@account-kit/signer 4.61.0 → 4.62.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/dist/esm/base.d.ts +57 -1
  2. package/dist/esm/base.js +76 -16
  3. package/dist/esm/base.js.map +1 -1
  4. package/dist/esm/client/base.d.ts +45 -7
  5. package/dist/esm/client/base.js +128 -29
  6. package/dist/esm/client/base.js.map +1 -1
  7. package/dist/esm/client/types.d.ts +35 -0
  8. package/dist/esm/client/types.js.map +1 -1
  9. package/dist/esm/version.d.ts +1 -1
  10. package/dist/esm/version.js +1 -1
  11. package/dist/esm/version.js.map +1 -1
  12. package/dist/types/base.d.ts +57 -1
  13. package/dist/types/base.d.ts.map +1 -1
  14. package/dist/types/client/base.d.ts +45 -7
  15. package/dist/types/client/base.d.ts.map +1 -1
  16. package/dist/types/client/types.d.ts +35 -0
  17. package/dist/types/client/types.d.ts.map +1 -1
  18. package/dist/types/version.d.ts +1 -1
  19. package/package.json +6 -6
  20. package/src/base.ts +109 -12
  21. package/src/client/base.ts +153 -24
  22. package/src/client/types.ts +38 -0
  23. package/src/version.ts +1 -1
package/dist/esm/client/base.js CHANGED
@@ -97,66 +97,141 @@ export class BaseSignerClient {
97
97
  }
98
98
  });
99
99
  /**
100
- * Sets the email for the authenticated user, allowing them to login with that
101
- * email.
102
- *
103
- * You must contact Alchemy to enable this feature for your team, as there are
104
- * important security considerations. In particular, you must not call this
105
- * without first validating that the user owns this email account.
100
+ * Removes the email for the authenticated user, disallowing them from login with that email.
106
101
  *
107
- * @param {string} email The email to set for the user
108
- * @returns {Promise<void>} A promise that resolves when the email is set
102
+ * @returns {Promise<string>} A promise that resolves when the email is removed
109
103
  * @throws {NotAuthenticatedError} If the user is not authenticated
110
104
  */
111
- Object.defineProperty(this, "setEmail", {
105
+ Object.defineProperty(this, "removeEmail", {
112
106
  enumerable: true,
113
107
  configurable: true,
114
108
  writable: true,
115
- value: async (email) => {
116
- if (!email) {
117
- throw new Error("Email must not be empty. Use removeEmail() to remove email auth.");
109
+ value: async () => {
110
+ await this.updateEmail("");
111
+ }
112
+ });
113
+ Object.defineProperty(this, "updateEmail", {
114
+ enumerable: true,
115
+ configurable: true,
116
+ writable: true,
117
+ value: async (email, verificationToken) => {
118
+ if (!this.user) {
119
+ throw new NotAuthenticatedError();
118
120
  }
119
- await this.updateEmail(email);
121
+ // Unverified use is legacy & requires team flag.
122
+ const isUnverified = email && !verificationToken;
123
+ const stampedRequest = isUnverified
124
+ ? await this.turnkeyClient.stampUpdateUser({
125
+ type: "ACTIVITY_TYPE_UPDATE_USER",
126
+ timestampMs: Date.now().toString(),
127
+ organizationId: this.user.orgId,
128
+ parameters: {
129
+ userId: this.user.userId,
130
+ userEmail: email,
131
+ userTagIds: [],
132
+ },
133
+ })
134
+ : await this.turnkeyClient.stampUpdateUserEmail({
135
+ type: "ACTIVITY_TYPE_UPDATE_USER_EMAIL",
136
+ timestampMs: Date.now().toString(),
137
+ organizationId: this.user.orgId,
138
+ parameters: {
139
+ userId: this.user.userId,
140
+ userEmail: email,
141
+ verificationToken,
142
+ },
143
+ });
144
+ await this.request("/v1/update-email-auth", {
145
+ stampedRequest,
146
+ });
147
+ this.user = {
148
+ ...this.user,
149
+ email: email || undefined,
150
+ };
120
151
  }
121
152
  });
122
153
  /**
123
- * Removes the email for the authenticated user, disallowing them from login with that email.
154
+ * Updates the phone number for the authenticated user, allowing them to login with that
155
+ * phone number. Must be called after calling `initOtp` with the phone number.
124
156
  *
125
- * @returns {Promise<void>} A promise that resolves when the email is removed
157
+ * @param {VerificationOtp} otp The OTP object including the OTP ID and OTP code
158
+ * @returns {Promise<void>} A promise that resolves when the phone number is set
126
159
  * @throws {NotAuthenticatedError} If the user is not authenticated
127
160
  */
128
- Object.defineProperty(this, "removeEmail", {
161
+ Object.defineProperty(this, "setPhoneNumber", {
162
+ enumerable: true,
163
+ configurable: true,
164
+ writable: true,
165
+ value: async (otp) => {
166
+ const { verificationToken } = await this.request("/v1/verify-otp", {
167
+ otpId: otp.id,
168
+ otpCode: otp.code,
169
+ });
170
+ const { contact } = jwtDecode(verificationToken);
171
+ await this.updatePhoneNumber(contact, verificationToken);
172
+ }
173
+ });
174
+ /**
175
+ * Removes the phone number for the authenticated user, disallowing them from login with that phone number.
176
+ *
177
+ * @returns {Promise<void>} A promise that resolves when the phone number is removed
178
+ * @throws {NotAuthenticatedError} If the user is not authenticated
179
+ */
180
+ Object.defineProperty(this, "removePhoneNumber", {
129
181
  enumerable: true,
130
182
  configurable: true,
131
183
  writable: true,
132
184
  value: async () => {
133
- // This is a hack to remove the email for the user. Turnkey does not
134
- // support clearing the email once set, so we set it to a known
135
- // inaccessible address instead.
136
- await this.updateEmail("not.enabled@example.invalid");
185
+ await this.updatePhoneNumber("");
137
186
  }
138
187
  });
139
- Object.defineProperty(this, "updateEmail", {
188
+ Object.defineProperty(this, "updatePhoneNumber", {
140
189
  enumerable: true,
141
190
  configurable: true,
142
191
  writable: true,
143
- value: async (email) => {
192
+ value: async (phone, verificationToken) => {
144
193
  if (!this.user) {
145
194
  throw new NotAuthenticatedError();
146
195
  }
147
- const stampedRequest = await this.turnkeyClient.stampUpdateUser({
148
- type: "ACTIVITY_TYPE_UPDATE_USER",
196
+ if (phone.trim() && !verificationToken) {
197
+ throw new Error("Verification token is required to change phone number.");
198
+ }
199
+ const stampedRequest = await this.turnkeyClient.stampUpdateUserPhoneNumber({
200
+ type: "ACTIVITY_TYPE_UPDATE_USER_PHONE_NUMBER",
149
201
  timestampMs: Date.now().toString(),
150
202
  organizationId: this.user.orgId,
151
203
  parameters: {
152
204
  userId: this.user.userId,
153
- userEmail: email,
154
- userTagIds: [],
205
+ userPhoneNumber: phone,
206
+ verificationToken,
155
207
  },
156
208
  });
157
- await this.request("/v1/update-email-auth", {
209
+ await this.request("/v1/update-phone-auth", {
158
210
  stampedRequest,
159
211
  });
212
+ this.user = {
213
+ ...this.user,
214
+ phone: phone || undefined,
215
+ };
216
+ }
217
+ });
218
+ /**
219
+ * Initiates an OTP (One-Time Password) verification process for a user contact.
220
+ *
221
+ * @param {("email" | "sms")} type - The type of OTP to send, either "email" or "sms"
222
+ * @param {string} contact - The email address or phone number to send the OTP to
223
+ * @returns {Promise<{ otpId: string }>} A promise that resolves to an object containing the OTP ID
224
+ * @throws {NotAuthenticatedError} When no user is currently authenticated
225
+ */
226
+ Object.defineProperty(this, "initOtp", {
227
+ enumerable: true,
228
+ configurable: true,
229
+ writable: true,
230
+ value: async (type, contact) => {
231
+ return await this.request("/v1/init-otp", {
232
+ otpType: type === "email" ? "OTP_TYPE_EMAIL" : "OTP_TYPE_SMS",
233
+ contact,
234
+ });
160
235
  }
161
236
  });
162
237
  /**
@@ -586,7 +661,7 @@ export class BaseSignerClient {
586
661
  };
587
662
  return {
588
663
  stampHeaderName: "X-Stamp",
589
- stampHeaderValue: base64UrlEncode(Buffer.from(JSON.stringify(stamp))),
664
+ stampHeaderValue: base64UrlEncode(Buffer.from(JSON.stringify(stamp)).buffer),
590
665
  };
591
666
  },
592
667
  })
@@ -999,7 +1074,7 @@ export class BaseSignerClient {
999
1074
  openerOrigin: mode === "popup" ? window.location.origin : undefined,
1000
1075
  fetchIdTokenOnly: oauthParams.fetchIdTokenOnly,
1001
1076
  };
1002
- const state = base64UrlEncode(new TextEncoder().encode(JSON.stringify(stateObject)));
1077
+ const state = base64UrlEncode(new TextEncoder().encode(JSON.stringify(stateObject)).buffer);
1003
1078
  const authUrl = new URL(authEndpoint);
1004
1079
  const params = {
1005
1080
  redirect_uri: oauthCallbackUrl,
@@ -1163,5 +1238,29 @@ export class BaseSignerClient {
1163
1238
  this.eventEmitter.emit("connectedPasskey", this.user);
1164
1239
  return result;
1165
1240
  }
1241
+ /**
1242
+ * Implementation for setEmail method with optional OTP verification.
1243
+ *
1244
+ * @param {string | VerificationOtp} params An OTP object containing the OTP ID & OTP code (or an email address for legacy usage)
1245
+ * @returns {Promise<void>} A promise that resolves to the updated email address
1246
+ */
1247
+ async setEmail(params) {
1248
+ if (typeof params === "string") {
1249
+ // Legacy use, requires team flag.
1250
+ const contact = params;
1251
+ if (!contact) {
1252
+ throw new Error("Email must not be empty. Use removeEmail() to remove email auth.");
1253
+ }
1254
+ await this.updateEmail(contact);
1255
+ return contact;
1256
+ }
1257
+ const { verificationToken } = await this.request("/v1/verify-otp", {
1258
+ otpId: params.id,
1259
+ otpCode: params.code,
1260
+ });
1261
+ const { contact } = jwtDecode(verificationToken);
1262
+ await this.updateEmail(contact, verificationToken);
1263
+ return contact;
1264
+ }
1166
1265
  }
1167
1266
  //# sourceMappingURL=base.js.map
package/dist/esm/client/base.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"base.js","sourceRoot":"","sources":["../../../src/client/base.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAyB,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,aAAa,EAAuB,MAAM,eAAe,CAAC;AACnE,OAAO,YAAY,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,kBAAkB,EAClB,MAAM,GAGP,MAAM,MAAM,CAAC;AACd,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,+BAA+B,EAAE,MAAM,aAAa,CAAC;AAE9D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AAoCpE,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAezC,MAAM,WAAW,GAAG;IAClB,GAAG,EAAE,SAAS;IACd,GAAG,EAAE,SAAS;IACd,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,YAAY;IACpB,IAAI,EAAE,WAAW;CACT,CAAC;AAEX,MAAM,aAAa,GAAG,CAAC,GAAW,EAAE,EAAE,CAAC,KAAK,GAAG,EAAW,CAAC;AAE3D;;GAEG;AACH,MAAM,OAAgB,gBAAgB;IAUpC;;;;OAIG;IACH,YAAY,MAA8B;QAXlC;;;;;WAAwB;QACxB;;;;;WAAmC;QACjC;;;;;WAA6B;QAC7B;;;;;WAAgB;QAChB;;;;;WAAsD;QACtD;;;;;WAAqC;QAiB/C;;;;WAIG;QACI;;;;mBAAY,KAAK,IAA0B,EAAE;gBAClD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,WAAW,CAAC;YAC1B,CAAC;WAAC;QAyJF,aAAa;QAEb,yBAAyB;QAEzB;;;;;;WAMG;QACI;;;;mBAAK,CACV,KAAQ,EACR,QAAsC,EACtC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;gBAE7C,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;YACxE,CAAC;WAAC;QAEF;;;;;;;;;;;WAWG;QACI;;;;mBAAW,KAAK,EAAE,KAAa,EAAiB,EAAE;gBACvD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;gBACJ,CAAC;gBACD,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAChC,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAc,KAAK,IAAmB,EAAE;gBAC7C,oEAAoE;gBACpE,+DAA+D;gBAC/D,gCAAgC;gBAChC,MAAM,IAAI,CAAC,WAAW,CAAC,6BAA6B,CAAC,CAAC;YACxD,CAAC;WAAC;QAEM;;;;mBAAc,KAAK,EAAE,KAAa,EAAiB,EAAE;gBAC3D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC;oBAC9D,IAAI,EAAE,2BAA2B;oBACjC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,SAAS,EAAE,KAAK;wBAChB,UAAU,EAAE,EAAE;qBACf;iBACF,CAAC,CAAC;gBACH,MAAM,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE;oBAC1C,cAAc;iBACf,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAa,KAAK,EAAE,OAAkC,EAAE,EAAE;gBAC/D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAC9B,MAAM,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;gBAE7C,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBACjE,IAAI,EAAE,wCAAwC;oBAC9C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,cAAc,EAAE;4BACd;gCACE,WAAW;gCACX,iBAAiB,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;gCACrD,SAAS,EACP,OAAO,SAAS,KAAK,QAAQ;oCAC3B,CAAC,CAAC,SAAS;oCACX,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC;6BACjC;yBACF;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAC5D,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,4BAA4B,CAC7B,CAAC;gBAEF,OAAO,gBAAgB,CAAC;YAC1B,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAgB,KAAK,EAAE,eAAuB,EAAiB,EAAE;gBACtE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBAC5C,IAAI,EAAE,qCAAqC;oBAC3C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,gBAAgB,EAAE,CAAC,eAAe,CAAC;qBACpC;iBACF,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAwB,KAAK,EAAE,OAAyB,SAAS,EAAE,EAAE;gBAC1E,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBAC9D,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBAChD,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;oBACjB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;oBACjD,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;gBAClD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;gBAEnD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAmB,KAAK,IAAI,EAAE;gBACnC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC;oBACtD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;iBACzB,CAAC,CAAC;gBACH,OAAO;oBACL,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAC9C,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC,UAAU,CAAC,CAC5C;iBACF,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAmB,KAAK,EAC7B,MAA8B,EACF,EAAE;gBAC9B,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;gBAC3C,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,yBAAyB,CAAC;oBACxE,IAAI,EAAE,sCAAsC;oBAC5C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;qBAC9C;iBACF,CAAC,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE;oBAC5D,cAAc;iBACf,CAAC,CAAC;gBACH,OAAO,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;YACpC,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAsB,KAAK,EAAE,UAAkB,EAAE,EAAE;gBACxD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,yBAAyB,CAAC;oBACxE,IAAI,EAAE,sCAAsC;oBAC5C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,WAAW,EAAE,CAAC,UAAU,CAAC;qBAC1B;iBACF,CAAC,CAAC;gBACH,MAAM,IAAI,CAAC,OAAO,CAAC,2BAA2B,EAAE,EAAE,cAAc,EAAE,CAAC,CAAC;YACtE,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAkB,KAAK,IAA0B,EAAE;gBACxD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE;oBACjD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAC1B,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAS,KAAK,EACnB,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,EACxB,OAAgB,EAChB,WAAoB,EACL,EAAE;gBACjB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBACd,OAAO,IAAI,CAAC,IAAI,CAAC;gBACnB,CAAC;gBAED,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBACvC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7D,cAAc,EAAE,KAAK;iBACtB,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC5C,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,OAAO,EAAE,CAAC;oBACZ,MAAM,MAAM,GAA4B,SAAS,CAAC,OAAO,CAAC,CAAC;oBAC3D,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;oBACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;oBACrB,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBACrC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;oBAC5B,CAAC;gBACH,CAAC;gBAED,IAAI,WAAW,EAAE,CAAC;oBAChB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;gBACjC,CAAC;gBAED,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;oBACzB,IAAI,CAAC;wBACH,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAC;6BACtD,YAAsB,CAAC;oBAC5B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,OAAO,SAAS,CAAC;oBACnB,CAAC;gBACH,CAAC,CAAC,EAAE,CAAC;gBAEL,IAAI,CAAC,IAAI,GAAG;oBACV,GAAG,IAAI;oBACP,YAAY;iBACb,CAAC;gBAEF,OAAO,IAAI,CAAC,IAAI,CAAC;YACnB,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAc,KAAK,IAA6B,EAAE;gBACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;gBAC1E,CAAC;gBAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAuB,KAAK,IAA6B,EAAE;gBAChE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;gBACJ,CAAC;gBAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBACnD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;WASG;QACI;;;;mBAA4B,KAAK,EACtC,MAAuC,EACxB,EAAE;gBACjB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;gBAClE,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC;oBAClD,IAAI,EAAE,kCAAkC;oBACxC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;oBAC5C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,OAAO,EAAE;4BACP;gCACE,UAAU,EAAE,MAAM,CAAC,IAAI;gCACvB,SAAS,EAAE,MAAM,CAAC,SAAS;gCAC3B,SAAS,EAAE,oBAAoB;gCAC/B,iBAAiB,EAAE,MAAM,CAAC,aAAa,CAAC,QAAQ,EAAE;6BACnD;yBACF;wBACD,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;qBACzB;iBACF,CAAC,CAAC;gBACH,