pecunia-root 0.1.1 → 0.1.2

package/dist/node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/gssapi.mjs

@@ -1,128 +0,0 @@
-import { __commonJSMin, __require } from "../../../../../../../../_virtual/rolldown_runtime.mjs";
-import { require_error } from "../../error.mjs";
-import { require_utils } from "../../utils.mjs";
-import { require_deps } from "../../deps.mjs";
-import { require_auth_provider } from "./auth_provider.mjs";
-
-//#region ../../node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/gssapi.js
-var require_gssapi = /* @__PURE__ */ __commonJSMin(((exports) => {
-	Object.defineProperty(exports, "__esModule", { value: true });
-	exports.GSSAPI = exports.GSSAPICanonicalizationValue = void 0;
-	exports.performGSSAPICanonicalizeHostName = performGSSAPICanonicalizeHostName;
-	exports.resolveCname = resolveCname;
-	const dns = __require("dns");
-	const deps_1 = require_deps();
-	const error_1 = require_error();
-	const utils_1 = require_utils();
-	const auth_provider_1 = require_auth_provider();
-	/** @public */
-	exports.GSSAPICanonicalizationValue = Object.freeze({
-		on: true,
-		off: false,
-		none: "none",
-		forward: "forward",
-		forwardAndReverse: "forwardAndReverse"
-	});
-	async function externalCommand(connection, command) {
-		return await connection.command((0, utils_1.ns)("$external.$cmd"), command);
-	}
-	let krb;
-	var GSSAPI = class extends auth_provider_1.AuthProvider {
-		async auth(authContext) {
-			const { connection, credentials } = authContext;
-			if (credentials == null) throw new error_1.MongoMissingCredentialsError("Credentials required for GSSAPI authentication");
-			const { username } = credentials;
-			const client = await makeKerberosClient(authContext);
-			const saslStartResponse = await externalCommand(connection, saslStart(await client.step("")));
-			const saslContinueResponse = await externalCommand(connection, saslContinue(await negotiate(client, 10, saslStartResponse.payload), saslStartResponse.conversationId));
-			const finalizePayload = await finalize(client, username, saslContinueResponse.payload);
-			await externalCommand(connection, {
-				saslContinue: 1,
-				conversationId: saslContinueResponse.conversationId,
-				payload: finalizePayload
-			});
-		}
-	};
-	exports.GSSAPI = GSSAPI;
-	async function makeKerberosClient(authContext) {
-		const { hostAddress } = authContext.options;
-		const { credentials } = authContext;
-		if (!hostAddress || typeof hostAddress.host !== "string" || !credentials) throw new error_1.MongoInvalidArgumentError("Connection must have host and port and credentials defined.");
-		loadKrb();
-		if ("kModuleError" in krb) throw krb["kModuleError"];
-		const { initializeClient } = krb;
-		const { username, password } = credentials;
-		const mechanismProperties = credentials.mechanismProperties;
-		const serviceName = mechanismProperties.SERVICE_NAME ?? "mongodb";
-		const host = await performGSSAPICanonicalizeHostName(hostAddress.host, mechanismProperties);
-		const initOptions = {};
-		if (password != null) Object.assign(initOptions, {
-			user: username,
-			password
-		});
-		const spnHost = mechanismProperties.SERVICE_HOST ?? host;
-		let spn = `${serviceName}${process.platform === "win32" ? "/" : "@"}${spnHost}`;
-		if ("SERVICE_REALM" in mechanismProperties) spn = `${spn}@${mechanismProperties.SERVICE_REALM}`;
-		return await initializeClient(spn, initOptions);
-	}
-	function saslStart(payload) {
-		return {
-			saslStart: 1,
-			mechanism: "GSSAPI",
-			payload,
-			autoAuthorize: 1
-		};
-	}
-	function saslContinue(payload, conversationId) {
-		return {
-			saslContinue: 1,
-			conversationId,
-			payload
-		};
-	}
-	async function negotiate(client, retries, payload) {
-		try {
-			return await client.step(payload) || "";
-		} catch (error) {
-			if (retries === 0) throw error;
-			return await negotiate(client, retries - 1, payload);
-		}
-	}
-	async function finalize(client, user, payload) {
-		const response = await client.unwrap(payload);
-		return await client.wrap(response || "", { user });
-	}
-	async function performGSSAPICanonicalizeHostName(host, mechanismProperties) {
-		const mode = mechanismProperties.CANONICALIZE_HOST_NAME;
-		if (!mode || mode === exports.GSSAPICanonicalizationValue.none) return host;
-		if (mode === exports.GSSAPICanonicalizationValue.on || mode === exports.GSSAPICanonicalizationValue.forwardAndReverse) {
-			const { address } = await dns.promises.lookup(host);
-			try {
-				const results = await dns.promises.resolvePtr(address);
-				return results.length > 0 ? results[0] : host;
-			} catch {
-				return await resolveCname(host);
-			}
-		} else return await resolveCname(host);
-	}
-	async function resolveCname(host) {
-		try {
-			const results = await dns.promises.resolveCname(host);
-			return results.length > 0 ? results[0] : host;
-		} catch {
-			return host;
-		}
-	}
-	/**
-	* Load the Kerberos library.
-	*/
-	function loadKrb() {
-		if (!krb) krb = (0, deps_1.getKerberos)();
-	}
-}));
-
-//#endregion
-export default require_gssapi();
-
-export { require_gssapi };
-//# sourceMappingURL=gssapi.mjs.map

