lody 0.57.1-next.2 → 0.57.1-next.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,448 @@
1
+ import { v as validateBucketId, a as validateSpaceUuid, b as validateStreamPrefix, c as validateMailboxSegment, __tla as __tla_0 } from "../index.js";
2
+ import "fs";
3
+ import "path";
4
+ import "os";
5
+ import "crypto";
6
+ import "child_process";
7
+ import "util";
8
+ import "url";
9
+ import "module";
10
+ import "tty";
11
+ import "worker_threads";
12
+ import "events";
13
+ import "node:diagnostics_channel";
14
+ import "node:events";
15
+ import "diagnostics_channel";
16
+ import "node:net";
17
+ import "async_hooks";
18
+ import "node:child_process";
19
+ import "node:fs";
20
+ import "node:os";
21
+ import "node:path";
22
+ import "node:util";
23
+ import "node:readline";
24
+ import "node:worker_threads";
25
+ import "node:http";
26
+ import "node:https";
27
+ import "node:stream";
28
+ import "node:zlib";
29
+ import "node:tls";
30
+ import "node:process";
31
+ import "node:tty";
32
+ import "stream";
33
+ import "buffer";
34
+ import "zlib";
35
+ import "string_decoder";
36
+ import "http";
37
+ import "https";
38
+ import "node:crypto";
39
+ import "net";
40
+ import "tls";
41
+ import { __tla as __tla_1 } from "./loro_wasm_bg-CZBelrAJ.js";
42
+ import "assert";
43
+ import "fs/promises";
44
+ import "perf_hooks";
45
+ import "node:module";
46
+ import "node:fs/promises";
47
+ import "node:stream/promises";
48
+ import "node:string_decoder";
49
+ import "node:assert";
50
+ import "node:buffer";
51
+ import "node:async_hooks";
52
+ import { __tla as __tla_2 } from "../index.js";
53
+ import { __tla as __tla_3 } from "./share-link-BxdX9Pcj.js";
54
+ import { B, C, d, D, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s, t, u, w, x, y, z, A, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z, _, $, a0, a1, a2, a3, a4 } from "../index.js";
55
+ import { R as R2, a, b, c, d as d2, e as e2, f as f2, g as g2, h as h2, i as i2, j as j2, k as k2, l as l2, m as m2, n as n2, o as o2, p as p2, q as q2, r as r2, s as s2, t as t2, u as u2, v, w as w2, x as x2, y as y2, z as z2 } from "./share-link-BxdX9Pcj.js";
56
+ let createRolePermissions, isLocalScopedTokenClaimsV1, isScopedOperationAllowed;
57
+ let __tla = Promise.all([
58
+ (() => {
59
+ try {
60
+ return __tla_0;
61
+ } catch {
62
+ }
63
+ })(),
64
+ (() => {
65
+ try {
66
+ return __tla_1;
67
+ } catch {
68
+ }
69
+ })(),
70
+ (() => {
71
+ try {
72
+ return __tla_2;
73
+ } catch {
74
+ }
75
+ })(),
76
+ (() => {
77
+ try {
78
+ return __tla_3;
79
+ } catch {
80
+ }
81
+ })()
82
+ ]).then(async () => {
83
+ const LOCAL_SCOPED_RESOURCES = /* @__PURE__ */ new Set([
84
+ "meta",
85
+ "sys-session",
86
+ "sys-bootstrap-secret",
87
+ "doc:*",
88
+ "rpc:g2h",
89
+ "rpc:h2g:own",
90
+ "rpc:h2g:*",
91
+ "ephemeral:*",
92
+ "blob:*",
93
+ "snapshot:*"
94
+ ]);
95
+ const LOCAL_SCOPED_OPERATIONS = /* @__PURE__ */ new Set([
