npm - @arcblock/did-connect-js - Versions diffs - 1.29.23 → 4.0.0-beta.2 - Mend

@arcblock/did-connect-js 1.29.23 → 4.0.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

package/{lib/adapters/detect.d.cts → dist/adapters/detect.d.ts} +3 -5
package/dist/adapters/detect.d.ts.map +1 -0
package/dist/adapters/detect.js +13 -0
package/dist/adapters/detect.js.map +1 -0
package/dist/adapters/express.d.ts +40 -0
package/dist/adapters/express.d.ts.map +1 -0
package/dist/adapters/express.js +30 -0
package/dist/adapters/express.js.map +1 -0
package/dist/adapters/hono.d.ts +49 -0
package/dist/adapters/hono.d.ts.map +1 -0
package/dist/adapters/hono.js +176 -0
package/dist/adapters/hono.js.map +1 -0
package/dist/authenticator/base.d.ts +21 -0
package/dist/authenticator/base.d.ts.map +1 -0
package/dist/authenticator/base.js +109 -0
package/dist/authenticator/base.js.map +1 -0
package/dist/authenticator/wallet.d.ts +221 -0
package/dist/authenticator/wallet.d.ts.map +1 -0
package/dist/authenticator/wallet.js +588 -0
package/dist/authenticator/wallet.js.map +1 -0
package/dist/handlers/base.d.ts +25 -0
package/dist/handlers/base.d.ts.map +1 -0
package/dist/handlers/base.js +48 -0
package/dist/handlers/base.js.map +1 -0
package/dist/handlers/util.d.ts +48 -0
package/dist/handlers/util.d.ts.map +1 -0
package/dist/handlers/util.js +812 -0
package/dist/handlers/util.js.map +1 -0
package/dist/handlers/wallet.d.ts +96 -0
package/dist/handlers/wallet.d.ts.map +1 -0
package/dist/handlers/wallet.js +129 -0
package/dist/handlers/wallet.js.map +1 -0
package/dist/index.d.ts +10 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +9 -0
package/dist/index.js.map +1 -0
package/dist/protocol.d.ts +14 -0
package/dist/protocol.d.ts.map +1 -0
package/dist/protocol.js +37 -0
package/dist/protocol.js.map +1 -0
package/dist/schema/claims.d.ts +17 -0
package/dist/schema/claims.d.ts.map +1 -0
package/dist/schema/claims.js +205 -0
package/dist/schema/claims.js.map +1 -0
package/dist/schema/index.d.ts +7 -0
package/dist/schema/index.d.ts.map +1 -0
package/dist/schema/index.js +49 -0
package/dist/schema/index.js.map +1 -0
package/dist/storage/kv.d.ts +31 -0
package/dist/storage/kv.d.ts.map +1 -0
package/dist/storage/kv.js +54 -0
package/dist/storage/kv.js.map +1 -0
package/dist/types.d.ts +53 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +2 -0
package/dist/types.js.map +1 -0
package/package.json +48 -104
package/LICENSE +0 -13
package/README.md +0 -210
package/esm/_virtual/rolldown_runtime.mjs +0 -8
package/esm/adapters/detect.d.mts +0 -11
package/esm/adapters/detect.mjs +0 -16
package/esm/adapters/express.d.mts +0 -48
package/esm/adapters/express.mjs +0 -39
package/esm/adapters/hono.d.mts +0 -57
package/esm/adapters/hono.mjs +0 -164
package/esm/authenticator/base.d.mts +0 -23
package/esm/authenticator/base.mjs +0 -88
package/esm/authenticator/wallet.d.mts +0 -270
package/esm/authenticator/wallet.mjs +0 -556
package/esm/handlers/base.d.mts +0 -32
package/esm/handlers/base.mjs +0 -37
package/esm/handlers/util.d.mts +0 -70
package/esm/handlers/util.mjs +0 -739
package/esm/handlers/wallet.d.mts +0 -120
package/esm/handlers/wallet.mjs +0 -139
package/esm/index.d.mts +0 -8
package/esm/index.mjs +0 -8
package/esm/package.mjs +0 -118
package/esm/protocol.d.mts +0 -15
package/esm/protocol.mjs +0 -40
package/esm/schema/claims.d.mts +0 -18
package/esm/schema/claims.mjs +0 -154
package/esm/schema/index.d.mts +0 -9
package/esm/schema/index.mjs +0 -49
package/esm/storage/kv.d.mts +0 -33
package/esm/storage/kv.mjs +0 -55
package/esm/types.d.mts +0 -55
package/esm/types.mjs +0 -1
package/lib/_virtual/rolldown_runtime.cjs +0 -31
package/lib/adapters/detect.cjs +0 -18
package/lib/adapters/express.cjs +0 -41
package/lib/adapters/express.d.cts +0 -48
