feathers-ucan 0.1.1 → 0.1.3

package/lib/auth-service/index.js

@@ -0,0 +1,3 @@
+// Auth Service Module
+import { AuthService, NotAuthError, UcanStrategy } from '../index.module.js';
+export { AuthService, NotAuthError, UcanStrategy };

package/lib/auth-service.cjs

@@ -1 +1,2 @@
-module.exports = require('./auth-service/index.js');
+const mod = require('./auth-service/index.js');
+module.exports = mod;

package/lib/core/index.js

@@ -0,0 +1,3 @@
+// Core Module
+import { CoreCall } from '../index.module.js';
+export { CoreCall };

package/lib/core.cjs

@@ -1 +1,2 @@
-module.exports = require('./core/index.js');
+const mod = require('./core/index.js');
+module.exports = mod;

package/lib/env/version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "0.1.1";
+export declare const VERSION = "0.1.3";

package/lib/hooks/index.js

@@ -0,0 +1,19 @@
+// Hooks Module
+import {
+  ucanAuth,
+  allUcanAuth,
+  noThrowAuth,
+  bareAuth,
+  updateUcan,
+  anyAuth,
+  noThrow
+} from '../index.module.js';
+export {
+  ucanAuth,
+  allUcanAuth,
+  noThrowAuth,
+  bareAuth,
+  updateUcan,
+  anyAuth,
+  noThrow
+};

package/lib/hooks.cjs

@@ -1 +1,2 @@
-module.exports = require('./hooks/index.js');
+const mod = require('./hooks/index.js');
+module.exports = mod;

