@ahoo-wang/fetcher-cosec 1.2.3 → 1.2.6

package/dist/cosecRequestInterceptor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cosecRequestInterceptor.d.ts","sourceRoot":"","sources":["../src/cosecRequestInterceptor.ts"],"names":[],"mappings":"AAaA,OAAO,EACL,aAAa,EAGb,kBAAkB,EACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAgB,YAAY,EAAE,MAAM,SAAS,CAAC;AAGrD;;GAEG;AACH,eAAO,MAAM,8BAA8B,4BAA4B,CAAC;AAExE;;;GAGG;AACH,eAAO,MAAM,+BAA+B,QACL,CAAC;AAExC;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,uBAAwB,YAAW,kBAAkB;IAChE,QAAQ,CAAC,IAAI,6BAAkC;IAC/C,QAAQ,CAAC,KAAK,SAAmC;IACjD,OAAO,CAAC,OAAO,CAAe;gBAElB,OAAO,EAAE,YAAY;IAIjC;;;;;;;;;;;;;;;;;;;OAmBG;IACH,SAAS,CAAC,QAAQ,EAAE,aAAa;CAuBlC"}
+{"version":3,"file":"cosecRequestInterceptor.d.ts","sourceRoot":"","sources":["../src/cosecRequestInterceptor.ts"],"names":[],"mappings":"AAaA,OAAO,EACL,aAAa,EAEb,kBAAkB,EACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAgB,YAAY,EAAE,MAAM,SAAS,CAAC;AAGrD;;GAEG;AACH,eAAO,MAAM,8BAA8B,4BAA4B,CAAC;AAExE;;;GAGG;AACH,eAAO,MAAM,+BAA+B,QACL,CAAC;AAExC;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,uBAAwB,YAAW,kBAAkB;IAChE,QAAQ,CAAC,IAAI,6BAAkC;IAC/C,QAAQ,CAAC,KAAK,SAAmC;IACjD,OAAO,CAAC,OAAO,CAAe;gBAElB,OAAO,EAAE,YAAY;IAIjC;;;;;;;;;;;;;;;;;;;OAmBG;IACH,SAAS,CAAC,QAAQ,EAAE,aAAa;CAYlC"}

package/dist/index.es.js

@@ -1,14 +1,14 @@
-import { REQUEST_BODY_INTERCEPTOR_ORDER as l } from "@ahoo-wang/fetcher";
+import { REQUEST_BODY_INTERCEPTOR_ORDER as u } from "@ahoo-wang/fetcher";
 import { nanoid as d } from "nanoid";
 const a = class a {
 };
 a.DEVICE_ID = "CoSec-Device-Id", a.APP_ID = "CoSec-App-Id", a.AUTHORIZATION = "Authorization", a.REQUEST_ID = "CoSec-Request-Id";
 let i = a;
-const u = class u {
+const I = class I {
 };
-u.UNAUTHORIZED = 401;
-let h = u;
-const m = {
+I.UNAUTHORIZED = 401;
+let c = I;
+const N = {
   ALLOW: { authorized: !0, reason: "Allow" },
   EXPLICIT_DENY: { authorized: !1, reason: "Explicit Deny" },
   IMPLICIT_DENY: { authorized: !1, reason: "Implicit Deny" },
@@ -25,10 +25,10 @@ class p {
     return d();
   }
 }
-const I = new p(), g = "CoSecRequestInterceptor", R = l + 1e3;
-class N {
+const h = new p(), g = "CoSecRequestInterceptor", T = u + 1e3;
+class m {
   constructor(e) {
-    this.name = g, this.order = R, this.options = e;
+    this.name = g, this.order = T, this.options = e;
   }
   /**
    * Intercept requests to add CoSec authentication headers.
@@ -51,23 +51,18 @@ class N {
    * subsequent request processing interceptors.
    */
   intercept(e) {
-    const t = I.generateId(), s = this.options.deviceIdStorage.getOrCreate(), o = this.options.tokenStorage.get(), c = {
-      ...e.request,
-      headers: {
-        ...e.request.headers
-      }
-    }, n = c.headers;
-    n[i.APP_ID] = this.options.appId, n[i.DEVICE_ID] = s, n[i.REQUEST_ID] = t, o && (n[i.AUTHORIZATION] = `Bearer ${o.accessToken}`), e.request = c;
+    const t = h.generateId(), s = this.options.deviceIdStorage.getOrCreate(), o = this.options.tokenStorage.get(), n = e.ensureRequestHeaders();
+    n[i.APP_ID] = this.options.appId, n[i.DEVICE_ID] = s, n[i.REQUEST_ID] = t, o && !n[i.AUTHORIZATION] && (n[i.AUTHORIZATION] = `Bearer ${o.accessToken}`);
   }
 }
-const T = "CoSecResponseInterceptor", S = Number.MIN_SAFE_INTEGER + 1e3;
-class k {
+const R = "CoSecResponseInterceptor", S = Number.MIN_SAFE_INTEGER + 1e3;
+class A {
   /**
    * Creates a new CoSecResponseInterceptor instance.
    * @param options - The CoSec configuration options including token storage and refresher
    */
   constructor(e) {
-    this.name = T, this.order = S, this.options = e;
+    this.name = R, this.order = S, this.options = e;
   }
   /**
    * Intercepts the response and handles unauthorized responses by refreshing tokens.
@@ -75,7 +70,7 @@ class k {
    */
   async intercept(e) {
     const t = e.response;
-    if (!t || t.status !== h.UNAUTHORIZED)
+    if (!t || t.status !== c.UNAUTHORIZED)
       return;
     const s = this.options.tokenStorage.get();
     if (s)
@@ -115,7 +110,7 @@ function E() {
   return typeof window < "u" && window.localStorage ? window.localStorage : new O();
 }
 const f = "cosec-device-id";
-class A {
+class k {
   constructor(e = f, t = E()) {
     this.deviceIdKey = e, this.storage = t;
   }
@@ -141,7 +136,7 @@ class A {
    * @returns A newly generated device ID
    */
   generateDeviceId() {
-    return I.generateId();
+    return h.generateId();
   }
   /**
    * Get or create a device ID.
@@ -167,12 +162,12 @@ function _(r) {
     const s = e[1].replace(/-/g, "+").replace(/_/g, "/"), o = s.padEnd(
       s.length + (4 - s.length % 4) % 4,
       "="
-    ), c = decodeURIComponent(
-      atob(o).split("").map(function(n) {
-        return "%" + ("00" + n.charCodeAt(0).toString(16)).slice(-2);
+    ), n = decodeURIComponent(
+      atob(o).split("").map(function(l) {
+        return "%" + ("00" + l.charCodeAt(0).toString(16)).slice(-2);
       }).join("")
     );
-    return JSON.parse(c);
+    return JSON.parse(n);
   } catch (e) {
     return console.error("Failed to parse JWT token", e), null;
   }
@@ -185,7 +180,7 @@ function w(r, e = 0) {
   return s ? Date.now() / 1e3 > s - e : !1;
 }
 const D = "cosec-token";
-class v {
+class U {
   constructor(e = D, t = E()) {
     this.tokenKey = e, this.storage = t;
   }
@@ -221,23 +216,23 @@ class v {
   }
 }
 export {
-  m as AuthorizeResults,
+  N as AuthorizeResults,
   g as COSEC_REQUEST_INTERCEPTOR_NAME,
-  R as COSEC_REQUEST_INTERCEPTOR_ORDER,
-  T as COSEC_RESPONSE_INTERCEPTOR_NAME,
+  T as COSEC_REQUEST_INTERCEPTOR_ORDER,
+  R as COSEC_RESPONSE_INTERCEPTOR_NAME,
   S as COSEC_RESPONSE_INTERCEPTOR_ORDER,
   i as CoSecHeaders,
-  N as CoSecRequestInterceptor,
-  k as CoSecResponseInterceptor,
+  m as CoSecRequestInterceptor,
+  A as CoSecResponseInterceptor,
   f as DEFAULT_COSEC_DEVICE_ID_KEY,
   D as DEFAULT_COSEC_TOKEN_KEY,
-  A as DeviceIdStorage,
+  k as DeviceIdStorage,
   O as InMemoryStorage,
   p as NanoIdGenerator,
-  h as ResponseCodes,
-  v as TokenStorage,
+  c as ResponseCodes,
+  U as TokenStorage,
   E as getStorage,
-  I as idGenerator,
+  h as idGenerator,
   w as isTokenExpired,
   _ as parseJwtPayload
 };

package/dist/index.es.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.es.js","sources":["../src/types.ts","../src/idGenerator.ts","../src/cosecRequestInterceptor.ts","../src/cosecResponseInterceptor.ts","../src/inMemoryStorage.ts","../src/deviceIdStorage.ts","../src/jwts.ts","../src/tokenStorage.ts"],"sourcesContent":["/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { DeviceIdStorage } from './deviceIdStorage';\nimport { TokenStorage } from './tokenStorage';\nimport { TokenRefresher } from './tokenRefresher';\n\n/**\n * CoSec HTTP headers enumeration.\n */\nexport class CoSecHeaders {\n  static readonly DEVICE_ID = 'CoSec-Device-Id';\n  static readonly APP_ID = 'CoSec-App-Id';\n  static readonly AUTHORIZATION = 'Authorization';\n  static readonly REQUEST_ID = 'CoSec-Request-Id';\n}\n\nexport class ResponseCodes {\n  static readonly UNAUTHORIZED = 401;\n}\n\n/**\n * CoSec options interface.\n */\nexport interface CoSecOptions {\n  /**\n   * Application ID to be sent in the CoSec-App-Id header.\n   */\n  appId: string;\n\n  /**\n   * Device ID storage instance.\n   */\n  deviceIdStorage: DeviceIdStorage;\n\n  /**\n   * Token storage instance.\n   */\n  tokenStorage: TokenStorage;\n\n  /**\n   * Token refresher function.\n   *\n   * Takes a CompositeToken and returns a Promise that resolves to a new CompositeToken.\n   */\n  tokenRefresher: TokenRefresher;\n}\n\n/**\n * Authorization result interface.\n */\nexport interface AuthorizeResult {\n  authorized: boolean;\n  reason: string;\n}\n\n/**\n * Authorization result constants.\n */\nexport const AuthorizeResults = {\n  ALLOW: { authorized: true, reason: 'Allow' },\n  EXPLICIT_DENY: { authorized: false, reason: 'Explicit Deny' },\n  IMPLICIT_DENY: { authorized: false, reason: 'Implicit Deny' },\n  TOKEN_EXPIRED: { authorized: false, reason: 'Token Expired' },\n  TOO_MANY_REQUESTS: { authorized: false, reason: 'Too Many Requests' },\n};\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { nanoid } from 'nanoid';\n\nexport interface IdGenerator {\n  generateId(): string;\n}\n\n/**\n * Nano ID implementation of IdGenerator.\n * Generates unique request IDs using Nano ID.\n */\nexport class NanoIdGenerator implements IdGenerator {\n  /**\n   * Generate a unique request ID.\n   *\n   * @returns A unique request ID\n   */\n  generateId(): string {\n    return nanoid();\n  }\n}\n\nexport const idGenerator = new NanoIdGenerator();\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  FetchExchange,\n  FetchRequest,\n  REQUEST_BODY_INTERCEPTOR_ORDER,\n  RequestInterceptor,\n} from '@ahoo-wang/fetcher';\nimport { CoSecHeaders, CoSecOptions } from './types';\nimport { idGenerator } from './idGenerator';\n\n/**\n * The name of the CoSecRequestInterceptor.\n */\nexport const COSEC_REQUEST_INTERCEPTOR_NAME = 'CoSecRequestInterceptor';\n\n/**\n * The order of the CoSecRequestInterceptor.\n * Set to REQUEST_BODY_INTERCEPTOR_ORDER + 1000 to ensure it runs after RequestBodyInterceptor.\n */\nexport const COSEC_REQUEST_INTERCEPTOR_ORDER =\n  REQUEST_BODY_INTERCEPTOR_ORDER + 1000;\n\n/**\n * Interceptor that automatically adds CoSec authentication headers to requests.\n *\n * This interceptor adds the following headers to each request:\n * - CoSec-Device-Id: Device identifier (stored in localStorage or generated)\n * - CoSec-App-Id: Application identifier\n * - Authorization: Bearer token\n * - CoSec-Request-Id: Unique request identifier for each request\n *\n * @remarks\n * This interceptor runs after RequestBodyInterceptor but before FetchInterceptor.\n * The order is set to COSEC_REQUEST_INTERCEPTOR_ORDER to ensure it runs after\n * request body processing but before the actual HTTP request is made. This positioning\n * allows for proper authentication header addition after all request body transformations\n * are complete, ensuring that the final request is properly authenticated before\n * being sent over the network.\n */\nexport class CoSecRequestInterceptor implements RequestInterceptor {\n  readonly name = COSEC_REQUEST_INTERCEPTOR_NAME;\n  readonly order = COSEC_REQUEST_INTERCEPTOR_ORDER;\n  private options: CoSecOptions;\n\n  constructor(options: CoSecOptions) {\n    this.options = options;\n  }\n\n  /**\n   * Intercept requests to add CoSec authentication headers.\n   *\n   * This method adds the following headers to each request:\n   * - CoSec-App-Id: The application identifier from the CoSec options\n   * - CoSec-Device-Id: A unique device identifier, either retrieved from storage or generated\n   * - CoSec-Request-Id: A unique identifier for this specific request\n   * - Authorization: Bearer token if available in token storage\n   *\n   * @param exchange - The fetch exchange containing the request to process\n   *\n   * @remarks\n   * This method runs after RequestBodyInterceptor but before FetchInterceptor.\n   * It ensures that authentication headers are added to the request after all\n   * body processing is complete. The positioning allows for proper authentication\n   * header addition after all request body transformations are finished, ensuring\n   * that the final request is properly authenticated before being sent over the network.\n   * This execution order prevents authentication headers from being overwritten by\n   * subsequent request processing interceptors.\n   */\n  intercept(exchange: FetchExchange) {\n    const requestId = idGenerator.generateId();\n    const deviceId = this.options.deviceIdStorage.getOrCreate();\n    const token = this.options.tokenStorage.get();\n\n    // Clone the request to avoid modifying the original\n    const newRequest: FetchRequest = {\n      ...exchange.request,\n      headers: {\n        ...exchange.request.headers,\n      },\n    };\n\n    const requestHeaders = newRequest.headers as Record<string, string>;\n    requestHeaders[CoSecHeaders.APP_ID] = this.options.appId;\n    requestHeaders[CoSecHeaders.DEVICE_ID] = deviceId;\n    requestHeaders[CoSecHeaders.REQUEST_ID] = requestId;\n    if (token) {\n      requestHeaders[CoSecHeaders.AUTHORIZATION] =\n        `Bearer ${token.accessToken}`;\n    }\n    exchange.request = newRequest;\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CoSecOptions, ResponseCodes } from './types';\nimport { FetchExchange, ResponseInterceptor } from '@ahoo-wang/fetcher';\n\n/**\n * The name of the CoSecResponseInterceptor.\n */\nexport const COSEC_RESPONSE_INTERCEPTOR_NAME = 'CoSecResponseInterceptor';\n\n/**\n * The order of the CoSecResponseInterceptor.\n * Set to a high negative value to ensure it runs early in the interceptor chain.