@cedros/login-react 0.0.15 → 0.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (126) hide show
  1. package/dist/{AuthenticationSettings-Dg6ATgOl.js → AuthenticationSettings-BipaLyGg.js} +19 -19
  2. package/dist/{AuthenticationSettings-Dg6ATgOl.js.map → AuthenticationSettings-BipaLyGg.js.map} +1 -1
  3. package/dist/{AuthenticationSettings-CjGGqbcS.cjs → AuthenticationSettings-Cb80XWPm.cjs} +1 -1
  4. package/dist/{AuthenticationSettings-CjGGqbcS.cjs.map → AuthenticationSettings-Cb80XWPm.cjs.map} +1 -1
  5. package/dist/{AuthenticationSettings-DGWktSVw.js → AuthenticationSettings-Cfn0No6U.js} +1 -1
  6. package/dist/{AuthenticationSettings-DGWktSVw.js.map → AuthenticationSettings-Cfn0No6U.js.map} +1 -1
  7. package/dist/{AuthenticationSettings-HhrUAmM6.cjs → AuthenticationSettings-Cu0S0Z7s.cjs} +1 -1
  8. package/dist/{AuthenticationSettings-HhrUAmM6.cjs.map → AuthenticationSettings-Cu0S0Z7s.cjs.map} +1 -1
  9. package/dist/{AutosaveStatus-DeViUyyI.js → AutosaveStatus-BKc7T2Tw.js} +323 -242
  10. package/dist/AutosaveStatus-BKc7T2Tw.js.map +1 -0
  11. package/dist/AutosaveStatus-BjLMt52a.cjs +1 -0
  12. package/dist/AutosaveStatus-BjLMt52a.cjs.map +1 -0
  13. package/dist/{CreditSystemSettings-DBr7QS59.js → CreditSystemSettings-CvcacgMM.js} +1 -1
  14. package/dist/{CreditSystemSettings-DBr7QS59.js.map → CreditSystemSettings-CvcacgMM.js.map} +1 -1
  15. package/dist/{CreditSystemSettings-CSlsQynZ.js → CreditSystemSettings-D13lZbIw.js} +1 -1
  16. package/dist/{CreditSystemSettings-CSlsQynZ.js.map → CreditSystemSettings-D13lZbIw.js.map} +1 -1
  17. package/dist/{CreditSystemSettings-CyFQbXMh.cjs → CreditSystemSettings-DO-dUcxN.cjs} +1 -1
  18. package/dist/{CreditSystemSettings-CyFQbXMh.cjs.map → CreditSystemSettings-DO-dUcxN.cjs.map} +1 -1
  19. package/dist/{CreditSystemSettings-BykhytcS.cjs → CreditSystemSettings-DV0VkPIe.cjs} +1 -1
  20. package/dist/{CreditSystemSettings-BykhytcS.cjs.map → CreditSystemSettings-DV0VkPIe.cjs.map} +1 -1
  21. package/dist/{EmailRegisterForm-Pvm3I8GP.cjs → EmailRegisterForm-CdTuvJmf.cjs} +1 -1
  22. package/dist/{EmailRegisterForm-Pvm3I8GP.cjs.map → EmailRegisterForm-CdTuvJmf.cjs.map} +1 -1
  23. package/dist/{EmailRegisterForm-nI0BOIxR.js → EmailRegisterForm-CxOdldks.js} +1 -1
  24. package/dist/{EmailRegisterForm-nI0BOIxR.js.map → EmailRegisterForm-CxOdldks.js.map} +1 -1
  25. package/dist/{EmailSettings-Bup2rCgU.cjs → EmailSettings-BkR7vlWL.cjs} +1 -1
  26. package/dist/{EmailSettings-Bup2rCgU.cjs.map → EmailSettings-BkR7vlWL.cjs.map} +1 -1
  27. package/dist/EmailSettings-CLMdw3rB.js +78 -0
  28. package/dist/EmailSettings-CLMdw3rB.js.map +1 -0
  29. package/dist/EmailSettings-Dq3mfUr2.cjs +1 -0
  30. package/dist/EmailSettings-Dq3mfUr2.cjs.map +1 -0
  31. package/dist/{EmailSettings-C04qdJCz.js → EmailSettings-ulEHtH2y.js} +1 -1
  32. package/dist/{EmailSettings-C04qdJCz.js.map → EmailSettings-ulEHtH2y.js.map} +1 -1
  33. package/dist/{EmbeddedWalletSettings-DYh884HP.js → EmbeddedWalletSettings-BTTV8Nqi.js} +46 -31
  34. package/dist/EmbeddedWalletSettings-BTTV8Nqi.js.map +1 -0
  35. package/dist/EmbeddedWalletSettings-C7H0E8Uz.cjs +1 -0
  36. package/dist/EmbeddedWalletSettings-C7H0E8Uz.cjs.map +1 -0
  37. package/dist/{EmbeddedWalletSettings-DDFQhQOw.js → EmbeddedWalletSettings-CLWh2TbV.js} +1 -1
  38. package/dist/{EmbeddedWalletSettings-DDFQhQOw.js.map → EmbeddedWalletSettings-CLWh2TbV.js.map} +1 -1
  39. package/dist/{EmbeddedWalletSettings-YX0Dk_b_.cjs → EmbeddedWalletSettings-DGmCVyex.cjs} +1 -1
  40. package/dist/{EmbeddedWalletSettings-YX0Dk_b_.cjs.map → EmbeddedWalletSettings-DGmCVyex.cjs.map} +1 -1
  41. package/dist/PermissionsSection-BPbE-hNx.cjs.map +1 -1
  42. package/dist/PermissionsSection-CighC1p6.js.map +1 -1
  43. package/dist/{ServerSettings-CInJe4jY.cjs → ServerSettings-CPAoiDtn.cjs} +1 -1
  44. package/dist/{ServerSettings-CInJe4jY.cjs.map → ServerSettings-CPAoiDtn.cjs.map} +1 -1
  45. package/dist/ServerSettings-Ch8MCmAY.js +91 -0
  46. package/dist/ServerSettings-Ch8MCmAY.js.map +1 -0
  47. package/dist/ServerSettings-CqDd59iM.cjs +1 -0
  48. package/dist/ServerSettings-CqDd59iM.cjs.map +1 -0
  49. package/dist/{ServerSettings-DVEtfDQo.js → ServerSettings-DooVeOet.js} +1 -1
  50. package/dist/{ServerSettings-DVEtfDQo.js.map → ServerSettings-DooVeOet.js.map} +1 -1
  51. package/dist/{WebhookSettings-DdbxNPZ9.js → WebhookSettings-B6mjH90_.js} +1 -1
  52. package/dist/{WebhookSettings-DdbxNPZ9.js.map → WebhookSettings-B6mjH90_.js.map} +1 -1
  53. package/dist/WebhookSettings-BG77iqJC.js +63 -0
  54. package/dist/WebhookSettings-BG77iqJC.js.map +1 -0
  55. package/dist/{WebhookSettings-BMeykdRP.cjs → WebhookSettings-BeiUAcKs.cjs} +1 -1
  56. package/dist/{WebhookSettings-BMeykdRP.cjs.map → WebhookSettings-BeiUAcKs.cjs.map} +1 -1
  57. package/dist/WebhookSettings-WMJ5zPjY.cjs +1 -0
  58. package/dist/WebhookSettings-WMJ5zPjY.cjs.map +1 -0
  59. package/dist/admin-only.cjs +1 -1
  60. package/dist/admin-only.d.ts +109 -14
  61. package/dist/admin-only.js +4 -3
  62. package/dist/email-only.cjs +1 -1
  63. package/dist/email-only.d.ts +56 -6
  64. package/dist/email-only.js +2 -2
  65. package/dist/google-only.cjs +1 -1
  66. package/dist/google-only.d.ts +56 -6
  67. package/dist/google-only.js +1 -1
  68. package/dist/index.cjs +13 -13
  69. package/dist/index.cjs.map +1 -1
  70. package/dist/index.d.ts +330 -34
  71. package/dist/index.js +2505 -3553
  72. package/dist/index.js.map +1 -1
  73. package/dist/login-react.css +1 -1
  74. package/dist/mobileWalletAdapter-Dp4yFxCm.cjs +1 -0
  75. package/dist/mobileWalletAdapter-Dp4yFxCm.cjs.map +1 -0
  76. package/dist/mobileWalletAdapter-coZRD4Yx.js +291 -0
  77. package/dist/mobileWalletAdapter-coZRD4Yx.js.map +1 -0
  78. package/dist/{plugin-CnbFRy5o.cjs → plugin-BgMAc6DA.cjs} +1 -1
  79. package/dist/{plugin-CnbFRy5o.cjs.map → plugin-BgMAc6DA.cjs.map} +1 -1
  80. package/dist/{plugin-CW_ycXye.js → plugin-Bhf9zaly.js} +82 -70
  81. package/dist/{plugin-CW_ycXye.js.map → plugin-Bhf9zaly.js.map} +1 -1
  82. package/dist/{shamir-4DyQMJCk.cjs → shamir-CiBczzDN.cjs} +1 -1
  83. package/dist/{shamir-4DyQMJCk.cjs.map → shamir-CiBczzDN.cjs.map} +1 -1
  84. package/dist/{shamir-L-s-Tp1Z.js → shamir-OAB2zD9Y.js} +1 -1
  85. package/dist/{shamir-L-s-Tp1Z.js.map → shamir-OAB2zD9Y.js.map} +1 -1
  86. package/dist/{silentWalletEnroll-DWt6Pr3B.js → silentWalletEnroll-FqXS7Rvh.js} +2 -2
  87. package/dist/{silentWalletEnroll-DWt6Pr3B.js.map → silentWalletEnroll-FqXS7Rvh.js.map} +1 -1
  88. package/dist/{silentWalletEnroll-BgTb4H5I.cjs → silentWalletEnroll-wnkcB9HP.cjs} +1 -1
  89. package/dist/{silentWalletEnroll-BgTb4H5I.cjs.map → silentWalletEnroll-wnkcB9HP.cjs.map} +1 -1
  90. package/dist/solana-only.cjs +1 -1
  91. package/dist/solana-only.d.ts +112 -6
  92. package/dist/solana-only.js +6 -5
  93. package/dist/useAuth-X6Ds6WW4.cjs +1 -0
  94. package/dist/useAuth-X6Ds6WW4.cjs.map +1 -0
  95. package/dist/{useAuth-C3dpk0po.js → useAuth-m5Hf89v8.js} +805 -749
  96. package/dist/useAuth-m5Hf89v8.js.map +1 -0
  97. package/package.json +4 -1
  98. package/dist/AutosaveStatus-BDWxAg4U.cjs +0 -1
  99. package/dist/AutosaveStatus-BDWxAg4U.cjs.map +0 -1
  100. package/dist/AutosaveStatus-DeViUyyI.js.map +0 -1
  101. package/dist/EmailSettings-C0Ss6Cne.cjs +0 -1
  102. package/dist/EmailSettings-C0Ss6Cne.cjs.map +0 -1
  103. package/dist/EmailSettings-DAqH_xum.js +0 -17
  104. package/dist/EmailSettings-DAqH_xum.js.map +0 -1
  105. package/dist/EmbeddedWalletSettings-B0XkNuPR.cjs +0 -1
  106. package/dist/EmbeddedWalletSettings-B0XkNuPR.cjs.map +0 -1
  107. package/dist/EmbeddedWalletSettings-DYh884HP.js.map +0 -1
  108. package/dist/ServerSettings-CwnEI-PC.cjs +0 -1
  109. package/dist/ServerSettings-CwnEI-PC.cjs.map +0 -1
  110. package/dist/ServerSettings-DakhpYcO.js +0 -84
  111. package/dist/ServerSettings-DakhpYcO.js.map +0 -1
  112. package/dist/SettingsPageLayout-C6DWgyXS.cjs +0 -1
  113. package/dist/SettingsPageLayout-C6DWgyXS.cjs.map +0 -1
  114. package/dist/SettingsPageLayout-CLJI6hFQ.js +0 -50
  115. package/dist/SettingsPageLayout-CLJI6hFQ.js.map +0 -1
  116. package/dist/SolanaLoginButton-BjOxpE1C.cjs +0 -1
  117. package/dist/SolanaLoginButton-BjOxpE1C.cjs.map +0 -1
  118. package/dist/SolanaLoginButton-P22QjBaO.js +0 -262
  119. package/dist/SolanaLoginButton-P22QjBaO.js.map +0 -1
  120. package/dist/WebhookSettings-BNVooF0B.cjs +0 -1
  121. package/dist/WebhookSettings-BNVooF0B.cjs.map +0 -1
  122. package/dist/WebhookSettings-DXeDYhAe.js +0 -17
  123. package/dist/WebhookSettings-DXeDYhAe.js.map +0 -1
  124. package/dist/useAuth-C3dpk0po.js.map +0 -1
  125. package/dist/useAuth-D3Pk_H3z.cjs +0 -1
  126. package/dist/useAuth-D3Pk_H3z.cjs.map +0 -1
package/dist/{silentWalletEnroll-DWt6Pr3B.js → silentWalletEnroll-FqXS7Rvh.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import { A as g } from "./useCedrosLogin-_94MmGGq.js";
2
- import { g as f, a as w, D as i, b as K, t as b, c as p, w as S } from "./useAuth-C3dpk0po.js";
3
- import { s as T, a as k, g as B, p as D } from "./shamir-L-s-Tp1Z.js";
2
+ import { g as f, a as w, D as i, b as K, t as b, c as p, w as S } from "./useAuth-m5Hf89v8.js";
3
+ import { s as T, a as k, g as B, p as D } from "./shamir-OAB2zD9Y.js";
4
4
  async function P(u) {
5
5
  const { password: A, serverUrl: h, accessToken: r, timeoutMs: y = 3e4 } = u, s = [];
6
6
  try {
package/dist/{silentWalletEnroll-DWt6Pr3B.js.map → silentWalletEnroll-FqXS7Rvh.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"silentWalletEnroll-DWt6Pr3B.js","sources":["../src/utils/silentWalletEnroll.ts"],"sourcesContent":["/**\n * Silent wallet enrollment utility\n *\n * Performs wallet enrollment in the background without UI interaction.\n * Used for auto-enrolling wallets during registration.\n *\n * Security: Uses the same Shamir Secret Sharing scheme as manual enrollment.\n * The recovery phrase is not shown - user can retrieve it later if needed.\n */\n\nimport {\n generateSeed,\n generateArgon2Salt,\n splitSecret,\n argon2DeriveInWorker,\n aesGcmEncryptToBase64,\n uint8ArrayToBase64,\n getPublicKeyFromSeed,\n publicKeyToBase58,\n wipeAll,\n toEncryptionKey,\n DEFAULT_KDF_PARAMS,\n} from '../crypto';\nimport { ApiClient } from './apiClient';\nimport type { WalletEnrollRequest } from '../types/wallet';\n\nexport interface SilentEnrollOptions {\n /** User's password for Share A encryption */\n password: string;\n /** Server base URL */\n serverUrl: string;\n /** Access token for authentication (optional if using cookies) */\n accessToken?: string;\n /** Request timeout in ms */\n timeoutMs?: number;\n}\n\nexport interface SilentEnrollResult {\n success: boolean;\n solanaPubkey?: string;\n error?: string;\n}\n\n/**\n * Silently enroll a wallet for a user\n *\n * This function performs the complete wallet enrollment process:\n * 1. Generate 32-byte seed\n * 2. Split into 3 Shamir shares (threshold 2)\n * 3. Encrypt Share A with password-derived key (Argon2id)\n * 4. Derive Solana public key from seed\n * 5. Upload encrypted Share A + plaintext Share B to server\n *\n * The recovery phrase (Share C) is not returned - user can recover it\n * later through the wallet recovery flow if needed.\n *\n * @param options - Enrollment options\n * @returns Result with success status and Solana public key\n */\nexport async function silentWalletEnroll(\n options: SilentEnrollOptions\n): Promise<SilentEnrollResult> {\n const { password, serverUrl, accessToken, timeoutMs = 30000 } = options;\n\n // Track sensitive data for cleanup\n const sensitiveData: Uint8Array[] = [];\n\n try {\n // Step 1: Generate seed\n const seed = generateSeed();\n sensitiveData.push(seed);\n\n // Step 2: Split into shares\n const { shareA, shareB } = splitSecret(seed);\n sensitiveData.push(shareA, shareB);\n\n // Step 3: Derive encryption key from password\n const salt = generateArgon2Salt();\n const key = await argon2DeriveInWorker(password, salt, DEFAULT_KDF_PARAMS);\n sensitiveData.push(key);\n\n // Step 4: Encrypt Share A\n const encryptedA = await aesGcmEncryptToBase64(shareA, toEncryptionKey(key));\n\n // Step 5: Derive Solana public key\n const publicKey = getPublicKeyFromSeed(seed);\n const solanaPubkey = publicKeyToBase58(publicKey);\n\n // Step 6: Build enrollment request\n // Only send encrypted shares — never send the raw seed to the server\n const request: WalletEnrollRequest = {\n solanaPubkey,\n shareAAuthMethod: 'password',\n shareACiphertext: encryptedA.ciphertext,\n shareANonce: encryptedA.nonce,\n shareB: uint8ArrayToBase64(shareB),\n shareAKdfSalt: uint8ArrayToBase64(salt),\n shareAKdfParams: DEFAULT_KDF_PARAMS,\n };\n\n // Step 7: Upload to server\n // If accessToken provided, use it; otherwise rely on cookies\n const apiClient = new ApiClient({\n baseUrl: serverUrl,\n timeoutMs,\n getAccessToken: accessToken ? () => accessToken : undefined,\n });\n\n await apiClient.post('/wallet/enroll', request);\n\n return {\n success: true,\n solanaPubkey,\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Wallet enrollment failed';\n // Silent failure - don't break registration flow\n return {\n success: false,\n error: errorMessage,\n };\n } finally {\n // Always wipe sensitive data\n wipeAll(...sensitiveData);\n }\n}\n"],"names":["silentWalletEnroll","options","password","serverUrl","accessToken","timeoutMs","sensitiveData","seed","generateSeed","shareA","shareB","splitSecret","salt","generateArgon2Salt","key","argon2DeriveInWorker","DEFAULT_KDF_PARAMS","encryptedA","aesGcmEncryptToBase64","toEncryptionKey","publicKey","getPublicKeyFromSeed","solanaPubkey","publicKeyToBase58","request","uint8ArrayToBase64","ApiClient","err","wipeAll"],"mappings":";;;AA2DA,eAAsBA,EACpBC,GAC6B;AAC7B,QAAM,EAAE,UAAAC,GAAU,WAAAC,GAAW,aAAAC,GAAa,WAAAC,IAAY,QAAUJ,GAG1DK,IAA8B,CAAA;AAEpC,MAAI;AAEF,UAAMC,IAAOC,EAAA;AACb,IAAAF,EAAc,KAAKC,CAAI;AAGvB,UAAM,EAAE,QAAAE,GAAQ,QAAAC,MAAWC,EAAYJ,CAAI;AAC3C,IAAAD,EAAc,KAAKG,GAAQC,CAAM;AAGjC,UAAME,IAAOC,EAAA,GACPC,IAAM,MAAMC,EAAqBb,GAAUU,GAAMI,CAAkB;AACzE,IAAAV,EAAc,KAAKQ,CAAG;AAGtB,UAAMG,IAAa,MAAMC,EAAsBT,GAAQU,EAAgBL,CAAG,CAAC,GAGrEM,IAAYC,EAAqBd,CAAI,GACrCe,IAAeC,EAAkBH,CAAS,GAI1CI,IAA+B;AAAA,MACnC,cAAAF;AAAA,MACA,kBAAkB;AAAA,MAClB,kBAAkBL,EAAW;AAAA,MAC7B,aAAaA,EAAW;AAAA,MACxB,QAAQQ,EAAmBf,CAAM;AAAA,MACjC,eAAee,EAAmBb,CAAI;AAAA,MACtC,iBAAiBI;AAAA,IAAA;AAWnB,iBANkB,IAAIU,EAAU;AAAA,MAC9B,SAASvB;AAAA,MACT,WAAAE;AAAA,MACA,gBAAgBD,IAAc,MAAMA,IAAc;AAAA,IAAA,CACnD,EAEe,KAAK,kBAAkBoB,CAAO,GAEvC;AAAA,MACL,SAAS;AAAA,MACT,cAAAF;AAAA,IAAA;AAAA,EAEJ,SAASK,GAAK;AAGZ,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAJmBA,aAAe,QAAQA,EAAI,UAAU;AAAA,IAIjD;AAAA,EAEX,UAAA;AAEE,IAAAC,EAAQ,GAAGtB,CAAa;AAAA,EAC1B;AACF;"}
