npm - feathers-ucan - Versions diffs - 0.0.27 → 0.0.29 - Mend

feathers-ucan 0.0.27 → 0.0.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/lib/env/version.d.ts +1 -1
package/lib/index.cjs +1 -1
package/lib/index.d.ts +1 -0
package/lib/index.modern.js +1 -1
package/lib/index.module.js +1 -1
package/lib/index.umd.js +1 -1
package/lib/utils/check-exists.d.ts +5 -0
package/lib/utils/index.d.ts +1 -0
package/package.json +1 -1

package/lib/env/version.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export declare const VERSION = "0.0.27";
1	+ export declare const VERSION = "0.0.29";

package/lib/index.cjs CHANGED Viewed

	@@ -1 +1 @@
1	- var e=require("symbol-ucan"),t=require("@feathersjs/authentication");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=/#__PURE__/n(require("long-timeout"));function i(){return i=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},i.apply(this,arguments)}function o(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,c(e,t)}function a(e){return a=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__\|\|Object.getPrototypeOf(e)},a(e)}function c(e,t){return c=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},c(e,t)}function u(e,t,n){return u=function(){if("undefined"==typeof Reflect\|\|!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,n){var r=[null];r.push.apply(r,t);var i=new(Function.bind.apply(e,r));return n&&c(i,n.prototype),i},u.apply(null,arguments)}function s(e){var t="function"==typeof Map?new Map:void 0;return s=function(e){if(null===e\|\|!function(e){try{return-1!==Function.toString.call(e).indexOf("[native code]")}catch(t){return"function"==typeof e}}(e))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,n)}function n(){return u(e,arguments,a(this).constructor)}return n.prototype=Object.create(e.prototype,{constructor:{value:n,enumerable:!1,writable:!0,configurable:!0}}),c(n,e)},s(e)}function l(e,t){if(null==e)return{};var n,r,i={},o=Object.keys(e);for(r=0;r<o.length;r++)t.indexOf(n=o[r])>=0\|\|(i[n]=e[n]);return i}var h=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return o(t,e),t}(/#__PURE__/s(Error)),f=/(\S+)\s+(\S+)/,p=/#__PURE__/function(t){function n(){for(var e,n=arguments.length,r=new Array(n),i=0;i<n;i++)r[i]=arguments[i];return(e=t.call.apply(t,[this].concat(r))\|\|this).expirationTimers=new WeakMap,e}o(n,t);var a,c,u=n.prototype;return u.setAuthentication=function(e){e.verifyAccessToken=function(e){return{}},this.authentication=e},u.handleConnection=function(t,n,i){try{var o=this,a="logout"===t&&n.authentication&&i&&n.authentication.accessToken===i.accessToken,c=(i\|\|{}).accessToken,u=function(){if(c&&"login"===t)return Promise.resolve(e.validateUcan(c).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){var t=1e3(e\|\|{payload:{exp:0}}).payload.exp-Date.now(),i=r.default.setTimeout(function(){return o.app.emit("disconnect",n)},t);r.default.clearTimeout(o.expirationTimers.get(n)),o.expirationTimers.set(n,i),n.authentication={strategy:o.name,accessToken:c}});("disconnect"===t\|\|a)&&(delete n[o.configuration.entity],delete n.authentication,r.default.clearTimeout(o.expirationTimers.get(n)),o.expirationTimers.delete(n))}();return Promise.resolve(u&&u.then?u.then(function(){}):void 0)}catch(e){return Promise.reject(e)}},u.verifyConfiguration=function(){for(var e=["entity","entityId","service","header","schemes","audience"],t=0,n=Object.keys(this.configuration);t<n.length;t++){var r=n[t];if(!e.includes(r))throw new Error("Invalid ucanStrategy option 'authentication."+this.name+"."+r+"'. Did you mean to set it in 'authentication.jwtOptions'?")}if("string"!=typeof this.configuration.header)throw new Error("The 'header' option for the "+this.name+" strategy must be a string")},u.getEntityQuery=function(e){return Promise.resolve({})},u.getEntity=function(t,n){try{var r=this,o=r.entityService,a=r.configuration.entity;if(null===o)throw new h("Could not find entity service");return Promise.resolve(r.getEntityQuery(n)).then(function(r){var c=Object.assign({},e._unset(n,"provider"),{query:r});return Promise.resolve(o.get(t,c)).then(function(e){var r;return n.provider?o.get(t,i({},n,((r={})[a]=e,r))):e})})}catch(e){return Promise.reject(e)}},u.getEntityId=function(e,t){try{var n=t.query,r=t.loginId;if(r)return Promise.resolve(r);var o,a,c=this.configuration,u=c.service,s=c.core_path,l=void 0===s?"core":s,f=((o={query:i({},n,{$limit:1})})[l]=i({skipJoins:!0},t[l]),o);return Promise.resolve(null==(a=this.app)?void 0:a.service(u).find(i({},f,{skipJoins:!0}))).then(function(e){if(e.total)return e.data[0]._id;throw new h("Could not find login associated with this ucan")})}catch(e){return Promise.reject(e)}},u.authenticate=function(t,n){try{var r=this,o=t.accessToken,a=t.loginId,c=t.ucan,u=r.configuration,s=u.entity,l=u.core_path;if(!o){if(!c)throw new h("Error generating ucan");o=e.ucanToken(c)}return Promise.resolve(e.validateUcan(o).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(t){function c(){var e;return i({},h,((e={})[s]=u,e))}var u,h={accessToken:o,authentication:{strategy:"jwt",accessToken:o}};if(null===s)return h;var f=e._get(n,[l,s]),p=function(){if(!f)return Promise.resolve(r.getEntityId(h,i({},n,{loginId:a,query:{did:null==t?void 0:t.payload.aud}}))).then(function(e){return Promise.resolve(r.getEntity(e,n)).then(function(e){u=e})});u=f}();return p&&p.then?p.then(c):c()})}catch(e){return Promise.reject(e)}},u.parse=function(e){try{var t=this.configuration,n=t.schemes,r=e.headers&&e.headers[t.header.toLowerCase()];if(!r\|\|"string"!=typeof r)return Promise.resolve(null);var i=r.match(f)\|\|[],o=i[1],a=i[2],c=o&&n.some(function(e){return new RegExp(e,"i").test(o)});return Promise.resolve(o&&!c?null:{strategy:this.name,accessToken:c?a:r})}catch(e){return Promise.reject(e)}},a=n,(c=[{key:"configuration",get:function(){var e,n=(null==(e=this.authentication)?void 0:e.configuration)\|\|{service:void 0,entity:void 0,entityId:void 0};return i({service:n.service,entity:n.entity,entityId:n.entityId,header:"Authorization",schemes:["Bearer","JWT"]},t.prototype.configuration)}}])&&function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,"symbol"==typeof(i=function(e,t){if("object"!=typeof e\|\|null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,"string");if("object"!=typeof r)return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(r.key))?i:String(i),r)}var i}(a.prototype,c),Object.defineProperty(a,"prototype",{writable:!1}),n}(t.AuthenticationBaseStrategy),v=["NotAuthenticated"],d=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return o(t,e),t}(/#__PURE__/s(Error)),m=/#__PURE__/function(t){function n(e,n,r){var i;void 0===n&&(n="authentication"),void 0===r&&(r={});var o=r.NotAuthenticated,a=l(r,v);return(i=t.call(this,e,n,a)\|\|this).options=void 0,i.app=e,i.options={NotAuthenticated:o},i}return o(n,t),n.prototype.create=function(t,n){try{var r,o,a=this,c=(null==(r=a.options)?void 0:r.NotAuthenticated)\|\|d,u=a.app.get("authentication"),s=u.entity,l=u.service,h=u.ucan_path,f=void 0===h?"ucan":h,p=(null==(o=n)?void 0:o.authStrategies)\|\|a.configuration.authStrategies;if(n\|\|(n={}),!p.length)throw new c("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(a.authenticate.apply(a,[t,n].concat(p)).catch(function(e){throw new Error(e.message)})).then(function(r){if(r.accessToken)return r;var o=t.did\|\|e._get(r,[s,"did"]),c=t.ucan\|\|e._get(r,[s,"ucan"]);if(!o)throw new Error("No did audience provided");if(!c)throw new Error("No ucan provided to authentication call");return Promise.resolve(e.validateUcan(c).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan",c,t.message),null})).then(function(t){function o(){var t=e.ucanToken(c);return i({accessToken:t},r,{authentication:i({},r.authentication,{payload:t})})}var u=function(){if(!t){var o=e.parseUcan(c),u=a.app.get("authentication"),h=e.encodeKeyPair({secretKey:u.secret});return Promise.resolve(e.buildUcan({audience:o.payload.aud,issuer:h,lifetimeInSeconds:5184e3,capabilities:o.payload.att})).then(function(t){var o;return c=t,n.admin_pass=!0,Promise.resolve(a.app.service(l).patch(e._get(r,[s,"_id"]),(o={},o[f]=e.ucanToken(c),o),i({},n))).then(function(){})})}}();return u&&u.then?u.then(o):o()})})}catch(e){return Promise.reject(e)}},n}(t.AuthenticationService),y=/#__PURE__/function(){function e(e,t,n){var r;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=i({},null==(r=t.params)?void 0:r.core,n)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var n,r,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).get(e,i({},t,((r={})[a]=o.core,r))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,n,r=this,o=r.context.app.get("authentication").core_path;return Promise.resolve(null==(t=r.context.app)?void 0:t.service(r.service).find(i({},e,((n={})[o]=r.core,n))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var n,r,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).create(e,i({},t,((r={})[a]=o.core,r))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,n){void 0===n&&(n={});try{var r,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(r=a.context.app)?void 0:r.service(a.service).patch(e,t,i({},n,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,n){void 0===n&&(n={});try{var r,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(r=a.context.app)?void 0:r.service(a.service).update(e,t,i({},n,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var n,r,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).remove(e,i({},t,((r={})[a]=o.core,r))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var n,r,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._get(e,i({},t,((r={})[a]=o.core,r))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,n,r=this,o=r.context.app.get("authentication").core_path;return Promise.resolve(null==(t=r.context.app)?void 0:t.service(r.service)._find(i({},e,((n={})[o]=r.core,n))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var n,r,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._create(e,i({},t,((r={})[a]=o.core,r))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,n){void 0===n&&(n={});try{var r,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(r=a.context.app)?void 0:r.service(a.service)._patch(e,t,i({},n,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,n){void 0===n&&(n={});try{var r,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(r=a.context.app)?void 0:r.service(a.service)._update(e,t,i({},n,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var n,r,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._remove(e,i({},t,((r={})[a]=o.core,r))))}catch(e){return Promise.reject(e)}},e}(),g=["ucan"];function P(e,t,n){if(!e.s){if(n instanceof _){if(!n.s)return void(n.o=P.bind(null,e,t));1&t&&(t=n.s),n=n.v}if(n&&n.then)return void n.then(P.bind(null,e,t),P.bind(null,e,2));e.s=t,e.v=n;var r=e.o;r&&r(e)}}const _=/#__PURE__/function(){function e(){}return e.prototype.then=function(t,n){const r=new e,i=this.s;if(i){const e=1&i?t:n;if(e){try{P(r,1,e(this.v))}catch(e){P(r,2,e)}return r}return this}return this.o=function(e){try{const i=e.v;1&e.s?P(r,1,t?t(i):i):n?P(r,1,n(i)):P(r,2,i)}catch(e){P(r,2,e)}},r},e}();var w=function(n){try{var r=n.app.get("authentication"),i=e._get(n,["auth",r.entity]);return i&&(n=e._set(n,[r.core_path,r.entity],i)),Promise.resolve(t.authenticate("jwt")(n).catch(function(e){return console.error("got error in no throw auth",e),n})).then(function(e){return n=e})}catch(e){return Promise.reject(e)}},b=function(n){try{var r=n.app.get("authentication"),i=e._get(n,["auth",r.entity]);return i&&(n=e._set(n,[r.core_path,r.entity],i)),Promise.resolve(t.authenticate("jwt")(n))}catch(e){return Promise.reject(e)}},x=function(t){try{var n,r={ok:!1,value:[]},i=function(i,o,a){var c=[];for(var u in i)c.push(u);return function(e,t,n){var r,i,o=-1;return function a(c){try{for(;++o<e.length&&(!n\|\|!n());)if((c=t(o))&&c.then){if(!((u=c)instanceof _&&1&u.s))return void c.then(a,i\|\|(i=P.bind(null,r=new _,2)));c=c.v}r?P(r,1,c):r=c}catch(e){P(r\|\|(r=new _),2,e)}var u}(),r}(c,function(i){return function(i){var o=function(o){if(null==(o=r)\|\|!o.ok){var a=t[i],c=a.ucan,u=l(a,g);return Promise.resolve(function(t,n){try{return Promise.resolve(e.verifyUcan(t,n))}catch(e){return Promise.reject(e)}}(c,u)).then(function(e){r=e})}n=1}();if(o&&o.then)return o.then(function(){})}(c[i])},function(){return n})}(t);return Promise.resolve(i&&i.then?i.then(function(){return r}):r)}catch(e){return Promise.reject(e)}},j=function(t,n,r){return function(i){try{var o,a=e._get(i.params,n.client_ucan),c=e._get(i.params,n.ucan_aud);return a&&c&&null!=r&&null!=(o=r.or)&&o.includes(i.method)?Promise.resolve(x((t\|\|[]).map(function(e){return{ucan:a,audience:c,requiredCapabilities:[e]}}))):Promise.resolve(e.verifyUcan(a,{audience:c,requiredCapabilities:t}))}catch(e){return Promise.reject(e)}}},k=function(t,n){var r=e.encodeKeyPair({secretKey:n.secret}).did();return(t\|\|[]).map(function(t){return{capability:Array.isArray(t)?e.genCapability({with:{scheme:n.defaultScheme,hierPart:n.defaultHierPart},can:{namespace:t[0],segments:"string"==typeof t[1]?[t[1]]:t[1]}},n):e.genCapability(t,n),rootIssuer:r}})},E=function(t,n){return function(r){try{var i,o=function(o){return i?o:Promise.resolve(b(r)).then(function(i){function o(){var t;if(null!=(t=c)&&t.ok)return r;var i=function(){function t(){if(c.ok)return r;throw console.error("Ucan capabilities requirements not met: ",c,r.type,r.path),new Error("Missing proper capabilities for this action: "+r.type+": "+r.path+" - "+r.method)}var i=function(t){if(null==(t=c)\|\|!t.ok){var i=!1,o=[];u.forEach(function(t,n){var r=(e._get(t,"capability.can.namespace")\|\|"").split(":");r[1]&&(t=e._set(t,"capability.can.namespace",r[0]),i=!0),o.push(t)});var s=function(){if(i)return Promise.resolve(j(u,a,n)(r)).then(function(e){c=e})}();if(s&&s.then)return s.then(function(){})}}();return i&&i.then?i.then(t):t()},o=n\|\|{creatorPass:!1},s=o.creatorPass,l=o.loginPass,h=function(){if(s&&(""===s\|\|s.includes(r.method))\|\|null!=l&&l.length&&(""===l[1]\|\|l[1].includes(r.method)))return Promise.resolve(new y(r.path,r,{skipJoins:!0}).get(r.id)).then(function(t){if(s)c.ok=e._get(t,["createdBy",a.entity])===(e._get(r,[a.entity,"_id"])\|\|"*");else if(l){var n=e._flatten((l[0]\|\|[]).map(function(n){return e._get(t,n)}).map(function(e){return Array.isArray(e)?e:[e]})),i=e._get(r.params,[a.entity,"_id"]),o=n.filter(function(e){return!!e});c.ok=o.map(function(e){return String(e)}).includes(String(i))}})}();return h&&h.then?h.then(i):i()}if(r=i,""===t)return r;if(((null==n?void 0:n.adminPass)\|\|[]).includes(r.method)&&(e._get(r.params,"admin_pass")\|\|e._get(r.params,[a.core_path,"admin_pass"])))return r;var c={ok:!1,value:[]},u=k(t,a),s=function(){if(u.length)return Promise.resolve(j(u,a,n)(r)).then(function(e){c=e});c.ok=!0}();return s&&s.then?s.then(o):o()})},a=r.app.get("authentication"),c=function(){if("$"===t)return Promise.resolve(w(r)).then(function(e){return i=1,e})}();return Promise.resolve(c&&c.then?c.then(o):o(c))}catch(e){return Promise.reject(e)}}};exports.AuthService=m,exports.CoreCall=y,exports.NotAuthError=d,exports.UcanStrategy=p,exports.allUcanAuth=function(t,n){return function(r){try{var i=r.app.get("authentication"),o=e._get(r,["auth",i.entity]);if(o&&(r=e._set(r,[i.core_path,i.entity],o)),"before"===r.type){var a=r.method;return Promise.resolve(t[a]\|\|t.all?E(t[a]\|\|t.all,n)(r):r)}return Promise.resolve(r)}catch(e){return Promise.reject(e)}}},exports.anyAuth="*",exports.bareAuth=b,exports.modelCapabilities=k,exports.noThrow="$",exports.noThrowAuth=w,exports.orVerifyLoop=x,exports.ucanAuth=E,exports.updateUcan=function(){return function(t){try{var n=t.data,r=n.add,o=void 0===r?[]:r,a=n.remove,c=void 0===a?[]:a;if(!(null!=o&&o.length\|\|null!=c&&c.length))throw new Error("No new capabilities passed");var u=t.app.get("authentication"),s=u.secret,l=u.ucan_aud,h=u.entity,f=u.ucan,p=e.encodeKeyPair({secretKey:s}).did(),v=e.stackAbilities([].concat(o,c));return Promise.resolve(e.verifyUcan(e._get(t.params,[h,f]),{audience:e._get(t.params,l),requiredCapabilities:v.map(function(e){return{capability:e,rootIssuer:p}})})).then(function(n){if(null==n\|\|!n.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var r=t.id,a=t.data.service\|\|"logins",u=t.data.path\|\|"ucan";return Promise.resolve(new y(a,t,{skipJoins:!0}).get(r)).then(function(n){var l=e.parseUcan(e._get(n,u)).payload,h=l.aud,f=l.att,p=l.prf,v=[].concat(f);return null!=c&&c.length&&(v=e.reduceAbilities(c,f)),null!=o&&o.length&&(v=e.stackAbilities([].concat(f,o))),Promise.resolve(e.buildUcan(i({issuer:e.encodeKeyPair({secretKey:s}),audience:h,lifetimeInSeconds:5184e3,proofs:p},t.data,{capabilities:v}))).then(function(n){var i=e.ucanToken(n);return Promise.resolve(e.validateUcan(i)).then(function(e){var n;if(!e)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new y(a,t).patch(r,(n={},n[u]=i,n))).then(function(e){return t.result={raw:t.data,encoded:i,subject:e},t})})})})})}catch(e){return Promise.reject(e)}}},exports.verifyAgainstReqs=j;