package/lib/adapters/hono.cjs +0 -167
package/lib/adapters/hono.d.cts +0 -57
package/lib/authenticator/base.cjs +0 -91
package/lib/authenticator/base.d.cts +0 -23
package/lib/authenticator/wallet.cjs +0 -564
package/lib/authenticator/wallet.d.cts +0 -270
package/lib/handlers/base.cjs +0 -40
package/lib/handlers/base.d.cts +0 -32
package/lib/handlers/util.cjs +0 -759
package/lib/handlers/util.d.cts +0 -70
package/lib/handlers/wallet.cjs +0 -139
package/lib/handlers/wallet.d.cts +0 -119
package/lib/index.cjs +0 -16
package/lib/index.d.cts +0 -8
package/lib/package.cjs +0 -121
package/lib/protocol.cjs +0 -46
package/lib/protocol.d.cts +0 -15
package/lib/schema/claims.cjs +0 -156
package/lib/schema/claims.d.cts +0 -18
package/lib/schema/index.cjs +0 -52
package/lib/schema/index.d.cts +0 -9
package/lib/storage/kv.cjs +0 -57
package/lib/storage/kv.d.cts +0 -33
package/lib/types.cjs +0 -0
package/lib/types.d.cts +0 -55

package/esm/handlers/util.mjs DELETED Viewed

@@ -1,739 +0,0 @@
-import { __require } from "../_virtual/rolldown_runtime.mjs";
-import { require_package } from "../package.mjs";
-import { PROTECTED_KEYS, SESSION_STATUS, decrypt, encrypt } from "../protocol.mjs";
-import { isValid } from "@arcblock/did";
-import { fromBase64, stripHexPrefix, toBase64 } from "@ocap/util";
-import isEqual from "lodash/isEqual.js";
-import pick from "lodash/pick.js";
-import random from "lodash/random.js";
-import * as Mcrypto from "@ocap/mcrypto";
-import omit from "lodash/omit.js";
-import url from "url";
-import stringify from "json-stable-stringify";
-import cloneDeep from "lodash/cloneDeep.js";
-import get from "lodash/get.js";
-import isPlainObject from "lodash/isPlainObject.js";
-import set from "lodash/set.js";
-import SealedBox from "tweetnacl-sealedbox-js";
-//#region src/handlers/util.ts
-const ABSOLUTE_URL_REGEX = /^[a-zA-Z][a-zA-Z\d+\-.]*?:/;
-const WINDOWS_PATH_REGEX = /^[a-zA-Z]:\\/;
-const isUrl = (input) => {
-	if (typeof input !== "string") return false;
-	if (WINDOWS_PATH_REGEX.test(input)) return false;
-	return ABSOLUTE_URL_REGEX.test(input);
-};
-__require("debug")(`${require_package().name}:handlers:util`);
-const sha3 = Mcrypto.Hasher.SHA3.hash256;
-const getLocale = (req) => (req.acceptsLanguages("en-US", "zh-CN") || "en-US").split("-").shift();
-const getSessionId = () => Date.now().toString();
-const noop = () => ({});
-const noTouch = (x) => x;
-const errors = {
-	tokenMissing: {
-		en: "Session Id is required to check status",
-		zh: "缺少会话 ID 参数"
-	},
-	didMismatch: {
-		en: "Login user and wallet user mismatch, please relogin and try again",
-		zh: "登录用户和扫码用户不匹配，为保障安全，请重新登录应用"
-	},
-	mfaMismatch: {
-		en: "Dynamic verification code mismatch, please try again later",
-		zh: "动态验证码不匹配，请重试"
-	},
-	challengeMismatch: {
-		en: "Challenge mismatch",
-		zh: "随机校验码不匹配"
-	},
-	token404: {
-		en: "Session not found or expired",
-		zh: "会话不存在或已过期"
-	},
-	didMissing: {
-		en: "userDid is required to start auth",
-		zh: "userDid 参数缺失，请勿尝试连接多个不同的钱包"
-	},
-	pkMissing: {
-		en: "userPk is required to start auth",
-		zh: "userPk 参数缺失，请勿尝试连接多个不同的钱包"
-	},
-	authClaim: {
-		en: "authPrincipal claim is not configured correctly",
-		zh: "authPrincipal 声明配置不正确"
-	},
-	userDeclined: {
-		en: "You have declined the authentication request",
-		zh: "授权请求被拒绝"
-	},
-	userBusy: {
-		en: "Busy processing another DID Connect request",
-		zh: "正在处理其他请求"
-	}
-};
-const preparePathname = (path, req) => {
-	const delimiter = path.replace(/\/retrieve$/, "").replace(/\/auth$/, "");
-	const [prefix] = url.parse(req.originalUrl).pathname.split(delimiter);
-	return [prefix, path].join("/").replace(/\/+/g, "/");
-};
-const getBaseUrl = (req) => {
-	if (req.headers["x-path-prefix"]) return `/${req.headers["x-path-prefix"]}/`.replace(/\/+/g, "/");
