@vex-chat/spire 0.7.4 → 1.0.0

package/dist/migrations/2026-04-06_initial-schema.js

@@ -0,0 +1,192 @@
+import { sql } from "kysely";
+export async function down(db) {
+    const tables = [
+        "service_metrics",
+        "invites",
+        "emojis",
+        "files",
+        "permissions",
+        "channels",
+        "servers",
+        "oneTimeKeys",
+        "preKeys",
+        "mail",
+        "devices",
+        "users",
+    ];
+    for (const table of tables) {
+        await db.schema.dropTable(table).ifExists().execute();
+    }
+}
+export async function up(db) {
+    await db.schema
+        .createTable("users")
+        .ifNotExists()
+        .addColumn("userID", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("username", "varchar(255)", (cb) => cb.unique())
+        .addColumn("passwordHash", "text")
+        .addColumn("passwordSalt", "text")
+        .addColumn("lastSeen", "text")
+        .execute();
+    await db.schema
+        .createTable("devices")
+        .ifNotExists()
+        .addColumn("deviceID", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("signKey", "varchar(255)", (cb) => cb.unique())
+        .addColumn("owner", "varchar(255)")
+        .addColumn("name", "varchar(255)")
+        .addColumn("lastLogin", "text")
+        .addColumn("deleted", "integer", (cb) => cb.defaultTo(0))
+        .execute();
+    await db.schema
+        .createTable("mail")
+        .ifNotExists()
+        .addColumn("nonce", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("recipient", "varchar(255)")
+        .addColumn("mailID", "varchar(255)")
+        .addColumn("sender", "varchar(255)")
+        .addColumn("header", "text")
+        .addColumn("cipher", "text")
+        .addColumn("group", "varchar(255)")
+        .addColumn("extra", "text")
+        .addColumn("mailType", "integer")
+        .addColumn("time", "text")
+        .addColumn("forward", "integer", (cb) => cb.defaultTo(0))
+        .addColumn("authorID", "varchar(255)")
+        .addColumn("readerID", "varchar(255)")
+        .execute();
+    await db.schema
+        .createIndex("mail_recipient_idx")
+        .ifNotExists()
+        .on("mail")
+        .column("recipient")
+        .execute();
+    await db.schema
+        .createTable("preKeys")
+        .ifNotExists()
+        .addColumn("keyID", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("userID", "varchar(255)")
+        .addColumn("deviceID", "varchar(255)", (cb) => cb.unique())
+        .addColumn("publicKey", "text")
+        .addColumn("signature", "text")
+        .addColumn("index", "integer")
+        .execute();
+    await db.schema
+        .createIndex("preKeys_userID_idx")
+        .ifNotExists()
+        .on("preKeys")
+        .column("userID")
+        .execute();
+    await db.schema
+        .createIndex("preKeys_deviceID_idx")
+        .ifNotExists()
+        .on("preKeys")
+        .column("deviceID")
+        .execute();
+    await db.schema
+        .createTable("oneTimeKeys")
+        .ifNotExists()
+        .addColumn("keyID", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("userID", "varchar(255)")
+        .addColumn("deviceID", "varchar(255)")
+        .addColumn("publicKey", "text")
+        .addColumn("signature", "text")
+        .addColumn("index", "integer")
+        .execute();
+    await db.schema
+        .createIndex("oneTimeKeys_userID_idx")
+        .ifNotExists()
+        .on("oneTimeKeys")
+        .column("userID")
+        .execute();
+    await db.schema
+        .createIndex("oneTimeKeys_deviceID_idx")
+        .ifNotExists()
+        .on("oneTimeKeys")
+        .column("deviceID")
+        .execute();
+    await db.schema
+        .createTable("servers")
+        .ifNotExists()
+        .addColumn("serverID", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("name", "varchar(255)")
+        .addColumn("icon", "varchar(255)")
+        .execute();
+    await db.schema
+        .createTable("channels")
+        .ifNotExists()
+        .addColumn("channelID", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("serverID", "varchar(255)")
+        .addColumn("name", "varchar(255)")
+        .execute();
+    await db.schema
+        .createTable("permissions")
+        .ifNotExists()
+        .addColumn("permissionID", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("userID", "varchar(255)")
+        .addColumn("resourceType", "varchar(255)")
+        .addColumn("resourceID", "varchar(255)")
+        .addColumn("powerLevel", "integer")
+        .execute();
+    await db.schema
+        .createIndex("permissions_userID_idx")
+        .ifNotExists()
+        .on("permissions")
+        .column("userID")
+        .execute();
+    await db.schema
+        .createIndex("permissions_resourceID_idx")
+        .ifNotExists()
+        .on("permissions")
+        .column("resourceID")
+        .execute();
+    await db.schema
+        .createTable("files")
+        .ifNotExists()
+        .addColumn("fileID", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("owner", "varchar(255)")
+        .addColumn("nonce", "varchar(255)")
+        .execute();
+    await db.schema
+        .createIndex("files_owner_idx")
+        .ifNotExists()
+        .on("files")
+        .column("owner")
+        .execute();
+    await db.schema
+        .createTable("emojis")
+        .ifNotExists()
+        .addColumn("emojiID", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("owner", "varchar(255)")
+        .addColumn("name", "varchar(255)")
+        .execute();
+    await db.schema
+        .createIndex("emojis_owner_idx")
+        .ifNotExists()
+        .on("emojis")
+        .column("owner")
+        .execute();
+    await db.schema
+        .createTable("invites")
+        .ifNotExists()
+        .addColumn("inviteID", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("serverID", "varchar(255)")
+        .addColumn("owner", "varchar(255)")
+        .addColumn("expiration", "text")
+        .execute();
+    await db.schema
+        .createIndex("invites_serverID_idx")
+        .ifNotExists()
+        .on("invites")
+        .column("serverID")
+        .execute();
+    await db.schema
+        .createTable("service_metrics")
+        .ifNotExists()
+        .addColumn("metric_key", "varchar(255)", (cb) => cb.primaryKey())
+        .addColumn("metric_value", "bigint", (cb) => cb.notNull().defaultTo(0))
+        .execute();
+    // Seed the requests_total metric row
+    await sql `INSERT OR IGNORE INTO service_metrics (metric_key, metric_value) VALUES ('requests_total', 0)`.execute(db);
+}
+//# sourceMappingURL=2026-04-06_initial-schema.js.map