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBACzD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoB,KAAK,EAAE,KAAa,EAAE,EAAE;gBACjD,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoB,KAAK,EAAE,KAAa,EAAE,EAAE;gBACjD,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAiB,KAAK,EAC3B,GAAQ,EACR,OAA8B,UAAU,EAC1B,EAAE;gBAChB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAClD,sGAAsG;oBACtG,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBAC9D,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EACV,IAAI,KAAK,UAAU;4BACjB,CAAC,CAAC,qBAAqB;4BACvB,CAAC,CAAC,8BAA8B;wBACpC,OAAO,EAAE,GAAG;wBACZ,QAAQ,EACN,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAc;qBACrE;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE;oBAC3D,cAAc;iBACf,CAAC,CAAC;gBAEH,OAAO,SAAS,CAAC;YACnB,CAAC;WAAC;QAEM;;;;mBAAuC,GAAG,EAAE,CAAC,CAAC;gBACpD,KAAK,EAAE,KAAK,EACV,OAAe,EAId,EAAE;oBACH,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;wBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;oBACpC,CAAC;oBAED,gGAAgG;oBAChG,mDAAmD;oBACnD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;oBAEzD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;wBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;wBAC/B,IAAI,EAAE,mCAAmC;wBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;wBAClC,UAAU,EAAE;4BACV,QAAQ,EAAE,4BAA4B;4BACtC,YAAY,EAAE,sBAAsB;4BACpC,OAAO,EAAE,OAAO;4BAChB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;yBAC5B;qBACF,CAAC,CAAC;oBAEH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE;wBAC3D,cAAc;qBACf,CAAC,CAAC;oBAEH,wDAAwD;oBACxD,MAAM,kBAAkB,GAAG,MAAM,gBAAgB,CAAC;wBAChD,IAAI,EAAE,MAAM;wBACZ,SAAS;qBACV,CAAC,CAAC;oBAEH,mEAAmE;oBACnE,+BAA+B;oBAC/B,MAAM,KAAK,GAAG;wBACZ,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;wBACpE,MAAM,EAAE,mCAAmC;wBAC3C,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,WAAW,CACxC,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CACnC,CAAC,QAAQ,EAAE;qBACb,CAAC;oBAEF,OAAO;wBACL,eAAe,EAAE,SAAS;wBAC1B,gBAAgB,EAAE,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;qBACtE,CAAC;gBACJ,CAAC;aACF,CAAC;WAAC;QAEK;;;;mBAA6C,GAAG,EAAE,CACxD,IAAI,aAAa,CACf,EAAE,OAAO,EAAE,yBAAyB,EAAE,EACtC,IAAI,CAAC,oCAAoC,EAAE,CAC5C;WAAC;QAEJ;;;;;;;;;WASG;QACI;;;;mBAAwC,KAAK,EAClD,GAAQ,EACR,KAAa,EACb,UAAkB,EAClB,EAAE;gBACF,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,gBAAgB,GAAG,IAAI,CAAC,0CAA0C,EAAE,CAAC;gBAE3E,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kCAAkC,EAAE;oBACxE,cAAc,EAAE,MAAM,gBAAgB,CAAC,mBAAmB,CAAC;wBACzD,cAAc,EAAE,KAAK;wBACrB,IAAI,EAAE,mCAAmC;wBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;wBAClC,UAAU,EAAE;4BACV,QAAQ,EAAE,8BAA8B;4BACxC,YAAY,EAAE,qBAAqB;4BACnC,OAAO,EAAE,GAAG;4BACZ,QAAQ,EAAE,UAAU;yBACrB;qBACF,CAAC;iBACH,CAAC,CAAC;gBAEH,OAAO,kBAAkB,CAAC;oBACxB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC;oBAC/C,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC;oBAC/C,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,+DAA+D;iBAChH,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAgC,KAAK,EAC1C,iBAA4B,EAC5B,EAAE;gBACF,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE;oBAC5D,OAAO,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,iBAAiB,CAAC,CAAC,GAAG,CACpD,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAC7C;iBACF,CAAC,CAAC;gBAEH,OAAO,QAAQ,CAAC,MAAM,CAAC;YACzB,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAA+B,KAAK,EACzC,KAAa,EACb,OAAkB,EAClB,EAAE;gBACF,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,0CAA0C,EAAE,CAAC;gBAE3E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,6BAA6B,EAAE;oBACjE,cAAc,EAAE,KAAK;oBACrB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC;iBACnE,CAAC,CAAC;gBAEH,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAC,gBAAgB,CAC5D,QAAQ,CAAC,MAAM,CAChB,CAAC;gBAEF,MAAM,EACJ,MAAM,EAAE,EAAE,uBAAuB,EAAE,GACpC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;oBAC5C,cAAc;iBACf,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,OAAO,CAAC,oCAAoC,EAAE;oBACvD,cAAc,EAAE,MAAM,gBAAgB,CAAC,qBAAqB,CAC1D,uBAAuB,CACxB;iBACF,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoC,KAAK,EAC9C,KAAa,EACb,OAAkB,EAClB,EAAE;gBACF,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,0CAA0C,EAAE,CAAC;gBAE3E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,gCAAgC,EAAE;oBACpE,cAAc,EAAE,KAAK;oBACrB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC;iBACnE,CAAC,CAAC;gBAEH,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAC,gBAAgB,CAC5D,QAAQ,CAAC,MAAM,CAAC,oBAAoB,CACrC,CAAC;gBAEF,MAAM,IAAI,CAAC,OAAO,CAAC,oCAAoC,EAAE;oBACvD,cAAc,EAAE,MAAM,gBAAgB,CAAC,qBAAqB,CAC1D,QAAQ,CAAC,MAAM,CAAC,uBAAuB,CACxC;iBACF,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE;oBAC3C,cAAc;iBACf,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;WAIG;QACI;;;;mBAAU,GAAgB,EAAE;gBACjC,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;YAC3B,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAU,KAAK,EACpB,KAAQ,EACR,IAAmB,EACS,EAAE;gBAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,2BAA2B,CAAC;gBAExE,MAAM,QAAQ,GAAG,SAAS,CAAC;gBAE3B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC9B,OAAO,CAAC,MAAM,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;gBAClD,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;gBACnD,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC;oBACjC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC5E,CAAC;qBAAM,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC;oBACrC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,CAAC;gBACzE,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,GAAG,GAAG,QAAQ,GAAG,KAAK,EAAE,EAAE;oBACxD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;oBAC1B,OAAO;iBACR,CAAC,CAAC;gBAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBACzC,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAEnC,OAAO,IAAyB,CAAC;YACnC,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAgB,KAAK,IAEzB,EAAE;gBACH,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,IAAI;wBACzB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,EAAE;oBACjD,cAAc;iBACf,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAS,KAAK,EAAE,MAAoB,EAAyB,EAAE;gBACpE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,GAAG;wBACxB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,QAAQ,MAAM,CAAC,eAAe,EAAE,CAAC;oBAC/B,KAAK,MAAM;wBACT,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE;4BACnD,cAAc;4BACd,eAAe,EAAE,MAAM,CAAC,eAAe;yBACxC,CAAC,CAAC;oBACL;wBACE,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,CAAC,eAAe,EAAE,CACzD,CAAC;gBACN,CAAC;YACH,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAY,KAAK,EACtB,MAAuB,EACiB,EAAE;gBAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,MAAM;wBAC3B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,8BAA8B,EAAE;oBAClD,cAAc;oBACd,aAAa,EAAE,MAAM,CAAC,aAAa;oBACnC,eAAe,EAAE,MAAM,CAAC,eAAe;iBACxC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAY,KAAK,EACtB,MAAuB,EACiB,EAAE;gBAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,MAAM;wBAC3B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE;oBACnD,cAAc;oBACd,cAAc,EAAE,MAAM,CAAC,cAAc;iBACtC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAuB,KAAK,EACjC,MAAkC,EACL,EAAE;gBAC/B,kDAAkD;gBAClD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,iCAAiC,EAAE;oBACrE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;oBACzC,YAAY,EAAE,MAAM,CAAC,YAAY;iBAClC,CAAC,CAAC;gBAEH,kGAAkG;gBAClG,IAAI,CAAC,QAAQ,CAAC,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;oBAC5D,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB;iBAC1C,CAAC;YACJ,CAAC;WAAC;QAEF,aAAa;QAEb,0BAA0B;QAE1B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAgCG;QACO;;;;mBAAsB,KAAK,EACnC,IAA6B,EACZ,EAAE;gBACnB,MAAM,EACJ,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,eAAe,GAAG,IAAI,GACvB,GAAG,IAAI,CAAC;gBAET,MAAM,EACJ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,KAAK,EAAE,aAAa,EACpB,MAAM,EAAE,cAAc,EACtB,eAAe,EAAE,uBAAuB,EACxC,IAAI,EACJ,WAAW,EACX,iBAAiB,GAClB,GAAG,WAAW,CAAC;gBAEhB,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,GAChD,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAE1D,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,mBAAmB,EAAE,CAAC;gBAClC,CAAC;gBAED,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CACrC,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,EAAE,KAAK,cAAc;oBAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,CACrD,CAAC;gBAEF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAC;gBACtE,CAAC;gBAED,IAAI,KAAK,GAAuB,aAAa,CAAC;gBAC9C,IAAI,MAAM,GAAuB,cAAc,CAAC;gBAChD,IAAI,eAAe,GACjB,uBAAuB,CAAC;gBAE1B,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACtB,MAAM,oBAAoB,GACxB,+BAA+B,CAAC,cAAc,CAAC,CAAC;oBAClD,KAAK,KAAL,KAAK,GAAK,oBAAoB,EAAE,KAAK,EAAC;oBACtC,MAAM,KAAN,MAAM,GAAK,oBAAoB,EAAE,MAAM,EAAC;oBACxC,eAAe,KAAf,eAAe,GAAK,oBAAoB,EAAE,eAAe,EAAC;gBAC5D,CAAC;gBACD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,wCAAwC,cAAc,EAAE,CAAC,CAAC;gBAC5E,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,YAAY,CAAC;gBAEhD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBACnD,MAAM,WAAW,GAAe;oBAC9B,cAAc;oBACd,gBAAgB;oBAChB,UAAU;oBACV,gBAAgB;oBAChB,iBAAiB;oBACjB,WAAW,EACT,IAAI,KAAK,UAAU;wBACjB,CAAC,CAAC,eAAe;4BACf,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC;4BACjC,CAAC,CAAC,WAAW;wBACf,CAAC,CAAC,SAAS;oBACf,YAAY,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;oBACnE,gBAAgB,EAAE,WAAW,CAAC,gBAAgB;iBAC/C,CAAC;gBACF,MAAM,KAAK,GAAG,eAAe,CAC3B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CACtD,CAAC;gBACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;gBACtC,MAAM,MAAM,GAA2B;oBACrC,YAAY,EAAE,gBAAgB;oBAC9B,aAAa,EAAE,MAAM;oBACrB,KAAK;oBACL,KAAK;oBACL,cAAc,EAAE,aAAa;oBAC7B,qBAAqB,EAAE,MAAM;oBAC7B,MAAM,EAAE,gBAAgB;oBACxB,SAAS,EAAE,QAAQ;oBACnB,KAAK;oBACL,GAAG,eAAe;iBACnB,CAAC;gBACF,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBACzB,CAAC;gBACD,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,CAAC,UAAU,GAAG,eAAe,CAAC;gBACtC,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBACpC,MAAM,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrE,CAAC,CAAC,CAAC;gBAEH,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAExD,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,YAAY,EAAE,CAAC;YAC1D,CAAC;WAAC;QAEM;;;;mBAAwB,KAAK,EACnC,IAAe,EACO,EAAE;gBACxB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC,WAAW,CAAC;gBAC1B,CAAC;qBAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/B,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,+HAA+H,CAChI,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEF,8EAA8E;QACpE;;;;mBAAyB,KAAK,EAKtC,QAEa,EACb,cAAsB,EACtB,SAAY,EAOZ,EAAE;gBACF,IAAI,QAAQ,CAAC,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBACpD,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAE,CAAC;gBACrC,CAAC;gBAED,MAAM,EACJ,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GACjC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC;oBACvC,UAAU,EAAE,QAAQ,CAAC,EAAE;oBACvB,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBAC3C,OAAO,MAAM,CAAC,SAAS,CAAE,CAAC;gBAC5B,CAAC;gBAED,IACE,MAAM,KAAK,wBAAwB;oBACnC,MAAM,KAAK,0BAA0B;oBACrC,MAAM,KAAK,kCAAkC,EAC7C,CAAC;oBACD,MAAM,IAAI,KAAK,CACb,uCAAuC,EAAE,aAAa,MAAM,GAAG,CAChE,CAAC;gBACJ,CAAC;gBAED,gEAAgE;gBAChE,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC;YAC1E,CAAC;WAAC;QACF,aAAa;QAEb;;;;;WAKG;QACO;;;;mBAAgB,CAAC,gBAAwB,EAAU,EAAE;gBAC7D,OAAO,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrE,CAAC;WAAC;QArtCA,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,SAAS,IAAI,sCAAsC,CAAC;QACnE,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,EAA6B,CAAC;QAClE,IAAI,CAAC,gBAAgB,GAAG,sBAAsB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CACpC,EAAE,OAAO,EAAE,yBAAyB,EAAE,EACtC,OAAO,CACR,CAAC;IACJ,CAAC;IAYD,IAAc,IAAI;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAc,IAAI,CAAC,IAAsB;QACvC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC;QAChC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC5C,CAAC;aAAM,IAAI,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC;YACjC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACO,UAAU,CAAC,OAAiC;QACpD,IAAI,CAAC,aAAa,CAAC,OAAO,GAAG,OAAO,CAAC;IACvC,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,aAAa,CACxB,MAA2B;QAE3B,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC1D,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;YACvD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAElD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;gBAChD,KAAK;gBACL,SAAS;gBACT,eAAe,EAAE,SAAS;gBAC1B,iBAAiB;gBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;aAClD,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YAC1B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC1D,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;YACzB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAElD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;gBAChD,KAAK;gBACL,eAAe,EAAE,SAAS;aAC3B,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9D,gCAAgC;QAChC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,MAAM,CAAC,YAAY,EACnB,EAAE,QAAQ,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CACjE,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;YAC9C,OAAO,EAAE;gBACP,SAAS,EACP,OAAO,SAAS,KAAK,QAAQ;oBAC3B,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC;gBAChC,WAAW;aACZ;YACD,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACpD,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,GAAG;YACV,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,OAAO,EAAE,MAAM,CAAC,OAAQ;YACxB,MAAM,EAAE,MAAM,CAAC,MAAO;YACtB,YAAY,EAAE,WAAW,CAAC,YAAY;YACtC,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC;QACF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QACzD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,MAAM,CAAC;IAChB,CAAC;CAymCF","sourcesContent":["import { ConnectionConfigSchema, type ConnectionConfig } from \"@aa-sdk/core\";\nimport { TurnkeyClient, type TSignedRequest } from \"@turnkey/http\";\nimport EventEmitter from \"eventemitter3\";\nimport { jwtDecode } from \"jwt-decode\";\nimport {\n hexToBytes,\n recoverPublicKey,\n serializeSignature,\n sha256,\n type Address,\n type Hex,\n} from \"viem\";\nimport { NotAuthenticatedError, OAuthProvidersError } from \"../errors.js\";\nimport { getDefaultProviderCustomization } from \"../oauth.js\";\nimport type { OauthMode } from \"../signer.js\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { resolveRelativeUrl } from \"../utils/resolveRelativeUrl.js\";\nimport type {\n AlchemySignerClientEvent,\n AlchemySignerClientEvents,\n AuthenticatingEventMetadata,\n CreateAccountParams,\n RemoveMfaParams,\n EmailAuthParams,\n AddMfaParams,\n AddMfaResult,\n experimental_CreateApiKeyParams,\n GetOauthProviderUrlArgs,\n GetWebAuthnAttestationResult,\n MfaFactor,\n JwtParams,\n JwtResponse,\n OauthConfig,\n OauthParams,\n OauthState,\n OtpParams,\n SignerBody,\n SignerResponse,\n SignerRoutes,\n SignupResponse,\n User,\n VerifyMfaParams,\n SubmitOtpCodeResponse,\n ValidateMultiFactorsParams,\n AuthLinkingPrompt,\n AddOauthProviderParams,\n CredentialCreationOptionOverrides,\n OauthProviderInfo,\n IdTokenOnly,\n AuthMethods,\n SmsAuthParams,\n} from \"./types.js\";\nimport { VERSION } from \"../version.js\";\nimport { secp256k1 } from \"@noble/curves/secp256k1\";\nimport { Point } from \"@noble/secp256k1\";\n\nexport interface BaseSignerClientParams {\n stamper: TurnkeyClient[\"stamper\"];\n connection: ConnectionConfig;\n rootOrgId?: string;\n rpId?: string;\n}\n\nexport type ExportWalletStamper = TurnkeyClient[\"stamper\"] & {\n injectWalletExportBundle(bundle: string, orgId: string): Promise<boolean>;\n injectKeyExportBundle(bundle: string, orgId: string): Promise<boolean>;\n publicKey(): string | null;\n};\n\nconst MFA_PAYLOAD = {\n GET: \"get_mfa\",\n ADD: \"add_mfa\",\n DELETE: \"delete_mfas\",\n VERIFY: \"verify_mfa\",\n LIST: \"list_mfas\",\n} as const;\n\nconst withHexPrefix = (hex: string) => `0x${hex}` as const;\n\n/**\n * Base class for all Alchemy Signer clients\n */\nexport abstract class BaseSignerClient<\n TExportWalletParams = unknown,\n TExportWalletOutput = unknown,\n> {\n private _user: User | undefined;\n private connectionConfig: ConnectionConfig;\n protected turnkeyClient: TurnkeyClient;\n protected rootOrg: string;\n protected eventEmitter: EventEmitter<AlchemySignerClientEvents>;\n protected oauthConfig: OauthConfig | undefined;\n /**\n * Create a new instance of the Alchemy Signer client\n *\n * @param {BaseSignerClientParams} params the parameters required to create the client\n */\n constructor(params: BaseSignerClientParams) {\n const { stamper, connection, rootOrgId } = params;\n this.rootOrg = rootOrgId ?? \"24c1acf5-810f-41e0-a503-d5d13fa8e830\";\n this.eventEmitter = new EventEmitter<AlchemySignerClientEvents>();\n this.connectionConfig = ConnectionConfigSchema.parse(connection);\n this.turnkeyClient = new TurnkeyClient(\n { baseUrl: \"https://api.turnkey.com\" },\n stamper,\n );\n }\n\n /**\n * Asynchronously fetches and sets the OAuth configuration.