hatchkit 0.1.23 → 0.1.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/dist/adopt.js +39 -0
  2. package/dist/adopt.js.map +1 -1
  3. package/dist/config.d.ts +18 -0
  4. package/dist/config.d.ts.map +1 -1
  5. package/dist/config.js +92 -20
  6. package/dist/config.js.map +1 -1
  7. package/dist/doctor.d.ts.map +1 -1
  8. package/dist/doctor.js +97 -3
  9. package/dist/doctor.js.map +1 -1
  10. package/dist/index.js +109 -0
  11. package/dist/index.js.map +1 -1
  12. package/dist/provision/s3-buckets.d.ts +62 -0
  13. package/dist/provision/s3-buckets.d.ts.map +1 -0
  14. package/dist/provision/s3-buckets.js +428 -0
  15. package/dist/provision/s3-buckets.js.map +1 -0
  16. package/dist/scaffold/manifest.d.ts +24 -0
  17. package/dist/scaffold/manifest.d.ts.map +1 -1
  18. package/dist/scaffold/manifest.js.map +1 -1
  19. package/dist/utils/cloudflare-api.d.ts +96 -0
  20. package/dist/utils/cloudflare-api.d.ts.map +1 -1
  21. package/dist/utils/cloudflare-api.js +176 -0
  22. package/dist/utils/cloudflare-api.js.map +1 -1
  23. package/dist/utils/secrets.d.ts +30 -0
  24. package/dist/utils/secrets.d.ts.map +1 -1
  25. package/dist/utils/secrets.js +30 -0
  26. package/dist/utils/secrets.js.map +1 -1
  27. package/package.json +1 -1
package/dist/utils/cloudflare-api.js CHANGED
@@ -176,6 +176,182 @@ export class CloudflareApi {
176
176
  * mixed-content warnings that bite static-export apps.
177
177
  *
178
178
  * Returns a per-setting summary for the caller to log. */
179
+ // ---------------------------------------------------------------------
180
+ // R2 admin (account-level) — bucket create + public-domain wiring
181
+ // ---------------------------------------------------------------------
182
+ //
183
+ // The S3-compatible API used at runtime (PutObject etc.) takes
184
+ // access-key / secret-key auth against `<account>.r2.cloudflarestorage.com`.
185
+ // The admin endpoints used here are different: they take the same
186
+ // Bearer token used elsewhere on this client, but the token must
187
+ // carry the `Workers R2 Storage:Edit` permission scoped to the
188
+ // account. A token that only has Zone:DNS:Edit (the typical
189
+ // hatchkit DNS token) will 403 here. Callers should surface that
190
+ // as a clear "add R2 perm to your token" hint.
191
+ //
192
+ // Idempotency:
193
+ // · createR2Bucket → 409 on duplicate; we treat as success.
194
+ // · enableR2ManagedDomain → PUT, idempotent by definition.
195
+ // · addR2CustomDomain → 409 on duplicate hostname; treat as success
196
+ // and re-fetch the existing config.
197
+ /** Create a bucket. Returns the metadata. If the bucket already
198
+ * exists (409), returns `{ existed: true }` plus a fresh GET. */
199
+ async createR2Bucket(accountId, name, opts = {}) {
200
+ const body = { name };
201
+ if (opts.locationHint)
202
+ body.locationHint = opts.locationHint;
203
+ if (opts.storageClass)
204
+ body.storageClass = opts.storageClass;
205
+ try {
206
+ const res = await this.request("POST", `/accounts/${accountId}/r2/buckets`, body);
207
+ return { ...res, existed: false };
208
+ }
209
+ catch (err) {
210
+ const msg = err.message;
211
+ // CF returns 10004 ("The bucket you tried to create already exists")
212
+ // for dupes. Match on either the code or "already exists".
213
+ if (/10004|already exists|409/i.test(msg)) {
214
+ const existing = await this.getR2Bucket(accountId, name);
215
+ return { ...(existing ?? { name }), existed: true };
216
+ }
217
+ throw err;
218
+ }
219
+ }
220
+ /** Get bucket metadata. Returns null on 404. */
221
+ async getR2Bucket(accountId, name) {
222
+ try {
223
+ return await this.request("GET", `/accounts/${accountId}/r2/buckets/${name}`);
224
+ }
225
+ catch (err) {
226
+ if (/404|not\s*found|10006/i.test(err.message))
227
+ return null;
228
+ throw err;
229
+ }
230
+ }
231
+ /** Enable (or disable) the managed `pub-<hash>.r2.dev` public URL on
232
+ * a bucket. Returns the assigned `pub-<hash>.r2.dev` hostname. */
233
+ async enableR2ManagedDomain(accountId, bucket, enabled = true) {
234
+ return this.request("PUT", `/accounts/${accountId}/r2/buckets/${bucket}/domains/managed`, {
235
+ enabled,
236
+ });
237
+ }
238
+ /** List custom domains attached to a bucket — used to short-circuit
239
+ * re-runs that already added the domain. */
240
+ async listR2CustomDomains(accountId, bucket) {
241
+ const res = await this.request("GET", `/accounts/${accountId}/r2/buckets/${bucket}/domains/custom`);
242
+ return res.domains ?? [];
243
+ }
244
+ /** Mint a per-bucket-scoped R2 API token. Returns the token's S3
245
+ * access/secret derivation alongside the raw token id+value (the
246
+ * caller can store the access/secret pair as the project's S3
247
+ * credentials, or hold the token value to use as a Bearer for R2
248
+ * admin calls scoped to those buckets).