\n */\nexport const COSEC_RESPONSE_INTERCEPTOR_ORDER = Number.MIN_SAFE_INTEGER + 1000;\n\n/**\n * CoSecResponseInterceptor is responsible for handling unauthorized responses (401)\n * by attempting to refresh the authentication token and retrying the original request.\n *\n * This interceptor:\n * 1. Checks if the response status is 401 (UNAUTHORIZED)\n * 2. If so, and if there's a current token, attempts to refresh it\n * 3. On successful refresh, stores the new token and retries the original request\n * 4. On refresh failure, clears stored tokens and propagates the error\n */\nexport class CoSecResponseInterceptor implements ResponseInterceptor {\n  readonly name = COSEC_RESPONSE_INTERCEPTOR_NAME;\n  readonly order = COSEC_RESPONSE_INTERCEPTOR_ORDER;\n  private options: CoSecOptions;\n\n  /**\n   * Creates a new CoSecResponseInterceptor instance.\n   * @param options - The CoSec configuration options including token storage and refresher\n   */\n  constructor(options: CoSecOptions) {\n    this.options = options;\n  }\n\n  /**\n   * Intercepts the response and handles unauthorized responses by refreshing tokens.\n   * @param exchange - The fetch exchange containing request and response information\n   */\n  async intercept(exchange: FetchExchange): Promise<void> {\n    const response = exchange.response;\n    // If there's no response, nothing to intercept\n    if (!response) {\n      return;\n    }\n\n    // Only handle unauthorized responses (401)\n    if (response.status !== ResponseCodes.UNAUTHORIZED) {\n      return;\n    }\n\n    // Get the current token from storage\n    const currentToken = this.options.tokenStorage.get();\n    // If there's no current token, we can't refresh it\n    if (!currentToken) {\n      return;\n    }\n\n    try {\n      // Attempt to refresh the token\n      const newToken = await this.options.tokenRefresher.refresh(currentToken);\n      // Store the refreshed token\n      this.options.tokenStorage.set(newToken);\n      // Retry the original request with the new token\n      await exchange.fetcher.request(exchange.request);\n    } catch (error) {\n      // If token refresh fails, clear stored tokens and re-throw the error\n      this.options.tokenStorage.clear();\n      throw error;\n    }\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * In-memory storage fallback for environments without localStorage.\n */\nexport class InMemoryStorage implements Storage {\n  private store: Map<string, string> = new Map();\n\n  get length(): number {\n    return this.store.size;\n  }\n\n  clear(): void {\n    this.store.clear();\n  }\n\n  getItem(key: string): string | null {\n    const value = this.store.get(key);\n    return value !== undefined ? value : null;\n  }\n\n  key(index: number): string | null {\n    const keys = Array.from(this.store.keys());\n    return keys[index] || null;\n  }\n\n  removeItem(key: string): void {\n    if (this.store.has(key)) {\n      this.store.delete(key);\n    }\n  }\n\n  setItem(key: string, value: string): void {\n    this.store.set(key, value);\n  }\n}\n\nexport function getStorage(): Storage {\n  if (typeof window !== 'undefined' && window.localStorage) {\n    return window.localStorage;\n  } else {\n    // Use in-memory storage as fallback\n    return new InMemoryStorage();\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getStorage } from './inMemoryStorage';\nimport { idGenerator } from './idGenerator';\n\nexport const DEFAULT_COSEC_DEVICE_ID_KEY = 'cosec-device-id';\n\n/**\n * Storage class for managing device identifiers.\n */\nexport class DeviceIdStorage {\n  private readonly deviceIdKey: string;\n  private storage: Storage;\n\n  constructor(\n    deviceIdKey: string = DEFAULT_COSEC_DEVICE_ID_KEY,\n    storage: Storage = getStorage(),\n  ) {\n    this.deviceIdKey = deviceIdKey;\n    this.storage = storage;\n  }\n\n  /**\n   * Get the current device ID.\n   *\n   * @returns The current device ID or null if not set\n   */\n  get(): string | null {\n    return this.storage.getItem(this.deviceIdKey);\n  }\n\n  /**\n   * Set a device ID.\n   *\n   * @param deviceId - The device ID to set\n   */\n  set(deviceId: string): void {\n    this.storage.setItem(this.deviceIdKey, deviceId);\n  }\n\n  /**\n   * Generate a new device ID.\n   *\n   * @returns A newly generated device ID\n   */\n  generateDeviceId(): string {\n    return idGenerator.generateId();\n  }\n\n  /**\n   * Get or create a device ID.\n   *\n   * @returns The existing device ID if available, otherwise a newly generated one\n   */\n  getOrCreate(): string {\n    // Try to get existing device ID from storage\n    let deviceId = this.get();\n    if (!deviceId) {\n      // Generate a new device ID and store it\n      deviceId = this.generateDeviceId();\n      this.set(deviceId);\n    }\n\n    return deviceId;\n  }\n\n  /**\n   * Clear the stored device ID.\n   */\n  clear(): void {\n    this.storage.removeItem(this.deviceIdKey);\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n/**\n * Interface representing a JWT payload as defined in RFC 7519.\n * Contains standard JWT claims as well as custom properties.\n */\nexport interface JwtPayload {\n  /**\n   * JWT ID - provides a unique identifier for the JWT.\n   */\n  jti?: string;\n  /**\n   * Subject - identifies the principal that is the subject of the JWT.\n   */\n  sub?: string;\n  /**\n   * Issuer - identifies the principal that issued the JWT.\n   */\n  iss?: string;\n  /**\n   * Audience - identifies the recipients that the JWT is intended for.\n   * Can be a single string or an array of strings.\n   */\n  aud?: string | string[];\n  /**\n   * Expiration Time - identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  exp?: number;\n  /**\n   * Not Before - identifies the time before which the JWT MUST NOT be accepted for processing.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  nbf?: number;\n  /**\n   * Issued At - identifies the time at which the JWT was issued.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  iat?: number;\n\n  /**\n   * Allows additional custom properties to be included in the payload.\n   */\n  [key: string]: any;\n}\n\n/**\n * Interface representing a JWT payload with CoSec-specific extensions.\n * Extends the standard JwtPayload interface with additional CoSec-specific properties.\n */\nexport interface CoSecJwtPayload extends JwtPayload {\n  /**\n   * Tenant identifier - identifies the tenant scope for the JWT.\n   */\n  tenantId?: string;\n  /**\n   * Policies - array of policy identifiers associated with the JWT.\n   * These are security policies defined internally by Cosec.\n   */\n  policies?: string[];\n  /**\n   * Roles - array of role identifiers associated with the JWT.\n   * Role IDs indicate what roles the token belongs to.\n   */\n  roles?: string[];\n  /**\n   * Attributes - custom key-value pairs providing additional information about the JWT.\n   */\n  attributes?: Record<string, any>;\n}\n\n/**\n * Parses a JWT token and extracts its payload.\n *\n * This function decodes the payload part of a JWT token, handling Base64URL decoding\n * and JSON parsing. It validates the token structure and returns null for invalid tokens.\n *\n * @param token - The JWT token string to parse\n * @returns The parsed JWT payload or null if parsing fails\n */\nexport function parseJwtPayload<T extends JwtPayload>(token: string): T | null {\n  try {\n    const parts = token.split('.');\n    if (parts.length !== 3) {\n      return null;\n    }\n\n    const base64Url = parts[1];\n    const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');\n\n    // Add padding if needed\n    const paddedBase64 = base64.padEnd(\n      base64.length + ((4 - (base64.length % 4)) % 4),\n      '=',\n    );\n\n    const jsonPayload = decodeURIComponent(\n      atob(paddedBase64)\n        .split('')\n        .map(function(c) {\n          return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);\n        })\n        .join(''),\n    );\n    return JSON.parse(jsonPayload) as T;\n  } catch (error) {\n    // Avoid exposing sensitive information in error logs\n    console.error('Failed to parse JWT token', error);\n    return null;\n  }\n}\n\n/**\n * Checks if a JWT token is expired based on its expiration time (exp claim).\n *\n * This function determines if a JWT token has expired by comparing its exp claim\n * with the current time. If the token is a string, it will be parsed first.\n * Tokens without an exp claim are considered not expired.\n *\n * The early period parameter allows for early token expiration, which is useful\n * for triggering token refresh before the token actually expires. This helps\n * avoid race conditions where a token expires between the time it is checked and\n * the time it is used.\n *\n * @param token - The JWT token to check, either as a string or as a JwtPayload object\n * @param earlyPeriod - The time in seconds before actual expiration when the token should be considered expired (default: 0)\n * @returns true if the token is expired (or will expire within the early period) or cannot be parsed, false otherwise\n */\nexport function isTokenExpired(\n  token: string | CoSecJwtPayload,\n  earlyPeriod: number = 0,\n): boolean {\n  const payload = typeof token === 'string' ? parseJwtPayload(token) : token;\n  if (!payload) {\n    return true;\n  }\n\n  const expAt = payload.exp;\n  if (!expAt) {\n    return false;\n  }\n\n  const now = Date.now() / 1000;\n  return now > expAt - earlyPeriod;\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getStorage } from './inMemoryStorage';\nimport { CompositeToken } from './tokenRefresher';\n\nexport const DEFAULT_COSEC_TOKEN_KEY = 'cosec-token';\n\n/**\n * Storage class for managing access and refresh tokens.\n */\nexport class TokenStorage {\n  private readonly tokenKey: string;\n  private storage: Storage;\n\n  constructor(\n    tokenKey: string = DEFAULT_COSEC_TOKEN_KEY,\n    storage: Storage = getStorage(),\n  ) {\n    this.tokenKey = tokenKey;\n    this.storage = storage;\n  }\n\n  /**\n   * Get the current access token.\n   *\n   * @returns The current composite token or null if not set\n   */\n  get(): CompositeToken | null {\n    const tokenStr = this.storage.getItem(this.tokenKey);\n    if (!tokenStr) {\n      return null;\n    }\n\n    try {\n      return JSON.parse(tokenStr);\n    } catch (error) {\n      console.warn('Failed to get token from storage:', error);\n      this.clear();\n      return null;\n    }\n  }\n\n  /**\n   * Store a composite token.\n   *\n   * @param token - The composite token to store\n   */\n  set(token: CompositeToken): void {\n    const tokenStr = JSON.stringify(token);\n    this.storage.setItem(this.tokenKey, tokenStr);\n  }\n\n  /**\n   * Clear all tokens.\n   */\n  clear(): void {\n    this.storage.removeItem(this.tokenKey);\n  }\n}\n"],"names":["_CoSecHeaders","CoSecHeaders","_ResponseCodes","ResponseCodes","AuthorizeResults","NanoIdGenerator","nanoid","idGenerator","COSEC_REQUEST_INTERCEPTOR_NAME","COSEC_REQUEST_INTERCEPTOR_ORDER","REQUEST_BODY_INTERCEPTOR_ORDER","CoSecRequestInterceptor","options","exchange","requestId","deviceId","token","newRequest","requestHeaders","COSEC_RESPONSE_INTERCEPTOR_NAME","COSEC_RESPONSE_INTERCEPTOR_ORDER","CoSecResponseInterceptor","response","currentToken","newToken","error","InMemoryStorage","key","value","index","getStorage","DEFAULT_COSEC_DEVICE_ID_KEY","DeviceIdStorage","deviceIdKey","storage","parseJwtPayload","parts","base64","paddedBase64","jsonPayload","c","isTokenExpired","earlyPeriod","payload","expAt","DEFAULT_COSEC_TOKEN_KEY","TokenStorage","tokenKey","tokenStr"],"mappings":";;AAoBO,MAAMA,IAAN,MAAMA,EAAa;AAK1B;AAJEA,EAAgB,YAAY,mBAC5BA,EAAgB,SAAS,gBACzBA,EAAgB,gBAAgB,iBAChCA,EAAgB,aAAa;AAJxB,IAAMC,IAAND;AAOA,MAAME,IAAN,MAAMA,EAAc;AAE3B;AADEA,EAAgB,eAAe;AAD1B,IAAMC,IAAND;AA0CA,MAAME,IAAmB;AAAA,EAC9B,OAAO,EAAE,YAAY,IAAM,QAAQ,QAAA;AAAA,EACnC,eAAe,EAAE,YAAY,IAAO,QAAQ,gBAAA;AAAA,EAC5C,eAAe,EAAE,YAAY,IAAO,QAAQ,gBAAA;AAAA,EAC5C,eAAe,EAAE,YAAY,IAAO,QAAQ,gBAAA;AAAA,EAC5C,mBAAmB,EAAE,YAAY,IAAO,QAAQ,oBAAA;AAClD;ACpDO,MAAMC,EAAuC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMlD,aAAqB;AACnB,WAAOC,EAAA;AAAA,EACT;AACF;AAEO,MAAMC,IAAc,IAAIF,EAAA,GCTlBG,IAAiC,2BAMjCC,IACXC,IAAiC;AAmB5B,MAAMC,EAAsD;AAAA,EAKjE,YAAYC,GAAuB;AAJnC,SAAS,OAAOJ,GAChB,KAAS,QAAQC,GAIf,KAAK,UAAUG;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBA,UAAUC,GAAyB;AACjC,UAAMC,IAAYP,EAAY,WAAA,GACxBQ,IAAW,KAAK,QAAQ,gBAAgB,YAAA,GACxCC,IAAQ,KAAK,QAAQ,aAAa,IAAA,GAGlCC,IAA2B;AAAA,MAC/B,GAAGJ,EAAS;AAAA,MACZ,SAAS;AAAA,QACP,GAAGA,EAAS,QAAQ;AAAA,MAAA;AAAA,IACtB,GAGIK,IAAiBD,EAAW;AAClC,IAAAC,EAAejB,EAAa,MAAM,IAAI,KAAK,QAAQ,OACnDiB,EAAejB,EAAa,SAAS,IAAIc,GACzCG,EAAejB,EAAa,UAAU,IAAIa,GACtCE,MACFE,EAAejB,EAAa,aAAa,IACvC,UAAUe,EAAM,WAAW,KAE/BH,EAAS,UAAUI;AAAA,EACrB;AACF;ACpFO,MAAME,IAAkC,4BAMlCC,IAAmC,OAAO,mBAAmB;AAYnE,MAAMC,EAAwD;AAAA;AAAA;AAAA;AAAA;AAAA,EASnE,YAAYT,GAAuB;AARnC,SAAS,OAAOO,GAChB,KAAS,