-	return "/";
-};
-const prepareBaseUrl = (req, params) => {
-	const pathPrefix = getBaseUrl(req).replace(/\/$/, "");
-	const [hostname = "", port = 80] = (req.get("x-forwarded-host") || req.get("x-real-hostname") || req.get("host") || "").split(":");
-	const finalPort = get(params, "x-real-port", null) || req.get("X-Real-Port") || port || "";
-	return url.format({
-		protocol: get(params, "x-real-protocol") || req.get("X-Real-protocol") || req.get("X-Forwarded-Proto") || req.protocol,
-		hostname,
-		port: Number(finalPort) === 80 ? "" : finalPort,
-		pathname: pathPrefix
-	});
-};
-const unescape = (str) => (str + "===".slice((str.length + 3) % 4)).replace(/-/g, "+").replace(/_/g, "/");
-const decodeEncKey = (str) => new Uint8Array(Buffer.from(unescape(str), "base64"));
-const getStepChallenge = () => stripHexPrefix(Mcrypto.getRandomBytes(16)).toUpperCase();
-const parseWalletUA = (userAgent) => {
-	const ua = (userAgent || "").toString().toLowerCase();
-	let os = "";
-	let version = "";
-	if (ua.indexOf("android") > -1) os = "android";
-	else if (ua.indexOf("iphone") > -1) os = "ios";
-	else if (ua.indexOf("ipad") > -1) os = "ios";
-	else if (ua.indexOf("ipod") > -1) os = "ios";
-	else if (ua.indexOf("arcwallet") === 0) os = "web";
-	else if (ua.indexOf("abtwallet") === 0) os = "web";
-	const match = ua.split(/\s+/).find((x) => x.startsWith("arcwallet/") || x.startsWith("abtwallet/"));
-	if (match) {
-		const tmp = match.split("/");
-		const coerced = tmp.length > 1 ? (tmp[1].match(/(\d+\.\d+\.\d+)/) || [])[1] : void 0;
-		if (coerced) version = coerced;
-	}
-	return {
-		os,
-		version,
-		jwt: "1.1.0"
-	};
-};
-const isDeepLink = (str) => str.startsWith("https://abtwallet.io/i/") || str.startsWith("https://didwallet.io/i/");
-const isConnectedOnly = (params, sessionUserDid = "") => {
-	if (typeof params.forceConnected === "string" && isValid(params.forceConnected)) return params.forceConnected;
-	if (!sessionUserDid) return false;
-	if (isValid(sessionUserDid) === false) return false;
-	if (params.connectedDid !== sessionUserDid) return false;
-	if (typeof params.forceConnected === "undefined") return true;
-	if (typeof params.forceConnected === "string") try {
-		return !!JSON.parse(params.forceConnected);
-	} catch {
-		return false;
-	}
-	return !!params.forceConnected;
-};
-function createHandlers({ action, pathname, claims, onStart, onConnect, onAuth, onDecline, onComplete, onExpire, onError, pathTransformer, tokenStorage, authenticator, authPrincipal, persistentDynamicClaims = false, getSignParams = noop, getPathName = noTouch, options }) {
-	const { tokenKey, encKey, versionKey, cleanupDelay } = options;
-	const defaultSteps = (Array.isArray(claims) ? claims : [claims]).filter(Boolean);
-	if (defaultSteps.length > 0) {
-		const keys = Object.keys(defaultSteps[0]);
-		const firstClaim = defaultSteps[0][keys[0]];
-		if (Array.isArray(firstClaim)) {
-			if (firstClaim[0] === "authPrincipal") authPrincipal = false;
-		} else if (keys[0] === "authPrincipal") authPrincipal = false;
-	}
-	if (authPrincipal) {
-		let target = "";
-		let description = "Please continue with your account";
-		let chainInfo;
-		let targetType;
-		if (typeof authPrincipal === "string") if (isValid(authPrincipal)) target = authPrincipal;
-		else description = authPrincipal;
-		if (typeof authPrincipal === "object") {
-			target = get(authPrincipal, "target", target);
-			description = get(authPrincipal, "description", description);
-			targetType = get(authPrincipal, "targetType", targetType);
-			if (authPrincipal.chainInfo && authenticator._isValidChainInfo(authPrincipal.chainInfo)) chainInfo = authPrincipal.chainInfo;
-		}
-		const supervised = defaultSteps.length === 0;
-		defaultSteps.unshift({ authPrincipal: {