249
+ *
250
+ * The token resource scope follows Cloudflare's R2 format:
251
+ * `com.cloudflare.edge.r2.bucket.<accountId>_<jurisdiction>_<bucketName>`
252
+ * with jurisdiction = "default" for buckets created without an
253
+ * explicit jurisdiction (which is what `createR2Bucket` does today).
254
+ *
255
+ * Permission groups are looked up dynamically by name — Cloudflare
256
+ * doesn't publish stable IDs, only stable names. We cache the result
257
+ * on the instance so subsequent calls in the same process re-use it.
258
+ *
259
+ * Note on the calling token: this hits `POST /user/tokens` which
260
+ * requires the calling token to have `User > API Tokens > Edit`.
261
+ * An R2-only admin token will 403 here. The caller should surface
262
+ * that as a "add API Tokens:Edit to your admin token" hint. */
263
+ async createR2ApiToken(params) {
264
+ const jurisdiction = params.jurisdiction ?? "default";
265
+ const permissions = params.permissions ?? "read-write";
266
+ // Resolve permission groups by name. Cached on the instance so
267
+ // multi-bucket runs only pay the lookup once.
268
+ const wanted = permissions === "read"
269
+ ? ["Workers R2 Storage Bucket Item Read"]
270
+ : ["Workers R2 Storage Bucket Item Read", "Workers R2 Storage Bucket Item Write"];
271
+ const groups = await this.getR2PermissionGroups();
272
+ const groupIds = [];
273
+ for (const name of wanted) {
274
+ const found = groups.find((g) => g.name === name);
275
+ if (!found) {
276
+ throw new Error(`Permission group "${name}" not found in /user/tokens/permission_groups. The Cloudflare API may have renamed it; verify at https://dash.cloudflare.com/profile/api-tokens.`);
277
+ }
278
+ groupIds.push(found.id);
279
+ }
280
+ // Build the resources map: one entry per bucket, format per docs.
281
+ const resources = {};
282
+ for (const bucket of params.bucketNames) {
283
+ const key = `com.cloudflare.edge.r2.bucket.${params.accountId}_${jurisdiction}_${bucket}`;
284
+ resources[key] = "*";
285
+ }
286
+ const body = {
287
+ name: params.name,
288
+ policies: [
289
+ {
290
+ effect: "allow",
291
+ permission_groups: groupIds.map((id) => ({ id })),
292
+ resources,
293
+ },
294
+ ],
295
+ };
296
+ const res = await this.request("POST", "/user/tokens", body);
297
+ const { createHash } = await import("node:crypto");
298
+ const secretAccessKey = createHash("sha256").update(res.value).digest("hex");
299
+ return {
300
+ tokenId: res.id,
301
+ tokenValue: res.value,
302
+ accessKeyId: res.id,
303
+ secretAccessKey,
304
+ };
305
+ }
306
+ /** Cached lookup of /user/tokens/permission_groups filtered to R2
307
+ * groups. Returns at minimum the entries hatchkit looks up by name
308
+ * in `createR2ApiToken`. */
309
+ permissionGroupsCache;
310
+ async getR2PermissionGroups() {
311
+ if (this.permissionGroupsCache)
312
+ return this.permissionGroupsCache;
313
+ const all = [];
314
+ let page = 1;
315
+ while (page <= 20) {
316
+ const data = await this.request("GET", `/user/tokens/permission_groups?per_page=200&page=${page}`);
317
+ all.push(...data);
318
+ if (data.length < 200)
319
+ break;
320
+ page += 1;
321
+ }
322
+ this.permissionGroupsCache = all;
323
+ return all;
324
+ }
325
+ /** Delete a Cloudflare API token by id. Idempotent: 404 → "not-found". */
326
+ async deleteApiToken(tokenId) {
327
+ try {
328
+ await this.request("DELETE", `/user/tokens/${tokenId}`);
329
+ return "deleted";
330
+ }
331
+ catch (err) {
332
+ if (/404|not\s*found/i.test(err.message))
333
+ return "not-found";
334
+ throw err;
335
+ }
336
+ }
337
+ /** Attach a custom domain (a hostname on a Cloudflare zone you own)
338
+ * to an R2 bucket. Idempotent — duplicates short-circuit via list. */
339
+ async addR2CustomDomain(accountId, bucket, params) {
340
+ const existing = await this.listR2CustomDomains(accountId, bucket);
341
+ const match = existing.find((d) => d.domain === params.domain);
342
+ if (match) {
343
+ return { domain: match.domain, enabled: match.enabled, zoneId: params.zoneId, existed: true };
344
+ }
345
+ const body = {
346
+ domain: params.domain,
347
+ enabled: true,
348
+ zoneId: params.zoneId,
349
+ };
350
+ if (params.minTLS)
351
+ body.minTLS = params.minTLS;
352
+ const res = await this.request("POST", `/accounts/${accountId}/r2/buckets/${bucket}/domains/custom`, body);