QAAQC,GAQf,KAAK,UAAUR;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,UAAUC,GAAwC;AACtD,UAAMS,IAAWT,EAAS;AAO1B,QALI,CAACS,KAKDA,EAAS,WAAWnB,EAAc;AACpC;AAIF,UAAMoB,IAAe,KAAK,QAAQ,aAAa,IAAA;AAE/C,QAAKA;AAIL,UAAI;AAEF,cAAMC,IAAW,MAAM,KAAK,QAAQ,eAAe,QAAQD,CAAY;AAEvE,aAAK,QAAQ,aAAa,IAAIC,CAAQ,GAEtC,MAAMX,EAAS,QAAQ,QAAQA,EAAS,OAAO;AAAA,MACjD,SAASY,GAAO;AAEd,mBAAK,QAAQ,aAAa,MAAA,GACpBA;AAAA,MACR;AAAA,EACF;AACF;ACtEO,MAAMC,EAAmC;AAAA,EAAzC,cAAA;AACL,SAAQ,4BAAiC,IAAA;AAAA,EAAI;AAAA,EAE7C,IAAI,SAAiB;AACnB,WAAO,KAAK,MAAM;AAAA,EACpB;AAAA,EAEA,QAAc;AACZ,SAAK,MAAM,MAAA;AAAA,EACb;AAAA,EAEA,QAAQC,GAA4B;AAClC,UAAMC,IAAQ,KAAK,MAAM,IAAID,CAAG;AAChC,WAAOC,MAAU,SAAYA,IAAQ;AAAA,EACvC;AAAA,EAEA,IAAIC,GAA8B;AAEhC,WADa,MAAM,KAAK,KAAK,MAAM,MAAM,EAC7BA,CAAK,KAAK;AAAA,EACxB;AAAA,EAEA,WAAWF,GAAmB;AAC5B,IAAI,KAAK,MAAM,IAAIA,CAAG,KACpB,KAAK,MAAM,OAAOA,CAAG;AAAA,EAEzB;AAAA,EAEA,QAAQA,GAAaC,GAAqB;AACxC,SAAK,MAAM,IAAID,GAAKC,CAAK;AAAA,EAC3B;AACF;AAEO,SAASE,IAAsB;AACpC,SAAI,OAAO,SAAW,OAAe,OAAO,eACnC,OAAO,eAGP,IAAIJ,EAAA;AAEf;ACvCO,MAAMK,IAA8B;AAKpC,MAAMC,EAAgB;AAAA,EAI3B,YACEC,IAAsBF,GACtBG,IAAmBJ,KACnB;AACA,SAAK,cAAcG,GACnB,KAAK,UAAUC;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAqB;AACnB,WAAO,KAAK,QAAQ,QAAQ,KAAK,WAAW;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAInB,GAAwB;AAC1B,SAAK,QAAQ,QAAQ,KAAK,aAAaA,CAAQ;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,mBAA2B;AACzB,WAAOR,EAAY,WAAA;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,cAAsB;AAEpB,QAAIQ,IAAW,KAAK,IAAA;AACpB,WAAKA,MAEHA,IAAW,KAAK,iBAAA,GAChB,KAAK,IAAIA,CAAQ,IAGZA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,QAAc;AACZ,SAAK,QAAQ,WAAW,KAAK,WAAW;AAAA,EAC1C;AACF;ACOO,SAASoB,EAAsCnB,GAAyB;AAC7E,MAAI;AACF,UAAMoB,IAAQpB,EAAM,MAAM,GAAG;AAC7B,QAAIoB,EAAM,WAAW;AACnB,aAAO;AAIT,UAAMC,IADYD,EAAM,CAAC,EACA,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG,GAGvDE,IAAeD,EAAO;AAAA,MAC1BA,EAAO,UAAW,IAAKA,EAAO,SAAS,KAAM;AAAA,MAC7C;AAAA,IAAA,GAGIE,IAAc;AAAA,MAClB,KAAKD,CAAY,EACd,MAAM,EAAE,EACR,IAAI,SAASE,GAAG;AACf,eAAO,OAAO,OAAOA,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE;AAAA,MAC7D,CAAC,EACA,KAAK,EAAE;AAAA,IAAA;AAEZ,WAAO,KAAK,MAAMD,CAAW;AAAA,EAC/B,SAASd,GAAO;AAEd,mBAAQ,MAAM,6BAA6BA,CAAK,GACzC;AAAA,EACT;AACF;AAkBO,SAASgB,EACdzB,GACA0B,IAAsB,GACb;AACT,QAAMC,IAAU,OAAO3B,KAAU,WAAWmB,EAAgBnB,CAAK,IAAIA;AACrE,MAAI,CAAC2B;AACH,WAAO;AAGT,QAAMC,IAAQD,EAAQ;AACtB,SAAKC,IAIO,KAAK,IAAA,IAAQ,MACZA,IAAQF,IAJZ;AAKX;AC1IO,MAAMG,IAA0B;AAKhC,MAAMC,EAAa;AAAA,EAIxB,YACEC,IAAmBF,GACnBX,IAAmBJ,KACnB;AACA,SAAK,WAAWiB,GAChB,KAAK,UAAUb;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAA6B;AAC3B,UAAMc,IAAW,KAAK,QAAQ,QAAQ,KAAK,QAAQ;AACnD,QAAI,CAACA;AACH,aAAO;AAGT,QAAI;AACF,aAAO,KAAK,MAAMA,CAAQ;AAAA,IAC5B,SAASvB,GAAO;AACd,qBAAQ,KAAK,qCAAqCA,CAAK,GACvD,KAAK,MAAA,GACE;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAIT,GAA6B;AAC/B,UAAMgC,IAAW,KAAK,UAAUhC,CAAK;AACrC,SAAK,QAAQ,QAAQ,KAAK,UAAUgC,CAAQ;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,QAAc;AACZ,SAAK,QAAQ,WAAW,KAAK,QAAQ;AAAA,EACvC;AACF;"}
+{"version":3,"file":"index.es.js","sources":["../src/types.ts","../src/idGenerator.ts","../src/cosecRequestInterceptor.ts","../src/cosecResponseInterceptor.ts","../src/inMemoryStorage.ts","../src/deviceIdStorage.ts","../src/jwts.ts","../src/tokenStorage.ts"],"sourcesContent":["/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { DeviceIdStorage } from './deviceIdStorage';\nimport { TokenStorage } from './tokenStorage';\nimport { TokenRefresher } from './tokenRefresher';\n\n/**\n * CoSec HTTP headers enumeration.\n */\nexport class CoSecHeaders {\n  static readonly DEVICE_ID = 'CoSec-Device-Id';\n  static readonly APP_ID = 'CoSec-App-Id';\n  static readonly AUTHORIZATION = 'Authorization';\n  static readonly REQUEST_ID = 'CoSec-Request-Id';\n}\n\nexport class ResponseCodes {\n  static readonly UNAUTHORIZED = 401;\n}\n\n/**\n * CoSec options interface.\n */\nexport interface CoSecOptions {\n  /**\n   * Application ID to be sent in the CoSec-App-Id header.\n   */\n  appId: string;\n\n  /**\n   * Device ID storage instance.\n   */\n  deviceIdStorage: DeviceIdStorage;\n\n  /**\n   * Token storage instance.\n   */\n  tokenStorage: TokenStorage;\n\n  /**\n   * Token refresher function.\n   *\n   * Takes a CompositeToken and returns a Promise that resolves to a new CompositeToken.\n   */\n  tokenRefresher: TokenRefresher;\n}\n\n/**\n * Authorization result interface.\n */\nexport interface AuthorizeResult {\n  authorized: boolean;\n  reason: string;\n}\n\n/**\n * Authorization result constants.\n */\nexport const AuthorizeResults = {\n  ALLOW: { authorized: true, reason: 'Allow' },\n  EXPLICIT_DENY: { authorized: false, reason: 'Explicit Deny' },\n  IMPLICIT_DENY: { authorized: false, reason: 'Implicit Deny' },\n  TOKEN_EXPIRED: { authorized: false, reason: 'Token Expired' },\n  TOO_MANY_REQUESTS: { authorized: false, reason: 'Too Many Requests' },\n};\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { nanoid } from 'nanoid';\n\nexport interface IdGenerator {\n  generateId(): string;\n}\n\n/**\n * Nano ID implementation of IdGenerator.\n * Generates unique request IDs using Nano ID.\n */\nexport class NanoIdGenerator implements IdGenerator {\n  /**\n   * Generate a unique request ID.\n   *\n   * @returns A unique request ID\n   */\n  generateId(): string {\n    return nanoid();\n  }\n}\n\nexport const idGenerator = new NanoIdGenerator();\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  FetchExchange,\n  REQUEST_BODY_INTERCEPTOR_ORDER,\n  RequestInterceptor,\n} from '@ahoo-wang/fetcher';\nimport { CoSecHeaders, CoSecOptions } from './types';\nimport { idGenerator } from './idGenerator';\n\n/**\n * The name of the CoSecRequestInterceptor.\n */\nexport const COSEC_REQUEST_INTERCEPTOR_NAME = 'CoSecRequestInterceptor';\n\n/**\n * The order of the CoSecRequestInterceptor.\n * Set to REQUEST_BODY_INTERCEPTOR_ORDER + 1000 to ensure it runs after RequestBodyInterceptor.\n */\nexport const COSEC_REQUEST_INTERCEPTOR_ORDER =\n  REQUEST_BODY_INTERCEPTOR_ORDER + 1000;\n\n/**\n * Interceptor that automatically adds CoSec authentication headers to requests.\n *\n * This interceptor adds the following headers to each request:\n * - CoSec-Device-Id: Device identifier (stored in localStorage or generated)\n * - CoSec-App-Id: Application identifier\n * - Authorization: Bearer token\n * - CoSec-Request-Id: Unique request identifier for each request\n *\n * @remarks\n * This interceptor runs after RequestBodyInterceptor but before FetchInterceptor.\n * The order is set to COSEC_REQUEST_INTERCEPTOR_ORDER to ensure it runs after\n * request body processing but before the actual HTTP request is made. This positioning\n * allows for proper authentication header addition after all request body transformations\n * are complete, ensuring that the final request is properly authenticated before\n * being sent over the network.\n */\nexport class CoSecRequestInterceptor implements RequestInterceptor {\n  readonly name = COSEC_REQUEST_INTERCEPTOR_NAME;\n  readonly order = COSEC_REQUEST_INTERCEPTOR_ORDER;\n  private options: CoSecOptions;\n\n  constructor(options: CoSecOptions) {\n    this.options = options;\n  }\n\n  /**\n   * Intercept requests to add CoSec authentication headers.\n   *\n   * This method adds the following headers to each request:\n   * - CoSec-App-Id: The application identifier from the CoSec options\n   * - CoSec-Device-Id: A unique device identifier, either retrieved from storage or generated\n   * - CoSec-Request-Id: A unique identifier for this specific request\n   * - Authorization: Bearer token if available in token storage\n   *\n   * @param exchange - The fetch exchange containing the request to process\n   *\n   * @remarks\n   * This method runs after RequestBodyInterceptor but before FetchInterceptor.\n   * It ensures that authentication headers are added to the request after all\n   * body processing is complete. The positioning allows for proper authentication\n   * header addition after all request body transformations are finished, ensuring\n   * that the final request is properly authenticated before being sent over the network.\n   * This execution order prevents authentication headers from being overwritten by\n   * subsequent request processing interceptors.\n   */\n  intercept(exchange: FetchExchange) {\n    const requestId = idGenerator.generateId();\n    const deviceId = this.options.deviceIdStorage.getOrCreate();\n    const token = this.options.tokenStorage.get();\n    const requestHeaders = exchange.ensureRequestHeaders();\n    requestHeaders[CoSecHeaders.APP_ID] = this.options.appId;\n    requestHeaders[CoSecHeaders.DEVICE_ID] = deviceId;\n    requestHeaders[CoSecHeaders.REQUEST_ID] = requestId;\n    if (token && !requestHeaders[CoSecHeaders.AUTHORIZATION]) {\n      requestHeaders[CoSecHeaders.AUTHORIZATION] = `Bearer ${token.accessToken}`;\n    }\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CoSecOptions, ResponseCodes } from './types';\nimport { FetchExchange, ResponseInterceptor } from '@ahoo-wang/fetcher';\n\n/**\n * The name of the CoSecResponseInterceptor.\n */\nexport const COSEC_RESPONSE_INTERCEPTOR_NAME = 'CoSecResponseInterceptor';\n\n/**\n * The order of the CoSecResponseInterceptor.\n * Set to a high negative value to ensure it runs early in the interceptor chain.\n */\nexport const COSEC_RESPONSE_INTERCEPTOR_ORDER = Number.MIN_SAFE_INTEGER + 1000;\n\n/**\n * CoSecResponseInterceptor is responsible for handling unauthorized responses (401)\n * by attempting to refresh the authentication token and retrying the original request.\n *\n * This interceptor:\n * 1. Checks if the response status is 401 (UNAUTHORIZED)\n * 2. If so, and if there's a current token, attempts to refresh it\n * 3. On successful refresh, stores the new token and retries the original request\n * 4. On refresh failure, clears stored tokens and propagates the error\n */\nexport class CoSecResponseInterceptor implements ResponseInterceptor {\n  readonly name = COSEC_RESPONSE_INTERCEPTOR_NAME;\n  readonly order = COSEC_RESPONSE_INTERCEPTOR_ORDER;\n  private options: CoSecOptions;\n\n  /**\n   * Creates a new CoSecResponseInterceptor instance.\n   * @param options - The CoSec configuration options including token storage and refresher\n   */\n  constructor(options: CoSecOptions) {\n    this.options = options;\n  }\n\n  /**\n   * Intercepts the response and handles unauthorized responses by refreshing tokens.\n   * @param exchange - The fetch exchange containing request and response information\n   */\n  async intercept(exchange: FetchExchange): Promise<void> {\n    const response = exchange.response;\n    // If there's no response, nothing to intercept\n    if (!response) {\n      return;\n    }\n\n    // Only handle unauthorized responses (401)\n    if (response.status !== ResponseCodes.UNAUTHORIZED) {\n      return;\n    }\n\n    // Get the current token from storage\n    const currentToken = this.options.tokenStorage.get();\n    // If there's no current token, we can't refresh it\n    if (!currentToken) {\n      return;\n    }\n\n    try {\n      // Attempt to refresh the token\n      const newToken = await this.options.tokenRefresher.refresh(currentToken);\n      // Store the refreshed token\n      this.options.tokenStorage.set(newToken);\n      // Retry the original request with the new token\n      await exchange.fetcher.request(exchange.request);\n    } catch (error) {\n      // If token refresh fails, clear stored tokens and re-throw the error\n      this.options.tokenStorage.clear();\n      throw error;\n    }\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * In-memory storage fallback for environments without localStorage.\n */\nexport class InMemoryStorage implements Storage {\n  private store: Map<string, string> = new Map();\n\n  get length(): number {\n    return this.store.size;\n  }\n\n  clear(): void {\n    this.store.clear();\n  }\n\n  getItem(key: string): string | null {\n    const value = this.store.get(key);\n    return value !== undefined ? value : null;\n  }\n\n  key(index: number): string | null {\n    const keys = Array.from(this.store.keys());\n    return keys[index] || null;\n  }\n\n  removeItem(key: string): void {\n    if (this.store.has(key)) {\n      this.store.delete(key);\n    }\n  }\n\n  setItem(key: string, value: string): void {\n    this.store.set(key, value);\n  }\n}\n\nexport function getStorage(): Storage {\n  if (typeof window !== 'undefined' && window.localStorage) {\n    return window.localStorage;\n  } else {\n    // Use in-memory storage as fallback\n    return new InMemoryStorage();\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getStorage } from './inMemoryStorage';\nimport { idGenerator } from './idGenerator';\n\nexport const DEFAULT_COSEC_DEVICE_ID_KEY = 'cosec-device-id';\n\n/**\n * Storage class for managing device identifiers.