package/dist/node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/gssapi.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"gssapi.mjs","names":[],"sources":["../../../../../../../../../../../node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/gssapi.js"],"sourcesContent":["\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.GSSAPI = exports.GSSAPICanonicalizationValue = void 0;\nexports.performGSSAPICanonicalizeHostName = performGSSAPICanonicalizeHostName;\nexports.resolveCname = resolveCname;\nconst dns = require(\"dns\");\nconst deps_1 = require(\"../../deps\");\nconst error_1 = require(\"../../error\");\nconst utils_1 = require(\"../../utils\");\nconst auth_provider_1 = require(\"./auth_provider\");\n/** @public */\nexports.GSSAPICanonicalizationValue = Object.freeze({\n    on: true,\n    off: false,\n    none: 'none',\n    forward: 'forward',\n    forwardAndReverse: 'forwardAndReverse'\n});\nasync function externalCommand(connection, command) {\n    const response = await connection.command((0, utils_1.ns)('$external.$cmd'), command);\n    return response;\n}\nlet krb;\nclass GSSAPI extends auth_provider_1.AuthProvider {\n    async auth(authContext) {\n        const { connection, credentials } = authContext;\n        if (credentials == null) {\n            throw new error_1.MongoMissingCredentialsError('Credentials required for GSSAPI authentication');\n        }\n        const { username } = credentials;\n        const client = await makeKerberosClient(authContext);\n        const payload = await client.step('');\n        const saslStartResponse = await externalCommand(connection, saslStart(payload));\n        const negotiatedPayload = await negotiate(client, 10, saslStartResponse.payload);\n        const saslContinueResponse = await externalCommand(connection, saslContinue(negotiatedPayload, saslStartResponse.conversationId));\n        const finalizePayload = await finalize(client, username, saslContinueResponse.payload);\n        await externalCommand(connection, {\n            saslContinue: 1,\n            conversationId: saslContinueResponse.conversationId,\n            payload: finalizePayload\n        });\n    }\n}\nexports.GSSAPI = GSSAPI;\nasync function makeKerberosClient(authContext) {\n    const { hostAddress } = authContext.options;\n    const { credentials } = authContext;\n    if (!hostAddress || typeof hostAddress.host !== 'string' || !credentials) {\n        throw new error_1.MongoInvalidArgumentError('Connection must have host and port and credentials defined.');\n    }\n    loadKrb();\n    if ('kModuleError' in krb) {\n        throw krb['kModuleError'];\n    }\n    const { initializeClient } = krb;\n    const { username, password } = credentials;\n    const mechanismProperties = credentials.mechanismProperties;\n    const serviceName = mechanismProperties.SERVICE_NAME ?? 'mongodb';\n    const host = await performGSSAPICanonicalizeHostName(hostAddress.host, mechanismProperties);\n    const initOptions = {};\n    if (password != null) {\n        // TODO(NODE-5139): These do not match the typescript options in initializeClient\n        Object.assign(initOptions, { user: username, password: password });\n    }\n    const spnHost = mechanismProperties.SERVICE_HOST ?? host;\n    let spn = `${serviceName}${process.platform === 'win32' ? '/' : '@'}${spnHost}`;\n    if ('SERVICE_REALM' in mechanismProperties) {\n        spn = `${spn}@${mechanismProperties.SERVICE_REALM}`;\n    }\n    return await initializeClient(spn, initOptions);\n}\nfunction saslStart(payload) {\n    return {\n        saslStart: 1,\n        mechanism: 'GSSAPI',\n        payload,\n        autoAuthorize: 1\n    };\n}\nfunction saslContinue(payload, conversationId) {\n    return {\n        saslContinue: 1,\n        conversationId,\n        payload\n    };\n}\nasync function negotiate(client, retries, payload) {\n    try {\n        const response = await client.step(payload);\n        return response || '';\n    }\n    catch (error) {\n        if (retries === 0) {\n            // Retries exhausted, raise error\n            throw error;\n        }\n        // Adjust number of retries and call step again\n        return await negotiate(client, retries - 1, payload);\n    }\n}\nasync function finalize(client, user, payload) {\n    // GSS Client Unwrap\n    const response = await client.unwrap(payload);\n    return await client.wrap(response || '', { user });\n}\nasync function performGSSAPICanonicalizeHostName(host, mechanismProperties) {\n    const mode = mechanismProperties.CANONICALIZE_HOST_NAME;\n    if (!mode || mode === exports.GSSAPICanonicalizationValue.none) {\n        return host;\n    }\n    // If forward and reverse or true\n    if (mode === exports.GSSAPICanonicalizationValue.on ||\n        mode === exports.GSSAPICanonicalizationValue.forwardAndReverse) {\n        // Perform the lookup of the ip address.\n        const { address } = await dns.promises.lookup(host);\n        try {\n            // Perform a reverse ptr lookup on the ip address.\n            const results = await dns.promises.resolvePtr(address);\n            // If the ptr did not error but had no results, return the host.\n            return results.length > 0 ? results[0] : host;\n        }\n        catch {\n            // This can error as ptr records may not exist for all ips. In this case\n            // fallback to a cname lookup as dns.lookup() does not return the\n            // cname.\n            return await resolveCname(host);\n        }\n    }\n    else {\n        // The case for forward is just to resolve the cname as dns.lookup()\n        // will not return it.\n        return await resolveCname(host);\n    }\n}\nasync function resolveCname(host) {\n    // Attempt to resolve the host name\n    try {\n        const results = await dns.promises.resolveCname(host);\n        // Get the first resolved host id\n        return results.length > 0 ? results[0] : host;\n    }\n    catch {\n        return host;\n    }\n}\n/**\n * Load the Kerberos library.\n */\nfunction loadKrb() {\n    if (!krb) {\n        krb = (0, deps_1.getKerberos)();\n    }\n}\n//# sourceMappingURL=gssapi.js.map"],"x_google_ignoreList":[0],"mappings":";;;;;;;;AACA,QAAO,eAAe,SAAS,cAAc,EAAE,OAAO,MAAM,CAAC;AAC7D,SAAQ,SAAS,QAAQ,8BAA8B,KAAK;AAC5D,SAAQ,oCAAoC;AAC5C,SAAQ,eAAe;CACvB,MAAM,gBAAc,MAAM;CAC1B,MAAM;CACN,MAAM;CACN,MAAM;CACN,MAAM;;AAEN,SAAQ,8BAA8B,OAAO,OAAO;EAChD,IAAI;EACJ,KAAK;EACL,MAAM;EACN,SAAS;EACT,mBAAmB;EACtB,CAAC;CACF,eAAe,gBAAgB,YAAY,SAAS;AAEhD,SADiB,MAAM,WAAW,SAAS,GAAG,QAAQ,IAAI,iBAAiB,EAAE,QAAQ;;CAGzF,IAAI;CACJ,IAAM,SAAN,cAAqB,gBAAgB,aAAa;EAC9C,MAAM,KAAK,aAAa;GACpB,MAAM,EAAE,YAAY,gBAAgB;AACpC,OAAI,eAAe,KACf,OAAM,IAAI,QAAQ,6BAA6B,iDAAiD;GAEpG,MAAM,EAAE,aAAa;GACrB,MAAM,SAAS,MAAM,mBAAmB,YAAY;GAEpD,MAAM,oBAAoB,MAAM,gBAAgB,YAAY,UAD5C,MAAM,OAAO,KAAK,GAAG,CACyC,CAAC;GAE/E,MAAM,uBAAuB,MAAM,gBAAgB,YAAY,aADrC,MAAM,UAAU,QAAQ,IAAI,kBAAkB,QAAQ,EACe,kBAAkB,eAAe,CAAC;GACjI,MAAM,kBAAkB,MAAM,SAAS,QAAQ,UAAU,qBAAqB,QAAQ;AACtF,SAAM,gBAAgB,YAAY;IAC9B,cAAc;IACd,gBAAgB,qBAAqB;IACrC,SAAS;IACZ,CAAC;;;AAGV,SAAQ,SAAS;CACjB,eAAe,mBAAmB,aAAa;EAC3C,MAAM,EAAE,gBAAgB,YAAY;EACpC,MAAM,EAAE,gBAAgB;AACxB,MAAI,CAAC,eAAe,OAAO,YAAY,SAAS,YAAY,CAAC,YACzD,OAAM,IAAI,QAAQ,0BAA0B,8DAA8D;AAE9G,WAAS;AACT,MAAI,kBAAkB,IAClB,OAAM,IAAI;EAEd,MAAM,EAAE,qBAAqB;EAC7B,MAAM,EAAE,UAAU,aAAa;EAC/B,MAAM,sBAAsB,YAAY;EACxC,MAAM,cAAc,oBAAoB,gBAAgB;EACxD,MAAM,OAAO,MAAM,kCAAkC,YAAY,MAAM,oBAAoB;EAC3F,MAAM,cAAc,EAAE;AACtB,MAAI,YAAY,KAEZ,QAAO,OAAO,aAAa;GAAE,MAAM;GAAoB;GAAU,CAAC;EAEtE,MAAM,UAAU,oBAAoB,gBAAgB;EACpD,IAAI,MAAM,GAAG,cAAc,QAAQ,aAAa,UAAU,MAAM,MAAM;AACtE,MAAI,mBAAmB,oBACnB,OAAM,GAAG,IAAI,GAAG,oBAAoB;AAExC,SAAO,MAAM,iBAAiB,KAAK,YAAY;;CAEnD,SAAS,UAAU,SAAS;AACxB,SAAO;GACH,WAAW;GACX,WAAW;GACX;GACA,eAAe;GAClB;;CAEL,SAAS,aAAa,SAAS,gBAAgB;AAC3C,SAAO;GACH,cAAc;GACd;GACA;GACH;;CAEL,eAAe,UAAU,QAAQ,SAAS,SAAS;AAC/C,MAAI;AAEA,UADiB,MAAM,OAAO,KAAK,QAAQ,IACxB;WAEhB,OAAO;AACV,OAAI,YAAY,EAEZ,OAAM;AAGV,UAAO,MAAM,UAAU,QAAQ,UAAU,GAAG,QAAQ;;;CAG5D,eAAe,SAAS,QAAQ,MAAM,SAAS;EAE3C,MAAM,WAAW,MAAM,OAAO,OAAO,QAAQ;AAC7C,SAAO,MAAM,OAAO,KAAK,YAAY,IAAI,EAAE,MAAM,CAAC;;CAEtD,eAAe,kCAAkC,MAAM,qBAAqB;EACxE,MAAM,OAAO,oBAAoB;AACjC,MAAI,CAAC,QAAQ,SAAS,QAAQ,4BAA4B,KACtD,QAAO;AAGX,MAAI,SAAS,QAAQ,4BAA4B,MAC7C,SAAS,QAAQ,4BAA4B,mBAAmB;GAEhE,MAAM,EAAE,YAAY,MAAM,IAAI,SAAS,OAAO,KAAK;AACnD,OAAI;IAEA,MAAM,UAAU,MAAM,IAAI,SAAS,WAAW,QAAQ;AAEtD,WAAO,QAAQ,SAAS,IAAI,QAAQ,KAAK;WAEvC;AAIF,WAAO,MAAM,aAAa,KAAK;;QAMnC,QAAO,MAAM,aAAa,KAAK;;CAGvC,eAAe,aAAa,MAAM;AAE9B,MAAI;GACA,MAAM,UAAU,MAAM,IAAI,SAAS,aAAa,KAAK;AAErD,UAAO,QAAQ,SAAS,IAAI,QAAQ,KAAK;UAEvC;AACF,UAAO;;;;;;CAMf,SAAS,UAAU;AACf,MAAI,CAAC,IACD,QAAO,GAAG,OAAO,cAAc"}

package/dist/node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongo_credentials.mjs