1
+ {"version":3,"file":"silentWalletEnroll-FqXS7Rvh.js","sources":["../src/utils/silentWalletEnroll.ts"],"sourcesContent":["/**\n * Silent wallet enrollment utility\n *\n * Performs wallet enrollment in the background without UI interaction.\n * Used for auto-enrolling wallets during registration.\n *\n * Security: Uses the same Shamir Secret Sharing scheme as manual enrollment.\n * The recovery phrase is not shown - user can retrieve it later if needed.\n */\n\nimport {\n generateSeed,\n generateArgon2Salt,\n splitSecret,\n argon2DeriveInWorker,\n aesGcmEncryptToBase64,\n uint8ArrayToBase64,\n getPublicKeyFromSeed,\n publicKeyToBase58,\n wipeAll,\n toEncryptionKey,\n DEFAULT_KDF_PARAMS,\n} from '../crypto';\nimport { ApiClient } from './apiClient';\nimport type { WalletEnrollRequest } from '../types/wallet';\n\nexport interface SilentEnrollOptions {\n /** User's password for Share A encryption */\n password: string;\n /** Server base URL */\n serverUrl: string;\n /** Access token for authentication (optional if using cookies) */\n accessToken?: string;\n /** Request timeout in ms */\n timeoutMs?: number;\n}\n\nexport interface SilentEnrollResult {\n success: boolean;\n solanaPubkey?: string;\n error?: string;\n}\n\n/**\n * Silently enroll a wallet for a user\n *\n * This function performs the complete wallet enrollment process:\n * 1. Generate 32-byte seed\n * 2. Split into 3 Shamir shares (threshold 2)\n * 3. Encrypt Share A with password-derived key (Argon2id)\n * 4. Derive Solana public key from seed\n * 5. Upload encrypted Share A + plaintext Share B to server\n *\n * The recovery phrase (Share C) is not returned - user can recover it\n * later through the wallet recovery flow if needed.\n *\n * @param options - Enrollment options\n * @returns Result with success status and Solana public key\n */\nexport async function silentWalletEnroll(\n options: SilentEnrollOptions\n): Promise<SilentEnrollResult> {\n const { password, serverUrl, accessToken, timeoutMs = 30000 } = options;\n\n // Track sensitive data for cleanup\n const sensitiveData: Uint8Array[] = [];\n\n try {\n // Step 1: Generate seed\n const seed = generateSeed();\n sensitiveData.push(seed);\n\n // Step 2: Split into shares\n const { shareA, shareB } = splitSecret(seed);\n sensitiveData.push(shareA, shareB);\n\n // Step 3: Derive encryption key from password\n const salt = generateArgon2Salt();\n const key = await argon2DeriveInWorker(password, salt, DEFAULT_KDF_PARAMS);\n sensitiveData.push(key);\n\n // Step 4: Encrypt Share A\n const encryptedA = await aesGcmEncryptToBase64(shareA, toEncryptionKey(key));\n\n // Step 5: Derive Solana public key\n const publicKey = getPublicKeyFromSeed(seed);\n const solanaPubkey = publicKeyToBase58(publicKey);\n\n // Step 6: Build enrollment request\n // Only send encrypted shares — never send the raw seed to the server\n const request: WalletEnrollRequest = {\n solanaPubkey,\n shareAAuthMethod: 'password',\n shareACiphertext: encryptedA.ciphertext,\n shareANonce: encryptedA.nonce,\n shareB: uint8ArrayToBase64(shareB),\n shareAKdfSalt: uint8ArrayToBase64(salt),\n shareAKdfParams: DEFAULT_KDF_PARAMS,\n };\n\n // Step 7: Upload to server\n // If accessToken provided, use it; otherwise rely on cookies\n const apiClient = new ApiClient({\n baseUrl: serverUrl,\n timeoutMs,\n getAccessToken: accessToken ? () => accessToken : undefined,\n });\n\n await apiClient.post('/wallet/enroll', request);\n\n return {\n success: true,\n solanaPubkey,\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Wallet enrollment failed';\n // Silent failure - don't break registration flow\n return {\n success: false,\n error: errorMessage,\n };\n } finally {\n // Always wipe sensitive data\n wipeAll(...sensitiveData);\n }\n}\n"],"names":["silentWalletEnroll","options","password","serverUrl","accessToken","timeoutMs","sensitiveData","seed","generateSeed","shareA","shareB","splitSecret","salt","generateArgon2Salt","key","argon2DeriveInWorker","DEFAULT_KDF_PARAMS","encryptedA","aesGcmEncryptToBase64","toEncryptionKey","publicKey","getPublicKeyFromSeed","solanaPubkey","publicKeyToBase58","request","uint8ArrayToBase64","ApiClient","err","wipeAll"],"mappings":";;;AA2DA,eAAsBA,EACpBC,GAC6B;AAC7B,QAAM,EAAE,UAAAC,GAAU,WAAAC,GAAW,aAAAC,GAAa,WAAAC,IAAY,QAAUJ,GAG1DK,IAA8B,CAAA;AAEpC,MAAI;AAEF,UAAMC,IAAOC,EAAA;AACb,IAAAF,EAAc,KAAKC,CAAI;AAGvB,UAAM,EAAE,QAAAE,GAAQ,QAAAC,MAAWC,EAAYJ,CAAI;AAC3C,IAAAD,EAAc,KAAKG,GAAQC,CAAM;AAGjC,UAAME,IAAOC,EAAA,GACPC,IAAM,MAAMC,EAAqBb,GAAUU,GAAMI,CAAkB;AACzE,IAAAV,EAAc,KAAKQ,CAAG;AAGtB,UAAMG,IAAa,MAAMC,EAAsBT,GAAQU,EAAgBL,CAAG,CAAC,GAGrEM,IAAYC,EAAqBd,CAAI,GACrCe,IAAeC,EAAkBH,CAAS,GAI1CI,IAA+B;AAAA,MACnC,cAAAF;AAAA,MACA,kBAAkB;AAAA,MAClB,kBAAkBL,EAAW;AAAA,MAC7B,aAAaA,EAAW;AAAA,MACxB,QAAQQ,EAAmBf,CAAM;AAAA,MACjC,eAAee,EAAmBb,CAAI;AAAA,MACtC,iBAAiBI;AAAA,IAAA;AAWnB,iBANkB,IAAIU,EAAU;AAAA,MAC9B,SAASvB;AAAA,MACT,WAAAE;AAAA,MACA,gBAAgBD,IAAc,MAAMA,IAAc;AAAA,IAAA,CACnD,EAEe,KAAK,kBAAkBoB,CAAO,GAEvC;AAAA,MACL,SAAS;AAAA,MACT,cAAAF;AAAA,IAAA;AAAA,EAEJ,SAASK,GAAK;AAGZ,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAJmBA,aAAe,QAAQA,EAAI,UAAU;AAAA,IAIjD;AAAA,EAEX,UAAA;AAEE,IAAAC,EAAQ,GAAGtB,CAAa;AAAA,EAC1B;AACF;"}
package/dist/{silentWalletEnroll-BgTb4H5I.cjs → silentWalletEnroll-wnkcB9HP.cjs} RENAMED
@@ -1 +1 @@
1
- "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const S=require("./useCedrosLogin-C9MrcZvh.cjs"),e=require("./useAuth-D3Pk_H3z.cjs"),t=require("./shamir-4DyQMJCk.cjs");async function T(A){const{password:p,serverUrl:h,accessToken:n,timeoutMs:y=3e4}=A,r=[];try{const s=e.generateSeed();r.push(s);const{shareA:a,shareB:o}=t.splitSecret(s);r.push(a,o);const c=e.generateArgon2Salt(),l=await t.argon2DeriveInWorker(p,c,e.DEFAULT_KDF_PARAMS);r.push(l);const i=await e.aesGcmEncryptToBase64(a,e.toEncryptionKey(l)),d=t.getPublicKeyFromSeed(s),u=t.publicKeyToBase58(d),g={solanaPubkey:u,shareAAuthMethod:"password",shareACiphertext:i.ciphertext,shareANonce:i.nonce,shareB:e.uint8ArrayToBase64(o),shareAKdfSalt:e.uint8ArrayToBase64(c),shareAKdfParams:e.DEFAULT_KDF_PARAMS};return await new S.ApiClient({baseUrl:h,timeoutMs:y,getAccessToken:n?()=>n:void 0}).post("/wallet/enroll",g),{success:!0,solanaPubkey:u}}catch(s){return{success:!1,error:s instanceof Error?s.message:"Wallet enrollment failed"}}finally{e.wipeAll(...r)}}exports.silentWalletEnroll=T;
1
+ "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const S=require("./useCedrosLogin-C9MrcZvh.cjs"),e=require("./useAuth-X6Ds6WW4.cjs"),t=require("./shamir-CiBczzDN.cjs");async function T(A){const{password:p,serverUrl:h,accessToken:n,timeoutMs:y=3e4}=A,r=[];try{const s=e.generateSeed();r.push(s);const{shareA:a,shareB:o}=t.splitSecret(s);r.push(a,o);const c=e.generateArgon2Salt(),l=await t.argon2DeriveInWorker(p,c,e.DEFAULT_KDF_PARAMS);r.push(l);const i=await e.aesGcmEncryptToBase64(a,e.toEncryptionKey(l)),d=t.getPublicKeyFromSeed(s),u=t.publicKeyToBase58(d),g={solanaPubkey:u,shareAAuthMethod:"password",shareACiphertext:i.ciphertext,shareANonce:i.nonce,shareB:e.uint8ArrayToBase64(o),shareAKdfSalt:e.uint8ArrayToBase64(c),shareAKdfParams:e.DEFAULT_KDF_PARAMS};return await new S.ApiClient({baseUrl:h,timeoutMs:y,getAccessToken:n?()=>n:void 0}).post("/wallet/enroll",g),{success:!0,solanaPubkey:u}}catch(s){return{success:!1,error:s instanceof Error?s.message:"Wallet enrollment failed"}}finally{e.wipeAll(...r)}}exports.silentWalletEnroll=T;
package/dist/{silentWalletEnroll-BgTb4H5I.cjs.map → silentWalletEnroll-wnkcB9HP.cjs.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"silentWalletEnroll-BgTb4H5I.cjs","sources":["../src/utils/silentWalletEnroll.ts"],"sourcesContent":["/**\n * Silent wallet enrollment utility\n *\n * Performs wallet enrollment in the background without UI interaction.\n * Used for auto-enrolling wallets during registration.\n *\n * Security: Uses the same Shamir Secret Sharing scheme as manual enrollment.\n * The recovery phrase is not shown - user can retrieve it later if needed.\n */\n\nimport {\n generateSeed,\n generateArgon2Salt,\n splitSecret,\n argon2DeriveInWorker,\n aesGcmEncryptToBase64,\n uint8ArrayToBase64,\n getPublicKeyFromSeed,\n publicKeyToBase58,\n wipeAll,\n toEncryptionKey,\n DEFAULT_KDF_PARAMS,\n} from '../crypto';\nimport { ApiClient } from './apiClient';\nimport type { WalletEnrollRequest } from '../types/wallet';\n\nexport interface SilentEnrollOptions {\n /** User's password for Share A encryption */\n password: string;\n /** Server base URL */\n serverUrl: string;\n /** Access token for authentication (optional if using cookies) */\n accessToken?: string;\n /** Request timeout in ms */\n timeoutMs?: number;\n}\n\nexport interface SilentEnrollResult {\n success: boolean;\n solanaPubkey?: string;\n error?: string;\n}\n\n/**\n * Silently enroll a wallet for a user\n *\n * This function performs the complete wallet enrollment process:\n * 1. Generate 32-byte seed\n * 2. Split into 3 Shamir shares (threshold 2)\n * 3. Encrypt Share A with password-derived key (Argon2id)\n * 4. Derive Solana public key from seed\n * 5. Upload encrypted Share A + plaintext Share B to server\n *\n * The recovery phrase (Share C) is not returned - user can recover it\n * later through the wallet recovery flow if needed.\n *\n * @param options - Enrollment options\n * @returns Result with success status and Solana public key\n */\nexport async function silentWalletEnroll(\n options: SilentEnrollOptions\n): Promise<SilentEnrollResult> {\n const { password, serverUrl, accessToken, timeoutMs = 30000 } = options;\n\n // Track sensitive data for cleanup\n const sensitiveData: Uint8Array[] = [];\n\n try {\n // Step 1: Generate seed\n const seed = generateSeed();\n sensitiveData.push(seed);\n\n // Step 2: Split into shares\n const { shareA, shareB } = splitSecret(seed);\n sensitiveData.push(shareA, shareB);\n\n // Step 3: Derive encryption key from password\n const salt = generateArgon2Salt();\n const key = await argon2DeriveInWorker(password, salt, DEFAULT_KDF_PARAMS);\n sensitiveData.push(key);\n\n // Step 4: Encrypt Share A\n const encryptedA = await aesGcmEncryptToBase64(shareA, toEncryptionKey(key));\n\n // Step 5: Derive Solana public key\n const publicKey = getPublicKeyFromSeed(seed);\n const solanaPubkey = publicKeyToBase58(publicKey);\n\n // Step 6: Build enrollment request\n // Only send encrypted shares — never send the raw seed to the server\n const request: WalletEnrollRequest = {\n solanaPubkey,\n shareAAuthMethod: 'password',\n shareACiphertext: encryptedA.ciphertext,\n shareANonce: encryptedA.nonce,\n shareB: uint8ArrayToBase64(shareB),\n shareAKdfSalt: uint8ArrayToBase64(salt),\n shareAKdfParams: DEFAULT_KDF_PARAMS,\n };\n\n // Step 7: Upload to server\n // If accessToken provided, use it; otherwise rely on cookies\n const apiClient = new ApiClient({\n baseUrl: serverUrl,\n timeoutMs,\n getAccessToken: accessToken ? () => accessToken : undefined,\n });\n\n await apiClient.post('/wallet/enroll', request);\n\n return {\n success: true,\n solanaPubkey,\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Wallet enrollment failed';\n // Silent failure - don't break registration flow\n return {\n success: false,\n error: errorMessage,\n };\n } finally {\n // Always wipe sensitive data\n wipeAll(...sensitiveData);\n }\n}\n"],"names":["silentWalletEnroll","options","password","serverUrl","accessToken","timeoutMs","sensitiveData","seed","generateSeed","shareA","shareB","splitSecret","salt","generateArgon2Salt","key","argon2DeriveInWorker","DEFAULT_KDF_PARAMS","encryptedA","aesGcmEncryptToBase64","toEncryptionKey","publicKey","getPublicKeyFromSeed","solanaPubkey","publicKeyToBase58","request","uint8ArrayToBase64","ApiClient","err","wipeAll"],"mappings":"wMA2DA,eAAsBA,EACpBC,EAC6B,CAC7B,KAAM,CAAE,SAAAC,EAAU,UAAAC,EAAW,YAAAC,EAAa,UAAAC,EAAY,KAAUJ,EAG1DK,EAA8B,CAAA,EAEpC,GAAI,CAEF,MAAMC,EAAOC,EAAAA,aAAA,EACbF,EAAc,KAAKC,CAAI,EAGvB,KAAM,CAAE,OAAAE,EAAQ,OAAAC,GAAWC,EAAAA,YAAYJ,CAAI,EAC3CD,EAAc,KAAKG,EAAQC,CAAM,EAGjC,MAAME,EAAOC,EAAAA,mBAAA,EACPC,EAAM,MAAMC,EAAAA,qBAAqBb,EAAUU,EAAMI,EAAAA,kBAAkB,EACzEV,EAAc,KAAKQ,CAAG,EAGtB,MAAMG,EAAa,MAAMC,EAAAA,sBAAsBT,EAAQU,EAAAA,gBAAgBL,CAAG,CAAC,EAGrEM,EAAYC,EAAAA,qBAAqBd,CAAI,EACrCe,EAAeC,EAAAA,kBAAkBH,CAAS,EAI1CI,EAA+B,CACnC,aAAAF,EACA,iBAAkB,WAClB,iBAAkBL,EAAW,WAC7B,YAAaA,EAAW,MACxB,OAAQQ,EAAAA,mBAAmBf,CAAM,EACjC,cAAee,EAAAA,mBAAmBb,CAAI,EACtC,gBAAiBI,EAAAA,kBAAA,EAWnB,aANkB,IAAIU,YAAU,CAC9B,QAASvB,EACT,UAAAE,EACA,eAAgBD,EAAc,IAAMA,EAAc,MAAA,CACnD,EAEe,KAAK,iBAAkBoB,CAAO,EAEvC,CACL,QAAS,GACT,aAAAF,CAAA,CAEJ,OAASK,EAAK,CAGZ,MAAO,CACL,QAAS,GACT,MAJmBA,aAAe,MAAQA,EAAI,QAAU,0BAIjD,CAEX,QAAA,CAEEC,EAAAA,QAAQ,GAAGtB,CAAa,CAC1B,CACF"}