package/lib/index.cjs

@@ -1,2 +1,2 @@
-var e=require("symbol-ucan"),t=require("@feathersjs/authentication");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=/*#__PURE__*/n(require("long-timeout"));function i(e){function t(e){if(Object(e)!==e)return Promise.reject(new TypeError(e+" is not an object."));var t=e.done;return Promise.resolve(e.value).then(function(e){return{value:e,done:t}})}return i=function(e){this.s=e,this.n=e.next},i.prototype={s:null,n:null,next:function(){return t(this.n.apply(this.s,arguments))},return:function(e){var n=this.s.return;return void 0===n?Promise.resolve({value:e,done:!0}):t(n.apply(this.s,arguments))},throw:function(e){var n=this.s.return;return void 0===n?Promise.reject(e):t(n.apply(this.s,arguments))}},new i(e)}function o(){return o=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},o.apply(this,arguments)}function a(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,u(e,t)}function c(e){return c=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},c(e)}function u(e,t){return u=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},u(e,t)}function s(e,t,n){return s=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,n){var r=[null];r.push.apply(r,t);var i=new(Function.bind.apply(e,r));return n&&u(i,n.prototype),i},s.apply(null,arguments)}function l(e){var t="function"==typeof Map?new Map:void 0;return l=function(e){if(null===e||!function(e){try{return-1!==Function.toString.call(e).indexOf("[native code]")}catch(t){return"function"==typeof e}}(e))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,n)}function n(){return s(e,arguments,c(this).constructor)}return n.prototype=Object.create(e.prototype,{constructor:{value:n,enumerable:!1,writable:!0,configurable:!0}}),u(n,e)},l(e)}function f(e,t){if(null==e)return{};var n,r,i={},o=Object.keys(e);for(r=0;r<o.length;r++)t.indexOf(n=o[r])>=0||(i[n]=e[n]);return i}function h(e,t){(null==t||t>e.length)&&(t=e.length);for(var n=0,r=new Array(t);n<t;n++)r[n]=e[n];return r}function v(e,t){var n="undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(n)return(n=n.call(e)).next.bind(n);if(Array.isArray(e)||(n=function(e,t){if(e){if("string"==typeof e)return h(e,t);var n=Object.prototype.toString.call(e).slice(8,-1);return"Object"===n&&e.constructor&&(n=e.constructor.name),"Map"===n||"Set"===n?Array.from(e):"Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?h(e,t):void 0}}(e))||t&&e&&"number"==typeof e.length){n&&(e=n);var r=0;return function(){return r>=e.length?{done:!0}:{done:!1,value:e[r++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var p=/*#__PURE__*/function(e){function t(t){return e.call(this,t)||this}return a(t,e),t}(/*#__PURE__*/l(Error)),d=/(\S+)\s+(\S+)/,y=/*#__PURE__*/function(t){function n(){for(var e,n=arguments.length,r=new Array(n),i=0;i<n;i++)r[i]=arguments[i];return(e=t.call.apply(t,[this].concat(r))||this).expirationTimers=new WeakMap,e}a(n,t);var i,c,u=n.prototype;return u.setAuthentication=function(e){e.verifyAccessToken=function(e){return{}},t.prototype.setAuthentication.call(this,e)},u.handleConnection=function(t,n,i){try{var o=this,a="logout"===t&&n.authentication&&i&&n.authentication.accessToken===i.accessToken,c=(i||{}).accessToken,u=function(){if(c&&"login"===t)return Promise.resolve(e.validateUcan(c).catch(function(e){console.log("Could not validate ucan in connection: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){var t=1e3*(e||{payload:{exp:0}}).payload.exp-Date.now(),i=r.default.setTimeout(function(){return o.app.emit("disconnect",n)},t);r.default.clearTimeout(o.expirationTimers.get(n)),o.expirationTimers.set(n,i),n.authentication={strategy:o.name,accessToken:c}});("disconnect"===t||a)&&(delete n[o.configuration.entity],delete n.authentication,r.default.clearTimeout(o.expirationTimers.get(n)),o.expirationTimers.delete(n))}();return Promise.resolve(u&&u.then?u.then(function(){}):void 0)}catch(e){return Promise.reject(e)}},u.verifyConfiguration=function(){for(var e=["entity","entityId","service","header","schemes","audience"],t=0,n=Object.keys(this.configuration);t<n.length;t++){var r=n[t];if(!e.includes(r))throw new Error("Invalid ucanStrategy option 'authentication."+this.name+"."+r+"'. Did you mean to set it in 'authentication.jwtOptions'?")}if("string"!=typeof this.configuration.header)throw new Error("The 'header' option for the "+this.name+" strategy must be a string")},u.getEntityQuery=function(e){return Promise.resolve({})},u.getEntity=function(t,n){try{var r=this,i=r.entityService,a=r.configuration.entity;if(null===i)throw new p("Could not find entity service");return Promise.resolve(r.getEntityQuery(n)).then(function(r){var c=Object.assign({},e._unset(n,"provider"),{query:r});return Promise.resolve(i.get(t,c)).then(function(e){var r;return n.provider?i.get(t,o({},n,((r={})[a]=e,r))):e})})}catch(e){return Promise.reject(e)}},u.getEntityId=function(e,t){try{var n=t.query,r=t.loginId;if(r)return Promise.resolve(r);var i,a,c=this.configuration,u=c.service,s=c.core_path,l=void 0===s?"core":s,f=((i={query:o({},n,{$limit:1})})[l]=o({skipJoins:!0},t[l]),i);return Promise.resolve(null==(a=this.app)?void 0:a.service(u).find(o({},f,{skipJoins:!0}))).then(function(e){if(e.total)return e.data[0]._id;throw new p("Could not find login associated with this ucan")})}catch(e){return Promise.reject(e)}},u.authenticate=function(t,n){try{var r=this,i=t.accessToken,a=t.loginId,c=t.ucan,u=r.configuration,s=u.entity,l=u.core_path;if(!i){if(!c)throw new p("Error generating ucan");i=e.ucanToken(c)}return Promise.resolve(e.validateUcan(i).catch(function(e){console.log("Could not validate ucan during authentication: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(t){function c(){var e;return o({},f,((e={})[s]=u,e))}var u,f={accessToken:i,authentication:{strategy:"jwt",accessToken:i}};if(null===s)return f;var h=e._get(n,[l,s]),v=function(){if(!h)return Promise.resolve(r.getEntityId(f,o({},n,{loginId:a,query:{did:null==t?void 0:t.payload.aud}}))).then(function(e){return Promise.resolve(r.getEntity(e,n)).then(function(e){u=e})});u=h}();return v&&v.then?v.then(c):c()})}catch(e){return Promise.reject(e)}},u.parse=function(e){try{var t=this.configuration,n=t.schemes,r=e.headers&&e.headers[t.header.toLowerCase()];if(!r||"string"!=typeof r)return Promise.resolve(null);var i=r.match(d)||[],o=i[1],a=i[2],c=o&&n.some(function(e){return new RegExp(e,"i").test(o)});return Promise.resolve(o&&!c?null:{strategy:this.name,accessToken:c?a:r})}catch(e){return Promise.reject(e)}},i=n,(c=[{key:"configuration",get:function(){var e,n=(null==(e=this.authentication)?void 0:e.configuration)||{service:void 0,entity:void 0,entityId:void 0};return o({service:n.service,entity:n.entity,entityId:n.entityId,header:"Authorization",schemes:["Bearer","JWT"]},t.prototype.configuration)}}])&&function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,"symbol"==typeof(i=function(e,t){if("object"!=typeof e||null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,"string");if("object"!