAM,gBACJ,OACgD;GAUhD,MAAM,OAAO,OATI,MAAM,MAAM,GAAG,wBAAwB;IACtD,QAAQ;IACR,SAAS;KACP,gBAAgB;KAChB,cAAc;KACf;IACD,MAAM,IAAI,gBAAgB,EAAE,OAAO,CAAC;IACrC,CAAC,EAE0B,MAAM;GAClC,MAAM,YAAY,sBAAsB,UAAU,KAAK;AACvD,OAAI,CAAC,UAAU,QACb,OAAM,IAAI,WACR,2CAA2C,UAAU,MAAM,WAC3D,KACD;AAGH,UAAO,UAAU;;EAEpB;;AAKH,MAAM,WAAW,EAAE,OAAO;CAExB,cAAc,EAAE,QAAQ;CAExB,YAAY,EAAE,QAAQ,SAAS;CAE/B,YAAY,EAAE,QAAQ;CAEtB,eAAe,EAAE,QAAQ,CAAC,UAAU;CAEpC,OAAO,EAAE,QAAQ,CAAC,UAAU;CAC7B,CAAC;AAIF,MAAM,qBAAqB,EAAE,OAAO;CAClC,OAAO,EAAE,KAAK;EACZ;EACA;EACA;EACA;EACA;EACA;EACA;EAEA;EACA;EACA;EACA;EAEA;EACD,CAAC;CACF,mBAAmB,EAAE,QAAQ,CAAC,UAAU;CACxC,WAAW,EAAE,QAAQ,CAAC,UAAU;CACjC,CAAC;AAIF,SAAS,0BACP,MACgC;AAChC,KAAI;AACF,SAAO,mBAAmB,MAAM,KAAK;UAC9B,OAAO;AACd,MAAI,iBAAiB,EAAE,SACrB,wBAAO,IAAI,UAAU,iCAAiC,MAAM,UAAU;AAExE,yBAAO,IAAI,UAAU,uCAAuC;;;AAIhE,IAAM,aAAN,cAAyB,MAAM;CAI7B,YAAY,SAAiB,UAAmB;AAC9C,QAAM,QAAQ;OAJhB,OAAO;EAKL,MAAM,QAAQ,0BAA0B,SAAS;AACjD,MAAI,iBAAiB,WAAW;GAC9B,MAAMC,YAAU,+BAA+B,KAAK,UAAU,SAAS;AACvE,QAAK,QAAQ,IAAI,MAAMA,WAAS,EAAE,OAAO,OAAO,CAAC;AACjD,QAAK,OAAO;AACZ;;EAEF,IAAI,QAAQ,MAAM;AAClB,MAAI,MAAM,kBAAmB,UAAS,KAAK,MAAM;AACjD,MAAI,MAAM,UAAW,UAAS,KAAK,MAAM,UAAU;AAEnD,OAAK,QAAQ,IAAI,MAAM,MAAM;AAC7B,OAAK,OAAO,MAAM;;;AAItB,SAAgB,aAAa,OAAqC;AAChE,QAAO,iBAAiB"}

