emulate 0.1.1 → 0.3.0

package/dist/dist-O4KFIBVU.js

@@ -0,0 +1,626 @@
+import {
+  SignJWT,
+  exportJWK,
+  generateKeyPair
+} from "./chunk-D6EKRYGP.js";
+import "./chunk-TEPNEZ63.js";
+
+// ../@emulators/apple/dist/index.js
+import { randomBytes } from "crypto";
+import { randomBytes as randomBytes2 } from "crypto";
+import { readFileSync } from "fs";
+import { fileURLToPath } from "url";
+import { dirname, join } from "path";
+function getAppleStore(store) {
+  return {
+    users: store.collection("apple.users", ["uid", "email"]),
+    oauthClients: store.collection("apple.oauth_clients", ["client_id"])
+  };
+}
+function generateAppleUid() {
+  const prefix = randomBytes(3).toString("hex").toUpperCase();
+  const middle = randomBytes(16).toString("hex");
+  const suffix = randomBytes(2).toString("hex").toUpperCase();
+  return `${prefix}.${middle}.${suffix}`;
+}
+function generatePrivateRelayEmail() {
+  const id = randomBytes(12).toString("hex");
+  return `${id}@privaterelay.appleid.com`;
+}
+function createErrorHandler(documentationUrl) {
+  return async (c, next) => {
+    if (documentationUrl) {
+      c.set("docsUrl", documentationUrl);
+    }
+    await next();
+  };
+}
+var errorHandler = createErrorHandler();
+var isDebug = typeof process !== "undefined" && (process.env.DEBUG === "1" || process.env.DEBUG === "true" || process.env.EMULATE_DEBUG === "1");
+function debug(label, ...args) {
+  if (isDebug) {
+    console.log(`[${label}]`, ...args);
+  }
+}
+var __dirname = dirname(fileURLToPath(import.meta.url));
+var FONTS = {
+  "geist-sans.woff2": readFileSync(join(__dirname, "fonts", "geist-sans.woff2")),
+  "GeistPixel-Square.woff2": readFileSync(join(__dirname, "fonts", "GeistPixel-Square.woff2"))
+};
+function escapeHtml(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+function escapeAttr(s) {
+  return escapeHtml(s).replace(/'/g, "&#39;");
+}
+var CSS = `
+@font-face{
+  font-family:'Geist';font-style:normal;font-weight:100 900;font-display:swap;
+  src:url('/_emulate/fonts/geist-sans.woff2') format('woff2');
+}
+@font-face{
+  font-family:'Geist Pixel';font-style:normal;font-weight:400;font-display:swap;
+  src:url('/_emulate/fonts/GeistPixel-Square.woff2') format('woff2');
+}
+*{box-sizing:border-box;margin:0;padding:0}
+body{
+  font-family:'Geist',-apple-system,BlinkMacSystemFont,sans-serif;
+  background:#000;color:#33ff00;min-height:100vh;
+  -webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;
+}
+.emu-bar{
+  border-bottom:1px solid #0a3300;padding:10px 20px;
+  display:flex;align-items:center;gap:10px;font-size:.8125rem;color:#1a8c00;
+}
+.emu-bar-title{font-weight:600;color:#33ff00;font-family:'Geist Pixel',monospace;}
+.emu-bar-links{margin-left:auto;display:flex;gap:16px;}
+.emu-bar-links a{
+  color:#1a8c00;font-size:.75rem;text-decoration:none;transition:color .15s;
+}
+.emu-bar-links a:hover{color:#33ff00;}
+.emu-bar-links a .full{display:inline;}
+.emu-bar-links a .short{display:none;}
+@media(max-width:600px){
+  .emu-bar-links a .full{display:none;}
+  .emu-bar-links a .short{display:inline;}
+}
+
+.content{
+  display:flex;align-items:center;justify-content:center;
+  min-height:calc(100vh - 42px);padding:24px 16px;
+}
+.content-inner{width:100%;max-width:420px;}
+.card-title{
+  font-family:'Geist Pixel',monospace;
+  font-size:1.125rem;font-weight:600;margin-bottom:4px;color:#33ff00;
+}
+.card-subtitle{color:#1a8c00;font-size:.8125rem;margin-bottom:18px;line-height:1.45;}
+.powered-by{
+  position:fixed;bottom:0;left:0;right:0;
+  text-align:center;padding:12px;font-size:.6875rem;color:#0a3300;
+  font-family:'Geist Pixel',monospace;
+}
+.powered-by a{color:#1a8c00;text-decoration:none;transition:color .15s;}
+.powered-by a:hover{color:#33ff00;}
+
+.error-title{
+  font-family:'Geist Pixel',monospace;
+  color:#ff4444;font-size:1.125rem;font-weight:600;margin-bottom:8px;