1	+ var e=require("symbol-ucan"),t=require("@feathersjs/authentication");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var n=/#__PURE__/r(require("long-timeout"));function i(){return i=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var n in r)Object.prototype.hasOwnProperty.call(r,n)&&(e[n]=r[n])}return e},i.apply(this,arguments)}function o(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,c(e,t)}function a(e){return a=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__\|\|Object.getPrototypeOf(e)},a(e)}function c(e,t){return c=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},c(e,t)}function u(e,t,r){return u=function(){if("undefined"==typeof Reflect\|\|!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,r){var n=[null];n.push.apply(n,t);var i=new(Function.bind.apply(e,n));return r&&c(i,r.prototype),i},u.apply(null,arguments)}function s(e){var t="function"==typeof Map?new Map:void 0;return s=function(e){if(null===e\|\|!function(e){try{return-1!==Function.toString.call(e).indexOf("[native code]")}catch(t){return"function"==typeof e}}(e))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return u(e,arguments,a(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),c(r,e)},s(e)}function l(e,t){if(null==e)return{};var r,n,i={},o=Object.keys(e);for(n=0;n<o.length;n++)t.indexOf(r=o[n])>=0\|\|(i[r]=e[r]);return i}var h=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return o(t,e),t}(/#__PURE__/s(Error)),p=/(\S+)\s+(\S+)/,f=/#__PURE__/function(t){function r(){for(var e,r=arguments.length,n=new Array(r),i=0;i<r;i++)n[i]=arguments[i];return(e=t.call.apply(t,[this].concat(n))\|\|this).expirationTimers=new WeakMap,e}o(r,t);var a,c,u=r.prototype;return u.setAuthentication=function(e){e.verifyAccessToken=function(e){return{}},this.authentication=e},u.handleConnection=function(t,r,i){try{var o=this,a="logout"===t&&r.authentication&&i&&r.authentication.accessToken===i.accessToken,c=(i\|\|{}).accessToken,u=function(){if(c&&"login"===t)return Promise.resolve(e.validateUcan(c).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){var t=1e3(e\|\|{payload:{exp:0}}).payload.exp-Date.now(),i=n.default.setTimeout(function(){return o.app.emit("disconnect",r)},t);n.default.clearTimeout(o.expirationTimers.get(r)),o.expirationTimers.set(r,i),r.authentication={strategy:o.name,accessToken:c}});("disconnect"===t\|\|a)&&(delete r[o.configuration.entity],delete r.authentication,n.default.clearTimeout(o.expirationTimers.get(r)),o.expirationTimers.delete(r))}();return Promise.resolve(u&&u.then?u.then(function(){}):void 0)}catch(e){return Promise.reject(e)}},u.verifyConfiguration=function(){for(var e=["entity","entityId","service","header","schemes","audience"],t=0,r=Object.keys(this.configuration);t<r.length;t++){var n=r[t];if(!e.includes(n))throw new Error("Invalid ucanStrategy option 'authentication."+this.name+"."+n+"'. Did you mean to set it in 'authentication.jwtOptions'?")}if("string"!=typeof this.configuration.header)throw new Error("The 'header' option for the "+this.name+" strategy must be a string")},u.getEntityQuery=function(e){return Promise.resolve({})},u.getEntity=function(t,r){try{var n=this,o=n.entityService,a=n.configuration.entity;if(null===o)throw new h("Could not find entity service");return Promise.resolve(n.getEntityQuery(r)).then(function(n){var c=Object.assign({},e._unset(r,"provider"),{query:n});return Promise.resolve(o.get(t,c)).then(function(e){var n;return r.provider?o.get(t,i({},r,((n={})[a]=e,n))):e})})}catch(e){return Promise.reject(e)}},u.getEntityId=function(e,t){try{var r=t.query,n=t.loginId;if(n)return Promise.resolve(n);var o,a,c=this.configuration,u=c.service,s=c.core_path,l=void 0===s?"core":s,p=((o={query:i({},r,{$limit:1})})[l]=i({skipJoins:!0},t[l]),o);return Promise.resolve(null==(a=this.app)?void 0:a.service(u).find(i({},p,{skipJoins:!0}))).then(function(e){if(e.total)return e.data[0]._id;throw new h("Could not find login associated with this ucan")})}catch(e){return Promise.reject(e)}},u.authenticate=function(t,r){try{var n=this,o=t.accessToken,a=t.loginId,c=t.ucan,u=n.configuration,s=u.entity,l=u.core_path;if(!o){if(!c)throw new h("Error generating ucan");o=e.ucanToken(c)}return Promise.resolve(e.validateUcan(o).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(t){function c(){var e;return i({},h,((e={})[s]=u,e))}var u,h={accessToken:o,authentication:{strategy:"jwt",accessToken:o}};if(null===s)return h;var p=e._get(r,[l,s]),f=function(){if(!p)return Promise.resolve(n.getEntityId(h,i({},r,{loginId:a,query:{did:null==t?void 0:t.payload.aud}}))).then(function(e){return Promise.resolve(n.getEntity(e,r)).then(function(e){u=e})});u=p}();return f&&f.then?f.then(c):c()})}catch(e){return Promise.reject(e)}},u.parse=function(e){try{var t=this.configuration,r=t.schemes,n=e.headers&&e.headers[t.header.toLowerCase()];if(!n\|\|"string"!=typeof n)return Promise.resolve(null);var i=n.match(p)\|\|[],o=i[1],a=i[2],c=o&&r.some(function(e){return new RegExp(e,"i").test(o)});return Promise.resolve(o&&!c?null:{strategy:this.name,accessToken:c?a:n})}catch(e){return Promise.reject(e)}},a=r,(c=[{key:"configuration",get:function(){var e,r=(null==(e=this.authentication)?void 0:e.configuration)\|\|{service:void 0,entity:void 0,entityId:void 0};return i({service:r.service,entity:r.entity,entityId:r.entityId,header:"Authorization",schemes:["Bearer","JWT"]},t.prototype.configuration)}}])&&function(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable\|\|!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,"symbol"==typeof(i=function(e,t){if("object"!=typeof e\|\|null===e)return e;var r=e[Symbol.toPrimitive];if(void 0!==r){var n=r.call(e,"string");if("object"!=typeof n)return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(n.key))?i:String(i),n)}var i}(a.prototype,c),Object.defineProperty(a,"prototype",{writable:!1}),r}(t.AuthenticationBaseStrategy),v=["NotAuthenticated"],d=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return o(t,e),t}(/#__PURE__/s(Error)),m=/#__PURE__/function(t){function r(e,r,n){var i;void 0===r&&(r="authentication"),void 0===n&&(n={});var o=n.NotAuthenticated,a=l(n,v);return(i=t.call(this,e,r,a)\|\|this).options=void 0,i.app=e,i.options={NotAuthenticated:o},i}return o(r,t),r.prototype.create=function(t,r){try{var n,o,a=this,c=(null==(n=a.options)?void 0:n.NotAuthenticated)\|\|d,u=a.app.get("authentication"),s=u.entity,l=u.service,h=u.ucan_path,p=void 0===h?"ucan":h,f=(null==(o=r)?void 0:o.authStrategies)\|\|a.configuration.authStrategies;if(r\|\|(r={}),!f.length)throw new c("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(a.authenticate.apply(a,[t,r].concat(f)).catch(function(e){throw new Error(e.message)})).then(function(n){if(n.accessToken)return n;var o=t.did\|\|e._get(n,[s,"did"]),c=t.ucan\|\|e._get(n,[s,"ucan"]);if(!o)throw new Error("No did audience provided");if(!c)throw new Error("No ucan provided to authentication call");return Promise.resolve(e.validateUcan(c).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan",c,t.message),null})).then(function(t){function o(){var t=e.ucanToken(c);return i({accessToken:t},n,{authentication:i({},n.authentication,{payload:t})})}var u=function(){if(!t){var o=e.parseUcan(c),u=a.app.get("authentication"),h=e.encodeKeyPair({secretKey:u.secret});return Promise.resolve(e.buildUcan({audience:o.payload.aud,issuer:h,lifetimeInSeconds:5184e3,capabilities:o.payload.att})).then(function(t){var o;return c=t,r.admin_pass=!0,Promise.resolve(a.app.service(l).patch(e._get(n,[s,"_id"]),(o={},o[p]=e.ucanToken(c),o),i({},r))).then(function(){})})}}();return u&&u.then?u.then(o):o()})})}catch(e){return Promise.reject(e)}},r}(t.AuthenticationService),y=/#__PURE__/function(){function e(e,t,r){var n;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=i({},null==(n=t.params)?void 0:n.core,r)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var r,n,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).get(e,i({},t,((n={})[a]=o.core,n))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,r,n=this,o=n.context.app.get("authentication").core_path;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service).find(i({},e,((r={})[o]=n.core,r))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var r,n,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).create(e,i({},t,((n={})[a]=o.core,n))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,r){void 0===r&&(r={});try{var n,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service).patch(e,t,i({},r,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,r){void 0===r&&(r={});try{var n,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service).update(e,t,i({},r,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var r,n,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).remove(e,i({},t,((n={})[a]=o.core,n))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var r,n,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._get(e,i({},t,((n={})[a]=o.core,n))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,r,n=this,o=n.context.app.get("authentication").core_path;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service)._find(i({},e,((r={})[o]=n.core,r))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var r,n,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._create(e,i({},t,((n={})[a]=o.core,n))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,r){void 0===r&&(r={});try{var n,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service)._patch(e,t,i({},r,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,r){void 0===r&&(r={});try{var n,o,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service)._update(e,t,i({},r,((o={})[c]=a.core,o))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var r,n,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._remove(e,i({},t,((n={})[a]=o.core,n))))}catch(e){return Promise.reject(e)}},e}(),g="_exists",P=function(e){var t=e.app.get("existsPath")\|\|g;return e.params?e.params[t+":"+e.path]:void 0},_=function(e){try{var t=P(e),r=function(){if(!t&&e.id)return Promise.resolve(new y(e.path,e,{skipJoins:!0}).get(e.id,{admin_pass:!0})).then(function(e){t=e})}();return Promise.resolve(r&&r.then?r.then(function(){return t}):t)}catch(e){return Promise.reject(e)}},x=["ucan"];function w(e,t,r){if(!e.s){if(r instanceof b){if(!r.s)return void(r.o=w.bind(null,e,t));1&t&&(t=r.s),r=r.v}if(r&&r.then)return void r.then(w.bind(null,e,t),w.bind(null,e,2));e.s=t,e.v=r;var n=e.o;n&&n(e)}}const b=/#__PURE__/function(){function e(){}return e.prototype.then=function(t,r){const n=new e,i=this.s;if(i){const e=1&i?t:r;if(e){try{w(n,1,e(this.v))}catch(e){w(n,2,e)}return n}return this}return this.o=function(e){try{const i=e.v;1&e.s?w(n,1,t?t(i):i):r?w(n,1,r(i)):w(n,2,i)}catch(e){w(n,2,e)}},n},e}();var j=function(r){try{var n=r.app.get("authentication"),i=e._get(r,["auth",n.entity]);return i&&(r=e._set(r,[n.core_path,n.entity],i)),Promise.resolve(t.authenticate("jwt")(r).catch(function(e){return console.error("got error in no throw auth",e),r})).then(function(e){return r=e})}catch(e){return Promise.reject(e)}},k=function(r){try{var n=r.app.get("authentication"),i=e._get(r,["auth",n.entity]);return i&&(r=e._set(r,[n.core_path,n.entity],i)),Promise.resolve(t.authenticate("jwt")(r))}catch(e){return Promise.reject(e)}},E=function(t){try{var r,n={ok:!1,value:[]},i=function(i,o,a){var c=[];for(var u in i)c.push(u);return function(e,t,r){var n,i,o=-1;return function a(c){try{for(;++o<e.length&&(!r\|\|!r());)if((c=t(o))&&c.then){if(!((u=c)instanceof b&&1&u.s))return void c.then(a,i\|\|(i=w.bind(null,n=new b,2)));c=c.v}n?w(n,1,c):n=c}catch(e){w(n\|\|(n=new b),2,e)}var u}(),n}(c,function(i){return function(i){var o=function(o){if(null==(o=n)\|\|!o.ok){var a=t[i],c=a.ucan,u=l(a,x);return Promise.resolve(function(t,r){try{return Promise.resolve(e.verifyUcan(t,r))}catch(e){return Promise.reject(e)}}(c,u)).then(function(e){n=e})}r=1}();if(o&&o.then)return o.then(function(){})}(c[i])},function(){return r})}(t);return Promise.resolve(i&&i.then?i.then(function(){return n}):n)}catch(e){return Promise.reject(e)}},T=function(t,r,n){return function(i){try{var o,a=e._get(i.params,r.client_ucan),c=e._get(i.params,r.ucan_aud);return a&&c&&null!=n&&null!=(o=n.or)&&o.includes(i.method)?Promise.resolve(E((t\|\|[]).map(function(e){return{ucan:a,audience:c,requiredCapabilities:[e]}}))):Promise.resolve(e.verifyUcan(a,{audience:c,requiredCapabilities:t}))}catch(e){return Promise.reject(e)}}},O=function(t,r){var n=e.encodeKeyPair({secretKey:r.secret}).did();return(t\|\|[]).map(function(t){return{capability:Array.isArray(t)?e.genCapability({with:{scheme:r.defaultScheme,hierPart:r.defaultHierPart},can:{namespace:t[0],segments:"string"==typeof t[1]?[t[1]]:t[1]}},r):e.genCapability(t,r),rootIssuer:n}})},A=function(t,r){return function(n){try{var i,o=function(o){return i?o:Promise.resolve(k(n)).then(function(i){function o(){var t;if(null!=(t=c)&&t.ok)return n;var i=function(){function t(){if(c.ok)return n;throw console.error("Ucan capabilities requirements not met: ",c,n.type,n.path),new Error("Missing proper capabilities for this action: "+n.type+": "+n.path+" - "+n.method)}var i=function(t){if(null==(t=c)\|\|!t.ok){var i=!1,o=[];u.forEach(function(t,r){var n=(e._get(t,"capability.can.namespace")\|\|"").split(":");n[1]&&(t=e._set(t,"capability.can.namespace",n[0]),i=!0),o.push(t)});var s=function(){if(i)return Promise.resolve(T(u,a,r)(n)).then(function(e){c=e})}();if(s&&s.then)return s.then(function(){})}}();return i&&i.then?i.then(t):t()},o=r\|\|{creatorPass:!1},s=o.creatorPass,l=o.loginPass,h=function(){if(s&&(""===s\|\|s.includes(n.method))\|\|null!