package/dist/migrations/2026-04-06_initial-schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"2026-04-06_initial-schema.js","sourceRoot":"","sources":["../../src/migrations/2026-04-06_initial-schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,GAAG,EAAE,MAAM,QAAQ,CAAC;AAE1C,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,EAAmB;IAC1C,MAAM,MAAM,GAAG;QACX,iBAAiB;QACjB,SAAS;QACT,QAAQ;QACR,OAAO;QACP,aAAa;QACb,UAAU;QACV,SAAS;QACT,aAAa;QACb,SAAS;QACT,MAAM;QACN,SAAS;QACT,OAAO;KACD,CAAC;IAEX,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QACzB,MAAM,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1D,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,EAAE,CAAC,EAAmB;IACxC,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,OAAO,CAAC;SACpB,WAAW,EAAE;SACb,SAAS,CAAC,QAAQ,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAC5D,SAAS,CAAC,UAAU,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;SAC1D,SAAS,CAAC,cAAc,EAAE,MAAM,CAAC;SACjC,SAAS,CAAC,cAAc,EAAE,MAAM,CAAC;SACjC,SAAS,CAAC,UAAU,EAAE,MAAM,CAAC;SAC7B,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,SAAS,CAAC;SACtB,WAAW,EAAE;SACb,SAAS,CAAC,UAAU,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAC9D,SAAS,CAAC,SAAS,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;SACzD,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC;SAClC,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC;SACjC,SAAS,CAAC,WAAW,EAAE,MAAM,CAAC;SAC9B,SAAS,CAAC,SAAS,EAAE,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;SACxD,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,MAAM,CAAC;SACnB,WAAW,EAAE;SACb,SAAS,CAAC,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAC3D,SAAS,CAAC,WAAW,EAAE,cAAc,CAAC;SACtC,SAAS,CAAC,QAAQ,EAAE,cAAc,CAAC;SACnC,SAAS,CAAC,QAAQ,EAAE,cAAc,CAAC;SACnC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC;SAC3B,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC;SAC3B,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC;SAClC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC;SAC1B,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC;SAChC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC;SACzB,SAAS,CAAC,SAAS,EAAE,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;SACxD,SAAS,CAAC,UAAU,EAAE,cAAc,CAAC;SACrC,SAAS,CAAC,UAAU,EAAE,cAAc,CAAC;SACrC,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,oBAAoB,CAAC;SACjC,WAAW,EAAE;SACb,EAAE,CAAC,MAAM,CAAC;SACV,MAAM,CAAC,WAAW,CAAC;SACnB,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,SAAS,CAAC;SACtB,WAAW,EAAE;SACb,SAAS,CAAC,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAC3D,SAAS,CAAC,QAAQ,EAAE,cAAc,CAAC;SACnC,SAAS,CAAC,UAAU,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;SAC1D,SAAS,CAAC,WAAW,EAAE,MAAM,CAAC;SAC9B,SAAS,CAAC,WAAW,EAAE,MAAM,CAAC;SAC9B,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC;SAC7B,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,oBAAoB,CAAC;SACjC,WAAW,EAAE;SACb,EAAE,CAAC,SAAS,CAAC;SACb,MAAM,CAAC,QAAQ,CAAC;SAChB,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,sBAAsB,CAAC;SACnC,WAAW,EAAE;SACb,EAAE,CAAC,SAAS,CAAC;SACb,MAAM,CAAC,UAAU,CAAC;SAClB,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,aAAa,CAAC;SAC1B,WAAW,EAAE;SACb,SAAS,CAAC,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAC3D,SAAS,CAAC,QAAQ,EAAE,cAAc,CAAC;SACnC,SAAS,CAAC,UAAU,EAAE,cAAc,CAAC;SACrC,SAAS,CAAC,WAAW,EAAE,MAAM,CAAC;SAC9B,SAAS,CAAC,WAAW,EAAE,MAAM,CAAC;SAC9B,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC;SAC7B,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,wBAAwB,CAAC;SACrC,WAAW,EAAE;SACb,EAAE,CAAC,aAAa,CAAC;SACjB,MAAM,CAAC,QAAQ,CAAC;SAChB,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,0BAA0B,CAAC;SACvC,WAAW,EAAE;SACb,EAAE,CAAC,aAAa,CAAC;SACjB,MAAM,CAAC,UAAU,CAAC;SAClB,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,SAAS,CAAC;SACtB,WAAW,EAAE;SACb,SAAS,CAAC,UAAU,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAC9D,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC;SACjC,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC;SACjC,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,UAAU,CAAC;SACvB,WAAW,EAAE;SACb,SAAS,CAAC,WAAW,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAC/D,SAAS,CAAC,UAAU,EAAE,cAAc,CAAC;SACrC,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC;SACjC,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,aAAa,CAAC;SAC1B,WAAW,EAAE;SACb,SAAS,CAAC,cAAc,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAClE,SAAS,CAAC,QAAQ,EAAE,cAAc,CAAC;SACnC,SAAS,CAAC,cAAc,EAAE,cAAc,CAAC;SACzC,SAAS,CAAC,YAAY,EAAE,cAAc,CAAC;SACvC,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC;SAClC,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,wBAAwB,CAAC;SACrC,WAAW,EAAE;SACb,EAAE,CAAC,aAAa,CAAC;SACjB,MAAM,CAAC,QAAQ,CAAC;SAChB,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,4BAA4B,CAAC;SACzC,WAAW,EAAE;SACb,EAAE,CAAC,aAAa,CAAC;SACjB,MAAM,CAAC,YAAY,CAAC;SACpB,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,OAAO,CAAC;SACpB,WAAW,EAAE;SACb,SAAS,CAAC,QAAQ,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAC5D,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC;SAClC,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC;SAClC,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,iBAAiB,CAAC;SAC9B,WAAW,EAAE;SACb,EAAE,CAAC,OAAO,CAAC;SACX,MAAM,CAAC,OAAO,CAAC;SACf,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,QAAQ,CAAC;SACrB,WAAW,EAAE;SACb,SAAS,CAAC,SAAS,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAC7D,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC;SAClC,SAAS,CAAC,MAAM,EAAE,cAAc,CAAC;SACjC,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,kBAAkB,CAAC;SAC/B,WAAW,EAAE;SACb,EAAE,CAAC,QAAQ,CAAC;SACZ,MAAM,CAAC,OAAO,CAAC;SACf,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,SAAS,CAAC;SACtB,WAAW,EAAE;SACb,SAAS,CAAC,UAAU,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAC9D,SAAS,CAAC,UAAU,EAAE,cAAc,CAAC;SACrC,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC;SAClC,SAAS,CAAC,YAAY,EAAE,MAAM,CAAC;SAC/B,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,sBAAsB,CAAC;SACnC,WAAW,EAAE;SACb,EAAE,CAAC,SAAS,CAAC;SACb,MAAM,CAAC,UAAU,CAAC;SAClB,OAAO,EAAE,CAAC;IAEf,MAAM,EAAE,CAAC,MAAM;SACV,WAAW,CAAC,iBAAiB,CAAC;SAC9B,WAAW,EAAE;SACb,SAAS,CAAC,YAAY,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;SAChE,SAAS,CAAC,cAAc,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;SACtE,OAAO,EAAE,CAAC;IAEf,qCAAqC;IACrC,MAAM,GAAG,CAAA,+FAA+F,CAAC,OAAO,CAC5G,EAAE,CACL,CAAC;AACN,CAAC"}