\n */\nexport class DeviceIdStorage {\n  private readonly deviceIdKey: string;\n  private storage: Storage;\n\n  constructor(\n    deviceIdKey: string = DEFAULT_COSEC_DEVICE_ID_KEY,\n    storage: Storage = getStorage(),\n  ) {\n    this.deviceIdKey = deviceIdKey;\n    this.storage = storage;\n  }\n\n  /**\n   * Get the current device ID.\n   *\n   * @returns The current device ID or null if not set\n   */\n  get(): string | null {\n    return this.storage.getItem(this.deviceIdKey);\n  }\n\n  /**\n   * Set a device ID.\n   *\n   * @param deviceId - The device ID to set\n   */\n  set(deviceId: string): void {\n    this.storage.setItem(this.deviceIdKey, deviceId);\n  }\n\n  /**\n   * Generate a new device ID.\n   *\n   * @returns A newly generated device ID\n   */\n  generateDeviceId(): string {\n    return idGenerator.generateId();\n  }\n\n  /**\n   * Get or create a device ID.\n   *\n   * @returns The existing device ID if available, otherwise a newly generated one\n   */\n  getOrCreate(): string {\n    // Try to get existing device ID from storage\n    let deviceId = this.get();\n    if (!deviceId) {\n      // Generate a new device ID and store it\n      deviceId = this.generateDeviceId();\n      this.set(deviceId);\n    }\n\n    return deviceId;\n  }\n\n  /**\n   * Clear the stored device ID.\n   */\n  clear(): void {\n    this.storage.removeItem(this.deviceIdKey);\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n/**\n * Interface representing a JWT payload as defined in RFC 7519.\n * Contains standard JWT claims as well as custom properties.\n */\nexport interface JwtPayload {\n  /**\n   * JWT ID - provides a unique identifier for the JWT.\n   */\n  jti?: string;\n  /**\n   * Subject - identifies the principal that is the subject of the JWT.\n   */\n  sub?: string;\n  /**\n   * Issuer - identifies the principal that issued the JWT.\n   */\n  iss?: string;\n  /**\n   * Audience - identifies the recipients that the JWT is intended for.\n   * Can be a single string or an array of strings.\n   */\n  aud?: string | string[];\n  /**\n   * Expiration Time - identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  exp?: number;\n  /**\n   * Not Before - identifies the time before which the JWT MUST NOT be accepted for processing.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  nbf?: number;\n  /**\n   * Issued At - identifies the time at which the JWT was issued.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  iat?: number;\n\n  /**\n   * Allows additional custom properties to be included in the payload.\n   */\n  [key: string]: any;\n}\n\n/**\n * Interface representing a JWT payload with CoSec-specific extensions.\n * Extends the standard JwtPayload interface with additional CoSec-specific properties.\n */\nexport interface CoSecJwtPayload extends JwtPayload {\n  /**\n   * Tenant identifier - identifies the tenant scope for the JWT.\n   */\n  tenantId?: string;\n  /**\n   * Policies - array of policy identifiers associated with the JWT.\n   * These are security policies defined internally by Cosec.\n   */\n  policies?: string[];\n  /**\n   * Roles - array of role identifiers associated with the JWT.\n   * Role IDs indicate what roles the token belongs to.\n   */\n  roles?: string[];\n  /**\n   * Attributes - custom key-value pairs providing additional information about the JWT.\n   */\n  attributes?: Record<string, any>;\n}\n\n/**\n * Parses a JWT token and extracts its payload.\n *\n * This function decodes the payload part of a JWT token, handling Base64URL decoding\n * and JSON parsing. It validates the token structure and returns null for invalid tokens.\n *\n * @param token - The JWT token string to parse\n * @returns The parsed JWT payload or null if parsing fails\n */\nexport function parseJwtPayload<T extends JwtPayload>(token: string): T | null {\n  try {\n    const parts = token.split('.');\n    if (parts.length !== 3) {\n      return null;\n    }\n\n    const base64Url = parts[1];\n    const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');\n\n    // Add padding if needed\n    const paddedBase64 = base64.padEnd(\n      base64.length + ((4 - (base64.length % 4)) % 4),\n      '=',\n    );\n\n    const jsonPayload = decodeURIComponent(\n      atob(paddedBase64)\n        .split('')\n        .map(function(c) {\n          return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);\n        })\n        .join(''),\n    );\n    return JSON.parse(jsonPayload) as T;\n  } catch (error) {\n    // Avoid exposing sensitive information in error logs\n    console.error('Failed to parse JWT token', error);\n    return null;\n  }\n}\n\n/**\n * Checks if a JWT token is expired based on its expiration time (exp claim).\n *\n * This function determines if a JWT token has expired by comparing its exp claim\n * with the current time. If the token is a string, it will be parsed first.\n * Tokens without an exp claim are considered not expired.\n *\n * The early period parameter allows for early token expiration, which is useful\n * for triggering token refresh before the token actually expires. This helps\n * avoid race conditions where a token expires between the time it is checked and\n * the time it is used.\n *\n * @param token - The JWT token to check, either as a string or as a JwtPayload object\n * @param earlyPeriod - The time in seconds before actual expiration when the token should be considered expired (default: 0)\n * @returns true if the token is expired (or will expire within the early period) or cannot be parsed, false otherwise\n */\nexport function isTokenExpired(\n  token: string | CoSecJwtPayload,\n  earlyPeriod: number = 0,\n): boolean {\n  const payload = typeof token === 'string' ? parseJwtPayload(token) : token;\n  if (!payload) {\n    return true;\n  }\n\n  const expAt = payload.exp;\n  if (!expAt) {\n    return false;\n  }\n\n  const now = Date.now() / 1000;\n  return now > expAt - earlyPeriod;\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getStorage } from './inMemoryStorage';\nimport { CompositeToken } from './tokenRefresher';\n\nexport const DEFAULT_COSEC_TOKEN_KEY = 'cosec-token';\n\n/**\n * Storage class for managing access and refresh tokens.\n */\nexport class TokenStorage {\n  private readonly tokenKey: string;\n  private storage: Storage;\n\n  constructor(\n    tokenKey: string = DEFAULT_COSEC_TOKEN_KEY,\n    storage: Storage = getStorage(),\n  ) {\n    this.tokenKey = tokenKey;\n    this.storage = storage;\n  }\n\n  /**\n   * Get the current access token.\n   *\n   * @returns The current composite token or null if not set\n   */\n  get(): CompositeToken | null {\n    const tokenStr = this.storage.getItem(this.tokenKey);\n    if (!tokenStr) {\n      return null;\n    }\n\n    try {\n      return JSON.parse(tokenStr);\n    } catch (error) {\n      console.warn('Failed to get token from storage:', error);\n      this.clear();\n      return null;\n    }\n  }\n\n  /**\n   * Store a composite token.\n   *\n   * @param token - The composite token to store\n   */\n  set(token: CompositeToken): void {\n    const tokenStr = JSON.stringify(token);\n    this.storage.setItem(this.tokenKey, tokenStr);\n  }\n\n  /**\n   * Clear all tokens.\n   */\n  clear(): void {\n    this.storage.removeItem(this.tokenKey);\n  }\n}\n"],"names":["_CoSecHeaders","CoSecHeaders","_ResponseCodes","ResponseCodes","AuthorizeResults","NanoIdGenerator","nanoid","idGenerator","COSEC_REQUEST_INTERCEPTOR_NAME","COSEC_REQUEST_INTERCEPTOR_ORDER","REQUEST_BODY_INTERCEPTOR_ORDER","CoSecRequestInterceptor","options","exchange","requestId","deviceId","token","requestHeaders","COSEC_RESPONSE_INTERCEPTOR_NAME","COSEC_RESPONSE_INTERCEPTOR_ORDER","CoSecResponseInterceptor","response","currentToken","newToken","error","InMemoryStorage","key","value","index","getStorage","DEFAULT_COSEC_DEVICE_ID_KEY","DeviceIdStorage","deviceIdKey","storage","parseJwtPayload","parts","base64","paddedBase64","jsonPayload","c","isTokenExpired","earlyPeriod","payload","expAt","DEFAULT_COSEC_TOKEN_KEY","TokenStorage","tokenKey","tokenStr"],"mappings":";;AAoBO,MAAMA,IAAN,MAAMA,EAAa;AAK1B;AAJEA,EAAgB,YAAY,mBAC5BA,EAAgB,SAAS,gBACzBA,EAAgB,gBAAgB,iBAChCA,EAAgB,aAAa;AAJxB,IAAMC,IAAND;AAOA,MAAME,IAAN,MAAMA,EAAc;AAE3B;AADEA,EAAgB,eAAe;AAD1B,IAAMC,IAAND;AA0CA,MAAME,IAAmB;AAAA,EAC9B,OAAO,EAAE,YAAY,IAAM,QAAQ,QAAA;AAAA,EACnC,eAAe,EAAE,YAAY,IAAO,QAAQ,gBAAA;AAAA,EAC5C,eAAe,EAAE,YAAY,IAAO,QAAQ,gBAAA;AAAA,EAC5C,eAAe,EAAE,YAAY,IAAO,QAAQ,gBAAA;AAAA,EAC5C,mBAAmB,EAAE,YAAY,IAAO,QAAQ,oBAAA;AAClD;ACpDO,MAAMC,EAAuC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMlD,aAAqB;AACnB,WAAOC,EAAA;AAAA,EACT;AACF;AAEO,MAAMC,IAAc,IAAIF,EAAA,GCVlBG,IAAiC,2BAMjCC,IACXC,IAAiC;AAmB5B,MAAMC,EAAsD;AAAA,EAKjE,YAAYC,GAAuB;AAJnC,SAAS,OAAOJ,GAChB,KAAS,QAAQC,GAIf,KAAK,UAAUG;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsBA,UAAUC,GAAyB;AACjC,UAAMC,IAAYP,EAAY,WAAA,GACxBQ,IAAW,KAAK,QAAQ,gBAAgB,YAAA,GACxCC,IAAQ,KAAK,QAAQ,aAAa,IAAA,GAClCC,IAAiBJ,EAAS,qBAAA;AAChC,IAAAI,EAAehB,EAAa,MAAM,IAAI,KAAK,QAAQ,OACnDgB,EAAehB,EAAa,SAAS,IAAIc,GACzCE,EAAehB,EAAa,UAAU,IAAIa,GACtCE,KAAS,CAACC,EAAehB,EAAa,aAAa,MACrDgB,EAAehB,EAAa,aAAa,IAAI,UAAUe,EAAM,WAAW;AAAA,EAE5E;AACF;ACxEO,MAAME,IAAkC,4BAMlCC,IAAmC,OAAO,mBAAmB;AAYnE,MAAMC,EAAwD;AAAA;AAAA;AAAA;AAAA;AAAA,EASnE,YAAYR,GAAuB;AARnC,SAAS,OAAOM,GAChB,KAAS,QAAQC,GAQf,KAAK,UAAUP;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,UAAUC,GAAwC;AACtD,UAAMQ,IAAWR,EAAS;AAO1B,QALI,CAACQ,KAKDA,EAAS,WAAWlB,EAAc;AACpC;AAIF,UAAMmB,IAAe,KAAK,QAAQ,aAAa,IAAA;AAE/C,QAAKA;AAIL,UAAI;AAEF,cAAMC,IAAW,MAAM,KAAK,QAAQ,eAAe,QAAQD,CAAY;AAEvE,aAAK,QAAQ,aAAa,IAAIC,CAAQ,GAEtC,MAAMV,EAAS,QAAQ,QAAQA,EAAS,OAAO;AAAA,MACjD,SAASW,GAAO;AAEd,mBAAK,QAAQ,aAAa,MAAA,GACpBA;AAAA,MACR;AAAA,EACF;AACF;ACtEO,MAAMC,EAAmC;AAAA,EAAzC,cAAA;AACL,SAAQ,4BAAiC,IAAA;AAAA,EAAI;AAAA,EAE7C,IAAI,SAAiB;AACnB,WAAO,KAAK,MAAM;AAAA,EACpB;AAAA,EAEA,QAAc;AACZ,SAAK,MAAM,MAAA;AAAA,EACb;AAAA,EAEA,QAAQC,GAA4B;AAClC,UAAMC,IAAQ,KAAK,MAAM,IAAID,CAAG;AAChC,WAAOC,MAAU,SAAYA,IAAQ;AAAA,EACvC;AAAA,EAEA,IAAIC,GAA8B;AAEhC,WADa,MAAM,KAAK,KAAK,MAAM,MAAM,EAC7BA,CAAK,KAAK;AAAA,EACxB;AAAA,EAEA,WAAWF,GAAmB;AAC5B,IAAI,KAAK,MAAM,IAAIA,CAAG,KACpB,KAAK,MAAM,OAAOA,CAAG;AAAA,EAEzB;AAAA,EAEA,QAAQA,GAAaC,GAAqB;AACxC,SAAK,MAAM,IAAID,GAAKC,CAAK;AAAA,EAC3B;AACF;AAEO,SAASE,IAAsB;AACpC,SAAI,OAAO,SAAW,OAAe,OAAO,eACnC,OAAO,eAGP,IAAIJ,EAAA;AAEf;ACvCO,MAAMK,IAA8B;AAKpC,MAAMC,EAAgB;AAAA,EAI3B,YACEC,IAAsBF,GACtBG,IAAmBJ,KACnB;AACA,SAAK,cAAcG,GACnB,KAAK,UAAUC;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAqB;AACnB,WAAO,KAAK,QAAQ,QAAQ,KAAK,WAAW;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAIlB,GAAwB;AAC1B,SAAK,QAAQ,QAAQ,KAAK,aAAaA,CAAQ;AAAA,EACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,mBAA2B;AACzB,WAAOR,EAAY,WAAA;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,cAAsB;AAEpB,QAAIQ,IAAW,KAAK,IAAA;AACpB,WAAKA,MAEHA,IAAW,KAAK,iBAAA,GAChB,KAAK,IAAIA,CAAQ,IAGZA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,QAAc;AACZ,SAAK,QAAQ,WAAW,KAAK,WAAW;AAAA,EAC1C;AACF;ACOO,SAASmB,EAAsClB,GAAyB;AAC7E,MAAI;AACF,UAAMmB,IAAQnB,EAAM,MAAM,GAAG;AAC7B,QAAImB,EAAM,WAAW;AACnB,aAAO;AAIT,UAAMC,IADYD,EAAM,CAAC,EACA,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG,GAGvDE,IAAeD,EAAO;AAAA,MAC1BA,EAAO,UAAW,IAAKA,EAAO,SAAS,KAAM;AAAA,MAC7C;AAAA,IAAA,GAGIE,IAAc;AAAA,MAClB,KAAKD,CAAY,EACd,MAAM,EAAE,EACR,IAAI,SAASE,GAAG;AACf,eAAO,OAAO,OAAOA,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE;AAAA,MAC7D,CAAC,EACA,KAAK,EAAE;AAAA,IAAA;AAEZ,WAAO,KAAK,MAAMD,CAAW;AAAA,EAC/B,SAASd,GAAO;AAEd,mBAAQ,MAAM,6BAA6BA,CAAK,GACzC;AAAA,EACT;AACF;AAkBO,SAASgB,EACdxB,GACAyB,IAAsB,GACb;AACT,QAAMC,IAAU,OAAO1B,KAAU,WAAWkB,EAAgBlB,CAAK,IAAIA;AACrE,MAAI,CAAC0B;AACH,WAAO;AAGT,QAAMC,IAAQD,EAAQ;AACtB,SAAKC,IAIO,KAAK,IAAA,IAAQ,MACZA,IAAQF,IAJZ;AAKX;AC1IO,MAAMG,IAA0B;AAKhC,MAAMC,EAAa;AAAA,EAIxB,YACEC,IAAmBF,GACnBX,IAAmBJ,KACnB;AACA,SAAK,WAAWiB,GAChB,KAAK,UAAUb;AAAA,EACjB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAA6B;AAC3B,UAAMc,IAAW,KAAK,QAAQ,QAAQ,KAAK,QAAQ;AACnD,QAAI,CAACA;AACH,aAAO;AAGT,QAAI;AACF,aAAO,KAAK,MAAMA,CAAQ;AAAA,IAC5B,SAASvB,GAAO;AACd,qBAAQ,KAAK,qCAAqCA,CAAK,GACvD,KAAK,MAAA,GACE;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,IAAIR,GAA6B;AAC/B,UAAM+B,IAAW,KAAK,UAAU/B,CAAK;AACrC,SAAK,QAAQ,QAAQ,KAAK,UAAU+B,CAAQ;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,QAAc;AACZ,SAAK,QAAQ,WAAW,KAAK,QAAQ;AAAA,EACvC;AACF;"}

package/dist/index.umd.js

@@ -1,2 +1,2 @@