=l&&l.length&&(""===l[1]\|\|l[1].includes(n.method)))return Promise.resolve(_(n)).then(function(t){if(s)c.ok=e._get(t,["createdBy",a.entity])===(e._get(n,[a.entity,"_id"])\|\|"*");else if(l){var r=e._flatten((l[0]\|\|[]).map(function(r){return e._get(t,r)}).map(function(e){return Array.isArray(e)?e:[e]})),i=e._get(n.params,[a.entity,"_id"]),o=r.filter(function(e){return!!e});c.ok=o.map(function(e){return String(e)}).includes(String(i))}})}();return h&&h.then?h.then(i):i()}if(n=i,""===t)return n;if(((null==r?void 0:r.adminPass)\|\|[]).includes(n.method)&&(e._get(n.params,"admin_pass")\|\|e._get(n.params,[a.core_path,"admin_pass"])))return n;var c={ok:!1,value:[]},u=O(t,a),s=function(){if(u.length)return Promise.resolve(T(u,a,r)(n)).then(function(e){c=e});c.ok=!0}();return s&&s.then?s.then(o):o()})},a=n.app.get("authentication"),c=function(){if("$"===t)return Promise.resolve(j(n)).then(function(e){return i=1,e})}();return Promise.resolve(c&&c.then?c.then(o):o(c))}catch(e){return Promise.reject(e)}}};exports.AuthService=m,exports.CoreCall=y,exports.NotAuthError=d,exports.UcanStrategy=f,exports.allUcanAuth=function(t,r){return function(n){try{var i=n.app.get("authentication"),o=e._get(n,["auth",i.entity]);if(o&&(n=e._set(n,[i.core_path,i.entity],o)),"before"===n.type){var a=n.method;return Promise.resolve(t[a]\|\|t.all?A(t[a]\|\|t.all,r)(n):n)}return Promise.resolve(n)}catch(e){return Promise.reject(e)}}},exports.anyAuth="*",exports.bareAuth=k,exports.existsPath=g,exports.getExists=P,exports.loadExists=_,exports.modelCapabilities=O,exports.noThrow="$",exports.noThrowAuth=j,exports.orVerifyLoop=E,exports.setExists=function(e,t){var r=e.app.get("existsPath")\|\|g;return e.params[r+":"+e.path]=t,e},exports.ucanAuth=A,exports.updateUcan=function(){return function(t){try{var r=t.data,n=r.add,o=void 0===n?[]:n,a=r.remove,c=void 0===a?[]:a;if(!(null!=o&&o.length\|\|null!=c&&c.length))throw new Error("No new capabilities passed");var u=t.app.get("authentication"),s=u.secret,l=u.ucan_aud,h=u.entity,p=u.ucan,f=e.encodeKeyPair({secretKey:s}).did(),v=e.stackAbilities([].concat(o,c));return Promise.resolve(e.verifyUcan(e._get(t.params,[h,p]),{audience:e._get(t.params,l),requiredCapabilities:v.map(function(e){return{capability:e,rootIssuer:f}})})).then(function(r){if(null==r\|\|!r.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var n=t.id,a=t.data.service\|\|"logins",u=t.data.path\|\|"ucan";return Promise.resolve(new y(a,t,{skipJoins:!0}).get(n)).then(function(r){var l=e.parseUcan(e._get(r,u)).payload,h=l.aud,p=l.att,f=l.prf,v=[].concat(p);return null!=c&&c.length&&(v=e.reduceAbilities(c,p)),null!=o&&o.length&&(v=e.stackAbilities([].concat(p,o))),Promise.resolve(e.buildUcan(i({issuer:e.encodeKeyPair({secretKey:s}),audience:h,lifetimeInSeconds:5184e3,proofs:f},t.data,{capabilities:v}))).then(function(r){var i=e.ucanToken(r);return Promise.resolve(e.validateUcan(i)).then(function(e){var r;if(!e)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new y(a,t).patch(n,(r={},r[u]=i,r))).then(function(e){return t.result={raw:t.data,encoded:i,subject:e},t})})})})})}catch(e){return Promise.reject(e)}}},exports.verifyAgainstReqs=T;

package/lib/index.d.ts CHANGED Viewed

@@ -2,3 +2,4 @@ export * from './auth-service';
 export * from './core';
 export * from './hooks';
 export * from './types';
+export * from './utils';

package/lib/index.modern.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{validateUcan as t,_unset as e,ucanToken as i,_get as a,parseUcan as n,encodeKeyPair as s,buildUcan as o,_set as r,verifyUcan as c,genCapability as u,_flatten as h,stackAbilities as p,reduceAbilities as l}from"symbol-ucan";import{AuthenticationBaseStrategy as d,AuthenticationService as g,authenticate as v}from"@feathersjs/authentication";import y from"long-timeout";function f(){return f=Object.assign?Object.assign.bind():function(t){for(var e=1;e<arguments.length;e++){var i=arguments[e];for(var a in i)Object.prototype.hasOwnProperty.call(i,a)&&(t[a]=i[a])}return t},f.apply(this,arguments)}function m(t,e){if(null==t)return{};var i,a,n={},s=Object.keys(t);for(a=0;a<s.length;a++)e.indexOf(i=s[a])>=0\|\|(n[i]=t[i]);return n}class w extends Error{constructor(t){super(t)}}const x=/(\S+)\s+(\S+)/;class _ extends d{constructor(...t){super(...t),this.expirationTimers=new WeakMap}setAuthentication(t){t.verifyAccessToken=t=>({}),super.authentication=t}get configuration(){var t;const e=(null==(t=this.authentication)?void 0:t.configuration)\|\|{service:void 0,entity:void 0,entityId:void 0};return f({service:e.service,entity:e.entity,entityId:e.entityId,header:"Authorization",schemes:["Bearer","JWT"]},super.configuration)}async handleConnection(e,i,a){const n="logout"===e&&i.authentication&&a&&i.authentication.accessToken===a.accessToken,{accessToken:s}=a\|\|{};if(s&&"login"===e){const e=await t(s).catch(t=>{console.log("Could not validate ucan: ",t.message);const e={code:0,message:"Unknown Issue Validating Ucan"};throw t.message.indexOf("Expired.")>-1&&(e.code=1,e.message="Expired Ucan"),new Error(e.message)}),{payload:{exp:a}}=e\|\|{payload:{exp:0}},n=1e3a-Date.now(),o=y.setTimeout(()=>this.app.emit("disconnect",i),n);y.clearTimeout(this.expirationTimers.get(i)),this.expirationTimers.set(i,o),i.authentication={strategy:this.name,accessToken:s}}else if("disconnect"===e\|\|n){const{entity:t}=this.configuration;delete i[t],delete i.authentication,y.clearTimeout(this.expirationTimers.get(i)),this.expirationTimers.delete(i)}}verifyConfiguration(){const t=["entity","entityId","service","header","schemes","audience"];for(const e of Object.keys(this.configuration))if(!t.includes(e))throw new Error(`Invalid ucanStrategy option 'authentication.${this.name}.${e}'. Did you mean to set it in 'authentication.jwtOptions'?`);if("string"!=typeof this.configuration.header)throw new Error(`The 'header' option for the ${this.name} strategy must be a string`)}async getEntityQuery(t){return{}}async getEntity(t,i){const a=this.entityService,{entity:n}=this.configuration;if(null===a)throw new w("Could not find entity service");const s=await this.getEntityQuery(i),o=Object.assign({},e(i,"provider"),{query:s}),r=await a.get(t,o);return i.provider?a.get(t,f({},i,{[n]:r})):r}async getEntityId(t,e){let{query:i,loginId:a}=e;if(a)return a;{var n;const{service:t,core_path:a="core"}=this.configuration,s={query:f({},i,{$limit:1}),[a]:f({skipJoins:!0},e[a])},o=await(null==(n=this.app)?void 0:n.service(t).find(f({},s,{skipJoins:!0})));if(o.total)return o.data[0]._id;throw new w("Could not find login associated with this ucan")}}async authenticate(e,n){let{accessToken:s,loginId:o,ucan:r}=e;const{entity:c,core_path:u}=this.configuration;if(!s){if(!r)throw new w("Error generating ucan");s=i(r)}const h=await t(s).catch(t=>{console.log("Could not validate ucan: ",t.message);const e={code:0,message:"Unknown Issue Validating Ucan"};throw t.message.indexOf("Expired.")>-1&&(e.code=1,e.message="Expired Ucan"),new Error(e.message)}),p={accessToken:s,authentication:{strategy:"jwt",accessToken:s}};if(null===c)return p;let l;const d=a(n,[u,c]);if(d)l=d;else{const t=await this.getEntityId(p,f({},n,{loginId:o,query:{did:null==h?void 0:h.payload.aud}}));l=await this.getEntity(t,n)}return f({},p,{[c]:l})}async parse(t){const{header:e,schemes:i}=this.configuration,a=t.headers&&t.headers[e.toLowerCase()];if(!a\|\|"string"!=typeof a)return null;const[,n,s]=a.match(x)\|\|[],o=n&&i.some(t=>new RegExp(t,"i").test(n));return n&&!o?null:{strategy:this.name,accessToken:o?s:a}}}const k=["NotAuthenticated"];class E extends Error{constructor(t){super(t)}}class b extends g{constructor(t,e="authentication",i={}){const{NotAuthenticated:a}=i;super(t,e,m(i,k)),this.options=void 0,this.app=t,this.options={NotAuthenticated:a}}async create(e,r){var c,u;const h=(null==(c=this.options)?void 0:c.NotAuthenticated)\|\|E,{entity:p,service:l,ucan_path:d="ucan"}=this.app.get("authentication"),g=(null==(u=r)?void 0:u.authStrategies)\|\|this.configuration.authStrategies;if(r\|\|(r={}),!g.length)throw new h("No authentication strategies allowed for creating a JWT (`authStrategies`)");const v=await this.authenticate(e,r,...g).catch(t=>{throw new Error(t.message)});if(v.accessToken)return v;const y=e.did\|\|a(v,[p,"did"]);let m=e.ucan\|\|a(v,[p,"ucan"]);if(!y)throw new Error("No did audience provided");if(!m)throw new Error("No ucan provided to authentication call");if(!await t(m).catch(t=>{console.log("Could not validate ucan: ",t.message);const e={code:0,message:"Unknown Issue Validating Ucan"};return t.message.indexOf("Expired.")>-1&&(e.code=1,e.message="Expired Ucan"),console.warn("Could not validate ucan",m,e.message),null})){const t=n(m);let{secret:e}=this.app.get("authentication");const c=s({secretKey:e});m=await o({audience:t.payload.aud,issuer:c,lifetimeInSeconds:5184e3,capabilities:t.payload.att}),r.admin_pass=!0,await this.app.service(l).patch(a(v,[p,"_id"]),{[d]:i(m)},f({},r))}const w=i(m);return f({accessToken:w},v,{authentication:f({},v.authentication,{payload:w})})}}class T{constructor(t,e,i){var a;this.context=void 0,this.service=void 0,this.core=void 0,this.service=t,this.context=e,this.core=f({},null==(a=e.params)?void 0:a.core,i)}async get(t,e={}){var i;const{core_path:a}=this.context.app.get("authentication");return null==(i=this.context.app)?void 0:i.service(this.service).get(t,f({},e,{[a]:this.core}))}async find(t={}){var e;const{core_path:i}=this.context.app.get("authentication");return null==(e=this.context.app)?void 0:e.service(this.service).find(f({},t,{[i]:this.core}))}async create(t,e={}){var i;const{core_path:a}=this.context.app.get("authentication");return null==(i=this.context.app)?void 0:i.service(this.service).create(t,f({},e,{[a]:this.core}))}async patch(t,e,i={}){var a;const{core_path:n}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service).patch(t,e,f({},i,{[n]:this.core}))}async update(t,e,i={}){var a;const{core_path:n}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service).update(t,e,f({},i,{[n]:this.core}))}async remove(t,e={}){var i;const{core_path:a}=this.context.app.get("authentication");return null==(i=this.context.app)?void 0:i.service(this.service).remove(t,f({},e,{[a]:this.core}))}async _get(t,e={}){var i;const{core_path:a}=this.context.app.get("authentication");return null==(i=this.context.app)?void 0:i.service(this.service)._get(t,f({},e,{[a]:this.core}))}async _find(t={}){var e;const{core_path:i}=this.context.app.get("authentication");return null==(e=this.context.app)?void 0:e.service(this.service)._find(f({},t,{[i]:this.core}))}async _create(t,e={}){var i;const{core_path:a}=this.context.app.get("authentication");return null==(i=this.context.app)?void 0:i.service(this.service)._create(t,f({},e,{[a]:this.core}))}async _patch(t,e,i={}){var a;const{core_path:n}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service)._patch(t,e,f({},i,{[n]:this.core}))}async _update(t,e,i={}){var a;const{core_path:n}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service)._update(t,e,f({},i,{[n]:this.core}))}async _remove(t,e={}){var i;const{core_path:a}=this.context.app.get("authentication");return null==(i=this.context.app)?void 0:i.service(this.service)._remove(t,f({},e,{[a]:this.core}))}}const I=["ucan"],j="",C="$",O=async t=>{const e=t.app.get("authentication"),i=a(t,["auth",e.entity]);return i&&(t=r(t,[e.core_path,e.entity],i)),t=await v("jwt")(t).catch(e=>(console.error("got error in no throw auth",e),t))},S=async t=>{const e=t.app.get("authentication"),i=a(t,["auth",e.entity]);return i&&(t=r(t,[e.core_path,e.entity],i)),v("jwt")(t)},A=async t=>{let e={ok:!1,value:[]};const i=async(t,e)=>await c(t,e);for(const n in t){var a;if(null!=(a=e)&&a.ok)break;{const a=t[n],{ucan:s}=a,o=m(a,I);e=await i(s,o)}}return e},U=(t,e,i)=>async n=>{var s;const o=a(n.params,e.client_ucan),r=a(n.params,e.ucan_aud);return o&&r&&null!=i&&null!=(s=i.or)&&s.includes(n.method)?await A((t\|\|[]).map(t=>({ucan:o,audience:r,requiredCapabilities:[t]}))):await c(o,{audience:r,requiredCapabilities:t})},q=(t,e)=>{const i=s({secretKey:e.secret}).did();return(t\|\|[]).map(t=>({capability:Array.isArray(t)?u({with:{scheme:e.defaultScheme,hierPart:e.defaultHierPart},can:{namespace:t[0],segments:"string"==typeof t[1]?[t[1]]:t[1]}},e):u(t,e),rootIssuer:i}))},N=(t,e)=>async i=>{var n;const s=i.app.get("authentication");if("$"===t)return await O(i);if(i=await S(i),""===t)return i;if(((null==e?void 0:e.adminPass)\|\|[]).includes(i.method)&&(a(i.params,"admin_pass")\|\|a(i.params,[s.core_path,"admin_pass"])))return i;let o={ok:!1,value:[]};const c=q(t,s);if(c.length?o=await U(c,s,e)(i):o.ok=!0,null!=(n=o)&&n.ok)return i;{var u;const{creatorPass:t,loginPass:n}=e\|\|{creatorPass:!1};if(t&&(""===t\|\|t.includes(i.method))\|\|null!=n&&n.length&&(""===n[1]\|\|n[1].includes(i.method))){const e=await new T(i.path,i,{skipJoins:!0}).get(i.id);if(t)o.ok=a(e,["createdBy",s.entity])===(a(i,[s.entity,"_id"])\|\|"**");else if(n){const t=h((n[0]\|\|[]).map(t=>a(e,t)).map(t=>Array.isArray(t)?t:[t])),r=a(i.params,[s.entity,"_id"]),c=t.filter(t=>!!t);o.ok=c.map(t=>String(t)).includes(String(r))}}if(null==(u=o)\|\|!u.ok){let t=!1;c.forEach((e,i)=>{const n=(a(e,"capability.can.namespace")\|\|"").split(":");n[1]&&(e=r(e,"capability.can.namespace",n[0]),t=!0)}),t&&(o=await U(c,s,e)(i))}if(o.ok)return i;throw console.error("Ucan capabilities requirements not met: ",o,i.type,i.path),new Error("Missing proper capabilities for this action: "+i.type+": "+i.path+" - "+i.method)}},P=(t,e)=>async i=>{const n=i.app.get("authentication"),s=a(i,["auth",n.entity]);if(s&&(i=r(i,[n.core_path,n.entity],s)),"before"===i.type){const{method:a}=i;return t[a]\|\|t.all?await N(t[a]\|\|t.all,e)(i):i}return i},J=()=>async e=>{const{add:r=[],remove:u=[]}=e.data;if(!(null!=r&&r.length\|\|null!=u&&u.length))throw new Error("No new capabilities passed");const{secret:h,ucan_aud:d,entity:g,ucan:v}=e.app.get("authentication"),y=s({secretKey:h}).did(),m=p([...r,...u]),w=await c(a(e.params,[g,v]),{audience:a(e.params,d),requiredCapabilities:m.map(t=>({capability:t,rootIssuer:y}))});if(null==w\|\|!w.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");const x=e.id,_=e.data.service\|\|"logins",k=e.data.path\|\|"ucan",E=await new T(_,e,{skipJoins:!0}).get(x),b=n(a(E,k)),{aud:I,att:j,prf:C}=b.payload;let O=[...j];null!=u&&u.length&&(O=l(u,j)),null!=r&&r.length&&(O=p([...j,...r]));const S=await o(f({issuer:s({secretKey:h}),audience:I,lifetimeInSeconds:5184e3,proofs:C},e.data,{capabilities:O})),A=i(S);if(!await t(A))throw new Error("Invalid ucan generated when updating");const U=await new T(_,e).patch(x,{[k]:A});return e.result={raw:e.data,encoded:A,subject:U},e};export{b as AuthService,T as CoreCall,E as NotAuthError,_ as UcanStrategy,P as allUcanAuth,j as anyAuth,S as bareAuth,q as modelCapabilities,C as noThrow,O as noThrowAuth,A as orVerifyLoop,N as ucanAuth,J as updateUcan,U as verifyAgainstReqs};