96
+ "create",
97
+ "read",
98
+ "append",
99
+ "delete",
100
+ "head",
101
+ "upload",
102
+ "download",
103
+ "upload_snapshot",
104
+ "read_snapshot"
105
+ ]);
106
+ isLocalScopedTokenClaimsV1 = function(value) {
107
+ if (!value || typeof value !== "object" || Array.isArray(value)) return false;
108
+ const claims = value;
109
+ if (claims.v !== 1 || claims.iss !== "loro-code-collab-test-gateway" || claims.aud !== "loro-code-collab-streams" || !isLocalScopedRole(claims.role) || typeof claims.bucketId !== "string" || typeof claims.spaceUuid !== "string" || typeof claims.streamPrefix !== "string" || typeof claims.peerId !== "string" || typeof claims.exp !== "number" || !Number.isSafeInteger(claims.exp) || claims.exp < 0 || !Array.isArray(claims.permissions)) {
110
+ return false;
111
+ }
112
+ if (claims.inviteId !== void 0 && typeof claims.inviteId !== "string") {
113
+ return false;
114
+ }
115
+ try {
116
+ validateBucketId(claims.bucketId);
117
+ validateSpaceUuid(claims.spaceUuid);
118
+ validateStreamPrefix(claims.streamPrefix);
119
+ validateMailboxSegment(claims.peerId, "peerId");
120
+ } catch {
121
+ return false;
122
+ }
123
+ return claims.permissions.every((permission) => {
124
+ if (!permission || typeof permission !== "object" || Array.isArray(permission)) {
125
+ return false;
126
+ }
127
+ const candidate = permission;
128
+ return typeof candidate.resource === "string" && LOCAL_SCOPED_RESOURCES.has(candidate.resource) && Array.isArray(candidate.ops) && candidate.ops.length > 0 && candidate.ops.every((operation) => typeof operation === "string" && LOCAL_SCOPED_OPERATIONS.has(operation));
129
+ });
130
+ };
131
+ isScopedOperationAllowed = function(claims, request) {
132
+ const now = request.nowSeconds ?? Math.floor(Date.now() / 1e3);
133
+ if (claims.v !== 1) return false;
134
+ if (claims.iss !== "loro-code-collab-test-gateway") return false;
135
+ if (claims.aud !== "loro-code-collab-streams") return false;
136
+ if (claims.bucketId !== request.bucketId) return false;
137
+ if (claims.spaceUuid !== request.spaceUuid) return false;
138
+ if (claims.exp <= now) return false;
139
+ if (request.resource === "rpc:h2g:own" && request.peerId !== claims.peerId) {
140
+ return false;
141
+ }
142
+ return claims.permissions.some((permission) => resourceAllows(permission.resource, request.resource) && permission.ops.includes(request.operation));
143
+ };
144
+ createRolePermissions = function(role) {
145
+ if (role === "host") {
146
+ return [
147
+ {
148
+ resource: "meta",
149
+ ops: [
150
+ "create",
151
+ "read",
152
+ "append",
153
+ "delete",
154
+ "head"
155
+ ]
156
+ },
157
+ {
158
+ resource: "sys-session",
159
+ ops: [
160
+ "create",
161
+ "read",
162
+ "append",
163
+ "delete",
164
+ "head"
165
+ ]
166
+ },
167
+ {
168
+ resource: "sys-bootstrap-secret",
169
+ ops: [
170
+ "create",
171
+ "read",
172
+ "append",
173
+ "delete",
174
+ "head"