\n *\n * @returns {Promise<OauthConfig>} A promise that resolves to the OAuth configuration\n */\n public initOauth = async (): Promise<OauthConfig> => {\n this.oauthConfig = await this.getOauthConfig();\n return this.oauthConfig;\n };\n\n protected get user() {\n return this._user;\n }\n\n protected set user(user: User | undefined) {\n const previousUser = this._user;\n this._user = user;\n if (user && !previousUser) {\n this.eventEmitter.emit(\"connected\", user);\n } else if (!user && previousUser) {\n this.eventEmitter.emit(\"disconnected\");\n }\n }\n\n /**\n * Sets the stamper of the TurnkeyClient.\n *\n * @param {TurnkeyClient[\"stamper\"]} stamper the stamper function to set for the TurnkeyClient\n */\n protected setStamper(stamper: TurnkeyClient[\"stamper\"]) {\n this.turnkeyClient.stamper = stamper;\n }\n\n /**\n * Authenticates the user by either email or passkey account creation flow. Emits events during the process.\n *\n * @param {CreateAccountParams} params The parameters for creating an account, including the type (email or passkey) and additional details.\n * @returns {Promise<SignupResponse>} A promise that resolves with the response object containing the account creation result.\n */\n public async createAccount(\n params: CreateAccountParams,\n ): Promise<SignupResponse> {\n if (params.type === \"email\") {\n this.eventEmitter.emit(\"authenticating\", { type: \"otp\" });\n const { email, emailMode, expirationSeconds } = params;\n const publicKey = await this.initSessionStamper();\n\n const response = await this.request(\"/v1/signup\", {\n email,\n emailMode,\n targetPublicKey: publicKey,\n expirationSeconds,\n redirectParams: params.redirectParams?.toString(),\n });\n\n return response;\n }\n\n if (params.type === \"sms\") {\n this.eventEmitter.emit(\"authenticating\", { type: \"otp\" });\n const { phone } = params;\n const publicKey = await this.initSessionStamper();\n\n const response = await this.request(\"/v1/signup\", {\n phone,\n targetPublicKey: publicKey,\n });\n return response;\n }\n\n this.eventEmitter.emit(\"authenticating\", { type: \"passkey\" });\n // Passkey account creation flow\n const { attestation, challenge } = await this.getWebAuthnAttestation(\n params.creationOpts,\n { username: \"email\" in params ? params.email : params.username },\n );\n\n const result = await this.request(\"/v1/signup\", {\n passkey: {\n challenge:\n typeof challenge === \"string\"\n ? challenge\n : base64UrlEncode(challenge),\n attestation,\n },\n email: \"email\" in params ? params.email : undefined,\n });\n\n this.user = {\n orgId: result.orgId,\n address: result.address!,\n userId: result.userId!,\n credentialId: attestation.credentialId,\n solanaAddress: result.solanaAddress,\n };\n this.initWebauthnStamper(this.user, params.creationOpts);\n this.eventEmitter.emit(\"connectedPasskey\", this.user);\n\n return result;\n }\n\n // #region ABSTRACT METHODS\n\n public abstract initEmailAuth(\n params: Omit<EmailAuthParams, \"targetPublicKey\">,\n ): Promise<{ orgId: string; otpId?: string; multiFactors?: MfaFactor[] }>;\n\n public abstract initSmsAuth(\n params: Omit<SmsAuthParams, \"targetPublicKey\">,\n ): Promise<{ orgId: string; otpId?: string }>;\n\n public abstract completeAuthWithBundle(params: {\n bundle: string;\n orgId: string;\n connectedEventName: keyof AlchemySignerClientEvents;\n authenticatingType: AuthenticatingEventMetadata[\"type\"];\n idToken?: string;\n accessToken?: string;\n }): Promise<User>;\n\n public abstract oauthWithRedirect(\n args: Extract<OauthParams, { mode: \"redirect\" }>,\n ): Promise<User | IdTokenOnly>;\n\n public abstract oauthWithPopup(\n args: Extract<OauthParams, { mode: \"popup\" }>,\n ): Promise<User | AuthLinkingPrompt | IdTokenOnly>;\n\n public abstract submitOtpCode(\n args: Omit<OtpParams, \"targetPublicKey\">,\n ): Promise<SubmitOtpCodeResponse>;\n\n public abstract submitJwt(\n args: Omit<JwtParams, \"targetPublicKey\">,\n ): Promise<JwtResponse>;\n\n public abstract disconnect(): Promise<void>;\n\n public abstract exportWallet(\n params: TExportWalletParams,\n ): Promise<TExportWalletOutput>;\n\n public abstract targetPublicKey(): Promise<string>;\n\n protected abstract getOauthConfig(): Promise<OauthConfig>;\n\n protected abstract getWebAuthnAttestation(\n options?: CredentialCreationOptionOverrides,\n userDetails?: { username: string },\n ): Promise<GetWebAuthnAttestationResult>;\n\n /**\n * Initializes the session stamper and returns its public key.\n */\n protected abstract initSessionStamper(): Promise<string>;\n\n protected abstract initWebauthnStamper(\n user: User | undefined,\n options: CredentialCreationOptionOverrides | undefined,\n ): Promise<void>;\n\n // #endregion\n\n // #region PUBLIC METHODS\n\n /**\n * Listen to events emitted by the client\n *\n * @param {AlchemySignerClientEvent} event the event you want to listen to\n * @param {AlchemySignerClientEvents[AlchemySignerClientEvent]} listener the callback function to execute when an event is fired\n * @returns {() => void} a function that will remove the listener when called\n */\n public on = <E extends AlchemySignerClientEvent>(\n event: E,\n listener: AlchemySignerClientEvents[E],\n ) => {\n this.eventEmitter.on(event, listener as any);\n\n return () => this.eventEmitter.removeListener(event, listener as any);\n };\n\n /**\n * Sets the email for the authenticated user, allowing them to login with that\n * email.\n *\n * You must contact Alchemy to enable this feature for your team, as there are\n * important security considerations. In particular, you must not call this\n * without first validating that the user owns this email account.\n *\n * @param {string} email The email to set for the user\n * @returns {Promise<void>} A promise that resolves when the email is set\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public setEmail = async (email: string): Promise<void> => {\n if (!email) {\n throw new Error(\n \"Email must not be empty. Use removeEmail() to remove email auth.\",\n );\n }\n await this.updateEmail(email);\n };\n\n /**\n * Removes the email for the authenticated user, disallowing them from login with that email.\n *\n * @returns {Promise<void>} A promise that resolves when the email is removed\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public removeEmail = async (): Promise<void> => {\n // This is a hack to remove the email for the user. Turnkey does not\n // support clearing the email once set, so we set it to a known\n // inaccessible address instead.\n await this.updateEmail(\"not.enabled@example.invalid\");\n };\n\n private updateEmail = async (email: string): Promise<void> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const stampedRequest = await this.turnkeyClient.stampUpdateUser({\n type: \"ACTIVITY_TYPE_UPDATE_USER\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n userEmail: email,\n userTagIds: [],\n },\n });\n await this.request(\"/v1/update-email-auth\", {\n stampedRequest,\n });\n };\n\n /**\n * Handles the creation of authenticators using WebAuthn attestation and the provided options. Requires the user to be authenticated.\n *\n * @param {CredentialCreationOptions} options The options used to create the WebAuthn attestation\n * @returns {Promise<string[]>} A promise that resolves to an array of authenticator IDs\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public addPasskey = async (options: CredentialCreationOptions) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const { attestation, challenge } =\n await this.getWebAuthnAttestation(options);\n\n const { activity } = await this.turnkeyClient.createAuthenticators({\n type: \"ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n authenticators: [\n {\n attestation,\n authenticatorName: `passkey-${Date.now().toString()}`,\n challenge:\n typeof challenge === \"string\"\n ? challenge\n : base64UrlEncode(challenge),\n },\n ],\n },\n });\n\n const { authenticatorIds } = await this.pollActivityCompletion(\n activity,\n this.user.orgId,\n \"createAuthenticatorsResult\",\n );\n\n return authenticatorIds;\n };\n\n /**\n * Removes a passkey authenticator from the user's account.\n *\n * @param {string} authenticatorId The ID of the authenticator to remove.\n * @returns {Promise<void>} A promise that resolves when the authenticator is removed.\n * @throws {NotAuthenticatedError} If the user is not authenticated.\n */\n public removePasskey = async (authenticatorId: string): Promise<void> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n await this.turnkeyClient.deleteAuthenticators({\n type: \"ACTIVITY_TYPE_DELETE_AUTHENTICATORS\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n authenticatorIds: [authenticatorId],\n },\n });\n };\n\n /**\n * Asynchronously handles the authentication process using WebAuthn Stamper. If a user is provided, sets the user and returns it. Otherwise, retrieves the current user and initializes the WebAuthn stamper.\n *\n * @param {User} [user] An optional user object to authenticate\n * @returns {Promise<User>} A promise that resolves to the authenticated user object\n */\n public lookupUserWithPasskey = async (user: User | undefined = undefined) => {\n this.eventEmitter.emit(\"authenticating\", { type: \"passkey\" });\n await this.initWebauthnStamper(user, undefined);\n if (user) {\n this.user = user;\n this.eventEmitter.emit(\"connectedPasskey\", user);\n return user;\n }\n\n const result = await this.whoami(this.rootOrg);\n await this.initWebauthnStamper(result, undefined);\n this.eventEmitter.emit(\"connectedPasskey\", result);\n\n return result;\n };\n\n /**\n * Retrieves the status of the passkey for the current user. Requires the user to be authenticated.\n *\n * @returns {Promise<{ isPasskeyAdded: boolean }>} A promise that resolves to an object containing the passkey status\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public getPasskeyStatus = async () => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const resp = await this.turnkeyClient.getAuthenticators({\n organizationId: this.user.orgId,\n userId: this.user.userId,\n });\n return {\n isPasskeyAdded: resp.authenticators.some((it) =>\n it.authenticatorName.startsWith(\"passkey-\"),\n ),\n };\n };\n\n /**\n * Adds an OAuth provider for the authenticated user using the provided parameters. Throws an error if the user is not authenticated.\n *\n * @param {AddOauthProviderParams} params The parameters for adding an OAuth provider, including `providerName` and `oidcToken`.\n * @throws {NotAuthenticatedError} Throws if the user is not authenticated.\n * @returns {Promise<void>} A Promise that resolves when the OAuth provider is added.\n */\n public addOauthProvider = async (\n params: AddOauthProviderParams,\n ): Promise<OauthProviderInfo> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const { providerName, oidcToken } = params;\n const stampedRequest = await this.turnkeyClient.stampCreateOauthProviders({\n type: \"ACTIVITY_TYPE_CREATE_OAUTH_PROVIDERS\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n oauthProviders: [{ providerName, oidcToken }],\n },\n });\n const response = await this.request(\"/v1/add-oauth-provider\", {\n stampedRequest,\n });\n return response.oauthProviders[0];\n };\n\n /**\n * Deletes a specified OAuth provider for the authenticated user.\n *\n * @param {string} providerId The ID of the provider to be deleted\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public removeOauthProvider = async (providerId: string) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const stampedRequest = await this.turnkeyClient.stampDeleteOauthProviders({\n type: \"ACTIVITY_TYPE_DELETE_OAUTH_PROVIDERS\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n providerIds: [providerId],\n },\n });\n await this.request(\"/v1/remove-oauth-provider\", { stampedRequest });\n };\n\n /**\n * Retrieves the list of authentication methods for the current user.\n *\n * @returns {Promise<AuthMethods>} A promise that resolves to the list of authentication methods\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public listAuthMethods = async (): Promise<AuthMethods> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n return await this.request(\"/v1/list-auth-methods\", {\n suborgId: this.user.orgId,\n });\n };\n\n /**\n * Retrieves the current user or fetches the user information if not already available.\n *\n * @param {string} [orgId] optional organization ID, defaults to the user's organization ID\n * @param {string} idToken an OIDC ID token containing additional user information\n * @param {string} accessToken an access token which if provided will be added to the user\n * @returns {Promise<User>} A promise that resolves to the user object\n * @throws {Error} if no organization ID is provided when there is no current user\n */\n public whoami = async (\n orgId = this.user?.orgId,\n idToken?: string,\n accessToken?: string,\n ): Promise<User> => {\n if (this.user) {\n return this.user;\n }\n\n if (!orgId) {\n throw new Error(\"No orgId provided\");\n }\n\n const stampedRequest = await this.turnkeyClient.stampGetWhoami({\n organizationId: orgId,\n });\n\n const user = await this.request(\"/v1/whoami\", {\n stampedRequest,\n });\n\n if (idToken) {\n const claims: Record<string, unknown> = jwtDecode(idToken);\n user.idToken = idToken;\n user.claims = claims;\n if (typeof claims.email === \"string\") {\n user.email = claims.email;\n }\n }\n\n if (accessToken) {\n user.accessToken = accessToken;\n }\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string;\n } catch (e) {\n return undefined;\n }\n })();\n\n this.user = {\n ...user,\n credentialId,\n };\n\n return this.user;\n };\n\n /**\n * Generates a stamped whoami request for the current user. This request can then be used to call /signer/v1/whoami to get the user information.\n * This is useful if you want to get the user information in a different context like a server. You can pass the stamped request to the server\n * and then call our API to get the user information. Using this stamp is the most trusted way to get the user information since a stamp can only\n * belong to the user who created it.\n *\n * @returns {Promise<TSignedRequest>} a promise that resolves to the \"whoami\" information for the logged in user\n * @throws {Error} if no organization ID is provided\n */\n public stampWhoami = async (): Promise<TSignedRequest> => {\n if (!this.user) {\n throw new Error(\"User must be authenticated to stamp a whoami request\");\n }\n\n return await this.turnkeyClient.stampGetWhoami({\n organizationId: this.user.orgId,\n });\n };\n\n /**\n * Generates a stamped getOrganization request for the current user.\n *\n * @returns {Promise<TSignedRequest>} a promise that resolves to the \"getOrganization\" information for the logged in user\n * @throws {Error} if no user is authenticated\n */\n public stampGetOrganization = async (): Promise<TSignedRequest> => {\n if (!this.user) {\n throw new Error(\n \"User must be authenticated to stamp a get organization request\",\n );\n }\n\n return await this.turnkeyClient.stampGetOrganization({\n organizationId: this.user.orgId,\n });\n };\n\n /**\n * Creates an API key that can take any action on behalf of the current user.\n * (Note that this method is currently experimental and is subject to change.)\n *\n * @param {CreateApiKeyParams} params Parameters for creating the API key.\n * @param {string} params.name Name of the API key.\n * @param {string} params.publicKey Public key to be used for the API key.\n * @param {number} params.expirationSec Number of seconds until the API key expires.\n * @throws {Error} If there is no authenticated user or the API key creation fails.\n */\n public experimental_createApiKey = async (\n params: experimental_CreateApiKeyParams,\n ): Promise<void> => {\n if (!this.user) {\n throw new Error(\"User must be authenticated to create api key\");\n }\n const resp = await this.turnkeyClient.createApiKeys({\n type: \"ACTIVITY_TYPE_CREATE_API_KEYS_V2\",\n timestampMs: new Date().getTime().toString(),\n organizationId: this.user.orgId,\n parameters: {\n apiKeys: [\n {\n apiKeyName: params.name,\n publicKey: params.publicKey,\n curveType: \"API_KEY_CURVE_P256\",\n expirationSeconds: params.expirationSec.toString(),\n },\n ],\n userId: this.user.userId,\n },\n });\n if (resp.activity.status !== \"ACTIVITY_STATUS_COMPLETED\") {\n throw new Error(\"Failed to create api key\");\n }\n };\n\n /**\n * Looks up information based on an email address.