-			skippable: true,
-			description,
-			target,
-			chainInfo,
-			targetType,
-			supervised
-		} });
-	}
-	const canSkipConnect = defaultSteps[0]?.authPrincipal?.skippable;
-	const createExtraParams = (locale, params, extra = {}) => {
-		const finalParams = {
-			...params,
-			...extra || {}
-		};
-		return {
-			locale,
-			action,
-			...Object.keys(finalParams).filter((x) => ![
-				"userDid",
-				"userInfo",
-				"userSession",
-				"appSession",
-				"userPk",
-				"token"
-			].includes(x)).reduce((obj, x) => {
-				obj[x] = finalParams[x];
-				return obj;
-			}, {})
-		};
-	};
-	const createSessionUpdater = (token, params) => async (key, value, secure = false) => {
-		const getUpdate = (k, v) => {
-			if (secure && params[encKey]) {
-				const encrypted = SealedBox.seal(Buffer.from(stringify(v)), decodeEncKey(params[encKey]));
-				return { [k]: Buffer.from(encrypted).toString("base64") };
-			}
-			return { [k]: v };
-		};
-		if (typeof key === "object") {
-			secure = value;
-			const keys = Object.keys(key);
-			const updates = Object.assign({}, ...keys.map((k) => getUpdate(k, key[k])));
-			return tokenStorage.update(token, updates);
-		}
-		return tokenStorage.update(token, omit(getUpdate(key, value), PROTECTED_KEYS));
-	};
-	const createMfaCodeGenerator = (token) => async () => {
-		const mfaCode = random(10, 99);
-		await tokenStorage.update(token, { mfaCode });
-		return mfaCode;
-	};
-	const onProcessError = ({ req, res, stage, err }) => {
-		const { token, store } = req.context || {};
-		if (token) tokenStorage.update(token, {
-			status: SESSION_STATUS.ERROR,
-			error: err.message,
-			mfaCode: 0
-		});
-		res.jsonp({ error: err.message });
-		onError({
-			token,
-			extraParams: get(store, "extraParams", {}),
-			stage,
-			err
-		});
-	};
-	const _preparePathname = (str, req) => {
-		return pathTransformer(preparePathname(str, req));
-	};
-	const generateSession = async (req, res) => {
-		try {
-			const params = {
-				"x-real-port": req.get("x-real-port"),
-				"x-real-protocol": req.get("x-real-protocol"),
-				deviceDid: req.get("x-device-did"),
-				connectedDid: get(req, "cookies.connected_did", ""),
-				connectedPk: get(req, "cookies.connected_pk", ""),
-				...req.body,
-				...req.query,
-				...req.params
-			};
-			params.forceConnected = isConnectedOnly(params, req.get("x-user-did"));
-			const token = sha3(getSessionId()).replace(/^0x/, "").slice(0, 8);
-			await tokenStorage.create(token, SESSION_STATUS.CREATED);
-			let sourceToken = params.sourceToken || "";
-			const sourceTokenState = sourceToken ? await tokenStorage.read(sourceToken) : null;
-			if (sourceTokenState) if ([SESSION_STATUS.SUCCEED].includes(sourceTokenState.status)) sourceToken = "";
-			else await tokenStorage.update(sourceToken, { destToken: token });
-			const finalPath = _preparePathname(getPathName(pathname, req), req);
-			const baseUrl = prepareBaseUrl(req, params);
-			const uri = await authenticator.uri({
-				token,
-				pathname: finalPath,
-				baseUrl,
-				query: {}
-			});
-			const challenge = getStepChallenge();
-			const didwallet = parseWalletUA(req.query["user-agent"] || req.headers["user-agent"]);
-			const extraParams = createExtraParams(getLocale(req), params);
-			const hookParams = {
-				req,
-				request: req,
-				challenge,
-				baseUrl,
-				deepLink: uri,
-				extraParams,
-				updateSession: createSessionUpdater(token, extraParams),
-				didwallet
-			};
-			const [wallet, delegator] = await Promise.all([authenticator.getWalletInfo({
-				baseUrl,
-				request: req,
-				extraParams
-			}), authenticator.getDelegator({
-				baseUrl,
-				request: req,
-				extraParams
-			})]);
-			const [appInfo, memberAppInfo] = await Promise.all([authenticator.getAppInfo({