-(function(t,E){typeof exports=="object"&&typeof module<"u"?E(exports,require("@ahoo-wang/fetcher"),require("nanoid")):typeof define=="function"&&define.amd?define(["exports","@ahoo-wang/fetcher","nanoid"],E):(t=typeof globalThis<"u"?globalThis:t||self,E(t.FetcherCoSec={},t.Fetcher,t.nanoid))})(this,(function(t,E,D){"use strict";const a=class a{};a.DEVICE_ID="CoSec-Device-Id",a.APP_ID="CoSec-App-Id",a.AUTHORIZATION="Authorization",a.REQUEST_ID="CoSec-Request-Id";let i=a;const l=class l{};l.UNAUTHORIZED=401;let u=l;const N={ALLOW:{authorized:!0,reason:"Allow"},EXPLICIT_DENY:{authorized:!1,reason:"Explicit Deny"},IMPLICIT_DENY:{authorized:!1,reason:"Implicit Deny"},TOKEN_EXPIRED:{authorized:!1,reason:"Token Expired"},TOO_MANY_REQUESTS:{authorized:!1,reason:"Too Many Requests"}};class S{generateId(){return D.nanoid()}}const h=new S,R="CoSecRequestInterceptor",T=E.REQUEST_BODY_INTERCEPTOR_ORDER+1e3;class y{constructor(e){this.name=R,this.order=T,this.options=e}intercept(e){const r=h.generateId(),s=this.options.deviceIdStorage.getOrCreate(),n=this.options.tokenStorage.get(),d={...e.request,headers:{...e.request.headers}},c=d.headers;c[i.APP_ID]=this.options.appId,c[i.DEVICE_ID]=s,c[i.REQUEST_ID]=r,n&&(c[i.AUTHORIZATION]=`Bearer ${n.accessToken}`),e.request=d}}const g="CoSecResponseInterceptor",_=Number.MIN_SAFE_INTEGER+1e3;class A{constructor(e){this.name=g,this.order=_,this.options=e}async intercept(e){const r=e.response;if(!r||r.status!==u.UNAUTHORIZED)return;const s=this.options.tokenStorage.get();if(s)try{const n=await this.options.tokenRefresher.refresh(s);this.options.tokenStorage.set(n),await e.fetcher.request(e.request)}catch(n){throw this.options.tokenStorage.clear(),n}}}class O{constructor(){this.store=new Map}get length(){return this.store.size}clear(){this.store.clear()}getItem(e){const r=this.store.get(e);return r!==void 0?r:null}key(e){return Array.from(this.store.keys())[e]||null}removeItem(e){this.store.has(e)&&this.store.delete(e)}setItem(e,r){this.store.set(e,r)}}function I(){return typeof window<"u"&&window.localStorage?window.localStorage:new O}const C="cosec-device-id";class m{constructor(e=C,r=I()){this.deviceIdKey=e,this.storage=r}get(){return this.storage.getItem(this.deviceIdKey)}set(e){this.storage.setItem(this.deviceIdKey,e)}generateDeviceId(){return h.generateId()}getOrCreate(){let e=this.get();return e||(e=this.generateDeviceId(),this.set(e)),e}clear(){this.storage.removeItem(this.deviceIdKey)}}function f(o){try{const e=o.split(".");if(e.length!==3)return null;const s=e[1].replace(/-/g,"+").replace(/_/g,"/"),n=s.padEnd(s.length+(4-s.length%4)%4,"="),d=decodeURIComponent(atob(n).split("").map(function(c){return"%"+("00"+c.charCodeAt(0).toString(16)).slice(-2)}).join(""));return JSON.parse(d)}catch(e){return console.error("Failed to parse JWT token",e),null}}function k(o,e=0){const r=typeof o=="string"?f(o):o;if(!r)return!0;const s=r.exp;return s?Date.now()/1e3>s-e:!1}const p="cosec-token";class P{constructor(e=p,r=I()){this.tokenKey=e,this.storage=r}get(){const e=this.storage.getItem(this.tokenKey);if(!e)return null;try{return JSON.parse(e)}catch(r){return console.warn("Failed to get token from storage:",r),this.clear(),null}}set(e){const r=JSON.stringify(e);this.storage.setItem(this.tokenKey,r)}clear(){this.storage.removeItem(this.tokenKey)}}t.AuthorizeResults=N,t.COSEC_REQUEST_INTERCEPTOR_NAME=R,t.COSEC_REQUEST_INTERCEPTOR_ORDER=T,t.COSEC_RESPONSE_INTERCEPTOR_NAME=g,t.COSEC_RESPONSE_INTERCEPTOR_ORDER=_,t.CoSecHeaders=i,t.CoSecRequestInterceptor=y,t.CoSecResponseInterceptor=A,t.DEFAULT_COSEC_DEVICE_ID_KEY=C,t.DEFAULT_COSEC_TOKEN_KEY=p,t.DeviceIdStorage=m,t.InMemoryStorage=O,t.NanoIdGenerator=S,t.ResponseCodes=u,t.TokenStorage=P,t.getStorage=I,t.idGenerator=h,t.isTokenExpired=k,t.parseJwtPayload=f,Object.defineProperty(t,Symbol.toStringTag,{value:"Module"})}));
+(function(t,E){typeof exports=="object"&&typeof module<"u"?E(exports,require("@ahoo-wang/fetcher"),require("nanoid")):typeof define=="function"&&define.amd?define(["exports","@ahoo-wang/fetcher","nanoid"],E):(t=typeof globalThis<"u"?globalThis:t||self,E(t.FetcherCoSec={},t.Fetcher,t.nanoid))})(this,(function(t,E,p){"use strict";const c=class c{};c.DEVICE_ID="CoSec-Device-Id",c.APP_ID="CoSec-App-Id",c.AUTHORIZATION="Authorization",c.REQUEST_ID="CoSec-Request-Id";let i=c;const h=class h{};h.UNAUTHORIZED=401;let I=h;const N={ALLOW:{authorized:!0,reason:"Allow"},EXPLICIT_DENY:{authorized:!1,reason:"Explicit Deny"},IMPLICIT_DENY:{authorized:!1,reason:"Implicit Deny"},TOKEN_EXPIRED:{authorized:!1,reason:"Token Expired"},TOO_MANY_REQUESTS:{authorized:!1,reason:"Too Many Requests"}};class l{generateId(){return p.nanoid()}}const u=new l,R="CoSecRequestInterceptor",S=E.REQUEST_BODY_INTERCEPTOR_ORDER+1e3;class D{constructor(e){this.name=R,this.order=S,this.options=e}intercept(e){const o=u.generateId(),s=this.options.deviceIdStorage.getOrCreate(),n=this.options.tokenStorage.get(),a=e.ensureRequestHeaders();a[i.APP_ID]=this.options.appId,a[i.DEVICE_ID]=s,a[i.REQUEST_ID]=o,n&&!a[i.AUTHORIZATION]&&(a[i.AUTHORIZATION]=`Bearer ${n.accessToken}`)}}const T="CoSecResponseInterceptor",g=Number.MIN_SAFE_INTEGER+1e3;class y{constructor(e){this.name=T,this.order=g,this.options=e}async intercept(e){const o=e.response;if(!o||o.status!==I.UNAUTHORIZED)return;const s=this.options.tokenStorage.get();if(s)try{const n=await this.options.tokenRefresher.refresh(s);this.options.tokenStorage.set(n),await e.fetcher.request(e.request)}catch(n){throw this.options.tokenStorage.clear(),n}}}class O{constructor(){this.store=new Map}get length(){return this.store.size}clear(){this.store.clear()}getItem(e){const o=this.store.get(e);return o!==void 0?o:null}key(e){return Array.from(this.store.keys())[e]||null}removeItem(e){this.store.has(e)&&this.store.delete(e)}setItem(e,o){this.store.set(e,o)}}function d(){return typeof window<"u"&&window.localStorage?window.localStorage:new O}const _="cosec-device-id";class A{constructor(e=_,o=d()){this.deviceIdKey=e,this.storage=o}get(){return this.storage.getItem(this.deviceIdKey)}set(e){this.storage.setItem(this.deviceIdKey,e)}generateDeviceId(){return u.generateId()}getOrCreate(){let e=this.get();return e||(e=this.generateDeviceId(),this.set(e)),e}clear(){this.storage.removeItem(this.deviceIdKey)}}function C(r){try{const e=r.split(".");if(e.length!==3)return null;const s=e[1].replace(/-/g,"+").replace(/_/g,"/"),n=s.padEnd(s.length+(4-s.length%4)%4,"="),a=decodeURIComponent(atob(n).split("").map(function(P){return"%"+("00"+P.charCodeAt(0).toString(16)).slice(-2)}).join(""));return JSON.parse(a)}catch(e){return console.error("Failed to parse JWT token",e),null}}function m(r,e=0){const o=typeof r=="string"?C(r):r;if(!o)return!0;const s=o.exp;return s?Date.now()/1e3>s-e:!1}const f="cosec-token";class k{constructor(e=f,o=d()){this.tokenKey=e,this.storage=o}get(){const e=this.storage.getItem(this.tokenKey);if(!e)return null;try{return JSON.parse(e)}catch(o){return console.warn("Failed to get token from storage:",o),this.clear(),null}}set(e){const o=JSON.stringify(e);this.storage.setItem(this.tokenKey,o)}clear(){this.storage.removeItem(this.tokenKey)}}t.AuthorizeResults=N,t.COSEC_REQUEST_INTERCEPTOR_NAME=R,t.COSEC_REQUEST_INTERCEPTOR_ORDER=S,t.COSEC_RESPONSE_INTERCEPTOR_NAME=T,t.COSEC_RESPONSE_INTERCEPTOR_ORDER=g,t.CoSecHeaders=i,t.CoSecRequestInterceptor=D,t.CoSecResponseInterceptor=y,t.DEFAULT_COSEC_DEVICE_ID_KEY=_,t.DEFAULT_COSEC_TOKEN_KEY=f,t.DeviceIdStorage=A,t.InMemoryStorage=O,t.NanoIdGenerator=l,t.ResponseCodes=I,t.TokenStorage=k,t.getStorage=d,t.idGenerator=u,t.isTokenExpired=m,t.parseJwtPayload=C,Object.defineProperty(t,Symbol.toStringTag,{value:"Module"})}));
 //# sourceMappingURL=index.umd.js.map

package/dist/index.umd.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.umd.js","sources":["../src/types.ts","../src/idGenerator.ts","../src/cosecRequestInterceptor.ts","../src/cosecResponseInterceptor.ts","../src/inMemoryStorage.ts","../src/deviceIdStorage.ts","../src/jwts.ts","../src/tokenStorage.ts"],"sourcesContent":["/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { DeviceIdStorage } from './deviceIdStorage';\nimport { TokenStorage } from './tokenStorage';\nimport { TokenRefresher } from './tokenRefresher';\n\n/**\n * CoSec HTTP headers enumeration.\n */\nexport class CoSecHeaders {\n  static readonly DEVICE_ID = 'CoSec-Device-Id';\n  static readonly APP_ID = 'CoSec-App-Id';\n  static readonly AUTHORIZATION = 'Authorization';\n  static readonly REQUEST_ID = 'CoSec-Request-Id';\n}\n\nexport class ResponseCodes {\n  static readonly UNAUTHORIZED = 401;\n}\n\n/**\n * CoSec options interface.\n */\nexport interface CoSecOptions {\n  /**\n   * Application ID to be sent in the CoSec-App-Id header.\n   */\n  appId: string;\n\n  /**\n   * Device ID storage instance.\n   */\n  deviceIdStorage: DeviceIdStorage;\n\n  /**\n   * Token storage instance.\n   */\n  tokenStorage: TokenStorage;\n\n  /**\n   * Token refresher function.\n   *\n   * Takes a CompositeToken and returns a Promise that resolves to a new CompositeToken.\n   */\n  tokenRefresher: TokenRefresher;\n}\n\n/**\n * Authorization result interface.\n */\nexport interface AuthorizeResult {\n  authorized: boolean;\n  reason: string;\n}\n\n/**\n * Authorization result constants.\n */\nexport const AuthorizeResults = {\n  ALLOW: { authorized: true, reason: 'Allow' },\n  EXPLICIT_DENY: { authorized: false, reason: 'Explicit Deny' },\n  IMPLICIT_DENY: { authorized: false, reason: 'Implicit Deny' },\n  TOKEN_EXPIRED: { authorized: false, reason: 'Token Expired' },\n  TOO_MANY_REQUESTS: { authorized: false, reason: 'Too Many Requests' },\n};\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { nanoid } from 'nanoid';\n\nexport interface IdGenerator {\n  generateId(): string;\n}\n\n/**\n * Nano ID implementation of IdGenerator.\n * Generates unique request IDs using Nano ID.\n */\nexport class NanoIdGenerator implements IdGenerator {\n  /**\n   * Generate a unique request ID.\n   *\n   * @returns A unique request ID\n   */\n  generateId(): string {\n    return nanoid();\n  }\n}\n\nexport const idGenerator = new NanoIdGenerator();\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  FetchExchange,\n  FetchRequest,\n  REQUEST_BODY_INTERCEPTOR_ORDER,\n  RequestInterceptor,\n} from '@ahoo-wang/fetcher';\nimport { CoSecHeaders, CoSecOptions } from './types';\nimport { idGenerator } from './idGenerator';\n\n/**\n * The name of the CoSecRequestInterceptor.\n */\nexport const COSEC_REQUEST_INTERCEPTOR_NAME = 'CoSecRequestInterceptor';\n\n/**\n * The order of the CoSecRequestInterceptor.\n * Set to REQUEST_BODY_INTERCEPTOR_ORDER + 1000 to ensure it runs after RequestBodyInterceptor.\n */\nexport const COSEC_REQUEST_INTERCEPTOR_ORDER =\n  REQUEST_BODY_INTERCEPTOR_ORDER + 1000;\n\n/**\n * Interceptor that automatically adds CoSec authentication headers to requests.\n *\n * This interceptor adds the following headers to each request:\n * - CoSec-Device-Id: Device identifier (stored in localStorage or generated)\n * - CoSec-App-Id: Application identifier\n * - Authorization: Bearer token\n * - CoSec-Request-Id: Unique request identifier for each request\n *\n * @remarks\n * This interceptor runs after RequestBodyInterceptor but before FetchInterceptor.\n * The order is set to COSEC_REQUEST_INTERCEPTOR_ORDER to ensure it runs after\n * request body processing but before the actual HTTP request is made. This positioning\n * allows for proper authentication header addition after all request body transformations\n * are complete, ensuring that the final request is properly authenticated before\n * being sent over the network.\n */\nexport class CoSecRequestInterceptor implements RequestInterceptor {\n  readonly name = COSEC_REQUEST_INTERCEPTOR_NAME;\n  readonly order = COSEC_REQUEST_INTERCEPTOR_ORDER;\n  private options: CoSecOptions;\n\n  constructor(options: CoSecOptions) {\n    this.options = options;\n  }\n\n  /**\n   * Intercept requests to add CoSec authentication headers.\n   *\n   * This method adds the following headers to each request:\n   * - CoSec-App-Id: The application identifier from the CoSec options\n   * - CoSec-Device-Id: A unique device identifier, either retrieved from storage or generated\n   * - CoSec-Request-Id: A unique identifier for this specific request\n   * - Authorization: Bearer token if available in token storage\n   *\n   * @param exchange - The fetch exchange containing the request to process\n   *\n   * @remarks\n   * This method runs after RequestBodyInterceptor but before FetchInterceptor.\n   * It ensures that authentication headers are added to the request after all\n   * body processing is complete. The positioning allows for proper authentication\n   * header addition after all request body transformations are finished, ensuring\n   * that the final request is properly authenticated before being sent over the network.\n   * This execution order prevents authentication headers from being overwritten by\n   * subsequent request processing interceptors.