1	+ import{validateUcan as t,_unset as e,ucanToken as a,_get as i,parseUcan as n,encodeKeyPair as s,buildUcan as o,_set as r,verifyUcan as c,genCapability as u,_flatten as h,stackAbilities as p,reduceAbilities as l}from"symbol-ucan";import{AuthenticationBaseStrategy as d,AuthenticationService as g,authenticate as v}from"@feathersjs/authentication";import y from"long-timeout";function m(){return m=Object.assign?Object.assign.bind():function(t){for(var e=1;e<arguments.length;e++){var a=arguments[e];for(var i in a)Object.prototype.hasOwnProperty.call(a,i)&&(t[i]=a[i])}return t},m.apply(this,arguments)}function f(t,e){if(null==t)return{};var a,i,n={},s=Object.keys(t);for(i=0;i<s.length;i++)e.indexOf(a=s[i])>=0\|\|(n[a]=t[a]);return n}class w extends Error{constructor(t){super(t)}}const x=/(\S+)\s+(\S+)/;class _ extends d{constructor(...t){super(...t),this.expirationTimers=new WeakMap}setAuthentication(t){t.verifyAccessToken=t=>({}),super.authentication=t}get configuration(){var t;const e=(null==(t=this.authentication)?void 0:t.configuration)\|\|{service:void 0,entity:void 0,entityId:void 0};return m({service:e.service,entity:e.entity,entityId:e.entityId,header:"Authorization",schemes:["Bearer","JWT"]},super.configuration)}async handleConnection(e,a,i){const n="logout"===e&&a.authentication&&i&&a.authentication.accessToken===i.accessToken,{accessToken:s}=i\|\|{};if(s&&"login"===e){const e=await t(s).catch(t=>{console.log("Could not validate ucan: ",t.message);const e={code:0,message:"Unknown Issue Validating Ucan"};throw t.message.indexOf("Expired.")>-1&&(e.code=1,e.message="Expired Ucan"),new Error(e.message)}),{payload:{exp:i}}=e\|\|{payload:{exp:0}},n=1e3i-Date.now(),o=y.setTimeout(()=>this.app.emit("disconnect",a),n);y.clearTimeout(this.expirationTimers.get(a)),this.expirationTimers.set(a,o),a.authentication={strategy:this.name,accessToken:s}}else if("disconnect"===e\|\|n){const{entity:t}=this.configuration;delete a[t],delete a.authentication,y.clearTimeout(this.expirationTimers.get(a)),this.expirationTimers.delete(a)}}verifyConfiguration(){const t=["entity","entityId","service","header","schemes","audience"];for(const e of Object.keys(this.configuration))if(!t.includes(e))throw new Error(`Invalid ucanStrategy option 'authentication.${this.name}.${e}'. Did you mean to set it in 'authentication.jwtOptions'?`);if("string"!=typeof this.configuration.header)throw new Error(`The 'header' option for the ${this.name} strategy must be a string`)}async getEntityQuery(t){return{}}async getEntity(t,a){const i=this.entityService,{entity:n}=this.configuration;if(null===i)throw new w("Could not find entity service");const s=await this.getEntityQuery(a),o=Object.assign({},e(a,"provider"),{query:s}),r=await i.get(t,o);return a.provider?i.get(t,m({},a,{[n]:r})):r}async getEntityId(t,e){let{query:a,loginId:i}=e;if(i)return i;{var n;const{service:t,core_path:i="core"}=this.configuration,s={query:m({},a,{$limit:1}),[i]:m({skipJoins:!0},e[i])},o=await(null==(n=this.app)?void 0:n.service(t).find(m({},s,{skipJoins:!0})));if(o.total)return o.data[0]._id;throw new w("Could not find login associated with this ucan")}}async authenticate(e,n){let{accessToken:s,loginId:o,ucan:r}=e;const{entity:c,core_path:u}=this.configuration;if(!s){if(!r)throw new w("Error generating ucan");s=a(r)}const h=await t(s).catch(t=>{console.log("Could not validate ucan: ",t.message);const e={code:0,message:"Unknown Issue Validating Ucan"};throw t.message.indexOf("Expired.")>-1&&(e.code=1,e.message="Expired Ucan"),new Error(e.message)}),p={accessToken:s,authentication:{strategy:"jwt",accessToken:s}};if(null===c)return p;let l;const d=i(n,[u,c]);if(d)l=d;else{const t=await this.getEntityId(p,m({},n,{loginId:o,query:{did:null==h?void 0:h.payload.aud}}));l=await this.getEntity(t,n)}return m({},p,{[c]:l})}async parse(t){const{header:e,schemes:a}=this.configuration,i=t.headers&&t.headers[e.toLowerCase()];if(!i\|\|"string"!=typeof i)return null;const[,n,s]=i.match(x)\|\|[],o=n&&a.some(t=>new RegExp(t,"i").test(n));return n&&!o?null:{strategy:this.name,accessToken:o?s:i}}}const k=["NotAuthenticated"];class E extends Error{constructor(t){super(t)}}class b extends g{constructor(t,e="authentication",a={}){const{NotAuthenticated:i}=a;super(t,e,f(a,k)),this.options=void 0,this.app=t,this.options={NotAuthenticated:i}}async create(e,r){var c,u;const h=(null==(c=this.options)?void 0:c.NotAuthenticated)\|\|E,{entity:p,service:l,ucan_path:d="ucan"}=this.app.get("authentication"),g=(null==(u=r)?void 0:u.authStrategies)\|\|this.configuration.authStrategies;if(r\|\|(r={}),!g.length)throw new h("No authentication strategies allowed for creating a JWT (`authStrategies`)");const v=await this.authenticate(e,r,...g).catch(t=>{throw new Error(t.message)});if(v.accessToken)return v;const y=e.did\|\|i(v,[p,"did"]);let f=e.ucan\|\|i(v,[p,"ucan"]);if(!y)throw new Error("No did audience provided");if(!f)throw new Error("No ucan provided to authentication call");if(!await t(f).catch(t=>{console.log("Could not validate ucan: ",t.message);const e={code:0,message:"Unknown Issue Validating Ucan"};return t.message.indexOf("Expired.")>-1&&(e.code=1,e.message="Expired Ucan"),console.warn("Could not validate ucan",f,e.message),null})){const t=n(f);let{secret:e}=this.app.get("authentication");const c=s({secretKey:e});f=await o({audience:t.payload.aud,issuer:c,lifetimeInSeconds:5184e3,capabilities:t.payload.att}),r.admin_pass=!0,await this.app.service(l).patch(i(v,[p,"_id"]),{[d]:a(f)},m({},r))}const w=a(f);return m({accessToken:w},v,{authentication:m({},v.authentication,{payload:w})})}}class T{constructor(t,e,a){var i;this.context=void 0,this.service=void 0,this.core=void 0,this.service=t,this.context=e,this.core=m({},null==(i=e.params)?void 0:i.core,a)}async get(t,e={}){var a;const{core_path:i}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service).get(t,m({},e,{[i]:this.core}))}async find(t={}){var e;const{core_path:a}=this.context.app.get("authentication");return null==(e=this.context.app)?void 0:e.service(this.service).find(m({},t,{[a]:this.core}))}async create(t,e={}){var a;const{core_path:i}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service).create(t,m({},e,{[i]:this.core}))}async patch(t,e,a={}){var i;const{core_path:n}=this.context.app.get("authentication");return null==(i=this.context.app)?void 0:i.service(this.service).patch(t,e,m({},a,{[n]:this.core}))}async update(t,e,a={}){var i;const{core_path:n}=this.context.app.get("authentication");return null==(i=this.context.app)?void 0:i.service(this.service).update(t,e,m({},a,{[n]:this.core}))}async remove(t,e={}){var a;const{core_path:i}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service).remove(t,m({},e,{[i]:this.core}))}async _get(t,e={}){var a;const{core_path:i}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service)._get(t,m({},e,{[i]:this.core}))}async _find(t={}){var e;const{core_path:a}=this.context.app.get("authentication");return null==(e=this.context.app)?void 0:e.service(this.service)._find(m({},t,{[a]:this.core}))}async _create(t,e={}){var a;const{core_path:i}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service)._create(t,m({},e,{[i]:this.core}))}async _patch(t,e,a={}){var i;const{core_path:n}=this.context.app.get("authentication");return null==(i=this.context.app)?void 0:i.service(this.service)._patch(t,e,m({},a,{[n]:this.core}))}async _update(t,e,a={}){var i;const{core_path:n}=this.context.app.get("authentication");return null==(i=this.context.app)?void 0:i.service(this.service)._update(t,e,m({},a,{[n]:this.core}))}async _remove(t,e={}){var a;const{core_path:i}=this.context.app.get("authentication");return null==(a=this.context.app)?void 0:a.service(this.service)._remove(t,m({},e,{[i]:this.core}))}}const I="_exists",j=t=>{const e=t.app.get("existsPath")\|\|I;return t.params?t.params[`${e}:${t.path}`]:void 0},C=async t=>{let e=j(t);return!e&&t.id&&(e=await new T(t.path,t,{skipJoins:!0}).get(t.id,{admin_pass:!0})),e},O=(t,e)=>{const a=t.app.get("existsPath")\|\|I;return t.params[`${a}:${t.path}`]=e,t},S=["ucan"],A="",U="$",$=async t=>{const e=t.app.get("authentication"),a=i(t,["auth",e.entity]);return a&&(t=r(t,[e.core_path,e.entity],a)),t=await v("jwt")(t).catch(e=>(console.error("got error in no throw auth",e),t))},P=async t=>{const e=t.app.get("authentication"),a=i(t,["auth",e.entity]);return a&&(t=r(t,[e.core_path,e.entity],a)),v("jwt")(t)},q=async t=>{let e={ok:!1,value:[]};const a=async(t,e)=>await c(t,e);for(const n in t){var i;if(null!=(i=e)&&i.ok)break;{const i=t[n],{ucan:s}=i,o=f(i,S);e=await a(s,o)}}return e},N=(t,e,a)=>async n=>{var s;const o=i(n.params,e.client_ucan),r=i(n.params,e.ucan_aud);return o&&r&&null!=a&&null!=(s=a.or)&&s.includes(n.method)?await q((t\|\|[]).map(t=>({ucan:o,audience:r,requiredCapabilities:[t]}))):await c(o,{audience:r,requiredCapabilities:t})},J=(t,e)=>{const a=s({secretKey:e.secret}).did();return(t\|\|[]).map(t=>({capability:Array.isArray(t)?u({with:{scheme:e.defaultScheme,hierPart:e.defaultHierPart},can:{namespace:t[0],segments:"string"==typeof t[1]?[t[1]]:t[1]}},e):u(t,e),rootIssuer:a}))},K=(t,e)=>async a=>{var n;const s=a.app.get("authentication");if("$"===t)return await $(a);if(a=await P(a),""===t)return a;if(((null==e?void 0:e.adminPass)\|\|[]).includes(a.method)&&(i(a.params,"admin_pass")\|\|i(a.params,[s.core_path,"admin_pass"])))return a;let o={ok:!1,value:[]};const c=J(t,s);if(c.length?o=await N(c,s,e)(a):o.ok=!0,null!=(n=o)&&n.ok)return a;{var u;const{creatorPass:t,loginPass:n}=e\|\|{creatorPass:!1};if(t&&(""===t\|\|t.includes(a.method))\|\|null!=n&&n.length&&(""===n[1]\|\|n[1].includes(a.method))){const e=await C(a);if(t)o.ok=i(e,["createdBy",s.entity])===(i(a,[s.entity,"_id"])\|\|"**");else if(n){const t=h((n[0]\|\|[]).map(t=>i(e,t)).map(t=>Array.isArray(t)?t:[t])),r=i(a.params,[s.entity,"_id"]),c=t.filter(t=>!!t);o.ok=c.map(t=>String(t)).includes(String(r))}}if(null==(u=o)\|\|!u.ok){let t=!1;c.forEach((e,a)=>{const n=(i(e,"capability.can.namespace")\|\|"").split(":");n[1]&&(e=r(e,"capability.can.namespace",n[0]),t=!0)}),t&&(o=await N(c,s,e)(a))}if(o.ok)return a;throw console.error("Ucan capabilities requirements not met: ",o,a.type,a.path),new Error("Missing proper capabilities for this action: "+a.type+": "+a.path+" - "+a.method)}},V=(t,e)=>async a=>{const n=a.app.get("authentication"),s=i(a,["auth",n.entity]);if(s&&(a=r(a,[n.core_path,n.entity],s)),"before"===a.type){const{method:i}=a;return t[i]\|\|t.all?await K(t[i]\|\|t.all,e)(a):a}return a},W=()=>async e=>{const{add:r=[],remove:u=[]}=e.data;if(!(null!=r&&r.length\|\|null!=u&&u.length))throw new Error("No new capabilities passed");const{secret:h,ucan_aud:d,entity:g,ucan:v}=e.app.get("authentication"),y=s({secretKey:h}).did(),f=p([...r,...u]),w=await c(i(e.params,[g,v]),{audience:i(e.params,d),requiredCapabilities:f.map(t=>({capability:t,rootIssuer:y}))});if(null==w\|\|!w.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");const x=e.id,_=e.data.service\|\|"logins",k=e.data.path\|\|"ucan",E=await new T(_,e,{skipJoins:!0}).get(x),b=n(i(E,k)),{aud:I,att:j,prf:C}=b.payload;let O=[...j];null!=u&&u.length&&(O=l(u,j)),null!=r&&r.length&&(O=p([...j,...r]));const S=await o(m({issuer:s({secretKey:h}),audience:I,lifetimeInSeconds:5184e3,proofs:C},e.data,{capabilities:O})),A=a(S);if(!await t(A))throw new Error("Invalid ucan generated when updating");const U=await new T(_,e).patch(x,{[k]:A});return e.result={raw:e.data,encoded:A,subject:U},e};export{b as AuthService,T as CoreCall,E as NotAuthError,_ as UcanStrategy,V as allUcanAuth,A as anyAuth,P as bareAuth,I as existsPath,j as getExists,C as loadExists,J as modelCapabilities,U as noThrow,$ as noThrowAuth,q as orVerifyLoop,O as setExists,K as ucanAuth,W as updateUcan,N as verifyAgainstReqs};

package/lib/index.module.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{validateUcan as e,_unset as t,ucanToken as n,_get as r,parseUcan as i,encodeKeyPair as o,buildUcan as a,_set as c,verifyUcan as u,genCapability as s,_flatten as l,stackAbilities as h,reduceAbilities as f}from"symbol-ucan";import{AuthenticationBaseStrategy as p,AuthenticationService as v,authenticate as d}from"@feathersjs/authentication";import m from"long-timeout";function y(){return y=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},y.apply(this,arguments)}function g(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,w(e,t)}function P(e){return P=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__\|\|Object.getPrototypeOf(e)},P(e)}function w(e,t){return w=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},w(e,t)}function b(e,t,n){return b=function(){if("undefined"==typeof Reflect\|\|!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,n){var r=[null];r.push.apply(r,t);var i=new(Function.bind.apply(e,r));return n&&w(i,n.prototype),i},b.apply(null,arguments)}function j(e){var t="function"==typeof Map?new Map:void 0;return j=function(e){if(null===e\|\|!function(e){try{return-1!==Function.toString.call(e).indexOf("[native code]")}catch(t){return"function"==typeof e}}(e))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,n)}function n(){return b(e,arguments,P(this).constructor)}return n.prototype=Object.create(e.prototype,{constructor:{value:n,enumerable:!1,writable:!0,configurable:!0}}),w(n,e)},j(e)}function _(e,t){if(null==e)return{};var n,r,i={},o=Object.keys(e);for(r=0;r<o.length;r++)t.indexOf(n=o[r])>=0\|\|(i[n]=e[n]);return i}var x=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return g(t,e),t}(/#__PURE__/j(Error)),k=/(\S+)\s+(\S+)/,E=/#__PURE__/function(i){function o(){for(var e,t=arguments.length,n=new Array(t),r=0;r<t;r++)n[r]=arguments[r];return(e=i.call.apply(i,[this].concat(n))\|\|this).expirationTimers=new WeakMap,e}g(o,i);var a,c,u=o.prototype;return u.setAuthentication=function(e){e.verifyAccessToken=function(e){return{}},this.authentication=e},u.handleConnection=function(t,n,r){try{var i=this,o="logout"===t&&n.authentication&&r&&n.authentication.accessToken===r.accessToken,a=(r\|\|{}).accessToken,c=function(){if(a&&"login"===t)return Promise.resolve(e(a).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){var t=1e3(e\|\|{payload:{exp:0}}).payload.exp-Date.now(),r=m.setTimeout(function(){return i.app.emit("disconnect",n)},t);m.clearTimeout(i.expirationTimers.get(n)),i.expirationTimers.set(n,r),n.authentication={strategy:i.name,accessToken:a}});("disconnect"===t\|\|o)&&(delete n[i.configuration.entity],delete n.authentication,m.clearTimeout(i.expirationTimers.get(n)),i.expirationTimers.delete(n))}();return Promise.resolve(c&&c.then?c.then(function(){}):void 0)}catch(e){return Promise.reject(e)}},u.verifyConfiguration=function(){for(var e=["entity","entityId","service","header","schemes","audience"],t=0,n=Object.keys(this.configuration);t<n.length;t++){var r=n[t];if(!e.includes(r))throw new Error("Invalid ucanStrategy option 'authentication."+this.name+"."+r+"'. Did you mean to set it in 'authentication.jwtOptions'?")}if("string"!=typeof this.configuration.header)throw new Error("The 'header' option for the "+this.name+" strategy must be a string")},u.getEntityQuery=function(e){return Promise.resolve({})},u.getEntity=function(e,n){try{var r=this,i=r.entityService,o=r.configuration.entity;if(null===i)throw new x("Could not find entity service");return Promise.resolve(r.getEntityQuery(n)).then(function(r){var a=Object.assign({},t(n,"provider"),{query:r});return Promise.resolve(i.get(e,a)).then(function(t){var r;return n.provider?i.get(e,y({},n,((r={})[o]=t,r))):t})})}catch(e){return Promise.reject(e)}},u.getEntityId=function(e,t){try{var n=t.query,r=t.loginId;if(r)return Promise.resolve(r);var i,o,a=this.configuration,c=a.service,u=a.core_path,s=void 0===u?"core":u,l=((i={query:y({},n,{$limit:1})})[s]=y({skipJoins:!0},t[s]),i);return Promise.resolve(null==(o=this.app)?void 0:o.service(c).find(y({},l,{skipJoins:!0}))).then(function(e){if(e.total)return e.data[0]._id;throw new x("Could not find login associated with this ucan")})}catch(e){return Promise.reject(e)}},u.authenticate=function(t,i){try{var o=this,a=t.accessToken,c=t.loginId,u=t.ucan,s=o.configuration,l=s.entity,h=s.core_path;if(!a){if(!u)throw new x("Error generating ucan");a=n(u)}return Promise.resolve(e(a).