175
+ ]
176
+ },
177
+ {
178
+ resource: "doc:*",
179
+ ops: [
180
+ "create",
181
+ "read",
182
+ "append",
183
+ "delete",
184
+ "head"
185
+ ]
186
+ },
187
+ {
188
+ resource: "rpc:g2h",
189
+ ops: [
190
+ "create",
191
+ "read",
192
+ "head"
193
+ ]
194
+ },
195
+ {
196
+ resource: "rpc:h2g:*",
197
+ ops: [
198
+ "create",
199
+ "append",
200
+ "delete",
201
+ "head"
202
+ ]
203
+ },
204
+ {
205
+ resource: "ephemeral:*",
206
+ ops: [
207
+ "read",
208
+ "append"
209
+ ]
210
+ },
211
+ {
212
+ resource: "blob:*",
213
+ ops: [
214
+ "upload",
215
+ "download",
216
+ "head"
217
+ ]
218
+ },
219
+ {
220
+ resource: "snapshot:*",
221
+ ops: [
222
+ "upload_snapshot",
223
+ "read_snapshot"
224
+ ]
225
+ }
226
+ ];
227
+ }
228
+ if (role === "write") {
229
+ return [
230
+ {
231
+ resource: "meta",
232
+ ops: [
233
+ "read",
234
+ "head"
235
+ ]
236
+ },
237
+ {
238
+ resource: "sys-session",
239
+ ops: [
240
+ "read",
241
+ "head"
242
+ ]
243
+ },
244
+ {
245
+ resource: "doc:*",
246
+ ops: [
247
+ "create",
248
+ "read",
249
+ "append",
250
+ "head"
251
+ ]
252
+ },
253
+ {
254
+ resource: "rpc:g2h",
255
+ ops: [
256
+ "append"
257
+ ]
258
+ },
259
+ {
260
+ resource: "rpc:h2g:own",
261
+ ops: [
262
+ "create",
263
+ "read",
264
+ "head"
265
+ ]
266
+ },
267
+ {
268
+ resource: "ephemeral:*",
269
+ ops: [
270
+ "read",
271
+ "append"
272
+ ]
273
+ },
274
+ {
275
+ resource: "blob:*",
276
+ ops: [
277
+ "download",
278
+ "head"
279
+ ]
280
+ },
281
+ {
282
+ resource: "snapshot:*",
283
+ ops: [
284
+ "read_snapshot"
285
+ ]
286
+ }
287
+ ];
288
+ }
289
+ return [
290
+ {
291
+ resource: "meta",
292
+ ops: [
293
+ "read",
294
+ "head"
295
+ ]
296
+ },
297
+ {
298
+ resource: "sys-session",
299
+ ops: [
300
+ "read",
301
+ "head"
302
+ ]
303
+ },
304
+ {
305
+ resource: "doc:*",
306
+ ops: [
307
+ "create",
308
+ "read",
309
+ "head"
310
+ ]
311
+ },
312
+ {
313
+ resource: "rpc:g2h",
314
+ ops: [
315
+ "append"
316
+ ]
317
+ },
318
+ {
319
+ resource: "rpc:h2g:own",
320
+ ops: [
321
+ "create",
322
+ "read",
323
+ "head"
324
+ ]
325
+ },
326
+ {
327
+ resource: "ephemeral:*",
328
+ ops: [
329
+ "read",
330
+ "append"
331
+ ]
332
+ },
333
+ {
334
+ resource: "blob:*",
335
+ ops: [
336
+ "download",
337
+ "head"
338
+ ]
339
+ },
340
+ {
341
+ resource: "snapshot:*",
342
+ ops: [
343
+ "read_snapshot"
344
+ ]
345
+ }
346
+ ];
347
+ };
348
+ function isLocalScopedRole(value) {
349
+ return value === "host" || value === "write" || value === "read";
350
+ }
351
+ function resourceAllows(granted, requested) {
352
+ if (granted === requested) return true;
353
+ if (granted === "rpc:h2g:*" && requested === "rpc:h2g:own") return true;
354
+ return false;
355
+ }
356
+ });
357
+ export {
358
+ B as BLOB_CODE_COLLAB_FEATURES_V1,
359
+ C as CORE_CODE_COLLAB_FEATURES_V1,
360
+ d as CodeSessionError,
361
+ D as DEFAULT_CODE_COLLAB_FEATURES_V1,
362
+ R2 as REQUIRED_CORE_CODE_COLLAB_FEATURES_V1,