package/dist/auth/poll-for-token.cjs

@@ -0,0 +1,82 @@
+const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
+const require_file = require('./file.cjs');
+const require_oauth = require('./oauth.cjs');
+let node_timers_promises = require("node:timers/promises");
+
+//#region src/auth/poll-for-token.ts
+async function* pollForToken({ request, oauth }) {
+	const controller = new AbortController();
+	try {
+		let intervalMs = request.interval * 1e3;
+		while (Date.now() < request.expiresAt) {
+			const [tokenResponseError, tokenResponse] = await oauth.deviceAccessTokenRequest(request.device_code);
+			if (tokenResponseError) {
+				if (tokenResponseError.message.includes("timeout")) {
+					intervalMs *= 2;
+					yield {
+						_tag: "Timeout",
+						newInterval: intervalMs
+					};
+					await (0, node_timers_promises.setTimeout)(intervalMs, { signal: controller.signal });
+					continue;
+				}
+				yield {
+					_tag: "Error",
+					error: tokenResponseError
+				};
+				return;
+			}
+			yield {
+				_tag: "Response",
+				response: tokenResponse.clone()
+			};
+			const [tokensError, tokens] = await oauth.processTokenResponse(tokenResponse);
+			if (require_oauth.isOAuthError(tokensError)) {
+				const { code } = tokensError;
+				switch (code) {
+					case "authorization_pending":
+						await (0, node_timers_promises.setTimeout)(intervalMs, { signal: controller.signal });
+						continue;
+					case "slow_down":
+						intervalMs += 5 * 1e3;
+						yield {
+							_tag: "SlowDown",
+							newInterval: intervalMs
+						};
+						await (0, node_timers_promises.setTimeout)(intervalMs, { signal: controller.signal });
+						continue;
+					default:
+						yield {
+							_tag: "Error",
+							error: tokensError.cause
+						};
+						return;
+				}
+			}
+			if (tokensError) {
+				yield {
+					_tag: "Error",
+					error: tokensError
+				};
+				return;
+			}
+			require_file.updateAuthConfig({
+				token: tokens.access_token,
+				expiresAt: new Date(Date.now() + tokens.expires_in * 1e3),
+				refreshToken: tokens.refresh_token
+			});
+			return;
+		}
+		yield {
+			_tag: "Error",
+			error: /* @__PURE__ */ new Error("Timed out waiting for authentication. Please try again.")
+		};
+		return;
+	} finally {
+		controller.abort();
+	}
+}
+
+//#endregion
+exports.pollForToken = pollForToken;
+//# sourceMappingURL=poll-for-token.cjs.map