\n *\n * @param {string} email the email address to look up\n * @returns {Promise<any>} the result of the lookup request\n */\n public lookupUserByEmail = async (email: string) => {\n return this.request(\"/v1/lookup\", { email });\n };\n\n /**\n * Looks up information based on a phone number.\n *\n * @param {string} phone the phone number to look up\n * @returns {Promise<any>} the result of the lookup request\n */\n public lookupUserByPhone = async (phone: string) => {\n return this.request(\"/v1/lookup\", { phone });\n };\n\n /**\n * This will sign a message with the user's private key, without doing any transformations on the message.\n * For SignMessage or SignTypedData, the caller should hash the message before calling this method and pass\n * that result here.\n *\n * @param {Hex} msg the hex representation of the bytes to sign\n * @param {string} mode specify if signing should happen for solana or ethereum\n * @returns {Promise<Hex>} the signature over the raw hex\n */\n public signRawMessage = async (\n msg: Hex,\n mode: \"SOLANA\" | \"ETHEREUM\" = \"ETHEREUM\",\n ): Promise<Hex> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n if (!this.user.solanaAddress && mode === \"SOLANA\") {\n // TODO: we need to add backwards compatibility for users who signed up before we added Solana support\n throw new Error(\"No Solana address available for the user\");\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction:\n mode === \"ETHEREUM\"\n ? \"HASH_FUNCTION_NO_OP\"\n : \"HASH_FUNCTION_NOT_APPLICABLE\",\n payload: msg,\n signWith:\n mode === \"ETHEREUM\" ? this.user.address : this.user.solanaAddress!,\n },\n });\n\n const { signature } = await this.request(\"/v1/sign-payload\", {\n stampedRequest,\n });\n\n return signature;\n };\n\n private experimental_createMultiOwnerStamper = () => ({\n stamp: async (\n request: string,\n ): Promise<{\n stampHeaderName: string;\n stampHeaderValue: string;\n }> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n // we need this later to recover the public key from the signature, so we don't let turnkey hash\n // this for us and pass HASH_FUNCTION_NO_OP instead\n const hashed = sha256(new TextEncoder().encode(request));\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_TEXT_UTF8\",\n hashFunction: \"HASH_FUNCTION_SHA256\",\n payload: request,\n signWith: this.user.address,\n },\n });\n\n const { signature } = await this.request(\"/v1/sign-payload\", {\n stampedRequest,\n });\n\n // recover the public key, we can't just use the address\n const recoveredPublicKey = await recoverPublicKey({\n hash: hashed,\n signature,\n });\n\n // compute the stamp over the original payload using this signature\n // the format here is important\n const stamp = {\n publicKey: Point.fromHex(hexToBytes(recoveredPublicKey)).toHex(true),\n scheme: \"SIGNATURE_SCHEME_TK_API_SECP256K1\",\n signature: secp256k1.Signature.fromCompact(\n hexToBytes(signature).slice(0, 64),\n ).toDERHex(),\n };\n\n return {\n stampHeaderName: \"X-Stamp\",\n stampHeaderValue: base64UrlEncode(Buffer.from(JSON.stringify(stamp))),\n };\n },\n });\n\n private experimental_createMultiOwnerTurnkeyClient = () =>\n new TurnkeyClient(\n { baseUrl: \"https://api.turnkey.com\" },\n this.experimental_createMultiOwnerStamper(),\n );\n\n /**\n * This will sign on behalf of the multi-owner org, without doing any transformations on the message.\n * For SignMessage or SignTypedData, the caller should hash the message before calling this method and pass\n * that result here.\n *\n * @param {Hex} msg the hex representation of the bytes to sign\n * @param {string} orgId orgId of the multi-owner org to sign on behalf of\n * @param {string} orgAddress address of the multi-owner org to sign on behalf of\n * @returns {Promise<Hex>} the signature over the raw hex\n */\n public experimental_multiOwnerSignRawMessage = async (\n msg: Hex,\n orgId: string,\n orgAddress: string,\n ) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const multiOwnerClient = this.experimental_createMultiOwnerTurnkeyClient();\n\n const { result } = await this.request(\"/v1/multi-owner-sign-raw-payload\", {\n stampedRequest: await multiOwnerClient.stampSignRawPayload({\n organizationId: orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: msg,\n signWith: orgAddress,\n },\n }),\n });\n\n return serializeSignature({\n r: withHexPrefix(result.signRawPayloadResult.r),\n s: withHexPrefix(result.signRawPayloadResult.s),\n yParity: Number(result.signRawPayloadResult.v), // this is not actually a legacy v value, it's the y parity bit\n });\n };\n\n /**\n * This will create a multi-owner account with the current user and additional specified signers\n *\n * @param {Address[]} additionalMembers members to add, aside from the currently authenticated user\n * @returns {Promise<SignerResponse<\"/v1/multi-owner-create\">['result']>} created multi-owner account\n */\n public experimental_createMultiOwner = async (\n additionalMembers: Address[],\n ) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const response = await this.request(\"/v1/multi-owner-create\", {\n members: [this.user.address, ...additionalMembers].map(\n (evmSignerAddress) => ({ evmSignerAddress }),\n ),\n });\n\n return response.result;\n };\n\n /**\n * This will add additional members to an existing multi-sig account\n *\n * @param {string} orgId orgId of the multi-sig to add members to\n * @param {Address[]} members the addresses of the members to add\n */\n public experimental_addToMultiOwner = async (\n orgId: string,\n members: Address[],\n ) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const multiOwnerClient = this.experimental_createMultiOwnerTurnkeyClient();\n\n const prepared = await this.request(\"/v1/multi-owner-prepare-add\", {\n organizationId: orgId,\n members: members.map((evmSignerAddress) => ({ evmSignerAddress })),\n });\n\n const stampedRequest = await multiOwnerClient.stampCreateUsers(\n prepared.result,\n );\n\n const {\n result: { updateRootQuorumRequest },\n } = await this.request(\"/v1/multi-owner-add\", {\n stampedRequest,\n });\n\n await this.request(\"/v1/multi-owner-update-root-quorum\", {\n stampedRequest: await multiOwnerClient.stampUpdateRootQuorum(\n updateRootQuorumRequest,\n ),\n });\n };\n\n /**\n * This will remove members from an existing multi-sig account\n *\n * @param {string} orgId orgId of the multi-sig to remove members from\n * @param {Address[]} members the addresses of the members to remove\n */\n public experimental_deleteFromMultiOwner = async (\n orgId: string,\n members: Address[],\n ) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const multiOwnerClient = this.experimental_createMultiOwnerTurnkeyClient();\n\n const prepared = await this.request(\"/v1/multi-owner-prepare-delete\", {\n organizationId: orgId,\n members: members.map((evmSignerAddress) => ({ evmSignerAddress })),\n });\n\n const stampedRequest = await multiOwnerClient.stampDeleteUsers(\n prepared.result.deleteMembersRequest,\n );\n\n await this.request(\"/v1/multi-owner-update-root-quorum\", {\n stampedRequest: await multiOwnerClient.stampUpdateRootQuorum(\n prepared.result.updateRootQuorumRequest,\n ),\n });\n\n await this.request(\"/v1/multi-owner-delete\", {\n stampedRequest,\n });\n };\n\n /**\n * Returns the current user or null if no user is set.\n *\n * @returns {User | null} the current user object or null if no user is available\n */\n public getUser = (): User | null => {\n return this.user ?? null;\n };\n\n /**\n * Sends a POST request to the given signer route with the specified body and returns the response.\n * Not intended to be used directly, use the specific methods instead on the client instead.\n *\n * @param {SignerRoutes} route The route to which the request should be sent\n * @param {SignerBody<R>} body The request body containing the data to be sent\n * @returns {Promise<SignerResponse<R>>} A promise that resolves to the response from the signer\n */\n public request = async <R extends SignerRoutes>(\n route: R,\n body: SignerBody<R>,\n ): Promise<SignerResponse<R>> => {\n const url = this.connectionConfig.rpcUrl ?? \"https://api.g.alchemy.com\";\n\n const basePath = \"/signer\";\n\n const headers = new Headers();\n headers.append(\"Alchemy-AA-Sdk-Version\", VERSION);\n headers.append(\"Content-Type\", \"application/json\");\n if (this.connectionConfig.apiKey) {\n headers.append(\"Authorization\", `Bearer ${this.connectionConfig.apiKey}`);\n } else if (this.connectionConfig.jwt) {\n headers.append(\"Authorization\", `Bearer ${this.connectionConfig.jwt}`);\n }\n\n const response = await fetch(`${url}${basePath}${route}`, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers,\n });\n\n if (!response.ok) {\n throw new Error(await response.text());\n }\n\n const json = await response.json();\n\n return json as SignerResponse<R>;\n };\n\n /**\n * Retrieves the list of MFA factors configured for the current user.\n *\n * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to an array of configured MFA factors\n * @throws {NotAuthenticatedError} If no user is authenticated\n */\n public getMfaFactors = async (): Promise<{\n multiFactors: MfaFactor[];\n }> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: MFA_PAYLOAD.LIST,\n signWith: this.user.address,\n },\n });\n\n return this.request(\"/v1/auth-list-multi-factors\", {\n stampedRequest,\n });\n };\n\n /**\n * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.\n *\n * @param {AddMfaParams} params The parameters required to enable a new MFA factor\n * @returns {Promise<AddMfaResult>} A promise that resolves to the factor setup information\n * @throws {NotAuthenticatedError} If no user is authenticated\n * @throws {Error} If an unsupported factor type is provided\n */\n public addMfa = async (params: AddMfaParams): Promise<AddMfaResult> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: MFA_PAYLOAD.ADD,\n signWith: this.user.address,\n },\n });\n\n switch (params.multiFactorType) {\n case \"totp\":\n return this.request(\"/v1/auth-request-multi-factor\", {\n stampedRequest,\n multiFactorType: params.multiFactorType,\n });\n default:\n throw new Error(\n `Unsupported MFA factor type: ${params.multiFactorType}`,\n );\n }\n };\n\n /**\n * Verifies a newly created MFA factor to complete the setup process.\n *\n * @param {VerifyMfaParams} params The parameters required to verify the MFA factor\n * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors\n * @throws {NotAuthenticatedError} If no user is authenticated\n */\n public verifyMfa = async (\n params: VerifyMfaParams,\n ): Promise<{ multiFactors: MfaFactor[] }> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: MFA_PAYLOAD.VERIFY,\n signWith: this.user.address,\n },\n });\n\n return this.request(\"/v1/auth-verify-multi-factor\", {\n stampedRequest,\n multiFactorId: params.multiFactorId,\n multiFactorCode: params.multiFactorCode,\n });\n };\n\n /**\n * Removes existing MFA factors by ID.\n *\n * @param {RemoveMfaParams} params The parameters specifying which factors to disable\n * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors\n * @throws {NotAuthenticatedError} If no user is authenticated\n */\n public removeMfa = async (\n params: RemoveMfaParams,\n ): Promise<{ multiFactors: MfaFactor[] }> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: MFA_PAYLOAD.DELETE,\n signWith: this.user.address,\n },\n });\n\n return this.request(\"/v1/auth-delete-multi-factors\", {\n stampedRequest,\n multiFactorIds: params.multiFactorIds,\n });\n };\n\n /**\n * Validates multiple MFA factors using the provided encrypted payload and MFA codes.\n *\n * @param {ValidateMultiFactorsParams} params The validation parameters\n * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle\n * @throws {Error} If no credential bundle is returned from the server\n */\n public validateMultiFactors = async (\n params: ValidateMultiFactorsParams,\n ): Promise<{ bundle: string }> => {\n // Send the encryptedPayload plus TOTP codes, etc:\n const response = await this.request(\"/v1/auth-validate-multi-factors\", {\n encryptedPayload: params.encryptedPayload,\n multiFactors: params.multiFactors,\n });\n\n // The server is expected to return the *decrypted* payload in `response.payload.credentialBundle`\n if (!response.payload || !response.payload.credentialBundle) {\n throw new Error(\n \"Request to validateMultiFactors did not return a credential bundle\",\n );\n }\n\n return {\n bundle: response.payload.credentialBundle,\n };\n };\n\n // #endregion\n\n // #region PRIVATE METHODS\n\n /**\n * Returns the authentication url for the selected OAuth Proivder\n *\n * @example\n * ```ts\n *\n * cosnt oauthParams = {\n * authProviderId: \"google\",\n * isCustomProvider: false,\n * auth0Connection: undefined,\n * scope: undefined,\n * claims: undefined,\n * mode: \"redirect\",\n * redirectUrl: \"https://your-url-path/oauth-return\",\n * expirationSeconds: 3000\n * };\n *\n * const turnkeyPublicKey = await this.initIframeStamper();\n * const oauthCallbackUrl = this.oauthCallbackUrl;\n * const oauthConfig = this.getOauthConfig() // Optional value for OauthConfig()\n * const usesRelativeUrl = true // Optional value to determine if we use a relative (or absolute) url for the `redirect_url`\n *\n * const oauthProviderUrl = getOauthProviderUrl({\n * oauthParams,\n * turnkeyPublicKey,\n * oauthCallbackUrl\n * })\n *\n * ```\n * @param {GetOauthProviderUrlArgs} args Required. The Oauth provider's auth parameters\n *\n * @returns {Promise<string>} returns the Oauth provider's url\n */\n protected getOauthProviderUrl = async (\n args: GetOauthProviderUrlArgs,\n ): Promise<string> => {\n const {\n oauthParams,\n turnkeyPublicKey,\n oauthCallbackUrl,\n oauthConfig,\n usesRelativeUrl = true,\n } = args;\n\n const {\n authProviderId,\n isCustomProvider,\n auth0Connection,\n scope: providedScope,\n claims: providedClaims,\n otherParameters: providedOtherParameters,\n mode,\n redirectUrl,\n expirationSeconds,\n } = oauthParams;\n\n const { codeChallenge, requestKey, authProviders } =\n oauthConfig ?? (await this.getOauthConfigForMode(mode));\n\n if (!authProviders) {\n throw new OAuthProvidersError();\n }\n\n const authProvider = authProviders.find(\n (provider) =>\n provider.id === authProviderId &&\n !!provider.isCustomProvider === !!isCustomProvider,\n );\n\n if (!authProvider) {\n throw new Error(`No auth provider found with id ${authProviderId}`);\n }\n\n let scope: string | undefined = providedScope;\n let claims: string | undefined = providedClaims;\n let otherParameters: Record<string, string> | undefined =\n providedOtherParameters;\n\n if (!isCustomProvider) {\n const defaultCustomization =\n getDefaultProviderCustomization(authProviderId);\n scope ??= defaultCustomization?.scope;\n claims ??= defaultCustomization?.claims;\n otherParameters ??= defaultCustomization?.otherParameters;\n }\n if (!scope) {\n throw new Error(`Default scope not known for provider ${authProviderId}`);\n }\n const { authEndpoint, clientId } = authProvider;\n\n const nonce = this.getOauthNonce(turnkeyPublicKey);\n const stateObject: OauthState = {\n authProviderId,\n isCustomProvider,\n requestKey,\n turnkeyPublicKey,\n expirationSeconds,\n redirectUrl:\n mode === \"redirect\"\n ? usesRelativeUrl\n ? resolveRelativeUrl(redirectUrl)\n : redirectUrl\n : undefined,\n openerOrigin: mode === \"popup\" ? window.location.origin : undefined,\n fetchIdTokenOnly: oauthParams.fetchIdTokenOnly,\n };\n const state = base64UrlEncode(\n new TextEncoder().encode(JSON.stringify(stateObject)),\n );\n const authUrl = new URL(authEndpoint);\n const params: Record<string, string> = {\n redirect_uri: oauthCallbackUrl,\n response_type: \"code\",\n scope,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: \"S256\",\n prompt: \"select_account\",\n client_id: clientId,\n nonce,\n ...otherParameters,\n };\n if (claims) {\n params.claims = claims;\n }\n if (auth0Connection) {\n params.connection = auth0Connection;\n }\n\n Object.keys(params).forEach((param) => {\n params[param] && authUrl.searchParams.append(param, params[param]);\n });\n\n const [urlPath, searchParams] = authUrl.href.split(\"?\");\n\n return `${urlPath?.replace(/\\/$/, \"\")}?${searchParams}`;\n };\n\n private getOauthConfigForMode = async (\n mode: OauthMode,\n ): Promise<OauthConfig> => {\n if (this.oauthConfig) {\n return this.oauthConfig;\n } else if (mode === \"redirect\") {\n return this.initOauth();\n } else {\n throw new Error(\n \"enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login\",\n );\n }\n };\n\n // eslint-disable-next-line eslint-rules/require-jsdoc-on-reexported-functions\n protected pollActivityCompletion = async <\n T extends keyof Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"][\"result\"],\n >(\n activity: Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"],\n organizationId: string,\n resultKey: T,\n ): Promise<\n NonNullable<\n Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"][\"result\"][T]\n >\n > => {\n if (activity.status === \"ACTIVITY_STATUS_COMPLETED\") {\n return activity.result[resultKey]!;\n }\n\n const {\n activity: { status, id, result },\n } = await this.turnkeyClient.getActivity({\n activityId: activity.id,\n organizationId,\n });\n\n if (status === \"ACTIVITY_STATUS_COMPLETED\") {\n return result[resultKey]!;\n }\n\n if (\n status === \"ACTIVITY_STATUS_FAILED\" ||\n status === \"ACTIVITY_STATUS_REJECTED\" ||\n status === \"ACTIVITY_STATUS_CONSENSUS_NEEDED\"\n ) {\n throw new Error(\n `Failed to get activity with with id ${id} (status: ${status})`,\n );\n }\n\n // TODO: add ability to configure this + add exponential backoff\n await new Promise((resolve) => setTimeout(resolve, 500));\n\n return this.pollActivityCompletion(activity, organizationId, resultKey);\n };\n // #endregion\n\n /**\n * Turnkey requires the nonce in the id token to be in this format.\n *\n * @param {string} turnkeyPublicKey key from a Turnkey iframe\n * @returns {string} nonce to be used in OIDC\n */\n protected getOauthNonce = (turnkeyPublicKey: string): string => {\n return sha256(new TextEncoder().encode(turnkeyPublicKey)).slice(2);\n };\n}\n"]}