1
+ {"version":3,"file":"silentWalletEnroll-wnkcB9HP.cjs","sources":["../src/utils/silentWalletEnroll.ts"],"sourcesContent":["/**\n * Silent wallet enrollment utility\n *\n * Performs wallet enrollment in the background without UI interaction.\n * Used for auto-enrolling wallets during registration.\n *\n * Security: Uses the same Shamir Secret Sharing scheme as manual enrollment.\n * The recovery phrase is not shown - user can retrieve it later if needed.\n */\n\nimport {\n generateSeed,\n generateArgon2Salt,\n splitSecret,\n argon2DeriveInWorker,\n aesGcmEncryptToBase64,\n uint8ArrayToBase64,\n getPublicKeyFromSeed,\n publicKeyToBase58,\n wipeAll,\n toEncryptionKey,\n DEFAULT_KDF_PARAMS,\n} from '../crypto';\nimport { ApiClient } from './apiClient';\nimport type { WalletEnrollRequest } from '../types/wallet';\n\nexport interface SilentEnrollOptions {\n /** User's password for Share A encryption */\n password: string;\n /** Server base URL */\n serverUrl: string;\n /** Access token for authentication (optional if using cookies) */\n accessToken?: string;\n /** Request timeout in ms */\n timeoutMs?: number;\n}\n\nexport interface SilentEnrollResult {\n success: boolean;\n solanaPubkey?: string;\n error?: string;\n}\n\n/**\n * Silently enroll a wallet for a user\n *\n * This function performs the complete wallet enrollment process:\n * 1. Generate 32-byte seed\n * 2. Split into 3 Shamir shares (threshold 2)\n * 3. Encrypt Share A with password-derived key (Argon2id)\n * 4. Derive Solana public key from seed\n * 5. Upload encrypted Share A + plaintext Share B to server\n *\n * The recovery phrase (Share C) is not returned - user can recover it\n * later through the wallet recovery flow if needed.\n *\n * @param options - Enrollment options\n * @returns Result with success status and Solana public key\n */\nexport async function silentWalletEnroll(\n options: SilentEnrollOptions\n): Promise<SilentEnrollResult> {\n const { password, serverUrl, accessToken, timeoutMs = 30000 } = options;\n\n // Track sensitive data for cleanup\n const sensitiveData: Uint8Array[] = [];\n\n try {\n // Step 1: Generate seed\n const seed = generateSeed();\n sensitiveData.push(seed);\n\n // Step 2: Split into shares\n const { shareA, shareB } = splitSecret(seed);\n sensitiveData.push(shareA, shareB);\n\n // Step 3: Derive encryption key from password\n const salt = generateArgon2Salt();\n const key = await argon2DeriveInWorker(password, salt, DEFAULT_KDF_PARAMS);\n sensitiveData.push(key);\n\n // Step 4: Encrypt Share A\n const encryptedA = await aesGcmEncryptToBase64(shareA, toEncryptionKey(key));\n\n // Step 5: Derive Solana public key\n const publicKey = getPublicKeyFromSeed(seed);\n const solanaPubkey = publicKeyToBase58(publicKey);\n\n // Step 6: Build enrollment request\n // Only send encrypted shares — never send the raw seed to the server\n const request: WalletEnrollRequest = {\n solanaPubkey,\n shareAAuthMethod: 'password',\n shareACiphertext: encryptedA.ciphertext,\n shareANonce: encryptedA.nonce,\n shareB: uint8ArrayToBase64(shareB),\n shareAKdfSalt: uint8ArrayToBase64(salt),\n shareAKdfParams: DEFAULT_KDF_PARAMS,\n };\n\n // Step 7: Upload to server\n // If accessToken provided, use it; otherwise rely on cookies\n const apiClient = new ApiClient({\n baseUrl: serverUrl,\n timeoutMs,\n getAccessToken: accessToken ? () => accessToken : undefined,\n });\n\n await apiClient.post('/wallet/enroll', request);\n\n return {\n success: true,\n solanaPubkey,\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Wallet enrollment failed';\n // Silent failure - don't break registration flow\n return {\n success: false,\n error: errorMessage,\n };\n } finally {\n // Always wipe sensitive data\n wipeAll(...sensitiveData);\n }\n}\n"],"names":["silentWalletEnroll","options","password","serverUrl","accessToken","timeoutMs","sensitiveData","seed","generateSeed","shareA","shareB","splitSecret","salt","generateArgon2Salt","key","argon2DeriveInWorker","DEFAULT_KDF_PARAMS","encryptedA","aesGcmEncryptToBase64","toEncryptionKey","publicKey","getPublicKeyFromSeed","solanaPubkey","publicKeyToBase58","request","uint8ArrayToBase64","ApiClient","err","wipeAll"],"mappings":"wMA2DA,eAAsBA,EACpBC,EAC6B,CAC7B,KAAM,CAAE,SAAAC,EAAU,UAAAC,EAAW,YAAAC,EAAa,UAAAC,EAAY,KAAUJ,EAG1DK,EAA8B,CAAA,EAEpC,GAAI,CAEF,MAAMC,EAAOC,EAAAA,aAAA,EACbF,EAAc,KAAKC,CAAI,EAGvB,KAAM,CAAE,OAAAE,EAAQ,OAAAC,GAAWC,EAAAA,YAAYJ,CAAI,EAC3CD,EAAc,KAAKG,EAAQC,CAAM,EAGjC,MAAME,EAAOC,EAAAA,mBAAA,EACPC,EAAM,MAAMC,EAAAA,qBAAqBb,EAAUU,EAAMI,EAAAA,kBAAkB,EACzEV,EAAc,KAAKQ,CAAG,EAGtB,MAAMG,EAAa,MAAMC,EAAAA,sBAAsBT,EAAQU,EAAAA,gBAAgBL,CAAG,CAAC,EAGrEM,EAAYC,EAAAA,qBAAqBd,CAAI,EACrCe,EAAeC,EAAAA,kBAAkBH,CAAS,EAI1CI,EAA+B,CACnC,aAAAF,EACA,iBAAkB,WAClB,iBAAkBL,EAAW,WAC7B,YAAaA,EAAW,MACxB,OAAQQ,EAAAA,mBAAmBf,CAAM,EACjC,cAAee,EAAAA,mBAAmBb,CAAI,EACtC,gBAAiBI,EAAAA,kBAAA,EAWnB,aANkB,IAAIU,YAAU,CAC9B,QAASvB,EACT,UAAAE,EACA,eAAgBD,EAAc,IAAMA,EAAc,MAAA,CACnD,EAEe,KAAK,iBAAkBoB,CAAO,EAEvC,CACL,QAAS,GACT,aAAAF,CAAA,CAEJ,OAASK,EAAK,CAGZ,MAAO,CACL,QAAS,GACT,MAJmBA,aAAe,MAAQA,EAAI,QAAU,0BAIjD,CAEX,QAAA,CAEEC,EAAAA,QAAQ,GAAGtB,CAAa,CAC1B,CACF"}
package/dist/solana-only.cjs CHANGED
@@ -1 +1 @@
1
- "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("./useAuth-D3Pk_H3z.cjs"),r=require("./useCedrosLogin-C9MrcZvh.cjs"),o=require("./SolanaLoginButton-BjOxpE1C.cjs"),n=require("./LoadingSpinner-d6sSxgQN.cjs"),s=require("./ErrorMessage-CHbYbVi2.cjs");exports.CedrosLoginProvider=e.CedrosLoginProvider;exports.useAuth=e.useAuth;exports.useCedrosLogin=r.useCedrosLogin;exports.SolanaLoginButton=o.SolanaLoginButton;exports.useSolanaAuth=o.useSolanaAuth;exports.LoadingSpinner=n.LoadingSpinner;exports.ErrorMessage=s.ErrorMessage;
1
+ "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const r=require("./useAuth-X6Ds6WW4.cjs"),o=require("./useCedrosLogin-C9MrcZvh.cjs"),e=require("./mobileWalletAdapter-Dp4yFxCm.cjs"),n=require("./LoadingSpinner-d6sSxgQN.cjs"),i=require("./ErrorMessage-CHbYbVi2.cjs");exports.CedrosLoginProvider=r.CedrosLoginProvider;exports.useAuth=r.useAuth;exports.useCedrosLogin=o.useCedrosLogin;exports.SolanaLoginButton=e.SolanaLoginButton;exports.registerMobileWallet=e.registerMobileWallet;exports.useSolanaAuth=e.useSolanaAuth;exports.LoadingSpinner=n.LoadingSpinner;exports.ErrorMessage=i.ErrorMessage;
package/dist/solana-only.d.ts CHANGED
@@ -98,16 +98,44 @@ export declare interface AuthUser {
98
98
  }
99
99
 
100
100
  /**
101
- * Full configuration for CedrosLoginProvider
101
+ * Full configuration for the authentication system.
102
+ *
103
+ * **Note:** When passing config to `<CedrosLoginProvider>`, use
104
+ * {@link CedrosLoginProviderConfig} instead — it extends this type
105
+ * with `features: 'auto'` support. This base type is used internally
106
+ * after the provider resolves auto-discovery.
107
+ *
108
+ * ```
109
+ * CedrosLoginProviderConfig (public prop type — accepts features: 'auto')
110
+ * └── CedrosLoginConfig (internal type — features is always FeatureFlags)
111
+ * ```
102
112
  */
103
113
  export declare interface CedrosLoginConfig {
104
114
  /** Auth server base URL */
105
115
  serverUrl: string;
106
116
  /** App name for Solana message: "Login to {appName}". Default: window.location.hostname */
107
117
  appName?: string;
108
- /** Google OAuth client ID. Required if Google auth enabled */
118
+ /**
119
+ * Google OAuth client ID. Required if Google auth enabled.
120
+ *
121
+ * **CSP requirements** (when using Google One Tap / credential popup):
122
+ * ```
123
+ * script-src https://accounts.google.com;
124
+ * connect-src https://accounts.google.com;
125
+ * frame-src https://accounts.google.com;
126
+ * ```
127
+ */
109
128
  googleClientId?: string;
110
- /** Apple Sign In client ID (Services ID). Required if Apple auth enabled */
129
+ /**
130
+ * Apple Sign In client ID (Services ID). Required if Apple auth enabled.
131
+ *
132
+ * **CSP requirements** (when using Apple Sign In popup):
133
+ * ```
134
+ * script-src https://appleid.cdn-apple.com;
135
+ * connect-src https://appleid.apple.com;
136
+ * frame-src https://appleid.apple.com;
137
+ * ```
138
+ */
111
139
  appleClientId?: string;
112
140
  /** Solana configuration options */
113
141
  solana?: SolanaConfig;
@@ -160,9 +188,31 @@ declare interface CedrosLoginInternalAPI {
160
188
  export declare function CedrosLoginProvider({ config, children }: CedrosLoginProviderProps): JSX.Element | null;
161
189
 
162
190
  /**
163
- * Config accepted by CedrosLoginProvider.
164
- * Same as CedrosLoginConfig but `features` also accepts `'auto'`
165
- * to fetch enabled methods from the server at startup.
191
+ * Config prop type for `<CedrosLoginProvider>`.
192
+ *
193
+ * Extends {@link CedrosLoginConfig} with one additional feature:
194
+ * the `features` field also accepts `'auto'` to fetch enabled
195
+ * auth methods from the server at startup.
196
+ *
197
+ * **`features: 'auto'` discovery contract:**
198
+ * - Calls `GET {serverUrl}/features` (no auth required, credentials omitted).
199
+ * - Response shape: `{ email, google, apple, solana, webauthn, instantLink }` (all booleans).
200
+ * - Timeout: `requestTimeout` or 5 000 ms. 1 retry on failure.
201
+ * - Fallback: all methods enabled (so the login page is never blank).
202
+ * - Children are not rendered until discovery completes.
203
+ * - `walletEnrollment` flag is client-only and is not part of the server response.
204
+ *
205
+ * When `features` is omitted or set to a `FeatureFlags` object, no server
206
+ * call is made and the flags are used as-is.
207
+ *
208
+ * @example
209
+ * ```tsx
210
+ * // Auto-discover enabled methods from the server:
211
+ * <CedrosLoginProvider config={{ serverUrl: '...', features: 'auto' }}>
212
+ *
213
+ * // Or specify explicitly:
214
+ * <CedrosLoginProvider config={{ serverUrl: '...', features: { email: true, google: true } }}>
215
+ * ```
166
216
  */
167
217
  declare type CedrosLoginProviderConfig = Omit<CedrosLoginConfig, 'features'> & {
168
218
  features?: FeatureFlags | 'auto';
@@ -292,6 +342,62 @@ declare interface LoadingSpinnerProps {
292
342
  announce?: boolean;
293
343
  }
294
344
 
345
+ /**
346
+ * Mobile Wallet Adapter (MWA) registration for web.
347
+ *
348
+ * On Android Chrome, MWA lets users authenticate with their installed Solana
349
+ * wallet app (e.g., Phantom, Solflare) via Android Intents — no browser
350
+ * extension needed.
351
+ *
352
+ * Once registered, MWA appears as a wallet option in the wallet adapter's
353
+ * wallet list (alongside browser extension wallets). Users see it as
354
+ * "Use Installed Wallet" in the wallet selector.
355
+ *
356
+ * Requires the optional peer dependency: @solana-mobile/wallet-standard-mobile
357
+ *
358
+ * @see https://docs.solanamobile.com/get-started/web/installation
359
+ */
360
+ export declare interface MobileWalletConfig {
361
+ /** App name shown in the wallet's authorization dialog */
362
+ name?: string;
363
+ /** App URI for identity verification */
364
+ uri?: string;
365
+ /** App icon path/URL shown in the wallet dialog */
366
+ icon?: string;
367
+ /** Solana cluster(s) to support. Default: ['solana:mainnet'] */
368
+ chains?: string[];
369
+ }
370
+
371
+ /**
372
+ * Register Mobile Wallet Adapter as a wallet-standard wallet.
373
+ *
374
+ * Call this once at your application root (before rendering). After registration,
375
+ * MWA automatically appears as "Use Installed Wallet" for users browsing on
376
+ * Android Chrome with a Solana wallet app installed.
377
+ *
378
+ * Must be called in a non-SSR context (browser only). For Next.js, call in a
379
+ * Client Component with `'use client'`.