=typeof r)return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(r.key))?i:String(i),r)}var i}(i.prototype,c),Object.defineProperty(i,"prototype",{writable:!1}),n}(t.AuthenticationBaseStrategy),g=["NotAuthenticated"],m=/*#__PURE__*/function(e){function t(t){return e.call(this,t)||this}return a(t,e),t}(/*#__PURE__*/l(Error)),P=/*#__PURE__*/function(t){function n(e,n,r){var i;void 0===n&&(n="authentication"),void 0===r&&(r={});var o=r.NotAuthenticated,a=f(r,g);return(i=t.call(this,e,n,a)||this).options=void 0,i.app=e,i.options={NotAuthenticated:o},i}return a(n,t),n.prototype.create=function(t,n){try{var r,i,a=this,c=(null==(r=a.options)?void 0:r.NotAuthenticated)||m,u=a.app.get("authentication"),s=u.entity,l=u.service,f=u.ucan_path,h=void 0===f?"ucan":f,v=(null==(i=n)?void 0:i.authStrategies)||a.configuration.authStrategies;if(n||(n={}),!v.length)throw new c("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(a.authenticate.apply(a,[t,n].concat(v)).catch(function(e){throw new Error(e.message)})).then(function(r){if(r.accessToken)return r;var i=t.did||e._get(r,[s,"did"]),c=t.ucan||e._get(r,[s,"ucan"]);if(!i)throw new Error("No did audience provided");if(!c)throw new Error("No ucan provided to authentication call");return Promise.resolve(e.validateUcan(c).catch(function(e){console.log("Could not validate ucan creating authentication: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan creating authentication",c,t.message),null})).then(function(t){function i(){var t=e.ucanToken(c);return o({accessToken:t},r,{authentication:o({},r.authentication,{payload:t})})}var u=function(){if(!t){var i=e.parseUcan(c),u=a.app.get("authentication"),f=e.encodeKeyPair({secretKey:u.secret});return Promise.resolve(e.buildUcan({audience:i.payload.aud,issuer:f,lifetimeInSeconds:5184e3,capabilities:i.payload.att})).then(function(t){var i;return c=t,n.admin_pass=!0,Promise.resolve(a.app.service(l).patch(e._get(r,[s,"_id"]),(i={},i[h]=e.ucanToken(c),i),o({},n))).then(function(){})})}}();return u&&u.then?u.then(i):i()})})}catch(e){return Promise.reject(e)}},n}(t.AuthenticationService),b=/*#__PURE__*/function(){function e(e,t,n){var r;this.context=void 0,this.service=void 0,this.core=void 0,this.entity=void 0,this.service=e,this.context=t;var i=(t.app.get("authentication")||{entity:"login"}).entity||"login";this.entity=i;var a=(null==(r=t.params)?void 0:r.core)||{};a[i]||(a[i]=t.params[i]),this.core=o({},a,n)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service).get(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,n,r,i=this,a=i.context.app.get("authentication").core_path;return Promise.resolve(null==(t=i.context.app)?void 0:t.service(i.service).find(o({},e,((n={})[i.entity]=e[i.entity],n),((r={})[a]=i.core,r))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service).create(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,n){void 0===n&&(n={});try{var r,i,a,c=this,u=c.context.app.get("authentication").core_path;return Promise.resolve(null==(r=c.context.app)?void 0:r.service(c.service).patch(e,t,o({},n,((i={})[c.entity]=n[c.entity],i),((a={})[u]=c.core,a))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,n){void 0===n&&(n={});try{var r,i,a,c=this,u=c.context.app.get("authentication").core_path;return Promise.resolve(null==(r=c.context.app)?void 0:r.service(c.service).update(e,t,o({},n,((i={})[c.entity]=n[c.entity],i),((a={})[u]=c.core,a))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service).remove(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service)._get(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,n,r,i=this,a=i.context.app.get("authentication").core_path;return Promise.resolve(null==(t=i.context.app)?void 0:t.service(i.service)._find(o({},e,((n={})[i.entity]=e[i.entity],n),((r={})[a]=i.core,r))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service)._create(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,n){void 0===n&&(n={});try{var r,i,a,c=this,u=c.context.app.get("authentication").core_path;return Promise.resolve(null==(r=c.context.app)?void 0:r.service(c.service)._patch(e,t,o({},n,((i={})[c.entity]=n[c.entity],i),((a={})[u]=c.core,a))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,n){void 0===n&&(n={});try{var r,i,a,c=this,u=c.context.app.get("authentication").core_path;return Promise.resolve(null==(r=c.context.app)?void 0:r.service(c.service)._update(e,t,o({},n,((i={})[c.entity]=n[c.entity],i),((a={})[u]=c.core,a))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service)._remove(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},e}(),_="_exists",w=function(t){var n=t.app.get("existsPath")||_;return e._get(t.params,"core."+n+"."+t.path+"."+t.id)||void 0},x=function(e,t){try{var n=w(e),r=function(){if(!n&&e.id)return Promise.resolve(new b(e.path,e,{skipJoins:!1!==(null==t?void 0:t.skipJoins)}).get(e.id,o({exists_check:!0,admin_pass:!0,skip_hooks:!0},(null==t?void 0:t.params)||{}))).then(function(e){n=e})}();return Promise.resolve(r&&r.then?r.then(function(){return n}):n)}catch(e){return Promise.reject(e)}},j=function(t,n){var r=t.app.get("existsPath")||_;return t.params=e._set(t.params,"core."+r+"."+t.path+"."+((null==n?void 0:n._id)||t.id),n),t},k=["ucan"];function A(e,t){try{var n=e()}catch(e){return t(e)}return n&&n.then?n.then(void 0,t):n}function E(e,t,n){if(!e.s){if(n instanceof S){if(!n.s)return void(n.o=E.bind(null,e,t));1&t&&(t=n.s),n=n.v}if(n&&n.then)return void n.then(E.bind(null,e,t),E.bind(null,e,2));e.s=t,e.v=n;var r=e.o;r&&r(e)}}const S=/*#__PURE__*/function(){function e(){}return e.prototype.then=function(t,n){const r=new e,i=this.s;if(i){const e=1&i?t:n;if(e){try{E(r,1,e(this.v))}catch(e){E(r,2,e)}return r}return this}return this.o=function(e){try{const i=e.v;1&e.s?E(r,1,t?t(i):i):n?E(r,1,n(i)):E(r,2,i)}catch(e){E(r,2,e)}},r},e}();function T(e){return e instanceof S&&1&e.s}function O(e,t,n){var r,i,o=-1;return function a(c){try{for(;++o<e.length&&(!n||!n());)if((c=t(o))&&c.then){if(!T(c))return void c.then(a,i||(i=E.bind(null,r=new S,2)));c=c.v}r?E(r,1,c):r=c}catch(e){E(r||(r=new S),2,e)}}(),r}function C(e,t,n){var r=[];for(var i in e)r.push(i);return O(r,function(e){return t(r[e])},n)}var U="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function I(e,t){try{var n=e()}catch(e){return t(!0,e)}return n&&n.then?n.then(t.bind(null,!1),t.bind(null,!0)):t(!1,n)}var q=function(n){try{var r,i=n.app.get("authentication"),o=e._get(n,["auth",i.entity]);o&&(n=e._set(n,[i.core_path,i.entity],o));var a=A(function(){return Promise.resolve(t.authenticate("jwt")(n).catch(function(){return n})).then(function(e){n=e})},function(){return r=1,n});return Promise.resolve(a&&a.then?a.then(function(e){return r?e:n}):r?a:n)}catch(e){return Promise.reject(e)}},$=function(n){try{var r=n.app.get("authentication"),i=e._get(n,["auth",r.entity]);return i&&(n=e._set(n,[r.core_path,r.entity],i)),Promise.resolve(t.authenticate("jwt")(n))}catch(e){return Promise.reject(e)}},N=function(t,n,r){try{return Promise.resolve(A(function(){return Promise.resolve(e.verifyUcan(t,n)).then(function(i){var a=function(a){if((null==(a=i)||!a.ok)&&n.requiredCapabilities){var c=n.requiredCapabilities.map(function(e){return"*"!==e.capability.can&&(e.capability.can.segments=["*"]),e});return r&&console.log("set new req capabilities",c,e.parseUcan(t)),Promise.resolve(e.verifyUcan(t,o({},n,{requiredCapabilities:c}))).then(function(e){i=e,r&&console.log("Second verification result:",i)})}}();return a&&a.then?a.then(function(){return i}):i})},function(e){return{ok:!1,err:[e.message]}}))}catch(e){return Promise.reject(e)}},K=function(t,n){try{var r={ok:!1,value:[]};return Promise.resolve(A(function(){var i,o=C(t,function(o){n&&console.log("or verify loop",t[o],e.parseUcan(t[o].ucan));var a=function(e){if(null==(e=r)||!e.ok){var a=t[o],c=a.ucan,u=f(a,k);return Promise.resolve(N(c,u,n)).then(function(e){r=e,n&&console.log("got in verify loop",r)})}i=1}();if(a&&a.then)return a.then(function(){})},function(){return i});return o&&o.then?o.then(function(){return r}):r},function(e){return{ok:!1,err:[e.message]}}))}catch(e){return Promise.reject(e)}},J=function(t,n,r){return function(i){try{var o,a=null==r?void 0:r.log,c=e._get(i.params,n.client_ucan),u=(null==r?void 0:r.audience)||e._get(i.params,n.ucan_aud);a&&console.log("verify against reqs",t);var s=(null==r?void 0:r.or)||[];return o=c&&("*"===s||s.includes(i.method))?function(e,n){return K((t||[]).map(function(t){return{ucan:e||c,audience:(null==n?void 0:n.aud)||u,requiredCapabilities:[t]}}),a)}:function(e,n){return N(e||c,{audience:(null==n?void 0:n.aud)||u,requiredCapabilities:t},a)},Promise.resolve(o()).then(function(t){var c,u;if(a&&console.log("first verify try",t),null!