{"version":3,"file":"revoke.mjs","names":[],"sources":["../../../src/http/endpoints/revoke.ts"],"sourcesContent":["import type { Router, Response } from 'express'\nimport type { OpenBadgesHttpModule } from '../OpenBadgesHttpModule'\nimport type { ObRequest } from '../router'\n\nimport { getRequestContext, sendError, sendJson } from '../router'\nimport { OpenBadgesTokenRepository } from '../../repository/OpenBadgesTokenRepository'\nimport { OpenBadgesOAuthRepository } from '../../repository/OpenBadgesOAuthRepository'\nimport { parseBasicAuth, parseBodyClientAuth } from '../util/auth'\n\nexport function configureRevokeEndpoint(router: Router, module: OpenBadgesHttpModule) {\n  router.post(module.config.revokePath, async (req: ObRequest, res: Response) => {\n    const { agentContext } = getRequestContext(req)\n    // Client auth required\n    const basic = parseBasicAuth(req) ?? parseBodyClientAuth(req)\n    if (!basic) return sendError(res, 401, 'invalid_client', 'Client authentication required')\n    const oauthRepo = agentContext.dependencyManager.resolve(OpenBadgesOAuthRepository)\n    const clientRec = await oauthRepo.findByClientId(agentContext, basic.clientId)\n    const reg = (clientRec?.clientRegistration as any) || {}\n    if (!clientRec || reg.client_secret !== basic.clientSecret)\n      return sendError(res, 401, 'invalid_client', 'Invalid client credentials')\n\n    const token = String(req.body?.token ?? '')\n    if (!token) return sendError(res, 400, 'invalid_request', 'token is required')\n\n    const tokenRepo = agentContext.dependencyManager.resolve(OpenBadgesTokenRepository)\n    const tokenRec = await tokenRepo.findByToken(agentContext, token)\n    if (tokenRec) {\n      if (tokenRec.clientId !== basic.clientId) return sendError(res, 400, 'invalid_request', 'client mismatch')\n      // delete all tokens in the pair\n      const pair = await tokenRepo.findByPairId(agentContext, tokenRec.pairId)\n      for (const t of pair) {\n        await tokenRepo.deleteById(agentContext, t.id)\n      }\n    }\n    // Per RFC7009, successful revocation returns 200 even if token was unknown\n    return sendJson(res, { revoked: true })\n  })\n}\n"],"mappings":";;;;;;aAIkE;AAKlE,SAAgB,wBAAwB,QAAgB,QAA8B;AACpF,QAAO,KAAK,OAAO,OAAO,YAAY,OAAO,KAAgB,QAAkB;EAC7E,MAAM,EAAE,iBAAiB,kBAAkB,IAAI;EAE/C,MAAM,QAAQ,eAAe,IAAI,IAAI,oBAAoB,IAAI;AAC7D,MAAI,CAAC,MAAO,QAAO,UAAU,KAAK,KAAK,kBAAkB,iCAAiC;EAE1F,MAAM,YAAY,MADA,aAAa,kBAAkB,QAAQ,0BAA0B,CACjD,eAAe,cAAc,MAAM,SAAS;EAC9E,MAAM,MAAO,WAAW,sBAA8B,EAAE;AACxD,MAAI,CAAC,aAAa,IAAI,kBAAkB,MAAM,aAC5C,QAAO,UAAU,KAAK,KAAK,kBAAkB,6BAA6B;EAE5E,MAAM,QAAQ,OAAO,IAAI,MAAM,SAAS,GAAG;AAC3C,MAAI,CAAC,MAAO,QAAO,UAAU,KAAK,KAAK,mBAAmB,oBAAoB;EAE9E,MAAM,YAAY,aAAa,kBAAkB,QAAQ,0BAA0B;EACnF,MAAM,WAAW,MAAM,UAAU,YAAY,cAAc,MAAM;AACjE,MAAI,UAAU;AACZ,OAAI,SAAS,aAAa,MAAM,SAAU,QAAO,UAAU,KAAK,KAAK,mBAAmB,kBAAkB;GAE1G,MAAM,OAAO,MAAM,UAAU,aAAa,cAAc,SAAS,OAAO;AACxE,QAAK,MAAM,KAAK,KACd,OAAM,UAAU,WAAW,cAAc,EAAE,GAAG;;AAIlD,SAAO,SAAS,KAAK,EAAE,SAAS,MAAM,CAAC;GACvC"}