package/dist/run.js

@@ -1,25 +1,30 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const Spire_1 = require("./Spire");
-const loadEnv_1 = require("./utils/loadEnv");
+import { Spire } from "./Spire.js";
+import { loadEnv } from "./utils/loadEnv.js";
 function main() {
-    return __awaiter(this, void 0, void 0, function* () {
-        // load the environment variables
-        loadEnv_1.loadEnv();
-        const server = new Spire_1.Spire(process.env.SPK, {
-            apiPort: Number(process.env.API_PORT),
-            dbType: process.env.DB_TYPE,
-            logLevel: "info",
-        });
+    // load the environment variables — loadEnv() exits if required vars are missing
+    loadEnv();
+    const spk = process.env["SPK"];
+    if (!spk) {
+        throw new Error("SPK must be set (loadEnv should have caught this).");
+    }
+    const apiPort = process.env["API_PORT"];
+    const dbType = parseDbType(process.env["DB_TYPE"]);
+    new Spire(spk, {
+        ...(apiPort !== undefined ? { apiPort: Number(apiPort) } : {}),
+        ...(dbType !== undefined ? { dbType } : {}),
+        logLevel: "info",
     });
 }
+function parseDbType(value) {
+    switch (value) {
+        case "mysql":
+        case "sqlite":
+        case "sqlite3":
+        case "sqlite3mem":
+            return value;
+        default:
+            return undefined;
+    }
+}
 main();
+//# sourceMappingURL=run.js.map

package/dist/run.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"run.js","sourceRoot":"","sources":["../src/run.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAE7C,SAAS,IAAI;IACT,gFAAgF;IAChF,OAAO,EAAE,CAAC;IAEV,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IAEnD,IAAI,KAAK,CAAC,GAAG,EAAE;QACX,GAAG,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3C,QAAQ,EAAE,MAAM;KACnB,CAAC,CAAC;AACP,CAAC;AAED,SAAS,WAAW,CAAC,KAAyB;IAC1C,QAAQ,KAAK,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC;QACb,KAAK,QAAQ,CAAC;QACd,KAAK,SAAS,CAAC;QACf,KAAK,YAAY;YACb,OAAO,KAAK,CAAC;QACjB;YACI,OAAO,SAAS,CAAC;IACzB,CAAC;AACL,CAAC;AAED,IAAI,EAAE,CAAC"}

package/dist/server/avatar.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="express-ws" />
-import winston from "winston";
-import { Database } from "../Database";
-export declare const getAvatarRouter: (db: Database, log: winston.Logger) => import("express-ws").Router;
+import type { Database } from "../Database.ts";
+import type winston from "winston";
+export declare const getAvatarRouter: (db: Database, log: winston.Logger) => import("express-serve-static-core").Router;