=(c=t)&&c.ok)return t;var s=((null==r?void 0:r.cap_subjects)||[]).filter(function(e){return!!e});a&&console.log("check cap_subjects",s);var l=function(){if(s){var c=(null==n?void 0:n.loginConfig)||i.app.get("authentication"),l=String(e._get(i.params,c.entity+"._id"||""));return Promise.resolve(new b(c.capability_service||"caps",i).find({query:{$limit:s.length,subject:{$in:s}}}).catch(function(e){return console.log("Error finding caps in ucan auth: "+e.message)})).then(function(n){var i;return a&&console.log("caps",n),function(){if(null!=n&&n.data)return function(e,t,n){if("function"==typeof e[U]){var r,i,o,a=e[U]();if(function e(c){try{for(;!((r=a.next()).done||n&&n());)if((c=t(r.value))&&c.then){if(!T(c))return void c.then(e,o||(o=E.bind(null,i=new S,2)));c=c.v}i?E(i,1,c):i=c}catch(e){E(i||(i=new S),2,e)}}(),a.return){var c=function(e){try{r.done||a.return()}catch(e){}return e};if(i&&i.then)return i.then(c,function(e){throw c(e)});c()}return i}if(!("length"in e))throw new TypeError("Object is not iterable");for(var u=[],s=0;s<e.length;s++)u.push(e[s]);return O(u,function(e){return t(u[e])},n)}(n.data,function(n){return C(n.caps||{},function(i){return a&&console.log("check cap",i,n.caps[i].logins,l),function(){if((n.caps[i].logins||[]).map(function(e){return String(e)}).includes(l)){var c=function(){var e;if(null!=r&&r.log&&console.log("tried v on cap",t),null!=(e=t)&&e.ok)return u=1,t},s=A(function(){var r=e.ucanToken(n.caps[i].ucan);a&&console.log("got ucan string",r);var c=function(){if(r)return Promise.resolve(o(r,{aud:n.did})).then(function(e){t=e,a&&console.log("tried v on cap",t)})}();if(c&&c.then)return c.then(function(){})},function(e){console.log("Error verifying ucan from cap: "+n._id+". Err:"+e.message)});return s&&s.then?s.then(c):c()}}()},function(){return i})},function(){return i})}()})}}();return l&&l.then?l.then(function(e){return u?e:t}):u?l:t})}catch(e){return Promise.reject(e)}}},R=function(t,n){var r=e.encodeKeyPair({secretKey:n.secret}).did();return Array.isArray(t)?t.map(function(t){return{capability:Array.isArray(t)?e.genCapability({with:{scheme:n.defaultScheme,hierPart:n.defaultHierPart},can:{namespace:t[0],segments:"string"==typeof t[1]?[t[1]]:t[1]}},n):e.genCapability(t,n),rootIssuer:r}}):[]},M=function(t,n){return function(r){try{var o=function(){var t;if(null!=(t=c)&&t.ok)return r.params.authenticated=!0,r.params.canU=!0,r;var o=function(e){var t;if(null!=(t=c)&&t.ok)return r.params.authenticated=!0,r.params.canU=!0,r;if(null!=n&&n.log&&console.log("checking special change",null==n?void 0:n.specialChange),null!=n&&n.specialChange){if("*"===n.specialChange)return r.params.canU=!0,r;if(Array.isArray(n.specialChange)&&["create","patch","update"].includes(r.method)){if(Array.isArray(r.data))throw new Error("No multi data allowed with special change");for(var i in r.data||{})if(["$set","$unset","$addToSet","$pull","$push"].includes(i)){for(var o in r.data[i]||{})if(!n.specialChange.includes(o)){var a=o.split(".");1===a.length?delete r.data[i][o]:n.specialChange.includes(a[0])||delete r.data[i][o]}}else n.specialChange.includes(i)||delete r.data[i];return r.params.canU=!0,r}}if(null!=n&&n.log&&console.error("Ucan capabilities requirements not met: ",c,r.type,r.path),null!=n&&n.noThrow)return r.params._no_throw_error={type:r.type,method:r.method,path:r.path},r;throw new Error("Missing proper capabilities for this action: "+r.type+": "+r.path+" - "+r.method)},u=(n||{loginPass:[[["*"],["nonExistentMethod"]]]}).loginPass,s=function(){if(null!=u&&u.length){var t,o=function(t){if(_interrupt2)return t;l&&(r=e._set(r,"data",s))},s={},l=!0,f=!1,h=!1,p=I(function(){return A(function(){var t,o,h=function(e){var t,n,r,o=2;for("undefined"!=typeof Symbol&&(n=Symbol.asyncIterator,r=Symbol.iterator);o--;){if(n&&null!=(t=e[n]))return t.call(e);if(r&&null!=(t=e[r]))return new i(t.call(e));n="@@asyncIterator",r="@@iterator"}throw new TypeError("Object is not async iterable")}(u),p=function(e,t,n){for(var r;;){var i=e();if(T(i)&&(i=i.v),!i)return o;if(i.then){r=0;break}var o=n();if(o&&o.then){if(!T(o)){r=1;break}o=o.s}if(t){var a=t();if(a&&a.then&&!T(a)){r=2;break}}}var c=new S,u=E.bind(null,c,2);return(0===r?i.then(l):1===r?o.then(s):a.then(f)).then(void 0,u),c;function s(r){o=r;do{if(t&&(a=t())&&a.then&&!T(a))return void a.then(f).then(void 0,u);if(!(i=e())||T(i)&&!i.v)return void E(c,1,o);if(i.then)return void i.then(l).then(void 0,u);T(o=n())&&(o=o.v)}while(!o||!o.then);o.then(s).then(void 0,u)}function l(e){e?(o=n())&&o.then?o.then(s).then(void 0,u):s(o):E(c,1,o)}function f(){(i=e())?i.then?i.then(l).then(void 0,u):l(i):E(c,1,o)}}(function(){function e(e){return!t&&(f=!(o=e).done)}return t?!!e(!t&&h.next()):Promise.resolve(!t&&h.next()).then(e)},function(){return!!(f=!1)},function(){var i=o.value,u=function(){if(l)return Promise.resolve(function(t){try{var i=[],o="*"===t[1],u=-1;o?u=0:(i=t[1].map(function(e){return e.split("/")[0]}),u=i.indexOf(r.method));var f=function(){if(u>-1)return Promise.resolve(x(r,{params:null==n?void 0:n.existingParams})).then(function(n){var i=!1,f=function(t,n){void 0===n&&(n="_id");var o=e._get(r.params,a.entity+"."+n);if(o&&t){var c=Array.isArray(o)?o.map(function(e){return String(e)}):[String(o)];if(Array.isArray(t))for(var u=0;u<c.length;u++){for(var s=String(c[u]),l=0;l<t.length;)String(t[l])===s?i=!0:l++;if(i)return}else if(c.includes(String(t)))return i=!0}};if(n){r=j(r,n);for(var h,p=v(t[0]||[]);!(h=p()).done;){var d=h.value.split("/");if(d[0].includes("*")){var y=d[0].split("*"),g=e._get(n,y[0]);if(g&&"object"==typeof g)if(Array.isArray(g))for(var m,P=v(g);!(m=P()).done&&(f(e._get(m.value,y[1]),d[1]||"_id"),!i););else for(var b in g)if(f(e._get(g,b+"."+y[1]),d[1]||"_id"),i)break}else f(e._get(n,d[0]),d[1]||"_id")}}if(i)if(c.ok=!0,"*"===t[1]||["find","get","remove"].some(function(e){return t[1].includes(e)}))l=!1;else{var _=o?"*":t[1][u];if(_.split("/")[0]!==_)for(var w,x=v(_.split("/").slice(1).join("").split(",")||[]);!(w=x()).done;){var k=w.value,A=e._get(r.data,k);if(A)s=e._set(s,k,A);else for(var E=0,S=["$addToSet","$pull"];E<S.length;E++){var T=S[E],O=e._get(r.data,T+"."+k);O&&(s=e._set(s,T+"."+k,O))}}else l=!1}})}();return Promise.resolve(f&&f.then?f.then(function(){}):void 0)}catch(e){return Promise.reject(e)}}(i)).then(function(){});t=1}();return u&&u.then?u.then(function(){}):void 0});if(p&&p.then)return p.then(function(){})},function(e){h=!0,t=e})},function(e,n){function r(t){if(e)throw n;return n}var i=I(function(){var e=function(){if(f&&null!=_iterator.return)return Promise.resolve(_iterator.return()).then(function(){})}();if(e&&e.then)return e.then(function(){})},function(e,n){if(h)throw t;if(e)throw n;return n});return i&&i.then?i.then(r):r()});return p&&p.then?p.then(o):o(p)}}();return s&&s.then?s.then(o):o()},a=(null==n?void 0:n.loginConfig)||r.app.get("authentication"),c={ok:!1,value:[]},u=R(t,a),s=function(){if(u.length)return Promise.resolve(J(u,a,n)(r)).then(function(e){c=e});"*"!