1
+ {"version":3,"file":"base.js","sourceRoot":"","sources":["../../../src/client/base.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAyB,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,aAAa,EAAuB,MAAM,eAAe,CAAC;AACnE,OAAO,YAAY,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,kBAAkB,EAClB,MAAM,GAGP,MAAM,MAAM,CAAC;AACd,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,+BAA+B,EAAE,MAAM,aAAa,CAAC;AAE9D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AAqCpE,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAezC,MAAM,WAAW,GAAG;IAClB,GAAG,EAAE,SAAS;IACd,GAAG,EAAE,SAAS;IACd,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,YAAY;IACpB,IAAI,EAAE,WAAW;CACT,CAAC;AAEX,MAAM,aAAa,GAAG,CAAC,GAAW,EAAE,EAAE,CAAC,KAAK,GAAG,EAAW,CAAC;AAE3D;;GAEG;AACH,MAAM,OAAgB,gBAAgB;IAUpC;;;;OAIG;IACH,YAAY,MAA8B;QAXlC;;;;;WAAwB;QACxB;;;;;WAAmC;QACjC;;;;;WAA6B;QAC7B;;;;;WAAgB;QAChB;;;;;WAAsD;QACtD;;;;;WAAqC;QAiB/C;;;;WAIG;QACI;;;;mBAAY,KAAK,IAA0B,EAAE;gBAClD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,WAAW,CAAC;YAC1B,CAAC;WAAC;QAyJF,aAAa;QAEb,yBAAyB;QAEzB;;;;;;WAMG;QACI;;;;mBAAK,CACV,KAAQ,EACR,QAAsC,EACtC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;gBAE7C,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;YACxE,CAAC;WAAC;QAuDF;;;;;WAKG;QACI;;;;mBAAc,KAAK,IAAmB,EAAE;gBAC7C,MAAM,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YAC7B,CAAC;WAAC;QAEM;;;;mBAAc,KAAK,EACzB,KAAa,EACb,iBAA0B,EACX,EAAE;gBACjB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,iDAAiD;gBACjD,MAAM,YAAY,GAAG,KAAK,IAAI,CAAC,iBAAiB,CAAC;gBAEjD,MAAM,cAAc,GAAG,YAAY;oBACjC,CAAC,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,CAAC;wBACvC,IAAI,EAAE,2BAA2B;wBACjC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;wBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;wBAC/B,UAAU,EAAE;4BACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;4BACxB,SAAS,EAAE,KAAK;4BAChB,UAAU,EAAE,EAAE;yBACf;qBACF,CAAC;oBACJ,CAAC,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;wBAC5C,IAAI,EAAE,iCAAiC;wBACvC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;wBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;wBAC/B,UAAU,EAAE;4BACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;4BACxB,SAAS,EAAE,KAAK;4BAChB,iBAAiB;yBAClB;qBACF,CAAC,CAAC;gBAEP,MAAM,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE;oBAC1C,cAAc;iBACf,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,GAAG;oBACV,GAAG,IAAI,CAAC,IAAI;oBACZ,KAAK,EAAE,KAAK,IAAI,SAAS;iBAC1B,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAiB,KAAK,EAAE,GAAoB,EAAiB,EAAE;gBACpE,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE;oBACjE,KAAK,EAAE,GAAG,CAAC,EAAE;oBACb,OAAO,EAAE,GAAG,CAAC,IAAI;iBAClB,CAAC,CAAC;gBACH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAsB,iBAAiB,CAAC,CAAC;gBACtE,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;YAC3D,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoB,KAAK,IAAmB,EAAE;gBACnD,MAAM,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACnC,CAAC;WAAC;QAEM;;;;mBAAoB,KAAK,EAC/B,KAAa,EACb,iBAA0B,EACX,EAAE;gBACjB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,IAAI,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBACvC,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;gBAC5E,CAAC;gBACD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,0BAA0B,CAAC;oBACzE,IAAI,EAAE,wCAAwC;oBAC9C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,eAAe,EAAE,KAAK;wBACtB,iBAAiB;qBAClB;iBACF,CAAC,CAAC;gBACH,MAAM,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE;oBAC1C,cAAc;iBACf,CAAC,CAAC;gBACH,IAAI,CAAC,IAAI,GAAG;oBACV,GAAG,IAAI,CAAC,IAAI;oBACZ,KAAK,EAAE,KAAK,IAAI,SAAS;iBAC1B,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAU,KAAK,EACpB,IAAqB,EACrB,OAAe,EACa,EAAE;gBAC9B,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE;oBACxC,OAAO,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,cAAc;oBAC7D,OAAO;iBACR,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAa,KAAK,EAAE,OAAkC,EAAE,EAAE;gBAC/D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAC9B,MAAM,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;gBAE7C,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBACjE,IAAI,EAAE,wCAAwC;oBAC9C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,cAAc,EAAE;4BACd;gCACE,WAAW;gCACX,iBAAiB,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;gCACrD,SAAS,EACP,OAAO,SAAS,KAAK,QAAQ;oCAC3B,CAAC,CAAC,SAAS;oCACX,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC;6BACjC;yBACF;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAC5D,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,4BAA4B,CAC7B,CAAC;gBAEF,OAAO,gBAAgB,CAAC;YAC1B,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAgB,KAAK,EAAE,eAAuB,EAAiB,EAAE;gBACtE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBAC5C,IAAI,EAAE,qCAAqC;oBAC3C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,gBAAgB,EAAE,CAAC,eAAe,CAAC;qBACpC;iBACF,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAwB,KAAK,EAAE,OAAyB,SAAS,EAAE,EAAE;gBAC1E,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;gBAC9D,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBAChD,IAAI,IAAI,EAAE,CAAC;oBACT,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;oBACjB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;oBACjD,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAC/C,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;gBAClD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;gBAEnD,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAmB,KAAK,IAAI,EAAE;gBACnC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC;oBACtD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;iBACzB,CAAC,CAAC;gBACH,OAAO;oBACL,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAC9C,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC,UAAU,CAAC,CAC5C;iBACF,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAmB,KAAK,EAC7B,MAA8B,EACF,EAAE;gBAC9B,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;gBAC3C,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,yBAAyB,CAAC;oBACxE,IAAI,EAAE,sCAAsC;oBAC5C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,cAAc,EAAE,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;qBAC9C;iBACF,CAAC,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE;oBAC5D,cAAc;iBACf,CAAC,CAAC;gBACH,OAAO,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;YACpC,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAsB,KAAK,EAAE,UAAkB,EAAE,EAAE;gBACxD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,yBAAyB,CAAC;oBACxE,IAAI,EAAE,sCAAsC;oBAC5C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,WAAW,EAAE,CAAC,UAAU,CAAC;qBAC1B;iBACF,CAAC,CAAC;gBACH,MAAM,IAAI,CAAC,OAAO,CAAC,2BAA2B,EAAE,EAAE,cAAc,EAAE,CAAC,CAAC;YACtE,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAkB,KAAK,IAA0B,EAAE;gBACxD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE;oBACjD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAC1B,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAS,KAAK,EACnB,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,EACxB,OAAgB,EAChB,WAAoB,EACL,EAAE;gBACjB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBACd,OAAO,IAAI,CAAC,IAAI,CAAC;gBACnB,CAAC;gBAED,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBACvC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7D,cAAc,EAAE,KAAK;iBACtB,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC5C,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,OAAO,EAAE,CAAC;oBACZ,MAAM,MAAM,GAA4B,SAAS,CAAC,OAAO,CAAC,CAAC;oBAC3D,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;oBACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;oBACrB,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBACrC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;oBAC5B,CAAC;gBACH,CAAC;gBAED,IAAI,WAAW,EAAE,CAAC;oBAChB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;gBACjC,CAAC;gBAED,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;oBACzB,IAAI,CAAC;wBACH,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAC;6BACtD,YAAsB,CAAC;oBAC5B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,OAAO,SAAS,CAAC;oBACnB,CAAC;gBACH,CAAC,CAAC,EAAE,CAAC;gBAEL,IAAI,CAAC,IAAI,GAAG;oBACV,GAAG,IAAI;oBACP,YAAY;iBACb,CAAC;gBAEF,OAAO,IAAI,CAAC,IAAI,CAAC;YACnB,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAc,KAAK,IAA6B,EAAE;gBACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;gBAC1E,CAAC;gBAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAuB,KAAK,IAA6B,EAAE;gBAChE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;gBACJ,CAAC;gBAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBACnD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;WASG;QACI;;;;mBAA4B,KAAK,EACtC,MAAuC,EACxB,EAAE;gBACjB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;gBAClE,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC;oBAClD,IAAI,EAAE,kCAAkC;oBACxC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;oBAC5C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,OAAO,EAAE;4BACP;gCACE,UAAU,EAAE,MAAM,CAAC,IAAI;gCACvB,SAAS,EAAE,MAAM,CAAC,SAAS;gCAC3B,SAAS,EAAE,oBAAoB;gCAC/B,iBAAiB,EAAE,MAAM,CAAC,aAAa,CAAC,QAAQ,EAAE;6BACnD;yBACF;wBACD,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;qBACzB;iBACF,CAAC,CAAC;gBACH,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBACzD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoB,KAAK,EAAE,KAAa,EAAE,EAAE;gBACjD,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoB,KAAK,EAAE,KAAa,EAAE,EAAE;gBACjD,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAiB,KAAK,EAC3B,GAAQ,EACR,OAA8B,UAAU,EAC1B,EAAE;gBAChB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAClD,sGAAsG;oBACtG,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBAC9D,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EACV,IAAI,KAAK,UAAU;4BACjB,CAAC,CAAC,qBAAqB;4BACvB,CAAC,CAAC,8BAA8B;wBACpC,OAAO,EAAE,GAAG;wBACZ,QAAQ,EACN,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAc;qBACrE;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE;oBAC3D,cAAc;iBACf,CAAC,CAAC;gBAEH,OAAO,SAAS,CAAC;YACnB,CAAC;WAAC;QAEM;;;;mBAAuC,GAAG,EAAE,CAAC,CAAC;gBACpD,KAAK,EAAE,KAAK,EACV,OAAe,EAId,EAAE;oBACH,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;wBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;oBACpC,CAAC;oBAED,gGAAgG;oBAChG,mDAAmD;oBACnD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;oBAEzD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;wBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;wBAC/B,IAAI,EAAE,mCAAmC;wBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;wBAClC,UAAU,EAAE;4BACV,QAAQ,EAAE,4BAA4B;4BACtC,YAAY,EAAE,sBAAsB;4BACpC,OAAO,EAAE,OAAO;4BAChB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;yBAC5B;qBACF,CAAC,CAAC;oBAEH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE;wBAC3D,cAAc;qBACf,CAAC,CAAC;oBAEH,wDAAwD;oBACxD,MAAM,kBAAkB,GAAG,MAAM,gBAAgB,CAAC;wBAChD,IAAI,EAAE,MAAM;wBACZ,SAAS;qBACV,CAAC,CAAC;oBAEH,mEAAmE;oBACnE,+BAA+B;oBAC/B,MAAM,KAAK,GAAG;wBACZ,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;wBACpE,MAAM,EAAE,mCAAmC;wBAC3C,SAAS,EAAE,SAAS,CAAC,SAAS,CAAC,WAAW,CACxC,UAAU,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CACnC,CAAC,QAAQ,EAAE;qBACb,CAAC;oBAEF,OAAO;wBACL,eAAe,EAAE,SAAS;wBAC1B,gBAAgB,EAAE,eAAe,CAC/B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAC1C;qBACF,CAAC;gBACJ,CAAC;aACF,CAAC;WAAC;QAEK;;;;mBAA6C,GAAG,EAAE,CACxD,IAAI,aAAa,CACf,EAAE,OAAO,EAAE,yBAAyB,EAAE,EACtC,IAAI,CAAC,oCAAoC,EAAE,CAC5C;WAAC;QAEJ;;;;;;;;;WASG;QACI;;;;mBAAwC,KAAK,EAClD,GAAQ,EACR,KAAa,EACb,UAAkB,EAClB,EAAE;gBACF,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,gBAAgB,GAAG,IAAI,CAAC,0CAA0C,EAAE,CAAC;gBAE3E,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kCAAkC,EAAE;oBACxE,cAAc,EAAE,MAAM,gBAAgB,CAAC,mBAAmB,CAAC;wBACzD,cAAc,EAAE,KAAK;wBACrB,IAAI,EAAE,mCAAmC;wBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;wBAClC,UAAU,EAAE;4BACV,QAAQ,EAAE,8BAA8B;4BACxC,YAAY,EAAE,qBAAqB;4BACnC,OAAO,EAAE,GAAG;4BACZ,QAAQ,EAAE,UAAU;yBACrB;qBACF,CAAC;iBACH,CAAC,CAAC;gBAEH,OAAO,kBAAkB,CAAC;oBACxB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC;oBAC/C,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC;oBAC/C,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,+DAA+D;iBAChH,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAgC,KAAK,EAC1C,iBAA4B,EAC5B,EAAE;gBACF,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE;oBAC5D,OAAO,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,iBAAiB,CAAC,CAAC,GAAG,CACpD,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAC7C;iBACF,CAAC,CAAC;gBAEH,OAAO,QAAQ,CAAC,MAAM,CAAC;YACzB,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAA+B,KAAK,EACzC,KAAa,EACb,OAAkB,EAClB,EAAE;gBACF,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,0CAA0C,EAAE,CAAC;gBAE3E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,6BAA6B,EAAE;oBACjE,cAAc,EAAE,KAAK;oBACrB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC;iBACnE,CAAC,CAAC;gBAEH,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAC,gBAAgB,CAC5D,QAAQ,CAAC,MAAM,CAChB,CAAC;gBAEF,MAAM,EACJ,MAAM,EAAE,EAAE,uBAAuB,EAAE,GACpC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE;oBAC5C,cAAc;iBACf,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,OAAO,CAAC,oCAAoC,EAAE;oBACvD,cAAc,EAAE,MAAM,gBAAgB,CAAC,qBAAqB,CAC1D,uBAAuB,CACxB;iBACF,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoC,KAAK,EAC9C,KAAa,EACb,OAAkB,EAClB,EAAE;gBACF,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,0CAA0C,EAAE,CAAC;gBAE3E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,gCAAgC,EAAE;oBACpE,cAAc,EAAE,KAAK;oBACrB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC;iBACnE,CAAC,CAAC;gBAEH,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAC,gBAAgB,CAC5D,QAAQ,CAAC,MAAM,CAAC,oBAAoB,CACrC,CAAC;gBAEF,MAAM,IAAI,CAAC,OAAO,CAAC,oCAAoC,EAAE;oBACvD,cAAc,EAAE,MAAM,gBAAgB,CAAC,qBAAqB,CAC1D,QAAQ,CAAC,MAAM,CAAC,uBAAuB,CACxC;iBACF,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE;oBAC3C,cAAc;iBACf,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;WAIG;QACI;;;;mBAAU,GAAgB,EAAE;gBACjC,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;YAC3B,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAU,KAAK,EACpB,KAAQ,EACR,IAAmB,EACS,EAAE;gBAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,2BAA2B,CAAC;gBAExE,MAAM,QAAQ,GAAG,SAAS,CAAC;gBAE3B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC9B,OAAO,CAAC,MAAM,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;gBAClD,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;gBACnD,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC;oBACjC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC5E,CAAC;qBAAM,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC;oBACrC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,CAAC;gBACzE,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,GAAG,GAAG,QAAQ,GAAG,KAAK,EAAE,EAAE;oBACxD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;oBAC1B,OAAO;iBACR,CAAC,CAAC;gBAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBACzC,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAEnC,OAAO,IAAyB,CAAC;YACnC,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAgB,KAAK,IAEzB,EAAE;gBACH,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,IAAI;wBACzB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,EAAE;oBACjD,cAAc;iBACf,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAS,KAAK,EAAE,MAAoB,EAAyB,EAAE;gBACpE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,GAAG;wBACxB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,QAAQ,MAAM,CAAC,eAAe,EAAE,CAAC;oBAC/B,KAAK,MAAM;wBACT,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE;4BACnD,cAAc;4BACd,