+}
+.error-msg{color:#1a8c00;font-size:.875rem;line-height:1.5;}
+.error-card{text-align:center;}
+
+.user-form{margin-bottom:8px;}
+.user-form:last-of-type{margin-bottom:0;}
+.user-btn{
+  width:100%;display:flex;align-items:center;gap:12px;
+  padding:10px 12px;border:1px solid #0a3300;border-radius:8px;
+  background:#000;color:inherit;cursor:pointer;text-align:left;
+  font:inherit;transition:border-color .15s;
+}
+.user-btn:hover{border-color:#33ff00;}
+.avatar{
+  width:36px;height:36px;border-radius:50%;
+  background:#0a3300;color:#33ff00;font-weight:600;font-size:.875rem;
+  display:flex;align-items:center;justify-content:center;flex-shrink:0;
+  font-family:'Geist Pixel',monospace;
+}
+.user-text{min-width:0;}
+.user-login{font-weight:600;font-size:.875rem;display:block;color:#33ff00;}
+.user-meta{color:#1a8c00;font-size:.75rem;margin-top:1px;}
+.user-email{font-size:.6875rem;color:#116600;word-break:break-all;margin-top:1px;}
+
+.settings-layout{
+  max-width:920px;margin:0 auto;padding:28px 20px;
+  display:flex;gap:28px;
+}
+.settings-sidebar{width:200px;flex-shrink:0;}
+.settings-sidebar a{
+  display:block;padding:6px 10px;border-radius:6px;color:#1a8c00;
+  text-decoration:none;font-size:.8125rem;transition:color .15s;
+}
+.settings-sidebar a:hover{color:#33ff00;}
+.settings-sidebar a.active{color:#33ff00;font-weight:600;}
+.settings-main{flex:1;min-width:0;}
+
+.s-card{
+  padding:18px 0;margin-bottom:14px;border-bottom:1px solid #0a3300;
+}
+.s-card:last-child{border-bottom:none;}
+.s-card-header{display:flex;align-items:center;gap:14px;margin-bottom:14px;}
+.s-icon{
+  width:42px;height:42px;border-radius:8px;
+  background:#0a3300;display:flex;align-items:center;justify-content:center;
+  font-size:1.125rem;font-weight:700;color:#116600;flex-shrink:0;
+  font-family:'Geist Pixel',monospace;
+}
+.s-title{
+  font-family:'Geist Pixel',monospace;
+  font-size:1.25rem;font-weight:600;color:#33ff00;
+}
+.s-subtitle{font-size:.75rem;color:#1a8c00;margin-top:2px;}
+.section-heading{
+  font-size:.9375rem;font-weight:600;margin-bottom:10px;color:#33ff00;
+  display:flex;align-items:center;justify-content:space-between;
+}
+.perm-list{list-style:none;}
+.perm-list li{padding:5px 0;font-size:.8125rem;display:flex;align-items:center;gap:6px;color:#1a8c00;}
+.check{color:#33ff00;}
+.org-row{
+  display:flex;align-items:center;gap:8px;padding:7px 0;
+  border-bottom:1px solid #0a3300;font-size:.8125rem;
+}
+.org-row:last-child{border-bottom:none;}
+.org-icon{
+  width:22px;height:22px;border-radius:4px;background:#0a3300;
+  display:flex;align-items:center;justify-content:center;
+  font-size:.625rem;font-weight:700;color:#116600;flex-shrink:0;
+  font-family:'Geist Pixel',monospace;
+}
+.org-name{font-weight:600;color:#33ff00;}
+.badge{font-size:.6875rem;padding:1px 7px;border-radius:999px;font-weight:500;}
+.badge-granted{background:#0a3300;color:#33ff00;}
+.badge-denied{background:#1a0a0a;color:#ff4444;}
+.badge-requested{background:#0a3300;color:#1a8c00;}
+.btn-revoke{
+  display:inline-block;padding:5px 14px;border-radius:6px;
+  border:1px solid #0a3300;background:transparent;color:#ff4444;
+  font-size:.75rem;font-weight:600;cursor:pointer;transition:border-color .15s;
+}
+.btn-revoke:hover{border-color:#ff4444;}
+.info-text{color:#1a8c00;font-size:.75rem;line-height:1.5;margin-top:10px;}
+.app-link{
+  display:flex;align-items:center;gap:12px;padding:12px;
+  border:1px solid #0a3300;border-radius:8px;background:#000;
+  text-decoration:none;color:inherit;margin-bottom:8px;transition:border-color .15s;
+}
+.app-link:hover{border-color:#33ff00;}
+.app-link-name{font-weight:600;font-size:.875rem;color:#33ff00;}
+.app-link-scopes{font-size:.6875rem;color:#1a8c00;margin-top:1px;}
+.empty{color:#1a8c00;text-align:center;padding:28px 0;font-size:.875rem;}
+`;