==t&&(c.ok=!0)}();return Promise.resolve(s&&s.then?s.then(o):o())}catch(e){return Promise.reject(e)}}},B=function(t,n){return function(r){try{var i,o,a=function(i){if(o)return i;function a(){return"*"!==t||null!=n&&n.specialChange?u?r:t?Promise.resolve(M(t,n)(r)):r:(r.params.authenticated=!!r.params[s],r)}var u=((null==n?void 0:n.adminPass)||[]).includes(r.method)&&(e._get(r.params,"admin_pass")||e._get(r.params,[c.core_path,"admin_pass"])),f=function(){if(!l)return Promise.resolve(u||null!=n&&n.specialChange?q(r):$(r)).then(function(e){r=e})}();return f&&f.then?f.then(a):a()},c=r.app.get("authentication"),u=c.core_path||"core",s=c.entity||"login",l=(e._get(r.params,[u,s])||(null==(i=r.params)?void 0:i.login)||{_id:void 0})._id;null!=n&&n.log&&console.log("ucan auth","loginId",l,"core_path",u,"entity",s,"core",r.params[u],"params login",r.params.login,"required capabilities",t);var f=function(){if("$"===t||t&&"$"===t[r.method]){var e=function(e){return o=1,e};return l?e(r):Promise.resolve(q(r)).then(e)}}();return Promise.resolve(f&&f.then?f.then(a):a(f))}catch(e){return Promise.reject(e)}}};exports.AuthService=P,exports.CoreCall=b,exports.NotAuthError=m,exports.UcanStrategy=y,exports.allUcanAuth=function(t,n){return function(r){try{var i=r.app.get("authentication"),o=e._get(r,["auth",i.entity]);if(o&&(r=e._set(r,[i.core_path,i.entity],o)),"before"===r.type){var a=r.method;return Promise.resolve(t[a]||t.all?B(t[a]||t.all,n)(r):r)}return Promise.resolve(r)}catch(e){return Promise.reject(e)}}},exports.anyAuth="*",exports.bareAuth=$,exports.checkUcan=M,exports.existsPath=_,exports.getExists=w,exports.loadExists=x,exports.modelCapabilities=R,exports.noThrow="$",exports.noThrowAuth=q,exports.orVerifyLoop=K,exports.setExists=j,exports.ucanAuth=B,exports.updateUcan=function(){return function(t){try{var n=t.data,r=n.add,i=void 0===r?[]:r,a=n.remove,c=void 0===a?[]:a;if(!(null!=i&&i.length||null!=c&&c.length))throw new Error("No new capabilities passed");var u=t.app.get("authentication"),s=u.secret,l=u.ucan_aud,f=u.entity,h=u.ucan,v=e.encodeKeyPair({secretKey:s}).did(),p=e.stackAbilities([].concat(i,c));return Promise.resolve(e.verifyUcan(e._get(t.params,[f,h]),{audience:e._get(t.params,l),requiredCapabilities:p.map(function(e){return{capability:e,rootIssuer:v}})})).then(function(n){if(null==n||!n.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var r=t.id,a=t.data.service||"logins",u=t.data.path||"ucan";return Promise.resolve(new b(a,t,{skipJoins:!0}).get(r)).then(function(n){var l=e.parseUcan(e._get(n,u)).payload,f=l.aud,h=l.att,v=l.prf,p=[].concat(h);return null!=c&&c.length&&(p=e.reduceAbilities(c,h)),null!=i&&i.length&&(p=e.stackAbilities([].concat(h,i))),Promise.resolve(e.buildUcan(o({issuer:e.encodeKeyPair({secretKey:s}),audience:f,lifetimeInSeconds:5184e3,proofs:v},t.data,{capabilities:p}))).then(function(n){var i=e.ucanToken(n);return Promise.resolve(e.validateUcan(i)).then(function(e){var n;if(!e)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new b(a,t).patch(r,(n={},n[u]=i,n))).then(function(e){return t.result={raw:t.data,encoded:i,subject:e},t})})})})})}catch(e){return Promise.reject(e)}}},exports.verifyAgainstReqs=J;
+var e=require("symbol-ucan"),t=require("@feathersjs/authentication");function n(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var r=/*#__PURE__*/n(require("long-timeout"));function i(e){function t(e){if(Object(e)!==e)return Promise.reject(new TypeError(e+" is not an object."));var t=e.done;return Promise.resolve(e.value).then(function(e){return{value:e,done:t}})}return i=function(e){this.s=e,this.n=e.next},i.prototype={s:null,n:null,next:function(){return t(this.n.apply(this.s,arguments))},return:function(e){var n=this.s.return;return void 0===n?Promise.resolve({value:e,done:!0}):t(n.apply(this.s,arguments))},throw:function(e){var n=this.s.return;return void 0===n?Promise.reject(e):t(n.apply(this.s,arguments))}},new i(e)}function o(){return o=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var r in n)Object.prototype.hasOwnProperty.call(n,r)&&(e[r]=n[r])}return e},o.apply(this,arguments)}function a(e,t){e.prototype=Object.create(t.prototype),e.prototype.constructor=e,u(e,t)}function c(e){return c=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},c(e)}function u(e,t){return u=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e},u(e,t)}function s(e,t,n){return s=function(){if("undefined"==typeof Reflect||!Reflect.construct)return!1;if(Reflect.construct.sham)return!1;if("function"==typeof Proxy)return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}()?Reflect.construct.bind():function(e,t,n){var r=[null];r.push.apply(r,t);var i=new(Function.bind.apply(e,r));return n&&u(i,n.prototype),i},s.apply(null,arguments)}function l(e){var t="function"==typeof Map?new Map:void 0;return l=function(e){if(null===e||!function(e){try{return-1!==Function.toString.call(e).indexOf("[native code]")}catch(t){return"function"==typeof e}}(e))return e;if("function"!=typeof e)throw new TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,n)}function n(){return s(e,arguments,c(this).constructor)}return n.prototype=Object.create(e.prototype,{constructor:{value:n,enumerable:!1,writable:!0,configurable:!0}}),u(n,e)},l(e)}function f(e,t){if(null==e)return{};var n,r,i={},o=Object.keys(e);for(r=0;r<o.length;r++)t.indexOf(n=o[r])>=0||(i[n]=e[n]);return i}function h(e,t){(null==t||t>e.length)&&(t=e.length);for(var n=0,r=new Array(t);n<t;n++)r[n]=e[n];return r}function p(e,t){var n="undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(n)return(n=n.call(e)).next.bind(n);if(Array.isArray(e)||(n=function(e,t){if(e){if("string"==typeof e)return h(e,t);var n=Object.prototype.toString.call(e).slice(8,-1);return"Object"===n&&e.constructor&&(n=e.constructor.name),"Map"===n||"Set"===n?Array.from(e):"Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?h(e,t):void 0}}(e))||t&&e&&"number"==typeof e.length){n&&(e=n);var r=0;return function(){return r>=e.length?{done:!0}:{done:!1,value:e[r++]}}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var v=/*#__PURE__*/function(e){function t(t){return e.call(this,t)||this}return a(t,e),t}(/*#__PURE__*/l(Error)),d=/(\S+)\s+(\S+)/,y=/*#__PURE__*/function(t){function n(){for(var e,n=arguments.length,r=new Array(n),i=0;i<n;i++)r[i]=arguments[i];return(e=t.call.apply(t,[this].concat(r))||this).expirationTimers=new WeakMap,e}a(n,t);var i,c,u=n.prototype;return u.setAuthentication=function(e){e.verifyAccessToken=function(e){return{}},t.prototype.setAuthentication.call(this,e)},u.handleConnection=function(t,n,i){try{var o=this,a="logout"===t&&n.authentication&&i&&n.authentication.accessToken===i.accessToken,c=(i||{}).accessToken,u=function(){if(c&&"login"===t)return Promise.resolve(e.validateUcan(c).catch(function(e){console.log("Could not validate ucan in connection: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(e){var t=1e3*(e||{payload:{exp:0}}).payload.exp-Date.now(),i=r.default.setTimeout(function(){return o.app.emit("disconnect",n)},t);r.default.clearTimeout(o.expirationTimers.get(n)),o.expirationTimers.set(n,i),n.authentication={strategy:o.name,accessToken:c}});("disconnect"===t||a)&&(delete n[o.configuration.entity],delete n.authentication,r.default.clearTimeout(o.expirationTimers.get(n)),o.expirationTimers.delete(n))}();return Promise.resolve(u&&u.then?u.then(function(){}):void 0)}catch(e){return Promise.reject(e)}},u.verifyConfiguration=function(){for(var e=["entity","entityId","service","header","schemes","audience"],t=0,n=Object.keys(this.configuration);t<n.length;t++){var r=n[t];if(!e.includes(r))throw new Error("Invalid ucanStrategy option 'authentication."+this.name+"."