-				baseUrl,
-				request: req,
-				wallet,
-				delegator,
-				extraParams
-			}, "appInfo"), authenticator.getAppInfo({
-				baseUrl,
-				request: req,
-				wallet,
-				delegator,
-				extraParams
-			}, "memberAppInfo")]);
-			await tokenStorage.update(token, {
-				currentStep: 0,
-				mfaSupported: !didwallet.os,
-				challenge,
-				sharedKey: getStepChallenge(),
-				extraParams: params,
-				appInfo,
-				memberAppInfo,
-				sourceToken
-			});
-			const extra = await onStart(hookParams);
-			res.jsonp({
-				token,
-				status: SESSION_STATUS.CREATED,
-				url: uri,
-				appInfo,
-				memberAppInfo,
-				extra: extra || {}
-			});
-		} catch (err) {
-			onProcessError({
-				req,
-				res,
-				stage: "generate-token",
-				err
-			});
-		}
-	};
-	const checkSession = async (req, res) => {
-		try {
-			const { locale, token, store, params } = req.context;
-			if (!token) {
-				res.status(400).json({ error: errors.tokenMissing[locale] });
-				return;
-			}
-			if (!store) {
-				res.status(400).json({ error: errors.token404[locale] });
-				return;
-			}
-			if (store.status === SESSION_STATUS.FORBIDDEN) {
-				res.status(403).json({ error: errors.didMismatch[locale] });
-				return;
-			}
-			if (store.status === SESSION_STATUS.SUCCEED) {
-				setTimeout(() => {
-					tokenStorage.delete(token).catch(console.error);
-				}, cleanupDelay);
-				const extraParams = createExtraParams(locale, params, get(store, "extraParams", {}));
-				await onComplete({
-					req,
-					request: req,
-					userDid: store.did,
-					userPk: store.pk,
-					extraParams,
-					updateSession: createSessionUpdater(token, extraParams)
-				});
-			}
-			res.status(200).json(Object.keys(store).filter((x) => PROTECTED_KEYS.includes(x) === false).reduce((acc, key) => {
-				acc[key] = store[key];
-				return acc;
-			}, {}));
-		} catch (err) {
-			onProcessError({
-				req,
-				res,
-				stage: "check-token-status",
-				err
-			});
-		}
-	};
-	const expireSession = async (req, res) => {
-		try {
-			const { locale, token, store } = req.context;
-			if (!token) {
-				res.status(400).json({ error: errors.tokenMissing[locale] });
-				return;
-			}
-			if (!store) {
-				res.status(400).json({ error: errors.token404[locale] });
-				return;
-			}
-			onExpire({
-				token,
-				extraParams: get(store, "extraParams", {}),
-				status: "expired"
-			});
-			if (store.status !== SESSION_STATUS.SCANNED) await tokenStorage.delete(token);
-			res.status(200).json({ token });
-		} catch (err) {
-			onProcessError({
-				req,
-				res,
-				stage: "mark-token-timeout",
-				err
-			});
-		}
-	};
-	const checkUser = async ({ context, userDid, userPk }) => {
-		const { locale, token, store } = context;
-		if (store.currentStep > 0) {
-			if (!userDid) return errors.didMissing[locale];
-			if (!userPk) return errors.pkMissing[locale];
-			if (userDid !== store.did) {
-				await tokenStorage.update(token, { status: SESSION_STATUS.FORBIDDEN });
-				return errors.didMismatch[locale];
-			}
-		}
-		return false;
-	};
-	const onAuthRequest = async (req, res) => {
-		const { locale, token, store, params, didwallet } = req.context;
-		const extraParams = createExtraParams(locale, params, get(store, "extraParams", {}));
-		const userDid = params.userDid || store.did || extraParams.connectedDid;
-		const userPk = params.userPk || store.pk || extraParams.connectedPk;
-		const error = await checkUser({
-			context: req.context,
-			userDid,
-			userPk
-		});
-		if (error) return res.jsonp({ error });
-		if (params[versionKey] && store.clientVersion !== params[versionKey]) {
-			store.clientVersion = params[versionKey];
-			store.encryptionKey = params[encKey];
-			await tokenStorage.update(token, {
-				clientVersion: params[versionKey],