353
+ return { ...res, existed: false };
354
+ }
179
355
  async enableEdgeHardening(zoneId) {
180
356
  const settings = [
181
357
  { id: "always_use_https", target: "on", atLeastAsStrict: (c) => c === "on" },
package/dist/utils/cloudflare-api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"cloudflare-api.js","sourceRoot":"","sources":["../../src/utils/cloudflare-api.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,EAAE;AACF,WAAW;AACX,qEAAqE;AACrE,sEAAsE;AACtE,uDAAuD;AACvD,mEAAmE;AACnE,qEAAqE;AACrE,8DAA8D;AAC9D,EAAE;AACF,oEAAoE;AACpE,qEAAqE;AACrE,4DAA4D;AA4B5D,MAAM,QAAQ,GAAG,sCAAsC,CAAC;AAExD,kCAAkC;AAClC,MAAM,OAAO,aAAa;IAChB,KAAK,CAAS;IACd,SAAS,CAAU;IAE3B,YAAY,OAA6B;QACvC,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IACrC,CAAC;IAEO,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,IAAc;QACnE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,GAAG,IAAI,EAAE,EAAE;YAC5C,MAAM;YACN,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE;gBACrC,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SAC9C,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAyB,CAAC;QAC1E,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,MAAM,GACV,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC;YACnF,MAAM,IAAI,KAAK,CAAC,cAAc,MAAM,IAAI,IAAI,YAAY,MAAM,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,WAAW;QACf,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAiC,KAAK,EAAE,qBAAqB,CAAC,CAAC;QAC9F,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,SAAS;QACb,MAAM,GAAG,GAAqB,EAAE,CAAC;QACjC,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,OAAO,IAAI,IAAI,EAAE,EAAE,CAAC;YAClB,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC1E,IAAI,IAAI,CAAC,SAAS;gBAAE,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YAC5D,MAAM,IAAI,GAAG,UAAU,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC;YAC1C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,GAAG,IAAI,EAAE,EAAE;gBAC5C,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE;oBACrC,MAAM,EAAE,kBAAkB;iBAC3B;aACF,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAiC,CAAC;YAChE,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,MAAM,GACV,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC;gBACnF,MAAM,IAAI,KAAK,CAAC,iCAAiC,MAAM,EAAE,CAAC,CAAC;YAC7D,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;YACzB,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,WAAW,IAAI,CAAC,CAAC;YACtD,IAAI,IAAI,IAAI,UAAU;gBAAE,MAAM;YAC9B,IAAI,IAAI,CAAC,CAAC;QACZ,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,gEAAgE;IAChE,KAAK,CAAC,aAAa,CAAC,IAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,IAAI,IAAI,CAAC,SAAS;YAAE,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAC5D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAmB,KAAK,EAAE,UAAU,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACvF,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACzB,CAAC;IAED,6DAA6D;IAC7D,KAAK,CAAC,UAAU,CACd,MAAc,EACd,IAAY,EACZ,IAA4B;QAE5B,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAE7B,KAAK,EAAE,UAAU,MAAM,gBAAgB,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACzB,CAAC;IAED;;;qEAGiE;IACjE,KAAK,CAAC,YAAY,CAChB,MAAc,EACd,MAMC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QACzE,MAAM,IAAI,GAAG;YACX,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;YAC/B,GAAG,EAAE,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,gBAAgB;SACvC,CAAC;QACF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAChC,MAAM,EACN,UAAU,MAAM,cAAc,EAC9B,IAAI,CACL,CAAC;YACF,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC3D,CAAC;QACD,MAAM,IAAI,GACR,QAAQ,CAAC,OAAO,KAAK,MAAM,CAAC,OAAO;YACnC,CAAC,QAAQ,CAAC,OAAO,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC;YACxD,QAAQ,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC;QAChC,IAAI,IAAI;YAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QACrE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAChC,OAAO,EACP,UAAU,MAAM,gBAAgB,QAAQ,CAAC,EAAE,EAAE,EAC7C,IAAI,CACL,CAAC;QACF,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3D,CAAC;IAED;4EACwE;IACxE,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,QAAgB;QACjD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAU,QAAQ,EAAE,UAAU,MAAM,gBAAgB,QAAQ,EAAE,CAAC,CAAC;YAClF,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAI,GAAa,CAAC,OAAO,CAAC;YACnC,IAAI,