380
+ *
381
+ * @example
382
+ * ```tsx
383
+ * import { registerMobileWallet, CedrosLoginProvider } from '@cedros/login-react';
384
+ *
385
+ * // Register before provider mounts
386
+ * registerMobileWallet({ name: 'My App', uri: 'https://myapp.com' });
387
+ *
388
+ * function App() {
389
+ * return (
390
+ * <CedrosLoginProvider config={{ serverUrl: '...' }}>
391
+ * <LoginForm />
392
+ * </CedrosLoginProvider>
393
+ * );
394
+ * }
395
+ * ```
396
+ *
397
+ * @returns true if registration succeeded, false if package not installed or SSR
398
+ */
399
+ export declare function registerMobileWallet(config?: MobileWalletConfig): boolean;
400
+
295
401
  /**
296
402
  * Session handling configuration
297
403
  *
package/dist/solana-only.js CHANGED
@@ -1,6 +1,6 @@
1
- import { C as e, u as s } from "./useAuth-C3dpk0po.js";
2
- import { u as n } from "./useCedrosLogin-_94MmGGq.js";
3
- import { S as u, u as i } from "./SolanaLoginButton-P22QjBaO.js";
1
+ import { C as e, u as s } from "./useAuth-m5Hf89v8.js";
2
+ import { u as t } from "./useCedrosLogin-_94MmGGq.js";
3
+ import { S as u, r as i, u as g } from "./mobileWalletAdapter-coZRD4Yx.js";
4
4
  import { L as f } from "./LoadingSpinner-6vml-zwr.js";
5
5
  import { E as m } from "./ErrorMessage-CcEK0pYO.js";
6
6
  export {
@@ -8,7 +8,8 @@ export {
8
8
  m as ErrorMessage,
9
9
  f as LoadingSpinner,
10
10
  u as SolanaLoginButton,
11
+ i as registerMobileWallet,
11
12
  s as useAuth,
12
- n as useCedrosLogin,
13
- i as useSolanaAuth
13
+ t as useCedrosLogin,
14
+ g as useSolanaAuth
14
15
  };
package/dist/useAuth-X6Ds6WW4.cjs ADDED
@@ -0,0 +1 @@
1
+ "use strict";const X=require("react/jsx-runtime"),o=require("react"),Ae=require("./LoadingSpinner-d6sSxgQN.cjs"),b=require("./useCedrosLogin-C9MrcZvh.cjs");let W=0;function He({theme:e,themeOverrides:t}){o.useEffect(()=>{if(typeof document>"u"||typeof window>"u")return;const A=document.documentElement;let i=!1;e==="dark"?i=!0:e==="light"?i=!1:i=window.matchMedia("(prefers-color-scheme: dark)").matches;let r=!1;i?(W++,r=!0,A.classList.add("cedros-dark")):W===0&&A.classList.remove("cedros-dark");const n=new Map;return t&&Object.entries(t).forEach(([s,g])=>{if(g){const C=A.style.getPropertyValue(s);n.set(s,C),A.style.setProperty(s,g)}}),()=>{r&&(W--,W===0&&A.classList.remove("cedros-dark")),n.forEach((s,g)=>{s?A.style.setProperty(g,s):A.style.removeProperty(g)})}},[e,t])}const Je={email:!0,google:!0,apple:!0,solana:!0,webauthn:!0,instantLink:!0};function Me(e,t,A){const[i,r]=o.useState(null),[n,s]=o.useState(),[g,C]=o.useState(),[I,y]=o.useState(t),p=o.useRef(!1);return o.useEffect(()=>{if(!t||p.current)return;p.current=!0,new b.ApiClient({baseUrl:e,timeoutMs:A??5e3,retryAttempts:1}).get("/features",{credentials:"omit"}).then(u=>{r({email:u.email,google:u.google,apple:u.apple,solana:u.solana,webauthn:u.webauthn,instantLink:u.instantLink}),s(u.googleClientId),C(u.appleClientId)}).catch(()=>{r(Je)}).finally(()=>{y(!1)})},[t,e,A]),{features:i,googleClientId:n,appleClientId:g,isLoading:I}}const Pe="cedros_tokens",Ve=6e4;class Ne{storage;requestedStorage;storageKey;tokens=null;expiresAt=0;refreshTimer=null;onRefreshNeeded=null;onSessionExpired=null;onRefreshError=null;isDestroyed=!1;sessionExpiredFired=!1;allowWebStorage;constructor(t="cookie",A=Pe,i={}){this.requestedStorage=t,this.storage=t,this.storageKey=A,this.allowWebStorage=i.allowWebStorage??!1,this.warnIfLocalStorage(),!this.allowWebStorage&&(this.requestedStorage==="localStorage"||this.requestedStorage==="sessionStorage")&&(this.storage="memory"),this.loadFromStorage()}warnIfLocalStorage(){if((this.requestedStorage==="localStorage"||this.requestedStorage==="sessionStorage")&&typeof console<"u"){const t=this.allowWebStorage?"":" (web storage disabled by default; set allowWebStorage=true to enable)";console.warn("[cedros-login] SECURITY: Using web storage for token storage. Tokens are vulnerable to XSS attacks."+t+" PRODUCTION RECOMMENDATIONS: (1) Use httpOnly cookie storage instead, (2) If web storage required: implement strict Content-Security-Policy, sanitize all input/output, audit third-party scripts. See https://owasp.org/www-community/attacks/xss/")}}setRefreshCallback(t){this.onRefreshNeeded=t,this.scheduleRefresh()}setSessionExpiredCallback(t){this.onSessionExpired=t}setRefreshErrorCallback(t){this.onRefreshError=t}setTokens(t){this.tokens=t,this.expiresAt=Date.now()+t.expiresIn*1e3,this.sessionExpiredFired=!1,this.saveToStorage(),this.scheduleRefresh()}getAccessToken(){if(this.isDestroyed)return null;const t=this.tokens?.accessToken;return t?Date.now()>=this.expiresAt?(this.clear(),this.fireSessionExpired(),null):t:null}getRefreshToken(){return this.tokens?.refreshToken??null}clear(){this.tokens=null,this.expiresAt=0,this.cancelRefresh(),this.clearStorage()}hasTokens(){return this.tokens!==null&&Date.now()<this.expiresAt}destroy(){this.isDestroyed=!0,this.cancelRefresh(),this.clearStorage(),this.onRefreshNeeded=null,this.onSessionExpired=null,this.onRefreshError=null,this.tokens=null}getTimeUntilExpiry(){return this.tokens?Math.max(0,this.expiresAt-Date.now()):0}fireSessionExpired(){this.sessionExpiredFired||(this.sessionExpiredFired=!0,this.onSessionExpired?.())}scheduleRefresh(){if(this.cancelRefresh(),!this.tokens||!this.onRefreshNeeded)return;const t=this.getTimeUntilExpiry(),A=Math.max(0,t-Ve);if(A<=0){if(this.isDestroyed)return;this.onRefreshNeeded().catch(i=>{if(this.isDestroyed)return;const r=i instanceof Error?i:new Error("Token refresh failed");this.onRefreshError?.(r),this.clear(),this.fireSessionExpired()});return}this.refreshTimer=setTimeout(()=>{this.isDestroyed||this.onRefreshNeeded?.().catch(i=>{if(this.isDestroyed)return;const r=i instanceof Error?i:new Error("Token refresh failed");this.onRefreshError?.(r),this.clear(),this.fireSessionExpired()})},A)}cancelRefresh(){this.refreshTimer&&(clearTimeout(this.refreshTimer),this.refreshTimer=null)}loadFromStorage(){if(this.storage!=="memory"&&!(typeof window>"u")&&!(!this.allowWebStorage&&(this.storage==="localStorage"||this.storage==="sessionStorage")))try{if(this.storage==="localStorage"||this.storage==="sessionStorage"){const t=this.storage==="localStorage"?localStorage:sessionStorage,A=t.getItem(this.storageKey);if(A){const i=JSON.parse(A);this.isValidStoredTokenData(i)?i.expiresAt>Date.now()?(this.tokens=i.tokens,this.expiresAt=i.expiresAt):t.removeItem(this.storageKey):t.removeItem(this.storageKey)}}}catch{if(this.storage==="localStorage"||this.storage==="sessionStorage"){const t=this.storage==="localStorage"?localStorage:sessionStorage;try{t.removeItem(this.storageKey)}catch{}}}}isValidStoredTokenData(t){if(typeof t!="object"||t===null)return!1;const A=t;if(typeof A.expiresAt!="number"||typeof A.tokens!="object"||A.tokens===null)return!1;const i=A.tokens;return!(typeof i.accessToken!="string"||typeof i.refreshToken!="string"||typeof i.expiresIn!="number")}saveToStorage(){if(!(this.storage==="memory"||!this.tokens)&&!(typeof window>"u")&&!(!this.allowWebStorage&&(this.storage==="localStorage"||this.storage==="sessionStorage")))try{if(this.storage==="localStorage"||this.storage==="sessionStorage"){const t=this.storage==="localStorage"?localStorage:sessionStorage,A={tokens:this.tokens,expiresAt:this.expiresAt};t.setItem(this.storageKey,JSON.stringify(A))}}catch{}}clearStorage(){if(this.storage!=="memory"&&!(typeof window>"u")&&!(!this.allowWebStorage&&(this.storage==="localStorage"||this.storage==="sessionStorage")))try{(this.storage==="localStorage"||this.storage==="sessionStorage")&&(this.storage==="localStorage"?localStorage:sessionStorage).removeItem(this.storageKey)}catch{}}}const Ye="cedros_auth_sync";class xe{channel=null;callback=null;boundHandler=null;constructor(){typeof window<"u"&&"BroadcastChannel"in window&&(this.channel=new BroadcastChannel(Ye),this.boundHandler=this.handleMessage.bind(this),this.channel.addEventListener("message",this.boundHandler))}handleMessage(t){const A=t.data;if(!(!A||typeof A!="object"||typeof A.type!="string")&&["login","logout","refresh"].includes(A.type)){if(A.type==="login"){const i=A;if(typeof i.user!="object"||i.user===null||typeof i.user.id!="string")return}this.callback?.(A)}}setCallback(t){this.callback=t}broadcastLogin(t){this.channel?.postMessage({type:"login",user:t})}broadcastLogout(){this.channel?.postMessage({type:"logout"})}broadcastRefresh(){this.channel?.postMessage({type:"refresh"})}close(){this.channel&&(this.boundHandler&&(this.channel.removeEventListener("message",this.boundHandler),this.boundHandler=null),this.channel.close(),this.channel=null),this.callback=null}}function j(e){if(typeof e!="object"||e===null)return!1;const t=e;if(typeof t.user!="object"||t.user===null)return!1;const A=t.user;return typeof A.id=="string"&&A.id.length>0}function Oe(e){if(typeof e!="object"||e===null)return!1;const t=e;return typeof t.accessToken=="string"&&t.accessToken.length>0&&typeof t.refreshToken=="string"&&t.refreshToken.length>0&&typeof t.expiresIn=="number"&&t.expiresIn>0}function ve({serverUrl:e,session:t,callbacks:A,requestTimeoutMs:i}){const[r,n]=o.useState(null),[s,g]=o.useState("idle"),C=o.useRef(null),I=o.useRef(null),y=o.useRef(A),p=o.useRef(!0),Q=o.useRef(null),u=o.useRef(()=>Promise.resolve()),m=o.useRef(()=>{});o.useEffect(()=>{y.current=A},[A]),o.useEffect(()=>(p.current=!0,()=>{p.current=!1}),[]);const B=o.useCallback(h=>{p.current&&n(h)},[]),d=o.useCallback(h=>{p.current&&g(h)},[]),f=o.useMemo(()=>({storage:t?.storage??"cookie",autoRefresh:t?.autoRefresh??!0,syncTabs:t?.syncTabs??!0,persistKey:t?.persistKey,allowWebStorage:t?.allowWebStorage??!1}),[t?.storage,t?.autoRefresh,t?.syncTabs,t?.persistKey,t?.allowWebStorage]);o.useEffect(()=>{const h=new Ne(f.storage,f.persistKey,{allowWebStorage:f.allowWebStorage});return C.current=h,f.autoRefresh&&h.setRefreshCallback(()=>u.current()),h.setSessionExpiredCallback(()=>m.current()),f.syncTabs&&(I.current=new xe),()=>{h.destroy(),C.current=null,I.current?.close()}},[f.storage,f.syncTabs,f.persistKey,f.allowWebStorage,f.autoRefresh]);const F=o.useCallback(async()=>{if(Q.current)return Q.current;const h=C.current?.getRefreshToken(),S=!!h,K=b.getCsrfToken(),H={};S&&(H["Content-Type"]="application/json"),K&&(H["X-CSRF-Token"]=K);let G,M;const J=new Promise((L,ee)=>{G=L,M=ee});Q.current=J,(async()=>{const L=new AbortController,ee=i??1e4,Ke=window.setTimeout(()=>L.abort(),ee);try{const O=await fetch(`${e}/refresh`,{method:"POST",headers:Object.keys(H).length>0?H:void 0,credentials:"include",body:S?JSON.stringify({refreshToken:h}):void 0,signal:L.signal});if(!O.ok)throw new Error("Token refresh failed");const te=await O.json();if(te.tokens){if(!Oe(te.tokens))throw new Error("Invalid token response structure");C.current?.setTokens(te.tokens)}else if(f.storage!=="cookie")throw new Error("Token refresh failed");I.current?.broadcastRefresh(),G()}catch(O){throw M(O),O}finally{window.clearTimeout(Ke)}})().catch(()=>{});try{await J}finally{Q.current=null}},[e,f.storage,i]),k=o.useCallback(()=>{if(f.storage==="cookie")return;const h=C.current?.getAccessToken();if(h)return{Authorization:`Bearer ${h}`}},[f.storage]),U=o.useCallback(()=>{C.current?.clear(),B(null),d("unauthenticated"),y.current?.onSessionExpired?.