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){function t(){var e;return y({},u,((e={})[l]=n,e))}var n,u={accessToken:a,authentication:{strategy:"jwt",accessToken:a}};if(null===l)return u;var s=r(i,[h,l]),f=function(){if(!s)return Promise.resolve(o.getEntityId(u,y({},i,{loginId:c,query:{did:null==e?void 0:e.payload.aud}}))).then(function(e){return Promise.resolve(o.getEntity(e,i)).then(function(e){n=e})});n=s}();return f&&f.then?f.then(t):t()})}catch(e){return Promise.reject(e)}},u.parse=function(e){try{var t=this.configuration,n=t.schemes,r=e.headers&&e.headers[t.header.toLowerCase()];if(!r\|\|"string"!=typeof r)return Promise.resolve(null);var i=r.match(k)\|\|[],o=i[1],a=i[2],c=o&&n.some(function(e){return new RegExp(e,"i").test(o)});return Promise.resolve(o&&!c?null:{strategy:this.name,accessToken:c?a:r})}catch(e){return Promise.reject(e)}},a=o,(c=[{key:"configuration",get:function(){var e,t=(null==(e=this.authentication)?void 0:e.configuration)\|\|{service:void 0,entity:void 0,entityId:void 0};return y({service:t.service,entity:t.entity,entityId:t.entityId,header:"Authorization",schemes:["Bearer","JWT"]},i.prototype.configuration)}}])&&function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,"symbol"==typeof(i=function(e,t){if("object"!=typeof e\|\|null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,"string");if("object"!=typeof r)return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(r.key))?i:String(i),r)}var i}(a.prototype,c),Object.defineProperty(a,"prototype",{writable:!1}),o}(p),O=["NotAuthenticated"],T=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return g(t,e),t}(/#__PURE__/j(Error)),I=/#__PURE__/function(t){function c(e,n,r){var i;void 0===n&&(n="authentication"),void 0===r&&(r={});var o=r.NotAuthenticated,a=_(r,O);return(i=t.call(this,e,n,a)\|\|this).options=void 0,i.app=e,i.options={NotAuthenticated:o},i}return g(c,t),c.prototype.create=function(t,c){try{var u,s,l=this,h=(null==(u=l.options)?void 0:u.NotAuthenticated)\|\|T,f=l.app.get("authentication"),p=f.entity,v=f.service,d=f.ucan_path,m=void 0===d?"ucan":d,g=(null==(s=c)?void 0:s.authStrategies)\|\|l.configuration.authStrategies;if(c\|\|(c={}),!g.length)throw new h("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(l.authenticate.apply(l,[t,c].concat(g)).catch(function(e){throw new Error(e.message)})).then(function(u){if(u.accessToken)return u;var s=t.did\|\|r(u,[p,"did"]),h=t.ucan\|\|r(u,[p,"ucan"]);if(!s)throw new Error("No did audience provided");if(!h)throw new Error("No ucan provided to authentication call");return Promise.resolve(e(h).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan",h,t.message),null})).then(function(e){function t(){var e=n(h);return y({accessToken:e},u,{authentication:y({},u.authentication,{payload:e})})}var s=function(){if(!e){var t=i(h),s=l.app.get("authentication"),f=o({secretKey:s.secret});return Promise.resolve(a({audience:t.payload.aud,issuer:f,lifetimeInSeconds:5184e3,capabilities:t.payload.att})).then(function(e){var t;return h=e,c.admin_pass=!0,Promise.resolve(l.app.service(v).patch(r(u,[p,"_id"]),(t={},t[m]=n(h),t),y({},c))).then(function(){})})}}();return s&&s.then?s.then(t):t()})})}catch(e){return Promise.reject(e)}},c}(v),S=/#__PURE__/function(){function e(e,t,n){var r;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=y({},null==(r=t.params)?void 0:r.core,n)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).get(e,y({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,n,r=this,i=r.context.app.get("authentication").core_path;return Promise.resolve(null==(t=r.context.app)?void 0:t.service(r.service).find(y({},e,((n={})[i]=r.core,n))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).create(e,y({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).patch(e,t,y({},n,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).update(e,t,y({},n,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).remove(e,y({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._get(e,y({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,n,r=this,i=r.context.app.get("authentication").core_path;return Promise.resolve(null==(t=r.context.app)?void 0:t.service(r.service)._find(y({},e,((n={})[i]=r.core,n))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._create(e,y({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._patch(e,t,y({},n,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._update(e,t,y({},n,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._remove(e,y({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},e}(),A=["ucan"];function C(e,t,n){if(!e.s){if(n instanceof U){if(!n.s)return void(n.o=C.bind(null,e,t));1&t&&(t=n.s),n=n.v}if(n&&n.then)return void n.then(C.bind(null,e,t),C.bind(null,e,2));e.s=t,e.v=n;var r=e.o;r&&r(e)}}const U=/#__PURE__/function(){function e(){}return e.prototype.then=function(t,n){const r=new e,i=this.s;if(i){const e=1&i?t:n;if(e){try{C(r,1,e(this.v))}catch(e){C(r,2,e)}return r}return this}return this.o=function(e){try{const i=e.v;1&e.s?C(r,1,t?t(i):i):n?C(r,1,n(i)):C(r,2,i)}catch(e){C(r,2,e)}},r},e}();var q="",N="$",J=function(e){try{var t=e.app.get("authentication"),n=r(e,["auth",t.entity]);return n&&(e=c(e,[t.core_path,t.entity],n)),Promise.resolve(d("jwt")(e).catch(function(t){return console.error("got error in no throw auth",t),e})).then(function(t){return e=t})}catch(e){return Promise.reject(e)}},R=function(e){try{var t=e.app.get("authentication"),n=r(e,["auth",t.entity]);return n&&(e=c(e,[t.core_path,t.entity],n)),Promise.resolve(d("jwt")(e))}catch(e){return Promise.reject(e)}},B=function(e){try{var t,n={ok:!1,value:[]},r=function(r,i,o){var a=[];for(var c in r)a.push(c);return function(e,t,n){var r,i,o=-1;return function a(c){try{for(;++o<e.length&&(!n\|\|!n());)if((c=t(o))&&c.then){if(!((u=c)instanceof U&&1&u.s))return void c.then(a,i\|\|(i=C.bind(null,r=new U,2)));c=c.v}r?C(r,1,c):r=c}catch(e){C(r\|\|(r=new U),2,e)}var u}(),r}(a,function(r){return function(r){var i=function(i){if(null==(i=n)\|\|!i.ok){var o=e[r],a=o.ucan,c=_(o,A);return Promise.resolve(function(e,t){try{return Promise.resolve(u(e,t))}catch(e){return Promise.reject(e)}}(a,c)).then(function(e){n=e})}t=1}();if(i&&i.then)return i.then(function(){})}(a[r])},function(){return t})}(e);return Promise.resolve(r&&r.then?r.then(function(){return n}):n)}catch(e){return Promise.reject(e)}},K=function(e,t,n){return function(i){try{var o,a=r(i.params,t.client_ucan),c=r(i.params,t.ucan_aud);return a&&c&&null!=n&&null!=(o=n.or)&&o.includes(i.method)?Promise.resolve(B((e\|\|[]).map(function(e){return{ucan:a,audience:c,requiredCapabilities:[e]}}))):Promise.resolve(u(a,{audience:c,requiredCapabilities:e}))}catch(e){return Promise.reject(e)}}},M=function(e,t){var n=o({secretKey:t.secret}).did();return(e\|\|[]).map(function(e){return{capability:Array.isArray(e)?s({with:{scheme:t.defaultScheme,hierPart:t.defaultHierPart},can:{namespace:e[0],segments:"string"==typeof e[1]?[e[1]]:e[1]}},t):s(e,t),rootIssuer:n}})},V=function(e,t){return function(n){try{var i,o=function(o){return i?o:Promise.resolve(R(n)).then(function(i){function o(){var e;if(null!=(e=u)&&e.ok)return n;var i=function(){function e(){if(u.ok)return n;throw console.error("Ucan capabilities requirements not met: ",u,n.type,n.path),new Error("Missing proper capabilities for this action: "+n.type+": "+n.path+" - "+n.method)}var i=function(e){if(null==(e=u)\|\|!e.ok){var i=!1,o=[];s.forEach(function(e,t){var n=(r(e,"capability.can.namespace")\|\|"").split(":");n[1]&&(e=c(e,"capability.can.namespace",n[0]),i=!0),o.push(e)});var l=function(){if(i)return Promise.resolve(K(s,a,t)(n)).then(function(e){u=e})}();if(l&&l.then)return l.then(function(){})}}();return i&&i.then?i.then(e):e()},o=t\|\|{creatorPass:!1},h=o.creatorPass,f=o.loginPass,p=function(){if(h&&(""===h\|\|h.includes(n.method))\|\|null!=f&&f.length&&(""===f[1]\|\|f[1].includes(n.method)))return Promise.resolve(new S(n.path,n,{skipJoins:!0}).get(n.id)).then(function(e){if(h)u.ok=r(e,["createdBy",a.entity])===(r(n,[a.entity,"_id"])\|\|"**");else if(f){var t=l((f[0]\|\|[]).map(function(t){return r(e,t)}).map(function(e){return Array.isArray(e)?e:[e]})),i=r(n.params,[a.entity,"_id"]),o=t.filter(function(e){return!!e});u.ok=o.map(function(e){return String(e)}).includes(String(i))}})}();return p&&p.then?p.then(i):i()}if(n=i,""===e)return n;if(((null==t?void 0:t.adminPass)\|\|[]).includes(n.method)&&(r(n.params,"admin_pass")\|\|r(n.params,[a.core_path,"admin_pass"])))return n;var u={ok:!1,value:[]},s=M(e,a),h=function(){if(s.length)return Promise.resolve(K(s,a,t)(n)).then(function(e){u=e});u.ok=!0}();return h&&h.then?h.then(o):o()})},a=n.app.get("authentication"),u=function(){if("$"===e)return Promise.resolve(J(n)).then(function(e){return i=1,e})}();return Promise.resolve(u&&u.then?u.then(o):o(u))}catch(e){return Promise.reject(e)}}},W=function(e,t){return function(n){try{var i=n.app.get("authentication"),o=r(n,["auth",i.entity]);if(o&&(n=c(n,[i.core_path,i.entity],o)),"before"===n.type){var a=n.method;return Promise.resolve(e[a]\|\|e.all?V(e[a]\|\|e.all,t)(n):n)}return Promise.resolve(n)}catch(e){return Promise.reject(e)}}},$=function(){return function(t){try{var c=t.data,s=c.add,l=void 0===s?[]:s,p=c.remove,v=void 0===p?[]:p;if(!(null!=l&&l.length\|\|null!=v&&v.length))throw new Error("No new capabilities passed");var d=t.app.get("authentication"),m=d.secret,g=d.ucan_aud,P=d.entity,w=d.ucan,b=o({secretKey:m}).did(),j=h([].concat(l,v));return Promise.resolve(u(r(t.params,[P,w]),{audience:r(t.params,g),requiredCapabilities:j.map(function(e){return{capability:e,rootIssuer:b}})})).then(function(c){if(null==c\|\|!c.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var u=t.id,s=t.data.service\|\|"logins",p=t.data.path\|\|"ucan";return Promise.resolve(new S(s,t,{skipJoins:!0}).get(u)).then(function(c){var d=i(r(c,p)).payload,g=d.aud,P=d.att,w=d.prf,b=[].concat(P);return null!=v&&v.length&&(b=f(v,P)),null!=l&&l.length&&(b=h([].concat(P,l))),Promise.resolve(a(y({issuer:o({secretKey:m}),audience:g,lifetimeInSeconds:5184e3,proofs:w},t.data,{capabilities:b}))).then(function(r){var i=n(r);return Promise.resolve(e(i)).then(function(e){var n;if(!e)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new S(s,t).patch(u,(n={},n[p]=i,n))).then(function(e){return t.result={raw:t.data,encoded:i,subject:e},t})})})})})}catch(e){return Promise.reject(e)}}};export{I as AuthService,S as CoreCall,T as NotAuthError,E as UcanStrategy,W as allUcanAuth,q as anyAuth,R as bareAuth,M as modelCapabilities,N as noThrow,J as noThrowAuth,B as orVerifyLoop,V as ucanAuth,$ as updateUcan,K as verifyAgainstReqs};
1	+ import{validateUcan as e,_unset as t,ucanToken as r,_get as n,parseUcan as i,encodeKeyPair as o,buildUcan as a,_set as c,verifyUcan as u,genCapability as s,_flatten as h,stackAbilities as l,reduceAbilities as f}from"symbol-ucan";import{AuthenticationBaseStrategy as p,AuthenticationService as v,authenticate as d}from"@feathersjs/authentication";import m from"long-timeout";function y(){return y=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var n in r)Object.prototype.hasOwnProperty.call(r,n)&&(e[n]=r[n])}return e},y.apply(this,arguments)}function g(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,w(e,t)}function P(e){return P=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__\|\|Object.getPrototypeOf(e)},P(e)}function w(e,t){return w=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},w(e,t)}function b(e,t,r){return b=function(){if("undefined"==typeof Reflect\|\|!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,r){var n=[null];n.push.apply(n,t);var i=new(Function.bind.apply(e,n));return r&&w(i,r.prototype),i},b.apply(null,arguments)}function x(e){var t="function"==typeof Map?new Map:void 0;return x=function(e){if(null===e\|\|!function(e){try{return-1!==Function.toString.call(e).indexOf("[native code]")}catch(t){return"function"==typeof e}}(e))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return b(e,arguments,P(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),w(r,e)},x(e)}function _(e,t){if(null==e)return{};var r,n,i={},o=Object.keys(e);for(n=0;n<o.length;n++)t.indexOf(r=o[n])>=0\|\|(i[r]=e[r]);return i}var j=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return g(t,e),t}(/#__PURE__/x(Error)),k=/(\S+)\s+(\S+)/,E=/#__PURE__/function(i){function o(){for(var e,t=arguments.length,r=new Array(t),n=0;n<t;n++)r[n]=arguments[n];return(e=i.call.apply(i,[this].concat(r))\|\|this).expirationTimers=new WeakMap,e}g(o,i);var a,c,u=o.prototype;return u.setAuthentication=function(e){e.verifyAccessToken=function(e){return{}},this.authentication=e},u.handleConnection=function(t,r,n){try{var i=this,o="logout"===t&&r.authentication&&n&&r.authentication.accessToken===n.accessToken,a=(n\|\|{}).accessToken,c=function(){if(a&&"login"===t)return Promise.resolve(e(a).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){var t=1e3(e\|\|{payload:{exp:0}}).payload.exp-Date.now(),n=m.setTimeout(function(){return i.app.emit("disconnect",r)},t);m.clearTimeout(i.expirationTimers.get(r)),i.expirationTimers.set(r,n),r.authentication={strategy:i.name,accessToken:a}});("disconnect"===t\|\|o)&&(delete r[i.configuration.entity],delete r.authentication,m.clearTimeout(i.expirationTimers.get(r)),i.expirationTimers.delete(r))}();return Promise.resolve(c&&c.then?c.then(function(){}):void 0)}catch(e){return Promise.reject(e)}},u.verifyConfiguration=function(){for(var e=["entity","entityId","service","header","schemes","audience"],t=0,r=Object.keys(this.configuration);t<r.length;t++){var n=r[t];if(!e.includes(n))throw new Error("Invalid ucanStrategy option 'authentication."+this.name+"."+n+"'. Did you mean to set it in 'authentication.jwtOptions'?")}if("string"!=typeof this.configuration.header)throw new Error("The 'header' option for the "+this.name+" strategy must be a string")},u.getEntityQuery=function(e){return Promise.resolve({})},u.getEntity=function(e,r){try{var n=this,i=n.entityService,o=n.configuration.entity;if(null===i)throw new j("Could not find entity service");return Promise.resolve(n.getEntityQuery(r)).then(function(n){var a=Object.assign({},t(r,"provider"),{query:n});return Promise.resolve(i.get(e,a)).then(function(t){var n;return r.provider?i.get(e,y({},r,((n={})[o]=t,n))):t})})}catch(e){return Promise.reject(e)}},u.getEntityId=function(e,t){try{var r=t.query,n=t.loginId;if(n)return Promise.resolve(n);var i,o,a=this.configuration,c=a.service,u=a.core_path,s=void 0===u?"core":u,h=((i={query:y({},r,{$limit:1})})[s]=y({skipJoins:!0},t[s]),i);return Promise.resolve(null==(o=this.app)?void 0:o.service(c).find(y({},h,{skipJoins:!0}))).then(function(e){if(e.total)return e.data[0]._id;throw new j("Could not find login associated with this ucan")})}catch(e){return Promise.reject(e)}},u.authenticate=function(t,i){try{var o=this,a=t.accessToken,c=t.loginId,u=t.ucan,s=o.configuration,h=s.entity,l=s.core_path;if(!a){if(!u)throw new j("Error generating ucan");a=r(u)}return Promise.resolve(e(a).