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC;gBAAE,OAAO,WAAW,CAAC;YAC3D,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,uCAAuC;IACvC,wEAAwE;IACxE,EAAE;IACF,2EAA2E;IAC3E,yEAAyE;IACzE,0EAA0E;IAC1E,wFAAwF;IACxF,EAAE;IACF,qEAAqE;IACrE,uEAAuE;IACvE,qEAAqE;IACrE,gEAAgE;IAChE,kEAAkE;IAElE;;;gEAG4D;IAC5D,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,SAAiB;QACpD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,KAAK,EACL,UAAU,MAAM,aAAa,SAAS,EAAE,CACzC,CAAC;QACF,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,SAAiB,EAAE,KAAc;QACpE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,OAAO,EACP,UAAU,MAAM,aAAa,SAAS,EAAE,EACxC,EAAE,KAAK,EAAE,CACV,CAAC;QACF,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;+DAoB2D;IAC3D,KAAK,CAAC,mBAAmB,CAAC,MAAc;QAYtC,MAAM,QAAQ,GAAc;YAC1B,EAAE,EAAE,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI,EAAE;YAC5E,oEAAoE;YACpE,8CAA8C;YAC9C;gBACE,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,MAAM;gBACd,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,QAAQ;aACvD;YACD;gBACE,EAAE,EAAE,iBAAiB;gBACrB,MAAM,EAAE,KAAK;gBACb,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,IAAI,KAAK;aAC5D;YACD;gBACE,EAAE,EAAE,0BAA0B;gBAC9B,MAAM,EAAE,IAAI;gBACZ,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI;aACnC;SACF,CAAC;QAEF,MAAM,OAAO,GAAsD,EAAE,CAAC;QACtE,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAyC,EAAE,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;gBACxD,IAAI,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAChB,SAAS;gBACX,CAAC;gBACD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;gBAClD,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,gEAAgE;gBAChE,iEAAiE;gBACjE,8CAA8C;gBAC9C,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IACnC,CAAC;CACF"}
1
+ {"version":3,"file":"cloudflare-api.js","sourceRoot":"","sources":["../../src/utils/cloudflare-api.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,EAAE;AACF,WAAW;AACX,qEAAqE;AACrE,sEAAsE;AACtE,uDAAuD;AACvD,mEAAmE;AACnE,qEAAqE;AACrE,8DAA8D;AAC9D,EAAE;AACF,oEAAoE;AACpE,qEAAqE;AACrE,4DAA4D;AA4B5D,MAAM,QAAQ,GAAG,sCAAsC,CAAC;AAExD,kCAAkC;AAClC,MAAM,OAAO,aAAa;IAChB,KAAK,CAAS;IACd,SAAS,CAAU;IAE3B,YAAY,OAA6B;QACvC,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IACrC,CAAC;IAEO,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,IAAc;QACnE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,GAAG,IAAI,EAAE,EAAE;YAC5C,MAAM;YACN,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE;gBACrC,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SAC9C,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAyB,CAAC;QAC1E,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,MAAM,GACV,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC;YACnF,MAAM,IAAI,KAAK,CAAC,cAAc,MAAM,IAAI,IAAI,YAAY,MAAM,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,WAAW;QACf,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAiC,KAAK,EAAE,qBAAqB,CAAC,CAAC;QAC9F,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,SAAS;QACb,MAAM,GAAG,GAAqB,EAAE,CAAC;QACjC,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,OAAO,IAAI,IAAI,EAAE,EAAE,CAAC;YAClB,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC1E,IAAI,IAAI,CAAC,SAAS;gBAAE,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YAC5D,MAAM,IAAI,GAAG,UAAU,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC;YAC1C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,GAAG,IAAI,EAAE,EAAE;gBAC5C,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE;oBACrC,MAAM,EAAE,kBAAkB;iBAC3B;aACF,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAiC,CAAC;YAChE,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC7B,MAAM,MAAM,GACV,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC;gBACnF,MAAM,IAAI,KAAK,CAAC,iCAAiC,MAAM,EAAE,CAAC,CAAC;YAC7D,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;YACzB,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,WAAW,IAAI,CAAC,CAAC;YACtD,IAAI,IAAI,IAAI,UAAU;gBAAE,MAAM;YAC9B,IAAI,IAAI,CAAC,CAAC;QACZ,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,gEAAgE;IAChE,KAAK,CAAC,aAAa,CAAC,IAAY;QAC9B,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,IAAI,IAAI,CAAC,SAAS;YAAE,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAC5D,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAmB,KAAK,EAAE,UAAU,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACvF,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACzB,CAAC;IAED,6DAA6D;IAC7D,KAAK,CAAC,UAAU,CACd,MAAc,EACd,IAAY,EACZ,IAA4B;QAE5B,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAE7B,KAAK,EAAE,UAAU,MAAM,gBAAgB,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACzB,CAAC;IAED;;;qEAGiE;IACjE,KAAK,CAAC,YAAY,CAChB,MAAc,EACd,MAMC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QACzE,MAAM,IAAI,GAAG;YACX,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;YAC/B,GAAG,EAAE,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,gBAAgB;SACvC,CAAC;QACF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAChC,MAAM,EACN,UAAU,MAAM,cAAc,EAC9B,IAAI,CACL,CAAC;YACF,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC3D,CAAC;QACD,MAAM,IAAI,GACR,QAAQ,CAAC,OAAO,KAAK,MAAM,CAAC,OAAO;YACnC,CAAC,QAAQ,CAAC,OAAO,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC;YACxD,QAAQ,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI,CAAC;QAChC,IAAI,IAAI;YAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QACrE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAChC,OAAO,EACP,UAAU,MAAM,gBAAgB,QAAQ,CAAC,EAAE,EAAE,EAC7C,IAAI,CACL,CAAC;QACF,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3D,CAAC;IAED;4EACwE;IACxE,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,QAAgB;QACjD,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAU,QAAQ,EAAE,UAAU,MAAM,gBAAgB,QAAQ,EAAE,CAAC,CAAC;YAClF,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAI,GAAa,CAAC,OAAO,CAAC;YACnC,IAAI,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC;gBAAE,OAAO,WAAW,CAAC;YAC3D,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,uCAAuC;IACvC,wEAAwE;IACxE,EAAE;IACF,2EAA2E;IAC3E,yEAAyE;IACzE,0EAA0E;IAC1E,wFAAwF;IACxF,EAAE;IACF,qEAAqE;IACrE,uEAAuE;IACvE,qEAAqE;IACrE,gEAAgE;IAChE,kEAAkE;IAElE;;;gEAG4D;IAC5D,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,SAAiB;QACpD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,KAAK,EACL,UAAU,MAAM,aAAa,SAAS,EAAE,CACzC,CAAC;QACF,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,cAAc,CAAC,MAAc,EAAE,SAAiB,EAAE,KAAc;QACpE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,OAAO,EACP,UAAU,MAAM,aAAa,SAAS,EAAE,EACxC,EAAE,KAAK,EAAE,CACV,CAAC;QACF,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;+DAoB2D;IAC3D,wEAAwE;IACxE,kEAAkE;IAClE,wEAAwE;IACxE,EAAE;IACF,+DAA+D;IAC/D,6EAA6E;IAC7E,kEAAkE;IAClE,iEAAiE;IACjE,+DAA+D;IAC/D,4DAA4D;IAC5D,iEAAiE;IACjE,+CAA+C;IAC/C,EAAE;IACF,eAAe;IACf,8DAA8D;IAC9D,6DAA6D;IAC7D,sEAAsE;IACtE,wCAAwC;IAExC;sEACkE;IAClE,KAAK,CAAC,cAAc,CAClB,SAAiB,EACjB,IAAY,EACZ,OAAkF,EAAE;QAQpF,MAAM,IAAI,GAA4B,EAAE,IAAI,EAAE,CAAC;QAC/C,IAAI,IAAI,CAAC,YAAY;YAAE,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QAC7D,IAAI,IAAI,CAAC,YAAY;YAAE,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QAC7D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAK3B,MAAM,EAAE,aAAa,SAAS,aAAa,EAAE,IAAI,CAAC,CAAC;YACtD,OAAO,EAAE,GAAG,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QACpC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAI,GAAa,CAAC,OAAO,CAAC;YACnC,qEAAqE;YACrE,2DAA2D;YAC3D,IAAI,2BAA2B,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;gBACzD,OAAO,EAAE,GAAG,CAAC,QAAQ,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YACtD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,WAAW,CACf,SAAiB,EACjB,IAAY;QAOZ,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,aAAa,SAAS,eAAe,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,wBAAwB,CAAC,IAAI,CAAE,GAAa,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC;YACvE,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;uEACmE;IACnE,KAAK,CAAC,qBAAqB,CACzB,SAAiB,EACjB,MAAc,EACd,OAAO,GAAG,IAAI;QAEd,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,aAAa,SAAS,eAAe,MAAM,kBAAkB,EAAE;YACxF,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED;iDAC6C;IAC7C,KAAK,CAAC,mBAAmB,CACvB,SAAiB,EACjB,MAAc;QAWd,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAC5B,KAAK,EACL,aAAa,SAAS,eAAe,MAAM,iBAAiB,CAC7D,CAAC;QACF,OAAO,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;;;;;;;;;;;;;;;;;oEAkBgE;IAChE,KAAK,CAAC,gBAAgB,CAAC,MAYtB;QAUC,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,SAAS,CAAC;QACtD,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,YAAY,CAAC;QAEvD,+DAA+D;QAC/D,8CAA8C;QAC9C,MAAM,MAAM,GACV,WAAW,KAAK,MAAM;YACpB,CAAC,CAAC,CAAC,qCAAqC,CAAC;YACzC,CAAC,CAAC,CAAC,qCAAqC,EAAE,sCAAsC,CAAC,CAAC;QACtF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAClD,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;YAClD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CACb,qBAAqB,IAAI,kJAAkJ,CAC5K,CAAC;YACJ,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC1B,CAAC;QAED,kEAAkE;QAClE,MAAM,SAAS,GAAwB,EAAE,CAAC;QAC1C,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,iCAAiC,MAAM,CAAC,SAAS,IAAI,YAAY,IAAI,MAAM,EAAE,CAAC;YAC1F,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACvB,CAAC;QAED,MAAM,IAAI,GAAG;YACX,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE;gBACR;oBACE,MAAM,EAAE,OAAgB;oBACxB,iBAAiB,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;oBACjD,SAAS;iBACV;aACF;SACF,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAAgC,MAAM,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;QAC5F,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC7E,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,EAAE;YACf,UAAU,EAAE,GAAG,CAAC,KAAK;YACrB,WAAW,EAAE,GAAG,CAAC,EAAE;YACnB,eAAe;SAChB,CAAC;IACJ,CAAC;IAED;;iCAE6B;IACrB,qBAAqB,CAAuC;IAC5D,KAAK,CAAC,qBAAqB;QACjC,IAAI,IAAI,CAAC,qBAAqB;YAAE,OAAO,IAAI,CAAC,qBAAqB,CAAC;QAClE,MAAM,GAAG,GAAwC,EAAE,CAAC;QACpD,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,OAAO,IAAI,IAAI,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,KAAK,EACL,oDAAoD,IAAI,EAAE,CAC3D,CAAC;YACF,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YAClB,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG;gBAAE,MAAM;YAC7B,IAAI,IAAI,CAAC,CAAC;QACZ,CAAC;QACD,IAAI,CAAC,qBAAqB,GAAG,GAAG,CAAC;QACjC,OAAO,GAAG,CAAC;IACb,CAAC;IAED,0EAA0E;IAC1E,KAAK,CAAC,cAAc,CAAC,OAAe;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAU,QAAQ,EAAE,gBAAgB,OAAO,EAAE,CAAC,CAAC;YACjE,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,kBAAkB,CAAC,IAAI,CAAE,GAAa,CAAC,OAAO,CAAC;gBAAE,OAAO,WAAW,CAAC;YACxE,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;2EACuE;IACvE,KAAK,CAAC,iBAAiB,CACrB,SAAiB,EACjB,MAAc,EACd,MAAkF;QAElF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACnE,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC;QAC/D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAChG,CAAC;QACD,MAAM,IAAI,GAA4B;YACpC,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC;QACF,IAAI,MAAM,CAAC,MAAM;YAAE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC/C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,OAAO,CAC5B,MAAM,EACN,aAAa,SAAS,eAAe,MAAM,iBAAiB,EAC5D,IAAI,CACL,CAAC;QACF,OAAO,EAAE,GAAG,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,MAAc;QAYtC,MAAM,QAAQ,GAAc;YAC1B,EAAE,EAAE,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI,EAAE;YAC5E,oEAAoE;YACpE,8CAA8C;YAC9C;gBACE,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,MAAM;gBACd,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,QAAQ;aACvD;YACD;gBACE,EAAE,EAAE,iBAAiB;gBACrB,MAAM,EAAE,KAAK;gBACb,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,IAAI,KAAK;aAC5D;YACD;gBACE,EAAE,EAAE,0BAA0B;gBAC9B,MAAM,EAAE,IAAI;gBACZ,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI;aACnC;SACF,CAAC;QAEF,MAAM,OAAO,GAAsD,EAAE,CAAC;QACtE,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAyC,EAAE,CAAC;QACxD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;gBACxD,IAAI,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAChB,SAAS;gBACX,CAAC;gBACD,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;gBAClD,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YAC1D,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,gEAAgE;gBAChE,iEAAiE;gBACjE,8CAA8C;gBAC9C,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IACnC,CAAC;CACF"}
package/dist/utils/secrets.d.ts CHANGED
@@ -9,8 +9,38 @@ export declare const SECRET_KEYS: {
9
9
  * registered at INWX. Used by the post-apply NS flip in deploy/terraform
10
10
  * and by `hatchkit dns link-to-cloudflare`. */
11
11
  readonly dnsInwxRegistrarPassword: "dns:inwx-registrar:password";
12
+ /** @deprecated Account-wide S3 access/secret pair. Used by the
13
+ * legacy single-project flow where every hatchkit-managed app
14
+ * shared one credential against all buckets — bad blast radius
15
+ * on leak. New code path is `s3ProjectAccessKey/secret` below:
16
+ * per-project credentials minted by hatchkit at provision-time
17
+ * and scoped to that project's buckets only.