package/dist/auth/poll-for-token.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"poll-for-token.cjs","names":["isOAuthError"],"sources":["../../src/auth/poll-for-token.ts"],"sourcesContent":["import { setTimeout } from \"node:timers/promises\";\nimport { updateAuthConfig } from \"./file.js\";\nimport { DeviceAuthorizationRequest, isOAuthError, OAuth } from \"./oauth.js\";\n\nexport type PollTokenItem =\n  | { _tag: \"Timeout\"; newInterval: number }\n  | { _tag: \"SlowDown\"; newInterval: number }\n  | { _tag: \"Error\"; error: Error }\n  | {\n      _tag: \"Response\";\n      response: { text(): Promise<string> };\n    };\n\nexport async function* pollForToken({\n  request,\n  oauth,\n}: {\n  request: DeviceAuthorizationRequest;\n  oauth: OAuth;\n}): AsyncGenerator<PollTokenItem, void, void> {\n  const controller = new AbortController();\n  try {\n    let intervalMs = request.interval * 1000;\n    while (Date.now() < request.expiresAt) {\n      const [tokenResponseError, tokenResponse] =\n        await oauth.deviceAccessTokenRequest(request.device_code);\n\n      if (tokenResponseError) {\n        // 2x backoff on connection timeouts per spec https://datatracker.ietf.org/doc/html/rfc8628#section-3.5\n        if (tokenResponseError.message.includes(\"timeout\")) {\n          intervalMs *= 2;\n          yield { _tag: \"Timeout\" as const, newInterval: intervalMs };\n          await setTimeout(intervalMs, { signal: controller.signal });\n          continue;\n        }\n        yield { _tag: \"Error\" as const, error: tokenResponseError };\n        return;\n      }\n\n      yield {\n        _tag: \"Response\" as const,\n        response: tokenResponse.clone() as { text(): Promise<string> },\n      };\n\n      const [tokensError, tokens] =\n        await oauth.processTokenResponse(tokenResponse);\n\n      if (isOAuthError(tokensError)) {\n        const { code } = tokensError;\n        switch (code) {\n          case \"authorization_pending\":\n            await setTimeout(intervalMs, { signal: controller.signal });\n            continue;\n          case \"slow_down\":\n            intervalMs += 5 * 1000;\n            yield { _tag: \"SlowDown\" as const, newInterval: intervalMs };\n            await setTimeout(intervalMs, { signal: controller.signal });\n            continue;\n          default:\n            yield { _tag: \"Error\", error: tokensError.cause };\n            return;\n        }\n      }\n\n      if (tokensError) {\n        yield { _tag: \"Error\", error: tokensError };\n        return;\n      }\n\n      updateAuthConfig({\n        token: tokens.access_token,\n        expiresAt: new Date(Date.now() + tokens.expires_in * 1000),\n        refreshToken: tokens.refresh_token,\n      });\n\n      return;\n    }\n\n    yield {\n      _tag: \"Error\" as const,\n      error: new Error(\n        \"Timed out waiting for authentication. Please try again.\",\n      ),\n    };\n    return;\n  } finally {\n    controller.abort();\n  }\n}\n"],"mappings":";;;;;;AAaA,gBAAuB,aAAa,EAClC,SACA,SAI4C;CAC5C,MAAM,aAAa,IAAI,iBAAiB;AACxC,KAAI;EACF,IAAI,aAAa,QAAQ,WAAW;AACpC,SAAO,KAAK,KAAK,GAAG,QAAQ,WAAW;GACrC,MAAM,CAAC,oBAAoB,iBACzB,MAAM,MAAM,yBAAyB,QAAQ,YAAY;AAE3D,OAAI,oBAAoB;AAEtB,QAAI,mBAAmB,QAAQ,SAAS,UAAU,EAAE;AAClD,mBAAc;AACd,WAAM;MAAE,MAAM;MAAoB,aAAa;MAAY;AAC3D,gDAAiB,YAAY,EAAE,QAAQ,WAAW,QAAQ,CAAC;AAC3D;;AAEF,UAAM;KAAE,MAAM;KAAkB,OAAO;KAAoB;AAC3D;;AAGF,SAAM;IACJ,MAAM;IACN,UAAU,cAAc,OAAO;IAChC;GAED,MAAM,CAAC,aAAa,UAClB,MAAM,MAAM,qBAAqB,cAAc;AAEjD,OAAIA,2BAAa,YAAY,EAAE;IAC7B,MAAM,EAAE,SAAS;AACjB,YAAQ,MAAR;KACE,KAAK;AACH,iDAAiB,YAAY,EAAE,QAAQ,WAAW,QAAQ,CAAC;AAC3D;KACF,KAAK;AACH,oBAAc,IAAI;AAClB,YAAM;OAAE,MAAM;OAAqB,aAAa;OAAY;AAC5D,iDAAiB,YAAY,EAAE,QAAQ,WAAW,QAAQ,CAAC;AAC3D;KACF;AACE,YAAM;OAAE,MAAM;OAAS,OAAO,YAAY;OAAO;AACjD;;;AAIN,OAAI,aAAa;AACf,UAAM;KAAE,MAAM;KAAS,OAAO;KAAa;AAC3C;;AAGF,iCAAiB;IACf,OAAO,OAAO;IACd,WAAW,IAAI,KAAK,KAAK,KAAK,GAAG,OAAO,aAAa,IAAK;IAC1D,cAAc,OAAO;IACtB,CAAC;AAEF;;AAGF,QAAM;GACJ,MAAM;GACN,uBAAO,IAAI,MACT,0DACD;GACF;AACD;WACQ;AACR,aAAW,OAAO"}

package/dist/auth/poll-for-token.d.cts

@@ -0,0 +1,28 @@
+import { DeviceAuthorizationRequest, OAuth } from "./oauth.cjs";
+
+//#region src/auth/poll-for-token.d.ts
+type PollTokenItem = {
+  _tag: "Timeout";
+  newInterval: number;
+} | {
+  _tag: "SlowDown";
+  newInterval: number;
+} | {
+  _tag: "Error";
+  error: Error;
+} | {
+  _tag: "Response";
+  response: {
+    text(): Promise<string>;
+  };
+};
+declare function pollForToken({
+  request,
+  oauth
+}: {
+  request: DeviceAuthorizationRequest;
+  oauth: OAuth;
+}): AsyncGenerator<PollTokenItem, void, void>;
+//#endregion
+export { pollForToken };
+//# sourceMappingURL=poll-for-token.d.cts.map