-				encryptionKey: params[encKey]
-			});
-		}
-		try {
-			const steps = [...cloneDeep(defaultSteps)];
-			const shouldSkipConnect = canSkipConnect && !!extraParams.connectedDid;
-			if (shouldSkipConnect) set(steps, "[0].authPrincipal.supervised", false);
-			if (extraParams.forceConnected) {
-				let target = extraParams.connectedDid;
-				if (typeof extraParams.forceConnected === "string" && isValid(extraParams.forceConnected)) target = extraParams.forceConnected;
-				if (isValid(target)) set(steps, "[0].authPrincipal.target", target);
-			}
-			if (store.status !== SESSION_STATUS.SCANNED) await tokenStorage.update(token, {
-				status: SESSION_STATUS.SCANNED,
-				connectedWallet: didwallet
-			});
-			if (store.dynamic || shouldSkipConnect) {
-				const newClaims = await onConnect({
-					req,
-					request: req,
-					userDid,
-					userPk,
-					didwallet,
-					challenge: store.challenge,
-					pathname: _preparePathname(getPathName(pathname, req), req),
-					baseUrl: prepareBaseUrl(req, extraParams),
-					extraParams,
-					updateSession: createSessionUpdater(token, extraParams)
-				});
-				if (newClaims) if (Array.isArray(newClaims)) steps.push(...newClaims);
-				else steps.push(newClaims);
-			}
-			const signParams = await getSignParams(req);
-			const signedClaim = await authenticator.sign(Object.assign(signParams, {
-				context: {
-					token,
-					userDid,
-					userPk,
-					didwallet,
-					...pick(store, [
-						"currentStep",
-						"sharedKey",
-						"encryptionKey"
-					]),
-					mfaCode: store.mfaSupported ? createMfaCodeGenerator(token) : void 0
-				},
-				claims: steps[store.currentStep],
-				pathname: _preparePathname(getPathName(pathname, req), req),
-				baseUrl: prepareBaseUrl(req, extraParams),
-				extraParams,
-				challenge: store.challenge,
-				appInfo: store.appInfo,
-				memberAppInfo: store.memberAppInfo,
-				request: req
-			}));
-			res.jsonp(encrypt(signedClaim, store));
-		} catch (err) {
-			onProcessError({
-				req,
-				res,
-				stage: "send-auth-claim",
-				err
-			});
-		}
-	};
-	const onAuthResponse = async (req, res) => {
-		const { locale, token, store, params, didwallet } = req.context;
-		try {
-			const { userDid, userPk, action: userAction, challenge: userChallenge, claims: claimResponse, timestamp } = await authenticator.verify(decrypt(params, store), locale);
-			if (!store.did || !store.pk) await tokenStorage.update(token, {
-				did: userDid,
-				pk: userPk
-			});
-			const extraParams = createExtraParams(locale, params, get(store, "extraParams", {}));
-			const cbParams = {
-				step: store.currentStep,
-				req,
-				request: req,
-				userDid,
-				userPk,
-				challenge: store.challenge,
-				didwallet,
-				claims: claimResponse,
-				baseUrl: prepareBaseUrl(req, extraParams),
-				extraParams,
-				updateSession: createSessionUpdater(token, extraParams),
-				timestamp
-			};
-			const steps = [...defaultSteps];
-			const shouldSkipConnect = canSkipConnect && !!extraParams.connectedDid;
-			if (store.dynamic || shouldSkipConnect) {
-				const newClaims = await onConnect(cbParams);
-				if (newClaims) if (Array.isArray(newClaims)) steps.push(...newClaims);
-				else steps.push(newClaims);
-			} else if (persistentDynamicClaims && Array.isArray(store.dynamicClaims)) steps.push(...store.dynamicClaims);
-			if (userAction === "declineAuth") {
-				await tokenStorage.update(token, {
-					status: SESSION_STATUS.ERROR,
-					error: errors.userDeclined[locale],
-					mfaCode: 0,
-					currentStep: steps.length - 1
-				});
-				const result = await onDecline(cbParams);
-				return res.jsonp({ ...result || {} });
-			}
-			if (userAction === "busy") {
-				await tokenStorage.update(token, {