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){function t(){var e;return y({},u,((e={})[h]=r,e))}var r,u={accessToken:a,authentication:{strategy:"jwt",accessToken:a}};if(null===h)return u;var s=n(i,[l,h]),f=function(){if(!s)return Promise.resolve(o.getEntityId(u,y({},i,{loginId:c,query:{did:null==e?void 0:e.payload.aud}}))).then(function(e){return Promise.resolve(o.getEntity(e,i)).then(function(e){r=e})});r=s}();return f&&f.then?f.then(t):t()})}catch(e){return Promise.reject(e)}},u.parse=function(e){try{var t=this.configuration,r=t.schemes,n=e.headers&&e.headers[t.header.toLowerCase()];if(!n\|\|"string"!=typeof n)return Promise.resolve(null);var i=n.match(k)\|\|[],o=i[1],a=i[2],c=o&&r.some(function(e){return new RegExp(e,"i").test(o)});return Promise.resolve(o&&!c?null:{strategy:this.name,accessToken:c?a:n})}catch(e){return Promise.reject(e)}},a=o,(c=[{key:"configuration",get:function(){var e,t=(null==(e=this.authentication)?void 0:e.configuration)\|\|{service:void 0,entity:void 0,entityId:void 0};return y({service:t.service,entity:t.entity,entityId:t.entityId,header:"Authorization",schemes:["Bearer","JWT"]},i.prototype.configuration)}}])&&function(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable\|\|!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,"symbol"==typeof(i=function(e,t){if("object"!=typeof e\|\|null===e)return e;var r=e[Symbol.toPrimitive];if(void 0!==r){var n=r.call(e,"string");if("object"!=typeof n)return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(n.key))?i:String(i),n)}var i}(a.prototype,c),Object.defineProperty(a,"prototype",{writable:!1}),o}(p),O=["NotAuthenticated"],T=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return g(t,e),t}(/#__PURE__/x(Error)),I=/#__PURE__/function(t){function c(e,r,n){var i;void 0===r&&(r="authentication"),void 0===n&&(n={});var o=n.NotAuthenticated,a=_(n,O);return(i=t.call(this,e,r,a)\|\|this).options=void 0,i.app=e,i.options={NotAuthenticated:o},i}return g(c,t),c.prototype.create=function(t,c){try{var u,s,h=this,l=(null==(u=h.options)?void 0:u.NotAuthenticated)\|\|T,f=h.app.get("authentication"),p=f.entity,v=f.service,d=f.ucan_path,m=void 0===d?"ucan":d,g=(null==(s=c)?void 0:s.authStrategies)\|\|h.configuration.authStrategies;if(c\|\|(c={}),!g.length)throw new l("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(h.authenticate.apply(h,[t,c].concat(g)).catch(function(e){throw new Error(e.message)})).then(function(u){if(u.accessToken)return u;var s=t.did\|\|n(u,[p,"did"]),l=t.ucan\|\|n(u,[p,"ucan"]);if(!s)throw new Error("No did audience provided");if(!l)throw new Error("No ucan provided to authentication call");return Promise.resolve(e(l).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan",l,t.message),null})).then(function(e){function t(){var e=r(l);return y({accessToken:e},u,{authentication:y({},u.authentication,{payload:e})})}var s=function(){if(!e){var t=i(l),s=h.app.get("authentication"),f=o({secretKey:s.secret});return Promise.resolve(a({audience:t.payload.aud,issuer:f,lifetimeInSeconds:5184e3,capabilities:t.payload.att})).then(function(e){var t;return l=e,c.admin_pass=!0,Promise.resolve(h.app.service(v).patch(n(u,[p,"_id"]),(t={},t[m]=r(l),t),y({},c))).then(function(){})})}}();return s&&s.then?s.then(t):t()})})}catch(e){return Promise.reject(e)}},c}(v),S=/#__PURE__/function(){function e(e,t,r){var n;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=y({},null==(n=t.params)?void 0:n.core,r)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var r,n,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(r=i.context.app)?void 0:r.service(i.service).get(e,y({},t,((n={})[o]=i.core,n))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,r,n=this,i=n.context.app.get("authentication").core_path;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service).find(y({},e,((r={})[i]=n.core,r))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var r,n,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(r=i.context.app)?void 0:r.service(i.service).create(e,y({},t,((n={})[o]=i.core,n))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,r){void 0===r&&(r={});try{var n,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).patch(e,t,y({},r,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,r){void 0===r&&(r={});try{var n,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service).update(e,t,y({},r,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var r,n,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(r=i.context.app)?void 0:r.service(i.service).remove(e,y({},t,((n={})[o]=i.core,n))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var r,n,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(r=i.context.app)?void 0:r.service(i.service)._get(e,y({},t,((n={})[o]=i.core,n))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,r,n=this,i=n.context.app.get("authentication").core_path;return Promise.resolve(null==(t=n.context.app)?void 0:t.service(n.service)._find(y({},e,((r={})[i]=n.core,r))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var r,n,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(r=i.context.app)?void 0:r.service(i.service)._create(e,y({},t,((n={})[o]=i.core,n))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,r){void 0===r&&(r={});try{var n,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._patch(e,t,y({},r,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,r){void 0===r&&(r={});try{var n,i,o=this,a=o.context.app.get("authentication").core_path;return Promise.resolve(null==(n=o.context.app)?void 0:n.service(o.service)._update(e,t,y({},r,((i={})[a]=o.core,i))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var r,n,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(r=i.context.app)?void 0:r.service(i.service)._remove(e,y({},t,((n={})[o]=i.core,n))))}catch(e){return Promise.reject(e)}},e}(),A="_exists",C=function(e){var t=e.app.get("existsPath")\|\|A;return e.params?e.params[t+":"+e.path]:void 0},U=function(e){try{var t=C(e),r=function(){if(!t&&e.id)return Promise.resolve(new S(e.path,e,{skipJoins:!0}).get(e.id,{admin_pass:!0})).then(function(e){t=e})}();return Promise.resolve(r&&r.then?r.then(function(){return t}):t)}catch(e){return Promise.reject(e)}},q=function(e,t){var r=e.app.get("existsPath")\|\|A;return e.params[r+":"+e.path]=t,e},N=["ucan"];function J(e,t,r){if(!e.s){if(r instanceof R){if(!r.s)return void(r.o=J.bind(null,e,t));1&t&&(t=r.s),r=r.v}if(r&&r.then)return void r.then(J.bind(null,e,t),J.bind(null,e,2));e.s=t,e.v=r;var n=e.o;n&&n(e)}}const R=/#__PURE__/function(){function e(){}return e.prototype.then=function(t,r){const n=new e,i=this.s;if(i){const e=1&i?t:r;if(e){try{J(n,1,e(this.v))}catch(e){J(n,2,e)}return n}return this}return this.o=function(e){try{const i=e.v;1&e.s?J(n,1,t?t(i):i):r?J(n,1,r(i)):J(n,2,i)}catch(e){J(n,2,e)}},n},e}();var B="",K="$",M=function(e){try{var t=e.app.get("authentication"),r=n(e,["auth",t.entity]);return r&&(e=c(e,[t.core_path,t.entity],r)),Promise.resolve(d("jwt")(e).catch(function(t){return console.error("got error in no throw auth",t),e})).then(function(t){return e=t})}catch(e){return Promise.reject(e)}},V=function(e){try{var t=e.app.get("authentication"),r=n(e,["auth",t.entity]);return r&&(e=c(e,[t.core_path,t.entity],r)),Promise.resolve(d("jwt")(e))}catch(e){return Promise.reject(e)}},W=function(e){try{var t,r={ok:!1,value:[]},n=function(n,i,o){var a=[];for(var c in n)a.push(c);return function(e,t,r){var n,i,o=-1;return function a(c){try{for(;++o<e.length&&(!r\|\|!r());)if((c=t(o))&&c.then){if(!((u=c)instanceof R&&1&u.s))return void c.then(a,i\|\|(i=J.bind(null,n=new R,2)));c=c.v}n?J(n,1,c):n=c}catch(e){J(n\|\|(n=new R),2,e)}var u}(),n}(a,function(n){return function(n){var i=function(i){if(null==(i=r)\|\|!i.ok){var o=e[n],a=o.ucan,c=_(o,N);return Promise.resolve(function(e,t){try{return Promise.resolve(u(e,t))}catch(e){return Promise.reject(e)}}(a,c)).then(function(e){r=e})}t=1}();if(i&&i.then)return i.then(function(){})}(a[n])},function(){return t})}(e);return Promise.resolve(n&&n.then?n.then(function(){return r}):r)}catch(e){return Promise.reject(e)}},$=function(e,t,r){return function(i){try{var o,a=n(i.params,t.client_ucan),c=n(i.params,t.ucan_aud);return a&&c&&null!=r&&null!=(o=r.or)&&o.includes(i.method)?Promise.resolve(W((e\|\|[]).map(function(e){return{ucan:a,audience:c,requiredCapabilities:[e]}}))):Promise.resolve(u(a,{audience:c,requiredCapabilities:e}))}catch(e){return Promise.reject(e)}}},D=function(e,t){var r=o({secretKey:t.secret}).did();return(e\|\|[]).map(function(e){return{capability:Array.isArray(e)?s({with:{scheme:t.defaultScheme,hierPart:t.defaultHierPart},can:{namespace:e[0],segments:"string"==typeof e[1]?[e[1]]:e[1]}},t):s(e,t),rootIssuer:r}})},F=function(e,t){return function(r){try{var i,o=function(o){return i?o:Promise.resolve(V(r)).then(function(i){function o(){var e;if(null!=(e=u)&&e.ok)return r;var i=function(){function e(){if(u.ok)return r;throw console.error("Ucan capabilities requirements not met: ",u,r.type,r.path),new Error("Missing proper capabilities for this action: "+r.type+": "+r.path+" - "+r.method)}var i=function(e){if(null==(e=u)\|\|!e.ok){var i=!1,o=[];s.forEach(function(e,t){var r=(n(e,"capability.can.namespace")\|\|"").split(":");r[1]&&(e=c(e,"capability.can.namespace",r[0]),i=!0),o.push(e)});var h=function(){if(i)return Promise.resolve($(s,a,t)(r)).then(function(e){u=e})}();if(h&&h.then)return h.then(function(){})}}();return i&&i.then?i.then(e):e()},o=t\|\|{creatorPass:!1},l=o.creatorPass,f=o.loginPass,p=function(){if(l&&(""===l\|\|l.includes(r.method))\|\|null!=f&&f.length&&(""===f[1]\|\|f[1].includes(r.method)))return Promise.resolve(U(r)).then(function(e){if(l)u.ok=n(e,["createdBy",a.entity])===(n(r,[a.entity,"_id"])\|\|"**");else if(f){var t=h((f[0]\|\|[]).map(function(t){return n(e,t)}).map(function(e){return Array.isArray(e)?e:[e]})),i=n(r.params,[a.entity,"_id"]),o=t.filter(function(e){return!!e});u.ok=o.map(function(e){return String(e)}).includes(String(i))}})}();return p&&p.then?p.then(i):i()}if(r=i,""===e)return r;if(((null==t?void 0:t.adminPass)\|\|[]).includes(r.method)&&(n(r.params,"admin_pass")\|\|n(r.params,[a.core_path,"admin_pass"])))return r;var u={ok:!1,value:[]},s=D(e,a),l=function(){if(s.length)return Promise.resolve($(s,a,t)(r)).then(function(e){u=e});u.ok=!0}();return l&&l.then?l.then(o):o()})},a=r.app.get("authentication"),u=function(){if("$"===e)return Promise.resolve(M(r)).then(function(e){return i=1,e})}();return Promise.resolve(u&&u.then?u.then(o):o(u))}catch(e){return Promise.reject(e)}}},Q=function(e,t){return function(r){try{var i=r.app.get("authentication"),o=n(r,["auth",i.entity]);if(o&&(r=c(r,[i.core_path,i.entity],o)),"before"===r.type){var a=r.method;return Promise.resolve(e[a]\|\|e.all?F(e[a]\|\|e.all,t)(r):r)}return Promise.resolve(r)}catch(e){return Promise.reject(e)}}},z=function(){return function(t){try{var c=t.data,s=c.add,h=void 0===s?[]:s,p=c.remove,v=void 0===p?[]:p;if(!(null!=h&&h.length\|\|null!=v&&v.length))throw new Error("No new capabilities passed");var d=t.app.get("authentication"),m=d.secret,g=d.ucan_aud,P=d.entity,w=d.ucan,b=o({secretKey:m}).did(),x=l([].concat(h,v));return Promise.resolve(u(n(t.params,[P,w]),{audience:n(t.params,g),requiredCapabilities:x.map(function(e){return{capability:e,rootIssuer:b}})})).then(function(c){if(null==c\|\|!c.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var u=t.id,s=t.data.service\|\|"logins",p=t.data.path\|\|"ucan";return Promise.resolve(new S(s,t,{skipJoins:!0}).get(u)).then(function(c){var d=i(n(c,p)).payload,g=d.aud,P=d.att,w=d.prf,b=[].concat(P);return null!=v&&v.length&&(b=f(v,P)),null!=h&&h.length&&(b=l([].concat(P,h))),Promise.resolve(a(y({issuer:o({secretKey:m}),audience:g,lifetimeInSeconds:5184e3,proofs:w},t.data,{capabilities:b}))).then(function(n){var i=r(n);return Promise.resolve(e(i)).then(function(e){var r;if(!e)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new S(s,t).patch(u,(r={},r[p]=i,r))).then(function(e){return t.result={raw:t.data,encoded:i,subject:e},t})})})})})}catch(e){return Promise.reject(e)}}};export{I as AuthService,S as CoreCall,T as NotAuthError,E as UcanStrategy,Q as allUcanAuth,B as anyAuth,V as bareAuth,A as existsPath,C as getExists,U as loadExists,D as modelCapabilities,K as noThrow,M as noThrowAuth,W as orVerifyLoop,q as setExists,F as ucanAuth,z as updateUcan,$ as verifyAgainstReqs};

package/lib/index.umd.js CHANGED Viewed

	@@ -1 +1 @@
1	- !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("symbol-ucan"),require("@feathersjs/authentication"),require("long-timeout")):"function"==typeof define&&define.amd?define(["exports","symbol-ucan","@feathersjs/authentication","long-timeout"],t):t((e\|\|self).feathersUcan={},e.symbolUcan,e.authentication,e.longTimeout)}(this,function(e,t,n,r){function i(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var o=/#__PURE__/i(r);function a(){return a=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},a.apply(this,arguments)}function c(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,s(e,t)}function u(e){return u=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__\|\|Object.getPrototypeOf(e)},u(e)}function s(e,t){return s=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},s(e,t)}function l(e,t,n){return l=function(){if("undefined"==typeof Reflect\|\|!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,n){var r=[null];r.push.apply(r,t);var i=new(Function.bind.apply(e,r));return n&&s(i,n.prototype),i},l.apply(null,arguments)}function h(e){var t="function"==typeof Map?new Map:void 0;return h=function(e){if(null===e\|\|!function(e){try{return-1!==Function.toString.call(e).indexOf("[native code]")}catch(t){return"function"==typeof e}}(e))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,n)}function n(){return l(e,arguments,u(this).constructor)}return n.prototype=Object.create(e.prototype,{constructor:{value:n,enumerable:!1,writable:!0,configurable:!0}}),s(n,e)},h(e)}function f(e,t){if(null==e)return{};var n,r,i={},o=Object.keys(e);for(r=0;r<o.length;r++)t.indexOf(n=o[r])>=0\|\|(i[n]=e[n]);return i}var p=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return c(t,e),t}(/#__PURE__/h(Error)),v=/(\S+)\s+(\S+)/,d=/#__PURE__/function(e){function n(){for(var t,n=arguments.length,r=new Array(n),i=0;i<n;i++)r[i]=arguments[i];return(t=e.call.apply(e,[this].concat(r))\|\|this).expirationTimers=new WeakMap,t}c(n,e);var r,i,u=n.prototype;return u.setAuthentication=function(e){e.verifyAccessToken=function(e){return{}},this.authentication=e},u.handleConnection=function(e,n,r){try{var i=this,a="logout"===e&&n.authentication&&r&&n.authentication.accessToken===r.accessToken,c=(r\|\|{}).accessToken,u=function(){if(c&&"login"===e)return Promise.resolve(t.validateUcan(c).