eAAe,EAAE,MAAM,CAAC,eAAe;yBACxC,CAAC,CAAC;oBACL;wBACE,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,CAAC,eAAe,EAAE,CACzD,CAAC;gBACN,CAAC;YACH,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAY,KAAK,EACtB,MAAuB,EACiB,EAAE;gBAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,MAAM;wBAC3B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,8BAA8B,EAAE;oBAClD,cAAc;oBACd,aAAa,EAAE,MAAM,CAAC,aAAa;oBACnC,eAAe,EAAE,MAAM,CAAC,eAAe;iBACxC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAY,KAAK,EACtB,MAAuB,EACiB,EAAE;gBAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,MAAM;wBAC3B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE;oBACnD,cAAc;oBACd,cAAc,EAAE,MAAM,CAAC,cAAc;iBACtC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAuB,KAAK,EACjC,MAAkC,EACL,EAAE;gBAC/B,kDAAkD;gBAClD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,iCAAiC,EAAE;oBACrE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;oBACzC,YAAY,EAAE,MAAM,CAAC,YAAY;iBAClC,CAAC,CAAC;gBAEH,kGAAkG;gBAClG,IAAI,CAAC,QAAQ,CAAC,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;oBAC5D,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB;iBAC1C,CAAC;YACJ,CAAC;WAAC;QAEF,aAAa;QAEb,0BAA0B;QAE1B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAgCG;QACO;;;;mBAAsB,KAAK,EACnC,IAA6B,EACZ,EAAE;gBACnB,MAAM,EACJ,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,eAAe,GAAG,IAAI,GACvB,GAAG,IAAI,CAAC;gBAET,MAAM,EACJ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,KAAK,EAAE,aAAa,EACpB,MAAM,EAAE,cAAc,EACtB,eAAe,EAAE,uBAAuB,EACxC,IAAI,EACJ,WAAW,EACX,iBAAiB,GAClB,GAAG,WAAW,CAAC;gBAEhB,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,GAChD,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAE1D,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,mBAAmB,EAAE,CAAC;gBAClC,CAAC;gBAED,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CACrC,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,EAAE,KAAK,cAAc;oBAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,CACrD,CAAC;gBAEF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAC;gBACtE,CAAC;gBAED,IAAI,KAAK,GAAuB,aAAa,CAAC;gBAC9C,IAAI,MAAM,GAAuB,cAAc,CAAC;gBAChD,IAAI,eAAe,GACjB,uBAAuB,CAAC;gBAE1B,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACtB,MAAM,oBAAoB,GACxB,+BAA+B,CAAC,cAAc,CAAC,CAAC;oBAClD,KAAK,KAAL,KAAK,GAAK,oBAAoB,EAAE,KAAK,EAAC;oBACtC,MAAM,KAAN,MAAM,GAAK,oBAAoB,EAAE,MAAM,EAAC;oBACxC,eAAe,KAAf,eAAe,GAAK,oBAAoB,EAAE,eAAe,EAAC;gBAC5D,CAAC;gBACD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,wCAAwC,cAAc,EAAE,CAAC,CAAC;gBAC5E,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,YAAY,CAAC;gBAEhD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBACnD,MAAM,WAAW,GAAe;oBAC9B,cAAc;oBACd,gBAAgB;oBAChB,UAAU;oBACV,gBAAgB;oBAChB,iBAAiB;oBACjB,WAAW,EACT,IAAI,KAAK,UAAU;wBACjB,CAAC,CAAC,eAAe;4BACf,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC;4BACjC,CAAC,CAAC,WAAW;wBACf,CAAC,CAAC,SAAS;oBACf,YAAY,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;oBACnE,gBAAgB,EAAE,WAAW,CAAC,gBAAgB;iBAC/C,CAAC;gBACF,MAAM,KAAK,GAAG,eAAe,CAC3B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAC7D,CAAC;gBACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;gBACtC,MAAM,MAAM,GAA2B;oBACrC,YAAY,EAAE,gBAAgB;oBAC9B,aAAa,EAAE,MAAM;oBACrB,KAAK;oBACL,KAAK;oBACL,cAAc,EAAE,aAAa;oBAC7B,qBAAqB,EAAE,MAAM;oBAC7B,MAAM,EAAE,gBAAgB;oBACxB,SAAS,EAAE,QAAQ;oBACnB,KAAK;oBACL,GAAG,eAAe;iBACnB,CAAC;gBACF,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBACzB,CAAC;gBACD,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,CAAC,UAAU,GAAG,eAAe,CAAC;gBACtC,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBACpC,MAAM,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrE,CAAC,CAAC,CAAC;gBAEH,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAExD,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,YAAY,EAAE,CAAC;YAC1D,CAAC;WAAC;QAEM;;;;mBAAwB,KAAK,EACnC,IAAe,EACO,EAAE;gBACxB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC,WAAW,CAAC;gBAC1B,CAAC;qBAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/B,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,+HAA+H,CAChI,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEF,8EAA8E;QACpE;;;;mBAAyB,KAAK,EAKtC,QAEa,EACb,cAAsB,EACtB,SAAY,EAOZ,EAAE;gBACF,IAAI,QAAQ,CAAC,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBACpD,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAE,CAAC;gBACrC,CAAC;gBAED,MAAM,EACJ,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GACjC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC;oBACvC,UAAU,EAAE,QAAQ,CAAC,EAAE;oBACvB,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBAC3C,OAAO,MAAM,CAAC,SAAS,CAAE,CAAC;gBAC5B,CAAC;gBAED,IACE,MAAM,KAAK,wBAAwB;oBACnC,MAAM,KAAK,0BAA0B;oBACrC,MAAM,KAAK,kCAAkC,EAC7C,CAAC;oBACD,MAAM,IAAI,KAAK,CACb,uCAAuC,EAAE,aAAa,MAAM,GAAG,CAChE,CAAC;gBACJ,CAAC;gBAED,gEAAgE;gBAChE,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC;YAC1E,CAAC;WAAC;QACF,aAAa;QAEb;;;;;WAKG;QACO;;;;mBAAgB,CAAC,gBAAwB,EAAU,EAAE;gBAC7D,OAAO,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrE,CAAC;WAAC;QAr1CA,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,SAAS,IAAI,sCAAsC,CAAC;QACnE,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,EAA6B,CAAC;QAClE,IAAI,CAAC,gBAAgB,GAAG,sBAAsB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CACpC,EAAE,OAAO,EAAE,yBAAyB,EAAE,EACtC,OAAO,CACR,CAAC;IACJ,CAAC;IAYD,IAAc,IAAI;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAc,IAAI,CAAC,IAAsB;QACvC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC;QAChC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC5C,CAAC;aAAM,IAAI,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC;YACjC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACO,UAAU,CAAC,OAAiC;QACpD,IAAI,CAAC,aAAa,CAAC,OAAO,GAAG,OAAO,CAAC;IACvC,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,aAAa,CACxB,MAA2B;QAE3B,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC1D,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC;YACvD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAElD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;gBAChD,KAAK;gBACL,SAAS;gBACT,eAAe,EAAE,SAAS;gBAC1B,iBAAiB;gBACjB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ,EAAE;aAClD,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YAC1B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC1D,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;YACzB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAElD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;gBAChD,KAAK;gBACL,eAAe,EAAE,SAAS;aAC3B,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC9D,gCAAgC;QAChC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,MAAM,CAAC,YAAY,EACnB,EAAE,QAAQ,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CACjE,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;YAC9C,OAAO,EAAE;gBACP,SAAS,EACP,OAAO,SAAS,KAAK,QAAQ;oBAC3B,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,eAAe,CAAC,SAAS,CAAC;gBAChC,WAAW;aACZ;YACD,KAAK,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACpD,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,GAAG;YACV,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,OAAO,EAAE,MAAM,CAAC,OAAQ;YACxB,MAAM,EAAE,MAAM,CAAC,MAAO;YACtB,YAAY,EAAE,WAAW,CAAC,YAAY;YACtC,aAAa,EAAE,MAAM,CAAC,aAAa;SACpC,CAAC;QACF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QACzD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,MAAM,CAAC;IAChB,CAAC;IA2GD;;;;;OAKG;IACI,KAAK,CAAC,QAAQ,CAAC,MAAgC;QACpD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,kCAAkC;YAClC,MAAM,OAAO,GAAG,MAAM,CAAC;YACvB,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAChC,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE;YACjE,KAAK,EAAE,MAAM,CAAC,EAAE;YAChB,OAAO,EAAE,MAAM,CAAC,IAAI;SACrB,CAAC,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAsB,iBAAiB,CAAC,CAAC;QACtE,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACnD,OAAO,OAAO,CAAC;IACjB,CAAC;CAomCF","sourcesContent":["import { ConnectionConfigSchema, type ConnectionConfig } from \"@aa-sdk/core\";\nimport { TurnkeyClient, type TSignedRequest } from \"@turnkey/http\";\nimport EventEmitter from \"eventemitter3\";\nimport { jwtDecode } from \"jwt-decode\";\nimport {\n hexToBytes,\n recoverPublicKey,\n serializeSignature,\n sha256,\n type Address,\n type Hex,\n} from \"viem\";\nimport { NotAuthenticatedError, OAuthProvidersError } from \"../errors.js\";\nimport { getDefaultProviderCustomization } from \"../oauth.js\";\nimport type { OauthMode } from \"../signer.js\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { resolveRelativeUrl } from \"../utils/resolveRelativeUrl.js\";\nimport type {\n AlchemySignerClientEvent,\n AlchemySignerClientEvents,\n AuthenticatingEventMetadata,\n CreateAccountParams,\n RemoveMfaParams,\n EmailAuthParams,\n AddMfaParams,\n AddMfaResult,\n experimental_CreateApiKeyParams,\n GetOauthProviderUrlArgs,\n GetWebAuthnAttestationResult,\n MfaFactor,\n JwtParams,\n JwtResponse,\n OauthConfig,\n OauthParams,\n OauthState,\n OtpParams,\n SignerBody,\n SignerResponse,\n SignerRoutes,\n SignupResponse,\n User,\n VerifyMfaParams,\n SubmitOtpCodeResponse,\n ValidateMultiFactorsParams,\n AuthLinkingPrompt,\n AddOauthProviderParams,\n CredentialCreationOptionOverrides,\n OauthProviderInfo,\n IdTokenOnly,\n AuthMethods,\n SmsAuthParams,\n VerificationOtp,\n} from \"./types.js\";\nimport { VERSION } from \"../version.js\";\nimport { secp256k1 } from \"@noble/curves/secp256k1\";\nimport { Point } from \"@noble/secp256k1\";\n\nexport interface BaseSignerClientParams {\n stamper: TurnkeyClient[\"stamper\"];\n connection: ConnectionConfig;\n rootOrgId?: string;\n rpId?: string;\n}\n\nexport type ExportWalletStamper = TurnkeyClient[\"stamper\"] & {\n injectWalletExportBundle(bundle: string, orgId: string): Promise<boolean>;\n injectKeyExportBundle(bundle: string, orgId: string): Promise<boolean>;\n publicKey(): string | null;\n};\n\nconst MFA_PAYLOAD = {\n GET: \"get_mfa\",\n ADD: \"add_mfa\",\n DELETE: \"delete_mfas\",\n VERIFY: \"verify_mfa\",\n LIST: \"list_mfas\",\n} as const;\n\nconst withHexPrefix = (hex: string) => `0x${hex}` as const;\n\n/**\n * Base class for all Alchemy Signer clients\n */\nexport abstract class BaseSignerClient<\n TExportWalletParams = unknown,\n TExportWalletOutput = unknown,\n> {\n private _user: User | undefined;\n private connectionConfig: ConnectionConfig;\n protected turnkeyClient: TurnkeyClient;\n protected rootOrg: string;\n protected eventEmitter: EventEmitter<AlchemySignerClientEvents>;\n protected oauthConfig: OauthConfig | undefined;\n /**\n * Create a new instance of the Alchemy Signer client\n *\n * @param {BaseSignerClientParams} params the parameters required to create the client\n */\n constructor(params: BaseSignerClientParams) {\n const { stamper, connection, rootOrgId } = params;\n this.rootOrg = rootOrgId ?? \"24c1acf5-810f-41e0-a503-d5d13fa8e830\";\n this.eventEmitter = new EventEmitter<AlchemySignerClientEvents>();\n this.connectionConfig = ConnectionConfigSchema.parse(connection);\n this.turnkeyClient = new TurnkeyClient(\n { baseUrl: \"https://api.turnkey.com\" },\n stamper,\n );\n }\n\n /**\n * Asynchronously fetches and sets the OAuth configuration.\n *\n * @returns {Promise<OauthConfig>} A promise that resolves to the OAuth configuration\n */\n public initOauth = async (): Promise<OauthConfig> => {\n this.oauthConfig = await this.getOauthConfig();\n return this.oauthConfig;\n };\n\n protected get user() {\n return this._user;\n }\n\n protected set user(user: User | undefined) {\n const previousUser = this._user;\n this._user = user;\n if (user && !previousUser) {\n this.eventEmitter.emit(\"connected\", user);\n } else if (!user && previousUser) {\n this.eventEmitter.emit(\"disconnected\");\n }\n }\n\n /**\n * Sets the stamper of the TurnkeyClient.\n *\n * @param {TurnkeyClient[\"stamper\"]} stamper the stamper function to set for the TurnkeyClient\n */\n protected setStamper(stamper: TurnkeyClient[\"stamper\"]) {\n this.turnkeyClient.stamper = stamper;\n }\n\n /**\n * Authenticates the user by either email or passkey account creation flow. Emits events during the process.\n *\n * @param {CreateAccountParams} params The parameters for creating an account, including the type (email or passkey) and additional details.\n * @returns {Promise<SignupResponse>} A promise that resolves with the response object containing the account creation result.\n */\n public async createAccount(\n params: CreateAccountParams,\n ): Promise<SignupResponse> {\n if (params.type === \"email\") {\n this.eventEmitter.emit(\"authenticating\", { type: \"otp\" });\n const { email, emailMode, expirationSeconds } = params;\n const publicKey = await this.initSessionStamper();\n\n const response = await this.request(\"/v1/signup\", {\n email,\n emailMode,\n targetPublicKey: publicKey,\n expirationSeconds,\n redirectParams: params.redirectParams?.toString(),\n });\n\n return response;\n }\n\n if (params.type === \"sms\") {\n this.eventEmitter.emit(\"authenticating\", { type: \"otp\" });\n const { phone } = params;\n const publicKey = await this.initSessionStamper();\n\n const response = await this.request(\"/v1/signup\", {\n phone,\n targetPublicKey: publicKey,\n });\n return response;\n }\n\n this.eventEmitter.emit(\"authenticating\", { type: \"passkey\" });\n // Passkey account creation flow\n const { attestation, challenge } = await this.getWebAuthnAttestation(\n params.creationOpts,\n { username: \"email\" in params ? params.email : params.username },\n );\n\n const result = await this.request(\"/v1/signup\", {\n passkey: {\n challenge:\n typeof challenge === \"string\"\n ? challenge\n : base64UrlEncode(challenge),\n attestation,\n },\n email: \"email\" in params ? params.email : undefined,\n });\n\n this.user = {\n orgId: result.orgId,\n address: result.address!,\n userId: result.userId!,\n credentialId: attestation.credentialId,\n solanaAddress: result.solanaAddress,\n };\n this.initWebauthnStamper(this.user, params.creationOpts);\n this.eventEmitter.emit(\"connectedPasskey\", this.user);\n\n return result;\n }\n\n // #region ABSTRACT METHODS\n\n public abstract initEmailAuth(\n params: Omit<EmailAuthParams, \"targetPublicKey\">,\n ): Promise<{ orgId: string; otpId?: string; multiFactors?: MfaFactor[] }>;\n\n public abstract initSmsAuth(\n params: Omit<SmsAuthParams, \"targetPublicKey\">,\n ): Promise<{ orgId: string; otpId?: string }>;\n\n public abstract completeAuthWithBundle(params: {\n bundle: string;\n orgId: string;\n connectedEventName: keyof AlchemySignerClientEvents;\n authenticatingType: AuthenticatingEventMetadata[\"type\"];\n idToken?: string;\n accessToken?: string;\n }): Promise<User>;\n\n public abstract oauthWithRedirect(\n args: Extract<OauthParams, { mode: \"redirect\" }>,\n ): Promise<User | IdTokenOnly>;\n\n public abstract oauthWithPopup(\n args: Extract<OauthParams, { mode: \"popup\" }>,\n ): Promise<User | AuthLinkingPrompt | IdTokenOnly>;\n\n public abstract submitOtpCode(\n args: Omit<OtpParams, \"targetPublicKey\">,\n ): Promise<SubmitOtpCodeResponse>;\n\n public abstract submitJwt(\n args: Omit<JwtParams, \"targetPublicKey\">,\n ): Promise<JwtResponse>;\n\n public abstract disconnect(): Promise<void>;\n\n public abstract exportWallet(\n params: TExportWalletParams,\n ): Promise<TExportWalletOutput>;\n\n public abstract targetPublicKey(): Promise<string>;\n\n protected abstract getOauthConfig(): Promise<OauthConfig>;\n\n protected abstract getWebAuthnAttestation(\n options?: CredentialCreationOptionOverrides,\n userDetails?: { username: string },\n ): Promise<GetWebAuthnAttestationResult>;\n\n /**\n * Initializes the session stamper and returns its public key.\n */\n protected abstract initSessionStamper(): Promise<string>;\n\n protected abstract initWebauthnStamper(\n user: User | undefined,\n options: CredentialCreationOptionOverrides | undefined,\n ): Promise<void>;\n\n // #endregion\n\n // #region PUBLIC METHODS\n\n /**\n * Listen to events emitted by the client\n *\n * @param {AlchemySignerClientEvent} event the event you want to listen to\n * @param {AlchemySignerClientEvents[AlchemySignerClientEvent]} listener the callback function to execute when an event is fired\n * @returns {() => void} a function that will remove the listener when called\n */\n public on = <E extends AlchemySignerClientEvent>(\n event: E,\n listener: AlchemySignerClientEvents[E],\n ) => {\n this.eventEmitter.on(event, listener as any);\n\n return () => this.eventEmitter.removeListener(event, listener as any);\n };\n\n /**\n * Sets the email for the authenticated user, allowing them to login with that\n * email.\n *\n * @deprecated You must contact Alchemy to enable this feature for your team,\n * as there are important security considerations. In particular, you must not\n * call this without first validating that the user owns this email account.