+r+"'. Did you mean to set it in 'authentication.jwtOptions'?")}if("string"!=typeof this.configuration.header)throw new Error("The 'header' option for the "+this.name+" strategy must be a string")},u.getEntityQuery=function(e){return Promise.resolve({})},u.getEntity=function(t,n){try{var r=this,i=r.entityService,a=r.configuration.entity;if(null===i)throw new v("Could not find entity service");return Promise.resolve(r.getEntityQuery(n)).then(function(r){var c=Object.assign({},e._unset(n,"provider"),{query:r});return Promise.resolve(i.get(t,c)).then(function(e){var r;return n.provider?i.get(t,o({},n,((r={})[a]=e,r))):e})})}catch(e){return Promise.reject(e)}},u.getEntityId=function(e,t){try{var n=t.query,r=t.loginId;if(r)return Promise.resolve(r);var i,a,c=this.configuration,u=c.service,s=c.core_path,l=void 0===s?"core":s,f=((i={query:o({},n,{$limit:1})})[l]=o({skipJoins:!0},t[l]),i);return Promise.resolve(null==(a=this.app)?void 0:a.service(u).find(o({},f,{skipJoins:!0,skip_hooks:!0,admin_pass:!0}))).then(function(e){if(e.total)return e.data[0]._id;throw new v("Could not find login associated with this ucan")})}catch(e){return Promise.reject(e)}},u.authenticate=function(t,n){try{var r=this,i=t.accessToken,a=t.loginId,c=t.ucan,u=r.configuration,s=u.entity,l=u.core_path;if(!i){if(!c)throw new v("Error generating ucan");i=e.ucanToken(c)}return Promise.resolve(e.validateUcan(i).catch(function(e){console.log("Could not validate ucan during authentication: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};throw e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),new Error(t.message)})).then(function(t){function c(){var e;return o({},f,((e={})[s]=u,e))}var u,f={accessToken:i,authentication:{strategy:"jwt",accessToken:i}};if(null===s)return f;var h=e._get(n,[l,s]),p=function(){if(!h)return Promise.resolve(r.getEntityId(f,o({},n,{loginId:a,query:{did:null==t?void 0:t.payload.aud}}))).then(function(e){return Promise.resolve(r.getEntity(e,n)).then(function(e){u=e})});u=h}();return p&&p.then?p.then(c):c()})}catch(e){return Promise.reject(e)}},u.parse=function(e){try{var t=this.configuration,n=t.schemes,r=e.headers&&e.headers[t.header.toLowerCase()];if(!r||"string"!=typeof r)return Promise.resolve(null);var i=r.match(d)||[],o=i[1],a=i[2],c=o&&n.some(function(e){return new RegExp(e,"i").test(o)});return Promise.resolve(o&&!c?null:{strategy:this.name,accessToken:c?a:r})}catch(e){return Promise.reject(e)}},i=n,(c=[{key:"configuration",get:function(){var e,n=(null==(e=this.authentication)?void 0:e.configuration)||{service:void 0,entity:void 0,entityId:void 0};return o({service:n.service,entity:n.entity,entityId:n.entityId,header:"Authorization",schemes:["Bearer","JWT"]},t.prototype.configuration)}}])&&function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,"symbol"==typeof(i=function(e,t){if("object"!=typeof e||null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,"string");if("object"!=typeof r)return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(r.key))?i:String(i),r)}var i}(i.prototype,c),Object.defineProperty(i,"prototype",{writable:!1}),n}(t.AuthenticationBaseStrategy),g=["NotAuthenticated"],m=/*#__PURE__*/function(e){function t(t){return e.call(this,t)||this}return a(t,e),t}(/*#__PURE__*/l(Error)),P=/*#__PURE__*/function(t){function n(e,n,r){var i;void 0===n&&(n="authentication"),void 0===r&&(r={});var o=r.NotAuthenticated,a=f(r,g);return(i=t.call(this,e,n,a)||this).options=void 0,i.app=e,i.options={NotAuthenticated:o},i}return a(n,t),n.prototype.create=function(t,n){try{var r,i,a=this,c=(null==(r=a.options)?void 0:r.NotAuthenticated)||m,u=a.app.get("authentication"),s=u.entity,l=u.service,f=u.ucan_path,h=void 0===f?"ucan":f,p=(null==(i=n)?void 0:i.authStrategies)||a.configuration.authStrategies;if(n||(n={}),!p.length)throw new c("No authentication strategies allowed for creating a JWT (`authStrategies`)");return Promise.resolve(a.authenticate.apply(a,[t,n].concat(p)).catch(function(e){throw new Error(e.message)})).then(function(r){if(r.accessToken)return r;var i=t.did||e._get(r,[s,"did"]),c=t.ucan||e._get(r,[s,"ucan"]);if(!i)throw new Error("No did audience provided");if(!c)throw new Error("No ucan provided to authentication call");return Promise.resolve(e.validateUcan(c).catch(function(e){console.log("Could not validate ucan creating authentication: ",e.message);var t={code:0,message:"Unknown Issue Validating Ucan"};return e.message.indexOf("Expired.")>-1&&(t.code=1,t.message="Expired Ucan"),console.warn("Could not validate ucan creating authentication",c,t.message),null})).then(function(t){function i(){var t=e.ucanToken(c);return o({accessToken:t},r,{authentication:o({},r.authentication,{payload:t})})}var u=function(){if(!t){var i=e.parseUcan(c),u=a.app.get("authentication"),f=e.encodeKeyPair({secretKey:u.secret});return Promise.resolve(e.buildUcan({audience:i.payload.aud,issuer:f,lifetimeInSeconds:5184e3,capabilities:i.payload.att})).then(function(t){var i;return c=t,n.admin_pass=!0,Promise.resolve(a.app.service(l).patch(e._get(r,[s,"_id"]),(i={},i[h]=e.ucanToken(c),i),o({},n))).then(function(){})})}}();return u&&u.then?u.then(i):i()})})}catch(e){return Promise.reject(e)}},n}(t.AuthenticationService),_=/*#__PURE__*/function(){function e(e,t,n){var r;this.context=void 0,this.service=void 0,this.core=void 0,this.entity=void 0,this.service=e,this.context=t;var i=(t.app.get("authentication")||{entity:"login"}).entity||"login";this.entity=i;var a=(null==(r=t.params)?void 0:r.core)||{};a[i]||(a[i]=t.params[i]),this.core=o({},a,n)}var t=e.prototype;return t.get=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service).get(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t.find=function(e){void 0===e&&(e={});try{var t,n,r,i=this,a=i.context.app.get("authentication").core_path;return Promise.resolve(null==(t=i.context.app)?void 0:t.service(i.service).find(o({},e,((n={})[i.entity]=e[i.entity],n.skip_hooks=!0,n.admin_pass=!0,n),((r={})[a]=i.core,r))))}catch(e){return Promise.reject(e)}},t.create=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service).create(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t.patch=function(e,t,n){void 0===n&&(n={});try{var r,i,a,c=this,u=c.context.app.get("authentication").core_path;return Promise.resolve(null==(r=c.context.app)?void 0:r.service(c.service).patch(e,t,o({},n,((i={})[c.entity]=n[c.entity],i),((a={})[u]=c.core,a))))}catch(e){return Promise.reject(e)}},t.update=function(e,t,n){void 0===n&&(n={});try{var r,i,a,c=this,u=c.context.app.get("authentication").core_path;return Promise.resolve(null==(r=c.context.app)?void 0:r.service(c.service).update(e,t,o({},n,((i={})[c.entity]=n[c.entity],i),((a={})[u]=c.core,a))))}catch(e){return Promise.reject(e)}},t.remove=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service).remove(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t._get=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service)._get(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t._find=function(e){void 0===e&&(e={});try{var t,n,r,i=this,a=i.context.app.get("authentication").core_path;return Promise.resolve(null==(t=i.context.app)?void 0:t.service(i.service)._find(o({},e,((n={})[i.entity]=e[i.entity],n),((r={})[a]=i.core,r))))}catch(e){return Promise.reject(e)}},t._create=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service)._create(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},t._patch=function(e,t,n){void 0===n&&(n={});try{var r,i,a,c=this,u=c.context.app.get("authentication").core_path;return Promise.resolve(null==(r=c.context.app)?void 0:r.service(c.service)._patch(e,t,o({},n,((i={})[c.entity]=n[c.entity],i),((a={})[u]=c.core,a))))}catch(e){return Promise.reject(e)}},t._update=function(e,t,n){void 0===n&&(n={});try{var r,i,a,c=this,u=c.context.app.get("authentication").core_path;return Promise.resolve(null==(r=c.context.app)?void 0:r.service(c.service)._update(e,t,o({},n,((i={})[c.entity]=n[c.entity],i),((a={})[u]=c.core,a))))}catch(e){return Promise.reject(e)}},t._remove=function(e,t){void 0===t&&(t={});try{var n,r,i,a=this,c=a.context.app.get("authentication").core_path;return Promise.resolve(null==(n=a.context.app)?void 0:n.service(a.service)._remove(e,o({},t,((r={})[a.entity]=t[a.entity],r),((i={})[c]=a.core,i))))}catch(e){return Promise.reject(e)}},e}(),b="_exists",w=function(t){var n=t.app.get("existsPath")||b;return e._get(t.params,"core."