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){var t=1e3(e\|\|{payload:{exp:0}}).payload.exp-Date.now(),r=o.default.setTimeout(function(){return i.app.emit("disconnect",n)},t);o.default.clearTimeout(i.expirationTimers.get(n)),i.expirationTimers.set(n,r),n.authentication={strategy:i.name,accessToken:c}});("disconnect"===e\|\|a)&&(delete n[i.configuration.entity],delete n.authentication,o.default.clearTimeout(i.expirationTimers.get(n)),i.expirationTimers.delete(n))}();return Promise.resolve(u&&u.then?u.then(function(){}):void 0)}catch(e){return Promise.reject(e)}},u.verifyConfiguration=function(){for(var e=["entity","entityId","service","header","schemes","audience"],t=0,n=Object.keys(this.configuration);t<n.length;t++){var r=n[t];if(!e.includes(r))throw new Error("Invalid ucanStrategy option 'authentication."+this.name+"."+r+"'. Did you mean to set it in 'authentication.jwtOptions'?")}if("string"!=typeof this.configuration.header)throw new Error("The 'header' option for the "+this.name+" strategy must be a string")},u.getEntityQuery=function(e){return Promise.resolve({})},u.getEntity=function(e,n){try{var r=this,i=r.entityService,o=r.configuration.entity;if(null===i)throw new p("Could not find entity service");return Promise.resolve(r.getEntityQuery(n)).then(function(r){var c=Object.assign({},t._unset(n,"provider"),{query:r});return Promise.resolve(i.get(e,c)).then(function(t){var r;return n.provider?i.get(e,a({},n,((r={})[o]=t,r))):t})})}catch(e){return Promise.reject(e)}},u.getEntityId=function(e,t){try{var n=t.query,r=t.loginId;if(r)return Promise.resolve(r);var i,o,c=this.configuration,u=c.service,s=c.core_path,l=void 0===s?"core":s,h=((i={query:a({},n,{$limit:1})})[l]=a({skipJoins:!0},t[l]),i);return Promise.resolve(null==(o=this.app)?void 0:o.service(u).find(a({},h,{skipJoins:!0}))).then(function(e){if(e.total)return e.data[0]._id;throw new p("Could not find login associated with this ucan")})}catch(e){return Promise.reject(e)}},u.authenticate=function(e,n){try{var r=this,i=e.accessToken,o=e.loginId,c=e.ucan,u=r.configuration,s=u.entity,l=u.core_path;if(!i){if(!c)throw new p("Error generating ucan");i=t.ucanToken(c)}return Promise.resolve(t.validateUcan(i).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){function c(){var e;return a({},h,((e={})[s]=u,e))}var u,h={accessToken:i,authentication:{strategy:"jwt",accessToken:i}};if(null===s)return h;var f=t._get(n,[l,s]),p=function(){if(!f)return Promise.resolve(r.getEntityId(h,a({},n,{loginId:o,query:{did:null==e?void 0:e.payload.aud}}))).then(function(e){return Promise.resolve(r.getEntity(e,n)).then(function(e){u=e})});u=f}();return p&&p.then?p.then(c):c()})}catch(e){return Promise.reject(e)}},u.parse=function(e){try{var t=this.configuration,n=t.schemes,r=e.headers&&e.headers[t.header.toLowerCase()];if(!r\|\|"string"!=typeof r)return Promise.resolve(null);var i=r.match(v)\|\|[],o=i[1],a=i[2],c=o&&n.some(function(e){return new RegExp(e,"i").test(o)});return Promise.resolve(o&&!c?null:{strategy:this.name,accessToken:c?a:r})}catch(e){return Promise.reject(e)}},r=n,(i=[{key:"configuration",get:function(){var t,n=(null==(t=this.authentication)?void 0:t.configuration)\|\|{service:void 0,entity:void 0,entityId:void 0};return a({service:n.service,entity:n.entity,entityId:n.entityId,header:"Authorization",schemes:["Bearer","JWT"]},e.prototype.configuration)}}])&&function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,"symbol"==typeof(i=function(e,t){if("object"!=typeof e\|\|null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,"string");if("object"!=typeof r)return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(r.key))?i:String(i),r)}var i}(r.prototype,i),Object.defineProperty(r,"prototype",{writable:!1}),n}(n.AuthenticationBaseStrategy),m=["NotAuthenticated"],y=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return c(t,e),t}(/#__PURE__/h(Error)),g=/#__PURE__/function(e){function n(t,n,r){var i;void 0===n&&(n="authentication"),void 0===r&&(r={});var o=r.NotAuthenticated,a=f(r,m);return(i=e.call(this,t,n,a)\|\|this).options=void 0,i.app=t,i.options={NotAuthenticated:o},i}return c(n,e),n.prototype.create=function(e,n){try{var r,i,o=this,c=(null==(r=o.options)?void 0:r.NotAuthenticated)\|\|y,u=o.app.get("authentication"),s=u.entity,l=u.service,h=u.ucan_path,f=void 0===h?"ucan":h,p=(null==(i=n)?void 0:i.authStrategies)\|\|o.configuration.authStrategies;if(n\|\|(n={}),!p.length)throw new c("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(o.authenticate.apply(o,[e,n].concat(p)).catch(function(e){throw new Error(e.message)})).then(function(r){if(r.accessToken)return r;var i=e.did\|\|t._get(r,[s,"did"]),c=e.ucan\|\|t._get(r,[s,"ucan"]);if(!i)throw new Error("No did audience provided");if(!c)throw new Error("No ucan provided to authentication call");return Promise.resolve(t.validateUcan(c).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan",c,t.message),null})).then(function(e){function i(){var e=t.ucanToken(c);return a({accessToken:e},r,{authentication:a({},r.authentication,{payload:e})})}var u=function(){if(!e){var i=t.parseUcan(c),u=o.app.get("authentication"),h=t.encodeKeyPair({secretKey:u.secret});return Promise.resolve(t.buildUcan({audience:i.payload.aud,issuer:h,lifetimeInSeconds:5184e3,capabilities:i.payload.att})).then(function(e){var i;return c=e,n.admin_pass=!0,Promise.resolve(o.app.service(l).patch(t._get(r,[s,"_id"]),(i={},i[f]=t.ucanToken(c),i),a({},n))).then(function(){})})}}();return u&&u.then?u.then(i):i()})})}catch(e){return Promise.reject(e)}},n}(n.AuthenticationService),P=/#__PURE__/function(){function e(e,t,n){var r;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=a({},null==(r=t.params)?void 0:r.core,n)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).get(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,n,r=this,i=r.context.app.get("authentication").core_path;return Promise.resolve(null==(t=r.context.app)?void 0:t.service(r.service).find(a({},e,((n={})[i]=r.core,n))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).create(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,c=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).patch(e,t,a({},n,((i={})[c]=o.core,i))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,c=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).update(e,t,a({},n,((i={})[c]=o.core,i))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).remove(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._get(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,n,r=this,i=r.context.app.get("authentication").core_path;return Promise.resolve(null==(t=r.context.app)?void 0:t.service(r.service)._find(a({},e,((n={})[i]=r.core,n))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._create(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,c=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._patch(e,t,a({},n,((i={})[c]=o.core,i))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,c=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._update(e,t,a({},n,((i={})[c]=o.core,i))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._remove(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},e}(),_=["ucan"];function b(e,t,n){if(!e.s){if(n instanceof w){if(!n.s)return void(n.o=b.bind(null,e,t));1&t&&(t=n.s),n=n.v}if(n&&n.then)return void n.then(b.bind(null,e,t),b.bind(null,e,2));e.s=t,e.v=n;var r=e.o;r&&r(e)}}const w=/#__PURE__/function(){function e(){}return e.prototype.then=function(t,n){const r=new e,i=this.s;if(i){const e=1&i?t:n;if(e){try{b(r,1,e(this.v))}catch(e){b(r,2,e)}return r}return this}return this.o=function(e){try{const i=e.v;1&e.s?b(r,1,t?t(i):i):n?b(r,1,n(i)):b(r,2,i)}catch(e){b(r,2,e)}},r},e}();var j=function(e){try{var r=e.app.get("authentication"),i=t._get(e,["auth",r.entity]);return i&&(e=t._set(e,[r.core_path,r.entity],i)),Promise.resolve(n.authenticate("jwt")(e).catch(function(t){return console.error("got error in no throw auth",t),e})).then(function(t){return e=t})}catch(e){return Promise.reject(e)}},x=function(e){try{var r=e.app.get("authentication"),i=t._get(e,["auth",r.entity]);return i&&(e=t._set(e,[r.core_path,r.entity],i)),Promise.resolve(n.authenticate("jwt")(e))}catch(e){return Promise.reject(e)}},k=function(e){try{var n,r={ok:!1,value:[]},i=function(i,o,a){var c=[];for(var u in i)c.push(u);return function(e,t,n){var r,i,o=-1;return function a(c){try{for(;++o<e.length&&(!n\|\|!n());)if((c=t(o))&&c.then){if(!((u=c)instanceof w&&1&u.s))return void c.then(a,i\|\|(i=b.bind(null,r=new w,2)));c=c.v}r?b(r,1,c):r=c}catch(e){b(r\|\|(r=new w),2,e)}var u}(),r}(c,function(i){return function(i){var o=function(o){if(null==(o=r)\|\|!o.ok){var a=e[i],c=a.ucan,u=f(a,_);return Promise.resolve(function(e,n){try{return Promise.resolve(t.verifyUcan(e,n))}catch(e){return Promise.reject(e)}}(c,u)).then(function(e){r=e})}n=1}();if(o&&o.then)return o.then(function(){})}(c[i])},function(){return n})}(e);return Promise.resolve(i&&i.then?i.then(function(){return r}):r)}catch(e){return Promise.reject(e)}},T=function(e,n,r){return function(i){try{var o,a=t._get(i.params,n.client_ucan),c=t._get(i.params,n.ucan_aud);return a&&c&&null!=r&&null!=(o=r.or)&&o.includes(i.method)?Promise.resolve(k((e\|\|[]).map(function(e){return{ucan:a,audience:c,requiredCapabilities:[e]}}))):Promise.resolve(t.verifyUcan(a,{audience:c,requiredCapabilities:e}))}catch(e){return Promise.reject(e)}}},E=function(e,n){var r=t.encodeKeyPair({secretKey:n.secret}).did();return(e\|\|[]).map(function(e){return{capability:Array.isArray(e)?t.genCapability({with:{scheme:n.defaultScheme,hierPart:n.defaultHierPart},can:{namespace:e[0],segments:"string"==typeof e[1]?[e[1]]:e[1]}},n):t.genCapability(e,n),rootIssuer:r}})},O=function(e,n){return function(r){try{var i,o=function(o){return i?o:Promise.resolve(x(r)).then(function(i){function o(){var e;if(null!=(e=c)&&e.ok)return r;var i=function(){function e(){if(c.ok)return r;throw console.error("Ucan capabilities requirements not met: ",c,r.type,r.path),new Error("Missing proper capabilities for this action: "+r.type+": "+r.path+" - "+r.method)}var i=function(e){if(null==(e=c)\|\|!e.ok){var i=!1,o=[];u.forEach(function(e,n){var r=(t._get(e,"capability.can.namespace")\|\|"").split(":");r[1]&&(e=t._set(e,"capability.can.namespace",r[0]),i=!0),o.push(e)});var s=function(){if(i)return Promise.resolve(T(u,a,n)(r)).then(function(e){c=e})}();if(s&&s.then)return s.then(function(){})}}();return i&&i.then?i.then(e):e()},o=n\|\|{creatorPass:!1},s=o.creatorPass,l=o.loginPass,h=function(){if(s&&(""===s\|\|s.includes(r.method))\|\|null!=l&&l.length&&(""===l[1]\|\|l[1].includes(r.method)))return Promise.resolve(new P(r.path,r,{skipJoins:!0}).get(r.id)).then(function(e){if(s)c.ok=t._get(e,["createdBy",a.entity])===(t._get(r,[a.entity,"_id"])\|\|"*");else if(l){var n=t._flatten((l[0]\|\|[]).map(function(n){return t._get(e,n)}).map(function(e){return Array.isArray(e)?e:[e]})),i=t._get(r.params,[a.entity,"_id"]),o=n.filter(function(e){return!!e});c.ok=o.map(function(e){return String(e)}).includes(String(i))}})}();return h&&h.then?h.then(i):i()}if(r=i,""===e)return r;if(((null==n?void 0:n.adminPass)\|\|[]).includes(r.method)&&(t._get(r.params,"admin_pass")\|\|t._get(r.params,[a.core_path,"admin_pass"])))return r;var c={ok:!1,value:[]},u=E(e,a),s=function(){if(u.length)return Promise.resolve(T(u,a,n)(r)).then(function(e){c=e});c.ok=!0}();return s&&s.then?s.then(o):o()})},a=r.app.get("authentication"),c=function(){if("$"===e)return Promise.resolve(j(r)).then(function(e){return i=1,e})}();return Promise.resolve(c&&c.then?c.then(o):o(c))}catch(e){return Promise.reject(e)}}};e.AuthService=g,e.CoreCall=P,e.NotAuthError=y,e.UcanStrategy=d,e.allUcanAuth=function(e,n){return function(r){try{var i=r.app.get("authentication"),o=t._get(r,["auth",i.entity]);if(o&&(r=t._set(r,[i.core_path,i.entity],o)),"before"===r.type){var a=r.method;return Promise.resolve(e[a]\|\|e.all?O(e[a]\|\|e.all,n)(r):r)}return Promise.resolve(r)}catch(e){return Promise.reject(e)}}},e.anyAuth="*",e.bareAuth=x,e.modelCapabilities=E,e.noThrow="$",e.noThrowAuth=j,e.orVerifyLoop=k,e.ucanAuth=O,e.updateUcan=function(){return function(e){try{var n=e.data,r=n.add,i=void 0===r?[]:r,o=n.remove,c=void 0===o?[]:o;if(!(null!=i&&i.length\|\|null!=c&&c.length))throw new Error("No new capabilities passed");var u=e.app.get("authentication"),s=u.secret,l=u.ucan_aud,h=u.entity,f=u.ucan,p=t.encodeKeyPair({secretKey:s}).did(),v=t.stackAbilities([].concat(i,c));return Promise.resolve(t.verifyUcan(t._get(e.params,[h,f]),{audience:t._get(e.params,l),requiredCapabilities:v.map(function(e){return{capability:e,rootIssuer:p}})})).then(function(n){if(null==n\|\|!n.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var r=e.id,o=e.data.service\|\|"logins",u=e.data.path\|\|"ucan";return Promise.resolve(new P(o,e,{skipJoins:!0}).get(r)).then(function(n){var l=t.parseUcan(t._get(n,u)).payload,h=l.aud,f=l.att,p=l.prf,v=[].concat(f);return null!=c&&c.length&&(v=t.reduceAbilities(c,f)),null!=i&&i.length&&(v=t.stackAbilities([].concat(f,i))),Promise.resolve(t.buildUcan(a({issuer:t.encodeKeyPair({secretKey:s}),audience:h,lifetimeInSeconds:5184e3,proofs:p},e.data,{capabilities:v}))).then(function(n){var i=t.ucanToken(n);return Promise.resolve(t.validateUcan(i)).then(function(t){var n;if(!t)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new P(o,e).patch(r,(n={},n[u]=i,n))).then(function(t){return e.result={raw:e.data,encoded:i,subject:t},e})})})})})}catch(e){return Promise.reject(e)}}},e.verifyAgainstReqs=T});