18
+ *
19
+ * Kept defined so the migration step in handleProvisionS3 can
20
+ * detect + delete legacy entries. Don't WRITE these from new
21
+ * code; reads are tolerated until the migration ships. */
12
22
  readonly s3AccessKey: (provider: string) => string;
13
23
  readonly s3SecretKey: (provider: string) => string;
24
+ /** Per-project S3 access/secret pair, scoped to that project's
25
+ * buckets only. Created by hatchkit at provision-time via
26
+ * CloudflareApi.createR2ApiToken (which calls POST /user/tokens
27
+ * with bucket-scoped resources, derives access = token id +
28
+ * secret = sha256(token value)). The user never pastes these. */
29
+ readonly s3ProjectAccessKey: (provider: string, project: string) => string;
30
+ readonly s3ProjectSecretKey: (provider: string, project: string) => string;
31
+ /** API token id of the per-project R2 token. Stored alongside
32
+ * the access/secret pair so `hatchkit destroy <project>` can
33
+ * delete the token (DELETE /user/tokens/<id>) instead of
34
+ * leaving orphaned tokens in the user's CF account. */
35
+ readonly s3ProjectTokenId: (provider: string, project: string) => string;
36
+ /** Cloudflare API token with `Account > Workers R2 Storage > Edit`
37
+ * permission. Used by `hatchkit provision s3` to create R2 buckets,
38
+ * enable the managed `r2.dev` URL, and attach custom domains. Kept
39
+ * separate from `dns:cloudflare:token` because the DNS token is
40
+ * typically scoped narrowly to Zone:DNS:Edit + Zone:Zone:Read; the
41
+ * R2 admin endpoints need account-level perms which most users
42
+ * prefer not to mix into the DNS token (least-privilege rotation). */
43
+ readonly r2AdminToken: "s3:r2:admin-token";
14
44
  readonly gpuApiKey: (platform: string) => string;
15
45
  readonly glitchtipToken: "glitchtip:auth-token";
16
46
  /** Root-mode OpenPanel client used by the Management API to auto-create
package/dist/utils/secrets.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/utils/secrets.ts"],"names":[],"mappings":"AAoBA;mEACmE;AACnE,eAAO,MAAM,WAAW;;;;;IAKtB;;oDAEgD;;qCAExB,MAAM;qCACN,MAAM;mCACR,MAAM;;IAE5B;wEACoE;;;2CAGtC,MAAM;;;;IAIpC;;+DAE2D;8CAC1B,MAAM;IACvC;;;;6DAIyD;;CAEjD,CAAC;AAEX,wBAAsB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAEnE;AAED,wBAAsB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAEzE;AAED,wBAAsB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAEhE;AAED,iEAAiE;AACjE,wBAAsB,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAGrD"}
1
+ {"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/utils/secrets.ts"],"names":[],"mappings":"AAoBA;mEACmE;AACnE,eAAO,MAAM,WAAW;;;;;IAKtB;;oDAEgD;;IAEhD;;;;;;;;;+DAS2D;qCACnC,MAAM;qCACN,MAAM;IAC9B;;;;sEAIkE;4CACnC,MAAM,WAAW,MAAM;4CACvB,MAAM,WAAW,MAAM;IACtD;;;4DAGwD;0CAC3B,MAAM,WAAW,MAAM;IACpD;;;;;;2EAMuE;;mCAEjD,MAAM;;IAE5B;wEACoE;;;2CAGtC,MAAM;;;;IAIpC;;+DAE2D;8CAC1B,MAAM;IACvC;;;;6DAIyD;;CAEjD,CAAC;AAEX,wBAAsB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAEnE;AAED,wBAAsB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAEzE;AAED,wBAAsB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAEhE;AAED,iEAAiE;AACjE,wBAAsB,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAGrD"}
package/dist/utils/secrets.js CHANGED
@@ -26,8 +26,38 @@ export const SECRET_KEYS = {
26
26
  * registered at INWX. Used by the post-apply NS flip in deploy/terraform
27
27
  * and by `hatchkit dns link-to-cloudflare`. */
28
28
  dnsInwxRegistrarPassword: "dns:inwx-registrar:password",
29
+ /** @deprecated Account-wide S3 access/secret pair. Used by the
30
+ * legacy single-project flow where every hatchkit-managed app
31
+ * shared one credential against all buckets — bad blast radius
32
+ * on leak. New code path is `s3ProjectAccessKey/secret` below:
33
+ * per-project credentials minted by hatchkit at provision-time
34
+ * and scoped to that project's buckets only.
35
+ *
36
+ * Kept defined so the migration step in handleProvisionS3 can
37
+ * detect + delete legacy entries. Don't WRITE these from new
38
+ * code; reads are tolerated until the migration ships. */
29
39
  s3AccessKey: (provider) => `s3:${provider}:access-key`,
30
40
  s3SecretKey: (provider) => `s3:${provider}:secret-key`,
41
+ /** Per-project S3 access/secret pair, scoped to that project's
42
+ * buckets only. Created by hatchkit at provision-time via
43
+ * CloudflareApi.createR2ApiToken (which calls POST /user/tokens
44
+ * with bucket-scoped resources, derives access = token id +
45
+ * secret = sha256(token value)). The user never pastes these. */
46
+ s3ProjectAccessKey: (provider, project) => `s3:${provider}:${project}:access-key`,