@@ -1,133 +0,0 @@
-import { __commonJSMin } from "../../../../../../../../_virtual/rolldown_runtime.mjs";
-import { require_error } from "../../error.mjs";
-import { require_gssapi } from "./gssapi.mjs";
-import { require_providers } from "./providers.mjs";
-
-//#region ../../node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongo_credentials.js
-var require_mongo_credentials = /* @__PURE__ */ __commonJSMin(((exports) => {
-	Object.defineProperty(exports, "__esModule", { value: true });
-	exports.MongoCredentials = exports.DEFAULT_ALLOWED_HOSTS = void 0;
-	const error_1 = require_error();
-	const gssapi_1 = require_gssapi();
-	const providers_1 = require_providers();
-	/**
-	* @see https://github.com/mongodb/specifications/blob/master/source/auth/auth.md
-	*/
-	function getDefaultAuthMechanism(hello) {
-		if (hello) {
-			if (Array.isArray(hello.saslSupportedMechs)) return hello.saslSupportedMechs.includes(providers_1.AuthMechanism.MONGODB_SCRAM_SHA256) ? providers_1.AuthMechanism.MONGODB_SCRAM_SHA256 : providers_1.AuthMechanism.MONGODB_SCRAM_SHA1;
-		}
-		return providers_1.AuthMechanism.MONGODB_SCRAM_SHA256;
-	}
-	const ALLOWED_ENVIRONMENT_NAMES = [
-		"test",
-		"azure",
-		"gcp",
-		"k8s"
-	];
-	const ALLOWED_HOSTS_ERROR = "Auth mechanism property ALLOWED_HOSTS must be an array of strings.";
-	/** @internal */
-	exports.DEFAULT_ALLOWED_HOSTS = [
-		"*.mongodb.net",
-		"*.mongodb-qa.net",
-		"*.mongodb-dev.net",
-		"*.mongodbgov.net",
-		"localhost",
-		"127.0.0.1",
-		"::1"
-	];
-	/** Error for when the token audience is missing in the environment. */
-	const TOKEN_RESOURCE_MISSING_ERROR = "TOKEN_RESOURCE must be set in the auth mechanism properties when ENVIRONMENT is azure or gcp.";
-	/**
-	* A representation of the credentials used by MongoDB
-	* @public
-	*/
-	var MongoCredentials = class MongoCredentials {
-		constructor(options) {
-			this.username = options.username ?? "";
-			this.password = options.password;
-			this.source = options.source;
-			if (!this.source && options.db) this.source = options.db;
-			this.mechanism = options.mechanism || providers_1.AuthMechanism.MONGODB_DEFAULT;
-			this.mechanismProperties = options.mechanismProperties || {};
-			if (this.mechanism.match(/MONGODB-AWS/i)) {
-				if (!this.username && process.env.AWS_ACCESS_KEY_ID) this.username = process.env.AWS_ACCESS_KEY_ID;
-				if (!this.password && process.env.AWS_SECRET_ACCESS_KEY) this.password = process.env.AWS_SECRET_ACCESS_KEY;
-				if (this.mechanismProperties.AWS_SESSION_TOKEN == null && process.env.AWS_SESSION_TOKEN != null) this.mechanismProperties = {
-					...this.mechanismProperties,
-					AWS_SESSION_TOKEN: process.env.AWS_SESSION_TOKEN
-				};
-			}
-			if (this.mechanism === providers_1.AuthMechanism.MONGODB_OIDC && !this.mechanismProperties.ALLOWED_HOSTS) this.mechanismProperties = {
-				...this.mechanismProperties,
-				ALLOWED_HOSTS: exports.DEFAULT_ALLOWED_HOSTS
-			};
-			Object.freeze(this.mechanismProperties);
-			Object.freeze(this);
-		}
-		/** Determines if two MongoCredentials objects are equivalent */
-		equals(other) {
-			return this.mechanism === other.mechanism && this.username === other.username && this.password === other.password && this.source === other.source;
-		}
-		/**
-		* If the authentication mechanism is set to "default", resolves the authMechanism
-		* based on the server version and server supported sasl mechanisms.
-		*
-		* @param hello - A hello response from the server
-		*/
-		resolveAuthMechanism(hello) {
-			if (this.mechanism.match(/DEFAULT/i)) return new MongoCredentials({
-				username: this.username,
-				password: this.password,
-				source: this.source,
-				mechanism: getDefaultAuthMechanism(hello),
-				mechanismProperties: this.mechanismProperties
-			});
-			return this;
-		}
-		validate() {
-			if ((this.mechanism === providers_1.AuthMechanism.MONGODB_GSSAPI || this.mechanism === providers_1.AuthMechanism.MONGODB_PLAIN || this.mechanism === providers_1.AuthMechanism.MONGODB_SCRAM_SHA1 || this.mechanism === providers_1.AuthMechanism.MONGODB_SCRAM_SHA256) && !this.username) throw new error_1.MongoMissingCredentialsError(`Username required for mechanism '${this.mechanism}'`);
-			if (this.mechanism === providers_1.AuthMechanism.MONGODB_OIDC) {
-				if (this.username && this.mechanismProperties.ENVIRONMENT && this.mechanismProperties.ENVIRONMENT !== "azure") throw new error_1.MongoInvalidArgumentError(`username and ENVIRONMENT '${this.mechanismProperties.ENVIRONMENT}' may not be used together for mechanism '${this.mechanism}'.`);
-				if (this.username && this.password) throw new error_1.MongoInvalidArgumentError(`No password is allowed in ENVIRONMENT '${this.mechanismProperties.ENVIRONMENT}' for '${this.mechanism}'.`);
-				if ((this.mechanismProperties.ENVIRONMENT === "azure" || this.mechanismProperties.ENVIRONMENT === "gcp") && !this.mechanismProperties.TOKEN_RESOURCE) throw new error_1.MongoInvalidArgumentError(TOKEN_RESOURCE_MISSING_ERROR);
-				if (this.mechanismProperties.ENVIRONMENT && !ALLOWED_ENVIRONMENT_NAMES.includes(this.mechanismProperties.ENVIRONMENT)) throw new error_1.MongoInvalidArgumentError(`Currently only a ENVIRONMENT in ${ALLOWED_ENVIRONMENT_NAMES.join(",")} is supported for mechanism '${this.mechanism}'.`);
-				if (!this.mechanismProperties.ENVIRONMENT && !this.mechanismProperties.OIDC_CALLBACK && !this.mechanismProperties.OIDC_HUMAN_CALLBACK) throw new error_1.MongoInvalidArgumentError(`Either a ENVIRONMENT, OIDC_CALLBACK, or OIDC_HUMAN_CALLBACK must be specified for mechanism '${this.mechanism}'.`);
-				if (this.mechanismProperties.ALLOWED_HOSTS) {
-					const hosts = this.mechanismProperties.ALLOWED_HOSTS;
-					if (!Array.isArray(hosts)) throw new error_1.MongoInvalidArgumentError(ALLOWED_HOSTS_ERROR);
-					for (const host of hosts) if (typeof host !== "string") throw new error_1.MongoInvalidArgumentError(ALLOWED_HOSTS_ERROR);
-				}
-			}
-			if (providers_1.AUTH_MECHS_AUTH_SRC_EXTERNAL.has(this.mechanism)) {
-				if (this.source != null && this.source !== "$external") throw new error_1.MongoAPIError(`Invalid source '${this.source}' for mechanism '${this.mechanism}' specified.`);
-			}
-			if (this.mechanism === providers_1.AuthMechanism.MONGODB_PLAIN && this.source == null) throw new error_1.MongoAPIError("PLAIN Authentication Mechanism needs an auth source");
-			if (this.mechanism === providers_1.AuthMechanism.MONGODB_X509 && this.password != null) {
-				if (this.password === "") {
-					Reflect.set(this, "password", void 0);
-					return;
-				}
-				throw new error_1.MongoAPIError(`Password not allowed for mechanism MONGODB-X509`);
-			}
-			const canonicalization = this.mechanismProperties.CANONICALIZE_HOST_NAME ?? false;
-			if (!Object.values(gssapi_1.GSSAPICanonicalizationValue).includes(canonicalization)) throw new error_1.MongoAPIError(`Invalid CANONICALIZE_HOST_NAME value: ${canonicalization}`);
-		}
-		static merge(creds, options) {
-			return new MongoCredentials({
-				username: options.username ?? creds?.username ?? "",
-				password: options.password ?? creds?.password ?? "",
-				mechanism: options.mechanism ?? creds?.mechanism ?? providers_1.AuthMechanism.MONGODB_DEFAULT,
-				mechanismProperties: options.mechanismProperties ?? creds?.mechanismProperties ?? {},
-				source: options.source ?? options.db ?? creds?.source ?? "admin"
-			});
-		}
-	};
-	exports.MongoCredentials = MongoCredentials;
-}));
-
-//#endregion
-export default require_mongo_credentials();
-
-export { require_mongo_credentials };
-//# sourceMappingURL=mongo_credentials.mjs.map