\n   */\n  intercept(exchange: FetchExchange) {\n    const requestId = idGenerator.generateId();\n    const deviceId = this.options.deviceIdStorage.getOrCreate();\n    const token = this.options.tokenStorage.get();\n\n    // Clone the request to avoid modifying the original\n    const newRequest: FetchRequest = {\n      ...exchange.request,\n      headers: {\n        ...exchange.request.headers,\n      },\n    };\n\n    const requestHeaders = newRequest.headers as Record<string, string>;\n    requestHeaders[CoSecHeaders.APP_ID] = this.options.appId;\n    requestHeaders[CoSecHeaders.DEVICE_ID] = deviceId;\n    requestHeaders[CoSecHeaders.REQUEST_ID] = requestId;\n    if (token) {\n      requestHeaders[CoSecHeaders.AUTHORIZATION] =\n        `Bearer ${token.accessToken}`;\n    }\n    exchange.request = newRequest;\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CoSecOptions, ResponseCodes } from './types';\nimport { FetchExchange, ResponseInterceptor } from '@ahoo-wang/fetcher';\n\n/**\n * The name of the CoSecResponseInterceptor.\n */\nexport const COSEC_RESPONSE_INTERCEPTOR_NAME = 'CoSecResponseInterceptor';\n\n/**\n * The order of the CoSecResponseInterceptor.\n * Set to a high negative value to ensure it runs early in the interceptor chain.\n */\nexport const COSEC_RESPONSE_INTERCEPTOR_ORDER = Number.MIN_SAFE_INTEGER + 1000;\n\n/**\n * CoSecResponseInterceptor is responsible for handling unauthorized responses (401)\n * by attempting to refresh the authentication token and retrying the original request.\n *\n * This interceptor:\n * 1. Checks if the response status is 401 (UNAUTHORIZED)\n * 2. If so, and if there's a current token, attempts to refresh it\n * 3. On successful refresh, stores the new token and retries the original request\n * 4. On refresh failure, clears stored tokens and propagates the error\n */\nexport class CoSecResponseInterceptor implements ResponseInterceptor {\n  readonly name = COSEC_RESPONSE_INTERCEPTOR_NAME;\n  readonly order = COSEC_RESPONSE_INTERCEPTOR_ORDER;\n  private options: CoSecOptions;\n\n  /**\n   * Creates a new CoSecResponseInterceptor instance.\n   * @param options - The CoSec configuration options including token storage and refresher\n   */\n  constructor(options: CoSecOptions) {\n    this.options = options;\n  }\n\n  /**\n   * Intercepts the response and handles unauthorized responses by refreshing tokens.\n   * @param exchange - The fetch exchange containing request and response information\n   */\n  async intercept(exchange: FetchExchange): Promise<void> {\n    const response = exchange.response;\n    // If there's no response, nothing to intercept\n    if (!response) {\n      return;\n    }\n\n    // Only handle unauthorized responses (401)\n    if (response.status !== ResponseCodes.UNAUTHORIZED) {\n      return;\n    }\n\n    // Get the current token from storage\n    const currentToken = this.options.tokenStorage.get();\n    // If there's no current token, we can't refresh it\n    if (!currentToken) {\n      return;\n    }\n\n    try {\n      // Attempt to refresh the token\n      const newToken = await this.options.tokenRefresher.refresh(currentToken);\n      // Store the refreshed token\n      this.options.tokenStorage.set(newToken);\n      // Retry the original request with the new token\n      await exchange.fetcher.request(exchange.request);\n    } catch (error) {\n      // If token refresh fails, clear stored tokens and re-throw the error\n      this.options.tokenStorage.clear();\n      throw error;\n    }\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * In-memory storage fallback for environments without localStorage.\n */\nexport class InMemoryStorage implements Storage {\n  private store: Map<string, string> = new Map();\n\n  get length(): number {\n    return this.store.size;\n  }\n\n  clear(): void {\n    this.store.clear();\n  }\n\n  getItem(key: string): string | null {\n    const value = this.store.get(key);\n    return value !== undefined ? value : null;\n  }\n\n  key(index: number): string | null {\n    const keys = Array.from(this.store.keys());\n    return keys[index] || null;\n  }\n\n  removeItem(key: string): void {\n    if (this.store.has(key)) {\n      this.store.delete(key);\n    }\n  }\n\n  setItem(key: string, value: string): void {\n    this.store.set(key, value);\n  }\n}\n\nexport function getStorage(): Storage {\n  if (typeof window !== 'undefined' && window.localStorage) {\n    return window.localStorage;\n  } else {\n    // Use in-memory storage as fallback\n    return new InMemoryStorage();\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getStorage } from './inMemoryStorage';\nimport { idGenerator } from './idGenerator';\n\nexport const DEFAULT_COSEC_DEVICE_ID_KEY = 'cosec-device-id';\n\n/**\n * Storage class for managing device identifiers.\n */\nexport class DeviceIdStorage {\n  private readonly deviceIdKey: string;\n  private storage: Storage;\n\n  constructor(\n    deviceIdKey: string = DEFAULT_COSEC_DEVICE_ID_KEY,\n    storage: Storage = getStorage(),\n  ) {\n    this.deviceIdKey = deviceIdKey;\n    this.storage = storage;\n  }\n\n  /**\n   * Get the current device ID.\n   *\n   * @returns The current device ID or null if not set\n   */\n  get(): string | null {\n    return this.storage.getItem(this.deviceIdKey);\n  }\n\n  /**\n   * Set a device ID.\n   *\n   * @param deviceId - The device ID to set\n   */\n  set(deviceId: string): void {\n    this.storage.setItem(this.deviceIdKey, deviceId);\n  }\n\n  /**\n   * Generate a new device ID.\n   *\n   * @returns A newly generated device ID\n   */\n  generateDeviceId(): string {\n    return idGenerator.generateId();\n  }\n\n  /**\n   * Get or create a device ID.\n   *\n   * @returns The existing device ID if available, otherwise a newly generated one\n   */\n  getOrCreate(): string {\n    // Try to get existing device ID from storage\n    let deviceId = this.get();\n    if (!deviceId) {\n      // Generate a new device ID and store it\n      deviceId = this.generateDeviceId();\n      this.set(deviceId);\n    }\n\n    return deviceId;\n  }\n\n  /**\n   * Clear the stored device ID.\n   */\n  clear(): void {\n    this.storage.removeItem(this.deviceIdKey);\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n/**\n * Interface representing a JWT payload as defined in RFC 7519.\n * Contains standard JWT claims as well as custom properties.\n */\nexport interface JwtPayload {\n  /**\n   * JWT ID - provides a unique identifier for the JWT.\n   */\n  jti?: string;\n  /**\n   * Subject - identifies the principal that is the subject of the JWT.\n   */\n  sub?: string;\n  /**\n   * Issuer - identifies the principal that issued the JWT.\n   */\n  iss?: string;\n  /**\n   * Audience - identifies the recipients that the JWT is intended for.\n   * Can be a single string or an array of strings.\n   */\n  aud?: string | string[];\n  /**\n   * Expiration Time - identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  exp?: number;\n  /**\n   * Not Before - identifies the time before which the JWT MUST NOT be accepted for processing.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  nbf?: number;\n  /**\n   * Issued At - identifies the time at which the JWT was issued.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  iat?: number;\n\n  /**\n   * Allows additional custom properties to be included in the payload.\n   */\n  [key: string]: any;\n}\n\n/**\n * Interface representing a JWT payload with CoSec-specific extensions.\n * Extends the standard JwtPayload interface with additional CoSec-specific properties.\n */\nexport interface CoSecJwtPayload extends JwtPayload {\n  /**\n   * Tenant identifier - identifies the tenant scope for the JWT.\n   */\n  tenantId?: string;\n  /**\n   * Policies - array of policy identifiers associated with the JWT.\n   * These are security policies defined internally by Cosec.\n   */\n  policies?: string[];\n  /**\n   * Roles - array of role identifiers associated with the JWT.\n   * Role IDs indicate what roles the token belongs to.\n   */\n  roles?: string[];\n  /**\n   * Attributes - custom key-value pairs providing additional information about the JWT.\n   */\n  attributes?: Record<string, any>;\n}\n\n/**\n * Parses a JWT token and extracts its payload.\n *\n * This function decodes the payload part of a JWT token, handling Base64URL decoding\n * and JSON parsing. It validates the token structure and returns null for invalid tokens.\n *\n * @param token - The JWT token string to parse\n * @returns The parsed JWT payload or null if parsing fails\n */\nexport function parseJwtPayload<T extends JwtPayload>(token: string): T | null {\n  try {\n    const parts = token.split('.');\n    if (parts.length !== 3) {\n      return null;\n    }\n\n    const base64Url = parts[1];\n    const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');\n\n    // Add padding if needed\n    const paddedBase64 = base64.padEnd(\n      base64.length + ((4 - (base64.length % 4)) % 4),\n      '=',\n    );\n\n    const jsonPayload = decodeURIComponent(\n      atob(paddedBase64)\n        .split('')\n        .map(function(c) {\n          return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);\n        })\n        .join(''),\n    );\n    return JSON.parse(jsonPayload) as T;\n  } catch (error) {\n    // Avoid exposing sensitive information in error logs\n    console.error('Failed to parse JWT token', error);\n    return null;\n  }\n}\n\n/**\n * Checks if a JWT token is expired based on its expiration time (exp claim).\n *\n * This function determines if a JWT token has expired by comparing its exp claim\n * with the current time. If the token is a string, it will be parsed first.\n * Tokens without an exp claim are considered not expired.\n *\n * The early period parameter allows for early token expiration, which is useful\n * for triggering token refresh before the token actually expires. This helps\n * avoid race conditions where a token expires between the time it is checked and\n * the time it is used.\n *\n * @param token - The JWT token to check, either as a string or as a JwtPayload object\n * @param earlyPeriod - The time in seconds before actual expiration when the token should be considered expired (default: 0)\n * @returns true if the token is expired (or will expire within the early period) or cannot be parsed, false otherwise\n */\nexport function isTokenExpired(\n  token: string | CoSecJwtPayload,\n  earlyPeriod: number = 0,\n): boolean {\n  const payload = typeof token === 'string' ? parseJwtPayload(token) : token;\n  if (!payload) {\n    return true;\n  }\n\n  const expAt = payload.exp;\n  if (!expAt) {\n    return false;\n  }\n\n  const now = Date.now() / 1000;\n  return now > expAt - earlyPeriod;\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getStorage } from './inMemoryStorage';\nimport { CompositeToken } from './tokenRefresher';\n\nexport const DEFAULT_COSEC_TOKEN_KEY = 'cosec-token';\n\n/**\n * Storage class for managing access and refresh tokens.\n */\nexport class TokenStorage {\n  private readonly tokenKey: string;\n  private storage: Storage;\n\n  constructor(\n    tokenKey: string = DEFAULT_COSEC_TOKEN_KEY,\n    storage: Storage = getStorage(),\n  ) {\n    this.tokenKey = tokenKey;\n    this.storage = storage;\n  }\n\n  /**\n   * Get the current access token.\n   *\n   * @returns The current composite token or null if not set\n   */\n  get(): CompositeToken | null {\n    const tokenStr = this.storage.getItem(this.tokenKey);\n    if (!tokenStr) {\n      return null;\n    }\n\n    try {\n      return JSON.parse(tokenStr);\n    } catch (error) {\n      console.warn('Failed to get token from storage:', error);\n      this.clear();\n      return null;\n    }\n  }\n\n  /**\n   * Store a composite token.\n   *\n   * @param token - The composite token to store\n   */\n  set(token: CompositeToken): void {\n    const tokenStr = JSON.stringify(token);\n    this.storage.setItem(this.tokenKey, tokenStr);\n  }\n\n  /**\n   * Clear all tokens.