package/dist/server/avatar.js

@@ -1,92 +1,110 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAvatarRouter = void 0;
-const fs_1 = __importDefault(require("fs"));
-const crypto_1 = require("@vex-chat/crypto");
-const express_1 = __importDefault(require("express"));
-const file_type_1 = __importDefault(require("file-type"));
-const multer_1 = __importDefault(require("multer"));
-const tweetnacl_1 = __importDefault(require("tweetnacl"));
-const getAvatarRouter = (db, log) => {
-    const router = express_1.default.Router();
-    router.get("/:userID", (req, res) => __awaiter(void 0, void 0, void 0, function* () {
-        const stream = fs_1.default.createReadStream("./avatars/" + req.params.userID);
-        stream.on("error", (err) => {
-            // log.error(err.toString());
+import * as fs from "node:fs";
+import * as fsp from "node:fs/promises";
+import express from "express";
+import { XUtils } from "@vex-chat/crypto";
+import { FilePayloadSchema } from "@vex-chat/types";
+import { fileTypeFromBuffer, fileTypeFromFile } from "file-type";
+import multer from "multer";
+import { z } from "zod/v4";
+import { uploadLimiter } from "./rateLimit.js";
+import { getParam, getUser } from "./utils.js";
+import { ALLOWED_IMAGE_TYPES, protect } from "./index.js";
+const safePathParam = z.string().regex(/^[a-zA-Z0-9._-]+$/);
+export const getAvatarRouter = (db, log) => {
+    const router = express.Router();
+    router.get("/:userID", async (req, res) => {
+        const safeId = safePathParam.safeParse(getParam(req, "userID"));
+        if (!safeId.success) {
+            res.sendStatus(400);
+            return;
+        }
+        const filePath = "./avatars/" + safeId.data;
+        const typeDetails = await fileTypeFromFile(filePath).catch(() => null);
+        if (!typeDetails) {
             res.sendStatus(404);
-        });
-        const typeDetails = yield file_type_1.default.fromStream(stream);
-        if (typeDetails) {
-            res.set("Content-type", typeDetails.mime);
+            return;
         }
+        res.set("Content-type", typeDetails.mime);
         res.set("Cache-control", "public, max-age=31536000");
-        const stream2 = fs_1.default.createReadStream("./avatars/" + req.params.userID);
-        stream2.on("error", (err) => {
+        const stream = fs.createReadStream(filePath);
+        stream.on("error", (err) => {
             log.error(err.toString());
             res.sendStatus(500);
         });
-        stream2.pipe(res);
-    }));
-    router.post("/:userID", multer_1.default().single("avatar"), (req, res) => __awaiter(void 0, void 0, void 0, function* () {
-        const payload = req.body;
-        const userEntry = yield db.retrieveUser(req.params.userID);
-        if (!userEntry) {
-            res.sendStatus(404);
+        stream.pipe(res);
+    });
+    router.post("/:userID/json", protect, async (req, res) => {
+        const parsed = FilePayloadSchema.safeParse(req.body);
+        if (!parsed.success) {
+            res.status(400).json({
+                error: "Invalid file payload",
+                issues: parsed.error.issues,
+            });
+            return;
+        }
+        const payload = parsed.data;
+        const userDetails = getUser(req);
+        const deviceDetails = req.device;
+        if (!deviceDetails) {
+            res.sendStatus(401);
+            return;
+        }
+        if (!payload.file) {
+            log.warn("MISSING FILE");
+            res.sendStatus(400);
             return;
         }
-        const devices = yield db.retrieveUserDeviceList([req.params.userID]);
-        const mimeType = yield file_type_1.default.fromBuffer(req.file.buffer);
-        console.log(mimeType);
-        const allowedTypes = [
-            "image/jpeg",
-            "image/png",
-            "image/gif",
-            "image/apng",
-            "image/avif",
-            "image/svg+xml",
-        ];
-        if (!allowedTypes.includes((mimeType === null || mimeType === void 0 ? void 0 : mimeType.mime) || "no/type")) {
+        const buf = Buffer.from(XUtils.decodeBase64(payload.file));
+        const mimeType = await fileTypeFromBuffer(buf);
+        if (!ALLOWED_IMAGE_TYPES.includes(mimeType?.mime || "no/type")) {
             res.status(400).send({
-                error: "Unsupported file type. Expected jpeg, png, gif, apng, avif, or svg but received " + (mimeType === null || mimeType === void 0 ? void 0 : mimeType.ext),
+                error: "Unsupported file type. Expected jpeg, png, gif, apng, avif, or svg but received " +
+                    String(mimeType?.ext),
             });
             return;
         }
-        let token = null;
-        for (const device of devices) {
-            const verified = tweetnacl_1.default.sign.open(crypto_1.XUtils.decodeHex(payload.signed), crypto_1.XUtils.decodeHex(device.signKey));
-            if (verified) {
-                token = verified;
-            }
+        try {
+            // write the file to disk
+            await fsp.writeFile("avatars/" + userDetails.userID, buf);
+            log.info("Wrote new avatar " + userDetails.userID);
+            res.sendStatus(200);
+        }
+        catch (err) {
+            log.warn(String(err));
+            res.sendStatus(500);
         }
-        if (!token) {
-            log.warn("Bad signature on token.");
+    });
+    router.post("/:userID", uploadLimiter, protect, multer().single("avatar"), async (req, res) => {
+        const userDetails = getUser(req);
+        const deviceDetails = req.device;
+        if (!deviceDetails) {
             res.sendStatus(401);
             return;
         }
+        if (!req.file) {
+            log.warn("MISSING FILE");
+            res.sendStatus(400);
+            return;
+        }
+        const mimeType = await fileTypeFromBuffer(req.file.buffer);
+        if (!ALLOWED_IMAGE_TYPES.includes(mimeType?.mime || "no/type")) {
+            res.status(400).send({
+                error: "Unsupported file type. Expected jpeg, png, gif, apng, avif, or svg but received " +
+                    String(mimeType?.ext),
+            });
+            return;
+        }
         try {
             // write the file to disk
-            fs_1.default.writeFile("avatars/" + userEntry.userID, req.file.buffer, () => {
-                log.info("Wrote new avatar " + userEntry.userID);
-            });
+            await fsp.writeFile("avatars/" + userDetails.userID, req.file.buffer);
+            log.info("Wrote new avatar " + userDetails.userID);
             res.sendStatus(200);
         }
         catch (err) {
-            log.warn(err);
+            log.warn(String(err));
             res.sendStatus(500);
         }
-    }));
+    });
     return router;
 };
-exports.getAvatarRouter = getAvatarRouter;
+//# sourceMappingURL=avatar.js.map