\n * Recommended to use the email verification flow instead.\n *\n * @param {string} email The email to set for the user\n * @returns {Promise<void>} A promise that resolves to the updated email\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public setEmail(email: string): Promise<string>;\n\n /**\n * Sets the email for the authenticated user, allowing them to login with that\n * email. Must be called after calling `initOtp` with the email.\n *\n * @param {VerificationOtp} otp The OTP verification object including the OTP ID and OTP code\n * @returns {Promise<void>} A promise that resolves to the updated email\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public setEmail(otp: VerificationOtp): Promise<string>;\n\n /**\n * Implementation for setEmail method with optional OTP verification.\n *\n * @param {string | VerificationOtp} params An OTP object containing the OTP ID & OTP code (or an email address for legacy usage)\n * @returns {Promise<void>} A promise that resolves to the updated email address\n */\n public async setEmail(params: string | VerificationOtp): Promise<string> {\n if (typeof params === \"string\") {\n // Legacy use, requires team flag.\n const contact = params;\n if (!contact) {\n throw new Error(\n \"Email must not be empty. Use removeEmail() to remove email auth.\",\n );\n }\n await this.updateEmail(contact);\n return contact;\n }\n\n const { verificationToken } = await this.request(\"/v1/verify-otp\", {\n otpId: params.id,\n otpCode: params.code,\n });\n const { contact } = jwtDecode<{ contact: string }>(verificationToken);\n await this.updateEmail(contact, verificationToken);\n return contact;\n }\n\n /**\n * Removes the email for the authenticated user, disallowing them from login with that email.\n *\n * @returns {Promise<string>} A promise that resolves when the email is removed\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public removeEmail = async (): Promise<void> => {\n await this.updateEmail(\"\");\n };\n\n private updateEmail = async (\n email: string,\n verificationToken?: string,\n ): Promise<void> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n // Unverified use is legacy & requires team flag.\n const isUnverified = email && !verificationToken;\n\n const stampedRequest = isUnverified\n ? await this.turnkeyClient.stampUpdateUser({\n type: \"ACTIVITY_TYPE_UPDATE_USER\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n userEmail: email,\n userTagIds: [],\n },\n })\n : await this.turnkeyClient.stampUpdateUserEmail({\n type: \"ACTIVITY_TYPE_UPDATE_USER_EMAIL\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n userEmail: email,\n verificationToken,\n },\n });\n\n await this.request(\"/v1/update-email-auth\", {\n stampedRequest,\n });\n this.user = {\n ...this.user,\n email: email || undefined,\n };\n };\n\n /**\n * Updates the phone number for the authenticated user, allowing them to login with that\n * phone number. Must be called after calling `initOtp` with the phone number.\n *\n * @param {VerificationOtp} otp The OTP object including the OTP ID and OTP code\n * @returns {Promise<void>} A promise that resolves when the phone number is set\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public setPhoneNumber = async (otp: VerificationOtp): Promise<void> => {\n const { verificationToken } = await this.request(\"/v1/verify-otp\", {\n otpId: otp.id,\n otpCode: otp.code,\n });\n const { contact } = jwtDecode<{ contact: string }>(verificationToken);\n await this.updatePhoneNumber(contact, verificationToken);\n };\n\n /**\n * Removes the phone number for the authenticated user, disallowing them from login with that phone number.\n *\n * @returns {Promise<void>} A promise that resolves when the phone number is removed\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public removePhoneNumber = async (): Promise<void> => {\n await this.updatePhoneNumber(\"\");\n };\n\n private updatePhoneNumber = async (\n phone: string,\n verificationToken?: string,\n ): Promise<void> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n if (phone.trim() && !verificationToken) {\n throw new Error(\"Verification token is required to change phone number.\");\n }\n const stampedRequest = await this.turnkeyClient.stampUpdateUserPhoneNumber({\n type: \"ACTIVITY_TYPE_UPDATE_USER_PHONE_NUMBER\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n userPhoneNumber: phone,\n verificationToken,\n },\n });\n await this.request(\"/v1/update-phone-auth\", {\n stampedRequest,\n });\n this.user = {\n ...this.user,\n phone: phone || undefined,\n };\n };\n\n /**\n * Initiates an OTP (One-Time Password) verification process for a user contact.\n *\n * @param {(\"email\" | \"sms\")} type - The type of OTP to send, either \"email\" or \"sms\"\n * @param {string} contact - The email address or phone number to send the OTP to\n * @returns {Promise<{ otpId: string }>} A promise that resolves to an object containing the OTP ID\n * @throws {NotAuthenticatedError} When no user is currently authenticated\n */\n public initOtp = async (\n type: \"email\" | \"sms\",\n contact: string,\n ): Promise<{ otpId: string }> => {\n return await this.request(\"/v1/init-otp\", {\n otpType: type === \"email\" ? \"OTP_TYPE_EMAIL\" : \"OTP_TYPE_SMS\",\n contact,\n });\n };\n\n /**\n * Handles the creation of authenticators using WebAuthn attestation and the provided options. Requires the user to be authenticated.\n *\n * @param {CredentialCreationOptions} options The options used to create the WebAuthn attestation\n * @returns {Promise<string[]>} A promise that resolves to an array of authenticator IDs\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public addPasskey = async (options: CredentialCreationOptions) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const { attestation, challenge } =\n await this.getWebAuthnAttestation(options);\n\n const { activity } = await this.turnkeyClient.createAuthenticators({\n type: \"ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n authenticators: [\n {\n attestation,\n authenticatorName: `passkey-${Date.now().toString()}`,\n challenge:\n typeof challenge === \"string\"\n ? challenge\n : base64UrlEncode(challenge),\n },\n ],\n },\n });\n\n const { authenticatorIds } = await this.pollActivityCompletion(\n activity,\n this.user.orgId,\n \"createAuthenticatorsResult\",\n );\n\n return authenticatorIds;\n };\n\n /**\n * Removes a passkey authenticator from the user's account.\n *\n * @param {string} authenticatorId The ID of the authenticator to remove.\n * @returns {Promise<void>} A promise that resolves when the authenticator is removed.\n * @throws {NotAuthenticatedError} If the user is not authenticated.\n */\n public removePasskey = async (authenticatorId: string): Promise<void> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n await this.turnkeyClient.deleteAuthenticators({\n type: \"ACTIVITY_TYPE_DELETE_AUTHENTICATORS\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n authenticatorIds: [authenticatorId],\n },\n });\n };\n\n /**\n * Asynchronously handles the authentication process using WebAuthn Stamper. If a user is provided, sets the user and returns it. Otherwise, retrieves the current user and initializes the WebAuthn stamper.\n *\n * @param {User} [user] An optional user object to authenticate\n * @returns {Promise<User>} A promise that resolves to the authenticated user object\n */\n public lookupUserWithPasskey = async (user: User | undefined = undefined) => {\n this.eventEmitter.emit(\"authenticating\", { type: \"passkey\" });\n await this.initWebauthnStamper(user, undefined);\n if (user) {\n this.user = user;\n this.eventEmitter.emit(\"connectedPasskey\", user);\n return user;\n }\n\n const result = await this.whoami(this.rootOrg);\n await this.initWebauthnStamper(result, undefined);\n this.eventEmitter.emit(\"connectedPasskey\", result);\n\n return result;\n };\n\n /**\n * Retrieves the status of the passkey for the current user. Requires the user to be authenticated.\n *\n * @returns {Promise<{ isPasskeyAdded: boolean }>} A promise that resolves to an object containing the passkey status\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public getPasskeyStatus = async () => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const resp = await this.turnkeyClient.getAuthenticators({\n organizationId: this.user.orgId,\n userId: this.user.userId,\n });\n return {\n isPasskeyAdded: resp.authenticators.some((it) =>\n it.authenticatorName.startsWith(\"passkey-\"),\n ),\n };\n };\n\n /**\n * Adds an OAuth provider for the authenticated user using the provided parameters. Throws an error if the user is not authenticated.\n *\n * @param {AddOauthProviderParams} params The parameters for adding an OAuth provider, including `providerName` and `oidcToken`.\n * @throws {NotAuthenticatedError} Throws if the user is not authenticated.\n * @returns {Promise<void>} A Promise that resolves when the OAuth provider is added.\n */\n public addOauthProvider = async (\n params: AddOauthProviderParams,\n ): Promise<OauthProviderInfo> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const { providerName, oidcToken } = params;\n const stampedRequest = await this.turnkeyClient.stampCreateOauthProviders({\n type: \"ACTIVITY_TYPE_CREATE_OAUTH_PROVIDERS\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n oauthProviders: [{ providerName, oidcToken }],\n },\n });\n const response = await this.request(\"/v1/add-oauth-provider\", {\n stampedRequest,\n });\n return response.oauthProviders[0];\n };\n\n /**\n * Deletes a specified OAuth provider for the authenticated user.\n *\n * @param {string} providerId The ID of the provider to be deleted\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public removeOauthProvider = async (providerId: string) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const stampedRequest = await this.turnkeyClient.stampDeleteOauthProviders({\n type: \"ACTIVITY_TYPE_DELETE_OAUTH_PROVIDERS\",\n timestampMs: Date.now().toString(),\n organizationId: this.user.orgId,\n parameters: {\n userId: this.user.userId,\n providerIds: [providerId],\n },\n });\n await this.request(\"/v1/remove-oauth-provider\", { stampedRequest });\n };\n\n /**\n * Retrieves the list of authentication methods for the current user.\n *\n * @returns {Promise<AuthMethods>} A promise that resolves to the list of authentication methods\n * @throws {NotAuthenticatedError} If the user is not authenticated\n */\n public listAuthMethods = async (): Promise<AuthMethods> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n return await this.request(\"/v1/list-auth-methods\", {\n suborgId: this.user.orgId,\n });\n };\n\n /**\n * Retrieves the current user or fetches the user information if not already available.\n *\n * @param {string} [orgId] optional organization ID, defaults to the user's organization ID\n * @param {string} idToken an OIDC ID token containing additional user information\n * @param {string} accessToken an access token which if provided will be added to the user\n * @returns {Promise<User>} A promise that resolves to the user object\n * @throws {Error} if no organization ID is provided when there is no current user\n */\n public whoami = async (\n orgId = this.user?.orgId,\n idToken?: string,\n accessToken?: string,\n ): Promise<User> => {\n if (this.user) {\n return this.user;\n }\n\n if (!orgId) {\n throw new Error(\"No orgId provided\");\n }\n\n const stampedRequest = await this.turnkeyClient.stampGetWhoami({\n organizationId: orgId,\n });\n\n const user = await this.request(\"/v1/whoami\", {\n stampedRequest,\n });\n\n if (idToken) {\n const claims: Record<string, unknown> = jwtDecode(idToken);\n user.idToken = idToken;\n user.claims = claims;\n if (typeof claims.email === \"string\") {\n user.email = claims.email;\n }\n }\n\n if (accessToken) {\n user.accessToken = accessToken;\n }\n\n const credentialId = (() => {\n try {\n return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n .credentialId as string;\n } catch (e) {\n return undefined;\n }\n })();\n\n this.user = {\n ...user,\n credentialId,\n };\n\n return this.user;\n };\n\n /**\n * Generates a stamped whoami request for the current user. This request can then be used to call /signer/v1/whoami to get the user information.\n * This is useful if you want to get the user information in a different context like a server. You can pass the stamped request to the server\n * and then call our API to get the user information. Using this stamp is the most trusted way to get the user information since a stamp can only\n * belong to the user who created it.\n *\n * @returns {Promise<TSignedRequest>} a promise that resolves to the \"whoami\" information for the logged in user\n * @throws {Error} if no organization ID is provided\n */\n public stampWhoami = async (): Promise<TSignedRequest> => {\n if (!this.user) {\n throw new Error(\"User must be authenticated to stamp a whoami request\");\n }\n\n return await this.turnkeyClient.stampGetWhoami({\n organizationId: this.user.orgId,\n });\n };\n\n /**\n * Generates a stamped getOrganization request for the current user.\n *\n * @returns {Promise<TSignedRequest>} a promise that resolves to the \"getOrganization\" information for the logged in user\n * @throws {Error} if no user is authenticated\n */\n public stampGetOrganization = async (): Promise<TSignedRequest> => {\n if (!this.user) {\n throw new Error(\n \"User must be authenticated to stamp a get organization request\",\n );\n }\n\n return await this.turnkeyClient.stampGetOrganization({\n organizationId: this.user.orgId,\n });\n };\n\n /**\n * Creates an API key that can take any action on behalf of the current user.\n * (Note that this method is currently experimental and is subject to change.)\n *\n * @param {CreateApiKeyParams} params Parameters for creating the API key.\n * @param {string} params.name Name of the API key.\n * @param {string} params.publicKey Public key to be used for the API key.\n * @param {number} params.expirationSec Number of seconds until the API key expires.\n * @throws {Error} If there is no authenticated user or the API key creation fails.\n */\n public experimental_createApiKey = async (\n params: experimental_CreateApiKeyParams,\n ): Promise<void> => {\n if (!this.user) {\n throw new Error(\"User must be authenticated to create api key\");\n }\n const resp = await this.turnkeyClient.createApiKeys({\n type: \"ACTIVITY_TYPE_CREATE_API_KEYS_V2\",\n timestampMs: new Date().getTime().toString(),\n organizationId: this.user.orgId,\n parameters: {\n apiKeys: [\n {\n apiKeyName: params.name,\n publicKey: params.publicKey,\n curveType: \"API_KEY_CURVE_P256\",\n expirationSeconds: params.expirationSec.toString(),\n },\n ],\n userId: this.user.userId,\n },\n });\n if (resp.activity.status !== \"ACTIVITY_STATUS_COMPLETED\") {\n throw new Error(\"Failed to create api key\");\n }\n };\n\n /**\n * Looks up information based on an email address.\n *\n * @param {string} email the email address to look up\n * @returns {Promise<any>} the result of the lookup request\n */\n public lookupUserByEmail = async (email: string) => {\n return this.request(\"/v1/lookup\", { email });\n };\n\n /**\n * Looks up information based on a phone number.\n *\n * @param {string} phone the phone number to look up\n * @returns {Promise<any>} the result of the lookup request\n */\n public lookupUserByPhone = async (phone: string) => {\n return this.request(\"/v1/lookup\", { phone });\n };\n\n /**\n * This will sign a message with the user's private key, without doing any transformations on the message.\n * For SignMessage or SignTypedData, the caller should hash the message before calling this method and pass\n * that result here.