+n+"."+t.path+"."+t.id)||void 0},x=function(e,t){try{var n=w(e),r=function(){if(!n&&e.id)return Promise.resolve(new _(e.path,e,{skipJoins:!1!==(null==t?void 0:t.skipJoins)}).get(e.id,o({exists_check:!0,admin_pass:!0,skip_hooks:!0},(null==t?void 0:t.params)||{}))).then(function(e){n=e})}();return Promise.resolve(r&&r.then?r.then(function(){return n}):n)}catch(e){return Promise.reject(e)}},j=function(t,n){var r=t.app.get("existsPath")||b;return t.params=e._set(t.params,"core."+r+"."+t.path+"."+((null==n?void 0:n._id)||t.id),n),t},k=["ucan"];function A(e,t){try{var n=e()}catch(e){return t(e)}return n&&n.then?n.then(void 0,t):n}function E(e,t,n){if(!e.s){if(n instanceof S){if(!n.s)return void(n.o=E.bind(null,e,t));1&t&&(t=n.s),n=n.v}if(n&&n.then)return void n.then(E.bind(null,e,t),E.bind(null,e,2));e.s=t,e.v=n;var r=e.o;r&&r(e)}}const S=/*#__PURE__*/function(){function e(){}return e.prototype.then=function(t,n){const r=new e,i=this.s;if(i){const e=1&i?t:n;if(e){try{E(r,1,e(this.v))}catch(e){E(r,2,e)}return r}return this}return this.o=function(e){try{const i=e.v;1&e.s?E(r,1,t?t(i):i):n?E(r,1,n(i)):E(r,2,i)}catch(e){E(r,2,e)}},r},e}();function T(e){return e instanceof S&&1&e.s}function O(e,t,n){var r,i,o=-1;return function a(c){try{for(;++o<e.length&&(!n||!n());)if((c=t(o))&&c.then){if(!T(c))return void c.then(a,i||(i=E.bind(null,r=new S,2)));c=c.v}r?E(r,1,c):r=c}catch(e){E(r||(r=new S),2,e)}}(),r}function C(e,t,n){var r=[];for(var i in e)r.push(i);return O(r,function(e){return t(r[e])},n)}var U="undefined"!=typeof Symbol?Symbol.iterator||(Symbol.iterator=Symbol("Symbol.iterator")):"@@iterator";function I(e,t){try{var n=e()}catch(e){return t(!0,e)}return n&&n.then?n.then(t.bind(null,!1),t.bind(null,!0)):t(!1,n)}var q=function(n){try{var r,i=n.app.get("authentication"),o=e._get(n,["auth",i.entity]);o&&(n=e._set(n,[i.core_path,i.entity],o));var a=A(function(){return Promise.resolve(t.authenticate("jwt")(n).catch(function(){return n})).then(function(e){n=e})},function(){return r=1,n});return Promise.resolve(a&&a.then?a.then(function(e){return r?e:n}):r?a:n)}catch(e){return Promise.reject(e)}},$=function(n){try{var r=n.app.get("authentication"),i=e._get(n,["auth",r.entity]);return i&&(n=e._set(n,[r.core_path,r.entity],i)),Promise.resolve(t.authenticate("jwt")(n))}catch(e){return Promise.reject(e)}},N=function(t,n,r){try{return Promise.resolve(A(function(){return Promise.resolve(e.verifyUcan(t,n)).then(function(i){var a=function(a){if((null==(a=i)||!a.ok)&&n.requiredCapabilities){var c=n.requiredCapabilities.map(function(e){return"*"!==e.capability.can&&(e.capability.can.segments=["*"]),e});return r&&console.log("set new req capabilities",c,e.parseUcan(t)),Promise.resolve(e.verifyUcan(t,o({},n,{requiredCapabilities:c}))).then(function(e){i=e,r&&console.log("Second verification result:",i)})}}();return a&&a.then?a.then(function(){return i}):i})},function(e){return{ok:!1,err:[e.message]}}))}catch(e){return Promise.reject(e)}},K=function(t,n){try{var r={ok:!1,value:[]};return Promise.resolve(A(function(){var i,o=C(t,function(o){n&&console.log("or verify loop",t[o],e.parseUcan(t[o].ucan));var a=function(e){if(null==(e=r)||!e.ok){var a=t[o],c=a.ucan,u=f(a,k);return Promise.resolve(N(c,u,n)).then(function(e){r=e,n&&console.log("got in verify loop",r)})}i=1}();if(a&&a.then)return a.then(function(){})},function(){return i});return o&&o.then?o.then(function(){return r}):r},function(e){return{ok:!1,err:[e.message]}}))}catch(e){return Promise.reject(e)}},J=function(t,n,r){return function(i){try{var o,a=null==r?void 0:r.log,c=e._get(i.params,n.client_ucan),u=(null==r?void 0:r.audience)||e._get(i.params,n.ucan_aud);a&&console.log("verify against reqs",t);var s=(null==r?void 0:r.or)||[];return o=c&&("*"===s||s.includes(i.method))?function(e,n){return K((t||[]).map(function(t){return{ucan:e||c,audience:(null==n?void 0:n.aud)||u,requiredCapabilities:[t]}}),a)}:function(e,n){return N(e||c,{audience:(null==n?void 0:n.aud)||u,requiredCapabilities:t},a)},Promise.resolve(o()).then(function(t){var c,u;if(a&&console.log("first verify try",t),null!=(c=t)&&c.ok)return t;var s=((null==r?void 0:r.cap_subjects)||[]).filter(function(e){return!!e});a&&console.log("check cap_subjects",s);var l=function(){if(s){var c=(null==n?void 0:n.loginConfig)||i.app.get("authentication"),l=String(e._get(i.params,c.entity+"._id"||""));return Promise.resolve(new _(c.capability_service||"caps",i).find({query:{$limit:s.length,subject:{$in:s}},skip_hooks:!0,admin_pass:!0}).catch(function(e){return console.log("Error finding caps in ucan auth: "+e.message)})).then(function(n){var i;return a&&console.log("caps",n),function(){if(null!=n&&n.data)return function(e,t,n){if("function"==typeof e[U]){var r,i,o,a=e[U]();if(function e(c){try{for(;!((r=a.next()).done||n&&n());)if((c=t(r.value))&&c.then){if(!T(c))return void c.then(e,o||(o=E.bind(null,i=new S,2)));c=c.v}i?E(i,1,c):i=c}catch(e){E(i||(i=new S),2,e)}}(),a.return){var c=function(e){try{r.done||a.return()}catch(e){}return e};if(i&&i.then)return i.then(c,function(e){throw c(e)});c()}return i}if(!("length"in e))throw new TypeError("Object is not iterable");for(var u=[],s=0;s<e.length;s++)u.push(e[s]);return O(u,function(e){return t(u[e])},n)}(n.data,function(n){return C(n.caps||{},function(i){return a&&console.log("check cap",i,n.caps[i].logins,l),function(){if((n.caps[i].logins||[]).map(function(e){return String(e)}).includes(l)){var c=function(){var e;if(null!=r&&r.log&&console.log("tried v on cap",t),null!=(e=t)&&e.ok)return u=1,t},s=A(function(){var r=e.ucanToken(n.caps[i].ucan);a&&console.log("got ucan string",r);var c=function(){if(r)return Promise.resolve(o(r,{aud:n.did})).then(function(e){t=e,a&&console.log("tried v on cap",t)})}();if(c&&c.then)return c.then(function(){})},function(e){console.log("Error verifying ucan from cap: "+n._id+". Err:"+e.message)});return s&&s.then?s.then(c):c()}}()},function(){return i})},function(){return i})}()})}}();return l&&l.then?l.then(function(e){return u?e:t}):u?l:t})}catch(e){return Promise.reject(e)}}},R=function(t,n){var r=e.encodeKeyPair({secretKey:n.secret}).did();return Array.isArray(t)?t.map(function(t){return{capability:Array.isArray(t)?e.genCapability({with:{scheme:n.defaultScheme,hierPart:n.defaultHierPart},can:{namespace:t[0],segments:"string"==typeof t[1]?[t[1]]:t[1]}},n):e.genCapability(t,n),rootIssuer:r}}):[]},M=function(t,n){return function(r){try{var o=function(){var t;if(null!=(t=c)&&t.ok)return r.params.authenticated=!0,r.params.canU=!0,r;var o=function(e){var t;if(null!=(t=c)&&t.ok)return r.params.authenticated=!0,r.params.canU=!0,r;if(null!=n&&n.log&&console.log("checking special change",null==n?void 0:n.specialChange),null!