package/dist/node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongo_credentials.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"mongo_credentials.mjs","names":[],"sources":["../../../../../../../../../../../node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongo_credentials.js"],"sourcesContent":["\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.MongoCredentials = exports.DEFAULT_ALLOWED_HOSTS = void 0;\nconst error_1 = require(\"../../error\");\nconst gssapi_1 = require(\"./gssapi\");\nconst providers_1 = require(\"./providers\");\n/**\n * @see https://github.com/mongodb/specifications/blob/master/source/auth/auth.md\n */\nfunction getDefaultAuthMechanism(hello) {\n    if (hello) {\n        // If hello contains saslSupportedMechs, use scram-sha-256\n        // if it is available, else scram-sha-1\n        if (Array.isArray(hello.saslSupportedMechs)) {\n            return hello.saslSupportedMechs.includes(providers_1.AuthMechanism.MONGODB_SCRAM_SHA256)\n                ? providers_1.AuthMechanism.MONGODB_SCRAM_SHA256\n                : providers_1.AuthMechanism.MONGODB_SCRAM_SHA1;\n        }\n    }\n    // Default auth mechanism for 4.0 and higher.\n    return providers_1.AuthMechanism.MONGODB_SCRAM_SHA256;\n}\nconst ALLOWED_ENVIRONMENT_NAMES = [\n    'test',\n    'azure',\n    'gcp',\n    'k8s'\n];\nconst ALLOWED_HOSTS_ERROR = 'Auth mechanism property ALLOWED_HOSTS must be an array of strings.';\n/** @internal */\nexports.DEFAULT_ALLOWED_HOSTS = [\n    '*.mongodb.net',\n    '*.mongodb-qa.net',\n    '*.mongodb-dev.net',\n    '*.mongodbgov.net',\n    'localhost',\n    '127.0.0.1',\n    '::1'\n];\n/** Error for when the token audience is missing in the environment. */\nconst TOKEN_RESOURCE_MISSING_ERROR = 'TOKEN_RESOURCE must be set in the auth mechanism properties when ENVIRONMENT is azure or gcp.';\n/**\n * A representation of the credentials used by MongoDB\n * @public\n */\nclass MongoCredentials {\n    constructor(options) {\n        this.username = options.username ?? '';\n        this.password = options.password;\n        this.source = options.source;\n        if (!this.source && options.db) {\n            this.source = options.db;\n        }\n        this.mechanism = options.mechanism || providers_1.AuthMechanism.MONGODB_DEFAULT;\n        this.mechanismProperties = options.mechanismProperties || {};\n        if (this.mechanism.match(/MONGODB-AWS/i)) {\n            if (!this.username && process.env.AWS_ACCESS_KEY_ID) {\n                this.username = process.env.AWS_ACCESS_KEY_ID;\n            }\n            if (!this.password && process.env.AWS_SECRET_ACCESS_KEY) {\n                this.password = process.env.AWS_SECRET_ACCESS_KEY;\n            }\n            if (this.mechanismProperties.AWS_SESSION_TOKEN == null &&\n                process.env.AWS_SESSION_TOKEN != null) {\n                this.mechanismProperties = {\n                    ...this.mechanismProperties,\n                    AWS_SESSION_TOKEN: process.env.AWS_SESSION_TOKEN\n                };\n            }\n        }\n        if (this.mechanism === providers_1.AuthMechanism.MONGODB_OIDC && !this.mechanismProperties.ALLOWED_HOSTS) {\n            this.mechanismProperties = {\n                ...this.mechanismProperties,\n                ALLOWED_HOSTS: exports.DEFAULT_ALLOWED_HOSTS\n            };\n        }\n        Object.freeze(this.mechanismProperties);\n        Object.freeze(this);\n    }\n    /** Determines if two MongoCredentials objects are equivalent */\n    equals(other) {\n        return (this.mechanism === other.mechanism &&\n            this.username === other.username &&\n            this.password === other.password &&\n            this.source === other.source);\n    }\n    /**\n     * If the authentication mechanism is set to \"default\", resolves the authMechanism\n     * based on the server version and server supported sasl mechanisms.\n     *\n     * @param hello - A hello response from the server\n     */\n    resolveAuthMechanism(hello) {\n        // If the mechanism is not \"default\", then it does not need to be resolved\n        if (this.mechanism.match(/DEFAULT/i)) {\n            return new MongoCredentials({\n                username: this.username,\n                password: this.password,\n                source: this.source,\n                mechanism: getDefaultAuthMechanism(hello),\n                mechanismProperties: this.mechanismProperties\n            });\n        }\n        return this;\n    }\n    validate() {\n        if ((this.mechanism === providers_1.AuthMechanism.MONGODB_GSSAPI ||\n            this.mechanism === providers_1.AuthMechanism.MONGODB_PLAIN ||\n            this.mechanism === providers_1.AuthMechanism.MONGODB_SCRAM_SHA1 ||\n            this.mechanism === providers_1.AuthMechanism.MONGODB_SCRAM_SHA256) &&\n            !this.username) {\n            throw new error_1.MongoMissingCredentialsError(`Username required for mechanism '${this.mechanism}'`);\n        }\n        if (this.mechanism === providers_1.AuthMechanism.MONGODB_OIDC) {\n            if (this.username &&\n                this.mechanismProperties.ENVIRONMENT &&\n                this.mechanismProperties.ENVIRONMENT !== 'azure') {\n                throw new error_1.MongoInvalidArgumentError(`username and ENVIRONMENT '${this.mechanismProperties.ENVIRONMENT}' may not be used together for mechanism '${this.mechanism}'.`);\n            }\n            if (this.username && this.password) {\n                throw new error_1.MongoInvalidArgumentError(`No password is allowed in ENVIRONMENT '${this.mechanismProperties.ENVIRONMENT}' for '${this.mechanism}'.`);\n            }\n            if ((this.mechanismProperties.ENVIRONMENT === 'azure' ||\n                this.mechanismProperties.ENVIRONMENT === 'gcp') &&\n                !this.mechanismProperties.TOKEN_RESOURCE) {\n                throw new error_1.MongoInvalidArgumentError(TOKEN_RESOURCE_MISSING_ERROR);\n            }\n            if (this.mechanismProperties.ENVIRONMENT &&\n                !ALLOWED_ENVIRONMENT_NAMES.includes(this.mechanismProperties.ENVIRONMENT)) {\n                throw new error_1.MongoInvalidArgumentError(`Currently only a ENVIRONMENT in ${ALLOWED_ENVIRONMENT_NAMES.join(',')} is supported for mechanism '${this.mechanism}'.`);\n            }\n            if (!this.mechanismProperties.ENVIRONMENT &&\n                !this.mechanismProperties.OIDC_CALLBACK &&\n                !this.mechanismProperties.OIDC_HUMAN_CALLBACK) {\n                throw new error_1.MongoInvalidArgumentError(`Either a ENVIRONMENT, OIDC_CALLBACK, or OIDC_HUMAN_CALLBACK must be specified for mechanism '${this.mechanism}'.`);\n            }\n            if (this.mechanismProperties.ALLOWED_HOSTS) {\n                const hosts = this.mechanismProperties.ALLOWED_HOSTS;\n                if (!Array.isArray(hosts)) {\n                    throw new error_1.MongoInvalidArgumentError(ALLOWED_HOSTS_ERROR);\n                }\n                for (const host of hosts) {\n                    if (typeof host !== 'string') {\n                        throw new error_1.MongoInvalidArgumentError(ALLOWED_HOSTS_ERROR);\n                    }\n                }\n            }\n        }\n        if (providers_1.AUTH_MECHS_AUTH_SRC_EXTERNAL.has(this.mechanism)) {\n            if (this.source != null && this.source !== '$external') {\n                // TODO(NODE-3485): Replace this with a MongoAuthValidationError\n                throw new error_1.MongoAPIError(`Invalid source '${this.source}' for mechanism '${this.mechanism}' specified.`);\n            }\n        }\n        if (this.mechanism === providers_1.AuthMechanism.MONGODB_PLAIN && this.source == null) {\n            // TODO(NODE-3485): Replace this with a MongoAuthValidationError\n            throw new error_1.MongoAPIError('PLAIN Authentication Mechanism needs an auth source');\n        }\n        if (this.mechanism === providers_1.AuthMechanism.MONGODB_X509 && this.password != null) {\n            if (this.password === '') {\n                Reflect.set(this, 'password', undefined);\n                return;\n            }\n            // TODO(NODE-3485): Replace this with a MongoAuthValidationError\n            throw new error_1.MongoAPIError(`Password not allowed for mechanism MONGODB-X509`);\n        }\n        const canonicalization = this.mechanismProperties.CANONICALIZE_HOST_NAME ?? false;\n        if (!Object.values(gssapi_1.GSSAPICanonicalizationValue).includes(canonicalization)) {\n            throw new error_1.MongoAPIError(`Invalid CANONICALIZE_HOST_NAME value: ${canonicalization}`);\n        }\n    }\n    static merge(creds, options) {\n        return new MongoCredentials({\n            username: options.username ?? creds?.username ?? '',\n            password: options.password ?? creds?.password ?? '',\n            mechanism: options.mechanism ?? creds?.mechanism ?? providers_1.AuthMechanism.MONGODB_DEFAULT,\n            mechanismProperties: options.mechanismProperties ?? creds?.mechanismProperties ?? {},\n            source: options.source ?? options.db ?? creds?.source ?? 'admin'\n        });\n    }\n}\nexports.MongoCredentials = MongoCredentials;\n//# sourceMappingURL=mongo_credentials.js.map"],"x_google_ignoreList":[0],"mappings":";;;;;;;AACA,QAAO,eAAe,SAAS,cAAc,EAAE,OAAO,MAAM,CAAC;AAC7D,SAAQ,mBAAmB,QAAQ,wBAAwB,KAAK;CAChE,MAAM;CACN,MAAM;CACN,MAAM;;;;CAIN,SAAS,wBAAwB,OAAO;AACpC,MAAI,OAGA;OAAI,MAAM,QAAQ,MAAM,mBAAmB,CACvC,QAAO,MAAM,mBAAmB,SAAS,YAAY,cAAc,qBAAqB,GAClF,YAAY,cAAc,uBAC1B,YAAY,cAAc;;AAIxC,SAAO,YAAY,cAAc;;CAErC,MAAM,4BAA4B;EAC9B;EACA;EACA;EACA;EACH;CACD,MAAM,sBAAsB;;AAE5B,SAAQ,wBAAwB;EAC5B;EACA;EACA;EACA;EACA;EACA;EACA;EACH;;CAED,MAAM,+BAA+B;;;;;CAKrC,IAAM,mBAAN,MAAM,iBAAiB;EACnB,YAAY,SAAS;AACjB,QAAK,WAAW,QAAQ,YAAY;AACpC,QAAK,WAAW,QAAQ;AACxB,QAAK,SAAS,QAAQ;AACtB,OAAI,CAAC,KAAK,UAAU,QAAQ,GACxB,MAAK,SAAS,QAAQ;AAE1B,QAAK,YAAY,QAAQ,aAAa,YAAY,cAAc;AAChE,QAAK,sBAAsB,QAAQ,uBAAuB,EAAE;AAC5D,OAAI,KAAK,UAAU,MAAM,eAAe,EAAE;AACtC,QAAI,CAAC,KAAK,YAAY,QAAQ,IAAI,kBAC9B,MAAK,WAAW,QAAQ,IAAI;AAEhC,QAAI,CAAC,KAAK,YAAY,QAAQ,IAAI,sBAC9B,MAAK,WAAW,QAAQ,IAAI;AAEhC,QAAI,KAAK,oBAAoB,qBAAqB,QAC9C,QAAQ,IAAI,qBAAqB,KACjC,MAAK,sBAAsB;KACvB,GAAG,KAAK;KACR,mBAAmB,QAAQ,IAAI;KAClC;;AAGT,OAAI,KAAK,cAAc,YAAY,cAAc,gBAAgB,CAAC,KAAK,oBAAoB,cACvF,MAAK,sBAAsB;IACvB,GAAG,KAAK;IACR,eAAe,QAAQ;IAC1B;AAEL,UAAO,OAAO,KAAK,oBAAoB;AACvC,UAAO,OAAO,KAAK;;;EAGvB,OAAO,OAAO;AACV,UAAQ,KAAK,cAAc,MAAM,aAC7B,KAAK,aAAa,MAAM,YACxB,KAAK,aAAa,MAAM,YACxB,KAAK,WAAW,MAAM;;;;;;;;EAQ9B,qBAAqB,OAAO;AAExB,OAAI,KAAK,UAAU,MAAM,WAAW,CAChC,QAAO,IAAI,iBAAiB;IACxB,UAAU,KAAK;IACf,UAAU,KAAK;IACf,QAAQ,KAAK;IACb,WAAW,wBAAwB,MAAM;IACzC,qBAAqB,KAAK;IAC7B,CAAC;AAEN,UAAO;;EAEX,WAAW;AACP,QAAK,KAAK,cAAc,YAAY,cAAc,kBAC9C,KAAK,cAAc,YAAY,cAAc,iBAC7C,KAAK,cAAc,YAAY,cAAc,sBAC7C,KAAK,cAAc,YAAY,cAAc,yBAC7C,CAAC,KAAK,SACN,OAAM,IAAI,QAAQ,6BAA6B,oCAAoC,KAAK,UAAU,GAAG;AAEzG,OAAI,KAAK,cAAc,YAAY,cAAc,cAAc;AAC3D,QAAI,KAAK,YACL,KAAK,oBAAoB,eACzB,KAAK,oBAAoB,gBAAgB,QACzC,OAAM,IAAI,QAAQ,0BAA0B,6BAA6B,KAAK,oBAAoB,YAAY,4CAA4C,KAAK,UAAU,IAAI;AAEjL,QAAI,KAAK,YAAY,KAAK,SACtB,OAAM,IAAI,QAAQ,0BAA0B,0CAA0C,KAAK,oBAAoB,YAAY,SAAS,KAAK,UAAU,IAAI;AAE3J,SAAK,KAAK,oBAAoB,gBAAgB,WAC1C,KAAK,oBAAoB,gBAAgB,UACzC,CAAC,KAAK,oBAAoB,eAC1B,OAAM,IAAI,QAAQ,0BAA0B,6BAA6B;AAE7E,QAAI,KAAK,oBAAoB,eACzB,CAAC,0BAA0B,SAAS,KAAK,oBAAoB,YAAY,CACzE,OAAM,IAAI,QAAQ,0BAA0B,mCAAmC,0BAA0B,KAAK,IAAI,CAAC,+BAA+B,KAAK,UAAU,IAAI;AAEzK,QAAI,CAAC,KAAK,oBAAoB,eAC1B,CAAC,KAAK,oBAAoB,iBAC1B,CAAC,KAAK,oBAAoB,oBAC1B,OAAM,IAAI,QAAQ,0BAA0B,gGAAgG,KAAK,UAAU,IAAI;AAEnK,QAAI,KAAK,oBAAoB,eAAe;KACxC,MAAM,QAAQ,KAAK,oBAAoB;AACvC,SAAI,CAAC,MAAM,QAAQ,MAAM,CACrB,OAAM,IAAI,QAAQ,0BAA0B,oBAAoB;AAEpE,UAAK,MAAM,QAAQ,MACf,KAAI,OAAO,SAAS,SAChB,OAAM,IAAI,QAAQ,0BAA0B,oBAAoB;;;AAKhF,OAAI,YAAY,6BAA6B,IAAI,KAAK,UAAU,EAC5D;QAAI,KAAK,UAAU,QAAQ,KAAK,WAAW,YAEvC,OAAM,IAAI,QAAQ,cAAc,mBAAmB,KAAK,OAAO,mBAAmB,KAAK,UAAU,cAAc;;AAGvH,OAAI,KAAK,cAAc,YAAY,cAAc,iBAAiB,KAAK,UAAU,KAE7E,OAAM,IAAI,QAAQ,cAAc,sDAAsD;AAE1F,OAAI,KAAK,cAAc,YAAY,cAAc,gBAAgB,KAAK,YAAY,MAAM;AACpF,QAAI,KAAK,aAAa,IAAI;AACtB,aAAQ,IAAI,MAAM,YAAY,OAAU;AACxC;;AAGJ,UAAM,IAAI,QAAQ,cAAc,kDAAkD;;GAEtF,MAAM,mBAAmB,KAAK,oBAAoB,0BAA0B;AAC5E,OAAI,CAAC,OAAO,OAAO,SAAS,4BAA4B,CAAC,SAAS,iBAAiB,CAC/E,OAAM,IAAI,QAAQ,cAAc,yCAAyC,mBAAmB;;EAGpG,OAAO,MAAM,OAAO,SAAS;AACzB,UAAO,IAAI,iBAAiB;IACxB,UAAU,QAAQ,YAAY,OAAO,YAAY;IACjD,UAAU,QAAQ,YAAY,OAAO,YAAY;IACjD,WAAW,QAAQ,aAAa,OAAO,aAAa,YAAY,cAAc;IAC9E,qBAAqB,QAAQ,uBAAuB,OAAO,uBAAuB,EAAE;IACpF,QAAQ,QAAQ,UAAU,QAAQ,MAAM,OAAO,UAAU;IAC5D,CAAC;;;AAGV,SAAQ,mBAAmB"}