\n *\n * @param {Hex} msg the hex representation of the bytes to sign\n * @param {string} mode specify if signing should happen for solana or ethereum\n * @returns {Promise<Hex>} the signature over the raw hex\n */\n public signRawMessage = async (\n msg: Hex,\n mode: \"SOLANA\" | \"ETHEREUM\" = \"ETHEREUM\",\n ): Promise<Hex> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n if (!this.user.solanaAddress && mode === \"SOLANA\") {\n // TODO: we need to add backwards compatibility for users who signed up before we added Solana support\n throw new Error(\"No Solana address available for the user\");\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction:\n mode === \"ETHEREUM\"\n ? \"HASH_FUNCTION_NO_OP\"\n : \"HASH_FUNCTION_NOT_APPLICABLE\",\n payload: msg,\n signWith:\n mode === \"ETHEREUM\" ? this.user.address : this.user.solanaAddress!,\n },\n });\n\n const { signature } = await this.request(\"/v1/sign-payload\", {\n stampedRequest,\n });\n\n return signature;\n };\n\n private experimental_createMultiOwnerStamper = () => ({\n stamp: async (\n request: string,\n ): Promise<{\n stampHeaderName: string;\n stampHeaderValue: string;\n }> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n // we need this later to recover the public key from the signature, so we don't let turnkey hash\n // this for us and pass HASH_FUNCTION_NO_OP instead\n const hashed = sha256(new TextEncoder().encode(request));\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_TEXT_UTF8\",\n hashFunction: \"HASH_FUNCTION_SHA256\",\n payload: request,\n signWith: this.user.address,\n },\n });\n\n const { signature } = await this.request(\"/v1/sign-payload\", {\n stampedRequest,\n });\n\n // recover the public key, we can't just use the address\n const recoveredPublicKey = await recoverPublicKey({\n hash: hashed,\n signature,\n });\n\n // compute the stamp over the original payload using this signature\n // the format here is important\n const stamp = {\n publicKey: Point.fromHex(hexToBytes(recoveredPublicKey)).toHex(true),\n scheme: \"SIGNATURE_SCHEME_TK_API_SECP256K1\",\n signature: secp256k1.Signature.fromCompact(\n hexToBytes(signature).slice(0, 64),\n ).toDERHex(),\n };\n\n return {\n stampHeaderName: \"X-Stamp\",\n stampHeaderValue: base64UrlEncode(\n Buffer.from(JSON.stringify(stamp)).buffer,\n ),\n };\n },\n });\n\n private experimental_createMultiOwnerTurnkeyClient = () =>\n new TurnkeyClient(\n { baseUrl: \"https://api.turnkey.com\" },\n this.experimental_createMultiOwnerStamper(),\n );\n\n /**\n * This will sign on behalf of the multi-owner org, without doing any transformations on the message.\n * For SignMessage or SignTypedData, the caller should hash the message before calling this method and pass\n * that result here.\n *\n * @param {Hex} msg the hex representation of the bytes to sign\n * @param {string} orgId orgId of the multi-owner org to sign on behalf of\n * @param {string} orgAddress address of the multi-owner org to sign on behalf of\n * @returns {Promise<Hex>} the signature over the raw hex\n */\n public experimental_multiOwnerSignRawMessage = async (\n msg: Hex,\n orgId: string,\n orgAddress: string,\n ) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n const multiOwnerClient = this.experimental_createMultiOwnerTurnkeyClient();\n\n const { result } = await this.request(\"/v1/multi-owner-sign-raw-payload\", {\n stampedRequest: await multiOwnerClient.stampSignRawPayload({\n organizationId: orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: msg,\n signWith: orgAddress,\n },\n }),\n });\n\n return serializeSignature({\n r: withHexPrefix(result.signRawPayloadResult.r),\n s: withHexPrefix(result.signRawPayloadResult.s),\n yParity: Number(result.signRawPayloadResult.v), // this is not actually a legacy v value, it's the y parity bit\n });\n };\n\n /**\n * This will create a multi-owner account with the current user and additional specified signers\n *\n * @param {Address[]} additionalMembers members to add, aside from the currently authenticated user\n * @returns {Promise<SignerResponse<\"/v1/multi-owner-create\">['result']>} created multi-owner account\n */\n public experimental_createMultiOwner = async (\n additionalMembers: Address[],\n ) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const response = await this.request(\"/v1/multi-owner-create\", {\n members: [this.user.address, ...additionalMembers].map(\n (evmSignerAddress) => ({ evmSignerAddress }),\n ),\n });\n\n return response.result;\n };\n\n /**\n * This will add additional members to an existing multi-sig account\n *\n * @param {string} orgId orgId of the multi-sig to add members to\n * @param {Address[]} members the addresses of the members to add\n */\n public experimental_addToMultiOwner = async (\n orgId: string,\n members: Address[],\n ) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const multiOwnerClient = this.experimental_createMultiOwnerTurnkeyClient();\n\n const prepared = await this.request(\"/v1/multi-owner-prepare-add\", {\n organizationId: orgId,\n members: members.map((evmSignerAddress) => ({ evmSignerAddress })),\n });\n\n const stampedRequest = await multiOwnerClient.stampCreateUsers(\n prepared.result,\n );\n\n const {\n result: { updateRootQuorumRequest },\n } = await this.request(\"/v1/multi-owner-add\", {\n stampedRequest,\n });\n\n await this.request(\"/v1/multi-owner-update-root-quorum\", {\n stampedRequest: await multiOwnerClient.stampUpdateRootQuorum(\n updateRootQuorumRequest,\n ),\n });\n };\n\n /**\n * This will remove members from an existing multi-sig account\n *\n * @param {string} orgId orgId of the multi-sig to remove members from\n * @param {Address[]} members the addresses of the members to remove\n */\n public experimental_deleteFromMultiOwner = async (\n orgId: string,\n members: Address[],\n ) => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const multiOwnerClient = this.experimental_createMultiOwnerTurnkeyClient();\n\n const prepared = await this.request(\"/v1/multi-owner-prepare-delete\", {\n organizationId: orgId,\n members: members.map((evmSignerAddress) => ({ evmSignerAddress })),\n });\n\n const stampedRequest = await multiOwnerClient.stampDeleteUsers(\n prepared.result.deleteMembersRequest,\n );\n\n await this.request(\"/v1/multi-owner-update-root-quorum\", {\n stampedRequest: await multiOwnerClient.stampUpdateRootQuorum(\n prepared.result.updateRootQuorumRequest,\n ),\n });\n\n await this.request(\"/v1/multi-owner-delete\", {\n stampedRequest,\n });\n };\n\n /**\n * Returns the current user or null if no user is set.\n *\n * @returns {User | null} the current user object or null if no user is available\n */\n public getUser = (): User | null => {\n return this.user ?? null;\n };\n\n /**\n * Sends a POST request to the given signer route with the specified body and returns the response.\n * Not intended to be used directly, use the specific methods instead on the client instead.\n *\n * @param {SignerRoutes} route The route to which the request should be sent\n * @param {SignerBody<R>} body The request body containing the data to be sent\n * @returns {Promise<SignerResponse<R>>} A promise that resolves to the response from the signer\n */\n public request = async <R extends SignerRoutes>(\n route: R,\n body: SignerBody<R>,\n ): Promise<SignerResponse<R>> => {\n const url = this.connectionConfig.rpcUrl ?? \"https://api.g.alchemy.com\";\n\n const basePath = \"/signer\";\n\n const headers = new Headers();\n headers.append(\"Alchemy-AA-Sdk-Version\", VERSION);\n headers.append(\"Content-Type\", \"application/json\");\n if (this.connectionConfig.apiKey) {\n headers.append(\"Authorization\", `Bearer ${this.connectionConfig.apiKey}`);\n } else if (this.connectionConfig.jwt) {\n headers.append(\"Authorization\", `Bearer ${this.connectionConfig.jwt}`);\n }\n\n const response = await fetch(`${url}${basePath}${route}`, {\n method: \"POST\",\n body: JSON.stringify(body),\n headers,\n });\n\n if (!response.ok) {\n throw new Error(await response.text());\n }\n\n const json = await response.json();\n\n return json as SignerResponse<R>;\n };\n\n /**\n * Retrieves the list of MFA factors configured for the current user.\n *\n * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to an array of configured MFA factors\n * @throws {NotAuthenticatedError} If no user is authenticated\n */\n public getMfaFactors = async (): Promise<{\n multiFactors: MfaFactor[];\n }> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: MFA_PAYLOAD.LIST,\n signWith: this.user.address,\n },\n });\n\n return this.request(\"/v1/auth-list-multi-factors\", {\n stampedRequest,\n });\n };\n\n /**\n * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.\n *\n * @param {AddMfaParams} params The parameters required to enable a new MFA factor\n * @returns {Promise<AddMfaResult>} A promise that resolves to the factor setup information\n * @throws {NotAuthenticatedError} If no user is authenticated\n * @throws {Error} If an unsupported factor type is provided\n */\n public addMfa = async (params: AddMfaParams): Promise<AddMfaResult> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: MFA_PAYLOAD.ADD,\n signWith: this.user.address,\n },\n });\n\n switch (params.multiFactorType) {\n case \"totp\":\n return this.request(\"/v1/auth-request-multi-factor\", {\n stampedRequest,\n multiFactorType: params.multiFactorType,\n });\n default:\n throw new Error(\n `Unsupported MFA factor type: ${params.multiFactorType}`,\n );\n }\n };\n\n /**\n * Verifies a newly created MFA factor to complete the setup process.\n *\n * @param {VerifyMfaParams} params The parameters required to verify the MFA factor\n * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors\n * @throws {NotAuthenticatedError} If no user is authenticated\n */\n public verifyMfa = async (\n params: VerifyMfaParams,\n ): Promise<{ multiFactors: MfaFactor[] }> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: MFA_PAYLOAD.VERIFY,\n signWith: this.user.address,\n },\n });\n\n return this.request(\"/v1/auth-verify-multi-factor\", {\n stampedRequest,\n multiFactorId: params.multiFactorId,\n multiFactorCode: params.multiFactorCode,\n });\n };\n\n /**\n * Removes existing MFA factors by ID.\n *\n * @param {RemoveMfaParams} params The parameters specifying which factors to disable\n * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors\n * @throws {NotAuthenticatedError} If no user is authenticated\n */\n public removeMfa = async (\n params: RemoveMfaParams,\n ): Promise<{ multiFactors: MfaFactor[] }> => {\n if (!this.user) {\n throw new NotAuthenticatedError();\n }\n\n const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n organizationId: this.user.orgId,\n type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n timestampMs: Date.now().toString(),\n parameters: {\n encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n hashFunction: \"HASH_FUNCTION_NO_OP\",\n payload: MFA_PAYLOAD.DELETE,\n signWith: this.user.address,\n },\n });\n\n return this.request(\"/v1/auth-delete-multi-factors\", {\n stampedRequest,\n multiFactorIds: params.multiFactorIds,\n });\n };\n\n /**\n * Validates multiple MFA factors using the provided encrypted payload and MFA codes.\n *\n * @param {ValidateMultiFactorsParams} params The validation parameters\n * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle\n * @throws {Error} If no credential bundle is returned from the server\n */\n public validateMultiFactors = async (\n params: ValidateMultiFactorsParams,\n ): Promise<{ bundle: string }> => {\n // Send the encryptedPayload plus TOTP codes, etc:\n const response = await this.request(\"/v1/auth-validate-multi-factors\", {\n encryptedPayload: params.encryptedPayload,\n multiFactors: params.multiFactors,\n });\n\n // The server is expected to return the *decrypted* payload in `response.payload.credentialBundle`\n if (!response.payload || !response.payload.credentialBundle) {\n throw new Error(\n \"Request to validateMultiFactors did not return a credential bundle\",\n );\n }\n\n return {\n bundle: response.payload.credentialBundle,\n };\n };\n\n // #endregion\n\n // #region PRIVATE METHODS\n\n /**\n * Returns the authentication url for the selected OAuth Proivder\n *\n * @example\n * ```ts\n *\n * cosnt oauthParams = {\n * authProviderId: \"google\",\n * isCustomProvider: false,\n * auth0Connection: undefined,\n * scope: undefined,\n * claims: undefined,\n * mode: \"redirect\",\n * redirectUrl: \"https://your-url-path/oauth-return\",\n * expirationSeconds: 3000\n * };\n *\n * const turnkeyPublicKey = await this.initIframeStamper();\n * const oauthCallbackUrl = this.oauthCallbackUrl;\n * const oauthConfig = this.getOauthConfig() // Optional value for OauthConfig()\n * const usesRelativeUrl = true // Optional value to determine if we use a relative (or absolute) url for the `redirect_url`\n *\n * const oauthProviderUrl = getOauthProviderUrl({\n * oauthParams,\n * turnkeyPublicKey,\n * oauthCallbackUrl\n * })\n *\n * ```\n * @param {GetOauthProviderUrlArgs} args Required. The Oauth provider's auth parameters\n *\n * @returns {Promise<string>} returns the Oauth provider's url\n */\n protected getOauthProviderUrl = async (\n args: GetOauthProviderUrlArgs,\n ): Promise<string> => {\n const {\n oauthParams,\n turnkeyPublicKey,\n oauthCallbackUrl,\n oauthConfig,\n usesRelativeUrl = true,\n } = args;\n\n const {\n authProviderId,\n isCustomProvider,\n auth0Connection,\n scope: providedScope,\n claims: providedClaims,\n otherParameters: providedOtherParameters,\n mode,\n redirectUrl,\n expirationSeconds,\n } = oauthParams;\n\n const { codeChallenge, requestKey, authProviders } =\n oauthConfig ?? (await this.getOauthConfigForMode(mode));\n\n if (!authProviders) {\n throw new OAuthProvidersError();\n }\n\n const authProvider = authProviders.find(\n (provider) =>\n provider.id === authProviderId &&\n !!provider.isCustomProvider === !!isCustomProvider,\n );\n\n if (!authProvider) {\n throw new Error(`No auth provider found with id ${authProviderId}`);\n }\n\n let scope: string | undefined = providedScope;\n let claims: string | undefined = providedClaims;\n let otherParameters: Record<string, string> | undefined =\n providedOtherParameters;\n\n if (!isCustomProvider) {\n const defaultCustomization =\n getDefaultProviderCustomization(authProviderId);\n scope ??= defaultCustomization?.scope;\n claims ??= defaultCustomization?.claims;\n otherParameters ??= defaultCustomization?.otherParameters;\n }\n if (!scope) {\n throw new Error(`Default scope not known for provider ${authProviderId}`);\n }\n const { authEndpoint, clientId } = authProvider;\n\n const nonce = this.getOauthNonce(turnkeyPublicKey);\n const stateObject: OauthState = {\n authProviderId,\n isCustomProvider,\n requestKey,\n turnkeyPublicKey,\n expirationSeconds,\n redirectUrl:\n mode === \"redirect\"\n ? usesRelativeUrl\n ? resolveRelativeUrl(redirectUrl)\n : redirectUrl\n : undefined,\n openerOrigin: mode === \"popup\" ? window.location.origin : undefined,\n fetchIdTokenOnly: oauthParams.fetchIdTokenOnly,\n };\n const state = base64UrlEncode(\n new TextEncoder().encode(JSON.stringify(stateObject)).buffer,\n );\n const authUrl = new URL(authEndpoint);\n const params: Record<string, string> = {\n redirect_uri: oauthCallbackUrl,\n response_type: \"code\",\n scope,\n state,\n code_challenge: codeChallenge,\n code_challenge_method: \"S256\",\n prompt: \"select_account\",\n client_id: clientId,\n nonce,\n ...otherParameters,\n };\n if (claims) {\n params.claims = claims;\n }\n if (auth0Connection) {\n params.connection = auth0Connection;\n }\n\n Object.keys(params).forEach((param) => {\n params[param] && authUrl.searchParams.append(param, params[param]);\n });\n\n const [urlPath, searchParams] = authUrl.href.split(\"?\");\n\n return `${urlPath?.replace(/\\/$/, \"\")}?${searchParams}`;\n };\n\n private getOauthConfigForMode = async (\n mode: OauthMode,\n ): Promise<OauthConfig> => {\n if (this.oauthConfig) {\n return this.oauthConfig;\n } else if (mode === \"redirect\") {\n return this.initOauth();\n } else {\n throw new Error(\n \"enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login\",\n );\n }\n };\n\n // eslint-disable-next-line eslint-rules/require-jsdoc-on-reexported-functions\n protected pollActivityCompletion = async <\n T extends keyof Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"][\"result\"],\n >(\n activity: Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"],\n organizationId: string,\n resultKey: T,\n ): Promise<\n NonNullable<\n Awaited<\n ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n >[\"activity\"][\"result\"][T]\n >\n > => {\n if (activity.status === \"ACTIVITY_STATUS_COMPLETED\") {\n return activity.result[resultKey]!;\n }\n\n const {\n activity: { status, id, result },\n } = await this.turnkeyClient.getActivity({\n activityId: activity.id,\n organizationId,\n });\n\n if (status === \"ACTIVITY_STATUS_COMPLETED\") {\n return result[resultKey]!;\n }\n\n if (\n status === \"ACTIVITY_STATUS_FAILED\" ||\n status === \"ACTIVITY_STATUS_REJECTED\" ||\n status === \"ACTIVITY_STATUS_CONSENSUS_NEEDED\"\n ) {\n throw new Error(\n `Failed to get activity with with id ${id} (status: ${status})`,\n );\n }\n\n // TODO: add ability to configure this + add exponential backoff\n await new Promise((resolve) => setTimeout(resolve, 500));\n\n return this.pollActivityCompletion(activity, organizationId, resultKey);\n };\n // #endregion\n\n /**\n * Turnkey requires the nonce in the id token to be in this format.\n *\n * @param {string} turnkeyPublicKey key from a Turnkey iframe\n * @returns {string} nonce to be used in OIDC\n */\n protected getOauthNonce = (turnkeyPublicKey: string): string => {\n return sha256(new TextEncoder().encode(turnkeyPublicKey)).slice(2);\n };\n}\n"]}