-					status: SESSION_STATUS.BUSY,
-					error: errors.userBusy[locale],
-					mfaCode: 0,
-					currentStep: steps.length - 1
-				});
-				return res.jsonp({});
-			}
-			if (store.mfaCode && !claimResponse.some((x) => isEqual(x.mfaCode, [store.mfaCode]))) return onProcessError({
-				req,
-				res,
-				stage: "verify-mfa-code",
-				err: new Error(errors.mfaMismatch[locale])
-			});
-			if (!userChallenge) return res.jsonp({ error: errors.challengeMismatch[locale] });
-			if (userChallenge !== store.challenge) return res.jsonp({ error: errors.challengeMismatch[locale] });
-			const error = await checkUser({
-				context: req.context,
-				userDid,
-				userPk
-			});
-			if (error) return res.jsonp({ error });
-			const isConnected = store.currentStep > 0;
-			if (isConnected === false) {
-				const newClaims = await onConnect(cbParams);
-				if (newClaims) {
-					await tokenStorage.update(token, {
-						dynamic: !persistentDynamicClaims,
-						dynamicClaims: persistentDynamicClaims ? newClaims : void 0
-					});
-					if (Array.isArray(newClaims)) steps.push(...newClaims);
-					else steps.push(newClaims);
-				}
-			}
-			const onLastStep = async (result) => {
-				let nextWorkflow = isUrl(extraParams.nw) ? extraParams.nw : "";
-				if (nextWorkflow && result && result.nextWorkflowData) {
-					if (isPlainObject(result.nextWorkflowData) === false) return onProcessError({
-						req,
-						res,
-						stage: "validate-next-workflow-data",
-						err: /* @__PURE__ */ new Error(`expect nextWorkflowData should be a plain object, got: ${result.nextWorkflowData}`)
-					});
-					const tmp = new URL(nextWorkflow);
-					const merged = Object.assign(extraParams.previousWorkflowData || {}, result.nextWorkflowData);
-					const previousWorkflowData = toBase64(JSON.stringify(merged));
-					if (previousWorkflowData.length > 8192) return onProcessError({
-						req,
-						res,
-						stage: "append-next-workflow",
-						err: /* @__PURE__ */ new Error("base64 encoded nextWorkflowData should be less than 8192 characters")
-					});
-					if (isDeepLink(nextWorkflow)) {
-						const actualUrl = decodeURIComponent(tmp.searchParams.get("url"));
-						const obj = new URL(actualUrl);
-						obj.searchParams.set("previousWorkflowData", previousWorkflowData);
-						tmp.searchParams.set("url", obj.href);
-					} else tmp.searchParams.set("previousWorkflowData", previousWorkflowData);
-					nextWorkflow = tmp.href;
-				}
-				const updates = {};
-				let actualNw = nextWorkflow || result?.nextWorkflow || "";
-				if (actualNw) {
-					if (isDeepLink(actualNw)) actualNw = new URL(actualNw).searchParams.get("url");
-					if (actualNw) updates.nextWorkflow = decodeURIComponent(actualNw);
-				}
-				if (result?.nextToken && result.nextWorkflow) try {
-					await tokenStorage.update(result.nextToken, { prevToken: token });
-				} catch (err) {
-					console.error("DIDAuth: failed to to update nextToken", err);
-					updates.status = SESSION_STATUS.SUCCEED;
-				}
-				else {
-					if (store.prevToken) try {
-						await tokenStorage.update(store.prevToken, { status: SESSION_STATUS.SUCCEED });
-					} catch (err) {
-						console.error("DIDAuth: failed to to update prevToken", err);
-					}
-					updates.status = SESSION_STATUS.SUCCEED;
-				}
-				await tokenStorage.update(token, updates);
-				return res.jsonp({ ...Object.assign({ nextWorkflow }, result || {}) });
-			};
-			if (steps.length === 1) return onLastStep(await onAuth(cbParams));
-			if (isConnected && store.currentStep < steps.length) {
-				const result = await onAuth(cbParams);
-				if (store.currentStep === steps.length - 1) return onLastStep(result);
-			}
-			const nextStep = store.currentStep + 1;
-			const nextChallenge = getStepChallenge();