+var POWERED_BY = `<div class="powered-by">Powered by <a href="https://emulate.dev" target="_blank" rel="noopener">emulate</a></div>`;
+function emuBar(service) {
+  const title = service ? `${escapeHtml(service)} Emulator` : "Emulator";
+  return `<div class="emu-bar">
+  <span class="emu-bar-title">${title}</span>
+  <nav class="emu-bar-links">
+    <a href="https://github.com/vercel-labs/emulate/issues" target="_blank" rel="noopener"><span class="full">Report Issue</span><span class="short">Report</span></a>
+    <a href="https://github.com/vercel-labs/emulate" target="_blank" rel="noopener"><span class="full">Source Code</span><span class="short">Source</span></a>
+    <a href="https://emulate.dev" target="_blank" rel="noopener"><span class="full">Learn More</span><span class="short">Learn</span></a>
+  </nav>
+</div>`;
+}
+function head(title) {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8"/>
+<meta name="viewport" content="width=device-width,initial-scale=1"/>
+<title>${escapeHtml(title)} | emulate</title>
+<style>${CSS}</style>
+</head>`;
+}
+function renderCardPage(title, subtitle, body, service) {
+  return `${head(title)}
+<body>
+${emuBar(service)}
+<div class="content">
+  <div class="content-inner">
+    <div class="card-title">${escapeHtml(title)}</div>
+    <div class="card-subtitle">${subtitle}</div>
+    ${body}
+  </div>
+</div>
+${POWERED_BY}
+</body></html>`;
+}
+function renderErrorPage(title, message, service) {
+  return `${head(title)}
+<body>
+${emuBar(service)}
+<div class="content">
+  <div class="content-inner error-card">
+    <div class="error-title">${escapeHtml(title)}</div>
+    <div class="error-msg">${escapeHtml(message)}</div>
+  </div>
+</div>
+${POWERED_BY}
+</body></html>`;
+}
+function renderUserButton(opts) {
+  const hiddens = Object.entries(opts.hiddenFields).map(([k, v]) => `<input type="hidden" name="${escapeAttr(k)}" value="${escapeAttr(v)}"/>`).join("");
+  const nameLine = opts.name ? `<div class="user-meta">${escapeHtml(opts.name)}</div>` : "";
+  const emailLine = opts.email ? `<div class="user-email">${escapeHtml(opts.email)}</div>` : "";
+  return `<form class="user-form" method="post" action="${escapeAttr(opts.formAction)}">
+${hiddens}
+<button type="submit" class="user-btn">
+  <span class="avatar">${escapeHtml(opts.letter)}</span>
+  <span class="user-text">
+    <span class="user-login">${escapeHtml(opts.login)}</span>
+    ${nameLine}${emailLine}
+  </span>
+</button>
+</form>`;
+}
+function normalizeUri(uri) {
+  try {
+    const u = new URL(uri);
+    return `${u.origin}${u.pathname.replace(/\/+$/, "")}`;
+  } catch {
+    return uri.replace(/\/+$/, "").split("?")[0];
+  }
+}
+function matchesRedirectUri(incoming, registered) {
+  const normalized = normalizeUri(incoming);
+  return registered.some((r) => normalizeUri(r) === normalized);
+}
+function bodyStr(v) {
+  if (typeof v === "string") return v;
+  if (Array.isArray(v) && typeof v[0] === "string") return v[0];
+  return "";
+}
+var keyPairPromise = generateKeyPair("RS256");
+var KID = "emulate-apple-1";
+var PENDING_CODE_TTL_MS = 5 * 60 * 1e3;
+function getPendingCodes(store) {
+  let map = store.getData("apple.oauth.pendingCodes");
+  if (!map) {
+    map = /* @__PURE__ */ new Map();
+    store.setData("apple.oauth.pendingCodes", map);
+  }
+  return map;
+}
+function getRefreshTokens(store) {
+  let map = store.getData("apple.oauth.refreshTokens");
+  if (!map) {
+    map = /* @__PURE__ */ new Map();
+    store.setData("apple.oauth.refreshTokens", map);
+  }
+  return map;
+}
+function getFirstAuthTracker(store) {
+  let set = store.getData("apple.oauth.firstAuthTracker");
+  if (!set) {
+    set = /* @__PURE__ */ new Set();
+    store.setData("apple.oauth.firstAuthTracker", set);
+  }
+  return set;
+}
+function isPendingCodeExpired(p) {
+  return Date.now() - p.created_at > PENDING_CODE_TTL_MS;
+}
+var SERVICE_LABEL = "Apple";