363
+ __tla,
364
+ a as assertCompatibleSessionStateV1,
365
+ b as assertSessionNotExpiredV1,
366
+ c as assertShareLinkMatchesSessionStateV1,
367
+ e as base64urlDecode,
368
+ f as base64urlEncode,
369
+ g as buildBlobEnvelopeAadV1,
370
+ d2 as buildEphemeralEnvelopeAadV1,
371
+ h as buildHostPresenceSigningPayload,
372
+ i as buildRpcEnvelopeAadV1,
373
+ j as buildRpcSigningPayload,
374
+ k as buildStreamPrefix,
375
+ l as canonicalJson,
376
+ m as computeBlobDigest,
377
+ e2 as computeEphemeralStateKeyV1,
378
+ n as createCodeCollabNamespace,
379
+ f2 as createCursorStateV1,
380
+ g2 as createEncryptedEphemeralStateEnvelopeV1,
381
+ h2 as createHostPresenceV1,
382
+ o as createHostRpcCancelV1,
383
+ p as createHostRpcRequestV1,
384
+ i2 as createInitialSessionStateV1,
385
+ j2 as createKeyId,
386
+ k2 as createParticipantPresenceV1,
387
+ createRolePermissions,
388
+ q as createRpcCapabilityProof,
389
+ l2 as createSelectionStateV1,
390
+ m2 as createShareLinkSecretV1,
391
+ r as decryptBlobObjectV1,
392
+ s as decryptEnvelopeV1,
393
+ n2 as decryptEphemeralPayloadV1,
394
+ t as decryptHostRpcMessageV1,
395
+ u as deriveSessionKeyBytes,
396
+ w as encryptBlobObjectV1,
397
+ x as encryptEnvelopeV1,
398
+ o2 as encryptEphemeralPayloadV1,
399
+ y as encryptHostRpcMessageV1,
400
+ z as generateContentKey,
401
+ p2 as generateHostSessionSecretsV1,
402
+ A as generatePreferredSigningPrivateKey,
403
+ E as generateSigningPrivateKey,
404
+ F as importSigningPrivateKey,
405
+ G as importVerifierKey,
406
+ H as isCanonicalJsonValue,
407
+ isLocalScopedTokenClaimsV1,
408
+ isScopedOperationAllowed,
409
+ I as normalizeCanonicalJsonValue,
410
+ J as paramsHash,
411
+ q2 as parseCursorStateV1,
412
+ K as parseEncryptedBlobObjectV1,
413
+ r2 as parseHostPresenceV1,
414
+ L as parseHostRpcMessageV1,
415
+ s2 as parseParticipantPresenceV1,
416
+ t2 as parseSelectionStateV1,
417
+ u2 as parseShareLinkV1,
418
+ M as randomBytes,
419
+ N as requiredRpcCapabilityV1,
420
+ O as serializeEncryptedBlobObjectV1,
421
+ v as serializeShareLinkV1,
422
+ P as sha256Base64Url,
423
+ Q as signBytes,
424
+ R as signCanonicalPayload,
425
+ S as signHostPresence,
426
+ T as timingSafeEqualBytes,
427
+ w2 as unwrapEncryptedEphemeralStateEnvelopeV1,
428
+ U as utf8Decode,
429
+ V as utf8Encode,
430
+ W as validateBlobPathPrefix,
431
+ validateBucketId,
432
+ validateMailboxSegment,
433
+ X as validateSerializedSigningPrivateKey,
434
+ Y as validateSerializedVerifierKey,
435
+ x2 as validateShareLinkSecretV1,
436
+ y2 as validateShareServerUrl,
437
+ validateSpaceUuid,
438
+ Z as validateStreamId,
439
+ validateStreamPrefix,
440
+ _ as verifierFromPrivateKey,
441
+ $ as verifyBytes,
442
+ a0 as verifyCanonicalPayload,
443
+ a1 as verifyHostPresence,
444
+ z2 as verifyHostPresenceV1,
445
+ a2 as verifyHostRpcCancelV1,
446
+ a3 as verifyHostRpcRequestV1,
447
+ a4 as verifyRpcCapabilityProof
448
+ };