-			await tokenStorage.update(token, {
-				currentStep: nextStep,
-				challenge: nextChallenge,
-				mfaCode: 0
-			});
-			const signParams = await getSignParams(req);
-			try {
-				const nextSignedClaim = await authenticator.sign(Object.assign(signParams, {
-					context: {
-						token,
-						userDid,
-						userPk,
-						didwallet,
-						...pick(store, [
-							"currentStep",
-							"sharedKey",
-							"encryptionKey"
-						]),
-						mfaCode: store.mfaSupported ? createMfaCodeGenerator(token) : void 0
-					},
-					claims: steps[nextStep],
-					pathname: _preparePathname(getPathName(pathname, req), req),
-					baseUrl: prepareBaseUrl(req, extraParams),
-					extraParams,
-					challenge: nextChallenge,
-					appInfo: store.appInfo,
-					memberAppInfo: store.memberAppInfo,
-					request: req
-				}));
-				return res.jsonp(encrypt(nextSignedClaim, store));
-			} catch (err) {
-				return onProcessError({
-					req,
-					res,
-					stage: "next-auth-claim",
-					err
-				});
-			}
-		} catch (err) {
-			onProcessError({
-				req,
-				res,
-				stage: "verify-auth-claim",
-				err
-			});
-		}
-	};
-	const ensureContext = async (req, _res, next) => {
-		const didwallet = parseWalletUA(req.query["user-agent"] || req.headers["user-agent"]);
-		const params = {
-			...req.body,
-			...req.query,
-			...req.params
-		};
-		const token = params[tokenKey];
-		const locale = getLocale(req);
-		let store = null;
-		if (token) {
-			store = await tokenStorage.read(token);
-			if (params.previousWorkflowData) try {
-				store.extraParams.previousWorkflowData = JSON.parse(fromBase64(params.previousWorkflowData).toString());
-				await tokenStorage.update(token, { extraParams: store.extraParams });
-			} catch (e) {
-				console.warn("Could not parse previousWorkflowData", params.previousWorkflowData, e);
-			}
-			if (store?.destToken && typeof params.notrace === "undefined") {
-				const result = await tokenStorage.read(store.destToken);
-				if (result) store = result;
-			}
-		}
-		req.context = {
-			locale,
-			token,
-			didwallet,
-			params,
-			store
-		};
-		return next();
-	};
-	const ensureSignedJson = (req, res, next) => {
-		if (req.ensureSignedJson === void 0) {
-			req.ensureSignedJson = true;
-			const originJsonp = res.jsonp;
-			res.jsonp = async (payload) => {
-				if (payload.appPk && payload.authInfo) return originJsonp.call(res, payload);
-				const data = payload.response ? { response: payload.response } : { response: payload };
-				const fields = [
-					"error",
-					"errorMessage",
-					"successMessage",
-					"nextWorkflow",
-					"nextUrl",
-					"cookies",
-					"storages"
-				];
-				fields.forEach((x) => {
-					if (payload[x]) data[x] = payload[x];
-				});
-				data.errorMessage = data.error || data.errorMessage || "";
-				if (typeof data.response === "object") data.response = omit(data.response, fields);
-				const token$1 = {
-					...req.body,
-					...req.query,
-					...req.params
-				}[tokenKey];
-				const store$1 = token$1 ? await tokenStorage.read(token$1) : null;
-				const extraParams = get(store$1, "extraParams", {});
-				const signedData = await authenticator.signResponse(data, prepareBaseUrl(req, extraParams), req, extraParams);
-				originJsonp.call(res, encrypt(signedData, store$1));
-			};
-		}
-		const { token, store, locale } = req.context;
-		if (!token || !store) return res.jsonp({ error: errors.token404[locale] });
-		next();
-	};
-	return {
-		generateSession,
-		expireSession,
-		checkSession,
-		onAuthRequest,
-		onAuthResponse,
-		ensureContext,
-		ensureSignedJson,
-		createExtraParams
-	};
-}
-//#endregion
-export { createHandlers as default, errors, getStepChallenge, isConnectedOnly, isDeepLink, parseWalletUA, prepareBaseUrl, preparePathname };