()},[d,B]);u.current=F,m.current=U;const E=o.useCallback(h=>{const S=new AbortController,K=i??1e4,H=window.setTimeout(()=>S.abort(),K),G={},M=k();M&&Object.assign(G,M);const J=b.getCsrfToken();return J&&(G["X-CSRF-Token"]=J),{promise:fetch(h,{credentials:"include",headers:Object.keys(G).length>0?G:void 0,signal:S.signal}),cleanup:()=>window.clearTimeout(H)}},[k,i]),l=o.useCallback(async()=>{const h=E(`${e}/user`);try{const S=await h.promise;if(S.ok){const K=await S.json();if(j(K)){B(K.user),d("authenticated");return}}if(S.status===401&&f.autoRefresh){try{await F()}catch{U();return}const K=E(`${e}/user`);try{const H=await K.promise;if(H.ok){const G=await H.json();if(j(G)){B(G.user),d("authenticated");return}}}finally{K.cleanup()}}B(null),d("unauthenticated")}catch{B(null),d("unauthenticated")}finally{h.cleanup()}},[e,f.autoRefresh,F,E,U,d,B]);o.useEffect(()=>{!I.current||!f.syncTabs||I.current.setCallback(h=>{switch(h.type){case"login":B(h.user),d("authenticated");break;case"logout":B(null),d("unauthenticated"),C.current?.clear();break;case"refresh":l();break;default:console.warn("[Cedros Login] Unhandled tab sync event:",h)}})},[f.syncTabs,l,d,B]),o.useEffect(()=>{const h=new AbortController,S=i??1e4,K=window.setTimeout(()=>h.abort(),S);return(async()=>{d("loading");try{const G=await fetch(`${e}/user`,{credentials:"include",headers:k(),signal:h.signal});if(G.ok){const M=await G.json();if(j(M)){B(M.user),d("authenticated");return}}if(G.status===401&&f.autoRefresh){try{await F()}catch{U();return}const M=await fetch(`${e}/user`,{credentials:"include",headers:k(),signal:h.signal});if(M.ok){const J=await M.json();if(j(J)){B(J.user),d("authenticated");return}}}B(null),d("unauthenticated")}catch{B(null),d("unauthenticated")}})(),()=>{window.clearTimeout(K),h.abort()}},[e,f.autoRefresh,F,k,U,d,B,i]);const a=o.useCallback((h,S)=>{B(h),d("authenticated"),S&&C.current?.setTokens(S),p.current&&I.current?.broadcastLogin(h)},[B,d]),c=o.useCallback(async()=>{const h=b.getCsrfToken(),S=new AbortController,K=i??1e4,H=window.setTimeout(()=>S.abort(),K);try{await fetch(`${e}/logout`,{method:"POST",headers:{...h?{"X-CSRF-Token":h}:{},...k()??{}},credentials:"include",signal:S.signal})}catch{}finally{window.clearTimeout(H),B(null),d("unauthenticated"),C.current?.clear(),I.current?.broadcastLogout(),y.current?.onLogout?.()}},[e,k,B,d,i]),w=o.useCallback(()=>C.current?.getAccessToken()??null,[]);return{user:r,authState:s,handleLoginSuccess:a,logout:c,refreshUser:l,getAccessToken:w}}const Be={mCost:19456,tCost:2,pCost:1};function Re(e){return e.length===16}function Te(e){if(e.length===16)return!0;if(e.length<18)return!1;const t=e[0];return t===0||t===1||t===128||t===8}function Le(e){return e.length===32}function Xe(e){return e.length===12}function We(e){return e.length>=16}function je(e){return e.length===32}function de(e){if(!Re(e))throw new Error(`Invalid seed length: expected 16, got ${e.length}`);return e}function Ze(e){if(!Te(e))throw new Error(`Invalid share length: expected >=16, got ${e.length}`);return e}function ce(e){if(!Le(e))throw new Error(`Invalid key length: expected 32, got ${e.length}`);return e}function qe(e){if(!Xe(e))throw new Error(`Invalid nonce length: expected 12, got ${e.length}`);return e}function _e(e){if(!We(e))throw new Error(`Invalid salt length: expected >=16, got ${e.length}`);return e}function $e(e){if(!je(e))throw new Error(`Invalid PRF salt length: expected 32, got ${e.length}`);return e}function Y(e){return new Uint8Array(e)}function _(e){if(typeof crypto>"u"||!crypto.getRandomValues)throw new Error("WebCrypto API not available. Secure random generation requires a modern browser.");const t=new Uint8Array(e);return crypto.getRandomValues(t),t}function ze(){return de(_(16))}function et(){return qe(_(12))}function tt(){return _e(_(16))}function Ee(){return $e(_(32))}function Ce(e){if(!(!e||e.length===0)){if(typeof globalThis.crypto?.getRandomValues=="function")globalThis.crypto.getRandomValues(e);else for(let t=0;t<e.length;t++)e[t]=t*90&255;e.fill(0)}}function At(...e){for(const t of e)t&&Ce(t)}async function it(e){return crypto.subtle.importKey("raw",Y(e),{name:"AES-GCM",length:256},!1,["encrypt","decrypt"])}async function rt(e,t,A){const i=A??et(),r=await it(t),n=await crypto.subtle.encrypt({name:"AES-GCM",iv:Y(i)},r,Y(e));return{ciphertext:new Uint8Array(n),nonce:i}}async function nt(e,t){const A=await rt(e,t);return{ciphertext:T(A.ciphertext),nonce:T(A.nonce)}}function T(e){const A=[];for(let i=0;i<e.length;i+=32768){const r=e.subarray(i,Math.min(i+32768,e.length));A.push(String.fromCharCode(...r))}return btoa(A.join(""))}function pe(e){let t;try{t=atob(e)}catch{throw new Error("Invalid base64 string: input is malformed or contains invalid characters")}const A=new Uint8Array(t.length);for(let i=0;i<t.length;i++)A[i]=t.charCodeAt(i);return A}async function ot(e,t,A,i=32){const r=await crypto.subtle.importKey("raw",Y(e),"HKDF",!1,["deriveBits"]),n=new TextEncoder().encode(A),s=await crypto.subtle.deriveBits({name:"HKDF",hash:"SHA-256",salt:Y(t??new Uint8Array(32)),info:Y(n)},r,i*8);return new Uint8Array(s)}async function st(e,t){const A=await ot(e,t,"cedros-wallet-share-b-encryption",32);return ce(A)}async function It(){try{const e=await crypto.subtle.importKey("raw",new Uint8Array(32),"HKDF",!1,["deriveBits"]);return await crypto.subtle.deriveBits({name:"HKDF",hash:"SHA-256",salt:new Uint8Array(32),info:new Uint8Array(0)},e,256),!0}catch{return!1}}function x(e,t,A,i){function r(n){return n instanceof A?n:new A(function(s){s(n)})}return new(A||(A=Promise))(function(n,s){function g(y){try{I(i.next(y))}catch(p){s(p)}}function C(y){try{I(i.throw(y))}catch(p){s(p)}}function I(y){y.done?n(y.value):r(y.value).then(g,C)}I((i=i.apply(e,[])).next())})}class D{constructor(){this.mutex=Promise.resolve()}lock(){let t=()=>{};return this.mutex=this.mutex.then(()=>new Promise(t)),new Promise(A=>{t=A})}dispatch(t){return x(this,void 0,void 0,function*(){const A=yield this.lock();try{return yield Promise.resolve(t())}finally{A()}})}}var ie;function at(){return typeof globalThis<"u"?globalThis:typeof self<"u"?self:typeof window<"u"?window:global}const ae=at(),re=(ie=ae.Buffer)!==null&&ie!==void 0?ie:null,gt=ae.TextEncoder?new ae.TextEncoder:null;function ye(e,t){return(e&15)+(e>>6|e>>3&8)<<4|(t&15)+(t>>6|t>>3&8)}function ke(e,t){const A=t.length>>1;for(let i=0;i<A;i++){const r=i<<1;e[i]=ye(t.charCodeAt(r),t.charCodeAt(r+1))}}function lt(e,t){if(e.length!==t.length*2)return!1;for(let A=0;A<t.length;A++){const i=A<<1;if(t[A]!==ye(e.charCodeAt(i),e.charCodeAt(i+1)))return!1}return!0}const he=87,ue=48;function ge(e,t,A){let i=0;for(let r=0;r<A;r++){let n=t[r]>>>4;e[i++]=n>9?n+he:n+ue,n=t[r]&15,e[i++]=n>9?n+he:n+ue}return String.fromCharCode.apply(null,e)}const N=re!==null?e=>{if(typeof e=="string"){const t=re.from(e,"utf8");return new Uint8Array(t.buffer,t.byteOffset,t.length)}if(re.isBuffer(e))return new Uint8Array(e.buffer,e.byteOffset,e.length);if(ArrayBuffer.isView(e))return new Uint8Array(e.buffer,e.byteOffset,e.byteLength);throw new Error("Invalid data type!")}:e=>{if(typeof e=="string")return gt.encode(e);if(ArrayBuffer.isView(e))return new Uint8Array(e.buffer,e.byteOffset,e.byteLength);throw new Error("Invalid data type!")},P="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",R=new Uint8Array(256);for(let e=0;e<P.length;e++)R[P.charCodeAt(e)]=e;function fe(e,t=!0){const A=e.length,i=A%3,r=[],n=A-i;for(let s=0;s<n;s+=3){const g=(e[s]<<16&16711680)+(e[s+1]<<8&65280)+(e[s+2]&255),C=P.charAt(g>>18&63)+P.charAt(g>>12&63)+P.charAt(g>>6&63)+P.charAt(g&63);r.push(C)}if(i===1){const s=e[A-1],g=P.charAt(s>>2),C=P.charAt(s<<4&63);r.push(`${g}${C}`),t&&r.push("==")}else if(i===2){const s=(e[A-2]<<8)+e[A-1],g=P.charAt(s>>10),C=P.charAt(s>>4&63),I=P.charAt(s<<2&63);r.push(`${g}${C}${I}`),t&&r.push("=")}return r.join("")}function ct(e){let t=Math.floor(e.length*.75);const A=e.length;return e[A-1]==="="&&(t-=1,e[A-2]==="="&&(t-=1)),t}function Ct(e){const t=ct(e),A=e.length,i=new Uint8Array(t);let r=0;for(let n=0;n<A;n+=4){const s=R[e.charCodeAt(n)],g=R[e.charCodeAt(n+1)],C=R[e.charCodeAt(n+2)],I=R[e.charCodeAt(n+3)];i[r]=s<<2|g>>4,r+=1,i[r]=(g&15)<<4|C>>2,r+=1,i[r]=(C&3)<<6|I&63,r+=1}return i}const Z=16*1024,v=4,ht=new D,ne=new Map;function Se(e,t){return x(this,void 0,void 0,function*(){let A=null,i=null,r=!1;if(typeof WebAssembly>"u")throw new Error("WebAssembly is not supported in this environment!");const n=(l,a=0)=>{i.set(l,a)},s=()=>i,g=()=>A.exports,C=l=>{A.exports.Hash_SetMemorySize(l);const a=A.exports.Hash_GetBuffer(),c=A.exports.memory.buffer;i=new Uint8Array(c,a,l)},I=()=>new DataView(A.exports.memory.buffer).getUint32(A.exports.STATE_SIZE,!0),y=ht.dispatch(()=>x(this,void 0,void 0,function*(){if(!ne.has(e.name)){const a=Ct(e.data),c=WebAssembly.compile(a);ne.set(e.name,c)}const l=yield ne.get(e.name);A=yield WebAssembly.instantiate(l,{})})),p=()=>x(this,void 0,void 0,function*(){A||(yield y);const l=A.exports.Hash_GetBuffer(),a=A.exports.memory.buffer;i=new Uint8Array(a,l,Z)}),Q=(l=null)=>{r=!0,A.exports.Hash_Init(l)},u=l=>{let a=0;for(;a<l.length;){const c=l.subarray(a,a+Z);a+=c.length,i.set(c),A.exports.Hash_Update(c.length)}},m=l=>{if(!r)throw new Error("update() called before init()");const a=N(l);u(a)},B=new Uint8Array(t*2),d=(l,a=null)=>{if(!r)throw new Error("digest() called before init()");return r=!1,A.exports.Hash_Final(a),l==="binary"?i.slice(0,t):ge(B,i,t)},f=()=>{if(!r)throw new Error("save() can only be called after init() and before digest()");const l=A.exports.Hash_GetState(),a=I(),c=A.exports.memory.buffer,w=new Uint8Array(c,l,a),h=new Uint8Array(v+a);return ke(h,e.hash),h.set(w,v),h},F=l=>{if(!(l instanceof Uint8Array))throw new Error("load() expects an Uint8Array generated by save()");const a=A.exports.Hash_GetState(),c=I(),w=v+c,h=A.exports.memory.buffer;if(l.length!==w)throw new Error(`Bad state length (expected ${w} bytes, got ${l.length})`);if(!lt(e.hash,l.subarray(0,v)))throw new Error("This state was written by an incompatible hash implementation");const S=l.subarray(v);new Uint8Array(h,a,c).set(S),r=!0},k=l=>typeof l=="string"?l.length<Z/4:l.byteLength<Z;let U=k;switch(e.name){case"argon2":case"scrypt":U=()=>!0;break;case"blake2b":case"blake2s":U=(l,a)=>a<=512&&k(l);break;case"blake3":U=(l,a)=>a===0&&k(l);break;case"xxhash64":case"xxhash3":case"xxhash128":case"crc64":U=()=>!1;break}const E=(l,a=null,c=null)=>{if(!U(l,a))return Q(a),m(l),d("hex",c);const w=N(l);return i.set(w),A.exports.Hash_Calculate(w.length,a,c),ge(B,i,t)};return yield p(),{getMemory:s,writeMemory:n,getExports:g,setMemorySize:C,init:Q,update:m,digest:d,save:f,load:F,calculate:E,hashLength:t}})}new D;var