\n   */\n  clear(): void {\n    this.storage.removeItem(this.tokenKey);\n  }\n}\n"],"names":["_CoSecHeaders","CoSecHeaders","_ResponseCodes","ResponseCodes","AuthorizeResults","NanoIdGenerator","nanoid","idGenerator","COSEC_REQUEST_INTERCEPTOR_NAME","COSEC_REQUEST_INTERCEPTOR_ORDER","REQUEST_BODY_INTERCEPTOR_ORDER","CoSecRequestInterceptor","options","exchange","requestId","deviceId","token","newRequest","requestHeaders","COSEC_RESPONSE_INTERCEPTOR_NAME","COSEC_RESPONSE_INTERCEPTOR_ORDER","CoSecResponseInterceptor","response","currentToken","newToken","error","InMemoryStorage","key","value","index","getStorage","DEFAULT_COSEC_DEVICE_ID_KEY","DeviceIdStorage","deviceIdKey","storage","parseJwtPayload","parts","base64","paddedBase64","jsonPayload","isTokenExpired","earlyPeriod","payload","expAt","DEFAULT_COSEC_TOKEN_KEY","TokenStorage","tokenKey","tokenStr"],"mappings":"0UAoBO,MAAMA,EAAN,MAAMA,CAAa,CAK1B,EAJEA,EAAgB,UAAY,kBAC5BA,EAAgB,OAAS,eACzBA,EAAgB,cAAgB,gBAChCA,EAAgB,WAAa,mBAJxB,IAAMC,EAAND,EAOA,MAAME,EAAN,MAAMA,CAAc,CAE3B,EADEA,EAAgB,aAAe,IAD1B,IAAMC,EAAND,EA0CA,MAAME,EAAmB,CAC9B,MAAO,CAAE,WAAY,GAAM,OAAQ,OAAA,EACnC,cAAe,CAAE,WAAY,GAAO,OAAQ,eAAA,EAC5C,cAAe,CAAE,WAAY,GAAO,OAAQ,eAAA,EAC5C,cAAe,CAAE,WAAY,GAAO,OAAQ,eAAA,EAC5C,kBAAmB,CAAE,WAAY,GAAO,OAAQ,mBAAA,CAClD,ECpDO,MAAMC,CAAuC,CAMlD,YAAqB,CACnB,OAAOC,SAAA,CACT,CACF,CAEO,MAAMC,EAAc,IAAIF,ECTlBG,EAAiC,0BAMjCC,EACXC,EAAAA,+BAAiC,IAmB5B,MAAMC,CAAsD,CAKjE,YAAYC,EAAuB,CAJnC,KAAS,KAAOJ,EAChB,KAAS,MAAQC,EAIf,KAAK,QAAUG,CACjB,CAsBA,UAAUC,EAAyB,CACjC,MAAMC,EAAYP,EAAY,WAAA,EACxBQ,EAAW,KAAK,QAAQ,gBAAgB,YAAA,EACxCC,EAAQ,KAAK,QAAQ,aAAa,IAAA,EAGlCC,EAA2B,CAC/B,GAAGJ,EAAS,QACZ,QAAS,CACP,GAAGA,EAAS,QAAQ,OAAA,CACtB,EAGIK,EAAiBD,EAAW,QAClCC,EAAejB,EAAa,MAAM,EAAI,KAAK,QAAQ,MACnDiB,EAAejB,EAAa,SAAS,EAAIc,EACzCG,EAAejB,EAAa,UAAU,EAAIa,EACtCE,IACFE,EAAejB,EAAa,aAAa,EACvC,UAAUe,EAAM,WAAW,IAE/BH,EAAS,QAAUI,CACrB,CACF,CCpFO,MAAME,EAAkC,2BAMlCC,EAAmC,OAAO,iBAAmB,IAYnE,MAAMC,CAAwD,CASnE,YAAYT,EAAuB,CARnC,KAAS,KAAOO,EAChB,KAAS,MAAQC,EAQf,KAAK,QAAUR,CACjB,CAMA,MAAM,UAAUC,EAAwC,CACtD,MAAMS,EAAWT,EAAS,SAO1B,GALI,CAACS,GAKDA,EAAS,SAAWnB,EAAc,aACpC,OAIF,MAAMoB,EAAe,KAAK,QAAQ,aAAa,IAAA,EAE/C,GAAKA,EAIL,GAAI,CAEF,MAAMC,EAAW,MAAM,KAAK,QAAQ,eAAe,QAAQD,CAAY,EAEvE,KAAK,QAAQ,aAAa,IAAIC,CAAQ,EAEtC,MAAMX,EAAS,QAAQ,QAAQA,EAAS,OAAO,CACjD,OAASY,EAAO,CAEd,WAAK,QAAQ,aAAa,MAAA,EACpBA,CACR,CACF,CACF,CCtEO,MAAMC,CAAmC,CAAzC,aAAA,CACL,KAAQ,UAAiC,GAAI,CAE7C,IAAI,QAAiB,CACnB,OAAO,KAAK,MAAM,IACpB,CAEA,OAAc,CACZ,KAAK,MAAM,MAAA,CACb,CAEA,QAAQC,EAA4B,CAClC,MAAMC,EAAQ,KAAK,MAAM,IAAID,CAAG,EAChC,OAAOC,IAAU,OAAYA,EAAQ,IACvC,CAEA,IAAIC,EAA8B,CAEhC,OADa,MAAM,KAAK,KAAK,MAAM,MAAM,EAC7BA,CAAK,GAAK,IACxB,CAEA,WAAWF,EAAmB,CACxB,KAAK,MAAM,IAAIA,CAAG,GACpB,KAAK,MAAM,OAAOA,CAAG,CAEzB,CAEA,QAAQA,EAAaC,EAAqB,CACxC,KAAK,MAAM,IAAID,EAAKC,CAAK,CAC3B,CACF,CAEO,SAASE,GAAsB,CACpC,OAAI,OAAO,OAAW,KAAe,OAAO,aACnC,OAAO,aAGP,IAAIJ,CAEf,CCvCO,MAAMK,EAA8B,kBAKpC,MAAMC,CAAgB,CAI3B,YACEC,EAAsBF,EACtBG,EAAmBJ,IACnB,CACA,KAAK,YAAcG,EACnB,KAAK,QAAUC,CACjB,CAOA,KAAqB,CACnB,OAAO,KAAK,QAAQ,QAAQ,KAAK,WAAW,CAC9C,CAOA,IAAInB,EAAwB,CAC1B,KAAK,QAAQ,QAAQ,KAAK,YAAaA,CAAQ,CACjD,CAOA,kBAA2B,CACzB,OAAOR,EAAY,WAAA,CACrB,CAOA,aAAsB,CAEpB,IAAIQ,EAAW,KAAK,IAAA,EACpB,OAAKA,IAEHA,EAAW,KAAK,iBAAA,EAChB,KAAK,IAAIA,CAAQ,GAGZA,CACT,CAKA,OAAc,CACZ,KAAK,QAAQ,WAAW,KAAK,WAAW,CAC1C,CACF,CCOO,SAASoB,EAAsCnB,EAAyB,CAC7E,GAAI,CACF,MAAMoB,EAAQpB,EAAM,MAAM,GAAG,EAC7B,GAAIoB,EAAM,SAAW,EACnB,OAAO,KAIT,MAAMC,EADYD,EAAM,CAAC,EACA,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EAGvDE,EAAeD,EAAO,OAC1BA,EAAO,QAAW,EAAKA,EAAO,OAAS,GAAM,EAC7C,GAAA,EAGIE,EAAc,mBAClB,KAAKD,CAAY,EACd,MAAM,EAAE,EACR,IAAI,SAAS,EAAG,CACf,MAAO,KAAO,KAAO,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE,CAC7D,CAAC,EACA,KAAK,EAAE,CAAA,EAEZ,OAAO,KAAK,MAAMC,CAAW,CAC/B,OAASd,EAAO,CAEd,eAAQ,MAAM,4BAA6BA,CAAK,EACzC,IACT,CACF,CAkBO,SAASe,EACdxB,EACAyB,EAAsB,EACb,CACT,MAAMC,EAAU,OAAO1B,GAAU,SAAWmB,EAAgBnB,CAAK,EAAIA,EACrE,GAAI,CAAC0B,EACH,MAAO,GAGT,MAAMC,EAAQD,EAAQ,IACtB,OAAKC,EAIO,KAAK,IAAA,EAAQ,IACZA,EAAQF,EAJZ,EAKX,CC1IO,MAAMG,EAA0B,cAKhC,MAAMC,CAAa,CAIxB,YACEC,EAAmBF,EACnBV,EAAmBJ,IACnB,CACA,KAAK,SAAWgB,EAChB,KAAK,QAAUZ,CACjB,CAOA,KAA6B,CAC3B,MAAMa,EAAW,KAAK,QAAQ,QAAQ,KAAK,QAAQ,EACnD,GAAI,CAACA,EACH,OAAO,KAGT,GAAI,CACF,OAAO,KAAK,MAAMA,CAAQ,CAC5B,OAAStB,EAAO,CACd,eAAQ,KAAK,oCAAqCA,CAAK,EACvD,KAAK,MAAA,EACE,IACT,CACF,CAOA,IAAIT,EAA6B,CAC/B,MAAM+B,EAAW,KAAK,UAAU/B,CAAK,EACrC,KAAK,QAAQ,QAAQ,KAAK,SAAU+B,CAAQ,CAC9C,CAKA,OAAc,CACZ,KAAK,QAAQ,WAAW,KAAK,QAAQ,CACvC,CACF"}
+{"version":3,"file":"index.umd.js","sources":["../src/types.ts","../src/idGenerator.ts","../src/cosecRequestInterceptor.ts","../src/cosecResponseInterceptor.ts","../src/inMemoryStorage.ts","../src/deviceIdStorage.ts","../src/jwts.ts","../src/tokenStorage.ts"],"sourcesContent":["/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { DeviceIdStorage } from './deviceIdStorage';\nimport { TokenStorage } from './tokenStorage';\nimport { TokenRefresher } from './tokenRefresher';\n\n/**\n * CoSec HTTP headers enumeration.\n */\nexport class CoSecHeaders {\n  static readonly DEVICE_ID = 'CoSec-Device-Id';\n  static readonly APP_ID = 'CoSec-App-Id';\n  static readonly AUTHORIZATION = 'Authorization';\n  static readonly REQUEST_ID = 'CoSec-Request-Id';\n}\n\nexport class ResponseCodes {\n  static readonly UNAUTHORIZED = 401;\n}\n\n/**\n * CoSec options interface.\n */\nexport interface CoSecOptions {\n  /**\n   * Application ID to be sent in the CoSec-App-Id header.\n   */\n  appId: string;\n\n  /**\n   * Device ID storage instance.\n   */\n  deviceIdStorage: DeviceIdStorage;\n\n  /**\n   * Token storage instance.\n   */\n  tokenStorage: TokenStorage;\n\n  /**\n   * Token refresher function.\n   *\n   * Takes a CompositeToken and returns a Promise that resolves to a new CompositeToken.\n   */\n  tokenRefresher: TokenRefresher;\n}\n\n/**\n * Authorization result interface.\n */\nexport interface AuthorizeResult {\n  authorized: boolean;\n  reason: string;\n}\n\n/**\n * Authorization result constants.\n */\nexport const AuthorizeResults = {\n  ALLOW: { authorized: true, reason: 'Allow' },\n  EXPLICIT_DENY: { authorized: false, reason: 'Explicit Deny' },\n  IMPLICIT_DENY: { authorized: false, reason: 'Implicit Deny' },\n  TOKEN_EXPIRED: { authorized: false, reason: 'Token Expired' },\n  TOO_MANY_REQUESTS: { authorized: false, reason: 'Too Many Requests' },\n};\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { nanoid } from 'nanoid';\n\nexport interface IdGenerator {\n  generateId(): string;\n}\n\n/**\n * Nano ID implementation of IdGenerator.\n * Generates unique request IDs using Nano ID.\n */\nexport class NanoIdGenerator implements IdGenerator {\n  /**\n   * Generate a unique request ID.\n   *\n   * @returns A unique request ID\n   */\n  generateId(): string {\n    return nanoid();\n  }\n}\n\nexport const idGenerator = new NanoIdGenerator();\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n  FetchExchange,\n  REQUEST_BODY_INTERCEPTOR_ORDER,\n  RequestInterceptor,\n} from '@ahoo-wang/fetcher';\nimport { CoSecHeaders, CoSecOptions } from './types';\nimport { idGenerator } from './idGenerator';\n\n/**\n * The name of the CoSecRequestInterceptor.\n */\nexport const COSEC_REQUEST_INTERCEPTOR_NAME = 'CoSecRequestInterceptor';\n\n/**\n * The order of the CoSecRequestInterceptor.\n * Set to REQUEST_BODY_INTERCEPTOR_ORDER + 1000 to ensure it runs after RequestBodyInterceptor.\n */\nexport const COSEC_REQUEST_INTERCEPTOR_ORDER =\n  REQUEST_BODY_INTERCEPTOR_ORDER + 1000;\n\n/**\n * Interceptor that automatically adds CoSec authentication headers to requests.\n *\n * This interceptor adds the following headers to each request:\n * - CoSec-Device-Id: Device identifier (stored in localStorage or generated)\n * - CoSec-App-Id: Application identifier\n * - Authorization: Bearer token\n * - CoSec-Request-Id: Unique request identifier for each request\n *\n * @remarks\n * This interceptor runs after RequestBodyInterceptor but before FetchInterceptor.\n * The order is set to COSEC_REQUEST_INTERCEPTOR_ORDER to ensure it runs after\n * request body processing but before the actual HTTP request is made. This positioning\n * allows for proper authentication header addition after all request body transformations\n * are complete, ensuring that the final request is properly authenticated before\n * being sent over the network.\n */\nexport class CoSecRequestInterceptor implements RequestInterceptor {\n  readonly name = COSEC_REQUEST_INTERCEPTOR_NAME;\n  readonly order = COSEC_REQUEST_INTERCEPTOR_ORDER;\n  private options: CoSecOptions;\n\n  constructor(options: CoSecOptions) {\n    this.options = options;\n  }\n\n  /**\n   * Intercept requests to add CoSec authentication headers.\n   *\n   * This method adds the following headers to each request:\n   * - CoSec-App-Id: The application identifier from the CoSec options\n   * - CoSec-Device-Id: A unique device identifier, either retrieved from storage or generated\n   * - CoSec-Request-Id: A unique identifier for this specific request\n   * - Authorization: Bearer token if available in token storage\n   *\n   * @param exchange - The fetch exchange containing the request to process\n   *\n   * @remarks\n   * This method runs after RequestBodyInterceptor but before FetchInterceptor.\n   * It ensures that authentication headers are added to the request after all\n   * body processing is complete. The positioning allows for proper authentication\n   * header addition after all request body transformations are finished, ensuring\n   * that the final request is properly authenticated before being sent over the network.\n   * This execution order prevents authentication headers from being overwritten by\n   * subsequent request processing interceptors.\n   */\n  intercept(exchange: FetchExchange) {\n    const requestId = idGenerator.generateId();\n    const deviceId = this.options.deviceIdStorage.getOrCreate();\n    const token = this.options.tokenStorage.get();\n    const requestHeaders = exchange.ensureRequestHeaders();\n    requestHeaders[CoSecHeaders.APP_ID] = this.options.appId;\n    requestHeaders[CoSecHeaders.DEVICE_ID] = deviceId;\n    requestHeaders[CoSecHeaders.REQUEST_ID] = requestId;\n    if (token && !requestHeaders[CoSecHeaders.AUTHORIZATION]) {\n      requestHeaders[CoSecHeaders.AUTHORIZATION] = `Bearer ${token.accessToken}`;\n    }\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { CoSecOptions, ResponseCodes } from './types';\nimport { FetchExchange, ResponseInterceptor } from '@ahoo-wang/fetcher';\n\n/**\n * The name of the CoSecResponseInterceptor.\n */\nexport const COSEC_RESPONSE_INTERCEPTOR_NAME = 'CoSecResponseInterceptor';\n\n/**\n * The order of the CoSecResponseInterceptor.\n * Set to a high negative value to ensure it runs early in the interceptor chain.\n */\nexport const COSEC_RESPONSE_INTERCEPTOR_ORDER = Number.MIN_SAFE_INTEGER + 1000;\n\n/**\n * CoSecResponseInterceptor is responsible for handling unauthorized responses (401)\n * by attempting to refresh the authentication token and retrying the original request.\n *\n * This interceptor:\n * 1. Checks if the response status is 401 (UNAUTHORIZED)\n * 2. If so, and if there's a current token, attempts to refresh it\n * 3. On successful refresh, stores the new token and retries the original request\n * 4. On refresh failure, clears stored tokens and propagates the error\n */\nexport class CoSecResponseInterceptor implements ResponseInterceptor {\n  readonly name = COSEC_RESPONSE_INTERCEPTOR_NAME;\n  readonly order = COSEC_RESPONSE_INTERCEPTOR_ORDER;\n  private options: CoSecOptions;\n\n  /**\n   * Creates a new CoSecResponseInterceptor instance.\n   * @param options - The CoSec configuration options including token storage and refresher\n   */\n  constructor(options: CoSecOptions) {\n    this.options = options;\n  }\n\n  /**\n   * Intercepts the response and handles unauthorized responses by refreshing tokens.\n   * @param exchange - The fetch exchange containing request and response information\n   */\n  async intercept(exchange: FetchExchange): Promise<void> {\n    const response = exchange.response;\n    // If there's no response, nothing to intercept\n    if (!response) {\n      return;\n    }\n\n    // Only handle unauthorized responses (401)\n    if (response.status !== ResponseCodes.UNAUTHORIZED) {\n      return;\n    }\n\n    // Get the current token from storage\n    const currentToken = this.options.tokenStorage.get();\n    // If there's no current token, we can't refresh it\n    if (!currentToken) {\n      return;\n    }\n\n    try {\n      // Attempt to refresh the token\n      const newToken = await this.options.tokenRefresher.refresh(currentToken);\n      // Store the refreshed token\n      this.options.tokenStorage.set(newToken);\n      // Retry the original request with the new token\n      await exchange.fetcher.request(exchange.request);\n    } catch (error) {\n      // If token refresh fails, clear stored tokens and re-throw the error\n      this.options.tokenStorage.clear();\n      throw error;\n    }\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * In-memory storage fallback for environments without localStorage.\n */\nexport class InMemoryStorage implements Storage {\n  private store: Map<string, string> = new Map();\n\n  get length(): number {\n    return this.store.size;\n  }\n\n  clear(): void {\n    this.store.clear();\n  }\n\n  getItem(key: string): string | null {\n    const value = this.store.get(key);\n    return value !== undefined ? value : null;\n  }\n\n  key(index: number): string | null {\n    const keys = Array.from(this.store.keys());\n    return keys[index] || null;\n  }\n\n  removeItem(key: string): void {\n    if (this.store.has(key)) {\n      this.store.delete(key);\n    }\n  }\n\n  setItem(key: string, value: string): void {\n    this.store.set(key, value);\n  }\n}\n\nexport function getStorage(): Storage {\n  if (typeof window !