=n&&n.specialChange){if("*"===n.specialChange)return r.params.canU=!0,r;if(Array.isArray(n.specialChange)&&["create","patch","update"].includes(r.method)){if(Array.isArray(r.data))throw new Error("No multi data allowed with special change");for(var i in r.data||{})if(["$set","$unset","$addToSet","$pull","$push"].includes(i)){for(var o in r.data[i]||{})if(!n.specialChange.includes(o)){var a=o.split(".");1===a.length?delete r.data[i][o]:n.specialChange.includes(a[0])||delete r.data[i][o]}}else n.specialChange.includes(i)||delete r.data[i];return r.params.canU=!0,r}}if(null!=n&&n.log&&console.error("Ucan capabilities requirements not met: ",c,r.type,r.path),null!=n&&n.noThrow)return r.params._no_throw_error={type:r.type,method:r.method,path:r.path},r;throw new Error("Missing proper capabilities for this action: "+r.type+": "+r.path+" - "+r.method)},u=(n||{loginPass:[[["*"],["nonExistentMethod"]]]}).loginPass,s=function(){if(null!=u&&u.length){var t,o=function(t){if(_interrupt2)return t;l&&(r=e._set(r,"data",s))},s={},l=!0,f=!1,h=!1,v=I(function(){return A(function(){var t,o,h=function(e){var t,n,r,o=2;for("undefined"!=typeof Symbol&&(n=Symbol.asyncIterator,r=Symbol.iterator);o--;){if(n&&null!=(t=e[n]))return t.call(e);if(r&&null!=(t=e[r]))return new i(t.call(e));n="@@asyncIterator",r="@@iterator"}throw new TypeError("Object is not async iterable")}(u),v=function(e,t,n){for(var r;;){var i=e();if(T(i)&&(i=i.v),!i)return o;if(i.then){r=0;break}var o=n();if(o&&o.then){if(!T(o)){r=1;break}o=o.s}if(t){var a=t();if(a&&a.then&&!T(a)){r=2;break}}}var c=new S,u=E.bind(null,c,2);return(0===r?i.then(l):1===r?o.then(s):a.then(f)).then(void 0,u),c;function s(r){o=r;do{if(t&&(a=t())&&a.then&&!T(a))return void a.then(f).then(void 0,u);if(!(i=e())||T(i)&&!i.v)return void E(c,1,o);if(i.then)return void i.then(l).then(void 0,u);T(o=n())&&(o=o.v)}while(!o||!o.then);o.then(s).then(void 0,u)}function l(e){e?(o=n())&&o.then?o.then(s).then(void 0,u):s(o):E(c,1,o)}function f(){(i=e())?i.then?i.then(l).then(void 0,u):l(i):E(c,1,o)}}(function(){function e(e){return!t&&(f=!(o=e).done)}return t?!!e(!t&&h.next()):Promise.resolve(!t&&h.next()).then(e)},function(){return!!(f=!1)},function(){var i=o.value,u=function(){if(l)return Promise.resolve(function(t){try{var i=[],o="*"===t[1],u=-1;o?u=0:(i=t[1].map(function(e){return e.split("/")[0]}),u=i.indexOf(r.method));var f=function(){if(u>-1)return Promise.resolve(x(r,{params:null==n?void 0:n.existingParams})).then(function(n){var i=!1,f=function(t,n){void 0===n&&(n="_id");var o=e._get(r.params,a.entity+"."+n);if(o&&t){var c=Array.isArray(o)?o.map(function(e){return String(e)}):[String(o)];if(Array.isArray(t))for(var u=0;u<c.length;u++){for(var s=String(c[u]),l=0;l<t.length;)String(t[l])===s?i=!0:l++;if(i)return}else if(c.includes(String(t)))return i=!0}};if(n){r=j(r,n);for(var h,v=p(t[0]||[]);!(h=v()).done;){var d=h.value.split("/");if(d[0].includes("*")){var y=d[0].split("*"),g=e._get(n,y[0]);if(g&&"object"==typeof g)if(Array.isArray(g))for(var m,P=p(g);!(m=P()).done&&(f(e._get(m.value,y[1]),d[1]||"_id"),!i););else for(var _ in g)if(f(e._get(g,_+"."+y[1]),d[1]||"_id"),i)break}else f(e._get(n,d[0]),d[1]||"_id")}}if(i)if(c.ok=!0,"*"===t[1]||["find","get","remove"].some(function(e){return t[1].includes(e)}))l=!1;else{var b=o?"*":t[1][u];if(b.split("/")[0]!==b)for(var w,x=p(b.split("/").slice(1).join("").split(",")||[]);!(w=x()).done;){var k=w.value,A=e._get(r.data,k);if(A)s=e._set(s,k,A);else for(var E=0,S=["$addToSet","$pull"];E<S.length;E++){var T=S[E],O=e._get(r.data,T+"."+k);O&&(s=e._set(s,T+"."+k,O))}}else l=!1}})}();return Promise.resolve(f&&f.then?f.then(function(){}):void 0)}catch(e){return Promise.reject(e)}}(i)).then(function(){});t=1}();return u&&u.then?u.then(function(){}):void 0});if(v&&v.then)return v.then(function(){})},function(e){h=!0,t=e})},function(e,n){function r(t){if(e)throw n;return n}var i=I(function(){var e=function(){if(f&&null!=_iterator.return)return Promise.resolve(_iterator.return()).then(function(){})}();if(e&&e.then)return e.then(function(){})},function(e,n){if(h)throw t;if(e)throw n;return n});return i&&i.then?i.then(r):r()});return v&&v.then?v.then(o):o(v)}}();return s&&s.then?s.then(o):o()},a=(null==n?void 0:n.loginConfig)||r.app.get("authentication"),c={ok:!1,value:[]},u=R(t,a),s=function(){if(u.length)return Promise.resolve(J(u,a,n)(r)).then(function(e){c=e});"*"!==t&&(c.ok=!0)}();return Promise.resolve(s&&s.then?s.then(o):o())}catch(e){return Promise.reject(e)}}},B=function(t,n){return function(r){try{var i,o,a=function(i){if(o)return i;function a(){return"*"!==t||null!=n&&n.specialChange?u?r:t?Promise.resolve(M(t,n)(r)):r:(r.params.authenticated=!!r.params[s],r)}var u=((null==n?void 0:n.adminPass)||[]).includes(r.method)&&(e._get(r.params,"admin_pass")||e._get(r.params,[c.core_path,"admin_pass"])),f=function(){if(!l)return Promise.resolve(u||null!=n&&n.specialChange?q(r):$(r)).then(function(e){r=e})}();return f&&f.then?f.then(a):a()},c=r.app.get("authentication"),u=c.core_path||"core",s=c.entity||"login",l=(e._get(r.params,[u,s])||(null==(i=r.params)?void 0:i.login)||{_id:void 0})._id;null!=n&&n.log&&console.log("ucan auth","loginId",l,"core_path",u,"entity",s,"core",r.params[u],"params login",r.params.login,"required capabilities",t);var f=function(){if("$"===t||t&&"$"===t[r.method]){var e=function(e){return o=1,e};return l?e(r):Promise.resolve(q(r)).then(e)}}();return Promise.resolve(f&&f.then?f.then(a):a(f))}catch(e){return Promise.reject(e)}}};exports.AuthService=P,exports.CoreCall=_,exports.NotAuthError=m,exports.UcanStrategy=y,exports.allUcanAuth=function(t,n){return function(r){try{var i=r.app.get("authentication"),o=e._get(r,["auth",i.entity]);if(o&&(r=e._set(r,[i.core_path,i.entity],o)),"before"===r.type){var a=r.method;return Promise.resolve(t[a]||t.all?B(t[a]||t.all,n)(r):r)}return Promise.resolve(r)}catch(e){return Promise.reject(e)}}},exports.anyAuth="*",exports.bareAuth=$,exports.checkUcan=M,exports.existsPath=b,exports.getExists=w,exports.loadExists=x,exports.modelCapabilities=R,exports.noThrow="$",exports.noThrowAuth=q,exports.orVerifyLoop=K,exports.setExists=j,exports.ucanAuth=B,exports.updateUcan=function(){return function(t){try{var n=t.data,r=n.add,i=void 0===r?[]:r,a=n.remove,c=void 0===a?[]:a;if(!(null!=i&&i.length||null!=c&&c.length))throw new Error("No new capabilities passed");var u=t.app.get("authentication"),s=u.secret,l=u.ucan_aud,f=u.entity,h=u.ucan,p=e.encodeKeyPair({secretKey:s}).did(),v=e.stackAbilities([].concat(i,c));return Promise.resolve(e.verifyUcan(e._get(t.params,[f,h]),{audience:e._get(t.params,l),requiredCapabilities:v.map(function(e){return{capability:e,rootIssuer:p}})})).then(function(n){if(null==n||!n.ok)throw new Error("You don't have sufficient capabilities to grant those capabilities");var r=t.id,a=t.data.service||"logins",u=t.data.path||"ucan";return Promise.resolve(new _(a,t,{skipJoins:!0}).get(r)).then(function(n){var l=e.parseUcan(e._get(n,u)).payload,f=l.aud,h=l.att,p=l.prf,v=[].concat(h);return null!=c&&c.length&&(v=e.reduceAbilities(c,h)),null!=i&&i.length&&(v=e.stackAbilities([].concat(h,i))),Promise.resolve(e.buildUcan(o({issuer:e.encodeKeyPair({secretKey:s}),audience:f,lifetimeInSeconds:5184e3,proofs:p},t.data,{capabilities:v}))).then(function(n){var i=e.ucanToken(n);return Promise.resolve(e.validateUcan(i)).then(function(e){var n;if(!e)throw new Error("Invalid ucan generated when updating");return Promise.resolve(new _(a,t).patch(r,(n={},n[u]=i,n))).then(function(e){return t.result={raw:t.data,encoded:i,subject:e},t})})})})})}catch(e){return Promise.reject(e)}}},exports.verifyAgainstReqs=J;
 //# sourceMappingURL=index.cjs.map