ut="argon2",ft="AGFzbQEAAAABKQVgAX8Bf2AAAX9gEH9/f39/f39/f39/f39/f38AYAR/f39/AGACf38AAwYFAAECAwQFBgEBAoCAAgYIAX8BQZCoBAsHQQQGbWVtb3J5AgASSGFzaF9TZXRNZW1vcnlTaXplAAAOSGFzaF9HZXRCdWZmZXIAAQ5IYXNoX0NhbGN1bGF0ZQAECvEyBVgBAn9BACEBAkAgAEEAKAKICCICRg0AAkAgACACayIAQRB2IABBgIB8cSAASWoiAEAAQX9HDQBB/wHADwtBACEBQQBBACkDiAggAEEQdK18NwOICAsgAcALcAECfwJAQQAoAoAIIgANAEEAPwBBEHQiADYCgAhBACgCiAgiAUGAgCBGDQACQEGAgCAgAWsiAEEQdiAAQYCAfHEgAElqIgBAAEF/Rw0AQQAPC0EAQQApA4gIIABBEHStfDcDiAhBACgCgAghAAsgAAvcDgECfiAAIAQpAwAiECAAKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAMIBAgDCkDAIVCIIkiEDcDACAIIBAgCCkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgBCAQIAQpAwCFQiiJIhA3AwAgACAQIAApAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIAwgECAMKQMAhUIwiSIQNwMAIAggECAIKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAEIBAgBCkDAIVCAYk3AwAgASAFKQMAIhAgASkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgDSAQIA0pAwCFQiCJIhA3AwAgCSAQIAkpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAUgECAFKQMAhUIoiSIQNwMAIAEgECABKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACANIBAgDSkDAIVCMIkiEDcDACAJIBAgCSkDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgBSAQIAUpAwCFQgGJNwMAIAIgBikDACIQIAIpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIA4gECAOKQMAhUIgiSIQNwMAIAogECAKKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAGIBAgBikDAIVCKIkiEDcDACACIBAgAikDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgDiAQIA4pAwCFQjCJIhA3AwAgCiAQIAopAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIAYgECAGKQMAhUIBiTcDACADIAcpAwAiECADKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAPIBAgDykDAIVCIIkiEDcDACALIBAgCykDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgByAQIAcpAwCFQiiJIhA3AwAgAyAQIAMpAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIA8gECAPKQMAhUIwiSIQNwMAIAsgECALKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAHIBAgBykDAIVCAYk3AwAgACAFKQMAIhAgACkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgDyAQIA8pAwCFQiCJIhA3AwAgCiAQIAopAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAUgECAFKQMAhUIoiSIQNwMAIAAgECAAKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAPIBAgDykDAIVCMIkiEDcDACAKIBAgCikDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgBSAQIAUpAwCFQgGJNwMAIAEgBikDACIQIAEpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAwgECAMKQMAhUIgiSIQNwMAIAsgECALKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAGIBAgBikDAIVCKIkiEDcDACABIBAgASkDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgDCAQIAwpAwCFQjCJIhA3AwAgCyAQIAspAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIAYgECAGKQMAhUIBiTcDACACIAcpAwAiECACKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACANIBAgDSkDAIVCIIkiEDcDACAIIBAgCCkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgByAQIAcpAwCFQiiJIhA3AwAgAiAQIAIpAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIA0gECANKQMAhUIwiSIQNwMAIAggECAIKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAHIBAgBykDAIVCAYk3AwAgAyAEKQMAIhAgAykDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgDiAQIA4pAwCFQiCJIhA3AwAgCSAQIAkpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAQgECAEKQMAhUIoiSIQNwMAIAMgECADKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAOIBAgDikDAIVCMIkiEDcDACAJIBAgCSkDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgBCAQIAQpAwCFQgGJNwMAC98aAQN/QQAhBEEAIAIpAwAgASkDAIU3A5AIQQAgAikDCCABKQMIhTcDmAhBACACKQMQIAEpAxCFNwOgCEEAIAIpAxggASkDGIU3A6gIQQAgAikDICABKQMghTcDsAhBACACKQMoIAEpAyiFNwO4CEEAIAIpAzAgASkDMIU3A8AIQQAgAikDOCABKQM4hTcDyAhBACACKQNAIAEpA0CFNwPQCEEAIAIpA0ggASkDSIU3A9gIQQAgAikDUCABKQNQhTcD4AhBACACKQNYIAEpA1iFNwPoCEEAIAIpA2AgASkDYIU3A/AIQQAgAikDaCABKQNohTcD+AhBACACKQNwIAEpA3CFNwOACUEAIAIpA3ggASkDeIU3A4gJQQAgAikDgAEgASkDgAGFNwOQCUEAIAIpA4gBIAEpA4gBhTcDmAlBACACKQOQASABKQOQAYU3A6AJQQAgAikDmAEgASkDmAGFNwOoCUEAIAIpA6ABIAEpA6ABhTcDsAlBACACKQOoASABKQOoAYU3A7gJQQAgAikDsAEgASkDsAGFNwPACUEAIAIpA7gBIAEpA7gBhTcDyAlBACACKQPAASABKQPAAYU3A9AJQQAgAikDyAEgASkDyAGFNwPYCUEAIAIpA9ABIAEpA9ABhTcD4AlBACACKQPYASABKQPYAYU3A+gJQQAgAikD4AEgASkD4AGFNwPwCUEAIAIpA+gBIAEpA+gBhTcD+AlBACACKQPwASABKQPwAYU3A4AKQQAgAikD+AEgASkD+AGFNwOICkEAIAIpA4ACIAEpA4AChTcDkApBACACKQOIAiABKQOIAoU3A5gKQQAgAikDkAIgASkDkAKFNwOgCkEAIAIpA5gCIAEpA5gChTcDqApBACACKQOgAiABKQOgAoU3A7AKQQAgAikDqAIgASkDqAKFNwO4CkEAIAIpA7ACIAEpA7AChTcDwApBACACKQO4AiABKQO4AoU3A8gKQQAgAikDwAIgASkDwAKFNwPQCkEAIAIpA8gCIAEpA8gChTcD2ApBACACKQPQAiABKQPQAoU3A+AKQQAgAikD2AIgASkD2AKFNwPoCkEAIAIpA+ACIAEpA+AChTcD8ApBACACKQPoAiABKQPoAoU3A/gKQQAgAikD8AIgASkD8AKFNwOAC0EAIAIpA/gCIAEpA/gChTcDiAtBACACKQOAAyABKQOAA4U3A5ALQQAgAikDiAMgASkDiAOFNwOYC0EAIAIpA5ADIAEpA5ADhTcDoAtBACACKQOYAyABKQOYA4U3A6gLQQAgAikDoAMgASkDoAOFNwOwC0EAIAIpA6gDIAEpA6gDhTcDuAtBACACKQOwAyABKQOwA4U3A8ALQQAgAikDuAMgASkDuAOFNwPIC0EAIAIpA8ADIAEpA8ADhTcD0AtBACACKQPIAyABKQPIA4U3A9gLQQAgAikD0AMgASkD0AOFNwPgC0EAIAIpA9gDIAEpA9gDhTcD6AtBACACKQPgAyABKQPgA4U3A/ALQQAgAikD6AMgASkD6AOFNwP4C0EAIAIpA/ADIAEpA/ADhTcDgAxBACACKQP4AyABKQP4A4U3A4gMQQAgAikDgAQgASkDgASFNwOQDEEAIAIpA4gEIAEpA4gEhTcDmAxBACACKQOQBCABKQOQBIU3A6AMQQAgAikDmAQgASkDmASFNwOoDEEAIAIpA6AEIAEpA6AEhTcDsAxBACACKQOoBCABKQOoBIU3A7gMQQAgAikDsAQgASkDsASFNwPADEEAIAIpA7gEIAEpA7gEhTcDyAxBACACKQPABCABKQPABIU3A9AMQQAgAikDyAQgASkDyASFNwPYDEEAIAIpA9AEIAEpA9AEhTcD4AxBACACKQPYBCABKQPYBIU3A+gMQQAgAikD4AQgASkD4ASFNwPwDEEAIAIpA+gEIAEpA+gEhTcD+AxBACACKQPwBCABKQPwBIU3A4ANQQAgAikD+AQgASkD+ASFNwOIDUEAIAIpA4AFIAEpA4AFhTcDkA1BACACKQOIBSABKQOIBYU3A5gNQQAgAikDkAUgASkDkAWFNwOgDUEAIAIpA5gFIAEpA5gFhTcDqA1BACACKQOgBSABKQOgBYU3A7ANQQAgAikDqAUgASkDqAWFNwO4DUEAIAIpA7AFIAEpA7AFhTcDwA1BACACKQO4BSABKQO4BYU3A8gNQQAgAikDwAUgASkDwAWFNwPQDUEAIAIpA8gFIAEpA8gFhTcD2A1BACACKQPQBSABKQPQBYU3A+ANQQAgAikD2AUgASkD2AWFNwPoDUEAIAIpA+AFIAEpA+AFhTcD8A1BACACKQPoBSABKQPoBYU3A/gNQQAgAikD8AUgASkD8AWFNwOADkEAIAIpA/gFIAEpA/gFhTcDiA5BACACKQOABiABKQOABoU3A5AOQQAgAikDiAYgASkDiAaFNwOYDkEAIAIpA5AGIAEpA5AGhTcDoA5BACACKQOYBiABKQOYBoU3A6gOQQAgAikDoAYgASkDoAaFNwOwDkEAIAIpA6gGIAEpA6gGhTcDuA5BACACKQOwBiABKQOwBoU3A8AOQQAgAikDuAYgASkDuAaFNwPIDkEAIAIpA8AGIAEpA8AGhTcD0A5BACACKQPIBiABKQPIBoU3A9gOQQAgAikD0AYgASkD0AaFNwPgDkEAIAIpA9gGIAEpA9gGhTcD6A5BACACKQPgBiABKQPgBoU3A/AOQQAgAikD6AYgASkD6AaFNwP4DkEAIAIpA/AGIAEpA/AGhTcDgA9BACACKQP4BiABKQP4BoU3A4gPQQAgAikDgAcgASkDgAeFNwOQD0EAIAIpA4gHIAEpA4gHhTcDmA9BACACKQOQByABKQOQB4U3A6APQQAgAikDmAcgASkDmAeFNwOoD0EAIAIpA6AHIAEpA6AHhTcDsA9BACACKQOoByABKQOoB4U3A7gPQQAgAikDsAcgASkDsAeFNwPAD0EAIAIpA7gHIAEpA7gHhTcDyA9BACACKQPAByABKQPAB4U3A9APQQAgAikDyAcgASkDyAeFNwPYD0EAIAIpA9AHIAEpA9AHhTcD4A9BACACKQPYByABKQPYB4U3A+gPQQAgAikD4AcgASkD4AeFNwPwD0EAIAIpA+gHIAEpA+gHhTcD+A9BACACKQPwByABKQPwB4U3A4AQQQAgAikD+AcgASkD+AeFNwOIEEGQCEGYCEGgCEGoCEGwCEG4CEHACEHICEHQCEHYCEHgCEHoCEHwCEH4CEGACUGICRACQZAJQZgJQaAJQagJQbAJQbgJQcAJQcgJQdAJQdgJQeAJQegJQfAJQfgJQYAKQYgKEAJBkApBmApBoApBqApBsApBuApBwApByApB0ApB2ApB4ApB6ApB8ApB+ApBgAtBiAsQAkGQC0GYC0GgC0GoC0GwC0G4C0HAC0HIC0HQC0HYC0HgC0HoC0HwC0H4C0GADEGIDBACQZAMQZgMQaAMQagMQbAMQbgMQcAMQcgMQdAMQdgMQeAMQegMQfAMQfgMQYANQYgNEAJBkA1BmA1BoA1BqA1BsA1BuA1BwA1ByA1B0A1B2A1B4A1B6A1B8A1B+A1BgA5BiA4QAkGQDkGYDkGgDkGoDkGwDkG4DkHADkHIDkHQDkHYDkHgDkHoDkHwDkH4DkGAD0GIDxACQZAPQZgPQaAPQagPQbAPQbgPQcAPQcgPQdAPQdgPQeAPQegPQfAPQfgPQYAQQYgQEAJBkAhBmAhBkAlBmAlBkApBmApBkAtBmAtBkAxBmAxBkA1BmA1BkA5BmA5BkA9BmA8QAkGgCEGoCEGgCUGoCUGgCkGoCkGgC0GoC0GgDEGoDEGgDUGoDUGgDkGoDkGgD0GoDxACQbAIQbgIQbAJQbgJQbAKQbgKQbALQbgLQbAMQbgMQbANQbgNQbAOQbgOQbAPQbgPEAJBwAhByAhBwAlByAlBwApByApBwAtByAtBwAxByAxBwA1ByA1BwA5ByA5BwA9ByA8QAkHQCEHYCEHQCUHYCUHQCkHYCkHQC0HYC0HQDEHYDEHQDUHYDUHQDkHYDkHQD0HYDxACQeAIQegIQeAJQegJQeAKQegKQeALQegLQeAMQegMQeANQegNQeAOQegOQeAPQegPEAJB8AhB+AhB8AlB+AlB8ApB+ApB8AtB+AtB8AxB+AxB8A1B+A1B8A5B+A5B8A9B+A8QAkGACUGICUGACkGICkGAC0GIC0GADEGIDEGADUGIDUGADkGIDkGAD0GID0GAEEGIEBACAkACQCADRQ0AA0AgACAEaiIDIAIgBGoiBSkDACABIARqIgYpAwCFIARBkAhqKQMAhSADKQMAhTcDACADQQhqIgMgBUEIaikDACAGQQhqKQMAhSAEQZgIaikDAIUgAykDAIU3AwAgBEEQaiIEQYAIRw0ADAILC0EAIQQDQCAAIARqIgMgAiAEaiIFKQMAIAEgBGoiBikDAIUgBEGQCGopAwCFNwMAIANBCGogBUEIaikDACAGQQhqKQMAhSAEQZgIaikDAIU3AwAgBEEQaiIEQYAIRw0ACwsL5QcMBX8BfgR/An4BfwF+AX8Bfgd/AX4DfwF+AkBBACgCgAgiAiABQQp0aiIDKAIIIAFHDQAgAygCDCEEIAMoAgAhBUEAIAMoAhQiBq03A7gQQQAgBK0iBzcDsBBBACAFIAEgBUECdG4iCGwiCUECdK03A6gQAkACQAJAAkAgBEUNAEF/IQogBUUNASAIQQNsIQsgCEECdCIErSEMIAWtIQ0gBkF/akECSSEOQgAhDwNAQQAgDzcDkBAgD6chEEIAIRFBACEBA0BBACARNwOgECAPIBGEUCIDIA5xIRIgBkEBRiAPUCITIAZBAkYgEUICVHFxciEUQX8gAUEBakEDcSAIbEF/aiATGyEVIAEgEHIhFiABIAhsIRcgA0EBdCEYQgAhGQNAQQBCADcDwBBBACAZNwOYECAYIQECQCASRQ0AQQBCATcDwBBBkBhBkBBBkCBBABADQZAYQZAYQZAgQQAQA0ECIQELAkAgASAITw0AIAQgGaciGmwgF2ogAWohAwNAIANBACAEIAEbQQAgEVAiGxtqQX9qIRwCQAJAIBQNAEEAKAKACCICIBxBCnQiHGohCgwBCwJAIAFB/wBxIgINAEEAQQApA8AQQgF8NwPAEEGQGEGQEEGQIEEAEANBkBhBkBhBkCBBABADCyAcQQp0IRwgAkEDdEGQGGohCkEAKAKACCECCyACIANBCnRqIAIgHGogAiAKKQMAIh1CIIinIAVwIBogFhsiHCAEbCABIAFBACAZIBytUSIcGyIKIBsbIBdqIAogC2ogExsgAUUgHHJrIhsgFWqtIB1C/////w+DIh0gHX5CIIggG61+QiCIfSAMgqdqQQp0akEBEAMgA0EBaiEDIAggAUEBaiIBRw0ACwsgGUIBfCIZIA1SDQALIBFCAXwiEachASARQgRSDQALIA9CAXwiDyAHUg0AC0EAKAKACCECCyAJQQx0QYB4aiEXIAVBf2oiCkUNAgwBC0EAQgM3A6AQQQAgBEF/aq03A5AQQYB4IRcLIAIgF2ohGyAIQQx0IQhBACEcA0AgCCAcQQFqIhxsQYB4aiEEQQAhAQNAIBsgAWoiAyADKQMAIAIgBCABamopAwCFNwMAIANBCGoiAyADKQMAIAIgBCABQQhyamopAwCFNwMAIAFBCGohAyABQRBqIQEgA0H4B0kNAAsgHCAKRw0ACwsgAiAXaiEbQXghAQNAIAIgAWoiA0EIaiAbIAFqIgRBCGopAwA3AwAgA0EQaiAEQRBqKQMANwMAIANBGGogBEEYaikDADcDACADQSBqIARBIGopAwA3AwAgAUEgaiIBQfgHSQ0ACwsL",wt="e4cdc523",Qt={name:ut,data:ft,hash:wt},Bt="blake2b",dt="AGFzbQEAAAABEQRgAAF/YAJ/fwBgAX8AYAAAAwoJAAECAwECAgABBQQBAQICBg4CfwFBsIsFC38AQYAICwdwCAZtZW1vcnkCAA5IYXNoX0dldEJ1ZmZlcgAACkhhc2hfRmluYWwAAwlIYXNoX0luaXQABQtIYXNoX1VwZGF0ZQAGDUhhc2hfR2V0U3RhdGUABw5IYXNoX0NhbGN1bGF0ZQAIClNUQVRFX1NJWkUDAQrTOAkFAEGACQvrAgIFfwF+AkAgAUEBSA0AAkACQAJAIAFBgAFBACgC4IoBIgJrIgNKDQAgASEEDAELQQBBADYC4IoBAkAgAkH/AEoNACACQeCJAWohBSAAIQRBACEGA0AgBSAELQAAOgAAIARBAWohBCAFQQFqIQUgAyAGQQFqIgZB/wFxSg0ACwtBAEEAKQPAiQEiB0KAAXw3A8CJAUEAQQApA8iJASAHQv9+Vq18NwPIiQFB4IkBEAIgACADaiEAAkAgASADayIEQYEBSA0AIAIgAWohBQNAQQBBACkDwIkBIgdCgAF8NwPAiQFBAEEAKQPIiQEgB0L/flatfDcDyIkBIAAQAiAAQYABaiEAIAVBgH9qIgVBgAJLDQALIAVBgH9qIQQMAQsgBEEATA0BC0EAIQUDQCAFQQAoAuCKAWpB4IkBaiAAIAVqLQAAOgAAIAQgBUEBaiIFQf8BcUoNAAsLQQBBACgC4IoBIARqNgLgigELC78uASR+QQBBACkD0IkBQQApA7CJASIBQQApA5CJAXwgACkDICICfCIDhULr+obav7X2wR+FQiCJIgRCq/DT9K/uvLc8fCIFIAGFQiiJIgYgA3wgACkDKCIBfCIHIASFQjCJIgggBXwiCSAGhUIBiSIKQQApA8iJAUEAKQOoiQEiBEEAKQOIiQF8IAApAxAiA3wiBYVCn9j52cKR2oKbf4VCIIkiC0K7zqqm2NDrs7t/fCIMIASFQiiJIg0gBXwgACkDGCIEfCIOfCAAKQNQIgV8Ig9BACkDwIkBQQApA6CJASIQQQApA4CJASIRfCAAKQMAIgZ8IhKFQtGFmu/6z5SH0QCFQiCJIhNCiJLznf/M+YTqAHwiFCAQhUIoiSIVIBJ8IAApAwgiEHwiFiAThUIwiSIXhUIgiSIYQQApA9iJAUEAKQO4iQEiE0EAKQOYiQF8IAApAzAiEnwiGYVC+cL4m5Gjs/DbAIVCIIkiGkLx7fT4paf9p6V/fCIbIBOFQiiJIhwgGXwgACkDOCITfCIZIBqFQjCJIhogG3wiG3wiHSAKhUIoiSIeIA98IAApA1giCnwiDyAYhUIwiSIYIB18Ih0gDiALhUIwiSIOIAx8Ih8gDYVCAYkiDCAWfCAAKQNAIgt8Ig0gGoVCIIkiFiAJfCIaIAyFQiiJIiAgDXwgACkDSCIJfCIhIBaFQjCJIhYgGyAchUIBiSIMIAd8IAApA2AiB3wiDSAOhUIgiSIOIBcgFHwiFHwiFyAMhUIoiSIbIA18IAApA2giDHwiHCAOhUIwiSIOIBd8IhcgG4VCAYkiGyAZIBQgFYVCAYkiFHwgACkDcCINfCIVIAiFQiCJIhkgH3wiHyAUhUIoiSIUIBV8IAApA3giCHwiFXwgDHwiIoVCIIkiI3wiJCAbhUIoiSIbICJ8IBJ8IiIgFyAYIBUgGYVCMIkiFSAffCIZIBSFQgGJIhQgIXwgDXwiH4VCIIkiGHwiFyAUhUIoiSIUIB98IAV8Ih8gGIVCMIkiGCAXfCIXIBSFQgGJIhR8IAF8IiEgFiAafCIWIBUgHSAehUIBiSIaIBx8IAl8IhyFQiCJIhV8Ih0gGoVCKIkiGiAcfCAIfCIcIBWFQjCJIhWFQiCJIh4gGSAOIBYgIIVCAYkiFiAPfCACfCIPhUIgiSIOfCIZIBaFQiiJIhYgD3wgC3wiDyAOhUIwiSIOIBl8Ihl8IiAgFIVCKIkiFCAhfCAEfCIhIB6FQjCJIh4gIHwiICAiICOFQjCJIiIgJHwiIyAbhUIBiSIbIBx8IAp8IhwgDoVCIIkiDiAXfCIXIBuFQiiJIhsgHHwgE3wiHCAOhUIwiSIOIBkgFoVCAYkiFiAffCAQfCIZICKFQiCJIh8gFSAdfCIVfCIdIBaFQiiJIhYgGXwgB3wiGSAfhUIwiSIfIB18Ih0gFoVCAYkiFiAVIBqFQgGJIhUgD3wgBnwiDyAYhUIgiSIYICN8IhogFYVCKIkiFSAPfCADfCIPfCAHfCIihUIgiSIjfCIkIBaFQiiJIhYgInwgBnwiIiAjhUIwiSIjICR8IiQgFoVCAYkiFiAOIBd8Ig4gDyAYhUIwiSIPICAgFIVCAYkiFCAZfCAKfCIXhUIgiSIYfCIZIBSFQiiJIhQgF3wgC3wiF3wgBXwiICAPIBp8Ig8gHyAOIBuFQgGJIg4gIXwgCHwiGoVCIIkiG3wiHyAOhUIoiSIOIBp8IAx8IhogG4VCMIkiG4VCIIkiISAdIB4gDyAVhUIBiSIPIBx8IAF8IhWFQiCJIhx8Ih0gD4VCKIkiDyAVfCADfCIVIByFQjCJIhwgHXwiHXwiHiAWhUIoiSIWICB8IA18IiAgIYVCMIkiISAefCIeIBogFyAYhUIwiSIXIBl8IhggFIVCAYkiFHwgCXwiGSAchUIgiSIaICR8IhwgFIVCKIkiFCAZfCACfCIZIBqFQjCJIhogHSAPhUIBiSIPICJ8IAR8Ih0gF4VCIIkiFyAbIB98Iht8Ih8gD4VCKIkiDyAdfCASfCIdIBeFQjCJIhcgH3wiHyAPhUIBiSIPIBsgDoVCAYkiDiAVfCATfCIVICOFQiCJIhsgGHwiGCAOhUIoiSIOIBV8IBB8IhV8IAx8IiKFQiCJIiN8IiQgD4VCKIkiDyAifCAHfCIiICOFQjCJIiMgJHwiJCAPhUIBiSIPIBogHHwiGiAVIBuFQjCJIhUgHiAWhUIBiSIWIB18IAR8IhuFQiCJIhx8Ih0gFoVCKIkiFiAbfCAQfCIbfCABfCIeIBUgGHwiFSAXIBogFIVCAYkiFCAgfCATfCIYhUIgiSIXfCIaIBSFQiiJIhQgGHwgCXwiGCAXhUIwiSIXhUIgiSIgIB8gISAVIA6FQgGJIg4gGXwgCnwiFYVCIIkiGXwiHyAOhUIoiSIOIBV8IA18IhUgGYVCMIkiGSAffCIffCIhIA+FQiiJIg8gHnwgBXwiHiAghUIwiSIgICF8IiEgGyAchUIwiSIbIB18IhwgFoVCAYkiFiAYfCADfCIYIBmFQiCJIhkgJHwiHSAWhUIoiSIWIBh8IBJ8IhggGYVCMIkiGSAfIA6FQgGJIg4gInwgAnwiHyAbhUIgiSIbIBcgGnwiF3wiGiAOhUIoiSIOIB98IAZ8Ih8gG4VCMIkiGyAafCIaIA6FQgGJIg4gFSAXIBSFQgGJIhR8IAh8IhUgI4VCIIkiFyAcfCIcIBSFQiiJIhQgFXwgC3wiFXwgBXwiIoVCIIkiI3wiJCAOhUIoiSIOICJ8IAh8IiIgGiAgIBUgF4VCMIkiFSAcfCIXIBSFQgGJIhQgGHwgCXwiGIVCIIkiHHwiGiAUhUIoiSIUIBh8IAZ8IhggHIVCMIkiHCAafCIaIBSFQgGJIhR8IAR8IiAgGSAdfCIZIBUgISAPhUIBiSIPIB98IAN8Ih2FQiCJIhV8Ih8gD4VCKIkiDyAdfCACfCIdIBWFQjCJIhWFQiCJIiEgFyAbIBkgFoVCAYkiFiAefCABfCIZhUIgiSIbfCIXIBaFQiiJIhYgGXwgE3wiGSAbhUIwiSIbIBd8Ihd8Ih4gFIVCKIkiFCAgfCAMfCIgICGFQjCJIiEgHnwiHiAiICOFQjCJIiIgJHwiIyAOhUIBiSIOIB18IBJ8Ih0gG4VCIIkiGyAafCIaIA6FQiiJIg4gHXwgC3wiHSAbhUIwiSIbIBcgFoVCAYkiFiAYfCANfCIXICKFQiCJIhggFSAffCIVfCIfIBaFQiiJIhYgF3wgEHwiFyAYhUIwiSIYIB98Ih8gFoVCAYkiFiAVIA+FQgGJIg8gGXwgCnwiFSAchUIgiSIZICN8IhwgD4VCKIkiDyAVfCAHfCIVfCASfCIihUIgiSIjfCIkIBaFQiiJIhYgInwgBXwiIiAjhUIwiSIjICR8IiQgFoVCAYkiFiAbIBp8IhogFSAZhUIwiSIVIB4gFIVCAYkiFCAXfCADfCIXhUIgiSIZfCIbIBSFQiiJIhQgF3wgB3wiF3wgAnwiHiAVIBx8IhUgGCAaIA6FQgGJIg4gIHwgC3wiGoVCIIkiGHwiHCAOhUIoiSIOIBp8IAR8IhogGIVCMIkiGIVCIIkiICAfICEgFSAPhUIBiSIPIB18IAZ8IhWFQiCJIh18Ih8gD4VCKIkiDyAVfCAKfCIVIB2FQjCJIh0gH3wiH3wiISAWhUIoiSIWIB58IAx8Ih4gIIVCMIkiICAhfCIhIBogFyAZhUIwiSIXIBt8IhkgFIVCAYkiFHwgEHwiGiAdhUIgiSIbICR8Ih0gFIVCKIkiFCAafCAJfCIaIBuFQjCJIhsgHyAPhUIBiSIPICJ8IBN8Ih8gF4VCIIkiFyAYIBx8Ihh8IhwgD4VCKIkiDyAffCABfCIfIBeFQjCJIhcgHHwiHCAPhUIBiSIPIBggDoVCAYkiDiAVfCAIfCIVICOFQiCJIhggGXwiGSAOhUIoiSIOIBV8IA18IhV8IA18IiKFQiCJIiN8IiQgD4VCKIkiDyAifCAMfCIiICOFQjCJIiMgJHwiJCAPhUIBiSIPIBsgHXwiGyAVIBiFQjCJIhUgISAWhUIBiSIWIB98IBB8IhiFQiCJIh18Ih8gFoVCKIkiFiAYfCAIfCIYfCASfCIhIBUgGXwiFSAXIBsgFIVCAYkiFCAefCAHfCIZhUIgiSIXfCIbIBSFQiiJIhQgGXwgAXwiGSAXhUIwiSIXhUIgiSIeIBwgICAVIA6FQgGJIg4gGnwgAnwiFYVCIIkiGnwiHCAOhUIoiSIOIBV8IAV8IhUgGoVCMIkiGiAcfCIcfCIgIA+FQiiJIg8gIXwgBHwiISAehUIwiSIeICB8IiAgGCAdhUIwiSIYIB98Ih0gFoVCAYkiFiAZfCAGfCIZIBqFQiCJIhogJHwiHyAWhUIoiSIWIBl8IBN8IhkgGoVCMIkiGiAcIA6FQgGJIg4gInwgCXwiHCAYhUIgiSIYIBcgG3wiF3wiGyAOhUIoiSIOIBx8IAN8IhwgGIVCMIkiGCAbfCIbIA6FQgGJIg4gFSAXIBSFQgGJIhR8IAt8IhUgI4VCIIkiFyAdfCIdIBSFQiiJIhQgFXwgCnwiFXwgBHwiIoVCIIkiI3wiJCAOhUIoiSIOICJ8IAl8IiIgGyAeIBUgF4VCMIkiFSAdfCIXIBSFQgGJIhQgGXwgDHwiGYVCIIkiHXwiGyAUhUIoiSIUIBl8IAp8IhkgHYVCMIkiHSAbfCIbIBSFQgGJIhR8IAN8Ih4gGiAffCIaIBUgICAPhUIBiSIPIBx8IAd8IhyFQiCJIhV8Ih8gD4VCKIkiDyAcfCAQfCIcIBWFQjCJIhWFQiCJIiAgFyAYIBogFoVCAYkiFiAhfCATfCIahUIgiSIYfCIXIBaFQiiJIhYgGnwgDXwiGiAYhUIwiSIYIBd8Ihd8IiEgFIVCKIkiFCAefCAFfCIeICCFQjCJIiAgIXwiISAiICOFQjCJIiIgJHwiIyAOhUIBiSIOIBx8IAt8IhwgGIVCIIkiGCAbfCIbIA6FQiiJIg4gHHwgEnwiHCAYhUIwiSIYIBcgFoVCAYkiFiAZfCABfCIXICKFQiCJIhkgFSAffCIVfCIfIBaFQiiJIhYgF3wgBnwiFyAZhUIwiSIZIB98Ih8gFoVCAYkiFiAVIA+FQgGJIg8gGnwgCHwiFSAdhUIgiSIaICN8Ih0gD4VCKIkiDyAVfCACfCIVfCANfCIihUIgiSIjfCIkIBaFQiiJIhYgInwgCXwiIiAjhUIwiSIjICR8IiQgFoVCAYkiFiAYIBt8IhggFSAahUIwiSIVICEgFIVCAYkiFCAXfCASfCIXhUIgiSIafCIbIBSFQiiJIhQgF3wgCHwiF3wgB3wiISAVIB18IhUgGSAYIA6FQgGJIg4gHnwgBnwiGIVCIIkiGXwiHSAOhUIoiSIOIBh8IAt8IhggGYVCMIkiGYVCIIkiHiAfICAgFSAPhUIBiSIPIBx8IAp8IhWFQiCJIhx8Ih8gD4VCKIkiDyAVfCAEfCIVIByFQjCJIhwgH3wiH3wiICAWhUIoiSIWICF8IAN8IiEgHoVCMIkiHiAgfCIgIBggFyAahUIwiSIXIBt8IhogFIVCAYkiFHwgBXwiGCAchUIgiSIbICR8IhwgFIVCKIkiFCAYfCABfCIYIBuFQjCJIhsgHyAPhUIBiSIPICJ8IAx8Ih8gF4VCIIkiFyAZIB18Ihl8Ih0gD4VCKIkiDyAffCATfCIfIBeFQjCJIhcgHXwiHSAPhUIBiSIPIBkgDoVCAYkiDiAVfCAQfCIVICOFQiCJIhkgGnwiGiAOhUIoiSIOIBV8IAJ8IhV8IBN8IiKFQiCJIiN8IiQgD4VCKIkiDyAifCASfCIiICOFQjCJIiMgJHwiJCAPhUIBiSIPIBsgHHwiGyAVIBmFQjCJIhUgICAWhUIBiSIWIB98IAt8IhmFQiCJIhx8Ih8gFoVCKIkiFiAZfCACfCIZfCAJfCIgIBUgGnwiFSAXIBsgFIVCAYkiFCAhfCAFfCIahUIgiSIXfCIbIBSFQiiJIhQgGnwgA3wiGiAXhUIwiSIXhUIgiSIhIB0gHiAVIA6FQgGJIg4gGHwgEHwiFYVCIIkiGHwiHSAOhUIoiSIOIBV8IAF8IhUgGIVCMIkiGCAdfCIdfCIeIA+FQiiJIg8gIHwgDXwiICAhhUIwiSIhIB58Ih4gGSAchUIwiSIZIB98IhwgFoVCAYkiFiAafCAIfCIaIBiFQiCJIhggJHwiHyAWhUIoiSIWIBp8IAp8IhogGIVCMIkiGCAdIA6FQgGJIg4gInwgBHwiHSAZhUIgiSIZIBcgG3wiF3wiGyAOhUIoiSIOIB18IAd8Ih0gGYVCMIkiGSAbfCIbIA6FQgGJIg4gFSAXIBSFQgGJIhR8IAx8IhUgI4VCIIkiFyAcfCIcIBSFQiiJIhQgFXwgBnwiFXwgEnwiIoVCIIkiI3wiJCAOhUIoiSIOICJ8IBN8IiIgGyAhIBUgF4VCMIkiFSAcfCIXIBSFQgGJIhQgGnwgBnwiGoVCIIkiHHwiGyAUhUIoiSIUIBp8IBB8IhogHIVCMIkiHCAbfCIbIBSFQgGJIhR8IA18IiEgGCAffCIYIBUgHiAPhUIBiSIPIB18IAJ8Ih2FQiCJIhV8Ih4gD4VCKIkiDyAdfCABfCIdIBWFQjCJIhWFQiCJIh8gFyAZIBggFoVCAYkiFiAgfCADfCIYhUIgiSIZfCIXIBaFQiiJIhYgGHwgBHwiGCAZhUIwiSIZIBd8Ihd8IiAgFIVCKIkiFCAhfCAIfCIhIB+FQjCJIh8gIHwiICAiICOFQjCJIiIgJHwiIyAOhUIBiSIOIB18IAd8Ih0gGYVCIIkiGSAbfCIbIA6FQiiJIg4gHXwgDHwiHSAZhUIwiSIZIBcgFoVCAYkiFiAafCALfCIXICKFQiCJIhogFSAefCIVfCIeIBaFQiiJIhYgF3wgCXwiFyAahUIwiSIaIB58Ih4gFoVCAYkiFiAVIA+FQgGJIg8gGHwgBXwiFSAchUIgiSIYICN8IhwgD4VCKIkiDyAVfCAKfCIVfCACfCIChUIgiSIifCIjIBaFQiiJIhYgAnwgC3wiAiAihUIwiSILICN8IiIgFoVCAYkiFiAZIBt8IhkgFSAYhUIwiSIVICAgFIVCAYkiFCAXfCANfCINhUIgiSIXfCIYIBSFQiiJIhQgDXwgBXwiBXwgEHwiECAVIBx8Ig0gGiAZIA6FQgGJIg4gIXwgDHwiDIVCIIkiFXwiGSAOhUIoiSIOIAx8IBJ8IhIgFYVCMIkiDIVCIIkiFSAeIB8gDSAPhUIBiSINIB18IAl8IgmFQiCJIg98IhogDYVCKIkiDSAJfCAIfCIJIA+FQjCJIgggGnwiD3wiGiAWhUIoiSIWIBB8IAd8IhAgEYUgDCAZfCIHIA6FQgGJIgwgCXwgCnwiCiALhUIgiSILIAUgF4VCMIkiBSAYfCIJfCIOIAyFQiiJIgwgCnwgE3wiEyALhUIwiSIKIA58IguFNwOAiQFBACADIAYgDyANhUIBiSINIAJ8fCICIAWFQiCJIgUgB3wiBiANhUIoiSIHIAJ8fCICQQApA4iJAYUgBCABIBIgCSAUhUIBiSIDfHwiASAIhUIgiSISICJ8IgkgA4VCKIkiAyABfHwiASAShUIwiSIEIAl8IhKFNwOIiQFBACATQQApA5CJAYUgECAVhUIwiSIQIBp8IhOFNwOQiQFBACABQQApA5iJAYUgAiAFhUIwiSICIAZ8IgGFNwOYiQFBACASIAOFQgGJQQApA6CJAYUgAoU3A6CJAUEAIBMgFoVCAYlBACkDqIkBhSAKhTcDqIkBQQAgASAHhUIBiUEAKQOwiQGFIASFNwOwiQFBACALIAyFQgGJQQApA7iJAYUgEIU3A7iJAQvdAgUBfwF+AX8BfgJ/IwBBwABrIgAkAAJAQQApA9CJAUIAUg0AQQBBACkDwIkBIgFBACgC4IoBIgKsfCIDNwPAiQFBAEEAKQPIiQEgAyABVK18NwPIiQECQEEALQDoigFFDQBBAEJ/NwPYiQELQQBCfzcD0IkBAkAgAkH/AEoNAEEAIQQDQCACIARqQeCJAWpBADoAACAEQQFqIgRBgAFBACgC4IoBIgJrSA0ACwtB4IkBEAIgAEEAKQOAiQE3AwAgAEEAKQOIiQE3AwggAEEAKQOQiQE3AxAgAEEAKQOYiQE3AxggAEEAKQOgiQE3AyAgAEEAKQOoiQE3AyggAEEAKQOwiQE3AzAgAEEAKQO4iQE3AzhBACgC5IoBIgVBAUgNAEEAIQRBACECA0AgBEGACWogACAEai0AADoAACAEQQFqIQQgBSACQQFqIgJB/wFxSg0ACwsgAEHAAGokAAv9AwMBfwF+AX8jAEGAAWsiAiQAQQBBgQI7AfKKAUEAIAE6APGKAUEAIAA6APCKAUGQfiEAA0AgAEGAiwFqQgA3AAAgAEH4igFqQgA3AAAgAEHwigFqQgA3AAAgAEEYaiIADQALQQAhAEEAQQApA/CKASIDQoiS853/zPmE6gCFNwOAiQFBAEEAKQP4igFCu86qptjQ67O7f4U3A4iJAUEAQQApA4CLAUKr8NP0r+68tzyFNwOQiQFBAEEAKQOIiwFC8e30+KWn/aelf4U3A5iJAUEAQQApA5CLAULRhZrv+s+Uh9EAhTcDoIkBQQBBACkDmIsBQp/Y+dnCkdqCm3+FNwOoiQFBAEEAKQOgiwFC6/qG2r+19sEfhTcDsIkBQQBBACkDqIsBQvnC+JuRo7Pw2wCFNwO4iQFBACADp0H/AXE2AuSKAQJAIAFBAUgNACACQgA3A3ggAkIANwNwIAJCADcDaCACQgA3A2AgAkIANwNYIAJCADcDUCACQgA3A0ggAkIANwNAIAJCADcDOCACQgA3AzAgAkIANwMoIAJCADcDICACQgA3AxggAkIANwMQIAJCADcDCCACQgA3AwBBACEEA0AgAiAAaiAAQYAJai0AADoAACAAQQFqIQAgBEEBaiIEQf8BcSABSA0ACyACQYABEAELIAJBgAFqJAALEgAgAEEDdkH/P3EgAEEQdhAECwkAQYAJIAAQAQsGAEGAiQELGwAgAUEDdkH/P3EgAUEQdhAEQYAJIAAQARADCwsLAQBBgAgLBPAAAAA=",Et="c6f286e6",pt={name:Bt,data:dt,hash:Et};new D;function we(e){return!Number.isInteger(e)||e<8||e>512||e%8!==0?new Error("Invalid variant! Valid values: 8, 16, ..., 512"):null}function yt(e,t){return e|t<<16}function le(e=512,t=null){if(we(e))return Promise.reject(we(e));let A=null,i=e;if(t!==null){if(A=N(t),A.length>64)return Promise.reject(new Error("Max key length is 64 bytes"));i=yt(e,A.length)}const r=e/8;return Se(pt,r).then(n=>{i>512&&n.writeMemory(A),n.init(i);const s={init:i>512?()=>(n.writeMemory(A),n.init(i),s):()=>(n.init(i),s),update:g=>(n.update(g),s),digest:g=>n.digest(g),save:()=>n.save(),load:g=>(n.load(g),s),blockSize:128,digestSize:r};return s})}function kt(e,t,A){const i=[`m=${t.memorySize}`,`t=${t.iterations}`,`p=${t.parallelism}`].join(",");return`$argon2${t.hashType}$v=19$${i}$${fe(e,!1)}$${fe(A,!1)}`}const Qe=new DataView(new ArrayBuffer(4));function V(e){return Qe.setInt32(0,e,!0),new Uint8Array(Qe.buffer)}function oe(e,t,A){return x(this,void 0,void 0,function*(){if(A<=64){const C=yield le(A*8);return C.update(V(A)),C.update(t),C.digest("binary")}const i=Math.ceil(A/32)-2,r=new Uint8Array(A);e.init(),e.update(V(A)),e.update(t);let n=e.digest("binary");r.set(n.subarray(0,32),0);for(let C=1;C<i;C++)e.init(),e.update(n),n=e.digest("binary"),r.set(n.subarray(0,32),C*32);const s=A-32*i;let g;return s===64?(g=e,g.init()):g=yield le(s*8),g.update(n),n=g.digest("binary"),r.set(n.subarray(0,s),i*32),r})}function St(e){switch(e){case"d":return 0;case"i":return 1;default:return 2}}function Dt(e){return x(this,void 0,void 0,function*(){var t;const{parallelism:A,iterations:i,hashLength:r}=e,n=N(e.password),s=N(e.salt),g=19,C=St(e.hashType),{memorySize:I}=e,y=N((t=e.secret)!==null&&t!==void 0?t:""),[p,Q]=yield Promise.all([Se(Qt,1024),le(512)]);p.setMemorySize(I*1024+1024);const u=new Uint8Array(24),m=new DataView(u.buffer);m.setInt32(0,A,!0),m.setInt32(4,r,!0),m.setInt32(8,I,!0),m.setInt32(12,i,!0),m.setInt32(16,g,!0),m.setInt32(20,C,!0),p.writeMemory(u,I*1024),Q.init(),Q.update(u),Q.update(V(n.length)),Q.update(n),Q.update(V(s.length)),Q.update(s),Q.update(V(y.length)),Q.update(y),Q.update(V(0));const d=Math.floor(I/(A*4))*4,f=new Uint8Array(72),F=Q.digest("binary");f.set(F);for(let E=0;E<A;E++){f.set(V(0),64),f.set(V(E),68);let l=E*d,a=yield oe(Q,f,1024);p.writeMemory(a,l*1024),l+=1,f.set(V(1),64),a=yield oe(Q,f,1024),p.writeMemory(a,l*1024)}const k=new Uint8Array(1024);ke(k,p.calculate(new Uint8Array([]),I));const U=yield oe(Q,k,r);if(e.outputType==="hex"){const E=new Uint8Array(r*2);return ge(E,U,r)}return e.outputType==="encoded"?kt(s,e,U):U})}const Ft=e=>{var t;if(!e||typeof e!="object")throw new Error("Invalid options parameter. It requires an object.");if(!e.password)throw new Error("Password must be specified");if(e.password=N(e.password),e.password.length<1)throw new Error("Password must be specified");if(!e.salt)throw new Error("Salt must be specified");if(e.salt=N(e.salt),e.salt.length<8)throw new Error("Salt should be at least 8 bytes long");if(e.secret=N((t=e.secret)!==null&&t!==void 0?t:""),!Number.isInteger(e.iterations)||e.iterations<1)throw new Error("Iterations should be a positive number");if(!Number.isInteger(e.parallelism)||e.parallelism<1)throw new Error("Parallelism should be a positive number");if(!Number.isInteger(e.hashLength)||e.hashLength<4)throw new Error("Hash length should be at least 4 bytes.");if(!Number.isInteger(e.memorySize))throw new Error("Memory size should be specified.");if(e.memorySize<8*e.parallelism)throw new Error("Memory size should be at least 8 * parallelism.");if(e.outputType===void 0&&(e.outputType="hex"),!["hex","binary","encoded"].includes(e.outputType))throw new Error(`Insupported output type ${e.outputType}. Valid values: ['hex', 'binary', 'encoded']`)};function De(e){return x(this,void 0,void 0,function*(){return Ft(e),Dt(Object.assign(Object.assign({},e),{hashType:"id"}))})}new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;const Ut=32;async function bt(e,t,A=Be){Fe(A);try{const i=await De({password:e,salt:t,iterations:A.tCost,memorySize:A.mCost,parallelism:A.pCost,hashLength:Ut,outputType:"binary"});return ce(i)}catch{throw new Error("Key derivation failed")}}function Fe(e){if(e.mCost<16384)throw new Error("KDF memory cost too low (minimum 16 MiB)");if(e.mCost>1048576)throw new Error("KDF memory cost too high (maximum 1 GiB)");if(e.tCost<1)throw new Error("KDF time cost must be at least 1");if(e.tCost>10)throw new Error("KDF time cost too high (maximum 10)");if(e.pCost<1)throw new Error("KDF parallelism must be at least 1");if(e.pCost>4)throw new Error("KDF parallelism too high (maximum 4)")}async function mt(){try{const e=await De({password:"test",salt:new Uint8Array(16),iterations:1,memorySize:1024,parallelism:1,hashLength:32,outputType:"binary"});return e.length!==32?!1:(Ce(e),!0)}catch{return!1}}function Gt(e){return e==="localhost"||e==="127.0.0.1"||e.endsWith(".localhost")}function Ue(e){if(typeof window>"u")return;const t=window.location.hostname;if(!Gt(t))throw new Error("[Cedros] WebAuthn RP domain validation is not configured. Set wallet.allowedRpDomains to a non-empty list of allowed domains.")}function $(){return typeof window<"u"&&typeof window.PublicKeyCredential<"u"&&typeof navigator.credentials<"u"}async function Kt(){if(!$())return!1;try{if(!await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable())return!1;if("getClientCapabilities"in PublicKeyCredential&&typeof PublicKeyCredential.getClientCapabilities=="function"){const t=await PublicKeyCredential.getClientCapabilities();if(t&&"prf"in t)return t.prf===!0}return!0}catch{return!1}}async function Ht(e,t,A,i,r){if(!