== 'undefined' && window.localStorage) {\n    return window.localStorage;\n  } else {\n    // Use in-memory storage as fallback\n    return new InMemoryStorage();\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getStorage } from './inMemoryStorage';\nimport { idGenerator } from './idGenerator';\n\nexport const DEFAULT_COSEC_DEVICE_ID_KEY = 'cosec-device-id';\n\n/**\n * Storage class for managing device identifiers.\n */\nexport class DeviceIdStorage {\n  private readonly deviceIdKey: string;\n  private storage: Storage;\n\n  constructor(\n    deviceIdKey: string = DEFAULT_COSEC_DEVICE_ID_KEY,\n    storage: Storage = getStorage(),\n  ) {\n    this.deviceIdKey = deviceIdKey;\n    this.storage = storage;\n  }\n\n  /**\n   * Get the current device ID.\n   *\n   * @returns The current device ID or null if not set\n   */\n  get(): string | null {\n    return this.storage.getItem(this.deviceIdKey);\n  }\n\n  /**\n   * Set a device ID.\n   *\n   * @param deviceId - The device ID to set\n   */\n  set(deviceId: string): void {\n    this.storage.setItem(this.deviceIdKey, deviceId);\n  }\n\n  /**\n   * Generate a new device ID.\n   *\n   * @returns A newly generated device ID\n   */\n  generateDeviceId(): string {\n    return idGenerator.generateId();\n  }\n\n  /**\n   * Get or create a device ID.\n   *\n   * @returns The existing device ID if available, otherwise a newly generated one\n   */\n  getOrCreate(): string {\n    // Try to get existing device ID from storage\n    let deviceId = this.get();\n    if (!deviceId) {\n      // Generate a new device ID and store it\n      deviceId = this.generateDeviceId();\n      this.set(deviceId);\n    }\n\n    return deviceId;\n  }\n\n  /**\n   * Clear the stored device ID.\n   */\n  clear(): void {\n    this.storage.removeItem(this.deviceIdKey);\n  }\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n/**\n * Interface representing a JWT payload as defined in RFC 7519.\n * Contains standard JWT claims as well as custom properties.\n */\nexport interface JwtPayload {\n  /**\n   * JWT ID - provides a unique identifier for the JWT.\n   */\n  jti?: string;\n  /**\n   * Subject - identifies the principal that is the subject of the JWT.\n   */\n  sub?: string;\n  /**\n   * Issuer - identifies the principal that issued the JWT.\n   */\n  iss?: string;\n  /**\n   * Audience - identifies the recipients that the JWT is intended for.\n   * Can be a single string or an array of strings.\n   */\n  aud?: string | string[];\n  /**\n   * Expiration Time - identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  exp?: number;\n  /**\n   * Not Before - identifies the time before which the JWT MUST NOT be accepted for processing.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  nbf?: number;\n  /**\n   * Issued At - identifies the time at which the JWT was issued.\n   * Represented as NumericDate (seconds since Unix epoch).\n   */\n  iat?: number;\n\n  /**\n   * Allows additional custom properties to be included in the payload.\n   */\n  [key: string]: any;\n}\n\n/**\n * Interface representing a JWT payload with CoSec-specific extensions.\n * Extends the standard JwtPayload interface with additional CoSec-specific properties.\n */\nexport interface CoSecJwtPayload extends JwtPayload {\n  /**\n   * Tenant identifier - identifies the tenant scope for the JWT.\n   */\n  tenantId?: string;\n  /**\n   * Policies - array of policy identifiers associated with the JWT.\n   * These are security policies defined internally by Cosec.\n   */\n  policies?: string[];\n  /**\n   * Roles - array of role identifiers associated with the JWT.\n   * Role IDs indicate what roles the token belongs to.\n   */\n  roles?: string[];\n  /**\n   * Attributes - custom key-value pairs providing additional information about the JWT.\n   */\n  attributes?: Record<string, any>;\n}\n\n/**\n * Parses a JWT token and extracts its payload.\n *\n * This function decodes the payload part of a JWT token, handling Base64URL decoding\n * and JSON parsing. It validates the token structure and returns null for invalid tokens.\n *\n * @param token - The JWT token string to parse\n * @returns The parsed JWT payload or null if parsing fails\n */\nexport function parseJwtPayload<T extends JwtPayload>(token: string): T | null {\n  try {\n    const parts = token.split('.');\n    if (parts.length !== 3) {\n      return null;\n    }\n\n    const base64Url = parts[1];\n    const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');\n\n    // Add padding if needed\n    const paddedBase64 = base64.padEnd(\n      base64.length + ((4 - (base64.length % 4)) % 4),\n      '=',\n    );\n\n    const jsonPayload = decodeURIComponent(\n      atob(paddedBase64)\n        .split('')\n        .map(function(c) {\n          return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);\n        })\n        .join(''),\n    );\n    return JSON.parse(jsonPayload) as T;\n  } catch (error) {\n    // Avoid exposing sensitive information in error logs\n    console.error('Failed to parse JWT token', error);\n    return null;\n  }\n}\n\n/**\n * Checks if a JWT token is expired based on its expiration time (exp claim).\n *\n * This function determines if a JWT token has expired by comparing its exp claim\n * with the current time. If the token is a string, it will be parsed first.\n * Tokens without an exp claim are considered not expired.\n *\n * The early period parameter allows for early token expiration, which is useful\n * for triggering token refresh before the token actually expires. This helps\n * avoid race conditions where a token expires between the time it is checked and\n * the time it is used.\n *\n * @param token - The JWT token to check, either as a string or as a JwtPayload object\n * @param earlyPeriod - The time in seconds before actual expiration when the token should be considered expired (default: 0)\n * @returns true if the token is expired (or will expire within the early period) or cannot be parsed, false otherwise\n */\nexport function isTokenExpired(\n  token: string | CoSecJwtPayload,\n  earlyPeriod: number = 0,\n): boolean {\n  const payload = typeof token === 'string' ? parseJwtPayload(token) : token;\n  if (!payload) {\n    return true;\n  }\n\n  const expAt = payload.exp;\n  if (!expAt) {\n    return false;\n  }\n\n  const now = Date.now() / 1000;\n  return now > expAt - earlyPeriod;\n}\n","/*\n * Copyright [2021-present] [ahoo wang <ahoowang@qq.com> (https://github.com/Ahoo-Wang)].\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *      http://www.apache.org/licenses/LICENSE-2.0\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { getStorage } from './inMemoryStorage';\nimport { CompositeToken } from './tokenRefresher';\n\nexport const DEFAULT_COSEC_TOKEN_KEY = 'cosec-token';\n\n/**\n * Storage class for managing access and refresh tokens.\n */\nexport class TokenStorage {\n  private readonly tokenKey: string;\n  private storage: Storage;\n\n  constructor(\n    tokenKey: string = DEFAULT_COSEC_TOKEN_KEY,\n    storage: Storage = getStorage(),\n  ) {\n    this.tokenKey = tokenKey;\n    this.storage = storage;\n  }\n\n  /**\n   * Get the current access token.\n   *\n   * @returns The current composite token or null if not set\n   */\n  get(): CompositeToken | null {\n    const tokenStr = this.storage.getItem(this.tokenKey);\n    if (!tokenStr) {\n      return null;\n    }\n\n    try {\n      return JSON.parse(tokenStr);\n    } catch (error) {\n      console.warn('Failed to get token from storage:', error);\n      this.clear();\n      return null;\n    }\n  }\n\n  /**\n   * Store a composite token.\n   *\n   * @param token - The composite token to store\n   */\n  set(token: CompositeToken): void {\n    const tokenStr = JSON.stringify(token);\n    this.storage.setItem(this.tokenKey, tokenStr);\n  }\n\n  /**\n   * Clear all tokens.\n   */\n  clear(): void {\n    this.storage.removeItem(this.tokenKey);\n  }\n}\n"],"names":["_CoSecHeaders","CoSecHeaders","_ResponseCodes","ResponseCodes","AuthorizeResults","NanoIdGenerator","nanoid","idGenerator","COSEC_REQUEST_INTERCEPTOR_NAME","COSEC_REQUEST_INTERCEPTOR_ORDER","REQUEST_BODY_INTERCEPTOR_ORDER","CoSecRequestInterceptor","options","exchange","requestId","deviceId","token","requestHeaders","COSEC_RESPONSE_INTERCEPTOR_NAME","COSEC_RESPONSE_INTERCEPTOR_ORDER","CoSecResponseInterceptor","response","currentToken","newToken","error","InMemoryStorage","key","value","index","getStorage","DEFAULT_COSEC_DEVICE_ID_KEY","DeviceIdStorage","deviceIdKey","storage","parseJwtPayload","parts","base64","paddedBase64","jsonPayload","c","isTokenExpired","earlyPeriod","payload","expAt","DEFAULT_COSEC_TOKEN_KEY","TokenStorage","tokenKey","tokenStr"],"mappings":"0UAoBO,MAAMA,EAAN,MAAMA,CAAa,CAK1B,EAJEA,EAAgB,UAAY,kBAC5BA,EAAgB,OAAS,eACzBA,EAAgB,cAAgB,gBAChCA,EAAgB,WAAa,mBAJxB,IAAMC,EAAND,EAOA,MAAME,EAAN,MAAMA,CAAc,CAE3B,EADEA,EAAgB,aAAe,IAD1B,IAAMC,EAAND,EA0CA,MAAME,EAAmB,CAC9B,MAAO,CAAE,WAAY,GAAM,OAAQ,OAAA,EACnC,cAAe,CAAE,WAAY,GAAO,OAAQ,eAAA,EAC5C,cAAe,CAAE,WAAY,GAAO,OAAQ,eAAA,EAC5C,cAAe,CAAE,WAAY,GAAO,OAAQ,eAAA,EAC5C,kBAAmB,CAAE,WAAY,GAAO,OAAQ,mBAAA,CAClD,ECpDO,MAAMC,CAAuC,CAMlD,YAAqB,CACnB,OAAOC,SAAA,CACT,CACF,CAEO,MAAMC,EAAc,IAAIF,ECVlBG,EAAiC,0BAMjCC,EACXC,EAAAA,+BAAiC,IAmB5B,MAAMC,CAAsD,CAKjE,YAAYC,EAAuB,CAJnC,KAAS,KAAOJ,EAChB,KAAS,MAAQC,EAIf,KAAK,QAAUG,CACjB,CAsBA,UAAUC,EAAyB,CACjC,MAAMC,EAAYP,EAAY,WAAA,EACxBQ,EAAW,KAAK,QAAQ,gBAAgB,YAAA,EACxCC,EAAQ,KAAK,QAAQ,aAAa,IAAA,EAClCC,EAAiBJ,EAAS,qBAAA,EAChCI,EAAehB,EAAa,MAAM,EAAI,KAAK,QAAQ,MACnDgB,EAAehB,EAAa,SAAS,EAAIc,EACzCE,EAAehB,EAAa,UAAU,EAAIa,EACtCE,GAAS,CAACC,EAAehB,EAAa,aAAa,IACrDgB,EAAehB,EAAa,aAAa,EAAI,UAAUe,EAAM,WAAW,GAE5E,CACF,CCxEO,MAAME,EAAkC,2BAMlCC,EAAmC,OAAO,iBAAmB,IAYnE,MAAMC,CAAwD,CASnE,YAAYR,EAAuB,CARnC,KAAS,KAAOM,EAChB,KAAS,MAAQC,EAQf,KAAK,QAAUP,CACjB,CAMA,MAAM,UAAUC,EAAwC,CACtD,MAAMQ,EAAWR,EAAS,SAO1B,GALI,CAACQ,GAKDA,EAAS,SAAWlB,EAAc,aACpC,OAIF,MAAMmB,EAAe,KAAK,QAAQ,aAAa,IAAA,EAE/C,GAAKA,EAIL,GAAI,CAEF,MAAMC,EAAW,MAAM,KAAK,QAAQ,eAAe,QAAQD,CAAY,EAEvE,KAAK,QAAQ,aAAa,IAAIC,CAAQ,EAEtC,MAAMV,EAAS,QAAQ,QAAQA,EAAS,OAAO,CACjD,OAASW,EAAO,CAEd,WAAK,QAAQ,aAAa,MAAA,EACpBA,CACR,CACF,CACF,CCtEO,MAAMC,CAAmC,CAAzC,aAAA,CACL,KAAQ,UAAiC,GAAI,CAE7C,IAAI,QAAiB,CACnB,OAAO,KAAK,MAAM,IACpB,CAEA,OAAc,CACZ,KAAK,MAAM,MAAA,CACb,CAEA,QAAQC,EAA4B,CAClC,MAAMC,EAAQ,KAAK,MAAM,IAAID,CAAG,EAChC,OAAOC,IAAU,OAAYA,EAAQ,IACvC,CAEA,IAAIC,EAA8B,CAEhC,OADa,MAAM,KAAK,KAAK,MAAM,MAAM,EAC7BA,CAAK,GAAK,IACxB,CAEA,WAAWF,EAAmB,CACxB,KAAK,MAAM,IAAIA,CAAG,GACpB,KAAK,MAAM,OAAOA,CAAG,CAEzB,CAEA,QAAQA,EAAaC,EAAqB,CACxC,KAAK,MAAM,IAAID,EAAKC,CAAK,CAC3B,CACF,CAEO,SAASE,GAAsB,CACpC,OAAI,OAAO,OAAW,KAAe,OAAO,aACnC,OAAO,aAGP,IAAIJ,CAEf,CCvCO,MAAMK,EAA8B,kBAKpC,MAAMC,CAAgB,CAI3B,YACEC,EAAsBF,EACtBG,EAAmBJ,IACnB,CACA,KAAK,YAAcG,EACnB,KAAK,QAAUC,CACjB,CAOA,KAAqB,CACnB,OAAO,KAAK,QAAQ,QAAQ,KAAK,WAAW,CAC9C,CAOA,IAAIlB,EAAwB,CAC1B,KAAK,QAAQ,QAAQ,KAAK,YAAaA,CAAQ,CACjD,CAOA,kBAA2B,CACzB,OAAOR,EAAY,WAAA,CACrB,CAOA,aAAsB,CAEpB,IAAIQ,EAAW,KAAK,IAAA,EACpB,OAAKA,IAEHA,EAAW,KAAK,iBAAA,EAChB,KAAK,IAAIA,CAAQ,GAGZA,CACT,CAKA,OAAc,CACZ,KAAK,QAAQ,WAAW,KAAK,WAAW,CAC1C,CACF,CCOO,SAASmB,EAAsClB,EAAyB,CAC7E,GAAI,CACF,MAAMmB,EAAQnB,EAAM,MAAM,GAAG,EAC7B,GAAImB,EAAM,SAAW,EACnB,OAAO,KAIT,MAAMC,EADYD,EAAM,CAAC,EACA,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EAGvDE,EAAeD,EAAO,OAC1BA,EAAO,QAAW,EAAKA,EAAO,OAAS,GAAM,EAC7C,GAAA,EAGIE,EAAc,mBAClB,KAAKD,CAAY,EACd,MAAM,EAAE,EACR,IAAI,SAASE,EAAG,CACf,MAAO,KAAO,KAAOA,EAAE,WAAW,CAAC,EAAE,SAAS,EAAE,GAAG,MAAM,EAAE,CAC7D,CAAC,EACA,KAAK,EAAE,CAAA,EAEZ,OAAO,KAAK,MAAMD,CAAW,CAC/B,OAASd,EAAO,CAEd,eAAQ,MAAM,4BAA6BA,CAAK,EACzC,IACT,CACF,CAkBO,SAASgB,EACdxB,EACAyB,EAAsB,EACb,CACT,MAAMC,EAAU,OAAO1B,GAAU,SAAWkB,EAAgBlB,CAAK,EAAIA,EACrE,GAAI,CAAC0B,EACH,MAAO,GAGT,MAAMC,EAAQD,EAAQ,IACtB,OAAKC,EAIO,KAAK,IAAA,EAAQ,IACZA,EAAQF,EAJZ,EAKX,CC1IO,MAAMG,EAA0B,cAKhC,MAAMC,CAAa,CAIxB,YACEC,EAAmBF,EACnBX,EAAmBJ,IACnB,CACA,KAAK,SAAWiB,EAChB,KAAK,QAAUb,CACjB,CAOA,KAA6B,CAC3B,MAAMc,EAAW,KAAK,QAAQ,QAAQ,KAAK,QAAQ,EACnD,GAAI,CAACA,EACH,OAAO,KAGT,GAAI,CACF,OAAO,KAAK,MAAMA,CAAQ,CAC5B,OAASvB,EAAO,CACd,eAAQ,KAAK,oCAAqCA,CAAK,EACvD,KAAK,MAAA,EACE,IACT,CACF,CAOA,IAAIR,EAA6B,CAC/B,MAAM+B,EAAW,KAAK,UAAU/B,CAAK,EACrC,KAAK,QAAQ,QAAQ,KAAK,SAAU+B,CAAQ,CAC9C,CAKA,OAAc,CACZ,KAAK,QAAQ,WAAW,KAAK,QAAQ,CACvC,CACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ahoo-wang/fetcher-cosec",
-  "version": "1.2.3",
+  "version": "1.2.6",
   "description": "CoSec authentication integration for Fetcher HTTP client with enterprise-grade security features. Provides automatic token management, device ID persistence, and request tracking.",
   "keywords": [
     "fetch",
@@ -40,7 +40,7 @@
   ],
   "dependencies": {
     "nanoid": "^5.1.5",
-    "@ahoo-wang/fetcher": "1.2.3"
+    "@ahoo-wang/fetcher": "1.2.6"
   },
   "devDependencies": {
     "@vitest/coverage-v8": "^3.2.4",
@@ -55,6 +55,7 @@
     "build": "vite build",
     "test": "vitest run --coverage",
     "lint": "eslint . --fix",
-    "clean": "rm -rf dist"
+    "clean": "rm -rf dist",
+    "analyze": "npx vite-bundle-analyzer -p auto"
   }
 }