package/dist/node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_aws.mjs

@@ -1,126 +0,0 @@
-import { __commonJSMin } from "../../../../../../../../_virtual/rolldown_runtime.mjs";
-import { require_bson } from "../../bson.mjs";
-import { require_error } from "../../error.mjs";
-import { require_utils } from "../../utils.mjs";
-import { require_deps } from "../../deps.mjs";
-import { require_auth_provider } from "./auth_provider.mjs";
-import { require_providers } from "./providers.mjs";
-import { require_mongo_credentials } from "./mongo_credentials.mjs";
-import { require_aws_temporary_credentials } from "./aws_temporary_credentials.mjs";
-
-//#region ../../node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_aws.js
-var require_mongodb_aws = /* @__PURE__ */ __commonJSMin(((exports) => {
-	Object.defineProperty(exports, "__esModule", { value: true });
-	exports.MongoDBAWS = void 0;
-	const BSON = require_bson();
-	const deps_1 = require_deps();
-	const error_1 = require_error();
-	const utils_1 = require_utils();
-	const auth_provider_1 = require_auth_provider();
-	const aws_temporary_credentials_1 = require_aws_temporary_credentials();
-	const mongo_credentials_1 = require_mongo_credentials();
-	const providers_1 = require_providers();
-	const ASCII_N = 110;
-	const bsonOptions = {
-		useBigInt64: false,
-		promoteLongs: true,
-		promoteValues: true,
-		promoteBuffers: false,
-		bsonRegExp: false
-	};
-	var MongoDBAWS = class extends auth_provider_1.AuthProvider {
-		constructor(credentialProvider) {
-			super();
-			this.credentialProvider = credentialProvider;
-			this.credentialFetcher = aws_temporary_credentials_1.AWSTemporaryCredentialProvider.isAWSSDKInstalled ? new aws_temporary_credentials_1.AWSSDKCredentialProvider(credentialProvider) : new aws_temporary_credentials_1.LegacyAWSTemporaryCredentialProvider();
-		}
-		async auth(authContext) {
-			const { connection } = authContext;
-			if (!authContext.credentials) throw new error_1.MongoMissingCredentialsError("AuthContext must provide credentials.");
-			if ("kModuleError" in deps_1.aws4) throw deps_1.aws4["kModuleError"];
-			const { sign } = deps_1.aws4;
-			if ((0, utils_1.maxWireVersion)(connection) < 9) throw new error_1.MongoCompatibilityError("MONGODB-AWS authentication requires MongoDB version 4.4 or later");
-			if (!authContext.credentials.username) authContext.credentials = await makeTempCredentials(authContext.credentials, this.credentialFetcher);
-			const { credentials } = authContext;
-			const accessKeyId = credentials.username;
-			const secretAccessKey = credentials.password;
-			const sessionToken = credentials.mechanismProperties.AWS_SESSION_TOKEN;
-			const awsCredentials = accessKeyId && secretAccessKey && sessionToken ? {
-				accessKeyId,
-				secretAccessKey,
-				sessionToken
-			} : accessKeyId && secretAccessKey ? {
-				accessKeyId,
-				secretAccessKey
-			} : void 0;
-			const db = credentials.source;
-			const nonce = await (0, utils_1.randomBytes)(32);
-			const saslStart = {
-				saslStart: 1,
-				mechanism: "MONGODB-AWS",
-				payload: BSON.serialize({
-					r: nonce,
-					p: ASCII_N
-				}, bsonOptions)
-			};
-			const saslStartResponse = await connection.command((0, utils_1.ns)(`${db}.$cmd`), saslStart, void 0);
-			const serverResponse = BSON.deserialize(saslStartResponse.payload.buffer, bsonOptions);
-			const host = serverResponse.h;
-			const serverNonce = serverResponse.s.buffer;
-			if (serverNonce.length !== 64) throw new error_1.MongoRuntimeError(`Invalid server nonce length ${serverNonce.length}, expected 64`);
-			if (!utils_1.ByteUtils.equals(serverNonce.subarray(0, nonce.byteLength), nonce)) throw new error_1.MongoRuntimeError("Server nonce does not begin with client nonce");
-			if (host.length < 1 || host.length > 255 || host.indexOf("..") !== -1) throw new error_1.MongoRuntimeError(`Server returned an invalid host: "${host}"`);
-			const body = "Action=GetCallerIdentity&Version=2011-06-15";
-			const options = sign({
-				method: "POST",
-				host,
-				region: deriveRegion(serverResponse.h),
-				service: "sts",
-				headers: {
-					"Content-Type": "application/x-www-form-urlencoded",
-					"Content-Length": 43,
-					"X-MongoDB-Server-Nonce": utils_1.ByteUtils.toBase64(serverNonce),
-					"X-MongoDB-GS2-CB-Flag": "n"
-				},
-				path: "/",
-				body
-			}, awsCredentials);
-			const payload = {
-				a: options.headers.Authorization,
-				d: options.headers["X-Amz-Date"]
-			};
-			if (sessionToken) payload.t = sessionToken;
-			const saslContinue = {
-				saslContinue: 1,
-				conversationId: saslStartResponse.conversationId,
-				payload: BSON.serialize(payload, bsonOptions)
-			};
-			await connection.command((0, utils_1.ns)(`${db}.$cmd`), saslContinue, void 0);
-		}
-	};
-	exports.MongoDBAWS = MongoDBAWS;
-	async function makeTempCredentials(credentials, awsCredentialFetcher) {
-		function makeMongoCredentialsFromAWSTemp(creds) {
-			if (!creds.AccessKeyId || !creds.SecretAccessKey) throw new error_1.MongoMissingCredentialsError("Could not obtain temporary MONGODB-AWS credentials");
-			return new mongo_credentials_1.MongoCredentials({
-				username: creds.AccessKeyId,
-				password: creds.SecretAccessKey,
-				source: credentials.source,
-				mechanism: providers_1.AuthMechanism.MONGODB_AWS,
-				mechanismProperties: { AWS_SESSION_TOKEN: creds.Token }
-			});
-		}
-		return makeMongoCredentialsFromAWSTemp(await awsCredentialFetcher.getCredentials());
-	}
-	function deriveRegion(host) {
-		const parts = host.split(".");
-		if (parts.length === 1 || parts[1] === "amazonaws") return "us-east-1";
-		return parts[1];
-	}
-}));
-
-//#endregion
-export default require_mongodb_aws();
-
-export { require_mongodb_aws };
-//# sourceMappingURL=mongodb_aws.mjs.map