+async function createIdToken(user, clientId, nonce, baseUrl) {
+  const { privateKey } = await keyPairPromise;
+  const email = user.is_private_email && user.private_relay_email ? user.private_relay_email : user.email;
+  const now = Math.floor(Date.now() / 1e3);
+  const builder = new SignJWT({
+    sub: user.uid,
+    email,
+    email_verified: String(user.email_verified),
+    is_private_email: String(user.is_private_email),
+    real_user_status: user.real_user_status,
+    nonce_supported: true,
+    auth_time: now,
+    ...nonce ? { nonce } : {}
+  }).setProtectedHeader({ alg: "RS256", kid: KID, typ: "JWT" }).setIssuer(baseUrl).setAudience(clientId).setIssuedAt(now).setExpirationTime("1h");
+  return builder.sign(privateKey);
+}
+function oauthRoutes({ app, store, baseUrl, tokenMap }) {
+  const as = getAppleStore(store);
+  app.get("/.well-known/openid-configuration", (c) => {
+    return c.json({
+      issuer: baseUrl,
+      authorization_endpoint: `${baseUrl}/auth/authorize`,
+      token_endpoint: `${baseUrl}/auth/token`,
+      revocation_endpoint: `${baseUrl}/auth/revoke`,
+      jwks_uri: `${baseUrl}/auth/keys`,
+      response_types_supported: ["code"],
+      response_modes_supported: ["query", "fragment", "form_post"],
+      subject_types_supported: ["pairwise"],
+      id_token_signing_alg_values_supported: ["RS256"],
+      scopes_supported: ["openid", "email", "name"],
+      token_endpoint_auth_methods_supported: ["client_secret_post"],
+      claims_supported: [
+        "aud",
+        "email",
+        "email_verified",
+        "exp",
+        "iat",
+        "is_private_email",
+        "iss",
+        "nonce",
+        "nonce_supported",
+        "real_user_status",
+        "sub",
+        "transfer_sub"
+      ]
+    });
+  });
+  app.get("/auth/keys", async (c) => {
+    const { publicKey } = await keyPairPromise;
+    const jwk = await exportJWK(publicKey);
+    return c.json({
+      keys: [{
+        ...jwk,
+        kid: KID,
+        use: "sig",
+        alg: "RS256"
+      }]
+    });
+  });
+  app.get("/auth/authorize", (c) => {
+    const client_id = c.req.query("client_id") ?? "";
+    const redirect_uri = c.req.query("redirect_uri") ?? "";
+    const scope = c.req.query("scope") ?? "";
+    const state = c.req.query("state") ?? "";
+    const nonce = c.req.query("nonce") ?? "";
+    const response_mode = c.req.query("response_mode") ?? "query";
+    const clientsConfigured = as.oauthClients.all().length > 0;
+    let clientName = "";
+    if (clientsConfigured) {
+      const client = as.oauthClients.findOneBy("client_id", client_id);
+      if (!client) {
+        return c.html(
+          renderErrorPage("Application not found", `The client_id '${client_id}' is not registered.`, SERVICE_LABEL),
+          400
+        );
+      }
+      if (redirect_uri && !matchesRedirectUri(redirect_uri, client.redirect_uris)) {
+        return c.html(
+          renderErrorPage("Redirect URI mismatch", "The redirect_uri is not registered for this application.", SERVICE_LABEL),
+          400
+        );
+      }
+      clientName = client.name;
+    }
+    const subtitleText = clientName ? `Sign in to <strong>${escapeHtml(clientName)}</strong> with your Apple ID.` : "Choose a seeded user to continue.";
+    const users = as.users.all();
+    const userButtons = users.map((user) => {
+      return renderUserButton({
+        letter: (user.email[0] ?? "?").toUpperCase(),
+        login: user.email,
+        name: user.name,
+        email: user.email,
+        formAction: "/auth/authorize/callback",
+        hiddenFields: {
+          email: user.email,
+          redirect_uri,
+          scope,
+          state,
+          nonce,
+          client_id,
+          response_mode
+        }
+      });
+    }).join("\n");
+    const body = users.length === 0 ? '<p class="empty">No users in the emulator store.</p>' : userButtons;