$())throw new Error("WebAuthn is not available in this browser");Ue();const n=i??Ee(),s=await navigator.credentials.create({publicKey:{challenge:crypto.getRandomValues(new Uint8Array(32)),rp:{name:"Cedros Wallet",id:window.location.hostname},user:{id:Y(e),name:t,displayName:A},pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],authenticatorSelection:{authenticatorAttachment:"platform",userVerification:"required",residentKey:"required"},timeout:6e4,attestation:"none",extensions:{prf:{eval:{first:n}}}}});if(!s)throw new Error("Passkey registration was cancelled");const g=s.getClientExtensionResults();if(!g.prf?.enabled||!g.prf?.results?.first)throw new Error("PRF extension is not supported by this authenticator. Please use a device with a compatible platform authenticator.");const C=g.prf?.results?.first;if(!C)throw new Error("PRF extension did not return a result");const I=new Uint8Array(C);if(I.length!==32)throw new Error(`Unexpected PRF output length: expected 32 bytes, got ${I.length}. The authenticator may not be compatible.`);return{credentialId:T(new Uint8Array(s.rawId)),prfSalt:T(n),prfOutput:I}}async function Jt(e,t){if(!$())throw new Error("WebAuthn is not available in this browser");Ue();const A=pe(e),i=await navigator.credentials.get({publicKey:{challenge:crypto.getRandomValues(new Uint8Array(32)),rpId:window.location.hostname,allowCredentials:[],userVerification:"required",timeout:6e4,extensions:{prf:{eval:{first:A}}}}});if(!i)throw new Error("Passkey authentication was cancelled");const n=i.getClientExtensionResults().prf?.results?.first;if(!n)throw new Error("PRF extension did not return a result during authentication");const s=new Uint8Array(n);if(s.length!==32)throw new Error(`Unexpected PRF output length: expected 32 bytes, got ${s.length}. The authenticator may not be compatible.`);return{prfOutput:s}}async function Mt(){const[e,t,A,i,r,n,s]=await Promise.all([Pt(),Vt(),It(),Nt(),Promise.resolve($()),Kt(),mt()]);return{webCrypto:e,aesGcm:t,hkdf:A,ed25519:i,webAuthn:r,webAuthnPrf:n,argon2:s,allSupported:e&&t&&A&&r&&n&&s}}async function Pt(){try{return typeof crypto<"u"&&typeof crypto.subtle<"u"&&typeof crypto.getRandomValues=="function"}catch{return!1}}async function Vt(){try{const e=await crypto.subtle.generateKey({name:"AES-GCM",length:256},!1,["encrypt","decrypt"]),t=new Uint8Array([1,2,3,4]),A=crypto.getRandomValues(new Uint8Array(12)),i=await crypto.subtle.encrypt({name:"AES-GCM",iv:A},e,t),r=await crypto.subtle.decrypt({name:"AES-GCM",iv:A},e,i),n=new Uint8Array(r);return n.length===t.length&&n.every((s,g)=>s===t[g])}catch{return!1}}async function Nt(){try{return await crypto.subtle.generateKey("Ed25519",!1,["sign","verify"]),!0}catch{return!1}}function Yt(e){if(e.allSupported)return null;const t=[];return e.webCrypto||t.push("Web Crypto API"),e.aesGcm||t.push("AES-GCM encryption"),e.hkdf||t.push("HKDF key derivation"),e.webAuthn||t.push("WebAuthn/Passkeys"),e.webAuthnPrf||t.push("WebAuthn PRF extension (requires platform authenticator)"),e.argon2||t.push("Argon2 password hashing"),t.length===0?null:`Your browser or device is missing required features: ${t.join(", ")}. Please use a modern browser with a platform authenticator (e.g., Touch ID, Face ID, Windows Hello).`}function xt(){const e=typeof navigator<"u"?navigator.userAgent:"",t=e.match(/Chrome\/(\d+)/);if(t){const n=parseInt(t[1],10);return{browser:"Chrome",version:t[1],likelySupported:n>=116}}const A=e.match(/Version\/(\d+)/);if(A&&e.includes("Safari")&&!e.includes("Chrome")){const n=parseInt(A[1],10);return{browser:"Safari",version:A[1],likelySupported:n>=17}}const i=e.match(/Firefox\/(\d+)/);if(i)return{browser:"Firefox",version:i[1],likelySupported:!1};const r=e.match(/Edg\/(\d+)/);if(r){const n=parseInt(r[1],10);return{browser:"Edge",version:r[1],likelySupported:n>=116}}return{browser:"Unknown",version:"Unknown",likelySupported:!1}}let q=null,se=null;const Ot=6e4;async function vt(e=!1){const t=Date.now(),A=se===null||t-se>Ot;return!e&&!(typeof window>"u")&&!A&&q!==null||(q=await Mt(),se=Date.now()),q}function be(e){switch(e.type){case"password":return{password:e.password};case"prfOutput":return{prfOutput:e.prfOutput}}}function me(){const e=b.useCedrosLoginOptional(),[t,A]=o.useState(!1),[i,r]=o.useState(null),n=e?.config.serverUrl,s=e?.config.requestTimeout,g=e?.config.retryAttempts,C=e?._internal?.getAccessToken,I=o.useMemo(()=>e?new b.ApiClient({baseUrl:n,timeoutMs:s,retryAttempts:g,getAccessToken:C}):null,[e,n,s,g,C]),y=o.useCallback(async()=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.get("/wallet/status")}catch(a){const c=b.handleApiError(a,"Failed to fetch wallet status");throw r(c.message),c}finally{A(!1)}},[I]),p=o.useCallback(async()=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.get("/wallet/material")}catch(a){const c=b.handleApiError(a,"Failed to fetch wallet material");if(c.code==="NOT_FOUND")return null;throw r(c.message),c}finally{A(!1)}},[I]),Q=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{await I.post("/wallet/enroll",a)}catch(c){const w=b.handleApiError(c,"Failed to enroll wallet");throw r(w.message),w}finally{A(!1)}},[I]),u=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{await I.post("/wallet/recover",a)}catch(c){const w=b.handleApiError(c,"Failed to recover wallet");throw r(w.message),w}finally{A(!1)}},[I]),m=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.post("/wallet/sign",a)}catch(c){const w=b.handleApiError(c,"Failed to sign transaction");throw r(w.message),w}finally{A(!1)}},[I]),B=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{await I.post("/wallet/rotate-user-secret",a)}catch(c){const w=b.handleApiError(c,"Failed to rotate user secret");throw r(w.message),w}finally{A(!1)}},[I]),d=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.post("/wallet/unlock",be(a))}catch(c){const w=b.handleApiError(c,"Failed to unlock wallet");throw r(w.message),w}finally{A(!1)}},[I]),f=o.useCallback(async()=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{await I.post("/wallet/lock",{})}catch(a){const c=b.handleApiError(a,"Failed to lock wallet");throw r(c.message),c}finally{A(!1)}},[I]),F=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.post("/wallet/share-b",a)}catch(c){const w=b.handleApiError(c,"Failed to get Share B for recovery");throw r(w.message),w}finally{A(!1)}},[I]),k=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.post("/wallet/derived",a)}catch(c){const w=b.handleApiError(c,"Failed to create derived wallet");throw r(w.message),w}finally{A(!1)}},[I]),U=o.useCallback(async()=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.get("/wallet/derived")}catch(a){const c=b.handleApiError(a,"Failed to list wallets");throw r(c.message),c}finally{A(!1)}},[I]),E=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{await I.delete(`/wallet/derived/${a}`)}catch(c){const w=b.handleApiError(c,"Failed to delete derived wallet");throw r(w.message),w}finally{A(!1)}},[I]),l=o.useCallback(()=>r(null),[]);return{getStatus:y,getMaterial:p,enroll:Q,recover:u,signTransaction:m,rotateUserSecret:B,unlock:d,lock:f,getShareBForRecovery:F,createDerivedWallet:k,listAllWallets:U,deleteDerivedWallet:E,isLoading:t,error:i,clearError:l}}const Rt={status:"not_enrolled",solanaPubkey:null,authMethod:null,hasExternalWallet:!1,isUnlocked:!1,capabilities:null,isSupported:!1,error:null,refresh:async()=>{},clearError:()=>{}};function Ge(){const t=b.useCedrosLoginOptional()!==null,[A,i]=o.useState("loading"),[r,n]=o.useState(null),[s,g]=o.useState(null),[C,I]=o.useState(!1),[y,p]=o.useState(!1),[Q,u]=o.useState(null),[m,B]=o.useState(null),{getStatus:d,isLoading:f}=me(),F=o.useRef(!1);o.useEffect(()=>{if(!t)return;let E=!1;return(async()=>{try{const a=await vt();if(E)return;u(a),a.allSupported||(i("error"),B("Your browser or device does not support all required features. Please use a modern browser with a platform authenticator."))}catch{if(E)return;u(null),i("error"),B("Failed to check crypto capabilities")}})(),()=>{E=!0}},[t]);const k=o.useCallback(async()=>{if(!(!t||!Q?.allSupported)){i("loading"),B(null);try{const E=await d();n(E.solanaPubkey??null),g(E.authMethod??null),I(E.hasExternalWallet),p(E.unlocked),E.hasExternalWallet?i("enrolled_unlocked"):E.enrolled?i(E.unlocked?"enrolled_unlocked":"enrolled_locked"):i("not_enrolled")}catch(E){i("error"),B(E instanceof Error?E.message:"Failed to fetch wallet status")}}},[t,Q?.allSupported,d]);o.useEffect(()=>{t&&Q?.allSupported&&!f&&!F.current&&(F.current=!0,k())},[t,Q?.allSupported,f,k]);const U=o.useCallback(()=>B(null),[]);return t?{status:A,solanaPubkey:r,authMethod:s,hasExternalWallet:C,isUnlocked:y,capabilities:Q,isSupported:Q?.allSupported??!1,error:m,refresh:k,clearError:U}:Rt}const z="__CEDROS_EMBEDDED_WALLET__";function Tt(e){typeof window<"u"&&(window[z]=e)}function Ie(){typeof window<"u"&&delete window[z]}function Lt(){return typeof window>"u"?!1:window[z]?.available??!1}function Xt(){return typeof window>"u"?null:window[z]??null}function Wt(){const{config:e,user:t}=b.useCedrosLogin(),{status:A,solanaPubkey:i,hasExternalWallet:r}=Ge(),n=e.wallet?.exposeAvailability??!1,s=e.wallet?.exposePublicKey??!1;return o.useEffect(()=>{if(!n||!t){Ie();return}if(r){Ie();return}if(A==="loading")return;const g=A==="enrolled_locked"||A==="enrolled_unlocked";return Tt({available:g,publicKey:s&&g?i:null}),()=>{Ie()}},[n,s,t,A,i,r]),null}function jt({config:e,children:t}){const[A,i]=o.useState(null),[r,n]=o.useState(!1),s=o.useRef(e.callbacks);s.current=e.callbacks;const g=o.useRef({onLoginSuccess:(...J)=>s.current?.onLoginSuccess?.(...J),onLoginError:(...J)=>s.current?.onLoginError?.(...J),onLogout:()=>s.current?.onLogout?.(),onSessionExpired:()=>s.current?.onSessionExpired?.()}),C=e.features==="auto",{features:I,googleClientId:y,appleClientId:p,isLoading:Q}=Me(e.serverUrl,C,e.requestTimeout),u=o.useMemo(()=>!C||!I?e:{...e,features:I,googleClientId:e.googleClientId??y,appleClientId:e.appleClientId??p},[e,C,I,y,p]),m=o.useMemo(()=>JSON.stringify(u.themeOverrides??null),[u.themeOverrides]),B=o.useMemo(()=>JSON.stringify(u.session??null),[u.session]),d=o.useMemo(()=>JSON.stringify(u.features??null),[u.features]),f=o.useMemo(()=>JSON.stringify(u.forms??null),[u.forms]),F=o.useMemo(()=>u,[u.serverUrl,u.googleClientId,u.appleClientId,u.requestTimeout,u.retryAttempts,u.theme,m,B,d,f]);He({theme:F.theme,themeOverrides:F.themeOverrides});const{user:k,authState:U,handleLoginSuccess:E,logout:l,refreshUser:a,getAccessToken:c}=ve({serverUrl:F.serverUrl,session:F.session,callbacks:g.current,requestTimeoutMs:F.requestTimeout}),w=o.useCallback(async()=>{i(null),await l()},[l]),h=o.useCallback((...J)=>{i(null),E(...J)},[E]),S=o.useCallback(()=>n(!0),[]),K=o.useCallback(()=>n(!1),[]),H=o.useMemo(()=>({config:F,user:k,authState:U,logout:w,refreshUser:a,_internal:{handleLoginSuccess:h,getAccessToken:c}}),[F,k,U,w,a,h,c]),G=o.useMemo(()=>({error:A,isModalOpen:r,openModal:S,closeModal:K}),[A,r,S,K]),M=o.useMemo(()=>({...H,...G}),[H,G]);return C&&Q?null:X.jsx(Ae.AuthStateContext.Provider,{value:H,children:X.jsx(Ae.AuthUIContext.Provider,{value:G,children:X.jsxs(Ae.CedrosLoginContext.Provider,{value:M,children:[X.jsx(Wt,{}),t]})})})}function Zt(){const{user:e,authState:t,error:A,logout:i,refreshUser:r,openModal:n,closeModal:s}=b.useCedrosLogin();return{user:e,authState:t,error:A,isAuthenticated:t==="authenticated"&&e!==null,isLoading:t==="loading",logout:i,refreshUser:r,openLoginModal:n,closeLoginModal:s}}exports.CedrosLoginProvider=jt;exports.DEFAULT_KDF_PARAMS=Be;exports.aesGcmEncryptToBase64=nt;exports.argon2Derive=bt;exports.authenticateWithDiscoverablePrf=Jt;exports.base64ToUint8Array=pe;exports.deriveKeyFromPrf=st;exports.generateArgon2Salt=tt;exports.generatePrfSalt=Ee;exports.generateSeed=ze;exports.getBrowserSupportInfo=xt;exports.getEmbeddedWalletInfo=Xt;exports.getMissingCapabilitiesMessage=Yt;exports.isEmbeddedWalletAvailable=Lt;exports.registerPasskeyWithPrf=Ht;exports.toCredentialRequest=be;exports.toEncryptionKey=ce;exports.toSeed=de;exports.toShamirShare=Ze;exports.uint8ArrayToBase64=T;exports.useAuth=Zt;exports.useWallet=Ge;exports.useWalletMaterial=me;exports.validateKdfParams=Fe;exports.wipeAll=At;exports.wipeBytes=Ce;