package/dist/server/avatar.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"avatar.js","sourceRoot":"","sources":["../../src/server/avatar.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,GAAG,MAAM,kBAAkB,CAAC;AAExC,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEpD,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AACjE,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,CAAC,EAAE,MAAM,QAAQ,CAAC;AAE3B,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE/C,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;AAE5D,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,EAAY,EAAE,GAAmB,EAAE,EAAE;IACjE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAEhC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACtC,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAClB,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;QACX,CAAC;QACD,MAAM,QAAQ,GAAG,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC;QAC5C,MAAM,WAAW,GAAG,MAAM,gBAAgB,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;QACvE,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;QACX,CAAC;QACD,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;QAC1C,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,0BAA0B,CAAC,CAAC;QAErD,MAAM,MAAM,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACvB,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC1B,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACrD,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACrD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACjB,KAAK,EAAE,sBAAsB;gBAC7B,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;aAC9B,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC;QAC5B,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC;QAEjC,IAAI,CAAC,aAAa,EAAE,CAAC;YACjB,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;QACX,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAChB,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACzB,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;QACX,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAC/C,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,IAAI,SAAS,CAAC,EAAE,CAAC;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACjB,KAAK,EACD,kFAAkF;oBAClF,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC;aAC5B,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,IAAI,CAAC;YACD,yBAAyB;YACzB,MAAM,GAAG,CAAC,SAAS,CAAC,UAAU,GAAG,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAC1D,GAAG,CAAC,IAAI,CAAC,mBAAmB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;YACnD,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACpB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACtB,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,IAAI,CACP,UAAU,EACV,aAAa,EACb,OAAO,EACP,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EACzB,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACf,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC;QAEjC,IAAI,CAAC,aAAa,EAAE,CAAC;YACjB,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;QACX,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YACZ,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACzB,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACpB,OAAO;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,IAAI,SAAS,CAAC,EAAE,CAAC;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACjB,KAAK,EACD,kFAAkF;oBAClF,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC;aAC5B,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,IAAI,CAAC;YACD,yBAAyB;YACzB,MAAM,GAAG,CAAC,SAAS,CACf,UAAU,GAAG,WAAW,CAAC,MAAM,EAC/B,GAAG,CAAC,IAAI,CAAC,MAAM,CAClB,CAAC;YACF,GAAG,CAAC,IAAI,CAAC,mBAAmB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;YACnD,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACpB,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACtB,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;IACL,CAAC,CACJ,CAAC;IAEF,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC"}