47
+ s3ProjectSecretKey: (provider, project) => `s3:${provider}:${project}:secret-key`,
48
+ /** API token id of the per-project R2 token. Stored alongside
49
+ * the access/secret pair so `hatchkit destroy <project>` can
50
+ * delete the token (DELETE /user/tokens/<id>) instead of
51
+ * leaving orphaned tokens in the user's CF account. */
52
+ s3ProjectTokenId: (provider, project) => `s3:${provider}:${project}:token-id`,
53
+ /** Cloudflare API token with `Account > Workers R2 Storage > Edit`
54
+ * permission. Used by `hatchkit provision s3` to create R2 buckets,
55
+ * enable the managed `r2.dev` URL, and attach custom domains. Kept
56
+ * separate from `dns:cloudflare:token` because the DNS token is
57
+ * typically scoped narrowly to Zone:DNS:Edit + Zone:Zone:Read; the
58
+ * R2 admin endpoints need account-level perms which most users
59
+ * prefer not to mix into the DNS token (least-privilege rotation). */
60
+ r2AdminToken: "s3:r2:admin-token",
31
61
  gpuApiKey: (platform) => `gpu:${platform}:api-key`,
32
62
  glitchtipToken: "glitchtip:auth-token",
33
63
  /** Root-mode OpenPanel client used by the Management API to auto-create
package/dist/utils/secrets.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/utils/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B,iEAAiE;AACjE,uEAAuE;AACvE,sEAAsE;AACtE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,UAAU,CAAC;AAElE;mEACmE;AACnE,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,YAAY,EAAE,eAAe;IAC7B,YAAY,EAAE,eAAe;IAC7B,eAAe,EAAE,mBAAmB;IACpC,kBAAkB,EAAE,sBAAsB;IAC1C;;oDAEgD;IAChD,wBAAwB,EAAE,6BAA6B;IACvD,WAAW,EAAE,CAAC,QAAgB,EAAE,EAAE,CAAC,MAAM,QAAQ,aAAa;IAC9D,WAAW,EAAE,CAAC,QAAgB,EAAE,EAAE,CAAC,MAAM,QAAQ,aAAa;IAC9D,SAAS,EAAE,CAAC,QAAgB,EAAE,EAAE,CAAC,OAAO,QAAQ,UAAU;IAC1D,cAAc,EAAE,sBAAsB;IACtC;wEACoE;IACpE,qBAAqB,EAAE,0BAA0B;IACjD,yBAAyB,EAAE,8BAA8B;IACzD,qBAAqB,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,aAAa,IAAI,gBAAgB;IAC1E,YAAY,EAAE,gBAAgB;IAC9B,eAAe,EAAE,mBAAmB;IACpC,oBAAoB,EAAE,wBAAwB;IAC9C;;+DAE2D;IAC3D,iBAAiB,EAAE,CAAC,WAAmB,EAAE,EAAE,CAAC,WAAW,WAAW,yBAAyB;IAC3F;;;;6DAIyD;IACzD,aAAa,EAAE,iBAAiB;CACxB,CAAC;AAEX,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,GAAW;IACzC,OAAO,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,GAAW,EAAE,KAAa;IACxD,MAAM,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,GAAW;IAC5C,OAAO,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;AAC7C,CAAC;AAED,iEAAiE;AACjE,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IACtD,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AACnF,CAAC"}
1
+ {"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/utils/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B,iEAAiE;AACjE,uEAAuE;AACvE,sEAAsE;AACtE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,UAAU,CAAC;AAElE;mEACmE;AACnE,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,YAAY,EAAE,eAAe;IAC7B,YAAY,EAAE,eAAe;IAC7B,eAAe,EAAE,mBAAmB;IACpC,kBAAkB,EAAE,sBAAsB;IAC1C;;oDAEgD;IAChD,wBAAwB,EAAE,6BAA6B;IACvD;;;;;;;;;+DAS2D;IAC3D,WAAW,EAAE,CAAC,QAAgB,EAAE,EAAE,CAAC,MAAM,QAAQ,aAAa;IAC9D,WAAW,EAAE,CAAC,QAAgB,EAAE,EAAE,CAAC,MAAM,QAAQ,aAAa;IAC9D;;;;sEAIkE;IAClE,kBAAkB,EAAE,CAAC,QAAgB,EAAE,OAAe,EAAE,EAAE,CAAC,MAAM,QAAQ,IAAI,OAAO,aAAa;IACjG,kBAAkB,EAAE,CAAC,QAAgB,EAAE,OAAe,EAAE,EAAE,CAAC,MAAM,QAAQ,IAAI,OAAO,aAAa;IACjG;;;4DAGwD;IACxD,gBAAgB,EAAE,CAAC,QAAgB,EAAE,OAAe,EAAE,EAAE,CAAC,MAAM,QAAQ,IAAI,OAAO,WAAW;IAC7F;;;;;;2EAMuE;IACvE,YAAY,EAAE,mBAAmB;IACjC,SAAS,EAAE,CAAC,QAAgB,EAAE,EAAE,CAAC,OAAO,QAAQ,UAAU;IAC1D,cAAc,EAAE,sBAAsB;IACtC;wEACoE;IACpE,qBAAqB,EAAE,0BAA0B;IACjD,yBAAyB,EAAE,8BAA8B;IACzD,qBAAqB,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,aAAa,IAAI,gBAAgB;IAC1E,YAAY,EAAE,gBAAgB;IAC9B,eAAe,EAAE,mBAAmB;IACpC,oBAAoB,EAAE,wBAAwB;IAC9C;;+DAE2D;IAC3D,iBAAiB,EAAE,CAAC,WAAmB,EAAE,EAAE,CAAC,WAAW,WAAW,yBAAyB;IAC3F;;;;6DAIyD;IACzD,aAAa,EAAE,iBAAiB;CACxB,CAAC;AAEX,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,GAAW;IACzC,OAAO,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,GAAW,EAAE,KAAa;IACxD,MAAM,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,GAAW;IAC5C,OAAO,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;AAC7C,CAAC;AAED,iEAAiE;AACjE,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;IACtD,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AACnF,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hatchkit",
3
- "version": "0.1.23",
3
+ "version": "0.1.25",
4
4
  "packageManager": "pnpm@10.33.2",
5
5
  "description": "Interactive CLI for scaffolding full-stack projects and provisioning observability/email clients",
6
6
  "type": "module",