package/dist/node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_aws.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"mongodb_aws.mjs","names":[],"sources":["../../../../../../../../../../../node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_aws.js"],"sourcesContent":["\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.MongoDBAWS = void 0;\nconst BSON = require(\"../../bson\");\nconst deps_1 = require(\"../../deps\");\nconst error_1 = require(\"../../error\");\nconst utils_1 = require(\"../../utils\");\nconst auth_provider_1 = require(\"./auth_provider\");\nconst aws_temporary_credentials_1 = require(\"./aws_temporary_credentials\");\nconst mongo_credentials_1 = require(\"./mongo_credentials\");\nconst providers_1 = require(\"./providers\");\nconst ASCII_N = 110;\nconst bsonOptions = {\n    useBigInt64: false,\n    promoteLongs: true,\n    promoteValues: true,\n    promoteBuffers: false,\n    bsonRegExp: false\n};\nclass MongoDBAWS extends auth_provider_1.AuthProvider {\n    constructor(credentialProvider) {\n        super();\n        this.credentialProvider = credentialProvider;\n        this.credentialFetcher = aws_temporary_credentials_1.AWSTemporaryCredentialProvider.isAWSSDKInstalled\n            ? new aws_temporary_credentials_1.AWSSDKCredentialProvider(credentialProvider)\n            : new aws_temporary_credentials_1.LegacyAWSTemporaryCredentialProvider();\n    }\n    async auth(authContext) {\n        const { connection } = authContext;\n        if (!authContext.credentials) {\n            throw new error_1.MongoMissingCredentialsError('AuthContext must provide credentials.');\n        }\n        if ('kModuleError' in deps_1.aws4) {\n            throw deps_1.aws4['kModuleError'];\n        }\n        const { sign } = deps_1.aws4;\n        if ((0, utils_1.maxWireVersion)(connection) < 9) {\n            throw new error_1.MongoCompatibilityError('MONGODB-AWS authentication requires MongoDB version 4.4 or later');\n        }\n        if (!authContext.credentials.username) {\n            authContext.credentials = await makeTempCredentials(authContext.credentials, this.credentialFetcher);\n        }\n        const { credentials } = authContext;\n        const accessKeyId = credentials.username;\n        const secretAccessKey = credentials.password;\n        // Allow the user to specify an AWS session token for authentication with temporary credentials.\n        const sessionToken = credentials.mechanismProperties.AWS_SESSION_TOKEN;\n        // If all three defined, include sessionToken, else include username and pass, else no credentials\n        const awsCredentials = accessKeyId && secretAccessKey && sessionToken\n            ? { accessKeyId, secretAccessKey, sessionToken }\n            : accessKeyId && secretAccessKey\n                ? { accessKeyId, secretAccessKey }\n                : undefined;\n        const db = credentials.source;\n        const nonce = await (0, utils_1.randomBytes)(32);\n        // All messages between MongoDB clients and servers are sent as BSON objects\n        // in the payload field of saslStart and saslContinue.\n        const saslStart = {\n            saslStart: 1,\n            mechanism: 'MONGODB-AWS',\n            payload: BSON.serialize({ r: nonce, p: ASCII_N }, bsonOptions)\n        };\n        const saslStartResponse = await connection.command((0, utils_1.ns)(`${db}.$cmd`), saslStart, undefined);\n        const serverResponse = BSON.deserialize(saslStartResponse.payload.buffer, bsonOptions);\n        const host = serverResponse.h;\n        const serverNonce = serverResponse.s.buffer;\n        if (serverNonce.length !== 64) {\n            // TODO(NODE-3483)\n            throw new error_1.MongoRuntimeError(`Invalid server nonce length ${serverNonce.length}, expected 64`);\n        }\n        if (!utils_1.ByteUtils.equals(serverNonce.subarray(0, nonce.byteLength), nonce)) {\n            // throw because the serverNonce's leading 32 bytes must equal the client nonce's 32 bytes\n            // https://github.com/mongodb/specifications/blob/master/source/auth/auth.md#conversation-5\n            // TODO(NODE-3483)\n            throw new error_1.MongoRuntimeError('Server nonce does not begin with client nonce');\n        }\n        if (host.length < 1 || host.length > 255 || host.indexOf('..') !== -1) {\n            // TODO(NODE-3483)\n            throw new error_1.MongoRuntimeError(`Server returned an invalid host: \"${host}\"`);\n        }\n        const body = 'Action=GetCallerIdentity&Version=2011-06-15';\n        const options = sign({\n            method: 'POST',\n            host,\n            region: deriveRegion(serverResponse.h),\n            service: 'sts',\n            headers: {\n                'Content-Type': 'application/x-www-form-urlencoded',\n                'Content-Length': body.length,\n                'X-MongoDB-Server-Nonce': utils_1.ByteUtils.toBase64(serverNonce),\n                'X-MongoDB-GS2-CB-Flag': 'n'\n            },\n            path: '/',\n            body\n        }, awsCredentials);\n        const payload = {\n            a: options.headers.Authorization,\n            d: options.headers['X-Amz-Date']\n        };\n        if (sessionToken) {\n            payload.t = sessionToken;\n        }\n        const saslContinue = {\n            saslContinue: 1,\n            conversationId: saslStartResponse.conversationId,\n            payload: BSON.serialize(payload, bsonOptions)\n        };\n        await connection.command((0, utils_1.ns)(`${db}.$cmd`), saslContinue, undefined);\n    }\n}\nexports.MongoDBAWS = MongoDBAWS;\nasync function makeTempCredentials(credentials, awsCredentialFetcher) {\n    function makeMongoCredentialsFromAWSTemp(creds) {\n        // The AWS session token (creds.Token) may or may not be set.\n        if (!creds.AccessKeyId || !creds.SecretAccessKey) {\n            throw new error_1.MongoMissingCredentialsError('Could not obtain temporary MONGODB-AWS credentials');\n        }\n        return new mongo_credentials_1.MongoCredentials({\n            username: creds.AccessKeyId,\n            password: creds.SecretAccessKey,\n            source: credentials.source,\n            mechanism: providers_1.AuthMechanism.MONGODB_AWS,\n            mechanismProperties: {\n                AWS_SESSION_TOKEN: creds.Token\n            }\n        });\n    }\n    const temporaryCredentials = await awsCredentialFetcher.getCredentials();\n    return makeMongoCredentialsFromAWSTemp(temporaryCredentials);\n}\nfunction deriveRegion(host) {\n    const parts = host.split('.');\n    if (parts.length === 1 || parts[1] === 'amazonaws') {\n        return 'us-east-1';\n    }\n    return parts[1];\n}\n//# sourceMappingURL=mongodb_aws.js.map"],"x_google_ignoreList":[0],"mappings":";;;;;;;;;;;;AACA,QAAO,eAAe,SAAS,cAAc,EAAE,OAAO,MAAM,CAAC;AAC7D,SAAQ,aAAa,KAAK;CAC1B,MAAM;CACN,MAAM;CACN,MAAM;CACN,MAAM;CACN,MAAM;CACN,MAAM;CACN,MAAM;CACN,MAAM;CACN,MAAM,UAAU;CAChB,MAAM,cAAc;EAChB,aAAa;EACb,cAAc;EACd,eAAe;EACf,gBAAgB;EAChB,YAAY;EACf;CACD,IAAM,aAAN,cAAyB,gBAAgB,aAAa;EAClD,YAAY,oBAAoB;AAC5B,UAAO;AACP,QAAK,qBAAqB;AAC1B,QAAK,oBAAoB,4BAA4B,+BAA+B,oBAC9E,IAAI,4BAA4B,yBAAyB,mBAAmB,GAC5E,IAAI,4BAA4B,sCAAsC;;EAEhF,MAAM,KAAK,aAAa;GACpB,MAAM,EAAE,eAAe;AACvB,OAAI,CAAC,YAAY,YACb,OAAM,IAAI,QAAQ,6BAA6B,wCAAwC;AAE3F,OAAI,kBAAkB,OAAO,KACzB,OAAM,OAAO,KAAK;GAEtB,MAAM,EAAE,SAAS,OAAO;AACxB,QAAK,GAAG,QAAQ,gBAAgB,WAAW,GAAG,EAC1C,OAAM,IAAI,QAAQ,wBAAwB,mEAAmE;AAEjH,OAAI,CAAC,YAAY,YAAY,SACzB,aAAY,cAAc,MAAM,oBAAoB,YAAY,aAAa,KAAK,kBAAkB;GAExG,MAAM,EAAE,gBAAgB;GACxB,MAAM,cAAc,YAAY;GAChC,MAAM,kBAAkB,YAAY;GAEpC,MAAM,eAAe,YAAY,oBAAoB;GAErD,MAAM,iBAAiB,eAAe,mBAAmB,eACnD;IAAE;IAAa;IAAiB;IAAc,GAC9C,eAAe,kBACX;IAAE;IAAa;IAAiB,GAChC;GACV,MAAM,KAAK,YAAY;GACvB,MAAM,QAAQ,OAAO,GAAG,QAAQ,aAAa,GAAG;GAGhD,MAAM,YAAY;IACd,WAAW;IACX,WAAW;IACX,SAAS,KAAK,UAAU;KAAE,GAAG;KAAO,GAAG;KAAS,EAAE,YAAY;IACjE;GACD,MAAM,oBAAoB,MAAM,WAAW,SAAS,GAAG,QAAQ,IAAI,GAAG,GAAG,OAAO,EAAE,WAAW,OAAU;GACvG,MAAM,iBAAiB,KAAK,YAAY,kBAAkB,QAAQ,QAAQ,YAAY;GACtF,MAAM,OAAO,eAAe;GAC5B,MAAM,cAAc,eAAe,EAAE;AACrC,OAAI,YAAY,WAAW,GAEvB,OAAM,IAAI,QAAQ,kBAAkB,+BAA+B,YAAY,OAAO,eAAe;AAEzG,OAAI,CAAC,QAAQ,UAAU,OAAO,YAAY,SAAS,GAAG,MAAM,WAAW,EAAE,MAAM,CAI3E,OAAM,IAAI,QAAQ,kBAAkB,gDAAgD;AAExF,OAAI,KAAK,SAAS,KAAK,KAAK,SAAS,OAAO,KAAK,QAAQ,KAAK,KAAK,GAE/D,OAAM,IAAI,QAAQ,kBAAkB,qCAAqC,KAAK,GAAG;GAErF,MAAM,OAAO;GACb,MAAM,UAAU,KAAK;IACjB,QAAQ;IACR;IACA,QAAQ,aAAa,eAAe,EAAE;IACtC,SAAS;IACT,SAAS;KACL,gBAAgB;KAChB,kBAAkB;KAClB,0BAA0B,QAAQ,UAAU,SAAS,YAAY;KACjE,yBAAyB;KAC5B;IACD,MAAM;IACN;IACH,EAAE,eAAe;GAClB,MAAM,UAAU;IACZ,GAAG,QAAQ,QAAQ;IACnB,GAAG,QAAQ,QAAQ;IACtB;AACD,OAAI,aACA,SAAQ,IAAI;GAEhB,MAAM,eAAe;IACjB,cAAc;IACd,gBAAgB,kBAAkB;IAClC,SAAS,KAAK,UAAU,SAAS,YAAY;IAChD;AACD,SAAM,WAAW,SAAS,GAAG,QAAQ,IAAI,GAAG,GAAG,OAAO,EAAE,cAAc,OAAU;;;AAGxF,SAAQ,aAAa;CACrB,eAAe,oBAAoB,aAAa,sBAAsB;EAClE,SAAS,gCAAgC,OAAO;AAE5C,OAAI,CAAC,MAAM,eAAe,CAAC,MAAM,gBAC7B,OAAM,IAAI,QAAQ,6BAA6B,qDAAqD;AAExG,UAAO,IAAI,oBAAoB,iBAAiB;IAC5C,UAAU,MAAM;IAChB,UAAU,MAAM;IAChB,QAAQ,YAAY;IACpB,WAAW,YAAY,cAAc;IACrC,qBAAqB,EACjB,mBAAmB,MAAM,OAC5B;IACJ,CAAC;;AAGN,SAAO,gCADsB,MAAM,qBAAqB,gBAAgB,CACZ;;CAEhE,SAAS,aAAa,MAAM;EACxB,MAAM,QAAQ,KAAK,MAAM,IAAI;AAC7B,MAAI,MAAM,WAAW,KAAK,MAAM,OAAO,YACnC,QAAO;AAEX,SAAO,MAAM"}