package/dist/server/errors.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Centralized HTTP error handling.
+ *
+ * Fixes two classes of CodeQL findings:
+ *
+ * - **CWE-209 / CWE-497 — Information exposure through stack trace.**
+ *   Previously, every route catch block did
+ *   `res.status(500).send(String(err))`, leaking raw error objects
+ *   (which include database internals, file paths, and stack traces)
+ *   back to the client. The new pattern: throw `AppError(status, msg)`
+ *   or let an unknown error propagate, and the single 4-arg middleware
+ *   below converts it into a JSON response with a generic message
+ *   while logging the full internals server-side via winston.
+ *
+ * - **CWE-79 / CWE-116 — Exception text reinterpreted as HTML.** Express's
+ *   default finalhandler sends thrown `Error` objects as
+ *   `Content-Type: text/html`, which means `throw new Error("bad param: "
+ *   + req.params.name)` became reflected XSS when the error page
+ *   rendered. The handler below ALWAYS sends `application/json`, so
+ *   even if a message somehow contains user input, the browser can't
+ *   execute it. The companion fix is `getParam()` in `utils.ts` now
+ *   throwing `AppError(400, "Missing route parameter")` with no user
+ *   input in the message string.
+ *
+ * Express 5 has native async support, so throwing from an async
+ * handler auto-forwards to `next(err)` and hits this middleware. No
+ * `express-async-errors` shim needed.
+ */
+import type { ErrorRequestHandler } from "express";
+import type winston from "winston";
+/**
+ * Operational HTTP errors that are safe to surface to the client.
+ *
+ * - `status` — HTTP status code (400, 401, 403, 404, 409, etc.)
+ * - `message` — client-safe message, MUST NOT contain request data
+ *   (route params, body fields, query strings). Anything operator-
+ *   only (database errors, file paths) belongs in winston logs, not
+ *   in this string.
+ *
+ * Anything that isn't an `AppError` (raw `Error`, `TypeError`, a
+ * rejected promise from a DB query, etc.) is treated by the central
+ * handler as a **programmer error** — the client gets a generic 500
+ * with no detail, and the real error is logged server-side.
+ */
+export declare class AppError extends Error {
+    readonly status: number;
+    constructor(status: number, message: string);
+}
+/**
+ * Factory producing the central Express 5 error middleware.
+ *
+ * Register this as the LAST middleware in the app, after every
+ * route and router has been mounted:
+ *
+ *     api.use("/user", userRouter);
+ *     // ... all other routers ...
+ *     api.use(errorHandler(log));
+ */
+export declare const errorHandler: (log: winston.Logger) => ErrorRequestHandler;