+    return c.html(renderCardPage("Sign in with Apple", subtitleText, body, SERVICE_LABEL));
+  });
+  app.post("/auth/authorize/callback", async (c) => {
+    const body = await c.req.parseBody();
+    const email = bodyStr(body.email);
+    const redirect_uri = bodyStr(body.redirect_uri);
+    const scope = bodyStr(body.scope);
+    const state = bodyStr(body.state);
+    const client_id = bodyStr(body.client_id);
+    const nonce = bodyStr(body.nonce);
+    const response_mode = bodyStr(body.response_mode) || "query";
+    const code = randomBytes2(20).toString("hex");
+    getPendingCodes(store).set(code, {
+      email,
+      scope,
+      redirectUri: redirect_uri,
+      clientId: client_id,
+      nonce: nonce || null,
+      responseMode: response_mode,
+      created_at: Date.now()
+    });
+    debug("apple.oauth", `[Apple callback] code=${code.slice(0, 8)}... email=${email}`);
+    const tracker = getFirstAuthTracker(store);
+    const pairKey = `${email}:${client_id}`;
+    const isFirstAuth = !tracker.has(pairKey);
+    if (isFirstAuth) {
+      tracker.add(pairKey);
+    }
+    let userJson;
+    if (isFirstAuth) {
+      const user = as.users.findOneBy("email", email);
+      if (user) {
+        userJson = JSON.stringify({
+          name: { firstName: user.given_name, lastName: user.family_name },
+          email: user.email
+        });
+      }
+    }
+    if (response_mode === "form_post") {
+      const html = `<!DOCTYPE html>
+<html>
+<head><title>Submit</title></head>
+<body onload="document.forms[0].submit()">
+<form method="POST" action="${escapeAttr(redirect_uri)}">
+<input type="hidden" name="code" value="${escapeAttr(code)}" />
+<input type="hidden" name="state" value="${escapeAttr(state)}" />${userJson ? `
+<input type="hidden" name="user" value="${escapeAttr(userJson)}" />` : ""}
+</form>
+</body>
+</html>`;
+      return c.html(html);
+    }
+    const url = new URL(redirect_uri);
+    url.searchParams.set("code", code);
+    if (state) url.searchParams.set("state", state);
+    if (userJson) url.searchParams.set("user", userJson);
+    return c.redirect(url.toString(), 302);
+  });
+  app.post("/auth/token", async (c) => {
+    const rawText = await c.req.text();
+    const body = Object.fromEntries(new URLSearchParams(rawText));
+    const grant_type = body.grant_type ?? "";
+    const code = body.code ?? "";
+    const client_id = body.client_id ?? "";
+    const refresh_token = body.refresh_token ?? "";
+    if (grant_type === "authorization_code") {
+      const pendingMap = getPendingCodes(store);
+      const pending = pendingMap.get(code);
+      if (!pending) {
+        return c.json({ error: "invalid_grant", error_description: "The code is incorrect or expired." }, 400);
+      }
+      if (isPendingCodeExpired(pending)) {
+        pendingMap.delete(code);
+        return c.json({ error: "invalid_grant", error_description: "The code is incorrect or expired." }, 400);
+      }
+      pendingMap.delete(code);
+      const user = as.users.findOneBy("email", pending.email);
+      if (!user) {
+        return c.json({ error: "invalid_grant", error_description: "User not found." }, 400);
+      }
+      const accessToken = "apple_" + randomBytes2(20).toString("base64url");
+      const refreshToken = "r_apple_" + randomBytes2(20).toString("base64url");
+      const scopes = pending.scope ? pending.scope.split(/\s+/).filter(Boolean) : [];
+      if (tokenMap) {
+        tokenMap.set(accessToken, { login: user.email, id: user.id, scopes });
+      }
+      getRefreshTokens(store).set(refreshToken, {
+        email: user.email,
+        clientId: pending.clientId,
+        scope: pending.scope,
+        nonce: pending.nonce
+      });
+      const idToken = await createIdToken(user, pending.clientId, pending.nonce, baseUrl);