package/dist/node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_oidc/automated_callback_workflow.mjs

@@ -1,79 +0,0 @@
-import { __commonJSMin } from "../../../../../../../../../_virtual/rolldown_runtime.mjs";
-import { require_error } from "../../../error.mjs";
-import { require_timeout } from "../../../timeout.mjs";
-import { require_callback_workflow } from "./callback_workflow.mjs";
-import { require_mongodb_oidc } from "../mongodb_oidc.mjs";
-
-//#region ../../node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_oidc/automated_callback_workflow.js
-var require_automated_callback_workflow = /* @__PURE__ */ __commonJSMin(((exports) => {
-	Object.defineProperty(exports, "__esModule", { value: true });
-	exports.AutomatedCallbackWorkflow = void 0;
-	const error_1 = require_error();
-	const timeout_1 = require_timeout();
-	const mongodb_oidc_1 = require_mongodb_oidc();
-	const callback_workflow_1 = require_callback_workflow();
-	/**
-	* Class implementing behaviour for the non human callback workflow.
-	* @internal
-	*/
-	var AutomatedCallbackWorkflow = class extends callback_workflow_1.CallbackWorkflow {
-		/**
-		* Instantiate the human callback workflow.
-		*/
-		constructor(cache, callback) {
-			super(cache, callback);
-		}
-		/**
-		* Execute the OIDC callback workflow.
-		*/
-		async execute(connection, credentials) {
-			if (this.cache.hasAccessToken) {
-				const token = this.cache.getAccessToken();
-				if (!connection.accessToken) connection.accessToken = token;
-				try {
-					return await this.finishAuthentication(connection, credentials, token);
-				} catch (error) {
-					if (error instanceof error_1.MongoError && error.code === error_1.MONGODB_ERROR_CODES.AuthenticationFailed) {
-						this.cache.removeAccessToken();
-						return await this.execute(connection, credentials);
-					} else throw error;
-				}
-			}
-			const response = await this.fetchAccessToken(credentials);
-			this.cache.put(response);
-			connection.accessToken = response.accessToken;
-			await this.finishAuthentication(connection, credentials, response.accessToken);
-		}
-		/**
-		* Fetches the access token using the callback.
-		*/
-		async fetchAccessToken(credentials) {
-			const controller = new AbortController();
-			const params = {
-				timeoutContext: controller.signal,
-				version: mongodb_oidc_1.OIDC_VERSION
-			};
-			if (credentials.username) params.username = credentials.username;
-			if (credentials.mechanismProperties.TOKEN_RESOURCE) params.tokenAudience = credentials.mechanismProperties.TOKEN_RESOURCE;
-			const timeout = timeout_1.Timeout.expires(callback_workflow_1.AUTOMATED_TIMEOUT_MS);
-			try {
-				return await Promise.race([this.executeAndValidateCallback(params), timeout]);
-			} catch (error) {
-				if (timeout_1.TimeoutError.is(error)) {
-					controller.abort();
-					throw new error_1.MongoOIDCError(`OIDC callback timed out after ${callback_workflow_1.AUTOMATED_TIMEOUT_MS}ms.`);
-				}
-				throw error;
-			} finally {
-				timeout.clear();
-			}
-		}
-	};
-	exports.AutomatedCallbackWorkflow = AutomatedCallbackWorkflow;
-}));
-
-//#endregion
-export default require_automated_callback_workflow();
-
-export { require_automated_callback_workflow };
-//# sourceMappingURL=automated_callback_workflow.mjs.map

package/dist/node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_oidc/automated_callback_workflow.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"automated_callback_workflow.mjs","names":[],"sources":["../../../../../../../../../../../../node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_oidc/automated_callback_workflow.js"],"sourcesContent":["\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.AutomatedCallbackWorkflow = void 0;\nconst error_1 = require(\"../../../error\");\nconst timeout_1 = require(\"../../../timeout\");\nconst mongodb_oidc_1 = require(\"../mongodb_oidc\");\nconst callback_workflow_1 = require(\"./callback_workflow\");\n/**\n * Class implementing behaviour for the non human callback workflow.\n * @internal\n */\nclass AutomatedCallbackWorkflow extends callback_workflow_1.CallbackWorkflow {\n    /**\n     * Instantiate the human callback workflow.\n     */\n    constructor(cache, callback) {\n        super(cache, callback);\n    }\n    /**\n     * Execute the OIDC callback workflow.\n     */\n    async execute(connection, credentials) {\n        // If there is a cached access token, try to authenticate with it. If\n        // authentication fails with an Authentication error (18),\n        // invalidate the access token, fetch a new access token, and try\n        // to authenticate again.\n        // If the server fails for any other reason, do not clear the cache.\n        if (this.cache.hasAccessToken) {\n            const token = this.cache.getAccessToken();\n            if (!connection.accessToken) {\n                connection.accessToken = token;\n            }\n            try {\n                return await this.finishAuthentication(connection, credentials, token);\n            }\n            catch (error) {\n                if (error instanceof error_1.MongoError &&\n                    error.code === error_1.MONGODB_ERROR_CODES.AuthenticationFailed) {\n                    this.cache.removeAccessToken();\n                    return await this.execute(connection, credentials);\n                }\n                else {\n                    throw error;\n                }\n            }\n        }\n        const response = await this.fetchAccessToken(credentials);\n        this.cache.put(response);\n        connection.accessToken = response.accessToken;\n        await this.finishAuthentication(connection, credentials, response.accessToken);\n    }\n    /**\n     * Fetches the access token using the callback.\n     */\n    async fetchAccessToken(credentials) {\n        const controller = new AbortController();\n        const params = {\n            timeoutContext: controller.signal,\n            version: mongodb_oidc_1.OIDC_VERSION\n        };\n        if (credentials.username) {\n            params.username = credentials.username;\n        }\n        if (credentials.mechanismProperties.TOKEN_RESOURCE) {\n            params.tokenAudience = credentials.mechanismProperties.TOKEN_RESOURCE;\n        }\n        const timeout = timeout_1.Timeout.expires(callback_workflow_1.AUTOMATED_TIMEOUT_MS);\n        try {\n            return await Promise.race([this.executeAndValidateCallback(params), timeout]);\n        }\n        catch (error) {\n            if (timeout_1.TimeoutError.is(error)) {\n                controller.abort();\n                throw new error_1.MongoOIDCError(`OIDC callback timed out after ${callback_workflow_1.AUTOMATED_TIMEOUT_MS}ms.`);\n            }\n            throw error;\n        }\n        finally {\n            timeout.clear();\n        }\n    }\n}\nexports.AutomatedCallbackWorkflow = AutomatedCallbackWorkflow;\n//# sourceMappingURL=automated_callback_workflow.js.map"],"x_google_ignoreList":[0],"mappings":";;;;;;;;AACA,QAAO,eAAe,SAAS,cAAc,EAAE,OAAO,MAAM,CAAC;AAC7D,SAAQ,4BAA4B,KAAK;CACzC,MAAM;CACN,MAAM;CACN,MAAM;CACN,MAAM;;;;;CAKN,IAAM,4BAAN,cAAwC,oBAAoB,iBAAiB;;;;EAIzE,YAAY,OAAO,UAAU;AACzB,SAAM,OAAO,SAAS;;;;;EAK1B,MAAM,QAAQ,YAAY,aAAa;AAMnC,OAAI,KAAK,MAAM,gBAAgB;IAC3B,MAAM,QAAQ,KAAK,MAAM,gBAAgB;AACzC,QAAI,CAAC,WAAW,YACZ,YAAW,cAAc;AAE7B,QAAI;AACA,YAAO,MAAM,KAAK,qBAAqB,YAAY,aAAa,MAAM;aAEnE,OAAO;AACV,SAAI,iBAAiB,QAAQ,cACzB,MAAM,SAAS,QAAQ,oBAAoB,sBAAsB;AACjE,WAAK,MAAM,mBAAmB;AAC9B,aAAO,MAAM,KAAK,QAAQ,YAAY,YAAY;WAGlD,OAAM;;;GAIlB,MAAM,WAAW,MAAM,KAAK,iBAAiB,YAAY;AACzD,QAAK,MAAM,IAAI,SAAS;AACxB,cAAW,cAAc,SAAS;AAClC,SAAM,KAAK,qBAAqB,YAAY,aAAa,SAAS,YAAY;;;;;EAKlF,MAAM,iBAAiB,aAAa;GAChC,MAAM,aAAa,IAAI,iBAAiB;GACxC,MAAM,SAAS;IACX,gBAAgB,WAAW;IAC3B,SAAS,eAAe;IAC3B;AACD,OAAI,YAAY,SACZ,QAAO,WAAW,YAAY;AAElC,OAAI,YAAY,oBAAoB,eAChC,QAAO,gBAAgB,YAAY,oBAAoB;GAE3D,MAAM,UAAU,UAAU,QAAQ,QAAQ,oBAAoB,qBAAqB;AACnF,OAAI;AACA,WAAO,MAAM,QAAQ,KAAK,CAAC,KAAK,2BAA2B,OAAO,EAAE,QAAQ,CAAC;YAE1E,OAAO;AACV,QAAI,UAAU,aAAa,GAAG,MAAM,EAAE;AAClC,gBAAW,OAAO;AAClB,WAAM,IAAI,QAAQ,eAAe,iCAAiC,oBAAoB,qBAAqB,KAAK;;AAEpH,UAAM;aAEF;AACJ,YAAQ,OAAO;;;;AAI3B,SAAQ,4BAA4B"}