package/dist/server/errors.js

@@ -0,0 +1,94 @@
+import { randomUUID } from "node:crypto";
+import { ZodError } from "zod/v4";
+/**
+ * Operational HTTP errors that are safe to surface to the client.
+ *
+ * - `status` — HTTP status code (400, 401, 403, 404, 409, etc.)
+ * - `message` — client-safe message, MUST NOT contain request data
+ *   (route params, body fields, query strings). Anything operator-
+ *   only (database errors, file paths) belongs in winston logs, not
+ *   in this string.
+ *
+ * Anything that isn't an `AppError` (raw `Error`, `TypeError`, a
+ * rejected promise from a DB query, etc.) is treated by the central
+ * handler as a **programmer error** — the client gets a generic 500
+ * with no detail, and the real error is logged server-side.
+ */
+export class AppError extends Error {
+    status;
+    constructor(status, message) {
+        super(message);
+        this.name = "AppError";
+        this.status = status;
+    }
+}
+/**
+ * Factory producing the central Express 5 error middleware.
+ *
+ * Register this as the LAST middleware in the app, after every
+ * route and router has been mounted:
+ *
+ *     api.use("/user", userRouter);
+ *     // ... all other routers ...
+ *     api.use(errorHandler(log));
+ */
+export const errorHandler = (log) => (err, req, res, _next) => {
+    // If headers already went out there's nothing safe to do except
+    // let Express's default handler close the socket.
+    if (res.headersSent) {
+        _next(err);
+        return;
+    }
+    const requestId = randomUUID();
+    let status = 500;
+    let clientMessage = "Internal Server Error";
+    let details;
+    if (err instanceof ZodError) {
+        // Validation failure at a trust boundary. The issue list is
+        // structured JSON (no raw user input as a rendered string),
+        // so it's safe to surface to help clients fix their payload.
+        status = 400;
+        clientMessage = "Validation failed";
+        details = err.issues;
+    }
+    else if (err instanceof AppError) {
+        status = err.status;
+        clientMessage = err.message;
+    }
+    // Log the full internals server-side. `err instanceof Error` also
+    // catches AppError (extends Error), so we get stacks and messages
+    // for every branch in the logs.
+    if (err instanceof Error) {
+        log.error("request failed", {
+            error: {
+                message: err.message,
+                name: err.name,
+                stack: err.stack,
+            },
+            method: req.method,
+            path: req.path,
+            requestId,
+            status,
+        });
+    }
+    else {
+        log.error("request failed", {
+            error: String(err),
+            method: req.method,
+            path: req.path,
+            requestId,
+            status,
+        });
+    }
+    // ALWAYS JSON — prevents the exception-text-as-HTML XSS vector.
+    res.status(status)
+        .type("application/json")
+        .json({
+        error: {
+            message: clientMessage,
+            requestId,
+            ...(details !== undefined ? { details } : {}),
+        },
+    });
+};
+//# sourceMappingURL=errors.js.map

package/dist/server/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/server/errors.ts"],"names":[],"mappings":"AA+BA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAElC;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,QAAS,SAAQ,KAAK;IACf,MAAM,CAAS;IAE/B,YAAY,MAAc,EAAE,OAAe;QACvC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACzB,CAAC;CACJ;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,YAAY,GACrB,CAAC,GAAmB,EAAuB,EAAE,CAC7C,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE;IACrB,gEAAgE;IAChE,kDAAkD;IAClD,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;QAClB,KAAK,CAAC,GAAG,CAAC,CAAC;QACX,OAAO;IACX,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;IAE/B,IAAI,MAAM,GAAG,GAAG,CAAC;IACjB,IAAI,aAAa,GAAG,uBAAuB,CAAC;IAC5C,IAAI,OAAgB,CAAC;IAErB,IAAI,GAAG,YAAY,QAAQ,EAAE,CAAC;QAC1B,4DAA4D;QAC5D,4DAA4D;QAC5D,6DAA6D;QAC7D,MAAM,GAAG,GAAG,CAAC;QACb,aAAa,GAAG,mBAAmB,CAAC;QACpC,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC;IACzB,CAAC;SAAM,IAAI,GAAG,YAAY,QAAQ,EAAE,CAAC;QACjC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;QACpB,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC;IAChC,CAAC;IAED,kEAAkE;IAClE,kEAAkE;IAClE,gCAAgC;IAChC,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;QACvB,GAAG,CAAC,KAAK,CAAC,gBAAgB,EAAE;YACxB,KAAK,EAAE;gBACH,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,KAAK,EAAE,GAAG,CAAC,KAAK;aACnB;YACD,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,SAAS;YACT,MAAM;SACT,CAAC,CAAC;IACP,CAAC;SAAM,CAAC;QACJ,GAAG,CAAC,KAAK,CAAC,gBAAgB,EAAE;YACxB,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC;YAClB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,SAAS;YACT,MAAM;SACT,CAAC,CAAC;IACP,CAAC;IAED,gEAAgE;IAChE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC;SACb,IAAI,CAAC,kBAAkB,CAAC;SACxB,IAAI,CAAC;QACF,KAAK,EAAE;YACH,OAAO,EAAE,aAAa;YACtB,SAAS;YACT,GAAG,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAChD;KACJ,CAAC,CAAC;AACX,CAAC,CAAC"}

package/dist/server/file.d.ts

@@ -1,4 +1,3 @@
-/// <reference types="express-ws" />
-import winston from "winston";
-import { Database } from "../Database";
-export declare const getFileRouter: (db: Database, log: winston.Logger) => import("express-ws").Router;
+import type { Database } from "../Database.ts";
+import type winston from "winston";
+export declare const getFileRouter: (db: Database, log: winston.Logger) => import("express-serve-static-core").Router;