+      debug("apple.oauth", `[Apple token] issued token for ${user.email}`);
+      return c.json({
+        access_token: accessToken,
+        token_type: "Bearer",
+        expires_in: 3600,
+        refresh_token: refreshToken,
+        id_token: idToken
+      });
+    }
+    if (grant_type === "refresh_token") {
+      const refreshMap = getRefreshTokens(store);
+      const stored = refreshMap.get(refresh_token);
+      if (!stored) {
+        return c.json({ error: "invalid_grant", error_description: "The refresh_token is invalid." }, 400);
+      }
+      const user = as.users.findOneBy("email", stored.email);
+      if (!user) {
+        return c.json({ error: "invalid_grant", error_description: "User not found." }, 400);
+      }
+      const accessToken = "apple_" + randomBytes2(20).toString("base64url");
+      const scopes = stored.scope ? stored.scope.split(/\s+/).filter(Boolean) : [];
+      if (tokenMap) {
+        tokenMap.set(accessToken, { login: user.email, id: user.id, scopes });
+      }
+      const idToken = await createIdToken(user, stored.clientId || client_id, stored.nonce, baseUrl);
+      debug("apple.oauth", `[Apple refresh] issued new token for ${user.email}`);
+      return c.json({
+        access_token: accessToken,
+        token_type: "Bearer",
+        expires_in: 3600,
+        id_token: idToken
+      });
+    }
+    return c.json({ error: "unsupported_grant_type", error_description: "Only authorization_code and refresh_token are supported." }, 400);
+  });
+  app.post("/auth/revoke", async (c) => {
+    const rawText = await c.req.text();
+    const params = new URLSearchParams(rawText);
+    const token = params.get("token") ?? "";
+    if (token && tokenMap) {
+      tokenMap.delete(token);
+    }
+    if (token) {
+      getRefreshTokens(store).delete(token);
+    }
+    return c.body(null, 200);
+  });
+}
+function seedDefaults(store, _baseUrl) {
+  const as = getAppleStore(store);
+  as.users.insert({
+    uid: generateAppleUid(),
+    email: "testuser@icloud.com",
+    name: "Test User",
+    given_name: "Test",
+    family_name: "User",
+    email_verified: true,
+    is_private_email: false,
+    private_relay_email: null,
+    real_user_status: 2
+  });
+}
+function seedFromConfig(store, _baseUrl, config) {
+  const as = getAppleStore(store);
+  if (config.users) {
+    for (const u of config.users) {
+      const existing = as.users.findOneBy("email", u.email);
+      if (existing) continue;
+      const nameParts = (u.name ?? "").split(/\s+/);
+      const isPrivate = u.is_private_email ?? false;
+      as.users.insert({
+        uid: generateAppleUid(),
+        email: u.email,
+        name: u.name ?? u.email.split("@")[0],
+        given_name: u.given_name ?? nameParts[0] ?? "",
+        family_name: u.family_name ?? nameParts.slice(1).join(" ") ?? "",
+        email_verified: true,
+        is_private_email: isPrivate,
+        private_relay_email: isPrivate ? generatePrivateRelayEmail() : null,
+        real_user_status: 2
+      });
+    }
+  }
+  if (config.oauth_clients) {
+    for (const client of config.oauth_clients) {
+      const existing = as.oauthClients.findOneBy("client_id", client.client_id);
+      if (existing) continue;
+      as.oauthClients.insert({
+        client_id: client.client_id,
+        team_id: client.team_id,
+        key_id: client.key_id ?? "TESTKEY001",
+        name: client.name,
+        redirect_uris: client.redirect_uris
+      });
+    }
+  }
+}
+var applePlugin = {
+  name: "apple",
+  register(app, store, webhooks, baseUrl, tokenMap) {
+    const ctx = { app, store, webhooks, baseUrl, tokenMap };
+    oauthRoutes(ctx);
+  },
+  seed(store, baseUrl) {
+    seedDefaults(store, baseUrl);
+  }
+};
+var index_default = applePlugin;
+export {
+  applePlugin,
+  index_default as default,
+  getAppleStore,
+  seedFromConfig
+};
+//# sourceMappingURL=dist-O4KFIBVU.js.map