package/dist/node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_oidc/azure_machine_workflow.mjs

@@ -1,65 +0,0 @@
-import { __commonJSMin } from "../../../../../../../../../_virtual/rolldown_runtime.mjs";
-import { require_error } from "../../../error.mjs";
-import { require_utils } from "../../../utils.mjs";
-import { require_azure } from "../../../client-side-encryption/providers/azure.mjs";
-
-//#region ../../node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_oidc/azure_machine_workflow.js
-var require_azure_machine_workflow = /* @__PURE__ */ __commonJSMin(((exports) => {
-	Object.defineProperty(exports, "__esModule", { value: true });
-	exports.callback = void 0;
-	const azure_1 = require_azure();
-	const error_1 = require_error();
-	const utils_1 = require_utils();
-	/** Azure request headers. */
-	const AZURE_HEADERS = Object.freeze({
-		Metadata: "true",
-		Accept: "application/json"
-	});
-	/** Invalid endpoint result error. */
-	const ENDPOINT_RESULT_ERROR = "Azure endpoint did not return a value with only access_token and expires_in properties";
-	/** Error for when the token audience is missing in the environment. */
-	const TOKEN_RESOURCE_MISSING_ERROR = "TOKEN_RESOURCE must be set in the auth mechanism properties when ENVIRONMENT is azure.";
-	/**
-	* The callback function to be used in the automated callback workflow.
-	* @param params - The OIDC callback parameters.
-	* @returns The OIDC response.
-	*/
-	const callback = async (params) => {
-		const tokenAudience = params.tokenAudience;
-		const username = params.username;
-		if (!tokenAudience) throw new error_1.MongoAzureError(TOKEN_RESOURCE_MISSING_ERROR);
-		const response = await getAzureTokenData(tokenAudience, username);
-		if (!isEndpointResultValid(response)) throw new error_1.MongoAzureError(ENDPOINT_RESULT_ERROR);
-		return response;
-	};
-	exports.callback = callback;
-	/**
-	* Hit the Azure endpoint to get the token data.
-	*/
-	async function getAzureTokenData(tokenAudience, username) {
-		const url = new URL(azure_1.AZURE_BASE_URL);
-		(0, azure_1.addAzureParams)(url, tokenAudience, username);
-		const response = await (0, utils_1.get)(url, { headers: AZURE_HEADERS });
-		if (response.status !== 200) throw new error_1.MongoAzureError(`Status code ${response.status} returned from the Azure endpoint. Response body: ${response.body}`);
-		const result = JSON.parse(response.body);
-		return {
-			accessToken: result.access_token,
-			expiresInSeconds: Number(result.expires_in)
-		};
-	}
-	/**
-	* Determines if a result returned from the endpoint is valid.
-	* This means the result is not nullish, contains the access_token required field
-	* and the expires_in required field.
-	*/
-	function isEndpointResultValid(token) {
-		if (token == null || typeof token !== "object") return false;
-		return "accessToken" in token && typeof token.accessToken === "string" && "expiresInSeconds" in token && typeof token.expiresInSeconds === "number";
-	}
-}));
-
-//#endregion
-export default require_azure_machine_workflow();
-
-export { require_azure_machine_workflow };
-//# sourceMappingURL=azure_machine_workflow.mjs.map

package/dist/node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_oidc/azure_machine_workflow.mjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"azure_machine_workflow.mjs","names":[],"sources":["../../../../../../../../../../../../node_modules/.pnpm/mongodb@6.21.0/node_modules/mongodb/lib/cmap/auth/mongodb_oidc/azure_machine_workflow.js"],"sourcesContent":["\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nexports.callback = void 0;\nconst azure_1 = require(\"../../../client-side-encryption/providers/azure\");\nconst error_1 = require(\"../../../error\");\nconst utils_1 = require(\"../../../utils\");\n/** Azure request headers. */\nconst AZURE_HEADERS = Object.freeze({ Metadata: 'true', Accept: 'application/json' });\n/** Invalid endpoint result error. */\nconst ENDPOINT_RESULT_ERROR = 'Azure endpoint did not return a value with only access_token and expires_in properties';\n/** Error for when the token audience is missing in the environment. */\nconst TOKEN_RESOURCE_MISSING_ERROR = 'TOKEN_RESOURCE must be set in the auth mechanism properties when ENVIRONMENT is azure.';\n/**\n * The callback function to be used in the automated callback workflow.\n * @param params - The OIDC callback parameters.\n * @returns The OIDC response.\n */\nconst callback = async (params) => {\n    const tokenAudience = params.tokenAudience;\n    const username = params.username;\n    if (!tokenAudience) {\n        throw new error_1.MongoAzureError(TOKEN_RESOURCE_MISSING_ERROR);\n    }\n    const response = await getAzureTokenData(tokenAudience, username);\n    if (!isEndpointResultValid(response)) {\n        throw new error_1.MongoAzureError(ENDPOINT_RESULT_ERROR);\n    }\n    return response;\n};\nexports.callback = callback;\n/**\n * Hit the Azure endpoint to get the token data.\n */\nasync function getAzureTokenData(tokenAudience, username) {\n    const url = new URL(azure_1.AZURE_BASE_URL);\n    (0, azure_1.addAzureParams)(url, tokenAudience, username);\n    const response = await (0, utils_1.get)(url, {\n        headers: AZURE_HEADERS\n    });\n    if (response.status !== 200) {\n        throw new error_1.MongoAzureError(`Status code ${response.status} returned from the Azure endpoint. Response body: ${response.body}`);\n    }\n    const result = JSON.parse(response.body);\n    return {\n        accessToken: result.access_token,\n        expiresInSeconds: Number(result.expires_in)\n    };\n}\n/**\n * Determines if a result returned from the endpoint is valid.\n * This means the result is not nullish, contains the access_token required field\n * and the expires_in required field.\n */\nfunction isEndpointResultValid(token) {\n    if (token == null || typeof token !== 'object')\n        return false;\n    return ('accessToken' in token &&\n        typeof token.accessToken === 'string' &&\n        'expiresInSeconds' in token &&\n        typeof token.expiresInSeconds === 'number');\n}\n//# sourceMappingURL=azure_machine_workflow.js.map"],"x_google_ignoreList":[0],"mappings":";;;;;;;AACA,QAAO,eAAe,SAAS,cAAc,EAAE,OAAO,MAAM,CAAC;AAC7D,SAAQ,WAAW,KAAK;CACxB,MAAM;CACN,MAAM;CACN,MAAM;;CAEN,MAAM,gBAAgB,OAAO,OAAO;EAAE,UAAU;EAAQ,QAAQ;EAAoB,CAAC;;CAErF,MAAM,wBAAwB;;CAE9B,MAAM,+BAA+B;;;;;;CAMrC,MAAM,WAAW,OAAO,WAAW;EAC/B,MAAM,gBAAgB,OAAO;EAC7B,MAAM,WAAW,OAAO;AACxB,MAAI,CAAC,cACD,OAAM,IAAI,QAAQ,gBAAgB,6BAA6B;EAEnE,MAAM,WAAW,MAAM,kBAAkB,eAAe,SAAS;AACjE,MAAI,CAAC,sBAAsB,SAAS,CAChC,OAAM,IAAI,QAAQ,gBAAgB,sBAAsB;AAE5D,SAAO;;AAEX,SAAQ,WAAW;;;;CAInB,eAAe,kBAAkB,eAAe,UAAU;EACtD,MAAM,MAAM,IAAI,IAAI,QAAQ,eAAe;AAC3C,GAAC,GAAG,QAAQ,gBAAgB,KAAK,eAAe,SAAS;EACzD,MAAM,WAAW,OAAO,GAAG,QAAQ,KAAK,KAAK,EACzC,SAAS,eACZ,CAAC;AACF,MAAI,SAAS,WAAW,IACpB,OAAM,IAAI,QAAQ,gBAAgB,eAAe,SAAS,OAAO,oDAAoD,SAAS,OAAO;EAEzI,MAAM,SAAS,KAAK,MAAM,SAAS,KAAK;AACxC,SAAO;GACH,aAAa,OAAO;GACpB,kBAAkB,OAAO,OAAO,WAAW;GAC9C;;;;;;;CAOL,SAAS,sBAAsB,OAAO;AAClC,MAAI,SAAS,QAAQ,OAAO,UAAU,SAClC,QAAO;AACX,SAAQ,iBAAiB,SACrB,OAAO,MAAM,gBAAgB,YAC7B,sBAAsB,SACtB,OAAO,MAAM,qBAAqB"}