1	+ !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports,require("symbol-ucan"),require("@feathersjs/authentication"),require("long-timeout")):"function"==typeof define&&define.amd?define(["exports","symbol-ucan","@feathersjs/authentication","long-timeout"],t):t((e\|\|self).feathersUcan={},e.symbolUcan,e.authentication,e.longTimeout)}(this,function(e,t,n,r){function i(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var o=/#__PURE__/i(r);function a(){return a=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},a.apply(this,arguments)}function c(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,s(e,t)}function u(e){return u=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__\|\|Object.getPrototypeOf(e)},u(e)}function s(e,t){return s=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},s(e,t)}function l(e,t,n){return l=function(){if("undefined"==typeof Reflect\|\|!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,n){var r=[null];r.push.apply(r,t);var i=new(Function.bind.apply(e,r));return n&&s(i,n.prototype),i},l.apply(null,arguments)}function h(e){var t="function"==typeof Map?new Map:void 0;return h=function(e){if(null===e\|\|!function(e){try{return-1!==Function.toString.call(e).indexOf("[native code]")}catch(t){return"function"==typeof e}}(e))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,n)}function n(){return l(e,arguments,u(this).constructor)}return n.prototype=Object.create(e.prototype,{constructor:{value:n,enumerable:!1,writable:!0,configurable:!0}}),s(n,e)},h(e)}function f(e,t){if(null==e)return{};var n,r,i={},o=Object.keys(e);for(r=0;r<o.length;r++)t.indexOf(n=o[r])>=0\|\|(i[n]=e[n]);return i}var p=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return c(t,e),t}(/#__PURE__/h(Error)),v=/(\S+)\s+(\S+)/,d=/#__PURE__/function(e){function n(){for(var t,n=arguments.length,r=new Array(n),i=0;i<n;i++)r[i]=arguments[i];return(t=e.call.apply(e,[this].concat(r))\|\|this).expirationTimers=new WeakMap,t}c(n,e);var r,i,u=n.prototype;return u.setAuthentication=function(e){e.verifyAccessToken=function(e){return{}},this.authentication=e},u.handleConnection=function(e,n,r){try{var i=this,a="logout"===e&&n.authentication&&r&&n.authentication.accessToken===r.accessToken,c=(r\|\|{}).accessToken,u=function(){if(c&&"login"===e)return Promise.resolve(t.validateUcan(c).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){var t=1e3(e\|\|{payload:{exp:0}}).payload.exp-Date.now(),r=o.default.setTimeout(function(){return i.app.emit("disconnect",n)},t);o.default.clearTimeout(i.expirationTimers.get(n)),i.expirationTimers.set(n,r),n.authentication={strategy:i.name,accessToken:c}});("disconnect"===e\|\|a)&&(delete n[i.configuration.entity],delete n.authentication,o.default.clearTimeout(i.expirationTimers.get(n)),i.expirationTimers.delete(n))}();return Promise.resolve(u&&u.then?u.then(function(){}):void 0)}catch(e){return Promise.reject(e)}},u.verifyConfiguration=function(){for(var e=["entity","entityId","service","header","schemes","audience"],t=0,n=Object.keys(this.configuration);t<n.length;t++){var r=n[t];if(!e.includes(r))throw new Error("Invalid ucanStrategy option 'authentication."+this.name+"."+r+"'. Did you mean to set it in 'authentication.jwtOptions'?")}if("string"!=typeof this.configuration.header)throw new Error("The 'header' option for the "+this.name+" strategy must be a string")},u.getEntityQuery=function(e){return Promise.resolve({})},u.getEntity=function(e,n){try{var r=this,i=r.entityService,o=r.configuration.entity;if(null===i)throw new p("Could not find entity service");return Promise.resolve(r.getEntityQuery(n)).then(function(r){var c=Object.assign({},t._unset(n,"provider"),{query:r});return Promise.resolve(i.get(e,c)).then(function(t){var r;return n.provider?i.get(e,a({},n,((r={})[o]=t,r))):t})})}catch(e){return Promise.reject(e)}},u.getEntityId=function(e,t){try{var n=t.query,r=t.loginId;if(r)return Promise.resolve(r);var i,o,c=this.configuration,u=c.service,s=c.core_path,l=void 0===s?"core":s,h=((i={query:a({},n,{$limit:1})})[l]=a({skipJoins:!0},t[l]),i);return Promise.resolve(null==(o=this.app)?void 0:o.service(u).find(a({},h,{skipJoins:!0}))).then(function(e){if(e.total)return e.data[0]._id;throw new p("Could not find login associated with this ucan")})}catch(e){return Promise.reject(e)}},u.authenticate=function(e,n){try{var r=this,i=e.accessToken,o=e.loginId,c=e.ucan,u=r.configuration,s=u.entity,l=u.core_path;if(!i){if(!c)throw new p("Error generating ucan");i=t.ucanToken(c)}return Promise.resolve(t.validateUcan(i).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){function c(){var e;return a({},h,((e={})[s]=u,e))}var u,h={accessToken:i,authentication:{strategy:"jwt",accessToken:i}};if(null===s)return h;var f=t._get(n,[l,s]),p=function(){if(!f)return Promise.resolve(r.getEntityId(h,a({},n,{loginId:o,query:{did:null==e?void 0:e.payload.aud}}))).then(function(e){return Promise.resolve(r.getEntity(e,n)).then(function(e){u=e})});u=f}();return p&&p.then?p.then(c):c()})}catch(e){return Promise.reject(e)}},u.parse=function(e){try{var t=this.configuration,n=t.schemes,r=e.headers&&e.headers[t.header.toLowerCase()];if(!r\|\|"string"!=typeof r)return Promise.resolve(null);var i=r.match(v)\|\|[],o=i[1],a=i[2],c=o&&n.some(function(e){return new RegExp(e,"i").test(o)});return Promise.resolve(o&&!c?null:{strategy:this.name,accessToken:c?a:r})}catch(e){return Promise.reject(e)}},r=n,(i=[{key:"configuration",get:function(){var t,n=(null==(t=this.authentication)?void 0:t.configuration)\|\|{service:void 0,entity:void 0,entityId:void 0};return a({service:n.service,entity:n.entity,entityId:n.entityId,header:"Authorization",schemes:["Bearer","JWT"]},e.prototype.configuration)}}])&&function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,"symbol"==typeof(i=function(e,t){if("object"!=typeof e\|\|null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,"string");if("object"!=typeof r)return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(r.key))?i:String(i),r)}var i}(r.prototype,i),Object.defineProperty(r,"prototype",{writable:!1}),n}(n.AuthenticationBaseStrategy),m=["NotAuthenticated"],y=/#__PURE__/function(e){function t(t){return e.call(this,t)\|\|this}return c(t,e),t}(/#__PURE__/h(Error)),g=/#__PURE__/function(e){function n(t,n,r){var i;void 0===n&&(n="authentication"),void 0===r&&(r={});var o=r.NotAuthenticated,a=f(r,m);return(i=e.call(this,t,n,a)\|\|this).options=void 0,i.app=t,i.options={NotAuthenticated:o},i}return c(n,e),n.prototype.create=function(e,n){try{var r,i,o=this,c=(null==(r=o.options)?void 0:r.NotAuthenticated)\|\|y,u=o.app.get("authentication"),s=u.entity,l=u.service,h=u.ucan_path,f=void 0===h?"ucan":h,p=(null==(i=n)?void 0:i.authStrategies)\|\|o.configuration.authStrategies;if(n\|\|(n={}),!p.length)throw new c("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(o.authenticate.apply(o,[e,n].concat(p)).catch(function(e){throw new Error(e.message)})).then(function(r){if(r.accessToken)return r;var i=e.did\|\|t._get(r,[s,"did"]),c=e.ucan\|\|t._get(r,[s,"ucan"]);if(!i)throw new Error("No did audience provided");if(!c)throw new Error("No ucan provided to authentication call");return Promise.resolve(t.validateUcan(c).catch(function(e){console.log("Could not validate ucan: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan",c,t.message),null})).then(function(e){function i(){var e=t.ucanToken(c);return a({accessToken:e},r,{authentication:a({},r.authentication,{payload:e})})}var u=function(){if(!e){var i=t.parseUcan(c),u=o.app.get("authentication"),h=t.encodeKeyPair({secretKey:u.secret});return Promise.resolve(t.buildUcan({audience:i.payload.aud,issuer:h,lifetimeInSeconds:5184e3,capabilities:i.payload.att})).then(function(e){var i;return c=e,n.admin_pass=!0,Promise.resolve(o.app.service(l).patch(t._get(r,[s,"_id"]),(i={},i[f]=t.ucanToken(c),i),a({},n))).then(function(){})})}}();return u&&u.then?u.then(i):i()})})}catch(e){return Promise.reject(e)}},n}(n.AuthenticationService),P=/#__PURE__/function(){function e(e,t,n){var r;this.context=void 0,this.service=void 0,this.core=void 0,this.service=e,this.context=t,this.core=a({},null==(r=t.params)?void 0:r.core,n)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).get(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,n,r=this,i=r.context.app.get("authentication").core_path;return Promise.resolve(null==(t=r.context.app)?void 0:t.service(r.service).find(a({},e,((n={})[i]=r.core,n))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).create(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,c=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).patch(e,t,a({},n,((i={})[c]=o.core,i))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,c=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service).update(e,t,a({},n,((i={})[c]=o.core,i))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service).remove(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._get(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,n,r=this,i=r.context.app.get("authentication").core_path;return Promise.resolve(null==(t=r.context.app)?void 0:t.service(r.service)._find(a({},e,((n={})[i]=r.core,n))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._create(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,c=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._patch(e,t,a({},n,((i={})[c]=o.core,i))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,n){void 0===n&&(n={});try{var r,i,o=this,c=o.context.app.get("authentication").core_path;return Promise.resolve(null==(r=o.context.app)?void 0:r.service(o.service)._update(e,t,a({},n,((i={})[c]=o.core,i))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var n,r,i=this,o=i.context.app.get("authentication").core_path;return Promise.resolve(null==(n=i.context.app)?void 0:n.service(i.service)._remove(e,a({},t,((r={})[o]=i.core,r))))}catch(e){return Promise.reject(e)}},e}(),_="_exists",b=function(e){var t=e.app.get("existsPath")\|\|_;return e.params?e.params[t+":"+e.path]:void 0},w=function(e){try{var t=b(e),n=function(){if(!t&&e.id)return Promise.resolve(new P(e.path,e,{skipJoins:!0}).get(e.id,{admin_pass:!0})).then(function(e){t=e})}();return Promise.resolve(n&&n.then?n.then(function(){return t}):t)}catch(e){return Promise.reject(e)}},x=["ucan"];function j(e,t,n){if(!e.s){if(n instanceof k){if(!n.s)return void(n.o=j.bind(null,e,t));1&t&&(t=n.s),n=n.v}if(n&&n.then)return void n.then(j.bind(null,e,t),j.bind(null,e,2));e.s=t,e.v=n;var r=e.o;r&&r(e)}}const k=/#__PURE__/function(){function e(){}return e.prototype.then=function(t,n){const r=new e,i=this.s;if(i){const e=1&i?t:n;if(e){try{j(r,1,e(this.v))}catch(e){j(r,2,e)}return r}return this}return this.o=function(e){try{const i=e.v;1&e.s?j(r,1,t?t(i):i):n?j(r,1,n(i)):j(r,2,i)}catch(e){j(r,2,e)}},r},e}();var E=function(e){try{var r=e.app.get("authentication"),i=t._get(e,["auth",r.entity]);return i&&(e=t._set(e,[r.core_path,r.entity],i)),Promise.resolve(n.authenticate("jwt")(e).catch(function(t){return console.error("got error in no throw auth",t),e})).then(function(t){return e=t})}catch(e){return Promise.reject(e)}},T=function(e){try{var r=e.app.get("authentication"),i=t._get(e,["auth",r.entity]);return i&&(e=t._set(e,[r.core_path,r.entity],i)),Promise.resolve(n.authenticate("jwt")(e))}catch(e){return Promise.reject(e)}},O=function(e){try{var n,r={ok:!1,value:[]},i=function(i,o,a){var c=[];for(var u in i)c.push(u);return function(e,t,n){var r,i,o=-1;return function a(c){try{for(;++o<e.length&&(!n\|\|!n());)if((c=t(o))&&c.then){if(!((u=c)instanceof k&&1&u.s))return void c.then(a,i\|\|(i=j.bind(null,r=new k,2)));c=c.v}r?j(r,1,c):r=c}catch(e){j(r\|\|(r=new k),2,e)}var u}(),r}(c,function(i){return function(i){var o=function(o){if(null==(o=r)\|\|!o.ok){var a=e[i],c=a.ucan,u=f(a,x);return Promise.resolve(function(e,n){try{return Promise.resolve(t.verifyUcan(e,n))}catch(e){return Promise.reject(e)}}(c,u)).then(function(e){r=e})}n=1}();if(o&&o.then)return o.then(function(){})}(c[i])},function(){return n})}(e);return Promise.resolve(i&&i.then?i.then(function(){return r}):r)}catch(e){return Promise.reject(e)}},U=function(e,n,r){return function(i){try{var o,a=t._get(i.params,n.client_ucan),c=t._get(i.params,n.ucan_aud);return a&&c&&null!=r&&null!=(o=r.or)&&o.includes(i.method)?Promise.resolve(O((e\|\|[]).map(function(e){return{ucan:a,audience:c,requiredCapabilities:[e]}}))):Promise.resolve(t.verifyUcan(a,{audience:c,requiredCapabilities:e}))}catch(e){return Promise.reject(e)}}},A=function(e,n){var r=t.encodeKeyPair({secretKey:n.secret}).did();return(e\|\|[]).map(function(e){return{capability:Array.isArray(e)?t.genCapability({with:{scheme:n.defaultScheme,hierPart:n.defaultHierPart},can:{namespace:e[0],segments:"string"==typeof e[1]?[e[1]]:e[1]}},n):t.genCapability(e,n),rootIssuer:r}})},S=function(e,n){return function(r){try{var i,o=function(o){return i?o:Promise.resolve(T(r)).then(function(i){function o(){var e;if(null!=(e=c)&&e.ok)return r;var i=function(){function e(){if(c.ok)return r;throw console.error("Ucan capabilities requirements not met: ",c,r.type,r.path),new Error("Missing proper capabilities for this action: "+r.type+": "+r.path+" - "+r.method)}var i=function(e){if(null==(e=c)\|\|!e.ok){var i=!1,o=[];u.forEach(function(e,n){var r=(t._get(e,"capability.can.namespace")\|\|"").split(":");r[1]&&(e=t._set(e,"capability.can.namespace",r[0]),i=!0),o.push(e)});var s=function(){if(i)return Promise.resolve(U(u,a,n)(r)).then(function(e){c=e})}();if(s&&s.then)return s.then(function(){})}}();return i&&i.then?i.then(e):e()},o=n\|\|{creatorPass:!1},s=o.creatorPass,l=o.loginPass,h=function(){if(s&&(""===s\|\|s.includes(r.method))\|\|null!=l&&l.length&&(""===l[1]\|\|l[1].includes(r.method)))return Promise.resolve(w(r)).then(function(e){if(s)c.ok=t._get(e,["createdBy",a.entity])===(t._get(r,[a.entity,"_id"])\|\|"*");else if(l){var n=t._flatten((l[0]\|\|[]).map(function(n){return t._get(e,n)}).map(function(e){return Array.isArray(e)?e:[e]})),i=t._get(r.params,[a.entity,"_id"]),o=n.filter(function(e){return!!e});c.ok=o.map(function(e){return String(e)}).includes(String(i))}})}();return h&&h.then?h.then(i):i()}if(r=i,""===e)return r;if(((null==n?void 0:n.adminPass)\|\|[]).includes(r.method)&&(t._get(r.params,"admin_pass")\|\|t._get(r.params,[a.core_path,"admin_pass"])))return r;var c={ok:!1,value:[]},u=A(e,a),s=function(){if(u.length)return Promise.resolve(U(u,a,n)(r)).then(function(e){c=e});c.ok=!0}();return s&&s.then?s.then(o):o()})},a=r.app.get("authentication"),c=function(){if("$"===e)return Promise.resolve(E(r)).then(function(e){return i=1,e})}();return Promise.resolve(c&&c.then?c.then(o):o(c))}catch(e){return Promise.reject(e)}}};e.AuthService=g,e.CoreCall=P,e.NotAuthError=y,e.UcanStrategy=d,e.allUcanAuth=function(e,n){return function(r){try{var i=r.app.get("authentication"),o=t._get(r,["auth",i.entity]);if(o&&(r=t._set(r,[i.core_path,i.entity],o)),"before"===r.type){var a=r.method;return Promise.resolve(e[a]\|\|e.all?S(e[a]\|\|e.all,n)(r):r)}return Promise.resolve(r)}catch(e){return Promise.reject(e)}}},e.anyAuth="*",e.bareAuth=T,e.existsPath=_,e.getExists=b,e.loadExists=w,e.modelCapabilities=A,e.noThrow="$",e.noThrowAuth=E,e.orVerifyLoop=O,e.setExists=function(e,t){var n=e.app.get("existsPath")\|\|_;return e.params[n+":"+e.path]=t,e},e.ucanAuth=S,e.updateUcan=function(){return function(e){try{var n=e.data,r=n.add,i=void 0===r?[]:r,o=n.remove,c=void 0===o?[]:o;if(!(null!=i&&i.length\|\|null!=c&&c.length))throw new Error("No new capabilities passed");var u=e.app.get("authentication"),s=u.secret,l=u.ucan_aud,h=u.entity,f=u.ucan,p=t.encodeKeyPair({secretKey:s}).did(),v=t.stackAbilities([].concat(i,c));return Promise.resolve(t.verifyUcan(t._get(e.params,[h,f]),{audience:t._get(e.params,l),requiredCapabilities:v.map(function(e){return{capability:e,rootIssuer:p}})})).then(function(n){if(null==n\|\|!n.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var r=e.id,o=e.data.service\|\|"logins",u=e.data.path\|\|"ucan";return Promise.resolve(new P(o,e,{skipJoins:!0}).get(r)).then(function(n){var l=t.parseUcan(t._get(n,u)).payload,h=l.aud,f=l.att,p=l.prf,v=[].concat(f);return null!=c&&c.length&&(v=t.reduceAbilities(c,f)),null!=i&&i.length&&(v=t.stackAbilities([].concat(f,i))),Promise.resolve(t.buildUcan(a({issuer:t.encodeKeyPair({secretKey:s}),audience:h,lifetimeInSeconds:5184e3,proofs:p},e.data,{capabilities:v}))).then(function(n){var i=t.ucanToken(n);return Promise.resolve(t.validateUcan(i)).then(function(t){var n;if(!t)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new P(o,e).patch(r,(n={},n[u]=i,n))).then(function(t){return e.result={raw:e.data,encoded:i,subject:t},e})})})})})}catch(e){return Promise.reject(e)}}},e.verifyAgainstReqs=U});

package/lib/utils/check-exists.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export declare const existsPath = "_exists";
+import { HookContext } from '../types';
+export declare const getExists: (context: Partial<HookContext>) => any;
+export declare const loadExists: (context: HookContext) => Promise<any>;
+export declare const setExists: (context: HookContext, val: any) => HookContext;

package/lib/utils/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './check-exists';

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "feathers-ucan",
-  "version": "0.0.27",
+  "version": "0.0.29",
   "description": "Ucan extension of feathers jwt auth",
   "source": "src/index.ts",
   "unpkg": "lib/index.umd.js",